1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/fs/ext4/page-io.c
4 *
5 * This contains the new page_io functions for ext4
6 *
7 * Written by Theodore Ts'o, 2010.
8 */
9
10 #include <linux/blk-crypto.h>
11 #include <linux/fs.h>
12 #include <linux/time.h>
13 #include <linux/highuid.h>
14 #include <linux/pagemap.h>
15 #include <linux/quotaops.h>
16 #include <linux/string.h>
17 #include <linux/buffer_head.h>
18 #include <linux/writeback.h>
19 #include <linux/mpage.h>
20 #include <linux/namei.h>
21 #include <linux/uio.h>
22 #include <linux/bio.h>
23 #include <linux/workqueue.h>
24 #include <linux/kernel.h>
25 #include <linux/slab.h>
26 #include <linux/mm.h>
27 #include <linux/sched/mm.h>
28
29 #include "ext4_jbd2.h"
30 #include "xattr.h"
31 #include "acl.h"
32
33 static struct kmem_cache *io_end_cachep;
34 static struct kmem_cache *io_end_vec_cachep;
35
ext4_init_pageio(void)36 int __init ext4_init_pageio(void)
37 {
38 io_end_cachep = KMEM_CACHE(ext4_io_end, SLAB_RECLAIM_ACCOUNT);
39 if (io_end_cachep == NULL)
40 return -ENOMEM;
41
42 io_end_vec_cachep = KMEM_CACHE(ext4_io_end_vec, 0);
43 if (io_end_vec_cachep == NULL) {
44 kmem_cache_destroy(io_end_cachep);
45 return -ENOMEM;
46 }
47 return 0;
48 }
49
ext4_exit_pageio(void)50 void ext4_exit_pageio(void)
51 {
52 kmem_cache_destroy(io_end_cachep);
53 kmem_cache_destroy(io_end_vec_cachep);
54 }
55
ext4_alloc_io_end_vec(ext4_io_end_t * io_end)56 struct ext4_io_end_vec *ext4_alloc_io_end_vec(ext4_io_end_t *io_end)
57 {
58 struct ext4_io_end_vec *io_end_vec;
59
60 io_end_vec = kmem_cache_zalloc(io_end_vec_cachep, GFP_NOFS);
61 if (!io_end_vec)
62 return ERR_PTR(-ENOMEM);
63 INIT_LIST_HEAD(&io_end_vec->list);
64 list_add_tail(&io_end_vec->list, &io_end->list_vec);
65 return io_end_vec;
66 }
67
ext4_free_io_end_vec(ext4_io_end_t * io_end)68 static void ext4_free_io_end_vec(ext4_io_end_t *io_end)
69 {
70 struct ext4_io_end_vec *io_end_vec, *tmp;
71
72 if (list_empty(&io_end->list_vec))
73 return;
74 list_for_each_entry_safe(io_end_vec, tmp, &io_end->list_vec, list) {
75 list_del(&io_end_vec->list);
76 kmem_cache_free(io_end_vec_cachep, io_end_vec);
77 }
78 }
79
ext4_last_io_end_vec(ext4_io_end_t * io_end)80 struct ext4_io_end_vec *ext4_last_io_end_vec(ext4_io_end_t *io_end)
81 {
82 BUG_ON(list_empty(&io_end->list_vec));
83 return list_last_entry(&io_end->list_vec, struct ext4_io_end_vec, list);
84 }
85
86 /*
87 * Print an buffer I/O error compatible with the fs/buffer.c. This
88 * provides compatibility with dmesg scrapers that look for a specific
89 * buffer I/O error message. We really need a unified error reporting
90 * structure to userspace ala Digital Unix's uerf system, but it's
91 * probably not going to happen in my lifetime, due to LKML politics...
92 */
buffer_io_error(struct buffer_head * bh)93 static void buffer_io_error(struct buffer_head *bh)
94 {
95 printk_ratelimited(KERN_ERR "Buffer I/O error on device %pg, logical block %llu\n",
96 bh->b_bdev,
97 (unsigned long long)bh->b_blocknr);
98 }
99
ext4_finish_bio(struct bio * bio)100 static void ext4_finish_bio(struct bio *bio)
101 {
102 struct folio_iter fi;
103
104 bio_for_each_folio_all(fi, bio) {
105 struct folio *folio = fi.folio;
106 struct folio *io_folio = NULL;
107 struct buffer_head *bh, *head;
108 size_t bio_start = fi.offset;
109 size_t bio_end = bio_start + fi.length;
110 unsigned under_io = 0;
111 unsigned long flags;
112
113 if (fscrypt_is_bounce_folio(folio)) {
114 io_folio = folio;
115 folio = fscrypt_pagecache_folio(folio);
116 }
117
118 if (bio->bi_status) {
119 int err = blk_status_to_errno(bio->bi_status);
120 mapping_set_error(folio->mapping, err);
121 }
122 bh = head = folio_buffers(folio);
123 /*
124 * We check all buffers in the folio under b_uptodate_lock
125 * to avoid races with other end io clearing async_write flags
126 */
127 spin_lock_irqsave(&head->b_uptodate_lock, flags);
128 do {
129 if (bh_offset(bh) < bio_start ||
130 bh_offset(bh) + bh->b_size > bio_end) {
131 if (buffer_async_write(bh))
132 under_io++;
133 continue;
134 }
135 clear_buffer_async_write(bh);
136 if (bio->bi_status) {
137 set_buffer_write_io_error(bh);
138 buffer_io_error(bh);
139 }
140 } while ((bh = bh->b_this_page) != head);
141 spin_unlock_irqrestore(&head->b_uptodate_lock, flags);
142 if (!under_io) {
143 fscrypt_free_bounce_page(&io_folio->page);
144 folio_end_writeback(folio);
145 }
146 }
147 }
148
ext4_release_io_end(ext4_io_end_t * io_end)149 static void ext4_release_io_end(ext4_io_end_t *io_end)
150 {
151 struct bio *bio, *next_bio;
152
153 BUG_ON(!list_empty(&io_end->list));
154 BUG_ON(io_end->flag & EXT4_IO_END_UNWRITTEN);
155 WARN_ON(io_end->handle);
156
157 for (bio = io_end->bio; bio; bio = next_bio) {
158 next_bio = bio->bi_private;
159 ext4_finish_bio(bio);
160 bio_put(bio);
161 }
162 ext4_free_io_end_vec(io_end);
163 kmem_cache_free(io_end_cachep, io_end);
164 }
165
166 /*
167 * On successful IO, check a range of space and convert unwritten extents to
168 * written. On IO failure, check if journal abort is needed. Note that
169 * we are protected from truncate touching same part of extent tree by the
170 * fact that truncate code waits for all DIO to finish (thus exclusion from
171 * direct IO is achieved) and also waits for PageWriteback bits. Thus we
172 * cannot get to ext4_ext_truncate() before all IOs overlapping that range are
173 * completed (happens from ext4_free_ioend()).
174 */
ext4_end_io_end(ext4_io_end_t * io_end)175 static int ext4_end_io_end(ext4_io_end_t *io_end)
176 {
177 struct inode *inode = io_end->inode;
178 handle_t *handle = io_end->handle;
179 struct super_block *sb = inode->i_sb;
180 int ret = 0;
181
182 ext4_debug("ext4_end_io_nolock: io_end 0x%p from inode %llu,list->next 0x%p,"
183 "list->prev 0x%p\n",
184 io_end, inode->i_ino, io_end->list.next, io_end->list.prev);
185
186 /*
187 * Do not convert the unwritten extents if data writeback fails,
188 * or stale data may be exposed.
189 */
190 io_end->handle = NULL; /* Following call will use up the handle */
191 if (unlikely(io_end->flag & EXT4_IO_END_FAILED)) {
192 ret = -EIO;
193 if (handle)
194 jbd2_journal_free_reserved(handle);
195
196 if (test_opt(sb, DATA_ERR_ABORT))
197 jbd2_journal_abort(EXT4_SB(sb)->s_journal, ret);
198 } else {
199 ret = ext4_convert_unwritten_io_end_vec(handle, io_end);
200 }
201 if (ret < 0 && !ext4_emergency_state(sb) &&
202 io_end->flag & EXT4_IO_END_UNWRITTEN) {
203 ext4_msg(sb, KERN_EMERG,
204 "failed to convert unwritten extents to written "
205 "extents -- potential data loss! "
206 "(inode %llu, error %d)", inode->i_ino, ret);
207 }
208
209 ext4_clear_io_unwritten_flag(io_end);
210 ext4_release_io_end(io_end);
211 return ret;
212 }
213
dump_completed_IO(struct inode * inode,struct list_head * head)214 static void dump_completed_IO(struct inode *inode, struct list_head *head)
215 {
216 #ifdef EXT4FS_DEBUG
217 struct list_head *cur, *before, *after;
218 ext4_io_end_t *io_end, *io_end0, *io_end1;
219
220 if (list_empty(head))
221 return;
222
223 ext4_debug("Dump inode %llu completed io list\n", inode->i_ino);
224 list_for_each_entry(io_end, head, list) {
225 cur = &io_end->list;
226 before = cur->prev;
227 io_end0 = container_of(before, ext4_io_end_t, list);
228 after = cur->next;
229 io_end1 = container_of(after, ext4_io_end_t, list);
230
231 ext4_debug("io 0x%p from inode %llu,prev 0x%p,next 0x%p\n",
232 io_end, inode->i_ino, io_end0, io_end1);
233 }
234 #endif
235 }
236
ext4_io_end_defer_completion(ext4_io_end_t * io_end)237 static bool ext4_io_end_defer_completion(ext4_io_end_t *io_end)
238 {
239 if (io_end->flag & EXT4_IO_END_UNWRITTEN &&
240 !list_empty(&io_end->list_vec))
241 return true;
242 if (test_opt(io_end->inode->i_sb, DATA_ERR_ABORT) &&
243 io_end->flag & EXT4_IO_END_FAILED &&
244 !ext4_emergency_state(io_end->inode->i_sb))
245 return true;
246 return false;
247 }
248
249 /* Add the io_end to per-inode completed end_io list. */
ext4_add_complete_io(ext4_io_end_t * io_end)250 static void ext4_add_complete_io(ext4_io_end_t *io_end)
251 {
252 struct ext4_inode_info *ei = EXT4_I(io_end->inode);
253 struct ext4_sb_info *sbi = EXT4_SB(io_end->inode->i_sb);
254 struct workqueue_struct *wq;
255 unsigned long flags;
256
257 /* Only reserved conversions or pending IO errors will enter here. */
258 WARN_ON(!(io_end->flag & EXT4_IO_END_DEFER_COMPLETION));
259 WARN_ON(io_end->flag & EXT4_IO_END_UNWRITTEN &&
260 !io_end->handle && sbi->s_journal);
261 WARN_ON(!io_end->bio);
262
263 spin_lock_irqsave(&ei->i_completed_io_lock, flags);
264 wq = sbi->rsv_conversion_wq;
265 if (list_empty(&ei->i_rsv_conversion_list))
266 queue_work(wq, &ei->i_rsv_conversion_work);
267 list_add_tail(&io_end->list, &ei->i_rsv_conversion_list);
268 spin_unlock_irqrestore(&ei->i_completed_io_lock, flags);
269 }
270
ext4_do_flush_completed_IO(struct inode * inode,struct list_head * head)271 static int ext4_do_flush_completed_IO(struct inode *inode,
272 struct list_head *head)
273 {
274 ext4_io_end_t *io_end;
275 struct list_head unwritten;
276 unsigned long flags;
277 struct ext4_inode_info *ei = EXT4_I(inode);
278 int err, ret = 0;
279
280 spin_lock_irqsave(&ei->i_completed_io_lock, flags);
281 dump_completed_IO(inode, head);
282 list_replace_init(head, &unwritten);
283 spin_unlock_irqrestore(&ei->i_completed_io_lock, flags);
284
285 while (!list_empty(&unwritten)) {
286 io_end = list_entry(unwritten.next, ext4_io_end_t, list);
287 BUG_ON(!(io_end->flag & EXT4_IO_END_DEFER_COMPLETION));
288 list_del_init(&io_end->list);
289
290 err = ext4_end_io_end(io_end);
291 if (unlikely(!ret && err))
292 ret = err;
293 }
294 return ret;
295 }
296
297 /*
298 * Used to convert unwritten extents to written extents upon IO completion,
299 * or used to abort the journal upon IO errors.
300 */
ext4_end_io_rsv_work(struct work_struct * work)301 void ext4_end_io_rsv_work(struct work_struct *work)
302 {
303 struct ext4_inode_info *ei = container_of(work, struct ext4_inode_info,
304 i_rsv_conversion_work);
305 ext4_do_flush_completed_IO(&ei->vfs_inode, &ei->i_rsv_conversion_list);
306 }
307
ext4_init_io_end(struct inode * inode,gfp_t flags)308 ext4_io_end_t *ext4_init_io_end(struct inode *inode, gfp_t flags)
309 {
310 ext4_io_end_t *io_end = kmem_cache_zalloc(io_end_cachep, flags);
311
312 if (io_end) {
313 io_end->inode = inode;
314 INIT_LIST_HEAD(&io_end->list);
315 INIT_LIST_HEAD(&io_end->list_vec);
316 refcount_set(&io_end->count, 1);
317 }
318 return io_end;
319 }
320
ext4_put_io_end_defer(ext4_io_end_t * io_end)321 void ext4_put_io_end_defer(ext4_io_end_t *io_end)
322 {
323 if (refcount_dec_and_test(&io_end->count)) {
324 if (ext4_io_end_defer_completion(io_end))
325 return ext4_add_complete_io(io_end);
326
327 ext4_release_io_end(io_end);
328 }
329 }
330
ext4_put_io_end(ext4_io_end_t * io_end)331 int ext4_put_io_end(ext4_io_end_t *io_end)
332 {
333 if (refcount_dec_and_test(&io_end->count)) {
334 if (ext4_io_end_defer_completion(io_end))
335 return ext4_end_io_end(io_end);
336
337 ext4_release_io_end(io_end);
338 }
339 return 0;
340 }
341
ext4_get_io_end(ext4_io_end_t * io_end)342 ext4_io_end_t *ext4_get_io_end(ext4_io_end_t *io_end)
343 {
344 refcount_inc(&io_end->count);
345 return io_end;
346 }
347
348 /* BIO completion function for page writeback */
ext4_end_bio(struct bio * bio)349 static void ext4_end_bio(struct bio *bio)
350 {
351 ext4_io_end_t *io_end = bio->bi_private;
352 sector_t bi_sector = bio->bi_iter.bi_sector;
353
354 if (WARN_ONCE(!io_end, "io_end is NULL: %pg: sector %Lu len %u err %d\n",
355 bio->bi_bdev,
356 (long long) bio->bi_iter.bi_sector,
357 (unsigned) bio_sectors(bio),
358 bio->bi_status)) {
359 ext4_finish_bio(bio);
360 bio_put(bio);
361 return;
362 }
363 bio->bi_end_io = NULL;
364
365 if (bio->bi_status) {
366 struct inode *inode = io_end->inode;
367
368 ext4_warning(inode->i_sb, "I/O error %d writing to inode %llu "
369 "starting block %llu)",
370 bio->bi_status, inode->i_ino,
371 (unsigned long long)
372 bi_sector >> (inode->i_blkbits - 9));
373 io_end->flag |= EXT4_IO_END_FAILED;
374 mapping_set_error(inode->i_mapping,
375 blk_status_to_errno(bio->bi_status));
376 }
377
378 if (ext4_io_end_defer_completion(io_end)) {
379 /*
380 * Link bio into list hanging from io_end. We have to do it
381 * atomically as bio completions can be racing against each
382 * other.
383 */
384 bio->bi_private = xchg(&io_end->bio, bio);
385 ext4_put_io_end_defer(io_end);
386 } else {
387 /*
388 * Drop io_end reference early. Inode can get freed once
389 * we finish the bio.
390 */
391 ext4_put_io_end_defer(io_end);
392 ext4_finish_bio(bio);
393 bio_put(bio);
394 }
395 }
396
ext4_io_submit(struct ext4_io_submit * io)397 void ext4_io_submit(struct ext4_io_submit *io)
398 {
399 struct bio *bio = io->io_bio;
400
401 if (bio) {
402 if (io->io_wbc->sync_mode == WB_SYNC_ALL)
403 io->io_bio->bi_opf |= REQ_SYNC;
404 blk_crypto_submit_bio(io->io_bio);
405 }
406 io->io_bio = NULL;
407 }
408
ext4_io_submit_init(struct ext4_io_submit * io,struct writeback_control * wbc)409 void ext4_io_submit_init(struct ext4_io_submit *io,
410 struct writeback_control *wbc)
411 {
412 io->io_wbc = wbc;
413 io->io_bio = NULL;
414 io->io_end = NULL;
415 }
416
io_submit_init_bio(struct ext4_io_submit * io,struct inode * inode,struct folio * folio,struct buffer_head * bh)417 static void io_submit_init_bio(struct ext4_io_submit *io,
418 struct inode *inode,
419 struct folio *folio,
420 struct buffer_head *bh)
421 {
422 struct bio *bio;
423
424 /*
425 * bio_alloc will _always_ be able to allocate a bio if
426 * __GFP_DIRECT_RECLAIM is set, see comments for bio_alloc_bioset().
427 */
428 bio = bio_alloc(bh->b_bdev, BIO_MAX_VECS, REQ_OP_WRITE, GFP_NOIO);
429 fscrypt_set_bio_crypt_ctx(bio, inode, folio_pos(folio) + bh_offset(bh),
430 GFP_NOIO);
431 bio->bi_iter.bi_sector = bh->b_blocknr * (bh->b_size >> 9);
432 bio->bi_end_io = ext4_end_bio;
433 bio->bi_private = ext4_get_io_end(io->io_end);
434 bio->bi_write_hint = inode->i_write_hint;
435 io->io_bio = bio;
436 io->io_next_block = bh->b_blocknr;
437 wbc_init_bio(io->io_wbc, bio);
438 }
439
io_submit_need_new_bio(struct ext4_io_submit * io,struct inode * inode,struct folio * folio,struct buffer_head * bh)440 static bool io_submit_need_new_bio(struct ext4_io_submit *io,
441 struct inode *inode,
442 struct folio *folio,
443 struct buffer_head *bh)
444 {
445 if (bh->b_blocknr != io->io_next_block)
446 return true;
447 if (!fscrypt_mergeable_bio(io->io_bio, inode,
448 folio_pos(folio) + bh_offset(bh)))
449 return true;
450 return false;
451 }
452
io_submit_add_bh(struct ext4_io_submit * io,struct inode * inode,struct folio * folio,struct folio * io_folio,struct buffer_head * bh)453 static void io_submit_add_bh(struct ext4_io_submit *io,
454 struct inode *inode,
455 struct folio *folio,
456 struct folio *io_folio,
457 struct buffer_head *bh)
458 {
459 if (io->io_bio && io_submit_need_new_bio(io, inode, folio, bh)) {
460 submit_and_retry:
461 ext4_io_submit(io);
462 }
463 if (io->io_bio == NULL)
464 io_submit_init_bio(io, inode, folio, bh);
465 if (!bio_add_folio(io->io_bio, io_folio, bh->b_size, bh_offset(bh)))
466 goto submit_and_retry;
467 wbc_account_cgroup_owner(io->io_wbc, folio, bh->b_size);
468 io->io_next_block++;
469 }
470
ext4_bio_write_folio(struct ext4_io_submit * io,struct folio * folio,size_t len)471 int ext4_bio_write_folio(struct ext4_io_submit *io, struct folio *folio,
472 size_t len)
473 {
474 struct folio *io_folio = folio;
475 struct inode *inode = folio->mapping->host;
476 unsigned block_start;
477 struct buffer_head *bh, *head;
478 int ret = 0;
479 int nr_to_submit = 0;
480 struct writeback_control *wbc = io->io_wbc;
481 bool keep_towrite = false;
482
483 BUG_ON(!folio_test_locked(folio));
484 BUG_ON(folio_test_writeback(folio));
485
486 /*
487 * Comments copied from block_write_full_folio:
488 *
489 * The folio straddles i_size. It must be zeroed out on each and every
490 * writepage invocation because it may be mmapped. "A file is mapped
491 * in multiples of the page size. For a file that is not a multiple of
492 * the page size, the remaining memory is zeroed when mapped, and
493 * writes to that region are not written out to the file."
494 */
495 if (len < folio_size(folio))
496 folio_zero_segment(folio, len, folio_size(folio));
497 /*
498 * In the first loop we prepare and mark buffers to submit. We have to
499 * mark all buffers in the folio before submitting so that
500 * folio_end_writeback() cannot be called from ext4_end_bio() when IO
501 * on the first buffer finishes and we are still working on submitting
502 * the second buffer.
503 */
504 bh = head = folio_buffers(folio);
505 do {
506 block_start = bh_offset(bh);
507 if (block_start >= len) {
508 clear_buffer_dirty(bh);
509 set_buffer_uptodate(bh);
510 continue;
511 }
512 if (!buffer_dirty(bh) || buffer_delay(bh) ||
513 !buffer_mapped(bh) || buffer_unwritten(bh)) {
514 /* A hole? We can safely clear the dirty bit */
515 if (!buffer_mapped(bh))
516 clear_buffer_dirty(bh);
517 /*
518 * Keeping dirty some buffer we cannot write? Make sure
519 * to redirty the folio and keep TOWRITE tag so that
520 * racing WB_SYNC_ALL writeback does not skip the folio.
521 * This happens e.g. when doing writeout for
522 * transaction commit or when journalled data is not
523 * yet committed.
524 */
525 if (buffer_dirty(bh) ||
526 (buffer_jbd(bh) && buffer_jbddirty(bh))) {
527 if (!folio_test_dirty(folio))
528 folio_redirty_for_writepage(wbc, folio);
529 keep_towrite = true;
530 }
531 continue;
532 }
533 if (buffer_new(bh))
534 clear_buffer_new(bh);
535 set_buffer_async_write(bh);
536 clear_buffer_dirty(bh);
537 nr_to_submit++;
538 } while ((bh = bh->b_this_page) != head);
539
540 if (!nr_to_submit) {
541 /*
542 * We have nothing to submit. Just cycle the folio through
543 * writeback state to properly update xarray tags.
544 */
545 __folio_start_writeback(folio, keep_towrite);
546 folio_end_writeback(folio);
547 return 0;
548 }
549
550 bh = head = folio_buffers(folio);
551
552 /*
553 * If any blocks are being written to an encrypted file, encrypt them
554 * into a bounce page. For simplicity, just encrypt until the last
555 * block which might be needed. This may cause some unneeded blocks
556 * (e.g. holes) to be unnecessarily encrypted, but this is rare and
557 * can't happen in the common case of blocksize == PAGE_SIZE.
558 */
559 if (fscrypt_inode_uses_fs_layer_crypto(inode)) {
560 gfp_t gfp_flags = GFP_NOFS;
561 unsigned int enc_bytes = round_up(len, i_blocksize(inode));
562 struct page *bounce_page;
563
564 /*
565 * Since bounce page allocation uses a mempool, we can only use
566 * a waiting mask (i.e. request guaranteed allocation) on the
567 * first page of the bio. Otherwise it can deadlock.
568 */
569 if (io->io_bio)
570 gfp_flags = GFP_NOWAIT;
571 retry_encrypt:
572 bounce_page = fscrypt_encrypt_pagecache_blocks(folio,
573 enc_bytes, 0, gfp_flags);
574 if (IS_ERR(bounce_page)) {
575 ret = PTR_ERR(bounce_page);
576 if (ret == -ENOMEM &&
577 (io->io_bio || wbc->sync_mode == WB_SYNC_ALL)) {
578 gfp_t new_gfp_flags = GFP_NOFS;
579 if (io->io_bio)
580 ext4_io_submit(io);
581 else
582 new_gfp_flags |= __GFP_NOFAIL;
583 memalloc_retry_wait(gfp_flags);
584 gfp_flags = new_gfp_flags;
585 goto retry_encrypt;
586 }
587
588 printk_ratelimited(KERN_ERR "%s: ret = %d\n", __func__, ret);
589 folio_redirty_for_writepage(wbc, folio);
590 do {
591 if (buffer_async_write(bh)) {
592 clear_buffer_async_write(bh);
593 set_buffer_dirty(bh);
594 }
595 bh = bh->b_this_page;
596 } while (bh != head);
597
598 return ret;
599 }
600 io_folio = page_folio(bounce_page);
601 }
602
603 __folio_start_writeback(folio, keep_towrite);
604
605 /* Now submit buffers to write */
606 do {
607 if (!buffer_async_write(bh))
608 continue;
609 io_submit_add_bh(io, inode, folio, io_folio, bh);
610 } while ((bh = bh->b_this_page) != head);
611
612 return 0;
613 }
614