1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/readpage.c 4 * 5 * Copyright (C) 2002, Linus Torvalds. 6 * Copyright (C) 2015, Google, Inc. 7 * 8 * This was originally taken from fs/mpage.c 9 * 10 * The ext4_mpage_readpages() function here is intended to 11 * replace mpage_readahead() in the general case, not just for 12 * encrypted files. It has some limitations (see below), where it 13 * will fall back to read_block_full_page(), but these limitations 14 * should only be hit when page_size != block_size. 15 * 16 * This will allow us to attach a callback function to support ext4 17 * encryption. 18 * 19 * If anything unusual happens, such as: 20 * 21 * - encountering a page which has buffers 22 * - encountering a page which has a non-hole after a hole 23 * - encountering a page with non-contiguous blocks 24 * 25 * then this code just gives up and calls the buffer_head-based read function. 26 * It does handle a page which has holes at the end - that is a common case: 27 * the end-of-file on blocksize < PAGE_SIZE setups. 28 * 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/export.h> 33 #include <linux/mm.h> 34 #include <linux/kdev_t.h> 35 #include <linux/gfp.h> 36 #include <linux/bio.h> 37 #include <linux/fs.h> 38 #include <linux/buffer_head.h> 39 #include <linux/blkdev.h> 40 #include <linux/highmem.h> 41 #include <linux/prefetch.h> 42 #include <linux/mpage.h> 43 #include <linux/writeback.h> 44 #include <linux/backing-dev.h> 45 #include <linux/pagevec.h> 46 #include <linux/cleancache.h> 47 48 #include "ext4.h" 49 50 #define NUM_PREALLOC_POST_READ_CTXS 128 51 52 static struct kmem_cache *bio_post_read_ctx_cache; 53 static mempool_t *bio_post_read_ctx_pool; 54 55 /* postprocessing steps for read bios */ 56 enum bio_post_read_step { 57 STEP_INITIAL = 0, 58 STEP_DECRYPT, 59 STEP_VERITY, 60 STEP_MAX, 61 }; 62 63 struct bio_post_read_ctx { 64 struct bio *bio; 65 struct work_struct work; 66 unsigned int cur_step; 67 unsigned int enabled_steps; 68 }; 69 70 static void __read_end_io(struct bio *bio) 71 { 72 struct page *page; 73 struct bio_vec *bv; 74 struct bvec_iter_all iter_all; 75 76 bio_for_each_segment_all(bv, bio, iter_all) { 77 page = bv->bv_page; 78 79 /* PG_error was set if any post_read step failed */ 80 if (bio->bi_status || PageError(page)) { 81 ClearPageUptodate(page); 82 /* will re-read again later */ 83 ClearPageError(page); 84 } else { 85 SetPageUptodate(page); 86 } 87 unlock_page(page); 88 } 89 if (bio->bi_private) 90 mempool_free(bio->bi_private, bio_post_read_ctx_pool); 91 bio_put(bio); 92 } 93 94 static void bio_post_read_processing(struct bio_post_read_ctx *ctx); 95 96 static void decrypt_work(struct work_struct *work) 97 { 98 struct bio_post_read_ctx *ctx = 99 container_of(work, struct bio_post_read_ctx, work); 100 101 fscrypt_decrypt_bio(ctx->bio); 102 103 bio_post_read_processing(ctx); 104 } 105 106 static void verity_work(struct work_struct *work) 107 { 108 struct bio_post_read_ctx *ctx = 109 container_of(work, struct bio_post_read_ctx, work); 110 struct bio *bio = ctx->bio; 111 112 /* 113 * fsverity_verify_bio() may call readpages() again, and although verity 114 * will be disabled for that, decryption may still be needed, causing 115 * another bio_post_read_ctx to be allocated. So to guarantee that 116 * mempool_alloc() never deadlocks we must free the current ctx first. 117 * This is safe because verity is the last post-read step. 118 */ 119 BUILD_BUG_ON(STEP_VERITY + 1 != STEP_MAX); 120 mempool_free(ctx, bio_post_read_ctx_pool); 121 bio->bi_private = NULL; 122 123 fsverity_verify_bio(bio); 124 125 __read_end_io(bio); 126 } 127 128 static void bio_post_read_processing(struct bio_post_read_ctx *ctx) 129 { 130 /* 131 * We use different work queues for decryption and for verity because 132 * verity may require reading metadata pages that need decryption, and 133 * we shouldn't recurse to the same workqueue. 134 */ 135 switch (++ctx->cur_step) { 136 case STEP_DECRYPT: 137 if (ctx->enabled_steps & (1 << STEP_DECRYPT)) { 138 INIT_WORK(&ctx->work, decrypt_work); 139 fscrypt_enqueue_decrypt_work(&ctx->work); 140 return; 141 } 142 ctx->cur_step++; 143 /* fall-through */ 144 case STEP_VERITY: 145 if (ctx->enabled_steps & (1 << STEP_VERITY)) { 146 INIT_WORK(&ctx->work, verity_work); 147 fsverity_enqueue_verify_work(&ctx->work); 148 return; 149 } 150 ctx->cur_step++; 151 /* fall-through */ 152 default: 153 __read_end_io(ctx->bio); 154 } 155 } 156 157 static bool bio_post_read_required(struct bio *bio) 158 { 159 return bio->bi_private && !bio->bi_status; 160 } 161 162 /* 163 * I/O completion handler for multipage BIOs. 164 * 165 * The mpage code never puts partial pages into a BIO (except for end-of-file). 166 * If a page does not map to a contiguous run of blocks then it simply falls 167 * back to block_read_full_page(). 168 * 169 * Why is this? If a page's completion depends on a number of different BIOs 170 * which can complete in any order (or at the same time) then determining the 171 * status of that page is hard. See end_buffer_async_read() for the details. 172 * There is no point in duplicating all that complexity. 173 */ 174 static void mpage_end_io(struct bio *bio) 175 { 176 if (bio_post_read_required(bio)) { 177 struct bio_post_read_ctx *ctx = bio->bi_private; 178 179 ctx->cur_step = STEP_INITIAL; 180 bio_post_read_processing(ctx); 181 return; 182 } 183 __read_end_io(bio); 184 } 185 186 static inline bool ext4_need_verity(const struct inode *inode, pgoff_t idx) 187 { 188 return fsverity_active(inode) && 189 idx < DIV_ROUND_UP(inode->i_size, PAGE_SIZE); 190 } 191 192 static void ext4_set_bio_post_read_ctx(struct bio *bio, 193 const struct inode *inode, 194 pgoff_t first_idx) 195 { 196 unsigned int post_read_steps = 0; 197 198 if (IS_ENCRYPTED(inode) && S_ISREG(inode->i_mode)) 199 post_read_steps |= 1 << STEP_DECRYPT; 200 201 if (ext4_need_verity(inode, first_idx)) 202 post_read_steps |= 1 << STEP_VERITY; 203 204 if (post_read_steps) { 205 /* Due to the mempool, this never fails. */ 206 struct bio_post_read_ctx *ctx = 207 mempool_alloc(bio_post_read_ctx_pool, GFP_NOFS); 208 209 ctx->bio = bio; 210 ctx->enabled_steps = post_read_steps; 211 bio->bi_private = ctx; 212 } 213 } 214 215 static inline loff_t ext4_readpage_limit(struct inode *inode) 216 { 217 if (IS_ENABLED(CONFIG_FS_VERITY) && 218 (IS_VERITY(inode) || ext4_verity_in_progress(inode))) 219 return inode->i_sb->s_maxbytes; 220 221 return i_size_read(inode); 222 } 223 224 int ext4_mpage_readpages(struct inode *inode, 225 struct readahead_control *rac, struct page *page) 226 { 227 struct bio *bio = NULL; 228 sector_t last_block_in_bio = 0; 229 230 const unsigned blkbits = inode->i_blkbits; 231 const unsigned blocks_per_page = PAGE_SIZE >> blkbits; 232 const unsigned blocksize = 1 << blkbits; 233 sector_t block_in_file; 234 sector_t last_block; 235 sector_t last_block_in_file; 236 sector_t blocks[MAX_BUF_PER_PAGE]; 237 unsigned page_block; 238 struct block_device *bdev = inode->i_sb->s_bdev; 239 int length; 240 unsigned relative_block = 0; 241 struct ext4_map_blocks map; 242 unsigned int nr_pages = rac ? readahead_count(rac) : 1; 243 244 map.m_pblk = 0; 245 map.m_lblk = 0; 246 map.m_len = 0; 247 map.m_flags = 0; 248 249 for (; nr_pages; nr_pages--) { 250 int fully_mapped = 1; 251 unsigned first_hole = blocks_per_page; 252 253 if (rac) { 254 page = readahead_page(rac); 255 prefetchw(&page->flags); 256 } 257 258 if (page_has_buffers(page)) 259 goto confused; 260 261 block_in_file = (sector_t)page->index << (PAGE_SHIFT - blkbits); 262 last_block = block_in_file + nr_pages * blocks_per_page; 263 last_block_in_file = (ext4_readpage_limit(inode) + 264 blocksize - 1) >> blkbits; 265 if (last_block > last_block_in_file) 266 last_block = last_block_in_file; 267 page_block = 0; 268 269 /* 270 * Map blocks using the previous result first. 271 */ 272 if ((map.m_flags & EXT4_MAP_MAPPED) && 273 block_in_file > map.m_lblk && 274 block_in_file < (map.m_lblk + map.m_len)) { 275 unsigned map_offset = block_in_file - map.m_lblk; 276 unsigned last = map.m_len - map_offset; 277 278 for (relative_block = 0; ; relative_block++) { 279 if (relative_block == last) { 280 /* needed? */ 281 map.m_flags &= ~EXT4_MAP_MAPPED; 282 break; 283 } 284 if (page_block == blocks_per_page) 285 break; 286 blocks[page_block] = map.m_pblk + map_offset + 287 relative_block; 288 page_block++; 289 block_in_file++; 290 } 291 } 292 293 /* 294 * Then do more ext4_map_blocks() calls until we are 295 * done with this page. 296 */ 297 while (page_block < blocks_per_page) { 298 if (block_in_file < last_block) { 299 map.m_lblk = block_in_file; 300 map.m_len = last_block - block_in_file; 301 302 if (ext4_map_blocks(NULL, inode, &map, 0) < 0) { 303 set_error_page: 304 SetPageError(page); 305 zero_user_segment(page, 0, 306 PAGE_SIZE); 307 unlock_page(page); 308 goto next_page; 309 } 310 } 311 if ((map.m_flags & EXT4_MAP_MAPPED) == 0) { 312 fully_mapped = 0; 313 if (first_hole == blocks_per_page) 314 first_hole = page_block; 315 page_block++; 316 block_in_file++; 317 continue; 318 } 319 if (first_hole != blocks_per_page) 320 goto confused; /* hole -> non-hole */ 321 322 /* Contiguous blocks? */ 323 if (page_block && blocks[page_block-1] != map.m_pblk-1) 324 goto confused; 325 for (relative_block = 0; ; relative_block++) { 326 if (relative_block == map.m_len) { 327 /* needed? */ 328 map.m_flags &= ~EXT4_MAP_MAPPED; 329 break; 330 } else if (page_block == blocks_per_page) 331 break; 332 blocks[page_block] = map.m_pblk+relative_block; 333 page_block++; 334 block_in_file++; 335 } 336 } 337 if (first_hole != blocks_per_page) { 338 zero_user_segment(page, first_hole << blkbits, 339 PAGE_SIZE); 340 if (first_hole == 0) { 341 if (ext4_need_verity(inode, page->index) && 342 !fsverity_verify_page(page)) 343 goto set_error_page; 344 SetPageUptodate(page); 345 unlock_page(page); 346 goto next_page; 347 } 348 } else if (fully_mapped) { 349 SetPageMappedToDisk(page); 350 } 351 if (fully_mapped && blocks_per_page == 1 && 352 !PageUptodate(page) && cleancache_get_page(page) == 0) { 353 SetPageUptodate(page); 354 goto confused; 355 } 356 357 /* 358 * This page will go to BIO. Do we need to send this 359 * BIO off first? 360 */ 361 if (bio && (last_block_in_bio != blocks[0] - 1)) { 362 submit_and_realloc: 363 submit_bio(bio); 364 bio = NULL; 365 } 366 if (bio == NULL) { 367 /* 368 * bio_alloc will _always_ be able to allocate a bio if 369 * __GFP_DIRECT_RECLAIM is set, see bio_alloc_bioset(). 370 */ 371 bio = bio_alloc(GFP_KERNEL, 372 min_t(int, nr_pages, BIO_MAX_PAGES)); 373 ext4_set_bio_post_read_ctx(bio, inode, page->index); 374 bio_set_dev(bio, bdev); 375 bio->bi_iter.bi_sector = blocks[0] << (blkbits - 9); 376 bio->bi_end_io = mpage_end_io; 377 bio_set_op_attrs(bio, REQ_OP_READ, 378 rac ? REQ_RAHEAD : 0); 379 } 380 381 length = first_hole << blkbits; 382 if (bio_add_page(bio, page, length, 0) < length) 383 goto submit_and_realloc; 384 385 if (((map.m_flags & EXT4_MAP_BOUNDARY) && 386 (relative_block == map.m_len)) || 387 (first_hole != blocks_per_page)) { 388 submit_bio(bio); 389 bio = NULL; 390 } else 391 last_block_in_bio = blocks[blocks_per_page - 1]; 392 goto next_page; 393 confused: 394 if (bio) { 395 submit_bio(bio); 396 bio = NULL; 397 } 398 if (!PageUptodate(page)) 399 block_read_full_page(page, ext4_get_block); 400 else 401 unlock_page(page); 402 next_page: 403 if (rac) 404 put_page(page); 405 } 406 if (bio) 407 submit_bio(bio); 408 return 0; 409 } 410 411 int __init ext4_init_post_read_processing(void) 412 { 413 bio_post_read_ctx_cache = 414 kmem_cache_create("ext4_bio_post_read_ctx", 415 sizeof(struct bio_post_read_ctx), 0, 0, NULL); 416 if (!bio_post_read_ctx_cache) 417 goto fail; 418 bio_post_read_ctx_pool = 419 mempool_create_slab_pool(NUM_PREALLOC_POST_READ_CTXS, 420 bio_post_read_ctx_cache); 421 if (!bio_post_read_ctx_pool) 422 goto fail_free_cache; 423 return 0; 424 425 fail_free_cache: 426 kmem_cache_destroy(bio_post_read_ctx_cache); 427 fail: 428 return -ENOMEM; 429 } 430 431 void ext4_exit_post_read_processing(void) 432 { 433 mempool_destroy(bio_post_read_ctx_pool); 434 kmem_cache_destroy(bio_post_read_ctx_cache); 435 } 436