iov_iter.c 50 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945
  1. // SPDX-License-Identifier: GPL-2.0-only
  2. #include <linux/export.h>
  3. #include <linux/bvec.h>
  4. #include <linux/fault-inject-usercopy.h>
  5. #include <linux/uio.h>
  6. #include <linux/pagemap.h>
  7. #include <linux/highmem.h>
  8. #include <linux/slab.h>
  9. #include <linux/vmalloc.h>
  10. #include <linux/splice.h>
  11. #include <linux/compat.h>
  12. #include <linux/scatterlist.h>
  13. #include <linux/instrumented.h>
  14. #include <linux/iov_iter.h>
  15. static __always_inline
  16. size_t copy_to_user_iter(void __user *iter_to, size_t progress,
  17. size_t len, void *from, void *priv2)
  18. {
  19. if (should_fail_usercopy())
  20. return len;
  21. if (access_ok(iter_to, len)) {
  22. from += progress;
  23. instrument_copy_to_user(iter_to, from, len);
  24. len = raw_copy_to_user(iter_to, from, len);
  25. }
  26. return len;
  27. }
  28. static __always_inline
  29. size_t copy_to_user_iter_nofault(void __user *iter_to, size_t progress,
  30. size_t len, void *from, void *priv2)
  31. {
  32. ssize_t res;
  33. if (should_fail_usercopy())
  34. return len;
  35. from += progress;
  36. res = copy_to_user_nofault(iter_to, from, len);
  37. return res < 0 ? len : res;
  38. }
  39. static __always_inline
  40. size_t copy_from_user_iter(void __user *iter_from, size_t progress,
  41. size_t len, void *to, void *priv2)
  42. {
  43. size_t res = len;
  44. if (should_fail_usercopy())
  45. return len;
  46. if (can_do_masked_user_access()) {
  47. iter_from = mask_user_address(iter_from);
  48. } else {
  49. if (!access_ok(iter_from, len))
  50. return res;
  51. /*
  52. * Ensure that bad access_ok() speculation will not
  53. * lead to nasty side effects *after* the copy is
  54. * finished:
  55. */
  56. barrier_nospec();
  57. }
  58. to += progress;
  59. instrument_copy_from_user_before(to, iter_from, len);
  60. res = raw_copy_from_user(to, iter_from, len);
  61. instrument_copy_from_user_after(to, iter_from, len, res);
  62. return res;
  63. }
  64. static __always_inline
  65. size_t memcpy_to_iter(void *iter_to, size_t progress,
  66. size_t len, void *from, void *priv2)
  67. {
  68. memcpy(iter_to, from + progress, len);
  69. return 0;
  70. }
  71. static __always_inline
  72. size_t memcpy_from_iter(void *iter_from, size_t progress,
  73. size_t len, void *to, void *priv2)
  74. {
  75. memcpy(to + progress, iter_from, len);
  76. return 0;
  77. }
  78. /*
  79. * fault_in_iov_iter_readable - fault in iov iterator for reading
  80. * @i: iterator
  81. * @size: maximum length
  82. *
  83. * Fault in one or more iovecs of the given iov_iter, to a maximum length of
  84. * @size. For each iovec, fault in each page that constitutes the iovec.
  85. *
  86. * Returns the number of bytes not faulted in (like copy_to_user() and
  87. * copy_from_user()).
  88. *
  89. * Always returns 0 for non-userspace iterators.
  90. */
  91. size_t fault_in_iov_iter_readable(const struct iov_iter *i, size_t size)
  92. {
  93. if (iter_is_ubuf(i)) {
  94. size_t n = min(size, iov_iter_count(i));
  95. n -= fault_in_readable(i->ubuf + i->iov_offset, n);
  96. return size - n;
  97. } else if (iter_is_iovec(i)) {
  98. size_t count = min(size, iov_iter_count(i));
  99. const struct iovec *p;
  100. size_t skip;
  101. size -= count;
  102. for (p = iter_iov(i), skip = i->iov_offset; count; p++, skip = 0) {
  103. size_t len = min(count, p->iov_len - skip);
  104. size_t ret;
  105. if (unlikely(!len))
  106. continue;
  107. ret = fault_in_readable(p->iov_base + skip, len);
  108. count -= len - ret;
  109. if (ret)
  110. break;
  111. }
  112. return count + size;
  113. }
  114. return 0;
  115. }
  116. EXPORT_SYMBOL(fault_in_iov_iter_readable);
  117. /*
  118. * fault_in_iov_iter_writeable - fault in iov iterator for writing
  119. * @i: iterator
  120. * @size: maximum length
  121. *
  122. * Faults in the iterator using get_user_pages(), i.e., without triggering
  123. * hardware page faults. This is primarily useful when we already know that
  124. * some or all of the pages in @i aren't in memory.
  125. *
  126. * Returns the number of bytes not faulted in, like copy_to_user() and
  127. * copy_from_user().
  128. *
  129. * Always returns 0 for non-user-space iterators.
  130. */
  131. size_t fault_in_iov_iter_writeable(const struct iov_iter *i, size_t size)
  132. {
  133. if (iter_is_ubuf(i)) {
  134. size_t n = min(size, iov_iter_count(i));
  135. n -= fault_in_safe_writeable(i->ubuf + i->iov_offset, n);
  136. return size - n;
  137. } else if (iter_is_iovec(i)) {
  138. size_t count = min(size, iov_iter_count(i));
  139. const struct iovec *p;
  140. size_t skip;
  141. size -= count;
  142. for (p = iter_iov(i), skip = i->iov_offset; count; p++, skip = 0) {
  143. size_t len = min(count, p->iov_len - skip);
  144. size_t ret;
  145. if (unlikely(!len))
  146. continue;
  147. ret = fault_in_safe_writeable(p->iov_base + skip, len);
  148. count -= len - ret;
  149. if (ret)
  150. break;
  151. }
  152. return count + size;
  153. }
  154. return 0;
  155. }
  156. EXPORT_SYMBOL(fault_in_iov_iter_writeable);
  157. void iov_iter_init(struct iov_iter *i, unsigned int direction,
  158. const struct iovec *iov, unsigned long nr_segs,
  159. size_t count)
  160. {
  161. WARN_ON(direction & ~(READ | WRITE));
  162. *i = (struct iov_iter) {
  163. .iter_type = ITER_IOVEC,
  164. .nofault = false,
  165. .data_source = direction,
  166. .__iov = iov,
  167. .nr_segs = nr_segs,
  168. .iov_offset = 0,
  169. .count = count
  170. };
  171. }
  172. EXPORT_SYMBOL(iov_iter_init);
  173. size_t _copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
  174. {
  175. if (WARN_ON_ONCE(i->data_source))
  176. return 0;
  177. if (user_backed_iter(i))
  178. might_fault();
  179. return iterate_and_advance(i, bytes, (void *)addr,
  180. copy_to_user_iter, memcpy_to_iter);
  181. }
  182. EXPORT_SYMBOL(_copy_to_iter);
  183. #ifdef CONFIG_ARCH_HAS_COPY_MC
  184. static __always_inline
  185. size_t copy_to_user_iter_mc(void __user *iter_to, size_t progress,
  186. size_t len, void *from, void *priv2)
  187. {
  188. if (access_ok(iter_to, len)) {
  189. from += progress;
  190. instrument_copy_to_user(iter_to, from, len);
  191. len = copy_mc_to_user(iter_to, from, len);
  192. }
  193. return len;
  194. }
  195. static __always_inline
  196. size_t memcpy_to_iter_mc(void *iter_to, size_t progress,
  197. size_t len, void *from, void *priv2)
  198. {
  199. return copy_mc_to_kernel(iter_to, from + progress, len);
  200. }
  201. /**
  202. * _copy_mc_to_iter - copy to iter with source memory error exception handling
  203. * @addr: source kernel address
  204. * @bytes: total transfer length
  205. * @i: destination iterator
  206. *
  207. * The pmem driver deploys this for the dax operation
  208. * (dax_copy_to_iter()) for dax reads (bypass page-cache and the
  209. * block-layer). Upon #MC read(2) aborts and returns EIO or the bytes
  210. * successfully copied.
  211. *
  212. * The main differences between this and typical _copy_to_iter().
  213. *
  214. * * Typical tail/residue handling after a fault retries the copy
  215. * byte-by-byte until the fault happens again. Re-triggering machine
  216. * checks is potentially fatal so the implementation uses source
  217. * alignment and poison alignment assumptions to avoid re-triggering
  218. * hardware exceptions.
  219. *
  220. * * ITER_KVEC and ITER_BVEC can return short copies. Compare to
  221. * copy_to_iter() where only ITER_IOVEC attempts might return a short copy.
  222. *
  223. * Return: number of bytes copied (may be %0)
  224. */
  225. size_t _copy_mc_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
  226. {
  227. if (WARN_ON_ONCE(i->data_source))
  228. return 0;
  229. if (user_backed_iter(i))
  230. might_fault();
  231. return iterate_and_advance(i, bytes, (void *)addr,
  232. copy_to_user_iter_mc, memcpy_to_iter_mc);
  233. }
  234. EXPORT_SYMBOL_GPL(_copy_mc_to_iter);
  235. #endif /* CONFIG_ARCH_HAS_COPY_MC */
  236. static __always_inline
  237. size_t __copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
  238. {
  239. return iterate_and_advance(i, bytes, addr,
  240. copy_from_user_iter, memcpy_from_iter);
  241. }
  242. size_t _copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
  243. {
  244. if (WARN_ON_ONCE(!i->data_source))
  245. return 0;
  246. if (user_backed_iter(i))
  247. might_fault();
  248. return __copy_from_iter(addr, bytes, i);
  249. }
  250. EXPORT_SYMBOL(_copy_from_iter);
  251. static __always_inline
  252. size_t copy_from_user_iter_nocache(void __user *iter_from, size_t progress,
  253. size_t len, void *to, void *priv2)
  254. {
  255. return __copy_from_user_inatomic_nocache(to + progress, iter_from, len);
  256. }
  257. size_t _copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
  258. {
  259. if (WARN_ON_ONCE(!i->data_source))
  260. return 0;
  261. return iterate_and_advance(i, bytes, addr,
  262. copy_from_user_iter_nocache,
  263. memcpy_from_iter);
  264. }
  265. EXPORT_SYMBOL(_copy_from_iter_nocache);
  266. #ifdef CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE
  267. static __always_inline
  268. size_t copy_from_user_iter_flushcache(void __user *iter_from, size_t progress,
  269. size_t len, void *to, void *priv2)
  270. {
  271. return __copy_from_user_flushcache(to + progress, iter_from, len);
  272. }
  273. static __always_inline
  274. size_t memcpy_from_iter_flushcache(void *iter_from, size_t progress,
  275. size_t len, void *to, void *priv2)
  276. {
  277. memcpy_flushcache(to + progress, iter_from, len);
  278. return 0;
  279. }
  280. /**
  281. * _copy_from_iter_flushcache - write destination through cpu cache
  282. * @addr: destination kernel address
  283. * @bytes: total transfer length
  284. * @i: source iterator
  285. *
  286. * The pmem driver arranges for filesystem-dax to use this facility via
  287. * dax_copy_from_iter() for ensuring that writes to persistent memory
  288. * are flushed through the CPU cache. It is differentiated from
  289. * _copy_from_iter_nocache() in that guarantees all data is flushed for
  290. * all iterator types. The _copy_from_iter_nocache() only attempts to
  291. * bypass the cache for the ITER_IOVEC case, and on some archs may use
  292. * instructions that strand dirty-data in the cache.
  293. *
  294. * Return: number of bytes copied (may be %0)
  295. */
  296. size_t _copy_from_iter_flushcache(void *addr, size_t bytes, struct iov_iter *i)
  297. {
  298. if (WARN_ON_ONCE(!i->data_source))
  299. return 0;
  300. return iterate_and_advance(i, bytes, addr,
  301. copy_from_user_iter_flushcache,
  302. memcpy_from_iter_flushcache);
  303. }
  304. EXPORT_SYMBOL_GPL(_copy_from_iter_flushcache);
  305. #endif
  306. static inline bool page_copy_sane(struct page *page, size_t offset, size_t n)
  307. {
  308. struct page *head;
  309. size_t v = n + offset;
  310. /*
  311. * The general case needs to access the page order in order
  312. * to compute the page size.
  313. * However, we mostly deal with order-0 pages and thus can
  314. * avoid a possible cache line miss for requests that fit all
  315. * page orders.
  316. */
  317. if (n <= v && v <= PAGE_SIZE)
  318. return true;
  319. head = compound_head(page);
  320. v += (page - head) << PAGE_SHIFT;
  321. if (WARN_ON(n > v || v > page_size(head)))
  322. return false;
  323. return true;
  324. }
  325. size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes,
  326. struct iov_iter *i)
  327. {
  328. size_t res = 0;
  329. if (!page_copy_sane(page, offset, bytes))
  330. return 0;
  331. if (WARN_ON_ONCE(i->data_source))
  332. return 0;
  333. page += offset / PAGE_SIZE; // first subpage
  334. offset %= PAGE_SIZE;
  335. while (1) {
  336. void *kaddr = kmap_local_page(page);
  337. size_t n = min(bytes, (size_t)PAGE_SIZE - offset);
  338. n = _copy_to_iter(kaddr + offset, n, i);
  339. kunmap_local(kaddr);
  340. res += n;
  341. bytes -= n;
  342. if (!bytes || !n)
  343. break;
  344. offset += n;
  345. if (offset == PAGE_SIZE) {
  346. page++;
  347. offset = 0;
  348. }
  349. }
  350. return res;
  351. }
  352. EXPORT_SYMBOL(copy_page_to_iter);
  353. size_t copy_page_to_iter_nofault(struct page *page, unsigned offset, size_t bytes,
  354. struct iov_iter *i)
  355. {
  356. size_t res = 0;
  357. if (!page_copy_sane(page, offset, bytes))
  358. return 0;
  359. if (WARN_ON_ONCE(i->data_source))
  360. return 0;
  361. page += offset / PAGE_SIZE; // first subpage
  362. offset %= PAGE_SIZE;
  363. while (1) {
  364. void *kaddr = kmap_local_page(page);
  365. size_t n = min(bytes, (size_t)PAGE_SIZE - offset);
  366. n = iterate_and_advance(i, n, kaddr + offset,
  367. copy_to_user_iter_nofault,
  368. memcpy_to_iter);
  369. kunmap_local(kaddr);
  370. res += n;
  371. bytes -= n;
  372. if (!bytes || !n)
  373. break;
  374. offset += n;
  375. if (offset == PAGE_SIZE) {
  376. page++;
  377. offset = 0;
  378. }
  379. }
  380. return res;
  381. }
  382. EXPORT_SYMBOL(copy_page_to_iter_nofault);
  383. size_t copy_page_from_iter(struct page *page, size_t offset, size_t bytes,
  384. struct iov_iter *i)
  385. {
  386. size_t res = 0;
  387. if (!page_copy_sane(page, offset, bytes))
  388. return 0;
  389. page += offset / PAGE_SIZE; // first subpage
  390. offset %= PAGE_SIZE;
  391. while (1) {
  392. void *kaddr = kmap_local_page(page);
  393. size_t n = min(bytes, (size_t)PAGE_SIZE - offset);
  394. n = _copy_from_iter(kaddr + offset, n, i);
  395. kunmap_local(kaddr);
  396. res += n;
  397. bytes -= n;
  398. if (!bytes || !n)
  399. break;
  400. offset += n;
  401. if (offset == PAGE_SIZE) {
  402. page++;
  403. offset = 0;
  404. }
  405. }
  406. return res;
  407. }
  408. EXPORT_SYMBOL(copy_page_from_iter);
  409. static __always_inline
  410. size_t zero_to_user_iter(void __user *iter_to, size_t progress,
  411. size_t len, void *priv, void *priv2)
  412. {
  413. return clear_user(iter_to, len);
  414. }
  415. static __always_inline
  416. size_t zero_to_iter(void *iter_to, size_t progress,
  417. size_t len, void *priv, void *priv2)
  418. {
  419. memset(iter_to, 0, len);
  420. return 0;
  421. }
  422. size_t iov_iter_zero(size_t bytes, struct iov_iter *i)
  423. {
  424. return iterate_and_advance(i, bytes, NULL,
  425. zero_to_user_iter, zero_to_iter);
  426. }
  427. EXPORT_SYMBOL(iov_iter_zero);
  428. size_t copy_folio_from_iter_atomic(struct folio *folio, size_t offset,
  429. size_t bytes, struct iov_iter *i)
  430. {
  431. size_t n, copied = 0;
  432. if (!page_copy_sane(&folio->page, offset, bytes))
  433. return 0;
  434. if (WARN_ON_ONCE(!i->data_source))
  435. return 0;
  436. do {
  437. char *to = kmap_local_folio(folio, offset);
  438. n = bytes - copied;
  439. if (folio_test_partial_kmap(folio) &&
  440. n > PAGE_SIZE - offset_in_page(offset))
  441. n = PAGE_SIZE - offset_in_page(offset);
  442. pagefault_disable();
  443. n = __copy_from_iter(to, n, i);
  444. pagefault_enable();
  445. kunmap_local(to);
  446. copied += n;
  447. offset += n;
  448. } while (copied != bytes && n > 0);
  449. return copied;
  450. }
  451. EXPORT_SYMBOL(copy_folio_from_iter_atomic);
  452. static void iov_iter_bvec_advance(struct iov_iter *i, size_t size)
  453. {
  454. const struct bio_vec *bvec, *end;
  455. if (!i->count)
  456. return;
  457. i->count -= size;
  458. size += i->iov_offset;
  459. for (bvec = i->bvec, end = bvec + i->nr_segs; bvec < end; bvec++) {
  460. if (likely(size < bvec->bv_len))
  461. break;
  462. size -= bvec->bv_len;
  463. }
  464. i->iov_offset = size;
  465. i->nr_segs -= bvec - i->bvec;
  466. i->bvec = bvec;
  467. }
  468. static void iov_iter_iovec_advance(struct iov_iter *i, size_t size)
  469. {
  470. const struct iovec *iov, *end;
  471. if (!i->count)
  472. return;
  473. i->count -= size;
  474. size += i->iov_offset; // from beginning of current segment
  475. for (iov = iter_iov(i), end = iov + i->nr_segs; iov < end; iov++) {
  476. if (likely(size < iov->iov_len))
  477. break;
  478. size -= iov->iov_len;
  479. }
  480. i->iov_offset = size;
  481. i->nr_segs -= iov - iter_iov(i);
  482. i->__iov = iov;
  483. }
  484. static void iov_iter_folioq_advance(struct iov_iter *i, size_t size)
  485. {
  486. const struct folio_queue *folioq = i->folioq;
  487. unsigned int slot = i->folioq_slot;
  488. if (!i->count)
  489. return;
  490. i->count -= size;
  491. if (slot >= folioq_nr_slots(folioq)) {
  492. folioq = folioq->next;
  493. slot = 0;
  494. }
  495. size += i->iov_offset; /* From beginning of current segment. */
  496. do {
  497. size_t fsize = folioq_folio_size(folioq, slot);
  498. if (likely(size < fsize))
  499. break;
  500. size -= fsize;
  501. slot++;
  502. if (slot >= folioq_nr_slots(folioq) && folioq->next) {
  503. folioq = folioq->next;
  504. slot = 0;
  505. }
  506. } while (size);
  507. i->iov_offset = size;
  508. i->folioq_slot = slot;
  509. i->folioq = folioq;
  510. }
  511. void iov_iter_advance(struct iov_iter *i, size_t size)
  512. {
  513. if (unlikely(i->count < size))
  514. size = i->count;
  515. if (likely(iter_is_ubuf(i)) || unlikely(iov_iter_is_xarray(i))) {
  516. i->iov_offset += size;
  517. i->count -= size;
  518. } else if (likely(iter_is_iovec(i) || iov_iter_is_kvec(i))) {
  519. /* iovec and kvec have identical layouts */
  520. iov_iter_iovec_advance(i, size);
  521. } else if (iov_iter_is_bvec(i)) {
  522. iov_iter_bvec_advance(i, size);
  523. } else if (iov_iter_is_folioq(i)) {
  524. iov_iter_folioq_advance(i, size);
  525. } else if (iov_iter_is_discard(i)) {
  526. i->count -= size;
  527. }
  528. }
  529. EXPORT_SYMBOL(iov_iter_advance);
  530. static void iov_iter_folioq_revert(struct iov_iter *i, size_t unroll)
  531. {
  532. const struct folio_queue *folioq = i->folioq;
  533. unsigned int slot = i->folioq_slot;
  534. for (;;) {
  535. size_t fsize;
  536. if (slot == 0) {
  537. folioq = folioq->prev;
  538. slot = folioq_nr_slots(folioq);
  539. }
  540. slot--;
  541. fsize = folioq_folio_size(folioq, slot);
  542. if (unroll <= fsize) {
  543. i->iov_offset = fsize - unroll;
  544. break;
  545. }
  546. unroll -= fsize;
  547. }
  548. i->folioq_slot = slot;
  549. i->folioq = folioq;
  550. }
  551. void iov_iter_revert(struct iov_iter *i, size_t unroll)
  552. {
  553. if (!unroll)
  554. return;
  555. if (WARN_ON(unroll > MAX_RW_COUNT))
  556. return;
  557. i->count += unroll;
  558. if (unlikely(iov_iter_is_discard(i)))
  559. return;
  560. if (unroll <= i->iov_offset) {
  561. i->iov_offset -= unroll;
  562. return;
  563. }
  564. unroll -= i->iov_offset;
  565. if (iov_iter_is_xarray(i) || iter_is_ubuf(i)) {
  566. BUG(); /* We should never go beyond the start of the specified
  567. * range since we might then be straying into pages that
  568. * aren't pinned.
  569. */
  570. } else if (iov_iter_is_bvec(i)) {
  571. const struct bio_vec *bvec = i->bvec;
  572. while (1) {
  573. size_t n = (--bvec)->bv_len;
  574. i->nr_segs++;
  575. if (unroll <= n) {
  576. i->bvec = bvec;
  577. i->iov_offset = n - unroll;
  578. return;
  579. }
  580. unroll -= n;
  581. }
  582. } else if (iov_iter_is_folioq(i)) {
  583. i->iov_offset = 0;
  584. iov_iter_folioq_revert(i, unroll);
  585. } else { /* same logics for iovec and kvec */
  586. const struct iovec *iov = iter_iov(i);
  587. while (1) {
  588. size_t n = (--iov)->iov_len;
  589. i->nr_segs++;
  590. if (unroll <= n) {
  591. i->__iov = iov;
  592. i->iov_offset = n - unroll;
  593. return;
  594. }
  595. unroll -= n;
  596. }
  597. }
  598. }
  599. EXPORT_SYMBOL(iov_iter_revert);
  600. /*
  601. * Return the count of just the current iov_iter segment.
  602. */
  603. size_t iov_iter_single_seg_count(const struct iov_iter *i)
  604. {
  605. if (i->nr_segs > 1) {
  606. if (likely(iter_is_iovec(i) || iov_iter_is_kvec(i)))
  607. return min(i->count, iter_iov(i)->iov_len - i->iov_offset);
  608. if (iov_iter_is_bvec(i))
  609. return min(i->count, i->bvec->bv_len - i->iov_offset);
  610. }
  611. if (unlikely(iov_iter_is_folioq(i)))
  612. return !i->count ? 0 :
  613. umin(folioq_folio_size(i->folioq, i->folioq_slot), i->count);
  614. return i->count;
  615. }
  616. EXPORT_SYMBOL(iov_iter_single_seg_count);
  617. void iov_iter_kvec(struct iov_iter *i, unsigned int direction,
  618. const struct kvec *kvec, unsigned long nr_segs,
  619. size_t count)
  620. {
  621. WARN_ON(direction & ~(READ | WRITE));
  622. *i = (struct iov_iter){
  623. .iter_type = ITER_KVEC,
  624. .data_source = direction,
  625. .kvec = kvec,
  626. .nr_segs = nr_segs,
  627. .iov_offset = 0,
  628. .count = count
  629. };
  630. }
  631. EXPORT_SYMBOL(iov_iter_kvec);
  632. void iov_iter_bvec(struct iov_iter *i, unsigned int direction,
  633. const struct bio_vec *bvec, unsigned long nr_segs,
  634. size_t count)
  635. {
  636. WARN_ON(direction & ~(READ | WRITE));
  637. *i = (struct iov_iter){
  638. .iter_type = ITER_BVEC,
  639. .data_source = direction,
  640. .bvec = bvec,
  641. .nr_segs = nr_segs,
  642. .iov_offset = 0,
  643. .count = count
  644. };
  645. }
  646. EXPORT_SYMBOL(iov_iter_bvec);
  647. /**
  648. * iov_iter_folio_queue - Initialise an I/O iterator to use the folios in a folio queue
  649. * @i: The iterator to initialise.
  650. * @direction: The direction of the transfer.
  651. * @folioq: The starting point in the folio queue.
  652. * @first_slot: The first slot in the folio queue to use
  653. * @offset: The offset into the folio in the first slot to start at
  654. * @count: The size of the I/O buffer in bytes.
  655. *
  656. * Set up an I/O iterator to either draw data out of the pages attached to an
  657. * inode or to inject data into those pages. The pages *must* be prevented
  658. * from evaporation, either by taking a ref on them or locking them by the
  659. * caller.
  660. */
  661. void iov_iter_folio_queue(struct iov_iter *i, unsigned int direction,
  662. const struct folio_queue *folioq, unsigned int first_slot,
  663. unsigned int offset, size_t count)
  664. {
  665. BUG_ON(direction & ~1);
  666. *i = (struct iov_iter) {
  667. .iter_type = ITER_FOLIOQ,
  668. .data_source = direction,
  669. .folioq = folioq,
  670. .folioq_slot = first_slot,
  671. .count = count,
  672. .iov_offset = offset,
  673. };
  674. }
  675. EXPORT_SYMBOL(iov_iter_folio_queue);
  676. /**
  677. * iov_iter_xarray - Initialise an I/O iterator to use the pages in an xarray
  678. * @i: The iterator to initialise.
  679. * @direction: The direction of the transfer.
  680. * @xarray: The xarray to access.
  681. * @start: The start file position.
  682. * @count: The size of the I/O buffer in bytes.
  683. *
  684. * Set up an I/O iterator to either draw data out of the pages attached to an
  685. * inode or to inject data into those pages. The pages *must* be prevented
  686. * from evaporation, either by taking a ref on them or locking them by the
  687. * caller.
  688. */
  689. void iov_iter_xarray(struct iov_iter *i, unsigned int direction,
  690. struct xarray *xarray, loff_t start, size_t count)
  691. {
  692. BUG_ON(direction & ~1);
  693. *i = (struct iov_iter) {
  694. .iter_type = ITER_XARRAY,
  695. .data_source = direction,
  696. .xarray = xarray,
  697. .xarray_start = start,
  698. .count = count,
  699. .iov_offset = 0
  700. };
  701. }
  702. EXPORT_SYMBOL(iov_iter_xarray);
  703. /**
  704. * iov_iter_discard - Initialise an I/O iterator that discards data
  705. * @i: The iterator to initialise.
  706. * @direction: The direction of the transfer.
  707. * @count: The size of the I/O buffer in bytes.
  708. *
  709. * Set up an I/O iterator that just discards everything that's written to it.
  710. * It's only available as a READ iterator.
  711. */
  712. void iov_iter_discard(struct iov_iter *i, unsigned int direction, size_t count)
  713. {
  714. BUG_ON(direction != READ);
  715. *i = (struct iov_iter){
  716. .iter_type = ITER_DISCARD,
  717. .data_source = false,
  718. .count = count,
  719. .iov_offset = 0
  720. };
  721. }
  722. EXPORT_SYMBOL(iov_iter_discard);
  723. static unsigned long iov_iter_alignment_iovec(const struct iov_iter *i)
  724. {
  725. const struct iovec *iov = iter_iov(i);
  726. unsigned long res = 0;
  727. size_t size = i->count;
  728. size_t skip = i->iov_offset;
  729. do {
  730. size_t len = iov->iov_len - skip;
  731. if (len) {
  732. res |= (unsigned long)iov->iov_base + skip;
  733. if (len > size)
  734. len = size;
  735. res |= len;
  736. size -= len;
  737. }
  738. iov++;
  739. skip = 0;
  740. } while (size);
  741. return res;
  742. }
  743. static unsigned long iov_iter_alignment_bvec(const struct iov_iter *i)
  744. {
  745. const struct bio_vec *bvec = i->bvec;
  746. unsigned res = 0;
  747. size_t size = i->count;
  748. unsigned skip = i->iov_offset;
  749. do {
  750. size_t len = bvec->bv_len - skip;
  751. res |= (unsigned long)bvec->bv_offset + skip;
  752. if (len > size)
  753. len = size;
  754. res |= len;
  755. bvec++;
  756. size -= len;
  757. skip = 0;
  758. } while (size);
  759. return res;
  760. }
  761. unsigned long iov_iter_alignment(const struct iov_iter *i)
  762. {
  763. if (likely(iter_is_ubuf(i))) {
  764. size_t size = i->count;
  765. if (size)
  766. return ((unsigned long)i->ubuf + i->iov_offset) | size;
  767. return 0;
  768. }
  769. /* iovec and kvec have identical layouts */
  770. if (likely(iter_is_iovec(i) || iov_iter_is_kvec(i)))
  771. return iov_iter_alignment_iovec(i);
  772. if (iov_iter_is_bvec(i))
  773. return iov_iter_alignment_bvec(i);
  774. /* With both xarray and folioq types, we're dealing with whole folios. */
  775. if (iov_iter_is_folioq(i))
  776. return i->iov_offset | i->count;
  777. if (iov_iter_is_xarray(i))
  778. return (i->xarray_start + i->iov_offset) | i->count;
  779. return 0;
  780. }
  781. EXPORT_SYMBOL(iov_iter_alignment);
  782. unsigned long iov_iter_gap_alignment(const struct iov_iter *i)
  783. {
  784. unsigned long res = 0;
  785. unsigned long v = 0;
  786. size_t size = i->count;
  787. unsigned k;
  788. if (iter_is_ubuf(i))
  789. return 0;
  790. if (WARN_ON(!iter_is_iovec(i)))
  791. return ~0U;
  792. for (k = 0; k < i->nr_segs; k++) {
  793. const struct iovec *iov = iter_iov(i) + k;
  794. if (iov->iov_len) {
  795. unsigned long base = (unsigned long)iov->iov_base;
  796. if (v) // if not the first one
  797. res |= base | v; // this start | previous end
  798. v = base + iov->iov_len;
  799. if (size <= iov->iov_len)
  800. break;
  801. size -= iov->iov_len;
  802. }
  803. }
  804. return res;
  805. }
  806. EXPORT_SYMBOL(iov_iter_gap_alignment);
  807. static int want_pages_array(struct page ***res, size_t size,
  808. size_t start, unsigned int maxpages)
  809. {
  810. unsigned int count = DIV_ROUND_UP(size + start, PAGE_SIZE);
  811. if (count > maxpages)
  812. count = maxpages;
  813. WARN_ON(!count); // caller should've prevented that
  814. if (!*res) {
  815. *res = kvmalloc_objs(struct page *, count);
  816. if (!*res)
  817. return 0;
  818. }
  819. return count;
  820. }
  821. static ssize_t iter_folioq_get_pages(struct iov_iter *iter,
  822. struct page ***ppages, size_t maxsize,
  823. unsigned maxpages, size_t *_start_offset)
  824. {
  825. const struct folio_queue *folioq = iter->folioq;
  826. struct page **pages;
  827. unsigned int slot = iter->folioq_slot;
  828. size_t extracted = 0, count = iter->count, iov_offset = iter->iov_offset;
  829. if (slot >= folioq_nr_slots(folioq)) {
  830. folioq = folioq->next;
  831. slot = 0;
  832. if (WARN_ON(iov_offset != 0))
  833. return -EIO;
  834. }
  835. maxpages = want_pages_array(ppages, maxsize, iov_offset & ~PAGE_MASK, maxpages);
  836. if (!maxpages)
  837. return -ENOMEM;
  838. *_start_offset = iov_offset & ~PAGE_MASK;
  839. pages = *ppages;
  840. for (;;) {
  841. struct folio *folio = folioq_folio(folioq, slot);
  842. size_t offset = iov_offset, fsize = folioq_folio_size(folioq, slot);
  843. size_t part = PAGE_SIZE - offset % PAGE_SIZE;
  844. if (offset < fsize) {
  845. part = umin(part, umin(maxsize - extracted, fsize - offset));
  846. count -= part;
  847. iov_offset += part;
  848. extracted += part;
  849. *pages = folio_page(folio, offset / PAGE_SIZE);
  850. get_page(*pages);
  851. pages++;
  852. maxpages--;
  853. }
  854. if (maxpages == 0 || extracted >= maxsize)
  855. break;
  856. if (iov_offset >= fsize) {
  857. iov_offset = 0;
  858. slot++;
  859. if (slot == folioq_nr_slots(folioq) && folioq->next) {
  860. folioq = folioq->next;
  861. slot = 0;
  862. }
  863. }
  864. }
  865. iter->count = count;
  866. iter->iov_offset = iov_offset;
  867. iter->folioq = folioq;
  868. iter->folioq_slot = slot;
  869. return extracted;
  870. }
  871. static ssize_t iter_xarray_populate_pages(struct page **pages, struct xarray *xa,
  872. pgoff_t index, unsigned int nr_pages)
  873. {
  874. XA_STATE(xas, xa, index);
  875. struct folio *folio;
  876. unsigned int ret = 0;
  877. rcu_read_lock();
  878. for (folio = xas_load(&xas); folio; folio = xas_next(&xas)) {
  879. if (xas_retry(&xas, folio))
  880. continue;
  881. /* Has the folio moved or been split? */
  882. if (unlikely(folio != xas_reload(&xas))) {
  883. xas_reset(&xas);
  884. continue;
  885. }
  886. pages[ret] = folio_file_page(folio, xas.xa_index);
  887. folio_get(folio);
  888. if (++ret == nr_pages)
  889. break;
  890. }
  891. rcu_read_unlock();
  892. return ret;
  893. }
  894. static ssize_t iter_xarray_get_pages(struct iov_iter *i,
  895. struct page ***pages, size_t maxsize,
  896. unsigned maxpages, size_t *_start_offset)
  897. {
  898. unsigned nr, offset, count;
  899. pgoff_t index;
  900. loff_t pos;
  901. pos = i->xarray_start + i->iov_offset;
  902. index = pos >> PAGE_SHIFT;
  903. offset = pos & ~PAGE_MASK;
  904. *_start_offset = offset;
  905. count = want_pages_array(pages, maxsize, offset, maxpages);
  906. if (!count)
  907. return -ENOMEM;
  908. nr = iter_xarray_populate_pages(*pages, i->xarray, index, count);
  909. if (nr == 0)
  910. return 0;
  911. maxsize = min_t(size_t, nr * PAGE_SIZE - offset, maxsize);
  912. i->iov_offset += maxsize;
  913. i->count -= maxsize;
  914. return maxsize;
  915. }
  916. /* must be done on non-empty ITER_UBUF or ITER_IOVEC one */
  917. static unsigned long first_iovec_segment(const struct iov_iter *i, size_t *size)
  918. {
  919. size_t skip;
  920. long k;
  921. if (iter_is_ubuf(i))
  922. return (unsigned long)i->ubuf + i->iov_offset;
  923. for (k = 0, skip = i->iov_offset; k < i->nr_segs; k++, skip = 0) {
  924. const struct iovec *iov = iter_iov(i) + k;
  925. size_t len = iov->iov_len - skip;
  926. if (unlikely(!len))
  927. continue;
  928. if (*size > len)
  929. *size = len;
  930. return (unsigned long)iov->iov_base + skip;
  931. }
  932. BUG(); // if it had been empty, we wouldn't get called
  933. }
  934. /* must be done on non-empty ITER_BVEC one */
  935. static struct page *first_bvec_segment(const struct iov_iter *i,
  936. size_t *size, size_t *start)
  937. {
  938. struct page *page;
  939. size_t skip = i->iov_offset, len;
  940. len = i->bvec->bv_len - skip;
  941. if (*size > len)
  942. *size = len;
  943. skip += i->bvec->bv_offset;
  944. page = i->bvec->bv_page + skip / PAGE_SIZE;
  945. *start = skip % PAGE_SIZE;
  946. return page;
  947. }
  948. static ssize_t __iov_iter_get_pages_alloc(struct iov_iter *i,
  949. struct page ***pages, size_t maxsize,
  950. unsigned int maxpages, size_t *start)
  951. {
  952. unsigned int n, gup_flags = 0;
  953. if (maxsize > i->count)
  954. maxsize = i->count;
  955. if (!maxsize)
  956. return 0;
  957. if (maxsize > MAX_RW_COUNT)
  958. maxsize = MAX_RW_COUNT;
  959. if (likely(user_backed_iter(i))) {
  960. unsigned long addr;
  961. int res;
  962. if (iov_iter_rw(i) != WRITE)
  963. gup_flags |= FOLL_WRITE;
  964. if (i->nofault)
  965. gup_flags |= FOLL_NOFAULT;
  966. addr = first_iovec_segment(i, &maxsize);
  967. *start = addr % PAGE_SIZE;
  968. addr &= PAGE_MASK;
  969. n = want_pages_array(pages, maxsize, *start, maxpages);
  970. if (!n)
  971. return -ENOMEM;
  972. res = get_user_pages_fast(addr, n, gup_flags, *pages);
  973. if (unlikely(res <= 0))
  974. return res;
  975. maxsize = min_t(size_t, maxsize, res * PAGE_SIZE - *start);
  976. iov_iter_advance(i, maxsize);
  977. return maxsize;
  978. }
  979. if (iov_iter_is_bvec(i)) {
  980. struct page **p;
  981. struct page *page;
  982. page = first_bvec_segment(i, &maxsize, start);
  983. n = want_pages_array(pages, maxsize, *start, maxpages);
  984. if (!n)
  985. return -ENOMEM;
  986. p = *pages;
  987. for (int k = 0; k < n; k++) {
  988. struct folio *folio = page_folio(page + k);
  989. p[k] = page + k;
  990. if (!folio_test_slab(folio))
  991. folio_get(folio);
  992. }
  993. maxsize = min_t(size_t, maxsize, n * PAGE_SIZE - *start);
  994. i->count -= maxsize;
  995. i->iov_offset += maxsize;
  996. if (i->iov_offset == i->bvec->bv_len) {
  997. i->iov_offset = 0;
  998. i->bvec++;
  999. i->nr_segs--;
  1000. }
  1001. return maxsize;
  1002. }
  1003. if (iov_iter_is_folioq(i))
  1004. return iter_folioq_get_pages(i, pages, maxsize, maxpages, start);
  1005. if (iov_iter_is_xarray(i))
  1006. return iter_xarray_get_pages(i, pages, maxsize, maxpages, start);
  1007. return -EFAULT;
  1008. }
  1009. ssize_t iov_iter_get_pages2(struct iov_iter *i, struct page **pages,
  1010. size_t maxsize, unsigned maxpages, size_t *start)
  1011. {
  1012. if (!maxpages)
  1013. return 0;
  1014. BUG_ON(!pages);
  1015. return __iov_iter_get_pages_alloc(i, &pages, maxsize, maxpages, start);
  1016. }
  1017. EXPORT_SYMBOL(iov_iter_get_pages2);
  1018. ssize_t iov_iter_get_pages_alloc2(struct iov_iter *i,
  1019. struct page ***pages, size_t maxsize, size_t *start)
  1020. {
  1021. ssize_t len;
  1022. *pages = NULL;
  1023. len = __iov_iter_get_pages_alloc(i, pages, maxsize, ~0U, start);
  1024. if (len <= 0) {
  1025. kvfree(*pages);
  1026. *pages = NULL;
  1027. }
  1028. return len;
  1029. }
  1030. EXPORT_SYMBOL(iov_iter_get_pages_alloc2);
  1031. static int iov_npages(const struct iov_iter *i, int maxpages)
  1032. {
  1033. size_t skip = i->iov_offset, size = i->count;
  1034. const struct iovec *p;
  1035. int npages = 0;
  1036. for (p = iter_iov(i); size; skip = 0, p++) {
  1037. unsigned offs = offset_in_page(p->iov_base + skip);
  1038. size_t len = min(p->iov_len - skip, size);
  1039. if (len) {
  1040. size -= len;
  1041. npages += DIV_ROUND_UP(offs + len, PAGE_SIZE);
  1042. if (unlikely(npages > maxpages))
  1043. return maxpages;
  1044. }
  1045. }
  1046. return npages;
  1047. }
  1048. static int bvec_npages(const struct iov_iter *i, int maxpages)
  1049. {
  1050. size_t skip = i->iov_offset, size = i->count;
  1051. const struct bio_vec *p;
  1052. int npages = 0;
  1053. for (p = i->bvec; size; skip = 0, p++) {
  1054. unsigned offs = (p->bv_offset + skip) % PAGE_SIZE;
  1055. size_t len = min(p->bv_len - skip, size);
  1056. size -= len;
  1057. npages += DIV_ROUND_UP(offs + len, PAGE_SIZE);
  1058. if (unlikely(npages > maxpages))
  1059. return maxpages;
  1060. }
  1061. return npages;
  1062. }
  1063. int iov_iter_npages(const struct iov_iter *i, int maxpages)
  1064. {
  1065. if (unlikely(!i->count))
  1066. return 0;
  1067. if (likely(iter_is_ubuf(i))) {
  1068. unsigned offs = offset_in_page(i->ubuf + i->iov_offset);
  1069. int npages = DIV_ROUND_UP(offs + i->count, PAGE_SIZE);
  1070. return min(npages, maxpages);
  1071. }
  1072. /* iovec and kvec have identical layouts */
  1073. if (likely(iter_is_iovec(i) || iov_iter_is_kvec(i)))
  1074. return iov_npages(i, maxpages);
  1075. if (iov_iter_is_bvec(i))
  1076. return bvec_npages(i, maxpages);
  1077. if (iov_iter_is_folioq(i)) {
  1078. unsigned offset = i->iov_offset % PAGE_SIZE;
  1079. int npages = DIV_ROUND_UP(offset + i->count, PAGE_SIZE);
  1080. return min(npages, maxpages);
  1081. }
  1082. if (iov_iter_is_xarray(i)) {
  1083. unsigned offset = (i->xarray_start + i->iov_offset) % PAGE_SIZE;
  1084. int npages = DIV_ROUND_UP(offset + i->count, PAGE_SIZE);
  1085. return min(npages, maxpages);
  1086. }
  1087. return 0;
  1088. }
  1089. EXPORT_SYMBOL(iov_iter_npages);
  1090. const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags)
  1091. {
  1092. *new = *old;
  1093. if (iov_iter_is_bvec(new))
  1094. return new->bvec = kmemdup(new->bvec,
  1095. new->nr_segs * sizeof(struct bio_vec),
  1096. flags);
  1097. else if (iov_iter_is_kvec(new) || iter_is_iovec(new))
  1098. /* iovec and kvec have identical layout */
  1099. return new->__iov = kmemdup(new->__iov,
  1100. new->nr_segs * sizeof(struct iovec),
  1101. flags);
  1102. return NULL;
  1103. }
  1104. EXPORT_SYMBOL(dup_iter);
  1105. static __noclone int copy_compat_iovec_from_user(struct iovec *iov,
  1106. const struct iovec __user *uvec, u32 nr_segs)
  1107. {
  1108. const struct compat_iovec __user *uiov =
  1109. (const struct compat_iovec __user *)uvec;
  1110. int ret = -EFAULT;
  1111. u32 i;
  1112. if (!user_access_begin(uiov, nr_segs * sizeof(*uiov)))
  1113. return -EFAULT;
  1114. for (i = 0; i < nr_segs; i++) {
  1115. compat_uptr_t buf;
  1116. compat_ssize_t len;
  1117. unsafe_get_user(len, &uiov[i].iov_len, uaccess_end);
  1118. unsafe_get_user(buf, &uiov[i].iov_base, uaccess_end);
  1119. /* check for compat_size_t not fitting in compat_ssize_t .. */
  1120. if (len < 0) {
  1121. ret = -EINVAL;
  1122. goto uaccess_end;
  1123. }
  1124. iov[i].iov_base = compat_ptr(buf);
  1125. iov[i].iov_len = len;
  1126. }
  1127. ret = 0;
  1128. uaccess_end:
  1129. user_access_end();
  1130. return ret;
  1131. }
  1132. static __noclone int copy_iovec_from_user(struct iovec *iov,
  1133. const struct iovec __user *uiov, unsigned long nr_segs)
  1134. {
  1135. int ret = -EFAULT;
  1136. if (!user_access_begin(uiov, nr_segs * sizeof(*uiov)))
  1137. return -EFAULT;
  1138. do {
  1139. void __user *buf;
  1140. ssize_t len;
  1141. unsafe_get_user(len, &uiov->iov_len, uaccess_end);
  1142. unsafe_get_user(buf, &uiov->iov_base, uaccess_end);
  1143. /* check for size_t not fitting in ssize_t .. */
  1144. if (unlikely(len < 0)) {
  1145. ret = -EINVAL;
  1146. goto uaccess_end;
  1147. }
  1148. iov->iov_base = buf;
  1149. iov->iov_len = len;
  1150. uiov++; iov++;
  1151. } while (--nr_segs);
  1152. ret = 0;
  1153. uaccess_end:
  1154. user_access_end();
  1155. return ret;
  1156. }
  1157. struct iovec *iovec_from_user(const struct iovec __user *uvec,
  1158. unsigned long nr_segs, unsigned long fast_segs,
  1159. struct iovec *fast_iov, bool compat)
  1160. {
  1161. struct iovec *iov = fast_iov;
  1162. int ret;
  1163. /*
  1164. * SuS says "The readv() function *may* fail if the iovcnt argument was
  1165. * less than or equal to 0, or greater than {IOV_MAX}. Linux has
  1166. * traditionally returned zero for zero segments, so...
  1167. */
  1168. if (nr_segs == 0)
  1169. return iov;
  1170. if (nr_segs > UIO_MAXIOV)
  1171. return ERR_PTR(-EINVAL);
  1172. if (nr_segs > fast_segs) {
  1173. iov = kmalloc_objs(struct iovec, nr_segs);
  1174. if (!iov)
  1175. return ERR_PTR(-ENOMEM);
  1176. }
  1177. if (unlikely(compat))
  1178. ret = copy_compat_iovec_from_user(iov, uvec, nr_segs);
  1179. else
  1180. ret = copy_iovec_from_user(iov, uvec, nr_segs);
  1181. if (ret) {
  1182. if (iov != fast_iov)
  1183. kfree(iov);
  1184. return ERR_PTR(ret);
  1185. }
  1186. return iov;
  1187. }
  1188. /*
  1189. * Single segment iovec supplied by the user, import it as ITER_UBUF.
  1190. */
  1191. static ssize_t __import_iovec_ubuf(int type, const struct iovec __user *uvec,
  1192. struct iovec **iovp, struct iov_iter *i,
  1193. bool compat)
  1194. {
  1195. struct iovec *iov = *iovp;
  1196. ssize_t ret;
  1197. *iovp = NULL;
  1198. if (compat)
  1199. ret = copy_compat_iovec_from_user(iov, uvec, 1);
  1200. else
  1201. ret = copy_iovec_from_user(iov, uvec, 1);
  1202. if (unlikely(ret))
  1203. return ret;
  1204. ret = import_ubuf(type, iov->iov_base, iov->iov_len, i);
  1205. if (unlikely(ret))
  1206. return ret;
  1207. return i->count;
  1208. }
  1209. ssize_t __import_iovec(int type, const struct iovec __user *uvec,
  1210. unsigned nr_segs, unsigned fast_segs, struct iovec **iovp,
  1211. struct iov_iter *i, bool compat)
  1212. {
  1213. ssize_t total_len = 0;
  1214. unsigned long seg;
  1215. struct iovec *iov;
  1216. if (nr_segs == 1)
  1217. return __import_iovec_ubuf(type, uvec, iovp, i, compat);
  1218. iov = iovec_from_user(uvec, nr_segs, fast_segs, *iovp, compat);
  1219. if (IS_ERR(iov)) {
  1220. *iovp = NULL;
  1221. return PTR_ERR(iov);
  1222. }
  1223. /*
  1224. * According to the Single Unix Specification we should return EINVAL if
  1225. * an element length is < 0 when cast to ssize_t or if the total length
  1226. * would overflow the ssize_t return value of the system call.
  1227. *
  1228. * Linux caps all read/write calls to MAX_RW_COUNT, and avoids the
  1229. * overflow case.
  1230. */
  1231. for (seg = 0; seg < nr_segs; seg++) {
  1232. ssize_t len = (ssize_t)iov[seg].iov_len;
  1233. if (!access_ok(iov[seg].iov_base, len)) {
  1234. if (iov != *iovp)
  1235. kfree(iov);
  1236. *iovp = NULL;
  1237. return -EFAULT;
  1238. }
  1239. if (len > MAX_RW_COUNT - total_len) {
  1240. len = MAX_RW_COUNT - total_len;
  1241. iov[seg].iov_len = len;
  1242. }
  1243. total_len += len;
  1244. }
  1245. iov_iter_init(i, type, iov, nr_segs, total_len);
  1246. if (iov == *iovp)
  1247. *iovp = NULL;
  1248. else
  1249. *iovp = iov;
  1250. return total_len;
  1251. }
  1252. /**
  1253. * import_iovec() - Copy an array of &struct iovec from userspace
  1254. * into the kernel, check that it is valid, and initialize a new
  1255. * &struct iov_iter iterator to access it.
  1256. *
  1257. * @type: One of %READ or %WRITE.
  1258. * @uvec: Pointer to the userspace array.
  1259. * @nr_segs: Number of elements in userspace array.
  1260. * @fast_segs: Number of elements in @iov.
  1261. * @iovp: (input and output parameter) Pointer to pointer to (usually small
  1262. * on-stack) kernel array.
  1263. * @i: Pointer to iterator that will be initialized on success.
  1264. *
  1265. * If the array pointed to by *@iov is large enough to hold all @nr_segs,
  1266. * then this function places %NULL in *@iov on return. Otherwise, a new
  1267. * array will be allocated and the result placed in *@iov. This means that
  1268. * the caller may call kfree() on *@iov regardless of whether the small
  1269. * on-stack array was used or not (and regardless of whether this function
  1270. * returns an error or not).
  1271. *
  1272. * Return: Negative error code on error, bytes imported on success
  1273. */
  1274. ssize_t import_iovec(int type, const struct iovec __user *uvec,
  1275. unsigned nr_segs, unsigned fast_segs,
  1276. struct iovec **iovp, struct iov_iter *i)
  1277. {
  1278. return __import_iovec(type, uvec, nr_segs, fast_segs, iovp, i,
  1279. in_compat_syscall());
  1280. }
  1281. EXPORT_SYMBOL(import_iovec);
  1282. int import_ubuf(int rw, void __user *buf, size_t len, struct iov_iter *i)
  1283. {
  1284. if (len > MAX_RW_COUNT)
  1285. len = MAX_RW_COUNT;
  1286. if (unlikely(!access_ok(buf, len)))
  1287. return -EFAULT;
  1288. iov_iter_ubuf(i, rw, buf, len);
  1289. return 0;
  1290. }
  1291. EXPORT_SYMBOL_GPL(import_ubuf);
  1292. /**
  1293. * iov_iter_restore() - Restore a &struct iov_iter to the same state as when
  1294. * iov_iter_save_state() was called.
  1295. *
  1296. * @i: &struct iov_iter to restore
  1297. * @state: state to restore from
  1298. *
  1299. * Used after iov_iter_save_state() to bring restore @i, if operations may
  1300. * have advanced it.
  1301. *
  1302. * Note: only works on ITER_IOVEC, ITER_BVEC, and ITER_KVEC
  1303. */
  1304. void iov_iter_restore(struct iov_iter *i, struct iov_iter_state *state)
  1305. {
  1306. if (WARN_ON_ONCE(!iov_iter_is_bvec(i) && !iter_is_iovec(i) &&
  1307. !iter_is_ubuf(i)) && !iov_iter_is_kvec(i))
  1308. return;
  1309. i->iov_offset = state->iov_offset;
  1310. i->count = state->count;
  1311. if (iter_is_ubuf(i))
  1312. return;
  1313. /*
  1314. * For the *vec iters, nr_segs + iov is constant - if we increment
  1315. * the vec, then we also decrement the nr_segs count. Hence we don't
  1316. * need to track both of these, just one is enough and we can deduct
  1317. * the other from that. ITER_KVEC and ITER_IOVEC are the same struct
  1318. * size, so we can just increment the iov pointer as they are unionzed.
  1319. * ITER_BVEC _may_ be the same size on some archs, but on others it is
  1320. * not. Be safe and handle it separately.
  1321. */
  1322. BUILD_BUG_ON(sizeof(struct iovec) != sizeof(struct kvec));
  1323. if (iov_iter_is_bvec(i))
  1324. i->bvec -= state->nr_segs - i->nr_segs;
  1325. else
  1326. i->__iov -= state->nr_segs - i->nr_segs;
  1327. i->nr_segs = state->nr_segs;
  1328. }
  1329. /*
  1330. * Extract a list of contiguous pages from an ITER_FOLIOQ iterator. This does
  1331. * not get references on the pages, nor does it get a pin on them.
  1332. */
  1333. static ssize_t iov_iter_extract_folioq_pages(struct iov_iter *i,
  1334. struct page ***pages, size_t maxsize,
  1335. unsigned int maxpages,
  1336. iov_iter_extraction_t extraction_flags,
  1337. size_t *offset0)
  1338. {
  1339. const struct folio_queue *folioq = i->folioq;
  1340. struct page **p;
  1341. unsigned int nr = 0;
  1342. size_t extracted = 0, offset, slot = i->folioq_slot;
  1343. if (slot >= folioq_nr_slots(folioq)) {
  1344. folioq = folioq->next;
  1345. slot = 0;
  1346. if (WARN_ON(i->iov_offset != 0))
  1347. return -EIO;
  1348. }
  1349. offset = i->iov_offset & ~PAGE_MASK;
  1350. *offset0 = offset;
  1351. maxpages = want_pages_array(pages, maxsize, offset, maxpages);
  1352. if (!maxpages)
  1353. return -ENOMEM;
  1354. p = *pages;
  1355. for (;;) {
  1356. struct folio *folio = folioq_folio(folioq, slot);
  1357. size_t offset = i->iov_offset, fsize = folioq_folio_size(folioq, slot);
  1358. size_t part = PAGE_SIZE - offset % PAGE_SIZE;
  1359. if (offset < fsize) {
  1360. part = umin(part, umin(maxsize - extracted, fsize - offset));
  1361. i->count -= part;
  1362. i->iov_offset += part;
  1363. extracted += part;
  1364. p[nr++] = folio_page(folio, offset / PAGE_SIZE);
  1365. }
  1366. if (nr >= maxpages || extracted >= maxsize)
  1367. break;
  1368. if (i->iov_offset >= fsize) {
  1369. i->iov_offset = 0;
  1370. slot++;
  1371. if (slot == folioq_nr_slots(folioq) && folioq->next) {
  1372. folioq = folioq->next;
  1373. slot = 0;
  1374. }
  1375. }
  1376. }
  1377. i->folioq = folioq;
  1378. i->folioq_slot = slot;
  1379. return extracted;
  1380. }
  1381. /*
  1382. * Extract a list of contiguous pages from an ITER_XARRAY iterator. This does not
  1383. * get references on the pages, nor does it get a pin on them.
  1384. */
  1385. static ssize_t iov_iter_extract_xarray_pages(struct iov_iter *i,
  1386. struct page ***pages, size_t maxsize,
  1387. unsigned int maxpages,
  1388. iov_iter_extraction_t extraction_flags,
  1389. size_t *offset0)
  1390. {
  1391. struct page **p;
  1392. struct folio *folio;
  1393. unsigned int nr = 0, offset;
  1394. loff_t pos = i->xarray_start + i->iov_offset;
  1395. XA_STATE(xas, i->xarray, pos >> PAGE_SHIFT);
  1396. offset = pos & ~PAGE_MASK;
  1397. *offset0 = offset;
  1398. maxpages = want_pages_array(pages, maxsize, offset, maxpages);
  1399. if (!maxpages)
  1400. return -ENOMEM;
  1401. p = *pages;
  1402. rcu_read_lock();
  1403. for (folio = xas_load(&xas); folio; folio = xas_next(&xas)) {
  1404. if (xas_retry(&xas, folio))
  1405. continue;
  1406. /* Has the folio moved or been split? */
  1407. if (unlikely(folio != xas_reload(&xas))) {
  1408. xas_reset(&xas);
  1409. continue;
  1410. }
  1411. p[nr++] = folio_file_page(folio, xas.xa_index);
  1412. if (nr == maxpages)
  1413. break;
  1414. }
  1415. rcu_read_unlock();
  1416. maxsize = min_t(size_t, nr * PAGE_SIZE - offset, maxsize);
  1417. iov_iter_advance(i, maxsize);
  1418. return maxsize;
  1419. }
  1420. /*
  1421. * Extract a list of virtually contiguous pages from an ITER_BVEC iterator.
  1422. * This does not get references on the pages, nor does it get a pin on them.
  1423. */
  1424. static ssize_t iov_iter_extract_bvec_pages(struct iov_iter *i,
  1425. struct page ***pages, size_t maxsize,
  1426. unsigned int maxpages,
  1427. iov_iter_extraction_t extraction_flags,
  1428. size_t *offset0)
  1429. {
  1430. size_t skip = i->iov_offset, size = 0;
  1431. struct bvec_iter bi;
  1432. int k = 0;
  1433. if (i->nr_segs == 0)
  1434. return 0;
  1435. if (i->iov_offset == i->bvec->bv_len) {
  1436. i->iov_offset = 0;
  1437. i->nr_segs--;
  1438. i->bvec++;
  1439. skip = 0;
  1440. }
  1441. bi.bi_idx = 0;
  1442. bi.bi_size = maxsize;
  1443. bi.bi_bvec_done = skip;
  1444. maxpages = want_pages_array(pages, maxsize, skip, maxpages);
  1445. while (bi.bi_size && bi.bi_idx < i->nr_segs) {
  1446. struct bio_vec bv = bvec_iter_bvec(i->bvec, bi);
  1447. /*
  1448. * The iov_iter_extract_pages interface only allows an offset
  1449. * into the first page. Break out of the loop if we see an
  1450. * offset into subsequent pages, the caller will have to call
  1451. * iov_iter_extract_pages again for the reminder.
  1452. */
  1453. if (k) {
  1454. if (bv.bv_offset)
  1455. break;
  1456. } else {
  1457. *offset0 = bv.bv_offset;
  1458. }
  1459. (*pages)[k++] = bv.bv_page;
  1460. size += bv.bv_len;
  1461. if (k >= maxpages)
  1462. break;
  1463. /*
  1464. * We are done when the end of the bvec doesn't align to a page
  1465. * boundary as that would create a hole in the returned space.
  1466. * The caller will handle this with another call to
  1467. * iov_iter_extract_pages.
  1468. */
  1469. if (bv.bv_offset + bv.bv_len != PAGE_SIZE)
  1470. break;
  1471. bvec_iter_advance_single(i->bvec, &bi, bv.bv_len);
  1472. }
  1473. iov_iter_advance(i, size);
  1474. return size;
  1475. }
  1476. /*
  1477. * Extract a list of virtually contiguous pages from an ITER_KVEC iterator.
  1478. * This does not get references on the pages, nor does it get a pin on them.
  1479. */
  1480. static ssize_t iov_iter_extract_kvec_pages(struct iov_iter *i,
  1481. struct page ***pages, size_t maxsize,
  1482. unsigned int maxpages,
  1483. iov_iter_extraction_t extraction_flags,
  1484. size_t *offset0)
  1485. {
  1486. struct page **p, *page;
  1487. const void *kaddr;
  1488. size_t skip = i->iov_offset, offset, len, size;
  1489. int k;
  1490. for (;;) {
  1491. if (i->nr_segs == 0)
  1492. return 0;
  1493. size = min(maxsize, i->kvec->iov_len - skip);
  1494. if (size)
  1495. break;
  1496. i->iov_offset = 0;
  1497. i->nr_segs--;
  1498. i->kvec++;
  1499. skip = 0;
  1500. }
  1501. kaddr = i->kvec->iov_base + skip;
  1502. offset = (unsigned long)kaddr & ~PAGE_MASK;
  1503. *offset0 = offset;
  1504. maxpages = want_pages_array(pages, size, offset, maxpages);
  1505. if (!maxpages)
  1506. return -ENOMEM;
  1507. p = *pages;
  1508. kaddr -= offset;
  1509. len = offset + size;
  1510. for (k = 0; k < maxpages; k++) {
  1511. size_t seg = min_t(size_t, len, PAGE_SIZE);
  1512. if (is_vmalloc_or_module_addr(kaddr))
  1513. page = vmalloc_to_page(kaddr);
  1514. else
  1515. page = virt_to_page(kaddr);
  1516. p[k] = page;
  1517. len -= seg;
  1518. kaddr += PAGE_SIZE;
  1519. }
  1520. size = min_t(size_t, size, maxpages * PAGE_SIZE - offset);
  1521. iov_iter_advance(i, size);
  1522. return size;
  1523. }
  1524. /*
  1525. * Extract a list of contiguous pages from a user iterator and get a pin on
  1526. * each of them. This should only be used if the iterator is user-backed
  1527. * (IOBUF/UBUF).
  1528. *
  1529. * It does not get refs on the pages, but the pages must be unpinned by the
  1530. * caller once the transfer is complete.
  1531. *
  1532. * This is safe to be used where background IO/DMA *is* going to be modifying
  1533. * the buffer; using a pin rather than a ref makes forces fork() to give the
  1534. * child a copy of the page.
  1535. */
  1536. static ssize_t iov_iter_extract_user_pages(struct iov_iter *i,
  1537. struct page ***pages,
  1538. size_t maxsize,
  1539. unsigned int maxpages,
  1540. iov_iter_extraction_t extraction_flags,
  1541. size_t *offset0)
  1542. {
  1543. unsigned long addr;
  1544. unsigned int gup_flags = 0;
  1545. size_t offset;
  1546. int res;
  1547. if (i->data_source == ITER_DEST)
  1548. gup_flags |= FOLL_WRITE;
  1549. if (extraction_flags & ITER_ALLOW_P2PDMA)
  1550. gup_flags |= FOLL_PCI_P2PDMA;
  1551. if (i->nofault)
  1552. gup_flags |= FOLL_NOFAULT;
  1553. addr = first_iovec_segment(i, &maxsize);
  1554. *offset0 = offset = addr % PAGE_SIZE;
  1555. addr &= PAGE_MASK;
  1556. maxpages = want_pages_array(pages, maxsize, offset, maxpages);
  1557. if (!maxpages)
  1558. return -ENOMEM;
  1559. res = pin_user_pages_fast(addr, maxpages, gup_flags, *pages);
  1560. if (unlikely(res <= 0))
  1561. return res;
  1562. maxsize = min_t(size_t, maxsize, res * PAGE_SIZE - offset);
  1563. iov_iter_advance(i, maxsize);
  1564. return maxsize;
  1565. }
  1566. /**
  1567. * iov_iter_extract_pages - Extract a list of contiguous pages from an iterator
  1568. * @i: The iterator to extract from
  1569. * @pages: Where to return the list of pages
  1570. * @maxsize: The maximum amount of iterator to extract
  1571. * @maxpages: The maximum size of the list of pages
  1572. * @extraction_flags: Flags to qualify request
  1573. * @offset0: Where to return the starting offset into (*@pages)[0]
  1574. *
  1575. * Extract a list of contiguous pages from the current point of the iterator,
  1576. * advancing the iterator. The maximum number of pages and the maximum amount
  1577. * of page contents can be set.
  1578. *
  1579. * If *@pages is NULL, a page list will be allocated to the required size and
  1580. * *@pages will be set to its base. If *@pages is not NULL, it will be assumed
  1581. * that the caller allocated a page list at least @maxpages in size and this
  1582. * will be filled in.
  1583. *
  1584. * @extraction_flags can have ITER_ALLOW_P2PDMA set to request peer-to-peer DMA
  1585. * be allowed on the pages extracted.
  1586. *
  1587. * The iov_iter_extract_will_pin() function can be used to query how cleanup
  1588. * should be performed.
  1589. *
  1590. * Extra refs or pins on the pages may be obtained as follows:
  1591. *
  1592. * (*) If the iterator is user-backed (ITER_IOVEC/ITER_UBUF), pins will be
  1593. * added to the pages, but refs will not be taken.
  1594. * iov_iter_extract_will_pin() will return true.
  1595. *
  1596. * (*) If the iterator is ITER_KVEC, ITER_BVEC, ITER_FOLIOQ or ITER_XARRAY, the
  1597. * pages are merely listed; no extra refs or pins are obtained.
  1598. * iov_iter_extract_will_pin() will return 0.
  1599. *
  1600. * Note also:
  1601. *
  1602. * (*) Use with ITER_DISCARD is not supported as that has no content.
  1603. *
  1604. * On success, the function sets *@pages to the new pagelist, if allocated, and
  1605. * sets *offset0 to the offset into the first page.
  1606. *
  1607. * It may also return -ENOMEM and -EFAULT.
  1608. */
  1609. ssize_t iov_iter_extract_pages(struct iov_iter *i,
  1610. struct page ***pages,
  1611. size_t maxsize,
  1612. unsigned int maxpages,
  1613. iov_iter_extraction_t extraction_flags,
  1614. size_t *offset0)
  1615. {
  1616. maxsize = min_t(size_t, min_t(size_t, maxsize, i->count), MAX_RW_COUNT);
  1617. if (!maxsize)
  1618. return 0;
  1619. if (likely(user_backed_iter(i)))
  1620. return iov_iter_extract_user_pages(i, pages, maxsize,
  1621. maxpages, extraction_flags,
  1622. offset0);
  1623. if (iov_iter_is_kvec(i))
  1624. return iov_iter_extract_kvec_pages(i, pages, maxsize,
  1625. maxpages, extraction_flags,
  1626. offset0);
  1627. if (iov_iter_is_bvec(i))
  1628. return iov_iter_extract_bvec_pages(i, pages, maxsize,
  1629. maxpages, extraction_flags,
  1630. offset0);
  1631. if (iov_iter_is_folioq(i))
  1632. return iov_iter_extract_folioq_pages(i, pages, maxsize,
  1633. maxpages, extraction_flags,
  1634. offset0);
  1635. if (iov_iter_is_xarray(i))
  1636. return iov_iter_extract_xarray_pages(i, pages, maxsize,
  1637. maxpages, extraction_flags,
  1638. offset0);
  1639. return -EFAULT;
  1640. }
  1641. EXPORT_SYMBOL_GPL(iov_iter_extract_pages);
  1642. static unsigned int get_contig_folio_len(struct page **pages,
  1643. unsigned int *num_pages, size_t left, size_t offset)
  1644. {
  1645. struct folio *folio = page_folio(pages[0]);
  1646. size_t contig_sz = min_t(size_t, PAGE_SIZE - offset, left);
  1647. unsigned int max_pages, i;
  1648. size_t folio_offset, len;
  1649. folio_offset = PAGE_SIZE * folio_page_idx(folio, pages[0]) + offset;
  1650. len = min(folio_size(folio) - folio_offset, left);
  1651. /*
  1652. * We might COW a single page in the middle of a large folio, so we have
  1653. * to check that all pages belong to the same folio.
  1654. */
  1655. left -= contig_sz;
  1656. max_pages = DIV_ROUND_UP(offset + len, PAGE_SIZE);
  1657. for (i = 1; i < max_pages; i++) {
  1658. size_t next = min_t(size_t, PAGE_SIZE, left);
  1659. if (page_folio(pages[i]) != folio ||
  1660. pages[i] != pages[i - 1] + 1)
  1661. break;
  1662. contig_sz += next;
  1663. left -= next;
  1664. }
  1665. *num_pages = i;
  1666. return contig_sz;
  1667. }
  1668. #define PAGE_PTRS_PER_BVEC (sizeof(struct bio_vec) / sizeof(struct page *))
  1669. /**
  1670. * iov_iter_extract_bvecs - Extract bvecs from an iterator
  1671. * @iter: the iterator to extract from
  1672. * @bv: bvec return array
  1673. * @max_size: maximum size to extract from @iter
  1674. * @nr_vecs: number of vectors in @bv (on in and output)
  1675. * @max_vecs: maximum vectors in @bv, including those filled before calling
  1676. * @extraction_flags: flags to qualify request
  1677. *
  1678. * Like iov_iter_extract_pages(), but returns physically contiguous ranges
  1679. * contained in a single folio as a single bvec instead of multiple entries.
  1680. *
  1681. * Returns the number of bytes extracted when successful, or a negative errno.
  1682. * If @nr_vecs was non-zero on entry, the number of successfully extracted bytes
  1683. * can be 0.
  1684. */
  1685. ssize_t iov_iter_extract_bvecs(struct iov_iter *iter, struct bio_vec *bv,
  1686. size_t max_size, unsigned short *nr_vecs,
  1687. unsigned short max_vecs, iov_iter_extraction_t extraction_flags)
  1688. {
  1689. unsigned short entries_left = max_vecs - *nr_vecs;
  1690. unsigned short nr_pages, i = 0;
  1691. size_t left, offset, len;
  1692. struct page **pages;
  1693. ssize_t size;
  1694. /*
  1695. * Move page array up in the allocated memory for the bio vecs as far as
  1696. * possible so that we can start filling biovecs from the beginning
  1697. * without overwriting the temporary page array.
  1698. */
  1699. BUILD_BUG_ON(PAGE_PTRS_PER_BVEC < 2);
  1700. pages = (struct page **)(bv + *nr_vecs) +
  1701. entries_left * (PAGE_PTRS_PER_BVEC - 1);
  1702. size = iov_iter_extract_pages(iter, &pages, max_size, entries_left,
  1703. extraction_flags, &offset);
  1704. if (unlikely(size <= 0))
  1705. return size ? size : -EFAULT;
  1706. nr_pages = DIV_ROUND_UP(offset + size, PAGE_SIZE);
  1707. for (left = size; left > 0; left -= len) {
  1708. unsigned int nr_to_add;
  1709. if (*nr_vecs > 0 &&
  1710. !zone_device_pages_have_same_pgmap(bv[*nr_vecs - 1].bv_page,
  1711. pages[i]))
  1712. break;
  1713. len = get_contig_folio_len(&pages[i], &nr_to_add, left, offset);
  1714. bvec_set_page(&bv[*nr_vecs], pages[i], len, offset);
  1715. i += nr_to_add;
  1716. (*nr_vecs)++;
  1717. offset = 0;
  1718. }
  1719. iov_iter_revert(iter, left);
  1720. if (iov_iter_extract_will_pin(iter)) {
  1721. while (i < nr_pages)
  1722. unpin_user_page(pages[i++]);
  1723. }
  1724. return size - left;
  1725. }
  1726. EXPORT_SYMBOL_GPL(iov_iter_extract_bvecs);