1 /*- 2 * Copyright (c) 2002 Poul-Henning Kamp 3 * Copyright (c) 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp 7 * and NAI Labs, the Security Research Division of Network Associates, Inc. 8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the 9 * DARPA CHATS research program. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. The names of the authors may not be used to endorse or promote 20 * products derived from this software without specific prior written 21 * permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 __FBSDID("$FreeBSD$"); 38 39 #include <sys/param.h> 40 #include <sys/systm.h> 41 #include <sys/malloc.h> 42 #include <sys/kernel.h> 43 #include <sys/conf.h> 44 #include <sys/bio.h> 45 #include <sys/lock.h> 46 #include <sys/mutex.h> 47 #include <sys/proc.h> 48 #include <sys/errno.h> 49 #include <sys/time.h> 50 #include <sys/disk.h> 51 #include <sys/fcntl.h> 52 #include <sys/limits.h> 53 #include <geom/geom.h> 54 #include <geom/geom_int.h> 55 56 static d_open_t g_dev_open; 57 static d_close_t g_dev_close; 58 static d_strategy_t g_dev_strategy; 59 static d_ioctl_t g_dev_ioctl; 60 61 static struct cdevsw g_dev_cdevsw = { 62 .d_version = D_VERSION, 63 .d_open = g_dev_open, 64 .d_close = g_dev_close, 65 .d_read = physread, 66 .d_write = physwrite, 67 .d_ioctl = g_dev_ioctl, 68 .d_strategy = g_dev_strategy, 69 .d_name = "g_dev", 70 .d_flags = D_DISK | D_TRACKCLOSE, 71 }; 72 73 static g_taste_t g_dev_taste; 74 static g_orphan_t g_dev_orphan; 75 76 static struct g_class g_dev_class = { 77 .name = "DEV", 78 .version = G_VERSION, 79 .taste = g_dev_taste, 80 .orphan = g_dev_orphan, 81 }; 82 83 void 84 g_dev_print(void) 85 { 86 struct g_geom *gp; 87 char const *p = ""; 88 89 LIST_FOREACH(gp, &g_dev_class.geom, geom) { 90 printf("%s%s", p, gp->name); 91 p = " "; 92 } 93 printf("\n"); 94 } 95 96 struct g_provider * 97 g_dev_getprovider(struct cdev *dev) 98 { 99 struct g_consumer *cp; 100 101 g_topology_assert(); 102 if (dev == NULL) 103 return (NULL); 104 if (dev->si_devsw != &g_dev_cdevsw) 105 return (NULL); 106 cp = dev->si_drv2; 107 return (cp->provider); 108 } 109 110 111 static struct g_geom * 112 g_dev_taste(struct g_class *mp, struct g_provider *pp, int insist __unused) 113 { 114 struct g_geom *gp; 115 struct g_consumer *cp; 116 int error; 117 struct cdev *dev; 118 119 g_trace(G_T_TOPOLOGY, "dev_taste(%s,%s)", mp->name, pp->name); 120 g_topology_assert(); 121 LIST_FOREACH(cp, &pp->consumers, consumers) 122 if (cp->geom->class == mp) 123 return (NULL); 124 gp = g_new_geomf(mp, pp->name); 125 cp = g_new_consumer(gp); 126 error = g_attach(cp, pp); 127 KASSERT(error == 0, 128 ("g_dev_taste(%s) failed to g_attach, err=%d", pp->name, error)); 129 error = make_dev_p(MAKEDEV_CHECKNAME | MAKEDEV_WAITOK, &dev, 130 &g_dev_cdevsw, NULL, UID_ROOT, GID_OPERATOR, 0640, "%s", gp->name); 131 if (error != 0) { 132 printf("%s: make_dev_p() failed (gp->name=%s, error=%d)\n", 133 __func__, gp->name, error); 134 g_detach(cp); 135 g_destroy_consumer(cp); 136 g_destroy_geom(gp); 137 return (NULL); 138 } 139 if (pp->flags & G_PF_CANDELETE) 140 dev->si_flags |= SI_CANDELETE; 141 dev->si_iosize_max = MAXPHYS; 142 gp->softc = dev; 143 dev->si_drv1 = gp; 144 dev->si_drv2 = cp; 145 return (gp); 146 } 147 148 static int 149 g_dev_open(struct cdev *dev, int flags, int fmt, struct thread *td) 150 { 151 struct g_geom *gp; 152 struct g_consumer *cp; 153 int error, r, w, e; 154 155 gp = dev->si_drv1; 156 cp = dev->si_drv2; 157 if (gp == NULL || cp == NULL || gp->softc != dev) 158 return(ENXIO); /* g_dev_taste() not done yet */ 159 160 g_trace(G_T_ACCESS, "g_dev_open(%s, %d, %d, %p)", 161 gp->name, flags, fmt, td); 162 163 r = flags & FREAD ? 1 : 0; 164 w = flags & FWRITE ? 1 : 0; 165 #ifdef notyet 166 e = flags & O_EXCL ? 1 : 0; 167 #else 168 e = 0; 169 #endif 170 if (w) { 171 /* 172 * When running in very secure mode, do not allow 173 * opens for writing of any disks. 174 */ 175 error = securelevel_ge(td->td_ucred, 2); 176 if (error) 177 return (error); 178 } 179 g_topology_lock(); 180 if (dev->si_devsw == NULL) 181 error = ENXIO; /* We were orphaned */ 182 else 183 error = g_access(cp, r, w, e); 184 g_topology_unlock(); 185 return(error); 186 } 187 188 static int 189 g_dev_close(struct cdev *dev, int flags, int fmt, struct thread *td) 190 { 191 struct g_geom *gp; 192 struct g_consumer *cp; 193 int error, r, w, e, i; 194 195 gp = dev->si_drv1; 196 cp = dev->si_drv2; 197 if (gp == NULL || cp == NULL) 198 return(ENXIO); 199 g_trace(G_T_ACCESS, "g_dev_close(%s, %d, %d, %p)", 200 gp->name, flags, fmt, td); 201 r = flags & FREAD ? -1 : 0; 202 w = flags & FWRITE ? -1 : 0; 203 #ifdef notyet 204 e = flags & O_EXCL ? -1 : 0; 205 #else 206 e = 0; 207 #endif 208 g_topology_lock(); 209 if (dev->si_devsw == NULL) 210 error = ENXIO; /* We were orphaned */ 211 else 212 error = g_access(cp, r, w, e); 213 for (i = 0; i < 10 * hz;) { 214 if (cp->acr != 0 || cp->acw != 0) 215 break; 216 if (cp->nstart == cp->nend) 217 break; 218 pause("gdevwclose", hz / 10); 219 i += hz / 10; 220 } 221 if (cp->acr == 0 && cp->acw == 0 && cp->nstart != cp->nend) { 222 printf("WARNING: Final close of geom_dev(%s) %s %s\n", 223 gp->name, 224 "still has outstanding I/O after 10 seconds.", 225 "Completing close anyway, panic may happen later."); 226 } 227 g_topology_unlock(); 228 return (error); 229 } 230 231 /* 232 * XXX: Until we have unmessed the ioctl situation, there is a race against 233 * XXX: a concurrent orphanization. We cannot close it by holding topology 234 * XXX: since that would prevent us from doing our job, and stalling events 235 * XXX: will break (actually: stall) the BSD disklabel hacks. 236 */ 237 static int 238 g_dev_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int fflag, struct thread *td) 239 { 240 struct g_geom *gp; 241 struct g_consumer *cp; 242 struct g_provider *pp; 243 struct g_kerneldump kd; 244 off_t offset, length, chunk; 245 int i, error; 246 u_int u; 247 248 gp = dev->si_drv1; 249 cp = dev->si_drv2; 250 pp = cp->provider; 251 252 error = 0; 253 KASSERT(cp->acr || cp->acw, 254 ("Consumer with zero access count in g_dev_ioctl")); 255 256 i = IOCPARM_LEN(cmd); 257 switch (cmd) { 258 case DIOCGSECTORSIZE: 259 *(u_int *)data = cp->provider->sectorsize; 260 if (*(u_int *)data == 0) 261 error = ENOENT; 262 break; 263 case DIOCGMEDIASIZE: 264 *(off_t *)data = cp->provider->mediasize; 265 if (*(off_t *)data == 0) 266 error = ENOENT; 267 break; 268 case DIOCGFWSECTORS: 269 error = g_io_getattr("GEOM::fwsectors", cp, &i, data); 270 if (error == 0 && *(u_int *)data == 0) 271 error = ENOENT; 272 break; 273 case DIOCGFWHEADS: 274 error = g_io_getattr("GEOM::fwheads", cp, &i, data); 275 if (error == 0 && *(u_int *)data == 0) 276 error = ENOENT; 277 break; 278 case DIOCGFRONTSTUFF: 279 error = g_io_getattr("GEOM::frontstuff", cp, &i, data); 280 break; 281 case DIOCSKERNELDUMP: 282 u = *((u_int *)data); 283 if (!u) { 284 set_dumper(NULL); 285 error = 0; 286 break; 287 } 288 kd.offset = 0; 289 kd.length = OFF_MAX; 290 i = sizeof kd; 291 error = g_io_getattr("GEOM::kerneldump", cp, &i, &kd); 292 if (!error) 293 dev->si_flags |= SI_DUMPDEV; 294 break; 295 case DIOCGFLUSH: 296 error = g_io_flush(cp); 297 break; 298 case DIOCGDELETE: 299 offset = ((off_t *)data)[0]; 300 length = ((off_t *)data)[1]; 301 if ((offset % cp->provider->sectorsize) != 0 || 302 (length % cp->provider->sectorsize) != 0 || length <= 0) { 303 printf("%s: offset=%jd length=%jd\n", __func__, offset, 304 length); 305 error = EINVAL; 306 break; 307 } 308 while (length > 0) { 309 chunk = length; 310 if (chunk > 65536 * cp->provider->sectorsize) 311 chunk = 65536 * cp->provider->sectorsize; 312 error = g_delete_data(cp, offset, chunk); 313 length -= chunk; 314 offset += chunk; 315 if (error) 316 break; 317 /* 318 * Since the request size is unbounded, the service 319 * time is likewise. We make this ioctl interruptible 320 * by checking for signals for each bio. 321 */ 322 if (SIGPENDING(td)) 323 break; 324 } 325 break; 326 case DIOCGIDENT: 327 error = g_io_getattr("GEOM::ident", cp, &i, data); 328 break; 329 case DIOCGPROVIDERNAME: 330 if (pp == NULL) 331 return (ENOENT); 332 strlcpy(data, pp->name, i); 333 break; 334 case DIOCGSTRIPESIZE: 335 *(off_t *)data = cp->provider->stripesize; 336 break; 337 case DIOCGSTRIPEOFFSET: 338 *(off_t *)data = cp->provider->stripeoffset; 339 break; 340 default: 341 if (cp->provider->geom->ioctl != NULL) { 342 error = cp->provider->geom->ioctl(cp->provider, cmd, data, fflag, td); 343 } else { 344 error = ENOIOCTL; 345 } 346 } 347 348 return (error); 349 } 350 351 static void 352 g_dev_done(struct bio *bp2) 353 { 354 struct bio *bp; 355 356 bp = bp2->bio_parent; 357 bp->bio_error = bp2->bio_error; 358 if (bp->bio_error != 0) { 359 g_trace(G_T_BIO, "g_dev_done(%p) had error %d", 360 bp2, bp->bio_error); 361 bp->bio_flags |= BIO_ERROR; 362 } else { 363 g_trace(G_T_BIO, "g_dev_done(%p/%p) resid %ld completed %jd", 364 bp2, bp, bp->bio_resid, (intmax_t)bp2->bio_completed); 365 } 366 bp->bio_resid = bp->bio_length - bp2->bio_completed; 367 bp->bio_completed = bp2->bio_completed; 368 g_destroy_bio(bp2); 369 biodone(bp); 370 } 371 372 static void 373 g_dev_strategy(struct bio *bp) 374 { 375 struct g_consumer *cp; 376 struct bio *bp2; 377 struct cdev *dev; 378 379 KASSERT(bp->bio_cmd == BIO_READ || 380 bp->bio_cmd == BIO_WRITE || 381 bp->bio_cmd == BIO_DELETE, 382 ("Wrong bio_cmd bio=%p cmd=%d", bp, bp->bio_cmd)); 383 dev = bp->bio_dev; 384 cp = dev->si_drv2; 385 KASSERT(cp->acr || cp->acw, 386 ("Consumer with zero access count in g_dev_strategy")); 387 #ifdef INVARIANTS 388 if ((bp->bio_offset % cp->provider->sectorsize) != 0 || 389 (bp->bio_bcount % cp->provider->sectorsize) != 0) { 390 bp->bio_resid = bp->bio_bcount; 391 biofinish(bp, NULL, EINVAL); 392 return; 393 } 394 #endif 395 for (;;) { 396 /* 397 * XXX: This is not an ideal solution, but I belive it to 398 * XXX: deadlock safe, all things considered. 399 */ 400 bp2 = g_clone_bio(bp); 401 if (bp2 != NULL) 402 break; 403 pause("gdstrat", hz / 10); 404 } 405 KASSERT(bp2 != NULL, ("XXX: ENOMEM in a bad place")); 406 bp2->bio_done = g_dev_done; 407 g_trace(G_T_BIO, 408 "g_dev_strategy(%p/%p) offset %jd length %jd data %p cmd %d", 409 bp, bp2, (intmax_t)bp->bio_offset, (intmax_t)bp2->bio_length, 410 bp2->bio_data, bp2->bio_cmd); 411 g_io_request(bp2, cp); 412 KASSERT(cp->acr || cp->acw, 413 ("g_dev_strategy raced with g_dev_close and lost")); 414 415 } 416 417 /* 418 * g_dev_orphan() 419 * 420 * Called from below when the provider orphaned us. 421 * - Clear any dump settings. 422 * - Destroy the struct cdev *to prevent any more request from coming in. The 423 * provider is already marked with an error, so anything which comes in 424 * in the interrim will be returned immediately. 425 * - Wait for any outstanding I/O to finish. 426 * - Set our access counts to zero, whatever they were. 427 * - Detach and self-destruct. 428 */ 429 430 static void 431 g_dev_orphan(struct g_consumer *cp) 432 { 433 struct g_geom *gp; 434 struct cdev *dev; 435 436 g_topology_assert(); 437 gp = cp->geom; 438 dev = gp->softc; 439 g_trace(G_T_TOPOLOGY, "g_dev_orphan(%p(%s))", cp, gp->name); 440 441 /* Reset any dump-area set on this device */ 442 if (dev->si_flags & SI_DUMPDEV) 443 set_dumper(NULL); 444 445 /* Destroy the struct cdev *so we get no more requests */ 446 destroy_dev(dev); 447 448 /* Wait for the cows to come home */ 449 while (cp->nstart != cp->nend) 450 pause("gdevorphan", hz / 10); 451 452 if (cp->acr > 0 || cp->acw > 0 || cp->ace > 0) 453 g_access(cp, -cp->acr, -cp->acw, -cp->ace); 454 455 g_detach(cp); 456 g_destroy_consumer(cp); 457 g_destroy_geom(gp); 458 } 459 460 DECLARE_GEOM_CLASS(g_dev_class, g_dev); 461