fuse: Fix missing FOLL_PIN for direct-io

Our user space filesystem relies on fuse to provide POSIX interface.
In our test, a known string is written into a file and the content
is read back later to verify correct data returned. We observed wrong
data returned in read buffer in rare cases although correct data are
stored in our filesystem.

Fuse kernel module calls iov_iter_get_pages2() to get the physical
pages of the user-space read buffer passed in read(). The pages are
not pinned to avoid page migration. When page migration occurs, the
consequence are two-folds.

1) Applications do not receive correct data in read buffer.
2) fuse kernel writes data into a wrong place.

Using iov_iter_extract_pages() to pin pages fixes the issue in our
test.

An auxiliary variable "struct page **pt_pages" is used in the patch
to prepare the 2nd parameter for iov_iter_extract_pages() since
iov_iter_get_pages2() uses a different type for the 2nd parameter.

[SzM] add iov_iter_extract_will_pin(ii) and unpin only if true.

Signed-off-by: Lei Huang <lei.huang@linux.intel.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index bd62be510a9431871c72e6700188e496cde1b7c7..8b9c5ab0abc04de9cdc4afe9292193d1f78418c9 100644 (file)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -655,7 +655,8 @@ static void fuse_release_user_pages(struct fuse_args_pages *ap,
        for (i = 0; i < ap->num_pages; i++) {
                if (should_dirty)
                        set_page_dirty_lock(ap->pages[i]);
-               put_page(ap->pages[i]);
+               if (ap->args.is_pinned)
+                       unpin_user_page(ap->pages[i]);
        }
 }
 
@@ -1495,10 +1496,13 @@ static int fuse_get_user_pages(struct fuse_args_pages *ap, struct iov_iter *ii,
        while (nbytes < *nbytesp && ap->num_pages < max_pages) {
                unsigned npages;
                size_t start;
-               ret = iov_iter_get_pages2(ii, &ap->pages[ap->num_pages],
-                                       *nbytesp - nbytes,
-                                       max_pages - ap->num_pages,
-                                       &start);
+               struct page **pt_pages;
+
+               pt_pages = &ap->pages[ap->num_pages];
+               ret = iov_iter_extract_pages(ii, &pt_pages,
+                                            *nbytesp - nbytes,
+                                            max_pages - ap->num_pages,
+                                            0, &start);
                if (ret < 0)
                        break;
 
@@ -1515,6 +1519,7 @@ static int fuse_get_user_pages(struct fuse_args_pages *ap, struct iov_iter *ii,
                        (PAGE_SIZE - ret) & (PAGE_SIZE - 1);
        }
 
+       ap->args.is_pinned = iov_iter_extract_will_pin(ii);
        ap->args.user_pages = true;
        if (write)
                ap->args.in_pages = true;

diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 4ef6087f0e5cc4e2c98e12de67e850cf70aa2880..0f3521449bb403776f7dad6e1b6d1b88636ec3d9 100644 (file)
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -314,6 +314,7 @@ struct fuse_args {
        bool page_replace:1;
        bool may_block:1;
        bool is_ext:1;
+       bool is_pinned:1;
        struct fuse_in_arg in_args[3];
        struct fuse_arg out_args[2];
        void (*end)(struct fuse_mount *fm, struct fuse_args *args, int error);