1 // SPDX-License-Identifier: GPL-2.0 2 3 #include <linux/blkdev.h> 4 #include <linux/fscrypt.h> 5 #include <linux/iversion.h> 6 #include "ctree.h" 7 #include "fs.h" 8 #include "messages.h" 9 #include "compression.h" 10 #include "delalloc-space.h" 11 #include "disk-io.h" 12 #include "reflink.h" 13 #include "transaction.h" 14 #include "subpage.h" 15 #include "accessors.h" 16 #include "file-item.h" 17 #include "file.h" 18 #include "super.h" 19 20 #define BTRFS_MAX_DEDUPE_LEN SZ_16M 21 22 static int clone_finish_inode_update(struct btrfs_trans_handle *trans, 23 struct inode *inode, 24 u64 endoff, 25 const u64 destoff, 26 const u64 olen, 27 bool no_time_update) 28 { 29 int ret; 30 31 inode_inc_iversion(inode); 32 if (!no_time_update) { 33 inode_set_mtime_to_ts(inode, inode_set_ctime_current(inode)); 34 } 35 /* 36 * We round up to the block size at eof when determining which 37 * extents to clone above, but shouldn't round up the file size. 38 */ 39 if (endoff > destoff + olen) 40 endoff = destoff + olen; 41 if (endoff > inode->i_size) { 42 i_size_write(inode, endoff); 43 btrfs_inode_safe_disk_i_size_write(BTRFS_I(inode), 0); 44 } 45 46 ret = btrfs_update_inode(trans, BTRFS_I(inode)); 47 if (unlikely(ret)) { 48 btrfs_abort_transaction(trans, ret); 49 btrfs_end_transaction(trans); 50 return ret; 51 } 52 return btrfs_end_transaction(trans); 53 } 54 55 static int copy_inline_to_page(struct btrfs_inode *inode, 56 const u64 file_offset, 57 char *inline_data, 58 const u64 size, 59 const u64 datal, 60 const u8 comp_type) 61 { 62 struct btrfs_fs_info *fs_info = inode->root->fs_info; 63 const u32 block_size = fs_info->sectorsize; 64 const u64 range_end = file_offset + block_size - 1; 65 const size_t inline_size = size - btrfs_file_extent_calc_inline_size(0); 66 char *data_start = inline_data + btrfs_file_extent_calc_inline_size(0); 67 struct extent_changeset *data_reserved = NULL; 68 struct folio *folio = NULL; 69 struct address_space *mapping = inode->vfs_inode.i_mapping; 70 int ret; 71 72 ASSERT(IS_ALIGNED(file_offset, block_size)); 73 74 /* 75 * We have flushed and locked the ranges of the source and destination 76 * inodes, we also have locked the inodes, so we are safe to do a 77 * reservation here. Also we must not do the reservation while holding 78 * a transaction open, otherwise we would deadlock. 79 */ 80 ret = btrfs_delalloc_reserve_space(inode, &data_reserved, file_offset, 81 block_size); 82 if (ret) 83 goto out; 84 85 folio = __filemap_get_folio(mapping, file_offset >> PAGE_SHIFT, 86 FGP_LOCK | FGP_ACCESSED | FGP_CREAT, 87 btrfs_alloc_write_mask(mapping)); 88 if (IS_ERR(folio)) { 89 ret = PTR_ERR(folio); 90 goto out_unlock; 91 } 92 93 ret = set_folio_extent_mapped(folio); 94 if (ret < 0) 95 goto out_unlock; 96 97 btrfs_clear_extent_bit(&inode->io_tree, file_offset, range_end, 98 EXTENT_DELALLOC | EXTENT_DO_ACCOUNTING | EXTENT_DEFRAG, NULL); 99 ret = btrfs_set_extent_delalloc(inode, file_offset, range_end, 0, NULL); 100 if (ret) 101 goto out_unlock; 102 103 /* 104 * After dirtying the page our caller will need to start a transaction, 105 * and if we are low on metadata free space, that can cause flushing of 106 * delalloc for all inodes in order to get metadata space released. 107 * However we are holding the range locked for the whole duration of 108 * the clone/dedupe operation, so we may deadlock if that happens and no 109 * other task releases enough space. So mark this inode as not being 110 * possible to flush to avoid such deadlock. We will clear that flag 111 * when we finish cloning all extents, since a transaction is started 112 * after finding each extent to clone. 113 */ 114 set_bit(BTRFS_INODE_NO_DELALLOC_FLUSH, &inode->runtime_flags); 115 116 if (comp_type == BTRFS_COMPRESS_NONE) { 117 memcpy_to_folio(folio, offset_in_folio(folio, file_offset), data_start, 118 datal); 119 } else { 120 ret = btrfs_decompress(comp_type, data_start, folio, 121 offset_in_folio(folio, file_offset), 122 inline_size, datal); 123 if (ret) 124 goto out_unlock; 125 flush_dcache_folio(folio); 126 } 127 128 /* 129 * If our inline data is smaller then the block/page size, then the 130 * remaining of the block/page is equivalent to zeroes. We had something 131 * like the following done: 132 * 133 * $ xfs_io -f -c "pwrite -S 0xab 0 500" file 134 * $ sync # (or fsync) 135 * $ xfs_io -c "falloc 0 4K" file 136 * $ xfs_io -c "pwrite -S 0xcd 4K 4K" 137 * 138 * So what's in the range [500, 4095] corresponds to zeroes. 139 */ 140 if (datal < block_size) 141 folio_zero_range(folio, datal, block_size - datal); 142 143 btrfs_folio_set_uptodate(fs_info, folio, file_offset, block_size); 144 btrfs_folio_clear_checked(fs_info, folio, file_offset, block_size); 145 btrfs_folio_set_dirty(fs_info, folio, file_offset, block_size); 146 out_unlock: 147 if (!IS_ERR(folio)) { 148 folio_unlock(folio); 149 folio_put(folio); 150 } 151 if (ret) 152 btrfs_delalloc_release_space(inode, data_reserved, file_offset, 153 block_size, true); 154 btrfs_delalloc_release_extents(inode, block_size); 155 out: 156 extent_changeset_free(data_reserved); 157 158 return ret; 159 } 160 161 /* 162 * Deal with cloning of inline extents. We try to copy the inline extent from 163 * the source inode to destination inode when possible. When not possible we 164 * copy the inline extent's data into the respective page of the inode. 165 */ 166 static int clone_copy_inline_extent(struct btrfs_inode *inode, 167 struct btrfs_path *path, 168 struct btrfs_key *new_key, 169 const u64 drop_start, 170 const u64 datal, 171 const u64 size, 172 const u8 comp_type, 173 char *inline_data, 174 struct btrfs_trans_handle **trans_out) 175 { 176 struct btrfs_root *root = inode->root; 177 struct btrfs_fs_info *fs_info = root->fs_info; 178 const u64 aligned_end = ALIGN(new_key->offset + datal, 179 fs_info->sectorsize); 180 struct btrfs_trans_handle *trans = NULL; 181 struct btrfs_drop_extents_args drop_args = { 0 }; 182 int ret; 183 struct btrfs_key key; 184 185 if (new_key->offset > 0) { 186 ret = copy_inline_to_page(inode, new_key->offset, 187 inline_data, size, datal, comp_type); 188 goto out; 189 } 190 191 key.objectid = btrfs_ino(inode); 192 key.type = BTRFS_EXTENT_DATA_KEY; 193 key.offset = 0; 194 ret = btrfs_search_slot(NULL, root, &key, path, 0, 0); 195 if (ret < 0) { 196 return ret; 197 } else if (ret > 0) { 198 if (path->slots[0] >= btrfs_header_nritems(path->nodes[0])) { 199 ret = btrfs_next_leaf(root, path); 200 if (ret < 0) 201 return ret; 202 else if (ret > 0) 203 goto copy_inline_extent; 204 } 205 btrfs_item_key_to_cpu(path->nodes[0], &key, path->slots[0]); 206 if (key.objectid == btrfs_ino(inode) && 207 key.type == BTRFS_EXTENT_DATA_KEY) { 208 /* 209 * There's an implicit hole at file offset 0, copy the 210 * inline extent's data to the page. 211 */ 212 ASSERT(key.offset > 0); 213 goto copy_to_page; 214 } 215 } else if (i_size_read(&inode->vfs_inode) <= datal) { 216 struct btrfs_file_extent_item *ei; 217 218 ei = btrfs_item_ptr(path->nodes[0], path->slots[0], 219 struct btrfs_file_extent_item); 220 /* 221 * If it's an inline extent replace it with the source inline 222 * extent, otherwise copy the source inline extent data into 223 * the respective page at the destination inode. 224 */ 225 if (btrfs_file_extent_type(path->nodes[0], ei) == 226 BTRFS_FILE_EXTENT_INLINE) 227 goto copy_inline_extent; 228 229 goto copy_to_page; 230 } 231 232 copy_inline_extent: 233 /* 234 * We have no extent items, or we have an extent at offset 0 which may 235 * or may not be inlined. All these cases are dealt the same way. 236 */ 237 if (i_size_read(&inode->vfs_inode) > datal) { 238 /* 239 * At the destination offset 0 we have either a hole, a regular 240 * extent or an inline extent larger then the one we want to 241 * clone. Deal with all these cases by copying the inline extent 242 * data into the respective page at the destination inode. 243 */ 244 goto copy_to_page; 245 } 246 247 /* 248 * Release path before starting a new transaction so we don't hold locks 249 * that would confuse lockdep. 250 */ 251 btrfs_release_path(path); 252 /* 253 * If we end up here it means were copy the inline extent into a leaf 254 * of the destination inode. We know we will drop or adjust at most one 255 * extent item in the destination root. 256 * 257 * 1 unit - adjusting old extent (we may have to split it) 258 * 1 unit - add new extent 259 * 1 unit - inode update 260 */ 261 trans = btrfs_start_transaction(root, 3); 262 if (IS_ERR(trans)) { 263 ret = PTR_ERR(trans); 264 trans = NULL; 265 goto out; 266 } 267 drop_args.path = path; 268 drop_args.start = drop_start; 269 drop_args.end = aligned_end; 270 drop_args.drop_cache = true; 271 ret = btrfs_drop_extents(trans, root, inode, &drop_args); 272 if (unlikely(ret)) { 273 btrfs_abort_transaction(trans, ret); 274 goto out; 275 } 276 ret = btrfs_insert_empty_item(trans, root, path, new_key, size); 277 if (unlikely(ret)) { 278 btrfs_abort_transaction(trans, ret); 279 goto out; 280 } 281 282 write_extent_buffer(path->nodes[0], inline_data, 283 btrfs_item_ptr_offset(path->nodes[0], 284 path->slots[0]), 285 size); 286 btrfs_update_inode_bytes(inode, datal, drop_args.bytes_found); 287 btrfs_set_inode_full_sync(inode); 288 ret = btrfs_inode_set_file_extent_range(inode, 0, aligned_end); 289 if (unlikely(ret)) 290 btrfs_abort_transaction(trans, ret); 291 out: 292 if (!ret && !trans) { 293 /* 294 * No transaction here means we copied the inline extent into a 295 * page of the destination inode. 296 * 297 * 1 unit to update inode item 298 */ 299 trans = btrfs_start_transaction(root, 1); 300 if (IS_ERR(trans)) { 301 ret = PTR_ERR(trans); 302 trans = NULL; 303 } 304 } 305 if (ret && trans) 306 btrfs_end_transaction(trans); 307 if (!ret) 308 *trans_out = trans; 309 310 return ret; 311 312 copy_to_page: 313 /* 314 * Release our path because we don't need it anymore and also because 315 * copy_inline_to_page() needs to reserve data and metadata, which may 316 * need to flush delalloc when we are low on available space and 317 * therefore cause a deadlock if writeback of an inline extent needs to 318 * write to the same leaf or an ordered extent completion needs to write 319 * to the same leaf. 320 */ 321 btrfs_release_path(path); 322 323 ret = copy_inline_to_page(inode, new_key->offset, 324 inline_data, size, datal, comp_type); 325 326 /* 327 * If we copied the inline extent data to a page/folio beyond the i_size 328 * of the destination inode, then we need to increase the i_size before 329 * we start a transaction to update the inode item. This is to prevent a 330 * deadlock when the flushoncommit mount option is used, which happens 331 * like this: 332 * 333 * 1) Task A clones an inline extent from inode X to an offset of inode 334 * Y that is beyond Y's current i_size. This means we copied the 335 * inline extent's data to a folio of inode Y that is beyond its EOF, 336 * using the call above to copy_inline_to_page(); 337 * 338 * 2) Task B starts a transaction commit and calls 339 * btrfs_start_delalloc_flush() to flush delalloc; 340 * 341 * 3) The delalloc flushing sees the new dirty folio of inode Y and when 342 * it attempts to flush it, it ends up at extent_writepage() and sees 343 * that the offset of the folio is beyond the i_size of inode Y, so 344 * it attempts to invalidate the folio by calling folio_invalidate(), 345 * which ends up at btrfs' folio invalidate callback - 346 * btrfs_invalidate_folio(). There it tries to lock the folio's range 347 * in inode Y's extent io tree, but it blocks since it's currently 348 * locked by task A - during reflink we lock the inodes and the 349 * source and destination ranges after flushing all delalloc and 350 * waiting for ordered extent completion - after that we don't expect 351 * to have dirty folios in the ranges, the exception is if we have to 352 * copy an inline extent's data (because the destination offset is 353 * not zero); 354 * 355 * 4) Task A then does the 'goto out' below and attempts to start a 356 * transaction to update the inode item, and then it's blocked since 357 * the current transaction is in the TRANS_STATE_COMMIT_START state. 358 * Therefore task A has to wait for the current transaction to become 359 * unblocked (its state >= TRANS_STATE_UNBLOCKED). 360 * 361 * This leads to a deadlock - the task committing the transaction 362 * waiting for the delalloc flushing which is blocked during folio 363 * invalidation on the inode's extent lock and the reflink task waiting 364 * for the current transaction to be unblocked so that it can start a 365 * a new one to update the inode item (while holding the extent lock). 366 */ 367 if (ret == 0 && new_key->offset + datal > i_size_read(&inode->vfs_inode)) 368 i_size_write(&inode->vfs_inode, new_key->offset + datal); 369 370 goto out; 371 } 372 373 /* 374 * Clone a range from inode file to another. 375 * 376 * @src: Inode to clone from 377 * @inode: Inode to clone to 378 * @off: Offset within source to start clone from 379 * @olen: Original length, passed by user, of range to clone 380 * @olen_aligned: Block-aligned value of olen 381 * @destoff: Offset within @inode to start clone 382 * @no_time_update: Whether to update mtime/ctime on the target inode 383 */ 384 static int btrfs_clone(struct inode *src, struct inode *inode, 385 const u64 off, const u64 olen, const u64 olen_aligned, 386 const u64 destoff, bool no_time_update) 387 { 388 struct btrfs_fs_info *fs_info = inode_to_fs_info(inode); 389 BTRFS_PATH_AUTO_FREE(path); 390 struct extent_buffer *leaf; 391 struct btrfs_trans_handle *trans; 392 char AUTO_KVFREE(buf); 393 struct btrfs_key key; 394 u32 nritems; 395 int slot; 396 int ret; 397 const u64 len = olen_aligned; 398 u64 last_dest_end = destoff; 399 u64 prev_extent_end = off; 400 401 ret = -ENOMEM; 402 buf = kvmalloc(fs_info->nodesize, GFP_KERNEL); 403 if (!buf) 404 return ret; 405 406 path = btrfs_alloc_path(); 407 if (!path) 408 return ret; 409 410 path->reada = READA_FORWARD; 411 /* Clone data */ 412 key.objectid = btrfs_ino(BTRFS_I(src)); 413 key.type = BTRFS_EXTENT_DATA_KEY; 414 key.offset = off; 415 416 while (1) { 417 struct btrfs_file_extent_item *extent; 418 u64 extent_gen; 419 int type; 420 u32 size; 421 struct btrfs_key new_key; 422 u64 disko = 0, diskl = 0; 423 u64 datao = 0, datal = 0; 424 u8 comp; 425 u64 drop_start; 426 427 /* Note the key will change type as we walk through the tree */ 428 ret = btrfs_search_slot(NULL, BTRFS_I(src)->root, &key, path, 429 0, 0); 430 if (ret < 0) 431 goto out; 432 /* 433 * First search, if no extent item that starts at offset off was 434 * found but the previous item is an extent item, it's possible 435 * it might overlap our target range, therefore process it. 436 */ 437 if (key.offset == off && ret > 0 && path->slots[0] > 0) { 438 btrfs_item_key_to_cpu(path->nodes[0], &key, 439 path->slots[0] - 1); 440 if (key.type == BTRFS_EXTENT_DATA_KEY) 441 path->slots[0]--; 442 } 443 444 nritems = btrfs_header_nritems(path->nodes[0]); 445 process_slot: 446 if (path->slots[0] >= nritems) { 447 ret = btrfs_next_leaf(BTRFS_I(src)->root, path); 448 if (ret < 0) 449 goto out; 450 if (ret > 0) 451 break; 452 nritems = btrfs_header_nritems(path->nodes[0]); 453 } 454 leaf = path->nodes[0]; 455 slot = path->slots[0]; 456 457 btrfs_item_key_to_cpu(leaf, &key, slot); 458 if (key.type > BTRFS_EXTENT_DATA_KEY || 459 key.objectid != btrfs_ino(BTRFS_I(src))) 460 break; 461 462 ASSERT(key.type == BTRFS_EXTENT_DATA_KEY); 463 464 extent = btrfs_item_ptr(leaf, slot, 465 struct btrfs_file_extent_item); 466 extent_gen = btrfs_file_extent_generation(leaf, extent); 467 comp = btrfs_file_extent_compression(leaf, extent); 468 type = btrfs_file_extent_type(leaf, extent); 469 if (type == BTRFS_FILE_EXTENT_REG || 470 type == BTRFS_FILE_EXTENT_PREALLOC) { 471 disko = btrfs_file_extent_disk_bytenr(leaf, extent); 472 diskl = btrfs_file_extent_disk_num_bytes(leaf, extent); 473 datao = btrfs_file_extent_offset(leaf, extent); 474 datal = btrfs_file_extent_num_bytes(leaf, extent); 475 } else if (type == BTRFS_FILE_EXTENT_INLINE) { 476 /* Take upper bound, may be compressed */ 477 datal = btrfs_file_extent_ram_bytes(leaf, extent); 478 } 479 480 /* 481 * The first search might have left us at an extent item that 482 * ends before our target range's start, can happen if we have 483 * holes and NO_HOLES feature enabled. 484 * 485 * Subsequent searches may leave us on a file range we have 486 * processed before - this happens due to a race with ordered 487 * extent completion for a file range that is outside our source 488 * range, but that range was part of a file extent item that 489 * also covered a leading part of our source range. 490 */ 491 if (key.offset + datal <= prev_extent_end) { 492 path->slots[0]++; 493 goto process_slot; 494 } else if (key.offset >= off + len) { 495 break; 496 } 497 498 prev_extent_end = key.offset + datal; 499 size = btrfs_item_size(leaf, slot); 500 read_extent_buffer(leaf, buf, btrfs_item_ptr_offset(leaf, slot), 501 size); 502 503 btrfs_release_path(path); 504 505 memcpy(&new_key, &key, sizeof(new_key)); 506 new_key.objectid = btrfs_ino(BTRFS_I(inode)); 507 if (off <= key.offset) 508 new_key.offset = key.offset + destoff - off; 509 else 510 new_key.offset = destoff; 511 512 /* 513 * Deal with a hole that doesn't have an extent item that 514 * represents it (NO_HOLES feature enabled). 515 * This hole is either in the middle of the cloning range or at 516 * the beginning (fully overlaps it or partially overlaps it). 517 */ 518 if (new_key.offset != last_dest_end) 519 drop_start = last_dest_end; 520 else 521 drop_start = new_key.offset; 522 523 if (type == BTRFS_FILE_EXTENT_REG || 524 type == BTRFS_FILE_EXTENT_PREALLOC) { 525 struct btrfs_replace_extent_info clone_info; 526 527 /* 528 * a | --- range to clone ---| b 529 * | ------------- extent ------------- | 530 */ 531 532 /* Subtract range b */ 533 if (key.offset + datal > off + len) 534 datal = off + len - key.offset; 535 536 /* Subtract range a */ 537 if (off > key.offset) { 538 datao += off - key.offset; 539 datal -= off - key.offset; 540 } 541 542 clone_info.disk_offset = disko; 543 clone_info.disk_len = diskl; 544 clone_info.data_offset = datao; 545 clone_info.data_len = datal; 546 clone_info.file_offset = new_key.offset; 547 clone_info.extent_buf = buf; 548 clone_info.is_new_extent = false; 549 clone_info.update_times = !no_time_update; 550 ret = btrfs_replace_file_extents(BTRFS_I(inode), path, 551 drop_start, new_key.offset + datal - 1, 552 &clone_info, &trans); 553 if (ret) 554 goto out; 555 } else { 556 ASSERT(type == BTRFS_FILE_EXTENT_INLINE); 557 /* 558 * Inline extents always have to start at file offset 0 559 * and can never be bigger then the sector size. We can 560 * never clone only parts of an inline extent, since all 561 * reflink operations must start at a sector size aligned 562 * offset, and the length must be aligned too or end at 563 * the i_size (which implies the whole inlined data). 564 */ 565 ASSERT(key.offset == 0); 566 ASSERT(datal <= fs_info->sectorsize); 567 if (WARN_ON(type != BTRFS_FILE_EXTENT_INLINE) || 568 WARN_ON(key.offset != 0) || 569 WARN_ON(datal > fs_info->sectorsize)) { 570 ret = -EUCLEAN; 571 goto out; 572 } 573 574 ret = clone_copy_inline_extent(BTRFS_I(inode), path, &new_key, 575 drop_start, datal, size, 576 comp, buf, &trans); 577 if (ret) 578 goto out; 579 } 580 581 btrfs_release_path(path); 582 583 /* 584 * Whenever we share an extent we update the last_reflink_trans 585 * of each inode to the current transaction. This is needed to 586 * make sure fsync does not log multiple checksum items with 587 * overlapping ranges (because some extent items might refer 588 * only to sections of the original extent). For the destination 589 * inode we do this regardless of the generation of the extents 590 * or even if they are inline extents or explicit holes, to make 591 * sure a full fsync does not skip them. For the source inode, 592 * we only need to update last_reflink_trans in case it's a new 593 * extent that is not a hole or an inline extent, to deal with 594 * the checksums problem on fsync. 595 */ 596 if (extent_gen == trans->transid && disko > 0) 597 BTRFS_I(src)->last_reflink_trans = trans->transid; 598 599 BTRFS_I(inode)->last_reflink_trans = trans->transid; 600 601 last_dest_end = ALIGN(new_key.offset + datal, 602 fs_info->sectorsize); 603 ret = clone_finish_inode_update(trans, inode, last_dest_end, 604 destoff, olen, no_time_update); 605 if (ret) 606 goto out; 607 if (new_key.offset + datal >= destoff + len) 608 break; 609 610 btrfs_release_path(path); 611 key.offset = prev_extent_end; 612 613 if (fatal_signal_pending(current)) { 614 ret = -EINTR; 615 goto out; 616 } 617 618 cond_resched(); 619 } 620 ret = 0; 621 622 if (last_dest_end < destoff + len) { 623 /* 624 * We have an implicit hole that fully or partially overlaps our 625 * cloning range at its end. This means that we either have the 626 * NO_HOLES feature enabled or the implicit hole happened due to 627 * mixing buffered and direct IO writes against this file. 628 */ 629 btrfs_release_path(path); 630 631 /* 632 * When using NO_HOLES and we are cloning a range that covers 633 * only a hole (no extents) into a range beyond the current 634 * i_size, punching a hole in the target range will not create 635 * an extent map defining a hole, because the range starts at or 636 * beyond current i_size. If the file previously had an i_size 637 * greater than the new i_size set by this clone operation, we 638 * need to make sure the next fsync is a full fsync, so that it 639 * detects and logs a hole covering a range from the current 640 * i_size to the new i_size. If the clone range covers extents, 641 * besides a hole, then we know the full sync flag was already 642 * set by previous calls to btrfs_replace_file_extents() that 643 * replaced file extent items. 644 */ 645 if (last_dest_end >= i_size_read(inode)) 646 btrfs_set_inode_full_sync(BTRFS_I(inode)); 647 648 ret = btrfs_replace_file_extents(BTRFS_I(inode), path, 649 last_dest_end, destoff + len - 1, NULL, &trans); 650 if (ret) 651 goto out; 652 653 ret = clone_finish_inode_update(trans, inode, destoff + len, 654 destoff, olen, no_time_update); 655 } 656 657 out: 658 clear_bit(BTRFS_INODE_NO_DELALLOC_FLUSH, &BTRFS_I(inode)->runtime_flags); 659 660 return ret; 661 } 662 663 static void btrfs_double_mmap_lock(struct btrfs_inode *inode1, struct btrfs_inode *inode2) 664 { 665 if (inode1 < inode2) 666 swap(inode1, inode2); 667 down_write(&inode1->i_mmap_lock); 668 down_write_nested(&inode2->i_mmap_lock, SINGLE_DEPTH_NESTING); 669 } 670 671 static void btrfs_double_mmap_unlock(struct btrfs_inode *inode1, struct btrfs_inode *inode2) 672 { 673 up_write(&inode1->i_mmap_lock); 674 up_write(&inode2->i_mmap_lock); 675 } 676 677 static int btrfs_extent_same_range(struct btrfs_inode *src, u64 loff, u64 len, 678 struct btrfs_inode *dst, u64 dst_loff) 679 { 680 const u64 end = dst_loff + len - 1; 681 struct extent_state *cached_state = NULL; 682 struct btrfs_fs_info *fs_info = src->root->fs_info; 683 const u64 bs = fs_info->sectorsize; 684 int ret; 685 686 /* 687 * Lock destination range to serialize with concurrent readahead(), and 688 * we are safe from concurrency with relocation of source extents 689 * because we have already locked the inode's i_mmap_lock in exclusive 690 * mode. 691 */ 692 btrfs_lock_extent(&dst->io_tree, dst_loff, end, &cached_state); 693 ret = btrfs_clone(&src->vfs_inode, &dst->vfs_inode, loff, len, 694 ALIGN(len, bs), dst_loff, true); 695 btrfs_unlock_extent(&dst->io_tree, dst_loff, end, &cached_state); 696 697 btrfs_btree_balance_dirty(fs_info); 698 699 return ret; 700 } 701 702 static int btrfs_extent_same(struct inode *src, u64 loff, u64 olen, 703 struct inode *dst, u64 dst_loff) 704 { 705 int ret = 0; 706 u64 i, tail_len, chunk_count; 707 struct btrfs_root *root_dst = BTRFS_I(dst)->root; 708 709 spin_lock(&root_dst->root_item_lock); 710 if (root_dst->send_in_progress) { 711 btrfs_warn_rl(root_dst->fs_info, 712 "cannot deduplicate to root %llu while send operations are using it (%d in progress)", 713 btrfs_root_id(root_dst), 714 root_dst->send_in_progress); 715 spin_unlock(&root_dst->root_item_lock); 716 return -EAGAIN; 717 } 718 root_dst->dedupe_in_progress++; 719 spin_unlock(&root_dst->root_item_lock); 720 721 tail_len = olen % BTRFS_MAX_DEDUPE_LEN; 722 chunk_count = div_u64(olen, BTRFS_MAX_DEDUPE_LEN); 723 724 for (i = 0; i < chunk_count; i++) { 725 ret = btrfs_extent_same_range(BTRFS_I(src), loff, BTRFS_MAX_DEDUPE_LEN, 726 BTRFS_I(dst), dst_loff); 727 if (ret) 728 goto out; 729 730 loff += BTRFS_MAX_DEDUPE_LEN; 731 dst_loff += BTRFS_MAX_DEDUPE_LEN; 732 } 733 734 if (tail_len > 0) 735 ret = btrfs_extent_same_range(BTRFS_I(src), loff, tail_len, 736 BTRFS_I(dst), dst_loff); 737 out: 738 spin_lock(&root_dst->root_item_lock); 739 root_dst->dedupe_in_progress--; 740 spin_unlock(&root_dst->root_item_lock); 741 742 return ret; 743 } 744 745 static noinline int btrfs_clone_files(struct file *file, struct file *file_src, 746 u64 off, u64 olen, u64 destoff) 747 { 748 struct extent_state *cached_state = NULL; 749 struct inode *inode = file_inode(file); 750 struct inode *src = file_inode(file_src); 751 struct btrfs_fs_info *fs_info = inode_to_fs_info(inode); 752 int ret; 753 u64 len = olen; 754 u64 bs = fs_info->sectorsize; 755 u64 end; 756 757 /* 758 * VFS's generic_remap_file_range_prep() protects us from cloning the 759 * eof block into the middle of a file, which would result in corruption 760 * if the file size is not blocksize aligned. So we don't need to check 761 * for that case here. 762 */ 763 if (off + len == src->i_size) 764 len = ALIGN(src->i_size, bs) - off; 765 766 if (destoff > inode->i_size) { 767 const u64 wb_start = ALIGN_DOWN(inode->i_size, bs); 768 769 ret = btrfs_cont_expand(BTRFS_I(inode), inode->i_size, destoff); 770 if (ret) 771 return ret; 772 /* 773 * We may have truncated the last block if the inode's size is 774 * not sector size aligned, so we need to wait for writeback to 775 * complete before proceeding further, otherwise we can race 776 * with cloning and attempt to increment a reference to an 777 * extent that no longer exists (writeback completed right after 778 * we found the previous extent covering eof and before we 779 * attempted to increment its reference count). 780 */ 781 ret = btrfs_wait_ordered_range(BTRFS_I(inode), wb_start, 782 destoff - wb_start); 783 if (ret) 784 return ret; 785 } 786 787 /* 788 * Lock destination range to serialize with concurrent readahead(), and 789 * we are safe from concurrency with relocation of source extents 790 * because we have already locked the inode's i_mmap_lock in exclusive 791 * mode. 792 */ 793 end = destoff + len - 1; 794 btrfs_lock_extent(&BTRFS_I(inode)->io_tree, destoff, end, &cached_state); 795 ret = btrfs_clone(src, inode, off, olen, len, destoff, false); 796 btrfs_unlock_extent(&BTRFS_I(inode)->io_tree, destoff, end, &cached_state); 797 if (ret < 0) 798 return ret; 799 800 /* 801 * We may have copied an inline extent into a page of the destination 802 * range. So flush delalloc and wait for ordered extent completion. 803 * This is to ensure the invalidation below does not fail, as if for 804 * example it finds a dirty folio, our folio release callback 805 * (btrfs_release_folio()) returns false, which makes the invalidation 806 * return an -EBUSY error. We can't ignore such failures since they 807 * could come from some range other than the copied inline extent's 808 * destination range and we have no way to know that. 809 */ 810 ret = btrfs_wait_ordered_range(BTRFS_I(inode), destoff, len); 811 if (ret < 0) 812 return ret; 813 814 /* 815 * Invalidate page cache so that future reads will see the cloned data 816 * immediately and not the previous data. 817 */ 818 ret = filemap_invalidate_inode(inode, false, destoff, end); 819 if (ret < 0) 820 return ret; 821 822 btrfs_btree_balance_dirty(fs_info); 823 824 return 0; 825 } 826 827 static int btrfs_remap_file_range_prep(struct file *file_in, loff_t pos_in, 828 struct file *file_out, loff_t pos_out, 829 loff_t *len, unsigned int remap_flags) 830 { 831 struct btrfs_inode *inode_in = BTRFS_I(file_inode(file_in)); 832 struct btrfs_inode *inode_out = BTRFS_I(file_inode(file_out)); 833 u64 bs = inode_out->root->fs_info->sectorsize; 834 u64 wb_len; 835 int ret; 836 837 if (!(remap_flags & REMAP_FILE_DEDUP)) { 838 struct btrfs_root *root_out = inode_out->root; 839 840 if (btrfs_root_readonly(root_out)) 841 return -EROFS; 842 843 ASSERT(inode_in->vfs_inode.i_sb == inode_out->vfs_inode.i_sb); 844 } 845 846 /* Can only reflink encrypted files if both files are encrypted. */ 847 if (IS_ENCRYPTED(&inode_in->vfs_inode) != IS_ENCRYPTED(&inode_out->vfs_inode)) 848 return -EINVAL; 849 850 /* Don't make the dst file partly checksummed */ 851 if ((inode_in->flags & BTRFS_INODE_NODATASUM) != 852 (inode_out->flags & BTRFS_INODE_NODATASUM)) { 853 return -EINVAL; 854 } 855 856 /* 857 * Now that the inodes are locked, we need to start writeback ourselves 858 * and can not rely on the writeback from the VFS's generic helper 859 * generic_remap_file_range_prep() because: 860 * 861 * 1) For compression we must call filemap_fdatawrite_range() range 862 * twice (btrfs_fdatawrite_range() does it for us), and the generic 863 * helper only calls it once; 864 * 865 * 2) filemap_fdatawrite_range(), called by the generic helper only 866 * waits for the writeback to complete, i.e. for IO to be done, and 867 * not for the ordered extents to complete. We need to wait for them 868 * to complete so that new file extent items are in the fs tree. 869 */ 870 if (*len == 0 && !(remap_flags & REMAP_FILE_DEDUP)) 871 wb_len = ALIGN(inode_in->vfs_inode.i_size, bs) - ALIGN_DOWN(pos_in, bs); 872 else 873 wb_len = ALIGN(*len, bs); 874 875 /* 876 * Workaround to make sure NOCOW buffered write reach disk as NOCOW. 877 * 878 * Btrfs' back references do not have a block level granularity, they 879 * work at the whole extent level. 880 * NOCOW buffered write without data space reserved may not be able 881 * to fall back to CoW due to lack of data space, thus could cause 882 * data loss. 883 * 884 * Here we take a shortcut by flushing the whole inode, so that all 885 * nocow write should reach disk as nocow before we increase the 886 * reference of the extent. We could do better by only flushing NOCOW 887 * data, but that needs extra accounting. 888 * 889 * Also we don't need to check ASYNC_EXTENT, as async extent will be 890 * CoWed anyway, not affecting nocow part. 891 */ 892 ret = filemap_flush(inode_in->vfs_inode.i_mapping); 893 if (ret < 0) 894 return ret; 895 896 ret = btrfs_wait_ordered_range(inode_in, ALIGN_DOWN(pos_in, bs), wb_len); 897 if (ret < 0) 898 return ret; 899 ret = btrfs_wait_ordered_range(inode_out, ALIGN_DOWN(pos_out, bs), wb_len); 900 if (ret < 0) 901 return ret; 902 903 return generic_remap_file_range_prep(file_in, pos_in, file_out, pos_out, 904 len, remap_flags); 905 } 906 907 static bool file_sync_write(const struct file *file) 908 { 909 if (file->f_flags & (__O_SYNC | O_DSYNC)) 910 return true; 911 if (IS_SYNC(file_inode(file))) 912 return true; 913 914 return false; 915 } 916 917 loff_t btrfs_remap_file_range(struct file *src_file, loff_t off, 918 struct file *dst_file, loff_t destoff, loff_t len, 919 unsigned int remap_flags) 920 { 921 struct btrfs_inode *src_inode = BTRFS_I(file_inode(src_file)); 922 struct btrfs_inode *dst_inode = BTRFS_I(file_inode(dst_file)); 923 bool same_inode = dst_inode == src_inode; 924 int ret; 925 926 if (btrfs_is_shutdown(inode_to_fs_info(file_inode(src_file)))) 927 return -EIO; 928 929 if (remap_flags & ~(REMAP_FILE_DEDUP | REMAP_FILE_ADVISORY)) 930 return -EINVAL; 931 932 if (same_inode) { 933 btrfs_inode_lock(src_inode, BTRFS_ILOCK_MMAP); 934 } else { 935 lock_two_nondirectories(&src_inode->vfs_inode, &dst_inode->vfs_inode); 936 btrfs_double_mmap_lock(src_inode, dst_inode); 937 } 938 939 ret = btrfs_remap_file_range_prep(src_file, off, dst_file, destoff, 940 &len, remap_flags); 941 if (ret < 0 || len == 0) 942 goto out_unlock; 943 944 if (remap_flags & REMAP_FILE_DEDUP) 945 ret = btrfs_extent_same(&src_inode->vfs_inode, off, len, 946 &dst_inode->vfs_inode, destoff); 947 else 948 ret = btrfs_clone_files(dst_file, src_file, off, len, destoff); 949 950 out_unlock: 951 if (same_inode) { 952 btrfs_inode_unlock(src_inode, BTRFS_ILOCK_MMAP); 953 } else { 954 btrfs_double_mmap_unlock(src_inode, dst_inode); 955 unlock_two_nondirectories(&src_inode->vfs_inode, 956 &dst_inode->vfs_inode); 957 } 958 959 /* 960 * If either the source or the destination file was opened with O_SYNC, 961 * O_DSYNC or has the S_SYNC attribute, fsync both the destination and 962 * source files/ranges, so that after a successful return (0) followed 963 * by a power failure results in the reflinked data to be readable from 964 * both files/ranges. 965 */ 966 if (ret == 0 && len > 0 && 967 (file_sync_write(src_file) || file_sync_write(dst_file))) { 968 ret = btrfs_sync_file(src_file, off, off + len - 1, 0); 969 if (ret == 0) 970 ret = btrfs_sync_file(dst_file, destoff, 971 destoff + len - 1, 0); 972 } 973 974 return ret < 0 ? ret : len; 975 } 976