1 // SPDX-License-Identifier: GPL-2.0-only
2 #include <crypto/hash.h>
3 #include <linux/export.h>
4 #include <linux/bvec.h>
5 #include <linux/fault-inject-usercopy.h>
7 #include <linux/pagemap.h>
8 #include <linux/slab.h>
9 #include <linux/vmalloc.h>
10 #include <linux/splice.h>
11 #include <linux/compat.h>
12 #include <net/checksum.h>
13 #include <linux/scatterlist.h>
14 #include <linux/instrumented.h>
16 #define PIPE_PARANOIA /* for now */
18 #define iterate_iovec(i, n, __v, __p, skip, STEP) { \
22 __v.iov_len = min(n, __p->iov_len - skip); \
23 if (likely(__v.iov_len)) { \
24 __v.iov_base = __p->iov_base + skip; \
26 __v.iov_len -= left; \
27 skip += __v.iov_len; \
32 while (unlikely(!left && n)) { \
34 __v.iov_len = min(n, __p->iov_len); \
35 if (unlikely(!__v.iov_len)) \
37 __v.iov_base = __p->iov_base; \
39 __v.iov_len -= left; \
46 #define iterate_kvec(i, n, __v, __p, skip, STEP) { \
49 __v.iov_len = min(n, __p->iov_len - skip); \
50 if (likely(__v.iov_len)) { \
51 __v.iov_base = __p->iov_base + skip; \
53 skip += __v.iov_len; \
56 while (unlikely(n)) { \
58 __v.iov_len = min(n, __p->iov_len); \
59 if (unlikely(!__v.iov_len)) \
61 __v.iov_base = __p->iov_base; \
69 #define iterate_bvec(i, n, __v, __bi, skip, STEP) { \
70 struct bvec_iter __start; \
71 __start.bi_size = n; \
72 __start.bi_bvec_done = skip; \
74 for_each_bvec(__v, i->bvec, __bi, __start) { \
79 #define iterate_all_kinds(i, n, v, I, B, K) { \
81 size_t skip = i->iov_offset; \
82 if (unlikely(i->type & ITER_BVEC)) { \
84 struct bvec_iter __bi; \
85 iterate_bvec(i, n, v, __bi, skip, (B)) \
86 } else if (unlikely(i->type & ITER_KVEC)) { \
87 const struct kvec *kvec; \
89 iterate_kvec(i, n, v, kvec, skip, (K)) \
90 } else if (unlikely(i->type & ITER_DISCARD)) { \
92 const struct iovec *iov; \
94 iterate_iovec(i, n, v, iov, skip, (I)) \
99 #define iterate_and_advance(i, n, v, I, B, K) { \
100 if (unlikely(i->count < n)) \
103 size_t skip = i->iov_offset; \
104 if (unlikely(i->type & ITER_BVEC)) { \
105 const struct bio_vec *bvec = i->bvec; \
107 struct bvec_iter __bi; \
108 iterate_bvec(i, n, v, __bi, skip, (B)) \
109 i->bvec = __bvec_iter_bvec(i->bvec, __bi); \
110 i->nr_segs -= i->bvec - bvec; \
111 skip = __bi.bi_bvec_done; \
112 } else if (unlikely(i->type & ITER_KVEC)) { \
113 const struct kvec *kvec; \
115 iterate_kvec(i, n, v, kvec, skip, (K)) \
116 if (skip == kvec->iov_len) { \
120 i->nr_segs -= kvec - i->kvec; \
122 } else if (unlikely(i->type & ITER_DISCARD)) { \
125 const struct iovec *iov; \
127 iterate_iovec(i, n, v, iov, skip, (I)) \
128 if (skip == iov->iov_len) { \
132 i->nr_segs -= iov - i->iov; \
136 i->iov_offset = skip; \
140 static int copyout(void __user *to, const void *from, size_t n)
142 if (should_fail_usercopy())
144 if (access_ok(to, n)) {
145 instrument_copy_to_user(to, from, n);
146 n = raw_copy_to_user(to, from, n);
151 static int copyin(void *to, const void __user *from, size_t n)
153 if (should_fail_usercopy())
155 if (access_ok(from, n)) {
156 instrument_copy_from_user(to, from, n);
157 n = raw_copy_from_user(to, from, n);
162 static size_t copy_page_to_iter_iovec(struct page *page, size_t offset, size_t bytes,
165 size_t skip, copy, left, wanted;
166 const struct iovec *iov;
170 if (unlikely(bytes > i->count))
173 if (unlikely(!bytes))
179 skip = i->iov_offset;
180 buf = iov->iov_base + skip;
181 copy = min(bytes, iov->iov_len - skip);
183 if (IS_ENABLED(CONFIG_HIGHMEM) && !fault_in_pages_writeable(buf, copy)) {
184 kaddr = kmap_atomic(page);
185 from = kaddr + offset;
187 /* first chunk, usually the only one */
188 left = copyout(buf, from, copy);
194 while (unlikely(!left && bytes)) {
197 copy = min(bytes, iov->iov_len);
198 left = copyout(buf, from, copy);
204 if (likely(!bytes)) {
205 kunmap_atomic(kaddr);
208 offset = from - kaddr;
210 kunmap_atomic(kaddr);
211 copy = min(bytes, iov->iov_len - skip);
213 /* Too bad - revert to non-atomic kmap */
216 from = kaddr + offset;
217 left = copyout(buf, from, copy);
222 while (unlikely(!left && bytes)) {
225 copy = min(bytes, iov->iov_len);
226 left = copyout(buf, from, copy);
235 if (skip == iov->iov_len) {
239 i->count -= wanted - bytes;
240 i->nr_segs -= iov - i->iov;
242 i->iov_offset = skip;
243 return wanted - bytes;
246 static size_t copy_page_from_iter_iovec(struct page *page, size_t offset, size_t bytes,
249 size_t skip, copy, left, wanted;
250 const struct iovec *iov;
254 if (unlikely(bytes > i->count))
257 if (unlikely(!bytes))
263 skip = i->iov_offset;
264 buf = iov->iov_base + skip;
265 copy = min(bytes, iov->iov_len - skip);
267 if (IS_ENABLED(CONFIG_HIGHMEM) && !fault_in_pages_readable(buf, copy)) {
268 kaddr = kmap_atomic(page);
271 /* first chunk, usually the only one */
272 left = copyin(to, buf, copy);
278 while (unlikely(!left && bytes)) {
281 copy = min(bytes, iov->iov_len);
282 left = copyin(to, buf, copy);
288 if (likely(!bytes)) {
289 kunmap_atomic(kaddr);
294 kunmap_atomic(kaddr);
295 copy = min(bytes, iov->iov_len - skip);
297 /* Too bad - revert to non-atomic kmap */
301 left = copyin(to, buf, copy);
306 while (unlikely(!left && bytes)) {
309 copy = min(bytes, iov->iov_len);
310 left = copyin(to, buf, copy);
319 if (skip == iov->iov_len) {
323 i->count -= wanted - bytes;
324 i->nr_segs -= iov - i->iov;
326 i->iov_offset = skip;
327 return wanted - bytes;
331 static bool sanity(const struct iov_iter *i)
333 struct pipe_inode_info *pipe = i->pipe;
334 unsigned int p_head = pipe->head;
335 unsigned int p_tail = pipe->tail;
336 unsigned int p_mask = pipe->ring_size - 1;
337 unsigned int p_occupancy = pipe_occupancy(p_head, p_tail);
338 unsigned int i_head = i->head;
342 struct pipe_buffer *p;
343 if (unlikely(p_occupancy == 0))
344 goto Bad; // pipe must be non-empty
345 if (unlikely(i_head != p_head - 1))
346 goto Bad; // must be at the last buffer...
348 p = &pipe->bufs[i_head & p_mask];
349 if (unlikely(p->offset + p->len != i->iov_offset))
350 goto Bad; // ... at the end of segment
352 if (i_head != p_head)
353 goto Bad; // must be right after the last buffer
357 printk(KERN_ERR "idx = %d, offset = %zd\n", i_head, i->iov_offset);
358 printk(KERN_ERR "head = %d, tail = %d, buffers = %d\n",
359 p_head, p_tail, pipe->ring_size);
360 for (idx = 0; idx < pipe->ring_size; idx++)
361 printk(KERN_ERR "[%p %p %d %d]\n",
363 pipe->bufs[idx].page,
364 pipe->bufs[idx].offset,
365 pipe->bufs[idx].len);
370 #define sanity(i) true
373 static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t bytes,
376 struct pipe_inode_info *pipe = i->pipe;
377 struct pipe_buffer *buf;
378 unsigned int p_tail = pipe->tail;
379 unsigned int p_mask = pipe->ring_size - 1;
380 unsigned int i_head = i->head;
383 if (unlikely(bytes > i->count))
386 if (unlikely(!bytes))
393 buf = &pipe->bufs[i_head & p_mask];
395 if (offset == off && buf->page == page) {
396 /* merge with the last one */
398 i->iov_offset += bytes;
402 buf = &pipe->bufs[i_head & p_mask];
404 if (pipe_full(i_head, p_tail, pipe->max_usage))
407 buf->ops = &page_cache_pipe_buf_ops;
410 buf->offset = offset;
413 pipe->head = i_head + 1;
414 i->iov_offset = offset + bytes;
422 * Fault in one or more iovecs of the given iov_iter, to a maximum length of
423 * bytes. For each iovec, fault in each page that constitutes the iovec.
425 * Return 0 on success, or non-zero if the memory could not be accessed (i.e.
426 * because it is an invalid address).
428 int iov_iter_fault_in_readable(struct iov_iter *i, size_t bytes)
430 size_t skip = i->iov_offset;
431 const struct iovec *iov;
435 if (!(i->type & (ITER_BVEC|ITER_KVEC))) {
436 iterate_iovec(i, bytes, v, iov, skip, ({
437 err = fault_in_pages_readable(v.iov_base, v.iov_len);
444 EXPORT_SYMBOL(iov_iter_fault_in_readable);
446 void iov_iter_init(struct iov_iter *i, unsigned int direction,
447 const struct iovec *iov, unsigned long nr_segs,
450 WARN_ON(direction & ~(READ | WRITE));
451 direction &= READ | WRITE;
453 /* It will get better. Eventually... */
454 if (uaccess_kernel()) {
455 i->type = ITER_KVEC | direction;
456 i->kvec = (struct kvec *)iov;
458 i->type = ITER_IOVEC | direction;
461 i->nr_segs = nr_segs;
465 EXPORT_SYMBOL(iov_iter_init);
467 static void memzero_page(struct page *page, size_t offset, size_t len)
469 char *addr = kmap_atomic(page);
470 memset(addr + offset, 0, len);
474 static inline bool allocated(struct pipe_buffer *buf)
476 return buf->ops == &default_pipe_buf_ops;
479 static inline void data_start(const struct iov_iter *i,
480 unsigned int *iter_headp, size_t *offp)
482 unsigned int p_mask = i->pipe->ring_size - 1;
483 unsigned int iter_head = i->head;
484 size_t off = i->iov_offset;
486 if (off && (!allocated(&i->pipe->bufs[iter_head & p_mask]) ||
491 *iter_headp = iter_head;
495 static size_t push_pipe(struct iov_iter *i, size_t size,
496 int *iter_headp, size_t *offp)
498 struct pipe_inode_info *pipe = i->pipe;
499 unsigned int p_tail = pipe->tail;
500 unsigned int p_mask = pipe->ring_size - 1;
501 unsigned int iter_head;
505 if (unlikely(size > i->count))
511 data_start(i, &iter_head, &off);
512 *iter_headp = iter_head;
515 left -= PAGE_SIZE - off;
517 pipe->bufs[iter_head & p_mask].len += size;
520 pipe->bufs[iter_head & p_mask].len = PAGE_SIZE;
523 while (!pipe_full(iter_head, p_tail, pipe->max_usage)) {
524 struct pipe_buffer *buf = &pipe->bufs[iter_head & p_mask];
525 struct page *page = alloc_page(GFP_USER);
529 buf->ops = &default_pipe_buf_ops;
532 buf->len = min_t(ssize_t, left, PAGE_SIZE);
535 pipe->head = iter_head;
543 static size_t copy_pipe_to_iter(const void *addr, size_t bytes,
546 struct pipe_inode_info *pipe = i->pipe;
547 unsigned int p_mask = pipe->ring_size - 1;
554 bytes = n = push_pipe(i, bytes, &i_head, &off);
558 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
559 memcpy_to_page(pipe->bufs[i_head & p_mask].page, off, addr, chunk);
561 i->iov_offset = off + chunk;
571 static __wsum csum_and_memcpy(void *to, const void *from, size_t len,
572 __wsum sum, size_t off)
574 __wsum next = csum_partial_copy_nocheck(from, to, len);
575 return csum_block_add(sum, next, off);
578 static size_t csum_and_copy_to_pipe_iter(const void *addr, size_t bytes,
579 struct csum_state *csstate,
582 struct pipe_inode_info *pipe = i->pipe;
583 unsigned int p_mask = pipe->ring_size - 1;
584 __wsum sum = csstate->csum;
585 size_t off = csstate->off;
592 bytes = n = push_pipe(i, bytes, &i_head, &r);
596 size_t chunk = min_t(size_t, n, PAGE_SIZE - r);
597 char *p = kmap_atomic(pipe->bufs[i_head & p_mask].page);
598 sum = csum_and_memcpy(p + r, addr, chunk, sum, off);
601 i->iov_offset = r + chunk;
614 size_t _copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
616 const char *from = addr;
617 if (unlikely(iov_iter_is_pipe(i)))
618 return copy_pipe_to_iter(addr, bytes, i);
619 if (iter_is_iovec(i))
621 iterate_and_advance(i, bytes, v,
622 copyout(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len),
623 memcpy_to_page(v.bv_page, v.bv_offset,
624 (from += v.bv_len) - v.bv_len, v.bv_len),
625 memcpy(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len)
630 EXPORT_SYMBOL(_copy_to_iter);
632 #ifdef CONFIG_ARCH_HAS_COPY_MC
633 static int copyout_mc(void __user *to, const void *from, size_t n)
635 if (access_ok(to, n)) {
636 instrument_copy_to_user(to, from, n);
637 n = copy_mc_to_user((__force void *) to, from, n);
642 static unsigned long copy_mc_to_page(struct page *page, size_t offset,
643 const char *from, size_t len)
648 to = kmap_atomic(page);
649 ret = copy_mc_to_kernel(to + offset, from, len);
655 static size_t copy_mc_pipe_to_iter(const void *addr, size_t bytes,
658 struct pipe_inode_info *pipe = i->pipe;
659 unsigned int p_mask = pipe->ring_size - 1;
661 size_t n, off, xfer = 0;
666 bytes = n = push_pipe(i, bytes, &i_head, &off);
670 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
673 rem = copy_mc_to_page(pipe->bufs[i_head & p_mask].page,
676 i->iov_offset = off + chunk - rem;
690 * _copy_mc_to_iter - copy to iter with source memory error exception handling
691 * @addr: source kernel address
692 * @bytes: total transfer length
693 * @iter: destination iterator
695 * The pmem driver deploys this for the dax operation
696 * (dax_copy_to_iter()) for dax reads (bypass page-cache and the
697 * block-layer). Upon #MC read(2) aborts and returns EIO or the bytes
698 * successfully copied.
700 * The main differences between this and typical _copy_to_iter().
702 * * Typical tail/residue handling after a fault retries the copy
703 * byte-by-byte until the fault happens again. Re-triggering machine
704 * checks is potentially fatal so the implementation uses source
705 * alignment and poison alignment assumptions to avoid re-triggering
706 * hardware exceptions.
708 * * ITER_KVEC, ITER_PIPE, and ITER_BVEC can return short copies.
709 * Compare to copy_to_iter() where only ITER_IOVEC attempts might return
712 size_t _copy_mc_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
714 const char *from = addr;
715 unsigned long rem, curr_addr, s_addr = (unsigned long) addr;
717 if (unlikely(iov_iter_is_pipe(i)))
718 return copy_mc_pipe_to_iter(addr, bytes, i);
719 if (iter_is_iovec(i))
721 iterate_and_advance(i, bytes, v,
722 copyout_mc(v.iov_base, (from += v.iov_len) - v.iov_len,
725 rem = copy_mc_to_page(v.bv_page, v.bv_offset,
726 (from += v.bv_len) - v.bv_len, v.bv_len);
728 curr_addr = (unsigned long) from;
729 bytes = curr_addr - s_addr - rem;
734 rem = copy_mc_to_kernel(v.iov_base, (from += v.iov_len)
735 - v.iov_len, v.iov_len);
737 curr_addr = (unsigned long) from;
738 bytes = curr_addr - s_addr - rem;
746 EXPORT_SYMBOL_GPL(_copy_mc_to_iter);
747 #endif /* CONFIG_ARCH_HAS_COPY_MC */
749 size_t _copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
752 if (unlikely(iov_iter_is_pipe(i))) {
756 if (iter_is_iovec(i))
758 iterate_and_advance(i, bytes, v,
759 copyin((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
760 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
761 v.bv_offset, v.bv_len),
762 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
767 EXPORT_SYMBOL(_copy_from_iter);
769 bool _copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i)
772 if (unlikely(iov_iter_is_pipe(i))) {
776 if (unlikely(i->count < bytes))
779 if (iter_is_iovec(i))
781 iterate_all_kinds(i, bytes, v, ({
782 if (copyin((to += v.iov_len) - v.iov_len,
783 v.iov_base, v.iov_len))
786 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
787 v.bv_offset, v.bv_len),
788 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
791 iov_iter_advance(i, bytes);
794 EXPORT_SYMBOL(_copy_from_iter_full);
796 size_t _copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
799 if (unlikely(iov_iter_is_pipe(i))) {
803 iterate_and_advance(i, bytes, v,
804 __copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
805 v.iov_base, v.iov_len),
806 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
807 v.bv_offset, v.bv_len),
808 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
813 EXPORT_SYMBOL(_copy_from_iter_nocache);
815 #ifdef CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE
817 * _copy_from_iter_flushcache - write destination through cpu cache
818 * @addr: destination kernel address
819 * @bytes: total transfer length
820 * @iter: source iterator
822 * The pmem driver arranges for filesystem-dax to use this facility via
823 * dax_copy_from_iter() for ensuring that writes to persistent memory
824 * are flushed through the CPU cache. It is differentiated from
825 * _copy_from_iter_nocache() in that guarantees all data is flushed for
826 * all iterator types. The _copy_from_iter_nocache() only attempts to
827 * bypass the cache for the ITER_IOVEC case, and on some archs may use
828 * instructions that strand dirty-data in the cache.
830 size_t _copy_from_iter_flushcache(void *addr, size_t bytes, struct iov_iter *i)
833 if (unlikely(iov_iter_is_pipe(i))) {
837 iterate_and_advance(i, bytes, v,
838 __copy_from_user_flushcache((to += v.iov_len) - v.iov_len,
839 v.iov_base, v.iov_len),
840 memcpy_page_flushcache((to += v.bv_len) - v.bv_len, v.bv_page,
841 v.bv_offset, v.bv_len),
842 memcpy_flushcache((to += v.iov_len) - v.iov_len, v.iov_base,
848 EXPORT_SYMBOL_GPL(_copy_from_iter_flushcache);
851 bool _copy_from_iter_full_nocache(void *addr, size_t bytes, struct iov_iter *i)
854 if (unlikely(iov_iter_is_pipe(i))) {
858 if (unlikely(i->count < bytes))
860 iterate_all_kinds(i, bytes, v, ({
861 if (__copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
862 v.iov_base, v.iov_len))
865 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
866 v.bv_offset, v.bv_len),
867 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
870 iov_iter_advance(i, bytes);
873 EXPORT_SYMBOL(_copy_from_iter_full_nocache);
875 static inline bool page_copy_sane(struct page *page, size_t offset, size_t n)
878 size_t v = n + offset;
881 * The general case needs to access the page order in order
882 * to compute the page size.
883 * However, we mostly deal with order-0 pages and thus can
884 * avoid a possible cache line miss for requests that fit all
887 if (n <= v && v <= PAGE_SIZE)
890 head = compound_head(page);
891 v += (page - head) << PAGE_SHIFT;
893 if (likely(n <= v && v <= (page_size(head))))
899 size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes,
902 if (unlikely(!page_copy_sane(page, offset, bytes)))
904 if (i->type & (ITER_BVEC|ITER_KVEC)) {
905 void *kaddr = kmap_atomic(page);
906 size_t wanted = copy_to_iter(kaddr + offset, bytes, i);
907 kunmap_atomic(kaddr);
909 } else if (unlikely(iov_iter_is_discard(i)))
911 else if (likely(!iov_iter_is_pipe(i)))
912 return copy_page_to_iter_iovec(page, offset, bytes, i);
914 return copy_page_to_iter_pipe(page, offset, bytes, i);
916 EXPORT_SYMBOL(copy_page_to_iter);
918 size_t copy_page_from_iter(struct page *page, size_t offset, size_t bytes,
921 if (unlikely(!page_copy_sane(page, offset, bytes)))
923 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
927 if (i->type & (ITER_BVEC|ITER_KVEC)) {
928 void *kaddr = kmap_atomic(page);
929 size_t wanted = _copy_from_iter(kaddr + offset, bytes, i);
930 kunmap_atomic(kaddr);
933 return copy_page_from_iter_iovec(page, offset, bytes, i);
935 EXPORT_SYMBOL(copy_page_from_iter);
937 static size_t pipe_zero(size_t bytes, struct iov_iter *i)
939 struct pipe_inode_info *pipe = i->pipe;
940 unsigned int p_mask = pipe->ring_size - 1;
947 bytes = n = push_pipe(i, bytes, &i_head, &off);
952 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
953 memzero_page(pipe->bufs[i_head & p_mask].page, off, chunk);
955 i->iov_offset = off + chunk;
964 size_t iov_iter_zero(size_t bytes, struct iov_iter *i)
966 if (unlikely(iov_iter_is_pipe(i)))
967 return pipe_zero(bytes, i);
968 iterate_and_advance(i, bytes, v,
969 clear_user(v.iov_base, v.iov_len),
970 memzero_page(v.bv_page, v.bv_offset, v.bv_len),
971 memset(v.iov_base, 0, v.iov_len)
976 EXPORT_SYMBOL(iov_iter_zero);
978 size_t iov_iter_copy_from_user_atomic(struct page *page,
979 struct iov_iter *i, unsigned long offset, size_t bytes)
981 char *kaddr = kmap_atomic(page), *p = kaddr + offset;
982 if (unlikely(!page_copy_sane(page, offset, bytes))) {
983 kunmap_atomic(kaddr);
986 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
987 kunmap_atomic(kaddr);
991 iterate_all_kinds(i, bytes, v,
992 copyin((p += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
993 memcpy_from_page((p += v.bv_len) - v.bv_len, v.bv_page,
994 v.bv_offset, v.bv_len),
995 memcpy((p += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
997 kunmap_atomic(kaddr);
1000 EXPORT_SYMBOL(iov_iter_copy_from_user_atomic);
1002 static inline void pipe_truncate(struct iov_iter *i)
1004 struct pipe_inode_info *pipe = i->pipe;
1005 unsigned int p_tail = pipe->tail;
1006 unsigned int p_head = pipe->head;
1007 unsigned int p_mask = pipe->ring_size - 1;
1009 if (!pipe_empty(p_head, p_tail)) {
1010 struct pipe_buffer *buf;
1011 unsigned int i_head = i->head;
1012 size_t off = i->iov_offset;
1015 buf = &pipe->bufs[i_head & p_mask];
1016 buf->len = off - buf->offset;
1019 while (p_head != i_head) {
1021 pipe_buf_release(pipe, &pipe->bufs[p_head & p_mask]);
1024 pipe->head = p_head;
1028 static void pipe_advance(struct iov_iter *i, size_t size)
1030 struct pipe_inode_info *pipe = i->pipe;
1031 if (unlikely(i->count < size))
1034 struct pipe_buffer *buf;
1035 unsigned int p_mask = pipe->ring_size - 1;
1036 unsigned int i_head = i->head;
1037 size_t off = i->iov_offset, left = size;
1039 if (off) /* make it relative to the beginning of buffer */
1040 left += off - pipe->bufs[i_head & p_mask].offset;
1042 buf = &pipe->bufs[i_head & p_mask];
1043 if (left <= buf->len)
1049 i->iov_offset = buf->offset + left;
1052 /* ... and discard everything past that point */
1056 static void iov_iter_bvec_advance(struct iov_iter *i, size_t size)
1058 struct bvec_iter bi;
1060 bi.bi_size = i->count;
1061 bi.bi_bvec_done = i->iov_offset;
1063 bvec_iter_advance(i->bvec, &bi, size);
1065 i->bvec += bi.bi_idx;
1066 i->nr_segs -= bi.bi_idx;
1067 i->count = bi.bi_size;
1068 i->iov_offset = bi.bi_bvec_done;
1071 void iov_iter_advance(struct iov_iter *i, size_t size)
1073 if (unlikely(iov_iter_is_pipe(i))) {
1074 pipe_advance(i, size);
1077 if (unlikely(iov_iter_is_discard(i))) {
1081 if (iov_iter_is_bvec(i)) {
1082 iov_iter_bvec_advance(i, size);
1085 iterate_and_advance(i, size, v, 0, 0, 0)
1087 EXPORT_SYMBOL(iov_iter_advance);
1089 void iov_iter_revert(struct iov_iter *i, size_t unroll)
1093 if (WARN_ON(unroll > MAX_RW_COUNT))
1096 if (unlikely(iov_iter_is_pipe(i))) {
1097 struct pipe_inode_info *pipe = i->pipe;
1098 unsigned int p_mask = pipe->ring_size - 1;
1099 unsigned int i_head = i->head;
1100 size_t off = i->iov_offset;
1102 struct pipe_buffer *b = &pipe->bufs[i_head & p_mask];
1103 size_t n = off - b->offset;
1109 if (!unroll && i_head == i->start_head) {
1114 b = &pipe->bufs[i_head & p_mask];
1115 off = b->offset + b->len;
1117 i->iov_offset = off;
1122 if (unlikely(iov_iter_is_discard(i)))
1124 if (unroll <= i->iov_offset) {
1125 i->iov_offset -= unroll;
1128 unroll -= i->iov_offset;
1129 if (iov_iter_is_bvec(i)) {
1130 const struct bio_vec *bvec = i->bvec;
1132 size_t n = (--bvec)->bv_len;
1136 i->iov_offset = n - unroll;
1141 } else { /* same logics for iovec and kvec */
1142 const struct iovec *iov = i->iov;
1144 size_t n = (--iov)->iov_len;
1148 i->iov_offset = n - unroll;
1155 EXPORT_SYMBOL(iov_iter_revert);
1158 * Return the count of just the current iov_iter segment.
1160 size_t iov_iter_single_seg_count(const struct iov_iter *i)
1162 if (unlikely(iov_iter_is_pipe(i)))
1163 return i->count; // it is a silly place, anyway
1164 if (i->nr_segs == 1)
1166 if (unlikely(iov_iter_is_discard(i)))
1168 else if (iov_iter_is_bvec(i))
1169 return min(i->count, i->bvec->bv_len - i->iov_offset);
1171 return min(i->count, i->iov->iov_len - i->iov_offset);
1173 EXPORT_SYMBOL(iov_iter_single_seg_count);
1175 void iov_iter_kvec(struct iov_iter *i, unsigned int direction,
1176 const struct kvec *kvec, unsigned long nr_segs,
1179 WARN_ON(direction & ~(READ | WRITE));
1180 i->type = ITER_KVEC | (direction & (READ | WRITE));
1182 i->nr_segs = nr_segs;
1186 EXPORT_SYMBOL(iov_iter_kvec);
1188 void iov_iter_bvec(struct iov_iter *i, unsigned int direction,
1189 const struct bio_vec *bvec, unsigned long nr_segs,
1192 WARN_ON(direction & ~(READ | WRITE));
1193 i->type = ITER_BVEC | (direction & (READ | WRITE));
1195 i->nr_segs = nr_segs;
1199 EXPORT_SYMBOL(iov_iter_bvec);
1201 void iov_iter_pipe(struct iov_iter *i, unsigned int direction,
1202 struct pipe_inode_info *pipe,
1205 BUG_ON(direction != READ);
1206 WARN_ON(pipe_full(pipe->head, pipe->tail, pipe->ring_size));
1207 i->type = ITER_PIPE | READ;
1209 i->head = pipe->head;
1212 i->start_head = i->head;
1214 EXPORT_SYMBOL(iov_iter_pipe);
1217 * iov_iter_discard - Initialise an I/O iterator that discards data
1218 * @i: The iterator to initialise.
1219 * @direction: The direction of the transfer.
1220 * @count: The size of the I/O buffer in bytes.
1222 * Set up an I/O iterator that just discards everything that's written to it.
1223 * It's only available as a READ iterator.
1225 void iov_iter_discard(struct iov_iter *i, unsigned int direction, size_t count)
1227 BUG_ON(direction != READ);
1228 i->type = ITER_DISCARD | READ;
1232 EXPORT_SYMBOL(iov_iter_discard);
1234 unsigned long iov_iter_alignment(const struct iov_iter *i)
1236 unsigned long res = 0;
1237 size_t size = i->count;
1239 if (unlikely(iov_iter_is_pipe(i))) {
1240 unsigned int p_mask = i->pipe->ring_size - 1;
1242 if (size && i->iov_offset && allocated(&i->pipe->bufs[i->head & p_mask]))
1243 return size | i->iov_offset;
1246 iterate_all_kinds(i, size, v,
1247 (res |= (unsigned long)v.iov_base | v.iov_len, 0),
1248 res |= v.bv_offset | v.bv_len,
1249 res |= (unsigned long)v.iov_base | v.iov_len
1253 EXPORT_SYMBOL(iov_iter_alignment);
1255 unsigned long iov_iter_gap_alignment(const struct iov_iter *i)
1257 unsigned long res = 0;
1258 size_t size = i->count;
1260 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1265 iterate_all_kinds(i, size, v,
1266 (res |= (!res ? 0 : (unsigned long)v.iov_base) |
1267 (size != v.iov_len ? size : 0), 0),
1268 (res |= (!res ? 0 : (unsigned long)v.bv_offset) |
1269 (size != v.bv_len ? size : 0)),
1270 (res |= (!res ? 0 : (unsigned long)v.iov_base) |
1271 (size != v.iov_len ? size : 0))
1275 EXPORT_SYMBOL(iov_iter_gap_alignment);
1277 static inline ssize_t __pipe_get_pages(struct iov_iter *i,
1279 struct page **pages,
1283 struct pipe_inode_info *pipe = i->pipe;
1284 unsigned int p_mask = pipe->ring_size - 1;
1285 ssize_t n = push_pipe(i, maxsize, &iter_head, start);
1292 get_page(*pages++ = pipe->bufs[iter_head & p_mask].page);
1300 static ssize_t pipe_get_pages(struct iov_iter *i,
1301 struct page **pages, size_t maxsize, unsigned maxpages,
1304 unsigned int iter_head, npages;
1313 data_start(i, &iter_head, start);
1314 /* Amount of free space: some of this one + all after this one */
1315 npages = pipe_space_for_user(iter_head, i->pipe->tail, i->pipe);
1316 capacity = min(npages, maxpages) * PAGE_SIZE - *start;
1318 return __pipe_get_pages(i, min(maxsize, capacity), pages, iter_head, start);
1321 ssize_t iov_iter_get_pages(struct iov_iter *i,
1322 struct page **pages, size_t maxsize, unsigned maxpages,
1325 if (maxsize > i->count)
1328 if (unlikely(iov_iter_is_pipe(i)))
1329 return pipe_get_pages(i, pages, maxsize, maxpages, start);
1330 if (unlikely(iov_iter_is_discard(i)))
1333 iterate_all_kinds(i, maxsize, v, ({
1334 unsigned long addr = (unsigned long)v.iov_base;
1335 size_t len = v.iov_len + (*start = addr & (PAGE_SIZE - 1));
1339 if (len > maxpages * PAGE_SIZE)
1340 len = maxpages * PAGE_SIZE;
1341 addr &= ~(PAGE_SIZE - 1);
1342 n = DIV_ROUND_UP(len, PAGE_SIZE);
1343 res = get_user_pages_fast(addr, n,
1344 iov_iter_rw(i) != WRITE ? FOLL_WRITE : 0,
1346 if (unlikely(res < 0))
1348 return (res == n ? len : res * PAGE_SIZE) - *start;
1350 /* can't be more than PAGE_SIZE */
1351 *start = v.bv_offset;
1352 get_page(*pages = v.bv_page);
1360 EXPORT_SYMBOL(iov_iter_get_pages);
1362 static struct page **get_pages_array(size_t n)
1364 return kvmalloc_array(n, sizeof(struct page *), GFP_KERNEL);
1367 static ssize_t pipe_get_pages_alloc(struct iov_iter *i,
1368 struct page ***pages, size_t maxsize,
1372 unsigned int iter_head, npages;
1381 data_start(i, &iter_head, start);
1382 /* Amount of free space: some of this one + all after this one */
1383 npages = pipe_space_for_user(iter_head, i->pipe->tail, i->pipe);
1384 n = npages * PAGE_SIZE - *start;
1388 npages = DIV_ROUND_UP(maxsize + *start, PAGE_SIZE);
1389 p = get_pages_array(npages);
1392 n = __pipe_get_pages(i, maxsize, p, iter_head, start);
1400 ssize_t iov_iter_get_pages_alloc(struct iov_iter *i,
1401 struct page ***pages, size_t maxsize,
1406 if (maxsize > i->count)
1409 if (unlikely(iov_iter_is_pipe(i)))
1410 return pipe_get_pages_alloc(i, pages, maxsize, start);
1411 if (unlikely(iov_iter_is_discard(i)))
1414 iterate_all_kinds(i, maxsize, v, ({
1415 unsigned long addr = (unsigned long)v.iov_base;
1416 size_t len = v.iov_len + (*start = addr & (PAGE_SIZE - 1));
1420 addr &= ~(PAGE_SIZE - 1);
1421 n = DIV_ROUND_UP(len, PAGE_SIZE);
1422 p = get_pages_array(n);
1425 res = get_user_pages_fast(addr, n,
1426 iov_iter_rw(i) != WRITE ? FOLL_WRITE : 0, p);
1427 if (unlikely(res < 0)) {
1432 return (res == n ? len : res * PAGE_SIZE) - *start;
1434 /* can't be more than PAGE_SIZE */
1435 *start = v.bv_offset;
1436 *pages = p = get_pages_array(1);
1439 get_page(*p = v.bv_page);
1447 EXPORT_SYMBOL(iov_iter_get_pages_alloc);
1449 size_t csum_and_copy_from_iter(void *addr, size_t bytes, __wsum *csum,
1456 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1460 iterate_and_advance(i, bytes, v, ({
1461 next = csum_and_copy_from_user(v.iov_base,
1462 (to += v.iov_len) - v.iov_len,
1465 sum = csum_block_add(sum, next, off);
1468 next ? 0 : v.iov_len;
1470 char *p = kmap_atomic(v.bv_page);
1471 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1472 p + v.bv_offset, v.bv_len,
1477 sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
1478 v.iov_base, v.iov_len,
1486 EXPORT_SYMBOL(csum_and_copy_from_iter);
1488 bool csum_and_copy_from_iter_full(void *addr, size_t bytes, __wsum *csum,
1495 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1499 if (unlikely(i->count < bytes))
1501 iterate_all_kinds(i, bytes, v, ({
1502 next = csum_and_copy_from_user(v.iov_base,
1503 (to += v.iov_len) - v.iov_len,
1507 sum = csum_block_add(sum, next, off);
1511 char *p = kmap_atomic(v.bv_page);
1512 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1513 p + v.bv_offset, v.bv_len,
1518 sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
1519 v.iov_base, v.iov_len,
1525 iov_iter_advance(i, bytes);
1528 EXPORT_SYMBOL(csum_and_copy_from_iter_full);
1530 size_t csum_and_copy_to_iter(const void *addr, size_t bytes, void *_csstate,
1533 struct csum_state *csstate = _csstate;
1534 const char *from = addr;
1538 if (unlikely(iov_iter_is_pipe(i)))
1539 return csum_and_copy_to_pipe_iter(addr, bytes, _csstate, i);
1541 sum = csstate->csum;
1543 if (unlikely(iov_iter_is_discard(i))) {
1544 WARN_ON(1); /* for now */
1547 iterate_and_advance(i, bytes, v, ({
1548 next = csum_and_copy_to_user((from += v.iov_len) - v.iov_len,
1552 sum = csum_block_add(sum, next, off);
1555 next ? 0 : v.iov_len;
1557 char *p = kmap_atomic(v.bv_page);
1558 sum = csum_and_memcpy(p + v.bv_offset,
1559 (from += v.bv_len) - v.bv_len,
1560 v.bv_len, sum, off);
1564 sum = csum_and_memcpy(v.iov_base,
1565 (from += v.iov_len) - v.iov_len,
1566 v.iov_len, sum, off);
1570 csstate->csum = sum;
1574 EXPORT_SYMBOL(csum_and_copy_to_iter);
1576 size_t hash_and_copy_to_iter(const void *addr, size_t bytes, void *hashp,
1579 #ifdef CONFIG_CRYPTO_HASH
1580 struct ahash_request *hash = hashp;
1581 struct scatterlist sg;
1584 copied = copy_to_iter(addr, bytes, i);
1585 sg_init_one(&sg, addr, copied);
1586 ahash_request_set_crypt(hash, &sg, NULL, copied);
1587 crypto_ahash_update(hash);
1593 EXPORT_SYMBOL(hash_and_copy_to_iter);
1595 int iov_iter_npages(const struct iov_iter *i, int maxpages)
1597 size_t size = i->count;
1602 if (unlikely(iov_iter_is_discard(i)))
1605 if (unlikely(iov_iter_is_pipe(i))) {
1606 struct pipe_inode_info *pipe = i->pipe;
1607 unsigned int iter_head;
1613 data_start(i, &iter_head, &off);
1614 /* some of this one + all after this one */
1615 npages = pipe_space_for_user(iter_head, pipe->tail, pipe);
1616 if (npages >= maxpages)
1618 } else iterate_all_kinds(i, size, v, ({
1619 unsigned long p = (unsigned long)v.iov_base;
1620 npages += DIV_ROUND_UP(p + v.iov_len, PAGE_SIZE)
1622 if (npages >= maxpages)
1626 if (npages >= maxpages)
1629 unsigned long p = (unsigned long)v.iov_base;
1630 npages += DIV_ROUND_UP(p + v.iov_len, PAGE_SIZE)
1632 if (npages >= maxpages)
1638 EXPORT_SYMBOL(iov_iter_npages);
1640 const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags)
1643 if (unlikely(iov_iter_is_pipe(new))) {
1647 if (unlikely(iov_iter_is_discard(new)))
1649 if (iov_iter_is_bvec(new))
1650 return new->bvec = kmemdup(new->bvec,
1651 new->nr_segs * sizeof(struct bio_vec),
1654 /* iovec and kvec have identical layout */
1655 return new->iov = kmemdup(new->iov,
1656 new->nr_segs * sizeof(struct iovec),
1659 EXPORT_SYMBOL(dup_iter);
1661 static int copy_compat_iovec_from_user(struct iovec *iov,
1662 const struct iovec __user *uvec, unsigned long nr_segs)
1664 const struct compat_iovec __user *uiov =
1665 (const struct compat_iovec __user *)uvec;
1666 int ret = -EFAULT, i;
1668 if (!user_access_begin(uiov, nr_segs * sizeof(*uiov)))
1671 for (i = 0; i < nr_segs; i++) {
1675 unsafe_get_user(len, &uiov[i].iov_len, uaccess_end);
1676 unsafe_get_user(buf, &uiov[i].iov_base, uaccess_end);
1678 /* check for compat_size_t not fitting in compat_ssize_t .. */
1683 iov[i].iov_base = compat_ptr(buf);
1684 iov[i].iov_len = len;
1693 static int copy_iovec_from_user(struct iovec *iov,
1694 const struct iovec __user *uvec, unsigned long nr_segs)
1698 if (copy_from_user(iov, uvec, nr_segs * sizeof(*uvec)))
1700 for (seg = 0; seg < nr_segs; seg++) {
1701 if ((ssize_t)iov[seg].iov_len < 0)
1708 struct iovec *iovec_from_user(const struct iovec __user *uvec,
1709 unsigned long nr_segs, unsigned long fast_segs,
1710 struct iovec *fast_iov, bool compat)
1712 struct iovec *iov = fast_iov;
1716 * SuS says "The readv() function *may* fail if the iovcnt argument was
1717 * less than or equal to 0, or greater than {IOV_MAX}. Linux has
1718 * traditionally returned zero for zero segments, so...
1722 if (nr_segs > UIO_MAXIOV)
1723 return ERR_PTR(-EINVAL);
1724 if (nr_segs > fast_segs) {
1725 iov = kmalloc_array(nr_segs, sizeof(struct iovec), GFP_KERNEL);
1727 return ERR_PTR(-ENOMEM);
1731 ret = copy_compat_iovec_from_user(iov, uvec, nr_segs);
1733 ret = copy_iovec_from_user(iov, uvec, nr_segs);
1735 if (iov != fast_iov)
1737 return ERR_PTR(ret);
1743 ssize_t __import_iovec(int type, const struct iovec __user *uvec,
1744 unsigned nr_segs, unsigned fast_segs, struct iovec **iovp,
1745 struct iov_iter *i, bool compat)
1747 ssize_t total_len = 0;
1751 iov = iovec_from_user(uvec, nr_segs, fast_segs, *iovp, compat);
1754 return PTR_ERR(iov);
1758 * According to the Single Unix Specification we should return EINVAL if
1759 * an element length is < 0 when cast to ssize_t or if the total length
1760 * would overflow the ssize_t return value of the system call.
1762 * Linux caps all read/write calls to MAX_RW_COUNT, and avoids the
1765 for (seg = 0; seg < nr_segs; seg++) {
1766 ssize_t len = (ssize_t)iov[seg].iov_len;
1768 if (!access_ok(iov[seg].iov_base, len)) {
1775 if (len > MAX_RW_COUNT - total_len) {
1776 len = MAX_RW_COUNT - total_len;
1777 iov[seg].iov_len = len;
1782 iov_iter_init(i, type, iov, nr_segs, total_len);
1791 * import_iovec() - Copy an array of &struct iovec from userspace
1792 * into the kernel, check that it is valid, and initialize a new
1793 * &struct iov_iter iterator to access it.
1795 * @type: One of %READ or %WRITE.
1796 * @uvec: Pointer to the userspace array.
1797 * @nr_segs: Number of elements in userspace array.
1798 * @fast_segs: Number of elements in @iov.
1799 * @iovp: (input and output parameter) Pointer to pointer to (usually small
1800 * on-stack) kernel array.
1801 * @i: Pointer to iterator that will be initialized on success.
1803 * If the array pointed to by *@iov is large enough to hold all @nr_segs,
1804 * then this function places %NULL in *@iov on return. Otherwise, a new
1805 * array will be allocated and the result placed in *@iov. This means that
1806 * the caller may call kfree() on *@iov regardless of whether the small
1807 * on-stack array was used or not (and regardless of whether this function
1808 * returns an error or not).
1810 * Return: Negative error code on error, bytes imported on success
1812 ssize_t import_iovec(int type, const struct iovec __user *uvec,
1813 unsigned nr_segs, unsigned fast_segs,
1814 struct iovec **iovp, struct iov_iter *i)
1816 return __import_iovec(type, uvec, nr_segs, fast_segs, iovp, i,
1817 in_compat_syscall());
1819 EXPORT_SYMBOL(import_iovec);
1821 int import_single_range(int rw, void __user *buf, size_t len,
1822 struct iovec *iov, struct iov_iter *i)
1824 if (len > MAX_RW_COUNT)
1826 if (unlikely(!access_ok(buf, len)))
1829 iov->iov_base = buf;
1831 iov_iter_init(i, rw, iov, 1, len);
1834 EXPORT_SYMBOL(import_single_range);
1836 int iov_iter_for_each_range(struct iov_iter *i, size_t bytes,
1837 int (*f)(struct kvec *vec, void *context),
1845 iterate_all_kinds(i, bytes, v, -EINVAL, ({
1846 w.iov_base = kmap(v.bv_page) + v.bv_offset;
1847 w.iov_len = v.bv_len;
1848 err = f(&w, context);
1852 err = f(&w, context);})
1856 EXPORT_SYMBOL(iov_iter_for_each_range);
projects / linux-2.6-microblaze.git / blob