]> git.proxmox.com Git - mirror_ubuntu-kernels.git/blob - fs/ext4/file.c
projects / mirror_ubuntu-kernels.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
netfilter: nfnetlink_osf: avoid OOB read
[mirror_ubuntu-kernels.git] / fs / ext4 / file.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/fs/ext4/file.c
4 *
5 * Copyright (C) 1992, 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 *
10 * from
11 *
12 * linux/fs/minix/file.c
13 *
14 * Copyright (C) 1991, 1992 Linus Torvalds
15 *
16 * ext4 fs regular file handling primitives
17 *
18 * 64-bit file support on 64-bit platforms by Jakub Jelinek
19 * (jj@sunsite.ms.mff.cuni.cz)
20 */
21
22 #include <linux/time.h>
23 #include <linux/fs.h>
24 #include <linux/iomap.h>
25 #include <linux/mount.h>
26 #include <linux/path.h>
27 #include <linux/dax.h>
28 #include <linux/quotaops.h>
29 #include <linux/pagevec.h>
30 #include <linux/uio.h>
31 #include <linux/mman.h>
32 #include <linux/backing-dev.h>
33 #include "ext4.h"
34 #include "ext4_jbd2.h"
35 #include "xattr.h"
36 #include "acl.h"
37 #include "truncate.h"
38
39 /*
40 * Returns %true if the given DIO request should be attempted with DIO, or
41 * %false if it should fall back to buffered I/O.
42 *
43 * DIO isn't well specified; when it's unsupported (either due to the request
44 * being misaligned, or due to the file not supporting DIO at all), filesystems
45 * either fall back to buffered I/O or return EINVAL. For files that don't use
46 * any special features like encryption or verity, ext4 has traditionally
47 * returned EINVAL for misaligned DIO. iomap_dio_rw() uses this convention too.
48 * In this case, we should attempt the DIO, *not* fall back to buffered I/O.
49 *
50 * In contrast, in cases where DIO is unsupported due to ext4 features, ext4
51 * traditionally falls back to buffered I/O.
52 *
53 * This function implements the traditional ext4 behavior in all these cases.
54 */
55 static bool ext4_should_use_dio(struct kiocb *iocb, struct iov_iter *iter)
56 {
57 struct inode *inode = file_inode(iocb->ki_filp);
58 u32 dio_align = ext4_dio_alignment(inode);
59
60 if (dio_align == 0)
61 return false;
62
63 if (dio_align == 1)
64 return true;
65
66 return IS_ALIGNED(iocb->ki_pos | iov_iter_alignment(iter), dio_align);
67 }
68
69 static ssize_t ext4_dio_read_iter(struct kiocb *iocb, struct iov_iter *to)
70 {
71 ssize_t ret;
72 struct inode *inode = file_inode(iocb->ki_filp);
73
74 if (iocb->ki_flags & IOCB_NOWAIT) {
75 if (!inode_trylock_shared(inode))
76 return -EAGAIN;
77 } else {
78 inode_lock_shared(inode);
79 }
80
81 if (!ext4_should_use_dio(iocb, to)) {
82 inode_unlock_shared(inode);
83 /*
84 * Fallback to buffered I/O if the operation being performed on
85 * the inode is not supported by direct I/O. The IOCB_DIRECT
86 * flag needs to be cleared here in order to ensure that the
87 * direct I/O path within generic_file_read_iter() is not
88 * taken.
89 */
90 iocb->ki_flags &= ~IOCB_DIRECT;
91 return generic_file_read_iter(iocb, to);
92 }
93
94 ret = iomap_dio_rw(iocb, to, &ext4_iomap_ops, NULL, 0, NULL, 0);
95 inode_unlock_shared(inode);
96
97 file_accessed(iocb->ki_filp);
98 return ret;
99 }
100
101 #ifdef CONFIG_FS_DAX
102 static ssize_t ext4_dax_read_iter(struct kiocb *iocb, struct iov_iter *to)
103 {
104 struct inode *inode = file_inode(iocb->ki_filp);
105 ssize_t ret;
106
107 if (iocb->ki_flags & IOCB_NOWAIT) {
108 if (!inode_trylock_shared(inode))
109 return -EAGAIN;
110 } else {
111 inode_lock_shared(inode);
112 }
113 /*
114 * Recheck under inode lock - at this point we are sure it cannot
115 * change anymore
116 */
117 if (!IS_DAX(inode)) {
118 inode_unlock_shared(inode);
119 /* Fallback to buffered IO in case we cannot support DAX */
120 return generic_file_read_iter(iocb, to);
121 }
122 ret = dax_iomap_rw(iocb, to, &ext4_iomap_ops);
123 inode_unlock_shared(inode);
124
125 file_accessed(iocb->ki_filp);
126 return ret;
127 }
128 #endif
129
130 static ssize_t ext4_file_read_iter(struct kiocb *iocb, struct iov_iter *to)
131 {
132 struct inode *inode = file_inode(iocb->ki_filp);
133
134 if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
135 return -EIO;
136
137 if (!iov_iter_count(to))
138 return 0; /* skip atime */
139
140 #ifdef CONFIG_FS_DAX
141 if (IS_DAX(inode))
142 return ext4_dax_read_iter(iocb, to);
143 #endif
144 if (iocb->ki_flags & IOCB_DIRECT)
145 return ext4_dio_read_iter(iocb, to);
146
147 return generic_file_read_iter(iocb, to);
148 }
149
150 static ssize_t ext4_file_splice_read(struct file *in, loff_t *ppos,
151 struct pipe_inode_info *pipe,
152 size_t len, unsigned int flags)
153 {
154 struct inode *inode = file_inode(in);
155
156 if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
157 return -EIO;
158 return filemap_splice_read(in, ppos, pipe, len, flags);
159 }
160
161 /*
162 * Called when an inode is released. Note that this is different
163 * from ext4_file_open: open gets called at every open, but release
164 * gets called only when /all/ the files are closed.
165 */
166 static int ext4_release_file(struct inode *inode, struct file *filp)
167 {
168 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE)) {
169 ext4_alloc_da_blocks(inode);
170 ext4_clear_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE);
171 }
172 /* if we are the last writer on the inode, drop the block reservation */
173 if ((filp->f_mode & FMODE_WRITE) &&
174 (atomic_read(&inode->i_writecount) == 1) &&
175 !EXT4_I(inode)->i_reserved_data_blocks) {
176 down_write(&EXT4_I(inode)->i_data_sem);
177 ext4_discard_preallocations(inode, 0);
178 up_write(&EXT4_I(inode)->i_data_sem);
179 }
180 if (is_dx(inode) && filp->private_data)
181 ext4_htree_free_dir_info(filp->private_data);
182
183 return 0;
184 }
185
186 /*
187 * This tests whether the IO in question is block-aligned or not.
188 * Ext4 utilizes unwritten extents when hole-filling during direct IO, and they
189 * are converted to written only after the IO is complete. Until they are
190 * mapped, these blocks appear as holes, so dio_zero_block() will assume that
191 * it needs to zero out portions of the start and/or end block. If 2 AIO
192 * threads are at work on the same unwritten block, they must be synchronized
193 * or one thread will zero the other's data, causing corruption.
194 */
195 static bool
196 ext4_unaligned_io(struct inode *inode, struct iov_iter *from, loff_t pos)
197 {
198 struct super_block *sb = inode->i_sb;
199 unsigned long blockmask = sb->s_blocksize - 1;
200
201 if ((pos | iov_iter_alignment(from)) & blockmask)
202 return true;
203
204 return false;
205 }
206
207 static bool
208 ext4_extending_io(struct inode *inode, loff_t offset, size_t len)
209 {
210 if (offset + len > i_size_read(inode) ||
211 offset + len > EXT4_I(inode)->i_disksize)
212 return true;
213 return false;
214 }
215
216 /* Is IO overwriting allocated or initialized blocks? */
217 static bool ext4_overwrite_io(struct inode *inode,
218 loff_t pos, loff_t len, bool *unwritten)
219 {
220 struct ext4_map_blocks map;
221 unsigned int blkbits = inode->i_blkbits;
222 int err, blklen;
223
224 if (pos + len > i_size_read(inode))
225 return false;
226
227 map.m_lblk = pos >> blkbits;
228 map.m_len = EXT4_MAX_BLOCKS(len, pos, blkbits);
229 blklen = map.m_len;
230
231 err = ext4_map_blocks(NULL, inode, &map, 0);
232 if (err != blklen)
233 return false;
234 /*
235 * 'err==len' means that all of the blocks have been preallocated,
236 * regardless of whether they have been initialized or not. We need to
237 * check m_flags to distinguish the unwritten extents.
238 */
239 *unwritten = !(map.m_flags & EXT4_MAP_MAPPED);
240 return true;
241 }
242
243 static ssize_t ext4_generic_write_checks(struct kiocb *iocb,
244 struct iov_iter *from)
245 {
246 struct inode *inode = file_inode(iocb->ki_filp);
247 ssize_t ret;
248
249 if (unlikely(IS_IMMUTABLE(inode)))
250 return -EPERM;
251
252 ret = generic_write_checks(iocb, from);
253 if (ret <= 0)
254 return ret;
255
256 /*
257 * If we have encountered a bitmap-format file, the size limit
258 * is smaller than s_maxbytes, which is for extent-mapped files.
259 */
260 if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) {
261 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
262
263 if (iocb->ki_pos >= sbi->s_bitmap_maxbytes)
264 return -EFBIG;
265 iov_iter_truncate(from, sbi->s_bitmap_maxbytes - iocb->ki_pos);
266 }
267
268 return iov_iter_count(from);
269 }
270
271 static ssize_t ext4_write_checks(struct kiocb *iocb, struct iov_iter *from)
272 {
273 ssize_t ret, count;
274
275 count = ext4_generic_write_checks(iocb, from);
276 if (count <= 0)
277 return count;
278
279 ret = file_modified(iocb->ki_filp);
280 if (ret)
281 return ret;
282 return count;
283 }
284
285 static ssize_t ext4_buffered_write_iter(struct kiocb *iocb,
286 struct iov_iter *from)
287 {
288 ssize_t ret;
289 struct inode *inode = file_inode(iocb->ki_filp);
290
291 if (iocb->ki_flags & IOCB_NOWAIT)
292 return -EOPNOTSUPP;
293
294 inode_lock(inode);
295 ret = ext4_write_checks(iocb, from);
296 if (ret <= 0)
297 goto out;
298
299 ret = generic_perform_write(iocb, from);
300
301 out:
302 inode_unlock(inode);
303 if (unlikely(ret <= 0))
304 return ret;
305 return generic_write_sync(iocb, ret);
306 }
307
308 static ssize_t ext4_handle_inode_extension(struct inode *inode, loff_t offset,
309 ssize_t written, size_t count)
310 {
311 handle_t *handle;
312 bool truncate = false;
313 u8 blkbits = inode->i_blkbits;
314 ext4_lblk_t written_blk, end_blk;
315 int ret;
316
317 /*
318 * Note that EXT4_I(inode)->i_disksize can get extended up to
319 * inode->i_size while the I/O was running due to writeback of delalloc
320 * blocks. But, the code in ext4_iomap_alloc() is careful to use
321 * zeroed/unwritten extents if this is possible; thus we won't leave
322 * uninitialized blocks in a file even if we didn't succeed in writing
323 * as much as we intended.
324 */
325 WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize);
326 if (offset + count <= EXT4_I(inode)->i_disksize) {
327 /*
328 * We need to ensure that the inode is removed from the orphan
329 * list if it has been added prematurely, due to writeback of
330 * delalloc blocks.
331 */
332 if (!list_empty(&EXT4_I(inode)->i_orphan) && inode->i_nlink) {
333 handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
334
335 if (IS_ERR(handle)) {
336 ext4_orphan_del(NULL, inode);
337 return PTR_ERR(handle);
338 }
339
340 ext4_orphan_del(handle, inode);
341 ext4_journal_stop(handle);
342 }
343
344 return written;
345 }
346
347 if (written < 0)
348 goto truncate;
349
350 handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
351 if (IS_ERR(handle)) {
352 written = PTR_ERR(handle);
353 goto truncate;
354 }
355
356 if (ext4_update_inode_size(inode, offset + written)) {
357 ret = ext4_mark_inode_dirty(handle, inode);
358 if (unlikely(ret)) {
359 written = ret;
360 ext4_journal_stop(handle);
361 goto truncate;
362 }
363 }
364
365 /*
366 * We may need to truncate allocated but not written blocks beyond EOF.
367 */
368 written_blk = ALIGN(offset + written, 1 << blkbits);
369 end_blk = ALIGN(offset + count, 1 << blkbits);
370 if (written_blk < end_blk && ext4_can_truncate(inode))
371 truncate = true;
372
373 /*
374 * Remove the inode from the orphan list if it has been extended and
375 * everything went OK.
376 */
377 if (!truncate && inode->i_nlink)
378 ext4_orphan_del(handle, inode);
379 ext4_journal_stop(handle);
380
381 if (truncate) {
382 truncate:
383 ext4_truncate_failed_write(inode);
384 /*
385 * If the truncate operation failed early, then the inode may
386 * still be on the orphan list. In that case, we need to try
387 * remove the inode from the in-memory linked list.
388 */
389 if (inode->i_nlink)
390 ext4_orphan_del(NULL, inode);
391 }
392
393 return written;
394 }
395
396 static int ext4_dio_write_end_io(struct kiocb *iocb, ssize_t size,
397 int error, unsigned int flags)
398 {
399 loff_t pos = iocb->ki_pos;
400 struct inode *inode = file_inode(iocb->ki_filp);
401
402 if (error)
403 return error;
404
405 if (size && flags & IOMAP_DIO_UNWRITTEN) {
406 error = ext4_convert_unwritten_extents(NULL, inode, pos, size);
407 if (error < 0)
408 return error;
409 }
410 /*
411 * If we are extending the file, we have to update i_size here before
412 * page cache gets invalidated in iomap_dio_rw(). Otherwise racing
413 * buffered reads could zero out too much from page cache pages. Update
414 * of on-disk size will happen later in ext4_dio_write_iter() where
415 * we have enough information to also perform orphan list handling etc.
416 * Note that we perform all extending writes synchronously under
417 * i_rwsem held exclusively so i_size update is safe here in that case.
418 * If the write was not extending, we cannot see pos > i_size here
419 * because operations reducing i_size like truncate wait for all
420 * outstanding DIO before updating i_size.
421 */
422 pos += size;
423 if (pos > i_size_read(inode))
424 i_size_write(inode, pos);
425
426 return 0;
427 }
428
429 static const struct iomap_dio_ops ext4_dio_write_ops = {
430 .end_io = ext4_dio_write_end_io,
431 };
432
433 /*
434 * The intention here is to start with shared lock acquired then see if any
435 * condition requires an exclusive inode lock. If yes, then we restart the
436 * whole operation by releasing the shared lock and acquiring exclusive lock.
437 *
438 * - For unaligned_io we never take shared lock as it may cause data corruption
439 * when two unaligned IO tries to modify the same block e.g. while zeroing.
440 *
441 * - For extending writes case we don't take the shared lock, since it requires
442 * updating inode i_disksize and/or orphan handling with exclusive lock.
443 *
444 * - shared locking will only be true mostly with overwrites, including
445 * initialized blocks and unwritten blocks. For overwrite unwritten blocks
446 * we protect splitting extents by i_data_sem in ext4_inode_info, so we can
447 * also release exclusive i_rwsem lock.
448 *
449 * - Otherwise we will switch to exclusive i_rwsem lock.
450 */
451 static ssize_t ext4_dio_write_checks(struct kiocb *iocb, struct iov_iter *from,
452 bool *ilock_shared, bool *extend,
453 bool *unwritten, int *dio_flags)
454 {
455 struct file *file = iocb->ki_filp;
456 struct inode *inode = file_inode(file);
457 loff_t offset;
458 size_t count;
459 ssize_t ret;
460 bool overwrite, unaligned_io;
461
462 restart:
463 ret = ext4_generic_write_checks(iocb, from);
464 if (ret <= 0)
465 goto out;
466
467 offset = iocb->ki_pos;
468 count = ret;
469
470 unaligned_io = ext4_unaligned_io(inode, from, offset);
471 *extend = ext4_extending_io(inode, offset, count);
472 overwrite = ext4_overwrite_io(inode, offset, count, unwritten);
473
474 /*
475 * Determine whether we need to upgrade to an exclusive lock. This is
476 * required to change security info in file_modified(), for extending
477 * I/O, any form of non-overwrite I/O, and unaligned I/O to unwritten
478 * extents (as partial block zeroing may be required).
479 */
480 if (*ilock_shared &&
481 ((!IS_NOSEC(inode) || *extend || !overwrite ||
482 (unaligned_io && *unwritten)))) {
483 if (iocb->ki_flags & IOCB_NOWAIT) {
484 ret = -EAGAIN;
485 goto out;
486 }
487 inode_unlock_shared(inode);
488 *ilock_shared = false;
489 inode_lock(inode);
490 goto restart;
491 }
492
493 /*
494 * Now that locking is settled, determine dio flags and exclusivity
495 * requirements. Unaligned writes are allowed under shared lock so long
496 * as they are pure overwrites. Set the iomap overwrite only flag as an
497 * added precaution in this case. Even though this is unnecessary, we
498 * can detect and warn on unexpected -EAGAIN if an unsafe unaligned
499 * write is ever submitted.
500 *
501 * Otherwise, concurrent unaligned writes risk data corruption due to
502 * partial block zeroing in the dio layer, and so the I/O must occur
503 * exclusively. The inode lock is already held exclusive if the write is
504 * non-overwrite or extending, so drain all outstanding dio and set the
505 * force wait dio flag.
506 */
507 if (*ilock_shared && unaligned_io) {
508 *dio_flags = IOMAP_DIO_OVERWRITE_ONLY;
509 } else if (!*ilock_shared && (unaligned_io || *extend)) {
510 if (iocb->ki_flags & IOCB_NOWAIT) {
511 ret = -EAGAIN;
512 goto out;
513 }
514 if (unaligned_io && (!overwrite || *unwritten))
515 inode_dio_wait(inode);
516 *dio_flags = IOMAP_DIO_FORCE_WAIT;
517 }
518
519 ret = file_modified(file);
520 if (ret < 0)
521 goto out;
522
523 return count;
524 out:
525 if (*ilock_shared)
526 inode_unlock_shared(inode);
527 else
528 inode_unlock(inode);
529 return ret;
530 }
531
532 static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from)
533 {
534 ssize_t ret;
535 handle_t *handle;
536 struct inode *inode = file_inode(iocb->ki_filp);
537 loff_t offset = iocb->ki_pos;
538 size_t count = iov_iter_count(from);
539 const struct iomap_ops *iomap_ops = &ext4_iomap_ops;
540 bool extend = false, unwritten = false;
541 bool ilock_shared = true;
542 int dio_flags = 0;
543
544 /*
545 * Quick check here without any i_rwsem lock to see if it is extending
546 * IO. A more reliable check is done in ext4_dio_write_checks() with
547 * proper locking in place.
548 */
549 if (offset + count > i_size_read(inode))
550 ilock_shared = false;
551
552 if (iocb->ki_flags & IOCB_NOWAIT) {
553 if (ilock_shared) {
554 if (!inode_trylock_shared(inode))
555 return -EAGAIN;
556 } else {
557 if (!inode_trylock(inode))
558 return -EAGAIN;
559 }
560 } else {
561 if (ilock_shared)
562 inode_lock_shared(inode);
563 else
564 inode_lock(inode);
565 }
566
567 /* Fallback to buffered I/O if the inode does not support direct I/O. */
568 if (!ext4_should_use_dio(iocb, from)) {
569 if (ilock_shared)
570 inode_unlock_shared(inode);
571 else
572 inode_unlock(inode);
573 return ext4_buffered_write_iter(iocb, from);
574 }
575
576 ret = ext4_dio_write_checks(iocb, from, &ilock_shared, &extend,
577 &unwritten, &dio_flags);
578 if (ret <= 0)
579 return ret;
580
581 /*
582 * Make sure inline data cannot be created anymore since we are going
583 * to allocate blocks for DIO. We know the inode does not have any
584 * inline data now because ext4_dio_supported() checked for that.
585 */
586 ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
587
588 offset = iocb->ki_pos;
589 count = ret;
590
591 if (extend) {
592 handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
593 if (IS_ERR(handle)) {
594 ret = PTR_ERR(handle);
595 goto out;
596 }
597
598 ret = ext4_orphan_add(handle, inode);
599 if (ret) {
600 ext4_journal_stop(handle);
601 goto out;
602 }
603
604 ext4_journal_stop(handle);
605 }
606
607 if (ilock_shared && !unwritten)
608 iomap_ops = &ext4_iomap_overwrite_ops;
609 ret = iomap_dio_rw(iocb, from, iomap_ops, &ext4_dio_write_ops,
610 dio_flags, NULL, 0);
611 WARN_ON_ONCE(ret == -EAGAIN && !(iocb->ki_flags & IOCB_NOWAIT));
612 if (ret == -ENOTBLK)
613 ret = 0;
614
615 if (extend)
616 ret = ext4_handle_inode_extension(inode, offset, ret, count);
617
618 out:
619 if (ilock_shared)
620 inode_unlock_shared(inode);
621 else
622 inode_unlock(inode);
623
624 if (ret >= 0 && iov_iter_count(from)) {
625 ssize_t err;
626 loff_t endbyte;
627
628 offset = iocb->ki_pos;
629 err = ext4_buffered_write_iter(iocb, from);
630 if (err < 0)
631 return err;
632
633 /*
634 * We need to ensure that the pages within the page cache for
635 * the range covered by this I/O are written to disk and
636 * invalidated. This is in attempt to preserve the expected
637 * direct I/O semantics in the case we fallback to buffered I/O
638 * to complete off the I/O request.
639 */
640 ret += err;
641 endbyte = offset + err - 1;
642 err = filemap_write_and_wait_range(iocb->ki_filp->f_mapping,
643 offset, endbyte);
644 if (!err)
645 invalidate_mapping_pages(iocb->ki_filp->f_mapping,
646 offset >> PAGE_SHIFT,
647 endbyte >> PAGE_SHIFT);
648 }
649
650 return ret;
651 }
652
653 #ifdef CONFIG_FS_DAX
654 static ssize_t
655 ext4_dax_write_iter(struct kiocb *iocb, struct iov_iter *from)
656 {
657 ssize_t ret;
658 size_t count;
659 loff_t offset;
660 handle_t *handle;
661 bool extend = false;
662 struct inode *inode = file_inode(iocb->ki_filp);
663
664 if (iocb->ki_flags & IOCB_NOWAIT) {
665 if (!inode_trylock(inode))
666 return -EAGAIN;
667 } else {
668 inode_lock(inode);
669 }
670
671 ret = ext4_write_checks(iocb, from);
672 if (ret <= 0)
673 goto out;
674
675 offset = iocb->ki_pos;
676 count = iov_iter_count(from);
677
678 if (offset + count > EXT4_I(inode)->i_disksize) {
679 handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
680 if (IS_ERR(handle)) {
681 ret = PTR_ERR(handle);
682 goto out;
683 }
684
685 ret = ext4_orphan_add(handle, inode);
686 if (ret) {
687 ext4_journal_stop(handle);
688 goto out;
689 }
690
691 extend = true;
692 ext4_journal_stop(handle);
693 }
694
695 ret = dax_iomap_rw(iocb, from, &ext4_iomap_ops);
696
697 if (extend)
698 ret = ext4_handle_inode_extension(inode, offset, ret, count);
699 out:
700 inode_unlock(inode);
701 if (ret > 0)
702 ret = generic_write_sync(iocb, ret);
703 return ret;
704 }
705 #endif
706
707 static ssize_t
708 ext4_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
709 {
710 struct inode *inode = file_inode(iocb->ki_filp);
711
712 if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
713 return -EIO;
714
715 #ifdef CONFIG_FS_DAX
716 if (IS_DAX(inode))
717 return ext4_dax_write_iter(iocb, from);
718 #endif
719 if (iocb->ki_flags & IOCB_DIRECT)
720 return ext4_dio_write_iter(iocb, from);
721 else
722 return ext4_buffered_write_iter(iocb, from);
723 }
724
725 #ifdef CONFIG_FS_DAX
726 static vm_fault_t ext4_dax_huge_fault(struct vm_fault *vmf,
727 enum page_entry_size pe_size)
728 {
729 int error = 0;
730 vm_fault_t result;
731 int retries = 0;
732 handle_t *handle = NULL;
733 struct inode *inode = file_inode(vmf->vma->vm_file);
734 struct super_block *sb = inode->i_sb;
735
736 /*
737 * We have to distinguish real writes from writes which will result in a
738 * COW page; COW writes should *not* poke the journal (the file will not
739 * be changed). Doing so would cause unintended failures when mounted
740 * read-only.
741 *
742 * We check for VM_SHARED rather than vmf->cow_page since the latter is
743 * unset for pe_size != PE_SIZE_PTE (i.e. only in do_cow_fault); for
744 * other sizes, dax_iomap_fault will handle splitting / fallback so that
745 * we eventually come back with a COW page.
746 */
747 bool write = (vmf->flags & FAULT_FLAG_WRITE) &&
748 (vmf->vma->vm_flags & VM_SHARED);
749 struct address_space *mapping = vmf->vma->vm_file->f_mapping;
750 pfn_t pfn;
751
752 if (write) {
753 sb_start_pagefault(sb);
754 file_update_time(vmf->vma->vm_file);
755 filemap_invalidate_lock_shared(mapping);
756 retry:
757 handle = ext4_journal_start_sb(sb, EXT4_HT_WRITE_PAGE,
758 EXT4_DATA_TRANS_BLOCKS(sb));
759 if (IS_ERR(handle)) {
760 filemap_invalidate_unlock_shared(mapping);
761 sb_end_pagefault(sb);
762 return VM_FAULT_SIGBUS;
763 }
764 } else {
765 filemap_invalidate_lock_shared(mapping);
766 }
767 result = dax_iomap_fault(vmf, pe_size, &pfn, &error, &ext4_iomap_ops);
768 if (write) {
769 ext4_journal_stop(handle);
770
771 if ((result & VM_FAULT_ERROR) && error == -ENOSPC &&
772 ext4_should_retry_alloc(sb, &retries))
773 goto retry;
774 /* Handling synchronous page fault? */
775 if (result & VM_FAULT_NEEDDSYNC)
776 result = dax_finish_sync_fault(vmf, pe_size, pfn);
777 filemap_invalidate_unlock_shared(mapping);
778 sb_end_pagefault(sb);
779 } else {
780 filemap_invalidate_unlock_shared(mapping);
781 }
782
783 return result;
784 }
785
786 static vm_fault_t ext4_dax_fault(struct vm_fault *vmf)
787 {
788 return ext4_dax_huge_fault(vmf, PE_SIZE_PTE);
789 }
790
791 static const struct vm_operations_struct ext4_dax_vm_ops = {
792 .fault = ext4_dax_fault,
793 .huge_fault = ext4_dax_huge_fault,
794 .page_mkwrite = ext4_dax_fault,
795 .pfn_mkwrite = ext4_dax_fault,
796 };
797 #else
798 #define ext4_dax_vm_ops ext4_file_vm_ops
799 #endif
800
801 static const struct vm_operations_struct ext4_file_vm_ops = {
802 .fault = filemap_fault,
803 .map_pages = filemap_map_pages,
804 .page_mkwrite = ext4_page_mkwrite,
805 };
806
807 static int ext4_file_mmap(struct file *file, struct vm_area_struct *vma)
808 {
809 struct inode *inode = file->f_mapping->host;
810 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
811 struct dax_device *dax_dev = sbi->s_daxdev;
812
813 if (unlikely(ext4_forced_shutdown(sbi)))
814 return -EIO;
815
816 /*
817 * We don't support synchronous mappings for non-DAX files and
818 * for DAX files if underneath dax_device is not synchronous.
819 */
820 if (!daxdev_mapping_supported(vma, dax_dev))
821 return -EOPNOTSUPP;
822
823 file_accessed(file);
824 if (IS_DAX(file_inode(file))) {
825 vma->vm_ops = &ext4_dax_vm_ops;
826 vm_flags_set(vma, VM_HUGEPAGE);
827 } else {
828 vma->vm_ops = &ext4_file_vm_ops;
829 }
830 return 0;
831 }
832
833 static int ext4_sample_last_mounted(struct super_block *sb,
834 struct vfsmount *mnt)
835 {
836 struct ext4_sb_info *sbi = EXT4_SB(sb);
837 struct path path;
838 char buf[64], *cp;
839 handle_t *handle;
840 int err;
841
842 if (likely(ext4_test_mount_flag(sb, EXT4_MF_MNTDIR_SAMPLED)))
843 return 0;
844
845 if (sb_rdonly(sb) || !sb_start_intwrite_trylock(sb))
846 return 0;
847
848 ext4_set_mount_flag(sb, EXT4_MF_MNTDIR_SAMPLED);
849 /*
850 * Sample where the filesystem has been mounted and
851 * store it in the superblock for sysadmin convenience
852 * when trying to sort through large numbers of block
853 * devices or filesystem images.
854 */
855 memset(buf, 0, sizeof(buf));
856 path.mnt = mnt;
857 path.dentry = mnt->mnt_root;
858 cp = d_path(&path, buf, sizeof(buf));
859 err = 0;
860 if (IS_ERR(cp))
861 goto out;
862
863 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
864 err = PTR_ERR(handle);
865 if (IS_ERR(handle))
866 goto out;
867 BUFFER_TRACE(sbi->s_sbh, "get_write_access");
868 err = ext4_journal_get_write_access(handle, sb, sbi->s_sbh,
869 EXT4_JTR_NONE);
870 if (err)
871 goto out_journal;
872 lock_buffer(sbi->s_sbh);
873 strncpy(sbi->s_es->s_last_mounted, cp,
874 sizeof(sbi->s_es->s_last_mounted));
875 ext4_superblock_csum_set(sb);
876 unlock_buffer(sbi->s_sbh);
877 ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh);
878 out_journal:
879 ext4_journal_stop(handle);
880 out:
881 sb_end_intwrite(sb);
882 return err;
883 }
884
885 static int ext4_file_open(struct inode *inode, struct file *filp)
886 {
887 int ret;
888
889 if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
890 return -EIO;
891
892 ret = ext4_sample_last_mounted(inode->i_sb, filp->f_path.mnt);
893 if (ret)
894 return ret;
895
896 ret = fscrypt_file_open(inode, filp);
897 if (ret)
898 return ret;
899
900 ret = fsverity_file_open(inode, filp);
901 if (ret)
902 return ret;
903
904 /*
905 * Set up the jbd2_inode if we are opening the inode for
906 * writing and the journal is present
907 */
908 if (filp->f_mode & FMODE_WRITE) {
909 ret = ext4_inode_attach_jinode(inode);
910 if (ret < 0)
911 return ret;
912 }
913
914 filp->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC |
915 FMODE_DIO_PARALLEL_WRITE;
916 return dquot_file_open(inode, filp);
917 }
918
919 /*
920 * ext4_llseek() handles both block-mapped and extent-mapped maxbytes values
921 * by calling generic_file_llseek_size() with the appropriate maxbytes
922 * value for each.
923 */
924 loff_t ext4_llseek(struct file *file, loff_t offset, int whence)
925 {
926 struct inode *inode = file->f_mapping->host;
927 loff_t maxbytes;
928
929 if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)))
930 maxbytes = EXT4_SB(inode->i_sb)->s_bitmap_maxbytes;
931 else
932 maxbytes = inode->i_sb->s_maxbytes;
933
934 switch (whence) {
935 default:
936 return generic_file_llseek_size(file, offset, whence,
937 maxbytes, i_size_read(inode));
938 case SEEK_HOLE:
939 inode_lock_shared(inode);
940 offset = iomap_seek_hole(inode, offset,
941 &ext4_iomap_report_ops);
942 inode_unlock_shared(inode);
943 break;
944 case SEEK_DATA:
945 inode_lock_shared(inode);
946 offset = iomap_seek_data(inode, offset,
947 &ext4_iomap_report_ops);
948 inode_unlock_shared(inode);
949 break;
950 }
951
952 if (offset < 0)
953 return offset;
954 return vfs_setpos(file, offset, maxbytes);
955 }
956
957 const struct file_operations ext4_file_operations = {
958 .llseek = ext4_llseek,
959 .read_iter = ext4_file_read_iter,
960 .write_iter = ext4_file_write_iter,
961 .iopoll = iocb_bio_iopoll,
962 .unlocked_ioctl = ext4_ioctl,
963 #ifdef CONFIG_COMPAT
964 .compat_ioctl = ext4_compat_ioctl,
965 #endif
966 .mmap = ext4_file_mmap,
967 .mmap_supported_flags = MAP_SYNC,
968 .open = ext4_file_open,
969 .release = ext4_release_file,
970 .fsync = ext4_sync_file,
971 .get_unmapped_area = thp_get_unmapped_area,
972 .splice_read = ext4_file_splice_read,
973 .splice_write = iter_file_splice_write,
974 .fallocate = ext4_fallocate,
975 };
976
977 const struct inode_operations ext4_file_inode_operations = {
978 .setattr = ext4_setattr,
979 .getattr = ext4_file_getattr,
980 .listxattr = ext4_listxattr,
981 .get_inode_acl = ext4_get_acl,
982 .set_acl = ext4_set_acl,
983 .fiemap = ext4_fiemap,
984 .fileattr_get = ext4_fileattr_get,
985 .fileattr_set = ext4_fileattr_set,
986 };
987
Ubuntu combined Linux kernel mirror