[PATCH] double-free of inode on alloc_file() failure exit in create_write_pipe()
[linux-2.6/openmoko-kernel/knife-kernel.git] / mm / truncate.c
blob7d20ce41ecf52c2cd4027207558734f835124992
1 /*
2 * mm/truncate.c - code for taking down pages from address_spaces
4 * Copyright (C) 2002, Linus Torvalds
6 * 10Sep2002 akpm@zip.com.au
7 * Initial version.
8 */
10 #include <linux/kernel.h>
11 #include <linux/backing-dev.h>
12 #include <linux/mm.h>
13 #include <linux/swap.h>
14 #include <linux/module.h>
15 #include <linux/pagemap.h>
16 #include <linux/highmem.h>
17 #include <linux/pagevec.h>
18 #include <linux/task_io_accounting_ops.h>
19 #include <linux/buffer_head.h> /* grr. try_to_release_page,
20 do_invalidatepage */
23 /**
24 * do_invalidatepage - invalidate part or all of a page
25 * @page: the page which is affected
26 * @offset: the index of the truncation point
28 * do_invalidatepage() is called when all or part of the page has become
29 * invalidated by a truncate operation.
31 * do_invalidatepage() does not have to release all buffers, but it must
32 * ensure that no dirty buffer is left outside @offset and that no I/O
33 * is underway against any of the blocks which are outside the truncation
34 * point. Because the caller is about to free (and possibly reuse) those
35 * blocks on-disk.
37 void do_invalidatepage(struct page *page, unsigned long offset)
39 void (*invalidatepage)(struct page *, unsigned long);
40 invalidatepage = page->mapping->a_ops->invalidatepage;
41 #ifdef CONFIG_BLOCK
42 if (!invalidatepage)
43 invalidatepage = block_invalidatepage;
44 #endif
45 if (invalidatepage)
46 (*invalidatepage)(page, offset);
49 static inline void truncate_partial_page(struct page *page, unsigned partial)
51 zero_user_segment(page, partial, PAGE_CACHE_SIZE);
52 if (PagePrivate(page))
53 do_invalidatepage(page, partial);
57 * This cancels just the dirty bit on the kernel page itself, it
58 * does NOT actually remove dirty bits on any mmap's that may be
59 * around. It also leaves the page tagged dirty, so any sync
60 * activity will still find it on the dirty lists, and in particular,
61 * clear_page_dirty_for_io() will still look at the dirty bits in
62 * the VM.
64 * Doing this should *normally* only ever be done when a page
65 * is truncated, and is not actually mapped anywhere at all. However,
66 * fs/buffer.c does this when it notices that somebody has cleaned
67 * out all the buffers on a page without actually doing it through
68 * the VM. Can you say "ext3 is horribly ugly"? Tought you could.
70 void cancel_dirty_page(struct page *page, unsigned int account_size)
72 if (TestClearPageDirty(page)) {
73 struct address_space *mapping = page->mapping;
74 if (mapping && mapping_cap_account_dirty(mapping)) {
75 dec_zone_page_state(page, NR_FILE_DIRTY);
76 dec_bdi_stat(mapping->backing_dev_info,
77 BDI_RECLAIMABLE);
78 if (account_size)
79 task_io_account_cancelled_write(account_size);
83 EXPORT_SYMBOL(cancel_dirty_page);
86 * If truncate cannot remove the fs-private metadata from the page, the page
87 * becomes orphaned. It will be left on the LRU and may even be mapped into
88 * user pagetables if we're racing with filemap_fault().
90 * We need to bale out if page->mapping is no longer equal to the original
91 * mapping. This happens a) when the VM reclaimed the page while we waited on
92 * its lock, b) when a concurrent invalidate_mapping_pages got there first and
93 * c) when tmpfs swizzles a page between a tmpfs inode and swapper_space.
95 static void
96 truncate_complete_page(struct address_space *mapping, struct page *page)
98 if (page->mapping != mapping)
99 return;
101 if (PagePrivate(page))
102 do_invalidatepage(page, 0);
104 cancel_dirty_page(page, PAGE_CACHE_SIZE);
106 remove_from_page_cache(page);
107 ClearPageUptodate(page);
108 ClearPageMappedToDisk(page);
109 page_cache_release(page); /* pagecache ref */
113 * This is for invalidate_mapping_pages(). That function can be called at
114 * any time, and is not supposed to throw away dirty pages. But pages can
115 * be marked dirty at any time too, so use remove_mapping which safely
116 * discards clean, unused pages.
118 * Returns non-zero if the page was successfully invalidated.
120 static int
121 invalidate_complete_page(struct address_space *mapping, struct page *page)
123 int ret;
125 if (page->mapping != mapping)
126 return 0;
128 if (PagePrivate(page) && !try_to_release_page(page, 0))
129 return 0;
131 ret = remove_mapping(mapping, page);
133 return ret;
137 * truncate_inode_pages - truncate range of pages specified by start & end byte offsets
138 * @mapping: mapping to truncate
139 * @lstart: offset from which to truncate
140 * @lend: offset to which to truncate
142 * Truncate the page cache, removing the pages that are between
143 * specified offsets (and zeroing out partial page
144 * (if lstart is not page aligned)).
146 * Truncate takes two passes - the first pass is nonblocking. It will not
147 * block on page locks and it will not block on writeback. The second pass
148 * will wait. This is to prevent as much IO as possible in the affected region.
149 * The first pass will remove most pages, so the search cost of the second pass
150 * is low.
152 * When looking at page->index outside the page lock we need to be careful to
153 * copy it into a local to avoid races (it could change at any time).
155 * We pass down the cache-hot hint to the page freeing code. Even if the
156 * mapping is large, it is probably the case that the final pages are the most
157 * recently touched, and freeing happens in ascending file offset order.
159 void truncate_inode_pages_range(struct address_space *mapping,
160 loff_t lstart, loff_t lend)
162 const pgoff_t start = (lstart + PAGE_CACHE_SIZE-1) >> PAGE_CACHE_SHIFT;
163 pgoff_t end;
164 const unsigned partial = lstart & (PAGE_CACHE_SIZE - 1);
165 struct pagevec pvec;
166 pgoff_t next;
167 int i;
169 if (mapping->nrpages == 0)
170 return;
172 BUG_ON((lend & (PAGE_CACHE_SIZE - 1)) != (PAGE_CACHE_SIZE - 1));
173 end = (lend >> PAGE_CACHE_SHIFT);
175 pagevec_init(&pvec, 0);
176 next = start;
177 while (next <= end &&
178 pagevec_lookup(&pvec, mapping, next, PAGEVEC_SIZE)) {
179 for (i = 0; i < pagevec_count(&pvec); i++) {
180 struct page *page = pvec.pages[i];
181 pgoff_t page_index = page->index;
183 if (page_index > end) {
184 next = page_index;
185 break;
188 if (page_index > next)
189 next = page_index;
190 next++;
191 if (TestSetPageLocked(page))
192 continue;
193 if (PageWriteback(page)) {
194 unlock_page(page);
195 continue;
197 if (page_mapped(page)) {
198 unmap_mapping_range(mapping,
199 (loff_t)page_index<<PAGE_CACHE_SHIFT,
200 PAGE_CACHE_SIZE, 0);
202 truncate_complete_page(mapping, page);
203 unlock_page(page);
205 pagevec_release(&pvec);
206 cond_resched();
209 if (partial) {
210 struct page *page = find_lock_page(mapping, start - 1);
211 if (page) {
212 wait_on_page_writeback(page);
213 truncate_partial_page(page, partial);
214 unlock_page(page);
215 page_cache_release(page);
219 next = start;
220 for ( ; ; ) {
221 cond_resched();
222 if (!pagevec_lookup(&pvec, mapping, next, PAGEVEC_SIZE)) {
223 if (next == start)
224 break;
225 next = start;
226 continue;
228 if (pvec.pages[0]->index > end) {
229 pagevec_release(&pvec);
230 break;
232 for (i = 0; i < pagevec_count(&pvec); i++) {
233 struct page *page = pvec.pages[i];
235 if (page->index > end)
236 break;
237 lock_page(page);
238 wait_on_page_writeback(page);
239 if (page_mapped(page)) {
240 unmap_mapping_range(mapping,
241 (loff_t)page->index<<PAGE_CACHE_SHIFT,
242 PAGE_CACHE_SIZE, 0);
244 if (page->index > next)
245 next = page->index;
246 next++;
247 truncate_complete_page(mapping, page);
248 unlock_page(page);
250 pagevec_release(&pvec);
253 EXPORT_SYMBOL(truncate_inode_pages_range);
256 * truncate_inode_pages - truncate *all* the pages from an offset
257 * @mapping: mapping to truncate
258 * @lstart: offset from which to truncate
260 * Called under (and serialised by) inode->i_mutex.
262 void truncate_inode_pages(struct address_space *mapping, loff_t lstart)
264 truncate_inode_pages_range(mapping, lstart, (loff_t)-1);
266 EXPORT_SYMBOL(truncate_inode_pages);
268 unsigned long __invalidate_mapping_pages(struct address_space *mapping,
269 pgoff_t start, pgoff_t end, bool be_atomic)
271 struct pagevec pvec;
272 pgoff_t next = start;
273 unsigned long ret = 0;
274 int i;
276 pagevec_init(&pvec, 0);
277 while (next <= end &&
278 pagevec_lookup(&pvec, mapping, next, PAGEVEC_SIZE)) {
279 for (i = 0; i < pagevec_count(&pvec); i++) {
280 struct page *page = pvec.pages[i];
281 pgoff_t index;
282 int lock_failed;
284 lock_failed = TestSetPageLocked(page);
287 * We really shouldn't be looking at the ->index of an
288 * unlocked page. But we're not allowed to lock these
289 * pages. So we rely upon nobody altering the ->index
290 * of this (pinned-by-us) page.
292 index = page->index;
293 if (index > next)
294 next = index;
295 next++;
296 if (lock_failed)
297 continue;
299 if (PageDirty(page) || PageWriteback(page))
300 goto unlock;
301 if (page_mapped(page))
302 goto unlock;
303 ret += invalidate_complete_page(mapping, page);
304 unlock:
305 unlock_page(page);
306 if (next > end)
307 break;
309 pagevec_release(&pvec);
310 if (likely(!be_atomic))
311 cond_resched();
313 return ret;
317 * invalidate_mapping_pages - Invalidate all the unlocked pages of one inode
318 * @mapping: the address_space which holds the pages to invalidate
319 * @start: the offset 'from' which to invalidate
320 * @end: the offset 'to' which to invalidate (inclusive)
322 * This function only removes the unlocked pages, if you want to
323 * remove all the pages of one inode, you must call truncate_inode_pages.
325 * invalidate_mapping_pages() will not block on IO activity. It will not
326 * invalidate pages which are dirty, locked, under writeback or mapped into
327 * pagetables.
329 unsigned long invalidate_mapping_pages(struct address_space *mapping,
330 pgoff_t start, pgoff_t end)
332 return __invalidate_mapping_pages(mapping, start, end, false);
334 EXPORT_SYMBOL(invalidate_mapping_pages);
337 * This is like invalidate_complete_page(), except it ignores the page's
338 * refcount. We do this because invalidate_inode_pages2() needs stronger
339 * invalidation guarantees, and cannot afford to leave pages behind because
340 * shrink_page_list() has a temp ref on them, or because they're transiently
341 * sitting in the lru_cache_add() pagevecs.
343 static int
344 invalidate_complete_page2(struct address_space *mapping, struct page *page)
346 if (page->mapping != mapping)
347 return 0;
349 if (PagePrivate(page) && !try_to_release_page(page, GFP_KERNEL))
350 return 0;
352 write_lock_irq(&mapping->tree_lock);
353 if (PageDirty(page))
354 goto failed;
356 BUG_ON(PagePrivate(page));
357 __remove_from_page_cache(page);
358 write_unlock_irq(&mapping->tree_lock);
359 ClearPageUptodate(page);
360 page_cache_release(page); /* pagecache ref */
361 return 1;
362 failed:
363 write_unlock_irq(&mapping->tree_lock);
364 return 0;
367 static int do_launder_page(struct address_space *mapping, struct page *page)
369 if (!PageDirty(page))
370 return 0;
371 if (page->mapping != mapping || mapping->a_ops->launder_page == NULL)
372 return 0;
373 return mapping->a_ops->launder_page(page);
377 * invalidate_inode_pages2_range - remove range of pages from an address_space
378 * @mapping: the address_space
379 * @start: the page offset 'from' which to invalidate
380 * @end: the page offset 'to' which to invalidate (inclusive)
382 * Any pages which are found to be mapped into pagetables are unmapped prior to
383 * invalidation.
385 * Returns -EIO if any pages could not be invalidated.
387 int invalidate_inode_pages2_range(struct address_space *mapping,
388 pgoff_t start, pgoff_t end)
390 struct pagevec pvec;
391 pgoff_t next;
392 int i;
393 int ret = 0;
394 int did_range_unmap = 0;
395 int wrapped = 0;
397 pagevec_init(&pvec, 0);
398 next = start;
399 while (next <= end && !wrapped &&
400 pagevec_lookup(&pvec, mapping, next,
401 min(end - next, (pgoff_t)PAGEVEC_SIZE - 1) + 1)) {
402 for (i = 0; i < pagevec_count(&pvec); i++) {
403 struct page *page = pvec.pages[i];
404 pgoff_t page_index;
406 lock_page(page);
407 if (page->mapping != mapping) {
408 unlock_page(page);
409 continue;
411 page_index = page->index;
412 next = page_index + 1;
413 if (next == 0)
414 wrapped = 1;
415 if (page_index > end) {
416 unlock_page(page);
417 break;
419 wait_on_page_writeback(page);
420 if (page_mapped(page)) {
421 if (!did_range_unmap) {
423 * Zap the rest of the file in one hit.
425 unmap_mapping_range(mapping,
426 (loff_t)page_index<<PAGE_CACHE_SHIFT,
427 (loff_t)(end - page_index + 1)
428 << PAGE_CACHE_SHIFT,
430 did_range_unmap = 1;
431 } else {
433 * Just zap this page
435 unmap_mapping_range(mapping,
436 (loff_t)page_index<<PAGE_CACHE_SHIFT,
437 PAGE_CACHE_SIZE, 0);
440 BUG_ON(page_mapped(page));
441 ret = do_launder_page(mapping, page);
442 if (ret == 0 && !invalidate_complete_page2(mapping, page))
443 ret = -EIO;
444 unlock_page(page);
446 pagevec_release(&pvec);
447 cond_resched();
449 return ret;
451 EXPORT_SYMBOL_GPL(invalidate_inode_pages2_range);
454 * invalidate_inode_pages2 - remove all pages from an address_space
455 * @mapping: the address_space
457 * Any pages which are found to be mapped into pagetables are unmapped prior to
458 * invalidation.
460 * Returns -EIO if any pages could not be invalidated.
462 int invalidate_inode_pages2(struct address_space *mapping)
464 return invalidate_inode_pages2_range(mapping, 0, -1);
466 EXPORT_SYMBOL_GPL(invalidate_inode_pages2);