linux/drivers/block/loop.c
<<
>>
Prefs
   1/*
   2 *  linux/drivers/block/loop.c
   3 *
   4 *  Written by Theodore Ts'o, 3/29/93
   5 *
   6 * Copyright 1993 by Theodore Ts'o.  Redistribution of this file is
   7 * permitted under the GNU General Public License.
   8 *
   9 * DES encryption plus some minor changes by Werner Almesberger, 30-MAY-1993
  10 * more DES encryption plus IDEA encryption by Nicholas J. Leon, June 20, 1996
  11 *
  12 * Modularized and updated for 1.1.16 kernel - Mitch Dsouza 28th May 1994
  13 * Adapted for 1.3.59 kernel - Andries Brouwer, 1 Feb 1996
  14 *
  15 * Fixed do_loop_request() re-entrancy - Vincent.Renardias@waw.com Mar 20, 1997
  16 *
  17 * Added devfs support - Richard Gooch <rgooch@atnf.csiro.au> 16-Jan-1998
  18 *
  19 * Handle sparse backing files correctly - Kenn Humborg, Jun 28, 1998
  20 *
  21 * Loadable modules and other fixes by AK, 1998
  22 *
  23 * Make real block number available to downstream transfer functions, enables
  24 * CBC (and relatives) mode encryption requiring unique IVs per data block.
  25 * Reed H. Petty, rhp@draper.net
  26 *
  27 * Maximum number of loop devices now dynamic via max_loop module parameter.
  28 * Russell Kroll <rkroll@exploits.org> 19990701
  29 *
  30 * Maximum number of loop devices when compiled-in now selectable by passing
  31 * max_loop=<1-255> to the kernel on boot.
  32 * Erik I. Bolsø, <eriki@himolde.no>, Oct 31, 1999
  33 *
  34 * Completely rewrite request handling to be make_request_fn style and
  35 * non blocking, pushing work to a helper thread. Lots of fixes from
  36 * Al Viro too.
  37 * Jens Axboe <axboe@suse.de>, Nov 2000
  38 *
  39 * Support up to 256 loop devices
  40 * Heinz Mauelshagen <mge@sistina.com>, Feb 2002
  41 *
  42 * Support for falling back on the write file operation when the address space
  43 * operations write_begin is not available on the backing filesystem.
  44 * Anton Altaparmakov, 16 Feb 2005
  45 *
  46 * Still To Fix:
  47 * - Advisory locking is ignored here.
  48 * - Should use an own CAP_* category instead of CAP_SYS_ADMIN
  49 *
  50 */
  51
  52#include <linux/module.h>
  53#include <linux/moduleparam.h>
  54#include <linux/sched.h>
  55#include <linux/fs.h>
  56#include <linux/file.h>
  57#include <linux/stat.h>
  58#include <linux/errno.h>
  59#include <linux/major.h>
  60#include <linux/wait.h>
  61#include <linux/blkdev.h>
  62#include <linux/blkpg.h>
  63#include <linux/init.h>
  64#include <linux/swap.h>
  65#include <linux/slab.h>
  66#include <linux/compat.h>
  67#include <linux/suspend.h>
  68#include <linux/freezer.h>
  69#include <linux/mutex.h>
  70#include <linux/writeback.h>
  71#include <linux/completion.h>
  72#include <linux/highmem.h>
  73#include <linux/kthread.h>
  74#include <linux/splice.h>
  75#include <linux/sysfs.h>
  76#include <linux/miscdevice.h>
  77#include <linux/falloc.h>
  78#include "loop.h"
  79
  80#include <asm/uaccess.h>
  81
  82static DEFINE_IDR(loop_index_idr);
  83static DEFINE_MUTEX(loop_index_mutex);
  84
  85static int max_part;
  86static int part_shift;
  87
  88/*
  89 * Transfer functions
  90 */
  91static int transfer_none(struct loop_device *lo, int cmd,
  92                         struct page *raw_page, unsigned raw_off,
  93                         struct page *loop_page, unsigned loop_off,
  94                         int size, sector_t real_block)
  95{
  96        char *raw_buf = kmap_atomic(raw_page) + raw_off;
  97        char *loop_buf = kmap_atomic(loop_page) + loop_off;
  98
  99        if (cmd == READ)
 100                memcpy(loop_buf, raw_buf, size);
 101        else
 102                memcpy(raw_buf, loop_buf, size);
 103
 104        kunmap_atomic(loop_buf);
 105        kunmap_atomic(raw_buf);
 106        cond_resched();
 107        return 0;
 108}
 109
 110static int transfer_xor(struct loop_device *lo, int cmd,
 111                        struct page *raw_page, unsigned raw_off,
 112                        struct page *loop_page, unsigned loop_off,
 113                        int size, sector_t real_block)
 114{
 115        char *raw_buf = kmap_atomic(raw_page) + raw_off;
 116        char *loop_buf = kmap_atomic(loop_page) + loop_off;
 117        char *in, *out, *key;
 118        int i, keysize;
 119
 120        if (cmd == READ) {
 121                in = raw_buf;
 122                out = loop_buf;
 123        } else {
 124                in = loop_buf;
 125                out = raw_buf;
 126        }
 127
 128        key = lo->lo_encrypt_key;
 129        keysize = lo->lo_encrypt_key_size;
 130        for (i = 0; i < size; i++)
 131                *out++ = *in++ ^ key[(i & 511) % keysize];
 132
 133        kunmap_atomic(loop_buf);
 134        kunmap_atomic(raw_buf);
 135        cond_resched();
 136        return 0;
 137}
 138
 139static int xor_init(struct loop_device *lo, const struct loop_info64 *info)
 140{
 141        if (unlikely(info->lo_encrypt_key_size <= 0))
 142                return -EINVAL;
 143        return 0;
 144}
 145
 146static struct loop_func_table none_funcs = {
 147        .number = LO_CRYPT_NONE,
 148        .transfer = transfer_none,
 149};      
 150
 151static struct loop_func_table xor_funcs = {
 152        .number = LO_CRYPT_XOR,
 153        .transfer = transfer_xor,
 154        .init = xor_init
 155};      
 156
 157/* xfer_funcs[0] is special - its release function is never called */
 158static struct loop_func_table *xfer_funcs[MAX_LO_CRYPT] = {
 159        &none_funcs,
 160        &xor_funcs
 161};
 162
 163static loff_t get_size(loff_t offset, loff_t sizelimit, struct file *file)
 164{
 165        loff_t loopsize;
 166
 167        /* Compute loopsize in bytes */
 168        loopsize = i_size_read(file->f_mapping->host);
 169        if (offset > 0)
 170                loopsize -= offset;
 171        /* offset is beyond i_size, weird but possible */
 172        if (loopsize < 0)
 173                return 0;
 174
 175        if (sizelimit > 0 && sizelimit < loopsize)
 176                loopsize = sizelimit;
 177        /*
 178         * Unfortunately, if we want to do I/O on the device,
 179         * the number of 512-byte sectors has to fit into a sector_t.
 180         */
 181        return loopsize >> 9;
 182}
 183
 184static loff_t get_loop_size(struct loop_device *lo, struct file *file)
 185{
 186        return get_size(lo->lo_offset, lo->lo_sizelimit, file);
 187}
 188
 189static int
 190figure_loop_size(struct loop_device *lo, loff_t offset, loff_t sizelimit)
 191{
 192        loff_t size = get_size(offset, sizelimit, lo->lo_backing_file);
 193        sector_t x = (sector_t)size;
 194        struct block_device *bdev = lo->lo_device;
 195
 196        if (unlikely((loff_t)x != size))
 197                return -EFBIG;
 198        if (lo->lo_offset != offset)
 199                lo->lo_offset = offset;
 200        if (lo->lo_sizelimit != sizelimit)
 201                lo->lo_sizelimit = sizelimit;
 202        set_capacity(lo->lo_disk, x);
 203        bd_set_size(bdev, (loff_t)get_capacity(bdev->bd_disk) << 9);
 204        /* let user-space know about the new size */
 205        kobject_uevent(&disk_to_dev(bdev->bd_disk)->kobj, KOBJ_CHANGE);
 206        return 0;
 207}
 208
 209static inline int
 210lo_do_transfer(struct loop_device *lo, int cmd,
 211               struct page *rpage, unsigned roffs,
 212               struct page *lpage, unsigned loffs,
 213               int size, sector_t rblock)
 214{
 215        if (unlikely(!lo->transfer))
 216                return 0;
 217
 218        return lo->transfer(lo, cmd, rpage, roffs, lpage, loffs, size, rblock);
 219}
 220
 221/**
 222 * __do_lo_send_write - helper for writing data to a loop device
 223 *
 224 * This helper just factors out common code between do_lo_send_direct_write()
 225 * and do_lo_send_write().
 226 */
 227static int __do_lo_send_write(struct file *file,
 228                u8 *buf, const int len, loff_t pos)
 229{
 230        ssize_t bw;
 231        mm_segment_t old_fs = get_fs();
 232
 233        file_start_write(file);
 234        set_fs(get_ds());
 235        bw = file->f_op->write(file, buf, len, &pos);
 236        set_fs(old_fs);
 237        file_end_write(file);
 238        if (likely(bw == len))
 239                return 0;
 240        printk(KERN_ERR "loop: Write error at byte offset %llu, length %i.\n",
 241                        (unsigned long long)pos, len);
 242        if (bw >= 0)
 243                bw = -EIO;
 244        return bw;
 245}
 246
 247/**
 248 * do_lo_send_direct_write - helper for writing data to a loop device
 249 *
 250 * This is the fast, non-transforming version that does not need double
 251 * buffering.
 252 */
 253static int do_lo_send_direct_write(struct loop_device *lo,
 254                struct bio_vec *bvec, loff_t pos, struct page *page)
 255{
 256        ssize_t bw = __do_lo_send_write(lo->lo_backing_file,
 257                        kmap(bvec->bv_page) + bvec->bv_offset,
 258                        bvec->bv_len, pos);
 259        kunmap(bvec->bv_page);
 260        cond_resched();
 261        return bw;
 262}
 263
 264/**
 265 * do_lo_send_write - helper for writing data to a loop device
 266 *
 267 * This is the slow, transforming version that needs to double buffer the
 268 * data as it cannot do the transformations in place without having direct
 269 * access to the destination pages of the backing file.
 270 */
 271static int do_lo_send_write(struct loop_device *lo, struct bio_vec *bvec,
 272                loff_t pos, struct page *page)
 273{
 274        int ret = lo_do_transfer(lo, WRITE, page, 0, bvec->bv_page,
 275                        bvec->bv_offset, bvec->bv_len, pos >> 9);
 276        if (likely(!ret))
 277                return __do_lo_send_write(lo->lo_backing_file,
 278                                page_address(page), bvec->bv_len,
 279                                pos);
 280        printk(KERN_ERR "loop: Transfer error at byte offset %llu, "
 281                        "length %i.\n", (unsigned long long)pos, bvec->bv_len);
 282        if (ret > 0)
 283                ret = -EIO;
 284        return ret;
 285}
 286
 287static int lo_send(struct loop_device *lo, struct bio *bio, loff_t pos)
 288{
 289        int (*do_lo_send)(struct loop_device *, struct bio_vec *, loff_t,
 290                        struct page *page);
 291        struct bio_vec bvec;
 292        struct bvec_iter iter;
 293        struct page *page = NULL;
 294        int ret = 0;
 295
 296        if (lo->transfer != transfer_none) {
 297                page = alloc_page(GFP_NOIO | __GFP_HIGHMEM);
 298                if (unlikely(!page))
 299                        goto fail;
 300                kmap(page);
 301                do_lo_send = do_lo_send_write;
 302        } else {
 303                do_lo_send = do_lo_send_direct_write;
 304        }
 305
 306        bio_for_each_segment(bvec, bio, iter) {
 307                ret = do_lo_send(lo, &bvec, pos, page);
 308                if (ret < 0)
 309                        break;
 310                pos += bvec.bv_len;
 311        }
 312        if (page) {
 313                kunmap(page);
 314                __free_page(page);
 315        }
 316out:
 317        return ret;
 318fail:
 319        printk(KERN_ERR "loop: Failed to allocate temporary page for write.\n");
 320        ret = -ENOMEM;
 321        goto out;
 322}
 323
 324struct lo_read_data {
 325        struct loop_device *lo;
 326        struct page *page;
 327        unsigned offset;
 328        int bsize;
 329};
 330
 331static int
 332lo_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
 333                struct splice_desc *sd)
 334{
 335        struct lo_read_data *p = sd->u.data;
 336        struct loop_device *lo = p->lo;
 337        struct page *page = buf->page;
 338        sector_t IV;
 339        int size;
 340
 341        IV = ((sector_t) page->index << (PAGE_CACHE_SHIFT - 9)) +
 342                                                        (buf->offset >> 9);
 343        size = sd->len;
 344        if (size > p->bsize)
 345                size = p->bsize;
 346
 347        if (lo_do_transfer(lo, READ, page, buf->offset, p->page, p->offset, size, IV)) {
 348                printk(KERN_ERR "loop: transfer error block %ld\n",
 349                       page->index);
 350                size = -EINVAL;
 351        }
 352
 353        flush_dcache_page(p->page);
 354
 355        if (size > 0)
 356                p->offset += size;
 357
 358        return size;
 359}
 360
 361static int
 362lo_direct_splice_actor(struct pipe_inode_info *pipe, struct splice_desc *sd)
 363{
 364        return __splice_from_pipe(pipe, sd, lo_splice_actor);
 365}
 366
 367static ssize_t
 368do_lo_receive(struct loop_device *lo,
 369              struct bio_vec *bvec, int bsize, loff_t pos)
 370{
 371        struct lo_read_data cookie;
 372        struct splice_desc sd;
 373        struct file *file;
 374        ssize_t retval;
 375
 376        cookie.lo = lo;
 377        cookie.page = bvec->bv_page;
 378        cookie.offset = bvec->bv_offset;
 379        cookie.bsize = bsize;
 380
 381        sd.len = 0;
 382        sd.total_len = bvec->bv_len;
 383        sd.flags = 0;
 384        sd.pos = pos;
 385        sd.u.data = &cookie;
 386
 387        file = lo->lo_backing_file;
 388        retval = splice_direct_to_actor(file, &sd, lo_direct_splice_actor);
 389
 390        return retval;
 391}
 392
 393static int
 394lo_receive(struct loop_device *lo, struct bio *bio, int bsize, loff_t pos)
 395{
 396        struct bio_vec bvec;
 397        struct bvec_iter iter;
 398        ssize_t s;
 399
 400        bio_for_each_segment(bvec, bio, iter) {
 401                s = do_lo_receive(lo, &bvec, bsize, pos);
 402                if (s < 0)
 403                        return s;
 404
 405                if (s != bvec.bv_len) {
 406                        zero_fill_bio(bio);
 407                        break;
 408                }
 409                pos += bvec.bv_len;
 410        }
 411        return 0;
 412}
 413
 414static int do_bio_filebacked(struct loop_device *lo, struct bio *bio)
 415{
 416        loff_t pos;
 417        int ret;
 418
 419        pos = ((loff_t) bio->bi_iter.bi_sector << 9) + lo->lo_offset;
 420
 421        if (bio_rw(bio) == WRITE) {
 422                struct file *file = lo->lo_backing_file;
 423
 424                if (bio->bi_rw & REQ_FLUSH) {
 425                        ret = vfs_fsync(file, 0);
 426                        if (unlikely(ret && ret != -EINVAL)) {
 427                                ret = -EIO;
 428                                goto out;
 429                        }
 430                }
 431
 432                /*
 433                 * We use punch hole to reclaim the free space used by the
 434                 * image a.k.a. discard. However we do not support discard if
 435                 * encryption is enabled, because it may give an attacker
 436                 * useful information.
 437                 */
 438                if (bio->bi_rw & REQ_DISCARD) {
 439                        struct file *file = lo->lo_backing_file;
 440                        int mode = FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE;
 441
 442                        if ((!file->f_op->fallocate) ||
 443                            lo->lo_encrypt_key_size) {
 444                                ret = -EOPNOTSUPP;
 445                                goto out;
 446                        }
 447                        ret = file->f_op->fallocate(file, mode, pos,
 448                                                    bio->bi_iter.bi_size);
 449                        if (unlikely(ret && ret != -EINVAL &&
 450                                     ret != -EOPNOTSUPP))
 451                                ret = -EIO;
 452                        goto out;
 453                }
 454
 455                ret = lo_send(lo, bio, pos);
 456
 457                if ((bio->bi_rw & REQ_FUA) && !ret) {
 458                        ret = vfs_fsync(file, 0);
 459                        if (unlikely(ret && ret != -EINVAL))
 460                                ret = -EIO;
 461                }
 462        } else
 463                ret = lo_receive(lo, bio, lo->lo_blocksize, pos);
 464
 465out:
 466        return ret;
 467}
 468
 469/*
 470 * Add bio to back of pending list
 471 */
 472static void loop_add_bio(struct loop_device *lo, struct bio *bio)
 473{
 474        lo->lo_bio_count++;
 475        bio_list_add(&lo->lo_bio_list, bio);
 476}
 477
 478/*
 479 * Grab first pending buffer
 480 */
 481static struct bio *loop_get_bio(struct loop_device *lo)
 482{
 483        lo->lo_bio_count--;
 484        return bio_list_pop(&lo->lo_bio_list);
 485}
 486
 487static void loop_make_request(struct request_queue *q, struct bio *old_bio)
 488{
 489        struct loop_device *lo = q->queuedata;
 490        int rw = bio_rw(old_bio);
 491
 492        if (rw == READA)
 493                rw = READ;
 494
 495        BUG_ON(!lo || (rw != READ && rw != WRITE));
 496
 497        spin_lock_irq(&lo->lo_lock);
 498        if (lo->lo_state != Lo_bound)
 499                goto out;
 500        if (unlikely(rw == WRITE && (lo->lo_flags & LO_FLAGS_READ_ONLY)))
 501                goto out;
 502        if (lo->lo_bio_count >= q->nr_congestion_on)
 503                wait_event_lock_irq(lo->lo_req_wait,
 504                                    lo->lo_bio_count < q->nr_congestion_off,
 505                                    lo->lo_lock);
 506        loop_add_bio(lo, old_bio);
 507        wake_up(&lo->lo_event);
 508        spin_unlock_irq(&lo->lo_lock);
 509        return;
 510
 511out:
 512        spin_unlock_irq(&lo->lo_lock);
 513        bio_io_error(old_bio);
 514}
 515
 516struct switch_request {
 517        struct file *file;
 518        struct completion wait;
 519};
 520
 521static void do_loop_switch(struct loop_device *, struct switch_request *);
 522
 523static inline void loop_handle_bio(struct loop_device *lo, struct bio *bio)
 524{
 525        if (unlikely(!bio->bi_bdev)) {
 526                do_loop_switch(lo, bio->bi_private);
 527                bio_put(bio);
 528        } else {
 529                int ret = do_bio_filebacked(lo, bio);
 530                bio_endio(bio, ret);
 531        }
 532}
 533
 534/*
 535 * worker thread that handles reads/writes to file backed loop devices,
 536 * to avoid blocking in our make_request_fn. it also does loop decrypting
 537 * on reads for block backed loop, as that is too heavy to do from
 538 * b_end_io context where irqs may be disabled.
 539 *
 540 * Loop explanation:  loop_clr_fd() sets lo_state to Lo_rundown before
 541 * calling kthread_stop().  Therefore once kthread_should_stop() is
 542 * true, make_request will not place any more requests.  Therefore
 543 * once kthread_should_stop() is true and lo_bio is NULL, we are
 544 * done with the loop.
 545 */
 546static int loop_thread(void *data)
 547{
 548        struct loop_device *lo = data;
 549        struct bio *bio;
 550
 551        set_user_nice(current, -20);
 552
 553        while (!kthread_should_stop() || !bio_list_empty(&lo->lo_bio_list)) {
 554
 555                wait_event_interruptible(lo->lo_event,
 556                                !bio_list_empty(&lo->lo_bio_list) ||
 557                                kthread_should_stop());
 558
 559                if (bio_list_empty(&lo->lo_bio_list))
 560                        continue;
 561                spin_lock_irq(&lo->lo_lock);
 562                bio = loop_get_bio(lo);
 563                if (lo->lo_bio_count < lo->lo_queue->nr_congestion_off)
 564                        wake_up(&lo->lo_req_wait);
 565                spin_unlock_irq(&lo->lo_lock);
 566
 567                BUG_ON(!bio);
 568                loop_handle_bio(lo, bio);
 569        }
 570
 571        return 0;
 572}
 573
 574/*
 575 * loop_switch performs the hard work of switching a backing store.
 576 * First it needs to flush existing IO, it does this by sending a magic
 577 * BIO down the pipe. The completion of this BIO does the actual switch.
 578 */
 579static int loop_switch(struct loop_device *lo, struct file *file)
 580{
 581        struct switch_request w;
 582        struct bio *bio = bio_alloc(GFP_KERNEL, 0);
 583        if (!bio)
 584                return -ENOMEM;
 585        init_completion(&w.wait);
 586        w.file = file;
 587        bio->bi_private = &w;
 588        bio->bi_bdev = NULL;
 589        loop_make_request(lo->lo_queue, bio);
 590        wait_for_completion(&w.wait);
 591        return 0;
 592}
 593
 594/*
 595 * Helper to flush the IOs in loop, but keeping loop thread running
 596 */
 597static int loop_flush(struct loop_device *lo)
 598{
 599        /* loop not yet configured, no running thread, nothing to flush */
 600        if (!lo->lo_thread)
 601                return 0;
 602
 603        return loop_switch(lo, NULL);
 604}
 605
 606/*
 607 * Do the actual switch; called from the BIO completion routine
 608 */
 609static void do_loop_switch(struct loop_device *lo, struct switch_request *p)
 610{
 611        struct file *file = p->file;
 612        struct file *old_file = lo->lo_backing_file;
 613        struct address_space *mapping;
 614
 615        /* if no new file, only flush of queued bios requested */
 616        if (!file)
 617                goto out;
 618
 619        mapping = file->f_mapping;
 620        mapping_set_gfp_mask(old_file->f_mapping, lo->old_gfp_mask);
 621        lo->lo_backing_file = file;
 622        lo->lo_blocksize = S_ISBLK(mapping->host->i_mode) ?
 623                mapping->host->i_bdev->bd_block_size : PAGE_SIZE;
 624        lo->old_gfp_mask = mapping_gfp_mask(mapping);
 625        mapping_set_gfp_mask(mapping, lo->old_gfp_mask & ~(__GFP_IO|__GFP_FS));
 626out:
 627        complete(&p->wait);
 628}
 629
 630
 631/*
 632 * loop_change_fd switched the backing store of a loopback device to
 633 * a new file. This is useful for operating system installers to free up
 634 * the original file and in High Availability environments to switch to
 635 * an alternative location for the content in case of server meltdown.
 636 * This can only work if the loop device is used read-only, and if the
 637 * new backing store is the same size and type as the old backing store.
 638 */
 639static int loop_change_fd(struct loop_device *lo, struct block_device *bdev,
 640                          unsigned int arg)
 641{
 642        struct file     *file, *old_file;
 643        struct inode    *inode;
 644        int             error;
 645
 646        error = -ENXIO;
 647        if (lo->lo_state != Lo_bound)
 648                goto out;
 649
 650        /* the loop device has to be read-only */
 651        error = -EINVAL;
 652        if (!(lo->lo_flags & LO_FLAGS_READ_ONLY))
 653                goto out;
 654
 655        error = -EBADF;
 656        file = fget(arg);
 657        if (!file)
 658                goto out;
 659
 660        inode = file->f_mapping->host;
 661        old_file = lo->lo_backing_file;
 662
 663        error = -EINVAL;
 664
 665        if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
 666                goto out_putf;
 667
 668        /* size of the new backing store needs to be the same */
 669        if (get_loop_size(lo, file) != get_loop_size(lo, old_file))
 670                goto out_putf;
 671
 672        /* and ... switch */
 673        error = loop_switch(lo, file);
 674        if (error)
 675                goto out_putf;
 676
 677        fput(old_file);
 678        if (lo->lo_flags & LO_FLAGS_PARTSCAN)
 679                ioctl_by_bdev(bdev, BLKRRPART, 0);
 680        return 0;
 681
 682 out_putf:
 683        fput(file);
 684 out:
 685        return error;
 686}
 687
 688static inline int is_loop_device(struct file *file)
 689{
 690        struct inode *i = file->f_mapping->host;
 691
 692        return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR;
 693}
 694
 695/* loop sysfs attributes */
 696
 697static ssize_t loop_attr_show(struct device *dev, char *page,
 698                              ssize_t (*callback)(struct loop_device *, char *))
 699{
 700        struct gendisk *disk = dev_to_disk(dev);
 701        struct loop_device *lo = disk->private_data;
 702
 703        return callback(lo, page);
 704}
 705
 706#define LOOP_ATTR_RO(_name)                                             \
 707static ssize_t loop_attr_##_name##_show(struct loop_device *, char *);  \
 708static ssize_t loop_attr_do_show_##_name(struct device *d,              \
 709                                struct device_attribute *attr, char *b) \
 710{                                                                       \
 711        return loop_attr_show(d, b, loop_attr_##_name##_show);          \
 712}                                                                       \
 713static struct device_attribute loop_attr_##_name =                      \
 714        __ATTR(_name, S_IRUGO, loop_attr_do_show_##_name, NULL);
 715
 716static ssize_t loop_attr_backing_file_show(struct loop_device *lo, char *buf)
 717{
 718        ssize_t ret;
 719        char *p = NULL;
 720
 721        spin_lock_irq(&lo->lo_lock);
 722        if (lo->lo_backing_file)
 723                p = d_path(&lo->lo_backing_file->f_path, buf, PAGE_SIZE - 1);
 724        spin_unlock_irq(&lo->lo_lock);
 725
 726        if (IS_ERR_OR_NULL(p))
 727                ret = PTR_ERR(p);
 728        else {
 729                ret = strlen(p);
 730                memmove(buf, p, ret);
 731                buf[ret++] = '\n';
 732                buf[ret] = 0;
 733        }
 734
 735        return ret;
 736}
 737
 738static ssize_t loop_attr_offset_show(struct loop_device *lo, char *buf)
 739{
 740        return sprintf(buf, "%llu\n", (unsigned long long)lo->lo_offset);
 741}
 742
 743static ssize_t loop_attr_sizelimit_show(struct loop_device *lo, char *buf)
 744{
 745        return sprintf(buf, "%llu\n", (unsigned long long)lo->lo_sizelimit);
 746}
 747
 748static ssize_t loop_attr_autoclear_show(struct loop_device *lo, char *buf)
 749{
 750        int autoclear = (lo->lo_flags & LO_FLAGS_AUTOCLEAR);
 751
 752        return sprintf(buf, "%s\n", autoclear ? "1" : "0");
 753}
 754
 755static ssize_t loop_attr_partscan_show(struct loop_device *lo, char *buf)
 756{
 757        int partscan = (lo->lo_flags & LO_FLAGS_PARTSCAN);
 758
 759        return sprintf(buf, "%s\n", partscan ? "1" : "0");
 760}
 761
 762LOOP_ATTR_RO(backing_file);
 763LOOP_ATTR_RO(offset);
 764LOOP_ATTR_RO(sizelimit);
 765LOOP_ATTR_RO(autoclear);
 766LOOP_ATTR_RO(partscan);
 767
 768static struct attribute *loop_attrs[] = {
 769        &loop_attr_backing_file.attr,
 770        &loop_attr_offset.attr,
 771        &loop_attr_sizelimit.attr,
 772        &loop_attr_autoclear.attr,
 773        &loop_attr_partscan.attr,
 774        NULL,
 775};
 776
 777static struct attribute_group loop_attribute_group = {
 778        .name = "loop",
 779        .attrs= loop_attrs,
 780};
 781
 782static int loop_sysfs_init(struct loop_device *lo)
 783{
 784        return sysfs_create_group(&disk_to_dev(lo->lo_disk)->kobj,
 785                                  &loop_attribute_group);
 786}
 787
 788static void loop_sysfs_exit(struct loop_device *lo)
 789{
 790        sysfs_remove_group(&disk_to_dev(lo->lo_disk)->kobj,
 791                           &loop_attribute_group);
 792}
 793
 794static void loop_config_discard(struct loop_device *lo)
 795{
 796        struct file *file = lo->lo_backing_file;
 797        struct inode *inode = file->f_mapping->host;
 798        struct request_queue *q = lo->lo_queue;
 799
 800        /*
 801         * We use punch hole to reclaim the free space used by the
 802         * image a.k.a. discard. However we do not support discard if
 803         * encryption is enabled, because it may give an attacker
 804         * useful information.
 805         */
 806        if ((!file->f_op->fallocate) ||
 807            lo->lo_encrypt_key_size) {
 808                q->limits.discard_granularity = 0;
 809                q->limits.discard_alignment = 0;
 810                q->limits.max_discard_sectors = 0;
 811                q->limits.discard_zeroes_data = 0;
 812                queue_flag_clear_unlocked(QUEUE_FLAG_DISCARD, q);
 813                return;
 814        }
 815
 816        q->limits.discard_granularity = inode->i_sb->s_blocksize;
 817        q->limits.discard_alignment = 0;
 818        q->limits.max_discard_sectors = UINT_MAX >> 9;
 819        q->limits.discard_zeroes_data = 1;
 820        queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, q);
 821}
 822
 823static int loop_set_fd(struct loop_device *lo, fmode_t mode,
 824                       struct block_device *bdev, unsigned int arg)
 825{
 826        struct file     *file, *f;
 827        struct inode    *inode;
 828        struct address_space *mapping;
 829        unsigned lo_blocksize;
 830        int             lo_flags = 0;
 831        int             error;
 832        loff_t          size;
 833
 834        /* This is safe, since we have a reference from open(). */
 835        __module_get(THIS_MODULE);
 836
 837        error = -EBADF;
 838        file = fget(arg);
 839        if (!file)
 840                goto out;
 841
 842        error = -EBUSY;
 843        if (lo->lo_state != Lo_unbound)
 844                goto out_putf;
 845
 846        /* Avoid recursion */
 847        f = file;
 848        while (is_loop_device(f)) {
 849                struct loop_device *l;
 850
 851                if (f->f_mapping->host->i_bdev == bdev)
 852                        goto out_putf;
 853
 854                l = f->f_mapping->host->i_bdev->bd_disk->private_data;
 855                if (l->lo_state == Lo_unbound) {
 856                        error = -EINVAL;
 857                        goto out_putf;
 858                }
 859                f = l->lo_backing_file;
 860        }
 861
 862        mapping = file->f_mapping;
 863        inode = mapping->host;
 864
 865        error = -EINVAL;
 866        if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
 867                goto out_putf;
 868
 869        if (!(file->f_mode & FMODE_WRITE) || !(mode & FMODE_WRITE) ||
 870            !file->f_op->write)
 871                lo_flags |= LO_FLAGS_READ_ONLY;
 872
 873        lo_blocksize = S_ISBLK(inode->i_mode) ?
 874                inode->i_bdev->bd_block_size : PAGE_SIZE;
 875
 876        error = -EFBIG;
 877        size = get_loop_size(lo, file);
 878        if ((loff_t)(sector_t)size != size)
 879                goto out_putf;
 880
 881        error = 0;
 882
 883        set_device_ro(bdev, (lo_flags & LO_FLAGS_READ_ONLY) != 0);
 884
 885        lo->lo_blocksize = lo_blocksize;
 886        lo->lo_device = bdev;
 887        lo->lo_flags = lo_flags;
 888        lo->lo_backing_file = file;
 889        lo->transfer = transfer_none;
 890        lo->ioctl = NULL;
 891        lo->lo_sizelimit = 0;
 892        lo->lo_bio_count = 0;
 893        lo->old_gfp_mask = mapping_gfp_mask(mapping);
 894        mapping_set_gfp_mask(mapping, lo->old_gfp_mask & ~(__GFP_IO|__GFP_FS));
 895
 896        bio_list_init(&lo->lo_bio_list);
 897
 898        if (!(lo_flags & LO_FLAGS_READ_ONLY) && file->f_op->fsync)
 899                blk_queue_flush(lo->lo_queue, REQ_FLUSH);
 900
 901        set_capacity(lo->lo_disk, size);
 902        bd_set_size(bdev, size << 9);
 903        loop_sysfs_init(lo);
 904        /* let user-space know about the new size */
 905        kobject_uevent(&disk_to_dev(bdev->bd_disk)->kobj, KOBJ_CHANGE);
 906
 907        set_blocksize(bdev, lo_blocksize);
 908
 909        lo->lo_thread = kthread_create(loop_thread, lo, "loop%d",
 910                                                lo->lo_number);
 911        if (IS_ERR(lo->lo_thread)) {
 912                error = PTR_ERR(lo->lo_thread);
 913                goto out_clr;
 914        }
 915        lo->lo_state = Lo_bound;
 916        wake_up_process(lo->lo_thread);
 917        if (part_shift)
 918                lo->lo_flags |= LO_FLAGS_PARTSCAN;
 919        if (lo->lo_flags & LO_FLAGS_PARTSCAN)
 920                ioctl_by_bdev(bdev, BLKRRPART, 0);
 921
 922        /* Grab the block_device to prevent its destruction after we
 923         * put /dev/loopXX inode. Later in loop_clr_fd() we bdput(bdev).
 924         */
 925        bdgrab(bdev);
 926        return 0;
 927
 928out_clr:
 929        loop_sysfs_exit(lo);
 930        lo->lo_thread = NULL;
 931        lo->lo_device = NULL;
 932        lo->lo_backing_file = NULL;
 933        lo->lo_flags = 0;
 934        set_capacity(lo->lo_disk, 0);
 935        invalidate_bdev(bdev);
 936        bd_set_size(bdev, 0);
 937        kobject_uevent(&disk_to_dev(bdev->bd_disk)->kobj, KOBJ_CHANGE);
 938        mapping_set_gfp_mask(mapping, lo->old_gfp_mask);
 939        lo->lo_state = Lo_unbound;
 940 out_putf:
 941        fput(file);
 942 out:
 943        /* This is safe: open() is still holding a reference. */
 944        module_put(THIS_MODULE);
 945        return error;
 946}
 947
 948static int
 949loop_release_xfer(struct loop_device *lo)
 950{
 951        int err = 0;
 952        struct loop_func_table *xfer = lo->lo_encryption;
 953
 954        if (xfer) {
 955                if (xfer->release)
 956                        err = xfer->release(lo);
 957                lo->transfer = NULL;
 958                lo->lo_encryption = NULL;
 959                module_put(xfer->owner);
 960        }
 961        return err;
 962}
 963
 964static int
 965loop_init_xfer(struct loop_device *lo, struct loop_func_table *xfer,
 966               const struct loop_info64 *i)
 967{
 968        int err = 0;
 969
 970        if (xfer) {
 971                struct module *owner = xfer->owner;
 972
 973                if (!try_module_get(owner))
 974                        return -EINVAL;
 975                if (xfer->init)
 976                        err = xfer->init(lo, i);
 977                if (err)
 978                        module_put(owner);
 979                else
 980                        lo->lo_encryption = xfer;
 981        }
 982        return err;
 983}
 984
 985static int loop_clr_fd(struct loop_device *lo)
 986{
 987        struct file *filp = lo->lo_backing_file;
 988        gfp_t gfp = lo->old_gfp_mask;
 989        struct block_device *bdev = lo->lo_device;
 990
 991        if (lo->lo_state != Lo_bound)
 992                return -ENXIO;
 993
 994        /*
 995         * If we've explicitly asked to tear down the loop device,
 996         * and it has an elevated reference count, set it for auto-teardown when
 997         * the last reference goes away. This stops $!~#$@ udev from
 998         * preventing teardown because it decided that it needs to run blkid on
 999         * the loopback device whenever they appear. xfstests is notorious for
1000         * failing tests because blkid via udev races with a losetup
1001         * <dev>/do something like mkfs/losetup -d <dev> causing the losetup -d
1002         * command to fail with EBUSY.
1003         */
1004        if (lo->lo_refcnt > 1) {
1005                lo->lo_flags |= LO_FLAGS_AUTOCLEAR;
1006                mutex_unlock(&lo->lo_ctl_mutex);
1007                return 0;
1008        }
1009
1010        if (filp == NULL)
1011                return -EINVAL;
1012
1013        spin_lock_irq(&lo->lo_lock);
1014        lo->lo_state = Lo_rundown;
1015        spin_unlock_irq(&lo->lo_lock);
1016
1017        kthread_stop(lo->lo_thread);
1018
1019        spin_lock_irq(&lo->lo_lock);
1020        lo->lo_backing_file = NULL;
1021        spin_unlock_irq(&lo->lo_lock);
1022
1023        loop_release_xfer(lo);
1024        lo->transfer = NULL;
1025        lo->ioctl = NULL;
1026        lo->lo_device = NULL;
1027        lo->lo_encryption = NULL;
1028        lo->lo_offset = 0;
1029        lo->lo_sizelimit = 0;
1030        lo->lo_encrypt_key_size = 0;
1031        lo->lo_thread = NULL;
1032        memset(lo->lo_encrypt_key, 0, LO_KEY_SIZE);
1033        memset(lo->lo_crypt_name, 0, LO_NAME_SIZE);
1034        memset(lo->lo_file_name, 0, LO_NAME_SIZE);
1035        if (bdev) {
1036                bdput(bdev);
1037                invalidate_bdev(bdev);
1038        }
1039        set_capacity(lo->lo_disk, 0);
1040        loop_sysfs_exit(lo);
1041        if (bdev) {
1042                bd_set_size(bdev, 0);
1043                /* let user-space know about this change */
1044                kobject_uevent(&disk_to_dev(bdev->bd_disk)->kobj, KOBJ_CHANGE);
1045        }
1046        mapping_set_gfp_mask(filp->f_mapping, gfp);
1047        lo->lo_state = Lo_unbound;
1048        /* This is safe: open() is still holding a reference. */
1049        module_put(THIS_MODULE);
1050        if (lo->lo_flags & LO_FLAGS_PARTSCAN && bdev)
1051                ioctl_by_bdev(bdev, BLKRRPART, 0);
1052        lo->lo_flags = 0;
1053        if (!part_shift)
1054                lo->lo_disk->flags |= GENHD_FL_NO_PART_SCAN;
1055        mutex_unlock(&lo->lo_ctl_mutex);
1056        /*
1057         * Need not hold lo_ctl_mutex to fput backing file.
1058         * Calling fput holding lo_ctl_mutex triggers a circular
1059         * lock dependency possibility warning as fput can take
1060         * bd_mutex which is usually taken before lo_ctl_mutex.
1061         */
1062        fput(filp);
1063        return 0;
1064}
1065
1066static int
1067loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
1068{
1069        int err;
1070        struct loop_func_table *xfer;
1071        kuid_t uid = current_uid();
1072
1073        if (lo->lo_encrypt_key_size &&
1074            !uid_eq(lo->lo_key_owner, uid) &&
1075            !capable(CAP_SYS_ADMIN))
1076                return -EPERM;
1077        if (lo->lo_state != Lo_bound)
1078                return -ENXIO;
1079        if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE)
1080                return -EINVAL;
1081
1082        err = loop_release_xfer(lo);
1083        if (err)
1084                return err;
1085
1086        if (info->lo_encrypt_type) {
1087                unsigned int type = info->lo_encrypt_type;
1088
1089                if (type >= MAX_LO_CRYPT)
1090                        return -EINVAL;
1091                xfer = xfer_funcs[type];
1092                if (xfer == NULL)
1093                        return -EINVAL;
1094        } else
1095                xfer = NULL;
1096
1097        err = loop_init_xfer(lo, xfer, info);
1098        if (err)
1099                return err;
1100
1101        if (lo->lo_offset != info->lo_offset ||
1102            lo->lo_sizelimit != info->lo_sizelimit)
1103                if (figure_loop_size(lo, info->lo_offset, info->lo_sizelimit))
1104                        return -EFBIG;
1105
1106        loop_config_discard(lo);
1107
1108        memcpy(lo->lo_file_name, info->lo_file_name, LO_NAME_SIZE);
1109        memcpy(lo->lo_crypt_name, info->lo_crypt_name, LO_NAME_SIZE);
1110        lo->lo_file_name[LO_NAME_SIZE-1] = 0;
1111        lo->lo_crypt_name[LO_NAME_SIZE-1] = 0;
1112
1113        if (!xfer)
1114                xfer = &none_funcs;
1115        lo->transfer = xfer->transfer;
1116        lo->ioctl = xfer->ioctl;
1117
1118        if ((lo->lo_flags & LO_FLAGS_AUTOCLEAR) !=
1119             (info->lo_flags & LO_FLAGS_AUTOCLEAR))
1120                lo->lo_flags ^= LO_FLAGS_AUTOCLEAR;
1121
1122        if ((info->lo_flags & LO_FLAGS_PARTSCAN) &&
1123             !(lo->lo_flags & LO_FLAGS_PARTSCAN)) {
1124                lo->lo_flags |= LO_FLAGS_PARTSCAN;
1125                lo->lo_disk->flags &= ~GENHD_FL_NO_PART_SCAN;
1126                ioctl_by_bdev(lo->lo_device, BLKRRPART, 0);
1127        }
1128
1129        lo->lo_encrypt_key_size = info->lo_encrypt_key_size;
1130        lo->lo_init[0] = info->lo_init[0];
1131        lo->lo_init[1] = info->lo_init[1];
1132        if (info->lo_encrypt_key_size) {
1133                memcpy(lo->lo_encrypt_key, info->lo_encrypt_key,
1134                       info->lo_encrypt_key_size);
1135                lo->lo_key_owner = uid;
1136        }       
1137
1138        return 0;
1139}
1140
1141static int
1142loop_get_status(struct loop_device *lo, struct loop_info64 *info)
1143{
1144        struct file *file = lo->lo_backing_file;
1145        struct kstat stat;
1146        int error;
1147
1148        if (lo->lo_state != Lo_bound)
1149                return -ENXIO;
1150        error = vfs_getattr(&file->f_path, &stat);
1151        if (error)
1152                return error;
1153        memset(info, 0, sizeof(*info));
1154        info->lo_number = lo->lo_number;
1155        info->lo_device = huge_encode_dev(stat.dev);
1156        info->lo_inode = stat.ino;
1157        info->lo_rdevice = huge_encode_dev(lo->lo_device ? stat.rdev : stat.dev);
1158        info->lo_offset = lo->lo_offset;
1159        info->lo_sizelimit = lo->lo_sizelimit;
1160        info->lo_flags = lo->lo_flags;
1161        memcpy(info->lo_file_name, lo->lo_file_name, LO_NAME_SIZE);
1162        memcpy(info->lo_crypt_name, lo->lo_crypt_name, LO_NAME_SIZE);
1163        info->lo_encrypt_type =
1164                lo->lo_encryption ? lo->lo_encryption->number : 0;
1165        if (lo->lo_encrypt_key_size && capable(CAP_SYS_ADMIN)) {
1166                info->lo_encrypt_key_size = lo->lo_encrypt_key_size;
1167                memcpy(info->lo_encrypt_key, lo->lo_encrypt_key,
1168                       lo->lo_encrypt_key_size);
1169        }
1170        return 0;
1171}
1172
1173static void
1174loop_info64_from_old(const struct loop_info *info, struct loop_info64 *info64)
1175{
1176        memset(info64, 0, sizeof(*info64));
1177        info64->lo_number = info->lo_number;
1178        info64->lo_device = info->lo_device;
1179        info64->lo_inode = info->lo_inode;
1180        info64->lo_rdevice = info->lo_rdevice;
1181        info64->lo_offset = info->lo_offset;
1182        info64->lo_sizelimit = 0;
1183        info64->lo_encrypt_type = info->lo_encrypt_type;
1184        info64->lo_encrypt_key_size = info->lo_encrypt_key_size;
1185        info64->lo_flags = info->lo_flags;
1186        info64->lo_init[0] = info->lo_init[0];
1187        info64->lo_init[1] = info->lo_init[1];
1188        if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1189                memcpy(info64->lo_crypt_name, info->lo_name, LO_NAME_SIZE);
1190        else
1191                memcpy(info64->lo_file_name, info->lo_name, LO_NAME_SIZE);
1192        memcpy(info64->lo_encrypt_key, info->lo_encrypt_key, LO_KEY_SIZE);
1193}
1194
1195static int
1196loop_info64_to_old(const struct loop_info64 *info64, struct loop_info *info)
1197{
1198        memset(info, 0, sizeof(*info));
1199        info->lo_number = info64->lo_number;
1200        info->lo_device = info64->lo_device;
1201        info->lo_inode = info64->lo_inode;
1202        info->lo_rdevice = info64->lo_rdevice;
1203        info->lo_offset = info64->lo_offset;
1204        info->lo_encrypt_type = info64->lo_encrypt_type;
1205        info->lo_encrypt_key_size = info64->lo_encrypt_key_size;
1206        info->lo_flags = info64->lo_flags;
1207        info->lo_init[0] = info64->lo_init[0];
1208        info->lo_init[1] = info64->lo_init[1];
1209        if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1210                memcpy(info->lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
1211        else
1212                memcpy(info->lo_name, info64->lo_file_name, LO_NAME_SIZE);
1213        memcpy(info->lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
1214
1215        /* error in case values were truncated */
1216        if (info->lo_device != info64->lo_device ||
1217            info->lo_rdevice != info64->lo_rdevice ||
1218            info->lo_inode != info64->lo_inode ||
1219            info->lo_offset != info64->lo_offset)
1220                return -EOVERFLOW;
1221
1222        return 0;
1223}
1224
1225static int
1226loop_set_status_old(struct loop_device *lo, const struct loop_info __user *arg)
1227{
1228        struct loop_info info;
1229        struct loop_info64 info64;
1230
1231        if (copy_from_user(&info, arg, sizeof (struct loop_info)))
1232                return -EFAULT;
1233        loop_info64_from_old(&info, &info64);
1234        return loop_set_status(lo, &info64);
1235}
1236
1237static int
1238loop_set_status64(struct loop_device *lo, const struct loop_info64 __user *arg)
1239{
1240        struct loop_info64 info64;
1241
1242        if (copy_from_user(&info64, arg, sizeof (struct loop_info64)))
1243                return -EFAULT;
1244        return loop_set_status(lo, &info64);
1245}
1246
1247static int
1248loop_get_status_old(struct loop_device *lo, struct loop_info __user *arg) {
1249        struct loop_info info;
1250        struct loop_info64 info64;
1251        int err = 0;
1252
1253        if (!arg)
1254                err = -EINVAL;
1255        if (!err)
1256                err = loop_get_status(lo, &info64);
1257        if (!err)
1258                err = loop_info64_to_old(&info64, &info);
1259        if (!err && copy_to_user(arg, &info, sizeof(info)))
1260                err = -EFAULT;
1261
1262        return err;
1263}
1264
1265static int
1266loop_get_status64(struct loop_device *lo, struct loop_info64 __user *arg) {
1267        struct loop_info64 info64;
1268        int err = 0;
1269
1270        if (!arg)
1271                err = -EINVAL;
1272        if (!err)
1273                err = loop_get_status(lo, &info64);
1274        if (!err && copy_to_user(arg, &info64, sizeof(info64)))
1275                err = -EFAULT;
1276
1277        return err;
1278}
1279
1280static int loop_set_capacity(struct loop_device *lo, struct block_device *bdev)
1281{
1282        if (unlikely(lo->lo_state != Lo_bound))
1283                return -ENXIO;
1284
1285        return figure_loop_size(lo, lo->lo_offset, lo->lo_sizelimit);
1286}
1287
1288static int lo_ioctl(struct block_device *bdev, fmode_t mode,
1289        unsigned int cmd, unsigned long arg)
1290{
1291        struct loop_device *lo = bdev->bd_disk->private_data;
1292        int err;
1293
1294        mutex_lock_nested(&lo->lo_ctl_mutex, 1);
1295        switch (cmd) {
1296        case LOOP_SET_FD:
1297                err = loop_set_fd(lo, mode, bdev, arg);
1298                break;
1299        case LOOP_CHANGE_FD:
1300                err = loop_change_fd(lo, bdev, arg);
1301                break;
1302        case LOOP_CLR_FD:
1303                /* loop_clr_fd would have unlocked lo_ctl_mutex on success */
1304                err = loop_clr_fd(lo);
1305                if (!err)
1306                        goto out_unlocked;
1307                break;
1308        case LOOP_SET_STATUS:
1309                err = -EPERM;
1310                if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN))
1311                        err = loop_set_status_old(lo,
1312                                        (struct loop_info __user *)arg);
1313                break;
1314        case LOOP_GET_STATUS:
1315                err = loop_get_status_old(lo, (struct loop_info __user *) arg);
1316                break;
1317        case LOOP_SET_STATUS64:
1318                err = -EPERM;
1319                if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN))
1320                        err = loop_set_status64(lo,
1321                                        (struct loop_info64 __user *) arg);
1322                break;
1323        case LOOP_GET_STATUS64:
1324                err = loop_get_status64(lo, (struct loop_info64 __user *) arg);
1325                break;
1326        case LOOP_SET_CAPACITY:
1327                err = -EPERM;
1328                if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN))
1329                        err = loop_set_capacity(lo, bdev);
1330                break;
1331        default:
1332                err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL;
1333        }
1334        mutex_unlock(&lo->lo_ctl_mutex);
1335
1336out_unlocked:
1337        return err;
1338}
1339
1340#ifdef CONFIG_COMPAT
1341struct compat_loop_info {
1342        compat_int_t    lo_number;      /* ioctl r/o */
1343        compat_dev_t    lo_device;      /* ioctl r/o */
1344        compat_ulong_t  lo_inode;       /* ioctl r/o */
1345        compat_dev_t    lo_rdevice;     /* ioctl r/o */
1346        compat_int_t    lo_offset;
1347        compat_int_t    lo_encrypt_type;
1348        compat_int_t    lo_encrypt_key_size;    /* ioctl w/o */
1349        compat_int_t    lo_flags;       /* ioctl r/o */
1350        char            lo_name[LO_NAME_SIZE];
1351        unsigned char   lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */
1352        compat_ulong_t  lo_init[2];
1353        char            reserved[4];
1354};
1355
1356/*
1357 * Transfer 32-bit compatibility structure in userspace to 64-bit loop info
1358 * - noinlined to reduce stack space usage in main part of driver
1359 */
1360static noinline int
1361loop_info64_from_compat(const struct compat_loop_info __user *arg,
1362                        struct loop_info64 *info64)
1363{
1364        struct compat_loop_info info;
1365
1366        if (copy_from_user(&info, arg, sizeof(info)))
1367                return -EFAULT;
1368
1369        memset(info64, 0, sizeof(*info64));
1370        info64->lo_number = info.lo_number;
1371        info64->lo_device = info.lo_device;
1372        info64->lo_inode = info.lo_inode;
1373        info64->lo_rdevice = info.lo_rdevice;
1374        info64->lo_offset = info.lo_offset;
1375        info64->lo_sizelimit = 0;
1376        info64->lo_encrypt_type = info.lo_encrypt_type;
1377        info64->lo_encrypt_key_size = info.lo_encrypt_key_size;
1378        info64->lo_flags = info.lo_flags;
1379        info64->lo_init[0] = info.lo_init[0];
1380        info64->lo_init[1] = info.lo_init[1];
1381        if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1382                memcpy(info64->lo_crypt_name, info.lo_name, LO_NAME_SIZE);
1383        else
1384                memcpy(info64->lo_file_name, info.lo_name, LO_NAME_SIZE);
1385        memcpy(info64->lo_encrypt_key, info.lo_encrypt_key, LO_KEY_SIZE);
1386        return 0;
1387}
1388
1389/*
1390 * Transfer 64-bit loop info to 32-bit compatibility structure in userspace
1391 * - noinlined to reduce stack space usage in main part of driver
1392 */
1393static noinline int
1394loop_info64_to_compat(const struct loop_info64 *info64,
1395                      struct compat_loop_info __user *arg)
1396{
1397        struct compat_loop_info info;
1398
1399        memset(&info, 0, sizeof(info));
1400        info.lo_number = info64->lo_number;
1401        info.lo_device = info64->lo_device;
1402        info.lo_inode = info64->lo_inode;
1403        info.lo_rdevice = info64->lo_rdevice;
1404        info.lo_offset = info64->lo_offset;
1405        info.lo_encrypt_type = info64->lo_encrypt_type;
1406        info.lo_encrypt_key_size = info64->lo_encrypt_key_size;
1407        info.lo_flags = info64->lo_flags;
1408        info.lo_init[0] = info64->lo_init[0];
1409        info.lo_init[1] = info64->lo_init[1];
1410        if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1411                memcpy(info.lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
1412        else
1413                memcpy(info.lo_name, info64->lo_file_name, LO_NAME_SIZE);
1414        memcpy(info.lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
1415
1416        /* error in case values were truncated */
1417        if (info.lo_device != info64->lo_device ||
1418            info.lo_rdevice != info64->lo_rdevice ||
1419            info.lo_inode != info64->lo_inode ||
1420            info.lo_offset != info64->lo_offset ||
1421            info.lo_init[0] != info64->lo_init[0] ||
1422            info.lo_init[1] != info64->lo_init[1])
1423                return -EOVERFLOW;
1424
1425        if (copy_to_user(arg, &info, sizeof(info)))
1426                return -EFAULT;
1427        return 0;
1428}
1429
1430static int
1431loop_set_status_compat(struct loop_device *lo,
1432                       const struct compat_loop_info __user *arg)
1433{
1434        struct loop_info64 info64;
1435        int ret;
1436
1437        ret = loop_info64_from_compat(arg, &info64);
1438        if (ret < 0)
1439                return ret;
1440        return loop_set_status(lo, &info64);
1441}
1442
1443static int
1444loop_get_status_compat(struct loop_device *lo,
1445                       struct compat_loop_info __user *arg)
1446{
1447        struct loop_info64 info64;
1448        int err = 0;
1449
1450        if (!arg)
1451                err = -EINVAL;
1452        if (!err)
1453                err = loop_get_status(lo, &info64);
1454        if (!err)
1455                err = loop_info64_to_compat(&info64, arg);
1456        return err;
1457}
1458
1459static int lo_compat_ioctl(struct block_device *bdev, fmode_t mode,
1460                           unsigned int cmd, unsigned long arg)
1461{
1462        struct loop_device *lo = bdev->bd_disk->private_data;
1463        int err;
1464
1465        switch(cmd) {
1466        case LOOP_SET_STATUS:
1467                mutex_lock(&lo->lo_ctl_mutex);
1468                err = loop_set_status_compat(
1469                        lo, (const struct compat_loop_info __user *) arg);
1470                mutex_unlock(&lo->lo_ctl_mutex);
1471                break;
1472        case LOOP_GET_STATUS:
1473                mutex_lock(&lo->lo_ctl_mutex);
1474                err = loop_get_status_compat(
1475                        lo, (struct compat_loop_info __user *) arg);
1476                mutex_unlock(&lo->lo_ctl_mutex);
1477                break;
1478        case LOOP_SET_CAPACITY:
1479        case LOOP_CLR_FD:
1480        case LOOP_GET_STATUS64:
1481        case LOOP_SET_STATUS64:
1482                arg = (unsigned long) compat_ptr(arg);
1483        case LOOP_SET_FD:
1484        case LOOP_CHANGE_FD:
1485                err = lo_ioctl(bdev, mode, cmd, arg);
1486                break;
1487        default:
1488                err = -ENOIOCTLCMD;
1489                break;
1490        }
1491        return err;
1492}
1493#endif
1494
1495static int lo_open(struct block_device *bdev, fmode_t mode)
1496{
1497        struct loop_device *lo;
1498        int err = 0;
1499
1500        mutex_lock(&loop_index_mutex);
1501        lo = bdev->bd_disk->private_data;
1502        if (!lo) {
1503                err = -ENXIO;
1504                goto out;
1505        }
1506
1507        mutex_lock(&lo->lo_ctl_mutex);
1508        lo->lo_refcnt++;
1509        mutex_unlock(&lo->lo_ctl_mutex);
1510out:
1511        mutex_unlock(&loop_index_mutex);
1512        return err;
1513}
1514
1515static void lo_release(struct gendisk *disk, fmode_t mode)
1516{
1517        struct loop_device *lo = disk->private_data;
1518        int err;
1519
1520        mutex_lock(&lo->lo_ctl_mutex);
1521
1522        if (--lo->lo_refcnt)
1523                goto out;
1524
1525        if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) {
1526                /*
1527                 * In autoclear mode, stop the loop thread
1528                 * and remove configuration after last close.
1529                 */
1530                err = loop_clr_fd(lo);
1531                if (!err)
1532                        return;
1533        } else {
1534                /*
1535                 * Otherwise keep thread (if running) and config,
1536                 * but flush possible ongoing bios in thread.
1537                 */
1538                loop_flush(lo);
1539        }
1540
1541out:
1542        mutex_unlock(&lo->lo_ctl_mutex);
1543}
1544
1545static const struct block_device_operations lo_fops = {
1546        .owner =        THIS_MODULE,
1547        .open =         lo_open,
1548        .release =      lo_release,
1549        .ioctl =        lo_ioctl,
1550#ifdef CONFIG_COMPAT
1551        .compat_ioctl = lo_compat_ioctl,
1552#endif
1553};
1554
1555/*
1556 * And now the modules code and kernel interface.
1557 */
1558static int max_loop;
1559module_param(max_loop, int, S_IRUGO);
1560MODULE_PARM_DESC(max_loop, "Maximum number of loop devices");
1561module_param(max_part, int, S_IRUGO);
1562MODULE_PARM_DESC(max_part, "Maximum number of partitions per loop device");
1563MODULE_LICENSE("GPL");
1564MODULE_ALIAS_BLOCKDEV_MAJOR(LOOP_MAJOR);
1565
1566int loop_register_transfer(struct loop_func_table *funcs)
1567{
1568        unsigned int n = funcs->number;
1569
1570        if (n >= MAX_LO_CRYPT || xfer_funcs[n])
1571                return -EINVAL;
1572        xfer_funcs[n] = funcs;
1573        return 0;
1574}
1575
1576static int unregister_transfer_cb(int id, void *ptr, void *data)
1577{
1578        struct loop_device *lo = ptr;
1579        struct loop_func_table *xfer = data;
1580
1581        mutex_lock(&lo->lo_ctl_mutex);
1582        if (lo->lo_encryption == xfer)
1583                loop_release_xfer(lo);
1584        mutex_unlock(&lo->lo_ctl_mutex);
1585        return 0;
1586}
1587
1588int loop_unregister_transfer(int number)
1589{
1590        unsigned int n = number;
1591        struct loop_func_table *xfer;
1592
1593        if (n == 0 || n >= MAX_LO_CRYPT || (xfer = xfer_funcs[n]) == NULL)
1594                return -EINVAL;
1595
1596        xfer_funcs[n] = NULL;
1597        idr_for_each(&loop_index_idr, &unregister_transfer_cb, xfer);
1598        return 0;
1599}
1600
1601EXPORT_SYMBOL(loop_register_transfer);
1602EXPORT_SYMBOL(loop_unregister_transfer);
1603
1604static int loop_add(struct loop_device **l, int i)
1605{
1606        struct loop_device *lo;
1607        struct gendisk *disk;
1608        int err;
1609
1610        err = -ENOMEM;
1611        lo = kzalloc(sizeof(*lo), GFP_KERNEL);
1612        if (!lo)
1613                goto out;
1614
1615        lo->lo_state = Lo_unbound;
1616
1617        /* allocate id, if @id >= 0, we're requesting that specific id */
1618        if (i >= 0) {
1619                err = idr_alloc(&loop_index_idr, lo, i, i + 1, GFP_KERNEL);
1620                if (err == -ENOSPC)
1621                        err = -EEXIST;
1622        } else {
1623                err = idr_alloc(&loop_index_idr, lo, 0, 0, GFP_KERNEL);
1624        }
1625        if (err < 0)
1626                goto out_free_dev;
1627        i = err;
1628
1629        err = -ENOMEM;
1630        lo->lo_queue = blk_alloc_queue(GFP_KERNEL);
1631        if (!lo->lo_queue)
1632                goto out_free_idr;
1633
1634        /*
1635         * set queue make_request_fn
1636         */
1637        blk_queue_make_request(lo->lo_queue, loop_make_request);
1638        lo->lo_queue->queuedata = lo;
1639
1640        disk = lo->lo_disk = alloc_disk(1 << part_shift);
1641        if (!disk)
1642                goto out_free_queue;
1643
1644        /*
1645         * Disable partition scanning by default. The in-kernel partition
1646         * scanning can be requested individually per-device during its
1647         * setup. Userspace can always add and remove partitions from all
1648         * devices. The needed partition minors are allocated from the
1649         * extended minor space, the main loop device numbers will continue
1650         * to match the loop minors, regardless of the number of partitions
1651         * used.
1652         *
1653         * If max_part is given, partition scanning is globally enabled for
1654         * all loop devices. The minors for the main loop devices will be
1655         * multiples of max_part.
1656         *
1657         * Note: Global-for-all-devices, set-only-at-init, read-only module
1658         * parameteters like 'max_loop' and 'max_part' make things needlessly
1659         * complicated, are too static, inflexible and may surprise
1660         * userspace tools. Parameters like this in general should be avoided.
1661         */
1662        if (!part_shift)
1663                disk->flags |= GENHD_FL_NO_PART_SCAN;
1664        disk->flags |= GENHD_FL_EXT_DEVT;
1665        mutex_init(&lo->lo_ctl_mutex);
1666        lo->lo_number           = i;
1667        lo->lo_thread           = NULL;
1668        init_waitqueue_head(&lo->lo_event);
1669        init_waitqueue_head(&lo->lo_req_wait);
1670        spin_lock_init(&lo->lo_lock);
1671        disk->major             = LOOP_MAJOR;
1672        disk->first_minor       = i << part_shift;
1673        disk->fops              = &lo_fops;
1674        disk->private_data      = lo;
1675        disk->queue             = lo->lo_queue;
1676        sprintf(disk->disk_name, "loop%d", i);
1677        add_disk(disk);
1678        *l = lo;
1679        return lo->lo_number;
1680
1681out_free_queue:
1682        blk_cleanup_queue(lo->lo_queue);
1683out_free_idr:
1684        idr_remove(&loop_index_idr, i);
1685out_free_dev:
1686        kfree(lo);
1687out:
1688        return err;
1689}
1690
1691static void loop_remove(struct loop_device *lo)
1692{
1693        del_gendisk(lo->lo_disk);
1694        blk_cleanup_queue(lo->lo_queue);
1695        put_disk(lo->lo_disk);
1696        kfree(lo);
1697}
1698
1699static int find_free_cb(int id, void *ptr, void *data)
1700{
1701        struct loop_device *lo = ptr;
1702        struct loop_device **l = data;
1703
1704        if (lo->lo_state == Lo_unbound) {
1705                *l = lo;
1706                return 1;
1707        }
1708        return 0;
1709}
1710
1711static int loop_lookup(struct loop_device **l, int i)
1712{
1713        struct loop_device *lo;
1714        int ret = -ENODEV;
1715
1716        if (i < 0) {
1717                int err;
1718
1719                err = idr_for_each(&loop_index_idr, &find_free_cb, &lo);
1720                if (err == 1) {
1721                        *l = lo;
1722                        ret = lo->lo_number;
1723                }
1724                goto out;
1725        }
1726
1727        /* lookup and return a specific i */
1728        lo = idr_find(&loop_index_idr, i);
1729        if (lo) {
1730                *l = lo;
1731                ret = lo->lo_number;
1732        }
1733out:
1734        return ret;
1735}
1736
1737static struct kobject *loop_probe(dev_t dev, int *part, void *data)
1738{
1739        struct loop_device *lo;
1740        struct kobject *kobj;
1741        int err;
1742
1743        mutex_lock(&loop_index_mutex);
1744        err = loop_lookup(&lo, MINOR(dev) >> part_shift);
1745        if (err < 0)
1746                err = loop_add(&lo, MINOR(dev) >> part_shift);
1747        if (err < 0)
1748                kobj = NULL;
1749        else
1750                kobj = get_disk(lo->lo_disk);
1751        mutex_unlock(&loop_index_mutex);
1752
1753        *part = 0;
1754        return kobj;
1755}
1756
1757static long loop_control_ioctl(struct file *file, unsigned int cmd,
1758                               unsigned long parm)
1759{
1760        struct loop_device *lo;
1761        int ret = -ENOSYS;
1762
1763        mutex_lock(&loop_index_mutex);
1764        switch (cmd) {
1765        case LOOP_CTL_ADD:
1766                ret = loop_lookup(&lo, parm);
1767                if (ret >= 0) {
1768                        ret = -EEXIST;
1769                        break;
1770                }
1771                ret = loop_add(&lo, parm);
1772                break;
1773        case LOOP_CTL_REMOVE:
1774                ret = loop_lookup(&lo, parm);
1775                if (ret < 0)
1776                        break;
1777                mutex_lock(&lo->lo_ctl_mutex);
1778                if (lo->lo_state != Lo_unbound) {
1779                        ret = -EBUSY;
1780                        mutex_unlock(&lo->lo_ctl_mutex);
1781                        break;
1782                }
1783                if (lo->lo_refcnt > 0) {
1784                        ret = -EBUSY;
1785                        mutex_unlock(&lo->lo_ctl_mutex);
1786                        break;
1787                }
1788                lo->lo_disk->private_data = NULL;
1789                mutex_unlock(&lo->lo_ctl_mutex);
1790                idr_remove(&loop_index_idr, lo->lo_number);
1791                loop_remove(lo);
1792                break;
1793        case LOOP_CTL_GET_FREE:
1794                ret = loop_lookup(&lo, -1);
1795                if (ret >= 0)
1796                        break;
1797                ret = loop_add(&lo, -1);
1798        }
1799        mutex_unlock(&loop_index_mutex);
1800
1801        return ret;
1802}
1803
1804static const struct file_operations loop_ctl_fops = {
1805        .open           = nonseekable_open,
1806        .unlocked_ioctl = loop_control_ioctl,
1807        .compat_ioctl   = loop_control_ioctl,
1808        .owner          = THIS_MODULE,
1809        .llseek         = noop_llseek,
1810};
1811
1812static struct miscdevice loop_misc = {
1813        .minor          = LOOP_CTRL_MINOR,
1814        .name           = "loop-control",
1815        .fops           = &loop_ctl_fops,
1816};
1817
1818MODULE_ALIAS_MISCDEV(LOOP_CTRL_MINOR);
1819MODULE_ALIAS("devname:loop-control");
1820
1821static int __init loop_init(void)
1822{
1823        int i, nr;
1824        unsigned long range;
1825        struct loop_device *lo;
1826        int err;
1827
1828        err = misc_register(&loop_misc);
1829        if (err < 0)
1830                return err;
1831
1832        part_shift = 0;
1833        if (max_part > 0) {
1834                part_shift = fls(max_part);
1835
1836                /*
1837                 * Adjust max_part according to part_shift as it is exported
1838                 * to user space so that user can decide correct minor number
1839                 * if [s]he want to create more devices.
1840                 *
1841                 * Note that -1 is required because partition 0 is reserved
1842                 * for the whole disk.
1843                 */
1844                max_part = (1UL << part_shift) - 1;
1845        }
1846
1847        if ((1UL << part_shift) > DISK_MAX_PARTS) {
1848                err = -EINVAL;
1849                goto misc_out;
1850        }
1851
1852        if (max_loop > 1UL << (MINORBITS - part_shift)) {
1853                err = -EINVAL;
1854                goto misc_out;
1855        }
1856
1857        /*
1858         * If max_loop is specified, create that many devices upfront.
1859         * This also becomes a hard limit. If max_loop is not specified,
1860         * create CONFIG_BLK_DEV_LOOP_MIN_COUNT loop devices at module
1861         * init time. Loop devices can be requested on-demand with the
1862         * /dev/loop-control interface, or be instantiated by accessing
1863         * a 'dead' device node.
1864         */
1865        if (max_loop) {
1866                nr = max_loop;
1867                range = max_loop << part_shift;
1868        } else {
1869                nr = CONFIG_BLK_DEV_LOOP_MIN_COUNT;
1870                range = 1UL << MINORBITS;
1871        }
1872
1873        if (register_blkdev(LOOP_MAJOR, "loop")) {
1874                err = -EIO;
1875                goto misc_out;
1876        }
1877
1878        blk_register_region(MKDEV(LOOP_MAJOR, 0), range,
1879                                  THIS_MODULE, loop_probe, NULL, NULL);
1880
1881        /* pre-create number of devices given by config or max_loop */
1882        mutex_lock(&loop_index_mutex);
1883        for (i = 0; i < nr; i++)
1884                loop_add(&lo, i);
1885        mutex_unlock(&loop_index_mutex);
1886
1887        printk(KERN_INFO "loop: module loaded\n");
1888        return 0;
1889
1890misc_out:
1891        misc_deregister(&loop_misc);
1892        return err;
1893}
1894
1895static int loop_exit_cb(int id, void *ptr, void *data)
1896{
1897        struct loop_device *lo = ptr;
1898
1899        loop_remove(lo);
1900        return 0;
1901}
1902
1903static void __exit loop_exit(void)
1904{
1905        unsigned long range;
1906
1907        range = max_loop ? max_loop << part_shift : 1UL << MINORBITS;
1908
1909        idr_for_each(&loop_index_idr, &loop_exit_cb, NULL);
1910        idr_destroy(&loop_index_idr);
1911
1912        blk_unregister_region(MKDEV(LOOP_MAJOR, 0), range);
1913        unregister_blkdev(LOOP_MAJOR, "loop");
1914
1915        misc_deregister(&loop_misc);
1916}
1917
1918module_init(loop_init);
1919module_exit(loop_exit);
1920
1921#ifndef MODULE
1922static int __init max_loop_setup(char *str)
1923{
1924        max_loop = simple_strtol(str, NULL, 0);
1925        return 1;
1926}
1927
1928__setup("max_loop=", max_loop_setup);
1929#endif
1930
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.