fix buffer overflow in the moxa driver (CVE-2005-0504)
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / fs / bio.c
blob0cba08f314caf21d0028883e3cbb401bf9ed111f
1 /*
2 * Copyright (C) 2001 Jens Axboe <axboe@suse.de>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public Licens
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-
18 #include <linux/mm.h>
19 #include <linux/swap.h>
20 #include <linux/bio.h>
21 #include <linux/blkdev.h>
22 #include <linux/slab.h>
23 #include <linux/init.h>
24 #include <linux/kernel.h>
25 #include <linux/module.h>
26 #include <linux/mempool.h>
27 #include <linux/workqueue.h>
28 #include <scsi/sg.h> /* for struct sg_iovec */
30 #define BIO_POOL_SIZE 256
32 static kmem_cache_t *bio_slab;
34 #define BIOVEC_NR_POOLS 6
37 * a small number of entries is fine, not going to be performance critical.
38 * basically we just need to survive
40 #define BIO_SPLIT_ENTRIES 8
41 mempool_t *bio_split_pool;
43 struct biovec_slab {
44 int nr_vecs;
45 char *name;
46 kmem_cache_t *slab;
50 * if you change this list, also change bvec_alloc or things will
51 * break badly! cannot be bigger than what you can fit into an
52 * unsigned short
55 #define BV(x) { .nr_vecs = x, .name = "biovec-"__stringify(x) }
56 static struct biovec_slab bvec_slabs[BIOVEC_NR_POOLS] __read_mostly = {
57 BV(1), BV(4), BV(16), BV(64), BV(128), BV(BIO_MAX_PAGES),
59 #undef BV
62 * bio_set is used to allow other portions of the IO system to
63 * allocate their own private memory pools for bio and iovec structures.
64 * These memory pools in turn all allocate from the bio_slab
65 * and the bvec_slabs[].
67 struct bio_set {
68 mempool_t *bio_pool;
69 mempool_t *bvec_pools[BIOVEC_NR_POOLS];
73 * fs_bio_set is the bio_set containing bio and iovec memory pools used by
74 * IO code that does not need private memory pools.
76 static struct bio_set *fs_bio_set;
78 static inline struct bio_vec *bvec_alloc_bs(gfp_t gfp_mask, int nr, unsigned long *idx, struct bio_set *bs)
80 struct bio_vec *bvl;
81 struct biovec_slab *bp;
84 * see comment near bvec_array define!
86 switch (nr) {
87 case 1 : *idx = 0; break;
88 case 2 ... 4: *idx = 1; break;
89 case 5 ... 16: *idx = 2; break;
90 case 17 ... 64: *idx = 3; break;
91 case 65 ... 128: *idx = 4; break;
92 case 129 ... BIO_MAX_PAGES: *idx = 5; break;
93 default:
94 return NULL;
97 * idx now points to the pool we want to allocate from
100 bp = bvec_slabs + *idx;
101 bvl = mempool_alloc(bs->bvec_pools[*idx], gfp_mask);
102 if (bvl)
103 memset(bvl, 0, bp->nr_vecs * sizeof(struct bio_vec));
105 return bvl;
108 void bio_free(struct bio *bio, struct bio_set *bio_set)
110 const int pool_idx = BIO_POOL_IDX(bio);
112 BIO_BUG_ON(pool_idx >= BIOVEC_NR_POOLS);
114 mempool_free(bio->bi_io_vec, bio_set->bvec_pools[pool_idx]);
115 mempool_free(bio, bio_set->bio_pool);
119 * default destructor for a bio allocated with bio_alloc_bioset()
121 static void bio_fs_destructor(struct bio *bio)
123 bio_free(bio, fs_bio_set);
126 void bio_init(struct bio *bio)
128 bio->bi_next = NULL;
129 bio->bi_bdev = NULL;
130 bio->bi_flags = 1 << BIO_UPTODATE;
131 bio->bi_rw = 0;
132 bio->bi_vcnt = 0;
133 bio->bi_idx = 0;
134 bio->bi_phys_segments = 0;
135 bio->bi_hw_segments = 0;
136 bio->bi_hw_front_size = 0;
137 bio->bi_hw_back_size = 0;
138 bio->bi_size = 0;
139 bio->bi_max_vecs = 0;
140 bio->bi_end_io = NULL;
141 atomic_set(&bio->bi_cnt, 1);
142 bio->bi_private = NULL;
146 * bio_alloc_bioset - allocate a bio for I/O
147 * @gfp_mask: the GFP_ mask given to the slab allocator
148 * @nr_iovecs: number of iovecs to pre-allocate
149 * @bs: the bio_set to allocate from
151 * Description:
152 * bio_alloc_bioset will first try it's on mempool to satisfy the allocation.
153 * If %__GFP_WAIT is set then we will block on the internal pool waiting
154 * for a &struct bio to become free.
156 * allocate bio and iovecs from the memory pools specified by the
157 * bio_set structure.
159 struct bio *bio_alloc_bioset(gfp_t gfp_mask, int nr_iovecs, struct bio_set *bs)
161 struct bio *bio = mempool_alloc(bs->bio_pool, gfp_mask);
163 if (likely(bio)) {
164 struct bio_vec *bvl = NULL;
166 bio_init(bio);
167 if (likely(nr_iovecs)) {
168 unsigned long idx;
170 bvl = bvec_alloc_bs(gfp_mask, nr_iovecs, &idx, bs);
171 if (unlikely(!bvl)) {
172 mempool_free(bio, bs->bio_pool);
173 bio = NULL;
174 goto out;
176 bio->bi_flags |= idx << BIO_POOL_OFFSET;
177 bio->bi_max_vecs = bvec_slabs[idx].nr_vecs;
179 bio->bi_io_vec = bvl;
181 out:
182 return bio;
185 struct bio *bio_alloc(gfp_t gfp_mask, int nr_iovecs)
187 struct bio *bio = bio_alloc_bioset(gfp_mask, nr_iovecs, fs_bio_set);
189 if (bio)
190 bio->bi_destructor = bio_fs_destructor;
192 return bio;
195 void zero_fill_bio(struct bio *bio)
197 unsigned long flags;
198 struct bio_vec *bv;
199 int i;
201 bio_for_each_segment(bv, bio, i) {
202 char *data = bvec_kmap_irq(bv, &flags);
203 memset(data, 0, bv->bv_len);
204 flush_dcache_page(bv->bv_page);
205 bvec_kunmap_irq(data, &flags);
208 EXPORT_SYMBOL(zero_fill_bio);
211 * bio_put - release a reference to a bio
212 * @bio: bio to release reference to
214 * Description:
215 * Put a reference to a &struct bio, either one you have gotten with
216 * bio_alloc or bio_get. The last put of a bio will free it.
218 void bio_put(struct bio *bio)
220 BIO_BUG_ON(!atomic_read(&bio->bi_cnt));
223 * last put frees it
225 if (atomic_dec_and_test(&bio->bi_cnt)) {
226 bio->bi_next = NULL;
227 bio->bi_destructor(bio);
231 inline int bio_phys_segments(request_queue_t *q, struct bio *bio)
233 if (unlikely(!bio_flagged(bio, BIO_SEG_VALID)))
234 blk_recount_segments(q, bio);
236 return bio->bi_phys_segments;
239 inline int bio_hw_segments(request_queue_t *q, struct bio *bio)
241 if (unlikely(!bio_flagged(bio, BIO_SEG_VALID)))
242 blk_recount_segments(q, bio);
244 return bio->bi_hw_segments;
248 * __bio_clone - clone a bio
249 * @bio: destination bio
250 * @bio_src: bio to clone
252 * Clone a &bio. Caller will own the returned bio, but not
253 * the actual data it points to. Reference count of returned
254 * bio will be one.
256 void __bio_clone(struct bio *bio, struct bio *bio_src)
258 request_queue_t *q = bdev_get_queue(bio_src->bi_bdev);
260 memcpy(bio->bi_io_vec, bio_src->bi_io_vec,
261 bio_src->bi_max_vecs * sizeof(struct bio_vec));
263 bio->bi_sector = bio_src->bi_sector;
264 bio->bi_bdev = bio_src->bi_bdev;
265 bio->bi_flags |= 1 << BIO_CLONED;
266 bio->bi_rw = bio_src->bi_rw;
267 bio->bi_vcnt = bio_src->bi_vcnt;
268 bio->bi_size = bio_src->bi_size;
269 bio->bi_idx = bio_src->bi_idx;
270 bio_phys_segments(q, bio);
271 bio_hw_segments(q, bio);
275 * bio_clone - clone a bio
276 * @bio: bio to clone
277 * @gfp_mask: allocation priority
279 * Like __bio_clone, only also allocates the returned bio
281 struct bio *bio_clone(struct bio *bio, gfp_t gfp_mask)
283 struct bio *b = bio_alloc_bioset(gfp_mask, bio->bi_max_vecs, fs_bio_set);
285 if (b) {
286 b->bi_destructor = bio_fs_destructor;
287 __bio_clone(b, bio);
290 return b;
294 * bio_get_nr_vecs - return approx number of vecs
295 * @bdev: I/O target
297 * Return the approximate number of pages we can send to this target.
298 * There's no guarantee that you will be able to fit this number of pages
299 * into a bio, it does not account for dynamic restrictions that vary
300 * on offset.
302 int bio_get_nr_vecs(struct block_device *bdev)
304 request_queue_t *q = bdev_get_queue(bdev);
305 int nr_pages;
307 nr_pages = ((q->max_sectors << 9) + PAGE_SIZE - 1) >> PAGE_SHIFT;
308 if (nr_pages > q->max_phys_segments)
309 nr_pages = q->max_phys_segments;
310 if (nr_pages > q->max_hw_segments)
311 nr_pages = q->max_hw_segments;
313 return nr_pages;
316 static int __bio_add_page(request_queue_t *q, struct bio *bio, struct page
317 *page, unsigned int len, unsigned int offset,
318 unsigned short max_sectors)
320 int retried_segments = 0;
321 struct bio_vec *bvec;
324 * cloned bio must not modify vec list
326 if (unlikely(bio_flagged(bio, BIO_CLONED)))
327 return 0;
329 if (((bio->bi_size + len) >> 9) > max_sectors)
330 return 0;
333 * For filesystems with a blocksize smaller than the pagesize
334 * we will often be called with the same page as last time and
335 * a consecutive offset. Optimize this special case.
337 if (bio->bi_vcnt > 0) {
338 struct bio_vec *prev = &bio->bi_io_vec[bio->bi_vcnt - 1];
340 if (page == prev->bv_page &&
341 offset == prev->bv_offset + prev->bv_len) {
342 prev->bv_len += len;
343 if (q->merge_bvec_fn &&
344 q->merge_bvec_fn(q, bio, prev) < len) {
345 prev->bv_len -= len;
346 return 0;
349 goto done;
353 if (bio->bi_vcnt >= bio->bi_max_vecs)
354 return 0;
357 * we might lose a segment or two here, but rather that than
358 * make this too complex.
361 while (bio->bi_phys_segments >= q->max_phys_segments
362 || bio->bi_hw_segments >= q->max_hw_segments
363 || BIOVEC_VIRT_OVERSIZE(bio->bi_size)) {
365 if (retried_segments)
366 return 0;
368 retried_segments = 1;
369 blk_recount_segments(q, bio);
373 * setup the new entry, we might clear it again later if we
374 * cannot add the page
376 bvec = &bio->bi_io_vec[bio->bi_vcnt];
377 bvec->bv_page = page;
378 bvec->bv_len = len;
379 bvec->bv_offset = offset;
382 * if queue has other restrictions (eg varying max sector size
383 * depending on offset), it can specify a merge_bvec_fn in the
384 * queue to get further control
386 if (q->merge_bvec_fn) {
388 * merge_bvec_fn() returns number of bytes it can accept
389 * at this offset
391 if (q->merge_bvec_fn(q, bio, bvec) < len) {
392 bvec->bv_page = NULL;
393 bvec->bv_len = 0;
394 bvec->bv_offset = 0;
395 return 0;
399 /* If we may be able to merge these biovecs, force a recount */
400 if (bio->bi_vcnt && (BIOVEC_PHYS_MERGEABLE(bvec-1, bvec) ||
401 BIOVEC_VIRT_MERGEABLE(bvec-1, bvec)))
402 bio->bi_flags &= ~(1 << BIO_SEG_VALID);
404 bio->bi_vcnt++;
405 bio->bi_phys_segments++;
406 bio->bi_hw_segments++;
407 done:
408 bio->bi_size += len;
409 return len;
413 * bio_add_pc_page - attempt to add page to bio
414 * @q: the target queue
415 * @bio: destination bio
416 * @page: page to add
417 * @len: vec entry length
418 * @offset: vec entry offset
420 * Attempt to add a page to the bio_vec maplist. This can fail for a
421 * number of reasons, such as the bio being full or target block
422 * device limitations. The target block device must allow bio's
423 * smaller than PAGE_SIZE, so it is always possible to add a single
424 * page to an empty bio. This should only be used by REQ_PC bios.
426 int bio_add_pc_page(request_queue_t *q, struct bio *bio, struct page *page,
427 unsigned int len, unsigned int offset)
429 return __bio_add_page(q, bio, page, len, offset, q->max_hw_sectors);
433 * bio_add_page - attempt to add page to bio
434 * @bio: destination bio
435 * @page: page to add
436 * @len: vec entry length
437 * @offset: vec entry offset
439 * Attempt to add a page to the bio_vec maplist. This can fail for a
440 * number of reasons, such as the bio being full or target block
441 * device limitations. The target block device must allow bio's
442 * smaller than PAGE_SIZE, so it is always possible to add a single
443 * page to an empty bio.
445 int bio_add_page(struct bio *bio, struct page *page, unsigned int len,
446 unsigned int offset)
448 struct request_queue *q = bdev_get_queue(bio->bi_bdev);
449 return __bio_add_page(q, bio, page, len, offset, q->max_sectors);
452 struct bio_map_data {
453 struct bio_vec *iovecs;
454 void __user *userptr;
457 static void bio_set_map_data(struct bio_map_data *bmd, struct bio *bio)
459 memcpy(bmd->iovecs, bio->bi_io_vec, sizeof(struct bio_vec) * bio->bi_vcnt);
460 bio->bi_private = bmd;
463 static void bio_free_map_data(struct bio_map_data *bmd)
465 kfree(bmd->iovecs);
466 kfree(bmd);
469 static struct bio_map_data *bio_alloc_map_data(int nr_segs)
471 struct bio_map_data *bmd = kmalloc(sizeof(*bmd), GFP_KERNEL);
473 if (!bmd)
474 return NULL;
476 bmd->iovecs = kmalloc(sizeof(struct bio_vec) * nr_segs, GFP_KERNEL);
477 if (bmd->iovecs)
478 return bmd;
480 kfree(bmd);
481 return NULL;
485 * bio_uncopy_user - finish previously mapped bio
486 * @bio: bio being terminated
488 * Free pages allocated from bio_copy_user() and write back data
489 * to user space in case of a read.
491 int bio_uncopy_user(struct bio *bio)
493 struct bio_map_data *bmd = bio->bi_private;
494 const int read = bio_data_dir(bio) == READ;
495 struct bio_vec *bvec;
496 int i, ret = 0;
498 __bio_for_each_segment(bvec, bio, i, 0) {
499 char *addr = page_address(bvec->bv_page);
500 unsigned int len = bmd->iovecs[i].bv_len;
502 if (read && !ret && copy_to_user(bmd->userptr, addr, len))
503 ret = -EFAULT;
505 __free_page(bvec->bv_page);
506 bmd->userptr += len;
508 bio_free_map_data(bmd);
509 bio_put(bio);
510 return ret;
514 * bio_copy_user - copy user data to bio
515 * @q: destination block queue
516 * @uaddr: start of user address
517 * @len: length in bytes
518 * @write_to_vm: bool indicating writing to pages or not
520 * Prepares and returns a bio for indirect user io, bouncing data
521 * to/from kernel pages as necessary. Must be paired with
522 * call bio_uncopy_user() on io completion.
524 struct bio *bio_copy_user(request_queue_t *q, unsigned long uaddr,
525 unsigned int len, int write_to_vm)
527 unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
528 unsigned long start = uaddr >> PAGE_SHIFT;
529 struct bio_map_data *bmd;
530 struct bio_vec *bvec;
531 struct page *page;
532 struct bio *bio;
533 int i, ret;
535 bmd = bio_alloc_map_data(end - start);
536 if (!bmd)
537 return ERR_PTR(-ENOMEM);
539 bmd->userptr = (void __user *) uaddr;
541 ret = -ENOMEM;
542 bio = bio_alloc(GFP_KERNEL, end - start);
543 if (!bio)
544 goto out_bmd;
546 bio->bi_rw |= (!write_to_vm << BIO_RW);
548 ret = 0;
549 while (len) {
550 unsigned int bytes = PAGE_SIZE;
552 if (bytes > len)
553 bytes = len;
555 page = alloc_page(q->bounce_gfp | GFP_KERNEL);
556 if (!page) {
557 ret = -ENOMEM;
558 break;
561 if (bio_add_pc_page(q, bio, page, bytes, 0) < bytes) {
562 ret = -EINVAL;
563 break;
566 len -= bytes;
569 if (ret)
570 goto cleanup;
573 * success
575 if (!write_to_vm) {
576 char __user *p = (char __user *) uaddr;
579 * for a write, copy in data to kernel pages
581 ret = -EFAULT;
582 bio_for_each_segment(bvec, bio, i) {
583 char *addr = page_address(bvec->bv_page);
585 if (copy_from_user(addr, p, bvec->bv_len))
586 goto cleanup;
587 p += bvec->bv_len;
591 bio_set_map_data(bmd, bio);
592 return bio;
593 cleanup:
594 bio_for_each_segment(bvec, bio, i)
595 __free_page(bvec->bv_page);
597 bio_put(bio);
598 out_bmd:
599 bio_free_map_data(bmd);
600 return ERR_PTR(ret);
603 static struct bio *__bio_map_user_iov(request_queue_t *q,
604 struct block_device *bdev,
605 struct sg_iovec *iov, int iov_count,
606 int write_to_vm)
608 int i, j;
609 int nr_pages = 0;
610 struct page **pages;
611 struct bio *bio;
612 int cur_page = 0;
613 int ret, offset;
615 for (i = 0; i < iov_count; i++) {
616 unsigned long uaddr = (unsigned long)iov[i].iov_base;
617 unsigned long len = iov[i].iov_len;
618 unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
619 unsigned long start = uaddr >> PAGE_SHIFT;
621 nr_pages += end - start;
623 * transfer and buffer must be aligned to at least hardsector
624 * size for now, in the future we can relax this restriction
626 if ((uaddr & queue_dma_alignment(q)) || (len & queue_dma_alignment(q)))
627 return ERR_PTR(-EINVAL);
630 if (!nr_pages)
631 return ERR_PTR(-EINVAL);
633 bio = bio_alloc(GFP_KERNEL, nr_pages);
634 if (!bio)
635 return ERR_PTR(-ENOMEM);
637 ret = -ENOMEM;
638 pages = kmalloc(nr_pages * sizeof(struct page *), GFP_KERNEL);
639 if (!pages)
640 goto out;
642 memset(pages, 0, nr_pages * sizeof(struct page *));
644 for (i = 0; i < iov_count; i++) {
645 unsigned long uaddr = (unsigned long)iov[i].iov_base;
646 unsigned long len = iov[i].iov_len;
647 unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
648 unsigned long start = uaddr >> PAGE_SHIFT;
649 const int local_nr_pages = end - start;
650 const int page_limit = cur_page + local_nr_pages;
652 down_read(&current->mm->mmap_sem);
653 ret = get_user_pages(current, current->mm, uaddr,
654 local_nr_pages,
655 write_to_vm, 0, &pages[cur_page], NULL);
656 up_read(&current->mm->mmap_sem);
658 if (ret < local_nr_pages) {
659 ret = -EFAULT;
660 goto out_unmap;
663 offset = uaddr & ~PAGE_MASK;
664 for (j = cur_page; j < page_limit; j++) {
665 unsigned int bytes = PAGE_SIZE - offset;
667 if (len <= 0)
668 break;
670 if (bytes > len)
671 bytes = len;
674 * sorry...
676 if (bio_add_pc_page(q, bio, pages[j], bytes, offset) <
677 bytes)
678 break;
680 len -= bytes;
681 offset = 0;
684 cur_page = j;
686 * release the pages we didn't map into the bio, if any
688 while (j < page_limit)
689 page_cache_release(pages[j++]);
692 kfree(pages);
695 * set data direction, and check if mapped pages need bouncing
697 if (!write_to_vm)
698 bio->bi_rw |= (1 << BIO_RW);
700 bio->bi_bdev = bdev;
701 bio->bi_flags |= (1 << BIO_USER_MAPPED);
702 return bio;
704 out_unmap:
705 for (i = 0; i < nr_pages; i++) {
706 if(!pages[i])
707 break;
708 page_cache_release(pages[i]);
710 out:
711 kfree(pages);
712 bio_put(bio);
713 return ERR_PTR(ret);
717 * bio_map_user - map user address into bio
718 * @q: the request_queue_t for the bio
719 * @bdev: destination block device
720 * @uaddr: start of user address
721 * @len: length in bytes
722 * @write_to_vm: bool indicating writing to pages or not
724 * Map the user space address into a bio suitable for io to a block
725 * device. Returns an error pointer in case of error.
727 struct bio *bio_map_user(request_queue_t *q, struct block_device *bdev,
728 unsigned long uaddr, unsigned int len, int write_to_vm)
730 struct sg_iovec iov;
732 iov.iov_base = (void __user *)uaddr;
733 iov.iov_len = len;
735 return bio_map_user_iov(q, bdev, &iov, 1, write_to_vm);
739 * bio_map_user_iov - map user sg_iovec table into bio
740 * @q: the request_queue_t for the bio
741 * @bdev: destination block device
742 * @iov: the iovec.
743 * @iov_count: number of elements in the iovec
744 * @write_to_vm: bool indicating writing to pages or not
746 * Map the user space address into a bio suitable for io to a block
747 * device. Returns an error pointer in case of error.
749 struct bio *bio_map_user_iov(request_queue_t *q, struct block_device *bdev,
750 struct sg_iovec *iov, int iov_count,
751 int write_to_vm)
753 struct bio *bio;
754 int len = 0, i;
756 bio = __bio_map_user_iov(q, bdev, iov, iov_count, write_to_vm);
758 if (IS_ERR(bio))
759 return bio;
762 * subtle -- if __bio_map_user() ended up bouncing a bio,
763 * it would normally disappear when its bi_end_io is run.
764 * however, we need it for the unmap, so grab an extra
765 * reference to it
767 bio_get(bio);
769 for (i = 0; i < iov_count; i++)
770 len += iov[i].iov_len;
772 if (bio->bi_size == len)
773 return bio;
776 * don't support partial mappings
778 bio_endio(bio, bio->bi_size, 0);
779 bio_unmap_user(bio);
780 return ERR_PTR(-EINVAL);
783 static void __bio_unmap_user(struct bio *bio)
785 struct bio_vec *bvec;
786 int i;
789 * make sure we dirty pages we wrote to
791 __bio_for_each_segment(bvec, bio, i, 0) {
792 if (bio_data_dir(bio) == READ)
793 set_page_dirty_lock(bvec->bv_page);
795 page_cache_release(bvec->bv_page);
798 bio_put(bio);
802 * bio_unmap_user - unmap a bio
803 * @bio: the bio being unmapped
805 * Unmap a bio previously mapped by bio_map_user(). Must be called with
806 * a process context.
808 * bio_unmap_user() may sleep.
810 void bio_unmap_user(struct bio *bio)
812 __bio_unmap_user(bio);
813 bio_put(bio);
816 static int bio_map_kern_endio(struct bio *bio, unsigned int bytes_done, int err)
818 if (bio->bi_size)
819 return 1;
821 bio_put(bio);
822 return 0;
826 static struct bio *__bio_map_kern(request_queue_t *q, void *data,
827 unsigned int len, gfp_t gfp_mask)
829 unsigned long kaddr = (unsigned long)data;
830 unsigned long end = (kaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
831 unsigned long start = kaddr >> PAGE_SHIFT;
832 const int nr_pages = end - start;
833 int offset, i;
834 struct bio *bio;
836 bio = bio_alloc(gfp_mask, nr_pages);
837 if (!bio)
838 return ERR_PTR(-ENOMEM);
840 offset = offset_in_page(kaddr);
841 for (i = 0; i < nr_pages; i++) {
842 unsigned int bytes = PAGE_SIZE - offset;
844 if (len <= 0)
845 break;
847 if (bytes > len)
848 bytes = len;
850 if (bio_add_pc_page(q, bio, virt_to_page(data), bytes,
851 offset) < bytes)
852 break;
854 data += bytes;
855 len -= bytes;
856 offset = 0;
859 bio->bi_end_io = bio_map_kern_endio;
860 return bio;
864 * bio_map_kern - map kernel address into bio
865 * @q: the request_queue_t for the bio
866 * @data: pointer to buffer to map
867 * @len: length in bytes
868 * @gfp_mask: allocation flags for bio allocation
870 * Map the kernel address into a bio suitable for io to a block
871 * device. Returns an error pointer in case of error.
873 struct bio *bio_map_kern(request_queue_t *q, void *data, unsigned int len,
874 gfp_t gfp_mask)
876 struct bio *bio;
878 bio = __bio_map_kern(q, data, len, gfp_mask);
879 if (IS_ERR(bio))
880 return bio;
882 if (bio->bi_size == len)
883 return bio;
886 * Don't support partial mappings.
888 bio_put(bio);
889 return ERR_PTR(-EINVAL);
893 * bio_set_pages_dirty() and bio_check_pages_dirty() are support functions
894 * for performing direct-IO in BIOs.
896 * The problem is that we cannot run set_page_dirty() from interrupt context
897 * because the required locks are not interrupt-safe. So what we can do is to
898 * mark the pages dirty _before_ performing IO. And in interrupt context,
899 * check that the pages are still dirty. If so, fine. If not, redirty them
900 * in process context.
902 * We special-case compound pages here: normally this means reads into hugetlb
903 * pages. The logic in here doesn't really work right for compound pages
904 * because the VM does not uniformly chase down the head page in all cases.
905 * But dirtiness of compound pages is pretty meaningless anyway: the VM doesn't
906 * handle them at all. So we skip compound pages here at an early stage.
908 * Note that this code is very hard to test under normal circumstances because
909 * direct-io pins the pages with get_user_pages(). This makes
910 * is_page_cache_freeable return false, and the VM will not clean the pages.
911 * But other code (eg, pdflush) could clean the pages if they are mapped
912 * pagecache.
914 * Simply disabling the call to bio_set_pages_dirty() is a good way to test the
915 * deferred bio dirtying paths.
919 * bio_set_pages_dirty() will mark all the bio's pages as dirty.
921 void bio_set_pages_dirty(struct bio *bio)
923 struct bio_vec *bvec = bio->bi_io_vec;
924 int i;
926 for (i = 0; i < bio->bi_vcnt; i++) {
927 struct page *page = bvec[i].bv_page;
929 if (page && !PageCompound(page))
930 set_page_dirty_lock(page);
934 static void bio_release_pages(struct bio *bio)
936 struct bio_vec *bvec = bio->bi_io_vec;
937 int i;
939 for (i = 0; i < bio->bi_vcnt; i++) {
940 struct page *page = bvec[i].bv_page;
942 if (page)
943 put_page(page);
948 * bio_check_pages_dirty() will check that all the BIO's pages are still dirty.
949 * If they are, then fine. If, however, some pages are clean then they must
950 * have been written out during the direct-IO read. So we take another ref on
951 * the BIO and the offending pages and re-dirty the pages in process context.
953 * It is expected that bio_check_pages_dirty() will wholly own the BIO from
954 * here on. It will run one page_cache_release() against each page and will
955 * run one bio_put() against the BIO.
958 static void bio_dirty_fn(void *data);
960 static DECLARE_WORK(bio_dirty_work, bio_dirty_fn, NULL);
961 static DEFINE_SPINLOCK(bio_dirty_lock);
962 static struct bio *bio_dirty_list;
965 * This runs in process context
967 static void bio_dirty_fn(void *data)
969 unsigned long flags;
970 struct bio *bio;
972 spin_lock_irqsave(&bio_dirty_lock, flags);
973 bio = bio_dirty_list;
974 bio_dirty_list = NULL;
975 spin_unlock_irqrestore(&bio_dirty_lock, flags);
977 while (bio) {
978 struct bio *next = bio->bi_private;
980 bio_set_pages_dirty(bio);
981 bio_release_pages(bio);
982 bio_put(bio);
983 bio = next;
987 void bio_check_pages_dirty(struct bio *bio)
989 struct bio_vec *bvec = bio->bi_io_vec;
990 int nr_clean_pages = 0;
991 int i;
993 for (i = 0; i < bio->bi_vcnt; i++) {
994 struct page *page = bvec[i].bv_page;
996 if (PageDirty(page) || PageCompound(page)) {
997 page_cache_release(page);
998 bvec[i].bv_page = NULL;
999 } else {
1000 nr_clean_pages++;
1004 if (nr_clean_pages) {
1005 unsigned long flags;
1007 spin_lock_irqsave(&bio_dirty_lock, flags);
1008 bio->bi_private = bio_dirty_list;
1009 bio_dirty_list = bio;
1010 spin_unlock_irqrestore(&bio_dirty_lock, flags);
1011 schedule_work(&bio_dirty_work);
1012 } else {
1013 bio_put(bio);
1018 * bio_endio - end I/O on a bio
1019 * @bio: bio
1020 * @bytes_done: number of bytes completed
1021 * @error: error, if any
1023 * Description:
1024 * bio_endio() will end I/O on @bytes_done number of bytes. This may be
1025 * just a partial part of the bio, or it may be the whole bio. bio_endio()
1026 * is the preferred way to end I/O on a bio, it takes care of decrementing
1027 * bi_size and clearing BIO_UPTODATE on error. @error is 0 on success, and
1028 * and one of the established -Exxxx (-EIO, for instance) error values in
1029 * case something went wrong. Noone should call bi_end_io() directly on
1030 * a bio unless they own it and thus know that it has an end_io function.
1032 void bio_endio(struct bio *bio, unsigned int bytes_done, int error)
1034 if (error)
1035 clear_bit(BIO_UPTODATE, &bio->bi_flags);
1037 if (unlikely(bytes_done > bio->bi_size)) {
1038 printk("%s: want %u bytes done, only %u left\n", __FUNCTION__,
1039 bytes_done, bio->bi_size);
1040 bytes_done = bio->bi_size;
1043 bio->bi_size -= bytes_done;
1044 bio->bi_sector += (bytes_done >> 9);
1046 if (bio->bi_end_io)
1047 bio->bi_end_io(bio, bytes_done, error);
1050 void bio_pair_release(struct bio_pair *bp)
1052 if (atomic_dec_and_test(&bp->cnt)) {
1053 struct bio *master = bp->bio1.bi_private;
1055 bio_endio(master, master->bi_size, bp->error);
1056 mempool_free(bp, bp->bio2.bi_private);
1060 static int bio_pair_end_1(struct bio * bi, unsigned int done, int err)
1062 struct bio_pair *bp = container_of(bi, struct bio_pair, bio1);
1064 if (err)
1065 bp->error = err;
1067 if (bi->bi_size)
1068 return 1;
1070 bio_pair_release(bp);
1071 return 0;
1074 static int bio_pair_end_2(struct bio * bi, unsigned int done, int err)
1076 struct bio_pair *bp = container_of(bi, struct bio_pair, bio2);
1078 if (err)
1079 bp->error = err;
1081 if (bi->bi_size)
1082 return 1;
1084 bio_pair_release(bp);
1085 return 0;
1089 * split a bio - only worry about a bio with a single page
1090 * in it's iovec
1092 struct bio_pair *bio_split(struct bio *bi, mempool_t *pool, int first_sectors)
1094 struct bio_pair *bp = mempool_alloc(pool, GFP_NOIO);
1096 if (!bp)
1097 return bp;
1099 BUG_ON(bi->bi_vcnt != 1);
1100 BUG_ON(bi->bi_idx != 0);
1101 atomic_set(&bp->cnt, 3);
1102 bp->error = 0;
1103 bp->bio1 = *bi;
1104 bp->bio2 = *bi;
1105 bp->bio2.bi_sector += first_sectors;
1106 bp->bio2.bi_size -= first_sectors << 9;
1107 bp->bio1.bi_size = first_sectors << 9;
1109 bp->bv1 = bi->bi_io_vec[0];
1110 bp->bv2 = bi->bi_io_vec[0];
1111 bp->bv2.bv_offset += first_sectors << 9;
1112 bp->bv2.bv_len -= first_sectors << 9;
1113 bp->bv1.bv_len = first_sectors << 9;
1115 bp->bio1.bi_io_vec = &bp->bv1;
1116 bp->bio2.bi_io_vec = &bp->bv2;
1118 bp->bio1.bi_max_vecs = 1;
1119 bp->bio2.bi_max_vecs = 1;
1121 bp->bio1.bi_end_io = bio_pair_end_1;
1122 bp->bio2.bi_end_io = bio_pair_end_2;
1124 bp->bio1.bi_private = bi;
1125 bp->bio2.bi_private = pool;
1127 return bp;
1130 static void *bio_pair_alloc(gfp_t gfp_flags, void *data)
1132 return kmalloc(sizeof(struct bio_pair), gfp_flags);
1135 static void bio_pair_free(void *bp, void *data)
1137 kfree(bp);
1142 * create memory pools for biovec's in a bio_set.
1143 * use the global biovec slabs created for general use.
1145 static int biovec_create_pools(struct bio_set *bs, int pool_entries, int scale)
1147 int i;
1149 for (i = 0; i < BIOVEC_NR_POOLS; i++) {
1150 struct biovec_slab *bp = bvec_slabs + i;
1151 mempool_t **bvp = bs->bvec_pools + i;
1153 if (i >= scale)
1154 pool_entries >>= 1;
1156 *bvp = mempool_create(pool_entries, mempool_alloc_slab,
1157 mempool_free_slab, bp->slab);
1158 if (!*bvp)
1159 return -ENOMEM;
1161 return 0;
1164 static void biovec_free_pools(struct bio_set *bs)
1166 int i;
1168 for (i = 0; i < BIOVEC_NR_POOLS; i++) {
1169 mempool_t *bvp = bs->bvec_pools[i];
1171 if (bvp)
1172 mempool_destroy(bvp);
1177 void bioset_free(struct bio_set *bs)
1179 if (bs->bio_pool)
1180 mempool_destroy(bs->bio_pool);
1182 biovec_free_pools(bs);
1184 kfree(bs);
1187 struct bio_set *bioset_create(int bio_pool_size, int bvec_pool_size, int scale)
1189 struct bio_set *bs = kmalloc(sizeof(*bs), GFP_KERNEL);
1191 if (!bs)
1192 return NULL;
1194 memset(bs, 0, sizeof(*bs));
1195 bs->bio_pool = mempool_create(bio_pool_size, mempool_alloc_slab,
1196 mempool_free_slab, bio_slab);
1198 if (!bs->bio_pool)
1199 goto bad;
1201 if (!biovec_create_pools(bs, bvec_pool_size, scale))
1202 return bs;
1204 bad:
1205 bioset_free(bs);
1206 return NULL;
1209 static void __init biovec_init_slabs(void)
1211 int i;
1213 for (i = 0; i < BIOVEC_NR_POOLS; i++) {
1214 int size;
1215 struct biovec_slab *bvs = bvec_slabs + i;
1217 size = bvs->nr_vecs * sizeof(struct bio_vec);
1218 bvs->slab = kmem_cache_create(bvs->name, size, 0,
1219 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
1223 static int __init init_bio(void)
1225 int megabytes, bvec_pool_entries;
1226 int scale = BIOVEC_NR_POOLS;
1228 bio_slab = kmem_cache_create("bio", sizeof(struct bio), 0,
1229 SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL);
1231 biovec_init_slabs();
1233 megabytes = nr_free_pages() >> (20 - PAGE_SHIFT);
1236 * find out where to start scaling
1238 if (megabytes <= 16)
1239 scale = 0;
1240 else if (megabytes <= 32)
1241 scale = 1;
1242 else if (megabytes <= 64)
1243 scale = 2;
1244 else if (megabytes <= 96)
1245 scale = 3;
1246 else if (megabytes <= 128)
1247 scale = 4;
1250 * scale number of entries
1252 bvec_pool_entries = megabytes * 2;
1253 if (bvec_pool_entries > 256)
1254 bvec_pool_entries = 256;
1256 fs_bio_set = bioset_create(BIO_POOL_SIZE, bvec_pool_entries, scale);
1257 if (!fs_bio_set)
1258 panic("bio: can't allocate bios\n");
1260 bio_split_pool = mempool_create(BIO_SPLIT_ENTRIES,
1261 bio_pair_alloc, bio_pair_free, NULL);
1262 if (!bio_split_pool)
1263 panic("bio: can't create split pool\n");
1265 return 0;
1268 subsys_initcall(init_bio);
1270 EXPORT_SYMBOL(bio_alloc);
1271 EXPORT_SYMBOL(bio_put);
1272 EXPORT_SYMBOL(bio_free);
1273 EXPORT_SYMBOL(bio_endio);
1274 EXPORT_SYMBOL(bio_init);
1275 EXPORT_SYMBOL(__bio_clone);
1276 EXPORT_SYMBOL(bio_clone);
1277 EXPORT_SYMBOL(bio_phys_segments);
1278 EXPORT_SYMBOL(bio_hw_segments);
1279 EXPORT_SYMBOL(bio_add_page);
1280 EXPORT_SYMBOL(bio_add_pc_page);
1281 EXPORT_SYMBOL(bio_get_nr_vecs);
1282 EXPORT_SYMBOL(bio_map_user);
1283 EXPORT_SYMBOL(bio_unmap_user);
1284 EXPORT_SYMBOL(bio_map_kern);
1285 EXPORT_SYMBOL(bio_pair_release);
1286 EXPORT_SYMBOL(bio_split);
1287 EXPORT_SYMBOL(bio_split_pool);
1288 EXPORT_SYMBOL(bio_copy_user);
1289 EXPORT_SYMBOL(bio_uncopy_user);
1290 EXPORT_SYMBOL(bioset_create);
1291 EXPORT_SYMBOL(bioset_free);
1292 EXPORT_SYMBOL(bio_alloc_bioset);