1
/*
2
 *	linux/mm/filemap.c
3
 *
4
 * Copyright (C) 1994-1999  Linus Torvalds
5
 */
6

7
/*
8
 * This file handles the generic file mmap semantics used by
9
 * most "normal" filesystems (but you don't /have/ to use this:
10
 * the NFS filesystem used to do this differently, for example)
11
 */
12
#include <linux/module.h>
13
#include <linux/compiler.h>
14
#include <linux/fs.h>
15
#include <linux/uaccess.h>
16
#include <linux/aio.h>
17
#include <linux/capability.h>
18
#include <linux/kernel_stat.h>
19
#include <linux/gfp.h>
20
#include <linux/mm.h>
21
#include <linux/swap.h>
22
#include <linux/mman.h>
23
#include <linux/pagemap.h>
24
#include <linux/file.h>
25
#include <linux/uio.h>
26
#include <linux/hash.h>
27
#include <linux/writeback.h>
28
#include <linux/backing-dev.h>
29
#include <linux/pagevec.h>
30
#include <linux/blkdev.h>
31
#include <linux/security.h>
32
#include <linux/syscalls.h>
33
#include <linux/cpuset.h>
34
#include <linux/hardirq.h> /* for BUG_ON(!in_atomic()) only */
35
#include <linux/memcontrol.h>
36
#include <linux/mm_inline.h> /* for page_is_file_cache() */
37
#include <linux/cleancache.h>
38
#include "internal.h"
39

40
/*
41
 * FIXME: remove all knowledge of the buffer layer from the core VM
42
 */
43
#include <linux/buffer_head.h> /* for try_to_free_buffers */
44

45
#include <asm/mman.h>
46

47
/*
48
 * Shared mappings implemented 30.11.1994. It's not fully working yet,
49
 * though.
50
 *
51
 * Shared mappings now work. 15.8.1995  Bruno.
52
 *
53
 * finished 'unifying' the page and buffer cache and SMP-threaded the
54
 * page-cache, 21.05.1999, Ingo Molnar <[email protected]>
55
 *
56
 * SMP-threaded pagemap-LRU 1999, Andrea Arcangeli <[email protected]>
57
 */
58

59
/*
60
 * Lock ordering:
61
 *
62
 *  ->i_mmap_mutex		(truncate_pagecache)
63
 *    ->private_lock		(__free_pte->__set_page_dirty_buffers)
64
 *      ->swap_lock		(exclusive_swap_page, others)
65
 *        ->mapping->tree_lock
66
 *
67
 *  ->i_mutex
68
 *    ->i_mmap_mutex		(truncate->unmap_mapping_range)
69
 *
70
 *  ->mmap_sem
71
 *    ->i_mmap_mutex
72
 *      ->page_table_lock or pte_lock	(various, mainly in memory.c)
73
 *        ->mapping->tree_lock	(arch-dependent flush_dcache_mmap_lock)
74
 *
75
 *  ->mmap_sem
76
 *    ->lock_page		(access_process_vm)
77
 *
78
 *  ->i_mutex			(generic_file_buffered_write)
79
 *    ->mmap_sem		(fault_in_pages_readable->do_page_fault)
80
 *
81
 *  ->i_mutex
82
 *    ->i_alloc_sem             (various)
83
 *
84
 *  inode_wb_list_lock
85
 *    sb_lock			(fs/fs-writeback.c)
86
 *    ->mapping->tree_lock	(__sync_single_inode)
87
 *
88
 *  ->i_mmap_mutex
89
 *    ->anon_vma.lock		(vma_adjust)
90
 *
91
 *  ->anon_vma.lock
92
 *    ->page_table_lock or pte_lock	(anon_vma_prepare and various)
93
 *
94
 *  ->page_table_lock or pte_lock
95
 *    ->swap_lock		(try_to_unmap_one)
96
 *    ->private_lock		(try_to_unmap_one)
97
 *    ->tree_lock		(try_to_unmap_one)
98
 *    ->zone.lru_lock		(follow_page->mark_page_accessed)
99
 *    ->zone.lru_lock		(check_pte_range->isolate_lru_page)
100
 *    ->private_lock		(page_remove_rmap->set_page_dirty)
101
 *    ->tree_lock		(page_remove_rmap->set_page_dirty)
102
 *    inode_wb_list_lock	(page_remove_rmap->set_page_dirty)
103
 *    ->inode->i_lock		(page_remove_rmap->set_page_dirty)
104
 *    inode_wb_list_lock	(zap_pte_range->set_page_dirty)
105
 *    ->inode->i_lock		(zap_pte_range->set_page_dirty)
106
 *    ->private_lock		(zap_pte_range->__set_page_dirty_buffers)
107
 *
108
 *  (code doesn't rely on that order, so you could switch it around)
109
 *  ->tasklist_lock             (memory_failure, collect_procs_ao)
110
 *    ->i_mmap_mutex
111
 */
112

113
/*
114
 * Delete a page from the page cache and free it. Caller has to make
115
 * sure the page is locked and that nobody else uses it - or that usage
116
 * is safe.  The caller must hold the mapping's tree_lock.
117
 */
118
void __delete_from_page_cache(struct page *page)
119
{
120
	struct address_space *mapping = page->mapping;
121

122
	/*
123
	 * if we're uptodate, flush out into the cleancache, otherwise
124
	 * invalidate any existing cleancache entries.  We can't leave
125
	 * stale data around in the cleancache once our page is gone
126
	 */
127
	if (PageUptodate(page) && PageMappedToDisk(page))
128
		cleancache_put_page(page);
129
	else
130
		cleancache_flush_page(mapping, page);
131

132
	radix_tree_delete(&mapping->page_tree, page->index);
133
	page->mapping = NULL;
134
	mapping->nrpages--;
135
	__dec_zone_page_state(page, NR_FILE_PAGES);
136
	if (PageSwapBacked(page))
137
		__dec_zone_page_state(page, NR_SHMEM);
138
	BUG_ON(page_mapped(page));
139

140
	/*
141
	 * Some filesystems seem to re-dirty the page even after
142
	 * the VM has canceled the dirty bit (eg ext3 journaling).
143
	 *
144
	 * Fix it up by doing a final dirty accounting check after
145
	 * having removed the page entirely.
146
	 */
147
	if (PageDirty(page) && mapping_cap_account_dirty(mapping)) {
148
		dec_zone_page_state(page, NR_FILE_DIRTY);
149
		dec_bdi_stat(mapping->backing_dev_info, BDI_RECLAIMABLE);
150
	}
151
}
152

153
/**
154
 * delete_from_page_cache - delete page from page cache
155
 * @page: the page which the kernel is trying to remove from page cache
156
 *
157
 * This must be called only on pages that have been verified to be in the page
158
 * cache and locked.  It will never put the page into the free list, the caller
159
 * has a reference on the page.
160
 */
161
void delete_from_page_cache(struct page *page)
162
{
163
	struct address_space *mapping = page->mapping;
164
	void (*freepage)(struct page *);
165

166
	BUG_ON(!PageLocked(page));
167

168
	freepage = mapping->a_ops->freepage;
169
	spin_lock_irq(&mapping->tree_lock);
170
	__delete_from_page_cache(page);
171
	spin_unlock_irq(&mapping->tree_lock);
172
	mem_cgroup_uncharge_cache_page(page);
173

174
	if (freepage)
175
		freepage(page);
176
	page_cache_release(page);
177
}
178
EXPORT_SYMBOL(delete_from_page_cache);
179

180
static int sleep_on_page(void *word)
181
{
182
	io_schedule();
183
	return 0;
184
}
185

186
static int sleep_on_page_killable(void *word)
187
{
188
	sleep_on_page(word);
189
	return fatal_signal_pending(current) ? -EINTR : 0;
190
}
191

192
/**
193
 * __filemap_fdatawrite_range - start writeback on mapping dirty pages in range
194
 * @mapping:	address space structure to write
195
 * @start:	offset in bytes where the range starts
196
 * @end:	offset in bytes where the range ends (inclusive)
197
 * @sync_mode:	enable synchronous operation
198
 *
199
 * Start writeback against all of a mapping's dirty pages that lie
200
 * within the byte offsets <start, end> inclusive.
201
 *
202
 * If sync_mode is WB_SYNC_ALL then this is a "data integrity" operation, as
203
 * opposed to a regular memory cleansing writeback.  The difference between
204
 * these two operations is that if a dirty page/buffer is encountered, it must
205
 * be waited upon, and not just skipped over.
206
 */
207
int __filemap_fdatawrite_range(struct address_space *mapping, loff_t start,
208
				loff_t end, int sync_mode)
209
{
210
	int ret;
211
	struct writeback_control wbc = {
212
		.sync_mode = sync_mode,
213
		.nr_to_write = LONG_MAX,
214
		.range_start = start,
215
		.range_end = end,
216
	};
217

218
	if (!mapping_cap_writeback_dirty(mapping))
219
		return 0;
220

221
	ret = do_writepages(mapping, &wbc);
222
	return ret;
223
}
224

225
static inline int __filemap_fdatawrite(struct address_space *mapping,
226
	int sync_mode)
227
{
228
	return __filemap_fdatawrite_range(mapping, 0, LLONG_MAX, sync_mode);
229
}
230

231
int filemap_fdatawrite(struct address_space *mapping)
232
{
233
	return __filemap_fdatawrite(mapping, WB_SYNC_ALL);
234
}
235
EXPORT_SYMBOL(filemap_fdatawrite);
236

237
int filemap_fdatawrite_range(struct address_space *mapping, loff_t start,
238
				loff_t end)
239
{
240
	return __filemap_fdatawrite_range(mapping, start, end, WB_SYNC_ALL);
241
}
242
EXPORT_SYMBOL(filemap_fdatawrite_range);
243

244
/**
245
 * filemap_flush - mostly a non-blocking flush
246
 * @mapping:	target address_space
247
 *
248
 * This is a mostly non-blocking flush.  Not suitable for data-integrity
249
 * purposes - I/O may not be started against all dirty pages.
250
 */
251
int filemap_flush(struct address_space *mapping)
252
{
253
	return __filemap_fdatawrite(mapping, WB_SYNC_NONE);
254
}
255
EXPORT_SYMBOL(filemap_flush);
256

257
/**
258
 * filemap_fdatawait_range - wait for writeback to complete
259
 * @mapping:		address space structure to wait for
260
 * @start_byte:		offset in bytes where the range starts
261
 * @end_byte:		offset in bytes where the range ends (inclusive)
262
 *
263
 * Walk the list of under-writeback pages of the given address space
264
 * in the given range and wait for all of them.
265
 */
266
int filemap_fdatawait_range(struct address_space *mapping, loff_t start_byte,
267
			    loff_t end_byte)
268
{
269
	pgoff_t index = start_byte >> PAGE_CACHE_SHIFT;
270
	pgoff_t end = end_byte >> PAGE_CACHE_SHIFT;
271
	struct pagevec pvec;
272
	int nr_pages;
273
	int ret = 0;
274

275
	if (end_byte < start_byte)
276
		return 0;
277

278
	pagevec_init(&pvec, 0);
279
	while ((index <= end) &&
280
			(nr_pages = pagevec_lookup_tag(&pvec, mapping, &index,
281
			PAGECACHE_TAG_WRITEBACK,
282
			min(end - index, (pgoff_t)PAGEVEC_SIZE-1) + 1)) != 0) {
283
		unsigned i;
284

285
		for (i = 0; i < nr_pages; i++) {
286
			struct page *page = pvec.pages[i];
287

288
			/* until radix tree lookup accepts end_index */
289
			if (page->index > end)
290
				continue;
291

292
			wait_on_page_writeback(page);
293
			if (TestClearPageError(page))
294
				ret = -EIO;
295
		}
296
		pagevec_release(&pvec);
297
		cond_resched();
298
	}
299

300
	/* Check for outstanding write errors */
301
	if (test_and_clear_bit(AS_ENOSPC, &mapping->flags))
302
		ret = -ENOSPC;
303
	if (test_and_clear_bit(AS_EIO, &mapping->flags))
304
		ret = -EIO;
305

306
	return ret;
307
}
308
EXPORT_SYMBOL(filemap_fdatawait_range);
309

310
/**
311
 * filemap_fdatawait - wait for all under-writeback pages to complete
312
 * @mapping: address space structure to wait for
313
 *
314
 * Walk the list of under-writeback pages of the given address space
315
 * and wait for all of them.
316
 */
317
int filemap_fdatawait(struct address_space *mapping)
318
{
319
	loff_t i_size = i_size_read(mapping->host);
320

321
	if (i_size == 0)
322
		return 0;
323

324
	return filemap_fdatawait_range(mapping, 0, i_size - 1);
325
}
326
EXPORT_SYMBOL(filemap_fdatawait);
327

328
int filemap_write_and_wait(struct address_space *mapping)
329
{
330
	int err = 0;
331

332
	if (mapping->nrpages) {
333
		err = filemap_fdatawrite(mapping);
334
		/*
335
		 * Even if the above returned error, the pages may be
336
		 * written partially (e.g. -ENOSPC), so we wait for it.
337
		 * But the -EIO is special case, it may indicate the worst
338
		 * thing (e.g. bug) happened, so we avoid waiting for it.
339
		 */
340
		if (err != -EIO) {
341
			int err2 = filemap_fdatawait(mapping);
342
			if (!err)
343
				err = err2;
344
		}
345
	}
346
	return err;
347
}
348
EXPORT_SYMBOL(filemap_write_and_wait);
349

350
/**
351
 * filemap_write_and_wait_range - write out & wait on a file range
352
 * @mapping:	the address_space for the pages
353
 * @lstart:	offset in bytes where the range starts
354
 * @lend:	offset in bytes where the range ends (inclusive)
355
 *
356
 * Write out and wait upon file offsets lstart->lend, inclusive.
357
 *
358
 * Note that `lend' is inclusive (describes the last byte to be written) so
359
 * that this function can be used to write to the very end-of-file (end = -1).
360
 */
361
int filemap_write_and_wait_range(struct address_space *mapping,
362
				 loff_t lstart, loff_t lend)
363
{
364
	int err = 0;
365

366
	if (mapping->nrpages) {
367
		err = __filemap_fdatawrite_range(mapping, lstart, lend,
368
						 WB_SYNC_ALL);
369
		/* See comment of filemap_write_and_wait() */
370
		if (err != -EIO) {
371
			int err2 = filemap_fdatawait_range(mapping,
372
						lstart, lend);
373
			if (!err)
374
				err = err2;
375
		}
376
	}
377
	return err;
378
}
379
EXPORT_SYMBOL(filemap_write_and_wait_range);
380

381
/**
382
 * replace_page_cache_page - replace a pagecache page with a new one
383
 * @old:	page to be replaced
384
 * @new:	page to replace with
385
 * @gfp_mask:	allocation mode
386
 *
387
 * This function replaces a page in the pagecache with a new one.  On
388
 * success it acquires the pagecache reference for the new page and
389
 * drops it for the old page.  Both the old and new pages must be
390
 * locked.  This function does not add the new page to the LRU, the
391
 * caller must do that.
392
 *
393
 * The remove + add is atomic.  The only way this function can fail is
394
 * memory allocation failure.
395
 */
396
int replace_page_cache_page(struct page *old, struct page *new, gfp_t gfp_mask)
397
{
398
	int error;
399
	struct mem_cgroup *memcg = NULL;
400

401
	VM_BUG_ON(!PageLocked(old));
402
	VM_BUG_ON(!PageLocked(new));
403
	VM_BUG_ON(new->mapping);
404

405
	/*
406
	 * This is not page migration, but prepare_migration and
407
	 * end_migration does enough work for charge replacement.
408
	 *
409
	 * In the longer term we probably want a specialized function
410
	 * for moving the charge from old to new in a more efficient
411
	 * manner.
412
	 */
413
	error = mem_cgroup_prepare_migration(old, new, &memcg, gfp_mask);
414
	if (error)
415
		return error;
416

417
	error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM);
418
	if (!error) {
419
		struct address_space *mapping = old->mapping;
420
		void (*freepage)(struct page *);
421

422
		pgoff_t offset = old->index;
423
		freepage = mapping->a_ops->freepage;
424

425
		page_cache_get(new);
426
		new->mapping = mapping;
427
		new->index = offset;
428

429
		spin_lock_irq(&mapping->tree_lock);
430
		__delete_from_page_cache(old);
431
		error = radix_tree_insert(&mapping->page_tree, offset, new);
432
		BUG_ON(error);
433
		mapping->nrpages++;
434
		__inc_zone_page_state(new, NR_FILE_PAGES);
435
		if (PageSwapBacked(new))
436
			__inc_zone_page_state(new, NR_SHMEM);
437
		spin_unlock_irq(&mapping->tree_lock);
438
		radix_tree_preload_end();
439
		if (freepage)
440
			freepage(old);
441
		page_cache_release(old);
442
		mem_cgroup_end_migration(memcg, old, new, true);
443
	} else {
444
		mem_cgroup_end_migration(memcg, old, new, false);
445
	}
446

447
	return error;
448
}
449
EXPORT_SYMBOL_GPL(replace_page_cache_page);
450

451
/**
452
 * add_to_page_cache_locked - add a locked page to the pagecache
453
 * @page:	page to add
454
 * @mapping:	the page's address_space
455
 * @offset:	page index
456
 * @gfp_mask:	page allocation mode
457
 *
458
 * This function is used to add a page to the pagecache. It must be locked.
459
 * This function does not add the page to the LRU.  The caller must do that.
460
 */
461
int add_to_page_cache_locked(struct page *page, struct address_space *mapping,
462
		pgoff_t offset, gfp_t gfp_mask)
463
{
464
	int error;
465

466
	VM_BUG_ON(!PageLocked(page));
467

468
	error = mem_cgroup_cache_charge(page, current->mm,
469
					gfp_mask & GFP_RECLAIM_MASK);
470
	if (error)
471
		goto out;
472

473
	error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM);
474
	if (error == 0) {
475
		page_cache_get(page);
476
		page->mapping = mapping;
477
		page->index = offset;
478

479
		spin_lock_irq(&mapping->tree_lock);
480
		error = radix_tree_insert(&mapping->page_tree, offset, page);
481
		if (likely(!error)) {
482
			mapping->nrpages++;
483
			__inc_zone_page_state(page, NR_FILE_PAGES);
484
			if (PageSwapBacked(page))
485
				__inc_zone_page_state(page, NR_SHMEM);
486
			spin_unlock_irq(&mapping->tree_lock);
487
		} else {
488
			page->mapping = NULL;
489
			spin_unlock_irq(&mapping->tree_lock);
490
			mem_cgroup_uncharge_cache_page(page);
491
			page_cache_release(page);
492
		}
493
		radix_tree_preload_end();
494
	} else
495
		mem_cgroup_uncharge_cache_page(page);
496
out:
497
	return error;
498
}
499
EXPORT_SYMBOL(add_to_page_cache_locked);
500

501
int add_to_page_cache_lru(struct page *page, struct address_space *mapping,
502
				pgoff_t offset, gfp_t gfp_mask)
503
{
504
	int ret;
505

506
	/*
507
	 * Splice_read and readahead add shmem/tmpfs pages into the page cache
508
	 * before shmem_readpage has a chance to mark them as SwapBacked: they
509
	 * need to go on the anon lru below, and mem_cgroup_cache_charge
510
	 * (called in add_to_page_cache) needs to know where they're going too.
511
	 */
512
	if (mapping_cap_swap_backed(mapping))
513
		SetPageSwapBacked(page);
514

515
	ret = add_to_page_cache(page, mapping, offset, gfp_mask);
516
	if (ret == 0) {
517
		if (page_is_file_cache(page))
518
			lru_cache_add_file(page);
519
		else
520
			lru_cache_add_anon(page);
521
	}
522
	return ret;
523
}
524
EXPORT_SYMBOL_GPL(add_to_page_cache_lru);
525

526
#ifdef CONFIG_NUMA
527
struct page *__page_cache_alloc(gfp_t gfp)
528
{
529
	int n;
530
	struct page *page;
531

532
	if (cpuset_do_page_mem_spread()) {
533
		get_mems_allowed();
534
		n = cpuset_mem_spread_node();
535
		page = alloc_pages_exact_node(n, gfp, 0);
536
		put_mems_allowed();
537
		return page;
538
	}
539
	return alloc_pages(gfp, 0);
540
}
541
EXPORT_SYMBOL(__page_cache_alloc);
542
#endif
543

544
/*
545
 * In order to wait for pages to become available there must be
546
 * waitqueues associated with pages. By using a hash table of
547
 * waitqueues where the bucket discipline is to maintain all
548
 * waiters on the same queue and wake all when any of the pages
549
 * become available, and for the woken contexts to check to be
550
 * sure the appropriate page became available, this saves space
551
 * at a cost of "thundering herd" phenomena during rare hash
552
 * collisions.
553
 */
554
static wait_queue_head_t *page_waitqueue(struct page *page)
555
{
556
	const struct zone *zone = page_zone(page);
557

558
	return &zone->wait_table[hash_ptr(page, zone->wait_table_bits)];
559
}
560

561
static inline void wake_up_page(struct page *page, int bit)
562
{
563
	__wake_up_bit(page_waitqueue(page), &page->flags, bit);
564
}
565

566
void wait_on_page_bit(struct page *page, int bit_nr)
567
{
568
	DEFINE_WAIT_BIT(wait, &page->flags, bit_nr);
569

570
	if (test_bit(bit_nr, &page->flags))
571
		__wait_on_bit(page_waitqueue(page), &wait, sleep_on_page,
572
							TASK_UNINTERRUPTIBLE);
573
}
574
EXPORT_SYMBOL(wait_on_page_bit);
575

576
int wait_on_page_bit_killable(struct page *page, int bit_nr)
577
{
578
	DEFINE_WAIT_BIT(wait, &page->flags, bit_nr);
579

580
	if (!test_bit(bit_nr, &page->flags))
581
		return 0;
582

583
	return __wait_on_bit(page_waitqueue(page), &wait,
584
			     sleep_on_page_killable, TASK_KILLABLE);
585
}
586

587
/**
588
 * add_page_wait_queue - Add an arbitrary waiter to a page's wait queue
589
 * @page: Page defining the wait queue of interest
590
 * @waiter: Waiter to add to the queue
591
 *
592
 * Add an arbitrary @waiter to the wait queue for the nominated @page.
593
 */
594
void add_page_wait_queue(struct page *page, wait_queue_t *waiter)
595
{
596
	wait_queue_head_t *q = page_waitqueue(page);
597
	unsigned long flags;
598

599
	spin_lock_irqsave(&q->lock, flags);
600
	__add_wait_queue(q, waiter);
601
	spin_unlock_irqrestore(&q->lock, flags);
602
}
603
EXPORT_SYMBOL_GPL(add_page_wait_queue);
604

605
/**
606
 * unlock_page - unlock a locked page
607
 * @page: the page
608
 *
609
 * Unlocks the page and wakes up sleepers in ___wait_on_page_locked().
610
 * Also wakes sleepers in wait_on_page_writeback() because the wakeup
611
 * mechananism between PageLocked pages and PageWriteback pages is shared.
612
 * But that's OK - sleepers in wait_on_page_writeback() just go back to sleep.
613
 *
614
 * The mb is necessary to enforce ordering between the clear_bit and the read
615
 * of the waitqueue (to avoid SMP races with a parallel wait_on_page_locked()).
616
 */
617
void unlock_page(struct page *page)
618
{
619
	VM_BUG_ON(!PageLocked(page));
620
	clear_bit_unlock(PG_locked, &page->flags);
621
	smp_mb__after_clear_bit();
622
	wake_up_page(page, PG_locked);
623
}
624
EXPORT_SYMBOL(unlock_page);
625

626
/**
627
 * end_page_writeback - end writeback against a page
628
 * @page: the page
629
 */
630
void end_page_writeback(struct page *page)
631
{
632
	if (TestClearPageReclaim(page))
633
		rotate_reclaimable_page(page);
634

635
	if (!test_clear_page_writeback(page))
636
		BUG();
637

638
	smp_mb__after_clear_bit();
639
	wake_up_page(page, PG_writeback);
640
}
641
EXPORT_SYMBOL(end_page_writeback);
642

643
/**
644
 * __lock_page - get a lock on the page, assuming we need to sleep to get it
645
 * @page: the page to lock
646
 */
647
void __lock_page(struct page *page)
648
{
649
	DEFINE_WAIT_BIT(wait, &page->flags, PG_locked);
650

651
	__wait_on_bit_lock(page_waitqueue(page), &wait, sleep_on_page,
652
							TASK_UNINTERRUPTIBLE);
653
}
654
EXPORT_SYMBOL(__lock_page);
655

656
int __lock_page_killable(struct page *page)
657
{
658
	DEFINE_WAIT_BIT(wait, &page->flags, PG_locked);
659

660
	return __wait_on_bit_lock(page_waitqueue(page), &wait,
661
					sleep_on_page_killable, TASK_KILLABLE);
662
}
663
EXPORT_SYMBOL_GPL(__lock_page_killable);
664

665
int __lock_page_or_retry(struct page *page, struct mm_struct *mm,
666
			 unsigned int flags)
667
{
668
	if (flags & FAULT_FLAG_ALLOW_RETRY) {
669
		/*
670
		 * CAUTION! In this case, mmap_sem is not released
671
		 * even though return 0.
672
		 */
673
		if (flags & FAULT_FLAG_RETRY_NOWAIT)
674
			return 0;
675

676
		up_read(&mm->mmap_sem);
677
		if (flags & FAULT_FLAG_KILLABLE)
678
			wait_on_page_locked_killable(page);
679
		else
680
			wait_on_page_locked(page);
681
		return 0;
682
	} else {
683
		if (flags & FAULT_FLAG_KILLABLE) {
684
			int ret;
685

686
			ret = __lock_page_killable(page);
687
			if (ret) {
688
				up_read(&mm->mmap_sem);
689
				return 0;
690
			}
691
		} else
692
			__lock_page(page);
693
		return 1;
694
	}
695
}
696

697
/**
698
 * find_get_page - find and get a page reference
699
 * @mapping: the address_space to search
700
 * @offset: the page index
701
 *
702
 * Is there a pagecache struct page at the given (mapping, offset) tuple?
703
 * If yes, increment its refcount and return it; if no, return NULL.
704
 */
705
struct page *find_get_page(struct address_space *mapping, pgoff_t offset)
706
{
707
	void **pagep;
708
	struct page *page;
709

710
	rcu_read_lock();
711
repeat:
712
	page = NULL;
713
	pagep = radix_tree_lookup_slot(&mapping->page_tree, offset);
714
	if (pagep) {
715
		page = radix_tree_deref_slot(pagep);
716
		if (unlikely(!page))
717
			goto out;
718
		if (radix_tree_deref_retry(page))
719
			goto repeat;
720

721
		if (!page_cache_get_speculative(page))
722
			goto repeat;
723

724
		/*
725
		 * Has the page moved?
726
		 * This is part of the lockless pagecache protocol. See
727
		 * include/linux/pagemap.h for details.
728
		 */
729
		if (unlikely(page != *pagep)) {
730
			page_cache_release(page);
731
			goto repeat;
732
		}
733
	}
734
out:
735
	rcu_read_unlock();
736

737
	return page;
738
}
739
EXPORT_SYMBOL(find_get_page);
740

741
/**
742
 * find_lock_page - locate, pin and lock a pagecache page
743
 * @mapping: the address_space to search
744
 * @offset: the page index
745
 *
746
 * Locates the desired pagecache page, locks it, increments its reference
747
 * count and returns its address.
748
 *
749
 * Returns zero if the page was not present. find_lock_page() may sleep.
750
 */
751
struct page *find_lock_page(struct address_space *mapping, pgoff_t offset)
752
{
753
	struct page *page;
754

755
repeat:
756
	page = find_get_page(mapping, offset);
757
	if (page) {
758
		lock_page(page);
759
		/* Has the page been truncated? */
760
		if (unlikely(page->mapping != mapping)) {
761
			unlock_page(page);
762
			page_cache_release(page);
763
			goto repeat;
764
		}
765
		VM_BUG_ON(page->index != offset);
766
	}
767
	return page;
768
}
769
EXPORT_SYMBOL(find_lock_page);
770

771
/**
772
 * find_or_create_page - locate or add a pagecache page
773
 * @mapping: the page's address_space
774
 * @index: the page's index into the mapping
775
 * @gfp_mask: page allocation mode
776
 *
777
 * Locates a page in the pagecache.  If the page is not present, a new page
778
 * is allocated using @gfp_mask and is added to the pagecache and to the VM's
779
 * LRU list.  The returned page is locked and has its reference count
780
 * incremented.
781
 *
782
 * find_or_create_page() may sleep, even if @gfp_flags specifies an atomic
783
 * allocation!
784
 *
785
 * find_or_create_page() returns the desired page's address, or zero on
786
 * memory exhaustion.
787
 */
788
struct page *find_or_create_page(struct address_space *mapping,
789
		pgoff_t index, gfp_t gfp_mask)
790
{
791
	struct page *page;
792
	int err;
793
repeat:
794
	page = find_lock_page(mapping, index);
795
	if (!page) {
796
		page = __page_cache_alloc(gfp_mask);
797
		if (!page)
798
			return NULL;
799
		/*
800
		 * We want a regular kernel memory (not highmem or DMA etc)
801
		 * allocation for the radix tree nodes, but we need to honour
802
		 * the context-specific requirements the caller has asked for.
803
		 * GFP_RECLAIM_MASK collects those requirements.
804
		 */
805
		err = add_to_page_cache_lru(page, mapping, index,
806
			(gfp_mask & GFP_RECLAIM_MASK));
807
		if (unlikely(err)) {
808
			page_cache_release(page);
809
			page = NULL;
810
			if (err == -EEXIST)
811
				goto repeat;
812
		}
813
	}
814
	return page;
815
}
816
EXPORT_SYMBOL(find_or_create_page);
817

818
/**
819
 * find_get_pages - gang pagecache lookup
820
 * @mapping:	The address_space to search
821
 * @start:	The starting page index
822
 * @nr_pages:	The maximum number of pages
823
 * @pages:	Where the resulting pages are placed
824
 *
825
 * find_get_pages() will search for and return a group of up to
826
 * @nr_pages pages in the mapping.  The pages are placed at @pages.
827
 * find_get_pages() takes a reference against the returned pages.
828
 *
829
 * The search returns a group of mapping-contiguous pages with ascending
830
 * indexes.  There may be holes in the indices due to not-present pages.
831
 *
832
 * find_get_pages() returns the number of pages which were found.
833
 */
834
unsigned find_get_pages(struct address_space *mapping, pgoff_t start,
835
			    unsigned int nr_pages, struct page **pages)
836
{
837
	unsigned int i;
838
	unsigned int ret;
839
	unsigned int nr_found;
840

841
	rcu_read_lock();
842
restart:
843
	nr_found = radix_tree_gang_lookup_slot(&mapping->page_tree,
844
				(void ***)pages, start, nr_pages);
845
	ret = 0;
846
	for (i = 0; i < nr_found; i++) {
847
		struct page *page;
848
repeat:
849
		page = radix_tree_deref_slot((void **)pages[i]);
850
		if (unlikely(!page))
851
			continue;
852

853
		/*
854
		 * This can only trigger when the entry at index 0 moves out
855
		 * of or back to the root: none yet gotten, safe to restart.
856
		 */
857
		if (radix_tree_deref_retry(page)) {
858
			WARN_ON(start | i);
859
			goto restart;
860
		}
861

862
		if (!page_cache_get_speculative(page))
863
			goto repeat;
864

865
		/* Has the page moved? */
866
		if (unlikely(page != *((void **)pages[i]))) {
867
			page_cache_release(page);
868
			goto repeat;
869
		}
870

871
		pages[ret] = page;
872
		ret++;
873
	}
874

875
	/*
876
	 * If all entries were removed before we could secure them,
877
	 * try again, because callers stop trying once 0 is returned.
878
	 */
879
	if (unlikely(!ret && nr_found))
880
		goto restart;
881
	rcu_read_unlock();
882
	return ret;
883
}
884

885
/**
886
 * find_get_pages_contig - gang contiguous pagecache lookup
887
 * @mapping:	The address_space to search
888
 * @index:	The starting page index
889
 * @nr_pages:	The maximum number of pages
890
 * @pages:	Where the resulting pages are placed
891
 *
892
 * find_get_pages_contig() works exactly like find_get_pages(), except
893
 * that the returned number of pages are guaranteed to be contiguous.
894
 *
895
 * find_get_pages_contig() returns the number of pages which were found.
896
 */
897
unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index,
898
			       unsigned int nr_pages, struct page **pages)
899
{
900
	unsigned int i;
901
	unsigned int ret;
902
	unsigned int nr_found;
903

904
	rcu_read_lock();
905
restart:
906
	nr_found = radix_tree_gang_lookup_slot(&mapping->page_tree,
907
				(void ***)pages, index, nr_pages);
908
	ret = 0;
909
	for (i = 0; i < nr_found; i++) {
910
		struct page *page;
911
repeat:
912
		page = radix_tree_deref_slot((void **)pages[i]);
913
		if (unlikely(!page))
914
			continue;
915

916
		/*
917
		 * This can only trigger when the entry at index 0 moves out
918
		 * of or back to the root: none yet gotten, safe to restart.
919
		 */
920
		if (radix_tree_deref_retry(page))
921
			goto restart;
922

923
		if (!page_cache_get_speculative(page))
924
			goto repeat;
925

926
		/* Has the page moved? */
927
		if (unlikely(page != *((void **)pages[i]))) {
928
			page_cache_release(page);
929
			goto repeat;
930
		}
931

932
		/*
933
		 * must check mapping and index after taking the ref.
934
		 * otherwise we can get both false positives and false
935
		 * negatives, which is just confusing to the caller.
936
		 */
937
		if (page->mapping == NULL || page->index != index) {
938
			page_cache_release(page);
939
			break;
940
		}
941

942
		pages[ret] = page;
943
		ret++;
944
		index++;
945
	}
946
	rcu_read_unlock();
947
	return ret;
948
}
949
EXPORT_SYMBOL(find_get_pages_contig);
950

951
/**
952
 * find_get_pages_tag - find and return pages that match @tag
953
 * @mapping:	the address_space to search
954
 * @index:	the starting page index
955
 * @tag:	the tag index
956
 * @nr_pages:	the maximum number of pages
957
 * @pages:	where the resulting pages are placed
958
 *
959
 * Like find_get_pages, except we only return pages which are tagged with
960
 * @tag.   We update @index to index the next page for the traversal.
961
 */
962
unsigned find_get_pages_tag(struct address_space *mapping, pgoff_t *index,
963
			int tag, unsigned int nr_pages, struct page **pages)
964
{
965
	unsigned int i;
966
	unsigned int ret;
967
	unsigned int nr_found;
968

969
	rcu_read_lock();
970
restart:
971
	nr_found = radix_tree_gang_lookup_tag_slot(&mapping->page_tree,
972
				(void ***)pages, *index, nr_pages, tag);
973
	ret = 0;
974
	for (i = 0; i < nr_found; i++) {
975
		struct page *page;
976
repeat:
977
		page = radix_tree_deref_slot((void **)pages[i]);
978
		if (unlikely(!page))
979
			continue;
980

981
		/*
982
		 * This can only trigger when the entry at index 0 moves out
983
		 * of or back to the root: none yet gotten, safe to restart.
984
		 */
985
		if (radix_tree_deref_retry(page))
986
			goto restart;
987

988
		if (!page_cache_get_speculative(page))
989
			goto repeat;
990

991
		/* Has the page moved? */
992
		if (unlikely(page != *((void **)pages[i]))) {
993
			page_cache_release(page);
994
			goto repeat;
995
		}
996

997
		pages[ret] = page;
998
		ret++;
999
	}
1000

1001
	/*
1002
	 * If all entries were removed before we could secure them,
1003
	 * try again, because callers stop trying once 0 is returned.
1004
	 */
1005
	if (unlikely(!ret && nr_found))
1006
		goto restart;
1007
	rcu_read_unlock();
1008

1009
	if (ret)
1010
		*index = pages[ret - 1]->index + 1;
1011

1012
	return ret;
1013
}
1014
EXPORT_SYMBOL(find_get_pages_tag);
1015

1016
/**
1017
 * grab_cache_page_nowait - returns locked page at given index in given cache
1018
 * @mapping: target address_space
1019
 * @index: the page index
1020
 *
1021
 * Same as grab_cache_page(), but do not wait if the page is unavailable.
1022
 * This is intended for speculative data generators, where the data can
1023
 * be regenerated if the page couldn't be grabbed.  This routine should
1024
 * be safe to call while holding the lock for another page.
1025
 *
1026
 * Clear __GFP_FS when allocating the page to avoid recursion into the fs
1027
 * and deadlock against the caller's locked page.
1028
 */
1029
struct page *
1030
grab_cache_page_nowait(struct address_space *mapping, pgoff_t index)
1031
{
1032
	struct page *page = find_get_page(mapping, index);
1033

1034
	if (page) {
1035
		if (trylock_page(page))
1036
			return page;
1037
		page_cache_release(page);
1038
		return NULL;
1039
	}
1040
	page = __page_cache_alloc(mapping_gfp_mask(mapping) & ~__GFP_FS);
1041
	if (page && add_to_page_cache_lru(page, mapping, index, GFP_NOFS)) {
1042
		page_cache_release(page);
1043
		page = NULL;
1044
	}
1045
	return page;
1046
}
1047
EXPORT_SYMBOL(grab_cache_page_nowait);
1048

1049
/*
1050
 * CD/DVDs are error prone. When a medium error occurs, the driver may fail
1051
 * a _large_ part of the i/o request. Imagine the worst scenario:
1052
 *
1053
 *      ---R__________________________________________B__________
1054
 *         ^ reading here                             ^ bad block(assume 4k)
1055
 *
1056
 * read(R) => miss => readahead(R...B) => media error => frustrating retries
1057
 * => failing the whole request => read(R) => read(R+1) =>
1058
 * readahead(R+1...B+1) => bang => read(R+2) => read(R+3) =>
1059
 * readahead(R+3...B+2) => bang => read(R+3) => read(R+4) =>
1060
 * readahead(R+4...B+3) => bang => read(R+4) => read(R+5) => ......
1061
 *
1062
 * It is going insane. Fix it by quickly scaling down the readahead size.
1063
 */
1064
static void shrink_readahead_size_eio(struct file *filp,
1065
					struct file_ra_state *ra)
1066
{
1067
	ra->ra_pages /= 4;
1068
}
1069

1070
/**
1071
 * do_generic_file_read - generic file read routine
1072
 * @filp:	the file to read
1073
 * @ppos:	current file position
1074
 * @desc:	read_descriptor
1075
 * @actor:	read method
1076
 *
1077
 * This is a generic file read routine, and uses the
1078
 * mapping->a_ops->readpage() function for the actual low-level stuff.
1079
 *
1080
 * This is really ugly. But the goto's actually try to clarify some
1081
 * of the logic when it comes to error handling etc.
1082
 */
1083
static void do_generic_file_read(struct file *filp, loff_t *ppos,
1084
		read_descriptor_t *desc, read_actor_t actor)
1085
{
1086
	struct address_space *mapping = filp->f_mapping;
1087
	struct inode *inode = mapping->host;
1088
	struct file_ra_state *ra = &filp->f_ra;
1089
	pgoff_t index;
1090
	pgoff_t last_index;
1091
	pgoff_t prev_index;
1092
	unsigned long offset;      /* offset into pagecache page */
1093
	unsigned int prev_offset;
1094
	int error;
1095

1096
	index = *ppos >> PAGE_CACHE_SHIFT;
1097
	prev_index = ra->prev_pos >> PAGE_CACHE_SHIFT;
1098
	prev_offset = ra->prev_pos & (PAGE_CACHE_SIZE-1);
1099
	last_index = (*ppos + desc->count + PAGE_CACHE_SIZE-1) >> PAGE_CACHE_SHIFT;
1100
	offset = *ppos & ~PAGE_CACHE_MASK;
1101

1102
	for (;;) {
1103
		struct page *page;
1104
		pgoff_t end_index;
1105
		loff_t isize;
1106
		unsigned long nr, ret;
1107

1108
		cond_resched();
1109
find_page:
1110
		page = find_get_page(mapping, index);
1111
		if (!page) {
1112
			page_cache_sync_readahead(mapping,
1113
					ra, filp,
1114
					index, last_index - index);
1115
			page = find_get_page(mapping, index);
1116
			if (unlikely(page == NULL))
1117
				goto no_cached_page;
1118
		}
1119
		if (PageReadahead(page)) {
1120
			page_cache_async_readahead(mapping,
1121
					ra, filp, page,
1122
					index, last_index - index);
1123
		}
1124
		if (!PageUptodate(page)) {
1125
			if (inode->i_blkbits == PAGE_CACHE_SHIFT ||
1126
					!mapping->a_ops->is_partially_uptodate)
1127
				goto page_not_up_to_date;
1128
			if (!trylock_page(page))
1129
				goto page_not_up_to_date;
1130
			/* Did it get truncated before we got the lock? */
1131
			if (!page->mapping)
1132
				goto page_not_up_to_date_locked;
1133
			if (!mapping->a_ops->is_partially_uptodate(page,
1134
								desc, offset))
1135
				goto page_not_up_to_date_locked;
1136
			unlock_page(page);
1137
		}
1138
page_ok:
1139
		/*
1140
		 * i_size must be checked after we know the page is Uptodate.
1141
		 *
1142
		 * Checking i_size after the check allows us to calculate
1143
		 * the correct value for "nr", which means the zero-filled
1144
		 * part of the page is not copied back to userspace (unless
1145
		 * another truncate extends the file - this is desired though).
1146
		 */
1147

1148
		isize = i_size_read(inode);
1149
		end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
1150
		if (unlikely(!isize || index > end_index)) {
1151
			page_cache_release(page);
1152
			goto out;
1153
		}
1154

1155
		/* nr is the maximum number of bytes to copy from this page */
1156
		nr = PAGE_CACHE_SIZE;
1157
		if (index == end_index) {
1158
			nr = ((isize - 1) & ~PAGE_CACHE_MASK) + 1;
1159
			if (nr <= offset) {
1160
				page_cache_release(page);
1161
				goto out;
1162
			}
1163
		}
1164
		nr = nr - offset;
1165

1166
		/* If users can be writing to this page using arbitrary
1167
		 * virtual addresses, take care about potential aliasing
1168
		 * before reading the page on the kernel side.
1169
		 */
1170
		if (mapping_writably_mapped(mapping))
1171
			flush_dcache_page(page);
1172

1173
		/*
1174
		 * When a sequential read accesses a page several times,
1175
		 * only mark it as accessed the first time.
1176
		 */
1177
		if (prev_index != index || offset != prev_offset)
1178
			mark_page_accessed(page);
1179
		prev_index = index;
1180

1181
		/*
1182
		 * Ok, we have the page, and it's up-to-date, so
1183
		 * now we can copy it to user space...
1184
		 *
1185
		 * The actor routine returns how many bytes were actually used..
1186
		 * NOTE! This may not be the same as how much of a user buffer
1187
		 * we filled up (we may be padding etc), so we can only update
1188
		 * "pos" here (the actor routine has to update the user buffer
1189
		 * pointers and the remaining count).
1190
		 */
1191
		ret = actor(desc, page, offset, nr);
1192
		offset += ret;
1193
		index += offset >> PAGE_CACHE_SHIFT;
1194
		offset &= ~PAGE_CACHE_MASK;
1195
		prev_offset = offset;
1196

1197
		page_cache_release(page);
1198
		if (ret == nr && desc->count)
1199
			continue;
1200
		goto out;
1201

1202
page_not_up_to_date:
1203
		/* Get exclusive access to the page ... */
1204
		error = lock_page_killable(page);
1205
		if (unlikely(error))
1206
			goto readpage_error;
1207

1208
page_not_up_to_date_locked:
1209
		/* Did it get truncated before we got the lock? */
1210
		if (!page->mapping) {
1211
			unlock_page(page);
1212
			page_cache_release(page);
1213
			continue;
1214
		}
1215

1216
		/* Did somebody else fill it already? */
1217
		if (PageUptodate(page)) {
1218
			unlock_page(page);
1219
			goto page_ok;
1220
		}
1221

1222
readpage:
1223
		/*
1224
		 * A previous I/O error may have been due to temporary
1225
		 * failures, eg. multipath errors.
1226
		 * PG_error will be set again if readpage fails.
1227
		 */
1228
		ClearPageError(page);
1229
		/* Start the actual read. The read will unlock the page. */
1230
		error = mapping->a_ops->readpage(filp, page);
1231

1232
		if (unlikely(error)) {
1233
			if (error == AOP_TRUNCATED_PAGE) {
1234
				page_cache_release(page);
1235
				goto find_page;
1236
			}
1237
			goto readpage_error;
1238
		}
1239

1240
		if (!PageUptodate(page)) {
1241
			error = lock_page_killable(page);
1242
			if (unlikely(error))
1243
				goto readpage_error;
1244
			if (!PageUptodate(page)) {
1245
				if (page->mapping == NULL) {
1246
					/*
1247
					 * invalidate_mapping_pages got it
1248
					 */
1249
					unlock_page(page);
1250
					page_cache_release(page);
1251
					goto find_page;
1252
				}
1253
				unlock_page(page);
1254
				shrink_readahead_size_eio(filp, ra);
1255
				error = -EIO;
1256
				goto readpage_error;
1257
			}
1258
			unlock_page(page);
1259
		}
1260

1261
		goto page_ok;
1262

1263
readpage_error:
1264
		/* UHHUH! A synchronous read error occurred. Report it */
1265
		desc->error = error;
1266
		page_cache_release(page);
1267
		goto out;
1268

1269
no_cached_page:
1270
		/*
1271
		 * Ok, it wasn't cached, so we need to create a new
1272
		 * page..
1273
		 */
1274
		page = page_cache_alloc_cold(mapping);
1275
		if (!page) {
1276
			desc->error = -ENOMEM;
1277
			goto out;
1278
		}
1279
		error = add_to_page_cache_lru(page, mapping,
1280
						index, GFP_KERNEL);
1281
		if (error) {
1282
			page_cache_release(page);
1283
			if (error == -EEXIST)
1284
				goto find_page;
1285
			desc->error = error;
1286
			goto out;
1287
		}
1288
		goto readpage;
1289
	}
1290

1291
out:
1292
	ra->prev_pos = prev_index;
1293
	ra->prev_pos <<= PAGE_CACHE_SHIFT;
1294
	ra->prev_pos |= prev_offset;
1295

1296
	*ppos = ((loff_t)index << PAGE_CACHE_SHIFT) + offset;
1297
	file_accessed(filp);
1298
}
1299

1300
int file_read_actor(read_descriptor_t *desc, struct page *page,
1301
			unsigned long offset, unsigned long size)
1302
{
1303
	char *kaddr;
1304
	unsigned long left, count = desc->count;
1305

1306
	if (size > count)
1307
		size = count;
1308

1309
	/*
1310
	 * Faults on the destination of a read are common, so do it before
1311
	 * taking the kmap.
1312
	 */
1313
	if (!fault_in_pages_writeable(desc->arg.buf, size)) {
1314
		kaddr = kmap_atomic(page, KM_USER0);
1315
		left = __copy_to_user_inatomic(desc->arg.buf,
1316
						kaddr + offset, size);
1317
		kunmap_atomic(kaddr, KM_USER0);
1318
		if (left == 0)
1319
			goto success;
1320
	}
1321

1322
	/* Do it the slow way */
1323
	kaddr = kmap(page);
1324
	left = __copy_to_user(desc->arg.buf, kaddr + offset, size);
1325
	kunmap(page);
1326

1327
	if (left) {
1328
		size -= left;
1329
		desc->error = -EFAULT;
1330
	}
1331
success:
1332
	desc->count = count - size;
1333
	desc->written += size;
1334
	desc->arg.buf += size;
1335
	return size;
1336
}
1337

1338
/*
1339
 * Performs necessary checks before doing a write
1340
 * @iov:	io vector request
1341
 * @nr_segs:	number of segments in the iovec
1342
 * @count:	number of bytes to write
1343
 * @access_flags: type of access: %VERIFY_READ or %VERIFY_WRITE
1344
 *
1345
 * Adjust number of segments and amount of bytes to write (nr_segs should be
1346
 * properly initialized first). Returns appropriate error code that caller
1347
 * should return or zero in case that write should be allowed.
1348
 */
1349
int generic_segment_checks(const struct iovec *iov,
1350
			unsigned long *nr_segs, size_t *count, int access_flags)
1351
{
1352
	unsigned long   seg;
1353
	size_t cnt = 0;
1354
	for (seg = 0; seg < *nr_segs; seg++) {
1355
		const struct iovec *iv = &iov[seg];
1356

1357
		/*
1358
		 * If any segment has a negative length, or the cumulative
1359
		 * length ever wraps negative then return -EINVAL.
1360
		 */
1361
		cnt += iv->iov_len;
1362
		if (unlikely((ssize_t)(cnt|iv->iov_len) < 0))
1363
			return -EINVAL;
1364
		if (access_ok(access_flags, iv->iov_base, iv->iov_len))
1365
			continue;
1366
		if (seg == 0)
1367
			return -EFAULT;
1368
		*nr_segs = seg;
1369
		cnt -= iv->iov_len;	/* This segment is no good */
1370
		break;
1371
	}
1372
	*count = cnt;
1373
	return 0;
1374
}
1375
EXPORT_SYMBOL(generic_segment_checks);
1376

1377
/**
1378
 * generic_file_aio_read - generic filesystem read routine
1379
 * @iocb:	kernel I/O control block
1380
 * @iov:	io vector request
1381
 * @nr_segs:	number of segments in the iovec
1382
 * @pos:	current file position
1383
 *
1384
 * This is the "read()" routine for all filesystems
1385
 * that can use the page cache directly.
1386
 */
1387
ssize_t
1388
generic_file_aio_read(struct kiocb *iocb, const struct iovec *iov,
1389
		unsigned long nr_segs, loff_t pos)
1390
{
1391
	struct file *filp = iocb->ki_filp;
1392
	ssize_t retval;
1393
	unsigned long seg = 0;
1394
	size_t count;
1395
	loff_t *ppos = &iocb->ki_pos;
1396
	struct blk_plug plug;
1397

1398
	count = 0;
1399
	retval = generic_segment_checks(iov, &nr_segs, &count, VERIFY_WRITE);
1400
	if (retval)
1401
		return retval;
1402

1403
	blk_start_plug(&plug);
1404

1405
	/* coalesce the iovecs and go direct-to-BIO for O_DIRECT */
1406
	if (filp->f_flags & O_DIRECT) {
1407
		loff_t size;
1408
		struct address_space *mapping;
1409
		struct inode *inode;
1410

1411
		mapping = filp->f_mapping;
1412
		inode = mapping->host;
1413
		if (!count)
1414
			goto out; /* skip atime */
1415
		size = i_size_read(inode);
1416
		if (pos < size) {
1417
			retval = filemap_write_and_wait_range(mapping, pos,
1418
					pos + iov_length(iov, nr_segs) - 1);
1419
			if (!retval) {
1420
				retval = mapping->a_ops->direct_IO(READ, iocb,
1421
							iov, pos, nr_segs);
1422
			}
1423
			if (retval > 0) {
1424
				*ppos = pos + retval;
1425
				count -= retval;
1426
			}
1427

1428
			/*
1429
			 * Btrfs can have a short DIO read if we encounter
1430
			 * compressed extents, so if there was an error, or if
1431
			 * we've already read everything we wanted to, or if
1432
			 * there was a short read because we hit EOF, go ahead
1433
			 * and return.  Otherwise fallthrough to buffered io for
1434
			 * the rest of the read.
1435
			 */
1436
			if (retval < 0 || !count || *ppos >= size) {
1437
				file_accessed(filp);
1438
				goto out;
1439
			}
1440
		}
1441
	}
1442

1443
	count = retval;
1444
	for (seg = 0; seg < nr_segs; seg++) {
1445
		read_descriptor_t desc;
1446
		loff_t offset = 0;
1447

1448
		/*
1449
		 * If we did a short DIO read we need to skip the section of the
1450
		 * iov that we've already read data into.
1451
		 */
1452
		if (count) {
1453
			if (count > iov[seg].iov_len) {
1454
				count -= iov[seg].iov_len;
1455
				continue;
1456
			}
1457
			offset = count;
1458
			count = 0;
1459
		}
1460

1461
		desc.written = 0;
1462
		desc.arg.buf = iov[seg].iov_base + offset;
1463
		desc.count = iov[seg].iov_len - offset;
1464
		if (desc.count == 0)
1465
			continue;
1466
		desc.error = 0;
1467
		do_generic_file_read(filp, ppos, &desc, file_read_actor);
1468
		retval += desc.written;
1469
		if (desc.error) {
1470
			retval = retval ?: desc.error;
1471
			break;
1472
		}
1473
		if (desc.count > 0)
1474
			break;
1475
	}
1476
out:
1477
	blk_finish_plug(&plug);
1478
	return retval;
1479
}
1480
EXPORT_SYMBOL(generic_file_aio_read);
1481

1482
static ssize_t
1483
do_readahead(struct address_space *mapping, struct file *filp,
1484
	     pgoff_t index, unsigned long nr)
1485
{
1486
	if (!mapping || !mapping->a_ops || !mapping->a_ops->readpage)
1487
		return -EINVAL;
1488

1489
	force_page_cache_readahead(mapping, filp, index, nr);
1490
	return 0;
1491
}
1492

1493
SYSCALL_DEFINE(readahead)(int fd, loff_t offset, size_t count)
1494
{
1495
	ssize_t ret;
1496
	struct file *file;
1497

1498
	ret = -EBADF;
1499
	file = fget(fd);
1500
	if (file) {
1501
		if (file->f_mode & FMODE_READ) {
1502
			struct address_space *mapping = file->f_mapping;
1503
			pgoff_t start = offset >> PAGE_CACHE_SHIFT;
1504
			pgoff_t end = (offset + count - 1) >> PAGE_CACHE_SHIFT;
1505
			unsigned long len = end - start + 1;
1506
			ret = do_readahead(mapping, file, start, len);
1507
		}
1508
		fput(file);
1509
	}
1510
	return ret;
1511
}
1512
#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
1513
asmlinkage long SyS_readahead(long fd, loff_t offset, long count)
1514
{
1515
	return SYSC_readahead((int) fd, offset, (size_t) count);
1516
}
1517
SYSCALL_ALIAS(sys_readahead, SyS_readahead);
1518
#endif
1519

1520
#ifdef CONFIG_MMU
1521
/**
1522
 * page_cache_read - adds requested page to the page cache if not already there
1523
 * @file:	file to read
1524
 * @offset:	page index
1525
 *
1526
 * This adds the requested page to the page cache if it isn't already there,
1527
 * and schedules an I/O to read in its contents from disk.
1528
 */
1529
static int page_cache_read(struct file *file, pgoff_t offset)
1530
{
1531
	struct address_space *mapping = file->f_mapping;
1532
	struct page *page; 
1533
	int ret;
1534

1535
	do {
1536
		page = page_cache_alloc_cold(mapping);
1537
		if (!page)
1538
			return -ENOMEM;
1539

1540
		ret = add_to_page_cache_lru(page, mapping, offset, GFP_KERNEL);
1541
		if (ret == 0)
1542
			ret = mapping->a_ops->readpage(file, page);
1543
		else if (ret == -EEXIST)
1544
			ret = 0; /* losing race to add is OK */
1545

1546
		page_cache_release(page);
1547

1548
	} while (ret == AOP_TRUNCATED_PAGE);
1549
		
1550
	return ret;
1551
}
1552

1553
#define MMAP_LOTSAMISS  (100)
1554

1555
/*
1556
 * Synchronous readahead happens when we don't even find
1557
 * a page in the page cache at all.
1558
 */
1559
static void do_sync_mmap_readahead(struct vm_area_struct *vma,
1560
				   struct file_ra_state *ra,
1561
				   struct file *file,
1562
				   pgoff_t offset)
1563
{
1564
	unsigned long ra_pages;
1565
	struct address_space *mapping = file->f_mapping;
1566

1567
	/* If we don't want any read-ahead, don't bother */
1568
	if (VM_RandomReadHint(vma))
1569
		return;
1570
	if (!ra->ra_pages)
1571
		return;
1572

1573
	if (VM_SequentialReadHint(vma)) {
1574
		page_cache_sync_readahead(mapping, ra, file, offset,
1575
					  ra->ra_pages);
1576
		return;
1577
	}
1578

1579
	/* Avoid banging the cache line if not needed */
1580
	if (ra->mmap_miss < MMAP_LOTSAMISS * 10)
1581
		ra->mmap_miss++;
1582

1583
	/*
1584
	 * Do we miss much more than hit in this file? If so,
1585
	 * stop bothering with read-ahead. It will only hurt.
1586
	 */
1587
	if (ra->mmap_miss > MMAP_LOTSAMISS)
1588
		return;
1589

1590
	/*
1591
	 * mmap read-around
1592
	 */
1593
	ra_pages = max_sane_readahead(ra->ra_pages);
1594
	ra->start = max_t(long, 0, offset - ra_pages / 2);
1595
	ra->size = ra_pages;
1596
	ra->async_size = ra_pages / 4;
1597
	ra_submit(ra, mapping, file);
1598
}
1599

1600
/*
1601
 * Asynchronous readahead happens when we find the page and PG_readahead,
1602
 * so we want to possibly extend the readahead further..
1603
 */
1604
static void do_async_mmap_readahead(struct vm_area_struct *vma,
1605
				    struct file_ra_state *ra,
1606
				    struct file *file,
1607
				    struct page *page,
1608
				    pgoff_t offset)
1609
{
1610
	struct address_space *mapping = file->f_mapping;
1611

1612
	/* If we don't want any read-ahead, don't bother */
1613
	if (VM_RandomReadHint(vma))
1614
		return;
1615
	if (ra->mmap_miss > 0)
1616
		ra->mmap_miss--;
1617
	if (PageReadahead(page))
1618
		page_cache_async_readahead(mapping, ra, file,
1619
					   page, offset, ra->ra_pages);
1620
}
1621

1622
/**
1623
 * filemap_fault - read in file data for page fault handling
1624
 * @vma:	vma in which the fault was taken
1625
 * @vmf:	struct vm_fault containing details of the fault
1626
 *
1627
 * filemap_fault() is invoked via the vma operations vector for a
1628
 * mapped memory region to read in file data during a page fault.
1629
 *
1630
 * The goto's are kind of ugly, but this streamlines the normal case of having
1631
 * it in the page cache, and handles the special cases reasonably without
1632
 * having a lot of duplicated code.
1633
 */
1634
int filemap_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
1635
{
1636
	int error;
1637
	struct file *file = vma->vm_file;
1638
	struct address_space *mapping = file->f_mapping;
1639
	struct file_ra_state *ra = &file->f_ra;
1640
	struct inode *inode = mapping->host;
1641
	pgoff_t offset = vmf->pgoff;
1642
	struct page *page;
1643
	pgoff_t size;
1644
	int ret = 0;
1645

1646
	size = (i_size_read(inode) + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
1647
	if (offset >= size)
1648
		return VM_FAULT_SIGBUS;
1649

1650
	/*
1651
	 * Do we have something in the page cache already?
1652
	 */
1653
	page = find_get_page(mapping, offset);
1654
	if (likely(page)) {
1655
		/*
1656
		 * We found the page, so try async readahead before
1657
		 * waiting for the lock.
1658
		 */
1659
		do_async_mmap_readahead(vma, ra, file, page, offset);
1660
	} else {
1661
		/* No page in the page cache at all */
1662
		do_sync_mmap_readahead(vma, ra, file, offset);
1663
		count_vm_event(PGMAJFAULT);
1664
		mem_cgroup_count_vm_event(vma->vm_mm, PGMAJFAULT);
1665
		ret = VM_FAULT_MAJOR;
1666
retry_find:
1667
		page = find_get_page(mapping, offset);
1668
		if (!page)
1669
			goto no_cached_page;
1670
	}
1671

1672
	if (!lock_page_or_retry(page, vma->vm_mm, vmf->flags)) {
1673
		page_cache_release(page);
1674
		return ret | VM_FAULT_RETRY;
1675
	}
1676

1677
	/* Did it get truncated? */
1678
	if (unlikely(page->mapping != mapping)) {
1679
		unlock_page(page);
1680
		put_page(page);
1681
		goto retry_find;
1682
	}
1683
	VM_BUG_ON(page->index != offset);
1684

1685
	/*
1686
	 * We have a locked page in the page cache, now we need to check
1687
	 * that it's up-to-date. If not, it is going to be due to an error.
1688
	 */
1689
	if (unlikely(!PageUptodate(page)))
1690
		goto page_not_uptodate;
1691

1692
	/*
1693
	 * Found the page and have a reference on it.
1694
	 * We must recheck i_size under page lock.
1695
	 */
1696
	size = (i_size_read(inode) + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
1697
	if (unlikely(offset >= size)) {
1698
		unlock_page(page);
1699
		page_cache_release(page);
1700
		return VM_FAULT_SIGBUS;
1701
	}
1702

1703
	vmf->page = page;
1704
	return ret | VM_FAULT_LOCKED;
1705

1706
no_cached_page:
1707
	/*
1708
	 * We're only likely to ever get here if MADV_RANDOM is in
1709
	 * effect.
1710
	 */
1711
	error = page_cache_read(file, offset);
1712

1713
	/*
1714
	 * The page we want has now been added to the page cache.
1715
	 * In the unlikely event that someone removed it in the
1716
	 * meantime, we'll just come back here and read it again.
1717
	 */
1718
	if (error >= 0)
1719
		goto retry_find;
1720

1721
	/*
1722
	 * An error return from page_cache_read can result if the
1723
	 * system is low on memory, or a problem occurs while trying
1724
	 * to schedule I/O.
1725
	 */
1726
	if (error == -ENOMEM)
1727
		return VM_FAULT_OOM;
1728
	return VM_FAULT_SIGBUS;
1729

1730
page_not_uptodate:
1731
	/*
1732
	 * Umm, take care of errors if the page isn't up-to-date.
1733
	 * Try to re-read it _once_. We do this synchronously,
1734
	 * because there really aren't any performance issues here
1735
	 * and we need to check for errors.
1736
	 */
1737
	ClearPageError(page);
1738
	error = mapping->a_ops->readpage(file, page);
1739
	if (!error) {
1740
		wait_on_page_locked(page);
1741
		if (!PageUptodate(page))
1742
			error = -EIO;
1743
	}
1744
	page_cache_release(page);
1745

1746
	if (!error || error == AOP_TRUNCATED_PAGE)
1747
		goto retry_find;
1748

1749
	/* Things didn't work out. Return zero to tell the mm layer so. */
1750
	shrink_readahead_size_eio(file, ra);
1751
	return VM_FAULT_SIGBUS;
1752
}
1753
EXPORT_SYMBOL(filemap_fault);
1754

1755
const struct vm_operations_struct generic_file_vm_ops = {
1756
	.fault		= filemap_fault,
1757
};
1758

1759
/* This is used for a general mmap of a disk file */
1760

1761
int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
1762
{
1763
	struct address_space *mapping = file->f_mapping;
1764

1765
	if (!mapping->a_ops->readpage)
1766
		return -ENOEXEC;
1767
	file_accessed(file);
1768
	vma->vm_ops = &generic_file_vm_ops;
1769
	vma->vm_flags |= VM_CAN_NONLINEAR;
1770
	return 0;
1771
}
1772

1773
/*
1774
 * This is for filesystems which do not implement ->writepage.
1775
 */
1776
int generic_file_readonly_mmap(struct file *file, struct vm_area_struct *vma)
1777
{
1778
	if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_MAYWRITE))
1779
		return -EINVAL;
1780
	return generic_file_mmap(file, vma);
1781
}
1782
#else
1783
int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
1784
{
1785
	return -ENOSYS;
1786
}
1787
int generic_file_readonly_mmap(struct file * file, struct vm_area_struct * vma)
1788
{
1789
	return -ENOSYS;
1790
}
1791
#endif /* CONFIG_MMU */
1792

1793
EXPORT_SYMBOL(generic_file_mmap);
1794
EXPORT_SYMBOL(generic_file_readonly_mmap);
1795

1796
static struct page *__read_cache_page(struct address_space *mapping,
1797
				pgoff_t index,
1798
				int (*filler)(void *,struct page*),
1799
				void *data,
1800
				gfp_t gfp)
1801
{
1802
	struct page *page;
1803
	int err;
1804
repeat:
1805
	page = find_get_page(mapping, index);
1806
	if (!page) {
1807
		page = __page_cache_alloc(gfp | __GFP_COLD);
1808
		if (!page)
1809
			return ERR_PTR(-ENOMEM);
1810
		err = add_to_page_cache_lru(page, mapping, index, GFP_KERNEL);
1811
		if (unlikely(err)) {
1812
			page_cache_release(page);
1813
			if (err == -EEXIST)
1814
				goto repeat;
1815
			/* Presumably ENOMEM for radix tree node */
1816
			return ERR_PTR(err);
1817
		}
1818
		err = filler(data, page);
1819
		if (err < 0) {
1820
			page_cache_release(page);
1821
			page = ERR_PTR(err);
1822
		}
1823
	}
1824
	return page;
1825
}
1826

1827
static struct page *do_read_cache_page(struct address_space *mapping,
1828
				pgoff_t index,
1829
				int (*filler)(void *,struct page*),
1830
				void *data,
1831
				gfp_t gfp)
1832

1833
{
1834
	struct page *page;
1835
	int err;
1836

1837
retry:
1838
	page = __read_cache_page(mapping, index, filler, data, gfp);
1839
	if (IS_ERR(page))
1840
		return page;
1841
	if (PageUptodate(page))
1842
		goto out;
1843

1844
	lock_page(page);
1845
	if (!page->mapping) {
1846
		unlock_page(page);
1847
		page_cache_release(page);
1848
		goto retry;
1849
	}
1850
	if (PageUptodate(page)) {
1851
		unlock_page(page);
1852
		goto out;
1853
	}
1854
	err = filler(data, page);
1855
	if (err < 0) {
1856
		page_cache_release(page);
1857
		return ERR_PTR(err);
1858
	}
1859
out:
1860
	mark_page_accessed(page);
1861
	return page;
1862
}
1863

1864
/**
1865
 * read_cache_page_async - read into page cache, fill it if needed
1866
 * @mapping:	the page's address_space
1867
 * @index:	the page index
1868
 * @filler:	function to perform the read
1869
 * @data:	destination for read data
1870
 *
1871
 * Same as read_cache_page, but don't wait for page to become unlocked
1872
 * after submitting it to the filler.
1873
 *
1874
 * Read into the page cache. If a page already exists, and PageUptodate() is
1875
 * not set, try to fill the page but don't wait for it to become unlocked.
1876
 *
1877
 * If the page does not get brought uptodate, return -EIO.
1878
 */
1879
struct page *read_cache_page_async(struct address_space *mapping,
1880
				pgoff_t index,
1881
				int (*filler)(void *,struct page*),
1882
				void *data)
1883
{
1884
	return do_read_cache_page(mapping, index, filler, data, mapping_gfp_mask(mapping));
1885
}
1886
EXPORT_SYMBOL(read_cache_page_async);
1887

1888
static struct page *wait_on_page_read(struct page *page)
1889
{
1890
	if (!IS_ERR(page)) {
1891
		wait_on_page_locked(page);
1892
		if (!PageUptodate(page)) {
1893
			page_cache_release(page);
1894
			page = ERR_PTR(-EIO);
1895
		}
1896
	}
1897
	return page;
1898
}
1899

1900
/**
1901
 * read_cache_page_gfp - read into page cache, using specified page allocation flags.
1902
 * @mapping:	the page's address_space
1903
 * @index:	the page index
1904
 * @gfp:	the page allocator flags to use if allocating
1905
 *
1906
 * This is the same as "read_mapping_page(mapping, index, NULL)", but with
1907
 * any new page allocations done using the specified allocation flags. Note
1908
 * that the Radix tree operations will still use GFP_KERNEL, so you can't
1909
 * expect to do this atomically or anything like that - but you can pass in
1910
 * other page requirements.
1911
 *
1912
 * If the page does not get brought uptodate, return -EIO.
1913
 */
1914
struct page *read_cache_page_gfp(struct address_space *mapping,
1915
				pgoff_t index,
1916
				gfp_t gfp)
1917
{
1918
	filler_t *filler = (filler_t *)mapping->a_ops->readpage;
1919

1920
	return wait_on_page_read(do_read_cache_page(mapping, index, filler, NULL, gfp));
1921
}
1922
EXPORT_SYMBOL(read_cache_page_gfp);
1923

1924
/**
1925
 * read_cache_page - read into page cache, fill it if needed
1926
 * @mapping:	the page's address_space
1927
 * @index:	the page index
1928
 * @filler:	function to perform the read
1929
 * @data:	destination for read data
1930
 *
1931
 * Read into the page cache. If a page already exists, and PageUptodate() is
1932
 * not set, try to fill the page then wait for it to become unlocked.
1933
 *
1934
 * If the page does not get brought uptodate, return -EIO.
1935
 */
1936
struct page *read_cache_page(struct address_space *mapping,
1937
				pgoff_t index,
1938
				int (*filler)(void *,struct page*),
1939
				void *data)
1940
{
1941
	return wait_on_page_read(read_cache_page_async(mapping, index, filler, data));
1942
}
1943
EXPORT_SYMBOL(read_cache_page);
1944

1945
/*
1946
 * The logic we want is
1947
 *
1948
 *	if suid or (sgid and xgrp)
1949
 *		remove privs
1950
 */
1951
int should_remove_suid(struct dentry *dentry)
1952
{
1953
	mode_t mode = dentry->d_inode->i_mode;
1954
	int kill = 0;
1955

1956
	/* suid always must be killed */
1957
	if (unlikely(mode & S_ISUID))
1958
		kill = ATTR_KILL_SUID;
1959

1960
	/*
1961
	 * sgid without any exec bits is just a mandatory locking mark; leave
1962
	 * it alone.  If some exec bits are set, it's a real sgid; kill it.
1963
	 */
1964
	if (unlikely((mode & S_ISGID) && (mode & S_IXGRP)))
1965
		kill |= ATTR_KILL_SGID;
1966

1967
	if (unlikely(kill && !capable(CAP_FSETID) && S_ISREG(mode)))
1968
		return kill;
1969

1970
	return 0;
1971
}
1972
EXPORT_SYMBOL(should_remove_suid);
1973

1974
static int __remove_suid(struct dentry *dentry, int kill)
1975
{
1976
	struct iattr newattrs;
1977

1978
	newattrs.ia_valid = ATTR_FORCE | kill;
1979
	return notify_change(dentry, &newattrs);
1980
}
1981

1982
int file_remove_suid(struct file *file)
1983
{
1984
	struct dentry *dentry = file->f_path.dentry;
1985
	struct inode *inode = dentry->d_inode;
1986
	int killsuid;
1987
	int killpriv;
1988
	int error = 0;
1989

1990
	/* Fast path for nothing security related */
1991
	if (IS_NOSEC(inode))
1992
		return 0;
1993

1994
	killsuid = should_remove_suid(dentry);
1995
	killpriv = security_inode_need_killpriv(dentry);
1996

1997
	if (killpriv < 0)
1998
		return killpriv;
1999
	if (killpriv)
2000
		error = security_inode_killpriv(dentry);
2001
	if (!error && killsuid)
2002
		error = __remove_suid(dentry, killsuid);
2003
	if (!error && (inode->i_sb->s_flags & MS_NOSEC))
2004
		inode->i_flags |= S_NOSEC;
2005

2006
	return error;
2007
}
2008
EXPORT_SYMBOL(file_remove_suid);
2009

2010
static size_t __iovec_copy_from_user_inatomic(char *vaddr,
2011
			const struct iovec *iov, size_t base, size_t bytes)
2012
{
2013
	size_t copied = 0, left = 0;
2014

2015
	while (bytes) {
2016
		char __user *buf = iov->iov_base + base;
2017
		int copy = min(bytes, iov->iov_len - base);
2018

2019
		base = 0;
2020
		left = __copy_from_user_inatomic(vaddr, buf, copy);
2021
		copied += copy;
2022
		bytes -= copy;
2023
		vaddr += copy;
2024
		iov++;
2025

2026
		if (unlikely(left))
2027
			break;
2028
	}
2029
	return copied - left;
2030
}
2031

2032
/*
2033
 * Copy as much as we can into the page and return the number of bytes which
2034
 * were successfully copied.  If a fault is encountered then return the number of
2035
 * bytes which were copied.
2036
 */
2037
size_t iov_iter_copy_from_user_atomic(struct page *page,
2038
		struct iov_iter *i, unsigned long offset, size_t bytes)
2039
{
2040
	char *kaddr;
2041
	size_t copied;
2042

2043
	BUG_ON(!in_atomic());
2044
	kaddr = kmap_atomic(page, KM_USER0);
2045
	if (likely(i->nr_segs == 1)) {
2046
		int left;
2047
		char __user *buf = i->iov->iov_base + i->iov_offset;
2048
		left = __copy_from_user_inatomic(kaddr + offset, buf, bytes);
2049
		copied = bytes - left;
2050
	} else {
2051
		copied = __iovec_copy_from_user_inatomic(kaddr + offset,
2052
						i->iov, i->iov_offset, bytes);
2053
	}
2054
	kunmap_atomic(kaddr, KM_USER0);
2055

2056
	return copied;
2057
}
2058
EXPORT_SYMBOL(iov_iter_copy_from_user_atomic);
2059

2060
/*
2061
 * This has the same sideeffects and return value as
2062
 * iov_iter_copy_from_user_atomic().
2063
 * The difference is that it attempts to resolve faults.
2064
 * Page must not be locked.
2065
 */
2066
size_t iov_iter_copy_from_user(struct page *page,
2067
		struct iov_iter *i, unsigned long offset, size_t bytes)
2068
{
2069
	char *kaddr;
2070
	size_t copied;
2071

2072
	kaddr = kmap(page);
2073
	if (likely(i->nr_segs == 1)) {
2074
		int left;
2075
		char __user *buf = i->iov->iov_base + i->iov_offset;
2076
		left = __copy_from_user(kaddr + offset, buf, bytes);
2077
		copied = bytes - left;
2078
	} else {
2079
		copied = __iovec_copy_from_user_inatomic(kaddr + offset,
2080
						i->iov, i->iov_offset, bytes);
2081
	}
2082
	kunmap(page);
2083
	return copied;
2084
}
2085
EXPORT_SYMBOL(iov_iter_copy_from_user);
2086

2087
void iov_iter_advance(struct iov_iter *i, size_t bytes)
2088
{
2089
	BUG_ON(i->count < bytes);
2090

2091
	if (likely(i->nr_segs == 1)) {
2092
		i->iov_offset += bytes;
2093
		i->count -= bytes;
2094
	} else {
2095
		const struct iovec *iov = i->iov;
2096
		size_t base = i->iov_offset;
2097

2098
		/*
2099
		 * The !iov->iov_len check ensures we skip over unlikely
2100
		 * zero-length segments (without overruning the iovec).
2101
		 */
2102
		while (bytes || unlikely(i->count && !iov->iov_len)) {
2103
			int copy;
2104

2105
			copy = min(bytes, iov->iov_len - base);
2106
			BUG_ON(!i->count || i->count < copy);
2107
			i->count -= copy;
2108
			bytes -= copy;
2109
			base += copy;
2110
			if (iov->iov_len == base) {
2111
				iov++;
2112
				base = 0;
2113
			}
2114
		}
2115
		i->iov = iov;
2116
		i->iov_offset = base;
2117
	}
2118
}
2119
EXPORT_SYMBOL(iov_iter_advance);
2120

2121
/*
2122
 * Fault in the first iovec of the given iov_iter, to a maximum length
2123
 * of bytes. Returns 0 on success, or non-zero if the memory could not be
2124
 * accessed (ie. because it is an invalid address).
2125
 *
2126
 * writev-intensive code may want this to prefault several iovecs -- that
2127
 * would be possible (callers must not rely on the fact that _only_ the
2128
 * first iovec will be faulted with the current implementation).
2129
 */
2130
int iov_iter_fault_in_readable(struct iov_iter *i, size_t bytes)
2131
{
2132
	char __user *buf = i->iov->iov_base + i->iov_offset;
2133
	bytes = min(bytes, i->iov->iov_len - i->iov_offset);
2134
	return fault_in_pages_readable(buf, bytes);
2135
}
2136
EXPORT_SYMBOL(iov_iter_fault_in_readable);
2137

2138
/*
2139
 * Return the count of just the current iov_iter segment.
2140
 */
2141
size_t iov_iter_single_seg_count(struct iov_iter *i)
2142
{
2143
	const struct iovec *iov = i->iov;
2144
	if (i->nr_segs == 1)
2145
		return i->count;
2146
	else
2147
		return min(i->count, iov->iov_len - i->iov_offset);
2148
}
2149
EXPORT_SYMBOL(iov_iter_single_seg_count);
2150

2151
/*
2152
 * Performs necessary checks before doing a write
2153
 *
2154
 * Can adjust writing position or amount of bytes to write.
2155
 * Returns appropriate error code that caller should return or
2156
 * zero in case that write should be allowed.
2157
 */
2158
inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, int isblk)
2159
{
2160
	struct inode *inode = file->f_mapping->host;
2161
	unsigned long limit = rlimit(RLIMIT_FSIZE);
2162

2163
        if (unlikely(*pos < 0))
2164
                return -EINVAL;
2165

2166
	if (!isblk) {
2167
		/* FIXME: this is for backwards compatibility with 2.4 */
2168
		if (file->f_flags & O_APPEND)
2169
                        *pos = i_size_read(inode);
2170

2171
		if (limit != RLIM_INFINITY) {
2172
			if (*pos >= limit) {
2173
				send_sig(SIGXFSZ, current, 0);
2174
				return -EFBIG;
2175
			}
2176
			if (*count > limit - (typeof(limit))*pos) {
2177
				*count = limit - (typeof(limit))*pos;
2178
			}
2179
		}
2180
	}
2181

2182
	/*
2183
	 * LFS rule
2184
	 */
2185
	if (unlikely(*pos + *count > MAX_NON_LFS &&
2186
				!(file->f_flags & O_LARGEFILE))) {
2187
		if (*pos >= MAX_NON_LFS) {
2188
			return -EFBIG;
2189
		}
2190
		if (*count > MAX_NON_LFS - (unsigned long)*pos) {
2191
			*count = MAX_NON_LFS - (unsigned long)*pos;
2192
		}
2193
	}
2194

2195
	/*
2196
	 * Are we about to exceed the fs block limit ?
2197
	 *
2198
	 * If we have written data it becomes a short write.  If we have
2199
	 * exceeded without writing data we send a signal and return EFBIG.
2200
	 * Linus frestrict idea will clean these up nicely..
2201
	 */
2202
	if (likely(!isblk)) {
2203
		if (unlikely(*pos >= inode->i_sb->s_maxbytes)) {
2204
			if (*count || *pos > inode->i_sb->s_maxbytes) {
2205
				return -EFBIG;
2206
			}
2207
			/* zero-length writes at ->s_maxbytes are OK */
2208
		}
2209

2210
		if (unlikely(*pos + *count > inode->i_sb->s_maxbytes))
2211
			*count = inode->i_sb->s_maxbytes - *pos;
2212
	} else {
2213
#ifdef CONFIG_BLOCK
2214
		loff_t isize;
2215
		if (bdev_read_only(I_BDEV(inode)))
2216
			return -EPERM;
2217
		isize = i_size_read(inode);
2218
		if (*pos >= isize) {
2219
			if (*count || *pos > isize)
2220
				return -ENOSPC;
2221
		}
2222

2223
		if (*pos + *count > isize)
2224
			*count = isize - *pos;
2225
#else
2226
		return -EPERM;
2227
#endif
2228
	}
2229
	return 0;
2230
}
2231
EXPORT_SYMBOL(generic_write_checks);
2232

2233
int pagecache_write_begin(struct file *file, struct address_space *mapping,
2234
				loff_t pos, unsigned len, unsigned flags,
2235
				struct page **pagep, void **fsdata)
2236
{
2237
	const struct address_space_operations *aops = mapping->a_ops;
2238

2239
	return aops->write_begin(file, mapping, pos, len, flags,
2240
							pagep, fsdata);
2241
}
2242
EXPORT_SYMBOL(pagecache_write_begin);
2243

2244
int pagecache_write_end(struct file *file, struct address_space *mapping,
2245
				loff_t pos, unsigned len, unsigned copied,
2246
				struct page *page, void *fsdata)
2247
{
2248
	const struct address_space_operations *aops = mapping->a_ops;
2249

2250
	mark_page_accessed(page);
2251
	return aops->write_end(file, mapping, pos, len, copied, page, fsdata);
2252
}
2253
EXPORT_SYMBOL(pagecache_write_end);
2254

2255
ssize_t
2256
generic_file_direct_write(struct kiocb *iocb, const struct iovec *iov,
2257
		unsigned long *nr_segs, loff_t pos, loff_t *ppos,
2258
		size_t count, size_t ocount)
2259
{
2260
	struct file	*file = iocb->ki_filp;
2261
	struct address_space *mapping = file->f_mapping;
2262
	struct inode	*inode = mapping->host;
2263
	ssize_t		written;
2264
	size_t		write_len;
2265
	pgoff_t		end;
2266

2267
	if (count != ocount)
2268
		*nr_segs = iov_shorten((struct iovec *)iov, *nr_segs, count);
2269

2270
	write_len = iov_length(iov, *nr_segs);
2271
	end = (pos + write_len - 1) >> PAGE_CACHE_SHIFT;
2272

2273
	written = filemap_write_and_wait_range(mapping, pos, pos + write_len - 1);
2274
	if (written)
2275
		goto out;
2276

2277
	/*
2278
	 * After a write we want buffered reads to be sure to go to disk to get
2279
	 * the new data.  We invalidate clean cached page from the region we're
2280
	 * about to write.  We do this *before* the write so that we can return
2281
	 * without clobbering -EIOCBQUEUED from ->direct_IO().
2282
	 */
2283
	if (mapping->nrpages) {
2284
		written = invalidate_inode_pages2_range(mapping,
2285
					pos >> PAGE_CACHE_SHIFT, end);
2286
		/*
2287
		 * If a page can not be invalidated, return 0 to fall back
2288
		 * to buffered write.
2289
		 */
2290
		if (written) {
2291
			if (written == -EBUSY)
2292
				return 0;
2293
			goto out;
2294
		}
2295
	}
2296

2297
	written = mapping->a_ops->direct_IO(WRITE, iocb, iov, pos, *nr_segs);
2298

2299
	/*
2300
	 * Finally, try again to invalidate clean pages which might have been
2301
	 * cached by non-direct readahead, or faulted in by get_user_pages()
2302
	 * if the source of the write was an mmap'ed region of the file
2303
	 * we're writing.  Either one is a pretty crazy thing to do,
2304
	 * so we don't support it 100%.  If this invalidation
2305
	 * fails, tough, the write still worked...
2306
	 */
2307
	if (mapping->nrpages) {
2308
		invalidate_inode_pages2_range(mapping,
2309
					      pos >> PAGE_CACHE_SHIFT, end);
2310
	}
2311

2312
	if (written > 0) {
2313
		pos += written;
2314
		if (pos > i_size_read(inode) && !S_ISBLK(inode->i_mode)) {
2315
			i_size_write(inode, pos);
2316
			mark_inode_dirty(inode);
2317
		}
2318
		*ppos = pos;
2319
	}
2320
out:
2321
	return written;
2322
}
2323
EXPORT_SYMBOL(generic_file_direct_write);
2324

2325
/*
2326
 * Find or create a page at the given pagecache position. Return the locked
2327
 * page. This function is specifically for buffered writes.
2328
 */
2329
struct page *grab_cache_page_write_begin(struct address_space *mapping,
2330
					pgoff_t index, unsigned flags)
2331
{
2332
	int status;
2333
	struct page *page;
2334
	gfp_t gfp_notmask = 0;
2335
	if (flags & AOP_FLAG_NOFS)
2336
		gfp_notmask = __GFP_FS;
2337
repeat:
2338
	page = find_lock_page(mapping, index);
2339
	if (page)
2340
		goto found;
2341

2342
	page = __page_cache_alloc(mapping_gfp_mask(mapping) & ~gfp_notmask);
2343
	if (!page)
2344
		return NULL;
2345
	status = add_to_page_cache_lru(page, mapping, index,
2346
						GFP_KERNEL & ~gfp_notmask);
2347
	if (unlikely(status)) {
2348
		page_cache_release(page);
2349
		if (status == -EEXIST)
2350
			goto repeat;
2351
		return NULL;
2352
	}
2353
found:
2354
	wait_on_page_writeback(page);
2355
	return page;
2356
}
2357
EXPORT_SYMBOL(grab_cache_page_write_begin);
2358

2359
static ssize_t generic_perform_write(struct file *file,
2360
				struct iov_iter *i, loff_t pos)
2361
{
2362
	struct address_space *mapping = file->f_mapping;
2363
	const struct address_space_operations *a_ops = mapping->a_ops;
2364
	long status = 0;
2365
	ssize_t written = 0;
2366
	unsigned int flags = 0;
2367

2368
	/*
2369
	 * Copies from kernel address space cannot fail (NFSD is a big user).
2370
	 */
2371
	if (segment_eq(get_fs(), KERNEL_DS))
2372
		flags |= AOP_FLAG_UNINTERRUPTIBLE;
2373

2374
	do {
2375
		struct page *page;
2376
		unsigned long offset;	/* Offset into pagecache page */
2377
		unsigned long bytes;	/* Bytes to write to page */
2378
		size_t copied;		/* Bytes copied from user */
2379
		void *fsdata;
2380

2381
		offset = (pos & (PAGE_CACHE_SIZE - 1));
2382
		bytes = min_t(unsigned long, PAGE_CACHE_SIZE - offset,
2383
						iov_iter_count(i));
2384

2385
again:
2386

2387
		/*
2388
		 * Bring in the user page that we will copy from _first_.
2389
		 * Otherwise there's a nasty deadlock on copying from the
2390
		 * same page as we're writing to, without it being marked
2391
		 * up-to-date.
2392
		 *
2393
		 * Not only is this an optimisation, but it is also required
2394
		 * to check that the address is actually valid, when atomic
2395
		 * usercopies are used, below.
2396
		 */
2397
		if (unlikely(iov_iter_fault_in_readable(i, bytes))) {
2398
			status = -EFAULT;
2399
			break;
2400
		}
2401

2402
		status = a_ops->write_begin(file, mapping, pos, bytes, flags,
2403
						&page, &fsdata);
2404
		if (unlikely(status))
2405
			break;
2406

2407
		if (mapping_writably_mapped(mapping))
2408
			flush_dcache_page(page);
2409

2410
		pagefault_disable();
2411
		copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes);
2412
		pagefault_enable();
2413
		flush_dcache_page(page);
2414

2415
		mark_page_accessed(page);
2416
		status = a_ops->write_end(file, mapping, pos, bytes, copied,
2417
						page, fsdata);
2418
		if (unlikely(status < 0))
2419
			break;
2420
		copied = status;
2421

2422
		cond_resched();
2423

2424
		iov_iter_advance(i, copied);
2425
		if (unlikely(copied == 0)) {
2426
			/*
2427
			 * If we were unable to copy any data at all, we must
2428
			 * fall back to a single segment length write.
2429
			 *
2430
			 * If we didn't fallback here, we could livelock
2431
			 * because not all segments in the iov can be copied at
2432
			 * once without a pagefault.
2433
			 */
2434
			bytes = min_t(unsigned long, PAGE_CACHE_SIZE - offset,
2435
						iov_iter_single_seg_count(i));
2436
			goto again;
2437
		}
2438
		pos += copied;
2439
		written += copied;
2440

2441
		balance_dirty_pages_ratelimited(mapping);
2442

2443
	} while (iov_iter_count(i));
2444

2445
	return written ? written : status;
2446
}
2447

2448
ssize_t
2449
generic_file_buffered_write(struct kiocb *iocb, const struct iovec *iov,
2450
		unsigned long nr_segs, loff_t pos, loff_t *ppos,
2451
		size_t count, ssize_t written)
2452
{
2453
	struct file *file = iocb->ki_filp;
2454
	ssize_t status;
2455
	struct iov_iter i;
2456

2457
	iov_iter_init(&i, iov, nr_segs, count, written);
2458
	status = generic_perform_write(file, &i, pos);
2459

2460
	if (likely(status >= 0)) {
2461
		written += status;
2462
		*ppos = pos + status;
2463
  	}
2464
	
2465
	return written ? written : status;
2466
}
2467
EXPORT_SYMBOL(generic_file_buffered_write);
2468

2469
/**
2470
 * __generic_file_aio_write - write data to a file
2471
 * @iocb:	IO state structure (file, offset, etc.)
2472
 * @iov:	vector with data to write
2473
 * @nr_segs:	number of segments in the vector
2474
 * @ppos:	position where to write
2475
 *
2476
 * This function does all the work needed for actually writing data to a
2477
 * file. It does all basic checks, removes SUID from the file, updates
2478
 * modification times and calls proper subroutines depending on whether we
2479
 * do direct IO or a standard buffered write.
2480
 *
2481
 * It expects i_mutex to be grabbed unless we work on a block device or similar
2482
 * object which does not need locking at all.
2483
 *
2484
 * This function does *not* take care of syncing data in case of O_SYNC write.
2485
 * A caller has to handle it. This is mainly due to the fact that we want to
2486
 * avoid syncing under i_mutex.
2487
 */
2488
ssize_t __generic_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
2489
				 unsigned long nr_segs, loff_t *ppos)
2490
{
2491
	struct file *file = iocb->ki_filp;
2492
	struct address_space * mapping = file->f_mapping;
2493
	size_t ocount;		/* original count */
2494
	size_t count;		/* after file limit checks */
2495
	struct inode 	*inode = mapping->host;
2496
	loff_t		pos;
2497
	ssize_t		written;
2498
	ssize_t		err;
2499

2500
	ocount = 0;
2501
	err = generic_segment_checks(iov, &nr_segs, &ocount, VERIFY_READ);
2502
	if (err)
2503
		return err;
2504

2505
	count = ocount;
2506
	pos = *ppos;
2507

2508
	vfs_check_frozen(inode->i_sb, SB_FREEZE_WRITE);
2509

2510
	/* We can write back this queue in page reclaim */
2511
	current->backing_dev_info = mapping->backing_dev_info;
2512
	written = 0;
2513

2514
	err = generic_write_checks(file, &pos, &count, S_ISBLK(inode->i_mode));
2515
	if (err)
2516
		goto out;
2517

2518
	if (count == 0)
2519
		goto out;
2520

2521
	err = file_remove_suid(file);
2522
	if (err)
2523
		goto out;
2524

2525
	file_update_time(file);
2526

2527
	/* coalesce the iovecs and go direct-to-BIO for O_DIRECT */
2528
	if (unlikely(file->f_flags & O_DIRECT)) {
2529
		loff_t endbyte;
2530
		ssize_t written_buffered;
2531

2532
		written = generic_file_direct_write(iocb, iov, &nr_segs, pos,
2533
							ppos, count, ocount);
2534
		if (written < 0 || written == count)
2535
			goto out;
2536
		/*
2537
		 * direct-io write to a hole: fall through to buffered I/O
2538
		 * for completing the rest of the request.
2539
		 */
2540
		pos += written;
2541
		count -= written;
2542
		written_buffered = generic_file_buffered_write(iocb, iov,
2543
						nr_segs, pos, ppos, count,
2544
						written);
2545
		/*
2546
		 * If generic_file_buffered_write() retuned a synchronous error
2547
		 * then we want to return the number of bytes which were
2548
		 * direct-written, or the error code if that was zero.  Note
2549
		 * that this differs from normal direct-io semantics, which
2550
		 * will return -EFOO even if some bytes were written.
2551
		 */
2552
		if (written_buffered < 0) {
2553
			err = written_buffered;
2554
			goto out;
2555
		}
2556

2557
		/*
2558
		 * We need to ensure that the page cache pages are written to
2559
		 * disk and invalidated to preserve the expected O_DIRECT
2560
		 * semantics.
2561
		 */
2562
		endbyte = pos + written_buffered - written - 1;
2563
		err = filemap_write_and_wait_range(file->f_mapping, pos, endbyte);
2564
		if (err == 0) {
2565
			written = written_buffered;
2566
			invalidate_mapping_pages(mapping,
2567
						 pos >> PAGE_CACHE_SHIFT,
2568
						 endbyte >> PAGE_CACHE_SHIFT);
2569
		} else {
2570
			/*
2571
			 * We don't know how much we wrote, so just return
2572
			 * the number of bytes which were direct-written
2573
			 */
2574
		}
2575
	} else {
2576
		written = generic_file_buffered_write(iocb, iov, nr_segs,
2577
				pos, ppos, count, written);
2578
	}
2579
out:
2580
	current->backing_dev_info = NULL;
2581
	return written ? written : err;
2582
}
2583
EXPORT_SYMBOL(__generic_file_aio_write);
2584

2585
/**
2586
 * generic_file_aio_write - write data to a file
2587
 * @iocb:	IO state structure
2588
 * @iov:	vector with data to write
2589
 * @nr_segs:	number of segments in the vector
2590
 * @pos:	position in file where to write
2591
 *
2592
 * This is a wrapper around __generic_file_aio_write() to be used by most
2593
 * filesystems. It takes care of syncing the file in case of O_SYNC file
2594
 * and acquires i_mutex as needed.
2595
 */
2596
ssize_t generic_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
2597
		unsigned long nr_segs, loff_t pos)
2598
{
2599
	struct file *file = iocb->ki_filp;
2600
	struct inode *inode = file->f_mapping->host;
2601
	struct blk_plug plug;
2602
	ssize_t ret;
2603

2604
	BUG_ON(iocb->ki_pos != pos);
2605

2606
	mutex_lock(&inode->i_mutex);
2607
	blk_start_plug(&plug);
2608
	ret = __generic_file_aio_write(iocb, iov, nr_segs, &iocb->ki_pos);
2609
	mutex_unlock(&inode->i_mutex);
2610

2611
	if (ret > 0 || ret == -EIOCBQUEUED) {
2612
		ssize_t err;
2613

2614
		err = generic_write_sync(file, pos, ret);
2615
		if (err < 0 && ret > 0)
2616
			ret = err;
2617
	}
2618
	blk_finish_plug(&plug);
2619
	return ret;
2620
}
2621
EXPORT_SYMBOL(generic_file_aio_write);
2622

2623
/**
2624
 * try_to_release_page() - release old fs-specific metadata on a page
2625
 *
2626
 * @page: the page which the kernel is trying to free
2627
 * @gfp_mask: memory allocation flags (and I/O mode)
2628
 *
2629
 * The address_space is to try to release any data against the page
2630
 * (presumably at page->private).  If the release was successful, return `1'.
2631
 * Otherwise return zero.
2632
 *
2633
 * This may also be called if PG_fscache is set on a page, indicating that the
2634
 * page is known to the local caching routines.
2635
 *
2636
 * The @gfp_mask argument specifies whether I/O may be performed to release
2637
 * this page (__GFP_IO), and whether the call may block (__GFP_WAIT & __GFP_FS).
2638
 *
2639
 */
2640
int try_to_release_page(struct page *page, gfp_t gfp_mask)
2641
{
2642
	struct address_space * const mapping = page->mapping;
2643

2644
	BUG_ON(!PageLocked(page));
2645
	if (PageWriteback(page))
2646
		return 0;
2647

2648
	if (mapping && mapping->a_ops->releasepage)
2649
		return mapping->a_ops->releasepage(page, gfp_mask);
2650
	return try_to_free_buffers(page);
2651
}
2652

2653
EXPORT_SYMBOL(try_to_release_page);
2654

2655