1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/mm/filemap.c 4 * 5 * Copyright (C) 1994-1999 Linus Torvalds 6 */ 7 8 /* 9 * This file handles the generic file mmap semantics used by 10 * most "normal" filesystems (but you don't /have/ to use this: 11 * the NFS filesystem used to do this differently, for example) 12 */ 13 #include <linux/export.h> 14 #include <linux/compiler.h> 15 #include <linux/dax.h> 16 #include <linux/fs.h> 17 #include <linux/sched/signal.h> 18 #include <linux/uaccess.h> 19 #include <linux/capability.h> 20 #include <linux/kernel_stat.h> 21 #include <linux/gfp.h> 22 #include <linux/mm.h> 23 #include <linux/swap.h> 24 #include <linux/mman.h> 25 #include <linux/pagemap.h> 26 #include <linux/file.h> 27 #include <linux/uio.h> 28 #include <linux/error-injection.h> 29 #include <linux/hash.h> 30 #include <linux/writeback.h> 31 #include <linux/backing-dev.h> 32 #include <linux/pagevec.h> 33 #include <linux/blkdev.h> 34 #include <linux/security.h> 35 #include <linux/cpuset.h> 36 #include <linux/hugetlb.h> 37 #include <linux/memcontrol.h> 38 #include <linux/cleancache.h> 39 #include <linux/shmem_fs.h> 40 #include <linux/rmap.h> 41 #include <linux/delayacct.h> 42 #include <linux/psi.h> 43 #include "internal.h" 44 45 #define CREATE_TRACE_POINTS 46 #include <trace/events/filemap.h> 47 48 /* 49 * FIXME: remove all knowledge of the buffer layer from the core VM 50 */ 51 #include <linux/buffer_head.h> /* for try_to_free_buffers */ 52 53 #include <asm/mman.h> 54 55 /* 56 * Shared mappings implemented 30.11.1994. It's not fully working yet, 57 * though. 58 * 59 * Shared mappings now work. 15.8.1995 Bruno. 60 * 61 * finished 'unifying' the page and buffer cache and SMP-threaded the 62 * page-cache, 21.05.1999, Ingo Molnar <mingo@redhat.com> 63 * 64 * SMP-threaded pagemap-LRU 1999, Andrea Arcangeli <andrea@suse.de> 65 */ 66 67 /* 68 * Lock ordering: 69 * 70 * ->i_mmap_rwsem (truncate_pagecache) 71 * ->private_lock (__free_pte->__set_page_dirty_buffers) 72 * ->swap_lock (exclusive_swap_page, others) 73 * ->i_pages lock 74 * 75 * ->i_mutex 76 * ->i_mmap_rwsem (truncate->unmap_mapping_range) 77 * 78 * ->mmap_sem 79 * ->i_mmap_rwsem 80 * ->page_table_lock or pte_lock (various, mainly in memory.c) 81 * ->i_pages lock (arch-dependent flush_dcache_mmap_lock) 82 * 83 * ->mmap_sem 84 * ->lock_page (access_process_vm) 85 * 86 * ->i_mutex (generic_perform_write) 87 * ->mmap_sem (fault_in_pages_readable->do_page_fault) 88 * 89 * bdi->wb.list_lock 90 * sb_lock (fs/fs-writeback.c) 91 * ->i_pages lock (__sync_single_inode) 92 * 93 * ->i_mmap_rwsem 94 * ->anon_vma.lock (vma_adjust) 95 * 96 * ->anon_vma.lock 97 * ->page_table_lock or pte_lock (anon_vma_prepare and various) 98 * 99 * ->page_table_lock or pte_lock 100 * ->swap_lock (try_to_unmap_one) 101 * ->private_lock (try_to_unmap_one) 102 * ->i_pages lock (try_to_unmap_one) 103 * ->pgdat->lru_lock (follow_page->mark_page_accessed) 104 * ->pgdat->lru_lock (check_pte_range->isolate_lru_page) 105 * ->private_lock (page_remove_rmap->set_page_dirty) 106 * ->i_pages lock (page_remove_rmap->set_page_dirty) 107 * bdi.wb->list_lock (page_remove_rmap->set_page_dirty) 108 * ->inode->i_lock (page_remove_rmap->set_page_dirty) 109 * ->memcg->move_lock (page_remove_rmap->lock_page_memcg) 110 * bdi.wb->list_lock (zap_pte_range->set_page_dirty) 111 * ->inode->i_lock (zap_pte_range->set_page_dirty) 112 * ->private_lock (zap_pte_range->__set_page_dirty_buffers) 113 * 114 * ->i_mmap_rwsem 115 * ->tasklist_lock (memory_failure, collect_procs_ao) 116 */ 117 118 static void page_cache_delete(struct address_space *mapping, 119 struct page *page, void *shadow) 120 { 121 XA_STATE(xas, &mapping->i_pages, page->index); 122 unsigned int nr = 1; 123 124 mapping_set_update(&xas, mapping); 125 126 /* hugetlb pages are represented by a single entry in the xarray */ 127 if (!PageHuge(page)) { 128 xas_set_order(&xas, page->index, compound_order(page)); 129 nr = 1U << compound_order(page); 130 } 131 132 VM_BUG_ON_PAGE(!PageLocked(page), page); 133 VM_BUG_ON_PAGE(PageTail(page), page); 134 VM_BUG_ON_PAGE(nr != 1 && shadow, page); 135 136 xas_store(&xas, shadow); 137 xas_init_marks(&xas); 138 139 page->mapping = NULL; 140 /* Leave page->index set: truncation lookup relies upon it */ 141 142 if (shadow) { 143 mapping->nrexceptional += nr; 144 /* 145 * Make sure the nrexceptional update is committed before 146 * the nrpages update so that final truncate racing 147 * with reclaim does not see both counters 0 at the 148 * same time and miss a shadow entry. 149 */ 150 smp_wmb(); 151 } 152 mapping->nrpages -= nr; 153 } 154 155 static void unaccount_page_cache_page(struct address_space *mapping, 156 struct page *page) 157 { 158 int nr; 159 160 /* 161 * if we're uptodate, flush out into the cleancache, otherwise 162 * invalidate any existing cleancache entries. We can't leave 163 * stale data around in the cleancache once our page is gone 164 */ 165 if (PageUptodate(page) && PageMappedToDisk(page)) 166 cleancache_put_page(page); 167 else 168 cleancache_invalidate_page(mapping, page); 169 170 VM_BUG_ON_PAGE(PageTail(page), page); 171 VM_BUG_ON_PAGE(page_mapped(page), page); 172 if (!IS_ENABLED(CONFIG_DEBUG_VM) && unlikely(page_mapped(page))) { 173 int mapcount; 174 175 pr_alert("BUG: Bad page cache in process %s pfn:%05lx\n", 176 current->comm, page_to_pfn(page)); 177 dump_page(page, "still mapped when deleted"); 178 dump_stack(); 179 add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); 180 181 mapcount = page_mapcount(page); 182 if (mapping_exiting(mapping) && 183 page_count(page) >= mapcount + 2) { 184 /* 185 * All vmas have already been torn down, so it's 186 * a good bet that actually the page is unmapped, 187 * and we'd prefer not to leak it: if we're wrong, 188 * some other bad page check should catch it later. 189 */ 190 page_mapcount_reset(page); 191 page_ref_sub(page, mapcount); 192 } 193 } 194 195 /* hugetlb pages do not participate in page cache accounting. */ 196 if (PageHuge(page)) 197 return; 198 199 nr = hpage_nr_pages(page); 200 201 __mod_node_page_state(page_pgdat(page), NR_FILE_PAGES, -nr); 202 if (PageSwapBacked(page)) { 203 __mod_node_page_state(page_pgdat(page), NR_SHMEM, -nr); 204 if (PageTransHuge(page)) 205 __dec_node_page_state(page, NR_SHMEM_THPS); 206 } else { 207 VM_BUG_ON_PAGE(PageTransHuge(page), page); 208 } 209 210 /* 211 * At this point page must be either written or cleaned by 212 * truncate. Dirty page here signals a bug and loss of 213 * unwritten data. 214 * 215 * This fixes dirty accounting after removing the page entirely 216 * but leaves PageDirty set: it has no effect for truncated 217 * page and anyway will be cleared before returning page into 218 * buddy allocator. 219 */ 220 if (WARN_ON_ONCE(PageDirty(page))) 221 account_page_cleaned(page, mapping, inode_to_wb(mapping->host)); 222 } 223 224 /* 225 * Delete a page from the page cache and free it. Caller has to make 226 * sure the page is locked and that nobody else uses it - or that usage 227 * is safe. The caller must hold the i_pages lock. 228 */ 229 void __delete_from_page_cache(struct page *page, void *shadow) 230 { 231 struct address_space *mapping = page->mapping; 232 233 trace_mm_filemap_delete_from_page_cache(page); 234 235 unaccount_page_cache_page(mapping, page); 236 page_cache_delete(mapping, page, shadow); 237 } 238 239 static void page_cache_free_page(struct address_space *mapping, 240 struct page *page) 241 { 242 void (*freepage)(struct page *); 243 244 freepage = mapping->a_ops->freepage; 245 if (freepage) 246 freepage(page); 247 248 if (PageTransHuge(page) && !PageHuge(page)) { 249 page_ref_sub(page, HPAGE_PMD_NR); 250 VM_BUG_ON_PAGE(page_count(page) <= 0, page); 251 } else { 252 put_page(page); 253 } 254 } 255 256 /** 257 * delete_from_page_cache - delete page from page cache 258 * @page: the page which the kernel is trying to remove from page cache 259 * 260 * This must be called only on pages that have been verified to be in the page 261 * cache and locked. It will never put the page into the free list, the caller 262 * has a reference on the page. 263 */ 264 void delete_from_page_cache(struct page *page) 265 { 266 struct address_space *mapping = page_mapping(page); 267 unsigned long flags; 268 269 BUG_ON(!PageLocked(page)); 270 xa_lock_irqsave(&mapping->i_pages, flags); 271 __delete_from_page_cache(page, NULL); 272 xa_unlock_irqrestore(&mapping->i_pages, flags); 273 274 page_cache_free_page(mapping, page); 275 } 276 EXPORT_SYMBOL(delete_from_page_cache); 277 278 /* 279 * page_cache_delete_batch - delete several pages from page cache 280 * @mapping: the mapping to which pages belong 281 * @pvec: pagevec with pages to delete 282 * 283 * The function walks over mapping->i_pages and removes pages passed in @pvec 284 * from the mapping. The function expects @pvec to be sorted by page index 285 * and is optimised for it to be dense. 286 * It tolerates holes in @pvec (mapping entries at those indices are not 287 * modified). The function expects only THP head pages to be present in the 288 * @pvec. 289 * 290 * The function expects the i_pages lock to be held. 291 */ 292 static void page_cache_delete_batch(struct address_space *mapping, 293 struct pagevec *pvec) 294 { 295 XA_STATE(xas, &mapping->i_pages, pvec->pages[0]->index); 296 int total_pages = 0; 297 int i = 0; 298 struct page *page; 299 300 mapping_set_update(&xas, mapping); 301 xas_for_each(&xas, page, ULONG_MAX) { 302 if (i >= pagevec_count(pvec)) 303 break; 304 305 /* A swap/dax/shadow entry got inserted? Skip it. */ 306 if (xa_is_value(page)) 307 continue; 308 /* 309 * A page got inserted in our range? Skip it. We have our 310 * pages locked so they are protected from being removed. 311 * If we see a page whose index is higher than ours, it 312 * means our page has been removed, which shouldn't be 313 * possible because we're holding the PageLock. 314 */ 315 if (page != pvec->pages[i]) { 316 VM_BUG_ON_PAGE(page->index > pvec->pages[i]->index, 317 page); 318 continue; 319 } 320 321 WARN_ON_ONCE(!PageLocked(page)); 322 323 if (page->index == xas.xa_index) 324 page->mapping = NULL; 325 /* Leave page->index set: truncation lookup relies on it */ 326 327 /* 328 * Move to the next page in the vector if this is a regular 329 * page or the index is of the last sub-page of this compound 330 * page. 331 */ 332 if (page->index + (1UL << compound_order(page)) - 1 == 333 xas.xa_index) 334 i++; 335 xas_store(&xas, NULL); 336 total_pages++; 337 } 338 mapping->nrpages -= total_pages; 339 } 340 341 void delete_from_page_cache_batch(struct address_space *mapping, 342 struct pagevec *pvec) 343 { 344 int i; 345 unsigned long flags; 346 347 if (!pagevec_count(pvec)) 348 return; 349 350 xa_lock_irqsave(&mapping->i_pages, flags); 351 for (i = 0; i < pagevec_count(pvec); i++) { 352 trace_mm_filemap_delete_from_page_cache(pvec->pages[i]); 353 354 unaccount_page_cache_page(mapping, pvec->pages[i]); 355 } 356 page_cache_delete_batch(mapping, pvec); 357 xa_unlock_irqrestore(&mapping->i_pages, flags); 358 359 for (i = 0; i < pagevec_count(pvec); i++) 360 page_cache_free_page(mapping, pvec->pages[i]); 361 } 362 363 int filemap_check_errors(struct address_space *mapping) 364 { 365 int ret = 0; 366 /* Check for outstanding write errors */ 367 if (test_bit(AS_ENOSPC, &mapping->flags) && 368 test_and_clear_bit(AS_ENOSPC, &mapping->flags)) 369 ret = -ENOSPC; 370 if (test_bit(AS_EIO, &mapping->flags) && 371 test_and_clear_bit(AS_EIO, &mapping->flags)) 372 ret = -EIO; 373 return ret; 374 } 375 EXPORT_SYMBOL(filemap_check_errors); 376 377 static int filemap_check_and_keep_errors(struct address_space *mapping) 378 { 379 /* Check for outstanding write errors */ 380 if (test_bit(AS_EIO, &mapping->flags)) 381 return -EIO; 382 if (test_bit(AS_ENOSPC, &mapping->flags)) 383 return -ENOSPC; 384 return 0; 385 } 386 387 /** 388 * __filemap_fdatawrite_range - start writeback on mapping dirty pages in range 389 * @mapping: address space structure to write 390 * @start: offset in bytes where the range starts 391 * @end: offset in bytes where the range ends (inclusive) 392 * @sync_mode: enable synchronous operation 393 * 394 * Start writeback against all of a mapping's dirty pages that lie 395 * within the byte offsets <start, end> inclusive. 396 * 397 * If sync_mode is WB_SYNC_ALL then this is a "data integrity" operation, as 398 * opposed to a regular memory cleansing writeback. The difference between 399 * these two operations is that if a dirty page/buffer is encountered, it must 400 * be waited upon, and not just skipped over. 401 * 402 * Return: %0 on success, negative error code otherwise. 403 */ 404 int __filemap_fdatawrite_range(struct address_space *mapping, loff_t start, 405 loff_t end, int sync_mode) 406 { 407 int ret; 408 struct writeback_control wbc = { 409 .sync_mode = sync_mode, 410 .nr_to_write = LONG_MAX, 411 .range_start = start, 412 .range_end = end, 413 }; 414 415 if (!mapping_cap_writeback_dirty(mapping)) 416 return 0; 417 418 wbc_attach_fdatawrite_inode(&wbc, mapping->host); 419 ret = do_writepages(mapping, &wbc); 420 wbc_detach_inode(&wbc); 421 return ret; 422 } 423 424 static inline int __filemap_fdatawrite(struct address_space *mapping, 425 int sync_mode) 426 { 427 return __filemap_fdatawrite_range(mapping, 0, LLONG_MAX, sync_mode); 428 } 429 430 int filemap_fdatawrite(struct address_space *mapping) 431 { 432 return __filemap_fdatawrite(mapping, WB_SYNC_ALL); 433 } 434 EXPORT_SYMBOL(filemap_fdatawrite); 435 436 int filemap_fdatawrite_range(struct address_space *mapping, loff_t start, 437 loff_t end) 438 { 439 return __filemap_fdatawrite_range(mapping, start, end, WB_SYNC_ALL); 440 } 441 EXPORT_SYMBOL(filemap_fdatawrite_range); 442 443 /** 444 * filemap_flush - mostly a non-blocking flush 445 * @mapping: target address_space 446 * 447 * This is a mostly non-blocking flush. Not suitable for data-integrity 448 * purposes - I/O may not be started against all dirty pages. 449 * 450 * Return: %0 on success, negative error code otherwise. 451 */ 452 int filemap_flush(struct address_space *mapping) 453 { 454 return __filemap_fdatawrite(mapping, WB_SYNC_NONE); 455 } 456 EXPORT_SYMBOL(filemap_flush); 457 458 /** 459 * filemap_range_has_page - check if a page exists in range. 460 * @mapping: address space within which to check 461 * @start_byte: offset in bytes where the range starts 462 * @end_byte: offset in bytes where the range ends (inclusive) 463 * 464 * Find at least one page in the range supplied, usually used to check if 465 * direct writing in this range will trigger a writeback. 466 * 467 * Return: %true if at least one page exists in the specified range, 468 * %false otherwise. 469 */ 470 bool filemap_range_has_page(struct address_space *mapping, 471 loff_t start_byte, loff_t end_byte) 472 { 473 struct page *page; 474 XA_STATE(xas, &mapping->i_pages, start_byte >> PAGE_SHIFT); 475 pgoff_t max = end_byte >> PAGE_SHIFT; 476 477 if (end_byte < start_byte) 478 return false; 479 480 rcu_read_lock(); 481 for (;;) { 482 page = xas_find(&xas, max); 483 if (xas_retry(&xas, page)) 484 continue; 485 /* Shadow entries don't count */ 486 if (xa_is_value(page)) 487 continue; 488 /* 489 * We don't need to try to pin this page; we're about to 490 * release the RCU lock anyway. It is enough to know that 491 * there was a page here recently. 492 */ 493 break; 494 } 495 rcu_read_unlock(); 496 497 return page != NULL; 498 } 499 EXPORT_SYMBOL(filemap_range_has_page); 500 501 static void __filemap_fdatawait_range(struct address_space *mapping, 502 loff_t start_byte, loff_t end_byte) 503 { 504 pgoff_t index = start_byte >> PAGE_SHIFT; 505 pgoff_t end = end_byte >> PAGE_SHIFT; 506 struct pagevec pvec; 507 int nr_pages; 508 509 if (end_byte < start_byte) 510 return; 511 512 pagevec_init(&pvec); 513 while (index <= end) { 514 unsigned i; 515 516 nr_pages = pagevec_lookup_range_tag(&pvec, mapping, &index, 517 end, PAGECACHE_TAG_WRITEBACK); 518 if (!nr_pages) 519 break; 520 521 for (i = 0; i < nr_pages; i++) { 522 struct page *page = pvec.pages[i]; 523 524 wait_on_page_writeback(page); 525 ClearPageError(page); 526 } 527 pagevec_release(&pvec); 528 cond_resched(); 529 } 530 } 531 532 /** 533 * filemap_fdatawait_range - wait for writeback to complete 534 * @mapping: address space structure to wait for 535 * @start_byte: offset in bytes where the range starts 536 * @end_byte: offset in bytes where the range ends (inclusive) 537 * 538 * Walk the list of under-writeback pages of the given address space 539 * in the given range and wait for all of them. Check error status of 540 * the address space and return it. 541 * 542 * Since the error status of the address space is cleared by this function, 543 * callers are responsible for checking the return value and handling and/or 544 * reporting the error. 545 * 546 * Return: error status of the address space. 547 */ 548 int filemap_fdatawait_range(struct address_space *mapping, loff_t start_byte, 549 loff_t end_byte) 550 { 551 __filemap_fdatawait_range(mapping, start_byte, end_byte); 552 return filemap_check_errors(mapping); 553 } 554 EXPORT_SYMBOL(filemap_fdatawait_range); 555 556 /** 557 * file_fdatawait_range - wait for writeback to complete 558 * @file: file pointing to address space structure to wait for 559 * @start_byte: offset in bytes where the range starts 560 * @end_byte: offset in bytes where the range ends (inclusive) 561 * 562 * Walk the list of under-writeback pages of the address space that file 563 * refers to, in the given range and wait for all of them. Check error 564 * status of the address space vs. the file->f_wb_err cursor and return it. 565 * 566 * Since the error status of the file is advanced by this function, 567 * callers are responsible for checking the return value and handling and/or 568 * reporting the error. 569 * 570 * Return: error status of the address space vs. the file->f_wb_err cursor. 571 */ 572 int file_fdatawait_range(struct file *file, loff_t start_byte, loff_t end_byte) 573 { 574 struct address_space *mapping = file->f_mapping; 575 576 __filemap_fdatawait_range(mapping, start_byte, end_byte); 577 return file_check_and_advance_wb_err(file); 578 } 579 EXPORT_SYMBOL(file_fdatawait_range); 580 581 /** 582 * filemap_fdatawait_keep_errors - wait for writeback without clearing errors 583 * @mapping: address space structure to wait for 584 * 585 * Walk the list of under-writeback pages of the given address space 586 * and wait for all of them. Unlike filemap_fdatawait(), this function 587 * does not clear error status of the address space. 588 * 589 * Use this function if callers don't handle errors themselves. Expected 590 * call sites are system-wide / filesystem-wide data flushers: e.g. sync(2), 591 * fsfreeze(8) 592 * 593 * Return: error status of the address space. 594 */ 595 int filemap_fdatawait_keep_errors(struct address_space *mapping) 596 { 597 __filemap_fdatawait_range(mapping, 0, LLONG_MAX); 598 return filemap_check_and_keep_errors(mapping); 599 } 600 EXPORT_SYMBOL(filemap_fdatawait_keep_errors); 601 602 static bool mapping_needs_writeback(struct address_space *mapping) 603 { 604 return (!dax_mapping(mapping) && mapping->nrpages) || 605 (dax_mapping(mapping) && mapping->nrexceptional); 606 } 607 608 int filemap_write_and_wait(struct address_space *mapping) 609 { 610 int err = 0; 611 612 if (mapping_needs_writeback(mapping)) { 613 err = filemap_fdatawrite(mapping); 614 /* 615 * Even if the above returned error, the pages may be 616 * written partially (e.g. -ENOSPC), so we wait for it. 617 * But the -EIO is special case, it may indicate the worst 618 * thing (e.g. bug) happened, so we avoid waiting for it. 619 */ 620 if (err != -EIO) { 621 int err2 = filemap_fdatawait(mapping); 622 if (!err) 623 err = err2; 624 } else { 625 /* Clear any previously stored errors */ 626 filemap_check_errors(mapping); 627 } 628 } else { 629 err = filemap_check_errors(mapping); 630 } 631 return err; 632 } 633 EXPORT_SYMBOL(filemap_write_and_wait); 634 635 /** 636 * filemap_write_and_wait_range - write out & wait on a file range 637 * @mapping: the address_space for the pages 638 * @lstart: offset in bytes where the range starts 639 * @lend: offset in bytes where the range ends (inclusive) 640 * 641 * Write out and wait upon file offsets lstart->lend, inclusive. 642 * 643 * Note that @lend is inclusive (describes the last byte to be written) so 644 * that this function can be used to write to the very end-of-file (end = -1). 645 * 646 * Return: error status of the address space. 647 */ 648 int filemap_write_and_wait_range(struct address_space *mapping, 649 loff_t lstart, loff_t lend) 650 { 651 int err = 0; 652 653 if (mapping_needs_writeback(mapping)) { 654 err = __filemap_fdatawrite_range(mapping, lstart, lend, 655 WB_SYNC_ALL); 656 /* See comment of filemap_write_and_wait() */ 657 if (err != -EIO) { 658 int err2 = filemap_fdatawait_range(mapping, 659 lstart, lend); 660 if (!err) 661 err = err2; 662 } else { 663 /* Clear any previously stored errors */ 664 filemap_check_errors(mapping); 665 } 666 } else { 667 err = filemap_check_errors(mapping); 668 } 669 return err; 670 } 671 EXPORT_SYMBOL(filemap_write_and_wait_range); 672 673 void __filemap_set_wb_err(struct address_space *mapping, int err) 674 { 675 errseq_t eseq = errseq_set(&mapping->wb_err, err); 676 677 trace_filemap_set_wb_err(mapping, eseq); 678 } 679 EXPORT_SYMBOL(__filemap_set_wb_err); 680 681 /** 682 * file_check_and_advance_wb_err - report wb error (if any) that was previously 683 * and advance wb_err to current one 684 * @file: struct file on which the error is being reported 685 * 686 * When userland calls fsync (or something like nfsd does the equivalent), we 687 * want to report any writeback errors that occurred since the last fsync (or 688 * since the file was opened if there haven't been any). 689 * 690 * Grab the wb_err from the mapping. If it matches what we have in the file, 691 * then just quickly return 0. The file is all caught up. 692 * 693 * If it doesn't match, then take the mapping value, set the "seen" flag in 694 * it and try to swap it into place. If it works, or another task beat us 695 * to it with the new value, then update the f_wb_err and return the error 696 * portion. The error at this point must be reported via proper channels 697 * (a'la fsync, or NFS COMMIT operation, etc.). 698 * 699 * While we handle mapping->wb_err with atomic operations, the f_wb_err 700 * value is protected by the f_lock since we must ensure that it reflects 701 * the latest value swapped in for this file descriptor. 702 * 703 * Return: %0 on success, negative error code otherwise. 704 */ 705 int file_check_and_advance_wb_err(struct file *file) 706 { 707 int err = 0; 708 errseq_t old = READ_ONCE(file->f_wb_err); 709 struct address_space *mapping = file->f_mapping; 710 711 /* Locklessly handle the common case where nothing has changed */ 712 if (errseq_check(&mapping->wb_err, old)) { 713 /* Something changed, must use slow path */ 714 spin_lock(&file->f_lock); 715 old = file->f_wb_err; 716 err = errseq_check_and_advance(&mapping->wb_err, 717 &file->f_wb_err); 718 trace_file_check_and_advance_wb_err(file, old); 719 spin_unlock(&file->f_lock); 720 } 721 722 /* 723 * We're mostly using this function as a drop in replacement for 724 * filemap_check_errors. Clear AS_EIO/AS_ENOSPC to emulate the effect 725 * that the legacy code would have had on these flags. 726 */ 727 clear_bit(AS_EIO, &mapping->flags); 728 clear_bit(AS_ENOSPC, &mapping->flags); 729 return err; 730 } 731 EXPORT_SYMBOL(file_check_and_advance_wb_err); 732 733 /** 734 * file_write_and_wait_range - write out & wait on a file range 735 * @file: file pointing to address_space with pages 736 * @lstart: offset in bytes where the range starts 737 * @lend: offset in bytes where the range ends (inclusive) 738 * 739 * Write out and wait upon file offsets lstart->lend, inclusive. 740 * 741 * Note that @lend is inclusive (describes the last byte to be written) so 742 * that this function can be used to write to the very end-of-file (end = -1). 743 * 744 * After writing out and waiting on the data, we check and advance the 745 * f_wb_err cursor to the latest value, and return any errors detected there. 746 * 747 * Return: %0 on success, negative error code otherwise. 748 */ 749 int file_write_and_wait_range(struct file *file, loff_t lstart, loff_t lend) 750 { 751 int err = 0, err2; 752 struct address_space *mapping = file->f_mapping; 753 754 if (mapping_needs_writeback(mapping)) { 755 err = __filemap_fdatawrite_range(mapping, lstart, lend, 756 WB_SYNC_ALL); 757 /* See comment of filemap_write_and_wait() */ 758 if (err != -EIO) 759 __filemap_fdatawait_range(mapping, lstart, lend); 760 } 761 err2 = file_check_and_advance_wb_err(file); 762 if (!err) 763 err = err2; 764 return err; 765 } 766 EXPORT_SYMBOL(file_write_and_wait_range); 767 768 /** 769 * replace_page_cache_page - replace a pagecache page with a new one 770 * @old: page to be replaced 771 * @new: page to replace with 772 * @gfp_mask: allocation mode 773 * 774 * This function replaces a page in the pagecache with a new one. On 775 * success it acquires the pagecache reference for the new page and 776 * drops it for the old page. Both the old and new pages must be 777 * locked. This function does not add the new page to the LRU, the 778 * caller must do that. 779 * 780 * The remove + add is atomic. This function cannot fail. 781 * 782 * Return: %0 783 */ 784 int replace_page_cache_page(struct page *old, struct page *new, gfp_t gfp_mask) 785 { 786 struct address_space *mapping = old->mapping; 787 void (*freepage)(struct page *) = mapping->a_ops->freepage; 788 pgoff_t offset = old->index; 789 XA_STATE(xas, &mapping->i_pages, offset); 790 unsigned long flags; 791 792 VM_BUG_ON_PAGE(!PageLocked(old), old); 793 VM_BUG_ON_PAGE(!PageLocked(new), new); 794 VM_BUG_ON_PAGE(new->mapping, new); 795 796 get_page(new); 797 new->mapping = mapping; 798 new->index = offset; 799 800 xas_lock_irqsave(&xas, flags); 801 xas_store(&xas, new); 802 803 old->mapping = NULL; 804 /* hugetlb pages do not participate in page cache accounting. */ 805 if (!PageHuge(old)) 806 __dec_node_page_state(new, NR_FILE_PAGES); 807 if (!PageHuge(new)) 808 __inc_node_page_state(new, NR_FILE_PAGES); 809 if (PageSwapBacked(old)) 810 __dec_node_page_state(new, NR_SHMEM); 811 if (PageSwapBacked(new)) 812 __inc_node_page_state(new, NR_SHMEM); 813 xas_unlock_irqrestore(&xas, flags); 814 mem_cgroup_migrate(old, new); 815 if (freepage) 816 freepage(old); 817 put_page(old); 818 819 return 0; 820 } 821 EXPORT_SYMBOL_GPL(replace_page_cache_page); 822 823 static int __add_to_page_cache_locked(struct page *page, 824 struct address_space *mapping, 825 pgoff_t offset, gfp_t gfp_mask, 826 void **shadowp) 827 { 828 XA_STATE(xas, &mapping->i_pages, offset); 829 int huge = PageHuge(page); 830 struct mem_cgroup *memcg; 831 int error; 832 void *old; 833 834 VM_BUG_ON_PAGE(!PageLocked(page), page); 835 VM_BUG_ON_PAGE(PageSwapBacked(page), page); 836 mapping_set_update(&xas, mapping); 837 838 if (!huge) { 839 error = mem_cgroup_try_charge(page, current->mm, 840 gfp_mask, &memcg, false); 841 if (error) 842 return error; 843 } 844 845 get_page(page); 846 page->mapping = mapping; 847 page->index = offset; 848 849 do { 850 xas_lock_irq(&xas); 851 old = xas_load(&xas); 852 if (old && !xa_is_value(old)) 853 xas_set_err(&xas, -EEXIST); 854 xas_store(&xas, page); 855 if (xas_error(&xas)) 856 goto unlock; 857 858 if (xa_is_value(old)) { 859 mapping->nrexceptional--; 860 if (shadowp) 861 *shadowp = old; 862 } 863 mapping->nrpages++; 864 865 /* hugetlb pages do not participate in page cache accounting */ 866 if (!huge) 867 __inc_node_page_state(page, NR_FILE_PAGES); 868 unlock: 869 xas_unlock_irq(&xas); 870 } while (xas_nomem(&xas, gfp_mask & GFP_RECLAIM_MASK)); 871 872 if (xas_error(&xas)) 873 goto error; 874 875 if (!huge) 876 mem_cgroup_commit_charge(page, memcg, false, false); 877 trace_mm_filemap_add_to_page_cache(page); 878 return 0; 879 error: 880 page->mapping = NULL; 881 /* Leave page->index set: truncation relies upon it */ 882 if (!huge) 883 mem_cgroup_cancel_charge(page, memcg, false); 884 put_page(page); 885 return xas_error(&xas); 886 } 887 ALLOW_ERROR_INJECTION(__add_to_page_cache_locked, ERRNO); 888 889 /** 890 * add_to_page_cache_locked - add a locked page to the pagecache 891 * @page: page to add 892 * @mapping: the page's address_space 893 * @offset: page index 894 * @gfp_mask: page allocation mode 895 * 896 * This function is used to add a page to the pagecache. It must be locked. 897 * This function does not add the page to the LRU. The caller must do that. 898 * 899 * Return: %0 on success, negative error code otherwise. 900 */ 901 int add_to_page_cache_locked(struct page *page, struct address_space *mapping, 902 pgoff_t offset, gfp_t gfp_mask) 903 { 904 return __add_to_page_cache_locked(page, mapping, offset, 905 gfp_mask, NULL); 906 } 907 EXPORT_SYMBOL(add_to_page_cache_locked); 908 909 int add_to_page_cache_lru(struct page *page, struct address_space *mapping, 910 pgoff_t offset, gfp_t gfp_mask) 911 { 912 void *shadow = NULL; 913 int ret; 914 915 __SetPageLocked(page); 916 ret = __add_to_page_cache_locked(page, mapping, offset, 917 gfp_mask, &shadow); 918 if (unlikely(ret)) 919 __ClearPageLocked(page); 920 else { 921 /* 922 * The page might have been evicted from cache only 923 * recently, in which case it should be activated like 924 * any other repeatedly accessed page. 925 * The exception is pages getting rewritten; evicting other 926 * data from the working set, only to cache data that will 927 * get overwritten with something else, is a waste of memory. 928 */ 929 WARN_ON_ONCE(PageActive(page)); 930 if (!(gfp_mask & __GFP_WRITE) && shadow) 931 workingset_refault(page, shadow); 932 lru_cache_add(page); 933 } 934 return ret; 935 } 936 EXPORT_SYMBOL_GPL(add_to_page_cache_lru); 937 938 #ifdef CONFIG_NUMA 939 struct page *__page_cache_alloc(gfp_t gfp) 940 { 941 int n; 942 struct page *page; 943 944 if (cpuset_do_page_mem_spread()) { 945 unsigned int cpuset_mems_cookie; 946 do { 947 cpuset_mems_cookie = read_mems_allowed_begin(); 948 n = cpuset_mem_spread_node(); 949 page = __alloc_pages_node(n, gfp, 0); 950 } while (!page && read_mems_allowed_retry(cpuset_mems_cookie)); 951 952 return page; 953 } 954 return alloc_pages(gfp, 0); 955 } 956 EXPORT_SYMBOL(__page_cache_alloc); 957 #endif 958 959 /* 960 * In order to wait for pages to become available there must be 961 * waitqueues associated with pages. By using a hash table of 962 * waitqueues where the bucket discipline is to maintain all 963 * waiters on the same queue and wake all when any of the pages 964 * become available, and for the woken contexts to check to be 965 * sure the appropriate page became available, this saves space 966 * at a cost of "thundering herd" phenomena during rare hash 967 * collisions. 968 */ 969 #define PAGE_WAIT_TABLE_BITS 8 970 #define PAGE_WAIT_TABLE_SIZE (1 << PAGE_WAIT_TABLE_BITS) 971 static wait_queue_head_t page_wait_table[PAGE_WAIT_TABLE_SIZE] __cacheline_aligned; 972 973 static wait_queue_head_t *page_waitqueue(struct page *page) 974 { 975 return &page_wait_table[hash_ptr(page, PAGE_WAIT_TABLE_BITS)]; 976 } 977 978 void __init pagecache_init(void) 979 { 980 int i; 981 982 for (i = 0; i < PAGE_WAIT_TABLE_SIZE; i++) 983 init_waitqueue_head(&page_wait_table[i]); 984 985 page_writeback_init(); 986 } 987 988 /* This has the same layout as wait_bit_key - see fs/cachefiles/rdwr.c */ 989 struct wait_page_key { 990 struct page *page; 991 int bit_nr; 992 int page_match; 993 }; 994 995 struct wait_page_queue { 996 struct page *page; 997 int bit_nr; 998 wait_queue_entry_t wait; 999 }; 1000 1001 static int wake_page_function(wait_queue_entry_t *wait, unsigned mode, int sync, void *arg) 1002 { 1003 struct wait_page_key *key = arg; 1004 struct wait_page_queue *wait_page 1005 = container_of(wait, struct wait_page_queue, wait); 1006 1007 if (wait_page->page != key->page) 1008 return 0; 1009 key->page_match = 1; 1010 1011 if (wait_page->bit_nr != key->bit_nr) 1012 return 0; 1013 1014 /* 1015 * Stop walking if it's locked. 1016 * Is this safe if put_and_wait_on_page_locked() is in use? 1017 * Yes: the waker must hold a reference to this page, and if PG_locked 1018 * has now already been set by another task, that task must also hold 1019 * a reference to the *same usage* of this page; so there is no need 1020 * to walk on to wake even the put_and_wait_on_page_locked() callers. 1021 */ 1022 if (test_bit(key->bit_nr, &key->page->flags)) 1023 return -1; 1024 1025 return autoremove_wake_function(wait, mode, sync, key); 1026 } 1027 1028 static void wake_up_page_bit(struct page *page, int bit_nr) 1029 { 1030 wait_queue_head_t *q = page_waitqueue(page); 1031 struct wait_page_key key; 1032 unsigned long flags; 1033 wait_queue_entry_t bookmark; 1034 1035 key.page = page; 1036 key.bit_nr = bit_nr; 1037 key.page_match = 0; 1038 1039 bookmark.flags = 0; 1040 bookmark.private = NULL; 1041 bookmark.func = NULL; 1042 INIT_LIST_HEAD(&bookmark.entry); 1043 1044 spin_lock_irqsave(&q->lock, flags); 1045 __wake_up_locked_key_bookmark(q, TASK_NORMAL, &key, &bookmark); 1046 1047 while (bookmark.flags & WQ_FLAG_BOOKMARK) { 1048 /* 1049 * Take a breather from holding the lock, 1050 * allow pages that finish wake up asynchronously 1051 * to acquire the lock and remove themselves 1052 * from wait queue 1053 */ 1054 spin_unlock_irqrestore(&q->lock, flags); 1055 cpu_relax(); 1056 spin_lock_irqsave(&q->lock, flags); 1057 __wake_up_locked_key_bookmark(q, TASK_NORMAL, &key, &bookmark); 1058 } 1059 1060 /* 1061 * It is possible for other pages to have collided on the waitqueue 1062 * hash, so in that case check for a page match. That prevents a long- 1063 * term waiter 1064 * 1065 * It is still possible to miss a case here, when we woke page waiters 1066 * and removed them from the waitqueue, but there are still other 1067 * page waiters. 1068 */ 1069 if (!waitqueue_active(q) || !key.page_match) { 1070 ClearPageWaiters(page); 1071 /* 1072 * It's possible to miss clearing Waiters here, when we woke 1073 * our page waiters, but the hashed waitqueue has waiters for 1074 * other pages on it. 1075 * 1076 * That's okay, it's a rare case. The next waker will clear it. 1077 */ 1078 } 1079 spin_unlock_irqrestore(&q->lock, flags); 1080 } 1081 1082 static void wake_up_page(struct page *page, int bit) 1083 { 1084 if (!PageWaiters(page)) 1085 return; 1086 wake_up_page_bit(page, bit); 1087 } 1088 1089 /* 1090 * A choice of three behaviors for wait_on_page_bit_common(): 1091 */ 1092 enum behavior { 1093 EXCLUSIVE, /* Hold ref to page and take the bit when woken, like 1094 * __lock_page() waiting on then setting PG_locked. 1095 */ 1096 SHARED, /* Hold ref to page and check the bit when woken, like 1097 * wait_on_page_writeback() waiting on PG_writeback. 1098 */ 1099 DROP, /* Drop ref to page before wait, no check when woken, 1100 * like put_and_wait_on_page_locked() on PG_locked. 1101 */ 1102 }; 1103 1104 static inline int wait_on_page_bit_common(wait_queue_head_t *q, 1105 struct page *page, int bit_nr, int state, enum behavior behavior) 1106 { 1107 struct wait_page_queue wait_page; 1108 wait_queue_entry_t *wait = &wait_page.wait; 1109 bool bit_is_set; 1110 bool thrashing = false; 1111 bool delayacct = false; 1112 unsigned long pflags; 1113 int ret = 0; 1114 1115 if (bit_nr == PG_locked && 1116 !PageUptodate(page) && PageWorkingset(page)) { 1117 if (!PageSwapBacked(page)) { 1118 delayacct_thrashing_start(); 1119 delayacct = true; 1120 } 1121 psi_memstall_enter(&pflags); 1122 thrashing = true; 1123 } 1124 1125 init_wait(wait); 1126 wait->flags = behavior == EXCLUSIVE ? WQ_FLAG_EXCLUSIVE : 0; 1127 wait->func = wake_page_function; 1128 wait_page.page = page; 1129 wait_page.bit_nr = bit_nr; 1130 1131 for (;;) { 1132 spin_lock_irq(&q->lock); 1133 1134 if (likely(list_empty(&wait->entry))) { 1135 __add_wait_queue_entry_tail(q, wait); 1136 SetPageWaiters(page); 1137 } 1138 1139 set_current_state(state); 1140 1141 spin_unlock_irq(&q->lock); 1142 1143 bit_is_set = test_bit(bit_nr, &page->flags); 1144 if (behavior == DROP) 1145 put_page(page); 1146 1147 if (likely(bit_is_set)) 1148 io_schedule(); 1149 1150 if (behavior == EXCLUSIVE) { 1151 if (!test_and_set_bit_lock(bit_nr, &page->flags)) 1152 break; 1153 } else if (behavior == SHARED) { 1154 if (!test_bit(bit_nr, &page->flags)) 1155 break; 1156 } 1157 1158 if (signal_pending_state(state, current)) { 1159 ret = -EINTR; 1160 break; 1161 } 1162 1163 if (behavior == DROP) { 1164 /* 1165 * We can no longer safely access page->flags: 1166 * even if CONFIG_MEMORY_HOTREMOVE is not enabled, 1167 * there is a risk of waiting forever on a page reused 1168 * for something that keeps it locked indefinitely. 1169 * But best check for -EINTR above before breaking. 1170 */ 1171 break; 1172 } 1173 } 1174 1175 finish_wait(q, wait); 1176 1177 if (thrashing) { 1178 if (delayacct) 1179 delayacct_thrashing_end(); 1180 psi_memstall_leave(&pflags); 1181 } 1182 1183 /* 1184 * A signal could leave PageWaiters set. Clearing it here if 1185 * !waitqueue_active would be possible (by open-coding finish_wait), 1186 * but still fail to catch it in the case of wait hash collision. We 1187 * already can fail to clear wait hash collision cases, so don't 1188 * bother with signals either. 1189 */ 1190 1191 return ret; 1192 } 1193 1194 void wait_on_page_bit(struct page *page, int bit_nr) 1195 { 1196 wait_queue_head_t *q = page_waitqueue(page); 1197 wait_on_page_bit_common(q, page, bit_nr, TASK_UNINTERRUPTIBLE, SHARED); 1198 } 1199 EXPORT_SYMBOL(wait_on_page_bit); 1200 1201 int wait_on_page_bit_killable(struct page *page, int bit_nr) 1202 { 1203 wait_queue_head_t *q = page_waitqueue(page); 1204 return wait_on_page_bit_common(q, page, bit_nr, TASK_KILLABLE, SHARED); 1205 } 1206 EXPORT_SYMBOL(wait_on_page_bit_killable); 1207 1208 /** 1209 * put_and_wait_on_page_locked - Drop a reference and wait for it to be unlocked 1210 * @page: The page to wait for. 1211 * 1212 * The caller should hold a reference on @page. They expect the page to 1213 * become unlocked relatively soon, but do not wish to hold up migration 1214 * (for example) by holding the reference while waiting for the page to 1215 * come unlocked. After this function returns, the caller should not 1216 * dereference @page. 1217 */ 1218 void put_and_wait_on_page_locked(struct page *page) 1219 { 1220 wait_queue_head_t *q; 1221 1222 page = compound_head(page); 1223 q = page_waitqueue(page); 1224 wait_on_page_bit_common(q, page, PG_locked, TASK_UNINTERRUPTIBLE, DROP); 1225 } 1226 1227 /** 1228 * add_page_wait_queue - Add an arbitrary waiter to a page's wait queue 1229 * @page: Page defining the wait queue of interest 1230 * @waiter: Waiter to add to the queue 1231 * 1232 * Add an arbitrary @waiter to the wait queue for the nominated @page. 1233 */ 1234 void add_page_wait_queue(struct page *page, wait_queue_entry_t *waiter) 1235 { 1236 wait_queue_head_t *q = page_waitqueue(page); 1237 unsigned long flags; 1238 1239 spin_lock_irqsave(&q->lock, flags); 1240 __add_wait_queue_entry_tail(q, waiter); 1241 SetPageWaiters(page); 1242 spin_unlock_irqrestore(&q->lock, flags); 1243 } 1244 EXPORT_SYMBOL_GPL(add_page_wait_queue); 1245 1246 #ifndef clear_bit_unlock_is_negative_byte 1247 1248 /* 1249 * PG_waiters is the high bit in the same byte as PG_lock. 1250 * 1251 * On x86 (and on many other architectures), we can clear PG_lock and 1252 * test the sign bit at the same time. But if the architecture does 1253 * not support that special operation, we just do this all by hand 1254 * instead. 1255 * 1256 * The read of PG_waiters has to be after (or concurrently with) PG_locked 1257 * being cleared, but a memory barrier should be unneccssary since it is 1258 * in the same byte as PG_locked. 1259 */ 1260 static inline bool clear_bit_unlock_is_negative_byte(long nr, volatile void *mem) 1261 { 1262 clear_bit_unlock(nr, mem); 1263 /* smp_mb__after_atomic(); */ 1264 return test_bit(PG_waiters, mem); 1265 } 1266 1267 #endif 1268 1269 /** 1270 * unlock_page - unlock a locked page 1271 * @page: the page 1272 * 1273 * Unlocks the page and wakes up sleepers in ___wait_on_page_locked(). 1274 * Also wakes sleepers in wait_on_page_writeback() because the wakeup 1275 * mechanism between PageLocked pages and PageWriteback pages is shared. 1276 * But that's OK - sleepers in wait_on_page_writeback() just go back to sleep. 1277 * 1278 * Note that this depends on PG_waiters being the sign bit in the byte 1279 * that contains PG_locked - thus the BUILD_BUG_ON(). That allows us to 1280 * clear the PG_locked bit and test PG_waiters at the same time fairly 1281 * portably (architectures that do LL/SC can test any bit, while x86 can 1282 * test the sign bit). 1283 */ 1284 void unlock_page(struct page *page) 1285 { 1286 BUILD_BUG_ON(PG_waiters != 7); 1287 page = compound_head(page); 1288 VM_BUG_ON_PAGE(!PageLocked(page), page); 1289 if (clear_bit_unlock_is_negative_byte(PG_locked, &page->flags)) 1290 wake_up_page_bit(page, PG_locked); 1291 } 1292 EXPORT_SYMBOL(unlock_page); 1293 1294 /** 1295 * end_page_writeback - end writeback against a page 1296 * @page: the page 1297 */ 1298 void end_page_writeback(struct page *page) 1299 { 1300 /* 1301 * TestClearPageReclaim could be used here but it is an atomic 1302 * operation and overkill in this particular case. Failing to 1303 * shuffle a page marked for immediate reclaim is too mild to 1304 * justify taking an atomic operation penalty at the end of 1305 * ever page writeback. 1306 */ 1307 if (PageReclaim(page)) { 1308 ClearPageReclaim(page); 1309 rotate_reclaimable_page(page); 1310 } 1311 1312 if (!test_clear_page_writeback(page)) 1313 BUG(); 1314 1315 smp_mb__after_atomic(); 1316 wake_up_page(page, PG_writeback); 1317 } 1318 EXPORT_SYMBOL(end_page_writeback); 1319 1320 /* 1321 * After completing I/O on a page, call this routine to update the page 1322 * flags appropriately 1323 */ 1324 void page_endio(struct page *page, bool is_write, int err) 1325 { 1326 if (!is_write) { 1327 if (!err) { 1328 SetPageUptodate(page); 1329 } else { 1330 ClearPageUptodate(page); 1331 SetPageError(page); 1332 } 1333 unlock_page(page); 1334 } else { 1335 if (err) { 1336 struct address_space *mapping; 1337 1338 SetPageError(page); 1339 mapping = page_mapping(page); 1340 if (mapping) 1341 mapping_set_error(mapping, err); 1342 } 1343 end_page_writeback(page); 1344 } 1345 } 1346 EXPORT_SYMBOL_GPL(page_endio); 1347 1348 /** 1349 * __lock_page - get a lock on the page, assuming we need to sleep to get it 1350 * @__page: the page to lock 1351 */ 1352 void __lock_page(struct page *__page) 1353 { 1354 struct page *page = compound_head(__page); 1355 wait_queue_head_t *q = page_waitqueue(page); 1356 wait_on_page_bit_common(q, page, PG_locked, TASK_UNINTERRUPTIBLE, 1357 EXCLUSIVE); 1358 } 1359 EXPORT_SYMBOL(__lock_page); 1360 1361 int __lock_page_killable(struct page *__page) 1362 { 1363 struct page *page = compound_head(__page); 1364 wait_queue_head_t *q = page_waitqueue(page); 1365 return wait_on_page_bit_common(q, page, PG_locked, TASK_KILLABLE, 1366 EXCLUSIVE); 1367 } 1368 EXPORT_SYMBOL_GPL(__lock_page_killable); 1369 1370 /* 1371 * Return values: 1372 * 1 - page is locked; mmap_sem is still held. 1373 * 0 - page is not locked. 1374 * mmap_sem has been released (up_read()), unless flags had both 1375 * FAULT_FLAG_ALLOW_RETRY and FAULT_FLAG_RETRY_NOWAIT set, in 1376 * which case mmap_sem is still held. 1377 * 1378 * If neither ALLOW_RETRY nor KILLABLE are set, will always return 1 1379 * with the page locked and the mmap_sem unperturbed. 1380 */ 1381 int __lock_page_or_retry(struct page *page, struct mm_struct *mm, 1382 unsigned int flags) 1383 { 1384 if (flags & FAULT_FLAG_ALLOW_RETRY) { 1385 /* 1386 * CAUTION! In this case, mmap_sem is not released 1387 * even though return 0. 1388 */ 1389 if (flags & FAULT_FLAG_RETRY_NOWAIT) 1390 return 0; 1391 1392 up_read(&mm->mmap_sem); 1393 if (flags & FAULT_FLAG_KILLABLE) 1394 wait_on_page_locked_killable(page); 1395 else 1396 wait_on_page_locked(page); 1397 return 0; 1398 } else { 1399 if (flags & FAULT_FLAG_KILLABLE) { 1400 int ret; 1401 1402 ret = __lock_page_killable(page); 1403 if (ret) { 1404 up_read(&mm->mmap_sem); 1405 return 0; 1406 } 1407 } else 1408 __lock_page(page); 1409 return 1; 1410 } 1411 } 1412 1413 /** 1414 * page_cache_next_miss() - Find the next gap in the page cache. 1415 * @mapping: Mapping. 1416 * @index: Index. 1417 * @max_scan: Maximum range to search. 1418 * 1419 * Search the range [index, min(index + max_scan - 1, ULONG_MAX)] for the 1420 * gap with the lowest index. 1421 * 1422 * This function may be called under the rcu_read_lock. However, this will 1423 * not atomically search a snapshot of the cache at a single point in time. 1424 * For example, if a gap is created at index 5, then subsequently a gap is 1425 * created at index 10, page_cache_next_miss covering both indices may 1426 * return 10 if called under the rcu_read_lock. 1427 * 1428 * Return: The index of the gap if found, otherwise an index outside the 1429 * range specified (in which case 'return - index >= max_scan' will be true). 1430 * In the rare case of index wrap-around, 0 will be returned. 1431 */ 1432 pgoff_t page_cache_next_miss(struct address_space *mapping, 1433 pgoff_t index, unsigned long max_scan) 1434 { 1435 XA_STATE(xas, &mapping->i_pages, index); 1436 1437 while (max_scan--) { 1438 void *entry = xas_next(&xas); 1439 if (!entry || xa_is_value(entry)) 1440 break; 1441 if (xas.xa_index == 0) 1442 break; 1443 } 1444 1445 return xas.xa_index; 1446 } 1447 EXPORT_SYMBOL(page_cache_next_miss); 1448 1449 /** 1450 * page_cache_prev_miss() - Find the previous gap in the page cache. 1451 * @mapping: Mapping. 1452 * @index: Index. 1453 * @max_scan: Maximum range to search. 1454 * 1455 * Search the range [max(index - max_scan + 1, 0), index] for the 1456 * gap with the highest index. 1457 * 1458 * This function may be called under the rcu_read_lock. However, this will 1459 * not atomically search a snapshot of the cache at a single point in time. 1460 * For example, if a gap is created at index 10, then subsequently a gap is 1461 * created at index 5, page_cache_prev_miss() covering both indices may 1462 * return 5 if called under the rcu_read_lock. 1463 * 1464 * Return: The index of the gap if found, otherwise an index outside the 1465 * range specified (in which case 'index - return >= max_scan' will be true). 1466 * In the rare case of wrap-around, ULONG_MAX will be returned. 1467 */ 1468 pgoff_t page_cache_prev_miss(struct address_space *mapping, 1469 pgoff_t index, unsigned long max_scan) 1470 { 1471 XA_STATE(xas, &mapping->i_pages, index); 1472 1473 while (max_scan--) { 1474 void *entry = xas_prev(&xas); 1475 if (!entry || xa_is_value(entry)) 1476 break; 1477 if (xas.xa_index == ULONG_MAX) 1478 break; 1479 } 1480 1481 return xas.xa_index; 1482 } 1483 EXPORT_SYMBOL(page_cache_prev_miss); 1484 1485 /** 1486 * find_get_entry - find and get a page cache entry 1487 * @mapping: the address_space to search 1488 * @offset: the page cache index 1489 * 1490 * Looks up the page cache slot at @mapping & @offset. If there is a 1491 * page cache page, it is returned with an increased refcount. 1492 * 1493 * If the slot holds a shadow entry of a previously evicted page, or a 1494 * swap entry from shmem/tmpfs, it is returned. 1495 * 1496 * Return: the found page or shadow entry, %NULL if nothing is found. 1497 */ 1498 struct page *find_get_entry(struct address_space *mapping, pgoff_t offset) 1499 { 1500 XA_STATE(xas, &mapping->i_pages, offset); 1501 struct page *page; 1502 1503 rcu_read_lock(); 1504 repeat: 1505 xas_reset(&xas); 1506 page = xas_load(&xas); 1507 if (xas_retry(&xas, page)) 1508 goto repeat; 1509 /* 1510 * A shadow entry of a recently evicted page, or a swap entry from 1511 * shmem/tmpfs. Return it without attempting to raise page count. 1512 */ 1513 if (!page || xa_is_value(page)) 1514 goto out; 1515 1516 if (!page_cache_get_speculative(page)) 1517 goto repeat; 1518 1519 /* 1520 * Has the page moved or been split? 1521 * This is part of the lockless pagecache protocol. See 1522 * include/linux/pagemap.h for details. 1523 */ 1524 if (unlikely(page != xas_reload(&xas))) { 1525 put_page(page); 1526 goto repeat; 1527 } 1528 page = find_subpage(page, offset); 1529 out: 1530 rcu_read_unlock(); 1531 1532 return page; 1533 } 1534 EXPORT_SYMBOL(find_get_entry); 1535 1536 /** 1537 * find_lock_entry - locate, pin and lock a page cache entry 1538 * @mapping: the address_space to search 1539 * @offset: the page cache index 1540 * 1541 * Looks up the page cache slot at @mapping & @offset. If there is a 1542 * page cache page, it is returned locked and with an increased 1543 * refcount. 1544 * 1545 * If the slot holds a shadow entry of a previously evicted page, or a 1546 * swap entry from shmem/tmpfs, it is returned. 1547 * 1548 * find_lock_entry() may sleep. 1549 * 1550 * Return: the found page or shadow entry, %NULL if nothing is found. 1551 */ 1552 struct page *find_lock_entry(struct address_space *mapping, pgoff_t offset) 1553 { 1554 struct page *page; 1555 1556 repeat: 1557 page = find_get_entry(mapping, offset); 1558 if (page && !xa_is_value(page)) { 1559 lock_page(page); 1560 /* Has the page been truncated? */ 1561 if (unlikely(page_mapping(page) != mapping)) { 1562 unlock_page(page); 1563 put_page(page); 1564 goto repeat; 1565 } 1566 VM_BUG_ON_PAGE(page_to_pgoff(page) != offset, page); 1567 } 1568 return page; 1569 } 1570 EXPORT_SYMBOL(find_lock_entry); 1571 1572 /** 1573 * pagecache_get_page - find and get a page reference 1574 * @mapping: the address_space to search 1575 * @offset: the page index 1576 * @fgp_flags: PCG flags 1577 * @gfp_mask: gfp mask to use for the page cache data page allocation 1578 * 1579 * Looks up the page cache slot at @mapping & @offset. 1580 * 1581 * PCG flags modify how the page is returned. 1582 * 1583 * @fgp_flags can be: 1584 * 1585 * - FGP_ACCESSED: the page will be marked accessed 1586 * - FGP_LOCK: Page is return locked 1587 * - FGP_CREAT: If page is not present then a new page is allocated using 1588 * @gfp_mask and added to the page cache and the VM's LRU 1589 * list. The page is returned locked and with an increased 1590 * refcount. 1591 * - FGP_FOR_MMAP: Similar to FGP_CREAT, only we want to allow the caller to do 1592 * its own locking dance if the page is already in cache, or unlock the page 1593 * before returning if we had to add the page to pagecache. 1594 * 1595 * If FGP_LOCK or FGP_CREAT are specified then the function may sleep even 1596 * if the GFP flags specified for FGP_CREAT are atomic. 1597 * 1598 * If there is a page cache page, it is returned with an increased refcount. 1599 * 1600 * Return: the found page or %NULL otherwise. 1601 */ 1602 struct page *pagecache_get_page(struct address_space *mapping, pgoff_t offset, 1603 int fgp_flags, gfp_t gfp_mask) 1604 { 1605 struct page *page; 1606 1607 repeat: 1608 page = find_get_entry(mapping, offset); 1609 if (xa_is_value(page)) 1610 page = NULL; 1611 if (!page) 1612 goto no_page; 1613 1614 if (fgp_flags & FGP_LOCK) { 1615 if (fgp_flags & FGP_NOWAIT) { 1616 if (!trylock_page(page)) { 1617 put_page(page); 1618 return NULL; 1619 } 1620 } else { 1621 lock_page(page); 1622 } 1623 1624 /* Has the page been truncated? */ 1625 if (unlikely(page->mapping != mapping)) { 1626 unlock_page(page); 1627 put_page(page); 1628 goto repeat; 1629 } 1630 VM_BUG_ON_PAGE(page->index != offset, page); 1631 } 1632 1633 if (fgp_flags & FGP_ACCESSED) 1634 mark_page_accessed(page); 1635 1636 no_page: 1637 if (!page && (fgp_flags & FGP_CREAT)) { 1638 int err; 1639 if ((fgp_flags & FGP_WRITE) && mapping_cap_account_dirty(mapping)) 1640 gfp_mask |= __GFP_WRITE; 1641 if (fgp_flags & FGP_NOFS) 1642 gfp_mask &= ~__GFP_FS; 1643 1644 page = __page_cache_alloc(gfp_mask); 1645 if (!page) 1646 return NULL; 1647 1648 if (WARN_ON_ONCE(!(fgp_flags & (FGP_LOCK | FGP_FOR_MMAP)))) 1649 fgp_flags |= FGP_LOCK; 1650 1651 /* Init accessed so avoid atomic mark_page_accessed later */ 1652 if (fgp_flags & FGP_ACCESSED) 1653 __SetPageReferenced(page); 1654 1655 err = add_to_page_cache_lru(page, mapping, offset, gfp_mask); 1656 if (unlikely(err)) { 1657 put_page(page); 1658 page = NULL; 1659 if (err == -EEXIST) 1660 goto repeat; 1661 } 1662 1663 /* 1664 * add_to_page_cache_lru locks the page, and for mmap we expect 1665 * an unlocked page. 1666 */ 1667 if (page && (fgp_flags & FGP_FOR_MMAP)) 1668 unlock_page(page); 1669 } 1670 1671 return page; 1672 } 1673 EXPORT_SYMBOL(pagecache_get_page); 1674 1675 /** 1676 * find_get_entries - gang pagecache lookup 1677 * @mapping: The address_space to search 1678 * @start: The starting page cache index 1679 * @nr_entries: The maximum number of entries 1680 * @entries: Where the resulting entries are placed 1681 * @indices: The cache indices corresponding to the entries in @entries 1682 * 1683 * find_get_entries() will search for and return a group of up to 1684 * @nr_entries entries in the mapping. The entries are placed at 1685 * @entries. find_get_entries() takes a reference against any actual 1686 * pages it returns. 1687 * 1688 * The search returns a group of mapping-contiguous page cache entries 1689 * with ascending indexes. There may be holes in the indices due to 1690 * not-present pages. 1691 * 1692 * Any shadow entries of evicted pages, or swap entries from 1693 * shmem/tmpfs, are included in the returned array. 1694 * 1695 * Return: the number of pages and shadow entries which were found. 1696 */ 1697 unsigned find_get_entries(struct address_space *mapping, 1698 pgoff_t start, unsigned int nr_entries, 1699 struct page **entries, pgoff_t *indices) 1700 { 1701 XA_STATE(xas, &mapping->i_pages, start); 1702 struct page *page; 1703 unsigned int ret = 0; 1704 1705 if (!nr_entries) 1706 return 0; 1707 1708 rcu_read_lock(); 1709 xas_for_each(&xas, page, ULONG_MAX) { 1710 if (xas_retry(&xas, page)) 1711 continue; 1712 /* 1713 * A shadow entry of a recently evicted page, a swap 1714 * entry from shmem/tmpfs or a DAX entry. Return it 1715 * without attempting to raise page count. 1716 */ 1717 if (xa_is_value(page)) 1718 goto export; 1719 1720 if (!page_cache_get_speculative(page)) 1721 goto retry; 1722 1723 /* Has the page moved or been split? */ 1724 if (unlikely(page != xas_reload(&xas))) 1725 goto put_page; 1726 page = find_subpage(page, xas.xa_index); 1727 1728 export: 1729 indices[ret] = xas.xa_index; 1730 entries[ret] = page; 1731 if (++ret == nr_entries) 1732 break; 1733 continue; 1734 put_page: 1735 put_page(page); 1736 retry: 1737 xas_reset(&xas); 1738 } 1739 rcu_read_unlock(); 1740 return ret; 1741 } 1742 1743 /** 1744 * find_get_pages_range - gang pagecache lookup 1745 * @mapping: The address_space to search 1746 * @start: The starting page index 1747 * @end: The final page index (inclusive) 1748 * @nr_pages: The maximum number of pages 1749 * @pages: Where the resulting pages are placed 1750 * 1751 * find_get_pages_range() will search for and return a group of up to @nr_pages 1752 * pages in the mapping starting at index @start and up to index @end 1753 * (inclusive). The pages are placed at @pages. find_get_pages_range() takes 1754 * a reference against the returned pages. 1755 * 1756 * The search returns a group of mapping-contiguous pages with ascending 1757 * indexes. There may be holes in the indices due to not-present pages. 1758 * We also update @start to index the next page for the traversal. 1759 * 1760 * Return: the number of pages which were found. If this number is 1761 * smaller than @nr_pages, the end of specified range has been 1762 * reached. 1763 */ 1764 unsigned find_get_pages_range(struct address_space *mapping, pgoff_t *start, 1765 pgoff_t end, unsigned int nr_pages, 1766 struct page **pages) 1767 { 1768 XA_STATE(xas, &mapping->i_pages, *start); 1769 struct page *page; 1770 unsigned ret = 0; 1771 1772 if (unlikely(!nr_pages)) 1773 return 0; 1774 1775 rcu_read_lock(); 1776 xas_for_each(&xas, page, end) { 1777 if (xas_retry(&xas, page)) 1778 continue; 1779 /* Skip over shadow, swap and DAX entries */ 1780 if (xa_is_value(page)) 1781 continue; 1782 1783 if (!page_cache_get_speculative(page)) 1784 goto retry; 1785 1786 /* Has the page moved or been split? */ 1787 if (unlikely(page != xas_reload(&xas))) 1788 goto put_page; 1789 1790 pages[ret] = find_subpage(page, xas.xa_index); 1791 if (++ret == nr_pages) { 1792 *start = xas.xa_index + 1; 1793 goto out; 1794 } 1795 continue; 1796 put_page: 1797 put_page(page); 1798 retry: 1799 xas_reset(&xas); 1800 } 1801 1802 /* 1803 * We come here when there is no page beyond @end. We take care to not 1804 * overflow the index @start as it confuses some of the callers. This 1805 * breaks the iteration when there is a page at index -1 but that is 1806 * already broken anyway. 1807 */ 1808 if (end == (pgoff_t)-1) 1809 *start = (pgoff_t)-1; 1810 else 1811 *start = end + 1; 1812 out: 1813 rcu_read_unlock(); 1814 1815 return ret; 1816 } 1817 1818 /** 1819 * find_get_pages_contig - gang contiguous pagecache lookup 1820 * @mapping: The address_space to search 1821 * @index: The starting page index 1822 * @nr_pages: The maximum number of pages 1823 * @pages: Where the resulting pages are placed 1824 * 1825 * find_get_pages_contig() works exactly like find_get_pages(), except 1826 * that the returned number of pages are guaranteed to be contiguous. 1827 * 1828 * Return: the number of pages which were found. 1829 */ 1830 unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index, 1831 unsigned int nr_pages, struct page **pages) 1832 { 1833 XA_STATE(xas, &mapping->i_pages, index); 1834 struct page *page; 1835 unsigned int ret = 0; 1836 1837 if (unlikely(!nr_pages)) 1838 return 0; 1839 1840 rcu_read_lock(); 1841 for (page = xas_load(&xas); page; page = xas_next(&xas)) { 1842 if (xas_retry(&xas, page)) 1843 continue; 1844 /* 1845 * If the entry has been swapped out, we can stop looking. 1846 * No current caller is looking for DAX entries. 1847 */ 1848 if (xa_is_value(page)) 1849 break; 1850 1851 if (!page_cache_get_speculative(page)) 1852 goto retry; 1853 1854 /* Has the page moved or been split? */ 1855 if (unlikely(page != xas_reload(&xas))) 1856 goto put_page; 1857 1858 pages[ret] = find_subpage(page, xas.xa_index); 1859 if (++ret == nr_pages) 1860 break; 1861 continue; 1862 put_page: 1863 put_page(page); 1864 retry: 1865 xas_reset(&xas); 1866 } 1867 rcu_read_unlock(); 1868 return ret; 1869 } 1870 EXPORT_SYMBOL(find_get_pages_contig); 1871 1872 /** 1873 * find_get_pages_range_tag - find and return pages in given range matching @tag 1874 * @mapping: the address_space to search 1875 * @index: the starting page index 1876 * @end: The final page index (inclusive) 1877 * @tag: the tag index 1878 * @nr_pages: the maximum number of pages 1879 * @pages: where the resulting pages are placed 1880 * 1881 * Like find_get_pages, except we only return pages which are tagged with 1882 * @tag. We update @index to index the next page for the traversal. 1883 * 1884 * Return: the number of pages which were found. 1885 */ 1886 unsigned find_get_pages_range_tag(struct address_space *mapping, pgoff_t *index, 1887 pgoff_t end, xa_mark_t tag, unsigned int nr_pages, 1888 struct page **pages) 1889 { 1890 XA_STATE(xas, &mapping->i_pages, *index); 1891 struct page *page; 1892 unsigned ret = 0; 1893 1894 if (unlikely(!nr_pages)) 1895 return 0; 1896 1897 rcu_read_lock(); 1898 xas_for_each_marked(&xas, page, end, tag) { 1899 if (xas_retry(&xas, page)) 1900 continue; 1901 /* 1902 * Shadow entries should never be tagged, but this iteration 1903 * is lockless so there is a window for page reclaim to evict 1904 * a page we saw tagged. Skip over it. 1905 */ 1906 if (xa_is_value(page)) 1907 continue; 1908 1909 if (!page_cache_get_speculative(page)) 1910 goto retry; 1911 1912 /* Has the page moved or been split? */ 1913 if (unlikely(page != xas_reload(&xas))) 1914 goto put_page; 1915 1916 pages[ret] = find_subpage(page, xas.xa_index); 1917 if (++ret == nr_pages) { 1918 *index = xas.xa_index + 1; 1919 goto out; 1920 } 1921 continue; 1922 put_page: 1923 put_page(page); 1924 retry: 1925 xas_reset(&xas); 1926 } 1927 1928 /* 1929 * We come here when we got to @end. We take care to not overflow the 1930 * index @index as it confuses some of the callers. This breaks the 1931 * iteration when there is a page at index -1 but that is already 1932 * broken anyway. 1933 */ 1934 if (end == (pgoff_t)-1) 1935 *index = (pgoff_t)-1; 1936 else 1937 *index = end + 1; 1938 out: 1939 rcu_read_unlock(); 1940 1941 return ret; 1942 } 1943 EXPORT_SYMBOL(find_get_pages_range_tag); 1944 1945 /* 1946 * CD/DVDs are error prone. When a medium error occurs, the driver may fail 1947 * a _large_ part of the i/o request. Imagine the worst scenario: 1948 * 1949 * ---R__________________________________________B__________ 1950 * ^ reading here ^ bad block(assume 4k) 1951 * 1952 * read(R) => miss => readahead(R...B) => media error => frustrating retries 1953 * => failing the whole request => read(R) => read(R+1) => 1954 * readahead(R+1...B+1) => bang => read(R+2) => read(R+3) => 1955 * readahead(R+3...B+2) => bang => read(R+3) => read(R+4) => 1956 * readahead(R+4...B+3) => bang => read(R+4) => read(R+5) => ...... 1957 * 1958 * It is going insane. Fix it by quickly scaling down the readahead size. 1959 */ 1960 static void shrink_readahead_size_eio(struct file *filp, 1961 struct file_ra_state *ra) 1962 { 1963 ra->ra_pages /= 4; 1964 } 1965 1966 /** 1967 * generic_file_buffered_read - generic file read routine 1968 * @iocb: the iocb to read 1969 * @iter: data destination 1970 * @written: already copied 1971 * 1972 * This is a generic file read routine, and uses the 1973 * mapping->a_ops->readpage() function for the actual low-level stuff. 1974 * 1975 * This is really ugly. But the goto's actually try to clarify some 1976 * of the logic when it comes to error handling etc. 1977 * 1978 * Return: 1979 * * total number of bytes copied, including those the were already @written 1980 * * negative error code if nothing was copied 1981 */ 1982 static ssize_t generic_file_buffered_read(struct kiocb *iocb, 1983 struct iov_iter *iter, ssize_t written) 1984 { 1985 struct file *filp = iocb->ki_filp; 1986 struct address_space *mapping = filp->f_mapping; 1987 struct inode *inode = mapping->host; 1988 struct file_ra_state *ra = &filp->f_ra; 1989 loff_t *ppos = &iocb->ki_pos; 1990 pgoff_t index; 1991 pgoff_t last_index; 1992 pgoff_t prev_index; 1993 unsigned long offset; /* offset into pagecache page */ 1994 unsigned int prev_offset; 1995 int error = 0; 1996 1997 if (unlikely(*ppos >= inode->i_sb->s_maxbytes)) 1998 return 0; 1999 iov_iter_truncate(iter, inode->i_sb->s_maxbytes); 2000 2001 index = *ppos >> PAGE_SHIFT; 2002 prev_index = ra->prev_pos >> PAGE_SHIFT; 2003 prev_offset = ra->prev_pos & (PAGE_SIZE-1); 2004 last_index = (*ppos + iter->count + PAGE_SIZE-1) >> PAGE_SHIFT; 2005 offset = *ppos & ~PAGE_MASK; 2006 2007 for (;;) { 2008 struct page *page; 2009 pgoff_t end_index; 2010 loff_t isize; 2011 unsigned long nr, ret; 2012 2013 cond_resched(); 2014 find_page: 2015 if (fatal_signal_pending(current)) { 2016 error = -EINTR; 2017 goto out; 2018 } 2019 2020 page = find_get_page(mapping, index); 2021 if (!page) { 2022 if (iocb->ki_flags & IOCB_NOWAIT) 2023 goto would_block; 2024 page_cache_sync_readahead(mapping, 2025 ra, filp, 2026 index, last_index - index); 2027 page = find_get_page(mapping, index); 2028 if (unlikely(page == NULL)) 2029 goto no_cached_page; 2030 } 2031 if (PageReadahead(page)) { 2032 page_cache_async_readahead(mapping, 2033 ra, filp, page, 2034 index, last_index - index); 2035 } 2036 if (!PageUptodate(page)) { 2037 if (iocb->ki_flags & IOCB_NOWAIT) { 2038 put_page(page); 2039 goto would_block; 2040 } 2041 2042 /* 2043 * See comment in do_read_cache_page on why 2044 * wait_on_page_locked is used to avoid unnecessarily 2045 * serialisations and why it's safe. 2046 */ 2047 error = wait_on_page_locked_killable(page); 2048 if (unlikely(error)) 2049 goto readpage_error; 2050 if (PageUptodate(page)) 2051 goto page_ok; 2052 2053 if (inode->i_blkbits == PAGE_SHIFT || 2054 !mapping->a_ops->is_partially_uptodate) 2055 goto page_not_up_to_date; 2056 /* pipes can't handle partially uptodate pages */ 2057 if (unlikely(iov_iter_is_pipe(iter))) 2058 goto page_not_up_to_date; 2059 if (!trylock_page(page)) 2060 goto page_not_up_to_date; 2061 /* Did it get truncated before we got the lock? */ 2062 if (!page->mapping) 2063 goto page_not_up_to_date_locked; 2064 if (!mapping->a_ops->is_partially_uptodate(page, 2065 offset, iter->count)) 2066 goto page_not_up_to_date_locked; 2067 unlock_page(page); 2068 } 2069 page_ok: 2070 /* 2071 * i_size must be checked after we know the page is Uptodate. 2072 * 2073 * Checking i_size after the check allows us to calculate 2074 * the correct value for "nr", which means the zero-filled 2075 * part of the page is not copied back to userspace (unless 2076 * another truncate extends the file - this is desired though). 2077 */ 2078 2079 isize = i_size_read(inode); 2080 end_index = (isize - 1) >> PAGE_SHIFT; 2081 if (unlikely(!isize || index > end_index)) { 2082 put_page(page); 2083 goto out; 2084 } 2085 2086 /* nr is the maximum number of bytes to copy from this page */ 2087 nr = PAGE_SIZE; 2088 if (index == end_index) { 2089 nr = ((isize - 1) & ~PAGE_MASK) + 1; 2090 if (nr <= offset) { 2091 put_page(page); 2092 goto out; 2093 } 2094 } 2095 nr = nr - offset; 2096 2097 /* If users can be writing to this page using arbitrary 2098 * virtual addresses, take care about potential aliasing 2099 * before reading the page on the kernel side. 2100 */ 2101 if (mapping_writably_mapped(mapping)) 2102 flush_dcache_page(page); 2103 2104 /* 2105 * When a sequential read accesses a page several times, 2106 * only mark it as accessed the first time. 2107 */ 2108 if (prev_index != index || offset != prev_offset) 2109 mark_page_accessed(page); 2110 prev_index = index; 2111 2112 /* 2113 * Ok, we have the page, and it's up-to-date, so 2114 * now we can copy it to user space... 2115 */ 2116 2117 ret = copy_page_to_iter(page, offset, nr, iter); 2118 offset += ret; 2119 index += offset >> PAGE_SHIFT; 2120 offset &= ~PAGE_MASK; 2121 prev_offset = offset; 2122 2123 put_page(page); 2124 written += ret; 2125 if (!iov_iter_count(iter)) 2126 goto out; 2127 if (ret < nr) { 2128 error = -EFAULT; 2129 goto out; 2130 } 2131 continue; 2132 2133 page_not_up_to_date: 2134 /* Get exclusive access to the page ... */ 2135 error = lock_page_killable(page); 2136 if (unlikely(error)) 2137 goto readpage_error; 2138 2139 page_not_up_to_date_locked: 2140 /* Did it get truncated before we got the lock? */ 2141 if (!page->mapping) { 2142 unlock_page(page); 2143 put_page(page); 2144 continue; 2145 } 2146 2147 /* Did somebody else fill it already? */ 2148 if (PageUptodate(page)) { 2149 unlock_page(page); 2150 goto page_ok; 2151 } 2152 2153 readpage: 2154 /* 2155 * A previous I/O error may have been due to temporary 2156 * failures, eg. multipath errors. 2157 * PG_error will be set again if readpage fails. 2158 */ 2159 ClearPageError(page); 2160 /* Start the actual read. The read will unlock the page. */ 2161 error = mapping->a_ops->readpage(filp, page); 2162 2163 if (unlikely(error)) { 2164 if (error == AOP_TRUNCATED_PAGE) { 2165 put_page(page); 2166 error = 0; 2167 goto find_page; 2168 } 2169 goto readpage_error; 2170 } 2171 2172 if (!PageUptodate(page)) { 2173 error = lock_page_killable(page); 2174 if (unlikely(error)) 2175 goto readpage_error; 2176 if (!PageUptodate(page)) { 2177 if (page->mapping == NULL) { 2178 /* 2179 * invalidate_mapping_pages got it 2180 */ 2181 unlock_page(page); 2182 put_page(page); 2183 goto find_page; 2184 } 2185 unlock_page(page); 2186 shrink_readahead_size_eio(filp, ra); 2187 error = -EIO; 2188 goto readpage_error; 2189 } 2190 unlock_page(page); 2191 } 2192 2193 goto page_ok; 2194 2195 readpage_error: 2196 /* UHHUH! A synchronous read error occurred. Report it */ 2197 put_page(page); 2198 goto out; 2199 2200 no_cached_page: 2201 /* 2202 * Ok, it wasn't cached, so we need to create a new 2203 * page.. 2204 */ 2205 page = page_cache_alloc(mapping); 2206 if (!page) { 2207 error = -ENOMEM; 2208 goto out; 2209 } 2210 error = add_to_page_cache_lru(page, mapping, index, 2211 mapping_gfp_constraint(mapping, GFP_KERNEL)); 2212 if (error) { 2213 put_page(page); 2214 if (error == -EEXIST) { 2215 error = 0; 2216 goto find_page; 2217 } 2218 goto out; 2219 } 2220 goto readpage; 2221 } 2222 2223 would_block: 2224 error = -EAGAIN; 2225 out: 2226 ra->prev_pos = prev_index; 2227 ra->prev_pos <<= PAGE_SHIFT; 2228 ra->prev_pos |= prev_offset; 2229 2230 *ppos = ((loff_t)index << PAGE_SHIFT) + offset; 2231 file_accessed(filp); 2232 return written ? written : error; 2233 } 2234 2235 /** 2236 * generic_file_read_iter - generic filesystem read routine 2237 * @iocb: kernel I/O control block 2238 * @iter: destination for the data read 2239 * 2240 * This is the "read_iter()" routine for all filesystems 2241 * that can use the page cache directly. 2242 * Return: 2243 * * number of bytes copied, even for partial reads 2244 * * negative error code if nothing was read 2245 */ 2246 ssize_t 2247 generic_file_read_iter(struct kiocb *iocb, struct iov_iter *iter) 2248 { 2249 size_t count = iov_iter_count(iter); 2250 ssize_t retval = 0; 2251 2252 if (!count) 2253 goto out; /* skip atime */ 2254 2255 if (iocb->ki_flags & IOCB_DIRECT) { 2256 struct file *file = iocb->ki_filp; 2257 struct address_space *mapping = file->f_mapping; 2258 struct inode *inode = mapping->host; 2259 loff_t size; 2260 2261 size = i_size_read(inode); 2262 if (iocb->ki_flags & IOCB_NOWAIT) { 2263 if (filemap_range_has_page(mapping, iocb->ki_pos, 2264 iocb->ki_pos + count - 1)) 2265 return -EAGAIN; 2266 } else { 2267 retval = filemap_write_and_wait_range(mapping, 2268 iocb->ki_pos, 2269 iocb->ki_pos + count - 1); 2270 if (retval < 0) 2271 goto out; 2272 } 2273 2274 file_accessed(file); 2275 2276 retval = mapping->a_ops->direct_IO(iocb, iter); 2277 if (retval >= 0) { 2278 iocb->ki_pos += retval; 2279 count -= retval; 2280 } 2281 iov_iter_revert(iter, count - iov_iter_count(iter)); 2282 2283 /* 2284 * Btrfs can have a short DIO read if we encounter 2285 * compressed extents, so if there was an error, or if 2286 * we've already read everything we wanted to, or if 2287 * there was a short read because we hit EOF, go ahead 2288 * and return. Otherwise fallthrough to buffered io for 2289 * the rest of the read. Buffered reads will not work for 2290 * DAX files, so don't bother trying. 2291 */ 2292 if (retval < 0 || !count || iocb->ki_pos >= size || 2293 IS_DAX(inode)) 2294 goto out; 2295 } 2296 2297 retval = generic_file_buffered_read(iocb, iter, retval); 2298 out: 2299 return retval; 2300 } 2301 EXPORT_SYMBOL(generic_file_read_iter); 2302 2303 #ifdef CONFIG_MMU 2304 #define MMAP_LOTSAMISS (100) 2305 static struct file *maybe_unlock_mmap_for_io(struct vm_fault *vmf, 2306 struct file *fpin) 2307 { 2308 int flags = vmf->flags; 2309 2310 if (fpin) 2311 return fpin; 2312 2313 /* 2314 * FAULT_FLAG_RETRY_NOWAIT means we don't want to wait on page locks or 2315 * anything, so we only pin the file and drop the mmap_sem if only 2316 * FAULT_FLAG_ALLOW_RETRY is set. 2317 */ 2318 if ((flags & (FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_RETRY_NOWAIT)) == 2319 FAULT_FLAG_ALLOW_RETRY) { 2320 fpin = get_file(vmf->vma->vm_file); 2321 up_read(&vmf->vma->vm_mm->mmap_sem); 2322 } 2323 return fpin; 2324 } 2325 2326 /* 2327 * lock_page_maybe_drop_mmap - lock the page, possibly dropping the mmap_sem 2328 * @vmf - the vm_fault for this fault. 2329 * @page - the page to lock. 2330 * @fpin - the pointer to the file we may pin (or is already pinned). 2331 * 2332 * This works similar to lock_page_or_retry in that it can drop the mmap_sem. 2333 * It differs in that it actually returns the page locked if it returns 1 and 0 2334 * if it couldn't lock the page. If we did have to drop the mmap_sem then fpin 2335 * will point to the pinned file and needs to be fput()'ed at a later point. 2336 */ 2337 static int lock_page_maybe_drop_mmap(struct vm_fault *vmf, struct page *page, 2338 struct file **fpin) 2339 { 2340 if (trylock_page(page)) 2341 return 1; 2342 2343 /* 2344 * NOTE! This will make us return with VM_FAULT_RETRY, but with 2345 * the mmap_sem still held. That's how FAULT_FLAG_RETRY_NOWAIT 2346 * is supposed to work. We have way too many special cases.. 2347 */ 2348 if (vmf->flags & FAULT_FLAG_RETRY_NOWAIT) 2349 return 0; 2350 2351 *fpin = maybe_unlock_mmap_for_io(vmf, *fpin); 2352 if (vmf->flags & FAULT_FLAG_KILLABLE) { 2353 if (__lock_page_killable(page)) { 2354 /* 2355 * We didn't have the right flags to drop the mmap_sem, 2356 * but all fault_handlers only check for fatal signals 2357 * if we return VM_FAULT_RETRY, so we need to drop the 2358 * mmap_sem here and return 0 if we don't have a fpin. 2359 */ 2360 if (*fpin == NULL) 2361 up_read(&vmf->vma->vm_mm->mmap_sem); 2362 return 0; 2363 } 2364 } else 2365 __lock_page(page); 2366 return 1; 2367 } 2368 2369 2370 /* 2371 * Synchronous readahead happens when we don't even find a page in the page 2372 * cache at all. We don't want to perform IO under the mmap sem, so if we have 2373 * to drop the mmap sem we return the file that was pinned in order for us to do 2374 * that. If we didn't pin a file then we return NULL. The file that is 2375 * returned needs to be fput()'ed when we're done with it. 2376 */ 2377 static struct file *do_sync_mmap_readahead(struct vm_fault *vmf) 2378 { 2379 struct file *file = vmf->vma->vm_file; 2380 struct file_ra_state *ra = &file->f_ra; 2381 struct address_space *mapping = file->f_mapping; 2382 struct file *fpin = NULL; 2383 pgoff_t offset = vmf->pgoff; 2384 2385 /* If we don't want any read-ahead, don't bother */ 2386 if (vmf->vma->vm_flags & VM_RAND_READ) 2387 return fpin; 2388 if (!ra->ra_pages) 2389 return fpin; 2390 2391 if (vmf->vma->vm_flags & VM_SEQ_READ) { 2392 fpin = maybe_unlock_mmap_for_io(vmf, fpin); 2393 page_cache_sync_readahead(mapping, ra, file, offset, 2394 ra->ra_pages); 2395 return fpin; 2396 } 2397 2398 /* Avoid banging the cache line if not needed */ 2399 if (ra->mmap_miss < MMAP_LOTSAMISS * 10) 2400 ra->mmap_miss++; 2401 2402 /* 2403 * Do we miss much more than hit in this file? If so, 2404 * stop bothering with read-ahead. It will only hurt. 2405 */ 2406 if (ra->mmap_miss > MMAP_LOTSAMISS) 2407 return fpin; 2408 2409 /* 2410 * mmap read-around 2411 */ 2412 fpin = maybe_unlock_mmap_for_io(vmf, fpin); 2413 ra->start = max_t(long, 0, offset - ra->ra_pages / 2); 2414 ra->size = ra->ra_pages; 2415 ra->async_size = ra->ra_pages / 4; 2416 ra_submit(ra, mapping, file); 2417 return fpin; 2418 } 2419 2420 /* 2421 * Asynchronous readahead happens when we find the page and PG_readahead, 2422 * so we want to possibly extend the readahead further. We return the file that 2423 * was pinned if we have to drop the mmap_sem in order to do IO. 2424 */ 2425 static struct file *do_async_mmap_readahead(struct vm_fault *vmf, 2426 struct page *page) 2427 { 2428 struct file *file = vmf->vma->vm_file; 2429 struct file_ra_state *ra = &file->f_ra; 2430 struct address_space *mapping = file->f_mapping; 2431 struct file *fpin = NULL; 2432 pgoff_t offset = vmf->pgoff; 2433 2434 /* If we don't want any read-ahead, don't bother */ 2435 if (vmf->vma->vm_flags & VM_RAND_READ) 2436 return fpin; 2437 if (ra->mmap_miss > 0) 2438 ra->mmap_miss--; 2439 if (PageReadahead(page)) { 2440 fpin = maybe_unlock_mmap_for_io(vmf, fpin); 2441 page_cache_async_readahead(mapping, ra, file, 2442 page, offset, ra->ra_pages); 2443 } 2444 return fpin; 2445 } 2446 2447 /** 2448 * filemap_fault - read in file data for page fault handling 2449 * @vmf: struct vm_fault containing details of the fault 2450 * 2451 * filemap_fault() is invoked via the vma operations vector for a 2452 * mapped memory region to read in file data during a page fault. 2453 * 2454 * The goto's are kind of ugly, but this streamlines the normal case of having 2455 * it in the page cache, and handles the special cases reasonably without 2456 * having a lot of duplicated code. 2457 * 2458 * vma->vm_mm->mmap_sem must be held on entry. 2459 * 2460 * If our return value has VM_FAULT_RETRY set, it's because 2461 * lock_page_or_retry() returned 0. 2462 * The mmap_sem has usually been released in this case. 2463 * See __lock_page_or_retry() for the exception. 2464 * 2465 * If our return value does not have VM_FAULT_RETRY set, the mmap_sem 2466 * has not been released. 2467 * 2468 * We never return with VM_FAULT_RETRY and a bit from VM_FAULT_ERROR set. 2469 * 2470 * Return: bitwise-OR of %VM_FAULT_ codes. 2471 */ 2472 vm_fault_t filemap_fault(struct vm_fault *vmf) 2473 { 2474 int error; 2475 struct file *file = vmf->vma->vm_file; 2476 struct file *fpin = NULL; 2477 struct address_space *mapping = file->f_mapping; 2478 struct file_ra_state *ra = &file->f_ra; 2479 struct inode *inode = mapping->host; 2480 pgoff_t offset = vmf->pgoff; 2481 pgoff_t max_off; 2482 struct page *page; 2483 vm_fault_t ret = 0; 2484 2485 max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE); 2486 if (unlikely(offset >= max_off)) 2487 return VM_FAULT_SIGBUS; 2488 2489 /* 2490 * Do we have something in the page cache already? 2491 */ 2492 page = find_get_page(mapping, offset); 2493 if (likely(page) && !(vmf->flags & FAULT_FLAG_TRIED)) { 2494 /* 2495 * We found the page, so try async readahead before 2496 * waiting for the lock. 2497 */ 2498 fpin = do_async_mmap_readahead(vmf, page); 2499 } else if (!page) { 2500 /* No page in the page cache at all */ 2501 count_vm_event(PGMAJFAULT); 2502 count_memcg_event_mm(vmf->vma->vm_mm, PGMAJFAULT); 2503 ret = VM_FAULT_MAJOR; 2504 fpin = do_sync_mmap_readahead(vmf); 2505 retry_find: 2506 page = pagecache_get_page(mapping, offset, 2507 FGP_CREAT|FGP_FOR_MMAP, 2508 vmf->gfp_mask); 2509 if (!page) { 2510 if (fpin) 2511 goto out_retry; 2512 return vmf_error(-ENOMEM); 2513 } 2514 } 2515 2516 if (!lock_page_maybe_drop_mmap(vmf, page, &fpin)) 2517 goto out_retry; 2518 2519 /* Did it get truncated? */ 2520 if (unlikely(page->mapping != mapping)) { 2521 unlock_page(page); 2522 put_page(page); 2523 goto retry_find; 2524 } 2525 VM_BUG_ON_PAGE(page->index != offset, page); 2526 2527 /* 2528 * We have a locked page in the page cache, now we need to check 2529 * that it's up-to-date. If not, it is going to be due to an error. 2530 */ 2531 if (unlikely(!PageUptodate(page))) 2532 goto page_not_uptodate; 2533 2534 /* 2535 * We've made it this far and we had to drop our mmap_sem, now is the 2536 * time to return to the upper layer and have it re-find the vma and 2537 * redo the fault. 2538 */ 2539 if (fpin) { 2540 unlock_page(page); 2541 goto out_retry; 2542 } 2543 2544 /* 2545 * Found the page and have a reference on it. 2546 * We must recheck i_size under page lock. 2547 */ 2548 max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE); 2549 if (unlikely(offset >= max_off)) { 2550 unlock_page(page); 2551 put_page(page); 2552 return VM_FAULT_SIGBUS; 2553 } 2554 2555 vmf->page = page; 2556 return ret | VM_FAULT_LOCKED; 2557 2558 page_not_uptodate: 2559 /* 2560 * Umm, take care of errors if the page isn't up-to-date. 2561 * Try to re-read it _once_. We do this synchronously, 2562 * because there really aren't any performance issues here 2563 * and we need to check for errors. 2564 */ 2565 ClearPageError(page); 2566 fpin = maybe_unlock_mmap_for_io(vmf, fpin); 2567 error = mapping->a_ops->readpage(file, page); 2568 if (!error) { 2569 wait_on_page_locked(page); 2570 if (!PageUptodate(page)) 2571 error = -EIO; 2572 } 2573 if (fpin) 2574 goto out_retry; 2575 put_page(page); 2576 2577 if (!error || error == AOP_TRUNCATED_PAGE) 2578 goto retry_find; 2579 2580 /* Things didn't work out. Return zero to tell the mm layer so. */ 2581 shrink_readahead_size_eio(file, ra); 2582 return VM_FAULT_SIGBUS; 2583 2584 out_retry: 2585 /* 2586 * We dropped the mmap_sem, we need to return to the fault handler to 2587 * re-find the vma and come back and find our hopefully still populated 2588 * page. 2589 */ 2590 if (page) 2591 put_page(page); 2592 if (fpin) 2593 fput(fpin); 2594 return ret | VM_FAULT_RETRY; 2595 } 2596 EXPORT_SYMBOL(filemap_fault); 2597 2598 void filemap_map_pages(struct vm_fault *vmf, 2599 pgoff_t start_pgoff, pgoff_t end_pgoff) 2600 { 2601 struct file *file = vmf->vma->vm_file; 2602 struct address_space *mapping = file->f_mapping; 2603 pgoff_t last_pgoff = start_pgoff; 2604 unsigned long max_idx; 2605 XA_STATE(xas, &mapping->i_pages, start_pgoff); 2606 struct page *page; 2607 2608 rcu_read_lock(); 2609 xas_for_each(&xas, page, end_pgoff) { 2610 if (xas_retry(&xas, page)) 2611 continue; 2612 if (xa_is_value(page)) 2613 goto next; 2614 2615 /* 2616 * Check for a locked page first, as a speculative 2617 * reference may adversely influence page migration. 2618 */ 2619 if (PageLocked(page)) 2620 goto next; 2621 if (!page_cache_get_speculative(page)) 2622 goto next; 2623 2624 /* Has the page moved or been split? */ 2625 if (unlikely(page != xas_reload(&xas))) 2626 goto skip; 2627 page = find_subpage(page, xas.xa_index); 2628 2629 if (!PageUptodate(page) || 2630 PageReadahead(page) || 2631 PageHWPoison(page)) 2632 goto skip; 2633 if (!trylock_page(page)) 2634 goto skip; 2635 2636 if (page->mapping != mapping || !PageUptodate(page)) 2637 goto unlock; 2638 2639 max_idx = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE); 2640 if (page->index >= max_idx) 2641 goto unlock; 2642 2643 if (file->f_ra.mmap_miss > 0) 2644 file->f_ra.mmap_miss--; 2645 2646 vmf->address += (xas.xa_index - last_pgoff) << PAGE_SHIFT; 2647 if (vmf->pte) 2648 vmf->pte += xas.xa_index - last_pgoff; 2649 last_pgoff = xas.xa_index; 2650 if (alloc_set_pte(vmf, NULL, page)) 2651 goto unlock; 2652 unlock_page(page); 2653 goto next; 2654 unlock: 2655 unlock_page(page); 2656 skip: 2657 put_page(page); 2658 next: 2659 /* Huge page is mapped? No need to proceed. */ 2660 if (pmd_trans_huge(*vmf->pmd)) 2661 break; 2662 } 2663 rcu_read_unlock(); 2664 } 2665 EXPORT_SYMBOL(filemap_map_pages); 2666 2667 vm_fault_t filemap_page_mkwrite(struct vm_fault *vmf) 2668 { 2669 struct page *page = vmf->page; 2670 struct inode *inode = file_inode(vmf->vma->vm_file); 2671 vm_fault_t ret = VM_FAULT_LOCKED; 2672 2673 sb_start_pagefault(inode->i_sb); 2674 file_update_time(vmf->vma->vm_file); 2675 lock_page(page); 2676 if (page->mapping != inode->i_mapping) { 2677 unlock_page(page); 2678 ret = VM_FAULT_NOPAGE; 2679 goto out; 2680 } 2681 /* 2682 * We mark the page dirty already here so that when freeze is in 2683 * progress, we are guaranteed that writeback during freezing will 2684 * see the dirty page and writeprotect it again. 2685 */ 2686 set_page_dirty(page); 2687 wait_for_stable_page(page); 2688 out: 2689 sb_end_pagefault(inode->i_sb); 2690 return ret; 2691 } 2692 2693 const struct vm_operations_struct generic_file_vm_ops = { 2694 .fault = filemap_fault, 2695 .map_pages = filemap_map_pages, 2696 .page_mkwrite = filemap_page_mkwrite, 2697 }; 2698 2699 /* This is used for a general mmap of a disk file */ 2700 2701 int generic_file_mmap(struct file * file, struct vm_area_struct * vma) 2702 { 2703 struct address_space *mapping = file->f_mapping; 2704 2705 if (!mapping->a_ops->readpage) 2706 return -ENOEXEC; 2707 file_accessed(file); 2708 vma->vm_ops = &generic_file_vm_ops; 2709 return 0; 2710 } 2711 2712 /* 2713 * This is for filesystems which do not implement ->writepage. 2714 */ 2715 int generic_file_readonly_mmap(struct file *file, struct vm_area_struct *vma) 2716 { 2717 if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_MAYWRITE)) 2718 return -EINVAL; 2719 return generic_file_mmap(file, vma); 2720 } 2721 #else 2722 vm_fault_t filemap_page_mkwrite(struct vm_fault *vmf) 2723 { 2724 return VM_FAULT_SIGBUS; 2725 } 2726 int generic_file_mmap(struct file * file, struct vm_area_struct * vma) 2727 { 2728 return -ENOSYS; 2729 } 2730 int generic_file_readonly_mmap(struct file * file, struct vm_area_struct * vma) 2731 { 2732 return -ENOSYS; 2733 } 2734 #endif /* CONFIG_MMU */ 2735 2736 EXPORT_SYMBOL(filemap_page_mkwrite); 2737 EXPORT_SYMBOL(generic_file_mmap); 2738 EXPORT_SYMBOL(generic_file_readonly_mmap); 2739 2740 static struct page *wait_on_page_read(struct page *page) 2741 { 2742 if (!IS_ERR(page)) { 2743 wait_on_page_locked(page); 2744 if (!PageUptodate(page)) { 2745 put_page(page); 2746 page = ERR_PTR(-EIO); 2747 } 2748 } 2749 return page; 2750 } 2751 2752 static struct page *do_read_cache_page(struct address_space *mapping, 2753 pgoff_t index, 2754 int (*filler)(void *, struct page *), 2755 void *data, 2756 gfp_t gfp) 2757 { 2758 struct page *page; 2759 int err; 2760 repeat: 2761 page = find_get_page(mapping, index); 2762 if (!page) { 2763 page = __page_cache_alloc(gfp); 2764 if (!page) 2765 return ERR_PTR(-ENOMEM); 2766 err = add_to_page_cache_lru(page, mapping, index, gfp); 2767 if (unlikely(err)) { 2768 put_page(page); 2769 if (err == -EEXIST) 2770 goto repeat; 2771 /* Presumably ENOMEM for xarray node */ 2772 return ERR_PTR(err); 2773 } 2774 2775 filler: 2776 err = filler(data, page); 2777 if (err < 0) { 2778 put_page(page); 2779 return ERR_PTR(err); 2780 } 2781 2782 page = wait_on_page_read(page); 2783 if (IS_ERR(page)) 2784 return page; 2785 goto out; 2786 } 2787 if (PageUptodate(page)) 2788 goto out; 2789 2790 /* 2791 * Page is not up to date and may be locked due one of the following 2792 * case a: Page is being filled and the page lock is held 2793 * case b: Read/write error clearing the page uptodate status 2794 * case c: Truncation in progress (page locked) 2795 * case d: Reclaim in progress 2796 * 2797 * Case a, the page will be up to date when the page is unlocked. 2798 * There is no need to serialise on the page lock here as the page 2799 * is pinned so the lock gives no additional protection. Even if the 2800 * the page is truncated, the data is still valid if PageUptodate as 2801 * it's a race vs truncate race. 2802 * Case b, the page will not be up to date 2803 * Case c, the page may be truncated but in itself, the data may still 2804 * be valid after IO completes as it's a read vs truncate race. The 2805 * operation must restart if the page is not uptodate on unlock but 2806 * otherwise serialising on page lock to stabilise the mapping gives 2807 * no additional guarantees to the caller as the page lock is 2808 * released before return. 2809 * Case d, similar to truncation. If reclaim holds the page lock, it 2810 * will be a race with remove_mapping that determines if the mapping 2811 * is valid on unlock but otherwise the data is valid and there is 2812 * no need to serialise with page lock. 2813 * 2814 * As the page lock gives no additional guarantee, we optimistically 2815 * wait on the page to be unlocked and check if it's up to date and 2816 * use the page if it is. Otherwise, the page lock is required to 2817 * distinguish between the different cases. The motivation is that we 2818 * avoid spurious serialisations and wakeups when multiple processes 2819 * wait on the same page for IO to complete. 2820 */ 2821 wait_on_page_locked(page); 2822 if (PageUptodate(page)) 2823 goto out; 2824 2825 /* Distinguish between all the cases under the safety of the lock */ 2826 lock_page(page); 2827 2828 /* Case c or d, restart the operation */ 2829 if (!page->mapping) { 2830 unlock_page(page); 2831 put_page(page); 2832 goto repeat; 2833 } 2834 2835 /* Someone else locked and filled the page in a very small window */ 2836 if (PageUptodate(page)) { 2837 unlock_page(page); 2838 goto out; 2839 } 2840 goto filler; 2841 2842 out: 2843 mark_page_accessed(page); 2844 return page; 2845 } 2846 2847 /** 2848 * read_cache_page - read into page cache, fill it if needed 2849 * @mapping: the page's address_space 2850 * @index: the page index 2851 * @filler: function to perform the read 2852 * @data: first arg to filler(data, page) function, often left as NULL 2853 * 2854 * Read into the page cache. If a page already exists, and PageUptodate() is 2855 * not set, try to fill the page and wait for it to become unlocked. 2856 * 2857 * If the page does not get brought uptodate, return -EIO. 2858 * 2859 * Return: up to date page on success, ERR_PTR() on failure. 2860 */ 2861 struct page *read_cache_page(struct address_space *mapping, 2862 pgoff_t index, 2863 int (*filler)(void *, struct page *), 2864 void *data) 2865 { 2866 return do_read_cache_page(mapping, index, filler, data, mapping_gfp_mask(mapping)); 2867 } 2868 EXPORT_SYMBOL(read_cache_page); 2869 2870 /** 2871 * read_cache_page_gfp - read into page cache, using specified page allocation flags. 2872 * @mapping: the page's address_space 2873 * @index: the page index 2874 * @gfp: the page allocator flags to use if allocating 2875 * 2876 * This is the same as "read_mapping_page(mapping, index, NULL)", but with 2877 * any new page allocations done using the specified allocation flags. 2878 * 2879 * If the page does not get brought uptodate, return -EIO. 2880 * 2881 * Return: up to date page on success, ERR_PTR() on failure. 2882 */ 2883 struct page *read_cache_page_gfp(struct address_space *mapping, 2884 pgoff_t index, 2885 gfp_t gfp) 2886 { 2887 filler_t *filler = (filler_t *)mapping->a_ops->readpage; 2888 2889 return do_read_cache_page(mapping, index, filler, NULL, gfp); 2890 } 2891 EXPORT_SYMBOL(read_cache_page_gfp); 2892 2893 /* 2894 * Don't operate on ranges the page cache doesn't support, and don't exceed the 2895 * LFS limits. If pos is under the limit it becomes a short access. If it 2896 * exceeds the limit we return -EFBIG. 2897 */ 2898 static int generic_access_check_limits(struct file *file, loff_t pos, 2899 loff_t *count) 2900 { 2901 struct inode *inode = file->f_mapping->host; 2902 loff_t max_size = inode->i_sb->s_maxbytes; 2903 2904 if (!(file->f_flags & O_LARGEFILE)) 2905 max_size = MAX_NON_LFS; 2906 2907 if (unlikely(pos >= max_size)) 2908 return -EFBIG; 2909 *count = min(*count, max_size - pos); 2910 return 0; 2911 } 2912 2913 static int generic_write_check_limits(struct file *file, loff_t pos, 2914 loff_t *count) 2915 { 2916 loff_t limit = rlimit(RLIMIT_FSIZE); 2917 2918 if (limit != RLIM_INFINITY) { 2919 if (pos >= limit) { 2920 send_sig(SIGXFSZ, current, 0); 2921 return -EFBIG; 2922 } 2923 *count = min(*count, limit - pos); 2924 } 2925 2926 return generic_access_check_limits(file, pos, count); 2927 } 2928 2929 /* 2930 * Performs necessary checks before doing a write 2931 * 2932 * Can adjust writing position or amount of bytes to write. 2933 * Returns appropriate error code that caller should return or 2934 * zero in case that write should be allowed. 2935 */ 2936 inline ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from) 2937 { 2938 struct file *file = iocb->ki_filp; 2939 struct inode *inode = file->f_mapping->host; 2940 loff_t count; 2941 int ret; 2942 2943 if (!iov_iter_count(from)) 2944 return 0; 2945 2946 /* FIXME: this is for backwards compatibility with 2.4 */ 2947 if (iocb->ki_flags & IOCB_APPEND) 2948 iocb->ki_pos = i_size_read(inode); 2949 2950 if ((iocb->ki_flags & IOCB_NOWAIT) && !(iocb->ki_flags & IOCB_DIRECT)) 2951 return -EINVAL; 2952 2953 count = iov_iter_count(from); 2954 ret = generic_write_check_limits(file, iocb->ki_pos, &count); 2955 if (ret) 2956 return ret; 2957 2958 iov_iter_truncate(from, count); 2959 return iov_iter_count(from); 2960 } 2961 EXPORT_SYMBOL(generic_write_checks); 2962 2963 /* 2964 * Performs necessary checks before doing a clone. 2965 * 2966 * Can adjust amount of bytes to clone. 2967 * Returns appropriate error code that caller should return or 2968 * zero in case the clone should be allowed. 2969 */ 2970 int generic_remap_checks(struct file *file_in, loff_t pos_in, 2971 struct file *file_out, loff_t pos_out, 2972 loff_t *req_count, unsigned int remap_flags) 2973 { 2974 struct inode *inode_in = file_in->f_mapping->host; 2975 struct inode *inode_out = file_out->f_mapping->host; 2976 uint64_t count = *req_count; 2977 uint64_t bcount; 2978 loff_t size_in, size_out; 2979 loff_t bs = inode_out->i_sb->s_blocksize; 2980 int ret; 2981 2982 /* The start of both ranges must be aligned to an fs block. */ 2983 if (!IS_ALIGNED(pos_in, bs) || !IS_ALIGNED(pos_out, bs)) 2984 return -EINVAL; 2985 2986 /* Ensure offsets don't wrap. */ 2987 if (pos_in + count < pos_in || pos_out + count < pos_out) 2988 return -EINVAL; 2989 2990 size_in = i_size_read(inode_in); 2991 size_out = i_size_read(inode_out); 2992 2993 /* Dedupe requires both ranges to be within EOF. */ 2994 if ((remap_flags & REMAP_FILE_DEDUP) && 2995 (pos_in >= size_in || pos_in + count > size_in || 2996 pos_out >= size_out || pos_out + count > size_out)) 2997 return -EINVAL; 2998 2999 /* Ensure the infile range is within the infile. */ 3000 if (pos_in >= size_in) 3001 return -EINVAL; 3002 count = min(count, size_in - (uint64_t)pos_in); 3003 3004 ret = generic_access_check_limits(file_in, pos_in, &count); 3005 if (ret) 3006 return ret; 3007 3008 ret = generic_write_check_limits(file_out, pos_out, &count); 3009 if (ret) 3010 return ret; 3011 3012 /* 3013 * If the user wanted us to link to the infile's EOF, round up to the 3014 * next block boundary for this check. 3015 * 3016 * Otherwise, make sure the count is also block-aligned, having 3017 * already confirmed the starting offsets' block alignment. 3018 */ 3019 if (pos_in + count == size_in) { 3020 bcount = ALIGN(size_in, bs) - pos_in; 3021 } else { 3022 if (!IS_ALIGNED(count, bs)) 3023 count = ALIGN_DOWN(count, bs); 3024 bcount = count; 3025 } 3026 3027 /* Don't allow overlapped cloning within the same file. */ 3028 if (inode_in == inode_out && 3029 pos_out + bcount > pos_in && 3030 pos_out < pos_in + bcount) 3031 return -EINVAL; 3032 3033 /* 3034 * We shortened the request but the caller can't deal with that, so 3035 * bounce the request back to userspace. 3036 */ 3037 if (*req_count != count && !(remap_flags & REMAP_FILE_CAN_SHORTEN)) 3038 return -EINVAL; 3039 3040 *req_count = count; 3041 return 0; 3042 } 3043 3044 int pagecache_write_begin(struct file *file, struct address_space *mapping, 3045 loff_t pos, unsigned len, unsigned flags, 3046 struct page **pagep, void **fsdata) 3047 { 3048 const struct address_space_operations *aops = mapping->a_ops; 3049 3050 return aops->write_begin(file, mapping, pos, len, flags, 3051 pagep, fsdata); 3052 } 3053 EXPORT_SYMBOL(pagecache_write_begin); 3054 3055 int pagecache_write_end(struct file *file, struct address_space *mapping, 3056 loff_t pos, unsigned len, unsigned copied, 3057 struct page *page, void *fsdata) 3058 { 3059 const struct address_space_operations *aops = mapping->a_ops; 3060 3061 return aops->write_end(file, mapping, pos, len, copied, page, fsdata); 3062 } 3063 EXPORT_SYMBOL(pagecache_write_end); 3064 3065 ssize_t 3066 generic_file_direct_write(struct kiocb *iocb, struct iov_iter *from) 3067 { 3068 struct file *file = iocb->ki_filp; 3069 struct address_space *mapping = file->f_mapping; 3070 struct inode *inode = mapping->host; 3071 loff_t pos = iocb->ki_pos; 3072 ssize_t written; 3073 size_t write_len; 3074 pgoff_t end; 3075 3076 write_len = iov_iter_count(from); 3077 end = (pos + write_len - 1) >> PAGE_SHIFT; 3078 3079 if (iocb->ki_flags & IOCB_NOWAIT) { 3080 /* If there are pages to writeback, return */ 3081 if (filemap_range_has_page(inode->i_mapping, pos, 3082 pos + write_len - 1)) 3083 return -EAGAIN; 3084 } else { 3085 written = filemap_write_and_wait_range(mapping, pos, 3086 pos + write_len - 1); 3087 if (written) 3088 goto out; 3089 } 3090 3091 /* 3092 * After a write we want buffered reads to be sure to go to disk to get 3093 * the new data. We invalidate clean cached page from the region we're 3094 * about to write. We do this *before* the write so that we can return 3095 * without clobbering -EIOCBQUEUED from ->direct_IO(). 3096 */ 3097 written = invalidate_inode_pages2_range(mapping, 3098 pos >> PAGE_SHIFT, end); 3099 /* 3100 * If a page can not be invalidated, return 0 to fall back 3101 * to buffered write. 3102 */ 3103 if (written) { 3104 if (written == -EBUSY) 3105 return 0; 3106 goto out; 3107 } 3108 3109 written = mapping->a_ops->direct_IO(iocb, from); 3110 3111 /* 3112 * Finally, try again to invalidate clean pages which might have been 3113 * cached by non-direct readahead, or faulted in by get_user_pages() 3114 * if the source of the write was an mmap'ed region of the file 3115 * we're writing. Either one is a pretty crazy thing to do, 3116 * so we don't support it 100%. If this invalidation 3117 * fails, tough, the write still worked... 3118 * 3119 * Most of the time we do not need this since dio_complete() will do 3120 * the invalidation for us. However there are some file systems that 3121 * do not end up with dio_complete() being called, so let's not break 3122 * them by removing it completely 3123 */ 3124 if (mapping->nrpages) 3125 invalidate_inode_pages2_range(mapping, 3126 pos >> PAGE_SHIFT, end); 3127 3128 if (written > 0) { 3129 pos += written; 3130 write_len -= written; 3131 if (pos > i_size_read(inode) && !S_ISBLK(inode->i_mode)) { 3132 i_size_write(inode, pos); 3133 mark_inode_dirty(inode); 3134 } 3135 iocb->ki_pos = pos; 3136 } 3137 iov_iter_revert(from, write_len - iov_iter_count(from)); 3138 out: 3139 return written; 3140 } 3141 EXPORT_SYMBOL(generic_file_direct_write); 3142 3143 /* 3144 * Find or create a page at the given pagecache position. Return the locked 3145 * page. This function is specifically for buffered writes. 3146 */ 3147 struct page *grab_cache_page_write_begin(struct address_space *mapping, 3148 pgoff_t index, unsigned flags) 3149 { 3150 struct page *page; 3151 int fgp_flags = FGP_LOCK|FGP_WRITE|FGP_CREAT; 3152 3153 if (flags & AOP_FLAG_NOFS) 3154 fgp_flags |= FGP_NOFS; 3155 3156 page = pagecache_get_page(mapping, index, fgp_flags, 3157 mapping_gfp_mask(mapping)); 3158 if (page) 3159 wait_for_stable_page(page); 3160 3161 return page; 3162 } 3163 EXPORT_SYMBOL(grab_cache_page_write_begin); 3164 3165 ssize_t generic_perform_write(struct file *file, 3166 struct iov_iter *i, loff_t pos) 3167 { 3168 struct address_space *mapping = file->f_mapping; 3169 const struct address_space_operations *a_ops = mapping->a_ops; 3170 long status = 0; 3171 ssize_t written = 0; 3172 unsigned int flags = 0; 3173 3174 do { 3175 struct page *page; 3176 unsigned long offset; /* Offset into pagecache page */ 3177 unsigned long bytes; /* Bytes to write to page */ 3178 size_t copied; /* Bytes copied from user */ 3179 void *fsdata; 3180 3181 offset = (pos & (PAGE_SIZE - 1)); 3182 bytes = min_t(unsigned long, PAGE_SIZE - offset, 3183 iov_iter_count(i)); 3184 3185 again: 3186 /* 3187 * Bring in the user page that we will copy from _first_. 3188 * Otherwise there's a nasty deadlock on copying from the 3189 * same page as we're writing to, without it being marked 3190 * up-to-date. 3191 * 3192 * Not only is this an optimisation, but it is also required 3193 * to check that the address is actually valid, when atomic 3194 * usercopies are used, below. 3195 */ 3196 if (unlikely(iov_iter_fault_in_readable(i, bytes))) { 3197 status = -EFAULT; 3198 break; 3199 } 3200 3201 if (fatal_signal_pending(current)) { 3202 status = -EINTR; 3203 break; 3204 } 3205 3206 status = a_ops->write_begin(file, mapping, pos, bytes, flags, 3207 &page, &fsdata); 3208 if (unlikely(status < 0)) 3209 break; 3210 3211 if (mapping_writably_mapped(mapping)) 3212 flush_dcache_page(page); 3213 3214 copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes); 3215 flush_dcache_page(page); 3216 3217 status = a_ops->write_end(file, mapping, pos, bytes, copied, 3218 page, fsdata); 3219 if (unlikely(status < 0)) 3220 break; 3221 copied = status; 3222 3223 cond_resched(); 3224 3225 iov_iter_advance(i, copied); 3226 if (unlikely(copied == 0)) { 3227 /* 3228 * If we were unable to copy any data at all, we must 3229 * fall back to a single segment length write. 3230 * 3231 * If we didn't fallback here, we could livelock 3232 * because not all segments in the iov can be copied at 3233 * once without a pagefault. 3234 */ 3235 bytes = min_t(unsigned long, PAGE_SIZE - offset, 3236 iov_iter_single_seg_count(i)); 3237 goto again; 3238 } 3239 pos += copied; 3240 written += copied; 3241 3242 balance_dirty_pages_ratelimited(mapping); 3243 } while (iov_iter_count(i)); 3244 3245 return written ? written : status; 3246 } 3247 EXPORT_SYMBOL(generic_perform_write); 3248 3249 /** 3250 * __generic_file_write_iter - write data to a file 3251 * @iocb: IO state structure (file, offset, etc.) 3252 * @from: iov_iter with data to write 3253 * 3254 * This function does all the work needed for actually writing data to a 3255 * file. It does all basic checks, removes SUID from the file, updates 3256 * modification times and calls proper subroutines depending on whether we 3257 * do direct IO or a standard buffered write. 3258 * 3259 * It expects i_mutex to be grabbed unless we work on a block device or similar 3260 * object which does not need locking at all. 3261 * 3262 * This function does *not* take care of syncing data in case of O_SYNC write. 3263 * A caller has to handle it. This is mainly due to the fact that we want to 3264 * avoid syncing under i_mutex. 3265 * 3266 * Return: 3267 * * number of bytes written, even for truncated writes 3268 * * negative error code if no data has been written at all 3269 */ 3270 ssize_t __generic_file_write_iter(struct kiocb *iocb, struct iov_iter *from) 3271 { 3272 struct file *file = iocb->ki_filp; 3273 struct address_space * mapping = file->f_mapping; 3274 struct inode *inode = mapping->host; 3275 ssize_t written = 0; 3276 ssize_t err; 3277 ssize_t status; 3278 3279 /* We can write back this queue in page reclaim */ 3280 current->backing_dev_info = inode_to_bdi(inode); 3281 err = file_remove_privs(file); 3282 if (err) 3283 goto out; 3284 3285 err = file_update_time(file); 3286 if (err) 3287 goto out; 3288 3289 if (iocb->ki_flags & IOCB_DIRECT) { 3290 loff_t pos, endbyte; 3291 3292 written = generic_file_direct_write(iocb, from); 3293 /* 3294 * If the write stopped short of completing, fall back to 3295 * buffered writes. Some filesystems do this for writes to 3296 * holes, for example. For DAX files, a buffered write will 3297 * not succeed (even if it did, DAX does not handle dirty 3298 * page-cache pages correctly). 3299 */ 3300 if (written < 0 || !iov_iter_count(from) || IS_DAX(inode)) 3301 goto out; 3302 3303 status = generic_perform_write(file, from, pos = iocb->ki_pos); 3304 /* 3305 * If generic_perform_write() returned a synchronous error 3306 * then we want to return the number of bytes which were 3307 * direct-written, or the error code if that was zero. Note 3308 * that this differs from normal direct-io semantics, which 3309 * will return -EFOO even if some bytes were written. 3310 */ 3311 if (unlikely(status < 0)) { 3312 err = status; 3313 goto out; 3314 } 3315 /* 3316 * We need to ensure that the page cache pages are written to 3317 * disk and invalidated to preserve the expected O_DIRECT 3318 * semantics. 3319 */ 3320 endbyte = pos + status - 1; 3321 err = filemap_write_and_wait_range(mapping, pos, endbyte); 3322 if (err == 0) { 3323 iocb->ki_pos = endbyte + 1; 3324 written += status; 3325 invalidate_mapping_pages(mapping, 3326 pos >> PAGE_SHIFT, 3327 endbyte >> PAGE_SHIFT); 3328 } else { 3329 /* 3330 * We don't know how much we wrote, so just return 3331 * the number of bytes which were direct-written 3332 */ 3333 } 3334 } else { 3335 written = generic_perform_write(file, from, iocb->ki_pos); 3336 if (likely(written > 0)) 3337 iocb->ki_pos += written; 3338 } 3339 out: 3340 current->backing_dev_info = NULL; 3341 return written ? written : err; 3342 } 3343 EXPORT_SYMBOL(__generic_file_write_iter); 3344 3345 /** 3346 * generic_file_write_iter - write data to a file 3347 * @iocb: IO state structure 3348 * @from: iov_iter with data to write 3349 * 3350 * This is a wrapper around __generic_file_write_iter() to be used by most 3351 * filesystems. It takes care of syncing the file in case of O_SYNC file 3352 * and acquires i_mutex as needed. 3353 * Return: 3354 * * negative error code if no data has been written at all of 3355 * vfs_fsync_range() failed for a synchronous write 3356 * * number of bytes written, even for truncated writes 3357 */ 3358 ssize_t generic_file_write_iter(struct kiocb *iocb, struct iov_iter *from) 3359 { 3360 struct file *file = iocb->ki_filp; 3361 struct inode *inode = file->f_mapping->host; 3362 ssize_t ret; 3363 3364 inode_lock(inode); 3365 ret = generic_write_checks(iocb, from); 3366 if (ret > 0) 3367 ret = __generic_file_write_iter(iocb, from); 3368 inode_unlock(inode); 3369 3370 if (ret > 0) 3371 ret = generic_write_sync(iocb, ret); 3372 return ret; 3373 } 3374 EXPORT_SYMBOL(generic_file_write_iter); 3375 3376 /** 3377 * try_to_release_page() - release old fs-specific metadata on a page 3378 * 3379 * @page: the page which the kernel is trying to free 3380 * @gfp_mask: memory allocation flags (and I/O mode) 3381 * 3382 * The address_space is to try to release any data against the page 3383 * (presumably at page->private). 3384 * 3385 * This may also be called if PG_fscache is set on a page, indicating that the 3386 * page is known to the local caching routines. 3387 * 3388 * The @gfp_mask argument specifies whether I/O may be performed to release 3389 * this page (__GFP_IO), and whether the call may block (__GFP_RECLAIM & __GFP_FS). 3390 * 3391 * Return: %1 if the release was successful, otherwise return zero. 3392 */ 3393 int try_to_release_page(struct page *page, gfp_t gfp_mask) 3394 { 3395 struct address_space * const mapping = page->mapping; 3396 3397 BUG_ON(!PageLocked(page)); 3398 if (PageWriteback(page)) 3399 return 0; 3400 3401 if (mapping && mapping->a_ops->releasepage) 3402 return mapping->a_ops->releasepage(page, gfp_mask); 3403 return try_to_free_buffers(page); 3404 } 3405 3406 EXPORT_SYMBOL(try_to_release_page); 3407