1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/readpage.c 4 * 5 * Copyright (C) 2002, Linus Torvalds. 6 * Copyright (C) 2015, Google, Inc. 7 * 8 * This was originally taken from fs/mpage.c 9 * 10 * The ext4_mpage_readpages() function here is intended to 11 * replace mpage_readahead() in the general case, not just for 12 * encrypted files. It has some limitations (see below), where it 13 * will fall back to read_block_full_page(), but these limitations 14 * should only be hit when page_size != block_size. 15 * 16 * This will allow us to attach a callback function to support ext4 17 * encryption. 18 * 19 * If anything unusual happens, such as: 20 * 21 * - encountering a page which has buffers 22 * - encountering a page which has a non-hole after a hole 23 * - encountering a page with non-contiguous blocks 24 * 25 * then this code just gives up and calls the buffer_head-based read function. 26 * It does handle a page which has holes at the end - that is a common case: 27 * the end-of-file on blocksize < PAGE_SIZE setups. 28 * 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/export.h> 33 #include <linux/mm.h> 34 #include <linux/kdev_t.h> 35 #include <linux/gfp.h> 36 #include <linux/bio.h> 37 #include <linux/fs.h> 38 #include <linux/buffer_head.h> 39 #include <linux/blkdev.h> 40 #include <linux/highmem.h> 41 #include <linux/prefetch.h> 42 #include <linux/mpage.h> 43 #include <linux/writeback.h> 44 #include <linux/backing-dev.h> 45 #include <linux/pagevec.h> 46 47 #include "ext4.h" 48 49 #define NUM_PREALLOC_POST_READ_CTXS 128 50 51 static struct kmem_cache *bio_post_read_ctx_cache; 52 static mempool_t *bio_post_read_ctx_pool; 53 54 /* postprocessing steps for read bios */ 55 enum bio_post_read_step { 56 STEP_INITIAL = 0, 57 STEP_DECRYPT, 58 STEP_VERITY, 59 STEP_MAX, 60 }; 61 62 struct bio_post_read_ctx { 63 struct bio *bio; 64 struct work_struct work; 65 unsigned int cur_step; 66 unsigned int enabled_steps; 67 }; 68 69 static void __read_end_io(struct bio *bio) 70 { 71 struct page *page; 72 struct bio_vec *bv; 73 struct bvec_iter_all iter_all; 74 75 bio_for_each_segment_all(bv, bio, iter_all) { 76 page = bv->bv_page; 77 78 /* PG_error was set if verity failed. */ 79 if (bio->bi_status || PageError(page)) { 80 ClearPageUptodate(page); 81 /* will re-read again later */ 82 ClearPageError(page); 83 } else { 84 SetPageUptodate(page); 85 } 86 unlock_page(page); 87 } 88 if (bio->bi_private) 89 mempool_free(bio->bi_private, bio_post_read_ctx_pool); 90 bio_put(bio); 91 } 92 93 static void bio_post_read_processing(struct bio_post_read_ctx *ctx); 94 95 static void decrypt_work(struct work_struct *work) 96 { 97 struct bio_post_read_ctx *ctx = 98 container_of(work, struct bio_post_read_ctx, work); 99 struct bio *bio = ctx->bio; 100 101 if (fscrypt_decrypt_bio(bio)) 102 bio_post_read_processing(ctx); 103 else 104 __read_end_io(bio); 105 } 106 107 static void verity_work(struct work_struct *work) 108 { 109 struct bio_post_read_ctx *ctx = 110 container_of(work, struct bio_post_read_ctx, work); 111 struct bio *bio = ctx->bio; 112 113 /* 114 * fsverity_verify_bio() may call readahead() again, and although verity 115 * will be disabled for that, decryption may still be needed, causing 116 * another bio_post_read_ctx to be allocated. So to guarantee that 117 * mempool_alloc() never deadlocks we must free the current ctx first. 118 * This is safe because verity is the last post-read step. 119 */ 120 BUILD_BUG_ON(STEP_VERITY + 1 != STEP_MAX); 121 mempool_free(ctx, bio_post_read_ctx_pool); 122 bio->bi_private = NULL; 123 124 fsverity_verify_bio(bio); 125 126 __read_end_io(bio); 127 } 128 129 static void bio_post_read_processing(struct bio_post_read_ctx *ctx) 130 { 131 /* 132 * We use different work queues for decryption and for verity because 133 * verity may require reading metadata pages that need decryption, and 134 * we shouldn't recurse to the same workqueue. 135 */ 136 switch (++ctx->cur_step) { 137 case STEP_DECRYPT: 138 if (ctx->enabled_steps & (1 << STEP_DECRYPT)) { 139 INIT_WORK(&ctx->work, decrypt_work); 140 fscrypt_enqueue_decrypt_work(&ctx->work); 141 return; 142 } 143 ctx->cur_step++; 144 fallthrough; 145 case STEP_VERITY: 146 if (ctx->enabled_steps & (1 << STEP_VERITY)) { 147 INIT_WORK(&ctx->work, verity_work); 148 fsverity_enqueue_verify_work(&ctx->work); 149 return; 150 } 151 ctx->cur_step++; 152 fallthrough; 153 default: 154 __read_end_io(ctx->bio); 155 } 156 } 157 158 static bool bio_post_read_required(struct bio *bio) 159 { 160 return bio->bi_private && !bio->bi_status; 161 } 162 163 /* 164 * I/O completion handler for multipage BIOs. 165 * 166 * The mpage code never puts partial pages into a BIO (except for end-of-file). 167 * If a page does not map to a contiguous run of blocks then it simply falls 168 * back to block_read_full_folio(). 169 * 170 * Why is this? If a page's completion depends on a number of different BIOs 171 * which can complete in any order (or at the same time) then determining the 172 * status of that page is hard. See end_buffer_async_read() for the details. 173 * There is no point in duplicating all that complexity. 174 */ 175 static void mpage_end_io(struct bio *bio) 176 { 177 if (bio_post_read_required(bio)) { 178 struct bio_post_read_ctx *ctx = bio->bi_private; 179 180 ctx->cur_step = STEP_INITIAL; 181 bio_post_read_processing(ctx); 182 return; 183 } 184 __read_end_io(bio); 185 } 186 187 static inline bool ext4_need_verity(const struct inode *inode, pgoff_t idx) 188 { 189 return fsverity_active(inode) && 190 idx < DIV_ROUND_UP(inode->i_size, PAGE_SIZE); 191 } 192 193 static void ext4_set_bio_post_read_ctx(struct bio *bio, 194 const struct inode *inode, 195 pgoff_t first_idx) 196 { 197 unsigned int post_read_steps = 0; 198 199 if (fscrypt_inode_uses_fs_layer_crypto(inode)) 200 post_read_steps |= 1 << STEP_DECRYPT; 201 202 if (ext4_need_verity(inode, first_idx)) 203 post_read_steps |= 1 << STEP_VERITY; 204 205 if (post_read_steps) { 206 /* Due to the mempool, this never fails. */ 207 struct bio_post_read_ctx *ctx = 208 mempool_alloc(bio_post_read_ctx_pool, GFP_NOFS); 209 210 ctx->bio = bio; 211 ctx->enabled_steps = post_read_steps; 212 bio->bi_private = ctx; 213 } 214 } 215 216 static inline loff_t ext4_readpage_limit(struct inode *inode) 217 { 218 if (IS_ENABLED(CONFIG_FS_VERITY) && 219 (IS_VERITY(inode) || ext4_verity_in_progress(inode))) 220 return inode->i_sb->s_maxbytes; 221 222 return i_size_read(inode); 223 } 224 225 int ext4_mpage_readpages(struct inode *inode, 226 struct readahead_control *rac, struct page *page) 227 { 228 struct bio *bio = NULL; 229 sector_t last_block_in_bio = 0; 230 231 const unsigned blkbits = inode->i_blkbits; 232 const unsigned blocks_per_page = PAGE_SIZE >> blkbits; 233 const unsigned blocksize = 1 << blkbits; 234 sector_t next_block; 235 sector_t block_in_file; 236 sector_t last_block; 237 sector_t last_block_in_file; 238 sector_t blocks[MAX_BUF_PER_PAGE]; 239 unsigned page_block; 240 struct block_device *bdev = inode->i_sb->s_bdev; 241 int length; 242 unsigned relative_block = 0; 243 struct ext4_map_blocks map; 244 unsigned int nr_pages = rac ? readahead_count(rac) : 1; 245 246 map.m_pblk = 0; 247 map.m_lblk = 0; 248 map.m_len = 0; 249 map.m_flags = 0; 250 251 for (; nr_pages; nr_pages--) { 252 int fully_mapped = 1; 253 unsigned first_hole = blocks_per_page; 254 255 if (rac) { 256 page = readahead_page(rac); 257 prefetchw(&page->flags); 258 } 259 260 if (page_has_buffers(page)) 261 goto confused; 262 263 block_in_file = next_block = 264 (sector_t)page->index << (PAGE_SHIFT - blkbits); 265 last_block = block_in_file + nr_pages * blocks_per_page; 266 last_block_in_file = (ext4_readpage_limit(inode) + 267 blocksize - 1) >> blkbits; 268 if (last_block > last_block_in_file) 269 last_block = last_block_in_file; 270 page_block = 0; 271 272 /* 273 * Map blocks using the previous result first. 274 */ 275 if ((map.m_flags & EXT4_MAP_MAPPED) && 276 block_in_file > map.m_lblk && 277 block_in_file < (map.m_lblk + map.m_len)) { 278 unsigned map_offset = block_in_file - map.m_lblk; 279 unsigned last = map.m_len - map_offset; 280 281 for (relative_block = 0; ; relative_block++) { 282 if (relative_block == last) { 283 /* needed? */ 284 map.m_flags &= ~EXT4_MAP_MAPPED; 285 break; 286 } 287 if (page_block == blocks_per_page) 288 break; 289 blocks[page_block] = map.m_pblk + map_offset + 290 relative_block; 291 page_block++; 292 block_in_file++; 293 } 294 } 295 296 /* 297 * Then do more ext4_map_blocks() calls until we are 298 * done with this page. 299 */ 300 while (page_block < blocks_per_page) { 301 if (block_in_file < last_block) { 302 map.m_lblk = block_in_file; 303 map.m_len = last_block - block_in_file; 304 305 if (ext4_map_blocks(NULL, inode, &map, 0) < 0) { 306 set_error_page: 307 SetPageError(page); 308 zero_user_segment(page, 0, 309 PAGE_SIZE); 310 unlock_page(page); 311 goto next_page; 312 } 313 } 314 if ((map.m_flags & EXT4_MAP_MAPPED) == 0) { 315 fully_mapped = 0; 316 if (first_hole == blocks_per_page) 317 first_hole = page_block; 318 page_block++; 319 block_in_file++; 320 continue; 321 } 322 if (first_hole != blocks_per_page) 323 goto confused; /* hole -> non-hole */ 324 325 /* Contiguous blocks? */ 326 if (page_block && blocks[page_block-1] != map.m_pblk-1) 327 goto confused; 328 for (relative_block = 0; ; relative_block++) { 329 if (relative_block == map.m_len) { 330 /* needed? */ 331 map.m_flags &= ~EXT4_MAP_MAPPED; 332 break; 333 } else if (page_block == blocks_per_page) 334 break; 335 blocks[page_block] = map.m_pblk+relative_block; 336 page_block++; 337 block_in_file++; 338 } 339 } 340 if (first_hole != blocks_per_page) { 341 zero_user_segment(page, first_hole << blkbits, 342 PAGE_SIZE); 343 if (first_hole == 0) { 344 if (ext4_need_verity(inode, page->index) && 345 !fsverity_verify_page(page)) 346 goto set_error_page; 347 SetPageUptodate(page); 348 unlock_page(page); 349 goto next_page; 350 } 351 } else if (fully_mapped) { 352 SetPageMappedToDisk(page); 353 } 354 355 /* 356 * This page will go to BIO. Do we need to send this 357 * BIO off first? 358 */ 359 if (bio && (last_block_in_bio != blocks[0] - 1 || 360 !fscrypt_mergeable_bio(bio, inode, next_block))) { 361 submit_and_realloc: 362 submit_bio(bio); 363 bio = NULL; 364 } 365 if (bio == NULL) { 366 /* 367 * bio_alloc will _always_ be able to allocate a bio if 368 * __GFP_DIRECT_RECLAIM is set, see bio_alloc_bioset(). 369 */ 370 bio = bio_alloc(bdev, bio_max_segs(nr_pages), 371 REQ_OP_READ, GFP_KERNEL); 372 fscrypt_set_bio_crypt_ctx(bio, inode, next_block, 373 GFP_KERNEL); 374 ext4_set_bio_post_read_ctx(bio, inode, page->index); 375 bio->bi_iter.bi_sector = blocks[0] << (blkbits - 9); 376 bio->bi_end_io = mpage_end_io; 377 if (rac) 378 bio->bi_opf |= REQ_RAHEAD; 379 } 380 381 length = first_hole << blkbits; 382 if (bio_add_page(bio, page, length, 0) < length) 383 goto submit_and_realloc; 384 385 if (((map.m_flags & EXT4_MAP_BOUNDARY) && 386 (relative_block == map.m_len)) || 387 (first_hole != blocks_per_page)) { 388 submit_bio(bio); 389 bio = NULL; 390 } else 391 last_block_in_bio = blocks[blocks_per_page - 1]; 392 goto next_page; 393 confused: 394 if (bio) { 395 submit_bio(bio); 396 bio = NULL; 397 } 398 if (!PageUptodate(page)) 399 block_read_full_folio(page_folio(page), ext4_get_block); 400 else 401 unlock_page(page); 402 next_page: 403 if (rac) 404 put_page(page); 405 } 406 if (bio) 407 submit_bio(bio); 408 return 0; 409 } 410 411 int __init ext4_init_post_read_processing(void) 412 { 413 bio_post_read_ctx_cache = 414 kmem_cache_create("ext4_bio_post_read_ctx", 415 sizeof(struct bio_post_read_ctx), 0, 0, NULL); 416 if (!bio_post_read_ctx_cache) 417 goto fail; 418 bio_post_read_ctx_pool = 419 mempool_create_slab_pool(NUM_PREALLOC_POST_READ_CTXS, 420 bio_post_read_ctx_cache); 421 if (!bio_post_read_ctx_pool) 422 goto fail_free_cache; 423 return 0; 424 425 fail_free_cache: 426 kmem_cache_destroy(bio_post_read_ctx_cache); 427 fail: 428 return -ENOMEM; 429 } 430 431 void ext4_exit_post_read_processing(void) 432 { 433 mempool_destroy(bio_post_read_ctx_pool); 434 kmem_cache_destroy(bio_post_read_ctx_cache); 435 } 436