[CVE-2009-0029] System call wrappers part 02
[linux-2.6] / mm / truncate.c
1 /*
2  * mm/truncate.c - code for taking down pages from address_spaces
3  *
4  * Copyright (C) 2002, Linus Torvalds
5  *
6  * 10Sep2002    Andrew Morton
7  *              Initial version.
8  */
9
10 #include <linux/kernel.h>
11 #include <linux/backing-dev.h>
12 #include <linux/mm.h>
13 #include <linux/swap.h>
14 #include <linux/module.h>
15 #include <linux/pagemap.h>
16 #include <linux/highmem.h>
17 #include <linux/pagevec.h>
18 #include <linux/task_io_accounting_ops.h>
19 #include <linux/buffer_head.h>  /* grr. try_to_release_page,
20                                    do_invalidatepage */
21 #include "internal.h"
22
23
24 /**
25  * do_invalidatepage - invalidate part or all of a page
26  * @page: the page which is affected
27  * @offset: the index of the truncation point
28  *
29  * do_invalidatepage() is called when all or part of the page has become
30  * invalidated by a truncate operation.
31  *
32  * do_invalidatepage() does not have to release all buffers, but it must
33  * ensure that no dirty buffer is left outside @offset and that no I/O
34  * is underway against any of the blocks which are outside the truncation
35  * point.  Because the caller is about to free (and possibly reuse) those
36  * blocks on-disk.
37  */
38 void do_invalidatepage(struct page *page, unsigned long offset)
39 {
40         void (*invalidatepage)(struct page *, unsigned long);
41         invalidatepage = page->mapping->a_ops->invalidatepage;
42 #ifdef CONFIG_BLOCK
43         if (!invalidatepage)
44                 invalidatepage = block_invalidatepage;
45 #endif
46         if (invalidatepage)
47                 (*invalidatepage)(page, offset);
48 }
49
50 static inline void truncate_partial_page(struct page *page, unsigned partial)
51 {
52         zero_user_segment(page, partial, PAGE_CACHE_SIZE);
53         if (PagePrivate(page))
54                 do_invalidatepage(page, partial);
55 }
56
57 /*
58  * This cancels just the dirty bit on the kernel page itself, it
59  * does NOT actually remove dirty bits on any mmap's that may be
60  * around. It also leaves the page tagged dirty, so any sync
61  * activity will still find it on the dirty lists, and in particular,
62  * clear_page_dirty_for_io() will still look at the dirty bits in
63  * the VM.
64  *
65  * Doing this should *normally* only ever be done when a page
66  * is truncated, and is not actually mapped anywhere at all. However,
67  * fs/buffer.c does this when it notices that somebody has cleaned
68  * out all the buffers on a page without actually doing it through
69  * the VM. Can you say "ext3 is horribly ugly"? Tought you could.
70  */
71 void cancel_dirty_page(struct page *page, unsigned int account_size)
72 {
73         if (TestClearPageDirty(page)) {
74                 struct address_space *mapping = page->mapping;
75                 if (mapping && mapping_cap_account_dirty(mapping)) {
76                         dec_zone_page_state(page, NR_FILE_DIRTY);
77                         dec_bdi_stat(mapping->backing_dev_info,
78                                         BDI_RECLAIMABLE);
79                         if (account_size)
80                                 task_io_account_cancelled_write(account_size);
81                 }
82         }
83 }
84 EXPORT_SYMBOL(cancel_dirty_page);
85
86 /*
87  * If truncate cannot remove the fs-private metadata from the page, the page
88  * becomes orphaned.  It will be left on the LRU and may even be mapped into
89  * user pagetables if we're racing with filemap_fault().
90  *
91  * We need to bale out if page->mapping is no longer equal to the original
92  * mapping.  This happens a) when the VM reclaimed the page while we waited on
93  * its lock, b) when a concurrent invalidate_mapping_pages got there first and
94  * c) when tmpfs swizzles a page between a tmpfs inode and swapper_space.
95  */
96 static void
97 truncate_complete_page(struct address_space *mapping, struct page *page)
98 {
99         if (page->mapping != mapping)
100                 return;
101
102         if (PagePrivate(page))
103                 do_invalidatepage(page, 0);
104
105         cancel_dirty_page(page, PAGE_CACHE_SIZE);
106
107         clear_page_mlock(page);
108         remove_from_page_cache(page);
109         ClearPageMappedToDisk(page);
110         page_cache_release(page);       /* pagecache ref */
111 }
112
113 /*
114  * This is for invalidate_mapping_pages().  That function can be called at
115  * any time, and is not supposed to throw away dirty pages.  But pages can
116  * be marked dirty at any time too, so use remove_mapping which safely
117  * discards clean, unused pages.
118  *
119  * Returns non-zero if the page was successfully invalidated.
120  */
121 static int
122 invalidate_complete_page(struct address_space *mapping, struct page *page)
123 {
124         int ret;
125
126         if (page->mapping != mapping)
127                 return 0;
128
129         if (PagePrivate(page) && !try_to_release_page(page, 0))
130                 return 0;
131
132         clear_page_mlock(page);
133         ret = remove_mapping(mapping, page);
134
135         return ret;
136 }
137
138 /**
139  * truncate_inode_pages - truncate range of pages specified by start & end byte offsets
140  * @mapping: mapping to truncate
141  * @lstart: offset from which to truncate
142  * @lend: offset to which to truncate
143  *
144  * Truncate the page cache, removing the pages that are between
145  * specified offsets (and zeroing out partial page
146  * (if lstart is not page aligned)).
147  *
148  * Truncate takes two passes - the first pass is nonblocking.  It will not
149  * block on page locks and it will not block on writeback.  The second pass
150  * will wait.  This is to prevent as much IO as possible in the affected region.
151  * The first pass will remove most pages, so the search cost of the second pass
152  * is low.
153  *
154  * When looking at page->index outside the page lock we need to be careful to
155  * copy it into a local to avoid races (it could change at any time).
156  *
157  * We pass down the cache-hot hint to the page freeing code.  Even if the
158  * mapping is large, it is probably the case that the final pages are the most
159  * recently touched, and freeing happens in ascending file offset order.
160  */
161 void truncate_inode_pages_range(struct address_space *mapping,
162                                 loff_t lstart, loff_t lend)
163 {
164         const pgoff_t start = (lstart + PAGE_CACHE_SIZE-1) >> PAGE_CACHE_SHIFT;
165         pgoff_t end;
166         const unsigned partial = lstart & (PAGE_CACHE_SIZE - 1);
167         struct pagevec pvec;
168         pgoff_t next;
169         int i;
170
171         if (mapping->nrpages == 0)
172                 return;
173
174         BUG_ON((lend & (PAGE_CACHE_SIZE - 1)) != (PAGE_CACHE_SIZE - 1));
175         end = (lend >> PAGE_CACHE_SHIFT);
176
177         pagevec_init(&pvec, 0);
178         next = start;
179         while (next <= end &&
180                pagevec_lookup(&pvec, mapping, next, PAGEVEC_SIZE)) {
181                 for (i = 0; i < pagevec_count(&pvec); i++) {
182                         struct page *page = pvec.pages[i];
183                         pgoff_t page_index = page->index;
184
185                         if (page_index > end) {
186                                 next = page_index;
187                                 break;
188                         }
189
190                         if (page_index > next)
191                                 next = page_index;
192                         next++;
193                         if (!trylock_page(page))
194                                 continue;
195                         if (PageWriteback(page)) {
196                                 unlock_page(page);
197                                 continue;
198                         }
199                         if (page_mapped(page)) {
200                                 unmap_mapping_range(mapping,
201                                   (loff_t)page_index<<PAGE_CACHE_SHIFT,
202                                   PAGE_CACHE_SIZE, 0);
203                         }
204                         truncate_complete_page(mapping, page);
205                         unlock_page(page);
206                 }
207                 pagevec_release(&pvec);
208                 cond_resched();
209         }
210
211         if (partial) {
212                 struct page *page = find_lock_page(mapping, start - 1);
213                 if (page) {
214                         wait_on_page_writeback(page);
215                         truncate_partial_page(page, partial);
216                         unlock_page(page);
217                         page_cache_release(page);
218                 }
219         }
220
221         next = start;
222         for ( ; ; ) {
223                 cond_resched();
224                 if (!pagevec_lookup(&pvec, mapping, next, PAGEVEC_SIZE)) {
225                         if (next == start)
226                                 break;
227                         next = start;
228                         continue;
229                 }
230                 if (pvec.pages[0]->index > end) {
231                         pagevec_release(&pvec);
232                         break;
233                 }
234                 for (i = 0; i < pagevec_count(&pvec); i++) {
235                         struct page *page = pvec.pages[i];
236
237                         if (page->index > end)
238                                 break;
239                         lock_page(page);
240                         wait_on_page_writeback(page);
241                         if (page_mapped(page)) {
242                                 unmap_mapping_range(mapping,
243                                   (loff_t)page->index<<PAGE_CACHE_SHIFT,
244                                   PAGE_CACHE_SIZE, 0);
245                         }
246                         if (page->index > next)
247                                 next = page->index;
248                         next++;
249                         truncate_complete_page(mapping, page);
250                         unlock_page(page);
251                 }
252                 pagevec_release(&pvec);
253         }
254 }
255 EXPORT_SYMBOL(truncate_inode_pages_range);
256
257 /**
258  * truncate_inode_pages - truncate *all* the pages from an offset
259  * @mapping: mapping to truncate
260  * @lstart: offset from which to truncate
261  *
262  * Called under (and serialised by) inode->i_mutex.
263  */
264 void truncate_inode_pages(struct address_space *mapping, loff_t lstart)
265 {
266         truncate_inode_pages_range(mapping, lstart, (loff_t)-1);
267 }
268 EXPORT_SYMBOL(truncate_inode_pages);
269
270 unsigned long __invalidate_mapping_pages(struct address_space *mapping,
271                                 pgoff_t start, pgoff_t end, bool be_atomic)
272 {
273         struct pagevec pvec;
274         pgoff_t next = start;
275         unsigned long ret = 0;
276         int i;
277
278         pagevec_init(&pvec, 0);
279         while (next <= end &&
280                         pagevec_lookup(&pvec, mapping, next, PAGEVEC_SIZE)) {
281                 for (i = 0; i < pagevec_count(&pvec); i++) {
282                         struct page *page = pvec.pages[i];
283                         pgoff_t index;
284                         int lock_failed;
285
286                         lock_failed = !trylock_page(page);
287
288                         /*
289                          * We really shouldn't be looking at the ->index of an
290                          * unlocked page.  But we're not allowed to lock these
291                          * pages.  So we rely upon nobody altering the ->index
292                          * of this (pinned-by-us) page.
293                          */
294                         index = page->index;
295                         if (index > next)
296                                 next = index;
297                         next++;
298                         if (lock_failed)
299                                 continue;
300
301                         if (PageDirty(page) || PageWriteback(page))
302                                 goto unlock;
303                         if (page_mapped(page))
304                                 goto unlock;
305                         ret += invalidate_complete_page(mapping, page);
306 unlock:
307                         unlock_page(page);
308                         if (next > end)
309                                 break;
310                 }
311                 pagevec_release(&pvec);
312                 if (likely(!be_atomic))
313                         cond_resched();
314         }
315         return ret;
316 }
317
318 /**
319  * invalidate_mapping_pages - Invalidate all the unlocked pages of one inode
320  * @mapping: the address_space which holds the pages to invalidate
321  * @start: the offset 'from' which to invalidate
322  * @end: the offset 'to' which to invalidate (inclusive)
323  *
324  * This function only removes the unlocked pages, if you want to
325  * remove all the pages of one inode, you must call truncate_inode_pages.
326  *
327  * invalidate_mapping_pages() will not block on IO activity. It will not
328  * invalidate pages which are dirty, locked, under writeback or mapped into
329  * pagetables.
330  */
331 unsigned long invalidate_mapping_pages(struct address_space *mapping,
332                                 pgoff_t start, pgoff_t end)
333 {
334         return __invalidate_mapping_pages(mapping, start, end, false);
335 }
336 EXPORT_SYMBOL(invalidate_mapping_pages);
337
338 /*
339  * This is like invalidate_complete_page(), except it ignores the page's
340  * refcount.  We do this because invalidate_inode_pages2() needs stronger
341  * invalidation guarantees, and cannot afford to leave pages behind because
342  * shrink_page_list() has a temp ref on them, or because they're transiently
343  * sitting in the lru_cache_add() pagevecs.
344  */
345 static int
346 invalidate_complete_page2(struct address_space *mapping, struct page *page)
347 {
348         if (page->mapping != mapping)
349                 return 0;
350
351         if (PagePrivate(page) && !try_to_release_page(page, GFP_KERNEL))
352                 return 0;
353
354         spin_lock_irq(&mapping->tree_lock);
355         if (PageDirty(page))
356                 goto failed;
357
358         clear_page_mlock(page);
359         BUG_ON(PagePrivate(page));
360         __remove_from_page_cache(page);
361         spin_unlock_irq(&mapping->tree_lock);
362         page_cache_release(page);       /* pagecache ref */
363         return 1;
364 failed:
365         spin_unlock_irq(&mapping->tree_lock);
366         return 0;
367 }
368
369 static int do_launder_page(struct address_space *mapping, struct page *page)
370 {
371         if (!PageDirty(page))
372                 return 0;
373         if (page->mapping != mapping || mapping->a_ops->launder_page == NULL)
374                 return 0;
375         return mapping->a_ops->launder_page(page);
376 }
377
378 /**
379  * invalidate_inode_pages2_range - remove range of pages from an address_space
380  * @mapping: the address_space
381  * @start: the page offset 'from' which to invalidate
382  * @end: the page offset 'to' which to invalidate (inclusive)
383  *
384  * Any pages which are found to be mapped into pagetables are unmapped prior to
385  * invalidation.
386  *
387  * Returns -EBUSY if any pages could not be invalidated.
388  */
389 int invalidate_inode_pages2_range(struct address_space *mapping,
390                                   pgoff_t start, pgoff_t end)
391 {
392         struct pagevec pvec;
393         pgoff_t next;
394         int i;
395         int ret = 0;
396         int ret2 = 0;
397         int did_range_unmap = 0;
398         int wrapped = 0;
399
400         pagevec_init(&pvec, 0);
401         next = start;
402         while (next <= end && !wrapped &&
403                 pagevec_lookup(&pvec, mapping, next,
404                         min(end - next, (pgoff_t)PAGEVEC_SIZE - 1) + 1)) {
405                 for (i = 0; i < pagevec_count(&pvec); i++) {
406                         struct page *page = pvec.pages[i];
407                         pgoff_t page_index;
408
409                         lock_page(page);
410                         if (page->mapping != mapping) {
411                                 unlock_page(page);
412                                 continue;
413                         }
414                         page_index = page->index;
415                         next = page_index + 1;
416                         if (next == 0)
417                                 wrapped = 1;
418                         if (page_index > end) {
419                                 unlock_page(page);
420                                 break;
421                         }
422                         wait_on_page_writeback(page);
423                         if (page_mapped(page)) {
424                                 if (!did_range_unmap) {
425                                         /*
426                                          * Zap the rest of the file in one hit.
427                                          */
428                                         unmap_mapping_range(mapping,
429                                            (loff_t)page_index<<PAGE_CACHE_SHIFT,
430                                            (loff_t)(end - page_index + 1)
431                                                         << PAGE_CACHE_SHIFT,
432                                             0);
433                                         did_range_unmap = 1;
434                                 } else {
435                                         /*
436                                          * Just zap this page
437                                          */
438                                         unmap_mapping_range(mapping,
439                                           (loff_t)page_index<<PAGE_CACHE_SHIFT,
440                                           PAGE_CACHE_SIZE, 0);
441                                 }
442                         }
443                         BUG_ON(page_mapped(page));
444                         ret2 = do_launder_page(mapping, page);
445                         if (ret2 == 0) {
446                                 if (!invalidate_complete_page2(mapping, page))
447                                         ret2 = -EBUSY;
448                         }
449                         if (ret2 < 0)
450                                 ret = ret2;
451                         unlock_page(page);
452                 }
453                 pagevec_release(&pvec);
454                 cond_resched();
455         }
456         return ret;
457 }
458 EXPORT_SYMBOL_GPL(invalidate_inode_pages2_range);
459
460 /**
461  * invalidate_inode_pages2 - remove all pages from an address_space
462  * @mapping: the address_space
463  *
464  * Any pages which are found to be mapped into pagetables are unmapped prior to
465  * invalidation.
466  *
467  * Returns -EIO if any pages could not be invalidated.
468  */
469 int invalidate_inode_pages2(struct address_space *mapping)
470 {
471         return invalidate_inode_pages2_range(mapping, 0, -1);
472 }
473 EXPORT_SYMBOL_GPL(invalidate_inode_pages2);