/*
   rbd.c -- Export ceph rados objects as a Linux block device


   based on drivers/block/osdblk.c:

   Copyright 2009 Red Hat, Inc.

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING.  If not, write to
   the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.



   For usage instructions, please refer to:

                 Documentation/ABI/testing/sysfs-bus-rbd

 */

#include <linux/ceph/libceph.h>
#include <linux/ceph/osd_client.h>
#include <linux/ceph/mon_client.h>
#include <linux/ceph/cls_lock_client.h>
#include <linux/ceph/striper.h>
#include <linux/ceph/decode.h>
#include <linux/fs_parser.h>
#include <linux/bsearch.h>

#include <linux/kernel.h>
#include <linux/device.h>
#include <linux/module.h>
#include <linux/blk-mq.h>
#include <linux/fs.h>
#include <linux/blkdev.h>
#include <linux/slab.h>
#include <linux/idr.h>
#include <linux/workqueue.h>

#include "rbd_types.h"

#define RBD_DEBUG       /* Activate rbd_assert() calls */

/*
 * Increment the given counter and return its updated value.
 * If the counter is already 0 it will not be incremented.
 * If the counter is already at its maximum value returns
 * -EINVAL without updating it.
 */
static int atomic_inc_return_safe(atomic_t *v)
{
        unsigned int counter;

        counter = (unsigned int)atomic_fetch_add_unless(v, 1, 0);
        if (counter <= (unsigned int)INT_MAX)
                return (int)counter;

        atomic_dec(v);

        return -EINVAL;
}

/* Decrement the counter.  Return the resulting value, or -EINVAL */
static int atomic_dec_return_safe(atomic_t *v)
{
        int counter;

        counter = atomic_dec_return(v);
        if (counter >= 0)
                return counter;

        atomic_inc(v);

        return -EINVAL;
}

#define RBD_DRV_NAME "rbd"

#define RBD_MINORS_PER_MAJOR            256
#define RBD_SINGLE_MAJOR_PART_SHIFT     4

#define RBD_MAX_PARENT_CHAIN_LEN        16

#define RBD_SNAP_DEV_NAME_PREFIX        "snap_"
#define RBD_MAX_SNAP_NAME_LEN   \
                        (NAME_MAX - (sizeof (RBD_SNAP_DEV_NAME_PREFIX) - 1))

#define RBD_MAX_SNAP_COUNT      510     /* allows max snapc to fit in 4KB */

#define RBD_SNAP_HEAD_NAME      "-"

#define BAD_SNAP_INDEX  U32_MAX         /* invalid index into snap array */

/* This allows a single page to hold an image name sent by OSD */
#define RBD_IMAGE_NAME_LEN_MAX  (PAGE_SIZE - sizeof (__le32) - 1)
#define RBD_IMAGE_ID_LEN_MAX    64

#define RBD_OBJ_PREFIX_LEN_MAX  64

#define RBD_NOTIFY_TIMEOUT      5       /* seconds */
#define RBD_RETRY_DELAY         msecs_to_jiffies(1000)

/* Feature bits */

#define RBD_FEATURE_LAYERING            (1ULL<<0)
#define RBD_FEATURE_STRIPINGV2          (1ULL<<1)
#define RBD_FEATURE_EXCLUSIVE_LOCK      (1ULL<<2)
#define RBD_FEATURE_OBJECT_MAP          (1ULL<<3)
#define RBD_FEATURE_FAST_DIFF           (1ULL<<4)
#define RBD_FEATURE_DEEP_FLATTEN        (1ULL<<5)
#define RBD_FEATURE_DATA_POOL           (1ULL<<7)
#define RBD_FEATURE_OPERATIONS          (1ULL<<8)

#define RBD_FEATURES_ALL        (RBD_FEATURE_LAYERING |         \
                                 RBD_FEATURE_STRIPINGV2 |       \
                                 RBD_FEATURE_EXCLUSIVE_LOCK |   \
                                 RBD_FEATURE_OBJECT_MAP |       \
                                 RBD_FEATURE_FAST_DIFF |        \
                                 RBD_FEATURE_DEEP_FLATTEN |     \
                                 RBD_FEATURE_DATA_POOL |        \
                                 RBD_FEATURE_OPERATIONS)

/* Features supported by this (client software) implementation. */

#define RBD_FEATURES_SUPPORTED  (RBD_FEATURES_ALL)

/*
 * An RBD device name will be "rbd#", where the "rbd" comes from
 * RBD_DRV_NAME above, and # is a unique integer identifier.
 */
#define DEV_NAME_LEN            32

/*
 * block device image metadata (in-memory version)
 */
struct rbd_image_header {
        /* These six fields never change for a given rbd image */
        char *object_prefix;
        __u8 obj_order;
        u64 stripe_unit;
        u64 stripe_count;
        s64 data_pool_id;
        u64 features;           /* Might be changeable someday? */

        /* The remaining fields need to be updated occasionally */
        u64 image_size;
        struct ceph_snap_context *snapc;
        char *snap_names;       /* format 1 only */
        u64 *snap_sizes;        /* format 1 only */
};

/*
 * An rbd image specification.
 *
 * The tuple (pool_id, image_id, snap_id) is sufficient to uniquely
 * identify an image.  Each rbd_dev structure includes a pointer to
 * an rbd_spec structure that encapsulates this identity.
 *
 * Each of the id's in an rbd_spec has an associated name.  For a
 * user-mapped image, the names are supplied and the id's associated
 * with them are looked up.  For a layered image, a parent image is
 * defined by the tuple, and the names are looked up.
 *
 * An rbd_dev structure contains a parent_spec pointer which is
 * non-null if the image it represents is a child in a layered
 * image.  This pointer will refer to the rbd_spec structure used
 * by the parent rbd_dev for its own identity (i.e., the structure
 * is shared between the parent and child).
 *
 * Since these structures are populated once, during the discovery
 * phase of image construction, they are effectively immutable so
 * we make no effort to synchronize access to them.
 *
 * Note that code herein does not assume the image name is known (it
 * could be a null pointer).
 */
struct rbd_spec {
        u64             pool_id;
        const char      *pool_name;
        const char      *pool_ns;       /* NULL if default, never "" */

        const char      *image_id;
        const char      *image_name;

        u64             snap_id;
        const char      *snap_name;

        struct kref     kref;
};

/*
 * an instance of the client.  multiple devices may share an rbd client.
 */
struct rbd_client {
        struct ceph_client      *client;
        struct kref             kref;
        struct list_head        node;
};

struct pending_result {
        int                     result;         /* first nonzero result */
        int                     num_pending;
};

struct rbd_img_request;

enum obj_request_type {
        OBJ_REQUEST_NODATA = 1,
        OBJ_REQUEST_BIO,        /* pointer into provided bio (list) */
        OBJ_REQUEST_BVECS,      /* pointer into provided bio_vec array */
        OBJ_REQUEST_OWN_BVECS,  /* private bio_vec array, doesn't own pages */
};

enum obj_operation_type {
        OBJ_OP_READ = 1,
        OBJ_OP_WRITE,
        OBJ_OP_DISCARD,
        OBJ_OP_ZEROOUT,
};

#define RBD_OBJ_FLAG_DELETION                   (1U << 0)
#define RBD_OBJ_FLAG_COPYUP_ENABLED             (1U << 1)
#define RBD_OBJ_FLAG_COPYUP_ZEROS               (1U << 2)
#define RBD_OBJ_FLAG_MAY_EXIST                  (1U << 3)
#define RBD_OBJ_FLAG_NOOP_FOR_NONEXISTENT       (1U << 4)

enum rbd_obj_read_state {
        RBD_OBJ_READ_START = 1,
        RBD_OBJ_READ_OBJECT,
        RBD_OBJ_READ_PARENT,
};

/*
 * Writes go through the following state machine to deal with
 * layering:
 *
 *            . . . . . RBD_OBJ_WRITE_GUARD. . . . . . . . . . . . . .
 *            .                 |                                    .
 *            .                 v                                    .
 *            .    RBD_OBJ_WRITE_READ_FROM_PARENT. . .               .
 *            .                 |                    .               .
 *            .                 v                    v (deep-copyup  .
 *    (image  .   RBD_OBJ_WRITE_COPYUP_EMPTY_SNAPC   .  not needed)  .
 * flattened) v                 |                    .               .
 *            .                 v                    .               .
 *            . . . .RBD_OBJ_WRITE_COPYUP_OPS. . . . .      (copyup  .
 *                              |                        not needed) v
 *                              v                                    .
 *                            done . . . . . . . . . . . . . . . . . .
 *                              ^
 *                              |
 *                     RBD_OBJ_WRITE_FLAT
 *
 * Writes start in RBD_OBJ_WRITE_GUARD or _FLAT, depending on whether
 * assert_exists guard is needed or not (in some cases it's not needed
 * even if there is a parent).
 */
enum rbd_obj_write_state {
        RBD_OBJ_WRITE_START = 1,
        RBD_OBJ_WRITE_PRE_OBJECT_MAP,
        RBD_OBJ_WRITE_OBJECT,
        __RBD_OBJ_WRITE_COPYUP,
        RBD_OBJ_WRITE_COPYUP,
        RBD_OBJ_WRITE_POST_OBJECT_MAP,
};

enum rbd_obj_copyup_state {
        RBD_OBJ_COPYUP_START = 1,
        RBD_OBJ_COPYUP_READ_PARENT,
        __RBD_OBJ_COPYUP_OBJECT_MAPS,
        RBD_OBJ_COPYUP_OBJECT_MAPS,
        __RBD_OBJ_COPYUP_WRITE_OBJECT,
        RBD_OBJ_COPYUP_WRITE_OBJECT,
};

struct rbd_obj_request {
        struct ceph_object_extent ex;
        unsigned int            flags;  /* RBD_OBJ_FLAG_* */
        union {
                enum rbd_obj_read_state  read_state;    /* for reads */
                enum rbd_obj_write_state write_state;   /* for writes */
        };

        struct rbd_img_request  *img_request;
        struct ceph_file_extent *img_extents;
        u32                     num_img_extents;

        union {
                struct ceph_bio_iter    bio_pos;
                struct {
                        struct ceph_bvec_iter   bvec_pos;
                        u32                     bvec_count;
                        u32                     bvec_idx;
                };
        };

        enum rbd_obj_copyup_state copyup_state;
        struct bio_vec          *copyup_bvecs;
        u32                     copyup_bvec_count;

        struct list_head        osd_reqs;       /* w/ r_private_item */

        struct mutex            state_mutex;
        struct pending_result   pending;
        struct kref             kref;
};

enum img_req_flags {
        IMG_REQ_CHILD,          /* initiator: block = 0, child image = 1 */
        IMG_REQ_LAYERED,        /* ENOENT handling: normal = 0, layered = 1 */
};

enum rbd_img_state {
        RBD_IMG_START = 1,
        RBD_IMG_EXCLUSIVE_LOCK,
        __RBD_IMG_OBJECT_REQUESTS,
        RBD_IMG_OBJECT_REQUESTS,
};

struct rbd_img_request {
        struct rbd_device       *rbd_dev;
        enum obj_operation_type op_type;
        enum obj_request_type   data_type;
        unsigned long           flags;
        enum rbd_img_state      state;
        union {
                u64                     snap_id;        /* for reads */
                struct ceph_snap_context *snapc;        /* for writes */
        };
        struct rbd_obj_request  *obj_request;   /* obj req initiator */

        struct list_head        lock_item;
        struct list_head        object_extents; /* obj_req.ex structs */

        struct mutex            state_mutex;
        struct pending_result   pending;
        struct work_struct      work;
        int                     work_result;
};

#define for_each_obj_request(ireq, oreq) \
        list_for_each_entry(oreq, &(ireq)->object_extents, ex.oe_item)
#define for_each_obj_request_safe(ireq, oreq, n) \
        list_for_each_entry_safe(oreq, n, &(ireq)->object_extents, ex.oe_item)

enum rbd_watch_state {
        RBD_WATCH_STATE_UNREGISTERED,
        RBD_WATCH_STATE_REGISTERED,
        RBD_WATCH_STATE_ERROR,
};

enum rbd_lock_state {
        RBD_LOCK_STATE_UNLOCKED,
        RBD_LOCK_STATE_LOCKED,
        RBD_LOCK_STATE_RELEASING,
};

/* WatchNotify::ClientId */
struct rbd_client_id {
        u64 gid;
        u64 handle;
};

struct rbd_mapping {
        u64                     size;
};

/*
 * a single device
 */
struct rbd_device {
        int                     dev_id;         /* blkdev unique id */

        int                     major;          /* blkdev assigned major */
        int                     minor;
        struct gendisk          *disk;          /* blkdev's gendisk and rq */

        u32                     image_format;   /* Either 1 or 2 */
        struct rbd_client       *rbd_client;

        char                    name[DEV_NAME_LEN]; /* blkdev name, e.g. rbd3 */

        spinlock_t              lock;           /* queue, flags, open_count */

        struct rbd_image_header header;
        unsigned long           flags;          /* possibly lock protected */
        struct rbd_spec         *spec;
        struct rbd_options      *opts;
        char                    *config_info;   /* add{,_single_major} string */

        struct ceph_object_id   header_oid;
        struct ceph_object_locator header_oloc;

        struct ceph_file_layout layout;         /* used for all rbd requests */

        struct mutex            watch_mutex;
        enum rbd_watch_state    watch_state;
        struct ceph_osd_linger_request *watch_handle;
        u64                     watch_cookie;
        struct delayed_work     watch_dwork;

        struct rw_semaphore     lock_rwsem;
        enum rbd_lock_state     lock_state;
        char                    lock_cookie[32];
        struct rbd_client_id    owner_cid;
        struct work_struct      acquired_lock_work;
        struct work_struct      released_lock_work;
        struct delayed_work     lock_dwork;
        struct work_struct      unlock_work;
        spinlock_t              lock_lists_lock;
        struct list_head        acquiring_list;
        struct list_head        running_list;
        struct completion       acquire_wait;
        int                     acquire_err;
        struct completion       releasing_wait;

        spinlock_t              object_map_lock;
        u8                      *object_map;
        u64                     object_map_size;        /* in objects */
        u64                     object_map_flags;

        struct workqueue_struct *task_wq;

        struct rbd_spec         *parent_spec;
        u64                     parent_overlap;
        atomic_t                parent_ref;
        struct rbd_device       *parent;

        /* Block layer tags. */
        struct blk_mq_tag_set   tag_set;

        /* protects updating the header */
        struct rw_semaphore     header_rwsem;

        struct rbd_mapping      mapping;

        struct list_head        node;

        /* sysfs related */
        struct device           dev;
        unsigned long           open_count;     /* protected by lock */
};

/*
 * Flag bits for rbd_dev->flags:
 * - REMOVING (which is coupled with rbd_dev->open_count) is protected
 *   by rbd_dev->lock
 */
enum rbd_dev_flags {
        RBD_DEV_FLAG_EXISTS,    /* rbd_dev_device_setup() ran */
        RBD_DEV_FLAG_REMOVING,  /* this mapping is being removed */
        RBD_DEV_FLAG_READONLY,  /* -o ro or snapshot */
};

static DEFINE_MUTEX(client_mutex);      /* Serialize client creation */

static LIST_HEAD(rbd_dev_list);    /* devices */
static DEFINE_SPINLOCK(rbd_dev_list_lock);

static LIST_HEAD(rbd_client_list);              /* clients */
static DEFINE_SPINLOCK(rbd_client_list_lock);

/* Slab caches for frequently-allocated structures */

static struct kmem_cache        *rbd_img_request_cache;
static struct kmem_cache        *rbd_obj_request_cache;

static int rbd_major;
static DEFINE_IDA(rbd_dev_id_ida);

static struct workqueue_struct *rbd_wq;

static struct ceph_snap_context rbd_empty_snapc = {
        .nref = REFCOUNT_INIT(1),
};

/*
 * single-major requires >= 0.75 version of userspace rbd utility.
 */
static bool single_major = true;
module_param(single_major, bool, 0444);
MODULE_PARM_DESC(single_major, "Use a single major number for all rbd devices (default: true)");

static ssize_t add_store(struct bus_type *bus, const char *buf, size_t count);
static ssize_t remove_store(struct bus_type *bus, const char *buf,
                            size_t count);
static ssize_t add_single_major_store(struct bus_type *bus, const char *buf,
                                      size_t count);
static ssize_t remove_single_major_store(struct bus_type *bus, const char *buf,
                                         size_t count);
static int rbd_dev_image_probe(struct rbd_device *rbd_dev, int depth);

static int rbd_dev_id_to_minor(int dev_id)
{
        return dev_id << RBD_SINGLE_MAJOR_PART_SHIFT;
}

static int minor_to_rbd_dev_id(int minor)
{
        return minor >> RBD_SINGLE_MAJOR_PART_SHIFT;
}

static bool rbd_is_ro(struct rbd_device *rbd_dev)
{
        return test_bit(RBD_DEV_FLAG_READONLY, &rbd_dev->flags);
}

static bool rbd_is_snap(struct rbd_device *rbd_dev)
{
        return rbd_dev->spec->snap_id != CEPH_NOSNAP;
}

static bool __rbd_is_lock_owner(struct rbd_device *rbd_dev)
{
        lockdep_assert_held(&rbd_dev->lock_rwsem);

        return rbd_dev->lock_state == RBD_LOCK_STATE_LOCKED ||
               rbd_dev->lock_state == RBD_LOCK_STATE_RELEASING;
}

static bool rbd_is_lock_owner(struct rbd_device *rbd_dev)
{
        bool is_lock_owner;

        down_read(&rbd_dev->lock_rwsem);
        is_lock_owner = __rbd_is_lock_owner(rbd_dev);
        up_read(&rbd_dev->lock_rwsem);
        return is_lock_owner;
}

static ssize_t supported_features_show(struct bus_type *bus, char *buf)
{
        return sprintf(buf, "0x%llx\n", RBD_FEATURES_SUPPORTED);
}

static BUS_ATTR_WO(add);
static BUS_ATTR_WO(remove);
static BUS_ATTR_WO(add_single_major);
static BUS_ATTR_WO(remove_single_major);
static BUS_ATTR_RO(supported_features);

static struct attribute *rbd_bus_attrs[] = {
        &bus_attr_add.attr,
        &bus_attr_remove.attr,
        &bus_attr_add_single_major.attr,
        &bus_attr_remove_single_major.attr,
        &bus_attr_supported_features.attr,
        NULL,
};

static umode_t rbd_bus_is_visible(struct kobject *kobj,
                                  struct attribute *attr, int index)
{
        if (!single_major &&
            (attr == &bus_attr_add_single_major.attr ||
             attr == &bus_attr_remove_single_major.attr))
                return 0;

        return attr->mode;
}

static const struct attribute_group rbd_bus_group = {
        .attrs = rbd_bus_attrs,
        .is_visible = rbd_bus_is_visible,
};
__ATTRIBUTE_GROUPS(rbd_bus);

static struct bus_type rbd_bus_type = {
        .name           = "rbd",
        .bus_groups     = rbd_bus_groups,
};

static void rbd_root_dev_release(struct device *dev)
{
}

static struct device rbd_root_dev = {
        .init_name =    "rbd",
        .release =      rbd_root_dev_release,
};

static __printf(2, 3)
void rbd_warn(struct rbd_device *rbd_dev, const char *fmt, ...)
{
        struct va_format vaf;
        va_list args;

        va_start(args, fmt);
        vaf.fmt = fmt;
        vaf.va = &args;

        if (!rbd_dev)
                printk(KERN_WARNING "%s: %pV\n", RBD_DRV_NAME, &vaf);
        else if (rbd_dev->disk)
                printk(KERN_WARNING "%s: %s: %pV\n",
                        RBD_DRV_NAME, rbd_dev->disk->disk_name, &vaf);
        else if (rbd_dev->spec && rbd_dev->spec->image_name)
                printk(KERN_WARNING "%s: image %s: %pV\n",
                        RBD_DRV_NAME, rbd_dev->spec->image_name, &vaf);
        else if (rbd_dev->spec && rbd_dev->spec->image_id)
                printk(KERN_WARNING "%s: id %s: %pV\n",
                        RBD_DRV_NAME, rbd_dev->spec->image_id, &vaf);
        else    /* punt */
                printk(KERN_WARNING "%s: rbd_dev %p: %pV\n",
                        RBD_DRV_NAME, rbd_dev, &vaf);
        va_end(args);
}

#ifdef RBD_DEBUG
#define rbd_assert(expr)                                                \
                if (unlikely(!(expr))) {                                \
                        printk(KERN_ERR "\nAssertion failure in %s() "  \
                                                "at line %d:\n\n"       \
                                        "\trbd_assert(%s);\n\n",        \
                                        __func__, __LINE__, #expr);     \
                        BUG();                                          \
                }
#else /* !RBD_DEBUG */
#  define rbd_assert(expr)      ((void) 0)
#endif /* !RBD_DEBUG */

static void rbd_dev_remove_parent(struct rbd_device *rbd_dev);

static int rbd_dev_refresh(struct rbd_device *rbd_dev);
static int rbd_dev_v2_header_onetime(struct rbd_device *rbd_dev);
static int rbd_dev_header_info(struct rbd_device *rbd_dev);
static int rbd_dev_v2_parent_info(struct rbd_device *rbd_dev);
static const char *rbd_dev_v2_snap_name(struct rbd_device *rbd_dev,
                                        u64 snap_id);
static int _rbd_dev_v2_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
                                u8 *order, u64 *snap_size);
static int rbd_dev_v2_get_flags(struct rbd_device *rbd_dev);

static void rbd_obj_handle_request(struct rbd_obj_request *obj_req, int result);
static void rbd_img_handle_request(struct rbd_img_request *img_req, int result);

/*
 * Return true if nothing else is pending.
 */
static bool pending_result_dec(struct pending_result *pending, int *result)
{
        rbd_assert(pending->num_pending > 0);

        if (*result && !pending->result)
                pending->result = *result;
        if (--pending->num_pending)
                return false;

        *result = pending->result;
        return true;
}

static int rbd_open(struct block_device *bdev, fmode_t mode)
{
        struct rbd_device *rbd_dev = bdev->bd_disk->private_data;
        bool removing = false;

        spin_lock_irq(&rbd_dev->lock);
        if (test_bit(RBD_DEV_FLAG_REMOVING, &rbd_dev->flags))
                removing = true;
        else
                rbd_dev->open_count++;
        spin_unlock_irq(&rbd_dev->lock);
        if (removing)
                return -ENOENT;

        (void) get_device(&rbd_dev->dev);

        return 0;
}

static void rbd_release(struct gendisk *disk, fmode_t mode)
{
        struct rbd_device *rbd_dev = disk->private_data;
        unsigned long open_count_before;

        spin_lock_irq(&rbd_dev->lock);
        open_count_before = rbd_dev->open_count--;
        spin_unlock_irq(&rbd_dev->lock);
        rbd_assert(open_count_before > 0);

        put_device(&rbd_dev->dev);
}

static const struct block_device_operations rbd_bd_ops = {
        .owner                  = THIS_MODULE,
        .open                   = rbd_open,
        .release                = rbd_release,
};

/*
 * Initialize an rbd client instance.  Success or not, this function
 * consumes ceph_opts.  Caller holds client_mutex.
 */
static struct rbd_client *rbd_client_create(struct ceph_options *ceph_opts)
{
        struct rbd_client *rbdc;
        int ret = -ENOMEM;

        dout("%s:\n", __func__);
        rbdc = kmalloc(sizeof(struct rbd_client), GFP_KERNEL);
        if (!rbdc)
                goto out_opt;

        kref_init(&rbdc->kref);
        INIT_LIST_HEAD(&rbdc->node);

        rbdc->client = ceph_create_client(ceph_opts, rbdc);
        if (IS_ERR(rbdc->client))
                goto out_rbdc;
        ceph_opts = NULL; /* Now rbdc->client is responsible for ceph_opts */

        ret = ceph_open_session(rbdc->client);
        if (ret < 0)
                goto out_client;

        spin_lock(&rbd_client_list_lock);
        list_add_tail(&rbdc->node, &rbd_client_list);
        spin_unlock(&rbd_client_list_lock);

        dout("%s: rbdc %p\n", __func__, rbdc);

        return rbdc;
out_client:
        ceph_destroy_client(rbdc->client);
out_rbdc:
        kfree(rbdc);
out_opt:
        if (ceph_opts)
                ceph_destroy_options(ceph_opts);
        dout("%s: error %d\n", __func__, ret);

        return ERR_PTR(ret);
}

static struct rbd_client *__rbd_get_client(struct rbd_client *rbdc)
{
        kref_get(&rbdc->kref);

        return rbdc;
}

/*
 * Find a ceph client with specific addr and configuration.  If
 * found, bump its reference count.
 */
static struct rbd_client *rbd_client_find(struct ceph_options *ceph_opts)
{
        struct rbd_client *client_node;
        bool found = false;

        if (ceph_opts->flags & CEPH_OPT_NOSHARE)
                return NULL;

        spin_lock(&rbd_client_list_lock);
        list_for_each_entry(client_node, &rbd_client_list, node) {
                if (!ceph_compare_options(ceph_opts, client_node->client)) {
                        __rbd_get_client(client_node);

                        found = true;
                        break;
                }
        }
        spin_unlock(&rbd_client_list_lock);

        return found ? client_node : NULL;
}

/*
 * (Per device) rbd map options
 */
enum {
        Opt_queue_depth,
        Opt_alloc_size,
        Opt_lock_timeout,
        /* int args above */
        Opt_pool_ns,
        Opt_compression_hint,
        /* string args above */
        Opt_read_only,
        Opt_read_write,
        Opt_lock_on_read,
        Opt_exclusive,
        Opt_notrim,
};

enum {
        Opt_compression_hint_none,
        Opt_compression_hint_compressible,
        Opt_compression_hint_incompressible,
};

static const struct constant_table rbd_param_compression_hint[] = {
        {"none",                Opt_compression_hint_none},
        {"compressible",        Opt_compression_hint_compressible},
        {"incompressible",      Opt_compression_hint_incompressible},
        {}
};

static const struct fs_parameter_spec rbd_parameters[] = {
        fsparam_u32     ("alloc_size",                  Opt_alloc_size),
        fsparam_enum    ("compression_hint",            Opt_compression_hint,
                         rbd_param_compression_hint),
        fsparam_flag    ("exclusive",                   Opt_exclusive),
        fsparam_flag    ("lock_on_read",                Opt_lock_on_read),
        fsparam_u32     ("lock_timeout",                Opt_lock_timeout),
        fsparam_flag    ("notrim",                      Opt_notrim),
        fsparam_string  ("_pool_ns",                    Opt_pool_ns),
        fsparam_u32     ("queue_depth",                 Opt_queue_depth),
        fsparam_flag    ("read_only",                   Opt_read_only),
        fsparam_flag    ("read_write",                  Opt_read_write),
        fsparam_flag    ("ro",                          Opt_read_only),
        fsparam_flag    ("rw",                          Opt_read_write),
        {}
};

struct rbd_options {
        int     queue_depth;
        int     alloc_size;
        unsigned long   lock_timeout;
        bool    read_only;
        bool    lock_on_read;
        bool    exclusive;
        bool    trim;

        u32 alloc_hint_flags;  /* CEPH_OSD_OP_ALLOC_HINT_FLAG_* */
};

#define RBD_QUEUE_DEPTH_DEFAULT BLKDEV_MAX_RQ
#define RBD_ALLOC_SIZE_DEFAULT  (64 * 1024)
#define RBD_LOCK_TIMEOUT_DEFAULT 0  /* no timeout */
#define RBD_READ_ONLY_DEFAULT   false
#define RBD_LOCK_ON_READ_DEFAULT false
#define RBD_EXCLUSIVE_DEFAULT   false
#define RBD_TRIM_DEFAULT        true

struct rbd_parse_opts_ctx {
        struct rbd_spec         *spec;
        struct ceph_options     *copts;
        struct rbd_options      *opts;
};

static char* obj_op_name(enum obj_operation_type op_type)
{
        switch (op_type) {
        case OBJ_OP_READ:
                return "read";
        case OBJ_OP_WRITE:
                return "write";
        case OBJ_OP_DISCARD:
                return "discard";
        case OBJ_OP_ZEROOUT:
                return "zeroout";
        default:
                return "???";
        }
}

/*
 * Destroy ceph client
 *
 * Caller must hold rbd_client_list_lock.
 */
static void rbd_client_release(struct kref *kref)
{
        struct rbd_client *rbdc = container_of(kref, struct rbd_client, kref);

        dout("%s: rbdc %p\n", __func__, rbdc);
        spin_lock(&rbd_client_list_lock);
        list_del(&rbdc->node);
        spin_unlock(&rbd_client_list_lock);

        ceph_destroy_client(rbdc->client);
        kfree(rbdc);
}

/*
 * Drop reference to ceph client node. If it's not referenced anymore, release
 * it.
 */
static void rbd_put_client(struct rbd_client *rbdc)
{
        if (rbdc)
                kref_put(&rbdc->kref, rbd_client_release);
}

/*
 * Get a ceph client with specific addr and configuration, if one does
 * not exist create it.  Either way, ceph_opts is consumed by this
 * function.
 */
static struct rbd_client *rbd_get_client(struct ceph_options *ceph_opts)
{
        struct rbd_client *rbdc;
        int ret;

        mutex_lock(&client_mutex);
        rbdc = rbd_client_find(ceph_opts);
        if (rbdc) {
                ceph_destroy_options(ceph_opts);

                /*
                 * Using an existing client.  Make sure ->pg_pools is up to
                 * date before we look up the pool id in do_rbd_add().
                 */
                ret = ceph_wait_for_latest_osdmap(rbdc->client,
                                        rbdc->client->options->mount_timeout);
                if (ret) {
                        rbd_warn(NULL, "failed to get latest osdmap: %d", ret);
                        rbd_put_client(rbdc);
                        rbdc = ERR_PTR(ret);
                }
        } else {
                rbdc = rbd_client_create(ceph_opts);
        }
        mutex_unlock(&client_mutex);

        return rbdc;
}

static bool rbd_image_format_valid(u32 image_format)
{
        return image_format == 1 || image_format == 2;
}

static bool rbd_dev_ondisk_valid(struct rbd_image_header_ondisk *ondisk)
{
        size_t size;
        u32 snap_count;

        /* The header has to start with the magic rbd header text */
        if (memcmp(&ondisk->text, RBD_HEADER_TEXT, sizeof (RBD_HEADER_TEXT)))
                return false;

        /* The bio layer requires at least sector-sized I/O */

        if (ondisk->options.order < SECTOR_SHIFT)
                return false;

        /* If we use u64 in a few spots we may be able to loosen this */

        if (ondisk->options.order > 8 * sizeof (int) - 1)
                return false;

        /*
         * The size of a snapshot header has to fit in a size_t, and
         * that limits the number of snapshots.
         */
        snap_count = le32_to_cpu(ondisk->snap_count);
        size = SIZE_MAX - sizeof (struct ceph_snap_context);
        if (snap_count > size / sizeof (__le64))
                return false;

        /*
         * Not only that, but the size of the entire the snapshot
         * header must also be representable in a size_t.
         */
        size -= snap_count * sizeof (__le64);
        if ((u64) size < le64_to_cpu(ondisk->snap_names_len))
                return false;

        return true;
}

/*
 * returns the size of an object in the image
 */
static u32 rbd_obj_bytes(struct rbd_image_header *header)
{
        return 1U << header->obj_order;
}

static void rbd_init_layout(struct rbd_device *rbd_dev)
{
        if (rbd_dev->header.stripe_unit == 0 ||
            rbd_dev->header.stripe_count == 0) {
                rbd_dev->header.stripe_unit = rbd_obj_bytes(&rbd_dev->header);
                rbd_dev->header.stripe_count = 1;
        }

        rbd_dev->layout.stripe_unit = rbd_dev->header.stripe_unit;
        rbd_dev->layout.stripe_count = rbd_dev->header.stripe_count;
        rbd_dev->layout.object_size = rbd_obj_bytes(&rbd_dev->header);
        rbd_dev->layout.pool_id = rbd_dev->header.data_pool_id == CEPH_NOPOOL ?
                          rbd_dev->spec->pool_id : rbd_dev->header.data_pool_id;
        RCU_INIT_POINTER(rbd_dev->layout.pool_ns, NULL);
}

/*
 * Fill an rbd image header with information from the given format 1

 * on-disk header.
 */
static int rbd_header_from_disk(struct rbd_device *rbd_dev,
                                 struct rbd_image_header_ondisk *ondisk)
{
        struct rbd_image_header *header = &rbd_dev->header;
        bool first_time = header->object_prefix == NULL;
        struct ceph_snap_context *snapc;
        char *object_prefix = NULL;
        char *snap_names = NULL;
        u64 *snap_sizes = NULL;
        u32 snap_count;
        int ret = -ENOMEM;
        u32 i;

        /* Allocate this now to avoid having to handle failure below */

        if (first_time) {
                object_prefix = kstrndup(ondisk->object_prefix,
                                         sizeof(ondisk->object_prefix),
                                         GFP_KERNEL);
                if (!object_prefix)
                        return -ENOMEM;
        }

        /* Allocate the snapshot context and fill it in */

        snap_count = le32_to_cpu(ondisk->snap_count);
        snapc = ceph_create_snap_context(snap_count, GFP_KERNEL);
        if (!snapc)
                goto out_err;
        snapc->seq = le64_to_cpu(ondisk->snap_seq);
        if (snap_count) {
                struct rbd_image_snap_ondisk *snaps;
                u64 snap_names_len = le64_to_cpu(ondisk->snap_names_len);

                /* We'll keep a copy of the snapshot names... */

                if (snap_names_len > (u64)SIZE_MAX)
                        goto out_2big;
                snap_names = kmalloc(snap_names_len, GFP_KERNEL);
                if (!snap_names)
                        goto out_err;

                /* ...as well as the array of their sizes. */
                snap_sizes = kmalloc_array(snap_count,
                                           sizeof(*header->snap_sizes),
                                           GFP_KERNEL);
                if (!snap_sizes)
                        goto out_err;

                /*
                 * Copy the names, and fill in each snapshot's id
                 * and size.
                 *
                 * Note that rbd_dev_v1_header_info() guarantees the
                 * ondisk buffer we're working with has
                 * snap_names_len bytes beyond the end of the
                 * snapshot id array, this memcpy() is safe.
                 */
                memcpy(snap_names, &ondisk->snaps[snap_count], snap_names_len);
                snaps = ondisk->snaps;
                for (i = 0; i < snap_count; i++) {
                        snapc->snaps[i] = le64_to_cpu(snaps[i].id);
                        snap_sizes[i] = le64_to_cpu(snaps[i].image_size);
                }
        }

        /* We won't fail any more, fill in the header */

        if (first_time) {
                header->object_prefix = object_prefix;
                header->obj_order = ondisk->options.order;
                rbd_init_layout(rbd_dev);
        } else {
                ceph_put_snap_context(header->snapc);
                kfree(header->snap_names);
                kfree(header->snap_sizes);
        }

        /* The remaining fields always get updated (when we refresh) */

        header->image_size = le64_to_cpu(ondisk->image_size);
        header->snapc = snapc;
        header->snap_names = snap_names;
        header->snap_sizes = snap_sizes;

        return 0;
out_2big:
        ret = -EIO;
out_err:
        kfree(snap_sizes);
        kfree(snap_names);
        ceph_put_snap_context(snapc);
        kfree(object_prefix);

        return ret;
}

static const char *_rbd_dev_v1_snap_name(struct rbd_device *rbd_dev, u32 which)
{
        const char *snap_name;

        rbd_assert(which < rbd_dev->header.snapc->num_snaps);

        /* Skip over names until we find the one we are looking for */

        snap_name = rbd_dev->header.snap_names;
        while (which--)
                snap_name += strlen(snap_name) + 1;

        return kstrdup(snap_name, GFP_KERNEL);
}

/*
 * Snapshot id comparison function for use with qsort()/bsearch().
 * Note that result is for snapshots in *descending* order.
 */
static int snapid_compare_reverse(const void *s1, const void *s2)
{
        u64 snap_id1 = *(u64 *)s1;
        u64 snap_id2 = *(u64 *)s2;

        if (snap_id1 < snap_id2)
                return 1;
        return snap_id1 == snap_id2 ? 0 : -1;
}

/*
 * Search a snapshot context to see if the given snapshot id is
 * present.
 *
 * Returns the position of the snapshot id in the array if it's found,
 * or BAD_SNAP_INDEX otherwise.
 *
 * Note: The snapshot array is in kept sorted (by the osd) in
 * reverse order, highest snapshot id first.
 */
static u32 rbd_dev_snap_index(struct rbd_device *rbd_dev, u64 snap_id)
{
        struct ceph_snap_context *snapc = rbd_dev->header.snapc;
        u64 *found;

        found = bsearch(&snap_id, &snapc->snaps, snapc->num_snaps,
                                sizeof (snap_id), snapid_compare_reverse);

        return found ? (u32)(found - &snapc->snaps[0]) : BAD_SNAP_INDEX;
}

static const char *rbd_dev_v1_snap_name(struct rbd_device *rbd_dev,
                                        u64 snap_id)
{
        u32 which;
        const char *snap_name;

        which = rbd_dev_snap_index(rbd_dev, snap_id);
        if (which == BAD_SNAP_INDEX)
                return ERR_PTR(-ENOENT);

        snap_name = _rbd_dev_v1_snap_name(rbd_dev, which);
        return snap_name ? snap_name : ERR_PTR(-ENOMEM);
}

static const char *rbd_snap_name(struct rbd_device *rbd_dev, u64 snap_id)
{
        if (snap_id == CEPH_NOSNAP)
                return RBD_SNAP_HEAD_NAME;

        rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
        if (rbd_dev->image_format == 1)
                return rbd_dev_v1_snap_name(rbd_dev, snap_id);

        return rbd_dev_v2_snap_name(rbd_dev, snap_id);
}

static int rbd_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
                                u64 *snap_size)
{
        rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
        if (snap_id == CEPH_NOSNAP) {
                *snap_size = rbd_dev->header.image_size;
        } else if (rbd_dev->image_format == 1) {
                u32 which;

                which = rbd_dev_snap_index(rbd_dev, snap_id);
                if (which == BAD_SNAP_INDEX)
                        return -ENOENT;

                *snap_size = rbd_dev->header.snap_sizes[which];
        } else {
                u64 size = 0;
                int ret;

                ret = _rbd_dev_v2_snap_size(rbd_dev, snap_id, NULL, &size);
                if (ret)
                        return ret;

                *snap_size = size;
        }
        return 0;
}

static int rbd_dev_mapping_set(struct rbd_device *rbd_dev)
{
        u64 snap_id = rbd_dev->spec->snap_id;
        u64 size = 0;
        int ret;

        ret = rbd_snap_size(rbd_dev, snap_id, &size);
        if (ret)
                return ret;

        rbd_dev->mapping.size = size;
        return 0;
}

static void rbd_dev_mapping_clear(struct rbd_device *rbd_dev)
{
        rbd_dev->mapping.size = 0;
}

static void zero_bvec(struct bio_vec *bv)
{
        void *buf;
        unsigned long flags;

        buf = bvec_kmap_irq(bv, &flags);
        memset(buf, 0, bv->bv_len);
        flush_dcache_page(bv->bv_page);
        bvec_kunmap_irq(buf, &flags);
}

static void zero_bios(struct ceph_bio_iter *bio_pos, u32 off, u32 bytes)
{
        struct ceph_bio_iter it = *bio_pos;

        ceph_bio_iter_advance(&it, off);
        ceph_bio_iter_advance_step(&it, bytes, ({
                zero_bvec(&bv);
        }));
}

static void zero_bvecs(struct ceph_bvec_iter *bvec_pos, u32 off, u32 bytes)
{
        struct ceph_bvec_iter it = *bvec_pos;

        ceph_bvec_iter_advance(&it, off);
        ceph_bvec_iter_advance_step(&it, bytes, ({
                zero_bvec(&bv);
        }));
}

/*
 * Zero a range in @obj_req data buffer defined by a bio (list) or
 * (private) bio_vec array.
 *
 * @off is relative to the start of the data buffer.
 */
static void rbd_obj_zero_range(struct rbd_obj_request *obj_req, u32 off,
                               u32 bytes)
{
        dout("%s %p data buf %u~%u\n", __func__, obj_req, off, bytes);

        switch (obj_req->img_request->data_type) {
        case OBJ_REQUEST_BIO:
                zero_bios(&obj_req->bio_pos, off, bytes);
                break;
        case OBJ_REQUEST_BVECS:
        case OBJ_REQUEST_OWN_BVECS:
                zero_bvecs(&obj_req->bvec_pos, off, bytes);
                break;
        default:
                BUG();
        }
}

static void rbd_obj_request_destroy(struct kref *kref);
static void rbd_obj_request_put(struct rbd_obj_request *obj_request)
{
        rbd_assert(obj_request != NULL);
        dout("%s: obj %p (was %d)\n", __func__, obj_request,
                kref_read(&obj_request->kref));
        kref_put(&obj_request->kref, rbd_obj_request_destroy);
}

static inline void rbd_img_obj_request_add(struct rbd_img_request *img_request,
                                        struct rbd_obj_request *obj_request)
{
        rbd_assert(obj_request->img_request == NULL);

        /* Image request now owns object's original reference */
        obj_request->img_request = img_request;
        dout("%s: img %p obj %p\n", __func__, img_request, obj_request);
}

static inline void rbd_img_obj_request_del(struct rbd_img_request *img_request,
                                        struct rbd_obj_request *obj_request)
{
        dout("%s: img %p obj %p\n", __func__, img_request, obj_request);
        list_del(&obj_request->ex.oe_item);
        rbd_assert(obj_request->img_request == img_request);
        rbd_obj_request_put(obj_request);
}

static void rbd_osd_submit(struct ceph_osd_request *osd_req)
{
        struct rbd_obj_request *obj_req = osd_req->r_priv;

        dout("%s osd_req %p for obj_req %p objno %llu %llu~%llu\n",
             __func__, osd_req, obj_req, obj_req->ex.oe_objno,
             obj_req->ex.oe_off, obj_req->ex.oe_len);
        ceph_osdc_start_request(osd_req->r_osdc, osd_req, false);
}

/*
 * The default/initial value for all image request flags is 0.  Each
 * is conditionally set to 1 at image request initialization time
 * and currently never change thereafter.
 */
static void img_request_layered_set(struct rbd_img_request *img_request)
{
        set_bit(IMG_REQ_LAYERED, &img_request->flags);
}

static bool img_request_layered_test(struct rbd_img_request *img_request)
{
        return test_bit(IMG_REQ_LAYERED, &img_request->flags) != 0;
}

static bool rbd_obj_is_entire(struct rbd_obj_request *obj_req)
{
        struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;

        return !obj_req->ex.oe_off &&
               obj_req->ex.oe_len == rbd_dev->layout.object_size;
}

static bool rbd_obj_is_tail(struct rbd_obj_request *obj_req)
{
        struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;

        return obj_req->ex.oe_off + obj_req->ex.oe_len ==
                                        rbd_dev->layout.object_size;
}

/*
 * Must be called after rbd_obj_calc_img_extents().
 */
static bool rbd_obj_copyup_enabled(struct rbd_obj_request *obj_req)
{
        if (!obj_req->num_img_extents ||
            (rbd_obj_is_entire(obj_req) &&
             !obj_req->img_request->snapc->num_snaps))
                return false;

        return true;
}

static u64 rbd_obj_img_extents_bytes(struct rbd_obj_request *obj_req)
{
        return ceph_file_extents_bytes(obj_req->img_extents,
                                       obj_req->num_img_extents);
}

static bool rbd_img_is_write(struct rbd_img_request *img_req)
{
        switch (img_req->op_type) {
        case OBJ_OP_READ:
                return false;
        case OBJ_OP_WRITE:
        case OBJ_OP_DISCARD:
        case OBJ_OP_ZEROOUT:
                return true;
        default:
                BUG();
        }
}

static void rbd_osd_req_callback(struct ceph_osd_request *osd_req)
{
        struct rbd_obj_request *obj_req = osd_req->r_priv;
        int result;

        dout("%s osd_req %p result %d for obj_req %p\n", __func__, osd_req,
             osd_req->r_result, obj_req);

        /*
         * Writes aren't allowed to return a data payload.  In some
         * guarded write cases (e.g. stat + zero on an empty object)
         * a stat response makes it through, but we don't care.
         */
        if (osd_req->r_result > 0 && rbd_img_is_write(obj_req->img_request))
                result = 0;
        else
                result = osd_req->r_result;

        rbd_obj_handle_request(obj_req, result);
}

static void rbd_osd_format_read(struct ceph_osd_request *osd_req)
{
        struct rbd_obj_request *obj_request = osd_req->r_priv;
        struct rbd_device *rbd_dev = obj_request->img_request->rbd_dev;
        struct ceph_options *opt = rbd_dev->rbd_client->client->options;

        osd_req->r_flags = CEPH_OSD_FLAG_READ | opt->read_from_replica;
        osd_req->r_snapid = obj_request->img_request->snap_id;
}

static void rbd_osd_format_write(struct ceph_osd_request *osd_req)
{
        struct rbd_obj_request *obj_request = osd_req->r_priv;

        osd_req->r_flags = CEPH_OSD_FLAG_WRITE;
        ktime_get_real_ts64(&osd_req->r_mtime);
        osd_req->r_data_offset = obj_request->ex.oe_off;
}

static struct ceph_osd_request *
__rbd_obj_add_osd_request(struct rbd_obj_request *obj_req,
                          struct ceph_snap_context *snapc, int num_ops)
{
        struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
        struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
        struct ceph_osd_request *req;
        const char *name_format = rbd_dev->image_format == 1 ?
                                      RBD_V1_DATA_FORMAT : RBD_V2_DATA_FORMAT;
        int ret;

        req = ceph_osdc_alloc_request(osdc, snapc, num_ops, false, GFP_NOIO);
        if (!req)
                return ERR_PTR(-ENOMEM);

        list_add_tail(&req->r_private_item, &obj_req->osd_reqs);
        req->r_callback = rbd_osd_req_callback;
        req->r_priv = obj_req;

        /*
         * Data objects may be stored in a separate pool, but always in
         * the same namespace in that pool as the header in its pool.
         */
        ceph_oloc_copy(&req->r_base_oloc, &rbd_dev->header_oloc);
        req->r_base_oloc.pool = rbd_dev->layout.pool_id;

        ret = ceph_oid_aprintf(&req->r_base_oid, GFP_NOIO, name_format,
                               rbd_dev->header.object_prefix,
                               obj_req->ex.oe_objno);
        if (ret)
                return ERR_PTR(ret);

        return req;
}

static struct ceph_osd_request *
rbd_obj_add_osd_request(struct rbd_obj_request *obj_req, int num_ops)
{
        return __rbd_obj_add_osd_request(obj_req, obj_req->img_request->snapc,
                                         num_ops);
}

static struct rbd_obj_request *rbd_obj_request_create(void)
{
        struct rbd_obj_request *obj_request;

        obj_request = kmem_cache_zalloc(rbd_obj_request_cache, GFP_NOIO);
        if (!obj_request)
                return NULL;

        ceph_object_extent_init(&obj_request->ex);
        INIT_LIST_HEAD(&obj_request->osd_reqs);
        mutex_init(&obj_request->state_mutex);
        kref_init(&obj_request->kref);

        dout("%s %p\n", __func__, obj_request);
        return obj_request;
}

static void rbd_obj_request_destroy(struct kref *kref)
{
        struct rbd_obj_request *obj_request;
        struct ceph_osd_request *osd_req;
        u32 i;

        obj_request = container_of(kref, struct rbd_obj_request, kref);

        dout("%s: obj %p\n", __func__, obj_request);

        while (!list_empty(&obj_request->osd_reqs)) {
                osd_req = list_first_entry(&obj_request->osd_reqs,
                                    struct ceph_osd_request, r_private_item);
                list_del_init(&osd_req->r_private_item);
                ceph_osdc_put_request(osd_req);
        }

        switch (obj_request->img_request->data_type) {
        case OBJ_REQUEST_NODATA:
        case OBJ_REQUEST_BIO:
        case OBJ_REQUEST_BVECS:
                break;          /* Nothing to do */
        case OBJ_REQUEST_OWN_BVECS:
                kfree(obj_request->bvec_pos.bvecs);
                break;
        default:
                BUG();
        }

        kfree(obj_request->img_extents);
        if (obj_request->copyup_bvecs) {
                for (i = 0; i < obj_request->copyup_bvec_count; i++) {
                        if (obj_request->copyup_bvecs[i].bv_page)
                                __free_page(obj_request->copyup_bvecs[i].bv_page);
                }
                kfree(obj_request->copyup_bvecs);
        }

        kmem_cache_free(rbd_obj_request_cache, obj_request);
}

/* It's OK to call this for a device with no parent */

static void rbd_spec_put(struct rbd_spec *spec);
static void rbd_dev_unparent(struct rbd_device *rbd_dev)
{
        rbd_dev_remove_parent(rbd_dev);
        rbd_spec_put(rbd_dev->parent_spec);
        rbd_dev->parent_spec = NULL;
        rbd_dev->parent_overlap = 0;
}

/*
 * Parent image reference counting is used to determine when an
 * image's parent fields can be safely torn down--after there are no
 * more in-flight requests to the parent image.  When the last
 * reference is dropped, cleaning them up is safe.
 */
static void rbd_dev_parent_put(struct rbd_device *rbd_dev)
{
        int counter;

        if (!rbd_dev->parent_spec)
                return;

        counter = atomic_dec_return_safe(&rbd_dev->parent_ref);
        if (counter > 0)
                return;

        /* Last reference; clean up parent data structures */

        if (!counter)
                rbd_dev_unparent(rbd_dev);
        else
                rbd_warn(rbd_dev, "parent reference underflow");
}

/*
 * If an image has a non-zero parent overlap, get a reference to its
 * parent.
 *
 * Returns true if the rbd device has a parent with a non-zero
 * overlap and a reference for it was successfully taken, or
 * false otherwise.
 */
static bool rbd_dev_parent_get(struct rbd_device *rbd_dev)
{
        int counter = 0;

        if (!rbd_dev->parent_spec)
                return false;

        if (rbd_dev->parent_overlap)
                counter = atomic_inc_return_safe(&rbd_dev->parent_ref);

        if (counter < 0)
                rbd_warn(rbd_dev, "parent reference overflow");

        return counter > 0;
}

static void rbd_img_request_init(struct rbd_img_request *img_request,
                                 struct rbd_device *rbd_dev,
                                 enum obj_operation_type op_type)
{
        memset(img_request, 0, sizeof(*img_request));

        img_request->rbd_dev = rbd_dev;
        img_request->op_type = op_type;

        INIT_LIST_HEAD(&img_request->lock_item);
        INIT_LIST_HEAD(&img_request->object_extents);
        mutex_init(&img_request->state_mutex);
}

static void rbd_img_capture_header(struct rbd_img_request *img_req)
{
        struct rbd_device *rbd_dev = img_req->rbd_dev;

        lockdep_assert_held(&rbd_dev->header_rwsem);

        if (rbd_img_is_write(img_req))
                img_req->snapc = ceph_get_snap_context(rbd_dev->header.snapc);
        else
                img_req->snap_id = rbd_dev->spec->snap_id;

        if (rbd_dev_parent_get(rbd_dev))
                img_request_layered_set(img_req);
}

static void rbd_img_request_destroy(struct rbd_img_request *img_request)
{
        struct rbd_obj_request *obj_request;
        struct rbd_obj_request *next_obj_request;

        dout("%s: img %p\n", __func__, img_request);

        WARN_ON(!list_empty(&img_request->lock_item));
        for_each_obj_request_safe(img_request, obj_request, next_obj_request)
                rbd_img_obj_request_del(img_request, obj_request);

        if (img_request_layered_test(img_request))
                rbd_dev_parent_put(img_request->rbd_dev);

        if (rbd_img_is_write(img_request))
                ceph_put_snap_context(img_request->snapc);

        if (test_bit(IMG_REQ_CHILD, &img_request->flags))
                kmem_cache_free(rbd_img_request_cache, img_request);
}

#define BITS_PER_OBJ    2
#define OBJS_PER_BYTE   (BITS_PER_BYTE / BITS_PER_OBJ)
#define OBJ_MASK        ((1 << BITS_PER_OBJ) - 1)

static void __rbd_object_map_index(struct rbd_device *rbd_dev, u64 objno,
                                   u64 *index, u8 *shift)
{
        u32 off;

        rbd_assert(objno < rbd_dev->object_map_size);
        *index = div_u64_rem(objno, OBJS_PER_BYTE, &off);
        *shift = (OBJS_PER_BYTE - off - 1) * BITS_PER_OBJ;
}

static u8 __rbd_object_map_get(struct rbd_device *rbd_dev, u64 objno)
{
        u64 index;
        u8 shift;

        lockdep_assert_held(&rbd_dev->object_map_lock);
        __rbd_object_map_index(rbd_dev, objno, &index, &shift);
        return (rbd_dev->object_map[index] >> shift) & OBJ_MASK;
}

static void __rbd_object_map_set(struct rbd_device *rbd_dev, u64 objno, u8 val)
{
        u64 index;
        u8 shift;
        u8 *p;

        lockdep_assert_held(&rbd_dev->object_map_lock);
        rbd_assert(!(val & ~OBJ_MASK));

        __rbd_object_map_index(rbd_dev, objno, &index, &shift);
        p = &rbd_dev->object_map[index];
        *p = (*p & ~(OBJ_MASK << shift)) | (val << shift);
}

static u8 rbd_object_map_get(struct rbd_device *rbd_dev, u64 objno)
{
        u8 state;

        spin_lock(&rbd_dev->object_map_lock);
        state = __rbd_object_map_get(rbd_dev, objno);
        spin_unlock(&rbd_dev->object_map_lock);
        return state;
}

static bool use_object_map(struct rbd_device *rbd_dev)
{
        /*
         * An image mapped read-only can't use the object map -- it isn't
         * loaded because the header lock isn't acquired.  Someone else can
         * write to the image and update the object map behind our back.
         *
         * A snapshot can't be written to, so using the object map is always
         * safe.
         */
        if (!rbd_is_snap(rbd_dev) && rbd_is_ro(rbd_dev))
                return false;

        return ((rbd_dev->header.features & RBD_FEATURE_OBJECT_MAP) &&
                !(rbd_dev->object_map_flags & RBD_FLAG_OBJECT_MAP_INVALID));
}

static bool rbd_object_map_may_exist(struct rbd_device *rbd_dev, u64 objno)
{
        u8 state;

        /* fall back to default logic if object map is disabled or invalid */
        if (!use_object_map(rbd_dev))
                return true;

        state = rbd_object_map_get(rbd_dev, objno);
        return state != OBJECT_NONEXISTENT;
}

static void rbd_object_map_name(struct rbd_device *rbd_dev, u64 snap_id,
                                struct ceph_object_id *oid)
{
        if (snap_id == CEPH_NOSNAP)
                ceph_oid_printf(oid, "%s%s", RBD_OBJECT_MAP_PREFIX,
                                rbd_dev->spec->image_id);
        else
                ceph_oid_printf(oid, "%s%s.%016llx", RBD_OBJECT_MAP_PREFIX,
                                rbd_dev->spec->image_id, snap_id);
}

static int rbd_object_map_lock(struct rbd_device *rbd_dev)
{
        struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
        CEPH_DEFINE_OID_ONSTACK(oid);
        u8 lock_type;
        char *lock_tag;
        struct ceph_locker *lockers;
        u32 num_lockers;
        bool broke_lock = false;
        int ret;

        rbd_object_map_name(rbd_dev, CEPH_NOSNAP, &oid);

again:
        ret = ceph_cls_lock(osdc, &oid, &rbd_dev->header_oloc, RBD_LOCK_NAME,
                            CEPH_CLS_LOCK_EXCLUSIVE, "", "", "", 0);
        if (ret != -EBUSY || broke_lock) {
                if (ret == -EEXIST)
                        ret = 0; /* already locked by myself */
                if (ret)
                        rbd_warn(rbd_dev, "failed to lock object map: %d", ret);
                return ret;
        }

        ret = ceph_cls_lock_info(osdc, &oid, &rbd_dev->header_oloc,
                                 RBD_LOCK_NAME, &lock_type, &lock_tag,
                                 &lockers, &num_lockers);
        if (ret) {
                if (ret == -ENOENT)
                        goto again;

                rbd_warn(rbd_dev, "failed to get object map lockers: %d", ret);
                return ret;
        }

        kfree(lock_tag);
        if (num_lockers == 0)
                goto again;

        rbd_warn(rbd_dev, "breaking object map lock owned by %s%llu",
                 ENTITY_NAME(lockers[0].id.name));

        ret = ceph_cls_break_lock(osdc, &oid, &rbd_dev->header_oloc,
                                  RBD_LOCK_NAME, lockers[0].id.cookie,
                                  &lockers[0].id.name);
        ceph_free_lockers(lockers, num_lockers);
        if (ret) {
                if (ret == -ENOENT)
                        goto again;

                rbd_warn(rbd_dev, "failed to break object map lock: %d", ret);
                return ret;
        }

        broke_lock = true;
        goto again;
}

static void rbd_object_map_unlock(struct rbd_device *rbd_dev)
{
        struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
        CEPH_DEFINE_OID_ONSTACK(oid);
        int ret;

        rbd_object_map_name(rbd_dev, CEPH_NOSNAP, &oid);

        ret = ceph_cls_unlock(osdc, &oid, &rbd_dev->header_oloc, RBD_LOCK_NAME,
                              "");
        if (ret && ret != -ENOENT)
                rbd_warn(rbd_dev, "failed to unlock object map: %d", ret);
}

static int decode_object_map_header(void **p, void *end, u64 *object_map_size)
{
        u8 struct_v;
        u32 struct_len;
        u32 header_len;
        void *header_end;
        int ret;

        ceph_decode_32_safe(p, end, header_len, e_inval);
        header_end = *p + header_len;

        ret = ceph_start_decoding(p, end, 1, "BitVector header", &struct_v,
                                  &struct_len);
        if (ret)
                return ret;

        ceph_decode_64_safe(p, end, *object_map_size, e_inval);

        *p = header_end;
        return 0;

e_inval:
        return -EINVAL;
}

static int __rbd_object_map_load(struct rbd_device *rbd_dev)
{
        struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
        CEPH_DEFINE_OID_ONSTACK(oid);
        struct page **pages;
        void *p, *end;
        size_t reply_len;
        u64 num_objects;
        u64 object_map_bytes;
        u64 object_map_size;
        int num_pages;
        int ret;

        rbd_assert(!rbd_dev->object_map && !rbd_dev->object_map_size);

        num_objects = ceph_get_num_objects(&rbd_dev->layout,
                                           rbd_dev->mapping.size);
        object_map_bytes = DIV_ROUND_UP_ULL(num_objects * BITS_PER_OBJ,
                                            BITS_PER_BYTE);
        num_pages = calc_pages_for(0, object_map_bytes) + 1;
        pages = ceph_alloc_page_vector(num_pages, GFP_KERNEL);
        if (IS_ERR(pages))
                return PTR_ERR(pages);

        reply_len = num_pages * PAGE_SIZE;
        rbd_object_map_name(rbd_dev, rbd_dev->spec->snap_id, &oid);
        ret = ceph_osdc_call(osdc, &oid, &rbd_dev->header_oloc,
                             "rbd", "object_map_load", CEPH_OSD_FLAG_READ,
                             NULL, 0, pages, &reply_len);
        if (ret)
                goto out;

        p = page_address(pages[0]);
        end = p + min(reply_len, (size_t)PAGE_SIZE);
        ret = decode_object_map_header(&p, end, &object_map_size);
        if (ret)
                goto out;

        if (object_map_size != num_objects) {
                rbd_warn(rbd_dev, "object map size mismatch: %llu vs %llu",
                         object_map_size, num_objects);
                ret = -EINVAL;
                goto out;
        }

        if (offset_in_page(p) + object_map_bytes > reply_len) {
                ret = -EINVAL;
                goto out;
        }

        rbd_dev->object_map = kvmalloc(object_map_bytes, GFP_KERNEL);
        if (!rbd_dev->object_map) {
                ret = -ENOMEM;
                goto out;
        }

        rbd_dev->object_map_size = object_map_size;
        ceph_copy_from_page_vector(pages, rbd_dev->object_map,
                                   offset_in_page(p), object_map_bytes);

out:
        ceph_release_page_vector(pages, num_pages);
        return ret;
}

static void rbd_object_map_free(struct rbd_device *rbd_dev)
{
        kvfree(rbd_dev->object_map);
        rbd_dev->object_map = NULL;
        rbd_dev->object_map_size = 0;
}

static int rbd_object_map_load(struct rbd_device *rbd_dev)
{
        int ret;

        ret = __rbd_object_map_load(rbd_dev);
        if (ret)
                return ret;

        ret = rbd_dev_v2_get_flags(rbd_dev);
        if (ret) {
                rbd_object_map_free(rbd_dev);
                return ret;
        }

        if (rbd_dev->object_map_flags & RBD_FLAG_OBJECT_MAP_INVALID)
                rbd_warn(rbd_dev, "object map is invalid");

        return 0;
}

static int rbd_object_map_open(struct rbd_device *rbd_dev)
{
        int ret;

        ret = rbd_object_map_lock(rbd_dev);
        if (ret)
                return ret;

        ret = rbd_object_map_load(rbd_dev);
        if (ret) {
                rbd_object_map_unlock(rbd_dev);
                return ret;
        }

        return 0;
}

static void rbd_object_map_close(struct rbd_device *rbd_dev)
{
        rbd_object_map_free(rbd_dev);
        rbd_object_map_unlock(rbd_dev);
}

/*
 * This function needs snap_id (or more precisely just something to
 * distinguish between HEAD and snapshot object maps), new_state and
 * current_state that were passed to rbd_object_map_update().
 *
 * To avoid allocating and stashing a context we piggyback on the OSD
 * request.  A HEAD update has two ops (assert_locked).  For new_state
 * and current_state we decode our own object_map_update op, encoded in
 * rbd_cls_object_map_update().
 */
static int rbd_object_map_update_finish(struct rbd_obj_request *obj_req,
                                        struct ceph_osd_request *osd_req)
{
        struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
        struct ceph_osd_data *osd_data;
        u64 objno;
        u8 state, new_state, current_state;
        bool has_current_state;
        void *p;

        if (osd_req->r_result)
                return osd_req->r_result;

        /*
         * Nothing to do for a snapshot object map.
         */
        if (osd_req->r_num_ops == 1)
                return 0;

        /*
         * Update in-memory HEAD object map.
         */
        rbd_assert(osd_req->r_num_ops == 2);
        osd_data = osd_req_op_data(osd_req, 1, cls, request_data);
        rbd_assert(osd_data->type == CEPH_OSD_DATA_TYPE_PAGES);

        p = page_address(osd_data->pages[0]);
        objno = ceph_decode_64(&p);
        rbd_assert(objno == obj_req->ex.oe_objno);
        rbd_assert(ceph_decode_64(&p) == objno + 1);
        new_state = ceph_decode_8(&p);
        has_current_state = ceph_decode_8(&p);
        if (has_current_state)
                current_state = ceph_decode_8(&p);

        spin_lock(&rbd_dev->object_map_lock);
        state = __rbd_object_map_get(rbd_dev, objno);
        if (!has_current_state || current_state == state ||
            (current_state == OBJECT_EXISTS && state == OBJECT_EXISTS_CLEAN))
                __rbd_object_map_set(rbd_dev, objno, new_state);
        spin_unlock(&rbd_dev->object_map_lock);

        return 0;
}

static void rbd_object_map_callback(struct ceph_osd_request *osd_req)
{
        struct rbd_obj_request *obj_req = osd_req->r_priv;
        int result;

        dout("%s osd_req %p result %d for obj_req %p\n", __func__, osd_req,
             osd_req->r_result, obj_req);

        result = rbd_object_map_update_finish(obj_req, osd_req);
        rbd_obj_handle_request(obj_req, result);
}

static bool update_needed(struct rbd_device *rbd_dev, u64 objno, u8 new_state)
{
        u8 state = rbd_object_map_get(rbd_dev, objno);

        if (state == new_state ||