Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / dfcbc5b4216d8b05fe1b0b285a1d837dad51e7cb / . / ap / os / linux / linux-3.4.x / mm / filemap.c
blob: 8da7574c258ace04cbfcec422d12d6b3af096a3b [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame]1/*
2 * linux/mm/filemap.c
3 *
4 * Copyright (C) 1994-1999 Linus Torvalds
5 */
6
7/*
8 * This file handles the generic file mmap semantics used by
9 * most "normal" filesystems (but you don't /have/ to use this:
10 * the NFS filesystem used to do this differently, for example)
11 */
12#include <linux/export.h>
13#include <linux/compiler.h>
14#include <linux/fs.h>
15#include <linux/uaccess.h>
16#include <linux/aio.h>
17#include <linux/capability.h>
18#include <linux/kernel_stat.h>
19#include <linux/gfp.h>
20#include <linux/mm.h>
21#include <linux/swap.h>
22#include <linux/mman.h>
23#include <linux/pagemap.h>
24#include <linux/file.h>
25#include <linux/uio.h>
26#include <linux/hash.h>
27#include <linux/writeback.h>
28#include <linux/backing-dev.h>
29#include <linux/pagevec.h>
30#include <linux/blkdev.h>
31#include <linux/security.h>
32#include <linux/syscalls.h>
33#include <linux/cpuset.h>
34#include <linux/hardirq.h> /* for BUG_ON(!in_atomic()) only */
35#include <linux/memcontrol.h>
36#include <linux/cleancache.h>
37#include "internal.h"
38
39/*
40 * FIXME: remove all knowledge of the buffer layer from the core VM
41 */
42#include <linux/buffer_head.h> /* for try_to_free_buffers */
43
44#include <asm/mman.h>
45
46/*
47 * Shared mappings implemented 30.11.1994. It's not fully working yet,
48 * though.
49 *
50 * Shared mappings now work. 15.8.1995 Bruno.
51 *
52 * finished 'unifying' the page and buffer cache and SMP-threaded the
53 * page-cache, 21.05.1999, Ingo Molnar <mingo@redhat.com>
54 *
55 * SMP-threaded pagemap-LRU 1999, Andrea Arcangeli <andrea@suse.de>
56 */
57
58/*
59 * Lock ordering:
60 *
61 * ->i_mmap_mutex (truncate_pagecache)
62 * ->private_lock (__free_pte->__set_page_dirty_buffers)
63 * ->swap_lock (exclusive_swap_page, others)
64 * ->mapping->tree_lock
65 *
66 * ->i_mutex
67 * ->i_mmap_mutex (truncate->unmap_mapping_range)
68 *
69 * ->mmap_sem
70 * ->i_mmap_mutex
71 * ->page_table_lock or pte_lock (various, mainly in memory.c)
72 * ->mapping->tree_lock (arch-dependent flush_dcache_mmap_lock)
73 *
74 * ->mmap_sem
75 * ->lock_page (access_process_vm)
76 *
77 * ->i_mutex (generic_file_buffered_write)
78 * ->mmap_sem (fault_in_pages_readable->do_page_fault)
79 *
80 * bdi->wb.list_lock
81 * sb_lock (fs/fs-writeback.c)
82 * ->mapping->tree_lock (__sync_single_inode)
83 *
84 * ->i_mmap_mutex
85 * ->anon_vma.lock (vma_adjust)
86 *
87 * ->anon_vma.lock
88 * ->page_table_lock or pte_lock (anon_vma_prepare and various)
89 *
90 * ->page_table_lock or pte_lock
91 * ->swap_lock (try_to_unmap_one)
92 * ->private_lock (try_to_unmap_one)
93 * ->tree_lock (try_to_unmap_one)
94 * ->zone.lru_lock (follow_page->mark_page_accessed)
95 * ->zone.lru_lock (check_pte_range->isolate_lru_page)
96 * ->private_lock (page_remove_rmap->set_page_dirty)
97 * ->tree_lock (page_remove_rmap->set_page_dirty)
98 * bdi.wb->list_lock (page_remove_rmap->set_page_dirty)
99 * ->inode->i_lock (page_remove_rmap->set_page_dirty)
100 * bdi.wb->list_lock (zap_pte_range->set_page_dirty)
101 * ->inode->i_lock (zap_pte_range->set_page_dirty)
102 * ->private_lock (zap_pte_range->__set_page_dirty_buffers)
103 *
104 * ->i_mmap_mutex
105 * ->tasklist_lock (memory_failure, collect_procs_ao)
106 */
107
108/*
109 * Delete a page from the page cache and free it. Caller has to make
110 * sure the page is locked and that nobody else uses it - or that usage
111 * is safe. The caller must hold the mapping's tree_lock.
112 */
113void __delete_from_page_cache(struct page *page)
114{
115 struct address_space *mapping = page->mapping;
116
117 /*
118 * if we're uptodate, flush out into the cleancache, otherwise
119 * invalidate any existing cleancache entries. We can't leave
120 * stale data around in the cleancache once our page is gone
121 */
122 if (PageUptodate(page) && PageMappedToDisk(page))
123 cleancache_put_page(page);
124 else
125 cleancache_invalidate_page(mapping, page);
126
127 radix_tree_delete(&mapping->page_tree, page->index);
128 page->mapping = NULL;
129 /* Leave page->index set: truncation lookup relies upon it */
130 mapping->nrpages--;
131 __dec_zone_page_state(page, NR_FILE_PAGES);
132 if (PageSwapBacked(page))
133 __dec_zone_page_state(page, NR_SHMEM);
134#ifdef CONFIG_LIMIT_PAGE_CACHE
135 if(mapping_gfp_mask(mapping) & __GFP_PAGERAMFS)
136 __dec_zone_page_state(page, NR_RAMFS_PAGES);
137 else if(mapping_gfp_mask(mapping) & __GFP_PAGETMPFS)
138 __dec_zone_page_state(page, NR_TMPFS_PAGES);
139#endif
140
141 BUG_ON(page_mapped(page));
142
143 /*
144 * Some filesystems seem to re-dirty the page even after
145 * the VM has canceled the dirty bit (eg ext3 journaling).
146 *
147 * Fix it up by doing a final dirty accounting check after
148 * having removed the page entirely.
149 */
150 if (PageDirty(page) && mapping_cap_account_dirty(mapping)) {
151 dec_zone_page_state(page, NR_FILE_DIRTY);
152 dec_bdi_stat(mapping->backing_dev_info, BDI_RECLAIMABLE);
153 }
154}
155
156/**
157 * delete_from_page_cache - delete page from page cache
158 * @page: the page which the kernel is trying to remove from page cache
159 *
160 * This must be called only on pages that have been verified to be in the page
161 * cache and locked. It will never put the page into the free list, the caller
162 * has a reference on the page.
163 */
164void delete_from_page_cache(struct page *page)
165{
166 struct address_space *mapping = page->mapping;
167 void (*freepage)(struct page *);
168 unsigned long flags;
169
170 BUG_ON(!PageLocked(page));
171
172 freepage = mapping->a_ops->freepage;
173 spin_lock_irq(&mapping->tree_lock);
174 local_irq_save(flags);
175 __delete_from_page_cache(page);
176 local_irq_restore(flags);
177 spin_unlock_irq(&mapping->tree_lock);
178 mem_cgroup_uncharge_cache_page(page);
179
180 if (freepage)
181 freepage(page);
182 page_cache_release(page);
183}
184EXPORT_SYMBOL(delete_from_page_cache);
185
186static int sleep_on_page(void *word)
187{
188 io_schedule();
189 return 0;
190}
191
192static int sleep_on_page_killable(void *word)
193{
194 sleep_on_page(word);
195 return fatal_signal_pending(current) ? -EINTR : 0;
196}
197
198/**
199 * __filemap_fdatawrite_range - start writeback on mapping dirty pages in range
200 * @mapping: address space structure to write
201 * @start: offset in bytes where the range starts
202 * @end: offset in bytes where the range ends (inclusive)
203 * @sync_mode: enable synchronous operation
204 *
205 * Start writeback against all of a mapping's dirty pages that lie
206 * within the byte offsets <start, end> inclusive.
207 *
208 * If sync_mode is WB_SYNC_ALL then this is a "data integrity" operation, as
209 * opposed to a regular memory cleansing writeback. The difference between
210 * these two operations is that if a dirty page/buffer is encountered, it must
211 * be waited upon, and not just skipped over.
212 */
213int __filemap_fdatawrite_range(struct address_space *mapping, loff_t start,
214 loff_t end, int sync_mode)
215{
216 int ret;
217 struct writeback_control wbc = {
218 .sync_mode = sync_mode,
219 .nr_to_write = LONG_MAX,
220 .range_start = start,
221 .range_end = end,
222 };
223
224 if (!mapping_cap_writeback_dirty(mapping))
225 return 0;
226
227 ret = do_writepages(mapping, &wbc);
228 return ret;
229}
230
231static inline int __filemap_fdatawrite(struct address_space *mapping,
232 int sync_mode)
233{
234 return __filemap_fdatawrite_range(mapping, 0, LLONG_MAX, sync_mode);
235}
236
237int filemap_fdatawrite(struct address_space *mapping)
238{
239 return __filemap_fdatawrite(mapping, WB_SYNC_ALL);
240}
241EXPORT_SYMBOL(filemap_fdatawrite);
242
243int filemap_fdatawrite_range(struct address_space *mapping, loff_t start,
244 loff_t end)
245{
246 return __filemap_fdatawrite_range(mapping, start, end, WB_SYNC_ALL);
247}
248EXPORT_SYMBOL(filemap_fdatawrite_range);
249
250/**
251 * filemap_flush - mostly a non-blocking flush
252 * @mapping: target address_space
253 *
254 * This is a mostly non-blocking flush. Not suitable for data-integrity
255 * purposes - I/O may not be started against all dirty pages.
256 */
257int filemap_flush(struct address_space *mapping)
258{
259 return __filemap_fdatawrite(mapping, WB_SYNC_NONE);
260}
261EXPORT_SYMBOL(filemap_flush);
262
263/**
264 * filemap_fdatawait_range - wait for writeback to complete
265 * @mapping: address space structure to wait for
266 * @start_byte: offset in bytes where the range starts
267 * @end_byte: offset in bytes where the range ends (inclusive)
268 *
269 * Walk the list of under-writeback pages of the given address space
270 * in the given range and wait for all of them.
271 */
272int filemap_fdatawait_range(struct address_space *mapping, loff_t start_byte,
273 loff_t end_byte)
274{
275 pgoff_t index = start_byte >> PAGE_CACHE_SHIFT;
276 pgoff_t end = end_byte >> PAGE_CACHE_SHIFT;
277 struct pagevec pvec;
278 int nr_pages;
279 int ret = 0;
280
281 if (end_byte < start_byte)
282 return 0;
283
284 pagevec_init(&pvec, 0);
285 while ((index <= end) &&
286 (nr_pages = pagevec_lookup_tag(&pvec, mapping, &index,
287 PAGECACHE_TAG_WRITEBACK,
288 min(end - index, (pgoff_t)PAGEVEC_SIZE-1) + 1)) != 0) {
289 unsigned i;
290
291 for (i = 0; i < nr_pages; i++) {
292 struct page *page = pvec.pages[i];
293
294 /* until radix tree lookup accepts end_index */
295 if (page->index > end)
296 continue;
297
298 wait_on_page_writeback(page);
299 if (TestClearPageError(page))
300 ret = -EIO;
301 }
302 pagevec_release(&pvec);
303 cond_resched();
304 }
305
306 /* Check for outstanding write errors */
307 if (test_and_clear_bit(AS_ENOSPC, &mapping->flags))
308 ret = -ENOSPC;
309 if (test_and_clear_bit(AS_EIO, &mapping->flags))
310 ret = -EIO;
311
312 return ret;
313}
314EXPORT_SYMBOL(filemap_fdatawait_range);
315
316/**
317 * filemap_fdatawait - wait for all under-writeback pages to complete
318 * @mapping: address space structure to wait for
319 *
320 * Walk the list of under-writeback pages of the given address space
321 * and wait for all of them.
322 */
323int filemap_fdatawait(struct address_space *mapping)
324{
325 loff_t i_size = i_size_read(mapping->host);
326
327 if (i_size == 0)
328 return 0;
329
330 return filemap_fdatawait_range(mapping, 0, i_size - 1);
331}
332EXPORT_SYMBOL(filemap_fdatawait);
333
334int filemap_write_and_wait(struct address_space *mapping)
335{
336 int err = 0;
337
338 if (mapping->nrpages) {
339 err = filemap_fdatawrite(mapping);
340 /*
341 * Even if the above returned error, the pages may be
342 * written partially (e.g. -ENOSPC), so we wait for it.
343 * But the -EIO is special case, it may indicate the worst
344 * thing (e.g. bug) happened, so we avoid waiting for it.
345 */
346 if (err != -EIO) {
347 int err2 = filemap_fdatawait(mapping);
348 if (!err)
349 err = err2;
350 }
351 }
352 return err;
353}
354EXPORT_SYMBOL(filemap_write_and_wait);
355
356/**
357 * filemap_write_and_wait_range - write out & wait on a file range
358 * @mapping: the address_space for the pages
359 * @lstart: offset in bytes where the range starts
360 * @lend: offset in bytes where the range ends (inclusive)
361 *
362 * Write out and wait upon file offsets lstart->lend, inclusive.
363 *
364 * Note that `lend' is inclusive (describes the last byte to be written) so
365 * that this function can be used to write to the very end-of-file (end = -1).
366 */
367int filemap_write_and_wait_range(struct address_space *mapping,
368 loff_t lstart, loff_t lend)
369{
370 int err = 0;
371
372 if (mapping->nrpages) {
373 err = __filemap_fdatawrite_range(mapping, lstart, lend,
374 WB_SYNC_ALL);
375 /* See comment of filemap_write_and_wait() */
376 if (err != -EIO) {
377 int err2 = filemap_fdatawait_range(mapping,
378 lstart, lend);
379 if (!err)
380 err = err2;
381 }
382 }
383 return err;
384}
385EXPORT_SYMBOL(filemap_write_and_wait_range);
386
387/**
388 * replace_page_cache_page - replace a pagecache page with a new one
389 * @old: page to be replaced
390 * @new: page to replace with
391 * @gfp_mask: allocation mode
392 *
393 * This function replaces a page in the pagecache with a new one. On
394 * success it acquires the pagecache reference for the new page and
395 * drops it for the old page. Both the old and new pages must be
396 * locked. This function does not add the new page to the LRU, the
397 * caller must do that.
398 *
399 * The remove + add is atomic. The only way this function can fail is
400 * memory allocation failure.
401 */
402int replace_page_cache_page(struct page *old, struct page *new, gfp_t gfp_mask)
403{
404 int error;
405
406 VM_BUG_ON(!PageLocked(old));
407 VM_BUG_ON(!PageLocked(new));
408 VM_BUG_ON(new->mapping);
409
410 error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM);
411 if (!error) {
412 struct address_space *mapping = old->mapping;
413 void (*freepage)(struct page *);
414
415 pgoff_t offset = old->index;
416 freepage = mapping->a_ops->freepage;
417
418 page_cache_get(new);
419 new->mapping = mapping;
420 new->index = offset;
421
422 spin_lock_irq(&mapping->tree_lock);
423 __delete_from_page_cache(old);
424 error = radix_tree_insert(&mapping->page_tree, offset, new);
425 BUG_ON(error);
426 mapping->nrpages++;
427 __inc_zone_page_state(new, NR_FILE_PAGES);
428 if (PageSwapBacked(new))
429 __inc_zone_page_state(new, NR_SHMEM);
430#ifdef CONFIG_LIMIT_PAGE_CACHE
431 if(mapping_gfp_mask(mapping) & __GFP_PAGERAMFS)
432 __inc_zone_page_state(new, NR_RAMFS_PAGES);
433 else if(mapping_gfp_mask(mapping) & __GFP_PAGETMPFS)
434 __inc_zone_page_state(new, NR_TMPFS_PAGES);
435#endif
436 spin_unlock_irq(&mapping->tree_lock);
437 /* mem_cgroup codes must not be called under tree_lock */
438 mem_cgroup_replace_page_cache(old, new);
439 radix_tree_preload_end();
440 if (freepage)
441 freepage(old);
442 page_cache_release(old);
443 }
444
445 return error;
446}
447EXPORT_SYMBOL_GPL(replace_page_cache_page);
448
449/**
450 * add_to_page_cache_locked - add a locked page to the pagecache
451 * @page: page to add
452 * @mapping: the page's address_space
453 * @offset: page index
454 * @gfp_mask: page allocation mode
455 *
456 * This function is used to add a page to the pagecache. It must be locked.
457 * This function does not add the page to the LRU. The caller must do that.
458 */
459int add_to_page_cache_locked(struct page *page, struct address_space *mapping,
460 pgoff_t offset, gfp_t gfp_mask)
461{
462 int error;
463
464 VM_BUG_ON(!PageLocked(page));
465 VM_BUG_ON(PageSwapBacked(page));
466
467 error = mem_cgroup_cache_charge(page, current->mm,
468 gfp_mask & GFP_RECLAIM_MASK);
469 if (error)
470 goto out;
471
472 error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM);
473 if (error == 0) {
474 page_cache_get(page);
475 page->mapping = mapping;
476 page->index = offset;
477
478 spin_lock_irq(&mapping->tree_lock);
479 error = radix_tree_insert(&mapping->page_tree, offset, page);
480 if (likely(!error)) {
481 mapping->nrpages++;
482 __inc_zone_page_state(page, NR_FILE_PAGES);
483#ifdef CONFIG_LIMIT_PAGE_CACHE
484 if(mapping_gfp_mask(mapping) & __GFP_PAGERAMFS)
485 __inc_zone_page_state(page, NR_RAMFS_PAGES);
486 else if(mapping_gfp_mask(mapping) & __GFP_PAGETMPFS)
487 __inc_zone_page_state(page, NR_TMPFS_PAGES);
488#endif
489 spin_unlock_irq(&mapping->tree_lock);
490 } else {
491 page->mapping = NULL;
492 /* Leave page->index set: truncation relies upon it */
493 spin_unlock_irq(&mapping->tree_lock);
494 mem_cgroup_uncharge_cache_page(page);
495 page_cache_release(page);
496 }
497 radix_tree_preload_end();
498 } else
499 mem_cgroup_uncharge_cache_page(page);
500out:
501 return error;
502}
503EXPORT_SYMBOL(add_to_page_cache_locked);
504
505int add_to_page_cache_lru(struct page *page, struct address_space *mapping,
506 pgoff_t offset, gfp_t gfp_mask)
507{
508 int ret;
509
510 ret = add_to_page_cache(page, mapping, offset, gfp_mask);
511 if (ret == 0)
512 lru_cache_add_file(page);
513 return ret;
514}
515EXPORT_SYMBOL_GPL(add_to_page_cache_lru);
516
517#ifdef CONFIG_NUMA
518struct page *__page_cache_alloc(gfp_t gfp)
519{
520 int n;
521 struct page *page;
522
523 if (cpuset_do_page_mem_spread()) {
524 unsigned int cpuset_mems_cookie;
525 do {
526 cpuset_mems_cookie = get_mems_allowed();
527 n = cpuset_mem_spread_node();
528 page = alloc_pages_exact_node(n, gfp, 0);
529 } while (!put_mems_allowed(cpuset_mems_cookie) && !page);
530
531 return page;
532 }
533 return alloc_pages(gfp, 0);
534}
535EXPORT_SYMBOL(__page_cache_alloc);
536#endif
537
538/*
539 * In order to wait for pages to become available there must be
540 * waitqueues associated with pages. By using a hash table of
541 * waitqueues where the bucket discipline is to maintain all
542 * waiters on the same queue and wake all when any of the pages
543 * become available, and for the woken contexts to check to be
544 * sure the appropriate page became available, this saves space
545 * at a cost of "thundering herd" phenomena during rare hash
546 * collisions.
547 */
548static wait_queue_head_t *page_waitqueue(struct page *page)
549{
550 const struct zone *zone = page_zone(page);
551
552 return &zone->wait_table[hash_ptr(page, zone->wait_table_bits)];
553}
554
555static inline void wake_up_page(struct page *page, int bit)
556{
557 __wake_up_bit(page_waitqueue(page), &page->flags, bit);
558}
559
560void wait_on_page_bit(struct page *page, int bit_nr)
561{
562 DEFINE_WAIT_BIT(wait, &page->flags, bit_nr);
563
564 if (test_bit(bit_nr, &page->flags))
565 __wait_on_bit(page_waitqueue(page), &wait, sleep_on_page,
566 TASK_UNINTERRUPTIBLE);
567}
568EXPORT_SYMBOL(wait_on_page_bit);
569
570int wait_on_page_bit_killable(struct page *page, int bit_nr)
571{
572 DEFINE_WAIT_BIT(wait, &page->flags, bit_nr);
573
574 if (!test_bit(bit_nr, &page->flags))
575 return 0;
576
577 return __wait_on_bit(page_waitqueue(page), &wait,
578 sleep_on_page_killable, TASK_KILLABLE);
579}
580
581/**
582 * add_page_wait_queue - Add an arbitrary waiter to a page's wait queue
583 * @page: Page defining the wait queue of interest
584 * @waiter: Waiter to add to the queue
585 *
586 * Add an arbitrary @waiter to the wait queue for the nominated @page.
587 */
588void add_page_wait_queue(struct page *page, wait_queue_t *waiter)
589{
590 wait_queue_head_t *q = page_waitqueue(page);
591 unsigned long flags;
592
593 spin_lock_irqsave(&q->lock, flags);
594 __add_wait_queue(q, waiter);
595 spin_unlock_irqrestore(&q->lock, flags);
596}
597EXPORT_SYMBOL_GPL(add_page_wait_queue);
598
599/**
600 * unlock_page - unlock a locked page
601 * @page: the page
602 *
603 * Unlocks the page and wakes up sleepers in ___wait_on_page_locked().
604 * Also wakes sleepers in wait_on_page_writeback() because the wakeup
605 * mechananism between PageLocked pages and PageWriteback pages is shared.
606 * But that's OK - sleepers in wait_on_page_writeback() just go back to sleep.
607 *
608 * The mb is necessary to enforce ordering between the clear_bit and the read
609 * of the waitqueue (to avoid SMP races with a parallel wait_on_page_locked()).
610 */
611void unlock_page(struct page *page)
612{
613 VM_BUG_ON(!PageLocked(page));
614 clear_bit_unlock(PG_locked, &page->flags);
615 smp_mb__after_clear_bit();
616 wake_up_page(page, PG_locked);
617}
618EXPORT_SYMBOL(unlock_page);
619
620/**
621 * end_page_writeback - end writeback against a page
622 * @page: the page
623 */
624void end_page_writeback(struct page *page)
625{
626 if (TestClearPageReclaim(page))
627 rotate_reclaimable_page(page);
628
629 if (!test_clear_page_writeback(page))
630 BUG();
631
632 smp_mb__after_clear_bit();
633 wake_up_page(page, PG_writeback);
634}
635EXPORT_SYMBOL(end_page_writeback);
636
637/**
638 * __lock_page - get a lock on the page, assuming we need to sleep to get it
639 * @page: the page to lock
640 */
641void __lock_page(struct page *page)
642{
643 DEFINE_WAIT_BIT(wait, &page->flags, PG_locked);
644
645 __wait_on_bit_lock(page_waitqueue(page), &wait, sleep_on_page,
646 TASK_UNINTERRUPTIBLE);
647}
648EXPORT_SYMBOL(__lock_page);
649
650int __lock_page_killable(struct page *page)
651{
652 DEFINE_WAIT_BIT(wait, &page->flags, PG_locked);
653
654 return __wait_on_bit_lock(page_waitqueue(page), &wait,
655 sleep_on_page_killable, TASK_KILLABLE);
656}
657EXPORT_SYMBOL_GPL(__lock_page_killable);
658
659int __lock_page_or_retry(struct page *page, struct mm_struct *mm,
660 unsigned int flags)
661{
662 if (flags & FAULT_FLAG_ALLOW_RETRY) {
663 /*
664 * CAUTION! In this case, mmap_sem is not released
665 * even though return 0.
666 */
667 if (flags & FAULT_FLAG_RETRY_NOWAIT)
668 return 0;
669
670 up_read(&mm->mmap_sem);
671 if (flags & FAULT_FLAG_KILLABLE)
672 wait_on_page_locked_killable(page);
673 else
674 wait_on_page_locked(page);
675 return 0;
676 } else {
677 if (flags & FAULT_FLAG_KILLABLE) {
678 int ret;
679
680 ret = __lock_page_killable(page);
681 if (ret) {
682 up_read(&mm->mmap_sem);
683 return 0;
684 }
685 } else
686 __lock_page(page);
687 return 1;
688 }
689}
690
691/**
692 * find_get_page - find and get a page reference
693 * @mapping: the address_space to search
694 * @offset: the page index
695 *
696 * Is there a pagecache struct page at the given (mapping, offset) tuple?
697 * If yes, increment its refcount and return it; if no, return NULL.
698 */
699struct page *find_get_page(struct address_space *mapping, pgoff_t offset)
700{
701 void **pagep;
702 struct page *page;
703
704 rcu_read_lock();
705repeat:
706 page = NULL;
707 pagep = radix_tree_lookup_slot(&mapping->page_tree, offset);
708 if (pagep) {
709 page = radix_tree_deref_slot(pagep);
710 if (unlikely(!page))
711 goto out;
712 if (radix_tree_exception(page)) {
713 if (radix_tree_deref_retry(page))
714 goto repeat;
715 /*
716 * Otherwise, shmem/tmpfs must be storing a swap entry
717 * here as an exceptional entry: so return it without
718 * attempting to raise page count.
719 */
720 goto out;
721 }
722 if (!page_cache_get_speculative(page))
723 goto repeat;
724
725 /*
726 * Has the page moved?
727 * This is part of the lockless pagecache protocol. See
728 * include/linux/pagemap.h for details.
729 */
730 if (unlikely(page != *pagep)) {
731 page_cache_release(page);
732 goto repeat;
733 }
734 }
735out:
736 rcu_read_unlock();
737
738 return page;
739}
740EXPORT_SYMBOL(find_get_page);
741
742/**
743 * find_lock_page - locate, pin and lock a pagecache page
744 * @mapping: the address_space to search
745 * @offset: the page index
746 *
747 * Locates the desired pagecache page, locks it, increments its reference
748 * count and returns its address.
749 *
750 * Returns zero if the page was not present. find_lock_page() may sleep.
751 */
752struct page *find_lock_page(struct address_space *mapping, pgoff_t offset)
753{
754 struct page *page;
755
756repeat:
757 page = find_get_page(mapping, offset);
758 if (page && !radix_tree_exception(page)) {
759 lock_page(page);
760 /* Has the page been truncated? */
761 if (unlikely(page->mapping != mapping)) {
762 unlock_page(page);
763 page_cache_release(page);
764 goto repeat;
765 }
766 VM_BUG_ON(page->index != offset);
767 }
768 return page;
769}
770EXPORT_SYMBOL(find_lock_page);
771
772/**
773 * find_or_create_page - locate or add a pagecache page
774 * @mapping: the page's address_space
775 * @index: the page's index into the mapping
776 * @gfp_mask: page allocation mode
777 *
778 * Locates a page in the pagecache. If the page is not present, a new page
779 * is allocated using @gfp_mask and is added to the pagecache and to the VM's
780 * LRU list. The returned page is locked and has its reference count
781 * incremented.
782 *
783 * find_or_create_page() may sleep, even if @gfp_flags specifies an atomic
784 * allocation!
785 *
786 * find_or_create_page() returns the desired page's address, or zero on
787 * memory exhaustion.
788 */
789struct page *find_or_create_page(struct address_space *mapping,
790 pgoff_t index, gfp_t gfp_mask)
791{
792 struct page *page;
793 int err;
794repeat:
795 page = find_lock_page(mapping, index);
796 if (!page) {
797 page = __page_cache_alloc(gfp_mask);
798 if (!page)
799 return NULL;
800 /*
801 * We want a regular kernel memory (not highmem or DMA etc)
802 * allocation for the radix tree nodes, but we need to honour
803 * the context-specific requirements the caller has asked for.
804 * GFP_RECLAIM_MASK collects those requirements.
805 */
806 err = add_to_page_cache_lru(page, mapping, index,
807 (gfp_mask & GFP_RECLAIM_MASK));
808 if (unlikely(err)) {
809 page_cache_release(page);
810 page = NULL;
811 if (err == -EEXIST)
812 goto repeat;
813 }
814 }
815 return page;
816}
817EXPORT_SYMBOL(find_or_create_page);
818
819/**
820 * find_get_pages - gang pagecache lookup
821 * @mapping: The address_space to search
822 * @start: The starting page index
823 * @nr_pages: The maximum number of pages
824 * @pages: Where the resulting pages are placed
825 *
826 * find_get_pages() will search for and return a group of up to
827 * @nr_pages pages in the mapping. The pages are placed at @pages.
828 * find_get_pages() takes a reference against the returned pages.
829 *
830 * The search returns a group of mapping-contiguous pages with ascending
831 * indexes. There may be holes in the indices due to not-present pages.
832 *
833 * find_get_pages() returns the number of pages which were found.
834 */
835unsigned find_get_pages(struct address_space *mapping, pgoff_t start,
836 unsigned int nr_pages, struct page **pages)
837{
838 struct radix_tree_iter iter;
839 void **slot;
840 unsigned ret = 0;
841
842 if (unlikely(!nr_pages))
843 return 0;
844
845 rcu_read_lock();
846restart:
847 radix_tree_for_each_slot(slot, &mapping->page_tree, &iter, start) {
848 struct page *page;
849repeat:
850 page = radix_tree_deref_slot(slot);
851 if (unlikely(!page))
852 continue;
853
854 if (radix_tree_exception(page)) {
855 if (radix_tree_deref_retry(page)) {
856 /*
857 * Transient condition which can only trigger
858 * when entry at index 0 moves out of or back
859 * to root: none yet gotten, safe to restart.
860 */
861 WARN_ON(iter.index);
862 goto restart;
863 }
864 /*
865 * Otherwise, shmem/tmpfs must be storing a swap entry
866 * here as an exceptional entry: so skip over it -
867 * we only reach this from invalidate_mapping_pages().
868 */
869 continue;
870 }
871
872 if (!page_cache_get_speculative(page))
873 goto repeat;
874
875 /* Has the page moved? */
876 if (unlikely(page != *slot)) {
877 page_cache_release(page);
878 goto repeat;
879 }
880
881 pages[ret] = page;
882 if (++ret == nr_pages)
883 break;
884 }
885
886 rcu_read_unlock();
887 return ret;
888}
889
890/**
891 * find_get_pages_contig - gang contiguous pagecache lookup
892 * @mapping: The address_space to search
893 * @index: The starting page index
894 * @nr_pages: The maximum number of pages
895 * @pages: Where the resulting pages are placed
896 *
897 * find_get_pages_contig() works exactly like find_get_pages(), except
898 * that the returned number of pages are guaranteed to be contiguous.
899 *
900 * find_get_pages_contig() returns the number of pages which were found.
901 */
902unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index,
903 unsigned int nr_pages, struct page **pages)
904{
905 struct radix_tree_iter iter;
906 void **slot;
907 unsigned int ret = 0;
908
909 if (unlikely(!nr_pages))
910 return 0;
911
912 rcu_read_lock();
913restart:
914 radix_tree_for_each_contig(slot, &mapping->page_tree, &iter, index) {
915 struct page *page;
916repeat:
917 page = radix_tree_deref_slot(slot);
918 /* The hole, there no reason to continue */
919 if (unlikely(!page))
920 break;
921
922 if (radix_tree_exception(page)) {
923 if (radix_tree_deref_retry(page)) {
924 /*
925 * Transient condition which can only trigger
926 * when entry at index 0 moves out of or back
927 * to root: none yet gotten, safe to restart.
928 */
929 goto restart;
930 }
931 /*
932 * Otherwise, shmem/tmpfs must be storing a swap entry
933 * here as an exceptional entry: so stop looking for
934 * contiguous pages.
935 */
936 break;
937 }
938
939 if (!page_cache_get_speculative(page))
940 goto repeat;
941
942 /* Has the page moved? */
943 if (unlikely(page != *slot)) {
944 page_cache_release(page);
945 goto repeat;
946 }
947
948 /*
949 * must check mapping and index after taking the ref.
950 * otherwise we can get both false positives and false
951 * negatives, which is just confusing to the caller.
952 */
953 if (page->mapping == NULL || page->index != iter.index) {
954 page_cache_release(page);
955 break;
956 }
957
958 pages[ret] = page;
959 if (++ret == nr_pages)
960 break;
961 }
962 rcu_read_unlock();
963 return ret;
964}
965EXPORT_SYMBOL(find_get_pages_contig);
966
967/**
968 * find_get_pages_tag - find and return pages that match @tag
969 * @mapping: the address_space to search
970 * @index: the starting page index
971 * @tag: the tag index
972 * @nr_pages: the maximum number of pages
973 * @pages: where the resulting pages are placed
974 *
975 * Like find_get_pages, except we only return pages which are tagged with
976 * @tag. We update @index to index the next page for the traversal.
977 */
978unsigned find_get_pages_tag(struct address_space *mapping, pgoff_t *index,
979 int tag, unsigned int nr_pages, struct page **pages)
980{
981 struct radix_tree_iter iter;
982 void **slot;
983 unsigned ret = 0;
984
985 if (unlikely(!nr_pages))
986 return 0;
987
988 rcu_read_lock();
989restart:
990 radix_tree_for_each_tagged(slot, &mapping->page_tree,
991 &iter, *index, tag) {
992 struct page *page;
993repeat:
994 page = radix_tree_deref_slot(slot);
995 if (unlikely(!page))
996 continue;
997
998 if (radix_tree_exception(page)) {
999 if (radix_tree_deref_retry(page)) {
1000 /*
1001 * Transient condition which can only trigger
1002 * when entry at index 0 moves out of or back
1003 * to root: none yet gotten, safe to restart.
1004 */
1005 goto restart;
1006 }
1007 /*
1008 * This function is never used on a shmem/tmpfs
1009 * mapping, so a swap entry won't be found here.
1010 */
1011 BUG();
1012 }
1013
1014 if (!page_cache_get_speculative(page))
1015 goto repeat;
1016
1017 /* Has the page moved? */
1018 if (unlikely(page != *slot)) {
1019 page_cache_release(page);
1020 goto repeat;
1021 }
1022
1023 pages[ret] = page;
1024 if (++ret == nr_pages)
1025 break;
1026 }
1027
1028 rcu_read_unlock();
1029
1030 if (ret)
1031 *index = pages[ret - 1]->index + 1;
1032
1033 return ret;
1034}
1035EXPORT_SYMBOL(find_get_pages_tag);
1036
1037/**
1038 * grab_cache_page_nowait - returns locked page at given index in given cache
1039 * @mapping: target address_space
1040 * @index: the page index
1041 *
1042 * Same as grab_cache_page(), but do not wait if the page is unavailable.
1043 * This is intended for speculative data generators, where the data can
1044 * be regenerated if the page couldn't be grabbed. This routine should
1045 * be safe to call while holding the lock for another page.
1046 *
1047 * Clear __GFP_FS when allocating the page to avoid recursion into the fs
1048 * and deadlock against the caller's locked page.
1049 */
1050struct page *
1051grab_cache_page_nowait(struct address_space *mapping, pgoff_t index)
1052{
1053 struct page *page = find_get_page(mapping, index);
1054
1055 if (page) {
1056 if (trylock_page(page))
1057 return page;
1058 page_cache_release(page);
1059 return NULL;
1060 }
1061 page = __page_cache_alloc(mapping_gfp_mask(mapping) & ~__GFP_FS);
1062 if (page && add_to_page_cache_lru(page, mapping, index, GFP_NOFS)) {
1063 page_cache_release(page);
1064 page = NULL;
1065 }
1066 return page;
1067}
1068EXPORT_SYMBOL(grab_cache_page_nowait);
1069
1070/*
1071 * CD/DVDs are error prone. When a medium error occurs, the driver may fail
1072 * a _large_ part of the i/o request. Imagine the worst scenario:
1073 *
1074 * ---R__________________________________________B__________
1075 * ^ reading here ^ bad block(assume 4k)
1076 *
1077 * read(R) => miss => readahead(R...B) => media error => frustrating retries
1078 * => failing the whole request => read(R) => read(R+1) =>
1079 * readahead(R+1...B+1) => bang => read(R+2) => read(R+3) =>
1080 * readahead(R+3...B+2) => bang => read(R+3) => read(R+4) =>
1081 * readahead(R+4...B+3) => bang => read(R+4) => read(R+5) => ......
1082 *
1083 * It is going insane. Fix it by quickly scaling down the readahead size.
1084 */
1085static void shrink_readahead_size_eio(struct file *filp,
1086 struct file_ra_state *ra)
1087{
1088 ra->ra_pages /= 4;
1089}
1090
1091/**
1092 * do_generic_file_read - generic file read routine
1093 * @filp: the file to read
1094 * @ppos: current file position
1095 * @desc: read_descriptor
1096 * @actor: read method
1097 *
1098 * This is a generic file read routine, and uses the
1099 * mapping->a_ops->readpage() function for the actual low-level stuff.
1100 *
1101 * This is really ugly. But the goto's actually try to clarify some
1102 * of the logic when it comes to error handling etc.
1103 */
1104static void do_generic_file_read(struct file *filp, loff_t *ppos,
1105 read_descriptor_t *desc, read_actor_t actor)
1106{
1107 struct address_space *mapping = filp->f_mapping;
1108 struct inode *inode = mapping->host;
1109 struct file_ra_state *ra = &filp->f_ra;
1110 pgoff_t index;
1111 pgoff_t last_index;
1112 pgoff_t prev_index;
1113 unsigned long offset; /* offset into pagecache page */
1114 unsigned int prev_offset;
1115 int error;
1116
1117 index = *ppos >> PAGE_CACHE_SHIFT;
1118 prev_index = ra->prev_pos >> PAGE_CACHE_SHIFT;
1119 prev_offset = ra->prev_pos & (PAGE_CACHE_SIZE-1);
1120 last_index = (*ppos + desc->count + PAGE_CACHE_SIZE-1) >> PAGE_CACHE_SHIFT;
1121 offset = *ppos & ~PAGE_CACHE_MASK;
1122
1123 for (;;) {
1124 struct page *page;
1125 pgoff_t end_index;
1126 loff_t isize;
1127 unsigned long nr, ret;
1128
1129 cond_resched();
1130find_page:
1131 page = find_get_page(mapping, index);
1132 if (!page) {
1133 page_cache_sync_readahead(mapping,
1134 ra, filp,
1135 index, last_index - index);
1136 page = find_get_page(mapping, index);
1137 if (unlikely(page == NULL))
1138 goto no_cached_page;
1139 }
1140 if (PageReadahead(page)) {
1141 page_cache_async_readahead(mapping,
1142 ra, filp, page,
1143 index, last_index - index);
1144 }
1145 if (!PageUptodate(page)) {
1146 if (inode->i_blkbits == PAGE_CACHE_SHIFT ||
1147 !mapping->a_ops->is_partially_uptodate)
1148 goto page_not_up_to_date;
1149 if (!trylock_page(page))
1150 goto page_not_up_to_date;
1151 /* Did it get truncated before we got the lock? */
1152 if (!page->mapping)
1153 goto page_not_up_to_date_locked;
1154 if (!mapping->a_ops->is_partially_uptodate(page,
1155 desc, offset))
1156 goto page_not_up_to_date_locked;
1157 unlock_page(page);
1158 }
1159page_ok:
1160 /*
1161 * i_size must be checked after we know the page is Uptodate.
1162 *
1163 * Checking i_size after the check allows us to calculate
1164 * the correct value for "nr", which means the zero-filled
1165 * part of the page is not copied back to userspace (unless
1166 * another truncate extends the file - this is desired though).
1167 */
1168
1169 isize = i_size_read(inode);
1170 end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
1171 if (unlikely(!isize || index > end_index)) {
1172 page_cache_release(page);
1173 goto out;
1174 }
1175
1176 /* nr is the maximum number of bytes to copy from this page */
1177 nr = PAGE_CACHE_SIZE;
1178 if (index == end_index) {
1179 nr = ((isize - 1) & ~PAGE_CACHE_MASK) + 1;
1180 if (nr <= offset) {
1181 page_cache_release(page);
1182 goto out;
1183 }
1184 }
1185 nr = nr - offset;
1186
1187 /* If users can be writing to this page using arbitrary
1188 * virtual addresses, take care about potential aliasing
1189 * before reading the page on the kernel side.
1190 */
1191 if (mapping_writably_mapped(mapping))
1192 flush_dcache_page(page);
1193
1194 /*
1195 * When a sequential read accesses a page several times,
1196 * only mark it as accessed the first time.
1197 */
1198 if (prev_index != index || offset != prev_offset)
1199 mark_page_accessed(page);
1200 prev_index = index;
1201
1202 /*
1203 * Ok, we have the page, and it's up-to-date, so
1204 * now we can copy it to user space...
1205 *
1206 * The actor routine returns how many bytes were actually used..
1207 * NOTE! This may not be the same as how much of a user buffer
1208 * we filled up (we may be padding etc), so we can only update
1209 * "pos" here (the actor routine has to update the user buffer
1210 * pointers and the remaining count).
1211 */
1212 ret = actor(desc, page, offset, nr);
1213 offset += ret;
1214 index += offset >> PAGE_CACHE_SHIFT;
1215 offset &= ~PAGE_CACHE_MASK;
1216 prev_offset = offset;
1217
1218 page_cache_release(page);
1219 if (ret == nr && desc->count)
1220 continue;
1221 goto out;
1222
1223page_not_up_to_date:
1224 /* Get exclusive access to the page ... */
1225 error = lock_page_killable(page);
1226 if (unlikely(error))
1227 goto readpage_error;
1228
1229page_not_up_to_date_locked:
1230 /* Did it get truncated before we got the lock? */
1231 if (!page->mapping) {
1232 unlock_page(page);
1233 page_cache_release(page);
1234 continue;
1235 }
1236
1237 /* Did somebody else fill it already? */
1238 if (PageUptodate(page)) {
1239 unlock_page(page);
1240 goto page_ok;
1241 }
1242
1243readpage:
1244 /*
1245 * A previous I/O error may have been due to temporary
1246 * failures, eg. multipath errors.
1247 * PG_error will be set again if readpage fails.
1248 */
1249 ClearPageError(page);
1250 /* Start the actual read. The read will unlock the page. */
1251 error = mapping->a_ops->readpage(filp, page);
1252
1253 if (unlikely(error)) {
1254 if (error == AOP_TRUNCATED_PAGE) {
1255 page_cache_release(page);
1256 goto find_page;
1257 }
1258 goto readpage_error;
1259 }
1260
1261 if (!PageUptodate(page)) {
1262 error = lock_page_killable(page);
1263 if (unlikely(error))
1264 goto readpage_error;
1265 if (!PageUptodate(page)) {
1266 if (page->mapping == NULL) {
1267 /*
1268 * invalidate_mapping_pages got it
1269 */
1270 unlock_page(page);
1271 page_cache_release(page);
1272 goto find_page;
1273 }
1274 unlock_page(page);
1275 shrink_readahead_size_eio(filp, ra);
1276 error = -EIO;
1277 goto readpage_error;
1278 }
1279 unlock_page(page);
1280 }
1281
1282 goto page_ok;
1283
1284readpage_error:
1285 /* UHHUH! A synchronous read error occurred. Report it */
1286 desc->error = error;
1287 page_cache_release(page);
1288 goto out;
1289
1290no_cached_page:
1291 /*
1292 * Ok, it wasn't cached, so we need to create a new
1293 * page..
1294 */
1295 page = page_cache_alloc_cold(mapping);
1296 if (!page) {
1297 desc->error = -ENOMEM;
1298 goto out;
1299 }
1300 error = add_to_page_cache_lru(page, mapping,
1301 index, GFP_KERNEL);
1302 if (error) {
1303 page_cache_release(page);
1304 if (error == -EEXIST)
1305 goto find_page;
1306 desc->error = error;
1307 goto out;
1308 }
1309 goto readpage;
1310 }
1311
1312out:
1313 ra->prev_pos = prev_index;
1314 ra->prev_pos <<= PAGE_CACHE_SHIFT;
1315 ra->prev_pos |= prev_offset;
1316
1317 *ppos = ((loff_t)index << PAGE_CACHE_SHIFT) + offset;
1318 file_accessed(filp);
1319}
1320
1321int file_read_actor(read_descriptor_t *desc, struct page *page,
1322 unsigned long offset, unsigned long size)
1323{
1324 char *kaddr;
1325 unsigned long left, count = desc->count;
1326
1327 if (size > count)
1328 size = count;
1329
1330 /*
1331 * Faults on the destination of a read are common, so do it before
1332 * taking the kmap.
1333 */
1334 if (!fault_in_pages_writeable(desc->arg.buf, size)) {
1335 kaddr = kmap_atomic(page);
1336 left = __copy_to_user_inatomic(desc->arg.buf,
1337 kaddr + offset, size);
1338 kunmap_atomic(kaddr);
1339 if (left == 0)
1340 goto success;
1341 }
1342
1343 /* Do it the slow way */
1344 kaddr = kmap(page);
1345 left = __copy_to_user(desc->arg.buf, kaddr + offset, size);
1346 kunmap(page);
1347
1348 if (left) {
1349 size -= left;
1350 desc->error = -EFAULT;
1351 }
1352success:
1353 desc->count = count - size;
1354 desc->written += size;
1355 desc->arg.buf += size;
1356 return size;
1357}
1358
1359/*
1360 * Performs necessary checks before doing a write
1361 * @iov: io vector request
1362 * @nr_segs: number of segments in the iovec
1363 * @count: number of bytes to write
1364 * @access_flags: type of access: %VERIFY_READ or %VERIFY_WRITE
1365 *
1366 * Adjust number of segments and amount of bytes to write (nr_segs should be
1367 * properly initialized first). Returns appropriate error code that caller
1368 * should return or zero in case that write should be allowed.
1369 */
1370int generic_segment_checks(const struct iovec *iov,
1371 unsigned long *nr_segs, size_t *count, int access_flags)
1372{
1373 unsigned long seg;
1374 size_t cnt = 0;
1375 for (seg = 0; seg < *nr_segs; seg++) {
1376 const struct iovec *iv = &iov[seg];
1377
1378 /*
1379 * If any segment has a negative length, or the cumulative
1380 * length ever wraps negative then return -EINVAL.
1381 */
1382 cnt += iv->iov_len;
1383 if (unlikely((ssize_t)(cnt|iv->iov_len) < 0))
1384 return -EINVAL;
1385 if (access_ok(access_flags, iv->iov_base, iv->iov_len))
1386 continue;
1387 if (seg == 0)
1388 return -EFAULT;
1389 *nr_segs = seg;
1390 cnt -= iv->iov_len; /* This segment is no good */
1391 break;
1392 }
1393 *count = cnt;
1394 return 0;
1395}
1396EXPORT_SYMBOL(generic_segment_checks);
1397
1398/**
1399 * generic_file_aio_read - generic filesystem read routine
1400 * @iocb: kernel I/O control block
1401 * @iov: io vector request
1402 * @nr_segs: number of segments in the iovec
1403 * @pos: current file position
1404 *
1405 * This is the "read()" routine for all filesystems
1406 * that can use the page cache directly.
1407 */
1408ssize_t
1409generic_file_aio_read(struct kiocb *iocb, const struct iovec *iov,
1410 unsigned long nr_segs, loff_t pos)
1411{
1412 struct file *filp = iocb->ki_filp;
1413 ssize_t retval;
1414 unsigned long seg = 0;
1415 size_t count;
1416 loff_t *ppos = &iocb->ki_pos;
1417
1418 count = 0;
1419 retval = generic_segment_checks(iov, &nr_segs, &count, VERIFY_WRITE);
1420 if (retval)
1421 return retval;
1422
1423 /* coalesce the iovecs and go direct-to-BIO for O_DIRECT */
1424 if (filp->f_flags & O_DIRECT) {
1425 loff_t size;
1426 struct address_space *mapping;
1427 struct inode *inode;
1428
1429 mapping = filp->f_mapping;
1430 inode = mapping->host;
1431 if (!count)
1432 goto out; /* skip atime */
1433 size = i_size_read(inode);
1434 if (pos < size) {
1435 retval = filemap_write_and_wait_range(mapping, pos,
1436 pos + iov_length(iov, nr_segs) - 1);
1437 if (!retval) {
1438 struct blk_plug plug;
1439
1440 blk_start_plug(&plug);
1441 retval = mapping->a_ops->direct_IO(READ, iocb,
1442 iov, pos, nr_segs);
1443 blk_finish_plug(&plug);
1444 }
1445 if (retval > 0) {
1446 *ppos = pos + retval;
1447 count -= retval;
1448 }
1449
1450 /*
1451 * Btrfs can have a short DIO read if we encounter
1452 * compressed extents, so if there was an error, or if
1453 * we've already read everything we wanted to, or if
1454 * there was a short read because we hit EOF, go ahead
1455 * and return. Otherwise fallthrough to buffered io for
1456 * the rest of the read.
1457 */
1458 if (retval < 0 || !count || *ppos >= size) {
1459 file_accessed(filp);
1460 goto out;
1461 }
1462 }
1463 }
1464
1465 count = retval;
1466 for (seg = 0; seg < nr_segs; seg++) {
1467 read_descriptor_t desc;
1468 loff_t offset = 0;
1469
1470 /*
1471 * If we did a short DIO read we need to skip the section of the
1472 * iov that we've already read data into.
1473 */
1474 if (count) {
1475 if (count > iov[seg].iov_len) {
1476 count -= iov[seg].iov_len;
1477 continue;
1478 }
1479 offset = count;
1480 count = 0;
1481 }
1482
1483 desc.written = 0;
1484 desc.arg.buf = iov[seg].iov_base + offset;
1485 desc.count = iov[seg].iov_len - offset;
1486 if (desc.count == 0)
1487 continue;
1488 desc.error = 0;
1489 do_generic_file_read(filp, ppos, &desc, file_read_actor);
1490 retval += desc.written;
1491 if (desc.error) {
1492 retval = retval ?: desc.error;
1493 break;
1494 }
1495 if (desc.count > 0)
1496 break;
1497 }
1498out:
1499 return retval;
1500}
1501EXPORT_SYMBOL(generic_file_aio_read);
1502
1503static ssize_t
1504do_readahead(struct address_space *mapping, struct file *filp,
1505 pgoff_t index, unsigned long nr)
1506{
1507 if (!mapping || !mapping->a_ops || !mapping->a_ops->readpage)
1508 return -EINVAL;
1509
1510 force_page_cache_readahead(mapping, filp, index, nr);
1511 return 0;
1512}
1513
1514SYSCALL_DEFINE(readahead)(int fd, loff_t offset, size_t count)
1515{
1516 ssize_t ret;
1517 struct file *file;
1518
1519 ret = -EBADF;
1520 file = fget(fd);
1521 if (file) {
1522 if (file->f_mode & FMODE_READ) {
1523 struct address_space *mapping = file->f_mapping;
1524 pgoff_t start = offset >> PAGE_CACHE_SHIFT;
1525 pgoff_t end = (offset + count - 1) >> PAGE_CACHE_SHIFT;
1526 unsigned long len = end - start + 1;
1527 ret = do_readahead(mapping, file, start, len);
1528 }
1529 fput(file);
1530 }
1531 return ret;
1532}
1533#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
1534asmlinkage long SyS_readahead(long fd, loff_t offset, long count)
1535{
1536 return SYSC_readahead((int) fd, offset, (size_t) count);
1537}
1538SYSCALL_ALIAS(sys_readahead, SyS_readahead);
1539#endif
1540
1541#ifdef CONFIG_MMU
1542/**
1543 * page_cache_read - adds requested page to the page cache if not already there
1544 * @file: file to read
1545 * @offset: page index
1546 *
1547 * This adds the requested page to the page cache if it isn't already there,
1548 * and schedules an I/O to read in its contents from disk.
1549 */
1550static int page_cache_read(struct file *file, pgoff_t offset)
1551{
1552 struct address_space *mapping = file->f_mapping;
1553 struct page *page;
1554 int ret;
1555
1556 do {
1557 page = page_cache_alloc_cold(mapping);
1558 if (!page)
1559 return -ENOMEM;
1560
1561 ret = add_to_page_cache_lru(page, mapping, offset, GFP_KERNEL);
1562 if (ret == 0)
1563 ret = mapping->a_ops->readpage(file, page);
1564 else if (ret == -EEXIST)
1565 ret = 0; /* losing race to add is OK */
1566
1567 page_cache_release(page);
1568
1569 } while (ret == AOP_TRUNCATED_PAGE);
1570
1571 return ret;
1572}
1573
1574#define MMAP_LOTSAMISS (100)
1575
1576/*
1577 * Synchronous readahead happens when we don't even find
1578 * a page in the page cache at all.
1579 */
1580static void do_sync_mmap_readahead(struct vm_area_struct *vma,
1581 struct file_ra_state *ra,
1582 struct file *file,
1583 pgoff_t offset)
1584{
1585 unsigned long ra_pages;
1586 struct address_space *mapping = file->f_mapping;
1587
1588 /* If we don't want any read-ahead, don't bother */
1589 if (VM_RandomReadHint(vma))
1590 return;
1591 if (!ra->ra_pages)
1592 return;
1593
1594 if (VM_SequentialReadHint(vma)) {
1595 page_cache_sync_readahead(mapping, ra, file, offset,
1596 ra->ra_pages);
1597 return;
1598 }
1599
1600 /* Avoid banging the cache line if not needed */
1601 if (ra->mmap_miss < MMAP_LOTSAMISS * 10)
1602 ra->mmap_miss++;
1603
1604 /*
1605 * Do we miss much more than hit in this file? If so,
1606 * stop bothering with read-ahead. It will only hurt.
1607 */
1608 if (ra->mmap_miss > MMAP_LOTSAMISS)
1609 return;
1610
1611 /*
1612 * mmap read-around
1613 */
1614 ra_pages = max_sane_readahead(ra->ra_pages);
1615 ra->start = max_t(long, 0, offset - ra_pages / 2);
1616 ra->size = ra_pages;
1617 ra->async_size = ra_pages / 4;
1618 ra_submit(ra, mapping, file);
1619}
1620
1621/*
1622 * Asynchronous readahead happens when we find the page and PG_readahead,
1623 * so we want to possibly extend the readahead further..
1624 */
1625static void do_async_mmap_readahead(struct vm_area_struct *vma,
1626 struct file_ra_state *ra,
1627 struct file *file,
1628 struct page *page,
1629 pgoff_t offset)
1630{
1631 struct address_space *mapping = file->f_mapping;
1632
1633 /* If we don't want any read-ahead, don't bother */
1634 if (VM_RandomReadHint(vma))
1635 return;
1636 if (ra->mmap_miss > 0)
1637 ra->mmap_miss--;
1638 if (PageReadahead(page))
1639 page_cache_async_readahead(mapping, ra, file,
1640 page, offset, ra->ra_pages);
1641}
1642
1643/**
1644 * filemap_fault - read in file data for page fault handling
1645 * @vma: vma in which the fault was taken
1646 * @vmf: struct vm_fault containing details of the fault
1647 *
1648 * filemap_fault() is invoked via the vma operations vector for a
1649 * mapped memory region to read in file data during a page fault.
1650 *
1651 * The goto's are kind of ugly, but this streamlines the normal case of having
1652 * it in the page cache, and handles the special cases reasonably without
1653 * having a lot of duplicated code.
1654 */
1655int filemap_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
1656{
1657 int error;
1658 struct file *file = vma->vm_file;
1659 struct address_space *mapping = file->f_mapping;
1660 struct file_ra_state *ra = &file->f_ra;
1661 struct inode *inode = mapping->host;
1662 pgoff_t offset = vmf->pgoff;
1663 struct page *page;
1664 pgoff_t size;
1665 int ret = 0;
1666
1667 size = (i_size_read(inode) + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
1668 if (offset >= size)
1669 return VM_FAULT_SIGBUS;
1670
1671 /*
1672 * Do we have something in the page cache already?
1673 */
1674 page = find_get_page(mapping, offset);
1675 if (likely(page)) {
1676 /*
1677 * We found the page, so try async readahead before
1678 * waiting for the lock.
1679 */
1680 do_async_mmap_readahead(vma, ra, file, page, offset);
1681 } else {
1682 /* No page in the page cache at all */
1683 do_sync_mmap_readahead(vma, ra, file, offset);
1684 count_vm_event(PGMAJFAULT);
1685 mem_cgroup_count_vm_event(vma->vm_mm, PGMAJFAULT);
1686 ret = VM_FAULT_MAJOR;
1687retry_find:
1688 page = find_get_page(mapping, offset);
1689 if (!page)
1690 goto no_cached_page;
1691 }
1692
1693 if (!lock_page_or_retry(page, vma->vm_mm, vmf->flags)) {
1694 page_cache_release(page);
1695 return ret | VM_FAULT_RETRY;
1696 }
1697
1698 /* Did it get truncated? */
1699 if (unlikely(page->mapping != mapping)) {
1700 unlock_page(page);
1701 put_page(page);
1702 goto retry_find;
1703 }
1704 VM_BUG_ON(page->index != offset);
1705
1706 /*
1707 * We have a locked page in the page cache, now we need to check
1708 * that it's up-to-date. If not, it is going to be due to an error.
1709 */
1710 if (unlikely(!PageUptodate(page)))
1711 goto page_not_uptodate;
1712
1713 /*
1714 * Found the page and have a reference on it.
1715 * We must recheck i_size under page lock.
1716 */
1717 size = (i_size_read(inode) + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
1718 if (unlikely(offset >= size)) {
1719 unlock_page(page);
1720 page_cache_release(page);
1721 return VM_FAULT_SIGBUS;
1722 }
1723
1724 vmf->page = page;
1725 return ret | VM_FAULT_LOCKED;
1726
1727no_cached_page:
1728 /*
1729 * We're only likely to ever get here if MADV_RANDOM is in
1730 * effect.
1731 */
1732 error = page_cache_read(file, offset);
1733
1734 /*
1735 * The page we want has now been added to the page cache.
1736 * In the unlikely event that someone removed it in the
1737 * meantime, we'll just come back here and read it again.
1738 */
1739 if (error >= 0)
1740 goto retry_find;
1741
1742 /*
1743 * An error return from page_cache_read can result if the
1744 * system is low on memory, or a problem occurs while trying
1745 * to schedule I/O.
1746 */
1747 if (error == -ENOMEM)
1748 return VM_FAULT_OOM;
1749 return VM_FAULT_SIGBUS;
1750
1751page_not_uptodate:
1752 /*
1753 * Umm, take care of errors if the page isn't up-to-date.
1754 * Try to re-read it _once_. We do this synchronously,
1755 * because there really aren't any performance issues here
1756 * and we need to check for errors.
1757 */
1758 ClearPageError(page);
1759 error = mapping->a_ops->readpage(file, page);
1760 if (!error) {
1761 wait_on_page_locked(page);
1762 if (!PageUptodate(page))
1763 error = -EIO;
1764 }
1765 page_cache_release(page);
1766
1767 if (!error || error == AOP_TRUNCATED_PAGE)
1768 goto retry_find;
1769
1770 /* Things didn't work out. Return zero to tell the mm layer so. */
1771 shrink_readahead_size_eio(file, ra);
1772 return VM_FAULT_SIGBUS;
1773}
1774EXPORT_SYMBOL(filemap_fault);
1775
1776const struct vm_operations_struct generic_file_vm_ops = {
1777 .fault = filemap_fault,
1778};
1779
1780/* This is used for a general mmap of a disk file */
1781
1782int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
1783{
1784 struct address_space *mapping = file->f_mapping;
1785
1786 if (!mapping->a_ops->readpage)
1787 return -ENOEXEC;
1788 file_accessed(file);
1789 vma->vm_ops = &generic_file_vm_ops;
1790 vma->vm_flags |= VM_CAN_NONLINEAR;
1791 return 0;
1792}
1793
1794/*
1795 * This is for filesystems which do not implement ->writepage.
1796 */
1797int generic_file_readonly_mmap(struct file *file, struct vm_area_struct *vma)
1798{
1799 if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_MAYWRITE))
1800 return -EINVAL;
1801 return generic_file_mmap(file, vma);
1802}
1803#else
1804int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
1805{
1806 return -ENOSYS;
1807}
1808int generic_file_readonly_mmap(struct file * file, struct vm_area_struct * vma)
1809{
1810 return -ENOSYS;
1811}
1812#endif /* CONFIG_MMU */
1813
1814EXPORT_SYMBOL(generic_file_mmap);
1815EXPORT_SYMBOL(generic_file_readonly_mmap);
1816
1817static struct page *__read_cache_page(struct address_space *mapping,
1818 pgoff_t index,
1819 int (*filler)(void *, struct page *),
1820 void *data,
1821 gfp_t gfp)
1822{
1823 struct page *page;
1824 int err;
1825repeat:
1826 page = find_get_page(mapping, index);
1827 if (!page) {
1828 page = __page_cache_alloc(gfp | __GFP_COLD);
1829 if (!page)
1830 return ERR_PTR(-ENOMEM);
1831 err = add_to_page_cache_lru(page, mapping, index, gfp);
1832 if (unlikely(err)) {
1833 page_cache_release(page);
1834 if (err == -EEXIST)
1835 goto repeat;
1836 /* Presumably ENOMEM for radix tree node */
1837 return ERR_PTR(err);
1838 }
1839 err = filler(data, page);
1840 if (err < 0) {
1841 page_cache_release(page);
1842 page = ERR_PTR(err);
1843 }
1844 }
1845 return page;
1846}
1847
1848static struct page *do_read_cache_page(struct address_space *mapping,
1849 pgoff_t index,
1850 int (*filler)(void *, struct page *),
1851 void *data,
1852 gfp_t gfp)
1853
1854{
1855 struct page *page;
1856 int err;
1857
1858retry:
1859 page = __read_cache_page(mapping, index, filler, data, gfp);
1860 if (IS_ERR(page))
1861 return page;
1862 if (PageUptodate(page))
1863 goto out;
1864
1865 lock_page(page);
1866 if (!page->mapping) {
1867 unlock_page(page);
1868 page_cache_release(page);
1869 goto retry;
1870 }
1871 if (PageUptodate(page)) {
1872 unlock_page(page);
1873 goto out;
1874 }
1875 err = filler(data, page);
1876 if (err < 0) {
1877 page_cache_release(page);
1878 return ERR_PTR(err);
1879 }
1880out:
1881 mark_page_accessed(page);
1882 return page;
1883}
1884
1885/**
1886 * read_cache_page_async - read into page cache, fill it if needed
1887 * @mapping: the page's address_space
1888 * @index: the page index
1889 * @filler: function to perform the read
1890 * @data: first arg to filler(data, page) function, often left as NULL
1891 *
1892 * Same as read_cache_page, but don't wait for page to become unlocked
1893 * after submitting it to the filler.
1894 *
1895 * Read into the page cache. If a page already exists, and PageUptodate() is
1896 * not set, try to fill the page but don't wait for it to become unlocked.
1897 *
1898 * If the page does not get brought uptodate, return -EIO.
1899 */
1900struct page *read_cache_page_async(struct address_space *mapping,
1901 pgoff_t index,
1902 int (*filler)(void *, struct page *),
1903 void *data)
1904{
1905 return do_read_cache_page(mapping, index, filler, data, mapping_gfp_mask(mapping));
1906}
1907EXPORT_SYMBOL(read_cache_page_async);
1908
1909static struct page *wait_on_page_read(struct page *page)
1910{
1911 if (!IS_ERR(page)) {
1912 wait_on_page_locked(page);
1913 if (!PageUptodate(page)) {
1914 page_cache_release(page);
1915 page = ERR_PTR(-EIO);
1916 }
1917 }
1918 return page;
1919}
1920
1921/**
1922 * read_cache_page_gfp - read into page cache, using specified page allocation flags.
1923 * @mapping: the page's address_space
1924 * @index: the page index
1925 * @gfp: the page allocator flags to use if allocating
1926 *
1927 * This is the same as "read_mapping_page(mapping, index, NULL)", but with
1928 * any new page allocations done using the specified allocation flags.
1929 *
1930 * If the page does not get brought uptodate, return -EIO.
1931 */
1932struct page *read_cache_page_gfp(struct address_space *mapping,
1933 pgoff_t index,
1934 gfp_t gfp)
1935{
1936 filler_t *filler = (filler_t *)mapping->a_ops->readpage;
1937
1938 return wait_on_page_read(do_read_cache_page(mapping, index, filler, NULL, gfp));
1939}
1940EXPORT_SYMBOL(read_cache_page_gfp);
1941
1942/**
1943 * read_cache_page - read into page cache, fill it if needed
1944 * @mapping: the page's address_space
1945 * @index: the page index
1946 * @filler: function to perform the read
1947 * @data: first arg to filler(data, page) function, often left as NULL
1948 *
1949 * Read into the page cache. If a page already exists, and PageUptodate() is
1950 * not set, try to fill the page then wait for it to become unlocked.
1951 *
1952 * If the page does not get brought uptodate, return -EIO.
1953 */
1954struct page *read_cache_page(struct address_space *mapping,
1955 pgoff_t index,
1956 int (*filler)(void *, struct page *),
1957 void *data)
1958{
1959 return wait_on_page_read(read_cache_page_async(mapping, index, filler, data));
1960}
1961EXPORT_SYMBOL(read_cache_page);
1962
1963/*
1964 * The logic we want is
1965 *
1966 * if suid or (sgid and xgrp)
1967 * remove privs
1968 */
1969int should_remove_suid(struct dentry *dentry)
1970{
1971 umode_t mode = dentry->d_inode->i_mode;
1972 int kill = 0;
1973
1974 /* suid always must be killed */
1975 if (unlikely(mode & S_ISUID))
1976 kill = ATTR_KILL_SUID;
1977
1978 /*
1979 * sgid without any exec bits is just a mandatory locking mark; leave
1980 * it alone. If some exec bits are set, it's a real sgid; kill it.
1981 */
1982 if (unlikely((mode & S_ISGID) && (mode & S_IXGRP)))
1983 kill |= ATTR_KILL_SGID;
1984
1985 if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode)))
1986 return kill;
1987
1988 return 0;
1989}
1990EXPORT_SYMBOL(should_remove_suid);
1991
1992static int __remove_suid(struct dentry *dentry, int kill)
1993{
1994 struct iattr newattrs;
1995
1996 newattrs.ia_valid = ATTR_FORCE | kill;
1997 return notify_change(dentry, &newattrs);
1998}
1999
2000int file_remove_suid(struct file *file)
2001{
2002 struct dentry *dentry = file->f_path.dentry;
2003 struct inode *inode = dentry->d_inode;
2004 int killsuid;
2005 int killpriv;
2006 int error = 0;
2007
2008 /* Fast path for nothing security related */
2009 if (IS_NOSEC(inode))
2010 return 0;
2011
2012 killsuid = should_remove_suid(dentry);
2013 killpriv = security_inode_need_killpriv(dentry);
2014
2015 if (killpriv < 0)
2016 return killpriv;
2017 if (killpriv)
2018 error = security_inode_killpriv(dentry);
2019 if (!error && killsuid)
2020 error = __remove_suid(dentry, killsuid);
2021 if (!error && (inode->i_sb->s_flags & MS_NOSEC))
2022 inode->i_flags |= S_NOSEC;
2023
2024 return error;
2025}
2026EXPORT_SYMBOL(file_remove_suid);
2027
2028static size_t __iovec_copy_from_user_inatomic(char *vaddr,
2029 const struct iovec *iov, size_t base, size_t bytes)
2030{
2031 size_t copied = 0, left = 0;
2032
2033 while (bytes) {
2034 char __user *buf = iov->iov_base + base;
2035 int copy = min(bytes, iov->iov_len - base);
2036
2037 base = 0;
2038 left = __copy_from_user_inatomic(vaddr, buf, copy);
2039 copied += copy;
2040 bytes -= copy;
2041 vaddr += copy;
2042 iov++;
2043
2044 if (unlikely(left))
2045 break;
2046 }
2047 return copied - left;
2048}
2049
2050/*
2051 * Copy as much as we can into the page and return the number of bytes which
2052 * were successfully copied. If a fault is encountered then return the number of
2053 * bytes which were copied.
2054 */
2055size_t iov_iter_copy_from_user_atomic(struct page *page,
2056 struct iov_iter *i, unsigned long offset, size_t bytes)
2057{
2058 char *kaddr;
2059 size_t copied;
2060
2061 BUG_ON(!pagefault_disabled());
2062 kaddr = kmap_atomic(page);
2063 if (likely(i->nr_segs == 1)) {
2064 int left;
2065 char __user *buf = i->iov->iov_base + i->iov_offset;
2066 left = __copy_from_user_inatomic(kaddr + offset, buf, bytes);
2067 copied = bytes - left;
2068 } else {
2069 copied = __iovec_copy_from_user_inatomic(kaddr + offset,
2070 i->iov, i->iov_offset, bytes);
2071 }
2072 kunmap_atomic(kaddr);
2073
2074 return copied;
2075}
2076EXPORT_SYMBOL(iov_iter_copy_from_user_atomic);
2077
2078/*
2079 * This has the same sideeffects and return value as
2080 * iov_iter_copy_from_user_atomic().
2081 * The difference is that it attempts to resolve faults.
2082 * Page must not be locked.
2083 */
2084size_t iov_iter_copy_from_user(struct page *page,
2085 struct iov_iter *i, unsigned long offset, size_t bytes)
2086{
2087 char *kaddr;
2088 size_t copied;
2089
2090 kaddr = kmap(page);
2091 if (likely(i->nr_segs == 1)) {
2092 int left;
2093 char __user *buf = i->iov->iov_base + i->iov_offset;
2094 left = __copy_from_user(kaddr + offset, buf, bytes);
2095 copied = bytes - left;
2096 } else {
2097 copied = __iovec_copy_from_user_inatomic(kaddr + offset,
2098 i->iov, i->iov_offset, bytes);
2099 }
2100 kunmap(page);
2101 return copied;
2102}
2103EXPORT_SYMBOL(iov_iter_copy_from_user);
2104
2105void iov_iter_advance(struct iov_iter *i, size_t bytes)
2106{
2107 BUG_ON(i->count < bytes);
2108
2109 if (likely(i->nr_segs == 1)) {
2110 i->iov_offset += bytes;
2111 i->count -= bytes;
2112 } else {
2113 const struct iovec *iov = i->iov;
2114 size_t base = i->iov_offset;
2115 unsigned long nr_segs = i->nr_segs;
2116
2117 /*
2118 * The !iov->iov_len check ensures we skip over unlikely
2119 * zero-length segments (without overruning the iovec).
2120 */
2121 while (bytes || unlikely(i->count && !iov->iov_len)) {
2122 int copy;
2123
2124 copy = min(bytes, iov->iov_len - base);
2125 BUG_ON(!i->count || i->count < copy);
2126 i->count -= copy;
2127 bytes -= copy;
2128 base += copy;
2129 if (iov->iov_len == base) {
2130 iov++;
2131 nr_segs--;
2132 base = 0;
2133 }
2134 }
2135 i->iov = iov;
2136 i->iov_offset = base;
2137 i->nr_segs = nr_segs;
2138 }
2139}
2140EXPORT_SYMBOL(iov_iter_advance);
2141
2142/*
2143 * Fault in the first iovec of the given iov_iter, to a maximum length
2144 * of bytes. Returns 0 on success, or non-zero if the memory could not be
2145 * accessed (ie. because it is an invalid address).
2146 *
2147 * writev-intensive code may want this to prefault several iovecs -- that
2148 * would be possible (callers must not rely on the fact that _only_ the
2149 * first iovec will be faulted with the current implementation).
2150 */
2151int iov_iter_fault_in_readable(struct iov_iter *i, size_t bytes)
2152{
2153 char __user *buf = i->iov->iov_base + i->iov_offset;
2154 bytes = min(bytes, i->iov->iov_len - i->iov_offset);
2155 return fault_in_pages_readable(buf, bytes);
2156}
2157EXPORT_SYMBOL(iov_iter_fault_in_readable);
2158
2159/*
2160 * Return the count of just the current iov_iter segment.
2161 */
2162size_t iov_iter_single_seg_count(struct iov_iter *i)
2163{
2164 const struct iovec *iov = i->iov;
2165 if (i->nr_segs == 1)
2166 return i->count;
2167 else
2168 return min(i->count, iov->iov_len - i->iov_offset);
2169}
2170EXPORT_SYMBOL(iov_iter_single_seg_count);
2171
2172/*
2173 * Performs necessary checks before doing a write
2174 *
2175 * Can adjust writing position or amount of bytes to write.
2176 * Returns appropriate error code that caller should return or
2177 * zero in case that write should be allowed.
2178 */
2179inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, int isblk)
2180{
2181 struct inode *inode = file->f_mapping->host;
2182 unsigned long limit = rlimit(RLIMIT_FSIZE);
2183
2184 if (unlikely(*pos < 0))
2185 return -EINVAL;
2186
2187 if (!isblk) {
2188 /* FIXME: this is for backwards compatibility with 2.4 */
2189 if (file->f_flags & O_APPEND)
2190 *pos = i_size_read(inode);
2191
2192 if (limit != RLIM_INFINITY) {
2193 if (*pos >= limit) {
2194 send_sig(SIGXFSZ, current, 0);
2195 return -EFBIG;
2196 }
2197 if (*count > limit - (typeof(limit))*pos) {
2198 *count = limit - (typeof(limit))*pos;
2199 }
2200 }
2201 }
2202
2203 /*
2204 * LFS rule
2205 */
2206 if (unlikely(*pos + *count > MAX_NON_LFS &&
2207 !(file->f_flags & O_LARGEFILE))) {
2208 if (*pos >= MAX_NON_LFS) {
2209 return -EFBIG;
2210 }
2211 if (*count > MAX_NON_LFS - (unsigned long)*pos) {
2212 *count = MAX_NON_LFS - (unsigned long)*pos;
2213 }
2214 }
2215
2216 /*
2217 * Are we about to exceed the fs block limit ?
2218 *
2219 * If we have written data it becomes a short write. If we have
2220 * exceeded without writing data we send a signal and return EFBIG.
2221 * Linus frestrict idea will clean these up nicely..
2222 */
2223 if (likely(!isblk)) {
2224 if (unlikely(*pos >= inode->i_sb->s_maxbytes)) {
2225 if (*count || *pos > inode->i_sb->s_maxbytes) {
2226 return -EFBIG;
2227 }
2228 /* zero-length writes at ->s_maxbytes are OK */
2229 }
2230
2231 if (unlikely(*pos + *count > inode->i_sb->s_maxbytes))
2232 *count = inode->i_sb->s_maxbytes - *pos;
2233 } else {
2234#ifdef CONFIG_BLOCK
2235 loff_t isize;
2236 if (bdev_read_only(I_BDEV(inode)))
2237 return -EPERM;
2238 isize = i_size_read(inode);
2239 if (*pos >= isize) {
2240 if (*count || *pos > isize)
2241 return -ENOSPC;
2242 }
2243
2244 if (*pos + *count > isize)
2245 *count = isize - *pos;
2246#else
2247 return -EPERM;
2248#endif
2249 }
2250 return 0;
2251}
2252EXPORT_SYMBOL(generic_write_checks);
2253
2254int pagecache_write_begin(struct file *file, struct address_space *mapping,
2255 loff_t pos, unsigned len, unsigned flags,
2256 struct page **pagep, void **fsdata)
2257{
2258 const struct address_space_operations *aops = mapping->a_ops;
2259
2260 return aops->write_begin(file, mapping, pos, len, flags,
2261 pagep, fsdata);
2262}
2263EXPORT_SYMBOL(pagecache_write_begin);
2264
2265int pagecache_write_end(struct file *file, struct address_space *mapping,
2266 loff_t pos, unsigned len, unsigned copied,
2267 struct page *page, void *fsdata)
2268{
2269 const struct address_space_operations *aops = mapping->a_ops;
2270
2271 mark_page_accessed(page);
2272 return aops->write_end(file, mapping, pos, len, copied, page, fsdata);
2273}
2274EXPORT_SYMBOL(pagecache_write_end);
2275
2276ssize_t
2277generic_file_direct_write(struct kiocb *iocb, const struct iovec *iov,
2278 unsigned long *nr_segs, loff_t pos, loff_t *ppos,
2279 size_t count, size_t ocount)
2280{
2281 struct file *file = iocb->ki_filp;
2282 struct address_space *mapping = file->f_mapping;
2283 struct inode *inode = mapping->host;
2284 ssize_t written;
2285 size_t write_len;
2286 pgoff_t end;
2287
2288 if (count != ocount)
2289 *nr_segs = iov_shorten((struct iovec *)iov, *nr_segs, count);
2290
2291 write_len = iov_length(iov, *nr_segs);
2292 end = (pos + write_len - 1) >> PAGE_CACHE_SHIFT;
2293
2294 written = filemap_write_and_wait_range(mapping, pos, pos + write_len - 1);
2295 if (written)
2296 goto out;
2297
2298 /*
2299 * After a write we want buffered reads to be sure to go to disk to get
2300 * the new data. We invalidate clean cached page from the region we're
2301 * about to write. We do this *before* the write so that we can return
2302 * without clobbering -EIOCBQUEUED from ->direct_IO().
2303 */
2304 if (mapping->nrpages) {
2305 written = invalidate_inode_pages2_range(mapping,
2306 pos >> PAGE_CACHE_SHIFT, end);
2307 /*
2308 * If a page can not be invalidated, return 0 to fall back
2309 * to buffered write.
2310 */
2311 if (written) {
2312 if (written == -EBUSY)
2313 return 0;
2314 goto out;
2315 }
2316 }
2317
2318 written = mapping->a_ops->direct_IO(WRITE, iocb, iov, pos, *nr_segs);
2319
2320 /*
2321 * Finally, try again to invalidate clean pages which might have been
2322 * cached by non-direct readahead, or faulted in by get_user_pages()
2323 * if the source of the write was an mmap'ed region of the file
2324 * we're writing. Either one is a pretty crazy thing to do,
2325 * so we don't support it 100%. If this invalidation
2326 * fails, tough, the write still worked...
2327 */
2328 if (mapping->nrpages) {
2329 invalidate_inode_pages2_range(mapping,
2330 pos >> PAGE_CACHE_SHIFT, end);
2331 }
2332
2333 if (written > 0) {
2334 pos += written;
2335 if (pos > i_size_read(inode) && !S_ISBLK(inode->i_mode)) {
2336 i_size_write(inode, pos);
2337 mark_inode_dirty(inode);
2338 }
2339 *ppos = pos;
2340 }
2341out:
2342 return written;
2343}
2344EXPORT_SYMBOL(generic_file_direct_write);
2345
2346/*
2347 * Find or create a page at the given pagecache position. Return the locked
2348 * page. This function is specifically for buffered writes.
2349 */
2350struct page *grab_cache_page_write_begin(struct address_space *mapping,
2351 pgoff_t index, unsigned flags)
2352{
2353 int status;
2354 gfp_t gfp_mask;
2355 struct page *page;
2356 gfp_t gfp_notmask = 0;
2357
2358 gfp_mask = mapping_gfp_mask(mapping);
2359 if (mapping_cap_account_dirty(mapping))
2360 gfp_mask |= __GFP_WRITE;
2361 if (flags & AOP_FLAG_NOFS)
2362 gfp_notmask = __GFP_FS;
2363repeat:
2364 page = find_lock_page(mapping, index);
2365 if (page)
2366 goto found;
2367
2368 page = __page_cache_alloc(gfp_mask & ~gfp_notmask);
2369 if (!page)
2370 return NULL;
2371 status = add_to_page_cache_lru(page, mapping, index,
2372 GFP_KERNEL & ~gfp_notmask);
2373 if (unlikely(status)) {
2374 page_cache_release(page);
2375 if (status == -EEXIST)
2376 goto repeat;
2377 return NULL;
2378 }
2379found:
2380 wait_on_page_writeback(page);
2381 return page;
2382}
2383EXPORT_SYMBOL(grab_cache_page_write_begin);
2384
2385static ssize_t generic_perform_write(struct file *file,
2386 struct iov_iter *i, loff_t pos)
2387{
2388 struct address_space *mapping = file->f_mapping;
2389 const struct address_space_operations *a_ops = mapping->a_ops;
2390 long status = 0;
2391 ssize_t written = 0;
2392 unsigned int flags = 0;
2393
2394 /*
2395 * Copies from kernel address space cannot fail (NFSD is a big user).
2396 */
2397 if (segment_eq(get_fs(), KERNEL_DS))
2398 flags |= AOP_FLAG_UNINTERRUPTIBLE;
2399
2400 do {
2401 struct page *page;
2402 unsigned long offset; /* Offset into pagecache page */
2403 unsigned long bytes; /* Bytes to write to page */
2404 size_t copied; /* Bytes copied from user */
2405 void *fsdata;
2406
2407 offset = (pos & (PAGE_CACHE_SIZE - 1));
2408 bytes = min_t(unsigned long, PAGE_CACHE_SIZE - offset,
2409 iov_iter_count(i));
2410
2411again:
2412 /*
2413 * Bring in the user page that we will copy from _first_.
2414 * Otherwise there's a nasty deadlock on copying from the
2415 * same page as we're writing to, without it being marked
2416 * up-to-date.
2417 *
2418 * Not only is this an optimisation, but it is also required
2419 * to check that the address is actually valid, when atomic
2420 * usercopies are used, below.
2421 */
2422 if (unlikely(iov_iter_fault_in_readable(i, bytes))) {
2423 status = -EFAULT;
2424 break;
2425 }
2426
2427 status = a_ops->write_begin(file, mapping, pos, bytes, flags,
2428 &page, &fsdata);
2429 if (unlikely(status))
2430 break;
2431
2432 if (mapping_writably_mapped(mapping))
2433 flush_dcache_page(page);
2434
2435 pagefault_disable();
2436 copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes);
2437 pagefault_enable();
2438 flush_dcache_page(page);
2439
2440 mark_page_accessed(page);
2441 status = a_ops->write_end(file, mapping, pos, bytes, copied,
2442 page, fsdata);
2443 if (unlikely(status < 0))
2444 break;
2445 copied = status;
2446
2447 cond_resched();
2448
2449 iov_iter_advance(i, copied);
2450 if (unlikely(copied == 0)) {
2451 /*
2452 * If we were unable to copy any data at all, we must
2453 * fall back to a single segment length write.
2454 *
2455 * If we didn't fallback here, we could livelock
2456 * because not all segments in the iov can be copied at
2457 * once without a pagefault.
2458 */
2459 bytes = min_t(unsigned long, PAGE_CACHE_SIZE - offset,
2460 iov_iter_single_seg_count(i));
2461 goto again;
2462 }
2463 pos += copied;
2464 written += copied;
2465
2466 balance_dirty_pages_ratelimited(mapping);
2467 if (fatal_signal_pending(current)) {
2468 status = -EINTR;
2469 break;
2470 }
2471 } while (iov_iter_count(i));
2472
2473 return written ? written : status;
2474}
2475
2476ssize_t
2477generic_file_buffered_write(struct kiocb *iocb, const struct iovec *iov,
2478 unsigned long nr_segs, loff_t pos, loff_t *ppos,
2479 size_t count, ssize_t written)
2480{
2481 struct file *file = iocb->ki_filp;
2482 ssize_t status;
2483 struct iov_iter i;
2484
2485 iov_iter_init(&i, iov, nr_segs, count, written);
2486 status = generic_perform_write(file, &i, pos);
2487
2488 if (likely(status >= 0)) {
2489 written += status;
2490 *ppos = pos + status;
2491 }
2492
2493 return written ? written : status;
2494}
2495EXPORT_SYMBOL(generic_file_buffered_write);
2496
2497/**
2498 * __generic_file_aio_write - write data to a file
2499 * @iocb: IO state structure (file, offset, etc.)
2500 * @iov: vector with data to write
2501 * @nr_segs: number of segments in the vector
2502 * @ppos: position where to write
2503 *
2504 * This function does all the work needed for actually writing data to a
2505 * file. It does all basic checks, removes SUID from the file, updates
2506 * modification times and calls proper subroutines depending on whether we
2507 * do direct IO or a standard buffered write.
2508 *
2509 * It expects i_mutex to be grabbed unless we work on a block device or similar
2510 * object which does not need locking at all.
2511 *
2512 * This function does *not* take care of syncing data in case of O_SYNC write.
2513 * A caller has to handle it. This is mainly due to the fact that we want to
2514 * avoid syncing under i_mutex.
2515 */
2516ssize_t __generic_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
2517 unsigned long nr_segs, loff_t *ppos)
2518{
2519 struct file *file = iocb->ki_filp;
2520 struct address_space * mapping = file->f_mapping;
2521 size_t ocount; /* original count */
2522 size_t count; /* after file limit checks */
2523 struct inode *inode = mapping->host;
2524 loff_t pos;
2525 ssize_t written;
2526 ssize_t err;
2527
2528 ocount = 0;
2529 err = generic_segment_checks(iov, &nr_segs, &ocount, VERIFY_READ);
2530 if (err)
2531 return err;
2532
2533 count = ocount;
2534 pos = *ppos;
2535
2536 vfs_check_frozen(inode->i_sb, SB_FREEZE_WRITE);
2537
2538 /* We can write back this queue in page reclaim */
2539 current->backing_dev_info = mapping->backing_dev_info;
2540 written = 0;
2541
2542 err = generic_write_checks(file, &pos, &count, S_ISBLK(inode->i_mode));
2543 if (err)
2544 goto out;
2545
2546 if (count == 0)
2547 goto out;
2548
2549 err = file_remove_suid(file);
2550 if (err)
2551 goto out;
2552
2553 file_update_time(file);
2554
2555 /* coalesce the iovecs and go direct-to-BIO for O_DIRECT */
2556 if (unlikely(file->f_flags & O_DIRECT)) {
2557 loff_t endbyte;
2558 ssize_t written_buffered;
2559
2560 written = generic_file_direct_write(iocb, iov, &nr_segs, pos,
2561 ppos, count, ocount);
2562 if (written < 0 || written == count)
2563 goto out;
2564 /*
2565 * direct-io write to a hole: fall through to buffered I/O
2566 * for completing the rest of the request.
2567 */
2568 pos += written;
2569 count -= written;
2570 written_buffered = generic_file_buffered_write(iocb, iov,
2571 nr_segs, pos, ppos, count,
2572 written);
2573 /*
2574 * If generic_file_buffered_write() retuned a synchronous error
2575 * then we want to return the number of bytes which were
2576 * direct-written, or the error code if that was zero. Note
2577 * that this differs from normal direct-io semantics, which
2578 * will return -EFOO even if some bytes were written.
2579 */
2580 if (written_buffered < 0) {
2581 err = written_buffered;
2582 goto out;
2583 }
2584
2585 /*
2586 * We need to ensure that the page cache pages are written to
2587 * disk and invalidated to preserve the expected O_DIRECT
2588 * semantics.
2589 */
2590 endbyte = pos + written_buffered - written - 1;
2591 err = filemap_write_and_wait_range(file->f_mapping, pos, endbyte);
2592 if (err == 0) {
2593 written = written_buffered;
2594 invalidate_mapping_pages(mapping,
2595 pos >> PAGE_CACHE_SHIFT,
2596 endbyte >> PAGE_CACHE_SHIFT);
2597 } else {
2598 /*
2599 * We don't know how much we wrote, so just return
2600 * the number of bytes which were direct-written
2601 */
2602 }
2603 } else {
2604 written = generic_file_buffered_write(iocb, iov, nr_segs,
2605 pos, ppos, count, written);
2606 }
2607out:
2608 current->backing_dev_info = NULL;
2609 return written ? written : err;
2610}
2611EXPORT_SYMBOL(__generic_file_aio_write);
2612
2613/**
2614 * generic_file_aio_write - write data to a file
2615 * @iocb: IO state structure
2616 * @iov: vector with data to write
2617 * @nr_segs: number of segments in the vector
2618 * @pos: position in file where to write
2619 *
2620 * This is a wrapper around __generic_file_aio_write() to be used by most
2621 * filesystems. It takes care of syncing the file in case of O_SYNC file
2622 * and acquires i_mutex as needed.
2623 */
2624ssize_t generic_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
2625 unsigned long nr_segs, loff_t pos)
2626{
2627 struct file *file = iocb->ki_filp;
2628 struct inode *inode = file->f_mapping->host;
2629 struct blk_plug plug;
2630 ssize_t ret;
2631
2632 BUG_ON(iocb->ki_pos != pos);
2633
2634 mutex_lock(&inode->i_mutex);
2635 blk_start_plug(&plug);
2636 ret = __generic_file_aio_write(iocb, iov, nr_segs, &iocb->ki_pos);
2637 mutex_unlock(&inode->i_mutex);
2638
2639 if (ret > 0 || ret == -EIOCBQUEUED) {
2640 ssize_t err;
2641
2642 err = generic_write_sync(file, pos, ret);
2643 if (err < 0 && ret > 0)
2644 ret = err;
2645 }
2646 blk_finish_plug(&plug);
2647 return ret;
2648}
2649EXPORT_SYMBOL(generic_file_aio_write);
2650
2651/**
2652 * try_to_release_page() - release old fs-specific metadata on a page
2653 *
2654 * @page: the page which the kernel is trying to free
2655 * @gfp_mask: memory allocation flags (and I/O mode)
2656 *
2657 * The address_space is to try to release any data against the page
2658 * (presumably at page->private). If the release was successful, return `1'.
2659 * Otherwise return zero.
2660 *
2661 * This may also be called if PG_fscache is set on a page, indicating that the
2662 * page is known to the local caching routines.
2663 *
2664 * The @gfp_mask argument specifies whether I/O may be performed to release
2665 * this page (__GFP_IO), and whether the call may block (__GFP_WAIT & __GFP_FS).
2666 *
2667 */
2668int try_to_release_page(struct page *page, gfp_t gfp_mask)
2669{
2670 struct address_space * const mapping = page->mapping;
2671
2672 BUG_ON(!PageLocked(page));
2673 if (PageWriteback(page))
2674 return 0;
2675
2676 if (mapping && mapping->a_ops->releasepage)
2677 return mapping->a_ops->releasepage(page, gfp_mask);
2678 return try_to_free_buffers(page);
2679}
2680
2681EXPORT_SYMBOL(try_to_release_page);