1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/readpage.c 4 * 5 * Copyright (C) 2002, Linus Torvalds. 6 * Copyright (C) 2015, Google, Inc. 7 * 8 * This was originally taken from fs/mpage.c 9 * 10 * The intent is the ext4_mpage_readpages() function here is intended 11 * to replace mpage_readpages() in the general case, not just for 12 * encrypted files. It has some limitations (see below), where it 13 * will fall back to read_block_full_page(), but these limitations 14 * should only be hit when page_size != block_size. 15 * 16 * This will allow us to attach a callback function to support ext4 17 * encryption. 18 * 19 * If anything unusual happens, such as: 20 * 21 * - encountering a page which has buffers 22 * - encountering a page which has a non-hole after a hole 23 * - encountering a page with non-contiguous blocks 24 * 25 * then this code just gives up and calls the buffer_head-based read function. 26 * It does handle a page which has holes at the end - that is a common case: 27 * the end-of-file on blocksize < PAGE_SIZE setups. 28 * 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/export.h> 33 #include <linux/mm.h> 34 #include <linux/kdev_t.h> 35 #include <linux/gfp.h> 36 #include <linux/bio.h> 37 #include <linux/fs.h> 38 #include <linux/buffer_head.h> 39 #include <linux/blkdev.h> 40 #include <linux/highmem.h> 41 #include <linux/prefetch.h> 42 #include <linux/mpage.h> 43 #include <linux/writeback.h> 44 #include <linux/backing-dev.h> 45 #include <linux/pagevec.h> 46 #include <linux/cleancache.h> 47 48 #include "ext4.h" 49 50 #define NUM_PREALLOC_POST_READ_CTXS 128 51 52 static struct kmem_cache *bio_post_read_ctx_cache; 53 static mempool_t *bio_post_read_ctx_pool; 54 55 /* postprocessing steps for read bios */ 56 enum bio_post_read_step { 57 STEP_INITIAL = 0, 58 STEP_DECRYPT, 59 STEP_VERITY, 60 STEP_MAX, 61 }; 62 63 struct bio_post_read_ctx { 64 struct bio *bio; 65 struct work_struct work; 66 unsigned int cur_step; 67 unsigned int enabled_steps; 68 }; 69 70 static void __read_end_io(struct bio *bio) 71 { 72 struct page *page; 73 struct bio_vec *bv; 74 struct bvec_iter_all iter_all; 75 76 bio_for_each_segment_all(bv, bio, iter_all) { 77 page = bv->bv_page; 78 79 /* PG_error was set if any post_read step failed */ 80 if (bio->bi_status || PageError(page)) { 81 ClearPageUptodate(page); 82 /* will re-read again later */ 83 ClearPageError(page); 84 } else { 85 SetPageUptodate(page); 86 } 87 unlock_page(page); 88 } 89 if (bio->bi_private) 90 mempool_free(bio->bi_private, bio_post_read_ctx_pool); 91 bio_put(bio); 92 } 93 94 static void bio_post_read_processing(struct bio_post_read_ctx *ctx); 95 96 static void decrypt_work(struct work_struct *work) 97 { 98 struct bio_post_read_ctx *ctx = 99 container_of(work, struct bio_post_read_ctx, work); 100 101 fscrypt_decrypt_bio(ctx->bio); 102 103 bio_post_read_processing(ctx); 104 } 105 106 static void verity_work(struct work_struct *work) 107 { 108 struct bio_post_read_ctx *ctx = 109 container_of(work, struct bio_post_read_ctx, work); 110 struct bio *bio = ctx->bio; 111 112 /* 113 * fsverity_verify_bio() may call readpages() again, and although verity 114 * will be disabled for that, decryption may still be needed, causing 115 * another bio_post_read_ctx to be allocated. So to guarantee that 116 * mempool_alloc() never deadlocks we must free the current ctx first. 117 * This is safe because verity is the last post-read step. 118 */ 119 BUILD_BUG_ON(STEP_VERITY + 1 != STEP_MAX); 120 mempool_free(ctx, bio_post_read_ctx_pool); 121 bio->bi_private = NULL; 122 123 fsverity_verify_bio(bio); 124 125 __read_end_io(bio); 126 } 127 128 static void bio_post_read_processing(struct bio_post_read_ctx *ctx) 129 { 130 /* 131 * We use different work queues for decryption and for verity because 132 * verity may require reading metadata pages that need decryption, and 133 * we shouldn't recurse to the same workqueue. 134 */ 135 switch (++ctx->cur_step) { 136 case STEP_DECRYPT: 137 if (ctx->enabled_steps & (1 << STEP_DECRYPT)) { 138 INIT_WORK(&ctx->work, decrypt_work); 139 fscrypt_enqueue_decrypt_work(&ctx->work); 140 return; 141 } 142 ctx->cur_step++; 143 /* fall-through */ 144 case STEP_VERITY: 145 if (ctx->enabled_steps & (1 << STEP_VERITY)) { 146 INIT_WORK(&ctx->work, verity_work); 147 fsverity_enqueue_verify_work(&ctx->work); 148 return; 149 } 150 ctx->cur_step++; 151 /* fall-through */ 152 default: 153 __read_end_io(ctx->bio); 154 } 155 } 156 157 static bool bio_post_read_required(struct bio *bio) 158 { 159 return bio->bi_private && !bio->bi_status; 160 } 161 162 /* 163 * I/O completion handler for multipage BIOs. 164 * 165 * The mpage code never puts partial pages into a BIO (except for end-of-file). 166 * If a page does not map to a contiguous run of blocks then it simply falls 167 * back to block_read_full_page(). 168 * 169 * Why is this? If a page's completion depends on a number of different BIOs 170 * which can complete in any order (or at the same time) then determining the 171 * status of that page is hard. See end_buffer_async_read() for the details. 172 * There is no point in duplicating all that complexity. 173 */ 174 static void mpage_end_io(struct bio *bio) 175 { 176 if (bio_post_read_required(bio)) { 177 struct bio_post_read_ctx *ctx = bio->bi_private; 178 179 ctx->cur_step = STEP_INITIAL; 180 bio_post_read_processing(ctx); 181 return; 182 } 183 __read_end_io(bio); 184 } 185 186 static inline bool ext4_need_verity(const struct inode *inode, pgoff_t idx) 187 { 188 return fsverity_active(inode) && 189 idx < DIV_ROUND_UP(inode->i_size, PAGE_SIZE); 190 } 191 192 static void ext4_set_bio_post_read_ctx(struct bio *bio, 193 const struct inode *inode, 194 pgoff_t first_idx) 195 { 196 unsigned int post_read_steps = 0; 197 198 if (IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode)) 199 post_read_steps |= 1 << STEP_DECRYPT; 200 201 if (ext4_need_verity(inode, first_idx)) 202 post_read_steps |= 1 << STEP_VERITY; 203 204 if (post_read_steps) { 205 /* Due to the mempool, this never fails. */ 206 struct bio_post_read_ctx *ctx = 207 mempool_alloc(bio_post_read_ctx_pool, GFP_NOFS); 208 209 ctx->bio = bio; 210 ctx->enabled_steps = post_read_steps; 211 bio->bi_private = ctx; 212 } 213 } 214 215 static inline loff_t ext4_readpage_limit(struct inode *inode) 216 { 217 if (IS_ENABLED(CONFIG_FS_VERITY) && 218 (IS_VERITY(inode) || ext4_verity_in_progress(inode))) 219 return inode->i_sb->s_maxbytes; 220 221 return i_size_read(inode); 222 } 223 224 int ext4_mpage_readpages(struct address_space *mapping, 225 struct list_head *pages, struct page *page, 226 unsigned nr_pages, bool is_readahead) 227 { 228 struct bio *bio = NULL; 229 sector_t last_block_in_bio = 0; 230 231 struct inode *inode = mapping->host; 232 const unsigned blkbits = inode->i_blkbits; 233 const unsigned blocks_per_page = PAGE_SIZE >> blkbits; 234 const unsigned blocksize = 1 << blkbits; 235 sector_t block_in_file; 236 sector_t last_block; 237 sector_t last_block_in_file; 238 sector_t blocks[MAX_BUF_PER_PAGE]; 239 unsigned page_block; 240 struct block_device *bdev = inode->i_sb->s_bdev; 241 int length; 242 unsigned relative_block = 0; 243 struct ext4_map_blocks map; 244 245 map.m_pblk = 0; 246 map.m_lblk = 0; 247 map.m_len = 0; 248 map.m_flags = 0; 249 250 for (; nr_pages; nr_pages--) { 251 int fully_mapped = 1; 252 unsigned first_hole = blocks_per_page; 253 254 if (pages) { 255 page = lru_to_page(pages); 256 257 prefetchw(&page->flags); 258 list_del(&page->lru); 259 if (add_to_page_cache_lru(page, mapping, page->index, 260 readahead_gfp_mask(mapping))) 261 goto next_page; 262 } 263 264 if (page_has_buffers(page)) 265 goto confused; 266 267 block_in_file = (sector_t)page->index << (PAGE_SHIFT - blkbits); 268 last_block = block_in_file + nr_pages * blocks_per_page; 269 last_block_in_file = (ext4_readpage_limit(inode) + 270 blocksize - 1) >> blkbits; 271 if (last_block > last_block_in_file) 272 last_block = last_block_in_file; 273 page_block = 0; 274 275 /* 276 * Map blocks using the previous result first. 277 */ 278 if ((map.m_flags & EXT4_MAP_MAPPED) && 279 block_in_file > map.m_lblk && 280 block_in_file < (map.m_lblk + map.m_len)) { 281 unsigned map_offset = block_in_file - map.m_lblk; 282 unsigned last = map.m_len - map_offset; 283 284 for (relative_block = 0; ; relative_block++) { 285 if (relative_block == last) { 286 /* needed? */ 287 map.m_flags &= ~EXT4_MAP_MAPPED; 288 break; 289 } 290 if (page_block == blocks_per_page) 291 break; 292 blocks[page_block] = map.m_pblk + map_offset + 293 relative_block; 294 page_block++; 295 block_in_file++; 296 } 297 } 298 299 /* 300 * Then do more ext4_map_blocks() calls until we are 301 * done with this page. 302 */ 303 while (page_block < blocks_per_page) { 304 if (block_in_file < last_block) { 305 map.m_lblk = block_in_file; 306 map.m_len = last_block - block_in_file; 307 308 if (ext4_map_blocks(NULL, inode, &map, 0) < 0) { 309 set_error_page: 310 SetPageError(page); 311 zero_user_segment(page, 0, 312 PAGE_SIZE); 313 unlock_page(page); 314 goto next_page; 315 } 316 } 317 if ((map.m_flags & EXT4_MAP_MAPPED) == 0) { 318 fully_mapped = 0; 319 if (first_hole == blocks_per_page) 320 first_hole = page_block; 321 page_block++; 322 block_in_file++; 323 continue; 324 } 325 if (first_hole != blocks_per_page) 326 goto confused; /* hole -> non-hole */ 327 328 /* Contiguous blocks? */ 329 if (page_block && blocks[page_block-1] != map.m_pblk-1) 330 goto confused; 331 for (relative_block = 0; ; relative_block++) { 332 if (relative_block == map.m_len) { 333 /* needed? */ 334 map.m_flags &= ~EXT4_MAP_MAPPED; 335 break; 336 } else if (page_block == blocks_per_page) 337 break; 338 blocks[page_block] = map.m_pblk+relative_block; 339 page_block++; 340 block_in_file++; 341 } 342 } 343 if (first_hole != blocks_per_page) { 344 zero_user_segment(page, first_hole << blkbits, 345 PAGE_SIZE); 346 if (first_hole == 0) { 347 if (ext4_need_verity(inode, page->index) && 348 !fsverity_verify_page(page)) 349 goto set_error_page; 350 SetPageUptodate(page); 351 unlock_page(page); 352 goto next_page; 353 } 354 } else if (fully_mapped) { 355 SetPageMappedToDisk(page); 356 } 357 if (fully_mapped && blocks_per_page == 1 && 358 !PageUptodate(page) && cleancache_get_page(page) == 0) { 359 SetPageUptodate(page); 360 goto confused; 361 } 362 363 /* 364 * This page will go to BIO. Do we need to send this 365 * BIO off first? 366 */ 367 if (bio && (last_block_in_bio != blocks[0] - 1)) { 368 submit_and_realloc: 369 submit_bio(bio); 370 bio = NULL; 371 } 372 if (bio == NULL) { 373 /* 374 * bio_alloc will _always_ be able to allocate a bio if 375 * __GFP_DIRECT_RECLAIM is set, see bio_alloc_bioset(). 376 */ 377 bio = bio_alloc(GFP_KERNEL, 378 min_t(int, nr_pages, BIO_MAX_PAGES)); 379 ext4_set_bio_post_read_ctx(bio, inode, page->index); 380 bio_set_dev(bio, bdev); 381 bio->bi_iter.bi_sector = blocks[0] << (blkbits - 9); 382 bio->bi_end_io = mpage_end_io; 383 bio_set_op_attrs(bio, REQ_OP_READ, 384 is_readahead ? REQ_RAHEAD : 0); 385 } 386 387 length = first_hole << blkbits; 388 if (bio_add_page(bio, page, length, 0) < length) 389 goto submit_and_realloc; 390 391 if (((map.m_flags & EXT4_MAP_BOUNDARY) && 392 (relative_block == map.m_len)) || 393 (first_hole != blocks_per_page)) { 394 submit_bio(bio); 395 bio = NULL; 396 } else 397 last_block_in_bio = blocks[blocks_per_page - 1]; 398 goto next_page; 399 confused: 400 if (bio) { 401 submit_bio(bio); 402 bio = NULL; 403 } 404 if (!PageUptodate(page)) 405 block_read_full_page(page, ext4_get_block); 406 else 407 unlock_page(page); 408 next_page: 409 if (pages) 410 put_page(page); 411 } 412 BUG_ON(pages && !list_empty(pages)); 413 if (bio) 414 submit_bio(bio); 415 return 0; 416 } 417 418 int __init ext4_init_post_read_processing(void) 419 { 420 bio_post_read_ctx_cache = 421 kmem_cache_create("ext4_bio_post_read_ctx", 422 sizeof(struct bio_post_read_ctx), 0, 0, NULL); 423 if (!bio_post_read_ctx_cache) 424 goto fail; 425 bio_post_read_ctx_pool = 426 mempool_create_slab_pool(NUM_PREALLOC_POST_READ_CTXS, 427 bio_post_read_ctx_cache); 428 if (!bio_post_read_ctx_pool) 429 goto fail_free_cache; 430 return 0; 431 432 fail_free_cache: 433 kmem_cache_destroy(bio_post_read_ctx_cache); 434 fail: 435 return -ENOMEM; 436 } 437 438 void ext4_exit_post_read_processing(void) 439 { 440 mempool_destroy(bio_post_read_ctx_pool); 441 kmem_cache_destroy(bio_post_read_ctx_cache); 442 } 443