sock_diag: fix use-after-free read in __sk_free
[linux/fpc-iii.git] / fs / orangefs / file.c
blob26358efbf794a2ca21cd6e94185f84876bfb9a27
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * (C) 2001 Clemson University and The University of Chicago
5 * See COPYING in top-level directory.
6 */
8 /*
9 * Linux VFS file operations.
12 #include "protocol.h"
13 #include "orangefs-kernel.h"
14 #include "orangefs-bufmap.h"
15 #include <linux/fs.h>
16 #include <linux/pagemap.h>
18 static int flush_racache(struct inode *inode)
20 struct orangefs_inode_s *orangefs_inode = ORANGEFS_I(inode);
21 struct orangefs_kernel_op_s *new_op;
22 int ret;
24 gossip_debug(GOSSIP_UTILS_DEBUG,
25 "%s: %pU: Handle is %pU | fs_id %d\n", __func__,
26 get_khandle_from_ino(inode), &orangefs_inode->refn.khandle,
27 orangefs_inode->refn.fs_id);
29 new_op = op_alloc(ORANGEFS_VFS_OP_RA_FLUSH);
30 if (!new_op)
31 return -ENOMEM;
32 new_op->upcall.req.ra_cache_flush.refn = orangefs_inode->refn;
34 ret = service_operation(new_op, "orangefs_flush_racache",
35 get_interruptible_flag(inode));
37 gossip_debug(GOSSIP_UTILS_DEBUG, "%s: got return value of %d\n",
38 __func__, ret);
40 op_release(new_op);
41 return ret;
45 * Post and wait for the I/O upcall to finish
47 static ssize_t wait_for_direct_io(enum ORANGEFS_io_type type, struct inode *inode,
48 loff_t *offset, struct iov_iter *iter,
49 size_t total_size, loff_t readahead_size)
51 struct orangefs_inode_s *orangefs_inode = ORANGEFS_I(inode);
52 struct orangefs_khandle *handle = &orangefs_inode->refn.khandle;
53 struct orangefs_kernel_op_s *new_op = NULL;
54 int buffer_index = -1;
55 ssize_t ret;
57 new_op = op_alloc(ORANGEFS_VFS_OP_FILE_IO);
58 if (!new_op)
59 return -ENOMEM;
61 /* synchronous I/O */
62 new_op->upcall.req.io.readahead_size = readahead_size;
63 new_op->upcall.req.io.io_type = type;
64 new_op->upcall.req.io.refn = orangefs_inode->refn;
66 populate_shared_memory:
67 /* get a shared buffer index */
68 buffer_index = orangefs_bufmap_get();
69 if (buffer_index < 0) {
70 ret = buffer_index;
71 gossip_debug(GOSSIP_FILE_DEBUG,
72 "%s: orangefs_bufmap_get failure (%zd)\n",
73 __func__, ret);
74 goto out;
76 gossip_debug(GOSSIP_FILE_DEBUG,
77 "%s(%pU): GET op %p -> buffer_index %d\n",
78 __func__,
79 handle,
80 new_op,
81 buffer_index);
83 new_op->uses_shared_memory = 1;
84 new_op->upcall.req.io.buf_index = buffer_index;
85 new_op->upcall.req.io.count = total_size;
86 new_op->upcall.req.io.offset = *offset;
88 gossip_debug(GOSSIP_FILE_DEBUG,
89 "%s(%pU): offset: %llu total_size: %zd\n",
90 __func__,
91 handle,
92 llu(*offset),
93 total_size);
95 * Stage 1: copy the buffers into client-core's address space
97 if (type == ORANGEFS_IO_WRITE && total_size) {
98 ret = orangefs_bufmap_copy_from_iovec(iter, buffer_index,
99 total_size);
100 if (ret < 0) {
101 gossip_err("%s: Failed to copy-in buffers. Please make sure that the pvfs2-client is running. %ld\n",
102 __func__, (long)ret);
103 goto out;
107 gossip_debug(GOSSIP_FILE_DEBUG,
108 "%s(%pU): Calling post_io_request with tag (%llu)\n",
109 __func__,
110 handle,
111 llu(new_op->tag));
113 /* Stage 2: Service the I/O operation */
114 ret = service_operation(new_op,
115 type == ORANGEFS_IO_WRITE ?
116 "file_write" :
117 "file_read",
118 get_interruptible_flag(inode));
121 * If service_operation() returns -EAGAIN #and# the operation was
122 * purged from orangefs_request_list or htable_ops_in_progress, then
123 * we know that the client was restarted, causing the shared memory
124 * area to be wiped clean. To restart a write operation in this
125 * case, we must re-copy the data from the user's iovec to a NEW
126 * shared memory location. To restart a read operation, we must get
127 * a new shared memory location.
129 if (ret == -EAGAIN && op_state_purged(new_op)) {
130 orangefs_bufmap_put(buffer_index);
131 buffer_index = -1;
132 if (type == ORANGEFS_IO_WRITE)
133 iov_iter_revert(iter, total_size);
134 gossip_debug(GOSSIP_FILE_DEBUG,
135 "%s:going to repopulate_shared_memory.\n",
136 __func__);
137 goto populate_shared_memory;
140 if (ret < 0) {
141 if (ret == -EINTR) {
143 * We can't return EINTR if any data was written,
144 * it's not POSIX. It is minimally acceptable
145 * to give a partial write, the way NFS does.
147 * It would be optimal to return all or nothing,
148 * but if a userspace write is bigger than
149 * an IO buffer, and the interrupt occurs
150 * between buffer writes, that would not be
151 * possible.
153 switch (new_op->op_state - OP_VFS_STATE_GIVEN_UP) {
155 * If the op was waiting when the interrupt
156 * occurred, then the client-core did not
157 * trigger the write.
159 case OP_VFS_STATE_WAITING:
160 if (*offset == 0)
161 ret = -EINTR;
162 else
163 ret = 0;
164 break;
166 * If the op was in progress when the interrupt
167 * occurred, then the client-core was able to
168 * trigger the write.
170 case OP_VFS_STATE_INPROGR:
171 ret = total_size;
172 break;
173 default:
174 gossip_err("%s: unexpected op state :%d:.\n",
175 __func__,
176 new_op->op_state);
177 ret = 0;
178 break;
180 gossip_debug(GOSSIP_FILE_DEBUG,
181 "%s: got EINTR, state:%d: %p\n",
182 __func__,
183 new_op->op_state,
184 new_op);
185 } else {
186 gossip_err("%s: error in %s handle %pU, returning %zd\n",
187 __func__,
188 type == ORANGEFS_IO_READ ?
189 "read from" : "write to",
190 handle, ret);
192 if (orangefs_cancel_op_in_progress(new_op))
193 return ret;
195 goto out;
199 * Stage 3: Post copy buffers from client-core's address space
201 if (type == ORANGEFS_IO_READ && new_op->downcall.resp.io.amt_complete) {
203 * NOTE: the iovector can either contain addresses which
204 * can futher be kernel-space or user-space addresses.
205 * or it can pointers to struct page's
207 ret = orangefs_bufmap_copy_to_iovec(iter, buffer_index,
208 new_op->downcall.resp.io.amt_complete);
209 if (ret < 0) {
210 gossip_err("%s: Failed to copy-out buffers. Please make sure that the pvfs2-client is running (%ld)\n",
211 __func__, (long)ret);
212 goto out;
215 gossip_debug(GOSSIP_FILE_DEBUG,
216 "%s(%pU): Amount %s, returned by the sys-io call:%d\n",
217 __func__,
218 handle,
219 type == ORANGEFS_IO_READ ? "read" : "written",
220 (int)new_op->downcall.resp.io.amt_complete);
222 ret = new_op->downcall.resp.io.amt_complete;
224 out:
225 if (buffer_index >= 0) {
226 orangefs_bufmap_put(buffer_index);
227 gossip_debug(GOSSIP_FILE_DEBUG,
228 "%s(%pU): PUT buffer_index %d\n",
229 __func__, handle, buffer_index);
230 buffer_index = -1;
232 op_release(new_op);
233 return ret;
237 * Common entry point for read/write/readv/writev
238 * This function will dispatch it to either the direct I/O
239 * or buffered I/O path depending on the mount options and/or
240 * augmented/extended metadata attached to the file.
241 * Note: File extended attributes override any mount options.
243 static ssize_t do_readv_writev(enum ORANGEFS_io_type type, struct file *file,
244 loff_t *offset, struct iov_iter *iter)
246 struct inode *inode = file->f_mapping->host;
247 struct orangefs_inode_s *orangefs_inode = ORANGEFS_I(inode);
248 struct orangefs_khandle *handle = &orangefs_inode->refn.khandle;
249 size_t count = iov_iter_count(iter);
250 ssize_t total_count = 0;
251 ssize_t ret = -EINVAL;
253 gossip_debug(GOSSIP_FILE_DEBUG,
254 "%s-BEGIN(%pU): count(%d) after estimate_max_iovecs.\n",
255 __func__,
256 handle,
257 (int)count);
259 if (type == ORANGEFS_IO_WRITE) {
260 gossip_debug(GOSSIP_FILE_DEBUG,
261 "%s(%pU): proceeding with offset : %llu, "
262 "size %d\n",
263 __func__,
264 handle,
265 llu(*offset),
266 (int)count);
269 if (count == 0) {
270 ret = 0;
271 goto out;
274 while (iov_iter_count(iter)) {
275 size_t each_count = iov_iter_count(iter);
276 size_t amt_complete;
278 /* how much to transfer in this loop iteration */
279 if (each_count > orangefs_bufmap_size_query())
280 each_count = orangefs_bufmap_size_query();
282 gossip_debug(GOSSIP_FILE_DEBUG,
283 "%s(%pU): size of each_count(%d)\n",
284 __func__,
285 handle,
286 (int)each_count);
287 gossip_debug(GOSSIP_FILE_DEBUG,
288 "%s(%pU): BEFORE wait_for_io: offset is %d\n",
289 __func__,
290 handle,
291 (int)*offset);
293 ret = wait_for_direct_io(type, inode, offset, iter,
294 each_count, 0);
295 gossip_debug(GOSSIP_FILE_DEBUG,
296 "%s(%pU): return from wait_for_io:%d\n",
297 __func__,
298 handle,
299 (int)ret);
301 if (ret < 0)
302 goto out;
304 *offset += ret;
305 total_count += ret;
306 amt_complete = ret;
308 gossip_debug(GOSSIP_FILE_DEBUG,
309 "%s(%pU): AFTER wait_for_io: offset is %d\n",
310 __func__,
311 handle,
312 (int)*offset);
315 * if we got a short I/O operations,
316 * fall out and return what we got so far
318 if (amt_complete < each_count)
319 break;
320 } /*end while */
322 out:
323 if (total_count > 0)
324 ret = total_count;
325 if (ret > 0) {
326 if (type == ORANGEFS_IO_READ) {
327 file_accessed(file);
328 } else {
329 file_update_time(file);
331 * Must invalidate to ensure write loop doesn't
332 * prevent kernel from reading updated
333 * attribute. Size probably changed because of
334 * the write, and other clients could update
335 * any other attribute.
337 orangefs_inode->getattr_time = jiffies - 1;
341 gossip_debug(GOSSIP_FILE_DEBUG,
342 "%s(%pU): Value(%d) returned.\n",
343 __func__,
344 handle,
345 (int)ret);
347 return ret;
351 * Read data from a specified offset in a file (referenced by inode).
352 * Data may be placed either in a user or kernel buffer.
354 ssize_t orangefs_inode_read(struct inode *inode,
355 struct iov_iter *iter,
356 loff_t *offset,
357 loff_t readahead_size)
359 struct orangefs_inode_s *orangefs_inode = ORANGEFS_I(inode);
360 size_t count = iov_iter_count(iter);
361 size_t bufmap_size;
362 ssize_t ret = -EINVAL;
364 orangefs_stats.reads++;
366 bufmap_size = orangefs_bufmap_size_query();
367 if (count > bufmap_size) {
368 gossip_debug(GOSSIP_FILE_DEBUG,
369 "%s: count is too large (%zd/%zd)!\n",
370 __func__, count, bufmap_size);
371 return -EINVAL;
374 gossip_debug(GOSSIP_FILE_DEBUG,
375 "%s(%pU) %zd@%llu\n",
376 __func__,
377 &orangefs_inode->refn.khandle,
378 count,
379 llu(*offset));
381 ret = wait_for_direct_io(ORANGEFS_IO_READ, inode, offset, iter,
382 count, readahead_size);
383 if (ret > 0)
384 *offset += ret;
386 gossip_debug(GOSSIP_FILE_DEBUG,
387 "%s(%pU): Value(%zd) returned.\n",
388 __func__,
389 &orangefs_inode->refn.khandle,
390 ret);
392 return ret;
395 static ssize_t orangefs_file_read_iter(struct kiocb *iocb, struct iov_iter *iter)
397 struct file *file = iocb->ki_filp;
398 loff_t pos = iocb->ki_pos;
399 ssize_t rc = 0;
401 BUG_ON(iocb->private);
403 gossip_debug(GOSSIP_FILE_DEBUG, "orangefs_file_read_iter\n");
405 orangefs_stats.reads++;
407 rc = do_readv_writev(ORANGEFS_IO_READ, file, &pos, iter);
408 iocb->ki_pos = pos;
410 return rc;
413 static ssize_t orangefs_file_write_iter(struct kiocb *iocb, struct iov_iter *iter)
415 struct file *file = iocb->ki_filp;
416 loff_t pos;
417 ssize_t rc;
419 BUG_ON(iocb->private);
421 gossip_debug(GOSSIP_FILE_DEBUG, "orangefs_file_write_iter\n");
423 inode_lock(file->f_mapping->host);
425 /* Make sure generic_write_checks sees an up to date inode size. */
426 if (file->f_flags & O_APPEND) {
427 rc = orangefs_inode_getattr(file->f_mapping->host, 0, 1,
428 STATX_SIZE);
429 if (rc == -ESTALE)
430 rc = -EIO;
431 if (rc) {
432 gossip_err("%s: orangefs_inode_getattr failed, "
433 "rc:%zd:.\n", __func__, rc);
434 goto out;
438 rc = generic_write_checks(iocb, iter);
440 if (rc <= 0) {
441 gossip_err("%s: generic_write_checks failed, rc:%zd:.\n",
442 __func__, rc);
443 goto out;
447 * if we are appending, generic_write_checks would have updated
448 * pos to the end of the file, so we will wait till now to set
449 * pos...
451 pos = iocb->ki_pos;
453 rc = do_readv_writev(ORANGEFS_IO_WRITE,
454 file,
455 &pos,
456 iter);
457 if (rc < 0) {
458 gossip_err("%s: do_readv_writev failed, rc:%zd:.\n",
459 __func__, rc);
460 goto out;
463 iocb->ki_pos = pos;
464 orangefs_stats.writes++;
466 out:
468 inode_unlock(file->f_mapping->host);
469 return rc;
473 * Perform a miscellaneous operation on a file.
475 static long orangefs_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
477 int ret = -ENOTTY;
478 __u64 val = 0;
479 unsigned long uval;
481 gossip_debug(GOSSIP_FILE_DEBUG,
482 "orangefs_ioctl: called with cmd %d\n",
483 cmd);
486 * we understand some general ioctls on files, such as the immutable
487 * and append flags
489 if (cmd == FS_IOC_GETFLAGS) {
490 val = 0;
491 ret = orangefs_inode_getxattr(file_inode(file),
492 "user.pvfs2.meta_hint",
493 &val, sizeof(val));
494 if (ret < 0 && ret != -ENODATA)
495 return ret;
496 else if (ret == -ENODATA)
497 val = 0;
498 uval = val;
499 gossip_debug(GOSSIP_FILE_DEBUG,
500 "orangefs_ioctl: FS_IOC_GETFLAGS: %llu\n",
501 (unsigned long long)uval);
502 return put_user(uval, (int __user *)arg);
503 } else if (cmd == FS_IOC_SETFLAGS) {
504 ret = 0;
505 if (get_user(uval, (int __user *)arg))
506 return -EFAULT;
508 * ORANGEFS_MIRROR_FL is set internally when the mirroring mode
509 * is turned on for a file. The user is not allowed to turn
510 * on this bit, but the bit is present if the user first gets
511 * the flags and then updates the flags with some new
512 * settings. So, we ignore it in the following edit. bligon.
514 if ((uval & ~ORANGEFS_MIRROR_FL) &
515 (~(FS_IMMUTABLE_FL | FS_APPEND_FL | FS_NOATIME_FL))) {
516 gossip_err("orangefs_ioctl: the FS_IOC_SETFLAGS only supports setting one of FS_IMMUTABLE_FL|FS_APPEND_FL|FS_NOATIME_FL\n");
517 return -EINVAL;
519 val = uval;
520 gossip_debug(GOSSIP_FILE_DEBUG,
521 "orangefs_ioctl: FS_IOC_SETFLAGS: %llu\n",
522 (unsigned long long)val);
523 ret = orangefs_inode_setxattr(file_inode(file),
524 "user.pvfs2.meta_hint",
525 &val, sizeof(val), 0);
528 return ret;
531 static int orangefs_fault(struct vm_fault *vmf)
533 struct file *file = vmf->vma->vm_file;
534 int rc;
535 rc = orangefs_inode_getattr(file->f_mapping->host, 0, 1,
536 STATX_SIZE);
537 if (rc == -ESTALE)
538 rc = -EIO;
539 if (rc) {
540 gossip_err("%s: orangefs_inode_getattr failed, "
541 "rc:%d:.\n", __func__, rc);
542 return rc;
544 return filemap_fault(vmf);
547 const struct vm_operations_struct orangefs_file_vm_ops = {
548 .fault = orangefs_fault,
549 .map_pages = filemap_map_pages,
550 .page_mkwrite = filemap_page_mkwrite,
554 * Memory map a region of a file.
556 static int orangefs_file_mmap(struct file *file, struct vm_area_struct *vma)
558 gossip_debug(GOSSIP_FILE_DEBUG,
559 "orangefs_file_mmap: called on %s\n",
560 (file ?
561 (char *)file->f_path.dentry->d_name.name :
562 (char *)"Unknown"));
564 if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_MAYWRITE))
565 return -EINVAL;
567 /* set the sequential readahead hint */
568 vma->vm_flags |= VM_SEQ_READ;
569 vma->vm_flags &= ~VM_RAND_READ;
571 file_accessed(file);
572 vma->vm_ops = &orangefs_file_vm_ops;
573 return 0;
576 #define mapping_nrpages(idata) ((idata)->nrpages)
579 * Called to notify the module that there are no more references to
580 * this file (i.e. no processes have it open).
582 * \note Not called when each file is closed.
584 static int orangefs_file_release(struct inode *inode, struct file *file)
586 gossip_debug(GOSSIP_FILE_DEBUG,
587 "orangefs_file_release: called on %pD\n",
588 file);
591 * remove all associated inode pages from the page cache and
592 * readahead cache (if any); this forces an expensive refresh of
593 * data for the next caller of mmap (or 'get_block' accesses)
595 if (file_inode(file) &&
596 file_inode(file)->i_mapping &&
597 mapping_nrpages(&file_inode(file)->i_data)) {
598 if (orangefs_features & ORANGEFS_FEATURE_READAHEAD) {
599 gossip_debug(GOSSIP_INODE_DEBUG,
600 "calling flush_racache on %pU\n",
601 get_khandle_from_ino(inode));
602 flush_racache(inode);
603 gossip_debug(GOSSIP_INODE_DEBUG,
604 "flush_racache finished\n");
606 truncate_inode_pages(file_inode(file)->i_mapping,
609 return 0;
613 * Push all data for a specific file onto permanent storage.
615 static int orangefs_fsync(struct file *file,
616 loff_t start,
617 loff_t end,
618 int datasync)
620 int ret;
621 struct orangefs_inode_s *orangefs_inode =
622 ORANGEFS_I(file_inode(file));
623 struct orangefs_kernel_op_s *new_op = NULL;
625 new_op = op_alloc(ORANGEFS_VFS_OP_FSYNC);
626 if (!new_op)
627 return -ENOMEM;
628 new_op->upcall.req.fsync.refn = orangefs_inode->refn;
630 ret = service_operation(new_op,
631 "orangefs_fsync",
632 get_interruptible_flag(file_inode(file)));
634 gossip_debug(GOSSIP_FILE_DEBUG,
635 "orangefs_fsync got return value of %d\n",
636 ret);
638 op_release(new_op);
639 return ret;
643 * Change the file pointer position for an instance of an open file.
645 * \note If .llseek is overriden, we must acquire lock as described in
646 * Documentation/filesystems/Locking.
648 * Future upgrade could support SEEK_DATA and SEEK_HOLE but would
649 * require much changes to the FS
651 static loff_t orangefs_file_llseek(struct file *file, loff_t offset, int origin)
653 int ret = -EINVAL;
654 struct inode *inode = file_inode(file);
656 if (origin == SEEK_END) {
658 * revalidate the inode's file size.
659 * NOTE: We are only interested in file size here,
660 * so we set mask accordingly.
662 ret = orangefs_inode_getattr(file->f_mapping->host, 0, 1,
663 STATX_SIZE);
664 if (ret == -ESTALE)
665 ret = -EIO;
666 if (ret) {
667 gossip_debug(GOSSIP_FILE_DEBUG,
668 "%s:%s:%d calling make bad inode\n",
669 __FILE__,
670 __func__,
671 __LINE__);
672 return ret;
676 gossip_debug(GOSSIP_FILE_DEBUG,
677 "orangefs_file_llseek: offset is %ld | origin is %d"
678 " | inode size is %lu\n",
679 (long)offset,
680 origin,
681 (unsigned long)i_size_read(inode));
683 return generic_file_llseek(file, offset, origin);
687 * Support local locks (locks that only this kernel knows about)
688 * if Orangefs was mounted -o local_lock.
690 static int orangefs_lock(struct file *filp, int cmd, struct file_lock *fl)
692 int rc = -EINVAL;
694 if (ORANGEFS_SB(file_inode(filp)->i_sb)->flags & ORANGEFS_OPT_LOCAL_LOCK) {
695 if (cmd == F_GETLK) {
696 rc = 0;
697 posix_test_lock(filp, fl);
698 } else {
699 rc = posix_lock_file(filp, fl, NULL);
703 return rc;
706 /** ORANGEFS implementation of VFS file operations */
707 const struct file_operations orangefs_file_operations = {
708 .llseek = orangefs_file_llseek,
709 .read_iter = orangefs_file_read_iter,
710 .write_iter = orangefs_file_write_iter,
711 .lock = orangefs_lock,
712 .unlocked_ioctl = orangefs_ioctl,
713 .mmap = orangefs_file_mmap,
714 .open = generic_file_open,
715 .release = orangefs_file_release,
716 .fsync = orangefs_fsync,