1 // SPDX-License-Identifier: GPL-2.0-only
2 #include <crypto/hash.h>
3 #include <linux/export.h>
4 #include <linux/bvec.h>
5 #include <linux/fault-inject-usercopy.h>
7 #include <linux/pagemap.h>
8 #include <linux/slab.h>
9 #include <linux/vmalloc.h>
10 #include <linux/splice.h>
11 #include <linux/compat.h>
12 #include <net/checksum.h>
13 #include <linux/scatterlist.h>
14 #include <linux/instrumented.h>
16 #define PIPE_PARANOIA /* for now */
18 #define iterate_iovec(i, n, __v, __p, skip, STEP) { \
22 __v.iov_len = min(n, __p->iov_len - skip); \
23 if (likely(__v.iov_len)) { \
24 __v.iov_base = __p->iov_base + skip; \
26 __v.iov_len -= left; \
27 skip += __v.iov_len; \
32 while (unlikely(!left && n)) { \
34 __v.iov_len = min(n, __p->iov_len); \
35 if (unlikely(!__v.iov_len)) \
37 __v.iov_base = __p->iov_base; \
39 __v.iov_len -= left; \
46 #define iterate_kvec(i, n, __v, __p, skip, STEP) { \
49 __v.iov_len = min(n, __p->iov_len - skip); \
50 if (likely(__v.iov_len)) { \
51 __v.iov_base = __p->iov_base + skip; \
53 skip += __v.iov_len; \
56 while (unlikely(n)) { \
58 __v.iov_len = min(n, __p->iov_len); \
59 if (unlikely(!__v.iov_len)) \
61 __v.iov_base = __p->iov_base; \
69 #define iterate_bvec(i, n, __v, __bi, skip, STEP) { \
70 struct bvec_iter __start; \
71 __start.bi_size = n; \
72 __start.bi_bvec_done = skip; \
74 for_each_bvec(__v, i->bvec, __bi, __start) { \
79 #define iterate_all_kinds(i, n, v, I, B, K) { \
81 size_t skip = i->iov_offset; \
82 if (unlikely(i->type & ITER_BVEC)) { \
84 struct bvec_iter __bi; \
85 iterate_bvec(i, n, v, __bi, skip, (B)) \
86 } else if (unlikely(i->type & ITER_KVEC)) { \
87 const struct kvec *kvec; \
89 iterate_kvec(i, n, v, kvec, skip, (K)) \
90 } else if (unlikely(i->type & ITER_DISCARD)) { \
92 const struct iovec *iov; \
94 iterate_iovec(i, n, v, iov, skip, (I)) \
99 #define iterate_and_advance(i, n, v, I, B, K) { \
100 if (unlikely(i->count < n)) \
103 size_t skip = i->iov_offset; \
104 if (unlikely(i->type & ITER_BVEC)) { \
105 const struct bio_vec *bvec = i->bvec; \
107 struct bvec_iter __bi; \
108 iterate_bvec(i, n, v, __bi, skip, (B)) \
109 i->bvec = __bvec_iter_bvec(i->bvec, __bi); \
110 i->nr_segs -= i->bvec - bvec; \
111 skip = __bi.bi_bvec_done; \
112 } else if (unlikely(i->type & ITER_KVEC)) { \
113 const struct kvec *kvec; \
115 iterate_kvec(i, n, v, kvec, skip, (K)) \
116 if (skip == kvec->iov_len) { \
120 i->nr_segs -= kvec - i->kvec; \
122 } else if (unlikely(i->type & ITER_DISCARD)) { \
125 const struct iovec *iov; \
127 iterate_iovec(i, n, v, iov, skip, (I)) \
128 if (skip == iov->iov_len) { \
132 i->nr_segs -= iov - i->iov; \
136 i->iov_offset = skip; \
140 static int copyout(void __user *to, const void *from, size_t n)
142 if (should_fail_usercopy())
144 if (access_ok(to, n)) {
145 instrument_copy_to_user(to, from, n);
146 n = raw_copy_to_user(to, from, n);
151 static int copyin(void *to, const void __user *from, size_t n)
153 if (should_fail_usercopy())
155 if (access_ok(from, n)) {
156 instrument_copy_from_user(to, from, n);
157 n = raw_copy_from_user(to, from, n);
162 static size_t copy_page_to_iter_iovec(struct page *page, size_t offset, size_t bytes,
165 size_t skip, copy, left, wanted;
166 const struct iovec *iov;
170 if (unlikely(bytes > i->count))
173 if (unlikely(!bytes))
179 skip = i->iov_offset;
180 buf = iov->iov_base + skip;
181 copy = min(bytes, iov->iov_len - skip);
183 if (IS_ENABLED(CONFIG_HIGHMEM) && !fault_in_pages_writeable(buf, copy)) {
184 kaddr = kmap_atomic(page);
185 from = kaddr + offset;
187 /* first chunk, usually the only one */
188 left = copyout(buf, from, copy);
194 while (unlikely(!left && bytes)) {
197 copy = min(bytes, iov->iov_len);
198 left = copyout(buf, from, copy);
204 if (likely(!bytes)) {
205 kunmap_atomic(kaddr);
208 offset = from - kaddr;
210 kunmap_atomic(kaddr);
211 copy = min(bytes, iov->iov_len - skip);
213 /* Too bad - revert to non-atomic kmap */
216 from = kaddr + offset;
217 left = copyout(buf, from, copy);
222 while (unlikely(!left && bytes)) {
225 copy = min(bytes, iov->iov_len);
226 left = copyout(buf, from, copy);
235 if (skip == iov->iov_len) {
239 i->count -= wanted - bytes;
240 i->nr_segs -= iov - i->iov;
242 i->iov_offset = skip;
243 return wanted - bytes;
246 static size_t copy_page_from_iter_iovec(struct page *page, size_t offset, size_t bytes,
249 size_t skip, copy, left, wanted;
250 const struct iovec *iov;
254 if (unlikely(bytes > i->count))
257 if (unlikely(!bytes))
263 skip = i->iov_offset;
264 buf = iov->iov_base + skip;
265 copy = min(bytes, iov->iov_len - skip);
267 if (IS_ENABLED(CONFIG_HIGHMEM) && !fault_in_pages_readable(buf, copy)) {
268 kaddr = kmap_atomic(page);
271 /* first chunk, usually the only one */
272 left = copyin(to, buf, copy);
278 while (unlikely(!left && bytes)) {
281 copy = min(bytes, iov->iov_len);
282 left = copyin(to, buf, copy);
288 if (likely(!bytes)) {
289 kunmap_atomic(kaddr);
294 kunmap_atomic(kaddr);
295 copy = min(bytes, iov->iov_len - skip);
297 /* Too bad - revert to non-atomic kmap */
301 left = copyin(to, buf, copy);
306 while (unlikely(!left && bytes)) {
309 copy = min(bytes, iov->iov_len);
310 left = copyin(to, buf, copy);
319 if (skip == iov->iov_len) {
323 i->count -= wanted - bytes;
324 i->nr_segs -= iov - i->iov;
326 i->iov_offset = skip;
327 return wanted - bytes;
331 static bool sanity(const struct iov_iter *i)
333 struct pipe_inode_info *pipe = i->pipe;
334 unsigned int p_head = pipe->head;
335 unsigned int p_tail = pipe->tail;
336 unsigned int p_mask = pipe->ring_size - 1;
337 unsigned int p_occupancy = pipe_occupancy(p_head, p_tail);
338 unsigned int i_head = i->head;
342 struct pipe_buffer *p;
343 if (unlikely(p_occupancy == 0))
344 goto Bad; // pipe must be non-empty
345 if (unlikely(i_head != p_head - 1))
346 goto Bad; // must be at the last buffer...
348 p = &pipe->bufs[i_head & p_mask];
349 if (unlikely(p->offset + p->len != i->iov_offset))
350 goto Bad; // ... at the end of segment
352 if (i_head != p_head)
353 goto Bad; // must be right after the last buffer
357 printk(KERN_ERR "idx = %d, offset = %zd\n", i_head, i->iov_offset);
358 printk(KERN_ERR "head = %d, tail = %d, buffers = %d\n",
359 p_head, p_tail, pipe->ring_size);
360 for (idx = 0; idx < pipe->ring_size; idx++)
361 printk(KERN_ERR "[%p %p %d %d]\n",
363 pipe->bufs[idx].page,
364 pipe->bufs[idx].offset,
365 pipe->bufs[idx].len);
370 #define sanity(i) true
373 static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t bytes,
376 struct pipe_inode_info *pipe = i->pipe;
377 struct pipe_buffer *buf;
378 unsigned int p_tail = pipe->tail;
379 unsigned int p_mask = pipe->ring_size - 1;
380 unsigned int i_head = i->head;
383 if (unlikely(bytes > i->count))
386 if (unlikely(!bytes))
393 buf = &pipe->bufs[i_head & p_mask];
395 if (offset == off && buf->page == page) {
396 /* merge with the last one */
398 i->iov_offset += bytes;
402 buf = &pipe->bufs[i_head & p_mask];
404 if (pipe_full(i_head, p_tail, pipe->max_usage))
407 buf->ops = &page_cache_pipe_buf_ops;
410 buf->offset = offset;
413 pipe->head = i_head + 1;
414 i->iov_offset = offset + bytes;
422 * Fault in one or more iovecs of the given iov_iter, to a maximum length of
423 * bytes. For each iovec, fault in each page that constitutes the iovec.
425 * Return 0 on success, or non-zero if the memory could not be accessed (i.e.
426 * because it is an invalid address).
428 int iov_iter_fault_in_readable(struct iov_iter *i, size_t bytes)
430 size_t skip = i->iov_offset;
431 const struct iovec *iov;
435 if (!(i->type & (ITER_BVEC|ITER_KVEC))) {
436 iterate_iovec(i, bytes, v, iov, skip, ({
437 err = fault_in_pages_readable(v.iov_base, v.iov_len);
444 EXPORT_SYMBOL(iov_iter_fault_in_readable);
446 void iov_iter_init(struct iov_iter *i, unsigned int direction,
447 const struct iovec *iov, unsigned long nr_segs,
450 WARN_ON(direction & ~(READ | WRITE));
451 direction &= READ | WRITE;
453 /* It will get better. Eventually... */
454 if (uaccess_kernel()) {
455 i->type = ITER_KVEC | direction;
456 i->kvec = (struct kvec *)iov;
458 i->type = ITER_IOVEC | direction;
461 i->nr_segs = nr_segs;
465 EXPORT_SYMBOL(iov_iter_init);
467 static void memcpy_from_page(char *to, struct page *page, size_t offset, size_t len)
469 char *from = kmap_atomic(page);
470 memcpy(to, from + offset, len);
474 static void memcpy_to_page(struct page *page, size_t offset, const char *from, size_t len)
476 char *to = kmap_atomic(page);
477 memcpy(to + offset, from, len);
481 static void memzero_page(struct page *page, size_t offset, size_t len)
483 char *addr = kmap_atomic(page);
484 memset(addr + offset, 0, len);
488 static inline bool allocated(struct pipe_buffer *buf)
490 return buf->ops == &default_pipe_buf_ops;
493 static inline void data_start(const struct iov_iter *i,
494 unsigned int *iter_headp, size_t *offp)
496 unsigned int p_mask = i->pipe->ring_size - 1;
497 unsigned int iter_head = i->head;
498 size_t off = i->iov_offset;
500 if (off && (!allocated(&i->pipe->bufs[iter_head & p_mask]) ||
505 *iter_headp = iter_head;
509 static size_t push_pipe(struct iov_iter *i, size_t size,
510 int *iter_headp, size_t *offp)
512 struct pipe_inode_info *pipe = i->pipe;
513 unsigned int p_tail = pipe->tail;
514 unsigned int p_mask = pipe->ring_size - 1;
515 unsigned int iter_head;
519 if (unlikely(size > i->count))
525 data_start(i, &iter_head, &off);
526 *iter_headp = iter_head;
529 left -= PAGE_SIZE - off;
531 pipe->bufs[iter_head & p_mask].len += size;
534 pipe->bufs[iter_head & p_mask].len = PAGE_SIZE;
537 while (!pipe_full(iter_head, p_tail, pipe->max_usage)) {
538 struct pipe_buffer *buf = &pipe->bufs[iter_head & p_mask];
539 struct page *page = alloc_page(GFP_USER);
543 buf->ops = &default_pipe_buf_ops;
546 buf->len = min_t(ssize_t, left, PAGE_SIZE);
549 pipe->head = iter_head;
557 static size_t copy_pipe_to_iter(const void *addr, size_t bytes,
560 struct pipe_inode_info *pipe = i->pipe;
561 unsigned int p_mask = pipe->ring_size - 1;
568 bytes = n = push_pipe(i, bytes, &i_head, &off);
572 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
573 memcpy_to_page(pipe->bufs[i_head & p_mask].page, off, addr, chunk);
575 i->iov_offset = off + chunk;
585 static __wsum csum_and_memcpy(void *to, const void *from, size_t len,
586 __wsum sum, size_t off)
588 __wsum next = csum_partial_copy_nocheck(from, to, len);
589 return csum_block_add(sum, next, off);
592 static size_t csum_and_copy_to_pipe_iter(const void *addr, size_t bytes,
593 struct csum_state *csstate,
596 struct pipe_inode_info *pipe = i->pipe;
597 unsigned int p_mask = pipe->ring_size - 1;
598 __wsum sum = csstate->csum;
599 size_t off = csstate->off;
606 bytes = n = push_pipe(i, bytes, &i_head, &r);
610 size_t chunk = min_t(size_t, n, PAGE_SIZE - r);
611 char *p = kmap_atomic(pipe->bufs[i_head & p_mask].page);
612 sum = csum_and_memcpy(p + r, addr, chunk, sum, off);
615 i->iov_offset = r + chunk;
628 size_t _copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
630 const char *from = addr;
631 if (unlikely(iov_iter_is_pipe(i)))
632 return copy_pipe_to_iter(addr, bytes, i);
633 if (iter_is_iovec(i))
635 iterate_and_advance(i, bytes, v,
636 copyout(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len),
637 memcpy_to_page(v.bv_page, v.bv_offset,
638 (from += v.bv_len) - v.bv_len, v.bv_len),
639 memcpy(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len)
644 EXPORT_SYMBOL(_copy_to_iter);
646 #ifdef CONFIG_ARCH_HAS_COPY_MC
647 static int copyout_mc(void __user *to, const void *from, size_t n)
649 if (access_ok(to, n)) {
650 instrument_copy_to_user(to, from, n);
651 n = copy_mc_to_user((__force void *) to, from, n);
656 static unsigned long copy_mc_to_page(struct page *page, size_t offset,
657 const char *from, size_t len)
662 to = kmap_atomic(page);
663 ret = copy_mc_to_kernel(to + offset, from, len);
669 static size_t copy_mc_pipe_to_iter(const void *addr, size_t bytes,
672 struct pipe_inode_info *pipe = i->pipe;
673 unsigned int p_mask = pipe->ring_size - 1;
675 size_t n, off, xfer = 0;
680 bytes = n = push_pipe(i, bytes, &i_head, &off);
684 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
687 rem = copy_mc_to_page(pipe->bufs[i_head & p_mask].page,
690 i->iov_offset = off + chunk - rem;
704 * _copy_mc_to_iter - copy to iter with source memory error exception handling
705 * @addr: source kernel address
706 * @bytes: total transfer length
707 * @iter: destination iterator
709 * The pmem driver deploys this for the dax operation
710 * (dax_copy_to_iter()) for dax reads (bypass page-cache and the
711 * block-layer). Upon #MC read(2) aborts and returns EIO or the bytes
712 * successfully copied.
714 * The main differences between this and typical _copy_to_iter().
716 * * Typical tail/residue handling after a fault retries the copy
717 * byte-by-byte until the fault happens again. Re-triggering machine
718 * checks is potentially fatal so the implementation uses source
719 * alignment and poison alignment assumptions to avoid re-triggering
720 * hardware exceptions.
722 * * ITER_KVEC, ITER_PIPE, and ITER_BVEC can return short copies.
723 * Compare to copy_to_iter() where only ITER_IOVEC attempts might return
726 size_t _copy_mc_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
728 const char *from = addr;
729 unsigned long rem, curr_addr, s_addr = (unsigned long) addr;
731 if (unlikely(iov_iter_is_pipe(i)))
732 return copy_mc_pipe_to_iter(addr, bytes, i);
733 if (iter_is_iovec(i))
735 iterate_and_advance(i, bytes, v,
736 copyout_mc(v.iov_base, (from += v.iov_len) - v.iov_len,
739 rem = copy_mc_to_page(v.bv_page, v.bv_offset,
740 (from += v.bv_len) - v.bv_len, v.bv_len);
742 curr_addr = (unsigned long) from;
743 bytes = curr_addr - s_addr - rem;
748 rem = copy_mc_to_kernel(v.iov_base, (from += v.iov_len)
749 - v.iov_len, v.iov_len);
751 curr_addr = (unsigned long) from;
752 bytes = curr_addr - s_addr - rem;
760 EXPORT_SYMBOL_GPL(_copy_mc_to_iter);
761 #endif /* CONFIG_ARCH_HAS_COPY_MC */
763 size_t _copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
766 if (unlikely(iov_iter_is_pipe(i))) {
770 if (iter_is_iovec(i))
772 iterate_and_advance(i, bytes, v,
773 copyin((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
774 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
775 v.bv_offset, v.bv_len),
776 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
781 EXPORT_SYMBOL(_copy_from_iter);
783 bool _copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i)
786 if (unlikely(iov_iter_is_pipe(i))) {
790 if (unlikely(i->count < bytes))
793 if (iter_is_iovec(i))
795 iterate_all_kinds(i, bytes, v, ({
796 if (copyin((to += v.iov_len) - v.iov_len,
797 v.iov_base, v.iov_len))
800 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
801 v.bv_offset, v.bv_len),
802 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
805 iov_iter_advance(i, bytes);
808 EXPORT_SYMBOL(_copy_from_iter_full);
810 size_t _copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
813 if (unlikely(iov_iter_is_pipe(i))) {
817 iterate_and_advance(i, bytes, v,
818 __copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
819 v.iov_base, v.iov_len),
820 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
821 v.bv_offset, v.bv_len),
822 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
827 EXPORT_SYMBOL(_copy_from_iter_nocache);
829 #ifdef CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE
831 * _copy_from_iter_flushcache - write destination through cpu cache
832 * @addr: destination kernel address
833 * @bytes: total transfer length
834 * @iter: source iterator
836 * The pmem driver arranges for filesystem-dax to use this facility via
837 * dax_copy_from_iter() for ensuring that writes to persistent memory
838 * are flushed through the CPU cache. It is differentiated from
839 * _copy_from_iter_nocache() in that guarantees all data is flushed for
840 * all iterator types. The _copy_from_iter_nocache() only attempts to
841 * bypass the cache for the ITER_IOVEC case, and on some archs may use
842 * instructions that strand dirty-data in the cache.
844 size_t _copy_from_iter_flushcache(void *addr, size_t bytes, struct iov_iter *i)
847 if (unlikely(iov_iter_is_pipe(i))) {
851 iterate_and_advance(i, bytes, v,
852 __copy_from_user_flushcache((to += v.iov_len) - v.iov_len,
853 v.iov_base, v.iov_len),
854 memcpy_page_flushcache((to += v.bv_len) - v.bv_len, v.bv_page,
855 v.bv_offset, v.bv_len),
856 memcpy_flushcache((to += v.iov_len) - v.iov_len, v.iov_base,
862 EXPORT_SYMBOL_GPL(_copy_from_iter_flushcache);
865 bool _copy_from_iter_full_nocache(void *addr, size_t bytes, struct iov_iter *i)
868 if (unlikely(iov_iter_is_pipe(i))) {
872 if (unlikely(i->count < bytes))
874 iterate_all_kinds(i, bytes, v, ({
875 if (__copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
876 v.iov_base, v.iov_len))
879 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
880 v.bv_offset, v.bv_len),
881 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
884 iov_iter_advance(i, bytes);
887 EXPORT_SYMBOL(_copy_from_iter_full_nocache);
889 static inline bool page_copy_sane(struct page *page, size_t offset, size_t n)
892 size_t v = n + offset;
895 * The general case needs to access the page order in order
896 * to compute the page size.
897 * However, we mostly deal with order-0 pages and thus can
898 * avoid a possible cache line miss for requests that fit all
901 if (n <= v && v <= PAGE_SIZE)
904 head = compound_head(page);
905 v += (page - head) << PAGE_SHIFT;
907 if (likely(n <= v && v <= (page_size(head))))
913 size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes,
916 if (unlikely(!page_copy_sane(page, offset, bytes)))
918 if (i->type & (ITER_BVEC|ITER_KVEC)) {
919 void *kaddr = kmap_atomic(page);
920 size_t wanted = copy_to_iter(kaddr + offset, bytes, i);
921 kunmap_atomic(kaddr);
923 } else if (unlikely(iov_iter_is_discard(i)))
925 else if (likely(!iov_iter_is_pipe(i)))
926 return copy_page_to_iter_iovec(page, offset, bytes, i);
928 return copy_page_to_iter_pipe(page, offset, bytes, i);
930 EXPORT_SYMBOL(copy_page_to_iter);
932 size_t copy_page_from_iter(struct page *page, size_t offset, size_t bytes,
935 if (unlikely(!page_copy_sane(page, offset, bytes)))
937 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
941 if (i->type & (ITER_BVEC|ITER_KVEC)) {
942 void *kaddr = kmap_atomic(page);
943 size_t wanted = _copy_from_iter(kaddr + offset, bytes, i);
944 kunmap_atomic(kaddr);
947 return copy_page_from_iter_iovec(page, offset, bytes, i);
949 EXPORT_SYMBOL(copy_page_from_iter);
951 static size_t pipe_zero(size_t bytes, struct iov_iter *i)
953 struct pipe_inode_info *pipe = i->pipe;
954 unsigned int p_mask = pipe->ring_size - 1;
961 bytes = n = push_pipe(i, bytes, &i_head, &off);
966 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
967 memzero_page(pipe->bufs[i_head & p_mask].page, off, chunk);
969 i->iov_offset = off + chunk;
978 size_t iov_iter_zero(size_t bytes, struct iov_iter *i)
980 if (unlikely(iov_iter_is_pipe(i)))
981 return pipe_zero(bytes, i);
982 iterate_and_advance(i, bytes, v,
983 clear_user(v.iov_base, v.iov_len),
984 memzero_page(v.bv_page, v.bv_offset, v.bv_len),
985 memset(v.iov_base, 0, v.iov_len)
990 EXPORT_SYMBOL(iov_iter_zero);
992 size_t iov_iter_copy_from_user_atomic(struct page *page,
993 struct iov_iter *i, unsigned long offset, size_t bytes)
995 char *kaddr = kmap_atomic(page), *p = kaddr + offset;
996 if (unlikely(!page_copy_sane(page, offset, bytes))) {
997 kunmap_atomic(kaddr);
1000 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1001 kunmap_atomic(kaddr);
1005 iterate_all_kinds(i, bytes, v,
1006 copyin((p += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
1007 memcpy_from_page((p += v.bv_len) - v.bv_len, v.bv_page,
1008 v.bv_offset, v.bv_len),
1009 memcpy((p += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
1011 kunmap_atomic(kaddr);
1014 EXPORT_SYMBOL(iov_iter_copy_from_user_atomic);
1016 static inline void pipe_truncate(struct iov_iter *i)
1018 struct pipe_inode_info *pipe = i->pipe;
1019 unsigned int p_tail = pipe->tail;
1020 unsigned int p_head = pipe->head;
1021 unsigned int p_mask = pipe->ring_size - 1;
1023 if (!pipe_empty(p_head, p_tail)) {
1024 struct pipe_buffer *buf;
1025 unsigned int i_head = i->head;
1026 size_t off = i->iov_offset;
1029 buf = &pipe->bufs[i_head & p_mask];
1030 buf->len = off - buf->offset;
1033 while (p_head != i_head) {
1035 pipe_buf_release(pipe, &pipe->bufs[p_head & p_mask]);
1038 pipe->head = p_head;
1042 static void pipe_advance(struct iov_iter *i, size_t size)
1044 struct pipe_inode_info *pipe = i->pipe;
1045 if (unlikely(i->count < size))
1048 struct pipe_buffer *buf;
1049 unsigned int p_mask = pipe->ring_size - 1;
1050 unsigned int i_head = i->head;
1051 size_t off = i->iov_offset, left = size;
1053 if (off) /* make it relative to the beginning of buffer */
1054 left += off - pipe->bufs[i_head & p_mask].offset;
1056 buf = &pipe->bufs[i_head & p_mask];
1057 if (left <= buf->len)
1063 i->iov_offset = buf->offset + left;
1066 /* ... and discard everything past that point */
1070 static void iov_iter_bvec_advance(struct iov_iter *i, size_t size)
1072 struct bvec_iter bi;
1074 bi.bi_size = i->count;
1075 bi.bi_bvec_done = i->iov_offset;
1077 bvec_iter_advance(i->bvec, &bi, size);
1079 i->bvec += bi.bi_idx;
1080 i->nr_segs -= bi.bi_idx;
1081 i->count = bi.bi_size;
1082 i->iov_offset = bi.bi_bvec_done;
1085 void iov_iter_advance(struct iov_iter *i, size_t size)
1087 if (unlikely(iov_iter_is_pipe(i))) {
1088 pipe_advance(i, size);
1091 if (unlikely(iov_iter_is_discard(i))) {
1095 if (iov_iter_is_bvec(i)) {
1096 iov_iter_bvec_advance(i, size);
1099 iterate_and_advance(i, size, v, 0, 0, 0)
1101 EXPORT_SYMBOL(iov_iter_advance);
1103 void iov_iter_revert(struct iov_iter *i, size_t unroll)
1107 if (WARN_ON(unroll > MAX_RW_COUNT))
1110 if (unlikely(iov_iter_is_pipe(i))) {
1111 struct pipe_inode_info *pipe = i->pipe;
1112 unsigned int p_mask = pipe->ring_size - 1;
1113 unsigned int i_head = i->head;
1114 size_t off = i->iov_offset;
1116 struct pipe_buffer *b = &pipe->bufs[i_head & p_mask];
1117 size_t n = off - b->offset;
1123 if (!unroll && i_head == i->start_head) {
1128 b = &pipe->bufs[i_head & p_mask];
1129 off = b->offset + b->len;
1131 i->iov_offset = off;
1136 if (unlikely(iov_iter_is_discard(i)))
1138 if (unroll <= i->iov_offset) {
1139 i->iov_offset -= unroll;
1142 unroll -= i->iov_offset;
1143 if (iov_iter_is_bvec(i)) {
1144 const struct bio_vec *bvec = i->bvec;
1146 size_t n = (--bvec)->bv_len;
1150 i->iov_offset = n - unroll;
1155 } else { /* same logics for iovec and kvec */
1156 const struct iovec *iov = i->iov;
1158 size_t n = (--iov)->iov_len;
1162 i->iov_offset = n - unroll;
1169 EXPORT_SYMBOL(iov_iter_revert);
1172 * Return the count of just the current iov_iter segment.
1174 size_t iov_iter_single_seg_count(const struct iov_iter *i)
1176 if (unlikely(iov_iter_is_pipe(i)))
1177 return i->count; // it is a silly place, anyway
1178 if (i->nr_segs == 1)
1180 if (unlikely(iov_iter_is_discard(i)))
1182 else if (iov_iter_is_bvec(i))
1183 return min(i->count, i->bvec->bv_len - i->iov_offset);
1185 return min(i->count, i->iov->iov_len - i->iov_offset);
1187 EXPORT_SYMBOL(iov_iter_single_seg_count);
1189 void iov_iter_kvec(struct iov_iter *i, unsigned int direction,
1190 const struct kvec *kvec, unsigned long nr_segs,
1193 WARN_ON(direction & ~(READ | WRITE));
1194 i->type = ITER_KVEC | (direction & (READ | WRITE));
1196 i->nr_segs = nr_segs;
1200 EXPORT_SYMBOL(iov_iter_kvec);
1202 void iov_iter_bvec(struct iov_iter *i, unsigned int direction,
1203 const struct bio_vec *bvec, unsigned long nr_segs,
1206 WARN_ON(direction & ~(READ | WRITE));
1207 i->type = ITER_BVEC | (direction & (READ | WRITE));
1209 i->nr_segs = nr_segs;
1213 EXPORT_SYMBOL(iov_iter_bvec);
1215 void iov_iter_pipe(struct iov_iter *i, unsigned int direction,
1216 struct pipe_inode_info *pipe,
1219 BUG_ON(direction != READ);
1220 WARN_ON(pipe_full(pipe->head, pipe->tail, pipe->ring_size));
1221 i->type = ITER_PIPE | READ;
1223 i->head = pipe->head;
1226 i->start_head = i->head;
1228 EXPORT_SYMBOL(iov_iter_pipe);
1231 * iov_iter_discard - Initialise an I/O iterator that discards data
1232 * @i: The iterator to initialise.
1233 * @direction: The direction of the transfer.
1234 * @count: The size of the I/O buffer in bytes.
1236 * Set up an I/O iterator that just discards everything that's written to it.
1237 * It's only available as a READ iterator.
1239 void iov_iter_discard(struct iov_iter *i, unsigned int direction, size_t count)
1241 BUG_ON(direction != READ);
1242 i->type = ITER_DISCARD | READ;
1246 EXPORT_SYMBOL(iov_iter_discard);
1248 unsigned long iov_iter_alignment(const struct iov_iter *i)
1250 unsigned long res = 0;
1251 size_t size = i->count;
1253 if (unlikely(iov_iter_is_pipe(i))) {
1254 unsigned int p_mask = i->pipe->ring_size - 1;
1256 if (size && i->iov_offset && allocated(&i->pipe->bufs[i->head & p_mask]))
1257 return size | i->iov_offset;
1260 iterate_all_kinds(i, size, v,
1261 (res |= (unsigned long)v.iov_base | v.iov_len, 0),
1262 res |= v.bv_offset | v.bv_len,
1263 res |= (unsigned long)v.iov_base | v.iov_len
1267 EXPORT_SYMBOL(iov_iter_alignment);
1269 unsigned long iov_iter_gap_alignment(const struct iov_iter *i)
1271 unsigned long res = 0;
1272 size_t size = i->count;
1274 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1279 iterate_all_kinds(i, size, v,
1280 (res |= (!res ? 0 : (unsigned long)v.iov_base) |
1281 (size != v.iov_len ? size : 0), 0),
1282 (res |= (!res ? 0 : (unsigned long)v.bv_offset) |
1283 (size != v.bv_len ? size : 0)),
1284 (res |= (!res ? 0 : (unsigned long)v.iov_base) |
1285 (size != v.iov_len ? size : 0))
1289 EXPORT_SYMBOL(iov_iter_gap_alignment);
1291 static inline ssize_t __pipe_get_pages(struct iov_iter *i,
1293 struct page **pages,
1297 struct pipe_inode_info *pipe = i->pipe;
1298 unsigned int p_mask = pipe->ring_size - 1;
1299 ssize_t n = push_pipe(i, maxsize, &iter_head, start);
1306 get_page(*pages++ = pipe->bufs[iter_head & p_mask].page);
1314 static ssize_t pipe_get_pages(struct iov_iter *i,
1315 struct page **pages, size_t maxsize, unsigned maxpages,
1318 unsigned int iter_head, npages;
1327 data_start(i, &iter_head, start);
1328 /* Amount of free space: some of this one + all after this one */
1329 npages = pipe_space_for_user(iter_head, i->pipe->tail, i->pipe);
1330 capacity = min(npages, maxpages) * PAGE_SIZE - *start;
1332 return __pipe_get_pages(i, min(maxsize, capacity), pages, iter_head, start);
1335 ssize_t iov_iter_get_pages(struct iov_iter *i,
1336 struct page **pages, size_t maxsize, unsigned maxpages,
1339 if (maxsize > i->count)
1342 if (unlikely(iov_iter_is_pipe(i)))
1343 return pipe_get_pages(i, pages, maxsize, maxpages, start);
1344 if (unlikely(iov_iter_is_discard(i)))
1347 iterate_all_kinds(i, maxsize, v, ({
1348 unsigned long addr = (unsigned long)v.iov_base;
1349 size_t len = v.iov_len + (*start = addr & (PAGE_SIZE - 1));
1353 if (len > maxpages * PAGE_SIZE)
1354 len = maxpages * PAGE_SIZE;
1355 addr &= ~(PAGE_SIZE - 1);
1356 n = DIV_ROUND_UP(len, PAGE_SIZE);
1357 res = get_user_pages_fast(addr, n,
1358 iov_iter_rw(i) != WRITE ? FOLL_WRITE : 0,
1360 if (unlikely(res < 0))
1362 return (res == n ? len : res * PAGE_SIZE) - *start;
1364 /* can't be more than PAGE_SIZE */
1365 *start = v.bv_offset;
1366 get_page(*pages = v.bv_page);
1374 EXPORT_SYMBOL(iov_iter_get_pages);
1376 static struct page **get_pages_array(size_t n)
1378 return kvmalloc_array(n, sizeof(struct page *), GFP_KERNEL);
1381 static ssize_t pipe_get_pages_alloc(struct iov_iter *i,
1382 struct page ***pages, size_t maxsize,
1386 unsigned int iter_head, npages;
1395 data_start(i, &iter_head, start);
1396 /* Amount of free space: some of this one + all after this one */
1397 npages = pipe_space_for_user(iter_head, i->pipe->tail, i->pipe);
1398 n = npages * PAGE_SIZE - *start;
1402 npages = DIV_ROUND_UP(maxsize + *start, PAGE_SIZE);
1403 p = get_pages_array(npages);
1406 n = __pipe_get_pages(i, maxsize, p, iter_head, start);
1414 ssize_t iov_iter_get_pages_alloc(struct iov_iter *i,
1415 struct page ***pages, size_t maxsize,
1420 if (maxsize > i->count)
1423 if (unlikely(iov_iter_is_pipe(i)))
1424 return pipe_get_pages_alloc(i, pages, maxsize, start);
1425 if (unlikely(iov_iter_is_discard(i)))
1428 iterate_all_kinds(i, maxsize, v, ({
1429 unsigned long addr = (unsigned long)v.iov_base;
1430 size_t len = v.iov_len + (*start = addr & (PAGE_SIZE - 1));
1434 addr &= ~(PAGE_SIZE - 1);
1435 n = DIV_ROUND_UP(len, PAGE_SIZE);
1436 p = get_pages_array(n);
1439 res = get_user_pages_fast(addr, n,
1440 iov_iter_rw(i) != WRITE ? FOLL_WRITE : 0, p);
1441 if (unlikely(res < 0)) {
1446 return (res == n ? len : res * PAGE_SIZE) - *start;
1448 /* can't be more than PAGE_SIZE */
1449 *start = v.bv_offset;
1450 *pages = p = get_pages_array(1);
1453 get_page(*p = v.bv_page);
1461 EXPORT_SYMBOL(iov_iter_get_pages_alloc);
1463 size_t csum_and_copy_from_iter(void *addr, size_t bytes, __wsum *csum,
1470 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1474 iterate_and_advance(i, bytes, v, ({
1475 next = csum_and_copy_from_user(v.iov_base,
1476 (to += v.iov_len) - v.iov_len,
1479 sum = csum_block_add(sum, next, off);
1482 next ? 0 : v.iov_len;
1484 char *p = kmap_atomic(v.bv_page);
1485 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1486 p + v.bv_offset, v.bv_len,
1491 sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
1492 v.iov_base, v.iov_len,
1500 EXPORT_SYMBOL(csum_and_copy_from_iter);
1502 bool csum_and_copy_from_iter_full(void *addr, size_t bytes, __wsum *csum,
1509 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1513 if (unlikely(i->count < bytes))
1515 iterate_all_kinds(i, bytes, v, ({
1516 next = csum_and_copy_from_user(v.iov_base,
1517 (to += v.iov_len) - v.iov_len,
1521 sum = csum_block_add(sum, next, off);
1525 char *p = kmap_atomic(v.bv_page);
1526 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1527 p + v.bv_offset, v.bv_len,
1532 sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
1533 v.iov_base, v.iov_len,
1539 iov_iter_advance(i, bytes);
1542 EXPORT_SYMBOL(csum_and_copy_from_iter_full);
1544 size_t csum_and_copy_to_iter(const void *addr, size_t bytes, void *_csstate,
1547 struct csum_state *csstate = _csstate;
1548 const char *from = addr;
1552 if (unlikely(iov_iter_is_pipe(i)))
1553 return csum_and_copy_to_pipe_iter(addr, bytes, _csstate, i);
1555 sum = csstate->csum;
1557 if (unlikely(iov_iter_is_discard(i))) {
1558 WARN_ON(1); /* for now */
1561 iterate_and_advance(i, bytes, v, ({
1562 next = csum_and_copy_to_user((from += v.iov_len) - v.iov_len,
1566 sum = csum_block_add(sum, next, off);
1569 next ? 0 : v.iov_len;
1571 char *p = kmap_atomic(v.bv_page);
1572 sum = csum_and_memcpy(p + v.bv_offset,
1573 (from += v.bv_len) - v.bv_len,
1574 v.bv_len, sum, off);
1578 sum = csum_and_memcpy(v.iov_base,
1579 (from += v.iov_len) - v.iov_len,
1580 v.iov_len, sum, off);
1584 csstate->csum = sum;
1588 EXPORT_SYMBOL(csum_and_copy_to_iter);
1590 size_t hash_and_copy_to_iter(const void *addr, size_t bytes, void *hashp,
1593 #ifdef CONFIG_CRYPTO_HASH
1594 struct ahash_request *hash = hashp;
1595 struct scatterlist sg;
1598 copied = copy_to_iter(addr, bytes, i);
1599 sg_init_one(&sg, addr, copied);
1600 ahash_request_set_crypt(hash, &sg, NULL, copied);
1601 crypto_ahash_update(hash);
1607 EXPORT_SYMBOL(hash_and_copy_to_iter);
1609 int iov_iter_npages(const struct iov_iter *i, int maxpages)
1611 size_t size = i->count;
1616 if (unlikely(iov_iter_is_discard(i)))
1619 if (unlikely(iov_iter_is_pipe(i))) {
1620 struct pipe_inode_info *pipe = i->pipe;
1621 unsigned int iter_head;
1627 data_start(i, &iter_head, &off);
1628 /* some of this one + all after this one */
1629 npages = pipe_space_for_user(iter_head, pipe->tail, pipe);
1630 if (npages >= maxpages)
1632 } else iterate_all_kinds(i, size, v, ({
1633 unsigned long p = (unsigned long)v.iov_base;
1634 npages += DIV_ROUND_UP(p + v.iov_len, PAGE_SIZE)
1636 if (npages >= maxpages)
1640 if (npages >= maxpages)
1643 unsigned long p = (unsigned long)v.iov_base;
1644 npages += DIV_ROUND_UP(p + v.iov_len, PAGE_SIZE)
1646 if (npages >= maxpages)
1652 EXPORT_SYMBOL(iov_iter_npages);
1654 const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags)
1657 if (unlikely(iov_iter_is_pipe(new))) {
1661 if (unlikely(iov_iter_is_discard(new)))
1663 if (iov_iter_is_bvec(new))
1664 return new->bvec = kmemdup(new->bvec,
1665 new->nr_segs * sizeof(struct bio_vec),
1668 /* iovec and kvec have identical layout */
1669 return new->iov = kmemdup(new->iov,
1670 new->nr_segs * sizeof(struct iovec),
1673 EXPORT_SYMBOL(dup_iter);
1675 static int copy_compat_iovec_from_user(struct iovec *iov,
1676 const struct iovec __user *uvec, unsigned long nr_segs)
1678 const struct compat_iovec __user *uiov =
1679 (const struct compat_iovec __user *)uvec;
1680 int ret = -EFAULT, i;
1682 if (!user_access_begin(uiov, nr_segs * sizeof(*uiov)))
1685 for (i = 0; i < nr_segs; i++) {
1689 unsafe_get_user(len, &uiov[i].iov_len, uaccess_end);
1690 unsafe_get_user(buf, &uiov[i].iov_base, uaccess_end);
1692 /* check for compat_size_t not fitting in compat_ssize_t .. */
1697 iov[i].iov_base = compat_ptr(buf);
1698 iov[i].iov_len = len;
1707 static int copy_iovec_from_user(struct iovec *iov,
1708 const struct iovec __user *uvec, unsigned long nr_segs)
1712 if (copy_from_user(iov, uvec, nr_segs * sizeof(*uvec)))
1714 for (seg = 0; seg < nr_segs; seg++) {
1715 if ((ssize_t)iov[seg].iov_len < 0)
1722 struct iovec *iovec_from_user(const struct iovec __user *uvec,
1723 unsigned long nr_segs, unsigned long fast_segs,
1724 struct iovec *fast_iov, bool compat)
1726 struct iovec *iov = fast_iov;
1730 * SuS says "The readv() function *may* fail if the iovcnt argument was
1731 * less than or equal to 0, or greater than {IOV_MAX}. Linux has
1732 * traditionally returned zero for zero segments, so...
1736 if (nr_segs > UIO_MAXIOV)
1737 return ERR_PTR(-EINVAL);
1738 if (nr_segs > fast_segs) {
1739 iov = kmalloc_array(nr_segs, sizeof(struct iovec), GFP_KERNEL);
1741 return ERR_PTR(-ENOMEM);
1745 ret = copy_compat_iovec_from_user(iov, uvec, nr_segs);
1747 ret = copy_iovec_from_user(iov, uvec, nr_segs);
1749 if (iov != fast_iov)
1751 return ERR_PTR(ret);
1757 ssize_t __import_iovec(int type, const struct iovec __user *uvec,
1758 unsigned nr_segs, unsigned fast_segs, struct iovec **iovp,
1759 struct iov_iter *i, bool compat)
1761 ssize_t total_len = 0;
1765 iov = iovec_from_user(uvec, nr_segs, fast_segs, *iovp, compat);
1768 return PTR_ERR(iov);
1772 * According to the Single Unix Specification we should return EINVAL if
1773 * an element length is < 0 when cast to ssize_t or if the total length
1774 * would overflow the ssize_t return value of the system call.
1776 * Linux caps all read/write calls to MAX_RW_COUNT, and avoids the
1779 for (seg = 0; seg < nr_segs; seg++) {
1780 ssize_t len = (ssize_t)iov[seg].iov_len;
1782 if (!access_ok(iov[seg].iov_base, len)) {
1789 if (len > MAX_RW_COUNT - total_len) {
1790 len = MAX_RW_COUNT - total_len;
1791 iov[seg].iov_len = len;
1796 iov_iter_init(i, type, iov, nr_segs, total_len);
1805 * import_iovec() - Copy an array of &struct iovec from userspace
1806 * into the kernel, check that it is valid, and initialize a new
1807 * &struct iov_iter iterator to access it.
1809 * @type: One of %READ or %WRITE.
1810 * @uvec: Pointer to the userspace array.
1811 * @nr_segs: Number of elements in userspace array.
1812 * @fast_segs: Number of elements in @iov.
1813 * @iovp: (input and output parameter) Pointer to pointer to (usually small
1814 * on-stack) kernel array.
1815 * @i: Pointer to iterator that will be initialized on success.
1817 * If the array pointed to by *@iov is large enough to hold all @nr_segs,
1818 * then this function places %NULL in *@iov on return. Otherwise, a new
1819 * array will be allocated and the result placed in *@iov. This means that
1820 * the caller may call kfree() on *@iov regardless of whether the small
1821 * on-stack array was used or not (and regardless of whether this function
1822 * returns an error or not).
1824 * Return: Negative error code on error, bytes imported on success
1826 ssize_t import_iovec(int type, const struct iovec __user *uvec,
1827 unsigned nr_segs, unsigned fast_segs,
1828 struct iovec **iovp, struct iov_iter *i)
1830 return __import_iovec(type, uvec, nr_segs, fast_segs, iovp, i,
1831 in_compat_syscall());
1833 EXPORT_SYMBOL(import_iovec);
1835 int import_single_range(int rw, void __user *buf, size_t len,
1836 struct iovec *iov, struct iov_iter *i)
1838 if (len > MAX_RW_COUNT)
1840 if (unlikely(!access_ok(buf, len)))
1843 iov->iov_base = buf;
1845 iov_iter_init(i, rw, iov, 1, len);
1848 EXPORT_SYMBOL(import_single_range);
1850 int iov_iter_for_each_range(struct iov_iter *i, size_t bytes,
1851 int (*f)(struct kvec *vec, void *context),
1859 iterate_all_kinds(i, bytes, v, -EINVAL, ({
1860 w.iov_base = kmap(v.bv_page) + v.bv_offset;
1861 w.iov_len = v.bv_len;
1862 err = f(&w, context);
1866 err = f(&w, context);})
1870 EXPORT_SYMBOL(iov_iter_for_each_range);
projects / linux-2.6-microblaze.git / blob