]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - fs/iomap.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
f2fs: fix potential overflow
[mirror_ubuntu-bionic-kernel.git] / fs / iomap.c
1 /*
2 * Copyright (C) 2010 Red Hat, Inc.
3 * Copyright (c) 2016 Christoph Hellwig.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms and conditions of the GNU General Public License,
7 * version 2, as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
12 * more details.
13 */
14 #include <linux/module.h>
15 #include <linux/compiler.h>
16 #include <linux/fs.h>
17 #include <linux/iomap.h>
18 #include <linux/uaccess.h>
19 #include <linux/gfp.h>
20 #include <linux/mm.h>
21 #include <linux/swap.h>
22 #include <linux/pagemap.h>
23 #include <linux/file.h>
24 #include <linux/uio.h>
25 #include <linux/backing-dev.h>
26 #include <linux/buffer_head.h>
27 #include <linux/task_io_accounting_ops.h>
28 #include <linux/dax.h>
29 #include <linux/sched/signal.h>
30
31 #include "internal.h"
32
33 /*
34 * Execute a iomap write on a segment of the mapping that spans a
35 * contiguous range of pages that have identical block mapping state.
36 *
37 * This avoids the need to map pages individually, do individual allocations
38 * for each page and most importantly avoid the need for filesystem specific
39 * locking per page. Instead, all the operations are amortised over the entire
40 * range of pages. It is assumed that the filesystems will lock whatever
41 * resources they require in the iomap_begin call, and release them in the
42 * iomap_end call.
43 */
44 loff_t
45 iomap_apply(struct inode *inode, loff_t pos, loff_t length, unsigned flags,
46 const struct iomap_ops *ops, void *data, iomap_actor_t actor)
47 {
48 struct iomap iomap = { 0 };
49 loff_t written = 0, ret;
50
51 /*
52 * Need to map a range from start position for length bytes. This can
53 * span multiple pages - it is only guaranteed to return a range of a
54 * single type of pages (e.g. all into a hole, all mapped or all
55 * unwritten). Failure at this point has nothing to undo.
56 *
57 * If allocation is required for this range, reserve the space now so
58 * that the allocation is guaranteed to succeed later on. Once we copy
59 * the data into the page cache pages, then we cannot fail otherwise we
60 * expose transient stale data. If the reserve fails, we can safely
61 * back out at this point as there is nothing to undo.
62 */
63 ret = ops->iomap_begin(inode, pos, length, flags, &iomap);
64 if (ret)
65 return ret;
66 if (WARN_ON(iomap.offset > pos))
67 return -EIO;
68
69 /*
70 * Cut down the length to the one actually provided by the filesystem,
71 * as it might not be able to give us the whole size that we requested.
72 */
73 if (iomap.offset + iomap.length < pos + length)
74 length = iomap.offset + iomap.length - pos;
75
76 /*
77 * Now that we have guaranteed that the space allocation will succeed.
78 * we can do the copy-in page by page without having to worry about
79 * failures exposing transient data.
80 */
81 written = actor(inode, pos, length, data, &iomap);
82
83 /*
84 * Now the data has been copied, commit the range we've copied. This
85 * should not fail unless the filesystem has had a fatal error.
86 */
87 if (ops->iomap_end) {
88 ret = ops->iomap_end(inode, pos, length,
89 written > 0 ? written : 0,
90 flags, &iomap);
91 }
92
93 return written ? written : ret;
94 }
95
96 static void
97 iomap_write_failed(struct inode *inode, loff_t pos, unsigned len)
98 {
99 loff_t i_size = i_size_read(inode);
100
101 /*
102 * Only truncate newly allocated pages beyoned EOF, even if the
103 * write started inside the existing inode size.
104 */
105 if (pos + len > i_size)
106 truncate_pagecache_range(inode, max(pos, i_size), pos + len);
107 }
108
109 static int
110 iomap_write_begin(struct inode *inode, loff_t pos, unsigned len, unsigned flags,
111 struct page **pagep, struct iomap *iomap)
112 {
113 pgoff_t index = pos >> PAGE_SHIFT;
114 struct page *page;
115 int status = 0;
116
117 BUG_ON(pos + len > iomap->offset + iomap->length);
118
119 if (fatal_signal_pending(current))
120 return -EINTR;
121
122 page = grab_cache_page_write_begin(inode->i_mapping, index, flags);
123 if (!page)
124 return -ENOMEM;
125
126 status = __block_write_begin_int(page, pos, len, NULL, iomap);
127 if (unlikely(status)) {
128 unlock_page(page);
129 put_page(page);
130 page = NULL;
131
132 iomap_write_failed(inode, pos, len);
133 }
134
135 *pagep = page;
136 return status;
137 }
138
139 static int
140 iomap_write_end(struct inode *inode, loff_t pos, unsigned len,
141 unsigned copied, struct page *page)
142 {
143 int ret;
144
145 ret = generic_write_end(NULL, inode->i_mapping, pos, len,
146 copied, page, NULL);
147 if (ret < len)
148 iomap_write_failed(inode, pos, len);
149 return ret;
150 }
151
152 static loff_t
153 iomap_write_actor(struct inode *inode, loff_t pos, loff_t length, void *data,
154 struct iomap *iomap)
155 {
156 struct iov_iter *i = data;
157 long status = 0;
158 ssize_t written = 0;
159 unsigned int flags = AOP_FLAG_NOFS;
160
161 do {
162 struct page *page;
163 unsigned long offset; /* Offset into pagecache page */
164 unsigned long bytes; /* Bytes to write to page */
165 size_t copied; /* Bytes copied from user */
166
167 offset = (pos & (PAGE_SIZE - 1));
168 bytes = min_t(unsigned long, PAGE_SIZE - offset,
169 iov_iter_count(i));
170 again:
171 if (bytes > length)
172 bytes = length;
173
174 /*
175 * Bring in the user page that we will copy from _first_.
176 * Otherwise there's a nasty deadlock on copying from the
177 * same page as we're writing to, without it being marked
178 * up-to-date.
179 *
180 * Not only is this an optimisation, but it is also required
181 * to check that the address is actually valid, when atomic
182 * usercopies are used, below.
183 */
184 if (unlikely(iov_iter_fault_in_readable(i, bytes))) {
185 status = -EFAULT;
186 break;
187 }
188
189 status = iomap_write_begin(inode, pos, bytes, flags, &page,
190 iomap);
191 if (unlikely(status))
192 break;
193
194 if (mapping_writably_mapped(inode->i_mapping))
195 flush_dcache_page(page);
196
197 copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes);
198
199 flush_dcache_page(page);
200
201 status = iomap_write_end(inode, pos, bytes, copied, page);
202 if (unlikely(status < 0))
203 break;
204 copied = status;
205
206 cond_resched();
207
208 iov_iter_advance(i, copied);
209 if (unlikely(copied == 0)) {
210 /*
211 * If we were unable to copy any data at all, we must
212 * fall back to a single segment length write.
213 *
214 * If we didn't fallback here, we could livelock
215 * because not all segments in the iov can be copied at
216 * once without a pagefault.
217 */
218 bytes = min_t(unsigned long, PAGE_SIZE - offset,
219 iov_iter_single_seg_count(i));
220 goto again;
221 }
222 pos += copied;
223 written += copied;
224 length -= copied;
225
226 balance_dirty_pages_ratelimited(inode->i_mapping);
227 } while (iov_iter_count(i) && length);
228
229 return written ? written : status;
230 }
231
232 ssize_t
233 iomap_file_buffered_write(struct kiocb *iocb, struct iov_iter *iter,
234 const struct iomap_ops *ops)
235 {
236 struct inode *inode = iocb->ki_filp->f_mapping->host;
237 loff_t pos = iocb->ki_pos, ret = 0, written = 0;
238
239 while (iov_iter_count(iter)) {
240 ret = iomap_apply(inode, pos, iov_iter_count(iter),
241 IOMAP_WRITE, ops, iter, iomap_write_actor);
242 if (ret <= 0)
243 break;
244 pos += ret;
245 written += ret;
246 }
247
248 return written ? written : ret;
249 }
250 EXPORT_SYMBOL_GPL(iomap_file_buffered_write);
251
252 static struct page *
253 __iomap_read_page(struct inode *inode, loff_t offset)
254 {
255 struct address_space *mapping = inode->i_mapping;
256 struct page *page;
257
258 page = read_mapping_page(mapping, offset >> PAGE_SHIFT, NULL);
259 if (IS_ERR(page))
260 return page;
261 if (!PageUptodate(page)) {
262 put_page(page);
263 return ERR_PTR(-EIO);
264 }
265 return page;
266 }
267
268 static loff_t
269 iomap_dirty_actor(struct inode *inode, loff_t pos, loff_t length, void *data,
270 struct iomap *iomap)
271 {
272 long status = 0;
273 ssize_t written = 0;
274
275 do {
276 struct page *page, *rpage;
277 unsigned long offset; /* Offset into pagecache page */
278 unsigned long bytes; /* Bytes to write to page */
279
280 offset = (pos & (PAGE_SIZE - 1));
281 bytes = min_t(loff_t, PAGE_SIZE - offset, length);
282
283 rpage = __iomap_read_page(inode, pos);
284 if (IS_ERR(rpage))
285 return PTR_ERR(rpage);
286
287 status = iomap_write_begin(inode, pos, bytes,
288 AOP_FLAG_NOFS, &page, iomap);
289 put_page(rpage);
290 if (unlikely(status))
291 return status;
292
293 WARN_ON_ONCE(!PageUptodate(page));
294
295 status = iomap_write_end(inode, pos, bytes, bytes, page);
296 if (unlikely(status <= 0)) {
297 if (WARN_ON_ONCE(status == 0))
298 return -EIO;
299 return status;
300 }
301
302 cond_resched();
303
304 pos += status;
305 written += status;
306 length -= status;
307
308 balance_dirty_pages_ratelimited(inode->i_mapping);
309 } while (length);
310
311 return written;
312 }
313
314 int
315 iomap_file_dirty(struct inode *inode, loff_t pos, loff_t len,
316 const struct iomap_ops *ops)
317 {
318 loff_t ret;
319
320 while (len) {
321 ret = iomap_apply(inode, pos, len, IOMAP_WRITE, ops, NULL,
322 iomap_dirty_actor);
323 if (ret <= 0)
324 return ret;
325 pos += ret;
326 len -= ret;
327 }
328
329 return 0;
330 }
331 EXPORT_SYMBOL_GPL(iomap_file_dirty);
332
333 static int iomap_zero(struct inode *inode, loff_t pos, unsigned offset,
334 unsigned bytes, struct iomap *iomap)
335 {
336 struct page *page;
337 int status;
338
339 status = iomap_write_begin(inode, pos, bytes, AOP_FLAG_NOFS, &page,
340 iomap);
341 if (status)
342 return status;
343
344 zero_user(page, offset, bytes);
345 mark_page_accessed(page);
346
347 return iomap_write_end(inode, pos, bytes, bytes, page);
348 }
349
350 static int iomap_dax_zero(loff_t pos, unsigned offset, unsigned bytes,
351 struct iomap *iomap)
352 {
353 sector_t sector = (iomap->addr +
354 (pos & PAGE_MASK) - iomap->offset) >> 9;
355
356 return __dax_zero_page_range(iomap->bdev, iomap->dax_dev, sector,
357 offset, bytes);
358 }
359
360 static loff_t
361 iomap_zero_range_actor(struct inode *inode, loff_t pos, loff_t count,
362 void *data, struct iomap *iomap)
363 {
364 bool *did_zero = data;
365 loff_t written = 0;
366 int status;
367
368 /* already zeroed? we're done. */
369 if (iomap->type == IOMAP_HOLE || iomap->type == IOMAP_UNWRITTEN)
370 return count;
371
372 do {
373 unsigned offset, bytes;
374
375 offset = pos & (PAGE_SIZE - 1); /* Within page */
376 bytes = min_t(loff_t, PAGE_SIZE - offset, count);
377
378 if (IS_DAX(inode))
379 status = iomap_dax_zero(pos, offset, bytes, iomap);
380 else
381 status = iomap_zero(inode, pos, offset, bytes, iomap);
382 if (status < 0)
383 return status;
384
385 pos += bytes;
386 count -= bytes;
387 written += bytes;
388 if (did_zero)
389 *did_zero = true;
390 } while (count > 0);
391
392 return written;
393 }
394
395 int
396 iomap_zero_range(struct inode *inode, loff_t pos, loff_t len, bool *did_zero,
397 const struct iomap_ops *ops)
398 {
399 loff_t ret;
400
401 while (len > 0) {
402 ret = iomap_apply(inode, pos, len, IOMAP_ZERO,
403 ops, did_zero, iomap_zero_range_actor);
404 if (ret <= 0)
405 return ret;
406
407 pos += ret;
408 len -= ret;
409 }
410
411 return 0;
412 }
413 EXPORT_SYMBOL_GPL(iomap_zero_range);
414
415 int
416 iomap_truncate_page(struct inode *inode, loff_t pos, bool *did_zero,
417 const struct iomap_ops *ops)
418 {
419 unsigned int blocksize = i_blocksize(inode);
420 unsigned int off = pos & (blocksize - 1);
421
422 /* Block boundary? Nothing to do */
423 if (!off)
424 return 0;
425 return iomap_zero_range(inode, pos, blocksize - off, did_zero, ops);
426 }
427 EXPORT_SYMBOL_GPL(iomap_truncate_page);
428
429 static loff_t
430 iomap_page_mkwrite_actor(struct inode *inode, loff_t pos, loff_t length,
431 void *data, struct iomap *iomap)
432 {
433 struct page *page = data;
434 int ret;
435
436 ret = __block_write_begin_int(page, pos, length, NULL, iomap);
437 if (ret)
438 return ret;
439
440 block_commit_write(page, 0, length);
441 return length;
442 }
443
444 int iomap_page_mkwrite(struct vm_fault *vmf, const struct iomap_ops *ops)
445 {
446 struct page *page = vmf->page;
447 struct inode *inode = file_inode(vmf->vma->vm_file);
448 unsigned long length;
449 loff_t offset, size;
450 ssize_t ret;
451
452 lock_page(page);
453 size = i_size_read(inode);
454 if ((page->mapping != inode->i_mapping) ||
455 (page_offset(page) > size)) {
456 /* We overload EFAULT to mean page got truncated */
457 ret = -EFAULT;
458 goto out_unlock;
459 }
460
461 /* page is wholly or partially inside EOF */
462 if (((page->index + 1) << PAGE_SHIFT) > size)
463 length = size & ~PAGE_MASK;
464 else
465 length = PAGE_SIZE;
466
467 offset = page_offset(page);
468 while (length > 0) {
469 ret = iomap_apply(inode, offset, length,
470 IOMAP_WRITE | IOMAP_FAULT, ops, page,
471 iomap_page_mkwrite_actor);
472 if (unlikely(ret <= 0))
473 goto out_unlock;
474 offset += ret;
475 length -= ret;
476 }
477
478 set_page_dirty(page);
479 wait_for_stable_page(page);
480 return VM_FAULT_LOCKED;
481 out_unlock:
482 unlock_page(page);
483 return block_page_mkwrite_return(ret);
484 }
485 EXPORT_SYMBOL_GPL(iomap_page_mkwrite);
486
487 struct fiemap_ctx {
488 struct fiemap_extent_info *fi;
489 struct iomap prev;
490 };
491
492 static int iomap_to_fiemap(struct fiemap_extent_info *fi,
493 struct iomap *iomap, u32 flags)
494 {
495 switch (iomap->type) {
496 case IOMAP_HOLE:
497 /* skip holes */
498 return 0;
499 case IOMAP_DELALLOC:
500 flags |= FIEMAP_EXTENT_DELALLOC | FIEMAP_EXTENT_UNKNOWN;
501 break;
502 case IOMAP_UNWRITTEN:
503 flags |= FIEMAP_EXTENT_UNWRITTEN;
504 break;
505 case IOMAP_MAPPED:
506 break;
507 }
508
509 if (iomap->flags & IOMAP_F_MERGED)
510 flags |= FIEMAP_EXTENT_MERGED;
511 if (iomap->flags & IOMAP_F_SHARED)
512 flags |= FIEMAP_EXTENT_SHARED;
513 if (iomap->flags & IOMAP_F_DATA_INLINE)
514 flags |= FIEMAP_EXTENT_DATA_INLINE;
515
516 return fiemap_fill_next_extent(fi, iomap->offset,
517 iomap->addr != IOMAP_NULL_ADDR ? iomap->addr : 0,
518 iomap->length, flags);
519 }
520
521 static loff_t
522 iomap_fiemap_actor(struct inode *inode, loff_t pos, loff_t length, void *data,
523 struct iomap *iomap)
524 {
525 struct fiemap_ctx *ctx = data;
526 loff_t ret = length;
527
528 if (iomap->type == IOMAP_HOLE)
529 return length;
530
531 ret = iomap_to_fiemap(ctx->fi, &ctx->prev, 0);
532 ctx->prev = *iomap;
533 switch (ret) {
534 case 0: /* success */
535 return length;
536 case 1: /* extent array full */
537 return 0;
538 default:
539 return ret;
540 }
541 }
542
543 int iomap_fiemap(struct inode *inode, struct fiemap_extent_info *fi,
544 loff_t start, loff_t len, const struct iomap_ops *ops)
545 {
546 struct fiemap_ctx ctx;
547 loff_t ret;
548
549 memset(&ctx, 0, sizeof(ctx));
550 ctx.fi = fi;
551 ctx.prev.type = IOMAP_HOLE;
552
553 ret = fiemap_check_flags(fi, FIEMAP_FLAG_SYNC);
554 if (ret)
555 return ret;
556
557 if (fi->fi_flags & FIEMAP_FLAG_SYNC) {
558 ret = filemap_write_and_wait(inode->i_mapping);
559 if (ret)
560 return ret;
561 }
562
563 while (len > 0) {
564 ret = iomap_apply(inode, start, len, IOMAP_REPORT, ops, &ctx,
565 iomap_fiemap_actor);
566 /* inode with no (attribute) mapping will give ENOENT */
567 if (ret == -ENOENT)
568 break;
569 if (ret < 0)
570 return ret;
571 if (ret == 0)
572 break;
573
574 start += ret;
575 len -= ret;
576 }
577
578 if (ctx.prev.type != IOMAP_HOLE) {
579 ret = iomap_to_fiemap(fi, &ctx.prev, FIEMAP_EXTENT_LAST);
580 if (ret < 0)
581 return ret;
582 }
583
584 return 0;
585 }
586 EXPORT_SYMBOL_GPL(iomap_fiemap);
587
588 static loff_t
589 iomap_seek_hole_actor(struct inode *inode, loff_t offset, loff_t length,
590 void *data, struct iomap *iomap)
591 {
592 switch (iomap->type) {
593 case IOMAP_UNWRITTEN:
594 offset = page_cache_seek_hole_data(inode, offset, length,
595 SEEK_HOLE);
596 if (offset < 0)
597 return length;
598 /* fall through */
599 case IOMAP_HOLE:
600 *(loff_t *)data = offset;
601 return 0;
602 default:
603 return length;
604 }
605 }
606
607 loff_t
608 iomap_seek_hole(struct inode *inode, loff_t offset, const struct iomap_ops *ops)
609 {
610 loff_t size = i_size_read(inode);
611 loff_t length = size - offset;
612 loff_t ret;
613
614 /* Nothing to be found before or beyond the end of the file. */
615 if (offset < 0 || offset >= size)
616 return -ENXIO;
617
618 while (length > 0) {
619 ret = iomap_apply(inode, offset, length, IOMAP_REPORT, ops,
620 &offset, iomap_seek_hole_actor);
621 if (ret < 0)
622 return ret;
623 if (ret == 0)
624 break;
625
626 offset += ret;
627 length -= ret;
628 }
629
630 return offset;
631 }
632 EXPORT_SYMBOL_GPL(iomap_seek_hole);
633
634 static loff_t
635 iomap_seek_data_actor(struct inode *inode, loff_t offset, loff_t length,
636 void *data, struct iomap *iomap)
637 {
638 switch (iomap->type) {
639 case IOMAP_HOLE:
640 return length;
641 case IOMAP_UNWRITTEN:
642 offset = page_cache_seek_hole_data(inode, offset, length,
643 SEEK_DATA);
644 if (offset < 0)
645 return length;
646 /*FALLTHRU*/
647 default:
648 *(loff_t *)data = offset;
649 return 0;
650 }
651 }
652
653 loff_t
654 iomap_seek_data(struct inode *inode, loff_t offset, const struct iomap_ops *ops)
655 {
656 loff_t size = i_size_read(inode);
657 loff_t length = size - offset;
658 loff_t ret;
659
660 /* Nothing to be found before or beyond the end of the file. */
661 if (offset < 0 || offset >= size)
662 return -ENXIO;
663
664 while (length > 0) {
665 ret = iomap_apply(inode, offset, length, IOMAP_REPORT, ops,
666 &offset, iomap_seek_data_actor);
667 if (ret < 0)
668 return ret;
669 if (ret == 0)
670 break;
671
672 offset += ret;
673 length -= ret;
674 }
675
676 if (length <= 0)
677 return -ENXIO;
678 return offset;
679 }
680 EXPORT_SYMBOL_GPL(iomap_seek_data);
681
682 /*
683 * Private flags for iomap_dio, must not overlap with the public ones in
684 * iomap.h:
685 */
686 #define IOMAP_DIO_WRITE (1 << 30)
687 #define IOMAP_DIO_DIRTY (1 << 31)
688
689 struct iomap_dio {
690 struct kiocb *iocb;
691 iomap_dio_end_io_t *end_io;
692 loff_t i_size;
693 loff_t size;
694 atomic_t ref;
695 unsigned flags;
696 int error;
697 bool wait_for_completion;
698
699 union {
700 /* used during submission and for synchronous completion: */
701 struct {
702 struct iov_iter *iter;
703 struct task_struct *waiter;
704 struct request_queue *last_queue;
705 blk_qc_t cookie;
706 } submit;
707
708 /* used for aio completion: */
709 struct {
710 struct work_struct work;
711 } aio;
712 };
713 };
714
715 static ssize_t iomap_dio_complete(struct iomap_dio *dio)
716 {
717 struct kiocb *iocb = dio->iocb;
718 struct inode *inode = file_inode(iocb->ki_filp);
719 loff_t offset = iocb->ki_pos;
720 ssize_t ret;
721
722 if (dio->end_io) {
723 ret = dio->end_io(iocb,
724 dio->error ? dio->error : dio->size,
725 dio->flags);
726 } else {
727 ret = dio->error;
728 }
729
730 if (likely(!ret)) {
731 ret = dio->size;
732 /* check for short read */
733 if (offset + ret > dio->i_size &&
734 !(dio->flags & IOMAP_DIO_WRITE))
735 ret = dio->i_size - offset;
736 iocb->ki_pos += ret;
737 }
738
739 /*
740 * Try again to invalidate clean pages which might have been cached by
741 * non-direct readahead, or faulted in by get_user_pages() if the source
742 * of the write was an mmap'ed region of the file we're writing. Either
743 * one is a pretty crazy thing to do, so we don't support it 100%. If
744 * this invalidation fails, tough, the write still worked...
745 *
746 * And this page cache invalidation has to be after dio->end_io(), as
747 * some filesystems convert unwritten extents to real allocations in
748 * end_io() when necessary, otherwise a racing buffer read would cache
749 * zeros from unwritten extents.
750 */
751 if (!dio->error &&
752 (dio->flags & IOMAP_DIO_WRITE) && inode->i_mapping->nrpages) {
753 int err;
754 err = invalidate_inode_pages2_range(inode->i_mapping,
755 offset >> PAGE_SHIFT,
756 (offset + dio->size - 1) >> PAGE_SHIFT);
757 if (err)
758 dio_warn_stale_pagecache(iocb->ki_filp);
759 }
760
761 inode_dio_end(file_inode(iocb->ki_filp));
762 kfree(dio);
763
764 return ret;
765 }
766
767 static void iomap_dio_complete_work(struct work_struct *work)
768 {
769 struct iomap_dio *dio = container_of(work, struct iomap_dio, aio.work);
770 struct kiocb *iocb = dio->iocb;
771 bool is_write = (dio->flags & IOMAP_DIO_WRITE);
772 ssize_t ret;
773
774 ret = iomap_dio_complete(dio);
775 if (is_write && ret > 0)
776 ret = generic_write_sync(iocb, ret);
777 iocb->ki_complete(iocb, ret, 0);
778 }
779
780 /*
781 * Set an error in the dio if none is set yet. We have to use cmpxchg
782 * as the submission context and the completion context(s) can race to
783 * update the error.
784 */
785 static inline void iomap_dio_set_error(struct iomap_dio *dio, int ret)
786 {
787 cmpxchg(&dio->error, 0, ret);
788 }
789
790 static void iomap_dio_bio_end_io(struct bio *bio)
791 {
792 struct iomap_dio *dio = bio->bi_private;
793 bool should_dirty = (dio->flags & IOMAP_DIO_DIRTY);
794
795 if (bio->bi_status)
796 iomap_dio_set_error(dio, blk_status_to_errno(bio->bi_status));
797
798 if (atomic_dec_and_test(&dio->ref)) {
799 if (dio->wait_for_completion) {
800 struct task_struct *waiter = dio->submit.waiter;
801 WRITE_ONCE(dio->submit.waiter, NULL);
802 wake_up_process(waiter);
803 } else if (dio->flags & IOMAP_DIO_WRITE) {
804 struct inode *inode = file_inode(dio->iocb->ki_filp);
805
806 INIT_WORK(&dio->aio.work, iomap_dio_complete_work);
807 queue_work(inode->i_sb->s_dio_done_wq, &dio->aio.work);
808 } else {
809 iomap_dio_complete_work(&dio->aio.work);
810 }
811 }
812
813 if (should_dirty) {
814 bio_check_pages_dirty(bio);
815 } else {
816 struct bio_vec *bvec;
817 int i;
818
819 bio_for_each_segment_all(bvec, bio, i)
820 put_page(bvec->bv_page);
821 bio_put(bio);
822 }
823 }
824
825 static blk_qc_t
826 iomap_dio_zero(struct iomap_dio *dio, struct iomap *iomap, loff_t pos,
827 unsigned len)
828 {
829 struct page *page = ZERO_PAGE(0);
830 struct bio *bio;
831
832 bio = bio_alloc(GFP_KERNEL, 1);
833 bio_set_dev(bio, iomap->bdev);
834 bio->bi_iter.bi_sector =
835 (iomap->addr + pos - iomap->offset) >> 9;
836 bio->bi_private = dio;
837 bio->bi_end_io = iomap_dio_bio_end_io;
838
839 get_page(page);
840 if (bio_add_page(bio, page, len, 0) != len)
841 BUG();
842 bio_set_op_attrs(bio, REQ_OP_WRITE, REQ_SYNC | REQ_IDLE);
843
844 atomic_inc(&dio->ref);
845 return submit_bio(bio);
846 }
847
848 static loff_t
849 iomap_dio_actor(struct inode *inode, loff_t pos, loff_t length,
850 void *data, struct iomap *iomap)
851 {
852 struct iomap_dio *dio = data;
853 unsigned int blkbits = blksize_bits(bdev_logical_block_size(iomap->bdev));
854 unsigned int fs_block_size = i_blocksize(inode), pad;
855 unsigned int align = iov_iter_alignment(dio->submit.iter);
856 struct iov_iter iter;
857 struct bio *bio;
858 bool need_zeroout = false;
859 int nr_pages, ret = 0;
860 size_t copied = 0;
861
862 if ((pos | length | align) & ((1 << blkbits) - 1))
863 return -EINVAL;
864
865 switch (iomap->type) {
866 case IOMAP_HOLE:
867 if (WARN_ON_ONCE(dio->flags & IOMAP_DIO_WRITE))
868 return -EIO;
869 /*FALLTHRU*/
870 case IOMAP_UNWRITTEN:
871 if (!(dio->flags & IOMAP_DIO_WRITE)) {
872 length = iov_iter_zero(length, dio->submit.iter);
873 dio->size += length;
874 return length;
875 }
876 dio->flags |= IOMAP_DIO_UNWRITTEN;
877 need_zeroout = true;
878 break;
879 case IOMAP_MAPPED:
880 if (iomap->flags & IOMAP_F_SHARED)
881 dio->flags |= IOMAP_DIO_COW;
882 if (iomap->flags & IOMAP_F_NEW)
883 need_zeroout = true;
884 break;
885 default:
886 WARN_ON_ONCE(1);
887 return -EIO;
888 }
889
890 /*
891 * Operate on a partial iter trimmed to the extent we were called for.
892 * We'll update the iter in the dio once we're done with this extent.
893 */
894 iter = *dio->submit.iter;
895 iov_iter_truncate(&iter, length);
896
897 nr_pages = iov_iter_npages(&iter, BIO_MAX_PAGES);
898 if (nr_pages <= 0)
899 return nr_pages;
900
901 if (need_zeroout) {
902 /* zero out from the start of the block to the write offset */
903 pad = pos & (fs_block_size - 1);
904 if (pad)
905 iomap_dio_zero(dio, iomap, pos - pad, pad);
906 }
907
908 do {
909 size_t n;
910 if (dio->error) {
911 iov_iter_revert(dio->submit.iter, copied);
912 return 0;
913 }
914
915 bio = bio_alloc(GFP_KERNEL, nr_pages);
916 bio_set_dev(bio, iomap->bdev);
917 bio->bi_iter.bi_sector =
918 (iomap->addr + pos - iomap->offset) >> 9;
919 bio->bi_write_hint = dio->iocb->ki_hint;
920 bio->bi_private = dio;
921 bio->bi_end_io = iomap_dio_bio_end_io;
922
923 ret = bio_iov_iter_get_pages(bio, &iter);
924 if (unlikely(ret)) {
925 /*
926 * We have to stop part way through an IO. We must fall
927 * through to the sub-block tail zeroing here, otherwise
928 * this short IO may expose stale data in the tail of
929 * the block we haven't written data to.
930 */
931 bio_put(bio);
932 goto zero_tail;
933 }
934
935 n = bio->bi_iter.bi_size;
936 if (dio->flags & IOMAP_DIO_WRITE) {
937 bio_set_op_attrs(bio, REQ_OP_WRITE, REQ_SYNC | REQ_IDLE);
938 task_io_account_write(n);
939 } else {
940 bio_set_op_attrs(bio, REQ_OP_READ, 0);
941 if (dio->flags & IOMAP_DIO_DIRTY)
942 bio_set_pages_dirty(bio);
943 }
944
945 iov_iter_advance(dio->submit.iter, n);
946
947 dio->size += n;
948 pos += n;
949 copied += n;
950
951 nr_pages = iov_iter_npages(&iter, BIO_MAX_PAGES);
952
953 atomic_inc(&dio->ref);
954
955 dio->submit.last_queue = bdev_get_queue(iomap->bdev);
956 dio->submit.cookie = submit_bio(bio);
957 } while (nr_pages);
958
959 /*
960 * We need to zeroout the tail of a sub-block write if the extent type
961 * requires zeroing or the write extends beyond EOF. If we don't zero
962 * the block tail in the latter case, we can expose stale data via mmap
963 * reads of the EOF block.
964 */
965 zero_tail:
966 if (need_zeroout ||
967 ((dio->flags & IOMAP_DIO_WRITE) && pos >= i_size_read(inode))) {
968 /* zero out from the end of the write to the end of the block */
969 pad = pos & (fs_block_size - 1);
970 if (pad)
971 iomap_dio_zero(dio, iomap, pos, fs_block_size - pad);
972 }
973 return copied ? copied : ret;
974 }
975
976 ssize_t
977 iomap_dio_rw(struct kiocb *iocb, struct iov_iter *iter,
978 const struct iomap_ops *ops, iomap_dio_end_io_t end_io)
979 {
980 struct address_space *mapping = iocb->ki_filp->f_mapping;
981 struct inode *inode = file_inode(iocb->ki_filp);
982 size_t count = iov_iter_count(iter);
983 loff_t pos = iocb->ki_pos, start = pos;
984 loff_t end = iocb->ki_pos + count - 1, ret = 0;
985 unsigned int flags = IOMAP_DIRECT;
986 bool wait_for_completion = is_sync_kiocb(iocb);
987 struct blk_plug plug;
988 struct iomap_dio *dio;
989
990 lockdep_assert_held(&inode->i_rwsem);
991
992 if (!count)
993 return 0;
994
995 dio = kmalloc(sizeof(*dio), GFP_KERNEL);
996 if (!dio)
997 return -ENOMEM;
998
999 dio->iocb = iocb;
1000 atomic_set(&dio->ref, 1);
1001 dio->size = 0;
1002 dio->i_size = i_size_read(inode);
1003 dio->end_io = end_io;
1004 dio->error = 0;
1005 dio->flags = 0;
1006
1007 dio->submit.iter = iter;
1008 dio->submit.waiter = current;
1009 dio->submit.cookie = BLK_QC_T_NONE;
1010 dio->submit.last_queue = NULL;
1011
1012 if (iov_iter_rw(iter) == READ) {
1013 if (pos >= dio->i_size)
1014 goto out_free_dio;
1015
1016 if (iter->type == ITER_IOVEC)
1017 dio->flags |= IOMAP_DIO_DIRTY;
1018 } else {
1019 dio->flags |= IOMAP_DIO_WRITE;
1020 flags |= IOMAP_WRITE;
1021 }
1022
1023 if (iocb->ki_flags & IOCB_NOWAIT) {
1024 if (filemap_range_has_page(mapping, start, end)) {
1025 ret = -EAGAIN;
1026 goto out_free_dio;
1027 }
1028 flags |= IOMAP_NOWAIT;
1029 }
1030
1031 ret = filemap_write_and_wait_range(mapping, start, end);
1032 if (ret)
1033 goto out_free_dio;
1034
1035 /*
1036 * Try to invalidate cache pages for the range we're direct
1037 * writing. If this invalidation fails, tough, the write will
1038 * still work, but racing two incompatible write paths is a
1039 * pretty crazy thing to do, so we don't support it 100%.
1040 */
1041 ret = invalidate_inode_pages2_range(mapping,
1042 start >> PAGE_SHIFT, end >> PAGE_SHIFT);
1043 if (ret)
1044 dio_warn_stale_pagecache(iocb->ki_filp);
1045 ret = 0;
1046
1047 if (iov_iter_rw(iter) == WRITE && !wait_for_completion &&
1048 !inode->i_sb->s_dio_done_wq) {
1049 ret = sb_init_dio_done_wq(inode->i_sb);
1050 if (ret < 0)
1051 goto out_free_dio;
1052 }
1053
1054 inode_dio_begin(inode);
1055
1056 blk_start_plug(&plug);
1057 do {
1058 ret = iomap_apply(inode, pos, count, flags, ops, dio,
1059 iomap_dio_actor);
1060 if (ret <= 0) {
1061 /* magic error code to fall back to buffered I/O */
1062 if (ret == -ENOTBLK) {
1063 wait_for_completion = true;
1064 ret = 0;
1065 }
1066 break;
1067 }
1068 pos += ret;
1069
1070 if (iov_iter_rw(iter) == READ && pos >= dio->i_size) {
1071 /*
1072 * We only report that we've read data up to i_size.
1073 * Revert iter to a state corresponding to that as
1074 * some callers (such as splice code) rely on it.
1075 */
1076 iov_iter_revert(iter, pos - dio->i_size);
1077 break;
1078 }
1079 } while ((count = iov_iter_count(iter)) > 0);
1080 blk_finish_plug(&plug);
1081
1082 if (ret < 0)
1083 iomap_dio_set_error(dio, ret);
1084
1085 /*
1086 * We are about to drop our additional submission reference, which
1087 * might be the last reference to the dio. There are three three
1088 * different ways we can progress here:
1089 *
1090 * (a) If this is the last reference we will always complete and free
1091 * the dio ourselves.
1092 * (b) If this is not the last reference, and we serve an asynchronous
1093 * iocb, we must never touch the dio after the decrement, the
1094 * I/O completion handler will complete and free it.
1095 * (c) If this is not the last reference, but we serve a synchronous
1096 * iocb, the I/O completion handler will wake us up on the drop
1097 * of the final reference, and we will complete and free it here
1098 * after we got woken by the I/O completion handler.
1099 */
1100 dio->wait_for_completion = wait_for_completion;
1101 if (!atomic_dec_and_test(&dio->ref)) {
1102 if (!wait_for_completion)
1103 return -EIOCBQUEUED;
1104
1105 for (;;) {
1106 set_current_state(TASK_UNINTERRUPTIBLE);
1107 if (!READ_ONCE(dio->submit.waiter))
1108 break;
1109
1110 if (!(iocb->ki_flags & IOCB_HIPRI) ||
1111 !dio->submit.last_queue ||
1112 !blk_poll(dio->submit.last_queue,
1113 dio->submit.cookie))
1114 io_schedule();
1115 }
1116 __set_current_state(TASK_RUNNING);
1117 }
1118
1119 return iomap_dio_complete(dio);
1120
1121 out_free_dio:
1122 kfree(dio);
1123 return ret;
1124 }
1125 EXPORT_SYMBOL_GPL(iomap_dio_rw);
ubuntu-bionic-kernel mirror