1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Functions related to mapping data to requests 4 */ 5 #include <linux/kernel.h> 6 #include <linux/sched/task_stack.h> 7 #include <linux/module.h> 8 #include <linux/bio.h> 9 #include <linux/blkdev.h> 10 #include <linux/uio.h> 11 12 #include "blk.h" 13 14 struct bio_map_data { 15 bool is_our_pages : 1; 16 bool is_null_mapped : 1; 17 struct iov_iter iter; 18 struct iovec iov[]; 19 }; 20 21 static struct bio_map_data *bio_alloc_map_data(struct iov_iter *data, 22 gfp_t gfp_mask) 23 { 24 struct bio_map_data *bmd; 25 26 if (data->nr_segs > UIO_MAXIOV) 27 return NULL; 28 29 bmd = kmalloc(struct_size(bmd, iov, data->nr_segs), gfp_mask); 30 if (!bmd) 31 return NULL; 32 bmd->iter = *data; 33 if (iter_is_iovec(data)) { 34 memcpy(bmd->iov, iter_iov(data), sizeof(struct iovec) * data->nr_segs); 35 bmd->iter.__iov = bmd->iov; 36 } 37 return bmd; 38 } 39 40 /** 41 * bio_copy_from_iter - copy all pages from iov_iter to bio 42 * @bio: The &struct bio which describes the I/O as destination 43 * @iter: iov_iter as source 44 * 45 * Copy all pages from iov_iter to bio. 46 * Returns 0 on success, or error on failure. 47 */ 48 static int bio_copy_from_iter(struct bio *bio, struct iov_iter *iter) 49 { 50 struct bio_vec *bvec; 51 struct bvec_iter_all iter_all; 52 53 bio_for_each_segment_all(bvec, bio, iter_all) { 54 ssize_t ret; 55 56 ret = copy_page_from_iter(bvec->bv_page, 57 bvec->bv_offset, 58 bvec->bv_len, 59 iter); 60 61 if (!iov_iter_count(iter)) 62 break; 63 64 if (ret < bvec->bv_len) 65 return -EFAULT; 66 } 67 68 return 0; 69 } 70 71 /** 72 * bio_copy_to_iter - copy all pages from bio to iov_iter 73 * @bio: The &struct bio which describes the I/O as source 74 * @iter: iov_iter as destination 75 * 76 * Copy all pages from bio to iov_iter. 77 * Returns 0 on success, or error on failure. 78 */ 79 static int bio_copy_to_iter(struct bio *bio, struct iov_iter iter) 80 { 81 struct bio_vec *bvec; 82 struct bvec_iter_all iter_all; 83 84 bio_for_each_segment_all(bvec, bio, iter_all) { 85 ssize_t ret; 86 87 ret = copy_page_to_iter(bvec->bv_page, 88 bvec->bv_offset, 89 bvec->bv_len, 90 &iter); 91 92 if (!iov_iter_count(&iter)) 93 break; 94 95 if (ret < bvec->bv_len) 96 return -EFAULT; 97 } 98 99 return 0; 100 } 101 102 /** 103 * bio_uncopy_user - finish previously mapped bio 104 * @bio: bio being terminated 105 * 106 * Free pages allocated from bio_copy_user_iov() and write back data 107 * to user space in case of a read. 108 */ 109 static int bio_uncopy_user(struct bio *bio) 110 { 111 struct bio_map_data *bmd = bio->bi_private; 112 int ret = 0; 113 114 if (!bmd->is_null_mapped) { 115 /* 116 * if we're in a workqueue, the request is orphaned, so 117 * don't copy into a random user address space, just free 118 * and return -EINTR so user space doesn't expect any data. 119 */ 120 if (!current->mm) 121 ret = -EINTR; 122 else if (bio_data_dir(bio) == READ) 123 ret = bio_copy_to_iter(bio, bmd->iter); 124 if (bmd->is_our_pages) 125 bio_free_pages(bio); 126 } 127 kfree(bmd); 128 return ret; 129 } 130 131 static int bio_copy_user_iov(struct request *rq, struct rq_map_data *map_data, 132 struct iov_iter *iter, gfp_t gfp_mask) 133 { 134 struct bio_map_data *bmd; 135 struct page *page; 136 struct bio *bio; 137 int i = 0, ret; 138 int nr_pages; 139 unsigned int len = iter->count; 140 unsigned int offset = map_data ? offset_in_page(map_data->offset) : 0; 141 142 bmd = bio_alloc_map_data(iter, gfp_mask); 143 if (!bmd) 144 return -ENOMEM; 145 146 /* 147 * We need to do a deep copy of the iov_iter including the iovecs. 148 * The caller provided iov might point to an on-stack or otherwise 149 * shortlived one. 150 */ 151 bmd->is_our_pages = !map_data; 152 bmd->is_null_mapped = (map_data && map_data->null_mapped); 153 154 nr_pages = bio_max_segs(DIV_ROUND_UP(offset + len, PAGE_SIZE)); 155 156 ret = -ENOMEM; 157 bio = bio_kmalloc(nr_pages, gfp_mask); 158 if (!bio) 159 goto out_bmd; 160 bio_init_inline(bio, NULL, nr_pages, req_op(rq)); 161 162 if (map_data) { 163 nr_pages = 1U << map_data->page_order; 164 i = map_data->offset / PAGE_SIZE; 165 } 166 while (len) { 167 unsigned int bytes = PAGE_SIZE; 168 169 bytes -= offset; 170 171 if (bytes > len) 172 bytes = len; 173 174 if (map_data) { 175 if (i == map_data->nr_entries * nr_pages) { 176 ret = -ENOMEM; 177 goto cleanup; 178 } 179 180 page = map_data->pages[i / nr_pages]; 181 page += (i % nr_pages); 182 183 i++; 184 } else { 185 page = alloc_page(GFP_NOIO | gfp_mask); 186 if (!page) { 187 ret = -ENOMEM; 188 goto cleanup; 189 } 190 } 191 192 if (bio_add_page(bio, page, bytes, offset) < bytes) { 193 if (!map_data) 194 __free_page(page); 195 break; 196 } 197 198 len -= bytes; 199 offset = 0; 200 } 201 202 if (map_data) 203 map_data->offset += bio->bi_iter.bi_size; 204 205 /* 206 * success 207 */ 208 if (iov_iter_rw(iter) == WRITE && 209 (!map_data || !map_data->null_mapped)) { 210 ret = bio_copy_from_iter(bio, iter); 211 if (ret) 212 goto cleanup; 213 } else if (map_data && map_data->from_user) { 214 struct iov_iter iter2 = *iter; 215 216 /* This is the copy-in part of SG_DXFER_TO_FROM_DEV. */ 217 iter2.data_source = ITER_SOURCE; 218 ret = bio_copy_from_iter(bio, &iter2); 219 if (ret) 220 goto cleanup; 221 } else { 222 if (bmd->is_our_pages) 223 zero_fill_bio(bio); 224 iov_iter_advance(iter, bio->bi_iter.bi_size); 225 } 226 227 bio->bi_private = bmd; 228 229 ret = blk_rq_append_bio(rq, bio); 230 if (ret) 231 goto cleanup; 232 return 0; 233 cleanup: 234 if (!map_data) 235 bio_free_pages(bio); 236 bio_uninit(bio); 237 kfree(bio); 238 out_bmd: 239 kfree(bmd); 240 return ret; 241 } 242 243 static void blk_mq_map_bio_put(struct bio *bio) 244 { 245 if (bio->bi_opf & REQ_ALLOC_CACHE) { 246 bio_put(bio); 247 } else { 248 bio_uninit(bio); 249 kfree(bio); 250 } 251 } 252 253 static struct bio *blk_rq_map_bio_alloc(struct request *rq, 254 unsigned int nr_vecs, gfp_t gfp_mask) 255 { 256 struct block_device *bdev = rq->q->disk ? rq->q->disk->part0 : NULL; 257 struct bio *bio; 258 259 if (rq->cmd_flags & REQ_ALLOC_CACHE && (nr_vecs <= BIO_INLINE_VECS)) { 260 bio = bio_alloc_bioset(bdev, nr_vecs, rq->cmd_flags, gfp_mask, 261 &fs_bio_set); 262 if (!bio) 263 return NULL; 264 } else { 265 bio = bio_kmalloc(nr_vecs, gfp_mask); 266 if (!bio) 267 return NULL; 268 bio_init_inline(bio, bdev, nr_vecs, req_op(rq)); 269 } 270 return bio; 271 } 272 273 static int bio_map_user_iov(struct request *rq, struct iov_iter *iter, 274 gfp_t gfp_mask) 275 { 276 unsigned int nr_vecs = iov_iter_npages(iter, BIO_MAX_VECS); 277 struct bio *bio; 278 int ret; 279 280 if (!iov_iter_count(iter)) 281 return -EINVAL; 282 283 bio = blk_rq_map_bio_alloc(rq, nr_vecs, gfp_mask); 284 if (!bio) 285 return -ENOMEM; 286 /* 287 * No alignment requirements on our part to support arbitrary 288 * passthrough commands. 289 */ 290 ret = bio_iov_iter_get_pages(bio, iter, 0); 291 if (ret) 292 goto out_put; 293 ret = blk_rq_append_bio(rq, bio); 294 if (ret) 295 goto out_release; 296 return 0; 297 298 out_release: 299 bio_release_pages(bio, false); 300 out_put: 301 blk_mq_map_bio_put(bio); 302 return ret; 303 } 304 305 static void bio_invalidate_vmalloc_pages(struct bio *bio) 306 { 307 #ifdef ARCH_IMPLEMENTS_FLUSH_KERNEL_VMAP_RANGE 308 if (bio->bi_private && !op_is_write(bio_op(bio))) { 309 unsigned long i, len = 0; 310 311 for (i = 0; i < bio->bi_vcnt; i++) 312 len += bio->bi_io_vec[i].bv_len; 313 invalidate_kernel_vmap_range(bio->bi_private, len); 314 } 315 #endif 316 } 317 318 static void bio_map_kern_endio(struct bio *bio) 319 { 320 bio_invalidate_vmalloc_pages(bio); 321 bio_uninit(bio); 322 kfree(bio); 323 } 324 325 static struct bio *bio_map_kern(void *data, unsigned int len, enum req_op op, 326 gfp_t gfp_mask) 327 { 328 unsigned int nr_vecs = bio_add_max_vecs(data, len); 329 struct bio *bio; 330 331 bio = bio_kmalloc(nr_vecs, gfp_mask); 332 if (!bio) 333 return ERR_PTR(-ENOMEM); 334 bio_init_inline(bio, NULL, nr_vecs, op); 335 if (is_vmalloc_addr(data)) { 336 bio->bi_private = data; 337 if (!bio_add_vmalloc(bio, data, len)) { 338 bio_uninit(bio); 339 kfree(bio); 340 return ERR_PTR(-EINVAL); 341 } 342 } else { 343 bio_add_virt_nofail(bio, data, len); 344 } 345 bio->bi_end_io = bio_map_kern_endio; 346 return bio; 347 } 348 349 static void bio_copy_kern_endio(struct bio *bio) 350 { 351 bio_free_pages(bio); 352 bio_uninit(bio); 353 kfree(bio); 354 } 355 356 static void bio_copy_kern_endio_read(struct bio *bio) 357 { 358 char *p = bio->bi_private; 359 struct bio_vec *bvec; 360 struct bvec_iter_all iter_all; 361 362 bio_for_each_segment_all(bvec, bio, iter_all) { 363 memcpy_from_bvec(p, bvec); 364 p += bvec->bv_len; 365 } 366 367 bio_copy_kern_endio(bio); 368 } 369 370 /** 371 * bio_copy_kern - copy kernel address into bio 372 * @data: pointer to buffer to copy 373 * @len: length in bytes 374 * @op: bio/request operation 375 * @gfp_mask: allocation flags for bio and page allocation 376 * 377 * copy the kernel address into a bio suitable for io to a block 378 * device. Returns an error pointer in case of error. 379 */ 380 static struct bio *bio_copy_kern(void *data, unsigned int len, enum req_op op, 381 gfp_t gfp_mask) 382 { 383 unsigned long kaddr = (unsigned long)data; 384 unsigned long end = (kaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT; 385 unsigned long start = kaddr >> PAGE_SHIFT; 386 struct bio *bio; 387 void *p = data; 388 int nr_pages = 0; 389 390 /* 391 * Overflow, abort 392 */ 393 if (end < start) 394 return ERR_PTR(-EINVAL); 395 396 nr_pages = end - start; 397 bio = bio_kmalloc(nr_pages, gfp_mask); 398 if (!bio) 399 return ERR_PTR(-ENOMEM); 400 bio_init_inline(bio, NULL, nr_pages, op); 401 402 while (len) { 403 struct page *page; 404 unsigned int bytes = PAGE_SIZE; 405 406 if (bytes > len) 407 bytes = len; 408 409 page = alloc_page(GFP_NOIO | __GFP_ZERO | gfp_mask); 410 if (!page) 411 goto cleanup; 412 413 if (op_is_write(op)) 414 memcpy(page_address(page), p, bytes); 415 416 if (bio_add_page(bio, page, bytes, 0) < bytes) 417 break; 418 419 len -= bytes; 420 p += bytes; 421 } 422 423 if (op_is_write(op)) { 424 bio->bi_end_io = bio_copy_kern_endio; 425 } else { 426 bio->bi_end_io = bio_copy_kern_endio_read; 427 bio->bi_private = data; 428 } 429 430 return bio; 431 432 cleanup: 433 bio_free_pages(bio); 434 bio_uninit(bio); 435 kfree(bio); 436 return ERR_PTR(-ENOMEM); 437 } 438 439 /* 440 * Append a bio to a passthrough request. Only works if the bio can be merged 441 * into the request based on the driver constraints. 442 */ 443 int blk_rq_append_bio(struct request *rq, struct bio *bio) 444 { 445 const struct queue_limits *lim = &rq->q->limits; 446 unsigned int max_bytes = lim->max_hw_sectors << SECTOR_SHIFT; 447 unsigned int nr_segs = 0; 448 int ret; 449 450 /* check that the data layout matches the hardware restrictions */ 451 ret = bio_split_io_at(bio, lim, &nr_segs, max_bytes, 0); 452 if (ret) { 453 /* if we would have to split the bio, copy instead */ 454 if (ret > 0) 455 ret = -EREMOTEIO; 456 return ret; 457 } 458 459 if (rq->bio) { 460 if (!ll_back_merge_fn(rq, bio, nr_segs)) 461 return -EINVAL; 462 rq->phys_gap_bit = bio_seg_gap(rq->q, rq->biotail, bio, 463 rq->phys_gap_bit); 464 rq->biotail->bi_next = bio; 465 rq->biotail = bio; 466 rq->__data_len += bio->bi_iter.bi_size; 467 bio_crypt_free_ctx(bio); 468 return 0; 469 } 470 471 rq->nr_phys_segments = nr_segs; 472 rq->bio = rq->biotail = bio; 473 rq->__data_len = bio->bi_iter.bi_size; 474 rq->phys_gap_bit = bio->bi_bvec_gap_bit; 475 return 0; 476 } 477 EXPORT_SYMBOL(blk_rq_append_bio); 478 479 /* Prepare bio for passthrough IO given ITER_BVEC iter */ 480 static int blk_rq_map_user_bvec(struct request *rq, const struct iov_iter *iter) 481 { 482 unsigned int max_bytes = rq->q->limits.max_hw_sectors << SECTOR_SHIFT; 483 struct bio *bio; 484 int ret; 485 486 if (!iov_iter_count(iter) || iov_iter_count(iter) > max_bytes) 487 return -EINVAL; 488 489 /* reuse the bvecs from the iterator instead of allocating new ones */ 490 bio = blk_rq_map_bio_alloc(rq, 0, GFP_KERNEL); 491 if (!bio) 492 return -ENOMEM; 493 bio_iov_bvec_set(bio, iter); 494 495 ret = blk_rq_append_bio(rq, bio); 496 if (ret) 497 blk_mq_map_bio_put(bio); 498 return ret; 499 } 500 501 /** 502 * blk_rq_map_user_iov - map user data to a request, for passthrough requests 503 * @q: request queue where request should be inserted 504 * @rq: request to map data to 505 * @map_data: pointer to the rq_map_data holding pages (if necessary) 506 * @iter: iovec iterator 507 * @gfp_mask: memory allocation flags 508 * 509 * Description: 510 * Data will be mapped directly for zero copy I/O, if possible. Otherwise 511 * a kernel bounce buffer is used. 512 * 513 * A matching blk_rq_unmap_user() must be issued at the end of I/O, while 514 * still in process context. 515 */ 516 int blk_rq_map_user_iov(struct request_queue *q, struct request *rq, 517 struct rq_map_data *map_data, 518 const struct iov_iter *iter, gfp_t gfp_mask) 519 { 520 bool copy = false, map_bvec = false; 521 unsigned long align = blk_lim_dma_alignment_and_pad(&q->limits); 522 struct bio *bio = NULL; 523 struct iov_iter i; 524 int ret = -EINVAL; 525 526 if (map_data) 527 copy = true; 528 else if (iov_iter_alignment(iter) & align) 529 copy = true; 530 else if (iov_iter_is_bvec(iter)) 531 map_bvec = true; 532 else if (!user_backed_iter(iter)) 533 copy = true; 534 else if (queue_virt_boundary(q)) 535 copy = queue_virt_boundary(q) & iov_iter_gap_alignment(iter); 536 537 if (map_bvec) { 538 ret = blk_rq_map_user_bvec(rq, iter); 539 if (!ret) 540 return 0; 541 if (ret != -EREMOTEIO) 542 goto fail; 543 /* fall back to copying the data on limits mismatches */ 544 copy = true; 545 } 546 547 i = *iter; 548 do { 549 if (copy) 550 ret = bio_copy_user_iov(rq, map_data, &i, gfp_mask); 551 else 552 ret = bio_map_user_iov(rq, &i, gfp_mask); 553 if (ret) { 554 if (ret == -EREMOTEIO) 555 ret = -EINVAL; 556 goto unmap_rq; 557 } 558 if (!bio) 559 bio = rq->bio; 560 } while (iov_iter_count(&i)); 561 562 return 0; 563 564 unmap_rq: 565 blk_rq_unmap_user(bio); 566 fail: 567 rq->bio = NULL; 568 return ret; 569 } 570 EXPORT_SYMBOL(blk_rq_map_user_iov); 571 572 int blk_rq_map_user(struct request_queue *q, struct request *rq, 573 struct rq_map_data *map_data, void __user *ubuf, 574 unsigned long len, gfp_t gfp_mask) 575 { 576 struct iov_iter i; 577 int ret = import_ubuf(rq_data_dir(rq), ubuf, len, &i); 578 579 if (unlikely(ret < 0)) 580 return ret; 581 582 return blk_rq_map_user_iov(q, rq, map_data, &i, gfp_mask); 583 } 584 EXPORT_SYMBOL(blk_rq_map_user); 585 586 int blk_rq_map_user_io(struct request *req, struct rq_map_data *map_data, 587 void __user *ubuf, unsigned long buf_len, gfp_t gfp_mask, 588 bool vec, int iov_count, bool check_iter_count, int rw) 589 { 590 int ret = 0; 591 592 if (vec) { 593 struct iovec fast_iov[UIO_FASTIOV]; 594 struct iovec *iov = fast_iov; 595 struct iov_iter iter; 596 597 ret = import_iovec(rw, ubuf, iov_count ? iov_count : buf_len, 598 UIO_FASTIOV, &iov, &iter); 599 if (ret < 0) 600 return ret; 601 602 if (iov_count) { 603 /* SG_IO howto says that the shorter of the two wins */ 604 iov_iter_truncate(&iter, buf_len); 605 if (check_iter_count && !iov_iter_count(&iter)) { 606 kfree(iov); 607 return -EINVAL; 608 } 609 } 610 611 ret = blk_rq_map_user_iov(req->q, req, map_data, &iter, 612 gfp_mask); 613 kfree(iov); 614 } else if (buf_len) { 615 ret = blk_rq_map_user(req->q, req, map_data, ubuf, buf_len, 616 gfp_mask); 617 } 618 return ret; 619 } 620 EXPORT_SYMBOL(blk_rq_map_user_io); 621 622 /** 623 * blk_rq_unmap_user - unmap a request with user data 624 * @bio: start of bio list 625 * 626 * Description: 627 * Unmap a rq previously mapped by blk_rq_map_user(). The caller must 628 * supply the original rq->bio from the blk_rq_map_user() return, since 629 * the I/O completion may have changed rq->bio. 630 */ 631 int blk_rq_unmap_user(struct bio *bio) 632 { 633 struct bio *next_bio; 634 int ret = 0, ret2; 635 636 while (bio) { 637 if (bio->bi_private) { 638 ret2 = bio_uncopy_user(bio); 639 if (ret2 && !ret) 640 ret = ret2; 641 } else { 642 bio_release_pages(bio, bio_data_dir(bio) == READ); 643 } 644 645 if (bio_integrity(bio)) 646 bio_integrity_unmap_user(bio); 647 648 next_bio = bio; 649 bio = bio->bi_next; 650 blk_mq_map_bio_put(next_bio); 651 } 652 653 return ret; 654 } 655 EXPORT_SYMBOL(blk_rq_unmap_user); 656 657 /** 658 * blk_rq_map_kern - map kernel data to a request, for passthrough requests 659 * @rq: request to fill 660 * @kbuf: the kernel buffer 661 * @len: length of user data 662 * @gfp_mask: memory allocation flags 663 * 664 * Description: 665 * Data will be mapped directly if possible. Otherwise a bounce 666 * buffer is used. Can be called multiple times to append multiple 667 * buffers. 668 */ 669 int blk_rq_map_kern(struct request *rq, void *kbuf, unsigned int len, 670 gfp_t gfp_mask) 671 { 672 unsigned long addr = (unsigned long) kbuf; 673 struct bio *bio; 674 int ret; 675 676 if (len > (queue_max_hw_sectors(rq->q) << SECTOR_SHIFT)) 677 return -EINVAL; 678 if (!len || !kbuf) 679 return -EINVAL; 680 681 if (!blk_rq_aligned(rq->q, addr, len) || object_is_on_stack(kbuf)) 682 bio = bio_copy_kern(kbuf, len, req_op(rq), gfp_mask); 683 else 684 bio = bio_map_kern(kbuf, len, req_op(rq), gfp_mask); 685 686 if (IS_ERR(bio)) 687 return PTR_ERR(bio); 688 689 ret = blk_rq_append_bio(rq, bio); 690 if (unlikely(ret)) { 691 bio_uninit(bio); 692 kfree(bio); 693 } 694 return ret; 695 } 696 EXPORT_SYMBOL(blk_rq_map_kern); 697