1 // SPDX-License-Identifier: GPL-2.0-only
2 #include <crypto/hash.h>
3 #include <linux/export.h>
4 #include <linux/bvec.h>
5 #include <linux/fault-inject-usercopy.h>
7 #include <linux/pagemap.h>
8 #include <linux/highmem.h>
9 #include <linux/slab.h>
10 #include <linux/vmalloc.h>
11 #include <linux/splice.h>
12 #include <linux/compat.h>
13 #include <net/checksum.h>
14 #include <linux/scatterlist.h>
15 #include <linux/instrumented.h>
17 #define PIPE_PARANOIA /* for now */
19 #define iterate_iovec(i, n, __v, __p, skip, STEP) { \
23 __v.iov_len = min(n, __p->iov_len - skip); \
24 if (likely(__v.iov_len)) { \
25 __v.iov_base = __p->iov_base + skip; \
27 __v.iov_len -= left; \
28 skip += __v.iov_len; \
33 while (unlikely(!left && n)) { \
35 __v.iov_len = min(n, __p->iov_len); \
36 if (unlikely(!__v.iov_len)) \
38 __v.iov_base = __p->iov_base; \
40 __v.iov_len -= left; \
47 #define iterate_kvec(i, n, __v, __p, skip, STEP) { \
50 __v.iov_len = min(n, __p->iov_len - skip); \
51 if (likely(__v.iov_len)) { \
52 __v.iov_base = __p->iov_base + skip; \
54 skip += __v.iov_len; \
57 while (unlikely(n)) { \
59 __v.iov_len = min(n, __p->iov_len); \
60 if (unlikely(!__v.iov_len)) \
62 __v.iov_base = __p->iov_base; \
70 #define iterate_bvec(i, n, __v, __bi, skip, STEP) { \
71 struct bvec_iter __start; \
72 __start.bi_size = n; \
73 __start.bi_bvec_done = skip; \
75 for_each_bvec(__v, i->bvec, __bi, __start) { \
80 #define iterate_xarray(i, n, __v, skip, STEP) { \
81 struct page *head = NULL; \
82 size_t wanted = n, seg, offset; \
83 loff_t start = i->xarray_start + skip; \
84 pgoff_t index = start >> PAGE_SHIFT; \
87 XA_STATE(xas, i->xarray, index); \
90 xas_for_each(&xas, head, ULONG_MAX) { \
91 if (xas_retry(&xas, head)) \
93 if (WARN_ON(xa_is_value(head))) \
95 if (WARN_ON(PageHuge(head))) \
97 for (j = (head->index < index) ? index - head->index : 0; \
98 j < thp_nr_pages(head); j++) { \
99 __v.bv_page = head + j; \
100 offset = (i->xarray_start + skip) & ~PAGE_MASK; \
101 seg = PAGE_SIZE - offset; \
102 __v.bv_offset = offset; \
103 __v.bv_len = min(n, seg); \
106 skip += __v.bv_len; \
117 #define iterate_all_kinds(i, n, v, I, B, K, X) { \
119 size_t skip = i->iov_offset; \
120 if (unlikely(i->type & ITER_BVEC)) { \
122 struct bvec_iter __bi; \
123 iterate_bvec(i, n, v, __bi, skip, (B)) \
124 } else if (unlikely(i->type & ITER_KVEC)) { \
125 const struct kvec *kvec; \
127 iterate_kvec(i, n, v, kvec, skip, (K)) \
128 } else if (unlikely(i->type & ITER_DISCARD)) { \
129 } else if (unlikely(i->type & ITER_XARRAY)) { \
131 iterate_xarray(i, n, v, skip, (X)); \
133 const struct iovec *iov; \
135 iterate_iovec(i, n, v, iov, skip, (I)) \
140 #define iterate_and_advance(i, n, v, I, B, K, X) { \
141 if (unlikely(i->count < n)) \
144 size_t skip = i->iov_offset; \
145 if (unlikely(i->type & ITER_BVEC)) { \
146 const struct bio_vec *bvec = i->bvec; \
148 struct bvec_iter __bi; \
149 iterate_bvec(i, n, v, __bi, skip, (B)) \
150 i->bvec = __bvec_iter_bvec(i->bvec, __bi); \
151 i->nr_segs -= i->bvec - bvec; \
152 skip = __bi.bi_bvec_done; \
153 } else if (unlikely(i->type & ITER_KVEC)) { \
154 const struct kvec *kvec; \
156 iterate_kvec(i, n, v, kvec, skip, (K)) \
157 if (skip == kvec->iov_len) { \
161 i->nr_segs -= kvec - i->kvec; \
163 } else if (unlikely(i->type & ITER_DISCARD)) { \
165 } else if (unlikely(i->type & ITER_XARRAY)) { \
167 iterate_xarray(i, n, v, skip, (X)) \
169 const struct iovec *iov; \
171 iterate_iovec(i, n, v, iov, skip, (I)) \
172 if (skip == iov->iov_len) { \
176 i->nr_segs -= iov - i->iov; \
180 i->iov_offset = skip; \
184 static int copyout(void __user *to, const void *from, size_t n)
186 if (should_fail_usercopy())
188 if (access_ok(to, n)) {
189 instrument_copy_to_user(to, from, n);
190 n = raw_copy_to_user(to, from, n);
195 static int copyin(void *to, const void __user *from, size_t n)
197 if (should_fail_usercopy())
199 if (access_ok(from, n)) {
200 instrument_copy_from_user(to, from, n);
201 n = raw_copy_from_user(to, from, n);
206 static size_t copy_page_to_iter_iovec(struct page *page, size_t offset, size_t bytes,
209 size_t skip, copy, left, wanted;
210 const struct iovec *iov;
214 if (unlikely(bytes > i->count))
217 if (unlikely(!bytes))
223 skip = i->iov_offset;
224 buf = iov->iov_base + skip;
225 copy = min(bytes, iov->iov_len - skip);
227 if (IS_ENABLED(CONFIG_HIGHMEM) && !fault_in_pages_writeable(buf, copy)) {
228 kaddr = kmap_atomic(page);
229 from = kaddr + offset;
231 /* first chunk, usually the only one */
232 left = copyout(buf, from, copy);
238 while (unlikely(!left && bytes)) {
241 copy = min(bytes, iov->iov_len);
242 left = copyout(buf, from, copy);
248 if (likely(!bytes)) {
249 kunmap_atomic(kaddr);
252 offset = from - kaddr;
254 kunmap_atomic(kaddr);
255 copy = min(bytes, iov->iov_len - skip);
257 /* Too bad - revert to non-atomic kmap */
260 from = kaddr + offset;
261 left = copyout(buf, from, copy);
266 while (unlikely(!left && bytes)) {
269 copy = min(bytes, iov->iov_len);
270 left = copyout(buf, from, copy);
279 if (skip == iov->iov_len) {
283 i->count -= wanted - bytes;
284 i->nr_segs -= iov - i->iov;
286 i->iov_offset = skip;
287 return wanted - bytes;
290 static size_t copy_page_from_iter_iovec(struct page *page, size_t offset, size_t bytes,
293 size_t skip, copy, left, wanted;
294 const struct iovec *iov;
298 if (unlikely(bytes > i->count))
301 if (unlikely(!bytes))
307 skip = i->iov_offset;
308 buf = iov->iov_base + skip;
309 copy = min(bytes, iov->iov_len - skip);
311 if (IS_ENABLED(CONFIG_HIGHMEM) && !fault_in_pages_readable(buf, copy)) {
312 kaddr = kmap_atomic(page);
315 /* first chunk, usually the only one */
316 left = copyin(to, buf, copy);
322 while (unlikely(!left && bytes)) {
325 copy = min(bytes, iov->iov_len);
326 left = copyin(to, buf, copy);
332 if (likely(!bytes)) {
333 kunmap_atomic(kaddr);
338 kunmap_atomic(kaddr);
339 copy = min(bytes, iov->iov_len - skip);
341 /* Too bad - revert to non-atomic kmap */
345 left = copyin(to, buf, copy);
350 while (unlikely(!left && bytes)) {
353 copy = min(bytes, iov->iov_len);
354 left = copyin(to, buf, copy);
363 if (skip == iov->iov_len) {
367 i->count -= wanted - bytes;
368 i->nr_segs -= iov - i->iov;
370 i->iov_offset = skip;
371 return wanted - bytes;
375 static bool sanity(const struct iov_iter *i)
377 struct pipe_inode_info *pipe = i->pipe;
378 unsigned int p_head = pipe->head;
379 unsigned int p_tail = pipe->tail;
380 unsigned int p_mask = pipe->ring_size - 1;
381 unsigned int p_occupancy = pipe_occupancy(p_head, p_tail);
382 unsigned int i_head = i->head;
386 struct pipe_buffer *p;
387 if (unlikely(p_occupancy == 0))
388 goto Bad; // pipe must be non-empty
389 if (unlikely(i_head != p_head - 1))
390 goto Bad; // must be at the last buffer...
392 p = &pipe->bufs[i_head & p_mask];
393 if (unlikely(p->offset + p->len != i->iov_offset))
394 goto Bad; // ... at the end of segment
396 if (i_head != p_head)
397 goto Bad; // must be right after the last buffer
401 printk(KERN_ERR "idx = %d, offset = %zd\n", i_head, i->iov_offset);
402 printk(KERN_ERR "head = %d, tail = %d, buffers = %d\n",
403 p_head, p_tail, pipe->ring_size);
404 for (idx = 0; idx < pipe->ring_size; idx++)
405 printk(KERN_ERR "[%p %p %d %d]\n",
407 pipe->bufs[idx].page,
408 pipe->bufs[idx].offset,
409 pipe->bufs[idx].len);
414 #define sanity(i) true
417 static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t bytes,
420 struct pipe_inode_info *pipe = i->pipe;
421 struct pipe_buffer *buf;
422 unsigned int p_tail = pipe->tail;
423 unsigned int p_mask = pipe->ring_size - 1;
424 unsigned int i_head = i->head;
427 if (unlikely(bytes > i->count))
430 if (unlikely(!bytes))
437 buf = &pipe->bufs[i_head & p_mask];
439 if (offset == off && buf->page == page) {
440 /* merge with the last one */
442 i->iov_offset += bytes;
446 buf = &pipe->bufs[i_head & p_mask];
448 if (pipe_full(i_head, p_tail, pipe->max_usage))
451 buf->ops = &page_cache_pipe_buf_ops;
454 buf->offset = offset;
457 pipe->head = i_head + 1;
458 i->iov_offset = offset + bytes;
466 * Fault in one or more iovecs of the given iov_iter, to a maximum length of
467 * bytes. For each iovec, fault in each page that constitutes the iovec.
469 * Return 0 on success, or non-zero if the memory could not be accessed (i.e.
470 * because it is an invalid address).
472 int iov_iter_fault_in_readable(struct iov_iter *i, size_t bytes)
474 size_t skip = i->iov_offset;
475 const struct iovec *iov;
479 if (iter_is_iovec(i)) {
480 iterate_iovec(i, bytes, v, iov, skip, ({
481 err = fault_in_pages_readable(v.iov_base, v.iov_len);
488 EXPORT_SYMBOL(iov_iter_fault_in_readable);
490 void iov_iter_init(struct iov_iter *i, unsigned int direction,
491 const struct iovec *iov, unsigned long nr_segs,
494 WARN_ON(direction & ~(READ | WRITE));
495 direction &= READ | WRITE;
497 /* It will get better. Eventually... */
498 if (uaccess_kernel()) {
499 i->type = ITER_KVEC | direction;
500 i->kvec = (struct kvec *)iov;
502 i->type = ITER_IOVEC | direction;
505 i->nr_segs = nr_segs;
509 EXPORT_SYMBOL(iov_iter_init);
511 static inline bool allocated(struct pipe_buffer *buf)
513 return buf->ops == &default_pipe_buf_ops;
516 static inline void data_start(const struct iov_iter *i,
517 unsigned int *iter_headp, size_t *offp)
519 unsigned int p_mask = i->pipe->ring_size - 1;
520 unsigned int iter_head = i->head;
521 size_t off = i->iov_offset;
523 if (off && (!allocated(&i->pipe->bufs[iter_head & p_mask]) ||
528 *iter_headp = iter_head;
532 static size_t push_pipe(struct iov_iter *i, size_t size,
533 int *iter_headp, size_t *offp)
535 struct pipe_inode_info *pipe = i->pipe;
536 unsigned int p_tail = pipe->tail;
537 unsigned int p_mask = pipe->ring_size - 1;
538 unsigned int iter_head;
542 if (unlikely(size > i->count))
548 data_start(i, &iter_head, &off);
549 *iter_headp = iter_head;
552 left -= PAGE_SIZE - off;
554 pipe->bufs[iter_head & p_mask].len += size;
557 pipe->bufs[iter_head & p_mask].len = PAGE_SIZE;
560 while (!pipe_full(iter_head, p_tail, pipe->max_usage)) {
561 struct pipe_buffer *buf = &pipe->bufs[iter_head & p_mask];
562 struct page *page = alloc_page(GFP_USER);
566 buf->ops = &default_pipe_buf_ops;
569 buf->len = min_t(ssize_t, left, PAGE_SIZE);
572 pipe->head = iter_head;
580 static size_t copy_pipe_to_iter(const void *addr, size_t bytes,
583 struct pipe_inode_info *pipe = i->pipe;
584 unsigned int p_mask = pipe->ring_size - 1;
591 bytes = n = push_pipe(i, bytes, &i_head, &off);
595 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
596 memcpy_to_page(pipe->bufs[i_head & p_mask].page, off, addr, chunk);
598 i->iov_offset = off + chunk;
608 static __wsum csum_and_memcpy(void *to, const void *from, size_t len,
609 __wsum sum, size_t off)
611 __wsum next = csum_partial_copy_nocheck(from, to, len);
612 return csum_block_add(sum, next, off);
615 static size_t csum_and_copy_to_pipe_iter(const void *addr, size_t bytes,
616 struct csum_state *csstate,
619 struct pipe_inode_info *pipe = i->pipe;
620 unsigned int p_mask = pipe->ring_size - 1;
621 __wsum sum = csstate->csum;
622 size_t off = csstate->off;
629 bytes = n = push_pipe(i, bytes, &i_head, &r);
633 size_t chunk = min_t(size_t, n, PAGE_SIZE - r);
634 char *p = kmap_atomic(pipe->bufs[i_head & p_mask].page);
635 sum = csum_and_memcpy(p + r, addr, chunk, sum, off);
638 i->iov_offset = r + chunk;
651 size_t _copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
653 const char *from = addr;
654 if (unlikely(iov_iter_is_pipe(i)))
655 return copy_pipe_to_iter(addr, bytes, i);
656 if (iter_is_iovec(i))
658 iterate_and_advance(i, bytes, v,
659 copyout(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len),
660 memcpy_to_page(v.bv_page, v.bv_offset,
661 (from += v.bv_len) - v.bv_len, v.bv_len),
662 memcpy(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len),
663 memcpy_to_page(v.bv_page, v.bv_offset,
664 (from += v.bv_len) - v.bv_len, v.bv_len)
669 EXPORT_SYMBOL(_copy_to_iter);
671 #ifdef CONFIG_ARCH_HAS_COPY_MC
672 static int copyout_mc(void __user *to, const void *from, size_t n)
674 if (access_ok(to, n)) {
675 instrument_copy_to_user(to, from, n);
676 n = copy_mc_to_user((__force void *) to, from, n);
681 static unsigned long copy_mc_to_page(struct page *page, size_t offset,
682 const char *from, size_t len)
687 to = kmap_atomic(page);
688 ret = copy_mc_to_kernel(to + offset, from, len);
694 static size_t copy_mc_pipe_to_iter(const void *addr, size_t bytes,
697 struct pipe_inode_info *pipe = i->pipe;
698 unsigned int p_mask = pipe->ring_size - 1;
700 size_t n, off, xfer = 0;
705 bytes = n = push_pipe(i, bytes, &i_head, &off);
709 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
712 rem = copy_mc_to_page(pipe->bufs[i_head & p_mask].page,
715 i->iov_offset = off + chunk - rem;
729 * _copy_mc_to_iter - copy to iter with source memory error exception handling
730 * @addr: source kernel address
731 * @bytes: total transfer length
732 * @iter: destination iterator
734 * The pmem driver deploys this for the dax operation
735 * (dax_copy_to_iter()) for dax reads (bypass page-cache and the
736 * block-layer). Upon #MC read(2) aborts and returns EIO or the bytes
737 * successfully copied.
739 * The main differences between this and typical _copy_to_iter().
741 * * Typical tail/residue handling after a fault retries the copy
742 * byte-by-byte until the fault happens again. Re-triggering machine
743 * checks is potentially fatal so the implementation uses source
744 * alignment and poison alignment assumptions to avoid re-triggering
745 * hardware exceptions.
747 * * ITER_KVEC, ITER_PIPE, and ITER_BVEC can return short copies.
748 * Compare to copy_to_iter() where only ITER_IOVEC attempts might return
751 size_t _copy_mc_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
753 const char *from = addr;
754 unsigned long rem, curr_addr, s_addr = (unsigned long) addr;
756 if (unlikely(iov_iter_is_pipe(i)))
757 return copy_mc_pipe_to_iter(addr, bytes, i);
758 if (iter_is_iovec(i))
760 iterate_and_advance(i, bytes, v,
761 copyout_mc(v.iov_base, (from += v.iov_len) - v.iov_len,
764 rem = copy_mc_to_page(v.bv_page, v.bv_offset,
765 (from += v.bv_len) - v.bv_len, v.bv_len);
767 curr_addr = (unsigned long) from;
768 bytes = curr_addr - s_addr - rem;
773 rem = copy_mc_to_kernel(v.iov_base, (from += v.iov_len)
774 - v.iov_len, v.iov_len);
776 curr_addr = (unsigned long) from;
777 bytes = curr_addr - s_addr - rem;
782 rem = copy_mc_to_page(v.bv_page, v.bv_offset,
783 (from += v.bv_len) - v.bv_len, v.bv_len);
785 curr_addr = (unsigned long) from;
786 bytes = curr_addr - s_addr - rem;
788 i->iov_offset += bytes;
797 EXPORT_SYMBOL_GPL(_copy_mc_to_iter);
798 #endif /* CONFIG_ARCH_HAS_COPY_MC */
800 size_t _copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
803 if (unlikely(iov_iter_is_pipe(i))) {
807 if (iter_is_iovec(i))
809 iterate_and_advance(i, bytes, v,
810 copyin((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
811 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
812 v.bv_offset, v.bv_len),
813 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
814 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
815 v.bv_offset, v.bv_len)
820 EXPORT_SYMBOL(_copy_from_iter);
822 bool _copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i)
825 if (unlikely(iov_iter_is_pipe(i))) {
829 if (unlikely(i->count < bytes))
832 if (iter_is_iovec(i))
834 iterate_all_kinds(i, bytes, v, ({
835 if (copyin((to += v.iov_len) - v.iov_len,
836 v.iov_base, v.iov_len))
839 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
840 v.bv_offset, v.bv_len),
841 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
842 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
843 v.bv_offset, v.bv_len)
846 iov_iter_advance(i, bytes);
849 EXPORT_SYMBOL(_copy_from_iter_full);
851 size_t _copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
854 if (unlikely(iov_iter_is_pipe(i))) {
858 iterate_and_advance(i, bytes, v,
859 __copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
860 v.iov_base, v.iov_len),
861 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
862 v.bv_offset, v.bv_len),
863 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
864 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
865 v.bv_offset, v.bv_len)
870 EXPORT_SYMBOL(_copy_from_iter_nocache);
872 #ifdef CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE
874 * _copy_from_iter_flushcache - write destination through cpu cache
875 * @addr: destination kernel address
876 * @bytes: total transfer length
877 * @iter: source iterator
879 * The pmem driver arranges for filesystem-dax to use this facility via
880 * dax_copy_from_iter() for ensuring that writes to persistent memory
881 * are flushed through the CPU cache. It is differentiated from
882 * _copy_from_iter_nocache() in that guarantees all data is flushed for
883 * all iterator types. The _copy_from_iter_nocache() only attempts to
884 * bypass the cache for the ITER_IOVEC case, and on some archs may use
885 * instructions that strand dirty-data in the cache.
887 size_t _copy_from_iter_flushcache(void *addr, size_t bytes, struct iov_iter *i)
890 if (unlikely(iov_iter_is_pipe(i))) {
894 iterate_and_advance(i, bytes, v,
895 __copy_from_user_flushcache((to += v.iov_len) - v.iov_len,
896 v.iov_base, v.iov_len),
897 memcpy_page_flushcache((to += v.bv_len) - v.bv_len, v.bv_page,
898 v.bv_offset, v.bv_len),
899 memcpy_flushcache((to += v.iov_len) - v.iov_len, v.iov_base,
901 memcpy_page_flushcache((to += v.bv_len) - v.bv_len, v.bv_page,
902 v.bv_offset, v.bv_len)
907 EXPORT_SYMBOL_GPL(_copy_from_iter_flushcache);
910 bool _copy_from_iter_full_nocache(void *addr, size_t bytes, struct iov_iter *i)
913 if (unlikely(iov_iter_is_pipe(i))) {
917 if (unlikely(i->count < bytes))
919 iterate_all_kinds(i, bytes, v, ({
920 if (__copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
921 v.iov_base, v.iov_len))
924 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
925 v.bv_offset, v.bv_len),
926 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
927 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
928 v.bv_offset, v.bv_len)
931 iov_iter_advance(i, bytes);
934 EXPORT_SYMBOL(_copy_from_iter_full_nocache);
936 static inline bool page_copy_sane(struct page *page, size_t offset, size_t n)
939 size_t v = n + offset;
942 * The general case needs to access the page order in order
943 * to compute the page size.
944 * However, we mostly deal with order-0 pages and thus can
945 * avoid a possible cache line miss for requests that fit all
948 if (n <= v && v <= PAGE_SIZE)
951 head = compound_head(page);
952 v += (page - head) << PAGE_SHIFT;
954 if (likely(n <= v && v <= (page_size(head))))
960 static size_t __copy_page_to_iter(struct page *page, size_t offset, size_t bytes,
963 if (i->type & (ITER_BVEC | ITER_KVEC | ITER_XARRAY)) {
964 void *kaddr = kmap_atomic(page);
965 size_t wanted = copy_to_iter(kaddr + offset, bytes, i);
966 kunmap_atomic(kaddr);
968 } else if (unlikely(iov_iter_is_discard(i))) {
969 if (unlikely(i->count < bytes))
973 } else if (likely(!iov_iter_is_pipe(i)))
974 return copy_page_to_iter_iovec(page, offset, bytes, i);
976 return copy_page_to_iter_pipe(page, offset, bytes, i);
979 size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes,
983 if (unlikely(!page_copy_sane(page, offset, bytes)))
985 page += offset / PAGE_SIZE; // first subpage
988 size_t n = __copy_page_to_iter(page, offset,
989 min(bytes, (size_t)PAGE_SIZE - offset), i);
995 if (offset == PAGE_SIZE) {
1002 EXPORT_SYMBOL(copy_page_to_iter);
1004 size_t copy_page_from_iter(struct page *page, size_t offset, size_t bytes,
1007 if (unlikely(!page_copy_sane(page, offset, bytes)))
1009 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1013 if (i->type & (ITER_BVEC | ITER_KVEC | ITER_XARRAY)) {
1014 void *kaddr = kmap_atomic(page);
1015 size_t wanted = _copy_from_iter(kaddr + offset, bytes, i);
1016 kunmap_atomic(kaddr);
1019 return copy_page_from_iter_iovec(page, offset, bytes, i);
1021 EXPORT_SYMBOL(copy_page_from_iter);
1023 static size_t pipe_zero(size_t bytes, struct iov_iter *i)
1025 struct pipe_inode_info *pipe = i->pipe;
1026 unsigned int p_mask = pipe->ring_size - 1;
1027 unsigned int i_head;
1033 bytes = n = push_pipe(i, bytes, &i_head, &off);
1038 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
1039 memzero_page(pipe->bufs[i_head & p_mask].page, off, chunk);
1041 i->iov_offset = off + chunk;
1050 size_t iov_iter_zero(size_t bytes, struct iov_iter *i)
1052 if (unlikely(iov_iter_is_pipe(i)))
1053 return pipe_zero(bytes, i);
1054 iterate_and_advance(i, bytes, v,
1055 clear_user(v.iov_base, v.iov_len),
1056 memzero_page(v.bv_page, v.bv_offset, v.bv_len),
1057 memset(v.iov_base, 0, v.iov_len),
1058 memzero_page(v.bv_page, v.bv_offset, v.bv_len)
1063 EXPORT_SYMBOL(iov_iter_zero);
1065 size_t iov_iter_copy_from_user_atomic(struct page *page,
1066 struct iov_iter *i, unsigned long offset, size_t bytes)
1068 char *kaddr = kmap_atomic(page), *p = kaddr + offset;
1069 if (unlikely(!page_copy_sane(page, offset, bytes))) {
1070 kunmap_atomic(kaddr);
1073 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1074 kunmap_atomic(kaddr);
1078 iterate_all_kinds(i, bytes, v,
1079 copyin((p += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
1080 memcpy_from_page((p += v.bv_len) - v.bv_len, v.bv_page,
1081 v.bv_offset, v.bv_len),
1082 memcpy((p += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
1083 memcpy_from_page((p += v.bv_len) - v.bv_len, v.bv_page,
1084 v.bv_offset, v.bv_len)
1086 kunmap_atomic(kaddr);
1089 EXPORT_SYMBOL(iov_iter_copy_from_user_atomic);
1091 static inline void pipe_truncate(struct iov_iter *i)
1093 struct pipe_inode_info *pipe = i->pipe;
1094 unsigned int p_tail = pipe->tail;
1095 unsigned int p_head = pipe->head;
1096 unsigned int p_mask = pipe->ring_size - 1;
1098 if (!pipe_empty(p_head, p_tail)) {
1099 struct pipe_buffer *buf;
1100 unsigned int i_head = i->head;
1101 size_t off = i->iov_offset;
1104 buf = &pipe->bufs[i_head & p_mask];
1105 buf->len = off - buf->offset;
1108 while (p_head != i_head) {
1110 pipe_buf_release(pipe, &pipe->bufs[p_head & p_mask]);
1113 pipe->head = p_head;
1117 static void pipe_advance(struct iov_iter *i, size_t size)
1119 struct pipe_inode_info *pipe = i->pipe;
1121 struct pipe_buffer *buf;
1122 unsigned int p_mask = pipe->ring_size - 1;
1123 unsigned int i_head = i->head;
1124 size_t off = i->iov_offset, left = size;
1126 if (off) /* make it relative to the beginning of buffer */
1127 left += off - pipe->bufs[i_head & p_mask].offset;
1129 buf = &pipe->bufs[i_head & p_mask];
1130 if (left <= buf->len)
1136 i->iov_offset = buf->offset + left;
1139 /* ... and discard everything past that point */
1143 static void iov_iter_bvec_advance(struct iov_iter *i, size_t size)
1145 struct bvec_iter bi;
1147 bi.bi_size = i->count;
1148 bi.bi_bvec_done = i->iov_offset;
1150 bvec_iter_advance(i->bvec, &bi, size);
1152 i->bvec += bi.bi_idx;
1153 i->nr_segs -= bi.bi_idx;
1154 i->count = bi.bi_size;
1155 i->iov_offset = bi.bi_bvec_done;
1158 void iov_iter_advance(struct iov_iter *i, size_t size)
1160 if (unlikely(i->count < size))
1162 if (unlikely(iov_iter_is_pipe(i))) {
1163 pipe_advance(i, size);
1166 if (unlikely(iov_iter_is_discard(i))) {
1170 if (unlikely(iov_iter_is_xarray(i))) {
1171 i->iov_offset += size;
1175 if (iov_iter_is_bvec(i)) {
1176 iov_iter_bvec_advance(i, size);
1179 iterate_and_advance(i, size, v, 0, 0, 0, 0)
1181 EXPORT_SYMBOL(iov_iter_advance);
1183 void iov_iter_revert(struct iov_iter *i, size_t unroll)
1187 if (WARN_ON(unroll > MAX_RW_COUNT))
1190 if (unlikely(iov_iter_is_pipe(i))) {
1191 struct pipe_inode_info *pipe = i->pipe;
1192 unsigned int p_mask = pipe->ring_size - 1;
1193 unsigned int i_head = i->head;
1194 size_t off = i->iov_offset;
1196 struct pipe_buffer *b = &pipe->bufs[i_head & p_mask];
1197 size_t n = off - b->offset;
1203 if (!unroll && i_head == i->start_head) {
1208 b = &pipe->bufs[i_head & p_mask];
1209 off = b->offset + b->len;
1211 i->iov_offset = off;
1216 if (unlikely(iov_iter_is_discard(i)))
1218 if (unroll <= i->iov_offset) {
1219 i->iov_offset -= unroll;
1222 unroll -= i->iov_offset;
1223 if (iov_iter_is_xarray(i)) {
1224 BUG(); /* We should never go beyond the start of the specified
1225 * range since we might then be straying into pages that
1228 } else if (iov_iter_is_bvec(i)) {
1229 const struct bio_vec *bvec = i->bvec;
1231 size_t n = (--bvec)->bv_len;
1235 i->iov_offset = n - unroll;
1240 } else { /* same logics for iovec and kvec */
1241 const struct iovec *iov = i->iov;
1243 size_t n = (--iov)->iov_len;
1247 i->iov_offset = n - unroll;
1254 EXPORT_SYMBOL(iov_iter_revert);
1257 * Return the count of just the current iov_iter segment.
1259 size_t iov_iter_single_seg_count(const struct iov_iter *i)
1261 if (unlikely(iov_iter_is_pipe(i)))
1262 return i->count; // it is a silly place, anyway
1263 if (i->nr_segs == 1)
1265 if (unlikely(iov_iter_is_discard(i) || iov_iter_is_xarray(i)))
1267 if (iov_iter_is_bvec(i))
1268 return min(i->count, i->bvec->bv_len - i->iov_offset);
1270 return min(i->count, i->iov->iov_len - i->iov_offset);
1272 EXPORT_SYMBOL(iov_iter_single_seg_count);
1274 void iov_iter_kvec(struct iov_iter *i, unsigned int direction,
1275 const struct kvec *kvec, unsigned long nr_segs,
1278 WARN_ON(direction & ~(READ | WRITE));
1279 i->type = ITER_KVEC | (direction & (READ | WRITE));
1281 i->nr_segs = nr_segs;
1285 EXPORT_SYMBOL(iov_iter_kvec);
1287 void iov_iter_bvec(struct iov_iter *i, unsigned int direction,
1288 const struct bio_vec *bvec, unsigned long nr_segs,
1291 WARN_ON(direction & ~(READ | WRITE));
1292 i->type = ITER_BVEC | (direction & (READ | WRITE));
1294 i->nr_segs = nr_segs;
1298 EXPORT_SYMBOL(iov_iter_bvec);
1300 void iov_iter_pipe(struct iov_iter *i, unsigned int direction,
1301 struct pipe_inode_info *pipe,
1304 BUG_ON(direction != READ);
1305 WARN_ON(pipe_full(pipe->head, pipe->tail, pipe->ring_size));
1306 i->type = ITER_PIPE | READ;
1308 i->head = pipe->head;
1311 i->start_head = i->head;
1313 EXPORT_SYMBOL(iov_iter_pipe);
1316 * iov_iter_xarray - Initialise an I/O iterator to use the pages in an xarray
1317 * @i: The iterator to initialise.
1318 * @direction: The direction of the transfer.
1319 * @xarray: The xarray to access.
1320 * @start: The start file position.
1321 * @count: The size of the I/O buffer in bytes.
1323 * Set up an I/O iterator to either draw data out of the pages attached to an
1324 * inode or to inject data into those pages. The pages *must* be prevented
1325 * from evaporation, either by taking a ref on them or locking them by the
1328 void iov_iter_xarray(struct iov_iter *i, unsigned int direction,
1329 struct xarray *xarray, loff_t start, size_t count)
1331 BUG_ON(direction & ~1);
1332 i->type = ITER_XARRAY | (direction & (READ | WRITE));
1334 i->xarray_start = start;
1338 EXPORT_SYMBOL(iov_iter_xarray);
1341 * iov_iter_discard - Initialise an I/O iterator that discards data
1342 * @i: The iterator to initialise.
1343 * @direction: The direction of the transfer.
1344 * @count: The size of the I/O buffer in bytes.
1346 * Set up an I/O iterator that just discards everything that's written to it.
1347 * It's only available as a READ iterator.
1349 void iov_iter_discard(struct iov_iter *i, unsigned int direction, size_t count)
1351 BUG_ON(direction != READ);
1352 i->type = ITER_DISCARD | READ;
1356 EXPORT_SYMBOL(iov_iter_discard);
1358 unsigned long iov_iter_alignment(const struct iov_iter *i)
1360 unsigned long res = 0;
1361 size_t size = i->count;
1363 if (unlikely(iov_iter_is_pipe(i))) {
1364 unsigned int p_mask = i->pipe->ring_size - 1;
1366 if (size && i->iov_offset && allocated(&i->pipe->bufs[i->head & p_mask]))
1367 return size | i->iov_offset;
1370 if (unlikely(iov_iter_is_xarray(i)))
1371 return (i->xarray_start + i->iov_offset) | i->count;
1372 iterate_all_kinds(i, size, v,
1373 (res |= (unsigned long)v.iov_base | v.iov_len, 0),
1374 res |= v.bv_offset | v.bv_len,
1375 res |= (unsigned long)v.iov_base | v.iov_len,
1376 res |= v.bv_offset | v.bv_len
1380 EXPORT_SYMBOL(iov_iter_alignment);
1382 unsigned long iov_iter_gap_alignment(const struct iov_iter *i)
1384 unsigned long res = 0;
1385 size_t size = i->count;
1387 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1392 iterate_all_kinds(i, size, v,
1393 (res |= (!res ? 0 : (unsigned long)v.iov_base) |
1394 (size != v.iov_len ? size : 0), 0),
1395 (res |= (!res ? 0 : (unsigned long)v.bv_offset) |
1396 (size != v.bv_len ? size : 0)),
1397 (res |= (!res ? 0 : (unsigned long)v.iov_base) |
1398 (size != v.iov_len ? size : 0)),
1399 (res |= (!res ? 0 : (unsigned long)v.bv_offset) |
1400 (size != v.bv_len ? size : 0))
1404 EXPORT_SYMBOL(iov_iter_gap_alignment);
1406 static inline ssize_t __pipe_get_pages(struct iov_iter *i,
1408 struct page **pages,
1412 struct pipe_inode_info *pipe = i->pipe;
1413 unsigned int p_mask = pipe->ring_size - 1;
1414 ssize_t n = push_pipe(i, maxsize, &iter_head, start);
1421 get_page(*pages++ = pipe->bufs[iter_head & p_mask].page);
1429 static ssize_t pipe_get_pages(struct iov_iter *i,
1430 struct page **pages, size_t maxsize, unsigned maxpages,
1433 unsigned int iter_head, npages;
1442 data_start(i, &iter_head, start);
1443 /* Amount of free space: some of this one + all after this one */
1444 npages = pipe_space_for_user(iter_head, i->pipe->tail, i->pipe);
1445 capacity = min(npages, maxpages) * PAGE_SIZE - *start;
1447 return __pipe_get_pages(i, min(maxsize, capacity), pages, iter_head, start);
1450 static ssize_t iter_xarray_populate_pages(struct page **pages, struct xarray *xa,
1451 pgoff_t index, unsigned int nr_pages)
1453 XA_STATE(xas, xa, index);
1455 unsigned int ret = 0;
1458 for (page = xas_load(&xas); page; page = xas_next(&xas)) {
1459 if (xas_retry(&xas, page))
1462 /* Has the page moved or been split? */
1463 if (unlikely(page != xas_reload(&xas))) {
1468 pages[ret] = find_subpage(page, xas.xa_index);
1469 get_page(pages[ret]);
1470 if (++ret == nr_pages)
1477 static ssize_t iter_xarray_get_pages(struct iov_iter *i,
1478 struct page **pages, size_t maxsize,
1479 unsigned maxpages, size_t *_start_offset)
1481 unsigned nr, offset;
1482 pgoff_t index, count;
1483 size_t size = maxsize, actual;
1486 if (!size || !maxpages)
1489 pos = i->xarray_start + i->iov_offset;
1490 index = pos >> PAGE_SHIFT;
1491 offset = pos & ~PAGE_MASK;
1492 *_start_offset = offset;
1495 if (size > PAGE_SIZE - offset) {
1496 size -= PAGE_SIZE - offset;
1497 count += size >> PAGE_SHIFT;
1503 if (count > maxpages)
1506 nr = iter_xarray_populate_pages(pages, i->xarray, index, count);
1510 actual = PAGE_SIZE * nr;
1512 if (nr == count && size > 0) {
1513 unsigned last_offset = (nr > 1) ? 0 : offset;
1514 actual -= PAGE_SIZE - (last_offset + size);
1519 ssize_t iov_iter_get_pages(struct iov_iter *i,
1520 struct page **pages, size_t maxsize, unsigned maxpages,
1523 if (maxsize > i->count)
1526 if (unlikely(iov_iter_is_pipe(i)))
1527 return pipe_get_pages(i, pages, maxsize, maxpages, start);
1528 if (unlikely(iov_iter_is_xarray(i)))
1529 return iter_xarray_get_pages(i, pages, maxsize, maxpages, start);
1530 if (unlikely(iov_iter_is_discard(i)))
1533 iterate_all_kinds(i, maxsize, v, ({
1534 unsigned long addr = (unsigned long)v.iov_base;
1535 size_t len = v.iov_len + (*start = addr & (PAGE_SIZE - 1));
1539 if (len > maxpages * PAGE_SIZE)
1540 len = maxpages * PAGE_SIZE;
1541 addr &= ~(PAGE_SIZE - 1);
1542 n = DIV_ROUND_UP(len, PAGE_SIZE);
1543 res = get_user_pages_fast(addr, n,
1544 iov_iter_rw(i) != WRITE ? FOLL_WRITE : 0,
1546 if (unlikely(res < 0))
1548 return (res == n ? len : res * PAGE_SIZE) - *start;
1550 /* can't be more than PAGE_SIZE */
1551 *start = v.bv_offset;
1552 get_page(*pages = v.bv_page);
1561 EXPORT_SYMBOL(iov_iter_get_pages);
1563 static struct page **get_pages_array(size_t n)
1565 return kvmalloc_array(n, sizeof(struct page *), GFP_KERNEL);
1568 static ssize_t pipe_get_pages_alloc(struct iov_iter *i,
1569 struct page ***pages, size_t maxsize,
1573 unsigned int iter_head, npages;
1582 data_start(i, &iter_head, start);
1583 /* Amount of free space: some of this one + all after this one */
1584 npages = pipe_space_for_user(iter_head, i->pipe->tail, i->pipe);
1585 n = npages * PAGE_SIZE - *start;
1589 npages = DIV_ROUND_UP(maxsize + *start, PAGE_SIZE);
1590 p = get_pages_array(npages);
1593 n = __pipe_get_pages(i, maxsize, p, iter_head, start);
1601 static ssize_t iter_xarray_get_pages_alloc(struct iov_iter *i,
1602 struct page ***pages, size_t maxsize,
1603 size_t *_start_offset)
1606 unsigned nr, offset;
1607 pgoff_t index, count;
1608 size_t size = maxsize, actual;
1614 pos = i->xarray_start + i->iov_offset;
1615 index = pos >> PAGE_SHIFT;
1616 offset = pos & ~PAGE_MASK;
1617 *_start_offset = offset;
1620 if (size > PAGE_SIZE - offset) {
1621 size -= PAGE_SIZE - offset;
1622 count += size >> PAGE_SHIFT;
1628 p = get_pages_array(count);
1633 nr = iter_xarray_populate_pages(p, i->xarray, index, count);
1637 actual = PAGE_SIZE * nr;
1639 if (nr == count && size > 0) {
1640 unsigned last_offset = (nr > 1) ? 0 : offset;
1641 actual -= PAGE_SIZE - (last_offset + size);
1646 ssize_t iov_iter_get_pages_alloc(struct iov_iter *i,
1647 struct page ***pages, size_t maxsize,
1652 if (maxsize > i->count)
1655 if (unlikely(iov_iter_is_pipe(i)))
1656 return pipe_get_pages_alloc(i, pages, maxsize, start);
1657 if (unlikely(iov_iter_is_xarray(i)))
1658 return iter_xarray_get_pages_alloc(i, pages, maxsize, start);
1659 if (unlikely(iov_iter_is_discard(i)))
1662 iterate_all_kinds(i, maxsize, v, ({
1663 unsigned long addr = (unsigned long)v.iov_base;
1664 size_t len = v.iov_len + (*start = addr & (PAGE_SIZE - 1));
1668 addr &= ~(PAGE_SIZE - 1);
1669 n = DIV_ROUND_UP(len, PAGE_SIZE);
1670 p = get_pages_array(n);
1673 res = get_user_pages_fast(addr, n,
1674 iov_iter_rw(i) != WRITE ? FOLL_WRITE : 0, p);
1675 if (unlikely(res < 0)) {
1680 return (res == n ? len : res * PAGE_SIZE) - *start;
1682 /* can't be more than PAGE_SIZE */
1683 *start = v.bv_offset;
1684 *pages = p = get_pages_array(1);
1687 get_page(*p = v.bv_page);
1695 EXPORT_SYMBOL(iov_iter_get_pages_alloc);
1697 size_t csum_and_copy_from_iter(void *addr, size_t bytes, __wsum *csum,
1704 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1708 iterate_and_advance(i, bytes, v, ({
1709 next = csum_and_copy_from_user(v.iov_base,
1710 (to += v.iov_len) - v.iov_len,
1713 sum = csum_block_add(sum, next, off);
1716 next ? 0 : v.iov_len;
1718 char *p = kmap_atomic(v.bv_page);
1719 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1720 p + v.bv_offset, v.bv_len,
1725 sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
1726 v.iov_base, v.iov_len,
1730 char *p = kmap_atomic(v.bv_page);
1731 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1732 p + v.bv_offset, v.bv_len,
1741 EXPORT_SYMBOL(csum_and_copy_from_iter);
1743 bool csum_and_copy_from_iter_full(void *addr, size_t bytes, __wsum *csum,
1750 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1754 if (unlikely(i->count < bytes))
1756 iterate_all_kinds(i, bytes, v, ({
1757 next = csum_and_copy_from_user(v.iov_base,
1758 (to += v.iov_len) - v.iov_len,
1762 sum = csum_block_add(sum, next, off);
1766 char *p = kmap_atomic(v.bv_page);
1767 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1768 p + v.bv_offset, v.bv_len,
1773 sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
1774 v.iov_base, v.iov_len,
1778 char *p = kmap_atomic(v.bv_page);
1779 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1780 p + v.bv_offset, v.bv_len,
1787 iov_iter_advance(i, bytes);
1790 EXPORT_SYMBOL(csum_and_copy_from_iter_full);
1792 size_t csum_and_copy_to_iter(const void *addr, size_t bytes, void *_csstate,
1795 struct csum_state *csstate = _csstate;
1796 const char *from = addr;
1800 if (unlikely(iov_iter_is_pipe(i)))
1801 return csum_and_copy_to_pipe_iter(addr, bytes, _csstate, i);
1803 sum = csstate->csum;
1805 if (unlikely(iov_iter_is_discard(i))) {
1806 WARN_ON(1); /* for now */
1809 iterate_and_advance(i, bytes, v, ({
1810 next = csum_and_copy_to_user((from += v.iov_len) - v.iov_len,
1814 sum = csum_block_add(sum, next, off);
1817 next ? 0 : v.iov_len;
1819 char *p = kmap_atomic(v.bv_page);
1820 sum = csum_and_memcpy(p + v.bv_offset,
1821 (from += v.bv_len) - v.bv_len,
1822 v.bv_len, sum, off);
1826 sum = csum_and_memcpy(v.iov_base,
1827 (from += v.iov_len) - v.iov_len,
1828 v.iov_len, sum, off);
1831 char *p = kmap_atomic(v.bv_page);
1832 sum = csum_and_memcpy(p + v.bv_offset,
1833 (from += v.bv_len) - v.bv_len,
1834 v.bv_len, sum, off);
1839 csstate->csum = sum;
1843 EXPORT_SYMBOL(csum_and_copy_to_iter);
1845 size_t hash_and_copy_to_iter(const void *addr, size_t bytes, void *hashp,
1848 #ifdef CONFIG_CRYPTO_HASH
1849 struct ahash_request *hash = hashp;
1850 struct scatterlist sg;
1853 copied = copy_to_iter(addr, bytes, i);
1854 sg_init_one(&sg, addr, copied);
1855 ahash_request_set_crypt(hash, &sg, NULL, copied);
1856 crypto_ahash_update(hash);
1862 EXPORT_SYMBOL(hash_and_copy_to_iter);
1864 int iov_iter_npages(const struct iov_iter *i, int maxpages)
1866 size_t size = i->count;
1871 if (unlikely(iov_iter_is_discard(i)))
1874 if (unlikely(iov_iter_is_pipe(i))) {
1875 struct pipe_inode_info *pipe = i->pipe;
1876 unsigned int iter_head;
1882 data_start(i, &iter_head, &off);
1883 /* some of this one + all after this one */
1884 npages = pipe_space_for_user(iter_head, pipe->tail, pipe);
1885 if (npages >= maxpages)
1887 } else if (unlikely(iov_iter_is_xarray(i))) {
1890 offset = (i->xarray_start + i->iov_offset) & ~PAGE_MASK;
1893 if (size > PAGE_SIZE - offset) {
1894 size -= PAGE_SIZE - offset;
1895 npages += size >> PAGE_SHIFT;
1900 if (npages >= maxpages)
1902 } else iterate_all_kinds(i, size, v, ({
1903 unsigned long p = (unsigned long)v.iov_base;
1904 npages += DIV_ROUND_UP(p + v.iov_len, PAGE_SIZE)
1906 if (npages >= maxpages)
1910 if (npages >= maxpages)
1913 unsigned long p = (unsigned long)v.iov_base;
1914 npages += DIV_ROUND_UP(p + v.iov_len, PAGE_SIZE)
1916 if (npages >= maxpages)
1923 EXPORT_SYMBOL(iov_iter_npages);
1925 const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags)
1928 if (unlikely(iov_iter_is_pipe(new))) {
1932 if (unlikely(iov_iter_is_discard(new) || iov_iter_is_xarray(new)))
1934 if (iov_iter_is_bvec(new))
1935 return new->bvec = kmemdup(new->bvec,
1936 new->nr_segs * sizeof(struct bio_vec),
1939 /* iovec and kvec have identical layout */
1940 return new->iov = kmemdup(new->iov,
1941 new->nr_segs * sizeof(struct iovec),
1944 EXPORT_SYMBOL(dup_iter);
1946 static int copy_compat_iovec_from_user(struct iovec *iov,
1947 const struct iovec __user *uvec, unsigned long nr_segs)
1949 const struct compat_iovec __user *uiov =
1950 (const struct compat_iovec __user *)uvec;
1951 int ret = -EFAULT, i;
1953 if (!user_access_begin(uiov, nr_segs * sizeof(*uiov)))
1956 for (i = 0; i < nr_segs; i++) {
1960 unsafe_get_user(len, &uiov[i].iov_len, uaccess_end);
1961 unsafe_get_user(buf, &uiov[i].iov_base, uaccess_end);
1963 /* check for compat_size_t not fitting in compat_ssize_t .. */
1968 iov[i].iov_base = compat_ptr(buf);
1969 iov[i].iov_len = len;
1978 static int copy_iovec_from_user(struct iovec *iov,
1979 const struct iovec __user *uvec, unsigned long nr_segs)
1983 if (copy_from_user(iov, uvec, nr_segs * sizeof(*uvec)))
1985 for (seg = 0; seg < nr_segs; seg++) {
1986 if ((ssize_t)iov[seg].iov_len < 0)
1993 struct iovec *iovec_from_user(const struct iovec __user *uvec,
1994 unsigned long nr_segs, unsigned long fast_segs,
1995 struct iovec *fast_iov, bool compat)
1997 struct iovec *iov = fast_iov;
2001 * SuS says "The readv() function *may* fail if the iovcnt argument was
2002 * less than or equal to 0, or greater than {IOV_MAX}. Linux has
2003 * traditionally returned zero for zero segments, so...
2007 if (nr_segs > UIO_MAXIOV)
2008 return ERR_PTR(-EINVAL);
2009 if (nr_segs > fast_segs) {
2010 iov = kmalloc_array(nr_segs, sizeof(struct iovec), GFP_KERNEL);
2012 return ERR_PTR(-ENOMEM);
2016 ret = copy_compat_iovec_from_user(iov, uvec, nr_segs);
2018 ret = copy_iovec_from_user(iov, uvec, nr_segs);
2020 if (iov != fast_iov)
2022 return ERR_PTR(ret);
2028 ssize_t __import_iovec(int type, const struct iovec __user *uvec,
2029 unsigned nr_segs, unsigned fast_segs, struct iovec **iovp,
2030 struct iov_iter *i, bool compat)
2032 ssize_t total_len = 0;
2036 iov = iovec_from_user(uvec, nr_segs, fast_segs, *iovp, compat);
2039 return PTR_ERR(iov);
2043 * According to the Single Unix Specification we should return EINVAL if
2044 * an element length is < 0 when cast to ssize_t or if the total length
2045 * would overflow the ssize_t return value of the system call.
2047 * Linux caps all read/write calls to MAX_RW_COUNT, and avoids the
2050 for (seg = 0; seg < nr_segs; seg++) {
2051 ssize_t len = (ssize_t)iov[seg].iov_len;
2053 if (!access_ok(iov[seg].iov_base, len)) {
2060 if (len > MAX_RW_COUNT - total_len) {
2061 len = MAX_RW_COUNT - total_len;
2062 iov[seg].iov_len = len;
2067 iov_iter_init(i, type, iov, nr_segs, total_len);
2076 * import_iovec() - Copy an array of &struct iovec from userspace
2077 * into the kernel, check that it is valid, and initialize a new
2078 * &struct iov_iter iterator to access it.
2080 * @type: One of %READ or %WRITE.
2081 * @uvec: Pointer to the userspace array.
2082 * @nr_segs: Number of elements in userspace array.
2083 * @fast_segs: Number of elements in @iov.
2084 * @iovp: (input and output parameter) Pointer to pointer to (usually small
2085 * on-stack) kernel array.
2086 * @i: Pointer to iterator that will be initialized on success.
2088 * If the array pointed to by *@iov is large enough to hold all @nr_segs,
2089 * then this function places %NULL in *@iov on return. Otherwise, a new
2090 * array will be allocated and the result placed in *@iov. This means that
2091 * the caller may call kfree() on *@iov regardless of whether the small
2092 * on-stack array was used or not (and regardless of whether this function
2093 * returns an error or not).
2095 * Return: Negative error code on error, bytes imported on success
2097 ssize_t import_iovec(int type, const struct iovec __user *uvec,
2098 unsigned nr_segs, unsigned fast_segs,
2099 struct iovec **iovp, struct iov_iter *i)
2101 return __import_iovec(type, uvec, nr_segs, fast_segs, iovp, i,
2102 in_compat_syscall());
2104 EXPORT_SYMBOL(import_iovec);
2106 int import_single_range(int rw, void __user *buf, size_t len,
2107 struct iovec *iov, struct iov_iter *i)
2109 if (len > MAX_RW_COUNT)
2111 if (unlikely(!access_ok(buf, len)))
2114 iov->iov_base = buf;
2116 iov_iter_init(i, rw, iov, 1, len);
2119 EXPORT_SYMBOL(import_single_range);