TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / third_party / linux / 3a0ad55d848b50499b68d7141d4eca997fce28ef / . / fs / dax.c
blob: 3a2682a6c8324c915257767f438346159173871d [file] [log] [blame]
Andrew Scullb4b6d4a2019-01-02 15:54:55 +0000[diff] [blame]1/*
2 * fs/dax.c - Direct Access filesystem code
3 * Copyright (c) 2013-2014 Intel Corporation
4 * Author: Matthew Wilcox <matthew.r.wilcox@intel.com>
5 * Author: Ross Zwisler <ross.zwisler@linux.intel.com>
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms and conditions of the GNU General Public License,
9 * version 2, as published by the Free Software Foundation.
10 *
11 * This program is distributed in the hope it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
15 */
16
17#include <linux/atomic.h>
18#include <linux/blkdev.h>
19#include <linux/buffer_head.h>
20#include <linux/dax.h>
21#include <linux/fs.h>
22#include <linux/genhd.h>
23#include <linux/highmem.h>
24#include <linux/memcontrol.h>
25#include <linux/mm.h>
26#include <linux/mutex.h>
27#include <linux/pagevec.h>
28#include <linux/sched.h>
29#include <linux/sched/signal.h>
30#include <linux/uio.h>
31#include <linux/vmstat.h>
32#include <linux/pfn_t.h>
33#include <linux/sizes.h>
34#include <linux/mmu_notifier.h>
35#include <linux/iomap.h>
36#include "internal.h"
37
38#define CREATE_TRACE_POINTS
39#include <trace/events/fs_dax.h>
40
41/* We choose 4096 entries - same as per-zone page wait tables */
42#define DAX_WAIT_TABLE_BITS 12
43#define DAX_WAIT_TABLE_ENTRIES (1 << DAX_WAIT_TABLE_BITS)
44
45/* The 'colour' (ie low bits) within a PMD of a page offset. */
46#define PG_PMD_COLOUR ((PMD_SIZE >> PAGE_SHIFT) - 1)
47#define PG_PMD_NR (PMD_SIZE >> PAGE_SHIFT)
48
49static wait_queue_head_t wait_table[DAX_WAIT_TABLE_ENTRIES];
50
51static int __init init_dax_wait_table(void)
52{
53 int i;
54
55 for (i = 0; i < DAX_WAIT_TABLE_ENTRIES; i++)
56 init_waitqueue_head(wait_table + i);
57 return 0;
58}
59fs_initcall(init_dax_wait_table);
60
61/*
62 * We use lowest available bit in exceptional entry for locking, one bit for
63 * the entry size (PMD) and two more to tell us if the entry is a zero page or
64 * an empty entry that is just used for locking. In total four special bits.
65 *
66 * If the PMD bit isn't set the entry has size PAGE_SIZE, and if the ZERO_PAGE
67 * and EMPTY bits aren't set the entry is a normal DAX entry with a filesystem
68 * block allocation.
69 */
70#define RADIX_DAX_SHIFT (RADIX_TREE_EXCEPTIONAL_SHIFT + 4)
71#define RADIX_DAX_ENTRY_LOCK (1 << RADIX_TREE_EXCEPTIONAL_SHIFT)
72#define RADIX_DAX_PMD (1 << (RADIX_TREE_EXCEPTIONAL_SHIFT + 1))
73#define RADIX_DAX_ZERO_PAGE (1 << (RADIX_TREE_EXCEPTIONAL_SHIFT + 2))
74#define RADIX_DAX_EMPTY (1 << (RADIX_TREE_EXCEPTIONAL_SHIFT + 3))
75
76static unsigned long dax_radix_pfn(void *entry)
77{
78 return (unsigned long)entry >> RADIX_DAX_SHIFT;
79}
80
81static void *dax_radix_locked_entry(unsigned long pfn, unsigned long flags)
82{
83 return (void *)(RADIX_TREE_EXCEPTIONAL_ENTRY | flags |
84 (pfn << RADIX_DAX_SHIFT) | RADIX_DAX_ENTRY_LOCK);
85}
86
87static unsigned int dax_radix_order(void *entry)
88{
89 if ((unsigned long)entry & RADIX_DAX_PMD)
90 return PMD_SHIFT - PAGE_SHIFT;
91 return 0;
92}
93
94static int dax_is_pmd_entry(void *entry)
95{
96 return (unsigned long)entry & RADIX_DAX_PMD;
97}
98
99static int dax_is_pte_entry(void *entry)
100{
101 return !((unsigned long)entry & RADIX_DAX_PMD);
102}
103
104static int dax_is_zero_entry(void *entry)
105{
106 return (unsigned long)entry & RADIX_DAX_ZERO_PAGE;
107}
108
109static int dax_is_empty_entry(void *entry)
110{
111 return (unsigned long)entry & RADIX_DAX_EMPTY;
112}
113
114/*
115 * DAX radix tree locking
116 */
117struct exceptional_entry_key {
118 struct address_space *mapping;
119 pgoff_t entry_start;
120};
121
122struct wait_exceptional_entry_queue {
123 wait_queue_entry_t wait;
124 struct exceptional_entry_key key;
125};
126
127static wait_queue_head_t *dax_entry_waitqueue(struct address_space *mapping,
128 pgoff_t index, void *entry, struct exceptional_entry_key *key)
129{
130 unsigned long hash;
131
132 /*
133 * If 'entry' is a PMD, align the 'index' that we use for the wait
134 * queue to the start of that PMD. This ensures that all offsets in
135 * the range covered by the PMD map to the same bit lock.
136 */
137 if (dax_is_pmd_entry(entry))
138 index &= ~PG_PMD_COLOUR;
139
140 key->mapping = mapping;
141 key->entry_start = index;
142
143 hash = hash_long((unsigned long)mapping ^ index, DAX_WAIT_TABLE_BITS);
144 return wait_table + hash;
145}
146
147static int wake_exceptional_entry_func(wait_queue_entry_t *wait, unsigned int mode,
148 int sync, void *keyp)
149{
150 struct exceptional_entry_key *key = keyp;
151 struct wait_exceptional_entry_queue *ewait =
152 container_of(wait, struct wait_exceptional_entry_queue, wait);
153
154 if (key->mapping != ewait->key.mapping ||
155 key->entry_start != ewait->key.entry_start)
156 return 0;
157 return autoremove_wake_function(wait, mode, sync, NULL);
158}
159
160/*
161 * @entry may no longer be the entry at the index in the mapping.
162 * The important information it's conveying is whether the entry at
163 * this index used to be a PMD entry.
164 */
165static void dax_wake_mapping_entry_waiter(struct address_space *mapping,
166 pgoff_t index, void *entry, bool wake_all)
167{
168 struct exceptional_entry_key key;
169 wait_queue_head_t *wq;
170
171 wq = dax_entry_waitqueue(mapping, index, entry, &key);
172
173 /*
174 * Checking for locked entry and prepare_to_wait_exclusive() happens
175 * under the i_pages lock, ditto for entry handling in our callers.
176 * So at this point all tasks that could have seen our entry locked
177 * must be in the waitqueue and the following check will see them.
178 */
179 if (waitqueue_active(wq))
180 __wake_up(wq, TASK_NORMAL, wake_all ? 0 : 1, &key);
181}
182
183/*
184 * Check whether the given slot is locked. Must be called with the i_pages
185 * lock held.
186 */
187static inline int slot_locked(struct address_space *mapping, void **slot)
188{
189 unsigned long entry = (unsigned long)
190 radix_tree_deref_slot_protected(slot, &mapping->i_pages.xa_lock);
191 return entry & RADIX_DAX_ENTRY_LOCK;
192}
193
194/*
195 * Mark the given slot as locked. Must be called with the i_pages lock held.
196 */
197static inline void *lock_slot(struct address_space *mapping, void **slot)
198{
199 unsigned long entry = (unsigned long)
200 radix_tree_deref_slot_protected(slot, &mapping->i_pages.xa_lock);
201
202 entry |= RADIX_DAX_ENTRY_LOCK;
203 radix_tree_replace_slot(&mapping->i_pages, slot, (void *)entry);
204 return (void *)entry;
205}
206
207/*
208 * Mark the given slot as unlocked. Must be called with the i_pages lock held.
209 */
210static inline void *unlock_slot(struct address_space *mapping, void **slot)
211{
212 unsigned long entry = (unsigned long)
213 radix_tree_deref_slot_protected(slot, &mapping->i_pages.xa_lock);
214
215 entry &= ~(unsigned long)RADIX_DAX_ENTRY_LOCK;
216 radix_tree_replace_slot(&mapping->i_pages, slot, (void *)entry);
217 return (void *)entry;
218}
219
220static void put_unlocked_mapping_entry(struct address_space *mapping,
221 pgoff_t index, void *entry);
222
223/*
224 * Lookup entry in radix tree, wait for it to become unlocked if it is
225 * exceptional entry and return it. The caller must call
226 * put_unlocked_mapping_entry() when he decided not to lock the entry or
227 * put_locked_mapping_entry() when he locked the entry and now wants to
228 * unlock it.
229 *
230 * Must be called with the i_pages lock held.
231 */
232static void *__get_unlocked_mapping_entry(struct address_space *mapping,
233 pgoff_t index, void ***slotp, bool (*wait_fn)(void))
234{
235 void *entry, **slot;
236 struct wait_exceptional_entry_queue ewait;
237 wait_queue_head_t *wq;
238
239 init_wait(&ewait.wait);
240 ewait.wait.func = wake_exceptional_entry_func;
241
242 for (;;) {
243 bool revalidate;
244
245 entry = __radix_tree_lookup(&mapping->i_pages, index, NULL,
246 &slot);
247 if (!entry ||
248 WARN_ON_ONCE(!radix_tree_exceptional_entry(entry)) ||
249 !slot_locked(mapping, slot)) {
250 if (slotp)
251 *slotp = slot;
252 return entry;
253 }
254
255 wq = dax_entry_waitqueue(mapping, index, entry, &ewait.key);
256 prepare_to_wait_exclusive(wq, &ewait.wait,
257 TASK_UNINTERRUPTIBLE);
258 xa_unlock_irq(&mapping->i_pages);
259 revalidate = wait_fn();
260 finish_wait(wq, &ewait.wait);
261 xa_lock_irq(&mapping->i_pages);
262 if (revalidate) {
263 put_unlocked_mapping_entry(mapping, index, entry);
264 return ERR_PTR(-EAGAIN);
265 }
266 }
267}
268
269static bool entry_wait(void)
270{
271 schedule();
272 /*
273 * Never return an ERR_PTR() from
274 * __get_unlocked_mapping_entry(), just keep looping.
275 */
276 return false;
277}
278
279static void *get_unlocked_mapping_entry(struct address_space *mapping,
280 pgoff_t index, void ***slotp)
281{
282 return __get_unlocked_mapping_entry(mapping, index, slotp, entry_wait);
283}
284
285static void unlock_mapping_entry(struct address_space *mapping, pgoff_t index)
286{
287 void *entry, **slot;
288
289 xa_lock_irq(&mapping->i_pages);
290 entry = __radix_tree_lookup(&mapping->i_pages, index, NULL, &slot);
291 if (WARN_ON_ONCE(!entry || !radix_tree_exceptional_entry(entry) ||
292 !slot_locked(mapping, slot))) {
293 xa_unlock_irq(&mapping->i_pages);
294 return;
295 }
296 unlock_slot(mapping, slot);
297 xa_unlock_irq(&mapping->i_pages);
298 dax_wake_mapping_entry_waiter(mapping, index, entry, false);
299}
300
301static void put_locked_mapping_entry(struct address_space *mapping,
302 pgoff_t index)
303{
304 unlock_mapping_entry(mapping, index);
305}
306
307/*
308 * Called when we are done with radix tree entry we looked up via
309 * get_unlocked_mapping_entry() and which we didn't lock in the end.
310 */
311static void put_unlocked_mapping_entry(struct address_space *mapping,
312 pgoff_t index, void *entry)
313{
314 if (!entry)
315 return;
316
317 /* We have to wake up next waiter for the radix tree entry lock */
318 dax_wake_mapping_entry_waiter(mapping, index, entry, false);
319}
320
321static unsigned long dax_entry_size(void *entry)
322{
323 if (dax_is_zero_entry(entry))
324 return 0;
325 else if (dax_is_empty_entry(entry))
326 return 0;
327 else if (dax_is_pmd_entry(entry))
328 return PMD_SIZE;
329 else
330 return PAGE_SIZE;
331}
332
333static unsigned long dax_radix_end_pfn(void *entry)
334{
335 return dax_radix_pfn(entry) + dax_entry_size(entry) / PAGE_SIZE;
336}
337
338/*
339 * Iterate through all mapped pfns represented by an entry, i.e. skip
340 * 'empty' and 'zero' entries.
341 */
342#define for_each_mapped_pfn(entry, pfn) \
343 for (pfn = dax_radix_pfn(entry); \
344 pfn < dax_radix_end_pfn(entry); pfn++)
345
346/*
347 * TODO: for reflink+dax we need a way to associate a single page with
348 * multiple address_space instances at different linear_page_index()
349 * offsets.
350 */
351static void dax_associate_entry(void *entry, struct address_space *mapping,
352 struct vm_area_struct *vma, unsigned long address)
353{
354 unsigned long size = dax_entry_size(entry), pfn, index;
355 int i = 0;
356
357 if (IS_ENABLED(CONFIG_FS_DAX_LIMITED))
358 return;
359
360 index = linear_page_index(vma, address & ~(size - 1));
361 for_each_mapped_pfn(entry, pfn) {
362 struct page *page = pfn_to_page(pfn);
363
364 WARN_ON_ONCE(page->mapping);
365 page->mapping = mapping;
366 page->index = index + i++;
367 }
368}
369
370static void dax_disassociate_entry(void *entry, struct address_space *mapping,
371 bool trunc)
372{
373 unsigned long pfn;
374
375 if (IS_ENABLED(CONFIG_FS_DAX_LIMITED))
376 return;
377
378 for_each_mapped_pfn(entry, pfn) {
379 struct page *page = pfn_to_page(pfn);
380
381 WARN_ON_ONCE(trunc && page_ref_count(page) > 1);
382 WARN_ON_ONCE(page->mapping && page->mapping != mapping);
383 page->mapping = NULL;
384 page->index = 0;
385 }
386}
387
388static struct page *dax_busy_page(void *entry)
389{
390 unsigned long pfn;
391
392 for_each_mapped_pfn(entry, pfn) {
393 struct page *page = pfn_to_page(pfn);
394
395 if (page_ref_count(page) > 1)
396 return page;
397 }
398 return NULL;
399}
400
401static bool entry_wait_revalidate(void)
402{
403 rcu_read_unlock();
404 schedule();
405 rcu_read_lock();
406
407 /*
408 * Tell __get_unlocked_mapping_entry() to take a break, we need
409 * to revalidate page->mapping after dropping locks
410 */
411 return true;
412}
413
414bool dax_lock_mapping_entry(struct page *page)
415{
416 pgoff_t index;
417 struct inode *inode;
418 bool did_lock = false;
419 void *entry = NULL, **slot;
420 struct address_space *mapping;
421
422 rcu_read_lock();
423 for (;;) {
424 mapping = READ_ONCE(page->mapping);
425
426 if (!mapping || !dax_mapping(mapping))
427 break;
428
429 /*
430 * In the device-dax case there's no need to lock, a
431 * struct dev_pagemap pin is sufficient to keep the
432 * inode alive, and we assume we have dev_pagemap pin
433 * otherwise we would not have a valid pfn_to_page()
434 * translation.
435 */
436 inode = mapping->host;
437 if (S_ISCHR(inode->i_mode)) {
438 did_lock = true;
439 break;
440 }
441
442 xa_lock_irq(&mapping->i_pages);
443 if (mapping != page->mapping) {
444 xa_unlock_irq(&mapping->i_pages);
445 continue;
446 }
447 index = page->index;
448
449 entry = __get_unlocked_mapping_entry(mapping, index, &slot,
450 entry_wait_revalidate);
451 if (!entry) {
452 xa_unlock_irq(&mapping->i_pages);
453 break;
454 } else if (IS_ERR(entry)) {
455 xa_unlock_irq(&mapping->i_pages);
456 WARN_ON_ONCE(PTR_ERR(entry) != -EAGAIN);
457 continue;
458 }
459 lock_slot(mapping, slot);
460 did_lock = true;
461 xa_unlock_irq(&mapping->i_pages);
462 break;
463 }
464 rcu_read_unlock();
465
466 return did_lock;
467}
468
469void dax_unlock_mapping_entry(struct page *page)
470{
471 struct address_space *mapping = page->mapping;
472 struct inode *inode = mapping->host;
473
474 if (S_ISCHR(inode->i_mode))
475 return;
476
477 unlock_mapping_entry(mapping, page->index);
478}
479
480/*
481 * Find radix tree entry at given index. If it points to an exceptional entry,
482 * return it with the radix tree entry locked. If the radix tree doesn't
483 * contain given index, create an empty exceptional entry for the index and
484 * return with it locked.
485 *
486 * When requesting an entry with size RADIX_DAX_PMD, grab_mapping_entry() will
487 * either return that locked entry or will return an error. This error will
488 * happen if there are any 4k entries within the 2MiB range that we are
489 * requesting.
490 *
491 * We always favor 4k entries over 2MiB entries. There isn't a flow where we
492 * evict 4k entries in order to 'upgrade' them to a 2MiB entry. A 2MiB
493 * insertion will fail if it finds any 4k entries already in the tree, and a
494 * 4k insertion will cause an existing 2MiB entry to be unmapped and
495 * downgraded to 4k entries. This happens for both 2MiB huge zero pages as
496 * well as 2MiB empty entries.
497 *
498 * The exception to this downgrade path is for 2MiB DAX PMD entries that have
499 * real storage backing them. We will leave these real 2MiB DAX entries in
500 * the tree, and PTE writes will simply dirty the entire 2MiB DAX entry.
501 *
502 * Note: Unlike filemap_fault() we don't honor FAULT_FLAG_RETRY flags. For
503 * persistent memory the benefit is doubtful. We can add that later if we can
504 * show it helps.
505 */
506static void *grab_mapping_entry(struct address_space *mapping, pgoff_t index,
507 unsigned long size_flag)
508{
509 bool pmd_downgrade = false; /* splitting 2MiB entry into 4k entries? */
510 void *entry, **slot;
511
512restart:
513 xa_lock_irq(&mapping->i_pages);
514 entry = get_unlocked_mapping_entry(mapping, index, &slot);
515
516 if (WARN_ON_ONCE(entry && !radix_tree_exceptional_entry(entry))) {
517 entry = ERR_PTR(-EIO);
518 goto out_unlock;
519 }
520
521 if (entry) {
522 if (size_flag & RADIX_DAX_PMD) {
523 if (dax_is_pte_entry(entry)) {
524 put_unlocked_mapping_entry(mapping, index,
525 entry);
526 entry = ERR_PTR(-EEXIST);
527 goto out_unlock;
528 }
529 } else { /* trying to grab a PTE entry */
530 if (dax_is_pmd_entry(entry) &&
531 (dax_is_zero_entry(entry) ||
532 dax_is_empty_entry(entry))) {
533 pmd_downgrade = true;
534 }
535 }
536 }
537
538 /* No entry for given index? Make sure radix tree is big enough. */
539 if (!entry || pmd_downgrade) {
540 int err;
541
542 if (pmd_downgrade) {
543 /*
544 * Make sure 'entry' remains valid while we drop
545 * the i_pages lock.
546 */
547 entry = lock_slot(mapping, slot);
548 }
549
550 xa_unlock_irq(&mapping->i_pages);
551 /*
552 * Besides huge zero pages the only other thing that gets
553 * downgraded are empty entries which don't need to be
554 * unmapped.
555 */
556 if (pmd_downgrade && dax_is_zero_entry(entry))
557 unmap_mapping_pages(mapping, index & ~PG_PMD_COLOUR,
558 PG_PMD_NR, false);
559
560 err = radix_tree_preload(
561 mapping_gfp_mask(mapping) & ~__GFP_HIGHMEM);
562 if (err) {
563 if (pmd_downgrade)
564 put_locked_mapping_entry(mapping, index);
565 return ERR_PTR(err);
566 }
567 xa_lock_irq(&mapping->i_pages);
568
569 if (!entry) {
570 /*
571 * We needed to drop the i_pages lock while calling
572 * radix_tree_preload() and we didn't have an entry to
573 * lock. See if another thread inserted an entry at
574 * our index during this time.
575 */
576 entry = __radix_tree_lookup(&mapping->i_pages, index,
577 NULL, &slot);
578 if (entry) {
579 radix_tree_preload_end();
580 xa_unlock_irq(&mapping->i_pages);
581 goto restart;
582 }
583 }
584
585 if (pmd_downgrade) {
586 dax_disassociate_entry(entry, mapping, false);
587 radix_tree_delete(&mapping->i_pages, index);
588 mapping->nrexceptional--;
589 dax_wake_mapping_entry_waiter(mapping, index, entry,
590 true);
591 }
592
593 entry = dax_radix_locked_entry(0, size_flag | RADIX_DAX_EMPTY);
594
595 err = __radix_tree_insert(&mapping->i_pages, index,
596 dax_radix_order(entry), entry);
597 radix_tree_preload_end();
598 if (err) {
599 xa_unlock_irq(&mapping->i_pages);
600 /*
601 * Our insertion of a DAX entry failed, most likely
602 * because we were inserting a PMD entry and it
603 * collided with a PTE sized entry at a different
604 * index in the PMD range. We haven't inserted
605 * anything into the radix tree and have no waiters to
606 * wake.
607 */
608 return ERR_PTR(err);
609 }
610 /* Good, we have inserted empty locked entry into the tree. */
611 mapping->nrexceptional++;
612 xa_unlock_irq(&mapping->i_pages);
613 return entry;
614 }
615 entry = lock_slot(mapping, slot);
616 out_unlock:
617 xa_unlock_irq(&mapping->i_pages);
618 return entry;
619}
620
621/**
622 * dax_layout_busy_page - find first pinned page in @mapping
623 * @mapping: address space to scan for a page with ref count > 1
624 *
625 * DAX requires ZONE_DEVICE mapped pages. These pages are never
626 * 'onlined' to the page allocator so they are considered idle when
627 * page->count == 1. A filesystem uses this interface to determine if
628 * any page in the mapping is busy, i.e. for DMA, or other
629 * get_user_pages() usages.
630 *
631 * It is expected that the filesystem is holding locks to block the
632 * establishment of new mappings in this address_space. I.e. it expects
633 * to be able to run unmap_mapping_range() and subsequently not race
634 * mapping_mapped() becoming true.
635 */
636struct page *dax_layout_busy_page(struct address_space *mapping)
637{
638 pgoff_t indices[PAGEVEC_SIZE];
639 struct page *page = NULL;
640 struct pagevec pvec;
641 pgoff_t index, end;
642 unsigned i;
643
644 /*
645 * In the 'limited' case get_user_pages() for dax is disabled.
646 */
647 if (IS_ENABLED(CONFIG_FS_DAX_LIMITED))
648 return NULL;
649
650 if (!dax_mapping(mapping) || !mapping_mapped(mapping))
651 return NULL;
652
653 pagevec_init(&pvec);
654 index = 0;
655 end = -1;
656
657 /*
658 * If we race get_user_pages_fast() here either we'll see the
659 * elevated page count in the pagevec_lookup and wait, or
660 * get_user_pages_fast() will see that the page it took a reference
661 * against is no longer mapped in the page tables and bail to the
662 * get_user_pages() slow path. The slow path is protected by
663 * pte_lock() and pmd_lock(). New references are not taken without
664 * holding those locks, and unmap_mapping_range() will not zero the
665 * pte or pmd without holding the respective lock, so we are
666 * guaranteed to either see new references or prevent new
667 * references from being established.
668 */
669 unmap_mapping_range(mapping, 0, 0, 1);
670
671 while (index < end && pagevec_lookup_entries(&pvec, mapping, index,
672 min(end - index, (pgoff_t)PAGEVEC_SIZE),
673 indices)) {
674 pgoff_t nr_pages = 1;
675
676 for (i = 0; i < pagevec_count(&pvec); i++) {
677 struct page *pvec_ent = pvec.pages[i];
678 void *entry;
679
680 index = indices[i];
681 if (index >= end)
682 break;
683
684 if (WARN_ON_ONCE(
685 !radix_tree_exceptional_entry(pvec_ent)))
686 continue;
687
688 xa_lock_irq(&mapping->i_pages);
689 entry = get_unlocked_mapping_entry(mapping, index, NULL);
690 if (entry) {
691 page = dax_busy_page(entry);
692 /*
693 * Account for multi-order entries at
694 * the end of the pagevec.
695 */
696 if (i + 1 >= pagevec_count(&pvec))
697 nr_pages = 1UL << dax_radix_order(entry);
698 }
699 put_unlocked_mapping_entry(mapping, index, entry);
700 xa_unlock_irq(&mapping->i_pages);
701 if (page)
702 break;
703 }
704
705 /*
706 * We don't expect normal struct page entries to exist in our
707 * tree, but we keep these pagevec calls so that this code is
708 * consistent with the common pattern for handling pagevecs
709 * throughout the kernel.
710 */
711 pagevec_remove_exceptionals(&pvec);
712 pagevec_release(&pvec);
713 index += nr_pages;
714
715 if (page)
716 break;
717 }
718 return page;
719}
720EXPORT_SYMBOL_GPL(dax_layout_busy_page);
721
722static int __dax_invalidate_mapping_entry(struct address_space *mapping,
723 pgoff_t index, bool trunc)
724{
725 int ret = 0;
726 void *entry;
727 struct radix_tree_root *pages = &mapping->i_pages;
728
729 xa_lock_irq(pages);
730 entry = get_unlocked_mapping_entry(mapping, index, NULL);
731 if (!entry || WARN_ON_ONCE(!radix_tree_exceptional_entry(entry)))
732 goto out;
733 if (!trunc &&
734 (radix_tree_tag_get(pages, index, PAGECACHE_TAG_DIRTY) ||
735 radix_tree_tag_get(pages, index, PAGECACHE_TAG_TOWRITE)))
736 goto out;
737 dax_disassociate_entry(entry, mapping, trunc);
738 radix_tree_delete(pages, index);
739 mapping->nrexceptional--;
740 ret = 1;
741out:
742 put_unlocked_mapping_entry(mapping, index, entry);
743 xa_unlock_irq(pages);
744 return ret;
745}
746/*
747 * Delete exceptional DAX entry at @index from @mapping. Wait for radix tree
748 * entry to get unlocked before deleting it.
749 */
750int dax_delete_mapping_entry(struct address_space *mapping, pgoff_t index)
751{
752 int ret = __dax_invalidate_mapping_entry(mapping, index, true);
753
754 /*
755 * This gets called from truncate / punch_hole path. As such, the caller
756 * must hold locks protecting against concurrent modifications of the
757 * radix tree (usually fs-private i_mmap_sem for writing). Since the
758 * caller has seen exceptional entry for this index, we better find it
759 * at that index as well...
760 */
761 WARN_ON_ONCE(!ret);
762 return ret;
763}
764
765/*
766 * Invalidate exceptional DAX entry if it is clean.
767 */
768int dax_invalidate_mapping_entry_sync(struct address_space *mapping,
769 pgoff_t index)
770{
771 return __dax_invalidate_mapping_entry(mapping, index, false);
772}
773
774static int copy_user_dax(struct block_device *bdev, struct dax_device *dax_dev,
775 sector_t sector, size_t size, struct page *to,
776 unsigned long vaddr)
777{
778 void *vto, *kaddr;
779 pgoff_t pgoff;
780 long rc;
781 int id;
782
783 rc = bdev_dax_pgoff(bdev, sector, size, &pgoff);
784 if (rc)
785 return rc;
786
787 id = dax_read_lock();
788 rc = dax_direct_access(dax_dev, pgoff, PHYS_PFN(size), &kaddr, NULL);
789 if (rc < 0) {
790 dax_read_unlock(id);
791 return rc;
792 }
793 vto = kmap_atomic(to);
794 copy_user_page(vto, (void __force *)kaddr, vaddr, to);
795 kunmap_atomic(vto);
796 dax_read_unlock(id);
797 return 0;
798}
799
800/*
801 * By this point grab_mapping_entry() has ensured that we have a locked entry
802 * of the appropriate size so we don't have to worry about downgrading PMDs to
803 * PTEs. If we happen to be trying to insert a PTE and there is a PMD
804 * already in the tree, we will skip the insertion and just dirty the PMD as
805 * appropriate.
806 */
807static void *dax_insert_mapping_entry(struct address_space *mapping,
808 struct vm_fault *vmf,
809 void *entry, pfn_t pfn_t,
810 unsigned long flags, bool dirty)
811{
812 struct radix_tree_root *pages = &mapping->i_pages;
813 unsigned long pfn = pfn_t_to_pfn(pfn_t);
814 pgoff_t index = vmf->pgoff;
815 void *new_entry;
816
817 if (dirty)
818 __mark_inode_dirty(mapping->host, I_DIRTY_PAGES);
819
820 if (dax_is_zero_entry(entry) && !(flags & RADIX_DAX_ZERO_PAGE)) {
821 /* we are replacing a zero page with block mapping */
822 if (dax_is_pmd_entry(entry))
823 unmap_mapping_pages(mapping, index & ~PG_PMD_COLOUR,
824 PG_PMD_NR, false);
825 else /* pte entry */
826 unmap_mapping_pages(mapping, vmf->pgoff, 1, false);
827 }
828
829 xa_lock_irq(pages);
830 new_entry = dax_radix_locked_entry(pfn, flags);
831 if (dax_entry_size(entry) != dax_entry_size(new_entry)) {
832 dax_disassociate_entry(entry, mapping, false);
833 dax_associate_entry(new_entry, mapping, vmf->vma, vmf->address);
834 }
835
836 if (dax_is_zero_entry(entry) || dax_is_empty_entry(entry)) {
837 /*
838 * Only swap our new entry into the radix tree if the current
839 * entry is a zero page or an empty entry. If a normal PTE or
840 * PMD entry is already in the tree, we leave it alone. This
841 * means that if we are trying to insert a PTE and the
842 * existing entry is a PMD, we will just leave the PMD in the
843 * tree and dirty it if necessary.
844 */
845 struct radix_tree_node *node;
846 void **slot;
847 void *ret;
848
849 ret = __radix_tree_lookup(pages, index, &node, &slot);
850 WARN_ON_ONCE(ret != entry);
851 __radix_tree_replace(pages, node, slot,
852 new_entry, NULL);
853 entry = new_entry;
854 }
855
856 if (dirty)
857 radix_tree_tag_set(pages, index, PAGECACHE_TAG_DIRTY);
858
859 xa_unlock_irq(pages);
860 return entry;
861}
862
863static inline unsigned long
864pgoff_address(pgoff_t pgoff, struct vm_area_struct *vma)
865{
866 unsigned long address;
867
868 address = vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT);
869 VM_BUG_ON_VMA(address < vma->vm_start || address >= vma->vm_end, vma);
870 return address;
871}
872
873/* Walk all mappings of a given index of a file and writeprotect them */
874static void dax_mapping_entry_mkclean(struct address_space *mapping,
875 pgoff_t index, unsigned long pfn)
876{
877 struct vm_area_struct *vma;
878 pte_t pte, *ptep = NULL;
879 pmd_t *pmdp = NULL;
880 spinlock_t *ptl;
881
882 i_mmap_lock_read(mapping);
883 vma_interval_tree_foreach(vma, &mapping->i_mmap, index, index) {
884 unsigned long address, start, end;
885
886 cond_resched();
887
888 if (!(vma->vm_flags & VM_SHARED))
889 continue;
890
891 address = pgoff_address(index, vma);
892
893 /*
894 * Note because we provide start/end to follow_pte_pmd it will
895 * call mmu_notifier_invalidate_range_start() on our behalf
896 * before taking any lock.
897 */
898 if (follow_pte_pmd(vma->vm_mm, address, &start, &end, &ptep, &pmdp, &ptl))
899 continue;
900
901 /*
902 * No need to call mmu_notifier_invalidate_range() as we are
903 * downgrading page table protection not changing it to point
904 * to a new page.
905 *
906 * See Documentation/vm/mmu_notifier.rst
907 */
908 if (pmdp) {
909#ifdef CONFIG_FS_DAX_PMD
910 pmd_t pmd;
911
912 if (pfn != pmd_pfn(*pmdp))
913 goto unlock_pmd;
914 if (!pmd_dirty(*pmdp) && !pmd_write(*pmdp))
915 goto unlock_pmd;
916
917 flush_cache_page(vma, address, pfn);
918 pmd = pmdp_huge_clear_flush(vma, address, pmdp);
919 pmd = pmd_wrprotect(pmd);
920 pmd = pmd_mkclean(pmd);
921 set_pmd_at(vma->vm_mm, address, pmdp, pmd);
922unlock_pmd:
923#endif
924 spin_unlock(ptl);
925 } else {
926 if (pfn != pte_pfn(*ptep))
927 goto unlock_pte;
928 if (!pte_dirty(*ptep) && !pte_write(*ptep))
929 goto unlock_pte;
930
931 flush_cache_page(vma, address, pfn);
932 pte = ptep_clear_flush(vma, address, ptep);
933 pte = pte_wrprotect(pte);
934 pte = pte_mkclean(pte);
935 set_pte_at(vma->vm_mm, address, ptep, pte);
936unlock_pte:
937 pte_unmap_unlock(ptep, ptl);
938 }
939
940 mmu_notifier_invalidate_range_end(vma->vm_mm, start, end);
941 }
942 i_mmap_unlock_read(mapping);
943}
944
945static int dax_writeback_one(struct dax_device *dax_dev,
946 struct address_space *mapping, pgoff_t index, void *entry)
947{
948 struct radix_tree_root *pages = &mapping->i_pages;
949 void *entry2, **slot;
950 unsigned long pfn;
951 long ret = 0;
952 size_t size;
953
954 /*
955 * A page got tagged dirty in DAX mapping? Something is seriously
956 * wrong.
957 */
958 if (WARN_ON(!radix_tree_exceptional_entry(entry)))
959 return -EIO;
960
961 xa_lock_irq(pages);
962 entry2 = get_unlocked_mapping_entry(mapping, index, &slot);
963 /* Entry got punched out / reallocated? */
964 if (!entry2 || WARN_ON_ONCE(!radix_tree_exceptional_entry(entry2)))
965 goto put_unlocked;
966 /*
967 * Entry got reallocated elsewhere? No need to writeback. We have to
968 * compare pfns as we must not bail out due to difference in lockbit
969 * or entry type.
970 */
971 if (dax_radix_pfn(entry2) != dax_radix_pfn(entry))
972 goto put_unlocked;
973 if (WARN_ON_ONCE(dax_is_empty_entry(entry) ||
974 dax_is_zero_entry(entry))) {
975 ret = -EIO;
976 goto put_unlocked;
977 }
978
979 /* Another fsync thread may have already written back this entry */
980 if (!radix_tree_tag_get(pages, index, PAGECACHE_TAG_TOWRITE))
981 goto put_unlocked;
982 /* Lock the entry to serialize with page faults */
983 entry = lock_slot(mapping, slot);
984 /*
985 * We can clear the tag now but we have to be careful so that concurrent
986 * dax_writeback_one() calls for the same index cannot finish before we
987 * actually flush the caches. This is achieved as the calls will look
988 * at the entry only under the i_pages lock and once they do that
989 * they will see the entry locked and wait for it to unlock.
990 */
991 radix_tree_tag_clear(pages, index, PAGECACHE_TAG_TOWRITE);
992 xa_unlock_irq(pages);
993
994 /*
995 * Even if dax_writeback_mapping_range() was given a wbc->range_start
996 * in the middle of a PMD, the 'index' we are given will be aligned to
997 * the start index of the PMD, as will the pfn we pull from 'entry'.
998 * This allows us to flush for PMD_SIZE and not have to worry about
999 * partial PMD writebacks.
1000 */
1001 pfn = dax_radix_pfn(entry);
1002 size = PAGE_SIZE << dax_radix_order(entry);
1003
1004 dax_mapping_entry_mkclean(mapping, index, pfn);
1005 dax_flush(dax_dev, page_address(pfn_to_page(pfn)), size);
1006 /*
1007 * After we have flushed the cache, we can clear the dirty tag. There
1008 * cannot be new dirty data in the pfn after the flush has completed as
1009 * the pfn mappings are writeprotected and fault waits for mapping
1010 * entry lock.
1011 */
1012 xa_lock_irq(pages);
1013 radix_tree_tag_clear(pages, index, PAGECACHE_TAG_DIRTY);
1014 xa_unlock_irq(pages);
1015 trace_dax_writeback_one(mapping->host, index, size >> PAGE_SHIFT);
1016 put_locked_mapping_entry(mapping, index);
1017 return ret;
1018
1019 put_unlocked:
1020 put_unlocked_mapping_entry(mapping, index, entry2);
1021 xa_unlock_irq(pages);
1022 return ret;
1023}
1024
1025/*
1026 * Flush the mapping to the persistent domain within the byte range of [start,
1027 * end]. This is required by data integrity operations to ensure file data is
1028 * on persistent storage prior to completion of the operation.
1029 */
1030int dax_writeback_mapping_range(struct address_space *mapping,
1031 struct block_device *bdev, struct writeback_control *wbc)
1032{
1033 struct inode *inode = mapping->host;
1034 pgoff_t start_index, end_index;
1035 pgoff_t indices[PAGEVEC_SIZE];
1036 struct dax_device *dax_dev;
1037 struct pagevec pvec;
1038 bool done = false;
1039 int i, ret = 0;
1040
1041 if (WARN_ON_ONCE(inode->i_blkbits != PAGE_SHIFT))
1042 return -EIO;
1043
1044 if (!mapping->nrexceptional || wbc->sync_mode != WB_SYNC_ALL)
1045 return 0;
1046
1047 dax_dev = dax_get_by_host(bdev->bd_disk->disk_name);
1048 if (!dax_dev)
1049 return -EIO;
1050
1051 start_index = wbc->range_start >> PAGE_SHIFT;
1052 end_index = wbc->range_end >> PAGE_SHIFT;
1053
1054 trace_dax_writeback_range(inode, start_index, end_index);
1055
1056 tag_pages_for_writeback(mapping, start_index, end_index);
1057
1058 pagevec_init(&pvec);
1059 while (!done) {
1060 pvec.nr = find_get_entries_tag(mapping, start_index,
1061 PAGECACHE_TAG_TOWRITE, PAGEVEC_SIZE,
1062 pvec.pages, indices);
1063
1064 if (pvec.nr == 0)
1065 break;
1066
1067 for (i = 0; i < pvec.nr; i++) {
1068 if (indices[i] > end_index) {
1069 done = true;
1070 break;
1071 }
1072
1073 ret = dax_writeback_one(dax_dev, mapping, indices[i],
1074 pvec.pages[i]);
1075 if (ret < 0) {
1076 mapping_set_error(mapping, ret);
1077 goto out;
1078 }
1079 }
1080 start_index = indices[pvec.nr - 1] + 1;
1081 }
1082out:
1083 put_dax(dax_dev);
1084 trace_dax_writeback_range_done(inode, start_index, end_index);
1085 return (ret < 0 ? ret : 0);
1086}
1087EXPORT_SYMBOL_GPL(dax_writeback_mapping_range);
1088
1089static sector_t dax_iomap_sector(struct iomap *iomap, loff_t pos)
1090{
1091 return (iomap->addr + (pos & PAGE_MASK) - iomap->offset) >> 9;
1092}
1093
1094static int dax_iomap_pfn(struct iomap *iomap, loff_t pos, size_t size,
1095 pfn_t *pfnp)
1096{
1097 const sector_t sector = dax_iomap_sector(iomap, pos);
1098 pgoff_t pgoff;
1099 int id, rc;
1100 long length;
1101
1102 rc = bdev_dax_pgoff(iomap->bdev, sector, size, &pgoff);
1103 if (rc)
1104 return rc;
1105 id = dax_read_lock();
1106 length = dax_direct_access(iomap->dax_dev, pgoff, PHYS_PFN(size),
1107 NULL, pfnp);
1108 if (length < 0) {
1109 rc = length;
1110 goto out;
1111 }
1112 rc = -EINVAL;
1113 if (PFN_PHYS(length) < size)
1114 goto out;
1115 if (pfn_t_to_pfn(*pfnp) & (PHYS_PFN(size)-1))
1116 goto out;
1117 /* For larger pages we need devmap */
1118 if (length > 1 && !pfn_t_devmap(*pfnp))
1119 goto out;
1120 rc = 0;
1121out:
1122 dax_read_unlock(id);
1123 return rc;
1124}
1125
1126/*
1127 * The user has performed a load from a hole in the file. Allocating a new
1128 * page in the file would cause excessive storage usage for workloads with
1129 * sparse files. Instead we insert a read-only mapping of the 4k zero page.
1130 * If this page is ever written to we will re-fault and change the mapping to
1131 * point to real DAX storage instead.
1132 */
1133static vm_fault_t dax_load_hole(struct address_space *mapping, void *entry,
1134 struct vm_fault *vmf)
1135{
1136 struct inode *inode = mapping->host;
1137 unsigned long vaddr = vmf->address;
1138 pfn_t pfn = pfn_to_pfn_t(my_zero_pfn(vaddr));
1139 vm_fault_t ret;
1140
1141 dax_insert_mapping_entry(mapping, vmf, entry, pfn, RADIX_DAX_ZERO_PAGE,
1142 false);
1143 ret = vmf_insert_mixed(vmf->vma, vaddr, pfn);
1144 trace_dax_load_hole(inode, vmf, ret);
1145 return ret;
1146}
1147
1148static bool dax_range_is_aligned(struct block_device *bdev,
1149 unsigned int offset, unsigned int length)
1150{
1151 unsigned short sector_size = bdev_logical_block_size(bdev);
1152
1153 if (!IS_ALIGNED(offset, sector_size))
1154 return false;
1155 if (!IS_ALIGNED(length, sector_size))
1156 return false;
1157
1158 return true;
1159}
1160
1161int __dax_zero_page_range(struct block_device *bdev,
1162 struct dax_device *dax_dev, sector_t sector,
1163 unsigned int offset, unsigned int size)
1164{
1165 if (dax_range_is_aligned(bdev, offset, size)) {
1166 sector_t start_sector = sector + (offset >> 9);
1167
1168 return blkdev_issue_zeroout(bdev, start_sector,
1169 size >> 9, GFP_NOFS, 0);
1170 } else {
1171 pgoff_t pgoff;
1172 long rc, id;
1173 void *kaddr;
1174
1175 rc = bdev_dax_pgoff(bdev, sector, PAGE_SIZE, &pgoff);
1176 if (rc)
1177 return rc;
1178
1179 id = dax_read_lock();
1180 rc = dax_direct_access(dax_dev, pgoff, 1, &kaddr, NULL);
1181 if (rc < 0) {
1182 dax_read_unlock(id);
1183 return rc;
1184 }
1185 memset(kaddr + offset, 0, size);
1186 dax_flush(dax_dev, kaddr + offset, size);
1187 dax_read_unlock(id);
1188 }
1189 return 0;
1190}
1191EXPORT_SYMBOL_GPL(__dax_zero_page_range);
1192
1193static loff_t
1194dax_iomap_actor(struct inode *inode, loff_t pos, loff_t length, void *data,
1195 struct iomap *iomap)
1196{
1197 struct block_device *bdev = iomap->bdev;
1198 struct dax_device *dax_dev = iomap->dax_dev;
1199 struct iov_iter *iter = data;
1200 loff_t end = pos + length, done = 0;
1201 ssize_t ret = 0;
1202 size_t xfer;
1203 int id;
1204
1205 if (iov_iter_rw(iter) == READ) {
1206 end = min(end, i_size_read(inode));
1207 if (pos >= end)
1208 return 0;
1209
1210 if (iomap->type == IOMAP_HOLE || iomap->type == IOMAP_UNWRITTEN)
1211 return iov_iter_zero(min(length, end - pos), iter);
1212 }
1213
1214 if (WARN_ON_ONCE(iomap->type != IOMAP_MAPPED))
1215 return -EIO;
1216
1217 /*
1218 * Write can allocate block for an area which has a hole page mapped
1219 * into page tables. We have to tear down these mappings so that data
1220 * written by write(2) is visible in mmap.
1221 */
1222 if (iomap->flags & IOMAP_F_NEW) {
1223 invalidate_inode_pages2_range(inode->i_mapping,
1224 pos >> PAGE_SHIFT,
1225 (end - 1) >> PAGE_SHIFT);
1226 }
1227
1228 id = dax_read_lock();
1229 while (pos < end) {
1230 unsigned offset = pos & (PAGE_SIZE - 1);
1231 const size_t size = ALIGN(length + offset, PAGE_SIZE);
1232 const sector_t sector = dax_iomap_sector(iomap, pos);
1233 ssize_t map_len;
1234 pgoff_t pgoff;
1235 void *kaddr;
1236
1237 if (fatal_signal_pending(current)) {
1238 ret = -EINTR;
1239 break;
1240 }
1241
1242 ret = bdev_dax_pgoff(bdev, sector, size, &pgoff);
1243 if (ret)
1244 break;
1245
1246 map_len = dax_direct_access(dax_dev, pgoff, PHYS_PFN(size),
1247 &kaddr, NULL);
1248 if (map_len < 0) {
1249 ret = map_len;
1250 break;
1251 }
1252
1253 map_len = PFN_PHYS(map_len);
1254 kaddr += offset;
1255 map_len -= offset;
1256 if (map_len > end - pos)
1257 map_len = end - pos;
1258
1259 /*
1260 * The userspace address for the memory copy has already been
1261 * validated via access_ok() in either vfs_read() or
1262 * vfs_write(), depending on which operation we are doing.
1263 */
1264 if (iov_iter_rw(iter) == WRITE)
1265 xfer = dax_copy_from_iter(dax_dev, pgoff, kaddr,
1266 map_len, iter);
1267 else
1268 xfer = dax_copy_to_iter(dax_dev, pgoff, kaddr,
1269 map_len, iter);
1270
1271 pos += xfer;
1272 length -= xfer;
1273 done += xfer;
1274
1275 if (xfer == 0)
1276 ret = -EFAULT;
1277 if (xfer < map_len)
1278 break;
1279 }
1280 dax_read_unlock(id);
1281
1282 return done ? done : ret;
1283}
1284
1285/**
1286 * dax_iomap_rw - Perform I/O to a DAX file
1287 * @iocb: The control block for this I/O
1288 * @iter: The addresses to do I/O from or to
1289 * @ops: iomap ops passed from the file system
1290 *
1291 * This function performs read and write operations to directly mapped
1292 * persistent memory. The callers needs to take care of read/write exclusion
1293 * and evicting any page cache pages in the region under I/O.
1294 */
1295ssize_t
1296dax_iomap_rw(struct kiocb *iocb, struct iov_iter *iter,
1297 const struct iomap_ops *ops)
1298{
1299 struct address_space *mapping = iocb->ki_filp->f_mapping;
1300 struct inode *inode = mapping->host;
1301 loff_t pos = iocb->ki_pos, ret = 0, done = 0;
1302 unsigned flags = 0;
1303
1304 if (iov_iter_rw(iter) == WRITE) {
1305 lockdep_assert_held_exclusive(&inode->i_rwsem);
1306 flags |= IOMAP_WRITE;
1307 } else {
1308 lockdep_assert_held(&inode->i_rwsem);
1309 }
1310
1311 while (iov_iter_count(iter)) {
1312 ret = iomap_apply(inode, pos, iov_iter_count(iter), flags, ops,
1313 iter, dax_iomap_actor);
1314 if (ret <= 0)
1315 break;
1316 pos += ret;
1317 done += ret;
1318 }
1319
1320 iocb->ki_pos += done;
1321 return done ? done : ret;
1322}
1323EXPORT_SYMBOL_GPL(dax_iomap_rw);
1324
1325static vm_fault_t dax_fault_return(int error)
1326{
1327 if (error == 0)
1328 return VM_FAULT_NOPAGE;
1329 if (error == -ENOMEM)
1330 return VM_FAULT_OOM;
1331 return VM_FAULT_SIGBUS;
1332}
1333
1334/*
1335 * MAP_SYNC on a dax mapping guarantees dirty metadata is
1336 * flushed on write-faults (non-cow), but not read-faults.
1337 */
1338static bool dax_fault_is_synchronous(unsigned long flags,
1339 struct vm_area_struct *vma, struct iomap *iomap)
1340{
1341 return (flags & IOMAP_WRITE) && (vma->vm_flags & VM_SYNC)
1342 && (iomap->flags & IOMAP_F_DIRTY);
1343}
1344
1345static vm_fault_t dax_iomap_pte_fault(struct vm_fault *vmf, pfn_t *pfnp,
1346 int *iomap_errp, const struct iomap_ops *ops)
1347{
1348 struct vm_area_struct *vma = vmf->vma;
1349 struct address_space *mapping = vma->vm_file->f_mapping;
1350 struct inode *inode = mapping->host;
1351 unsigned long vaddr = vmf->address;
1352 loff_t pos = (loff_t)vmf->pgoff << PAGE_SHIFT;
1353 struct iomap iomap = { 0 };
1354 unsigned flags = IOMAP_FAULT;
1355 int error, major = 0;
1356 bool write = vmf->flags & FAULT_FLAG_WRITE;
1357 bool sync;
1358 vm_fault_t ret = 0;
1359 void *entry;
1360 pfn_t pfn;
1361
1362 trace_dax_pte_fault(inode, vmf, ret);
1363 /*
1364 * Check whether offset isn't beyond end of file now. Caller is supposed
1365 * to hold locks serializing us with truncate / punch hole so this is
1366 * a reliable test.
1367 */
1368 if (pos >= i_size_read(inode)) {
1369 ret = VM_FAULT_SIGBUS;
1370 goto out;
1371 }
1372
1373 if (write && !vmf->cow_page)
1374 flags |= IOMAP_WRITE;
1375
1376 entry = grab_mapping_entry(mapping, vmf->pgoff, 0);
1377 if (IS_ERR(entry)) {
1378 ret = dax_fault_return(PTR_ERR(entry));
1379 goto out;
1380 }
1381
1382 /*
1383 * It is possible, particularly with mixed reads & writes to private
1384 * mappings, that we have raced with a PMD fault that overlaps with
1385 * the PTE we need to set up. If so just return and the fault will be
1386 * retried.
1387 */
1388 if (pmd_trans_huge(*vmf->pmd) || pmd_devmap(*vmf->pmd)) {
1389 ret = VM_FAULT_NOPAGE;
1390 goto unlock_entry;
1391 }
1392
1393 /*
1394 * Note that we don't bother to use iomap_apply here: DAX required
1395 * the file system block size to be equal the page size, which means
1396 * that we never have to deal with more than a single extent here.
1397 */
1398 error = ops->iomap_begin(inode, pos, PAGE_SIZE, flags, &iomap);
1399 if (iomap_errp)
1400 *iomap_errp = error;
1401 if (error) {
1402 ret = dax_fault_return(error);
1403 goto unlock_entry;
1404 }
1405 if (WARN_ON_ONCE(iomap.offset + iomap.length < pos + PAGE_SIZE)) {
1406 error = -EIO; /* fs corruption? */
1407 goto error_finish_iomap;
1408 }
1409
1410 if (vmf->cow_page) {
1411 sector_t sector = dax_iomap_sector(&iomap, pos);
1412
1413 switch (iomap.type) {
1414 case IOMAP_HOLE:
1415 case IOMAP_UNWRITTEN:
1416 clear_user_highpage(vmf->cow_page, vaddr);
1417 break;
1418 case IOMAP_MAPPED:
1419 error = copy_user_dax(iomap.bdev, iomap.dax_dev,
1420 sector, PAGE_SIZE, vmf->cow_page, vaddr);
1421 break;
1422 default:
1423 WARN_ON_ONCE(1);
1424 error = -EIO;
1425 break;
1426 }
1427
1428 if (error)
1429 goto error_finish_iomap;
1430
1431 __SetPageUptodate(vmf->cow_page);
1432 ret = finish_fault(vmf);
1433 if (!ret)
1434 ret = VM_FAULT_DONE_COW;
1435 goto finish_iomap;
1436 }
1437
1438 sync = dax_fault_is_synchronous(flags, vma, &iomap);
1439
1440 switch (iomap.type) {
1441 case IOMAP_MAPPED:
1442 if (iomap.flags & IOMAP_F_NEW) {
1443 count_vm_event(PGMAJFAULT);
1444 count_memcg_event_mm(vma->vm_mm, PGMAJFAULT);
1445 major = VM_FAULT_MAJOR;
1446 }
1447 error = dax_iomap_pfn(&iomap, pos, PAGE_SIZE, &pfn);
1448 if (error < 0)
1449 goto error_finish_iomap;
1450
1451 entry = dax_insert_mapping_entry(mapping, vmf, entry, pfn,
1452 0, write && !sync);
1453
1454 /*
1455 * If we are doing synchronous page fault and inode needs fsync,
1456 * we can insert PTE into page tables only after that happens.
1457 * Skip insertion for now and return the pfn so that caller can
1458 * insert it after fsync is done.
1459 */
1460 if (sync) {
1461 if (WARN_ON_ONCE(!pfnp)) {
1462 error = -EIO;
1463 goto error_finish_iomap;
1464 }
1465 *pfnp = pfn;
1466 ret = VM_FAULT_NEEDDSYNC | major;
1467 goto finish_iomap;
1468 }
1469 trace_dax_insert_mapping(inode, vmf, entry);
1470 if (write)
1471 ret = vmf_insert_mixed_mkwrite(vma, vaddr, pfn);
1472 else
1473 ret = vmf_insert_mixed(vma, vaddr, pfn);
1474
1475 goto finish_iomap;
1476 case IOMAP_UNWRITTEN:
1477 case IOMAP_HOLE:
1478 if (!write) {
1479 ret = dax_load_hole(mapping, entry, vmf);
1480 goto finish_iomap;
1481 }
1482 /*FALLTHRU*/
1483 default:
1484 WARN_ON_ONCE(1);
1485 error = -EIO;
1486 break;
1487 }
1488
1489 error_finish_iomap:
1490 ret = dax_fault_return(error);
1491 finish_iomap:
1492 if (ops->iomap_end) {
1493 int copied = PAGE_SIZE;
1494
1495 if (ret & VM_FAULT_ERROR)
1496 copied = 0;
1497 /*
1498 * The fault is done by now and there's no way back (other
1499 * thread may be already happily using PTE we have installed).
1500 * Just ignore error from ->iomap_end since we cannot do much
1501 * with it.
1502 */
1503 ops->iomap_end(inode, pos, PAGE_SIZE, copied, flags, &iomap);
1504 }
1505 unlock_entry:
1506 put_locked_mapping_entry(mapping, vmf->pgoff);
1507 out:
1508 trace_dax_pte_fault_done(inode, vmf, ret);
1509 return ret | major;
1510}
1511
1512#ifdef CONFIG_FS_DAX_PMD
1513static vm_fault_t dax_pmd_load_hole(struct vm_fault *vmf, struct iomap *iomap,
1514 void *entry)
1515{
1516 struct address_space *mapping = vmf->vma->vm_file->f_mapping;
1517 unsigned long pmd_addr = vmf->address & PMD_MASK;
1518 struct inode *inode = mapping->host;
1519 struct page *zero_page;
1520 void *ret = NULL;
1521 spinlock_t *ptl;
1522 pmd_t pmd_entry;
1523 pfn_t pfn;
1524
1525 zero_page = mm_get_huge_zero_page(vmf->vma->vm_mm);
1526
1527 if (unlikely(!zero_page))
1528 goto fallback;
1529
1530 pfn = page_to_pfn_t(zero_page);
1531 ret = dax_insert_mapping_entry(mapping, vmf, entry, pfn,
1532 RADIX_DAX_PMD | RADIX_DAX_ZERO_PAGE, false);
1533
1534 ptl = pmd_lock(vmf->vma->vm_mm, vmf->pmd);
1535 if (!pmd_none(*(vmf->pmd))) {
1536 spin_unlock(ptl);
1537 goto fallback;
1538 }
1539
1540 pmd_entry = mk_pmd(zero_page, vmf->vma->vm_page_prot);
1541 pmd_entry = pmd_mkhuge(pmd_entry);
1542 set_pmd_at(vmf->vma->vm_mm, pmd_addr, vmf->pmd, pmd_entry);
1543 spin_unlock(ptl);
1544 trace_dax_pmd_load_hole(inode, vmf, zero_page, ret);
1545 return VM_FAULT_NOPAGE;
1546
1547fallback:
1548 trace_dax_pmd_load_hole_fallback(inode, vmf, zero_page, ret);
1549 return VM_FAULT_FALLBACK;
1550}
1551
1552static vm_fault_t dax_iomap_pmd_fault(struct vm_fault *vmf, pfn_t *pfnp,
1553 const struct iomap_ops *ops)
1554{
1555 struct vm_area_struct *vma = vmf->vma;
1556 struct address_space *mapping = vma->vm_file->f_mapping;
1557 unsigned long pmd_addr = vmf->address & PMD_MASK;
1558 bool write = vmf->flags & FAULT_FLAG_WRITE;
1559 bool sync;
1560 unsigned int iomap_flags = (write ? IOMAP_WRITE : 0) | IOMAP_FAULT;
1561 struct inode *inode = mapping->host;
1562 vm_fault_t result = VM_FAULT_FALLBACK;
1563 struct iomap iomap = { 0 };
1564 pgoff_t max_pgoff, pgoff;
1565 void *entry;
1566 loff_t pos;
1567 int error;
1568 pfn_t pfn;
1569
1570 /*
1571 * Check whether offset isn't beyond end of file now. Caller is
1572 * supposed to hold locks serializing us with truncate / punch hole so
1573 * this is a reliable test.
1574 */
1575 pgoff = linear_page_index(vma, pmd_addr);
1576 max_pgoff = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE);
1577
1578 trace_dax_pmd_fault(inode, vmf, max_pgoff, 0);
1579
1580 /*
1581 * Make sure that the faulting address's PMD offset (color) matches
1582 * the PMD offset from the start of the file. This is necessary so
1583 * that a PMD range in the page table overlaps exactly with a PMD
1584 * range in the radix tree.
1585 */
1586 if ((vmf->pgoff & PG_PMD_COLOUR) !=
1587 ((vmf->address >> PAGE_SHIFT) & PG_PMD_COLOUR))
1588 goto fallback;
1589
1590 /* Fall back to PTEs if we're going to COW */
1591 if (write && !(vma->vm_flags & VM_SHARED))
1592 goto fallback;
1593
1594 /* If the PMD would extend outside the VMA */
1595 if (pmd_addr < vma->vm_start)
1596 goto fallback;
1597 if ((pmd_addr + PMD_SIZE) > vma->vm_end)
1598 goto fallback;
1599
1600 if (pgoff >= max_pgoff) {
1601 result = VM_FAULT_SIGBUS;
1602 goto out;
1603 }
1604
1605 /* If the PMD would extend beyond the file size */
1606 if ((pgoff | PG_PMD_COLOUR) >= max_pgoff)
1607 goto fallback;
1608
1609 /*
1610 * grab_mapping_entry() will make sure we get a 2MiB empty entry, a
1611 * 2MiB zero page entry or a DAX PMD. If it can't (because a 4k page
1612 * is already in the tree, for instance), it will return -EEXIST and
1613 * we just fall back to 4k entries.
1614 */
1615 entry = grab_mapping_entry(mapping, pgoff, RADIX_DAX_PMD);
1616 if (IS_ERR(entry))
1617 goto fallback;
1618
1619 /*
1620 * It is possible, particularly with mixed reads & writes to private
1621 * mappings, that we have raced with a PTE fault that overlaps with
1622 * the PMD we need to set up. If so just return and the fault will be
1623 * retried.
1624 */
1625 if (!pmd_none(*vmf->pmd) && !pmd_trans_huge(*vmf->pmd) &&
1626 !pmd_devmap(*vmf->pmd)) {
1627 result = 0;
1628 goto unlock_entry;
1629 }
1630
1631 /*
1632 * Note that we don't use iomap_apply here. We aren't doing I/O, only
1633 * setting up a mapping, so really we're using iomap_begin() as a way
1634 * to look up our filesystem block.
1635 */
1636 pos = (loff_t)pgoff << PAGE_SHIFT;
1637 error = ops->iomap_begin(inode, pos, PMD_SIZE, iomap_flags, &iomap);
1638 if (error)
1639 goto unlock_entry;
1640
1641 if (iomap.offset + iomap.length < pos + PMD_SIZE)
1642 goto finish_iomap;
1643
1644 sync = dax_fault_is_synchronous(iomap_flags, vma, &iomap);
1645
1646 switch (iomap.type) {
1647 case IOMAP_MAPPED:
1648 error = dax_iomap_pfn(&iomap, pos, PMD_SIZE, &pfn);
1649 if (error < 0)
1650 goto finish_iomap;
1651
1652 entry = dax_insert_mapping_entry(mapping, vmf, entry, pfn,
1653 RADIX_DAX_PMD, write && !sync);
1654
1655 /*
1656 * If we are doing synchronous page fault and inode needs fsync,
1657 * we can insert PMD into page tables only after that happens.
1658 * Skip insertion for now and return the pfn so that caller can
1659 * insert it after fsync is done.
1660 */
1661 if (sync) {
1662 if (WARN_ON_ONCE(!pfnp))
1663 goto finish_iomap;
1664 *pfnp = pfn;
1665 result = VM_FAULT_NEEDDSYNC;
1666 goto finish_iomap;
1667 }
1668
1669 trace_dax_pmd_insert_mapping(inode, vmf, PMD_SIZE, pfn, entry);
1670 result = vmf_insert_pfn_pmd(vma, vmf->address, vmf->pmd, pfn,
1671 write);
1672 break;
1673 case IOMAP_UNWRITTEN:
1674 case IOMAP_HOLE:
1675 if (WARN_ON_ONCE(write))
1676 break;
1677 result = dax_pmd_load_hole(vmf, &iomap, entry);
1678 break;
1679 default:
1680 WARN_ON_ONCE(1);
1681 break;
1682 }
1683
1684 finish_iomap:
1685 if (ops->iomap_end) {
1686 int copied = PMD_SIZE;
1687
1688 if (result == VM_FAULT_FALLBACK)
1689 copied = 0;
1690 /*
1691 * The fault is done by now and there's no way back (other
1692 * thread may be already happily using PMD we have installed).
1693 * Just ignore error from ->iomap_end since we cannot do much
1694 * with it.
1695 */
1696 ops->iomap_end(inode, pos, PMD_SIZE, copied, iomap_flags,
1697 &iomap);
1698 }
1699 unlock_entry:
1700 put_locked_mapping_entry(mapping, pgoff);
1701 fallback:
1702 if (result == VM_FAULT_FALLBACK) {
1703 split_huge_pmd(vma, vmf->pmd, vmf->address);
1704 count_vm_event(THP_FAULT_FALLBACK);
1705 }
1706out:
1707 trace_dax_pmd_fault_done(inode, vmf, max_pgoff, result);
1708 return result;
1709}
1710#else
1711static vm_fault_t dax_iomap_pmd_fault(struct vm_fault *vmf, pfn_t *pfnp,
1712 const struct iomap_ops *ops)
1713{
1714 return VM_FAULT_FALLBACK;
1715}
1716#endif /* CONFIG_FS_DAX_PMD */
1717
1718/**
1719 * dax_iomap_fault - handle a page fault on a DAX file
1720 * @vmf: The description of the fault
1721 * @pe_size: Size of the page to fault in
1722 * @pfnp: PFN to insert for synchronous faults if fsync is required
1723 * @iomap_errp: Storage for detailed error code in case of error
1724 * @ops: Iomap ops passed from the file system
1725 *
1726 * When a page fault occurs, filesystems may call this helper in
1727 * their fault handler for DAX files. dax_iomap_fault() assumes the caller
1728 * has done all the necessary locking for page fault to proceed
1729 * successfully.
1730 */
1731vm_fault_t dax_iomap_fault(struct vm_fault *vmf, enum page_entry_size pe_size,
1732 pfn_t *pfnp, int *iomap_errp, const struct iomap_ops *ops)
1733{
1734 switch (pe_size) {
1735 case PE_SIZE_PTE:
1736 return dax_iomap_pte_fault(vmf, pfnp, iomap_errp, ops);
1737 case PE_SIZE_PMD:
1738 return dax_iomap_pmd_fault(vmf, pfnp, ops);
1739 default:
1740 return VM_FAULT_FALLBACK;
1741 }
1742}
1743EXPORT_SYMBOL_GPL(dax_iomap_fault);
1744
1745/**
1746 * dax_insert_pfn_mkwrite - insert PTE or PMD entry into page tables
1747 * @vmf: The description of the fault
1748 * @pe_size: Size of entry to be inserted
1749 * @pfn: PFN to insert
1750 *
1751 * This function inserts writeable PTE or PMD entry into page tables for mmaped
1752 * DAX file. It takes care of marking corresponding radix tree entry as dirty
1753 * as well.
1754 */
1755static vm_fault_t dax_insert_pfn_mkwrite(struct vm_fault *vmf,
1756 enum page_entry_size pe_size,
1757 pfn_t pfn)
1758{
1759 struct address_space *mapping = vmf->vma->vm_file->f_mapping;
1760 void *entry, **slot;
1761 pgoff_t index = vmf->pgoff;
1762 vm_fault_t ret;
1763
1764 xa_lock_irq(&mapping->i_pages);
1765 entry = get_unlocked_mapping_entry(mapping, index, &slot);
1766 /* Did we race with someone splitting entry or so? */
1767 if (!entry ||
1768 (pe_size == PE_SIZE_PTE && !dax_is_pte_entry(entry)) ||
1769 (pe_size == PE_SIZE_PMD && !dax_is_pmd_entry(entry))) {
1770 put_unlocked_mapping_entry(mapping, index, entry);
1771 xa_unlock_irq(&mapping->i_pages);
1772 trace_dax_insert_pfn_mkwrite_no_entry(mapping->host, vmf,
1773 VM_FAULT_NOPAGE);
1774 return VM_FAULT_NOPAGE;
1775 }
1776 radix_tree_tag_set(&mapping->i_pages, index, PAGECACHE_TAG_DIRTY);
1777 entry = lock_slot(mapping, slot);
1778 xa_unlock_irq(&mapping->i_pages);
1779 switch (pe_size) {
1780 case PE_SIZE_PTE:
1781 ret = vmf_insert_mixed_mkwrite(vmf->vma, vmf->address, pfn);
1782 break;
1783#ifdef CONFIG_FS_DAX_PMD
1784 case PE_SIZE_PMD:
1785 ret = vmf_insert_pfn_pmd(vmf->vma, vmf->address, vmf->pmd,
1786 pfn, true);
1787 break;
1788#endif
1789 default:
1790 ret = VM_FAULT_FALLBACK;
1791 }
1792 put_locked_mapping_entry(mapping, index);
1793 trace_dax_insert_pfn_mkwrite(mapping->host, vmf, ret);
1794 return ret;
1795}
1796
1797/**
1798 * dax_finish_sync_fault - finish synchronous page fault
1799 * @vmf: The description of the fault
1800 * @pe_size: Size of entry to be inserted
1801 * @pfn: PFN to insert
1802 *
1803 * This function ensures that the file range touched by the page fault is
1804 * stored persistently on the media and handles inserting of appropriate page
1805 * table entry.
1806 */
1807vm_fault_t dax_finish_sync_fault(struct vm_fault *vmf,
1808 enum page_entry_size pe_size, pfn_t pfn)
1809{
1810 int err;
1811 loff_t start = ((loff_t)vmf->pgoff) << PAGE_SHIFT;
1812 size_t len = 0;
1813
1814 if (pe_size == PE_SIZE_PTE)
1815 len = PAGE_SIZE;
1816 else if (pe_size == PE_SIZE_PMD)
1817 len = PMD_SIZE;
1818 else
1819 WARN_ON_ONCE(1);
1820 err = vfs_fsync_range(vmf->vma->vm_file, start, start + len - 1, 1);
1821 if (err)
1822 return VM_FAULT_SIGBUS;
1823 return dax_insert_pfn_mkwrite(vmf, pe_size, pfn);
1824}
1825EXPORT_SYMBOL_GPL(dax_finish_sync_fault);