]> git.kernelconcepts.de Git - karo-tx-linux.git/blob - drivers/block/rbd.c
projects / karo-tx-linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszer...
[karo-tx-linux.git] / drivers / block / rbd.c
1
2 /*
3    rbd.c -- Export ceph rados objects as a Linux block device
4
5
6    based on drivers/block/osdblk.c:
7
8    Copyright 2009 Red Hat, Inc.
9
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation.
13
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18
19    You should have received a copy of the GNU General Public License
20    along with this program; see the file COPYING.  If not, write to
21    the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
22
23
24
25    For usage instructions, please refer to:
26
27                  Documentation/ABI/testing/sysfs-bus-rbd
28
29  */
30
31 #include <linux/ceph/libceph.h>
32 #include <linux/ceph/osd_client.h>
33 #include <linux/ceph/mon_client.h>
34 #include <linux/ceph/decode.h>
35 #include <linux/parser.h>
36 #include <linux/bsearch.h>
37
38 #include <linux/kernel.h>
39 #include <linux/device.h>
40 #include <linux/module.h>
41 #include <linux/blk-mq.h>
42 #include <linux/fs.h>
43 #include <linux/blkdev.h>
44 #include <linux/slab.h>
45 #include <linux/idr.h>
46 #include <linux/workqueue.h>
47
48 #include "rbd_types.h"
49
50 #define RBD_DEBUG       /* Activate rbd_assert() calls */
51
52 /*
53  * The basic unit of block I/O is a sector.  It is interpreted in a
54  * number of contexts in Linux (blk, bio, genhd), but the default is
55  * universally 512 bytes.  These symbols are just slightly more
56  * meaningful than the bare numbers they represent.
57  */
58 #define SECTOR_SHIFT    9
59 #define SECTOR_SIZE     (1ULL << SECTOR_SHIFT)
60
61 /*
62  * Increment the given counter and return its updated value.
63  * If the counter is already 0 it will not be incremented.
64  * If the counter is already at its maximum value returns
65  * -EINVAL without updating it.
66  */
67 static int atomic_inc_return_safe(atomic_t *v)
68 {
69         unsigned int counter;
70
71         counter = (unsigned int)__atomic_add_unless(v, 1, 0);
72         if (counter <= (unsigned int)INT_MAX)
73                 return (int)counter;
74
75         atomic_dec(v);
76
77         return -EINVAL;
78 }
79
80 /* Decrement the counter.  Return the resulting value, or -EINVAL */
81 static int atomic_dec_return_safe(atomic_t *v)
82 {
83         int counter;
84
85         counter = atomic_dec_return(v);
86         if (counter >= 0)
87                 return counter;
88
89         atomic_inc(v);
90
91         return -EINVAL;
92 }
93
94 #define RBD_DRV_NAME "rbd"
95
96 #define RBD_MINORS_PER_MAJOR            256
97 #define RBD_SINGLE_MAJOR_PART_SHIFT     4
98
99 #define RBD_MAX_PARENT_CHAIN_LEN        16
100
101 #define RBD_SNAP_DEV_NAME_PREFIX        "snap_"
102 #define RBD_MAX_SNAP_NAME_LEN   \
103                         (NAME_MAX - (sizeof (RBD_SNAP_DEV_NAME_PREFIX) - 1))
104
105 #define RBD_MAX_SNAP_COUNT      510     /* allows max snapc to fit in 4KB */
106
107 #define RBD_SNAP_HEAD_NAME      "-"
108
109 #define BAD_SNAP_INDEX  U32_MAX         /* invalid index into snap array */
110
111 /* This allows a single page to hold an image name sent by OSD */
112 #define RBD_IMAGE_NAME_LEN_MAX  (PAGE_SIZE - sizeof (__le32) - 1)
113 #define RBD_IMAGE_ID_LEN_MAX    64
114
115 #define RBD_OBJ_PREFIX_LEN_MAX  64
116
117 /* Feature bits */
118
119 #define RBD_FEATURE_LAYERING    (1<<0)
120 #define RBD_FEATURE_STRIPINGV2  (1<<1)
121 #define RBD_FEATURES_ALL \
122             (RBD_FEATURE_LAYERING | RBD_FEATURE_STRIPINGV2)
123
124 /* Features supported by this (client software) implementation. */
125
126 #define RBD_FEATURES_SUPPORTED  (RBD_FEATURES_ALL)
127
128 /*
129  * An RBD device name will be "rbd#", where the "rbd" comes from
130  * RBD_DRV_NAME above, and # is a unique integer identifier.
131  * MAX_INT_FORMAT_WIDTH is used in ensuring DEV_NAME_LEN is big
132  * enough to hold all possible device names.
133  */
134 #define DEV_NAME_LEN            32
135 #define MAX_INT_FORMAT_WIDTH    ((5 * sizeof (int)) / 2 + 1)
136
137 /*
138  * block device image metadata (in-memory version)
139  */
140 struct rbd_image_header {
141         /* These six fields never change for a given rbd image */
142         char *object_prefix;
143         __u8 obj_order;
144         __u8 crypt_type;
145         __u8 comp_type;
146         u64 stripe_unit;
147         u64 stripe_count;
148         u64 features;           /* Might be changeable someday? */
149
150         /* The remaining fields need to be updated occasionally */
151         u64 image_size;
152         struct ceph_snap_context *snapc;
153         char *snap_names;       /* format 1 only */
154         u64 *snap_sizes;        /* format 1 only */
155 };
156
157 /*
158  * An rbd image specification.
159  *
160  * The tuple (pool_id, image_id, snap_id) is sufficient to uniquely
161  * identify an image.  Each rbd_dev structure includes a pointer to
162  * an rbd_spec structure that encapsulates this identity.
163  *
164  * Each of the id's in an rbd_spec has an associated name.  For a
165  * user-mapped image, the names are supplied and the id's associated
166  * with them are looked up.  For a layered image, a parent image is
167  * defined by the tuple, and the names are looked up.
168  *
169  * An rbd_dev structure contains a parent_spec pointer which is
170  * non-null if the image it represents is a child in a layered
171  * image.  This pointer will refer to the rbd_spec structure used
172  * by the parent rbd_dev for its own identity (i.e., the structure
173  * is shared between the parent and child).
174  *
175  * Since these structures are populated once, during the discovery
176  * phase of image construction, they are effectively immutable so
177  * we make no effort to synchronize access to them.
178  *
179  * Note that code herein does not assume the image name is known (it
180  * could be a null pointer).
181  */
182 struct rbd_spec {
183         u64             pool_id;
184         const char      *pool_name;
185
186         const char      *image_id;
187         const char      *image_name;
188
189         u64             snap_id;
190         const char      *snap_name;
191
192         struct kref     kref;
193 };
194
195 /*
196  * an instance of the client.  multiple devices may share an rbd client.
197  */
198 struct rbd_client {
199         struct ceph_client      *client;
200         struct kref             kref;
201         struct list_head        node;
202 };
203
204 struct rbd_img_request;
205 typedef void (*rbd_img_callback_t)(struct rbd_img_request *);
206
207 #define BAD_WHICH       U32_MAX         /* Good which or bad which, which? */
208
209 struct rbd_obj_request;
210 typedef void (*rbd_obj_callback_t)(struct rbd_obj_request *);
211
212 enum obj_request_type {
213         OBJ_REQUEST_NODATA, OBJ_REQUEST_BIO, OBJ_REQUEST_PAGES
214 };
215
216 enum obj_operation_type {
217         OBJ_OP_WRITE,
218         OBJ_OP_READ,
219         OBJ_OP_DISCARD,
220 };
221
222 enum obj_req_flags {
223         OBJ_REQ_DONE,           /* completion flag: not done = 0, done = 1 */
224         OBJ_REQ_IMG_DATA,       /* object usage: standalone = 0, image = 1 */
225         OBJ_REQ_KNOWN,          /* EXISTS flag valid: no = 0, yes = 1 */
226         OBJ_REQ_EXISTS,         /* target exists: no = 0, yes = 1 */
227 };
228
229 struct rbd_obj_request {
230         const char              *object_name;
231         u64                     offset;         /* object start byte */
232         u64                     length;         /* bytes from offset */
233         unsigned long           flags;
234
235         /*
236          * An object request associated with an image will have its
237          * img_data flag set; a standalone object request will not.
238          *
239          * A standalone object request will have which == BAD_WHICH
240          * and a null obj_request pointer.
241          *
242          * An object request initiated in support of a layered image
243          * object (to check for its existence before a write) will
244          * have which == BAD_WHICH and a non-null obj_request pointer.
245          *
246          * Finally, an object request for rbd image data will have
247          * which != BAD_WHICH, and will have a non-null img_request
248          * pointer.  The value of which will be in the range
249          * 0..(img_request->obj_request_count-1).
250          */
251         union {
252                 struct rbd_obj_request  *obj_request;   /* STAT op */
253                 struct {
254                         struct rbd_img_request  *img_request;
255                         u64                     img_offset;
256                         /* links for img_request->obj_requests list */
257                         struct list_head        links;
258                 };
259         };
260         u32                     which;          /* posn image request list */
261
262         enum obj_request_type   type;
263         union {
264                 struct bio      *bio_list;
265                 struct {
266                         struct page     **pages;
267                         u32             page_count;
268                 };
269         };
270         struct page             **copyup_pages;
271         u32                     copyup_page_count;
272
273         struct ceph_osd_request *osd_req;
274
275         u64                     xferred;        /* bytes transferred */
276         int                     result;
277
278         rbd_obj_callback_t      callback;
279         struct completion       completion;
280
281         struct kref             kref;
282 };
283
284 enum img_req_flags {
285         IMG_REQ_WRITE,          /* I/O direction: read = 0, write = 1 */
286         IMG_REQ_CHILD,          /* initiator: block = 0, child image = 1 */
287         IMG_REQ_LAYERED,        /* ENOENT handling: normal = 0, layered = 1 */
288         IMG_REQ_DISCARD,        /* discard: normal = 0, discard request = 1 */
289 };
290
291 struct rbd_img_request {
292         struct rbd_device       *rbd_dev;
293         u64                     offset; /* starting image byte offset */
294         u64                     length; /* byte count from offset */
295         unsigned long           flags;
296         union {
297                 u64                     snap_id;        /* for reads */
298                 struct ceph_snap_context *snapc;        /* for writes */
299         };
300         union {
301                 struct request          *rq;            /* block request */
302                 struct rbd_obj_request  *obj_request;   /* obj req initiator */
303         };
304         struct page             **copyup_pages;
305         u32                     copyup_page_count;
306         spinlock_t              completion_lock;/* protects next_completion */
307         u32                     next_completion;
308         rbd_img_callback_t      callback;
309         u64                     xferred;/* aggregate bytes transferred */
310         int                     result; /* first nonzero obj_request result */
311
312         u32                     obj_request_count;
313         struct list_head        obj_requests;   /* rbd_obj_request structs */
314
315         struct kref             kref;
316 };
317
318 #define for_each_obj_request(ireq, oreq) \
319         list_for_each_entry(oreq, &(ireq)->obj_requests, links)
320 #define for_each_obj_request_from(ireq, oreq) \
321         list_for_each_entry_from(oreq, &(ireq)->obj_requests, links)
322 #define for_each_obj_request_safe(ireq, oreq, n) \
323         list_for_each_entry_safe_reverse(oreq, n, &(ireq)->obj_requests, links)
324
325 struct rbd_mapping {
326         u64                     size;
327         u64                     features;
328         bool                    read_only;
329 };
330
331 /*
332  * a single device
333  */
334 struct rbd_device {
335         int                     dev_id;         /* blkdev unique id */
336
337         int                     major;          /* blkdev assigned major */
338         int                     minor;
339         struct gendisk          *disk;          /* blkdev's gendisk and rq */
340
341         u32                     image_format;   /* Either 1 or 2 */
342         struct rbd_client       *rbd_client;
343
344         char                    name[DEV_NAME_LEN]; /* blkdev name, e.g. rbd3 */
345
346         spinlock_t              lock;           /* queue, flags, open_count */
347
348         struct rbd_image_header header;
349         unsigned long           flags;          /* possibly lock protected */
350         struct rbd_spec         *spec;
351         struct rbd_options      *opts;
352
353         char                    *header_name;
354
355         struct ceph_file_layout layout;
356
357         struct ceph_osd_event   *watch_event;
358         struct rbd_obj_request  *watch_request;
359
360         struct rbd_spec         *parent_spec;
361         u64                     parent_overlap;
362         atomic_t                parent_ref;
363         struct rbd_device       *parent;
364
365         /* Block layer tags. */
366         struct blk_mq_tag_set   tag_set;
367
368         /* protects updating the header */
369         struct rw_semaphore     header_rwsem;
370
371         struct rbd_mapping      mapping;
372
373         struct list_head        node;
374
375         /* sysfs related */
376         struct device           dev;
377         unsigned long           open_count;     /* protected by lock */
378 };
379
380 /*
381  * Flag bits for rbd_dev->flags.  If atomicity is required,
382  * rbd_dev->lock is used to protect access.
383  *
384  * Currently, only the "removing" flag (which is coupled with the
385  * "open_count" field) requires atomic access.
386  */
387 enum rbd_dev_flags {
388         RBD_DEV_FLAG_EXISTS,    /* mapped snapshot has not been deleted */
389         RBD_DEV_FLAG_REMOVING,  /* this mapping is being removed */
390 };
391
392 static DEFINE_MUTEX(client_mutex);      /* Serialize client creation */
393
394 static LIST_HEAD(rbd_dev_list);    /* devices */
395 static DEFINE_SPINLOCK(rbd_dev_list_lock);
396
397 static LIST_HEAD(rbd_client_list);              /* clients */
398 static DEFINE_SPINLOCK(rbd_client_list_lock);
399
400 /* Slab caches for frequently-allocated structures */
401
402 static struct kmem_cache        *rbd_img_request_cache;
403 static struct kmem_cache        *rbd_obj_request_cache;
404 static struct kmem_cache        *rbd_segment_name_cache;
405
406 static int rbd_major;
407 static DEFINE_IDA(rbd_dev_id_ida);
408
409 static struct workqueue_struct *rbd_wq;
410
411 /*
412  * Default to false for now, as single-major requires >= 0.75 version of
413  * userspace rbd utility.
414  */
415 static bool single_major = false;
416 module_param(single_major, bool, S_IRUGO);
417 MODULE_PARM_DESC(single_major, "Use a single major number for all rbd devices (default: false)");
418
419 static int rbd_img_request_submit(struct rbd_img_request *img_request);
420
421 static void rbd_dev_device_release(struct device *dev);
422
423 static ssize_t rbd_add(struct bus_type *bus, const char *buf,
424                        size_t count);
425 static ssize_t rbd_remove(struct bus_type *bus, const char *buf,
426                           size_t count);
427 static ssize_t rbd_add_single_major(struct bus_type *bus, const char *buf,
428                                     size_t count);
429 static ssize_t rbd_remove_single_major(struct bus_type *bus, const char *buf,
430                                        size_t count);
431 static int rbd_dev_image_probe(struct rbd_device *rbd_dev, int depth);
432 static void rbd_spec_put(struct rbd_spec *spec);
433
434 static int rbd_dev_id_to_minor(int dev_id)
435 {
436         return dev_id << RBD_SINGLE_MAJOR_PART_SHIFT;
437 }
438
439 static int minor_to_rbd_dev_id(int minor)
440 {
441         return minor >> RBD_SINGLE_MAJOR_PART_SHIFT;
442 }
443
444 static BUS_ATTR(add, S_IWUSR, NULL, rbd_add);
445 static BUS_ATTR(remove, S_IWUSR, NULL, rbd_remove);
446 static BUS_ATTR(add_single_major, S_IWUSR, NULL, rbd_add_single_major);
447 static BUS_ATTR(remove_single_major, S_IWUSR, NULL, rbd_remove_single_major);
448
449 static struct attribute *rbd_bus_attrs[] = {
450         &bus_attr_add.attr,
451         &bus_attr_remove.attr,
452         &bus_attr_add_single_major.attr,
453         &bus_attr_remove_single_major.attr,
454         NULL,
455 };
456
457 static umode_t rbd_bus_is_visible(struct kobject *kobj,
458                                   struct attribute *attr, int index)
459 {
460         if (!single_major &&
461             (attr == &bus_attr_add_single_major.attr ||
462              attr == &bus_attr_remove_single_major.attr))
463                 return 0;
464
465         return attr->mode;
466 }
467
468 static const struct attribute_group rbd_bus_group = {
469         .attrs = rbd_bus_attrs,
470         .is_visible = rbd_bus_is_visible,
471 };
472 __ATTRIBUTE_GROUPS(rbd_bus);
473
474 static struct bus_type rbd_bus_type = {
475         .name           = "rbd",
476         .bus_groups     = rbd_bus_groups,
477 };
478
479 static void rbd_root_dev_release(struct device *dev)
480 {
481 }
482
483 static struct device rbd_root_dev = {
484         .init_name =    "rbd",
485         .release =      rbd_root_dev_release,
486 };
487
488 static __printf(2, 3)
489 void rbd_warn(struct rbd_device *rbd_dev, const char *fmt, ...)
490 {
491         struct va_format vaf;
492         va_list args;
493
494         va_start(args, fmt);
495         vaf.fmt = fmt;
496         vaf.va = &args;
497
498         if (!rbd_dev)
499                 printk(KERN_WARNING "%s: %pV\n", RBD_DRV_NAME, &vaf);
500         else if (rbd_dev->disk)
501                 printk(KERN_WARNING "%s: %s: %pV\n",
502                         RBD_DRV_NAME, rbd_dev->disk->disk_name, &vaf);
503         else if (rbd_dev->spec && rbd_dev->spec->image_name)
504                 printk(KERN_WARNING "%s: image %s: %pV\n",
505                         RBD_DRV_NAME, rbd_dev->spec->image_name, &vaf);
506         else if (rbd_dev->spec && rbd_dev->spec->image_id)
507                 printk(KERN_WARNING "%s: id %s: %pV\n",
508                         RBD_DRV_NAME, rbd_dev->spec->image_id, &vaf);
509         else    /* punt */
510                 printk(KERN_WARNING "%s: rbd_dev %p: %pV\n",
511                         RBD_DRV_NAME, rbd_dev, &vaf);
512         va_end(args);
513 }
514
515 #ifdef RBD_DEBUG
516 #define rbd_assert(expr)                                                \
517                 if (unlikely(!(expr))) {                                \
518                         printk(KERN_ERR "\nAssertion failure in %s() "  \
519                                                 "at line %d:\n\n"       \
520                                         "\trbd_assert(%s);\n\n",        \
521                                         __func__, __LINE__, #expr);     \
522                         BUG();                                          \
523                 }
524 #else /* !RBD_DEBUG */
525 #  define rbd_assert(expr)      ((void) 0)
526 #endif /* !RBD_DEBUG */
527
528 static void rbd_osd_copyup_callback(struct rbd_obj_request *obj_request);
529 static int rbd_img_obj_request_submit(struct rbd_obj_request *obj_request);
530 static void rbd_img_parent_read(struct rbd_obj_request *obj_request);
531 static void rbd_dev_remove_parent(struct rbd_device *rbd_dev);
532
533 static int rbd_dev_refresh(struct rbd_device *rbd_dev);
534 static int rbd_dev_v2_header_onetime(struct rbd_device *rbd_dev);
535 static int rbd_dev_header_info(struct rbd_device *rbd_dev);
536 static int rbd_dev_v2_parent_info(struct rbd_device *rbd_dev);
537 static const char *rbd_dev_v2_snap_name(struct rbd_device *rbd_dev,
538                                         u64 snap_id);
539 static int _rbd_dev_v2_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
540                                 u8 *order, u64 *snap_size);
541 static int _rbd_dev_v2_snap_features(struct rbd_device *rbd_dev, u64 snap_id,
542                 u64 *snap_features);
543 static u64 rbd_snap_id_by_name(struct rbd_device *rbd_dev, const char *name);
544
545 static int rbd_open(struct block_device *bdev, fmode_t mode)
546 {
547         struct rbd_device *rbd_dev = bdev->bd_disk->private_data;
548         bool removing = false;
549
550         if ((mode & FMODE_WRITE) && rbd_dev->mapping.read_only)
551                 return -EROFS;
552
553         spin_lock_irq(&rbd_dev->lock);
554         if (test_bit(RBD_DEV_FLAG_REMOVING, &rbd_dev->flags))
555                 removing = true;
556         else
557                 rbd_dev->open_count++;
558         spin_unlock_irq(&rbd_dev->lock);
559         if (removing)
560                 return -ENOENT;
561
562         (void) get_device(&rbd_dev->dev);
563
564         return 0;
565 }
566
567 static void rbd_release(struct gendisk *disk, fmode_t mode)
568 {
569         struct rbd_device *rbd_dev = disk->private_data;
570         unsigned long open_count_before;
571
572         spin_lock_irq(&rbd_dev->lock);
573         open_count_before = rbd_dev->open_count--;
574         spin_unlock_irq(&rbd_dev->lock);
575         rbd_assert(open_count_before > 0);
576
577         put_device(&rbd_dev->dev);
578 }
579
580 static int rbd_ioctl_set_ro(struct rbd_device *rbd_dev, unsigned long arg)
581 {
582         int ret = 0;
583         int val;
584         bool ro;
585         bool ro_changed = false;
586
587         /* get_user() may sleep, so call it before taking rbd_dev->lock */
588         if (get_user(val, (int __user *)(arg)))
589                 return -EFAULT;
590
591         ro = val ? true : false;
592         /* Snapshot doesn't allow to write*/
593         if (rbd_dev->spec->snap_id != CEPH_NOSNAP && !ro)
594                 return -EROFS;
595
596         spin_lock_irq(&rbd_dev->lock);
597         /* prevent others open this device */
598         if (rbd_dev->open_count > 1) {
599                 ret = -EBUSY;
600                 goto out;
601         }
602
603         if (rbd_dev->mapping.read_only != ro) {
604                 rbd_dev->mapping.read_only = ro;
605                 ro_changed = true;
606         }
607
608 out:
609         spin_unlock_irq(&rbd_dev->lock);
610         /* set_disk_ro() may sleep, so call it after releasing rbd_dev->lock */
611         if (ret == 0 && ro_changed)
612                 set_disk_ro(rbd_dev->disk, ro ? 1 : 0);
613
614         return ret;
615 }
616
617 static int rbd_ioctl(struct block_device *bdev, fmode_t mode,
618                         unsigned int cmd, unsigned long arg)
619 {
620         struct rbd_device *rbd_dev = bdev->bd_disk->private_data;
621         int ret = 0;
622
623         switch (cmd) {
624         case BLKROSET:
625                 ret = rbd_ioctl_set_ro(rbd_dev, arg);
626                 break;
627         default:
628                 ret = -ENOTTY;
629         }
630
631         return ret;
632 }
633
634 #ifdef CONFIG_COMPAT
635 static int rbd_compat_ioctl(struct block_device *bdev, fmode_t mode,
636                                 unsigned int cmd, unsigned long arg)
637 {
638         return rbd_ioctl(bdev, mode, cmd, arg);
639 }
640 #endif /* CONFIG_COMPAT */
641
642 static const struct block_device_operations rbd_bd_ops = {
643         .owner                  = THIS_MODULE,
644         .open                   = rbd_open,
645         .release                = rbd_release,
646         .ioctl                  = rbd_ioctl,
647 #ifdef CONFIG_COMPAT
648         .compat_ioctl           = rbd_compat_ioctl,
649 #endif
650 };
651
652 /*
653  * Initialize an rbd client instance.  Success or not, this function
654  * consumes ceph_opts.  Caller holds client_mutex.
655  */
656 static struct rbd_client *rbd_client_create(struct ceph_options *ceph_opts)
657 {
658         struct rbd_client *rbdc;
659         int ret = -ENOMEM;
660
661         dout("%s:\n", __func__);
662         rbdc = kmalloc(sizeof(struct rbd_client), GFP_KERNEL);
663         if (!rbdc)
664                 goto out_opt;
665
666         kref_init(&rbdc->kref);
667         INIT_LIST_HEAD(&rbdc->node);
668
669         rbdc->client = ceph_create_client(ceph_opts, rbdc, 0, 0);
670         if (IS_ERR(rbdc->client))
671                 goto out_rbdc;
672         ceph_opts = NULL; /* Now rbdc->client is responsible for ceph_opts */
673
674         ret = ceph_open_session(rbdc->client);
675         if (ret < 0)
676                 goto out_client;
677
678         spin_lock(&rbd_client_list_lock);
679         list_add_tail(&rbdc->node, &rbd_client_list);
680         spin_unlock(&rbd_client_list_lock);
681
682         dout("%s: rbdc %p\n", __func__, rbdc);
683
684         return rbdc;
685 out_client:
686         ceph_destroy_client(rbdc->client);
687 out_rbdc:
688         kfree(rbdc);
689 out_opt:
690         if (ceph_opts)
691                 ceph_destroy_options(ceph_opts);
692         dout("%s: error %d\n", __func__, ret);
693
694         return ERR_PTR(ret);
695 }
696
697 static struct rbd_client *__rbd_get_client(struct rbd_client *rbdc)
698 {
699         kref_get(&rbdc->kref);
700
701         return rbdc;
702 }
703
704 /*
705  * Find a ceph client with specific addr and configuration.  If
706  * found, bump its reference count.
707  */
708 static struct rbd_client *rbd_client_find(struct ceph_options *ceph_opts)
709 {
710         struct rbd_client *client_node;
711         bool found = false;
712
713         if (ceph_opts->flags & CEPH_OPT_NOSHARE)
714                 return NULL;
715
716         spin_lock(&rbd_client_list_lock);
717         list_for_each_entry(client_node, &rbd_client_list, node) {
718                 if (!ceph_compare_options(ceph_opts, client_node->client)) {
719                         __rbd_get_client(client_node);
720
721                         found = true;
722                         break;
723                 }
724         }
725         spin_unlock(&rbd_client_list_lock);
726
727         return found ? client_node : NULL;
728 }
729
730 /*
731  * (Per device) rbd map options
732  */
733 enum {
734         Opt_queue_depth,
735         Opt_last_int,
736         /* int args above */
737         Opt_last_string,
738         /* string args above */
739         Opt_read_only,
740         Opt_read_write,
741         Opt_err
742 };
743
744 static match_table_t rbd_opts_tokens = {
745         {Opt_queue_depth, "queue_depth=%d"},
746         /* int args above */
747         /* string args above */
748         {Opt_read_only, "read_only"},
749         {Opt_read_only, "ro"},          /* Alternate spelling */
750         {Opt_read_write, "read_write"},
751         {Opt_read_write, "rw"},         /* Alternate spelling */
752         {Opt_err, NULL}
753 };
754
755 struct rbd_options {
756         int     queue_depth;
757         bool    read_only;
758 };
759
760 #define RBD_QUEUE_DEPTH_DEFAULT BLKDEV_MAX_RQ
761 #define RBD_READ_ONLY_DEFAULT   false
762
763 static int parse_rbd_opts_token(char *c, void *private)
764 {
765         struct rbd_options *rbd_opts = private;
766         substring_t argstr[MAX_OPT_ARGS];
767         int token, intval, ret;
768
769         token = match_token(c, rbd_opts_tokens, argstr);
770         if (token < Opt_last_int) {
771                 ret = match_int(&argstr[0], &intval);
772                 if (ret < 0) {
773                         pr_err("bad mount option arg (not int) at '%s'\n", c);
774                         return ret;
775                 }
776                 dout("got int token %d val %d\n", token, intval);
777         } else if (token > Opt_last_int && token < Opt_last_string) {
778                 dout("got string token %d val %s\n", token, argstr[0].from);
779         } else {
780                 dout("got token %d\n", token);
781         }
782
783         switch (token) {
784         case Opt_queue_depth:
785                 if (intval < 1) {
786                         pr_err("queue_depth out of range\n");
787                         return -EINVAL;
788                 }
789                 rbd_opts->queue_depth = intval;
790                 break;
791         case Opt_read_only:
792                 rbd_opts->read_only = true;
793                 break;
794         case Opt_read_write:
795                 rbd_opts->read_only = false;
796                 break;
797         default:
798                 /* libceph prints "bad option" msg */
799                 return -EINVAL;
800         }
801
802         return 0;
803 }
804
805 static char* obj_op_name(enum obj_operation_type op_type)
806 {
807         switch (op_type) {
808         case OBJ_OP_READ:
809                 return "read";
810         case OBJ_OP_WRITE:
811                 return "write";
812         case OBJ_OP_DISCARD:
813                 return "discard";
814         default:
815                 return "???";
816         }
817 }
818
819 /*
820  * Get a ceph client with specific addr and configuration, if one does
821  * not exist create it.  Either way, ceph_opts is consumed by this
822  * function.
823  */
824 static struct rbd_client *rbd_get_client(struct ceph_options *ceph_opts)
825 {
826         struct rbd_client *rbdc;
827
828         mutex_lock_nested(&client_mutex, SINGLE_DEPTH_NESTING);
829         rbdc = rbd_client_find(ceph_opts);
830         if (rbdc)       /* using an existing client */
831                 ceph_destroy_options(ceph_opts);
832         else
833                 rbdc = rbd_client_create(ceph_opts);
834         mutex_unlock(&client_mutex);
835
836         return rbdc;
837 }
838
839 /*
840  * Destroy ceph client
841  *
842  * Caller must hold rbd_client_list_lock.
843  */
844 static void rbd_client_release(struct kref *kref)
845 {
846         struct rbd_client *rbdc = container_of(kref, struct rbd_client, kref);
847
848         dout("%s: rbdc %p\n", __func__, rbdc);
849         spin_lock(&rbd_client_list_lock);
850         list_del(&rbdc->node);
851         spin_unlock(&rbd_client_list_lock);
852
853         ceph_destroy_client(rbdc->client);
854         kfree(rbdc);
855 }
856
857 /*
858  * Drop reference to ceph client node. If it's not referenced anymore, release
859  * it.
860  */
861 static void rbd_put_client(struct rbd_client *rbdc)
862 {
863         if (rbdc)
864                 kref_put(&rbdc->kref, rbd_client_release);
865 }
866
867 static bool rbd_image_format_valid(u32 image_format)
868 {
869         return image_format == 1 || image_format == 2;
870 }
871
872 static bool rbd_dev_ondisk_valid(struct rbd_image_header_ondisk *ondisk)
873 {
874         size_t size;
875         u32 snap_count;
876
877         /* The header has to start with the magic rbd header text */
878         if (memcmp(&ondisk->text, RBD_HEADER_TEXT, sizeof (RBD_HEADER_TEXT)))
879                 return false;
880
881         /* The bio layer requires at least sector-sized I/O */
882
883         if (ondisk->options.order < SECTOR_SHIFT)
884                 return false;
885
886         /* If we use u64 in a few spots we may be able to loosen this */
887
888         if (ondisk->options.order > 8 * sizeof (int) - 1)
889                 return false;
890
891         /*
892          * The size of a snapshot header has to fit in a size_t, and
893          * that limits the number of snapshots.
894          */
895         snap_count = le32_to_cpu(ondisk->snap_count);
896         size = SIZE_MAX - sizeof (struct ceph_snap_context);
897         if (snap_count > size / sizeof (__le64))
898                 return false;
899
900         /*
901          * Not only that, but the size of the entire the snapshot
902          * header must also be representable in a size_t.
903          */
904         size -= snap_count * sizeof (__le64);
905         if ((u64) size < le64_to_cpu(ondisk->snap_names_len))
906                 return false;
907
908         return true;
909 }
910
911 /*
912  * Fill an rbd image header with information from the given format 1
913  * on-disk header.
914  */
915 static int rbd_header_from_disk(struct rbd_device *rbd_dev,
916                                  struct rbd_image_header_ondisk *ondisk)
917 {
918         struct rbd_image_header *header = &rbd_dev->header;
919         bool first_time = header->object_prefix == NULL;
920         struct ceph_snap_context *snapc;
921         char *object_prefix = NULL;
922         char *snap_names = NULL;
923         u64 *snap_sizes = NULL;
924         u32 snap_count;
925         size_t size;
926         int ret = -ENOMEM;
927         u32 i;
928
929         /* Allocate this now to avoid having to handle failure below */
930
931         if (first_time) {
932                 size_t len;
933
934                 len = strnlen(ondisk->object_prefix,
935                                 sizeof (ondisk->object_prefix));
936                 object_prefix = kmalloc(len + 1, GFP_KERNEL);
937                 if (!object_prefix)
938                         return -ENOMEM;
939                 memcpy(object_prefix, ondisk->object_prefix, len);
940                 object_prefix[len] = '\0';
941         }
942
943         /* Allocate the snapshot context and fill it in */
944
945         snap_count = le32_to_cpu(ondisk->snap_count);
946         snapc = ceph_create_snap_context(snap_count, GFP_KERNEL);
947         if (!snapc)
948                 goto out_err;
949         snapc->seq = le64_to_cpu(ondisk->snap_seq);
950         if (snap_count) {
951                 struct rbd_image_snap_ondisk *snaps;
952                 u64 snap_names_len = le64_to_cpu(ondisk->snap_names_len);
953
954                 /* We'll keep a copy of the snapshot names... */
955
956                 if (snap_names_len > (u64)SIZE_MAX)
957                         goto out_2big;
958                 snap_names = kmalloc(snap_names_len, GFP_KERNEL);
959                 if (!snap_names)
960                         goto out_err;
961
962                 /* ...as well as the array of their sizes. */
963
964                 size = snap_count * sizeof (*header->snap_sizes);
965                 snap_sizes = kmalloc(size, GFP_KERNEL);
966                 if (!snap_sizes)
967                         goto out_err;
968
969                 /*
970                  * Copy the names, and fill in each snapshot's id
971                  * and size.
972                  *
973                  * Note that rbd_dev_v1_header_info() guarantees the
974                  * ondisk buffer we're working with has
975                  * snap_names_len bytes beyond the end of the
976                  * snapshot id array, this memcpy() is safe.
977                  */
978                 memcpy(snap_names, &ondisk->snaps[snap_count], snap_names_len);
979                 snaps = ondisk->snaps;
980                 for (i = 0; i < snap_count; i++) {
981                         snapc->snaps[i] = le64_to_cpu(snaps[i].id);
982                         snap_sizes[i] = le64_to_cpu(snaps[i].image_size);
983                 }
984         }
985
986         /* We won't fail any more, fill in the header */
987
988         if (first_time) {
989                 header->object_prefix = object_prefix;
990                 header->obj_order = ondisk->options.order;
991                 header->crypt_type = ondisk->options.crypt_type;
992                 header->comp_type = ondisk->options.comp_type;
993                 /* The rest aren't used for format 1 images */
994                 header->stripe_unit = 0;
995                 header->stripe_count = 0;
996                 header->features = 0;
997         } else {
998                 ceph_put_snap_context(header->snapc);
999                 kfree(header->snap_names);
1000                 kfree(header->snap_sizes);
1001         }
1002
1003         /* The remaining fields always get updated (when we refresh) */
1004
1005         header->image_size = le64_to_cpu(ondisk->image_size);
1006         header->snapc = snapc;
1007         header->snap_names = snap_names;
1008         header->snap_sizes = snap_sizes;
1009
1010         return 0;
1011 out_2big:
1012         ret = -EIO;
1013 out_err:
1014         kfree(snap_sizes);
1015         kfree(snap_names);
1016         ceph_put_snap_context(snapc);
1017         kfree(object_prefix);
1018
1019         return ret;
1020 }
1021
1022 static const char *_rbd_dev_v1_snap_name(struct rbd_device *rbd_dev, u32 which)
1023 {
1024         const char *snap_name;
1025
1026         rbd_assert(which < rbd_dev->header.snapc->num_snaps);
1027
1028         /* Skip over names until we find the one we are looking for */
1029
1030         snap_name = rbd_dev->header.snap_names;
1031         while (which--)
1032                 snap_name += strlen(snap_name) + 1;
1033
1034         return kstrdup(snap_name, GFP_KERNEL);
1035 }
1036
1037 /*
1038  * Snapshot id comparison function for use with qsort()/bsearch().
1039  * Note that result is for snapshots in *descending* order.
1040  */
1041 static int snapid_compare_reverse(const void *s1, const void *s2)
1042 {
1043         u64 snap_id1 = *(u64 *)s1;
1044         u64 snap_id2 = *(u64 *)s2;
1045
1046         if (snap_id1 < snap_id2)
1047                 return 1;
1048         return snap_id1 == snap_id2 ? 0 : -1;
1049 }
1050
1051 /*
1052  * Search a snapshot context to see if the given snapshot id is
1053  * present.
1054  *
1055  * Returns the position of the snapshot id in the array if it's found,
1056  * or BAD_SNAP_INDEX otherwise.
1057  *
1058  * Note: The snapshot array is in kept sorted (by the osd) in
1059  * reverse order, highest snapshot id first.
1060  */
1061 static u32 rbd_dev_snap_index(struct rbd_device *rbd_dev, u64 snap_id)
1062 {
1063         struct ceph_snap_context *snapc = rbd_dev->header.snapc;
1064         u64 *found;
1065
1066         found = bsearch(&snap_id, &snapc->snaps, snapc->num_snaps,
1067                                 sizeof (snap_id), snapid_compare_reverse);
1068
1069         return found ? (u32)(found - &snapc->snaps[0]) : BAD_SNAP_INDEX;
1070 }
1071
1072 static const char *rbd_dev_v1_snap_name(struct rbd_device *rbd_dev,
1073                                         u64 snap_id)
1074 {
1075         u32 which;
1076         const char *snap_name;
1077
1078         which = rbd_dev_snap_index(rbd_dev, snap_id);
1079         if (which == BAD_SNAP_INDEX)
1080                 return ERR_PTR(-ENOENT);
1081
1082         snap_name = _rbd_dev_v1_snap_name(rbd_dev, which);
1083         return snap_name ? snap_name : ERR_PTR(-ENOMEM);
1084 }
1085
1086 static const char *rbd_snap_name(struct rbd_device *rbd_dev, u64 snap_id)
1087 {
1088         if (snap_id == CEPH_NOSNAP)
1089                 return RBD_SNAP_HEAD_NAME;
1090
1091         rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
1092         if (rbd_dev->image_format == 1)
1093                 return rbd_dev_v1_snap_name(rbd_dev, snap_id);
1094
1095         return rbd_dev_v2_snap_name(rbd_dev, snap_id);
1096 }
1097
1098 static int rbd_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
1099                                 u64 *snap_size)
1100 {
1101         rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
1102         if (snap_id == CEPH_NOSNAP) {
1103                 *snap_size = rbd_dev->header.image_size;
1104         } else if (rbd_dev->image_format == 1) {
1105                 u32 which;
1106
1107                 which = rbd_dev_snap_index(rbd_dev, snap_id);
1108                 if (which == BAD_SNAP_INDEX)
1109                         return -ENOENT;
1110
1111                 *snap_size = rbd_dev->header.snap_sizes[which];
1112         } else {
1113                 u64 size = 0;
1114                 int ret;
1115
1116                 ret = _rbd_dev_v2_snap_size(rbd_dev, snap_id, NULL, &size);
1117                 if (ret)
1118                         return ret;
1119
1120                 *snap_size = size;
1121         }
1122         return 0;
1123 }
1124
1125 static int rbd_snap_features(struct rbd_device *rbd_dev, u64 snap_id,
1126                         u64 *snap_features)
1127 {
1128         rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
1129         if (snap_id == CEPH_NOSNAP) {
1130                 *snap_features = rbd_dev->header.features;
1131         } else if (rbd_dev->image_format == 1) {
1132                 *snap_features = 0;     /* No features for format 1 */
1133         } else {
1134                 u64 features = 0;
1135                 int ret;
1136
1137                 ret = _rbd_dev_v2_snap_features(rbd_dev, snap_id, &features);
1138                 if (ret)
1139                         return ret;
1140
1141                 *snap_features = features;
1142         }
1143         return 0;
1144 }
1145
1146 static int rbd_dev_mapping_set(struct rbd_device *rbd_dev)
1147 {
1148         u64 snap_id = rbd_dev->spec->snap_id;
1149         u64 size = 0;
1150         u64 features = 0;
1151         int ret;
1152
1153         ret = rbd_snap_size(rbd_dev, snap_id, &size);
1154         if (ret)
1155                 return ret;
1156         ret = rbd_snap_features(rbd_dev, snap_id, &features);
1157         if (ret)
1158                 return ret;
1159
1160         rbd_dev->mapping.size = size;
1161         rbd_dev->mapping.features = features;
1162
1163         return 0;
1164 }
1165
1166 static void rbd_dev_mapping_clear(struct rbd_device *rbd_dev)
1167 {
1168         rbd_dev->mapping.size = 0;
1169         rbd_dev->mapping.features = 0;
1170 }
1171
1172 static void rbd_segment_name_free(const char *name)
1173 {
1174         /* The explicit cast here is needed to drop the const qualifier */
1175
1176         kmem_cache_free(rbd_segment_name_cache, (void *)name);
1177 }
1178
1179 static const char *rbd_segment_name(struct rbd_device *rbd_dev, u64 offset)
1180 {
1181         char *name;
1182         u64 segment;
1183         int ret;
1184         char *name_format;
1185
1186         name = kmem_cache_alloc(rbd_segment_name_cache, GFP_NOIO);
1187         if (!name)
1188                 return NULL;
1189         segment = offset >> rbd_dev->header.obj_order;
1190         name_format = "%s.%012llx";
1191         if (rbd_dev->image_format == 2)
1192                 name_format = "%s.%016llx";
1193         ret = snprintf(name, CEPH_MAX_OID_NAME_LEN + 1, name_format,
1194                         rbd_dev->header.object_prefix, segment);
1195         if (ret < 0 || ret > CEPH_MAX_OID_NAME_LEN) {
1196                 pr_err("error formatting segment name for #%llu (%d)\n",
1197                         segment, ret);
1198                 rbd_segment_name_free(name);
1199                 name = NULL;
1200         }
1201
1202         return name;
1203 }
1204
1205 static u64 rbd_segment_offset(struct rbd_device *rbd_dev, u64 offset)
1206 {
1207         u64 segment_size = (u64) 1 << rbd_dev->header.obj_order;
1208
1209         return offset & (segment_size - 1);
1210 }
1211
1212 static u64 rbd_segment_length(struct rbd_device *rbd_dev,
1213                                 u64 offset, u64 length)
1214 {
1215         u64 segment_size = (u64) 1 << rbd_dev->header.obj_order;
1216
1217         offset &= segment_size - 1;
1218
1219         rbd_assert(length <= U64_MAX - offset);
1220         if (offset + length > segment_size)
1221                 length = segment_size - offset;
1222
1223         return length;
1224 }
1225
1226 /*
1227  * returns the size of an object in the image
1228  */
1229 static u64 rbd_obj_bytes(struct rbd_image_header *header)
1230 {
1231         return 1 << header->obj_order;
1232 }
1233
1234 /*
1235  * bio helpers
1236  */
1237
1238 static void bio_chain_put(struct bio *chain)
1239 {
1240         struct bio *tmp;
1241
1242         while (chain) {
1243                 tmp = chain;
1244                 chain = chain->bi_next;
1245                 bio_put(tmp);
1246         }
1247 }
1248
1249 /*
1250  * zeros a bio chain, starting at specific offset
1251  */
1252 static void zero_bio_chain(struct bio *chain, int start_ofs)
1253 {
1254         struct bio_vec bv;
1255         struct bvec_iter iter;
1256         unsigned long flags;
1257         void *buf;
1258         int pos = 0;
1259
1260         while (chain) {
1261                 bio_for_each_segment(bv, chain, iter) {
1262                         if (pos + bv.bv_len > start_ofs) {
1263                                 int remainder = max(start_ofs - pos, 0);
1264                                 buf = bvec_kmap_irq(&bv, &flags);
1265                                 memset(buf + remainder, 0,
1266                                        bv.bv_len - remainder);
1267                                 flush_dcache_page(bv.bv_page);
1268                                 bvec_kunmap_irq(buf, &flags);
1269                         }
1270                         pos += bv.bv_len;
1271                 }
1272
1273                 chain = chain->bi_next;
1274         }
1275 }
1276
1277 /*
1278  * similar to zero_bio_chain(), zeros data defined by a page array,
1279  * starting at the given byte offset from the start of the array and
1280  * continuing up to the given end offset.  The pages array is
1281  * assumed to be big enough to hold all bytes up to the end.
1282  */
1283 static void zero_pages(struct page **pages, u64 offset, u64 end)
1284 {
1285         struct page **page = &pages[offset >> PAGE_SHIFT];
1286
1287         rbd_assert(end > offset);
1288         rbd_assert(end - offset <= (u64)SIZE_MAX);
1289         while (offset < end) {
1290                 size_t page_offset;
1291                 size_t length;
1292                 unsigned long flags;
1293                 void *kaddr;
1294
1295                 page_offset = offset & ~PAGE_MASK;
1296                 length = min_t(size_t, PAGE_SIZE - page_offset, end - offset);
1297                 local_irq_save(flags);
1298                 kaddr = kmap_atomic(*page);
1299                 memset(kaddr + page_offset, 0, length);
1300                 flush_dcache_page(*page);
1301                 kunmap_atomic(kaddr);
1302                 local_irq_restore(flags);
1303
1304                 offset += length;
1305                 page++;
1306         }
1307 }
1308
1309 /*
1310  * Clone a portion of a bio, starting at the given byte offset
1311  * and continuing for the number of bytes indicated.
1312  */
1313 static struct bio *bio_clone_range(struct bio *bio_src,
1314                                         unsigned int offset,
1315                                         unsigned int len,
1316                                         gfp_t gfpmask)
1317 {
1318         struct bio *bio;
1319
1320         bio = bio_clone(bio_src, gfpmask);
1321         if (!bio)
1322                 return NULL;    /* ENOMEM */
1323
1324         bio_advance(bio, offset);
1325         bio->bi_iter.bi_size = len;
1326
1327         return bio;
1328 }
1329
1330 /*
1331  * Clone a portion of a bio chain, starting at the given byte offset
1332  * into the first bio in the source chain and continuing for the
1333  * number of bytes indicated.  The result is another bio chain of
1334  * exactly the given length, or a null pointer on error.
1335  *
1336  * The bio_src and offset parameters are both in-out.  On entry they
1337  * refer to the first source bio and the offset into that bio where
1338  * the start of data to be cloned is located.
1339  *
1340  * On return, bio_src is updated to refer to the bio in the source
1341  * chain that contains first un-cloned byte, and *offset will
1342  * contain the offset of that byte within that bio.
1343  */
1344 static struct bio *bio_chain_clone_range(struct bio **bio_src,
1345                                         unsigned int *offset,
1346                                         unsigned int len,
1347                                         gfp_t gfpmask)
1348 {
1349         struct bio *bi = *bio_src;
1350         unsigned int off = *offset;
1351         struct bio *chain = NULL;
1352         struct bio **end;
1353
1354         /* Build up a chain of clone bios up to the limit */
1355
1356         if (!bi || off >= bi->bi_iter.bi_size || !len)
1357                 return NULL;            /* Nothing to clone */
1358
1359         end = &chain;
1360         while (len) {
1361                 unsigned int bi_size;
1362                 struct bio *bio;
1363
1364                 if (!bi) {
1365                         rbd_warn(NULL, "bio_chain exhausted with %u left", len);
1366                         goto out_err;   /* EINVAL; ran out of bio's */
1367                 }
1368                 bi_size = min_t(unsigned int, bi->bi_iter.bi_size - off, len);
1369                 bio = bio_clone_range(bi, off, bi_size, gfpmask);
1370                 if (!bio)
1371                         goto out_err;   /* ENOMEM */
1372
1373                 *end = bio;
1374                 end = &bio->bi_next;
1375
1376                 off += bi_size;
1377                 if (off == bi->bi_iter.bi_size) {
1378                         bi = bi->bi_next;
1379                         off = 0;
1380                 }
1381                 len -= bi_size;
1382         }
1383         *bio_src = bi;
1384         *offset = off;
1385
1386         return chain;
1387 out_err:
1388         bio_chain_put(chain);
1389
1390         return NULL;
1391 }
1392
1393 /*
1394  * The default/initial value for all object request flags is 0.  For
1395  * each flag, once its value is set to 1 it is never reset to 0
1396  * again.
1397  */
1398 static void obj_request_img_data_set(struct rbd_obj_request *obj_request)
1399 {
1400         if (test_and_set_bit(OBJ_REQ_IMG_DATA, &obj_request->flags)) {
1401                 struct rbd_device *rbd_dev;
1402
1403                 rbd_dev = obj_request->img_request->rbd_dev;
1404                 rbd_warn(rbd_dev, "obj_request %p already marked img_data",
1405                         obj_request);
1406         }
1407 }
1408
1409 static bool obj_request_img_data_test(struct rbd_obj_request *obj_request)
1410 {
1411         smp_mb();
1412         return test_bit(OBJ_REQ_IMG_DATA, &obj_request->flags) != 0;
1413 }
1414
1415 static void obj_request_done_set(struct rbd_obj_request *obj_request)
1416 {
1417         if (test_and_set_bit(OBJ_REQ_DONE, &obj_request->flags)) {
1418                 struct rbd_device *rbd_dev = NULL;
1419
1420                 if (obj_request_img_data_test(obj_request))
1421                         rbd_dev = obj_request->img_request->rbd_dev;
1422                 rbd_warn(rbd_dev, "obj_request %p already marked done",
1423                         obj_request);
1424         }
1425 }
1426
1427 static bool obj_request_done_test(struct rbd_obj_request *obj_request)
1428 {
1429         smp_mb();
1430         return test_bit(OBJ_REQ_DONE, &obj_request->flags) != 0;
1431 }
1432
1433 /*
1434  * This sets the KNOWN flag after (possibly) setting the EXISTS
1435  * flag.  The latter is set based on the "exists" value provided.
1436  *
1437  * Note that for our purposes once an object exists it never goes
1438  * away again.  It's possible that the response from two existence
1439  * checks are separated by the creation of the target object, and
1440  * the first ("doesn't exist") response arrives *after* the second
1441  * ("does exist").  In that case we ignore the second one.
1442  */
1443 static void obj_request_existence_set(struct rbd_obj_request *obj_request,
1444                                 bool exists)
1445 {
1446         if (exists)
1447                 set_bit(OBJ_REQ_EXISTS, &obj_request->flags);
1448         set_bit(OBJ_REQ_KNOWN, &obj_request->flags);
1449         smp_mb();
1450 }
1451
1452 static bool obj_request_known_test(struct rbd_obj_request *obj_request)
1453 {
1454         smp_mb();
1455         return test_bit(OBJ_REQ_KNOWN, &obj_request->flags) != 0;
1456 }
1457
1458 static bool obj_request_exists_test(struct rbd_obj_request *obj_request)
1459 {
1460         smp_mb();
1461         return test_bit(OBJ_REQ_EXISTS, &obj_request->flags) != 0;
1462 }
1463
1464 static bool obj_request_overlaps_parent(struct rbd_obj_request *obj_request)
1465 {
1466         struct rbd_device *rbd_dev = obj_request->img_request->rbd_dev;
1467
1468         return obj_request->img_offset <
1469             round_up(rbd_dev->parent_overlap, rbd_obj_bytes(&rbd_dev->header));
1470 }
1471
1472 static void rbd_obj_request_get(struct rbd_obj_request *obj_request)
1473 {
1474         dout("%s: obj %p (was %d)\n", __func__, obj_request,
1475                 atomic_read(&obj_request->kref.refcount));
1476         kref_get(&obj_request->kref);
1477 }
1478
1479 static void rbd_obj_request_destroy(struct kref *kref);
1480 static void rbd_obj_request_put(struct rbd_obj_request *obj_request)
1481 {
1482         rbd_assert(obj_request != NULL);
1483         dout("%s: obj %p (was %d)\n", __func__, obj_request,
1484                 atomic_read(&obj_request->kref.refcount));
1485         kref_put(&obj_request->kref, rbd_obj_request_destroy);
1486 }
1487
1488 static void rbd_img_request_get(struct rbd_img_request *img_request)
1489 {
1490         dout("%s: img %p (was %d)\n", __func__, img_request,
1491              atomic_read(&img_request->kref.refcount));
1492         kref_get(&img_request->kref);
1493 }
1494
1495 static bool img_request_child_test(struct rbd_img_request *img_request);
1496 static void rbd_parent_request_destroy(struct kref *kref);
1497 static void rbd_img_request_destroy(struct kref *kref);
1498 static void rbd_img_request_put(struct rbd_img_request *img_request)
1499 {
1500         rbd_assert(img_request != NULL);
1501         dout("%s: img %p (was %d)\n", __func__, img_request,
1502                 atomic_read(&img_request->kref.refcount));
1503         if (img_request_child_test(img_request))
1504                 kref_put(&img_request->kref, rbd_parent_request_destroy);
1505         else
1506                 kref_put(&img_request->kref, rbd_img_request_destroy);
1507 }
1508
1509 static inline void rbd_img_obj_request_add(struct rbd_img_request *img_request,
1510                                         struct rbd_obj_request *obj_request)
1511 {
1512         rbd_assert(obj_request->img_request == NULL);
1513
1514         /* Image request now owns object's original reference */
1515         obj_request->img_request = img_request;
1516         obj_request->which = img_request->obj_request_count;
1517         rbd_assert(!obj_request_img_data_test(obj_request));
1518         obj_request_img_data_set(obj_request);
1519         rbd_assert(obj_request->which != BAD_WHICH);
1520         img_request->obj_request_count++;
1521         list_add_tail(&obj_request->links, &img_request->obj_requests);
1522         dout("%s: img %p obj %p w=%u\n", __func__, img_request, obj_request,
1523                 obj_request->which);
1524 }
1525
1526 static inline void rbd_img_obj_request_del(struct rbd_img_request *img_request,
1527                                         struct rbd_obj_request *obj_request)
1528 {
1529         rbd_assert(obj_request->which != BAD_WHICH);
1530
1531         dout("%s: img %p obj %p w=%u\n", __func__, img_request, obj_request,
1532                 obj_request->which);
1533         list_del(&obj_request->links);
1534         rbd_assert(img_request->obj_request_count > 0);
1535         img_request->obj_request_count--;
1536         rbd_assert(obj_request->which == img_request->obj_request_count);
1537         obj_request->which = BAD_WHICH;
1538         rbd_assert(obj_request_img_data_test(obj_request));
1539         rbd_assert(obj_request->img_request == img_request);
1540         obj_request->img_request = NULL;
1541         obj_request->callback = NULL;
1542         rbd_obj_request_put(obj_request);
1543 }
1544
1545 static bool obj_request_type_valid(enum obj_request_type type)
1546 {
1547         switch (type) {
1548         case OBJ_REQUEST_NODATA:
1549         case OBJ_REQUEST_BIO:
1550         case OBJ_REQUEST_PAGES:
1551                 return true;
1552         default:
1553                 return false;
1554         }
1555 }
1556
1557 static int rbd_obj_request_submit(struct ceph_osd_client *osdc,
1558                                 struct rbd_obj_request *obj_request)
1559 {
1560         dout("%s %p\n", __func__, obj_request);
1561         return ceph_osdc_start_request(osdc, obj_request->osd_req, false);
1562 }
1563
1564 static void rbd_obj_request_end(struct rbd_obj_request *obj_request)
1565 {
1566         dout("%s %p\n", __func__, obj_request);
1567         ceph_osdc_cancel_request(obj_request->osd_req);
1568 }
1569
1570 /*
1571  * Wait for an object request to complete.  If interrupted, cancel the
1572  * underlying osd request.
1573  *
1574  * @timeout: in jiffies, 0 means "wait forever"
1575  */
1576 static int __rbd_obj_request_wait(struct rbd_obj_request *obj_request,
1577                                   unsigned long timeout)
1578 {
1579         long ret;
1580
1581         dout("%s %p\n", __func__, obj_request);
1582         ret = wait_for_completion_interruptible_timeout(
1583                                         &obj_request->completion,
1584                                         ceph_timeout_jiffies(timeout));
1585         if (ret <= 0) {
1586                 if (ret == 0)
1587                         ret = -ETIMEDOUT;
1588                 rbd_obj_request_end(obj_request);
1589         } else {
1590                 ret = 0;
1591         }
1592
1593         dout("%s %p ret %d\n", __func__, obj_request, (int)ret);
1594         return ret;
1595 }
1596
1597 static int rbd_obj_request_wait(struct rbd_obj_request *obj_request)
1598 {
1599         return __rbd_obj_request_wait(obj_request, 0);
1600 }
1601
1602 static int rbd_obj_request_wait_timeout(struct rbd_obj_request *obj_request,
1603                                         unsigned long timeout)
1604 {
1605         return __rbd_obj_request_wait(obj_request, timeout);
1606 }
1607
1608 static void rbd_img_request_complete(struct rbd_img_request *img_request)
1609 {
1610
1611         dout("%s: img %p\n", __func__, img_request);
1612
1613         /*
1614          * If no error occurred, compute the aggregate transfer
1615          * count for the image request.  We could instead use
1616          * atomic64_cmpxchg() to update it as each object request
1617          * completes; not clear which way is better off hand.
1618          */
1619         if (!img_request->result) {
1620                 struct rbd_obj_request *obj_request;
1621                 u64 xferred = 0;
1622
1623                 for_each_obj_request(img_request, obj_request)
1624                         xferred += obj_request->xferred;
1625                 img_request->xferred = xferred;
1626         }
1627
1628         if (img_request->callback)
1629                 img_request->callback(img_request);
1630         else
1631                 rbd_img_request_put(img_request);
1632 }
1633
1634 /*
1635  * The default/initial value for all image request flags is 0.  Each
1636  * is conditionally set to 1 at image request initialization time
1637  * and currently never change thereafter.
1638  */
1639 static void img_request_write_set(struct rbd_img_request *img_request)
1640 {
1641         set_bit(IMG_REQ_WRITE, &img_request->flags);
1642         smp_mb();
1643 }
1644
1645 static bool img_request_write_test(struct rbd_img_request *img_request)
1646 {
1647         smp_mb();
1648         return test_bit(IMG_REQ_WRITE, &img_request->flags) != 0;
1649 }
1650
1651 /*
1652  * Set the discard flag when the img_request is an discard request
1653  */
1654 static void img_request_discard_set(struct rbd_img_request *img_request)
1655 {
1656         set_bit(IMG_REQ_DISCARD, &img_request->flags);
1657         smp_mb();
1658 }
1659
1660 static bool img_request_discard_test(struct rbd_img_request *img_request)
1661 {
1662         smp_mb();
1663         return test_bit(IMG_REQ_DISCARD, &img_request->flags) != 0;
1664 }
1665
1666 static void img_request_child_set(struct rbd_img_request *img_request)
1667 {
1668         set_bit(IMG_REQ_CHILD, &img_request->flags);
1669         smp_mb();
1670 }
1671
1672 static void img_request_child_clear(struct rbd_img_request *img_request)
1673 {
1674         clear_bit(IMG_REQ_CHILD, &img_request->flags);
1675         smp_mb();
1676 }
1677
1678 static bool img_request_child_test(struct rbd_img_request *img_request)
1679 {
1680         smp_mb();
1681         return test_bit(IMG_REQ_CHILD, &img_request->flags) != 0;
1682 }
1683
1684 static void img_request_layered_set(struct rbd_img_request *img_request)
1685 {
1686         set_bit(IMG_REQ_LAYERED, &img_request->flags);
1687         smp_mb();
1688 }
1689
1690 static void img_request_layered_clear(struct rbd_img_request *img_request)
1691 {
1692         clear_bit(IMG_REQ_LAYERED, &img_request->flags);
1693         smp_mb();
1694 }
1695
1696 static bool img_request_layered_test(struct rbd_img_request *img_request)
1697 {
1698         smp_mb();
1699         return test_bit(IMG_REQ_LAYERED, &img_request->flags) != 0;
1700 }
1701
1702 static enum obj_operation_type
1703 rbd_img_request_op_type(struct rbd_img_request *img_request)
1704 {
1705         if (img_request_write_test(img_request))
1706                 return OBJ_OP_WRITE;
1707         else if (img_request_discard_test(img_request))
1708                 return OBJ_OP_DISCARD;
1709         else
1710                 return OBJ_OP_READ;
1711 }
1712
1713 static void
1714 rbd_img_obj_request_read_callback(struct rbd_obj_request *obj_request)
1715 {
1716         u64 xferred = obj_request->xferred;
1717         u64 length = obj_request->length;
1718
1719         dout("%s: obj %p img %p result %d %llu/%llu\n", __func__,
1720                 obj_request, obj_request->img_request, obj_request->result,
1721                 xferred, length);
1722         /*
1723          * ENOENT means a hole in the image.  We zero-fill the entire
1724          * length of the request.  A short read also implies zero-fill
1725          * to the end of the request.  An error requires the whole
1726          * length of the request to be reported finished with an error
1727          * to the block layer.  In each case we update the xferred
1728          * count to indicate the whole request was satisfied.
1729          */
1730         rbd_assert(obj_request->type != OBJ_REQUEST_NODATA);
1731         if (obj_request->result == -ENOENT) {
1732                 if (obj_request->type == OBJ_REQUEST_BIO)
1733                         zero_bio_chain(obj_request->bio_list, 0);
1734                 else
1735                         zero_pages(obj_request->pages, 0, length);
1736                 obj_request->result = 0;
1737         } else if (xferred < length && !obj_request->result) {
1738                 if (obj_request->type == OBJ_REQUEST_BIO)
1739                         zero_bio_chain(obj_request->bio_list, xferred);
1740                 else
1741                         zero_pages(obj_request->pages, xferred, length);
1742         }
1743         obj_request->xferred = length;
1744         obj_request_done_set(obj_request);
1745 }
1746
1747 static void rbd_obj_request_complete(struct rbd_obj_request *obj_request)
1748 {
1749         dout("%s: obj %p cb %p\n", __func__, obj_request,
1750                 obj_request->callback);
1751         if (obj_request->callback)
1752                 obj_request->callback(obj_request);
1753         else
1754                 complete_all(&obj_request->completion);
1755 }
1756
1757 static void rbd_osd_trivial_callback(struct rbd_obj_request *obj_request)
1758 {
1759         dout("%s: obj %p\n", __func__, obj_request);
1760         obj_request_done_set(obj_request);
1761 }
1762
1763 static void rbd_osd_read_callback(struct rbd_obj_request *obj_request)
1764 {
1765         struct rbd_img_request *img_request = NULL;
1766         struct rbd_device *rbd_dev = NULL;
1767         bool layered = false;
1768
1769         if (obj_request_img_data_test(obj_request)) {
1770                 img_request = obj_request->img_request;
1771                 layered = img_request && img_request_layered_test(img_request);
1772                 rbd_dev = img_request->rbd_dev;
1773         }
1774
1775         dout("%s: obj %p img %p result %d %llu/%llu\n", __func__,
1776                 obj_request, img_request, obj_request->result,
1777                 obj_request->xferred, obj_request->length);
1778         if (layered && obj_request->result == -ENOENT &&
1779                         obj_request->img_offset < rbd_dev->parent_overlap)
1780                 rbd_img_parent_read(obj_request);
1781         else if (img_request)
1782                 rbd_img_obj_request_read_callback(obj_request);
1783         else
1784                 obj_request_done_set(obj_request);
1785 }
1786
1787 static void rbd_osd_write_callback(struct rbd_obj_request *obj_request)
1788 {
1789         dout("%s: obj %p result %d %llu\n", __func__, obj_request,
1790                 obj_request->result, obj_request->length);
1791         /*
1792          * There is no such thing as a successful short write.  Set
1793          * it to our originally-requested length.
1794          */
1795         obj_request->xferred = obj_request->length;
1796         obj_request_done_set(obj_request);
1797 }
1798
1799 static void rbd_osd_discard_callback(struct rbd_obj_request *obj_request)
1800 {
1801         dout("%s: obj %p result %d %llu\n", __func__, obj_request,
1802                 obj_request->result, obj_request->length);
1803         /*
1804          * There is no such thing as a successful short discard.  Set
1805          * it to our originally-requested length.
1806          */
1807         obj_request->xferred = obj_request->length;
1808         /* discarding a non-existent object is not a problem */
1809         if (obj_request->result == -ENOENT)
1810                 obj_request->result = 0;
1811         obj_request_done_set(obj_request);
1812 }
1813
1814 /*
1815  * For a simple stat call there's nothing to do.  We'll do more if
1816  * this is part of a write sequence for a layered image.
1817  */
1818 static void rbd_osd_stat_callback(struct rbd_obj_request *obj_request)
1819 {
1820         dout("%s: obj %p\n", __func__, obj_request);
1821         obj_request_done_set(obj_request);
1822 }
1823
1824 static void rbd_osd_call_callback(struct rbd_obj_request *obj_request)
1825 {
1826         dout("%s: obj %p\n", __func__, obj_request);
1827
1828         if (obj_request_img_data_test(obj_request))
1829                 rbd_osd_copyup_callback(obj_request);
1830         else
1831                 obj_request_done_set(obj_request);
1832 }
1833
1834 static void rbd_osd_req_callback(struct ceph_osd_request *osd_req,
1835                                 struct ceph_msg *msg)
1836 {
1837         struct rbd_obj_request *obj_request = osd_req->r_priv;
1838         u16 opcode;
1839
1840         dout("%s: osd_req %p msg %p\n", __func__, osd_req, msg);
1841         rbd_assert(osd_req == obj_request->osd_req);
1842         if (obj_request_img_data_test(obj_request)) {
1843                 rbd_assert(obj_request->img_request);
1844                 rbd_assert(obj_request->which != BAD_WHICH);
1845         } else {
1846                 rbd_assert(obj_request->which == BAD_WHICH);
1847         }
1848
1849         if (osd_req->r_result < 0)
1850                 obj_request->result = osd_req->r_result;
1851
1852         rbd_assert(osd_req->r_num_ops <= CEPH_OSD_MAX_OP);
1853
1854         /*
1855          * We support a 64-bit length, but ultimately it has to be
1856          * passed to the block layer, which just supports a 32-bit
1857          * length field.
1858          */
1859         obj_request->xferred = osd_req->r_reply_op_len[0];
1860         rbd_assert(obj_request->xferred < (u64)UINT_MAX);
1861
1862         opcode = osd_req->r_ops[0].op;
1863         switch (opcode) {
1864         case CEPH_OSD_OP_READ:
1865                 rbd_osd_read_callback(obj_request);
1866                 break;
1867         case CEPH_OSD_OP_SETALLOCHINT:
1868                 rbd_assert(osd_req->r_ops[1].op == CEPH_OSD_OP_WRITE ||
1869                            osd_req->r_ops[1].op == CEPH_OSD_OP_WRITEFULL);
1870                 /* fall through */
1871         case CEPH_OSD_OP_WRITE:
1872         case CEPH_OSD_OP_WRITEFULL:
1873                 rbd_osd_write_callback(obj_request);
1874                 break;
1875         case CEPH_OSD_OP_STAT:
1876                 rbd_osd_stat_callback(obj_request);
1877                 break;
1878         case CEPH_OSD_OP_DELETE:
1879         case CEPH_OSD_OP_TRUNCATE:
1880         case CEPH_OSD_OP_ZERO:
1881                 rbd_osd_discard_callback(obj_request);
1882                 break;
1883         case CEPH_OSD_OP_CALL:
1884                 rbd_osd_call_callback(obj_request);
1885                 break;
1886         case CEPH_OSD_OP_NOTIFY_ACK:
1887         case CEPH_OSD_OP_WATCH:
1888                 rbd_osd_trivial_callback(obj_request);
1889                 break;
1890         default:
1891                 rbd_warn(NULL, "%s: unsupported op %hu",
1892                         obj_request->object_name, (unsigned short) opcode);
1893                 break;
1894         }
1895
1896         if (obj_request_done_test(obj_request))
1897                 rbd_obj_request_complete(obj_request);
1898 }
1899
1900 static void rbd_osd_req_format_read(struct rbd_obj_request *obj_request)
1901 {
1902         struct rbd_img_request *img_request = obj_request->img_request;
1903         struct ceph_osd_request *osd_req = obj_request->osd_req;
1904         u64 snap_id;
1905
1906         rbd_assert(osd_req != NULL);
1907
1908         snap_id = img_request ? img_request->snap_id : CEPH_NOSNAP;
1909         ceph_osdc_build_request(osd_req, obj_request->offset,
1910                         NULL, snap_id, NULL);
1911 }
1912
1913 static void rbd_osd_req_format_write(struct rbd_obj_request *obj_request)
1914 {
1915         struct rbd_img_request *img_request = obj_request->img_request;
1916         struct ceph_osd_request *osd_req = obj_request->osd_req;
1917         struct ceph_snap_context *snapc;
1918         struct timespec mtime = CURRENT_TIME;
1919
1920         rbd_assert(osd_req != NULL);
1921
1922         snapc = img_request ? img_request->snapc : NULL;
1923         ceph_osdc_build_request(osd_req, obj_request->offset,
1924                         snapc, CEPH_NOSNAP, &mtime);
1925 }
1926
1927 /*
1928  * Create an osd request.  A read request has one osd op (read).
1929  * A write request has either one (watch) or two (hint+write) osd ops.
1930  * (All rbd data writes are prefixed with an allocation hint op, but
1931  * technically osd watch is a write request, hence this distinction.)
1932  */
1933 static struct ceph_osd_request *rbd_osd_req_create(
1934                                         struct rbd_device *rbd_dev,
1935                                         enum obj_operation_type op_type,
1936                                         unsigned int num_ops,
1937                                         struct rbd_obj_request *obj_request)
1938 {
1939         struct ceph_snap_context *snapc = NULL;
1940         struct ceph_osd_client *osdc;
1941         struct ceph_osd_request *osd_req;
1942
1943         if (obj_request_img_data_test(obj_request) &&
1944                 (op_type == OBJ_OP_DISCARD || op_type == OBJ_OP_WRITE)) {
1945                 struct rbd_img_request *img_request = obj_request->img_request;
1946                 if (op_type == OBJ_OP_WRITE) {
1947                         rbd_assert(img_request_write_test(img_request));
1948                 } else {
1949                         rbd_assert(img_request_discard_test(img_request));
1950                 }
1951                 snapc = img_request->snapc;
1952         }
1953
1954         rbd_assert(num_ops == 1 || ((op_type == OBJ_OP_WRITE) && num_ops == 2));
1955
1956         /* Allocate and initialize the request, for the num_ops ops */
1957
1958         osdc = &rbd_dev->rbd_client->client->osdc;
1959         osd_req = ceph_osdc_alloc_request(osdc, snapc, num_ops, false,
1960                                           GFP_ATOMIC);
1961         if (!osd_req)
1962                 return NULL;    /* ENOMEM */
1963
1964         if (op_type == OBJ_OP_WRITE || op_type == OBJ_OP_DISCARD)
1965                 osd_req->r_flags = CEPH_OSD_FLAG_WRITE | CEPH_OSD_FLAG_ONDISK;
1966         else
1967                 osd_req->r_flags = CEPH_OSD_FLAG_READ;
1968
1969         osd_req->r_callback = rbd_osd_req_callback;
1970         osd_req->r_priv = obj_request;
1971
1972         osd_req->r_base_oloc.pool = ceph_file_layout_pg_pool(rbd_dev->layout);
1973         ceph_oid_set_name(&osd_req->r_base_oid, obj_request->object_name);
1974
1975         return osd_req;
1976 }
1977
1978 /*
1979  * Create a copyup osd request based on the information in the object
1980  * request supplied.  A copyup request has two or three osd ops, a
1981  * copyup method call, potentially a hint op, and a write or truncate
1982  * or zero op.
1983  */
1984 static struct ceph_osd_request *
1985 rbd_osd_req_create_copyup(struct rbd_obj_request *obj_request)
1986 {
1987         struct rbd_img_request *img_request;
1988         struct ceph_snap_context *snapc;
1989         struct rbd_device *rbd_dev;
1990         struct ceph_osd_client *osdc;
1991         struct ceph_osd_request *osd_req;
1992         int num_osd_ops = 3;
1993
1994         rbd_assert(obj_request_img_data_test(obj_request));
1995         img_request = obj_request->img_request;
1996         rbd_assert(img_request);
1997         rbd_assert(img_request_write_test(img_request) ||
1998                         img_request_discard_test(img_request));
1999
2000         if (img_request_discard_test(img_request))
2001                 num_osd_ops = 2;
2002
2003         /* Allocate and initialize the request, for all the ops */
2004
2005         snapc = img_request->snapc;
2006         rbd_dev = img_request->rbd_dev;
2007         osdc = &rbd_dev->rbd_client->client->osdc;
2008         osd_req = ceph_osdc_alloc_request(osdc, snapc, num_osd_ops,
2009                                                 false, GFP_ATOMIC);
2010         if (!osd_req)
2011                 return NULL;    /* ENOMEM */
2012
2013         osd_req->r_flags = CEPH_OSD_FLAG_WRITE | CEPH_OSD_FLAG_ONDISK;
2014         osd_req->r_callback = rbd_osd_req_callback;
2015         osd_req->r_priv = obj_request;
2016
2017         osd_req->r_base_oloc.pool = ceph_file_layout_pg_pool(rbd_dev->layout);
2018         ceph_oid_set_name(&osd_req->r_base_oid, obj_request->object_name);
2019
2020         return osd_req;
2021 }
2022
2023
2024 static void rbd_osd_req_destroy(struct ceph_osd_request *osd_req)
2025 {
2026         ceph_osdc_put_request(osd_req);
2027 }
2028
2029 /* object_name is assumed to be a non-null pointer and NUL-terminated */
2030
2031 static struct rbd_obj_request *rbd_obj_request_create(const char *object_name,
2032                                                 u64 offset, u64 length,
2033                                                 enum obj_request_type type)
2034 {
2035         struct rbd_obj_request *obj_request;
2036         size_t size;
2037         char *name;
2038
2039         rbd_assert(obj_request_type_valid(type));
2040
2041         size = strlen(object_name) + 1;
2042         name = kmalloc(size, GFP_NOIO);
2043         if (!name)
2044                 return NULL;
2045
2046         obj_request = kmem_cache_zalloc(rbd_obj_request_cache, GFP_NOIO);
2047         if (!obj_request) {
2048                 kfree(name);
2049                 return NULL;
2050         }
2051
2052         obj_request->object_name = memcpy(name, object_name, size);
2053         obj_request->offset = offset;
2054         obj_request->length = length;
2055         obj_request->flags = 0;
2056         obj_request->which = BAD_WHICH;
2057         obj_request->type = type;
2058         INIT_LIST_HEAD(&obj_request->links);
2059         init_completion(&obj_request->completion);
2060         kref_init(&obj_request->kref);
2061
2062         dout("%s: \"%s\" %llu/%llu %d -> obj %p\n", __func__, object_name,
2063                 offset, length, (int)type, obj_request);
2064
2065         return obj_request;
2066 }
2067
2068 static void rbd_obj_request_destroy(struct kref *kref)
2069 {
2070         struct rbd_obj_request *obj_request;
2071
2072         obj_request = container_of(kref, struct rbd_obj_request, kref);
2073
2074         dout("%s: obj %p\n", __func__, obj_request);
2075
2076         rbd_assert(obj_request->img_request == NULL);
2077         rbd_assert(obj_request->which == BAD_WHICH);
2078
2079         if (obj_request->osd_req)
2080                 rbd_osd_req_destroy(obj_request->osd_req);
2081
2082         rbd_assert(obj_request_type_valid(obj_request->type));
2083         switch (obj_request->type) {
2084         case OBJ_REQUEST_NODATA:
2085                 break;          /* Nothing to do */
2086         case OBJ_REQUEST_BIO:
2087                 if (obj_request->bio_list)
2088                         bio_chain_put(obj_request->bio_list);
2089                 break;
2090         case OBJ_REQUEST_PAGES:
2091                 if (obj_request->pages)
2092                         ceph_release_page_vector(obj_request->pages,
2093                                                 obj_request->page_count);
2094                 break;
2095         }
2096
2097         kfree(obj_request->object_name);
2098         obj_request->object_name = NULL;
2099         kmem_cache_free(rbd_obj_request_cache, obj_request);
2100 }
2101
2102 /* It's OK to call this for a device with no parent */
2103
2104 static void rbd_spec_put(struct rbd_spec *spec);
2105 static void rbd_dev_unparent(struct rbd_device *rbd_dev)
2106 {
2107         rbd_dev_remove_parent(rbd_dev);
2108         rbd_spec_put(rbd_dev->parent_spec);
2109         rbd_dev->parent_spec = NULL;
2110         rbd_dev->parent_overlap = 0;
2111 }
2112
2113 /*
2114  * Parent image reference counting is used to determine when an
2115  * image's parent fields can be safely torn down--after there are no
2116  * more in-flight requests to the parent image.  When the last
2117  * reference is dropped, cleaning them up is safe.
2118  */
2119 static void rbd_dev_parent_put(struct rbd_device *rbd_dev)
2120 {
2121         int counter;
2122
2123         if (!rbd_dev->parent_spec)
2124                 return;
2125
2126         counter = atomic_dec_return_safe(&rbd_dev->parent_ref);
2127         if (counter > 0)
2128                 return;
2129
2130         /* Last reference; clean up parent data structures */
2131
2132         if (!counter)
2133                 rbd_dev_unparent(rbd_dev);
2134         else
2135                 rbd_warn(rbd_dev, "parent reference underflow");
2136 }
2137
2138 /*
2139  * If an image has a non-zero parent overlap, get a reference to its
2140  * parent.
2141  *
2142  * Returns true if the rbd device has a parent with a non-zero
2143  * overlap and a reference for it was successfully taken, or
2144  * false otherwise.
2145  */
2146 static bool rbd_dev_parent_get(struct rbd_device *rbd_dev)
2147 {
2148         int counter = 0;
2149
2150         if (!rbd_dev->parent_spec)
2151                 return false;
2152
2153         down_read(&rbd_dev->header_rwsem);
2154         if (rbd_dev->parent_overlap)
2155                 counter = atomic_inc_return_safe(&rbd_dev->parent_ref);
2156         up_read(&rbd_dev->header_rwsem);
2157
2158         if (counter < 0)
2159                 rbd_warn(rbd_dev, "parent reference overflow");
2160
2161         return counter > 0;
2162 }
2163
2164 /*
2165  * Caller is responsible for filling in the list of object requests
2166  * that comprises the image request, and the Linux request pointer
2167  * (if there is one).
2168  */
2169 static struct rbd_img_request *rbd_img_request_create(
2170                                         struct rbd_device *rbd_dev,
2171                                         u64 offset, u64 length,
2172                                         enum obj_operation_type op_type,
2173                                         struct ceph_snap_context *snapc)
2174 {
2175         struct rbd_img_request *img_request;
2176
2177         img_request = kmem_cache_alloc(rbd_img_request_cache, GFP_NOIO);
2178         if (!img_request)
2179                 return NULL;
2180
2181         img_request->rq = NULL;
2182         img_request->rbd_dev = rbd_dev;
2183         img_request->offset = offset;
2184         img_request->length = length;
2185         img_request->flags = 0;
2186         if (op_type == OBJ_OP_DISCARD) {
2187                 img_request_discard_set(img_request);
2188                 img_request->snapc = snapc;
2189         } else if (op_type == OBJ_OP_WRITE) {
2190                 img_request_write_set(img_request);
2191                 img_request->snapc = snapc;
2192         } else {
2193                 img_request->snap_id = rbd_dev->spec->snap_id;
2194         }
2195         if (rbd_dev_parent_get(rbd_dev))
2196                 img_request_layered_set(img_request);
2197         spin_lock_init(&img_request->completion_lock);
2198         img_request->next_completion = 0;
2199         img_request->callback = NULL;
2200         img_request->result = 0;
2201         img_request->obj_request_count = 0;
2202         INIT_LIST_HEAD(&img_request->obj_requests);
2203         kref_init(&img_request->kref);
2204
2205         dout("%s: rbd_dev %p %s %llu/%llu -> img %p\n", __func__, rbd_dev,
2206                 obj_op_name(op_type), offset, length, img_request);
2207
2208         return img_request;
2209 }
2210
2211 static void rbd_img_request_destroy(struct kref *kref)
2212 {
2213         struct rbd_img_request *img_request;
2214         struct rbd_obj_request *obj_request;
2215         struct rbd_obj_request *next_obj_request;
2216
2217         img_request = container_of(kref, struct rbd_img_request, kref);
2218
2219         dout("%s: img %p\n", __func__, img_request);
2220
2221         for_each_obj_request_safe(img_request, obj_request, next_obj_request)
2222                 rbd_img_obj_request_del(img_request, obj_request);
2223         rbd_assert(img_request->obj_request_count == 0);
2224
2225         if (img_request_layered_test(img_request)) {
2226                 img_request_layered_clear(img_request);
2227                 rbd_dev_parent_put(img_request->rbd_dev);
2228         }
2229
2230         if (img_request_write_test(img_request) ||
2231                 img_request_discard_test(img_request))
2232                 ceph_put_snap_context(img_request->snapc);
2233
2234         kmem_cache_free(rbd_img_request_cache, img_request);
2235 }
2236
2237 static struct rbd_img_request *rbd_parent_request_create(
2238                                         struct rbd_obj_request *obj_request,
2239                                         u64 img_offset, u64 length)
2240 {
2241         struct rbd_img_request *parent_request;
2242         struct rbd_device *rbd_dev;
2243
2244         rbd_assert(obj_request->img_request);
2245         rbd_dev = obj_request->img_request->rbd_dev;
2246
2247         parent_request = rbd_img_request_create(rbd_dev->parent, img_offset,
2248                                                 length, OBJ_OP_READ, NULL);
2249         if (!parent_request)
2250                 return NULL;
2251
2252         img_request_child_set(parent_request);
2253         rbd_obj_request_get(obj_request);
2254         parent_request->obj_request = obj_request;
2255
2256         return parent_request;
2257 }
2258
2259 static void rbd_parent_request_destroy(struct kref *kref)
2260 {
2261         struct rbd_img_request *parent_request;
2262         struct rbd_obj_request *orig_request;
2263
2264         parent_request = container_of(kref, struct rbd_img_request, kref);
2265         orig_request = parent_request->obj_request;
2266
2267         parent_request->obj_request = NULL;
2268         rbd_obj_request_put(orig_request);
2269         img_request_child_clear(parent_request);
2270
2271         rbd_img_request_destroy(kref);
2272 }
2273
2274 static bool rbd_img_obj_end_request(struct rbd_obj_request *obj_request)
2275 {
2276         struct rbd_img_request *img_request;
2277         unsigned int xferred;
2278         int result;
2279         bool more;
2280
2281         rbd_assert(obj_request_img_data_test(obj_request));
2282         img_request = obj_request->img_request;
2283
2284         rbd_assert(obj_request->xferred <= (u64)UINT_MAX);
2285         xferred = (unsigned int)obj_request->xferred;
2286         result = obj_request->result;
2287         if (result) {
2288                 struct rbd_device *rbd_dev = img_request->rbd_dev;
2289                 enum obj_operation_type op_type;
2290
2291                 if (img_request_discard_test(img_request))
2292                         op_type = OBJ_OP_DISCARD;
2293                 else if (img_request_write_test(img_request))
2294                         op_type = OBJ_OP_WRITE;
2295                 else
2296                         op_type = OBJ_OP_READ;
2297
2298                 rbd_warn(rbd_dev, "%s %llx at %llx (%llx)",
2299                         obj_op_name(op_type), obj_request->length,
2300                         obj_request->img_offset, obj_request->offset);
2301                 rbd_warn(rbd_dev, "  result %d xferred %x",
2302                         result, xferred);
2303                 if (!img_request->result)
2304                         img_request->result = result;
2305                 /*
2306                  * Need to end I/O on the entire obj_request worth of
2307                  * bytes in case of error.
2308                  */
2309                 xferred = obj_request->length;
2310         }
2311
2312         /* Image object requests don't own their page array */
2313
2314         if (obj_request->type == OBJ_REQUEST_PAGES) {
2315                 obj_request->pages = NULL;
2316                 obj_request->page_count = 0;
2317         }
2318
2319         if (img_request_child_test(img_request)) {
2320                 rbd_assert(img_request->obj_request != NULL);
2321                 more = obj_request->which < img_request->obj_request_count - 1;
2322         } else {
2323                 rbd_assert(img_request->rq != NULL);
2324
2325                 more = blk_update_request(img_request->rq, result, xferred);
2326                 if (!more)
2327                         __blk_mq_end_request(img_request->rq, result);
2328         }
2329
2330         return more;
2331 }
2332
2333 static void rbd_img_obj_callback(struct rbd_obj_request *obj_request)
2334 {
2335         struct rbd_img_request *img_request;
2336         u32 which = obj_request->which;
2337         bool more = true;
2338
2339         rbd_assert(obj_request_img_data_test(obj_request));
2340         img_request = obj_request->img_request;
2341
2342         dout("%s: img %p obj %p\n", __func__, img_request, obj_request);
2343         rbd_assert(img_request != NULL);
2344         rbd_assert(img_request->obj_request_count > 0);
2345         rbd_assert(which != BAD_WHICH);
2346         rbd_assert(which < img_request->obj_request_count);
2347
2348         spin_lock_irq(&img_request->completion_lock);
2349         if (which != img_request->next_completion)
2350                 goto out;
2351
2352         for_each_obj_request_from(img_request, obj_request) {
2353                 rbd_assert(more);
2354                 rbd_assert(which < img_request->obj_request_count);
2355
2356                 if (!obj_request_done_test(obj_request))
2357                         break;
2358                 more = rbd_img_obj_end_request(obj_request);
2359                 which++;
2360         }
2361
2362         rbd_assert(more ^ (which == img_request->obj_request_count));
2363         img_request->next_completion = which;
2364 out:
2365         spin_unlock_irq(&img_request->completion_lock);
2366         rbd_img_request_put(img_request);
2367
2368         if (!more)
2369                 rbd_img_request_complete(img_request);
2370 }
2371
2372 /*
2373  * Add individual osd ops to the given ceph_osd_request and prepare
2374  * them for submission. num_ops is the current number of
2375  * osd operations already to the object request.
2376  */
2377 static void rbd_img_obj_request_fill(struct rbd_obj_request *obj_request,
2378                                 struct ceph_osd_request *osd_request,
2379                                 enum obj_operation_type op_type,
2380                                 unsigned int num_ops)
2381 {
2382         struct rbd_img_request *img_request = obj_request->img_request;
2383         struct rbd_device *rbd_dev = img_request->rbd_dev;
2384         u64 object_size = rbd_obj_bytes(&rbd_dev->header);
2385         u64 offset = obj_request->offset;
2386         u64 length = obj_request->length;
2387         u64 img_end;
2388         u16 opcode;
2389
2390         if (op_type == OBJ_OP_DISCARD) {
2391                 if (!offset && length == object_size &&
2392                     (!img_request_layered_test(img_request) ||
2393                      !obj_request_overlaps_parent(obj_request))) {
2394                         opcode = CEPH_OSD_OP_DELETE;
2395                 } else if ((offset + length == object_size)) {
2396                         opcode = CEPH_OSD_OP_TRUNCATE;
2397                 } else {
2398                         down_read(&rbd_dev->header_rwsem);
2399                         img_end = rbd_dev->header.image_size;
2400                         up_read(&rbd_dev->header_rwsem);
2401
2402                         if (obj_request->img_offset + length == img_end)
2403                                 opcode = CEPH_OSD_OP_TRUNCATE;
2404                         else
2405                                 opcode = CEPH_OSD_OP_ZERO;
2406                 }
2407         } else if (op_type == OBJ_OP_WRITE) {
2408                 if (!offset && length == object_size)
2409                         opcode = CEPH_OSD_OP_WRITEFULL;
2410                 else
2411                         opcode = CEPH_OSD_OP_WRITE;
2412                 osd_req_op_alloc_hint_init(osd_request, num_ops,
2413                                         object_size, object_size);
2414                 num_ops++;
2415         } else {
2416                 opcode = CEPH_OSD_OP_READ;
2417         }
2418
2419         if (opcode == CEPH_OSD_OP_DELETE)
2420                 osd_req_op_init(osd_request, num_ops, opcode, 0);
2421         else
2422                 osd_req_op_extent_init(osd_request, num_ops, opcode,
2423                                        offset, length, 0, 0);
2424
2425         if (obj_request->type == OBJ_REQUEST_BIO)
2426                 osd_req_op_extent_osd_data_bio(osd_request, num_ops,
2427                                         obj_request->bio_list, length);
2428         else if (obj_request->type == OBJ_REQUEST_PAGES)
2429                 osd_req_op_extent_osd_data_pages(osd_request, num_ops,
2430                                         obj_request->pages, length,
2431                                         offset & ~PAGE_MASK, false, false);
2432
2433         /* Discards are also writes */
2434         if (op_type == OBJ_OP_WRITE || op_type == OBJ_OP_DISCARD)
2435                 rbd_osd_req_format_write(obj_request);
2436         else
2437                 rbd_osd_req_format_read(obj_request);
2438 }
2439
2440 /*
2441  * Split up an image request into one or more object requests, each
2442  * to a different object.  The "type" parameter indicates whether
2443  * "data_desc" is the pointer to the head of a list of bio
2444  * structures, or the base of a page array.  In either case this
2445  * function assumes data_desc describes memory sufficient to hold
2446  * all data described by the image request.
2447  */
2448 static int rbd_img_request_fill(struct rbd_img_request *img_request,
2449                                         enum obj_request_type type,
2450                                         void *data_desc)
2451 {
2452         struct rbd_device *rbd_dev = img_request->rbd_dev;
2453         struct rbd_obj_request *obj_request = NULL;
2454         struct rbd_obj_request *next_obj_request;
2455         struct bio *bio_list = NULL;
2456         unsigned int bio_offset = 0;
2457         struct page **pages = NULL;
2458         enum obj_operation_type op_type;
2459         u64 img_offset;
2460         u64 resid;
2461
2462         dout("%s: img %p type %d data_desc %p\n", __func__, img_request,
2463                 (int)type, data_desc);
2464
2465         img_offset = img_request->offset;
2466         resid = img_request->length;
2467         rbd_assert(resid > 0);
2468         op_type = rbd_img_request_op_type(img_request);
2469
2470         if (type == OBJ_REQUEST_BIO) {
2471                 bio_list = data_desc;
2472                 rbd_assert(img_offset ==
2473                            bio_list->bi_iter.bi_sector << SECTOR_SHIFT);
2474         } else if (type == OBJ_REQUEST_PAGES) {
2475                 pages = data_desc;
2476         }
2477
2478         while (resid) {
2479                 struct ceph_osd_request *osd_req;
2480                 const char *object_name;
2481                 u64 offset;
2482                 u64 length;
2483
2484                 object_name = rbd_segment_name(rbd_dev, img_offset);
2485                 if (!object_name)
2486                         goto out_unwind;
2487                 offset = rbd_segment_offset(rbd_dev, img_offset);
2488                 length = rbd_segment_length(rbd_dev, img_offset, resid);
2489                 obj_request = rbd_obj_request_create(object_name,
2490                                                 offset, length, type);
2491                 /* object request has its own copy of the object name */
2492                 rbd_segment_name_free(object_name);
2493                 if (!obj_request)
2494                         goto out_unwind;
2495
2496                 /*
2497                  * set obj_request->img_request before creating the
2498                  * osd_request so that it gets the right snapc
2499                  */
2500                 rbd_img_obj_request_add(img_request, obj_request);
2501
2502                 if (type == OBJ_REQUEST_BIO) {
2503                         unsigned int clone_size;
2504
2505                         rbd_assert(length <= (u64)UINT_MAX);
2506                         clone_size = (unsigned int)length;
2507                         obj_request->bio_list =
2508                                         bio_chain_clone_range(&bio_list,
2509                                                                 &bio_offset,
2510                                                                 clone_size,
2511                                                                 GFP_ATOMIC);
2512                         if (!obj_request->bio_list)
2513                                 goto out_unwind;
2514                 } else if (type == OBJ_REQUEST_PAGES) {
2515                         unsigned int page_count;
2516
2517                         obj_request->pages = pages;
2518                         page_count = (u32)calc_pages_for(offset, length);
2519                         obj_request->page_count = page_count;
2520                         if ((offset + length) & ~PAGE_MASK)
2521                                 page_count--;   /* more on last page */
2522                         pages += page_count;
2523                 }
2524
2525                 osd_req = rbd_osd_req_create(rbd_dev, op_type,
2526                                         (op_type == OBJ_OP_WRITE) ? 2 : 1,
2527                                         obj_request);
2528                 if (!osd_req)
2529                         goto out_unwind;
2530
2531                 obj_request->osd_req = osd_req;
2532                 obj_request->callback = rbd_img_obj_callback;
2533                 obj_request->img_offset = img_offset;
2534
2535                 rbd_img_obj_request_fill(obj_request, osd_req, op_type, 0);
2536
2537                 rbd_img_request_get(img_request);
2538
2539                 img_offset += length;
2540                 resid -= length;
2541         }
2542
2543         return 0;
2544
2545 out_unwind:
2546         for_each_obj_request_safe(img_request, obj_request, next_obj_request)
2547                 rbd_img_obj_request_del(img_request, obj_request);
2548
2549         return -ENOMEM;
2550 }
2551
2552 static void
2553 rbd_osd_copyup_callback(struct rbd_obj_request *obj_request)
2554 {
2555         struct rbd_img_request *img_request;
2556         struct rbd_device *rbd_dev;
2557         struct page **pages;
2558         u32 page_count;
2559
2560         dout("%s: obj %p\n", __func__, obj_request);
2561
2562         rbd_assert(obj_request->type == OBJ_REQUEST_BIO ||
2563                 obj_request->type == OBJ_REQUEST_NODATA);
2564         rbd_assert(obj_request_img_data_test(obj_request));
2565         img_request = obj_request->img_request;
2566         rbd_assert(img_request);
2567
2568         rbd_dev = img_request->rbd_dev;
2569         rbd_assert(rbd_dev);
2570
2571         pages = obj_request->copyup_pages;
2572         rbd_assert(pages != NULL);
2573         obj_request->copyup_pages = NULL;
2574         page_count = obj_request->copyup_page_count;
2575         rbd_assert(page_count);
2576         obj_request->copyup_page_count = 0;
2577         ceph_release_page_vector(pages, page_count);
2578
2579         /*
2580          * We want the transfer count to reflect the size of the
2581          * original write request.  There is no such thing as a
2582          * successful short write, so if the request was successful
2583          * we can just set it to the originally-requested length.
2584          */
2585         if (!obj_request->result)
2586                 obj_request->xferred = obj_request->length;
2587
2588         obj_request_done_set(obj_request);
2589 }
2590
2591 static void
2592 rbd_img_obj_parent_read_full_callback(struct rbd_img_request *img_request)
2593 {
2594         struct rbd_obj_request *orig_request;
2595         struct ceph_osd_request *osd_req;
2596         struct ceph_osd_client *osdc;
2597         struct rbd_device *rbd_dev;
2598         struct page **pages;
2599         enum obj_operation_type op_type;
2600         u32 page_count;
2601         int img_result;
2602         u64 parent_length;
2603
2604         rbd_assert(img_request_child_test(img_request));
2605
2606         /* First get what we need from the image request */
2607
2608         pages = img_request->copyup_pages;
2609         rbd_assert(pages != NULL);
2610         img_request->copyup_pages = NULL;
2611         page_count = img_request->copyup_page_count;
2612         rbd_assert(page_count);
2613         img_request->copyup_page_count = 0;
2614
2615         orig_request = img_request->obj_request;
2616         rbd_assert(orig_request != NULL);
2617         rbd_assert(obj_request_type_valid(orig_request->type));
2618         img_result = img_request->result;
2619         parent_length = img_request->length;
2620         rbd_assert(parent_length == img_request->xferred);
2621         rbd_img_request_put(img_request);
2622
2623         rbd_assert(orig_request->img_request);
2624         rbd_dev = orig_request->img_request->rbd_dev;
2625         rbd_assert(rbd_dev);
2626
2627         /*
2628          * If the overlap has become 0 (most likely because the
2629          * image has been flattened) we need to free the pages
2630          * and re-submit the original write request.
2631          */
2632         if (!rbd_dev->parent_overlap) {
2633                 struct ceph_osd_client *osdc;
2634
2635                 ceph_release_page_vector(pages, page_count);
2636                 osdc = &rbd_dev->rbd_client->client->osdc;
2637                 img_result = rbd_obj_request_submit(osdc, orig_request);
2638                 if (!img_result)
2639                         return;
2640         }
2641
2642         if (img_result)
2643                 goto out_err;
2644
2645         /*
2646          * The original osd request is of no use to use any more.
2647          * We need a new one that can hold the three ops in a copyup
2648          * request.  Allocate the new copyup osd request for the
2649          * original request, and release the old one.
2650          */
2651         img_result = -ENOMEM;
2652         osd_req = rbd_osd_req_create_copyup(orig_request);
2653         if (!osd_req)
2654                 goto out_err;
2655         rbd_osd_req_destroy(orig_request->osd_req);
2656         orig_request->osd_req = osd_req;
2657         orig_request->copyup_pages = pages;
2658         orig_request->copyup_page_count = page_count;
2659
2660         /* Initialize the copyup op */
2661
2662         osd_req_op_cls_init(osd_req, 0, CEPH_OSD_OP_CALL, "rbd", "copyup");
2663         osd_req_op_cls_request_data_pages(osd_req, 0, pages, parent_length, 0,
2664                                                 false, false);
2665
2666         /* Add the other op(s) */
2667
2668         op_type = rbd_img_request_op_type(orig_request->img_request);
2669         rbd_img_obj_request_fill(orig_request, osd_req, op_type, 1);
2670
2671         /* All set, send it off. */
2672
2673         osdc = &rbd_dev->rbd_client->client->osdc;
2674         img_result = rbd_obj_request_submit(osdc, orig_request);
2675         if (!img_result)
2676                 return;
2677 out_err:
2678         /* Record the error code and complete the request */
2679
2680         orig_request->result = img_result;
2681         orig_request->xferred = 0;
2682         obj_request_done_set(orig_request);
2683         rbd_obj_request_complete(orig_request);
2684 }
2685
2686 /*
2687  * Read from the parent image the range of data that covers the
2688  * entire target of the given object request.  This is used for
2689  * satisfying a layered image write request when the target of an
2690  * object request from the image request does not exist.
2691  *
2692  * A page array big enough to hold the returned data is allocated
2693  * and supplied to rbd_img_request_fill() as the "data descriptor."
2694  * When the read completes, this page array will be transferred to
2695  * the original object request for the copyup operation.
2696  *
2697  * If an error occurs, record it as the result of the original
2698  * object request and mark it done so it gets completed.
2699  */
2700 static int rbd_img_obj_parent_read_full(struct rbd_obj_request *obj_request)
2701 {
2702         struct rbd_img_request *img_request = NULL;
2703         struct rbd_img_request *parent_request = NULL;
2704         struct rbd_device *rbd_dev;
2705         u64 img_offset;
2706         u64 length;
2707         struct page **pages = NULL;
2708         u32 page_count;
2709         int result;
2710
2711         rbd_assert(obj_request_img_data_test(obj_request));
2712         rbd_assert(obj_request_type_valid(obj_request->type));
2713
2714         img_request = obj_request->img_request;
2715         rbd_assert(img_request != NULL);
2716         rbd_dev = img_request->rbd_dev;
2717         rbd_assert(rbd_dev->parent != NULL);
2718
2719         /*
2720          * Determine the byte range covered by the object in the
2721          * child image to which the original request was to be sent.
2722          */
2723         img_offset = obj_request->img_offset - obj_request->offset;
2724         length = (u64)1 << rbd_dev->header.obj_order;
2725
2726         /*
2727          * There is no defined parent data beyond the parent
2728          * overlap, so limit what we read at that boundary if
2729          * necessary.
2730          */
2731         if (img_offset + length > rbd_dev->parent_overlap) {
2732                 rbd_assert(img_offset < rbd_dev->parent_overlap);
2733                 length = rbd_dev->parent_overlap - img_offset;
2734         }
2735
2736         /*
2737          * Allocate a page array big enough to receive the data read
2738          * from the parent.
2739          */
2740         page_count = (u32)calc_pages_for(0, length);
2741         pages = ceph_alloc_page_vector(page_count, GFP_KERNEL);
2742         if (IS_ERR(pages)) {
2743                 result = PTR_ERR(pages);
2744                 pages = NULL;
2745                 goto out_err;
2746         }
2747
2748         result = -ENOMEM;
2749         parent_request = rbd_parent_request_create(obj_request,
2750                                                 img_offset, length);
2751         if (!parent_request)
2752                 goto out_err;
2753
2754         result = rbd_img_request_fill(parent_request, OBJ_REQUEST_PAGES, pages);
2755         if (result)
2756                 goto out_err;
2757         parent_request->copyup_pages = pages;
2758         parent_request->copyup_page_count = page_count;
2759
2760         parent_request->callback = rbd_img_obj_parent_read_full_callback;
2761         result = rbd_img_request_submit(parent_request);
2762         if (!result)
2763                 return 0;
2764
2765         parent_request->copyup_pages = NULL;
2766         parent_request->copyup_page_count = 0;
2767         parent_request->obj_request = NULL;
2768         rbd_obj_request_put(obj_request);
2769 out_err:
2770         if (pages)
2771                 ceph_release_page_vector(pages, page_count);
2772         if (parent_request)
2773                 rbd_img_request_put(parent_request);
2774         obj_request->result = result;
2775         obj_request->xferred = 0;
2776         obj_request_done_set(obj_request);
2777
2778         return result;
2779 }
2780
2781 static void rbd_img_obj_exists_callback(struct rbd_obj_request *obj_request)
2782 {
2783         struct rbd_obj_request *orig_request;
2784         struct rbd_device *rbd_dev;
2785         int result;
2786
2787         rbd_assert(!obj_request_img_data_test(obj_request));
2788
2789         /*
2790          * All we need from the object request is the original
2791          * request and the result of the STAT op.  Grab those, then
2792          * we're done with the request.
2793          */
2794         orig_request = obj_request->obj_request;
2795         obj_request->obj_request = NULL;
2796         rbd_obj_request_put(orig_request);
2797         rbd_assert(orig_request);
2798         rbd_assert(orig_request->img_request);
2799
2800         result = obj_request->result;
2801         obj_request->result = 0;
2802
2803         dout("%s: obj %p for obj %p result %d %llu/%llu\n", __func__,
2804                 obj_request, orig_request, result,
2805                 obj_request->xferred, obj_request->length);
2806         rbd_obj_request_put(obj_request);
2807
2808         /*
2809          * If the overlap has become 0 (most likely because the
2810          * image has been flattened) we need to free the pages
2811          * and re-submit the original write request.
2812          */
2813         rbd_dev = orig_request->img_request->rbd_dev;
2814         if (!rbd_dev->parent_overlap) {
2815                 struct ceph_osd_client *osdc;
2816
2817                 osdc = &rbd_dev->rbd_client->client->osdc;
2818                 result = rbd_obj_request_submit(osdc, orig_request);
2819                 if (!result)
2820                         return;
2821         }
2822
2823         /*
2824          * Our only purpose here is to determine whether the object
2825          * exists, and we don't want to treat the non-existence as
2826          * an error.  If something else comes back, transfer the
2827          * error to the original request and complete it now.
2828          */
2829         if (!result) {
2830                 obj_request_existence_set(orig_request, true);
2831         } else if (result == -ENOENT) {
2832                 obj_request_existence_set(orig_request, false);
2833         } else if (result) {
2834                 orig_request->result = result;
2835                 goto out;
2836         }
2837
2838         /*
2839          * Resubmit the original request now that we have recorded
2840          * whether the target object exists.
2841          */
2842         orig_request->result = rbd_img_obj_request_submit(orig_request);
2843 out:
2844         if (orig_request->result)
2845                 rbd_obj_request_complete(orig_request);
2846 }
2847
2848 static int rbd_img_obj_exists_submit(struct rbd_obj_request *obj_request)
2849 {
2850         struct rbd_obj_request *stat_request;
2851         struct rbd_device *rbd_dev;
2852         struct ceph_osd_client *osdc;
2853         struct page **pages = NULL;
2854         u32 page_count;
2855         size_t size;
2856         int ret;
2857
2858         /*
2859          * The response data for a STAT call consists of:
2860          *     le64 length;
2861          *     struct {
2862          *         le32 tv_sec;
2863          *         le32 tv_nsec;
2864          *     } mtime;
2865          */
2866         size = sizeof (__le64) + sizeof (__le32) + sizeof (__le32);
2867         page_count = (u32)calc_pages_for(0, size);
2868         pages = ceph_alloc_page_vector(page_count, GFP_KERNEL);
2869         if (IS_ERR(pages))
2870                 return PTR_ERR(pages);
2871
2872         ret = -ENOMEM;
2873         stat_request = rbd_obj_request_create(obj_request->object_name, 0, 0,
2874                                                         OBJ_REQUEST_PAGES);
2875         if (!stat_request)
2876                 goto out;
2877
2878         rbd_obj_request_get(obj_request);
2879         stat_request->obj_request = obj_request;
2880         stat_request->pages = pages;
2881         stat_request->page_count = page_count;
2882
2883         rbd_assert(obj_request->img_request);
2884         rbd_dev = obj_request->img_request->rbd_dev;
2885         stat_request->osd_req = rbd_osd_req_create(rbd_dev, OBJ_OP_READ, 1,
2886                                                    stat_request);
2887         if (!stat_request->osd_req)
2888                 goto out;
2889         stat_request->callback = rbd_img_obj_exists_callback;
2890
2891         osd_req_op_init(stat_request->osd_req, 0, CEPH_OSD_OP_STAT, 0);
2892         osd_req_op_raw_data_in_pages(stat_request->osd_req, 0, pages, size, 0,
2893                                         false, false);
2894         rbd_osd_req_format_read(stat_request);
2895
2896         osdc = &rbd_dev->rbd_client->client->osdc;
2897         ret = rbd_obj_request_submit(osdc, stat_request);
2898 out:
2899         if (ret)
2900                 rbd_obj_request_put(obj_request);
2901
2902         return ret;
2903 }
2904
2905 static bool img_obj_request_simple(struct rbd_obj_request *obj_request)
2906 {
2907         struct rbd_img_request *img_request;
2908         struct rbd_device *rbd_dev;
2909
2910         rbd_assert(obj_request_img_data_test(obj_request));
2911
2912         img_request = obj_request->img_request;
2913         rbd_assert(img_request);
2914         rbd_dev = img_request->rbd_dev;
2915
2916         /* Reads */
2917         if (!img_request_write_test(img_request) &&
2918             !img_request_discard_test(img_request))
2919                 return true;
2920
2921         /* Non-layered writes */
2922         if (!img_request_layered_test(img_request))
2923                 return true;
2924
2925         /*
2926          * Layered writes outside of the parent overlap range don't
2927          * share any data with the parent.
2928          */
2929         if (!obj_request_overlaps_parent(obj_request))
2930                 return true;
2931
2932         /*
2933          * Entire-object layered writes - we will overwrite whatever
2934          * parent data there is anyway.
2935          */
2936         if (!obj_request->offset &&
2937             obj_request->length == rbd_obj_bytes(&rbd_dev->header))
2938                 return true;
2939
2940         /*
2941          * If the object is known to already exist, its parent data has
2942          * already been copied.
2943          */
2944         if (obj_request_known_test(obj_request) &&
2945             obj_request_exists_test(obj_request))
2946                 return true;
2947
2948         return false;
2949 }
2950
2951 static int rbd_img_obj_request_submit(struct rbd_obj_request *obj_request)
2952 {
2953         if (img_obj_request_simple(obj_request)) {
2954                 struct rbd_device *rbd_dev;
2955                 struct ceph_osd_client *osdc;
2956
2957                 rbd_dev = obj_request->img_request->rbd_dev;
2958                 osdc = &rbd_dev->rbd_client->client->osdc;
2959
2960                 return rbd_obj_request_submit(osdc, obj_request);
2961         }
2962
2963         /*
2964          * It's a layered write.  The target object might exist but
2965          * we may not know that yet.  If we know it doesn't exist,
2966          * start by reading the data for the full target object from
2967          * the parent so we can use it for a copyup to the target.
2968          */
2969         if (obj_request_known_test(obj_request))
2970                 return rbd_img_obj_parent_read_full(obj_request);
2971
2972         /* We don't know whether the target exists.  Go find out. */
2973
2974         return rbd_img_obj_exists_submit(obj_request);
2975 }
2976
2977 static int rbd_img_request_submit(struct rbd_img_request *img_request)
2978 {
2979         struct rbd_obj_request *obj_request;
2980         struct rbd_obj_request *next_obj_request;
2981
2982         dout("%s: img %p\n", __func__, img_request);
2983         for_each_obj_request_safe(img_request, obj_request, next_obj_request) {
2984                 int ret;
2985
2986                 ret = rbd_img_obj_request_submit(obj_request);
2987                 if (ret)
2988                         return ret;
2989         }
2990
2991         return 0;
2992 }
2993
2994 static void rbd_img_parent_read_callback(struct rbd_img_request *img_request)
2995 {
2996         struct rbd_obj_request *obj_request;
2997         struct rbd_device *rbd_dev;
2998         u64 obj_end;
2999         u64 img_xferred;
3000         int img_result;
3001
3002         rbd_assert(img_request_child_test(img_request));
3003
3004         /* First get what we need from the image request and release it */
3005
3006         obj_request = img_request->obj_request;
3007         img_xferred = img_request->xferred;
3008         img_result = img_request->result;
3009         rbd_img_request_put(img_request);
3010
3011         /*
3012          * If the overlap has become 0 (most likely because the
3013          * image has been flattened) we need to re-submit the
3014          * original request.
3015          */
3016         rbd_assert(obj_request);
3017         rbd_assert(obj_request->img_request);
3018         rbd_dev = obj_request->img_request->rbd_dev;
3019         if (!rbd_dev->parent_overlap) {
3020                 struct ceph_osd_client *osdc;
3021
3022                 osdc = &rbd_dev->rbd_client->client->osdc;
3023                 img_result = rbd_obj_request_submit(osdc, obj_request);
3024                 if (!img_result)
3025                         return;
3026         }
3027
3028         obj_request->result = img_result;
3029         if (obj_request->result)
3030                 goto out;
3031
3032         /*
3033          * We need to zero anything beyond the parent overlap
3034          * boundary.  Since rbd_img_obj_request_read_callback()
3035          * will zero anything beyond the end of a short read, an
3036          * easy way to do this is to pretend the data from the
3037          * parent came up short--ending at the overlap boundary.
3038          */
3039         rbd_assert(obj_request->img_offset < U64_MAX - obj_request->length);
3040         obj_end = obj_request->img_offset + obj_request->length;
3041         if (obj_end > rbd_dev->parent_overlap) {
3042                 u64 xferred = 0;
3043
3044                 if (obj_request->img_offset < rbd_dev->parent_overlap)
3045                         xferred = rbd_dev->parent_overlap -
3046                                         obj_request->img_offset;
3047
3048                 obj_request->xferred = min(img_xferred, xferred);
3049         } else {
3050                 obj_request->xferred = img_xferred;
3051         }
3052 out:
3053         rbd_img_obj_request_read_callback(obj_request);
3054         rbd_obj_request_complete(obj_request);
3055 }
3056
3057 static void rbd_img_parent_read(struct rbd_obj_request *obj_request)
3058 {
3059         struct rbd_img_request *img_request;
3060         int result;
3061
3062         rbd_assert(obj_request_img_data_test(obj_request));
3063         rbd_assert(obj_request->img_request != NULL);
3064         rbd_assert(obj_request->result == (s32) -ENOENT);
3065         rbd_assert(obj_request_type_valid(obj_request->type));
3066
3067         /* rbd_read_finish(obj_request, obj_request->length); */
3068         img_request = rbd_parent_request_create(obj_request,
3069                                                 obj_request->img_offset,
3070                                                 obj_request->length);
3071         result = -ENOMEM;
3072         if (!img_request)
3073                 goto out_err;
3074
3075         if (obj_request->type == OBJ_REQUEST_BIO)
3076                 result = rbd_img_request_fill(img_request, OBJ_REQUEST_BIO,
3077                                                 obj_request->bio_list);
3078         else
3079                 result = rbd_img_request_fill(img_request, OBJ_REQUEST_PAGES,
3080                                                 obj_request->pages);
3081         if (result)
3082                 goto out_err;
3083
3084         img_request->callback = rbd_img_parent_read_callback;
3085         result = rbd_img_request_submit(img_request);
3086         if (result)
3087                 goto out_err;
3088
3089         return;
3090 out_err:
3091         if (img_request)
3092                 rbd_img_request_put(img_request);
3093         obj_request->result = result;
3094         obj_request->xferred = 0;
3095         obj_request_done_set(obj_request);
3096 }
3097
3098 static int rbd_obj_notify_ack_sync(struct rbd_device *rbd_dev, u64 notify_id)
3099 {
3100         struct rbd_obj_request *obj_request;
3101         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3102         int ret;
3103
3104         obj_request = rbd_obj_request_create(rbd_dev->header_name, 0, 0,
3105                                                         OBJ_REQUEST_NODATA);
3106         if (!obj_request)
3107                 return -ENOMEM;
3108
3109         ret = -ENOMEM;
3110         obj_request->osd_req = rbd_osd_req_create(rbd_dev, OBJ_OP_READ, 1,
3111                                                   obj_request);
3112         if (!obj_request->osd_req)
3113                 goto out;
3114
3115         osd_req_op_watch_init(obj_request->osd_req, 0, CEPH_OSD_OP_NOTIFY_ACK,
3116                                         notify_id, 0, 0);
3117         rbd_osd_req_format_read(obj_request);
3118
3119         ret = rbd_obj_request_submit(osdc, obj_request);
3120         if (ret)
3121                 goto out;
3122         ret = rbd_obj_request_wait(obj_request);
3123 out:
3124         rbd_obj_request_put(obj_request);
3125
3126         return ret;
3127 }
3128
3129 static void rbd_watch_cb(u64 ver, u64 notify_id, u8 opcode, void *data)
3130 {
3131         struct rbd_device *rbd_dev = (struct rbd_device *)data;
3132         int ret;
3133
3134         if (!rbd_dev)
3135                 return;
3136
3137         dout("%s: \"%s\" notify_id %llu opcode %u\n", __func__,
3138                 rbd_dev->header_name, (unsigned long long)notify_id,
3139                 (unsigned int)opcode);
3140
3141         /*
3142          * Until adequate refresh error handling is in place, there is
3143          * not much we can do here, except warn.
3144          *
3145          * See http://tracker.ceph.com/issues/5040
3146          */
3147         ret = rbd_dev_refresh(rbd_dev);
3148         if (ret)
3149                 rbd_warn(rbd_dev, "refresh failed: %d", ret);
3150
3151         ret = rbd_obj_notify_ack_sync(rbd_dev, notify_id);
3152         if (ret)
3153                 rbd_warn(rbd_dev, "notify_ack ret %d", ret);
3154 }
3155
3156 /*
3157  * Send a (un)watch request and wait for the ack.  Return a request
3158  * with a ref held on success or error.
3159  */
3160 static struct rbd_obj_request *rbd_obj_watch_request_helper(
3161                                                 struct rbd_device *rbd_dev,
3162                                                 bool watch)
3163 {
3164         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3165         struct ceph_options *opts = osdc->client->options;
3166         struct rbd_obj_request *obj_request;
3167         int ret;
3168
3169         obj_request = rbd_obj_request_create(rbd_dev->header_name, 0, 0,
3170                                              OBJ_REQUEST_NODATA);
3171         if (!obj_request)
3172                 return ERR_PTR(-ENOMEM);
3173
3174         obj_request->osd_req = rbd_osd_req_create(rbd_dev, OBJ_OP_WRITE, 1,
3175                                                   obj_request);
3176         if (!obj_request->osd_req) {
3177                 ret = -ENOMEM;
3178                 goto out;
3179         }
3180
3181         osd_req_op_watch_init(obj_request->osd_req, 0, CEPH_OSD_OP_WATCH,
3182                               rbd_dev->watch_event->cookie, 0, watch);
3183         rbd_osd_req_format_write(obj_request);
3184
3185         if (watch)
3186                 ceph_osdc_set_request_linger(osdc, obj_request->osd_req);
3187
3188         ret = rbd_obj_request_submit(osdc, obj_request);
3189         if (ret)
3190                 goto out;
3191
3192         ret = rbd_obj_request_wait_timeout(obj_request, opts->mount_timeout);
3193         if (ret)
3194                 goto out;
3195
3196         ret = obj_request->result;
3197         if (ret) {
3198                 if (watch)
3199                         rbd_obj_request_end(obj_request);
3200                 goto out;
3201         }
3202
3203         return obj_request;
3204
3205 out:
3206         rbd_obj_request_put(obj_request);
3207         return ERR_PTR(ret);
3208 }
3209
3210 /*
3211  * Initiate a watch request, synchronously.
3212  */
3213 static int rbd_dev_header_watch_sync(struct rbd_device *rbd_dev)
3214 {
3215         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3216         struct rbd_obj_request *obj_request;
3217         int ret;
3218
3219         rbd_assert(!rbd_dev->watch_event);
3220         rbd_assert(!rbd_dev->watch_request);
3221
3222         ret = ceph_osdc_create_event(osdc, rbd_watch_cb, rbd_dev,
3223                                      &rbd_dev->watch_event);
3224         if (ret < 0)
3225                 return ret;
3226
3227         obj_request = rbd_obj_watch_request_helper(rbd_dev, true);
3228         if (IS_ERR(obj_request)) {
3229                 ceph_osdc_cancel_event(rbd_dev->watch_event);
3230                 rbd_dev->watch_event = NULL;
3231                 return PTR_ERR(obj_request);
3232         }
3233
3234         /*
3235          * A watch request is set to linger, so the underlying osd
3236          * request won't go away until we unregister it.  We retain
3237          * a pointer to the object request during that time (in
3238          * rbd_dev->watch_request), so we'll keep a reference to it.
3239          * We'll drop that reference after we've unregistered it in
3240          * rbd_dev_header_unwatch_sync().
3241          */
3242         rbd_dev->watch_request = obj_request;
3243
3244         return 0;
3245 }
3246
3247 /*
3248  * Tear down a watch request, synchronously.
3249  */
3250 static void rbd_dev_header_unwatch_sync(struct rbd_device *rbd_dev)
3251 {
3252         struct rbd_obj_request *obj_request;
3253
3254         rbd_assert(rbd_dev->watch_event);
3255         rbd_assert(rbd_dev->watch_request);
3256
3257         rbd_obj_request_end(rbd_dev->watch_request);
3258         rbd_obj_request_put(rbd_dev->watch_request);
3259         rbd_dev->watch_request = NULL;
3260
3261         obj_request = rbd_obj_watch_request_helper(rbd_dev, false);
3262         if (!IS_ERR(obj_request))
3263                 rbd_obj_request_put(obj_request);
3264         else
3265                 rbd_warn(rbd_dev, "unable to tear down watch request (%ld)",
3266                          PTR_ERR(obj_request));
3267
3268         ceph_osdc_cancel_event(rbd_dev->watch_event);
3269         rbd_dev->watch_event = NULL;
3270 }
3271
3272 /*
3273  * Synchronous osd object method call.  Returns the number of bytes
3274  * returned in the outbound buffer, or a negative error code.
3275  */
3276 static int rbd_obj_method_sync(struct rbd_device *rbd_dev,
3277                              const char *object_name,
3278                              const char *class_name,
3279                              const char *method_name,
3280                              const void *outbound,
3281                              size_t outbound_size,
3282                              void *inbound,
3283                              size_t inbound_size)
3284 {
3285         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3286         struct rbd_obj_request *obj_request;
3287         struct page **pages;
3288         u32 page_count;
3289         int ret;
3290
3291         /*
3292          * Method calls are ultimately read operations.  The result
3293          * should placed into the inbound buffer provided.  They
3294          * also supply outbound data--parameters for the object
3295          * method.  Currently if this is present it will be a
3296          * snapshot id.
3297          */
3298         page_count = (u32)calc_pages_for(0, inbound_size);
3299         pages = ceph_alloc_page_vector(page_count, GFP_KERNEL);
3300         if (IS_ERR(pages))
3301                 return PTR_ERR(pages);
3302
3303         ret = -ENOMEM;
3304         obj_request = rbd_obj_request_create(object_name, 0, inbound_size,
3305                                                         OBJ_REQUEST_PAGES);
3306         if (!obj_request)
3307                 goto out;
3308
3309         obj_request->pages = pages;
3310         obj_request->page_count = page_count;
3311
3312         obj_request->osd_req = rbd_osd_req_create(rbd_dev, OBJ_OP_READ, 1,
3313                                                   obj_request);
3314         if (!obj_request->osd_req)
3315                 goto out;
3316
3317         osd_req_op_cls_init(obj_request->osd_req, 0, CEPH_OSD_OP_CALL,
3318                                         class_name, method_name);
3319         if (outbound_size) {
3320                 struct ceph_pagelist *pagelist;
3321
3322                 pagelist = kmalloc(sizeof (*pagelist), GFP_NOFS);
3323                 if (!pagelist)
3324                         goto out;
3325
3326                 ceph_pagelist_init(pagelist);
3327                 ceph_pagelist_append(pagelist, outbound, outbound_size);
3328                 osd_req_op_cls_request_data_pagelist(obj_request->osd_req, 0,
3329                                                 pagelist);
3330         }
3331         osd_req_op_cls_response_data_pages(obj_request->osd_req, 0,
3332                                         obj_request->pages, inbound_size,
3333                                         0, false, false);
3334         rbd_osd_req_format_read(obj_request);
3335
3336         ret = rbd_obj_request_submit(osdc, obj_request);
3337         if (ret)
3338                 goto out;
3339         ret = rbd_obj_request_wait(obj_request);
3340         if (ret)
3341                 goto out;
3342
3343         ret = obj_request->result;
3344         if (ret < 0)
3345                 goto out;
3346
3347         rbd_assert(obj_request->xferred < (u64)INT_MAX);
3348         ret = (int)obj_request->xferred;
3349         ceph_copy_from_page_vector(pages, inbound, 0, obj_request->xferred);
3350 out:
3351         if (obj_request)
3352                 rbd_obj_request_put(obj_request);
3353         else
3354                 ceph_release_page_vector(pages, page_count);
3355
3356         return ret;
3357 }
3358
3359 static void rbd_queue_workfn(struct work_struct *work)
3360 {
3361         struct request *rq = blk_mq_rq_from_pdu(work);
3362         struct rbd_device *rbd_dev = rq->q->queuedata;
3363         struct rbd_img_request *img_request;
3364         struct ceph_snap_context *snapc = NULL;
3365         u64 offset = (u64)blk_rq_pos(rq) << SECTOR_SHIFT;
3366         u64 length = blk_rq_bytes(rq);
3367         enum obj_operation_type op_type;
3368         u64 mapping_size;
3369         int result;
3370
3371         if (rq->cmd_type != REQ_TYPE_FS) {
3372                 dout("%s: non-fs request type %d\n", __func__,
3373                         (int) rq->cmd_type);
3374                 result = -EIO;
3375                 goto err;
3376         }
3377
3378         if (rq->cmd_flags & REQ_DISCARD)
3379                 op_type = OBJ_OP_DISCARD;
3380         else if (rq->cmd_flags & REQ_WRITE)
3381                 op_type = OBJ_OP_WRITE;
3382         else
3383                 op_type = OBJ_OP_READ;
3384
3385         /* Ignore/skip any zero-length requests */
3386
3387         if (!length) {
3388                 dout("%s: zero-length request\n", __func__);
3389                 result = 0;
3390                 goto err_rq;
3391         }
3392
3393         /* Only reads are allowed to a read-only device */
3394
3395         if (op_type != OBJ_OP_READ) {
3396                 if (rbd_dev->mapping.read_only) {
3397                         result = -EROFS;
3398                         goto err_rq;
3399                 }
3400                 rbd_assert(rbd_dev->spec->snap_id == CEPH_NOSNAP);
3401         }
3402
3403         /*
3404          * Quit early if the mapped snapshot no longer exists.  It's
3405          * still possible the snapshot will have disappeared by the
3406          * time our request arrives at the osd, but there's no sense in
3407          * sending it if we already know.
3408          */
3409         if (!test_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags)) {
3410                 dout("request for non-existent snapshot");
3411                 rbd_assert(rbd_dev->spec->snap_id != CEPH_NOSNAP);
3412                 result = -ENXIO;
3413                 goto err_rq;
3414         }
3415
3416         if (offset && length > U64_MAX - offset + 1) {
3417                 rbd_warn(rbd_dev, "bad request range (%llu~%llu)", offset,
3418                          length);
3419                 result = -EINVAL;
3420                 goto err_rq;    /* Shouldn't happen */
3421         }
3422
3423         blk_mq_start_request(rq);
3424
3425         down_read(&rbd_dev->header_rwsem);
3426         mapping_size = rbd_dev->mapping.size;
3427         if (op_type != OBJ_OP_READ) {
3428                 snapc = rbd_dev->header.snapc;
3429                 ceph_get_snap_context(snapc);
3430         }
3431         up_read(&rbd_dev->header_rwsem);
3432
3433         if (offset + length > mapping_size) {
3434                 rbd_warn(rbd_dev, "beyond EOD (%llu~%llu > %llu)", offset,
3435                          length, mapping_size);
3436                 result = -EIO;
3437                 goto err_rq;
3438         }
3439
3440         img_request = rbd_img_request_create(rbd_dev, offset, length, op_type,
3441                                              snapc);
3442         if (!img_request) {
3443                 result = -ENOMEM;
3444                 goto err_rq;
3445         }
3446         img_request->rq = rq;
3447
3448         if (op_type == OBJ_OP_DISCARD)
3449                 result = rbd_img_request_fill(img_request, OBJ_REQUEST_NODATA,
3450                                               NULL);
3451         else
3452                 result = rbd_img_request_fill(img_request, OBJ_REQUEST_BIO,
3453                                               rq->bio);
3454         if (result)
3455                 goto err_img_request;
3456
3457         result = rbd_img_request_submit(img_request);
3458         if (result)
3459                 goto err_img_request;
3460
3461         return;
3462
3463 err_img_request:
3464         rbd_img_request_put(img_request);
3465 err_rq:
3466         if (result)
3467                 rbd_warn(rbd_dev, "%s %llx at %llx result %d",
3468                          obj_op_name(op_type), length, offset, result);
3469         ceph_put_snap_context(snapc);
3470 err:
3471         blk_mq_end_request(rq, result);
3472 }
3473
3474 static int rbd_queue_rq(struct blk_mq_hw_ctx *hctx,
3475                 const struct blk_mq_queue_data *bd)
3476 {
3477         struct request *rq = bd->rq;
3478         struct work_struct *work = blk_mq_rq_to_pdu(rq);
3479
3480         queue_work(rbd_wq, work);
3481         return BLK_MQ_RQ_QUEUE_OK;
3482 }
3483
3484 static void rbd_free_disk(struct rbd_device *rbd_dev)
3485 {
3486         struct gendisk *disk = rbd_dev->disk;
3487
3488         if (!disk)
3489                 return;
3490
3491         rbd_dev->disk = NULL;
3492         if (disk->flags & GENHD_FL_UP) {
3493                 del_gendisk(disk);
3494                 if (disk->queue)
3495                         blk_cleanup_queue(disk->queue);
3496                 blk_mq_free_tag_set(&rbd_dev->tag_set);
3497         }
3498         put_disk(disk);
3499 }
3500
3501 static int rbd_obj_read_sync(struct rbd_device *rbd_dev,
3502                                 const char *object_name,
3503                                 u64 offset, u64 length, void *buf)
3504
3505 {
3506         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3507         struct rbd_obj_request *obj_request;
3508         struct page **pages = NULL;
3509         u32 page_count;
3510         size_t size;
3511         int ret;
3512
3513         page_count = (u32) calc_pages_for(offset, length);
3514         pages = ceph_alloc_page_vector(page_count, GFP_KERNEL);
3515         if (IS_ERR(pages))
3516                 return PTR_ERR(pages);
3517
3518         ret = -ENOMEM;
3519         obj_request = rbd_obj_request_create(object_name, offset, length,
3520                                                         OBJ_REQUEST_PAGES);
3521         if (!obj_request)
3522                 goto out;
3523
3524         obj_request->pages = pages;
3525         obj_request->page_count = page_count;
3526
3527         obj_request->osd_req = rbd_osd_req_create(rbd_dev, OBJ_OP_READ, 1,
3528                                                   obj_request);
3529         if (!obj_request->osd_req)
3530                 goto out;
3531
3532         osd_req_op_extent_init(obj_request->osd_req, 0, CEPH_OSD_OP_READ,
3533                                         offset, length, 0, 0);
3534         osd_req_op_extent_osd_data_pages(obj_request->osd_req, 0,
3535                                         obj_request->pages,
3536                                         obj_request->length,
3537                                         obj_request->offset & ~PAGE_MASK,
3538                                         false, false);
3539         rbd_osd_req_format_read(obj_request);
3540
3541         ret = rbd_obj_request_submit(osdc, obj_request);
3542         if (ret)
3543                 goto out;
3544         ret = rbd_obj_request_wait(obj_request);
3545         if (ret)
3546                 goto out;
3547
3548         ret = obj_request->result;
3549         if (ret < 0)
3550                 goto out;
3551
3552         rbd_assert(obj_request->xferred <= (u64) SIZE_MAX);
3553         size = (size_t) obj_request->xferred;
3554         ceph_copy_from_page_vector(pages, buf, 0, size);
3555         rbd_assert(size <= (size_t)INT_MAX);
3556         ret = (int)size;
3557 out:
3558         if (obj_request)
3559                 rbd_obj_request_put(obj_request);
3560         else
3561                 ceph_release_page_vector(pages, page_count);
3562
3563         return ret;
3564 }
3565
3566 /*
3567  * Read the complete header for the given rbd device.  On successful
3568  * return, the rbd_dev->header field will contain up-to-date
3569  * information about the image.
3570  */
3571 static int rbd_dev_v1_header_info(struct rbd_device *rbd_dev)
3572 {
3573         struct rbd_image_header_ondisk *ondisk = NULL;
3574         u32 snap_count = 0;
3575         u64 names_size = 0;
3576         u32 want_count;
3577         int ret;
3578
3579         /*
3580          * The complete header will include an array of its 64-bit
3581          * snapshot ids, followed by the names of those snapshots as
3582          * a contiguous block of NUL-terminated strings.  Note that
3583          * the number of snapshots could change by the time we read
3584          * it in, in which case we re-read it.
3585          */
3586         do {
3587                 size_t size;
3588
3589                 kfree(ondisk);
3590
3591                 size = sizeof (*ondisk);
3592                 size += snap_count * sizeof (struct rbd_image_snap_ondisk);
3593                 size += names_size;
3594                 ondisk = kmalloc(size, GFP_KERNEL);
3595                 if (!ondisk)
3596                         return -ENOMEM;
3597
3598                 ret = rbd_obj_read_sync(rbd_dev, rbd_dev->header_name,
3599                                        0, size, ondisk);
3600                 if (ret < 0)
3601                         goto out;
3602                 if ((size_t)ret < size) {
3603                         ret = -ENXIO;
3604                         rbd_warn(rbd_dev, "short header read (want %zd got %d)",
3605                                 size, ret);
3606                         goto out;
3607                 }
3608                 if (!rbd_dev_ondisk_valid(ondisk)) {
3609                         ret = -ENXIO;
3610                         rbd_warn(rbd_dev, "invalid header");
3611                         goto out;
3612                 }
3613
3614                 names_size = le64_to_cpu(ondisk->snap_names_len);
3615                 want_count = snap_count;
3616                 snap_count = le32_to_cpu(ondisk->snap_count);
3617         } while (snap_count != want_count);
3618
3619         ret = rbd_header_from_disk(rbd_dev, ondisk);
3620 out:
3621         kfree(ondisk);
3622
3623         return ret;
3624 }
3625
3626 /*
3627  * Clear the rbd device's EXISTS flag if the snapshot it's mapped to
3628  * has disappeared from the (just updated) snapshot context.
3629  */
3630 static void rbd_exists_validate(struct rbd_device *rbd_dev)
3631 {
3632         u64 snap_id;
3633
3634         if (!test_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags))
3635                 return;
3636
3637         snap_id = rbd_dev->spec->snap_id;
3638         if (snap_id == CEPH_NOSNAP)
3639                 return;
3640
3641         if (rbd_dev_snap_index(rbd_dev, snap_id) == BAD_SNAP_INDEX)
3642                 clear_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags);
3643 }
3644
3645 static void rbd_dev_update_size(struct rbd_device *rbd_dev)
3646 {
3647         sector_t size;
3648         bool removing;
3649
3650         /*
3651          * Don't hold the lock while doing disk operations,
3652          * or lock ordering will conflict with the bdev mutex via:
3653          * rbd_add() -> blkdev_get() -> rbd_open()
3654          */
3655         spin_lock_irq(&rbd_dev->lock);
3656         removing = test_bit(RBD_DEV_FLAG_REMOVING, &rbd_dev->flags);
3657         spin_unlock_irq(&rbd_dev->lock);
3658         /*
3659          * If the device is being removed, rbd_dev->disk has
3660          * been destroyed, so don't try to update its size
3661          */
3662         if (!removing) {
3663                 size = (sector_t)rbd_dev->mapping.size / SECTOR_SIZE;
3664                 dout("setting size to %llu sectors", (unsigned long long)size);
3665                 set_capacity(rbd_dev->disk, size);
3666                 revalidate_disk(rbd_dev->disk);
3667         }
3668 }
3669
3670 static int rbd_dev_refresh(struct rbd_device *rbd_dev)
3671 {
3672         u64 mapping_size;
3673         int ret;
3674
3675         down_write(&rbd_dev->header_rwsem);
3676         mapping_size = rbd_dev->mapping.size;
3677
3678         ret = rbd_dev_header_info(rbd_dev);
3679         if (ret)
3680                 goto out;
3681
3682         /*
3683          * If there is a parent, see if it has disappeared due to the
3684          * mapped image getting flattened.
3685          */
3686         if (rbd_dev->parent) {
3687                 ret = rbd_dev_v2_parent_info(rbd_dev);
3688                 if (ret)
3689                         goto out;
3690         }
3691
3692         if (rbd_dev->spec->snap_id == CEPH_NOSNAP) {
3693                 rbd_dev->mapping.size = rbd_dev->header.image_size;
3694         } else {
3695                 /* validate mapped snapshot's EXISTS flag */
3696                 rbd_exists_validate(rbd_dev);
3697         }
3698
3699 out:
3700         up_write(&rbd_dev->header_rwsem);
3701         if (!ret && mapping_size != rbd_dev->mapping.size)
3702                 rbd_dev_update_size(rbd_dev);
3703
3704         return ret;
3705 }
3706
3707 static int rbd_init_request(void *data, struct request *rq,
3708                 unsigned int hctx_idx, unsigned int request_idx,
3709                 unsigned int numa_node)
3710 {
3711         struct work_struct *work = blk_mq_rq_to_pdu(rq);
3712
3713         INIT_WORK(work, rbd_queue_workfn);
3714         return 0;
3715 }
3716
3717 static struct blk_mq_ops rbd_mq_ops = {
3718         .queue_rq       = rbd_queue_rq,
3719         .map_queue      = blk_mq_map_queue,
3720         .init_request   = rbd_init_request,
3721 };
3722
3723 static int rbd_init_disk(struct rbd_device *rbd_dev)
3724 {
3725         struct gendisk *disk;
3726         struct request_queue *q;
3727         u64 segment_size;
3728         int err;
3729
3730         /* create gendisk info */
3731         disk = alloc_disk(single_major ?
3732                           (1 << RBD_SINGLE_MAJOR_PART_SHIFT) :
3733                           RBD_MINORS_PER_MAJOR);
3734         if (!disk)
3735                 return -ENOMEM;
3736
3737         snprintf(disk->disk_name, sizeof(disk->disk_name), RBD_DRV_NAME "%d",
3738                  rbd_dev->dev_id);
3739         disk->major = rbd_dev->major;
3740         disk->first_minor = rbd_dev->minor;
3741         if (single_major)
3742                 disk->flags |= GENHD_FL_EXT_DEVT;
3743         disk->fops = &rbd_bd_ops;
3744         disk->private_data = rbd_dev;
3745
3746         memset(&rbd_dev->tag_set, 0, sizeof(rbd_dev->tag_set));
3747         rbd_dev->tag_set.ops = &rbd_mq_ops;
3748         rbd_dev->tag_set.queue_depth = rbd_dev->opts->queue_depth;
3749         rbd_dev->tag_set.numa_node = NUMA_NO_NODE;
3750         rbd_dev->tag_set.flags = BLK_MQ_F_SHOULD_MERGE | BLK_MQ_F_SG_MERGE;
3751         rbd_dev->tag_set.nr_hw_queues = 1;
3752         rbd_dev->tag_set.cmd_size = sizeof(struct work_struct);
3753
3754         err = blk_mq_alloc_tag_set(&rbd_dev->tag_set);
3755         if (err)
3756                 goto out_disk;
3757
3758         q = blk_mq_init_queue(&rbd_dev->tag_set);
3759         if (IS_ERR(q)) {
3760                 err = PTR_ERR(q);
3761                 goto out_tag_set;
3762         }
3763
3764         queue_flag_set_unlocked(QUEUE_FLAG_NONROT, q);
3765         /* QUEUE_FLAG_ADD_RANDOM is off by default for blk-mq */
3766
3767         /* set io sizes to object size */
3768         segment_size = rbd_obj_bytes(&rbd_dev->header);
3769         blk_queue_max_hw_sectors(q, segment_size / SECTOR_SIZE);
3770         q->limits.max_sectors = queue_max_hw_sectors(q);
3771         blk_queue_max_segments(q, segment_size / SECTOR_SIZE);
3772         blk_queue_max_segment_size(q, segment_size);
3773         blk_queue_io_min(q, segment_size);
3774         blk_queue_io_opt(q, segment_size);
3775
3776         /* enable the discard support */
3777         queue_flag_set_unlocked(QUEUE_FLAG_DISCARD, q);
3778         q->limits.discard_granularity = segment_size;
3779         q->limits.discard_alignment = segment_size;
3780         blk_queue_max_discard_sectors(q, segment_size / SECTOR_SIZE);
3781         q->limits.discard_zeroes_data = 1;
3782
3783         disk->queue = q;
3784
3785         q->queuedata = rbd_dev;
3786
3787         rbd_dev->disk = disk;
3788
3789         return 0;
3790 out_tag_set:
3791         blk_mq_free_tag_set(&rbd_dev->tag_set);
3792 out_disk:
3793         put_disk(disk);
3794         return err;
3795 }
3796
3797 /*
3798   sysfs
3799 */
3800
3801 static struct rbd_device *dev_to_rbd_dev(struct device *dev)
3802 {
3803         return container_of(dev, struct rbd_device, dev);
3804 }
3805
3806 static ssize_t rbd_size_show(struct device *dev,
3807                              struct device_attribute *attr, char *buf)
3808 {
3809         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3810
3811         return sprintf(buf, "%llu\n",
3812                 (unsigned long long)rbd_dev->mapping.size);
3813 }
3814
3815 /*
3816  * Note this shows the features for whatever's mapped, which is not
3817  * necessarily the base image.
3818  */
3819 static ssize_t rbd_features_show(struct device *dev,
3820                              struct device_attribute *attr, char *buf)
3821 {
3822         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3823
3824         return sprintf(buf, "0x%016llx\n",
3825                         (unsigned long long)rbd_dev->mapping.features);
3826 }
3827
3828 static ssize_t rbd_major_show(struct device *dev,
3829                               struct device_attribute *attr, char *buf)
3830 {
3831         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3832
3833         if (rbd_dev->major)
3834                 return sprintf(buf, "%d\n", rbd_dev->major);
3835
3836         return sprintf(buf, "(none)\n");
3837 }
3838
3839 static ssize_t rbd_minor_show(struct device *dev,
3840                               struct device_attribute *attr, char *buf)
3841 {
3842         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3843
3844         return sprintf(buf, "%d\n", rbd_dev->minor);
3845 }
3846
3847 static ssize_t rbd_client_id_show(struct device *dev,
3848                                   struct device_attribute *attr, char *buf)
3849 {
3850         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3851
3852         return sprintf(buf, "client%lld\n",
3853                         ceph_client_id(rbd_dev->rbd_client->client));
3854 }
3855
3856 static ssize_t rbd_pool_show(struct device *dev,
3857                              struct device_attribute *attr, char *buf)
3858 {
3859         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3860
3861         return sprintf(buf, "%s\n", rbd_dev->spec->pool_name);
3862 }
3863
3864 static ssize_t rbd_pool_id_show(struct device *dev,
3865                              struct device_attribute *attr, char *buf)
3866 {
3867         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3868
3869         return sprintf(buf, "%llu\n",
3870                         (unsigned long long) rbd_dev->spec->pool_id);
3871 }
3872
3873 static ssize_t rbd_name_show(struct device *dev,
3874                              struct device_attribute *attr, char *buf)
3875 {
3876         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3877
3878         if (rbd_dev->spec->image_name)
3879                 return sprintf(buf, "%s\n", rbd_dev->spec->image_name);
3880
3881         return sprintf(buf, "(unknown)\n");
3882 }
3883
3884 static ssize_t rbd_image_id_show(struct device *dev,
3885                              struct device_attribute *attr, char *buf)
3886 {
3887         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3888
3889         return sprintf(buf, "%s\n", rbd_dev->spec->image_id);
3890 }
3891
3892 /*
3893  * Shows the name of the currently-mapped snapshot (or
3894  * RBD_SNAP_HEAD_NAME for the base image).
3895  */
3896 static ssize_t rbd_snap_show(struct device *dev,
3897                              struct device_attribute *attr,
3898                              char *buf)
3899 {
3900         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3901
3902         return sprintf(buf, "%s\n", rbd_dev->spec->snap_name);
3903 }
3904
3905 /*
3906  * For a v2 image, shows the chain of parent images, separated by empty
3907  * lines.  For v1 images or if there is no parent, shows "(no parent
3908  * image)".
3909  */
3910 static ssize_t rbd_parent_show(struct device *dev,
3911                                struct device_attribute *attr,
3912                                char *buf)
3913 {
3914         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3915         ssize_t count = 0;
3916
3917         if (!rbd_dev->parent)
3918                 return sprintf(buf, "(no parent image)\n");
3919
3920         for ( ; rbd_dev->parent; rbd_dev = rbd_dev->parent) {
3921                 struct rbd_spec *spec = rbd_dev->parent_spec;
3922
3923                 count += sprintf(&buf[count], "%s"
3924                             "pool_id %llu\npool_name %s\n"
3925                             "image_id %s\nimage_name %s\n"
3926                             "snap_id %llu\nsnap_name %s\n"
3927                             "overlap %llu\n",
3928                             !count ? "" : "\n", /* first? */
3929                             spec->pool_id, spec->pool_name,
3930                             spec->image_id, spec->image_name ?: "(unknown)",
3931                             spec->snap_id, spec->snap_name,
3932                             rbd_dev->parent_overlap);
3933         }
3934
3935         return count;
3936 }
3937
3938 static ssize_t rbd_image_refresh(struct device *dev,
3939                                  struct device_attribute *attr,
3940                                  const char *buf,
3941                                  size_t size)
3942 {
3943         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
3944         int ret;
3945
3946         ret = rbd_dev_refresh(rbd_dev);
3947         if (ret)
3948                 return ret;
3949
3950         return size;
3951 }
3952
3953 static DEVICE_ATTR(size, S_IRUGO, rbd_size_show, NULL);
3954 static DEVICE_ATTR(features, S_IRUGO, rbd_features_show, NULL);
3955 static DEVICE_ATTR(major, S_IRUGO, rbd_major_show, NULL);
3956 static DEVICE_ATTR(minor, S_IRUGO, rbd_minor_show, NULL);
3957 static DEVICE_ATTR(client_id, S_IRUGO, rbd_client_id_show, NULL);
3958 static DEVICE_ATTR(pool, S_IRUGO, rbd_pool_show, NULL);
3959 static DEVICE_ATTR(pool_id, S_IRUGO, rbd_pool_id_show, NULL);
3960 static DEVICE_ATTR(name, S_IRUGO, rbd_name_show, NULL);
3961 static DEVICE_ATTR(image_id, S_IRUGO, rbd_image_id_show, NULL);
3962 static DEVICE_ATTR(refresh, S_IWUSR, NULL, rbd_image_refresh);
3963 static DEVICE_ATTR(current_snap, S_IRUGO, rbd_snap_show, NULL);
3964 static DEVICE_ATTR(parent, S_IRUGO, rbd_parent_show, NULL);
3965
3966 static struct attribute *rbd_attrs[] = {
3967         &dev_attr_size.attr,
3968         &dev_attr_features.attr,
3969         &dev_attr_major.attr,
3970         &dev_attr_minor.attr,
3971         &dev_attr_client_id.attr,
3972         &dev_attr_pool.attr,
3973         &dev_attr_pool_id.attr,
3974         &dev_attr_name.attr,
3975         &dev_attr_image_id.attr,
3976         &dev_attr_current_snap.attr,
3977         &dev_attr_parent.attr,
3978         &dev_attr_refresh.attr,
3979         NULL
3980 };
3981
3982 static struct attribute_group rbd_attr_group = {
3983         .attrs = rbd_attrs,
3984 };
3985
3986 static const struct attribute_group *rbd_attr_groups[] = {
3987         &rbd_attr_group,
3988         NULL
3989 };
3990
3991 static void rbd_sysfs_dev_release(struct device *dev)
3992 {
3993 }
3994
3995 static struct device_type rbd_device_type = {
3996         .name           = "rbd",
3997         .groups         = rbd_attr_groups,
3998         .release        = rbd_sysfs_dev_release,
3999 };
4000
4001 static struct rbd_spec *rbd_spec_get(struct rbd_spec *spec)
4002 {
4003         kref_get(&spec->kref);
4004
4005         return spec;
4006 }
4007
4008 static void rbd_spec_free(struct kref *kref);
4009 static void rbd_spec_put(struct rbd_spec *spec)
4010 {
4011         if (spec)
4012                 kref_put(&spec->kref, rbd_spec_free);
4013 }
4014
4015 static struct rbd_spec *rbd_spec_alloc(void)
4016 {
4017         struct rbd_spec *spec;
4018
4019         spec = kzalloc(sizeof (*spec), GFP_KERNEL);
4020         if (!spec)
4021                 return NULL;
4022
4023         spec->pool_id = CEPH_NOPOOL;
4024         spec->snap_id = CEPH_NOSNAP;
4025         kref_init(&spec->kref);
4026
4027         return spec;
4028 }
4029
4030 static void rbd_spec_free(struct kref *kref)
4031 {
4032         struct rbd_spec *spec = container_of(kref, struct rbd_spec, kref);
4033
4034         kfree(spec->pool_name);
4035         kfree(spec->image_id);
4036         kfree(spec->image_name);
4037         kfree(spec->snap_name);
4038         kfree(spec);
4039 }
4040
4041 static struct rbd_device *rbd_dev_create(struct rbd_client *rbdc,
4042                                          struct rbd_spec *spec,
4043                                          struct rbd_options *opts)
4044 {
4045         struct rbd_device *rbd_dev;
4046
4047         rbd_dev = kzalloc(sizeof (*rbd_dev), GFP_KERNEL);
4048         if (!rbd_dev)
4049                 return NULL;
4050
4051         spin_lock_init(&rbd_dev->lock);
4052         rbd_dev->flags = 0;
4053         atomic_set(&rbd_dev->parent_ref, 0);
4054         INIT_LIST_HEAD(&rbd_dev->node);
4055         init_rwsem(&rbd_dev->header_rwsem);
4056
4057         rbd_dev->rbd_client = rbdc;
4058         rbd_dev->spec = spec;
4059         rbd_dev->opts = opts;
4060
4061         /* Initialize the layout used for all rbd requests */
4062
4063         rbd_dev->layout.fl_stripe_unit = cpu_to_le32(1 << RBD_MAX_OBJ_ORDER);
4064         rbd_dev->layout.fl_stripe_count = cpu_to_le32(1);
4065         rbd_dev->layout.fl_object_size = cpu_to_le32(1 << RBD_MAX_OBJ_ORDER);
4066         rbd_dev->layout.fl_pg_pool = cpu_to_le32((u32) spec->pool_id);
4067
4068         return rbd_dev;
4069 }
4070
4071 static void rbd_dev_destroy(struct rbd_device *rbd_dev)
4072 {
4073         rbd_put_client(rbd_dev->rbd_client);
4074         rbd_spec_put(rbd_dev->spec);
4075         kfree(rbd_dev->opts);
4076         kfree(rbd_dev);
4077 }
4078
4079 /*
4080  * Get the size and object order for an image snapshot, or if
4081  * snap_id is CEPH_NOSNAP, gets this information for the base
4082  * image.
4083  */
4084 static int _rbd_dev_v2_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
4085                                 u8 *order, u64 *snap_size)
4086 {
4087         __le64 snapid = cpu_to_le64(snap_id);
4088         int ret;
4089         struct {
4090                 u8 order;
4091                 __le64 size;
4092         } __attribute__ ((packed)) size_buf = { 0 };
4093
4094         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4095                                 "rbd", "get_size",
4096                                 &snapid, sizeof (snapid),
4097                                 &size_buf, sizeof (size_buf));
4098         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4099         if (ret < 0)
4100                 return ret;
4101         if (ret < sizeof (size_buf))
4102                 return -ERANGE;
4103
4104         if (order) {
4105                 *order = size_buf.order;
4106                 dout("  order %u", (unsigned int)*order);
4107         }
4108         *snap_size = le64_to_cpu(size_buf.size);
4109
4110         dout("  snap_id 0x%016llx snap_size = %llu\n",
4111                 (unsigned long long)snap_id,
4112                 (unsigned long long)*snap_size);
4113
4114         return 0;
4115 }
4116
4117 static int rbd_dev_v2_image_size(struct rbd_device *rbd_dev)
4118 {
4119         return _rbd_dev_v2_snap_size(rbd_dev, CEPH_NOSNAP,
4120                                         &rbd_dev->header.obj_order,
4121                                         &rbd_dev->header.image_size);
4122 }
4123
4124 static int rbd_dev_v2_object_prefix(struct rbd_device *rbd_dev)
4125 {
4126         void *reply_buf;
4127         int ret;
4128         void *p;
4129
4130         reply_buf = kzalloc(RBD_OBJ_PREFIX_LEN_MAX, GFP_KERNEL);
4131         if (!reply_buf)
4132                 return -ENOMEM;
4133
4134         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4135                                 "rbd", "get_object_prefix", NULL, 0,
4136                                 reply_buf, RBD_OBJ_PREFIX_LEN_MAX);
4137         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4138         if (ret < 0)
4139                 goto out;
4140
4141         p = reply_buf;
4142         rbd_dev->header.object_prefix = ceph_extract_encoded_string(&p,
4143                                                 p + ret, NULL, GFP_NOIO);
4144         ret = 0;
4145
4146         if (IS_ERR(rbd_dev->header.object_prefix)) {
4147                 ret = PTR_ERR(rbd_dev->header.object_prefix);
4148                 rbd_dev->header.object_prefix = NULL;
4149         } else {
4150                 dout("  object_prefix = %s\n", rbd_dev->header.object_prefix);
4151         }
4152 out:
4153         kfree(reply_buf);
4154
4155         return ret;
4156 }
4157
4158 static int _rbd_dev_v2_snap_features(struct rbd_device *rbd_dev, u64 snap_id,
4159                 u64 *snap_features)
4160 {
4161         __le64 snapid = cpu_to_le64(snap_id);
4162         struct {
4163                 __le64 features;
4164                 __le64 incompat;
4165         } __attribute__ ((packed)) features_buf = { 0 };
4166         u64 incompat;
4167         int ret;
4168
4169         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4170                                 "rbd", "get_features",
4171                                 &snapid, sizeof (snapid),
4172                                 &features_buf, sizeof (features_buf));
4173         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4174         if (ret < 0)
4175                 return ret;
4176         if (ret < sizeof (features_buf))
4177                 return -ERANGE;
4178
4179         incompat = le64_to_cpu(features_buf.incompat);
4180         if (incompat & ~RBD_FEATURES_SUPPORTED)
4181                 return -ENXIO;
4182
4183         *snap_features = le64_to_cpu(features_buf.features);
4184
4185         dout("  snap_id 0x%016llx features = 0x%016llx incompat = 0x%016llx\n",
4186                 (unsigned long long)snap_id,
4187                 (unsigned long long)*snap_features,
4188                 (unsigned long long)le64_to_cpu(features_buf.incompat));
4189
4190         return 0;
4191 }
4192
4193 static int rbd_dev_v2_features(struct rbd_device *rbd_dev)
4194 {
4195         return _rbd_dev_v2_snap_features(rbd_dev, CEPH_NOSNAP,
4196                                                 &rbd_dev->header.features);
4197 }
4198
4199 static int rbd_dev_v2_parent_info(struct rbd_device *rbd_dev)
4200 {
4201         struct rbd_spec *parent_spec;
4202         size_t size;
4203         void *reply_buf = NULL;
4204         __le64 snapid;
4205         void *p;
4206         void *end;
4207         u64 pool_id;
4208         char *image_id;
4209         u64 snap_id;
4210         u64 overlap;
4211         int ret;
4212
4213         parent_spec = rbd_spec_alloc();
4214         if (!parent_spec)
4215                 return -ENOMEM;
4216
4217         size = sizeof (__le64) +                                /* pool_id */
4218                 sizeof (__le32) + RBD_IMAGE_ID_LEN_MAX +        /* image_id */
4219                 sizeof (__le64) +                               /* snap_id */
4220                 sizeof (__le64);                                /* overlap */
4221         reply_buf = kmalloc(size, GFP_KERNEL);
4222         if (!reply_buf) {
4223                 ret = -ENOMEM;
4224                 goto out_err;
4225         }
4226
4227         snapid = cpu_to_le64(rbd_dev->spec->snap_id);
4228         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4229                                 "rbd", "get_parent",
4230                                 &snapid, sizeof (snapid),
4231                                 reply_buf, size);
4232         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4233         if (ret < 0)
4234                 goto out_err;
4235
4236         p = reply_buf;
4237         end = reply_buf + ret;
4238         ret = -ERANGE;
4239         ceph_decode_64_safe(&p, end, pool_id, out_err);
4240         if (pool_id == CEPH_NOPOOL) {
4241                 /*
4242                  * Either the parent never existed, or we have
4243                  * record of it but the image got flattened so it no
4244                  * longer has a parent.  When the parent of a
4245                  * layered image disappears we immediately set the
4246                  * overlap to 0.  The effect of this is that all new
4247                  * requests will be treated as if the image had no
4248                  * parent.
4249                  */
4250                 if (rbd_dev->parent_overlap) {
4251                         rbd_dev->parent_overlap = 0;
4252                         rbd_dev_parent_put(rbd_dev);
4253                         pr_info("%s: clone image has been flattened\n",
4254                                 rbd_dev->disk->disk_name);
4255                 }
4256
4257                 goto out;       /* No parent?  No problem. */
4258         }
4259
4260         /* The ceph file layout needs to fit pool id in 32 bits */
4261
4262         ret = -EIO;
4263         if (pool_id > (u64)U32_MAX) {
4264                 rbd_warn(NULL, "parent pool id too large (%llu > %u)",
4265                         (unsigned long long)pool_id, U32_MAX);
4266                 goto out_err;
4267         }
4268
4269         image_id = ceph_extract_encoded_string(&p, end, NULL, GFP_KERNEL);
4270         if (IS_ERR(image_id)) {
4271                 ret = PTR_ERR(image_id);
4272                 goto out_err;
4273         }
4274         ceph_decode_64_safe(&p, end, snap_id, out_err);
4275         ceph_decode_64_safe(&p, end, overlap, out_err);
4276
4277         /*
4278          * The parent won't change (except when the clone is
4279          * flattened, already handled that).  So we only need to
4280          * record the parent spec we have not already done so.
4281          */
4282         if (!rbd_dev->parent_spec) {
4283                 parent_spec->pool_id = pool_id;
4284                 parent_spec->image_id = image_id;
4285                 parent_spec->snap_id = snap_id;
4286                 rbd_dev->parent_spec = parent_spec;
4287                 parent_spec = NULL;     /* rbd_dev now owns this */
4288         } else {
4289                 kfree(image_id);
4290         }
4291
4292         /*
4293          * We always update the parent overlap.  If it's zero we issue
4294          * a warning, as we will proceed as if there was no parent.
4295          */
4296         if (!overlap) {
4297                 if (parent_spec) {
4298                         /* refresh, careful to warn just once */
4299                         if (rbd_dev->parent_overlap)
4300                                 rbd_warn(rbd_dev,
4301                                     "clone now standalone (overlap became 0)");
4302                 } else {
4303                         /* initial probe */
4304                         rbd_warn(rbd_dev, "clone is standalone (overlap 0)");
4305                 }
4306         }
4307         rbd_dev->parent_overlap = overlap;
4308
4309 out:
4310         ret = 0;
4311 out_err:
4312         kfree(reply_buf);
4313         rbd_spec_put(parent_spec);
4314
4315         return ret;
4316 }
4317
4318 static int rbd_dev_v2_striping_info(struct rbd_device *rbd_dev)
4319 {
4320         struct {
4321                 __le64 stripe_unit;
4322                 __le64 stripe_count;
4323         } __attribute__ ((packed)) striping_info_buf = { 0 };
4324         size_t size = sizeof (striping_info_buf);
4325         void *p;
4326         u64 obj_size;
4327         u64 stripe_unit;
4328         u64 stripe_count;
4329         int ret;
4330
4331         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4332                                 "rbd", "get_stripe_unit_count", NULL, 0,
4333                                 (char *)&striping_info_buf, size);
4334         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4335         if (ret < 0)
4336                 return ret;
4337         if (ret < size)
4338                 return -ERANGE;
4339
4340         /*
4341          * We don't actually support the "fancy striping" feature
4342          * (STRIPINGV2) yet, but if the striping sizes are the
4343          * defaults the behavior is the same as before.  So find
4344          * out, and only fail if the image has non-default values.
4345          */
4346         ret = -EINVAL;
4347         obj_size = (u64)1 << rbd_dev->header.obj_order;
4348         p = &striping_info_buf;
4349         stripe_unit = ceph_decode_64(&p);
4350         if (stripe_unit != obj_size) {
4351                 rbd_warn(rbd_dev, "unsupported stripe unit "
4352                                 "(got %llu want %llu)",
4353                                 stripe_unit, obj_size);
4354                 return -EINVAL;
4355         }
4356         stripe_count = ceph_decode_64(&p);
4357         if (stripe_count != 1) {
4358                 rbd_warn(rbd_dev, "unsupported stripe count "
4359                                 "(got %llu want 1)", stripe_count);
4360                 return -EINVAL;
4361         }
4362         rbd_dev->header.stripe_unit = stripe_unit;
4363         rbd_dev->header.stripe_count = stripe_count;
4364
4365         return 0;
4366 }
4367
4368 static char *rbd_dev_image_name(struct rbd_device *rbd_dev)
4369 {
4370         size_t image_id_size;
4371         char *image_id;
4372         void *p;
4373         void *end;
4374         size_t size;
4375         void *reply_buf = NULL;
4376         size_t len = 0;
4377         char *image_name = NULL;
4378         int ret;
4379
4380         rbd_assert(!rbd_dev->spec->image_name);
4381
4382         len = strlen(rbd_dev->spec->image_id);
4383         image_id_size = sizeof (__le32) + len;
4384         image_id = kmalloc(image_id_size, GFP_KERNEL);
4385         if (!image_id)
4386                 return NULL;
4387
4388         p = image_id;
4389         end = image_id + image_id_size;
4390         ceph_encode_string(&p, end, rbd_dev->spec->image_id, (u32)len);
4391
4392         size = sizeof (__le32) + RBD_IMAGE_NAME_LEN_MAX;
4393         reply_buf = kmalloc(size, GFP_KERNEL);
4394         if (!reply_buf)
4395                 goto out;
4396
4397         ret = rbd_obj_method_sync(rbd_dev, RBD_DIRECTORY,
4398                                 "rbd", "dir_get_name",
4399                                 image_id, image_id_size,
4400                                 reply_buf, size);
4401         if (ret < 0)
4402                 goto out;
4403         p = reply_buf;
4404         end = reply_buf + ret;
4405
4406         image_name = ceph_extract_encoded_string(&p, end, &len, GFP_KERNEL);
4407         if (IS_ERR(image_name))
4408                 image_name = NULL;
4409         else
4410                 dout("%s: name is %s len is %zd\n", __func__, image_name, len);
4411 out:
4412         kfree(reply_buf);
4413         kfree(image_id);
4414
4415         return image_name;
4416 }
4417
4418 static u64 rbd_v1_snap_id_by_name(struct rbd_device *rbd_dev, const char *name)
4419 {
4420         struct ceph_snap_context *snapc = rbd_dev->header.snapc;
4421         const char *snap_name;
4422         u32 which = 0;
4423
4424         /* Skip over names until we find the one we are looking for */
4425
4426         snap_name = rbd_dev->header.snap_names;
4427         while (which < snapc->num_snaps) {
4428                 if (!strcmp(name, snap_name))
4429                         return snapc->snaps[which];
4430                 snap_name += strlen(snap_name) + 1;
4431                 which++;
4432         }
4433         return CEPH_NOSNAP;
4434 }
4435
4436 static u64 rbd_v2_snap_id_by_name(struct rbd_device *rbd_dev, const char *name)
4437 {
4438         struct ceph_snap_context *snapc = rbd_dev->header.snapc;
4439         u32 which;
4440         bool found = false;
4441         u64 snap_id;
4442
4443         for (which = 0; !found && which < snapc->num_snaps; which++) {
4444                 const char *snap_name;
4445
4446                 snap_id = snapc->snaps[which];
4447                 snap_name = rbd_dev_v2_snap_name(rbd_dev, snap_id);
4448                 if (IS_ERR(snap_name)) {
4449                         /* ignore no-longer existing snapshots */
4450                         if (PTR_ERR(snap_name) == -ENOENT)
4451                                 continue;
4452                         else
4453                                 break;
4454                 }
4455                 found = !strcmp(name, snap_name);
4456                 kfree(snap_name);
4457         }
4458         return found ? snap_id : CEPH_NOSNAP;
4459 }
4460
4461 /*
4462  * Assumes name is never RBD_SNAP_HEAD_NAME; returns CEPH_NOSNAP if
4463  * no snapshot by that name is found, or if an error occurs.
4464  */
4465 static u64 rbd_snap_id_by_name(struct rbd_device *rbd_dev, const char *name)
4466 {
4467         if (rbd_dev->image_format == 1)
4468                 return rbd_v1_snap_id_by_name(rbd_dev, name);
4469
4470         return rbd_v2_snap_id_by_name(rbd_dev, name);
4471 }
4472
4473 /*
4474  * An image being mapped will have everything but the snap id.
4475  */
4476 static int rbd_spec_fill_snap_id(struct rbd_device *rbd_dev)
4477 {
4478         struct rbd_spec *spec = rbd_dev->spec;
4479
4480         rbd_assert(spec->pool_id != CEPH_NOPOOL && spec->pool_name);
4481         rbd_assert(spec->image_id && spec->image_name);
4482         rbd_assert(spec->snap_name);
4483
4484         if (strcmp(spec->snap_name, RBD_SNAP_HEAD_NAME)) {
4485                 u64 snap_id;
4486
4487                 snap_id = rbd_snap_id_by_name(rbd_dev, spec->snap_name);
4488                 if (snap_id == CEPH_NOSNAP)
4489                         return -ENOENT;
4490
4491                 spec->snap_id = snap_id;
4492         } else {
4493                 spec->snap_id = CEPH_NOSNAP;
4494         }
4495
4496         return 0;
4497 }
4498
4499 /*
4500  * A parent image will have all ids but none of the names.
4501  *
4502  * All names in an rbd spec are dynamically allocated.  It's OK if we
4503  * can't figure out the name for an image id.
4504  */
4505 static int rbd_spec_fill_names(struct rbd_device *rbd_dev)
4506 {
4507         struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
4508         struct rbd_spec *spec = rbd_dev->spec;
4509         const char *pool_name;
4510         const char *image_name;
4511         const char *snap_name;
4512         int ret;
4513
4514         rbd_assert(spec->pool_id != CEPH_NOPOOL);
4515         rbd_assert(spec->image_id);
4516         rbd_assert(spec->snap_id != CEPH_NOSNAP);
4517
4518         /* Get the pool name; we have to make our own copy of this */
4519
4520         pool_name = ceph_pg_pool_name_by_id(osdc->osdmap, spec->pool_id);
4521         if (!pool_name) {
4522                 rbd_warn(rbd_dev, "no pool with id %llu", spec->pool_id);
4523                 return -EIO;
4524         }
4525         pool_name = kstrdup(pool_name, GFP_KERNEL);
4526         if (!pool_name)
4527                 return -ENOMEM;
4528
4529         /* Fetch the image name; tolerate failure here */
4530
4531         image_name = rbd_dev_image_name(rbd_dev);
4532         if (!image_name)
4533                 rbd_warn(rbd_dev, "unable to get image name");
4534
4535         /* Fetch the snapshot name */
4536
4537         snap_name = rbd_snap_name(rbd_dev, spec->snap_id);
4538         if (IS_ERR(snap_name)) {
4539                 ret = PTR_ERR(snap_name);
4540                 goto out_err;
4541         }
4542
4543         spec->pool_name = pool_name;
4544         spec->image_name = image_name;
4545         spec->snap_name = snap_name;
4546
4547         return 0;
4548
4549 out_err:
4550         kfree(image_name);
4551         kfree(pool_name);
4552         return ret;
4553 }
4554
4555 static int rbd_dev_v2_snap_context(struct rbd_device *rbd_dev)
4556 {
4557         size_t size;
4558         int ret;
4559         void *reply_buf;
4560         void *p;
4561         void *end;
4562         u64 seq;
4563         u32 snap_count;
4564         struct ceph_snap_context *snapc;
4565         u32 i;
4566
4567         /*
4568          * We'll need room for the seq value (maximum snapshot id),
4569          * snapshot count, and array of that many snapshot ids.
4570          * For now we have a fixed upper limit on the number we're
4571          * prepared to receive.
4572          */
4573         size = sizeof (__le64) + sizeof (__le32) +
4574                         RBD_MAX_SNAP_COUNT * sizeof (__le64);
4575         reply_buf = kzalloc(size, GFP_KERNEL);
4576         if (!reply_buf)
4577                 return -ENOMEM;
4578
4579         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4580                                 "rbd", "get_snapcontext", NULL, 0,
4581                                 reply_buf, size);
4582         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4583         if (ret < 0)
4584                 goto out;
4585
4586         p = reply_buf;
4587         end = reply_buf + ret;
4588         ret = -ERANGE;
4589         ceph_decode_64_safe(&p, end, seq, out);
4590         ceph_decode_32_safe(&p, end, snap_count, out);
4591
4592         /*
4593          * Make sure the reported number of snapshot ids wouldn't go
4594          * beyond the end of our buffer.  But before checking that,
4595          * make sure the computed size of the snapshot context we
4596          * allocate is representable in a size_t.
4597          */
4598         if (snap_count > (SIZE_MAX - sizeof (struct ceph_snap_context))
4599                                  / sizeof (u64)) {
4600                 ret = -EINVAL;
4601                 goto out;
4602         }
4603         if (!ceph_has_room(&p, end, snap_count * sizeof (__le64)))
4604                 goto out;
4605         ret = 0;
4606
4607         snapc = ceph_create_snap_context(snap_count, GFP_KERNEL);
4608         if (!snapc) {
4609                 ret = -ENOMEM;
4610                 goto out;
4611         }
4612         snapc->seq = seq;
4613         for (i = 0; i < snap_count; i++)
4614                 snapc->snaps[i] = ceph_decode_64(&p);
4615
4616         ceph_put_snap_context(rbd_dev->header.snapc);
4617         rbd_dev->header.snapc = snapc;
4618
4619         dout("  snap context seq = %llu, snap_count = %u\n",
4620                 (unsigned long long)seq, (unsigned int)snap_count);
4621 out:
4622         kfree(reply_buf);
4623
4624         return ret;
4625 }
4626
4627 static const char *rbd_dev_v2_snap_name(struct rbd_device *rbd_dev,
4628                                         u64 snap_id)
4629 {
4630         size_t size;
4631         void *reply_buf;
4632         __le64 snapid;
4633         int ret;
4634         void *p;
4635         void *end;
4636         char *snap_name;
4637
4638         size = sizeof (__le32) + RBD_MAX_SNAP_NAME_LEN;
4639         reply_buf = kmalloc(size, GFP_KERNEL);
4640         if (!reply_buf)
4641                 return ERR_PTR(-ENOMEM);
4642
4643         snapid = cpu_to_le64(snap_id);
4644         ret = rbd_obj_method_sync(rbd_dev, rbd_dev->header_name,
4645                                 "rbd", "get_snapshot_name",
4646                                 &snapid, sizeof (snapid),
4647                                 reply_buf, size);
4648         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
4649         if (ret < 0) {
4650                 snap_name = ERR_PTR(ret);
4651                 goto out;
4652         }
4653
4654         p = reply_buf;
4655         end = reply_buf + ret;
4656         snap_name = ceph_extract_encoded_string(&p, end, NULL, GFP_KERNEL);
4657         if (IS_ERR(snap_name))
4658                 goto out;
4659
4660         dout("  snap_id 0x%016llx snap_name = %s\n",
4661                 (unsigned long long)snap_id, snap_name);
4662 out:
4663         kfree(reply_buf);
4664
4665         return snap_name;
4666 }
4667
4668 static int rbd_dev_v2_header_info(struct rbd_device *rbd_dev)
4669 {
4670         bool first_time = rbd_dev->header.object_prefix == NULL;
4671         int ret;
4672
4673         ret = rbd_dev_v2_image_size(rbd_dev);
4674         if (ret)
4675                 return ret;
4676
4677         if (first_time) {
4678                 ret = rbd_dev_v2_header_onetime(rbd_dev);
4679                 if (ret)
4680                         return ret;
4681         }
4682
4683         ret = rbd_dev_v2_snap_context(rbd_dev);
4684         if (ret && first_time) {
4685                 kfree(rbd_dev->header.object_prefix);
4686                 rbd_dev->header.object_prefix = NULL;
4687         }
4688
4689         return ret;
4690 }
4691
4692 static int rbd_dev_header_info(struct rbd_device *rbd_dev)
4693 {
4694         rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
4695
4696         if (rbd_dev->image_format == 1)
4697                 return rbd_dev_v1_header_info(rbd_dev);
4698
4699         return rbd_dev_v2_header_info(rbd_dev);
4700 }
4701
4702 static int rbd_bus_add_dev(struct rbd_device *rbd_dev)
4703 {
4704         struct device *dev;
4705         int ret;
4706
4707         dev = &rbd_dev->dev;
4708         dev->bus = &rbd_bus_type;
4709         dev->type = &rbd_device_type;
4710         dev->parent = &rbd_root_dev;
4711         dev->release = rbd_dev_device_release;
4712         dev_set_name(dev, "%d", rbd_dev->dev_id);
4713         ret = device_register(dev);
4714
4715         return ret;
4716 }
4717
4718 static void rbd_bus_del_dev(struct rbd_device *rbd_dev)
4719 {
4720         device_unregister(&rbd_dev->dev);
4721 }
4722
4723 /*
4724  * Get a unique rbd identifier for the given new rbd_dev, and add
4725  * the rbd_dev to the global list.
4726  */
4727 static int rbd_dev_id_get(struct rbd_device *rbd_dev)
4728 {
4729         int new_dev_id;
4730
4731         new_dev_id = ida_simple_get(&rbd_dev_id_ida,
4732                                     0, minor_to_rbd_dev_id(1 << MINORBITS),
4733                                     GFP_KERNEL);
4734         if (new_dev_id < 0)
4735                 return new_dev_id;
4736
4737         rbd_dev->dev_id = new_dev_id;
4738
4739         spin_lock(&rbd_dev_list_lock);
4740         list_add_tail(&rbd_dev->node, &rbd_dev_list);
4741         spin_unlock(&rbd_dev_list_lock);
4742
4743         dout("rbd_dev %p given dev id %d\n", rbd_dev, rbd_dev->dev_id);
4744
4745         return 0;
4746 }
4747
4748 /*
4749  * Remove an rbd_dev from the global list, and record that its
4750  * identifier is no longer in use.
4751  */
4752 static void rbd_dev_id_put(struct rbd_device *rbd_dev)
4753 {
4754         spin_lock(&rbd_dev_list_lock);
4755         list_del_init(&rbd_dev->node);
4756         spin_unlock(&rbd_dev_list_lock);
4757
4758         ida_simple_remove(&rbd_dev_id_ida, rbd_dev->dev_id);
4759
4760         dout("rbd_dev %p released dev id %d\n", rbd_dev, rbd_dev->dev_id);
4761 }
4762
4763 /*
4764  * Skips over white space at *buf, and updates *buf to point to the
4765  * first found non-space character (if any). Returns the length of
4766  * the token (string of non-white space characters) found.  Note
4767  * that *buf must be terminated with '\0'.
4768  */
4769 static inline size_t next_token(const char **buf)
4770 {
4771         /*
4772         * These are the characters that produce nonzero for
4773         * isspace() in the "C" and "POSIX" locales.
4774         */
4775         const char *spaces = " \f\n\r\t\v";
4776
4777         *buf += strspn(*buf, spaces);   /* Find start of token */
4778
4779         return strcspn(*buf, spaces);   /* Return token length */
4780 }
4781
4782 /*
4783  * Finds the next token in *buf, dynamically allocates a buffer big
4784  * enough to hold a copy of it, and copies the token into the new
4785  * buffer.  The copy is guaranteed to be terminated with '\0'.  Note
4786  * that a duplicate buffer is created even for a zero-length token.
4787  *
4788  * Returns a pointer to the newly-allocated duplicate, or a null
4789  * pointer if memory for the duplicate was not available.  If
4790  * the lenp argument is a non-null pointer, the length of the token
4791  * (not including the '\0') is returned in *lenp.
4792  *
4793  * If successful, the *buf pointer will be updated to point beyond
4794  * the end of the found token.
4795  *
4796  * Note: uses GFP_KERNEL for allocation.
4797  */
4798 static inline char *dup_token(const char **buf, size_t *lenp)
4799 {
4800         char *dup;
4801         size_t len;
4802
4803         len = next_token(buf);
4804         dup = kmemdup(*buf, len + 1, GFP_KERNEL);
4805         if (!dup)
4806                 return NULL;
4807         *(dup + len) = '\0';
4808         *buf += len;
4809
4810         if (lenp)
4811                 *lenp = len;
4812
4813         return dup;
4814 }
4815
4816 /*
4817  * Parse the options provided for an "rbd add" (i.e., rbd image
4818  * mapping) request.  These arrive via a write to /sys/bus/rbd/add,
4819  * and the data written is passed here via a NUL-terminated buffer.
4820  * Returns 0 if successful or an error code otherwise.
4821  *
4822  * The information extracted from these options is recorded in
4823  * the other parameters which return dynamically-allocated
4824  * structures:
4825  *  ceph_opts
4826  *      The address of a pointer that will refer to a ceph options
4827  *      structure.  Caller must release the returned pointer using
4828  *      ceph_destroy_options() when it is no longer needed.
4829  *  rbd_opts
4830  *      Address of an rbd options pointer.  Fully initialized by
4831  *      this function; caller must release with kfree().
4832  *  spec
4833  *      Address of an rbd image specification pointer.  Fully
4834  *      initialized by this function based on parsed options.
4835  *      Caller must release with rbd_spec_put().
4836  *
4837  * The options passed take this form:
4838  *  <mon_addrs> <options> <pool_name> <image_name> [<snap_id>]
4839  * where:
4840  *  <mon_addrs>
4841  *      A comma-separated list of one or more monitor addresses.
4842  *      A monitor address is an ip address, optionally followed
4843  *      by a port number (separated by a colon).
4844  *        I.e.:  ip1[:port1][,ip2[:port2]...]
4845  *  <options>
4846  *      A comma-separated list of ceph and/or rbd options.
4847  *  <pool_name>
4848  *      The name of the rados pool containing the rbd image.
4849  *  <image_name>
4850  *      The name of the image in that pool to map.
4851  *  <snap_id>
4852  *      An optional snapshot id.  If provided, the mapping will
4853  *      present data from the image at the time that snapshot was
4854  *      created.  The image head is used if no snapshot id is
4855  *      provided.  Snapshot mappings are always read-only.
4856  */
4857 static int rbd_add_parse_args(const char *buf,
4858                                 struct ceph_options **ceph_opts,
4859                                 struct rbd_options **opts,
4860                                 struct rbd_spec **rbd_spec)
4861 {
4862         size_t len;
4863         char *options;
4864         const char *mon_addrs;
4865         char *snap_name;
4866         size_t mon_addrs_size;
4867         struct rbd_spec *spec = NULL;
4868         struct rbd_options *rbd_opts = NULL;
4869         struct ceph_options *copts;
4870         int ret;
4871
4872         /* The first four tokens are required */
4873
4874         len = next_token(&buf);
4875         if (!len) {
4876                 rbd_warn(NULL, "no monitor address(es) provided");
4877                 return -EINVAL;
4878         }
4879         mon_addrs = buf;
4880         mon_addrs_size = len + 1;
4881         buf += len;
4882
4883         ret = -EINVAL;
4884         options = dup_token(&buf, NULL);
4885         if (!options)
4886                 return -ENOMEM;
4887         if (!*options) {
4888                 rbd_warn(NULL, "no options provided");
4889                 goto out_err;
4890         }
4891
4892         spec = rbd_spec_alloc();
4893         if (!spec)
4894                 goto out_mem;
4895
4896         spec->pool_name = dup_token(&buf, NULL);
4897         if (!spec->pool_name)
4898                 goto out_mem;
4899         if (!*spec->pool_name) {
4900                 rbd_warn(NULL, "no pool name provided");
4901                 goto out_err;
4902         }
4903
4904         spec->image_name = dup_token(&buf, NULL);
4905         if (!spec->image_name)
4906                 goto out_mem;
4907         if (!*spec->image_name) {
4908                 rbd_warn(NULL, "no image name provided");
4909                 goto out_err;
4910         }
4911
4912         /*
4913          * Snapshot name is optional; default is to use "-"
4914          * (indicating the head/no snapshot).
4915          */
4916         len = next_token(&buf);
4917         if (!len) {
4918                 buf = RBD_SNAP_HEAD_NAME; /* No snapshot supplied */
4919                 len = sizeof (RBD_SNAP_HEAD_NAME) - 1;
4920         } else if (len > RBD_MAX_SNAP_NAME_LEN) {
4921                 ret = -ENAMETOOLONG;
4922                 goto out_err;
4923         }
4924         snap_name = kmemdup(buf, len + 1, GFP_KERNEL);
4925         if (!snap_name)
4926                 goto out_mem;
4927         *(snap_name + len) = '\0';
4928         spec->snap_name = snap_name;
4929
4930         /* Initialize all rbd options to the defaults */
4931
4932         rbd_opts = kzalloc(sizeof (*rbd_opts), GFP_KERNEL);
4933         if (!rbd_opts)
4934                 goto out_mem;
4935
4936         rbd_opts->read_only = RBD_READ_ONLY_DEFAULT;
4937         rbd_opts->queue_depth = RBD_QUEUE_DEPTH_DEFAULT;
4938
4939         copts = ceph_parse_options(options, mon_addrs,
4940                                         mon_addrs + mon_addrs_size - 1,
4941                                         parse_rbd_opts_token, rbd_opts);
4942         if (IS_ERR(copts)) {
4943                 ret = PTR_ERR(copts);
4944                 goto out_err;
4945         }
4946         kfree(options);
4947
4948         *ceph_opts = copts;
4949         *opts = rbd_opts;
4950         *rbd_spec = spec;
4951
4952         return 0;
4953 out_mem:
4954         ret = -ENOMEM;
4955 out_err:
4956         kfree(rbd_opts);
4957         rbd_spec_put(spec);
4958         kfree(options);
4959
4960         return ret;
4961 }
4962
4963 /*
4964  * Return pool id (>= 0) or a negative error code.
4965  */
4966 static int rbd_add_get_pool_id(struct rbd_client *rbdc, const char *pool_name)
4967 {
4968         struct ceph_options *opts = rbdc->client->options;
4969         u64 newest_epoch;
4970         int tries = 0;
4971         int ret;
4972
4973 again:
4974         ret = ceph_pg_poolid_by_name(rbdc->client->osdc.osdmap, pool_name);
4975         if (ret == -ENOENT && tries++ < 1) {
4976                 ret = ceph_monc_do_get_version(&rbdc->client->monc, "osdmap",
4977                                                &newest_epoch);
4978                 if (ret < 0)
4979                         return ret;
4980
4981                 if (rbdc->client->osdc.osdmap->epoch < newest_epoch) {
4982                         ceph_monc_request_next_osdmap(&rbdc->client->monc);
4983                         (void) ceph_monc_wait_osdmap(&rbdc->client->monc,
4984                                                      newest_epoch,
4985                                                      opts->mount_timeout);
4986                         goto again;
4987                 } else {
4988                         /* the osdmap we have is new enough */
4989                         return -ENOENT;
4990                 }
4991         }
4992
4993         return ret;
4994 }
4995
4996 /*
4997  * An rbd format 2 image has a unique identifier, distinct from the
4998  * name given to it by the user.  Internally, that identifier is
4999  * what's used to specify the names of objects related to the image.
5000  *
5001  * A special "rbd id" object is used to map an rbd image name to its
5002  * id.  If that object doesn't exist, then there is no v2 rbd image
5003  * with the supplied name.
5004  *
5005  * This function will record the given rbd_dev's image_id field if
5006  * it can be determined, and in that case will return 0.  If any
5007  * errors occur a negative errno will be returned and the rbd_dev's
5008  * image_id field will be unchanged (and should be NULL).
5009  */
5010 static int rbd_dev_image_id(struct rbd_device *rbd_dev)
5011 {
5012         int ret;
5013         size_t size;
5014         char *object_name;
5015         void *response;
5016         char *image_id;
5017
5018         /*
5019          * When probing a parent image, the image id is already
5020          * known (and the image name likely is not).  There's no
5021          * need to fetch the image id again in this case.  We
5022          * do still need to set the image format though.
5023          */
5024         if (rbd_dev->spec->image_id) {
5025                 rbd_dev->image_format = *rbd_dev->spec->image_id ? 2 : 1;
5026
5027                 return 0;
5028         }
5029
5030         /*
5031          * First, see if the format 2 image id file exists, and if
5032          * so, get the image's persistent id from it.
5033          */
5034         size = sizeof (RBD_ID_PREFIX) + strlen(rbd_dev->spec->image_name);
5035         object_name = kmalloc(size, GFP_NOIO);
5036         if (!object_name)
5037                 return -ENOMEM;
5038         sprintf(object_name, "%s%s", RBD_ID_PREFIX, rbd_dev->spec->image_name);
5039         dout("rbd id object name is %s\n", object_name);
5040
5041         /* Response will be an encoded string, which includes a length */
5042
5043         size = sizeof (__le32) + RBD_IMAGE_ID_LEN_MAX;
5044         response = kzalloc(size, GFP_NOIO);
5045         if (!response) {
5046                 ret = -ENOMEM;
5047                 goto out;
5048         }
5049
5050         /* If it doesn't exist we'll assume it's a format 1 image */
5051
5052         ret = rbd_obj_method_sync(rbd_dev, object_name,
5053                                 "rbd", "get_id", NULL, 0,
5054                                 response, RBD_IMAGE_ID_LEN_MAX);
5055         dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
5056         if (ret == -ENOENT) {
5057                 image_id = kstrdup("", GFP_KERNEL);
5058                 ret = image_id ? 0 : -ENOMEM;
5059                 if (!ret)
5060                         rbd_dev->image_format = 1;
5061         } else if (ret >= 0) {
5062                 void *p = response;
5063
5064                 image_id = ceph_extract_encoded_string(&p, p + ret,
5065                                                 NULL, GFP_NOIO);
5066                 ret = PTR_ERR_OR_ZERO(image_id);
5067                 if (!ret)
5068                         rbd_dev->image_format = 2;
5069         }
5070
5071         if (!ret) {
5072                 rbd_dev->spec->image_id = image_id;
5073                 dout("image_id is %s\n", image_id);
5074         }
5075 out:
5076         kfree(response);
5077         kfree(object_name);
5078
5079         return ret;
5080 }
5081
5082 /*
5083  * Undo whatever state changes are made by v1 or v2 header info
5084  * call.
5085  */
5086 static void rbd_dev_unprobe(struct rbd_device *rbd_dev)
5087 {
5088         struct rbd_image_header *header;
5089
5090         rbd_dev_parent_put(rbd_dev);
5091
5092         /* Free dynamic fields from the header, then zero it out */
5093
5094         header = &rbd_dev->header;
5095         ceph_put_snap_context(header->snapc);
5096         kfree(header->snap_sizes);
5097         kfree(header->snap_names);
5098         kfree(header->object_prefix);
5099         memset(header, 0, sizeof (*header));
5100 }
5101
5102 static int rbd_dev_v2_header_onetime(struct rbd_device *rbd_dev)
5103 {
5104         int ret;
5105
5106         ret = rbd_dev_v2_object_prefix(rbd_dev);
5107         if (ret)
5108                 goto out_err;
5109
5110         /*
5111          * Get the and check features for the image.  Currently the
5112          * features are assumed to never change.
5113          */
5114         ret = rbd_dev_v2_features(rbd_dev);
5115         if (ret)
5116                 goto out_err;
5117
5118         /* If the image supports fancy striping, get its parameters */
5119
5120         if (rbd_dev->header.features & RBD_FEATURE_STRIPINGV2) {
5121                 ret = rbd_dev_v2_striping_info(rbd_dev);
5122                 if (ret < 0)
5123                         goto out_err;
5124         }
5125         /* No support for crypto and compression type format 2 images */
5126
5127         return 0;
5128 out_err:
5129         rbd_dev->header.features = 0;
5130         kfree(rbd_dev->header.object_prefix);
5131         rbd_dev->header.object_prefix = NULL;
5132
5133         return ret;
5134 }
5135
5136 /*
5137  * @depth is rbd_dev_image_probe() -> rbd_dev_probe_parent() ->
5138  * rbd_dev_image_probe() recursion depth, which means it's also the
5139  * length of the already discovered part of the parent chain.
5140  */
5141 static int rbd_dev_probe_parent(struct rbd_device *rbd_dev, int depth)
5142 {
5143         struct rbd_device *parent = NULL;
5144         int ret;
5145
5146         if (!rbd_dev->parent_spec)
5147                 return 0;
5148
5149         if (++depth > RBD_MAX_PARENT_CHAIN_LEN) {
5150                 pr_info("parent chain is too long (%d)\n", depth);
5151                 ret = -EINVAL;
5152                 goto out_err;
5153         }
5154
5155         parent = rbd_dev_create(rbd_dev->rbd_client, rbd_dev->parent_spec,
5156                                 NULL);
5157         if (!parent) {
5158                 ret = -ENOMEM;
5159                 goto out_err;
5160         }
5161
5162         /*
5163          * Images related by parent/child relationships always share
5164          * rbd_client and spec/parent_spec, so bump their refcounts.
5165          */
5166         __rbd_get_client(rbd_dev->rbd_client);
5167         rbd_spec_get(rbd_dev->parent_spec);
5168
5169         ret = rbd_dev_image_probe(parent, depth);
5170         if (ret < 0)
5171                 goto out_err;
5172
5173         rbd_dev->parent = parent;
5174         atomic_set(&rbd_dev->parent_ref, 1);
5175         return 0;
5176
5177 out_err:
5178         rbd_dev_unparent(rbd_dev);
5179         if (parent)
5180                 rbd_dev_destroy(parent);
5181         return ret;
5182 }
5183
5184 static int rbd_dev_device_setup(struct rbd_device *rbd_dev)
5185 {
5186         int ret;
5187
5188         /* Get an id and fill in device name. */
5189
5190         ret = rbd_dev_id_get(rbd_dev);
5191         if (ret)
5192                 return ret;
5193
5194         BUILD_BUG_ON(DEV_NAME_LEN
5195                         < sizeof (RBD_DRV_NAME) + MAX_INT_FORMAT_WIDTH);
5196         sprintf(rbd_dev->name, "%s%d", RBD_DRV_NAME, rbd_dev->dev_id);
5197
5198         /* Record our major and minor device numbers. */
5199
5200         if (!single_major) {
5201                 ret = register_blkdev(0, rbd_dev->name);
5202                 if (ret < 0)
5203                         goto err_out_id;
5204
5205                 rbd_dev->major = ret;
5206                 rbd_dev->minor = 0;
5207         } else {
5208                 rbd_dev->major = rbd_major;
5209                 rbd_dev->minor = rbd_dev_id_to_minor(rbd_dev->dev_id);
5210         }
5211
5212         /* Set up the blkdev mapping. */
5213
5214         ret = rbd_init_disk(rbd_dev);
5215         if (ret)
5216                 goto err_out_blkdev;
5217
5218         ret = rbd_dev_mapping_set(rbd_dev);
5219         if (ret)
5220                 goto err_out_disk;
5221
5222         set_capacity(rbd_dev->disk, rbd_dev->mapping.size / SECTOR_SIZE);
5223         set_disk_ro(rbd_dev->disk, rbd_dev->mapping.read_only);
5224
5225         ret = rbd_bus_add_dev(rbd_dev);
5226         if (ret)
5227                 goto err_out_mapping;
5228
5229         /* Everything's ready.  Announce the disk to the world. */
5230
5231         set_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags);
5232         add_disk(rbd_dev->disk);
5233
5234         pr_info("%s: added with size 0x%llx\n", rbd_dev->disk->disk_name,
5235                 (unsigned long long) rbd_dev->mapping.size);
5236
5237         return ret;
5238
5239 err_out_mapping:
5240         rbd_dev_mapping_clear(rbd_dev);
5241 err_out_disk:
5242         rbd_free_disk(rbd_dev);
5243 err_out_blkdev:
5244         if (!single_major)
5245                 unregister_blkdev(rbd_dev->major, rbd_dev->name);
5246 err_out_id:
5247         rbd_dev_id_put(rbd_dev);
5248         rbd_dev_mapping_clear(rbd_dev);
5249
5250         return ret;
5251 }
5252
5253 static int rbd_dev_header_name(struct rbd_device *rbd_dev)
5254 {
5255         struct rbd_spec *spec = rbd_dev->spec;
5256         size_t size;
5257
5258         /* Record the header object name for this rbd image. */
5259
5260         rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
5261
5262         if (rbd_dev->image_format == 1)
5263                 size = strlen(spec->image_name) + sizeof (RBD_SUFFIX);
5264         else
5265                 size = sizeof (RBD_HEADER_PREFIX) + strlen(spec->image_id);
5266
5267         rbd_dev->header_name = kmalloc(size, GFP_KERNEL);
5268         if (!rbd_dev->header_name)
5269                 return -ENOMEM;
5270
5271         if (rbd_dev->image_format == 1)
5272                 sprintf(rbd_dev->header_name, "%s%s",
5273                         spec->image_name, RBD_SUFFIX);
5274         else
5275                 sprintf(rbd_dev->header_name, "%s%s",
5276                         RBD_HEADER_PREFIX, spec->image_id);
5277         return 0;
5278 }
5279
5280 static void rbd_dev_image_release(struct rbd_device *rbd_dev)
5281 {
5282         rbd_dev_unprobe(rbd_dev);
5283         kfree(rbd_dev->header_name);
5284         rbd_dev->header_name = NULL;
5285         rbd_dev->image_format = 0;
5286         kfree(rbd_dev->spec->image_id);
5287         rbd_dev->spec->image_id = NULL;
5288
5289         rbd_dev_destroy(rbd_dev);
5290 }
5291
5292 /*
5293  * Probe for the existence of the header object for the given rbd
5294  * device.  If this image is the one being mapped (i.e., not a
5295  * parent), initiate a watch on its header object before using that
5296  * object to get detailed information about the rbd image.
5297  */
5298 static int rbd_dev_image_probe(struct rbd_device *rbd_dev, int depth)
5299 {
5300         int ret;
5301
5302         /*
5303          * Get the id from the image id object.  Unless there's an
5304          * error, rbd_dev->spec->image_id will be filled in with
5305          * a dynamically-allocated string, and rbd_dev->image_format
5306          * will be set to either 1 or 2.
5307          */
5308         ret = rbd_dev_image_id(rbd_dev);
5309         if (ret)
5310                 return ret;
5311
5312         ret = rbd_dev_header_name(rbd_dev);
5313         if (ret)
5314                 goto err_out_format;
5315
5316         if (!depth) {
5317                 ret = rbd_dev_header_watch_sync(rbd_dev);
5318                 if (ret) {
5319                         if (ret == -ENOENT)
5320                                 pr_info("image %s/%s does not exist\n",
5321                                         rbd_dev->spec->pool_name,
5322                                         rbd_dev->spec->image_name);
5323                         goto out_header_name;
5324                 }
5325         }
5326
5327         ret = rbd_dev_header_info(rbd_dev);
5328         if (ret)
5329                 goto err_out_watch;
5330
5331         /*
5332          * If this image is the one being mapped, we have pool name and
5333          * id, image name and id, and snap name - need to fill snap id.
5334          * Otherwise this is a parent image, identified by pool, image
5335          * and snap ids - need to fill in names for those ids.
5336          */
5337         if (!depth)
5338                 ret = rbd_spec_fill_snap_id(rbd_dev);
5339         else
5340                 ret = rbd_spec_fill_names(rbd_dev);
5341         if (ret) {
5342                 if (ret == -ENOENT)
5343                         pr_info("snap %s/%s@%s does not exist\n",
5344                                 rbd_dev->spec->pool_name,
5345                                 rbd_dev->spec->image_name,
5346                                 rbd_dev->spec->snap_name);
5347                 goto err_out_probe;
5348         }
5349
5350         if (rbd_dev->header.features & RBD_FEATURE_LAYERING) {
5351                 ret = rbd_dev_v2_parent_info(rbd_dev);
5352                 if (ret)
5353                         goto err_out_probe;
5354
5355                 /*
5356                  * Need to warn users if this image is the one being
5357                  * mapped and has a parent.
5358                  */
5359                 if (!depth && rbd_dev->parent_spec)
5360                         rbd_warn(rbd_dev,
5361                                  "WARNING: kernel layering is EXPERIMENTAL!");
5362         }
5363
5364         ret = rbd_dev_probe_parent(rbd_dev, depth);
5365         if (ret)
5366                 goto err_out_probe;
5367
5368         dout("discovered format %u image, header name is %s\n",
5369                 rbd_dev->image_format, rbd_dev->header_name);
5370         return 0;
5371
5372 err_out_probe:
5373         rbd_dev_unprobe(rbd_dev);
5374 err_out_watch:
5375         if (!depth)
5376                 rbd_dev_header_unwatch_sync(rbd_dev);
5377 out_header_name:
5378         kfree(rbd_dev->header_name);
5379         rbd_dev->header_name = NULL;
5380 err_out_format:
5381         rbd_dev->image_format = 0;
5382         kfree(rbd_dev->spec->image_id);
5383         rbd_dev->spec->image_id = NULL;
5384         return ret;
5385 }
5386
5387 static ssize_t do_rbd_add(struct bus_type *bus,
5388                           const char *buf,
5389                           size_t count)
5390 {
5391         struct rbd_device *rbd_dev = NULL;
5392         struct ceph_options *ceph_opts = NULL;
5393         struct rbd_options *rbd_opts = NULL;
5394         struct rbd_spec *spec = NULL;
5395         struct rbd_client *rbdc;
5396         bool read_only;
5397         int rc = -ENOMEM;
5398
5399         if (!try_module_get(THIS_MODULE))
5400                 return -ENODEV;
5401
5402         /* parse add command */
5403         rc = rbd_add_parse_args(buf, &ceph_opts, &rbd_opts, &spec);
5404         if (rc < 0)
5405                 goto err_out_module;
5406
5407         rbdc = rbd_get_client(ceph_opts);
5408         if (IS_ERR(rbdc)) {
5409                 rc = PTR_ERR(rbdc);
5410                 goto err_out_args;
5411         }
5412
5413         /* pick the pool */
5414         rc = rbd_add_get_pool_id(rbdc, spec->pool_name);
5415         if (rc < 0) {
5416                 if (rc == -ENOENT)
5417                         pr_info("pool %s does not exist\n", spec->pool_name);
5418                 goto err_out_client;
5419         }
5420         spec->pool_id = (u64)rc;
5421
5422         /* The ceph file layout needs to fit pool id in 32 bits */
5423
5424         if (spec->pool_id > (u64)U32_MAX) {
5425                 rbd_warn(NULL, "pool id too large (%llu > %u)",
5426                                 (unsigned long long)spec->pool_id, U32_MAX);
5427                 rc = -EIO;
5428                 goto err_out_client;
5429         }
5430
5431         rbd_dev = rbd_dev_create(rbdc, spec, rbd_opts);
5432         if (!rbd_dev)
5433                 goto err_out_client;
5434         rbdc = NULL;            /* rbd_dev now owns this */
5435         spec = NULL;            /* rbd_dev now owns this */
5436         rbd_opts = NULL;        /* rbd_dev now owns this */
5437
5438         rc = rbd_dev_image_probe(rbd_dev, 0);
5439         if (rc < 0)
5440                 goto err_out_rbd_dev;
5441
5442         /* If we are mapping a snapshot it must be marked read-only */
5443
5444         read_only = rbd_dev->opts->read_only;
5445         if (rbd_dev->spec->snap_id != CEPH_NOSNAP)
5446                 read_only = true;
5447         rbd_dev->mapping.read_only = read_only;
5448
5449         rc = rbd_dev_device_setup(rbd_dev);
5450         if (rc) {
5451                 /*
5452                  * rbd_dev_header_unwatch_sync() can't be moved into
5453                  * rbd_dev_image_release() without refactoring, see
5454                  * commit 1f3ef78861ac.
5455                  */
5456                 rbd_dev_header_unwatch_sync(rbd_dev);
5457                 rbd_dev_image_release(rbd_dev);
5458                 goto err_out_module;
5459         }
5460
5461         return count;
5462
5463 err_out_rbd_dev:
5464         rbd_dev_destroy(rbd_dev);
5465 err_out_client:
5466         rbd_put_client(rbdc);
5467 err_out_args:
5468         rbd_spec_put(spec);
5469         kfree(rbd_opts);
5470 err_out_module:
5471         module_put(THIS_MODULE);
5472
5473         dout("Error adding device %s\n", buf);
5474
5475         return (ssize_t)rc;
5476 }
5477
5478 static ssize_t rbd_add(struct bus_type *bus,
5479                        const char *buf,
5480                        size_t count)
5481 {
5482         if (single_major)
5483                 return -EINVAL;
5484
5485         return do_rbd_add(bus, buf, count);
5486 }
5487
5488 static ssize_t rbd_add_single_major(struct bus_type *bus,
5489                                     const char *buf,
5490                                     size_t count)
5491 {
5492         return do_rbd_add(bus, buf, count);
5493 }
5494
5495 static void rbd_dev_device_release(struct device *dev)
5496 {
5497         struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5498
5499         rbd_free_disk(rbd_dev);
5500         clear_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags);
5501         rbd_dev_mapping_clear(rbd_dev);
5502         if (!single_major)
5503                 unregister_blkdev(rbd_dev->major, rbd_dev->name);
5504         rbd_dev_id_put(rbd_dev);
5505         rbd_dev_mapping_clear(rbd_dev);
5506 }
5507
5508 static void rbd_dev_remove_parent(struct rbd_device *rbd_dev)
5509 {
5510         while (rbd_dev->parent) {
5511                 struct rbd_device *first = rbd_dev;
5512                 struct rbd_device *second = first->parent;
5513                 struct rbd_device *third;
5514
5515                 /*
5516                  * Follow to the parent with no grandparent and
5517                  * remove it.
5518                  */
5519                 while (second && (third = second->parent)) {
5520                         first = second;
5521                         second = third;
5522                 }
5523                 rbd_assert(second);
5524                 rbd_dev_image_release(second);
5525                 first->parent = NULL;
5526                 first->parent_overlap = 0;
5527
5528                 rbd_assert(first->parent_spec);
5529                 rbd_spec_put(first->parent_spec);
5530                 first->parent_spec = NULL;
5531         }
5532 }
5533
5534 static ssize_t do_rbd_remove(struct bus_type *bus,
5535                              const char *buf,
5536                              size_t count)
5537 {
5538         struct rbd_device *rbd_dev = NULL;
5539         struct list_head *tmp;
5540         int dev_id;
5541         unsigned long ul;
5542         bool already = false;
5543         int ret;
5544
5545         ret = kstrtoul(buf, 10, &ul);
5546         if (ret)
5547                 return ret;
5548
5549         /* convert to int; abort if we lost anything in the conversion */
5550         dev_id = (int)ul;
5551         if (dev_id != ul)
5552                 return -EINVAL;
5553
5554         ret = -ENOENT;
5555         spin_lock(&rbd_dev_list_lock);
5556         list_for_each(tmp, &rbd_dev_list) {
5557                 rbd_dev = list_entry(tmp, struct rbd_device, node);
5558                 if (rbd_dev->dev_id == dev_id) {
5559                         ret = 0;
5560                         break;
5561                 }
5562         }
5563         if (!ret) {
5564                 spin_lock_irq(&rbd_dev->lock);
5565                 if (rbd_dev->open_count)
5566                         ret = -EBUSY;
5567                 else
5568                         already = test_and_set_bit(RBD_DEV_FLAG_REMOVING,
5569                                                         &rbd_dev->flags);
5570                 spin_unlock_irq(&rbd_dev->lock);
5571         }
5572         spin_unlock(&rbd_dev_list_lock);
5573         if (ret < 0 || already)
5574                 return ret;
5575
5576         rbd_dev_header_unwatch_sync(rbd_dev);
5577         /*
5578          * flush remaining watch callbacks - these must be complete
5579          * before the osd_client is shutdown
5580          */
5581         dout("%s: flushing notifies", __func__);
5582         ceph_osdc_flush_notifies(&rbd_dev->rbd_client->client->osdc);
5583
5584         /*
5585          * Don't free anything from rbd_dev->disk until after all
5586          * notifies are completely processed. Otherwise
5587          * rbd_bus_del_dev() will race with rbd_watch_cb(), resulting
5588          * in a potential use after free of rbd_dev->disk or rbd_dev.
5589          */
5590         rbd_bus_del_dev(rbd_dev);
5591         rbd_dev_image_release(rbd_dev);
5592         module_put(THIS_MODULE);
5593
5594         return count;
5595 }
5596
5597 static ssize_t rbd_remove(struct bus_type *bus,
5598                           const char *buf,
5599                           size_t count)
5600 {
5601         if (single_major)
5602                 return -EINVAL;
5603
5604         return do_rbd_remove(bus, buf, count);
5605 }
5606
5607 static ssize_t rbd_remove_single_major(struct bus_type *bus,
5608                                        const char *buf,
5609                                        size_t count)
5610 {
5611         return do_rbd_remove(bus, buf, count);
5612 }
5613
5614 /*
5615  * create control files in sysfs
5616  * /sys/bus/rbd/...
5617  */
5618 static int rbd_sysfs_init(void)
5619 {
5620         int ret;
5621
5622         ret = device_register(&rbd_root_dev);
5623         if (ret < 0)
5624                 return ret;
5625
5626         ret = bus_register(&rbd_bus_type);
5627         if (ret < 0)
5628                 device_unregister(&rbd_root_dev);
5629
5630         return ret;
5631 }
5632
5633 static void rbd_sysfs_cleanup(void)
5634 {
5635         bus_unregister(&rbd_bus_type);
5636         device_unregister(&rbd_root_dev);
5637 }
5638
5639 static int rbd_slab_init(void)
5640 {
5641         rbd_assert(!rbd_img_request_cache);
5642         rbd_img_request_cache = kmem_cache_create("rbd_img_request",
5643                                         sizeof (struct rbd_img_request),
5644                                         __alignof__(struct rbd_img_request),
5645                                         0, NULL);
5646         if (!rbd_img_request_cache)
5647                 return -ENOMEM;
5648
5649         rbd_assert(!rbd_obj_request_cache);
5650         rbd_obj_request_cache = kmem_cache_create("rbd_obj_request",
5651                                         sizeof (struct rbd_obj_request),
5652                                         __alignof__(struct rbd_obj_request),
5653                                         0, NULL);
5654         if (!rbd_obj_request_cache)
5655                 goto out_err;
5656
5657         rbd_assert(!rbd_segment_name_cache);
5658         rbd_segment_name_cache = kmem_cache_create("rbd_segment_name",
5659                                         CEPH_MAX_OID_NAME_LEN + 1, 1, 0, NULL);
5660         if (rbd_segment_name_cache)
5661                 return 0;
5662 out_err:
5663         if (rbd_obj_request_cache) {
5664                 kmem_cache_destroy(rbd_obj_request_cache);
5665                 rbd_obj_request_cache = NULL;
5666         }
5667
5668         kmem_cache_destroy(rbd_img_request_cache);
5669         rbd_img_request_cache = NULL;
5670
5671         return -ENOMEM;
5672 }
5673
5674 static void rbd_slab_exit(void)
5675 {
5676         rbd_assert(rbd_segment_name_cache);
5677         kmem_cache_destroy(rbd_segment_name_cache);
5678         rbd_segment_name_cache = NULL;
5679
5680         rbd_assert(rbd_obj_request_cache);
5681         kmem_cache_destroy(rbd_obj_request_cache);
5682         rbd_obj_request_cache = NULL;
5683
5684         rbd_assert(rbd_img_request_cache);
5685         kmem_cache_destroy(rbd_img_request_cache);
5686         rbd_img_request_cache = NULL;
5687 }
5688
5689 static int __init rbd_init(void)
5690 {
5691         int rc;
5692
5693         if (!libceph_compatible(NULL)) {
5694                 rbd_warn(NULL, "libceph incompatibility (quitting)");
5695                 return -EINVAL;
5696         }
5697
5698         rc = rbd_slab_init();
5699         if (rc)
5700                 return rc;
5701
5702         /*
5703          * The number of active work items is limited by the number of
5704          * rbd devices * queue depth, so leave @max_active at default.
5705          */
5706         rbd_wq = alloc_workqueue(RBD_DRV_NAME, WQ_MEM_RECLAIM, 0);
5707         if (!rbd_wq) {
5708                 rc = -ENOMEM;
5709                 goto err_out_slab;
5710         }
5711
5712         if (single_major) {
5713                 rbd_major = register_blkdev(0, RBD_DRV_NAME);
5714                 if (rbd_major < 0) {
5715                         rc = rbd_major;
5716                         goto err_out_wq;
5717                 }
5718         }
5719
5720         rc = rbd_sysfs_init();
5721         if (rc)
5722                 goto err_out_blkdev;
5723
5724         if (single_major)
5725                 pr_info("loaded (major %d)\n", rbd_major);
5726         else
5727                 pr_info("loaded\n");
5728
5729         return 0;
5730
5731 err_out_blkdev:
5732         if (single_major)
5733                 unregister_blkdev(rbd_major, RBD_DRV_NAME);
5734 err_out_wq:
5735         destroy_workqueue(rbd_wq);
5736 err_out_slab:
5737         rbd_slab_exit();
5738         return rc;
5739 }
5740
5741 static void __exit rbd_exit(void)
5742 {
5743         ida_destroy(&rbd_dev_id_ida);
5744         rbd_sysfs_cleanup();
5745         if (single_major)
5746                 unregister_blkdev(rbd_major, RBD_DRV_NAME);
5747         destroy_workqueue(rbd_wq);
5748         rbd_slab_exit();
5749 }
5750
5751 module_init(rbd_init);
5752 module_exit(rbd_exit);
5753
5754 MODULE_AUTHOR("Alex Elder <elder@inktank.com>");
5755 MODULE_AUTHOR("Sage Weil <sage@newdream.net>");
5756 MODULE_AUTHOR("Yehuda Sadeh <yehuda@hq.newdream.net>");
5757 /* following authorship retained from original osdblk.c */
5758 MODULE_AUTHOR("Jeff Garzik <jeff@garzik.org>");
5759
5760 MODULE_DESCRIPTION("RADOS Block Device (RBD) driver");
5761 MODULE_LICENSE("GPL");
Linux kernel for KaRo TX COM modules