search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'block-5.11-2021-01-10' of git://git.kernel.dk/linux-block
[linux/fpc-iii.git] / drivers / block / loop.c
blobe5ff328f0917598995d36e909509d028967df898
1 /*
2 * linux/drivers/block/loop.c
3 *
4 * Written by Theodore Ts'o, 3/29/93
5 *
6 * Copyright 1993 by Theodore Ts'o. Redistribution of this file is
7 * permitted under the GNU General Public License.
8 *
9 * DES encryption plus some minor changes by Werner Almesberger, 30-MAY-1993
10 * more DES encryption plus IDEA encryption by Nicholas J. Leon, June 20, 1996
11 *
12 * Modularized and updated for 1.1.16 kernel - Mitch Dsouza 28th May 1994
13 * Adapted for 1.3.59 kernel - Andries Brouwer, 1 Feb 1996
14 *
15 * Fixed do_loop_request() re-entrancy - Vincent.Renardias@waw.com Mar 20, 1997
16 *
17 * Added devfs support - Richard Gooch <rgooch@atnf.csiro.au> 16-Jan-1998
18 *
19 * Handle sparse backing files correctly - Kenn Humborg, Jun 28, 1998
20 *
21 * Loadable modules and other fixes by AK, 1998
22 *
23 * Make real block number available to downstream transfer functions, enables
24 * CBC (and relatives) mode encryption requiring unique IVs per data block.
25 * Reed H. Petty, rhp@draper.net
26 *
27 * Maximum number of loop devices now dynamic via max_loop module parameter.
28 * Russell Kroll <rkroll@exploits.org> 19990701
29 *
30 * Maximum number of loop devices when compiled-in now selectable by passing
31 * max_loop=<1-255> to the kernel on boot.
32 * Erik I. Bolsø, <eriki@himolde.no>, Oct 31, 1999
33 *
34 * Completely rewrite request handling to be make_request_fn style and
35 * non blocking, pushing work to a helper thread. Lots of fixes from
36 * Al Viro too.
37 * Jens Axboe <axboe@suse.de>, Nov 2000
38 *
39 * Support up to 256 loop devices
40 * Heinz Mauelshagen <mge@sistina.com>, Feb 2002
41 *
42 * Support for falling back on the write file operation when the address space
43 * operations write_begin is not available on the backing filesystem.
44 * Anton Altaparmakov, 16 Feb 2005
45 *
46 * Still To Fix:
47 * - Advisory locking is ignored here.
48 * - Should use an own CAP_* category instead of CAP_SYS_ADMIN
49 *
50 */
51
52 #include <linux/module.h>
53 #include <linux/moduleparam.h>
54 #include <linux/sched.h>
55 #include <linux/fs.h>
56 #include <linux/file.h>
57 #include <linux/stat.h>
58 #include <linux/errno.h>
59 #include <linux/major.h>
60 #include <linux/wait.h>
61 #include <linux/blkdev.h>
62 #include <linux/blkpg.h>
63 #include <linux/init.h>
64 #include <linux/swap.h>
65 #include <linux/slab.h>
66 #include <linux/compat.h>
67 #include <linux/suspend.h>
68 #include <linux/freezer.h>
69 #include <linux/mutex.h>
70 #include <linux/writeback.h>
71 #include <linux/completion.h>
72 #include <linux/highmem.h>
73 #include <linux/kthread.h>
74 #include <linux/splice.h>
75 #include <linux/sysfs.h>
76 #include <linux/miscdevice.h>
77 #include <linux/falloc.h>
78 #include <linux/uio.h>
79 #include <linux/ioprio.h>
80 #include <linux/blk-cgroup.h>
81
82 #include "loop.h"
83
84 #include <linux/uaccess.h>
85
86 static DEFINE_IDR(loop_index_idr);
87 static DEFINE_MUTEX(loop_ctl_mutex);
88
89 static int max_part;
90 static int part_shift;
91
92 static int transfer_xor(struct loop_device *lo, int cmd,
93 struct page *raw_page, unsigned raw_off,
94 struct page *loop_page, unsigned loop_off,
95 int size, sector_t real_block)
96 {
97 char *raw_buf = kmap_atomic(raw_page) + raw_off;
98 char *loop_buf = kmap_atomic(loop_page) + loop_off;
99 char *in, *out, *key;
100 int i, keysize;
101
102 if (cmd == READ) {
103 in = raw_buf;
104 out = loop_buf;
105 } else {
106 in = loop_buf;
107 out = raw_buf;
108 }
109
110 key = lo->lo_encrypt_key;
111 keysize = lo->lo_encrypt_key_size;
112 for (i = 0; i < size; i++)
113 *out++ = *in++ ^ key[(i & 511) % keysize];
114
115 kunmap_atomic(loop_buf);
116 kunmap_atomic(raw_buf);
117 cond_resched();
118 return 0;
119 }
120
121 static int xor_init(struct loop_device *lo, const struct loop_info64 *info)
122 {
123 if (unlikely(info->lo_encrypt_key_size <= 0))
124 return -EINVAL;
125 return 0;
126 }
127
128 static struct loop_func_table none_funcs = {
129 .number = LO_CRYPT_NONE,
130 };
131
132 static struct loop_func_table xor_funcs = {
133 .number = LO_CRYPT_XOR,
134 .transfer = transfer_xor,
135 .init = xor_init
136 };
137
138 /* xfer_funcs[0] is special - its release function is never called */
139 static struct loop_func_table *xfer_funcs[MAX_LO_CRYPT] = {
140 &none_funcs,
141 &xor_funcs
142 };
143
144 static loff_t get_size(loff_t offset, loff_t sizelimit, struct file *file)
145 {
146 loff_t loopsize;
147
148 /* Compute loopsize in bytes */
149 loopsize = i_size_read(file->f_mapping->host);
150 if (offset > 0)
151 loopsize -= offset;
152 /* offset is beyond i_size, weird but possible */
153 if (loopsize < 0)
154 return 0;
155
156 if (sizelimit > 0 && sizelimit < loopsize)
157 loopsize = sizelimit;
158 /*
159 * Unfortunately, if we want to do I/O on the device,
160 * the number of 512-byte sectors has to fit into a sector_t.
161 */
162 return loopsize >> 9;
163 }
164
165 static loff_t get_loop_size(struct loop_device *lo, struct file *file)
166 {
167 return get_size(lo->lo_offset, lo->lo_sizelimit, file);
168 }
169
170 static void __loop_update_dio(struct loop_device *lo, bool dio)
171 {
172 struct file *file = lo->lo_backing_file;
173 struct address_space *mapping = file->f_mapping;
174 struct inode *inode = mapping->host;
175 unsigned short sb_bsize = 0;
176 unsigned dio_align = 0;
177 bool use_dio;
178
179 if (inode->i_sb->s_bdev) {
180 sb_bsize = bdev_logical_block_size(inode->i_sb->s_bdev);
181 dio_align = sb_bsize - 1;
182 }
183
184 /*
185 * We support direct I/O only if lo_offset is aligned with the
186 * logical I/O size of backing device, and the logical block
187 * size of loop is bigger than the backing device's and the loop
188 * needn't transform transfer.
189 *
190 * TODO: the above condition may be loosed in the future, and
191 * direct I/O may be switched runtime at that time because most
192 * of requests in sane applications should be PAGE_SIZE aligned
193 */
194 if (dio) {
195 if (queue_logical_block_size(lo->lo_queue) >= sb_bsize &&
196 !(lo->lo_offset & dio_align) &&
197 mapping->a_ops->direct_IO &&
198 !lo->transfer)
199 use_dio = true;
200 else
201 use_dio = false;
202 } else {
203 use_dio = false;
204 }
205
206 if (lo->use_dio == use_dio)
207 return;
208
209 /* flush dirty pages before changing direct IO */
210 vfs_fsync(file, 0);
211
212 /*
213 * The flag of LO_FLAGS_DIRECT_IO is handled similarly with
214 * LO_FLAGS_READ_ONLY, both are set from kernel, and losetup
215 * will get updated by ioctl(LOOP_GET_STATUS)
216 */
217 if (lo->lo_state == Lo_bound)
218 blk_mq_freeze_queue(lo->lo_queue);
219 lo->use_dio = use_dio;
220 if (use_dio) {
221 blk_queue_flag_clear(QUEUE_FLAG_NOMERGES, lo->lo_queue);
222 lo->lo_flags |= LO_FLAGS_DIRECT_IO;
223 } else {
224 blk_queue_flag_set(QUEUE_FLAG_NOMERGES, lo->lo_queue);
225 lo->lo_flags &= ~LO_FLAGS_DIRECT_IO;
226 }
227 if (lo->lo_state == Lo_bound)
228 blk_mq_unfreeze_queue(lo->lo_queue);
229 }
230
231 /**
232 * loop_validate_block_size() - validates the passed in block size
233 * @bsize: size to validate
234 */
235 static int
236 loop_validate_block_size(unsigned short bsize)
237 {
238 if (bsize < 512 || bsize > PAGE_SIZE || !is_power_of_2(bsize))
239 return -EINVAL;
240
241 return 0;
242 }
243
244 /**
245 * loop_set_size() - sets device size and notifies userspace
246 * @lo: struct loop_device to set the size for
247 * @size: new size of the loop device
248 *
249 * Callers must validate that the size passed into this function fits into
250 * a sector_t, eg using loop_validate_size()
251 */
252 static void loop_set_size(struct loop_device *lo, loff_t size)
253 {
254 if (!set_capacity_and_notify(lo->lo_disk, size))
255 kobject_uevent(&disk_to_dev(lo->lo_disk)->kobj, KOBJ_CHANGE);
256 }
257
258 static inline int
259 lo_do_transfer(struct loop_device *lo, int cmd,
260 struct page *rpage, unsigned roffs,
261 struct page *lpage, unsigned loffs,
262 int size, sector_t rblock)
263 {
264 int ret;
265
266 ret = lo->transfer(lo, cmd, rpage, roffs, lpage, loffs, size, rblock);
267 if (likely(!ret))
268 return 0;
269
270 printk_ratelimited(KERN_ERR
271 "loop: Transfer error at byte offset %llu, length %i.\n",
272 (unsigned long long)rblock << 9, size);
273 return ret;
274 }
275
276 static int lo_write_bvec(struct file *file, struct bio_vec *bvec, loff_t *ppos)
277 {
278 struct iov_iter i;
279 ssize_t bw;
280
281 iov_iter_bvec(&i, WRITE, bvec, 1, bvec->bv_len);
282
283 file_start_write(file);
284 bw = vfs_iter_write(file, &i, ppos, 0);
285 file_end_write(file);
286
287 if (likely(bw == bvec->bv_len))
288 return 0;
289
290 printk_ratelimited(KERN_ERR
291 "loop: Write error at byte offset %llu, length %i.\n",
292 (unsigned long long)*ppos, bvec->bv_len);
293 if (bw >= 0)
294 bw = -EIO;
295 return bw;
296 }
297
298 static int lo_write_simple(struct loop_device *lo, struct request *rq,
299 loff_t pos)
300 {
301 struct bio_vec bvec;
302 struct req_iterator iter;
303 int ret = 0;
304
305 rq_for_each_segment(bvec, rq, iter) {
306 ret = lo_write_bvec(lo->lo_backing_file, &bvec, &pos);
307 if (ret < 0)
308 break;
309 cond_resched();
310 }
311
312 return ret;
313 }
314
315 /*
316 * This is the slow, transforming version that needs to double buffer the
317 * data as it cannot do the transformations in place without having direct
318 * access to the destination pages of the backing file.
319 */
320 static int lo_write_transfer(struct loop_device *lo, struct request *rq,
321 loff_t pos)
322 {
323 struct bio_vec bvec, b;
324 struct req_iterator iter;
325 struct page *page;
326 int ret = 0;
327
328 page = alloc_page(GFP_NOIO);
329 if (unlikely(!page))
330 return -ENOMEM;
331
332 rq_for_each_segment(bvec, rq, iter) {
333 ret = lo_do_transfer(lo, WRITE, page, 0, bvec.bv_page,
334 bvec.bv_offset, bvec.bv_len, pos >> 9);
335 if (unlikely(ret))
336 break;
337
338 b.bv_page = page;
339 b.bv_offset = 0;
340 b.bv_len = bvec.bv_len;
341 ret = lo_write_bvec(lo->lo_backing_file, &b, &pos);
342 if (ret < 0)
343 break;
344 }
345
346 __free_page(page);
347 return ret;
348 }
349
350 static int lo_read_simple(struct loop_device *lo, struct request *rq,
351 loff_t pos)
352 {
353 struct bio_vec bvec;
354 struct req_iterator iter;
355 struct iov_iter i;
356 ssize_t len;
357
358 rq_for_each_segment(bvec, rq, iter) {
359 iov_iter_bvec(&i, READ, &bvec, 1, bvec.bv_len);
360 len = vfs_iter_read(lo->lo_backing_file, &i, &pos, 0);
361 if (len < 0)
362 return len;
363
364 flush_dcache_page(bvec.bv_page);
365
366 if (len != bvec.bv_len) {
367 struct bio *bio;
368
369 __rq_for_each_bio(bio, rq)
370 zero_fill_bio(bio);
371 break;
372 }
373 cond_resched();
374 }
375
376 return 0;
377 }
378
379 static int lo_read_transfer(struct loop_device *lo, struct request *rq,
380 loff_t pos)
381 {
382 struct bio_vec bvec, b;
383 struct req_iterator iter;
384 struct iov_iter i;
385 struct page *page;
386 ssize_t len;
387 int ret = 0;
388
389 page = alloc_page(GFP_NOIO);
390 if (unlikely(!page))
391 return -ENOMEM;
392
393 rq_for_each_segment(bvec, rq, iter) {
394 loff_t offset = pos;
395
396 b.bv_page = page;
397 b.bv_offset = 0;
398 b.bv_len = bvec.bv_len;
399
400 iov_iter_bvec(&i, READ, &b, 1, b.bv_len);
401 len = vfs_iter_read(lo->lo_backing_file, &i, &pos, 0);
402 if (len < 0) {
403 ret = len;
404 goto out_free_page;
405 }
406
407 ret = lo_do_transfer(lo, READ, page, 0, bvec.bv_page,
408 bvec.bv_offset, len, offset >> 9);
409 if (ret)
410 goto out_free_page;
411
412 flush_dcache_page(bvec.bv_page);
413
414 if (len != bvec.bv_len) {
415 struct bio *bio;
416
417 __rq_for_each_bio(bio, rq)
418 zero_fill_bio(bio);
419 break;
420 }
421 }
422
423 ret = 0;
424 out_free_page:
425 __free_page(page);
426 return ret;
427 }
428
429 static int lo_fallocate(struct loop_device *lo, struct request *rq, loff_t pos,
430 int mode)
431 {
432 /*
433 * We use fallocate to manipulate the space mappings used by the image
434 * a.k.a. discard/zerorange. However we do not support this if
435 * encryption is enabled, because it may give an attacker useful
436 * information.
437 */
438 struct file *file = lo->lo_backing_file;
439 struct request_queue *q = lo->lo_queue;
440 int ret;
441
442 mode |= FALLOC_FL_KEEP_SIZE;
443
444 if (!blk_queue_discard(q)) {
445 ret = -EOPNOTSUPP;
446 goto out;
447 }
448
449 ret = file->f_op->fallocate(file, mode, pos, blk_rq_bytes(rq));
450 if (unlikely(ret && ret != -EINVAL && ret != -EOPNOTSUPP))
451 ret = -EIO;
452 out:
453 return ret;
454 }
455
456 static int lo_req_flush(struct loop_device *lo, struct request *rq)
457 {
458 struct file *file = lo->lo_backing_file;
459 int ret = vfs_fsync(file, 0);
460 if (unlikely(ret && ret != -EINVAL))
461 ret = -EIO;
462
463 return ret;
464 }
465
466 static void lo_complete_rq(struct request *rq)
467 {
468 struct loop_cmd *cmd = blk_mq_rq_to_pdu(rq);
469 blk_status_t ret = BLK_STS_OK;
470
471 if (!cmd->use_aio || cmd->ret < 0 || cmd->ret == blk_rq_bytes(rq) ||
472 req_op(rq) != REQ_OP_READ) {
473 if (cmd->ret < 0)
474 ret = errno_to_blk_status(cmd->ret);
475 goto end_io;
476 }
477
478 /*
479 * Short READ - if we got some data, advance our request and
480 * retry it. If we got no data, end the rest with EIO.
481 */
482 if (cmd->ret) {
483 blk_update_request(rq, BLK_STS_OK, cmd->ret);
484 cmd->ret = 0;
485 blk_mq_requeue_request(rq, true);
486 } else {
487 if (cmd->use_aio) {
488 struct bio *bio = rq->bio;
489
490 while (bio) {
491 zero_fill_bio(bio);
492 bio = bio->bi_next;
493 }
494 }
495 ret = BLK_STS_IOERR;
496 end_io:
497 blk_mq_end_request(rq, ret);
498 }
499 }
500
501 static void lo_rw_aio_do_completion(struct loop_cmd *cmd)
502 {
503 struct request *rq = blk_mq_rq_from_pdu(cmd);
504
505 if (!atomic_dec_and_test(&cmd->ref))
506 return;
507 kfree(cmd->bvec);
508 cmd->bvec = NULL;
509 if (likely(!blk_should_fake_timeout(rq->q)))
510 blk_mq_complete_request(rq);
511 }
512
513 static void lo_rw_aio_complete(struct kiocb *iocb, long ret, long ret2)
514 {
515 struct loop_cmd *cmd = container_of(iocb, struct loop_cmd, iocb);
516
517 if (cmd->css)
518 css_put(cmd->css);
519 cmd->ret = ret;
520 lo_rw_aio_do_completion(cmd);
521 }
522
523 static int lo_rw_aio(struct loop_device *lo, struct loop_cmd *cmd,
524 loff_t pos, bool rw)
525 {
526 struct iov_iter iter;
527 struct req_iterator rq_iter;
528 struct bio_vec *bvec;
529 struct request *rq = blk_mq_rq_from_pdu(cmd);
530 struct bio *bio = rq->bio;
531 struct file *file = lo->lo_backing_file;
532 struct bio_vec tmp;
533 unsigned int offset;
534 int nr_bvec = 0;
535 int ret;
536
537 rq_for_each_bvec(tmp, rq, rq_iter)
538 nr_bvec++;
539
540 if (rq->bio != rq->biotail) {
541
542 bvec = kmalloc_array(nr_bvec, sizeof(struct bio_vec),
543 GFP_NOIO);
544 if (!bvec)
545 return -EIO;
546 cmd->bvec = bvec;
547
548 /*
549 * The bios of the request may be started from the middle of
550 * the 'bvec' because of bio splitting, so we can't directly
551 * copy bio->bi_iov_vec to new bvec. The rq_for_each_bvec
552 * API will take care of all details for us.
553 */
554 rq_for_each_bvec(tmp, rq, rq_iter) {
555 *bvec = tmp;
556 bvec++;
557 }
558 bvec = cmd->bvec;
559 offset = 0;
560 } else {
561 /*
562 * Same here, this bio may be started from the middle of the
563 * 'bvec' because of bio splitting, so offset from the bvec
564 * must be passed to iov iterator
565 */
566 offset = bio->bi_iter.bi_bvec_done;
567 bvec = __bvec_iter_bvec(bio->bi_io_vec, bio->bi_iter);
568 }
569 atomic_set(&cmd->ref, 2);
570
571 iov_iter_bvec(&iter, rw, bvec, nr_bvec, blk_rq_bytes(rq));
572 iter.iov_offset = offset;
573
574 cmd->iocb.ki_pos = pos;
575 cmd->iocb.ki_filp = file;
576 cmd->iocb.ki_complete = lo_rw_aio_complete;
577 cmd->iocb.ki_flags = IOCB_DIRECT;
578 cmd->iocb.ki_ioprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_NONE, 0);
579 if (cmd->css)
580 kthread_associate_blkcg(cmd->css);
581
582 if (rw == WRITE)
583 ret = call_write_iter(file, &cmd->iocb, &iter);
584 else
585 ret = call_read_iter(file, &cmd->iocb, &iter);
586
587 lo_rw_aio_do_completion(cmd);
588 kthread_associate_blkcg(NULL);
589
590 if (ret != -EIOCBQUEUED)
591 cmd->iocb.ki_complete(&cmd->iocb, ret, 0);
592 return 0;
593 }
594
595 static int do_req_filebacked(struct loop_device *lo, struct request *rq)
596 {
597 struct loop_cmd *cmd = blk_mq_rq_to_pdu(rq);
598 loff_t pos = ((loff_t) blk_rq_pos(rq) << 9) + lo->lo_offset;
599
600 /*
601 * lo_write_simple and lo_read_simple should have been covered
602 * by io submit style function like lo_rw_aio(), one blocker
603 * is that lo_read_simple() need to call flush_dcache_page after
604 * the page is written from kernel, and it isn't easy to handle
605 * this in io submit style function which submits all segments
606 * of the req at one time. And direct read IO doesn't need to
607 * run flush_dcache_page().
608 */
609 switch (req_op(rq)) {
610 case REQ_OP_FLUSH:
611 return lo_req_flush(lo, rq);
612 case REQ_OP_WRITE_ZEROES:
613 /*
614 * If the caller doesn't want deallocation, call zeroout to
615 * write zeroes the range. Otherwise, punch them out.
616 */
617 return lo_fallocate(lo, rq, pos,
618 (rq->cmd_flags & REQ_NOUNMAP) ?
619 FALLOC_FL_ZERO_RANGE :
620 FALLOC_FL_PUNCH_HOLE);
621 case REQ_OP_DISCARD:
622 return lo_fallocate(lo, rq, pos, FALLOC_FL_PUNCH_HOLE);
623 case REQ_OP_WRITE:
624 if (lo->transfer)
625 return lo_write_transfer(lo, rq, pos);
626 else if (cmd->use_aio)
627 return lo_rw_aio(lo, cmd, pos, WRITE);
628 else
629 return lo_write_simple(lo, rq, pos);
630 case REQ_OP_READ:
631 if (lo->transfer)
632 return lo_read_transfer(lo, rq, pos);
633 else if (cmd->use_aio)
634 return lo_rw_aio(lo, cmd, pos, READ);
635 else
636 return lo_read_simple(lo, rq, pos);
637 default:
638 WARN_ON_ONCE(1);
639 return -EIO;
640 }
641 }
642
643 static inline void loop_update_dio(struct loop_device *lo)
644 {
645 __loop_update_dio(lo, (lo->lo_backing_file->f_flags & O_DIRECT) |
646 lo->use_dio);
647 }
648
649 static void loop_reread_partitions(struct loop_device *lo,
650 struct block_device *bdev)
651 {
652 int rc;
653
654 mutex_lock(&bdev->bd_mutex);
655 rc = bdev_disk_changed(bdev, false);
656 mutex_unlock(&bdev->bd_mutex);
657 if (rc)
658 pr_warn("%s: partition scan of loop%d (%s) failed (rc=%d)\n",
659 __func__, lo->lo_number, lo->lo_file_name, rc);
660 }
661
662 static inline int is_loop_device(struct file *file)
663 {
664 struct inode *i = file->f_mapping->host;
665
666 return i && S_ISBLK(i->i_mode) && MAJOR(i->i_rdev) == LOOP_MAJOR;
667 }
668
669 static int loop_validate_file(struct file *file, struct block_device *bdev)
670 {
671 struct inode *inode = file->f_mapping->host;
672 struct file *f = file;
673
674 /* Avoid recursion */
675 while (is_loop_device(f)) {
676 struct loop_device *l;
677
678 if (f->f_mapping->host->i_rdev == bdev->bd_dev)
679 return -EBADF;
680
681 l = I_BDEV(f->f_mapping->host)->bd_disk->private_data;
682 if (l->lo_state != Lo_bound) {
683 return -EINVAL;
684 }
685 f = l->lo_backing_file;
686 }
687 if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode))
688 return -EINVAL;
689 return 0;
690 }
691
692 /*
693 * loop_change_fd switched the backing store of a loopback device to
694 * a new file. This is useful for operating system installers to free up
695 * the original file and in High Availability environments to switch to
696 * an alternative location for the content in case of server meltdown.
697 * This can only work if the loop device is used read-only, and if the
698 * new backing store is the same size and type as the old backing store.
699 */
700 static int loop_change_fd(struct loop_device *lo, struct block_device *bdev,
701 unsigned int arg)
702 {
703 struct file *file = NULL, *old_file;
704 int error;
705 bool partscan;
706
707 error = mutex_lock_killable(&loop_ctl_mutex);
708 if (error)
709 return error;
710 error = -ENXIO;
711 if (lo->lo_state != Lo_bound)
712 goto out_err;
713
714 /* the loop device has to be read-only */
715 error = -EINVAL;
716 if (!(lo->lo_flags & LO_FLAGS_READ_ONLY))
717 goto out_err;
718
719 error = -EBADF;
720 file = fget(arg);
721 if (!file)
722 goto out_err;
723
724 error = loop_validate_file(file, bdev);
725 if (error)
726 goto out_err;
727
728 old_file = lo->lo_backing_file;
729
730 error = -EINVAL;
731
732 /* size of the new backing store needs to be the same */
733 if (get_loop_size(lo, file) != get_loop_size(lo, old_file))
734 goto out_err;
735
736 /* and ... switch */
737 blk_mq_freeze_queue(lo->lo_queue);
738 mapping_set_gfp_mask(old_file->f_mapping, lo->old_gfp_mask);
739 lo->lo_backing_file = file;
740 lo->old_gfp_mask = mapping_gfp_mask(file->f_mapping);
741 mapping_set_gfp_mask(file->f_mapping,
742 lo->old_gfp_mask & ~(__GFP_IO|__GFP_FS));
743 loop_update_dio(lo);
744 blk_mq_unfreeze_queue(lo->lo_queue);
745 partscan = lo->lo_flags & LO_FLAGS_PARTSCAN;
746 mutex_unlock(&loop_ctl_mutex);
747 /*
748 * We must drop file reference outside of loop_ctl_mutex as dropping
749 * the file ref can take bd_mutex which creates circular locking
750 * dependency.
751 */
752 fput(old_file);
753 if (partscan)
754 loop_reread_partitions(lo, bdev);
755 return 0;
756
757 out_err:
758 mutex_unlock(&loop_ctl_mutex);
759 if (file)
760 fput(file);
761 return error;
762 }
763
764 /* loop sysfs attributes */
765
766 static ssize_t loop_attr_show(struct device *dev, char *page,
767 ssize_t (*callback)(struct loop_device *, char *))
768 {
769 struct gendisk *disk = dev_to_disk(dev);
770 struct loop_device *lo = disk->private_data;
771
772 return callback(lo, page);
773 }
774
775 #define LOOP_ATTR_RO(_name) \
776 static ssize_t loop_attr_##_name##_show(struct loop_device *, char *); \
777 static ssize_t loop_attr_do_show_##_name(struct device *d, \
778 struct device_attribute *attr, char *b) \
779 { \
780 return loop_attr_show(d, b, loop_attr_##_name##_show); \
781 } \
782 static struct device_attribute loop_attr_##_name = \
783 __ATTR(_name, 0444, loop_attr_do_show_##_name, NULL);
784
785 static ssize_t loop_attr_backing_file_show(struct loop_device *lo, char *buf)
786 {
787 ssize_t ret;
788 char *p = NULL;
789
790 spin_lock_irq(&lo->lo_lock);
791 if (lo->lo_backing_file)
792 p = file_path(lo->lo_backing_file, buf, PAGE_SIZE - 1);
793 spin_unlock_irq(&lo->lo_lock);
794
795 if (IS_ERR_OR_NULL(p))
796 ret = PTR_ERR(p);
797 else {
798 ret = strlen(p);
799 memmove(buf, p, ret);
800 buf[ret++] = '\n';
801 buf[ret] = 0;
802 }
803
804 return ret;
805 }
806
807 static ssize_t loop_attr_offset_show(struct loop_device *lo, char *buf)
808 {
809 return sprintf(buf, "%llu\n", (unsigned long long)lo->lo_offset);
810 }
811
812 static ssize_t loop_attr_sizelimit_show(struct loop_device *lo, char *buf)
813 {
814 return sprintf(buf, "%llu\n", (unsigned long long)lo->lo_sizelimit);
815 }
816
817 static ssize_t loop_attr_autoclear_show(struct loop_device *lo, char *buf)
818 {
819 int autoclear = (lo->lo_flags & LO_FLAGS_AUTOCLEAR);
820
821 return sprintf(buf, "%s\n", autoclear ? "1" : "0");
822 }
823
824 static ssize_t loop_attr_partscan_show(struct loop_device *lo, char *buf)
825 {
826 int partscan = (lo->lo_flags & LO_FLAGS_PARTSCAN);
827
828 return sprintf(buf, "%s\n", partscan ? "1" : "0");
829 }
830
831 static ssize_t loop_attr_dio_show(struct loop_device *lo, char *buf)
832 {
833 int dio = (lo->lo_flags & LO_FLAGS_DIRECT_IO);
834
835 return sprintf(buf, "%s\n", dio ? "1" : "0");
836 }
837
838 LOOP_ATTR_RO(backing_file);
839 LOOP_ATTR_RO(offset);
840 LOOP_ATTR_RO(sizelimit);
841 LOOP_ATTR_RO(autoclear);
842 LOOP_ATTR_RO(partscan);
843 LOOP_ATTR_RO(dio);
844
845 static struct attribute *loop_attrs[] = {
846 &loop_attr_backing_file.attr,
847 &loop_attr_offset.attr,
848 &loop_attr_sizelimit.attr,
849 &loop_attr_autoclear.attr,
850 &loop_attr_partscan.attr,
851 &loop_attr_dio.attr,
852 NULL,
853 };
854
855 static struct attribute_group loop_attribute_group = {
856 .name = "loop",
857 .attrs= loop_attrs,
858 };
859
860 static void loop_sysfs_init(struct loop_device *lo)
861 {
862 lo->sysfs_inited = !sysfs_create_group(&disk_to_dev(lo->lo_disk)->kobj,
863 &loop_attribute_group);
864 }
865
866 static void loop_sysfs_exit(struct loop_device *lo)
867 {
868 if (lo->sysfs_inited)
869 sysfs_remove_group(&disk_to_dev(lo->lo_disk)->kobj,
870 &loop_attribute_group);
871 }
872
873 static void loop_config_discard(struct loop_device *lo)
874 {
875 struct file *file = lo->lo_backing_file;
876 struct inode *inode = file->f_mapping->host;
877 struct request_queue *q = lo->lo_queue;
878 u32 granularity, max_discard_sectors;
879
880 /*
881 * If the backing device is a block device, mirror its zeroing
882 * capability. Set the discard sectors to the block device's zeroing
883 * capabilities because loop discards result in blkdev_issue_zeroout(),
884 * not blkdev_issue_discard(). This maintains consistent behavior with
885 * file-backed loop devices: discarded regions read back as zero.
886 */
887 if (S_ISBLK(inode->i_mode) && !lo->lo_encrypt_key_size) {
888 struct request_queue *backingq = bdev_get_queue(I_BDEV(inode));
889
890 max_discard_sectors = backingq->limits.max_write_zeroes_sectors;
891 granularity = backingq->limits.discard_granularity ?:
892 queue_physical_block_size(backingq);
893
894 /*
895 * We use punch hole to reclaim the free space used by the
896 * image a.k.a. discard. However we do not support discard if
897 * encryption is enabled, because it may give an attacker
898 * useful information.
899 */
900 } else if (!file->f_op->fallocate || lo->lo_encrypt_key_size) {
901 max_discard_sectors = 0;
902 granularity = 0;
903
904 } else {
905 max_discard_sectors = UINT_MAX >> 9;
906 granularity = inode->i_sb->s_blocksize;
907 }
908
909 if (max_discard_sectors) {
910 q->limits.discard_granularity = granularity;
911 blk_queue_max_discard_sectors(q, max_discard_sectors);
912 blk_queue_max_write_zeroes_sectors(q, max_discard_sectors);
913 blk_queue_flag_set(QUEUE_FLAG_DISCARD, q);
914 } else {
915 q->limits.discard_granularity = 0;
916 blk_queue_max_discard_sectors(q, 0);
917 blk_queue_max_write_zeroes_sectors(q, 0);
918 blk_queue_flag_clear(QUEUE_FLAG_DISCARD, q);
919 }
920 q->limits.discard_alignment = 0;
921 }
922
923 static void loop_unprepare_queue(struct loop_device *lo)
924 {
925 kthread_flush_worker(&lo->worker);
926 kthread_stop(lo->worker_task);
927 }
928
929 static int loop_kthread_worker_fn(void *worker_ptr)
930 {
931 current->flags |= PF_LOCAL_THROTTLE | PF_MEMALLOC_NOIO;
932 return kthread_worker_fn(worker_ptr);
933 }
934
935 static int loop_prepare_queue(struct loop_device *lo)
936 {
937 kthread_init_worker(&lo->worker);
938 lo->worker_task = kthread_run(loop_kthread_worker_fn,
939 &lo->worker, "loop%d", lo->lo_number);
940 if (IS_ERR(lo->worker_task))
941 return -ENOMEM;
942 set_user_nice(lo->worker_task, MIN_NICE);
943 return 0;
944 }
945
946 static void loop_update_rotational(struct loop_device *lo)
947 {
948 struct file *file = lo->lo_backing_file;
949 struct inode *file_inode = file->f_mapping->host;
950 struct block_device *file_bdev = file_inode->i_sb->s_bdev;
951 struct request_queue *q = lo->lo_queue;
952 bool nonrot = true;
953
954 /* not all filesystems (e.g. tmpfs) have a sb->s_bdev */
955 if (file_bdev)
956 nonrot = blk_queue_nonrot(bdev_get_queue(file_bdev));
957
958 if (nonrot)
959 blk_queue_flag_set(QUEUE_FLAG_NONROT, q);
960 else
961 blk_queue_flag_clear(QUEUE_FLAG_NONROT, q);
962 }
963
964 static int
965 loop_release_xfer(struct loop_device *lo)
966 {
967 int err = 0;
968 struct loop_func_table *xfer = lo->lo_encryption;
969
970 if (xfer) {
971 if (xfer->release)
972 err = xfer->release(lo);
973 lo->transfer = NULL;
974 lo->lo_encryption = NULL;
975 module_put(xfer->owner);
976 }
977 return err;
978 }
979
980 static int
981 loop_init_xfer(struct loop_device *lo, struct loop_func_table *xfer,
982 const struct loop_info64 *i)
983 {
984 int err = 0;
985
986 if (xfer) {
987 struct module *owner = xfer->owner;
988
989 if (!try_module_get(owner))
990 return -EINVAL;
991 if (xfer->init)
992 err = xfer->init(lo, i);
993 if (err)
994 module_put(owner);
995 else
996 lo->lo_encryption = xfer;
997 }
998 return err;
999 }
1000
1001 /**
1002 * loop_set_status_from_info - configure device from loop_info
1003 * @lo: struct loop_device to configure
1004 * @info: struct loop_info64 to configure the device with
1005 *
1006 * Configures the loop device parameters according to the passed
1007 * in loop_info64 configuration.
1008 */
1009 static int
1010 loop_set_status_from_info(struct loop_device *lo,
1011 const struct loop_info64 *info)
1012 {
1013 int err;
1014 struct loop_func_table *xfer;
1015 kuid_t uid = current_uid();
1016
1017 if ((unsigned int) info->lo_encrypt_key_size > LO_KEY_SIZE)
1018 return -EINVAL;
1019
1020 err = loop_release_xfer(lo);
1021 if (err)
1022 return err;
1023
1024 if (info->lo_encrypt_type) {
1025 unsigned int type = info->lo_encrypt_type;
1026
1027 if (type >= MAX_LO_CRYPT)
1028 return -EINVAL;
1029 xfer = xfer_funcs[type];
1030 if (xfer == NULL)
1031 return -EINVAL;
1032 } else
1033 xfer = NULL;
1034
1035 err = loop_init_xfer(lo, xfer, info);
1036 if (err)
1037 return err;
1038
1039 lo->lo_offset = info->lo_offset;
1040 lo->lo_sizelimit = info->lo_sizelimit;
1041 memcpy(lo->lo_file_name, info->lo_file_name, LO_NAME_SIZE);
1042 memcpy(lo->lo_crypt_name, info->lo_crypt_name, LO_NAME_SIZE);
1043 lo->lo_file_name[LO_NAME_SIZE-1] = 0;
1044 lo->lo_crypt_name[LO_NAME_SIZE-1] = 0;
1045
1046 if (!xfer)
1047 xfer = &none_funcs;
1048 lo->transfer = xfer->transfer;
1049 lo->ioctl = xfer->ioctl;
1050
1051 lo->lo_flags = info->lo_flags;
1052
1053 lo->lo_encrypt_key_size = info->lo_encrypt_key_size;
1054 lo->lo_init[0] = info->lo_init[0];
1055 lo->lo_init[1] = info->lo_init[1];
1056 if (info->lo_encrypt_key_size) {
1057 memcpy(lo->lo_encrypt_key, info->lo_encrypt_key,
1058 info->lo_encrypt_key_size);
1059 lo->lo_key_owner = uid;
1060 }
1061
1062 return 0;
1063 }
1064
1065 static int loop_configure(struct loop_device *lo, fmode_t mode,
1066 struct block_device *bdev,
1067 const struct loop_config *config)
1068 {
1069 struct file *file;
1070 struct inode *inode;
1071 struct address_space *mapping;
1072 int error;
1073 loff_t size;
1074 bool partscan;
1075 unsigned short bsize;
1076
1077 /* This is safe, since we have a reference from open(). */
1078 __module_get(THIS_MODULE);
1079
1080 error = -EBADF;
1081 file = fget(config->fd);
1082 if (!file)
1083 goto out;
1084
1085 /*
1086 * If we don't hold exclusive handle for the device, upgrade to it
1087 * here to avoid changing device under exclusive owner.
1088 */
1089 if (!(mode & FMODE_EXCL)) {
1090 error = bd_prepare_to_claim(bdev, loop_configure);
1091 if (error)
1092 goto out_putf;
1093 }
1094
1095 error = mutex_lock_killable(&loop_ctl_mutex);
1096 if (error)
1097 goto out_bdev;
1098
1099 error = -EBUSY;
1100 if (lo->lo_state != Lo_unbound)
1101 goto out_unlock;
1102
1103 error = loop_validate_file(file, bdev);
1104 if (error)
1105 goto out_unlock;
1106
1107 mapping = file->f_mapping;
1108 inode = mapping->host;
1109
1110 if ((config->info.lo_flags & ~LOOP_CONFIGURE_SETTABLE_FLAGS) != 0) {
1111 error = -EINVAL;
1112 goto out_unlock;
1113 }
1114
1115 if (config->block_size) {
1116 error = loop_validate_block_size(config->block_size);
1117 if (error)
1118 goto out_unlock;
1119 }
1120
1121 error = loop_set_status_from_info(lo, &config->info);
1122 if (error)
1123 goto out_unlock;
1124
1125 if (!(file->f_mode & FMODE_WRITE) || !(mode & FMODE_WRITE) ||
1126 !file->f_op->write_iter)
1127 lo->lo_flags |= LO_FLAGS_READ_ONLY;
1128
1129 error = loop_prepare_queue(lo);
1130 if (error)
1131 goto out_unlock;
1132
1133 set_disk_ro(lo->lo_disk, (lo->lo_flags & LO_FLAGS_READ_ONLY) != 0);
1134
1135 lo->use_dio = lo->lo_flags & LO_FLAGS_DIRECT_IO;
1136 lo->lo_device = bdev;
1137 lo->lo_backing_file = file;
1138 lo->old_gfp_mask = mapping_gfp_mask(mapping);
1139 mapping_set_gfp_mask(mapping, lo->old_gfp_mask & ~(__GFP_IO|__GFP_FS));
1140
1141 if (!(lo->lo_flags & LO_FLAGS_READ_ONLY) && file->f_op->fsync)
1142 blk_queue_write_cache(lo->lo_queue, true, false);
1143
1144 if (config->block_size)
1145 bsize = config->block_size;
1146 else if ((lo->lo_backing_file->f_flags & O_DIRECT) && inode->i_sb->s_bdev)
1147 /* In case of direct I/O, match underlying block size */
1148 bsize = bdev_logical_block_size(inode->i_sb->s_bdev);
1149 else
1150 bsize = 512;
1151
1152 blk_queue_logical_block_size(lo->lo_queue, bsize);
1153 blk_queue_physical_block_size(lo->lo_queue, bsize);
1154 blk_queue_io_min(lo->lo_queue, bsize);
1155
1156 loop_update_rotational(lo);
1157 loop_update_dio(lo);
1158 loop_sysfs_init(lo);
1159
1160 size = get_loop_size(lo, file);
1161 loop_set_size(lo, size);
1162
1163 lo->lo_state = Lo_bound;
1164 if (part_shift)
1165 lo->lo_flags |= LO_FLAGS_PARTSCAN;
1166 partscan = lo->lo_flags & LO_FLAGS_PARTSCAN;
1167 if (partscan)
1168 lo->lo_disk->flags &= ~GENHD_FL_NO_PART_SCAN;
1169
1170 /* Grab the block_device to prevent its destruction after we
1171 * put /dev/loopXX inode. Later in __loop_clr_fd() we bdput(bdev).
1172 */
1173 bdgrab(bdev);
1174 mutex_unlock(&loop_ctl_mutex);
1175 if (partscan)
1176 loop_reread_partitions(lo, bdev);
1177 if (!(mode & FMODE_EXCL))
1178 bd_abort_claiming(bdev, loop_configure);
1179 return 0;
1180
1181 out_unlock:
1182 mutex_unlock(&loop_ctl_mutex);
1183 out_bdev:
1184 if (!(mode & FMODE_EXCL))
1185 bd_abort_claiming(bdev, loop_configure);
1186 out_putf:
1187 fput(file);
1188 out:
1189 /* This is safe: open() is still holding a reference. */
1190 module_put(THIS_MODULE);
1191 return error;
1192 }
1193
1194 static int __loop_clr_fd(struct loop_device *lo, bool release)
1195 {
1196 struct file *filp = NULL;
1197 gfp_t gfp = lo->old_gfp_mask;
1198 struct block_device *bdev = lo->lo_device;
1199 int err = 0;
1200 bool partscan = false;
1201 int lo_number;
1202
1203 mutex_lock(&loop_ctl_mutex);
1204 if (WARN_ON_ONCE(lo->lo_state != Lo_rundown)) {
1205 err = -ENXIO;
1206 goto out_unlock;
1207 }
1208
1209 filp = lo->lo_backing_file;
1210 if (filp == NULL) {
1211 err = -EINVAL;
1212 goto out_unlock;
1213 }
1214
1215 /* freeze request queue during the transition */
1216 blk_mq_freeze_queue(lo->lo_queue);
1217
1218 spin_lock_irq(&lo->lo_lock);
1219 lo->lo_backing_file = NULL;
1220 spin_unlock_irq(&lo->lo_lock);
1221
1222 loop_release_xfer(lo);
1223 lo->transfer = NULL;
1224 lo->ioctl = NULL;
1225 lo->lo_device = NULL;
1226 lo->lo_encryption = NULL;
1227 lo->lo_offset = 0;
1228 lo->lo_sizelimit = 0;
1229 lo->lo_encrypt_key_size = 0;
1230 memset(lo->lo_encrypt_key, 0, LO_KEY_SIZE);
1231 memset(lo->lo_crypt_name, 0, LO_NAME_SIZE);
1232 memset(lo->lo_file_name, 0, LO_NAME_SIZE);
1233 blk_queue_logical_block_size(lo->lo_queue, 512);
1234 blk_queue_physical_block_size(lo->lo_queue, 512);
1235 blk_queue_io_min(lo->lo_queue, 512);
1236 if (bdev) {
1237 bdput(bdev);
1238 invalidate_bdev(bdev);
1239 bdev->bd_inode->i_mapping->wb_err = 0;
1240 }
1241 set_capacity(lo->lo_disk, 0);
1242 loop_sysfs_exit(lo);
1243 if (bdev) {
1244 /* let user-space know about this change */
1245 kobject_uevent(&disk_to_dev(bdev->bd_disk)->kobj, KOBJ_CHANGE);
1246 }
1247 mapping_set_gfp_mask(filp->f_mapping, gfp);
1248 /* This is safe: open() is still holding a reference. */
1249 module_put(THIS_MODULE);
1250 blk_mq_unfreeze_queue(lo->lo_queue);
1251
1252 partscan = lo->lo_flags & LO_FLAGS_PARTSCAN && bdev;
1253 lo_number = lo->lo_number;
1254 loop_unprepare_queue(lo);
1255 out_unlock:
1256 mutex_unlock(&loop_ctl_mutex);
1257 if (partscan) {
1258 /*
1259 * bd_mutex has been held already in release path, so don't
1260 * acquire it if this function is called in such case.
1261 *
1262 * If the reread partition isn't from release path, lo_refcnt
1263 * must be at least one and it can only become zero when the
1264 * current holder is released.
1265 */
1266 if (!release)
1267 mutex_lock(&bdev->bd_mutex);
1268 err = bdev_disk_changed(bdev, false);
1269 if (!release)
1270 mutex_unlock(&bdev->bd_mutex);
1271 if (err)
1272 pr_warn("%s: partition scan of loop%d failed (rc=%d)\n",
1273 __func__, lo_number, err);
1274 /* Device is gone, no point in returning error */
1275 err = 0;
1276 }
1277
1278 /*
1279 * lo->lo_state is set to Lo_unbound here after above partscan has
1280 * finished.
1281 *
1282 * There cannot be anybody else entering __loop_clr_fd() as
1283 * lo->lo_backing_file is already cleared and Lo_rundown state
1284 * protects us from all the other places trying to change the 'lo'
1285 * device.
1286 */
1287 mutex_lock(&loop_ctl_mutex);
1288 lo->lo_flags = 0;
1289 if (!part_shift)
1290 lo->lo_disk->flags |= GENHD_FL_NO_PART_SCAN;
1291 lo->lo_state = Lo_unbound;
1292 mutex_unlock(&loop_ctl_mutex);
1293
1294 /*
1295 * Need not hold loop_ctl_mutex to fput backing file.
1296 * Calling fput holding loop_ctl_mutex triggers a circular
1297 * lock dependency possibility warning as fput can take
1298 * bd_mutex which is usually taken before loop_ctl_mutex.
1299 */
1300 if (filp)
1301 fput(filp);
1302 return err;
1303 }
1304
1305 static int loop_clr_fd(struct loop_device *lo)
1306 {
1307 int err;
1308
1309 err = mutex_lock_killable(&loop_ctl_mutex);
1310 if (err)
1311 return err;
1312 if (lo->lo_state != Lo_bound) {
1313 mutex_unlock(&loop_ctl_mutex);
1314 return -ENXIO;
1315 }
1316 /*
1317 * If we've explicitly asked to tear down the loop device,
1318 * and it has an elevated reference count, set it for auto-teardown when
1319 * the last reference goes away. This stops $!~#$@ udev from
1320 * preventing teardown because it decided that it needs to run blkid on
1321 * the loopback device whenever they appear. xfstests is notorious for
1322 * failing tests because blkid via udev races with a losetup
1323 * <dev>/do something like mkfs/losetup -d <dev> causing the losetup -d
1324 * command to fail with EBUSY.
1325 */
1326 if (atomic_read(&lo->lo_refcnt) > 1) {
1327 lo->lo_flags |= LO_FLAGS_AUTOCLEAR;
1328 mutex_unlock(&loop_ctl_mutex);
1329 return 0;
1330 }
1331 lo->lo_state = Lo_rundown;
1332 mutex_unlock(&loop_ctl_mutex);
1333
1334 return __loop_clr_fd(lo, false);
1335 }
1336
1337 static int
1338 loop_set_status(struct loop_device *lo, const struct loop_info64 *info)
1339 {
1340 int err;
1341 struct block_device *bdev;
1342 kuid_t uid = current_uid();
1343 int prev_lo_flags;
1344 bool partscan = false;
1345 bool size_changed = false;
1346
1347 err = mutex_lock_killable(&loop_ctl_mutex);
1348 if (err)
1349 return err;
1350 if (lo->lo_encrypt_key_size &&
1351 !uid_eq(lo->lo_key_owner, uid) &&
1352 !capable(CAP_SYS_ADMIN)) {
1353 err = -EPERM;
1354 goto out_unlock;
1355 }
1356 if (lo->lo_state != Lo_bound) {
1357 err = -ENXIO;
1358 goto out_unlock;
1359 }
1360
1361 if (lo->lo_offset != info->lo_offset ||
1362 lo->lo_sizelimit != info->lo_sizelimit) {
1363 size_changed = true;
1364 sync_blockdev(lo->lo_device);
1365 invalidate_bdev(lo->lo_device);
1366 }
1367
1368 /* I/O need to be drained during transfer transition */
1369 blk_mq_freeze_queue(lo->lo_queue);
1370
1371 if (size_changed && lo->lo_device->bd_inode->i_mapping->nrpages) {
1372 /* If any pages were dirtied after invalidate_bdev(), try again */
1373 err = -EAGAIN;
1374 pr_warn("%s: loop%d (%s) has still dirty pages (nrpages=%lu)\n",
1375 __func__, lo->lo_number, lo->lo_file_name,
1376 lo->lo_device->bd_inode->i_mapping->nrpages);
1377 goto out_unfreeze;
1378 }
1379
1380 prev_lo_flags = lo->lo_flags;
1381
1382 err = loop_set_status_from_info(lo, info);
1383 if (err)
1384 goto out_unfreeze;
1385
1386 /* Mask out flags that can't be set using LOOP_SET_STATUS. */
1387 lo->lo_flags &= LOOP_SET_STATUS_SETTABLE_FLAGS;
1388 /* For those flags, use the previous values instead */
1389 lo->lo_flags |= prev_lo_flags & ~LOOP_SET_STATUS_SETTABLE_FLAGS;
1390 /* For flags that can't be cleared, use previous values too */
1391 lo->lo_flags |= prev_lo_flags & ~LOOP_SET_STATUS_CLEARABLE_FLAGS;
1392
1393 if (size_changed) {
1394 loff_t new_size = get_size(lo->lo_offset, lo->lo_sizelimit,
1395 lo->lo_backing_file);
1396 loop_set_size(lo, new_size);
1397 }
1398
1399 loop_config_discard(lo);
1400
1401 /* update dio if lo_offset or transfer is changed */
1402 __loop_update_dio(lo, lo->use_dio);
1403
1404 out_unfreeze:
1405 blk_mq_unfreeze_queue(lo->lo_queue);
1406
1407 if (!err && (lo->lo_flags & LO_FLAGS_PARTSCAN) &&
1408 !(prev_lo_flags & LO_FLAGS_PARTSCAN)) {
1409 lo->lo_disk->flags &= ~GENHD_FL_NO_PART_SCAN;
1410 bdev = lo->lo_device;
1411 partscan = true;
1412 }
1413 out_unlock:
1414 mutex_unlock(&loop_ctl_mutex);
1415 if (partscan)
1416 loop_reread_partitions(lo, bdev);
1417
1418 return err;
1419 }
1420
1421 static int
1422 loop_get_status(struct loop_device *lo, struct loop_info64 *info)
1423 {
1424 struct path path;
1425 struct kstat stat;
1426 int ret;
1427
1428 ret = mutex_lock_killable(&loop_ctl_mutex);
1429 if (ret)
1430 return ret;
1431 if (lo->lo_state != Lo_bound) {
1432 mutex_unlock(&loop_ctl_mutex);
1433 return -ENXIO;
1434 }
1435
1436 memset(info, 0, sizeof(*info));
1437 info->lo_number = lo->lo_number;
1438 info->lo_offset = lo->lo_offset;
1439 info->lo_sizelimit = lo->lo_sizelimit;
1440 info->lo_flags = lo->lo_flags;
1441 memcpy(info->lo_file_name, lo->lo_file_name, LO_NAME_SIZE);
1442 memcpy(info->lo_crypt_name, lo->lo_crypt_name, LO_NAME_SIZE);
1443 info->lo_encrypt_type =
1444 lo->lo_encryption ? lo->lo_encryption->number : 0;
1445 if (lo->lo_encrypt_key_size && capable(CAP_SYS_ADMIN)) {
1446 info->lo_encrypt_key_size = lo->lo_encrypt_key_size;
1447 memcpy(info->lo_encrypt_key, lo->lo_encrypt_key,
1448 lo->lo_encrypt_key_size);
1449 }
1450
1451 /* Drop loop_ctl_mutex while we call into the filesystem. */
1452 path = lo->lo_backing_file->f_path;
1453 path_get(&path);
1454 mutex_unlock(&loop_ctl_mutex);
1455 ret = vfs_getattr(&path, &stat, STATX_INO, AT_STATX_SYNC_AS_STAT);
1456 if (!ret) {
1457 info->lo_device = huge_encode_dev(stat.dev);
1458 info->lo_inode = stat.ino;
1459 info->lo_rdevice = huge_encode_dev(stat.rdev);
1460 }
1461 path_put(&path);
1462 return ret;
1463 }
1464
1465 static void
1466 loop_info64_from_old(const struct loop_info *info, struct loop_info64 *info64)
1467 {
1468 memset(info64, 0, sizeof(*info64));
1469 info64->lo_number = info->lo_number;
1470 info64->lo_device = info->lo_device;
1471 info64->lo_inode = info->lo_inode;
1472 info64->lo_rdevice = info->lo_rdevice;
1473 info64->lo_offset = info->lo_offset;
1474 info64->lo_sizelimit = 0;
1475 info64->lo_encrypt_type = info->lo_encrypt_type;
1476 info64->lo_encrypt_key_size = info->lo_encrypt_key_size;
1477 info64->lo_flags = info->lo_flags;
1478 info64->lo_init[0] = info->lo_init[0];
1479 info64->lo_init[1] = info->lo_init[1];
1480 if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1481 memcpy(info64->lo_crypt_name, info->lo_name, LO_NAME_SIZE);
1482 else
1483 memcpy(info64->lo_file_name, info->lo_name, LO_NAME_SIZE);
1484 memcpy(info64->lo_encrypt_key, info->lo_encrypt_key, LO_KEY_SIZE);
1485 }
1486
1487 static int
1488 loop_info64_to_old(const struct loop_info64 *info64, struct loop_info *info)
1489 {
1490 memset(info, 0, sizeof(*info));
1491 info->lo_number = info64->lo_number;
1492 info->lo_device = info64->lo_device;
1493 info->lo_inode = info64->lo_inode;
1494 info->lo_rdevice = info64->lo_rdevice;
1495 info->lo_offset = info64->lo_offset;
1496 info->lo_encrypt_type = info64->lo_encrypt_type;
1497 info->lo_encrypt_key_size = info64->lo_encrypt_key_size;
1498 info->lo_flags = info64->lo_flags;
1499 info->lo_init[0] = info64->lo_init[0];
1500 info->lo_init[1] = info64->lo_init[1];
1501 if (info->lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1502 memcpy(info->lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
1503 else
1504 memcpy(info->lo_name, info64->lo_file_name, LO_NAME_SIZE);
1505 memcpy(info->lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
1506
1507 /* error in case values were truncated */
1508 if (info->lo_device != info64->lo_device ||
1509 info->lo_rdevice != info64->lo_rdevice ||
1510 info->lo_inode != info64->lo_inode ||
1511 info->lo_offset != info64->lo_offset)
1512 return -EOVERFLOW;
1513
1514 return 0;
1515 }
1516
1517 static int
1518 loop_set_status_old(struct loop_device *lo, const struct loop_info __user *arg)
1519 {
1520 struct loop_info info;
1521 struct loop_info64 info64;
1522
1523 if (copy_from_user(&info, arg, sizeof (struct loop_info)))
1524 return -EFAULT;
1525 loop_info64_from_old(&info, &info64);
1526 return loop_set_status(lo, &info64);
1527 }
1528
1529 static int
1530 loop_set_status64(struct loop_device *lo, const struct loop_info64 __user *arg)
1531 {
1532 struct loop_info64 info64;
1533
1534 if (copy_from_user(&info64, arg, sizeof (struct loop_info64)))
1535 return -EFAULT;
1536 return loop_set_status(lo, &info64);
1537 }
1538
1539 static int
1540 loop_get_status_old(struct loop_device *lo, struct loop_info __user *arg) {
1541 struct loop_info info;
1542 struct loop_info64 info64;
1543 int err;
1544
1545 if (!arg)
1546 return -EINVAL;
1547 err = loop_get_status(lo, &info64);
1548 if (!err)
1549 err = loop_info64_to_old(&info64, &info);
1550 if (!err && copy_to_user(arg, &info, sizeof(info)))
1551 err = -EFAULT;
1552
1553 return err;
1554 }
1555
1556 static int
1557 loop_get_status64(struct loop_device *lo, struct loop_info64 __user *arg) {
1558 struct loop_info64 info64;
1559 int err;
1560
1561 if (!arg)
1562 return -EINVAL;
1563 err = loop_get_status(lo, &info64);
1564 if (!err && copy_to_user(arg, &info64, sizeof(info64)))
1565 err = -EFAULT;
1566
1567 return err;
1568 }
1569
1570 static int loop_set_capacity(struct loop_device *lo)
1571 {
1572 loff_t size;
1573
1574 if (unlikely(lo->lo_state != Lo_bound))
1575 return -ENXIO;
1576
1577 size = get_loop_size(lo, lo->lo_backing_file);
1578 loop_set_size(lo, size);
1579
1580 return 0;
1581 }
1582
1583 static int loop_set_dio(struct loop_device *lo, unsigned long arg)
1584 {
1585 int error = -ENXIO;
1586 if (lo->lo_state != Lo_bound)
1587 goto out;
1588
1589 __loop_update_dio(lo, !!arg);
1590 if (lo->use_dio == !!arg)
1591 return 0;
1592 error = -EINVAL;
1593 out:
1594 return error;
1595 }
1596
1597 static int loop_set_block_size(struct loop_device *lo, unsigned long arg)
1598 {
1599 int err = 0;
1600
1601 if (lo->lo_state != Lo_bound)
1602 return -ENXIO;
1603
1604 err = loop_validate_block_size(arg);
1605 if (err)
1606 return err;
1607
1608 if (lo->lo_queue->limits.logical_block_size == arg)
1609 return 0;
1610
1611 sync_blockdev(lo->lo_device);
1612 invalidate_bdev(lo->lo_device);
1613
1614 blk_mq_freeze_queue(lo->lo_queue);
1615
1616 /* invalidate_bdev should have truncated all the pages */
1617 if (lo->lo_device->bd_inode->i_mapping->nrpages) {
1618 err = -EAGAIN;
1619 pr_warn("%s: loop%d (%s) has still dirty pages (nrpages=%lu)\n",
1620 __func__, lo->lo_number, lo->lo_file_name,
1621 lo->lo_device->bd_inode->i_mapping->nrpages);
1622 goto out_unfreeze;
1623 }
1624
1625 blk_queue_logical_block_size(lo->lo_queue, arg);
1626 blk_queue_physical_block_size(lo->lo_queue, arg);
1627 blk_queue_io_min(lo->lo_queue, arg);
1628 loop_update_dio(lo);
1629 out_unfreeze:
1630 blk_mq_unfreeze_queue(lo->lo_queue);
1631
1632 return err;
1633 }
1634
1635 static int lo_simple_ioctl(struct loop_device *lo, unsigned int cmd,
1636 unsigned long arg)
1637 {
1638 int err;
1639
1640 err = mutex_lock_killable(&loop_ctl_mutex);
1641 if (err)
1642 return err;
1643 switch (cmd) {
1644 case LOOP_SET_CAPACITY:
1645 err = loop_set_capacity(lo);
1646 break;
1647 case LOOP_SET_DIRECT_IO:
1648 err = loop_set_dio(lo, arg);
1649 break;
1650 case LOOP_SET_BLOCK_SIZE:
1651 err = loop_set_block_size(lo, arg);
1652 break;
1653 default:
1654 err = lo->ioctl ? lo->ioctl(lo, cmd, arg) : -EINVAL;
1655 }
1656 mutex_unlock(&loop_ctl_mutex);
1657 return err;
1658 }
1659
1660 static int lo_ioctl(struct block_device *bdev, fmode_t mode,
1661 unsigned int cmd, unsigned long arg)
1662 {
1663 struct loop_device *lo = bdev->bd_disk->private_data;
1664 void __user *argp = (void __user *) arg;
1665 int err;
1666
1667 switch (cmd) {
1668 case LOOP_SET_FD: {
1669 /*
1670 * Legacy case - pass in a zeroed out struct loop_config with
1671 * only the file descriptor set , which corresponds with the
1672 * default parameters we'd have used otherwise.
1673 */
1674 struct loop_config config;
1675
1676 memset(&config, 0, sizeof(config));
1677 config.fd = arg;
1678
1679 return loop_configure(lo, mode, bdev, &config);
1680 }
1681 case LOOP_CONFIGURE: {
1682 struct loop_config config;
1683
1684 if (copy_from_user(&config, argp, sizeof(config)))
1685 return -EFAULT;
1686
1687 return loop_configure(lo, mode, bdev, &config);
1688 }
1689 case LOOP_CHANGE_FD:
1690 return loop_change_fd(lo, bdev, arg);
1691 case LOOP_CLR_FD:
1692 return loop_clr_fd(lo);
1693 case LOOP_SET_STATUS:
1694 err = -EPERM;
1695 if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) {
1696 err = loop_set_status_old(lo, argp);
1697 }
1698 break;
1699 case LOOP_GET_STATUS:
1700 return loop_get_status_old(lo, argp);
1701 case LOOP_SET_STATUS64:
1702 err = -EPERM;
1703 if ((mode & FMODE_WRITE) || capable(CAP_SYS_ADMIN)) {
1704 err = loop_set_status64(lo, argp);
1705 }
1706 break;
1707 case LOOP_GET_STATUS64:
1708 return loop_get_status64(lo, argp);
1709 case LOOP_SET_CAPACITY:
1710 case LOOP_SET_DIRECT_IO:
1711 case LOOP_SET_BLOCK_SIZE:
1712 if (!(mode & FMODE_WRITE) && !capable(CAP_SYS_ADMIN))
1713 return -EPERM;
1714 fallthrough;
1715 default:
1716 err = lo_simple_ioctl(lo, cmd, arg);
1717 break;
1718 }
1719
1720 return err;
1721 }
1722
1723 #ifdef CONFIG_COMPAT
1724 struct compat_loop_info {
1725 compat_int_t lo_number; /* ioctl r/o */
1726 compat_dev_t lo_device; /* ioctl r/o */
1727 compat_ulong_t lo_inode; /* ioctl r/o */
1728 compat_dev_t lo_rdevice; /* ioctl r/o */
1729 compat_int_t lo_offset;
1730 compat_int_t lo_encrypt_type;
1731 compat_int_t lo_encrypt_key_size; /* ioctl w/o */
1732 compat_int_t lo_flags; /* ioctl r/o */
1733 char lo_name[LO_NAME_SIZE];
1734 unsigned char lo_encrypt_key[LO_KEY_SIZE]; /* ioctl w/o */
1735 compat_ulong_t lo_init[2];
1736 char reserved[4];
1737 };
1738
1739 /*
1740 * Transfer 32-bit compatibility structure in userspace to 64-bit loop info
1741 * - noinlined to reduce stack space usage in main part of driver
1742 */
1743 static noinline int
1744 loop_info64_from_compat(const struct compat_loop_info __user *arg,
1745 struct loop_info64 *info64)
1746 {
1747 struct compat_loop_info info;
1748
1749 if (copy_from_user(&info, arg, sizeof(info)))
1750 return -EFAULT;
1751
1752 memset(info64, 0, sizeof(*info64));
1753 info64->lo_number = info.lo_number;
1754 info64->lo_device = info.lo_device;
1755 info64->lo_inode = info.lo_inode;
1756 info64->lo_rdevice = info.lo_rdevice;
1757 info64->lo_offset = info.lo_offset;
1758 info64->lo_sizelimit = 0;
1759 info64->lo_encrypt_type = info.lo_encrypt_type;
1760 info64->lo_encrypt_key_size = info.lo_encrypt_key_size;
1761 info64->lo_flags = info.lo_flags;
1762 info64->lo_init[0] = info.lo_init[0];
1763 info64->lo_init[1] = info.lo_init[1];
1764 if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1765 memcpy(info64->lo_crypt_name, info.lo_name, LO_NAME_SIZE);
1766 else
1767 memcpy(info64->lo_file_name, info.lo_name, LO_NAME_SIZE);
1768 memcpy(info64->lo_encrypt_key, info.lo_encrypt_key, LO_KEY_SIZE);
1769 return 0;
1770 }
1771
1772 /*
1773 * Transfer 64-bit loop info to 32-bit compatibility structure in userspace
1774 * - noinlined to reduce stack space usage in main part of driver
1775 */
1776 static noinline int
1777 loop_info64_to_compat(const struct loop_info64 *info64,
1778 struct compat_loop_info __user *arg)
1779 {
1780 struct compat_loop_info info;
1781
1782 memset(&info, 0, sizeof(info));
1783 info.lo_number = info64->lo_number;
1784 info.lo_device = info64->lo_device;
1785 info.lo_inode = info64->lo_inode;
1786 info.lo_rdevice = info64->lo_rdevice;
1787 info.lo_offset = info64->lo_offset;
1788 info.lo_encrypt_type = info64->lo_encrypt_type;
1789 info.lo_encrypt_key_size = info64->lo_encrypt_key_size;
1790 info.lo_flags = info64->lo_flags;
1791 info.lo_init[0] = info64->lo_init[0];
1792 info.lo_init[1] = info64->lo_init[1];
1793 if (info.lo_encrypt_type == LO_CRYPT_CRYPTOAPI)
1794 memcpy(info.lo_name, info64->lo_crypt_name, LO_NAME_SIZE);
1795 else
1796 memcpy(info.lo_name, info64->lo_file_name, LO_NAME_SIZE);
1797 memcpy(info.lo_encrypt_key, info64->lo_encrypt_key, LO_KEY_SIZE);
1798
1799 /* error in case values were truncated */
1800 if (info.lo_device != info64->lo_device ||
1801 info.lo_rdevice != info64->lo_rdevice ||
1802 info.lo_inode != info64->lo_inode ||
1803 info.lo_offset != info64->lo_offset ||
1804 info.lo_init[0] != info64->lo_init[0] ||
1805 info.lo_init[1] != info64->lo_init[1])
1806 return -EOVERFLOW;
1807
1808 if (copy_to_user(arg, &info, sizeof(info)))
1809 return -EFAULT;
1810 return 0;
1811 }
1812
1813 static int
1814 loop_set_status_compat(struct loop_device *lo,
1815 const struct compat_loop_info __user *arg)
1816 {
1817 struct loop_info64 info64;
1818 int ret;
1819
1820 ret = loop_info64_from_compat(arg, &info64);
1821 if (ret < 0)
1822 return ret;
1823 return loop_set_status(lo, &info64);
1824 }
1825
1826 static int
1827 loop_get_status_compat(struct loop_device *lo,
1828 struct compat_loop_info __user *arg)
1829 {
1830 struct loop_info64 info64;
1831 int err;
1832
1833 if (!arg)
1834 return -EINVAL;
1835 err = loop_get_status(lo, &info64);
1836 if (!err)
1837 err = loop_info64_to_compat(&info64, arg);
1838 return err;
1839 }
1840
1841 static int lo_compat_ioctl(struct block_device *bdev, fmode_t mode,
1842 unsigned int cmd, unsigned long arg)
1843 {
1844 struct loop_device *lo = bdev->bd_disk->private_data;
1845 int err;
1846
1847 switch(cmd) {
1848 case LOOP_SET_STATUS:
1849 err = loop_set_status_compat(lo,
1850 (const struct compat_loop_info __user *)arg);
1851 break;
1852 case LOOP_GET_STATUS:
1853 err = loop_get_status_compat(lo,
1854 (struct compat_loop_info __user *)arg);
1855 break;
1856 case LOOP_SET_CAPACITY:
1857 case LOOP_CLR_FD:
1858 case LOOP_GET_STATUS64:
1859 case LOOP_SET_STATUS64:
1860 case LOOP_CONFIGURE:
1861 arg = (unsigned long) compat_ptr(arg);
1862 fallthrough;
1863 case LOOP_SET_FD:
1864 case LOOP_CHANGE_FD:
1865 case LOOP_SET_BLOCK_SIZE:
1866 case LOOP_SET_DIRECT_IO:
1867 err = lo_ioctl(bdev, mode, cmd, arg);
1868 break;
1869 default:
1870 err = -ENOIOCTLCMD;
1871 break;
1872 }
1873 return err;
1874 }
1875 #endif
1876
1877 static int lo_open(struct block_device *bdev, fmode_t mode)
1878 {
1879 struct loop_device *lo;
1880 int err;
1881
1882 err = mutex_lock_killable(&loop_ctl_mutex);
1883 if (err)
1884 return err;
1885 lo = bdev->bd_disk->private_data;
1886 if (!lo) {
1887 err = -ENXIO;
1888 goto out;
1889 }
1890
1891 atomic_inc(&lo->lo_refcnt);
1892 out:
1893 mutex_unlock(&loop_ctl_mutex);
1894 return err;
1895 }
1896
1897 static void lo_release(struct gendisk *disk, fmode_t mode)
1898 {
1899 struct loop_device *lo;
1900
1901 mutex_lock(&loop_ctl_mutex);
1902 lo = disk->private_data;
1903 if (atomic_dec_return(&lo->lo_refcnt))
1904 goto out_unlock;
1905
1906 if (lo->lo_flags & LO_FLAGS_AUTOCLEAR) {
1907 if (lo->lo_state != Lo_bound)
1908 goto out_unlock;
1909 lo->lo_state = Lo_rundown;
1910 mutex_unlock(&loop_ctl_mutex);
1911 /*
1912 * In autoclear mode, stop the loop thread
1913 * and remove configuration after last close.
1914 */
1915 __loop_clr_fd(lo, true);
1916 return;
1917 } else if (lo->lo_state == Lo_bound) {
1918 /*
1919 * Otherwise keep thread (if running) and config,
1920 * but flush possible ongoing bios in thread.
1921 */
1922 blk_mq_freeze_queue(lo->lo_queue);
1923 blk_mq_unfreeze_queue(lo->lo_queue);
1924 }
1925
1926 out_unlock:
1927 mutex_unlock(&loop_ctl_mutex);
1928 }
1929
1930 static const struct block_device_operations lo_fops = {
1931 .owner = THIS_MODULE,
1932 .open = lo_open,
1933 .release = lo_release,
1934 .ioctl = lo_ioctl,
1935 #ifdef CONFIG_COMPAT
1936 .compat_ioctl = lo_compat_ioctl,
1937 #endif
1938 };
1939
1940 /*
1941 * And now the modules code and kernel interface.
1942 */
1943 static int max_loop;
1944 module_param(max_loop, int, 0444);
1945 MODULE_PARM_DESC(max_loop, "Maximum number of loop devices");
1946 module_param(max_part, int, 0444);
1947 MODULE_PARM_DESC(max_part, "Maximum number of partitions per loop device");
1948 MODULE_LICENSE("GPL");
1949 MODULE_ALIAS_BLOCKDEV_MAJOR(LOOP_MAJOR);
1950
1951 int loop_register_transfer(struct loop_func_table *funcs)
1952 {
1953 unsigned int n = funcs->number;
1954
1955 if (n >= MAX_LO_CRYPT || xfer_funcs[n])
1956 return -EINVAL;
1957 xfer_funcs[n] = funcs;
1958 return 0;
1959 }
1960
1961 static int unregister_transfer_cb(int id, void *ptr, void *data)
1962 {
1963 struct loop_device *lo = ptr;
1964 struct loop_func_table *xfer = data;
1965
1966 mutex_lock(&loop_ctl_mutex);
1967 if (lo->lo_encryption == xfer)
1968 loop_release_xfer(lo);
1969 mutex_unlock(&loop_ctl_mutex);
1970 return 0;
1971 }
1972
1973 int loop_unregister_transfer(int number)
1974 {
1975 unsigned int n = number;
1976 struct loop_func_table *xfer;
1977
1978 if (n == 0 || n >= MAX_LO_CRYPT || (xfer = xfer_funcs[n]) == NULL)
1979 return -EINVAL;
1980
1981 xfer_funcs[n] = NULL;
1982 idr_for_each(&loop_index_idr, &unregister_transfer_cb, xfer);
1983 return 0;
1984 }
1985
1986 EXPORT_SYMBOL(loop_register_transfer);
1987 EXPORT_SYMBOL(loop_unregister_transfer);
1988
1989 static blk_status_t loop_queue_rq(struct blk_mq_hw_ctx *hctx,
1990 const struct blk_mq_queue_data *bd)
1991 {
1992 struct request *rq = bd->rq;
1993 struct loop_cmd *cmd = blk_mq_rq_to_pdu(rq);
1994 struct loop_device *lo = rq->q->queuedata;
1995
1996 blk_mq_start_request(rq);
1997
1998 if (lo->lo_state != Lo_bound)
1999 return BLK_STS_IOERR;
2000
2001 switch (req_op(rq)) {
2002 case REQ_OP_FLUSH:
2003 case REQ_OP_DISCARD:
2004 case REQ_OP_WRITE_ZEROES:
2005 cmd->use_aio = false;
2006 break;
2007 default:
2008 cmd->use_aio = lo->use_dio;
2009 break;
2010 }
2011
2012 /* always use the first bio's css */
2013 #ifdef CONFIG_BLK_CGROUP
2014 if (cmd->use_aio && rq->bio && rq->bio->bi_blkg) {
2015 cmd->css = &bio_blkcg(rq->bio)->css;
2016 css_get(cmd->css);
2017 } else
2018 #endif
2019 cmd->css = NULL;
2020 kthread_queue_work(&lo->worker, &cmd->work);
2021
2022 return BLK_STS_OK;
2023 }
2024
2025 static void loop_handle_cmd(struct loop_cmd *cmd)
2026 {
2027 struct request *rq = blk_mq_rq_from_pdu(cmd);
2028 const bool write = op_is_write(req_op(rq));
2029 struct loop_device *lo = rq->q->queuedata;
2030 int ret = 0;
2031
2032 if (write && (lo->lo_flags & LO_FLAGS_READ_ONLY)) {
2033 ret = -EIO;
2034 goto failed;
2035 }
2036
2037 ret = do_req_filebacked(lo, rq);
2038 failed:
2039 /* complete non-aio request */
2040 if (!cmd->use_aio || ret) {
2041 if (ret == -EOPNOTSUPP)
2042 cmd->ret = ret;
2043 else
2044 cmd->ret = ret ? -EIO : 0;
2045 if (likely(!blk_should_fake_timeout(rq->q)))
2046 blk_mq_complete_request(rq);
2047 }
2048 }
2049
2050 static void loop_queue_work(struct kthread_work *work)
2051 {
2052 struct loop_cmd *cmd =
2053 container_of(work, struct loop_cmd, work);
2054
2055 loop_handle_cmd(cmd);
2056 }
2057
2058 static int loop_init_request(struct blk_mq_tag_set *set, struct request *rq,
2059 unsigned int hctx_idx, unsigned int numa_node)
2060 {
2061 struct loop_cmd *cmd = blk_mq_rq_to_pdu(rq);
2062
2063 kthread_init_work(&cmd->work, loop_queue_work);
2064 return 0;
2065 }
2066
2067 static const struct blk_mq_ops loop_mq_ops = {
2068 .queue_rq = loop_queue_rq,
2069 .init_request = loop_init_request,
2070 .complete = lo_complete_rq,
2071 };
2072
2073 static int loop_add(struct loop_device **l, int i)
2074 {
2075 struct loop_device *lo;
2076 struct gendisk *disk;
2077 int err;
2078
2079 err = -ENOMEM;
2080 lo = kzalloc(sizeof(*lo), GFP_KERNEL);
2081 if (!lo)
2082 goto out;
2083
2084 lo->lo_state = Lo_unbound;
2085
2086 /* allocate id, if @id >= 0, we're requesting that specific id */
2087 if (i >= 0) {
2088 err = idr_alloc(&loop_index_idr, lo, i, i + 1, GFP_KERNEL);
2089 if (err == -ENOSPC)
2090 err = -EEXIST;
2091 } else {
2092 err = idr_alloc(&loop_index_idr, lo, 0, 0, GFP_KERNEL);
2093 }
2094 if (err < 0)
2095 goto out_free_dev;
2096 i = err;
2097
2098 err = -ENOMEM;
2099 lo->tag_set.ops = &loop_mq_ops;
2100 lo->tag_set.nr_hw_queues = 1;
2101 lo->tag_set.queue_depth = 128;
2102 lo->tag_set.numa_node = NUMA_NO_NODE;
2103 lo->tag_set.cmd_size = sizeof(struct loop_cmd);
2104 lo->tag_set.flags = BLK_MQ_F_SHOULD_MERGE | BLK_MQ_F_STACKING;
2105 lo->tag_set.driver_data = lo;
2106
2107 err = blk_mq_alloc_tag_set(&lo->tag_set);
2108 if (err)
2109 goto out_free_idr;
2110
2111 lo->lo_queue = blk_mq_init_queue(&lo->tag_set);
2112 if (IS_ERR(lo->lo_queue)) {
2113 err = PTR_ERR(lo->lo_queue);
2114 goto out_cleanup_tags;
2115 }
2116 lo->lo_queue->queuedata = lo;
2117
2118 blk_queue_max_hw_sectors(lo->lo_queue, BLK_DEF_MAX_SECTORS);
2119
2120 /*
2121 * By default, we do buffer IO, so it doesn't make sense to enable
2122 * merge because the I/O submitted to backing file is handled page by
2123 * page. For directio mode, merge does help to dispatch bigger request
2124 * to underlayer disk. We will enable merge once directio is enabled.
2125 */
2126 blk_queue_flag_set(QUEUE_FLAG_NOMERGES, lo->lo_queue);
2127
2128 err = -ENOMEM;
2129 disk = lo->lo_disk = alloc_disk(1 << part_shift);
2130 if (!disk)
2131 goto out_free_queue;
2132
2133 /*
2134 * Disable partition scanning by default. The in-kernel partition
2135 * scanning can be requested individually per-device during its
2136 * setup. Userspace can always add and remove partitions from all
2137 * devices. The needed partition minors are allocated from the
2138 * extended minor space, the main loop device numbers will continue
2139 * to match the loop minors, regardless of the number of partitions
2140 * used.
2141 *
2142 * If max_part is given, partition scanning is globally enabled for
2143 * all loop devices. The minors for the main loop devices will be
2144 * multiples of max_part.
2145 *
2146 * Note: Global-for-all-devices, set-only-at-init, read-only module
2147 * parameteters like 'max_loop' and 'max_part' make things needlessly
2148 * complicated, are too static, inflexible and may surprise
2149 * userspace tools. Parameters like this in general should be avoided.
2150 */
2151 if (!part_shift)
2152 disk->flags |= GENHD_FL_NO_PART_SCAN;
2153 disk->flags |= GENHD_FL_EXT_DEVT;
2154 atomic_set(&lo->lo_refcnt, 0);
2155 lo->lo_number = i;
2156 spin_lock_init(&lo->lo_lock);
2157 disk->major = LOOP_MAJOR;
2158 disk->first_minor = i << part_shift;
2159 disk->fops = &lo_fops;
2160 disk->private_data = lo;
2161 disk->queue = lo->lo_queue;
2162 sprintf(disk->disk_name, "loop%d", i);
2163 add_disk(disk);
2164 *l = lo;
2165 return lo->lo_number;
2166
2167 out_free_queue:
2168 blk_cleanup_queue(lo->lo_queue);
2169 out_cleanup_tags:
2170 blk_mq_free_tag_set(&lo->tag_set);
2171 out_free_idr:
2172 idr_remove(&loop_index_idr, i);
2173 out_free_dev:
2174 kfree(lo);
2175 out:
2176 return err;
2177 }
2178
2179 static void loop_remove(struct loop_device *lo)
2180 {
2181 del_gendisk(lo->lo_disk);
2182 blk_cleanup_queue(lo->lo_queue);
2183 blk_mq_free_tag_set(&lo->tag_set);
2184 put_disk(lo->lo_disk);
2185 kfree(lo);
2186 }
2187
2188 static int find_free_cb(int id, void *ptr, void *data)
2189 {
2190 struct loop_device *lo = ptr;
2191 struct loop_device **l = data;
2192
2193 if (lo->lo_state == Lo_unbound) {
2194 *l = lo;
2195 return 1;
2196 }
2197 return 0;
2198 }
2199
2200 static int loop_lookup(struct loop_device **l, int i)
2201 {
2202 struct loop_device *lo;
2203 int ret = -ENODEV;
2204
2205 if (i < 0) {
2206 int err;
2207
2208 err = idr_for_each(&loop_index_idr, &find_free_cb, &lo);
2209 if (err == 1) {
2210 *l = lo;
2211 ret = lo->lo_number;
2212 }
2213 goto out;
2214 }
2215
2216 /* lookup and return a specific i */
2217 lo = idr_find(&loop_index_idr, i);
2218 if (lo) {
2219 *l = lo;
2220 ret = lo->lo_number;
2221 }
2222 out:
2223 return ret;
2224 }
2225
2226 static void loop_probe(dev_t dev)
2227 {
2228 int idx = MINOR(dev) >> part_shift;
2229 struct loop_device *lo;
2230
2231 if (max_loop && idx >= max_loop)
2232 return;
2233
2234 mutex_lock(&loop_ctl_mutex);
2235 if (loop_lookup(&lo, idx) < 0)
2236 loop_add(&lo, idx);
2237 mutex_unlock(&loop_ctl_mutex);
2238 }
2239
2240 static long loop_control_ioctl(struct file *file, unsigned int cmd,
2241 unsigned long parm)
2242 {
2243 struct loop_device *lo;
2244 int ret;
2245
2246 ret = mutex_lock_killable(&loop_ctl_mutex);
2247 if (ret)
2248 return ret;
2249
2250 ret = -ENOSYS;
2251 switch (cmd) {
2252 case LOOP_CTL_ADD:
2253 ret = loop_lookup(&lo, parm);
2254 if (ret >= 0) {
2255 ret = -EEXIST;
2256 break;
2257 }
2258 ret = loop_add(&lo, parm);
2259 break;
2260 case LOOP_CTL_REMOVE:
2261 ret = loop_lookup(&lo, parm);
2262 if (ret < 0)
2263 break;
2264 if (lo->lo_state != Lo_unbound) {
2265 ret = -EBUSY;
2266 break;
2267 }
2268 if (atomic_read(&lo->lo_refcnt) > 0) {
2269 ret = -EBUSY;
2270 break;
2271 }
2272 lo->lo_disk->private_data = NULL;
2273 idr_remove(&loop_index_idr, lo->lo_number);
2274 loop_remove(lo);
2275 break;
2276 case LOOP_CTL_GET_FREE:
2277 ret = loop_lookup(&lo, -1);
2278 if (ret >= 0)
2279 break;
2280 ret = loop_add(&lo, -1);
2281 }
2282 mutex_unlock(&loop_ctl_mutex);
2283
2284 return ret;
2285 }
2286
2287 static const struct file_operations loop_ctl_fops = {
2288 .open = nonseekable_open,
2289 .unlocked_ioctl = loop_control_ioctl,
2290 .compat_ioctl = loop_control_ioctl,
2291 .owner = THIS_MODULE,
2292 .llseek = noop_llseek,
2293 };
2294
2295 static struct miscdevice loop_misc = {
2296 .minor = LOOP_CTRL_MINOR,
2297 .name = "loop-control",
2298 .fops = &loop_ctl_fops,
2299 };
2300
2301 MODULE_ALIAS_MISCDEV(LOOP_CTRL_MINOR);
2302 MODULE_ALIAS("devname:loop-control");
2303
2304 static int __init loop_init(void)
2305 {
2306 int i, nr;
2307 struct loop_device *lo;
2308 int err;
2309
2310 part_shift = 0;
2311 if (max_part > 0) {
2312 part_shift = fls(max_part);
2313
2314 /*
2315 * Adjust max_part according to part_shift as it is exported
2316 * to user space so that user can decide correct minor number
2317 * if [s]he want to create more devices.
2318 *
2319 * Note that -1 is required because partition 0 is reserved
2320 * for the whole disk.
2321 */
2322 max_part = (1UL << part_shift) - 1;
2323 }
2324
2325 if ((1UL << part_shift) > DISK_MAX_PARTS) {
2326 err = -EINVAL;
2327 goto err_out;
2328 }
2329
2330 if (max_loop > 1UL << (MINORBITS - part_shift)) {
2331 err = -EINVAL;
2332 goto err_out;
2333 }
2334
2335 /*
2336 * If max_loop is specified, create that many devices upfront.
2337 * This also becomes a hard limit. If max_loop is not specified,
2338 * create CONFIG_BLK_DEV_LOOP_MIN_COUNT loop devices at module
2339 * init time. Loop devices can be requested on-demand with the
2340 * /dev/loop-control interface, or be instantiated by accessing
2341 * a 'dead' device node.
2342 */
2343 if (max_loop)
2344 nr = max_loop;
2345 else
2346 nr = CONFIG_BLK_DEV_LOOP_MIN_COUNT;
2347
2348 err = misc_register(&loop_misc);
2349 if (err < 0)
2350 goto err_out;
2351
2352
2353 if (__register_blkdev(LOOP_MAJOR, "loop", loop_probe)) {
2354 err = -EIO;
2355 goto misc_out;
2356 }
2357
2358 /* pre-create number of devices given by config or max_loop */
2359 mutex_lock(&loop_ctl_mutex);
2360 for (i = 0; i < nr; i++)
2361 loop_add(&lo, i);
2362 mutex_unlock(&loop_ctl_mutex);
2363
2364 printk(KERN_INFO "loop: module loaded\n");
2365 return 0;
2366
2367 misc_out:
2368 misc_deregister(&loop_misc);
2369 err_out:
2370 return err;
2371 }
2372
2373 static int loop_exit_cb(int id, void *ptr, void *data)
2374 {
2375 struct loop_device *lo = ptr;
2376
2377 loop_remove(lo);
2378 return 0;
2379 }
2380
2381 static void __exit loop_exit(void)
2382 {
2383 mutex_lock(&loop_ctl_mutex);
2384
2385 idr_for_each(&loop_index_idr, &loop_exit_cb, NULL);
2386 idr_destroy(&loop_index_idr);
2387
2388 unregister_blkdev(LOOP_MAJOR, "loop");
2389
2390 misc_deregister(&loop_misc);
2391
2392 mutex_unlock(&loop_ctl_mutex);
2393 }
2394
2395 module_init(loop_init);
2396 module_exit(loop_exit);
2397
2398 #ifndef MODULE
2399 static int __init max_loop_setup(char *str)
2400 {
2401 max_loop = simple_strtol(str, NULL, 0);
2402 return 1;
2403 }
2404
2405 __setup("max_loop=", max_loop_setup);
2406 #endif
Linux with added FPC-III support