1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  linux/fs/ext4/file.c
4  *
5  * Copyright (C) 1992, 1993, 1994, 1995
6  * Remy Card (card@masi.ibp.fr)
7  * Laboratoire MASI - Institut Blaise Pascal
8  * Universite Pierre et Marie Curie (Paris VI)
9  *
10  *  from
11  *
12  *  linux/fs/minix/file.c
13  *
14  *  Copyright (C) 1991, 1992  Linus Torvalds
15  *
16  *  ext4 fs regular file handling primitives
17  *
18  *  64-bit file support on 64-bit platforms by Jakub Jelinek
19  *	(jj@sunsite.ms.mff.cuni.cz)
20  */
21 
22 #include <linux/time.h>
23 #include <linux/fs.h>
24 #include <linux/iomap.h>
25 #include <linux/mount.h>
26 #include <linux/path.h>
27 #include <linux/dax.h>
28 #include <linux/quotaops.h>
29 #include <linux/pagevec.h>
30 #include <linux/uio.h>
31 #include <linux/mman.h>
32 #include <linux/backing-dev.h>
33 #include "ext4.h"
34 #include "ext4_jbd2.h"
35 #include "xattr.h"
36 #include "acl.h"
37 #include "truncate.h"
38 
39 /*
40  * Returns %true if the given DIO request should be attempted with DIO, or
41  * %false if it should fall back to buffered I/O.
42  *
43  * DIO isn't well specified; when it's unsupported (either due to the request
44  * being misaligned, or due to the file not supporting DIO at all), filesystems
45  * either fall back to buffered I/O or return EINVAL.  For files that don't use
46  * any special features like encryption or verity, ext4 has traditionally
47  * returned EINVAL for misaligned DIO.  iomap_dio_rw() uses this convention too.
48  * In this case, we should attempt the DIO, *not* fall back to buffered I/O.
49  *
50  * In contrast, in cases where DIO is unsupported due to ext4 features, ext4
51  * traditionally falls back to buffered I/O.
52  *
53  * This function implements the traditional ext4 behavior in all these cases.
54  */
ext4_should_use_dio(struct kiocb * iocb,struct iov_iter * iter)55 static bool ext4_should_use_dio(struct kiocb *iocb, struct iov_iter *iter)
56 {
57 	struct inode *inode = file_inode(iocb->ki_filp);
58 	u32 dio_align = ext4_dio_alignment(inode);
59 
60 	if (dio_align == 0)
61 		return false;
62 
63 	if (dio_align == 1)
64 		return true;
65 
66 	return IS_ALIGNED(iocb->ki_pos | iov_iter_alignment(iter), dio_align);
67 }
68 
ext4_dio_read_iter(struct kiocb * iocb,struct iov_iter * to)69 static ssize_t ext4_dio_read_iter(struct kiocb *iocb, struct iov_iter *to)
70 {
71 	ssize_t ret;
72 	struct inode *inode = file_inode(iocb->ki_filp);
73 
74 	if (iocb->ki_flags & IOCB_NOWAIT) {
75 		if (!inode_trylock_shared(inode))
76 			return -EAGAIN;
77 	} else {
78 		inode_lock_shared(inode);
79 	}
80 
81 	if (!ext4_should_use_dio(iocb, to)) {
82 		inode_unlock_shared(inode);
83 		/*
84 		 * Fallback to buffered I/O if the operation being performed on
85 		 * the inode is not supported by direct I/O. The IOCB_DIRECT
86 		 * flag needs to be cleared here in order to ensure that the
87 		 * direct I/O path within generic_file_read_iter() is not
88 		 * taken.
89 		 */
90 		iocb->ki_flags &= ~IOCB_DIRECT;
91 		return generic_file_read_iter(iocb, to);
92 	}
93 
94 	ret = iomap_dio_rw(iocb, to, &ext4_iomap_ops, NULL, 0, NULL, 0);
95 	inode_unlock_shared(inode);
96 
97 	file_accessed(iocb->ki_filp);
98 	return ret;
99 }
100 
101 #ifdef CONFIG_FS_DAX
ext4_dax_read_iter(struct kiocb * iocb,struct iov_iter * to)102 static ssize_t ext4_dax_read_iter(struct kiocb *iocb, struct iov_iter *to)
103 {
104 	struct inode *inode = file_inode(iocb->ki_filp);
105 	ssize_t ret;
106 
107 	if (iocb->ki_flags & IOCB_NOWAIT) {
108 		if (!inode_trylock_shared(inode))
109 			return -EAGAIN;
110 	} else {
111 		inode_lock_shared(inode);
112 	}
113 	/*
114 	 * Recheck under inode lock - at this point we are sure it cannot
115 	 * change anymore
116 	 */
117 	if (!IS_DAX(inode)) {
118 		inode_unlock_shared(inode);
119 		/* Fallback to buffered IO in case we cannot support DAX */
120 		return generic_file_read_iter(iocb, to);
121 	}
122 	ret = dax_iomap_rw(iocb, to, &ext4_iomap_ops);
123 	inode_unlock_shared(inode);
124 
125 	file_accessed(iocb->ki_filp);
126 	return ret;
127 }
128 #endif
129 
ext4_file_read_iter(struct kiocb * iocb,struct iov_iter * to)130 static ssize_t ext4_file_read_iter(struct kiocb *iocb, struct iov_iter *to)
131 {
132 	struct inode *inode = file_inode(iocb->ki_filp);
133 
134 	if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
135 		return -EIO;
136 
137 	if (!iov_iter_count(to))
138 		return 0; /* skip atime */
139 
140 #ifdef CONFIG_FS_DAX
141 	if (IS_DAX(inode))
142 		return ext4_dax_read_iter(iocb, to);
143 #endif
144 	if (iocb->ki_flags & IOCB_DIRECT)
145 		return ext4_dio_read_iter(iocb, to);
146 
147 	return generic_file_read_iter(iocb, to);
148 }
149 
150 /*
151  * Called when an inode is released. Note that this is different
152  * from ext4_file_open: open gets called at every open, but release
153  * gets called only when /all/ the files are closed.
154  */
ext4_release_file(struct inode * inode,struct file * filp)155 static int ext4_release_file(struct inode *inode, struct file *filp)
156 {
157 	if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE)) {
158 		ext4_alloc_da_blocks(inode);
159 		ext4_clear_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE);
160 	}
161 	/* if we are the last writer on the inode, drop the block reservation */
162 	if ((filp->f_mode & FMODE_WRITE) &&
163 			(atomic_read(&inode->i_writecount) == 1) &&
164 			!EXT4_I(inode)->i_reserved_data_blocks) {
165 		down_write(&EXT4_I(inode)->i_data_sem);
166 		ext4_discard_preallocations(inode, 0);
167 		up_write(&EXT4_I(inode)->i_data_sem);
168 	}
169 	if (is_dx(inode) && filp->private_data)
170 		ext4_htree_free_dir_info(filp->private_data);
171 
172 	return 0;
173 }
174 
175 /*
176  * This tests whether the IO in question is block-aligned or not.
177  * Ext4 utilizes unwritten extents when hole-filling during direct IO, and they
178  * are converted to written only after the IO is complete.  Until they are
179  * mapped, these blocks appear as holes, so dio_zero_block() will assume that
180  * it needs to zero out portions of the start and/or end block.  If 2 AIO
181  * threads are at work on the same unwritten block, they must be synchronized
182  * or one thread will zero the other's data, causing corruption.
183  */
184 static bool
ext4_unaligned_io(struct inode * inode,struct iov_iter * from,loff_t pos)185 ext4_unaligned_io(struct inode *inode, struct iov_iter *from, loff_t pos)
186 {
187 	struct super_block *sb = inode->i_sb;
188 	unsigned long blockmask = sb->s_blocksize - 1;
189 
190 	if ((pos | iov_iter_alignment(from)) & blockmask)
191 		return true;
192 
193 	return false;
194 }
195 
196 static bool
ext4_extending_io(struct inode * inode,loff_t offset,size_t len)197 ext4_extending_io(struct inode *inode, loff_t offset, size_t len)
198 {
199 	if (offset + len > i_size_read(inode) ||
200 	    offset + len > EXT4_I(inode)->i_disksize)
201 		return true;
202 	return false;
203 }
204 
205 /* Is IO overwriting allocated and initialized blocks? */
ext4_overwrite_io(struct inode * inode,loff_t pos,loff_t len)206 static bool ext4_overwrite_io(struct inode *inode, loff_t pos, loff_t len)
207 {
208 	struct ext4_map_blocks map;
209 	unsigned int blkbits = inode->i_blkbits;
210 	int err, blklen;
211 
212 	if (pos + len > i_size_read(inode))
213 		return false;
214 
215 	map.m_lblk = pos >> blkbits;
216 	map.m_len = EXT4_MAX_BLOCKS(len, pos, blkbits);
217 	blklen = map.m_len;
218 
219 	err = ext4_map_blocks(NULL, inode, &map, 0);
220 	/*
221 	 * 'err==len' means that all of the blocks have been preallocated,
222 	 * regardless of whether they have been initialized or not. To exclude
223 	 * unwritten extents, we need to check m_flags.
224 	 */
225 	return err == blklen && (map.m_flags & EXT4_MAP_MAPPED);
226 }
227 
ext4_generic_write_checks(struct kiocb * iocb,struct iov_iter * from)228 static ssize_t ext4_generic_write_checks(struct kiocb *iocb,
229 					 struct iov_iter *from)
230 {
231 	struct inode *inode = file_inode(iocb->ki_filp);
232 	ssize_t ret;
233 
234 	if (unlikely(IS_IMMUTABLE(inode)))
235 		return -EPERM;
236 
237 	ret = generic_write_checks(iocb, from);
238 	if (ret <= 0)
239 		return ret;
240 
241 	/*
242 	 * If we have encountered a bitmap-format file, the size limit
243 	 * is smaller than s_maxbytes, which is for extent-mapped files.
244 	 */
245 	if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) {
246 		struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
247 
248 		if (iocb->ki_pos >= sbi->s_bitmap_maxbytes)
249 			return -EFBIG;
250 		iov_iter_truncate(from, sbi->s_bitmap_maxbytes - iocb->ki_pos);
251 	}
252 
253 	return iov_iter_count(from);
254 }
255 
ext4_write_checks(struct kiocb * iocb,struct iov_iter * from)256 static ssize_t ext4_write_checks(struct kiocb *iocb, struct iov_iter *from)
257 {
258 	ssize_t ret, count;
259 
260 	count = ext4_generic_write_checks(iocb, from);
261 	if (count <= 0)
262 		return count;
263 
264 	ret = file_modified(iocb->ki_filp);
265 	if (ret)
266 		return ret;
267 	return count;
268 }
269 
ext4_buffered_write_iter(struct kiocb * iocb,struct iov_iter * from)270 static ssize_t ext4_buffered_write_iter(struct kiocb *iocb,
271 					struct iov_iter *from)
272 {
273 	ssize_t ret;
274 	struct inode *inode = file_inode(iocb->ki_filp);
275 
276 	if (iocb->ki_flags & IOCB_NOWAIT)
277 		return -EOPNOTSUPP;
278 
279 	inode_lock(inode);
280 	ret = ext4_write_checks(iocb, from);
281 	if (ret <= 0)
282 		goto out;
283 
284 	current->backing_dev_info = inode_to_bdi(inode);
285 	ret = generic_perform_write(iocb, from);
286 	current->backing_dev_info = NULL;
287 
288 out:
289 	inode_unlock(inode);
290 	if (likely(ret > 0)) {
291 		iocb->ki_pos += ret;
292 		ret = generic_write_sync(iocb, ret);
293 	}
294 
295 	return ret;
296 }
297 
ext4_handle_inode_extension(struct inode * inode,loff_t offset,ssize_t written,size_t count)298 static ssize_t ext4_handle_inode_extension(struct inode *inode, loff_t offset,
299 					   ssize_t written, size_t count)
300 {
301 	handle_t *handle;
302 	bool truncate = false;
303 	u8 blkbits = inode->i_blkbits;
304 	ext4_lblk_t written_blk, end_blk;
305 	int ret;
306 
307 	/*
308 	 * Note that EXT4_I(inode)->i_disksize can get extended up to
309 	 * inode->i_size while the I/O was running due to writeback of delalloc
310 	 * blocks. But, the code in ext4_iomap_alloc() is careful to use
311 	 * zeroed/unwritten extents if this is possible; thus we won't leave
312 	 * uninitialized blocks in a file even if we didn't succeed in writing
313 	 * as much as we intended.
314 	 */
315 	WARN_ON_ONCE(i_size_read(inode) < EXT4_I(inode)->i_disksize);
316 	if (offset + count <= EXT4_I(inode)->i_disksize) {
317 		/*
318 		 * We need to ensure that the inode is removed from the orphan
319 		 * list if it has been added prematurely, due to writeback of
320 		 * delalloc blocks.
321 		 */
322 		if (!list_empty(&EXT4_I(inode)->i_orphan) && inode->i_nlink) {
323 			handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
324 
325 			if (IS_ERR(handle)) {
326 				ext4_orphan_del(NULL, inode);
327 				return PTR_ERR(handle);
328 			}
329 
330 			ext4_orphan_del(handle, inode);
331 			ext4_journal_stop(handle);
332 		}
333 
334 		return written;
335 	}
336 
337 	if (written < 0)
338 		goto truncate;
339 
340 	handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
341 	if (IS_ERR(handle)) {
342 		written = PTR_ERR(handle);
343 		goto truncate;
344 	}
345 
346 	if (ext4_update_inode_size(inode, offset + written)) {
347 		ret = ext4_mark_inode_dirty(handle, inode);
348 		if (unlikely(ret)) {
349 			written = ret;
350 			ext4_journal_stop(handle);
351 			goto truncate;
352 		}
353 	}
354 
355 	/*
356 	 * We may need to truncate allocated but not written blocks beyond EOF.
357 	 */
358 	written_blk = ALIGN(offset + written, 1 << blkbits);
359 	end_blk = ALIGN(offset + count, 1 << blkbits);
360 	if (written_blk < end_blk && ext4_can_truncate(inode))
361 		truncate = true;
362 
363 	/*
364 	 * Remove the inode from the orphan list if it has been extended and
365 	 * everything went OK.
366 	 */
367 	if (!truncate && inode->i_nlink)
368 		ext4_orphan_del(handle, inode);
369 	ext4_journal_stop(handle);
370 
371 	if (truncate) {
372 truncate:
373 		ext4_truncate_failed_write(inode);
374 		/*
375 		 * If the truncate operation failed early, then the inode may
376 		 * still be on the orphan list. In that case, we need to try
377 		 * remove the inode from the in-memory linked list.
378 		 */
379 		if (inode->i_nlink)
380 			ext4_orphan_del(NULL, inode);
381 	}
382 
383 	return written;
384 }
385 
ext4_dio_write_end_io(struct kiocb * iocb,ssize_t size,int error,unsigned int flags)386 static int ext4_dio_write_end_io(struct kiocb *iocb, ssize_t size,
387 				 int error, unsigned int flags)
388 {
389 	loff_t pos = iocb->ki_pos;
390 	struct inode *inode = file_inode(iocb->ki_filp);
391 
392 	if (error)
393 		return error;
394 
395 	if (size && flags & IOMAP_DIO_UNWRITTEN) {
396 		error = ext4_convert_unwritten_extents(NULL, inode, pos, size);
397 		if (error < 0)
398 			return error;
399 	}
400 	/*
401 	 * If we are extending the file, we have to update i_size here before
402 	 * page cache gets invalidated in iomap_dio_rw(). Otherwise racing
403 	 * buffered reads could zero out too much from page cache pages. Update
404 	 * of on-disk size will happen later in ext4_dio_write_iter() where
405 	 * we have enough information to also perform orphan list handling etc.
406 	 * Note that we perform all extending writes synchronously under
407 	 * i_rwsem held exclusively so i_size update is safe here in that case.
408 	 * If the write was not extending, we cannot see pos > i_size here
409 	 * because operations reducing i_size like truncate wait for all
410 	 * outstanding DIO before updating i_size.
411 	 */
412 	pos += size;
413 	if (pos > i_size_read(inode))
414 		i_size_write(inode, pos);
415 
416 	return 0;
417 }
418 
419 static const struct iomap_dio_ops ext4_dio_write_ops = {
420 	.end_io = ext4_dio_write_end_io,
421 };
422 
423 /*
424  * The intention here is to start with shared lock acquired then see if any
425  * condition requires an exclusive inode lock. If yes, then we restart the
426  * whole operation by releasing the shared lock and acquiring exclusive lock.
427  *
428  * - For unaligned_io we never take shared lock as it may cause data corruption
429  *   when two unaligned IO tries to modify the same block e.g. while zeroing.
430  *
431  * - For extending writes case we don't take the shared lock, since it requires
432  *   updating inode i_disksize and/or orphan handling with exclusive lock.
433  *
434  * - shared locking will only be true mostly with overwrites. Otherwise we will
435  *   switch to exclusive i_rwsem lock.
436  */
ext4_dio_write_checks(struct kiocb * iocb,struct iov_iter * from,bool * ilock_shared,bool * extend)437 static ssize_t ext4_dio_write_checks(struct kiocb *iocb, struct iov_iter *from,
438 				     bool *ilock_shared, bool *extend)
439 {
440 	struct file *file = iocb->ki_filp;
441 	struct inode *inode = file_inode(file);
442 	loff_t offset;
443 	size_t count;
444 	ssize_t ret;
445 
446 restart:
447 	ret = ext4_generic_write_checks(iocb, from);
448 	if (ret <= 0)
449 		goto out;
450 
451 	offset = iocb->ki_pos;
452 	count = ret;
453 	if (ext4_extending_io(inode, offset, count))
454 		*extend = true;
455 	/*
456 	 * Determine whether the IO operation will overwrite allocated
457 	 * and initialized blocks.
458 	 * We need exclusive i_rwsem for changing security info
459 	 * in file_modified().
460 	 */
461 	if (*ilock_shared && (!IS_NOSEC(inode) || *extend ||
462 	     !ext4_overwrite_io(inode, offset, count))) {
463 		if (iocb->ki_flags & IOCB_NOWAIT) {
464 			ret = -EAGAIN;
465 			goto out;
466 		}
467 		inode_unlock_shared(inode);
468 		*ilock_shared = false;
469 		inode_lock(inode);
470 		goto restart;
471 	}
472 
473 	ret = file_modified(file);
474 	if (ret < 0)
475 		goto out;
476 
477 	return count;
478 out:
479 	if (*ilock_shared)
480 		inode_unlock_shared(inode);
481 	else
482 		inode_unlock(inode);
483 	return ret;
484 }
485 
ext4_dio_write_iter(struct kiocb * iocb,struct iov_iter * from)486 static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from)
487 {
488 	ssize_t ret;
489 	handle_t *handle;
490 	struct inode *inode = file_inode(iocb->ki_filp);
491 	loff_t offset = iocb->ki_pos;
492 	size_t count = iov_iter_count(from);
493 	const struct iomap_ops *iomap_ops = &ext4_iomap_ops;
494 	bool extend = false, unaligned_io = false;
495 	bool ilock_shared = true;
496 
497 	/*
498 	 * We initially start with shared inode lock unless it is
499 	 * unaligned IO which needs exclusive lock anyways.
500 	 */
501 	if (ext4_unaligned_io(inode, from, offset)) {
502 		unaligned_io = true;
503 		ilock_shared = false;
504 	}
505 	/*
506 	 * Quick check here without any i_rwsem lock to see if it is extending
507 	 * IO. A more reliable check is done in ext4_dio_write_checks() with
508 	 * proper locking in place.
509 	 */
510 	if (offset + count > i_size_read(inode))
511 		ilock_shared = false;
512 
513 	if (iocb->ki_flags & IOCB_NOWAIT) {
514 		if (ilock_shared) {
515 			if (!inode_trylock_shared(inode))
516 				return -EAGAIN;
517 		} else {
518 			if (!inode_trylock(inode))
519 				return -EAGAIN;
520 		}
521 	} else {
522 		if (ilock_shared)
523 			inode_lock_shared(inode);
524 		else
525 			inode_lock(inode);
526 	}
527 
528 	/* Fallback to buffered I/O if the inode does not support direct I/O. */
529 	if (!ext4_should_use_dio(iocb, from)) {
530 		if (ilock_shared)
531 			inode_unlock_shared(inode);
532 		else
533 			inode_unlock(inode);
534 		return ext4_buffered_write_iter(iocb, from);
535 	}
536 
537 	ret = ext4_dio_write_checks(iocb, from, &ilock_shared, &extend);
538 	if (ret <= 0)
539 		return ret;
540 
541 	/* if we're going to block and IOCB_NOWAIT is set, return -EAGAIN */
542 	if ((iocb->ki_flags & IOCB_NOWAIT) && (unaligned_io || extend)) {
543 		ret = -EAGAIN;
544 		goto out;
545 	}
546 	/*
547 	 * Make sure inline data cannot be created anymore since we are going
548 	 * to allocate blocks for DIO. We know the inode does not have any
549 	 * inline data now because ext4_dio_supported() checked for that.
550 	 */
551 	ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
552 
553 	offset = iocb->ki_pos;
554 	count = ret;
555 
556 	/*
557 	 * Unaligned direct IO must be serialized among each other as zeroing
558 	 * of partial blocks of two competing unaligned IOs can result in data
559 	 * corruption.
560 	 *
561 	 * So we make sure we don't allow any unaligned IO in flight.
562 	 * For IOs where we need not wait (like unaligned non-AIO DIO),
563 	 * below inode_dio_wait() may anyway become a no-op, since we start
564 	 * with exclusive lock.
565 	 */
566 	if (unaligned_io)
567 		inode_dio_wait(inode);
568 
569 	if (extend) {
570 		handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
571 		if (IS_ERR(handle)) {
572 			ret = PTR_ERR(handle);
573 			goto out;
574 		}
575 
576 		ret = ext4_orphan_add(handle, inode);
577 		if (ret) {
578 			ext4_journal_stop(handle);
579 			goto out;
580 		}
581 
582 		ext4_journal_stop(handle);
583 	}
584 
585 	if (ilock_shared)
586 		iomap_ops = &ext4_iomap_overwrite_ops;
587 	ret = iomap_dio_rw(iocb, from, iomap_ops, &ext4_dio_write_ops,
588 			   (unaligned_io || extend) ? IOMAP_DIO_FORCE_WAIT : 0,
589 			   NULL, 0);
590 	if (ret == -ENOTBLK)
591 		ret = 0;
592 
593 	if (extend)
594 		ret = ext4_handle_inode_extension(inode, offset, ret, count);
595 
596 out:
597 	if (ilock_shared)
598 		inode_unlock_shared(inode);
599 	else
600 		inode_unlock(inode);
601 
602 	if (ret >= 0 && iov_iter_count(from)) {
603 		ssize_t err;
604 		loff_t endbyte;
605 
606 		offset = iocb->ki_pos;
607 		err = ext4_buffered_write_iter(iocb, from);
608 		if (err < 0)
609 			return err;
610 
611 		/*
612 		 * We need to ensure that the pages within the page cache for
613 		 * the range covered by this I/O are written to disk and
614 		 * invalidated. This is in attempt to preserve the expected
615 		 * direct I/O semantics in the case we fallback to buffered I/O
616 		 * to complete off the I/O request.
617 		 */
618 		ret += err;
619 		endbyte = offset + err - 1;
620 		err = filemap_write_and_wait_range(iocb->ki_filp->f_mapping,
621 						   offset, endbyte);
622 		if (!err)
623 			invalidate_mapping_pages(iocb->ki_filp->f_mapping,
624 						 offset >> PAGE_SHIFT,
625 						 endbyte >> PAGE_SHIFT);
626 	}
627 
628 	return ret;
629 }
630 
631 #ifdef CONFIG_FS_DAX
632 static ssize_t
ext4_dax_write_iter(struct kiocb * iocb,struct iov_iter * from)633 ext4_dax_write_iter(struct kiocb *iocb, struct iov_iter *from)
634 {
635 	ssize_t ret;
636 	size_t count;
637 	loff_t offset;
638 	handle_t *handle;
639 	bool extend = false;
640 	struct inode *inode = file_inode(iocb->ki_filp);
641 
642 	if (iocb->ki_flags & IOCB_NOWAIT) {
643 		if (!inode_trylock(inode))
644 			return -EAGAIN;
645 	} else {
646 		inode_lock(inode);
647 	}
648 
649 	ret = ext4_write_checks(iocb, from);
650 	if (ret <= 0)
651 		goto out;
652 
653 	offset = iocb->ki_pos;
654 	count = iov_iter_count(from);
655 
656 	if (offset + count > EXT4_I(inode)->i_disksize) {
657 		handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
658 		if (IS_ERR(handle)) {
659 			ret = PTR_ERR(handle);
660 			goto out;
661 		}
662 
663 		ret = ext4_orphan_add(handle, inode);
664 		if (ret) {
665 			ext4_journal_stop(handle);
666 			goto out;
667 		}
668 
669 		extend = true;
670 		ext4_journal_stop(handle);
671 	}
672 
673 	ret = dax_iomap_rw(iocb, from, &ext4_iomap_ops);
674 
675 	if (extend)
676 		ret = ext4_handle_inode_extension(inode, offset, ret, count);
677 out:
678 	inode_unlock(inode);
679 	if (ret > 0)
680 		ret = generic_write_sync(iocb, ret);
681 	return ret;
682 }
683 #endif
684 
685 static ssize_t
ext4_file_write_iter(struct kiocb * iocb,struct iov_iter * from)686 ext4_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
687 {
688 	struct inode *inode = file_inode(iocb->ki_filp);
689 
690 	if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
691 		return -EIO;
692 
693 #ifdef CONFIG_FS_DAX
694 	if (IS_DAX(inode))
695 		return ext4_dax_write_iter(iocb, from);
696 #endif
697 	if (iocb->ki_flags & IOCB_DIRECT)
698 		return ext4_dio_write_iter(iocb, from);
699 	else
700 		return ext4_buffered_write_iter(iocb, from);
701 }
702 
703 #ifdef CONFIG_FS_DAX
ext4_dax_huge_fault(struct vm_fault * vmf,enum page_entry_size pe_size)704 static vm_fault_t ext4_dax_huge_fault(struct vm_fault *vmf,
705 		enum page_entry_size pe_size)
706 {
707 	int error = 0;
708 	vm_fault_t result;
709 	int retries = 0;
710 	handle_t *handle = NULL;
711 	struct inode *inode = file_inode(vmf->vma->vm_file);
712 	struct super_block *sb = inode->i_sb;
713 
714 	/*
715 	 * We have to distinguish real writes from writes which will result in a
716 	 * COW page; COW writes should *not* poke the journal (the file will not
717 	 * be changed). Doing so would cause unintended failures when mounted
718 	 * read-only.
719 	 *
720 	 * We check for VM_SHARED rather than vmf->cow_page since the latter is
721 	 * unset for pe_size != PE_SIZE_PTE (i.e. only in do_cow_fault); for
722 	 * other sizes, dax_iomap_fault will handle splitting / fallback so that
723 	 * we eventually come back with a COW page.
724 	 */
725 	bool write = (vmf->flags & FAULT_FLAG_WRITE) &&
726 		(vmf->vma->vm_flags & VM_SHARED);
727 	struct address_space *mapping = vmf->vma->vm_file->f_mapping;
728 	pfn_t pfn;
729 
730 	if (write) {
731 		sb_start_pagefault(sb);
732 		file_update_time(vmf->vma->vm_file);
733 		filemap_invalidate_lock_shared(mapping);
734 retry:
735 		handle = ext4_journal_start_sb(sb, EXT4_HT_WRITE_PAGE,
736 					       EXT4_DATA_TRANS_BLOCKS(sb));
737 		if (IS_ERR(handle)) {
738 			filemap_invalidate_unlock_shared(mapping);
739 			sb_end_pagefault(sb);
740 			return VM_FAULT_SIGBUS;
741 		}
742 	} else {
743 		filemap_invalidate_lock_shared(mapping);
744 	}
745 	result = dax_iomap_fault(vmf, pe_size, &pfn, &error, &ext4_iomap_ops);
746 	if (write) {
747 		ext4_journal_stop(handle);
748 
749 		if ((result & VM_FAULT_ERROR) && error == -ENOSPC &&
750 		    ext4_should_retry_alloc(sb, &retries))
751 			goto retry;
752 		/* Handling synchronous page fault? */
753 		if (result & VM_FAULT_NEEDDSYNC)
754 			result = dax_finish_sync_fault(vmf, pe_size, pfn);
755 		filemap_invalidate_unlock_shared(mapping);
756 		sb_end_pagefault(sb);
757 	} else {
758 		filemap_invalidate_unlock_shared(mapping);
759 	}
760 
761 	return result;
762 }
763 
ext4_dax_fault(struct vm_fault * vmf)764 static vm_fault_t ext4_dax_fault(struct vm_fault *vmf)
765 {
766 	return ext4_dax_huge_fault(vmf, PE_SIZE_PTE);
767 }
768 
769 static const struct vm_operations_struct ext4_dax_vm_ops = {
770 	.fault		= ext4_dax_fault,
771 	.huge_fault	= ext4_dax_huge_fault,
772 	.page_mkwrite	= ext4_dax_fault,
773 	.pfn_mkwrite	= ext4_dax_fault,
774 };
775 #else
776 #define ext4_dax_vm_ops	ext4_file_vm_ops
777 #endif
778 
779 static const struct vm_operations_struct ext4_file_vm_ops = {
780 	.fault		= filemap_fault,
781 	.map_pages	= filemap_map_pages,
782 	.page_mkwrite   = ext4_page_mkwrite,
783 };
784 
ext4_file_mmap(struct file * file,struct vm_area_struct * vma)785 static int ext4_file_mmap(struct file *file, struct vm_area_struct *vma)
786 {
787 	struct inode *inode = file->f_mapping->host;
788 	struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
789 	struct dax_device *dax_dev = sbi->s_daxdev;
790 
791 	if (unlikely(ext4_forced_shutdown(sbi)))
792 		return -EIO;
793 
794 	/*
795 	 * We don't support synchronous mappings for non-DAX files and
796 	 * for DAX files if underneath dax_device is not synchronous.
797 	 */
798 	if (!daxdev_mapping_supported(vma, dax_dev))
799 		return -EOPNOTSUPP;
800 
801 	file_accessed(file);
802 	if (IS_DAX(file_inode(file))) {
803 		vma->vm_ops = &ext4_dax_vm_ops;
804 		vma->vm_flags |= VM_HUGEPAGE;
805 	} else {
806 		vma->vm_ops = &ext4_file_vm_ops;
807 	}
808 	return 0;
809 }
810 
ext4_sample_last_mounted(struct super_block * sb,struct vfsmount * mnt)811 static int ext4_sample_last_mounted(struct super_block *sb,
812 				    struct vfsmount *mnt)
813 {
814 	struct ext4_sb_info *sbi = EXT4_SB(sb);
815 	struct path path;
816 	char buf[64], *cp;
817 	handle_t *handle;
818 	int err;
819 
820 	if (likely(ext4_test_mount_flag(sb, EXT4_MF_MNTDIR_SAMPLED)))
821 		return 0;
822 
823 	if (sb_rdonly(sb) || !sb_start_intwrite_trylock(sb))
824 		return 0;
825 
826 	ext4_set_mount_flag(sb, EXT4_MF_MNTDIR_SAMPLED);
827 	/*
828 	 * Sample where the filesystem has been mounted and
829 	 * store it in the superblock for sysadmin convenience
830 	 * when trying to sort through large numbers of block
831 	 * devices or filesystem images.
832 	 */
833 	memset(buf, 0, sizeof(buf));
834 	path.mnt = mnt;
835 	path.dentry = mnt->mnt_root;
836 	cp = d_path(&path, buf, sizeof(buf));
837 	err = 0;
838 	if (IS_ERR(cp))
839 		goto out;
840 
841 	handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
842 	err = PTR_ERR(handle);
843 	if (IS_ERR(handle))
844 		goto out;
845 	BUFFER_TRACE(sbi->s_sbh, "get_write_access");
846 	err = ext4_journal_get_write_access(handle, sb, sbi->s_sbh,
847 					    EXT4_JTR_NONE);
848 	if (err)
849 		goto out_journal;
850 	lock_buffer(sbi->s_sbh);
851 	strncpy(sbi->s_es->s_last_mounted, cp,
852 		sizeof(sbi->s_es->s_last_mounted));
853 	ext4_superblock_csum_set(sb);
854 	unlock_buffer(sbi->s_sbh);
855 	ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh);
856 out_journal:
857 	ext4_journal_stop(handle);
858 out:
859 	sb_end_intwrite(sb);
860 	return err;
861 }
862 
ext4_file_open(struct inode * inode,struct file * filp)863 static int ext4_file_open(struct inode *inode, struct file *filp)
864 {
865 	int ret;
866 
867 	if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
868 		return -EIO;
869 
870 	ret = ext4_sample_last_mounted(inode->i_sb, filp->f_path.mnt);
871 	if (ret)
872 		return ret;
873 
874 	ret = fscrypt_file_open(inode, filp);
875 	if (ret)
876 		return ret;
877 
878 	ret = fsverity_file_open(inode, filp);
879 	if (ret)
880 		return ret;
881 
882 	/*
883 	 * Set up the jbd2_inode if we are opening the inode for
884 	 * writing and the journal is present
885 	 */
886 	if (filp->f_mode & FMODE_WRITE) {
887 		ret = ext4_inode_attach_jinode(inode);
888 		if (ret < 0)
889 			return ret;
890 	}
891 
892 	filp->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC;
893 	return dquot_file_open(inode, filp);
894 }
895 
896 /*
897  * ext4_llseek() handles both block-mapped and extent-mapped maxbytes values
898  * by calling generic_file_llseek_size() with the appropriate maxbytes
899  * value for each.
900  */
ext4_llseek(struct file * file,loff_t offset,int whence)901 loff_t ext4_llseek(struct file *file, loff_t offset, int whence)
902 {
903 	struct inode *inode = file->f_mapping->host;
904 	loff_t maxbytes;
905 
906 	if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)))
907 		maxbytes = EXT4_SB(inode->i_sb)->s_bitmap_maxbytes;
908 	else
909 		maxbytes = inode->i_sb->s_maxbytes;
910 
911 	switch (whence) {
912 	default:
913 		return generic_file_llseek_size(file, offset, whence,
914 						maxbytes, i_size_read(inode));
915 	case SEEK_HOLE:
916 		inode_lock_shared(inode);
917 		offset = iomap_seek_hole(inode, offset,
918 					 &ext4_iomap_report_ops);
919 		inode_unlock_shared(inode);
920 		break;
921 	case SEEK_DATA:
922 		inode_lock_shared(inode);
923 		offset = iomap_seek_data(inode, offset,
924 					 &ext4_iomap_report_ops);
925 		inode_unlock_shared(inode);
926 		break;
927 	}
928 
929 	if (offset < 0)
930 		return offset;
931 	return vfs_setpos(file, offset, maxbytes);
932 }
933 
934 const struct file_operations ext4_file_operations = {
935 	.llseek		= ext4_llseek,
936 	.read_iter	= ext4_file_read_iter,
937 	.write_iter	= ext4_file_write_iter,
938 	.iopoll		= iocb_bio_iopoll,
939 	.unlocked_ioctl = ext4_ioctl,
940 #ifdef CONFIG_COMPAT
941 	.compat_ioctl	= ext4_compat_ioctl,
942 #endif
943 	.mmap		= ext4_file_mmap,
944 	.mmap_supported_flags = MAP_SYNC,
945 	.open		= ext4_file_open,
946 	.release	= ext4_release_file,
947 	.fsync		= ext4_sync_file,
948 	.get_unmapped_area = thp_get_unmapped_area,
949 	.splice_read	= generic_file_splice_read,
950 	.splice_write	= iter_file_splice_write,
951 	.fallocate	= ext4_fallocate,
952 };
953 
954 const struct inode_operations ext4_file_inode_operations = {
955 	.setattr	= ext4_setattr,
956 	.getattr	= ext4_file_getattr,
957 	.listxattr	= ext4_listxattr,
958 	.get_acl	= ext4_get_acl,
959 	.set_acl	= ext4_set_acl,
960 	.fiemap		= ext4_fiemap,
961 	.fileattr_get	= ext4_fileattr_get,
962 	.fileattr_set	= ext4_fileattr_set,
963 };
964 
965