projects / librecmc / linux-libre.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Linux-libre 3.18.98-gnu
[librecmc/linux-libre.git] / drivers / block / rbd.c
1
2 /*
3    rbd.c -- Export ceph rados objects as a Linux block device
4
5
6    based on drivers/block/osdblk.c:
7
8    Copyright 2009 Red Hat, Inc.
9
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation.
13
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18
19    You should have received a copy of the GNU General Public License
20    along with this program; see the file COPYING.  If not, write to
21    the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
22
23
24
25    For usage instructions, please refer to:
26
27                  Documentation/ABI/testing/sysfs-bus-rbd
28
29  */
30
31 #include <linux/ceph/libceph.h>
32 #include <linux/ceph/osd_client.h>
33 #include <linux/ceph/mon_client.h>
34 #include <linux/ceph/decode.h>
35 #include <linux/parser.h>
36 #include <linux/bsearch.h>
37
38 #include <linux/kernel.h>
39 #include <linux/device.h>
40 #include <linux/module.h>
41 #include <linux/fs.h>
42 #include <linux/blkdev.h>
43 #include <linux/slab.h>
44 #include <linux/idr.h>
45 #include <linux/workqueue.h>
46
47 #include "rbd_types.h"
48
49 #define RBD_DEBUG       /* Activate rbd_assert() calls */
50
51 /*
52  * The basic unit of block I/O is a sector.  It is interpreted in a
53  * number of contexts in Linux (blk, bio, genhd), but the default is
54  * universally 512 bytes.  These symbols are just slightly more
55  * meaningful than the bare numbers they represent.
56  */
57 #define SECTOR_SHIFT    9
58 #define SECTOR_SIZE     (1ULL << SECTOR_SHIFT)
59
60 /*
61  * Increment the given counter and return its updated value.
62  * If the counter is already 0 it will not be incremented.
63  * If the counter is already at its maximum value returns
64  * -EINVAL without updating it.
65  */
66 static int atomic_inc_return_safe(atomic_t *v)
67 {
68         unsigned int counter;
69
70         counter = (unsigned int)__atomic_add_unless(v, 1, 0);
71         if (counter <= (unsigned int)INT_MAX)
72                 return (int)counter;
73
74         atomic_dec(v);
75
76         return -EINVAL;
77 }
78
79 /* Decrement the counter.  Return the resulting value, or -EINVAL */
80 static int atomic_dec_return_safe(atomic_t *v)
81 {
82         int counter;
83
84         counter = atomic_dec_return(v);
85         if (counter >= 0)
86                 return counter;
87
88         atomic_inc(v);
89
90         return -EINVAL;
91 }
92
93 #define RBD_DRV_NAME "rbd"
94
95 #define RBD_MINORS_PER_MAJOR            256
96 #define RBD_SINGLE_MAJOR_PART_SHIFT     4
97
98 #define RBD_SNAP_DEV_NAME_PREFIX        "snap_"
99 #define RBD_MAX_SNAP_NAME_LEN   \
100                         (NAME_MAX - (sizeof (RBD_SNAP_DEV_NAME_PREFIX) - 1))
101
102 #define RBD_MAX_SNAP_COUNT      510     /* allows max snapc to fit in 4KB */
103
104 #define RBD_SNAP_HEAD_NAME      "-"
105
106 #define BAD_SNAP_INDEX  U32_MAX         /* invalid index into snap array */
107
108 /* This allows a single page to hold an image name sent by OSD */
109 #define RBD_IMAGE_NAME_LEN_MAX  (PAGE_SIZE - sizeof (__le32) - 1)
110 #define RBD_IMAGE_ID_LEN_MAX    64
111
112 #define RBD_OBJ_PREFIX_LEN_MAX  64
113
114 /* Feature bits */
115
116 #define RBD_FEATURE_LAYERING    (1<<0)
117 #define RBD_FEATURE_STRIPINGV2  (1<<1)
118 #define RBD_FEATURES_ALL \
119             (RBD_FEATURE_LAYERING | RBD_FEATURE_STRIPINGV2)
120
121 /* Features supported by this (client software) implementation. */
122
123 #define RBD_FEATURES_SUPPORTED  (RBD_FEATURES_ALL)
124
125 /*
126  * An RBD device name will be "rbd#", where the "rbd" comes from
127  * RBD_DRV_NAME above, and # is a unique integer identifier.
128  * MAX_INT_FORMAT_WIDTH is used in ensuring DEV_NAME_LEN is big
129  * enough to hold all possible device names.
130  */
131 #define DEV_NAME_LEN            32
132 #define MAX_INT_FORMAT_WIDTH    ((5 * sizeof (int)) / 2 + 1)
133
134 /*
135  * block device image metadata (in-memory version)
136  */
137 struct rbd_image_header {
138         /* These six fields never change for a given rbd image */
139         char *object_prefix;
140         __u8 obj_order;
141         __u8 crypt_type;
142         __u8 comp_type;
143         u64 stripe_unit;
144         u64 stripe_count;
145         u64 features;           /* Might be changeable someday? */
146
147         /* The remaining fields need to be updated occasionally */
148         u64 image_size;
149         struct ceph_snap_context *snapc;
150         char *snap_names;       /* format 1 only */
151         u64 *snap_sizes;        /* format 1 only */
152 };
153
154 /*
155  * An rbd image specification.
156  *
157  * The tuple (pool_id, image_id, snap_id) is sufficient to uniquely
158  * identify an image.  Each rbd_dev structure includes a pointer to
159  * an rbd_spec structure that encapsulates this identity.
160  *
161  * Each of the id's in an rbd_spec has an associated name.  For a
162  * user-mapped image, the names are supplied and the id's associated
163  * with them are looked up.  For a layered image, a parent image is
164  * defined by the tuple, and the names are looked up.
165  *
166  * An rbd_dev structure contains a parent_spec pointer which is
167  * non-null if the image it represents is a child in a layered
168  * image.  This pointer will refer to the rbd_spec structure used
169  * by the parent rbd_dev for its own identity (i.e., the structure
170  * is shared between the parent and child).
171  *
172  * Since these structures are populated once, during the discovery
173  * phase of image construction, they are effectively immutable so
174  * we make no effort to synchronize access to them.
175  *
176  * Note that code herein does not assume the image name is known (it
177  * could be a null pointer).
178  */
179 struct rbd_spec {
180         u64             pool_id;
181         const char      *pool_name;
182
183         const char      *image_id;
184         const char      *image_name;
185
186         u64             snap_id;
187         const char      *snap_name;
188
189         struct kref     kref;
190 };
191
192 /*
193  * an instance of the client.  multiple devices may share an rbd client.
194  */
195 struct rbd_client {
196         struct ceph_client      *client;
197         struct kref             kref;
198         struct list_head        node;
199 };
200
201 struct rbd_img_request;
202 typedef void (*rbd_img_callback_t)(struct rbd_img_request *);
203
204 #define BAD_WHICH       U32_MAX         /* Good which or bad which, which? */
205
206 struct rbd_obj_request;
207 typedef void (*rbd_obj_callback_t)(struct rbd_obj_request *);
208
209 enum obj_request_type {
210         OBJ_REQUEST_NODATA, OBJ_REQUEST_BIO, OBJ_REQUEST_PAGES
211 };
212
213 enum obj_operation_type {
214         OBJ_OP_WRITE,
215         OBJ_OP_READ,
216         OBJ_OP_DISCARD,
217 };
218
219 enum obj_req_flags {
220         OBJ_REQ_DONE,           /* completion flag: not done = 0, done = 1 */
221         OBJ_REQ_IMG_DATA,       /* object usage: standalone = 0, image = 1 */
222         OBJ_REQ_KNOWN,          /* EXISTS flag valid: no = 0, yes = 1 */
223         OBJ_REQ_EXISTS,         /* target exists: no = 0, yes = 1 */
224 };
225
226 struct rbd_obj_request {
227         const char              *object_name;
228         u64                     offset;         /* object start byte */
229         u64                     length;         /* bytes from offset */
230         unsigned long           flags;
231
232         /*
233          * An object request associated with an image will have its
234          * img_data flag set; a standalone object request will not.
235          *
236          * A standalone object request will have which == BAD_WHICH
237          * and a null obj_request pointer.
238          *
239          * An object request initiated in support of a layered image
240          * object (to check for its existence before a write) will
241          * have which == BAD_WHICH and a non-null obj_request pointer.
242          *
243          * Finally, an object request for rbd image data will have
244          * which != BAD_WHICH, and will have a non-null img_request
245          * pointer.  The value of which will be in the range
246          * 0..(img_request->obj_request_count-1).
247          */
248         union {
249                 struct rbd_obj_request  *obj_request;   /* STAT op */
250                 struct {
251                         struct rbd_img_request  *img_request;
252                         u64                     img_offset;
253                         /* links for img_request->obj_requests list */
254                         struct list_head        links;
255                 };
256         };
257         u32                     which;          /* posn image request list */
258
259         enum obj_request_type   type;
260         union {
261                 struct bio      *bio_list;
262                 struct {
263                         struct page     **pages;
264                         u32             page_count;
265                 };
266         };
267         struct page             **copyup_pages;
268         u32                     copyup_page_count;
269
270         struct ceph_osd_request *osd_req;
271
272         u64                     xferred;        /* bytes transferred */
273         int                     result;
274
275         rbd_obj_callback_t      callback;
276         struct completion       completion;
277
278         struct kref             kref;
279 };
280
281 enum img_req_flags {
282         IMG_REQ_WRITE,          /* I/O direction: read = 0, write = 1 */
283         IMG_REQ_CHILD,          /* initiator: block = 0, child image = 1 */
284         IMG_REQ_LAYERED,        /* ENOENT handling: normal = 0, layered = 1 */
285         IMG_REQ_DISCARD,        /* discard: normal = 0, discard request = 1 */
286 };
287
288 struct rbd_img_request {
289         struct rbd_device       *rbd_dev;
290         u64                     offset; /* starting image byte offset */
291         u64                     length; /* byte count from offset */
292         unsigned long           flags;
293         union {
294                 u64                     snap_id;        /* for reads */
295                 struct ceph_snap_context *snapc;        /* for writes */
296         };
297         union {
298                 struct request          *rq;            /* block request */
299                 struct rbd_obj_request  *obj_request;   /* obj req initiator */
300         };
301         struct page             **copyup_pages;
302         u32                     copyup_page_count;
303         spinlock_t              completion_lock;/* protects next_completion */
304         u32                     next_completion;
305         rbd_img_callback_t      callback;
306         u64                     xferred;/* aggregate bytes transferred */
307         int                     result; /* first nonzero obj_request result */
308
309         u32                     obj_request_count;
310         struct list_head        obj_requests;   /* rbd_obj_request structs */
311
312         struct kref             kref;
313 };
314
315 #define for_each_obj_request(ireq, oreq) \
316         list_for_each_entry(oreq, &(ireq)->obj_requests, links)
317 #define for_each_obj_request_from(ireq, oreq) \
318         list_for_each_entry_from(oreq, &(ireq)->obj_requests, links)
319 #define for_each_obj_request_safe(ireq, oreq, n) \
320         list_for_each_entry_safe_reverse(oreq, n, &(ireq)->obj_requests, links)
321
322 struct rbd_mapping {
323         u64                     size;
324         u64                     features;
325         bool                    read_only;
326 };
327
328 /*
329  * a single device
330  */
331 struct rbd_device {
332         int                     dev_id;         /* blkdev unique id */
333
334         int                     major;          /* blkdev assigned major */
335         int                     minor;
336         struct gendisk          *disk;          /* blkdev's gendisk and rq */
337
338         u32                     image_format;   /* Either 1 or 2 */
339         struct rbd_client       *rbd_client;
340
341         char                    name[DEV_NAME_LEN]; /* blkdev name, e.g. rbd3 */
342
343         struct list_head        rq_queue;       /* incoming rq queue */
344         spinlock_t              lock;           /* queue, flags, open_count */
345         struct work_struct      rq_work;
346
347         struct rbd_image_header header;
348         unsigned long           flags;          /* possibly lock protected */
349         struct rbd_spec         *spec;
350
351         char                    *header_name;
352
353         struct ceph_file_layout layout;
354
355         struct ceph_osd_event   *watch_event;
356         struct rbd_obj_request  *watch_request;
357
358         struct rbd_spec         *parent_spec;
359         u64                     parent_overlap;
360         atomic_t                parent_ref;
361         struct rbd_device       *parent;
362
363         /* protects updating the header */
364         struct rw_semaphore     header_rwsem;
365
366         struct rbd_mapping      mapping;
367
368         struct list_head        node;
369
370         /* sysfs related */
371         struct device           dev;
372         unsigned long           open_count;     /* protected by lock */
373 };
374
375 /*
376  * Flag bits for rbd_dev->flags.  If atomicity is required,
377  * rbd_dev->lock is used to protect access.
378  *
379  * Currently, only the "removing" flag (which is coupled with the
380  * "open_count" field) requires atomic access.
381  */
382 enum rbd_dev_flags {
383         RBD_DEV_FLAG_EXISTS,    /* mapped snapshot has not been deleted */
384         RBD_DEV_FLAG_REMOVING,  /* this mapping is being removed */
385 };
386
387 static DEFINE_MUTEX(client_mutex);      /* Serialize client creation */
388
389 static LIST_HEAD(rbd_dev_list);    /* devices */
390 static DEFINE_SPINLOCK(rbd_dev_list_lock);
391
392 static LIST_HEAD(rbd_client_list);              /* clients */
393 static DEFINE_SPINLOCK(rbd_client_list_lock);
394
395 /* Slab caches for frequently-allocated structures */
396
397 static struct kmem_cache        *rbd_img_request_cache;
398 static struct kmem_cache        *rbd_obj_request_cache;
399 static struct kmem_cache        *rbd_segment_name_cache;
400
401 static int rbd_major;
402 static DEFINE_IDA(rbd_dev_id_ida);
403
404 static struct workqueue_struct *rbd_wq;
405
406 /*
407  * Default to false for now, as single-major requires >= 0.75 version of
408  * userspace rbd utility.
409  */
410 static bool single_major = false;
411 module_param(single_major, bool, S_IRUGO);
412 MODULE_PARM_DESC(single_major, "Use a single major number for all rbd devices (default: false)");
413
414 static int rbd_img_request_submit(struct rbd_img_request *img_request);
415
416 static void rbd_dev_device_release(struct device *dev);
417
418 static ssize_t rbd_add(struct bus_type *bus, const char *buf,
419                        size_t count);
420 static ssize_t rbd_remove(struct bus_type *bus, const char *buf,
421                           size_t count);
422 static ssize_t rbd_add_single_major(struct bus_type *bus, const char *buf,
423                                     size_t count);
424 static ssize_t rbd_remove_single_major(struct bus_type *bus, const char *buf,
425                                        size_t count);
426 static int rbd_dev_image_probe(struct rbd_device *rbd_dev, bool mapping);
427 static void rbd_spec_put(struct rbd_spec *spec);
428
429 static int rbd_dev_id_to_minor(int dev_id)
430 {
431         return dev_id << RBD_SINGLE_MAJOR_PART_SHIFT;
432 }
433
434 static int minor_to_rbd_dev_id(int minor)
435 {
436         return minor >> RBD_SINGLE_MAJOR_PART_SHIFT;
437 }
438
439 static BUS_ATTR(add, S_IWUSR, NULL, rbd_add);
440 static BUS_ATTR(remove, S_IWUSR, NULL, rbd_remove);
441 static BUS_ATTR(add_single_major, S_IWUSR, NULL, rbd_add_single_major);
442 static BUS_ATTR(remove_single_major, S_IWUSR, NULL, rbd_remove_single_major);
443
444 static struct attribute *rbd_bus_attrs[] = {
445         &bus_attr_add.attr,
446         &bus_attr_remove.attr,
447         &bus_attr_add_single_major.attr,
448         &bus_attr_remove_single_major.attr,
449         NULL,
450 };
451
452 static umode_t rbd_bus_is_visible(struct kobject *kobj,
453                                   struct attribute *attr, int index)
454 {
455         if (!single_major &&
456             (attr == &bus_attr_add_single_major.attr ||
457              attr == &bus_attr_remove_single_major.attr))
458                 return 0;
459
460         return attr->mode;
461 }
462
463 static const struct attribute_group rbd_bus_group = {
464         .attrs = rbd_bus_attrs,
465         .is_visible = rbd_bus_is_visible,
466 };
467 __ATTRIBUTE_GROUPS(rbd_bus);
468
469 static struct bus_type rbd_bus_type = {
470         .name           = "rbd",
471         .bus_groups     = rbd_bus_groups,
472 };
473
474 static void rbd_root_dev_release(struct device *dev)
475 {
476 }
477
478 static struct device rbd_root_dev = {
479         .init_name =    "rbd",
480         .release =      rbd_root_dev_release,
481 };
482
483 static __printf(2, 3)
484 void rbd_warn(struct rbd_device *rbd_dev, const char *fmt, ...)
485 {
486         struct va_format vaf;
487         va_list args;
488
489         va_start(args, fmt);
490         vaf.fmt = fmt;
491         vaf.va = &args;
492
493         if (!rbd_dev)
494                 printk(KERN_WARNING "%s: %pV\n", RBD_DRV_NAME, &vaf);
495         else if (rbd_dev->disk)
496                 printk(KERN_WARNING "%s: %s: %pV\n",
497                         RBD_DRV_NAME, rbd_dev->disk->disk_name, &vaf);
498         else if (rbd_dev->spec && rbd_dev->spec->image_name)
499                 printk(KERN_WARNING "%s: image %s: %pV\n",
500                         RBD_DRV_NAME, rbd_dev->spec->image_name, &vaf);
501         else if (rbd_dev->spec && rbd_dev->spec->image_id)
502                 printk(KERN_WARNING "%s: id %s: %pV\n",
503                         RBD_DRV_NAME, rbd_dev->spec->image_id, &vaf);
504         else    /* punt */
505                 printk(KERN_WARNING "%s: rbd_dev %p: %pV\n",
506                         RBD_DRV_NAME, rbd_dev, &vaf);
507         va_end(args);
508 }
509
510 #ifdef RBD_DEBUG
511 #define rbd_assert(expr)                                                \
512                 if (unlikely(!(expr))) {                                \
513                         printk(KERN_ERR "\nAssertion failure in %s() "  \
514                                                 "at line %d:\n\n"       \
515                                         "\trbd_assert(%s);\n\n",        \
516                                         __func__, __LINE__, #expr);     \
517                         BUG();                                          \
518                 }
519 #else /* !RBD_DEBUG */
520 #  define rbd_assert(expr)      ((void) 0)
521 #endif /* !RBD_DEBUG */
522
523 static void rbd_osd_copyup_callback(struct rbd_obj_request *obj_request);
524 static int rbd_img_obj_request_submit(struct rbd_obj_request *obj_request);
525 static void rbd_img_parent_read(struct rbd_obj_request *obj_request);
526 static void rbd_dev_remove_parent(struct rbd_device *rbd_dev);
527
528 static int rbd_dev_refresh(struct rbd_device *rbd_dev);
529 static int rbd_dev_v2_header_onetime(struct rbd_device *rbd_dev);
530 static int rbd_dev_header_info(struct rbd_device *rbd_dev);
531 static int rbd_dev_v2_parent_info(struct rbd_device *rbd_dev);
532 static const char *rbd_dev_v2_snap_name(struct rbd_device *rbd_dev,
533                                         u64 snap_id);
534 static int _rbd_dev_v2_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
535                                 u8 *order, u64 *snap_size);
536 static int _rbd_dev_v2_snap_features(struct rbd_device *rbd_dev, u64 snap_id,
537                 u64 *snap_features);
538 static u64 rbd_snap_id_by_name(struct rbd_device *rbd_dev, const char *name);
539
540 static int rbd_open(struct block_device *bdev, fmode_t mode)
541 {
542         struct rbd_device *rbd_dev = bdev->bd_disk->private_data;
543         bool removing = false;
544
545         if ((mode & FMODE_WRITE) && rbd_dev->mapping.read_only)
546                 return -EROFS;
547
548         spin_lock_irq(&rbd_dev->lock);
549         if (test_bit(RBD_DEV_FLAG_REMOVING, &rbd_dev->flags))
550                 removing = true;
551         else
552                 rbd_dev->open_count++;
553         spin_unlock_irq(&rbd_dev->lock);
554         if (removing)
555                 return -ENOENT;
556
557         (void) get_device(&rbd_dev->dev);
558
559         return 0;
560 }
561
562 static void rbd_release(struct gendisk *disk, fmode_t mode)
563 {
564         struct rbd_device *rbd_dev = disk->private_data;
565         unsigned long open_count_before;
566
567         spin_lock_irq(&rbd_dev->lock);
568         open_count_before = rbd_dev->open_count--;
569         spin_unlock_irq(&rbd_dev->lock);
570         rbd_assert(open_count_before > 0);
571
572         put_device(&rbd_dev->dev);
573 }
574
575 static int rbd_ioctl_set_ro(struct rbd_device *rbd_dev, unsigned long arg)
576 {
577         int ret = 0;
578         int val;
579         bool ro;
580         bool ro_changed = false;
581
582         /* get_user() may sleep, so call it before taking rbd_dev->lock */
583         if (get_user(val, (int __user *)(arg)))
584                 return -EFAULT;
585
586         ro = val ? true : false;
587         /* Snapshot doesn't allow to write*/
588         if (rbd_dev->spec->snap_id != CEPH_NOSNAP && !ro)
589                 return -EROFS;
590
591         spin_lock_irq(&rbd_dev->lock);
592         /* prevent others open this device */
593         if (rbd_dev->open_count > 1) {
594                 ret = -EBUSY;
595                 goto out;
596         }
597
598         if (rbd_dev->mapping.read_only != ro) {
599                 rbd_dev->mapping.read_only = ro;
600                 ro_changed = true;
601         }
602
603 out:
604         spin_unlock_irq(&rbd_dev->lock);
605         /* set_disk_ro() may sleep, so call it after releasing rbd_dev->lock */
606         if (ret == 0 && ro_changed)
607                 set_disk_ro(rbd_dev->disk, ro ? 1 : 0);
608
609         return ret;
610 }
611
612 static int rbd_ioctl(struct block_device *bdev, fmode_t mode,
613                         unsigned int cmd, unsigned long arg)
614 {
615         struct rbd_device *rbd_dev = bdev->bd_disk->private_data;
616         int ret = 0;
617
618         switch (cmd) {
619         case BLKROSET:
620                 ret = rbd_ioctl_set_ro(rbd_dev, arg);
621                 break;
622         default:
623                 ret = -ENOTTY;
624         }
625
626         return ret;
627 }
628
629 #ifdef CONFIG_COMPAT
630 static int rbd_compat_ioctl(struct block_device *bdev, fmode_t mode,
631                                 unsigned int cmd, unsigned long arg)
632 {
633         return rbd_ioctl(bdev, mode, cmd, arg);
634 }
635 #endif /* CONFIG_COMPAT */
636
637 static const struct block_device_operations rbd_bd_ops = {
638         .owner                  = THIS_MODULE,
639         .open                   = rbd_open,
640         .release                = rbd_release,
641         .ioctl                  = rbd_ioctl,
642 #ifdef CONFIG_COMPAT
643         .compat_ioctl           = rbd_compat_ioctl,
644 #endif
645 };
646
647 /*
648  * Initialize an rbd client instance.  Success or not, this function
649  * consumes ceph_opts.  Caller holds client_mutex.
650  */
651 static struct rbd_client *rbd_client_create(struct ceph_options *ceph_opts)
652 {
653         struct rbd_client *rbdc;
654         int ret = -ENOMEM;
655
656         dout("%s:\n", __func__);
657         rbdc = kmalloc(sizeof(struct rbd_client), GFP_KERNEL);
658         if (!rbdc)
659                 goto out_opt;
660
661         kref_init(&rbdc->kref);
662         INIT_LIST_HEAD(&rbdc->node);
663
664         rbdc->client = ceph_create_client(ceph_opts, rbdc, 0, 0);
665         if (IS_ERR(rbdc->client))
666                 goto out_rbdc;
667         ceph_opts = NULL; /* Now rbdc->client is responsible for ceph_opts */
668
669         ret = ceph_open_session(rbdc->client);
670         if (ret < 0)
671                 goto out_client;
672
673         spin_lock(&rbd_client_list_lock);
674         list_add_tail(&rbdc->node, &rbd_client_list);
675         spin_unlock(&rbd_client_list_lock);
676
677         dout("%s: rbdc %p\n", __func__, rbdc);
678
679         return rbdc;
680 out_client:
681         ceph_destroy_client(rbdc->client);
682 out_rbdc:
683         kfree(rbdc);
684 out_opt:
685         if (ceph_opts)
686                 ceph_destroy_options(ceph_opts);
687         dout("%s: error %d\n", __func__, ret);
688
689         return ERR_PTR(ret);
690 }
691
692 static struct rbd_client *__rbd_get_client(struct rbd_client *rbdc)
693 {
694         kref_get(&rbdc->kref);
695
696         return rbdc;
697 }
698
699 /*
700  * Find a ceph client with specific addr and configuration.  If
701  * found, bump its reference count.
702  */
703 static struct rbd_client *rbd_client_find(struct ceph_options *ceph_opts)
704 {
705         struct rbd_client *client_node;
706         bool found = false;
707
708         if (ceph_opts->flags & CEPH_OPT_NOSHARE)
709                 return NULL;
710
711         spin_lock(&rbd_client_list_lock);
712         list_for_each_entry(client_node, &rbd_client_list, node) {
713                 if (!ceph_compare_options(ceph_opts, client_node->client)) {
714                         __rbd_get_client(client_node);
715
716                         found = true;
717                         break;
718                 }
719         }
720         spin_unlock(&rbd_client_list_lock);
721
722         return found ? client_node : NULL;
723 }
724
725 /*
726  * mount options
727  */
728 enum {
729         Opt_last_int,
730         /* int args above */
731         Opt_last_string,
732         /* string args above */
733         Opt_read_only,
734         Opt_read_write,
735         /* Boolean args above */
736         Opt_last_bool,
737 };
738
739 static match_table_t rbd_opts_tokens = {
740         /* int args above */
741         /* string args above */
742         {Opt_read_only, "read_only"},
743         {Opt_read_only, "ro"},          /* Alternate spelling */
744         {Opt_read_write, "read_write"},
745         {Opt_read_write, "rw"},         /* Alternate spelling */
746         /* Boolean args above */
747         {-1, NULL}
748 };
749
750 struct rbd_options {
751         bool    read_only;
752 };
753
754 #define RBD_READ_ONLY_DEFAULT   false
755
756 static int parse_rbd_opts_token(char *c, void *private)
757 {
758         struct rbd_options *rbd_opts = private;
759         substring_t argstr[MAX_OPT_ARGS];
760         int token, intval, ret;
761
762         token = match_token(c, rbd_opts_tokens, argstr);
763         if (token < 0)
764                 return -EINVAL;
765
766         if (token < Opt_last_int) {
767                 ret = match_int(&argstr[0], &intval);
768                 if (ret < 0) {
769                         pr_err("bad mount option arg (not int) "
770                                "at '%s'\n", c);
771                         return ret;
772                 }
773                 dout("got int token %d val %d\n", token, intval);
774         } else if (token > Opt_last_int && token < Opt_last_string) {
775                 dout("got string token %d val %s\n", token,
776                      argstr[0].from);
777         } else if (token > Opt_last_string && token < Opt_last_bool) {
778                 dout("got Boolean token %d\n", token);
779         } else {
780                 dout("got token %d\n", token);
781         }
782
783         switch (token) {
784         case Opt_read_only:
785                 rbd_opts->read_only = true;
786                 break;
787         case Opt_read_write:
788                 rbd_opts->read_only = false;
789                 break;
790         default:
791                 rbd_assert(false);
792                 break;
793         }
794         return 0;
795 }
796
797 static char* obj_op_name(enum obj_operation_type op_type)
798 {
799         switch (op_type) {
800         case OBJ_OP_READ:
801                 return "read";
802         case OBJ_OP_WRITE:
803                 return "write";
804         case OBJ_OP_DISCARD:
805                 return "discard";
806         default:
807                 return "???";
808         }
809 }
810
811 /*
812  * Get a ceph client with specific addr and configuration, if one does
813  * not exist create it.  Either way, ceph_opts is consumed by this
814  * function.
815  */
816 static struct rbd_client *rbd_get_client(struct ceph_options *ceph_opts)
817 {
818         struct rbd_client *rbdc;
819
820         mutex_lock_nested(&client_mutex, SINGLE_DEPTH_NESTING);
821         rbdc = rbd_client_find(ceph_opts);
822         if (rbdc)       /* using an existing client */
823                 ceph_destroy_options(ceph_opts);
824         else
825                 rbdc = rbd_client_create(ceph_opts);
826         mutex_unlock(&client_mutex);
827
828         return rbdc;
829 }
830
831 /*
832  * Destroy ceph client
833  *
834  * Caller must hold rbd_client_list_lock.
835  */
836 static void rbd_client_release(struct kref *kref)
837 {
838         struct rbd_client *rbdc = container_of(kref, struct rbd_client, kref);
839
840         dout("%s: rbdc %p\n", __func__, rbdc);
841         spin_lock(&rbd_client_list_lock);
842         list_del(&rbdc->node);
843         spin_unlock(&rbd_client_list_lock);
844
845         ceph_destroy_client(rbdc->client);
846         kfree(rbdc);
847 }
848
849 /*
850  * Drop reference to ceph client node. If it's not referenced anymore, release
851  * it.
852  */
853 static void rbd_put_client(struct rbd_client *rbdc)
854 {
855         if (rbdc)
856                 kref_put(&rbdc->kref, rbd_client_release);
857 }
858
859 static bool rbd_image_format_valid(u32 image_format)
860 {
861         return image_format == 1 || image_format == 2;
862 }
863
864 static bool rbd_dev_ondisk_valid(struct rbd_image_header_ondisk *ondisk)
865 {
866         size_t size;
867         u32 snap_count;
868
869         /* The header has to start with the magic rbd header text */
870         if (memcmp(&ondisk->text, RBD_HEADER_TEXT, sizeof (RBD_HEADER_TEXT)))
871                 return false;
872
873         /* The bio layer requires at least sector-sized I/O */
874
875         if (ondisk->options.order < SECTOR_SHIFT)
876                 return false;
877
878         /* If we use u64 in a few spots we may be able to loosen this */
879
880         if (ondisk->options.order > 8 * sizeof (int) - 1)
881                 return false;
882
883         /*
884          * The size of a snapshot header has to fit in a size_t, and
885          * that limits the number of snapshots.
886          */
887         snap_count = le32_to_cpu(ondisk->snap_count);
888         size = SIZE_MAX - sizeof (struct ceph_snap_context);
889         if (snap_count > size / sizeof (__le64))
890                 return false;
891
892         /*
893          * Not only that, but the size of the entire the snapshot
894          * header must also be representable in a size_t.
895          */
896         size -= snap_count * sizeof (__le64);
897         if ((u64) size < le64_to_cpu(ondisk->snap_names_len))
898                 return false;
899
900         return true;
901 }
902
903 /*
904  * Fill an rbd image header with information from the given format 1
905  * on-disk header.
906  */
907 static int rbd_header_from_disk(struct rbd_device *rbd_dev,
908                                  struct rbd_image_header_ondisk *ondisk)
909 {
910         struct rbd_image_header *header = &rbd_dev->header;
911         bool first_time = header->object_prefix == NULL;
912         struct ceph_snap_context *snapc;
913         char *object_prefix = NULL;
914         char *snap_names = NULL;
915         u64 *snap_sizes = NULL;
916         u32 snap_count;
917         size_t size;
918         int ret = -ENOMEM;
919         u32 i;
920
921         /* Allocate this now to avoid having to handle failure below */
922
923         if (first_time) {
924                 size_t len;
925
926                 len = strnlen(ondisk->object_prefix,
927                                 sizeof (ondisk->object_prefix));
928                 object_prefix = kmalloc(len + 1, GFP_KERNEL);
929                 if (!object_prefix)
930                         return -ENOMEM;
931                 memcpy(object_prefix, ondisk->object_prefix, len);
932                 object_prefix[len] = '\0';
933         }
934
935         /* Allocate the snapshot context and fill it in */
936
937         snap_count = le32_to_cpu(ondisk->snap_count);
938         snapc = ceph_create_snap_context(snap_count, GFP_KERNEL);
939         if (!snapc)
940                 goto out_err;
941         snapc->seq = le64_to_cpu(ondisk->snap_seq);
942         if (snap_count) {
943                 struct rbd_image_snap_ondisk *snaps;
944                 u64 snap_names_len = le64_to_cpu(ondisk->snap_names_len);
945
946                 /* We'll keep a copy of the snapshot names... */
947
948                 if (snap_names_len > (u64)SIZE_MAX)
949                         goto out_2big;
950                 snap_names = kmalloc(snap_names_len, GFP_KERNEL);
951                 if (!snap_names)
952                         goto out_err;
953
954                 /* ...as well as the array of their sizes. */
955
956                 size = snap_count * sizeof (*header->snap_sizes);
957                 snap_sizes = kmalloc(size, GFP_KERNEL);
958                 if (!snap_sizes)
959                         goto out_err;
960
961                 /*
962                  * Copy the names, and fill in each snapshot's id
963                  * and size.
964                  *
965                  * Note that rbd_dev_v1_header_info() guarantees the
966                  * ondisk buffer we're working with has
967                  * snap_names_len bytes beyond the end of the
968                  * snapshot id array, this memcpy() is safe.
969                  */
970                 memcpy(snap_names, &ondisk->snaps[snap_count], snap_names_len);
971                 snaps = ondisk->snaps;
972                 for (i = 0; i < snap_count; i++) {
973                         snapc->snaps[i] = le64_to_cpu(snaps[i].id);
974                         snap_sizes[i] = le64_to_cpu(snaps[i].image_size);
975                 }
976         }
977
978         /* We won't fail any more, fill in the header */
979
980         if (first_time) {
981                 header->object_prefix = object_prefix;
982                 header->obj_order = ondisk->options.order;
983                 header->crypt_type = ondisk->options.crypt_type;
984                 header->comp_type = ondisk->options.comp_type;
985                 /* The rest aren't used for format 1 images */
986                 header->stripe_unit = 0;
987                 header->stripe_count = 0;
988                 header->features = 0;
989         } else {
990                 ceph_put_snap_context(header->snapc);
991                 kfree(header->snap_names);
992                 kfree(header->snap_sizes);
993         }
994
995         /* The remaining fields always get updated (when we refresh) */
996
997         header->image_size = le64_to_cpu(ondisk->image_size);
998         header->snapc = snapc;
999         header->snap_names = snap_names;
1000         header->snap_sizes = snap_sizes;
1001
1002         return 0;
1003 out_2big:
1004         ret = -EIO;
1005 out_err:
1006         kfree(snap_sizes);
1007         kfree(snap_names);
1008         ceph_put_snap_context(snapc);
1009         kfree(object_prefix);
1010
1011         return ret;
1012 }
1013
1014 static const char *_rbd_dev_v1_snap_name(struct rbd_device *rbd_dev, u32 which)
1015 {
1016         const char *snap_name;
1017
1018         rbd_assert(which < rbd_dev->header.snapc->num_snaps);
1019
1020         /* Skip over names until we find the one we are looking for */
1021
1022         snap_name = rbd_dev->header.snap_names;
1023         while (which--)
1024                 snap_name += strlen(snap_name) + 1;
1025
1026         return kstrdup(snap_name, GFP_KERNEL);
1027 }
1028
1029 /*
1030  * Snapshot id comparison function for use with qsort()/bsearch().
1031  * Note that result is for snapshots in *descending* order.
1032  */
1033 static int snapid_compare_reverse(const void *s1, const void *s2)
1034 {
1035         u64 snap_id1 = *(u64 *)s1;
1036         u64 snap_id2 = *(u64 *)s2;
1037
1038         if (snap_id1 < snap_id2)
1039                 return 1;
1040         return snap_id1 == snap_id2 ? 0 : -1;
1041 }
1042
1043 /*
1044  * Search a snapshot context to see if the given snapshot id is
1045  * present.
1046  *
1047  * Returns the position of the snapshot id in the array if it's found,
1048  * or BAD_SNAP_INDEX otherwise.
1049  *
1050  * Note: The snapshot array is in kept sorted (by the osd) in
1051  * reverse order, highest snapshot id first.
1052  */
1053 static u32 rbd_dev_snap_index(struct rbd_device *rbd_dev, u64 snap_id)
1054 {
1055         struct ceph_snap_context *snapc = rbd_dev->header.snapc;
1056         u64 *found;
1057
1058         found = bsearch(&snap_id, &snapc->snaps, snapc->num_snaps,
1059                                 sizeof (snap_id), snapid_compare_reverse);
1060
1061         return found ? (u32)(found - &snapc->snaps[0]) : BAD_SNAP_INDEX;
1062 }
1063
1064 static const char *rbd_dev_v1_snap_name(struct rbd_device *rbd_dev,
1065                                         u64 snap_id)
1066 {
1067         u32 which;
1068         const char *snap_name;
1069
1070         which = rbd_dev_snap_index(rbd_dev, snap_id);
1071         if (which == BAD_SNAP_INDEX)
1072                 return ERR_PTR(-ENOENT);
1073
1074         snap_name = _rbd_dev_v1_snap_name(rbd_dev, which);
1075         return snap_name ? snap_name : ERR_PTR(-ENOMEM);
1076 }
1077
1078 static const char *rbd_snap_name(struct rbd_device *rbd_dev, u64 snap_id)
1079 {
1080         if (snap_id == CEPH_NOSNAP)
1081                 return RBD_SNAP_HEAD_NAME;
1082
1083         rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
1084         if (rbd_dev->image_format == 1)
1085                 return rbd_dev_v1_snap_name(rbd_dev, snap_id);
1086
1087         return rbd_dev_v2_snap_name(rbd_dev, snap_id);
1088 }
1089
1090 static int rbd_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
1091                                 u64 *snap_size)
1092 {
1093         rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
1094         if (snap_id == CEPH_NOSNAP) {
1095                 *snap_size = rbd_dev->header.image_size;
1096         } else if (rbd_dev->image_format == 1) {
1097                 u32 which;
1098
1099                 which = rbd_dev_snap_index(rbd_dev, snap_id);
1100                 if (which == BAD_SNAP_INDEX)
1101                         return -ENOENT;
1102
1103                 *snap_size = rbd_dev->header.snap_sizes[which];
1104         } else {
1105                 u64 size = 0;
1106                 int ret;
1107
1108                 ret = _rbd_dev_v2_snap_size(rbd_dev, snap_id, NULL, &size);
1109                 if (ret)
1110                         return ret;
1111
1112                 *snap_size = size;
1113         }
1114         return 0;
1115 }
1116
1117 static int rbd_snap_features(struct rbd_device *rbd_dev, u64 snap_id,
1118                         u64 *snap_features)
1119 {
1120         rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
1121         if (snap_id == CEPH_NOSNAP) {
1122                 *snap_features = rbd_dev->header.features;
1123         } else if (rbd_dev->image_format == 1) {
1124                 *snap_features = 0;     /* No features for format 1 */
1125         } else {
1126                 u64 features = 0;
1127                 int ret;
1128
1129                 ret = _rbd_dev_v2_snap_features(rbd_dev, snap_id, &features);
1130                 if (ret)
1131                         return ret;
1132
1133                 *snap_features = features;
1134         }
1135         return 0;
1136 }
1137
1138 static int rbd_dev_mapping_set(struct rbd_device *rbd_dev)
1139 {
1140         u64 snap_id = rbd_dev->spec->snap_id;
1141         u64 size = 0;
1142         u64 features = 0;
1143         int ret;
1144
1145         ret = rbd_snap_size(rbd_dev, snap_id, &size);
1146         if (ret)
1147                 return ret;
1148         ret = rbd_snap_features(rbd_dev, snap_id, &features);
1149         if (ret)
1150                 return ret;
1151
1152         rbd_dev->mapping.size = size;
1153         rbd_dev->mapping.features = features;
1154
1155         return 0;
1156 }
1157
1158 static void rbd_dev_mapping_clear(struct rbd_device *rbd_dev)
1159 {
1160         rbd_dev->mapping.size = 0;
1161         rbd_dev->mapping.features = 0;
1162 }
1163
1164 static void rbd_segment_name_free(const char *name)
1165 {
1166         /* The explicit cast here is needed to drop the const qualifier */
1167
1168         kmem_cache_free(rbd_segment_name_cache, (void *)name);
1169 }
1170
1171 static const char *rbd_segment_name(struct rbd_device *rbd_dev, u64 offset)
1172 {
1173         char *name;
1174         u64 segment;
1175         int ret;
1176         char *name_format;
1177
1178         name = kmem_cache_alloc(rbd_segment_name_cache, GFP_NOIO);
1179         if (!name)
1180                 return NULL;
1181         segment = offset >> rbd_dev->header.obj_order;
1182         name_format = "%s.%012llx";
1183         if (rbd_dev->image_format == 2)
1184                 name_format = "%s.%016llx";
1185         ret = snprintf(name, CEPH_MAX_OID_NAME_LEN + 1, name_format,
1186                         rbd_dev->header.object_prefix, segment);
1187         if (ret < 0 || ret > CEPH_MAX_OID_NAME_LEN) {
1188                 pr_err("error formatting segment name for #%llu (%d)\n",
1189                         segment, ret);
1190                 rbd_segment_name_free(name);
1191                 name = NULL;
1192         }
1193
1194         return name;
1195 }
1196
1197 static u64 rbd_segment_offset(struct rbd_device *rbd_dev, u64 offset)
1198 {
1199         u64 segment_size = (u64) 1 << rbd_dev->header.obj_order;
1200
1201         return offset & (segment_size - 1);
1202 }
1203
1204 static u64 rbd_segment_length(struct rbd_device *rbd_dev,
1205                                 u64 offset, u64 length)
1206 {
1207         u64 segment_size = (u64) 1 << rbd_dev->header.obj_order;
1208
1209         offset &= segment_size - 1;
1210
1211         rbd_assert(length <= U64_MAX - offset);
1212         if (offset + length > segment_size)
1213                 length = segment_size - offset;
1214
1215         return length;
1216 }
1217
1218 /*
1219  * returns the size of an object in the image
1220  */
1221 static u64 rbd_obj_bytes(struct rbd_image_header *header)
1222 {
1223         return 1 << header->obj_order;
1224 }
1225
1226 /*
1227  * bio helpers
1228  */
1229
1230 static void bio_chain_put(struct bio *chain)
1231 {
1232         struct bio *tmp;
1233
1234         while (chain) {
1235                 tmp = chain;
1236                 chain = chain->bi_next;
1237                 bio_put(tmp);
1238         }
1239 }
1240
1241 /*
1242  * zeros a bio chain, starting at specific offset
1243  */
1244 static void zero_bio_chain(struct bio *chain, int start_ofs)
1245 {
1246         struct bio_vec bv;
1247         struct bvec_iter iter;
1248         unsigned long flags;
1249         void *buf;
1250         int pos = 0;
1251
1252         while (chain) {
1253                 bio_for_each_segment(bv, chain, iter) {
1254                         if (pos + bv.bv_len > start_ofs) {
1255                                 int remainder = max(start_ofs - pos, 0);
1256                                 buf = bvec_kmap_irq(&bv, &flags);
1257                                 memset(buf + remainder, 0,
1258                                        bv.bv_len - remainder);
1259                                 flush_dcache_page(bv.bv_page);
1260                                 bvec_kunmap_irq(buf, &flags);
1261                         }
1262                         pos += bv.bv_len;
1263                 }
1264
1265                 chain = chain->bi_next;
1266         }
1267 }
1268
1269 /*
1270  * similar to zero_bio_chain(), zeros data defined by a page array,
1271  * starting at the given byte offset from the start of the array and
1272  * continuing up to the given end offset.  The pages array is
1273  * assumed to be big enough to hold all bytes up to the end.
1274  */
1275 static void zero_pages(struct page **pages, u64 offset, u64 end)
1276 {
1277         struct page **page = &pages[offset >> PAGE_SHIFT];
1278
1279         rbd_assert(end > offset);
1280         rbd_assert(end - offset <= (u64)SIZE_MAX);
1281         while (offset < end) {
1282                 size_t page_offset;
1283                 size_t length;
1284                 unsigned long flags;
1285                 void *kaddr;
1286
1287                 page_offset = offset & ~PAGE_MASK;
1288                 length = min_t(size_t, PAGE_SIZE - page_offset, end - offset);
1289                 local_irq_save(flags);
1290                 kaddr = kmap_atomic(*page);
1291                 memset(kaddr + page_offset, 0, length);
1292                 flush_dcache_page(*page);
1293                 kunmap_atomic(kaddr);
1294                 local_irq_restore(flags);
1295
1296                 offset += length;
1297                 page++;
1298         }
1299 }
1300
1301 /*
1302  * Clone a portion of a bio, starting at the given byte offset
1303  * and continuing for the number of bytes indicated.
1304  */
1305 static struct bio *bio_clone_range(struct bio *bio_src,
1306                                         unsigned int offset,
1307                                         unsigned int len,
1308                                         gfp_t gfpmask)
1309 {
1310         struct bio *bio;
1311
1312         bio = bio_clone(bio_src, gfpmask);
1313         if (!bio)
1314                 return NULL;    /* ENOMEM */
1315
1316         bio_advance(bio, offset);
1317         bio->bi_iter.bi_size = len;
1318
1319         return bio;
1320 }
1321
1322 /*
1323  * Clone a portion of a bio chain, starting at the given byte offset
1324  * into the first bio in the source chain and continuing for the
1325  * number of bytes indicated.  The result is another bio chain of
1326  * exactly the given length, or a null pointer on error.
1327  *
1328  * The bio_src and offset parameters are both in-out.  On entry they
1329  * refer to the first source bio and the offset into that bio where
1330  * the start of data to be cloned is located.
1331  *
1332  * On return, bio_src is updated to refer to the bio in the source
1333  * chain that contains first un-cloned byte, and *offset will
1334  * contain the offset of that byte within that bio.
1335  */
1336 static struct bio *bio_chain_clone_range(struct bio **bio_src,
1337                                         unsigned int *offset,
1338                                         unsigned int len,
1339                                         gfp_t gfpmask)
1340 {
1341         struct bio *bi = *bio_src;
1342         unsigned int off = *offset;
1343         struct bio *chain = NULL;
1344         struct bio **end;
1345
1346         /* Build up a chain of clone bios up to the limit */
1347
1348         if (!bi || off >= bi->bi_iter.bi_size || !len)
1349                 return NULL;            /* Nothing to clone */
1350
1351         end = &chain;
1352         while (len) {
1353                 unsigned int bi_size;
1354                 struct bio *bio;
1355
1356                 if (!bi) {
1357                         rbd_warn(NULL, "bio_chain exhausted with %u left", len);
1358                         goto out_err;   /* EINVAL; ran out of bio's */
1359                 }
1360                 bi_size = min_t(unsigned int, bi->bi_iter.bi_size - off, len);
1361                 bio = bio_clone_range(bi, off, bi_size, gfpmask);
1362                 if (!bio)
1363                         goto out_err;   /* ENOMEM */
1364
1365                 *end = bio;
1366                 end = &bio->bi_next;
1367
1368                 off += bi_size;
1369                 if (off == bi->bi_iter.bi_size) {
1370                         bi = bi->bi_next;
1371                         off = 0;
1372                 }
1373                 len -= bi_size;
1374         }
1375         *bio_src = bi;
1376         *offset = off;
1377
1378         return chain;
1379 out_err:
1380         bio_chain_put(chain);
1381
1382         return NULL;
1383 }
1384
1385 /*
1386  * The default/initial value for all object request flags is 0.  For
1387  * each flag, once its value is set to 1 it is never reset to 0
1388  * again.
1389  */
1390 static void obj_request_img_data_set(struct rbd_obj_request *obj_request)
1391 {
1392         if (test_and_set_bit(OBJ_REQ_IMG_DATA, &obj_request->flags)) {
1393                 struct rbd_device *rbd_dev;
1394
1395                 rbd_dev = obj_request->img_request->rbd_dev;
1396                 rbd_warn(rbd_dev, "obj_request %p already marked img_data",
1397                         obj_request);
1398         }
1399 }
1400
1401 static bool obj_request_img_data_test(struct rbd_obj_request *obj_request)
1402 {
1403         smp_mb();
1404         return test_bit(OBJ_REQ_IMG_DATA, &obj_request->flags) != 0;
1405 }
1406
1407 static void obj_request_done_set(struct rbd_obj_request *obj_request)
1408 {
1409         if (test_and_set_bit(OBJ_REQ_DONE, &obj_request->flags)) {
1410                 struct rbd_device *rbd_dev = NULL;
1411
1412                 if (obj_request_img_data_test(obj_request))
1413                         rbd_dev = obj_request->img_request->rbd_dev;
1414                 rbd_warn(rbd_dev, "obj_request %p already marked done",
1415                         obj_request);
1416         }
1417 }
1418
1419 static bool obj_request_done_test(struct rbd_obj_request *obj_request)
1420 {
1421         smp_mb();
1422         return test_bit(OBJ_REQ_DONE, &obj_request->flags) != 0;
1423 }
1424
1425 /*
1426  * This sets the KNOWN flag after (possibly) setting the EXISTS
1427  * flag.  The latter is set based on the "exists" value provided.
1428  *
1429  * Note that for our purposes once an object exists it never goes
1430  * away again.  It's possible that the response from two existence
1431  * checks are separated by the creation of the target object, and
1432  * the first ("doesn't exist") response arrives *after* the second
1433  * ("does exist").  In that case we ignore the second one.
1434  */
1435 static void obj_request_existence_set(struct rbd_obj_request *obj_request,
1436                                 bool exists)
1437 {
1438         if (exists)
1439                 set_bit(OBJ_REQ_EXISTS, &obj_request->flags);
1440         set_bit(OBJ_REQ_KNOWN, &obj_request->flags);
1441         smp_mb();
1442 }
1443
1444 static bool obj_request_known_test(struct rbd_obj_request *obj_request)
1445 {
1446         smp_mb();
1447         return test_bit(OBJ_REQ_KNOWN, &obj_request->flags) != 0;
1448 }
1449
1450 static bool obj_request_exists_test(struct rbd_obj_request *obj_request)
1451 {
1452         smp_mb();
1453         return test_bit(OBJ_REQ_EXISTS, &obj_request->flags) != 0;
1454 }
1455
1456 static bool obj_request_overlaps_parent(struct rbd_obj_request *obj_request)
1457 {
1458         struct rbd_device *rbd_dev = obj_request->img_request->rbd_dev;
1459
1460         return obj_request->img_offset <
1461             round_up(rbd_dev->parent_overlap, rbd_obj_bytes(&rbd_dev->header));
1462 }
1463
1464 static void rbd_obj_request_get(struct rbd_obj_request *obj_request)
1465 {
1466         dout("%s: obj %p (was %d)\n", __func__, obj_request,
1467                 atomic_read(&obj_request->kref.refcount));
1468         kref_get(&obj_request->kref);
1469 }
1470
1471 static void rbd_obj_request_destroy(struct kref *kref);
1472 static void rbd_obj_request_put(struct rbd_obj_request *obj_request)
1473 {
1474         rbd_assert(obj_request != NULL);
1475         dout("%s: obj %p (was %d)\n", __func__, obj_request,
1476                 atomic_read(&obj_request->kref.refcount));
1477         kref_put(&obj_request->kref, rbd_obj_request_destroy);
1478 }
1479
1480 static void rbd_img_request_get(struct rbd_img_request *img_request)
1481 {
1482         dout("%s: img %p (was %d)\n", __func__, img_request,
1483              atomic_read(&img_request->kref.refcount));
1484         kref_get(&img_request->kref);
1485 }
1486
1487 static bool img_request_child_test(struct rbd_img_request *img_request);
1488 static void rbd_parent_request_destroy(struct kref *kref);
1489 static void rbd_img_request_destroy(struct kref *kref);
1490 static void rbd_img_request_put(struct rbd_img_request *img_request)
1491 {
1492         rbd_assert(img_request != NULL);
1493         dout("%s: img %p (was %d)\n", __func__, img_request,
1494                 atomic_read(&img_request->kref.refcount));
1495         if (img_request_child_test(img_request))
1496                 kref_put(&img_request->kref, rbd_parent_request_destroy);
1497         else
1498                 kref_put(&img_request->kref, rbd_img_request_destroy);
1499 }
1500
1501 static inline void rbd_img_obj_request_add(struct rbd_img_request *img_request,
1502                                         struct rbd_obj_request *obj_request)
1503 {
1504         rbd_assert(obj_request->img_request == NULL);
1505
1506         /* Image request now owns object's original reference */
1507         obj_request->img_request = img_request;
1508         obj_request->which = img_request->obj_request_count;
1509         rbd_assert(!obj_request_img_data_test(obj_request));
1510         obj_request_img_data_set(obj_request);
1511         rbd_assert(obj_request->which != BAD_WHICH);
1512         img_request->obj_request_count++;
1513         list_add_tail(&obj_request->links, &img_request->obj_requests);
1514         dout("%s: img %p obj %p w=%u\n", __func__, img_request, obj_request,
1515                 obj_request->which);
1516 }
1517
1518 static inline void rbd_img_obj_request_del(struct rbd_img_request *img_request,
1519                                         struct rbd_obj_request *obj_request)
1520 {
1521         rbd_assert(obj_request->which != BAD_WHICH);
1522
1523         dout("%s: img %p obj %p w=%u\n", __func__, img_request, obj_request,
1524                 obj_request->which);
1525         list_del(&obj_request->links);
1526         rbd_assert(img_request->obj_request_count > 0);
1527         img_request->obj_request_count--;
1528         rbd_assert(obj_request->which == img_request->obj_request_count);
1529         obj_request->which = BAD_WHICH;
1530         rbd_assert(obj_request_img_data_test(obj_request));
1531         rbd_assert(obj_request->img_request == img_request);
1532         obj_request->img_request = NULL;
1533         obj_request->callback = NULL;
1534         rbd_obj_request_put(obj_request);
1535 }
1536
1537 static bool obj_request_type_valid(enum obj_request_type type)
1538 {
1539         switch (type) {
1540         case OBJ_REQUEST_NODATA:
1541         case OBJ_REQUEST_BIO:
1542         case OBJ_REQUEST_PAGES:
1543                 return true;
1544         default:
1545                 return false;
1546         }
1547 }
1548
1549 static int rbd_obj_request_submit(struct ceph_osd_client *osdc,
1550                                 struct rbd_obj_request *obj_request)
1551 {
1552         dout("%s %p\n", __func__, obj_request);
1553         return ceph_osdc_start_request(osdc, obj_request->osd_req, false);
1554 }
1555
1556 static void rbd_obj_request_end(struct rbd_obj_request *obj_request)
1557 {
1558         dout("%s %p\n", __func__, obj_request);
1559         ceph_osdc_cancel_request(obj_request->osd_req);
1560 }
1561
1562 /*
1563  * Wait for an object request to complete.  If interrupted, cancel the
1564  * underlying osd request.
1565  */
1566 static int rbd_obj_request_wait(struct rbd_obj_request *obj_request)
1567 {
1568         int ret;
1569
1570         dout("%s %p\n", __func__, obj_request);
1571
1572         ret = wait_for_completion_interruptible(&obj_request->completion);
1573         if (ret < 0) {
1574                 dout("%s %p interrupted\n", __func__, obj_request);
1575                 rbd_obj_request_end(obj_request);
1576                 return ret;
1577         }
1578
1579         dout("%s %p done\n", __func__, obj_request);
1580         return 0;
1581 }
1582
1583 static void rbd_img_request_complete(struct rbd_img_request *img_request)
1584 {
1585
1586         dout("%s: img %p\n", __func__, img_request);
1587
1588         /*
1589          * If no error occurred, compute the aggregate transfer
1590          * count for the image request.  We could instead use
1591          * atomic64_cmpxchg() to update it as each object request
1592          * completes; not clear which way is better off hand.
1593          */
1594         if (!img_request->result) {
1595                 struct rbd_obj_request *obj_request;
1596                 u64 xferred = 0;
1597
1598                 for_each_obj_request(img_request, obj_request)
1599                         xferred += obj_request->xferred;
1600                 img_request->xferred = xferred;
1601         }
1602
1603         if (img_request->callback)
1604                 img_request->callback(img_request);
1605         else
1606                 rbd_img_request_put(img_request);
1607 }
1608
1609 /*
1610  * The default/initial value for all image request flags is 0.  Each
1611  * is conditionally set to 1 at image request initialization time
1612  * and currently never change thereafter.
1613  */
1614 static void img_request_write_set(struct rbd_img_request *img_request)
1615 {
1616         set_bit(IMG_REQ_WRITE, &img_request->flags);
1617         smp_mb();
1618 }
1619
1620 static bool img_request_write_test(struct rbd_img_request *img_request)
1621 {
1622         smp_mb();
1623         return test_bit(IMG_REQ_WRITE, &img_request->flags) != 0;
1624 }
1625
1626 /*
1627  * Set the discard flag when the img_request is an discard request
1628  */
1629 static void img_request_discard_set(struct rbd_img_request *img_request)
1630 {
1631         set_bit(IMG_REQ_DISCARD, &img_request->flags);
1632         smp_mb();
1633 }
1634
1635 static bool img_request_discard_test(struct rbd_img_request *img_request)
1636 {
1637         smp_mb();
1638         return test_bit(IMG_REQ_DISCARD, &img_request->flags) != 0;
1639 }
1640
1641 static void img_request_child_set(struct rbd_img_request *img_request)
1642 {
1643         set_bit(IMG_REQ_CHILD, &img_request->flags);
1644         smp_mb();
1645 }
1646
1647 static void img_request_child_clear(struct rbd_img_request *img_request)
1648 {
1649         clear_bit(IMG_REQ_CHILD, &img_request->flags);
1650         smp_mb();
1651 }
1652
1653 static bool img_request_child_test(struct rbd_img_request *img_request)
1654 {
1655         smp_mb();
1656         return test_bit(IMG_REQ_CHILD, &img_request->flags) != 0;
1657 }
1658
1659 static void img_request_layered_set(struct rbd_img_request *img_request)
1660 {
1661         set_bit(IMG_REQ_LAYERED, &img_request->flags);
1662         smp_mb();
1663 }
1664
1665 static void img_request_layered_clear(struct rbd_img_request *img_request)
1666 {
1667         clear_bit(IMG_REQ_LAYERED, &img_request->flags);
1668         smp_mb();
1669 }
1670
1671 static bool img_request_layered_test(struct rbd_img_request *img_request)
1672 {
1673         smp_mb();
1674         return test_bit(IMG_REQ_LAYERED, &img_request->flags) != 0;
1675 }
1676
1677 static enum obj_operation_type
1678 rbd_img_request_op_type(struct rbd_img_request *img_request)
1679 {
1680         if (img_request_write_test(img_request))
1681                 return OBJ_OP_WRITE;
1682         else if (img_request_discard_test(img_request))
1683                 return OBJ_OP_DISCARD;
1684         else
1685                 return OBJ_OP_READ;
1686 }
1687
1688 static void
1689 rbd_img_obj_request_read_callback(struct rbd_obj_request *obj_request)
1690 {
1691         u64 xferred = obj_request->xferred;
1692         u64 length = obj_request->length;
1693
1694         dout("%s: obj %p img %p result %d %llu/%llu\n", __func__,
1695                 obj_request, obj_request->img_request, obj_request->result,
1696                 xferred, length);
1697         /*
1698          * ENOENT means a hole in the image.  We zero-fill the entire
1699          * length of the request.  A short read also implies zero-fill
1700          * to the end of the request.  An error requires the whole
1701          * length of the request to be reported finished with an error
1702          * to the block layer.  In each case we update the xferred
1703          * count to indicate the whole request was satisfied.
1704          */
1705         rbd_assert(obj_request->type != OBJ_REQUEST_NODATA);
1706         if (obj_request->result == -ENOENT) {
1707                 if (obj_request->type == OBJ_REQUEST_BIO)
1708                         zero_bio_chain(obj_request->bio_list, 0);
1709                 else
1710                         zero_pages(obj_request->pages, 0, length);
1711                 obj_request->result = 0;
1712         } else if (xferred < length && !obj_request->result) {
1713                 if (obj_request->type == OBJ_REQUEST_BIO)
1714                         zero_bio_chain(obj_request->bio_list, xferred);
1715                 else
1716                         zero_pages(obj_request->pages, xferred, length);
1717         }
1718         obj_request->xferred = length;
1719         obj_request_done_set(obj_request);
1720 }
1721
1722 static void rbd_obj_request_complete(struct rbd_obj_request *obj_request)
1723 {
1724         dout("%s: obj %p cb %p\n", __func__, obj_request,
1725                 obj_request->callback);
1726         if (obj_request->callback)
1727                 obj_request->callback(obj_request);
1728         else
1729                 complete_all(&obj_request->completion);
1730 }
1731
1732 static void rbd_osd_trivial_callback(struct rbd_obj_request *obj_request)
1733 {
1734         dout("%s: obj %p\n", __func__, obj_request);
1735         obj_request_done_set(obj_request);
1736 }
1737
1738 static void rbd_osd_read_callback(struct rbd_obj_request *obj_request)
1739 {
1740         struct rbd_img_request *img_request = NULL;
1741         struct rbd_device *rbd_dev = NULL;
1742         bool layered = false;
1743
1744         if (obj_request_img_data_test(obj_request)) {
1745                 img_request = obj_request->img_request;
1746                 layered = img_request && img_request_layered_test(img_request);
1747                 rbd_dev = img_request->rbd_dev;
1748         }
1749
1750         dout("%s: obj %p img %p result %d %llu/%llu\n", __func__,
1751                 obj_request, img_request, obj_request->result,
1752                 obj_request->xferred, obj_request->length);
1753         if (layered && obj_request->result == -ENOENT &&
1754                         obj_request->img_offset < rbd_dev->parent_overlap)
1755                 rbd_img_parent_read(obj_request);
1756         else if (img_request)
1757                 rbd_img_obj_request_read_callback(obj_request);
1758         else
1759                 obj_request_done_set(obj_request);
1760 }
1761
1762 static void rbd_osd_write_callback(struct rbd_obj_request *obj_request)
1763 {
1764         dout("%s: obj %p result %d %llu\n", __func__, obj_request,
1765                 obj_request->result, obj_request->length);
1766         /*
1767          * There is no such thing as a successful short write.  Set
1768          * it to our originally-requested length.
1769          */
1770         obj_request->xferred = obj_request->length;
1771         obj_request_done_set(obj_request);
1772 }
1773
1774 static void rbd_osd_discard_callback(struct rbd_obj_request *obj_request)
1775 {
1776         dout("%s: obj %p result %d %llu\n", __func__, obj_request,
1777                 obj_request->result, obj_request->length);
1778         /*
1779          * There is no such thing as a successful short discard.  Set
1780          * it to our originally-requested length.
1781          */
1782         obj_request->xferred = obj_request->length;
1783         /* discarding a non-existent object is not a problem */
1784         if (obj_request->result == -ENOENT)
1785                 obj_request->result = 0;
1786         obj_request_done_set(obj_request);
1787 }
1788
1789 /*
1790  * For a simple stat call there's nothing to do.  We'll do more if
1791  * this is part of a write sequence for a layered image.
1792  */
1793 static void rbd_osd_stat_callback(struct rbd_obj_request *obj_request)
1794 {
1795         dout("%s: obj %p\n", __func__, obj_request);
1796         obj_request_done_set(obj_request);
1797 }
1798
1799 static void rbd_osd_call_callback(struct rbd_obj_request *obj_request)
1800 {
1801         dout("%s: obj %p\n", __func__, obj_request);
1802
1803         if (obj_request_img_data_test(obj_request))
1804                 rbd_osd_copyup_callback(obj_request);
1805         else
1806                 obj_request_done_set(obj_request);
1807 }
1808
1809 static void rbd_osd_req_callback(struct ceph_osd_request *osd_req,
1810                                 struct ceph_msg *msg)
1811 {
1812         struct rbd_obj_request *obj_request = osd_req->r_priv;
1813         u16 opcode;
1814
1815         dout("%s: osd_req %p msg %p\n", __func__, osd_req, msg);
1816         rbd_assert(osd_req == obj_request->osd_req);
1817         if (obj_request_img_data_test(obj_request)) {
1818                 rbd_assert(obj_request->img_request);
1819                 rbd_assert(obj_request->which != BAD_WHICH);
1820         } else {
1821                 rbd_assert(obj_request->which == BAD_WHICH);
1822         }
1823
1824         if (osd_req->r_result < 0)
1825                 obj_request->result = osd_req->r_result;
1826
1827         rbd_assert(osd_req->r_num_ops <= CEPH_OSD_MAX_OP);
1828
1829         /*
1830          * We support a 64-bit length, but ultimately it has to be
1831          * passed to blk_end_request(), which takes an unsigned int.
1832          */
1833         obj_request->xferred = osd_req->r_reply_op_len[0];
1834         rbd_assert(obj_request->xferred < (u64)UINT_MAX);
1835
1836         opcode = osd_req->r_ops[0].op;
1837         switch (opcode) {
1838         case CEPH_OSD_OP_READ:
1839                 rbd_osd_read_callback(obj_request);
1840                 break;
1841         case CEPH_OSD_OP_SETALLOCHINT:
1842                 rbd_assert(osd_req->r_ops[1].op == CEPH_OSD_OP_WRITE);
1843                 /* fall through */
1844         case CEPH_OSD_OP_WRITE:
1845                 rbd_osd_write_callback(obj_request);
1846                 break;
1847         case CEPH_OSD_OP_STAT:
1848                 rbd_osd_stat_callback(obj_request);
1849                 break;
1850         case CEPH_OSD_OP_DELETE:
1851         case CEPH_OSD_OP_TRUNCATE:
1852         case CEPH_OSD_OP_ZERO:
1853                 rbd_osd_discard_callback(obj_request);
1854                 break;
1855         case CEPH_OSD_OP_CALL:
1856                 rbd_osd_call_callback(obj_request);
1857                 break;
1858         case CEPH_OSD_OP_NOTIFY_ACK:
1859         case CEPH_OSD_OP_WATCH:
1860                 rbd_osd_trivial_callback(obj_request);
1861                 break;
1862         default:
1863                 rbd_warn(NULL, "%s: unsupported op %hu",
1864                         obj_request->object_name, (unsigned short) opcode);
1865                 break;
1866         }
1867
1868         if (obj_request_done_test(obj_request))
1869                 rbd_obj_request_complete(obj_request);
1870 }
1871
1872 static void rbd_osd_req_format_read(struct rbd_obj_request *obj_request)
1873 {
1874         struct rbd_img_request *img_request = obj_request->img_request;
1875         struct ceph_osd_request *osd_req = obj_request->osd_req;
1876         u64 snap_id;
1877
1878         rbd_assert(osd_req != NULL);
1879
1880         snap_id = img_request ? img_request->snap_id : CEPH_NOSNAP;
1881         ceph_osdc_build_request(osd_req, obj_request->offset,
1882                         NULL, snap_id, NULL);
1883 }
1884
1885 static void rbd_osd_req_format_write(struct rbd_obj_request *obj_request)
1886 {
1887         struct rbd_img_request *img_request = obj_request->img_request;
1888         struct ceph_osd_request *osd_req = obj_request->osd_req;
1889         struct ceph_snap_context *snapc;
1890         struct timespec mtime = CURRENT_TIME;
1891
1892         rbd_assert(osd_req != NULL);
1893
1894         snapc = img_request ? img_request->snapc : NULL;
1895         ceph_osdc_build_request(osd_req, obj_request->offset,
1896                         snapc, CEPH_NOSNAP, &mtime);
1897 }
1898
1899 /*
1900  * Create an osd request.  A read request has one osd op (read).
1901  * A write request has either one (watch) or two (hint+write) osd ops.
1902  * (All rbd data writes are prefixed with an allocation hint op, but
1903  * technically osd watch is a write request, hence this distinction.)
1904  */
1905 static struct ceph_osd_request *rbd_osd_req_create(
1906                                         struct rbd_device *rbd_dev,
1907                                         enum obj_operation_type op_type,
1908                                         unsigned int num_ops,
1909                                         struct rbd_obj_request *obj_request)
1910 {
1911         struct ceph_snap_context *snapc = NULL;
1912         struct ceph_osd_client *osdc;
1913         struct ceph_osd_request *osd_req;
1914
1915         if (obj_request_img_data_test(obj_request) &&
1916                 (op_type == OBJ_OP_DISCARD || op_type == OBJ_OP_WRITE)) {
1917                 struct rbd_img_request *img_request = obj_request->img_request;
1918                 if (op_type == OBJ_OP_WRITE) {
1919                         rbd_assert(img_request_write_test(img_request));
1920                 } else {
1921                         rbd_assert(img_request_discard_test(img_request));
1922                 }
1923                 snapc = img_request->snapc;
1924         }
1925
1926         rbd_assert(num_ops == 1 || ((op_type == OBJ_OP_WRITE) && num_ops == 2));
1927
1928         /* Allocate and initialize the request, for the num_ops ops */
1929
1930         osdc = &rbd_dev->rbd_client->client->osdc;
1931         osd_req = ceph_osdc_alloc_request(osdc, snapc, num_ops, false,
1932                                           GFP_NOIO);
1933         if (!osd_req)
1934                 return NULL;    /* ENOMEM */
1935
1936         if (op_type == OBJ_OP_WRITE || op_type == OBJ_OP_DISCARD)
1937                 osd_req->r_flags = CEPH_OSD_FLAG_WRITE | CEPH_OSD_FLAG_ONDISK;
1938         else
1939                 osd_req->r_flags = CEPH_OSD_FLAG_READ;
1940
1941         osd_req->r_callback = rbd_osd_req_callback;
1942         osd_req->r_priv = obj_request;
1943
1944         osd_req->r_base_oloc.pool = ceph_file_layout_pg_pool(rbd_dev->layout);
1945         ceph_oid_set_name(&osd_req->r_base_oid, obj_request->object_name);
1946
1947         return osd_req;
1948 }
1949
1950 /*
1951  * Create a copyup osd request based on the information in the object
1952  * request supplied.  A copyup request has two or three osd ops, a
1953  * copyup method call, potentially a hint op, and a write or truncate
1954  * or zero op.
1955  */
1956 static struct ceph_osd_request *
1957 rbd_osd_req_create_copyup(struct rbd_obj_request *obj_request)
1958 {
1959         struct rbd_img_request *img_request;
1960         struct ceph_snap_context *snapc;
1961         struct rbd_device *rbd_dev;
1962         struct ceph_osd_client *osdc;
1963         struct ceph_osd_request *osd_req;
1964         int num_osd_ops = 3;
1965
1966         rbd_assert(obj_request_img_data_test(obj_request));
1967         img_request = obj_request->img_request;
1968         rbd_assert(img_request);
1969         rbd_assert(img_request_write_test(img_request) ||
1970                         img_request_discard_test(img_request));
1971
1972         if (img_request_discard_test(img_request))
1973                 num_osd_ops = 2;
1974
1975         /* Allocate and initialize the request, for all the ops */
1976
1977         snapc = img_request->snapc;
1978         rbd_dev = img_request->rbd_dev;
1979         osdc = &rbd_dev->rbd_client->client->osdc;
1980         osd_req = ceph_osdc_alloc_request(osdc, snapc, num_osd_ops,
1981                                                 false, GFP_NOIO);
1982         if (!osd_req)
1983                 return NULL;    /* ENOMEM */
1984
1985         osd_req->r_flags = CEPH_OSD_FLAG_WRITE | CEPH_OSD_FLAG_ONDISK;
1986         osd_req->r_callback = rbd_osd_req_callback;
1987         osd_req->r_priv = obj_request;
1988
1989         osd_req->r_base_oloc.pool = ceph_file_layout_pg_pool(rbd_dev->layout);
1990         ceph_oid_set_name(&osd_req->r_base_oid, obj_request->object_name);
1991
1992         return osd_req;
1993 }
1994
1995
1996 static void rbd_osd_req_destroy(struct ceph_osd_request *osd_req)
1997 {
1998         ceph_osdc_put_request(osd_req);
1999 }
2000
2001 /* object_name is assumed to be a non-null pointer and NUL-terminated */
2002
2003 static struct rbd_obj_request *rbd_obj_request_create(const char *object_name,
2004                                                 u64 offset, u64 length,
2005                                                 enum obj_request_type type)
2006 {
2007         struct rbd_obj_request *obj_request;
2008         size_t size;
2009         char *name;
2010
2011         rbd_assert(obj_request_type_valid(type));
2012
2013         size = strlen(object_name) + 1;
2014         name = kmalloc(size, GFP_NOIO);
2015         if (!name)
2016                 return NULL;
2017
2018         obj_request = kmem_cache_zalloc(rbd_obj_request_cache, GFP_NOIO);
2019         if (!obj_request) {
2020                 kfree(name);
2021                 return NULL;
2022         }
2023
2024         obj_request->object_name = memcpy(name, object_name, size);
2025         obj_request->offset = offset;
2026         obj_request->length = length;
2027         obj_request->flags = 0;
2028         obj_request->which = BAD_WHICH;
2029         obj_request->type = type;
2030         INIT_LIST_HEAD(&obj_request->links);
2031         init_completion(&obj_request->completion);
2032         kref_init(&obj_request->kref);
2033
2034         dout("%s: \"%s\" %llu/%llu %d -> obj %p\n", __func__, object_name,
2035                 offset, length, (int)type, obj_request);
2036
2037         return obj_request;
2038 }
2039
2040 static void rbd_obj_request_destroy(struct kref *kref)
2041 {
2042         struct rbd_obj_request *obj_request;
2043
2044         obj_request = container_of(kref, struct rbd_obj_request, kref);
2045
2046         dout("%s: obj %p\n", __func__, obj_request);
2047
2048         rbd_assert(obj_request->img_request == NULL);
2049         rbd_assert(obj_request->which == BAD_WHICH);
2050
2051         if (obj_request->osd_req)
2052                 rbd_osd_req_destroy(obj_request->osd_req);
2053
2054         rbd_assert(obj_request_type_valid(obj_request->type));
2055         switch (obj_request->type) {
2056         case OBJ_REQUEST_NODATA:
2057                 break;          /* Nothing to do */
2058         case OBJ_REQUEST_BIO:
2059                 if (obj_request->bio_list)
2060                         bio_chain_put(obj_request->bio_list);
2061                 break;
2062         case OBJ_REQUEST_PAGES:
2063                 if (obj_request->pages)
2064                         ceph_release_page_vector(obj_request->pages,
2065                                                 obj_request->page_count);
2066                 break;
2067         }
2068
2069         kfree(obj_request->object_name);
2070         obj_request->object_name = NULL;
2071         kmem_cache_free(rbd_obj_request_cache, obj_request);
2072 }
2073
2074 /* It's OK to call this for a device with no parent */
2075
2076 static void rbd_spec_put(struct rbd_spec *spec);
2077 static void rbd_dev_unparent(struct rbd_device *rbd_dev)
2078 {
2079         rbd_dev_remove_parent(rbd_dev);
2080         rbd_spec_put(rbd_dev->parent_spec);
2081         rbd_dev->parent_spec = NULL;
2082         rbd_dev->parent_overlap = 0;
2083 }
2084
2085 /*
2086  * Parent image reference counting is used to determine when an
2087  * image's parent fields can be safely torn down--after there are no
2088  * more in-flight requests to the parent image.  When the last
2089  * reference is dropped, cleaning them up is safe.
2090  */
2091 static void rbd_dev_parent_put(struct rbd_device *rbd_dev)
2092 {
2093         int counter;
2094
2095         if (!rbd_dev->parent_spec)
2096                 return;
2097
2098         counter = atomic_dec_return_safe(&rbd_dev->parent_ref);
2099         if (counter > 0)
2100                 return;
2101
2102         /* Last reference; clean up parent data structures */
2103
2104         if (!counter)
2105                 rbd_dev_unparent(rbd_dev);
2106         else
2107                 rbd_warn(rbd_dev, "parent reference underflow");
2108 }
2109
2110 /*
2111  * If an image has a non-zero parent overlap, get a reference to its
2112  * parent.
2113  *
2114  * Returns true if the rbd device has a parent with a non-zero
2115  * overlap and a reference for it was successfully taken, or
2116  * false otherwise.
2117  */
2118 static bool rbd_dev_parent_get(struct rbd_device *rbd_dev)
2119 {
2120         int counter = 0;
2121
2122         if (!rbd_dev->parent_spec)
2123                 return false;
2124
2125         down_read(&rbd_dev->header_rwsem);
2126         if (rbd_dev->parent_overlap)
2127                 counter = atomic_inc_return_safe(&rbd_dev->parent_ref);
2128         up_read(&rbd_dev->header_rwsem);
2129
2130         if (counter < 0)
2131                 rbd_warn(rbd_dev, "parent reference overflow");
2132
2133         return counter > 0;
2134 }
2135
2136 /*
2137  * Caller is responsible for filling in the list of object requests
2138  * that comprises the image request, and the Linux request pointer
2139  * (if there is one).
2140  */
2141 static struct rbd_img_request *rbd_img_request_create(
2142                                         struct rbd_device *rbd_dev,
2143                                         u64 offset, u64 length,
2144                                         enum obj_operation_type op_type,
2145                                         struct ceph_snap_context *snapc)
2146 {
2147         struct rbd_img_request *img_request;
2148
2149         img_request = kmem_cache_alloc(rbd_img_request_cache, GFP_NOIO);
2150         if (!img_request)
2151                 return NULL;
2152
2153         img_request->rq = NULL;
2154         img_request->rbd_dev = rbd_dev;
2155         img_request->offset = offset;
2156         img_request->length = length;
2157         img_request->flags = 0;
2158         if (op_type == OBJ_OP_DISCARD) {
2159                 img_request_discard_set(img_request);
2160                 img_request->snapc = snapc;
2161         } else if (op_type == OBJ_OP_WRITE) {
2162                 img_request_write_set(img_request);
2163                 img_request->snapc = snapc;
2164         } else {
2165                 img_request->snap_id = rbd_dev->spec->snap_id;
2166         }
2167         if (rbd_dev_parent_get(rbd_dev))
2168                 img_request_layered_set(img_request);
2169         spin_lock_init(&img_request->completion_lock);
2170         img_request->next_completion = 0;
2171         img_request->callback = NULL;
2172         img_request->result = 0;
2173         img_request->obj_request_count = 0;
2174         INIT_LIST_HEAD(&img_request->obj_requests);
2175         kref_init(&img_request->kref);
2176
2177         dout("%s: rbd_dev %p %s %llu/%llu -> img %p\n", __func__, rbd_dev,
2178                 obj_op_name(op_type), offset, length, img_request);
2179
2180         return img_request;
2181 }
2182
2183 static void rbd_img_request_destroy(struct kref *kref)
2184 {
2185         struct rbd_img_request *img_request;
2186         struct rbd_obj_request *obj_request;
2187         struct rbd_obj_request *next_obj_request;
2188
2189         img_request = container_of(kref, struct rbd_img_request, kref);
2190
2191         dout("%s: img %p\n", __func__, img_request);
2192
2193         for_each_obj_request_safe(img_request, obj_request, next_obj_request)
2194                 rbd_img_obj_request_del(img_request, obj_request);
2195         rbd_assert(img_request->obj_request_count == 0);
2196
2197         if (img_request_layered_test(img_request)) {
2198                 img_request_layered_clear(img_request);
2199                 rbd_dev_parent_put(img_request->rbd_dev);
2200         }
2201
2202         if (img_request_write_test(img_request) ||
2203                 img_request_discard_test(img_request))
2204                 ceph_put_snap_context(img_request->snapc);
2205
2206         kmem_cache_free(rbd_img_request_cache, img_request);
2207 }
2208
2209 static struct rbd_img_request *rbd_parent_request_create(
2210                                         struct rbd_obj_request *obj_request,
2211                                         u64 img_offset, u64 length)
2212 {
2213         struct rbd_img_request *parent_request;
2214         struct rbd_device *rbd_dev;
2215
2216         rbd_assert(obj_request->img_request);
2217         rbd_dev = obj_request->img_request->rbd_dev;
2218
2219         parent_request = rbd_img_request_create(rbd_dev->parent, img_offset,
2220                                                 length, OBJ_OP_READ, NULL);
2221         if (!parent_request)
2222                 return NULL;
2223
2224         img_request_child_set(parent_request);
2225         rbd_obj_request_get(obj_request);
2226         parent_request->obj_request = obj_request;
2227
2228         return parent_request;
2229 }
2230
2231 static void rbd_parent_request_destroy(struct kref *kref)
2232 {
2233         struct rbd_img_request *parent_request;
2234         struct rbd_obj_request *orig_request;
2235
2236         parent_request = container_of(kref, struct rbd_img_request, kref);
2237         orig_request = parent_request->obj_request;
2238
2239         parent_request->obj_request = NULL;
2240         rbd_obj_request_put(orig_request);
2241         img_request_child_clear(parent_request);
2242
2243         rbd_img_request_destroy(kref);
2244 }
2245
2246 static bool rbd_img_obj_end_request(struct rbd_obj_request *obj_request)
2247 {
2248         struct rbd_img_request *img_request;
2249         unsigned int xferred;
2250         int result;
2251         bool more;
2252
2253         rbd_assert(obj_request_img_data_test(obj_request));
2254         img_request = obj_request->img_request;
2255
2256         rbd_assert(obj_request->xferred <= (u64)UINT_MAX);
2257         xferred = (unsigned int)obj_request->xferred;
2258         result = obj_request->result;
2259         if (result) {
2260                 struct rbd_device *rbd_dev = img_request->rbd_dev;
2261                 enum obj_operation_type op_type;
2262
2263                 if (img_request_discard_test(img_request))
2264                         op_type = OBJ_OP_DISCARD;
2265                 else if (img_request_write_test(img_request))
2266                         op_type = OBJ_OP_WRITE;
2267                 else
2268                         op_type = OBJ_OP_READ;
2269
2270                 rbd_warn(rbd_dev, "%s %llx at %llx (%llx)",
2271                         obj_op_name(op_type), obj_request->length,
2272                         obj_request->img_offset, obj_request->offset);
2273                 rbd_warn(rbd_dev, "  result %d xferred %x",
2274                         result, xferred);
2275                 if (!img_request->result)
2276                         img_request->result = result;
2277                 /*
2278                  * Need to end I/O on the entire obj_request worth of
2279                  * bytes in case of error.
2280                  */
2281                 xferred = obj_request->length;
2282         }
2283
2284         /* Image object requests don't own their page array */
2285
2286         if (obj_request->type == OBJ_REQUEST_PAGES) {
2287                 obj_request->pages = NULL;
2288                 obj_request->page_count = 0;
2289         }
2290
2291         if (img_request_child_test(img_request)) {
2292                 rbd_assert(img_request->obj_request != NULL);
2293                 more = obj_request->which < img_request->obj_request_count - 1;
2294         } else {
2295                 rbd_assert(img_request->rq != NULL);
2296                 more = blk_end_request(img_request->rq, result, xferred);
2297         }
2298
2299         return more;
2300 }
2301
2302 static void rbd_img_obj_callback(struct rbd_obj_request *obj_request)
2303 {
2304         struct rbd_img_request *img_request;
2305         u32 which = obj_request->which;
2306         bool more = true;
2307
2308         rbd_assert(obj_request_img_data_test(obj_request));
2309         img_request = obj_request->img_request;
2310
2311         dout("%s: img %p obj %p\n", __func__, img_request, obj_request);
2312         rbd_assert(img_request != NULL);
2313         rbd_assert(img_request->obj_request_count > 0);
2314         rbd_assert(which != BAD_WHICH);
2315         rbd_assert(which < img_request->obj_request_count);
2316
2317         spin_lock_irq(&img_request->completion_lock);
2318         if (which != img_request->next_completion)
2319                 goto out;
2320
2321         for_each_obj_request_from(img_request, obj_request) {
2322                 rbd_assert(more);
2323                 rbd_assert(which < img_request->obj_request_count);
2324
2325                 if (!obj_request_done_test(obj_request))
2326                         break;
2327                 more = rbd_img_obj_end_request(obj_request);
2328                 which++;
2329         }
2330
2331         rbd_assert(more ^ (which == img_request->obj_request_count));
2332         img_request->next_completion = which;
2333 out:
2334         spin_unlock_irq(&img_request->completion_lock);
2335         rbd_img_request_put(img_request);
2336
2337         if (!more)
2338                 rbd_img_request_complete(img_request);
2339 }
2340
2341 /*
2342  * Add individual osd ops to the given ceph_osd_request and prepare
2343  * them for submission. num_ops is the current number of
2344  * osd operations already to the object request.
2345  */
2346 static void rbd_img_obj_request_fill(struct rbd_obj_request *obj_request,
2347                                 struct ceph_osd_request *osd_request,
2348                                 enum obj_operation_type op_type,
2349                                 unsigned int num_ops)
2350 {
2351         struct rbd_img_request *img_request = obj_request->img_request;
2352         struct rbd_device *rbd_dev = img_request->rbd_dev;
2353         u64 object_size = rbd_obj_bytes(&rbd_dev->header);
2354         u64 offset = obj_request->offset;
2355         u64 length = obj_request->length;
2356         u64 img_end;
2357         u16 opcode;
2358
2359         if (op_type == OBJ_OP_DISCARD) {
2360                 if (!offset && length == object_size &&
2361                     (!img_request_layered_test(img_request) ||
2362                      !obj_request_overlaps_parent(obj_request))) {
2363                         opcode = CEPH_OSD_OP_DELETE;
2364                 } else if ((offset + length == object_size)) {
2365                         opcode = CEPH_OSD_OP_TRUNCATE;
2366                 } else {
2367                         down_read(&rbd_dev->header_rwsem);
2368                         img_end = rbd_dev->header.image_size;
2369                         up_read(&rbd_dev->header_rwsem);
2370
2371                         if (obj_request->img_offset + length == img_end)
2372                                 opcode = CEPH_OSD_OP_TRUNCATE;
2373                         else
2374                                 opcode = CEPH_OSD_OP_ZERO;
2375                 }
2376         } else if (op_type == OBJ_OP_WRITE) {
2377                 opcode = CEPH_OSD_OP_WRITE;
2378                 osd_req_op_alloc_hint_init(osd_request, num_ops,
2379                                         object_size, object_size);
2380                 num_ops++;
2381         } else {
2382                 opcode = CEPH_OSD_OP_READ;
2383         }
2384
2385         osd_req_op_extent_init(osd_request, num_ops, opcode, offset, length,
2386                                 0, 0);
2387         if (obj_request->type == OBJ_REQUEST_BIO)
2388                 osd_req_op_extent_osd_data_bio(osd_request, num_ops,
2389                                         obj_request->bio_list, length);
2390         else if (obj_request->type == OBJ_REQUEST_PAGES)
2391                 osd_req_op_extent_osd_data_pages(osd_request, num_ops,
2392                                         obj_request->pages, length,
2393                                         offset & ~PAGE_MASK, false, false);
2394
2395         /* Discards are also writes */
2396         if (op_type == OBJ_OP_WRITE || op_type == OBJ_OP_DISCARD)
2397                 rbd_osd_req_format_write(obj_request);
2398         else
2399                 rbd_osd_req_format_read(obj_request);
2400 }
2401
2402 /*
2403  * Split up an image request into one or more object requests, each
2404  * to a different object.  The "type" parameter indicates whether
2405  * "data_desc" is the pointer to the head of a list of bio
2406  * structures, or the base of a page array.  In either case this
2407  * function assumes data_desc describes memory sufficient to hold
2408  * all data described by the image request.
2409  */
2410 static int rbd_img_request_fill(struct rbd_img_request *img_request,
2411                                         enum obj_request_type type,
2412                                         void *data_desc)
2413 {
2414         struct rbd_device *rbd_dev = img_request->rbd_dev;
2415         struct rbd_obj_request *obj_request = NULL;
2416         struct rbd_obj_request *next_obj_request;
2417         struct bio *bio_list = NULL;
2418         unsigned int bio_offset = 0;
2419         struct page **pages = NULL;
2420         enum obj_operation_type op_type;
2421         u64 img_offset;
2422         u64 resid;
2423
2424         dout("%s: img %p type %d data_desc %p\n", __func__, img_request,
2425                 (int)type, data_desc);
2426
2427         img_offset = img_request->offset;
2428         resid = img_request->length;
2429         rbd_assert(resid > 0);
2430         op_type = rbd_img_request_op_type(img_request);
2431
2432         if (type == OBJ_REQUEST_BIO) {
2433                 bio_list = data_desc;
2434                 rbd_assert(img_offset ==
2435                            bio_list->bi_iter.bi_sector << SECTOR_SHIFT);
2436         } else if (type == OBJ_REQUEST_PAGES) {
2437                 pages = data_desc;
2438         }
2439
2440         while (resid) {
2441                 struct ceph_osd_request *osd_req;
2442                 const char *object_name;
2443                 u64 offset;
2444                 u64 length;
2445
2446                 object_name = rbd_segment_name(rbd_dev, img_offset);
2447                 if (!object_name)
2448                         goto out_unwind;
2449                 offset = rbd_segment_offset(rbd_dev, img_offset);
2450                 length = rbd_segment_length(rbd_dev, img_offset, resid);
2451                 obj_request = rbd_obj_request_create(object_name,
2452                                                 offset, length, type);
2453                 /* object request has its own copy of the object name */
2454                 rbd_segment_name_free(object_name);
2455                 if (!obj_request)
2456                         goto out_unwind;
2457
2458                 /*
2459                  * set obj_request->img_request before creating the
2460                  * osd_request so that it gets the right snapc
2461                  */
2462                 rbd_img_obj_request_add(img_request, obj_request);
2463
2464                 if (type == OBJ_REQUEST_BIO) {
2465                         unsigned int clone_size;
2466
2467                         rbd_assert(length <= (u64)UINT_MAX);
2468                         clone_size = (unsigned int)length;
2469                         obj_request->bio_list =
2470                                         bio_chain_clone_range(&bio_list,
2471                                                                 &bio_offset,
2472                                                                 clone_size,
2473                                                                 GFP_NOIO);
2474                         if (!obj_request->bio_list)
2475                                 goto out_unwind;
2476                 } else if (type == OBJ_REQUEST_PAGES) {
2477                         unsigned int page_count;
2478
2479                         obj_request->pages = pages;
2480                         page_count = (u32)calc_pages_for(offset, length);
2481                         obj_request->page_count = page_count;
2482                         if ((offset + length) & ~PAGE_MASK)
2483                                 page_count--;   /* more on last page */
2484                         pages += page_count;
2485                 }
2486
2487                 osd_req = rbd_osd_req_create(rbd_dev, op_type,
2488                                         (op_type == OBJ_OP_WRITE) ? 2 : 1,
2489                                         obj_request);
2490                 if (!osd_req)
2491                         goto out_unwind;
2492
2493                 obj_request->osd_req = osd_req;
2494                 obj_request->callback = rbd_img_obj_callback;
2495                 obj_request->img_offset = img_offset;
2496
2497                 rbd_img_obj_request_fill(obj_request, osd_req, op_type, 0);
2498
2499                 rbd_img_request_get(img_request);
2500
2501                 img_offset += length;
2502                 resid -= length;
2503         }
2504
2505         return 0;
2506
2507 out_unwind:
2508         for_each_obj_request_safe(img_request, obj_request, next_obj_request)
2509                 rbd_img_obj_request_del(img_request, obj_request);
2510
2511         return -ENOMEM;
2512 }
2513
2514 static void
2515 rbd_osd_copyup_callback(struct rbd_obj_request *obj_request)
2516 {
2517         struct rbd_img_request *img_request;
2518         struct rbd_device *rbd_dev;
2519         struct page **pages;
2520         u32 page_count;
2521
2522         dout("%s: obj %p\n", __func__, obj_request);
2523
2524         rbd_assert(obj_request->type == OBJ_REQUEST_BIO ||
2525                 obj_request->type == OBJ_REQUEST_NODATA);
2526         rbd_assert(obj_request_img_data_test(obj_request));
2527         img_request = obj_request->img_request;
2528         rbd_assert(img_request);
2529
2530         rbd_dev = img_request->rbd_dev;
2531         rbd_assert(rbd_dev);
2532
2533         pages = obj_request->copyup_pages;
2534         rbd_assert(pages != NULL);
2535         obj_request->copyup_pages = NULL;
2536         page_count = obj_request->copyup_page_count;
2537         rbd_assert(page_count);
2538         obj_request->copyup_page_count = 0;
2539         ceph_release_page_vector(pages, page_count);
2540
2541         /*
2542          * We want the transfer count to reflect the size of the
2543          * original write request.  There is no such thing as a
2544          * successful short write, so if the request was successful
2545          * we can just set it to the originally-requested length.
2546          */
2547         if (!obj_request->result)
2548                 obj_request->xferred = obj_request->length;
2549
2550         obj_request_done_set(obj_request);
2551 }
2552
2553 static void
2554 rbd_img_obj_parent_read_full_callback(struct rbd_img_request *img_request)
2555 {
2556         struct rbd_obj_request *orig_request;
2557         struct ceph_osd_request *osd_req;
2558         struct ceph_osd_client *osdc;
2559         struct rbd_device *rbd_dev;
2560         struct page **pages;
2561         enum obj_operation_type op_type;
2562         u32 page_count;
2563         int img_result;
2564         u64 parent_length;
2565
2566         rbd_assert(img_request_child_test(img_request));
2567
2568         /* First get what we need from the image request */
2569
2570         pages = img_request->copyup_pages;
2571         rbd_assert(pages != NULL);
2572         img_request->copyup_pages = NULL;
2573         page_count = img_request->copyup_page_count;
2574         rbd_assert(page_count);
2575         img_request->copyup_page_count = 0;
2576
2577         orig_request = img_request->obj_request;
2578         rbd_assert(orig_request != NULL);
2579         rbd_assert(obj_request_type_valid(orig_request->type));
2580         img_result = img_request->result;
2581         parent_length = img_request->length;
2582         rbd_assert(parent_length == img_request->xferred);
2583         rbd_img_request_put(img_request);
2584
2585         rbd_assert(orig_request->img_request);
2586         rbd_dev = orig_request->img_request->rbd_dev;
2587         rbd_assert(rbd_dev);
2588
2589         /*
2590          * If the overlap has become 0 (most likely because the
2591          * image has been flattened) we need to free the pages
2592          * and re-submit the original write request.
2593          */
2594         if (!rbd_dev->parent_overlap) {
2595                 struct ceph_osd_client *osdc;
2596
2597                 ceph_release_page_vector(pages, page_count);
2598                 osdc = &rbd_dev->rbd_client->client->osdc;
2599                 img_result = rbd_obj_request_submit(osdc, orig_request);
2600                 if (!img_result)
2601                         return;
2602         }
2603
2604         if (img_result)
2605                 goto out_err;
2606
2607         /*
2608          * The original osd request is of no use to use any more.
2609          * We need a new one that can hold the three ops in a copyup
2610          * request.  Allocate the new copyup osd request for the
2611          * original request, and release the old one.
2612          */
2613         img_result = -ENOMEM;
2614         osd_req = rbd_osd_req_create_copyup(orig_request);
2615         if (!osd_req)
2616                 goto out_err;
2617         rbd_osd_req_destroy(orig_request->osd_req);
2618         orig_request->osd_req = osd_req;
2619         orig_request->copyup_pages = pages;
2620         orig_request->copyup_page_count = page_count;
2621
2622         /* Initialize the copyup op */
2623
2624         osd_req_op_cls_init(osd_req, 0, CEPH_OSD_OP_CALL, "rbd", "copyup");
2625         osd_req_op_cls_request_data_pages(osd_req, 0, pages, parent_length, 0,
2626                                                 false, false);
2627
2628         /* Add the other op(s) */
2629
2630         op_type = rbd_img_request_op_type(orig_request->img_request);
2631         rbd_img_obj_request_fill(orig_request, osd_req, op_type, 1);
2632
2633         /* All set, send it off. */
2634
2635         osdc = &rbd_dev->rbd_client->client->osdc;
2636         img_result = rbd_obj_request_submit(osdc, orig_request);
2637         if (!img_result)
2638                 return;
2639 out_err:
2640         /* Record the error code and complete the request */
2641
2642         orig_request->result = img_result;
2643         orig_request->xferred = 0;
2644         obj_request_done_set(orig_request);
2645         rbd_obj_request_complete(orig_request);
2646 }
2647
2648 /*
2649  * Read from the parent image the range of data that covers the
2650  * entire target of the given object request.  This is used for
2651  * satisfying a layered image write request when the target of an
2652  * object request from the image request does not exist.
2653  *
2654  * A page array big enough to hold the returned data is allocated
2655  * and supplied to rbd_img_request_fill() as the "data descriptor."
2656  * When the read completes, this page array will be transferred to
2657  * the original object request for the copyup operation.
2658  *
2659  * If an error occurs, record it as the result of the original
2660  * object request and mark it done so it gets completed.
2661  */
2662 static int rbd_img_obj_parent_read_full(struct rbd_obj_request *obj_request)
2663 {
2664         struct rbd_img_request *img_request = NULL;
2665         struct rbd_img_request *parent_request = NULL;
2666         struct rbd_device *rbd_dev;
2667         u64 img_offset;
2668         u64 length;
2669         struct page **pages = NULL;
2670         u32 page_count;
2671         int result;
2672
2673         rbd_assert(obj_request_img_data_test(obj_request));
2674         rbd_assert(obj_request_type_valid(obj_request->type));
2675
2676         img_request = obj_request->img_request;
2677         rbd_assert(img_request != NULL);
2678         rbd_dev = img_request->rbd_dev;
2679         rbd_assert(rbd_dev->parent != NULL);
2680
2681         /*
2682          * Determine the byte range covered by the object in the
2683          * child image to which the original request was to be sent.
2684          */
2685         img_offset = obj_request->img_offset - obj_request->offset;
2686         length = (u64)1 << rbd_dev->header.obj_order;
2687
2688         /*
2689          * There is no defined parent data beyond the parent
2690          * overlap, so limit what we read at that boundary if
2691          * necessary.
2692          */
2693         if (img_offset + length > rbd_dev->parent_overlap) {
2694                 rbd_assert(img_offset < rbd_dev->parent_overlap);
2695                 length = rbd_dev->parent_overlap - img_offset;
2696         }
2697
2698         /*
2699          * Allocate a page array big enough to receive the data read
2700          * from the parent.
2701          */
2702         page_count = (u32)calc_pages_for(0, length);
2703         pages = ceph_alloc_page_vector(page_count, GFP_NOIO);
2704         if (IS_ERR(pages)) {
2705                 result = PTR_ERR(pages);
2706                 pages = NULL;
2707                 goto out_err;
2708         }
2709
2710         result = -ENOMEM;
2711         parent_request = rbd_parent_request_create(obj_request,
2712                                                 img_offset, length);
2713         if (!parent_request)
2714                 goto out_err;
2715
2716         result = rbd_img_request_fill(parent_request, OBJ_REQUEST_PAGES, pages);
2717         if (result)
2718                 goto out_err;
2719         parent_request->copyup_pages = pages;
2720         parent_request->copyup_page_count = page_count;
2721
2722         parent_request->callback = rbd_img_obj_parent_read_full_callback;
2723         result = rbd_img_request_submit(parent_request);
2724         if (!result)
2725                 return 0;
2726
2727         parent_request->copyup_pages = NULL;
2728         parent_request->copyup_page_count = 0;
2729         parent_request->obj_request = NULL;
2730         rbd_obj_request_put(obj_request);
2731 out_err:
2732         if (pages)
2733                 ceph_release_page_vector(pages, page_count);
2734         if (parent_request)
2735                 rbd_img_request_put(parent_request);
2736         obj_request->result = result;
2737         obj_request->xferred = 0;
2738         obj_request_done_set(obj_request);
2739
2740         return result;
2741 }
2742
2743 static void rbd_img_obj_exists_callback(struct rbd_obj_request *obj_request)
2744 {
2745         struct rbd_obj_request *orig_request;
2746         struct rbd_device *rbd_dev;
2747         int result;
2748
2749         rbd_assert(!obj_request_img_data_test(obj_request));
2750
2751         /*
2752          * All we need from the object request is the original
2753          * request and the result of the STAT op.  Grab those, then
2754          * we're done with the request.
2755          */
2756         orig_request = obj_request->obj_request;
2757         obj_request->obj_request = NULL;
2758         rbd_obj_request_put(orig_request);
2759         rbd_assert(orig_request);
2760         rbd_assert(orig_request->img_request);
2761
2762         result = obj_request->result;
2763         obj_request->result = 0;
2764
2765         dout("%s: obj %p for obj %p result %d %llu/%llu\n", __func__,
2766                 obj_request, orig_request, result,
2767                 obj_request->xferred, obj_request->length);
2768         rbd_obj_request_put(obj_request);
2769
2770         /*
2771          * If the overlap has become 0 (most likely because the
2772          * image has been flattened) we need to free the pages
2773          * and re-submit the original write request.
2774          */
2775         rbd_dev = orig_request->img_request->rbd_dev;
2776         if (!rbd_dev->parent_overlap) {
2777                 struct ceph_osd_client *osdc;
2778
2779                 osdc = &rbd_dev->rbd_client->client->osdc;
2780                 result = rbd_obj_request_submit(osdc, orig_request);
2781                 if (!result)
2782                         return;
2783         }
2784
2785         /*
2786          * Our only purpose here is to determine whether the object
2787          * exists, and we don't want to treat the non-existence as
2788          * an error.  If something else comes back, transfer the
2789          * error to the original request and complete it now.
2790          */
2791         if (!result) {
2792                 obj_request_existence_set(orig_request, true);
2793         } else if (result == -ENOENT) {
2794                 obj_request_existence_set(orig_request, false);
2795         } else if (result) {
2796                 orig_request->result = result;
2797                 goto out;
2798         }
2799
2800         /*
2801          * Resubmit the original request now that we have recorded
2802          * whether the target object exists.
2803          */
2804         orig_request->result = rbd_img_obj_request_submit(orig_request);
2805 out:
2806         if (orig_request->result)
2807                 rbd_obj_request_complete(orig_request);
2808 }
2809
2810 static int rbd_img_obj_exists_submit(struct rbd_obj_request *obj_request)
2811 {
2812         struct rbd_obj_request *stat_request;
2813         struct rbd_device *rbd_dev;
2814         struct ceph_osd_client *osdc;
2815         struct page **pages = NULL;
2816         u32 page_count;
2817         size_t size;
2818         int ret;
2819
2820         /*
2821          * The response data for a STAT call consists of:
2822          *     le64 length;
2823          *     struct {
2824          *         le32 tv_sec;
2825          *         le32 tv_nsec;
2826          *     } mtime;
2827          */
2828         size = sizeof (__le64) + sizeof (__le32) + sizeof (__le32);
2829         page_count = (u32)calc_pages_for(0, size);
2830         pages = ceph_alloc_page_vector(page_count, GFP_NOIO);
2831         if (IS_ERR(pages))
2832                 return PTR_ERR(pages);
2833
2834         ret = -ENOMEM;
2835         stat_request = rbd_obj_request_create(obj_request->object_name, 0, 0,
2836                                                         OBJ_REQUEST_PAGES);
2837         if (!stat_request)
2838                 goto out;
2839
2840         rbd_obj_request_get(obj_request);
2841         stat_request->obj_request = obj_request;
2842         stat_request->pages = pages;
2843         stat_request->page_count = page_count;
2844
2845         rbd_assert(obj_request->img_request);
2846         rbd_dev = obj_request->img_request->rbd_dev;
2847         stat_request->osd_req = rbd_osd_req_create(rbd_dev, OBJ_OP_READ, 1,
2848                                                    stat_request);
2849         if (!stat_request->osd_req)
2850                 goto out;
2851         stat_request->callback = rbd_img_obj_exists_callback;
2852
2853         osd_req_op_init(stat_request->osd_req, 0, CEPH_OSD_OP_STAT);
2854         osd_req_op_raw_data_in_pages(stat_request->osd_req, 0, pages, size, 0,
2855                                         false, false);
2856         rbd_osd_req_format_read(stat_request);
2857
2858         osdc = &rbd_dev->rbd_client->client->osdc;
2859         ret = rbd_obj_request_submit(osdc, stat_request);
2860 out:
2861         if (ret)
2862                 rbd_obj_request_put(obj_request);
2863
2864         return ret;
2865 }
2866
2867 static bool img_obj_request_simple(struct rbd_obj_request *obj_request)
2868 {
2869         struct rbd_img_request *img_request;
2870         struct rbd_device *rbd_dev;
2871
2872         rbd_assert(obj_request_img_data_test(obj_request));
2873
2874         img_request = obj_request->img_request;
2875         rbd_assert(img_request);
2876         rbd_dev = img_request->rbd_dev;
2877
2878         /* Reads */
2879         if (!img_request_write_test(img_request) &&
2880             !img_request_discard_test(img_request))
2881                 return true;
2882
2883         /* Non-layered writes */
2884         if (!img_request_layered_test(img_request))
2885                 return true;
2886
2887         /*
2888          * Layered writes outside of the parent overlap range don't
2889          * share any data with the parent.
2890          */
2891         if (!obj_request_overlaps_parent(obj_request))
2892                 return true;
2893
2894         /*
2895          * Entire-object layered writes - we will overwrite whatever
2896          * parent data there is anyway.
2897          */
2898         if (!obj_request->offset &&
2899             obj_request->length == rbd_obj_bytes(&rbd_dev->header))
2900                 return true;
2901
2902         /*
2903          * If the object is known to already exist, its parent data has
2904          * already been copied.
2905          */
2906         if (obj_request_known_test(obj_request) &&
2907             obj_request_exists_test(obj_request))
2908                 return true;
2909
2910         return false;
2911 }
2912
2913 static int rbd_img_obj_request_submit(struct rbd_obj_request *obj_request)
2914 {
2915         if (img_obj_request_simple(obj_request)) {
2916                 struct rbd_device *rbd_dev;
2917                 struct ceph_osd_client *osdc;
2918
2919                 rbd_dev = obj_request->img_request->rbd_dev;
2920                 osdc = &rbd_dev->rbd_client->client->osdc;
2921
2922                 return rbd_obj_request_submit(osdc, obj_request);
2923         }
2924
2925         /*
2926          * It's a layered write.  The target object might exist but
2927          * we may not know that yet.  If we know it doesn't exist,
2928          * start by reading the data for the full target object from
2929          * the parent so we can use it for a copyup to the target.
2930          */
2931         if (obj_request_known_test(obj_request))
2932                 return rbd_img_obj_parent_read_full(obj_request);
2933
2934         /* We don't know whether the target exists.  Go find out. */
2935
2936         return rbd_img_obj_exists_submit(obj_request);
2937 }
2938
2939 static int rbd_img_request_submit(struct rbd_img_request *img_request)
2940 {
2941         struct rbd_obj_request *obj_request;
2942         struct rbd_obj_request *next_obj_request;
2943
2944         dout("%s: img %p\n", __func__, img_request);
2945         for_each_obj_request_safe(img_request, obj_request, next_obj_request) {
2946                 int ret;
2947
2948                 ret = rbd_img_obj_request_submit(obj_request);
2949                 if (ret)
2950                         return ret;
2951         }
2952
2953         return 0;
2954 }
2955
2956 static void rbd_img_parent_read_callback(struct rbd_img_request *img_request)
2957 {
2958         struct rbd_obj_request *obj_request;
2959         struct rbd_device *rbd_dev;
2960         u64 obj_end;
2961         u64 img_xferred;
2962         int img_result;
2963
2964         rbd_assert(img_request_child_test(img_request));
2965
2966         /* First get what we need from the image request and release it */
2967
2968         obj_request = img_request->obj_request;
2969         img_xferred = img_request->xferred;
2970         img_result = img_request->result;
2971         rbd_img_request_put(img_request);
2972
2973         /*
2974          * If the overlap has become 0 (most likely because the
2975          * image has been flattened) we need to re-submit the
2976          * original request.
2977          */
2978         rbd_assert(obj_request);
2979         rbd_assert(obj_request->img_request);
2980         rbd_dev = obj_request->img_request->rbd_dev;
2981         if (!rbd_dev->parent_overlap) {
2982                 struct ceph_osd_client *osdc;
2983
2984                 osdc = &rbd_dev->rbd_client->client->osdc;
2985                 img_result = rbd_obj_request_submit(osdc, obj_request);
2986                 if (!img_result)
2987                         return;
2988         }
2989
2990         obj_request->result = img_result;
2991         if (obj_request->result)
2992                 goto out;
2993
2994         /*
2995          * We need to zero anything beyond the parent overlap
2996          * boundary.  Since rbd_img_obj_request_read_callback()
2997          * will zero anything beyond the end of a short read, an
2998          * easy way to do this is to pretend the data from the
2999          * parent came up short--ending at the overlap boundary.
3000          */
3001         rbd_assert(obj_request->img_offset < U64_MAX - obj_request->length);
3002         obj_end = obj_request->img_offset + obj_request->length;
3003         if (obj_end > rbd_dev->parent_overlap) {
3004                 u64 xferred = 0;
3005
3006                 if (obj_request->img_offset < rbd_dev->parent_overlap)
3007                         xferred = rbd_dev->parent_overlap -
3008                                         obj_request->img_offset;
3009
3010                 obj_request->xferred = min(img_xferred, xferred);
3011         } else {
3012                 obj_request->xferred = img_xferred;
3013         }
3014 out:
3015         rbd_img_obj_request_read_callback(obj_request);
3016         rbd_obj_request_complete(obj_request);
3017 }
3018
3019 static void rbd_img_parent_read(struct rbd_obj_request *obj_request)
3020 {
3021         struct rbd_img_request *img_request;
3022         int result;
3023
3024         rbd_assert(obj_request_img_data_test(obj_request));
3025         rbd_assert(obj_request->img_request != NULL);
3026         rbd_assert(obj_request->result == (s32) -ENOENT);
3027         rbd_assert(obj_request_type_valid(obj_request->type));
3028
3029         /* rbd_read_finish(obj_request, obj_request->length); */
3030         img_request = rbd_parent_request_create(obj_request,
3031                                                 obj_request->img_offset,
3032                                                 obj_request->length);
3033         result = -ENOMEM;
3034         if (!img_request)
3035                 goto out_err;
3036
3037         if (obj_request->type == OBJ_REQUEST_BIO)
3038                 result = rbd_img_request_fill(img_request, OBJ_REQUEST_BIO,
3039                                                 obj_request->bio_list);
3040         else
3041                 result = rbd_img_request_fill(img_request, OBJ_REQUEST_PAGES,
3042                                                 obj_request->pages);
3043         if (result)
3044                 goto out_err;
3045
3046         img_request->callback = rbd_img_parent_read_callback;
3047         result = rbd_img_request_submit(img_request);
3048         if (result)
3049                 goto out_err;
3050
3051         return;
3052 out_err:
3053         if (img_request)
3054                 rbd_img_request_put(img_request);
3055         obj_request->result = result;
3056         obj_request->xferred = 0;
3057         obj_request_done_set(obj_request);
3058 }
3059
3060 static int rbd_obj_notify_ack_sync(struct rbd_device *rbd_dev, u64 notify_id)
3061 {
3062         struct rbd_obj_request *obj_request;
3063         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3064         int ret;
3065
3066         obj_request = rbd_obj_request_create(rbd_dev->header_name, 0, 0,
3067                                                         OBJ_REQUEST_NODATA);
3068         if (!obj_request)
3069                 return -ENOMEM;
3070
3071         ret = -ENOMEM;
3072         obj_request->osd_req = rbd_osd_req_create(rbd_dev, OBJ_OP_READ, 1,
3073                                                   obj_request);
3074         if (!obj_request->osd_req)
3075                 goto out;
3076
3077         osd_req_op_watch_init(obj_request->osd_req, 0, CEPH_OSD_OP_NOTIFY_ACK,
3078                                         notify_id, 0, 0);
3079         rbd_osd_req_format_read(obj_request);
3080
3081         ret = rbd_obj_request_submit(osdc, obj_request);
3082         if (ret)
3083                 goto out;
3084         ret = rbd_obj_request_wait(obj_request);
3085 out:
3086         rbd_obj_request_put(obj_request);
3087
3088         return ret;
3089 }
3090
3091 static void rbd_watch_cb(u64 ver, u64 notify_id, u8 opcode, void *data)
3092 {
3093         struct rbd_device *rbd_dev = (struct rbd_device *)data;
3094         int ret;
3095
3096         if (!rbd_dev)
3097                 return;
3098
3099         dout("%s: \"%s\" notify_id %llu opcode %u\n", __func__,
3100                 rbd_dev->header_name, (unsigned long long)notify_id,
3101                 (unsigned int)opcode);
3102
3103         /*
3104          * Until adequate refresh error handling is in place, there is
3105          * not much we can do here, except warn.
3106          *
3107          * See http://tracker.ceph.com/issues/5040
3108          */
3109         ret = rbd_dev_refresh(rbd_dev);
3110         if (ret)
3111                 rbd_warn(rbd_dev, "refresh failed: %d", ret);
3112
3113         ret = rbd_obj_notify_ack_sync(rbd_dev, notify_id);
3114         if (ret)
3115                 rbd_warn(rbd_dev, "notify_ack ret %d", ret);
3116 }
3117
3118 /*
3119  * Send a (un)watch request and wait for the ack.  Return a request
3120  * with a ref held on success or error.
3121  */
3122 static struct rbd_obj_request *rbd_obj_watch_request_helper(
3123                                                 struct rbd_device *rbd_dev,
3124                                                 bool watch)
3125 {
3126         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3127         struct rbd_obj_request *obj_request;
3128         int ret;
3129
3130         obj_request = rbd_obj_request_create(rbd_dev->header_name, 0, 0,
3131                                              OBJ_REQUEST_NODATA);
3132         if (!obj_request)
3133                 return ERR_PTR(-ENOMEM);
3134
3135         obj_request->osd_req = rbd_osd_req_create(rbd_dev, OBJ_OP_WRITE, 1,
3136                                                   obj_request);
3137         if (!obj_request->osd_req) {
3138                 ret = -ENOMEM;
3139                 goto out;
3140         }
3141
3142         osd_req_op_watch_init(obj_request->osd_req, 0, CEPH_OSD_OP_WATCH,
3143                               rbd_dev->watch_event->cookie, 0, watch);
3144         rbd_osd_req_format_write(obj_request);
3145
3146         if (watch)
3147                 ceph_osdc_set_request_linger(osdc, obj_request->osd_req);
3148
3149         ret = rbd_obj_request_submit(osdc, obj_request);
3150         if (ret)
3151                 goto out;
3152
3153         ret = rbd_obj_request_wait(obj_request);
3154         if (ret)
3155                 goto out;
3156
3157         ret = obj_request->result;
3158         if (ret) {
3159                 if (watch)
3160                         rbd_obj_request_end(obj_request);
3161                 goto out;
3162         }
3163
3164         return obj_request;
3165
3166 out:
3167         rbd_obj_request_put(obj_request);
3168         return ERR_PTR(ret);
3169 }
3170
3171 /*
3172  * Initiate a watch request, synchronously.
3173  */
3174 static int rbd_dev_header_watch_sync(struct rbd_device *rbd_dev)
3175 {
3176         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3177         struct rbd_obj_request *obj_request;
3178         int ret;
3179
3180         rbd_assert(!rbd_dev->watch_event);
3181         rbd_assert(!rbd_dev->watch_request);
3182
3183         ret = ceph_osdc_create_event(osdc, rbd_watch_cb, rbd_dev,
3184                                      &rbd_dev->watch_event);
3185         if (ret < 0)
3186                 return ret;
3187
3188         obj_request = rbd_obj_watch_request_helper(rbd_dev, true);
3189         if (IS_ERR(obj_request)) {
3190                 ceph_osdc_cancel_event(rbd_dev->watch_event);
3191                 rbd_dev->watch_event = NULL;
3192                 return PTR_ERR(obj_request);
3193         }
3194
3195         /*
3196          * A watch request is set to linger, so the underlying osd
3197          * request won't go away until we unregister it.  We retain
3198          * a pointer to the object request during that time (in
3199          * rbd_dev->watch_request), so we'll keep a reference to it.
3200          * We'll drop that reference after we've unregistered it in
3201          * rbd_dev_header_unwatch_sync().
3202          */
3203         rbd_dev->watch_request = obj_request;
3204
3205         return 0;
3206 }
3207
3208 /*
3209  * Tear down a watch request, synchronously.
3210  */
3211 static void rbd_dev_header_unwatch_sync(struct rbd_device *rbd_dev)
3212 {
3213         struct rbd_obj_request *obj_request;
3214
3215         rbd_assert(rbd_dev->watch_event);
3216         rbd_assert(rbd_dev->watch_request);
3217
3218         rbd_obj_request_end(rbd_dev->watch_request);
3219         rbd_obj_request_put(rbd_dev->watch_request);
3220         rbd_dev->watch_request = NULL;
3221
3222         obj_request = rbd_obj_watch_request_helper(rbd_dev, false);
3223         if (!IS_ERR(obj_request))
3224                 rbd_obj_request_put(obj_request);
3225         else
3226                 rbd_warn(rbd_dev, "unable to tear down watch request (%ld)",
3227                          PTR_ERR(obj_request));
3228
3229         ceph_osdc_cancel_event(rbd_dev->watch_event);
3230         rbd_dev->watch_event = NULL;
3231 }
3232
3233 /*
3234  * Synchronous osd object method call.  Returns the number of bytes
3235  * returned in the outbound buffer, or a negative error code.
3236  */
3237 static int rbd_obj_method_sync(struct rbd_device *rbd_dev,
3238                              const char *object_name,
3239                              const char *class_name,
3240                              const char *method_name,
3241                              const void *outbound,
3242                              size_t outbound_size,
3243                              void *inbound,
3244                              size_t inbound_size)
3245 {
3246         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3247         struct rbd_obj_request *obj_request;
3248         struct page **pages;
3249         u32 page_count;
3250         int ret;
3251
3252         /*
3253          * Method calls are ultimately read operations.  The result
3254          * should placed into the inbound buffer provided.  They
3255          * also supply outbound data--parameters for the object
3256          * method.  Currently if this is present it will be a
3257          * snapshot id.
3258          */
3259         page_count = (u32)calc_pages_for(0, inbound_size);
3260         pages = ceph_alloc_page_vector(page_count, GFP_KERNEL);
3261         if (IS_ERR(pages))
3262                 return PTR_ERR(pages);
3263
3264         ret = -ENOMEM;
3265         obj_request = rbd_obj_request_create(object_name, 0, inbound_size,
3266                                                         OBJ_REQUEST_PAGES);
3267         if (!obj_request)
3268                 goto out;
3269
3270         obj_request->pages = pages;
3271         obj_request->page_count = page_count;
3272
3273         obj_request->osd_req = rbd_osd_req_create(rbd_dev, OBJ_OP_READ, 1,
3274                                                   obj_request);
3275         if (!obj_request->osd_req)
3276                 goto out;
3277
3278         osd_req_op_cls_init(obj_request->osd_req, 0, CEPH_OSD_OP_CALL,
3279                                         class_name, method_name);
3280         if (outbound_size) {
3281                 struct ceph_pagelist *pagelist;
3282
3283                 pagelist = kmalloc(sizeof (*pagelist), GFP_NOFS);
3284                 if (!pagelist)
3285                         goto out;
3286
3287                 ceph_pagelist_init(pagelist);
3288                 ceph_pagelist_append(pagelist, outbound, outbound_size);
3289                 osd_req_op_cls_request_data_pagelist(obj_request->osd_req, 0,
3290                                                 pagelist);
3291         }
3292         osd_req_op_cls_response_data_pages(obj_request->osd_req, 0,
3293                                         obj_request->pages, inbound_size,
3294                                         0, false, false);
3295         rbd_osd_req_format_read(obj_request);
3296
3297         ret = rbd_obj_request_submit(osdc, obj_request);
3298         if (ret)
3299                 goto out;
3300         ret = rbd_obj_request_wait(obj_request);
3301         if (ret)
3302                 goto out;
3303
3304         ret = obj_request->result;
3305         if (ret < 0)
3306                 goto out;
3307
3308         rbd_assert(obj_request->xferred < (u64)INT_MAX);
3309         ret = (int)obj_request->xferred;
3310         ceph_copy_from_page_vector(pages, inbound, 0, obj_request->xferred);
3311 out:
3312         if (obj_request)
3313                 rbd_obj_request_put(obj_request);
3314         else
3315                 ceph_release_page_vector(pages, page_count);
3316
3317         return ret;
3318 }
3319
3320 static void rbd_handle_request(struct rbd_device *rbd_dev, struct request *rq)
3321 {
3322         struct rbd_img_request *img_request;
3323         struct ceph_snap_context *snapc = NULL;
3324         u64 offset = (u64)blk_rq_pos(rq) << SECTOR_SHIFT;
3325         u64 length = blk_rq_bytes(rq);
3326         enum obj_operation_type op_type;
3327         u64 mapping_size;
3328         int result;
3329
3330         if (rq->cmd_flags & REQ_DISCARD)
3331                 op_type = OBJ_OP_DISCARD;
3332         else if (rq->cmd_flags & REQ_WRITE)
3333                 op_type = OBJ_OP_WRITE;
3334         else
3335                 op_type = OBJ_OP_READ;
3336
3337         /* Ignore/skip any zero-length requests */
3338
3339         if (!length) {
3340                 dout("%s: zero-length request\n", __func__);
3341                 result = 0;
3342                 goto err_rq;
3343         }
3344
3345         /* Only reads are allowed to a read-only device */
3346
3347         if (op_type != OBJ_OP_READ) {
3348                 if (rbd_dev->mapping.read_only) {
3349                         result = -EROFS;
3350                         goto err_rq;
3351                 }
3352                 rbd_assert(rbd_dev->spec->snap_id == CEPH_NOSNAP);
3353         }
3354
3355         /*
3356          * Quit early if the mapped snapshot no longer exists.  It's
3357          * still possible the snapshot will have disappeared by the
3358          * time our request arrives at the osd, but there's no sense in
3359          * sending it if we already know.
3360          */
3361         if (!test_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags)) {
3362                 dout("request for non-existent snapshot");
3363                 rbd_assert(rbd_dev->spec->snap_id != CEPH_NOSNAP);
3364                 result = -ENXIO;
3365                 goto err_rq;
3366         }
3367
3368         if (offset && length > U64_MAX - offset + 1) {
3369                 rbd_warn(rbd_dev, "bad request range (%llu~%llu)", offset,
3370                          length);
3371                 result = -EINVAL;
3372                 goto err_rq;    /* Shouldn't happen */
3373         }
3374
3375         down_read(&rbd_dev->header_rwsem);
3376         mapping_size = rbd_dev->mapping.size;
3377         if (op_type != OBJ_OP_READ) {
3378                 snapc = rbd_dev->header.snapc;
3379                 ceph_get_snap_context(snapc);
3380         }
3381         up_read(&rbd_dev->header_rwsem);
3382
3383         if (offset + length > mapping_size) {
3384                 rbd_warn(rbd_dev, "beyond EOD (%llu~%llu > %llu)", offset,
3385                          length, mapping_size);
3386                 result = -EIO;
3387                 goto err_rq;
3388         }
3389
3390         img_request = rbd_img_request_create(rbd_dev, offset, length, op_type,
3391                                              snapc);
3392         if (!img_request) {
3393                 result = -ENOMEM;
3394                 goto err_rq;
3395         }
3396         img_request->rq = rq;
3397         snapc = NULL; /* img_request consumes a ref */
3398
3399         if (op_type == OBJ_OP_DISCARD)
3400                 result = rbd_img_request_fill(img_request, OBJ_REQUEST_NODATA,
3401                                               NULL);
3402         else
3403                 result = rbd_img_request_fill(img_request, OBJ_REQUEST_BIO,
3404                                               rq->bio);
3405         if (result)
3406                 goto err_img_request;
3407
3408         result = rbd_img_request_submit(img_request);
3409         if (result)
3410                 goto err_img_request;
3411
3412         return;
3413
3414 err_img_request:
3415         rbd_img_request_put(img_request);
3416 err_rq:
3417         if (result)
3418                 rbd_warn(rbd_dev, "%s %llx at %llx result %d",
3419                          obj_op_name(op_type), length, offset, result);
3420         if (snapc)
3421                 ceph_put_snap_context(snapc);
3422         blk_end_request_all(rq, result);
3423 }
3424
3425 static void rbd_request_workfn(struct work_struct *work)
3426 {
3427         struct rbd_device *rbd_dev =
3428             container_of(work, struct rbd_device, rq_work);
3429         struct request *rq, *next;
3430         LIST_HEAD(requests);
3431
3432         spin_lock_irq(&rbd_dev->lock); /* rq->q->queue_lock */
3433         list_splice_init(&rbd_dev->rq_queue, &requests);
3434         spin_unlock_irq(&rbd_dev->lock);
3435
3436         list_for_each_entry_safe(rq, next, &requests, queuelist) {
3437                 list_del_init(&rq->queuelist);
3438                 rbd_handle_request(rbd_dev, rq);
3439         }
3440 }
3441
3442 /*
3443  * Called with q->queue_lock held and interrupts disabled, possibly on
3444  * the way to schedule().  Do not sleep here!
3445  */
3446 static void rbd_request_fn(struct request_queue *q)
3447 {
3448         struct rbd_device *rbd_dev = q->queuedata;
3449         struct request *rq;
3450         int queued = 0;
3451
3452         rbd_assert(rbd_dev);
3453
3454         while ((rq = blk_fetch_request(q))) {
3455                 /* Ignore any non-FS requests that filter through. */
3456                 if (rq->cmd_type != REQ_TYPE_FS) {
3457                         dout("%s: non-fs request type %d\n", __func__,
3458                                 (int) rq->cmd_type);
3459                         __blk_end_request_all(rq, 0);
3460                         continue;
3461                 }
3462
3463                 list_add_tail(&rq->queuelist, &rbd_dev->rq_queue);
3464                 queued++;
3465         }
3466
3467         if (queued)
3468                 queue_work(rbd_wq, &rbd_dev->rq_work);
3469 }
3470
3471 /*
3472  * a queue callback. Makes sure that we don't create a bio that spans across
3473  * multiple osd objects. One exception would be with a single page bios,
3474  * which we handle later at bio_chain_clone_range()
3475  */
3476 static int rbd_merge_bvec(struct request_queue *q, struct bvec_merge_data *bmd,
3477                           struct bio_vec *bvec)
3478 {
3479         struct rbd_device *rbd_dev = q->queuedata;
3480         sector_t sector_offset;
3481         sector_t sectors_per_obj;
3482         sector_t obj_sector_offset;
3483         int ret;
3484
3485         /*
3486          * Find how far into its rbd object the partition-relative
3487          * bio start sector is to offset relative to the enclosing
3488          * device.
3489          */
3490         sector_offset = get_start_sect(bmd->bi_bdev) + bmd->bi_sector;
3491         sectors_per_obj = 1 << (rbd_dev->header.obj_order - SECTOR_SHIFT);
3492         obj_sector_offset = sector_offset & (sectors_per_obj - 1);
3493
3494         /*
3495          * Compute the number of bytes from that offset to the end
3496          * of the object.  Account for what's already used by the bio.
3497          */
3498         ret = (int) (sectors_per_obj - obj_sector_offset) << SECTOR_SHIFT;
3499         if (ret > bmd->bi_size)
3500                 ret -= bmd->bi_size;
3501         else
3502                 ret = 0;
3503
3504         /*
3505          * Don't send back more than was asked for.  And if the bio
3506          * was empty, let the whole thing through because:  "Note
3507          * that a block device *must* allow a single page to be
3508          * added to an empty bio."
3509          */
3510         rbd_assert(bvec->bv_len <= PAGE_SIZE);
3511         if (ret > (int) bvec->bv_len || !bmd->bi_size)
3512                 ret = (int) bvec->bv_len;
3513
3514         return ret;
3515 }
3516
3517 static void rbd_free_disk(struct rbd_device *rbd_dev)
3518 {
3519         struct gendisk *disk = rbd_dev->disk;
3520
3521         if (!disk)
3522                 return;
3523
3524         rbd_dev->disk = NULL;
3525         if (disk->flags & GENHD_FL_UP) {
3526                 del_gendisk(disk);
3527                 if (disk->queue)
3528                         blk_cleanup_queue(disk->queue);
3529         }
3530         put_disk(disk);
3531 }
3532
3533 static int rbd_obj_read_sync(struct rbd_device *rbd_dev,
3534                                 const char *object_name,
3535                                 u64 offset, u64 length, void *buf)
3536
3537 {
3538         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3539         struct rbd_obj_request *obj_request;
3540         struct page **pages = NULL;
3541         u32 page_count;
3542         size_t size;
3543         int ret;
3544
3545         page_count = (u32) calc_pages_for(offset, length);
3546         pages = ceph_alloc_page_vector(page_count, GFP_KERNEL);
3547         if (IS_ERR(pages))
3548                 return PTR_ERR(pages);
3549
3550         ret = -ENOMEM;
3551         obj_request = rbd_obj_request_create(object_name, offset, length,
3552                                                         OBJ_REQUEST_PAGES);
3553         if (!obj_request)
3554                 goto out;
3555
3556         obj_request->pages = pages;
3557         obj_request->page_count = page_count;
3558
3559         obj_request->osd_req = rbd_osd_req_create(rbd_dev, OBJ_OP_READ, 1,
3560                                                   obj_request);
3561         if (!obj_request->osd_req)
3562                 goto out;
3563
3564         osd_req_op_extent_init(obj_request->osd_req, 0, CEPH_OSD_OP_READ,
3565                                         offset, length, 0, 0);
3566         osd_req_op_extent_osd_data_pages(obj_request->osd_req, 0,
3567                                         obj_request->pages,
3568                                         obj_request->length,
3569                                         obj_request->offset & ~PAGE_MASK,
3570                                         false, false);
3571         rbd_osd_req_format_read(obj_request);
3572
3573         ret = rbd_obj_request_submit(osdc, obj_request);
3574         if (ret)
3575                 goto out;
3576         ret = rbd_obj_request_wait(obj_request);
3577         if (ret)
3578                 goto out;
3579
3580         ret = obj_request->result;
3581         if (ret < 0)
3582                 goto out;
3583
3584         rbd_assert(obj_request->xferred <= (u64) SIZE_MAX);
3585         size = (size_t) obj_request->xferred;
3586         ceph_copy_from_page_vector(pages, buf, 0, size);
3587         rbd_assert(size <= (size_t)INT_MAX);
3588         ret = (int)size;
3589 out:
3590         if (obj_request)
3591                 rbd_obj_request_put(obj_request);
3592         else
3593                 ceph_release_page_vector(pages, page_count);
3594
3595         return ret;
3596 }
3597
3598 /*
3599  * Read the complete header for the given rbd device.  On successful
3600  * return, the rbd_dev->header field will contain up-to-date
3601  * information about the image.
3602  */
3603 static int rbd_dev_v1_header_info(struct rbd_device *rbd_dev)
3604 {
3605         struct rbd_image_header_ondisk *ondisk = NULL;
3606         u32 snap_count = 0;
3607         u64 names_size = 0;
3608         u32 want_count;
3609         int ret;
3610
3611         /*
3612          * The complete header will include an array of its 64-bit
3613          * snapshot ids, followed by the names of those snapshots as
3614          * a contiguous block of NUL-terminated strings.  Note that
3615          * the number of snapshots could change by the time we read
3616          * it in, in which case we re-read it.
3617          */
3618         do {
3619                 size_t size;
3620
3621                 kfree(ondisk);
3622
3623                 size = sizeof (*ondisk);
3624                 size += snap_count * sizeof (struct rbd_image_snap_ondisk);
3625                 size += names_size;
3626                 ondisk = kmalloc(size, GFP_KERNEL);
3627                 if (!ondisk)
3628                         return -ENOMEM;
3629
3630                 ret = rbd_obj_read_sync(rbd_dev, rbd_dev->header_name,
3631                                        0, size, ondisk);
3632                 if (ret < 0)
3633                         goto out;
3634                 if ((size_t)ret < size) {
3635                         ret = -ENXIO;
3636                         rbd_warn(rbd_dev, "short header read (want %zd got %d)",
3637                                 size, ret);
3638                         goto out;
3639                 }
3640                 if (!rbd_dev_ondisk_valid(ondisk)) {
3641                         ret = -ENXIO;
3642                         rbd_warn(rbd_dev, "invalid header");
3643                         goto out;
3644                 }
3645
3646                 names_size = le64_to_cpu(ondisk->snap_names_len);
3647                 want_count = snap_count;
3648                 snap_count = le32_to_cpu(ondisk->snap_count);
3649         } while (snap_count != want_count);
3650
3651         ret = rbd_header_from_disk(rbd_dev, ondisk);
3652 out:
3653         kfree(ondisk);
3654
3655         return ret;
3656 }
3657
3658 /*
3659  * Clear the rbd device's EXISTS flag if the snapshot it's mapped to
3660  * has disappeared from the (just updated) snapshot context.
3661  */
3662 static void rbd_exists_validate(struct rbd_device *rbd_dev)
3663 {
3664         u64 snap_id;
3665
3666         if (!test_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags))
3667                 return;
3668
3669         snap_id = rbd_dev->spec->snap_id;
3670         if (snap_id == CEPH_NOSNAP)
3671                 return;
3672
3673         if (rbd_dev_snap_index(rbd_dev, snap_id) == BAD_SNAP_INDEX)
3674                 clear_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags);
3675 }
3676
3677 static void rbd_dev_update_size(struct rbd_device *rbd_dev)
3678 {
3679         sector_t size;
3680         bool removing;
3681
3682         /*
3683          * Don't hold the lock while doing disk operations,
3684          * or lock ordering will conflict with the bdev mutex via:
3685          * rbd_add() -> blkdev_get() -> rbd_open()
3686          */
3687         spin_lock_irq(&rbd_dev->lock);
3688         removing = test_bit(RBD_DEV_FLAG_REMOVING, &rbd_dev->flags);
3689         spin_unlock_irq(&rbd_dev->lock);
3690         /*
3691          * If the device is being removed, rbd_dev->disk has
3692          * been destroyed, so don't try to update its size
3693          */
3694         if (!removing) {
3695                 size = (sector_t)rbd_dev->mapping.size / SECTOR_SIZE;
3696                 dout("setting size to %llu sectors", (unsigned long long)size);
3697                 set_capacity(rbd_dev->disk, size);
3698                 revalidate_disk(rbd_dev->disk);
3699         }
3700 }
3701
3702 static int rbd_dev_refresh(struct rbd_device *rbd_dev)
3703 {
3704         u64 mapping_size;
3705         int ret;
3706
3707         down_write(&rbd_dev->header_rwsem);
3708         mapping_size = rbd_dev->mapping.size;
3709
3710         ret = rbd_dev_header_info(rbd_dev);
3711         if (ret)
3712                 return ret;
3713
3714         /*
3715          * If there is a parent, see if it has disappeared due to the
3716          * mapped image getting flattened.
3717          */
3718         if (rbd_dev->parent) {
3719                 ret = rbd_dev_v2_parent_info(rbd_dev);
3720                 if (ret)
3721                         return ret;
3722         }
3723
3724         if (rbd_dev->spec->snap_id == CEPH_NOSNAP) {
3725                 if (rbd_dev->mapping.size != rbd_dev->header.image_size)
3726                         rbd_dev->mapping.size = rbd_dev->header.image_size;
3727         } else {
3728                 /* validate mapped snapshot's EXISTS flag */
3729                 rbd_exists_validate(rbd_dev);
3730         }
3731
3732         up_write(&rbd_dev->header_rwsem);
3733
3734         if (mapping_size != rbd_dev->mapping.size)
3735                 rbd_dev_update_size(rbd_dev);
3736
3737         return 0;
3738 }
3739
3740 static int rbd_init_disk(struct rbd_device *rbd_dev)
3741 {
3742         struct gendisk *disk;
3743         struct request_queue *q;
3744         u64 segment_size;
3745
3746         /* create gendisk info */
3747         disk = alloc_disk(single_major ?
3748                           (1 << RBD_SINGLE_MAJOR_PART_SHIFT) :
3749                           RBD_MINORS_PER_MAJOR);
3750         if (!disk)
3751                 return -ENOMEM;
3752
3753         snprintf(disk->disk_name, sizeof(disk->disk_name), RBD_DRV_NAME "%d",
3754                  rbd_dev->dev_id);
3755         disk->major = rbd_dev->major;
3756         disk->first_minor = rbd_dev->minor;
3757         if (single_major)
3758                 disk->flags |= GENHD_FL_EXT_DEVT;
3759         disk->fops = &rbd_bd_ops;
3760         disk->private_data = rbd_dev;
3761
3762         q = blk_init_queue(rbd_request_fn, &rbd_dev->lock);
3763         if (!q)
3764                 goto out_disk;
3765
3766         /* We use the default size, but let's be explicit about it. */
3767         blk_queue_physical_block_size(q, SECTOR_SIZE);
3768
3769         /* set io sizes to object size */
3770         segment_size = rbd_obj_bytes(&rbd_dev->header);
3771         blk_queue_max_hw_sectors(q, segment_size / SECTOR_SIZE);
3772         blk_queue_max_segment_size(q, segment_size);
3773         blk_queue_io_min(q, segment_size);
3774         blk_queue_io_opt(q, segment_size);
3775
3776         /* enable the discard support */
3777         queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, q);
3778         q->limits.discard_granularity = segment_size;
3779         q->limits.discard_alignment = segment_size;
3780         q->limits.max_discard_sectors = segment_size / SECTOR_SIZE;
3781         q->limits.discard_zeroes_data = 1;
3782
3783         blk_queue_merge_bvec(q, rbd_merge_bvec);
3784         if (!ceph_test_opt(rbd_dev->rbd_client->client, NOCRC))
3785                 q->backing_dev_info.capabilities |= BDI_CAP_STABLE_WRITES;
3786
3787         disk->queue = q;
3788
3789         q->queuedata = rbd_dev;
3790
3791         rbd_dev->disk = disk;
3792
3793         return 0;
3794 out_disk:
3795         put_disk(disk);
3796
3797         return -ENOMEM;
3798 }
3799
3800 /*
3801   sysfs
3802 */
3803
3804 static struct rbd_device *dev_to_rbd_dev(struct device *dev)
3805 {
3806         return container_of(dev, struct rbd_device, dev);
3807 }
3808
3809 static ssize_t rbd_size_show(struct device *dev,
3810                              struct device_attribute *attr, char *buf)
3811 {
3812         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3813
3814         return sprintf(buf, "%llu\n",
3815                 (unsigned long long)rbd_dev->mapping.size);
3816 }
3817
3818 /*
3819  * Note this shows the features for whatever's mapped, which is not
3820  * necessarily the base image.
3821  */
3822 static ssize_t rbd_features_show(struct device *dev,
3823                              struct device_attribute *attr, char *buf)
3824 {
3825         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3826
3827         return sprintf(buf, "0x%016llx\n",
3828                         (unsigned long long)rbd_dev->mapping.features);
3829 }
3830
3831 static ssize_t rbd_major_show(struct device *dev,
3832                               struct device_attribute *attr, char *buf)
3833 {
3834         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3835
3836         if (rbd_dev->major)
3837                 return sprintf(buf, "%d\n", rbd_dev->major);
3838
3839         return sprintf(buf, "(none)\n");
3840 }
3841
3842 static ssize_t rbd_minor_show(struct device *dev,
3843                               struct device_attribute *attr, char *buf)
3844 {
3845         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3846
3847         return sprintf(buf, "%d\n", rbd_dev->minor);
3848 }
3849
3850 static ssize_t rbd_client_id_show(struct device *dev,
3851                                   struct device_attribute *attr, char *buf)
3852 {
3853         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3854
3855         return sprintf(buf, "client%lld\n",
3856                         ceph_client_id(rbd_dev->rbd_client->client));
3857 }
3858
3859 static ssize_t rbd_pool_show(struct device *dev,
3860                              struct device_attribute *attr, char *buf)
3861 {
3862         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3863
3864         return sprintf(buf, "%s\n", rbd_dev->spec->pool_name);
3865 }
3866
3867 static ssize_t rbd_pool_id_show(struct device *dev,
3868                              struct device_attribute *attr, char *buf)
3869 {
3870         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3871
3872         return sprintf(buf, "%llu\n",
3873                         (unsigned long long) rbd_dev->spec->pool_id);
3874 }
3875
3876 static ssize_t rbd_name_show(struct device *dev,
3877                              struct device_attribute *attr, char *buf)
3878 {
3879         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3880
3881         if (rbd_dev->spec->image_name)
3882                 return sprintf(buf, "%s\n", rbd_dev->spec->image_name);
3883
3884         return sprintf(buf, "(unknown)\n");
3885 }
3886
3887 static ssize_t rbd_image_id_show(struct device *dev,
3888                              struct device_attribute *attr, char *buf)
3889 {
3890         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3891
3892         return sprintf(buf, "%s\n", rbd_dev->spec->image_id);
3893 }
3894
3895 /*
3896  * Shows the name of the currently-mapped snapshot (or
3897  * RBD_SNAP_HEAD_NAME for the base image).
3898  */
3899 static ssize_t rbd_snap_show(struct device *dev,
3900                              struct device_attribute *attr,
3901                              char *buf)
3902 {
3903         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3904
3905         return sprintf(buf, "%s\n", rbd_dev->spec->snap_name);
3906 }
3907
3908 /*
3909  * For a v2 image, shows the chain of parent images, separated by empty
3910  * lines.  For v1 images or if there is no parent, shows "(no parent
3911  * image)".
3912  */
3913 static ssize_t rbd_parent_show(struct device *dev,
3914                                struct device_attribute *attr,
3915                                char *buf)
3916 {
3917         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3918         ssize_t count = 0;
3919
3920         if (!rbd_dev->parent)
3921                 return sprintf(buf, "(no parent image)\n");
3922
3923         for ( ; rbd_dev->parent; rbd_dev = rbd_dev->parent) {
3924                 struct rbd_spec *spec = rbd_dev->parent_spec;
3925
3926                 count += sprintf(&buf[count], "%s"
3927                             "pool_id %llu\npool_name %s\n"
3928                             "image_id %s\nimage_name %s\n"
3929                             "snap_id %llu\nsnap_name %s\n"
3930                             "overlap %llu\n",
3931                             !count ? "" : "\n", /* first? */
3932                             spec->pool_id, spec->pool_name,
3933                             spec->image_id, spec->image_name ?: "(unknown)",
3934                             spec->snap_id, spec->snap_name,
3935                             rbd_dev->parent_overlap);
3936         }
3937
3938         return count;
3939 }
3940
3941 static ssize_t rbd_image_refresh(struct device *dev,
3942                                  struct device_attribute *attr,
3943                                  const char *buf,
3944                                  size_t size)
3945 {
3946         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3947         int ret;
3948
3949         ret = rbd_dev_refresh(rbd_dev);
3950         if (ret)
3951                 return ret;
3952
3953         return size;
3954 }
3955
3956 static DEVICE_ATTR(size, S_IRUGO, rbd_size_show, NULL);
3957 static DEVICE_ATTR(features, S_IRUGO, rbd_features_show, NULL);
3958 static DEVICE_ATTR(major, S_IRUGO, rbd_major_show, NULL);
3959 static DEVICE_ATTR(minor, S_IRUGO, rbd_minor_show, NULL);
3960 static DEVICE_ATTR(client_id, S_IRUGO, rbd_client_id_show, NULL);
3961 static DEVICE_ATTR(pool, S_IRUGO, rbd_pool_show, NULL);
3962 static DEVICE_ATTR(pool_id, S_IRUGO, rbd_pool_id_show, NULL);
3963 static DEVICE_ATTR(name, S_IRUGO, rbd_name_show, NULL);
3964 static DEVICE_ATTR(image_id, S_IRUGO, rbd_image_id_show, NULL);
3965 static DEVICE_ATTR(refresh, S_IWUSR, NULL, rbd_image_refresh);
3966 static DEVICE_ATTR(current_snap, S_IRUGO, rbd_snap_show, NULL);
3967 static DEVICE_ATTR(parent, S_IRUGO, rbd_parent_show, NULL);
3968
3969 static struct attribute *rbd_attrs[] = {
3970         &dev_attr_size.attr,
3971         &dev_attr_features.attr,
3972         &dev_attr_major.attr,
3973         &dev_attr_minor.attr,
3974         &dev_attr_client_id.attr,
3975         &dev_attr_pool.attr,
3976         &dev_attr_pool_id.attr,
3977         &dev_attr_name.attr,
3978         &dev_attr_image_id.attr,
3979         &dev_attr_current_snap.attr,
3980         &dev_attr_parent.attr,
3981         &dev_attr_refresh.attr,
3982         NULL
3983 };
3984
3985 static struct attribute_group rbd_attr_group = {
3986         .attrs = rbd_attrs,
3987 };
3988
3989 static const struct attribute_group *rbd_attr_groups[] = {
3990         &rbd_attr_group,
3991         NULL
3992 };
3993
3994 static void rbd_sysfs_dev_release(struct device *dev)
3995 {
3996 }
3997
3998 static struct device_type rbd_device_type = {
3999         .name           = "rbd",
4000         .groups         = rbd_attr_groups,
4001         .release        = rbd_sysfs_dev_release,
4002 };
4003
4004 static struct rbd_spec *rbd_spec_get(struct rbd_spec *spec)
4005 {
4006         kref_get(&spec->kref);
4007
4008         return spec;
4009 }
4010
4011 static void rbd_spec_free(struct kref *kref);
4012 static void rbd_spec_put(struct rbd_spec *spec)
4013 {
4014         if (spec)
4015                 kref_put(&spec->kref, rbd_spec_free);
4016 }
4017
4018 static struct rbd_spec *rbd_spec_alloc(void)
4019 {
4020         struct rbd_spec *spec;
4021
4022         spec = kzalloc(sizeof (*spec), GFP_KERNEL);
4023         if (!spec)
4024                 return NULL;
4025
4026         spec->pool_id = CEPH_NOPOOL;
4027         spec->snap_id = CEPH_NOSNAP;
4028         kref_init(&spec->kref);
4029
4030         return spec;
4031 }
4032
4033 static void rbd_spec_free(struct kref *kref)
4034 {
4035         struct rbd_spec *spec = container_of(kref, struct rbd_spec, kref);
4036
4037         kfree(spec->pool_name);
4038         kfree(spec->image_id);
4039         kfree(spec->image_name);
4040         kfree(spec->snap_name);
4041         kfree(spec);
4042 }
4043
4044 static struct rbd_device *rbd_dev_create(struct rbd_client *rbdc,
4045                                 struct rbd_spec *spec)
4046 {
4047         struct rbd_device *rbd_dev;
4048
4049         rbd_dev = kzalloc(sizeof (*rbd_dev), GFP_KERNEL);
4050         if (!rbd_dev)
4051                 return NULL;
4052
4053         spin_lock_init(&rbd_dev->lock);
4054         INIT_LIST_HEAD(&rbd_dev->rq_queue);
4055         INIT_WORK(&rbd_dev->rq_work, rbd_request_workfn);
4056         rbd_dev->flags = 0;
4057         atomic_set(&rbd_dev->parent_ref, 0);
4058         INIT_LIST_HEAD(&rbd_dev->node);
4059         init_rwsem(&rbd_dev->header_rwsem);
4060
4061         rbd_dev->spec = spec;
4062         rbd_dev->rbd_client = rbdc;
4063
4064         /* Initialize the layout used for all rbd requests */
4065
4066         rbd_dev->layout.fl_stripe_unit = cpu_to_le32(1 << RBD_MAX_OBJ_ORDER);
4067         rbd_dev->layout.fl_stripe_count = cpu_to_le32(1);
4068         rbd_dev->layout.fl_object_size = cpu_to_le32(1 << RBD_MAX_OBJ_ORDER);
4069         rbd_dev->layout.fl_pg_pool = cpu_to_le32((u32) spec->pool_id);
4070
4071         return rbd_dev;
4072 }
4073
4074 static void rbd_dev_destroy(struct rbd_device *rbd_dev)
4075 {
4076         rbd_put_client(rbd_dev->rbd_client);
4077         rbd_spec_put(rbd_dev->spec);
4078         kfree(rbd_dev);
4079 }
4080
4081 /*
4082  * Get the size and object order for an image snapshot, or if
4083  * snap_id is CEPH_NOSNAP, gets this information for the base
4084  * image.
4085  */
4086 static int _rbd_dev_v2_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
4087                                 u8 *order, u64 *snap_size)
4088 {
4089         __le64 snapid = cpu_to_le64(snap_id);
4090         int ret;
4091         struct {
4092                 u8 order;
4093                 __le64 size;
4094         } __attribute__ ((packed)) size_buf = { 0 };
4095
4096         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4097                                 "rbd", "get_size",
4098                                 &snapid, sizeof (snapid),
4099                                 &size_buf, sizeof (size_buf));
4100         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4101         if (ret < 0)
4102                 return ret;
4103         if (ret < sizeof (size_buf))
4104                 return -ERANGE;
4105
4106         if (order) {
4107                 *order = size_buf.order;
4108                 dout("  order %u", (unsigned int)*order);
4109         }
4110         *snap_size = le64_to_cpu(size_buf.size);
4111
4112         dout("  snap_id 0x%016llx snap_size = %llu\n",
4113                 (unsigned long long)snap_id,
4114                 (unsigned long long)*snap_size);
4115
4116         return 0;
4117 }
4118
4119 static int rbd_dev_v2_image_size(struct rbd_device *rbd_dev)
4120 {
4121         return _rbd_dev_v2_snap_size(rbd_dev, CEPH_NOSNAP,
4122                                         &rbd_dev->header.obj_order,
4123                                         &rbd_dev->header.image_size);
4124 }
4125
4126 static int rbd_dev_v2_object_prefix(struct rbd_device *rbd_dev)
4127 {
4128         void *reply_buf;
4129         int ret;
4130         void *p;
4131
4132         reply_buf = kzalloc(RBD_OBJ_PREFIX_LEN_MAX, GFP_KERNEL);
4133         if (!reply_buf)
4134                 return -ENOMEM;
4135
4136         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4137                                 "rbd", "get_object_prefix", NULL, 0,
4138                                 reply_buf, RBD_OBJ_PREFIX_LEN_MAX);
4139         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4140         if (ret < 0)
4141                 goto out;
4142
4143         p = reply_buf;
4144         rbd_dev->header.object_prefix = ceph_extract_encoded_string(&p,
4145                                                 p + ret, NULL, GFP_NOIO);
4146         ret = 0;
4147
4148         if (IS_ERR(rbd_dev->header.object_prefix)) {
4149                 ret = PTR_ERR(rbd_dev->header.object_prefix);
4150                 rbd_dev->header.object_prefix = NULL;
4151         } else {
4152                 dout("  object_prefix = %s\n", rbd_dev->header.object_prefix);
4153         }
4154 out:
4155         kfree(reply_buf);
4156
4157         return ret;
4158 }
4159
4160 static int _rbd_dev_v2_snap_features(struct rbd_device *rbd_dev, u64 snap_id,
4161                 u64 *snap_features)
4162 {
4163         __le64 snapid = cpu_to_le64(snap_id);
4164         struct {
4165                 __le64 features;
4166                 __le64 incompat;
4167         } __attribute__ ((packed)) features_buf = { 0 };
4168         u64 incompat;
4169         int ret;
4170
4171         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4172                                 "rbd", "get_features",
4173                                 &snapid, sizeof (snapid),
4174                                 &features_buf, sizeof (features_buf));
4175         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4176         if (ret < 0)
4177                 return ret;
4178         if (ret < sizeof (features_buf))
4179                 return -ERANGE;
4180
4181         incompat = le64_to_cpu(features_buf.incompat);
4182         if (incompat & ~RBD_FEATURES_SUPPORTED)
4183                 return -ENXIO;
4184
4185         *snap_features = le64_to_cpu(features_buf.features);
4186
4187         dout("  snap_id 0x%016llx features = 0x%016llx incompat = 0x%016llx\n",
4188                 (unsigned long long)snap_id,
4189                 (unsigned long long)*snap_features,
4190                 (unsigned long long)le64_to_cpu(features_buf.incompat));
4191
4192         return 0;
4193 }
4194
4195 static int rbd_dev_v2_features(struct rbd_device *rbd_dev)
4196 {
4197         return _rbd_dev_v2_snap_features(rbd_dev, CEPH_NOSNAP,
4198                                                 &rbd_dev->header.features);
4199 }
4200
4201 static int rbd_dev_v2_parent_info(struct rbd_device *rbd_dev)
4202 {
4203         struct rbd_spec *parent_spec;
4204         size_t size;
4205         void *reply_buf = NULL;
4206         __le64 snapid;
4207         void *p;
4208         void *end;
4209         u64 pool_id;
4210         char *image_id;
4211         u64 snap_id;
4212         u64 overlap;
4213         int ret;
4214
4215         parent_spec = rbd_spec_alloc();
4216         if (!parent_spec)
4217                 return -ENOMEM;
4218
4219         size = sizeof (__le64) +                                /* pool_id */
4220                 sizeof (__le32) + RBD_IMAGE_ID_LEN_MAX +        /* image_id */
4221                 sizeof (__le64) +                               /* snap_id */
4222                 sizeof (__le64);                                /* overlap */
4223         reply_buf = kmalloc(size, GFP_KERNEL);
4224         if (!reply_buf) {
4225                 ret = -ENOMEM;
4226                 goto out_err;
4227         }
4228
4229         snapid = cpu_to_le64(rbd_dev->spec->snap_id);
4230         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4231                                 "rbd", "get_parent",
4232                                 &snapid, sizeof (snapid),
4233                                 reply_buf, size);
4234         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4235         if (ret < 0)
4236                 goto out_err;
4237
4238         p = reply_buf;
4239         end = reply_buf + ret;
4240         ret = -ERANGE;
4241         ceph_decode_64_safe(&p, end, pool_id, out_err);
4242         if (pool_id == CEPH_NOPOOL) {
4243                 /*
4244                  * Either the parent never existed, or we have
4245                  * record of it but the image got flattened so it no
4246                  * longer has a parent.  When the parent of a
4247                  * layered image disappears we immediately set the
4248                  * overlap to 0.  The effect of this is that all new
4249                  * requests will be treated as if the image had no
4250                  * parent.
4251                  */
4252                 if (rbd_dev->parent_overlap) {
4253                         rbd_dev->parent_overlap = 0;
4254                         rbd_dev_parent_put(rbd_dev);
4255                         pr_info("%s: clone image has been flattened\n",
4256                                 rbd_dev->disk->disk_name);
4257                 }
4258
4259                 goto out;       /* No parent?  No problem. */
4260         }
4261
4262         /* The ceph file layout needs to fit pool id in 32 bits */
4263
4264         ret = -EIO;
4265         if (pool_id > (u64)U32_MAX) {
4266                 rbd_warn(NULL, "parent pool id too large (%llu > %u)",
4267                         (unsigned long long)pool_id, U32_MAX);
4268                 goto out_err;
4269         }
4270
4271         image_id = ceph_extract_encoded_string(&p, end, NULL, GFP_KERNEL);
4272         if (IS_ERR(image_id)) {
4273                 ret = PTR_ERR(image_id);
4274                 goto out_err;
4275         }
4276         ceph_decode_64_safe(&p, end, snap_id, out_err);
4277         ceph_decode_64_safe(&p, end, overlap, out_err);
4278
4279         /*
4280          * The parent won't change (except when the clone is
4281          * flattened, already handled that).  So we only need to
4282          * record the parent spec we have not already done so.
4283          */
4284         if (!rbd_dev->parent_spec) {
4285                 parent_spec->pool_id = pool_id;
4286                 parent_spec->image_id = image_id;
4287                 parent_spec->snap_id = snap_id;
4288                 rbd_dev->parent_spec = parent_spec;
4289                 parent_spec = NULL;     /* rbd_dev now owns this */
4290         } else {
4291                 kfree(image_id);
4292         }
4293
4294         /*
4295          * We always update the parent overlap.  If it's zero we
4296          * treat it specially.
4297          */
4298         rbd_dev->parent_overlap = overlap;
4299         if (!overlap) {
4300
4301                 /* A null parent_spec indicates it's the initial probe */
4302
4303                 if (parent_spec) {
4304                         /*
4305                          * The overlap has become zero, so the clone
4306                          * must have been resized down to 0 at some
4307                          * point.  Treat this the same as a flatten.
4308                          */
4309                         rbd_dev_parent_put(rbd_dev);
4310                         pr_info("%s: clone image now standalone\n",
4311                                 rbd_dev->disk->disk_name);
4312                 } else {
4313                         /*
4314                          * For the initial probe, if we find the
4315                          * overlap is zero we just pretend there was
4316                          * no parent image.
4317                          */
4318                         rbd_warn(rbd_dev, "ignoring parent with overlap 0");
4319                 }
4320         }
4321 out:
4322         ret = 0;
4323 out_err:
4324         kfree(reply_buf);
4325         rbd_spec_put(parent_spec);
4326
4327         return ret;
4328 }
4329
4330 static int rbd_dev_v2_striping_info(struct rbd_device *rbd_dev)
4331 {
4332         struct {
4333                 __le64 stripe_unit;
4334                 __le64 stripe_count;
4335         } __attribute__ ((packed)) striping_info_buf = { 0 };
4336         size_t size = sizeof (striping_info_buf);
4337         void *p;
4338         u64 obj_size;
4339         u64 stripe_unit;
4340         u64 stripe_count;
4341         int ret;
4342
4343         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4344                                 "rbd", "get_stripe_unit_count", NULL, 0,
4345                                 (char *)&striping_info_buf, size);
4346         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4347         if (ret < 0)
4348                 return ret;
4349         if (ret < size)
4350                 return -ERANGE;
4351
4352         /*
4353          * We don't actually support the "fancy striping" feature
4354          * (STRIPINGV2) yet, but if the striping sizes are the
4355          * defaults the behavior is the same as before.  So find
4356          * out, and only fail if the image has non-default values.
4357          */
4358         ret = -EINVAL;
4359         obj_size = (u64)1 << rbd_dev->header.obj_order;
4360         p = &striping_info_buf;
4361         stripe_unit = ceph_decode_64(&p);
4362         if (stripe_unit != obj_size) {
4363                 rbd_warn(rbd_dev, "unsupported stripe unit "
4364                                 "(got %llu want %llu)",
4365                                 stripe_unit, obj_size);
4366                 return -EINVAL;
4367         }
4368         stripe_count = ceph_decode_64(&p);
4369         if (stripe_count != 1) {
4370                 rbd_warn(rbd_dev, "unsupported stripe count "
4371                                 "(got %llu want 1)", stripe_count);
4372                 return -EINVAL;
4373         }
4374         rbd_dev->header.stripe_unit = stripe_unit;
4375         rbd_dev->header.stripe_count = stripe_count;
4376
4377         return 0;
4378 }
4379
4380 static char *rbd_dev_image_name(struct rbd_device *rbd_dev)
4381 {
4382         size_t image_id_size;
4383         char *image_id;
4384         void *p;
4385         void *end;
4386         size_t size;
4387         void *reply_buf = NULL;
4388         size_t len = 0;
4389         char *image_name = NULL;
4390         int ret;
4391
4392         rbd_assert(!rbd_dev->spec->image_name);
4393
4394         len = strlen(rbd_dev->spec->image_id);
4395         image_id_size = sizeof (__le32) + len;
4396         image_id = kmalloc(image_id_size, GFP_KERNEL);
4397         if (!image_id)
4398                 return NULL;
4399
4400         p = image_id;
4401         end = image_id + image_id_size;
4402         ceph_encode_string(&p, end, rbd_dev->spec->image_id, (u32)len);
4403
4404         size = sizeof (__le32) + RBD_IMAGE_NAME_LEN_MAX;
4405         reply_buf = kmalloc(size, GFP_KERNEL);
4406         if (!reply_buf)
4407                 goto out;
4408
4409         ret = rbd_obj_method_sync(rbd_dev, RBD_DIRECTORY,
4410                                 "rbd", "dir_get_name",
4411                                 image_id, image_id_size,
4412                                 reply_buf, size);
4413         if (ret < 0)
4414                 goto out;
4415         p = reply_buf;
4416         end = reply_buf + ret;
4417
4418         image_name = ceph_extract_encoded_string(&p, end, &len, GFP_KERNEL);
4419         if (IS_ERR(image_name))
4420                 image_name = NULL;
4421         else
4422                 dout("%s: name is %s len is %zd\n", __func__, image_name, len);
4423 out:
4424         kfree(reply_buf);
4425         kfree(image_id);
4426
4427         return image_name;
4428 }
4429
4430 static u64 rbd_v1_snap_id_by_name(struct rbd_device *rbd_dev, const char *name)
4431 {
4432         struct ceph_snap_context *snapc = rbd_dev->header.snapc;
4433         const char *snap_name;
4434         u32 which = 0;
4435
4436         /* Skip over names until we find the one we are looking for */
4437
4438         snap_name = rbd_dev->header.snap_names;
4439         while (which < snapc->num_snaps) {
4440                 if (!strcmp(name, snap_name))
4441                         return snapc->snaps[which];
4442                 snap_name += strlen(snap_name) + 1;
4443                 which++;
4444         }
4445         return CEPH_NOSNAP;
4446 }
4447
4448 static u64 rbd_v2_snap_id_by_name(struct rbd_device *rbd_dev, const char *name)
4449 {
4450         struct ceph_snap_context *snapc = rbd_dev->header.snapc;
4451         u32 which;
4452         bool found = false;
4453         u64 snap_id;
4454
4455         for (which = 0; !found && which < snapc->num_snaps; which++) {
4456                 const char *snap_name;
4457
4458                 snap_id = snapc->snaps[which];
4459                 snap_name = rbd_dev_v2_snap_name(rbd_dev, snap_id);
4460                 if (IS_ERR(snap_name)) {
4461                         /* ignore no-longer existing snapshots */
4462                         if (PTR_ERR(snap_name) == -ENOENT)
4463                                 continue;
4464                         else
4465                                 break;
4466                 }
4467                 found = !strcmp(name, snap_name);
4468                 kfree(snap_name);
4469         }
4470         return found ? snap_id : CEPH_NOSNAP;
4471 }
4472
4473 /*
4474  * Assumes name is never RBD_SNAP_HEAD_NAME; returns CEPH_NOSNAP if
4475  * no snapshot by that name is found, or if an error occurs.
4476  */
4477 static u64 rbd_snap_id_by_name(struct rbd_device *rbd_dev, const char *name)
4478 {
4479         if (rbd_dev->image_format == 1)
4480                 return rbd_v1_snap_id_by_name(rbd_dev, name);
4481
4482         return rbd_v2_snap_id_by_name(rbd_dev, name);
4483 }
4484
4485 /*
4486  * An image being mapped will have everything but the snap id.
4487  */
4488 static int rbd_spec_fill_snap_id(struct rbd_device *rbd_dev)
4489 {
4490         struct rbd_spec *spec = rbd_dev->spec;
4491
4492         rbd_assert(spec->pool_id != CEPH_NOPOOL && spec->pool_name);
4493         rbd_assert(spec->image_id && spec->image_name);
4494         rbd_assert(spec->snap_name);
4495
4496         if (strcmp(spec->snap_name, RBD_SNAP_HEAD_NAME)) {
4497                 u64 snap_id;
4498
4499                 snap_id = rbd_snap_id_by_name(rbd_dev, spec->snap_name);
4500                 if (snap_id == CEPH_NOSNAP)
4501                         return -ENOENT;
4502
4503                 spec->snap_id = snap_id;
4504         } else {
4505                 spec->snap_id = CEPH_NOSNAP;
4506         }
4507
4508         return 0;
4509 }
4510
4511 /*
4512  * A parent image will have all ids but none of the names.
4513  *
4514  * All names in an rbd spec are dynamically allocated.  It's OK if we
4515  * can't figure out the name for an image id.
4516  */
4517 static int rbd_spec_fill_names(struct rbd_device *rbd_dev)
4518 {
4519         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
4520         struct rbd_spec *spec = rbd_dev->spec;
4521         const char *pool_name;
4522         const char *image_name;
4523         const char *snap_name;
4524         int ret;
4525
4526         rbd_assert(spec->pool_id != CEPH_NOPOOL);
4527         rbd_assert(spec->image_id);
4528         rbd_assert(spec->snap_id != CEPH_NOSNAP);
4529
4530         /* Get the pool name; we have to make our own copy of this */
4531
4532         pool_name = ceph_pg_pool_name_by_id(osdc->osdmap, spec->pool_id);
4533         if (!pool_name) {
4534                 rbd_warn(rbd_dev, "no pool with id %llu", spec->pool_id);
4535                 return -EIO;
4536         }
4537         pool_name = kstrdup(pool_name, GFP_KERNEL);
4538         if (!pool_name)
4539                 return -ENOMEM;
4540
4541         /* Fetch the image name; tolerate failure here */
4542
4543         image_name = rbd_dev_image_name(rbd_dev);
4544         if (!image_name)
4545                 rbd_warn(rbd_dev, "unable to get image name");
4546
4547         /* Fetch the snapshot name */
4548
4549         snap_name = rbd_snap_name(rbd_dev, spec->snap_id);
4550         if (IS_ERR(snap_name)) {
4551                 ret = PTR_ERR(snap_name);
4552                 goto out_err;
4553         }
4554
4555         spec->pool_name = pool_name;
4556         spec->image_name = image_name;
4557         spec->snap_name = snap_name;
4558
4559         return 0;
4560
4561 out_err:
4562         kfree(image_name);
4563         kfree(pool_name);
4564         return ret;
4565 }
4566
4567 static int rbd_dev_v2_snap_context(struct rbd_device *rbd_dev)
4568 {
4569         size_t size;
4570         int ret;
4571         void *reply_buf;
4572         void *p;
4573         void *end;
4574         u64 seq;
4575         u32 snap_count;
4576         struct ceph_snap_context *snapc;
4577         u32 i;
4578
4579         /*
4580          * We'll need room for the seq value (maximum snapshot id),
4581          * snapshot count, and array of that many snapshot ids.
4582          * For now we have a fixed upper limit on the number we're
4583          * prepared to receive.
4584          */
4585         size = sizeof (__le64) + sizeof (__le32) +
4586                         RBD_MAX_SNAP_COUNT * sizeof (__le64);
4587         reply_buf = kzalloc(size, GFP_KERNEL);
4588         if (!reply_buf)
4589                 return -ENOMEM;
4590
4591         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4592                                 "rbd", "get_snapcontext", NULL, 0,
4593                                 reply_buf, size);
4594         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4595         if (ret < 0)
4596                 goto out;
4597
4598         p = reply_buf;
4599         end = reply_buf + ret;
4600         ret = -ERANGE;
4601         ceph_decode_64_safe(&p, end, seq, out);
4602         ceph_decode_32_safe(&p, end, snap_count, out);
4603
4604         /*
4605          * Make sure the reported number of snapshot ids wouldn't go
4606          * beyond the end of our buffer.  But before checking that,
4607          * make sure the computed size of the snapshot context we
4608          * allocate is representable in a size_t.
4609          */
4610         if (snap_count > (SIZE_MAX - sizeof (struct ceph_snap_context))
4611                                  / sizeof (u64)) {
4612                 ret = -EINVAL;
4613                 goto out;
4614         }
4615         if (!ceph_has_room(&p, end, snap_count * sizeof (__le64)))
4616                 goto out;
4617         ret = 0;
4618
4619         snapc = ceph_create_snap_context(snap_count, GFP_KERNEL);
4620         if (!snapc) {
4621                 ret = -ENOMEM;
4622                 goto out;
4623         }
4624         snapc->seq = seq;
4625         for (i = 0; i < snap_count; i++)
4626                 snapc->snaps[i] = ceph_decode_64(&p);
4627
4628         ceph_put_snap_context(rbd_dev->header.snapc);
4629         rbd_dev->header.snapc = snapc;
4630
4631         dout("  snap context seq = %llu, snap_count = %u\n",
4632                 (unsigned long long)seq, (unsigned int)snap_count);
4633 out:
4634         kfree(reply_buf);
4635
4636         return ret;
4637 }
4638
4639 static const char *rbd_dev_v2_snap_name(struct rbd_device *rbd_dev,
4640                                         u64 snap_id)
4641 {
4642         size_t size;
4643         void *reply_buf;
4644         __le64 snapid;
4645         int ret;
4646         void *p;
4647         void *end;
4648         char *snap_name;
4649
4650         size = sizeof (__le32) + RBD_MAX_SNAP_NAME_LEN;
4651         reply_buf = kmalloc(size, GFP_KERNEL);
4652         if (!reply_buf)
4653                 return ERR_PTR(-ENOMEM);
4654
4655         snapid = cpu_to_le64(snap_id);
4656         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4657                                 "rbd", "get_snapshot_name",
4658                                 &snapid, sizeof (snapid),
4659                                 reply_buf, size);
4660         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4661         if (ret < 0) {
4662                 snap_name = ERR_PTR(ret);
4663                 goto out;
4664         }
4665
4666         p = reply_buf;
4667         end = reply_buf + ret;
4668         snap_name = ceph_extract_encoded_string(&p, end, NULL, GFP_KERNEL);
4669         if (IS_ERR(snap_name))
4670                 goto out;
4671
4672         dout("  snap_id 0x%016llx snap_name = %s\n",
4673                 (unsigned long long)snap_id, snap_name);
4674 out:
4675         kfree(reply_buf);
4676
4677         return snap_name;
4678 }
4679
4680 static int rbd_dev_v2_header_info(struct rbd_device *rbd_dev)
4681 {
4682         bool first_time = rbd_dev->header.object_prefix == NULL;
4683         int ret;
4684
4685         ret = rbd_dev_v2_image_size(rbd_dev);
4686         if (ret)
4687                 return ret;
4688
4689         if (first_time) {
4690                 ret = rbd_dev_v2_header_onetime(rbd_dev);
4691                 if (ret)
4692                         return ret;
4693         }
4694
4695         ret = rbd_dev_v2_snap_context(rbd_dev);
4696         dout("rbd_dev_v2_snap_context returned %d\n", ret);
4697
4698         return ret;
4699 }
4700
4701 static int rbd_dev_header_info(struct rbd_device *rbd_dev)
4702 {
4703         rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
4704
4705         if (rbd_dev->image_format == 1)
4706                 return rbd_dev_v1_header_info(rbd_dev);
4707
4708         return rbd_dev_v2_header_info(rbd_dev);
4709 }
4710
4711 static int rbd_bus_add_dev(struct rbd_device *rbd_dev)
4712 {
4713         struct device *dev;
4714         int ret;
4715
4716         dev = &rbd_dev->dev;
4717         dev->bus = &rbd_bus_type;
4718         dev->type = &rbd_device_type;
4719         dev->parent = &rbd_root_dev;
4720         dev->release = rbd_dev_device_release;
4721         dev_set_name(dev, "%d", rbd_dev->dev_id);
4722         ret = device_register(dev);
4723
4724         return ret;
4725 }
4726
4727 static void rbd_bus_del_dev(struct rbd_device *rbd_dev)
4728 {
4729         device_unregister(&rbd_dev->dev);
4730 }
4731
4732 /*
4733  * Get a unique rbd identifier for the given new rbd_dev, and add
4734  * the rbd_dev to the global list.
4735  */
4736 static int rbd_dev_id_get(struct rbd_device *rbd_dev)
4737 {
4738         int new_dev_id;
4739
4740         new_dev_id = ida_simple_get(&rbd_dev_id_ida,
4741                                     0, minor_to_rbd_dev_id(1 << MINORBITS),
4742                                     GFP_KERNEL);
4743         if (new_dev_id < 0)
4744                 return new_dev_id;
4745
4746         rbd_dev->dev_id = new_dev_id;
4747
4748         spin_lock(&rbd_dev_list_lock);
4749         list_add_tail(&rbd_dev->node, &rbd_dev_list);
4750         spin_unlock(&rbd_dev_list_lock);
4751
4752         dout("rbd_dev %p given dev id %d\n", rbd_dev, rbd_dev->dev_id);
4753
4754         return 0;
4755 }
4756
4757 /*
4758  * Remove an rbd_dev from the global list, and record that its
4759  * identifier is no longer in use.
4760  */
4761 static void rbd_dev_id_put(struct rbd_device *rbd_dev)
4762 {
4763         spin_lock(&rbd_dev_list_lock);
4764         list_del_init(&rbd_dev->node);
4765         spin_unlock(&rbd_dev_list_lock);
4766
4767         ida_simple_remove(&rbd_dev_id_ida, rbd_dev->dev_id);
4768
4769         dout("rbd_dev %p released dev id %d\n", rbd_dev, rbd_dev->dev_id);
4770 }
4771
4772 /*
4773  * Skips over white space at *buf, and updates *buf to point to the
4774  * first found non-space character (if any). Returns the length of
4775  * the token (string of non-white space characters) found.  Note
4776  * that *buf must be terminated with '\0'.
4777  */
4778 static inline size_t next_token(const char **buf)
4779 {
4780         /*
4781         * These are the characters that produce nonzero for
4782         * isspace() in the "C" and "POSIX" locales.
4783         */
4784         const char *spaces = " \f\n\r\t\v";
4785
4786         *buf += strspn(*buf, spaces);   /* Find start of token */
4787
4788         return strcspn(*buf, spaces);   /* Return token length */
4789 }
4790
4791 /*
4792  * Finds the next token in *buf, and if the provided token buffer is
4793  * big enough, copies the found token into it.  The result, if
4794  * copied, is guaranteed to be terminated with '\0'.  Note that *buf
4795  * must be terminated with '\0' on entry.
4796  *
4797  * Returns the length of the token found (not including the '\0').
4798  * Return value will be 0 if no token is found, and it will be >=
4799  * token_size if the token would not fit.
4800  *
4801  * The *buf pointer will be updated to point beyond the end of the
4802  * found token.  Note that this occurs even if the token buffer is
4803  * too small to hold it.
4804  */
4805 static inline size_t copy_token(const char **buf,
4806                                 char *token,
4807                                 size_t token_size)
4808 {
4809         size_t len;
4810
4811         len = next_token(buf);
4812         if (len < token_size) {
4813                 memcpy(token, *buf, len);
4814                 *(token + len) = '\0';
4815         }
4816         *buf += len;
4817
4818         return len;
4819 }
4820
4821 /*
4822  * Finds the next token in *buf, dynamically allocates a buffer big
4823  * enough to hold a copy of it, and copies the token into the new
4824  * buffer.  The copy is guaranteed to be terminated with '\0'.  Note
4825  * that a duplicate buffer is created even for a zero-length token.
4826  *
4827  * Returns a pointer to the newly-allocated duplicate, or a null
4828  * pointer if memory for the duplicate was not available.  If
4829  * the lenp argument is a non-null pointer, the length of the token
4830  * (not including the '\0') is returned in *lenp.
4831  *
4832  * If successful, the *buf pointer will be updated to point beyond
4833  * the end of the found token.
4834  *
4835  * Note: uses GFP_KERNEL for allocation.
4836  */
4837 static inline char *dup_token(const char **buf, size_t *lenp)
4838 {
4839         char *dup;
4840         size_t len;
4841
4842         len = next_token(buf);
4843         dup = kmemdup(*buf, len + 1, GFP_KERNEL);
4844         if (!dup)
4845                 return NULL;
4846         *(dup + len) = '\0';
4847         *buf += len;
4848
4849         if (lenp)
4850                 *lenp = len;
4851
4852         return dup;
4853 }
4854
4855 /*
4856  * Parse the options provided for an "rbd add" (i.e., rbd image
4857  * mapping) request.  These arrive via a write to /sys/bus/rbd/add,
4858  * and the data written is passed here via a NUL-terminated buffer.
4859  * Returns 0 if successful or an error code otherwise.
4860  *
4861  * The information extracted from these options is recorded in
4862  * the other parameters which return dynamically-allocated
4863  * structures:
4864  *  ceph_opts
4865  *      The address of a pointer that will refer to a ceph options
4866  *      structure.  Caller must release the returned pointer using
4867  *      ceph_destroy_options() when it is no longer needed.
4868  *  rbd_opts
4869  *      Address of an rbd options pointer.  Fully initialized by
4870  *      this function; caller must release with kfree().
4871  *  spec
4872  *      Address of an rbd image specification pointer.  Fully
4873  *      initialized by this function based on parsed options.
4874  *      Caller must release with rbd_spec_put().
4875  *
4876  * The options passed take this form:
4877  *  <mon_addrs> <options> <pool_name> <image_name> [<snap_id>]
4878  * where:
4879  *  <mon_addrs>
4880  *      A comma-separated list of one or more monitor addresses.
4881  *      A monitor address is an ip address, optionally followed
4882  *      by a port number (separated by a colon).
4883  *        I.e.:  ip1[:port1][,ip2[:port2]...]
4884  *  <options>
4885  *      A comma-separated list of ceph and/or rbd options.
4886  *  <pool_name>
4887  *      The name of the rados pool containing the rbd image.
4888  *  <image_name>
4889  *      The name of the image in that pool to map.
4890  *  <snap_id>
4891  *      An optional snapshot id.  If provided, the mapping will
4892  *      present data from the image at the time that snapshot was
4893  *      created.  The image head is used if no snapshot id is
4894  *      provided.  Snapshot mappings are always read-only.
4895  */
4896 static int rbd_add_parse_args(const char *buf,
4897                                 struct ceph_options **ceph_opts,
4898                                 struct rbd_options **opts,
4899                                 struct rbd_spec **rbd_spec)
4900 {
4901         size_t len;
4902         char *options;
4903         const char *mon_addrs;
4904         char *snap_name;
4905         size_t mon_addrs_size;
4906         struct rbd_spec *spec = NULL;
4907         struct rbd_options *rbd_opts = NULL;
4908         struct ceph_options *copts;
4909         int ret;
4910
4911         /* The first four tokens are required */
4912
4913         len = next_token(&buf);
4914         if (!len) {
4915                 rbd_warn(NULL, "no monitor address(es) provided");
4916                 return -EINVAL;
4917         }
4918         mon_addrs = buf;
4919         mon_addrs_size = len + 1;
4920         buf += len;
4921
4922         ret = -EINVAL;
4923         options = dup_token(&buf, NULL);
4924         if (!options)
4925                 return -ENOMEM;
4926         if (!*options) {
4927                 rbd_warn(NULL, "no options provided");
4928                 goto out_err;
4929         }
4930
4931         spec = rbd_spec_alloc();
4932         if (!spec)
4933                 goto out_mem;
4934
4935         spec->pool_name = dup_token(&buf, NULL);
4936         if (!spec->pool_name)
4937                 goto out_mem;
4938         if (!*spec->pool_name) {
4939                 rbd_warn(NULL, "no pool name provided");
4940                 goto out_err;
4941         }
4942
4943         spec->image_name = dup_token(&buf, NULL);
4944         if (!spec->image_name)
4945                 goto out_mem;
4946         if (!*spec->image_name) {
4947                 rbd_warn(NULL, "no image name provided");
4948                 goto out_err;
4949         }
4950
4951         /*
4952          * Snapshot name is optional; default is to use "-"
4953          * (indicating the head/no snapshot).
4954          */
4955         len = next_token(&buf);
4956         if (!len) {
4957                 buf = RBD_SNAP_HEAD_NAME; /* No snapshot supplied */
4958                 len = sizeof (RBD_SNAP_HEAD_NAME) - 1;
4959         } else if (len > RBD_MAX_SNAP_NAME_LEN) {
4960                 ret = -ENAMETOOLONG;
4961                 goto out_err;
4962         }
4963         snap_name = kmemdup(buf, len + 1, GFP_KERNEL);
4964         if (!snap_name)
4965                 goto out_mem;
4966         *(snap_name + len) = '\0';
4967         spec->snap_name = snap_name;
4968
4969         /* Initialize all rbd options to the defaults */
4970
4971         rbd_opts = kzalloc(sizeof (*rbd_opts), GFP_KERNEL);
4972         if (!rbd_opts)
4973                 goto out_mem;
4974
4975         rbd_opts->read_only = RBD_READ_ONLY_DEFAULT;
4976
4977         copts = ceph_parse_options(options, mon_addrs,
4978                                         mon_addrs + mon_addrs_size - 1,
4979                                         parse_rbd_opts_token, rbd_opts);
4980         if (IS_ERR(copts)) {
4981                 ret = PTR_ERR(copts);
4982                 goto out_err;
4983         }
4984         kfree(options);
4985
4986         *ceph_opts = copts;
4987         *opts = rbd_opts;
4988         *rbd_spec = spec;
4989
4990         return 0;
4991 out_mem:
4992         ret = -ENOMEM;
4993 out_err:
4994         kfree(rbd_opts);
4995         rbd_spec_put(spec);
4996         kfree(options);
4997
4998         return ret;
4999 }
5000
5001 /*
5002  * Return pool id (>= 0) or a negative error code.
5003  */
5004 static int rbd_add_get_pool_id(struct rbd_client *rbdc, const char *pool_name)
5005 {
5006         u64 newest_epoch;
5007         unsigned long timeout = rbdc->client->options->mount_timeout * HZ;
5008         int tries = 0;
5009         int ret;
5010
5011 again:
5012         ret = ceph_pg_poolid_by_name(rbdc->client->osdc.osdmap, pool_name);
5013         if (ret == -ENOENT && tries++ < 1) {
5014                 ret = ceph_monc_do_get_version(&rbdc->client->monc, "osdmap",
5015                                                &newest_epoch);
5016                 if (ret < 0)
5017                         return ret;
5018
5019                 if (rbdc->client->osdc.osdmap->epoch < newest_epoch) {
5020                         ceph_monc_request_next_osdmap(&rbdc->client->monc);
5021                         (void) ceph_monc_wait_osdmap(&rbdc->client->monc,
5022                                                      newest_epoch, timeout);
5023                         goto again;
5024                 } else {
5025                         /* the osdmap we have is new enough */
5026                         return -ENOENT;
5027                 }
5028         }
5029
5030         return ret;
5031 }
5032
5033 /*
5034  * An rbd format 2 image has a unique identifier, distinct from the
5035  * name given to it by the user.  Internally, that identifier is
5036  * what's used to specify the names of objects related to the image.
5037  *
5038  * A special "rbd id" object is used to map an rbd image name to its
5039  * id.  If that object doesn't exist, then there is no v2 rbd image
5040  * with the supplied name.
5041  *
5042  * This function will record the given rbd_dev's image_id field if
5043  * it can be determined, and in that case will return 0.  If any
5044  * errors occur a negative errno will be returned and the rbd_dev's
5045  * image_id field will be unchanged (and should be NULL).
5046  */
5047 static int rbd_dev_image_id(struct rbd_device *rbd_dev)
5048 {
5049         int ret;
5050         size_t size;
5051         char *object_name;
5052         void *response;
5053         char *image_id;
5054
5055         /*
5056          * When probing a parent image, the image id is already
5057          * known (and the image name likely is not).  There's no
5058          * need to fetch the image id again in this case.  We
5059          * do still need to set the image format though.
5060          */
5061         if (rbd_dev->spec->image_id) {
5062                 rbd_dev->image_format = *rbd_dev->spec->image_id ? 2 : 1;
5063
5064                 return 0;
5065         }
5066
5067         /*
5068          * First, see if the format 2 image id file exists, and if
5069          * so, get the image's persistent id from it.
5070          */
5071         size = sizeof (RBD_ID_PREFIX) + strlen(rbd_dev->spec->image_name);
5072         object_name = kmalloc(size, GFP_NOIO);
5073         if (!object_name)
5074                 return -ENOMEM;
5075         sprintf(object_name, "%s%s", RBD_ID_PREFIX, rbd_dev->spec->image_name);
5076         dout("rbd id object name is %s\n", object_name);
5077
5078         /* Response will be an encoded string, which includes a length */
5079
5080         size = sizeof (__le32) + RBD_IMAGE_ID_LEN_MAX;
5081         response = kzalloc(size, GFP_NOIO);
5082         if (!response) {
5083                 ret = -ENOMEM;
5084                 goto out;
5085         }
5086
5087         /* If it doesn't exist we'll assume it's a format 1 image */
5088
5089         ret = rbd_obj_method_sync(rbd_dev, object_name,
5090                                 "rbd", "get_id", NULL, 0,
5091                                 response, RBD_IMAGE_ID_LEN_MAX);
5092         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
5093         if (ret == -ENOENT) {
5094                 image_id = kstrdup("", GFP_KERNEL);
5095                 ret = image_id ? 0 : -ENOMEM;
5096                 if (!ret)
5097                         rbd_dev->image_format = 1;
5098         } else if (ret >= 0) {
5099                 void *p = response;
5100
5101                 image_id = ceph_extract_encoded_string(&p, p + ret,
5102                                                 NULL, GFP_NOIO);
5103                 ret = PTR_ERR_OR_ZERO(image_id);
5104                 if (!ret)
5105                         rbd_dev->image_format = 2;
5106         }
5107
5108         if (!ret) {
5109                 rbd_dev->spec->image_id = image_id;
5110                 dout("image_id is %s\n", image_id);
5111         }
5112 out:
5113         kfree(response);
5114         kfree(object_name);
5115
5116         return ret;
5117 }
5118
5119 /*
5120  * Undo whatever state changes are made by v1 or v2 header info
5121  * call.
5122  */
5123 static void rbd_dev_unprobe(struct rbd_device *rbd_dev)
5124 {
5125         struct rbd_image_header *header;
5126
5127         rbd_dev_parent_put(rbd_dev);
5128
5129         /* Free dynamic fields from the header, then zero it out */
5130
5131         header = &rbd_dev->header;
5132         ceph_put_snap_context(header->snapc);
5133         kfree(header->snap_sizes);
5134         kfree(header->snap_names);
5135         kfree(header->object_prefix);
5136         memset(header, 0, sizeof (*header));
5137 }
5138
5139 static int rbd_dev_v2_header_onetime(struct rbd_device *rbd_dev)
5140 {
5141         int ret;
5142
5143         ret = rbd_dev_v2_object_prefix(rbd_dev);
5144         if (ret)
5145                 goto out_err;
5146
5147         /*
5148          * Get the and check features for the image.  Currently the
5149          * features are assumed to never change.
5150          */
5151         ret = rbd_dev_v2_features(rbd_dev);
5152         if (ret)
5153                 goto out_err;
5154
5155         /* If the image supports fancy striping, get its parameters */
5156
5157         if (rbd_dev->header.features & RBD_FEATURE_STRIPINGV2) {
5158                 ret = rbd_dev_v2_striping_info(rbd_dev);
5159                 if (ret < 0)
5160                         goto out_err;
5161         }
5162         /* No support for crypto and compression type format 2 images */
5163
5164         return 0;
5165 out_err:
5166         rbd_dev->header.features = 0;
5167         kfree(rbd_dev->header.object_prefix);
5168         rbd_dev->header.object_prefix = NULL;
5169
5170         return ret;
5171 }
5172
5173 static int rbd_dev_probe_parent(struct rbd_device *rbd_dev)
5174 {
5175         struct rbd_device *parent = NULL;
5176         int ret;
5177
5178         if (!rbd_dev->parent_spec)
5179                 return 0;
5180
5181         parent = rbd_dev_create(rbd_dev->rbd_client, rbd_dev->parent_spec);
5182         if (!parent) {
5183                 ret = -ENOMEM;
5184                 goto out_err;
5185         }
5186
5187         /*
5188          * Images related by parent/child relationships always share
5189          * rbd_client and spec/parent_spec, so bump their refcounts.
5190          */
5191         __rbd_get_client(rbd_dev->rbd_client);
5192         rbd_spec_get(rbd_dev->parent_spec);
5193
5194         ret = rbd_dev_image_probe(parent, false);
5195         if (ret < 0)
5196                 goto out_err;
5197
5198         rbd_dev->parent = parent;
5199         atomic_set(&rbd_dev->parent_ref, 1);
5200         return 0;
5201
5202 out_err:
5203         rbd_dev_unparent(rbd_dev);
5204         if (parent)
5205                 rbd_dev_destroy(parent);
5206         return ret;
5207 }
5208
5209 static int rbd_dev_device_setup(struct rbd_device *rbd_dev)
5210 {
5211         int ret;
5212
5213         /* Get an id and fill in device name. */
5214
5215         ret = rbd_dev_id_get(rbd_dev);
5216         if (ret)
5217                 return ret;
5218
5219         BUILD_BUG_ON(DEV_NAME_LEN
5220                         < sizeof (RBD_DRV_NAME) + MAX_INT_FORMAT_WIDTH);
5221         sprintf(rbd_dev->name, "%s%d", RBD_DRV_NAME, rbd_dev->dev_id);
5222
5223         /* Record our major and minor device numbers. */
5224
5225         if (!single_major) {
5226                 ret = register_blkdev(0, rbd_dev->name);
5227                 if (ret < 0)
5228                         goto err_out_id;
5229
5230                 rbd_dev->major = ret;
5231                 rbd_dev->minor = 0;
5232         } else {
5233                 rbd_dev->major = rbd_major;
5234                 rbd_dev->minor = rbd_dev_id_to_minor(rbd_dev->dev_id);
5235         }
5236
5237         /* Set up the blkdev mapping. */
5238
5239         ret = rbd_init_disk(rbd_dev);
5240         if (ret)
5241                 goto err_out_blkdev;
5242
5243         ret = rbd_dev_mapping_set(rbd_dev);
5244         if (ret)
5245                 goto err_out_disk;
5246
5247         set_capacity(rbd_dev->disk, rbd_dev->mapping.size / SECTOR_SIZE);
5248         set_disk_ro(rbd_dev->disk, rbd_dev->mapping.read_only);
5249
5250         ret = rbd_bus_add_dev(rbd_dev);
5251         if (ret)
5252                 goto err_out_mapping;
5253
5254         /* Everything's ready.  Announce the disk to the world. */
5255
5256         set_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags);
5257         add_disk(rbd_dev->disk);
5258
5259         pr_info("%s: added with size 0x%llx\n", rbd_dev->disk->disk_name,
5260                 (unsigned long long) rbd_dev->mapping.size);
5261
5262         return ret;
5263
5264 err_out_mapping:
5265         rbd_dev_mapping_clear(rbd_dev);
5266 err_out_disk:
5267         rbd_free_disk(rbd_dev);
5268 err_out_blkdev:
5269         if (!single_major)
5270                 unregister_blkdev(rbd_dev->major, rbd_dev->name);
5271 err_out_id:
5272         rbd_dev_id_put(rbd_dev);
5273         rbd_dev_mapping_clear(rbd_dev);
5274
5275         return ret;
5276 }
5277
5278 static int rbd_dev_header_name(struct rbd_device *rbd_dev)
5279 {
5280         struct rbd_spec *spec = rbd_dev->spec;
5281         size_t size;
5282
5283         /* Record the header object name for this rbd image. */
5284
5285         rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
5286
5287         if (rbd_dev->image_format == 1)
5288                 size = strlen(spec->image_name) + sizeof (RBD_SUFFIX);
5289         else
5290                 size = sizeof (RBD_HEADER_PREFIX) + strlen(spec->image_id);
5291
5292         rbd_dev->header_name = kmalloc(size, GFP_KERNEL);
5293         if (!rbd_dev->header_name)
5294                 return -ENOMEM;
5295
5296         if (rbd_dev->image_format == 1)
5297                 sprintf(rbd_dev->header_name, "%s%s",
5298                         spec->image_name, RBD_SUFFIX);
5299         else
5300                 sprintf(rbd_dev->header_name, "%s%s",
5301                         RBD_HEADER_PREFIX, spec->image_id);
5302         return 0;
5303 }
5304
5305 static void rbd_dev_image_release(struct rbd_device *rbd_dev)
5306 {
5307         rbd_dev_unprobe(rbd_dev);
5308         kfree(rbd_dev->header_name);
5309         rbd_dev->header_name = NULL;
5310         rbd_dev->image_format = 0;
5311         kfree(rbd_dev->spec->image_id);
5312         rbd_dev->spec->image_id = NULL;
5313
5314         rbd_dev_destroy(rbd_dev);
5315 }
5316
5317 /*
5318  * Probe for the existence of the header object for the given rbd
5319  * device.  If this image is the one being mapped (i.e., not a
5320  * parent), initiate a watch on its header object before using that
5321  * object to get detailed information about the rbd image.
5322  */
5323 static int rbd_dev_image_probe(struct rbd_device *rbd_dev, bool mapping)
5324 {
5325         int ret;
5326
5327         /*
5328          * Get the id from the image id object.  Unless there's an
5329          * error, rbd_dev->spec->image_id will be filled in with
5330          * a dynamically-allocated string, and rbd_dev->image_format
5331          * will be set to either 1 or 2.
5332          */
5333         ret = rbd_dev_image_id(rbd_dev);
5334         if (ret)
5335                 return ret;
5336
5337         ret = rbd_dev_header_name(rbd_dev);
5338         if (ret)
5339                 goto err_out_format;
5340
5341         if (mapping) {
5342                 ret = rbd_dev_header_watch_sync(rbd_dev);
5343                 if (ret)
5344                         goto out_header_name;
5345         }
5346
5347         ret = rbd_dev_header_info(rbd_dev);
5348         if (ret)
5349                 goto err_out_watch;
5350
5351         /*
5352          * If this image is the one being mapped, we have pool name and
5353          * id, image name and id, and snap name - need to fill snap id.
5354          * Otherwise this is a parent image, identified by pool, image
5355          * and snap ids - need to fill in names for those ids.
5356          */
5357         if (mapping)
5358                 ret = rbd_spec_fill_snap_id(rbd_dev);
5359         else
5360                 ret = rbd_spec_fill_names(rbd_dev);
5361         if (ret)
5362                 goto err_out_probe;
5363
5364         if (rbd_dev->header.features & RBD_FEATURE_LAYERING) {
5365                 ret = rbd_dev_v2_parent_info(rbd_dev);
5366                 if (ret)
5367                         goto err_out_probe;
5368
5369                 /*
5370                  * Need to warn users if this image is the one being
5371                  * mapped and has a parent.
5372                  */
5373                 if (mapping && rbd_dev->parent_spec)
5374                         rbd_warn(rbd_dev,
5375                                  "WARNING: kernel layering is EXPERIMENTAL!");
5376         }
5377
5378         ret = rbd_dev_probe_parent(rbd_dev);
5379         if (ret)
5380                 goto err_out_probe;
5381
5382         dout("discovered format %u image, header name is %s\n",
5383                 rbd_dev->image_format, rbd_dev->header_name);
5384         return 0;
5385
5386 err_out_probe:
5387         rbd_dev_unprobe(rbd_dev);
5388 err_out_watch:
5389         if (mapping)
5390                 rbd_dev_header_unwatch_sync(rbd_dev);
5391 out_header_name:
5392         kfree(rbd_dev->header_name);
5393         rbd_dev->header_name = NULL;
5394 err_out_format:
5395         rbd_dev->image_format = 0;
5396         kfree(rbd_dev->spec->image_id);
5397         rbd_dev->spec->image_id = NULL;
5398         return ret;
5399 }
5400
5401 static ssize_t do_rbd_add(struct bus_type *bus,
5402                           const char *buf,
5403                           size_t count)
5404 {
5405         struct rbd_device *rbd_dev = NULL;
5406         struct ceph_options *ceph_opts = NULL;
5407         struct rbd_options *rbd_opts = NULL;
5408         struct rbd_spec *spec = NULL;
5409         struct rbd_client *rbdc;
5410         bool read_only;
5411         int rc = -ENOMEM;
5412
5413         if (!try_module_get(THIS_MODULE))
5414                 return -ENODEV;
5415
5416         /* parse add command */
5417         rc = rbd_add_parse_args(buf, &ceph_opts, &rbd_opts, &spec);
5418         if (rc < 0)
5419                 goto err_out_module;
5420         read_only = rbd_opts->read_only;
5421         kfree(rbd_opts);
5422         rbd_opts = NULL;        /* done with this */
5423
5424         rbdc = rbd_get_client(ceph_opts);
5425         if (IS_ERR(rbdc)) {
5426                 rc = PTR_ERR(rbdc);
5427                 goto err_out_args;
5428         }
5429
5430         /* pick the pool */
5431         rc = rbd_add_get_pool_id(rbdc, spec->pool_name);
5432         if (rc < 0)
5433                 goto err_out_client;
5434         spec->pool_id = (u64)rc;
5435
5436         /* The ceph file layout needs to fit pool id in 32 bits */
5437
5438         if (spec->pool_id > (u64)U32_MAX) {
5439                 rbd_warn(NULL, "pool id too large (%llu > %u)",
5440                                 (unsigned long long)spec->pool_id, U32_MAX);
5441                 rc = -EIO;
5442                 goto err_out_client;
5443         }
5444
5445         rbd_dev = rbd_dev_create(rbdc, spec);
5446         if (!rbd_dev)
5447                 goto err_out_client;
5448         rbdc = NULL;            /* rbd_dev now owns this */
5449         spec = NULL;            /* rbd_dev now owns this */
5450
5451         rc = rbd_dev_image_probe(rbd_dev, true);
5452         if (rc < 0)
5453                 goto err_out_rbd_dev;
5454
5455         /* If we are mapping a snapshot it must be marked read-only */
5456
5457         if (rbd_dev->spec->snap_id != CEPH_NOSNAP)
5458                 read_only = true;
5459         rbd_dev->mapping.read_only = read_only;
5460
5461         rc = rbd_dev_device_setup(rbd_dev);
5462         if (rc) {
5463                 /*
5464                  * rbd_dev_header_unwatch_sync() can't be moved into
5465                  * rbd_dev_image_release() without refactoring, see
5466                  * commit 1f3ef78861ac.
5467                  */
5468                 rbd_dev_header_unwatch_sync(rbd_dev);
5469                 rbd_dev_image_release(rbd_dev);
5470                 goto err_out_module;
5471         }
5472
5473         return count;
5474
5475 err_out_rbd_dev:
5476         rbd_dev_destroy(rbd_dev);
5477 err_out_client:
5478         rbd_put_client(rbdc);
5479 err_out_args:
5480         rbd_spec_put(spec);
5481 err_out_module:
5482         module_put(THIS_MODULE);
5483
5484         dout("Error adding device %s\n", buf);
5485
5486         return (ssize_t)rc;
5487 }
5488
5489 static ssize_t rbd_add(struct bus_type *bus,
5490                        const char *buf,
5491                        size_t count)
5492 {
5493         if (single_major)
5494                 return -EINVAL;
5495
5496         return do_rbd_add(bus, buf, count);
5497 }
5498
5499 static ssize_t rbd_add_single_major(struct bus_type *bus,
5500                                     const char *buf,
5501                                     size_t count)
5502 {
5503         return do_rbd_add(bus, buf, count);
5504 }
5505
5506 static void rbd_dev_device_release(struct device *dev)
5507 {
5508         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5509
5510         rbd_free_disk(rbd_dev);
5511         clear_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags);
5512         rbd_dev_mapping_clear(rbd_dev);
5513         if (!single_major)
5514                 unregister_blkdev(rbd_dev->major, rbd_dev->name);
5515         rbd_dev_id_put(rbd_dev);
5516         rbd_dev_mapping_clear(rbd_dev);
5517 }
5518
5519 static void rbd_dev_remove_parent(struct rbd_device *rbd_dev)
5520 {
5521         while (rbd_dev->parent) {
5522                 struct rbd_device *first = rbd_dev;
5523                 struct rbd_device *second = first->parent;
5524                 struct rbd_device *third;
5525
5526                 /*
5527                  * Follow to the parent with no grandparent and
5528                  * remove it.
5529                  */
5530                 while (second && (third = second->parent)) {
5531                         first = second;
5532                         second = third;
5533                 }
5534                 rbd_assert(second);
5535                 rbd_dev_image_release(second);
5536                 first->parent = NULL;
5537                 first->parent_overlap = 0;
5538
5539                 rbd_assert(first->parent_spec);
5540                 rbd_spec_put(first->parent_spec);
5541                 first->parent_spec = NULL;
5542         }
5543 }
5544
5545 static ssize_t do_rbd_remove(struct bus_type *bus,
5546                              const char *buf,
5547                              size_t count)
5548 {
5549         struct rbd_device *rbd_dev = NULL;
5550         struct list_head *tmp;
5551         int dev_id;
5552         unsigned long ul;
5553         bool already = false;
5554         int ret;
5555
5556         ret = kstrtoul(buf, 10, &ul);
5557         if (ret)
5558                 return ret;
5559
5560         /* convert to int; abort if we lost anything in the conversion */
5561         dev_id = (int)ul;
5562         if (dev_id != ul)
5563                 return -EINVAL;
5564
5565         ret = -ENOENT;
5566         spin_lock(&rbd_dev_list_lock);
5567         list_for_each(tmp, &rbd_dev_list) {
5568                 rbd_dev = list_entry(tmp, struct rbd_device, node);
5569                 if (rbd_dev->dev_id == dev_id) {
5570                         ret = 0;
5571                         break;
5572                 }
5573         }
5574         if (!ret) {
5575                 spin_lock_irq(&rbd_dev->lock);
5576                 if (rbd_dev->open_count)
5577                         ret = -EBUSY;
5578                 else
5579                         already = test_and_set_bit(RBD_DEV_FLAG_REMOVING,
5580                                                         &rbd_dev->flags);
5581                 spin_unlock_irq(&rbd_dev->lock);
5582         }
5583         spin_unlock(&rbd_dev_list_lock);
5584         if (ret < 0 || already)
5585                 return ret;
5586
5587         rbd_dev_header_unwatch_sync(rbd_dev);
5588         /*
5589          * flush remaining watch callbacks - these must be complete
5590          * before the osd_client is shutdown
5591          */
5592         dout("%s: flushing notifies", __func__);
5593         ceph_osdc_flush_notifies(&rbd_dev->rbd_client->client->osdc);
5594
5595         /*
5596          * Don't free anything from rbd_dev->disk until after all
5597          * notifies are completely processed. Otherwise
5598          * rbd_bus_del_dev() will race with rbd_watch_cb(), resulting
5599          * in a potential use after free of rbd_dev->disk or rbd_dev.
5600          */
5601         rbd_bus_del_dev(rbd_dev);
5602         rbd_dev_image_release(rbd_dev);
5603         module_put(THIS_MODULE);
5604
5605         return count;
5606 }
5607
5608 static ssize_t rbd_remove(struct bus_type *bus,
5609                           const char *buf,
5610                           size_t count)
5611 {
5612         if (single_major)
5613                 return -EINVAL;
5614
5615         return do_rbd_remove(bus, buf, count);
5616 }
5617
5618 static ssize_t rbd_remove_single_major(struct bus_type *bus,
5619                                        const char *buf,
5620                                        size_t count)
5621 {
5622         return do_rbd_remove(bus, buf, count);
5623 }
5624
5625 /*
5626  * create control files in sysfs
5627  * /sys/bus/rbd/...
5628  */
5629 static int rbd_sysfs_init(void)
5630 {
5631         int ret;
5632
5633         ret = device_register(&rbd_root_dev);
5634         if (ret < 0)
5635                 return ret;
5636
5637         ret = bus_register(&rbd_bus_type);
5638         if (ret < 0)
5639                 device_unregister(&rbd_root_dev);
5640
5641         return ret;
5642 }
5643
5644 static void rbd_sysfs_cleanup(void)
5645 {
5646         bus_unregister(&rbd_bus_type);
5647         device_unregister(&rbd_root_dev);
5648 }
5649
5650 static int rbd_slab_init(void)
5651 {
5652         rbd_assert(!rbd_img_request_cache);
5653         rbd_img_request_cache = kmem_cache_create("rbd_img_request",
5654                                         sizeof (struct rbd_img_request),
5655                                         __alignof__(struct rbd_img_request),
5656                                         0, NULL);
5657         if (!rbd_img_request_cache)
5658                 return -ENOMEM;
5659
5660         rbd_assert(!rbd_obj_request_cache);
5661         rbd_obj_request_cache = kmem_cache_create("rbd_obj_request",
5662                                         sizeof (struct rbd_obj_request),
5663                                         __alignof__(struct rbd_obj_request),
5664                                         0, NULL);
5665         if (!rbd_obj_request_cache)
5666                 goto out_err;
5667
5668         rbd_assert(!rbd_segment_name_cache);
5669         rbd_segment_name_cache = kmem_cache_create("rbd_segment_name",
5670                                         CEPH_MAX_OID_NAME_LEN + 1, 1, 0, NULL);
5671         if (rbd_segment_name_cache)
5672                 return 0;
5673 out_err:
5674         if (rbd_obj_request_cache) {
5675                 kmem_cache_destroy(rbd_obj_request_cache);
5676                 rbd_obj_request_cache = NULL;
5677         }
5678
5679         kmem_cache_destroy(rbd_img_request_cache);
5680         rbd_img_request_cache = NULL;
5681
5682         return -ENOMEM;
5683 }
5684
5685 static void rbd_slab_exit(void)
5686 {
5687         rbd_assert(rbd_segment_name_cache);
5688         kmem_cache_destroy(rbd_segment_name_cache);
5689         rbd_segment_name_cache = NULL;
5690
5691         rbd_assert(rbd_obj_request_cache);
5692         kmem_cache_destroy(rbd_obj_request_cache);
5693         rbd_obj_request_cache = NULL;
5694
5695         rbd_assert(rbd_img_request_cache);
5696         kmem_cache_destroy(rbd_img_request_cache);
5697         rbd_img_request_cache = NULL;
5698 }
5699
5700 static int __init rbd_init(void)
5701 {
5702         int rc;
5703
5704         if (!libceph_compatible(NULL)) {
5705                 rbd_warn(NULL, "libceph incompatibility (quitting)");
5706                 return -EINVAL;
5707         }
5708
5709         rc = rbd_slab_init();
5710         if (rc)
5711                 return rc;
5712
5713         /*
5714          * The number of active work items is limited by the number of
5715          * rbd devices, so leave @max_active at default.
5716          */
5717         rbd_wq = alloc_workqueue(RBD_DRV_NAME, WQ_MEM_RECLAIM, 0);
5718         if (!rbd_wq) {
5719                 rc = -ENOMEM;
5720                 goto err_out_slab;
5721         }
5722
5723         if (single_major) {
5724                 rbd_major = register_blkdev(0, RBD_DRV_NAME);
5725                 if (rbd_major < 0) {
5726                         rc = rbd_major;
5727                         goto err_out_wq;
5728                 }
5729         }
5730
5731         rc = rbd_sysfs_init();
5732         if (rc)
5733                 goto err_out_blkdev;
5734
5735         if (single_major)
5736                 pr_info("loaded (major %d)\n", rbd_major);
5737         else
5738                 pr_info("loaded\n");
5739
5740         return 0;
5741
5742 err_out_blkdev:
5743         if (single_major)
5744                 unregister_blkdev(rbd_major, RBD_DRV_NAME);
5745 err_out_wq:
5746         destroy_workqueue(rbd_wq);
5747 err_out_slab:
5748         rbd_slab_exit();
5749         return rc;
5750 }
5751
5752 static void __exit rbd_exit(void)
5753 {
5754         ida_destroy(&rbd_dev_id_ida);
5755         rbd_sysfs_cleanup();
5756         if (single_major)
5757                 unregister_blkdev(rbd_major, RBD_DRV_NAME);
5758         destroy_workqueue(rbd_wq);
5759         rbd_slab_exit();
5760 }
5761
5762 module_init(rbd_init);
5763 module_exit(rbd_exit);
5764
5765 MODULE_AUTHOR("Alex Elder <elder@inktank.com>");
5766 MODULE_AUTHOR("Sage Weil <sage@newdream.net>");
5767 MODULE_AUTHOR("Yehuda Sadeh <yehuda@hq.newdream.net>");
5768 /* following authorship retained from original osdblk.c */
5769 MODULE_AUTHOR("Jeff Garzik <jeff@garzik.org>");
5770
5771 MODULE_DESCRIPTION("RADOS Block Device (RBD) driver");
5772 MODULE_LICENSE("GPL");
Unnamed repository; edit this file 'description' to name the repository.