[IPV6] fix ipv6_getsockopt_sticky copy_to_user leak
[linux-2.6/mini2440.git] / mm / truncate.c
blob0f4b6d18ab0ed663360e0fba11f46f23e8c6b5b3
1 /*
2 * mm/truncate.c - code for taking down pages from address_spaces
4 * Copyright (C) 2002, Linus Torvalds
6 * 10Sep2002 akpm@zip.com.au
7 * Initial version.
8 */
10 #include <linux/kernel.h>
11 #include <linux/mm.h>
12 #include <linux/swap.h>
13 #include <linux/module.h>
14 #include <linux/pagemap.h>
15 #include <linux/pagevec.h>
16 #include <linux/task_io_accounting_ops.h>
17 #include <linux/buffer_head.h> /* grr. try_to_release_page,
18 do_invalidatepage */
21 /**
22 * do_invalidatepage - invalidate part of all of a page
23 * @page: the page which is affected
24 * @offset: the index of the truncation point
26 * do_invalidatepage() is called when all or part of the page has become
27 * invalidated by a truncate operation.
29 * do_invalidatepage() does not have to release all buffers, but it must
30 * ensure that no dirty buffer is left outside @offset and that no I/O
31 * is underway against any of the blocks which are outside the truncation
32 * point. Because the caller is about to free (and possibly reuse) those
33 * blocks on-disk.
35 void do_invalidatepage(struct page *page, unsigned long offset)
37 void (*invalidatepage)(struct page *, unsigned long);
38 invalidatepage = page->mapping->a_ops->invalidatepage;
39 #ifdef CONFIG_BLOCK
40 if (!invalidatepage)
41 invalidatepage = block_invalidatepage;
42 #endif
43 if (invalidatepage)
44 (*invalidatepage)(page, offset);
47 static inline void truncate_partial_page(struct page *page, unsigned partial)
49 memclear_highpage_flush(page, partial, PAGE_CACHE_SIZE-partial);
50 if (PagePrivate(page))
51 do_invalidatepage(page, partial);
55 * This cancels just the dirty bit on the kernel page itself, it
56 * does NOT actually remove dirty bits on any mmap's that may be
57 * around. It also leaves the page tagged dirty, so any sync
58 * activity will still find it on the dirty lists, and in particular,
59 * clear_page_dirty_for_io() will still look at the dirty bits in
60 * the VM.
62 * Doing this should *normally* only ever be done when a page
63 * is truncated, and is not actually mapped anywhere at all. However,
64 * fs/buffer.c does this when it notices that somebody has cleaned
65 * out all the buffers on a page without actually doing it through
66 * the VM. Can you say "ext3 is horribly ugly"? Tought you could.
68 void cancel_dirty_page(struct page *page, unsigned int account_size)
70 if (TestClearPageDirty(page)) {
71 struct address_space *mapping = page->mapping;
72 if (mapping && mapping_cap_account_dirty(mapping)) {
73 dec_zone_page_state(page, NR_FILE_DIRTY);
74 if (account_size)
75 task_io_account_cancelled_write(account_size);
79 EXPORT_SYMBOL(cancel_dirty_page);
82 * If truncate cannot remove the fs-private metadata from the page, the page
83 * becomes anonymous. It will be left on the LRU and may even be mapped into
84 * user pagetables if we're racing with filemap_nopage().
86 * We need to bale out if page->mapping is no longer equal to the original
87 * mapping. This happens a) when the VM reclaimed the page while we waited on
88 * its lock, b) when a concurrent invalidate_mapping_pages got there first and
89 * c) when tmpfs swizzles a page between a tmpfs inode and swapper_space.
91 static void
92 truncate_complete_page(struct address_space *mapping, struct page *page)
94 if (page->mapping != mapping)
95 return;
97 cancel_dirty_page(page, PAGE_CACHE_SIZE);
99 if (PagePrivate(page))
100 do_invalidatepage(page, 0);
102 ClearPageUptodate(page);
103 ClearPageMappedToDisk(page);
104 remove_from_page_cache(page);
105 page_cache_release(page); /* pagecache ref */
109 * This is for invalidate_mapping_pages(). That function can be called at
110 * any time, and is not supposed to throw away dirty pages. But pages can
111 * be marked dirty at any time too, so use remove_mapping which safely
112 * discards clean, unused pages.
114 * Returns non-zero if the page was successfully invalidated.
116 static int
117 invalidate_complete_page(struct address_space *mapping, struct page *page)
119 int ret;
121 if (page->mapping != mapping)
122 return 0;
124 if (PagePrivate(page) && !try_to_release_page(page, 0))
125 return 0;
127 ret = remove_mapping(mapping, page);
129 return ret;
133 * truncate_inode_pages - truncate range of pages specified by start and
134 * end byte offsets
135 * @mapping: mapping to truncate
136 * @lstart: offset from which to truncate
137 * @lend: offset to which to truncate
139 * Truncate the page cache, removing the pages that are between
140 * specified offsets (and zeroing out partial page
141 * (if lstart is not page aligned)).
143 * Truncate takes two passes - the first pass is nonblocking. It will not
144 * block on page locks and it will not block on writeback. The second pass
145 * will wait. This is to prevent as much IO as possible in the affected region.
146 * The first pass will remove most pages, so the search cost of the second pass
147 * is low.
149 * When looking at page->index outside the page lock we need to be careful to
150 * copy it into a local to avoid races (it could change at any time).
152 * We pass down the cache-hot hint to the page freeing code. Even if the
153 * mapping is large, it is probably the case that the final pages are the most
154 * recently touched, and freeing happens in ascending file offset order.
156 void truncate_inode_pages_range(struct address_space *mapping,
157 loff_t lstart, loff_t lend)
159 const pgoff_t start = (lstart + PAGE_CACHE_SIZE-1) >> PAGE_CACHE_SHIFT;
160 pgoff_t end;
161 const unsigned partial = lstart & (PAGE_CACHE_SIZE - 1);
162 struct pagevec pvec;
163 pgoff_t next;
164 int i;
166 if (mapping->nrpages == 0)
167 return;
169 BUG_ON((lend & (PAGE_CACHE_SIZE - 1)) != (PAGE_CACHE_SIZE - 1));
170 end = (lend >> PAGE_CACHE_SHIFT);
172 pagevec_init(&pvec, 0);
173 next = start;
174 while (next <= end &&
175 pagevec_lookup(&pvec, mapping, next, PAGEVEC_SIZE)) {
176 for (i = 0; i < pagevec_count(&pvec); i++) {
177 struct page *page = pvec.pages[i];
178 pgoff_t page_index = page->index;
180 if (page_index > end) {
181 next = page_index;
182 break;
185 if (page_index > next)
186 next = page_index;
187 next++;
188 if (TestSetPageLocked(page))
189 continue;
190 if (PageWriteback(page)) {
191 unlock_page(page);
192 continue;
194 truncate_complete_page(mapping, page);
195 unlock_page(page);
197 pagevec_release(&pvec);
198 cond_resched();
201 if (partial) {
202 struct page *page = find_lock_page(mapping, start - 1);
203 if (page) {
204 wait_on_page_writeback(page);
205 truncate_partial_page(page, partial);
206 unlock_page(page);
207 page_cache_release(page);
211 next = start;
212 for ( ; ; ) {
213 cond_resched();
214 if (!pagevec_lookup(&pvec, mapping, next, PAGEVEC_SIZE)) {
215 if (next == start)
216 break;
217 next = start;
218 continue;
220 if (pvec.pages[0]->index > end) {
221 pagevec_release(&pvec);
222 break;
224 for (i = 0; i < pagevec_count(&pvec); i++) {
225 struct page *page = pvec.pages[i];
227 if (page->index > end)
228 break;
229 lock_page(page);
230 wait_on_page_writeback(page);
231 if (page->index > next)
232 next = page->index;
233 next++;
234 truncate_complete_page(mapping, page);
235 unlock_page(page);
237 pagevec_release(&pvec);
240 EXPORT_SYMBOL(truncate_inode_pages_range);
243 * truncate_inode_pages - truncate *all* the pages from an offset
244 * @mapping: mapping to truncate
245 * @lstart: offset from which to truncate
247 * Called under (and serialised by) inode->i_mutex.
249 void truncate_inode_pages(struct address_space *mapping, loff_t lstart)
251 truncate_inode_pages_range(mapping, lstart, (loff_t)-1);
253 EXPORT_SYMBOL(truncate_inode_pages);
256 * invalidate_mapping_pages - Invalidate all the unlocked pages of one inode
257 * @mapping: the address_space which holds the pages to invalidate
258 * @start: the offset 'from' which to invalidate
259 * @end: the offset 'to' which to invalidate (inclusive)
261 * This function only removes the unlocked pages, if you want to
262 * remove all the pages of one inode, you must call truncate_inode_pages.
264 * invalidate_mapping_pages() will not block on IO activity. It will not
265 * invalidate pages which are dirty, locked, under writeback or mapped into
266 * pagetables.
268 unsigned long invalidate_mapping_pages(struct address_space *mapping,
269 pgoff_t start, pgoff_t end)
271 struct pagevec pvec;
272 pgoff_t next = start;
273 unsigned long ret = 0;
274 int i;
276 pagevec_init(&pvec, 0);
277 while (next <= end &&
278 pagevec_lookup(&pvec, mapping, next, PAGEVEC_SIZE)) {
279 for (i = 0; i < pagevec_count(&pvec); i++) {
280 struct page *page = pvec.pages[i];
281 pgoff_t index;
282 int lock_failed;
284 lock_failed = TestSetPageLocked(page);
287 * We really shouldn't be looking at the ->index of an
288 * unlocked page. But we're not allowed to lock these
289 * pages. So we rely upon nobody altering the ->index
290 * of this (pinned-by-us) page.
292 index = page->index;
293 if (index > next)
294 next = index;
295 next++;
296 if (lock_failed)
297 continue;
299 if (PageDirty(page) || PageWriteback(page))
300 goto unlock;
301 if (page_mapped(page))
302 goto unlock;
303 ret += invalidate_complete_page(mapping, page);
304 unlock:
305 unlock_page(page);
306 if (next > end)
307 break;
309 pagevec_release(&pvec);
311 return ret;
313 EXPORT_SYMBOL(invalidate_mapping_pages);
316 * This is like invalidate_complete_page(), except it ignores the page's
317 * refcount. We do this because invalidate_inode_pages2() needs stronger
318 * invalidation guarantees, and cannot afford to leave pages behind because
319 * shrink_list() has a temp ref on them, or because they're transiently sitting
320 * in the lru_cache_add() pagevecs.
322 static int
323 invalidate_complete_page2(struct address_space *mapping, struct page *page)
325 if (page->mapping != mapping)
326 return 0;
328 if (PagePrivate(page) && !try_to_release_page(page, GFP_KERNEL))
329 return 0;
331 write_lock_irq(&mapping->tree_lock);
332 if (PageDirty(page))
333 goto failed;
335 BUG_ON(PagePrivate(page));
336 __remove_from_page_cache(page);
337 write_unlock_irq(&mapping->tree_lock);
338 ClearPageUptodate(page);
339 page_cache_release(page); /* pagecache ref */
340 return 1;
341 failed:
342 write_unlock_irq(&mapping->tree_lock);
343 return 0;
346 static int do_launder_page(struct address_space *mapping, struct page *page)
348 if (!PageDirty(page))
349 return 0;
350 if (page->mapping != mapping || mapping->a_ops->launder_page == NULL)
351 return 0;
352 return mapping->a_ops->launder_page(page);
356 * invalidate_inode_pages2_range - remove range of pages from an address_space
357 * @mapping: the address_space
358 * @start: the page offset 'from' which to invalidate
359 * @end: the page offset 'to' which to invalidate (inclusive)
361 * Any pages which are found to be mapped into pagetables are unmapped prior to
362 * invalidation.
364 * Returns -EIO if any pages could not be invalidated.
366 int invalidate_inode_pages2_range(struct address_space *mapping,
367 pgoff_t start, pgoff_t end)
369 struct pagevec pvec;
370 pgoff_t next;
371 int i;
372 int ret = 0;
373 int did_range_unmap = 0;
374 int wrapped = 0;
376 pagevec_init(&pvec, 0);
377 next = start;
378 while (next <= end && !wrapped &&
379 pagevec_lookup(&pvec, mapping, next,
380 min(end - next, (pgoff_t)PAGEVEC_SIZE - 1) + 1)) {
381 for (i = 0; i < pagevec_count(&pvec); i++) {
382 struct page *page = pvec.pages[i];
383 pgoff_t page_index;
385 lock_page(page);
386 if (page->mapping != mapping) {
387 unlock_page(page);
388 continue;
390 page_index = page->index;
391 next = page_index + 1;
392 if (next == 0)
393 wrapped = 1;
394 if (page_index > end) {
395 unlock_page(page);
396 break;
398 wait_on_page_writeback(page);
399 while (page_mapped(page)) {
400 if (!did_range_unmap) {
402 * Zap the rest of the file in one hit.
404 unmap_mapping_range(mapping,
405 (loff_t)page_index<<PAGE_CACHE_SHIFT,
406 (loff_t)(end - page_index + 1)
407 << PAGE_CACHE_SHIFT,
409 did_range_unmap = 1;
410 } else {
412 * Just zap this page
414 unmap_mapping_range(mapping,
415 (loff_t)page_index<<PAGE_CACHE_SHIFT,
416 PAGE_CACHE_SIZE, 0);
419 ret = do_launder_page(mapping, page);
420 if (ret == 0 && !invalidate_complete_page2(mapping, page))
421 ret = -EIO;
422 unlock_page(page);
424 pagevec_release(&pvec);
425 cond_resched();
427 return ret;
429 EXPORT_SYMBOL_GPL(invalidate_inode_pages2_range);
432 * invalidate_inode_pages2 - remove all pages from an address_space
433 * @mapping: the address_space
435 * Any pages which are found to be mapped into pagetables are unmapped prior to
436 * invalidation.
438 * Returns -EIO if any pages could not be invalidated.
440 int invalidate_inode_pages2(struct address_space *mapping)
442 return invalidate_inode_pages2_range(mapping, 0, -1);
444 EXPORT_SYMBOL_GPL(invalidate_inode_pages2);