bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / drivers / block / brd.c
blobdeea78e485da05e90436d78c334da2b40e9c6bce
1 /*
2 * Ram backed block device driver.
4 * Copyright (C) 2007 Nick Piggin
5 * Copyright (C) 2007 Novell Inc.
7 * Parts derived from drivers/block/rd.c, and drivers/block/loop.c, copyright
8 * of their respective owners.
9 */
11 #include <linux/init.h>
12 #include <linux/initrd.h>
13 #include <linux/module.h>
14 #include <linux/moduleparam.h>
15 #include <linux/major.h>
16 #include <linux/blkdev.h>
17 #include <linux/bio.h>
18 #include <linux/highmem.h>
19 #include <linux/mutex.h>
20 #include <linux/radix-tree.h>
21 #include <linux/fs.h>
22 #include <linux/slab.h>
23 #include <linux/backing-dev.h>
25 #include <linux/uaccess.h>
27 #define SECTOR_SHIFT 9
28 #define PAGE_SECTORS_SHIFT (PAGE_SHIFT - SECTOR_SHIFT)
29 #define PAGE_SECTORS (1 << PAGE_SECTORS_SHIFT)
32 * Each block ramdisk device has a radix_tree brd_pages of pages that stores
33 * the pages containing the block device's contents. A brd page's ->index is
34 * its offset in PAGE_SIZE units. This is similar to, but in no way connected
35 * with, the kernel's pagecache or buffer cache (which sit above our block
36 * device).
38 struct brd_device {
39 int brd_number;
41 struct request_queue *brd_queue;
42 struct gendisk *brd_disk;
43 struct list_head brd_list;
46 * Backing store of pages and lock to protect it. This is the contents
47 * of the block device.
49 spinlock_t brd_lock;
50 struct radix_tree_root brd_pages;
54 * Look up and return a brd's page for a given sector.
56 static struct page *brd_lookup_page(struct brd_device *brd, sector_t sector)
58 pgoff_t idx;
59 struct page *page;
62 * The page lifetime is protected by the fact that we have opened the
63 * device node -- brd pages will never be deleted under us, so we
64 * don't need any further locking or refcounting.
66 * This is strictly true for the radix-tree nodes as well (ie. we
67 * don't actually need the rcu_read_lock()), however that is not a
68 * documented feature of the radix-tree API so it is better to be
69 * safe here (we don't have total exclusion from radix tree updates
70 * here, only deletes).
72 rcu_read_lock();
73 idx = sector >> PAGE_SECTORS_SHIFT; /* sector to page index */
74 page = radix_tree_lookup(&brd->brd_pages, idx);
75 rcu_read_unlock();
77 BUG_ON(page && page->index != idx);
79 return page;
83 * Look up and return a brd's page for a given sector.
84 * If one does not exist, allocate an empty page, and insert that. Then
85 * return it.
87 static struct page *brd_insert_page(struct brd_device *brd, sector_t sector)
89 pgoff_t idx;
90 struct page *page;
91 gfp_t gfp_flags;
93 page = brd_lookup_page(brd, sector);
94 if (page)
95 return page;
98 * Must use NOIO because we don't want to recurse back into the
99 * block or filesystem layers from page reclaim.
101 * Cannot support DAX and highmem, because our ->direct_access
102 * routine for DAX must return memory that is always addressable.
103 * If DAX was reworked to use pfns and kmap throughout, this
104 * restriction might be able to be lifted.
106 gfp_flags = GFP_NOIO | __GFP_ZERO;
107 page = alloc_page(gfp_flags);
108 if (!page)
109 return NULL;
111 if (radix_tree_preload(GFP_NOIO)) {
112 __free_page(page);
113 return NULL;
116 spin_lock(&brd->brd_lock);
117 idx = sector >> PAGE_SECTORS_SHIFT;
118 page->index = idx;
119 if (radix_tree_insert(&brd->brd_pages, idx, page)) {
120 __free_page(page);
121 page = radix_tree_lookup(&brd->brd_pages, idx);
122 BUG_ON(!page);
123 BUG_ON(page->index != idx);
125 spin_unlock(&brd->brd_lock);
127 radix_tree_preload_end();
129 return page;
133 * Free all backing store pages and radix tree. This must only be called when
134 * there are no other users of the device.
136 #define FREE_BATCH 16
137 static void brd_free_pages(struct brd_device *brd)
139 unsigned long pos = 0;
140 struct page *pages[FREE_BATCH];
141 int nr_pages;
143 do {
144 int i;
146 nr_pages = radix_tree_gang_lookup(&brd->brd_pages,
147 (void **)pages, pos, FREE_BATCH);
149 for (i = 0; i < nr_pages; i++) {
150 void *ret;
152 BUG_ON(pages[i]->index < pos);
153 pos = pages[i]->index;
154 ret = radix_tree_delete(&brd->brd_pages, pos);
155 BUG_ON(!ret || ret != pages[i]);
156 __free_page(pages[i]);
159 pos++;
162 * This assumes radix_tree_gang_lookup always returns as
163 * many pages as possible. If the radix-tree code changes,
164 * so will this have to.
166 } while (nr_pages == FREE_BATCH);
170 * copy_to_brd_setup must be called before copy_to_brd. It may sleep.
172 static int copy_to_brd_setup(struct brd_device *brd, sector_t sector, size_t n)
174 unsigned int offset = (sector & (PAGE_SECTORS-1)) << SECTOR_SHIFT;
175 size_t copy;
177 copy = min_t(size_t, n, PAGE_SIZE - offset);
178 if (!brd_insert_page(brd, sector))
179 return -ENOSPC;
180 if (copy < n) {
181 sector += copy >> SECTOR_SHIFT;
182 if (!brd_insert_page(brd, sector))
183 return -ENOSPC;
185 return 0;
189 * Copy n bytes from src to the brd starting at sector. Does not sleep.
191 static void copy_to_brd(struct brd_device *brd, const void *src,
192 sector_t sector, size_t n)
194 struct page *page;
195 void *dst;
196 unsigned int offset = (sector & (PAGE_SECTORS-1)) << SECTOR_SHIFT;
197 size_t copy;
199 copy = min_t(size_t, n, PAGE_SIZE - offset);
200 page = brd_lookup_page(brd, sector);
201 BUG_ON(!page);
203 dst = kmap_atomic(page);
204 memcpy(dst + offset, src, copy);
205 kunmap_atomic(dst);
207 if (copy < n) {
208 src += copy;
209 sector += copy >> SECTOR_SHIFT;
210 copy = n - copy;
211 page = brd_lookup_page(brd, sector);
212 BUG_ON(!page);
214 dst = kmap_atomic(page);
215 memcpy(dst, src, copy);
216 kunmap_atomic(dst);
221 * Copy n bytes to dst from the brd starting at sector. Does not sleep.
223 static void copy_from_brd(void *dst, struct brd_device *brd,
224 sector_t sector, size_t n)
226 struct page *page;
227 void *src;
228 unsigned int offset = (sector & (PAGE_SECTORS-1)) << SECTOR_SHIFT;
229 size_t copy;
231 copy = min_t(size_t, n, PAGE_SIZE - offset);
232 page = brd_lookup_page(brd, sector);
233 if (page) {
234 src = kmap_atomic(page);
235 memcpy(dst, src + offset, copy);
236 kunmap_atomic(src);
237 } else
238 memset(dst, 0, copy);
240 if (copy < n) {
241 dst += copy;
242 sector += copy >> SECTOR_SHIFT;
243 copy = n - copy;
244 page = brd_lookup_page(brd, sector);
245 if (page) {
246 src = kmap_atomic(page);
247 memcpy(dst, src, copy);
248 kunmap_atomic(src);
249 } else
250 memset(dst, 0, copy);
255 * Process a single bvec of a bio.
257 static int brd_do_bvec(struct brd_device *brd, struct page *page,
258 unsigned int len, unsigned int off, bool is_write,
259 sector_t sector)
261 void *mem;
262 int err = 0;
264 if (is_write) {
265 err = copy_to_brd_setup(brd, sector, len);
266 if (err)
267 goto out;
270 mem = kmap_atomic(page);
271 if (!is_write) {
272 copy_from_brd(mem + off, brd, sector, len);
273 flush_dcache_page(page);
274 } else {
275 flush_dcache_page(page);
276 copy_to_brd(brd, mem + off, sector, len);
278 kunmap_atomic(mem);
280 out:
281 return err;
284 static blk_qc_t brd_make_request(struct request_queue *q, struct bio *bio)
286 struct brd_device *brd = bio->bi_disk->private_data;
287 struct bio_vec bvec;
288 sector_t sector;
289 struct bvec_iter iter;
291 sector = bio->bi_iter.bi_sector;
292 if (bio_end_sector(bio) > get_capacity(bio->bi_disk))
293 goto io_error;
295 bio_for_each_segment(bvec, bio, iter) {
296 unsigned int len = bvec.bv_len;
297 int err;
299 err = brd_do_bvec(brd, bvec.bv_page, len, bvec.bv_offset,
300 op_is_write(bio_op(bio)), sector);
301 if (err)
302 goto io_error;
303 sector += len >> SECTOR_SHIFT;
306 bio_endio(bio);
307 return BLK_QC_T_NONE;
308 io_error:
309 bio_io_error(bio);
310 return BLK_QC_T_NONE;
313 static int brd_rw_page(struct block_device *bdev, sector_t sector,
314 struct page *page, bool is_write)
316 struct brd_device *brd = bdev->bd_disk->private_data;
317 int err;
319 if (PageTransHuge(page))
320 return -ENOTSUPP;
321 err = brd_do_bvec(brd, page, PAGE_SIZE, 0, is_write, sector);
322 page_endio(page, is_write, err);
323 return err;
326 static const struct block_device_operations brd_fops = {
327 .owner = THIS_MODULE,
328 .rw_page = brd_rw_page,
332 * And now the modules code and kernel interface.
334 static int rd_nr = CONFIG_BLK_DEV_RAM_COUNT;
335 module_param(rd_nr, int, S_IRUGO);
336 MODULE_PARM_DESC(rd_nr, "Maximum number of brd devices");
338 unsigned long rd_size = CONFIG_BLK_DEV_RAM_SIZE;
339 module_param(rd_size, ulong, S_IRUGO);
340 MODULE_PARM_DESC(rd_size, "Size of each RAM disk in kbytes.");
342 static int max_part = 1;
343 module_param(max_part, int, S_IRUGO);
344 MODULE_PARM_DESC(max_part, "Num Minors to reserve between devices");
346 MODULE_LICENSE("GPL");
347 MODULE_ALIAS_BLOCKDEV_MAJOR(RAMDISK_MAJOR);
348 MODULE_ALIAS("rd");
350 #ifndef MODULE
351 /* Legacy boot options - nonmodular */
352 static int __init ramdisk_size(char *str)
354 rd_size = simple_strtol(str, NULL, 0);
355 return 1;
357 __setup("ramdisk_size=", ramdisk_size);
358 #endif
361 * The device scheme is derived from loop.c. Keep them in synch where possible
362 * (should share code eventually).
364 static LIST_HEAD(brd_devices);
365 static DEFINE_MUTEX(brd_devices_mutex);
367 static struct brd_device *brd_alloc(int i)
369 struct brd_device *brd;
370 struct gendisk *disk;
372 brd = kzalloc(sizeof(*brd), GFP_KERNEL);
373 if (!brd)
374 goto out;
375 brd->brd_number = i;
376 spin_lock_init(&brd->brd_lock);
377 INIT_RADIX_TREE(&brd->brd_pages, GFP_ATOMIC);
379 brd->brd_queue = blk_alloc_queue(GFP_KERNEL);
380 if (!brd->brd_queue)
381 goto out_free_dev;
383 blk_queue_make_request(brd->brd_queue, brd_make_request);
384 blk_queue_max_hw_sectors(brd->brd_queue, 1024);
386 /* This is so fdisk will align partitions on 4k, because of
387 * direct_access API needing 4k alignment, returning a PFN
388 * (This is only a problem on very small devices <= 4M,
389 * otherwise fdisk will align on 1M. Regardless this call
390 * is harmless)
392 blk_queue_physical_block_size(brd->brd_queue, PAGE_SIZE);
393 disk = brd->brd_disk = alloc_disk(max_part);
394 if (!disk)
395 goto out_free_queue;
396 disk->major = RAMDISK_MAJOR;
397 disk->first_minor = i * max_part;
398 disk->fops = &brd_fops;
399 disk->private_data = brd;
400 disk->queue = brd->brd_queue;
401 disk->flags = GENHD_FL_EXT_DEVT;
402 sprintf(disk->disk_name, "ram%d", i);
403 set_capacity(disk, rd_size * 2);
404 disk->queue->backing_dev_info->capabilities |= BDI_CAP_SYNCHRONOUS_IO;
406 return brd;
408 out_free_queue:
409 blk_cleanup_queue(brd->brd_queue);
410 out_free_dev:
411 kfree(brd);
412 out:
413 return NULL;
416 static void brd_free(struct brd_device *brd)
418 put_disk(brd->brd_disk);
419 blk_cleanup_queue(brd->brd_queue);
420 brd_free_pages(brd);
421 kfree(brd);
424 static struct brd_device *brd_init_one(int i, bool *new)
426 struct brd_device *brd;
428 *new = false;
429 list_for_each_entry(brd, &brd_devices, brd_list) {
430 if (brd->brd_number == i)
431 goto out;
434 brd = brd_alloc(i);
435 if (brd) {
436 add_disk(brd->brd_disk);
437 list_add_tail(&brd->brd_list, &brd_devices);
439 *new = true;
440 out:
441 return brd;
444 static void brd_del_one(struct brd_device *brd)
446 list_del(&brd->brd_list);
447 del_gendisk(brd->brd_disk);
448 brd_free(brd);
451 static struct kobject *brd_probe(dev_t dev, int *part, void *data)
453 struct brd_device *brd;
454 struct kobject *kobj;
455 bool new;
457 mutex_lock(&brd_devices_mutex);
458 brd = brd_init_one(MINOR(dev) / max_part, &new);
459 kobj = brd ? get_disk_and_module(brd->brd_disk) : NULL;
460 mutex_unlock(&brd_devices_mutex);
462 if (new)
463 *part = 0;
465 return kobj;
468 static int __init brd_init(void)
470 struct brd_device *brd, *next;
471 int i;
474 * brd module now has a feature to instantiate underlying device
475 * structure on-demand, provided that there is an access dev node.
477 * (1) if rd_nr is specified, create that many upfront. else
478 * it defaults to CONFIG_BLK_DEV_RAM_COUNT
479 * (2) User can further extend brd devices by create dev node themselves
480 * and have kernel automatically instantiate actual device
481 * on-demand. Example:
482 * mknod /path/devnod_name b 1 X # 1 is the rd major
483 * fdisk -l /path/devnod_name
484 * If (X / max_part) was not already created it will be created
485 * dynamically.
488 if (register_blkdev(RAMDISK_MAJOR, "ramdisk"))
489 return -EIO;
491 if (unlikely(!max_part))
492 max_part = 1;
494 for (i = 0; i < rd_nr; i++) {
495 brd = brd_alloc(i);
496 if (!brd)
497 goto out_free;
498 list_add_tail(&brd->brd_list, &brd_devices);
501 /* point of no return */
503 list_for_each_entry(brd, &brd_devices, brd_list)
504 add_disk(brd->brd_disk);
506 blk_register_region(MKDEV(RAMDISK_MAJOR, 0), 1UL << MINORBITS,
507 THIS_MODULE, brd_probe, NULL, NULL);
509 pr_info("brd: module loaded\n");
510 return 0;
512 out_free:
513 list_for_each_entry_safe(brd, next, &brd_devices, brd_list) {
514 list_del(&brd->brd_list);
515 brd_free(brd);
517 unregister_blkdev(RAMDISK_MAJOR, "ramdisk");
519 pr_info("brd: module NOT loaded !!!\n");
520 return -ENOMEM;
523 static void __exit brd_exit(void)
525 struct brd_device *brd, *next;
527 list_for_each_entry_safe(brd, next, &brd_devices, brd_list)
528 brd_del_one(brd);
530 blk_unregister_region(MKDEV(RAMDISK_MAJOR, 0), 1UL << MINORBITS);
531 unregister_blkdev(RAMDISK_MAJOR, "ramdisk");
533 pr_info("brd: module unloaded\n");
536 module_init(brd_init);
537 module_exit(brd_exit);