filemap.c 96.5 KB
Newer Older
1
// SPDX-License-Identifier: GPL-2.0-only
L
Linus Torvalds 已提交
2 3 4 5 6 7 8 9 10 11 12
/*
 *	linux/mm/filemap.c
 *
 * Copyright (C) 1994-1999  Linus Torvalds
 */

/*
 * This file handles the generic file mmap semantics used by
 * most "normal" filesystems (but you don't /have/ to use this:
 * the NFS filesystem used to do this differently, for example)
 */
13
#include <linux/export.h>
L
Linus Torvalds 已提交
14
#include <linux/compiler.h>
15
#include <linux/dax.h>
L
Linus Torvalds 已提交
16
#include <linux/fs.h>
17
#include <linux/sched/signal.h>
18
#include <linux/uaccess.h>
19
#include <linux/capability.h>
L
Linus Torvalds 已提交
20
#include <linux/kernel_stat.h>
21
#include <linux/gfp.h>
L
Linus Torvalds 已提交
22 23 24 25 26 27
#include <linux/mm.h>
#include <linux/swap.h>
#include <linux/mman.h>
#include <linux/pagemap.h>
#include <linux/file.h>
#include <linux/uio.h>
28
#include <linux/error-injection.h>
L
Linus Torvalds 已提交
29 30
#include <linux/hash.h>
#include <linux/writeback.h>
31
#include <linux/backing-dev.h>
L
Linus Torvalds 已提交
32 33 34
#include <linux/pagevec.h>
#include <linux/blkdev.h>
#include <linux/security.h>
35
#include <linux/cpuset.h>
36
#include <linux/hugetlb.h>
37
#include <linux/memcontrol.h>
38
#include <linux/cleancache.h>
39
#include <linux/shmem_fs.h>
40
#include <linux/rmap.h>
41
#include <linux/delayacct.h>
42
#include <linux/psi.h>
43 44
#include "internal.h"

R
Robert Jarzmik 已提交
45 46 47
#define CREATE_TRACE_POINTS
#include <trace/events/filemap.h>

L
Linus Torvalds 已提交
48 49 50
/*
 * FIXME: remove all knowledge of the buffer layer from the core VM
 */
51
#include <linux/buffer_head.h> /* for try_to_free_buffers */
L
Linus Torvalds 已提交
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69

#include <asm/mman.h>

/*
 * Shared mappings implemented 30.11.1994. It's not fully working yet,
 * though.
 *
 * Shared mappings now work. 15.8.1995  Bruno.
 *
 * finished 'unifying' the page and buffer cache and SMP-threaded the
 * page-cache, 21.05.1999, Ingo Molnar <mingo@redhat.com>
 *
 * SMP-threaded pagemap-LRU 1999, Andrea Arcangeli <andrea@suse.de>
 */

/*
 * Lock ordering:
 *
70
 *  ->i_mmap_rwsem		(truncate_pagecache)
L
Linus Torvalds 已提交
71
 *    ->private_lock		(__free_pte->__set_page_dirty_buffers)
72
 *      ->swap_lock		(exclusive_swap_page, others)
M
Matthew Wilcox 已提交
73
 *        ->i_pages lock
L
Linus Torvalds 已提交
74
 *
75
 *  ->i_mutex
76
 *    ->i_mmap_rwsem		(truncate->unmap_mapping_range)
L
Linus Torvalds 已提交
77 78
 *
 *  ->mmap_sem
79
 *    ->i_mmap_rwsem
80
 *      ->page_table_lock or pte_lock	(various, mainly in memory.c)
M
Matthew Wilcox 已提交
81
 *        ->i_pages lock	(arch-dependent flush_dcache_mmap_lock)
L
Linus Torvalds 已提交
82 83 84 85
 *
 *  ->mmap_sem
 *    ->lock_page		(access_process_vm)
 *
A
Al Viro 已提交
86
 *  ->i_mutex			(generic_perform_write)
87
 *    ->mmap_sem		(fault_in_pages_readable->do_page_fault)
L
Linus Torvalds 已提交
88
 *
89
 *  bdi->wb.list_lock
90
 *    sb_lock			(fs/fs-writeback.c)
M
Matthew Wilcox 已提交
91
 *    ->i_pages lock		(__sync_single_inode)
L
Linus Torvalds 已提交
92
 *
93
 *  ->i_mmap_rwsem
L
Linus Torvalds 已提交
94 95 96
 *    ->anon_vma.lock		(vma_adjust)
 *
 *  ->anon_vma.lock
97
 *    ->page_table_lock or pte_lock	(anon_vma_prepare and various)
L
Linus Torvalds 已提交
98
 *
99
 *  ->page_table_lock or pte_lock
100
 *    ->swap_lock		(try_to_unmap_one)
L
Linus Torvalds 已提交
101
 *    ->private_lock		(try_to_unmap_one)
M
Matthew Wilcox 已提交
102
 *    ->i_pages lock		(try_to_unmap_one)
103 104
 *    ->pgdat->lru_lock		(follow_page->mark_page_accessed)
 *    ->pgdat->lru_lock		(check_pte_range->isolate_lru_page)
L
Linus Torvalds 已提交
105
 *    ->private_lock		(page_remove_rmap->set_page_dirty)
M
Matthew Wilcox 已提交
106
 *    ->i_pages lock		(page_remove_rmap->set_page_dirty)
107
 *    bdi.wb->list_lock		(page_remove_rmap->set_page_dirty)
108
 *    ->inode->i_lock		(page_remove_rmap->set_page_dirty)
109
 *    ->memcg->move_lock	(page_remove_rmap->lock_page_memcg)
110
 *    bdi.wb->list_lock		(zap_pte_range->set_page_dirty)
111
 *    ->inode->i_lock		(zap_pte_range->set_page_dirty)
L
Linus Torvalds 已提交
112 113
 *    ->private_lock		(zap_pte_range->__set_page_dirty_buffers)
 *
114
 * ->i_mmap_rwsem
115
 *   ->tasklist_lock            (memory_failure, collect_procs_ao)
L
Linus Torvalds 已提交
116 117
 */

118
static void page_cache_delete(struct address_space *mapping,
119 120
				   struct page *page, void *shadow)
{
121 122
	XA_STATE(xas, &mapping->i_pages, page->index);
	unsigned int nr = 1;
123

124
	mapping_set_update(&xas, mapping);
125

126 127 128 129 130
	/* hugetlb pages are represented by a single entry in the xarray */
	if (!PageHuge(page)) {
		xas_set_order(&xas, page->index, compound_order(page));
		nr = 1U << compound_order(page);
	}
131

132 133 134
	VM_BUG_ON_PAGE(!PageLocked(page), page);
	VM_BUG_ON_PAGE(PageTail(page), page);
	VM_BUG_ON_PAGE(nr != 1 && shadow, page);
135

136 137
	xas_store(&xas, shadow);
	xas_init_marks(&xas);
138

139 140 141
	page->mapping = NULL;
	/* Leave page->index set: truncation lookup relies upon it */

142 143 144 145 146 147 148 149 150 151 152
	if (shadow) {
		mapping->nrexceptional += nr;
		/*
		 * Make sure the nrexceptional update is committed before
		 * the nrpages update so that final truncate racing
		 * with reclaim does not see both counters 0 at the
		 * same time and miss a shadow entry.
		 */
		smp_wmb();
	}
	mapping->nrpages -= nr;
153 154
}

155 156
static void unaccount_page_cache_page(struct address_space *mapping,
				      struct page *page)
L
Linus Torvalds 已提交
157
{
158
	int nr;
L
Linus Torvalds 已提交
159

160 161 162 163 164 165 166 167
	/*
	 * if we're uptodate, flush out into the cleancache, otherwise
	 * invalidate any existing cleancache entries.  We can't leave
	 * stale data around in the cleancache once our page is gone
	 */
	if (PageUptodate(page) && PageMappedToDisk(page))
		cleancache_put_page(page);
	else
168
		cleancache_invalidate_page(mapping, page);
169

170
	VM_BUG_ON_PAGE(PageTail(page), page);
171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190
	VM_BUG_ON_PAGE(page_mapped(page), page);
	if (!IS_ENABLED(CONFIG_DEBUG_VM) && unlikely(page_mapped(page))) {
		int mapcount;

		pr_alert("BUG: Bad page cache in process %s  pfn:%05lx\n",
			 current->comm, page_to_pfn(page));
		dump_page(page, "still mapped when deleted");
		dump_stack();
		add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);

		mapcount = page_mapcount(page);
		if (mapping_exiting(mapping) &&
		    page_count(page) >= mapcount + 2) {
			/*
			 * All vmas have already been torn down, so it's
			 * a good bet that actually the page is unmapped,
			 * and we'd prefer not to leak it: if we're wrong,
			 * some other bad page check should catch it later.
			 */
			page_mapcount_reset(page);
191
			page_ref_sub(page, mapcount);
192 193 194
		}
	}

195
	/* hugetlb pages do not participate in page cache accounting. */
196 197
	if (PageHuge(page))
		return;
198

199 200 201 202 203 204 205 206 207
	nr = hpage_nr_pages(page);

	__mod_node_page_state(page_pgdat(page), NR_FILE_PAGES, -nr);
	if (PageSwapBacked(page)) {
		__mod_node_page_state(page_pgdat(page), NR_SHMEM, -nr);
		if (PageTransHuge(page))
			__dec_node_page_state(page, NR_SHMEM_THPS);
	} else {
		VM_BUG_ON_PAGE(PageTransHuge(page), page);
208
	}
209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226

	/*
	 * At this point page must be either written or cleaned by
	 * truncate.  Dirty page here signals a bug and loss of
	 * unwritten data.
	 *
	 * This fixes dirty accounting after removing the page entirely
	 * but leaves PageDirty set: it has no effect for truncated
	 * page and anyway will be cleared before returning page into
	 * buddy allocator.
	 */
	if (WARN_ON_ONCE(PageDirty(page)))
		account_page_cleaned(page, mapping, inode_to_wb(mapping->host));
}

/*
 * Delete a page from the page cache and free it. Caller has to make
 * sure the page is locked and that nobody else uses it - or that usage
M
Matthew Wilcox 已提交
227
 * is safe.  The caller must hold the i_pages lock.
228 229 230 231 232 233 234 235
 */
void __delete_from_page_cache(struct page *page, void *shadow)
{
	struct address_space *mapping = page->mapping;

	trace_mm_filemap_delete_from_page_cache(page);

	unaccount_page_cache_page(mapping, page);
236
	page_cache_delete(mapping, page, shadow);
L
Linus Torvalds 已提交
237 238
}

239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255
static void page_cache_free_page(struct address_space *mapping,
				struct page *page)
{
	void (*freepage)(struct page *);

	freepage = mapping->a_ops->freepage;
	if (freepage)
		freepage(page);

	if (PageTransHuge(page) && !PageHuge(page)) {
		page_ref_sub(page, HPAGE_PMD_NR);
		VM_BUG_ON_PAGE(page_count(page) <= 0, page);
	} else {
		put_page(page);
	}
}

256 257 258 259 260 261 262 263 264
/**
 * delete_from_page_cache - delete page from page cache
 * @page: the page which the kernel is trying to remove from page cache
 *
 * This must be called only on pages that have been verified to be in the page
 * cache and locked.  It will never put the page into the free list, the caller
 * has a reference on the page.
 */
void delete_from_page_cache(struct page *page)
L
Linus Torvalds 已提交
265
{
266
	struct address_space *mapping = page_mapping(page);
267
	unsigned long flags;
L
Linus Torvalds 已提交
268

M
Matt Mackall 已提交
269
	BUG_ON(!PageLocked(page));
M
Matthew Wilcox 已提交
270
	xa_lock_irqsave(&mapping->i_pages, flags);
J
Johannes Weiner 已提交
271
	__delete_from_page_cache(page, NULL);
M
Matthew Wilcox 已提交
272
	xa_unlock_irqrestore(&mapping->i_pages, flags);
273

274
	page_cache_free_page(mapping, page);
275 276 277
}
EXPORT_SYMBOL(delete_from_page_cache);

278
/*
279
 * page_cache_delete_batch - delete several pages from page cache
280 281 282
 * @mapping: the mapping to which pages belong
 * @pvec: pagevec with pages to delete
 *
M
Matthew Wilcox 已提交
283
 * The function walks over mapping->i_pages and removes pages passed in @pvec
284
 * from the mapping. The function expects @pvec to be sorted by page index.
M
Matthew Wilcox 已提交
285
 * It tolerates holes in @pvec (mapping entries at those indices are not
286
 * modified). The function expects only THP head pages to be present in the
287 288
 * @pvec and takes care to delete all corresponding tail pages from the
 * mapping as well.
289
 *
M
Matthew Wilcox 已提交
290
 * The function expects the i_pages lock to be held.
291
 */
292
static void page_cache_delete_batch(struct address_space *mapping,
293 294
			     struct pagevec *pvec)
{
295
	XA_STATE(xas, &mapping->i_pages, pvec->pages[0]->index);
296
	int total_pages = 0;
297
	int i = 0, tail_pages = 0;
298 299
	struct page *page;

300 301
	mapping_set_update(&xas, mapping);
	xas_for_each(&xas, page, ULONG_MAX) {
302
		if (i >= pagevec_count(pvec) && !tail_pages)
303
			break;
304
		if (xa_is_value(page))
305
			continue;
306 307 308 309 310 311 312 313 314 315 316 317 318 319
		if (!tail_pages) {
			/*
			 * Some page got inserted in our range? Skip it. We
			 * have our pages locked so they are protected from
			 * being removed.
			 */
			if (page != pvec->pages[i]) {
				VM_BUG_ON_PAGE(page->index >
						pvec->pages[i]->index, page);
				continue;
			}
			WARN_ON_ONCE(!PageLocked(page));
			if (PageTransHuge(page) && !PageHuge(page))
				tail_pages = HPAGE_PMD_NR - 1;
320
			page->mapping = NULL;
321 322 323 324
			/*
			 * Leave page->index set: truncation lookup relies
			 * upon it
			 */
325
			i++;
326 327 328 329 330
		} else {
			VM_BUG_ON_PAGE(page->index + HPAGE_PMD_NR - tail_pages
					!= pvec->pages[i]->index, page);
			tail_pages--;
		}
331
		xas_store(&xas, NULL);
332 333 334 335 336 337 338 339 340 341 342 343 344 345
		total_pages++;
	}
	mapping->nrpages -= total_pages;
}

void delete_from_page_cache_batch(struct address_space *mapping,
				  struct pagevec *pvec)
{
	int i;
	unsigned long flags;

	if (!pagevec_count(pvec))
		return;

M
Matthew Wilcox 已提交
346
	xa_lock_irqsave(&mapping->i_pages, flags);
347 348 349 350 351
	for (i = 0; i < pagevec_count(pvec); i++) {
		trace_mm_filemap_delete_from_page_cache(pvec->pages[i]);

		unaccount_page_cache_page(mapping, pvec->pages[i]);
	}
352
	page_cache_delete_batch(mapping, pvec);
M
Matthew Wilcox 已提交
353
	xa_unlock_irqrestore(&mapping->i_pages, flags);
354 355 356 357 358

	for (i = 0; i < pagevec_count(pvec); i++)
		page_cache_free_page(mapping, pvec->pages[i]);
}

359
int filemap_check_errors(struct address_space *mapping)
360 361 362
{
	int ret = 0;
	/* Check for outstanding write errors */
363 364
	if (test_bit(AS_ENOSPC, &mapping->flags) &&
	    test_and_clear_bit(AS_ENOSPC, &mapping->flags))
365
		ret = -ENOSPC;
366 367
	if (test_bit(AS_EIO, &mapping->flags) &&
	    test_and_clear_bit(AS_EIO, &mapping->flags))
368 369 370
		ret = -EIO;
	return ret;
}
371
EXPORT_SYMBOL(filemap_check_errors);
372

373 374 375 376 377 378 379 380 381 382
static int filemap_check_and_keep_errors(struct address_space *mapping)
{
	/* Check for outstanding write errors */
	if (test_bit(AS_EIO, &mapping->flags))
		return -EIO;
	if (test_bit(AS_ENOSPC, &mapping->flags))
		return -ENOSPC;
	return 0;
}

L
Linus Torvalds 已提交
383
/**
384
 * __filemap_fdatawrite_range - start writeback on mapping dirty pages in range
385 386
 * @mapping:	address space structure to write
 * @start:	offset in bytes where the range starts
387
 * @end:	offset in bytes where the range ends (inclusive)
388
 * @sync_mode:	enable synchronous operation
L
Linus Torvalds 已提交
389
 *
390 391 392
 * Start writeback against all of a mapping's dirty pages that lie
 * within the byte offsets <start, end> inclusive.
 *
L
Linus Torvalds 已提交
393
 * If sync_mode is WB_SYNC_ALL then this is a "data integrity" operation, as
394
 * opposed to a regular memory cleansing writeback.  The difference between
L
Linus Torvalds 已提交
395 396
 * these two operations is that if a dirty page/buffer is encountered, it must
 * be waited upon, and not just skipped over.
397 398
 *
 * Return: %0 on success, negative error code otherwise.
L
Linus Torvalds 已提交
399
 */
400 401
int __filemap_fdatawrite_range(struct address_space *mapping, loff_t start,
				loff_t end, int sync_mode)
L
Linus Torvalds 已提交
402 403 404 405
{
	int ret;
	struct writeback_control wbc = {
		.sync_mode = sync_mode,
406
		.nr_to_write = LONG_MAX,
407 408
		.range_start = start,
		.range_end = end,
L
Linus Torvalds 已提交
409 410 411 412 413
	};

	if (!mapping_cap_writeback_dirty(mapping))
		return 0;

414
	wbc_attach_fdatawrite_inode(&wbc, mapping->host);
L
Linus Torvalds 已提交
415
	ret = do_writepages(mapping, &wbc);
416
	wbc_detach_inode(&wbc);
L
Linus Torvalds 已提交
417 418 419 420 421 422
	return ret;
}

static inline int __filemap_fdatawrite(struct address_space *mapping,
	int sync_mode)
{
423
	return __filemap_fdatawrite_range(mapping, 0, LLONG_MAX, sync_mode);
L
Linus Torvalds 已提交
424 425 426 427 428 429 430 431
}

int filemap_fdatawrite(struct address_space *mapping)
{
	return __filemap_fdatawrite(mapping, WB_SYNC_ALL);
}
EXPORT_SYMBOL(filemap_fdatawrite);

432
int filemap_fdatawrite_range(struct address_space *mapping, loff_t start,
433
				loff_t end)
L
Linus Torvalds 已提交
434 435 436
{
	return __filemap_fdatawrite_range(mapping, start, end, WB_SYNC_ALL);
}
437
EXPORT_SYMBOL(filemap_fdatawrite_range);
L
Linus Torvalds 已提交
438

439 440 441 442
/**
 * filemap_flush - mostly a non-blocking flush
 * @mapping:	target address_space
 *
L
Linus Torvalds 已提交
443 444
 * This is a mostly non-blocking flush.  Not suitable for data-integrity
 * purposes - I/O may not be started against all dirty pages.
445 446
 *
 * Return: %0 on success, negative error code otherwise.
L
Linus Torvalds 已提交
447 448 449 450 451 452 453
 */
int filemap_flush(struct address_space *mapping)
{
	return __filemap_fdatawrite(mapping, WB_SYNC_NONE);
}
EXPORT_SYMBOL(filemap_flush);

454 455 456 457 458 459 460 461
/**
 * filemap_range_has_page - check if a page exists in range.
 * @mapping:           address space within which to check
 * @start_byte:        offset in bytes where the range starts
 * @end_byte:          offset in bytes where the range ends (inclusive)
 *
 * Find at least one page in the range supplied, usually used to check if
 * direct writing in this range will trigger a writeback.
462 463 464
 *
 * Return: %true if at least one page exists in the specified range,
 * %false otherwise.
465 466 467 468
 */
bool filemap_range_has_page(struct address_space *mapping,
			   loff_t start_byte, loff_t end_byte)
{
469
	struct page *page;
470 471
	XA_STATE(xas, &mapping->i_pages, start_byte >> PAGE_SHIFT);
	pgoff_t max = end_byte >> PAGE_SHIFT;
472 473 474 475

	if (end_byte < start_byte)
		return false;

476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491
	rcu_read_lock();
	for (;;) {
		page = xas_find(&xas, max);
		if (xas_retry(&xas, page))
			continue;
		/* Shadow entries don't count */
		if (xa_is_value(page))
			continue;
		/*
		 * We don't need to try to pin this page; we're about to
		 * release the RCU lock anyway.  It is enough to know that
		 * there was a page here recently.
		 */
		break;
	}
	rcu_read_unlock();
492

493
	return page != NULL;
494 495 496
}
EXPORT_SYMBOL(filemap_range_has_page);

497
static void __filemap_fdatawait_range(struct address_space *mapping,
498
				     loff_t start_byte, loff_t end_byte)
L
Linus Torvalds 已提交
499
{
500 501
	pgoff_t index = start_byte >> PAGE_SHIFT;
	pgoff_t end = end_byte >> PAGE_SHIFT;
L
Linus Torvalds 已提交
502 503 504
	struct pagevec pvec;
	int nr_pages;

505
	if (end_byte < start_byte)
506
		return;
L
Linus Torvalds 已提交
507

508
	pagevec_init(&pvec);
509
	while (index <= end) {
L
Linus Torvalds 已提交
510 511
		unsigned i;

512
		nr_pages = pagevec_lookup_range_tag(&pvec, mapping, &index,
513
				end, PAGECACHE_TAG_WRITEBACK);
514 515 516
		if (!nr_pages)
			break;

L
Linus Torvalds 已提交
517 518 519 520
		for (i = 0; i < nr_pages; i++) {
			struct page *page = pvec.pages[i];

			wait_on_page_writeback(page);
521
			ClearPageError(page);
L
Linus Torvalds 已提交
522 523 524 525
		}
		pagevec_release(&pvec);
		cond_resched();
	}
526 527 528 529 530 531 532 533 534 535 536 537 538 539 540
}

/**
 * filemap_fdatawait_range - wait for writeback to complete
 * @mapping:		address space structure to wait for
 * @start_byte:		offset in bytes where the range starts
 * @end_byte:		offset in bytes where the range ends (inclusive)
 *
 * Walk the list of under-writeback pages of the given address space
 * in the given range and wait for all of them.  Check error status of
 * the address space and return it.
 *
 * Since the error status of the address space is cleared by this function,
 * callers are responsible for checking the return value and handling and/or
 * reporting the error.
541 542
 *
 * Return: error status of the address space.
543 544 545 546
 */
int filemap_fdatawait_range(struct address_space *mapping, loff_t start_byte,
			    loff_t end_byte)
{
547 548
	__filemap_fdatawait_range(mapping, start_byte, end_byte);
	return filemap_check_errors(mapping);
L
Linus Torvalds 已提交
549
}
550 551
EXPORT_SYMBOL(filemap_fdatawait_range);

552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573
/**
 * filemap_fdatawait_range_keep_errors - wait for writeback to complete
 * @mapping:		address space structure to wait for
 * @start_byte:		offset in bytes where the range starts
 * @end_byte:		offset in bytes where the range ends (inclusive)
 *
 * Walk the list of under-writeback pages of the given address space in the
 * given range and wait for all of them.  Unlike filemap_fdatawait_range(),
 * this function does not clear error status of the address space.
 *
 * Use this function if callers don't handle errors themselves.  Expected
 * call sites are system-wide / filesystem-wide data flushers: e.g. sync(2),
 * fsfreeze(8)
 */
int filemap_fdatawait_range_keep_errors(struct address_space *mapping,
		loff_t start_byte, loff_t end_byte)
{
	__filemap_fdatawait_range(mapping, start_byte, end_byte);
	return filemap_check_and_keep_errors(mapping);
}
EXPORT_SYMBOL(filemap_fdatawait_range_keep_errors);

574 575 576 577 578 579 580 581 582 583 584 585 586
/**
 * file_fdatawait_range - wait for writeback to complete
 * @file:		file pointing to address space structure to wait for
 * @start_byte:		offset in bytes where the range starts
 * @end_byte:		offset in bytes where the range ends (inclusive)
 *
 * Walk the list of under-writeback pages of the address space that file
 * refers to, in the given range and wait for all of them.  Check error
 * status of the address space vs. the file->f_wb_err cursor and return it.
 *
 * Since the error status of the file is advanced by this function,
 * callers are responsible for checking the return value and handling and/or
 * reporting the error.
587 588
 *
 * Return: error status of the address space vs. the file->f_wb_err cursor.
589 590 591 592 593 594 595 596 597
 */
int file_fdatawait_range(struct file *file, loff_t start_byte, loff_t end_byte)
{
	struct address_space *mapping = file->f_mapping;

	__filemap_fdatawait_range(mapping, start_byte, end_byte);
	return file_check_and_advance_wb_err(file);
}
EXPORT_SYMBOL(file_fdatawait_range);
598

599 600 601 602 603 604 605 606 607 608 609
/**
 * filemap_fdatawait_keep_errors - wait for writeback without clearing errors
 * @mapping: address space structure to wait for
 *
 * Walk the list of under-writeback pages of the given address space
 * and wait for all of them.  Unlike filemap_fdatawait(), this function
 * does not clear error status of the address space.
 *
 * Use this function if callers don't handle errors themselves.  Expected
 * call sites are system-wide / filesystem-wide data flushers: e.g. sync(2),
 * fsfreeze(8)
610 611
 *
 * Return: error status of the address space.
612
 */
613
int filemap_fdatawait_keep_errors(struct address_space *mapping)
614
{
615
	__filemap_fdatawait_range(mapping, 0, LLONG_MAX);
616
	return filemap_check_and_keep_errors(mapping);
617
}
618
EXPORT_SYMBOL(filemap_fdatawait_keep_errors);
619

620
static bool mapping_needs_writeback(struct address_space *mapping)
L
Linus Torvalds 已提交
621
{
622 623
	return (!dax_mapping(mapping) && mapping->nrpages) ||
	    (dax_mapping(mapping) && mapping->nrexceptional);
L
Linus Torvalds 已提交
624 625 626 627
}

int filemap_write_and_wait(struct address_space *mapping)
{
628
	int err = 0;
L
Linus Torvalds 已提交
629

630
	if (mapping_needs_writeback(mapping)) {
631 632 633 634 635 636 637 638 639 640 641
		err = filemap_fdatawrite(mapping);
		/*
		 * Even if the above returned error, the pages may be
		 * written partially (e.g. -ENOSPC), so we wait for it.
		 * But the -EIO is special case, it may indicate the worst
		 * thing (e.g. bug) happened, so we avoid waiting for it.
		 */
		if (err != -EIO) {
			int err2 = filemap_fdatawait(mapping);
			if (!err)
				err = err2;
642 643 644
		} else {
			/* Clear any previously stored errors */
			filemap_check_errors(mapping);
645
		}
646 647
	} else {
		err = filemap_check_errors(mapping);
L
Linus Torvalds 已提交
648
	}
649
	return err;
L
Linus Torvalds 已提交
650
}
651
EXPORT_SYMBOL(filemap_write_and_wait);
L
Linus Torvalds 已提交
652

653 654 655 656 657 658
/**
 * filemap_write_and_wait_range - write out & wait on a file range
 * @mapping:	the address_space for the pages
 * @lstart:	offset in bytes where the range starts
 * @lend:	offset in bytes where the range ends (inclusive)
 *
659 660
 * Write out and wait upon file offsets lstart->lend, inclusive.
 *
661
 * Note that @lend is inclusive (describes the last byte to be written) so
662
 * that this function can be used to write to the very end-of-file (end = -1).
663 664
 *
 * Return: error status of the address space.
665
 */
L
Linus Torvalds 已提交
666 667 668
int filemap_write_and_wait_range(struct address_space *mapping,
				 loff_t lstart, loff_t lend)
{
669
	int err = 0;
L
Linus Torvalds 已提交
670

671
	if (mapping_needs_writeback(mapping)) {
672 673 674 675
		err = __filemap_fdatawrite_range(mapping, lstart, lend,
						 WB_SYNC_ALL);
		/* See comment of filemap_write_and_wait() */
		if (err != -EIO) {
676 677
			int err2 = filemap_fdatawait_range(mapping,
						lstart, lend);
678 679
			if (!err)
				err = err2;
680 681 682
		} else {
			/* Clear any previously stored errors */
			filemap_check_errors(mapping);
683
		}
684 685
	} else {
		err = filemap_check_errors(mapping);
L
Linus Torvalds 已提交
686
	}
687
	return err;
L
Linus Torvalds 已提交
688
}
689
EXPORT_SYMBOL(filemap_write_and_wait_range);
L
Linus Torvalds 已提交
690

691 692
void __filemap_set_wb_err(struct address_space *mapping, int err)
{
693
	errseq_t eseq = errseq_set(&mapping->wb_err, err);
694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719

	trace_filemap_set_wb_err(mapping, eseq);
}
EXPORT_SYMBOL(__filemap_set_wb_err);

/**
 * file_check_and_advance_wb_err - report wb error (if any) that was previously
 * 				   and advance wb_err to current one
 * @file: struct file on which the error is being reported
 *
 * When userland calls fsync (or something like nfsd does the equivalent), we
 * want to report any writeback errors that occurred since the last fsync (or
 * since the file was opened if there haven't been any).
 *
 * Grab the wb_err from the mapping. If it matches what we have in the file,
 * then just quickly return 0. The file is all caught up.
 *
 * If it doesn't match, then take the mapping value, set the "seen" flag in
 * it and try to swap it into place. If it works, or another task beat us
 * to it with the new value, then update the f_wb_err and return the error
 * portion. The error at this point must be reported via proper channels
 * (a'la fsync, or NFS COMMIT operation, etc.).
 *
 * While we handle mapping->wb_err with atomic operations, the f_wb_err
 * value is protected by the f_lock since we must ensure that it reflects
 * the latest value swapped in for this file descriptor.
720 721
 *
 * Return: %0 on success, negative error code otherwise.
722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738
 */
int file_check_and_advance_wb_err(struct file *file)
{
	int err = 0;
	errseq_t old = READ_ONCE(file->f_wb_err);
	struct address_space *mapping = file->f_mapping;

	/* Locklessly handle the common case where nothing has changed */
	if (errseq_check(&mapping->wb_err, old)) {
		/* Something changed, must use slow path */
		spin_lock(&file->f_lock);
		old = file->f_wb_err;
		err = errseq_check_and_advance(&mapping->wb_err,
						&file->f_wb_err);
		trace_file_check_and_advance_wb_err(file, old);
		spin_unlock(&file->f_lock);
	}
739 740 741 742 743 744 745 746

	/*
	 * We're mostly using this function as a drop in replacement for
	 * filemap_check_errors. Clear AS_EIO/AS_ENOSPC to emulate the effect
	 * that the legacy code would have had on these flags.
	 */
	clear_bit(AS_EIO, &mapping->flags);
	clear_bit(AS_ENOSPC, &mapping->flags);
747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763
	return err;
}
EXPORT_SYMBOL(file_check_and_advance_wb_err);

/**
 * file_write_and_wait_range - write out & wait on a file range
 * @file:	file pointing to address_space with pages
 * @lstart:	offset in bytes where the range starts
 * @lend:	offset in bytes where the range ends (inclusive)
 *
 * Write out and wait upon file offsets lstart->lend, inclusive.
 *
 * Note that @lend is inclusive (describes the last byte to be written) so
 * that this function can be used to write to the very end-of-file (end = -1).
 *
 * After writing out and waiting on the data, we check and advance the
 * f_wb_err cursor to the latest value, and return any errors detected there.
764 765
 *
 * Return: %0 on success, negative error code otherwise.
766 767 768 769 770 771
 */
int file_write_and_wait_range(struct file *file, loff_t lstart, loff_t lend)
{
	int err = 0, err2;
	struct address_space *mapping = file->f_mapping;

772
	if (mapping_needs_writeback(mapping)) {
773 774 775 776 777 778 779 780 781 782 783 784 785
		err = __filemap_fdatawrite_range(mapping, lstart, lend,
						 WB_SYNC_ALL);
		/* See comment of filemap_write_and_wait() */
		if (err != -EIO)
			__filemap_fdatawait_range(mapping, lstart, lend);
	}
	err2 = file_check_and_advance_wb_err(file);
	if (!err)
		err = err2;
	return err;
}
EXPORT_SYMBOL(file_write_and_wait_range);

786 787 788 789 790 791 792 793 794 795 796 797
/**
 * replace_page_cache_page - replace a pagecache page with a new one
 * @old:	page to be replaced
 * @new:	page to replace with
 * @gfp_mask:	allocation mode
 *
 * This function replaces a page in the pagecache with a new one.  On
 * success it acquires the pagecache reference for the new page and
 * drops it for the old page.  Both the old and new pages must be
 * locked.  This function does not add the new page to the LRU, the
 * caller must do that.
 *
798
 * The remove + add is atomic.  This function cannot fail.
799 800
 *
 * Return: %0
801 802 803
 */
int replace_page_cache_page(struct page *old, struct page *new, gfp_t gfp_mask)
{
804 805 806 807 808
	struct address_space *mapping = old->mapping;
	void (*freepage)(struct page *) = mapping->a_ops->freepage;
	pgoff_t offset = old->index;
	XA_STATE(xas, &mapping->i_pages, offset);
	unsigned long flags;
809

810 811 812
	VM_BUG_ON_PAGE(!PageLocked(old), old);
	VM_BUG_ON_PAGE(!PageLocked(new), new);
	VM_BUG_ON_PAGE(new->mapping, new);
813

814 815 816
	get_page(new);
	new->mapping = mapping;
	new->index = offset;
817

818 819
	xas_lock_irqsave(&xas, flags);
	xas_store(&xas, new);
820

821 822 823 824 825 826 827 828 829 830 831 832 833 834 835
	old->mapping = NULL;
	/* hugetlb pages do not participate in page cache accounting. */
	if (!PageHuge(old))
		__dec_node_page_state(new, NR_FILE_PAGES);
	if (!PageHuge(new))
		__inc_node_page_state(new, NR_FILE_PAGES);
	if (PageSwapBacked(old))
		__dec_node_page_state(new, NR_SHMEM);
	if (PageSwapBacked(new))
		__inc_node_page_state(new, NR_SHMEM);
	xas_unlock_irqrestore(&xas, flags);
	mem_cgroup_migrate(old, new);
	if (freepage)
		freepage(old);
	put_page(old);
836

837
	return 0;
838 839 840
}
EXPORT_SYMBOL_GPL(replace_page_cache_page);

841 842 843 844
static int __add_to_page_cache_locked(struct page *page,
				      struct address_space *mapping,
				      pgoff_t offset, gfp_t gfp_mask,
				      void **shadowp)
L
Linus Torvalds 已提交
845
{
846
	XA_STATE(xas, &mapping->i_pages, offset);
847 848
	int huge = PageHuge(page);
	struct mem_cgroup *memcg;
N
Nick Piggin 已提交
849
	int error;
850
	void *old;
N
Nick Piggin 已提交
851

852 853
	VM_BUG_ON_PAGE(!PageLocked(page), page);
	VM_BUG_ON_PAGE(PageSwapBacked(page), page);
854
	mapping_set_update(&xas, mapping);
N
Nick Piggin 已提交
855

856 857
	if (!huge) {
		error = mem_cgroup_try_charge(page, current->mm,
858
					      gfp_mask, &memcg, false);
859 860 861
		if (error)
			return error;
	}
L
Linus Torvalds 已提交
862

863
	get_page(page);
864 865 866
	page->mapping = mapping;
	page->index = offset;

867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891
	do {
		xas_lock_irq(&xas);
		old = xas_load(&xas);
		if (old && !xa_is_value(old))
			xas_set_err(&xas, -EEXIST);
		xas_store(&xas, page);
		if (xas_error(&xas))
			goto unlock;

		if (xa_is_value(old)) {
			mapping->nrexceptional--;
			if (shadowp)
				*shadowp = old;
		}
		mapping->nrpages++;

		/* hugetlb pages do not participate in page cache accounting */
		if (!huge)
			__inc_node_page_state(page, NR_FILE_PAGES);
unlock:
		xas_unlock_irq(&xas);
	} while (xas_nomem(&xas, gfp_mask & GFP_RECLAIM_MASK));

	if (xas_error(&xas))
		goto error;
892

893
	if (!huge)
894
		mem_cgroup_commit_charge(page, memcg, false, false);
895 896
	trace_mm_filemap_add_to_page_cache(page);
	return 0;
897
error:
898 899
	page->mapping = NULL;
	/* Leave page->index set: truncation relies upon it */
900
	if (!huge)
901
		mem_cgroup_cancel_charge(page, memcg, false);
902
	put_page(page);
903
	return xas_error(&xas);
L
Linus Torvalds 已提交
904
}
905
ALLOW_ERROR_INJECTION(__add_to_page_cache_locked, ERRNO);
906 907 908 909 910 911 912 913 914 915

/**
 * add_to_page_cache_locked - add a locked page to the pagecache
 * @page:	page to add
 * @mapping:	the page's address_space
 * @offset:	page index
 * @gfp_mask:	page allocation mode
 *
 * This function is used to add a page to the pagecache. It must be locked.
 * This function does not add the page to the LRU.  The caller must do that.
916 917
 *
 * Return: %0 on success, negative error code otherwise.
918 919 920 921 922 923 924
 */
int add_to_page_cache_locked(struct page *page, struct address_space *mapping,
		pgoff_t offset, gfp_t gfp_mask)
{
	return __add_to_page_cache_locked(page, mapping, offset,
					  gfp_mask, NULL);
}
N
Nick Piggin 已提交
925
EXPORT_SYMBOL(add_to_page_cache_locked);
L
Linus Torvalds 已提交
926 927

int add_to_page_cache_lru(struct page *page, struct address_space *mapping,
A
Al Viro 已提交
928
				pgoff_t offset, gfp_t gfp_mask)
L
Linus Torvalds 已提交
929
{
930
	void *shadow = NULL;
931 932
	int ret;

933
	__SetPageLocked(page);
934 935 936
	ret = __add_to_page_cache_locked(page, mapping, offset,
					 gfp_mask, &shadow);
	if (unlikely(ret))
937
		__ClearPageLocked(page);
938 939 940 941 942
	else {
		/*
		 * The page might have been evicted from cache only
		 * recently, in which case it should be activated like
		 * any other repeatedly accessed page.
943 944 945
		 * The exception is pages getting rewritten; evicting other
		 * data from the working set, only to cache data that will
		 * get overwritten with something else, is a waste of memory.
946
		 */
947 948 949
		WARN_ON_ONCE(PageActive(page));
		if (!(gfp_mask & __GFP_WRITE) && shadow)
			workingset_refault(page, shadow);
950 951
		lru_cache_add(page);
	}
L
Linus Torvalds 已提交
952 953
	return ret;
}
954
EXPORT_SYMBOL_GPL(add_to_page_cache_lru);
L
Linus Torvalds 已提交
955

956
#ifdef CONFIG_NUMA
957
struct page *__page_cache_alloc(gfp_t gfp)
958
{
959 960 961
	int n;
	struct page *page;

962
	if (cpuset_do_page_mem_spread()) {
963 964
		unsigned int cpuset_mems_cookie;
		do {
965
			cpuset_mems_cookie = read_mems_allowed_begin();
966
			n = cpuset_mem_spread_node();
967
			page = __alloc_pages_node(n, gfp, 0);
968
		} while (!page && read_mems_allowed_retry(cpuset_mems_cookie));
969

970
		return page;
971
	}
972
	return alloc_pages(gfp, 0);
973
}
974
EXPORT_SYMBOL(__page_cache_alloc);
975 976
#endif

L
Linus Torvalds 已提交
977 978 979 980 981 982 983 984 985 986
/*
 * In order to wait for pages to become available there must be
 * waitqueues associated with pages. By using a hash table of
 * waitqueues where the bucket discipline is to maintain all
 * waiters on the same queue and wake all when any of the pages
 * become available, and for the woken contexts to check to be
 * sure the appropriate page became available, this saves space
 * at a cost of "thundering herd" phenomena during rare hash
 * collisions.
 */
987 988 989 990 991
#define PAGE_WAIT_TABLE_BITS 8
#define PAGE_WAIT_TABLE_SIZE (1 << PAGE_WAIT_TABLE_BITS)
static wait_queue_head_t page_wait_table[PAGE_WAIT_TABLE_SIZE] __cacheline_aligned;

static wait_queue_head_t *page_waitqueue(struct page *page)
L
Linus Torvalds 已提交
992
{
993
	return &page_wait_table[hash_ptr(page, PAGE_WAIT_TABLE_BITS)];
L
Linus Torvalds 已提交
994 995
}

996
void __init pagecache_init(void)
L
Linus Torvalds 已提交
997
{
998
	int i;
L
Linus Torvalds 已提交
999

1000 1001 1002 1003
	for (i = 0; i < PAGE_WAIT_TABLE_SIZE; i++)
		init_waitqueue_head(&page_wait_table[i]);

	page_writeback_init();
L
Linus Torvalds 已提交
1004 1005
}

L
Linus Torvalds 已提交
1006
/* This has the same layout as wait_bit_key - see fs/cachefiles/rdwr.c */
1007 1008 1009 1010 1011 1012 1013 1014 1015
struct wait_page_key {
	struct page *page;
	int bit_nr;
	int page_match;
};

struct wait_page_queue {
	struct page *page;
	int bit_nr;
1016
	wait_queue_entry_t wait;
1017 1018
};

1019
static int wake_page_function(wait_queue_entry_t *wait, unsigned mode, int sync, void *arg)
1020
{
1021 1022 1023 1024 1025 1026 1027
	struct wait_page_key *key = arg;
	struct wait_page_queue *wait_page
		= container_of(wait, struct wait_page_queue, wait);

	if (wait_page->page != key->page)
	       return 0;
	key->page_match = 1;
1028

1029 1030
	if (wait_page->bit_nr != key->bit_nr)
		return 0;
L
Linus Torvalds 已提交
1031

1032 1033 1034 1035 1036 1037 1038 1039
	/*
	 * Stop walking if it's locked.
	 * Is this safe if put_and_wait_on_page_locked() is in use?
	 * Yes: the waker must hold a reference to this page, and if PG_locked
	 * has now already been set by another task, that task must also hold
	 * a reference to the *same usage* of this page; so there is no need
	 * to walk on to wake even the put_and_wait_on_page_locked() callers.
	 */
1040
	if (test_bit(key->bit_nr, &key->page->flags))
L
Linus Torvalds 已提交
1041
		return -1;
1042

1043
	return autoremove_wake_function(wait, mode, sync, key);
1044 1045
}

1046
static void wake_up_page_bit(struct page *page, int bit_nr)
1047
{
1048 1049 1050
	wait_queue_head_t *q = page_waitqueue(page);
	struct wait_page_key key;
	unsigned long flags;
1051
	wait_queue_entry_t bookmark;
1052

1053 1054 1055 1056
	key.page = page;
	key.bit_nr = bit_nr;
	key.page_match = 0;

1057 1058 1059 1060 1061
	bookmark.flags = 0;
	bookmark.private = NULL;
	bookmark.func = NULL;
	INIT_LIST_HEAD(&bookmark.entry);

1062
	spin_lock_irqsave(&q->lock, flags);
1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077
	__wake_up_locked_key_bookmark(q, TASK_NORMAL, &key, &bookmark);

	while (bookmark.flags & WQ_FLAG_BOOKMARK) {
		/*
		 * Take a breather from holding the lock,
		 * allow pages that finish wake up asynchronously
		 * to acquire the lock and remove themselves
		 * from wait queue
		 */
		spin_unlock_irqrestore(&q->lock, flags);
		cpu_relax();
		spin_lock_irqsave(&q->lock, flags);
		__wake_up_locked_key_bookmark(q, TASK_NORMAL, &key, &bookmark);
	}

1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098
	/*
	 * It is possible for other pages to have collided on the waitqueue
	 * hash, so in that case check for a page match. That prevents a long-
	 * term waiter
	 *
	 * It is still possible to miss a case here, when we woke page waiters
	 * and removed them from the waitqueue, but there are still other
	 * page waiters.
	 */
	if (!waitqueue_active(q) || !key.page_match) {
		ClearPageWaiters(page);
		/*
		 * It's possible to miss clearing Waiters here, when we woke
		 * our page waiters, but the hashed waitqueue has waiters for
		 * other pages on it.
		 *
		 * That's okay, it's a rare case. The next waker will clear it.
		 */
	}
	spin_unlock_irqrestore(&q->lock, flags);
}
1099 1100 1101 1102 1103 1104 1105

static void wake_up_page(struct page *page, int bit)
{
	if (!PageWaiters(page))
		return;
	wake_up_page_bit(page, bit);
}
1106

1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121
/*
 * A choice of three behaviors for wait_on_page_bit_common():
 */
enum behavior {
	EXCLUSIVE,	/* Hold ref to page and take the bit when woken, like
			 * __lock_page() waiting on then setting PG_locked.
			 */
	SHARED,		/* Hold ref to page and check the bit when woken, like
			 * wait_on_page_writeback() waiting on PG_writeback.
			 */
	DROP,		/* Drop ref to page before wait, no check when woken,
			 * like put_and_wait_on_page_locked() on PG_locked.
			 */
};

1122
static inline int wait_on_page_bit_common(wait_queue_head_t *q,
1123
	struct page *page, int bit_nr, int state, enum behavior behavior)
1124 1125
{
	struct wait_page_queue wait_page;
1126
	wait_queue_entry_t *wait = &wait_page.wait;
1127
	bool bit_is_set;
1128
	bool thrashing = false;
1129
	bool delayacct = false;
1130
	unsigned long pflags;
1131 1132
	int ret = 0;

1133
	if (bit_nr == PG_locked &&
1134
	    !PageUptodate(page) && PageWorkingset(page)) {
1135
		if (!PageSwapBacked(page)) {
1136
			delayacct_thrashing_start();
1137 1138
			delayacct = true;
		}
1139
		psi_memstall_enter(&pflags);
1140 1141 1142
		thrashing = true;
	}

1143
	init_wait(wait);
1144
	wait->flags = behavior == EXCLUSIVE ? WQ_FLAG_EXCLUSIVE : 0;
1145 1146 1147 1148 1149 1150 1151
	wait->func = wake_page_function;
	wait_page.page = page;
	wait_page.bit_nr = bit_nr;

	for (;;) {
		spin_lock_irq(&q->lock);

1152
		if (likely(list_empty(&wait->entry))) {
L
Linus Torvalds 已提交
1153
			__add_wait_queue_entry_tail(q, wait);
1154 1155 1156 1157 1158 1159 1160
			SetPageWaiters(page);
		}

		set_current_state(state);

		spin_unlock_irq(&q->lock);

1161 1162 1163 1164 1165
		bit_is_set = test_bit(bit_nr, &page->flags);
		if (behavior == DROP)
			put_page(page);

		if (likely(bit_is_set))
1166 1167
			io_schedule();

1168
		if (behavior == EXCLUSIVE) {
1169 1170
			if (!test_and_set_bit_lock(bit_nr, &page->flags))
				break;
1171
		} else if (behavior == SHARED) {
1172 1173 1174
			if (!test_bit(bit_nr, &page->flags))
				break;
		}
1175

1176
		if (signal_pending_state(state, current)) {
1177 1178 1179
			ret = -EINTR;
			break;
		}
1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190

		if (behavior == DROP) {
			/*
			 * We can no longer safely access page->flags:
			 * even if CONFIG_MEMORY_HOTREMOVE is not enabled,
			 * there is a risk of waiting forever on a page reused
			 * for something that keeps it locked indefinitely.
			 * But best check for -EINTR above before breaking.
			 */
			break;
		}
1191 1192 1193 1194
	}

	finish_wait(q, wait);

1195
	if (thrashing) {
1196
		if (delayacct)
1197 1198 1199
			delayacct_thrashing_end();
		psi_memstall_leave(&pflags);
	}
1200

1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214
	/*
	 * A signal could leave PageWaiters set. Clearing it here if
	 * !waitqueue_active would be possible (by open-coding finish_wait),
	 * but still fail to catch it in the case of wait hash collision. We
	 * already can fail to clear wait hash collision cases, so don't
	 * bother with signals either.
	 */

	return ret;
}

void wait_on_page_bit(struct page *page, int bit_nr)
{
	wait_queue_head_t *q = page_waitqueue(page);
1215
	wait_on_page_bit_common(q, page, bit_nr, TASK_UNINTERRUPTIBLE, SHARED);
1216 1217 1218 1219 1220 1221
}
EXPORT_SYMBOL(wait_on_page_bit);

int wait_on_page_bit_killable(struct page *page, int bit_nr)
{
	wait_queue_head_t *q = page_waitqueue(page);
1222
	return wait_on_page_bit_common(q, page, bit_nr, TASK_KILLABLE, SHARED);
1223
}
1224
EXPORT_SYMBOL(wait_on_page_bit_killable);
1225

1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244
/**
 * put_and_wait_on_page_locked - Drop a reference and wait for it to be unlocked
 * @page: The page to wait for.
 *
 * The caller should hold a reference on @page.  They expect the page to
 * become unlocked relatively soon, but do not wish to hold up migration
 * (for example) by holding the reference while waiting for the page to
 * come unlocked.  After this function returns, the caller should not
 * dereference @page.
 */
void put_and_wait_on_page_locked(struct page *page)
{
	wait_queue_head_t *q;

	page = compound_head(page);
	q = page_waitqueue(page);
	wait_on_page_bit_common(q, page, PG_locked, TASK_UNINTERRUPTIBLE, DROP);
}

1245 1246
/**
 * add_page_wait_queue - Add an arbitrary waiter to a page's wait queue
R
Randy Dunlap 已提交
1247 1248
 * @page: Page defining the wait queue of interest
 * @waiter: Waiter to add to the queue
1249 1250 1251
 *
 * Add an arbitrary @waiter to the wait queue for the nominated @page.
 */
1252
void add_page_wait_queue(struct page *page, wait_queue_entry_t *waiter)
1253 1254 1255 1256 1257
{
	wait_queue_head_t *q = page_waitqueue(page);
	unsigned long flags;

	spin_lock_irqsave(&q->lock, flags);
1258
	__add_wait_queue_entry_tail(q, waiter);
1259
	SetPageWaiters(page);
1260 1261 1262 1263
	spin_unlock_irqrestore(&q->lock, flags);
}
EXPORT_SYMBOL_GPL(add_page_wait_queue);

1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281
#ifndef clear_bit_unlock_is_negative_byte

/*
 * PG_waiters is the high bit in the same byte as PG_lock.
 *
 * On x86 (and on many other architectures), we can clear PG_lock and
 * test the sign bit at the same time. But if the architecture does
 * not support that special operation, we just do this all by hand
 * instead.
 *
 * The read of PG_waiters has to be after (or concurrently with) PG_locked
 * being cleared, but a memory barrier should be unneccssary since it is
 * in the same byte as PG_locked.
 */
static inline bool clear_bit_unlock_is_negative_byte(long nr, volatile void *mem)
{
	clear_bit_unlock(nr, mem);
	/* smp_mb__after_atomic(); */
1282
	return test_bit(PG_waiters, mem);
1283 1284 1285 1286
}

#endif

L
Linus Torvalds 已提交
1287
/**
1288
 * unlock_page - unlock a locked page
L
Linus Torvalds 已提交
1289 1290 1291 1292
 * @page: the page
 *
 * Unlocks the page and wakes up sleepers in ___wait_on_page_locked().
 * Also wakes sleepers in wait_on_page_writeback() because the wakeup
1293
 * mechanism between PageLocked pages and PageWriteback pages is shared.
L
Linus Torvalds 已提交
1294 1295
 * But that's OK - sleepers in wait_on_page_writeback() just go back to sleep.
 *
1296 1297 1298 1299 1300
 * Note that this depends on PG_waiters being the sign bit in the byte
 * that contains PG_locked - thus the BUILD_BUG_ON(). That allows us to
 * clear the PG_locked bit and test PG_waiters at the same time fairly
 * portably (architectures that do LL/SC can test any bit, while x86 can
 * test the sign bit).
L
Linus Torvalds 已提交
1301
 */
H
Harvey Harrison 已提交
1302
void unlock_page(struct page *page)
L
Linus Torvalds 已提交
1303
{
1304
	BUILD_BUG_ON(PG_waiters != 7);
1305
	page = compound_head(page);
1306
	VM_BUG_ON_PAGE(!PageLocked(page), page);
1307 1308
	if (clear_bit_unlock_is_negative_byte(PG_locked, &page->flags))
		wake_up_page_bit(page, PG_locked);
L
Linus Torvalds 已提交
1309 1310 1311
}
EXPORT_SYMBOL(unlock_page);

1312 1313 1314
/**
 * end_page_writeback - end writeback against a page
 * @page: the page
L
Linus Torvalds 已提交
1315 1316 1317
 */
void end_page_writeback(struct page *page)
{
1318 1319 1320 1321 1322 1323 1324 1325 1326
	/*
	 * TestClearPageReclaim could be used here but it is an atomic
	 * operation and overkill in this particular case. Failing to
	 * shuffle a page marked for immediate reclaim is too mild to
	 * justify taking an atomic operation penalty at the end of
	 * ever page writeback.
	 */
	if (PageReclaim(page)) {
		ClearPageReclaim(page);
1327
		rotate_reclaimable_page(page);
1328
	}
1329 1330 1331 1332

	if (!test_clear_page_writeback(page))
		BUG();

1333
	smp_mb__after_atomic();
L
Linus Torvalds 已提交
1334 1335 1336 1337
	wake_up_page(page, PG_writeback);
}
EXPORT_SYMBOL(end_page_writeback);

1338 1339 1340 1341
/*
 * After completing I/O on a page, call this routine to update the page
 * flags appropriately
 */
1342
void page_endio(struct page *page, bool is_write, int err)
1343
{
1344
	if (!is_write) {
1345 1346 1347 1348 1349 1350 1351
		if (!err) {
			SetPageUptodate(page);
		} else {
			ClearPageUptodate(page);
			SetPageError(page);
		}
		unlock_page(page);
1352
	} else {
1353
		if (err) {
1354 1355
			struct address_space *mapping;

1356
			SetPageError(page);
1357 1358 1359
			mapping = page_mapping(page);
			if (mapping)
				mapping_set_error(mapping, err);
1360 1361 1362 1363 1364 1365
		}
		end_page_writeback(page);
	}
}
EXPORT_SYMBOL_GPL(page_endio);

1366 1367
/**
 * __lock_page - get a lock on the page, assuming we need to sleep to get it
1368
 * @__page: the page to lock
L
Linus Torvalds 已提交
1369
 */
1370
void __lock_page(struct page *__page)
L
Linus Torvalds 已提交
1371
{
1372 1373
	struct page *page = compound_head(__page);
	wait_queue_head_t *q = page_waitqueue(page);
1374 1375
	wait_on_page_bit_common(q, page, PG_locked, TASK_UNINTERRUPTIBLE,
				EXCLUSIVE);
L
Linus Torvalds 已提交
1376 1377 1378
}
EXPORT_SYMBOL(__lock_page);

1379
int __lock_page_killable(struct page *__page)
M
Matthew Wilcox 已提交
1380
{
1381 1382
	struct page *page = compound_head(__page);
	wait_queue_head_t *q = page_waitqueue(page);
1383 1384
	return wait_on_page_bit_common(q, page, PG_locked, TASK_KILLABLE,
					EXCLUSIVE);
M
Matthew Wilcox 已提交
1385
}
1386
EXPORT_SYMBOL_GPL(__lock_page_killable);
M
Matthew Wilcox 已提交
1387

1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398
/*
 * Return values:
 * 1 - page is locked; mmap_sem is still held.
 * 0 - page is not locked.
 *     mmap_sem has been released (up_read()), unless flags had both
 *     FAULT_FLAG_ALLOW_RETRY and FAULT_FLAG_RETRY_NOWAIT set, in
 *     which case mmap_sem is still held.
 *
 * If neither ALLOW_RETRY nor KILLABLE are set, will always return 1
 * with the page locked and the mmap_sem unperturbed.
 */
1399 1400 1401
int __lock_page_or_retry(struct page *page, struct mm_struct *mm,
			 unsigned int flags)
{
1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413
	if (flags & FAULT_FLAG_ALLOW_RETRY) {
		/*
		 * CAUTION! In this case, mmap_sem is not released
		 * even though return 0.
		 */
		if (flags & FAULT_FLAG_RETRY_NOWAIT)
			return 0;

		up_read(&mm->mmap_sem);
		if (flags & FAULT_FLAG_KILLABLE)
			wait_on_page_locked_killable(page);
		else
1414
			wait_on_page_locked(page);
1415
		return 0;
1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427
	} else {
		if (flags & FAULT_FLAG_KILLABLE) {
			int ret;

			ret = __lock_page_killable(page);
			if (ret) {
				up_read(&mm->mmap_sem);
				return 0;
			}
		} else
			__lock_page(page);
		return 1;
1428 1429 1430
	}
}

1431
/**
1432 1433 1434 1435
 * page_cache_next_miss() - Find the next gap in the page cache.
 * @mapping: Mapping.
 * @index: Index.
 * @max_scan: Maximum range to search.
1436
 *
1437 1438
 * Search the range [index, min(index + max_scan - 1, ULONG_MAX)] for the
 * gap with the lowest index.
1439
 *
1440 1441 1442 1443 1444
 * This function may be called under the rcu_read_lock.  However, this will
 * not atomically search a snapshot of the cache at a single point in time.
 * For example, if a gap is created at index 5, then subsequently a gap is
 * created at index 10, page_cache_next_miss covering both indices may
 * return 10 if called under the rcu_read_lock.
1445
 *
1446 1447 1448
 * Return: The index of the gap if found, otherwise an index outside the
 * range specified (in which case 'return - index >= max_scan' will be true).
 * In the rare case of index wrap-around, 0 will be returned.
1449
 */
1450
pgoff_t page_cache_next_miss(struct address_space *mapping,
1451 1452
			     pgoff_t index, unsigned long max_scan)
{
1453
	XA_STATE(xas, &mapping->i_pages, index);
1454

1455 1456 1457
	while (max_scan--) {
		void *entry = xas_next(&xas);
		if (!entry || xa_is_value(entry))
1458
			break;
1459
		if (xas.xa_index == 0)
1460 1461 1462
			break;
	}

1463
	return xas.xa_index;
1464
}
1465
EXPORT_SYMBOL(page_cache_next_miss);
1466 1467

/**
L
Laurent Dufour 已提交
1468
 * page_cache_prev_miss() - Find the previous gap in the page cache.
1469 1470 1471
 * @mapping: Mapping.
 * @index: Index.
 * @max_scan: Maximum range to search.
1472
 *
1473 1474
 * Search the range [max(index - max_scan + 1, 0), index] for the
 * gap with the highest index.
1475
 *
1476 1477 1478 1479 1480
 * This function may be called under the rcu_read_lock.  However, this will
 * not atomically search a snapshot of the cache at a single point in time.
 * For example, if a gap is created at index 10, then subsequently a gap is
 * created at index 5, page_cache_prev_miss() covering both indices may
 * return 5 if called under the rcu_read_lock.
1481
 *
1482 1483 1484
 * Return: The index of the gap if found, otherwise an index outside the
 * range specified (in which case 'index - return >= max_scan' will be true).
 * In the rare case of wrap-around, ULONG_MAX will be returned.
1485
 */
1486
pgoff_t page_cache_prev_miss(struct address_space *mapping,
1487 1488
			     pgoff_t index, unsigned long max_scan)
{
1489
	XA_STATE(xas, &mapping->i_pages, index);
1490

1491 1492 1493
	while (max_scan--) {
		void *entry = xas_prev(&xas);
		if (!entry || xa_is_value(entry))
1494
			break;
1495
		if (xas.xa_index == ULONG_MAX)
1496 1497 1498
			break;
	}

1499
	return xas.xa_index;
1500
}
1501
EXPORT_SYMBOL(page_cache_prev_miss);
1502

1503
/**
1504
 * find_get_entry - find and get a page cache entry
1505
 * @mapping: the address_space to search
1506 1507 1508 1509
 * @offset: the page cache index
 *
 * Looks up the page cache slot at @mapping & @offset.  If there is a
 * page cache page, it is returned with an increased refcount.
1510
 *
1511 1512
 * If the slot holds a shadow entry of a previously evicted page, or a
 * swap entry from shmem/tmpfs, it is returned.
1513
 *
1514
 * Return: the found page or shadow entry, %NULL if nothing is found.
L
Linus Torvalds 已提交
1515
 */
1516
struct page *find_get_entry(struct address_space *mapping, pgoff_t offset)
L
Linus Torvalds 已提交
1517
{
1518
	XA_STATE(xas, &mapping->i_pages, offset);
1519
	struct page *head, *page;
L
Linus Torvalds 已提交
1520

N
Nick Piggin 已提交
1521 1522
	rcu_read_lock();
repeat:
1523 1524 1525 1526 1527 1528 1529 1530 1531 1532
	xas_reset(&xas);
	page = xas_load(&xas);
	if (xas_retry(&xas, page))
		goto repeat;
	/*
	 * A shadow entry of a recently evicted page, or a swap entry from
	 * shmem/tmpfs.  Return it without attempting to raise page count.
	 */
	if (!page || xa_is_value(page))
		goto out;
1533

1534 1535 1536 1537 1538 1539 1540
	head = compound_head(page);
	if (!page_cache_get_speculative(head))
		goto repeat;

	/* The page was split under us? */
	if (compound_head(page) != head) {
		put_page(head);
1541
		goto repeat;
1542
	}
1543

1544
	/*
1545
	 * Has the page moved?
1546 1547 1548 1549
	 * This is part of the lockless pagecache protocol. See
	 * include/linux/pagemap.h for details.
	 */
	if (unlikely(page != xas_reload(&xas))) {
1550
		put_page(head);
1551
		goto repeat;
N
Nick Piggin 已提交
1552
	}
N
Nick Piggin 已提交
1553
out:
N
Nick Piggin 已提交
1554 1555
	rcu_read_unlock();

L
Linus Torvalds 已提交
1556 1557
	return page;
}
1558
EXPORT_SYMBOL(find_get_entry);
L
Linus Torvalds 已提交
1559

1560 1561 1562 1563 1564 1565 1566 1567 1568
/**
 * find_lock_entry - locate, pin and lock a page cache entry
 * @mapping: the address_space to search
 * @offset: the page cache index
 *
 * Looks up the page cache slot at @mapping & @offset.  If there is a
 * page cache page, it is returned locked and with an increased
 * refcount.
 *
1569 1570
 * If the slot holds a shadow entry of a previously evicted page, or a
 * swap entry from shmem/tmpfs, it is returned.
1571 1572
 *
 * find_lock_entry() may sleep.
1573 1574
 *
 * Return: the found page or shadow entry, %NULL if nothing is found.
1575 1576
 */
struct page *find_lock_entry(struct address_space *mapping, pgoff_t offset)
L
Linus Torvalds 已提交
1577 1578 1579 1580
{
	struct page *page;

repeat:
1581
	page = find_get_entry(mapping, offset);
1582
	if (page && !xa_is_value(page)) {
N
Nick Piggin 已提交
1583 1584
		lock_page(page);
		/* Has the page been truncated? */
1585
		if (unlikely(page_mapping(page) != mapping)) {
N
Nick Piggin 已提交
1586
			unlock_page(page);
1587
			put_page(page);
N
Nick Piggin 已提交
1588
			goto repeat;
L
Linus Torvalds 已提交
1589
		}
1590
		VM_BUG_ON_PAGE(page_to_pgoff(page) != offset, page);
L
Linus Torvalds 已提交
1591 1592 1593
	}
	return page;
}
1594 1595 1596
EXPORT_SYMBOL(find_lock_entry);

/**
1597
 * pagecache_get_page - find and get a page reference
1598 1599
 * @mapping: the address_space to search
 * @offset: the page index
1600
 * @fgp_flags: PCG flags
1601
 * @gfp_mask: gfp mask to use for the page cache data page allocation
1602
 *
1603
 * Looks up the page cache slot at @mapping & @offset.
L
Linus Torvalds 已提交
1604
 *
1605
 * PCG flags modify how the page is returned.
1606
 *
1607 1608 1609 1610 1611 1612 1613
 * @fgp_flags can be:
 *
 * - FGP_ACCESSED: the page will be marked accessed
 * - FGP_LOCK: Page is return locked
 * - FGP_CREAT: If page is not present then a new page is allocated using
 *   @gfp_mask and added to the page cache and the VM's LRU
 *   list. The page is returned locked and with an increased
1614
 *   refcount.
1615 1616 1617
 * - FGP_FOR_MMAP: Similar to FGP_CREAT, only we want to allow the caller to do
 *   its own locking dance if the page is already in cache, or unlock the page
 *   before returning if we had to add the page to pagecache.
L
Linus Torvalds 已提交
1618
 *
1619 1620
 * If FGP_LOCK or FGP_CREAT are specified then the function may sleep even
 * if the GFP flags specified for FGP_CREAT are atomic.
L
Linus Torvalds 已提交
1621
 *
1622
 * If there is a page cache page, it is returned with an increased refcount.
1623 1624
 *
 * Return: the found page or %NULL otherwise.
L
Linus Torvalds 已提交
1625
 */
1626
struct page *pagecache_get_page(struct address_space *mapping, pgoff_t offset,
1627
	int fgp_flags, gfp_t gfp_mask)
L
Linus Torvalds 已提交
1628
{
N
Nick Piggin 已提交
1629
	struct page *page;
1630

L
Linus Torvalds 已提交
1631
repeat:
1632
	page = find_get_entry(mapping, offset);
1633
	if (xa_is_value(page))
1634 1635 1636 1637 1638 1639 1640
		page = NULL;
	if (!page)
		goto no_page;

	if (fgp_flags & FGP_LOCK) {
		if (fgp_flags & FGP_NOWAIT) {
			if (!trylock_page(page)) {
1641
				put_page(page);
1642 1643 1644 1645 1646 1647 1648 1649 1650
				return NULL;
			}
		} else {
			lock_page(page);
		}

		/* Has the page been truncated? */
		if (unlikely(page->mapping != mapping)) {
			unlock_page(page);
1651
			put_page(page);
1652 1653 1654 1655 1656
			goto repeat;
		}
		VM_BUG_ON_PAGE(page->index != offset, page);
	}

1657
	if (fgp_flags & FGP_ACCESSED)
1658 1659 1660 1661 1662 1663
		mark_page_accessed(page);

no_page:
	if (!page && (fgp_flags & FGP_CREAT)) {
		int err;
		if ((fgp_flags & FGP_WRITE) && mapping_cap_account_dirty(mapping))
1664 1665 1666
			gfp_mask |= __GFP_WRITE;
		if (fgp_flags & FGP_NOFS)
			gfp_mask &= ~__GFP_FS;
1667

1668
		page = __page_cache_alloc(gfp_mask);
N
Nick Piggin 已提交
1669 1670
		if (!page)
			return NULL;
1671

1672
		if (WARN_ON_ONCE(!(fgp_flags & (FGP_LOCK | FGP_FOR_MMAP))))
1673 1674
			fgp_flags |= FGP_LOCK;

1675
		/* Init accessed so avoid atomic mark_page_accessed later */
1676
		if (fgp_flags & FGP_ACCESSED)
1677
			__SetPageReferenced(page);
1678

1679
		err = add_to_page_cache_lru(page, mapping, offset, gfp_mask);
N
Nick Piggin 已提交
1680
		if (unlikely(err)) {
1681
			put_page(page);
N
Nick Piggin 已提交
1682 1683 1684
			page = NULL;
			if (err == -EEXIST)
				goto repeat;
L
Linus Torvalds 已提交
1685
		}
1686 1687 1688 1689 1690 1691 1692

		/*
		 * add_to_page_cache_lru locks the page, and for mmap we expect
		 * an unlocked page.
		 */
		if (page && (fgp_flags & FGP_FOR_MMAP))
			unlock_page(page);
L
Linus Torvalds 已提交
1693
	}
1694

L
Linus Torvalds 已提交
1695 1696
	return page;
}
1697
EXPORT_SYMBOL(pagecache_get_page);
L
Linus Torvalds 已提交
1698

1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715
/**
 * find_get_entries - gang pagecache lookup
 * @mapping:	The address_space to search
 * @start:	The starting page cache index
 * @nr_entries:	The maximum number of entries
 * @entries:	Where the resulting entries are placed
 * @indices:	The cache indices corresponding to the entries in @entries
 *
 * find_get_entries() will search for and return a group of up to
 * @nr_entries entries in the mapping.  The entries are placed at
 * @entries.  find_get_entries() takes a reference against any actual
 * pages it returns.
 *
 * The search returns a group of mapping-contiguous page cache entries
 * with ascending indexes.  There may be holes in the indices due to
 * not-present pages.
 *
1716 1717
 * Any shadow entries of evicted pages, or swap entries from
 * shmem/tmpfs, are included in the returned array.
1718
 *
1719
 * Return: the number of pages and shadow entries which were found.
1720 1721 1722 1723 1724
 */
unsigned find_get_entries(struct address_space *mapping,
			  pgoff_t start, unsigned int nr_entries,
			  struct page **entries, pgoff_t *indices)
{
1725 1726
	XA_STATE(xas, &mapping->i_pages, start);
	struct page *page;
1727 1728 1729 1730 1731 1732
	unsigned int ret = 0;

	if (!nr_entries)
		return 0;

	rcu_read_lock();
1733
	xas_for_each(&xas, page, ULONG_MAX) {
1734
		struct page *head;
1735
		if (xas_retry(&xas, page))
1736
			continue;
1737 1738 1739 1740 1741 1742
		/*
		 * A shadow entry of a recently evicted page, a swap
		 * entry from shmem/tmpfs or a DAX entry.  Return it
		 * without attempting to raise page count.
		 */
		if (xa_is_value(page))
1743
			goto export;
1744

1745 1746
		head = compound_head(page);
		if (!page_cache_get_speculative(head))
1747
			goto retry;
1748

1749 1750 1751 1752 1753
		/* The page was split under us? */
		if (compound_head(page) != head)
			goto put_page;

		/* Has the page moved? */
1754 1755 1756
		if (unlikely(page != xas_reload(&xas)))
			goto put_page;

1757
export:
1758
		indices[ret] = xas.xa_index;
1759 1760 1761
		entries[ret] = page;
		if (++ret == nr_entries)
			break;
1762 1763
		continue;
put_page:
1764
		put_page(head);
1765 1766
retry:
		xas_reset(&xas);
1767 1768 1769 1770 1771
	}
	rcu_read_unlock();
	return ret;
}

L
Linus Torvalds 已提交
1772
/**
J
Jan Kara 已提交
1773
 * find_get_pages_range - gang pagecache lookup
L
Linus Torvalds 已提交
1774 1775
 * @mapping:	The address_space to search
 * @start:	The starting page index
J
Jan Kara 已提交
1776
 * @end:	The final page index (inclusive)
L
Linus Torvalds 已提交
1777 1778 1779
 * @nr_pages:	The maximum number of pages
 * @pages:	Where the resulting pages are placed
 *
J
Jan Kara 已提交
1780 1781 1782 1783
 * find_get_pages_range() will search for and return a group of up to @nr_pages
 * pages in the mapping starting at index @start and up to index @end
 * (inclusive).  The pages are placed at @pages.  find_get_pages_range() takes
 * a reference against the returned pages.
L
Linus Torvalds 已提交
1784 1785 1786
 *
 * The search returns a group of mapping-contiguous pages with ascending
 * indexes.  There may be holes in the indices due to not-present pages.
1787
 * We also update @start to index the next page for the traversal.
L
Linus Torvalds 已提交
1788
 *
1789 1790
 * Return: the number of pages which were found. If this number is
 * smaller than @nr_pages, the end of specified range has been
J
Jan Kara 已提交
1791
 * reached.
L
Linus Torvalds 已提交
1792
 */
J
Jan Kara 已提交
1793 1794 1795
unsigned find_get_pages_range(struct address_space *mapping, pgoff_t *start,
			      pgoff_t end, unsigned int nr_pages,
			      struct page **pages)
L
Linus Torvalds 已提交
1796
{
1797 1798
	XA_STATE(xas, &mapping->i_pages, *start);
	struct page *page;
1799 1800 1801 1802
	unsigned ret = 0;

	if (unlikely(!nr_pages))
		return 0;
N
Nick Piggin 已提交
1803 1804

	rcu_read_lock();
1805
	xas_for_each(&xas, page, end) {
1806
		struct page *head;
1807
		if (xas_retry(&xas, page))
N
Nick Piggin 已提交
1808
			continue;
1809 1810
		/* Skip over shadow, swap and DAX entries */
		if (xa_is_value(page))
1811
			continue;
N
Nick Piggin 已提交
1812

1813 1814
		head = compound_head(page);
		if (!page_cache_get_speculative(head))
1815
			goto retry;
1816

1817 1818 1819 1820 1821
		/* The page was split under us? */
		if (compound_head(page) != head)
			goto put_page;

		/* Has the page moved? */
1822 1823
		if (unlikely(page != xas_reload(&xas)))
			goto put_page;
L
Linus Torvalds 已提交
1824

1825
		pages[ret] = page;
J
Jan Kara 已提交
1826
		if (++ret == nr_pages) {
1827
			*start = xas.xa_index + 1;
J
Jan Kara 已提交
1828 1829
			goto out;
		}
1830 1831
		continue;
put_page:
1832
		put_page(head);
1833 1834
retry:
		xas_reset(&xas);
N
Nick Piggin 已提交
1835
	}
1836

J
Jan Kara 已提交
1837 1838 1839
	/*
	 * We come here when there is no page beyond @end. We take care to not
	 * overflow the index @start as it confuses some of the callers. This
1840
	 * breaks the iteration when there is a page at index -1 but that is
J
Jan Kara 已提交
1841 1842 1843 1844 1845 1846 1847
	 * already broken anyway.
	 */
	if (end == (pgoff_t)-1)
		*start = (pgoff_t)-1;
	else
		*start = end + 1;
out:
N
Nick Piggin 已提交
1848
	rcu_read_unlock();
1849

L
Linus Torvalds 已提交
1850 1851 1852
	return ret;
}

1853 1854 1855 1856 1857 1858 1859 1860 1861 1862
/**
 * find_get_pages_contig - gang contiguous pagecache lookup
 * @mapping:	The address_space to search
 * @index:	The starting page index
 * @nr_pages:	The maximum number of pages
 * @pages:	Where the resulting pages are placed
 *
 * find_get_pages_contig() works exactly like find_get_pages(), except
 * that the returned number of pages are guaranteed to be contiguous.
 *
1863
 * Return: the number of pages which were found.
1864 1865 1866 1867
 */
unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index,
			       unsigned int nr_pages, struct page **pages)
{
1868 1869
	XA_STATE(xas, &mapping->i_pages, index);
	struct page *page;
1870 1871 1872 1873
	unsigned int ret = 0;

	if (unlikely(!nr_pages))
		return 0;
N
Nick Piggin 已提交
1874 1875

	rcu_read_lock();
1876
	for (page = xas_load(&xas); page; page = xas_next(&xas)) {
1877
		struct page *head;
1878 1879 1880 1881 1882 1883 1884
		if (xas_retry(&xas, page))
			continue;
		/*
		 * If the entry has been swapped out, we can stop looking.
		 * No current caller is looking for DAX entries.
		 */
		if (xa_is_value(page))
1885
			break;
1886

1887 1888
		head = compound_head(page);
		if (!page_cache_get_speculative(head))
1889
			goto retry;
1890

1891 1892 1893 1894 1895
		/* The page was split under us? */
		if (compound_head(page) != head)
			goto put_page;

		/* Has the page moved? */
1896 1897
		if (unlikely(page != xas_reload(&xas)))
			goto put_page;
N
Nick Piggin 已提交
1898

1899
		pages[ret] = page;
1900 1901
		if (++ret == nr_pages)
			break;
1902 1903
		continue;
put_page:
1904
		put_page(head);
1905 1906
retry:
		xas_reset(&xas);
1907
	}
N
Nick Piggin 已提交
1908 1909
	rcu_read_unlock();
	return ret;
1910
}
1911
EXPORT_SYMBOL(find_get_pages_contig);
1912

1913
/**
1914
 * find_get_pages_range_tag - find and return pages in given range matching @tag
1915 1916
 * @mapping:	the address_space to search
 * @index:	the starting page index
1917
 * @end:	The final page index (inclusive)
1918 1919 1920 1921
 * @tag:	the tag index
 * @nr_pages:	the maximum number of pages
 * @pages:	where the resulting pages are placed
 *
L
Linus Torvalds 已提交
1922
 * Like find_get_pages, except we only return pages which are tagged with
1923
 * @tag.   We update @index to index the next page for the traversal.
1924 1925
 *
 * Return: the number of pages which were found.
L
Linus Torvalds 已提交
1926
 */
1927
unsigned find_get_pages_range_tag(struct address_space *mapping, pgoff_t *index,
1928
			pgoff_t end, xa_mark_t tag, unsigned int nr_pages,
1929
			struct page **pages)
L
Linus Torvalds 已提交
1930
{
1931 1932
	XA_STATE(xas, &mapping->i_pages, *index);
	struct page *page;
1933 1934 1935 1936
	unsigned ret = 0;

	if (unlikely(!nr_pages))
		return 0;
N
Nick Piggin 已提交
1937 1938

	rcu_read_lock();
1939
	xas_for_each_marked(&xas, page, end, tag) {
1940
		struct page *head;
1941
		if (xas_retry(&xas, page))
N
Nick Piggin 已提交
1942
			continue;
1943 1944 1945 1946 1947 1948
		/*
		 * Shadow entries should never be tagged, but this iteration
		 * is lockless so there is a window for page reclaim to evict
		 * a page we saw tagged.  Skip over it.
		 */
		if (xa_is_value(page))
1949
			continue;
N
Nick Piggin 已提交
1950

1951 1952
		head = compound_head(page);
		if (!page_cache_get_speculative(head))
1953
			goto retry;
N
Nick Piggin 已提交
1954

1955 1956 1957 1958 1959
		/* The page was split under us? */
		if (compound_head(page) != head)
			goto put_page;

		/* Has the page moved? */
1960 1961
		if (unlikely(page != xas_reload(&xas)))
			goto put_page;
N
Nick Piggin 已提交
1962

1963
		pages[ret] = page;
1964
		if (++ret == nr_pages) {
1965
			*index = xas.xa_index + 1;
1966 1967
			goto out;
		}
1968 1969
		continue;
put_page:
1970
		put_page(head);
1971 1972
retry:
		xas_reset(&xas);
N
Nick Piggin 已提交
1973
	}
1974

1975
	/*
1976
	 * We come here when we got to @end. We take care to not overflow the
1977
	 * index @index as it confuses some of the callers. This breaks the
1978 1979
	 * iteration when there is a page at index -1 but that is already
	 * broken anyway.
1980 1981 1982 1983 1984 1985
	 */
	if (end == (pgoff_t)-1)
		*index = (pgoff_t)-1;
	else
		*index = end + 1;
out:
N
Nick Piggin 已提交
1986
	rcu_read_unlock();
L
Linus Torvalds 已提交
1987 1988 1989

	return ret;
}
1990
EXPORT_SYMBOL(find_get_pages_range_tag);
L
Linus Torvalds 已提交
1991

1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
/*
 * CD/DVDs are error prone. When a medium error occurs, the driver may fail
 * a _large_ part of the i/o request. Imagine the worst scenario:
 *
 *      ---R__________________________________________B__________
 *         ^ reading here                             ^ bad block(assume 4k)
 *
 * read(R) => miss => readahead(R...B) => media error => frustrating retries
 * => failing the whole request => read(R) => read(R+1) =>
 * readahead(R+1...B+1) => bang => read(R+2) => read(R+3) =>
 * readahead(R+3...B+2) => bang => read(R+3) => read(R+4) =>
 * readahead(R+4...B+3) => bang => read(R+4) => read(R+5) => ......
 *
 * It is going insane. Fix it by quickly scaling down the readahead size.
 */
static void shrink_readahead_size_eio(struct file *filp,
					struct file_ra_state *ra)
{
	ra->ra_pages /= 4;
}

2013
/**
2014 2015
 * generic_file_buffered_read - generic file read routine
 * @iocb:	the iocb to read
2016 2017
 * @iter:	data destination
 * @written:	already copied
2018
 *
L
Linus Torvalds 已提交
2019
 * This is a generic file read routine, and uses the
2020
 * mapping->a_ops->readpage() function for the actual low-level stuff.
L
Linus Torvalds 已提交
2021 2022 2023
 *
 * This is really ugly. But the goto's actually try to clarify some
 * of the logic when it comes to error handling etc.
2024 2025 2026 2027
 *
 * Return:
 * * total number of bytes copied, including those the were already @written
 * * negative error code if nothing was copied
L
Linus Torvalds 已提交
2028
 */
2029
static ssize_t generic_file_buffered_read(struct kiocb *iocb,
2030
		struct iov_iter *iter, ssize_t written)
L
Linus Torvalds 已提交
2031
{
2032
	struct file *filp = iocb->ki_filp;
C
Christoph Hellwig 已提交
2033
	struct address_space *mapping = filp->f_mapping;
L
Linus Torvalds 已提交
2034
	struct inode *inode = mapping->host;
C
Christoph Hellwig 已提交
2035
	struct file_ra_state *ra = &filp->f_ra;
2036
	loff_t *ppos = &iocb->ki_pos;
2037 2038 2039 2040
	pgoff_t index;
	pgoff_t last_index;
	pgoff_t prev_index;
	unsigned long offset;      /* offset into pagecache page */
2041
	unsigned int prev_offset;
2042
	int error = 0;
L
Linus Torvalds 已提交
2043

2044
	if (unlikely(*ppos >= inode->i_sb->s_maxbytes))
2045
		return 0;
2046 2047
	iov_iter_truncate(iter, inode->i_sb->s_maxbytes);

2048 2049 2050 2051 2052
	index = *ppos >> PAGE_SHIFT;
	prev_index = ra->prev_pos >> PAGE_SHIFT;
	prev_offset = ra->prev_pos & (PAGE_SIZE-1);
	last_index = (*ppos + iter->count + PAGE_SIZE-1) >> PAGE_SHIFT;
	offset = *ppos & ~PAGE_MASK;
L
Linus Torvalds 已提交
2053 2054 2055

	for (;;) {
		struct page *page;
2056
		pgoff_t end_index;
N
NeilBrown 已提交
2057
		loff_t isize;
L
Linus Torvalds 已提交
2058 2059 2060 2061
		unsigned long nr, ret;

		cond_resched();
find_page:
2062 2063 2064 2065 2066
		if (fatal_signal_pending(current)) {
			error = -EINTR;
			goto out;
		}

L
Linus Torvalds 已提交
2067
		page = find_get_page(mapping, index);
2068
		if (!page) {
2069 2070
			if (iocb->ki_flags & IOCB_NOWAIT)
				goto would_block;
2071
			page_cache_sync_readahead(mapping,
2072
					ra, filp,
2073 2074 2075 2076 2077 2078
					index, last_index - index);
			page = find_get_page(mapping, index);
			if (unlikely(page == NULL))
				goto no_cached_page;
		}
		if (PageReadahead(page)) {
2079
			page_cache_async_readahead(mapping,
2080
					ra, filp, page,
2081
					index, last_index - index);
L
Linus Torvalds 已提交
2082
		}
2083
		if (!PageUptodate(page)) {
2084 2085 2086 2087 2088
			if (iocb->ki_flags & IOCB_NOWAIT) {
				put_page(page);
				goto would_block;
			}

2089 2090 2091 2092 2093
			/*
			 * See comment in do_read_cache_page on why
			 * wait_on_page_locked is used to avoid unnecessarily
			 * serialisations and why it's safe.
			 */
2094 2095 2096
			error = wait_on_page_locked_killable(page);
			if (unlikely(error))
				goto readpage_error;
2097 2098 2099
			if (PageUptodate(page))
				goto page_ok;

2100
			if (inode->i_blkbits == PAGE_SHIFT ||
2101 2102
					!mapping->a_ops->is_partially_uptodate)
				goto page_not_up_to_date;
2103
			/* pipes can't handle partially uptodate pages */
D
David Howells 已提交
2104
			if (unlikely(iov_iter_is_pipe(iter)))
2105
				goto page_not_up_to_date;
N
Nick Piggin 已提交
2106
			if (!trylock_page(page))
2107
				goto page_not_up_to_date;
2108 2109 2110
			/* Did it get truncated before we got the lock? */
			if (!page->mapping)
				goto page_not_up_to_date_locked;
2111
			if (!mapping->a_ops->is_partially_uptodate(page,
2112
							offset, iter->count))
2113 2114 2115
				goto page_not_up_to_date_locked;
			unlock_page(page);
		}
L
Linus Torvalds 已提交
2116
page_ok:
N
NeilBrown 已提交
2117 2118 2119 2120 2121 2122 2123 2124 2125 2126
		/*
		 * i_size must be checked after we know the page is Uptodate.
		 *
		 * Checking i_size after the check allows us to calculate
		 * the correct value for "nr", which means the zero-filled
		 * part of the page is not copied back to userspace (unless
		 * another truncate extends the file - this is desired though).
		 */

		isize = i_size_read(inode);
2127
		end_index = (isize - 1) >> PAGE_SHIFT;
N
NeilBrown 已提交
2128
		if (unlikely(!isize || index > end_index)) {
2129
			put_page(page);
N
NeilBrown 已提交
2130 2131 2132 2133
			goto out;
		}

		/* nr is the maximum number of bytes to copy from this page */
2134
		nr = PAGE_SIZE;
N
NeilBrown 已提交
2135
		if (index == end_index) {
2136
			nr = ((isize - 1) & ~PAGE_MASK) + 1;
N
NeilBrown 已提交
2137
			if (nr <= offset) {
2138
				put_page(page);
N
NeilBrown 已提交
2139 2140 2141 2142
				goto out;
			}
		}
		nr = nr - offset;
L
Linus Torvalds 已提交
2143 2144 2145 2146 2147 2148 2149 2150 2151

		/* If users can be writing to this page using arbitrary
		 * virtual addresses, take care about potential aliasing
		 * before reading the page on the kernel side.
		 */
		if (mapping_writably_mapped(mapping))
			flush_dcache_page(page);

		/*
2152 2153
		 * When a sequential read accesses a page several times,
		 * only mark it as accessed the first time.
L
Linus Torvalds 已提交
2154
		 */
2155
		if (prev_index != index || offset != prev_offset)
L
Linus Torvalds 已提交
2156 2157 2158 2159 2160 2161 2162
			mark_page_accessed(page);
		prev_index = index;

		/*
		 * Ok, we have the page, and it's up-to-date, so
		 * now we can copy it to user space...
		 */
2163 2164

		ret = copy_page_to_iter(page, offset, nr, iter);
L
Linus Torvalds 已提交
2165
		offset += ret;
2166 2167
		index += offset >> PAGE_SHIFT;
		offset &= ~PAGE_MASK;
J
Jan Kara 已提交
2168
		prev_offset = offset;
L
Linus Torvalds 已提交
2169

2170
		put_page(page);
2171 2172 2173 2174 2175 2176 2177 2178
		written += ret;
		if (!iov_iter_count(iter))
			goto out;
		if (ret < nr) {
			error = -EFAULT;
			goto out;
		}
		continue;
L
Linus Torvalds 已提交
2179 2180 2181

page_not_up_to_date:
		/* Get exclusive access to the page ... */
2182 2183 2184
		error = lock_page_killable(page);
		if (unlikely(error))
			goto readpage_error;
L
Linus Torvalds 已提交
2185

2186
page_not_up_to_date_locked:
N
Nick Piggin 已提交
2187
		/* Did it get truncated before we got the lock? */
L
Linus Torvalds 已提交
2188 2189
		if (!page->mapping) {
			unlock_page(page);
2190
			put_page(page);
L
Linus Torvalds 已提交
2191 2192 2193 2194 2195 2196 2197 2198 2199 2200
			continue;
		}

		/* Did somebody else fill it already? */
		if (PageUptodate(page)) {
			unlock_page(page);
			goto page_ok;
		}

readpage:
2201 2202 2203 2204 2205 2206
		/*
		 * A previous I/O error may have been due to temporary
		 * failures, eg. multipath errors.
		 * PG_error will be set again if readpage fails.
		 */
		ClearPageError(page);
L
Linus Torvalds 已提交
2207 2208 2209
		/* Start the actual read. The read will unlock the page. */
		error = mapping->a_ops->readpage(filp, page);

2210 2211
		if (unlikely(error)) {
			if (error == AOP_TRUNCATED_PAGE) {
2212
				put_page(page);
2213
				error = 0;
2214 2215
				goto find_page;
			}
L
Linus Torvalds 已提交
2216
			goto readpage_error;
2217
		}
L
Linus Torvalds 已提交
2218 2219

		if (!PageUptodate(page)) {
2220 2221 2222
			error = lock_page_killable(page);
			if (unlikely(error))
				goto readpage_error;
L
Linus Torvalds 已提交
2223 2224 2225
			if (!PageUptodate(page)) {
				if (page->mapping == NULL) {
					/*
2226
					 * invalidate_mapping_pages got it
L
Linus Torvalds 已提交
2227 2228
					 */
					unlock_page(page);
2229
					put_page(page);
L
Linus Torvalds 已提交
2230 2231 2232
					goto find_page;
				}
				unlock_page(page);
2233
				shrink_readahead_size_eio(filp, ra);
2234 2235
				error = -EIO;
				goto readpage_error;
L
Linus Torvalds 已提交
2236 2237 2238 2239 2240 2241 2242 2243
			}
			unlock_page(page);
		}

		goto page_ok;

readpage_error:
		/* UHHUH! A synchronous read error occurred. Report it */
2244
		put_page(page);
L
Linus Torvalds 已提交
2245 2246 2247 2248 2249 2250 2251
		goto out;

no_cached_page:
		/*
		 * Ok, it wasn't cached, so we need to create a new
		 * page..
		 */
M
Mel Gorman 已提交
2252
		page = page_cache_alloc(mapping);
N
Nick Piggin 已提交
2253
		if (!page) {
2254
			error = -ENOMEM;
N
Nick Piggin 已提交
2255
			goto out;
L
Linus Torvalds 已提交
2256
		}
2257
		error = add_to_page_cache_lru(page, mapping, index,
2258
				mapping_gfp_constraint(mapping, GFP_KERNEL));
L
Linus Torvalds 已提交
2259
		if (error) {
2260
			put_page(page);
2261 2262
			if (error == -EEXIST) {
				error = 0;
L
Linus Torvalds 已提交
2263
				goto find_page;
2264
			}
L
Linus Torvalds 已提交
2265 2266 2267 2268 2269
			goto out;
		}
		goto readpage;
	}

2270 2271
would_block:
	error = -EAGAIN;
L
Linus Torvalds 已提交
2272
out:
2273
	ra->prev_pos = prev_index;
2274
	ra->prev_pos <<= PAGE_SHIFT;
2275
	ra->prev_pos |= prev_offset;
L
Linus Torvalds 已提交
2276

2277
	*ppos = ((loff_t)index << PAGE_SHIFT) + offset;
2278
	file_accessed(filp);
2279
	return written ? written : error;
L
Linus Torvalds 已提交
2280 2281
}

2282
/**
A
Al Viro 已提交
2283
 * generic_file_read_iter - generic filesystem read routine
2284
 * @iocb:	kernel I/O control block
A
Al Viro 已提交
2285
 * @iter:	destination for the data read
2286
 *
A
Al Viro 已提交
2287
 * This is the "read_iter()" routine for all filesystems
L
Linus Torvalds 已提交
2288
 * that can use the page cache directly.
2289 2290 2291
 * Return:
 * * number of bytes copied, even for partial reads
 * * negative error code if nothing was read
L
Linus Torvalds 已提交
2292 2293
 */
ssize_t
A
Al Viro 已提交
2294
generic_file_read_iter(struct kiocb *iocb, struct iov_iter *iter)
L
Linus Torvalds 已提交
2295
{
2296
	size_t count = iov_iter_count(iter);
2297
	ssize_t retval = 0;
2298 2299 2300

	if (!count)
		goto out; /* skip atime */
L
Linus Torvalds 已提交
2301

2302
	if (iocb->ki_flags & IOCB_DIRECT) {
2303
		struct file *file = iocb->ki_filp;
A
Al Viro 已提交
2304 2305
		struct address_space *mapping = file->f_mapping;
		struct inode *inode = mapping->host;
2306
		loff_t size;
L
Linus Torvalds 已提交
2307 2308

		size = i_size_read(inode);
2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319
		if (iocb->ki_flags & IOCB_NOWAIT) {
			if (filemap_range_has_page(mapping, iocb->ki_pos,
						   iocb->ki_pos + count - 1))
				return -EAGAIN;
		} else {
			retval = filemap_write_and_wait_range(mapping,
						iocb->ki_pos,
					        iocb->ki_pos + count - 1);
			if (retval < 0)
				goto out;
		}
A
Al Viro 已提交
2320

2321 2322
		file_accessed(file);

2323
		retval = mapping->a_ops->direct_IO(iocb, iter);
A
Al Viro 已提交
2324
		if (retval >= 0) {
2325
			iocb->ki_pos += retval;
2326
			count -= retval;
2327
		}
A
Al Viro 已提交
2328
		iov_iter_revert(iter, count - iov_iter_count(iter));
2329

2330 2331 2332 2333 2334 2335
		/*
		 * Btrfs can have a short DIO read if we encounter
		 * compressed extents, so if there was an error, or if
		 * we've already read everything we wanted to, or if
		 * there was a short read because we hit EOF, go ahead
		 * and return.  Otherwise fallthrough to buffered io for
2336 2337
		 * the rest of the read.  Buffered reads will not work for
		 * DAX files, so don't bother trying.
2338
		 */
2339
		if (retval < 0 || !count || iocb->ki_pos >= size ||
2340
		    IS_DAX(inode))
2341
			goto out;
L
Linus Torvalds 已提交
2342 2343
	}

2344
	retval = generic_file_buffered_read(iocb, iter, retval);
L
Linus Torvalds 已提交
2345 2346 2347
out:
	return retval;
}
A
Al Viro 已提交
2348
EXPORT_SYMBOL(generic_file_read_iter);
L
Linus Torvalds 已提交
2349 2350 2351

#ifdef CONFIG_MMU
#define MMAP_LOTSAMISS  (100)
2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389
static struct file *maybe_unlock_mmap_for_io(struct vm_fault *vmf,
					     struct file *fpin)
{
	int flags = vmf->flags;

	if (fpin)
		return fpin;

	/*
	 * FAULT_FLAG_RETRY_NOWAIT means we don't want to wait on page locks or
	 * anything, so we only pin the file and drop the mmap_sem if only
	 * FAULT_FLAG_ALLOW_RETRY is set.
	 */
	if ((flags & (FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_RETRY_NOWAIT)) ==
	    FAULT_FLAG_ALLOW_RETRY) {
		fpin = get_file(vmf->vma->vm_file);
		up_read(&vmf->vma->vm_mm->mmap_sem);
	}
	return fpin;
}

/*
 * lock_page_maybe_drop_mmap - lock the page, possibly dropping the mmap_sem
 * @vmf - the vm_fault for this fault.
 * @page - the page to lock.
 * @fpin - the pointer to the file we may pin (or is already pinned).
 *
 * This works similar to lock_page_or_retry in that it can drop the mmap_sem.
 * It differs in that it actually returns the page locked if it returns 1 and 0
 * if it couldn't lock the page.  If we did have to drop the mmap_sem then fpin
 * will point to the pinned file and needs to be fput()'ed at a later point.
 */
static int lock_page_maybe_drop_mmap(struct vm_fault *vmf, struct page *page,
				     struct file **fpin)
{
	if (trylock_page(page))
		return 1;

2390 2391 2392 2393 2394
	/*
	 * NOTE! This will make us return with VM_FAULT_RETRY, but with
	 * the mmap_sem still held. That's how FAULT_FLAG_RETRY_NOWAIT
	 * is supposed to work. We have way too many special cases..
	 */
2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415
	if (vmf->flags & FAULT_FLAG_RETRY_NOWAIT)
		return 0;

	*fpin = maybe_unlock_mmap_for_io(vmf, *fpin);
	if (vmf->flags & FAULT_FLAG_KILLABLE) {
		if (__lock_page_killable(page)) {
			/*
			 * We didn't have the right flags to drop the mmap_sem,
			 * but all fault_handlers only check for fatal signals
			 * if we return VM_FAULT_RETRY, so we need to drop the
			 * mmap_sem here and return 0 if we don't have a fpin.
			 */
			if (*fpin == NULL)
				up_read(&vmf->vma->vm_mm->mmap_sem);
			return 0;
		}
	} else
		__lock_page(page);
	return 1;
}

L
Linus Torvalds 已提交
2416

2417
/*
2418 2419 2420 2421 2422
 * Synchronous readahead happens when we don't even find a page in the page
 * cache at all.  We don't want to perform IO under the mmap sem, so if we have
 * to drop the mmap sem we return the file that was pinned in order for us to do
 * that.  If we didn't pin a file then we return NULL.  The file that is
 * returned needs to be fput()'ed when we're done with it.
2423
 */
2424
static struct file *do_sync_mmap_readahead(struct vm_fault *vmf)
2425
{
2426 2427
	struct file *file = vmf->vma->vm_file;
	struct file_ra_state *ra = &file->f_ra;
2428
	struct address_space *mapping = file->f_mapping;
2429
	struct file *fpin = NULL;
2430
	pgoff_t offset = vmf->pgoff;
2431 2432

	/* If we don't want any read-ahead, don't bother */
2433
	if (vmf->vma->vm_flags & VM_RAND_READ)
2434
		return fpin;
2435
	if (!ra->ra_pages)
2436
		return fpin;
2437

2438
	if (vmf->vma->vm_flags & VM_SEQ_READ) {
2439
		fpin = maybe_unlock_mmap_for_io(vmf, fpin);
2440 2441
		page_cache_sync_readahead(mapping, ra, file, offset,
					  ra->ra_pages);
2442
		return fpin;
2443 2444
	}

2445 2446
	/* Avoid banging the cache line if not needed */
	if (ra->mmap_miss < MMAP_LOTSAMISS * 10)
2447 2448 2449 2450 2451 2452 2453
		ra->mmap_miss++;

	/*
	 * Do we miss much more than hit in this file? If so,
	 * stop bothering with read-ahead. It will only hurt.
	 */
	if (ra->mmap_miss > MMAP_LOTSAMISS)
2454
		return fpin;
2455

2456 2457 2458
	/*
	 * mmap read-around
	 */
2459
	fpin = maybe_unlock_mmap_for_io(vmf, fpin);
2460 2461 2462
	ra->start = max_t(long, 0, offset - ra->ra_pages / 2);
	ra->size = ra->ra_pages;
	ra->async_size = ra->ra_pages / 4;
2463
	ra_submit(ra, mapping, file);
2464
	return fpin;
2465 2466 2467 2468
}

/*
 * Asynchronous readahead happens when we find the page and PG_readahead,
2469 2470
 * so we want to possibly extend the readahead further.  We return the file that
 * was pinned if we have to drop the mmap_sem in order to do IO.
2471
 */
2472 2473
static struct file *do_async_mmap_readahead(struct vm_fault *vmf,
					    struct page *page)
2474
{
2475 2476
	struct file *file = vmf->vma->vm_file;
	struct file_ra_state *ra = &file->f_ra;
2477
	struct address_space *mapping = file->f_mapping;
2478
	struct file *fpin = NULL;
2479
	pgoff_t offset = vmf->pgoff;
2480 2481

	/* If we don't want any read-ahead, don't bother */
2482
	if (vmf->vma->vm_flags & VM_RAND_READ)
2483
		return fpin;
2484 2485
	if (ra->mmap_miss > 0)
		ra->mmap_miss--;
2486 2487
	if (PageReadahead(page)) {
		fpin = maybe_unlock_mmap_for_io(vmf, fpin);
2488 2489
		page_cache_async_readahead(mapping, ra, file,
					   page, offset, ra->ra_pages);
2490 2491
	}
	return fpin;
2492 2493
}

2494
/**
2495
 * filemap_fault - read in file data for page fault handling
N
Nick Piggin 已提交
2496
 * @vmf:	struct vm_fault containing details of the fault
2497
 *
2498
 * filemap_fault() is invoked via the vma operations vector for a
L
Linus Torvalds 已提交
2499 2500 2501 2502 2503
 * mapped memory region to read in file data during a page fault.
 *
 * The goto's are kind of ugly, but this streamlines the normal case of having
 * it in the page cache, and handles the special cases reasonably without
 * having a lot of duplicated code.
2504 2505 2506
 *
 * vma->vm_mm->mmap_sem must be held on entry.
 *
2507 2508
 * If our return value has VM_FAULT_RETRY set, it's because the mmap_sem
 * may be dropped before doing I/O or by lock_page_maybe_drop_mmap().
2509 2510 2511 2512 2513
 *
 * If our return value does not have VM_FAULT_RETRY set, the mmap_sem
 * has not been released.
 *
 * We never return with VM_FAULT_RETRY and a bit from VM_FAULT_ERROR set.
2514 2515
 *
 * Return: bitwise-OR of %VM_FAULT_ codes.
L
Linus Torvalds 已提交
2516
 */
2517
vm_fault_t filemap_fault(struct vm_fault *vmf)
L
Linus Torvalds 已提交
2518 2519
{
	int error;
2520
	struct file *file = vmf->vma->vm_file;
2521
	struct file *fpin = NULL;
L
Linus Torvalds 已提交
2522 2523 2524
	struct address_space *mapping = file->f_mapping;
	struct file_ra_state *ra = &file->f_ra;
	struct inode *inode = mapping->host;
2525
	pgoff_t offset = vmf->pgoff;
2526
	pgoff_t max_off;
L
Linus Torvalds 已提交
2527
	struct page *page;
2528
	vm_fault_t ret = 0;
L
Linus Torvalds 已提交
2529

2530 2531
	max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE);
	if (unlikely(offset >= max_off))
2532
		return VM_FAULT_SIGBUS;
L
Linus Torvalds 已提交
2533 2534

	/*
2535
	 * Do we have something in the page cache already?
L
Linus Torvalds 已提交
2536
	 */
2537
	page = find_get_page(mapping, offset);
2538
	if (likely(page) && !(vmf->flags & FAULT_FLAG_TRIED)) {
L
Linus Torvalds 已提交
2539
		/*
2540 2541
		 * We found the page, so try async readahead before
		 * waiting for the lock.
L
Linus Torvalds 已提交
2542
		 */
2543
		fpin = do_async_mmap_readahead(vmf, page);
2544
	} else if (!page) {
2545 2546
		/* No page in the page cache at all */
		count_vm_event(PGMAJFAULT);
2547
		count_memcg_event_mm(vmf->vma->vm_mm, PGMAJFAULT);
2548
		ret = VM_FAULT_MAJOR;
2549
		fpin = do_sync_mmap_readahead(vmf);
2550
retry_find:
2551 2552 2553
		page = pagecache_get_page(mapping, offset,
					  FGP_CREAT|FGP_FOR_MMAP,
					  vmf->gfp_mask);
2554 2555 2556
		if (!page) {
			if (fpin)
				goto out_retry;
2557
			return vmf_error(-ENOMEM);
2558
		}
L
Linus Torvalds 已提交
2559 2560
	}

2561 2562
	if (!lock_page_maybe_drop_mmap(vmf, page, &fpin))
		goto out_retry;
2563 2564 2565 2566 2567 2568 2569

	/* Did it get truncated? */
	if (unlikely(page->mapping != mapping)) {
		unlock_page(page);
		put_page(page);
		goto retry_find;
	}
2570
	VM_BUG_ON_PAGE(page->index != offset, page);
2571

L
Linus Torvalds 已提交
2572
	/*
2573 2574
	 * We have a locked page in the page cache, now we need to check
	 * that it's up-to-date. If not, it is going to be due to an error.
L
Linus Torvalds 已提交
2575
	 */
2576
	if (unlikely(!PageUptodate(page)))
L
Linus Torvalds 已提交
2577 2578
		goto page_not_uptodate;

2579 2580 2581 2582 2583 2584 2585 2586 2587 2588
	/*
	 * We've made it this far and we had to drop our mmap_sem, now is the
	 * time to return to the upper layer and have it re-find the vma and
	 * redo the fault.
	 */
	if (fpin) {
		unlock_page(page);
		goto out_retry;
	}

2589 2590 2591 2592
	/*
	 * Found the page and have a reference on it.
	 * We must recheck i_size under page lock.
	 */
2593 2594
	max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE);
	if (unlikely(offset >= max_off)) {
2595
		unlock_page(page);
2596
		put_page(page);
2597
		return VM_FAULT_SIGBUS;
2598 2599
	}

N
Nick Piggin 已提交
2600
	vmf->page = page;
N
Nick Piggin 已提交
2601
	return ret | VM_FAULT_LOCKED;
L
Linus Torvalds 已提交
2602 2603 2604 2605 2606 2607 2608 2609 2610

page_not_uptodate:
	/*
	 * Umm, take care of errors if the page isn't up-to-date.
	 * Try to re-read it _once_. We do this synchronously,
	 * because there really aren't any performance issues here
	 * and we need to check for errors.
	 */
	ClearPageError(page);
2611
	fpin = maybe_unlock_mmap_for_io(vmf, fpin);
2612
	error = mapping->a_ops->readpage(file, page);
2613 2614 2615 2616 2617
	if (!error) {
		wait_on_page_locked(page);
		if (!PageUptodate(page))
			error = -EIO;
	}
2618 2619
	if (fpin)
		goto out_retry;
2620
	put_page(page);
2621 2622

	if (!error || error == AOP_TRUNCATED_PAGE)
2623
		goto retry_find;
L
Linus Torvalds 已提交
2624

2625
	/* Things didn't work out. Return zero to tell the mm layer so. */
2626
	shrink_readahead_size_eio(file, ra);
N
Nick Piggin 已提交
2627
	return VM_FAULT_SIGBUS;
2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639

out_retry:
	/*
	 * We dropped the mmap_sem, we need to return to the fault handler to
	 * re-find the vma and come back and find our hopefully still populated
	 * page.
	 */
	if (page)
		put_page(page);
	if (fpin)
		fput(fpin);
	return ret | VM_FAULT_RETRY;
2640 2641 2642
}
EXPORT_SYMBOL(filemap_fault);

J
Jan Kara 已提交
2643
void filemap_map_pages(struct vm_fault *vmf,
K
Kirill A. Shutemov 已提交
2644
		pgoff_t start_pgoff, pgoff_t end_pgoff)
2645
{
J
Jan Kara 已提交
2646
	struct file *file = vmf->vma->vm_file;
2647
	struct address_space *mapping = file->f_mapping;
K
Kirill A. Shutemov 已提交
2648
	pgoff_t last_pgoff = start_pgoff;
2649
	unsigned long max_idx;
2650
	XA_STATE(xas, &mapping->i_pages, start_pgoff);
2651
	struct page *head, *page;
2652 2653

	rcu_read_lock();
2654 2655 2656 2657
	xas_for_each(&xas, page, end_pgoff) {
		if (xas_retry(&xas, page))
			continue;
		if (xa_is_value(page))
M
Matthew Wilcox 已提交
2658
			goto next;
2659

2660 2661
		head = compound_head(page);

2662 2663 2664 2665
		/*
		 * Check for a locked page first, as a speculative
		 * reference may adversely influence page migration.
		 */
2666
		if (PageLocked(head))
2667
			goto next;
2668
		if (!page_cache_get_speculative(head))
2669
			goto next;
2670

2671 2672 2673 2674 2675
		/* The page was split under us? */
		if (compound_head(page) != head)
			goto skip;

		/* Has the page moved? */
2676 2677
		if (unlikely(page != xas_reload(&xas)))
			goto skip;
2678 2679 2680 2681 2682 2683 2684 2685 2686 2687 2688

		if (!PageUptodate(page) ||
				PageReadahead(page) ||
				PageHWPoison(page))
			goto skip;
		if (!trylock_page(page))
			goto skip;

		if (page->mapping != mapping || !PageUptodate(page))
			goto unlock;

2689 2690
		max_idx = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE);
		if (page->index >= max_idx)
2691 2692 2693 2694
			goto unlock;

		if (file->f_ra.mmap_miss > 0)
			file->f_ra.mmap_miss--;
2695

2696
		vmf->address += (xas.xa_index - last_pgoff) << PAGE_SHIFT;
J
Jan Kara 已提交
2697
		if (vmf->pte)
2698 2699
			vmf->pte += xas.xa_index - last_pgoff;
		last_pgoff = xas.xa_index;
J
Jan Kara 已提交
2700
		if (alloc_set_pte(vmf, NULL, page))
2701
			goto unlock;
2702 2703 2704 2705 2706
		unlock_page(page);
		goto next;
unlock:
		unlock_page(page);
skip:
2707
		put_page(page);
2708
next:
2709
		/* Huge page is mapped? No need to proceed. */
J
Jan Kara 已提交
2710
		if (pmd_trans_huge(*vmf->pmd))
2711
			break;
2712 2713 2714 2715 2716
	}
	rcu_read_unlock();
}
EXPORT_SYMBOL(filemap_map_pages);

2717
vm_fault_t filemap_page_mkwrite(struct vm_fault *vmf)
2718 2719
{
	struct page *page = vmf->page;
2720
	struct inode *inode = file_inode(vmf->vma->vm_file);
2721
	vm_fault_t ret = VM_FAULT_LOCKED;
2722

2723
	sb_start_pagefault(inode->i_sb);
2724
	file_update_time(vmf->vma->vm_file);
2725 2726 2727 2728 2729 2730
	lock_page(page);
	if (page->mapping != inode->i_mapping) {
		unlock_page(page);
		ret = VM_FAULT_NOPAGE;
		goto out;
	}
2731 2732 2733 2734 2735 2736
	/*
	 * We mark the page dirty already here so that when freeze is in
	 * progress, we are guaranteed that writeback during freezing will
	 * see the dirty page and writeprotect it again.
	 */
	set_page_dirty(page);
2737
	wait_for_stable_page(page);
2738
out:
2739
	sb_end_pagefault(inode->i_sb);
2740 2741 2742
	return ret;
}

2743
const struct vm_operations_struct generic_file_vm_ops = {
2744
	.fault		= filemap_fault,
2745
	.map_pages	= filemap_map_pages,
2746
	.page_mkwrite	= filemap_page_mkwrite,
L
Linus Torvalds 已提交
2747 2748 2749 2750 2751 2752 2753 2754 2755 2756 2757 2758 2759 2760 2761 2762 2763 2764 2765 2766 2767 2768 2769 2770 2771
};

/* This is used for a general mmap of a disk file */

int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
{
	struct address_space *mapping = file->f_mapping;

	if (!mapping->a_ops->readpage)
		return -ENOEXEC;
	file_accessed(file);
	vma->vm_ops = &generic_file_vm_ops;
	return 0;
}

/*
 * This is for filesystems which do not implement ->writepage.
 */
int generic_file_readonly_mmap(struct file *file, struct vm_area_struct *vma)
{
	if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_MAYWRITE))
		return -EINVAL;
	return generic_file_mmap(file, vma);
}
#else
S
Souptick Joarder 已提交
2772
vm_fault_t filemap_page_mkwrite(struct vm_fault *vmf)
2773
{
S
Souptick Joarder 已提交
2774
	return VM_FAULT_SIGBUS;
2775
}
L
Linus Torvalds 已提交
2776 2777 2778 2779 2780 2781 2782 2783 2784 2785
int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
{
	return -ENOSYS;
}
int generic_file_readonly_mmap(struct file * file, struct vm_area_struct * vma)
{
	return -ENOSYS;
}
#endif /* CONFIG_MMU */

2786
EXPORT_SYMBOL(filemap_page_mkwrite);
L
Linus Torvalds 已提交
2787 2788 2789
EXPORT_SYMBOL(generic_file_mmap);
EXPORT_SYMBOL(generic_file_readonly_mmap);

S
Sasha Levin 已提交
2790 2791 2792 2793 2794
static struct page *wait_on_page_read(struct page *page)
{
	if (!IS_ERR(page)) {
		wait_on_page_locked(page);
		if (!PageUptodate(page)) {
2795
			put_page(page);
S
Sasha Levin 已提交
2796 2797 2798 2799 2800 2801
			page = ERR_PTR(-EIO);
		}
	}
	return page;
}

2802
static struct page *do_read_cache_page(struct address_space *mapping,
2803
				pgoff_t index,
2804
				int (*filler)(void *, struct page *),
2805 2806
				void *data,
				gfp_t gfp)
L
Linus Torvalds 已提交
2807
{
N
Nick Piggin 已提交
2808
	struct page *page;
L
Linus Torvalds 已提交
2809 2810 2811 2812
	int err;
repeat:
	page = find_get_page(mapping, index);
	if (!page) {
M
Mel Gorman 已提交
2813
		page = __page_cache_alloc(gfp);
N
Nick Piggin 已提交
2814 2815
		if (!page)
			return ERR_PTR(-ENOMEM);
2816
		err = add_to_page_cache_lru(page, mapping, index, gfp);
N
Nick Piggin 已提交
2817
		if (unlikely(err)) {
2818
			put_page(page);
N
Nick Piggin 已提交
2819 2820
			if (err == -EEXIST)
				goto repeat;
2821
			/* Presumably ENOMEM for xarray node */
L
Linus Torvalds 已提交
2822 2823
			return ERR_PTR(err);
		}
2824 2825

filler:
2826 2827 2828 2829 2830
		if (filler)
			err = filler(data, page);
		else
			err = mapping->a_ops->readpage(data, page);

L
Linus Torvalds 已提交
2831
		if (err < 0) {
2832
			put_page(page);
2833
			return ERR_PTR(err);
L
Linus Torvalds 已提交
2834 2835
		}

2836 2837 2838 2839 2840
		page = wait_on_page_read(page);
		if (IS_ERR(page))
			return page;
		goto out;
	}
L
Linus Torvalds 已提交
2841 2842 2843
	if (PageUptodate(page))
		goto out;

2844 2845 2846 2847 2848 2849 2850 2851 2852 2853 2854 2855 2856 2857 2858 2859 2860 2861 2862 2863 2864 2865 2866 2867 2868 2869 2870 2871 2872 2873 2874 2875 2876 2877 2878 2879
	/*
	 * Page is not up to date and may be locked due one of the following
	 * case a: Page is being filled and the page lock is held
	 * case b: Read/write error clearing the page uptodate status
	 * case c: Truncation in progress (page locked)
	 * case d: Reclaim in progress
	 *
	 * Case a, the page will be up to date when the page is unlocked.
	 *    There is no need to serialise on the page lock here as the page
	 *    is pinned so the lock gives no additional protection. Even if the
	 *    the page is truncated, the data is still valid if PageUptodate as
	 *    it's a race vs truncate race.
	 * Case b, the page will not be up to date
	 * Case c, the page may be truncated but in itself, the data may still
	 *    be valid after IO completes as it's a read vs truncate race. The
	 *    operation must restart if the page is not uptodate on unlock but
	 *    otherwise serialising on page lock to stabilise the mapping gives
	 *    no additional guarantees to the caller as the page lock is
	 *    released before return.
	 * Case d, similar to truncation. If reclaim holds the page lock, it
	 *    will be a race with remove_mapping that determines if the mapping
	 *    is valid on unlock but otherwise the data is valid and there is
	 *    no need to serialise with page lock.
	 *
	 * As the page lock gives no additional guarantee, we optimistically
	 * wait on the page to be unlocked and check if it's up to date and
	 * use the page if it is. Otherwise, the page lock is required to
	 * distinguish between the different cases. The motivation is that we
	 * avoid spurious serialisations and wakeups when multiple processes
	 * wait on the same page for IO to complete.
	 */
	wait_on_page_locked(page);
	if (PageUptodate(page))
		goto out;

	/* Distinguish between all the cases under the safety of the lock */
L
Linus Torvalds 已提交
2880
	lock_page(page);
2881 2882

	/* Case c or d, restart the operation */
L
Linus Torvalds 已提交
2883 2884
	if (!page->mapping) {
		unlock_page(page);
2885
		put_page(page);
2886
		goto repeat;
L
Linus Torvalds 已提交
2887
	}
2888 2889

	/* Someone else locked and filled the page in a very small window */
L
Linus Torvalds 已提交
2890 2891 2892 2893
	if (PageUptodate(page)) {
		unlock_page(page);
		goto out;
	}
2894 2895
	goto filler;

2896
out:
2897 2898 2899
	mark_page_accessed(page);
	return page;
}
2900 2901

/**
S
Sasha Levin 已提交
2902
 * read_cache_page - read into page cache, fill it if needed
2903 2904 2905
 * @mapping:	the page's address_space
 * @index:	the page index
 * @filler:	function to perform the read
2906
 * @data:	first arg to filler(data, page) function, often left as NULL
2907 2908
 *
 * Read into the page cache. If a page already exists, and PageUptodate() is
S
Sasha Levin 已提交
2909
 * not set, try to fill the page and wait for it to become unlocked.
2910 2911
 *
 * If the page does not get brought uptodate, return -EIO.
2912 2913
 *
 * Return: up to date page on success, ERR_PTR() on failure.
2914
 */
S
Sasha Levin 已提交
2915
struct page *read_cache_page(struct address_space *mapping,
2916
				pgoff_t index,
2917
				int (*filler)(void *, struct page *),
2918 2919
				void *data)
{
2920 2921
	return do_read_cache_page(mapping, index, filler, data,
			mapping_gfp_mask(mapping));
2922
}
S
Sasha Levin 已提交
2923
EXPORT_SYMBOL(read_cache_page);
2924 2925 2926 2927 2928 2929 2930 2931

/**
 * read_cache_page_gfp - read into page cache, using specified page allocation flags.
 * @mapping:	the page's address_space
 * @index:	the page index
 * @gfp:	the page allocator flags to use if allocating
 *
 * This is the same as "read_mapping_page(mapping, index, NULL)", but with
2932
 * any new page allocations done using the specified allocation flags.
2933 2934
 *
 * If the page does not get brought uptodate, return -EIO.
2935 2936
 *
 * Return: up to date page on success, ERR_PTR() on failure.
2937 2938 2939 2940 2941
 */
struct page *read_cache_page_gfp(struct address_space *mapping,
				pgoff_t index,
				gfp_t gfp)
{
2942
	return do_read_cache_page(mapping, index, NULL, NULL, gfp);
2943 2944 2945
}
EXPORT_SYMBOL(read_cache_page_gfp);

2946 2947 2948 2949 2950 2951 2952 2953
/*
 * Don't operate on ranges the page cache doesn't support, and don't exceed the
 * LFS limits.  If pos is under the limit it becomes a short access.  If it
 * exceeds the limit we return -EFBIG.
 */
static int generic_write_check_limits(struct file *file, loff_t pos,
				      loff_t *count)
{
2954 2955
	struct inode *inode = file->f_mapping->host;
	loff_t max_size = inode->i_sb->s_maxbytes;
2956 2957 2958 2959 2960 2961 2962 2963 2964 2965
	loff_t limit = rlimit(RLIMIT_FSIZE);

	if (limit != RLIM_INFINITY) {
		if (pos >= limit) {
			send_sig(SIGXFSZ, current, 0);
			return -EFBIG;
		}
		*count = min(*count, limit - pos);
	}

2966 2967 2968 2969 2970 2971 2972 2973 2974
	if (!(file->f_flags & O_LARGEFILE))
		max_size = MAX_NON_LFS;

	if (unlikely(pos >= max_size))
		return -EFBIG;

	*count = min(*count, max_size - pos);

	return 0;
2975 2976
}

L
Linus Torvalds 已提交
2977 2978 2979
/*
 * Performs necessary checks before doing a write
 *
2980
 * Can adjust writing position or amount of bytes to write.
L
Linus Torvalds 已提交
2981 2982 2983
 * Returns appropriate error code that caller should return or
 * zero in case that write should be allowed.
 */
2984
inline ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from)
L
Linus Torvalds 已提交
2985
{
2986
	struct file *file = iocb->ki_filp;
L
Linus Torvalds 已提交
2987
	struct inode *inode = file->f_mapping->host;
2988 2989
	loff_t count;
	int ret;
L
Linus Torvalds 已提交
2990

2991 2992 2993
	if (IS_SWAPFILE(inode))
		return -ETXTBSY;

2994 2995
	if (!iov_iter_count(from))
		return 0;
L
Linus Torvalds 已提交
2996

2997
	/* FIXME: this is for backwards compatibility with 2.4 */
2998
	if (iocb->ki_flags & IOCB_APPEND)
2999
		iocb->ki_pos = i_size_read(inode);
L
Linus Torvalds 已提交
3000

3001 3002 3003
	if ((iocb->ki_flags & IOCB_NOWAIT) && !(iocb->ki_flags & IOCB_DIRECT))
		return -EINVAL;

3004 3005 3006 3007
	count = iov_iter_count(from);
	ret = generic_write_check_limits(file, iocb->ki_pos, &count);
	if (ret)
		return ret;
L
Linus Torvalds 已提交
3008

3009
	iov_iter_truncate(from, count);
3010
	return iov_iter_count(from);
L
Linus Torvalds 已提交
3011 3012 3013
}
EXPORT_SYMBOL(generic_write_checks);

3014 3015 3016
/*
 * Performs necessary checks before doing a clone.
 *
3017
 * Can adjust amount of bytes to clone via @req_count argument.
3018 3019 3020 3021 3022
 * Returns appropriate error code that caller should return or
 * zero in case the clone should be allowed.
 */
int generic_remap_checks(struct file *file_in, loff_t pos_in,
			 struct file *file_out, loff_t pos_out,
3023
			 loff_t *req_count, unsigned int remap_flags)
3024 3025 3026 3027 3028 3029 3030
{
	struct inode *inode_in = file_in->f_mapping->host;
	struct inode *inode_out = file_out->f_mapping->host;
	uint64_t count = *req_count;
	uint64_t bcount;
	loff_t size_in, size_out;
	loff_t bs = inode_out->i_sb->s_blocksize;
3031
	int ret;
3032 3033 3034 3035 3036 3037 3038 3039 3040 3041 3042 3043 3044

	/* The start of both ranges must be aligned to an fs block. */
	if (!IS_ALIGNED(pos_in, bs) || !IS_ALIGNED(pos_out, bs))
		return -EINVAL;

	/* Ensure offsets don't wrap. */
	if (pos_in + count < pos_in || pos_out + count < pos_out)
		return -EINVAL;

	size_in = i_size_read(inode_in);
	size_out = i_size_read(inode_out);

	/* Dedupe requires both ranges to be within EOF. */
3045
	if ((remap_flags & REMAP_FILE_DEDUP) &&
3046 3047 3048 3049 3050 3051 3052 3053 3054
	    (pos_in >= size_in || pos_in + count > size_in ||
	     pos_out >= size_out || pos_out + count > size_out))
		return -EINVAL;

	/* Ensure the infile range is within the infile. */
	if (pos_in >= size_in)
		return -EINVAL;
	count = min(count, size_in - (uint64_t)pos_in);

3055 3056 3057
	ret = generic_write_check_limits(file_out, pos_out, &count);
	if (ret)
		return ret;
L
Linus Torvalds 已提交
3058 3059

	/*
3060 3061 3062 3063 3064
	 * If the user wanted us to link to the infile's EOF, round up to the
	 * next block boundary for this check.
	 *
	 * Otherwise, make sure the count is also block-aligned, having
	 * already confirmed the starting offsets' block alignment.
L
Linus Torvalds 已提交
3065
	 */
3066 3067 3068 3069
	if (pos_in + count == size_in) {
		bcount = ALIGN(size_in, bs) - pos_in;
	} else {
		if (!IS_ALIGNED(count, bs))
3070
			count = ALIGN_DOWN(count, bs);
3071
		bcount = count;
L
Linus Torvalds 已提交
3072 3073
	}

3074 3075 3076 3077 3078 3079
	/* Don't allow overlapped cloning within the same file. */
	if (inode_in == inode_out &&
	    pos_out + bcount > pos_in &&
	    pos_out < pos_in + bcount)
		return -EINVAL;

L
Linus Torvalds 已提交
3080
	/*
3081 3082
	 * We shortened the request but the caller can't deal with that, so
	 * bounce the request back to userspace.
L
Linus Torvalds 已提交
3083
	 */
3084
	if (*req_count != count && !(remap_flags & REMAP_FILE_CAN_SHORTEN))
3085
		return -EINVAL;
L
Linus Torvalds 已提交
3086

3087
	*req_count = count;
3088
	return 0;
L
Linus Torvalds 已提交
3089 3090
}

3091 3092 3093 3094 3095 3096 3097 3098 3099 3100 3101 3102 3103 3104 3105 3106 3107 3108 3109 3110 3111 3112 3113 3114

/*
 * Performs common checks before doing a file copy/clone
 * from @file_in to @file_out.
 */
int generic_file_rw_checks(struct file *file_in, struct file *file_out)
{
	struct inode *inode_in = file_inode(file_in);
	struct inode *inode_out = file_inode(file_out);

	/* Don't copy dirs, pipes, sockets... */
	if (S_ISDIR(inode_in->i_mode) || S_ISDIR(inode_out->i_mode))
		return -EISDIR;
	if (!S_ISREG(inode_in->i_mode) || !S_ISREG(inode_out->i_mode))
		return -EINVAL;

	if (!(file_in->f_mode & FMODE_READ) ||
	    !(file_out->f_mode & FMODE_WRITE) ||
	    (file_out->f_flags & O_APPEND))
		return -EBADF;

	return 0;
}

3115 3116 3117 3118 3119 3120 3121 3122 3123 3124 3125 3126 3127 3128 3129 3130 3131 3132 3133 3134 3135 3136 3137 3138 3139 3140 3141 3142 3143 3144 3145 3146 3147 3148 3149 3150 3151 3152 3153 3154 3155 3156 3157 3158 3159 3160 3161 3162 3163 3164 3165 3166 3167
/*
 * Performs necessary checks before doing a file copy
 *
 * Can adjust amount of bytes to copy via @req_count argument.
 * Returns appropriate error code that caller should return or
 * zero in case the copy should be allowed.
 */
int generic_copy_file_checks(struct file *file_in, loff_t pos_in,
			     struct file *file_out, loff_t pos_out,
			     size_t *req_count, unsigned int flags)
{
	struct inode *inode_in = file_inode(file_in);
	struct inode *inode_out = file_inode(file_out);
	uint64_t count = *req_count;
	loff_t size_in;
	int ret;

	ret = generic_file_rw_checks(file_in, file_out);
	if (ret)
		return ret;

	/* Don't touch certain kinds of inodes */
	if (IS_IMMUTABLE(inode_out))
		return -EPERM;

	if (IS_SWAPFILE(inode_in) || IS_SWAPFILE(inode_out))
		return -ETXTBSY;

	/* Ensure offsets don't wrap. */
	if (pos_in + count < pos_in || pos_out + count < pos_out)
		return -EOVERFLOW;

	/* Shorten the copy to EOF */
	size_in = i_size_read(inode_in);
	if (pos_in >= size_in)
		count = 0;
	else
		count = min(count, size_in - (uint64_t)pos_in);

	ret = generic_write_check_limits(file_out, pos_out, &count);
	if (ret)
		return ret;

	/* Don't allow overlapped copying within the same file. */
	if (inode_in == inode_out &&
	    pos_out + count > pos_in &&
	    pos_out < pos_in + count)
		return -EINVAL;

	*req_count = count;
	return 0;
}

3168 3169 3170 3171 3172 3173
int pagecache_write_begin(struct file *file, struct address_space *mapping,
				loff_t pos, unsigned len, unsigned flags,
				struct page **pagep, void **fsdata)
{
	const struct address_space_operations *aops = mapping->a_ops;

3174
	return aops->write_begin(file, mapping, pos, len, flags,
3175 3176 3177 3178 3179 3180 3181 3182 3183 3184
							pagep, fsdata);
}
EXPORT_SYMBOL(pagecache_write_begin);

int pagecache_write_end(struct file *file, struct address_space *mapping,
				loff_t pos, unsigned len, unsigned copied,
				struct page *page, void *fsdata)
{
	const struct address_space_operations *aops = mapping->a_ops;

3185
	return aops->write_end(file, mapping, pos, len, copied, page, fsdata);
3186 3187 3188
}
EXPORT_SYMBOL(pagecache_write_end);

L
Linus Torvalds 已提交
3189
ssize_t
3190
generic_file_direct_write(struct kiocb *iocb, struct iov_iter *from)
L
Linus Torvalds 已提交
3191 3192 3193 3194
{
	struct file	*file = iocb->ki_filp;
	struct address_space *mapping = file->f_mapping;
	struct inode	*inode = mapping->host;
3195
	loff_t		pos = iocb->ki_pos;
L
Linus Torvalds 已提交
3196
	ssize_t		written;
3197 3198
	size_t		write_len;
	pgoff_t		end;
L
Linus Torvalds 已提交
3199

A
Al Viro 已提交
3200
	write_len = iov_iter_count(from);
3201
	end = (pos + write_len - 1) >> PAGE_SHIFT;
3202

3203 3204 3205
	if (iocb->ki_flags & IOCB_NOWAIT) {
		/* If there are pages to writeback, return */
		if (filemap_range_has_page(inode->i_mapping, pos,
3206
					   pos + write_len - 1))
3207 3208 3209 3210 3211 3212 3213
			return -EAGAIN;
	} else {
		written = filemap_write_and_wait_range(mapping, pos,
							pos + write_len - 1);
		if (written)
			goto out;
	}
3214 3215 3216 3217 3218

	/*
	 * After a write we want buffered reads to be sure to go to disk to get
	 * the new data.  We invalidate clean cached page from the region we're
	 * about to write.  We do this *before* the write so that we can return
3219
	 * without clobbering -EIOCBQUEUED from ->direct_IO().
3220
	 */
3221
	written = invalidate_inode_pages2_range(mapping,
3222
					pos >> PAGE_SHIFT, end);
3223 3224 3225 3226 3227 3228 3229 3230
	/*
	 * If a page can not be invalidated, return 0 to fall back
	 * to buffered write.
	 */
	if (written) {
		if (written == -EBUSY)
			return 0;
		goto out;
3231 3232
	}

3233
	written = mapping->a_ops->direct_IO(iocb, from);
3234 3235 3236 3237 3238 3239 3240 3241

	/*
	 * Finally, try again to invalidate clean pages which might have been
	 * cached by non-direct readahead, or faulted in by get_user_pages()
	 * if the source of the write was an mmap'ed region of the file
	 * we're writing.  Either one is a pretty crazy thing to do,
	 * so we don't support it 100%.  If this invalidation
	 * fails, tough, the write still worked...
3242 3243 3244 3245 3246
	 *
	 * Most of the time we do not need this since dio_complete() will do
	 * the invalidation for us. However there are some file systems that
	 * do not end up with dio_complete() being called, so let's not break
	 * them by removing it completely
3247
	 */
3248 3249 3250
	if (mapping->nrpages)
		invalidate_inode_pages2_range(mapping,
					pos >> PAGE_SHIFT, end);
3251

L
Linus Torvalds 已提交
3252
	if (written > 0) {
3253
		pos += written;
3254
		write_len -= written;
3255 3256
		if (pos > i_size_read(inode) && !S_ISBLK(inode->i_mode)) {
			i_size_write(inode, pos);
L
Linus Torvalds 已提交
3257 3258
			mark_inode_dirty(inode);
		}
3259
		iocb->ki_pos = pos;
L
Linus Torvalds 已提交
3260
	}
3261
	iov_iter_revert(from, write_len - iov_iter_count(from));
3262
out:
L
Linus Torvalds 已提交
3263 3264 3265 3266
	return written;
}
EXPORT_SYMBOL(generic_file_direct_write);

N
Nick Piggin 已提交
3267 3268 3269 3270
/*
 * Find or create a page at the given pagecache position. Return the locked
 * page. This function is specifically for buffered writes.
 */
3271 3272
struct page *grab_cache_page_write_begin(struct address_space *mapping,
					pgoff_t index, unsigned flags)
N
Nick Piggin 已提交
3273 3274
{
	struct page *page;
3275
	int fgp_flags = FGP_LOCK|FGP_WRITE|FGP_CREAT;
3276

3277
	if (flags & AOP_FLAG_NOFS)
3278 3279 3280
		fgp_flags |= FGP_NOFS;

	page = pagecache_get_page(mapping, index, fgp_flags,
3281
			mapping_gfp_mask(mapping));
3282
	if (page)
3283
		wait_for_stable_page(page);
N
Nick Piggin 已提交
3284 3285 3286

	return page;
}
3287
EXPORT_SYMBOL(grab_cache_page_write_begin);
N
Nick Piggin 已提交
3288

3289
ssize_t generic_perform_write(struct file *file,
3290 3291 3292 3293 3294 3295
				struct iov_iter *i, loff_t pos)
{
	struct address_space *mapping = file->f_mapping;
	const struct address_space_operations *a_ops = mapping->a_ops;
	long status = 0;
	ssize_t written = 0;
N
Nick Piggin 已提交
3296 3297
	unsigned int flags = 0;

3298 3299 3300 3301 3302 3303 3304
	do {
		struct page *page;
		unsigned long offset;	/* Offset into pagecache page */
		unsigned long bytes;	/* Bytes to write to page */
		size_t copied;		/* Bytes copied from user */
		void *fsdata;

3305 3306
		offset = (pos & (PAGE_SIZE - 1));
		bytes = min_t(unsigned long, PAGE_SIZE - offset,
3307 3308 3309
						iov_iter_count(i));

again:
3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324
		/*
		 * Bring in the user page that we will copy from _first_.
		 * Otherwise there's a nasty deadlock on copying from the
		 * same page as we're writing to, without it being marked
		 * up-to-date.
		 *
		 * Not only is this an optimisation, but it is also required
		 * to check that the address is actually valid, when atomic
		 * usercopies are used, below.
		 */
		if (unlikely(iov_iter_fault_in_readable(i, bytes))) {
			status = -EFAULT;
			break;
		}

J
Jan Kara 已提交
3325 3326 3327 3328 3329
		if (fatal_signal_pending(current)) {
			status = -EINTR;
			break;
		}

N
Nick Piggin 已提交
3330
		status = a_ops->write_begin(file, mapping, pos, bytes, flags,
3331
						&page, &fsdata);
3332
		if (unlikely(status < 0))
3333 3334
			break;

3335 3336
		if (mapping_writably_mapped(mapping))
			flush_dcache_page(page);
3337

3338 3339 3340 3341 3342 3343 3344 3345 3346 3347 3348
		copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes);
		flush_dcache_page(page);

		status = a_ops->write_end(file, mapping, pos, bytes, copied,
						page, fsdata);
		if (unlikely(status < 0))
			break;
		copied = status;

		cond_resched();

3349
		iov_iter_advance(i, copied);
3350 3351 3352 3353 3354 3355 3356 3357 3358
		if (unlikely(copied == 0)) {
			/*
			 * If we were unable to copy any data at all, we must
			 * fall back to a single segment length write.
			 *
			 * If we didn't fallback here, we could livelock
			 * because not all segments in the iov can be copied at
			 * once without a pagefault.
			 */
3359
			bytes = min_t(unsigned long, PAGE_SIZE - offset,
3360 3361 3362 3363 3364 3365 3366 3367 3368 3369 3370
						iov_iter_single_seg_count(i));
			goto again;
		}
		pos += copied;
		written += copied;

		balance_dirty_pages_ratelimited(mapping);
	} while (iov_iter_count(i));

	return written ? written : status;
}
3371
EXPORT_SYMBOL(generic_perform_write);
L
Linus Torvalds 已提交
3372

3373
/**
3374
 * __generic_file_write_iter - write data to a file
3375
 * @iocb:	IO state structure (file, offset, etc.)
3376
 * @from:	iov_iter with data to write
3377 3378 3379 3380 3381 3382 3383 3384 3385 3386 3387 3388
 *
 * This function does all the work needed for actually writing data to a
 * file. It does all basic checks, removes SUID from the file, updates
 * modification times and calls proper subroutines depending on whether we
 * do direct IO or a standard buffered write.
 *
 * It expects i_mutex to be grabbed unless we work on a block device or similar
 * object which does not need locking at all.
 *
 * This function does *not* take care of syncing data in case of O_SYNC write.
 * A caller has to handle it. This is mainly due to the fact that we want to
 * avoid syncing under i_mutex.
3389 3390 3391 3392
 *
 * Return:
 * * number of bytes written, even for truncated writes
 * * negative error code if no data has been written at all
3393
 */
3394
ssize_t __generic_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
L
Linus Torvalds 已提交
3395 3396
{
	struct file *file = iocb->ki_filp;
3397
	struct address_space * mapping = file->f_mapping;
L
Linus Torvalds 已提交
3398
	struct inode 	*inode = mapping->host;
3399
	ssize_t		written = 0;
L
Linus Torvalds 已提交
3400
	ssize_t		err;
3401
	ssize_t		status;
L
Linus Torvalds 已提交
3402 3403

	/* We can write back this queue in page reclaim */
3404
	current->backing_dev_info = inode_to_bdi(inode);
3405
	err = file_remove_privs(file);
L
Linus Torvalds 已提交
3406 3407 3408
	if (err)
		goto out;

3409 3410 3411
	err = file_update_time(file);
	if (err)
		goto out;
L
Linus Torvalds 已提交
3412

3413
	if (iocb->ki_flags & IOCB_DIRECT) {
3414
		loff_t pos, endbyte;
3415

3416
		written = generic_file_direct_write(iocb, from);
L
Linus Torvalds 已提交
3417
		/*
3418 3419 3420 3421 3422
		 * If the write stopped short of completing, fall back to
		 * buffered writes.  Some filesystems do this for writes to
		 * holes, for example.  For DAX files, a buffered write will
		 * not succeed (even if it did, DAX does not handle dirty
		 * page-cache pages correctly).
L
Linus Torvalds 已提交
3423
		 */
3424
		if (written < 0 || !iov_iter_count(from) || IS_DAX(inode))
3425 3426
			goto out;

3427
		status = generic_perform_write(file, from, pos = iocb->ki_pos);
3428
		/*
3429
		 * If generic_perform_write() returned a synchronous error
3430 3431 3432 3433 3434
		 * then we want to return the number of bytes which were
		 * direct-written, or the error code if that was zero.  Note
		 * that this differs from normal direct-io semantics, which
		 * will return -EFOO even if some bytes were written.
		 */
3435
		if (unlikely(status < 0)) {
3436
			err = status;
3437 3438 3439 3440 3441 3442 3443
			goto out;
		}
		/*
		 * We need to ensure that the page cache pages are written to
		 * disk and invalidated to preserve the expected O_DIRECT
		 * semantics.
		 */
3444
		endbyte = pos + status - 1;
3445
		err = filemap_write_and_wait_range(mapping, pos, endbyte);
3446
		if (err == 0) {
3447
			iocb->ki_pos = endbyte + 1;
3448
			written += status;
3449
			invalidate_mapping_pages(mapping,
3450 3451
						 pos >> PAGE_SHIFT,
						 endbyte >> PAGE_SHIFT);
3452 3453 3454 3455 3456 3457 3458
		} else {
			/*
			 * We don't know how much we wrote, so just return
			 * the number of bytes which were direct-written
			 */
		}
	} else {
3459 3460 3461
		written = generic_perform_write(file, from, iocb->ki_pos);
		if (likely(written > 0))
			iocb->ki_pos += written;
3462
	}
L
Linus Torvalds 已提交
3463 3464 3465 3466
out:
	current->backing_dev_info = NULL;
	return written ? written : err;
}
3467
EXPORT_SYMBOL(__generic_file_write_iter);
3468 3469

/**
3470
 * generic_file_write_iter - write data to a file
3471
 * @iocb:	IO state structure
3472
 * @from:	iov_iter with data to write
3473
 *
3474
 * This is a wrapper around __generic_file_write_iter() to be used by most
3475 3476
 * filesystems. It takes care of syncing the file in case of O_SYNC file
 * and acquires i_mutex as needed.
3477 3478 3479 3480
 * Return:
 * * negative error code if no data has been written at all of
 *   vfs_fsync_range() failed for a synchronous write
 * * number of bytes written, even for truncated writes
3481
 */
3482
ssize_t generic_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
L
Linus Torvalds 已提交
3483 3484
{
	struct file *file = iocb->ki_filp;
3485
	struct inode *inode = file->f_mapping->host;
L
Linus Torvalds 已提交
3486 3487
	ssize_t ret;

A
Al Viro 已提交
3488
	inode_lock(inode);
3489 3490
	ret = generic_write_checks(iocb, from);
	if (ret > 0)
3491
		ret = __generic_file_write_iter(iocb, from);
A
Al Viro 已提交
3492
	inode_unlock(inode);
L
Linus Torvalds 已提交
3493

3494 3495
	if (ret > 0)
		ret = generic_write_sync(iocb, ret);
L
Linus Torvalds 已提交
3496 3497
	return ret;
}
3498
EXPORT_SYMBOL(generic_file_write_iter);
L
Linus Torvalds 已提交
3499

3500 3501 3502 3503 3504 3505 3506
/**
 * try_to_release_page() - release old fs-specific metadata on a page
 *
 * @page: the page which the kernel is trying to free
 * @gfp_mask: memory allocation flags (and I/O mode)
 *
 * The address_space is to try to release any data against the page
3507
 * (presumably at page->private).
3508
 *
3509 3510 3511
 * This may also be called if PG_fscache is set on a page, indicating that the
 * page is known to the local caching routines.
 *
3512
 * The @gfp_mask argument specifies whether I/O may be performed to release
3513
 * this page (__GFP_IO), and whether the call may block (__GFP_RECLAIM & __GFP_FS).
3514
 *
3515
 * Return: %1 if the release was successful, otherwise return zero.
3516 3517 3518 3519 3520 3521 3522 3523 3524 3525 3526 3527 3528 3529 3530
 */
int try_to_release_page(struct page *page, gfp_t gfp_mask)
{
	struct address_space * const mapping = page->mapping;

	BUG_ON(!PageLocked(page));
	if (PageWriteback(page))
		return 0;

	if (mapping && mapping->a_ops->releasepage)
		return mapping->a_ops->releasepage(page, gfp_mask);
	return try_to_free_buffers(page);
}

EXPORT_SYMBOL(try_to_release_page);