1 // SPDX-License-Identifier: GPL-2.0-only
2 #include <crypto/hash.h>
3 #include <linux/export.h>
4 #include <linux/bvec.h>
5 #include <linux/fault-inject-usercopy.h>
7 #include <linux/pagemap.h>
8 #include <linux/slab.h>
9 #include <linux/vmalloc.h>
10 #include <linux/splice.h>
11 #include <linux/compat.h>
12 #include <net/checksum.h>
13 #include <linux/scatterlist.h>
14 #include <linux/instrumented.h>
16 #define PIPE_PARANOIA /* for now */
18 #define iterate_iovec(i, n, __v, __p, skip, STEP) { \
22 __v.iov_len = min(n, __p->iov_len - skip); \
23 if (likely(__v.iov_len)) { \
24 __v.iov_base = __p->iov_base + skip; \
26 __v.iov_len -= left; \
27 skip += __v.iov_len; \
32 while (unlikely(!left && n)) { \
34 __v.iov_len = min(n, __p->iov_len); \
35 if (unlikely(!__v.iov_len)) \
37 __v.iov_base = __p->iov_base; \
39 __v.iov_len -= left; \
46 #define iterate_kvec(i, n, __v, __p, skip, STEP) { \
49 __v.iov_len = min(n, __p->iov_len - skip); \
50 if (likely(__v.iov_len)) { \
51 __v.iov_base = __p->iov_base + skip; \
53 skip += __v.iov_len; \
56 while (unlikely(n)) { \
58 __v.iov_len = min(n, __p->iov_len); \
59 if (unlikely(!__v.iov_len)) \
61 __v.iov_base = __p->iov_base; \
69 #define iterate_bvec(i, n, __v, __bi, skip, STEP) { \
70 struct bvec_iter __start; \
71 __start.bi_size = n; \
72 __start.bi_bvec_done = skip; \
74 for_each_bvec(__v, i->bvec, __bi, __start) { \
81 #define iterate_all_kinds(i, n, v, I, B, K) { \
83 size_t skip = i->iov_offset; \
84 if (unlikely(i->type & ITER_BVEC)) { \
86 struct bvec_iter __bi; \
87 iterate_bvec(i, n, v, __bi, skip, (B)) \
88 } else if (unlikely(i->type & ITER_KVEC)) { \
89 const struct kvec *kvec; \
91 iterate_kvec(i, n, v, kvec, skip, (K)) \
92 } else if (unlikely(i->type & ITER_DISCARD)) { \
94 const struct iovec *iov; \
96 iterate_iovec(i, n, v, iov, skip, (I)) \
101 #define iterate_and_advance(i, n, v, I, B, K) { \
102 if (unlikely(i->count < n)) \
105 size_t skip = i->iov_offset; \
106 if (unlikely(i->type & ITER_BVEC)) { \
107 const struct bio_vec *bvec = i->bvec; \
109 struct bvec_iter __bi; \
110 iterate_bvec(i, n, v, __bi, skip, (B)) \
111 i->bvec = __bvec_iter_bvec(i->bvec, __bi); \
112 i->nr_segs -= i->bvec - bvec; \
113 skip = __bi.bi_bvec_done; \
114 } else if (unlikely(i->type & ITER_KVEC)) { \
115 const struct kvec *kvec; \
117 iterate_kvec(i, n, v, kvec, skip, (K)) \
118 if (skip == kvec->iov_len) { \
122 i->nr_segs -= kvec - i->kvec; \
124 } else if (unlikely(i->type & ITER_DISCARD)) { \
127 const struct iovec *iov; \
129 iterate_iovec(i, n, v, iov, skip, (I)) \
130 if (skip == iov->iov_len) { \
134 i->nr_segs -= iov - i->iov; \
138 i->iov_offset = skip; \
142 static int copyout(void __user *to, const void *from, size_t n)
144 if (should_fail_usercopy())
146 if (access_ok(to, n)) {
147 instrument_copy_to_user(to, from, n);
148 n = raw_copy_to_user(to, from, n);
153 static int copyin(void *to, const void __user *from, size_t n)
155 if (should_fail_usercopy())
157 if (access_ok(from, n)) {
158 instrument_copy_from_user(to, from, n);
159 n = raw_copy_from_user(to, from, n);
164 static size_t copy_page_to_iter_iovec(struct page *page, size_t offset, size_t bytes,
167 size_t skip, copy, left, wanted;
168 const struct iovec *iov;
172 if (unlikely(bytes > i->count))
175 if (unlikely(!bytes))
181 skip = i->iov_offset;
182 buf = iov->iov_base + skip;
183 copy = min(bytes, iov->iov_len - skip);
185 if (IS_ENABLED(CONFIG_HIGHMEM) && !fault_in_pages_writeable(buf, copy)) {
186 kaddr = kmap_atomic(page);
187 from = kaddr + offset;
189 /* first chunk, usually the only one */
190 left = copyout(buf, from, copy);
196 while (unlikely(!left && bytes)) {
199 copy = min(bytes, iov->iov_len);
200 left = copyout(buf, from, copy);
206 if (likely(!bytes)) {
207 kunmap_atomic(kaddr);
210 offset = from - kaddr;
212 kunmap_atomic(kaddr);
213 copy = min(bytes, iov->iov_len - skip);
215 /* Too bad - revert to non-atomic kmap */
218 from = kaddr + offset;
219 left = copyout(buf, from, copy);
224 while (unlikely(!left && bytes)) {
227 copy = min(bytes, iov->iov_len);
228 left = copyout(buf, from, copy);
237 if (skip == iov->iov_len) {
241 i->count -= wanted - bytes;
242 i->nr_segs -= iov - i->iov;
244 i->iov_offset = skip;
245 return wanted - bytes;
248 static size_t copy_page_from_iter_iovec(struct page *page, size_t offset, size_t bytes,
251 size_t skip, copy, left, wanted;
252 const struct iovec *iov;
256 if (unlikely(bytes > i->count))
259 if (unlikely(!bytes))
265 skip = i->iov_offset;
266 buf = iov->iov_base + skip;
267 copy = min(bytes, iov->iov_len - skip);
269 if (IS_ENABLED(CONFIG_HIGHMEM) && !fault_in_pages_readable(buf, copy)) {
270 kaddr = kmap_atomic(page);
273 /* first chunk, usually the only one */
274 left = copyin(to, buf, copy);
280 while (unlikely(!left && bytes)) {
283 copy = min(bytes, iov->iov_len);
284 left = copyin(to, buf, copy);
290 if (likely(!bytes)) {
291 kunmap_atomic(kaddr);
296 kunmap_atomic(kaddr);
297 copy = min(bytes, iov->iov_len - skip);
299 /* Too bad - revert to non-atomic kmap */
303 left = copyin(to, buf, copy);
308 while (unlikely(!left && bytes)) {
311 copy = min(bytes, iov->iov_len);
312 left = copyin(to, buf, copy);
321 if (skip == iov->iov_len) {
325 i->count -= wanted - bytes;
326 i->nr_segs -= iov - i->iov;
328 i->iov_offset = skip;
329 return wanted - bytes;
333 static bool sanity(const struct iov_iter *i)
335 struct pipe_inode_info *pipe = i->pipe;
336 unsigned int p_head = pipe->head;
337 unsigned int p_tail = pipe->tail;
338 unsigned int p_mask = pipe->ring_size - 1;
339 unsigned int p_occupancy = pipe_occupancy(p_head, p_tail);
340 unsigned int i_head = i->head;
344 struct pipe_buffer *p;
345 if (unlikely(p_occupancy == 0))
346 goto Bad; // pipe must be non-empty
347 if (unlikely(i_head != p_head - 1))
348 goto Bad; // must be at the last buffer...
350 p = &pipe->bufs[i_head & p_mask];
351 if (unlikely(p->offset + p->len != i->iov_offset))
352 goto Bad; // ... at the end of segment
354 if (i_head != p_head)
355 goto Bad; // must be right after the last buffer
359 printk(KERN_ERR "idx = %d, offset = %zd\n", i_head, i->iov_offset);
360 printk(KERN_ERR "head = %d, tail = %d, buffers = %d\n",
361 p_head, p_tail, pipe->ring_size);
362 for (idx = 0; idx < pipe->ring_size; idx++)
363 printk(KERN_ERR "[%p %p %d %d]\n",
365 pipe->bufs[idx].page,
366 pipe->bufs[idx].offset,
367 pipe->bufs[idx].len);
372 #define sanity(i) true
375 static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t bytes,
378 struct pipe_inode_info *pipe = i->pipe;
379 struct pipe_buffer *buf;
380 unsigned int p_tail = pipe->tail;
381 unsigned int p_mask = pipe->ring_size - 1;
382 unsigned int i_head = i->head;
385 if (unlikely(bytes > i->count))
388 if (unlikely(!bytes))
395 buf = &pipe->bufs[i_head & p_mask];
397 if (offset == off && buf->page == page) {
398 /* merge with the last one */
400 i->iov_offset += bytes;
404 buf = &pipe->bufs[i_head & p_mask];
406 if (pipe_full(i_head, p_tail, pipe->max_usage))
409 buf->ops = &page_cache_pipe_buf_ops;
412 buf->offset = offset;
415 pipe->head = i_head + 1;
416 i->iov_offset = offset + bytes;
424 * Fault in one or more iovecs of the given iov_iter, to a maximum length of
425 * bytes. For each iovec, fault in each page that constitutes the iovec.
427 * Return 0 on success, or non-zero if the memory could not be accessed (i.e.
428 * because it is an invalid address).
430 int iov_iter_fault_in_readable(struct iov_iter *i, size_t bytes)
432 size_t skip = i->iov_offset;
433 const struct iovec *iov;
437 if (!(i->type & (ITER_BVEC|ITER_KVEC))) {
438 iterate_iovec(i, bytes, v, iov, skip, ({
439 err = fault_in_pages_readable(v.iov_base, v.iov_len);
446 EXPORT_SYMBOL(iov_iter_fault_in_readable);
448 void iov_iter_init(struct iov_iter *i, unsigned int direction,
449 const struct iovec *iov, unsigned long nr_segs,
452 WARN_ON(direction & ~(READ | WRITE));
453 direction &= READ | WRITE;
455 /* It will get better. Eventually... */
456 if (uaccess_kernel()) {
457 i->type = ITER_KVEC | direction;
458 i->kvec = (struct kvec *)iov;
460 i->type = ITER_IOVEC | direction;
463 i->nr_segs = nr_segs;
467 EXPORT_SYMBOL(iov_iter_init);
469 static void memcpy_from_page(char *to, struct page *page, size_t offset, size_t len)
471 char *from = kmap_atomic(page);
472 memcpy(to, from + offset, len);
476 static void memcpy_to_page(struct page *page, size_t offset, const char *from, size_t len)
478 char *to = kmap_atomic(page);
479 memcpy(to + offset, from, len);
483 static void memzero_page(struct page *page, size_t offset, size_t len)
485 char *addr = kmap_atomic(page);
486 memset(addr + offset, 0, len);
490 static inline bool allocated(struct pipe_buffer *buf)
492 return buf->ops == &default_pipe_buf_ops;
495 static inline void data_start(const struct iov_iter *i,
496 unsigned int *iter_headp, size_t *offp)
498 unsigned int p_mask = i->pipe->ring_size - 1;
499 unsigned int iter_head = i->head;
500 size_t off = i->iov_offset;
502 if (off && (!allocated(&i->pipe->bufs[iter_head & p_mask]) ||
507 *iter_headp = iter_head;
511 static size_t push_pipe(struct iov_iter *i, size_t size,
512 int *iter_headp, size_t *offp)
514 struct pipe_inode_info *pipe = i->pipe;
515 unsigned int p_tail = pipe->tail;
516 unsigned int p_mask = pipe->ring_size - 1;
517 unsigned int iter_head;
521 if (unlikely(size > i->count))
527 data_start(i, &iter_head, &off);
528 *iter_headp = iter_head;
531 left -= PAGE_SIZE - off;
533 pipe->bufs[iter_head & p_mask].len += size;
536 pipe->bufs[iter_head & p_mask].len = PAGE_SIZE;
539 while (!pipe_full(iter_head, p_tail, pipe->max_usage)) {
540 struct pipe_buffer *buf = &pipe->bufs[iter_head & p_mask];
541 struct page *page = alloc_page(GFP_USER);
545 buf->ops = &default_pipe_buf_ops;
548 buf->len = min_t(ssize_t, left, PAGE_SIZE);
551 pipe->head = iter_head;
559 static size_t copy_pipe_to_iter(const void *addr, size_t bytes,
562 struct pipe_inode_info *pipe = i->pipe;
563 unsigned int p_mask = pipe->ring_size - 1;
570 bytes = n = push_pipe(i, bytes, &i_head, &off);
574 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
575 memcpy_to_page(pipe->bufs[i_head & p_mask].page, off, addr, chunk);
577 i->iov_offset = off + chunk;
587 static __wsum csum_and_memcpy(void *to, const void *from, size_t len,
588 __wsum sum, size_t off)
590 __wsum next = csum_partial_copy_nocheck(from, to, len);
591 return csum_block_add(sum, next, off);
594 static size_t csum_and_copy_to_pipe_iter(const void *addr, size_t bytes,
595 struct csum_state *csstate,
598 struct pipe_inode_info *pipe = i->pipe;
599 unsigned int p_mask = pipe->ring_size - 1;
600 __wsum sum = csstate->csum;
601 size_t off = csstate->off;
608 bytes = n = push_pipe(i, bytes, &i_head, &r);
612 size_t chunk = min_t(size_t, n, PAGE_SIZE - r);
613 char *p = kmap_atomic(pipe->bufs[i_head & p_mask].page);
614 sum = csum_and_memcpy(p + r, addr, chunk, sum, off);
617 i->iov_offset = r + chunk;
630 size_t _copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
632 const char *from = addr;
633 if (unlikely(iov_iter_is_pipe(i)))
634 return copy_pipe_to_iter(addr, bytes, i);
635 if (iter_is_iovec(i))
637 iterate_and_advance(i, bytes, v,
638 copyout(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len),
639 memcpy_to_page(v.bv_page, v.bv_offset,
640 (from += v.bv_len) - v.bv_len, v.bv_len),
641 memcpy(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len)
646 EXPORT_SYMBOL(_copy_to_iter);
648 #ifdef CONFIG_ARCH_HAS_COPY_MC
649 static int copyout_mc(void __user *to, const void *from, size_t n)
651 if (access_ok(to, n)) {
652 instrument_copy_to_user(to, from, n);
653 n = copy_mc_to_user((__force void *) to, from, n);
658 static unsigned long copy_mc_to_page(struct page *page, size_t offset,
659 const char *from, size_t len)
664 to = kmap_atomic(page);
665 ret = copy_mc_to_kernel(to + offset, from, len);
671 static size_t copy_mc_pipe_to_iter(const void *addr, size_t bytes,
674 struct pipe_inode_info *pipe = i->pipe;
675 unsigned int p_mask = pipe->ring_size - 1;
677 size_t n, off, xfer = 0;
682 bytes = n = push_pipe(i, bytes, &i_head, &off);
686 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
689 rem = copy_mc_to_page(pipe->bufs[i_head & p_mask].page,
692 i->iov_offset = off + chunk - rem;
706 * _copy_mc_to_iter - copy to iter with source memory error exception handling
707 * @addr: source kernel address
708 * @bytes: total transfer length
709 * @iter: destination iterator
711 * The pmem driver deploys this for the dax operation
712 * (dax_copy_to_iter()) for dax reads (bypass page-cache and the
713 * block-layer). Upon #MC read(2) aborts and returns EIO or the bytes
714 * successfully copied.
716 * The main differences between this and typical _copy_to_iter().
718 * * Typical tail/residue handling after a fault retries the copy
719 * byte-by-byte until the fault happens again. Re-triggering machine
720 * checks is potentially fatal so the implementation uses source
721 * alignment and poison alignment assumptions to avoid re-triggering
722 * hardware exceptions.
724 * * ITER_KVEC, ITER_PIPE, and ITER_BVEC can return short copies.
725 * Compare to copy_to_iter() where only ITER_IOVEC attempts might return
728 size_t _copy_mc_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
730 const char *from = addr;
731 unsigned long rem, curr_addr, s_addr = (unsigned long) addr;
733 if (unlikely(iov_iter_is_pipe(i)))
734 return copy_mc_pipe_to_iter(addr, bytes, i);
735 if (iter_is_iovec(i))
737 iterate_and_advance(i, bytes, v,
738 copyout_mc(v.iov_base, (from += v.iov_len) - v.iov_len,
741 rem = copy_mc_to_page(v.bv_page, v.bv_offset,
742 (from += v.bv_len) - v.bv_len, v.bv_len);
744 curr_addr = (unsigned long) from;
745 bytes = curr_addr - s_addr - rem;
750 rem = copy_mc_to_kernel(v.iov_base, (from += v.iov_len)
751 - v.iov_len, v.iov_len);
753 curr_addr = (unsigned long) from;
754 bytes = curr_addr - s_addr - rem;
762 EXPORT_SYMBOL_GPL(_copy_mc_to_iter);
763 #endif /* CONFIG_ARCH_HAS_COPY_MC */
765 size_t _copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
768 if (unlikely(iov_iter_is_pipe(i))) {
772 if (iter_is_iovec(i))
774 iterate_and_advance(i, bytes, v,
775 copyin((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
776 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
777 v.bv_offset, v.bv_len),
778 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
783 EXPORT_SYMBOL(_copy_from_iter);
785 bool _copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i)
788 if (unlikely(iov_iter_is_pipe(i))) {
792 if (unlikely(i->count < bytes))
795 if (iter_is_iovec(i))
797 iterate_all_kinds(i, bytes, v, ({
798 if (copyin((to += v.iov_len) - v.iov_len,
799 v.iov_base, v.iov_len))
802 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
803 v.bv_offset, v.bv_len),
804 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
807 iov_iter_advance(i, bytes);
810 EXPORT_SYMBOL(_copy_from_iter_full);
812 size_t _copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
815 if (unlikely(iov_iter_is_pipe(i))) {
819 iterate_and_advance(i, bytes, v,
820 __copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
821 v.iov_base, v.iov_len),
822 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
823 v.bv_offset, v.bv_len),
824 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
829 EXPORT_SYMBOL(_copy_from_iter_nocache);
831 #ifdef CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE
833 * _copy_from_iter_flushcache - write destination through cpu cache
834 * @addr: destination kernel address
835 * @bytes: total transfer length
836 * @iter: source iterator
838 * The pmem driver arranges for filesystem-dax to use this facility via
839 * dax_copy_from_iter() for ensuring that writes to persistent memory
840 * are flushed through the CPU cache. It is differentiated from
841 * _copy_from_iter_nocache() in that guarantees all data is flushed for
842 * all iterator types. The _copy_from_iter_nocache() only attempts to
843 * bypass the cache for the ITER_IOVEC case, and on some archs may use
844 * instructions that strand dirty-data in the cache.
846 size_t _copy_from_iter_flushcache(void *addr, size_t bytes, struct iov_iter *i)
849 if (unlikely(iov_iter_is_pipe(i))) {
853 iterate_and_advance(i, bytes, v,
854 __copy_from_user_flushcache((to += v.iov_len) - v.iov_len,
855 v.iov_base, v.iov_len),
856 memcpy_page_flushcache((to += v.bv_len) - v.bv_len, v.bv_page,
857 v.bv_offset, v.bv_len),
858 memcpy_flushcache((to += v.iov_len) - v.iov_len, v.iov_base,
864 EXPORT_SYMBOL_GPL(_copy_from_iter_flushcache);
867 bool _copy_from_iter_full_nocache(void *addr, size_t bytes, struct iov_iter *i)
870 if (unlikely(iov_iter_is_pipe(i))) {
874 if (unlikely(i->count < bytes))
876 iterate_all_kinds(i, bytes, v, ({
877 if (__copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
878 v.iov_base, v.iov_len))
881 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
882 v.bv_offset, v.bv_len),
883 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
886 iov_iter_advance(i, bytes);
889 EXPORT_SYMBOL(_copy_from_iter_full_nocache);
891 static inline bool page_copy_sane(struct page *page, size_t offset, size_t n)
894 size_t v = n + offset;
897 * The general case needs to access the page order in order
898 * to compute the page size.
899 * However, we mostly deal with order-0 pages and thus can
900 * avoid a possible cache line miss for requests that fit all
903 if (n <= v && v <= PAGE_SIZE)
906 head = compound_head(page);
907 v += (page - head) << PAGE_SHIFT;
909 if (likely(n <= v && v <= (page_size(head))))
915 size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes,
918 if (unlikely(!page_copy_sane(page, offset, bytes)))
920 if (i->type & (ITER_BVEC|ITER_KVEC)) {
921 void *kaddr = kmap_atomic(page);
922 size_t wanted = copy_to_iter(kaddr + offset, bytes, i);
923 kunmap_atomic(kaddr);
925 } else if (unlikely(iov_iter_is_discard(i)))
927 else if (likely(!iov_iter_is_pipe(i)))
928 return copy_page_to_iter_iovec(page, offset, bytes, i);
930 return copy_page_to_iter_pipe(page, offset, bytes, i);
932 EXPORT_SYMBOL(copy_page_to_iter);
934 size_t copy_page_from_iter(struct page *page, size_t offset, size_t bytes,
937 if (unlikely(!page_copy_sane(page, offset, bytes)))
939 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
943 if (i->type & (ITER_BVEC|ITER_KVEC)) {
944 void *kaddr = kmap_atomic(page);
945 size_t wanted = _copy_from_iter(kaddr + offset, bytes, i);
946 kunmap_atomic(kaddr);
949 return copy_page_from_iter_iovec(page, offset, bytes, i);
951 EXPORT_SYMBOL(copy_page_from_iter);
953 static size_t pipe_zero(size_t bytes, struct iov_iter *i)
955 struct pipe_inode_info *pipe = i->pipe;
956 unsigned int p_mask = pipe->ring_size - 1;
963 bytes = n = push_pipe(i, bytes, &i_head, &off);
968 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
969 memzero_page(pipe->bufs[i_head & p_mask].page, off, chunk);
971 i->iov_offset = off + chunk;
980 size_t iov_iter_zero(size_t bytes, struct iov_iter *i)
982 if (unlikely(iov_iter_is_pipe(i)))
983 return pipe_zero(bytes, i);
984 iterate_and_advance(i, bytes, v,
985 clear_user(v.iov_base, v.iov_len),
986 memzero_page(v.bv_page, v.bv_offset, v.bv_len),
987 memset(v.iov_base, 0, v.iov_len)
992 EXPORT_SYMBOL(iov_iter_zero);
994 size_t iov_iter_copy_from_user_atomic(struct page *page,
995 struct iov_iter *i, unsigned long offset, size_t bytes)
997 char *kaddr = kmap_atomic(page), *p = kaddr + offset;
998 if (unlikely(!page_copy_sane(page, offset, bytes))) {
999 kunmap_atomic(kaddr);
1002 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1003 kunmap_atomic(kaddr);
1007 iterate_all_kinds(i, bytes, v,
1008 copyin((p += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
1009 memcpy_from_page((p += v.bv_len) - v.bv_len, v.bv_page,
1010 v.bv_offset, v.bv_len),
1011 memcpy((p += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
1013 kunmap_atomic(kaddr);
1016 EXPORT_SYMBOL(iov_iter_copy_from_user_atomic);
1018 static inline void pipe_truncate(struct iov_iter *i)
1020 struct pipe_inode_info *pipe = i->pipe;
1021 unsigned int p_tail = pipe->tail;
1022 unsigned int p_head = pipe->head;
1023 unsigned int p_mask = pipe->ring_size - 1;
1025 if (!pipe_empty(p_head, p_tail)) {
1026 struct pipe_buffer *buf;
1027 unsigned int i_head = i->head;
1028 size_t off = i->iov_offset;
1031 buf = &pipe->bufs[i_head & p_mask];
1032 buf->len = off - buf->offset;
1035 while (p_head != i_head) {
1037 pipe_buf_release(pipe, &pipe->bufs[p_head & p_mask]);
1040 pipe->head = p_head;
1044 static void pipe_advance(struct iov_iter *i, size_t size)
1046 struct pipe_inode_info *pipe = i->pipe;
1047 if (unlikely(i->count < size))
1050 struct pipe_buffer *buf;
1051 unsigned int p_mask = pipe->ring_size - 1;
1052 unsigned int i_head = i->head;
1053 size_t off = i->iov_offset, left = size;
1055 if (off) /* make it relative to the beginning of buffer */
1056 left += off - pipe->bufs[i_head & p_mask].offset;
1058 buf = &pipe->bufs[i_head & p_mask];
1059 if (left <= buf->len)
1065 i->iov_offset = buf->offset + left;
1068 /* ... and discard everything past that point */
1072 void iov_iter_advance(struct iov_iter *i, size_t size)
1074 if (unlikely(iov_iter_is_pipe(i))) {
1075 pipe_advance(i, size);
1078 if (unlikely(iov_iter_is_discard(i))) {
1082 iterate_and_advance(i, size, v, 0, 0, 0)
1084 EXPORT_SYMBOL(iov_iter_advance);
1086 void iov_iter_revert(struct iov_iter *i, size_t unroll)
1090 if (WARN_ON(unroll > MAX_RW_COUNT))
1093 if (unlikely(iov_iter_is_pipe(i))) {
1094 struct pipe_inode_info *pipe = i->pipe;
1095 unsigned int p_mask = pipe->ring_size - 1;
1096 unsigned int i_head = i->head;
1097 size_t off = i->iov_offset;
1099 struct pipe_buffer *b = &pipe->bufs[i_head & p_mask];
1100 size_t n = off - b->offset;
1106 if (!unroll && i_head == i->start_head) {
1111 b = &pipe->bufs[i_head & p_mask];
1112 off = b->offset + b->len;
1114 i->iov_offset = off;
1119 if (unlikely(iov_iter_is_discard(i)))
1121 if (unroll <= i->iov_offset) {
1122 i->iov_offset -= unroll;
1125 unroll -= i->iov_offset;
1126 if (iov_iter_is_bvec(i)) {
1127 const struct bio_vec *bvec = i->bvec;
1129 size_t n = (--bvec)->bv_len;
1133 i->iov_offset = n - unroll;
1138 } else { /* same logics for iovec and kvec */
1139 const struct iovec *iov = i->iov;
1141 size_t n = (--iov)->iov_len;
1145 i->iov_offset = n - unroll;
1152 EXPORT_SYMBOL(iov_iter_revert);
1155 * Return the count of just the current iov_iter segment.
1157 size_t iov_iter_single_seg_count(const struct iov_iter *i)
1159 if (unlikely(iov_iter_is_pipe(i)))
1160 return i->count; // it is a silly place, anyway
1161 if (i->nr_segs == 1)
1163 if (unlikely(iov_iter_is_discard(i)))
1165 else if (iov_iter_is_bvec(i))
1166 return min(i->count, i->bvec->bv_len - i->iov_offset);
1168 return min(i->count, i->iov->iov_len - i->iov_offset);
1170 EXPORT_SYMBOL(iov_iter_single_seg_count);
1172 void iov_iter_kvec(struct iov_iter *i, unsigned int direction,
1173 const struct kvec *kvec, unsigned long nr_segs,
1176 WARN_ON(direction & ~(READ | WRITE));
1177 i->type = ITER_KVEC | (direction & (READ | WRITE));
1179 i->nr_segs = nr_segs;
1183 EXPORT_SYMBOL(iov_iter_kvec);
1185 void iov_iter_bvec(struct iov_iter *i, unsigned int direction,
1186 const struct bio_vec *bvec, unsigned long nr_segs,
1189 WARN_ON(direction & ~(READ | WRITE));
1190 i->type = ITER_BVEC | (direction & (READ | WRITE));
1192 i->nr_segs = nr_segs;
1196 EXPORT_SYMBOL(iov_iter_bvec);
1198 void iov_iter_pipe(struct iov_iter *i, unsigned int direction,
1199 struct pipe_inode_info *pipe,
1202 BUG_ON(direction != READ);
1203 WARN_ON(pipe_full(pipe->head, pipe->tail, pipe->ring_size));
1204 i->type = ITER_PIPE | READ;
1206 i->head = pipe->head;
1209 i->start_head = i->head;
1211 EXPORT_SYMBOL(iov_iter_pipe);
1214 * iov_iter_discard - Initialise an I/O iterator that discards data
1215 * @i: The iterator to initialise.
1216 * @direction: The direction of the transfer.
1217 * @count: The size of the I/O buffer in bytes.
1219 * Set up an I/O iterator that just discards everything that's written to it.
1220 * It's only available as a READ iterator.
1222 void iov_iter_discard(struct iov_iter *i, unsigned int direction, size_t count)
1224 BUG_ON(direction != READ);
1225 i->type = ITER_DISCARD | READ;
1229 EXPORT_SYMBOL(iov_iter_discard);
1231 unsigned long iov_iter_alignment(const struct iov_iter *i)
1233 unsigned long res = 0;
1234 size_t size = i->count;
1236 if (unlikely(iov_iter_is_pipe(i))) {
1237 unsigned int p_mask = i->pipe->ring_size - 1;
1239 if (size && i->iov_offset && allocated(&i->pipe->bufs[i->head & p_mask]))
1240 return size | i->iov_offset;
1243 iterate_all_kinds(i, size, v,
1244 (res |= (unsigned long)v.iov_base | v.iov_len, 0),
1245 res |= v.bv_offset | v.bv_len,
1246 res |= (unsigned long)v.iov_base | v.iov_len
1250 EXPORT_SYMBOL(iov_iter_alignment);
1252 unsigned long iov_iter_gap_alignment(const struct iov_iter *i)
1254 unsigned long res = 0;
1255 size_t size = i->count;
1257 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1262 iterate_all_kinds(i, size, v,
1263 (res |= (!res ? 0 : (unsigned long)v.iov_base) |
1264 (size != v.iov_len ? size : 0), 0),
1265 (res |= (!res ? 0 : (unsigned long)v.bv_offset) |
1266 (size != v.bv_len ? size : 0)),
1267 (res |= (!res ? 0 : (unsigned long)v.iov_base) |
1268 (size != v.iov_len ? size : 0))
1272 EXPORT_SYMBOL(iov_iter_gap_alignment);
1274 static inline ssize_t __pipe_get_pages(struct iov_iter *i,
1276 struct page **pages,
1280 struct pipe_inode_info *pipe = i->pipe;
1281 unsigned int p_mask = pipe->ring_size - 1;
1282 ssize_t n = push_pipe(i, maxsize, &iter_head, start);
1289 get_page(*pages++ = pipe->bufs[iter_head & p_mask].page);
1297 static ssize_t pipe_get_pages(struct iov_iter *i,
1298 struct page **pages, size_t maxsize, unsigned maxpages,
1301 unsigned int iter_head, npages;
1310 data_start(i, &iter_head, start);
1311 /* Amount of free space: some of this one + all after this one */
1312 npages = pipe_space_for_user(iter_head, i->pipe->tail, i->pipe);
1313 capacity = min(npages, maxpages) * PAGE_SIZE - *start;
1315 return __pipe_get_pages(i, min(maxsize, capacity), pages, iter_head, start);
1318 ssize_t iov_iter_get_pages(struct iov_iter *i,
1319 struct page **pages, size_t maxsize, unsigned maxpages,
1322 if (maxsize > i->count)
1325 if (unlikely(iov_iter_is_pipe(i)))
1326 return pipe_get_pages(i, pages, maxsize, maxpages, start);
1327 if (unlikely(iov_iter_is_discard(i)))
1330 iterate_all_kinds(i, maxsize, v, ({
1331 unsigned long addr = (unsigned long)v.iov_base;
1332 size_t len = v.iov_len + (*start = addr & (PAGE_SIZE - 1));
1336 if (len > maxpages * PAGE_SIZE)
1337 len = maxpages * PAGE_SIZE;
1338 addr &= ~(PAGE_SIZE - 1);
1339 n = DIV_ROUND_UP(len, PAGE_SIZE);
1340 res = get_user_pages_fast(addr, n,
1341 iov_iter_rw(i) != WRITE ? FOLL_WRITE : 0,
1343 if (unlikely(res < 0))
1345 return (res == n ? len : res * PAGE_SIZE) - *start;
1347 /* can't be more than PAGE_SIZE */
1348 *start = v.bv_offset;
1349 get_page(*pages = v.bv_page);
1357 EXPORT_SYMBOL(iov_iter_get_pages);
1359 static struct page **get_pages_array(size_t n)
1361 return kvmalloc_array(n, sizeof(struct page *), GFP_KERNEL);
1364 static ssize_t pipe_get_pages_alloc(struct iov_iter *i,
1365 struct page ***pages, size_t maxsize,
1369 unsigned int iter_head, npages;
1378 data_start(i, &iter_head, start);
1379 /* Amount of free space: some of this one + all after this one */
1380 npages = pipe_space_for_user(iter_head, i->pipe->tail, i->pipe);
1381 n = npages * PAGE_SIZE - *start;
1385 npages = DIV_ROUND_UP(maxsize + *start, PAGE_SIZE);
1386 p = get_pages_array(npages);
1389 n = __pipe_get_pages(i, maxsize, p, iter_head, start);
1397 ssize_t iov_iter_get_pages_alloc(struct iov_iter *i,
1398 struct page ***pages, size_t maxsize,
1403 if (maxsize > i->count)
1406 if (unlikely(iov_iter_is_pipe(i)))
1407 return pipe_get_pages_alloc(i, pages, maxsize, start);
1408 if (unlikely(iov_iter_is_discard(i)))
1411 iterate_all_kinds(i, maxsize, v, ({
1412 unsigned long addr = (unsigned long)v.iov_base;
1413 size_t len = v.iov_len + (*start = addr & (PAGE_SIZE - 1));
1417 addr &= ~(PAGE_SIZE - 1);
1418 n = DIV_ROUND_UP(len, PAGE_SIZE);
1419 p = get_pages_array(n);
1422 res = get_user_pages_fast(addr, n,
1423 iov_iter_rw(i) != WRITE ? FOLL_WRITE : 0, p);
1424 if (unlikely(res < 0)) {
1429 return (res == n ? len : res * PAGE_SIZE) - *start;
1431 /* can't be more than PAGE_SIZE */
1432 *start = v.bv_offset;
1433 *pages = p = get_pages_array(1);
1436 get_page(*p = v.bv_page);
1444 EXPORT_SYMBOL(iov_iter_get_pages_alloc);
1446 size_t csum_and_copy_from_iter(void *addr, size_t bytes, __wsum *csum,
1453 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1457 iterate_and_advance(i, bytes, v, ({
1458 next = csum_and_copy_from_user(v.iov_base,
1459 (to += v.iov_len) - v.iov_len,
1462 sum = csum_block_add(sum, next, off);
1465 next ? 0 : v.iov_len;
1467 char *p = kmap_atomic(v.bv_page);
1468 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1469 p + v.bv_offset, v.bv_len,
1474 sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
1475 v.iov_base, v.iov_len,
1483 EXPORT_SYMBOL(csum_and_copy_from_iter);
1485 bool csum_and_copy_from_iter_full(void *addr, size_t bytes, __wsum *csum,
1492 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1496 if (unlikely(i->count < bytes))
1498 iterate_all_kinds(i, bytes, v, ({
1499 next = csum_and_copy_from_user(v.iov_base,
1500 (to += v.iov_len) - v.iov_len,
1504 sum = csum_block_add(sum, next, off);
1508 char *p = kmap_atomic(v.bv_page);
1509 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1510 p + v.bv_offset, v.bv_len,
1515 sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
1516 v.iov_base, v.iov_len,
1522 iov_iter_advance(i, bytes);
1525 EXPORT_SYMBOL(csum_and_copy_from_iter_full);
1527 size_t csum_and_copy_to_iter(const void *addr, size_t bytes, void *_csstate,
1530 struct csum_state *csstate = _csstate;
1531 const char *from = addr;
1535 if (unlikely(iov_iter_is_pipe(i)))
1536 return csum_and_copy_to_pipe_iter(addr, bytes, _csstate, i);
1538 sum = csstate->csum;
1540 if (unlikely(iov_iter_is_discard(i))) {
1541 WARN_ON(1); /* for now */
1544 iterate_and_advance(i, bytes, v, ({
1545 next = csum_and_copy_to_user((from += v.iov_len) - v.iov_len,
1549 sum = csum_block_add(sum, next, off);
1552 next ? 0 : v.iov_len;
1554 char *p = kmap_atomic(v.bv_page);
1555 sum = csum_and_memcpy(p + v.bv_offset,
1556 (from += v.bv_len) - v.bv_len,
1557 v.bv_len, sum, off);
1561 sum = csum_and_memcpy(v.iov_base,
1562 (from += v.iov_len) - v.iov_len,
1563 v.iov_len, sum, off);
1567 csstate->csum = sum;
1571 EXPORT_SYMBOL(csum_and_copy_to_iter);
1573 size_t hash_and_copy_to_iter(const void *addr, size_t bytes, void *hashp,
1576 #ifdef CONFIG_CRYPTO_HASH
1577 struct ahash_request *hash = hashp;
1578 struct scatterlist sg;
1581 copied = copy_to_iter(addr, bytes, i);
1582 sg_init_one(&sg, addr, copied);
1583 ahash_request_set_crypt(hash, &sg, NULL, copied);
1584 crypto_ahash_update(hash);
1590 EXPORT_SYMBOL(hash_and_copy_to_iter);
1592 int iov_iter_npages(const struct iov_iter *i, int maxpages)
1594 size_t size = i->count;
1599 if (unlikely(iov_iter_is_discard(i)))
1602 if (unlikely(iov_iter_is_pipe(i))) {
1603 struct pipe_inode_info *pipe = i->pipe;
1604 unsigned int iter_head;
1610 data_start(i, &iter_head, &off);
1611 /* some of this one + all after this one */
1612 npages = pipe_space_for_user(iter_head, pipe->tail, pipe);
1613 if (npages >= maxpages)
1615 } else iterate_all_kinds(i, size, v, ({
1616 unsigned long p = (unsigned long)v.iov_base;
1617 npages += DIV_ROUND_UP(p + v.iov_len, PAGE_SIZE)
1619 if (npages >= maxpages)
1623 if (npages >= maxpages)
1626 unsigned long p = (unsigned long)v.iov_base;
1627 npages += DIV_ROUND_UP(p + v.iov_len, PAGE_SIZE)
1629 if (npages >= maxpages)
1635 EXPORT_SYMBOL(iov_iter_npages);
1637 const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags)
1640 if (unlikely(iov_iter_is_pipe(new))) {
1644 if (unlikely(iov_iter_is_discard(new)))
1646 if (iov_iter_is_bvec(new))
1647 return new->bvec = kmemdup(new->bvec,
1648 new->nr_segs * sizeof(struct bio_vec),
1651 /* iovec and kvec have identical layout */
1652 return new->iov = kmemdup(new->iov,
1653 new->nr_segs * sizeof(struct iovec),
1656 EXPORT_SYMBOL(dup_iter);
1658 static int copy_compat_iovec_from_user(struct iovec *iov,
1659 const struct iovec __user *uvec, unsigned long nr_segs)
1661 const struct compat_iovec __user *uiov =
1662 (const struct compat_iovec __user *)uvec;
1663 int ret = -EFAULT, i;
1665 if (!user_access_begin(uiov, nr_segs * sizeof(*uiov)))
1668 for (i = 0; i < nr_segs; i++) {
1672 unsafe_get_user(len, &uiov[i].iov_len, uaccess_end);
1673 unsafe_get_user(buf, &uiov[i].iov_base, uaccess_end);
1675 /* check for compat_size_t not fitting in compat_ssize_t .. */
1680 iov[i].iov_base = compat_ptr(buf);
1681 iov[i].iov_len = len;
1690 static int copy_iovec_from_user(struct iovec *iov,
1691 const struct iovec __user *uvec, unsigned long nr_segs)
1695 if (copy_from_user(iov, uvec, nr_segs * sizeof(*uvec)))
1697 for (seg = 0; seg < nr_segs; seg++) {
1698 if ((ssize_t)iov[seg].iov_len < 0)
1705 struct iovec *iovec_from_user(const struct iovec __user *uvec,
1706 unsigned long nr_segs, unsigned long fast_segs,
1707 struct iovec *fast_iov, bool compat)
1709 struct iovec *iov = fast_iov;
1713 * SuS says "The readv() function *may* fail if the iovcnt argument was
1714 * less than or equal to 0, or greater than {IOV_MAX}. Linux has
1715 * traditionally returned zero for zero segments, so...
1719 if (nr_segs > UIO_MAXIOV)
1720 return ERR_PTR(-EINVAL);
1721 if (nr_segs > fast_segs) {
1722 iov = kmalloc_array(nr_segs, sizeof(struct iovec), GFP_KERNEL);
1724 return ERR_PTR(-ENOMEM);
1728 ret = copy_compat_iovec_from_user(iov, uvec, nr_segs);
1730 ret = copy_iovec_from_user(iov, uvec, nr_segs);
1732 if (iov != fast_iov)
1734 return ERR_PTR(ret);
1740 ssize_t __import_iovec(int type, const struct iovec __user *uvec,
1741 unsigned nr_segs, unsigned fast_segs, struct iovec **iovp,
1742 struct iov_iter *i, bool compat)
1744 ssize_t total_len = 0;
1748 iov = iovec_from_user(uvec, nr_segs, fast_segs, *iovp, compat);
1751 return PTR_ERR(iov);
1755 * According to the Single Unix Specification we should return EINVAL if
1756 * an element length is < 0 when cast to ssize_t or if the total length
1757 * would overflow the ssize_t return value of the system call.
1759 * Linux caps all read/write calls to MAX_RW_COUNT, and avoids the
1762 for (seg = 0; seg < nr_segs; seg++) {
1763 ssize_t len = (ssize_t)iov[seg].iov_len;
1765 if (!access_ok(iov[seg].iov_base, len)) {
1772 if (len > MAX_RW_COUNT - total_len) {
1773 len = MAX_RW_COUNT - total_len;
1774 iov[seg].iov_len = len;
1779 iov_iter_init(i, type, iov, nr_segs, total_len);
1788 * import_iovec() - Copy an array of &struct iovec from userspace
1789 * into the kernel, check that it is valid, and initialize a new
1790 * &struct iov_iter iterator to access it.
1792 * @type: One of %READ or %WRITE.
1793 * @uvec: Pointer to the userspace array.
1794 * @nr_segs: Number of elements in userspace array.
1795 * @fast_segs: Number of elements in @iov.
1796 * @iovp: (input and output parameter) Pointer to pointer to (usually small
1797 * on-stack) kernel array.
1798 * @i: Pointer to iterator that will be initialized on success.
1800 * If the array pointed to by *@iov is large enough to hold all @nr_segs,
1801 * then this function places %NULL in *@iov on return. Otherwise, a new
1802 * array will be allocated and the result placed in *@iov. This means that
1803 * the caller may call kfree() on *@iov regardless of whether the small
1804 * on-stack array was used or not (and regardless of whether this function
1805 * returns an error or not).
1807 * Return: Negative error code on error, bytes imported on success
1809 ssize_t import_iovec(int type, const struct iovec __user *uvec,
1810 unsigned nr_segs, unsigned fast_segs,
1811 struct iovec **iovp, struct iov_iter *i)
1813 return __import_iovec(type, uvec, nr_segs, fast_segs, iovp, i,
1814 in_compat_syscall());
1816 EXPORT_SYMBOL(import_iovec);
1818 int import_single_range(int rw, void __user *buf, size_t len,
1819 struct iovec *iov, struct iov_iter *i)
1821 if (len > MAX_RW_COUNT)
1823 if (unlikely(!access_ok(buf, len)))
1826 iov->iov_base = buf;
1828 iov_iter_init(i, rw, iov, 1, len);
1831 EXPORT_SYMBOL(import_single_range);
1833 int iov_iter_for_each_range(struct iov_iter *i, size_t bytes,
1834 int (*f)(struct kvec *vec, void *context),
1842 iterate_all_kinds(i, bytes, v, -EINVAL, ({
1843 w.iov_base = kmap(v.bv_page) + v.bv_offset;
1844 w.iov_len = v.bv_len;
1845 err = f(&w, context);
1849 err = f(&w, context);})
1853 EXPORT_SYMBOL(iov_iter_for_each_range);
projects / linux-2.6-microblaze.git / blob