filemap.c 103.4 KB
Newer Older
1
// SPDX-License-Identifier: GPL-2.0-only
L
Linus Torvalds 已提交
2 3 4 5 6 7 8 9 10 11 12
/*
 *	linux/mm/filemap.c
 *
 * Copyright (C) 1994-1999  Linus Torvalds
 */

/*
 * This file handles the generic file mmap semantics used by
 * most "normal" filesystems (but you don't /have/ to use this:
 * the NFS filesystem used to do this differently, for example)
 */
13
#include <linux/export.h>
L
Linus Torvalds 已提交
14
#include <linux/compiler.h>
15
#include <linux/dax.h>
L
Linus Torvalds 已提交
16
#include <linux/fs.h>
17
#include <linux/sched/signal.h>
18
#include <linux/uaccess.h>
19
#include <linux/capability.h>
L
Linus Torvalds 已提交
20
#include <linux/kernel_stat.h>
21
#include <linux/gfp.h>
L
Linus Torvalds 已提交
22 23 24 25 26 27
#include <linux/mm.h>
#include <linux/swap.h>
#include <linux/mman.h>
#include <linux/pagemap.h>
#include <linux/file.h>
#include <linux/uio.h>
28
#include <linux/error-injection.h>
L
Linus Torvalds 已提交
29 30
#include <linux/hash.h>
#include <linux/writeback.h>
31
#include <linux/backing-dev.h>
L
Linus Torvalds 已提交
32 33 34
#include <linux/pagevec.h>
#include <linux/blkdev.h>
#include <linux/security.h>
35
#include <linux/cpuset.h>
36
#include <linux/hugetlb.h>
37
#include <linux/memcontrol.h>
38
#include <linux/cleancache.h>
39
#include <linux/shmem_fs.h>
40
#include <linux/rmap.h>
41
#include <linux/delayacct.h>
42
#include <linux/psi.h>
43
#include <linux/ramfs.h>
44
#include <linux/page_idle.h>
45 46
#include "internal.h"

R
Robert Jarzmik 已提交
47 48 49
#define CREATE_TRACE_POINTS
#include <trace/events/filemap.h>

L
Linus Torvalds 已提交
50 51 52
/*
 * FIXME: remove all knowledge of the buffer layer from the core VM
 */
53
#include <linux/buffer_head.h> /* for try_to_free_buffers */
L
Linus Torvalds 已提交
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71

#include <asm/mman.h>

/*
 * Shared mappings implemented 30.11.1994. It's not fully working yet,
 * though.
 *
 * Shared mappings now work. 15.8.1995  Bruno.
 *
 * finished 'unifying' the page and buffer cache and SMP-threaded the
 * page-cache, 21.05.1999, Ingo Molnar <mingo@redhat.com>
 *
 * SMP-threaded pagemap-LRU 1999, Andrea Arcangeli <andrea@suse.de>
 */

/*
 * Lock ordering:
 *
72
 *  ->i_mmap_rwsem		(truncate_pagecache)
L
Linus Torvalds 已提交
73
 *    ->private_lock		(__free_pte->__set_page_dirty_buffers)
74
 *      ->swap_lock		(exclusive_swap_page, others)
M
Matthew Wilcox 已提交
75
 *        ->i_pages lock
L
Linus Torvalds 已提交
76
 *
77
 *  ->i_mutex
78
 *    ->i_mmap_rwsem		(truncate->unmap_mapping_range)
L
Linus Torvalds 已提交
79
 *
80
 *  ->mmap_lock
81
 *    ->i_mmap_rwsem
82
 *      ->page_table_lock or pte_lock	(various, mainly in memory.c)
M
Matthew Wilcox 已提交
83
 *        ->i_pages lock	(arch-dependent flush_dcache_mmap_lock)
L
Linus Torvalds 已提交
84
 *
85
 *  ->mmap_lock
L
Linus Torvalds 已提交
86 87
 *    ->lock_page		(access_process_vm)
 *
A
Al Viro 已提交
88
 *  ->i_mutex			(generic_perform_write)
89
 *    ->mmap_lock		(fault_in_pages_readable->do_page_fault)
L
Linus Torvalds 已提交
90
 *
91
 *  bdi->wb.list_lock
92
 *    sb_lock			(fs/fs-writeback.c)
M
Matthew Wilcox 已提交
93
 *    ->i_pages lock		(__sync_single_inode)
L
Linus Torvalds 已提交
94
 *
95
 *  ->i_mmap_rwsem
L
Linus Torvalds 已提交
96 97 98
 *    ->anon_vma.lock		(vma_adjust)
 *
 *  ->anon_vma.lock
99
 *    ->page_table_lock or pte_lock	(anon_vma_prepare and various)
L
Linus Torvalds 已提交
100
 *
101
 *  ->page_table_lock or pte_lock
102
 *    ->swap_lock		(try_to_unmap_one)
L
Linus Torvalds 已提交
103
 *    ->private_lock		(try_to_unmap_one)
M
Matthew Wilcox 已提交
104
 *    ->i_pages lock		(try_to_unmap_one)
105 106
 *    ->pgdat->lru_lock		(follow_page->mark_page_accessed)
 *    ->pgdat->lru_lock		(check_pte_range->isolate_lru_page)
L
Linus Torvalds 已提交
107
 *    ->private_lock		(page_remove_rmap->set_page_dirty)
M
Matthew Wilcox 已提交
108
 *    ->i_pages lock		(page_remove_rmap->set_page_dirty)
109
 *    bdi.wb->list_lock		(page_remove_rmap->set_page_dirty)
110
 *    ->inode->i_lock		(page_remove_rmap->set_page_dirty)
111
 *    ->memcg->move_lock	(page_remove_rmap->lock_page_memcg)
112
 *    bdi.wb->list_lock		(zap_pte_range->set_page_dirty)
113
 *    ->inode->i_lock		(zap_pte_range->set_page_dirty)
L
Linus Torvalds 已提交
114 115
 *    ->private_lock		(zap_pte_range->__set_page_dirty_buffers)
 *
116
 * ->i_mmap_rwsem
117
 *   ->tasklist_lock            (memory_failure, collect_procs_ao)
L
Linus Torvalds 已提交
118 119
 */

120
static void page_cache_delete(struct address_space *mapping,
121 122
				   struct page *page, void *shadow)
{
123 124
	XA_STATE(xas, &mapping->i_pages, page->index);
	unsigned int nr = 1;
125

126
	mapping_set_update(&xas, mapping);
127

128 129 130
	/* hugetlb pages are represented by a single entry in the xarray */
	if (!PageHuge(page)) {
		xas_set_order(&xas, page->index, compound_order(page));
131
		nr = compound_nr(page);
132
	}
133

134 135 136
	VM_BUG_ON_PAGE(!PageLocked(page), page);
	VM_BUG_ON_PAGE(PageTail(page), page);
	VM_BUG_ON_PAGE(nr != 1 && shadow, page);
137

138 139
	xas_store(&xas, shadow);
	xas_init_marks(&xas);
140

141 142 143
	page->mapping = NULL;
	/* Leave page->index set: truncation lookup relies upon it */

144 145 146 147 148 149 150 151 152 153 154
	if (shadow) {
		mapping->nrexceptional += nr;
		/*
		 * Make sure the nrexceptional update is committed before
		 * the nrpages update so that final truncate racing
		 * with reclaim does not see both counters 0 at the
		 * same time and miss a shadow entry.
		 */
		smp_wmb();
	}
	mapping->nrpages -= nr;
155 156
}

157 158
static void unaccount_page_cache_page(struct address_space *mapping,
				      struct page *page)
L
Linus Torvalds 已提交
159
{
160
	int nr;
L
Linus Torvalds 已提交
161

162 163 164 165 166 167 168 169
	/*
	 * if we're uptodate, flush out into the cleancache, otherwise
	 * invalidate any existing cleancache entries.  We can't leave
	 * stale data around in the cleancache once our page is gone
	 */
	if (PageUptodate(page) && PageMappedToDisk(page))
		cleancache_put_page(page);
	else
170
		cleancache_invalidate_page(mapping, page);
171

172
	VM_BUG_ON_PAGE(PageTail(page), page);
173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192
	VM_BUG_ON_PAGE(page_mapped(page), page);
	if (!IS_ENABLED(CONFIG_DEBUG_VM) && unlikely(page_mapped(page))) {
		int mapcount;

		pr_alert("BUG: Bad page cache in process %s  pfn:%05lx\n",
			 current->comm, page_to_pfn(page));
		dump_page(page, "still mapped when deleted");
		dump_stack();
		add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);

		mapcount = page_mapcount(page);
		if (mapping_exiting(mapping) &&
		    page_count(page) >= mapcount + 2) {
			/*
			 * All vmas have already been torn down, so it's
			 * a good bet that actually the page is unmapped,
			 * and we'd prefer not to leak it: if we're wrong,
			 * some other bad page check should catch it later.
			 */
			page_mapcount_reset(page);
193
			page_ref_sub(page, mapcount);
194 195 196
		}
	}

197
	/* hugetlb pages do not participate in page cache accounting. */
198 199
	if (PageHuge(page))
		return;
200

201
	nr = thp_nr_pages(page);
202

203
	__mod_lruvec_page_state(page, NR_FILE_PAGES, -nr);
204
	if (PageSwapBacked(page)) {
205
		__mod_lruvec_page_state(page, NR_SHMEM, -nr);
206 207
		if (PageTransHuge(page))
			__dec_node_page_state(page, NR_SHMEM_THPS);
208 209
	} else if (PageTransHuge(page)) {
		__dec_node_page_state(page, NR_FILE_THPS);
210
		filemap_nr_thps_dec(mapping);
211
	}
212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229

	/*
	 * At this point page must be either written or cleaned by
	 * truncate.  Dirty page here signals a bug and loss of
	 * unwritten data.
	 *
	 * This fixes dirty accounting after removing the page entirely
	 * but leaves PageDirty set: it has no effect for truncated
	 * page and anyway will be cleared before returning page into
	 * buddy allocator.
	 */
	if (WARN_ON_ONCE(PageDirty(page)))
		account_page_cleaned(page, mapping, inode_to_wb(mapping->host));
}

/*
 * Delete a page from the page cache and free it. Caller has to make
 * sure the page is locked and that nobody else uses it - or that usage
M
Matthew Wilcox 已提交
230
 * is safe.  The caller must hold the i_pages lock.
231 232 233 234 235 236 237 238
 */
void __delete_from_page_cache(struct page *page, void *shadow)
{
	struct address_space *mapping = page->mapping;

	trace_mm_filemap_delete_from_page_cache(page);

	unaccount_page_cache_page(mapping, page);
239
	page_cache_delete(mapping, page, shadow);
L
Linus Torvalds 已提交
240 241
}

242 243 244 245 246 247 248 249 250 251
static void page_cache_free_page(struct address_space *mapping,
				struct page *page)
{
	void (*freepage)(struct page *);

	freepage = mapping->a_ops->freepage;
	if (freepage)
		freepage(page);

	if (PageTransHuge(page) && !PageHuge(page)) {
252
		page_ref_sub(page, thp_nr_pages(page));
253 254 255 256 257 258
		VM_BUG_ON_PAGE(page_count(page) <= 0, page);
	} else {
		put_page(page);
	}
}

259 260 261 262 263 264 265 266 267
/**
 * delete_from_page_cache - delete page from page cache
 * @page: the page which the kernel is trying to remove from page cache
 *
 * This must be called only on pages that have been verified to be in the page
 * cache and locked.  It will never put the page into the free list, the caller
 * has a reference on the page.
 */
void delete_from_page_cache(struct page *page)
L
Linus Torvalds 已提交
268
{
269
	struct address_space *mapping = page_mapping(page);
270
	unsigned long flags;
L
Linus Torvalds 已提交
271

M
Matt Mackall 已提交
272
	BUG_ON(!PageLocked(page));
M
Matthew Wilcox 已提交
273
	xa_lock_irqsave(&mapping->i_pages, flags);
J
Johannes Weiner 已提交
274
	__delete_from_page_cache(page, NULL);
M
Matthew Wilcox 已提交
275
	xa_unlock_irqrestore(&mapping->i_pages, flags);
276

277
	page_cache_free_page(mapping, page);
278 279 280
}
EXPORT_SYMBOL(delete_from_page_cache);

281
/*
282
 * page_cache_delete_batch - delete several pages from page cache
283 284 285
 * @mapping: the mapping to which pages belong
 * @pvec: pagevec with pages to delete
 *
M
Matthew Wilcox 已提交
286
 * The function walks over mapping->i_pages and removes pages passed in @pvec
287 288
 * from the mapping. The function expects @pvec to be sorted by page index
 * and is optimised for it to be dense.
M
Matthew Wilcox 已提交
289
 * It tolerates holes in @pvec (mapping entries at those indices are not
290
 * modified). The function expects only THP head pages to be present in the
291
 * @pvec.
292
 *
M
Matthew Wilcox 已提交
293
 * The function expects the i_pages lock to be held.
294
 */
295
static void page_cache_delete_batch(struct address_space *mapping,
296 297
			     struct pagevec *pvec)
{
298
	XA_STATE(xas, &mapping->i_pages, pvec->pages[0]->index);
299
	int total_pages = 0;
300
	int i = 0;
301 302
	struct page *page;

303 304
	mapping_set_update(&xas, mapping);
	xas_for_each(&xas, page, ULONG_MAX) {
305
		if (i >= pagevec_count(pvec))
306
			break;
307 308

		/* A swap/dax/shadow entry got inserted? Skip it. */
309
		if (xa_is_value(page))
310
			continue;
311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326
		/*
		 * A page got inserted in our range? Skip it. We have our
		 * pages locked so they are protected from being removed.
		 * If we see a page whose index is higher than ours, it
		 * means our page has been removed, which shouldn't be
		 * possible because we're holding the PageLock.
		 */
		if (page != pvec->pages[i]) {
			VM_BUG_ON_PAGE(page->index > pvec->pages[i]->index,
					page);
			continue;
		}

		WARN_ON_ONCE(!PageLocked(page));

		if (page->index == xas.xa_index)
327
			page->mapping = NULL;
328 329 330 331 332 333 334 335
		/* Leave page->index set: truncation lookup relies on it */

		/*
		 * Move to the next page in the vector if this is a regular
		 * page or the index is of the last sub-page of this compound
		 * page.
		 */
		if (page->index + compound_nr(page) - 1 == xas.xa_index)
336
			i++;
337
		xas_store(&xas, NULL);
338 339 340 341 342 343 344 345 346 347 348 349 350 351
		total_pages++;
	}
	mapping->nrpages -= total_pages;
}

void delete_from_page_cache_batch(struct address_space *mapping,
				  struct pagevec *pvec)
{
	int i;
	unsigned long flags;

	if (!pagevec_count(pvec))
		return;

M
Matthew Wilcox 已提交
352
	xa_lock_irqsave(&mapping->i_pages, flags);
353 354 355 356 357
	for (i = 0; i < pagevec_count(pvec); i++) {
		trace_mm_filemap_delete_from_page_cache(pvec->pages[i]);

		unaccount_page_cache_page(mapping, pvec->pages[i]);
	}
358
	page_cache_delete_batch(mapping, pvec);
M
Matthew Wilcox 已提交
359
	xa_unlock_irqrestore(&mapping->i_pages, flags);
360 361 362 363 364

	for (i = 0; i < pagevec_count(pvec); i++)
		page_cache_free_page(mapping, pvec->pages[i]);
}

365
int filemap_check_errors(struct address_space *mapping)
366 367 368
{
	int ret = 0;
	/* Check for outstanding write errors */
369 370
	if (test_bit(AS_ENOSPC, &mapping->flags) &&
	    test_and_clear_bit(AS_ENOSPC, &mapping->flags))
371
		ret = -ENOSPC;
372 373
	if (test_bit(AS_EIO, &mapping->flags) &&
	    test_and_clear_bit(AS_EIO, &mapping->flags))
374 375 376
		ret = -EIO;
	return ret;
}
377
EXPORT_SYMBOL(filemap_check_errors);
378

379 380 381 382 383 384 385 386 387 388
static int filemap_check_and_keep_errors(struct address_space *mapping)
{
	/* Check for outstanding write errors */
	if (test_bit(AS_EIO, &mapping->flags))
		return -EIO;
	if (test_bit(AS_ENOSPC, &mapping->flags))
		return -ENOSPC;
	return 0;
}

L
Linus Torvalds 已提交
389
/**
390
 * __filemap_fdatawrite_range - start writeback on mapping dirty pages in range
391 392
 * @mapping:	address space structure to write
 * @start:	offset in bytes where the range starts
393
 * @end:	offset in bytes where the range ends (inclusive)
394
 * @sync_mode:	enable synchronous operation
L
Linus Torvalds 已提交
395
 *
396 397 398
 * Start writeback against all of a mapping's dirty pages that lie
 * within the byte offsets <start, end> inclusive.
 *
L
Linus Torvalds 已提交
399
 * If sync_mode is WB_SYNC_ALL then this is a "data integrity" operation, as
400
 * opposed to a regular memory cleansing writeback.  The difference between
L
Linus Torvalds 已提交
401 402
 * these two operations is that if a dirty page/buffer is encountered, it must
 * be waited upon, and not just skipped over.
403 404
 *
 * Return: %0 on success, negative error code otherwise.
L
Linus Torvalds 已提交
405
 */
406 407
int __filemap_fdatawrite_range(struct address_space *mapping, loff_t start,
				loff_t end, int sync_mode)
L
Linus Torvalds 已提交
408 409 410 411
{
	int ret;
	struct writeback_control wbc = {
		.sync_mode = sync_mode,
412
		.nr_to_write = LONG_MAX,
413 414
		.range_start = start,
		.range_end = end,
L
Linus Torvalds 已提交
415 416
	};

417
	if (!mapping_can_writeback(mapping) ||
418
	    !mapping_tagged(mapping, PAGECACHE_TAG_DIRTY))
L
Linus Torvalds 已提交
419 420
		return 0;

421
	wbc_attach_fdatawrite_inode(&wbc, mapping->host);
L
Linus Torvalds 已提交
422
	ret = do_writepages(mapping, &wbc);
423
	wbc_detach_inode(&wbc);
L
Linus Torvalds 已提交
424 425 426 427 428 429
	return ret;
}

static inline int __filemap_fdatawrite(struct address_space *mapping,
	int sync_mode)
{
430
	return __filemap_fdatawrite_range(mapping, 0, LLONG_MAX, sync_mode);
L
Linus Torvalds 已提交
431 432 433 434 435 436 437 438
}

int filemap_fdatawrite(struct address_space *mapping)
{
	return __filemap_fdatawrite(mapping, WB_SYNC_ALL);
}
EXPORT_SYMBOL(filemap_fdatawrite);

439
int filemap_fdatawrite_range(struct address_space *mapping, loff_t start,
440
				loff_t end)
L
Linus Torvalds 已提交
441 442 443
{
	return __filemap_fdatawrite_range(mapping, start, end, WB_SYNC_ALL);
}
444
EXPORT_SYMBOL(filemap_fdatawrite_range);
L
Linus Torvalds 已提交
445

446 447 448 449
/**
 * filemap_flush - mostly a non-blocking flush
 * @mapping:	target address_space
 *
L
Linus Torvalds 已提交
450 451
 * This is a mostly non-blocking flush.  Not suitable for data-integrity
 * purposes - I/O may not be started against all dirty pages.
452 453
 *
 * Return: %0 on success, negative error code otherwise.
L
Linus Torvalds 已提交
454 455 456 457 458 459 460
 */
int filemap_flush(struct address_space *mapping)
{
	return __filemap_fdatawrite(mapping, WB_SYNC_NONE);
}
EXPORT_SYMBOL(filemap_flush);

461 462 463 464 465 466 467 468
/**
 * filemap_range_has_page - check if a page exists in range.
 * @mapping:           address space within which to check
 * @start_byte:        offset in bytes where the range starts
 * @end_byte:          offset in bytes where the range ends (inclusive)
 *
 * Find at least one page in the range supplied, usually used to check if
 * direct writing in this range will trigger a writeback.
469 470 471
 *
 * Return: %true if at least one page exists in the specified range,
 * %false otherwise.
472 473 474 475
 */
bool filemap_range_has_page(struct address_space *mapping,
			   loff_t start_byte, loff_t end_byte)
{
476
	struct page *page;
477 478
	XA_STATE(xas, &mapping->i_pages, start_byte >> PAGE_SHIFT);
	pgoff_t max = end_byte >> PAGE_SHIFT;
479 480 481 482

	if (end_byte < start_byte)
		return false;

483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498
	rcu_read_lock();
	for (;;) {
		page = xas_find(&xas, max);
		if (xas_retry(&xas, page))
			continue;
		/* Shadow entries don't count */
		if (xa_is_value(page))
			continue;
		/*
		 * We don't need to try to pin this page; we're about to
		 * release the RCU lock anyway.  It is enough to know that
		 * there was a page here recently.
		 */
		break;
	}
	rcu_read_unlock();
499

500
	return page != NULL;
501 502 503
}
EXPORT_SYMBOL(filemap_range_has_page);

504
static void __filemap_fdatawait_range(struct address_space *mapping,
505
				     loff_t start_byte, loff_t end_byte)
L
Linus Torvalds 已提交
506
{
507 508
	pgoff_t index = start_byte >> PAGE_SHIFT;
	pgoff_t end = end_byte >> PAGE_SHIFT;
L
Linus Torvalds 已提交
509 510 511
	struct pagevec pvec;
	int nr_pages;

512
	if (end_byte < start_byte)
513
		return;
L
Linus Torvalds 已提交
514

515
	pagevec_init(&pvec);
516
	while (index <= end) {
L
Linus Torvalds 已提交
517 518
		unsigned i;

519
		nr_pages = pagevec_lookup_range_tag(&pvec, mapping, &index,
520
				end, PAGECACHE_TAG_WRITEBACK);
521 522 523
		if (!nr_pages)
			break;

L
Linus Torvalds 已提交
524 525 526 527
		for (i = 0; i < nr_pages; i++) {
			struct page *page = pvec.pages[i];

			wait_on_page_writeback(page);
528
			ClearPageError(page);
L
Linus Torvalds 已提交
529 530 531 532
		}
		pagevec_release(&pvec);
		cond_resched();
	}
533 534 535 536 537 538 539 540 541 542 543 544 545 546 547
}

/**
 * filemap_fdatawait_range - wait for writeback to complete
 * @mapping:		address space structure to wait for
 * @start_byte:		offset in bytes where the range starts
 * @end_byte:		offset in bytes where the range ends (inclusive)
 *
 * Walk the list of under-writeback pages of the given address space
 * in the given range and wait for all of them.  Check error status of
 * the address space and return it.
 *
 * Since the error status of the address space is cleared by this function,
 * callers are responsible for checking the return value and handling and/or
 * reporting the error.
548 549
 *
 * Return: error status of the address space.
550 551 552 553
 */
int filemap_fdatawait_range(struct address_space *mapping, loff_t start_byte,
			    loff_t end_byte)
{
554 555
	__filemap_fdatawait_range(mapping, start_byte, end_byte);
	return filemap_check_errors(mapping);
L
Linus Torvalds 已提交
556
}
557 558
EXPORT_SYMBOL(filemap_fdatawait_range);

559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580
/**
 * filemap_fdatawait_range_keep_errors - wait for writeback to complete
 * @mapping:		address space structure to wait for
 * @start_byte:		offset in bytes where the range starts
 * @end_byte:		offset in bytes where the range ends (inclusive)
 *
 * Walk the list of under-writeback pages of the given address space in the
 * given range and wait for all of them.  Unlike filemap_fdatawait_range(),
 * this function does not clear error status of the address space.
 *
 * Use this function if callers don't handle errors themselves.  Expected
 * call sites are system-wide / filesystem-wide data flushers: e.g. sync(2),
 * fsfreeze(8)
 */
int filemap_fdatawait_range_keep_errors(struct address_space *mapping,
		loff_t start_byte, loff_t end_byte)
{
	__filemap_fdatawait_range(mapping, start_byte, end_byte);
	return filemap_check_and_keep_errors(mapping);
}
EXPORT_SYMBOL(filemap_fdatawait_range_keep_errors);

581 582 583 584 585 586 587 588 589 590 591 592 593
/**
 * file_fdatawait_range - wait for writeback to complete
 * @file:		file pointing to address space structure to wait for
 * @start_byte:		offset in bytes where the range starts
 * @end_byte:		offset in bytes where the range ends (inclusive)
 *
 * Walk the list of under-writeback pages of the address space that file
 * refers to, in the given range and wait for all of them.  Check error
 * status of the address space vs. the file->f_wb_err cursor and return it.
 *
 * Since the error status of the file is advanced by this function,
 * callers are responsible for checking the return value and handling and/or
 * reporting the error.
594 595
 *
 * Return: error status of the address space vs. the file->f_wb_err cursor.
596 597 598 599 600 601 602 603 604
 */
int file_fdatawait_range(struct file *file, loff_t start_byte, loff_t end_byte)
{
	struct address_space *mapping = file->f_mapping;

	__filemap_fdatawait_range(mapping, start_byte, end_byte);
	return file_check_and_advance_wb_err(file);
}
EXPORT_SYMBOL(file_fdatawait_range);
605

606 607 608 609 610 611 612 613 614 615 616
/**
 * filemap_fdatawait_keep_errors - wait for writeback without clearing errors
 * @mapping: address space structure to wait for
 *
 * Walk the list of under-writeback pages of the given address space
 * and wait for all of them.  Unlike filemap_fdatawait(), this function
 * does not clear error status of the address space.
 *
 * Use this function if callers don't handle errors themselves.  Expected
 * call sites are system-wide / filesystem-wide data flushers: e.g. sync(2),
 * fsfreeze(8)
617 618
 *
 * Return: error status of the address space.
619
 */
620
int filemap_fdatawait_keep_errors(struct address_space *mapping)
621
{
622
	__filemap_fdatawait_range(mapping, 0, LLONG_MAX);
623
	return filemap_check_and_keep_errors(mapping);
624
}
625
EXPORT_SYMBOL(filemap_fdatawait_keep_errors);
626

627
/* Returns true if writeback might be needed or already in progress. */
628
static bool mapping_needs_writeback(struct address_space *mapping)
L
Linus Torvalds 已提交
629
{
630 631 632 633
	if (dax_mapping(mapping))
		return mapping->nrexceptional;

	return mapping->nrpages;
L
Linus Torvalds 已提交
634 635
}

636 637 638 639 640 641
/**
 * filemap_write_and_wait_range - write out & wait on a file range
 * @mapping:	the address_space for the pages
 * @lstart:	offset in bytes where the range starts
 * @lend:	offset in bytes where the range ends (inclusive)
 *
642 643
 * Write out and wait upon file offsets lstart->lend, inclusive.
 *
644
 * Note that @lend is inclusive (describes the last byte to be written) so
645
 * that this function can be used to write to the very end-of-file (end = -1).
646 647
 *
 * Return: error status of the address space.
648
 */
L
Linus Torvalds 已提交
649 650 651
int filemap_write_and_wait_range(struct address_space *mapping,
				 loff_t lstart, loff_t lend)
{
652
	int err = 0;
L
Linus Torvalds 已提交
653

654
	if (mapping_needs_writeback(mapping)) {
655 656
		err = __filemap_fdatawrite_range(mapping, lstart, lend,
						 WB_SYNC_ALL);
657 658 659 660 661 662
		/*
		 * Even if the above returned error, the pages may be
		 * written partially (e.g. -ENOSPC), so we wait for it.
		 * But the -EIO is special case, it may indicate the worst
		 * thing (e.g. bug) happened, so we avoid waiting for it.
		 */
663
		if (err != -EIO) {
664 665
			int err2 = filemap_fdatawait_range(mapping,
						lstart, lend);
666 667
			if (!err)
				err = err2;
668 669 670
		} else {
			/* Clear any previously stored errors */
			filemap_check_errors(mapping);
671
		}
672 673
	} else {
		err = filemap_check_errors(mapping);
L
Linus Torvalds 已提交
674
	}
675
	return err;
L
Linus Torvalds 已提交
676
}
677
EXPORT_SYMBOL(filemap_write_and_wait_range);
L
Linus Torvalds 已提交
678

679 680
void __filemap_set_wb_err(struct address_space *mapping, int err)
{
681
	errseq_t eseq = errseq_set(&mapping->wb_err, err);
682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707

	trace_filemap_set_wb_err(mapping, eseq);
}
EXPORT_SYMBOL(__filemap_set_wb_err);

/**
 * file_check_and_advance_wb_err - report wb error (if any) that was previously
 * 				   and advance wb_err to current one
 * @file: struct file on which the error is being reported
 *
 * When userland calls fsync (or something like nfsd does the equivalent), we
 * want to report any writeback errors that occurred since the last fsync (or
 * since the file was opened if there haven't been any).
 *
 * Grab the wb_err from the mapping. If it matches what we have in the file,
 * then just quickly return 0. The file is all caught up.
 *
 * If it doesn't match, then take the mapping value, set the "seen" flag in
 * it and try to swap it into place. If it works, or another task beat us
 * to it with the new value, then update the f_wb_err and return the error
 * portion. The error at this point must be reported via proper channels
 * (a'la fsync, or NFS COMMIT operation, etc.).
 *
 * While we handle mapping->wb_err with atomic operations, the f_wb_err
 * value is protected by the f_lock since we must ensure that it reflects
 * the latest value swapped in for this file descriptor.
708 709
 *
 * Return: %0 on success, negative error code otherwise.
710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726
 */
int file_check_and_advance_wb_err(struct file *file)
{
	int err = 0;
	errseq_t old = READ_ONCE(file->f_wb_err);
	struct address_space *mapping = file->f_mapping;

	/* Locklessly handle the common case where nothing has changed */
	if (errseq_check(&mapping->wb_err, old)) {
		/* Something changed, must use slow path */
		spin_lock(&file->f_lock);
		old = file->f_wb_err;
		err = errseq_check_and_advance(&mapping->wb_err,
						&file->f_wb_err);
		trace_file_check_and_advance_wb_err(file, old);
		spin_unlock(&file->f_lock);
	}
727 728 729 730 731 732 733 734

	/*
	 * We're mostly using this function as a drop in replacement for
	 * filemap_check_errors. Clear AS_EIO/AS_ENOSPC to emulate the effect
	 * that the legacy code would have had on these flags.
	 */
	clear_bit(AS_EIO, &mapping->flags);
	clear_bit(AS_ENOSPC, &mapping->flags);
735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751
	return err;
}
EXPORT_SYMBOL(file_check_and_advance_wb_err);

/**
 * file_write_and_wait_range - write out & wait on a file range
 * @file:	file pointing to address_space with pages
 * @lstart:	offset in bytes where the range starts
 * @lend:	offset in bytes where the range ends (inclusive)
 *
 * Write out and wait upon file offsets lstart->lend, inclusive.
 *
 * Note that @lend is inclusive (describes the last byte to be written) so
 * that this function can be used to write to the very end-of-file (end = -1).
 *
 * After writing out and waiting on the data, we check and advance the
 * f_wb_err cursor to the latest value, and return any errors detected there.
752 753
 *
 * Return: %0 on success, negative error code otherwise.
754 755 756 757 758 759
 */
int file_write_and_wait_range(struct file *file, loff_t lstart, loff_t lend)
{
	int err = 0, err2;
	struct address_space *mapping = file->f_mapping;

760
	if (mapping_needs_writeback(mapping)) {
761 762 763 764 765 766 767 768 769 770 771 772 773
		err = __filemap_fdatawrite_range(mapping, lstart, lend,
						 WB_SYNC_ALL);
		/* See comment of filemap_write_and_wait() */
		if (err != -EIO)
			__filemap_fdatawait_range(mapping, lstart, lend);
	}
	err2 = file_check_and_advance_wb_err(file);
	if (!err)
		err = err2;
	return err;
}
EXPORT_SYMBOL(file_write_and_wait_range);

774 775 776 777 778 779 780 781 782 783 784 785
/**
 * replace_page_cache_page - replace a pagecache page with a new one
 * @old:	page to be replaced
 * @new:	page to replace with
 * @gfp_mask:	allocation mode
 *
 * This function replaces a page in the pagecache with a new one.  On
 * success it acquires the pagecache reference for the new page and
 * drops it for the old page.  Both the old and new pages must be
 * locked.  This function does not add the new page to the LRU, the
 * caller must do that.
 *
786
 * The remove + add is atomic.  This function cannot fail.
787 788
 *
 * Return: %0
789 790 791
 */
int replace_page_cache_page(struct page *old, struct page *new, gfp_t gfp_mask)
{
792 793 794 795 796
	struct address_space *mapping = old->mapping;
	void (*freepage)(struct page *) = mapping->a_ops->freepage;
	pgoff_t offset = old->index;
	XA_STATE(xas, &mapping->i_pages, offset);
	unsigned long flags;
797

798 799 800
	VM_BUG_ON_PAGE(!PageLocked(old), old);
	VM_BUG_ON_PAGE(!PageLocked(new), new);
	VM_BUG_ON_PAGE(new->mapping, new);
801

802 803 804
	get_page(new);
	new->mapping = mapping;
	new->index = offset;
805

806 807
	mem_cgroup_migrate(old, new);

808 809
	xas_lock_irqsave(&xas, flags);
	xas_store(&xas, new);
810

811 812 813
	old->mapping = NULL;
	/* hugetlb pages do not participate in page cache accounting. */
	if (!PageHuge(old))
814
		__dec_lruvec_page_state(old, NR_FILE_PAGES);
815
	if (!PageHuge(new))
816
		__inc_lruvec_page_state(new, NR_FILE_PAGES);
817
	if (PageSwapBacked(old))
818
		__dec_lruvec_page_state(old, NR_SHMEM);
819
	if (PageSwapBacked(new))
820
		__inc_lruvec_page_state(new, NR_SHMEM);
821 822 823 824
	xas_unlock_irqrestore(&xas, flags);
	if (freepage)
		freepage(old);
	put_page(old);
825

826
	return 0;
827 828 829
}
EXPORT_SYMBOL_GPL(replace_page_cache_page);

830 831
static int __add_to_page_cache_locked(struct page *page,
				      struct address_space *mapping,
832
				      pgoff_t offset, gfp_t gfp,
833
				      void **shadowp)
L
Linus Torvalds 已提交
834
{
835
	XA_STATE(xas, &mapping->i_pages, offset);
836
	int huge = PageHuge(page);
N
Nick Piggin 已提交
837 838
	int error;

839 840
	VM_BUG_ON_PAGE(!PageLocked(page), page);
	VM_BUG_ON_PAGE(PageSwapBacked(page), page);
841
	mapping_set_update(&xas, mapping);
N
Nick Piggin 已提交
842

843
	get_page(page);
844 845 846
	page->mapping = mapping;
	page->index = offset;

847
	if (!huge) {
848
		error = mem_cgroup_charge(page, current->mm, gfp);
849 850 851 852
		if (error)
			goto error;
	}

853 854
	gfp &= GFP_RECLAIM_MASK;

855
	do {
856 857 858 859 860 861
		unsigned int order = xa_get_order(xas.xa, xas.xa_index);
		void *entry, *old = NULL;

		if (order > thp_order(page))
			xas_split_alloc(&xas, xa_load(xas.xa, xas.xa_index),
					order, gfp);
862
		xas_lock_irq(&xas);
863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881
		xas_for_each_conflict(&xas, entry) {
			old = entry;
			if (!xa_is_value(entry)) {
				xas_set_err(&xas, -EEXIST);
				goto unlock;
			}
		}

		if (old) {
			if (shadowp)
				*shadowp = old;
			/* entry may have been split before we acquired lock */
			order = xa_get_order(xas.xa, xas.xa_index);
			if (order > thp_order(page)) {
				xas_split(&xas, old, order);
				xas_reset(&xas);
			}
		}

882 883 884 885
		xas_store(&xas, page);
		if (xas_error(&xas))
			goto unlock;

886
		if (old)
887 888 889 890 891
			mapping->nrexceptional--;
		mapping->nrpages++;

		/* hugetlb pages do not participate in page cache accounting */
		if (!huge)
892
			__inc_lruvec_page_state(page, NR_FILE_PAGES);
893 894
unlock:
		xas_unlock_irq(&xas);
895
	} while (xas_nomem(&xas, gfp));
896

897 898
	if (xas_error(&xas)) {
		error = xas_error(&xas);
899
		goto error;
900
	}
901

902 903
	trace_mm_filemap_add_to_page_cache(page);
	return 0;
904
error:
905 906
	page->mapping = NULL;
	/* Leave page->index set: truncation relies upon it */
907
	put_page(page);
908
	return error;
L
Linus Torvalds 已提交
909
}
910
ALLOW_ERROR_INJECTION(__add_to_page_cache_locked, ERRNO);
911 912 913 914 915 916 917 918 919 920

/**
 * add_to_page_cache_locked - add a locked page to the pagecache
 * @page:	page to add
 * @mapping:	the page's address_space
 * @offset:	page index
 * @gfp_mask:	page allocation mode
 *
 * This function is used to add a page to the pagecache. It must be locked.
 * This function does not add the page to the LRU.  The caller must do that.
921 922
 *
 * Return: %0 on success, negative error code otherwise.
923 924 925 926 927 928 929
 */
int add_to_page_cache_locked(struct page *page, struct address_space *mapping,
		pgoff_t offset, gfp_t gfp_mask)
{
	return __add_to_page_cache_locked(page, mapping, offset,
					  gfp_mask, NULL);
}
N
Nick Piggin 已提交
930
EXPORT_SYMBOL(add_to_page_cache_locked);
L
Linus Torvalds 已提交
931 932

int add_to_page_cache_lru(struct page *page, struct address_space *mapping,
A
Al Viro 已提交
933
				pgoff_t offset, gfp_t gfp_mask)
L
Linus Torvalds 已提交
934
{
935
	void *shadow = NULL;
936 937
	int ret;

938
	__SetPageLocked(page);
939 940 941
	ret = __add_to_page_cache_locked(page, mapping, offset,
					 gfp_mask, &shadow);
	if (unlikely(ret))
942
		__ClearPageLocked(page);
943 944 945 946 947
	else {
		/*
		 * The page might have been evicted from cache only
		 * recently, in which case it should be activated like
		 * any other repeatedly accessed page.
948 949 950
		 * The exception is pages getting rewritten; evicting other
		 * data from the working set, only to cache data that will
		 * get overwritten with something else, is a waste of memory.
951
		 */
952 953 954
		WARN_ON_ONCE(PageActive(page));
		if (!(gfp_mask & __GFP_WRITE) && shadow)
			workingset_refault(page, shadow);
955 956
		lru_cache_add(page);
	}
L
Linus Torvalds 已提交
957 958
	return ret;
}
959
EXPORT_SYMBOL_GPL(add_to_page_cache_lru);
L
Linus Torvalds 已提交
960

961
#ifdef CONFIG_NUMA
962
struct page *__page_cache_alloc(gfp_t gfp)
963
{
964 965 966
	int n;
	struct page *page;

967
	if (cpuset_do_page_mem_spread()) {
968 969
		unsigned int cpuset_mems_cookie;
		do {
970
			cpuset_mems_cookie = read_mems_allowed_begin();
971
			n = cpuset_mem_spread_node();
972
			page = __alloc_pages_node(n, gfp, 0);
973
		} while (!page && read_mems_allowed_retry(cpuset_mems_cookie));
974

975
		return page;
976
	}
977
	return alloc_pages(gfp, 0);
978
}
979
EXPORT_SYMBOL(__page_cache_alloc);
980 981
#endif

L
Linus Torvalds 已提交
982 983 984 985 986 987 988 989 990 991
/*
 * In order to wait for pages to become available there must be
 * waitqueues associated with pages. By using a hash table of
 * waitqueues where the bucket discipline is to maintain all
 * waiters on the same queue and wake all when any of the pages
 * become available, and for the woken contexts to check to be
 * sure the appropriate page became available, this saves space
 * at a cost of "thundering herd" phenomena during rare hash
 * collisions.
 */
992 993 994 995 996
#define PAGE_WAIT_TABLE_BITS 8
#define PAGE_WAIT_TABLE_SIZE (1 << PAGE_WAIT_TABLE_BITS)
static wait_queue_head_t page_wait_table[PAGE_WAIT_TABLE_SIZE] __cacheline_aligned;

static wait_queue_head_t *page_waitqueue(struct page *page)
L
Linus Torvalds 已提交
997
{
998
	return &page_wait_table[hash_ptr(page, PAGE_WAIT_TABLE_BITS)];
L
Linus Torvalds 已提交
999 1000
}

1001
void __init pagecache_init(void)
L
Linus Torvalds 已提交
1002
{
1003
	int i;
L
Linus Torvalds 已提交
1004

1005 1006 1007 1008
	for (i = 0; i < PAGE_WAIT_TABLE_SIZE; i++)
		init_waitqueue_head(&page_wait_table[i]);

	page_writeback_init();
L
Linus Torvalds 已提交
1009 1010
}

1011 1012
/*
 * The page wait code treats the "wait->flags" somewhat unusually, because
1013
 * we have multiple different kinds of waits, not just the usual "exclusive"
1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033
 * one.
 *
 * We have:
 *
 *  (a) no special bits set:
 *
 *	We're just waiting for the bit to be released, and when a waker
 *	calls the wakeup function, we set WQ_FLAG_WOKEN and wake it up,
 *	and remove it from the wait queue.
 *
 *	Simple and straightforward.
 *
 *  (b) WQ_FLAG_EXCLUSIVE:
 *
 *	The waiter is waiting to get the lock, and only one waiter should
 *	be woken up to avoid any thundering herd behavior. We'll set the
 *	WQ_FLAG_WOKEN bit, wake it up, and remove it from the wait queue.
 *
 *	This is the traditional exclusive wait.
 *
1034
 *  (c) WQ_FLAG_EXCLUSIVE | WQ_FLAG_CUSTOM:
1035 1036 1037 1038 1039 1040 1041 1042 1043 1044
 *
 *	The waiter is waiting to get the bit, and additionally wants the
 *	lock to be transferred to it for fair lock behavior. If the lock
 *	cannot be taken, we stop walking the wait queue without waking
 *	the waiter.
 *
 *	This is the "fair lock handoff" case, and in addition to setting
 *	WQ_FLAG_WOKEN, we set WQ_FLAG_DONE to let the waiter easily see
 *	that it now has the lock.
 */
1045
static int wake_page_function(wait_queue_entry_t *wait, unsigned mode, int sync, void *arg)
1046
{
1047
	unsigned int flags;
1048 1049 1050 1051
	struct wait_page_key *key = arg;
	struct wait_page_queue *wait_page
		= container_of(wait, struct wait_page_queue, wait);

1052
	if (!wake_page_match(wait_page, key))
1053
		return 0;
L
Linus Torvalds 已提交
1054

1055
	/*
1056 1057
	 * If it's a lock handoff wait, we get the bit for it, and
	 * stop walking (and do not wake it up) if we can't.
1058
	 */
1059 1060 1061
	flags = wait->flags;
	if (flags & WQ_FLAG_EXCLUSIVE) {
		if (test_bit(key->bit_nr, &key->page->flags))
1062
			return -1;
1063 1064 1065 1066 1067
		if (flags & WQ_FLAG_CUSTOM) {
			if (test_and_set_bit(key->bit_nr, &key->page->flags))
				return -1;
			flags |= WQ_FLAG_DONE;
		}
1068
	}
1069

1070 1071 1072 1073 1074 1075 1076 1077 1078 1079
	/*
	 * We are holding the wait-queue lock, but the waiter that
	 * is waiting for this will be checking the flags without
	 * any locking.
	 *
	 * So update the flags atomically, and wake up the waiter
	 * afterwards to avoid any races. This store-release pairs
	 * with the load-acquire in wait_on_page_bit_common().
	 */
	smp_store_release(&wait->flags, flags | WQ_FLAG_WOKEN);
1080 1081 1082 1083 1084 1085
	wake_up_state(wait->private, mode);

	/*
	 * Ok, we have successfully done what we're waiting for,
	 * and we can unconditionally remove the wait entry.
	 *
1086 1087 1088
	 * Note that this pairs with the "finish_wait()" in the
	 * waiter, and has to be the absolute last thing we do.
	 * After this list_del_init(&wait->entry) the wait entry
1089 1090 1091
	 * might be de-allocated and the process might even have
	 * exited.
	 */
1092
	list_del_init_careful(&wait->entry);
1093
	return (flags & WQ_FLAG_EXCLUSIVE) != 0;
1094 1095
}

1096
static void wake_up_page_bit(struct page *page, int bit_nr)
1097
{
1098 1099 1100
	wait_queue_head_t *q = page_waitqueue(page);
	struct wait_page_key key;
	unsigned long flags;
1101
	wait_queue_entry_t bookmark;
1102

1103 1104 1105 1106
	key.page = page;
	key.bit_nr = bit_nr;
	key.page_match = 0;

1107 1108 1109 1110 1111
	bookmark.flags = 0;
	bookmark.private = NULL;
	bookmark.func = NULL;
	INIT_LIST_HEAD(&bookmark.entry);

1112
	spin_lock_irqsave(&q->lock, flags);
1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127
	__wake_up_locked_key_bookmark(q, TASK_NORMAL, &key, &bookmark);

	while (bookmark.flags & WQ_FLAG_BOOKMARK) {
		/*
		 * Take a breather from holding the lock,
		 * allow pages that finish wake up asynchronously
		 * to acquire the lock and remove themselves
		 * from wait queue
		 */
		spin_unlock_irqrestore(&q->lock, flags);
		cpu_relax();
		spin_lock_irqsave(&q->lock, flags);
		__wake_up_locked_key_bookmark(q, TASK_NORMAL, &key, &bookmark);
	}

1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148
	/*
	 * It is possible for other pages to have collided on the waitqueue
	 * hash, so in that case check for a page match. That prevents a long-
	 * term waiter
	 *
	 * It is still possible to miss a case here, when we woke page waiters
	 * and removed them from the waitqueue, but there are still other
	 * page waiters.
	 */
	if (!waitqueue_active(q) || !key.page_match) {
		ClearPageWaiters(page);
		/*
		 * It's possible to miss clearing Waiters here, when we woke
		 * our page waiters, but the hashed waitqueue has waiters for
		 * other pages on it.
		 *
		 * That's okay, it's a rare case. The next waker will clear it.
		 */
	}
	spin_unlock_irqrestore(&q->lock, flags);
}
1149 1150 1151 1152 1153 1154 1155

static void wake_up_page(struct page *page, int bit)
{
	if (!PageWaiters(page))
		return;
	wake_up_page_bit(page, bit);
}
1156

1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171
/*
 * A choice of three behaviors for wait_on_page_bit_common():
 */
enum behavior {
	EXCLUSIVE,	/* Hold ref to page and take the bit when woken, like
			 * __lock_page() waiting on then setting PG_locked.
			 */
	SHARED,		/* Hold ref to page and check the bit when woken, like
			 * wait_on_page_writeback() waiting on PG_writeback.
			 */
	DROP,		/* Drop ref to page before wait, no check when woken,
			 * like put_and_wait_on_page_locked() on PG_locked.
			 */
};

1172
/*
1173 1174
 * Attempt to check (or get) the page bit, and mark us done
 * if successful.
1175 1176 1177 1178 1179 1180 1181 1182 1183 1184
 */
static inline bool trylock_page_bit_common(struct page *page, int bit_nr,
					struct wait_queue_entry *wait)
{
	if (wait->flags & WQ_FLAG_EXCLUSIVE) {
		if (test_and_set_bit(bit_nr, &page->flags))
			return false;
	} else if (test_bit(bit_nr, &page->flags))
		return false;

1185
	wait->flags |= WQ_FLAG_WOKEN | WQ_FLAG_DONE;
1186 1187 1188
	return true;
}

1189 1190 1191
/* How many times do we accept lock stealing from under a waiter? */
int sysctl_page_lock_unfairness = 5;

1192
static inline int wait_on_page_bit_common(wait_queue_head_t *q,
1193
	struct page *page, int bit_nr, int state, enum behavior behavior)
1194
{
1195
	int unfairness = sysctl_page_lock_unfairness;
1196
	struct wait_page_queue wait_page;
1197
	wait_queue_entry_t *wait = &wait_page.wait;
1198
	bool thrashing = false;
1199
	bool delayacct = false;
1200
	unsigned long pflags;
1201

1202
	if (bit_nr == PG_locked &&
1203
	    !PageUptodate(page) && PageWorkingset(page)) {
1204
		if (!PageSwapBacked(page)) {
1205
			delayacct_thrashing_start();
1206 1207
			delayacct = true;
		}
1208
		psi_memstall_enter(&pflags);
1209 1210 1211
		thrashing = true;
	}

1212 1213 1214 1215 1216
	init_wait(wait);
	wait->func = wake_page_function;
	wait_page.page = page;
	wait_page.bit_nr = bit_nr;

1217 1218 1219 1220 1221 1222 1223 1224
repeat:
	wait->flags = 0;
	if (behavior == EXCLUSIVE) {
		wait->flags = WQ_FLAG_EXCLUSIVE;
		if (--unfairness < 0)
			wait->flags |= WQ_FLAG_CUSTOM;
	}

1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243
	/*
	 * Do one last check whether we can get the
	 * page bit synchronously.
	 *
	 * Do the SetPageWaiters() marking before that
	 * to let any waker we _just_ missed know they
	 * need to wake us up (otherwise they'll never
	 * even go to the slow case that looks at the
	 * page queue), and add ourselves to the wait
	 * queue if we need to sleep.
	 *
	 * This part needs to be done under the queue
	 * lock to avoid races.
	 */
	spin_lock_irq(&q->lock);
	SetPageWaiters(page);
	if (!trylock_page_bit_common(page, bit_nr, wait))
		__add_wait_queue_entry_tail(q, wait);
	spin_unlock_irq(&q->lock);
1244

1245 1246
	/*
	 * From now on, all the logic will be based on
1247 1248 1249
	 * the WQ_FLAG_WOKEN and WQ_FLAG_DONE flag, to
	 * see whether the page bit testing has already
	 * been done by the wake function.
1250 1251 1252 1253 1254
	 *
	 * We can drop our reference to the page.
	 */
	if (behavior == DROP)
		put_page(page);
1255

1256 1257 1258 1259 1260 1261
	/*
	 * Note that until the "finish_wait()", or until
	 * we see the WQ_FLAG_WOKEN flag, we need to
	 * be very careful with the 'wait->flags', because
	 * we may race with a waker that sets them.
	 */
1262
	for (;;) {
1263 1264
		unsigned int flags;

1265 1266
		set_current_state(state);

1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278
		/* Loop until we've been woken or interrupted */
		flags = smp_load_acquire(&wait->flags);
		if (!(flags & WQ_FLAG_WOKEN)) {
			if (signal_pending_state(state, current))
				break;

			io_schedule();
			continue;
		}

		/* If we were non-exclusive, we're done */
		if (behavior != EXCLUSIVE)
1279
			break;
1280

1281 1282
		/* If the waker got the lock for us, we're done */
		if (flags & WQ_FLAG_DONE)
1283
			break;
1284

1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295
		/*
		 * Otherwise, if we're getting the lock, we need to
		 * try to get it ourselves.
		 *
		 * And if that fails, we'll have to retry this all.
		 */
		if (unlikely(test_and_set_bit(bit_nr, &page->flags)))
			goto repeat;

		wait->flags |= WQ_FLAG_DONE;
		break;
1296 1297
	}

1298 1299 1300 1301 1302 1303
	/*
	 * If a signal happened, this 'finish_wait()' may remove the last
	 * waiter from the wait-queues, but the PageWaiters bit will remain
	 * set. That's ok. The next wakeup will take care of it, and trying
	 * to do it here would be difficult and prone to races.
	 */
1304 1305
	finish_wait(q, wait);

1306
	if (thrashing) {
1307
		if (delayacct)
1308 1309 1310
			delayacct_thrashing_end();
		psi_memstall_leave(&pflags);
	}
1311

1312
	/*
1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323
	 * NOTE! The wait->flags weren't stable until we've done the
	 * 'finish_wait()', and we could have exited the loop above due
	 * to a signal, and had a wakeup event happen after the signal
	 * test but before the 'finish_wait()'.
	 *
	 * So only after the finish_wait() can we reliably determine
	 * if we got woken up or not, so we can now figure out the final
	 * return value based on that state without races.
	 *
	 * Also note that WQ_FLAG_WOKEN is sufficient for a non-exclusive
	 * waiter, but an exclusive one requires WQ_FLAG_DONE.
1324
	 */
1325 1326
	if (behavior == EXCLUSIVE)
		return wait->flags & WQ_FLAG_DONE ? 0 : -EINTR;
1327

1328
	return wait->flags & WQ_FLAG_WOKEN ? 0 : -EINTR;
1329 1330 1331 1332 1333
}

void wait_on_page_bit(struct page *page, int bit_nr)
{
	wait_queue_head_t *q = page_waitqueue(page);
1334
	wait_on_page_bit_common(q, page, bit_nr, TASK_UNINTERRUPTIBLE, SHARED);
1335 1336 1337 1338 1339 1340
}
EXPORT_SYMBOL(wait_on_page_bit);

int wait_on_page_bit_killable(struct page *page, int bit_nr)
{
	wait_queue_head_t *q = page_waitqueue(page);
1341
	return wait_on_page_bit_common(q, page, bit_nr, TASK_KILLABLE, SHARED);
1342
}
1343
EXPORT_SYMBOL(wait_on_page_bit_killable);
1344

1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374
static int __wait_on_page_locked_async(struct page *page,
				       struct wait_page_queue *wait, bool set)
{
	struct wait_queue_head *q = page_waitqueue(page);
	int ret = 0;

	wait->page = page;
	wait->bit_nr = PG_locked;

	spin_lock_irq(&q->lock);
	__add_wait_queue_entry_tail(q, &wait->wait);
	SetPageWaiters(page);
	if (set)
		ret = !trylock_page(page);
	else
		ret = PageLocked(page);
	/*
	 * If we were succesful now, we know we're still on the
	 * waitqueue as we're still under the lock. This means it's
	 * safe to remove and return success, we know the callback
	 * isn't going to trigger.
	 */
	if (!ret)
		__remove_wait_queue(q, &wait->wait);
	else
		ret = -EIOCBQUEUED;
	spin_unlock_irq(&q->lock);
	return ret;
}

1375 1376 1377 1378 1379 1380 1381 1382
static int wait_on_page_locked_async(struct page *page,
				     struct wait_page_queue *wait)
{
	if (!PageLocked(page))
		return 0;
	return __wait_on_page_locked_async(compound_head(page), wait, false);
}

1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401
/**
 * put_and_wait_on_page_locked - Drop a reference and wait for it to be unlocked
 * @page: The page to wait for.
 *
 * The caller should hold a reference on @page.  They expect the page to
 * become unlocked relatively soon, but do not wish to hold up migration
 * (for example) by holding the reference while waiting for the page to
 * come unlocked.  After this function returns, the caller should not
 * dereference @page.
 */
void put_and_wait_on_page_locked(struct page *page)
{
	wait_queue_head_t *q;

	page = compound_head(page);
	q = page_waitqueue(page);
	wait_on_page_bit_common(q, page, PG_locked, TASK_UNINTERRUPTIBLE, DROP);
}

1402 1403
/**
 * add_page_wait_queue - Add an arbitrary waiter to a page's wait queue
R
Randy Dunlap 已提交
1404 1405
 * @page: Page defining the wait queue of interest
 * @waiter: Waiter to add to the queue
1406 1407 1408
 *
 * Add an arbitrary @waiter to the wait queue for the nominated @page.
 */
1409
void add_page_wait_queue(struct page *page, wait_queue_entry_t *waiter)
1410 1411 1412 1413 1414
{
	wait_queue_head_t *q = page_waitqueue(page);
	unsigned long flags;

	spin_lock_irqsave(&q->lock, flags);
1415
	__add_wait_queue_entry_tail(q, waiter);
1416
	SetPageWaiters(page);
1417 1418 1419 1420
	spin_unlock_irqrestore(&q->lock, flags);
}
EXPORT_SYMBOL_GPL(add_page_wait_queue);

1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431
#ifndef clear_bit_unlock_is_negative_byte

/*
 * PG_waiters is the high bit in the same byte as PG_lock.
 *
 * On x86 (and on many other architectures), we can clear PG_lock and
 * test the sign bit at the same time. But if the architecture does
 * not support that special operation, we just do this all by hand
 * instead.
 *
 * The read of PG_waiters has to be after (or concurrently with) PG_locked
1432
 * being cleared, but a memory barrier should be unnecessary since it is
1433 1434 1435 1436 1437 1438
 * in the same byte as PG_locked.
 */
static inline bool clear_bit_unlock_is_negative_byte(long nr, volatile void *mem)
{
	clear_bit_unlock(nr, mem);
	/* smp_mb__after_atomic(); */
1439
	return test_bit(PG_waiters, mem);
1440 1441 1442 1443
}

#endif

L
Linus Torvalds 已提交
1444
/**
1445
 * unlock_page - unlock a locked page
L
Linus Torvalds 已提交
1446 1447 1448 1449
 * @page: the page
 *
 * Unlocks the page and wakes up sleepers in ___wait_on_page_locked().
 * Also wakes sleepers in wait_on_page_writeback() because the wakeup
1450
 * mechanism between PageLocked pages and PageWriteback pages is shared.
L
Linus Torvalds 已提交
1451 1452
 * But that's OK - sleepers in wait_on_page_writeback() just go back to sleep.
 *
1453 1454 1455 1456 1457
 * Note that this depends on PG_waiters being the sign bit in the byte
 * that contains PG_locked - thus the BUILD_BUG_ON(). That allows us to
 * clear the PG_locked bit and test PG_waiters at the same time fairly
 * portably (architectures that do LL/SC can test any bit, while x86 can
 * test the sign bit).
L
Linus Torvalds 已提交
1458
 */
H
Harvey Harrison 已提交
1459
void unlock_page(struct page *page)
L
Linus Torvalds 已提交
1460
{
1461
	BUILD_BUG_ON(PG_waiters != 7);
1462
	page = compound_head(page);
1463
	VM_BUG_ON_PAGE(!PageLocked(page), page);
1464 1465
	if (clear_bit_unlock_is_negative_byte(PG_locked, &page->flags))
		wake_up_page_bit(page, PG_locked);
L
Linus Torvalds 已提交
1466 1467 1468
}
EXPORT_SYMBOL(unlock_page);

1469 1470 1471
/**
 * end_page_writeback - end writeback against a page
 * @page: the page
L
Linus Torvalds 已提交
1472 1473 1474
 */
void end_page_writeback(struct page *page)
{
1475 1476 1477 1478 1479 1480 1481 1482 1483
	/*
	 * TestClearPageReclaim could be used here but it is an atomic
	 * operation and overkill in this particular case. Failing to
	 * shuffle a page marked for immediate reclaim is too mild to
	 * justify taking an atomic operation penalty at the end of
	 * ever page writeback.
	 */
	if (PageReclaim(page)) {
		ClearPageReclaim(page);
1484
		rotate_reclaimable_page(page);
1485
	}
1486 1487 1488 1489

	if (!test_clear_page_writeback(page))
		BUG();

1490
	smp_mb__after_atomic();
L
Linus Torvalds 已提交
1491 1492 1493 1494
	wake_up_page(page, PG_writeback);
}
EXPORT_SYMBOL(end_page_writeback);

1495 1496 1497 1498
/*
 * After completing I/O on a page, call this routine to update the page
 * flags appropriately
 */
1499
void page_endio(struct page *page, bool is_write, int err)
1500
{
1501
	if (!is_write) {
1502 1503 1504 1505 1506 1507 1508
		if (!err) {
			SetPageUptodate(page);
		} else {
			ClearPageUptodate(page);
			SetPageError(page);
		}
		unlock_page(page);
1509
	} else {
1510
		if (err) {
1511 1512
			struct address_space *mapping;

1513
			SetPageError(page);
1514 1515 1516
			mapping = page_mapping(page);
			if (mapping)
				mapping_set_error(mapping, err);
1517 1518 1519 1520 1521 1522
		}
		end_page_writeback(page);
	}
}
EXPORT_SYMBOL_GPL(page_endio);

1523 1524
/**
 * __lock_page - get a lock on the page, assuming we need to sleep to get it
1525
 * @__page: the page to lock
L
Linus Torvalds 已提交
1526
 */
1527
void __lock_page(struct page *__page)
L
Linus Torvalds 已提交
1528
{
1529 1530
	struct page *page = compound_head(__page);
	wait_queue_head_t *q = page_waitqueue(page);
1531 1532
	wait_on_page_bit_common(q, page, PG_locked, TASK_UNINTERRUPTIBLE,
				EXCLUSIVE);
L
Linus Torvalds 已提交
1533 1534 1535
}
EXPORT_SYMBOL(__lock_page);

1536
int __lock_page_killable(struct page *__page)
M
Matthew Wilcox 已提交
1537
{
1538 1539
	struct page *page = compound_head(__page);
	wait_queue_head_t *q = page_waitqueue(page);
1540 1541
	return wait_on_page_bit_common(q, page, PG_locked, TASK_KILLABLE,
					EXCLUSIVE);
M
Matthew Wilcox 已提交
1542
}
1543
EXPORT_SYMBOL_GPL(__lock_page_killable);
M
Matthew Wilcox 已提交
1544

1545 1546 1547 1548 1549
int __lock_page_async(struct page *page, struct wait_page_queue *wait)
{
	return __wait_on_page_locked_async(page, wait, true);
}

1550 1551
/*
 * Return values:
1552
 * 1 - page is locked; mmap_lock is still held.
1553
 * 0 - page is not locked.
1554
 *     mmap_lock has been released (mmap_read_unlock(), unless flags had both
1555
 *     FAULT_FLAG_ALLOW_RETRY and FAULT_FLAG_RETRY_NOWAIT set, in
1556
 *     which case mmap_lock is still held.
1557 1558
 *
 * If neither ALLOW_RETRY nor KILLABLE are set, will always return 1
1559
 * with the page locked and the mmap_lock unperturbed.
1560
 */
1561 1562 1563
int __lock_page_or_retry(struct page *page, struct mm_struct *mm,
			 unsigned int flags)
{
1564
	if (fault_flag_allow_retry_first(flags)) {
1565
		/*
1566
		 * CAUTION! In this case, mmap_lock is not released
1567 1568 1569 1570 1571
		 * even though return 0.
		 */
		if (flags & FAULT_FLAG_RETRY_NOWAIT)
			return 0;

1572
		mmap_read_unlock(mm);
1573 1574 1575
		if (flags & FAULT_FLAG_KILLABLE)
			wait_on_page_locked_killable(page);
		else
1576
			wait_on_page_locked(page);
1577
		return 0;
1578 1579 1580 1581 1582 1583
	} else {
		if (flags & FAULT_FLAG_KILLABLE) {
			int ret;

			ret = __lock_page_killable(page);
			if (ret) {
1584
				mmap_read_unlock(mm);
1585 1586 1587 1588 1589
				return 0;
			}
		} else
			__lock_page(page);
		return 1;
1590 1591 1592
	}
}

1593
/**
1594 1595 1596 1597
 * page_cache_next_miss() - Find the next gap in the page cache.
 * @mapping: Mapping.
 * @index: Index.
 * @max_scan: Maximum range to search.
1598
 *
1599 1600
 * Search the range [index, min(index + max_scan - 1, ULONG_MAX)] for the
 * gap with the lowest index.
1601
 *
1602 1603 1604 1605 1606
 * This function may be called under the rcu_read_lock.  However, this will
 * not atomically search a snapshot of the cache at a single point in time.
 * For example, if a gap is created at index 5, then subsequently a gap is
 * created at index 10, page_cache_next_miss covering both indices may
 * return 10 if called under the rcu_read_lock.
1607
 *
1608 1609 1610
 * Return: The index of the gap if found, otherwise an index outside the
 * range specified (in which case 'return - index >= max_scan' will be true).
 * In the rare case of index wrap-around, 0 will be returned.
1611
 */
1612
pgoff_t page_cache_next_miss(struct address_space *mapping,
1613 1614
			     pgoff_t index, unsigned long max_scan)
{
1615
	XA_STATE(xas, &mapping->i_pages, index);
1616

1617 1618 1619
	while (max_scan--) {
		void *entry = xas_next(&xas);
		if (!entry || xa_is_value(entry))
1620
			break;
1621
		if (xas.xa_index == 0)
1622 1623 1624
			break;
	}

1625
	return xas.xa_index;
1626
}
1627
EXPORT_SYMBOL(page_cache_next_miss);
1628 1629

/**
L
Laurent Dufour 已提交
1630
 * page_cache_prev_miss() - Find the previous gap in the page cache.
1631 1632 1633
 * @mapping: Mapping.
 * @index: Index.
 * @max_scan: Maximum range to search.
1634
 *
1635 1636
 * Search the range [max(index - max_scan + 1, 0), index] for the
 * gap with the highest index.
1637
 *
1638 1639 1640 1641 1642
 * This function may be called under the rcu_read_lock.  However, this will
 * not atomically search a snapshot of the cache at a single point in time.
 * For example, if a gap is created at index 10, then subsequently a gap is
 * created at index 5, page_cache_prev_miss() covering both indices may
 * return 5 if called under the rcu_read_lock.
1643
 *
1644 1645 1646
 * Return: The index of the gap if found, otherwise an index outside the
 * range specified (in which case 'index - return >= max_scan' will be true).
 * In the rare case of wrap-around, ULONG_MAX will be returned.
1647
 */
1648
pgoff_t page_cache_prev_miss(struct address_space *mapping,
1649 1650
			     pgoff_t index, unsigned long max_scan)
{
1651
	XA_STATE(xas, &mapping->i_pages, index);
1652

1653 1654 1655
	while (max_scan--) {
		void *entry = xas_prev(&xas);
		if (!entry || xa_is_value(entry))
1656
			break;
1657
		if (xas.xa_index == ULONG_MAX)
1658 1659 1660
			break;
	}

1661
	return xas.xa_index;
1662
}
1663
EXPORT_SYMBOL(page_cache_prev_miss);
1664

1665
/**
1666
 * find_get_entry - find and get a page cache entry
1667
 * @mapping: the address_space to search
1668
 * @index: The page cache index.
1669 1670
 *
 * Looks up the page cache slot at @mapping & @offset.  If there is a
1671
 * page cache page, the head page is returned with an increased refcount.
1672
 *
1673 1674
 * If the slot holds a shadow entry of a previously evicted page, or a
 * swap entry from shmem/tmpfs, it is returned.
1675
 *
1676
 * Return: The head page or shadow entry, %NULL if nothing is found.
L
Linus Torvalds 已提交
1677
 */
1678
struct page *find_get_entry(struct address_space *mapping, pgoff_t index)
L
Linus Torvalds 已提交
1679
{
1680
	XA_STATE(xas, &mapping->i_pages, index);
1681
	struct page *page;
L
Linus Torvalds 已提交
1682

N
Nick Piggin 已提交
1683 1684
	rcu_read_lock();
repeat:
1685 1686 1687 1688 1689 1690 1691 1692 1693 1694
	xas_reset(&xas);
	page = xas_load(&xas);
	if (xas_retry(&xas, page))
		goto repeat;
	/*
	 * A shadow entry of a recently evicted page, or a swap entry from
	 * shmem/tmpfs.  Return it without attempting to raise page count.
	 */
	if (!page || xa_is_value(page))
		goto out;
1695

1696
	if (!page_cache_get_speculative(page))
1697
		goto repeat;
1698

1699
	/*
1700
	 * Has the page moved or been split?
1701 1702 1703 1704
	 * This is part of the lockless pagecache protocol. See
	 * include/linux/pagemap.h for details.
	 */
	if (unlikely(page != xas_reload(&xas))) {
1705
		put_page(page);
1706
		goto repeat;
N
Nick Piggin 已提交
1707
	}
N
Nick Piggin 已提交
1708
out:
N
Nick Piggin 已提交
1709 1710
	rcu_read_unlock();

L
Linus Torvalds 已提交
1711 1712 1713
	return page;
}

1714
/**
1715 1716 1717
 * find_lock_entry - Locate and lock a page cache entry.
 * @mapping: The address_space to search.
 * @index: The page cache index.
1718
 *
1719 1720
 * Looks up the page at @mapping & @index.  If there is a page in the
 * cache, the head page is returned locked and with an increased refcount.
1721
 *
1722 1723
 * If the slot holds a shadow entry of a previously evicted page, or a
 * swap entry from shmem/tmpfs, it is returned.
1724
 *
1725 1726
 * Context: May sleep.
 * Return: The head page or shadow entry, %NULL if nothing is found.
1727
 */
1728
struct page *find_lock_entry(struct address_space *mapping, pgoff_t index)
L
Linus Torvalds 已提交
1729 1730 1731 1732
{
	struct page *page;

repeat:
1733
	page = find_get_entry(mapping, index);
1734
	if (page && !xa_is_value(page)) {
N
Nick Piggin 已提交
1735 1736
		lock_page(page);
		/* Has the page been truncated? */
1737
		if (unlikely(page->mapping != mapping)) {
N
Nick Piggin 已提交
1738
			unlock_page(page);
1739
			put_page(page);
N
Nick Piggin 已提交
1740
			goto repeat;
L
Linus Torvalds 已提交
1741
		}
1742
		VM_BUG_ON_PAGE(!thp_contains(page, index), page);
L
Linus Torvalds 已提交
1743 1744 1745
	}
	return page;
}
1746 1747

/**
1748 1749 1750 1751 1752
 * pagecache_get_page - Find and get a reference to a page.
 * @mapping: The address_space to search.
 * @index: The page index.
 * @fgp_flags: %FGP flags modify how the page is returned.
 * @gfp_mask: Memory allocation flags to use if %FGP_CREAT is specified.
L
Linus Torvalds 已提交
1753
 *
1754
 * Looks up the page cache entry at @mapping & @index.
1755
 *
1756
 * @fgp_flags can be zero or more of these flags:
1757
 *
1758 1759
 * * %FGP_ACCESSED - The page will be marked accessed.
 * * %FGP_LOCK - The page is returned locked.
M
Matthew Wilcox (Oracle) 已提交
1760 1761
 * * %FGP_HEAD - If the page is present and a THP, return the head page
 *   rather than the exact page specified by the index.
1762 1763 1764 1765 1766 1767
 * * %FGP_CREAT - If no page is present then a new page is allocated using
 *   @gfp_mask and added to the page cache and the VM's LRU list.
 *   The page is returned locked and with an increased refcount.
 * * %FGP_FOR_MMAP - The caller wants to do its own locking dance if the
 *   page is already in cache.  If the page was allocated, unlock it before
 *   returning so the caller can do the same dance.
1768 1769 1770
 * * %FGP_WRITE - The page will be written
 * * %FGP_NOFS - __GFP_FS will get cleared in gfp mask
 * * %FGP_NOWAIT - Don't get blocked by page lock
L
Linus Torvalds 已提交
1771
 *
1772 1773
 * If %FGP_LOCK or %FGP_CREAT are specified then the function may sleep even
 * if the %GFP flags specified for %FGP_CREAT are atomic.
L
Linus Torvalds 已提交
1774
 *
1775
 * If there is a page cache page, it is returned with an increased refcount.
1776
 *
1777
 * Return: The found page or %NULL otherwise.
L
Linus Torvalds 已提交
1778
 */
1779 1780
struct page *pagecache_get_page(struct address_space *mapping, pgoff_t index,
		int fgp_flags, gfp_t gfp_mask)
L
Linus Torvalds 已提交
1781
{
N
Nick Piggin 已提交
1782
	struct page *page;
1783

L
Linus Torvalds 已提交
1784
repeat:
1785
	page = find_get_entry(mapping, index);
1786
	if (xa_is_value(page))
1787 1788 1789 1790 1791 1792 1793
		page = NULL;
	if (!page)
		goto no_page;

	if (fgp_flags & FGP_LOCK) {
		if (fgp_flags & FGP_NOWAIT) {
			if (!trylock_page(page)) {
1794
				put_page(page);
1795 1796 1797 1798 1799 1800 1801
				return NULL;
			}
		} else {
			lock_page(page);
		}

		/* Has the page been truncated? */
M
Matthew Wilcox (Oracle) 已提交
1802
		if (unlikely(page->mapping != mapping)) {
1803
			unlock_page(page);
1804
			put_page(page);
1805 1806
			goto repeat;
		}
M
Matthew Wilcox (Oracle) 已提交
1807
		VM_BUG_ON_PAGE(!thp_contains(page, index), page);
1808 1809
	}

1810
	if (fgp_flags & FGP_ACCESSED)
1811
		mark_page_accessed(page);
1812 1813 1814 1815 1816
	else if (fgp_flags & FGP_WRITE) {
		/* Clear idle flag for buffer write */
		if (page_is_idle(page))
			clear_page_idle(page);
	}
M
Matthew Wilcox (Oracle) 已提交
1817 1818
	if (!(fgp_flags & FGP_HEAD))
		page = find_subpage(page, index);
1819 1820 1821 1822

no_page:
	if (!page && (fgp_flags & FGP_CREAT)) {
		int err;
1823
		if ((fgp_flags & FGP_WRITE) && mapping_can_writeback(mapping))
1824 1825 1826
			gfp_mask |= __GFP_WRITE;
		if (fgp_flags & FGP_NOFS)
			gfp_mask &= ~__GFP_FS;
1827

1828
		page = __page_cache_alloc(gfp_mask);
N
Nick Piggin 已提交
1829 1830
		if (!page)
			return NULL;
1831

1832
		if (WARN_ON_ONCE(!(fgp_flags & (FGP_LOCK | FGP_FOR_MMAP))))
1833 1834
			fgp_flags |= FGP_LOCK;

1835
		/* Init accessed so avoid atomic mark_page_accessed later */
1836
		if (fgp_flags & FGP_ACCESSED)
1837
			__SetPageReferenced(page);
1838

1839
		err = add_to_page_cache_lru(page, mapping, index, gfp_mask);
N
Nick Piggin 已提交
1840
		if (unlikely(err)) {
1841
			put_page(page);
N
Nick Piggin 已提交
1842 1843 1844
			page = NULL;
			if (err == -EEXIST)
				goto repeat;
L
Linus Torvalds 已提交
1845
		}
1846 1847 1848 1849 1850 1851 1852

		/*
		 * add_to_page_cache_lru locks the page, and for mmap we expect
		 * an unlocked page.
		 */
		if (page && (fgp_flags & FGP_FOR_MMAP))
			unlock_page(page);
L
Linus Torvalds 已提交
1853
	}
1854

L
Linus Torvalds 已提交
1855 1856
	return page;
}
1857
EXPORT_SYMBOL(pagecache_get_page);
L
Linus Torvalds 已提交
1858

1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875
/**
 * find_get_entries - gang pagecache lookup
 * @mapping:	The address_space to search
 * @start:	The starting page cache index
 * @nr_entries:	The maximum number of entries
 * @entries:	Where the resulting entries are placed
 * @indices:	The cache indices corresponding to the entries in @entries
 *
 * find_get_entries() will search for and return a group of up to
 * @nr_entries entries in the mapping.  The entries are placed at
 * @entries.  find_get_entries() takes a reference against any actual
 * pages it returns.
 *
 * The search returns a group of mapping-contiguous page cache entries
 * with ascending indexes.  There may be holes in the indices due to
 * not-present pages.
 *
1876 1877
 * Any shadow entries of evicted pages, or swap entries from
 * shmem/tmpfs, are included in the returned array.
1878
 *
1879 1880 1881 1882 1883
 * If it finds a Transparent Huge Page, head or tail, find_get_entries()
 * stops at that page: the caller is likely to have a better way to handle
 * the compound page as a whole, and then skip its extent, than repeatedly
 * calling find_get_entries() to return all its tails.
 *
1884
 * Return: the number of pages and shadow entries which were found.
1885 1886 1887 1888 1889
 */
unsigned find_get_entries(struct address_space *mapping,
			  pgoff_t start, unsigned int nr_entries,
			  struct page **entries, pgoff_t *indices)
{
1890 1891
	XA_STATE(xas, &mapping->i_pages, start);
	struct page *page;
1892 1893 1894 1895 1896 1897
	unsigned int ret = 0;

	if (!nr_entries)
		return 0;

	rcu_read_lock();
1898 1899
	xas_for_each(&xas, page, ULONG_MAX) {
		if (xas_retry(&xas, page))
1900
			continue;
1901 1902 1903 1904 1905 1906
		/*
		 * A shadow entry of a recently evicted page, a swap
		 * entry from shmem/tmpfs or a DAX entry.  Return it
		 * without attempting to raise page count.
		 */
		if (xa_is_value(page))
1907
			goto export;
1908

1909
		if (!page_cache_get_speculative(page))
1910
			goto retry;
1911

1912
		/* Has the page moved or been split? */
1913 1914 1915
		if (unlikely(page != xas_reload(&xas)))
			goto put_page;

1916 1917 1918 1919 1920 1921 1922 1923
		/*
		 * Terminate early on finding a THP, to allow the caller to
		 * handle it all at once; but continue if this is hugetlbfs.
		 */
		if (PageTransHuge(page) && !PageHuge(page)) {
			page = find_subpage(page, xas.xa_index);
			nr_entries = ret + 1;
		}
1924
export:
1925
		indices[ret] = xas.xa_index;
1926 1927 1928
		entries[ret] = page;
		if (++ret == nr_entries)
			break;
1929 1930
		continue;
put_page:
1931
		put_page(page);
1932 1933
retry:
		xas_reset(&xas);
1934 1935 1936 1937 1938
	}
	rcu_read_unlock();
	return ret;
}

L
Linus Torvalds 已提交
1939
/**
J
Jan Kara 已提交
1940
 * find_get_pages_range - gang pagecache lookup
L
Linus Torvalds 已提交
1941 1942
 * @mapping:	The address_space to search
 * @start:	The starting page index
J
Jan Kara 已提交
1943
 * @end:	The final page index (inclusive)
L
Linus Torvalds 已提交
1944 1945 1946
 * @nr_pages:	The maximum number of pages
 * @pages:	Where the resulting pages are placed
 *
J
Jan Kara 已提交
1947 1948 1949 1950
 * find_get_pages_range() will search for and return a group of up to @nr_pages
 * pages in the mapping starting at index @start and up to index @end
 * (inclusive).  The pages are placed at @pages.  find_get_pages_range() takes
 * a reference against the returned pages.
L
Linus Torvalds 已提交
1951 1952 1953
 *
 * The search returns a group of mapping-contiguous pages with ascending
 * indexes.  There may be holes in the indices due to not-present pages.
1954
 * We also update @start to index the next page for the traversal.
L
Linus Torvalds 已提交
1955
 *
1956 1957
 * Return: the number of pages which were found. If this number is
 * smaller than @nr_pages, the end of specified range has been
J
Jan Kara 已提交
1958
 * reached.
L
Linus Torvalds 已提交
1959
 */
J
Jan Kara 已提交
1960 1961 1962
unsigned find_get_pages_range(struct address_space *mapping, pgoff_t *start,
			      pgoff_t end, unsigned int nr_pages,
			      struct page **pages)
L
Linus Torvalds 已提交
1963
{
1964 1965
	XA_STATE(xas, &mapping->i_pages, *start);
	struct page *page;
1966 1967 1968 1969
	unsigned ret = 0;

	if (unlikely(!nr_pages))
		return 0;
N
Nick Piggin 已提交
1970 1971

	rcu_read_lock();
1972 1973
	xas_for_each(&xas, page, end) {
		if (xas_retry(&xas, page))
N
Nick Piggin 已提交
1974
			continue;
1975 1976
		/* Skip over shadow, swap and DAX entries */
		if (xa_is_value(page))
1977
			continue;
N
Nick Piggin 已提交
1978

1979
		if (!page_cache_get_speculative(page))
1980
			goto retry;
1981

1982
		/* Has the page moved or been split? */
1983 1984
		if (unlikely(page != xas_reload(&xas)))
			goto put_page;
L
Linus Torvalds 已提交
1985

1986
		pages[ret] = find_subpage(page, xas.xa_index);
J
Jan Kara 已提交
1987
		if (++ret == nr_pages) {
1988
			*start = xas.xa_index + 1;
J
Jan Kara 已提交
1989 1990
			goto out;
		}
1991 1992
		continue;
put_page:
1993
		put_page(page);
1994 1995
retry:
		xas_reset(&xas);
N
Nick Piggin 已提交
1996
	}
1997

J
Jan Kara 已提交
1998 1999 2000
	/*
	 * We come here when there is no page beyond @end. We take care to not
	 * overflow the index @start as it confuses some of the callers. This
2001
	 * breaks the iteration when there is a page at index -1 but that is
J
Jan Kara 已提交
2002 2003 2004 2005 2006 2007 2008
	 * already broken anyway.
	 */
	if (end == (pgoff_t)-1)
		*start = (pgoff_t)-1;
	else
		*start = end + 1;
out:
N
Nick Piggin 已提交
2009
	rcu_read_unlock();
2010

L
Linus Torvalds 已提交
2011 2012 2013
	return ret;
}

2014 2015 2016 2017 2018 2019 2020 2021 2022 2023
/**
 * find_get_pages_contig - gang contiguous pagecache lookup
 * @mapping:	The address_space to search
 * @index:	The starting page index
 * @nr_pages:	The maximum number of pages
 * @pages:	Where the resulting pages are placed
 *
 * find_get_pages_contig() works exactly like find_get_pages(), except
 * that the returned number of pages are guaranteed to be contiguous.
 *
2024
 * Return: the number of pages which were found.
2025 2026 2027 2028
 */
unsigned find_get_pages_contig(struct address_space *mapping, pgoff_t index,
			       unsigned int nr_pages, struct page **pages)
{
2029 2030
	XA_STATE(xas, &mapping->i_pages, index);
	struct page *page;
2031 2032 2033 2034
	unsigned int ret = 0;

	if (unlikely(!nr_pages))
		return 0;
N
Nick Piggin 已提交
2035 2036

	rcu_read_lock();
2037 2038 2039 2040 2041 2042 2043 2044
	for (page = xas_load(&xas); page; page = xas_next(&xas)) {
		if (xas_retry(&xas, page))
			continue;
		/*
		 * If the entry has been swapped out, we can stop looking.
		 * No current caller is looking for DAX entries.
		 */
		if (xa_is_value(page))
2045
			break;
2046

2047
		if (!page_cache_get_speculative(page))
2048
			goto retry;
2049

2050
		/* Has the page moved or been split? */
2051 2052
		if (unlikely(page != xas_reload(&xas)))
			goto put_page;
N
Nick Piggin 已提交
2053

2054
		pages[ret] = find_subpage(page, xas.xa_index);
2055 2056
		if (++ret == nr_pages)
			break;
2057 2058
		continue;
put_page:
2059
		put_page(page);
2060 2061
retry:
		xas_reset(&xas);
2062
	}
N
Nick Piggin 已提交
2063 2064
	rcu_read_unlock();
	return ret;
2065
}
2066
EXPORT_SYMBOL(find_get_pages_contig);
2067

2068
/**
2069
 * find_get_pages_range_tag - find and return pages in given range matching @tag
2070 2071
 * @mapping:	the address_space to search
 * @index:	the starting page index
2072
 * @end:	The final page index (inclusive)
2073 2074 2075 2076
 * @tag:	the tag index
 * @nr_pages:	the maximum number of pages
 * @pages:	where the resulting pages are placed
 *
L
Linus Torvalds 已提交
2077
 * Like find_get_pages, except we only return pages which are tagged with
2078
 * @tag.   We update @index to index the next page for the traversal.
2079 2080
 *
 * Return: the number of pages which were found.
L
Linus Torvalds 已提交
2081
 */
2082
unsigned find_get_pages_range_tag(struct address_space *mapping, pgoff_t *index,
2083
			pgoff_t end, xa_mark_t tag, unsigned int nr_pages,
2084
			struct page **pages)
L
Linus Torvalds 已提交
2085
{
2086 2087
	XA_STATE(xas, &mapping->i_pages, *index);
	struct page *page;
2088 2089 2090 2091
	unsigned ret = 0;

	if (unlikely(!nr_pages))
		return 0;
N
Nick Piggin 已提交
2092 2093

	rcu_read_lock();
2094 2095
	xas_for_each_marked(&xas, page, end, tag) {
		if (xas_retry(&xas, page))
N
Nick Piggin 已提交
2096
			continue;
2097 2098 2099 2100 2101 2102
		/*
		 * Shadow entries should never be tagged, but this iteration
		 * is lockless so there is a window for page reclaim to evict
		 * a page we saw tagged.  Skip over it.
		 */
		if (xa_is_value(page))
2103
			continue;
N
Nick Piggin 已提交
2104

2105
		if (!page_cache_get_speculative(page))
2106
			goto retry;
N
Nick Piggin 已提交
2107

2108
		/* Has the page moved or been split? */
2109 2110
		if (unlikely(page != xas_reload(&xas)))
			goto put_page;
N
Nick Piggin 已提交
2111

2112
		pages[ret] = find_subpage(page, xas.xa_index);
2113
		if (++ret == nr_pages) {
2114
			*index = xas.xa_index + 1;
2115 2116
			goto out;
		}
2117 2118
		continue;
put_page:
2119
		put_page(page);
2120 2121
retry:
		xas_reset(&xas);
N
Nick Piggin 已提交
2122
	}
2123

2124
	/*
2125
	 * We come here when we got to @end. We take care to not overflow the
2126
	 * index @index as it confuses some of the callers. This breaks the
2127 2128
	 * iteration when there is a page at index -1 but that is already
	 * broken anyway.
2129 2130 2131 2132 2133 2134
	 */
	if (end == (pgoff_t)-1)
		*index = (pgoff_t)-1;
	else
		*index = end + 1;
out:
N
Nick Piggin 已提交
2135
	rcu_read_unlock();
L
Linus Torvalds 已提交
2136 2137 2138

	return ret;
}
2139
EXPORT_SYMBOL(find_get_pages_range_tag);
L
Linus Torvalds 已提交
2140

2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155
/*
 * CD/DVDs are error prone. When a medium error occurs, the driver may fail
 * a _large_ part of the i/o request. Imagine the worst scenario:
 *
 *      ---R__________________________________________B__________
 *         ^ reading here                             ^ bad block(assume 4k)
 *
 * read(R) => miss => readahead(R...B) => media error => frustrating retries
 * => failing the whole request => read(R) => read(R+1) =>
 * readahead(R+1...B+1) => bang => read(R+2) => read(R+3) =>
 * readahead(R+3...B+2) => bang => read(R+3) => read(R+4) =>
 * readahead(R+4...B+3) => bang => read(R+4) => read(R+5) => ......
 *
 * It is going insane. Fix it by quickly scaling down the readahead size.
 */
2156
static void shrink_readahead_size_eio(struct file_ra_state *ra)
2157 2158 2159 2160
{
	ra->ra_pages /= 4;
}

2161
/**
2162 2163
 * generic_file_buffered_read - generic file read routine
 * @iocb:	the iocb to read
2164 2165
 * @iter:	data destination
 * @written:	already copied
2166
 *
L
Linus Torvalds 已提交
2167
 * This is a generic file read routine, and uses the
2168
 * mapping->a_ops->readpage() function for the actual low-level stuff.
L
Linus Torvalds 已提交
2169 2170 2171
 *
 * This is really ugly. But the goto's actually try to clarify some
 * of the logic when it comes to error handling etc.
2172 2173 2174 2175
 *
 * Return:
 * * total number of bytes copied, including those the were already @written
 * * negative error code if nothing was copied
L
Linus Torvalds 已提交
2176
 */
2177
ssize_t generic_file_buffered_read(struct kiocb *iocb,
2178
		struct iov_iter *iter, ssize_t written)
L
Linus Torvalds 已提交
2179
{
2180
	struct file *filp = iocb->ki_filp;
C
Christoph Hellwig 已提交
2181
	struct address_space *mapping = filp->f_mapping;
L
Linus Torvalds 已提交
2182
	struct inode *inode = mapping->host;
C
Christoph Hellwig 已提交
2183
	struct file_ra_state *ra = &filp->f_ra;
2184
	loff_t *ppos = &iocb->ki_pos;
2185 2186 2187 2188
	pgoff_t index;
	pgoff_t last_index;
	pgoff_t prev_index;
	unsigned long offset;      /* offset into pagecache page */
2189
	unsigned int prev_offset;
2190
	int error = 0;
L
Linus Torvalds 已提交
2191

2192
	if (unlikely(*ppos >= inode->i_sb->s_maxbytes))
2193
		return 0;
2194 2195
	iov_iter_truncate(iter, inode->i_sb->s_maxbytes);

2196 2197 2198 2199 2200
	index = *ppos >> PAGE_SHIFT;
	prev_index = ra->prev_pos >> PAGE_SHIFT;
	prev_offset = ra->prev_pos & (PAGE_SIZE-1);
	last_index = (*ppos + iter->count + PAGE_SIZE-1) >> PAGE_SHIFT;
	offset = *ppos & ~PAGE_MASK;
L
Linus Torvalds 已提交
2201 2202 2203

	for (;;) {
		struct page *page;
2204
		pgoff_t end_index;
N
NeilBrown 已提交
2205
		loff_t isize;
L
Linus Torvalds 已提交
2206 2207 2208 2209
		unsigned long nr, ret;

		cond_resched();
find_page:
2210 2211 2212 2213 2214
		if (fatal_signal_pending(current)) {
			error = -EINTR;
			goto out;
		}

L
Linus Torvalds 已提交
2215
		page = find_get_page(mapping, index);
2216
		if (!page) {
2217
			if (iocb->ki_flags & IOCB_NOIO)
2218
				goto would_block;
2219
			page_cache_sync_readahead(mapping,
2220
					ra, filp,
2221 2222 2223 2224 2225 2226
					index, last_index - index);
			page = find_get_page(mapping, index);
			if (unlikely(page == NULL))
				goto no_cached_page;
		}
		if (PageReadahead(page)) {
2227 2228 2229 2230
			if (iocb->ki_flags & IOCB_NOIO) {
				put_page(page);
				goto out;
			}
2231
			page_cache_async_readahead(mapping,
2232
					ra, filp, page,
2233
					index, last_index - index);
L
Linus Torvalds 已提交
2234
		}
2235
		if (!PageUptodate(page)) {
2236 2237 2238 2239 2240
			/*
			 * See comment in do_read_cache_page on why
			 * wait_on_page_locked is used to avoid unnecessarily
			 * serialisations and why it's safe.
			 */
2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254
			if (iocb->ki_flags & IOCB_WAITQ) {
				if (written) {
					put_page(page);
					goto out;
				}
				error = wait_on_page_locked_async(page,
								iocb->ki_waitq);
			} else {
				if (iocb->ki_flags & IOCB_NOWAIT) {
					put_page(page);
					goto would_block;
				}
				error = wait_on_page_locked_killable(page);
			}
2255 2256
			if (unlikely(error))
				goto readpage_error;
2257 2258 2259
			if (PageUptodate(page))
				goto page_ok;

2260
			if (inode->i_blkbits == PAGE_SHIFT ||
2261 2262
					!mapping->a_ops->is_partially_uptodate)
				goto page_not_up_to_date;
2263
			/* pipes can't handle partially uptodate pages */
D
David Howells 已提交
2264
			if (unlikely(iov_iter_is_pipe(iter)))
2265
				goto page_not_up_to_date;
N
Nick Piggin 已提交
2266
			if (!trylock_page(page))
2267
				goto page_not_up_to_date;
2268 2269 2270
			/* Did it get truncated before we got the lock? */
			if (!page->mapping)
				goto page_not_up_to_date_locked;
2271
			if (!mapping->a_ops->is_partially_uptodate(page,
2272
							offset, iter->count))
2273 2274 2275
				goto page_not_up_to_date_locked;
			unlock_page(page);
		}
L
Linus Torvalds 已提交
2276
page_ok:
N
NeilBrown 已提交
2277 2278 2279 2280 2281 2282 2283 2284 2285 2286
		/*
		 * i_size must be checked after we know the page is Uptodate.
		 *
		 * Checking i_size after the check allows us to calculate
		 * the correct value for "nr", which means the zero-filled
		 * part of the page is not copied back to userspace (unless
		 * another truncate extends the file - this is desired though).
		 */

		isize = i_size_read(inode);
2287
		end_index = (isize - 1) >> PAGE_SHIFT;
N
NeilBrown 已提交
2288
		if (unlikely(!isize || index > end_index)) {
2289
			put_page(page);
N
NeilBrown 已提交
2290 2291 2292 2293
			goto out;
		}

		/* nr is the maximum number of bytes to copy from this page */
2294
		nr = PAGE_SIZE;
N
NeilBrown 已提交
2295
		if (index == end_index) {
2296
			nr = ((isize - 1) & ~PAGE_MASK) + 1;
N
NeilBrown 已提交
2297
			if (nr <= offset) {
2298
				put_page(page);
N
NeilBrown 已提交
2299 2300 2301 2302
				goto out;
			}
		}
		nr = nr - offset;
L
Linus Torvalds 已提交
2303 2304 2305 2306 2307 2308 2309 2310 2311

		/* If users can be writing to this page using arbitrary
		 * virtual addresses, take care about potential aliasing
		 * before reading the page on the kernel side.
		 */
		if (mapping_writably_mapped(mapping))
			flush_dcache_page(page);

		/*
2312 2313
		 * When a sequential read accesses a page several times,
		 * only mark it as accessed the first time.
L
Linus Torvalds 已提交
2314
		 */
2315
		if (prev_index != index || offset != prev_offset)
L
Linus Torvalds 已提交
2316 2317 2318 2319 2320 2321 2322
			mark_page_accessed(page);
		prev_index = index;

		/*
		 * Ok, we have the page, and it's up-to-date, so
		 * now we can copy it to user space...
		 */
2323 2324

		ret = copy_page_to_iter(page, offset, nr, iter);
L
Linus Torvalds 已提交
2325
		offset += ret;
2326 2327
		index += offset >> PAGE_SHIFT;
		offset &= ~PAGE_MASK;
J
Jan Kara 已提交
2328
		prev_offset = offset;
L
Linus Torvalds 已提交
2329

2330
		put_page(page);
2331 2332 2333 2334 2335 2336 2337 2338
		written += ret;
		if (!iov_iter_count(iter))
			goto out;
		if (ret < nr) {
			error = -EFAULT;
			goto out;
		}
		continue;
L
Linus Torvalds 已提交
2339 2340 2341

page_not_up_to_date:
		/* Get exclusive access to the page ... */
2342 2343 2344 2345
		if (iocb->ki_flags & IOCB_WAITQ)
			error = lock_page_async(page, iocb->ki_waitq);
		else
			error = lock_page_killable(page);
2346 2347
		if (unlikely(error))
			goto readpage_error;
L
Linus Torvalds 已提交
2348

2349
page_not_up_to_date_locked:
N
Nick Piggin 已提交
2350
		/* Did it get truncated before we got the lock? */
L
Linus Torvalds 已提交
2351 2352
		if (!page->mapping) {
			unlock_page(page);
2353
			put_page(page);
L
Linus Torvalds 已提交
2354 2355 2356 2357 2358 2359 2360 2361 2362 2363
			continue;
		}

		/* Did somebody else fill it already? */
		if (PageUptodate(page)) {
			unlock_page(page);
			goto page_ok;
		}

readpage:
2364
		if (iocb->ki_flags & (IOCB_NOIO | IOCB_NOWAIT)) {
2365 2366 2367 2368
			unlock_page(page);
			put_page(page);
			goto would_block;
		}
2369 2370 2371 2372 2373 2374
		/*
		 * A previous I/O error may have been due to temporary
		 * failures, eg. multipath errors.
		 * PG_error will be set again if readpage fails.
		 */
		ClearPageError(page);
L
Linus Torvalds 已提交
2375 2376 2377
		/* Start the actual read. The read will unlock the page. */
		error = mapping->a_ops->readpage(filp, page);

2378 2379
		if (unlikely(error)) {
			if (error == AOP_TRUNCATED_PAGE) {
2380
				put_page(page);
2381
				error = 0;
2382 2383
				goto find_page;
			}
L
Linus Torvalds 已提交
2384
			goto readpage_error;
2385
		}
L
Linus Torvalds 已提交
2386 2387

		if (!PageUptodate(page)) {
2388 2389 2390 2391 2392
			if (iocb->ki_flags & IOCB_WAITQ)
				error = lock_page_async(page, iocb->ki_waitq);
			else
				error = lock_page_killable(page);

2393 2394
			if (unlikely(error))
				goto readpage_error;
L
Linus Torvalds 已提交
2395 2396 2397
			if (!PageUptodate(page)) {
				if (page->mapping == NULL) {
					/*
2398
					 * invalidate_mapping_pages got it
L
Linus Torvalds 已提交
2399 2400
					 */
					unlock_page(page);
2401
					put_page(page);
L
Linus Torvalds 已提交
2402 2403 2404
					goto find_page;
				}
				unlock_page(page);
2405
				shrink_readahead_size_eio(ra);
2406 2407
				error = -EIO;
				goto readpage_error;
L
Linus Torvalds 已提交
2408 2409 2410 2411 2412 2413 2414 2415
			}
			unlock_page(page);
		}

		goto page_ok;

readpage_error:
		/* UHHUH! A synchronous read error occurred. Report it */
2416
		put_page(page);
L
Linus Torvalds 已提交
2417 2418 2419 2420 2421 2422 2423
		goto out;

no_cached_page:
		/*
		 * Ok, it wasn't cached, so we need to create a new
		 * page..
		 */
M
Mel Gorman 已提交
2424
		page = page_cache_alloc(mapping);
N
Nick Piggin 已提交
2425
		if (!page) {
2426
			error = -ENOMEM;
N
Nick Piggin 已提交
2427
			goto out;
L
Linus Torvalds 已提交
2428
		}
2429
		error = add_to_page_cache_lru(page, mapping, index,
2430
				mapping_gfp_constraint(mapping, GFP_KERNEL));
L
Linus Torvalds 已提交
2431
		if (error) {
2432
			put_page(page);
2433 2434
			if (error == -EEXIST) {
				error = 0;
L
Linus Torvalds 已提交
2435
				goto find_page;
2436
			}
L
Linus Torvalds 已提交
2437 2438 2439 2440 2441
			goto out;
		}
		goto readpage;
	}

2442 2443
would_block:
	error = -EAGAIN;
L
Linus Torvalds 已提交
2444
out:
2445
	ra->prev_pos = prev_index;
2446
	ra->prev_pos <<= PAGE_SHIFT;
2447
	ra->prev_pos |= prev_offset;
L
Linus Torvalds 已提交
2448

2449
	*ppos = ((loff_t)index << PAGE_SHIFT) + offset;
2450
	file_accessed(filp);
2451
	return written ? written : error;
L
Linus Torvalds 已提交
2452
}
2453
EXPORT_SYMBOL_GPL(generic_file_buffered_read);
L
Linus Torvalds 已提交
2454

2455
/**
A
Al Viro 已提交
2456
 * generic_file_read_iter - generic filesystem read routine
2457
 * @iocb:	kernel I/O control block
A
Al Viro 已提交
2458
 * @iter:	destination for the data read
2459
 *
A
Al Viro 已提交
2460
 * This is the "read_iter()" routine for all filesystems
L
Linus Torvalds 已提交
2461
 * that can use the page cache directly.
2462 2463 2464 2465 2466 2467 2468 2469 2470 2471
 *
 * The IOCB_NOWAIT flag in iocb->ki_flags indicates that -EAGAIN shall
 * be returned when no data can be read without waiting for I/O requests
 * to complete; it doesn't prevent readahead.
 *
 * The IOCB_NOIO flag in iocb->ki_flags indicates that no new I/O
 * requests shall be made for the read or for readahead.  When no data
 * can be read, -EAGAIN shall be returned.  When readahead would be
 * triggered, a partial, possibly empty read shall be returned.
 *
2472 2473
 * Return:
 * * number of bytes copied, even for partial reads
2474
 * * negative error code (or 0 if IOCB_NOIO) if nothing was read
L
Linus Torvalds 已提交
2475 2476
 */
ssize_t
A
Al Viro 已提交
2477
generic_file_read_iter(struct kiocb *iocb, struct iov_iter *iter)
L
Linus Torvalds 已提交
2478
{
2479
	size_t count = iov_iter_count(iter);
2480
	ssize_t retval = 0;
2481 2482 2483

	if (!count)
		goto out; /* skip atime */
L
Linus Torvalds 已提交
2484

2485
	if (iocb->ki_flags & IOCB_DIRECT) {
2486
		struct file *file = iocb->ki_filp;
A
Al Viro 已提交
2487 2488
		struct address_space *mapping = file->f_mapping;
		struct inode *inode = mapping->host;
2489
		loff_t size;
L
Linus Torvalds 已提交
2490 2491

		size = i_size_read(inode);
2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502
		if (iocb->ki_flags & IOCB_NOWAIT) {
			if (filemap_range_has_page(mapping, iocb->ki_pos,
						   iocb->ki_pos + count - 1))
				return -EAGAIN;
		} else {
			retval = filemap_write_and_wait_range(mapping,
						iocb->ki_pos,
					        iocb->ki_pos + count - 1);
			if (retval < 0)
				goto out;
		}
A
Al Viro 已提交
2503

2504 2505
		file_accessed(file);

2506
		retval = mapping->a_ops->direct_IO(iocb, iter);
A
Al Viro 已提交
2507
		if (retval >= 0) {
2508
			iocb->ki_pos += retval;
2509
			count -= retval;
2510
		}
A
Al Viro 已提交
2511
		iov_iter_revert(iter, count - iov_iter_count(iter));
2512

2513 2514 2515 2516 2517 2518
		/*
		 * Btrfs can have a short DIO read if we encounter
		 * compressed extents, so if there was an error, or if
		 * we've already read everything we wanted to, or if
		 * there was a short read because we hit EOF, go ahead
		 * and return.  Otherwise fallthrough to buffered io for
2519 2520
		 * the rest of the read.  Buffered reads will not work for
		 * DAX files, so don't bother trying.
2521
		 */
2522
		if (retval < 0 || !count || iocb->ki_pos >= size ||
2523
		    IS_DAX(inode))
2524
			goto out;
L
Linus Torvalds 已提交
2525 2526
	}

2527
	retval = generic_file_buffered_read(iocb, iter, retval);
L
Linus Torvalds 已提交
2528 2529 2530
out:
	return retval;
}
A
Al Viro 已提交
2531
EXPORT_SYMBOL(generic_file_read_iter);
L
Linus Torvalds 已提交
2532 2533 2534

#ifdef CONFIG_MMU
#define MMAP_LOTSAMISS  (100)
2535
/*
2536
 * lock_page_maybe_drop_mmap - lock the page, possibly dropping the mmap_lock
2537 2538 2539 2540
 * @vmf - the vm_fault for this fault.
 * @page - the page to lock.
 * @fpin - the pointer to the file we may pin (or is already pinned).
 *
2541
 * This works similar to lock_page_or_retry in that it can drop the mmap_lock.
2542
 * It differs in that it actually returns the page locked if it returns 1 and 0
2543
 * if it couldn't lock the page.  If we did have to drop the mmap_lock then fpin
2544 2545 2546 2547 2548 2549 2550 2551
 * will point to the pinned file and needs to be fput()'ed at a later point.
 */
static int lock_page_maybe_drop_mmap(struct vm_fault *vmf, struct page *page,
				     struct file **fpin)
{
	if (trylock_page(page))
		return 1;

2552 2553
	/*
	 * NOTE! This will make us return with VM_FAULT_RETRY, but with
2554
	 * the mmap_lock still held. That's how FAULT_FLAG_RETRY_NOWAIT
2555 2556
	 * is supposed to work. We have way too many special cases..
	 */
2557 2558 2559 2560 2561 2562 2563
	if (vmf->flags & FAULT_FLAG_RETRY_NOWAIT)
		return 0;

	*fpin = maybe_unlock_mmap_for_io(vmf, *fpin);
	if (vmf->flags & FAULT_FLAG_KILLABLE) {
		if (__lock_page_killable(page)) {
			/*
2564
			 * We didn't have the right flags to drop the mmap_lock,
2565 2566
			 * but all fault_handlers only check for fatal signals
			 * if we return VM_FAULT_RETRY, so we need to drop the
2567
			 * mmap_lock here and return 0 if we don't have a fpin.
2568 2569
			 */
			if (*fpin == NULL)
2570
				mmap_read_unlock(vmf->vma->vm_mm);
2571 2572 2573 2574 2575 2576 2577
			return 0;
		}
	} else
		__lock_page(page);
	return 1;
}

L
Linus Torvalds 已提交
2578

2579
/*
2580 2581 2582 2583 2584
 * Synchronous readahead happens when we don't even find a page in the page
 * cache at all.  We don't want to perform IO under the mmap sem, so if we have
 * to drop the mmap sem we return the file that was pinned in order for us to do
 * that.  If we didn't pin a file then we return NULL.  The file that is
 * returned needs to be fput()'ed when we're done with it.
2585
 */
2586
static struct file *do_sync_mmap_readahead(struct vm_fault *vmf)
2587
{
2588 2589
	struct file *file = vmf->vma->vm_file;
	struct file_ra_state *ra = &file->f_ra;
2590
	struct address_space *mapping = file->f_mapping;
2591
	struct file *fpin = NULL;
2592
	pgoff_t offset = vmf->pgoff;
2593
	unsigned int mmap_miss;
2594 2595

	/* If we don't want any read-ahead, don't bother */
2596
	if (vmf->vma->vm_flags & VM_RAND_READ)
2597
		return fpin;
2598
	if (!ra->ra_pages)
2599
		return fpin;
2600

2601
	if (vmf->vma->vm_flags & VM_SEQ_READ) {
2602
		fpin = maybe_unlock_mmap_for_io(vmf, fpin);
2603 2604
		page_cache_sync_readahead(mapping, ra, file, offset,
					  ra->ra_pages);
2605
		return fpin;
2606 2607
	}

2608
	/* Avoid banging the cache line if not needed */
2609 2610 2611
	mmap_miss = READ_ONCE(ra->mmap_miss);
	if (mmap_miss < MMAP_LOTSAMISS * 10)
		WRITE_ONCE(ra->mmap_miss, ++mmap_miss);
2612 2613 2614 2615 2616

	/*
	 * Do we miss much more than hit in this file? If so,
	 * stop bothering with read-ahead. It will only hurt.
	 */
2617
	if (mmap_miss > MMAP_LOTSAMISS)
2618
		return fpin;
2619

2620 2621 2622
	/*
	 * mmap read-around
	 */
2623
	fpin = maybe_unlock_mmap_for_io(vmf, fpin);
2624 2625 2626
	ra->start = max_t(long, 0, offset - ra->ra_pages / 2);
	ra->size = ra->ra_pages;
	ra->async_size = ra->ra_pages / 4;
2627
	ra_submit(ra, mapping, file);
2628
	return fpin;
2629 2630 2631 2632
}

/*
 * Asynchronous readahead happens when we find the page and PG_readahead,
2633
 * so we want to possibly extend the readahead further.  We return the file that
2634
 * was pinned if we have to drop the mmap_lock in order to do IO.
2635
 */
2636 2637
static struct file *do_async_mmap_readahead(struct vm_fault *vmf,
					    struct page *page)
2638
{
2639 2640
	struct file *file = vmf->vma->vm_file;
	struct file_ra_state *ra = &file->f_ra;
2641
	struct address_space *mapping = file->f_mapping;
2642
	struct file *fpin = NULL;
2643
	unsigned int mmap_miss;
2644
	pgoff_t offset = vmf->pgoff;
2645 2646

	/* If we don't want any read-ahead, don't bother */
2647
	if (vmf->vma->vm_flags & VM_RAND_READ || !ra->ra_pages)
2648
		return fpin;
2649 2650 2651
	mmap_miss = READ_ONCE(ra->mmap_miss);
	if (mmap_miss)
		WRITE_ONCE(ra->mmap_miss, --mmap_miss);
2652 2653
	if (PageReadahead(page)) {
		fpin = maybe_unlock_mmap_for_io(vmf, fpin);
2654 2655
		page_cache_async_readahead(mapping, ra, file,
					   page, offset, ra->ra_pages);
2656 2657
	}
	return fpin;
2658 2659
}

2660
/**
2661
 * filemap_fault - read in file data for page fault handling
N
Nick Piggin 已提交
2662
 * @vmf:	struct vm_fault containing details of the fault
2663
 *
2664
 * filemap_fault() is invoked via the vma operations vector for a
L
Linus Torvalds 已提交
2665 2666 2667 2668 2669
 * mapped memory region to read in file data during a page fault.
 *
 * The goto's are kind of ugly, but this streamlines the normal case of having
 * it in the page cache, and handles the special cases reasonably without
 * having a lot of duplicated code.
2670
 *
2671
 * vma->vm_mm->mmap_lock must be held on entry.
2672
 *
2673
 * If our return value has VM_FAULT_RETRY set, it's because the mmap_lock
2674
 * may be dropped before doing I/O or by lock_page_maybe_drop_mmap().
2675
 *
2676
 * If our return value does not have VM_FAULT_RETRY set, the mmap_lock
2677 2678 2679
 * has not been released.
 *
 * We never return with VM_FAULT_RETRY and a bit from VM_FAULT_ERROR set.
2680 2681
 *
 * Return: bitwise-OR of %VM_FAULT_ codes.
L
Linus Torvalds 已提交
2682
 */
2683
vm_fault_t filemap_fault(struct vm_fault *vmf)
L
Linus Torvalds 已提交
2684 2685
{
	int error;
2686
	struct file *file = vmf->vma->vm_file;
2687
	struct file *fpin = NULL;
L
Linus Torvalds 已提交
2688 2689 2690
	struct address_space *mapping = file->f_mapping;
	struct file_ra_state *ra = &file->f_ra;
	struct inode *inode = mapping->host;
2691
	pgoff_t offset = vmf->pgoff;
2692
	pgoff_t max_off;
L
Linus Torvalds 已提交
2693
	struct page *page;
2694
	vm_fault_t ret = 0;
L
Linus Torvalds 已提交
2695

2696 2697
	max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE);
	if (unlikely(offset >= max_off))
2698
		return VM_FAULT_SIGBUS;
L
Linus Torvalds 已提交
2699 2700

	/*
2701
	 * Do we have something in the page cache already?
L
Linus Torvalds 已提交
2702
	 */
2703
	page = find_get_page(mapping, offset);
2704
	if (likely(page) && !(vmf->flags & FAULT_FLAG_TRIED)) {
L
Linus Torvalds 已提交
2705
		/*
2706 2707
		 * We found the page, so try async readahead before
		 * waiting for the lock.
L
Linus Torvalds 已提交
2708
		 */
2709
		fpin = do_async_mmap_readahead(vmf, page);
2710
	} else if (!page) {
2711 2712
		/* No page in the page cache at all */
		count_vm_event(PGMAJFAULT);
2713
		count_memcg_event_mm(vmf->vma->vm_mm, PGMAJFAULT);
2714
		ret = VM_FAULT_MAJOR;
2715
		fpin = do_sync_mmap_readahead(vmf);
2716
retry_find:
2717 2718 2719
		page = pagecache_get_page(mapping, offset,
					  FGP_CREAT|FGP_FOR_MMAP,
					  vmf->gfp_mask);
2720 2721 2722
		if (!page) {
			if (fpin)
				goto out_retry;
2723
			return VM_FAULT_OOM;
2724
		}
L
Linus Torvalds 已提交
2725 2726
	}

2727 2728
	if (!lock_page_maybe_drop_mmap(vmf, page, &fpin))
		goto out_retry;
2729 2730

	/* Did it get truncated? */
2731
	if (unlikely(compound_head(page)->mapping != mapping)) {
2732 2733 2734 2735
		unlock_page(page);
		put_page(page);
		goto retry_find;
	}
2736
	VM_BUG_ON_PAGE(page_to_pgoff(page) != offset, page);
2737

L
Linus Torvalds 已提交
2738
	/*
2739 2740
	 * We have a locked page in the page cache, now we need to check
	 * that it's up-to-date. If not, it is going to be due to an error.
L
Linus Torvalds 已提交
2741
	 */
2742
	if (unlikely(!PageUptodate(page)))
L
Linus Torvalds 已提交
2743 2744
		goto page_not_uptodate;

2745
	/*
2746
	 * We've made it this far and we had to drop our mmap_lock, now is the
2747 2748 2749 2750 2751 2752 2753 2754
	 * time to return to the upper layer and have it re-find the vma and
	 * redo the fault.
	 */
	if (fpin) {
		unlock_page(page);
		goto out_retry;
	}

2755 2756 2757 2758
	/*
	 * Found the page and have a reference on it.
	 * We must recheck i_size under page lock.
	 */
2759 2760
	max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE);
	if (unlikely(offset >= max_off)) {
2761
		unlock_page(page);
2762
		put_page(page);
2763
		return VM_FAULT_SIGBUS;
2764 2765
	}

N
Nick Piggin 已提交
2766
	vmf->page = page;
N
Nick Piggin 已提交
2767
	return ret | VM_FAULT_LOCKED;
L
Linus Torvalds 已提交
2768 2769 2770 2771 2772 2773 2774 2775 2776

page_not_uptodate:
	/*
	 * Umm, take care of errors if the page isn't up-to-date.
	 * Try to re-read it _once_. We do this synchronously,
	 * because there really aren't any performance issues here
	 * and we need to check for errors.
	 */
	ClearPageError(page);
2777
	fpin = maybe_unlock_mmap_for_io(vmf, fpin);
2778
	error = mapping->a_ops->readpage(file, page);
2779 2780 2781 2782 2783
	if (!error) {
		wait_on_page_locked(page);
		if (!PageUptodate(page))
			error = -EIO;
	}
2784 2785
	if (fpin)
		goto out_retry;
2786
	put_page(page);
2787 2788

	if (!error || error == AOP_TRUNCATED_PAGE)
2789
		goto retry_find;
L
Linus Torvalds 已提交
2790

2791
	shrink_readahead_size_eio(ra);
N
Nick Piggin 已提交
2792
	return VM_FAULT_SIGBUS;
2793 2794 2795

out_retry:
	/*
2796
	 * We dropped the mmap_lock, we need to return to the fault handler to
2797 2798 2799 2800 2801 2802 2803 2804
	 * re-find the vma and come back and find our hopefully still populated
	 * page.
	 */
	if (page)
		put_page(page);
	if (fpin)
		fput(fpin);
	return ret | VM_FAULT_RETRY;
2805 2806 2807
}
EXPORT_SYMBOL(filemap_fault);

J
Jan Kara 已提交
2808
void filemap_map_pages(struct vm_fault *vmf,
K
Kirill A. Shutemov 已提交
2809
		pgoff_t start_pgoff, pgoff_t end_pgoff)
2810
{
J
Jan Kara 已提交
2811
	struct file *file = vmf->vma->vm_file;
2812
	struct address_space *mapping = file->f_mapping;
K
Kirill A. Shutemov 已提交
2813
	pgoff_t last_pgoff = start_pgoff;
2814
	unsigned long max_idx;
2815
	XA_STATE(xas, &mapping->i_pages, start_pgoff);
2816
	struct page *head, *page;
2817
	unsigned int mmap_miss = READ_ONCE(file->f_ra.mmap_miss);
2818 2819

	rcu_read_lock();
2820 2821
	xas_for_each(&xas, head, end_pgoff) {
		if (xas_retry(&xas, head))
2822
			continue;
2823
		if (xa_is_value(head))
M
Matthew Wilcox 已提交
2824
			goto next;
2825

2826 2827 2828 2829
		/*
		 * Check for a locked page first, as a speculative
		 * reference may adversely influence page migration.
		 */
2830
		if (PageLocked(head))
2831
			goto next;
2832
		if (!page_cache_get_speculative(head))
2833
			goto next;
2834

2835
		/* Has the page moved or been split? */
2836
		if (unlikely(head != xas_reload(&xas)))
2837
			goto skip;
2838
		page = find_subpage(head, xas.xa_index);
2839

2840
		if (!PageUptodate(head) ||
2841 2842 2843
				PageReadahead(page) ||
				PageHWPoison(page))
			goto skip;
2844
		if (!trylock_page(head))
2845 2846
			goto skip;

2847
		if (head->mapping != mapping || !PageUptodate(head))
2848 2849
			goto unlock;

2850
		max_idx = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE);
2851
		if (xas.xa_index >= max_idx)
2852 2853
			goto unlock;

2854 2855
		if (mmap_miss > 0)
			mmap_miss--;
2856

2857
		vmf->address += (xas.xa_index - last_pgoff) << PAGE_SHIFT;
J
Jan Kara 已提交
2858
		if (vmf->pte)
2859 2860
			vmf->pte += xas.xa_index - last_pgoff;
		last_pgoff = xas.xa_index;
2861
		if (alloc_set_pte(vmf, page))
2862
			goto unlock;
2863
		unlock_page(head);
2864 2865
		goto next;
unlock:
2866
		unlock_page(head);
2867
skip:
2868
		put_page(head);
2869
next:
2870
		/* Huge page is mapped? No need to proceed. */
J
Jan Kara 已提交
2871
		if (pmd_trans_huge(*vmf->pmd))
2872
			break;
2873 2874
	}
	rcu_read_unlock();
2875
	WRITE_ONCE(file->f_ra.mmap_miss, mmap_miss);
2876 2877 2878
}
EXPORT_SYMBOL(filemap_map_pages);

2879
vm_fault_t filemap_page_mkwrite(struct vm_fault *vmf)
2880 2881
{
	struct page *page = vmf->page;
2882
	struct inode *inode = file_inode(vmf->vma->vm_file);
2883
	vm_fault_t ret = VM_FAULT_LOCKED;
2884

2885
	sb_start_pagefault(inode->i_sb);
2886
	file_update_time(vmf->vma->vm_file);
2887 2888 2889 2890 2891 2892
	lock_page(page);
	if (page->mapping != inode->i_mapping) {
		unlock_page(page);
		ret = VM_FAULT_NOPAGE;
		goto out;
	}
2893 2894 2895 2896 2897 2898
	/*
	 * We mark the page dirty already here so that when freeze is in
	 * progress, we are guaranteed that writeback during freezing will
	 * see the dirty page and writeprotect it again.
	 */
	set_page_dirty(page);
2899
	wait_for_stable_page(page);
2900
out:
2901
	sb_end_pagefault(inode->i_sb);
2902 2903 2904
	return ret;
}

2905
const struct vm_operations_struct generic_file_vm_ops = {
2906
	.fault		= filemap_fault,
2907
	.map_pages	= filemap_map_pages,
2908
	.page_mkwrite	= filemap_page_mkwrite,
L
Linus Torvalds 已提交
2909 2910 2911 2912 2913 2914 2915 2916 2917 2918 2919 2920 2921 2922 2923 2924 2925 2926 2927 2928 2929 2930 2931 2932 2933
};

/* This is used for a general mmap of a disk file */

int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
{
	struct address_space *mapping = file->f_mapping;

	if (!mapping->a_ops->readpage)
		return -ENOEXEC;
	file_accessed(file);
	vma->vm_ops = &generic_file_vm_ops;
	return 0;
}

/*
 * This is for filesystems which do not implement ->writepage.
 */
int generic_file_readonly_mmap(struct file *file, struct vm_area_struct *vma)
{
	if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_MAYWRITE))
		return -EINVAL;
	return generic_file_mmap(file, vma);
}
#else
S
Souptick Joarder 已提交
2934
vm_fault_t filemap_page_mkwrite(struct vm_fault *vmf)
2935
{
S
Souptick Joarder 已提交
2936
	return VM_FAULT_SIGBUS;
2937
}
L
Linus Torvalds 已提交
2938 2939 2940 2941 2942 2943 2944 2945 2946 2947
int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
{
	return -ENOSYS;
}
int generic_file_readonly_mmap(struct file * file, struct vm_area_struct * vma)
{
	return -ENOSYS;
}
#endif /* CONFIG_MMU */

2948
EXPORT_SYMBOL(filemap_page_mkwrite);
L
Linus Torvalds 已提交
2949 2950 2951
EXPORT_SYMBOL(generic_file_mmap);
EXPORT_SYMBOL(generic_file_readonly_mmap);

S
Sasha Levin 已提交
2952 2953 2954 2955 2956
static struct page *wait_on_page_read(struct page *page)
{
	if (!IS_ERR(page)) {
		wait_on_page_locked(page);
		if (!PageUptodate(page)) {
2957
			put_page(page);
S
Sasha Levin 已提交
2958 2959 2960 2961 2962 2963
			page = ERR_PTR(-EIO);
		}
	}
	return page;
}

2964
static struct page *do_read_cache_page(struct address_space *mapping,
2965
				pgoff_t index,
2966
				int (*filler)(void *, struct page *),
2967 2968
				void *data,
				gfp_t gfp)
L
Linus Torvalds 已提交
2969
{
N
Nick Piggin 已提交
2970
	struct page *page;
L
Linus Torvalds 已提交
2971 2972 2973 2974
	int err;
repeat:
	page = find_get_page(mapping, index);
	if (!page) {
M
Mel Gorman 已提交
2975
		page = __page_cache_alloc(gfp);
N
Nick Piggin 已提交
2976 2977
		if (!page)
			return ERR_PTR(-ENOMEM);
2978
		err = add_to_page_cache_lru(page, mapping, index, gfp);
N
Nick Piggin 已提交
2979
		if (unlikely(err)) {
2980
			put_page(page);
N
Nick Piggin 已提交
2981 2982
			if (err == -EEXIST)
				goto repeat;
2983
			/* Presumably ENOMEM for xarray node */
L
Linus Torvalds 已提交
2984 2985
			return ERR_PTR(err);
		}
2986 2987

filler:
2988 2989 2990 2991 2992
		if (filler)
			err = filler(data, page);
		else
			err = mapping->a_ops->readpage(data, page);

L
Linus Torvalds 已提交
2993
		if (err < 0) {
2994
			put_page(page);
2995
			return ERR_PTR(err);
L
Linus Torvalds 已提交
2996 2997
		}

2998 2999 3000 3001 3002
		page = wait_on_page_read(page);
		if (IS_ERR(page))
			return page;
		goto out;
	}
L
Linus Torvalds 已提交
3003 3004 3005
	if (PageUptodate(page))
		goto out;

3006 3007 3008 3009 3010 3011 3012 3013 3014 3015
	/*
	 * Page is not up to date and may be locked due one of the following
	 * case a: Page is being filled and the page lock is held
	 * case b: Read/write error clearing the page uptodate status
	 * case c: Truncation in progress (page locked)
	 * case d: Reclaim in progress
	 *
	 * Case a, the page will be up to date when the page is unlocked.
	 *    There is no need to serialise on the page lock here as the page
	 *    is pinned so the lock gives no additional protection. Even if the
3016
	 *    page is truncated, the data is still valid if PageUptodate as
3017 3018 3019 3020 3021 3022 3023 3024 3025 3026 3027 3028 3029 3030 3031 3032 3033 3034 3035 3036 3037 3038 3039 3040 3041
	 *    it's a race vs truncate race.
	 * Case b, the page will not be up to date
	 * Case c, the page may be truncated but in itself, the data may still
	 *    be valid after IO completes as it's a read vs truncate race. The
	 *    operation must restart if the page is not uptodate on unlock but
	 *    otherwise serialising on page lock to stabilise the mapping gives
	 *    no additional guarantees to the caller as the page lock is
	 *    released before return.
	 * Case d, similar to truncation. If reclaim holds the page lock, it
	 *    will be a race with remove_mapping that determines if the mapping
	 *    is valid on unlock but otherwise the data is valid and there is
	 *    no need to serialise with page lock.
	 *
	 * As the page lock gives no additional guarantee, we optimistically
	 * wait on the page to be unlocked and check if it's up to date and
	 * use the page if it is. Otherwise, the page lock is required to
	 * distinguish between the different cases. The motivation is that we
	 * avoid spurious serialisations and wakeups when multiple processes
	 * wait on the same page for IO to complete.
	 */
	wait_on_page_locked(page);
	if (PageUptodate(page))
		goto out;

	/* Distinguish between all the cases under the safety of the lock */
L
Linus Torvalds 已提交
3042
	lock_page(page);
3043 3044

	/* Case c or d, restart the operation */
L
Linus Torvalds 已提交
3045 3046
	if (!page->mapping) {
		unlock_page(page);
3047
		put_page(page);
3048
		goto repeat;
L
Linus Torvalds 已提交
3049
	}
3050 3051

	/* Someone else locked and filled the page in a very small window */
L
Linus Torvalds 已提交
3052 3053 3054 3055
	if (PageUptodate(page)) {
		unlock_page(page);
		goto out;
	}
3056 3057 3058 3059 3060 3061 3062 3063

	/*
	 * A previous I/O error may have been due to temporary
	 * failures.
	 * Clear page error before actual read, PG_error will be
	 * set again if read page fails.
	 */
	ClearPageError(page);
3064 3065
	goto filler;

3066
out:
3067 3068 3069
	mark_page_accessed(page);
	return page;
}
3070 3071

/**
S
Sasha Levin 已提交
3072
 * read_cache_page - read into page cache, fill it if needed
3073 3074 3075
 * @mapping:	the page's address_space
 * @index:	the page index
 * @filler:	function to perform the read
3076
 * @data:	first arg to filler(data, page) function, often left as NULL
3077 3078
 *
 * Read into the page cache. If a page already exists, and PageUptodate() is
S
Sasha Levin 已提交
3079
 * not set, try to fill the page and wait for it to become unlocked.
3080 3081
 *
 * If the page does not get brought uptodate, return -EIO.
3082 3083
 *
 * Return: up to date page on success, ERR_PTR() on failure.
3084
 */
S
Sasha Levin 已提交
3085
struct page *read_cache_page(struct address_space *mapping,
3086
				pgoff_t index,
3087
				int (*filler)(void *, struct page *),
3088 3089
				void *data)
{
3090 3091
	return do_read_cache_page(mapping, index, filler, data,
			mapping_gfp_mask(mapping));
3092
}
S
Sasha Levin 已提交
3093
EXPORT_SYMBOL(read_cache_page);
3094 3095 3096 3097 3098 3099 3100 3101

/**
 * read_cache_page_gfp - read into page cache, using specified page allocation flags.
 * @mapping:	the page's address_space
 * @index:	the page index
 * @gfp:	the page allocator flags to use if allocating
 *
 * This is the same as "read_mapping_page(mapping, index, NULL)", but with
3102
 * any new page allocations done using the specified allocation flags.
3103 3104
 *
 * If the page does not get brought uptodate, return -EIO.
3105 3106
 *
 * Return: up to date page on success, ERR_PTR() on failure.
3107 3108 3109 3110 3111
 */
struct page *read_cache_page_gfp(struct address_space *mapping,
				pgoff_t index,
				gfp_t gfp)
{
3112
	return do_read_cache_page(mapping, index, NULL, NULL, gfp);
3113 3114 3115
}
EXPORT_SYMBOL(read_cache_page_gfp);

3116 3117 3118 3119 3120 3121 3122 3123
/*
 * Don't operate on ranges the page cache doesn't support, and don't exceed the
 * LFS limits.  If pos is under the limit it becomes a short access.  If it
 * exceeds the limit we return -EFBIG.
 */
static int generic_write_check_limits(struct file *file, loff_t pos,
				      loff_t *count)
{
3124 3125
	struct inode *inode = file->f_mapping->host;
	loff_t max_size = inode->i_sb->s_maxbytes;
3126 3127 3128 3129 3130 3131 3132 3133 3134 3135
	loff_t limit = rlimit(RLIMIT_FSIZE);

	if (limit != RLIM_INFINITY) {
		if (pos >= limit) {
			send_sig(SIGXFSZ, current, 0);
			return -EFBIG;
		}
		*count = min(*count, limit - pos);
	}

3136 3137 3138 3139 3140 3141 3142 3143 3144
	if (!(file->f_flags & O_LARGEFILE))
		max_size = MAX_NON_LFS;

	if (unlikely(pos >= max_size))
		return -EFBIG;

	*count = min(*count, max_size - pos);

	return 0;
3145 3146
}

L
Linus Torvalds 已提交
3147 3148 3149
/*
 * Performs necessary checks before doing a write
 *
3150
 * Can adjust writing position or amount of bytes to write.
L
Linus Torvalds 已提交
3151 3152 3153
 * Returns appropriate error code that caller should return or
 * zero in case that write should be allowed.
 */
3154
inline ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from)
L
Linus Torvalds 已提交
3155
{
3156
	struct file *file = iocb->ki_filp;
L
Linus Torvalds 已提交
3157
	struct inode *inode = file->f_mapping->host;
3158 3159
	loff_t count;
	int ret;
L
Linus Torvalds 已提交
3160

3161 3162 3163
	if (IS_SWAPFILE(inode))
		return -ETXTBSY;

3164 3165
	if (!iov_iter_count(from))
		return 0;
L
Linus Torvalds 已提交
3166

3167
	/* FIXME: this is for backwards compatibility with 2.4 */
3168
	if (iocb->ki_flags & IOCB_APPEND)
3169
		iocb->ki_pos = i_size_read(inode);
L
Linus Torvalds 已提交
3170

3171 3172 3173
	if ((iocb->ki_flags & IOCB_NOWAIT) && !(iocb->ki_flags & IOCB_DIRECT))
		return -EINVAL;

3174 3175 3176 3177
	count = iov_iter_count(from);
	ret = generic_write_check_limits(file, iocb->ki_pos, &count);
	if (ret)
		return ret;
L
Linus Torvalds 已提交
3178

3179
	iov_iter_truncate(from, count);
3180
	return iov_iter_count(from);
L
Linus Torvalds 已提交
3181 3182 3183
}
EXPORT_SYMBOL(generic_write_checks);

3184 3185 3186
/*
 * Performs necessary checks before doing a clone.
 *
3187
 * Can adjust amount of bytes to clone via @req_count argument.
3188 3189 3190 3191 3192
 * Returns appropriate error code that caller should return or
 * zero in case the clone should be allowed.
 */
int generic_remap_checks(struct file *file_in, loff_t pos_in,
			 struct file *file_out, loff_t pos_out,
3193
			 loff_t *req_count, unsigned int remap_flags)
3194 3195 3196 3197 3198 3199 3200
{
	struct inode *inode_in = file_in->f_mapping->host;
	struct inode *inode_out = file_out->f_mapping->host;
	uint64_t count = *req_count;
	uint64_t bcount;
	loff_t size_in, size_out;
	loff_t bs = inode_out->i_sb->s_blocksize;
3201
	int ret;
3202 3203 3204 3205 3206 3207 3208 3209 3210 3211 3212 3213 3214

	/* The start of both ranges must be aligned to an fs block. */
	if (!IS_ALIGNED(pos_in, bs) || !IS_ALIGNED(pos_out, bs))
		return -EINVAL;

	/* Ensure offsets don't wrap. */
	if (pos_in + count < pos_in || pos_out + count < pos_out)
		return -EINVAL;

	size_in = i_size_read(inode_in);
	size_out = i_size_read(inode_out);

	/* Dedupe requires both ranges to be within EOF. */
3215
	if ((remap_flags & REMAP_FILE_DEDUP) &&
3216 3217 3218 3219 3220 3221 3222 3223 3224
	    (pos_in >= size_in || pos_in + count > size_in ||
	     pos_out >= size_out || pos_out + count > size_out))
		return -EINVAL;

	/* Ensure the infile range is within the infile. */
	if (pos_in >= size_in)
		return -EINVAL;
	count = min(count, size_in - (uint64_t)pos_in);

3225 3226 3227
	ret = generic_write_check_limits(file_out, pos_out, &count);
	if (ret)
		return ret;
L
Linus Torvalds 已提交
3228 3229

	/*
3230 3231 3232 3233 3234
	 * If the user wanted us to link to the infile's EOF, round up to the
	 * next block boundary for this check.
	 *
	 * Otherwise, make sure the count is also block-aligned, having
	 * already confirmed the starting offsets' block alignment.
L
Linus Torvalds 已提交
3235
	 */
3236 3237 3238 3239
	if (pos_in + count == size_in) {
		bcount = ALIGN(size_in, bs) - pos_in;
	} else {
		if (!IS_ALIGNED(count, bs))
3240
			count = ALIGN_DOWN(count, bs);
3241
		bcount = count;
L
Linus Torvalds 已提交
3242 3243
	}

3244 3245 3246 3247 3248 3249
	/* Don't allow overlapped cloning within the same file. */
	if (inode_in == inode_out &&
	    pos_out + bcount > pos_in &&
	    pos_out < pos_in + bcount)
		return -EINVAL;

L
Linus Torvalds 已提交
3250
	/*
3251 3252
	 * We shortened the request but the caller can't deal with that, so
	 * bounce the request back to userspace.
L
Linus Torvalds 已提交
3253
	 */
3254
	if (*req_count != count && !(remap_flags & REMAP_FILE_CAN_SHORTEN))
3255
		return -EINVAL;
L
Linus Torvalds 已提交
3256

3257
	*req_count = count;
3258
	return 0;
L
Linus Torvalds 已提交
3259 3260
}

3261 3262 3263 3264 3265 3266 3267 3268 3269 3270 3271 3272 3273 3274 3275 3276 3277 3278 3279 3280 3281 3282 3283 3284

/*
 * Performs common checks before doing a file copy/clone
 * from @file_in to @file_out.
 */
int generic_file_rw_checks(struct file *file_in, struct file *file_out)
{
	struct inode *inode_in = file_inode(file_in);
	struct inode *inode_out = file_inode(file_out);

	/* Don't copy dirs, pipes, sockets... */
	if (S_ISDIR(inode_in->i_mode) || S_ISDIR(inode_out->i_mode))
		return -EISDIR;
	if (!S_ISREG(inode_in->i_mode) || !S_ISREG(inode_out->i_mode))
		return -EINVAL;

	if (!(file_in->f_mode & FMODE_READ) ||
	    !(file_out->f_mode & FMODE_WRITE) ||
	    (file_out->f_flags & O_APPEND))
		return -EBADF;

	return 0;
}

3285 3286 3287 3288 3289 3290 3291 3292 3293 3294 3295 3296 3297 3298 3299 3300 3301 3302 3303 3304 3305 3306 3307 3308 3309 3310 3311 3312 3313 3314 3315 3316 3317 3318 3319 3320 3321 3322 3323 3324 3325 3326 3327 3328 3329 3330 3331 3332 3333 3334 3335 3336 3337
/*
 * Performs necessary checks before doing a file copy
 *
 * Can adjust amount of bytes to copy via @req_count argument.
 * Returns appropriate error code that caller should return or
 * zero in case the copy should be allowed.
 */
int generic_copy_file_checks(struct file *file_in, loff_t pos_in,
			     struct file *file_out, loff_t pos_out,
			     size_t *req_count, unsigned int flags)
{
	struct inode *inode_in = file_inode(file_in);
	struct inode *inode_out = file_inode(file_out);
	uint64_t count = *req_count;
	loff_t size_in;
	int ret;

	ret = generic_file_rw_checks(file_in, file_out);
	if (ret)
		return ret;

	/* Don't touch certain kinds of inodes */
	if (IS_IMMUTABLE(inode_out))
		return -EPERM;

	if (IS_SWAPFILE(inode_in) || IS_SWAPFILE(inode_out))
		return -ETXTBSY;

	/* Ensure offsets don't wrap. */
	if (pos_in + count < pos_in || pos_out + count < pos_out)
		return -EOVERFLOW;

	/* Shorten the copy to EOF */
	size_in = i_size_read(inode_in);
	if (pos_in >= size_in)
		count = 0;
	else
		count = min(count, size_in - (uint64_t)pos_in);

	ret = generic_write_check_limits(file_out, pos_out, &count);
	if (ret)
		return ret;

	/* Don't allow overlapped copying within the same file. */
	if (inode_in == inode_out &&
	    pos_out + count > pos_in &&
	    pos_out < pos_in + count)
		return -EINVAL;

	*req_count = count;
	return 0;
}

3338 3339 3340 3341 3342 3343
int pagecache_write_begin(struct file *file, struct address_space *mapping,
				loff_t pos, unsigned len, unsigned flags,
				struct page **pagep, void **fsdata)
{
	const struct address_space_operations *aops = mapping->a_ops;

3344
	return aops->write_begin(file, mapping, pos, len, flags,
3345 3346 3347 3348 3349 3350 3351 3352 3353 3354
							pagep, fsdata);
}
EXPORT_SYMBOL(pagecache_write_begin);

int pagecache_write_end(struct file *file, struct address_space *mapping,
				loff_t pos, unsigned len, unsigned copied,
				struct page *page, void *fsdata)
{
	const struct address_space_operations *aops = mapping->a_ops;

3355
	return aops->write_end(file, mapping, pos, len, copied, page, fsdata);
3356 3357 3358
}
EXPORT_SYMBOL(pagecache_write_end);

3359 3360 3361 3362 3363 3364 3365 3366 3367 3368 3369 3370 3371 3372 3373 3374 3375 3376 3377 3378 3379
/*
 * Warn about a page cache invalidation failure during a direct I/O write.
 */
void dio_warn_stale_pagecache(struct file *filp)
{
	static DEFINE_RATELIMIT_STATE(_rs, 86400 * HZ, DEFAULT_RATELIMIT_BURST);
	char pathname[128];
	struct inode *inode = file_inode(filp);
	char *path;

	errseq_set(&inode->i_mapping->wb_err, -EIO);
	if (__ratelimit(&_rs)) {
		path = file_path(filp, pathname, sizeof(pathname));
		if (IS_ERR(path))
			path = "(unknown)";
		pr_crit("Page cache invalidation failure on direct I/O.  Possible data corruption due to collision with buffered I/O!\n");
		pr_crit("File: %s PID: %d Comm: %.20s\n", path, current->pid,
			current->comm);
	}
}

L
Linus Torvalds 已提交
3380
ssize_t
3381
generic_file_direct_write(struct kiocb *iocb, struct iov_iter *from)
L
Linus Torvalds 已提交
3382 3383 3384 3385
{
	struct file	*file = iocb->ki_filp;
	struct address_space *mapping = file->f_mapping;
	struct inode	*inode = mapping->host;
3386
	loff_t		pos = iocb->ki_pos;
L
Linus Torvalds 已提交
3387
	ssize_t		written;
3388 3389
	size_t		write_len;
	pgoff_t		end;
L
Linus Torvalds 已提交
3390

A
Al Viro 已提交
3391
	write_len = iov_iter_count(from);
3392
	end = (pos + write_len - 1) >> PAGE_SHIFT;
3393

3394 3395 3396
	if (iocb->ki_flags & IOCB_NOWAIT) {
		/* If there are pages to writeback, return */
		if (filemap_range_has_page(inode->i_mapping, pos,
3397
					   pos + write_len - 1))
3398 3399 3400 3401 3402 3403 3404
			return -EAGAIN;
	} else {
		written = filemap_write_and_wait_range(mapping, pos,
							pos + write_len - 1);
		if (written)
			goto out;
	}
3405 3406 3407 3408 3409

	/*
	 * After a write we want buffered reads to be sure to go to disk to get
	 * the new data.  We invalidate clean cached page from the region we're
	 * about to write.  We do this *before* the write so that we can return
3410
	 * without clobbering -EIOCBQUEUED from ->direct_IO().
3411
	 */
3412
	written = invalidate_inode_pages2_range(mapping,
3413
					pos >> PAGE_SHIFT, end);
3414 3415 3416 3417 3418 3419 3420 3421
	/*
	 * If a page can not be invalidated, return 0 to fall back
	 * to buffered write.
	 */
	if (written) {
		if (written == -EBUSY)
			return 0;
		goto out;
3422 3423
	}

3424
	written = mapping->a_ops->direct_IO(iocb, from);
3425 3426 3427 3428 3429 3430 3431 3432

	/*
	 * Finally, try again to invalidate clean pages which might have been
	 * cached by non-direct readahead, or faulted in by get_user_pages()
	 * if the source of the write was an mmap'ed region of the file
	 * we're writing.  Either one is a pretty crazy thing to do,
	 * so we don't support it 100%.  If this invalidation
	 * fails, tough, the write still worked...
3433 3434 3435 3436
	 *
	 * Most of the time we do not need this since dio_complete() will do
	 * the invalidation for us. However there are some file systems that
	 * do not end up with dio_complete() being called, so let's not break
3437 3438
	 * them by removing it completely.
	 *
3439 3440
	 * Noticeable example is a blkdev_direct_IO().
	 *
3441
	 * Skip invalidation for async writes or if mapping has no pages.
3442
	 */
3443 3444 3445
	if (written > 0 && mapping->nrpages &&
	    invalidate_inode_pages2_range(mapping, pos >> PAGE_SHIFT, end))
		dio_warn_stale_pagecache(file);
3446

L
Linus Torvalds 已提交
3447
	if (written > 0) {
3448
		pos += written;
3449
		write_len -= written;
3450 3451
		if (pos > i_size_read(inode) && !S_ISBLK(inode->i_mode)) {
			i_size_write(inode, pos);
L
Linus Torvalds 已提交
3452 3453
			mark_inode_dirty(inode);
		}
3454
		iocb->ki_pos = pos;
L
Linus Torvalds 已提交
3455
	}
3456
	iov_iter_revert(from, write_len - iov_iter_count(from));
3457
out:
L
Linus Torvalds 已提交
3458 3459 3460 3461
	return written;
}
EXPORT_SYMBOL(generic_file_direct_write);

N
Nick Piggin 已提交
3462 3463 3464 3465
/*
 * Find or create a page at the given pagecache position. Return the locked
 * page. This function is specifically for buffered writes.
 */
3466 3467
struct page *grab_cache_page_write_begin(struct address_space *mapping,
					pgoff_t index, unsigned flags)
N
Nick Piggin 已提交
3468 3469
{
	struct page *page;
3470
	int fgp_flags = FGP_LOCK|FGP_WRITE|FGP_CREAT;
3471

3472
	if (flags & AOP_FLAG_NOFS)
3473 3474 3475
		fgp_flags |= FGP_NOFS;

	page = pagecache_get_page(mapping, index, fgp_flags,
3476
			mapping_gfp_mask(mapping));
3477
	if (page)
3478
		wait_for_stable_page(page);
N
Nick Piggin 已提交
3479 3480 3481

	return page;
}
3482
EXPORT_SYMBOL(grab_cache_page_write_begin);
N
Nick Piggin 已提交
3483

3484
ssize_t generic_perform_write(struct file *file,
3485 3486 3487 3488 3489 3490
				struct iov_iter *i, loff_t pos)
{
	struct address_space *mapping = file->f_mapping;
	const struct address_space_operations *a_ops = mapping->a_ops;
	long status = 0;
	ssize_t written = 0;
N
Nick Piggin 已提交
3491 3492
	unsigned int flags = 0;

3493 3494 3495 3496 3497 3498 3499
	do {
		struct page *page;
		unsigned long offset;	/* Offset into pagecache page */
		unsigned long bytes;	/* Bytes to write to page */
		size_t copied;		/* Bytes copied from user */
		void *fsdata;

3500 3501
		offset = (pos & (PAGE_SIZE - 1));
		bytes = min_t(unsigned long, PAGE_SIZE - offset,
3502 3503 3504
						iov_iter_count(i));

again:
3505 3506 3507 3508 3509 3510 3511 3512 3513 3514 3515 3516 3517 3518 3519
		/*
		 * Bring in the user page that we will copy from _first_.
		 * Otherwise there's a nasty deadlock on copying from the
		 * same page as we're writing to, without it being marked
		 * up-to-date.
		 *
		 * Not only is this an optimisation, but it is also required
		 * to check that the address is actually valid, when atomic
		 * usercopies are used, below.
		 */
		if (unlikely(iov_iter_fault_in_readable(i, bytes))) {
			status = -EFAULT;
			break;
		}

J
Jan Kara 已提交
3520 3521 3522 3523 3524
		if (fatal_signal_pending(current)) {
			status = -EINTR;
			break;
		}

N
Nick Piggin 已提交
3525
		status = a_ops->write_begin(file, mapping, pos, bytes, flags,
3526
						&page, &fsdata);
3527
		if (unlikely(status < 0))
3528 3529
			break;

3530 3531
		if (mapping_writably_mapped(mapping))
			flush_dcache_page(page);
3532

3533 3534 3535 3536 3537 3538 3539 3540 3541 3542 3543
		copied = iov_iter_copy_from_user_atomic(page, i, offset, bytes);
		flush_dcache_page(page);

		status = a_ops->write_end(file, mapping, pos, bytes, copied,
						page, fsdata);
		if (unlikely(status < 0))
			break;
		copied = status;

		cond_resched();

3544
		iov_iter_advance(i, copied);
3545 3546 3547 3548 3549 3550 3551 3552 3553
		if (unlikely(copied == 0)) {
			/*
			 * If we were unable to copy any data at all, we must
			 * fall back to a single segment length write.
			 *
			 * If we didn't fallback here, we could livelock
			 * because not all segments in the iov can be copied at
			 * once without a pagefault.
			 */
3554
			bytes = min_t(unsigned long, PAGE_SIZE - offset,
3555 3556 3557 3558 3559 3560 3561 3562 3563 3564 3565
						iov_iter_single_seg_count(i));
			goto again;
		}
		pos += copied;
		written += copied;

		balance_dirty_pages_ratelimited(mapping);
	} while (iov_iter_count(i));

	return written ? written : status;
}
3566
EXPORT_SYMBOL(generic_perform_write);
L
Linus Torvalds 已提交
3567

3568
/**
3569
 * __generic_file_write_iter - write data to a file
3570
 * @iocb:	IO state structure (file, offset, etc.)
3571
 * @from:	iov_iter with data to write
3572 3573 3574 3575 3576 3577 3578 3579 3580 3581 3582 3583
 *
 * This function does all the work needed for actually writing data to a
 * file. It does all basic checks, removes SUID from the file, updates
 * modification times and calls proper subroutines depending on whether we
 * do direct IO or a standard buffered write.
 *
 * It expects i_mutex to be grabbed unless we work on a block device or similar
 * object which does not need locking at all.
 *
 * This function does *not* take care of syncing data in case of O_SYNC write.
 * A caller has to handle it. This is mainly due to the fact that we want to
 * avoid syncing under i_mutex.
3584 3585 3586 3587
 *
 * Return:
 * * number of bytes written, even for truncated writes
 * * negative error code if no data has been written at all
3588
 */
3589
ssize_t __generic_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
L
Linus Torvalds 已提交
3590 3591
{
	struct file *file = iocb->ki_filp;
3592
	struct address_space * mapping = file->f_mapping;
L
Linus Torvalds 已提交
3593
	struct inode 	*inode = mapping->host;
3594
	ssize_t		written = 0;
L
Linus Torvalds 已提交
3595
	ssize_t		err;
3596
	ssize_t		status;
L
Linus Torvalds 已提交
3597 3598

	/* We can write back this queue in page reclaim */
3599
	current->backing_dev_info = inode_to_bdi(inode);
3600
	err = file_remove_privs(file);
L
Linus Torvalds 已提交
3601 3602 3603
	if (err)
		goto out;

3604 3605 3606
	err = file_update_time(file);
	if (err)
		goto out;
L
Linus Torvalds 已提交
3607

3608
	if (iocb->ki_flags & IOCB_DIRECT) {
3609
		loff_t pos, endbyte;
3610

3611
		written = generic_file_direct_write(iocb, from);
L
Linus Torvalds 已提交
3612
		/*
3613 3614 3615 3616 3617
		 * If the write stopped short of completing, fall back to
		 * buffered writes.  Some filesystems do this for writes to
		 * holes, for example.  For DAX files, a buffered write will
		 * not succeed (even if it did, DAX does not handle dirty
		 * page-cache pages correctly).
L
Linus Torvalds 已提交
3618
		 */
3619
		if (written < 0 || !iov_iter_count(from) || IS_DAX(inode))
3620 3621
			goto out;

3622
		status = generic_perform_write(file, from, pos = iocb->ki_pos);
3623
		/*
3624
		 * If generic_perform_write() returned a synchronous error
3625 3626 3627 3628 3629
		 * then we want to return the number of bytes which were
		 * direct-written, or the error code if that was zero.  Note
		 * that this differs from normal direct-io semantics, which
		 * will return -EFOO even if some bytes were written.
		 */
3630
		if (unlikely(status < 0)) {
3631
			err = status;
3632 3633 3634 3635 3636 3637 3638
			goto out;
		}
		/*
		 * We need to ensure that the page cache pages are written to
		 * disk and invalidated to preserve the expected O_DIRECT
		 * semantics.
		 */
3639
		endbyte = pos + status - 1;
3640
		err = filemap_write_and_wait_range(mapping, pos, endbyte);
3641
		if (err == 0) {
3642
			iocb->ki_pos = endbyte + 1;
3643
			written += status;
3644
			invalidate_mapping_pages(mapping,
3645 3646
						 pos >> PAGE_SHIFT,
						 endbyte >> PAGE_SHIFT);
3647 3648 3649 3650 3651 3652 3653
		} else {
			/*
			 * We don't know how much we wrote, so just return
			 * the number of bytes which were direct-written
			 */
		}
	} else {
3654 3655 3656
		written = generic_perform_write(file, from, iocb->ki_pos);
		if (likely(written > 0))
			iocb->ki_pos += written;
3657
	}
L
Linus Torvalds 已提交
3658 3659 3660 3661
out:
	current->backing_dev_info = NULL;
	return written ? written : err;
}
3662
EXPORT_SYMBOL(__generic_file_write_iter);
3663 3664

/**
3665
 * generic_file_write_iter - write data to a file
3666
 * @iocb:	IO state structure
3667
 * @from:	iov_iter with data to write
3668
 *
3669
 * This is a wrapper around __generic_file_write_iter() to be used by most
3670 3671
 * filesystems. It takes care of syncing the file in case of O_SYNC file
 * and acquires i_mutex as needed.
3672 3673 3674 3675
 * Return:
 * * negative error code if no data has been written at all of
 *   vfs_fsync_range() failed for a synchronous write
 * * number of bytes written, even for truncated writes
3676
 */
3677
ssize_t generic_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
L
Linus Torvalds 已提交
3678 3679
{
	struct file *file = iocb->ki_filp;
3680
	struct inode *inode = file->f_mapping->host;
L
Linus Torvalds 已提交
3681 3682
	ssize_t ret;

A
Al Viro 已提交
3683
	inode_lock(inode);
3684 3685
	ret = generic_write_checks(iocb, from);
	if (ret > 0)
3686
		ret = __generic_file_write_iter(iocb, from);
A
Al Viro 已提交
3687
	inode_unlock(inode);
L
Linus Torvalds 已提交
3688

3689 3690
	if (ret > 0)
		ret = generic_write_sync(iocb, ret);
L
Linus Torvalds 已提交
3691 3692
	return ret;
}
3693
EXPORT_SYMBOL(generic_file_write_iter);
L
Linus Torvalds 已提交
3694

3695 3696 3697 3698 3699 3700 3701
/**
 * try_to_release_page() - release old fs-specific metadata on a page
 *
 * @page: the page which the kernel is trying to free
 * @gfp_mask: memory allocation flags (and I/O mode)
 *
 * The address_space is to try to release any data against the page
3702
 * (presumably at page->private).
3703
 *
3704 3705 3706
 * This may also be called if PG_fscache is set on a page, indicating that the
 * page is known to the local caching routines.
 *
3707
 * The @gfp_mask argument specifies whether I/O may be performed to release
3708
 * this page (__GFP_IO), and whether the call may block (__GFP_RECLAIM & __GFP_FS).
3709
 *
3710
 * Return: %1 if the release was successful, otherwise return zero.
3711 3712 3713 3714 3715 3716 3717 3718 3719 3720 3721 3722 3723 3724 3725
 */
int try_to_release_page(struct page *page, gfp_t gfp_mask)
{
	struct address_space * const mapping = page->mapping;

	BUG_ON(!PageLocked(page));
	if (PageWriteback(page))
		return 0;

	if (mapping && mapping->a_ops->releasepage)
		return mapping->a_ops->releasepage(page, gfp_mask);
	return try_to_free_buffers(page);
}

EXPORT_SYMBOL(try_to_release_page);