Hi Jens, Al, Christoph, The first half of this patchset kills off ITER_PIPE to avoid a race between truncate, iov_iter_revert() on the pipe and an as-yet incomplete DMA to a bio with unpinned/unref'ed pages from an O_DIRECT splice read. This causes memory corruption[2]. Instead, we use filemap_splice_read(), which invokes the buffered file reading code and splices from the pagecache into the pipe; direct_splice_read(), which bulk-allocates a buffer, reads into it and then pushes the filled pages into the pipe; or handle it in filesystem-specific code. (1) Simplify the calculations for the number of pages to be reclaimed in direct_splice_read(). (2) Turn do_splice_to() into a helper so that it can be used by overlayfs and coda to perform the checks on the lower fs. (3) Provide shmem with its own splice_read to handle non-existent pages in the pagecache. We don't want a ->read_folio() as we don't want to populate holes, but filemap_get_pages() requires it. (4) Provide overlayfs with its own splice_read to call down to a lower layer as overlayfs doesn't provide ->read_folio(). (5) Provide coda with its own splice_read to call down to a lower layer as coda doesn't provide ->read_folio(). (6) Direct ->splice_read to direct_splice_read() in tty, procfs, kernfs and random files as they just copy to the output buffer and don't splice pages. (7) Provide stubs for afs, ceph, ecryptfs, ext4, f2fs, nfs, ntfs3, ocfs2, orangefs, xfs and zonefs to do locking and/or revalidation. (8) Change generic_file_splice_read() to just switch between filemap_splice_read() and direct_splice_read() rather than using ITER_PIPE. (9) Make cifs use generic_file_splice_read(). (10) Remove ITER_PIPE and its paraphernalia as generic_file_splice_read() was the only user. The second half of the patchset rolls page-pinning out to the bio struct and the block layer, using iov_iter_extract_pages() to get pages and noting with BIO_PAGE_PINNED if the data pages attached to a bio are pinned. If the data pages come from a non-user-backed iterator, then the pages are left unpinned and unref'd, relying on whoever set up the I/O to do the retaining (10) Don't hold a ref on ZERO_PAGE in iomap_dio_zero(). (11) Fix bio_flagged() so that it doesn't prevent a gcc optimisation. (12) Make the bio struct carry a pair of flags to indicate the cleanup mode. BIO_NO_PAGE_REF is replaced with BIO_PAGE_REFFED (indicating FOLL_GET was used) and BIO_PAGE_PINNED (indicating FOLL_PIN was used) is added. BIO_PAGE_REFFED will go away, but at the moment fs/direct-io.c sets it and this series does not fully address that file. (13) Add a function, bio_release_page(), to release a page appropriately to the cleanup mode indicated by the BIO_PAGE_* flags. (14) Make bio_iov_iter_get_pages() use iov_iter_extract_pages() to retain the pages appropriately and clean them up later. (15) Make bio_map_user_iov() also use iov_iter_extract_pages(). I've pushed the patches here also: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=iov-extract David Changes: ======== ver #20) - Make direct_splice_read() limit the read to eof for regular files and blockdevs. - Check against s_maxbytes on the backing store, not a devnode inode. - Provide stubs for afs, ceph, ecryptfs, ext4, f2fs, nfs, ntfs3, ocfs2, orangefs, xfs and zonefs. - Always use direct_splice_read() for 9p, trace and sockets. ver #19) - Remove a missed get_page() on the zeropage in shmem_splice_read(). ver #18) - Split out the cifs bits from the patch the switches generic_file_splice_read() over to using the non-ITER_PIPE splicing. - Don't get/put refs on the zeropage in shmem_splice_read(). ver #17) - Rename do_splice_to() to vfs_splice_read() and export it so that it can be a helper and make overlayfs and coda use it, allowing duplicate checks to be removed. ver #16) - The filemap_get_pages() changes are now upstream. - filemap_splice_read() and direct_splice_read() are now upstream. - iov_iter_extract_pages() is now upstream. ver #15) - Fixed up some errors in overlayfs_splice_read(). ver #14) - Some changes to generic_file_buffered_splice_read(): - Rename to filemap_splice_read() and move to mm/filemap.c. - Create a helper, pipe_head_buf(). - Use init_sync_kiocb(). - Some changes to generic_file_direct_splice_read(): - Use alloc_pages_bulk_array() rather than alloc_pages_bulk_list(). - Use release_pages() instead of __free_page() in a loop. - Rename to direct_splice_read(). - Rearrange the patches to implement filemap_splice_read() and direct_splice_read() separately to changing generic_file_splice_read(). - Don't call generic_file_splice_read() when there isn't a ->read_folio(). - Insert patches to fix read_folio-less cases: - Make tty, procfs, kernfs and (u)random use direct_splice_read(). - Make overlayfs and coda call down to a lower layer. - Give shmem its own splice-read that doesn't insert missing pages. - Fixed a min() with mixed type args on some arches. ver #13) - Only use allocation in advance and ITER_BVEC for DIO read-splice. - Make buffered read-splice get pages directly from the pagecache. - Alter filemap_get_pages() & co. so that it doesn't need an iterator. ver #12) - Added the missing __bitwise on the iov_iter_extraction_t typedef. - Rebased on -rc7. - Don't specify FOLL_PIN to pin_user_pages_fast(). - Inserted patch at front to fix race between DIO read and truncation that caused memory corruption when iov_iter_revert() got called on an ITER_PIPE iterator[2]. - Inserted a patch after that to remove the now-unused ITER_PIPE and its helper functions. - Removed the ITER_PIPE bits from iov_iter_extract_pages(). ver #11) - Fix iov_iter_extract_kvec_pages() to include the offset into the page in the returned starting offset. - Use __bitwise for the extraction flags ver #10) - Fix use of i->kvec in iov_iter_extract_bvec_pages() to be i->bvec. - Drop bio_set_cleanup_mode(), open coding it instead. ver #9) - It's now not permitted to use FOLL_PIN outside of mm/, so: - Change iov_iter_extract_mode() into iov_iter_extract_will_pin() and return true/false instead of FOLL_PIN/0. - Drop of folio_put_unpin() and page_put_unpin() and instead call unpin_user_page() (and put_page()) directly as necessary. - Make __bio_release_pages() call bio_release_page() instead of unpin_user_page() as there's no BIO_* -> FOLL_* translation to do. - Drop the FOLL_* renumbering patch. - Change extract_flags to extraction_flags. ver #8) - Import Christoph Hellwig's changes. - Split the conversion-to-extraction patch. - Drop the extract_flags arg from iov_iter_extract_mode(). - Don't default bios to BIO_PAGE_REFFED, but set explicitly. - Switch FOLL_PIN and FOLL_GET when renumbering so PIN is at bit 0. - Switch BIO_PAGE_PINNED and BIO_PAGE_REFFED so PINNED is at bit 0. - We should always be using FOLL_PIN (not FOLL_GET) for DIO, so adjust the patches for that. ver #7) - For now, drop the parts to pass the I/O direction to iov_iter_*pages*() as it turned out to be a lot more complicated, with places not setting IOCB_WRITE when they should, for example. - Drop all the patches that changed things other then the block layer's bio handling. The netfslib and cifs changes can go into a separate patchset. - Add support for extracting pages from KVEC-type iterators. - When extracting from BVEC/KVEC, skip over empty vecs at the front. ver #6) - Fix write() syscall and co. not setting IOCB_WRITE. - Added iocb_is_read() and iocb_is_write() to check IOCB_WRITE. - Use op_is_write() in bio_copy_user_iov(). - Drop the iterator direction checks from smbd_recv(). - Define FOLL_SOURCE_BUF and FOLL_DEST_BUF and pass them in as part of gup_flags to iov_iter_get/extract_pages*(). - Replace iov_iter_get_pages*2() with iov_iter_get_pages*() and remove. - Add back the function to indicate the cleanup mode. - Drop the cleanup_mode return arg to iov_iter_extract_pages(). - Provide a helper to clean up a page. - Renumbered FOLL_GET and FOLL_PIN and made BIO_PAGE_REFFED/PINNED have the same numerical values, enforced with an assertion. - Converted AF_ALG, SCSI vhost, generic DIO, FUSE, splice to pipe, 9P and NFS. - Added in the patches to make CIFS do top-to-bottom iterators and use various of the added extraction functions. - Added a pair of work-in-progess patches to make sk_buff fragments store FOLL_GET and FOLL_PIN. ver #5) - Replace BIO_NO_PAGE_REF with BIO_PAGE_REFFED and split into own patch. - Transcribe FOLL_GET/PIN into BIO_PAGE_REFFED/PINNED flags. - Add patch to allow bio_flagged() to be combined by gcc. ver #4) - Drop the patch to move the FOLL_* flags to linux/mm_types.h as they're no longer referenced by linux/uio.h. - Add ITER_SOURCE/DEST cleanup patches. - Make iov_iter/netfslib iter extraction patches use ITER_SOURCE/DEST. - Allow additional gup_flags to be passed into iov_iter_extract_pages(). - Add struct bio patch. ver #3) - Switch to using EXPORT_SYMBOL_GPL to prevent indirect 3rd-party access to get/pin_user_pages_fast()[1]. ver #2) - Rolled the extraction cleanup mode query function into the extraction function, returning the indication through the argument list. - Fixed patch 4 (extract to scatterlist) to actually use the new extraction API. Link: https://lore.kernel.org/r/Y3zFzdWnWlEJ8X8/@infradead.org/ [1] Link: https://lore.kernel.org/r/000000000000b0b3c005f3a09383@xxxxxxxxxx/ [2] Link: https://lore.kernel.org/r/166697254399.61150.1256557652599252121.stgit@xxxxxxxxxxxxxxxxxxxxxx/ # rfc Link: https://lore.kernel.org/r/166722777223.2555743.162508599131141451.stgit@xxxxxxxxxxxxxxxxxxxxxx/ # rfc Link: https://lore.kernel.org/r/166732024173.3186319.18204305072070871546.stgit@xxxxxxxxxxxxxxxxxxxxxx/ # rfc Link: https://lore.kernel.org/r/166869687556.3723671.10061142538708346995.stgit@xxxxxxxxxxxxxxxxxxxxxx/ # rfc Link: https://lore.kernel.org/r/166920902005.1461876.2786264600108839814.stgit@xxxxxxxxxxxxxxxxxxxxxx/ # v2 Link: https://lore.kernel.org/r/166997419665.9475.15014699817597102032.stgit@xxxxxxxxxxxxxxxxxxxxxx/ # v3 Link: https://lore.kernel.org/r/167305160937.1521586.133299343565358971.stgit@xxxxxxxxxxxxxxxxxxxxxx/ # v4 Link: https://lore.kernel.org/r/167344725490.2425628.13771289553670112965.stgit@xxxxxxxxxxxxxxxxxxxxxx/ # v5 Link: https://lore.kernel.org/r/167391047703.2311931.8115712773222260073.stgit@xxxxxxxxxxxxxxxxxxxxxx/ # v6 Link: https://lore.kernel.org/r/20230120175556.3556978-1-dhowells@xxxxxxxxxx/ # v7 Link: https://lore.kernel.org/r/20230123173007.325544-1-dhowells@xxxxxxxxxx/ # v8 Link: https://lore.kernel.org/r/20230124170108.1070389-1-dhowells@xxxxxxxxxx/ # v9 Link: https://lore.kernel.org/r/20230125210657.2335748-1-dhowells@xxxxxxxxxx/ # v10 Link: https://lore.kernel.org/r/20230126141626.2809643-1-dhowells@xxxxxxxxxx/ # v11 Link: https://lore.kernel.org/r/20230207171305.3716974-1-dhowells@xxxxxxxxxx/ # v12 Link: https://lore.kernel.org/r/20230209102954.528942-1-dhowells@xxxxxxxxxx/ # v13 Link: https://lore.kernel.org/r/20230214171330.2722188-1-dhowells@xxxxxxxxxx/ # v14 Link: https://lore.kernel.org/r/20230308143754.1976726-1-dhowells@xxxxxxxxxx/ # v16 Link: https://lore.kernel.org/r/20230308165251.2078898-1-dhowells@xxxxxxxxxx/ # v17 Link: https://lore.kernel.org/r/20230314220757.3827941-1-dhowells@xxxxxxxxxx/ # v18 Link: https://lore.kernel.org/r/20230315163549.295454-1-dhowells@xxxxxxxxxx/ # v19 Additional patches that got folded in: Link: https://lore.kernel.org/r/20230213134619.2198965-1-dhowells@xxxxxxxxxx/ # v1 Link: https://lore.kernel.org/r/20230213153301.2338806-1-dhowells@xxxxxxxxxx/ # v2 Link: https://lore.kernel.org/r/20230214083710.2547248-1-dhowells@xxxxxxxxxx/ # v3 Christoph Hellwig (1): block: Replace BIO_NO_PAGE_REF with BIO_PAGE_REFFED with inverted logic David Howells (31): splice: Fix filemap of a blockdev splice: Clean up direct_splice_read() a bit splice: Make direct_read_splice() limit to eof where appropriate splice: Make do_splice_to() generic and export it splice: Make splice from a DAX file use direct_splice_read() shmem: Implement splice-read overlayfs: Implement splice-read coda: Implement splice-read tty, proc, kernfs, random: Use direct_splice_read() net: Make sock_splice_read() use direct_splice_read() by default 9p: Add splice_read stub afs: Provide a splice-read stub ceph: Provide a splice-read stub ecryptfs: Provide a splice-read stub ext4: Provide a splice-read stub f2fs: Provide a splice-read stub nfs: Provide a splice-read stub ntfs3: Provide a splice-read stub ocfs2: Provide a splice-read stub orangefs: Provide a splice-read stub xfs: Provide a splice-read stub zonefs: Provide a splice-read stub splice: Convert trace/seq to use direct_splice_read() splice: Do splice read from a file without using ITER_PIPE cifs: Use generic_file_splice_read() iov_iter: Kill ITER_PIPE iomap: Don't get an reference on ZERO_PAGE for direct I/O block zeroing block: Fix bio_flagged() so that gcc can better optimise it block: Add BIO_PAGE_PINNED and associated infrastructure block: Convert bio_iov_iter_get_pages to use iov_iter_extract_pages block: convert bio_map_user_iov to use iov_iter_extract_pages block/bio.c | 29 +-- block/blk-map.c | 22 +- block/blk.h | 12 ++ drivers/char/random.c | 4 +- drivers/tty/tty_io.c | 4 +- fs/9p/vfs_file.c | 26 ++- fs/afs/file.c | 20 +- fs/ceph/file.c | 66 +++++- fs/cifs/cifsfs.c | 8 +- fs/cifs/cifsfs.h | 3 - fs/cifs/file.c | 16 -- fs/coda/file.c | 29 ++- fs/direct-io.c | 2 + fs/ecryptfs/file.c | 27 ++- fs/ext4/file.c | 13 +- fs/f2fs/file.c | 68 +++++- fs/iomap/direct-io.c | 1 - fs/kernfs/file.c | 2 +- fs/nfs/file.c | 26 ++- fs/nfs/internal.h | 2 + fs/nfs/nfs4file.c | 2 +- fs/ntfs3/file.c | 36 +++- fs/ocfs2/file.c | 42 +++- fs/ocfs2/ocfs2_trace.h | 3 + fs/orangefs/file.c | 25 ++- fs/overlayfs/file.c | 23 +- fs/proc/inode.c | 4 +- fs/proc/proc_sysctl.c | 2 +- fs/proc_namespace.c | 6 +- fs/splice.c | 93 ++++---- fs/xfs/xfs_file.c | 33 ++- fs/xfs/xfs_trace.h | 2 +- fs/zonefs/file.c | 43 +++- include/linux/bio.h | 5 +- include/linux/blk_types.h | 3 +- include/linux/splice.h | 3 + include/linux/uio.h | 14 -- kernel/trace/trace.c | 2 +- lib/iov_iter.c | 431 +------------------------------------- mm/filemap.c | 7 +- mm/shmem.c | 134 +++++++++++- net/socket.c | 2 +- 42 files changed, 717 insertions(+), 578 deletions(-)