xref: /openbmc/linux/fs/xfs/xfs_file.c (revision 260ea95c)
1 /*
2  * Copyright (c) 2000-2005 Silicon Graphics, Inc.
3  * All Rights Reserved.
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU General Public License as
7  * published by the Free Software Foundation.
8  *
9  * This program is distributed in the hope that it would be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write the Free Software Foundation,
16  * Inc.,  51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
17  */
18 #include "xfs.h"
19 #include "xfs_fs.h"
20 #include "xfs_shared.h"
21 #include "xfs_format.h"
22 #include "xfs_log_format.h"
23 #include "xfs_trans_resv.h"
24 #include "xfs_mount.h"
25 #include "xfs_da_format.h"
26 #include "xfs_da_btree.h"
27 #include "xfs_inode.h"
28 #include "xfs_trans.h"
29 #include "xfs_inode_item.h"
30 #include "xfs_bmap.h"
31 #include "xfs_bmap_util.h"
32 #include "xfs_error.h"
33 #include "xfs_dir2.h"
34 #include "xfs_dir2_priv.h"
35 #include "xfs_ioctl.h"
36 #include "xfs_trace.h"
37 #include "xfs_log.h"
38 #include "xfs_icache.h"
39 #include "xfs_pnfs.h"
40 #include "xfs_iomap.h"
41 #include "xfs_reflink.h"
42 
43 #include <linux/dcache.h>
44 #include <linux/falloc.h>
45 #include <linux/pagevec.h>
46 #include <linux/backing-dev.h>
47 
48 static const struct vm_operations_struct xfs_file_vm_ops;
49 
50 /*
51  * Clear the specified ranges to zero through either the pagecache or DAX.
52  * Holes and unwritten extents will be left as-is as they already are zeroed.
53  */
54 int
55 xfs_zero_range(
56 	struct xfs_inode	*ip,
57 	xfs_off_t		pos,
58 	xfs_off_t		count,
59 	bool			*did_zero)
60 {
61 	return iomap_zero_range(VFS_I(ip), pos, count, NULL, &xfs_iomap_ops);
62 }
63 
64 int
65 xfs_update_prealloc_flags(
66 	struct xfs_inode	*ip,
67 	enum xfs_prealloc_flags	flags)
68 {
69 	struct xfs_trans	*tp;
70 	int			error;
71 
72 	error = xfs_trans_alloc(ip->i_mount, &M_RES(ip->i_mount)->tr_writeid,
73 			0, 0, 0, &tp);
74 	if (error)
75 		return error;
76 
77 	xfs_ilock(ip, XFS_ILOCK_EXCL);
78 	xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
79 
80 	if (!(flags & XFS_PREALLOC_INVISIBLE)) {
81 		VFS_I(ip)->i_mode &= ~S_ISUID;
82 		if (VFS_I(ip)->i_mode & S_IXGRP)
83 			VFS_I(ip)->i_mode &= ~S_ISGID;
84 		xfs_trans_ichgtime(tp, ip, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
85 	}
86 
87 	if (flags & XFS_PREALLOC_SET)
88 		ip->i_d.di_flags |= XFS_DIFLAG_PREALLOC;
89 	if (flags & XFS_PREALLOC_CLEAR)
90 		ip->i_d.di_flags &= ~XFS_DIFLAG_PREALLOC;
91 
92 	xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
93 	if (flags & XFS_PREALLOC_SYNC)
94 		xfs_trans_set_sync(tp);
95 	return xfs_trans_commit(tp);
96 }
97 
98 /*
99  * Fsync operations on directories are much simpler than on regular files,
100  * as there is no file data to flush, and thus also no need for explicit
101  * cache flush operations, and there are no non-transaction metadata updates
102  * on directories either.
103  */
104 STATIC int
105 xfs_dir_fsync(
106 	struct file		*file,
107 	loff_t			start,
108 	loff_t			end,
109 	int			datasync)
110 {
111 	struct xfs_inode	*ip = XFS_I(file->f_mapping->host);
112 	struct xfs_mount	*mp = ip->i_mount;
113 	xfs_lsn_t		lsn = 0;
114 
115 	trace_xfs_dir_fsync(ip);
116 
117 	xfs_ilock(ip, XFS_ILOCK_SHARED);
118 	if (xfs_ipincount(ip))
119 		lsn = ip->i_itemp->ili_last_lsn;
120 	xfs_iunlock(ip, XFS_ILOCK_SHARED);
121 
122 	if (!lsn)
123 		return 0;
124 	return _xfs_log_force_lsn(mp, lsn, XFS_LOG_SYNC, NULL);
125 }
126 
127 STATIC int
128 xfs_file_fsync(
129 	struct file		*file,
130 	loff_t			start,
131 	loff_t			end,
132 	int			datasync)
133 {
134 	struct inode		*inode = file->f_mapping->host;
135 	struct xfs_inode	*ip = XFS_I(inode);
136 	struct xfs_mount	*mp = ip->i_mount;
137 	int			error = 0;
138 	int			log_flushed = 0;
139 	xfs_lsn_t		lsn = 0;
140 
141 	trace_xfs_file_fsync(ip);
142 
143 	error = file_write_and_wait_range(file, start, end);
144 	if (error)
145 		return error;
146 
147 	if (XFS_FORCED_SHUTDOWN(mp))
148 		return -EIO;
149 
150 	xfs_iflags_clear(ip, XFS_ITRUNCATED);
151 
152 	/*
153 	 * If we have an RT and/or log subvolume we need to make sure to flush
154 	 * the write cache the device used for file data first.  This is to
155 	 * ensure newly written file data make it to disk before logging the new
156 	 * inode size in case of an extending write.
157 	 */
158 	if (XFS_IS_REALTIME_INODE(ip))
159 		xfs_blkdev_issue_flush(mp->m_rtdev_targp);
160 	else if (mp->m_logdev_targp != mp->m_ddev_targp)
161 		xfs_blkdev_issue_flush(mp->m_ddev_targp);
162 
163 	/*
164 	 * All metadata updates are logged, which means that we just have to
165 	 * flush the log up to the latest LSN that touched the inode. If we have
166 	 * concurrent fsync/fdatasync() calls, we need them to all block on the
167 	 * log force before we clear the ili_fsync_fields field. This ensures
168 	 * that we don't get a racing sync operation that does not wait for the
169 	 * metadata to hit the journal before returning. If we race with
170 	 * clearing the ili_fsync_fields, then all that will happen is the log
171 	 * force will do nothing as the lsn will already be on disk. We can't
172 	 * race with setting ili_fsync_fields because that is done under
173 	 * XFS_ILOCK_EXCL, and that can't happen because we hold the lock shared
174 	 * until after the ili_fsync_fields is cleared.
175 	 */
176 	xfs_ilock(ip, XFS_ILOCK_SHARED);
177 	if (xfs_ipincount(ip)) {
178 		if (!datasync ||
179 		    (ip->i_itemp->ili_fsync_fields & ~XFS_ILOG_TIMESTAMP))
180 			lsn = ip->i_itemp->ili_last_lsn;
181 	}
182 
183 	if (lsn) {
184 		error = _xfs_log_force_lsn(mp, lsn, XFS_LOG_SYNC, &log_flushed);
185 		ip->i_itemp->ili_fsync_fields = 0;
186 	}
187 	xfs_iunlock(ip, XFS_ILOCK_SHARED);
188 
189 	/*
190 	 * If we only have a single device, and the log force about was
191 	 * a no-op we might have to flush the data device cache here.
192 	 * This can only happen for fdatasync/O_DSYNC if we were overwriting
193 	 * an already allocated file and thus do not have any metadata to
194 	 * commit.
195 	 */
196 	if (!log_flushed && !XFS_IS_REALTIME_INODE(ip) &&
197 	    mp->m_logdev_targp == mp->m_ddev_targp)
198 		xfs_blkdev_issue_flush(mp->m_ddev_targp);
199 
200 	return error;
201 }
202 
203 STATIC ssize_t
204 xfs_file_dio_aio_read(
205 	struct kiocb		*iocb,
206 	struct iov_iter		*to)
207 {
208 	struct xfs_inode	*ip = XFS_I(file_inode(iocb->ki_filp));
209 	size_t			count = iov_iter_count(to);
210 	ssize_t			ret;
211 
212 	trace_xfs_file_direct_read(ip, count, iocb->ki_pos);
213 
214 	if (!count)
215 		return 0; /* skip atime */
216 
217 	file_accessed(iocb->ki_filp);
218 
219 	xfs_ilock(ip, XFS_IOLOCK_SHARED);
220 	ret = iomap_dio_rw(iocb, to, &xfs_iomap_ops, NULL);
221 	xfs_iunlock(ip, XFS_IOLOCK_SHARED);
222 
223 	return ret;
224 }
225 
226 static noinline ssize_t
227 xfs_file_dax_read(
228 	struct kiocb		*iocb,
229 	struct iov_iter		*to)
230 {
231 	struct xfs_inode	*ip = XFS_I(iocb->ki_filp->f_mapping->host);
232 	size_t			count = iov_iter_count(to);
233 	ssize_t			ret = 0;
234 
235 	trace_xfs_file_dax_read(ip, count, iocb->ki_pos);
236 
237 	if (!count)
238 		return 0; /* skip atime */
239 
240 	if (!xfs_ilock_nowait(ip, XFS_IOLOCK_SHARED)) {
241 		if (iocb->ki_flags & IOCB_NOWAIT)
242 			return -EAGAIN;
243 		xfs_ilock(ip, XFS_IOLOCK_SHARED);
244 	}
245 	ret = dax_iomap_rw(iocb, to, &xfs_iomap_ops);
246 	xfs_iunlock(ip, XFS_IOLOCK_SHARED);
247 
248 	file_accessed(iocb->ki_filp);
249 	return ret;
250 }
251 
252 STATIC ssize_t
253 xfs_file_buffered_aio_read(
254 	struct kiocb		*iocb,
255 	struct iov_iter		*to)
256 {
257 	struct xfs_inode	*ip = XFS_I(file_inode(iocb->ki_filp));
258 	ssize_t			ret;
259 
260 	trace_xfs_file_buffered_read(ip, iov_iter_count(to), iocb->ki_pos);
261 
262 	xfs_ilock(ip, XFS_IOLOCK_SHARED);
263 	ret = generic_file_read_iter(iocb, to);
264 	xfs_iunlock(ip, XFS_IOLOCK_SHARED);
265 
266 	return ret;
267 }
268 
269 STATIC ssize_t
270 xfs_file_read_iter(
271 	struct kiocb		*iocb,
272 	struct iov_iter		*to)
273 {
274 	struct inode		*inode = file_inode(iocb->ki_filp);
275 	struct xfs_mount	*mp = XFS_I(inode)->i_mount;
276 	ssize_t			ret = 0;
277 
278 	XFS_STATS_INC(mp, xs_read_calls);
279 
280 	if (XFS_FORCED_SHUTDOWN(mp))
281 		return -EIO;
282 
283 	if (IS_DAX(inode))
284 		ret = xfs_file_dax_read(iocb, to);
285 	else if (iocb->ki_flags & IOCB_DIRECT)
286 		ret = xfs_file_dio_aio_read(iocb, to);
287 	else
288 		ret = xfs_file_buffered_aio_read(iocb, to);
289 
290 	if (ret > 0)
291 		XFS_STATS_ADD(mp, xs_read_bytes, ret);
292 	return ret;
293 }
294 
295 /*
296  * Zero any on disk space between the current EOF and the new, larger EOF.
297  *
298  * This handles the normal case of zeroing the remainder of the last block in
299  * the file and the unusual case of zeroing blocks out beyond the size of the
300  * file.  This second case only happens with fixed size extents and when the
301  * system crashes before the inode size was updated but after blocks were
302  * allocated.
303  *
304  * Expects the iolock to be held exclusive, and will take the ilock internally.
305  */
306 int					/* error (positive) */
307 xfs_zero_eof(
308 	struct xfs_inode	*ip,
309 	xfs_off_t		offset,		/* starting I/O offset */
310 	xfs_fsize_t		isize,		/* current inode size */
311 	bool			*did_zeroing)
312 {
313 	ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL));
314 	ASSERT(offset > isize);
315 
316 	trace_xfs_zero_eof(ip, isize, offset - isize);
317 	return xfs_zero_range(ip, isize, offset - isize, did_zeroing);
318 }
319 
320 /*
321  * Common pre-write limit and setup checks.
322  *
323  * Called with the iolocked held either shared and exclusive according to
324  * @iolock, and returns with it held.  Might upgrade the iolock to exclusive
325  * if called for a direct write beyond i_size.
326  */
327 STATIC ssize_t
328 xfs_file_aio_write_checks(
329 	struct kiocb		*iocb,
330 	struct iov_iter		*from,
331 	int			*iolock)
332 {
333 	struct file		*file = iocb->ki_filp;
334 	struct inode		*inode = file->f_mapping->host;
335 	struct xfs_inode	*ip = XFS_I(inode);
336 	ssize_t			error = 0;
337 	size_t			count = iov_iter_count(from);
338 	bool			drained_dio = false;
339 
340 restart:
341 	error = generic_write_checks(iocb, from);
342 	if (error <= 0)
343 		return error;
344 
345 	error = xfs_break_layouts(inode, iolock);
346 	if (error)
347 		return error;
348 
349 	/*
350 	 * For changing security info in file_remove_privs() we need i_rwsem
351 	 * exclusively.
352 	 */
353 	if (*iolock == XFS_IOLOCK_SHARED && !IS_NOSEC(inode)) {
354 		xfs_iunlock(ip, *iolock);
355 		*iolock = XFS_IOLOCK_EXCL;
356 		xfs_ilock(ip, *iolock);
357 		goto restart;
358 	}
359 	/*
360 	 * If the offset is beyond the size of the file, we need to zero any
361 	 * blocks that fall between the existing EOF and the start of this
362 	 * write.  If zeroing is needed and we are currently holding the
363 	 * iolock shared, we need to update it to exclusive which implies
364 	 * having to redo all checks before.
365 	 *
366 	 * We need to serialise against EOF updates that occur in IO
367 	 * completions here. We want to make sure that nobody is changing the
368 	 * size while we do this check until we have placed an IO barrier (i.e.
369 	 * hold the XFS_IOLOCK_EXCL) that prevents new IO from being dispatched.
370 	 * The spinlock effectively forms a memory barrier once we have the
371 	 * XFS_IOLOCK_EXCL so we are guaranteed to see the latest EOF value
372 	 * and hence be able to correctly determine if we need to run zeroing.
373 	 */
374 	spin_lock(&ip->i_flags_lock);
375 	if (iocb->ki_pos > i_size_read(inode)) {
376 		bool	zero = false;
377 
378 		spin_unlock(&ip->i_flags_lock);
379 		if (!drained_dio) {
380 			if (*iolock == XFS_IOLOCK_SHARED) {
381 				xfs_iunlock(ip, *iolock);
382 				*iolock = XFS_IOLOCK_EXCL;
383 				xfs_ilock(ip, *iolock);
384 				iov_iter_reexpand(from, count);
385 			}
386 			/*
387 			 * We now have an IO submission barrier in place, but
388 			 * AIO can do EOF updates during IO completion and hence
389 			 * we now need to wait for all of them to drain. Non-AIO
390 			 * DIO will have drained before we are given the
391 			 * XFS_IOLOCK_EXCL, and so for most cases this wait is a
392 			 * no-op.
393 			 */
394 			inode_dio_wait(inode);
395 			drained_dio = true;
396 			goto restart;
397 		}
398 		error = xfs_zero_eof(ip, iocb->ki_pos, i_size_read(inode), &zero);
399 		if (error)
400 			return error;
401 	} else
402 		spin_unlock(&ip->i_flags_lock);
403 
404 	/*
405 	 * Updating the timestamps will grab the ilock again from
406 	 * xfs_fs_dirty_inode, so we have to call it after dropping the
407 	 * lock above.  Eventually we should look into a way to avoid
408 	 * the pointless lock roundtrip.
409 	 */
410 	if (likely(!(file->f_mode & FMODE_NOCMTIME))) {
411 		error = file_update_time(file);
412 		if (error)
413 			return error;
414 	}
415 
416 	/*
417 	 * If we're writing the file then make sure to clear the setuid and
418 	 * setgid bits if the process is not being run by root.  This keeps
419 	 * people from modifying setuid and setgid binaries.
420 	 */
421 	if (!IS_NOSEC(inode))
422 		return file_remove_privs(file);
423 	return 0;
424 }
425 
426 static int
427 xfs_dio_write_end_io(
428 	struct kiocb		*iocb,
429 	ssize_t			size,
430 	unsigned		flags)
431 {
432 	struct inode		*inode = file_inode(iocb->ki_filp);
433 	struct xfs_inode	*ip = XFS_I(inode);
434 	loff_t			offset = iocb->ki_pos;
435 	bool			update_size = false;
436 	int			error = 0;
437 
438 	trace_xfs_end_io_direct_write(ip, offset, size);
439 
440 	if (XFS_FORCED_SHUTDOWN(ip->i_mount))
441 		return -EIO;
442 
443 	if (size <= 0)
444 		return size;
445 
446 	/*
447 	 * We need to update the in-core inode size here so that we don't end up
448 	 * with the on-disk inode size being outside the in-core inode size. We
449 	 * have no other method of updating EOF for AIO, so always do it here
450 	 * if necessary.
451 	 *
452 	 * We need to lock the test/set EOF update as we can be racing with
453 	 * other IO completions here to update the EOF. Failing to serialise
454 	 * here can result in EOF moving backwards and Bad Things Happen when
455 	 * that occurs.
456 	 */
457 	spin_lock(&ip->i_flags_lock);
458 	if (offset + size > i_size_read(inode)) {
459 		i_size_write(inode, offset + size);
460 		update_size = true;
461 	}
462 	spin_unlock(&ip->i_flags_lock);
463 
464 	if (flags & IOMAP_DIO_COW) {
465 		error = xfs_reflink_end_cow(ip, offset, size);
466 		if (error)
467 			return error;
468 	}
469 
470 	if (flags & IOMAP_DIO_UNWRITTEN)
471 		error = xfs_iomap_write_unwritten(ip, offset, size);
472 	else if (update_size)
473 		error = xfs_setfilesize(ip, offset, size);
474 
475 	return error;
476 }
477 
478 /*
479  * xfs_file_dio_aio_write - handle direct IO writes
480  *
481  * Lock the inode appropriately to prepare for and issue a direct IO write.
482  * By separating it from the buffered write path we remove all the tricky to
483  * follow locking changes and looping.
484  *
485  * If there are cached pages or we're extending the file, we need IOLOCK_EXCL
486  * until we're sure the bytes at the new EOF have been zeroed and/or the cached
487  * pages are flushed out.
488  *
489  * In most cases the direct IO writes will be done holding IOLOCK_SHARED
490  * allowing them to be done in parallel with reads and other direct IO writes.
491  * However, if the IO is not aligned to filesystem blocks, the direct IO layer
492  * needs to do sub-block zeroing and that requires serialisation against other
493  * direct IOs to the same block. In this case we need to serialise the
494  * submission of the unaligned IOs so that we don't get racing block zeroing in
495  * the dio layer.  To avoid the problem with aio, we also need to wait for
496  * outstanding IOs to complete so that unwritten extent conversion is completed
497  * before we try to map the overlapping block. This is currently implemented by
498  * hitting it with a big hammer (i.e. inode_dio_wait()).
499  *
500  * Returns with locks held indicated by @iolock and errors indicated by
501  * negative return values.
502  */
503 STATIC ssize_t
504 xfs_file_dio_aio_write(
505 	struct kiocb		*iocb,
506 	struct iov_iter		*from)
507 {
508 	struct file		*file = iocb->ki_filp;
509 	struct address_space	*mapping = file->f_mapping;
510 	struct inode		*inode = mapping->host;
511 	struct xfs_inode	*ip = XFS_I(inode);
512 	struct xfs_mount	*mp = ip->i_mount;
513 	ssize_t			ret = 0;
514 	int			unaligned_io = 0;
515 	int			iolock;
516 	size_t			count = iov_iter_count(from);
517 	struct xfs_buftarg      *target = XFS_IS_REALTIME_INODE(ip) ?
518 					mp->m_rtdev_targp : mp->m_ddev_targp;
519 
520 	/* DIO must be aligned to device logical sector size */
521 	if ((iocb->ki_pos | count) & target->bt_logical_sectormask)
522 		return -EINVAL;
523 
524 	/*
525 	 * Don't take the exclusive iolock here unless the I/O is unaligned to
526 	 * the file system block size.  We don't need to consider the EOF
527 	 * extension case here because xfs_file_aio_write_checks() will relock
528 	 * the inode as necessary for EOF zeroing cases and fill out the new
529 	 * inode size as appropriate.
530 	 */
531 	if ((iocb->ki_pos & mp->m_blockmask) ||
532 	    ((iocb->ki_pos + count) & mp->m_blockmask)) {
533 		unaligned_io = 1;
534 
535 		/*
536 		 * We can't properly handle unaligned direct I/O to reflink
537 		 * files yet, as we can't unshare a partial block.
538 		 */
539 		if (xfs_is_reflink_inode(ip)) {
540 			trace_xfs_reflink_bounce_dio_write(ip, iocb->ki_pos, count);
541 			return -EREMCHG;
542 		}
543 		iolock = XFS_IOLOCK_EXCL;
544 	} else {
545 		iolock = XFS_IOLOCK_SHARED;
546 	}
547 
548 	if (!xfs_ilock_nowait(ip, iolock)) {
549 		if (iocb->ki_flags & IOCB_NOWAIT)
550 			return -EAGAIN;
551 		xfs_ilock(ip, iolock);
552 	}
553 
554 	ret = xfs_file_aio_write_checks(iocb, from, &iolock);
555 	if (ret)
556 		goto out;
557 	count = iov_iter_count(from);
558 
559 	/*
560 	 * If we are doing unaligned IO, wait for all other IO to drain,
561 	 * otherwise demote the lock if we had to take the exclusive lock
562 	 * for other reasons in xfs_file_aio_write_checks.
563 	 */
564 	if (unaligned_io) {
565 		/* If we are going to wait for other DIO to finish, bail */
566 		if (iocb->ki_flags & IOCB_NOWAIT) {
567 			if (atomic_read(&inode->i_dio_count))
568 				return -EAGAIN;
569 		} else {
570 			inode_dio_wait(inode);
571 		}
572 	} else if (iolock == XFS_IOLOCK_EXCL) {
573 		xfs_ilock_demote(ip, XFS_IOLOCK_EXCL);
574 		iolock = XFS_IOLOCK_SHARED;
575 	}
576 
577 	trace_xfs_file_direct_write(ip, count, iocb->ki_pos);
578 	ret = iomap_dio_rw(iocb, from, &xfs_iomap_ops, xfs_dio_write_end_io);
579 out:
580 	xfs_iunlock(ip, iolock);
581 
582 	/*
583 	 * No fallback to buffered IO on errors for XFS, direct IO will either
584 	 * complete fully or fail.
585 	 */
586 	ASSERT(ret < 0 || ret == count);
587 	return ret;
588 }
589 
590 static noinline ssize_t
591 xfs_file_dax_write(
592 	struct kiocb		*iocb,
593 	struct iov_iter		*from)
594 {
595 	struct inode		*inode = iocb->ki_filp->f_mapping->host;
596 	struct xfs_inode	*ip = XFS_I(inode);
597 	int			iolock = XFS_IOLOCK_EXCL;
598 	ssize_t			ret, error = 0;
599 	size_t			count;
600 	loff_t			pos;
601 
602 	if (!xfs_ilock_nowait(ip, iolock)) {
603 		if (iocb->ki_flags & IOCB_NOWAIT)
604 			return -EAGAIN;
605 		xfs_ilock(ip, iolock);
606 	}
607 
608 	ret = xfs_file_aio_write_checks(iocb, from, &iolock);
609 	if (ret)
610 		goto out;
611 
612 	pos = iocb->ki_pos;
613 	count = iov_iter_count(from);
614 
615 	trace_xfs_file_dax_write(ip, count, pos);
616 	ret = dax_iomap_rw(iocb, from, &xfs_iomap_ops);
617 	if (ret > 0 && iocb->ki_pos > i_size_read(inode)) {
618 		i_size_write(inode, iocb->ki_pos);
619 		error = xfs_setfilesize(ip, pos, ret);
620 	}
621 out:
622 	xfs_iunlock(ip, iolock);
623 	return error ? error : ret;
624 }
625 
626 STATIC ssize_t
627 xfs_file_buffered_aio_write(
628 	struct kiocb		*iocb,
629 	struct iov_iter		*from)
630 {
631 	struct file		*file = iocb->ki_filp;
632 	struct address_space	*mapping = file->f_mapping;
633 	struct inode		*inode = mapping->host;
634 	struct xfs_inode	*ip = XFS_I(inode);
635 	ssize_t			ret;
636 	int			enospc = 0;
637 	int			iolock;
638 
639 write_retry:
640 	iolock = XFS_IOLOCK_EXCL;
641 	xfs_ilock(ip, iolock);
642 
643 	ret = xfs_file_aio_write_checks(iocb, from, &iolock);
644 	if (ret)
645 		goto out;
646 
647 	/* We can write back this queue in page reclaim */
648 	current->backing_dev_info = inode_to_bdi(inode);
649 
650 	trace_xfs_file_buffered_write(ip, iov_iter_count(from), iocb->ki_pos);
651 	ret = iomap_file_buffered_write(iocb, from, &xfs_iomap_ops);
652 	if (likely(ret >= 0))
653 		iocb->ki_pos += ret;
654 
655 	/*
656 	 * If we hit a space limit, try to free up some lingering preallocated
657 	 * space before returning an error. In the case of ENOSPC, first try to
658 	 * write back all dirty inodes to free up some of the excess reserved
659 	 * metadata space. This reduces the chances that the eofblocks scan
660 	 * waits on dirty mappings. Since xfs_flush_inodes() is serialized, this
661 	 * also behaves as a filter to prevent too many eofblocks scans from
662 	 * running at the same time.
663 	 */
664 	if (ret == -EDQUOT && !enospc) {
665 		xfs_iunlock(ip, iolock);
666 		enospc = xfs_inode_free_quota_eofblocks(ip);
667 		if (enospc)
668 			goto write_retry;
669 		enospc = xfs_inode_free_quota_cowblocks(ip);
670 		if (enospc)
671 			goto write_retry;
672 		iolock = 0;
673 	} else if (ret == -ENOSPC && !enospc) {
674 		struct xfs_eofblocks eofb = {0};
675 
676 		enospc = 1;
677 		xfs_flush_inodes(ip->i_mount);
678 
679 		xfs_iunlock(ip, iolock);
680 		eofb.eof_flags = XFS_EOF_FLAGS_SYNC;
681 		xfs_icache_free_eofblocks(ip->i_mount, &eofb);
682 		xfs_icache_free_cowblocks(ip->i_mount, &eofb);
683 		goto write_retry;
684 	}
685 
686 	current->backing_dev_info = NULL;
687 out:
688 	if (iolock)
689 		xfs_iunlock(ip, iolock);
690 	return ret;
691 }
692 
693 STATIC ssize_t
694 xfs_file_write_iter(
695 	struct kiocb		*iocb,
696 	struct iov_iter		*from)
697 {
698 	struct file		*file = iocb->ki_filp;
699 	struct address_space	*mapping = file->f_mapping;
700 	struct inode		*inode = mapping->host;
701 	struct xfs_inode	*ip = XFS_I(inode);
702 	ssize_t			ret;
703 	size_t			ocount = iov_iter_count(from);
704 
705 	XFS_STATS_INC(ip->i_mount, xs_write_calls);
706 
707 	if (ocount == 0)
708 		return 0;
709 
710 	if (XFS_FORCED_SHUTDOWN(ip->i_mount))
711 		return -EIO;
712 
713 	if (IS_DAX(inode))
714 		ret = xfs_file_dax_write(iocb, from);
715 	else if (iocb->ki_flags & IOCB_DIRECT) {
716 		/*
717 		 * Allow a directio write to fall back to a buffered
718 		 * write *only* in the case that we're doing a reflink
719 		 * CoW.  In all other directio scenarios we do not
720 		 * allow an operation to fall back to buffered mode.
721 		 */
722 		ret = xfs_file_dio_aio_write(iocb, from);
723 		if (ret == -EREMCHG)
724 			goto buffered;
725 	} else {
726 buffered:
727 		ret = xfs_file_buffered_aio_write(iocb, from);
728 	}
729 
730 	if (ret > 0) {
731 		XFS_STATS_ADD(ip->i_mount, xs_write_bytes, ret);
732 
733 		/* Handle various SYNC-type writes */
734 		ret = generic_write_sync(iocb, ret);
735 	}
736 	return ret;
737 }
738 
739 #define	XFS_FALLOC_FL_SUPPORTED						\
740 		(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE |		\
741 		 FALLOC_FL_COLLAPSE_RANGE | FALLOC_FL_ZERO_RANGE |	\
742 		 FALLOC_FL_INSERT_RANGE | FALLOC_FL_UNSHARE_RANGE)
743 
744 STATIC long
745 xfs_file_fallocate(
746 	struct file		*file,
747 	int			mode,
748 	loff_t			offset,
749 	loff_t			len)
750 {
751 	struct inode		*inode = file_inode(file);
752 	struct xfs_inode	*ip = XFS_I(inode);
753 	long			error;
754 	enum xfs_prealloc_flags	flags = 0;
755 	uint			iolock = XFS_IOLOCK_EXCL;
756 	loff_t			new_size = 0;
757 	bool			do_file_insert = 0;
758 
759 	if (!S_ISREG(inode->i_mode))
760 		return -EINVAL;
761 	if (mode & ~XFS_FALLOC_FL_SUPPORTED)
762 		return -EOPNOTSUPP;
763 
764 	xfs_ilock(ip, iolock);
765 	error = xfs_break_layouts(inode, &iolock);
766 	if (error)
767 		goto out_unlock;
768 
769 	xfs_ilock(ip, XFS_MMAPLOCK_EXCL);
770 	iolock |= XFS_MMAPLOCK_EXCL;
771 
772 	if (mode & FALLOC_FL_PUNCH_HOLE) {
773 		error = xfs_free_file_space(ip, offset, len);
774 		if (error)
775 			goto out_unlock;
776 	} else if (mode & FALLOC_FL_COLLAPSE_RANGE) {
777 		unsigned int blksize_mask = i_blocksize(inode) - 1;
778 
779 		if (offset & blksize_mask || len & blksize_mask) {
780 			error = -EINVAL;
781 			goto out_unlock;
782 		}
783 
784 		/*
785 		 * There is no need to overlap collapse range with EOF,
786 		 * in which case it is effectively a truncate operation
787 		 */
788 		if (offset + len >= i_size_read(inode)) {
789 			error = -EINVAL;
790 			goto out_unlock;
791 		}
792 
793 		new_size = i_size_read(inode) - len;
794 
795 		error = xfs_collapse_file_space(ip, offset, len);
796 		if (error)
797 			goto out_unlock;
798 	} else if (mode & FALLOC_FL_INSERT_RANGE) {
799 		unsigned int blksize_mask = i_blocksize(inode) - 1;
800 
801 		new_size = i_size_read(inode) + len;
802 		if (offset & blksize_mask || len & blksize_mask) {
803 			error = -EINVAL;
804 			goto out_unlock;
805 		}
806 
807 		/* check the new inode size does not wrap through zero */
808 		if (new_size > inode->i_sb->s_maxbytes) {
809 			error = -EFBIG;
810 			goto out_unlock;
811 		}
812 
813 		/* Offset should be less than i_size */
814 		if (offset >= i_size_read(inode)) {
815 			error = -EINVAL;
816 			goto out_unlock;
817 		}
818 		do_file_insert = 1;
819 	} else {
820 		flags |= XFS_PREALLOC_SET;
821 
822 		if (!(mode & FALLOC_FL_KEEP_SIZE) &&
823 		    offset + len > i_size_read(inode)) {
824 			new_size = offset + len;
825 			error = inode_newsize_ok(inode, new_size);
826 			if (error)
827 				goto out_unlock;
828 		}
829 
830 		if (mode & FALLOC_FL_ZERO_RANGE)
831 			error = xfs_zero_file_space(ip, offset, len);
832 		else {
833 			if (mode & FALLOC_FL_UNSHARE_RANGE) {
834 				error = xfs_reflink_unshare(ip, offset, len);
835 				if (error)
836 					goto out_unlock;
837 			}
838 			error = xfs_alloc_file_space(ip, offset, len,
839 						     XFS_BMAPI_PREALLOC);
840 		}
841 		if (error)
842 			goto out_unlock;
843 	}
844 
845 	if (file->f_flags & O_DSYNC)
846 		flags |= XFS_PREALLOC_SYNC;
847 
848 	error = xfs_update_prealloc_flags(ip, flags);
849 	if (error)
850 		goto out_unlock;
851 
852 	/* Change file size if needed */
853 	if (new_size) {
854 		struct iattr iattr;
855 
856 		iattr.ia_valid = ATTR_SIZE;
857 		iattr.ia_size = new_size;
858 		error = xfs_vn_setattr_size(file_dentry(file), &iattr);
859 		if (error)
860 			goto out_unlock;
861 	}
862 
863 	/*
864 	 * Perform hole insertion now that the file size has been
865 	 * updated so that if we crash during the operation we don't
866 	 * leave shifted extents past EOF and hence losing access to
867 	 * the data that is contained within them.
868 	 */
869 	if (do_file_insert)
870 		error = xfs_insert_file_space(ip, offset, len);
871 
872 out_unlock:
873 	xfs_iunlock(ip, iolock);
874 	return error;
875 }
876 
877 STATIC int
878 xfs_file_clone_range(
879 	struct file	*file_in,
880 	loff_t		pos_in,
881 	struct file	*file_out,
882 	loff_t		pos_out,
883 	u64		len)
884 {
885 	return xfs_reflink_remap_range(file_in, pos_in, file_out, pos_out,
886 				     len, false);
887 }
888 
889 STATIC ssize_t
890 xfs_file_dedupe_range(
891 	struct file	*src_file,
892 	u64		loff,
893 	u64		len,
894 	struct file	*dst_file,
895 	u64		dst_loff)
896 {
897 	int		error;
898 
899 	error = xfs_reflink_remap_range(src_file, loff, dst_file, dst_loff,
900 				     len, true);
901 	if (error)
902 		return error;
903 	return len;
904 }
905 
906 STATIC int
907 xfs_file_open(
908 	struct inode	*inode,
909 	struct file	*file)
910 {
911 	if (!(file->f_flags & O_LARGEFILE) && i_size_read(inode) > MAX_NON_LFS)
912 		return -EFBIG;
913 	if (XFS_FORCED_SHUTDOWN(XFS_M(inode->i_sb)))
914 		return -EIO;
915 	file->f_mode |= FMODE_AIO_NOWAIT;
916 	return 0;
917 }
918 
919 STATIC int
920 xfs_dir_open(
921 	struct inode	*inode,
922 	struct file	*file)
923 {
924 	struct xfs_inode *ip = XFS_I(inode);
925 	int		mode;
926 	int		error;
927 
928 	error = xfs_file_open(inode, file);
929 	if (error)
930 		return error;
931 
932 	/*
933 	 * If there are any blocks, read-ahead block 0 as we're almost
934 	 * certain to have the next operation be a read there.
935 	 */
936 	mode = xfs_ilock_data_map_shared(ip);
937 	if (ip->i_d.di_nextents > 0)
938 		error = xfs_dir3_data_readahead(ip, 0, -1);
939 	xfs_iunlock(ip, mode);
940 	return error;
941 }
942 
943 STATIC int
944 xfs_file_release(
945 	struct inode	*inode,
946 	struct file	*filp)
947 {
948 	return xfs_release(XFS_I(inode));
949 }
950 
951 STATIC int
952 xfs_file_readdir(
953 	struct file	*file,
954 	struct dir_context *ctx)
955 {
956 	struct inode	*inode = file_inode(file);
957 	xfs_inode_t	*ip = XFS_I(inode);
958 	size_t		bufsize;
959 
960 	/*
961 	 * The Linux API doesn't pass down the total size of the buffer
962 	 * we read into down to the filesystem.  With the filldir concept
963 	 * it's not needed for correct information, but the XFS dir2 leaf
964 	 * code wants an estimate of the buffer size to calculate it's
965 	 * readahead window and size the buffers used for mapping to
966 	 * physical blocks.
967 	 *
968 	 * Try to give it an estimate that's good enough, maybe at some
969 	 * point we can change the ->readdir prototype to include the
970 	 * buffer size.  For now we use the current glibc buffer size.
971 	 */
972 	bufsize = (size_t)min_t(loff_t, 32768, ip->i_d.di_size);
973 
974 	return xfs_readdir(NULL, ip, ctx, bufsize);
975 }
976 
977 STATIC loff_t
978 xfs_file_llseek(
979 	struct file	*file,
980 	loff_t		offset,
981 	int		whence)
982 {
983 	struct inode		*inode = file->f_mapping->host;
984 
985 	if (XFS_FORCED_SHUTDOWN(XFS_I(inode)->i_mount))
986 		return -EIO;
987 
988 	switch (whence) {
989 	default:
990 		return generic_file_llseek(file, offset, whence);
991 	case SEEK_HOLE:
992 		offset = iomap_seek_hole(inode, offset, &xfs_iomap_ops);
993 		break;
994 	case SEEK_DATA:
995 		offset = iomap_seek_data(inode, offset, &xfs_iomap_ops);
996 		break;
997 	}
998 
999 	if (offset < 0)
1000 		return offset;
1001 	return vfs_setpos(file, offset, inode->i_sb->s_maxbytes);
1002 }
1003 
1004 /*
1005  * Locking for serialisation of IO during page faults. This results in a lock
1006  * ordering of:
1007  *
1008  * mmap_sem (MM)
1009  *   sb_start_pagefault(vfs, freeze)
1010  *     i_mmaplock (XFS - truncate serialisation)
1011  *       page_lock (MM)
1012  *         i_lock (XFS - extent map serialisation)
1013  */
1014 
1015 /*
1016  * mmap()d file has taken write protection fault and is being made writable. We
1017  * can set the page state up correctly for a writable page, which means we can
1018  * do correct delalloc accounting (ENOSPC checking!) and unwritten extent
1019  * mapping.
1020  */
1021 STATIC int
1022 xfs_filemap_page_mkwrite(
1023 	struct vm_fault		*vmf)
1024 {
1025 	struct inode		*inode = file_inode(vmf->vma->vm_file);
1026 	int			ret;
1027 
1028 	trace_xfs_filemap_page_mkwrite(XFS_I(inode));
1029 
1030 	sb_start_pagefault(inode->i_sb);
1031 	file_update_time(vmf->vma->vm_file);
1032 	xfs_ilock(XFS_I(inode), XFS_MMAPLOCK_SHARED);
1033 
1034 	if (IS_DAX(inode)) {
1035 		ret = dax_iomap_fault(vmf, PE_SIZE_PTE, &xfs_iomap_ops);
1036 	} else {
1037 		ret = iomap_page_mkwrite(vmf, &xfs_iomap_ops);
1038 		ret = block_page_mkwrite_return(ret);
1039 	}
1040 
1041 	xfs_iunlock(XFS_I(inode), XFS_MMAPLOCK_SHARED);
1042 	sb_end_pagefault(inode->i_sb);
1043 
1044 	return ret;
1045 }
1046 
1047 STATIC int
1048 xfs_filemap_fault(
1049 	struct vm_fault		*vmf)
1050 {
1051 	struct inode		*inode = file_inode(vmf->vma->vm_file);
1052 	int			ret;
1053 
1054 	trace_xfs_filemap_fault(XFS_I(inode));
1055 
1056 	/* DAX can shortcut the normal fault path on write faults! */
1057 	if ((vmf->flags & FAULT_FLAG_WRITE) && IS_DAX(inode))
1058 		return xfs_filemap_page_mkwrite(vmf);
1059 
1060 	xfs_ilock(XFS_I(inode), XFS_MMAPLOCK_SHARED);
1061 	if (IS_DAX(inode))
1062 		ret = dax_iomap_fault(vmf, PE_SIZE_PTE, &xfs_iomap_ops);
1063 	else
1064 		ret = filemap_fault(vmf);
1065 	xfs_iunlock(XFS_I(inode), XFS_MMAPLOCK_SHARED);
1066 
1067 	return ret;
1068 }
1069 
1070 /*
1071  * Similar to xfs_filemap_fault(), the DAX fault path can call into here on
1072  * both read and write faults. Hence we need to handle both cases. There is no
1073  * ->huge_mkwrite callout for huge pages, so we have a single function here to
1074  * handle both cases here. @flags carries the information on the type of fault
1075  * occuring.
1076  */
1077 STATIC int
1078 xfs_filemap_huge_fault(
1079 	struct vm_fault		*vmf,
1080 	enum page_entry_size	pe_size)
1081 {
1082 	struct inode		*inode = file_inode(vmf->vma->vm_file);
1083 	struct xfs_inode	*ip = XFS_I(inode);
1084 	int			ret;
1085 
1086 	if (!IS_DAX(inode))
1087 		return VM_FAULT_FALLBACK;
1088 
1089 	trace_xfs_filemap_huge_fault(ip);
1090 
1091 	if (vmf->flags & FAULT_FLAG_WRITE) {
1092 		sb_start_pagefault(inode->i_sb);
1093 		file_update_time(vmf->vma->vm_file);
1094 	}
1095 
1096 	xfs_ilock(XFS_I(inode), XFS_MMAPLOCK_SHARED);
1097 	ret = dax_iomap_fault(vmf, pe_size, &xfs_iomap_ops);
1098 	xfs_iunlock(XFS_I(inode), XFS_MMAPLOCK_SHARED);
1099 
1100 	if (vmf->flags & FAULT_FLAG_WRITE)
1101 		sb_end_pagefault(inode->i_sb);
1102 
1103 	return ret;
1104 }
1105 
1106 /*
1107  * pfn_mkwrite was originally inteneded to ensure we capture time stamp
1108  * updates on write faults. In reality, it's need to serialise against
1109  * truncate similar to page_mkwrite. Hence we cycle the XFS_MMAPLOCK_SHARED
1110  * to ensure we serialise the fault barrier in place.
1111  */
1112 static int
1113 xfs_filemap_pfn_mkwrite(
1114 	struct vm_fault		*vmf)
1115 {
1116 
1117 	struct inode		*inode = file_inode(vmf->vma->vm_file);
1118 	struct xfs_inode	*ip = XFS_I(inode);
1119 	int			ret = VM_FAULT_NOPAGE;
1120 	loff_t			size;
1121 
1122 	trace_xfs_filemap_pfn_mkwrite(ip);
1123 
1124 	sb_start_pagefault(inode->i_sb);
1125 	file_update_time(vmf->vma->vm_file);
1126 
1127 	/* check if the faulting page hasn't raced with truncate */
1128 	xfs_ilock(ip, XFS_MMAPLOCK_SHARED);
1129 	size = (i_size_read(inode) + PAGE_SIZE - 1) >> PAGE_SHIFT;
1130 	if (vmf->pgoff >= size)
1131 		ret = VM_FAULT_SIGBUS;
1132 	else if (IS_DAX(inode))
1133 		ret = dax_pfn_mkwrite(vmf);
1134 	xfs_iunlock(ip, XFS_MMAPLOCK_SHARED);
1135 	sb_end_pagefault(inode->i_sb);
1136 	return ret;
1137 
1138 }
1139 
1140 static const struct vm_operations_struct xfs_file_vm_ops = {
1141 	.fault		= xfs_filemap_fault,
1142 	.huge_fault	= xfs_filemap_huge_fault,
1143 	.map_pages	= filemap_map_pages,
1144 	.page_mkwrite	= xfs_filemap_page_mkwrite,
1145 	.pfn_mkwrite	= xfs_filemap_pfn_mkwrite,
1146 };
1147 
1148 STATIC int
1149 xfs_file_mmap(
1150 	struct file	*filp,
1151 	struct vm_area_struct *vma)
1152 {
1153 	file_accessed(filp);
1154 	vma->vm_ops = &xfs_file_vm_ops;
1155 	if (IS_DAX(file_inode(filp)))
1156 		vma->vm_flags |= VM_MIXEDMAP | VM_HUGEPAGE;
1157 	return 0;
1158 }
1159 
1160 const struct file_operations xfs_file_operations = {
1161 	.llseek		= xfs_file_llseek,
1162 	.read_iter	= xfs_file_read_iter,
1163 	.write_iter	= xfs_file_write_iter,
1164 	.splice_read	= generic_file_splice_read,
1165 	.splice_write	= iter_file_splice_write,
1166 	.unlocked_ioctl	= xfs_file_ioctl,
1167 #ifdef CONFIG_COMPAT
1168 	.compat_ioctl	= xfs_file_compat_ioctl,
1169 #endif
1170 	.mmap		= xfs_file_mmap,
1171 	.open		= xfs_file_open,
1172 	.release	= xfs_file_release,
1173 	.fsync		= xfs_file_fsync,
1174 	.get_unmapped_area = thp_get_unmapped_area,
1175 	.fallocate	= xfs_file_fallocate,
1176 	.clone_file_range = xfs_file_clone_range,
1177 	.dedupe_file_range = xfs_file_dedupe_range,
1178 };
1179 
1180 const struct file_operations xfs_dir_file_operations = {
1181 	.open		= xfs_dir_open,
1182 	.read		= generic_read_dir,
1183 	.iterate_shared	= xfs_file_readdir,
1184 	.llseek		= generic_file_llseek,
1185 	.unlocked_ioctl	= xfs_file_ioctl,
1186 #ifdef CONFIG_COMPAT
1187 	.compat_ioctl	= xfs_file_compat_ioctl,
1188 #endif
1189 	.fsync		= xfs_dir_fsync,
1190 };
1191