1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  linux/fs/ext4/file.c
4  *
5  * Copyright (C) 1992, 1993, 1994, 1995
6  * Remy Card (card@masi.ibp.fr)
7  * Laboratoire MASI - Institut Blaise Pascal
8  * Universite Pierre et Marie Curie (Paris VI)
9  *
10  *  from
11  *
12  *  linux/fs/minix/file.c
13  *
14  *  Copyright (C) 1991, 1992  Linus Torvalds
15  *
16  *  ext4 fs regular file handling primitives
17  *
18  *  64-bit file support on 64-bit platforms by Jakub Jelinek
19  *	(jj@sunsite.ms.mff.cuni.cz)
20  */
21 
22 #include <linux/time.h>
23 #include <linux/fs.h>
24 #include <linux/iomap.h>
25 #include <linux/mount.h>
26 #include <linux/path.h>
27 #include <linux/dax.h>
28 #include <linux/quotaops.h>
29 #include <linux/pagevec.h>
30 #include <linux/uio.h>
31 #include <linux/mman.h>
32 #include <linux/backing-dev.h>
33 #include "ext4.h"
34 #include "ext4_jbd2.h"
35 #include "xattr.h"
36 #include "acl.h"
37 #include "truncate.h"
38 
39 /*
40  * Returns %true if the given DIO request should be attempted with DIO, or
41  * %false if it should fall back to buffered I/O.
42  *
43  * DIO isn't well specified; when it's unsupported (either due to the request
44  * being misaligned, or due to the file not supporting DIO at all), filesystems
45  * either fall back to buffered I/O or return EINVAL.  For files that don't use
46  * any special features like encryption or verity, ext4 has traditionally
47  * returned EINVAL for misaligned DIO.  iomap_dio_rw() uses this convention too.
48  * In this case, we should attempt the DIO, *not* fall back to buffered I/O.
49  *
50  * In contrast, in cases where DIO is unsupported due to ext4 features, ext4
51  * traditionally falls back to buffered I/O.
52  *
53  * This function implements the traditional ext4 behavior in all these cases.
54  */
ext4_should_use_dio(struct kiocb * iocb,struct iov_iter * iter)55 static bool ext4_should_use_dio(struct kiocb *iocb, struct iov_iter *iter)
56 {
57 	struct inode *inode = file_inode(iocb->ki_filp);
58 	u32 dio_align = ext4_dio_alignment(inode);
59 
60 	if (dio_align == 0)
61 		return false;
62 
63 	if (dio_align == 1)
64 		return true;
65 
66 	return IS_ALIGNED(iocb->ki_pos | iov_iter_alignment(iter), dio_align);
67 }
68 
ext4_dio_read_iter(struct kiocb * iocb,struct iov_iter * to)69 static ssize_t ext4_dio_read_iter(struct kiocb *iocb, struct iov_iter *to)
70 {
71 	ssize_t ret;
72 	struct inode *inode = file_inode(iocb->ki_filp);
73 
74 	if (iocb->ki_flags & IOCB_NOWAIT) {
75 		if (!inode_trylock_shared(inode))
76 			return -EAGAIN;
77 	} else {
78 		inode_lock_shared(inode);
79 	}
80 
81 	if (!ext4_should_use_dio(iocb, to)) {
82 		inode_unlock_shared(inode);
83 		/*
84 		 * Fallback to buffered I/O if the operation being performed on
85 		 * the inode is not supported by direct I/O. The IOCB_DIRECT
86 		 * flag needs to be cleared here in order to ensure that the
87 		 * direct I/O path within generic_file_read_iter() is not
88 		 * taken.
89 		 */
90 		iocb->ki_flags &= ~IOCB_DIRECT;
91 		return generic_file_read_iter(iocb, to);
92 	}
93 
94 	ret = iomap_dio_rw(iocb, to, &ext4_iomap_ops, NULL, 0, NULL, 0);
95 	inode_unlock_shared(inode);
96 
97 	file_accessed(iocb->ki_filp);
98 	return ret;
99 }
100 
101 #ifdef CONFIG_FS_DAX
ext4_dax_read_iter(struct kiocb * iocb,struct iov_iter * to)102 static ssize_t ext4_dax_read_iter(struct kiocb *iocb, struct iov_iter *to)
103 {
104 	struct inode *inode = file_inode(iocb->ki_filp);
105 	ssize_t ret;
106 
107 	if (iocb->ki_flags & IOCB_NOWAIT) {
108 		if (!inode_trylock_shared(inode))
109 			return -EAGAIN;
110 	} else {
111 		inode_lock_shared(inode);
112 	}
113 	/*
114 	 * Recheck under inode lock - at this point we are sure it cannot
115 	 * change anymore
116 	 */
117 	if (!IS_DAX(inode)) {
118 		inode_unlock_shared(inode);
119 		/* Fallback to buffered IO in case we cannot support DAX */
120 		return generic_file_read_iter(iocb, to);
121 	}
122 	ret = dax_iomap_rw(iocb, to, &ext4_iomap_ops);
123 	inode_unlock_shared(inode);
124 
125 	file_accessed(iocb->ki_filp);
126 	return ret;
127 }
128 #endif
129 
ext4_file_read_iter(struct kiocb * iocb,struct iov_iter * to)130 static ssize_t ext4_file_read_iter(struct kiocb *iocb, struct iov_iter *to)
131 {
132 	struct inode *inode = file_inode(iocb->ki_filp);
133 
134 	if (unlikely(ext4_forced_shutdown(inode->i_sb)))
135 		return -EIO;
136 
137 	if (!iov_iter_count(to))
138 		return 0; /* skip atime */
139 
140 #ifdef CONFIG_FS_DAX
141 	if (IS_DAX(inode))
142 		return ext4_dax_read_iter(iocb, to);
143 #endif
144 	if (iocb->ki_flags & IOCB_DIRECT)
145 		return ext4_dio_read_iter(iocb, to);
146 
147 	return generic_file_read_iter(iocb, to);
148 }
149 
ext4_file_splice_read(struct file * in,loff_t * ppos,struct pipe_inode_info * pipe,size_t len,unsigned int flags)150 static ssize_t ext4_file_splice_read(struct file *in, loff_t *ppos,
151 				     struct pipe_inode_info *pipe,
152 				     size_t len, unsigned int flags)
153 {
154 	struct inode *inode = file_inode(in);
155 
156 	if (unlikely(ext4_forced_shutdown(inode->i_sb)))
157 		return -EIO;
158 	return filemap_splice_read(in, ppos, pipe, len, flags);
159 }
160 
161 /*
162  * Called when an inode is released. Note that this is different
163  * from ext4_file_open: open gets called at every open, but release
164  * gets called only when /all/ the files are closed.
165  */
ext4_release_file(struct inode * inode,struct file * filp)166 static int ext4_release_file(struct inode *inode, struct file *filp)
167 {
168 	if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE)) {
169 		ext4_alloc_da_blocks(inode);
170 		ext4_clear_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE);
171 	}
172 	/* if we are the last writer on the inode, drop the block reservation */
173 	if ((filp->f_mode & FMODE_WRITE) &&
174 			(atomic_read(&inode->i_writecount) == 1) &&
175 			!EXT4_I(inode)->i_reserved_data_blocks) {
176 		down_write(&EXT4_I(inode)->i_data_sem);
177 		ext4_discard_preallocations(inode, 0);
178 		up_write(&EXT4_I(inode)->i_data_sem);
179 	}
180 	if (is_dx(inode) && filp->private_data)
181 		ext4_htree_free_dir_info(filp->private_data);
182 
183 	return 0;
184 }
185 
186 /*
187  * This tests whether the IO in question is block-aligned or not.
188  * Ext4 utilizes unwritten extents when hole-filling during direct IO, and they
189  * are converted to written only after the IO is complete.  Until they are
190  * mapped, these blocks appear as holes, so dio_zero_block() will assume that
191  * it needs to zero out portions of the start and/or end block.  If 2 AIO
192  * threads are at work on the same unwritten block, they must be synchronized
193  * or one thread will zero the other's data, causing corruption.
194  */
195 static bool
ext4_unaligned_io(struct inode * inode,struct iov_iter * from,loff_t pos)196 ext4_unaligned_io(struct inode *inode, struct iov_iter *from, loff_t pos)
197 {
198 	struct super_block *sb = inode->i_sb;
199 	unsigned long blockmask = sb->s_blocksize - 1;
200 
201 	if ((pos | iov_iter_alignment(from)) & blockmask)
202 		return true;
203 
204 	return false;
205 }
206 
207 static bool
ext4_extending_io(struct inode * inode,loff_t offset,size_t len)208 ext4_extending_io(struct inode *inode, loff_t offset, size_t len)
209 {
210 	if (offset + len > i_size_read(inode) ||
211 	    offset + len > EXT4_I(inode)->i_disksize)
212 		return true;
213 	return false;
214 }
215 
216 /* Is IO overwriting allocated or initialized blocks? */
ext4_overwrite_io(struct inode * inode,loff_t pos,loff_t len,bool * unwritten)217 static bool ext4_overwrite_io(struct inode *inode,
218 			      loff_t pos, loff_t len, bool *unwritten)
219 {
220 	struct ext4_map_blocks map;
221 	unsigned int blkbits = inode->i_blkbits;
222 	int err, blklen;
223 
224 	if (pos + len > i_size_read(inode))
225 		return false;
226 
227 	map.m_lblk = pos >> blkbits;
228 	map.m_len = EXT4_MAX_BLOCKS(len, pos, blkbits);
229 	blklen = map.m_len;
230 
231 	err = ext4_map_blocks(NULL, inode, &map, 0);
232 	if (err != blklen)
233 		return false;
234 	/*
235 	 * 'err==len' means that all of the blocks have been preallocated,
236 	 * regardless of whether they have been initialized or not. We need to
237 	 * check m_flags to distinguish the unwritten extents.
238 	 */
239 	*unwritten = !(map.m_flags & EXT4_MAP_MAPPED);
240 	return true;
241 }
242 
ext4_generic_write_checks(struct kiocb * iocb,struct iov_iter * from)243 static ssize_t ext4_generic_write_checks(struct kiocb *iocb,
244 					 struct iov_iter *from)
245 {
246 	struct inode *inode = file_inode(iocb->ki_filp);
247 	ssize_t ret;
248 
249 	if (unlikely(IS_IMMUTABLE(inode)))
250 		return -EPERM;
251 
252 	ret = generic_write_checks(iocb, from);
253 	if (ret <= 0)
254 		return ret;
255 
256 	/*
257 	 * If we have encountered a bitmap-format file, the size limit
258 	 * is smaller than s_maxbytes, which is for extent-mapped files.
259 	 */
260 	if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS))) {
261 		struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
262 
263 		if (iocb->ki_pos >= sbi->s_bitmap_maxbytes)
264 			return -EFBIG;
265 		iov_iter_truncate(from, sbi->s_bitmap_maxbytes - iocb->ki_pos);
266 	}
267 
268 	return iov_iter_count(from);
269 }
270 
ext4_write_checks(struct kiocb * iocb,struct iov_iter * from)271 static ssize_t ext4_write_checks(struct kiocb *iocb, struct iov_iter *from)
272 {
273 	ssize_t ret, count;
274 
275 	count = ext4_generic_write_checks(iocb, from);
276 	if (count <= 0)
277 		return count;
278 
279 	ret = file_modified(iocb->ki_filp);
280 	if (ret)
281 		return ret;
282 	return count;
283 }
284 
ext4_buffered_write_iter(struct kiocb * iocb,struct iov_iter * from)285 static ssize_t ext4_buffered_write_iter(struct kiocb *iocb,
286 					struct iov_iter *from)
287 {
288 	ssize_t ret;
289 	struct inode *inode = file_inode(iocb->ki_filp);
290 
291 	if (iocb->ki_flags & IOCB_NOWAIT)
292 		return -EOPNOTSUPP;
293 
294 	inode_lock(inode);
295 	ret = ext4_write_checks(iocb, from);
296 	if (ret <= 0)
297 		goto out;
298 
299 	ret = generic_perform_write(iocb, from);
300 
301 out:
302 	inode_unlock(inode);
303 	if (unlikely(ret <= 0))
304 		return ret;
305 	return generic_write_sync(iocb, ret);
306 }
307 
ext4_handle_inode_extension(struct inode * inode,loff_t offset,ssize_t count)308 static ssize_t ext4_handle_inode_extension(struct inode *inode, loff_t offset,
309 					   ssize_t count)
310 {
311 	handle_t *handle;
312 
313 	lockdep_assert_held_write(&inode->i_rwsem);
314 	handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
315 	if (IS_ERR(handle))
316 		return PTR_ERR(handle);
317 
318 	if (ext4_update_inode_size(inode, offset + count)) {
319 		int ret = ext4_mark_inode_dirty(handle, inode);
320 		if (unlikely(ret)) {
321 			ext4_journal_stop(handle);
322 			return ret;
323 		}
324 	}
325 
326 	if (inode->i_nlink)
327 		ext4_orphan_del(handle, inode);
328 	ext4_journal_stop(handle);
329 
330 	return count;
331 }
332 
333 /*
334  * Clean up the inode after DIO or DAX extending write has completed and the
335  * inode size has been updated using ext4_handle_inode_extension().
336  */
ext4_inode_extension_cleanup(struct inode * inode,ssize_t count)337 static void ext4_inode_extension_cleanup(struct inode *inode, ssize_t count)
338 {
339 	lockdep_assert_held_write(&inode->i_rwsem);
340 	if (count < 0) {
341 		ext4_truncate_failed_write(inode);
342 		/*
343 		 * If the truncate operation failed early, then the inode may
344 		 * still be on the orphan list. In that case, we need to try
345 		 * remove the inode from the in-memory linked list.
346 		 */
347 		if (inode->i_nlink)
348 			ext4_orphan_del(NULL, inode);
349 		return;
350 	}
351 	/*
352 	 * If i_disksize got extended either due to writeback of delalloc
353 	 * blocks or extending truncate while the DIO was running we could fail
354 	 * to cleanup the orphan list in ext4_handle_inode_extension(). Do it
355 	 * now.
356 	 */
357 	if (!list_empty(&EXT4_I(inode)->i_orphan) && inode->i_nlink) {
358 		handle_t *handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
359 
360 		if (IS_ERR(handle)) {
361 			/*
362 			 * The write has successfully completed. Not much to
363 			 * do with the error here so just cleanup the orphan
364 			 * list and hope for the best.
365 			 */
366 			ext4_orphan_del(NULL, inode);
367 			return;
368 		}
369 		ext4_orphan_del(handle, inode);
370 		ext4_journal_stop(handle);
371 	}
372 }
373 
ext4_dio_write_end_io(struct kiocb * iocb,ssize_t size,int error,unsigned int flags)374 static int ext4_dio_write_end_io(struct kiocb *iocb, ssize_t size,
375 				 int error, unsigned int flags)
376 {
377 	loff_t pos = iocb->ki_pos;
378 	struct inode *inode = file_inode(iocb->ki_filp);
379 
380 	if (!error && size && flags & IOMAP_DIO_UNWRITTEN)
381 		error = ext4_convert_unwritten_extents(NULL, inode, pos, size);
382 	if (error)
383 		return error;
384 	/*
385 	 * Note that EXT4_I(inode)->i_disksize can get extended up to
386 	 * inode->i_size while the I/O was running due to writeback of delalloc
387 	 * blocks. But the code in ext4_iomap_alloc() is careful to use
388 	 * zeroed/unwritten extents if this is possible; thus we won't leave
389 	 * uninitialized blocks in a file even if we didn't succeed in writing
390 	 * as much as we intended. Also we can race with truncate or write
391 	 * expanding the file so we have to be a bit careful here.
392 	 */
393 	if (pos + size <= READ_ONCE(EXT4_I(inode)->i_disksize) &&
394 	    pos + size <= i_size_read(inode))
395 		return size;
396 	return ext4_handle_inode_extension(inode, pos, size);
397 }
398 
399 static const struct iomap_dio_ops ext4_dio_write_ops = {
400 	.end_io = ext4_dio_write_end_io,
401 };
402 
403 /*
404  * The intention here is to start with shared lock acquired then see if any
405  * condition requires an exclusive inode lock. If yes, then we restart the
406  * whole operation by releasing the shared lock and acquiring exclusive lock.
407  *
408  * - For unaligned_io we never take shared lock as it may cause data corruption
409  *   when two unaligned IO tries to modify the same block e.g. while zeroing.
410  *
411  * - For extending writes case we don't take the shared lock, since it requires
412  *   updating inode i_disksize and/or orphan handling with exclusive lock.
413  *
414  * - shared locking will only be true mostly with overwrites, including
415  *   initialized blocks and unwritten blocks. For overwrite unwritten blocks
416  *   we protect splitting extents by i_data_sem in ext4_inode_info, so we can
417  *   also release exclusive i_rwsem lock.
418  *
419  * - Otherwise we will switch to exclusive i_rwsem lock.
420  */
ext4_dio_write_checks(struct kiocb * iocb,struct iov_iter * from,bool * ilock_shared,bool * extend,bool * unwritten,int * dio_flags)421 static ssize_t ext4_dio_write_checks(struct kiocb *iocb, struct iov_iter *from,
422 				     bool *ilock_shared, bool *extend,
423 				     bool *unwritten, int *dio_flags)
424 {
425 	struct file *file = iocb->ki_filp;
426 	struct inode *inode = file_inode(file);
427 	loff_t offset;
428 	size_t count;
429 	ssize_t ret;
430 	bool overwrite, unaligned_io;
431 
432 restart:
433 	ret = ext4_generic_write_checks(iocb, from);
434 	if (ret <= 0)
435 		goto out;
436 
437 	offset = iocb->ki_pos;
438 	count = ret;
439 
440 	unaligned_io = ext4_unaligned_io(inode, from, offset);
441 	*extend = ext4_extending_io(inode, offset, count);
442 	overwrite = ext4_overwrite_io(inode, offset, count, unwritten);
443 
444 	/*
445 	 * Determine whether we need to upgrade to an exclusive lock. This is
446 	 * required to change security info in file_modified(), for extending
447 	 * I/O, any form of non-overwrite I/O, and unaligned I/O to unwritten
448 	 * extents (as partial block zeroing may be required).
449 	 *
450 	 * Note that unaligned writes are allowed under shared lock so long as
451 	 * they are pure overwrites. Otherwise, concurrent unaligned writes risk
452 	 * data corruption due to partial block zeroing in the dio layer, and so
453 	 * the I/O must occur exclusively.
454 	 */
455 	if (*ilock_shared &&
456 	    ((!IS_NOSEC(inode) || *extend || !overwrite ||
457 	     (unaligned_io && *unwritten)))) {
458 		if (iocb->ki_flags & IOCB_NOWAIT) {
459 			ret = -EAGAIN;
460 			goto out;
461 		}
462 		inode_unlock_shared(inode);
463 		*ilock_shared = false;
464 		inode_lock(inode);
465 		goto restart;
466 	}
467 
468 	/*
469 	 * Now that locking is settled, determine dio flags and exclusivity
470 	 * requirements. We don't use DIO_OVERWRITE_ONLY because we enforce
471 	 * behavior already. The inode lock is already held exclusive if the
472 	 * write is non-overwrite or extending, so drain all outstanding dio and
473 	 * set the force wait dio flag.
474 	 */
475 	if (!*ilock_shared && (unaligned_io || *extend)) {
476 		if (iocb->ki_flags & IOCB_NOWAIT) {
477 			ret = -EAGAIN;
478 			goto out;
479 		}
480 		if (unaligned_io && (!overwrite || *unwritten))
481 			inode_dio_wait(inode);
482 		*dio_flags = IOMAP_DIO_FORCE_WAIT;
483 	}
484 
485 	ret = file_modified(file);
486 	if (ret < 0)
487 		goto out;
488 
489 	return count;
490 out:
491 	if (*ilock_shared)
492 		inode_unlock_shared(inode);
493 	else
494 		inode_unlock(inode);
495 	return ret;
496 }
497 
ext4_dio_write_iter(struct kiocb * iocb,struct iov_iter * from)498 static ssize_t ext4_dio_write_iter(struct kiocb *iocb, struct iov_iter *from)
499 {
500 	ssize_t ret;
501 	handle_t *handle;
502 	struct inode *inode = file_inode(iocb->ki_filp);
503 	loff_t offset = iocb->ki_pos;
504 	size_t count = iov_iter_count(from);
505 	const struct iomap_ops *iomap_ops = &ext4_iomap_ops;
506 	bool extend = false, unwritten = false;
507 	bool ilock_shared = true;
508 	int dio_flags = 0;
509 
510 	/*
511 	 * Quick check here without any i_rwsem lock to see if it is extending
512 	 * IO. A more reliable check is done in ext4_dio_write_checks() with
513 	 * proper locking in place.
514 	 */
515 	if (offset + count > i_size_read(inode))
516 		ilock_shared = false;
517 
518 	if (iocb->ki_flags & IOCB_NOWAIT) {
519 		if (ilock_shared) {
520 			if (!inode_trylock_shared(inode))
521 				return -EAGAIN;
522 		} else {
523 			if (!inode_trylock(inode))
524 				return -EAGAIN;
525 		}
526 	} else {
527 		if (ilock_shared)
528 			inode_lock_shared(inode);
529 		else
530 			inode_lock(inode);
531 	}
532 
533 	/* Fallback to buffered I/O if the inode does not support direct I/O. */
534 	if (!ext4_should_use_dio(iocb, from)) {
535 		if (ilock_shared)
536 			inode_unlock_shared(inode);
537 		else
538 			inode_unlock(inode);
539 		return ext4_buffered_write_iter(iocb, from);
540 	}
541 
542 	/*
543 	 * Prevent inline data from being created since we are going to allocate
544 	 * blocks for DIO. We know the inode does not currently have inline data
545 	 * because ext4_should_use_dio() checked for it, but we have to clear
546 	 * the state flag before the write checks because a lock cycle could
547 	 * introduce races with other writers.
548 	 */
549 	ext4_clear_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA);
550 
551 	ret = ext4_dio_write_checks(iocb, from, &ilock_shared, &extend,
552 				    &unwritten, &dio_flags);
553 	if (ret <= 0)
554 		return ret;
555 
556 	offset = iocb->ki_pos;
557 	count = ret;
558 
559 	if (extend) {
560 		handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
561 		if (IS_ERR(handle)) {
562 			ret = PTR_ERR(handle);
563 			goto out;
564 		}
565 
566 		ret = ext4_orphan_add(handle, inode);
567 		if (ret) {
568 			ext4_journal_stop(handle);
569 			goto out;
570 		}
571 
572 		ext4_journal_stop(handle);
573 	}
574 
575 	if (ilock_shared && !unwritten)
576 		iomap_ops = &ext4_iomap_overwrite_ops;
577 	ret = iomap_dio_rw(iocb, from, iomap_ops, &ext4_dio_write_ops,
578 			   dio_flags, NULL, 0);
579 	if (ret == -ENOTBLK)
580 		ret = 0;
581 	if (extend) {
582 		/*
583 		 * We always perform extending DIO write synchronously so by
584 		 * now the IO is completed and ext4_handle_inode_extension()
585 		 * was called. Cleanup the inode in case of error or race with
586 		 * writeback of delalloc blocks.
587 		 */
588 		WARN_ON_ONCE(ret == -EIOCBQUEUED);
589 		ext4_inode_extension_cleanup(inode, ret);
590 	}
591 
592 out:
593 	if (ilock_shared)
594 		inode_unlock_shared(inode);
595 	else
596 		inode_unlock(inode);
597 
598 	if (ret >= 0 && iov_iter_count(from)) {
599 		ssize_t err;
600 		loff_t endbyte;
601 
602 		offset = iocb->ki_pos;
603 		err = ext4_buffered_write_iter(iocb, from);
604 		if (err < 0)
605 			return err;
606 
607 		/*
608 		 * We need to ensure that the pages within the page cache for
609 		 * the range covered by this I/O are written to disk and
610 		 * invalidated. This is in attempt to preserve the expected
611 		 * direct I/O semantics in the case we fallback to buffered I/O
612 		 * to complete off the I/O request.
613 		 */
614 		ret += err;
615 		endbyte = offset + err - 1;
616 		err = filemap_write_and_wait_range(iocb->ki_filp->f_mapping,
617 						   offset, endbyte);
618 		if (!err)
619 			invalidate_mapping_pages(iocb->ki_filp->f_mapping,
620 						 offset >> PAGE_SHIFT,
621 						 endbyte >> PAGE_SHIFT);
622 	}
623 
624 	return ret;
625 }
626 
627 #ifdef CONFIG_FS_DAX
628 static ssize_t
ext4_dax_write_iter(struct kiocb * iocb,struct iov_iter * from)629 ext4_dax_write_iter(struct kiocb *iocb, struct iov_iter *from)
630 {
631 	ssize_t ret;
632 	size_t count;
633 	loff_t offset;
634 	handle_t *handle;
635 	bool extend = false;
636 	struct inode *inode = file_inode(iocb->ki_filp);
637 
638 	if (iocb->ki_flags & IOCB_NOWAIT) {
639 		if (!inode_trylock(inode))
640 			return -EAGAIN;
641 	} else {
642 		inode_lock(inode);
643 	}
644 
645 	ret = ext4_write_checks(iocb, from);
646 	if (ret <= 0)
647 		goto out;
648 
649 	offset = iocb->ki_pos;
650 	count = iov_iter_count(from);
651 
652 	if (offset + count > EXT4_I(inode)->i_disksize) {
653 		handle = ext4_journal_start(inode, EXT4_HT_INODE, 2);
654 		if (IS_ERR(handle)) {
655 			ret = PTR_ERR(handle);
656 			goto out;
657 		}
658 
659 		ret = ext4_orphan_add(handle, inode);
660 		if (ret) {
661 			ext4_journal_stop(handle);
662 			goto out;
663 		}
664 
665 		extend = true;
666 		ext4_journal_stop(handle);
667 	}
668 
669 	ret = dax_iomap_rw(iocb, from, &ext4_iomap_ops);
670 
671 	if (extend) {
672 		ret = ext4_handle_inode_extension(inode, offset, ret);
673 		ext4_inode_extension_cleanup(inode, ret);
674 	}
675 out:
676 	inode_unlock(inode);
677 	if (ret > 0)
678 		ret = generic_write_sync(iocb, ret);
679 	return ret;
680 }
681 #endif
682 
683 static ssize_t
ext4_file_write_iter(struct kiocb * iocb,struct iov_iter * from)684 ext4_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
685 {
686 	struct inode *inode = file_inode(iocb->ki_filp);
687 
688 	if (unlikely(ext4_forced_shutdown(inode->i_sb)))
689 		return -EIO;
690 
691 #ifdef CONFIG_FS_DAX
692 	if (IS_DAX(inode))
693 		return ext4_dax_write_iter(iocb, from);
694 #endif
695 	if (iocb->ki_flags & IOCB_DIRECT)
696 		return ext4_dio_write_iter(iocb, from);
697 	else
698 		return ext4_buffered_write_iter(iocb, from);
699 }
700 
701 #ifdef CONFIG_FS_DAX
ext4_dax_huge_fault(struct vm_fault * vmf,unsigned int order)702 static vm_fault_t ext4_dax_huge_fault(struct vm_fault *vmf, unsigned int order)
703 {
704 	int error = 0;
705 	vm_fault_t result;
706 	int retries = 0;
707 	handle_t *handle = NULL;
708 	struct inode *inode = file_inode(vmf->vma->vm_file);
709 	struct super_block *sb = inode->i_sb;
710 
711 	/*
712 	 * We have to distinguish real writes from writes which will result in a
713 	 * COW page; COW writes should *not* poke the journal (the file will not
714 	 * be changed). Doing so would cause unintended failures when mounted
715 	 * read-only.
716 	 *
717 	 * We check for VM_SHARED rather than vmf->cow_page since the latter is
718 	 * unset for order != 0 (i.e. only in do_cow_fault); for
719 	 * other sizes, dax_iomap_fault will handle splitting / fallback so that
720 	 * we eventually come back with a COW page.
721 	 */
722 	bool write = (vmf->flags & FAULT_FLAG_WRITE) &&
723 		(vmf->vma->vm_flags & VM_SHARED);
724 	struct address_space *mapping = vmf->vma->vm_file->f_mapping;
725 	pfn_t pfn;
726 
727 	if (write) {
728 		sb_start_pagefault(sb);
729 		file_update_time(vmf->vma->vm_file);
730 		filemap_invalidate_lock_shared(mapping);
731 retry:
732 		handle = ext4_journal_start_sb(sb, EXT4_HT_WRITE_PAGE,
733 					       EXT4_DATA_TRANS_BLOCKS(sb));
734 		if (IS_ERR(handle)) {
735 			filemap_invalidate_unlock_shared(mapping);
736 			sb_end_pagefault(sb);
737 			return VM_FAULT_SIGBUS;
738 		}
739 	} else {
740 		filemap_invalidate_lock_shared(mapping);
741 	}
742 	result = dax_iomap_fault(vmf, order, &pfn, &error, &ext4_iomap_ops);
743 	if (write) {
744 		ext4_journal_stop(handle);
745 
746 		if ((result & VM_FAULT_ERROR) && error == -ENOSPC &&
747 		    ext4_should_retry_alloc(sb, &retries))
748 			goto retry;
749 		/* Handling synchronous page fault? */
750 		if (result & VM_FAULT_NEEDDSYNC)
751 			result = dax_finish_sync_fault(vmf, order, pfn);
752 		filemap_invalidate_unlock_shared(mapping);
753 		sb_end_pagefault(sb);
754 	} else {
755 		filemap_invalidate_unlock_shared(mapping);
756 	}
757 
758 	return result;
759 }
760 
ext4_dax_fault(struct vm_fault * vmf)761 static vm_fault_t ext4_dax_fault(struct vm_fault *vmf)
762 {
763 	return ext4_dax_huge_fault(vmf, 0);
764 }
765 
766 static const struct vm_operations_struct ext4_dax_vm_ops = {
767 	.fault		= ext4_dax_fault,
768 	.huge_fault	= ext4_dax_huge_fault,
769 	.page_mkwrite	= ext4_dax_fault,
770 	.pfn_mkwrite	= ext4_dax_fault,
771 };
772 #else
773 #define ext4_dax_vm_ops	ext4_file_vm_ops
774 #endif
775 
776 static const struct vm_operations_struct ext4_file_vm_ops = {
777 	.fault		= filemap_fault,
778 	.map_pages	= filemap_map_pages,
779 	.page_mkwrite   = ext4_page_mkwrite,
780 };
781 
ext4_file_mmap(struct file * file,struct vm_area_struct * vma)782 static int ext4_file_mmap(struct file *file, struct vm_area_struct *vma)
783 {
784 	struct inode *inode = file->f_mapping->host;
785 	struct dax_device *dax_dev = EXT4_SB(inode->i_sb)->s_daxdev;
786 
787 	if (unlikely(ext4_forced_shutdown(inode->i_sb)))
788 		return -EIO;
789 
790 	/*
791 	 * We don't support synchronous mappings for non-DAX files and
792 	 * for DAX files if underneath dax_device is not synchronous.
793 	 */
794 	if (!daxdev_mapping_supported(vma, dax_dev))
795 		return -EOPNOTSUPP;
796 
797 	file_accessed(file);
798 	if (IS_DAX(file_inode(file))) {
799 		vma->vm_ops = &ext4_dax_vm_ops;
800 		vm_flags_set(vma, VM_HUGEPAGE);
801 	} else {
802 		vma->vm_ops = &ext4_file_vm_ops;
803 	}
804 	return 0;
805 }
806 
ext4_sample_last_mounted(struct super_block * sb,struct vfsmount * mnt)807 static int ext4_sample_last_mounted(struct super_block *sb,
808 				    struct vfsmount *mnt)
809 {
810 	struct ext4_sb_info *sbi = EXT4_SB(sb);
811 	struct path path;
812 	char buf[64], *cp;
813 	handle_t *handle;
814 	int err;
815 
816 	if (likely(ext4_test_mount_flag(sb, EXT4_MF_MNTDIR_SAMPLED)))
817 		return 0;
818 
819 	if (sb_rdonly(sb) || !sb_start_intwrite_trylock(sb))
820 		return 0;
821 
822 	ext4_set_mount_flag(sb, EXT4_MF_MNTDIR_SAMPLED);
823 	/*
824 	 * Sample where the filesystem has been mounted and
825 	 * store it in the superblock for sysadmin convenience
826 	 * when trying to sort through large numbers of block
827 	 * devices or filesystem images.
828 	 */
829 	memset(buf, 0, sizeof(buf));
830 	path.mnt = mnt;
831 	path.dentry = mnt->mnt_root;
832 	cp = d_path(&path, buf, sizeof(buf));
833 	err = 0;
834 	if (IS_ERR(cp))
835 		goto out;
836 
837 	handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
838 	err = PTR_ERR(handle);
839 	if (IS_ERR(handle))
840 		goto out;
841 	BUFFER_TRACE(sbi->s_sbh, "get_write_access");
842 	err = ext4_journal_get_write_access(handle, sb, sbi->s_sbh,
843 					    EXT4_JTR_NONE);
844 	if (err)
845 		goto out_journal;
846 	lock_buffer(sbi->s_sbh);
847 	strncpy(sbi->s_es->s_last_mounted, cp,
848 		sizeof(sbi->s_es->s_last_mounted));
849 	ext4_superblock_csum_set(sb);
850 	unlock_buffer(sbi->s_sbh);
851 	ext4_handle_dirty_metadata(handle, NULL, sbi->s_sbh);
852 out_journal:
853 	ext4_journal_stop(handle);
854 out:
855 	sb_end_intwrite(sb);
856 	return err;
857 }
858 
ext4_file_open(struct inode * inode,struct file * filp)859 static int ext4_file_open(struct inode *inode, struct file *filp)
860 {
861 	int ret;
862 
863 	if (unlikely(ext4_forced_shutdown(inode->i_sb)))
864 		return -EIO;
865 
866 	ret = ext4_sample_last_mounted(inode->i_sb, filp->f_path.mnt);
867 	if (ret)
868 		return ret;
869 
870 	ret = fscrypt_file_open(inode, filp);
871 	if (ret)
872 		return ret;
873 
874 	ret = fsverity_file_open(inode, filp);
875 	if (ret)
876 		return ret;
877 
878 	/*
879 	 * Set up the jbd2_inode if we are opening the inode for
880 	 * writing and the journal is present
881 	 */
882 	if (filp->f_mode & FMODE_WRITE) {
883 		ret = ext4_inode_attach_jinode(inode);
884 		if (ret < 0)
885 			return ret;
886 	}
887 
888 	filp->f_mode |= FMODE_NOWAIT | FMODE_BUF_RASYNC |
889 			FMODE_DIO_PARALLEL_WRITE;
890 	return dquot_file_open(inode, filp);
891 }
892 
893 /*
894  * ext4_llseek() handles both block-mapped and extent-mapped maxbytes values
895  * by calling generic_file_llseek_size() with the appropriate maxbytes
896  * value for each.
897  */
ext4_llseek(struct file * file,loff_t offset,int whence)898 loff_t ext4_llseek(struct file *file, loff_t offset, int whence)
899 {
900 	struct inode *inode = file->f_mapping->host;
901 	loff_t maxbytes;
902 
903 	if (!(ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)))
904 		maxbytes = EXT4_SB(inode->i_sb)->s_bitmap_maxbytes;
905 	else
906 		maxbytes = inode->i_sb->s_maxbytes;
907 
908 	switch (whence) {
909 	default:
910 		return generic_file_llseek_size(file, offset, whence,
911 						maxbytes, i_size_read(inode));
912 	case SEEK_HOLE:
913 		inode_lock_shared(inode);
914 		offset = iomap_seek_hole(inode, offset,
915 					 &ext4_iomap_report_ops);
916 		inode_unlock_shared(inode);
917 		break;
918 	case SEEK_DATA:
919 		inode_lock_shared(inode);
920 		offset = iomap_seek_data(inode, offset,
921 					 &ext4_iomap_report_ops);
922 		inode_unlock_shared(inode);
923 		break;
924 	}
925 
926 	if (offset < 0)
927 		return offset;
928 	return vfs_setpos(file, offset, maxbytes);
929 }
930 
931 const struct file_operations ext4_file_operations = {
932 	.llseek		= ext4_llseek,
933 	.read_iter	= ext4_file_read_iter,
934 	.write_iter	= ext4_file_write_iter,
935 	.iopoll		= iocb_bio_iopoll,
936 	.unlocked_ioctl = ext4_ioctl,
937 #ifdef CONFIG_COMPAT
938 	.compat_ioctl	= ext4_compat_ioctl,
939 #endif
940 	.mmap		= ext4_file_mmap,
941 	.mmap_supported_flags = MAP_SYNC,
942 	.open		= ext4_file_open,
943 	.release	= ext4_release_file,
944 	.fsync		= ext4_sync_file,
945 	.get_unmapped_area = thp_get_unmapped_area,
946 	.splice_read	= ext4_file_splice_read,
947 	.splice_write	= iter_file_splice_write,
948 	.fallocate	= ext4_fallocate,
949 };
950 
951 const struct inode_operations ext4_file_inode_operations = {
952 	.setattr	= ext4_setattr,
953 	.getattr	= ext4_file_getattr,
954 	.listxattr	= ext4_listxattr,
955 	.get_inode_acl	= ext4_get_acl,
956 	.set_acl	= ext4_set_acl,
957 	.fiemap		= ext4_fiemap,
958 	.fileattr_get	= ext4_fileattr_get,
959 	.fileattr_set	= ext4_fileattr_set,
960 };
961 
962