linux/drivers/block/loop.c
<<
>>
Prefs
   1/*
   2 *  linux/drivers/block/loop.c
   3 *
   4 *  Written by Theodore Ts'o, 3/29/93
   5 *
   6 * Copyright 1993 by Theodore Ts'o.  Redistribution of this file is
   7 * permitted under the GNU General Public License.
   8 *
   9 * DES encryption plus some minor changes by Werner Almesberger, 30-MAY-1993
  10 * more DES encryption plus IDEA encryption by Nicholas J. Leon, June 20, 1996
  11 *
  12 * Modularized and updated for 1.1.16 kernel - Mitch Dsouza 28th May 1994
  13 * Adapted for 1.3.59 kernel - Andries Brouwer, 1 Feb 1996
  14 *
  15 * Fixed do_loop_request() re-entrancy - Vincent.Renardias@waw.com Mar 20, 1997
  16 *
  17 * Added devfs support - Richard Gooch <rgooch@atnf.csiro.au> 16-Jan-1998
  18 *
  19 * Handle sparse backing files correctly - Kenn Humborg, Jun 28, 1998
  20 *
  21 * Loadable modules and other fixes by AK, 1998
  22 *
  23 * Make real block number available to downstream transfer functions, enables
  24 * CBC (and relatives) mode encryption requiring unique IVs per data block.
  25 * Reed H. Petty, rhp@draper.net
  26 *
  27 * Maximum number of loop devices now dynamic via max_loop module parameter.
  28 * Russell Kroll <rkroll@exploits.org> 19990701
  29 *
  30 * Maximum number of loop devices when compiled-in now selectable by passing
  31 * max_loop=<1-255> to the kernel on boot.
  32 * Erik I. Bols\xC3\xB8, <eriki@himolde.no>, Oct 31, 1999
  33 *
  34 * Completely rewrite request handling to be make_request_fn style and
  35 * non blocking, pushing work to a helper thread. Lots of fixes from
  36 * Al Viro too.
  37 * Jens Axboe <axboe@suse.de>, Nov 2000
  38 *
  39 * Support up to 256 loop devices
  40 * Heinz Mauelshagen <mge@sistina.com>, Feb 2002
  41 *
  42 * Support for falling back on the write file operation when the address space
  43 * operations write_begin is not available on the backing filesystem.
  44 * Anton Altaparmakov, 16 Feb 2005
  45 *
  46 * Still To Fix:
  47 * - Advisory locking is ignored here.
  48 * - Should use an own CAP_* category instead of CAP_SYS_ADMIN
  49 *
  50 */
  51
  52#include <linux/module.h>
  53#include <linux/moduleparam.h>
  54#include <linux/sched.h>
  55#include <linux/fs.h>
  56#include <linux/file.h>
  57#include <linux/stat.h>
  58#include <linux/errno.h>
  59#include <linux/major.h>
  60#include <linux/wait.h>
  61#include <linux/blkdev.h>
  62#include <linux/blkpg.h>
  63#include <linux/init.h>
  64#include <linux/swap.h>
  65#include <linux/slab.h>
  66#include <linux/compat.h>
  67#include <linux/suspend.h>
  68#include <linux/freezer.h>
  69#include <linux/mutex.h>
  70#include <linux/writeback.h>
  71#include <linux/completion.h>
  72#include <linux/highmem.h>
  73#include <linux/kthread.h>
  74#include <linux/splice.h>
  75#include <linux/sysfs.h>
  76#include <linux/miscdevice.h>
  77#include <linux/falloc.h>
  78#include <linux/uio.h>
  79#include "loop.h"
  80
  81#include <linux/uaccess.h>
  82
  83static DEFINE_IDR(loop_index_idr);
  84static DEFINE_MUTEX(loop_index_mutex);
  85
  86static int max_part;
  87static int part_shift;
  88
  89static int transfer_xor(struct loop_device *lo, int cmd,
  90                        struct page *raw_page, unsigned raw_off,
  91                        struct page *loop_page, unsigned loop_off,
  92                        int size, sector_t real_block)
  93{
  94        char *raw_buf = kmap_atomic(raw_page) + raw_off;
  95        char *loop_buf = kmap_atomic(loop_page) + loop_off;
  96        char *in, *out, *key;
  97        int i, keysize;
  98
  99        if (cmd == READ) {
 100                in = raw_buf;
 101                out = loop_buf;
 102        } else {
 103                in = loop_buf;
 104                out = raw_buf;
 105        }
 106
 107        key = lo->lo_encrypt_key;
 108        keysize = lo->lo_encrypt_key_size;
 109        for (i = 0; i < size; i++)
 110                *out++ = *in++ ^ key[(i & 511) % keysize];
 111
 112        kunmap_atomic(loop_buf);
 113        kunmap_atomic(raw_buf);
 114        cond_resched();
 115        return 0;
 116}
 117
 118static int xor_init(struct loop_device *lo, const struct loop_info64 *info)
 119{
 120        if (unlikely(info->lo_encrypt_key_size <= 0))
 121                return -EINVAL;
 122        return 0;
 123}
 124
 125static struct loop_func_table none_funcs = {
 126        .number = LO_CRYPT_NONE,
 127}; 
 128
 129static struct loop_func_table xor_funcs = {
 130        .number = LO_CRYPT_XOR,
 131        .transfer = transfer_xor,
 132        .init = xor_init
 133}; 
 134
 135/* xfer_funcs[0] is special - its release function is never called */
 136static struct loop_func_table *xfer_funcs[MAX_LO_CRYPT] = {
 137        &none_funcs,
 138        &xor_funcs
 139};
 140
 141static loff_t get_size(loff_t offset, loff_t sizelimit, struct file *file)
 142{
 143        loff_t loopsize;
 144
 145        /* Compute loopsize in bytes */
 146        loopsize = i_size_read(file->f_mapping->host);
 147        if (offset > 0)
 148                loopsize -= offset;
 149        /* offset is beyond i_size, weird but possible */
 150        if (loopsize < 0)
 151                return 0;
 152
 153        if (sizelimit > 0 && sizelimit < loopsize)
 154                loopsize = sizelimit;
 155        /*
 156         * Unfortunately, if we want to do I/O on the device,
 157         * the number of 512-byte sectors has to fit into a sector_t.
 158         */
 159        return loopsize >> 9;
 160}
 161
 162static loff_t get_loop_size(struct loop_device *lo, struct file *file)
 163{
 164        return get_size(lo->lo_offset, lo->lo_sizelimit, file);
 165}
 166
 167static void __loop_update_dio(struct loop_device *lo, bool dio)
 168{
 169        struct file *file = lo->lo_backing_file;
 170        struct address_space *mapping = file->f_mapping;
 171        struct inode *inode = mapping->host;
 172        unsigned short sb_bsize = 0;
 173        unsigned dio_align = 0;
 174        bool use_dio;
 175
 176        if (inode->i_sb->s_bdev) {
 177                sb_bsize = bdev_logical_block_size(inode->i_sb->s_bdev);
 178                dio_align = sb_bsize - 1;
 179        }
 180
 181        /*
 182         * We support direct I/O only if lo_offset is aligned with the
 183         * logical I/O size of backing device, and the logical block
 184         * size of loop is bigger than the backing device's and the loop
 185         * needn't transform transfer.
 186         *
 187         * TODO: the above condition may be loosed in the future, and
 188         * direct I/O may be switched runtime at that time because most
 189         * of requests in sane applications should be PAGE_SIZE aligned
 190         */
 191        if (dio) {
 192                if (queue_logical_block_size(lo->lo_queue) >= sb_bsize &&
 193                                !(lo->lo_offset & dio_align) &&
 194                                mapping->a_ops->direct_IO &&
 195                                !lo->transfer)
 196                        use_dio = true;
 197                else
 198                        use_dio = false;
 199        } else {
 200                use_dio = false;
 201        }
 202
 203        if (lo->use_dio == use_dio)
 204                return;
 205
 206        /* flush dirty pages before changing direct IO */
 207        vfs_fsync(file, 0);
 208
 209        /*
 210         * The flag of LO_FLAGS_DIRECT_IO is handled similarly with
 211         * LO_FLAGS_READ_ONLY, both are set from kernel, and losetup
 212         * will get updated by ioctl(LOOP_GET_STATUS)
 213         */
 214        blk_mq_freeze_queue(lo->lo_queue);
 215        lo->use_dio = use_dio;
 216        if (use_dio) {
 217                queue_flag_clear_unlocked(QUEUE_FLAG_NOMERGES, lo->lo_queue);
 218                lo->lo_flags |= LO_FLAGS_DIRECT_IO;
 219        } else {
 220                queue_flag_set_unlocked(QUEUE_FLAG_NOMERGES, lo->lo_queue);
 221                lo->lo_flags &= ~LO_FLAGS_DIRECT_IO;
 222        }
 223        blk_mq_unfreeze_queue(lo->lo_queue);
 224}
 225
 226static int
 227figure_loop_size(struct loop_device *lo, loff_t offset, loff_t sizelimit)
 228{
 229        loff_t size = get_size(offset, sizelimit, lo->lo_backing_file);
 230        sector_t x = (sector_t)size;
 231        struct block_device *bdev = lo->lo_device;
 232
 233        if (unlikely((loff_t)x != size))
 234                return -EFBIG;
 235        if (lo->lo_offset != offset)
 236                lo->lo_offset = offset;
 237        if (lo->lo_sizelimit != sizelimit)
 238                lo->lo_sizelimit = sizelimit;
 239        set_capacity(lo->lo_disk, x);
 240        bd_set_size(bdev, (loff_t)get_capacity(bdev->bd_disk) << 9);
 241        /* let user-space know about the new size */
 242        kobject_uevent(&disk_to_dev(bdev->bd_disk)->kobj, KOBJ_CHANGE);
 243        return 0;
 244}
 245
 246static inline int
 247lo_do_transfer(struct loop_device *lo, int cmd,
 248               struct page *rpage, unsigned roffs,
 249               struct page *lpage, unsigned loffs,
 250               int size, sector_t rblock)
 251{
 252        int ret;
 253
 254        ret = lo->transfer(lo, cmd, rpage, roffs, lpage, loffs, size, rblock);
 255        if (likely(!ret))
 256                return 0;
 257
 258        printk_ratelimited(KERN_ERR
 259                "loop: Transfer error at byte offset %llu, length %i.\n",
 260                (unsigned long long)rblock << 9, size);
 261        return ret;
 262}
 263
 264static int lo_write_bvec(struct file *file, struct bio_vec *bvec, loff_t *ppos)
 265{
 266        struct iov_iter i;
 267        ssize_t bw;
 268
 269        iov_iter_bvec(&i, ITER_BVEC | WRITE, bvec, 1, bvec->bv_len);
 270
 271        file_start_write(file);
 272        bw = vfs_iter_write(file, &i, ppos, 0);
 273        file_end_write(file);
 274
 275        if (likely(bw ==  bvec->bv_len))
 276                return 0;
 277
 278        printk_ratelimited(KERN_ERR
 279                "loop: Write error at byte offset %llu, length %i.\n",
 280                (unsigned long long)*ppos, bvec->bv_len);
 281        if (bw >= 0)
 282                bw = -EIO;
 283        return bw;
 284}
 285
 286static int lo_write_simple(struct loop_device *lo, struct request *rq,
 287                loff_t pos)
 288{
 289        struct bio_vec bvec;
 290        struct req_iterator iter;
 291        int ret = 0;
 292
 293        rq_for_each_segment(bvec, rq, iter) {
 294                ret = lo_write_bvec(lo->lo_backing_file, &bvec, &pos);
 295                if (ret < 0)
 296                        break;
 297                cond_resched();
 298        }
 299
 300        return ret;
 301}
 302
 303/*
 304 * This is the slow, transforming version that needs to double buffer the
 305 * data as it cannot do the transformations in place without having direct
 306 * access to the destination pages of the backing file.
 307 */
 308static int lo_write_transfer(struct loop_device *lo, struct request *rq,
 309                loff_t pos)
 310{
 311        struct bio_vec bvec, b;
 312        struct req_iterator iter;
 313        struct page *page;
 314        int ret = 0;
 315
 316        page = alloc_page(GFP_NOIO);
 317        if (unlikely(!page))
 318                return -ENOMEM;
 319
 320        rq_for_each_segment(bvec, rq, iter) {
 321                ret = lo_do_transfer(lo, WRITE, page, 0, bvec.bv_page,
 322                        bvec.bv_offset, bvec.bv_len, pos >> 9);
 323                if (unlikely(ret))
 324                        break;
 325
 326                b.bv_page = page;
 327                b.bv_offset = 0;
 328                b.bv_len = bvec.bv_len;
 329                ret = lo_write_bvec(lo->lo_backing_file, &b, &pos);
 330                if (ret < 0)
 331                        break;
 332        }
 333
 334        __free_page(page);
 335        return ret;
 336}
 337
 338static int lo_read_simple(struct loop_device *lo, struct request *rq,
 339                loff_t pos)
 340{
 341        struct bio_vec bvec;
 342        struct req_iterator iter;
 343        struct iov_iter i;
 344        ssize_t len;
 345
 346        rq_for_each_segment(bvec, rq, iter) {
 347                iov_iter_bvec(&i, ITER_BVEC, &bvec, 1, bvec.bv_len);
 348                len = vfs_iter_read(lo->lo_backing_file, &i, &pos, 0);
 349                if (len < 0)
 350                        return len;
 351
 352                flush_dcache_page(bvec.bv_page);
 353
 354                if (len != bvec.bv_len) {
 355                        struct bio *bio;
 356
 357                        __rq_for_each_bio(bio, rq)
 358                                zero_fill_bio(bio);
 359                        break;
 360                }
 361                cond_resched();
 362        }
 363
 364        return 0;
 365}
 366
 367static int lo_read_transfer(struct loop_device *lo, struct request *rq,
 368                loff_t pos)
 369{
 370        struct bio_vec bvec, b;
 371        struct req_iterator iter;
 372        struct iov_iter i;
 373        struct page *page;
 374        ssize_t len;
 375        int ret = 0;
 376
 377        page = alloc_page(GFP_NOIO);
 378        if (unlikely(!page))
 379                return -ENOMEM;
 380
 381        rq_for_each_segment(bvec, rq, iter) {
 382                loff_t offset = pos;
 383
 384                b.bv_page = page;
 385                b.bv_offset = 0;
 386                b.bv_len = bvec.bv_len;
 387
 388                iov_iter_bvec(&i, ITER_BVEC, &b, 1, b.bv_len);
 389                len = vfs_iter_read(lo->lo_backing_file, &i, &pos, 0);
 390                if (len < 0) {
 391                        ret = len;
 392                        goto out_free_page;
 393                }
 394
 395                ret = lo_do_transfer(lo, READ, page, 0, bvec.bv_page,
 396                        bvec.bv_offset, len, offset >> 9);
 397                if (ret)
 398                        goto out_free_page;
 399
 400                flush_dcache_page(bvec.bv_page);
 401
 402                if (len != bvec.bv_len) {
 403                        struct bio *bio;
 404
 405                        __rq_for_each_bio(bio, rq)
 406                                zero_fill_bio(bio);
 407                        break;
 408                }
 409        }
 410
 411        ret = 0;
 412out_free_page:
 413        __free_page(page);
 414        return ret;
 415}
 416
 417static int lo_discard(struct loop_device *lo, struct request *rq, loff_t pos)
 418{
 419        /*
 420         * We use punch hole to reclaim the free space used by the
 421         * image a.k.a. discard. However we do not support discard if
 422         * encryption is enabled, because it may give an attacker
 423         * useful information.
 424         */
 425        struct file *file = lo->lo_backing_file;
 426        int mode = FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE;
 427        int ret;
 428
 429        if ((!file->f_op->fallocate) || lo->lo_encrypt_key_size) {
 430                ret = -EOPNOTSUPP;
 431                goto out;
 432        }
 433
 434        ret = file->f_op->fallocate(file, mode, pos, blk_rq_bytes(rq));
 435        if (unlikely(ret && ret != -EINVAL && ret != -EOPNOTSUPP))
 436                ret = -EIO;
 437 out:
 438        return ret;
 439}
 440
 441static int lo_req_flush(struct loop_device *lo, struct request *rq)
 442{
 443        struct file *file = lo->lo_backing_file;
 444        int ret = vfs_fsync(file, 0);
 445        if (unlikely(ret && ret != -EINVAL))
 446                ret = -EIO;
 447
 448        return ret;
 449}
 450
 451static void lo_complete_rq(struct request *rq)
 452{
 453        struct loop_cmd *cmd = blk_mq_rq_to_pdu(rq);
 454
 455        if (unlikely(req_op(cmd->rq) == REQ_OP_READ && cmd->use_aio &&
 456                     cmd->ret >= 0 && cmd->ret < blk_rq_bytes(cmd->rq))) {
 457                struct bio *bio = cmd->rq->bio;
 458
 459                bio_advance(bio, cmd->ret);
 460                zero_fill_bio(bio);
 461        }
 462
 463        blk_mq_end_request(rq, cmd->ret < 0 ? BLK_STS_IOERR : BLK_STS_OK);
 464}
 465
 466static void lo_rw_aio_do_completion(struct loop_cmd *cmd)
 467{
 468        if (!atomic_dec_and_test(&cmd->ref))
 469                return;
 470        kfree(cmd->bvec);
 471        cmd->bvec = NULL;
 472        blk_mq_complete_request(cmd->rq);
 473}
 474
 475static void lo_rw_aio_complete(struct kiocb *iocb, long ret, long ret2)
 476{
 477        struct loop_cmd *cmd = container_of(iocb, struct loop_cmd, iocb);
 478
 479        if (cmd->css)
 480                css_put(cmd->css);
 481        cmd->ret = ret;
 482        lo_rw_aio_do_completion(cmd);
 483}
 484
 485static int lo_rw_aio(struct loop_device *lo, struct loop_cmd *cmd,
 486                     loff_t pos, bool rw)
 487{
 488        struct iov_iter iter;
 489        struct bio_vec *bvec;
 490        struct request *rq = cmd->rq;
 491        struct bio *bio = rq->bio;
 492        struct file *file = lo->lo_backing_file;
 493        unsigned int offset;
 494        int segments = 0;
 495        int ret;
 496
 497        if (rq->bio != rq->biotail) {
 498                struct req_iterator iter;
 499                struct bio_vec tmp;
 500
 501                __rq_for_each_bio(bio, rq)
 502                        segments += bio_segments(bio);
 503                bvec = kmalloc(sizeof(struct bio_vec) * segments, GFP_NOIO);
 504                if (!bvec)
 505                        return -EIO;
 506                cmd->bvec = bvec;
 507
 508                /*
 509                 * The bios of the request may be started from the middle of
 510                 * the 'bvec' because of bio splitting, so we can't directly
 511                 * copy bio->bi_iov_vec to new bvec. The rq_for_each_segment
 512                 * API will take care of all details for us.
 513                 */
 514                rq_for_each_segment(tmp, rq, iter) {
 515                        *bvec = tmp;
 516                        bvec++;
 517                }
 518                bvec = cmd->bvec;
 519                offset = 0;
 520        } else {
 521                /*
 522                 * Same here, this bio may be started from the middle of the
 523                 * 'bvec' because of bio splitting, so offset from the bvec
 524                 * must be passed to iov iterator
 525                 */
 526                offset = bio->bi_iter.bi_bvec_done;
 527                bvec = __bvec_iter_bvec(bio->bi_io_vec, bio->bi_iter);
 528                segments = bio_segments(bio);
 529        }
 530        atomic_set(&cmd->ref, 2);
 531
 532        iov_iter_bvec(&iter, ITER_BVEC | rw, bvec,
 533                      segments, blk_rq_bytes(rq));
 534        iter.iov_offset = offset;
 535
 536        cmd->iocb.ki_pos = pos;
 537        cmd->iocb.ki_filp = file;
 538        cmd->iocb.ki_complete = lo_rw_aio_complete;
 539        cmd->iocb.ki_flags = IOCB_DIRECT;
 540        if (cmd->css)
 541                kthread_associate_blkcg(cmd->css);
 542
 543        if (rw == WRITE)
 544                ret = call_write_iter(file, &cmd->iocb, &iter);
 545        else
 546                ret = call_read_iter(file, &cmd->iocb, &iter);
 547
 548        lo_rw_aio_do_completion(cmd);
 549        kthread_associate_blkcg(NULL);
 550
 551        if (ret != -EIOCBQUEUED)
 552                cmd->iocb.ki_complete(&cmd->iocb, ret, 0);
 553        return 0;
 554}
 555
 556static int do_req_filebacked(struct loop_device *lo, struct request *rq)
 557{
 558        struct loop_cmd *cmd = blk_mq_rq_to_pdu(rq);
 559        loff_t pos = ((loff_t) blk_rq_pos(rq) << 9) + lo->lo_offset;
 560
 561        /*
 562         * lo_write_simple and lo_read_simple should have been covered
 563         * by io submit style function like lo_rw_aio(), one blocker
 564         * is that lo_read_simple() need to call flush_dcache_page after
 565         * the page is written from kernel, and it isn't easy to handle
 566         * this in io submit style function which submits all segments
 567         * of the req at one time. And direct read IO doesn't need to
 568         * run flush_dcache_page().
 569         */
 570        switch (req_op(rq)) {
 571        case REQ_OP_FLUSH:
 572                return lo_req_flush(lo, rq);
 573        case REQ_OP_DISCARD:
 574        case REQ_OP_WRITE_ZEROES:
 575                return lo_discard(lo, rq, pos);
 576        case REQ_OP_WRITE:
 577                if (lo->transfer)
 578                        return lo_write_transfer(lo, rq, pos);
 579                else if (cmd->use_aio)
 580                        return lo_rw_aio(lo, cmd, pos, WRITE);
 581                else
 582                        return lo_write_simple(lo, rq, pos);
 583        case REQ_OP_READ:
 584                if (lo->transfer)
 585                        return lo_read_transfer(lo, rq, pos);
 586                else if (cmd->use_aio)
 587                        return lo_rw_aio(lo, cmd, pos, READ);
 588                else
 589                        return lo_read_simple(lo, rq, pos);
 590        default:
 591                WARN_ON_ONCE(1);
 592                return -EIO;
 593                break;
 594        }
 595}
 596
 597static inline void loop_update_dio(struct loop_device *lo)
 598{
 599        __loop_update_dio(lo, io_is_direct(lo->lo_backing_file) |
 600                        lo->use_dio);
 601}
 602
 603static void loop_reread_partitions(struct loop_device *lo,
 604                                   struct block_device *bdev)
 605{
 606        int rc;
 607
 608        /*
 609         * bd_mutex has been held already in release path, so don't
 610         * acquire it if this function is called in such case.
 611         *
 612         * If the reread partition isn't from release path, lo_refcnt
 613         * must be at least one and it can only become zero when the
 614         * current holder is released.
 615         */
 616        if (!atomic_read(&lo->lo_refcnt))
 617                rc = __blkdev_reread_part(bdev);
 618        else
 619                rc = blkdev_reread_part(bdev);
 620        if (rc)
 621                pr_warn("%s: partition scan of loop%d (%s) failed (rc=%d)\n",
 622                        __func__, lo->lo_number, lo->lo_file_name, rc);
 623}
 624
 625/*
 626 * loop_change_fd switched the backing store of a loopback device to
 627 * a new file. This is useful for operating system installers to free up
 628 * the original file and in High Availability environments to switch to
 629 * an alternative location for the content in case of server meltdown.
 630 * This can only work if the loop device is used read-only, and if the
 631 * new backing store is the same size and type as the old backing store.
 632 */
 633static int loop_change_fd(struct loop_device *lo, struct block_device *bdev,
 634                          unsigned int arg)
 635{
 636        struct file     *file, *old_file;
 637        struct inode    *inode;
 638        int             error;
 639
 640        error = -ENXIO;
 641        if (lo->lo_state != Lo_bound)
 642                goto out;
 643
 644        /* the loop device has to be read-only */
 645        error = -EINVAL;
 646        if (!(lo->lo_flags & LO_FLAGS_READ_ONLY))
 647                goto out;
 648
 649        error = -EBADF;
 650        file = fget(arg);
 651        if (!file)
 652                goto out;
 653
 654        inode = file->f_mapping->host;
 655        old_file = lo->lo_backing_file;
 656
 657        error = -EINVAL;
 658
 659        if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
 660                goto out_putf;
 661
 662        /* size of the new backing store needs to be the same */
 663        if (get_loop_size(lo, file) != get_loop_size(lo, old_file))
 664                goto out_putf;
 665
 666        /* and ... switch */
 667        blk_mq_freeze_queue(lo->lo_queue);
 668        mapping_set_gfp_mask(old_file->f_mapping, lo->old_gfp_mask);
 669        lo->lo_backing_file = file;
 670        lo->old_gfp_mask = mapping_gfp_mask(file->f_mapping);
 671        mapping_set_gfp_mask(file->f_mapping,
 672                             lo->old_gfp_mask & ~(__GFP_IO|__GFP_FS));
 673        loop_update_dio(lo);
 674        blk_mq_unfreeze_queue(lo->lo_queue);
 675
 676        fput(old_file);
 677        if (lo->lo_flags & LO_FLAGS_PARTSCAN)
 678                loop_reread_partitions(lo, bdev);
 679        return 0;
 680
 681 out_putf:
 682        fput(file);
 683 out:
 684        return error;
 685}
 686
 687static inline int is_loop_device(struct file *file)
 688{
 689        struct inode *i = file->f_mapping->host;
 690
 691        return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR;
 692}
 693
 694/* loop sysfs attributes */
 695
 696static ssize_t loop_attr_show(struct device *dev, char *page,
 697                              ssize_t (*callback)(struct loop_device *, char *))
 698{
 699        struct gendisk *disk = dev_to_disk(dev);
 700        struct loop_device *lo = disk->private_data;
 701
 702        return callback(lo, page);
 703}
 704
 705#define LOOP_ATTR_RO(_name)                                             \
 706static ssize_t loop_attr_##_name##_show(struct loop_device *, char *);  \
 707static ssize_t loop_attr_do_show_##_name(struct device *d,              \
 708                                struct device_attribute *attr, char *b) \
 709{                                                                       \
 710        return loop_attr_show(d, b, loop_attr_##_name##_show);          \
 711}                                                                       \
 712static struct device_attribute loop_attr_##_name =                      \
 713        __ATTR(_name, S_IRUGO, loop_attr_do_show_##_name, NULL);
 714
 715static ssize_t loop_attr_backing_file_show(struct loop_device *lo, char *buf)
 716{
 717        ssize_t ret;
 718        char *p = NULL;
 719
 720        spin_lock_irq(&lo->lo_lock);
 721        if (lo->lo_backing_file)
 722                p = file_path(lo->lo_backing_file, buf, PAGE_SIZE - 1);
 723        spin_unlock_irq(&lo->lo_lock);
 724
 725        if (IS_ERR_OR_NULL(p))
 726                ret = PTR_ERR(p);
 727        else {
 728                ret = strlen(p);
 729                memmove(buf, p, ret);
 730                buf[ret++] = '\n';
 731                buf[ret] = 0;
 732        }
 733
 734        return ret;
 735}
 736
 737static ssize_t loop_attr_offset_show(struct loop_device *lo, char *buf)
 738{
 739        return sprintf(buf, "%llu\n", (unsigned long long)lo->lo_offset);
 740}
 741
 742static ssize_t loop_attr_sizelimit_show(struct loop_device *lo, char *buf)
 743{
 744        return sprintf(buf, "%llu\n", (unsigned long long)lo->lo_sizelimit);
 745}
 746
 747static ssize_t loop_attr_autoclear_show(struct loop_device *lo, char *buf)
 748{
 749        int autoclear = (lo->lo_flags & LO_FLAGS_AUTOCLEAR);
 750
 751        return sprintf(buf, "%s\n", autoclear ? "1" : "0");
 752}
 753
 754static ssize_t loop_attr_partscan_show(struct loop_device *lo, char *buf)
 755{
 756        int partscan = (lo->lo_flags & LO_FLAGS_PARTSCAN);
 757
 758        return sprintf(buf, "%s\n", partscan ? "1" : "0");
 759}
 760
 761static ssize_t loop_attr_dio_show(struct loop_device *lo, char *buf)
 762{
 763        int dio = (lo->lo_flags & LO_FLAGS_DIRECT_IO);
 764
 765        return sprintf(buf, "%s\n", dio ? "1" : "0");
 766}
 767
 768LOOP_ATTR_RO(backing_file);
 769LOOP_ATTR_RO(offset);
 770LOOP_ATTR_RO(sizelimit);
 771LOOP_ATTR_RO(autoclear);
 772LOOP_ATTR_RO(partscan);
 773LOOP_ATTR_RO(dio);
 774
 775static struct attribute *loop_attrs[] = {
 776        &loop_attr_backing_file.attr,
 777        &loop_attr_offset.attr,
 778        &loop_attr_sizelimit.attr,
 779        &loop_attr_autoclear.attr,
 780        &loop_attr_partscan.attr,
 781        &loop_attr_dio.attr,
 782        NULL,
 783};
 784
 785static struct attribute_group loop_attribute_group = {
 786        .name = "loop",
 787        .attrs= loop_attrs,
 788};
 789
 790static int loop_sysfs_init(struct loop_device *lo)
 791{
 792        return sysfs_create_group(&disk_to_dev(lo->lo_disk)->kobj,
 793                                  &loop_attribute_group);
 794}
 795
 796static void loop_sysfs_exit(struct loop_device *lo)
 797{
 798        sysfs_remove_group(&disk_to_dev(lo->lo_disk)->kobj,
 799                           &loop_attribute_group);
 800}
 801
 802static void loop_config_discard(struct loop_device *lo)
 803{
 804        struct file *file = lo->lo_backing_file;
 805        struct inode *inode = file->f_mapping->host;
 806        struct request_queue *q = lo->lo_queue;
 807
 808        /*
 809         * We use punch hole to reclaim the free space used by the
 810         * image a.k.a. discard. However we do not support discard if
 811         * encryption is enabled, because it may give an attacker
 812         * useful information.
 813         */
 814        if ((!file->f_op->fallocate) ||
 815            lo->lo_encrypt_key_size) {
 816                q->limits.discard_granularity = 0;
 817                q->limits.discard_alignment = 0;
 818                blk_queue_max_discard_sectors(q, 0);
 819                blk_queue_max_write_zeroes_sectors(q, 0);
 820                queue_flag_clear_unlocked(QUEUE_FLAG_DISCARD, q);
 821                return;
 822        }
 823
 824        q->limits.discard_granularity = inode->i_sb->s_blocksize;
 825        q->limits.discard_alignment = 0;
 826
 827        blk_queue_max_discard_sectors(q, UINT_MAX >> 9);
 828        blk_queue_max_write_zeroes_sectors(q, UINT_MAX >> 9);
 829        queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, q);
 830}
 831
 832static void loop_unprepare_queue(struct loop_device *lo)
 833{
 834        kthread_flush_worker(&lo->worker);
 835        kthread_stop(lo->worker_task);
 836}
 837
 838static int loop_kthread_worker_fn(void *worker_ptr)
 839{
 840        current->flags |= PF_LESS_THROTTLE;
 841        return kthread_worker_fn(worker_ptr);
 842}
 843
 844static int loop_prepare_queue(struct loop_device *lo)
 845{
 846        kthread_init_worker(&lo->worker);
 847        lo->worker_task = kthread_run(loop_kthread_worker_fn,
 848                        &lo->worker, "loop%d", lo->lo_number);
 849        if (IS_ERR(lo->worker_task))
 850                return -ENOMEM;
 851        set_user_nice(lo->worker_task, MIN_NICE);
 852        return 0;
 853}
 854
 855static int loop_set_fd(struct loop_device *lo, fmode_t mode,
 856                       struct block_device *bdev, unsigned int arg)
 857{
 858        struct file     *file, *f;
 859        struct inode    *inode;
 860        struct address_space *mapping;
 861        int             lo_flags = 0;
 862        int             error;
 863        loff_t          size;
 864
 865        /* This is safe, since we have a reference from open(). */
 866        __module_get(THIS_MODULE);
 867
 868        error = -EBADF;
 869        file = fget(arg);
 870        if (!file)
 871                goto out;
 872
 873        error = -EBUSY;
 874        if (lo->lo_state != Lo_unbound)
 875                goto out_putf;
 876
 877        /* Avoid recursion */
 878        f = file;
 879        while (is_loop_device(f)) {
 880                struct loop_device *l;
 881
 882                if (f->f_mapping->host->i_bdev == bdev)
 883                        goto out_putf;
 884
 885                l = f->f_mapping->host->i_bdev->bd_disk->private_data;
 886                if (l->lo_state == Lo_unbound) {
 887                        error = -EINVAL;
 888                        goto out_putf;
 889                }
 890                f = l->lo_backing_file;
 891        }
 892
 893        mapping = file->f_mapping;
 894        inode = mapping->host;
 895
 896        error = -EINVAL;
 897        if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
 898                goto out_putf;
 899
 900        if (!(file->f_mode & FMODE_WRITE) || !(mode & FMODE_WRITE) ||
 901            !file->f_op->write_iter)
 902                lo_flags |= LO_FLAGS_READ_ONLY;
 903
 904        error = -EFBIG;
 905        size = get_loop_size(lo, file);
 906        if ((loff_t)(sector_t)size != size)
 907                goto out_putf;
 908        error = loop_prepare_queue(lo);
 909        if (error)
 910                goto out_putf;
 911
 912        error = 0;
 913
 914        set_device_ro(bdev, (lo_flags & LO_FLAGS_READ_ONLY) != 0);
 915
 916        lo->use_dio = false;
 917        lo->lo_device = bdev;
 918        lo->lo_flags = lo_flags;
 919        lo->lo_backing_file = file;
 920        lo->transfer = NULL;
 921        lo->ioctl = NULL;
 922        lo->lo_sizelimit = 0;
 923        lo->old_gfp_mask = mapping_gfp_mask(mapping);
 924        mapping_set_gfp_mask(mapping, lo->old_gfp_mask & ~(__GFP_IO|__GFP_FS));
 925
 926        if (!(lo_flags & LO_FLAGS_READ_ONLY) && file->f_op->fsync)
 927                blk_queue_write_cache(lo->lo_queue, true, false);
 928
 929        loop_update_dio(lo);
 930        set_capacity(lo->lo_disk, size);
 931        bd_set_size(bdev, size << 9);
 932        loop_sysfs_init(lo);
 933        /* let user-space know about the new size */
 934        kobject_uevent(&disk_to_dev(bdev->bd_disk)->kobj, KOBJ_CHANGE);
 935
 936        set_blocksize(bdev, S_ISBLK(inode->i_mode) ?
 937                      block_size(inode->i_bdev) : PAGE_SIZE);
 938
 939        lo->lo_state = Lo_bound;
 940        if (part_shift)
 941                lo->lo_flags |= LO_FLAGS_PARTSCAN;
 942        if (lo->lo_flags & LO_FLAGS_PARTSCAN)
 943                loop_reread_partitions(lo, bdev);
 944
 945        /* Grab the block_device to prevent its destruction after we
 946         * put /dev/loopXX inode. Later in loop_clr_fd() we bdput(bdev).
 947         */
 948        bdgrab(bdev);
 949        return 0;
 950
 951 out_putf:
 952        fput(file);
 953 out:
 954        /* This is safe: open() is still holding a reference. */
 955        module_put(THIS_MODULE);
 956        return error;
 957}
 958
 959static int
 960loop_release_xfer(struct loop_device *lo)
 961{
 962        int err = 0;
 963        struct loop_func_table *xfer = lo->lo_encryption;
 964
 965        if (xfer) {
 966                if (xfer->release)
 967                        err = xfer->release(lo);
 968                lo->transfer = NULL;
 969                lo->lo_encryption = NULL;
 970                module_put(xfer->owner);
 971        }
 972        return err;
 973}
 974
 975static int
 976loop_init_xfer(struct loop_device *lo, struct loop_func_table *xfer,
 977               const struct loop_info64 *i)
 978{
 979        int err = 0;
 980
 981        if (xfer) {
 982                struct module *owner = xfer->owner;
 983
 984                if (!try_module_get(owner))
 985                        return -EINVAL;
 986                if (xfer->init)
 987                        err = xfer->init(lo, i);
 988                if (err)
 989                        module_put(owner);
 990                else
 991                        lo->lo_encryption = xfer;
 992        }
 993        return err;
 994}
 995
 996static int loop_clr_fd(struct loop_device *lo)
 997{
 998        struct file *filp = lo->lo_backing_file;
 999        gfp_t gfp = lo->old_gfp_mask;
1000        struct block_device *bdev = lo->lo_device;
1001
1002        if (lo->lo_state != Lo_bound)
1003                return -ENXIO;
1004
1005        /*
1006         * If we've explicitly asked to tear down the loop device,
1007         * and it has an elevated reference count, set it for auto-teardown when
1008         * the last reference goes away. This stops $!~#$@ udev from
1009         * preventing teardown because it decided that it needs to run blkid on
1010         * the loopback device whenever they appear. xfstests is notorious for
1011         * failing tests because blkid via udev races with a losetup
1012         * <dev>/do something like mkfs/losetup -d <dev> causing the losetup -d
1013         * command to fail with EBUSY.
1014         */
1015        if (atomic_read(&lo->lo_refcnt) > 1) {
1016                lo->lo_flags |= LO_FLAGS_AUTOCLEAR;
1017                mutex_unlock(&lo->lo_ctl_mutex);
1018                return 0;
1019        }
1020
1021        if (filp == NULL)
1022                return -EINVAL;
1023
1024        /* freeze request queue during the transition */
1025        blk_mq_freeze_queue(lo->lo_queue);
1026
1027        spin_lock_irq(&lo->lo_lock);
1028        lo->lo_state = Lo_rundown;
1029        lo->lo_backing_file = NULL;
1030        spin_unlock_irq(&lo->lo_lock);
1031
1032        loop_release_xfer(lo);
1033        lo->transfer = NULL;
1034        lo->ioctl = NULL;
1035        lo->lo_device = NULL;
1036        lo->lo_encryption = NULL;
1037        lo->lo_offset = 0;
1038        lo->lo_sizelimit = 0;
1039        lo->lo_encrypt_key_size = 0;
1040        memset(lo->lo_encrypt_key, 0, LO_KEY_SIZE);
1041        memset(lo->lo_crypt_name, 0, LO_NAME_SIZE);
1042        memset(lo->lo_file_name, 0, LO_NAME_SIZE);
1043        blk_queue_logical_block_size(lo->lo_queue, 512);
1044        blk_queue_physical_block_size(lo->lo_queue, 512);
1045        blk_queue_io_min(lo->lo_queue, 512);
1046        if (bdev) {
1047                bdput(bdev);
1048                invalidate_bdev(bdev);
1049        }
1050        set_capacity(lo->lo_disk, 0);
1051        loop_sysfs_exit(lo);
1052        if (bdev) {
1053                bd_set_size(bdev, 0);
1054                /* let user-space know about this change */
1055                kobject_uevent(&disk_to_dev(bdev->bd_disk)->kobj, KOBJ_CHANGE);
1056        }
1057        mapping_set_gfp_mask(filp->f_mapping, gfp);
1058        lo->lo_state = Lo_unbound;
1059        /* This is safe: open() is still holding a reference. */
1060        module_put(THIS_MODULE);
1061        blk_mq_unfreeze_queue(lo->lo_queue);
1062
1063        if (lo->lo_flags & LO_FLAGS_PARTSCAN && bdev)
1064                loop_reread_partitions(lo, bdev);
1065        lo->lo_flags = 0;
1066        if (!part_shift)
1067                lo->lo_disk->flags |= GENHD_FL_NO_PART_SCAN;
1068        loop_unprepare_queue(lo);
1069        mutex_unlock(&lo->lo_ctl_mutex);
1070        /*
1071         * Need not hold lo_ctl_mutex to fput backing file.
1072         * Calling fput holding lo_ctl_mutex triggers a circular
1073         * lock dependency possibility warning as fput can take
1074         * bd_mutex which is usually taken before lo_ctl_mutex.
1075         */
1076        fput(filp);
1077        return 0;
1078}
1079
1080static int
1081loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
1082{
1083        int err;
1084        struct loop_func_table *xfer;
1085        kuid_t uid = current_uid();
1086
1087        if (lo->lo_encrypt_key_size &&
1088            !uid_eq(lo->lo_key_owner, uid) &&
1089            !capable(CAP_SYS_ADMIN))
1090                return -EPERM;
1091        if (lo->lo_state != Lo_bound)
1092                return -ENXIO;
1093        if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE)
1094                return -EINVAL;
1095
1096        /* I/O need to be drained during transfer transition */
1097        blk_mq_freeze_queue(lo->lo_queue);
1098
1099        err = loop_release_xfer(lo);
1100        if (err)
1101                goto exit;
1102
1103        if (info->lo_encrypt_type) {
1104                unsigned int type = info->lo_encrypt_type;
1105
1106                if (type >= MAX_LO_CRYPT)
1107                        return -EINVAL;
1108                xfer = xfer_funcs[type];
1109                if (xfer == NULL)
1110                        return -EINVAL;
1111        } else
1112                xfer = NULL;
1113
1114        err = loop_init_xfer(lo, xfer, info);
1115        if (err)
1116                goto exit;
1117
1118        if (lo->lo_offset != info->lo_offset ||
1119            lo->lo_sizelimit != info->lo_sizelimit) {
1120                if (figure_loop_size(lo, info->lo_offset, info->lo_sizelimit)) {
1121                        err = -EFBIG;
1122                        goto exit;
1123                }
1124        }
1125
1126        loop_config_discard(lo);
1127
1128        memcpy(lo->lo_file_name, info->lo_file_name, LO_NAME_SIZE);
1129        memcpy(lo->lo_crypt_name, info->lo_crypt_name, LO_NAME_SIZE);
1130        lo->lo_file_name[LO_NAME_SIZE-1] = 0;
1131        lo->lo_crypt_name[LO_NAME_SIZE-1] = 0;
1132
1133        if (!xfer)
1134                xfer = &none_funcs;
1135        lo->transfer = xfer->transfer;
1136        lo->ioctl = xfer->ioctl;
1137
1138        if ((lo->lo_flags & LO_FLAGS_AUTOCLEAR) !=
1139             (info->lo_flags & LO_FLAGS_AUTOCLEAR))
1140                lo->lo_flags ^= LO_FLAGS_AUTOCLEAR;
1141
1142        lo->lo_encrypt_key_size = info->lo_encrypt_key_size;
1143        lo->lo_init[0] = info->lo_init[0];
1144        lo->lo_init[1] = info->lo_init[1];
1145        if (info->lo_encrypt_key_size) {
1146                memcpy(lo->lo_encrypt_key, info->lo_encrypt_key,
1147                       info->lo_encrypt_key_size);
1148                lo->lo_key_owner = uid;
1149        }
1150
1151        /* update dio if lo_offset or transfer is changed */
1152        __loop_update_dio(lo, lo->use_dio);
1153
1154 exit:
1155        blk_mq_unfreeze_queue(lo->lo_queue);
1156
1157        if (!err && (info->lo_flags & LO_FLAGS_PARTSCAN) &&
1158             !(lo->lo_flags & LO_FLAGS_PARTSCAN)) {
1159                lo->lo_flags |= LO_FLAGS_PARTSCAN;
1160                lo->lo_disk->flags &= ~GENHD_FL_NO_PART_SCAN;
1161                loop_reread_partitions(lo, lo->lo_device);
1162        }
1163
1164        return err;
1165}
1166
1167static int
1168loop_get_status(struct loop_device *lo, struct loop_info64 *info)
1169{
1170        struct file *file = lo->lo_backing_file;
1171        struct kstat stat;
1172        int error;
1173
1174        if (lo->lo_state != Lo_bound)
1175                return -ENXIO;
1176        error = vfs_getattr(&file->f_path, &stat,
1177                            STATX_INO, AT_STATX_SYNC_AS_STAT);
1178        if (error)
1179                return error;
1180        memset(info, 0, sizeof(*info));
1181        info->lo_number = lo->lo_number;
1182        info->lo_device = huge_encode_dev(stat.dev);
1183        info->lo_inode = stat.ino;
1184        info->lo_rdevice = huge_encode_dev(lo->lo_device ? stat.rdev : stat.dev);
1185        info->lo_offset = lo->lo_offset;
1186        info->lo_sizelimit = lo->lo_sizelimit;
1187        info->lo_flags = lo->lo_flags;
1188        memcpy(info->lo_file_name, lo->lo_file_name, LO_NAME_SIZE);
1189        memcpy(info->lo_crypt_name, lo->lo_crypt_name, LO_NAME_SIZE);
1190        info->lo_encrypt_type =
1191                lo->lo_encryption ? lo->lo_encryption->number : 0;
1192        if (lo->lo_encrypt_key_size && capable(CAP_SYS_ADMIN)) {
1193                info->lo_encrypt_key_size = lo->lo_encrypt_key_size;
1194                memcpy(info->lo_encrypt_key, lo->lo_encrypt_key,
1195                       lo->lo_encrypt_key_size);
1196        }
1197        return 0;
1198}
1199
1200static void
1201loop_info64_from_old(const struct loop_info *info, struct loop_info64 *info64)
1202{
1203        memset(info64, 0, sizeof(*info64));
1204        info64->lo_number = info->lo_number;
1205        info64->lo_device = info->lo_device;
1206        info64->lo_inode = info->lo_inode;
1207        info64->lo_rdevice = info->lo_rdevice;
1208        info64->lo_offset = info->lo_offset;
1209        info64->lo_sizelimit = 0;
1210        info64->lo_encrypt_type = info->lo_encrypt_type;
1211        info64->lo_encrypt_key_size = info->lo_encrypt_key_size;
1212        info64->lo_flags = info->lo_flags;
1213        info64->lo_init[0] = info->lo_init[0];
1214        info64->lo_init[1] = info->lo_init[1];
1215        if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1216                memcpy(info64->lo_crypt_name, info->lo_name, LO_NAME_SIZE);
1217        else
1218                memcpy(info64->lo_file_name, info->lo_name, LO_NAME_SIZE);
1219        memcpy(info64->lo_encrypt_key, info->lo_encrypt_key, LO_KEY_SIZE);
1220}
1221
1222static int
1223loop_info64_to_old(const struct loop_info64 *info64, struct loop_info *info)
1224{
1225        memset(info, 0, sizeof(*info));
1226        info->lo_number = info64->lo_number;
1227        info->lo_device = info64->lo_device;
1228        info->lo_inode = info64->lo_inode;
1229        info->lo_rdevice = info64->lo_rdevice;
1230        info->lo_offset = info64->lo_offset;
1231        info->lo_encrypt_type = info64->lo_encrypt_type;
1232        info->lo_encrypt_key_size = info64->lo_encrypt_key_size;
1233        info->lo_flags = info64->lo_flags;
1234        info->lo_init[0] = info64->lo_init[0];
1235        info->lo_init[1] = info64->lo_init[1];
1236        if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1237                memcpy(info->lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
1238        else
1239                memcpy(info->lo_name, info64->lo_file_name, LO_NAME_SIZE);
1240        memcpy(info->lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
1241
1242        /* error in case values were truncated */
1243        if (info->lo_device != info64->lo_device ||
1244            info->lo_rdevice != info64->lo_rdevice ||
1245            info->lo_inode != info64->lo_inode ||
1246            info->lo_offset != info64->lo_offset)
1247                return -EOVERFLOW;
1248
1249        return 0;
1250}
1251
1252static int
1253loop_set_status_old(struct loop_device *lo, const struct loop_info __user *arg)
1254{
1255        struct loop_info info;
1256        struct loop_info64 info64;
1257
1258        if (copy_from_user(&info, arg, sizeof (struct loop_info)))
1259                return -EFAULT;
1260        loop_info64_from_old(&info, &info64);
1261        return loop_set_status(lo, &info64);
1262}
1263
1264static int
1265loop_set_status64(struct loop_device *lo, const struct loop_info64 __user *arg)
1266{
1267        struct loop_info64 info64;
1268
1269        if (copy_from_user(&info64, arg, sizeof (struct loop_info64)))
1270                return -EFAULT;
1271        return loop_set_status(lo, &info64);
1272}
1273
1274static int
1275loop_get_status_old(struct loop_device *lo, struct loop_info __user *arg) {
1276        struct loop_info info;
1277        struct loop_info64 info64;
1278        int err = 0;
1279
1280        if (!arg)
1281                err = -EINVAL;
1282        if (!err)
1283                err = loop_get_status(lo, &info64);
1284        if (!err)
1285                err = loop_info64_to_old(&info64, &info);
1286        if (!err && copy_to_user(arg, &info, sizeof(info)))
1287                err = -EFAULT;
1288
1289        return err;
1290}
1291
1292static int
1293loop_get_status64(struct loop_device *lo, struct loop_info64 __user *arg) {
1294        struct loop_info64 info64;
1295        int err = 0;
1296
1297        if (!arg)
1298                err = -EINVAL;
1299        if (!err)
1300                err = loop_get_status(lo, &info64);
1301        if (!err && copy_to_user(arg, &info64, sizeof(info64)))
1302                err = -EFAULT;
1303
1304        return err;
1305}
1306
1307static int loop_set_capacity(struct loop_device *lo)
1308{
1309        if (unlikely(lo->lo_state != Lo_bound))
1310                return -ENXIO;
1311
1312        return figure_loop_size(lo, lo->lo_offset, lo->lo_sizelimit);
1313}
1314
1315static int loop_set_dio(struct loop_device *lo, unsigned long arg)
1316{
1317        int error = -ENXIO;
1318        if (lo->lo_state != Lo_bound)
1319                goto out;
1320
1321        __loop_update_dio(lo, !!arg);
1322        if (lo->use_dio == !!arg)
1323                return 0;
1324        error = -EINVAL;
1325 out:
1326        return error;
1327}
1328
1329static int loop_set_block_size(struct loop_device *lo, unsigned long arg)
1330{
1331        if (lo->lo_state != Lo_bound)
1332                return -ENXIO;
1333
1334        if (arg < 512 || arg > PAGE_SIZE || !is_power_of_2(arg))
1335                return -EINVAL;
1336
1337        blk_mq_freeze_queue(lo->lo_queue);
1338
1339        blk_queue_logical_block_size(lo->lo_queue, arg);
1340        blk_queue_physical_block_size(lo->lo_queue, arg);
1341        blk_queue_io_min(lo->lo_queue, arg);
1342        loop_update_dio(lo);
1343
1344        blk_mq_unfreeze_queue(lo->lo_queue);
1345
1346        return 0;
1347}
1348
1349static int lo_ioctl(struct block_device *bdev, fmode_t mode,
1350        unsigned int cmd, unsigned long arg)
1351{
1352        struct loop_device *lo = bdev->bd_disk->private_data;
1353        int err;
1354
1355        mutex_lock_nested(&lo->lo_ctl_mutex, 1);
1356        switch (cmd) {
1357        case LOOP_SET_FD:
1358                err = loop_set_fd(lo, mode, bdev, arg);
1359                break;
1360        case LOOP_CHANGE_FD:
1361                err = loop_change_fd(lo, bdev, arg);
1362                break;
1363        case LOOP_CLR_FD:
1364                /* loop_clr_fd would have unlocked lo_ctl_mutex on success */
1365                err = loop_clr_fd(lo);
1366                if (!err)
1367                        goto out_unlocked;
1368                break;
1369        case LOOP_SET_STATUS:
1370                err = -EPERM;
1371                if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN))
1372                        err = loop_set_status_old(lo,
1373                                        (struct loop_info __user *)arg);
1374                break;
1375        case LOOP_GET_STATUS:
1376                err = loop_get_status_old(lo, (struct loop_info __user *) arg);
1377                break;
1378        case LOOP_SET_STATUS64:
1379                err = -EPERM;
1380                if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN))
1381                        err = loop_set_status64(lo,
1382                                        (struct loop_info64 __user *) arg);
1383                break;
1384        case LOOP_GET_STATUS64:
1385                err = loop_get_status64(lo, (struct loop_info64 __user *) arg);
1386                break;
1387        case LOOP_SET_CAPACITY:
1388                err = -EPERM;
1389                if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN))
1390                        err = loop_set_capacity(lo);
1391                break;
1392        case LOOP_SET_DIRECT_IO:
1393                err = -EPERM;
1394                if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN))
1395                        err = loop_set_dio(lo, arg);
1396                break;
1397        case LOOP_SET_BLOCK_SIZE:
1398                err = -EPERM;
1399                if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN))
1400                        err = loop_set_block_size(lo, arg);
1401                break;
1402        default:
1403                err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL;
1404        }
1405        mutex_unlock(&lo->lo_ctl_mutex);
1406
1407out_unlocked:
1408        return err;
1409}
1410
1411#ifdef CONFIG_COMPAT
1412struct compat_loop_info {
1413        compat_int_t    lo_number;      /* ioctl r/o */
1414        compat_dev_t    lo_device;      /* ioctl r/o */
1415        compat_ulong_t  lo_inode;       /* ioctl r/o */
1416        compat_dev_t    lo_rdevice;     /* ioctl r/o */
1417        compat_int_t    lo_offset;
1418        compat_int_t    lo_encrypt_type;
1419        compat_int_t    lo_encrypt_key_size;    /* ioctl w/o */
1420        compat_int_t    lo_flags;       /* ioctl r/o */
1421        char            lo_name[LO_NAME_SIZE];
1422        unsigned char   lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */
1423        compat_ulong_t  lo_init[2];
1424        char            reserved[4];
1425};
1426
1427/*
1428 * Transfer 32-bit compatibility structure in userspace to 64-bit loop info
1429 * - noinlined to reduce stack space usage in main part of driver
1430 */
1431static noinline int
1432loop_info64_from_compat(const struct compat_loop_info __user *arg,
1433                        struct loop_info64 *info64)
1434{
1435        struct compat_loop_info info;
1436
1437        if (copy_from_user(&info, arg, sizeof(info)))
1438                return -EFAULT;
1439
1440        memset(info64, 0, sizeof(*info64));
1441        info64->lo_number = info.lo_number;
1442        info64->lo_device = info.lo_device;
1443        info64->lo_inode = info.lo_inode;
1444        info64->lo_rdevice = info.lo_rdevice;
1445        info64->lo_offset = info.lo_offset;
1446        info64->lo_sizelimit = 0;
1447        info64->lo_encrypt_type = info.lo_encrypt_type;
1448        info64->lo_encrypt_key_size = info.lo_encrypt_key_size;
1449        info64->lo_flags = info.lo_flags;
1450        info64->lo_init[0] = info.lo_init[0];
1451        info64->lo_init[1] = info.lo_init[1];
1452        if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1453                memcpy(info64->lo_crypt_name, info.lo_name, LO_NAME_SIZE);
1454        else
1455                memcpy(info64->lo_file_name, info.lo_name, LO_NAME_SIZE);
1456        memcpy(info64->lo_encrypt_key, info.lo_encrypt_key, LO_KEY_SIZE);
1457        return 0;
1458}
1459
1460/*
1461 * Transfer 64-bit loop info to 32-bit compatibility structure in userspace
1462 * - noinlined to reduce stack space usage in main part of driver
1463 */
1464static noinline int
1465loop_info64_to_compat(const struct loop_info64 *info64,
1466                      struct compat_loop_info __user *arg)
1467{
1468        struct compat_loop_info info;
1469
1470        memset(&info, 0, sizeof(info));
1471        info.lo_number = info64->lo_number;
1472        info.lo_device = info64->lo_device;
1473        info.lo_inode = info64->lo_inode;
1474        info.lo_rdevice = info64->lo_rdevice;
1475        info.lo_offset = info64->lo_offset;
1476        info.lo_encrypt_type = info64->lo_encrypt_type;
1477        info.lo_encrypt_key_size = info64->lo_encrypt_key_size;
1478        info.lo_flags = info64->lo_flags;
1479        info.lo_init[0] = info64->lo_init[0];
1480        info.lo_init[1] = info64->lo_init[1];
1481        if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1482                memcpy(info.lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
1483        else
1484                memcpy(info.lo_name, info64->lo_file_name, LO_NAME_SIZE);
1485        memcpy(info.lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
1486
1487        /* error in case values were truncated */
1488        if (info.lo_device != info64->lo_device ||
1489            info.lo_rdevice != info64->lo_rdevice ||
1490            info.lo_inode != info64->lo_inode ||
1491            info.lo_offset != info64->lo_offset ||
1492            info.lo_init[0] != info64->lo_init[0] ||
1493            info.lo_init[1] != info64->lo_init[1])
1494                return -EOVERFLOW;
1495
1496        if (copy_to_user(arg, &info, sizeof(info)))
1497                return -EFAULT;
1498        return 0;
1499}
1500
1501static int
1502loop_set_status_compat(struct loop_device *lo,
1503                       const struct compat_loop_info __user *arg)
1504{
1505        struct loop_info64 info64;
1506        int ret;
1507
1508        ret = loop_info64_from_compat(arg, &info64);
1509        if (ret < 0)
1510                return ret;
1511        return loop_set_status(lo, &info64);
1512}
1513
1514static int
1515loop_get_status_compat(struct loop_device *lo,
1516                       struct compat_loop_info __user *arg)
1517{
1518        struct loop_info64 info64;
1519        int err = 0;
1520
1521        if (!arg)
1522                err = -EINVAL;
1523        if (!err)
1524                err = loop_get_status(lo, &info64);
1525        if (!err)
1526                err = loop_info64_to_compat(&info64, arg);
1527        return err;
1528}
1529
1530static int lo_compat_ioctl(struct block_device *bdev, fmode_t mode,
1531                           unsigned int cmd, unsigned long arg)
1532{
1533        struct loop_device *lo = bdev->bd_disk->private_data;
1534        int err;
1535
1536        switch(cmd) {
1537        case LOOP_SET_STATUS:
1538                mutex_lock(&lo->lo_ctl_mutex);
1539                err = loop_set_status_compat(
1540                        lo, (const struct compat_loop_info __user *) arg);
1541                mutex_unlock(&lo->lo_ctl_mutex);
1542                break;
1543        case LOOP_GET_STATUS:
1544                mutex_lock(&lo->lo_ctl_mutex);
1545                err = loop_get_status_compat(
1546                        lo, (struct compat_loop_info __user *) arg);
1547                mutex_unlock(&lo->lo_ctl_mutex);
1548                break;
1549        case LOOP_SET_CAPACITY:
1550        case LOOP_CLR_FD:
1551        case LOOP_GET_STATUS64:
1552        case LOOP_SET_STATUS64:
1553                arg = (unsigned long) compat_ptr(arg);
1554        case LOOP_SET_FD:
1555        case LOOP_CHANGE_FD:
1556                err = lo_ioctl(bdev, mode, cmd, arg);
1557                break;
1558        default:
1559                err = -ENOIOCTLCMD;
1560                break;
1561        }
1562        return err;
1563}
1564#endif
1565
1566static int lo_open(struct block_device *bdev, fmode_t mode)
1567{
1568        struct loop_device *lo;
1569        int err = 0;
1570
1571        mutex_lock(&loop_index_mutex);
1572        lo = bdev->bd_disk->private_data;
1573        if (!lo) {
1574                err = -ENXIO;
1575                goto out;
1576        }
1577
1578        atomic_inc(&lo->lo_refcnt);
1579out:
1580        mutex_unlock(&loop_index_mutex);
1581        return err;
1582}
1583
1584static void __lo_release(struct loop_device *lo)
1585{
1586        int err;
1587
1588        if (atomic_dec_return(&lo->lo_refcnt))
1589                return;
1590
1591        mutex_lock(&lo->lo_ctl_mutex);
1592        if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) {
1593                /*
1594                 * In autoclear mode, stop the loop thread
1595                 * and remove configuration after last close.
1596                 */
1597                err = loop_clr_fd(lo);
1598                if (!err)
1599                        return;
1600        } else if (lo->lo_state == Lo_bound) {
1601                /*
1602                 * Otherwise keep thread (if running) and config,
1603                 * but flush possible ongoing bios in thread.
1604                 */
1605                blk_mq_freeze_queue(lo->lo_queue);
1606                blk_mq_unfreeze_queue(lo->lo_queue);
1607        }
1608
1609        mutex_unlock(&lo->lo_ctl_mutex);
1610}
1611
1612static void lo_release(struct gendisk *disk, fmode_t mode)
1613{
1614        mutex_lock(&loop_index_mutex);
1615        __lo_release(disk->private_data);
1616        mutex_unlock(&loop_index_mutex);
1617}
1618
1619static const struct block_device_operations lo_fops = {
1620        .owner =        THIS_MODULE,
1621        .open =         lo_open,
1622        .release =      lo_release,
1623        .ioctl =        lo_ioctl,
1624#ifdef CONFIG_COMPAT
1625        .compat_ioctl = lo_compat_ioctl,
1626#endif
1627};
1628
1629/*
1630 * And now the modules code and kernel interface.
1631 */
1632static int max_loop;
1633module_param(max_loop, int, S_IRUGO);
1634MODULE_PARM_DESC(max_loop, "Maximum number of loop devices");
1635module_param(max_part, int, S_IRUGO);
1636MODULE_PARM_DESC(max_part, "Maximum number of partitions per loop device");
1637MODULE_LICENSE("GPL");
1638MODULE_ALIAS_BLOCKDEV_MAJOR(LOOP_MAJOR);
1639
1640int loop_register_transfer(struct loop_func_table *funcs)
1641{
1642        unsigned int n = funcs->number;
1643
1644        if (n >= MAX_LO_CRYPT || xfer_funcs[n])
1645                return -EINVAL;
1646        xfer_funcs[n] = funcs;
1647        return 0;
1648}
1649
1650static int unregister_transfer_cb(int id, void *ptr, void *data)
1651{
1652        struct loop_device *lo = ptr;
1653        struct loop_func_table *xfer = data;
1654
1655        mutex_lock(&lo->lo_ctl_mutex);
1656        if (lo->lo_encryption == xfer)
1657                loop_release_xfer(lo);
1658        mutex_unlock(&lo->lo_ctl_mutex);
1659        return 0;
1660}
1661
1662int loop_unregister_transfer(int number)
1663{
1664        unsigned int n = number;
1665        struct loop_func_table *xfer;
1666
1667        if (n == 0 || n >= MAX_LO_CRYPT || (xfer = xfer_funcs[n]) == NULL)
1668                return -EINVAL;
1669
1670        xfer_funcs[n] = NULL;
1671        idr_for_each(&loop_index_idr, &unregister_transfer_cb, xfer);
1672        return 0;
1673}
1674
1675EXPORT_SYMBOL(loop_register_transfer);
1676EXPORT_SYMBOL(loop_unregister_transfer);
1677
1678static blk_status_t loop_queue_rq(struct blk_mq_hw_ctx *hctx,
1679                const struct blk_mq_queue_data *bd)
1680{
1681        struct loop_cmd *cmd = blk_mq_rq_to_pdu(bd->rq);
1682        struct loop_device *lo = cmd->rq->q->queuedata;
1683
1684        blk_mq_start_request(bd->rq);
1685
1686        if (lo->lo_state != Lo_bound)
1687                return BLK_STS_IOERR;
1688
1689        switch (req_op(cmd->rq)) {
1690        case REQ_OP_FLUSH:
1691        case REQ_OP_DISCARD:
1692        case REQ_OP_WRITE_ZEROES:
1693                cmd->use_aio = false;
1694                break;
1695        default:
1696                cmd->use_aio = lo->use_dio;
1697                break;
1698        }
1699
1700        /* always use the first bio's css */
1701#ifdef CONFIG_BLK_CGROUP
1702        if (cmd->use_aio && cmd->rq->bio && cmd->rq->bio->bi_css) {
1703                cmd->css = cmd->rq->bio->bi_css;
1704                css_get(cmd->css);
1705        } else
1706#endif
1707                cmd->css = NULL;
1708        kthread_queue_work(&lo->worker, &cmd->work);
1709
1710        return BLK_STS_OK;
1711}
1712
1713static void loop_handle_cmd(struct loop_cmd *cmd)
1714{
1715        const bool write = op_is_write(req_op(cmd->rq));
1716        struct loop_device *lo = cmd->rq->q->queuedata;
1717        int ret = 0;
1718
1719        if (write && (lo->lo_flags & LO_FLAGS_READ_ONLY)) {
1720                ret = -EIO;
1721                goto failed;
1722        }
1723
1724        ret = do_req_filebacked(lo, cmd->rq);
1725 failed:
1726        /* complete non-aio request */
1727        if (!cmd->use_aio || ret) {
1728                cmd->ret = ret ? -EIO : 0;
1729                blk_mq_complete_request(cmd->rq);
1730        }
1731}
1732
1733static void loop_queue_work(struct kthread_work *work)
1734{
1735        struct loop_cmd *cmd =
1736                container_of(work, struct loop_cmd, work);
1737
1738        loop_handle_cmd(cmd);
1739}
1740
1741static int loop_init_request(struct blk_mq_tag_set *set, struct request *rq,
1742                unsigned int hctx_idx, unsigned int numa_node)
1743{
1744        struct loop_cmd *cmd = blk_mq_rq_to_pdu(rq);
1745
1746        cmd->rq = rq;
1747        kthread_init_work(&cmd->work, loop_queue_work);
1748
1749        return 0;
1750}
1751
1752static const struct blk_mq_ops loop_mq_ops = {
1753        .queue_rq       = loop_queue_rq,
1754        .init_request   = loop_init_request,
1755        .complete       = lo_complete_rq,
1756};
1757
1758static int loop_add(struct loop_device **l, int i)
1759{
1760        struct loop_device *lo;
1761        struct gendisk *disk;
1762        int err;
1763
1764        err = -ENOMEM;
1765        lo = kzalloc(sizeof(*lo), GFP_KERNEL);
1766        if (!lo)
1767                goto out;
1768
1769        lo->lo_state = Lo_unbound;
1770
1771        /* allocate id, if @id >= 0, we're requesting that specific id */
1772        if (i >= 0) {
1773                err = idr_alloc(&loop_index_idr, lo, i, i + 1, GFP_KERNEL);
1774                if (err == -ENOSPC)
1775                        err = -EEXIST;
1776        } else {
1777                err = idr_alloc(&loop_index_idr, lo, 0, 0, GFP_KERNEL);
1778        }
1779        if (err < 0)
1780                goto out_free_dev;
1781        i = err;
1782
1783        err = -ENOMEM;
1784        lo->tag_set.ops = &loop_mq_ops;
1785        lo->tag_set.nr_hw_queues = 1;
1786        lo->tag_set.queue_depth = 128;
1787        lo->tag_set.numa_node = NUMA_NO_NODE;
1788        lo->tag_set.cmd_size = sizeof(struct loop_cmd);
1789        lo->tag_set.flags = BLK_MQ_F_SHOULD_MERGE | BLK_MQ_F_SG_MERGE;
1790        lo->tag_set.driver_data = lo;
1791
1792        err = blk_mq_alloc_tag_set(&lo->tag_set);
1793        if (err)
1794                goto out_free_idr;
1795
1796        lo->lo_queue = blk_mq_init_queue(&lo->tag_set);
1797        if (IS_ERR_OR_NULL(lo->lo_queue)) {
1798                err = PTR_ERR(lo->lo_queue);
1799                goto out_cleanup_tags;
1800        }
1801        lo->lo_queue->queuedata = lo;
1802
1803        blk_queue_max_hw_sectors(lo->lo_queue, BLK_DEF_MAX_SECTORS);
1804
1805        /*
1806         * By default, we do buffer IO, so it doesn't make sense to enable
1807         * merge because the I/O submitted to backing file is handled page by
1808         * page. For directio mode, merge does help to dispatch bigger request
1809         * to underlayer disk. We will enable merge once directio is enabled.
1810         */
1811        queue_flag_set_unlocked(QUEUE_FLAG_NOMERGES, lo->lo_queue);
1812
1813        err = -ENOMEM;
1814        disk = lo->lo_disk = alloc_disk(1 << part_shift);
1815        if (!disk)
1816                goto out_free_queue;
1817
1818        /*
1819         * Disable partition scanning by default. The in-kernel partition
1820         * scanning can be requested individually per-device during its
1821         * setup. Userspace can always add and remove partitions from all
1822         * devices. The needed partition minors are allocated from the
1823         * extended minor space, the main loop device numbers will continue
1824         * to match the loop minors, regardless of the number of partitions
1825         * used.
1826         *
1827         * If max_part is given, partition scanning is globally enabled for
1828         * all loop devices. The minors for the main loop devices will be
1829         * multiples of max_part.
1830         *
1831         * Note: Global-for-all-devices, set-only-at-init, read-only module
1832         * parameteters like 'max_loop' and 'max_part' make things needlessly
1833         * complicated, are too static, inflexible and may surprise
1834         * userspace tools. Parameters like this in general should be avoided.
1835         */
1836        if (!part_shift)
1837                disk->flags |= GENHD_FL_NO_PART_SCAN;
1838        disk->flags |= GENHD_FL_EXT_DEVT;
1839        mutex_init(&lo->lo_ctl_mutex);
1840        atomic_set(&lo->lo_refcnt, 0);
1841        lo->lo_number           = i;
1842        spin_lock_init(&lo->lo_lock);
1843        disk->major             = LOOP_MAJOR;
1844        disk->first_minor       = i << part_shift;
1845        disk->fops              = &lo_fops;
1846        disk->private_data      = lo;
1847        disk->queue             = lo->lo_queue;
1848        sprintf(disk->disk_name, "loop%d", i);
1849        add_disk(disk);
1850        *l = lo;
1851        return lo->lo_number;
1852
1853out_free_queue:
1854        blk_cleanup_queue(lo->lo_queue);
1855out_cleanup_tags:
1856        blk_mq_free_tag_set(&lo->tag_set);
1857out_free_idr:
1858        idr_remove(&loop_index_idr, i);
1859out_free_dev:
1860        kfree(lo);
1861out:
1862        return err;
1863}
1864
1865static void loop_remove(struct loop_device *lo)
1866{
1867        blk_cleanup_queue(lo->lo_queue);
1868        del_gendisk(lo->lo_disk);
1869        blk_mq_free_tag_set(&lo->tag_set);
1870        put_disk(lo->lo_disk);
1871        kfree(lo);
1872}
1873
1874static int find_free_cb(int id, void *ptr, void *data)
1875{
1876        struct loop_device *lo = ptr;
1877        struct loop_device **l = data;
1878
1879        if (lo->lo_state == Lo_unbound) {
1880                *l = lo;
1881                return 1;
1882        }
1883        return 0;
1884}
1885
1886static int loop_lookup(struct loop_device **l, int i)
1887{
1888        struct loop_device *lo;
1889        int ret = -ENODEV;
1890
1891        if (i < 0) {
1892                int err;
1893
1894                err = idr_for_each(&loop_index_idr, &find_free_cb, &lo);
1895                if (err == 1) {
1896                        *l = lo;
1897                        ret = lo->lo_number;
1898                }
1899                goto out;
1900        }
1901
1902        /* lookup and return a specific i */
1903        lo = idr_find(&loop_index_idr, i);
1904        if (lo) {
1905                *l = lo;
1906                ret = lo->lo_number;
1907        }
1908out:
1909        return ret;
1910}
1911
1912static struct kobject *loop_probe(dev_t dev, int *part, void *data)
1913{
1914        struct loop_device *lo;
1915        struct kobject *kobj;
1916        int err;
1917
1918        mutex_lock(&loop_index_mutex);
1919        err = loop_lookup(&lo, MINOR(dev) >> part_shift);
1920        if (err < 0)
1921                err = loop_add(&lo, MINOR(dev) >> part_shift);
1922        if (err < 0)
1923                kobj = NULL;
1924        else
1925                kobj = get_disk(lo->lo_disk);
1926        mutex_unlock(&loop_index_mutex);
1927
1928        *part = 0;
1929        return kobj;
1930}
1931
1932static long loop_control_ioctl(struct file *file, unsigned int cmd,
1933                               unsigned long parm)
1934{
1935        struct loop_device *lo;
1936        int ret = -ENOSYS;
1937
1938        mutex_lock(&loop_index_mutex);
1939        switch (cmd) {
1940        case LOOP_CTL_ADD:
1941                ret = loop_lookup(&lo, parm);
1942                if (ret >= 0) {
1943                        ret = -EEXIST;
1944                        break;
1945                }
1946                ret = loop_add(&lo, parm);
1947                break;
1948        case LOOP_CTL_REMOVE:
1949                ret = loop_lookup(&lo, parm);
1950                if (ret < 0)
1951                        break;
1952                mutex_lock(&lo->lo_ctl_mutex);
1953                if (lo->lo_state != Lo_unbound) {
1954                        ret = -EBUSY;
1955                        mutex_unlock(&lo->lo_ctl_mutex);
1956                        break;
1957                }
1958                if (atomic_read(&lo->lo_refcnt) > 0) {
1959                        ret = -EBUSY;
1960                        mutex_unlock(&lo->lo_ctl_mutex);
1961                        break;
1962                }
1963                lo->lo_disk->private_data = NULL;
1964                mutex_unlock(&lo->lo_ctl_mutex);
1965                idr_remove(&loop_index_idr, lo->lo_number);
1966                loop_remove(lo);
1967                break;
1968        case LOOP_CTL_GET_FREE:
1969                ret = loop_lookup(&lo, -1);
1970                if (ret >= 0)
1971                        break;
1972                ret = loop_add(&lo, -1);
1973        }
1974        mutex_unlock(&loop_index_mutex);
1975
1976        return ret;
1977}
1978
1979static const struct file_operations loop_ctl_fops = {
1980        .open           = nonseekable_open,
1981        .unlocked_ioctl = loop_control_ioctl,
1982        .compat_ioctl   = loop_control_ioctl,
1983        .owner          = THIS_MODULE,
1984        .llseek         = noop_llseek,
1985};
1986
1987static struct miscdevice loop_misc = {
1988        .minor          = LOOP_CTRL_MINOR,
1989        .name           = "loop-control",
1990        .fops           = &loop_ctl_fops,
1991};
1992
1993MODULE_ALIAS_MISCDEV(LOOP_CTRL_MINOR);
1994MODULE_ALIAS("devname:loop-control");
1995
1996static int __init loop_init(void)
1997{
1998        int i, nr;
1999        unsigned long range;
2000        struct loop_device *lo;
2001        int err;
2002
2003        part_shift = 0;
2004        if (max_part > 0) {
2005                part_shift = fls(max_part);
2006
2007                /*
2008                 * Adjust max_part according to part_shift as it is exported
2009                 * to user space so that user can decide correct minor number
2010                 * if [s]he want to create more devices.
2011                 *
2012                 * Note that -1 is required because partition 0 is reserved
2013                 * for the whole disk.
2014                 */
2015                max_part = (1UL << part_shift) - 1;
2016        }
2017
2018        if ((1UL << part_shift) > DISK_MAX_PARTS) {
2019                err = -EINVAL;
2020                goto err_out;
2021        }
2022
2023        if (max_loop > 1UL << (MINORBITS - part_shift)) {
2024                err = -EINVAL;
2025                goto err_out;
2026        }
2027
2028        /*
2029         * If max_loop is specified, create that many devices upfront.
2030         * This also becomes a hard limit. If max_loop is not specified,
2031         * create CONFIG_BLK_DEV_LOOP_MIN_COUNT loop devices at module
2032         * init time. Loop devices can be requested on-demand with the
2033         * /dev/loop-control interface, or be instantiated by accessing
2034         * a 'dead' device node.
2035         */
2036        if (max_loop) {
2037                nr = max_loop;
2038                range = max_loop << part_shift;
2039        } else {
2040                nr = CONFIG_BLK_DEV_LOOP_MIN_COUNT;
2041                range = 1UL << MINORBITS;
2042        }
2043
2044        err = misc_register(&loop_misc);
2045        if (err < 0)
2046                goto err_out;
2047
2048
2049        if (register_blkdev(LOOP_MAJOR, "loop")) {
2050                err = -EIO;
2051                goto misc_out;
2052        }
2053
2054        blk_register_region(MKDEV(LOOP_MAJOR, 0), range,
2055                                  THIS_MODULE, loop_probe, NULL, NULL);
2056
2057        /* pre-create number of devices given by config or max_loop */
2058        mutex_lock(&loop_index_mutex);
2059        for (i = 0; i < nr; i++)
2060                loop_add(&lo, i);
2061        mutex_unlock(&loop_index_mutex);
2062
2063        printk(KERN_INFO "loop: module loaded\n");
2064        return 0;
2065
2066misc_out:
2067        misc_deregister(&loop_misc);
2068err_out:
2069        return err;
2070}
2071
2072static int loop_exit_cb(int id, void *ptr, void *data)
2073{
2074        struct loop_device *lo = ptr;
2075
2076        loop_remove(lo);
2077        return 0;
2078}
2079
2080static void __exit loop_exit(void)
2081{
2082        unsigned long range;
2083
2084        range = max_loop ? max_loop << part_shift : 1UL << MINORBITS;
2085
2086        idr_for_each(&loop_index_idr, &loop_exit_cb, NULL);
2087        idr_destroy(&loop_index_idr);
2088
2089        blk_unregister_region(MKDEV(LOOP_MAJOR, 0), range);
2090        unregister_blkdev(LOOP_MAJOR, "loop");
2091
2092        misc_deregister(&loop_misc);
2093}
2094
2095module_init(loop_init);
2096module_exit(loop_exit);
2097
2098#ifndef MODULE
2099static int __init max_loop_setup(char *str)
2100{
2101        max_loop = simple_strtol(str, NULL, 0);
2102        return 1;
2103}
2104
2105__setup("max_loop=", max_loop_setup);
2106#endif
2107
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.