1 // SPDX-License-Identifier: GPL-2.0-only
2 #include <linux/export.h>
3 #include <linux/bvec.h>
4 #include <linux/uio.h>
5 #include <linux/pagemap.h>
6 #include <linux/slab.h>
7 #include <linux/vmalloc.h>
8 #include <linux/splice.h>
9 #include <net/checksum.h>
10 #include <linux/scatterlist.h>
11
12 #define PIPE_PARANOIA /* for now */
13
14 #define iterate_iovec(i, n, __v, __p, skip, STEP) { \
15 size_t left; \
16 size_t wanted = n; \
17 __p = i->iov; \
18 __v.iov_len = min(n, __p->iov_len - skip); \
19 if (likely(__v.iov_len)) { \
20 __v.iov_base = __p->iov_base + skip; \
21 left = (STEP); \
22 __v.iov_len -= left; \
23 skip += __v.iov_len; \
24 n -= __v.iov_len; \
25 } else { \
26 left = 0; \
27 } \
28 while (unlikely(!left && n)) { \
29 __p++; \
30 __v.iov_len = min(n, __p->iov_len); \
31 if (unlikely(!__v.iov_len)) \
32 continue; \
33 __v.iov_base = __p->iov_base; \
34 left = (STEP); \
35 __v.iov_len -= left; \
36 skip = __v.iov_len; \
37 n -= __v.iov_len; \
38 } \
39 n = wanted - n; \
40 }
41
42 #define iterate_kvec(i, n, __v, __p, skip, STEP) { \
43 size_t wanted = n; \
44 __p = i->kvec; \
45 __v.iov_len = min(n, __p->iov_len - skip); \
46 if (likely(__v.iov_len)) { \
47 __v.iov_base = __p->iov_base + skip; \
48 (void)(STEP); \
49 skip += __v.iov_len; \
50 n -= __v.iov_len; \
51 } \
52 while (unlikely(n)) { \
53 __p++; \
54 __v.iov_len = min(n, __p->iov_len); \
55 if (unlikely(!__v.iov_len)) \
56 continue; \
57 __v.iov_base = __p->iov_base; \
58 (void)(STEP); \
59 skip = __v.iov_len; \
60 n -= __v.iov_len; \
61 } \
62 n = wanted; \
63 }
64
65 #define iterate_bvec(i, n, __v, __bi, skip, STEP) { \
66 struct bvec_iter __start; \
67 __start.bi_size = n; \
68 __start.bi_bvec_done = skip; \
69 __start.bi_idx = 0; \
70 for_each_bvec(__v, i->bvec, __bi, __start) { \
71 if (!__v.bv_len) \
72 continue; \
73 (void)(STEP); \
74 } \
75 }
76
77 #define iterate_all_kinds(i, n, v, I, B, K) { \
78 if (likely(n)) { \
79 size_t skip = i->iov_offset; \
80 if (unlikely(i->type & ITER_BVEC)) { \
81 struct bio_vec v; \
82 struct bvec_iter __bi; \
83 iterate_bvec(i, n, v, __bi, skip, (B)) \
84 } else if (unlikely(i->type & ITER_KVEC)) { \
85 const struct kvec *kvec; \
86 struct kvec v; \
87 iterate_kvec(i, n, v, kvec, skip, (K)) \
88 } else if (unlikely(i->type & ITER_DISCARD)) { \
89 } else { \
90 const struct iovec *iov; \
91 struct iovec v; \
92 iterate_iovec(i, n, v, iov, skip, (I)) \
93 } \
94 } \
95 }
96
97 #define iterate_and_advance(i, n, v, I, B, K) { \
98 if (unlikely(i->count < n)) \
99 n = i->count; \
100 if (i->count) { \
101 size_t skip = i->iov_offset; \
102 if (unlikely(i->type & ITER_BVEC)) { \
103 const struct bio_vec *bvec = i->bvec; \
104 struct bio_vec v; \
105 struct bvec_iter __bi; \
106 iterate_bvec(i, n, v, __bi, skip, (B)) \
107 i->bvec = __bvec_iter_bvec(i->bvec, __bi); \
108 i->nr_segs -= i->bvec - bvec; \
109 skip = __bi.bi_bvec_done; \
110 } else if (unlikely(i->type & ITER_KVEC)) { \
111 const struct kvec *kvec; \
112 struct kvec v; \
113 iterate_kvec(i, n, v, kvec, skip, (K)) \
114 if (skip == kvec->iov_len) { \
115 kvec++; \
116 skip = 0; \
117 } \
118 i->nr_segs -= kvec - i->kvec; \
119 i->kvec = kvec; \
120 } else if (unlikely(i->type & ITER_DISCARD)) { \
121 skip += n; \
122 } else { \
123 const struct iovec *iov; \
124 struct iovec v; \
125 iterate_iovec(i, n, v, iov, skip, (I)) \
126 if (skip == iov->iov_len) { \
127 iov++; \
128 skip = 0; \
129 } \
130 i->nr_segs -= iov - i->iov; \
131 i->iov = iov; \
132 } \
133 i->count -= n; \
134 i->iov_offset = skip; \
135 } \
136 }
137
copyout(void __user * to,const void * from,size_t n)138 static int copyout(void __user *to, const void *from, size_t n)
139 {
140 if (access_ok(to, n)) {
141 kasan_check_read(from, n);
142 n = raw_copy_to_user(to, from, n);
143 }
144 return n;
145 }
146
copyin(void * to,const void __user * from,size_t n)147 static int copyin(void *to, const void __user *from, size_t n)
148 {
149 if (access_ok(from, n)) {
150 kasan_check_write(to, n);
151 n = raw_copy_from_user(to, from, n);
152 }
153 return n;
154 }
155
copy_page_to_iter_iovec(struct page * page,size_t offset,size_t bytes,struct iov_iter * i)156 static size_t copy_page_to_iter_iovec(struct page *page, size_t offset, size_t bytes,
157 struct iov_iter *i)
158 {
159 size_t skip, copy, left, wanted;
160 const struct iovec *iov;
161 char __user *buf;
162 void *kaddr, *from;
163
164 if (unlikely(bytes > i->count))
165 bytes = i->count;
166
167 if (unlikely(!bytes))
168 return 0;
169
170 might_fault();
171 wanted = bytes;
172 iov = i->iov;
173 skip = i->iov_offset;
174 buf = iov->iov_base + skip;
175 copy = min(bytes, iov->iov_len - skip);
176
177 if (IS_ENABLED(CONFIG_HIGHMEM) && !fault_in_pages_writeable(buf, copy)) {
178 kaddr = kmap_atomic(page);
179 from = kaddr + offset;
180
181 /* first chunk, usually the only one */
182 left = copyout(buf, from, copy);
183 copy -= left;
184 skip += copy;
185 from += copy;
186 bytes -= copy;
187
188 while (unlikely(!left && bytes)) {
189 iov++;
190 buf = iov->iov_base;
191 copy = min(bytes, iov->iov_len);
192 left = copyout(buf, from, copy);
193 copy -= left;
194 skip = copy;
195 from += copy;
196 bytes -= copy;
197 }
198 if (likely(!bytes)) {
199 kunmap_atomic(kaddr);
200 goto done;
201 }
202 offset = from - kaddr;
203 buf += copy;
204 kunmap_atomic(kaddr);
205 copy = min(bytes, iov->iov_len - skip);
206 }
207 /* Too bad - revert to non-atomic kmap */
208
209 kaddr = kmap(page);
210 from = kaddr + offset;
211 left = copyout(buf, from, copy);
212 copy -= left;
213 skip += copy;
214 from += copy;
215 bytes -= copy;
216 while (unlikely(!left && bytes)) {
217 iov++;
218 buf = iov->iov_base;
219 copy = min(bytes, iov->iov_len);
220 left = copyout(buf, from, copy);
221 copy -= left;
222 skip = copy;
223 from += copy;
224 bytes -= copy;
225 }
226 kunmap(page);
227
228 done:
229 if (skip == iov->iov_len) {
230 iov++;
231 skip = 0;
232 }
233 i->count -= wanted - bytes;
234 i->nr_segs -= iov - i->iov;
235 i->iov = iov;
236 i->iov_offset = skip;
237 return wanted - bytes;
238 }
239
copy_page_from_iter_iovec(struct page * page,size_t offset,size_t bytes,struct iov_iter * i)240 static size_t copy_page_from_iter_iovec(struct page *page, size_t offset, size_t bytes,
241 struct iov_iter *i)
242 {
243 size_t skip, copy, left, wanted;
244 const struct iovec *iov;
245 char __user *buf;
246 void *kaddr, *to;
247
248 if (unlikely(bytes > i->count))
249 bytes = i->count;
250
251 if (unlikely(!bytes))
252 return 0;
253
254 might_fault();
255 wanted = bytes;
256 iov = i->iov;
257 skip = i->iov_offset;
258 buf = iov->iov_base + skip;
259 copy = min(bytes, iov->iov_len - skip);
260
261 if (IS_ENABLED(CONFIG_HIGHMEM) && !fault_in_pages_readable(buf, copy)) {
262 kaddr = kmap_atomic(page);
263 to = kaddr + offset;
264
265 /* first chunk, usually the only one */
266 left = copyin(to, buf, copy);
267 copy -= left;
268 skip += copy;
269 to += copy;
270 bytes -= copy;
271
272 while (unlikely(!left && bytes)) {
273 iov++;
274 buf = iov->iov_base;
275 copy = min(bytes, iov->iov_len);
276 left = copyin(to, buf, copy);
277 copy -= left;
278 skip = copy;
279 to += copy;
280 bytes -= copy;
281 }
282 if (likely(!bytes)) {
283 kunmap_atomic(kaddr);
284 goto done;
285 }
286 offset = to - kaddr;
287 buf += copy;
288 kunmap_atomic(kaddr);
289 copy = min(bytes, iov->iov_len - skip);
290 }
291 /* Too bad - revert to non-atomic kmap */
292
293 kaddr = kmap(page);
294 to = kaddr + offset;
295 left = copyin(to, buf, copy);
296 copy -= left;
297 skip += copy;
298 to += copy;
299 bytes -= copy;
300 while (unlikely(!left && bytes)) {
301 iov++;
302 buf = iov->iov_base;
303 copy = min(bytes, iov->iov_len);
304 left = copyin(to, buf, copy);
305 copy -= left;
306 skip = copy;
307 to += copy;
308 bytes -= copy;
309 }
310 kunmap(page);
311
312 done:
313 if (skip == iov->iov_len) {
314 iov++;
315 skip = 0;
316 }
317 i->count -= wanted - bytes;
318 i->nr_segs -= iov - i->iov;
319 i->iov = iov;
320 i->iov_offset = skip;
321 return wanted - bytes;
322 }
323
324 #ifdef PIPE_PARANOIA
sanity(const struct iov_iter * i)325 static bool sanity(const struct iov_iter *i)
326 {
327 struct pipe_inode_info *pipe = i->pipe;
328 int idx = i->idx;
329 int next = pipe->curbuf + pipe->nrbufs;
330 if (i->iov_offset) {
331 struct pipe_buffer *p;
332 if (unlikely(!pipe->nrbufs))
333 goto Bad; // pipe must be non-empty
334 if (unlikely(idx != ((next - 1) & (pipe->buffers - 1))))
335 goto Bad; // must be at the last buffer...
336
337 p = &pipe->bufs[idx];
338 if (unlikely(p->offset + p->len != i->iov_offset))
339 goto Bad; // ... at the end of segment
340 } else {
341 if (idx != (next & (pipe->buffers - 1)))
342 goto Bad; // must be right after the last buffer
343 }
344 return true;
345 Bad:
346 printk(KERN_ERR "idx = %d, offset = %zd\n", i->idx, i->iov_offset);
347 printk(KERN_ERR "curbuf = %d, nrbufs = %d, buffers = %d\n",
348 pipe->curbuf, pipe->nrbufs, pipe->buffers);
349 for (idx = 0; idx < pipe->buffers; idx++)
350 printk(KERN_ERR "[%p %p %d %d]\n",
351 pipe->bufs[idx].ops,
352 pipe->bufs[idx].page,
353 pipe->bufs[idx].offset,
354 pipe->bufs[idx].len);
355 WARN_ON(1);
356 return false;
357 }
358 #else
359 #define sanity(i) true
360 #endif
361
next_idx(int idx,struct pipe_inode_info * pipe)362 static inline int next_idx(int idx, struct pipe_inode_info *pipe)
363 {
364 return (idx + 1) & (pipe->buffers - 1);
365 }
366
copy_page_to_iter_pipe(struct page * page,size_t offset,size_t bytes,struct iov_iter * i)367 static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t bytes,
368 struct iov_iter *i)
369 {
370 struct pipe_inode_info *pipe = i->pipe;
371 struct pipe_buffer *buf;
372 size_t off;
373 int idx;
374
375 if (unlikely(bytes > i->count))
376 bytes = i->count;
377
378 if (unlikely(!bytes))
379 return 0;
380
381 if (!sanity(i))
382 return 0;
383
384 off = i->iov_offset;
385 idx = i->idx;
386 buf = &pipe->bufs[idx];
387 if (off) {
388 if (offset == off && buf->page == page) {
389 /* merge with the last one */
390 buf->len += bytes;
391 i->iov_offset += bytes;
392 goto out;
393 }
394 idx = next_idx(idx, pipe);
395 buf = &pipe->bufs[idx];
396 }
397 if (idx == pipe->curbuf && pipe->nrbufs)
398 return 0;
399 pipe->nrbufs++;
400 buf->ops = &page_cache_pipe_buf_ops;
401 get_page(buf->page = page);
402 buf->offset = offset;
403 buf->len = bytes;
404 i->iov_offset = offset + bytes;
405 i->idx = idx;
406 out:
407 i->count -= bytes;
408 return bytes;
409 }
410
411 /*
412 * Fault in one or more iovecs of the given iov_iter, to a maximum length of
413 * bytes. For each iovec, fault in each page that constitutes the iovec.
414 *
415 * Return 0 on success, or non-zero if the memory could not be accessed (i.e.
416 * because it is an invalid address).
417 */
iov_iter_fault_in_readable(struct iov_iter * i,size_t bytes)418 int iov_iter_fault_in_readable(struct iov_iter *i, size_t bytes)
419 {
420 size_t skip = i->iov_offset;
421 const struct iovec *iov;
422 int err;
423 struct iovec v;
424
425 if (!(i->type & (ITER_BVEC|ITER_KVEC))) {
426 iterate_iovec(i, bytes, v, iov, skip, ({
427 err = fault_in_pages_readable(v.iov_base, v.iov_len);
428 if (unlikely(err))
429 return err;
430 0;}))
431 }
432 return 0;
433 }
434 EXPORT_SYMBOL(iov_iter_fault_in_readable);
435
iov_iter_init(struct iov_iter * i,unsigned int direction,const struct iovec * iov,unsigned long nr_segs,size_t count)436 void iov_iter_init(struct iov_iter *i, unsigned int direction,
437 const struct iovec *iov, unsigned long nr_segs,
438 size_t count)
439 {
440 WARN_ON(direction & ~(READ | WRITE));
441 direction &= READ | WRITE;
442
443 /* It will get better. Eventually... */
444 if (uaccess_kernel()) {
445 i->type = ITER_KVEC | direction;
446 i->kvec = (struct kvec *)iov;
447 } else {
448 i->type = ITER_IOVEC | direction;
449 i->iov = iov;
450 }
451 i->nr_segs = nr_segs;
452 i->iov_offset = 0;
453 i->count = count;
454 }
455 EXPORT_SYMBOL(iov_iter_init);
456
memcpy_from_page(char * to,struct page * page,size_t offset,size_t len)457 static void memcpy_from_page(char *to, struct page *page, size_t offset, size_t len)
458 {
459 char *from = kmap_atomic(page);
460 memcpy(to, from + offset, len);
461 kunmap_atomic(from);
462 }
463
memcpy_to_page(struct page * page,size_t offset,const char * from,size_t len)464 static void memcpy_to_page(struct page *page, size_t offset, const char *from, size_t len)
465 {
466 char *to = kmap_atomic(page);
467 memcpy(to + offset, from, len);
468 kunmap_atomic(to);
469 }
470
memzero_page(struct page * page,size_t offset,size_t len)471 static void memzero_page(struct page *page, size_t offset, size_t len)
472 {
473 char *addr = kmap_atomic(page);
474 memset(addr + offset, 0, len);
475 kunmap_atomic(addr);
476 }
477
allocated(struct pipe_buffer * buf)478 static inline bool allocated(struct pipe_buffer *buf)
479 {
480 return buf->ops == &default_pipe_buf_ops;
481 }
482
data_start(const struct iov_iter * i,int * idxp,size_t * offp)483 static inline void data_start(const struct iov_iter *i, int *idxp, size_t *offp)
484 {
485 size_t off = i->iov_offset;
486 int idx = i->idx;
487 if (off && (!allocated(&i->pipe->bufs[idx]) || off == PAGE_SIZE)) {
488 idx = next_idx(idx, i->pipe);
489 off = 0;
490 }
491 *idxp = idx;
492 *offp = off;
493 }
494
push_pipe(struct iov_iter * i,size_t size,int * idxp,size_t * offp)495 static size_t push_pipe(struct iov_iter *i, size_t size,
496 int *idxp, size_t *offp)
497 {
498 struct pipe_inode_info *pipe = i->pipe;
499 size_t off;
500 int idx;
501 ssize_t left;
502
503 if (unlikely(size > i->count))
504 size = i->count;
505 if (unlikely(!size))
506 return 0;
507
508 left = size;
509 data_start(i, &idx, &off);
510 *idxp = idx;
511 *offp = off;
512 if (off) {
513 left -= PAGE_SIZE - off;
514 if (left <= 0) {
515 pipe->bufs[idx].len += size;
516 return size;
517 }
518 pipe->bufs[idx].len = PAGE_SIZE;
519 idx = next_idx(idx, pipe);
520 }
521 while (idx != pipe->curbuf || !pipe->nrbufs) {
522 struct page *page = alloc_page(GFP_USER);
523 if (!page)
524 break;
525 pipe->nrbufs++;
526 pipe->bufs[idx].ops = &default_pipe_buf_ops;
527 pipe->bufs[idx].page = page;
528 pipe->bufs[idx].offset = 0;
529 if (left <= PAGE_SIZE) {
530 pipe->bufs[idx].len = left;
531 return size;
532 }
533 pipe->bufs[idx].len = PAGE_SIZE;
534 left -= PAGE_SIZE;
535 idx = next_idx(idx, pipe);
536 }
537 return size - left;
538 }
539
copy_pipe_to_iter(const void * addr,size_t bytes,struct iov_iter * i)540 static size_t copy_pipe_to_iter(const void *addr, size_t bytes,
541 struct iov_iter *i)
542 {
543 struct pipe_inode_info *pipe = i->pipe;
544 size_t n, off;
545 int idx;
546
547 if (!sanity(i))
548 return 0;
549
550 bytes = n = push_pipe(i, bytes, &idx, &off);
551 if (unlikely(!n))
552 return 0;
553 for ( ; n; idx = next_idx(idx, pipe), off = 0) {
554 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
555 memcpy_to_page(pipe->bufs[idx].page, off, addr, chunk);
556 i->idx = idx;
557 i->iov_offset = off + chunk;
558 n -= chunk;
559 addr += chunk;
560 }
561 i->count -= bytes;
562 return bytes;
563 }
564
csum_and_memcpy(void * to,const void * from,size_t len,__wsum sum,size_t off)565 static __wsum csum_and_memcpy(void *to, const void *from, size_t len,
566 __wsum sum, size_t off)
567 {
568 __wsum next = csum_partial_copy_nocheck(from, to, len, 0);
569 return csum_block_add(sum, next, off);
570 }
571
csum_and_copy_to_pipe_iter(const void * addr,size_t bytes,__wsum * csum,struct iov_iter * i)572 static size_t csum_and_copy_to_pipe_iter(const void *addr, size_t bytes,
573 __wsum *csum, struct iov_iter *i)
574 {
575 struct pipe_inode_info *pipe = i->pipe;
576 size_t n, r;
577 size_t off = 0;
578 __wsum sum = *csum;
579 int idx;
580
581 if (!sanity(i))
582 return 0;
583
584 bytes = n = push_pipe(i, bytes, &idx, &r);
585 if (unlikely(!n))
586 return 0;
587 for ( ; n; idx = next_idx(idx, pipe), r = 0) {
588 size_t chunk = min_t(size_t, n, PAGE_SIZE - r);
589 char *p = kmap_atomic(pipe->bufs[idx].page);
590 sum = csum_and_memcpy(p + r, addr, chunk, sum, off);
591 kunmap_atomic(p);
592 i->idx = idx;
593 i->iov_offset = r + chunk;
594 n -= chunk;
595 off += chunk;
596 addr += chunk;
597 }
598 i->count -= bytes;
599 *csum = sum;
600 return bytes;
601 }
602
_copy_to_iter(const void * addr,size_t bytes,struct iov_iter * i)603 size_t _copy_to_iter(const void *addr, size_t bytes, struct iov_iter *i)
604 {
605 const char *from = addr;
606 if (unlikely(iov_iter_is_pipe(i)))
607 return copy_pipe_to_iter(addr, bytes, i);
608 if (iter_is_iovec(i))
609 might_fault();
610 iterate_and_advance(i, bytes, v,
611 copyout(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len),
612 memcpy_to_page(v.bv_page, v.bv_offset,
613 (from += v.bv_len) - v.bv_len, v.bv_len),
614 memcpy(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len)
615 )
616
617 return bytes;
618 }
619 EXPORT_SYMBOL(_copy_to_iter);
620
621 #ifdef CONFIG_ARCH_HAS_UACCESS_MCSAFE
copyout_mcsafe(void __user * to,const void * from,size_t n)622 static int copyout_mcsafe(void __user *to, const void *from, size_t n)
623 {
624 if (access_ok(to, n)) {
625 kasan_check_read(from, n);
626 n = copy_to_user_mcsafe((__force void *) to, from, n);
627 }
628 return n;
629 }
630
memcpy_mcsafe_to_page(struct page * page,size_t offset,const char * from,size_t len)631 static unsigned long memcpy_mcsafe_to_page(struct page *page, size_t offset,
632 const char *from, size_t len)
633 {
634 unsigned long ret;
635 char *to;
636
637 to = kmap_atomic(page);
638 ret = memcpy_mcsafe(to + offset, from, len);
639 kunmap_atomic(to);
640
641 return ret;
642 }
643
copy_pipe_to_iter_mcsafe(const void * addr,size_t bytes,struct iov_iter * i)644 static size_t copy_pipe_to_iter_mcsafe(const void *addr, size_t bytes,
645 struct iov_iter *i)
646 {
647 struct pipe_inode_info *pipe = i->pipe;
648 size_t n, off, xfer = 0;
649 int idx;
650
651 if (!sanity(i))
652 return 0;
653
654 bytes = n = push_pipe(i, bytes, &idx, &off);
655 if (unlikely(!n))
656 return 0;
657 for ( ; n; idx = next_idx(idx, pipe), off = 0) {
658 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
659 unsigned long rem;
660
661 rem = memcpy_mcsafe_to_page(pipe->bufs[idx].page, off, addr,
662 chunk);
663 i->idx = idx;
664 i->iov_offset = off + chunk - rem;
665 xfer += chunk - rem;
666 if (rem)
667 break;
668 n -= chunk;
669 addr += chunk;
670 }
671 i->count -= xfer;
672 return xfer;
673 }
674
675 /**
676 * _copy_to_iter_mcsafe - copy to user with source-read error exception handling
677 * @addr: source kernel address
678 * @bytes: total transfer length
679 * @iter: destination iterator
680 *
681 * The pmem driver arranges for filesystem-dax to use this facility via
682 * dax_copy_to_iter() for protecting read/write to persistent memory.
683 * Unless / until an architecture can guarantee identical performance
684 * between _copy_to_iter_mcsafe() and _copy_to_iter() it would be a
685 * performance regression to switch more users to the mcsafe version.
686 *
687 * Otherwise, the main differences between this and typical _copy_to_iter().
688 *
689 * * Typical tail/residue handling after a fault retries the copy
690 * byte-by-byte until the fault happens again. Re-triggering machine
691 * checks is potentially fatal so the implementation uses source
692 * alignment and poison alignment assumptions to avoid re-triggering
693 * hardware exceptions.
694 *
695 * * ITER_KVEC, ITER_PIPE, and ITER_BVEC can return short copies.
696 * Compare to copy_to_iter() where only ITER_IOVEC attempts might return
697 * a short copy.
698 *
699 * See MCSAFE_TEST for self-test.
700 */
_copy_to_iter_mcsafe(const void * addr,size_t bytes,struct iov_iter * i)701 size_t _copy_to_iter_mcsafe(const void *addr, size_t bytes, struct iov_iter *i)
702 {
703 const char *from = addr;
704 unsigned long rem, curr_addr, s_addr = (unsigned long) addr;
705
706 if (unlikely(iov_iter_is_pipe(i)))
707 return copy_pipe_to_iter_mcsafe(addr, bytes, i);
708 if (iter_is_iovec(i))
709 might_fault();
710 iterate_and_advance(i, bytes, v,
711 copyout_mcsafe(v.iov_base, (from += v.iov_len) - v.iov_len, v.iov_len),
712 ({
713 rem = memcpy_mcsafe_to_page(v.bv_page, v.bv_offset,
714 (from += v.bv_len) - v.bv_len, v.bv_len);
715 if (rem) {
716 curr_addr = (unsigned long) from;
717 bytes = curr_addr - s_addr - rem;
718 return bytes;
719 }
720 }),
721 ({
722 rem = memcpy_mcsafe(v.iov_base, (from += v.iov_len) - v.iov_len,
723 v.iov_len);
724 if (rem) {
725 curr_addr = (unsigned long) from;
726 bytes = curr_addr - s_addr - rem;
727 return bytes;
728 }
729 })
730 )
731
732 return bytes;
733 }
734 EXPORT_SYMBOL_GPL(_copy_to_iter_mcsafe);
735 #endif /* CONFIG_ARCH_HAS_UACCESS_MCSAFE */
736
_copy_from_iter(void * addr,size_t bytes,struct iov_iter * i)737 size_t _copy_from_iter(void *addr, size_t bytes, struct iov_iter *i)
738 {
739 char *to = addr;
740 if (unlikely(iov_iter_is_pipe(i))) {
741 WARN_ON(1);
742 return 0;
743 }
744 if (iter_is_iovec(i))
745 might_fault();
746 iterate_and_advance(i, bytes, v,
747 copyin((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
748 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
749 v.bv_offset, v.bv_len),
750 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
751 )
752
753 return bytes;
754 }
755 EXPORT_SYMBOL(_copy_from_iter);
756
_copy_from_iter_full(void * addr,size_t bytes,struct iov_iter * i)757 bool _copy_from_iter_full(void *addr, size_t bytes, struct iov_iter *i)
758 {
759 char *to = addr;
760 if (unlikely(iov_iter_is_pipe(i))) {
761 WARN_ON(1);
762 return false;
763 }
764 if (unlikely(i->count < bytes))
765 return false;
766
767 if (iter_is_iovec(i))
768 might_fault();
769 iterate_all_kinds(i, bytes, v, ({
770 if (copyin((to += v.iov_len) - v.iov_len,
771 v.iov_base, v.iov_len))
772 return false;
773 0;}),
774 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
775 v.bv_offset, v.bv_len),
776 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
777 )
778
779 iov_iter_advance(i, bytes);
780 return true;
781 }
782 EXPORT_SYMBOL(_copy_from_iter_full);
783
_copy_from_iter_nocache(void * addr,size_t bytes,struct iov_iter * i)784 size_t _copy_from_iter_nocache(void *addr, size_t bytes, struct iov_iter *i)
785 {
786 char *to = addr;
787 if (unlikely(iov_iter_is_pipe(i))) {
788 WARN_ON(1);
789 return 0;
790 }
791 iterate_and_advance(i, bytes, v,
792 __copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
793 v.iov_base, v.iov_len),
794 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
795 v.bv_offset, v.bv_len),
796 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
797 )
798
799 return bytes;
800 }
801 EXPORT_SYMBOL(_copy_from_iter_nocache);
802
803 #ifdef CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE
804 /**
805 * _copy_from_iter_flushcache - write destination through cpu cache
806 * @addr: destination kernel address
807 * @bytes: total transfer length
808 * @iter: source iterator
809 *
810 * The pmem driver arranges for filesystem-dax to use this facility via
811 * dax_copy_from_iter() for ensuring that writes to persistent memory
812 * are flushed through the CPU cache. It is differentiated from
813 * _copy_from_iter_nocache() in that guarantees all data is flushed for
814 * all iterator types. The _copy_from_iter_nocache() only attempts to
815 * bypass the cache for the ITER_IOVEC case, and on some archs may use
816 * instructions that strand dirty-data in the cache.
817 */
_copy_from_iter_flushcache(void * addr,size_t bytes,struct iov_iter * i)818 size_t _copy_from_iter_flushcache(void *addr, size_t bytes, struct iov_iter *i)
819 {
820 char *to = addr;
821 if (unlikely(iov_iter_is_pipe(i))) {
822 WARN_ON(1);
823 return 0;
824 }
825 iterate_and_advance(i, bytes, v,
826 __copy_from_user_flushcache((to += v.iov_len) - v.iov_len,
827 v.iov_base, v.iov_len),
828 memcpy_page_flushcache((to += v.bv_len) - v.bv_len, v.bv_page,
829 v.bv_offset, v.bv_len),
830 memcpy_flushcache((to += v.iov_len) - v.iov_len, v.iov_base,
831 v.iov_len)
832 )
833
834 return bytes;
835 }
836 EXPORT_SYMBOL_GPL(_copy_from_iter_flushcache);
837 #endif
838
_copy_from_iter_full_nocache(void * addr,size_t bytes,struct iov_iter * i)839 bool _copy_from_iter_full_nocache(void *addr, size_t bytes, struct iov_iter *i)
840 {
841 char *to = addr;
842 if (unlikely(iov_iter_is_pipe(i))) {
843 WARN_ON(1);
844 return false;
845 }
846 if (unlikely(i->count < bytes))
847 return false;
848 iterate_all_kinds(i, bytes, v, ({
849 if (__copy_from_user_inatomic_nocache((to += v.iov_len) - v.iov_len,
850 v.iov_base, v.iov_len))
851 return false;
852 0;}),
853 memcpy_from_page((to += v.bv_len) - v.bv_len, v.bv_page,
854 v.bv_offset, v.bv_len),
855 memcpy((to += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
856 )
857
858 iov_iter_advance(i, bytes);
859 return true;
860 }
861 EXPORT_SYMBOL(_copy_from_iter_full_nocache);
862
page_copy_sane(struct page * page,size_t offset,size_t n)863 static inline bool page_copy_sane(struct page *page, size_t offset, size_t n)
864 {
865 struct page *head;
866 size_t v = n + offset;
867
868 /*
869 * The general case needs to access the page order in order
870 * to compute the page size.
871 * However, we mostly deal with order-0 pages and thus can
872 * avoid a possible cache line miss for requests that fit all
873 * page orders.
874 */
875 if (n <= v && v <= PAGE_SIZE)
876 return true;
877
878 head = compound_head(page);
879 v += (page - head) << PAGE_SHIFT;
880
881 if (likely(n <= v && v <= (page_size(head))))
882 return true;
883 WARN_ON(1);
884 return false;
885 }
886
copy_page_to_iter(struct page * page,size_t offset,size_t bytes,struct iov_iter * i)887 size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes,
888 struct iov_iter *i)
889 {
890 if (unlikely(!page_copy_sane(page, offset, bytes)))
891 return 0;
892 if (i->type & (ITER_BVEC|ITER_KVEC)) {
893 void *kaddr = kmap_atomic(page);
894 size_t wanted = copy_to_iter(kaddr + offset, bytes, i);
895 kunmap_atomic(kaddr);
896 return wanted;
897 } else if (unlikely(iov_iter_is_discard(i)))
898 return bytes;
899 else if (likely(!iov_iter_is_pipe(i)))
900 return copy_page_to_iter_iovec(page, offset, bytes, i);
901 else
902 return copy_page_to_iter_pipe(page, offset, bytes, i);
903 }
904 EXPORT_SYMBOL(copy_page_to_iter);
905
copy_page_from_iter(struct page * page,size_t offset,size_t bytes,struct iov_iter * i)906 size_t copy_page_from_iter(struct page *page, size_t offset, size_t bytes,
907 struct iov_iter *i)
908 {
909 if (unlikely(!page_copy_sane(page, offset, bytes)))
910 return 0;
911 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
912 WARN_ON(1);
913 return 0;
914 }
915 if (i->type & (ITER_BVEC|ITER_KVEC)) {
916 void *kaddr = kmap_atomic(page);
917 size_t wanted = _copy_from_iter(kaddr + offset, bytes, i);
918 kunmap_atomic(kaddr);
919 return wanted;
920 } else
921 return copy_page_from_iter_iovec(page, offset, bytes, i);
922 }
923 EXPORT_SYMBOL(copy_page_from_iter);
924
pipe_zero(size_t bytes,struct iov_iter * i)925 static size_t pipe_zero(size_t bytes, struct iov_iter *i)
926 {
927 struct pipe_inode_info *pipe = i->pipe;
928 size_t n, off;
929 int idx;
930
931 if (!sanity(i))
932 return 0;
933
934 bytes = n = push_pipe(i, bytes, &idx, &off);
935 if (unlikely(!n))
936 return 0;
937
938 for ( ; n; idx = next_idx(idx, pipe), off = 0) {
939 size_t chunk = min_t(size_t, n, PAGE_SIZE - off);
940 memzero_page(pipe->bufs[idx].page, off, chunk);
941 i->idx = idx;
942 i->iov_offset = off + chunk;
943 n -= chunk;
944 }
945 i->count -= bytes;
946 return bytes;
947 }
948
iov_iter_zero(size_t bytes,struct iov_iter * i)949 size_t iov_iter_zero(size_t bytes, struct iov_iter *i)
950 {
951 if (unlikely(iov_iter_is_pipe(i)))
952 return pipe_zero(bytes, i);
953 iterate_and_advance(i, bytes, v,
954 clear_user(v.iov_base, v.iov_len),
955 memzero_page(v.bv_page, v.bv_offset, v.bv_len),
956 memset(v.iov_base, 0, v.iov_len)
957 )
958
959 return bytes;
960 }
961 EXPORT_SYMBOL(iov_iter_zero);
962
iov_iter_copy_from_user_atomic(struct page * page,struct iov_iter * i,unsigned long offset,size_t bytes)963 size_t iov_iter_copy_from_user_atomic(struct page *page,
964 struct iov_iter *i, unsigned long offset, size_t bytes)
965 {
966 char *kaddr = kmap_atomic(page), *p = kaddr + offset;
967 if (unlikely(!page_copy_sane(page, offset, bytes))) {
968 kunmap_atomic(kaddr);
969 return 0;
970 }
971 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
972 kunmap_atomic(kaddr);
973 WARN_ON(1);
974 return 0;
975 }
976 iterate_all_kinds(i, bytes, v,
977 copyin((p += v.iov_len) - v.iov_len, v.iov_base, v.iov_len),
978 memcpy_from_page((p += v.bv_len) - v.bv_len, v.bv_page,
979 v.bv_offset, v.bv_len),
980 memcpy((p += v.iov_len) - v.iov_len, v.iov_base, v.iov_len)
981 )
982 kunmap_atomic(kaddr);
983 return bytes;
984 }
985 EXPORT_SYMBOL(iov_iter_copy_from_user_atomic);
986
pipe_truncate(struct iov_iter * i)987 static inline void pipe_truncate(struct iov_iter *i)
988 {
989 struct pipe_inode_info *pipe = i->pipe;
990 if (pipe->nrbufs) {
991 size_t off = i->iov_offset;
992 int idx = i->idx;
993 int nrbufs = (idx - pipe->curbuf) & (pipe->buffers - 1);
994 if (off) {
995 pipe->bufs[idx].len = off - pipe->bufs[idx].offset;
996 idx = next_idx(idx, pipe);
997 nrbufs++;
998 }
999 while (pipe->nrbufs > nrbufs) {
1000 pipe_buf_release(pipe, &pipe->bufs[idx]);
1001 idx = next_idx(idx, pipe);
1002 pipe->nrbufs--;
1003 }
1004 }
1005 }
1006
pipe_advance(struct iov_iter * i,size_t size)1007 static void pipe_advance(struct iov_iter *i, size_t size)
1008 {
1009 struct pipe_inode_info *pipe = i->pipe;
1010 if (unlikely(i->count < size))
1011 size = i->count;
1012 if (size) {
1013 struct pipe_buffer *buf;
1014 size_t off = i->iov_offset, left = size;
1015 int idx = i->idx;
1016 if (off) /* make it relative to the beginning of buffer */
1017 left += off - pipe->bufs[idx].offset;
1018 while (1) {
1019 buf = &pipe->bufs[idx];
1020 if (left <= buf->len)
1021 break;
1022 left -= buf->len;
1023 idx = next_idx(idx, pipe);
1024 }
1025 i->idx = idx;
1026 i->iov_offset = buf->offset + left;
1027 }
1028 i->count -= size;
1029 /* ... and discard everything past that point */
1030 pipe_truncate(i);
1031 }
1032
iov_iter_advance(struct iov_iter * i,size_t size)1033 void iov_iter_advance(struct iov_iter *i, size_t size)
1034 {
1035 if (unlikely(iov_iter_is_pipe(i))) {
1036 pipe_advance(i, size);
1037 return;
1038 }
1039 if (unlikely(iov_iter_is_discard(i))) {
1040 i->count -= size;
1041 return;
1042 }
1043 iterate_and_advance(i, size, v, 0, 0, 0)
1044 }
1045 EXPORT_SYMBOL(iov_iter_advance);
1046
iov_iter_revert(struct iov_iter * i,size_t unroll)1047 void iov_iter_revert(struct iov_iter *i, size_t unroll)
1048 {
1049 if (!unroll)
1050 return;
1051 if (WARN_ON(unroll > MAX_RW_COUNT))
1052 return;
1053 i->count += unroll;
1054 if (unlikely(iov_iter_is_pipe(i))) {
1055 struct pipe_inode_info *pipe = i->pipe;
1056 int idx = i->idx;
1057 size_t off = i->iov_offset;
1058 while (1) {
1059 size_t n = off - pipe->bufs[idx].offset;
1060 if (unroll < n) {
1061 off -= unroll;
1062 break;
1063 }
1064 unroll -= n;
1065 if (!unroll && idx == i->start_idx) {
1066 off = 0;
1067 break;
1068 }
1069 if (!idx--)
1070 idx = pipe->buffers - 1;
1071 off = pipe->bufs[idx].offset + pipe->bufs[idx].len;
1072 }
1073 i->iov_offset = off;
1074 i->idx = idx;
1075 pipe_truncate(i);
1076 return;
1077 }
1078 if (unlikely(iov_iter_is_discard(i)))
1079 return;
1080 if (unroll <= i->iov_offset) {
1081 i->iov_offset -= unroll;
1082 return;
1083 }
1084 unroll -= i->iov_offset;
1085 if (iov_iter_is_bvec(i)) {
1086 const struct bio_vec *bvec = i->bvec;
1087 while (1) {
1088 size_t n = (--bvec)->bv_len;
1089 i->nr_segs++;
1090 if (unroll <= n) {
1091 i->bvec = bvec;
1092 i->iov_offset = n - unroll;
1093 return;
1094 }
1095 unroll -= n;
1096 }
1097 } else { /* same logics for iovec and kvec */
1098 const struct iovec *iov = i->iov;
1099 while (1) {
1100 size_t n = (--iov)->iov_len;
1101 i->nr_segs++;
1102 if (unroll <= n) {
1103 i->iov = iov;
1104 i->iov_offset = n - unroll;
1105 return;
1106 }
1107 unroll -= n;
1108 }
1109 }
1110 }
1111 EXPORT_SYMBOL(iov_iter_revert);
1112
1113 /*
1114 * Return the count of just the current iov_iter segment.
1115 */
iov_iter_single_seg_count(const struct iov_iter * i)1116 size_t iov_iter_single_seg_count(const struct iov_iter *i)
1117 {
1118 if (unlikely(iov_iter_is_pipe(i)))
1119 return i->count; // it is a silly place, anyway
1120 if (i->nr_segs == 1)
1121 return i->count;
1122 if (unlikely(iov_iter_is_discard(i)))
1123 return i->count;
1124 else if (iov_iter_is_bvec(i))
1125 return min(i->count, i->bvec->bv_len - i->iov_offset);
1126 else
1127 return min(i->count, i->iov->iov_len - i->iov_offset);
1128 }
1129 EXPORT_SYMBOL(iov_iter_single_seg_count);
1130
iov_iter_kvec(struct iov_iter * i,unsigned int direction,const struct kvec * kvec,unsigned long nr_segs,size_t count)1131 void iov_iter_kvec(struct iov_iter *i, unsigned int direction,
1132 const struct kvec *kvec, unsigned long nr_segs,
1133 size_t count)
1134 {
1135 WARN_ON(direction & ~(READ | WRITE));
1136 i->type = ITER_KVEC | (direction & (READ | WRITE));
1137 i->kvec = kvec;
1138 i->nr_segs = nr_segs;
1139 i->iov_offset = 0;
1140 i->count = count;
1141 }
1142 EXPORT_SYMBOL(iov_iter_kvec);
1143
iov_iter_bvec(struct iov_iter * i,unsigned int direction,const struct bio_vec * bvec,unsigned long nr_segs,size_t count)1144 void iov_iter_bvec(struct iov_iter *i, unsigned int direction,
1145 const struct bio_vec *bvec, unsigned long nr_segs,
1146 size_t count)
1147 {
1148 WARN_ON(direction & ~(READ | WRITE));
1149 i->type = ITER_BVEC | (direction & (READ | WRITE));
1150 i->bvec = bvec;
1151 i->nr_segs = nr_segs;
1152 i->iov_offset = 0;
1153 i->count = count;
1154 }
1155 EXPORT_SYMBOL(iov_iter_bvec);
1156
iov_iter_pipe(struct iov_iter * i,unsigned int direction,struct pipe_inode_info * pipe,size_t count)1157 void iov_iter_pipe(struct iov_iter *i, unsigned int direction,
1158 struct pipe_inode_info *pipe,
1159 size_t count)
1160 {
1161 BUG_ON(direction != READ);
1162 WARN_ON(pipe->nrbufs == pipe->buffers);
1163 i->type = ITER_PIPE | READ;
1164 i->pipe = pipe;
1165 i->idx = (pipe->curbuf + pipe->nrbufs) & (pipe->buffers - 1);
1166 i->iov_offset = 0;
1167 i->count = count;
1168 i->start_idx = i->idx;
1169 }
1170 EXPORT_SYMBOL(iov_iter_pipe);
1171
1172 /**
1173 * iov_iter_discard - Initialise an I/O iterator that discards data
1174 * @i: The iterator to initialise.
1175 * @direction: The direction of the transfer.
1176 * @count: The size of the I/O buffer in bytes.
1177 *
1178 * Set up an I/O iterator that just discards everything that's written to it.
1179 * It's only available as a READ iterator.
1180 */
iov_iter_discard(struct iov_iter * i,unsigned int direction,size_t count)1181 void iov_iter_discard(struct iov_iter *i, unsigned int direction, size_t count)
1182 {
1183 BUG_ON(direction != READ);
1184 i->type = ITER_DISCARD | READ;
1185 i->count = count;
1186 i->iov_offset = 0;
1187 }
1188 EXPORT_SYMBOL(iov_iter_discard);
1189
iov_iter_alignment(const struct iov_iter * i)1190 unsigned long iov_iter_alignment(const struct iov_iter *i)
1191 {
1192 unsigned long res = 0;
1193 size_t size = i->count;
1194
1195 if (unlikely(iov_iter_is_pipe(i))) {
1196 if (size && i->iov_offset && allocated(&i->pipe->bufs[i->idx]))
1197 return size | i->iov_offset;
1198 return size;
1199 }
1200 iterate_all_kinds(i, size, v,
1201 (res |= (unsigned long)v.iov_base | v.iov_len, 0),
1202 res |= v.bv_offset | v.bv_len,
1203 res |= (unsigned long)v.iov_base | v.iov_len
1204 )
1205 return res;
1206 }
1207 EXPORT_SYMBOL(iov_iter_alignment);
1208
iov_iter_gap_alignment(const struct iov_iter * i)1209 unsigned long iov_iter_gap_alignment(const struct iov_iter *i)
1210 {
1211 unsigned long res = 0;
1212 size_t size = i->count;
1213
1214 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1215 WARN_ON(1);
1216 return ~0U;
1217 }
1218
1219 iterate_all_kinds(i, size, v,
1220 (res |= (!res ? 0 : (unsigned long)v.iov_base) |
1221 (size != v.iov_len ? size : 0), 0),
1222 (res |= (!res ? 0 : (unsigned long)v.bv_offset) |
1223 (size != v.bv_len ? size : 0)),
1224 (res |= (!res ? 0 : (unsigned long)v.iov_base) |
1225 (size != v.iov_len ? size : 0))
1226 );
1227 return res;
1228 }
1229 EXPORT_SYMBOL(iov_iter_gap_alignment);
1230
__pipe_get_pages(struct iov_iter * i,size_t maxsize,struct page ** pages,int idx,size_t * start)1231 static inline ssize_t __pipe_get_pages(struct iov_iter *i,
1232 size_t maxsize,
1233 struct page **pages,
1234 int idx,
1235 size_t *start)
1236 {
1237 struct pipe_inode_info *pipe = i->pipe;
1238 ssize_t n = push_pipe(i, maxsize, &idx, start);
1239 if (!n)
1240 return -EFAULT;
1241
1242 maxsize = n;
1243 n += *start;
1244 while (n > 0) {
1245 get_page(*pages++ = pipe->bufs[idx].page);
1246 idx = next_idx(idx, pipe);
1247 n -= PAGE_SIZE;
1248 }
1249
1250 return maxsize;
1251 }
1252
pipe_get_pages(struct iov_iter * i,struct page ** pages,size_t maxsize,unsigned maxpages,size_t * start)1253 static ssize_t pipe_get_pages(struct iov_iter *i,
1254 struct page **pages, size_t maxsize, unsigned maxpages,
1255 size_t *start)
1256 {
1257 unsigned npages;
1258 size_t capacity;
1259 int idx;
1260
1261 if (!maxsize)
1262 return 0;
1263
1264 if (!sanity(i))
1265 return -EFAULT;
1266
1267 data_start(i, &idx, start);
1268 /* some of this one + all after this one */
1269 npages = ((i->pipe->curbuf - idx - 1) & (i->pipe->buffers - 1)) + 1;
1270 capacity = min(npages,maxpages) * PAGE_SIZE - *start;
1271
1272 return __pipe_get_pages(i, min(maxsize, capacity), pages, idx, start);
1273 }
1274
iov_iter_get_pages(struct iov_iter * i,struct page ** pages,size_t maxsize,unsigned maxpages,size_t * start)1275 ssize_t iov_iter_get_pages(struct iov_iter *i,
1276 struct page **pages, size_t maxsize, unsigned maxpages,
1277 size_t *start)
1278 {
1279 if (maxsize > i->count)
1280 maxsize = i->count;
1281
1282 if (unlikely(iov_iter_is_pipe(i)))
1283 return pipe_get_pages(i, pages, maxsize, maxpages, start);
1284 if (unlikely(iov_iter_is_discard(i)))
1285 return -EFAULT;
1286
1287 iterate_all_kinds(i, maxsize, v, ({
1288 unsigned long addr = (unsigned long)v.iov_base;
1289 size_t len = v.iov_len + (*start = addr & (PAGE_SIZE - 1));
1290 int n;
1291 int res;
1292
1293 if (len > maxpages * PAGE_SIZE)
1294 len = maxpages * PAGE_SIZE;
1295 addr &= ~(PAGE_SIZE - 1);
1296 n = DIV_ROUND_UP(len, PAGE_SIZE);
1297 res = get_user_pages_fast(addr, n,
1298 iov_iter_rw(i) != WRITE ? FOLL_WRITE : 0,
1299 pages);
1300 if (unlikely(res < 0))
1301 return res;
1302 return (res == n ? len : res * PAGE_SIZE) - *start;
1303 0;}),({
1304 /* can't be more than PAGE_SIZE */
1305 *start = v.bv_offset;
1306 get_page(*pages = v.bv_page);
1307 return v.bv_len;
1308 }),({
1309 return -EFAULT;
1310 })
1311 )
1312 return 0;
1313 }
1314 EXPORT_SYMBOL(iov_iter_get_pages);
1315
get_pages_array(size_t n)1316 static struct page **get_pages_array(size_t n)
1317 {
1318 return kvmalloc_array(n, sizeof(struct page *), GFP_KERNEL);
1319 }
1320
pipe_get_pages_alloc(struct iov_iter * i,struct page *** pages,size_t maxsize,size_t * start)1321 static ssize_t pipe_get_pages_alloc(struct iov_iter *i,
1322 struct page ***pages, size_t maxsize,
1323 size_t *start)
1324 {
1325 struct page **p;
1326 ssize_t n;
1327 int idx;
1328 int npages;
1329
1330 if (!maxsize)
1331 return 0;
1332
1333 if (!sanity(i))
1334 return -EFAULT;
1335
1336 data_start(i, &idx, start);
1337 /* some of this one + all after this one */
1338 npages = ((i->pipe->curbuf - idx - 1) & (i->pipe->buffers - 1)) + 1;
1339 n = npages * PAGE_SIZE - *start;
1340 if (maxsize > n)
1341 maxsize = n;
1342 else
1343 npages = DIV_ROUND_UP(maxsize + *start, PAGE_SIZE);
1344 p = get_pages_array(npages);
1345 if (!p)
1346 return -ENOMEM;
1347 n = __pipe_get_pages(i, maxsize, p, idx, start);
1348 if (n > 0)
1349 *pages = p;
1350 else
1351 kvfree(p);
1352 return n;
1353 }
1354
iov_iter_get_pages_alloc(struct iov_iter * i,struct page *** pages,size_t maxsize,size_t * start)1355 ssize_t iov_iter_get_pages_alloc(struct iov_iter *i,
1356 struct page ***pages, size_t maxsize,
1357 size_t *start)
1358 {
1359 struct page **p;
1360
1361 if (maxsize > i->count)
1362 maxsize = i->count;
1363
1364 if (unlikely(iov_iter_is_pipe(i)))
1365 return pipe_get_pages_alloc(i, pages, maxsize, start);
1366 if (unlikely(iov_iter_is_discard(i)))
1367 return -EFAULT;
1368
1369 iterate_all_kinds(i, maxsize, v, ({
1370 unsigned long addr = (unsigned long)v.iov_base;
1371 size_t len = v.iov_len + (*start = addr & (PAGE_SIZE - 1));
1372 int n;
1373 int res;
1374
1375 addr &= ~(PAGE_SIZE - 1);
1376 n = DIV_ROUND_UP(len, PAGE_SIZE);
1377 p = get_pages_array(n);
1378 if (!p)
1379 return -ENOMEM;
1380 res = get_user_pages_fast(addr, n,
1381 iov_iter_rw(i) != WRITE ? FOLL_WRITE : 0, p);
1382 if (unlikely(res < 0)) {
1383 kvfree(p);
1384 return res;
1385 }
1386 *pages = p;
1387 return (res == n ? len : res * PAGE_SIZE) - *start;
1388 0;}),({
1389 /* can't be more than PAGE_SIZE */
1390 *start = v.bv_offset;
1391 *pages = p = get_pages_array(1);
1392 if (!p)
1393 return -ENOMEM;
1394 get_page(*p = v.bv_page);
1395 return v.bv_len;
1396 }),({
1397 return -EFAULT;
1398 })
1399 )
1400 return 0;
1401 }
1402 EXPORT_SYMBOL(iov_iter_get_pages_alloc);
1403
csum_and_copy_from_iter(void * addr,size_t bytes,__wsum * csum,struct iov_iter * i)1404 size_t csum_and_copy_from_iter(void *addr, size_t bytes, __wsum *csum,
1405 struct iov_iter *i)
1406 {
1407 char *to = addr;
1408 __wsum sum, next;
1409 size_t off = 0;
1410 sum = *csum;
1411 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1412 WARN_ON(1);
1413 return 0;
1414 }
1415 iterate_and_advance(i, bytes, v, ({
1416 int err = 0;
1417 next = csum_and_copy_from_user(v.iov_base,
1418 (to += v.iov_len) - v.iov_len,
1419 v.iov_len, 0, &err);
1420 if (!err) {
1421 sum = csum_block_add(sum, next, off);
1422 off += v.iov_len;
1423 }
1424 err ? v.iov_len : 0;
1425 }), ({
1426 char *p = kmap_atomic(v.bv_page);
1427 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1428 p + v.bv_offset, v.bv_len,
1429 sum, off);
1430 kunmap_atomic(p);
1431 off += v.bv_len;
1432 }),({
1433 sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
1434 v.iov_base, v.iov_len,
1435 sum, off);
1436 off += v.iov_len;
1437 })
1438 )
1439 *csum = sum;
1440 return bytes;
1441 }
1442 EXPORT_SYMBOL(csum_and_copy_from_iter);
1443
csum_and_copy_from_iter_full(void * addr,size_t bytes,__wsum * csum,struct iov_iter * i)1444 bool csum_and_copy_from_iter_full(void *addr, size_t bytes, __wsum *csum,
1445 struct iov_iter *i)
1446 {
1447 char *to = addr;
1448 __wsum sum, next;
1449 size_t off = 0;
1450 sum = *csum;
1451 if (unlikely(iov_iter_is_pipe(i) || iov_iter_is_discard(i))) {
1452 WARN_ON(1);
1453 return false;
1454 }
1455 if (unlikely(i->count < bytes))
1456 return false;
1457 iterate_all_kinds(i, bytes, v, ({
1458 int err = 0;
1459 next = csum_and_copy_from_user(v.iov_base,
1460 (to += v.iov_len) - v.iov_len,
1461 v.iov_len, 0, &err);
1462 if (err)
1463 return false;
1464 sum = csum_block_add(sum, next, off);
1465 off += v.iov_len;
1466 0;
1467 }), ({
1468 char *p = kmap_atomic(v.bv_page);
1469 sum = csum_and_memcpy((to += v.bv_len) - v.bv_len,
1470 p + v.bv_offset, v.bv_len,
1471 sum, off);
1472 kunmap_atomic(p);
1473 off += v.bv_len;
1474 }),({
1475 sum = csum_and_memcpy((to += v.iov_len) - v.iov_len,
1476 v.iov_base, v.iov_len,
1477 sum, off);
1478 off += v.iov_len;
1479 })
1480 )
1481 *csum = sum;
1482 iov_iter_advance(i, bytes);
1483 return true;
1484 }
1485 EXPORT_SYMBOL(csum_and_copy_from_iter_full);
1486
csum_and_copy_to_iter(const void * addr,size_t bytes,void * csump,struct iov_iter * i)1487 size_t csum_and_copy_to_iter(const void *addr, size_t bytes, void *csump,
1488 struct iov_iter *i)
1489 {
1490 const char *from = addr;
1491 __wsum *csum = csump;
1492 __wsum sum, next;
1493 size_t off = 0;
1494
1495 if (unlikely(iov_iter_is_pipe(i)))
1496 return csum_and_copy_to_pipe_iter(addr, bytes, csum, i);
1497
1498 sum = *csum;
1499 if (unlikely(iov_iter_is_discard(i))) {
1500 WARN_ON(1); /* for now */
1501 return 0;
1502 }
1503 iterate_and_advance(i, bytes, v, ({
1504 int err = 0;
1505 next = csum_and_copy_to_user((from += v.iov_len) - v.iov_len,
1506 v.iov_base,
1507 v.iov_len, 0, &err);
1508 if (!err) {
1509 sum = csum_block_add(sum, next, off);
1510 off += v.iov_len;
1511 }
1512 err ? v.iov_len : 0;
1513 }), ({
1514 char *p = kmap_atomic(v.bv_page);
1515 sum = csum_and_memcpy(p + v.bv_offset,
1516 (from += v.bv_len) - v.bv_len,
1517 v.bv_len, sum, off);
1518 kunmap_atomic(p);
1519 off += v.bv_len;
1520 }),({
1521 sum = csum_and_memcpy(v.iov_base,
1522 (from += v.iov_len) - v.iov_len,
1523 v.iov_len, sum, off);
1524 off += v.iov_len;
1525 })
1526 )
1527 *csum = sum;
1528 return bytes;
1529 }
1530 EXPORT_SYMBOL(csum_and_copy_to_iter);
1531
hash_and_copy_to_iter(const void * addr,size_t bytes,void * hashp,struct iov_iter * i)1532 size_t hash_and_copy_to_iter(const void *addr, size_t bytes, void *hashp,
1533 struct iov_iter *i)
1534 {
1535 #ifdef CONFIG_CRYPTO
1536 struct ahash_request *hash = hashp;
1537 struct scatterlist sg;
1538 size_t copied;
1539
1540 copied = copy_to_iter(addr, bytes, i);
1541 sg_init_one(&sg, addr, copied);
1542 ahash_request_set_crypt(hash, &sg, NULL, copied);
1543 crypto_ahash_update(hash);
1544 return copied;
1545 #else
1546 return 0;
1547 #endif
1548 }
1549 EXPORT_SYMBOL(hash_and_copy_to_iter);
1550
iov_iter_npages(const struct iov_iter * i,int maxpages)1551 int iov_iter_npages(const struct iov_iter *i, int maxpages)
1552 {
1553 size_t size = i->count;
1554 int npages = 0;
1555
1556 if (!size)
1557 return 0;
1558 if (unlikely(iov_iter_is_discard(i)))
1559 return 0;
1560
1561 if (unlikely(iov_iter_is_pipe(i))) {
1562 struct pipe_inode_info *pipe = i->pipe;
1563 size_t off;
1564 int idx;
1565
1566 if (!sanity(i))
1567 return 0;
1568
1569 data_start(i, &idx, &off);
1570 /* some of this one + all after this one */
1571 npages = ((pipe->curbuf - idx - 1) & (pipe->buffers - 1)) + 1;
1572 if (npages >= maxpages)
1573 return maxpages;
1574 } else iterate_all_kinds(i, size, v, ({
1575 unsigned long p = (unsigned long)v.iov_base;
1576 npages += DIV_ROUND_UP(p + v.iov_len, PAGE_SIZE)
1577 - p / PAGE_SIZE;
1578 if (npages >= maxpages)
1579 return maxpages;
1580 0;}),({
1581 npages++;
1582 if (npages >= maxpages)
1583 return maxpages;
1584 }),({
1585 unsigned long p = (unsigned long)v.iov_base;
1586 npages += DIV_ROUND_UP(p + v.iov_len, PAGE_SIZE)
1587 - p / PAGE_SIZE;
1588 if (npages >= maxpages)
1589 return maxpages;
1590 })
1591 )
1592 return npages;
1593 }
1594 EXPORT_SYMBOL(iov_iter_npages);
1595
dup_iter(struct iov_iter * new,struct iov_iter * old,gfp_t flags)1596 const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags)
1597 {
1598 *new = *old;
1599 if (unlikely(iov_iter_is_pipe(new))) {
1600 WARN_ON(1);
1601 return NULL;
1602 }
1603 if (unlikely(iov_iter_is_discard(new)))
1604 return NULL;
1605 if (iov_iter_is_bvec(new))
1606 return new->bvec = kmemdup(new->bvec,
1607 new->nr_segs * sizeof(struct bio_vec),
1608 flags);
1609 else
1610 /* iovec and kvec have identical layout */
1611 return new->iov = kmemdup(new->iov,
1612 new->nr_segs * sizeof(struct iovec),
1613 flags);
1614 }
1615 EXPORT_SYMBOL(dup_iter);
1616
1617 /**
1618 * import_iovec() - Copy an array of &struct iovec from userspace
1619 * into the kernel, check that it is valid, and initialize a new
1620 * &struct iov_iter iterator to access it.
1621 *
1622 * @type: One of %READ or %WRITE.
1623 * @uvector: Pointer to the userspace array.
1624 * @nr_segs: Number of elements in userspace array.
1625 * @fast_segs: Number of elements in @iov.
1626 * @iov: (input and output parameter) Pointer to pointer to (usually small
1627 * on-stack) kernel array.
1628 * @i: Pointer to iterator that will be initialized on success.
1629 *
1630 * If the array pointed to by *@iov is large enough to hold all @nr_segs,
1631 * then this function places %NULL in *@iov on return. Otherwise, a new
1632 * array will be allocated and the result placed in *@iov. This means that
1633 * the caller may call kfree() on *@iov regardless of whether the small
1634 * on-stack array was used or not (and regardless of whether this function
1635 * returns an error or not).
1636 *
1637 * Return: Negative error code on error, bytes imported on success
1638 */
import_iovec(int type,const struct iovec __user * uvector,unsigned nr_segs,unsigned fast_segs,struct iovec ** iov,struct iov_iter * i)1639 ssize_t import_iovec(int type, const struct iovec __user * uvector,
1640 unsigned nr_segs, unsigned fast_segs,
1641 struct iovec **iov, struct iov_iter *i)
1642 {
1643 ssize_t n;
1644 struct iovec *p;
1645 n = rw_copy_check_uvector(type, uvector, nr_segs, fast_segs,
1646 *iov, &p);
1647 if (n < 0) {
1648 if (p != *iov)
1649 kfree(p);
1650 *iov = NULL;
1651 return n;
1652 }
1653 iov_iter_init(i, type, p, nr_segs, n);
1654 *iov = p == *iov ? NULL : p;
1655 return n;
1656 }
1657 EXPORT_SYMBOL(import_iovec);
1658
1659 #ifdef CONFIG_COMPAT
1660 #include <linux/compat.h>
1661
compat_import_iovec(int type,const struct compat_iovec __user * uvector,unsigned nr_segs,unsigned fast_segs,struct iovec ** iov,struct iov_iter * i)1662 ssize_t compat_import_iovec(int type,
1663 const struct compat_iovec __user * uvector,
1664 unsigned nr_segs, unsigned fast_segs,
1665 struct iovec **iov, struct iov_iter *i)
1666 {
1667 ssize_t n;
1668 struct iovec *p;
1669 n = compat_rw_copy_check_uvector(type, uvector, nr_segs, fast_segs,
1670 *iov, &p);
1671 if (n < 0) {
1672 if (p != *iov)
1673 kfree(p);
1674 *iov = NULL;
1675 return n;
1676 }
1677 iov_iter_init(i, type, p, nr_segs, n);
1678 *iov = p == *iov ? NULL : p;
1679 return n;
1680 }
1681 #endif
1682
import_single_range(int rw,void __user * buf,size_t len,struct iovec * iov,struct iov_iter * i)1683 int import_single_range(int rw, void __user *buf, size_t len,
1684 struct iovec *iov, struct iov_iter *i)
1685 {
1686 if (len > MAX_RW_COUNT)
1687 len = MAX_RW_COUNT;
1688 if (unlikely(!access_ok(buf, len)))
1689 return -EFAULT;
1690
1691 iov->iov_base = buf;
1692 iov->iov_len = len;
1693 iov_iter_init(i, rw, iov, 1, len);
1694 return 0;
1695 }
1696 EXPORT_SYMBOL(import_single_range);
1697
iov_iter_for_each_range(struct iov_iter * i,size_t bytes,int (* f)(struct kvec * vec,void * context),void * context)1698 int iov_iter_for_each_range(struct iov_iter *i, size_t bytes,
1699 int (*f)(struct kvec *vec, void *context),
1700 void *context)
1701 {
1702 struct kvec w;
1703 int err = -EINVAL;
1704 if (!bytes)
1705 return 0;
1706
1707 iterate_all_kinds(i, bytes, v, -EINVAL, ({
1708 w.iov_base = kmap(v.bv_page) + v.bv_offset;
1709 w.iov_len = v.bv_len;
1710 err = f(&w, context);
1711 kunmap(v.bv_page);
1712 err;}), ({
1713 w = v;
1714 err = f(&w, context);})
1715 )
1716 return err;
1717 }
1718 EXPORT_SYMBOL(iov_iter_for_each_range);
1719