mirror of
https://github.com/FEX-Emu/linux.git
synced 2024-12-21 08:53:41 +00:00
cf6e693212
Commit bb21488482
("[PATCH] switch loop")
started to pass NULL bdev to ioctl hook.
Steps to reproduce:
[boot with loop.max_part=1]
[mount -o loop something so mount fails]
BUG: unable to handle kernel NULL pointer dereference at 00000000000000b8
IP: [<ffffffff811486ee>] blkdev_ioctl+0x2e/0xa30
PGD 0
Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
last sysfs file: /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:35/ACPI0003:00/power_supply/ACAD/online
CPU 0
Modules linked in: zfs nvidia(P) [last unloaded: zfs]
Pid: 15177, comm: mount Tainted: P 2.6.32-rc4-zfs #2 Satellite X200
RIP: 0010:[<ffffffff811486ee>] [<ffffffff811486ee>] blkdev_ioctl+0x2e/0xa30
RSP: 0018:ffff88003b3d5bb8 EFLAGS: 00010286
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 000000000000125f RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88003b3d5ce8 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000
R13: 0000000000000000 R14: ffff880071cef280 R15: 00000000000200da
FS: 00007fd77cfe7740(0000) GS:ffff880001600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00000000000000b8 CR3: 0000000001001000 CR4: 00000000000026f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process mount (pid: 15177, threadinfo ffff88003b3d4000, task ffff88007572f920)
Stack:
ffff88003b3d5c38 ffffffff812f95f5 ffff88007eeb6600 0000000000000000
<0> 0000000000000000 ffff88003b3d5c18 ffffffff811547d9 ffff88001bf11ef0
<0> 7fffffffffffffff ffff88001bf11ee8 ffff88001bf11ef0 0000000000000000
Call Trace:
[<ffffffff812f95f5>] ? schedule_timeout+0x1f5/0x250
[<ffffffff811547d9>] ? rb_insert_color+0x109/0x140
[<ffffffff812fb754>] ? _spin_unlock_irq+0x14/0x40
[<ffffffff812f84c6>] ? wait_for_common+0x66/0x170
[<ffffffff8105a280>] ? default_wake_function+0x0/0x10
[<ffffffff810f8258>] ioctl_by_bdev+0x38/0x50
[<ffffffff811d2481>] loop_clr_fd+0x1e1/0x210
[<ffffffff811d2522>] lo_release+0x72/0x80
[<ffffffff810f934c>] __blkdev_put+0x1ac/0x1d0
[<ffffffff810f937b>] blkdev_put+0xb/0x10
[<ffffffff810f93b9>] blkdev_close+0x39/0x60
[<ffffffff810ccef3>] __fput+0xd3/0x230
[<ffffffff810cd06d>] fput+0x1d/0x30
[<ffffffff810c9680>] filp_close+0x50/0x80
[<ffffffff81061f11>] put_files_struct+0x81/0x100
[<ffffffff81061fde>] exit_files+0x4e/0x60
[<ffffffff81063ec5>] do_exit+0x6b5/0x730
[<ffffffff8107b279>] ? up_read+0x9/0x10
[<ffffffff8104c86e>] ? do_page_fault+0x18e/0x2a0
[<ffffffff81063f81>] do_group_exit+0x41/0xc0
[<ffffffff81064012>] sys_exit_group+0x12/0x20
[<ffffffff81030deb>] system_call_fastpath+0x16/0x1b
Code: f8 48 89 e5 48 81 ec 30 01 00 00 48 89 5d d8 4c 89 6d e8 4c 89 65 e0 4c 89 75 f0 4c 89 7d f8 48 89 bd e8 fe ff ff 49 89 cd 89 f3 <49> 8b 88 b8 00 00 00 81 fa 68 12 00 00 0f 84 57 05 00 00 0f 86
RIP [<ffffffff811486ee>] blkdev_ioctl+0x2e/0xa30
RSP <ffff88003b3d5bb8>
CR2: 00000000000000b8
---[ end trace c0b4d3c3118d1427 ]---
Fixing recursive fault but reboot is needed!
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Jens Axboe <jens.axboe@oracle.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1674 lines
40 KiB
C
1674 lines
40 KiB
C
/*
|
|
* linux/drivers/block/loop.c
|
|
*
|
|
* Written by Theodore Ts'o, 3/29/93
|
|
*
|
|
* Copyright 1993 by Theodore Ts'o. Redistribution of this file is
|
|
* permitted under the GNU General Public License.
|
|
*
|
|
* DES encryption plus some minor changes by Werner Almesberger, 30-MAY-1993
|
|
* more DES encryption plus IDEA encryption by Nicholas J. Leon, June 20, 1996
|
|
*
|
|
* Modularized and updated for 1.1.16 kernel - Mitch Dsouza 28th May 1994
|
|
* Adapted for 1.3.59 kernel - Andries Brouwer, 1 Feb 1996
|
|
*
|
|
* Fixed do_loop_request() re-entrancy - Vincent.Renardias@waw.com Mar 20, 1997
|
|
*
|
|
* Added devfs support - Richard Gooch <rgooch@atnf.csiro.au> 16-Jan-1998
|
|
*
|
|
* Handle sparse backing files correctly - Kenn Humborg, Jun 28, 1998
|
|
*
|
|
* Loadable modules and other fixes by AK, 1998
|
|
*
|
|
* Make real block number available to downstream transfer functions, enables
|
|
* CBC (and relatives) mode encryption requiring unique IVs per data block.
|
|
* Reed H. Petty, rhp@draper.net
|
|
*
|
|
* Maximum number of loop devices now dynamic via max_loop module parameter.
|
|
* Russell Kroll <rkroll@exploits.org> 19990701
|
|
*
|
|
* Maximum number of loop devices when compiled-in now selectable by passing
|
|
* max_loop=<1-255> to the kernel on boot.
|
|
* Erik I. Bolsø, <eriki@himolde.no>, Oct 31, 1999
|
|
*
|
|
* Completely rewrite request handling to be make_request_fn style and
|
|
* non blocking, pushing work to a helper thread. Lots of fixes from
|
|
* Al Viro too.
|
|
* Jens Axboe <axboe@suse.de>, Nov 2000
|
|
*
|
|
* Support up to 256 loop devices
|
|
* Heinz Mauelshagen <mge@sistina.com>, Feb 2002
|
|
*
|
|
* Support for falling back on the write file operation when the address space
|
|
* operations write_begin is not available on the backing filesystem.
|
|
* Anton Altaparmakov, 16 Feb 2005
|
|
*
|
|
* Still To Fix:
|
|
* - Advisory locking is ignored here.
|
|
* - Should use an own CAP_* category instead of CAP_SYS_ADMIN
|
|
*
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/moduleparam.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/file.h>
|
|
#include <linux/stat.h>
|
|
#include <linux/errno.h>
|
|
#include <linux/major.h>
|
|
#include <linux/wait.h>
|
|
#include <linux/blkdev.h>
|
|
#include <linux/blkpg.h>
|
|
#include <linux/init.h>
|
|
#include <linux/swap.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/loop.h>
|
|
#include <linux/compat.h>
|
|
#include <linux/suspend.h>
|
|
#include <linux/freezer.h>
|
|
#include <linux/writeback.h>
|
|
#include <linux/buffer_head.h> /* for invalidate_bdev() */
|
|
#include <linux/completion.h>
|
|
#include <linux/highmem.h>
|
|
#include <linux/gfp.h>
|
|
#include <linux/kthread.h>
|
|
#include <linux/splice.h>
|
|
|
|
#include <asm/uaccess.h>
|
|
|
|
static LIST_HEAD(loop_devices);
|
|
static DEFINE_MUTEX(loop_devices_mutex);
|
|
|
|
static int max_part;
|
|
static int part_shift;
|
|
|
|
/*
|
|
* Transfer functions
|
|
*/
|
|
static int transfer_none(struct loop_device *lo, int cmd,
|
|
struct page *raw_page, unsigned raw_off,
|
|
struct page *loop_page, unsigned loop_off,
|
|
int size, sector_t real_block)
|
|
{
|
|
char *raw_buf = kmap_atomic(raw_page, KM_USER0) + raw_off;
|
|
char *loop_buf = kmap_atomic(loop_page, KM_USER1) + loop_off;
|
|
|
|
if (cmd == READ)
|
|
memcpy(loop_buf, raw_buf, size);
|
|
else
|
|
memcpy(raw_buf, loop_buf, size);
|
|
|
|
kunmap_atomic(raw_buf, KM_USER0);
|
|
kunmap_atomic(loop_buf, KM_USER1);
|
|
cond_resched();
|
|
return 0;
|
|
}
|
|
|
|
static int transfer_xor(struct loop_device *lo, int cmd,
|
|
struct page *raw_page, unsigned raw_off,
|
|
struct page *loop_page, unsigned loop_off,
|
|
int size, sector_t real_block)
|
|
{
|
|
char *raw_buf = kmap_atomic(raw_page, KM_USER0) + raw_off;
|
|
char *loop_buf = kmap_atomic(loop_page, KM_USER1) + loop_off;
|
|
char *in, *out, *key;
|
|
int i, keysize;
|
|
|
|
if (cmd == READ) {
|
|
in = raw_buf;
|
|
out = loop_buf;
|
|
} else {
|
|
in = loop_buf;
|
|
out = raw_buf;
|
|
}
|
|
|
|
key = lo->lo_encrypt_key;
|
|
keysize = lo->lo_encrypt_key_size;
|
|
for (i = 0; i < size; i++)
|
|
*out++ = *in++ ^ key[(i & 511) % keysize];
|
|
|
|
kunmap_atomic(raw_buf, KM_USER0);
|
|
kunmap_atomic(loop_buf, KM_USER1);
|
|
cond_resched();
|
|
return 0;
|
|
}
|
|
|
|
static int xor_init(struct loop_device *lo, const struct loop_info64 *info)
|
|
{
|
|
if (unlikely(info->lo_encrypt_key_size <= 0))
|
|
return -EINVAL;
|
|
return 0;
|
|
}
|
|
|
|
static struct loop_func_table none_funcs = {
|
|
.number = LO_CRYPT_NONE,
|
|
.transfer = transfer_none,
|
|
};
|
|
|
|
static struct loop_func_table xor_funcs = {
|
|
.number = LO_CRYPT_XOR,
|
|
.transfer = transfer_xor,
|
|
.init = xor_init
|
|
};
|
|
|
|
/* xfer_funcs[0] is special - its release function is never called */
|
|
static struct loop_func_table *xfer_funcs[MAX_LO_CRYPT] = {
|
|
&none_funcs,
|
|
&xor_funcs
|
|
};
|
|
|
|
static loff_t get_loop_size(struct loop_device *lo, struct file *file)
|
|
{
|
|
loff_t size, offset, loopsize;
|
|
|
|
/* Compute loopsize in bytes */
|
|
size = i_size_read(file->f_mapping->host);
|
|
offset = lo->lo_offset;
|
|
loopsize = size - offset;
|
|
if (lo->lo_sizelimit > 0 && lo->lo_sizelimit < loopsize)
|
|
loopsize = lo->lo_sizelimit;
|
|
|
|
/*
|
|
* Unfortunately, if we want to do I/O on the device,
|
|
* the number of 512-byte sectors has to fit into a sector_t.
|
|
*/
|
|
return loopsize >> 9;
|
|
}
|
|
|
|
static int
|
|
figure_loop_size(struct loop_device *lo)
|
|
{
|
|
loff_t size = get_loop_size(lo, lo->lo_backing_file);
|
|
sector_t x = (sector_t)size;
|
|
|
|
if (unlikely((loff_t)x != size))
|
|
return -EFBIG;
|
|
|
|
set_capacity(lo->lo_disk, x);
|
|
return 0;
|
|
}
|
|
|
|
static inline int
|
|
lo_do_transfer(struct loop_device *lo, int cmd,
|
|
struct page *rpage, unsigned roffs,
|
|
struct page *lpage, unsigned loffs,
|
|
int size, sector_t rblock)
|
|
{
|
|
if (unlikely(!lo->transfer))
|
|
return 0;
|
|
|
|
return lo->transfer(lo, cmd, rpage, roffs, lpage, loffs, size, rblock);
|
|
}
|
|
|
|
/**
|
|
* do_lo_send_aops - helper for writing data to a loop device
|
|
*
|
|
* This is the fast version for backing filesystems which implement the address
|
|
* space operations write_begin and write_end.
|
|
*/
|
|
static int do_lo_send_aops(struct loop_device *lo, struct bio_vec *bvec,
|
|
loff_t pos, struct page *unused)
|
|
{
|
|
struct file *file = lo->lo_backing_file; /* kudos to NFsckingS */
|
|
struct address_space *mapping = file->f_mapping;
|
|
pgoff_t index;
|
|
unsigned offset, bv_offs;
|
|
int len, ret;
|
|
|
|
mutex_lock(&mapping->host->i_mutex);
|
|
index = pos >> PAGE_CACHE_SHIFT;
|
|
offset = pos & ((pgoff_t)PAGE_CACHE_SIZE - 1);
|
|
bv_offs = bvec->bv_offset;
|
|
len = bvec->bv_len;
|
|
while (len > 0) {
|
|
sector_t IV;
|
|
unsigned size, copied;
|
|
int transfer_result;
|
|
struct page *page;
|
|
void *fsdata;
|
|
|
|
IV = ((sector_t)index << (PAGE_CACHE_SHIFT - 9))+(offset >> 9);
|
|
size = PAGE_CACHE_SIZE - offset;
|
|
if (size > len)
|
|
size = len;
|
|
|
|
ret = pagecache_write_begin(file, mapping, pos, size, 0,
|
|
&page, &fsdata);
|
|
if (ret)
|
|
goto fail;
|
|
|
|
transfer_result = lo_do_transfer(lo, WRITE, page, offset,
|
|
bvec->bv_page, bv_offs, size, IV);
|
|
copied = size;
|
|
if (unlikely(transfer_result))
|
|
copied = 0;
|
|
|
|
ret = pagecache_write_end(file, mapping, pos, size, copied,
|
|
page, fsdata);
|
|
if (ret < 0 || ret != copied)
|
|
goto fail;
|
|
|
|
if (unlikely(transfer_result))
|
|
goto fail;
|
|
|
|
bv_offs += copied;
|
|
len -= copied;
|
|
offset = 0;
|
|
index++;
|
|
pos += copied;
|
|
}
|
|
ret = 0;
|
|
out:
|
|
mutex_unlock(&mapping->host->i_mutex);
|
|
return ret;
|
|
fail:
|
|
ret = -1;
|
|
goto out;
|
|
}
|
|
|
|
/**
|
|
* __do_lo_send_write - helper for writing data to a loop device
|
|
*
|
|
* This helper just factors out common code between do_lo_send_direct_write()
|
|
* and do_lo_send_write().
|
|
*/
|
|
static int __do_lo_send_write(struct file *file,
|
|
u8 *buf, const int len, loff_t pos)
|
|
{
|
|
ssize_t bw;
|
|
mm_segment_t old_fs = get_fs();
|
|
|
|
set_fs(get_ds());
|
|
bw = file->f_op->write(file, buf, len, &pos);
|
|
set_fs(old_fs);
|
|
if (likely(bw == len))
|
|
return 0;
|
|
printk(KERN_ERR "loop: Write error at byte offset %llu, length %i.\n",
|
|
(unsigned long long)pos, len);
|
|
if (bw >= 0)
|
|
bw = -EIO;
|
|
return bw;
|
|
}
|
|
|
|
/**
|
|
* do_lo_send_direct_write - helper for writing data to a loop device
|
|
*
|
|
* This is the fast, non-transforming version for backing filesystems which do
|
|
* not implement the address space operations write_begin and write_end.
|
|
* It uses the write file operation which should be present on all writeable
|
|
* filesystems.
|
|
*/
|
|
static int do_lo_send_direct_write(struct loop_device *lo,
|
|
struct bio_vec *bvec, loff_t pos, struct page *page)
|
|
{
|
|
ssize_t bw = __do_lo_send_write(lo->lo_backing_file,
|
|
kmap(bvec->bv_page) + bvec->bv_offset,
|
|
bvec->bv_len, pos);
|
|
kunmap(bvec->bv_page);
|
|
cond_resched();
|
|
return bw;
|
|
}
|
|
|
|
/**
|
|
* do_lo_send_write - helper for writing data to a loop device
|
|
*
|
|
* This is the slow, transforming version for filesystems which do not
|
|
* implement the address space operations write_begin and write_end. It
|
|
* uses the write file operation which should be present on all writeable
|
|
* filesystems.
|
|
*
|
|
* Using fops->write is slower than using aops->{prepare,commit}_write in the
|
|
* transforming case because we need to double buffer the data as we cannot do
|
|
* the transformations in place as we do not have direct access to the
|
|
* destination pages of the backing file.
|
|
*/
|
|
static int do_lo_send_write(struct loop_device *lo, struct bio_vec *bvec,
|
|
loff_t pos, struct page *page)
|
|
{
|
|
int ret = lo_do_transfer(lo, WRITE, page, 0, bvec->bv_page,
|
|
bvec->bv_offset, bvec->bv_len, pos >> 9);
|
|
if (likely(!ret))
|
|
return __do_lo_send_write(lo->lo_backing_file,
|
|
page_address(page), bvec->bv_len,
|
|
pos);
|
|
printk(KERN_ERR "loop: Transfer error at byte offset %llu, "
|
|
"length %i.\n", (unsigned long long)pos, bvec->bv_len);
|
|
if (ret > 0)
|
|
ret = -EIO;
|
|
return ret;
|
|
}
|
|
|
|
static int lo_send(struct loop_device *lo, struct bio *bio, loff_t pos)
|
|
{
|
|
int (*do_lo_send)(struct loop_device *, struct bio_vec *, loff_t,
|
|
struct page *page);
|
|
struct bio_vec *bvec;
|
|
struct page *page = NULL;
|
|
int i, ret = 0;
|
|
|
|
do_lo_send = do_lo_send_aops;
|
|
if (!(lo->lo_flags & LO_FLAGS_USE_AOPS)) {
|
|
do_lo_send = do_lo_send_direct_write;
|
|
if (lo->transfer != transfer_none) {
|
|
page = alloc_page(GFP_NOIO | __GFP_HIGHMEM);
|
|
if (unlikely(!page))
|
|
goto fail;
|
|
kmap(page);
|
|
do_lo_send = do_lo_send_write;
|
|
}
|
|
}
|
|
bio_for_each_segment(bvec, bio, i) {
|
|
ret = do_lo_send(lo, bvec, pos, page);
|
|
if (ret < 0)
|
|
break;
|
|
pos += bvec->bv_len;
|
|
}
|
|
if (page) {
|
|
kunmap(page);
|
|
__free_page(page);
|
|
}
|
|
out:
|
|
return ret;
|
|
fail:
|
|
printk(KERN_ERR "loop: Failed to allocate temporary page for write.\n");
|
|
ret = -ENOMEM;
|
|
goto out;
|
|
}
|
|
|
|
struct lo_read_data {
|
|
struct loop_device *lo;
|
|
struct page *page;
|
|
unsigned offset;
|
|
int bsize;
|
|
};
|
|
|
|
static int
|
|
lo_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
|
|
struct splice_desc *sd)
|
|
{
|
|
struct lo_read_data *p = sd->u.data;
|
|
struct loop_device *lo = p->lo;
|
|
struct page *page = buf->page;
|
|
sector_t IV;
|
|
int size, ret;
|
|
|
|
ret = buf->ops->confirm(pipe, buf);
|
|
if (unlikely(ret))
|
|
return ret;
|
|
|
|
IV = ((sector_t) page->index << (PAGE_CACHE_SHIFT - 9)) +
|
|
(buf->offset >> 9);
|
|
size = sd->len;
|
|
if (size > p->bsize)
|
|
size = p->bsize;
|
|
|
|
if (lo_do_transfer(lo, READ, page, buf->offset, p->page, p->offset, size, IV)) {
|
|
printk(KERN_ERR "loop: transfer error block %ld\n",
|
|
page->index);
|
|
size = -EINVAL;
|
|
}
|
|
|
|
flush_dcache_page(p->page);
|
|
|
|
if (size > 0)
|
|
p->offset += size;
|
|
|
|
return size;
|
|
}
|
|
|
|
static int
|
|
lo_direct_splice_actor(struct pipe_inode_info *pipe, struct splice_desc *sd)
|
|
{
|
|
return __splice_from_pipe(pipe, sd, lo_splice_actor);
|
|
}
|
|
|
|
static int
|
|
do_lo_receive(struct loop_device *lo,
|
|
struct bio_vec *bvec, int bsize, loff_t pos)
|
|
{
|
|
struct lo_read_data cookie;
|
|
struct splice_desc sd;
|
|
struct file *file;
|
|
long retval;
|
|
|
|
cookie.lo = lo;
|
|
cookie.page = bvec->bv_page;
|
|
cookie.offset = bvec->bv_offset;
|
|
cookie.bsize = bsize;
|
|
|
|
sd.len = 0;
|
|
sd.total_len = bvec->bv_len;
|
|
sd.flags = 0;
|
|
sd.pos = pos;
|
|
sd.u.data = &cookie;
|
|
|
|
file = lo->lo_backing_file;
|
|
retval = splice_direct_to_actor(file, &sd, lo_direct_splice_actor);
|
|
|
|
if (retval < 0)
|
|
return retval;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
lo_receive(struct loop_device *lo, struct bio *bio, int bsize, loff_t pos)
|
|
{
|
|
struct bio_vec *bvec;
|
|
int i, ret = 0;
|
|
|
|
bio_for_each_segment(bvec, bio, i) {
|
|
ret = do_lo_receive(lo, bvec, bsize, pos);
|
|
if (ret < 0)
|
|
break;
|
|
pos += bvec->bv_len;
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
static int do_bio_filebacked(struct loop_device *lo, struct bio *bio)
|
|
{
|
|
loff_t pos;
|
|
int ret;
|
|
|
|
pos = ((loff_t) bio->bi_sector << 9) + lo->lo_offset;
|
|
|
|
if (bio_rw(bio) == WRITE) {
|
|
bool barrier = bio_rw_flagged(bio, BIO_RW_BARRIER);
|
|
struct file *file = lo->lo_backing_file;
|
|
|
|
if (barrier) {
|
|
if (unlikely(!file->f_op->fsync)) {
|
|
ret = -EOPNOTSUPP;
|
|
goto out;
|
|
}
|
|
|
|
ret = vfs_fsync(file, file->f_path.dentry, 0);
|
|
if (unlikely(ret)) {
|
|
ret = -EIO;
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
ret = lo_send(lo, bio, pos);
|
|
|
|
if (barrier && !ret) {
|
|
ret = vfs_fsync(file, file->f_path.dentry, 0);
|
|
if (unlikely(ret))
|
|
ret = -EIO;
|
|
}
|
|
} else
|
|
ret = lo_receive(lo, bio, lo->lo_blocksize, pos);
|
|
|
|
out:
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* Add bio to back of pending list
|
|
*/
|
|
static void loop_add_bio(struct loop_device *lo, struct bio *bio)
|
|
{
|
|
bio_list_add(&lo->lo_bio_list, bio);
|
|
}
|
|
|
|
/*
|
|
* Grab first pending buffer
|
|
*/
|
|
static struct bio *loop_get_bio(struct loop_device *lo)
|
|
{
|
|
return bio_list_pop(&lo->lo_bio_list);
|
|
}
|
|
|
|
static int loop_make_request(struct request_queue *q, struct bio *old_bio)
|
|
{
|
|
struct loop_device *lo = q->queuedata;
|
|
int rw = bio_rw(old_bio);
|
|
|
|
if (rw == READA)
|
|
rw = READ;
|
|
|
|
BUG_ON(!lo || (rw != READ && rw != WRITE));
|
|
|
|
spin_lock_irq(&lo->lo_lock);
|
|
if (lo->lo_state != Lo_bound)
|
|
goto out;
|
|
if (unlikely(rw == WRITE && (lo->lo_flags & LO_FLAGS_READ_ONLY)))
|
|
goto out;
|
|
loop_add_bio(lo, old_bio);
|
|
wake_up(&lo->lo_event);
|
|
spin_unlock_irq(&lo->lo_lock);
|
|
return 0;
|
|
|
|
out:
|
|
spin_unlock_irq(&lo->lo_lock);
|
|
bio_io_error(old_bio);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* kick off io on the underlying address space
|
|
*/
|
|
static void loop_unplug(struct request_queue *q)
|
|
{
|
|
struct loop_device *lo = q->queuedata;
|
|
|
|
queue_flag_clear_unlocked(QUEUE_FLAG_PLUGGED, q);
|
|
blk_run_address_space(lo->lo_backing_file->f_mapping);
|
|
}
|
|
|
|
struct switch_request {
|
|
struct file *file;
|
|
struct completion wait;
|
|
};
|
|
|
|
static void do_loop_switch(struct loop_device *, struct switch_request *);
|
|
|
|
static inline void loop_handle_bio(struct loop_device *lo, struct bio *bio)
|
|
{
|
|
if (unlikely(!bio->bi_bdev)) {
|
|
do_loop_switch(lo, bio->bi_private);
|
|
bio_put(bio);
|
|
} else {
|
|
int ret = do_bio_filebacked(lo, bio);
|
|
bio_endio(bio, ret);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* worker thread that handles reads/writes to file backed loop devices,
|
|
* to avoid blocking in our make_request_fn. it also does loop decrypting
|
|
* on reads for block backed loop, as that is too heavy to do from
|
|
* b_end_io context where irqs may be disabled.
|
|
*
|
|
* Loop explanation: loop_clr_fd() sets lo_state to Lo_rundown before
|
|
* calling kthread_stop(). Therefore once kthread_should_stop() is
|
|
* true, make_request will not place any more requests. Therefore
|
|
* once kthread_should_stop() is true and lo_bio is NULL, we are
|
|
* done with the loop.
|
|
*/
|
|
static int loop_thread(void *data)
|
|
{
|
|
struct loop_device *lo = data;
|
|
struct bio *bio;
|
|
|
|
set_user_nice(current, -20);
|
|
|
|
while (!kthread_should_stop() || !bio_list_empty(&lo->lo_bio_list)) {
|
|
|
|
wait_event_interruptible(lo->lo_event,
|
|
!bio_list_empty(&lo->lo_bio_list) ||
|
|
kthread_should_stop());
|
|
|
|
if (bio_list_empty(&lo->lo_bio_list))
|
|
continue;
|
|
spin_lock_irq(&lo->lo_lock);
|
|
bio = loop_get_bio(lo);
|
|
spin_unlock_irq(&lo->lo_lock);
|
|
|
|
BUG_ON(!bio);
|
|
loop_handle_bio(lo, bio);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* loop_switch performs the hard work of switching a backing store.
|
|
* First it needs to flush existing IO, it does this by sending a magic
|
|
* BIO down the pipe. The completion of this BIO does the actual switch.
|
|
*/
|
|
static int loop_switch(struct loop_device *lo, struct file *file)
|
|
{
|
|
struct switch_request w;
|
|
struct bio *bio = bio_alloc(GFP_KERNEL, 0);
|
|
if (!bio)
|
|
return -ENOMEM;
|
|
init_completion(&w.wait);
|
|
w.file = file;
|
|
bio->bi_private = &w;
|
|
bio->bi_bdev = NULL;
|
|
loop_make_request(lo->lo_queue, bio);
|
|
wait_for_completion(&w.wait);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Helper to flush the IOs in loop, but keeping loop thread running
|
|
*/
|
|
static int loop_flush(struct loop_device *lo)
|
|
{
|
|
/* loop not yet configured, no running thread, nothing to flush */
|
|
if (!lo->lo_thread)
|
|
return 0;
|
|
|
|
return loop_switch(lo, NULL);
|
|
}
|
|
|
|
/*
|
|
* Do the actual switch; called from the BIO completion routine
|
|
*/
|
|
static void do_loop_switch(struct loop_device *lo, struct switch_request *p)
|
|
{
|
|
struct file *file = p->file;
|
|
struct file *old_file = lo->lo_backing_file;
|
|
struct address_space *mapping;
|
|
|
|
/* if no new file, only flush of queued bios requested */
|
|
if (!file)
|
|
goto out;
|
|
|
|
mapping = file->f_mapping;
|
|
mapping_set_gfp_mask(old_file->f_mapping, lo->old_gfp_mask);
|
|
lo->lo_backing_file = file;
|
|
lo->lo_blocksize = S_ISBLK(mapping->host->i_mode) ?
|
|
mapping->host->i_bdev->bd_block_size : PAGE_SIZE;
|
|
lo->old_gfp_mask = mapping_gfp_mask(mapping);
|
|
mapping_set_gfp_mask(mapping, lo->old_gfp_mask & ~(__GFP_IO|__GFP_FS));
|
|
out:
|
|
complete(&p->wait);
|
|
}
|
|
|
|
|
|
/*
|
|
* loop_change_fd switched the backing store of a loopback device to
|
|
* a new file. This is useful for operating system installers to free up
|
|
* the original file and in High Availability environments to switch to
|
|
* an alternative location for the content in case of server meltdown.
|
|
* This can only work if the loop device is used read-only, and if the
|
|
* new backing store is the same size and type as the old backing store.
|
|
*/
|
|
static int loop_change_fd(struct loop_device *lo, struct block_device *bdev,
|
|
unsigned int arg)
|
|
{
|
|
struct file *file, *old_file;
|
|
struct inode *inode;
|
|
int error;
|
|
|
|
error = -ENXIO;
|
|
if (lo->lo_state != Lo_bound)
|
|
goto out;
|
|
|
|
/* the loop device has to be read-only */
|
|
error = -EINVAL;
|
|
if (!(lo->lo_flags & LO_FLAGS_READ_ONLY))
|
|
goto out;
|
|
|
|
error = -EBADF;
|
|
file = fget(arg);
|
|
if (!file)
|
|
goto out;
|
|
|
|
inode = file->f_mapping->host;
|
|
old_file = lo->lo_backing_file;
|
|
|
|
error = -EINVAL;
|
|
|
|
if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
|
|
goto out_putf;
|
|
|
|
/* size of the new backing store needs to be the same */
|
|
if (get_loop_size(lo, file) != get_loop_size(lo, old_file))
|
|
goto out_putf;
|
|
|
|
/* and ... switch */
|
|
error = loop_switch(lo, file);
|
|
if (error)
|
|
goto out_putf;
|
|
|
|
fput(old_file);
|
|
if (max_part > 0)
|
|
ioctl_by_bdev(bdev, BLKRRPART, 0);
|
|
return 0;
|
|
|
|
out_putf:
|
|
fput(file);
|
|
out:
|
|
return error;
|
|
}
|
|
|
|
static inline int is_loop_device(struct file *file)
|
|
{
|
|
struct inode *i = file->f_mapping->host;
|
|
|
|
return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR;
|
|
}
|
|
|
|
static int loop_set_fd(struct loop_device *lo, fmode_t mode,
|
|
struct block_device *bdev, unsigned int arg)
|
|
{
|
|
struct file *file, *f;
|
|
struct inode *inode;
|
|
struct address_space *mapping;
|
|
unsigned lo_blocksize;
|
|
int lo_flags = 0;
|
|
int error;
|
|
loff_t size;
|
|
|
|
/* This is safe, since we have a reference from open(). */
|
|
__module_get(THIS_MODULE);
|
|
|
|
error = -EBADF;
|
|
file = fget(arg);
|
|
if (!file)
|
|
goto out;
|
|
|
|
error = -EBUSY;
|
|
if (lo->lo_state != Lo_unbound)
|
|
goto out_putf;
|
|
|
|
/* Avoid recursion */
|
|
f = file;
|
|
while (is_loop_device(f)) {
|
|
struct loop_device *l;
|
|
|
|
if (f->f_mapping->host->i_bdev == bdev)
|
|
goto out_putf;
|
|
|
|
l = f->f_mapping->host->i_bdev->bd_disk->private_data;
|
|
if (l->lo_state == Lo_unbound) {
|
|
error = -EINVAL;
|
|
goto out_putf;
|
|
}
|
|
f = l->lo_backing_file;
|
|
}
|
|
|
|
mapping = file->f_mapping;
|
|
inode = mapping->host;
|
|
|
|
if (!(file->f_mode & FMODE_WRITE))
|
|
lo_flags |= LO_FLAGS_READ_ONLY;
|
|
|
|
error = -EINVAL;
|
|
if (S_ISREG(inode->i_mode) || S_ISBLK(inode->i_mode)) {
|
|
const struct address_space_operations *aops = mapping->a_ops;
|
|
|
|
if (aops->write_begin)
|
|
lo_flags |= LO_FLAGS_USE_AOPS;
|
|
if (!(lo_flags & LO_FLAGS_USE_AOPS) && !file->f_op->write)
|
|
lo_flags |= LO_FLAGS_READ_ONLY;
|
|
|
|
lo_blocksize = S_ISBLK(inode->i_mode) ?
|
|
inode->i_bdev->bd_block_size : PAGE_SIZE;
|
|
|
|
error = 0;
|
|
} else {
|
|
goto out_putf;
|
|
}
|
|
|
|
size = get_loop_size(lo, file);
|
|
|
|
if ((loff_t)(sector_t)size != size) {
|
|
error = -EFBIG;
|
|
goto out_putf;
|
|
}
|
|
|
|
if (!(mode & FMODE_WRITE))
|
|
lo_flags |= LO_FLAGS_READ_ONLY;
|
|
|
|
set_device_ro(bdev, (lo_flags & LO_FLAGS_READ_ONLY) != 0);
|
|
|
|
lo->lo_blocksize = lo_blocksize;
|
|
lo->lo_device = bdev;
|
|
lo->lo_flags = lo_flags;
|
|
lo->lo_backing_file = file;
|
|
lo->transfer = transfer_none;
|
|
lo->ioctl = NULL;
|
|
lo->lo_sizelimit = 0;
|
|
lo->old_gfp_mask = mapping_gfp_mask(mapping);
|
|
mapping_set_gfp_mask(mapping, lo->old_gfp_mask & ~(__GFP_IO|__GFP_FS));
|
|
|
|
bio_list_init(&lo->lo_bio_list);
|
|
|
|
/*
|
|
* set queue make_request_fn, and add limits based on lower level
|
|
* device
|
|
*/
|
|
blk_queue_make_request(lo->lo_queue, loop_make_request);
|
|
lo->lo_queue->queuedata = lo;
|
|
lo->lo_queue->unplug_fn = loop_unplug;
|
|
|
|
if (!(lo_flags & LO_FLAGS_READ_ONLY) && file->f_op->fsync)
|
|
blk_queue_ordered(lo->lo_queue, QUEUE_ORDERED_DRAIN, NULL);
|
|
|
|
set_capacity(lo->lo_disk, size);
|
|
bd_set_size(bdev, size << 9);
|
|
|
|
set_blocksize(bdev, lo_blocksize);
|
|
|
|
lo->lo_thread = kthread_create(loop_thread, lo, "loop%d",
|
|
lo->lo_number);
|
|
if (IS_ERR(lo->lo_thread)) {
|
|
error = PTR_ERR(lo->lo_thread);
|
|
goto out_clr;
|
|
}
|
|
lo->lo_state = Lo_bound;
|
|
wake_up_process(lo->lo_thread);
|
|
if (max_part > 0)
|
|
ioctl_by_bdev(bdev, BLKRRPART, 0);
|
|
return 0;
|
|
|
|
out_clr:
|
|
lo->lo_thread = NULL;
|
|
lo->lo_device = NULL;
|
|
lo->lo_backing_file = NULL;
|
|
lo->lo_flags = 0;
|
|
set_capacity(lo->lo_disk, 0);
|
|
invalidate_bdev(bdev);
|
|
bd_set_size(bdev, 0);
|
|
mapping_set_gfp_mask(mapping, lo->old_gfp_mask);
|
|
lo->lo_state = Lo_unbound;
|
|
out_putf:
|
|
fput(file);
|
|
out:
|
|
/* This is safe: open() is still holding a reference. */
|
|
module_put(THIS_MODULE);
|
|
return error;
|
|
}
|
|
|
|
static int
|
|
loop_release_xfer(struct loop_device *lo)
|
|
{
|
|
int err = 0;
|
|
struct loop_func_table *xfer = lo->lo_encryption;
|
|
|
|
if (xfer) {
|
|
if (xfer->release)
|
|
err = xfer->release(lo);
|
|
lo->transfer = NULL;
|
|
lo->lo_encryption = NULL;
|
|
module_put(xfer->owner);
|
|
}
|
|
return err;
|
|
}
|
|
|
|
static int
|
|
loop_init_xfer(struct loop_device *lo, struct loop_func_table *xfer,
|
|
const struct loop_info64 *i)
|
|
{
|
|
int err = 0;
|
|
|
|
if (xfer) {
|
|
struct module *owner = xfer->owner;
|
|
|
|
if (!try_module_get(owner))
|
|
return -EINVAL;
|
|
if (xfer->init)
|
|
err = xfer->init(lo, i);
|
|
if (err)
|
|
module_put(owner);
|
|
else
|
|
lo->lo_encryption = xfer;
|
|
}
|
|
return err;
|
|
}
|
|
|
|
static int loop_clr_fd(struct loop_device *lo, struct block_device *bdev)
|
|
{
|
|
struct file *filp = lo->lo_backing_file;
|
|
gfp_t gfp = lo->old_gfp_mask;
|
|
|
|
if (lo->lo_state != Lo_bound)
|
|
return -ENXIO;
|
|
|
|
if (lo->lo_refcnt > 1) /* we needed one fd for the ioctl */
|
|
return -EBUSY;
|
|
|
|
if (filp == NULL)
|
|
return -EINVAL;
|
|
|
|
spin_lock_irq(&lo->lo_lock);
|
|
lo->lo_state = Lo_rundown;
|
|
spin_unlock_irq(&lo->lo_lock);
|
|
|
|
kthread_stop(lo->lo_thread);
|
|
|
|
lo->lo_queue->unplug_fn = NULL;
|
|
lo->lo_backing_file = NULL;
|
|
|
|
loop_release_xfer(lo);
|
|
lo->transfer = NULL;
|
|
lo->ioctl = NULL;
|
|
lo->lo_device = NULL;
|
|
lo->lo_encryption = NULL;
|
|
lo->lo_offset = 0;
|
|
lo->lo_sizelimit = 0;
|
|
lo->lo_encrypt_key_size = 0;
|
|
lo->lo_flags = 0;
|
|
lo->lo_thread = NULL;
|
|
memset(lo->lo_encrypt_key, 0, LO_KEY_SIZE);
|
|
memset(lo->lo_crypt_name, 0, LO_NAME_SIZE);
|
|
memset(lo->lo_file_name, 0, LO_NAME_SIZE);
|
|
if (bdev)
|
|
invalidate_bdev(bdev);
|
|
set_capacity(lo->lo_disk, 0);
|
|
if (bdev)
|
|
bd_set_size(bdev, 0);
|
|
mapping_set_gfp_mask(filp->f_mapping, gfp);
|
|
lo->lo_state = Lo_unbound;
|
|
/* This is safe: open() is still holding a reference. */
|
|
module_put(THIS_MODULE);
|
|
if (max_part > 0 && bdev)
|
|
ioctl_by_bdev(bdev, BLKRRPART, 0);
|
|
mutex_unlock(&lo->lo_ctl_mutex);
|
|
/*
|
|
* Need not hold lo_ctl_mutex to fput backing file.
|
|
* Calling fput holding lo_ctl_mutex triggers a circular
|
|
* lock dependency possibility warning as fput can take
|
|
* bd_mutex which is usually taken before lo_ctl_mutex.
|
|
*/
|
|
fput(filp);
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
|
|
{
|
|
int err;
|
|
struct loop_func_table *xfer;
|
|
uid_t uid = current_uid();
|
|
|
|
if (lo->lo_encrypt_key_size &&
|
|
lo->lo_key_owner != uid &&
|
|
!capable(CAP_SYS_ADMIN))
|
|
return -EPERM;
|
|
if (lo->lo_state != Lo_bound)
|
|
return -ENXIO;
|
|
if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE)
|
|
return -EINVAL;
|
|
|
|
err = loop_release_xfer(lo);
|
|
if (err)
|
|
return err;
|
|
|
|
if (info->lo_encrypt_type) {
|
|
unsigned int type = info->lo_encrypt_type;
|
|
|
|
if (type >= MAX_LO_CRYPT)
|
|
return -EINVAL;
|
|
xfer = xfer_funcs[type];
|
|
if (xfer == NULL)
|
|
return -EINVAL;
|
|
} else
|
|
xfer = NULL;
|
|
|
|
err = loop_init_xfer(lo, xfer, info);
|
|
if (err)
|
|
return err;
|
|
|
|
if (lo->lo_offset != info->lo_offset ||
|
|
lo->lo_sizelimit != info->lo_sizelimit) {
|
|
lo->lo_offset = info->lo_offset;
|
|
lo->lo_sizelimit = info->lo_sizelimit;
|
|
if (figure_loop_size(lo))
|
|
return -EFBIG;
|
|
}
|
|
|
|
memcpy(lo->lo_file_name, info->lo_file_name, LO_NAME_SIZE);
|
|
memcpy(lo->lo_crypt_name, info->lo_crypt_name, LO_NAME_SIZE);
|
|
lo->lo_file_name[LO_NAME_SIZE-1] = 0;
|
|
lo->lo_crypt_name[LO_NAME_SIZE-1] = 0;
|
|
|
|
if (!xfer)
|
|
xfer = &none_funcs;
|
|
lo->transfer = xfer->transfer;
|
|
lo->ioctl = xfer->ioctl;
|
|
|
|
if ((lo->lo_flags & LO_FLAGS_AUTOCLEAR) !=
|
|
(info->lo_flags & LO_FLAGS_AUTOCLEAR))
|
|
lo->lo_flags ^= LO_FLAGS_AUTOCLEAR;
|
|
|
|
lo->lo_encrypt_key_size = info->lo_encrypt_key_size;
|
|
lo->lo_init[0] = info->lo_init[0];
|
|
lo->lo_init[1] = info->lo_init[1];
|
|
if (info->lo_encrypt_key_size) {
|
|
memcpy(lo->lo_encrypt_key, info->lo_encrypt_key,
|
|
info->lo_encrypt_key_size);
|
|
lo->lo_key_owner = uid;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
loop_get_status(struct loop_device *lo, struct loop_info64 *info)
|
|
{
|
|
struct file *file = lo->lo_backing_file;
|
|
struct kstat stat;
|
|
int error;
|
|
|
|
if (lo->lo_state != Lo_bound)
|
|
return -ENXIO;
|
|
error = vfs_getattr(file->f_path.mnt, file->f_path.dentry, &stat);
|
|
if (error)
|
|
return error;
|
|
memset(info, 0, sizeof(*info));
|
|
info->lo_number = lo->lo_number;
|
|
info->lo_device = huge_encode_dev(stat.dev);
|
|
info->lo_inode = stat.ino;
|
|
info->lo_rdevice = huge_encode_dev(lo->lo_device ? stat.rdev : stat.dev);
|
|
info->lo_offset = lo->lo_offset;
|
|
info->lo_sizelimit = lo->lo_sizelimit;
|
|
info->lo_flags = lo->lo_flags;
|
|
memcpy(info->lo_file_name, lo->lo_file_name, LO_NAME_SIZE);
|
|
memcpy(info->lo_crypt_name, lo->lo_crypt_name, LO_NAME_SIZE);
|
|
info->lo_encrypt_type =
|
|
lo->lo_encryption ? lo->lo_encryption->number : 0;
|
|
if (lo->lo_encrypt_key_size && capable(CAP_SYS_ADMIN)) {
|
|
info->lo_encrypt_key_size = lo->lo_encrypt_key_size;
|
|
memcpy(info->lo_encrypt_key, lo->lo_encrypt_key,
|
|
lo->lo_encrypt_key_size);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static void
|
|
loop_info64_from_old(const struct loop_info *info, struct loop_info64 *info64)
|
|
{
|
|
memset(info64, 0, sizeof(*info64));
|
|
info64->lo_number = info->lo_number;
|
|
info64->lo_device = info->lo_device;
|
|
info64->lo_inode = info->lo_inode;
|
|
info64->lo_rdevice = info->lo_rdevice;
|
|
info64->lo_offset = info->lo_offset;
|
|
info64->lo_sizelimit = 0;
|
|
info64->lo_encrypt_type = info->lo_encrypt_type;
|
|
info64->lo_encrypt_key_size = info->lo_encrypt_key_size;
|
|
info64->lo_flags = info->lo_flags;
|
|
info64->lo_init[0] = info->lo_init[0];
|
|
info64->lo_init[1] = info->lo_init[1];
|
|
if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
|
|
memcpy(info64->lo_crypt_name, info->lo_name, LO_NAME_SIZE);
|
|
else
|
|
memcpy(info64->lo_file_name, info->lo_name, LO_NAME_SIZE);
|
|
memcpy(info64->lo_encrypt_key, info->lo_encrypt_key, LO_KEY_SIZE);
|
|
}
|
|
|
|
static int
|
|
loop_info64_to_old(const struct loop_info64 *info64, struct loop_info *info)
|
|
{
|
|
memset(info, 0, sizeof(*info));
|
|
info->lo_number = info64->lo_number;
|
|
info->lo_device = info64->lo_device;
|
|
info->lo_inode = info64->lo_inode;
|
|
info->lo_rdevice = info64->lo_rdevice;
|
|
info->lo_offset = info64->lo_offset;
|
|
info->lo_encrypt_type = info64->lo_encrypt_type;
|
|
info->lo_encrypt_key_size = info64->lo_encrypt_key_size;
|
|
info->lo_flags = info64->lo_flags;
|
|
info->lo_init[0] = info64->lo_init[0];
|
|
info->lo_init[1] = info64->lo_init[1];
|
|
if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
|
|
memcpy(info->lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
|
|
else
|
|
memcpy(info->lo_name, info64->lo_file_name, LO_NAME_SIZE);
|
|
memcpy(info->lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
|
|
|
|
/* error in case values were truncated */
|
|
if (info->lo_device != info64->lo_device ||
|
|
info->lo_rdevice != info64->lo_rdevice ||
|
|
info->lo_inode != info64->lo_inode ||
|
|
info->lo_offset != info64->lo_offset)
|
|
return -EOVERFLOW;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
loop_set_status_old(struct loop_device *lo, const struct loop_info __user *arg)
|
|
{
|
|
struct loop_info info;
|
|
struct loop_info64 info64;
|
|
|
|
if (copy_from_user(&info, arg, sizeof (struct loop_info)))
|
|
return -EFAULT;
|
|
loop_info64_from_old(&info, &info64);
|
|
return loop_set_status(lo, &info64);
|
|
}
|
|
|
|
static int
|
|
loop_set_status64(struct loop_device *lo, const struct loop_info64 __user *arg)
|
|
{
|
|
struct loop_info64 info64;
|
|
|
|
if (copy_from_user(&info64, arg, sizeof (struct loop_info64)))
|
|
return -EFAULT;
|
|
return loop_set_status(lo, &info64);
|
|
}
|
|
|
|
static int
|
|
loop_get_status_old(struct loop_device *lo, struct loop_info __user *arg) {
|
|
struct loop_info info;
|
|
struct loop_info64 info64;
|
|
int err = 0;
|
|
|
|
if (!arg)
|
|
err = -EINVAL;
|
|
if (!err)
|
|
err = loop_get_status(lo, &info64);
|
|
if (!err)
|
|
err = loop_info64_to_old(&info64, &info);
|
|
if (!err && copy_to_user(arg, &info, sizeof(info)))
|
|
err = -EFAULT;
|
|
|
|
return err;
|
|
}
|
|
|
|
static int
|
|
loop_get_status64(struct loop_device *lo, struct loop_info64 __user *arg) {
|
|
struct loop_info64 info64;
|
|
int err = 0;
|
|
|
|
if (!arg)
|
|
err = -EINVAL;
|
|
if (!err)
|
|
err = loop_get_status(lo, &info64);
|
|
if (!err && copy_to_user(arg, &info64, sizeof(info64)))
|
|
err = -EFAULT;
|
|
|
|
return err;
|
|
}
|
|
|
|
static int loop_set_capacity(struct loop_device *lo, struct block_device *bdev)
|
|
{
|
|
int err;
|
|
sector_t sec;
|
|
loff_t sz;
|
|
|
|
err = -ENXIO;
|
|
if (unlikely(lo->lo_state != Lo_bound))
|
|
goto out;
|
|
err = figure_loop_size(lo);
|
|
if (unlikely(err))
|
|
goto out;
|
|
sec = get_capacity(lo->lo_disk);
|
|
/* the width of sector_t may be narrow for bit-shift */
|
|
sz = sec;
|
|
sz <<= 9;
|
|
mutex_lock(&bdev->bd_mutex);
|
|
bd_set_size(bdev, sz);
|
|
mutex_unlock(&bdev->bd_mutex);
|
|
|
|
out:
|
|
return err;
|
|
}
|
|
|
|
static int lo_ioctl(struct block_device *bdev, fmode_t mode,
|
|
unsigned int cmd, unsigned long arg)
|
|
{
|
|
struct loop_device *lo = bdev->bd_disk->private_data;
|
|
int err;
|
|
|
|
mutex_lock_nested(&lo->lo_ctl_mutex, 1);
|
|
switch (cmd) {
|
|
case LOOP_SET_FD:
|
|
err = loop_set_fd(lo, mode, bdev, arg);
|
|
break;
|
|
case LOOP_CHANGE_FD:
|
|
err = loop_change_fd(lo, bdev, arg);
|
|
break;
|
|
case LOOP_CLR_FD:
|
|
/* loop_clr_fd would have unlocked lo_ctl_mutex on success */
|
|
err = loop_clr_fd(lo, bdev);
|
|
if (!err)
|
|
goto out_unlocked;
|
|
break;
|
|
case LOOP_SET_STATUS:
|
|
err = loop_set_status_old(lo, (struct loop_info __user *) arg);
|
|
break;
|
|
case LOOP_GET_STATUS:
|
|
err = loop_get_status_old(lo, (struct loop_info __user *) arg);
|
|
break;
|
|
case LOOP_SET_STATUS64:
|
|
err = loop_set_status64(lo, (struct loop_info64 __user *) arg);
|
|
break;
|
|
case LOOP_GET_STATUS64:
|
|
err = loop_get_status64(lo, (struct loop_info64 __user *) arg);
|
|
break;
|
|
case LOOP_SET_CAPACITY:
|
|
err = -EPERM;
|
|
if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN))
|
|
err = loop_set_capacity(lo, bdev);
|
|
break;
|
|
default:
|
|
err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL;
|
|
}
|
|
mutex_unlock(&lo->lo_ctl_mutex);
|
|
|
|
out_unlocked:
|
|
return err;
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
struct compat_loop_info {
|
|
compat_int_t lo_number; /* ioctl r/o */
|
|
compat_dev_t lo_device; /* ioctl r/o */
|
|
compat_ulong_t lo_inode; /* ioctl r/o */
|
|
compat_dev_t lo_rdevice; /* ioctl r/o */
|
|
compat_int_t lo_offset;
|
|
compat_int_t lo_encrypt_type;
|
|
compat_int_t lo_encrypt_key_size; /* ioctl w/o */
|
|
compat_int_t lo_flags; /* ioctl r/o */
|
|
char lo_name[LO_NAME_SIZE];
|
|
unsigned char lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */
|
|
compat_ulong_t lo_init[2];
|
|
char reserved[4];
|
|
};
|
|
|
|
/*
|
|
* Transfer 32-bit compatibility structure in userspace to 64-bit loop info
|
|
* - noinlined to reduce stack space usage in main part of driver
|
|
*/
|
|
static noinline int
|
|
loop_info64_from_compat(const struct compat_loop_info __user *arg,
|
|
struct loop_info64 *info64)
|
|
{
|
|
struct compat_loop_info info;
|
|
|
|
if (copy_from_user(&info, arg, sizeof(info)))
|
|
return -EFAULT;
|
|
|
|
memset(info64, 0, sizeof(*info64));
|
|
info64->lo_number = info.lo_number;
|
|
info64->lo_device = info.lo_device;
|
|
info64->lo_inode = info.lo_inode;
|
|
info64->lo_rdevice = info.lo_rdevice;
|
|
info64->lo_offset = info.lo_offset;
|
|
info64->lo_sizelimit = 0;
|
|
info64->lo_encrypt_type = info.lo_encrypt_type;
|
|
info64->lo_encrypt_key_size = info.lo_encrypt_key_size;
|
|
info64->lo_flags = info.lo_flags;
|
|
info64->lo_init[0] = info.lo_init[0];
|
|
info64->lo_init[1] = info.lo_init[1];
|
|
if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
|
|
memcpy(info64->lo_crypt_name, info.lo_name, LO_NAME_SIZE);
|
|
else
|
|
memcpy(info64->lo_file_name, info.lo_name, LO_NAME_SIZE);
|
|
memcpy(info64->lo_encrypt_key, info.lo_encrypt_key, LO_KEY_SIZE);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Transfer 64-bit loop info to 32-bit compatibility structure in userspace
|
|
* - noinlined to reduce stack space usage in main part of driver
|
|
*/
|
|
static noinline int
|
|
loop_info64_to_compat(const struct loop_info64 *info64,
|
|
struct compat_loop_info __user *arg)
|
|
{
|
|
struct compat_loop_info info;
|
|
|
|
memset(&info, 0, sizeof(info));
|
|
info.lo_number = info64->lo_number;
|
|
info.lo_device = info64->lo_device;
|
|
info.lo_inode = info64->lo_inode;
|
|
info.lo_rdevice = info64->lo_rdevice;
|
|
info.lo_offset = info64->lo_offset;
|
|
info.lo_encrypt_type = info64->lo_encrypt_type;
|
|
info.lo_encrypt_key_size = info64->lo_encrypt_key_size;
|
|
info.lo_flags = info64->lo_flags;
|
|
info.lo_init[0] = info64->lo_init[0];
|
|
info.lo_init[1] = info64->lo_init[1];
|
|
if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
|
|
memcpy(info.lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
|
|
else
|
|
memcpy(info.lo_name, info64->lo_file_name, LO_NAME_SIZE);
|
|
memcpy(info.lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
|
|
|
|
/* error in case values were truncated */
|
|
if (info.lo_device != info64->lo_device ||
|
|
info.lo_rdevice != info64->lo_rdevice ||
|
|
info.lo_inode != info64->lo_inode ||
|
|
info.lo_offset != info64->lo_offset ||
|
|
info.lo_init[0] != info64->lo_init[0] ||
|
|
info.lo_init[1] != info64->lo_init[1])
|
|
return -EOVERFLOW;
|
|
|
|
if (copy_to_user(arg, &info, sizeof(info)))
|
|
return -EFAULT;
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
loop_set_status_compat(struct loop_device *lo,
|
|
const struct compat_loop_info __user *arg)
|
|
{
|
|
struct loop_info64 info64;
|
|
int ret;
|
|
|
|
ret = loop_info64_from_compat(arg, &info64);
|
|
if (ret < 0)
|
|
return ret;
|
|
return loop_set_status(lo, &info64);
|
|
}
|
|
|
|
static int
|
|
loop_get_status_compat(struct loop_device *lo,
|
|
struct compat_loop_info __user *arg)
|
|
{
|
|
struct loop_info64 info64;
|
|
int err = 0;
|
|
|
|
if (!arg)
|
|
err = -EINVAL;
|
|
if (!err)
|
|
err = loop_get_status(lo, &info64);
|
|
if (!err)
|
|
err = loop_info64_to_compat(&info64, arg);
|
|
return err;
|
|
}
|
|
|
|
static int lo_compat_ioctl(struct block_device *bdev, fmode_t mode,
|
|
unsigned int cmd, unsigned long arg)
|
|
{
|
|
struct loop_device *lo = bdev->bd_disk->private_data;
|
|
int err;
|
|
|
|
switch(cmd) {
|
|
case LOOP_SET_STATUS:
|
|
mutex_lock(&lo->lo_ctl_mutex);
|
|
err = loop_set_status_compat(
|
|
lo, (const struct compat_loop_info __user *) arg);
|
|
mutex_unlock(&lo->lo_ctl_mutex);
|
|
break;
|
|
case LOOP_GET_STATUS:
|
|
mutex_lock(&lo->lo_ctl_mutex);
|
|
err = loop_get_status_compat(
|
|
lo, (struct compat_loop_info __user *) arg);
|
|
mutex_unlock(&lo->lo_ctl_mutex);
|
|
break;
|
|
case LOOP_SET_CAPACITY:
|
|
case LOOP_CLR_FD:
|
|
case LOOP_GET_STATUS64:
|
|
case LOOP_SET_STATUS64:
|
|
arg = (unsigned long) compat_ptr(arg);
|
|
case LOOP_SET_FD:
|
|
case LOOP_CHANGE_FD:
|
|
err = lo_ioctl(bdev, mode, cmd, arg);
|
|
break;
|
|
default:
|
|
err = -ENOIOCTLCMD;
|
|
break;
|
|
}
|
|
return err;
|
|
}
|
|
#endif
|
|
|
|
static int lo_open(struct block_device *bdev, fmode_t mode)
|
|
{
|
|
struct loop_device *lo = bdev->bd_disk->private_data;
|
|
|
|
mutex_lock(&lo->lo_ctl_mutex);
|
|
lo->lo_refcnt++;
|
|
mutex_unlock(&lo->lo_ctl_mutex);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int lo_release(struct gendisk *disk, fmode_t mode)
|
|
{
|
|
struct loop_device *lo = disk->private_data;
|
|
int err;
|
|
|
|
mutex_lock(&lo->lo_ctl_mutex);
|
|
|
|
if (--lo->lo_refcnt)
|
|
goto out;
|
|
|
|
if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) {
|
|
/*
|
|
* In autoclear mode, stop the loop thread
|
|
* and remove configuration after last close.
|
|
*/
|
|
err = loop_clr_fd(lo, NULL);
|
|
if (!err)
|
|
goto out_unlocked;
|
|
} else {
|
|
/*
|
|
* Otherwise keep thread (if running) and config,
|
|
* but flush possible ongoing bios in thread.
|
|
*/
|
|
loop_flush(lo);
|
|
}
|
|
|
|
out:
|
|
mutex_unlock(&lo->lo_ctl_mutex);
|
|
out_unlocked:
|
|
return 0;
|
|
}
|
|
|
|
static const struct block_device_operations lo_fops = {
|
|
.owner = THIS_MODULE,
|
|
.open = lo_open,
|
|
.release = lo_release,
|
|
.ioctl = lo_ioctl,
|
|
#ifdef CONFIG_COMPAT
|
|
.compat_ioctl = lo_compat_ioctl,
|
|
#endif
|
|
};
|
|
|
|
/*
|
|
* And now the modules code and kernel interface.
|
|
*/
|
|
static int max_loop;
|
|
module_param(max_loop, int, 0);
|
|
MODULE_PARM_DESC(max_loop, "Maximum number of loop devices");
|
|
module_param(max_part, int, 0);
|
|
MODULE_PARM_DESC(max_part, "Maximum number of partitions per loop device");
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_ALIAS_BLOCKDEV_MAJOR(LOOP_MAJOR);
|
|
|
|
int loop_register_transfer(struct loop_func_table *funcs)
|
|
{
|
|
unsigned int n = funcs->number;
|
|
|
|
if (n >= MAX_LO_CRYPT || xfer_funcs[n])
|
|
return -EINVAL;
|
|
xfer_funcs[n] = funcs;
|
|
return 0;
|
|
}
|
|
|
|
int loop_unregister_transfer(int number)
|
|
{
|
|
unsigned int n = number;
|
|
struct loop_device *lo;
|
|
struct loop_func_table *xfer;
|
|
|
|
if (n == 0 || n >= MAX_LO_CRYPT || (xfer = xfer_funcs[n]) == NULL)
|
|
return -EINVAL;
|
|
|
|
xfer_funcs[n] = NULL;
|
|
|
|
list_for_each_entry(lo, &loop_devices, lo_list) {
|
|
mutex_lock(&lo->lo_ctl_mutex);
|
|
|
|
if (lo->lo_encryption == xfer)
|
|
loop_release_xfer(lo);
|
|
|
|
mutex_unlock(&lo->lo_ctl_mutex);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
EXPORT_SYMBOL(loop_register_transfer);
|
|
EXPORT_SYMBOL(loop_unregister_transfer);
|
|
|
|
static struct loop_device *loop_alloc(int i)
|
|
{
|
|
struct loop_device *lo;
|
|
struct gendisk *disk;
|
|
|
|
lo = kzalloc(sizeof(*lo), GFP_KERNEL);
|
|
if (!lo)
|
|
goto out;
|
|
|
|
lo->lo_queue = blk_alloc_queue(GFP_KERNEL);
|
|
if (!lo->lo_queue)
|
|
goto out_free_dev;
|
|
|
|
disk = lo->lo_disk = alloc_disk(1 << part_shift);
|
|
if (!disk)
|
|
goto out_free_queue;
|
|
|
|
mutex_init(&lo->lo_ctl_mutex);
|
|
lo->lo_number = i;
|
|
lo->lo_thread = NULL;
|
|
init_waitqueue_head(&lo->lo_event);
|
|
spin_lock_init(&lo->lo_lock);
|
|
disk->major = LOOP_MAJOR;
|
|
disk->first_minor = i << part_shift;
|
|
disk->fops = &lo_fops;
|
|
disk->private_data = lo;
|
|
disk->queue = lo->lo_queue;
|
|
sprintf(disk->disk_name, "loop%d", i);
|
|
return lo;
|
|
|
|
out_free_queue:
|
|
blk_cleanup_queue(lo->lo_queue);
|
|
out_free_dev:
|
|
kfree(lo);
|
|
out:
|
|
return NULL;
|
|
}
|
|
|
|
static void loop_free(struct loop_device *lo)
|
|
{
|
|
blk_cleanup_queue(lo->lo_queue);
|
|
put_disk(lo->lo_disk);
|
|
list_del(&lo->lo_list);
|
|
kfree(lo);
|
|
}
|
|
|
|
static struct loop_device *loop_init_one(int i)
|
|
{
|
|
struct loop_device *lo;
|
|
|
|
list_for_each_entry(lo, &loop_devices, lo_list) {
|
|
if (lo->lo_number == i)
|
|
return lo;
|
|
}
|
|
|
|
lo = loop_alloc(i);
|
|
if (lo) {
|
|
add_disk(lo->lo_disk);
|
|
list_add_tail(&lo->lo_list, &loop_devices);
|
|
}
|
|
return lo;
|
|
}
|
|
|
|
static void loop_del_one(struct loop_device *lo)
|
|
{
|
|
del_gendisk(lo->lo_disk);
|
|
loop_free(lo);
|
|
}
|
|
|
|
static struct kobject *loop_probe(dev_t dev, int *part, void *data)
|
|
{
|
|
struct loop_device *lo;
|
|
struct kobject *kobj;
|
|
|
|
mutex_lock(&loop_devices_mutex);
|
|
lo = loop_init_one(dev & MINORMASK);
|
|
kobj = lo ? get_disk(lo->lo_disk) : ERR_PTR(-ENOMEM);
|
|
mutex_unlock(&loop_devices_mutex);
|
|
|
|
*part = 0;
|
|
return kobj;
|
|
}
|
|
|
|
static int __init loop_init(void)
|
|
{
|
|
int i, nr;
|
|
unsigned long range;
|
|
struct loop_device *lo, *next;
|
|
|
|
/*
|
|
* loop module now has a feature to instantiate underlying device
|
|
* structure on-demand, provided that there is an access dev node.
|
|
* However, this will not work well with user space tool that doesn't
|
|
* know about such "feature". In order to not break any existing
|
|
* tool, we do the following:
|
|
*
|
|
* (1) if max_loop is specified, create that many upfront, and this
|
|
* also becomes a hard limit.
|
|
* (2) if max_loop is not specified, create 8 loop device on module
|
|
* load, user can further extend loop device by create dev node
|
|
* themselves and have kernel automatically instantiate actual
|
|
* device on-demand.
|
|
*/
|
|
|
|
part_shift = 0;
|
|
if (max_part > 0)
|
|
part_shift = fls(max_part);
|
|
|
|
if (max_loop > 1UL << (MINORBITS - part_shift))
|
|
return -EINVAL;
|
|
|
|
if (max_loop) {
|
|
nr = max_loop;
|
|
range = max_loop;
|
|
} else {
|
|
nr = 8;
|
|
range = 1UL << (MINORBITS - part_shift);
|
|
}
|
|
|
|
if (register_blkdev(LOOP_MAJOR, "loop"))
|
|
return -EIO;
|
|
|
|
for (i = 0; i < nr; i++) {
|
|
lo = loop_alloc(i);
|
|
if (!lo)
|
|
goto Enomem;
|
|
list_add_tail(&lo->lo_list, &loop_devices);
|
|
}
|
|
|
|
/* point of no return */
|
|
|
|
list_for_each_entry(lo, &loop_devices, lo_list)
|
|
add_disk(lo->lo_disk);
|
|
|
|
blk_register_region(MKDEV(LOOP_MAJOR, 0), range,
|
|
THIS_MODULE, loop_probe, NULL, NULL);
|
|
|
|
printk(KERN_INFO "loop: module loaded\n");
|
|
return 0;
|
|
|
|
Enomem:
|
|
printk(KERN_INFO "loop: out of memory\n");
|
|
|
|
list_for_each_entry_safe(lo, next, &loop_devices, lo_list)
|
|
loop_free(lo);
|
|
|
|
unregister_blkdev(LOOP_MAJOR, "loop");
|
|
return -ENOMEM;
|
|
}
|
|
|
|
static void __exit loop_exit(void)
|
|
{
|
|
unsigned long range;
|
|
struct loop_device *lo, *next;
|
|
|
|
range = max_loop ? max_loop : 1UL << (MINORBITS - part_shift);
|
|
|
|
list_for_each_entry_safe(lo, next, &loop_devices, lo_list)
|
|
loop_del_one(lo);
|
|
|
|
blk_unregister_region(MKDEV(LOOP_MAJOR, 0), range);
|
|
unregister_blkdev(LOOP_MAJOR, "loop");
|
|
}
|
|
|
|
module_init(loop_init);
|
|
module_exit(loop_exit);
|
|
|
|
#ifndef MODULE
|
|
static int __init max_loop_setup(char *str)
|
|
{
|
|
max_loop = simple_strtol(str, NULL, 0);
|
|
return 1;
|
|
}
|
|
|
|
__setup("max_loop=", max_loop_setup);
|
|
#endif
|