linux/drivers/block/loop.c
<<
>>
Prefs 
   1/*
   2 *  linux/drivers/block/loop.c
   3 *
   4 *  Written by Theodore Ts'o, 3/29/93
   5 *
   6 * Copyright 1993 by Theodore Ts'o.  Redistribution of this file is
   7 * permitted under the GNU General Public License.
   8 *
   9 * DES encryption plus some minor changes by Werner Almesberger, 30-MAY-1993
  10 * more DES encryption plus IDEA encryption by Nicholas J. Leon, June 20, 1996
  11 *
  12 * Modularized and updated for 1.1.16 kernel - Mitch Dsouza 28th May 1994
  13 * Adapted for 1.3.59 kernel - Andries Brouwer, 1 Feb 1996
  14 *
  15 * Fixed do_loop_request() re-entrancy - Vincent.Renardias@waw.com Mar 20, 1997
  16 *
  17 * Added devfs support - Richard Gooch <rgooch@atnf.csiro.au> 16-Jan-1998
  18 *
  19 * Handle sparse backing files correctly - Kenn Humborg, Jun 28, 1998
  20 *
  21 * Loadable modules and other fixes by AK, 1998
  22 *
  23 * Make real block number available to downstream transfer functions, enables
  24 * CBC (and relatives) mode encryption requiring unique IVs per data block.
  25 * Reed H. Petty, rhp@draper.net
  26 *
  27 * Maximum number of loop devices now dynamic via max_loop module parameter.
  28 * Russell Kroll <rkroll@exploits.org> 19990701
  29 *
  30 * Maximum number of loop devices when compiled-in now selectable by passing
  31 * max_loop=<1-255> to the kernel on boot.
  32 * Erik I. Bols\xC3\xB8, <eriki@himolde.no>, Oct 31, 1999
  33 *
  34 * Completely rewrite request handling to be make_request_fn style and
  35 * non blocking, pushing work to a helper thread. Lots of fixes from
  36 * Al Viro too.
  37 * Jens Axboe <axboe@suse.de>, Nov 2000
  38 *
  39 * Support up to 256 loop devices
  40 * Heinz Mauelshagen <mge@sistina.com>, Feb 2002
  41 *
  42 * Support for falling back on the write file operation when the address space
  43 * operations write_begin is not available on the backing filesystem.
  44 * Anton Altaparmakov, 16 Feb 2005
  45 *
  46 * Still To Fix:
  47 * - Advisory locking is ignored here.
  48 * - Should use an own CAP_* category instead of CAP_SYS_ADMIN
  49 *
  50 */
  51
  52#include <linux/module.h>
  53#include <linux/moduleparam.h>
  54#include <linux/sched.h>
  55#include <linux/fs.h>
  56#include <linux/file.h>
  57#include <linux/stat.h>
  58#include <linux/errno.h>
  59#include <linux/major.h>
  60#include <linux/wait.h>
  61#include <linux/blkdev.h>
  62#include <linux/blkpg.h>
  63#include <linux/init.h>
  64#include <linux/smp_lock.h>
  65#include <linux/swap.h>
  66#include <linux/slab.h>
  67#include <linux/loop.h>
  68#include <linux/compat.h>
  69#include <linux/suspend.h>
  70#include <linux/freezer.h>
  71#include <linux/writeback.h>
  72#include <linux/buffer_head.h>          /* for invalidate_bdev() */
  73#include <linux/completion.h>
  74#include <linux/highmem.h>
  75#include <linux/gfp.h>
  76#include <linux/kthread.h>
  77#include <linux/splice.h>
  78
  79#include <asm/uaccess.h>
  80
  81static LIST_HEAD(loop_devices);
  82static DEFINE_MUTEX(loop_devices_mutex);
  83
  84static int max_part;
  85static int part_shift;
  86
  87/*
  88 * Transfer functions
  89 */
  90static int transfer_none(struct loop_device *lo, int cmd,
  91                         struct page *raw_page, unsigned raw_off,
  92                         struct page *loop_page, unsigned loop_off,
  93                         int size, sector_t real_block)
  94{
  95        char *raw_buf = kmap_atomic(raw_page, KM_USER0) + raw_off;
  96        char *loop_buf = kmap_atomic(loop_page, KM_USER1) + loop_off;
  97
  98        if (cmd == READ)
  99                memcpy(loop_buf, raw_buf, size);
 100        else
 101                memcpy(raw_buf, loop_buf, size);
 102
 103        kunmap_atomic(raw_buf, KM_USER0);
 104        kunmap_atomic(loop_buf, KM_USER1);
 105        cond_resched();
 106        return 0;
 107}
 108
 109static int transfer_xor(struct loop_device *lo, int cmd,
 110                        struct page *raw_page, unsigned raw_off,
 111                        struct page *loop_page, unsigned loop_off,
 112                        int size, sector_t real_block)
 113{
 114        char *raw_buf = kmap_atomic(raw_page, KM_USER0) + raw_off;
 115        char *loop_buf = kmap_atomic(loop_page, KM_USER1) + loop_off;
 116        char *in, *out, *key;
 117        int i, keysize;
 118
 119        if (cmd == READ) {
 120                in = raw_buf;
 121                out = loop_buf;
 122        } else {
 123                in = loop_buf;
 124                out = raw_buf;
 125        }
 126
 127        key = lo->lo_encrypt_key;
 128        keysize = lo->lo_encrypt_key_size;
 129        for (i = 0; i < size; i++)
 130                *out++ = *in++ ^ key[(i & 511) % keysize];
 131
 132        kunmap_atomic(raw_buf, KM_USER0);
 133        kunmap_atomic(loop_buf, KM_USER1);
 134        cond_resched();
 135        return 0;
 136}
 137
 138static int xor_init(struct loop_device *lo, const struct loop_info64 *info)
 139{
 140        if (unlikely(info->lo_encrypt_key_size <= 0))
 141                return -EINVAL;
 142        return 0;
 143}
 144
 145static struct loop_func_table none_funcs = {
 146        .number = LO_CRYPT_NONE,
 147        .transfer = transfer_none,
 148};      
 149
 150static struct loop_func_table xor_funcs = {
 151        .number = LO_CRYPT_XOR,
 152        .transfer = transfer_xor,
 153        .init = xor_init
 154};      
 155
 156/* xfer_funcs[0] is special - its release function is never called */
 157static struct loop_func_table *xfer_funcs[MAX_LO_CRYPT] = {
 158        &none_funcs,
 159        &xor_funcs
 160};
 161
 162static loff_t get_loop_size(struct loop_device *lo, struct file *file)
 163{
 164        loff_t size, offset, loopsize;
 165
 166        /* Compute loopsize in bytes */
 167        size = i_size_read(file->f_mapping->host);
 168        offset = lo->lo_offset;
 169        loopsize = size - offset;
 170        if (lo->lo_sizelimit > 0 && lo->lo_sizelimit < loopsize)
 171                loopsize = lo->lo_sizelimit;
 172
 173        /*
 174         * Unfortunately, if we want to do I/O on the device,
 175         * the number of 512-byte sectors has to fit into a sector_t.
 176         */
 177        return loopsize >> 9;
 178}
 179
 180static int
 181figure_loop_size(struct loop_device *lo)
 182{
 183        loff_t size = get_loop_size(lo, lo->lo_backing_file);
 184        sector_t x = (sector_t)size;
 185
 186        if (unlikely((loff_t)x != size))
 187                return -EFBIG;
 188
 189        set_capacity(lo->lo_disk, x);
 190        return 0;                                       
 191}
 192
 193static inline int
 194lo_do_transfer(struct loop_device *lo, int cmd,
 195               struct page *rpage, unsigned roffs,
 196               struct page *lpage, unsigned loffs,
 197               int size, sector_t rblock)
 198{
 199        if (unlikely(!lo->transfer))
 200                return 0;
 201
 202        return lo->transfer(lo, cmd, rpage, roffs, lpage, loffs, size, rblock);
 203}
 204
 205/**
 206 * do_lo_send_aops - helper for writing data to a loop device
 207 *
 208 * This is the fast version for backing filesystems which implement the address
 209 * space operations write_begin and write_end.
 210 */
 211static int do_lo_send_aops(struct loop_device *lo, struct bio_vec *bvec,
 212                loff_t pos, struct page *unused)
 213{
 214        struct file *file = lo->lo_backing_file; /* kudos to NFsckingS */
 215        struct address_space *mapping = file->f_mapping;
 216        pgoff_t index;
 217        unsigned offset, bv_offs;
 218        int len, ret;
 219
 220        mutex_lock(&mapping->host->i_mutex);
 221        index = pos >> PAGE_CACHE_SHIFT;
 222        offset = pos & ((pgoff_t)PAGE_CACHE_SIZE - 1);
 223        bv_offs = bvec->bv_offset;
 224        len = bvec->bv_len;
 225        while (len > 0) {
 226                sector_t IV;
 227                unsigned size, copied;
 228                int transfer_result;
 229                struct page *page;
 230                void *fsdata;
 231
 232                IV = ((sector_t)index << (PAGE_CACHE_SHIFT - 9))+(offset >> 9);
 233                size = PAGE_CACHE_SIZE - offset;
 234                if (size > len)
 235                        size = len;
 236
 237                ret = pagecache_write_begin(file, mapping, pos, size, 0,
 238                                                        &page, &fsdata);
 239                if (ret)
 240                        goto fail;
 241
 242                transfer_result = lo_do_transfer(lo, WRITE, page, offset,
 243                                bvec->bv_page, bv_offs, size, IV);
 244                copied = size;
 245                if (unlikely(transfer_result))
 246                        copied = 0;
 247
 248                ret = pagecache_write_end(file, mapping, pos, size, copied,
 249                                                        page, fsdata);
 250                if (ret < 0 || ret != copied)
 251                        goto fail;
 252
 253                if (unlikely(transfer_result))
 254                        goto fail;
 255
 256                bv_offs += copied;
 257                len -= copied;
 258                offset = 0;
 259                index++;
 260                pos += copied;
 261        }
 262        ret = 0;
 263out:
 264        mutex_unlock(&mapping->host->i_mutex);
 265        return ret;
 266fail:
 267        ret = -1;
 268        goto out;
 269}
 270
 271/**
 272 * __do_lo_send_write - helper for writing data to a loop device
 273 *
 274 * This helper just factors out common code between do_lo_send_direct_write()
 275 * and do_lo_send_write().
 276 */
 277static int __do_lo_send_write(struct file *file,
 278                u8 *buf, const int len, loff_t pos)
 279{
 280        ssize_t bw;
 281        mm_segment_t old_fs = get_fs();
 282
 283        set_fs(get_ds());
 284        bw = file->f_op->write(file, buf, len, &pos);
 285        set_fs(old_fs);
 286        if (likely(bw == len))
 287                return 0;
 288        printk(KERN_ERR "loop: Write error at byte offset %llu, length %i.\n",
 289                        (unsigned long long)pos, len);
 290        if (bw >= 0)
 291                bw = -EIO;
 292        return bw;
 293}
 294
 295/**
 296 * do_lo_send_direct_write - helper for writing data to a loop device
 297 *
 298 * This is the fast, non-transforming version for backing filesystems which do
 299 * not implement the address space operations write_begin and write_end.
 300 * It uses the write file operation which should be present on all writeable
 301 * filesystems.
 302 */
 303static int do_lo_send_direct_write(struct loop_device *lo,
 304                struct bio_vec *bvec, loff_t pos, struct page *page)
 305{
 306        ssize_t bw = __do_lo_send_write(lo->lo_backing_file,
 307                        kmap(bvec->bv_page) + bvec->bv_offset,
 308                        bvec->bv_len, pos);
 309        kunmap(bvec->bv_page);
 310        cond_resched();
 311        return bw;
 312}
 313
 314/**
 315 * do_lo_send_write - helper for writing data to a loop device
 316 *
 317 * This is the slow, transforming version for filesystems which do not
 318 * implement the address space operations write_begin and write_end.  It
 319 * uses the write file operation which should be present on all writeable
 320 * filesystems.
 321 *
 322 * Using fops->write is slower than using aops->{prepare,commit}_write in the
 323 * transforming case because we need to double buffer the data as we cannot do
 324 * the transformations in place as we do not have direct access to the
 325 * destination pages of the backing file.
 326 */
 327static int do_lo_send_write(struct loop_device *lo, struct bio_vec *bvec,
 328                loff_t pos, struct page *page)
 329{
 330        int ret = lo_do_transfer(lo, WRITE, page, 0, bvec->bv_page,
 331                        bvec->bv_offset, bvec->bv_len, pos >> 9);
 332        if (likely(!ret))
 333                return __do_lo_send_write(lo->lo_backing_file,
 334                                page_address(page), bvec->bv_len,
 335                                pos);
 336        printk(KERN_ERR "loop: Transfer error at byte offset %llu, "
 337                        "length %i.\n", (unsigned long long)pos, bvec->bv_len);
 338        if (ret > 0)
 339                ret = -EIO;
 340        return ret;
 341}
 342
 343static int lo_send(struct loop_device *lo, struct bio *bio, loff_t pos)
 344{
 345        int (*do_lo_send)(struct loop_device *, struct bio_vec *, loff_t,
 346                        struct page *page);
 347        struct bio_vec *bvec;
 348        struct page *page = NULL;
 349        int i, ret = 0;
 350
 351        do_lo_send = do_lo_send_aops;
 352        if (!(lo->lo_flags & LO_FLAGS_USE_AOPS)) {
 353                do_lo_send = do_lo_send_direct_write;
 354                if (lo->transfer != transfer_none) {
 355                        page = alloc_page(GFP_NOIO | __GFP_HIGHMEM);
 356                        if (unlikely(!page))
 357                                goto fail;
 358                        kmap(page);
 359                        do_lo_send = do_lo_send_write;
 360                }
 361        }
 362        bio_for_each_segment(bvec, bio, i) {
 363                ret = do_lo_send(lo, bvec, pos, page);
 364                if (ret < 0)
 365                        break;
 366                pos += bvec->bv_len;
 367        }
 368        if (page) {
 369                kunmap(page);
 370                __free_page(page);
 371        }
 372out:
 373        return ret;
 374fail:
 375        printk(KERN_ERR "loop: Failed to allocate temporary page for write.\n");
 376        ret = -ENOMEM;
 377        goto out;
 378}
 379
 380struct lo_read_data {
 381        struct loop_device *lo;
 382        struct page *page;
 383        unsigned offset;
 384        int bsize;
 385};
 386
 387static int
 388lo_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
 389                struct splice_desc *sd)
 390{
 391        struct lo_read_data *p = sd->u.data;
 392        struct loop_device *lo = p->lo;
 393        struct page *page = buf->page;
 394        sector_t IV;
 395        int size, ret;
 396
 397        ret = buf->ops->confirm(pipe, buf);
 398        if (unlikely(ret))
 399                return ret;
 400
 401        IV = ((sector_t) page->index << (PAGE_CACHE_SHIFT - 9)) +
 402                                                        (buf->offset >> 9);
 403        size = sd->len;
 404        if (size > p->bsize)
 405                size = p->bsize;
 406
 407        if (lo_do_transfer(lo, READ, page, buf->offset, p->page, p->offset, size, IV)) {
 408                printk(KERN_ERR "loop: transfer error block %ld\n",
 409                       page->index);
 410                size = -EINVAL;
 411        }
 412
 413        flush_dcache_page(p->page);
 414
 415        if (size > 0)
 416                p->offset += size;
 417
 418        return size;
 419}
 420
 421static int
 422lo_direct_splice_actor(struct pipe_inode_info *pipe, struct splice_desc *sd)
 423{
 424        return __splice_from_pipe(pipe, sd, lo_splice_actor);
 425}
 426
 427static int
 428do_lo_receive(struct loop_device *lo,
 429              struct bio_vec *bvec, int bsize, loff_t pos)
 430{
 431        struct lo_read_data cookie;
 432        struct splice_desc sd;
 433        struct file *file;
 434        long retval;
 435
 436        cookie.lo = lo;
 437        cookie.page = bvec->bv_page;
 438        cookie.offset = bvec->bv_offset;
 439        cookie.bsize = bsize;
 440
 441        sd.len = 0;
 442        sd.total_len = bvec->bv_len;
 443        sd.flags = 0;
 444        sd.pos = pos;
 445        sd.u.data = &cookie;
 446
 447        file = lo->lo_backing_file;
 448        retval = splice_direct_to_actor(file, &sd, lo_direct_splice_actor);
 449
 450        if (retval < 0)
 451                return retval;
 452
 453        return 0;
 454}
 455
 456static int
 457lo_receive(struct loop_device *lo, struct bio *bio, int bsize, loff_t pos)
 458{
 459        struct bio_vec *bvec;
 460        int i, ret = 0;
 461
 462        bio_for_each_segment(bvec, bio, i) {
 463                ret = do_lo_receive(lo, bvec, bsize, pos);
 464                if (ret < 0)
 465                        break;
 466                pos += bvec->bv_len;
 467        }
 468        return ret;
 469}
 470
 471static int do_bio_filebacked(struct loop_device *lo, struct bio *bio)
 472{
 473        loff_t pos;
 474        int ret;
 475
 476        pos = ((loff_t) bio->bi_sector << 9) + lo->lo_offset;
 477
 478        if (bio_rw(bio) == WRITE) {
 479                int barrier = bio_barrier(bio);
 480                struct file *file = lo->lo_backing_file;
 481
 482                if (barrier) {
 483                        if (unlikely(!file->f_op->fsync)) {
 484                                ret = -EOPNOTSUPP;
 485                                goto out;
 486                        }
 487
 488                        ret = vfs_fsync(file, file->f_path.dentry, 0);
 489                        if (unlikely(ret)) {
 490                                ret = -EIO;
 491                                goto out;
 492                        }
 493                }
 494
 495                ret = lo_send(lo, bio, pos);
 496
 497                if (barrier && !ret) {
 498                        ret = vfs_fsync(file, file->f_path.dentry, 0);
 499                        if (unlikely(ret))
 500                                ret = -EIO;
 501                }
 502        } else
 503                ret = lo_receive(lo, bio, lo->lo_blocksize, pos);
 504
 505out:
 506        return ret;
 507}
 508
 509/*
 510 * Add bio to back of pending list
 511 */
 512static void loop_add_bio(struct loop_device *lo, struct bio *bio)
 513{
 514        if (lo->lo_biotail) {
 515                lo->lo_biotail->bi_next = bio;
 516                lo->lo_biotail = bio;
 517        } else
 518                lo->lo_bio = lo->lo_biotail = bio;
 519}
 520
 521/*
 522 * Grab first pending buffer
 523 */
 524static struct bio *loop_get_bio(struct loop_device *lo)
 525{
 526        struct bio *bio;
 527
 528        if ((bio = lo->lo_bio)) {
 529                if (bio == lo->lo_biotail)
 530                        lo->lo_biotail = NULL;
 531                lo->lo_bio = bio->bi_next;
 532                bio->bi_next = NULL;
 533        }
 534
 535        return bio;
 536}
 537
 538static int loop_make_request(struct request_queue *q, struct bio *old_bio)
 539{
 540        struct loop_device *lo = q->queuedata;
 541        int rw = bio_rw(old_bio);
 542
 543        if (rw == READA)
 544                rw = READ;
 545
 546        BUG_ON(!lo || (rw != READ && rw != WRITE));
 547
 548        spin_lock_irq(&lo->lo_lock);
 549        if (lo->lo_state != Lo_bound)
 550                goto out;
 551        if (unlikely(rw == WRITE && (lo->lo_flags & LO_FLAGS_READ_ONLY)))
 552                goto out;
 553        loop_add_bio(lo, old_bio);
 554        wake_up(&lo->lo_event);
 555        spin_unlock_irq(&lo->lo_lock);
 556        return 0;
 557
 558out:
 559        spin_unlock_irq(&lo->lo_lock);
 560        bio_io_error(old_bio);
 561        return 0;
 562}
 563
 564/*
 565 * kick off io on the underlying address space
 566 */
 567static void loop_unplug(struct request_queue *q)
 568{
 569        struct loop_device *lo = q->queuedata;
 570
 571        queue_flag_clear_unlocked(QUEUE_FLAG_PLUGGED, q);
 572        blk_run_address_space(lo->lo_backing_file->f_mapping);
 573}
 574
 575struct switch_request {
 576        struct file *file;
 577        struct completion wait;
 578};
 579
 580static void do_loop_switch(struct loop_device *, struct switch_request *);
 581
 582static inline void loop_handle_bio(struct loop_device *lo, struct bio *bio)
 583{
 584        if (unlikely(!bio->bi_bdev)) {
 585                do_loop_switch(lo, bio->bi_private);
 586                bio_put(bio);
 587        } else {
 588                int ret = do_bio_filebacked(lo, bio);
 589                bio_endio(bio, ret);
 590        }
 591}
 592
 593/*
 594 * worker thread that handles reads/writes to file backed loop devices,
 595 * to avoid blocking in our make_request_fn. it also does loop decrypting
 596 * on reads for block backed loop, as that is too heavy to do from
 597 * b_end_io context where irqs may be disabled.
 598 *
 599 * Loop explanation:  loop_clr_fd() sets lo_state to Lo_rundown before
 600 * calling kthread_stop().  Therefore once kthread_should_stop() is
 601 * true, make_request will not place any more requests.  Therefore
 602 * once kthread_should_stop() is true and lo_bio is NULL, we are
 603 * done with the loop.
 604 */
 605static int loop_thread(void *data)
 606{
 607        struct loop_device *lo = data;
 608        struct bio *bio;
 609
 610        set_user_nice(current, -20);
 611
 612        while (!kthread_should_stop() || lo->lo_bio) {
 613
 614                wait_event_interruptible(lo->lo_event,
 615                                lo->lo_bio || kthread_should_stop());
 616
 617                if (!lo->lo_bio)
 618                        continue;
 619                spin_lock_irq(&lo->lo_lock);
 620                bio = loop_get_bio(lo);
 621                spin_unlock_irq(&lo->lo_lock);
 622
 623                BUG_ON(!bio);
 624                loop_handle_bio(lo, bio);
 625        }
 626
 627        return 0;
 628}
 629
 630/*
 631 * loop_switch performs the hard work of switching a backing store.
 632 * First it needs to flush existing IO, it does this by sending a magic
 633 * BIO down the pipe. The completion of this BIO does the actual switch.
 634 */
 635static int loop_switch(struct loop_device *lo, struct file *file)
 636{
 637        struct switch_request w;
 638        struct bio *bio = bio_alloc(GFP_KERNEL, 0);
 639        if (!bio)
 640                return -ENOMEM;
 641        init_completion(&w.wait);
 642        w.file = file;
 643        bio->bi_private = &w;
 644        bio->bi_bdev = NULL;
 645        loop_make_request(lo->lo_queue, bio);
 646        wait_for_completion(&w.wait);
 647        return 0;
 648}
 649
 650/*
 651 * Helper to flush the IOs in loop, but keeping loop thread running
 652 */
 653static int loop_flush(struct loop_device *lo)
 654{
 655        /* loop not yet configured, no running thread, nothing to flush */
 656        if (!lo->lo_thread)
 657                return 0;
 658
 659        return loop_switch(lo, NULL);
 660}
 661
 662/*
 663 * Do the actual switch; called from the BIO completion routine
 664 */
 665static void do_loop_switch(struct loop_device *lo, struct switch_request *p)
 666{
 667        struct file *file = p->file;
 668        struct file *old_file = lo->lo_backing_file;
 669        struct address_space *mapping;
 670
 671        /* if no new file, only flush of queued bios requested */
 672        if (!file)
 673                goto out;
 674
 675        mapping = file->f_mapping;
 676        mapping_set_gfp_mask(old_file->f_mapping, lo->old_gfp_mask);
 677        lo->lo_backing_file = file;
 678        lo->lo_blocksize = S_ISBLK(mapping->host->i_mode) ?
 679                mapping->host->i_bdev->bd_block_size : PAGE_SIZE;
 680        lo->old_gfp_mask = mapping_gfp_mask(mapping);
 681        mapping_set_gfp_mask(mapping, lo->old_gfp_mask & ~(__GFP_IO|__GFP_FS));
 682out:
 683        complete(&p->wait);
 684}
 685
 686
 687/*
 688 * loop_change_fd switched the backing store of a loopback device to
 689 * a new file. This is useful for operating system installers to free up
 690 * the original file and in High Availability environments to switch to
 691 * an alternative location for the content in case of server meltdown.
 692 * This can only work if the loop device is used read-only, and if the
 693 * new backing store is the same size and type as the old backing store.
 694 */
 695static int loop_change_fd(struct loop_device *lo, struct block_device *bdev,
 696                          unsigned int arg)
 697{
 698        struct file     *file, *old_file;
 699        struct inode    *inode;
 700        int             error;
 701
 702        error = -ENXIO;
 703        if (lo->lo_state != Lo_bound)
 704                goto out;
 705
 706        /* the loop device has to be read-only */
 707        error = -EINVAL;
 708        if (!(lo->lo_flags & LO_FLAGS_READ_ONLY))
 709                goto out;
 710
 711        error = -EBADF;
 712        file = fget(arg);
 713        if (!file)
 714                goto out;
 715
 716        inode = file->f_mapping->host;
 717        old_file = lo->lo_backing_file;
 718
 719        error = -EINVAL;
 720
 721        if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
 722                goto out_putf;
 723
 724        /* new backing store needs to support loop (eg splice_read) */
 725        if (!inode->i_fop->splice_read)
 726                goto out_putf;
 727
 728        /* size of the new backing store needs to be the same */
 729        if (get_loop_size(lo, file) != get_loop_size(lo, old_file))
 730                goto out_putf;
 731
 732        /* and ... switch */
 733        error = loop_switch(lo, file);
 734        if (error)
 735                goto out_putf;
 736
 737        fput(old_file);
 738        if (max_part > 0)
 739                ioctl_by_bdev(bdev, BLKRRPART, 0);
 740        return 0;
 741
 742 out_putf:
 743        fput(file);
 744 out:
 745        return error;
 746}
 747
 748static inline int is_loop_device(struct file *file)
 749{
 750        struct inode *i = file->f_mapping->host;
 751
 752        return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR;
 753}
 754
 755static int loop_set_fd(struct loop_device *lo, fmode_t mode,
 756                       struct block_device *bdev, unsigned int arg)
 757{
 758        struct file     *file, *f;
 759        struct inode    *inode;
 760        struct address_space *mapping;
 761        unsigned lo_blocksize;
 762        int             lo_flags = 0;
 763        int             error;
 764        loff_t          size;
 765
 766        /* This is safe, since we have a reference from open(). */
 767        __module_get(THIS_MODULE);
 768
 769        error = -EBADF;
 770        file = fget(arg);
 771        if (!file)
 772                goto out;
 773
 774        error = -EBUSY;
 775        if (lo->lo_state != Lo_unbound)
 776                goto out_putf;
 777
 778        /* Avoid recursion */
 779        f = file;
 780        while (is_loop_device(f)) {
 781                struct loop_device *l;
 782
 783                if (f->f_mapping->host->i_bdev == bdev)
 784                        goto out_putf;
 785
 786                l = f->f_mapping->host->i_bdev->bd_disk->private_data;
 787                if (l->lo_state == Lo_unbound) {
 788                        error = -EINVAL;
 789                        goto out_putf;
 790                }
 791                f = l->lo_backing_file;
 792        }
 793
 794        mapping = file->f_mapping;
 795        inode = mapping->host;
 796
 797        if (!(file->f_mode & FMODE_WRITE))
 798                lo_flags |= LO_FLAGS_READ_ONLY;
 799
 800        error = -EINVAL;
 801        if (S_ISREG(inode->i_mode) || S_ISBLK(inode->i_mode)) {
 802                const struct address_space_operations *aops = mapping->a_ops;
 803                /*
 804                 * If we can't read - sorry. If we only can't write - well,
 805                 * it's going to be read-only.
 806                 */
 807                if (!file->f_op->splice_read)
 808                        goto out_putf;
 809                if (aops->write_begin)
 810                        lo_flags |= LO_FLAGS_USE_AOPS;
 811                if (!(lo_flags & LO_FLAGS_USE_AOPS) && !file->f_op->write)
 812                        lo_flags |= LO_FLAGS_READ_ONLY;
 813
 814                lo_blocksize = S_ISBLK(inode->i_mode) ?
 815                        inode->i_bdev->bd_block_size : PAGE_SIZE;
 816
 817                error = 0;
 818        } else {
 819                goto out_putf;
 820        }
 821
 822        size = get_loop_size(lo, file);
 823
 824        if ((loff_t)(sector_t)size != size) {
 825                error = -EFBIG;
 826                goto out_putf;
 827        }
 828
 829        if (!(mode & FMODE_WRITE))
 830                lo_flags |= LO_FLAGS_READ_ONLY;
 831
 832        set_device_ro(bdev, (lo_flags & LO_FLAGS_READ_ONLY) != 0);
 833
 834        lo->lo_blocksize = lo_blocksize;
 835        lo->lo_device = bdev;
 836        lo->lo_flags = lo_flags;
 837        lo->lo_backing_file = file;
 838        lo->transfer = transfer_none;
 839        lo->ioctl = NULL;
 840        lo->lo_sizelimit = 0;
 841        lo->old_gfp_mask = mapping_gfp_mask(mapping);
 842        mapping_set_gfp_mask(mapping, lo->old_gfp_mask & ~(__GFP_IO|__GFP_FS));
 843
 844        lo->lo_bio = lo->lo_biotail = NULL;
 845
 846        /*
 847         * set queue make_request_fn, and add limits based on lower level
 848         * device
 849         */
 850        blk_queue_make_request(lo->lo_queue, loop_make_request);
 851        lo->lo_queue->queuedata = lo;
 852        lo->lo_queue->unplug_fn = loop_unplug;
 853
 854        if (!(lo_flags & LO_FLAGS_READ_ONLY) && file->f_op->fsync)
 855                blk_queue_ordered(lo->lo_queue, QUEUE_ORDERED_DRAIN, NULL);
 856
 857        set_capacity(lo->lo_disk, size);
 858        bd_set_size(bdev, size << 9);
 859
 860        set_blocksize(bdev, lo_blocksize);
 861
 862        lo->lo_thread = kthread_create(loop_thread, lo, "loop%d",
 863                                                lo->lo_number);
 864        if (IS_ERR(lo->lo_thread)) {
 865                error = PTR_ERR(lo->lo_thread);
 866                goto out_clr;
 867        }
 868        lo->lo_state = Lo_bound;
 869        wake_up_process(lo->lo_thread);
 870        if (max_part > 0)
 871                ioctl_by_bdev(bdev, BLKRRPART, 0);
 872        return 0;
 873
 874out_clr:
 875        lo->lo_thread = NULL;
 876        lo->lo_device = NULL;
 877        lo->lo_backing_file = NULL;
 878        lo->lo_flags = 0;
 879        set_capacity(lo->lo_disk, 0);
 880        invalidate_bdev(bdev);
 881        bd_set_size(bdev, 0);
 882        mapping_set_gfp_mask(mapping, lo->old_gfp_mask);
 883        lo->lo_state = Lo_unbound;
 884 out_putf:
 885        fput(file);
 886 out:
 887        /* This is safe: open() is still holding a reference. */
 888        module_put(THIS_MODULE);
 889        return error;
 890}
 891
 892static int
 893loop_release_xfer(struct loop_device *lo)
 894{
 895        int err = 0;
 896        struct loop_func_table *xfer = lo->lo_encryption;
 897
 898        if (xfer) {
 899                if (xfer->release)
 900                        err = xfer->release(lo);
 901                lo->transfer = NULL;
 902                lo->lo_encryption = NULL;
 903                module_put(xfer->owner);
 904        }
 905        return err;
 906}
 907
 908static int
 909loop_init_xfer(struct loop_device *lo, struct loop_func_table *xfer,
 910               const struct loop_info64 *i)
 911{
 912        int err = 0;
 913
 914        if (xfer) {
 915                struct module *owner = xfer->owner;
 916
 917                if (!try_module_get(owner))
 918                        return -EINVAL;
 919                if (xfer->init)
 920                        err = xfer->init(lo, i);
 921                if (err)
 922                        module_put(owner);
 923                else
 924                        lo->lo_encryption = xfer;
 925        }
 926        return err;
 927}
 928
 929static int loop_clr_fd(struct loop_device *lo, struct block_device *bdev)
 930{
 931        struct file *filp = lo->lo_backing_file;
 932        gfp_t gfp = lo->old_gfp_mask;
 933
 934        if (lo->lo_state != Lo_bound)
 935                return -ENXIO;
 936
 937        if (lo->lo_refcnt > 1)  /* we needed one fd for the ioctl */
 938                return -EBUSY;
 939
 940        if (filp == NULL)
 941                return -EINVAL;
 942
 943        spin_lock_irq(&lo->lo_lock);
 944        lo->lo_state = Lo_rundown;
 945        spin_unlock_irq(&lo->lo_lock);
 946
 947        kthread_stop(lo->lo_thread);
 948
 949        lo->lo_queue->unplug_fn = NULL;
 950        lo->lo_backing_file = NULL;
 951
 952        loop_release_xfer(lo);
 953        lo->transfer = NULL;
 954        lo->ioctl = NULL;
 955        lo->lo_device = NULL;
 956        lo->lo_encryption = NULL;
 957        lo->lo_offset = 0;
 958        lo->lo_sizelimit = 0;
 959        lo->lo_encrypt_key_size = 0;
 960        lo->lo_flags = 0;
 961        lo->lo_thread = NULL;
 962        memset(lo->lo_encrypt_key, 0, LO_KEY_SIZE);
 963        memset(lo->lo_crypt_name, 0, LO_NAME_SIZE);
 964        memset(lo->lo_file_name, 0, LO_NAME_SIZE);
 965        if (bdev)
 966                invalidate_bdev(bdev);
 967        set_capacity(lo->lo_disk, 0);
 968        if (bdev)
 969                bd_set_size(bdev, 0);
 970        mapping_set_gfp_mask(filp->f_mapping, gfp);
 971        lo->lo_state = Lo_unbound;
 972        /* This is safe: open() is still holding a reference. */
 973        module_put(THIS_MODULE);
 974        if (max_part > 0)
 975                ioctl_by_bdev(bdev, BLKRRPART, 0);
 976        mutex_unlock(&lo->lo_ctl_mutex);
 977        /*
 978         * Need not hold lo_ctl_mutex to fput backing file.
 979         * Calling fput holding lo_ctl_mutex triggers a circular
 980         * lock dependency possibility warning as fput can take
 981         * bd_mutex which is usually taken before lo_ctl_mutex.
 982         */
 983        fput(filp);
 984        return 0;
 985}
 986
 987static int
 988loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
 989{
 990        int err;
 991        struct loop_func_table *xfer;
 992        uid_t uid = current_uid();
 993
 994        if (lo->lo_encrypt_key_size &&
 995            lo->lo_key_owner != uid &&
 996            !capable(CAP_SYS_ADMIN))
 997                return -EPERM;
 998        if (lo->lo_state != Lo_bound)
 999                return -ENXIO;
1000        if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE)

1001                return -EINVAL;
1002
1003        err = loop_release_xfer(lo);
1004        if (err)
1005                return err;
1006
1007        if (info->lo_encrypt_type) {
1008                unsigned int type = info->lo_encrypt_type;
1009
1010                if (type >= MAX_LO_CRYPT)
1011                        return -EINVAL;
1012                xfer = xfer_funcs[type];
1013                if (xfer == NULL)
1014                        return -EINVAL;
1015        } else
1016                xfer = NULL;
1017
1018        err = loop_init_xfer(lo, xfer, info);
1019        if (err)
1020                return err;
1021
1022        if (lo->lo_offset != info->lo_offset ||
1023            lo->lo_sizelimit != info->lo_sizelimit) {
1024                lo->lo_offset = info->lo_offset;
1025                lo->lo_sizelimit = info->lo_sizelimit;
1026                if (figure_loop_size(lo))
1027                        return -EFBIG;
1028        }
1029
1030        memcpy(lo->lo_file_name, info->lo_file_name, LO_NAME_SIZE);
1031        memcpy(lo->lo_crypt_name, info->lo_crypt_name, LO_NAME_SIZE);
1032        lo->lo_file_name[LO_NAME_SIZE-1] = 0;
1033        lo->lo_crypt_name[LO_NAME_SIZE-1] = 0;
1034
1035        if (!xfer)
1036                xfer = &none_funcs;
1037        lo->transfer = xfer->transfer;
1038        lo->ioctl = xfer->ioctl;
1039
1040        if ((lo->lo_flags & LO_FLAGS_AUTOCLEAR) !=
1041             (info->lo_flags & LO_FLAGS_AUTOCLEAR))
1042                lo->lo_flags ^= LO_FLAGS_AUTOCLEAR;
1043
1044        lo->lo_encrypt_key_size = info->lo_encrypt_key_size;
1045        lo->lo_init[0] = info->lo_init[0];
1046        lo->lo_init[1] = info->lo_init[1];
1047        if (info->lo_encrypt_key_size) {
1048                memcpy(lo->lo_encrypt_key, info->lo_encrypt_key,
1049                       info->lo_encrypt_key_size);
1050                lo->lo_key_owner = uid;
1051        }       
1052
1053        return 0;
1054}
1055
1056static int
1057loop_get_status(struct loop_device *lo, struct loop_info64 *info)
1058{
1059        struct file *file = lo->lo_backing_file;
1060        struct kstat stat;
1061        int error;
1062
1063        if (lo->lo_state != Lo_bound)
1064                return -ENXIO;
1065        error = vfs_getattr(file->f_path.mnt, file->f_path.dentry, &stat);
1066        if (error)
1067                return error;
1068        memset(info, 0, sizeof(*info));
1069        info->lo_number = lo->lo_number;
1070        info->lo_device = huge_encode_dev(stat.dev);
1071        info->lo_inode = stat.ino;
1072        info->lo_rdevice = huge_encode_dev(lo->lo_device ? stat.rdev : stat.dev);
1073        info->lo_offset = lo->lo_offset;
1074        info->lo_sizelimit = lo->lo_sizelimit;
1075        info->lo_flags = lo->lo_flags;
1076        memcpy(info->lo_file_name, lo->lo_file_name, LO_NAME_SIZE);
1077        memcpy(info->lo_crypt_name, lo->lo_crypt_name, LO_NAME_SIZE);
1078        info->lo_encrypt_type =
1079                lo->lo_encryption ? lo->lo_encryption->number : 0;
1080        if (lo->lo_encrypt_key_size && capable(CAP_SYS_ADMIN)) {
1081                info->lo_encrypt_key_size = lo->lo_encrypt_key_size;
1082                memcpy(info->lo_encrypt_key, lo->lo_encrypt_key,
1083                       lo->lo_encrypt_key_size);
1084        }
1085        return 0;
1086}
1087
1088static void
1089loop_info64_from_old(const struct loop_info *info, struct loop_info64 *info64)
1090{
1091        memset(info64, 0, sizeof(*info64));
1092        info64->lo_number = info->lo_number;
1093        info64->lo_device = info->lo_device;
1094        info64->lo_inode = info->lo_inode;
1095        info64->lo_rdevice = info->lo_rdevice;
1096        info64->lo_offset = info->lo_offset;
1097        info64->lo_sizelimit = 0;
1098        info64->lo_encrypt_type = info->lo_encrypt_type;
1099        info64->lo_encrypt_key_size = info->lo_encrypt_key_size;
1100        info64->lo_flags = info->lo_flags;
1101        info64->lo_init[0] = info->lo_init[0];
1102        info64->lo_init[1] = info->lo_init[1];
1103        if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1104                memcpy(info64->lo_crypt_name, info->lo_name, LO_NAME_SIZE);
1105        else
1106                memcpy(info64->lo_file_name, info->lo_name, LO_NAME_SIZE);
1107        memcpy(info64->lo_encrypt_key, info->lo_encrypt_key, LO_KEY_SIZE);
1108}
1109
1110static int
1111loop_info64_to_old(const struct loop_info64 *info64, struct loop_info *info)
1112{
1113        memset(info, 0, sizeof(*info));
1114        info->lo_number = info64->lo_number;
1115        info->lo_device = info64->lo_device;
1116        info->lo_inode = info64->lo_inode;
1117        info->lo_rdevice = info64->lo_rdevice;
1118        info->lo_offset = info64->lo_offset;
1119        info->lo_encrypt_type = info64->lo_encrypt_type;
1120        info->lo_encrypt_key_size = info64->lo_encrypt_key_size;
1121        info->lo_flags = info64->lo_flags;
1122        info->lo_init[0] = info64->lo_init[0];
1123        info->lo_init[1] = info64->lo_init[1];
1124        if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1125                memcpy(info->lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
1126        else
1127                memcpy(info->lo_name, info64->lo_file_name, LO_NAME_SIZE);
1128        memcpy(info->lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
1129
1130        /* error in case values were truncated */
1131        if (info->lo_device != info64->lo_device ||
1132            info->lo_rdevice != info64->lo_rdevice ||
1133            info->lo_inode != info64->lo_inode ||
1134            info->lo_offset != info64->lo_offset)
1135                return -EOVERFLOW;
1136
1137        return 0;
1138}
1139
1140static int
1141loop_set_status_old(struct loop_device *lo, const struct loop_info __user *arg)
1142{
1143        struct loop_info info;
1144        struct loop_info64 info64;
1145
1146        if (copy_from_user(&info, arg, sizeof (struct loop_info)))
1147                return -EFAULT;
1148        loop_info64_from_old(&info, &info64);
1149        return loop_set_status(lo, &info64);
1150}
1151
1152static int
1153loop_set_status64(struct loop_device *lo, const struct loop_info64 __user *arg)
1154{
1155        struct loop_info64 info64;
1156
1157        if (copy_from_user(&info64, arg, sizeof (struct loop_info64)))
1158                return -EFAULT;
1159        return loop_set_status(lo, &info64);
1160}
1161
1162static int
1163loop_get_status_old(struct loop_device *lo, struct loop_info __user *arg) {
1164        struct loop_info info;
1165        struct loop_info64 info64;
1166        int err = 0;
1167
1168        if (!arg)
1169                err = -EINVAL;
1170        if (!err)
1171                err = loop_get_status(lo, &info64);
1172        if (!err)
1173                err = loop_info64_to_old(&info64, &info);
1174        if (!err && copy_to_user(arg, &info, sizeof(info)))
1175                err = -EFAULT;
1176
1177        return err;
1178}
1179
1180static int
1181loop_get_status64(struct loop_device *lo, struct loop_info64 __user *arg) {
1182        struct loop_info64 info64;
1183        int err = 0;
1184
1185        if (!arg)
1186                err = -EINVAL;
1187        if (!err)
1188                err = loop_get_status(lo, &info64);
1189        if (!err && copy_to_user(arg, &info64, sizeof(info64)))
1190                err = -EFAULT;
1191
1192        return err;
1193}
1194
1195static int loop_set_capacity(struct loop_device *lo, struct block_device *bdev)
1196{
1197        int err;
1198        sector_t sec;
1199        loff_t sz;
1200
1201        err = -ENXIO;
1202        if (unlikely(lo->lo_state != Lo_bound))
1203                goto out;
1204        err = figure_loop_size(lo);
1205        if (unlikely(err))
1206                goto out;
1207        sec = get_capacity(lo->lo_disk);
1208        /* the width of sector_t may be narrow for bit-shift */
1209        sz = sec;
1210        sz <<= 9;
1211        mutex_lock(&bdev->bd_mutex);
1212        bd_set_size(bdev, sz);
1213        mutex_unlock(&bdev->bd_mutex);
1214
1215 out:
1216        return err;
1217}
1218
1219static int lo_ioctl(struct block_device *bdev, fmode_t mode,
1220        unsigned int cmd, unsigned long arg)
1221{
1222        struct loop_device *lo = bdev->bd_disk->private_data;
1223        int err;
1224
1225        mutex_lock_nested(&lo->lo_ctl_mutex, 1);
1226        switch (cmd) {
1227        case LOOP_SET_FD:
1228                err = loop_set_fd(lo, mode, bdev, arg);
1229                break;
1230        case LOOP_CHANGE_FD:
1231                err = loop_change_fd(lo, bdev, arg);
1232                break;
1233        case LOOP_CLR_FD:
1234                /* loop_clr_fd would have unlocked lo_ctl_mutex on success */
1235                err = loop_clr_fd(lo, bdev);
1236                if (!err)
1237                        goto out_unlocked;
1238                break;
1239        case LOOP_SET_STATUS:
1240                err = loop_set_status_old(lo, (struct loop_info __user *) arg);
1241                break;
1242        case LOOP_GET_STATUS:
1243                err = loop_get_status_old(lo, (struct loop_info __user *) arg);
1244                break;
1245        case LOOP_SET_STATUS64:
1246                err = loop_set_status64(lo, (struct loop_info64 __user *) arg);
1247                break;
1248        case LOOP_GET_STATUS64:
1249                err = loop_get_status64(lo, (struct loop_info64 __user *) arg);
1250                break;
1251        case LOOP_SET_CAPACITY:
1252                err = -EPERM;
1253                if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN))
1254                        err = loop_set_capacity(lo, bdev);
1255                break;
1256        default:
1257                err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL;
1258        }
1259        mutex_unlock(&lo->lo_ctl_mutex);
1260
1261out_unlocked:
1262        return err;
1263}
1264
1265#ifdef CONFIG_COMPAT
1266struct compat_loop_info {
1267        compat_int_t    lo_number;      /* ioctl r/o */
1268        compat_dev_t    lo_device;      /* ioctl r/o */
1269        compat_ulong_t  lo_inode;       /* ioctl r/o */
1270        compat_dev_t    lo_rdevice;     /* ioctl r/o */
1271        compat_int_t    lo_offset;
1272        compat_int_t    lo_encrypt_type;
1273        compat_int_t    lo_encrypt_key_size;    /* ioctl w/o */
1274        compat_int_t    lo_flags;       /* ioctl r/o */
1275        char            lo_name[LO_NAME_SIZE];
1276        unsigned char   lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */
1277        compat_ulong_t  lo_init[2];
1278        char            reserved[4];
1279};
1280
1281/*
1282 * Transfer 32-bit compatibility structure in userspace to 64-bit loop info
1283 * - noinlined to reduce stack space usage in main part of driver
1284 */
1285static noinline int
1286loop_info64_from_compat(const struct compat_loop_info __user *arg,
1287                        struct loop_info64 *info64)
1288{
1289        struct compat_loop_info info;
1290
1291        if (copy_from_user(&info, arg, sizeof(info)))
1292                return -EFAULT;
1293
1294        memset(info64, 0, sizeof(*info64));
1295        info64->lo_number = info.lo_number;
1296        info64->lo_device = info.lo_device;
1297        info64->lo_inode = info.lo_inode;
1298        info64->lo_rdevice = info.lo_rdevice;
1299        info64->lo_offset = info.lo_offset;
1300        info64->lo_sizelimit = 0;
1301        info64->lo_encrypt_type = info.lo_encrypt_type;
1302        info64->lo_encrypt_key_size = info.lo_encrypt_key_size;
1303        info64->lo_flags = info.lo_flags;
1304        info64->lo_init[0] = info.lo_init[0];
1305        info64->lo_init[1] = info.lo_init[1];
1306        if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1307                memcpy(info64->lo_crypt_name, info.lo_name, LO_NAME_SIZE);
1308        else
1309                memcpy(info64->lo_file_name, info.lo_name, LO_NAME_SIZE);
1310        memcpy(info64->lo_encrypt_key, info.lo_encrypt_key, LO_KEY_SIZE);
1311        return 0;
1312}
1313
1314/*
1315 * Transfer 64-bit loop info to 32-bit compatibility structure in userspace
1316 * - noinlined to reduce stack space usage in main part of driver
1317 */
1318static noinline int
1319loop_info64_to_compat(const struct loop_info64 *info64,
1320                      struct compat_loop_info __user *arg)
1321{
1322        struct compat_loop_info info;
1323
1324        memset(&info, 0, sizeof(info));
1325        info.lo_number = info64->lo_number;
1326        info.lo_device = info64->lo_device;
1327        info.lo_inode = info64->lo_inode;
1328        info.lo_rdevice = info64->lo_rdevice;
1329        info.lo_offset = info64->lo_offset;
1330        info.lo_encrypt_type = info64->lo_encrypt_type;
1331        info.lo_encrypt_key_size = info64->lo_encrypt_key_size;
1332        info.lo_flags = info64->lo_flags;
1333        info.lo_init[0] = info64->lo_init[0];
1334        info.lo_init[1] = info64->lo_init[1];
1335        if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1336                memcpy(info.lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
1337        else
1338                memcpy(info.lo_name, info64->lo_file_name, LO_NAME_SIZE);
1339        memcpy(info.lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
1340
1341        /* error in case values were truncated */
1342        if (info.lo_device != info64->lo_device ||
1343            info.lo_rdevice != info64->lo_rdevice ||
1344            info.lo_inode != info64->lo_inode ||
1345            info.lo_offset != info64->lo_offset ||
1346            info.lo_init[0] != info64->lo_init[0] ||
1347            info.lo_init[1] != info64->lo_init[1])
1348                return -EOVERFLOW;
1349
1350        if (copy_to_user(arg, &info, sizeof(info)))
1351                return -EFAULT;
1352        return 0;
1353}
1354
1355static int
1356loop_set_status_compat(struct loop_device *lo,
1357                       const struct compat_loop_info __user *arg)
1358{
1359        struct loop_info64 info64;
1360        int ret;
1361
1362        ret = loop_info64_from_compat(arg, &info64);
1363        if (ret < 0)
1364                return ret;
1365        return loop_set_status(lo, &info64);
1366}
1367
1368static int
1369loop_get_status_compat(struct loop_device *lo,
1370                       struct compat_loop_info __user *arg)
1371{
1372        struct loop_info64 info64;
1373        int err = 0;
1374
1375        if (!arg)
1376                err = -EINVAL;
1377        if (!err)
1378                err = loop_get_status(lo, &info64);
1379        if (!err)
1380                err = loop_info64_to_compat(&info64, arg);
1381        return err;
1382}
1383
1384static int lo_compat_ioctl(struct block_device *bdev, fmode_t mode,
1385                           unsigned int cmd, unsigned long arg)
1386{
1387        struct loop_device *lo = bdev->bd_disk->private_data;
1388        int err;
1389
1390        switch(cmd) {
1391        case LOOP_SET_STATUS:
1392                mutex_lock(&lo->lo_ctl_mutex);
1393                err = loop_set_status_compat(
1394                        lo, (const struct compat_loop_info __user *) arg);
1395                mutex_unlock(&lo->lo_ctl_mutex);
1396                break;
1397        case LOOP_GET_STATUS:
1398                mutex_lock(&lo->lo_ctl_mutex);
1399                err = loop_get_status_compat(
1400                        lo, (struct compat_loop_info __user *) arg);
1401                mutex_unlock(&lo->lo_ctl_mutex);
1402                break;
1403        case LOOP_SET_CAPACITY:
1404        case LOOP_CLR_FD:
1405        case LOOP_GET_STATUS64:
1406        case LOOP_SET_STATUS64:
1407                arg = (unsigned long) compat_ptr(arg);
1408        case LOOP_SET_FD:
1409        case LOOP_CHANGE_FD:
1410                err = lo_ioctl(bdev, mode, cmd, arg);
1411                break;
1412        default:
1413                err = -ENOIOCTLCMD;
1414                break;
1415        }
1416        return err;
1417}
1418#endif
1419
1420static int lo_open(struct block_device *bdev, fmode_t mode)
1421{
1422        struct loop_device *lo = bdev->bd_disk->private_data;
1423
1424        mutex_lock(&lo->lo_ctl_mutex);
1425        lo->lo_refcnt++;
1426        mutex_unlock(&lo->lo_ctl_mutex);
1427
1428        return 0;
1429}
1430
1431static int lo_release(struct gendisk *disk, fmode_t mode)
1432{
1433        struct loop_device *lo = disk->private_data;
1434        int err;
1435
1436        mutex_lock(&lo->lo_ctl_mutex);
1437
1438        if (--lo->lo_refcnt)
1439                goto out;
1440
1441        if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) {
1442                /*
1443                 * In autoclear mode, stop the loop thread
1444                 * and remove configuration after last close.
1445                 */
1446                err = loop_clr_fd(lo, NULL);
1447                if (!err)
1448                        goto out_unlocked;
1449        } else {
1450                /*
1451                 * Otherwise keep thread (if running) and config,
1452                 * but flush possible ongoing bios in thread.
1453                 */
1454                loop_flush(lo);
1455        }
1456
1457out:
1458        mutex_unlock(&lo->lo_ctl_mutex);
1459out_unlocked:
1460        return 0;
1461}
1462
1463static struct block_device_operations lo_fops = {
1464        .owner =        THIS_MODULE,
1465        .open =         lo_open,
1466        .release =      lo_release,
1467        .ioctl =        lo_ioctl,
1468#ifdef CONFIG_COMPAT
1469        .compat_ioctl = lo_compat_ioctl,
1470#endif
1471};
1472
1473/*
1474 * And now the modules code and kernel interface.
1475 */
1476static int max_loop;
1477module_param(max_loop, int, 0);
1478MODULE_PARM_DESC(max_loop, "Maximum number of loop devices");
1479module_param(max_part, int, 0);
1480MODULE_PARM_DESC(max_part, "Maximum number of partitions per loop device");
1481MODULE_LICENSE("GPL");
1482MODULE_ALIAS_BLOCKDEV_MAJOR(LOOP_MAJOR);
1483
1484int loop_register_transfer(struct loop_func_table *funcs)
1485{
1486        unsigned int n = funcs->number;
1487
1488        if (n >= MAX_LO_CRYPT || xfer_funcs[n])
1489                return -EINVAL;
1490        xfer_funcs[n] = funcs;
1491        return 0;
1492}
1493
1494int loop_unregister_transfer(int number)
1495{
1496        unsigned int n = number;
1497        struct loop_device *lo;
1498        struct loop_func_table *xfer;
1499
1500        if (n == 0 || n >= MAX_LO_CRYPT || (xfer = xfer_funcs[n]) == NULL)
1501                return -EINVAL;
1502
1503        xfer_funcs[n] = NULL;
1504
1505        list_for_each_entry(lo, &loop_devices, lo_list) {
1506                mutex_lock(&lo->lo_ctl_mutex);
1507
1508                if (lo->lo_encryption == xfer)
1509                        loop_release_xfer(lo);
1510
1511                mutex_unlock(&lo->lo_ctl_mutex);
1512        }
1513
1514        return 0;
1515}
1516
1517EXPORT_SYMBOL(loop_register_transfer);
1518EXPORT_SYMBOL(loop_unregister_transfer);
1519
1520static struct loop_device *loop_alloc(int i)
1521{
1522        struct loop_device *lo;
1523        struct gendisk *disk;
1524
1525        lo = kzalloc(sizeof(*lo), GFP_KERNEL);
1526        if (!lo)
1527                goto out;
1528
1529        lo->lo_queue = blk_alloc_queue(GFP_KERNEL);
1530        if (!lo->lo_queue)
1531                goto out_free_dev;
1532
1533        disk = lo->lo_disk = alloc_disk(1 << part_shift);
1534        if (!disk)
1535                goto out_free_queue;
1536
1537        mutex_init(&lo->lo_ctl_mutex);
1538        lo->lo_number           = i;
1539        lo->lo_thread           = NULL;
1540        init_waitqueue_head(&lo->lo_event);
1541        spin_lock_init(&lo->lo_lock);
1542        disk->major             = LOOP_MAJOR;
1543        disk->first_minor       = i << part_shift;
1544        disk->fops              = &lo_fops;
1545        disk->private_data      = lo;
1546        disk->queue             = lo->lo_queue;
1547        sprintf(disk->disk_name, "loop%d", i);
1548        return lo;
1549
1550out_free_queue:
1551        blk_cleanup_queue(lo->lo_queue);
1552out_free_dev:
1553        kfree(lo);
1554out:
1555        return NULL;
1556}
1557
1558static void loop_free(struct loop_device *lo)
1559{
1560        blk_cleanup_queue(lo->lo_queue);
1561        put_disk(lo->lo_disk);
1562        list_del(&lo->lo_list);
1563        kfree(lo);
1564}
1565
1566static struct loop_device *loop_init_one(int i)
1567{
1568        struct loop_device *lo;
1569
1570        list_for_each_entry(lo, &loop_devices, lo_list) {
1571                if (lo->lo_number == i)
1572                        return lo;
1573        }
1574
1575        lo = loop_alloc(i);
1576        if (lo) {
1577                add_disk(lo->lo_disk);
1578                list_add_tail(&lo->lo_list, &loop_devices);
1579        }
1580        return lo;
1581}
1582
1583static void loop_del_one(struct loop_device *lo)
1584{
1585        del_gendisk(lo->lo_disk);
1586        loop_free(lo);
1587}
1588
1589static struct kobject *loop_probe(dev_t dev, int *part, void *data)
1590{
1591        struct loop_device *lo;
1592        struct kobject *kobj;
1593
1594        mutex_lock(&loop_devices_mutex);
1595        lo = loop_init_one(dev & MINORMASK);
1596        kobj = lo ? get_disk(lo->lo_disk) : ERR_PTR(-ENOMEM);
1597        mutex_unlock(&loop_devices_mutex);
1598
1599        *part = 0;
1600        return kobj;
1601}
1602
1603static int __init loop_init(void)
1604{
1605        int i, nr;
1606        unsigned long range;
1607        struct loop_device *lo, *next;
1608
1609        /*
1610         * loop module now has a feature to instantiate underlying device
1611         * structure on-demand, provided that there is an access dev node.
1612         * However, this will not work well with user space tool that doesn't
1613         * know about such "feature".  In order to not break any existing
1614         * tool, we do the following:
1615         *
1616         * (1) if max_loop is specified, create that many upfront, and this
1617         *     also becomes a hard limit.
1618         * (2) if max_loop is not specified, create 8 loop device on module
1619         *     load, user can further extend loop device by create dev node
1620         *     themselves and have kernel automatically instantiate actual
1621         *     device on-demand.
1622         */
1623
1624        part_shift = 0;
1625        if (max_part > 0)
1626                part_shift = fls(max_part);
1627
1628        if (max_loop > 1UL << (MINORBITS - part_shift))
1629                return -EINVAL;
1630
1631        if (max_loop) {
1632                nr = max_loop;
1633                range = max_loop;
1634        } else {
1635                nr = 8;
1636                range = 1UL << (MINORBITS - part_shift);
1637        }
1638
1639        if (register_blkdev(LOOP_MAJOR, "loop"))
1640                return -EIO;
1641
1642        for (i = 0; i < nr; i++) {
1643                lo = loop_alloc(i);
1644                if (!lo)
1645                        goto Enomem;
1646                list_add_tail(&lo->lo_list, &loop_devices);
1647        }
1648
1649        /* point of no return */
1650
1651        list_for_each_entry(lo, &loop_devices, lo_list)
1652                add_disk(lo->lo_disk);
1653
1654        blk_register_region(MKDEV(LOOP_MAJOR, 0), range,
1655                                  THIS_MODULE, loop_probe, NULL, NULL);
1656
1657        printk(KERN_INFO "loop: module loaded\n");
1658        return 0;
1659
1660Enomem:
1661        printk(KERN_INFO "loop: out of memory\n");
1662
1663        list_for_each_entry_safe(lo, next, &loop_devices, lo_list)
1664                loop_free(lo);
1665
1666        unregister_blkdev(LOOP_MAJOR, "loop");
1667        return -ENOMEM;
1668}
1669
1670static void __exit loop_exit(void)
1671{
1672        unsigned long range;
1673        struct loop_device *lo, *next;
1674
1675        range = max_loop ? max_loop :  1UL << (MINORBITS - part_shift);
1676
1677        list_for_each_entry_safe(lo, next, &loop_devices, lo_list)
1678                loop_del_one(lo);
1679
1680        blk_unregister_region(MKDEV(LOOP_MAJOR, 0), range);
1681        unregister_blkdev(LOOP_MAJOR, "loop");
1682}
1683
1684module_init(loop_init);
1685module_exit(loop_exit);
1686
1687#ifndef MODULE
1688static int __init max_loop_setup(char *str)
1689{
1690        max_loop = simple_strtol(str, NULL, 0);
1691        return 1;
1692}
1693
1694__setup("max_loop=", max_loop_setup);
1695#endif
1696
The original LXR software by the LXR community, this experimental version by lxr@linux.no.