]> git.ipfire.org Git - thirdparty/linux.git/blame - mm/shmem.c
projects / thirdparty / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tmpfs: preliminary minor tidyups
[thirdparty/linux.git] / mm / shmem.c
CommitLineData
1da177e4
LT		 1/*
2 * Resizable virtual memory filesystem for Linux.
3 *
4 * Copyright (C) 2000 Linus Torvalds.
5 * 2000 Transmeta Corp.
6 * 2000-2001 Christoph Rohland
7 * 2000-2001 SAP AG
8 * 2002 Red Hat Inc.
6922c0c7
HD		 9 * Copyright (C) 2002-2011 Hugh Dickins.
10 * Copyright (C) 2011 Google Inc.
0edd73b3 11 * Copyright (C) 2002-2005 VERITAS Software Corporation.
1da177e4
LT		 12 * Copyright (C) 2004 Andi Kleen, SuSE Labs
13 *
14 * Extended attribute support for tmpfs:
15 * Copyright (c) 2004, Luke Kenneth Casson Leighton <lkcl@lkcl.net>
16 * Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
17 *
853ac43a
MM		 18 * tiny-shmem:
19 * Copyright (c) 2004, 2008 Matt Mackall <mpm@selenic.com>
20 *
1da177e4
LT		 21 * This file is released under the GPL.
22 */
23
853ac43a
MM		 24#include <linux/fs.h>
25#include <linux/init.h>
26#include <linux/vfs.h>
27#include <linux/mount.h>
250297ed 28#include <linux/ramfs.h>
caefba17 29#include <linux/pagemap.h>
853ac43a
MM		 30#include <linux/file.h>
31#include <linux/mm.h>
b95f1b31 32#include <linux/export.h>
853ac43a 33#include <linux/swap.h>
e2e40f2c 34#include <linux/uio.h>
853ac43a
MM		 35
36static struct vfsmount *shm_mnt;
37
38#ifdef CONFIG_SHMEM
1da177e4
LT		 39/*
40 * This virtual memory filesystem is heavily based on the ramfs. It
41 * extends ramfs by the ability to use swap and honor resource limits
42 * which makes it a completely usable filesystem.
43 */
44
39f0247d 45#include <linux/xattr.h>
a5694255 46#include <linux/exportfs.h>
1c7c474c 47#include <linux/posix_acl.h>
feda821e 48#include <linux/posix_acl_xattr.h>
1da177e4 49#include <linux/mman.h>
1da177e4
LT		 50#include <linux/string.h>
51#include <linux/slab.h>
52#include <linux/backing-dev.h>
53#include <linux/shmem_fs.h>
1da177e4 54#include <linux/writeback.h>
1da177e4 55#include <linux/blkdev.h>
bda97eab 56#include <linux/pagevec.h>
41ffe5d5 57#include <linux/percpu_counter.h>
83e4fa9c 58#include <linux/falloc.h>
708e3508 59#include <linux/splice.h>
1da177e4
LT		 60#include <linux/security.h>
61#include <linux/swapops.h>
62#include <linux/mempolicy.h>
63#include <linux/namei.h>
b00dc3ad 64#include <linux/ctype.h>
304dbdb7 65#include <linux/migrate.h>
c1f60a5a 66#include <linux/highmem.h>
680d794b 67#include <linux/seq_file.h>
92562927 68#include <linux/magic.h>
9183df25 69#include <linux/syscalls.h>
40e041a2 70#include <linux/fcntl.h>
9183df25 71#include <uapi/linux/memfd.h>
304dbdb7 72
1da177e4 73#include <asm/uaccess.h>
1da177e4
LT		 74#include <asm/pgtable.h>
75
dd56b046
MG		 76#include "internal.h"
77
09cbfeaf
KS		 78#define BLOCKS_PER_PAGE (PAGE_SIZE/512)
79#define VM_ACCT(size) (PAGE_ALIGN(size) >> PAGE_SHIFT)
1da177e4 80
1da177e4
LT		 81/* Pretend that each entry is of this size in directory's i_size */
82#define BOGO_DIRENT_SIZE 20
83
69f07ec9
HD		 84/* Symlink up to this size is kmalloc'ed instead of using a swappable page */
85#define SHORT_SYMLINK_LEN 128
86
1aac1400 87/*
f00cdc6d
HD		 88 * shmem_fallocate communicates with shmem_fault or shmem_writepage via
89 * inode->i_private (with i_mutex making sure that it has only one user at
90 * a time): we would prefer not to enlarge the shmem inode just for that.
1aac1400
HD		 91 */
92struct shmem_falloc {
8e205f77 93 wait_queue_head_t *waitq; /* faults into hole wait for punch to end */
1aac1400
HD		 94 pgoff_t start; /* start of range currently being fallocated */
95 pgoff_t next; /* the next page offset to be fallocated */
96 pgoff_t nr_falloced; /* how many new pages have been fallocated */
97 pgoff_t nr_unswapped; /* how often writepage refused to swap out */
98};
99
285b2c4f 100/* Flag allocation requirements to shmem_getpage */
1da177e4 101enum sgp_type {
1da177e4
LT		 102 SGP_READ, /* don't exceed i_size, don't allocate page */
103 SGP_CACHE, /* don't exceed i_size, may allocate page */
1635f6a7
HD		 104 SGP_WRITE, /* may exceed i_size, may allocate !Uptodate page */
105 SGP_FALLOC, /* like SGP_WRITE, but make existing page Uptodate */
1da177e4
LT		 106};
107
b76db735 108#ifdef CONFIG_TMPFS
680d794b
AM		 109static unsigned long shmem_default_max_blocks(void)
110{
111 return totalram_pages / 2;
112}
113
114static unsigned long shmem_default_max_inodes(void)
115{
116 return min(totalram_pages - totalhigh_pages, totalram_pages / 2);
117}
b76db735 118#endif
680d794b 119
bde05d1c
HD		 120static bool shmem_should_replace_page(struct page *page, gfp_t gfp);
121static int shmem_replace_page(struct page **pagep, gfp_t gfp,
122 struct shmem_inode_info *info, pgoff_t index);
68da9f05
HD		 123static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
124 struct page **pagep, enum sgp_type sgp, gfp_t gfp, int *fault_type);
125
126static inline int shmem_getpage(struct inode *inode, pgoff_t index,
127 struct page **pagep, enum sgp_type sgp, int *fault_type)
128{
129 return shmem_getpage_gfp(inode, index, pagep, sgp,
130 mapping_gfp_mask(inode->i_mapping), fault_type);
131}
1da177e4 132
1da177e4
LT		 133static inline struct shmem_sb_info *SHMEM_SB(struct super_block *sb)
134{
135 return sb->s_fs_info;
136}
137
138/*
139 * shmem_file_setup pre-accounts the whole fixed size of a VM object,
140 * for shared memory and for shared anonymous (/dev/zero) mappings
141 * (unless MAP_NORESERVE and sysctl_overcommit_memory <= 1),
142 * consistent with the pre-accounting of private mappings ...
143 */
144static inline int shmem_acct_size(unsigned long flags, loff_t size)
145{
0b0a0806 146 return (flags & VM_NORESERVE) ?
191c5424 147 0 : security_vm_enough_memory_mm(current->mm, VM_ACCT(size));
1da177e4
LT		 148}
149
150static inline void shmem_unacct_size(unsigned long flags, loff_t size)
151{
0b0a0806 152 if (!(flags & VM_NORESERVE))
1da177e4
LT		 153 vm_unacct_memory(VM_ACCT(size));
154}
155
77142517
KK		 156static inline int shmem_reacct_size(unsigned long flags,
157 loff_t oldsize, loff_t newsize)
158{
159 if (!(flags & VM_NORESERVE)) {
160 if (VM_ACCT(newsize) > VM_ACCT(oldsize))
161 return security_vm_enough_memory_mm(current->mm,
162 VM_ACCT(newsize) - VM_ACCT(oldsize));
163 else if (VM_ACCT(newsize) < VM_ACCT(oldsize))
164 vm_unacct_memory(VM_ACCT(oldsize) - VM_ACCT(newsize));
165 }
166 return 0;
167}
168
1da177e4
LT		 169/*
170 * ... whereas tmpfs objects are accounted incrementally as
75edd345 171 * pages are allocated, in order to allow large sparse files.
1da177e4
LT		 172 * shmem_getpage reports shmem_acct_block failure as -ENOSPC not -ENOMEM,
173 * so that a failure on a sparse tmpfs mapping will give SIGBUS not OOM.
174 */
175static inline int shmem_acct_block(unsigned long flags)
176{
0b0a0806 177 return (flags & VM_NORESERVE) ?
09cbfeaf 178 security_vm_enough_memory_mm(current->mm, VM_ACCT(PAGE_SIZE)) : 0;
1da177e4
LT		 179}
180
181static inline void shmem_unacct_blocks(unsigned long flags, long pages)
182{
0b0a0806 183 if (flags & VM_NORESERVE)
09cbfeaf 184 vm_unacct_memory(pages * VM_ACCT(PAGE_SIZE));
1da177e4
LT		 185}
186
759b9775 187static const struct super_operations shmem_ops;
f5e54d6e 188static const struct address_space_operations shmem_aops;
15ad7cdc 189static const struct file_operations shmem_file_operations;
92e1d5be
AV		 190static const struct inode_operations shmem_inode_operations;
191static const struct inode_operations shmem_dir_inode_operations;
192static const struct inode_operations shmem_special_inode_operations;
f0f37e2f 193static const struct vm_operations_struct shmem_vm_ops;
1da177e4 194
1da177e4 195static LIST_HEAD(shmem_swaplist);
cb5f7b9a 196static DEFINE_MUTEX(shmem_swaplist_mutex);
1da177e4 197
5b04c689
PE		 198static int shmem_reserve_inode(struct super_block *sb)
199{
200 struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
201 if (sbinfo->max_inodes) {
202 spin_lock(&sbinfo->stat_lock);
203 if (!sbinfo->free_inodes) {
204 spin_unlock(&sbinfo->stat_lock);
205 return -ENOSPC;
206 }
207 sbinfo->free_inodes--;
208 spin_unlock(&sbinfo->stat_lock);
209 }
210 return 0;
211}
212
213static void shmem_free_inode(struct super_block *sb)
214{
215 struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
216 if (sbinfo->max_inodes) {
217 spin_lock(&sbinfo->stat_lock);
218 sbinfo->free_inodes++;
219 spin_unlock(&sbinfo->stat_lock);
220 }
221}
222
46711810 223/**
41ffe5d5 224 * shmem_recalc_inode - recalculate the block usage of an inode
1da177e4
LT		 225 * @inode: inode to recalc
226 *
227 * We have to calculate the free blocks since the mm can drop
228 * undirtied hole pages behind our back.
229 *
230 * But normally info->alloced == inode->i_mapping->nrpages + info->swapped
231 * So mm freed is info->alloced - (inode->i_mapping->nrpages + info->swapped)
232 *
233 * It has to be called with the spinlock held.
234 */
235static void shmem_recalc_inode(struct inode *inode)
236{
237 struct shmem_inode_info *info = SHMEM_I(inode);
238 long freed;
239
240 freed = info->alloced - info->swapped - inode->i_mapping->nrpages;
241 if (freed > 0) {
54af6042
HD		 242 struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
243 if (sbinfo->max_blocks)
244 percpu_counter_add(&sbinfo->used_blocks, -freed);
1da177e4 245 info->alloced -= freed;
54af6042 246 inode->i_blocks -= freed * BLOCKS_PER_PAGE;
1da177e4 247 shmem_unacct_blocks(info->flags, freed);
1da177e4
LT		 248 }
249}
250
7a5d0fbb
HD		 251/*
252 * Replace item expected in radix tree by a new item, while holding tree lock.
253 */
254static int shmem_radix_tree_replace(struct address_space *mapping,
255 pgoff_t index, void *expected, void *replacement)
256{
257 void **pslot;
6dbaf22c 258 void *item;
7a5d0fbb
HD		 259
260 VM_BUG_ON(!expected);
6dbaf22c 261 VM_BUG_ON(!replacement);
7a5d0fbb 262 pslot = radix_tree_lookup_slot(&mapping->page_tree, index);
6dbaf22c
JW		 263 if (!pslot)
264 return -ENOENT;
265 item = radix_tree_deref_slot_protected(pslot, &mapping->tree_lock);
7a5d0fbb
HD		 266 if (item != expected)
267 return -ENOENT;
6dbaf22c 268 radix_tree_replace_slot(pslot, replacement);
7a5d0fbb
HD		 269 return 0;
270}
271
d1899228
HD		 272/*
273 * Sometimes, before we decide whether to proceed or to fail, we must check
274 * that an entry was not already brought back from swap by a racing thread.
275 *
276 * Checking page is not enough: by the time a SwapCache page is locked, it
277 * might be reused, and again be SwapCache, using the same swap as before.
278 */
279static bool shmem_confirm_swap(struct address_space *mapping,
280 pgoff_t index, swp_entry_t swap)
281{
282 void *item;
283
284 rcu_read_lock();
285 item = radix_tree_lookup(&mapping->page_tree, index);
286 rcu_read_unlock();
287 return item == swp_to_radix_entry(swap);
288}
289
46f65ec1
HD		 290/*
291 * Like add_to_page_cache_locked, but error if expected item has gone.
292 */
293static int shmem_add_to_page_cache(struct page *page,
294 struct address_space *mapping,
fed400a1 295 pgoff_t index, void *expected)
46f65ec1 296{
b065b432 297 int error;
46f65ec1 298
309381fe
SL		 299 VM_BUG_ON_PAGE(!PageLocked(page), page);
300 VM_BUG_ON_PAGE(!PageSwapBacked(page), page);
46f65ec1 301
09cbfeaf 302 get_page(page);
b065b432
HD		 303 page->mapping = mapping;
304 page->index = index;
305
306 spin_lock_irq(&mapping->tree_lock);
46f65ec1 307 if (!expected)
b065b432
HD		 308 error = radix_tree_insert(&mapping->page_tree, index, page);
309 else
310 error = shmem_radix_tree_replace(mapping, index, expected,
311 page);
46f65ec1 312 if (!error) {
b065b432
HD		 313 mapping->nrpages++;
314 __inc_zone_page_state(page, NR_FILE_PAGES);
315 __inc_zone_page_state(page, NR_SHMEM);
316 spin_unlock_irq(&mapping->tree_lock);
317 } else {
318 page->mapping = NULL;
319 spin_unlock_irq(&mapping->tree_lock);
09cbfeaf 320 put_page(page);
46f65ec1 321 }
46f65ec1
HD		 322 return error;
323}
324
6922c0c7
HD		 325/*
326 * Like delete_from_page_cache, but substitutes swap for page.
327 */
328static void shmem_delete_from_page_cache(struct page *page, void *radswap)
329{
330 struct address_space *mapping = page->mapping;
331 int error;
332
333 spin_lock_irq(&mapping->tree_lock);
334 error = shmem_radix_tree_replace(mapping, page->index, page, radswap);
335 page->mapping = NULL;
336 mapping->nrpages--;
337 __dec_zone_page_state(page, NR_FILE_PAGES);
338 __dec_zone_page_state(page, NR_SHMEM);
339 spin_unlock_irq(&mapping->tree_lock);
09cbfeaf 340 put_page(page);
6922c0c7
HD		 341 BUG_ON(error);
342}
343
7a5d0fbb
HD		 344/*
345 * Remove swap entry from radix tree, free the swap and its page cache.
346 */
347static int shmem_free_swap(struct address_space *mapping,
348 pgoff_t index, void *radswap)
349{
6dbaf22c 350 void *old;
7a5d0fbb
HD		 351
352 spin_lock_irq(&mapping->tree_lock);
6dbaf22c 353 old = radix_tree_delete_item(&mapping->page_tree, index, radswap);
7a5d0fbb 354 spin_unlock_irq(&mapping->tree_lock);
6dbaf22c
JW		 355 if (old != radswap)
356 return -ENOENT;
357 free_swap_and_cache(radix_to_swp_entry(radswap));
358 return 0;
7a5d0fbb
HD		 359}
360
6a15a370
VB		 361/*
362 * Determine (in bytes) how many of the shmem object's pages mapped by the
48131e03 363 * given offsets are swapped out.
6a15a370
VB		 364 *
365 * This is safe to call without i_mutex or mapping->tree_lock thanks to RCU,
366 * as long as the inode doesn't go away and racy results are not a problem.
367 */
48131e03
VB		 368unsigned long shmem_partial_swap_usage(struct address_space *mapping,
369 pgoff_t start, pgoff_t end)
6a15a370 370{
6a15a370
VB		 371 struct radix_tree_iter iter;
372 void **slot;
373 struct page *page;
48131e03 374 unsigned long swapped = 0;
6a15a370
VB		 375
376 rcu_read_lock();
377
6a15a370
VB		 378 radix_tree_for_each_slot(slot, &mapping->page_tree, &iter, start) {
379 if (iter.index >= end)
380 break;
381
382 page = radix_tree_deref_slot(slot);
383
2cf938aa
MW		 384 if (radix_tree_deref_retry(page)) {
385 slot = radix_tree_iter_retry(&iter);
386 continue;
387 }
6a15a370
VB		 388
389 if (radix_tree_exceptional_entry(page))
390 swapped++;
391
392 if (need_resched()) {
393 cond_resched_rcu();
7165092f 394 slot = radix_tree_iter_next(&iter);
6a15a370
VB		 395 }
396 }
397
398 rcu_read_unlock();
399
400 return swapped << PAGE_SHIFT;
401}
402
48131e03
VB		 403/*
404 * Determine (in bytes) how many of the shmem object's pages mapped by the
405 * given vma is swapped out.
406 *
407 * This is safe to call without i_mutex or mapping->tree_lock thanks to RCU,
408 * as long as the inode doesn't go away and racy results are not a problem.
409 */
410unsigned long shmem_swap_usage(struct vm_area_struct *vma)
411{
412 struct inode *inode = file_inode(vma->vm_file);
413 struct shmem_inode_info *info = SHMEM_I(inode);
414 struct address_space *mapping = inode->i_mapping;
415 unsigned long swapped;
416
417 /* Be careful as we don't hold info->lock */
418 swapped = READ_ONCE(info->swapped);
419
420 /*
421 * The easier cases are when the shmem object has nothing in swap, or
422 * the vma maps it whole. Then we can simply use the stats that we
423 * already track.
424 */
425 if (!swapped)
426 return 0;
427
428 if (!vma->vm_pgoff && vma->vm_end - vma->vm_start >= inode->i_size)
429 return swapped << PAGE_SHIFT;
430
431 /* Here comes the more involved part */
432 return shmem_partial_swap_usage(mapping,
433 linear_page_index(vma, vma->vm_start),
434 linear_page_index(vma, vma->vm_end));
435}
436
24513264
HD		 437/*
438 * SysV IPC SHM_UNLOCK restore Unevictable pages to their evictable lists.
439 */
440void shmem_unlock_mapping(struct address_space *mapping)
441{
442 struct pagevec pvec;
443 pgoff_t indices[PAGEVEC_SIZE];
444 pgoff_t index = 0;
445
446 pagevec_init(&pvec, 0);
447 /*
448 * Minor point, but we might as well stop if someone else SHM_LOCKs it.
449 */
450 while (!mapping_unevictable(mapping)) {
451 /*
452 * Avoid pagevec_lookup(): find_get_pages() returns 0 as if it
453 * has finished, if it hits a row of PAGEVEC_SIZE swap entries.
454 */
0cd6144a
JW		 455 pvec.nr = find_get_entries(mapping, index,
456 PAGEVEC_SIZE, pvec.pages, indices);
24513264
HD		 457 if (!pvec.nr)
458 break;
459 index = indices[pvec.nr - 1] + 1;
0cd6144a 460 pagevec_remove_exceptionals(&pvec);
24513264
HD		 461 check_move_unevictable_pages(pvec.pages, pvec.nr);
462 pagevec_release(&pvec);
463 cond_resched();
464 }
7a5d0fbb
HD		 465}
466
467/*
468 * Remove range of pages and swap entries from radix tree, and free them.
1635f6a7 469 * If !unfalloc, truncate or punch hole; if unfalloc, undo failed fallocate.
7a5d0fbb 470 */
1635f6a7
HD		 471static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
472 bool unfalloc)
1da177e4 473{
285b2c4f 474 struct address_space *mapping = inode->i_mapping;
1da177e4 475 struct shmem_inode_info *info = SHMEM_I(inode);
09cbfeaf
KS		 476 pgoff_t start = (lstart + PAGE_SIZE - 1) >> PAGE_SHIFT;
477 pgoff_t end = (lend + 1) >> PAGE_SHIFT;
478 unsigned int partial_start = lstart & (PAGE_SIZE - 1);
479 unsigned int partial_end = (lend + 1) & (PAGE_SIZE - 1);
bda97eab 480 struct pagevec pvec;
7a5d0fbb
HD		 481 pgoff_t indices[PAGEVEC_SIZE];
482 long nr_swaps_freed = 0;
285b2c4f 483 pgoff_t index;
bda97eab
HD		 484 int i;
485
83e4fa9c
HD		 486 if (lend == -1)
487 end = -1; /* unsigned, so actually very big */
bda97eab
HD		 488
489 pagevec_init(&pvec, 0);
490 index = start;
83e4fa9c 491 while (index < end) {
0cd6144a
JW		 492 pvec.nr = find_get_entries(mapping, index,
493 min(end - index, (pgoff_t)PAGEVEC_SIZE),
494 pvec.pages, indices);
7a5d0fbb
HD		 495 if (!pvec.nr)
496 break;
bda97eab
HD		 497 for (i = 0; i < pagevec_count(&pvec); i++) {
498 struct page *page = pvec.pages[i];
499
7a5d0fbb 500 index = indices[i];
83e4fa9c 501 if (index >= end)
bda97eab
HD		 502 break;
503
7a5d0fbb 504 if (radix_tree_exceptional_entry(page)) {
1635f6a7
HD		 505 if (unfalloc)
506 continue;
7a5d0fbb
HD		 507 nr_swaps_freed += !shmem_free_swap(mapping,
508 index, page);
bda97eab 509 continue;
7a5d0fbb
HD		 510 }
511
512 if (!trylock_page(page))
bda97eab 513 continue;
1635f6a7
HD		 514 if (!unfalloc || !PageUptodate(page)) {
515 if (page->mapping == mapping) {
309381fe 516 VM_BUG_ON_PAGE(PageWriteback(page), page);
1635f6a7
HD		 517 truncate_inode_page(mapping, page);
518 }
bda97eab 519 }
bda97eab
HD		 520 unlock_page(page);
521 }
0cd6144a 522 pagevec_remove_exceptionals(&pvec);
24513264 523 pagevec_release(&pvec);
bda97eab
HD		 524 cond_resched();
525 index++;
526 }
1da177e4 527
83e4fa9c 528 if (partial_start) {
bda97eab
HD		 529 struct page *page = NULL;
530 shmem_getpage(inode, start - 1, &page, SGP_READ, NULL);
531 if (page) {
09cbfeaf 532 unsigned int top = PAGE_SIZE;
83e4fa9c
HD		 533 if (start > end) {
534 top = partial_end;
535 partial_end = 0;
536 }
537 zero_user_segment(page, partial_start, top);
538 set_page_dirty(page);
539 unlock_page(page);
09cbfeaf 540 put_page(page);
83e4fa9c
HD		 541 }
542 }
543 if (partial_end) {
544 struct page *page = NULL;
545 shmem_getpage(inode, end, &page, SGP_READ, NULL);
546 if (page) {
547 zero_user_segment(page, 0, partial_end);
bda97eab
HD		 548 set_page_dirty(page);
549 unlock_page(page);
09cbfeaf 550 put_page(page);
bda97eab
HD		 551 }
552 }
83e4fa9c
HD		 553 if (start >= end)
554 return;
bda97eab
HD		 555
556 index = start;
b1a36650 557 while (index < end) {
bda97eab 558 cond_resched();
0cd6144a
JW		 559
560 pvec.nr = find_get_entries(mapping, index,
83e4fa9c 561 min(end - index, (pgoff_t)PAGEVEC_SIZE),
0cd6144a 562 pvec.pages, indices);
7a5d0fbb 563 if (!pvec.nr) {
b1a36650
HD		 564 /* If all gone or hole-punch or unfalloc, we're done */
565 if (index == start || end != -1)
bda97eab 566 break;
b1a36650 567 /* But if truncating, restart to make sure all gone */
bda97eab
HD		 568 index = start;
569 continue;
570 }
bda97eab
HD		 571 for (i = 0; i < pagevec_count(&pvec); i++) {
572 struct page *page = pvec.pages[i];
573
7a5d0fbb 574 index = indices[i];
83e4fa9c 575 if (index >= end)
bda97eab
HD		 576 break;
577
7a5d0fbb 578 if (radix_tree_exceptional_entry(page)) {
1635f6a7
HD		 579 if (unfalloc)
580 continue;
b1a36650
HD		 581 if (shmem_free_swap(mapping, index, page)) {
582 /* Swap was replaced by page: retry */
583 index--;
584 break;
585 }
586 nr_swaps_freed++;
7a5d0fbb
HD		 587 continue;
588 }
589
bda97eab 590 lock_page(page);
1635f6a7
HD		 591 if (!unfalloc || !PageUptodate(page)) {
592 if (page->mapping == mapping) {
309381fe 593 VM_BUG_ON_PAGE(PageWriteback(page), page);
1635f6a7 594 truncate_inode_page(mapping, page);
b1a36650
HD		 595 } else {
596 /* Page was replaced by swap: retry */
597 unlock_page(page);
598 index--;
599 break;
1635f6a7 600 }
7a5d0fbb 601 }
bda97eab
HD		 602 unlock_page(page);
603 }
0cd6144a 604 pagevec_remove_exceptionals(&pvec);
24513264 605 pagevec_release(&pvec);
bda97eab
HD		 606 index++;
607 }
94c1e62d 608
1da177e4 609 spin_lock(&info->lock);
7a5d0fbb 610 info->swapped -= nr_swaps_freed;
1da177e4
LT		 611 shmem_recalc_inode(inode);
612 spin_unlock(&info->lock);
1635f6a7 613}
1da177e4 614
1635f6a7
HD		 615void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
616{
617 shmem_undo_range(inode, lstart, lend, false);
285b2c4f 618 inode->i_ctime = inode->i_mtime = CURRENT_TIME;
1da177e4 619}
94c1e62d 620EXPORT_SYMBOL_GPL(shmem_truncate_range);
1da177e4 621
44a30220
YZ		 622static int shmem_getattr(struct vfsmount *mnt, struct dentry *dentry,
623 struct kstat *stat)
624{
625 struct inode *inode = dentry->d_inode;
626 struct shmem_inode_info *info = SHMEM_I(inode);
627
d0424c42
HD		 628 if (info->alloced - info->swapped != inode->i_mapping->nrpages) {
629 spin_lock(&info->lock);
630 shmem_recalc_inode(inode);
631 spin_unlock(&info->lock);
632 }
44a30220 633 generic_fillattr(inode, stat);
44a30220
YZ		 634 return 0;
635}
636
94c1e62d 637static int shmem_setattr(struct dentry *dentry, struct iattr *attr)
1da177e4 638{
75c3cfa8 639 struct inode *inode = d_inode(dentry);
40e041a2 640 struct shmem_inode_info *info = SHMEM_I(inode);
1da177e4
LT		 641 int error;
642
db78b877
CH		 643 error = inode_change_ok(inode, attr);
644 if (error)
645 return error;
646
94c1e62d
HD		 647 if (S_ISREG(inode->i_mode) && (attr->ia_valid & ATTR_SIZE)) {
648 loff_t oldsize = inode->i_size;
649 loff_t newsize = attr->ia_size;
3889e6e7 650
40e041a2
DR		 651 /* protected by i_mutex */
652 if ((newsize < oldsize && (info->seals & F_SEAL_SHRINK)) ||
653 (newsize > oldsize && (info->seals & F_SEAL_GROW)))
654 return -EPERM;
655
94c1e62d 656 if (newsize != oldsize) {
77142517
KK		 657 error = shmem_reacct_size(SHMEM_I(inode)->flags,
658 oldsize, newsize);
659 if (error)
660 return error;
94c1e62d
HD		 661 i_size_write(inode, newsize);
662 inode->i_ctime = inode->i_mtime = CURRENT_TIME;
663 }
afa2db2f 664 if (newsize <= oldsize) {
94c1e62d 665 loff_t holebegin = round_up(newsize, PAGE_SIZE);
d0424c42
HD		 666 if (oldsize > holebegin)
667 unmap_mapping_range(inode->i_mapping,
668 holebegin, 0, 1);
669 if (info->alloced)
670 shmem_truncate_range(inode,
671 newsize, (loff_t)-1);
94c1e62d 672 /* unmap again to remove racily COWed private pages */
d0424c42
HD		 673 if (oldsize > holebegin)
674 unmap_mapping_range(inode->i_mapping,
675 holebegin, 0, 1);
94c1e62d 676 }
1da177e4
LT		 677 }
678
db78b877 679 setattr_copy(inode, attr);
db78b877 680 if (attr->ia_valid & ATTR_MODE)
feda821e 681 error = posix_acl_chmod(inode, inode->i_mode);
1da177e4
LT		 682 return error;
683}
684
1f895f75 685static void shmem_evict_inode(struct inode *inode)
1da177e4 686{
1da177e4
LT		 687 struct shmem_inode_info *info = SHMEM_I(inode);
688
3889e6e7 689 if (inode->i_mapping->a_ops == &shmem_aops) {
1da177e4
LT		 690 shmem_unacct_size(info->flags, inode->i_size);
691 inode->i_size = 0;
3889e6e7 692 shmem_truncate_range(inode, 0, (loff_t)-1);
1da177e4 693 if (!list_empty(&info->swaplist)) {
cb5f7b9a 694 mutex_lock(&shmem_swaplist_mutex);
1da177e4 695 list_del_init(&info->swaplist);
cb5f7b9a 696 mutex_unlock(&shmem_swaplist_mutex);
1da177e4 697 }
3ed47db3 698 }
b09e0fa4 699
38f38657 700 simple_xattrs_free(&info->xattrs);
0f3c42f5 701 WARN_ON(inode->i_blocks);
5b04c689 702 shmem_free_inode(inode->i_sb);
dbd5768f 703 clear_inode(inode);
1da177e4
LT		 704}
705
46f65ec1
HD		 706/*
707 * If swap found in inode, free it and move page from swapcache to filecache.
708 */
41ffe5d5 709static int shmem_unuse_inode(struct shmem_inode_info *info,
bde05d1c 710 swp_entry_t swap, struct page **pagep)
1da177e4 711{
285b2c4f 712 struct address_space *mapping = info->vfs_inode.i_mapping;
46f65ec1 713 void *radswap;
41ffe5d5 714 pgoff_t index;
bde05d1c
HD		 715 gfp_t gfp;
716 int error = 0;
1da177e4 717
46f65ec1 718 radswap = swp_to_radix_entry(swap);
e504f3fd 719 index = radix_tree_locate_item(&mapping->page_tree, radswap);
46f65ec1 720 if (index == -1)
00501b53 721 return -EAGAIN; /* tell shmem_unuse we found nothing */
2e0e26c7 722
1b1b32f2
HD		 723 /*
724 * Move _head_ to start search for next from here.
1f895f75 725 * But be careful: shmem_evict_inode checks list_empty without taking
1b1b32f2 726 * mutex, and there's an instant in list_move_tail when info->swaplist
285b2c4f 727 * would appear empty, if it were the only one on shmem_swaplist.
1b1b32f2
HD		 728 */
729 if (shmem_swaplist.next != &info->swaplist)
730 list_move_tail(&shmem_swaplist, &info->swaplist);
2e0e26c7 731
bde05d1c
HD		 732 gfp = mapping_gfp_mask(mapping);
733 if (shmem_should_replace_page(*pagep, gfp)) {
734 mutex_unlock(&shmem_swaplist_mutex);
735 error = shmem_replace_page(pagep, gfp, info, index);
736 mutex_lock(&shmem_swaplist_mutex);
737 /*
738 * We needed to drop mutex to make that restrictive page
0142ef6c
HD		 739 * allocation, but the inode might have been freed while we
740 * dropped it: although a racing shmem_evict_inode() cannot
741 * complete without emptying the radix_tree, our page lock
742 * on this swapcache page is not enough to prevent that -
743 * free_swap_and_cache() of our swap entry will only
744 * trylock_page(), removing swap from radix_tree whatever.
745 *
746 * We must not proceed to shmem_add_to_page_cache() if the
747 * inode has been freed, but of course we cannot rely on
748 * inode or mapping or info to check that. However, we can
749 * safely check if our swap entry is still in use (and here
750 * it can't have got reused for another page): if it's still
751 * in use, then the inode cannot have been freed yet, and we
752 * can safely proceed (if it's no longer in use, that tells
753 * nothing about the inode, but we don't need to unuse swap).
bde05d1c
HD		 754 */
755 if (!page_swapcount(*pagep))
756 error = -ENOENT;
757 }
758
d13d1443 759 /*
778dd893
HD		 760 * We rely on shmem_swaplist_mutex, not only to protect the swaplist,
761 * but also to hold up shmem_evict_inode(): so inode cannot be freed
762 * beneath us (pagelock doesn't help until the page is in pagecache).
d13d1443 763 */
bde05d1c
HD		 764 if (!error)
765 error = shmem_add_to_page_cache(*pagep, mapping, index,
fed400a1 766 radswap);
48f170fb 767 if (error != -ENOMEM) {
46f65ec1
HD		 768 /*
769 * Truncation and eviction use free_swap_and_cache(), which
770 * only does trylock page: if we raced, best clean up here.
771 */
bde05d1c
HD		 772 delete_from_swap_cache(*pagep);
773 set_page_dirty(*pagep);
46f65ec1
HD		 774 if (!error) {
775 spin_lock(&info->lock);
776 info->swapped--;
777 spin_unlock(&info->lock);
778 swap_free(swap);
779 }
1da177e4 780 }
2e0e26c7 781 return error;
1da177e4
LT		 782}
783
784/*
46f65ec1 785 * Search through swapped inodes to find and replace swap by page.
1da177e4 786 */
41ffe5d5 787int shmem_unuse(swp_entry_t swap, struct page *page)
1da177e4 788{
41ffe5d5 789 struct list_head *this, *next;
1da177e4 790 struct shmem_inode_info *info;
00501b53 791 struct mem_cgroup *memcg;
bde05d1c
HD		 792 int error = 0;
793
794 /*
795 * There's a faint possibility that swap page was replaced before
0142ef6c 796 * caller locked it: caller will come back later with the right page.
bde05d1c 797 */
0142ef6c 798 if (unlikely(!PageSwapCache(page) || page_private(page) != swap.val))
bde05d1c 799 goto out;
778dd893
HD		 800
801 /*
802 * Charge page using GFP_KERNEL while we can wait, before taking
803 * the shmem_swaplist_mutex which might hold up shmem_writepage().
804 * Charged back to the user (not to caller) when swap account is used.
778dd893 805 */
f627c2f5
KS		 806 error = mem_cgroup_try_charge(page, current->mm, GFP_KERNEL, &memcg,
807 false);
778dd893
HD		 808 if (error)
809 goto out;
46f65ec1 810 /* No radix_tree_preload: swap entry keeps a place for page in tree */
00501b53 811 error = -EAGAIN;
1da177e4 812
cb5f7b9a 813 mutex_lock(&shmem_swaplist_mutex);
41ffe5d5
HD		 814 list_for_each_safe(this, next, &shmem_swaplist) {
815 info = list_entry(this, struct shmem_inode_info, swaplist);
285b2c4f 816 if (info->swapped)
00501b53 817 error = shmem_unuse_inode(info, swap, &page);
6922c0c7
HD		 818 else
819 list_del_init(&info->swaplist);
cb5f7b9a 820 cond_resched();
00501b53 821 if (error != -EAGAIN)
778dd893 822 break;
00501b53 823 /* found nothing in this: move on to search the next */
1da177e4 824 }
cb5f7b9a 825 mutex_unlock(&shmem_swaplist_mutex);
778dd893 826
00501b53
JW		 827 if (error) {
828 if (error != -ENOMEM)
829 error = 0;
f627c2f5 830 mem_cgroup_cancel_charge(page, memcg, false);
00501b53 831 } else
f627c2f5 832 mem_cgroup_commit_charge(page, memcg, true, false);
778dd893 833out:
aaa46865 834 unlock_page(page);
09cbfeaf 835 put_page(page);
778dd893 836 return error;
1da177e4
LT		 837}
838
839/*
840 * Move the page from the page cache to the swap cache.
841 */
842static int shmem_writepage(struct page *page, struct writeback_control *wbc)
843{
844 struct shmem_inode_info *info;
1da177e4 845 struct address_space *mapping;
1da177e4 846 struct inode *inode;
6922c0c7
HD		 847 swp_entry_t swap;
848 pgoff_t index;
1da177e4
LT		 849
850 BUG_ON(!PageLocked(page));
1da177e4
LT		 851 mapping = page->mapping;
852 index = page->index;
853 inode = mapping->host;
854 info = SHMEM_I(inode);
855 if (info->flags & VM_LOCKED)
856 goto redirty;
d9fe526a 857 if (!total_swap_pages)
1da177e4
LT		 858 goto redirty;
859
d9fe526a 860 /*
97b713ba
CH		 861 * Our capabilities prevent regular writeback or sync from ever calling
862 * shmem_writepage; but a stacking filesystem might use ->writepage of
863 * its underlying filesystem, in which case tmpfs should write out to
864 * swap only in response to memory pressure, and not for the writeback
865 * threads or sync.
d9fe526a 866 */
48f170fb
HD		 867 if (!wbc->for_reclaim) {
868 WARN_ON_ONCE(1); /* Still happens? Tell us about it! */
869 goto redirty;
870 }
1635f6a7
HD		 871
872 /*
873 * This is somewhat ridiculous, but without plumbing a SWAP_MAP_FALLOC
874 * value into swapfile.c, the only way we can correctly account for a
875 * fallocated page arriving here is now to initialize it and write it.
1aac1400
HD		 876 *
877 * That's okay for a page already fallocated earlier, but if we have
878 * not yet completed the fallocation, then (a) we want to keep track
879 * of this page in case we have to undo it, and (b) it may not be a
880 * good idea to continue anyway, once we're pushing into swap. So
881 * reactivate the page, and let shmem_fallocate() quit when too many.
1635f6a7
HD		 882 */
883 if (!PageUptodate(page)) {
1aac1400
HD		 884 if (inode->i_private) {
885 struct shmem_falloc *shmem_falloc;
886 spin_lock(&inode->i_lock);
887 shmem_falloc = inode->i_private;
888 if (shmem_falloc &&
8e205f77 889 !shmem_falloc->waitq &&
1aac1400
HD		 890 index >= shmem_falloc->start &&
891 index < shmem_falloc->next)
892 shmem_falloc->nr_unswapped++;
893 else
894 shmem_falloc = NULL;
895 spin_unlock(&inode->i_lock);
896 if (shmem_falloc)
897 goto redirty;
898 }
1635f6a7
HD		 899 clear_highpage(page);
900 flush_dcache_page(page);
901 SetPageUptodate(page);
902 }
903
48f170fb
HD		 904 swap = get_swap_page();
905 if (!swap.val)
906 goto redirty;
d9fe526a 907
37e84351
VD		 908 if (mem_cgroup_try_charge_swap(page, swap))
909 goto free_swap;
910
b1dea800
HD		 911 /*
912 * Add inode to shmem_unuse()'s list of swapped-out inodes,
6922c0c7
HD		 913 * if it's not already there. Do it now before the page is
914 * moved to swap cache, when its pagelock no longer protects
b1dea800 915 * the inode from eviction. But don't unlock the mutex until
6922c0c7
HD		 916 * we've incremented swapped, because shmem_unuse_inode() will
917 * prune a !swapped inode from the swaplist under this mutex.
b1dea800 918 */
48f170fb
HD		 919 mutex_lock(&shmem_swaplist_mutex);
920 if (list_empty(&info->swaplist))
921 list_add_tail(&info->swaplist, &shmem_swaplist);
b1dea800 922
48f170fb 923 if (add_to_swap_cache(page, swap, GFP_ATOMIC) == 0) {
6922c0c7 924 spin_lock(&info->lock);
6922c0c7 925 shmem_recalc_inode(inode);
267a4c76 926 info->swapped++;
826267cf 927 spin_unlock(&info->lock);
6922c0c7 928
267a4c76
HD		 929 swap_shmem_alloc(swap);
930 shmem_delete_from_page_cache(page, swp_to_radix_entry(swap));
931
6922c0c7 932 mutex_unlock(&shmem_swaplist_mutex);
d9fe526a 933 BUG_ON(page_mapped(page));
9fab5619 934 swap_writepage(page, wbc);
1da177e4
LT		 935 return 0;
936 }
937
6922c0c7 938 mutex_unlock(&shmem_swaplist_mutex);
37e84351 939free_swap:
0a31bc97 940 swapcache_free(swap);
1da177e4
LT		 941redirty:
942 set_page_dirty(page);
d9fe526a
HD		 943 if (wbc->for_reclaim)
944 return AOP_WRITEPAGE_ACTIVATE; /* Return with page locked */
945 unlock_page(page);
946 return 0;
1da177e4
LT		 947}
948
75edd345 949#if defined(CONFIG_NUMA) && defined(CONFIG_TMPFS)
71fe804b 950static void shmem_show_mpol(struct seq_file *seq, struct mempolicy *mpol)
680d794b 951{
095f1fc4 952 char buffer[64];
680d794b 953
71fe804b 954 if (!mpol || mpol->mode == MPOL_DEFAULT)
095f1fc4 955 return; /* show nothing */
680d794b 956
a7a88b23 957 mpol_to_str(buffer, sizeof(buffer), mpol);
095f1fc4
LS		 958
959 seq_printf(seq, ",mpol=%s", buffer);
680d794b 960}
71fe804b
LS		 961
962static struct mempolicy *shmem_get_sbmpol(struct shmem_sb_info *sbinfo)
963{
964 struct mempolicy *mpol = NULL;
965 if (sbinfo->mpol) {
966 spin_lock(&sbinfo->stat_lock); /* prevent replace/use races */
967 mpol = sbinfo->mpol;
968 mpol_get(mpol);
969 spin_unlock(&sbinfo->stat_lock);
970 }
971 return mpol;
972}
75edd345
HD		 973#else /* !CONFIG_NUMA || !CONFIG_TMPFS */
974static inline void shmem_show_mpol(struct seq_file *seq, struct mempolicy *mpol)
975{
976}
977static inline struct mempolicy *shmem_get_sbmpol(struct shmem_sb_info *sbinfo)
978{
979 return NULL;
980}
981#endif /* CONFIG_NUMA && CONFIG_TMPFS */
982#ifndef CONFIG_NUMA
983#define vm_policy vm_private_data
984#endif
680d794b 985
41ffe5d5
HD		 986static struct page *shmem_swapin(swp_entry_t swap, gfp_t gfp,
987 struct shmem_inode_info *info, pgoff_t index)
1da177e4 988{
1da177e4 989 struct vm_area_struct pvma;
18a2f371 990 struct page *page;
52cd3b07 991
1da177e4 992 /* Create a pseudo vma that just contains the policy */
c4cc6d07 993 pvma.vm_start = 0;
09c231cb
NZ		 994 /* Bias interleave by inode number to distribute better across nodes */
995 pvma.vm_pgoff = index + info->vfs_inode.i_ino;
c4cc6d07 996 pvma.vm_ops = NULL;
18a2f371
MG		 997 pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, index);
998
999 page = swapin_readahead(swap, gfp, &pvma, 0);
1000
1001 /* Drop reference taken by mpol_shared_policy_lookup() */
1002 mpol_cond_put(pvma.vm_policy);
1003
1004 return page;
1da177e4
LT		 1005}
1006
02098fea 1007static struct page *shmem_alloc_page(gfp_t gfp,
41ffe5d5 1008 struct shmem_inode_info *info, pgoff_t index)
1da177e4
LT		 1009{
1010 struct vm_area_struct pvma;
18a2f371 1011 struct page *page;
1da177e4 1012
c4cc6d07
HD		 1013 /* Create a pseudo vma that just contains the policy */
1014 pvma.vm_start = 0;
09c231cb
NZ		 1015 /* Bias interleave by inode number to distribute better across nodes */
1016 pvma.vm_pgoff = index + info->vfs_inode.i_ino;
c4cc6d07 1017 pvma.vm_ops = NULL;
41ffe5d5 1018 pvma.vm_policy = mpol_shared_policy_lookup(&info->policy, index);
52cd3b07 1019
75edd345
HD		 1020 page = alloc_pages_vma(gfp, 0, &pvma, 0, numa_node_id(), false);
1021 if (page) {
1022 __SetPageLocked(page);
1023 __SetPageSwapBacked(page);
1024 }
18a2f371
MG		 1025
1026 /* Drop reference taken by mpol_shared_policy_lookup() */
1027 mpol_cond_put(pvma.vm_policy);
1028
1029 return page;
1da177e4 1030}
71fe804b 1031
bde05d1c
HD		 1032/*
1033 * When a page is moved from swapcache to shmem filecache (either by the
1034 * usual swapin of shmem_getpage_gfp(), or by the less common swapoff of
1035 * shmem_unuse_inode()), it may have been read in earlier from swap, in
1036 * ignorance of the mapping it belongs to. If that mapping has special
1037 * constraints (like the gma500 GEM driver, which requires RAM below 4GB),
1038 * we may need to copy to a suitable page before moving to filecache.
1039 *
1040 * In a future release, this may well be extended to respect cpuset and
1041 * NUMA mempolicy, and applied also to anonymous pages in do_swap_page();
1042 * but for now it is a simple matter of zone.
1043 */
1044static bool shmem_should_replace_page(struct page *page, gfp_t gfp)
1045{
1046 return page_zonenum(page) > gfp_zone(gfp);
1047}
1048
1049static int shmem_replace_page(struct page **pagep, gfp_t gfp,
1050 struct shmem_inode_info *info, pgoff_t index)
1051{
1052 struct page *oldpage, *newpage;
1053 struct address_space *swap_mapping;
1054 pgoff_t swap_index;
1055 int error;
1056
1057 oldpage = *pagep;
1058 swap_index = page_private(oldpage);
1059 swap_mapping = page_mapping(oldpage);
1060
1061 /*
1062 * We have arrived here because our zones are constrained, so don't
1063 * limit chance of success by further cpuset and node constraints.
1064 */
1065 gfp &= ~GFP_CONSTRAINT_MASK;
1066 newpage = shmem_alloc_page(gfp, info, index);
1067 if (!newpage)
1068 return -ENOMEM;
bde05d1c 1069
09cbfeaf 1070 get_page(newpage);
bde05d1c 1071 copy_highpage(newpage, oldpage);
0142ef6c 1072 flush_dcache_page(newpage);
bde05d1c 1073
bde05d1c 1074 SetPageUptodate(newpage);
bde05d1c 1075 set_page_private(newpage, swap_index);
bde05d1c
HD		 1076 SetPageSwapCache(newpage);
1077
1078 /*
1079 * Our caller will very soon move newpage out of swapcache, but it's
1080 * a nice clean interface for us to replace oldpage by newpage there.
1081 */
1082 spin_lock_irq(&swap_mapping->tree_lock);
1083 error = shmem_radix_tree_replace(swap_mapping, swap_index, oldpage,
1084 newpage);
0142ef6c
HD		 1085 if (!error) {
1086 __inc_zone_page_state(newpage, NR_FILE_PAGES);
1087 __dec_zone_page_state(oldpage, NR_FILE_PAGES);
1088 }
bde05d1c 1089 spin_unlock_irq(&swap_mapping->tree_lock);
bde05d1c 1090
0142ef6c
HD		 1091 if (unlikely(error)) {
1092 /*
1093 * Is this possible? I think not, now that our callers check
1094 * both PageSwapCache and page_private after getting page lock;
1095 * but be defensive. Reverse old to newpage for clear and free.
1096 */
1097 oldpage = newpage;
1098 } else {
6a93ca8f 1099 mem_cgroup_migrate(oldpage, newpage);
0142ef6c
HD		 1100 lru_cache_add_anon(newpage);
1101 *pagep = newpage;
1102 }
bde05d1c
HD		 1103
1104 ClearPageSwapCache(oldpage);
1105 set_page_private(oldpage, 0);
1106
1107 unlock_page(oldpage);
09cbfeaf
KS		 1108 put_page(oldpage);
1109 put_page(oldpage);
0142ef6c 1110 return error;
bde05d1c
HD		 1111}
1112
1da177e4 1113/*
68da9f05 1114 * shmem_getpage_gfp - find page in cache, or get from swap, or allocate
1da177e4
LT		 1115 *
1116 * If we allocate a new one we do not mark it dirty. That's up to the
1117 * vm. If we swap it in we mark it dirty since we also free the swap
1118 * entry since a page cannot live in both the swap and page cache
1119 */
41ffe5d5 1120static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
68da9f05 1121 struct page **pagep, enum sgp_type sgp, gfp_t gfp, int *fault_type)
1da177e4
LT		 1122{
1123 struct address_space *mapping = inode->i_mapping;
54af6042 1124 struct shmem_inode_info *info;
1da177e4 1125 struct shmem_sb_info *sbinfo;
00501b53 1126 struct mem_cgroup *memcg;
27ab7006 1127 struct page *page;
1da177e4
LT		 1128 swp_entry_t swap;
1129 int error;
54af6042 1130 int once = 0;
1635f6a7 1131 int alloced = 0;
1da177e4 1132
09cbfeaf 1133 if (index > (MAX_LFS_FILESIZE >> PAGE_SHIFT))
1da177e4 1134 return -EFBIG;
1da177e4 1135repeat:
54af6042 1136 swap.val = 0;
0cd6144a 1137 page = find_lock_entry(mapping, index);
54af6042
HD		 1138 if (radix_tree_exceptional_entry(page)) {
1139 swap = radix_to_swp_entry(page);
1140 page = NULL;
1141 }
1142
75edd345 1143 if (sgp <= SGP_CACHE &&
09cbfeaf 1144 ((loff_t)index << PAGE_SHIFT) >= i_size_read(inode)) {
54af6042 1145 error = -EINVAL;
267a4c76 1146 goto unlock;
54af6042
HD		 1147 }
1148
66d2f4d2
HD		 1149 if (page && sgp == SGP_WRITE)
1150 mark_page_accessed(page);
1151
1635f6a7
HD		 1152 /* fallocated page? */
1153 if (page && !PageUptodate(page)) {
1154 if (sgp != SGP_READ)
1155 goto clear;
1156 unlock_page(page);
09cbfeaf 1157 put_page(page);
1635f6a7
HD		 1158 page = NULL;
1159 }
54af6042 1160 if (page || (sgp == SGP_READ && !swap.val)) {
54af6042
HD		 1161 *pagep = page;
1162 return 0;
27ab7006
HD		 1163 }
1164
1165 /*
54af6042
HD		 1166 * Fast cache lookup did not find it:
1167 * bring it back from swap or allocate.
27ab7006 1168 */
54af6042
HD		 1169 info = SHMEM_I(inode);
1170 sbinfo = SHMEM_SB(inode->i_sb);
1da177e4 1171
1da177e4
LT		 1172 if (swap.val) {
1173 /* Look it up and read it in.. */
27ab7006
HD		 1174 page = lookup_swap_cache(swap);
1175 if (!page) {
1da177e4 1176 /* here we actually do the io */
68da9f05
HD		 1177 if (fault_type)
1178 *fault_type |= VM_FAULT_MAJOR;
41ffe5d5 1179 page = shmem_swapin(swap, gfp, info, index);
27ab7006 1180 if (!page) {
54af6042
HD		 1181 error = -ENOMEM;
1182 goto failed;
1da177e4 1183 }
1da177e4
LT		 1184 }
1185
1186 /* We have to do this with page locked to prevent races */
54af6042 1187 lock_page(page);
0142ef6c 1188 if (!PageSwapCache(page) || page_private(page) != swap.val ||
d1899228 1189 !shmem_confirm_swap(mapping, index, swap)) {
bde05d1c 1190 error = -EEXIST; /* try again */
d1899228 1191 goto unlock;
bde05d1c 1192 }
27ab7006 1193 if (!PageUptodate(page)) {
1da177e4 1194 error = -EIO;
54af6042 1195 goto failed;
1da177e4 1196 }
54af6042
HD		 1197 wait_on_page_writeback(page);
1198
bde05d1c
HD		 1199 if (shmem_should_replace_page(page, gfp)) {
1200 error = shmem_replace_page(&page, gfp, info, index);
1201 if (error)
1202 goto failed;
1da177e4 1203 }
27ab7006 1204
f627c2f5
KS		 1205 error = mem_cgroup_try_charge(page, current->mm, gfp, &memcg,
1206 false);
d1899228 1207 if (!error) {
aa3b1895 1208 error = shmem_add_to_page_cache(page, mapping, index,
fed400a1 1209 swp_to_radix_entry(swap));
215c02bc
HD		 1210 /*
1211 * We already confirmed swap under page lock, and make
1212 * no memory allocation here, so usually no possibility
1213 * of error; but free_swap_and_cache() only trylocks a
1214 * page, so it is just possible that the entry has been
1215 * truncated or holepunched since swap was confirmed.
1216 * shmem_undo_range() will have done some of the
1217 * unaccounting, now delete_from_swap_cache() will do
93aa7d95 1218 * the rest.
215c02bc
HD		 1219 * Reset swap.val? No, leave it so "failed" goes back to
1220 * "repeat": reading a hole and writing should succeed.
1221 */
00501b53 1222 if (error) {
f627c2f5 1223 mem_cgroup_cancel_charge(page, memcg, false);
215c02bc 1224 delete_from_swap_cache(page);
00501b53 1225 }
d1899228 1226 }
54af6042
HD		 1227 if (error)
1228 goto failed;
1229
f627c2f5 1230 mem_cgroup_commit_charge(page, memcg, true, false);
00501b53 1231
54af6042 1232 spin_lock(&info->lock);
285b2c4f 1233 info->swapped--;
54af6042 1234 shmem_recalc_inode(inode);
27ab7006 1235 spin_unlock(&info->lock);
54af6042 1236
66d2f4d2
HD		 1237 if (sgp == SGP_WRITE)
1238 mark_page_accessed(page);
1239
54af6042 1240 delete_from_swap_cache(page);
27ab7006
HD		 1241 set_page_dirty(page);
1242 swap_free(swap);
1243
54af6042
HD		 1244 } else {
1245 if (shmem_acct_block(info->flags)) {
1246 error = -ENOSPC;
1247 goto failed;
1da177e4 1248 }
0edd73b3 1249 if (sbinfo->max_blocks) {
fc5da22a 1250 if (percpu_counter_compare(&sbinfo->used_blocks,
54af6042
HD		 1251 sbinfo->max_blocks) >= 0) {
1252 error = -ENOSPC;
1253 goto unacct;
1254 }
7e496299 1255 percpu_counter_inc(&sbinfo->used_blocks);
54af6042 1256 }
1da177e4 1257
54af6042
HD		 1258 page = shmem_alloc_page(gfp, info, index);
1259 if (!page) {
1260 error = -ENOMEM;
1261 goto decused;
1da177e4 1262 }
66d2f4d2 1263 if (sgp == SGP_WRITE)
eb39d618 1264 __SetPageReferenced(page);
66d2f4d2 1265
f627c2f5
KS		 1266 error = mem_cgroup_try_charge(page, current->mm, gfp, &memcg,
1267 false);
54af6042
HD		 1268 if (error)
1269 goto decused;
5e4c0d97 1270 error = radix_tree_maybe_preload(gfp & GFP_RECLAIM_MASK);
b065b432
HD		 1271 if (!error) {
1272 error = shmem_add_to_page_cache(page, mapping, index,
fed400a1 1273 NULL);
b065b432
HD		 1274 radix_tree_preload_end();
1275 }
1276 if (error) {
f627c2f5 1277 mem_cgroup_cancel_charge(page, memcg, false);
b065b432
HD		 1278 goto decused;
1279 }
f627c2f5 1280 mem_cgroup_commit_charge(page, memcg, false, false);
54af6042
HD		 1281 lru_cache_add_anon(page);
1282
1283 spin_lock(&info->lock);
1da177e4 1284 info->alloced++;
54af6042
HD		 1285 inode->i_blocks += BLOCKS_PER_PAGE;
1286 shmem_recalc_inode(inode);
1da177e4 1287 spin_unlock(&info->lock);
1635f6a7 1288 alloced = true;
54af6042 1289
ec9516fb 1290 /*
1635f6a7
HD		 1291 * Let SGP_FALLOC use the SGP_WRITE optimization on a new page.
1292 */
1293 if (sgp == SGP_FALLOC)
1294 sgp = SGP_WRITE;
1295clear:
1296 /*
1297 * Let SGP_WRITE caller clear ends if write does not fill page;
1298 * but SGP_FALLOC on a page fallocated earlier must initialize
1299 * it now, lest undo on failure cancel our earlier guarantee.
ec9516fb
HD		 1300 */
1301 if (sgp != SGP_WRITE) {
1302 clear_highpage(page);
1303 flush_dcache_page(page);
1304 SetPageUptodate(page);
1305 }
1da177e4 1306 }
bde05d1c 1307
54af6042 1308 /* Perhaps the file has been truncated since we checked */
75edd345 1309 if (sgp <= SGP_CACHE &&
09cbfeaf 1310 ((loff_t)index << PAGE_SHIFT) >= i_size_read(inode)) {
267a4c76
HD		 1311 if (alloced) {
1312 ClearPageDirty(page);
1313 delete_from_page_cache(page);
1314 spin_lock(&info->lock);
1315 shmem_recalc_inode(inode);
1316 spin_unlock(&info->lock);
1317 }
54af6042 1318 error = -EINVAL;
267a4c76 1319 goto unlock;
e83c32e8 1320 }
54af6042
HD		 1321 *pagep = page;
1322 return 0;
1da177e4 1323
59a16ead 1324 /*
54af6042 1325 * Error recovery.
59a16ead 1326 */
54af6042
HD		 1327decused:
1328 if (sbinfo->max_blocks)
1329 percpu_counter_add(&sbinfo->used_blocks, -1);
1330unacct:
1331 shmem_unacct_blocks(info->flags, 1);
1332failed:
267a4c76 1333 if (swap.val && !shmem_confirm_swap(mapping, index, swap))
d1899228
HD		 1334 error = -EEXIST;
1335unlock:
27ab7006 1336 if (page) {
54af6042 1337 unlock_page(page);
09cbfeaf 1338 put_page(page);
54af6042
HD		 1339 }
1340 if (error == -ENOSPC && !once++) {
1341 info = SHMEM_I(inode);
1342 spin_lock(&info->lock);
1343 shmem_recalc_inode(inode);
1344 spin_unlock(&info->lock);
27ab7006 1345 goto repeat;
ff36b801 1346 }
d1899228 1347 if (error == -EEXIST) /* from above or from radix_tree_insert */
54af6042
HD		 1348 goto repeat;
1349 return error;
1da177e4
LT		 1350}
1351
d0217ac0 1352static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
1da177e4 1353{
496ad9aa 1354 struct inode *inode = file_inode(vma->vm_file);
1da177e4 1355 int error;
68da9f05 1356 int ret = VM_FAULT_LOCKED;
1da177e4 1357
f00cdc6d
HD		 1358 /*
1359 * Trinity finds that probing a hole which tmpfs is punching can
1360 * prevent the hole-punch from ever completing: which in turn
1361 * locks writers out with its hold on i_mutex. So refrain from
8e205f77
HD		 1362 * faulting pages into the hole while it's being punched. Although
1363 * shmem_undo_range() does remove the additions, it may be unable to
1364 * keep up, as each new page needs its own unmap_mapping_range() call,
1365 * and the i_mmap tree grows ever slower to scan if new vmas are added.
1366 *
1367 * It does not matter if we sometimes reach this check just before the
1368 * hole-punch begins, so that one fault then races with the punch:
1369 * we just need to make racing faults a rare case.
1370 *
1371 * The implementation below would be much simpler if we just used a
1372 * standard mutex or completion: but we cannot take i_mutex in fault,
1373 * and bloating every shmem inode for this unlikely case would be sad.
f00cdc6d
HD		 1374 */
1375 if (unlikely(inode->i_private)) {
1376 struct shmem_falloc *shmem_falloc;
1377
1378 spin_lock(&inode->i_lock);
1379 shmem_falloc = inode->i_private;
8e205f77
HD		 1380 if (shmem_falloc &&
1381 shmem_falloc->waitq &&
1382 vmf->pgoff >= shmem_falloc->start &&
1383 vmf->pgoff < shmem_falloc->next) {
1384 wait_queue_head_t *shmem_falloc_waitq;
1385 DEFINE_WAIT(shmem_fault_wait);
1386
1387 ret = VM_FAULT_NOPAGE;
f00cdc6d
HD		 1388 if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
1389 !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
8e205f77 1390 /* It's polite to up mmap_sem if we can */
f00cdc6d 1391 up_read(&vma->vm_mm->mmap_sem);
8e205f77 1392 ret = VM_FAULT_RETRY;
f00cdc6d 1393 }
8e205f77
HD		 1394
1395 shmem_falloc_waitq = shmem_falloc->waitq;
1396 prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait,
1397 TASK_UNINTERRUPTIBLE);
1398 spin_unlock(&inode->i_lock);
1399 schedule();
1400
1401 /*
1402 * shmem_falloc_waitq points into the shmem_fallocate()
1403 * stack of the hole-punching task: shmem_falloc_waitq
1404 * is usually invalid by the time we reach here, but
1405 * finish_wait() does not dereference it in that case;
1406 * though i_lock needed lest racing with wake_up_all().
1407 */
1408 spin_lock(&inode->i_lock);
1409 finish_wait(shmem_falloc_waitq, &shmem_fault_wait);
1410 spin_unlock(&inode->i_lock);
1411 return ret;
f00cdc6d 1412 }
8e205f77 1413 spin_unlock(&inode->i_lock);
f00cdc6d
HD		 1414 }
1415
27d54b39 1416 error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret);
d0217ac0
NP		 1417 if (error)
1418 return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS);
68da9f05 1419
456f998e
YH		 1420 if (ret & VM_FAULT_MAJOR) {
1421 count_vm_event(PGMAJFAULT);
1422 mem_cgroup_count_vm_event(vma->vm_mm, PGMAJFAULT);
1423 }
68da9f05 1424 return ret;
1da177e4
LT		 1425}
1426
1da177e4 1427#ifdef CONFIG_NUMA
41ffe5d5 1428static int shmem_set_policy(struct vm_area_struct *vma, struct mempolicy *mpol)
1da177e4 1429{
496ad9aa 1430 struct inode *inode = file_inode(vma->vm_file);
41ffe5d5 1431 return mpol_set_shared_policy(&SHMEM_I(inode)->policy, vma, mpol);
1da177e4
LT		 1432}
1433
d8dc74f2
AB		 1434static struct mempolicy *shmem_get_policy(struct vm_area_struct *vma,
1435 unsigned long addr)
1da177e4 1436{
496ad9aa 1437 struct inode *inode = file_inode(vma->vm_file);
41ffe5d5 1438 pgoff_t index;
1da177e4 1439
41ffe5d5
HD		 1440 index = ((addr - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
1441 return mpol_shared_policy_lookup(&SHMEM_I(inode)->policy, index);
1da177e4
LT		 1442}
1443#endif
1444
1445int shmem_lock(struct file *file, int lock, struct user_struct *user)
1446{
496ad9aa 1447 struct inode *inode = file_inode(file);
1da177e4
LT		 1448 struct shmem_inode_info *info = SHMEM_I(inode);
1449 int retval = -ENOMEM;
1450
1451 spin_lock(&info->lock);
1452 if (lock && !(info->flags & VM_LOCKED)) {
1453 if (!user_shm_lock(inode->i_size, user))
1454 goto out_nomem;
1455 info->flags |= VM_LOCKED;
89e004ea 1456 mapping_set_unevictable(file->f_mapping);
1da177e4
LT		 1457 }
1458 if (!lock && (info->flags & VM_LOCKED) && user) {
1459 user_shm_unlock(inode->i_size, user);
1460 info->flags &= ~VM_LOCKED;
89e004ea 1461 mapping_clear_unevictable(file->f_mapping);
1da177e4
LT		 1462 }
1463 retval = 0;
89e004ea 1464
1da177e4
LT		 1465out_nomem:
1466 spin_unlock(&info->lock);
1467 return retval;
1468}
1469
9b83a6a8 1470static int shmem_mmap(struct file *file, struct vm_area_struct *vma)
1da177e4
LT		 1471{
1472 file_accessed(file);
1473 vma->vm_ops = &shmem_vm_ops;
1474 return 0;
1475}
1476
454abafe 1477static struct inode *shmem_get_inode(struct super_block *sb, const struct inode *dir,
09208d15 1478 umode_t mode, dev_t dev, unsigned long flags)
1da177e4
LT		 1479{
1480 struct inode *inode;
1481 struct shmem_inode_info *info;
1482 struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
1483
5b04c689
PE		 1484 if (shmem_reserve_inode(sb))
1485 return NULL;
1da177e4
LT		 1486
1487 inode = new_inode(sb);
1488 if (inode) {
85fe4025 1489 inode->i_ino = get_next_ino();
454abafe 1490 inode_init_owner(inode, dir, mode);
1da177e4 1491 inode->i_blocks = 0;
1da177e4 1492 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
91828a40 1493 inode->i_generation = get_seconds();
1da177e4
LT		 1494 info = SHMEM_I(inode);
1495 memset(info, 0, (char *)inode - (char *)info);
1496 spin_lock_init(&info->lock);
40e041a2 1497 info->seals = F_SEAL_SEAL;
0b0a0806 1498 info->flags = flags & VM_NORESERVE;
1da177e4 1499 INIT_LIST_HEAD(&info->swaplist);
38f38657 1500 simple_xattrs_init(&info->xattrs);
72c04902 1501 cache_no_acl(inode);
1da177e4
LT		 1502
1503 switch (mode & S_IFMT) {
1504 default:
39f0247d 1505 inode->i_op = &shmem_special_inode_operations;
1da177e4
LT		 1506 init_special_inode(inode, mode, dev);
1507 break;
1508 case S_IFREG:
14fcc23f 1509 inode->i_mapping->a_ops = &shmem_aops;
1da177e4
LT		 1510 inode->i_op = &shmem_inode_operations;
1511 inode->i_fop = &shmem_file_operations;
71fe804b
LS		 1512 mpol_shared_policy_init(&info->policy,
1513 shmem_get_sbmpol(sbinfo));
1da177e4
LT		 1514 break;
1515 case S_IFDIR:
d8c76e6f 1516 inc_nlink(inode);
1da177e4
LT		 1517 /* Some things misbehave if size == 0 on a directory */
1518 inode->i_size = 2 * BOGO_DIRENT_SIZE;
1519 inode->i_op = &shmem_dir_inode_operations;
1520 inode->i_fop = &simple_dir_operations;
1521 break;
1522 case S_IFLNK:
1523 /*
1524 * Must not load anything in the rbtree,
1525 * mpol_free_shared_policy will not be called.
1526 */
71fe804b 1527 mpol_shared_policy_init(&info->policy, NULL);
1da177e4
LT		 1528 break;
1529 }
5b04c689
PE		 1530 } else
1531 shmem_free_inode(sb);
1da177e4
LT		 1532 return inode;
1533}
1534
0cd6144a
JW		 1535bool shmem_mapping(struct address_space *mapping)
1536{
f0774d88
SL		 1537 if (!mapping->host)
1538 return false;
1539
97b713ba 1540 return mapping->host->i_sb->s_op == &shmem_ops;
0cd6144a
JW		 1541}
1542
1da177e4 1543#ifdef CONFIG_TMPFS
92e1d5be 1544static const struct inode_operations shmem_symlink_inode_operations;
69f07ec9 1545static const struct inode_operations shmem_short_symlink_operations;
1da177e4 1546
6d9d88d0
JS		 1547#ifdef CONFIG_TMPFS_XATTR
1548static int shmem_initxattrs(struct inode *, const struct xattr *, void *);
1549#else
1550#define shmem_initxattrs NULL
1551#endif
1552
1da177e4 1553static int
800d15a5
NP		 1554shmem_write_begin(struct file *file, struct address_space *mapping,
1555 loff_t pos, unsigned len, unsigned flags,
1556 struct page **pagep, void **fsdata)
1da177e4 1557{
800d15a5 1558 struct inode *inode = mapping->host;
40e041a2 1559 struct shmem_inode_info *info = SHMEM_I(inode);
09cbfeaf 1560 pgoff_t index = pos >> PAGE_SHIFT;
40e041a2
DR		 1561
1562 /* i_mutex is held by caller */
1563 if (unlikely(info->seals)) {
1564 if (info->seals & F_SEAL_WRITE)
1565 return -EPERM;
1566 if ((info->seals & F_SEAL_GROW) && pos + len > inode->i_size)
1567 return -EPERM;
1568 }
1569
66d2f4d2 1570 return shmem_getpage(inode, index, pagep, SGP_WRITE, NULL);
800d15a5
NP		 1571}
1572
1573static int
1574shmem_write_end(struct file *file, struct address_space *mapping,
1575 loff_t pos, unsigned len, unsigned copied,
1576 struct page *page, void *fsdata)
1577{
1578 struct inode *inode = mapping->host;
1579
d3602444
HD		 1580 if (pos + copied > inode->i_size)
1581 i_size_write(inode, pos + copied);
1582
ec9516fb 1583 if (!PageUptodate(page)) {
09cbfeaf
KS		 1584 if (copied < PAGE_SIZE) {
1585 unsigned from = pos & (PAGE_SIZE - 1);
ec9516fb 1586 zero_user_segments(page, 0, from,
09cbfeaf 1587 from + copied, PAGE_SIZE);
ec9516fb
HD		 1588 }
1589 SetPageUptodate(page);
1590 }
800d15a5 1591 set_page_dirty(page);
6746aff7 1592 unlock_page(page);
09cbfeaf 1593 put_page(page);
800d15a5 1594
800d15a5 1595 return copied;
1da177e4
LT		 1596}
1597
2ba5bbed 1598static ssize_t shmem_file_read_iter(struct kiocb *iocb, struct iov_iter *to)
1da177e4 1599{
6e58e79d
AV		 1600 struct file *file = iocb->ki_filp;
1601 struct inode *inode = file_inode(file);
1da177e4 1602 struct address_space *mapping = inode->i_mapping;
41ffe5d5
HD		 1603 pgoff_t index;
1604 unsigned long offset;
a0ee5ec5 1605 enum sgp_type sgp = SGP_READ;
f7c1d074 1606 int error = 0;
cb66a7a1 1607 ssize_t retval = 0;
6e58e79d 1608 loff_t *ppos = &iocb->ki_pos;
a0ee5ec5
HD		 1609
1610 /*
1611 * Might this read be for a stacking filesystem? Then when reading
1612 * holes of a sparse file, we actually need to allocate those pages,
1613 * and even mark them dirty, so it cannot exceed the max_blocks limit.
1614 */
777eda2c 1615 if (!iter_is_iovec(to))
75edd345 1616 sgp = SGP_CACHE;
1da177e4 1617
09cbfeaf
KS		 1618 index = *ppos >> PAGE_SHIFT;
1619 offset = *ppos & ~PAGE_MASK;
1da177e4
LT		 1620
1621 for (;;) {
1622 struct page *page = NULL;
41ffe5d5
HD		 1623 pgoff_t end_index;
1624 unsigned long nr, ret;
1da177e4
LT		 1625 loff_t i_size = i_size_read(inode);
1626
09cbfeaf 1627 end_index = i_size >> PAGE_SHIFT;
1da177e4
LT		 1628 if (index > end_index)
1629 break;
1630 if (index == end_index) {
09cbfeaf 1631 nr = i_size & ~PAGE_MASK;
1da177e4
LT		 1632 if (nr <= offset)
1633 break;
1634 }
1635
6e58e79d
AV		 1636 error = shmem_getpage(inode, index, &page, sgp, NULL);
1637 if (error) {
1638 if (error == -EINVAL)
1639 error = 0;
1da177e4
LT		 1640 break;
1641 }
75edd345
HD		 1642 if (page) {
1643 if (sgp == SGP_CACHE)
1644 set_page_dirty(page);
d3602444 1645 unlock_page(page);
75edd345 1646 }
1da177e4
LT		 1647
1648 /*
1649 * We must evaluate after, since reads (unlike writes)
1b1dcc1b 1650 * are called without i_mutex protection against truncate
1da177e4 1651 */
09cbfeaf 1652 nr = PAGE_SIZE;
1da177e4 1653 i_size = i_size_read(inode);
09cbfeaf 1654 end_index = i_size >> PAGE_SHIFT;
1da177e4 1655 if (index == end_index) {
09cbfeaf 1656 nr = i_size & ~PAGE_MASK;
1da177e4
LT		 1657 if (nr <= offset) {
1658 if (page)
09cbfeaf 1659 put_page(page);
1da177e4
LT		 1660 break;
1661 }
1662 }
1663 nr -= offset;
1664
1665 if (page) {
1666 /*
1667 * If users can be writing to this page using arbitrary
1668 * virtual addresses, take care about potential aliasing
1669 * before reading the page on the kernel side.
1670 */
1671 if (mapping_writably_mapped(mapping))
1672 flush_dcache_page(page);
1673 /*
1674 * Mark the page accessed if we read the beginning.
1675 */
1676 if (!offset)
1677 mark_page_accessed(page);
b5810039 1678 } else {
1da177e4 1679 page = ZERO_PAGE(0);
09cbfeaf 1680 get_page(page);
b5810039 1681 }
1da177e4
LT		 1682
1683 /*
1684 * Ok, we have the page, and it's up-to-date, so
1685 * now we can copy it to user space...
1da177e4 1686 */
2ba5bbed 1687 ret = copy_page_to_iter(page, offset, nr, to);
6e58e79d 1688 retval += ret;
1da177e4 1689 offset += ret;
09cbfeaf
KS		 1690 index += offset >> PAGE_SHIFT;
1691 offset &= ~PAGE_MASK;
1da177e4 1692
09cbfeaf 1693 put_page(page);
2ba5bbed 1694 if (!iov_iter_count(to))
1da177e4 1695 break;
6e58e79d
AV		 1696 if (ret < nr) {
1697 error = -EFAULT;
1698 break;
1699 }
1da177e4
LT		 1700 cond_resched();
1701 }
1702
09cbfeaf 1703 *ppos = ((loff_t) index << PAGE_SHIFT) + offset;
6e58e79d
AV		 1704 file_accessed(file);
1705 return retval ? retval : error;
1da177e4
LT		 1706}
1707
708e3508
HD		 1708static ssize_t shmem_file_splice_read(struct file *in, loff_t *ppos,
1709 struct pipe_inode_info *pipe, size_t len,
1710 unsigned int flags)
1711{
1712 struct address_space *mapping = in->f_mapping;
71f0e07a 1713 struct inode *inode = mapping->host;
708e3508
HD		 1714 unsigned int loff, nr_pages, req_pages;
1715 struct page *pages[PIPE_DEF_BUFFERS];
1716 struct partial_page partial[PIPE_DEF_BUFFERS];
1717 struct page *page;
1718 pgoff_t index, end_index;
1719 loff_t isize, left;
1720 int error, page_nr;
1721 struct splice_pipe_desc spd = {
1722 .pages = pages,
1723 .partial = partial,
047fe360 1724 .nr_pages_max = PIPE_DEF_BUFFERS,
708e3508
HD		 1725 .flags = flags,
1726 .ops = &page_cache_pipe_buf_ops,
1727 .spd_release = spd_release_page,
1728 };
1729
71f0e07a 1730 isize = i_size_read(inode);
708e3508
HD		 1731 if (unlikely(*ppos >= isize))
1732 return 0;
1733
1734 left = isize - *ppos;
1735 if (unlikely(left < len))
1736 len = left;
1737
1738 if (splice_grow_spd(pipe, &spd))
1739 return -ENOMEM;
1740
09cbfeaf
KS		 1741 index = *ppos >> PAGE_SHIFT;
1742 loff = *ppos & ~PAGE_MASK;
1743 req_pages = (len + loff + PAGE_SIZE - 1) >> PAGE_SHIFT;
a786c06d 1744 nr_pages = min(req_pages, spd.nr_pages_max);
708e3508 1745
708e3508
HD		 1746 spd.nr_pages = find_get_pages_contig(mapping, index,
1747 nr_pages, spd.pages);
1748 index += spd.nr_pages;
708e3508 1749 error = 0;
708e3508 1750
71f0e07a 1751 while (spd.nr_pages < nr_pages) {
71f0e07a
HD		 1752 error = shmem_getpage(inode, index, &page, SGP_CACHE, NULL);
1753 if (error)
1754 break;
1755 unlock_page(page);
708e3508
HD		 1756 spd.pages[spd.nr_pages++] = page;
1757 index++;
1758 }
1759
09cbfeaf 1760 index = *ppos >> PAGE_SHIFT;
708e3508
HD		 1761 nr_pages = spd.nr_pages;
1762 spd.nr_pages = 0;
71f0e07a 1763
708e3508
HD		 1764 for (page_nr = 0; page_nr < nr_pages; page_nr++) {
1765 unsigned int this_len;
1766
1767 if (!len)
1768 break;
1769
09cbfeaf 1770 this_len = min_t(unsigned long, len, PAGE_SIZE - loff);
708e3508
HD		 1771 page = spd.pages[page_nr];
1772
71f0e07a 1773 if (!PageUptodate(page) || page->mapping != mapping) {
71f0e07a
HD		 1774 error = shmem_getpage(inode, index, &page,
1775 SGP_CACHE, NULL);
1776 if (error)
708e3508 1777 break;
71f0e07a 1778 unlock_page(page);
09cbfeaf 1779 put_page(spd.pages[page_nr]);
71f0e07a 1780 spd.pages[page_nr] = page;
708e3508 1781 }
71f0e07a
HD		 1782
1783 isize = i_size_read(inode);
09cbfeaf 1784 end_index = (isize - 1) >> PAGE_SHIFT;
708e3508
HD		 1785 if (unlikely(!isize || index > end_index))
1786 break;
1787
708e3508
HD		 1788 if (end_index == index) {
1789 unsigned int plen;
1790
09cbfeaf 1791 plen = ((isize - 1) & ~PAGE_MASK) + 1;
708e3508
HD		 1792 if (plen <= loff)
1793 break;
1794
708e3508
HD		 1795 this_len = min(this_len, plen - loff);
1796 len = this_len;
1797 }
1798
1799 spd.partial[page_nr].offset = loff;
1800 spd.partial[page_nr].len = this_len;
1801 len -= this_len;
1802 loff = 0;
1803 spd.nr_pages++;
1804 index++;
1805 }
1806
708e3508 1807 while (page_nr < nr_pages)
09cbfeaf 1808 put_page(spd.pages[page_nr++]);
708e3508
HD		 1809
1810 if (spd.nr_pages)
1811 error = splice_to_pipe(pipe, &spd);
1812
047fe360 1813 splice_shrink_spd(&spd);
708e3508
HD		 1814
1815 if (error > 0) {
1816 *ppos += error;
1817 file_accessed(in);
1818 }
1819 return error;
1820}
1821
220f2ac9
HD		 1822/*
1823 * llseek SEEK_DATA or SEEK_HOLE through the radix_tree.
1824 */
1825static pgoff_t shmem_seek_hole_data(struct address_space *mapping,
965c8e59 1826 pgoff_t index, pgoff_t end, int whence)
220f2ac9
HD		 1827{
1828 struct page *page;
1829 struct pagevec pvec;
1830 pgoff_t indices[PAGEVEC_SIZE];
1831 bool done = false;
1832 int i;
1833
1834 pagevec_init(&pvec, 0);
1835 pvec.nr = 1; /* start small: we may be there already */
1836 while (!done) {
0cd6144a 1837 pvec.nr = find_get_entries(mapping, index,
220f2ac9
HD		 1838 pvec.nr, pvec.pages, indices);
1839 if (!pvec.nr) {
965c8e59 1840 if (whence == SEEK_DATA)
220f2ac9
HD		 1841 index = end;
1842 break;
1843 }
1844 for (i = 0; i < pvec.nr; i++, index++) {
1845 if (index < indices[i]) {
965c8e59 1846 if (whence == SEEK_HOLE) {
220f2ac9
HD		 1847 done = true;
1848 break;
1849 }
1850 index = indices[i];
1851 }
1852 page = pvec.pages[i];
1853 if (page && !radix_tree_exceptional_entry(page)) {
1854 if (!PageUptodate(page))
1855 page = NULL;
1856 }
1857 if (index >= end ||
965c8e59
AM		 1858 (page && whence == SEEK_DATA) ||
1859 (!page && whence == SEEK_HOLE)) {
220f2ac9
HD		 1860 done = true;
1861 break;
1862 }
1863 }
0cd6144a 1864 pagevec_remove_exceptionals(&pvec);
220f2ac9
HD		 1865 pagevec_release(&pvec);
1866 pvec.nr = PAGEVEC_SIZE;
1867 cond_resched();
1868 }
1869 return index;
1870}
1871
965c8e59 1872static loff_t shmem_file_llseek(struct file *file, loff_t offset, int whence)
220f2ac9
HD		 1873{
1874 struct address_space *mapping = file->f_mapping;
1875 struct inode *inode = mapping->host;
1876 pgoff_t start, end;
1877 loff_t new_offset;
1878
965c8e59
AM		 1879 if (whence != SEEK_DATA && whence != SEEK_HOLE)
1880 return generic_file_llseek_size(file, offset, whence,
220f2ac9 1881 MAX_LFS_FILESIZE, i_size_read(inode));
5955102c 1882 inode_lock(inode);
220f2ac9
HD		 1883 /* We're holding i_mutex so we can access i_size directly */
1884
1885 if (offset < 0)
1886 offset = -EINVAL;
1887 else if (offset >= inode->i_size)
1888 offset = -ENXIO;
1889 else {
09cbfeaf
KS		 1890 start = offset >> PAGE_SHIFT;
1891 end = (inode->i_size + PAGE_SIZE - 1) >> PAGE_SHIFT;
965c8e59 1892 new_offset = shmem_seek_hole_data(mapping, start, end, whence);
09cbfeaf 1893 new_offset <<= PAGE_SHIFT;
220f2ac9
HD		 1894 if (new_offset > offset) {
1895 if (new_offset < inode->i_size)
1896 offset = new_offset;
965c8e59 1897 else if (whence == SEEK_DATA)
220f2ac9
HD		 1898 offset = -ENXIO;
1899 else
1900 offset = inode->i_size;
1901 }
1902 }
1903
387aae6f
HD		 1904 if (offset >= 0)
1905 offset = vfs_setpos(file, offset, MAX_LFS_FILESIZE);
5955102c 1906 inode_unlock(inode);
220f2ac9
HD		 1907 return offset;
1908}
1909
05f65b5c
DR		 1910/*
1911 * We need a tag: a new tag would expand every radix_tree_node by 8 bytes,
1912 * so reuse a tag which we firmly believe is never set or cleared on shmem.
1913 */
1914#define SHMEM_TAG_PINNED PAGECACHE_TAG_TOWRITE
1915#define LAST_SCAN 4 /* about 150ms max */
1916
1917static void shmem_tag_pins(struct address_space *mapping)
1918{
1919 struct radix_tree_iter iter;
1920 void **slot;
1921 pgoff_t start;
1922 struct page *page;
1923
1924 lru_add_drain();
1925 start = 0;
1926 rcu_read_lock();
1927
05f65b5c
DR		 1928 radix_tree_for_each_slot(slot, &mapping->page_tree, &iter, start) {
1929 page = radix_tree_deref_slot(slot);
1930 if (!page || radix_tree_exception(page)) {
2cf938aa
MW		 1931 if (radix_tree_deref_retry(page)) {
1932 slot = radix_tree_iter_retry(&iter);
1933 continue;
1934 }
05f65b5c
DR		 1935 } else if (page_count(page) - page_mapcount(page) > 1) {
1936 spin_lock_irq(&mapping->tree_lock);
1937 radix_tree_tag_set(&mapping->page_tree, iter.index,
1938 SHMEM_TAG_PINNED);
1939 spin_unlock_irq(&mapping->tree_lock);
1940 }
1941
1942 if (need_resched()) {
1943 cond_resched_rcu();
7165092f 1944 slot = radix_tree_iter_next(&iter);
05f65b5c
DR		 1945 }
1946 }
1947 rcu_read_unlock();
1948}
1949
1950/*
1951 * Setting SEAL_WRITE requires us to verify there's no pending writer. However,
1952 * via get_user_pages(), drivers might have some pending I/O without any active
1953 * user-space mappings (eg., direct-IO, AIO). Therefore, we look at all pages
1954 * and see whether it has an elevated ref-count. If so, we tag them and wait for
1955 * them to be dropped.
1956 * The caller must guarantee that no new user will acquire writable references
1957 * to those pages to avoid races.
1958 */
40e041a2
DR		 1959static int shmem_wait_for_pins(struct address_space *mapping)
1960{
05f65b5c
DR		 1961 struct radix_tree_iter iter;
1962 void **slot;
1963 pgoff_t start;
1964 struct page *page;
1965 int error, scan;
1966
1967 shmem_tag_pins(mapping);
1968
1969 error = 0;
1970 for (scan = 0; scan <= LAST_SCAN; scan++) {
1971 if (!radix_tree_tagged(&mapping->page_tree, SHMEM_TAG_PINNED))
1972 break;
1973
1974 if (!scan)
1975 lru_add_drain_all();
1976 else if (schedule_timeout_killable((HZ << scan) / 200))
1977 scan = LAST_SCAN;
1978
1979 start = 0;
1980 rcu_read_lock();
05f65b5c
DR		 1981 radix_tree_for_each_tagged(slot, &mapping->page_tree, &iter,
1982 start, SHMEM_TAG_PINNED) {
1983
1984 page = radix_tree_deref_slot(slot);
1985 if (radix_tree_exception(page)) {
2cf938aa
MW		 1986 if (radix_tree_deref_retry(page)) {
1987 slot = radix_tree_iter_retry(&iter);
1988 continue;
1989 }
05f65b5c
DR		 1990
1991 page = NULL;
1992 }
1993
1994 if (page &&
1995 page_count(page) - page_mapcount(page) != 1) {
1996 if (scan < LAST_SCAN)
1997 goto continue_resched;
1998
1999 /*
2000 * On the last scan, we clean up all those tags
2001 * we inserted; but make a note that we still
2002 * found pages pinned.
2003 */
2004 error = -EBUSY;
2005 }
2006
2007 spin_lock_irq(&mapping->tree_lock);
2008 radix_tree_tag_clear(&mapping->page_tree,
2009 iter.index, SHMEM_TAG_PINNED);
2010 spin_unlock_irq(&mapping->tree_lock);
2011continue_resched:
2012 if (need_resched()) {
2013 cond_resched_rcu();
7165092f 2014 slot = radix_tree_iter_next(&iter);
05f65b5c
DR		 2015 }
2016 }
2017 rcu_read_unlock();
2018 }
2019
2020 return error;
40e041a2
DR		 2021}
2022
2023#define F_ALL_SEALS (F_SEAL_SEAL | \
2024 F_SEAL_SHRINK | \
2025 F_SEAL_GROW | \
2026 F_SEAL_WRITE)
2027
2028int shmem_add_seals(struct file *file, unsigned int seals)
2029{
2030 struct inode *inode = file_inode(file);
2031 struct shmem_inode_info *info = SHMEM_I(inode);
2032 int error;
2033
2034 /*
2035 * SEALING
2036 * Sealing allows multiple parties to share a shmem-file but restrict
2037 * access to a specific subset of file operations. Seals can only be
2038 * added, but never removed. This way, mutually untrusted parties can
2039 * share common memory regions with a well-defined policy. A malicious
2040 * peer can thus never perform unwanted operations on a shared object.
2041 *
2042 * Seals are only supported on special shmem-files and always affect
2043 * the whole underlying inode. Once a seal is set, it may prevent some
2044 * kinds of access to the file. Currently, the following seals are
2045 * defined:
2046 * SEAL_SEAL: Prevent further seals from being set on this file
2047 * SEAL_SHRINK: Prevent the file from shrinking
2048 * SEAL_GROW: Prevent the file from growing
2049 * SEAL_WRITE: Prevent write access to the file
2050 *
2051 * As we don't require any trust relationship between two parties, we
2052 * must prevent seals from being removed. Therefore, sealing a file
2053 * only adds a given set of seals to the file, it never touches
2054 * existing seals. Furthermore, the "setting seals"-operation can be
2055 * sealed itself, which basically prevents any further seal from being
2056 * added.
2057 *
2058 * Semantics of sealing are only defined on volatile files. Only
2059 * anonymous shmem files support sealing. More importantly, seals are
2060 * never written to disk. Therefore, there's no plan to support it on
2061 * other file types.
2062 */
2063
2064 if (file->f_op != &shmem_file_operations)
2065 return -EINVAL;
2066 if (!(file->f_mode & FMODE_WRITE))
2067 return -EPERM;
2068 if (seals & ~(unsigned int)F_ALL_SEALS)
2069 return -EINVAL;
2070
5955102c 2071 inode_lock(inode);
40e041a2
DR		 2072
2073 if (info->seals & F_SEAL_SEAL) {
2074 error = -EPERM;
2075 goto unlock;
2076 }
2077
2078 if ((seals & F_SEAL_WRITE) && !(info->seals & F_SEAL_WRITE)) {
2079 error = mapping_deny_writable(file->f_mapping);
2080 if (error)
2081 goto unlock;
2082
2083 error = shmem_wait_for_pins(file->f_mapping);
2084 if (error) {
2085 mapping_allow_writable(file->f_mapping);
2086 goto unlock;
2087 }
2088 }
2089
2090 info->seals |= seals;
2091 error = 0;
2092
2093unlock:
5955102c 2094 inode_unlock(inode);
40e041a2
DR		 2095 return error;
2096}
2097EXPORT_SYMBOL_GPL(shmem_add_seals);
2098
2099int shmem_get_seals(struct file *file)
2100{
2101 if (file->f_op != &shmem_file_operations)
2102 return -EINVAL;
2103
2104 return SHMEM_I(file_inode(file))->seals;
2105}
2106EXPORT_SYMBOL_GPL(shmem_get_seals);
2107
2108long shmem_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
2109{
2110 long error;
2111
2112 switch (cmd) {
2113 case F_ADD_SEALS:
2114 /* disallow upper 32bit */
2115 if (arg > UINT_MAX)
2116 return -EINVAL;
2117
2118 error = shmem_add_seals(file, arg);
2119 break;
2120 case F_GET_SEALS:
2121 error = shmem_get_seals(file);
2122 break;
2123 default:
2124 error = -EINVAL;
2125 break;
2126 }
2127
2128 return error;
2129}
2130
83e4fa9c
HD		 2131static long shmem_fallocate(struct file *file, int mode, loff_t offset,
2132 loff_t len)
2133{
496ad9aa 2134 struct inode *inode = file_inode(file);
e2d12e22 2135 struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
40e041a2 2136 struct shmem_inode_info *info = SHMEM_I(inode);
1aac1400 2137 struct shmem_falloc shmem_falloc;
e2d12e22
HD		 2138 pgoff_t start, index, end;
2139 int error;
83e4fa9c 2140
13ace4d0
HD		 2141 if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE))
2142 return -EOPNOTSUPP;
2143
5955102c 2144 inode_lock(inode);
83e4fa9c
HD		 2145
2146 if (mode & FALLOC_FL_PUNCH_HOLE) {
2147 struct address_space *mapping = file->f_mapping;
2148 loff_t unmap_start = round_up(offset, PAGE_SIZE);
2149 loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1;
8e205f77 2150 DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq);
83e4fa9c 2151
40e041a2
DR		 2152 /* protected by i_mutex */
2153 if (info->seals & F_SEAL_WRITE) {
2154 error = -EPERM;
2155 goto out;
2156 }
2157
8e205f77 2158 shmem_falloc.waitq = &shmem_falloc_waitq;
f00cdc6d
HD		 2159 shmem_falloc.start = unmap_start >> PAGE_SHIFT;
2160 shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
2161 spin_lock(&inode->i_lock);
2162 inode->i_private = &shmem_falloc;
2163 spin_unlock(&inode->i_lock);
2164
83e4fa9c
HD		 2165 if ((u64)unmap_end > (u64)unmap_start)
2166 unmap_mapping_range(mapping, unmap_start,
2167 1 + unmap_end - unmap_start, 0);
2168 shmem_truncate_range(inode, offset, offset + len - 1);
2169 /* No need to unmap again: hole-punching leaves COWed pages */
8e205f77
HD		 2170
2171 spin_lock(&inode->i_lock);
2172 inode->i_private = NULL;
2173 wake_up_all(&shmem_falloc_waitq);
2174 spin_unlock(&inode->i_lock);
83e4fa9c 2175 error = 0;
8e205f77 2176 goto out;
e2d12e22
HD		 2177 }
2178
2179 /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */
2180 error = inode_newsize_ok(inode, offset + len);
2181 if (error)
2182 goto out;
2183
40e041a2
DR		 2184 if ((info->seals & F_SEAL_GROW) && offset + len > inode->i_size) {
2185 error = -EPERM;
2186 goto out;
2187 }
2188
09cbfeaf
KS		 2189 start = offset >> PAGE_SHIFT;
2190 end = (offset + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
e2d12e22
HD		 2191 /* Try to avoid a swapstorm if len is impossible to satisfy */
2192 if (sbinfo->max_blocks && end - start > sbinfo->max_blocks) {
2193 error = -ENOSPC;
2194 goto out;
83e4fa9c
HD		 2195 }
2196
8e205f77 2197 shmem_falloc.waitq = NULL;
1aac1400
HD		 2198 shmem_falloc.start = start;
2199 shmem_falloc.next = start;
2200 shmem_falloc.nr_falloced = 0;
2201 shmem_falloc.nr_unswapped = 0;
2202 spin_lock(&inode->i_lock);
2203 inode->i_private = &shmem_falloc;
2204 spin_unlock(&inode->i_lock);
2205
e2d12e22
HD		 2206 for (index = start; index < end; index++) {
2207 struct page *page;
2208
2209 /*
2210 * Good, the fallocate(2) manpage permits EINTR: we may have
2211 * been interrupted because we are using up too much memory.
2212 */
2213 if (signal_pending(current))
2214 error = -EINTR;
1aac1400
HD		 2215 else if (shmem_falloc.nr_unswapped > shmem_falloc.nr_falloced)
2216 error = -ENOMEM;
e2d12e22 2217 else
1635f6a7 2218 error = shmem_getpage(inode, index, &page, SGP_FALLOC,
e2d12e22
HD		 2219 NULL);
2220 if (error) {
1635f6a7
HD		 2221 /* Remove the !PageUptodate pages we added */
2222 shmem_undo_range(inode,
09cbfeaf
KS		 2223 (loff_t)start << PAGE_SHIFT,
2224 (loff_t)index << PAGE_SHIFT, true);
1aac1400 2225 goto undone;
e2d12e22
HD		 2226 }
2227
1aac1400
HD		 2228 /*
2229 * Inform shmem_writepage() how far we have reached.
2230 * No need for lock or barrier: we have the page lock.
2231 */
2232 shmem_falloc.next++;
2233 if (!PageUptodate(page))
2234 shmem_falloc.nr_falloced++;
2235
e2d12e22 2236 /*
1635f6a7
HD		 2237 * If !PageUptodate, leave it that way so that freeable pages
2238 * can be recognized if we need to rollback on error later.
2239 * But set_page_dirty so that memory pressure will swap rather
e2d12e22
HD		 2240 * than free the pages we are allocating (and SGP_CACHE pages
2241 * might still be clean: we now need to mark those dirty too).
2242 */
2243 set_page_dirty(page);
2244 unlock_page(page);
09cbfeaf 2245 put_page(page);
e2d12e22
HD		 2246 cond_resched();
2247 }
2248
2249 if (!(mode & FALLOC_FL_KEEP_SIZE) && offset + len > inode->i_size)
2250 i_size_write(inode, offset + len);
e2d12e22 2251 inode->i_ctime = CURRENT_TIME;
1aac1400
HD		 2252undone:
2253 spin_lock(&inode->i_lock);
2254 inode->i_private = NULL;
2255 spin_unlock(&inode->i_lock);
e2d12e22 2256out:
5955102c 2257 inode_unlock(inode);
83e4fa9c
HD		 2258 return error;
2259}
2260
726c3342 2261static int shmem_statfs(struct dentry *dentry, struct kstatfs *buf)
1da177e4 2262{
726c3342 2263 struct shmem_sb_info *sbinfo = SHMEM_SB(dentry->d_sb);
1da177e4
LT		 2264
2265 buf->f_type = TMPFS_MAGIC;
09cbfeaf 2266 buf->f_bsize = PAGE_SIZE;
1da177e4 2267 buf->f_namelen = NAME_MAX;
0edd73b3 2268 if (sbinfo->max_blocks) {
1da177e4 2269 buf->f_blocks = sbinfo->max_blocks;
41ffe5d5
HD		 2270 buf->f_bavail =
2271 buf->f_bfree = sbinfo->max_blocks -
2272 percpu_counter_sum(&sbinfo->used_blocks);
0edd73b3
HD		 2273 }
2274 if (sbinfo->max_inodes) {
1da177e4
LT		 2275 buf->f_files = sbinfo->max_inodes;
2276 buf->f_ffree = sbinfo->free_inodes;
1da177e4
LT		 2277 }
2278 /* else leave those fields 0 like simple_statfs */
2279 return 0;
2280}
2281
2282/*
2283 * File creation. Allocate an inode, and we're done..
2284 */
2285static int
1a67aafb 2286shmem_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
1da177e4 2287{
0b0a0806 2288 struct inode *inode;
1da177e4
LT		 2289 int error = -ENOSPC;
2290
454abafe 2291 inode = shmem_get_inode(dir->i_sb, dir, mode, dev, VM_NORESERVE);
1da177e4 2292 if (inode) {
feda821e
CH		 2293 error = simple_acl_create(dir, inode);
2294 if (error)
2295 goto out_iput;
2a7dba39 2296 error = security_inode_init_security(inode, dir,
9d8f13ba 2297 &dentry->d_name,
6d9d88d0 2298 shmem_initxattrs, NULL);
feda821e
CH		 2299 if (error && error != -EOPNOTSUPP)
2300 goto out_iput;
37ec43cd 2301
718deb6b 2302 error = 0;
1da177e4
LT		 2303 dir->i_size += BOGO_DIRENT_SIZE;
2304 dir->i_ctime = dir->i_mtime = CURRENT_TIME;
2305 d_instantiate(dentry, inode);
2306 dget(dentry); /* Extra count - pin the dentry in core */
1da177e4
LT		 2307 }
2308 return error;
feda821e
CH		 2309out_iput:
2310 iput(inode);
2311 return error;
1da177e4
LT		 2312}
2313
60545d0d
AV		 2314static int
2315shmem_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
2316{
2317 struct inode *inode;
2318 int error = -ENOSPC;
2319
2320 inode = shmem_get_inode(dir->i_sb, dir, mode, 0, VM_NORESERVE);
2321 if (inode) {
2322 error = security_inode_init_security(inode, dir,
2323 NULL,
2324 shmem_initxattrs, NULL);
feda821e
CH		 2325 if (error && error != -EOPNOTSUPP)
2326 goto out_iput;
2327 error = simple_acl_create(dir, inode);
2328 if (error)
2329 goto out_iput;
60545d0d
AV		 2330 d_tmpfile(dentry, inode);
2331 }
2332 return error;
feda821e
CH		 2333out_iput:
2334 iput(inode);
2335 return error;
60545d0d
AV		 2336}
2337
18bb1db3 2338static int shmem_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
1da177e4
LT		 2339{
2340 int error;
2341
2342 if ((error = shmem_mknod(dir, dentry, mode | S_IFDIR, 0)))
2343 return error;
d8c76e6f 2344 inc_nlink(dir);
1da177e4
LT		 2345 return 0;
2346}
2347
4acdaf27 2348static int shmem_create(struct inode *dir, struct dentry *dentry, umode_t mode,
ebfc3b49 2349 bool excl)
1da177e4
LT		 2350{
2351 return shmem_mknod(dir, dentry, mode | S_IFREG, 0);
2352}
2353
2354/*
2355 * Link a file..
2356 */
2357static int shmem_link(struct dentry *old_dentry, struct inode *dir, struct dentry *dentry)
2358{
75c3cfa8 2359 struct inode *inode = d_inode(old_dentry);
5b04c689 2360 int ret;
1da177e4
LT		 2361
2362 /*
2363 * No ordinary (disk based) filesystem counts links as inodes;
2364 * but each new link needs a new dentry, pinning lowmem, and
2365 * tmpfs dentries cannot be pruned until they are unlinked.
2366 */
5b04c689
PE		 2367 ret = shmem_reserve_inode(inode->i_sb);
2368 if (ret)
2369 goto out;
1da177e4
LT		 2370
2371 dir->i_size += BOGO_DIRENT_SIZE;
2372 inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME;
d8c76e6f 2373 inc_nlink(inode);
7de9c6ee 2374 ihold(inode); /* New dentry reference */
1da177e4
LT		 2375 dget(dentry); /* Extra pinning count for the created dentry */
2376 d_instantiate(dentry, inode);
5b04c689
PE		 2377out:
2378 return ret;
1da177e4
LT		 2379}
2380
2381static int shmem_unlink(struct inode *dir, struct dentry *dentry)
2382{
75c3cfa8 2383 struct inode *inode = d_inode(dentry);
1da177e4 2384
5b04c689
PE		 2385 if (inode->i_nlink > 1 && !S_ISDIR(inode->i_mode))
2386 shmem_free_inode(inode->i_sb);
1da177e4
LT		 2387
2388 dir->i_size -= BOGO_DIRENT_SIZE;
2389 inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME;
9a53c3a7 2390 drop_nlink(inode);
1da177e4
LT		 2391 dput(dentry); /* Undo the count from "create" - this does all the work */
2392 return 0;
2393}
2394
2395static int shmem_rmdir(struct inode *dir, struct dentry *dentry)
2396{
2397 if (!simple_empty(dentry))
2398 return -ENOTEMPTY;
2399
75c3cfa8 2400 drop_nlink(d_inode(dentry));
9a53c3a7 2401 drop_nlink(dir);
1da177e4
LT		 2402 return shmem_unlink(dir, dentry);
2403}
2404
37456771
MS		 2405static int shmem_exchange(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry)
2406{
e36cb0b8
DH		 2407 bool old_is_dir = d_is_dir(old_dentry);
2408 bool new_is_dir = d_is_dir(new_dentry);
37456771
MS		 2409
2410 if (old_dir != new_dir && old_is_dir != new_is_dir) {
2411 if (old_is_dir) {
2412 drop_nlink(old_dir);
2413 inc_nlink(new_dir);
2414 } else {
2415 drop_nlink(new_dir);
2416 inc_nlink(old_dir);
2417 }
2418 }
2419 old_dir->i_ctime = old_dir->i_mtime =
2420 new_dir->i_ctime = new_dir->i_mtime =
75c3cfa8
DH		 2421 d_inode(old_dentry)->i_ctime =
2422 d_inode(new_dentry)->i_ctime = CURRENT_TIME;
37456771
MS		 2423
2424 return 0;
2425}
2426
46fdb794
MS		 2427static int shmem_whiteout(struct inode *old_dir, struct dentry *old_dentry)
2428{
2429 struct dentry *whiteout;
2430 int error;
2431
2432 whiteout = d_alloc(old_dentry->d_parent, &old_dentry->d_name);
2433 if (!whiteout)
2434 return -ENOMEM;
2435
2436 error = shmem_mknod(old_dir, whiteout,
2437 S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
2438 dput(whiteout);
2439 if (error)
2440 return error;
2441
2442 /*
2443 * Cheat and hash the whiteout while the old dentry is still in
2444 * place, instead of playing games with FS_RENAME_DOES_D_MOVE.
2445 *
2446 * d_lookup() will consistently find one of them at this point,
2447 * not sure which one, but that isn't even important.
2448 */
2449 d_rehash(whiteout);
2450 return 0;
2451}
2452
1da177e4
LT		 2453/*
2454 * The VFS layer already does all the dentry stuff for rename,
2455 * we just have to decrement the usage count for the target if
2456 * it exists so that the VFS layer correctly free's it when it
2457 * gets overwritten.
2458 */
3b69ff51 2459static int shmem_rename2(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry, unsigned int flags)
1da177e4 2460{
75c3cfa8 2461 struct inode *inode = d_inode(old_dentry);
1da177e4
LT		 2462 int they_are_dirs = S_ISDIR(inode->i_mode);
2463
46fdb794 2464 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
3b69ff51
MS		 2465 return -EINVAL;
2466
37456771
MS		 2467 if (flags & RENAME_EXCHANGE)
2468 return shmem_exchange(old_dir, old_dentry, new_dir, new_dentry);
2469
1da177e4
LT		 2470 if (!simple_empty(new_dentry))
2471 return -ENOTEMPTY;
2472
46fdb794
MS		 2473 if (flags & RENAME_WHITEOUT) {
2474 int error;
2475
2476 error = shmem_whiteout(old_dir, old_dentry);
2477 if (error)
2478 return error;
2479 }
2480
75c3cfa8 2481 if (d_really_is_positive(new_dentry)) {
1da177e4 2482 (void) shmem_unlink(new_dir, new_dentry);
b928095b 2483 if (they_are_dirs) {
75c3cfa8 2484 drop_nlink(d_inode(new_dentry));
9a53c3a7 2485 drop_nlink(old_dir);
b928095b 2486 }
1da177e4 2487 } else if (they_are_dirs) {
9a53c3a7 2488 drop_nlink(old_dir);
d8c76e6f 2489 inc_nlink(new_dir);
1da177e4
LT		 2490 }
2491
2492 old_dir->i_size -= BOGO_DIRENT_SIZE;
2493 new_dir->i_size += BOGO_DIRENT_SIZE;
2494 old_dir->i_ctime = old_dir->i_mtime =
2495 new_dir->i_ctime = new_dir->i_mtime =
2496 inode->i_ctime = CURRENT_TIME;
2497 return 0;
2498}
2499
2500static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
2501{
2502 int error;
2503 int len;
2504 struct inode *inode;
9276aad6 2505 struct page *page;
1da177e4
LT		 2506 struct shmem_inode_info *info;
2507
2508 len = strlen(symname) + 1;
09cbfeaf 2509 if (len > PAGE_SIZE)
1da177e4
LT		 2510 return -ENAMETOOLONG;
2511
454abafe 2512 inode = shmem_get_inode(dir->i_sb, dir, S_IFLNK|S_IRWXUGO, 0, VM_NORESERVE);
1da177e4
LT		 2513 if (!inode)
2514 return -ENOSPC;
2515
9d8f13ba 2516 error = security_inode_init_security(inode, dir, &dentry->d_name,
6d9d88d0 2517 shmem_initxattrs, NULL);
570bc1c2
SS		 2518 if (error) {
2519 if (error != -EOPNOTSUPP) {
2520 iput(inode);
2521 return error;
2522 }
2523 error = 0;
2524 }
2525
1da177e4
LT		 2526 info = SHMEM_I(inode);
2527 inode->i_size = len-1;
69f07ec9 2528 if (len <= SHORT_SYMLINK_LEN) {
3ed47db3
AV		 2529 inode->i_link = kmemdup(symname, len, GFP_KERNEL);
2530 if (!inode->i_link) {
69f07ec9
HD		 2531 iput(inode);
2532 return -ENOMEM;
2533 }
2534 inode->i_op = &shmem_short_symlink_operations;
1da177e4 2535 } else {
e8ecde25 2536 inode_nohighmem(inode);
1da177e4
LT		 2537 error = shmem_getpage(inode, 0, &page, SGP_WRITE, NULL);
2538 if (error) {
2539 iput(inode);
2540 return error;
2541 }
14fcc23f 2542 inode->i_mapping->a_ops = &shmem_aops;
1da177e4 2543 inode->i_op = &shmem_symlink_inode_operations;
21fc61c7 2544 memcpy(page_address(page), symname, len);
ec9516fb 2545 SetPageUptodate(page);
1da177e4 2546 set_page_dirty(page);
6746aff7 2547 unlock_page(page);
09cbfeaf 2548 put_page(page);
1da177e4 2549 }
1da177e4
LT		 2550 dir->i_size += BOGO_DIRENT_SIZE;
2551 dir->i_ctime = dir->i_mtime = CURRENT_TIME;
2552 d_instantiate(dentry, inode);
2553 dget(dentry);
2554 return 0;
2555}
2556
fceef393 2557static void shmem_put_link(void *arg)
1da177e4 2558{
fceef393
AV		 2559 mark_page_accessed(arg);
2560 put_page(arg);
1da177e4
LT		 2561}
2562
6b255391 2563static const char *shmem_get_link(struct dentry *dentry,
fceef393
AV		 2564 struct inode *inode,
2565 struct delayed_call *done)
1da177e4 2566{
1da177e4 2567 struct page *page = NULL;
6b255391 2568 int error;
6a6c9904
AV		 2569 if (!dentry) {
2570 page = find_get_page(inode->i_mapping, 0);
2571 if (!page)
2572 return ERR_PTR(-ECHILD);
2573 if (!PageUptodate(page)) {
2574 put_page(page);
2575 return ERR_PTR(-ECHILD);
2576 }
2577 } else {
2578 error = shmem_getpage(inode, 0, &page, SGP_READ, NULL);
2579 if (error)
2580 return ERR_PTR(error);
2581 unlock_page(page);
2582 }
fceef393 2583 set_delayed_call(done, shmem_put_link, page);
21fc61c7 2584 return page_address(page);
1da177e4
LT		 2585}
2586
b09e0fa4 2587#ifdef CONFIG_TMPFS_XATTR
46711810 2588/*
b09e0fa4
EP		 2589 * Superblocks without xattr inode operations may get some security.* xattr
2590 * support from the LSM "for free". As soon as we have any other xattrs
39f0247d
AG		 2591 * like ACLs, we also need to implement the security.* handlers at
2592 * filesystem level, though.
2593 */
2594
6d9d88d0
JS		 2595/*
2596 * Callback for security_inode_init_security() for acquiring xattrs.
2597 */
2598static int shmem_initxattrs(struct inode *inode,
2599 const struct xattr *xattr_array,
2600 void *fs_info)
2601{
2602 struct shmem_inode_info *info = SHMEM_I(inode);
2603 const struct xattr *xattr;
38f38657 2604 struct simple_xattr *new_xattr;
6d9d88d0
JS		 2605 size_t len;
2606
2607 for (xattr = xattr_array; xattr->name != NULL; xattr++) {
38f38657 2608 new_xattr = simple_xattr_alloc(xattr->value, xattr->value_len);
6d9d88d0
JS		 2609 if (!new_xattr)
2610 return -ENOMEM;
2611
2612 len = strlen(xattr->name) + 1;
2613 new_xattr->name = kmalloc(XATTR_SECURITY_PREFIX_LEN + len,
2614 GFP_KERNEL);
2615 if (!new_xattr->name) {
2616 kfree(new_xattr);
2617 return -ENOMEM;
2618 }
2619
2620 memcpy(new_xattr->name, XATTR_SECURITY_PREFIX,
2621 XATTR_SECURITY_PREFIX_LEN);
2622 memcpy(new_xattr->name + XATTR_SECURITY_PREFIX_LEN,
2623 xattr->name, len);
2624
38f38657 2625 simple_xattr_list_add(&info->xattrs, new_xattr);
6d9d88d0
JS		 2626 }
2627
2628 return 0;
2629}
2630
aa7c5241 2631static int shmem_xattr_handler_get(const struct xattr_handler *handler,
b296821a
AV		 2632 struct dentry *unused, struct inode *inode,
2633 const char *name, void *buffer, size_t size)
b09e0fa4 2634{
b296821a 2635 struct shmem_inode_info *info = SHMEM_I(inode);
b09e0fa4 2636
aa7c5241 2637 name = xattr_full_name(handler, name);
38f38657 2638 return simple_xattr_get(&info->xattrs, name, buffer, size);
b09e0fa4
EP		 2639}
2640
aa7c5241
AG		 2641static int shmem_xattr_handler_set(const struct xattr_handler *handler,
2642 struct dentry *dentry, const char *name,
2643 const void *value, size_t size, int flags)
b09e0fa4 2644{
75c3cfa8 2645 struct shmem_inode_info *info = SHMEM_I(d_inode(dentry));
b09e0fa4 2646
aa7c5241 2647 name = xattr_full_name(handler, name);
38f38657 2648 return simple_xattr_set(&info->xattrs, name, value, size, flags);
b09e0fa4
EP		 2649}
2650
aa7c5241
AG		 2651static const struct xattr_handler shmem_security_xattr_handler = {
2652 .prefix = XATTR_SECURITY_PREFIX,
2653 .get = shmem_xattr_handler_get,
2654 .set = shmem_xattr_handler_set,
2655};
b09e0fa4 2656
aa7c5241
AG		 2657static const struct xattr_handler shmem_trusted_xattr_handler = {
2658 .prefix = XATTR_TRUSTED_PREFIX,
2659 .get = shmem_xattr_handler_get,
2660 .set = shmem_xattr_handler_set,
2661};
b09e0fa4 2662
aa7c5241
AG		 2663static const struct xattr_handler *shmem_xattr_handlers[] = {
2664#ifdef CONFIG_TMPFS_POSIX_ACL
2665 &posix_acl_access_xattr_handler,
2666 &posix_acl_default_xattr_handler,
2667#endif
2668 &shmem_security_xattr_handler,
2669 &shmem_trusted_xattr_handler,
2670 NULL
2671};
b09e0fa4
EP		 2672
2673static ssize_t shmem_listxattr(struct dentry *dentry, char *buffer, size_t size)
2674{
75c3cfa8 2675 struct shmem_inode_info *info = SHMEM_I(d_inode(dentry));
786534b9 2676 return simple_xattr_list(d_inode(dentry), &info->xattrs, buffer, size);
b09e0fa4
EP		 2677}
2678#endif /* CONFIG_TMPFS_XATTR */
2679
69f07ec9 2680static const struct inode_operations shmem_short_symlink_operations = {
b09e0fa4 2681 .readlink = generic_readlink,
6b255391 2682 .get_link = simple_get_link,
b09e0fa4 2683#ifdef CONFIG_TMPFS_XATTR
aa7c5241
AG		 2684 .setxattr = generic_setxattr,
2685 .getxattr = generic_getxattr,
b09e0fa4 2686 .listxattr = shmem_listxattr,
aa7c5241 2687 .removexattr = generic_removexattr,
b09e0fa4
EP		 2688#endif
2689};
2690
2691static const struct inode_operations shmem_symlink_inode_operations = {
2692 .readlink = generic_readlink,
6b255391 2693 .get_link = shmem_get_link,
b09e0fa4 2694#ifdef CONFIG_TMPFS_XATTR
aa7c5241
AG		 2695 .setxattr = generic_setxattr,
2696 .getxattr = generic_getxattr,
b09e0fa4 2697 .listxattr = shmem_listxattr,
aa7c5241 2698 .removexattr = generic_removexattr,
39f0247d 2699#endif
b09e0fa4 2700};
39f0247d 2701
91828a40
DG		 2702static struct dentry *shmem_get_parent(struct dentry *child)
2703{
2704 return ERR_PTR(-ESTALE);
2705}
2706
2707static int shmem_match(struct inode *ino, void *vfh)
2708{
2709 __u32 *fh = vfh;
2710 __u64 inum = fh[2];
2711 inum = (inum << 32) | fh[1];
2712 return ino->i_ino == inum && fh[0] == ino->i_generation;
2713}
2714
480b116c
CH		 2715static struct dentry *shmem_fh_to_dentry(struct super_block *sb,
2716 struct fid *fid, int fh_len, int fh_type)
91828a40 2717{
91828a40 2718 struct inode *inode;
480b116c 2719 struct dentry *dentry = NULL;
35c2a7f4 2720 u64 inum;
480b116c
CH		 2721
2722 if (fh_len < 3)
2723 return NULL;
91828a40 2724
35c2a7f4
HD		 2725 inum = fid->raw[2];
2726 inum = (inum << 32) | fid->raw[1];
2727
480b116c
CH		 2728 inode = ilookup5(sb, (unsigned long)(inum + fid->raw[0]),
2729 shmem_match, fid->raw);
91828a40 2730 if (inode) {
480b116c 2731 dentry = d_find_alias(inode);
91828a40
DG		 2732 iput(inode);
2733 }
2734
480b116c 2735 return dentry;
91828a40
DG		 2736}
2737
b0b0382b
AV		 2738static int shmem_encode_fh(struct inode *inode, __u32 *fh, int *len,
2739 struct inode *parent)
91828a40 2740{
5fe0c237
AK		 2741 if (*len < 3) {
2742 *len = 3;
94e07a75 2743 return FILEID_INVALID;
5fe0c237 2744 }
91828a40 2745
1d3382cb 2746 if (inode_unhashed(inode)) {
91828a40
DG		 2747 /* Unfortunately insert_inode_hash is not idempotent,
2748 * so as we hash inodes here rather than at creation
2749 * time, we need a lock to ensure we only try
2750 * to do it once
2751 */
2752 static DEFINE_SPINLOCK(lock);
2753 spin_lock(&lock);
1d3382cb 2754 if (inode_unhashed(inode))
91828a40
DG		 2755 __insert_inode_hash(inode,
2756 inode->i_ino + inode->i_generation);
2757 spin_unlock(&lock);
2758 }
2759
2760 fh[0] = inode->i_generation;
2761 fh[1] = inode->i_ino;
2762 fh[2] = ((__u64)inode->i_ino) >> 32;
2763
2764 *len = 3;
2765 return 1;
2766}
2767
39655164 2768static const struct export_operations shmem_export_ops = {
91828a40 2769 .get_parent = shmem_get_parent,
91828a40 2770 .encode_fh = shmem_encode_fh,
480b116c 2771 .fh_to_dentry = shmem_fh_to_dentry,
91828a40
DG		 2772};
2773
680d794b
AM		 2774static int shmem_parse_options(char *options, struct shmem_sb_info *sbinfo,
2775 bool remount)
1da177e4
LT		 2776{
2777 char *this_char, *value, *rest;
49cd0a5c 2778 struct mempolicy *mpol = NULL;
8751e039
EB		 2779 uid_t uid;
2780 gid_t gid;
1da177e4 2781
b00dc3ad
HD		 2782 while (options != NULL) {
2783 this_char = options;
2784 for (;;) {
2785 /*
2786 * NUL-terminate this option: unfortunately,
2787 * mount options form a comma-separated list,
2788 * but mpol's nodelist may also contain commas.
2789 */
2790 options = strchr(options, ',');
2791 if (options == NULL)
2792 break;
2793 options++;
2794 if (!isdigit(*options)) {
2795 options[-1] = '\0';
2796 break;
2797 }
2798 }
1da177e4
LT		 2799 if (!*this_char)
2800 continue;
2801 if ((value = strchr(this_char,'=')) != NULL) {
2802 *value++ = 0;
2803 } else {
1170532b
JP		 2804 pr_err("tmpfs: No value for mount option '%s'\n",
2805 this_char);
49cd0a5c 2806 goto error;
1da177e4
LT		 2807 }
2808
2809 if (!strcmp(this_char,"size")) {
2810 unsigned long long size;
2811 size = memparse(value,&rest);
2812 if (*rest == '%') {
2813 size <<= PAGE_SHIFT;
2814 size *= totalram_pages;
2815 do_div(size, 100);
2816 rest++;
2817 }
2818 if (*rest)
2819 goto bad_val;
680d794b 2820 sbinfo->max_blocks =
09cbfeaf 2821 DIV_ROUND_UP(size, PAGE_SIZE);
1da177e4 2822 } else if (!strcmp(this_char,"nr_blocks")) {
680d794b 2823 sbinfo->max_blocks = memparse(value, &rest);
1da177e4
LT		 2824 if (*rest)
2825 goto bad_val;
2826 } else if (!strcmp(this_char,"nr_inodes")) {
680d794b 2827 sbinfo->max_inodes = memparse(value, &rest);
1da177e4
LT		 2828 if (*rest)
2829 goto bad_val;
2830 } else if (!strcmp(this_char,"mode")) {
680d794b 2831 if (remount)
1da177e4 2832 continue;
680d794b 2833 sbinfo->mode = simple_strtoul(value, &rest, 8) & 07777;
1da177e4
LT		 2834 if (*rest)
2835 goto bad_val;
2836 } else if (!strcmp(this_char,"uid")) {
680d794b 2837 if (remount)
1da177e4 2838 continue;
8751e039 2839 uid = simple_strtoul(value, &rest, 0);
1da177e4
LT		 2840 if (*rest)
2841 goto bad_val;
8751e039
EB		 2842 sbinfo->uid = make_kuid(current_user_ns(), uid);
2843 if (!uid_valid(sbinfo->uid))
2844 goto bad_val;
1da177e4 2845 } else if (!strcmp(this_char,"gid")) {
680d794b 2846 if (remount)
1da177e4 2847 continue;
8751e039 2848 gid = simple_strtoul(value, &rest, 0);
1da177e4
LT		 2849 if (*rest)
2850 goto bad_val;
8751e039
EB		 2851 sbinfo->gid = make_kgid(current_user_ns(), gid);
2852 if (!gid_valid(sbinfo->gid))
2853 goto bad_val;
7339ff83 2854 } else if (!strcmp(this_char,"mpol")) {
49cd0a5c
GT		 2855 mpol_put(mpol);
2856 mpol = NULL;
2857 if (mpol_parse_str(value, &mpol))
7339ff83 2858 goto bad_val;
1da177e4 2859 } else {
1170532b 2860 pr_err("tmpfs: Bad mount option %s\n", this_char);
49cd0a5c 2861 goto error;
1da177e4
LT		 2862 }
2863 }
49cd0a5c 2864 sbinfo->mpol = mpol;
1da177e4
LT		 2865 return 0;
2866
2867bad_val:
1170532b 2868 pr_err("tmpfs: Bad value '%s' for mount option '%s'\n",
1da177e4 2869 value, this_char);
49cd0a5c
GT		 2870error:
2871 mpol_put(mpol);
1da177e4
LT		 2872 return 1;
2873
2874}
2875
2876static int shmem_remount_fs(struct super_block *sb, int *flags, char *data)
2877{
2878 struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
680d794b 2879 struct shmem_sb_info config = *sbinfo;
0edd73b3
HD		 2880 unsigned long inodes;
2881 int error = -EINVAL;
2882
5f00110f 2883 config.mpol = NULL;
680d794b 2884 if (shmem_parse_options(data, &config, true))
0edd73b3 2885 return error;
1da177e4 2886
0edd73b3 2887 spin_lock(&sbinfo->stat_lock);
0edd73b3 2888 inodes = sbinfo->max_inodes - sbinfo->free_inodes;
7e496299 2889 if (percpu_counter_compare(&sbinfo->used_blocks, config.max_blocks) > 0)
0edd73b3 2890 goto out;
680d794b 2891 if (config.max_inodes < inodes)
0edd73b3
HD		 2892 goto out;
2893 /*
54af6042 2894 * Those tests disallow limited->unlimited while any are in use;
0edd73b3
HD		 2895 * but we must separately disallow unlimited->limited, because
2896 * in that case we have no record of how much is already in use.
2897 */
680d794b 2898 if (config.max_blocks && !sbinfo->max_blocks)
0edd73b3 2899 goto out;
680d794b 2900 if (config.max_inodes && !sbinfo->max_inodes)
0edd73b3
HD		 2901 goto out;
2902
2903 error = 0;
680d794b 2904 sbinfo->max_blocks = config.max_blocks;
680d794b
AM		 2905 sbinfo->max_inodes = config.max_inodes;
2906 sbinfo->free_inodes = config.max_inodes - inodes;
71fe804b 2907
5f00110f
GT		 2908 /*
2909 * Preserve previous mempolicy unless mpol remount option was specified.
2910 */
2911 if (config.mpol) {
2912 mpol_put(sbinfo->mpol);
2913 sbinfo->mpol = config.mpol; /* transfers initial ref */
2914 }
0edd73b3
HD		 2915out:
2916 spin_unlock(&sbinfo->stat_lock);
2917 return error;
1da177e4 2918}
680d794b 2919
34c80b1d 2920static int shmem_show_options(struct seq_file *seq, struct dentry *root)
680d794b 2921{
34c80b1d 2922 struct shmem_sb_info *sbinfo = SHMEM_SB(root->d_sb);
680d794b
AM		 2923
2924 if (sbinfo->max_blocks != shmem_default_max_blocks())
2925 seq_printf(seq, ",size=%luk",
09cbfeaf 2926 sbinfo->max_blocks << (PAGE_SHIFT - 10));
680d794b
AM		 2927 if (sbinfo->max_inodes != shmem_default_max_inodes())
2928 seq_printf(seq, ",nr_inodes=%lu", sbinfo->max_inodes);
2929 if (sbinfo->mode != (S_IRWXUGO | S_ISVTX))
09208d15 2930 seq_printf(seq, ",mode=%03ho", sbinfo->mode);
8751e039
EB		 2931 if (!uid_eq(sbinfo->uid, GLOBAL_ROOT_UID))
2932 seq_printf(seq, ",uid=%u",
2933 from_kuid_munged(&init_user_ns, sbinfo->uid));
2934 if (!gid_eq(sbinfo->gid, GLOBAL_ROOT_GID))
2935 seq_printf(seq, ",gid=%u",
2936 from_kgid_munged(&init_user_ns, sbinfo->gid));
71fe804b 2937 shmem_show_mpol(seq, sbinfo->mpol);
680d794b
AM		 2938 return 0;
2939}
9183df25
DR		 2940
2941#define MFD_NAME_PREFIX "memfd:"
2942#define MFD_NAME_PREFIX_LEN (sizeof(MFD_NAME_PREFIX) - 1)
2943#define MFD_NAME_MAX_LEN (NAME_MAX - MFD_NAME_PREFIX_LEN)
2944
2945#define MFD_ALL_FLAGS (MFD_CLOEXEC | MFD_ALLOW_SEALING)
2946
2947SYSCALL_DEFINE2(memfd_create,
2948 const char __user *, uname,
2949 unsigned int, flags)
2950{
2951 struct shmem_inode_info *info;
2952 struct file *file;
2953 int fd, error;
2954 char *name;
2955 long len;
2956
2957 if (flags & ~(unsigned int)MFD_ALL_FLAGS)
2958 return -EINVAL;
2959
2960 /* length includes terminating zero */
2961 len = strnlen_user(uname, MFD_NAME_MAX_LEN + 1);
2962 if (len <= 0)
2963 return -EFAULT;
2964 if (len > MFD_NAME_MAX_LEN + 1)
2965 return -EINVAL;
2966
2967 name = kmalloc(len + MFD_NAME_PREFIX_LEN, GFP_TEMPORARY);
2968 if (!name)
2969 return -ENOMEM;
2970
2971 strcpy(name, MFD_NAME_PREFIX);
2972 if (copy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, len)) {
2973 error = -EFAULT;
2974 goto err_name;
2975 }
2976
2977 /* terminating-zero may have changed after strnlen_user() returned */
2978 if (name[len + MFD_NAME_PREFIX_LEN - 1]) {
2979 error = -EFAULT;
2980 goto err_name;
2981 }
2982
2983 fd = get_unused_fd_flags((flags & MFD_CLOEXEC) ? O_CLOEXEC : 0);
2984 if (fd < 0) {
2985 error = fd;
2986 goto err_name;
2987 }
2988
2989 file = shmem_file_setup(name, 0, VM_NORESERVE);
2990 if (IS_ERR(file)) {
2991 error = PTR_ERR(file);
2992 goto err_fd;
2993 }
2994 info = SHMEM_I(file_inode(file));
2995 file->f_mode |= FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE;
2996 file->f_flags |= O_RDWR | O_LARGEFILE;
2997 if (flags & MFD_ALLOW_SEALING)
2998 info->seals &= ~F_SEAL_SEAL;
2999
3000 fd_install(fd, file);
3001 kfree(name);
3002 return fd;
3003
3004err_fd:
3005 put_unused_fd(fd);
3006err_name:
3007 kfree(name);
3008 return error;
3009}
3010
680d794b 3011#endif /* CONFIG_TMPFS */
1da177e4
LT		 3012
3013static void shmem_put_super(struct super_block *sb)
3014{
602586a8
HD		 3015 struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
3016
3017 percpu_counter_destroy(&sbinfo->used_blocks);
49cd0a5c 3018 mpol_put(sbinfo->mpol);
602586a8 3019 kfree(sbinfo);
1da177e4
LT		 3020 sb->s_fs_info = NULL;
3021}
3022
2b2af54a 3023int shmem_fill_super(struct super_block *sb, void *data, int silent)
1da177e4
LT		 3024{
3025 struct inode *inode;
0edd73b3 3026 struct shmem_sb_info *sbinfo;
680d794b
AM		 3027 int err = -ENOMEM;
3028
3029 /* Round up to L1_CACHE_BYTES to resist false sharing */
425fbf04 3030 sbinfo = kzalloc(max((int)sizeof(struct shmem_sb_info),
680d794b
AM		 3031 L1_CACHE_BYTES), GFP_KERNEL);
3032 if (!sbinfo)
3033 return -ENOMEM;
3034
680d794b 3035 sbinfo->mode = S_IRWXUGO | S_ISVTX;
76aac0e9
DH		 3036 sbinfo->uid = current_fsuid();
3037 sbinfo->gid = current_fsgid();
680d794b 3038 sb->s_fs_info = sbinfo;
1da177e4 3039
0edd73b3 3040#ifdef CONFIG_TMPFS
1da177e4
LT		 3041 /*
3042 * Per default we only allow half of the physical ram per
3043 * tmpfs instance, limiting inodes to one per page of lowmem;
3044 * but the internal instance is left unlimited.
3045 */
ca4e0519 3046 if (!(sb->s_flags & MS_KERNMOUNT)) {
680d794b
AM		 3047 sbinfo->max_blocks = shmem_default_max_blocks();
3048 sbinfo->max_inodes = shmem_default_max_inodes();
3049 if (shmem_parse_options(data, sbinfo, false)) {
3050 err = -EINVAL;
3051 goto failed;
3052 }
ca4e0519
AV		 3053 } else {
3054 sb->s_flags |= MS_NOUSER;
1da177e4 3055 }
91828a40 3056 sb->s_export_op = &shmem_export_ops;
2f6e38f3 3057 sb->s_flags |= MS_NOSEC;
1da177e4
LT		 3058#else
3059 sb->s_flags |= MS_NOUSER;
3060#endif
3061
0edd73b3 3062 spin_lock_init(&sbinfo->stat_lock);
908c7f19 3063 if (percpu_counter_init(&sbinfo->used_blocks, 0, GFP_KERNEL))
602586a8 3064 goto failed;
680d794b 3065 sbinfo->free_inodes = sbinfo->max_inodes;
0edd73b3 3066
285b2c4f 3067 sb->s_maxbytes = MAX_LFS_FILESIZE;
09cbfeaf
KS		 3068 sb->s_blocksize = PAGE_SIZE;
3069 sb->s_blocksize_bits = PAGE_SHIFT;
1da177e4
LT		 3070 sb->s_magic = TMPFS_MAGIC;
3071 sb->s_op = &shmem_ops;
cfd95a9c 3072 sb->s_time_gran = 1;
b09e0fa4 3073#ifdef CONFIG_TMPFS_XATTR
39f0247d 3074 sb->s_xattr = shmem_xattr_handlers;
b09e0fa4
EP		 3075#endif
3076#ifdef CONFIG_TMPFS_POSIX_ACL
39f0247d
AG		 3077 sb->s_flags |= MS_POSIXACL;
3078#endif
0edd73b3 3079
454abafe 3080 inode = shmem_get_inode(sb, NULL, S_IFDIR | sbinfo->mode, 0, VM_NORESERVE);
1da177e4
LT		 3081 if (!inode)
3082 goto failed;
680d794b
AM		 3083 inode->i_uid = sbinfo->uid;
3084 inode->i_gid = sbinfo->gid;
318ceed0
AV		 3085 sb->s_root = d_make_root(inode);
3086 if (!sb->s_root)
48fde701 3087 goto failed;
1da177e4
LT		 3088 return 0;
3089
1da177e4
LT		 3090failed:
3091 shmem_put_super(sb);
3092 return err;
3093}
3094
fcc234f8 3095static struct kmem_cache *shmem_inode_cachep;
1da177e4
LT		 3096
3097static struct inode *shmem_alloc_inode(struct super_block *sb)
3098{
41ffe5d5
HD		 3099 struct shmem_inode_info *info;
3100 info = kmem_cache_alloc(shmem_inode_cachep, GFP_KERNEL);
3101 if (!info)
1da177e4 3102 return NULL;
41ffe5d5 3103 return &info->vfs_inode;
1da177e4
LT		 3104}
3105
41ffe5d5 3106static void shmem_destroy_callback(struct rcu_head *head)
fa0d7e3d
NP		 3107{
3108 struct inode *inode = container_of(head, struct inode, i_rcu);
84e710da
AV		 3109 if (S_ISLNK(inode->i_mode))
3110 kfree(inode->i_link);
fa0d7e3d
NP		 3111 kmem_cache_free(shmem_inode_cachep, SHMEM_I(inode));
3112}
3113
1da177e4
LT		 3114static void shmem_destroy_inode(struct inode *inode)
3115{
09208d15 3116 if (S_ISREG(inode->i_mode))
1da177e4 3117 mpol_free_shared_policy(&SHMEM_I(inode)->policy);
41ffe5d5 3118 call_rcu(&inode->i_rcu, shmem_destroy_callback);
1da177e4
LT		 3119}
3120
41ffe5d5 3121static void shmem_init_inode(void *foo)
1da177e4 3122{
41ffe5d5
HD		 3123 struct shmem_inode_info *info = foo;
3124 inode_init_once(&info->vfs_inode);
1da177e4
LT		 3125}
3126
41ffe5d5 3127static int shmem_init_inodecache(void)
1da177e4
LT		 3128{
3129 shmem_inode_cachep = kmem_cache_create("shmem_inode_cache",
3130 sizeof(struct shmem_inode_info),
5d097056 3131 0, SLAB_PANIC|SLAB_ACCOUNT, shmem_init_inode);
1da177e4
LT		 3132 return 0;
3133}
3134
41ffe5d5 3135static void shmem_destroy_inodecache(void)
1da177e4 3136{
1a1d92c1 3137 kmem_cache_destroy(shmem_inode_cachep);
1da177e4
LT		 3138}
3139
f5e54d6e 3140static const struct address_space_operations shmem_aops = {
1da177e4 3141 .writepage = shmem_writepage,
76719325 3142 .set_page_dirty = __set_page_dirty_no_writeback,
1da177e4 3143#ifdef CONFIG_TMPFS
800d15a5
NP		 3144 .write_begin = shmem_write_begin,
3145 .write_end = shmem_write_end,
1da177e4 3146#endif
1c93923c 3147#ifdef CONFIG_MIGRATION
304dbdb7 3148 .migratepage = migrate_page,
1c93923c 3149#endif
aa261f54 3150 .error_remove_page = generic_error_remove_page,
1da177e4
LT		 3151};
3152
15ad7cdc 3153static const struct file_operations shmem_file_operations = {
1da177e4
LT		 3154 .mmap = shmem_mmap,
3155#ifdef CONFIG_TMPFS
220f2ac9 3156 .llseek = shmem_file_llseek,
2ba5bbed 3157 .read_iter = shmem_file_read_iter,
8174202b 3158 .write_iter = generic_file_write_iter,
1b061d92 3159 .fsync = noop_fsync,
708e3508 3160 .splice_read = shmem_file_splice_read,
f6cb85d0 3161 .splice_write = iter_file_splice_write,
83e4fa9c 3162 .fallocate = shmem_fallocate,
1da177e4
LT		 3163#endif
3164};
3165
92e1d5be 3166static const struct inode_operations shmem_inode_operations = {
44a30220 3167 .getattr = shmem_getattr,
94c1e62d 3168 .setattr = shmem_setattr,
b09e0fa4 3169#ifdef CONFIG_TMPFS_XATTR
aa7c5241
AG		 3170 .setxattr = generic_setxattr,
3171 .getxattr = generic_getxattr,
b09e0fa4 3172 .listxattr = shmem_listxattr,
aa7c5241 3173 .removexattr = generic_removexattr,
feda821e 3174 .set_acl = simple_set_acl,
b09e0fa4 3175#endif
1da177e4
LT		 3176};
3177
92e1d5be 3178static const struct inode_operations shmem_dir_inode_operations = {
1da177e4
LT		 3179#ifdef CONFIG_TMPFS
3180 .create = shmem_create,
3181 .lookup = simple_lookup,
3182 .link = shmem_link,
3183 .unlink = shmem_unlink,
3184 .symlink = shmem_symlink,
3185 .mkdir = shmem_mkdir,
3186 .rmdir = shmem_rmdir,
3187 .mknod = shmem_mknod,
3b69ff51 3188 .rename2 = shmem_rename2,
60545d0d 3189 .tmpfile = shmem_tmpfile,
1da177e4 3190#endif
b09e0fa4 3191#ifdef CONFIG_TMPFS_XATTR
aa7c5241
AG		 3192 .setxattr = generic_setxattr,
3193 .getxattr = generic_getxattr,
b09e0fa4 3194 .listxattr = shmem_listxattr,
aa7c5241 3195 .removexattr = generic_removexattr,
b09e0fa4 3196#endif
39f0247d 3197#ifdef CONFIG_TMPFS_POSIX_ACL
94c1e62d 3198 .setattr = shmem_setattr,
feda821e 3199 .set_acl = simple_set_acl,
39f0247d
AG		 3200#endif
3201};
3202
92e1d5be 3203static const struct inode_operations shmem_special_inode_operations = {
b09e0fa4 3204#ifdef CONFIG_TMPFS_XATTR
aa7c5241
AG		 3205 .setxattr = generic_setxattr,
3206 .getxattr = generic_getxattr,
b09e0fa4 3207 .listxattr = shmem_listxattr,
aa7c5241 3208 .removexattr = generic_removexattr,
b09e0fa4 3209#endif
39f0247d 3210#ifdef CONFIG_TMPFS_POSIX_ACL
94c1e62d 3211 .setattr = shmem_setattr,
feda821e 3212 .set_acl = simple_set_acl,
39f0247d 3213#endif
1da177e4
LT		 3214};
3215
759b9775 3216static const struct super_operations shmem_ops = {
1da177e4
LT		 3217 .alloc_inode = shmem_alloc_inode,
3218 .destroy_inode = shmem_destroy_inode,
3219#ifdef CONFIG_TMPFS
3220 .statfs = shmem_statfs,
3221 .remount_fs = shmem_remount_fs,
680d794b 3222 .show_options = shmem_show_options,
1da177e4 3223#endif
1f895f75 3224 .evict_inode = shmem_evict_inode,
1da177e4
LT		 3225 .drop_inode = generic_delete_inode,
3226 .put_super = shmem_put_super,
3227};
3228
f0f37e2f 3229static const struct vm_operations_struct shmem_vm_ops = {
54cb8821 3230 .fault = shmem_fault,
d7c17551 3231 .map_pages = filemap_map_pages,
1da177e4
LT		 3232#ifdef CONFIG_NUMA
3233 .set_policy = shmem_set_policy,
3234 .get_policy = shmem_get_policy,
3235#endif
3236};
3237
3c26ff6e
AV		 3238static struct dentry *shmem_mount(struct file_system_type *fs_type,
3239 int flags, const char *dev_name, void *data)
1da177e4 3240{
3c26ff6e 3241 return mount_nodev(fs_type, flags, data, shmem_fill_super);
1da177e4
LT		 3242}
3243
41ffe5d5 3244static struct file_system_type shmem_fs_type = {
1da177e4
LT		 3245 .owner = THIS_MODULE,
3246 .name = "tmpfs",
3c26ff6e 3247 .mount = shmem_mount,
1da177e4 3248 .kill_sb = kill_litter_super,
2b8576cb 3249 .fs_flags = FS_USERNS_MOUNT,
1da177e4 3250};
1da177e4 3251
41ffe5d5 3252int __init shmem_init(void)
1da177e4
LT		 3253{
3254 int error;
3255
16203a7a
RL		 3256 /* If rootfs called this, don't re-init */
3257 if (shmem_inode_cachep)
3258 return 0;
3259
41ffe5d5 3260 error = shmem_init_inodecache();
1da177e4
LT		 3261 if (error)
3262 goto out3;
3263
41ffe5d5 3264 error = register_filesystem(&shmem_fs_type);
1da177e4 3265 if (error) {
1170532b 3266 pr_err("Could not register tmpfs\n");
1da177e4
LT		 3267 goto out2;
3268 }
95dc112a 3269
ca4e0519 3270 shm_mnt = kern_mount(&shmem_fs_type);
1da177e4
LT		 3271 if (IS_ERR(shm_mnt)) {
3272 error = PTR_ERR(shm_mnt);
1170532b 3273 pr_err("Could not kern_mount tmpfs\n");
1da177e4
LT		 3274 goto out1;
3275 }
3276 return 0;
3277
3278out1:
41ffe5d5 3279 unregister_filesystem(&shmem_fs_type);
1da177e4 3280out2:
41ffe5d5 3281 shmem_destroy_inodecache();
1da177e4
LT		 3282out3:
3283 shm_mnt = ERR_PTR(error);
3284 return error;
3285}
853ac43a
MM		 3286
3287#else /* !CONFIG_SHMEM */
3288
3289/*
3290 * tiny-shmem: simple shmemfs and tmpfs using ramfs code
3291 *
3292 * This is intended for small system where the benefits of the full
3293 * shmem code (swap-backed and resource-limited) are outweighed by
3294 * their complexity. On systems without swap this code should be
3295 * effectively equivalent, but much lighter weight.
3296 */
3297
41ffe5d5 3298static struct file_system_type shmem_fs_type = {
853ac43a 3299 .name = "tmpfs",
3c26ff6e 3300 .mount = ramfs_mount,
853ac43a 3301 .kill_sb = kill_litter_super,
2b8576cb 3302 .fs_flags = FS_USERNS_MOUNT,
853ac43a
MM		 3303};
3304
41ffe5d5 3305int __init shmem_init(void)
853ac43a 3306{
41ffe5d5 3307 BUG_ON(register_filesystem(&shmem_fs_type) != 0);
853ac43a 3308
41ffe5d5 3309 shm_mnt = kern_mount(&shmem_fs_type);
853ac43a
MM		 3310 BUG_ON(IS_ERR(shm_mnt));
3311
3312 return 0;
3313}
3314
41ffe5d5 3315int shmem_unuse(swp_entry_t swap, struct page *page)
853ac43a
MM		 3316{
3317 return 0;
3318}
3319
3f96b79a
HD		 3320int shmem_lock(struct file *file, int lock, struct user_struct *user)
3321{
3322 return 0;
3323}
3324
24513264
HD		 3325void shmem_unlock_mapping(struct address_space *mapping)
3326{
3327}
3328
41ffe5d5 3329void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
94c1e62d 3330{
41ffe5d5 3331 truncate_inode_pages_range(inode->i_mapping, lstart, lend);
94c1e62d
HD		 3332}
3333EXPORT_SYMBOL_GPL(shmem_truncate_range);
3334
0b0a0806
HD		 3335#define shmem_vm_ops generic_file_vm_ops
3336#define shmem_file_operations ramfs_file_operations
454abafe 3337#define shmem_get_inode(sb, dir, mode, dev, flags) ramfs_get_inode(sb, dir, mode, dev)
0b0a0806
HD		 3338#define shmem_acct_size(flags, size) 0
3339#define shmem_unacct_size(flags, size) do {} while (0)
853ac43a
MM		 3340
3341#endif /* CONFIG_SHMEM */
3342
3343/* common code */
1da177e4 3344
3451538a 3345static struct dentry_operations anon_ops = {
118b2302 3346 .d_dname = simple_dname
3451538a
AV		 3347};
3348
c7277090
EP		 3349static struct file *__shmem_file_setup(const char *name, loff_t size,
3350 unsigned long flags, unsigned int i_flags)
1da177e4 3351{
6b4d0b27 3352 struct file *res;
1da177e4 3353 struct inode *inode;
2c48b9c4 3354 struct path path;
3451538a 3355 struct super_block *sb;
1da177e4
LT		 3356 struct qstr this;
3357
3358 if (IS_ERR(shm_mnt))
6b4d0b27 3359 return ERR_CAST(shm_mnt);
1da177e4 3360
285b2c4f 3361 if (size < 0 || size > MAX_LFS_FILESIZE)
1da177e4
LT		 3362 return ERR_PTR(-EINVAL);
3363
3364 if (shmem_acct_size(flags, size))
3365 return ERR_PTR(-ENOMEM);
3366
6b4d0b27 3367 res = ERR_PTR(-ENOMEM);
1da177e4
LT		 3368 this.name = name;
3369 this.len = strlen(name);
3370 this.hash = 0; /* will go */
3451538a 3371 sb = shm_mnt->mnt_sb;
66ee4b88 3372 path.mnt = mntget(shm_mnt);
3451538a 3373 path.dentry = d_alloc_pseudo(sb, &this);
2c48b9c4 3374 if (!path.dentry)
1da177e4 3375 goto put_memory;
3451538a 3376 d_set_d_op(path.dentry, &anon_ops);
1da177e4 3377
6b4d0b27 3378 res = ERR_PTR(-ENOSPC);
3451538a 3379 inode = shmem_get_inode(sb, NULL, S_IFREG | S_IRWXUGO, 0, flags);
1da177e4 3380 if (!inode)
66ee4b88 3381 goto put_memory;
1da177e4 3382
c7277090 3383 inode->i_flags |= i_flags;
2c48b9c4 3384 d_instantiate(path.dentry, inode);
1da177e4 3385 inode->i_size = size;
6d6b77f1 3386 clear_nlink(inode); /* It is unlinked */
26567cdb
AV		 3387 res = ERR_PTR(ramfs_nommu_expand_for_mapping(inode, size));
3388 if (IS_ERR(res))
66ee4b88 3389 goto put_path;
4b42af81 3390
6b4d0b27 3391 res = alloc_file(&path, FMODE_WRITE | FMODE_READ,
4b42af81 3392 &shmem_file_operations);
6b4d0b27 3393 if (IS_ERR(res))
66ee4b88 3394 goto put_path;
4b42af81 3395
6b4d0b27 3396 return res;
1da177e4 3397
1da177e4
LT		 3398put_memory:
3399 shmem_unacct_size(flags, size);
66ee4b88
KK		 3400put_path:
3401 path_put(&path);
6b4d0b27 3402 return res;
1da177e4 3403}
c7277090
EP		 3404
3405/**
3406 * shmem_kernel_file_setup - get an unlinked file living in tmpfs which must be
3407 * kernel internal. There will be NO LSM permission checks against the
3408 * underlying inode. So users of this interface must do LSM checks at a
e1832f29
SS		 3409 * higher layer. The users are the big_key and shm implementations. LSM
3410 * checks are provided at the key or shm level rather than the inode.
c7277090
EP		 3411 * @name: name for dentry (to be seen in /proc/<pid>/maps
3412 * @size: size to be set for the file
3413 * @flags: VM_NORESERVE suppresses pre-accounting of the entire object size
3414 */
3415struct file *shmem_kernel_file_setup(const char *name, loff_t size, unsigned long flags)
3416{
3417 return __shmem_file_setup(name, size, flags, S_PRIVATE);
3418}
3419
3420/**
3421 * shmem_file_setup - get an unlinked file living in tmpfs
3422 * @name: name for dentry (to be seen in /proc/<pid>/maps
3423 * @size: size to be set for the file
3424 * @flags: VM_NORESERVE suppresses pre-accounting of the entire object size
3425 */
3426struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags)
3427{
3428 return __shmem_file_setup(name, size, flags, 0);
3429}
395e0ddc 3430EXPORT_SYMBOL_GPL(shmem_file_setup);
1da177e4 3431
46711810 3432/**
1da177e4 3433 * shmem_zero_setup - setup a shared anonymous mapping
1da177e4
LT		 3434 * @vma: the vma to be mmapped is prepared by do_mmap_pgoff
3435 */
3436int shmem_zero_setup(struct vm_area_struct *vma)
3437{
3438 struct file *file;
3439 loff_t size = vma->vm_end - vma->vm_start;
3440
66fc1303
HD		 3441 /*
3442 * Cloning a new file under mmap_sem leads to a lock ordering conflict
3443 * between XFS directory reading and selinux: since this file is only
3444 * accessible to the user through its mapping, use S_PRIVATE flag to
3445 * bypass file security, in the same way as shmem_kernel_file_setup().
3446 */
3447 file = __shmem_file_setup("dev/zero", size, vma->vm_flags, S_PRIVATE);
1da177e4
LT		 3448 if (IS_ERR(file))
3449 return PTR_ERR(file);
3450
3451 if (vma->vm_file)
3452 fput(vma->vm_file);
3453 vma->vm_file = file;
3454 vma->vm_ops = &shmem_vm_ops;
3455 return 0;
3456}
d9d90e5e
HD		 3457
3458/**
3459 * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags.
3460 * @mapping: the page's address_space
3461 * @index: the page index
3462 * @gfp: the page allocator flags to use if allocating
3463 *
3464 * This behaves as a tmpfs "read_cache_page_gfp(mapping, index, gfp)",
3465 * with any new page allocations done using the specified allocation flags.
3466 * But read_cache_page_gfp() uses the ->readpage() method: which does not
3467 * suit tmpfs, since it may have pages in swapcache, and needs to find those
3468 * for itself; although drivers/gpu/drm i915 and ttm rely upon this support.
3469 *
68da9f05
HD		 3470 * i915_gem_object_get_pages_gtt() mixes __GFP_NORETRY | __GFP_NOWARN in
3471 * with the mapping_gfp_mask(), to avoid OOMing the machine unnecessarily.
d9d90e5e
HD		 3472 */
3473struct page *shmem_read_mapping_page_gfp(struct address_space *mapping,
3474 pgoff_t index, gfp_t gfp)
3475{
68da9f05
HD		 3476#ifdef CONFIG_SHMEM
3477 struct inode *inode = mapping->host;
9276aad6 3478 struct page *page;
68da9f05
HD		 3479 int error;
3480
3481 BUG_ON(mapping->a_ops != &shmem_aops);
3482 error = shmem_getpage_gfp(inode, index, &page, SGP_CACHE, gfp, NULL);
3483 if (error)
3484 page = ERR_PTR(error);
3485 else
3486 unlock_page(page);
3487 return page;
3488#else
3489 /*
3490 * The tiny !SHMEM case uses ramfs without swap
3491 */
d9d90e5e 3492 return read_cache_page_gfp(mapping, index, gfp);
68da9f05 3493#endif
d9d90e5e
HD		 3494}
3495EXPORT_SYMBOL_GPL(shmem_read_mapping_page_gfp);
A mirror of Linus' kernel repository