1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Functions related to mapping data to requests 4 */ 5 #include <linux/kernel.h> 6 #include <linux/sched/task_stack.h> 7 #include <linux/module.h> 8 #include <linux/bio.h> 9 #include <linux/blkdev.h> 10 #include <linux/uio.h> 11 12 #include "blk.h" 13 14 struct bio_map_data { 15 bool is_our_pages : 1; 16 bool is_null_mapped : 1; 17 struct iov_iter iter; 18 struct iovec iov[]; 19 }; 20 21 static struct bio_map_data *bio_alloc_map_data(struct iov_iter *data, 22 gfp_t gfp_mask) 23 { 24 struct bio_map_data *bmd; 25 26 if (data->nr_segs > UIO_MAXIOV) 27 return NULL; 28 29 bmd = kmalloc(struct_size(bmd, iov, data->nr_segs), gfp_mask); 30 if (!bmd) 31 return NULL; 32 bmd->iter = *data; 33 if (iter_is_iovec(data)) { 34 memcpy(bmd->iov, iter_iov(data), sizeof(struct iovec) * data->nr_segs); 35 bmd->iter.__iov = bmd->iov; 36 } 37 return bmd; 38 } 39 40 /** 41 * bio_copy_from_iter - copy all pages from iov_iter to bio 42 * @bio: The &struct bio which describes the I/O as destination 43 * @iter: iov_iter as source 44 * 45 * Copy all pages from iov_iter to bio. 46 * Returns 0 on success, or error on failure. 47 */ 48 static int bio_copy_from_iter(struct bio *bio, struct iov_iter *iter) 49 { 50 struct bio_vec *bvec; 51 struct bvec_iter_all iter_all; 52 53 bio_for_each_segment_all(bvec, bio, iter_all) { 54 ssize_t ret; 55 56 ret = copy_page_from_iter(bvec->bv_page, 57 bvec->bv_offset, 58 bvec->bv_len, 59 iter); 60 61 if (!iov_iter_count(iter)) 62 break; 63 64 if (ret < bvec->bv_len) 65 return -EFAULT; 66 } 67 68 return 0; 69 } 70 71 /** 72 * bio_copy_to_iter - copy all pages from bio to iov_iter 73 * @bio: The &struct bio which describes the I/O as source 74 * @iter: iov_iter as destination 75 * 76 * Copy all pages from bio to iov_iter. 77 * Returns 0 on success, or error on failure. 78 */ 79 static int bio_copy_to_iter(struct bio *bio, struct iov_iter iter) 80 { 81 struct bio_vec *bvec; 82 struct bvec_iter_all iter_all; 83 84 bio_for_each_segment_all(bvec, bio, iter_all) { 85 ssize_t ret; 86 87 ret = copy_page_to_iter(bvec->bv_page, 88 bvec->bv_offset, 89 bvec->bv_len, 90 &iter); 91 92 if (!iov_iter_count(&iter)) 93 break; 94 95 if (ret < bvec->bv_len) 96 return -EFAULT; 97 } 98 99 return 0; 100 } 101 102 /** 103 * bio_uncopy_user - finish previously mapped bio 104 * @bio: bio being terminated 105 * 106 * Free pages allocated from bio_copy_user_iov() and write back data 107 * to user space in case of a read. 108 */ 109 static int bio_uncopy_user(struct bio *bio) 110 { 111 struct bio_map_data *bmd = bio->bi_private; 112 int ret = 0; 113 114 if (!bmd->is_null_mapped) { 115 /* 116 * if we're in a workqueue, the request is orphaned, so 117 * don't copy into a random user address space, just free 118 * and return -EINTR so user space doesn't expect any data. 119 */ 120 if (!current->mm) 121 ret = -EINTR; 122 else if (bio_data_dir(bio) == READ) 123 ret = bio_copy_to_iter(bio, bmd->iter); 124 if (bmd->is_our_pages) 125 bio_free_pages(bio); 126 } 127 kfree(bmd); 128 return ret; 129 } 130 131 static int bio_copy_user_iov(struct request *rq, struct rq_map_data *map_data, 132 struct iov_iter *iter, gfp_t gfp_mask) 133 { 134 struct bio_map_data *bmd; 135 struct page *page; 136 struct bio *bio; 137 int i = 0, ret; 138 int nr_pages; 139 unsigned int len = iter->count; 140 unsigned int offset = map_data ? offset_in_page(map_data->offset) : 0; 141 142 bmd = bio_alloc_map_data(iter, gfp_mask); 143 if (!bmd) 144 return -ENOMEM; 145 146 /* 147 * We need to do a deep copy of the iov_iter including the iovecs. 148 * The caller provided iov might point to an on-stack or otherwise 149 * shortlived one. 150 */ 151 bmd->is_our_pages = !map_data; 152 bmd->is_null_mapped = (map_data && map_data->null_mapped); 153 154 nr_pages = bio_max_segs(DIV_ROUND_UP(offset + len, PAGE_SIZE)); 155 156 ret = -ENOMEM; 157 bio = bio_kmalloc(nr_pages, gfp_mask); 158 if (!bio) 159 goto out_bmd; 160 bio_init_inline(bio, NULL, nr_pages, req_op(rq)); 161 162 if (map_data) { 163 nr_pages = 1U << map_data->page_order; 164 i = map_data->offset / PAGE_SIZE; 165 } 166 while (len) { 167 unsigned int bytes = PAGE_SIZE; 168 169 bytes -= offset; 170 171 if (bytes > len) 172 bytes = len; 173 174 if (map_data) { 175 if (i == map_data->nr_entries * nr_pages) { 176 ret = -ENOMEM; 177 goto cleanup; 178 } 179 180 page = map_data->pages[i / nr_pages]; 181 page += (i % nr_pages); 182 183 i++; 184 } else { 185 page = alloc_page(GFP_NOIO | gfp_mask); 186 if (!page) { 187 ret = -ENOMEM; 188 goto cleanup; 189 } 190 } 191 192 if (bio_add_page(bio, page, bytes, offset) < bytes) { 193 if (!map_data) 194 __free_page(page); 195 break; 196 } 197 198 len -= bytes; 199 offset = 0; 200 } 201 202 if (map_data) 203 map_data->offset += bio->bi_iter.bi_size; 204 205 /* 206 * success 207 */ 208 if (iov_iter_rw(iter) == WRITE && 209 (!map_data || !map_data->null_mapped)) { 210 ret = bio_copy_from_iter(bio, iter); 211 if (ret) 212 goto cleanup; 213 } else if (map_data && map_data->from_user) { 214 struct iov_iter iter2 = *iter; 215 216 /* This is the copy-in part of SG_DXFER_TO_FROM_DEV. */ 217 iter2.data_source = ITER_SOURCE; 218 ret = bio_copy_from_iter(bio, &iter2); 219 if (ret) 220 goto cleanup; 221 } else { 222 if (bmd->is_our_pages) 223 zero_fill_bio(bio); 224 iov_iter_advance(iter, bio->bi_iter.bi_size); 225 } 226 227 bio->bi_private = bmd; 228 229 ret = blk_rq_append_bio(rq, bio); 230 if (ret) 231 goto cleanup; 232 return 0; 233 cleanup: 234 if (!map_data) 235 bio_free_pages(bio); 236 bio_uninit(bio); 237 kfree(bio); 238 out_bmd: 239 kfree(bmd); 240 return ret; 241 } 242 243 static void blk_mq_map_bio_put(struct bio *bio) 244 { 245 if (bio->bi_opf & REQ_ALLOC_CACHE) { 246 bio_put(bio); 247 } else { 248 bio_uninit(bio); 249 kfree(bio); 250 } 251 } 252 253 static struct bio *blk_rq_map_bio_alloc(struct request *rq, 254 unsigned int nr_vecs, gfp_t gfp_mask) 255 { 256 struct block_device *bdev = rq->q->disk ? rq->q->disk->part0 : NULL; 257 struct bio *bio; 258 259 if (rq->cmd_flags & REQ_ALLOC_CACHE && (nr_vecs <= BIO_INLINE_VECS)) { 260 bio = bio_alloc_bioset(bdev, nr_vecs, rq->cmd_flags, gfp_mask, 261 &fs_bio_set); 262 if (!bio) 263 return NULL; 264 } else { 265 bio = bio_kmalloc(nr_vecs, gfp_mask); 266 if (!bio) 267 return NULL; 268 bio_init_inline(bio, bdev, nr_vecs, req_op(rq)); 269 } 270 return bio; 271 } 272 273 static int bio_map_user_iov(struct request *rq, struct iov_iter *iter, 274 gfp_t gfp_mask) 275 { 276 unsigned int nr_vecs = iov_iter_npages(iter, BIO_MAX_VECS); 277 struct bio *bio; 278 int ret; 279 280 if (!iov_iter_count(iter)) 281 return -EINVAL; 282 283 bio = blk_rq_map_bio_alloc(rq, nr_vecs, gfp_mask); 284 if (!bio) 285 return -ENOMEM; 286 /* 287 * No alignment requirements on our part to support arbitrary 288 * passthrough commands. 289 */ 290 ret = bio_iov_iter_get_pages(bio, iter, 0); 291 if (ret) 292 goto out_put; 293 ret = blk_rq_append_bio(rq, bio); 294 if (ret) 295 goto out_release; 296 return 0; 297 298 out_release: 299 bio_release_pages(bio, false); 300 out_put: 301 blk_mq_map_bio_put(bio); 302 return ret; 303 } 304 305 static void bio_invalidate_vmalloc_pages(struct bio *bio) 306 { 307 #ifdef ARCH_IMPLEMENTS_FLUSH_KERNEL_VMAP_RANGE 308 if (bio->bi_private && !op_is_write(bio_op(bio))) { 309 unsigned long i, len = 0; 310 311 for (i = 0; i < bio->bi_vcnt; i++) 312 len += bio->bi_io_vec[i].bv_len; 313 invalidate_kernel_vmap_range(bio->bi_private, len); 314 } 315 #endif 316 } 317 318 static void bio_map_kern_endio(struct bio *bio) 319 { 320 bio_invalidate_vmalloc_pages(bio); 321 bio_uninit(bio); 322 kfree(bio); 323 } 324 325 static struct bio *bio_map_kern(void *data, unsigned int len, enum req_op op, 326 gfp_t gfp_mask) 327 { 328 unsigned int nr_vecs = bio_add_max_vecs(data, len); 329 struct bio *bio; 330 331 bio = bio_kmalloc(nr_vecs, gfp_mask); 332 if (!bio) 333 return ERR_PTR(-ENOMEM); 334 bio_init_inline(bio, NULL, nr_vecs, op); 335 if (is_vmalloc_addr(data)) { 336 bio->bi_private = data; 337 if (!bio_add_vmalloc(bio, data, len)) { 338 bio_uninit(bio); 339 kfree(bio); 340 return ERR_PTR(-EINVAL); 341 } 342 } else { 343 bio_add_virt_nofail(bio, data, len); 344 } 345 bio->bi_end_io = bio_map_kern_endio; 346 return bio; 347 } 348 349 static void bio_copy_kern_endio(struct bio *bio) 350 { 351 bio_free_pages(bio); 352 bio_uninit(bio); 353 kfree(bio); 354 } 355 356 static void bio_copy_kern_endio_read(struct bio *bio) 357 { 358 char *p = bio->bi_private; 359 struct bio_vec *bvec; 360 struct bvec_iter_all iter_all; 361 362 bio_for_each_segment_all(bvec, bio, iter_all) { 363 memcpy_from_bvec(p, bvec); 364 p += bvec->bv_len; 365 } 366 367 bio_copy_kern_endio(bio); 368 } 369 370 /** 371 * bio_copy_kern - copy kernel address into bio 372 * @data: pointer to buffer to copy 373 * @len: length in bytes 374 * @op: bio/request operation 375 * @gfp_mask: allocation flags for bio and page allocation 376 * 377 * copy the kernel address into a bio suitable for io to a block 378 * device. Returns an error pointer in case of error. 379 */ 380 static struct bio *bio_copy_kern(void *data, unsigned int len, enum req_op op, 381 gfp_t gfp_mask) 382 { 383 unsigned long kaddr = (unsigned long)data; 384 unsigned long end = (kaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT; 385 unsigned long start = kaddr >> PAGE_SHIFT; 386 struct bio *bio; 387 void *p = data; 388 int nr_pages = 0; 389 390 /* 391 * Overflow, abort 392 */ 393 if (end < start) 394 return ERR_PTR(-EINVAL); 395 396 nr_pages = end - start; 397 bio = bio_kmalloc(nr_pages, gfp_mask); 398 if (!bio) 399 return ERR_PTR(-ENOMEM); 400 bio_init_inline(bio, NULL, nr_pages, op); 401 402 while (len) { 403 struct page *page; 404 unsigned int bytes = PAGE_SIZE; 405 406 if (bytes > len) 407 bytes = len; 408 409 page = alloc_page(GFP_NOIO | __GFP_ZERO | gfp_mask); 410 if (!page) 411 goto cleanup; 412 413 if (op_is_write(op)) 414 memcpy(page_address(page), p, bytes); 415 416 if (bio_add_page(bio, page, bytes, 0) < bytes) 417 break; 418 419 len -= bytes; 420 p += bytes; 421 } 422 423 if (op_is_write(op)) { 424 bio->bi_end_io = bio_copy_kern_endio; 425 } else { 426 bio->bi_end_io = bio_copy_kern_endio_read; 427 bio->bi_private = data; 428 } 429 430 return bio; 431 432 cleanup: 433 bio_free_pages(bio); 434 bio_uninit(bio); 435 kfree(bio); 436 return ERR_PTR(-ENOMEM); 437 } 438 439 /* 440 * Append a bio to a passthrough request. Only works if the bio can be merged 441 * into the request based on the driver constraints. 442 */ 443 int blk_rq_append_bio(struct request *rq, struct bio *bio) 444 { 445 const struct queue_limits *lim = &rq->q->limits; 446 unsigned int max_bytes = lim->max_hw_sectors << SECTOR_SHIFT; 447 unsigned int nr_segs = 0; 448 int ret; 449 450 /* check that the data layout matches the hardware restrictions */ 451 ret = bio_split_io_at(bio, lim, &nr_segs, max_bytes, 0); 452 if (ret) { 453 /* if we would have to split the bio, copy instead */ 454 if (ret > 0) 455 ret = -EREMOTEIO; 456 return ret; 457 } 458 459 if (rq->bio) { 460 if (!ll_back_merge_fn(rq, bio, nr_segs)) 461 return -EINVAL; 462 rq->biotail->bi_next = bio; 463 rq->biotail = bio; 464 rq->__data_len += bio->bi_iter.bi_size; 465 bio_crypt_free_ctx(bio); 466 return 0; 467 } 468 469 rq->nr_phys_segments = nr_segs; 470 rq->bio = rq->biotail = bio; 471 rq->__data_len = bio->bi_iter.bi_size; 472 return 0; 473 } 474 EXPORT_SYMBOL(blk_rq_append_bio); 475 476 /* Prepare bio for passthrough IO given ITER_BVEC iter */ 477 static int blk_rq_map_user_bvec(struct request *rq, const struct iov_iter *iter) 478 { 479 unsigned int max_bytes = rq->q->limits.max_hw_sectors << SECTOR_SHIFT; 480 struct bio *bio; 481 int ret; 482 483 if (!iov_iter_count(iter) || iov_iter_count(iter) > max_bytes) 484 return -EINVAL; 485 486 /* reuse the bvecs from the iterator instead of allocating new ones */ 487 bio = blk_rq_map_bio_alloc(rq, 0, GFP_KERNEL); 488 if (!bio) 489 return -ENOMEM; 490 bio_iov_bvec_set(bio, iter); 491 492 ret = blk_rq_append_bio(rq, bio); 493 if (ret) 494 blk_mq_map_bio_put(bio); 495 return ret; 496 } 497 498 /** 499 * blk_rq_map_user_iov - map user data to a request, for passthrough requests 500 * @q: request queue where request should be inserted 501 * @rq: request to map data to 502 * @map_data: pointer to the rq_map_data holding pages (if necessary) 503 * @iter: iovec iterator 504 * @gfp_mask: memory allocation flags 505 * 506 * Description: 507 * Data will be mapped directly for zero copy I/O, if possible. Otherwise 508 * a kernel bounce buffer is used. 509 * 510 * A matching blk_rq_unmap_user() must be issued at the end of I/O, while 511 * still in process context. 512 */ 513 int blk_rq_map_user_iov(struct request_queue *q, struct request *rq, 514 struct rq_map_data *map_data, 515 const struct iov_iter *iter, gfp_t gfp_mask) 516 { 517 bool copy = false, map_bvec = false; 518 unsigned long align = blk_lim_dma_alignment_and_pad(&q->limits); 519 struct bio *bio = NULL; 520 struct iov_iter i; 521 int ret = -EINVAL; 522 523 if (map_data) 524 copy = true; 525 else if (iov_iter_alignment(iter) & align) 526 copy = true; 527 else if (iov_iter_is_bvec(iter)) 528 map_bvec = true; 529 else if (!user_backed_iter(iter)) 530 copy = true; 531 else if (queue_virt_boundary(q)) 532 copy = queue_virt_boundary(q) & iov_iter_gap_alignment(iter); 533 534 if (map_bvec) { 535 ret = blk_rq_map_user_bvec(rq, iter); 536 if (!ret) 537 return 0; 538 if (ret != -EREMOTEIO) 539 goto fail; 540 /* fall back to copying the data on limits mismatches */ 541 copy = true; 542 } 543 544 i = *iter; 545 do { 546 if (copy) 547 ret = bio_copy_user_iov(rq, map_data, &i, gfp_mask); 548 else 549 ret = bio_map_user_iov(rq, &i, gfp_mask); 550 if (ret) { 551 if (ret == -EREMOTEIO) 552 ret = -EINVAL; 553 goto unmap_rq; 554 } 555 if (!bio) 556 bio = rq->bio; 557 } while (iov_iter_count(&i)); 558 559 return 0; 560 561 unmap_rq: 562 blk_rq_unmap_user(bio); 563 fail: 564 rq->bio = NULL; 565 return ret; 566 } 567 EXPORT_SYMBOL(blk_rq_map_user_iov); 568 569 int blk_rq_map_user(struct request_queue *q, struct request *rq, 570 struct rq_map_data *map_data, void __user *ubuf, 571 unsigned long len, gfp_t gfp_mask) 572 { 573 struct iov_iter i; 574 int ret = import_ubuf(rq_data_dir(rq), ubuf, len, &i); 575 576 if (unlikely(ret < 0)) 577 return ret; 578 579 return blk_rq_map_user_iov(q, rq, map_data, &i, gfp_mask); 580 } 581 EXPORT_SYMBOL(blk_rq_map_user); 582 583 int blk_rq_map_user_io(struct request *req, struct rq_map_data *map_data, 584 void __user *ubuf, unsigned long buf_len, gfp_t gfp_mask, 585 bool vec, int iov_count, bool check_iter_count, int rw) 586 { 587 int ret = 0; 588 589 if (vec) { 590 struct iovec fast_iov[UIO_FASTIOV]; 591 struct iovec *iov = fast_iov; 592 struct iov_iter iter; 593 594 ret = import_iovec(rw, ubuf, iov_count ? iov_count : buf_len, 595 UIO_FASTIOV, &iov, &iter); 596 if (ret < 0) 597 return ret; 598 599 if (iov_count) { 600 /* SG_IO howto says that the shorter of the two wins */ 601 iov_iter_truncate(&iter, buf_len); 602 if (check_iter_count && !iov_iter_count(&iter)) { 603 kfree(iov); 604 return -EINVAL; 605 } 606 } 607 608 ret = blk_rq_map_user_iov(req->q, req, map_data, &iter, 609 gfp_mask); 610 kfree(iov); 611 } else if (buf_len) { 612 ret = blk_rq_map_user(req->q, req, map_data, ubuf, buf_len, 613 gfp_mask); 614 } 615 return ret; 616 } 617 EXPORT_SYMBOL(blk_rq_map_user_io); 618 619 /** 620 * blk_rq_unmap_user - unmap a request with user data 621 * @bio: start of bio list 622 * 623 * Description: 624 * Unmap a rq previously mapped by blk_rq_map_user(). The caller must 625 * supply the original rq->bio from the blk_rq_map_user() return, since 626 * the I/O completion may have changed rq->bio. 627 */ 628 int blk_rq_unmap_user(struct bio *bio) 629 { 630 struct bio *next_bio; 631 int ret = 0, ret2; 632 633 while (bio) { 634 if (bio->bi_private) { 635 ret2 = bio_uncopy_user(bio); 636 if (ret2 && !ret) 637 ret = ret2; 638 } else { 639 bio_release_pages(bio, bio_data_dir(bio) == READ); 640 } 641 642 if (bio_integrity(bio)) 643 bio_integrity_unmap_user(bio); 644 645 next_bio = bio; 646 bio = bio->bi_next; 647 blk_mq_map_bio_put(next_bio); 648 } 649 650 return ret; 651 } 652 EXPORT_SYMBOL(blk_rq_unmap_user); 653 654 /** 655 * blk_rq_map_kern - map kernel data to a request, for passthrough requests 656 * @rq: request to fill 657 * @kbuf: the kernel buffer 658 * @len: length of user data 659 * @gfp_mask: memory allocation flags 660 * 661 * Description: 662 * Data will be mapped directly if possible. Otherwise a bounce 663 * buffer is used. Can be called multiple times to append multiple 664 * buffers. 665 */ 666 int blk_rq_map_kern(struct request *rq, void *kbuf, unsigned int len, 667 gfp_t gfp_mask) 668 { 669 unsigned long addr = (unsigned long) kbuf; 670 struct bio *bio; 671 int ret; 672 673 if (len > (queue_max_hw_sectors(rq->q) << SECTOR_SHIFT)) 674 return -EINVAL; 675 if (!len || !kbuf) 676 return -EINVAL; 677 678 if (!blk_rq_aligned(rq->q, addr, len) || object_is_on_stack(kbuf)) 679 bio = bio_copy_kern(kbuf, len, req_op(rq), gfp_mask); 680 else 681 bio = bio_map_kern(kbuf, len, req_op(rq), gfp_mask); 682 683 if (IS_ERR(bio)) 684 return PTR_ERR(bio); 685 686 ret = blk_rq_append_bio(rq, bio); 687 if (unlikely(ret)) { 688 bio_uninit(bio); 689 kfree(bio); 690 } 691 return ret; 692 } 693 EXPORT_SYMBOL(blk_rq_map_kern); 694