xref: /openbmc/linux/drivers/block/rbd.c (revision 5a158981)
1 
2 /*
3    rbd.c -- Export ceph rados objects as a Linux block device
4 
5 
6    based on drivers/block/osdblk.c:
7 
8    Copyright 2009 Red Hat, Inc.
9 
10    This program is free software; you can redistribute it and/or modify
11    it under the terms of the GNU General Public License as published by
12    the Free Software Foundation.
13 
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18 
19    You should have received a copy of the GNU General Public License
20    along with this program; see the file COPYING.  If not, write to
21    the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
22 
23 
24 
25    For usage instructions, please refer to:
26 
27                  Documentation/ABI/testing/sysfs-bus-rbd
28 
29  */
30 
31 #include <linux/ceph/libceph.h>
32 #include <linux/ceph/osd_client.h>
33 #include <linux/ceph/mon_client.h>
34 #include <linux/ceph/cls_lock_client.h>
35 #include <linux/ceph/striper.h>
36 #include <linux/ceph/decode.h>
37 #include <linux/fs_parser.h>
38 #include <linux/bsearch.h>
39 
40 #include <linux/kernel.h>
41 #include <linux/device.h>
42 #include <linux/module.h>
43 #include <linux/blk-mq.h>
44 #include <linux/fs.h>
45 #include <linux/blkdev.h>
46 #include <linux/slab.h>
47 #include <linux/idr.h>
48 #include <linux/workqueue.h>
49 
50 #include "rbd_types.h"
51 
52 #define RBD_DEBUG	/* Activate rbd_assert() calls */
53 
54 /*
55  * Increment the given counter and return its updated value.
56  * If the counter is already 0 it will not be incremented.
57  * If the counter is already at its maximum value returns
58  * -EINVAL without updating it.
59  */
60 static int atomic_inc_return_safe(atomic_t *v)
61 {
62 	unsigned int counter;
63 
64 	counter = (unsigned int)atomic_fetch_add_unless(v, 1, 0);
65 	if (counter <= (unsigned int)INT_MAX)
66 		return (int)counter;
67 
68 	atomic_dec(v);
69 
70 	return -EINVAL;
71 }
72 
73 /* Decrement the counter.  Return the resulting value, or -EINVAL */
74 static int atomic_dec_return_safe(atomic_t *v)
75 {
76 	int counter;
77 
78 	counter = atomic_dec_return(v);
79 	if (counter >= 0)
80 		return counter;
81 
82 	atomic_inc(v);
83 
84 	return -EINVAL;
85 }
86 
87 #define RBD_DRV_NAME "rbd"
88 
89 #define RBD_MINORS_PER_MAJOR		256
90 #define RBD_SINGLE_MAJOR_PART_SHIFT	4
91 
92 #define RBD_MAX_PARENT_CHAIN_LEN	16
93 
94 #define RBD_SNAP_DEV_NAME_PREFIX	"snap_"
95 #define RBD_MAX_SNAP_NAME_LEN	\
96 			(NAME_MAX - (sizeof (RBD_SNAP_DEV_NAME_PREFIX) - 1))
97 
98 #define RBD_MAX_SNAP_COUNT	510	/* allows max snapc to fit in 4KB */
99 
100 #define RBD_SNAP_HEAD_NAME	"-"
101 
102 #define	BAD_SNAP_INDEX	U32_MAX		/* invalid index into snap array */
103 
104 /* This allows a single page to hold an image name sent by OSD */
105 #define RBD_IMAGE_NAME_LEN_MAX	(PAGE_SIZE - sizeof (__le32) - 1)
106 #define RBD_IMAGE_ID_LEN_MAX	64
107 
108 #define RBD_OBJ_PREFIX_LEN_MAX	64
109 
110 #define RBD_NOTIFY_TIMEOUT	5	/* seconds */
111 #define RBD_RETRY_DELAY		msecs_to_jiffies(1000)
112 
113 /* Feature bits */
114 
115 #define RBD_FEATURE_LAYERING		(1ULL<<0)
116 #define RBD_FEATURE_STRIPINGV2		(1ULL<<1)
117 #define RBD_FEATURE_EXCLUSIVE_LOCK	(1ULL<<2)
118 #define RBD_FEATURE_OBJECT_MAP		(1ULL<<3)
119 #define RBD_FEATURE_FAST_DIFF		(1ULL<<4)
120 #define RBD_FEATURE_DEEP_FLATTEN	(1ULL<<5)
121 #define RBD_FEATURE_DATA_POOL		(1ULL<<7)
122 #define RBD_FEATURE_OPERATIONS		(1ULL<<8)
123 
124 #define RBD_FEATURES_ALL	(RBD_FEATURE_LAYERING |		\
125 				 RBD_FEATURE_STRIPINGV2 |	\
126 				 RBD_FEATURE_EXCLUSIVE_LOCK |	\
127 				 RBD_FEATURE_OBJECT_MAP |	\
128 				 RBD_FEATURE_FAST_DIFF |	\
129 				 RBD_FEATURE_DEEP_FLATTEN |	\
130 				 RBD_FEATURE_DATA_POOL |	\
131 				 RBD_FEATURE_OPERATIONS)
132 
133 /* Features supported by this (client software) implementation. */
134 
135 #define RBD_FEATURES_SUPPORTED	(RBD_FEATURES_ALL)
136 
137 /*
138  * An RBD device name will be "rbd#", where the "rbd" comes from
139  * RBD_DRV_NAME above, and # is a unique integer identifier.
140  */
141 #define DEV_NAME_LEN		32
142 
143 /*
144  * block device image metadata (in-memory version)
145  */
146 struct rbd_image_header {
147 	/* These six fields never change for a given rbd image */
148 	char *object_prefix;
149 	__u8 obj_order;
150 	u64 stripe_unit;
151 	u64 stripe_count;
152 	s64 data_pool_id;
153 	u64 features;		/* Might be changeable someday? */
154 
155 	/* The remaining fields need to be updated occasionally */
156 	u64 image_size;
157 	struct ceph_snap_context *snapc;
158 	char *snap_names;	/* format 1 only */
159 	u64 *snap_sizes;	/* format 1 only */
160 };
161 
162 /*
163  * An rbd image specification.
164  *
165  * The tuple (pool_id, image_id, snap_id) is sufficient to uniquely
166  * identify an image.  Each rbd_dev structure includes a pointer to
167  * an rbd_spec structure that encapsulates this identity.
168  *
169  * Each of the id's in an rbd_spec has an associated name.  For a
170  * user-mapped image, the names are supplied and the id's associated
171  * with them are looked up.  For a layered image, a parent image is
172  * defined by the tuple, and the names are looked up.
173  *
174  * An rbd_dev structure contains a parent_spec pointer which is
175  * non-null if the image it represents is a child in a layered
176  * image.  This pointer will refer to the rbd_spec structure used
177  * by the parent rbd_dev for its own identity (i.e., the structure
178  * is shared between the parent and child).
179  *
180  * Since these structures are populated once, during the discovery
181  * phase of image construction, they are effectively immutable so
182  * we make no effort to synchronize access to them.
183  *
184  * Note that code herein does not assume the image name is known (it
185  * could be a null pointer).
186  */
187 struct rbd_spec {
188 	u64		pool_id;
189 	const char	*pool_name;
190 	const char	*pool_ns;	/* NULL if default, never "" */
191 
192 	const char	*image_id;
193 	const char	*image_name;
194 
195 	u64		snap_id;
196 	const char	*snap_name;
197 
198 	struct kref	kref;
199 };
200 
201 /*
202  * an instance of the client.  multiple devices may share an rbd client.
203  */
204 struct rbd_client {
205 	struct ceph_client	*client;
206 	struct kref		kref;
207 	struct list_head	node;
208 };
209 
210 struct pending_result {
211 	int			result;		/* first nonzero result */
212 	int			num_pending;
213 };
214 
215 struct rbd_img_request;
216 
217 enum obj_request_type {
218 	OBJ_REQUEST_NODATA = 1,
219 	OBJ_REQUEST_BIO,	/* pointer into provided bio (list) */
220 	OBJ_REQUEST_BVECS,	/* pointer into provided bio_vec array */
221 	OBJ_REQUEST_OWN_BVECS,	/* private bio_vec array, doesn't own pages */
222 };
223 
224 enum obj_operation_type {
225 	OBJ_OP_READ = 1,
226 	OBJ_OP_WRITE,
227 	OBJ_OP_DISCARD,
228 	OBJ_OP_ZEROOUT,
229 };
230 
231 #define RBD_OBJ_FLAG_DELETION			(1U << 0)
232 #define RBD_OBJ_FLAG_COPYUP_ENABLED		(1U << 1)
233 #define RBD_OBJ_FLAG_COPYUP_ZEROS		(1U << 2)
234 #define RBD_OBJ_FLAG_MAY_EXIST			(1U << 3)
235 #define RBD_OBJ_FLAG_NOOP_FOR_NONEXISTENT	(1U << 4)
236 
237 enum rbd_obj_read_state {
238 	RBD_OBJ_READ_START = 1,
239 	RBD_OBJ_READ_OBJECT,
240 	RBD_OBJ_READ_PARENT,
241 };
242 
243 /*
244  * Writes go through the following state machine to deal with
245  * layering:
246  *
247  *            . . . . . RBD_OBJ_WRITE_GUARD. . . . . . . . . . . . . .
248  *            .                 |                                    .
249  *            .                 v                                    .
250  *            .    RBD_OBJ_WRITE_READ_FROM_PARENT. . .               .
251  *            .                 |                    .               .
252  *            .                 v                    v (deep-copyup  .
253  *    (image  .   RBD_OBJ_WRITE_COPYUP_EMPTY_SNAPC   .  not needed)  .
254  * flattened) v                 |                    .               .
255  *            .                 v                    .               .
256  *            . . . .RBD_OBJ_WRITE_COPYUP_OPS. . . . .      (copyup  .
257  *                              |                        not needed) v
258  *                              v                                    .
259  *                            done . . . . . . . . . . . . . . . . . .
260  *                              ^
261  *                              |
262  *                     RBD_OBJ_WRITE_FLAT
263  *
264  * Writes start in RBD_OBJ_WRITE_GUARD or _FLAT, depending on whether
265  * assert_exists guard is needed or not (in some cases it's not needed
266  * even if there is a parent).
267  */
268 enum rbd_obj_write_state {
269 	RBD_OBJ_WRITE_START = 1,
270 	RBD_OBJ_WRITE_PRE_OBJECT_MAP,
271 	RBD_OBJ_WRITE_OBJECT,
272 	__RBD_OBJ_WRITE_COPYUP,
273 	RBD_OBJ_WRITE_COPYUP,
274 	RBD_OBJ_WRITE_POST_OBJECT_MAP,
275 };
276 
277 enum rbd_obj_copyup_state {
278 	RBD_OBJ_COPYUP_START = 1,
279 	RBD_OBJ_COPYUP_READ_PARENT,
280 	__RBD_OBJ_COPYUP_OBJECT_MAPS,
281 	RBD_OBJ_COPYUP_OBJECT_MAPS,
282 	__RBD_OBJ_COPYUP_WRITE_OBJECT,
283 	RBD_OBJ_COPYUP_WRITE_OBJECT,
284 };
285 
286 struct rbd_obj_request {
287 	struct ceph_object_extent ex;
288 	unsigned int		flags;	/* RBD_OBJ_FLAG_* */
289 	union {
290 		enum rbd_obj_read_state	 read_state;	/* for reads */
291 		enum rbd_obj_write_state write_state;	/* for writes */
292 	};
293 
294 	struct rbd_img_request	*img_request;
295 	struct ceph_file_extent	*img_extents;
296 	u32			num_img_extents;
297 
298 	union {
299 		struct ceph_bio_iter	bio_pos;
300 		struct {
301 			struct ceph_bvec_iter	bvec_pos;
302 			u32			bvec_count;
303 			u32			bvec_idx;
304 		};
305 	};
306 
307 	enum rbd_obj_copyup_state copyup_state;
308 	struct bio_vec		*copyup_bvecs;
309 	u32			copyup_bvec_count;
310 
311 	struct list_head	osd_reqs;	/* w/ r_private_item */
312 
313 	struct mutex		state_mutex;
314 	struct pending_result	pending;
315 	struct kref		kref;
316 };
317 
318 enum img_req_flags {
319 	IMG_REQ_CHILD,		/* initiator: block = 0, child image = 1 */
320 	IMG_REQ_LAYERED,	/* ENOENT handling: normal = 0, layered = 1 */
321 };
322 
323 enum rbd_img_state {
324 	RBD_IMG_START = 1,
325 	RBD_IMG_EXCLUSIVE_LOCK,
326 	__RBD_IMG_OBJECT_REQUESTS,
327 	RBD_IMG_OBJECT_REQUESTS,
328 };
329 
330 struct rbd_img_request {
331 	struct rbd_device	*rbd_dev;
332 	enum obj_operation_type	op_type;
333 	enum obj_request_type	data_type;
334 	unsigned long		flags;
335 	enum rbd_img_state	state;
336 	union {
337 		u64			snap_id;	/* for reads */
338 		struct ceph_snap_context *snapc;	/* for writes */
339 	};
340 	union {
341 		struct request		*rq;		/* block request */
342 		struct rbd_obj_request	*obj_request;	/* obj req initiator */
343 	};
344 
345 	struct list_head	lock_item;
346 	struct list_head	object_extents;	/* obj_req.ex structs */
347 
348 	struct mutex		state_mutex;
349 	struct pending_result	pending;
350 	struct work_struct	work;
351 	int			work_result;
352 	struct kref		kref;
353 };
354 
355 #define for_each_obj_request(ireq, oreq) \
356 	list_for_each_entry(oreq, &(ireq)->object_extents, ex.oe_item)
357 #define for_each_obj_request_safe(ireq, oreq, n) \
358 	list_for_each_entry_safe(oreq, n, &(ireq)->object_extents, ex.oe_item)
359 
360 enum rbd_watch_state {
361 	RBD_WATCH_STATE_UNREGISTERED,
362 	RBD_WATCH_STATE_REGISTERED,
363 	RBD_WATCH_STATE_ERROR,
364 };
365 
366 enum rbd_lock_state {
367 	RBD_LOCK_STATE_UNLOCKED,
368 	RBD_LOCK_STATE_LOCKED,
369 	RBD_LOCK_STATE_RELEASING,
370 };
371 
372 /* WatchNotify::ClientId */
373 struct rbd_client_id {
374 	u64 gid;
375 	u64 handle;
376 };
377 
378 struct rbd_mapping {
379 	u64                     size;
380 };
381 
382 /*
383  * a single device
384  */
385 struct rbd_device {
386 	int			dev_id;		/* blkdev unique id */
387 
388 	int			major;		/* blkdev assigned major */
389 	int			minor;
390 	struct gendisk		*disk;		/* blkdev's gendisk and rq */
391 
392 	u32			image_format;	/* Either 1 or 2 */
393 	struct rbd_client	*rbd_client;
394 
395 	char			name[DEV_NAME_LEN]; /* blkdev name, e.g. rbd3 */
396 
397 	spinlock_t		lock;		/* queue, flags, open_count */
398 
399 	struct rbd_image_header	header;
400 	unsigned long		flags;		/* possibly lock protected */
401 	struct rbd_spec		*spec;
402 	struct rbd_options	*opts;
403 	char			*config_info;	/* add{,_single_major} string */
404 
405 	struct ceph_object_id	header_oid;
406 	struct ceph_object_locator header_oloc;
407 
408 	struct ceph_file_layout	layout;		/* used for all rbd requests */
409 
410 	struct mutex		watch_mutex;
411 	enum rbd_watch_state	watch_state;
412 	struct ceph_osd_linger_request *watch_handle;
413 	u64			watch_cookie;
414 	struct delayed_work	watch_dwork;
415 
416 	struct rw_semaphore	lock_rwsem;
417 	enum rbd_lock_state	lock_state;
418 	char			lock_cookie[32];
419 	struct rbd_client_id	owner_cid;
420 	struct work_struct	acquired_lock_work;
421 	struct work_struct	released_lock_work;
422 	struct delayed_work	lock_dwork;
423 	struct work_struct	unlock_work;
424 	spinlock_t		lock_lists_lock;
425 	struct list_head	acquiring_list;
426 	struct list_head	running_list;
427 	struct completion	acquire_wait;
428 	int			acquire_err;
429 	struct completion	releasing_wait;
430 
431 	spinlock_t		object_map_lock;
432 	u8			*object_map;
433 	u64			object_map_size;	/* in objects */
434 	u64			object_map_flags;
435 
436 	struct workqueue_struct	*task_wq;
437 
438 	struct rbd_spec		*parent_spec;
439 	u64			parent_overlap;
440 	atomic_t		parent_ref;
441 	struct rbd_device	*parent;
442 
443 	/* Block layer tags. */
444 	struct blk_mq_tag_set	tag_set;
445 
446 	/* protects updating the header */
447 	struct rw_semaphore     header_rwsem;
448 
449 	struct rbd_mapping	mapping;
450 
451 	struct list_head	node;
452 
453 	/* sysfs related */
454 	struct device		dev;
455 	unsigned long		open_count;	/* protected by lock */
456 };
457 
458 /*
459  * Flag bits for rbd_dev->flags:
460  * - REMOVING (which is coupled with rbd_dev->open_count) is protected
461  *   by rbd_dev->lock
462  */
463 enum rbd_dev_flags {
464 	RBD_DEV_FLAG_EXISTS,	/* rbd_dev_device_setup() ran */
465 	RBD_DEV_FLAG_REMOVING,	/* this mapping is being removed */
466 	RBD_DEV_FLAG_READONLY,  /* -o ro or snapshot */
467 };
468 
469 static DEFINE_MUTEX(client_mutex);	/* Serialize client creation */
470 
471 static LIST_HEAD(rbd_dev_list);    /* devices */
472 static DEFINE_SPINLOCK(rbd_dev_list_lock);
473 
474 static LIST_HEAD(rbd_client_list);		/* clients */
475 static DEFINE_SPINLOCK(rbd_client_list_lock);
476 
477 /* Slab caches for frequently-allocated structures */
478 
479 static struct kmem_cache	*rbd_img_request_cache;
480 static struct kmem_cache	*rbd_obj_request_cache;
481 
482 static int rbd_major;
483 static DEFINE_IDA(rbd_dev_id_ida);
484 
485 static struct workqueue_struct *rbd_wq;
486 
487 static struct ceph_snap_context rbd_empty_snapc = {
488 	.nref = REFCOUNT_INIT(1),
489 };
490 
491 /*
492  * single-major requires >= 0.75 version of userspace rbd utility.
493  */
494 static bool single_major = true;
495 module_param(single_major, bool, 0444);
496 MODULE_PARM_DESC(single_major, "Use a single major number for all rbd devices (default: true)");
497 
498 static ssize_t add_store(struct bus_type *bus, const char *buf, size_t count);
499 static ssize_t remove_store(struct bus_type *bus, const char *buf,
500 			    size_t count);
501 static ssize_t add_single_major_store(struct bus_type *bus, const char *buf,
502 				      size_t count);
503 static ssize_t remove_single_major_store(struct bus_type *bus, const char *buf,
504 					 size_t count);
505 static int rbd_dev_image_probe(struct rbd_device *rbd_dev, int depth);
506 
507 static int rbd_dev_id_to_minor(int dev_id)
508 {
509 	return dev_id << RBD_SINGLE_MAJOR_PART_SHIFT;
510 }
511 
512 static int minor_to_rbd_dev_id(int minor)
513 {
514 	return minor >> RBD_SINGLE_MAJOR_PART_SHIFT;
515 }
516 
517 static bool rbd_is_ro(struct rbd_device *rbd_dev)
518 {
519 	return test_bit(RBD_DEV_FLAG_READONLY, &rbd_dev->flags);
520 }
521 
522 static bool rbd_is_snap(struct rbd_device *rbd_dev)
523 {
524 	return rbd_dev->spec->snap_id != CEPH_NOSNAP;
525 }
526 
527 static bool __rbd_is_lock_owner(struct rbd_device *rbd_dev)
528 {
529 	lockdep_assert_held(&rbd_dev->lock_rwsem);
530 
531 	return rbd_dev->lock_state == RBD_LOCK_STATE_LOCKED ||
532 	       rbd_dev->lock_state == RBD_LOCK_STATE_RELEASING;
533 }
534 
535 static bool rbd_is_lock_owner(struct rbd_device *rbd_dev)
536 {
537 	bool is_lock_owner;
538 
539 	down_read(&rbd_dev->lock_rwsem);
540 	is_lock_owner = __rbd_is_lock_owner(rbd_dev);
541 	up_read(&rbd_dev->lock_rwsem);
542 	return is_lock_owner;
543 }
544 
545 static ssize_t supported_features_show(struct bus_type *bus, char *buf)
546 {
547 	return sprintf(buf, "0x%llx\n", RBD_FEATURES_SUPPORTED);
548 }
549 
550 static BUS_ATTR_WO(add);
551 static BUS_ATTR_WO(remove);
552 static BUS_ATTR_WO(add_single_major);
553 static BUS_ATTR_WO(remove_single_major);
554 static BUS_ATTR_RO(supported_features);
555 
556 static struct attribute *rbd_bus_attrs[] = {
557 	&bus_attr_add.attr,
558 	&bus_attr_remove.attr,
559 	&bus_attr_add_single_major.attr,
560 	&bus_attr_remove_single_major.attr,
561 	&bus_attr_supported_features.attr,
562 	NULL,
563 };
564 
565 static umode_t rbd_bus_is_visible(struct kobject *kobj,
566 				  struct attribute *attr, int index)
567 {
568 	if (!single_major &&
569 	    (attr == &bus_attr_add_single_major.attr ||
570 	     attr == &bus_attr_remove_single_major.attr))
571 		return 0;
572 
573 	return attr->mode;
574 }
575 
576 static const struct attribute_group rbd_bus_group = {
577 	.attrs = rbd_bus_attrs,
578 	.is_visible = rbd_bus_is_visible,
579 };
580 __ATTRIBUTE_GROUPS(rbd_bus);
581 
582 static struct bus_type rbd_bus_type = {
583 	.name		= "rbd",
584 	.bus_groups	= rbd_bus_groups,
585 };
586 
587 static void rbd_root_dev_release(struct device *dev)
588 {
589 }
590 
591 static struct device rbd_root_dev = {
592 	.init_name =    "rbd",
593 	.release =      rbd_root_dev_release,
594 };
595 
596 static __printf(2, 3)
597 void rbd_warn(struct rbd_device *rbd_dev, const char *fmt, ...)
598 {
599 	struct va_format vaf;
600 	va_list args;
601 
602 	va_start(args, fmt);
603 	vaf.fmt = fmt;
604 	vaf.va = &args;
605 
606 	if (!rbd_dev)
607 		printk(KERN_WARNING "%s: %pV\n", RBD_DRV_NAME, &vaf);
608 	else if (rbd_dev->disk)
609 		printk(KERN_WARNING "%s: %s: %pV\n",
610 			RBD_DRV_NAME, rbd_dev->disk->disk_name, &vaf);
611 	else if (rbd_dev->spec && rbd_dev->spec->image_name)
612 		printk(KERN_WARNING "%s: image %s: %pV\n",
613 			RBD_DRV_NAME, rbd_dev->spec->image_name, &vaf);
614 	else if (rbd_dev->spec && rbd_dev->spec->image_id)
615 		printk(KERN_WARNING "%s: id %s: %pV\n",
616 			RBD_DRV_NAME, rbd_dev->spec->image_id, &vaf);
617 	else	/* punt */
618 		printk(KERN_WARNING "%s: rbd_dev %p: %pV\n",
619 			RBD_DRV_NAME, rbd_dev, &vaf);
620 	va_end(args);
621 }
622 
623 #ifdef RBD_DEBUG
624 #define rbd_assert(expr)						\
625 		if (unlikely(!(expr))) {				\
626 			printk(KERN_ERR "\nAssertion failure in %s() "	\
627 						"at line %d:\n\n"	\
628 					"\trbd_assert(%s);\n\n",	\
629 					__func__, __LINE__, #expr);	\
630 			BUG();						\
631 		}
632 #else /* !RBD_DEBUG */
633 #  define rbd_assert(expr)	((void) 0)
634 #endif /* !RBD_DEBUG */
635 
636 static void rbd_dev_remove_parent(struct rbd_device *rbd_dev);
637 
638 static int rbd_dev_refresh(struct rbd_device *rbd_dev);
639 static int rbd_dev_v2_header_onetime(struct rbd_device *rbd_dev);
640 static int rbd_dev_header_info(struct rbd_device *rbd_dev);
641 static int rbd_dev_v2_parent_info(struct rbd_device *rbd_dev);
642 static const char *rbd_dev_v2_snap_name(struct rbd_device *rbd_dev,
643 					u64 snap_id);
644 static int _rbd_dev_v2_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
645 				u8 *order, u64 *snap_size);
646 static int rbd_dev_v2_get_flags(struct rbd_device *rbd_dev);
647 
648 static void rbd_obj_handle_request(struct rbd_obj_request *obj_req, int result);
649 static void rbd_img_handle_request(struct rbd_img_request *img_req, int result);
650 
651 /*
652  * Return true if nothing else is pending.
653  */
654 static bool pending_result_dec(struct pending_result *pending, int *result)
655 {
656 	rbd_assert(pending->num_pending > 0);
657 
658 	if (*result && !pending->result)
659 		pending->result = *result;
660 	if (--pending->num_pending)
661 		return false;
662 
663 	*result = pending->result;
664 	return true;
665 }
666 
667 static int rbd_open(struct block_device *bdev, fmode_t mode)
668 {
669 	struct rbd_device *rbd_dev = bdev->bd_disk->private_data;
670 	bool removing = false;
671 
672 	spin_lock_irq(&rbd_dev->lock);
673 	if (test_bit(RBD_DEV_FLAG_REMOVING, &rbd_dev->flags))
674 		removing = true;
675 	else
676 		rbd_dev->open_count++;
677 	spin_unlock_irq(&rbd_dev->lock);
678 	if (removing)
679 		return -ENOENT;
680 
681 	(void) get_device(&rbd_dev->dev);
682 
683 	return 0;
684 }
685 
686 static void rbd_release(struct gendisk *disk, fmode_t mode)
687 {
688 	struct rbd_device *rbd_dev = disk->private_data;
689 	unsigned long open_count_before;
690 
691 	spin_lock_irq(&rbd_dev->lock);
692 	open_count_before = rbd_dev->open_count--;
693 	spin_unlock_irq(&rbd_dev->lock);
694 	rbd_assert(open_count_before > 0);
695 
696 	put_device(&rbd_dev->dev);
697 }
698 
699 static int rbd_ioctl_set_ro(struct rbd_device *rbd_dev, unsigned long arg)
700 {
701 	int ro;
702 
703 	if (get_user(ro, (int __user *)arg))
704 		return -EFAULT;
705 
706 	/*
707 	 * Both images mapped read-only and snapshots can't be marked
708 	 * read-write.
709 	 */
710 	if (!ro) {
711 		if (rbd_is_ro(rbd_dev))
712 			return -EROFS;
713 
714 		rbd_assert(!rbd_is_snap(rbd_dev));
715 	}
716 
717 	/* Let blkdev_roset() handle it */
718 	return -ENOTTY;
719 }
720 
721 static int rbd_ioctl(struct block_device *bdev, fmode_t mode,
722 			unsigned int cmd, unsigned long arg)
723 {
724 	struct rbd_device *rbd_dev = bdev->bd_disk->private_data;
725 	int ret;
726 
727 	switch (cmd) {
728 	case BLKROSET:
729 		ret = rbd_ioctl_set_ro(rbd_dev, arg);
730 		break;
731 	default:
732 		ret = -ENOTTY;
733 	}
734 
735 	return ret;
736 }
737 
738 #ifdef CONFIG_COMPAT
739 static int rbd_compat_ioctl(struct block_device *bdev, fmode_t mode,
740 				unsigned int cmd, unsigned long arg)
741 {
742 	return rbd_ioctl(bdev, mode, cmd, arg);
743 }
744 #endif /* CONFIG_COMPAT */
745 
746 static const struct block_device_operations rbd_bd_ops = {
747 	.owner			= THIS_MODULE,
748 	.open			= rbd_open,
749 	.release		= rbd_release,
750 	.ioctl			= rbd_ioctl,
751 #ifdef CONFIG_COMPAT
752 	.compat_ioctl		= rbd_compat_ioctl,
753 #endif
754 };
755 
756 /*
757  * Initialize an rbd client instance.  Success or not, this function
758  * consumes ceph_opts.  Caller holds client_mutex.
759  */
760 static struct rbd_client *rbd_client_create(struct ceph_options *ceph_opts)
761 {
762 	struct rbd_client *rbdc;
763 	int ret = -ENOMEM;
764 
765 	dout("%s:\n", __func__);
766 	rbdc = kmalloc(sizeof(struct rbd_client), GFP_KERNEL);
767 	if (!rbdc)
768 		goto out_opt;
769 
770 	kref_init(&rbdc->kref);
771 	INIT_LIST_HEAD(&rbdc->node);
772 
773 	rbdc->client = ceph_create_client(ceph_opts, rbdc);
774 	if (IS_ERR(rbdc->client))
775 		goto out_rbdc;
776 	ceph_opts = NULL; /* Now rbdc->client is responsible for ceph_opts */
777 
778 	ret = ceph_open_session(rbdc->client);
779 	if (ret < 0)
780 		goto out_client;
781 
782 	spin_lock(&rbd_client_list_lock);
783 	list_add_tail(&rbdc->node, &rbd_client_list);
784 	spin_unlock(&rbd_client_list_lock);
785 
786 	dout("%s: rbdc %p\n", __func__, rbdc);
787 
788 	return rbdc;
789 out_client:
790 	ceph_destroy_client(rbdc->client);
791 out_rbdc:
792 	kfree(rbdc);
793 out_opt:
794 	if (ceph_opts)
795 		ceph_destroy_options(ceph_opts);
796 	dout("%s: error %d\n", __func__, ret);
797 
798 	return ERR_PTR(ret);
799 }
800 
801 static struct rbd_client *__rbd_get_client(struct rbd_client *rbdc)
802 {
803 	kref_get(&rbdc->kref);
804 
805 	return rbdc;
806 }
807 
808 /*
809  * Find a ceph client with specific addr and configuration.  If
810  * found, bump its reference count.
811  */
812 static struct rbd_client *rbd_client_find(struct ceph_options *ceph_opts)
813 {
814 	struct rbd_client *client_node;
815 	bool found = false;
816 
817 	if (ceph_opts->flags & CEPH_OPT_NOSHARE)
818 		return NULL;
819 
820 	spin_lock(&rbd_client_list_lock);
821 	list_for_each_entry(client_node, &rbd_client_list, node) {
822 		if (!ceph_compare_options(ceph_opts, client_node->client)) {
823 			__rbd_get_client(client_node);
824 
825 			found = true;
826 			break;
827 		}
828 	}
829 	spin_unlock(&rbd_client_list_lock);
830 
831 	return found ? client_node : NULL;
832 }
833 
834 /*
835  * (Per device) rbd map options
836  */
837 enum {
838 	Opt_queue_depth,
839 	Opt_alloc_size,
840 	Opt_lock_timeout,
841 	/* int args above */
842 	Opt_pool_ns,
843 	/* string args above */
844 	Opt_read_only,
845 	Opt_read_write,
846 	Opt_lock_on_read,
847 	Opt_exclusive,
848 	Opt_notrim,
849 };
850 
851 static const struct fs_parameter_spec rbd_param_specs[] = {
852 	fsparam_u32	("alloc_size",			Opt_alloc_size),
853 	fsparam_flag	("exclusive",			Opt_exclusive),
854 	fsparam_flag	("lock_on_read",		Opt_lock_on_read),
855 	fsparam_u32	("lock_timeout",		Opt_lock_timeout),
856 	fsparam_flag	("notrim",			Opt_notrim),
857 	fsparam_string	("_pool_ns",			Opt_pool_ns),
858 	fsparam_u32	("queue_depth",			Opt_queue_depth),
859 	fsparam_flag	("read_only",			Opt_read_only),
860 	fsparam_flag	("read_write",			Opt_read_write),
861 	fsparam_flag	("ro",				Opt_read_only),
862 	fsparam_flag	("rw",				Opt_read_write),
863 	{}
864 };
865 
866 static const struct fs_parameter_description rbd_parameters = {
867 	.name		= "rbd",
868 	.specs		= rbd_param_specs,
869 };
870 
871 struct rbd_options {
872 	int	queue_depth;
873 	int	alloc_size;
874 	unsigned long	lock_timeout;
875 	bool	read_only;
876 	bool	lock_on_read;
877 	bool	exclusive;
878 	bool	trim;
879 };
880 
881 #define RBD_QUEUE_DEPTH_DEFAULT	BLKDEV_MAX_RQ
882 #define RBD_ALLOC_SIZE_DEFAULT	(64 * 1024)
883 #define RBD_LOCK_TIMEOUT_DEFAULT 0  /* no timeout */
884 #define RBD_READ_ONLY_DEFAULT	false
885 #define RBD_LOCK_ON_READ_DEFAULT false
886 #define RBD_EXCLUSIVE_DEFAULT	false
887 #define RBD_TRIM_DEFAULT	true
888 
889 struct rbd_parse_opts_ctx {
890 	struct rbd_spec		*spec;
891 	struct ceph_options	*copts;
892 	struct rbd_options	*opts;
893 };
894 
895 static char* obj_op_name(enum obj_operation_type op_type)
896 {
897 	switch (op_type) {
898 	case OBJ_OP_READ:
899 		return "read";
900 	case OBJ_OP_WRITE:
901 		return "write";
902 	case OBJ_OP_DISCARD:
903 		return "discard";
904 	case OBJ_OP_ZEROOUT:
905 		return "zeroout";
906 	default:
907 		return "???";
908 	}
909 }
910 
911 /*
912  * Destroy ceph client
913  *
914  * Caller must hold rbd_client_list_lock.
915  */
916 static void rbd_client_release(struct kref *kref)
917 {
918 	struct rbd_client *rbdc = container_of(kref, struct rbd_client, kref);
919 
920 	dout("%s: rbdc %p\n", __func__, rbdc);
921 	spin_lock(&rbd_client_list_lock);
922 	list_del(&rbdc->node);
923 	spin_unlock(&rbd_client_list_lock);
924 
925 	ceph_destroy_client(rbdc->client);
926 	kfree(rbdc);
927 }
928 
929 /*
930  * Drop reference to ceph client node. If it's not referenced anymore, release
931  * it.
932  */
933 static void rbd_put_client(struct rbd_client *rbdc)
934 {
935 	if (rbdc)
936 		kref_put(&rbdc->kref, rbd_client_release);
937 }
938 
939 /*
940  * Get a ceph client with specific addr and configuration, if one does
941  * not exist create it.  Either way, ceph_opts is consumed by this
942  * function.
943  */
944 static struct rbd_client *rbd_get_client(struct ceph_options *ceph_opts)
945 {
946 	struct rbd_client *rbdc;
947 	int ret;
948 
949 	mutex_lock(&client_mutex);
950 	rbdc = rbd_client_find(ceph_opts);
951 	if (rbdc) {
952 		ceph_destroy_options(ceph_opts);
953 
954 		/*
955 		 * Using an existing client.  Make sure ->pg_pools is up to
956 		 * date before we look up the pool id in do_rbd_add().
957 		 */
958 		ret = ceph_wait_for_latest_osdmap(rbdc->client,
959 					rbdc->client->options->mount_timeout);
960 		if (ret) {
961 			rbd_warn(NULL, "failed to get latest osdmap: %d", ret);
962 			rbd_put_client(rbdc);
963 			rbdc = ERR_PTR(ret);
964 		}
965 	} else {
966 		rbdc = rbd_client_create(ceph_opts);
967 	}
968 	mutex_unlock(&client_mutex);
969 
970 	return rbdc;
971 }
972 
973 static bool rbd_image_format_valid(u32 image_format)
974 {
975 	return image_format == 1 || image_format == 2;
976 }
977 
978 static bool rbd_dev_ondisk_valid(struct rbd_image_header_ondisk *ondisk)
979 {
980 	size_t size;
981 	u32 snap_count;
982 
983 	/* The header has to start with the magic rbd header text */
984 	if (memcmp(&ondisk->text, RBD_HEADER_TEXT, sizeof (RBD_HEADER_TEXT)))
985 		return false;
986 
987 	/* The bio layer requires at least sector-sized I/O */
988 
989 	if (ondisk->options.order < SECTOR_SHIFT)
990 		return false;
991 
992 	/* If we use u64 in a few spots we may be able to loosen this */
993 
994 	if (ondisk->options.order > 8 * sizeof (int) - 1)
995 		return false;
996 
997 	/*
998 	 * The size of a snapshot header has to fit in a size_t, and
999 	 * that limits the number of snapshots.
1000 	 */
1001 	snap_count = le32_to_cpu(ondisk->snap_count);
1002 	size = SIZE_MAX - sizeof (struct ceph_snap_context);
1003 	if (snap_count > size / sizeof (__le64))
1004 		return false;
1005 
1006 	/*
1007 	 * Not only that, but the size of the entire the snapshot
1008 	 * header must also be representable in a size_t.
1009 	 */
1010 	size -= snap_count * sizeof (__le64);
1011 	if ((u64) size < le64_to_cpu(ondisk->snap_names_len))
1012 		return false;
1013 
1014 	return true;
1015 }
1016 
1017 /*
1018  * returns the size of an object in the image
1019  */
1020 static u32 rbd_obj_bytes(struct rbd_image_header *header)
1021 {
1022 	return 1U << header->obj_order;
1023 }
1024 
1025 static void rbd_init_layout(struct rbd_device *rbd_dev)
1026 {
1027 	if (rbd_dev->header.stripe_unit == 0 ||
1028 	    rbd_dev->header.stripe_count == 0) {
1029 		rbd_dev->header.stripe_unit = rbd_obj_bytes(&rbd_dev->header);
1030 		rbd_dev->header.stripe_count = 1;
1031 	}
1032 
1033 	rbd_dev->layout.stripe_unit = rbd_dev->header.stripe_unit;
1034 	rbd_dev->layout.stripe_count = rbd_dev->header.stripe_count;
1035 	rbd_dev->layout.object_size = rbd_obj_bytes(&rbd_dev->header);
1036 	rbd_dev->layout.pool_id = rbd_dev->header.data_pool_id == CEPH_NOPOOL ?
1037 			  rbd_dev->spec->pool_id : rbd_dev->header.data_pool_id;
1038 	RCU_INIT_POINTER(rbd_dev->layout.pool_ns, NULL);
1039 }
1040 
1041 /*
1042  * Fill an rbd image header with information from the given format 1
1043  * on-disk header.
1044  */
1045 static int rbd_header_from_disk(struct rbd_device *rbd_dev,
1046 				 struct rbd_image_header_ondisk *ondisk)
1047 {
1048 	struct rbd_image_header *header = &rbd_dev->header;
1049 	bool first_time = header->object_prefix == NULL;
1050 	struct ceph_snap_context *snapc;
1051 	char *object_prefix = NULL;
1052 	char *snap_names = NULL;
1053 	u64 *snap_sizes = NULL;
1054 	u32 snap_count;
1055 	int ret = -ENOMEM;
1056 	u32 i;
1057 
1058 	/* Allocate this now to avoid having to handle failure below */
1059 
1060 	if (first_time) {
1061 		object_prefix = kstrndup(ondisk->object_prefix,
1062 					 sizeof(ondisk->object_prefix),
1063 					 GFP_KERNEL);
1064 		if (!object_prefix)
1065 			return -ENOMEM;
1066 	}
1067 
1068 	/* Allocate the snapshot context and fill it in */
1069 
1070 	snap_count = le32_to_cpu(ondisk->snap_count);
1071 	snapc = ceph_create_snap_context(snap_count, GFP_KERNEL);
1072 	if (!snapc)
1073 		goto out_err;
1074 	snapc->seq = le64_to_cpu(ondisk->snap_seq);
1075 	if (snap_count) {
1076 		struct rbd_image_snap_ondisk *snaps;
1077 		u64 snap_names_len = le64_to_cpu(ondisk->snap_names_len);
1078 
1079 		/* We'll keep a copy of the snapshot names... */
1080 
1081 		if (snap_names_len > (u64)SIZE_MAX)
1082 			goto out_2big;
1083 		snap_names = kmalloc(snap_names_len, GFP_KERNEL);
1084 		if (!snap_names)
1085 			goto out_err;
1086 
1087 		/* ...as well as the array of their sizes. */
1088 		snap_sizes = kmalloc_array(snap_count,
1089 					   sizeof(*header->snap_sizes),
1090 					   GFP_KERNEL);
1091 		if (!snap_sizes)
1092 			goto out_err;
1093 
1094 		/*
1095 		 * Copy the names, and fill in each snapshot's id
1096 		 * and size.
1097 		 *
1098 		 * Note that rbd_dev_v1_header_info() guarantees the
1099 		 * ondisk buffer we're working with has
1100 		 * snap_names_len bytes beyond the end of the
1101 		 * snapshot id array, this memcpy() is safe.
1102 		 */
1103 		memcpy(snap_names, &ondisk->snaps[snap_count], snap_names_len);
1104 		snaps = ondisk->snaps;
1105 		for (i = 0; i < snap_count; i++) {
1106 			snapc->snaps[i] = le64_to_cpu(snaps[i].id);
1107 			snap_sizes[i] = le64_to_cpu(snaps[i].image_size);
1108 		}
1109 	}
1110 
1111 	/* We won't fail any more, fill in the header */
1112 
1113 	if (first_time) {
1114 		header->object_prefix = object_prefix;
1115 		header->obj_order = ondisk->options.order;
1116 		rbd_init_layout(rbd_dev);
1117 	} else {
1118 		ceph_put_snap_context(header->snapc);
1119 		kfree(header->snap_names);
1120 		kfree(header->snap_sizes);
1121 	}
1122 
1123 	/* The remaining fields always get updated (when we refresh) */
1124 
1125 	header->image_size = le64_to_cpu(ondisk->image_size);
1126 	header->snapc = snapc;
1127 	header->snap_names = snap_names;
1128 	header->snap_sizes = snap_sizes;
1129 
1130 	return 0;
1131 out_2big:
1132 	ret = -EIO;
1133 out_err:
1134 	kfree(snap_sizes);
1135 	kfree(snap_names);
1136 	ceph_put_snap_context(snapc);
1137 	kfree(object_prefix);
1138 
1139 	return ret;
1140 }
1141 
1142 static const char *_rbd_dev_v1_snap_name(struct rbd_device *rbd_dev, u32 which)
1143 {
1144 	const char *snap_name;
1145 
1146 	rbd_assert(which < rbd_dev->header.snapc->num_snaps);
1147 
1148 	/* Skip over names until we find the one we are looking for */
1149 
1150 	snap_name = rbd_dev->header.snap_names;
1151 	while (which--)
1152 		snap_name += strlen(snap_name) + 1;
1153 
1154 	return kstrdup(snap_name, GFP_KERNEL);
1155 }
1156 
1157 /*
1158  * Snapshot id comparison function for use with qsort()/bsearch().
1159  * Note that result is for snapshots in *descending* order.
1160  */
1161 static int snapid_compare_reverse(const void *s1, const void *s2)
1162 {
1163 	u64 snap_id1 = *(u64 *)s1;
1164 	u64 snap_id2 = *(u64 *)s2;
1165 
1166 	if (snap_id1 < snap_id2)
1167 		return 1;
1168 	return snap_id1 == snap_id2 ? 0 : -1;
1169 }
1170 
1171 /*
1172  * Search a snapshot context to see if the given snapshot id is
1173  * present.
1174  *
1175  * Returns the position of the snapshot id in the array if it's found,
1176  * or BAD_SNAP_INDEX otherwise.
1177  *
1178  * Note: The snapshot array is in kept sorted (by the osd) in
1179  * reverse order, highest snapshot id first.
1180  */
1181 static u32 rbd_dev_snap_index(struct rbd_device *rbd_dev, u64 snap_id)
1182 {
1183 	struct ceph_snap_context *snapc = rbd_dev->header.snapc;
1184 	u64 *found;
1185 
1186 	found = bsearch(&snap_id, &snapc->snaps, snapc->num_snaps,
1187 				sizeof (snap_id), snapid_compare_reverse);
1188 
1189 	return found ? (u32)(found - &snapc->snaps[0]) : BAD_SNAP_INDEX;
1190 }
1191 
1192 static const char *rbd_dev_v1_snap_name(struct rbd_device *rbd_dev,
1193 					u64 snap_id)
1194 {
1195 	u32 which;
1196 	const char *snap_name;
1197 
1198 	which = rbd_dev_snap_index(rbd_dev, snap_id);
1199 	if (which == BAD_SNAP_INDEX)
1200 		return ERR_PTR(-ENOENT);
1201 
1202 	snap_name = _rbd_dev_v1_snap_name(rbd_dev, which);
1203 	return snap_name ? snap_name : ERR_PTR(-ENOMEM);
1204 }
1205 
1206 static const char *rbd_snap_name(struct rbd_device *rbd_dev, u64 snap_id)
1207 {
1208 	if (snap_id == CEPH_NOSNAP)
1209 		return RBD_SNAP_HEAD_NAME;
1210 
1211 	rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
1212 	if (rbd_dev->image_format == 1)
1213 		return rbd_dev_v1_snap_name(rbd_dev, snap_id);
1214 
1215 	return rbd_dev_v2_snap_name(rbd_dev, snap_id);
1216 }
1217 
1218 static int rbd_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
1219 				u64 *snap_size)
1220 {
1221 	rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
1222 	if (snap_id == CEPH_NOSNAP) {
1223 		*snap_size = rbd_dev->header.image_size;
1224 	} else if (rbd_dev->image_format == 1) {
1225 		u32 which;
1226 
1227 		which = rbd_dev_snap_index(rbd_dev, snap_id);
1228 		if (which == BAD_SNAP_INDEX)
1229 			return -ENOENT;
1230 
1231 		*snap_size = rbd_dev->header.snap_sizes[which];
1232 	} else {
1233 		u64 size = 0;
1234 		int ret;
1235 
1236 		ret = _rbd_dev_v2_snap_size(rbd_dev, snap_id, NULL, &size);
1237 		if (ret)
1238 			return ret;
1239 
1240 		*snap_size = size;
1241 	}
1242 	return 0;
1243 }
1244 
1245 static int rbd_dev_mapping_set(struct rbd_device *rbd_dev)
1246 {
1247 	u64 snap_id = rbd_dev->spec->snap_id;
1248 	u64 size = 0;
1249 	int ret;
1250 
1251 	ret = rbd_snap_size(rbd_dev, snap_id, &size);
1252 	if (ret)
1253 		return ret;
1254 
1255 	rbd_dev->mapping.size = size;
1256 	return 0;
1257 }
1258 
1259 static void rbd_dev_mapping_clear(struct rbd_device *rbd_dev)
1260 {
1261 	rbd_dev->mapping.size = 0;
1262 }
1263 
1264 static void zero_bvec(struct bio_vec *bv)
1265 {
1266 	void *buf;
1267 	unsigned long flags;
1268 
1269 	buf = bvec_kmap_irq(bv, &flags);
1270 	memset(buf, 0, bv->bv_len);
1271 	flush_dcache_page(bv->bv_page);
1272 	bvec_kunmap_irq(buf, &flags);
1273 }
1274 
1275 static void zero_bios(struct ceph_bio_iter *bio_pos, u32 off, u32 bytes)
1276 {
1277 	struct ceph_bio_iter it = *bio_pos;
1278 
1279 	ceph_bio_iter_advance(&it, off);
1280 	ceph_bio_iter_advance_step(&it, bytes, ({
1281 		zero_bvec(&bv);
1282 	}));
1283 }
1284 
1285 static void zero_bvecs(struct ceph_bvec_iter *bvec_pos, u32 off, u32 bytes)
1286 {
1287 	struct ceph_bvec_iter it = *bvec_pos;
1288 
1289 	ceph_bvec_iter_advance(&it, off);
1290 	ceph_bvec_iter_advance_step(&it, bytes, ({
1291 		zero_bvec(&bv);
1292 	}));
1293 }
1294 
1295 /*
1296  * Zero a range in @obj_req data buffer defined by a bio (list) or
1297  * (private) bio_vec array.
1298  *
1299  * @off is relative to the start of the data buffer.
1300  */
1301 static void rbd_obj_zero_range(struct rbd_obj_request *obj_req, u32 off,
1302 			       u32 bytes)
1303 {
1304 	dout("%s %p data buf %u~%u\n", __func__, obj_req, off, bytes);
1305 
1306 	switch (obj_req->img_request->data_type) {
1307 	case OBJ_REQUEST_BIO:
1308 		zero_bios(&obj_req->bio_pos, off, bytes);
1309 		break;
1310 	case OBJ_REQUEST_BVECS:
1311 	case OBJ_REQUEST_OWN_BVECS:
1312 		zero_bvecs(&obj_req->bvec_pos, off, bytes);
1313 		break;
1314 	default:
1315 		BUG();
1316 	}
1317 }
1318 
1319 static void rbd_obj_request_destroy(struct kref *kref);
1320 static void rbd_obj_request_put(struct rbd_obj_request *obj_request)
1321 {
1322 	rbd_assert(obj_request != NULL);
1323 	dout("%s: obj %p (was %d)\n", __func__, obj_request,
1324 		kref_read(&obj_request->kref));
1325 	kref_put(&obj_request->kref, rbd_obj_request_destroy);
1326 }
1327 
1328 static void rbd_img_request_destroy(struct kref *kref);
1329 static void rbd_img_request_put(struct rbd_img_request *img_request)
1330 {
1331 	rbd_assert(img_request != NULL);
1332 	dout("%s: img %p (was %d)\n", __func__, img_request,
1333 		kref_read(&img_request->kref));
1334 	kref_put(&img_request->kref, rbd_img_request_destroy);
1335 }
1336 
1337 static inline void rbd_img_obj_request_add(struct rbd_img_request *img_request,
1338 					struct rbd_obj_request *obj_request)
1339 {
1340 	rbd_assert(obj_request->img_request == NULL);
1341 
1342 	/* Image request now owns object's original reference */
1343 	obj_request->img_request = img_request;
1344 	dout("%s: img %p obj %p\n", __func__, img_request, obj_request);
1345 }
1346 
1347 static inline void rbd_img_obj_request_del(struct rbd_img_request *img_request,
1348 					struct rbd_obj_request *obj_request)
1349 {
1350 	dout("%s: img %p obj %p\n", __func__, img_request, obj_request);
1351 	list_del(&obj_request->ex.oe_item);
1352 	rbd_assert(obj_request->img_request == img_request);
1353 	rbd_obj_request_put(obj_request);
1354 }
1355 
1356 static void rbd_osd_submit(struct ceph_osd_request *osd_req)
1357 {
1358 	struct rbd_obj_request *obj_req = osd_req->r_priv;
1359 
1360 	dout("%s osd_req %p for obj_req %p objno %llu %llu~%llu\n",
1361 	     __func__, osd_req, obj_req, obj_req->ex.oe_objno,
1362 	     obj_req->ex.oe_off, obj_req->ex.oe_len);
1363 	ceph_osdc_start_request(osd_req->r_osdc, osd_req, false);
1364 }
1365 
1366 /*
1367  * The default/initial value for all image request flags is 0.  Each
1368  * is conditionally set to 1 at image request initialization time
1369  * and currently never change thereafter.
1370  */
1371 static void img_request_layered_set(struct rbd_img_request *img_request)
1372 {
1373 	set_bit(IMG_REQ_LAYERED, &img_request->flags);
1374 	smp_mb();
1375 }
1376 
1377 static void img_request_layered_clear(struct rbd_img_request *img_request)
1378 {
1379 	clear_bit(IMG_REQ_LAYERED, &img_request->flags);
1380 	smp_mb();
1381 }
1382 
1383 static bool img_request_layered_test(struct rbd_img_request *img_request)
1384 {
1385 	smp_mb();
1386 	return test_bit(IMG_REQ_LAYERED, &img_request->flags) != 0;
1387 }
1388 
1389 static bool rbd_obj_is_entire(struct rbd_obj_request *obj_req)
1390 {
1391 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
1392 
1393 	return !obj_req->ex.oe_off &&
1394 	       obj_req->ex.oe_len == rbd_dev->layout.object_size;
1395 }
1396 
1397 static bool rbd_obj_is_tail(struct rbd_obj_request *obj_req)
1398 {
1399 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
1400 
1401 	return obj_req->ex.oe_off + obj_req->ex.oe_len ==
1402 					rbd_dev->layout.object_size;
1403 }
1404 
1405 /*
1406  * Must be called after rbd_obj_calc_img_extents().
1407  */
1408 static bool rbd_obj_copyup_enabled(struct rbd_obj_request *obj_req)
1409 {
1410 	if (!obj_req->num_img_extents ||
1411 	    (rbd_obj_is_entire(obj_req) &&
1412 	     !obj_req->img_request->snapc->num_snaps))
1413 		return false;
1414 
1415 	return true;
1416 }
1417 
1418 static u64 rbd_obj_img_extents_bytes(struct rbd_obj_request *obj_req)
1419 {
1420 	return ceph_file_extents_bytes(obj_req->img_extents,
1421 				       obj_req->num_img_extents);
1422 }
1423 
1424 static bool rbd_img_is_write(struct rbd_img_request *img_req)
1425 {
1426 	switch (img_req->op_type) {
1427 	case OBJ_OP_READ:
1428 		return false;
1429 	case OBJ_OP_WRITE:
1430 	case OBJ_OP_DISCARD:
1431 	case OBJ_OP_ZEROOUT:
1432 		return true;
1433 	default:
1434 		BUG();
1435 	}
1436 }
1437 
1438 static void rbd_osd_req_callback(struct ceph_osd_request *osd_req)
1439 {
1440 	struct rbd_obj_request *obj_req = osd_req->r_priv;
1441 	int result;
1442 
1443 	dout("%s osd_req %p result %d for obj_req %p\n", __func__, osd_req,
1444 	     osd_req->r_result, obj_req);
1445 
1446 	/*
1447 	 * Writes aren't allowed to return a data payload.  In some
1448 	 * guarded write cases (e.g. stat + zero on an empty object)
1449 	 * a stat response makes it through, but we don't care.
1450 	 */
1451 	if (osd_req->r_result > 0 && rbd_img_is_write(obj_req->img_request))
1452 		result = 0;
1453 	else
1454 		result = osd_req->r_result;
1455 
1456 	rbd_obj_handle_request(obj_req, result);
1457 }
1458 
1459 static void rbd_osd_format_read(struct ceph_osd_request *osd_req)
1460 {
1461 	struct rbd_obj_request *obj_request = osd_req->r_priv;
1462 
1463 	osd_req->r_flags = CEPH_OSD_FLAG_READ;
1464 	osd_req->r_snapid = obj_request->img_request->snap_id;
1465 }
1466 
1467 static void rbd_osd_format_write(struct ceph_osd_request *osd_req)
1468 {
1469 	struct rbd_obj_request *obj_request = osd_req->r_priv;
1470 
1471 	osd_req->r_flags = CEPH_OSD_FLAG_WRITE;
1472 	ktime_get_real_ts64(&osd_req->r_mtime);
1473 	osd_req->r_data_offset = obj_request->ex.oe_off;
1474 }
1475 
1476 static struct ceph_osd_request *
1477 __rbd_obj_add_osd_request(struct rbd_obj_request *obj_req,
1478 			  struct ceph_snap_context *snapc, int num_ops)
1479 {
1480 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
1481 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
1482 	struct ceph_osd_request *req;
1483 	const char *name_format = rbd_dev->image_format == 1 ?
1484 				      RBD_V1_DATA_FORMAT : RBD_V2_DATA_FORMAT;
1485 	int ret;
1486 
1487 	req = ceph_osdc_alloc_request(osdc, snapc, num_ops, false, GFP_NOIO);
1488 	if (!req)
1489 		return ERR_PTR(-ENOMEM);
1490 
1491 	list_add_tail(&req->r_private_item, &obj_req->osd_reqs);
1492 	req->r_callback = rbd_osd_req_callback;
1493 	req->r_priv = obj_req;
1494 
1495 	/*
1496 	 * Data objects may be stored in a separate pool, but always in
1497 	 * the same namespace in that pool as the header in its pool.
1498 	 */
1499 	ceph_oloc_copy(&req->r_base_oloc, &rbd_dev->header_oloc);
1500 	req->r_base_oloc.pool = rbd_dev->layout.pool_id;
1501 
1502 	ret = ceph_oid_aprintf(&req->r_base_oid, GFP_NOIO, name_format,
1503 			       rbd_dev->header.object_prefix,
1504 			       obj_req->ex.oe_objno);
1505 	if (ret)
1506 		return ERR_PTR(ret);
1507 
1508 	return req;
1509 }
1510 
1511 static struct ceph_osd_request *
1512 rbd_obj_add_osd_request(struct rbd_obj_request *obj_req, int num_ops)
1513 {
1514 	return __rbd_obj_add_osd_request(obj_req, obj_req->img_request->snapc,
1515 					 num_ops);
1516 }
1517 
1518 static struct rbd_obj_request *rbd_obj_request_create(void)
1519 {
1520 	struct rbd_obj_request *obj_request;
1521 
1522 	obj_request = kmem_cache_zalloc(rbd_obj_request_cache, GFP_NOIO);
1523 	if (!obj_request)
1524 		return NULL;
1525 
1526 	ceph_object_extent_init(&obj_request->ex);
1527 	INIT_LIST_HEAD(&obj_request->osd_reqs);
1528 	mutex_init(&obj_request->state_mutex);
1529 	kref_init(&obj_request->kref);
1530 
1531 	dout("%s %p\n", __func__, obj_request);
1532 	return obj_request;
1533 }
1534 
1535 static void rbd_obj_request_destroy(struct kref *kref)
1536 {
1537 	struct rbd_obj_request *obj_request;
1538 	struct ceph_osd_request *osd_req;
1539 	u32 i;
1540 
1541 	obj_request = container_of(kref, struct rbd_obj_request, kref);
1542 
1543 	dout("%s: obj %p\n", __func__, obj_request);
1544 
1545 	while (!list_empty(&obj_request->osd_reqs)) {
1546 		osd_req = list_first_entry(&obj_request->osd_reqs,
1547 				    struct ceph_osd_request, r_private_item);
1548 		list_del_init(&osd_req->r_private_item);
1549 		ceph_osdc_put_request(osd_req);
1550 	}
1551 
1552 	switch (obj_request->img_request->data_type) {
1553 	case OBJ_REQUEST_NODATA:
1554 	case OBJ_REQUEST_BIO:
1555 	case OBJ_REQUEST_BVECS:
1556 		break;		/* Nothing to do */
1557 	case OBJ_REQUEST_OWN_BVECS:
1558 		kfree(obj_request->bvec_pos.bvecs);
1559 		break;
1560 	default:
1561 		BUG();
1562 	}
1563 
1564 	kfree(obj_request->img_extents);
1565 	if (obj_request->copyup_bvecs) {
1566 		for (i = 0; i < obj_request->copyup_bvec_count; i++) {
1567 			if (obj_request->copyup_bvecs[i].bv_page)
1568 				__free_page(obj_request->copyup_bvecs[i].bv_page);
1569 		}
1570 		kfree(obj_request->copyup_bvecs);
1571 	}
1572 
1573 	kmem_cache_free(rbd_obj_request_cache, obj_request);
1574 }
1575 
1576 /* It's OK to call this for a device with no parent */
1577 
1578 static void rbd_spec_put(struct rbd_spec *spec);
1579 static void rbd_dev_unparent(struct rbd_device *rbd_dev)
1580 {
1581 	rbd_dev_remove_parent(rbd_dev);
1582 	rbd_spec_put(rbd_dev->parent_spec);
1583 	rbd_dev->parent_spec = NULL;
1584 	rbd_dev->parent_overlap = 0;
1585 }
1586 
1587 /*
1588  * Parent image reference counting is used to determine when an
1589  * image's parent fields can be safely torn down--after there are no
1590  * more in-flight requests to the parent image.  When the last
1591  * reference is dropped, cleaning them up is safe.
1592  */
1593 static void rbd_dev_parent_put(struct rbd_device *rbd_dev)
1594 {
1595 	int counter;
1596 
1597 	if (!rbd_dev->parent_spec)
1598 		return;
1599 
1600 	counter = atomic_dec_return_safe(&rbd_dev->parent_ref);
1601 	if (counter > 0)
1602 		return;
1603 
1604 	/* Last reference; clean up parent data structures */
1605 
1606 	if (!counter)
1607 		rbd_dev_unparent(rbd_dev);
1608 	else
1609 		rbd_warn(rbd_dev, "parent reference underflow");
1610 }
1611 
1612 /*
1613  * If an image has a non-zero parent overlap, get a reference to its
1614  * parent.
1615  *
1616  * Returns true if the rbd device has a parent with a non-zero
1617  * overlap and a reference for it was successfully taken, or
1618  * false otherwise.
1619  */
1620 static bool rbd_dev_parent_get(struct rbd_device *rbd_dev)
1621 {
1622 	int counter = 0;
1623 
1624 	if (!rbd_dev->parent_spec)
1625 		return false;
1626 
1627 	down_read(&rbd_dev->header_rwsem);
1628 	if (rbd_dev->parent_overlap)
1629 		counter = atomic_inc_return_safe(&rbd_dev->parent_ref);
1630 	up_read(&rbd_dev->header_rwsem);
1631 
1632 	if (counter < 0)
1633 		rbd_warn(rbd_dev, "parent reference overflow");
1634 
1635 	return counter > 0;
1636 }
1637 
1638 /*
1639  * Caller is responsible for filling in the list of object requests
1640  * that comprises the image request, and the Linux request pointer
1641  * (if there is one).
1642  */
1643 static struct rbd_img_request *rbd_img_request_create(
1644 					struct rbd_device *rbd_dev,
1645 					enum obj_operation_type op_type,
1646 					struct ceph_snap_context *snapc)
1647 {
1648 	struct rbd_img_request *img_request;
1649 
1650 	img_request = kmem_cache_zalloc(rbd_img_request_cache, GFP_NOIO);
1651 	if (!img_request)
1652 		return NULL;
1653 
1654 	img_request->rbd_dev = rbd_dev;
1655 	img_request->op_type = op_type;
1656 	if (!rbd_img_is_write(img_request))
1657 		img_request->snap_id = rbd_dev->spec->snap_id;
1658 	else
1659 		img_request->snapc = snapc;
1660 
1661 	if (rbd_dev_parent_get(rbd_dev))
1662 		img_request_layered_set(img_request);
1663 
1664 	INIT_LIST_HEAD(&img_request->lock_item);
1665 	INIT_LIST_HEAD(&img_request->object_extents);
1666 	mutex_init(&img_request->state_mutex);
1667 	kref_init(&img_request->kref);
1668 
1669 	return img_request;
1670 }
1671 
1672 static void rbd_img_request_destroy(struct kref *kref)
1673 {
1674 	struct rbd_img_request *img_request;
1675 	struct rbd_obj_request *obj_request;
1676 	struct rbd_obj_request *next_obj_request;
1677 
1678 	img_request = container_of(kref, struct rbd_img_request, kref);
1679 
1680 	dout("%s: img %p\n", __func__, img_request);
1681 
1682 	WARN_ON(!list_empty(&img_request->lock_item));
1683 	for_each_obj_request_safe(img_request, obj_request, next_obj_request)
1684 		rbd_img_obj_request_del(img_request, obj_request);
1685 
1686 	if (img_request_layered_test(img_request)) {
1687 		img_request_layered_clear(img_request);
1688 		rbd_dev_parent_put(img_request->rbd_dev);
1689 	}
1690 
1691 	if (rbd_img_is_write(img_request))
1692 		ceph_put_snap_context(img_request->snapc);
1693 
1694 	kmem_cache_free(rbd_img_request_cache, img_request);
1695 }
1696 
1697 #define BITS_PER_OBJ	2
1698 #define OBJS_PER_BYTE	(BITS_PER_BYTE / BITS_PER_OBJ)
1699 #define OBJ_MASK	((1 << BITS_PER_OBJ) - 1)
1700 
1701 static void __rbd_object_map_index(struct rbd_device *rbd_dev, u64 objno,
1702 				   u64 *index, u8 *shift)
1703 {
1704 	u32 off;
1705 
1706 	rbd_assert(objno < rbd_dev->object_map_size);
1707 	*index = div_u64_rem(objno, OBJS_PER_BYTE, &off);
1708 	*shift = (OBJS_PER_BYTE - off - 1) * BITS_PER_OBJ;
1709 }
1710 
1711 static u8 __rbd_object_map_get(struct rbd_device *rbd_dev, u64 objno)
1712 {
1713 	u64 index;
1714 	u8 shift;
1715 
1716 	lockdep_assert_held(&rbd_dev->object_map_lock);
1717 	__rbd_object_map_index(rbd_dev, objno, &index, &shift);
1718 	return (rbd_dev->object_map[index] >> shift) & OBJ_MASK;
1719 }
1720 
1721 static void __rbd_object_map_set(struct rbd_device *rbd_dev, u64 objno, u8 val)
1722 {
1723 	u64 index;
1724 	u8 shift;
1725 	u8 *p;
1726 
1727 	lockdep_assert_held(&rbd_dev->object_map_lock);
1728 	rbd_assert(!(val & ~OBJ_MASK));
1729 
1730 	__rbd_object_map_index(rbd_dev, objno, &index, &shift);
1731 	p = &rbd_dev->object_map[index];
1732 	*p = (*p & ~(OBJ_MASK << shift)) | (val << shift);
1733 }
1734 
1735 static u8 rbd_object_map_get(struct rbd_device *rbd_dev, u64 objno)
1736 {
1737 	u8 state;
1738 
1739 	spin_lock(&rbd_dev->object_map_lock);
1740 	state = __rbd_object_map_get(rbd_dev, objno);
1741 	spin_unlock(&rbd_dev->object_map_lock);
1742 	return state;
1743 }
1744 
1745 static bool use_object_map(struct rbd_device *rbd_dev)
1746 {
1747 	/*
1748 	 * An image mapped read-only can't use the object map -- it isn't
1749 	 * loaded because the header lock isn't acquired.  Someone else can
1750 	 * write to the image and update the object map behind our back.
1751 	 *
1752 	 * A snapshot can't be written to, so using the object map is always
1753 	 * safe.
1754 	 */
1755 	if (!rbd_is_snap(rbd_dev) && rbd_is_ro(rbd_dev))
1756 		return false;
1757 
1758 	return ((rbd_dev->header.features & RBD_FEATURE_OBJECT_MAP) &&
1759 		!(rbd_dev->object_map_flags & RBD_FLAG_OBJECT_MAP_INVALID));
1760 }
1761 
1762 static bool rbd_object_map_may_exist(struct rbd_device *rbd_dev, u64 objno)
1763 {
1764 	u8 state;
1765 
1766 	/* fall back to default logic if object map is disabled or invalid */
1767 	if (!use_object_map(rbd_dev))
1768 		return true;
1769 
1770 	state = rbd_object_map_get(rbd_dev, objno);
1771 	return state != OBJECT_NONEXISTENT;
1772 }
1773 
1774 static void rbd_object_map_name(struct rbd_device *rbd_dev, u64 snap_id,
1775 				struct ceph_object_id *oid)
1776 {
1777 	if (snap_id == CEPH_NOSNAP)
1778 		ceph_oid_printf(oid, "%s%s", RBD_OBJECT_MAP_PREFIX,
1779 				rbd_dev->spec->image_id);
1780 	else
1781 		ceph_oid_printf(oid, "%s%s.%016llx", RBD_OBJECT_MAP_PREFIX,
1782 				rbd_dev->spec->image_id, snap_id);
1783 }
1784 
1785 static int rbd_object_map_lock(struct rbd_device *rbd_dev)
1786 {
1787 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
1788 	CEPH_DEFINE_OID_ONSTACK(oid);
1789 	u8 lock_type;
1790 	char *lock_tag;
1791 	struct ceph_locker *lockers;
1792 	u32 num_lockers;
1793 	bool broke_lock = false;
1794 	int ret;
1795 
1796 	rbd_object_map_name(rbd_dev, CEPH_NOSNAP, &oid);
1797 
1798 again:
1799 	ret = ceph_cls_lock(osdc, &oid, &rbd_dev->header_oloc, RBD_LOCK_NAME,
1800 			    CEPH_CLS_LOCK_EXCLUSIVE, "", "", "", 0);
1801 	if (ret != -EBUSY || broke_lock) {
1802 		if (ret == -EEXIST)
1803 			ret = 0; /* already locked by myself */
1804 		if (ret)
1805 			rbd_warn(rbd_dev, "failed to lock object map: %d", ret);
1806 		return ret;
1807 	}
1808 
1809 	ret = ceph_cls_lock_info(osdc, &oid, &rbd_dev->header_oloc,
1810 				 RBD_LOCK_NAME, &lock_type, &lock_tag,
1811 				 &lockers, &num_lockers);
1812 	if (ret) {
1813 		if (ret == -ENOENT)
1814 			goto again;
1815 
1816 		rbd_warn(rbd_dev, "failed to get object map lockers: %d", ret);
1817 		return ret;
1818 	}
1819 
1820 	kfree(lock_tag);
1821 	if (num_lockers == 0)
1822 		goto again;
1823 
1824 	rbd_warn(rbd_dev, "breaking object map lock owned by %s%llu",
1825 		 ENTITY_NAME(lockers[0].id.name));
1826 
1827 	ret = ceph_cls_break_lock(osdc, &oid, &rbd_dev->header_oloc,
1828 				  RBD_LOCK_NAME, lockers[0].id.cookie,
1829 				  &lockers[0].id.name);
1830 	ceph_free_lockers(lockers, num_lockers);
1831 	if (ret) {
1832 		if (ret == -ENOENT)
1833 			goto again;
1834 
1835 		rbd_warn(rbd_dev, "failed to break object map lock: %d", ret);
1836 		return ret;
1837 	}
1838 
1839 	broke_lock = true;
1840 	goto again;
1841 }
1842 
1843 static void rbd_object_map_unlock(struct rbd_device *rbd_dev)
1844 {
1845 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
1846 	CEPH_DEFINE_OID_ONSTACK(oid);
1847 	int ret;
1848 
1849 	rbd_object_map_name(rbd_dev, CEPH_NOSNAP, &oid);
1850 
1851 	ret = ceph_cls_unlock(osdc, &oid, &rbd_dev->header_oloc, RBD_LOCK_NAME,
1852 			      "");
1853 	if (ret && ret != -ENOENT)
1854 		rbd_warn(rbd_dev, "failed to unlock object map: %d", ret);
1855 }
1856 
1857 static int decode_object_map_header(void **p, void *end, u64 *object_map_size)
1858 {
1859 	u8 struct_v;
1860 	u32 struct_len;
1861 	u32 header_len;
1862 	void *header_end;
1863 	int ret;
1864 
1865 	ceph_decode_32_safe(p, end, header_len, e_inval);
1866 	header_end = *p + header_len;
1867 
1868 	ret = ceph_start_decoding(p, end, 1, "BitVector header", &struct_v,
1869 				  &struct_len);
1870 	if (ret)
1871 		return ret;
1872 
1873 	ceph_decode_64_safe(p, end, *object_map_size, e_inval);
1874 
1875 	*p = header_end;
1876 	return 0;
1877 
1878 e_inval:
1879 	return -EINVAL;
1880 }
1881 
1882 static int __rbd_object_map_load(struct rbd_device *rbd_dev)
1883 {
1884 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
1885 	CEPH_DEFINE_OID_ONSTACK(oid);
1886 	struct page **pages;
1887 	void *p, *end;
1888 	size_t reply_len;
1889 	u64 num_objects;
1890 	u64 object_map_bytes;
1891 	u64 object_map_size;
1892 	int num_pages;
1893 	int ret;
1894 
1895 	rbd_assert(!rbd_dev->object_map && !rbd_dev->object_map_size);
1896 
1897 	num_objects = ceph_get_num_objects(&rbd_dev->layout,
1898 					   rbd_dev->mapping.size);
1899 	object_map_bytes = DIV_ROUND_UP_ULL(num_objects * BITS_PER_OBJ,
1900 					    BITS_PER_BYTE);
1901 	num_pages = calc_pages_for(0, object_map_bytes) + 1;
1902 	pages = ceph_alloc_page_vector(num_pages, GFP_KERNEL);
1903 	if (IS_ERR(pages))
1904 		return PTR_ERR(pages);
1905 
1906 	reply_len = num_pages * PAGE_SIZE;
1907 	rbd_object_map_name(rbd_dev, rbd_dev->spec->snap_id, &oid);
1908 	ret = ceph_osdc_call(osdc, &oid, &rbd_dev->header_oloc,
1909 			     "rbd", "object_map_load", CEPH_OSD_FLAG_READ,
1910 			     NULL, 0, pages, &reply_len);
1911 	if (ret)
1912 		goto out;
1913 
1914 	p = page_address(pages[0]);
1915 	end = p + min(reply_len, (size_t)PAGE_SIZE);
1916 	ret = decode_object_map_header(&p, end, &object_map_size);
1917 	if (ret)
1918 		goto out;
1919 
1920 	if (object_map_size != num_objects) {
1921 		rbd_warn(rbd_dev, "object map size mismatch: %llu vs %llu",
1922 			 object_map_size, num_objects);
1923 		ret = -EINVAL;
1924 		goto out;
1925 	}
1926 
1927 	if (offset_in_page(p) + object_map_bytes > reply_len) {
1928 		ret = -EINVAL;
1929 		goto out;
1930 	}
1931 
1932 	rbd_dev->object_map = kvmalloc(object_map_bytes, GFP_KERNEL);
1933 	if (!rbd_dev->object_map) {
1934 		ret = -ENOMEM;
1935 		goto out;
1936 	}
1937 
1938 	rbd_dev->object_map_size = object_map_size;
1939 	ceph_copy_from_page_vector(pages, rbd_dev->object_map,
1940 				   offset_in_page(p), object_map_bytes);
1941 
1942 out:
1943 	ceph_release_page_vector(pages, num_pages);
1944 	return ret;
1945 }
1946 
1947 static void rbd_object_map_free(struct rbd_device *rbd_dev)
1948 {
1949 	kvfree(rbd_dev->object_map);
1950 	rbd_dev->object_map = NULL;
1951 	rbd_dev->object_map_size = 0;
1952 }
1953 
1954 static int rbd_object_map_load(struct rbd_device *rbd_dev)
1955 {
1956 	int ret;
1957 
1958 	ret = __rbd_object_map_load(rbd_dev);
1959 	if (ret)
1960 		return ret;
1961 
1962 	ret = rbd_dev_v2_get_flags(rbd_dev);
1963 	if (ret) {
1964 		rbd_object_map_free(rbd_dev);
1965 		return ret;
1966 	}
1967 
1968 	if (rbd_dev->object_map_flags & RBD_FLAG_OBJECT_MAP_INVALID)
1969 		rbd_warn(rbd_dev, "object map is invalid");
1970 
1971 	return 0;
1972 }
1973 
1974 static int rbd_object_map_open(struct rbd_device *rbd_dev)
1975 {
1976 	int ret;
1977 
1978 	ret = rbd_object_map_lock(rbd_dev);
1979 	if (ret)
1980 		return ret;
1981 
1982 	ret = rbd_object_map_load(rbd_dev);
1983 	if (ret) {
1984 		rbd_object_map_unlock(rbd_dev);
1985 		return ret;
1986 	}
1987 
1988 	return 0;
1989 }
1990 
1991 static void rbd_object_map_close(struct rbd_device *rbd_dev)
1992 {
1993 	rbd_object_map_free(rbd_dev);
1994 	rbd_object_map_unlock(rbd_dev);
1995 }
1996 
1997 /*
1998  * This function needs snap_id (or more precisely just something to
1999  * distinguish between HEAD and snapshot object maps), new_state and
2000  * current_state that were passed to rbd_object_map_update().
2001  *
2002  * To avoid allocating and stashing a context we piggyback on the OSD
2003  * request.  A HEAD update has two ops (assert_locked).  For new_state
2004  * and current_state we decode our own object_map_update op, encoded in
2005  * rbd_cls_object_map_update().
2006  */
2007 static int rbd_object_map_update_finish(struct rbd_obj_request *obj_req,
2008 					struct ceph_osd_request *osd_req)
2009 {
2010 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
2011 	struct ceph_osd_data *osd_data;
2012 	u64 objno;
2013 	u8 state, new_state, uninitialized_var(current_state);
2014 	bool has_current_state;
2015 	void *p;
2016 
2017 	if (osd_req->r_result)
2018 		return osd_req->r_result;
2019 
2020 	/*
2021 	 * Nothing to do for a snapshot object map.
2022 	 */
2023 	if (osd_req->r_num_ops == 1)
2024 		return 0;
2025 
2026 	/*
2027 	 * Update in-memory HEAD object map.
2028 	 */
2029 	rbd_assert(osd_req->r_num_ops == 2);
2030 	osd_data = osd_req_op_data(osd_req, 1, cls, request_data);
2031 	rbd_assert(osd_data->type == CEPH_OSD_DATA_TYPE_PAGES);
2032 
2033 	p = page_address(osd_data->pages[0]);
2034 	objno = ceph_decode_64(&p);
2035 	rbd_assert(objno == obj_req->ex.oe_objno);
2036 	rbd_assert(ceph_decode_64(&p) == objno + 1);
2037 	new_state = ceph_decode_8(&p);
2038 	has_current_state = ceph_decode_8(&p);
2039 	if (has_current_state)
2040 		current_state = ceph_decode_8(&p);
2041 
2042 	spin_lock(&rbd_dev->object_map_lock);
2043 	state = __rbd_object_map_get(rbd_dev, objno);
2044 	if (!has_current_state || current_state == state ||
2045 	    (current_state == OBJECT_EXISTS && state == OBJECT_EXISTS_CLEAN))
2046 		__rbd_object_map_set(rbd_dev, objno, new_state);
2047 	spin_unlock(&rbd_dev->object_map_lock);
2048 
2049 	return 0;
2050 }
2051 
2052 static void rbd_object_map_callback(struct ceph_osd_request *osd_req)
2053 {
2054 	struct rbd_obj_request *obj_req = osd_req->r_priv;
2055 	int result;
2056 
2057 	dout("%s osd_req %p result %d for obj_req %p\n", __func__, osd_req,
2058 	     osd_req->r_result, obj_req);
2059 
2060 	result = rbd_object_map_update_finish(obj_req, osd_req);
2061 	rbd_obj_handle_request(obj_req, result);
2062 }
2063 
2064 static bool update_needed(struct rbd_device *rbd_dev, u64 objno, u8 new_state)
2065 {
2066 	u8 state = rbd_object_map_get(rbd_dev, objno);
2067 
2068 	if (state == new_state ||
2069 	    (new_state == OBJECT_PENDING && state == OBJECT_NONEXISTENT) ||
2070 	    (new_state == OBJECT_NONEXISTENT && state != OBJECT_PENDING))
2071 		return false;
2072 
2073 	return true;
2074 }
2075 
2076 static int rbd_cls_object_map_update(struct ceph_osd_request *req,
2077 				     int which, u64 objno, u8 new_state,
2078 				     const u8 *current_state)
2079 {
2080 	struct page **pages;
2081 	void *p, *start;
2082 	int ret;
2083 
2084 	ret = osd_req_op_cls_init(req, which, "rbd", "object_map_update");
2085 	if (ret)
2086 		return ret;
2087 
2088 	pages = ceph_alloc_page_vector(1, GFP_NOIO);
2089 	if (IS_ERR(pages))
2090 		return PTR_ERR(pages);
2091 
2092 	p = start = page_address(pages[0]);
2093 	ceph_encode_64(&p, objno);
2094 	ceph_encode_64(&p, objno + 1);
2095 	ceph_encode_8(&p, new_state);
2096 	if (current_state) {
2097 		ceph_encode_8(&p, 1);
2098 		ceph_encode_8(&p, *current_state);
2099 	} else {
2100 		ceph_encode_8(&p, 0);
2101 	}
2102 
2103 	osd_req_op_cls_request_data_pages(req, which, pages, p - start, 0,
2104 					  false, true);
2105 	return 0;
2106 }
2107 
2108 /*
2109  * Return:
2110  *   0 - object map update sent
2111  *   1 - object map update isn't needed
2112  *  <0 - error
2113  */
2114 static int rbd_object_map_update(struct rbd_obj_request *obj_req, u64 snap_id,
2115 				 u8 new_state, const u8 *current_state)
2116 {
2117 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
2118 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
2119 	struct ceph_osd_request *req;
2120 	int num_ops = 1;
2121 	int which = 0;
2122 	int ret;
2123 
2124 	if (snap_id == CEPH_NOSNAP) {
2125 		if (!update_needed(rbd_dev, obj_req->ex.oe_objno, new_state))
2126 			return 1;
2127 
2128 		num_ops++; /* assert_locked */
2129 	}
2130 
2131 	req = ceph_osdc_alloc_request(osdc, NULL, num_ops, false, GFP_NOIO);
2132 	if (!req)
2133 		return -ENOMEM;
2134 
2135 	list_add_tail(&req->r_private_item, &obj_req->osd_reqs);
2136 	req->r_callback = rbd_object_map_callback;
2137 	req->r_priv = obj_req;
2138 
2139 	rbd_object_map_name(rbd_dev, snap_id, &req->r_base_oid);
2140 	ceph_oloc_copy(&req->r_base_oloc, &rbd_dev->header_oloc);
2141 	req->r_flags = CEPH_OSD_FLAG_WRITE;
2142 	ktime_get_real_ts64(&req->r_mtime);
2143 
2144 	if (snap_id == CEPH_NOSNAP) {
2145 		/*
2146 		 * Protect against possible race conditions during lock
2147 		 * ownership transitions.
2148 		 */
2149 		ret = ceph_cls_assert_locked(req, which++, RBD_LOCK_NAME,
2150 					     CEPH_CLS_LOCK_EXCLUSIVE, "", "");
2151 		if (ret)
2152 			return ret;
2153 	}
2154 
2155 	ret = rbd_cls_object_map_update(req, which, obj_req->ex.oe_objno,
2156 					new_state, current_state);
2157 	if (ret)
2158 		return ret;
2159 
2160 	ret = ceph_osdc_alloc_messages(req, GFP_NOIO);
2161 	if (ret)
2162 		return ret;
2163 
2164 	ceph_osdc_start_request(osdc, req, false);
2165 	return 0;
2166 }
2167 
2168 static void prune_extents(struct ceph_file_extent *img_extents,
2169 			  u32 *num_img_extents, u64 overlap)
2170 {
2171 	u32 cnt = *num_img_extents;
2172 
2173 	/* drop extents completely beyond the overlap */
2174 	while (cnt && img_extents[cnt - 1].fe_off >= overlap)
2175 		cnt--;
2176 
2177 	if (cnt) {
2178 		struct ceph_file_extent *ex = &img_extents[cnt - 1];
2179 
2180 		/* trim final overlapping extent */
2181 		if (ex->fe_off + ex->fe_len > overlap)
2182 			ex->fe_len = overlap - ex->fe_off;
2183 	}
2184 
2185 	*num_img_extents = cnt;
2186 }
2187 
2188 /*
2189  * Determine the byte range(s) covered by either just the object extent
2190  * or the entire object in the parent image.
2191  */
2192 static int rbd_obj_calc_img_extents(struct rbd_obj_request *obj_req,
2193 				    bool entire)
2194 {
2195 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
2196 	int ret;
2197 
2198 	if (!rbd_dev->parent_overlap)
2199 		return 0;
2200 
2201 	ret = ceph_extent_to_file(&rbd_dev->layout, obj_req->ex.oe_objno,
2202 				  entire ? 0 : obj_req->ex.oe_off,
2203 				  entire ? rbd_dev->layout.object_size :
2204 							obj_req->ex.oe_len,
2205 				  &obj_req->img_extents,
2206 				  &obj_req->num_img_extents);
2207 	if (ret)
2208 		return ret;
2209 
2210 	prune_extents(obj_req->img_extents, &obj_req->num_img_extents,
2211 		      rbd_dev->parent_overlap);
2212 	return 0;
2213 }
2214 
2215 static void rbd_osd_setup_data(struct ceph_osd_request *osd_req, int which)
2216 {
2217 	struct rbd_obj_request *obj_req = osd_req->r_priv;
2218 
2219 	switch (obj_req->img_request->data_type) {
2220 	case OBJ_REQUEST_BIO:
2221 		osd_req_op_extent_osd_data_bio(osd_req, which,
2222 					       &obj_req->bio_pos,
2223 					       obj_req->ex.oe_len);
2224 		break;
2225 	case OBJ_REQUEST_BVECS:
2226 	case OBJ_REQUEST_OWN_BVECS:
2227 		rbd_assert(obj_req->bvec_pos.iter.bi_size ==
2228 							obj_req->ex.oe_len);
2229 		rbd_assert(obj_req->bvec_idx == obj_req->bvec_count);
2230 		osd_req_op_extent_osd_data_bvec_pos(osd_req, which,
2231 						    &obj_req->bvec_pos);
2232 		break;
2233 	default:
2234 		BUG();
2235 	}
2236 }
2237 
2238 static int rbd_osd_setup_stat(struct ceph_osd_request *osd_req, int which)
2239 {
2240 	struct page **pages;
2241 
2242 	/*
2243 	 * The response data for a STAT call consists of:
2244 	 *     le64 length;
2245 	 *     struct {
2246 	 *         le32 tv_sec;
2247 	 *         le32 tv_nsec;
2248 	 *     } mtime;
2249 	 */
2250 	pages = ceph_alloc_page_vector(1, GFP_NOIO);
2251 	if (IS_ERR(pages))
2252 		return PTR_ERR(pages);
2253 
2254 	osd_req_op_init(osd_req, which, CEPH_OSD_OP_STAT, 0);
2255 	osd_req_op_raw_data_in_pages(osd_req, which, pages,
2256 				     8 + sizeof(struct ceph_timespec),
2257 				     0, false, true);
2258 	return 0;
2259 }
2260 
2261 static int rbd_osd_setup_copyup(struct ceph_osd_request *osd_req, int which,
2262 				u32 bytes)
2263 {
2264 	struct rbd_obj_request *obj_req = osd_req->r_priv;
2265 	int ret;
2266 
2267 	ret = osd_req_op_cls_init(osd_req, which, "rbd", "copyup");
2268 	if (ret)
2269 		return ret;
2270 
2271 	osd_req_op_cls_request_data_bvecs(osd_req, which, obj_req->copyup_bvecs,
2272 					  obj_req->copyup_bvec_count, bytes);
2273 	return 0;
2274 }
2275 
2276 static int rbd_obj_init_read(struct rbd_obj_request *obj_req)
2277 {
2278 	obj_req->read_state = RBD_OBJ_READ_START;
2279 	return 0;
2280 }
2281 
2282 static void __rbd_osd_setup_write_ops(struct ceph_osd_request *osd_req,
2283 				      int which)
2284 {
2285 	struct rbd_obj_request *obj_req = osd_req->r_priv;
2286 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
2287 	u16 opcode;
2288 
2289 	if (!use_object_map(rbd_dev) ||
2290 	    !(obj_req->flags & RBD_OBJ_FLAG_MAY_EXIST)) {
2291 		osd_req_op_alloc_hint_init(osd_req, which++,
2292 					   rbd_dev->layout.object_size,
2293 					   rbd_dev->layout.object_size);
2294 	}
2295 
2296 	if (rbd_obj_is_entire(obj_req))
2297 		opcode = CEPH_OSD_OP_WRITEFULL;
2298 	else
2299 		opcode = CEPH_OSD_OP_WRITE;
2300 
2301 	osd_req_op_extent_init(osd_req, which, opcode,
2302 			       obj_req->ex.oe_off, obj_req->ex.oe_len, 0, 0);
2303 	rbd_osd_setup_data(osd_req, which);
2304 }
2305 
2306 static int rbd_obj_init_write(struct rbd_obj_request *obj_req)
2307 {
2308 	int ret;
2309 
2310 	/* reverse map the entire object onto the parent */
2311 	ret = rbd_obj_calc_img_extents(obj_req, true);
2312 	if (ret)
2313 		return ret;
2314 
2315 	if (rbd_obj_copyup_enabled(obj_req))
2316 		obj_req->flags |= RBD_OBJ_FLAG_COPYUP_ENABLED;
2317 
2318 	obj_req->write_state = RBD_OBJ_WRITE_START;
2319 	return 0;
2320 }
2321 
2322 static u16 truncate_or_zero_opcode(struct rbd_obj_request *obj_req)
2323 {
2324 	return rbd_obj_is_tail(obj_req) ? CEPH_OSD_OP_TRUNCATE :
2325 					  CEPH_OSD_OP_ZERO;
2326 }
2327 
2328 static void __rbd_osd_setup_discard_ops(struct ceph_osd_request *osd_req,
2329 					int which)
2330 {
2331 	struct rbd_obj_request *obj_req = osd_req->r_priv;
2332 
2333 	if (rbd_obj_is_entire(obj_req) && !obj_req->num_img_extents) {
2334 		rbd_assert(obj_req->flags & RBD_OBJ_FLAG_DELETION);
2335 		osd_req_op_init(osd_req, which, CEPH_OSD_OP_DELETE, 0);
2336 	} else {
2337 		osd_req_op_extent_init(osd_req, which,
2338 				       truncate_or_zero_opcode(obj_req),
2339 				       obj_req->ex.oe_off, obj_req->ex.oe_len,
2340 				       0, 0);
2341 	}
2342 }
2343 
2344 static int rbd_obj_init_discard(struct rbd_obj_request *obj_req)
2345 {
2346 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
2347 	u64 off, next_off;
2348 	int ret;
2349 
2350 	/*
2351 	 * Align the range to alloc_size boundary and punt on discards
2352 	 * that are too small to free up any space.
2353 	 *
2354 	 * alloc_size == object_size && is_tail() is a special case for
2355 	 * filestore with filestore_punch_hole = false, needed to allow
2356 	 * truncate (in addition to delete).
2357 	 */
2358 	if (rbd_dev->opts->alloc_size != rbd_dev->layout.object_size ||
2359 	    !rbd_obj_is_tail(obj_req)) {
2360 		off = round_up(obj_req->ex.oe_off, rbd_dev->opts->alloc_size);
2361 		next_off = round_down(obj_req->ex.oe_off + obj_req->ex.oe_len,
2362 				      rbd_dev->opts->alloc_size);
2363 		if (off >= next_off)
2364 			return 1;
2365 
2366 		dout("%s %p %llu~%llu -> %llu~%llu\n", __func__,
2367 		     obj_req, obj_req->ex.oe_off, obj_req->ex.oe_len,
2368 		     off, next_off - off);
2369 		obj_req->ex.oe_off = off;
2370 		obj_req->ex.oe_len = next_off - off;
2371 	}
2372 
2373 	/* reverse map the entire object onto the parent */
2374 	ret = rbd_obj_calc_img_extents(obj_req, true);
2375 	if (ret)
2376 		return ret;
2377 
2378 	obj_req->flags |= RBD_OBJ_FLAG_NOOP_FOR_NONEXISTENT;
2379 	if (rbd_obj_is_entire(obj_req) && !obj_req->num_img_extents)
2380 		obj_req->flags |= RBD_OBJ_FLAG_DELETION;
2381 
2382 	obj_req->write_state = RBD_OBJ_WRITE_START;
2383 	return 0;
2384 }
2385 
2386 static void __rbd_osd_setup_zeroout_ops(struct ceph_osd_request *osd_req,
2387 					int which)
2388 {
2389 	struct rbd_obj_request *obj_req = osd_req->r_priv;
2390 	u16 opcode;
2391 
2392 	if (rbd_obj_is_entire(obj_req)) {
2393 		if (obj_req->num_img_extents) {
2394 			if (!(obj_req->flags & RBD_OBJ_FLAG_COPYUP_ENABLED))
2395 				osd_req_op_init(osd_req, which++,
2396 						CEPH_OSD_OP_CREATE, 0);
2397 			opcode = CEPH_OSD_OP_TRUNCATE;
2398 		} else {
2399 			rbd_assert(obj_req->flags & RBD_OBJ_FLAG_DELETION);
2400 			osd_req_op_init(osd_req, which++,
2401 					CEPH_OSD_OP_DELETE, 0);
2402 			opcode = 0;
2403 		}
2404 	} else {
2405 		opcode = truncate_or_zero_opcode(obj_req);
2406 	}
2407 
2408 	if (opcode)
2409 		osd_req_op_extent_init(osd_req, which, opcode,
2410 				       obj_req->ex.oe_off, obj_req->ex.oe_len,
2411 				       0, 0);
2412 }
2413 
2414 static int rbd_obj_init_zeroout(struct rbd_obj_request *obj_req)
2415 {
2416 	int ret;
2417 
2418 	/* reverse map the entire object onto the parent */
2419 	ret = rbd_obj_calc_img_extents(obj_req, true);
2420 	if (ret)
2421 		return ret;
2422 
2423 	if (rbd_obj_copyup_enabled(obj_req))
2424 		obj_req->flags |= RBD_OBJ_FLAG_COPYUP_ENABLED;
2425 	if (!obj_req->num_img_extents) {
2426 		obj_req->flags |= RBD_OBJ_FLAG_NOOP_FOR_NONEXISTENT;
2427 		if (rbd_obj_is_entire(obj_req))
2428 			obj_req->flags |= RBD_OBJ_FLAG_DELETION;
2429 	}
2430 
2431 	obj_req->write_state = RBD_OBJ_WRITE_START;
2432 	return 0;
2433 }
2434 
2435 static int count_write_ops(struct rbd_obj_request *obj_req)
2436 {
2437 	struct rbd_img_request *img_req = obj_req->img_request;
2438 
2439 	switch (img_req->op_type) {
2440 	case OBJ_OP_WRITE:
2441 		if (!use_object_map(img_req->rbd_dev) ||
2442 		    !(obj_req->flags & RBD_OBJ_FLAG_MAY_EXIST))
2443 			return 2; /* setallochint + write/writefull */
2444 
2445 		return 1; /* write/writefull */
2446 	case OBJ_OP_DISCARD:
2447 		return 1; /* delete/truncate/zero */
2448 	case OBJ_OP_ZEROOUT:
2449 		if (rbd_obj_is_entire(obj_req) && obj_req->num_img_extents &&
2450 		    !(obj_req->flags & RBD_OBJ_FLAG_COPYUP_ENABLED))
2451 			return 2; /* create + truncate */
2452 
2453 		return 1; /* delete/truncate/zero */
2454 	default:
2455 		BUG();
2456 	}
2457 }
2458 
2459 static void rbd_osd_setup_write_ops(struct ceph_osd_request *osd_req,
2460 				    int which)
2461 {
2462 	struct rbd_obj_request *obj_req = osd_req->r_priv;
2463 
2464 	switch (obj_req->img_request->op_type) {
2465 	case OBJ_OP_WRITE:
2466 		__rbd_osd_setup_write_ops(osd_req, which);
2467 		break;
2468 	case OBJ_OP_DISCARD:
2469 		__rbd_osd_setup_discard_ops(osd_req, which);
2470 		break;
2471 	case OBJ_OP_ZEROOUT:
2472 		__rbd_osd_setup_zeroout_ops(osd_req, which);
2473 		break;
2474 	default:
2475 		BUG();
2476 	}
2477 }
2478 
2479 /*
2480  * Prune the list of object requests (adjust offset and/or length, drop
2481  * redundant requests).  Prepare object request state machines and image
2482  * request state machine for execution.
2483  */
2484 static int __rbd_img_fill_request(struct rbd_img_request *img_req)
2485 {
2486 	struct rbd_obj_request *obj_req, *next_obj_req;
2487 	int ret;
2488 
2489 	for_each_obj_request_safe(img_req, obj_req, next_obj_req) {
2490 		switch (img_req->op_type) {
2491 		case OBJ_OP_READ:
2492 			ret = rbd_obj_init_read(obj_req);
2493 			break;
2494 		case OBJ_OP_WRITE:
2495 			ret = rbd_obj_init_write(obj_req);
2496 			break;
2497 		case OBJ_OP_DISCARD:
2498 			ret = rbd_obj_init_discard(obj_req);
2499 			break;
2500 		case OBJ_OP_ZEROOUT:
2501 			ret = rbd_obj_init_zeroout(obj_req);
2502 			break;
2503 		default:
2504 			BUG();
2505 		}
2506 		if (ret < 0)
2507 			return ret;
2508 		if (ret > 0) {
2509 			rbd_img_obj_request_del(img_req, obj_req);
2510 			continue;
2511 		}
2512 	}
2513 
2514 	img_req->state = RBD_IMG_START;
2515 	return 0;
2516 }
2517 
2518 union rbd_img_fill_iter {
2519 	struct ceph_bio_iter	bio_iter;
2520 	struct ceph_bvec_iter	bvec_iter;
2521 };
2522 
2523 struct rbd_img_fill_ctx {
2524 	enum obj_request_type	pos_type;
2525 	union rbd_img_fill_iter	*pos;
2526 	union rbd_img_fill_iter	iter;
2527 	ceph_object_extent_fn_t	set_pos_fn;
2528 	ceph_object_extent_fn_t	count_fn;
2529 	ceph_object_extent_fn_t	copy_fn;
2530 };
2531 
2532 static struct ceph_object_extent *alloc_object_extent(void *arg)
2533 {
2534 	struct rbd_img_request *img_req = arg;
2535 	struct rbd_obj_request *obj_req;
2536 
2537 	obj_req = rbd_obj_request_create();
2538 	if (!obj_req)
2539 		return NULL;
2540 
2541 	rbd_img_obj_request_add(img_req, obj_req);
2542 	return &obj_req->ex;
2543 }
2544 
2545 /*
2546  * While su != os && sc == 1 is technically not fancy (it's the same
2547  * layout as su == os && sc == 1), we can't use the nocopy path for it
2548  * because ->set_pos_fn() should be called only once per object.
2549  * ceph_file_to_extents() invokes action_fn once per stripe unit, so
2550  * treat su != os && sc == 1 as fancy.
2551  */
2552 static bool rbd_layout_is_fancy(struct ceph_file_layout *l)
2553 {
2554 	return l->stripe_unit != l->object_size;
2555 }
2556 
2557 static int rbd_img_fill_request_nocopy(struct rbd_img_request *img_req,
2558 				       struct ceph_file_extent *img_extents,
2559 				       u32 num_img_extents,
2560 				       struct rbd_img_fill_ctx *fctx)
2561 {
2562 	u32 i;
2563 	int ret;
2564 
2565 	img_req->data_type = fctx->pos_type;
2566 
2567 	/*
2568 	 * Create object requests and set each object request's starting
2569 	 * position in the provided bio (list) or bio_vec array.
2570 	 */
2571 	fctx->iter = *fctx->pos;
2572 	for (i = 0; i < num_img_extents; i++) {
2573 		ret = ceph_file_to_extents(&img_req->rbd_dev->layout,
2574 					   img_extents[i].fe_off,
2575 					   img_extents[i].fe_len,
2576 					   &img_req->object_extents,
2577 					   alloc_object_extent, img_req,
2578 					   fctx->set_pos_fn, &fctx->iter);
2579 		if (ret)
2580 			return ret;
2581 	}
2582 
2583 	return __rbd_img_fill_request(img_req);
2584 }
2585 
2586 /*
2587  * Map a list of image extents to a list of object extents, create the
2588  * corresponding object requests (normally each to a different object,
2589  * but not always) and add them to @img_req.  For each object request,
2590  * set up its data descriptor to point to the corresponding chunk(s) of
2591  * @fctx->pos data buffer.
2592  *
2593  * Because ceph_file_to_extents() will merge adjacent object extents
2594  * together, each object request's data descriptor may point to multiple
2595  * different chunks of @fctx->pos data buffer.
2596  *
2597  * @fctx->pos data buffer is assumed to be large enough.
2598  */
2599 static int rbd_img_fill_request(struct rbd_img_request *img_req,
2600 				struct ceph_file_extent *img_extents,
2601 				u32 num_img_extents,
2602 				struct rbd_img_fill_ctx *fctx)
2603 {
2604 	struct rbd_device *rbd_dev = img_req->rbd_dev;
2605 	struct rbd_obj_request *obj_req;
2606 	u32 i;
2607 	int ret;
2608 
2609 	if (fctx->pos_type == OBJ_REQUEST_NODATA ||
2610 	    !rbd_layout_is_fancy(&rbd_dev->layout))
2611 		return rbd_img_fill_request_nocopy(img_req, img_extents,
2612 						   num_img_extents, fctx);
2613 
2614 	img_req->data_type = OBJ_REQUEST_OWN_BVECS;
2615 
2616 	/*
2617 	 * Create object requests and determine ->bvec_count for each object
2618 	 * request.  Note that ->bvec_count sum over all object requests may
2619 	 * be greater than the number of bio_vecs in the provided bio (list)
2620 	 * or bio_vec array because when mapped, those bio_vecs can straddle
2621 	 * stripe unit boundaries.
2622 	 */
2623 	fctx->iter = *fctx->pos;
2624 	for (i = 0; i < num_img_extents; i++) {
2625 		ret = ceph_file_to_extents(&rbd_dev->layout,
2626 					   img_extents[i].fe_off,
2627 					   img_extents[i].fe_len,
2628 					   &img_req->object_extents,
2629 					   alloc_object_extent, img_req,
2630 					   fctx->count_fn, &fctx->iter);
2631 		if (ret)
2632 			return ret;
2633 	}
2634 
2635 	for_each_obj_request(img_req, obj_req) {
2636 		obj_req->bvec_pos.bvecs = kmalloc_array(obj_req->bvec_count,
2637 					      sizeof(*obj_req->bvec_pos.bvecs),
2638 					      GFP_NOIO);
2639 		if (!obj_req->bvec_pos.bvecs)
2640 			return -ENOMEM;
2641 	}
2642 
2643 	/*
2644 	 * Fill in each object request's private bio_vec array, splitting and
2645 	 * rearranging the provided bio_vecs in stripe unit chunks as needed.
2646 	 */
2647 	fctx->iter = *fctx->pos;
2648 	for (i = 0; i < num_img_extents; i++) {
2649 		ret = ceph_iterate_extents(&rbd_dev->layout,
2650 					   img_extents[i].fe_off,
2651 					   img_extents[i].fe_len,
2652 					   &img_req->object_extents,
2653 					   fctx->copy_fn, &fctx->iter);
2654 		if (ret)
2655 			return ret;
2656 	}
2657 
2658 	return __rbd_img_fill_request(img_req);
2659 }
2660 
2661 static int rbd_img_fill_nodata(struct rbd_img_request *img_req,
2662 			       u64 off, u64 len)
2663 {
2664 	struct ceph_file_extent ex = { off, len };
2665 	union rbd_img_fill_iter dummy;
2666 	struct rbd_img_fill_ctx fctx = {
2667 		.pos_type = OBJ_REQUEST_NODATA,
2668 		.pos = &dummy,
2669 	};
2670 
2671 	return rbd_img_fill_request(img_req, &ex, 1, &fctx);
2672 }
2673 
2674 static void set_bio_pos(struct ceph_object_extent *ex, u32 bytes, void *arg)
2675 {
2676 	struct rbd_obj_request *obj_req =
2677 	    container_of(ex, struct rbd_obj_request, ex);
2678 	struct ceph_bio_iter *it = arg;
2679 
2680 	dout("%s objno %llu bytes %u\n", __func__, ex->oe_objno, bytes);
2681 	obj_req->bio_pos = *it;
2682 	ceph_bio_iter_advance(it, bytes);
2683 }
2684 
2685 static void count_bio_bvecs(struct ceph_object_extent *ex, u32 bytes, void *arg)
2686 {
2687 	struct rbd_obj_request *obj_req =
2688 	    container_of(ex, struct rbd_obj_request, ex);
2689 	struct ceph_bio_iter *it = arg;
2690 
2691 	dout("%s objno %llu bytes %u\n", __func__, ex->oe_objno, bytes);
2692 	ceph_bio_iter_advance_step(it, bytes, ({
2693 		obj_req->bvec_count++;
2694 	}));
2695 
2696 }
2697 
2698 static void copy_bio_bvecs(struct ceph_object_extent *ex, u32 bytes, void *arg)
2699 {
2700 	struct rbd_obj_request *obj_req =
2701 	    container_of(ex, struct rbd_obj_request, ex);
2702 	struct ceph_bio_iter *it = arg;
2703 
2704 	dout("%s objno %llu bytes %u\n", __func__, ex->oe_objno, bytes);
2705 	ceph_bio_iter_advance_step(it, bytes, ({
2706 		obj_req->bvec_pos.bvecs[obj_req->bvec_idx++] = bv;
2707 		obj_req->bvec_pos.iter.bi_size += bv.bv_len;
2708 	}));
2709 }
2710 
2711 static int __rbd_img_fill_from_bio(struct rbd_img_request *img_req,
2712 				   struct ceph_file_extent *img_extents,
2713 				   u32 num_img_extents,
2714 				   struct ceph_bio_iter *bio_pos)
2715 {
2716 	struct rbd_img_fill_ctx fctx = {
2717 		.pos_type = OBJ_REQUEST_BIO,
2718 		.pos = (union rbd_img_fill_iter *)bio_pos,
2719 		.set_pos_fn = set_bio_pos,
2720 		.count_fn = count_bio_bvecs,
2721 		.copy_fn = copy_bio_bvecs,
2722 	};
2723 
2724 	return rbd_img_fill_request(img_req, img_extents, num_img_extents,
2725 				    &fctx);
2726 }
2727 
2728 static int rbd_img_fill_from_bio(struct rbd_img_request *img_req,
2729 				 u64 off, u64 len, struct bio *bio)
2730 {
2731 	struct ceph_file_extent ex = { off, len };
2732 	struct ceph_bio_iter it = { .bio = bio, .iter = bio->bi_iter };
2733 
2734 	return __rbd_img_fill_from_bio(img_req, &ex, 1, &it);
2735 }
2736 
2737 static void set_bvec_pos(struct ceph_object_extent *ex, u32 bytes, void *arg)
2738 {
2739 	struct rbd_obj_request *obj_req =
2740 	    container_of(ex, struct rbd_obj_request, ex);
2741 	struct ceph_bvec_iter *it = arg;
2742 
2743 	obj_req->bvec_pos = *it;
2744 	ceph_bvec_iter_shorten(&obj_req->bvec_pos, bytes);
2745 	ceph_bvec_iter_advance(it, bytes);
2746 }
2747 
2748 static void count_bvecs(struct ceph_object_extent *ex, u32 bytes, void *arg)
2749 {
2750 	struct rbd_obj_request *obj_req =
2751 	    container_of(ex, struct rbd_obj_request, ex);
2752 	struct ceph_bvec_iter *it = arg;
2753 
2754 	ceph_bvec_iter_advance_step(it, bytes, ({
2755 		obj_req->bvec_count++;
2756 	}));
2757 }
2758 
2759 static void copy_bvecs(struct ceph_object_extent *ex, u32 bytes, void *arg)
2760 {
2761 	struct rbd_obj_request *obj_req =
2762 	    container_of(ex, struct rbd_obj_request, ex);
2763 	struct ceph_bvec_iter *it = arg;
2764 
2765 	ceph_bvec_iter_advance_step(it, bytes, ({
2766 		obj_req->bvec_pos.bvecs[obj_req->bvec_idx++] = bv;
2767 		obj_req->bvec_pos.iter.bi_size += bv.bv_len;
2768 	}));
2769 }
2770 
2771 static int __rbd_img_fill_from_bvecs(struct rbd_img_request *img_req,
2772 				     struct ceph_file_extent *img_extents,
2773 				     u32 num_img_extents,
2774 				     struct ceph_bvec_iter *bvec_pos)
2775 {
2776 	struct rbd_img_fill_ctx fctx = {
2777 		.pos_type = OBJ_REQUEST_BVECS,
2778 		.pos = (union rbd_img_fill_iter *)bvec_pos,
2779 		.set_pos_fn = set_bvec_pos,
2780 		.count_fn = count_bvecs,
2781 		.copy_fn = copy_bvecs,
2782 	};
2783 
2784 	return rbd_img_fill_request(img_req, img_extents, num_img_extents,
2785 				    &fctx);
2786 }
2787 
2788 static int rbd_img_fill_from_bvecs(struct rbd_img_request *img_req,
2789 				   struct ceph_file_extent *img_extents,
2790 				   u32 num_img_extents,
2791 				   struct bio_vec *bvecs)
2792 {
2793 	struct ceph_bvec_iter it = {
2794 		.bvecs = bvecs,
2795 		.iter = { .bi_size = ceph_file_extents_bytes(img_extents,
2796 							     num_img_extents) },
2797 	};
2798 
2799 	return __rbd_img_fill_from_bvecs(img_req, img_extents, num_img_extents,
2800 					 &it);
2801 }
2802 
2803 static void rbd_img_handle_request_work(struct work_struct *work)
2804 {
2805 	struct rbd_img_request *img_req =
2806 	    container_of(work, struct rbd_img_request, work);
2807 
2808 	rbd_img_handle_request(img_req, img_req->work_result);
2809 }
2810 
2811 static void rbd_img_schedule(struct rbd_img_request *img_req, int result)
2812 {
2813 	INIT_WORK(&img_req->work, rbd_img_handle_request_work);
2814 	img_req->work_result = result;
2815 	queue_work(rbd_wq, &img_req->work);
2816 }
2817 
2818 static bool rbd_obj_may_exist(struct rbd_obj_request *obj_req)
2819 {
2820 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
2821 
2822 	if (rbd_object_map_may_exist(rbd_dev, obj_req->ex.oe_objno)) {
2823 		obj_req->flags |= RBD_OBJ_FLAG_MAY_EXIST;
2824 		return true;
2825 	}
2826 
2827 	dout("%s %p objno %llu assuming dne\n", __func__, obj_req,
2828 	     obj_req->ex.oe_objno);
2829 	return false;
2830 }
2831 
2832 static int rbd_obj_read_object(struct rbd_obj_request *obj_req)
2833 {
2834 	struct ceph_osd_request *osd_req;
2835 	int ret;
2836 
2837 	osd_req = __rbd_obj_add_osd_request(obj_req, NULL, 1);
2838 	if (IS_ERR(osd_req))
2839 		return PTR_ERR(osd_req);
2840 
2841 	osd_req_op_extent_init(osd_req, 0, CEPH_OSD_OP_READ,
2842 			       obj_req->ex.oe_off, obj_req->ex.oe_len, 0, 0);
2843 	rbd_osd_setup_data(osd_req, 0);
2844 	rbd_osd_format_read(osd_req);
2845 
2846 	ret = ceph_osdc_alloc_messages(osd_req, GFP_NOIO);
2847 	if (ret)
2848 		return ret;
2849 
2850 	rbd_osd_submit(osd_req);
2851 	return 0;
2852 }
2853 
2854 static int rbd_obj_read_from_parent(struct rbd_obj_request *obj_req)
2855 {
2856 	struct rbd_img_request *img_req = obj_req->img_request;
2857 	struct rbd_img_request *child_img_req;
2858 	int ret;
2859 
2860 	child_img_req = rbd_img_request_create(img_req->rbd_dev->parent,
2861 					       OBJ_OP_READ, NULL);
2862 	if (!child_img_req)
2863 		return -ENOMEM;
2864 
2865 	__set_bit(IMG_REQ_CHILD, &child_img_req->flags);
2866 	child_img_req->obj_request = obj_req;
2867 
2868 	dout("%s child_img_req %p for obj_req %p\n", __func__, child_img_req,
2869 	     obj_req);
2870 
2871 	if (!rbd_img_is_write(img_req)) {
2872 		switch (img_req->data_type) {
2873 		case OBJ_REQUEST_BIO:
2874 			ret = __rbd_img_fill_from_bio(child_img_req,
2875 						      obj_req->img_extents,
2876 						      obj_req->num_img_extents,
2877 						      &obj_req->bio_pos);
2878 			break;
2879 		case OBJ_REQUEST_BVECS:
2880 		case OBJ_REQUEST_OWN_BVECS:
2881 			ret = __rbd_img_fill_from_bvecs(child_img_req,
2882 						      obj_req->img_extents,
2883 						      obj_req->num_img_extents,
2884 						      &obj_req->bvec_pos);
2885 			break;
2886 		default:
2887 			BUG();
2888 		}
2889 	} else {
2890 		ret = rbd_img_fill_from_bvecs(child_img_req,
2891 					      obj_req->img_extents,
2892 					      obj_req->num_img_extents,
2893 					      obj_req->copyup_bvecs);
2894 	}
2895 	if (ret) {
2896 		rbd_img_request_put(child_img_req);
2897 		return ret;
2898 	}
2899 
2900 	/* avoid parent chain recursion */
2901 	rbd_img_schedule(child_img_req, 0);
2902 	return 0;
2903 }
2904 
2905 static bool rbd_obj_advance_read(struct rbd_obj_request *obj_req, int *result)
2906 {
2907 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
2908 	int ret;
2909 
2910 again:
2911 	switch (obj_req->read_state) {
2912 	case RBD_OBJ_READ_START:
2913 		rbd_assert(!*result);
2914 
2915 		if (!rbd_obj_may_exist(obj_req)) {
2916 			*result = -ENOENT;
2917 			obj_req->read_state = RBD_OBJ_READ_OBJECT;
2918 			goto again;
2919 		}
2920 
2921 		ret = rbd_obj_read_object(obj_req);
2922 		if (ret) {
2923 			*result = ret;
2924 			return true;
2925 		}
2926 		obj_req->read_state = RBD_OBJ_READ_OBJECT;
2927 		return false;
2928 	case RBD_OBJ_READ_OBJECT:
2929 		if (*result == -ENOENT && rbd_dev->parent_overlap) {
2930 			/* reverse map this object extent onto the parent */
2931 			ret = rbd_obj_calc_img_extents(obj_req, false);
2932 			if (ret) {
2933 				*result = ret;
2934 				return true;
2935 			}
2936 			if (obj_req->num_img_extents) {
2937 				ret = rbd_obj_read_from_parent(obj_req);
2938 				if (ret) {
2939 					*result = ret;
2940 					return true;
2941 				}
2942 				obj_req->read_state = RBD_OBJ_READ_PARENT;
2943 				return false;
2944 			}
2945 		}
2946 
2947 		/*
2948 		 * -ENOENT means a hole in the image -- zero-fill the entire
2949 		 * length of the request.  A short read also implies zero-fill
2950 		 * to the end of the request.
2951 		 */
2952 		if (*result == -ENOENT) {
2953 			rbd_obj_zero_range(obj_req, 0, obj_req->ex.oe_len);
2954 			*result = 0;
2955 		} else if (*result >= 0) {
2956 			if (*result < obj_req->ex.oe_len)
2957 				rbd_obj_zero_range(obj_req, *result,
2958 						obj_req->ex.oe_len - *result);
2959 			else
2960 				rbd_assert(*result == obj_req->ex.oe_len);
2961 			*result = 0;
2962 		}
2963 		return true;
2964 	case RBD_OBJ_READ_PARENT:
2965 		/*
2966 		 * The parent image is read only up to the overlap -- zero-fill
2967 		 * from the overlap to the end of the request.
2968 		 */
2969 		if (!*result) {
2970 			u32 obj_overlap = rbd_obj_img_extents_bytes(obj_req);
2971 
2972 			if (obj_overlap < obj_req->ex.oe_len)
2973 				rbd_obj_zero_range(obj_req, obj_overlap,
2974 					    obj_req->ex.oe_len - obj_overlap);
2975 		}
2976 		return true;
2977 	default:
2978 		BUG();
2979 	}
2980 }
2981 
2982 static bool rbd_obj_write_is_noop(struct rbd_obj_request *obj_req)
2983 {
2984 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
2985 
2986 	if (rbd_object_map_may_exist(rbd_dev, obj_req->ex.oe_objno))
2987 		obj_req->flags |= RBD_OBJ_FLAG_MAY_EXIST;
2988 
2989 	if (!(obj_req->flags & RBD_OBJ_FLAG_MAY_EXIST) &&
2990 	    (obj_req->flags & RBD_OBJ_FLAG_NOOP_FOR_NONEXISTENT)) {
2991 		dout("%s %p noop for nonexistent\n", __func__, obj_req);
2992 		return true;
2993 	}
2994 
2995 	return false;
2996 }
2997 
2998 /*
2999  * Return:
3000  *   0 - object map update sent
3001  *   1 - object map update isn't needed
3002  *  <0 - error
3003  */
3004 static int rbd_obj_write_pre_object_map(struct rbd_obj_request *obj_req)
3005 {
3006 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
3007 	u8 new_state;
3008 
3009 	if (!(rbd_dev->header.features & RBD_FEATURE_OBJECT_MAP))
3010 		return 1;
3011 
3012 	if (obj_req->flags & RBD_OBJ_FLAG_DELETION)
3013 		new_state = OBJECT_PENDING;
3014 	else
3015 		new_state = OBJECT_EXISTS;
3016 
3017 	return rbd_object_map_update(obj_req, CEPH_NOSNAP, new_state, NULL);
3018 }
3019 
3020 static int rbd_obj_write_object(struct rbd_obj_request *obj_req)
3021 {
3022 	struct ceph_osd_request *osd_req;
3023 	int num_ops = count_write_ops(obj_req);
3024 	int which = 0;
3025 	int ret;
3026 
3027 	if (obj_req->flags & RBD_OBJ_FLAG_COPYUP_ENABLED)
3028 		num_ops++; /* stat */
3029 
3030 	osd_req = rbd_obj_add_osd_request(obj_req, num_ops);
3031 	if (IS_ERR(osd_req))
3032 		return PTR_ERR(osd_req);
3033 
3034 	if (obj_req->flags & RBD_OBJ_FLAG_COPYUP_ENABLED) {
3035 		ret = rbd_osd_setup_stat(osd_req, which++);
3036 		if (ret)
3037 			return ret;
3038 	}
3039 
3040 	rbd_osd_setup_write_ops(osd_req, which);
3041 	rbd_osd_format_write(osd_req);
3042 
3043 	ret = ceph_osdc_alloc_messages(osd_req, GFP_NOIO);
3044 	if (ret)
3045 		return ret;
3046 
3047 	rbd_osd_submit(osd_req);
3048 	return 0;
3049 }
3050 
3051 /*
3052  * copyup_bvecs pages are never highmem pages
3053  */
3054 static bool is_zero_bvecs(struct bio_vec *bvecs, u32 bytes)
3055 {
3056 	struct ceph_bvec_iter it = {
3057 		.bvecs = bvecs,
3058 		.iter = { .bi_size = bytes },
3059 	};
3060 
3061 	ceph_bvec_iter_advance_step(&it, bytes, ({
3062 		if (memchr_inv(page_address(bv.bv_page) + bv.bv_offset, 0,
3063 			       bv.bv_len))
3064 			return false;
3065 	}));
3066 	return true;
3067 }
3068 
3069 #define MODS_ONLY	U32_MAX
3070 
3071 static int rbd_obj_copyup_empty_snapc(struct rbd_obj_request *obj_req,
3072 				      u32 bytes)
3073 {
3074 	struct ceph_osd_request *osd_req;
3075 	int ret;
3076 
3077 	dout("%s obj_req %p bytes %u\n", __func__, obj_req, bytes);
3078 	rbd_assert(bytes > 0 && bytes != MODS_ONLY);
3079 
3080 	osd_req = __rbd_obj_add_osd_request(obj_req, &rbd_empty_snapc, 1);
3081 	if (IS_ERR(osd_req))
3082 		return PTR_ERR(osd_req);
3083 
3084 	ret = rbd_osd_setup_copyup(osd_req, 0, bytes);
3085 	if (ret)
3086 		return ret;
3087 
3088 	rbd_osd_format_write(osd_req);
3089 
3090 	ret = ceph_osdc_alloc_messages(osd_req, GFP_NOIO);
3091 	if (ret)
3092 		return ret;
3093 
3094 	rbd_osd_submit(osd_req);
3095 	return 0;
3096 }
3097 
3098 static int rbd_obj_copyup_current_snapc(struct rbd_obj_request *obj_req,
3099 					u32 bytes)
3100 {
3101 	struct ceph_osd_request *osd_req;
3102 	int num_ops = count_write_ops(obj_req);
3103 	int which = 0;
3104 	int ret;
3105 
3106 	dout("%s obj_req %p bytes %u\n", __func__, obj_req, bytes);
3107 
3108 	if (bytes != MODS_ONLY)
3109 		num_ops++; /* copyup */
3110 
3111 	osd_req = rbd_obj_add_osd_request(obj_req, num_ops);
3112 	if (IS_ERR(osd_req))
3113 		return PTR_ERR(osd_req);
3114 
3115 	if (bytes != MODS_ONLY) {
3116 		ret = rbd_osd_setup_copyup(osd_req, which++, bytes);
3117 		if (ret)
3118 			return ret;
3119 	}
3120 
3121 	rbd_osd_setup_write_ops(osd_req, which);
3122 	rbd_osd_format_write(osd_req);
3123 
3124 	ret = ceph_osdc_alloc_messages(osd_req, GFP_NOIO);
3125 	if (ret)
3126 		return ret;
3127 
3128 	rbd_osd_submit(osd_req);
3129 	return 0;
3130 }
3131 
3132 static int setup_copyup_bvecs(struct rbd_obj_request *obj_req, u64 obj_overlap)
3133 {
3134 	u32 i;
3135 
3136 	rbd_assert(!obj_req->copyup_bvecs);
3137 	obj_req->copyup_bvec_count = calc_pages_for(0, obj_overlap);
3138 	obj_req->copyup_bvecs = kcalloc(obj_req->copyup_bvec_count,
3139 					sizeof(*obj_req->copyup_bvecs),
3140 					GFP_NOIO);
3141 	if (!obj_req->copyup_bvecs)
3142 		return -ENOMEM;
3143 
3144 	for (i = 0; i < obj_req->copyup_bvec_count; i++) {
3145 		unsigned int len = min(obj_overlap, (u64)PAGE_SIZE);
3146 
3147 		obj_req->copyup_bvecs[i].bv_page = alloc_page(GFP_NOIO);
3148 		if (!obj_req->copyup_bvecs[i].bv_page)
3149 			return -ENOMEM;
3150 
3151 		obj_req->copyup_bvecs[i].bv_offset = 0;
3152 		obj_req->copyup_bvecs[i].bv_len = len;
3153 		obj_overlap -= len;
3154 	}
3155 
3156 	rbd_assert(!obj_overlap);
3157 	return 0;
3158 }
3159 
3160 /*
3161  * The target object doesn't exist.  Read the data for the entire
3162  * target object up to the overlap point (if any) from the parent,
3163  * so we can use it for a copyup.
3164  */
3165 static int rbd_obj_copyup_read_parent(struct rbd_obj_request *obj_req)
3166 {
3167 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
3168 	int ret;
3169 
3170 	rbd_assert(obj_req->num_img_extents);
3171 	prune_extents(obj_req->img_extents, &obj_req->num_img_extents,
3172 		      rbd_dev->parent_overlap);
3173 	if (!obj_req->num_img_extents) {
3174 		/*
3175 		 * The overlap has become 0 (most likely because the
3176 		 * image has been flattened).  Re-submit the original write
3177 		 * request -- pass MODS_ONLY since the copyup isn't needed
3178 		 * anymore.
3179 		 */
3180 		return rbd_obj_copyup_current_snapc(obj_req, MODS_ONLY);
3181 	}
3182 
3183 	ret = setup_copyup_bvecs(obj_req, rbd_obj_img_extents_bytes(obj_req));
3184 	if (ret)
3185 		return ret;
3186 
3187 	return rbd_obj_read_from_parent(obj_req);
3188 }
3189 
3190 static void rbd_obj_copyup_object_maps(struct rbd_obj_request *obj_req)
3191 {
3192 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
3193 	struct ceph_snap_context *snapc = obj_req->img_request->snapc;
3194 	u8 new_state;
3195 	u32 i;
3196 	int ret;
3197 
3198 	rbd_assert(!obj_req->pending.result && !obj_req->pending.num_pending);
3199 
3200 	if (!(rbd_dev->header.features & RBD_FEATURE_OBJECT_MAP))
3201 		return;
3202 
3203 	if (obj_req->flags & RBD_OBJ_FLAG_COPYUP_ZEROS)
3204 		return;
3205 
3206 	for (i = 0; i < snapc->num_snaps; i++) {
3207 		if ((rbd_dev->header.features & RBD_FEATURE_FAST_DIFF) &&
3208 		    i + 1 < snapc->num_snaps)
3209 			new_state = OBJECT_EXISTS_CLEAN;
3210 		else
3211 			new_state = OBJECT_EXISTS;
3212 
3213 		ret = rbd_object_map_update(obj_req, snapc->snaps[i],
3214 					    new_state, NULL);
3215 		if (ret < 0) {
3216 			obj_req->pending.result = ret;
3217 			return;
3218 		}
3219 
3220 		rbd_assert(!ret);
3221 		obj_req->pending.num_pending++;
3222 	}
3223 }
3224 
3225 static void rbd_obj_copyup_write_object(struct rbd_obj_request *obj_req)
3226 {
3227 	u32 bytes = rbd_obj_img_extents_bytes(obj_req);
3228 	int ret;
3229 
3230 	rbd_assert(!obj_req->pending.result && !obj_req->pending.num_pending);
3231 
3232 	/*
3233 	 * Only send non-zero copyup data to save some I/O and network
3234 	 * bandwidth -- zero copyup data is equivalent to the object not
3235 	 * existing.
3236 	 */
3237 	if (obj_req->flags & RBD_OBJ_FLAG_COPYUP_ZEROS)
3238 		bytes = 0;
3239 
3240 	if (obj_req->img_request->snapc->num_snaps && bytes > 0) {
3241 		/*
3242 		 * Send a copyup request with an empty snapshot context to
3243 		 * deep-copyup the object through all existing snapshots.
3244 		 * A second request with the current snapshot context will be
3245 		 * sent for the actual modification.
3246 		 */
3247 		ret = rbd_obj_copyup_empty_snapc(obj_req, bytes);
3248 		if (ret) {
3249 			obj_req->pending.result = ret;
3250 			return;
3251 		}
3252 
3253 		obj_req->pending.num_pending++;
3254 		bytes = MODS_ONLY;
3255 	}
3256 
3257 	ret = rbd_obj_copyup_current_snapc(obj_req, bytes);
3258 	if (ret) {
3259 		obj_req->pending.result = ret;
3260 		return;
3261 	}
3262 
3263 	obj_req->pending.num_pending++;
3264 }
3265 
3266 static bool rbd_obj_advance_copyup(struct rbd_obj_request *obj_req, int *result)
3267 {
3268 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
3269 	int ret;
3270 
3271 again:
3272 	switch (obj_req->copyup_state) {
3273 	case RBD_OBJ_COPYUP_START:
3274 		rbd_assert(!*result);
3275 
3276 		ret = rbd_obj_copyup_read_parent(obj_req);
3277 		if (ret) {
3278 			*result = ret;
3279 			return true;
3280 		}
3281 		if (obj_req->num_img_extents)
3282 			obj_req->copyup_state = RBD_OBJ_COPYUP_READ_PARENT;
3283 		else
3284 			obj_req->copyup_state = RBD_OBJ_COPYUP_WRITE_OBJECT;
3285 		return false;
3286 	case RBD_OBJ_COPYUP_READ_PARENT:
3287 		if (*result)
3288 			return true;
3289 
3290 		if (is_zero_bvecs(obj_req->copyup_bvecs,
3291 				  rbd_obj_img_extents_bytes(obj_req))) {
3292 			dout("%s %p detected zeros\n", __func__, obj_req);
3293 			obj_req->flags |= RBD_OBJ_FLAG_COPYUP_ZEROS;
3294 		}
3295 
3296 		rbd_obj_copyup_object_maps(obj_req);
3297 		if (!obj_req->pending.num_pending) {
3298 			*result = obj_req->pending.result;
3299 			obj_req->copyup_state = RBD_OBJ_COPYUP_OBJECT_MAPS;
3300 			goto again;
3301 		}
3302 		obj_req->copyup_state = __RBD_OBJ_COPYUP_OBJECT_MAPS;
3303 		return false;
3304 	case __RBD_OBJ_COPYUP_OBJECT_MAPS:
3305 		if (!pending_result_dec(&obj_req->pending, result))
3306 			return false;
3307 		/* fall through */
3308 	case RBD_OBJ_COPYUP_OBJECT_MAPS:
3309 		if (*result) {
3310 			rbd_warn(rbd_dev, "snap object map update failed: %d",
3311 				 *result);
3312 			return true;
3313 		}
3314 
3315 		rbd_obj_copyup_write_object(obj_req);
3316 		if (!obj_req->pending.num_pending) {
3317 			*result = obj_req->pending.result;
3318 			obj_req->copyup_state = RBD_OBJ_COPYUP_WRITE_OBJECT;
3319 			goto again;
3320 		}
3321 		obj_req->copyup_state = __RBD_OBJ_COPYUP_WRITE_OBJECT;
3322 		return false;
3323 	case __RBD_OBJ_COPYUP_WRITE_OBJECT:
3324 		if (!pending_result_dec(&obj_req->pending, result))
3325 			return false;
3326 		/* fall through */
3327 	case RBD_OBJ_COPYUP_WRITE_OBJECT:
3328 		return true;
3329 	default:
3330 		BUG();
3331 	}
3332 }
3333 
3334 /*
3335  * Return:
3336  *   0 - object map update sent
3337  *   1 - object map update isn't needed
3338  *  <0 - error
3339  */
3340 static int rbd_obj_write_post_object_map(struct rbd_obj_request *obj_req)
3341 {
3342 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
3343 	u8 current_state = OBJECT_PENDING;
3344 
3345 	if (!(rbd_dev->header.features & RBD_FEATURE_OBJECT_MAP))
3346 		return 1;
3347 
3348 	if (!(obj_req->flags & RBD_OBJ_FLAG_DELETION))
3349 		return 1;
3350 
3351 	return rbd_object_map_update(obj_req, CEPH_NOSNAP, OBJECT_NONEXISTENT,
3352 				     &current_state);
3353 }
3354 
3355 static bool rbd_obj_advance_write(struct rbd_obj_request *obj_req, int *result)
3356 {
3357 	struct rbd_device *rbd_dev = obj_req->img_request->rbd_dev;
3358 	int ret;
3359 
3360 again:
3361 	switch (obj_req->write_state) {
3362 	case RBD_OBJ_WRITE_START:
3363 		rbd_assert(!*result);
3364 
3365 		if (rbd_obj_write_is_noop(obj_req))
3366 			return true;
3367 
3368 		ret = rbd_obj_write_pre_object_map(obj_req);
3369 		if (ret < 0) {
3370 			*result = ret;
3371 			return true;
3372 		}
3373 		obj_req->write_state = RBD_OBJ_WRITE_PRE_OBJECT_MAP;
3374 		if (ret > 0)
3375 			goto again;
3376 		return false;
3377 	case RBD_OBJ_WRITE_PRE_OBJECT_MAP:
3378 		if (*result) {
3379 			rbd_warn(rbd_dev, "pre object map update failed: %d",
3380 				 *result);
3381 			return true;
3382 		}
3383 		ret = rbd_obj_write_object(obj_req);
3384 		if (ret) {
3385 			*result = ret;
3386 			return true;
3387 		}
3388 		obj_req->write_state = RBD_OBJ_WRITE_OBJECT;
3389 		return false;
3390 	case RBD_OBJ_WRITE_OBJECT:
3391 		if (*result == -ENOENT) {
3392 			if (obj_req->flags & RBD_OBJ_FLAG_COPYUP_ENABLED) {
3393 				*result = 0;
3394 				obj_req->copyup_state = RBD_OBJ_COPYUP_START;
3395 				obj_req->write_state = __RBD_OBJ_WRITE_COPYUP;
3396 				goto again;
3397 			}
3398 			/*
3399 			 * On a non-existent object:
3400 			 *   delete - -ENOENT, truncate/zero - 0
3401 			 */
3402 			if (obj_req->flags & RBD_OBJ_FLAG_DELETION)
3403 				*result = 0;
3404 		}
3405 		if (*result)
3406 			return true;
3407 
3408 		obj_req->write_state = RBD_OBJ_WRITE_COPYUP;
3409 		goto again;
3410 	case __RBD_OBJ_WRITE_COPYUP:
3411 		if (!rbd_obj_advance_copyup(obj_req, result))
3412 			return false;
3413 		/* fall through */
3414 	case RBD_OBJ_WRITE_COPYUP:
3415 		if (*result) {
3416 			rbd_warn(rbd_dev, "copyup failed: %d", *result);
3417 			return true;
3418 		}
3419 		ret = rbd_obj_write_post_object_map(obj_req);
3420 		if (ret < 0) {
3421 			*result = ret;
3422 			return true;
3423 		}
3424 		obj_req->write_state = RBD_OBJ_WRITE_POST_OBJECT_MAP;
3425 		if (ret > 0)
3426 			goto again;
3427 		return false;
3428 	case RBD_OBJ_WRITE_POST_OBJECT_MAP:
3429 		if (*result)
3430 			rbd_warn(rbd_dev, "post object map update failed: %d",
3431 				 *result);
3432 		return true;
3433 	default:
3434 		BUG();
3435 	}
3436 }
3437 
3438 /*
3439  * Return true if @obj_req is completed.
3440  */
3441 static bool __rbd_obj_handle_request(struct rbd_obj_request *obj_req,
3442 				     int *result)
3443 {
3444 	struct rbd_img_request *img_req = obj_req->img_request;
3445 	struct rbd_device *rbd_dev = img_req->rbd_dev;
3446 	bool done;
3447 
3448 	mutex_lock(&obj_req->state_mutex);
3449 	if (!rbd_img_is_write(img_req))
3450 		done = rbd_obj_advance_read(obj_req, result);
3451 	else
3452 		done = rbd_obj_advance_write(obj_req, result);
3453 	mutex_unlock(&obj_req->state_mutex);
3454 
3455 	if (done && *result) {
3456 		rbd_assert(*result < 0);
3457 		rbd_warn(rbd_dev, "%s at objno %llu %llu~%llu result %d",
3458 			 obj_op_name(img_req->op_type), obj_req->ex.oe_objno,
3459 			 obj_req->ex.oe_off, obj_req->ex.oe_len, *result);
3460 	}
3461 	return done;
3462 }
3463 
3464 /*
3465  * This is open-coded in rbd_img_handle_request() to avoid parent chain
3466  * recursion.
3467  */
3468 static void rbd_obj_handle_request(struct rbd_obj_request *obj_req, int result)
3469 {
3470 	if (__rbd_obj_handle_request(obj_req, &result))
3471 		rbd_img_handle_request(obj_req->img_request, result);
3472 }
3473 
3474 static bool need_exclusive_lock(struct rbd_img_request *img_req)
3475 {
3476 	struct rbd_device *rbd_dev = img_req->rbd_dev;
3477 
3478 	if (!(rbd_dev->header.features & RBD_FEATURE_EXCLUSIVE_LOCK))
3479 		return false;
3480 
3481 	if (rbd_is_ro(rbd_dev))
3482 		return false;
3483 
3484 	rbd_assert(!test_bit(IMG_REQ_CHILD, &img_req->flags));
3485 	if (rbd_dev->opts->lock_on_read ||
3486 	    (rbd_dev->header.features & RBD_FEATURE_OBJECT_MAP))
3487 		return true;
3488 
3489 	return rbd_img_is_write(img_req);
3490 }
3491 
3492 static bool rbd_lock_add_request(struct rbd_img_request *img_req)
3493 {
3494 	struct rbd_device *rbd_dev = img_req->rbd_dev;
3495 	bool locked;
3496 
3497 	lockdep_assert_held(&rbd_dev->lock_rwsem);
3498 	locked = rbd_dev->lock_state == RBD_LOCK_STATE_LOCKED;
3499 	spin_lock(&rbd_dev->lock_lists_lock);
3500 	rbd_assert(list_empty(&img_req->lock_item));
3501 	if (!locked)
3502 		list_add_tail(&img_req->lock_item, &rbd_dev->acquiring_list);
3503 	else
3504 		list_add_tail(&img_req->lock_item, &rbd_dev->running_list);
3505 	spin_unlock(&rbd_dev->lock_lists_lock);
3506 	return locked;
3507 }
3508 
3509 static void rbd_lock_del_request(struct rbd_img_request *img_req)
3510 {
3511 	struct rbd_device *rbd_dev = img_req->rbd_dev;
3512 	bool need_wakeup;
3513 
3514 	lockdep_assert_held(&rbd_dev->lock_rwsem);
3515 	spin_lock(&rbd_dev->lock_lists_lock);
3516 	rbd_assert(!list_empty(&img_req->lock_item));
3517 	list_del_init(&img_req->lock_item);
3518 	need_wakeup = (rbd_dev->lock_state == RBD_LOCK_STATE_RELEASING &&
3519 		       list_empty(&rbd_dev->running_list));
3520 	spin_unlock(&rbd_dev->lock_lists_lock);
3521 	if (need_wakeup)
3522 		complete(&rbd_dev->releasing_wait);
3523 }
3524 
3525 static int rbd_img_exclusive_lock(struct rbd_img_request *img_req)
3526 {
3527 	struct rbd_device *rbd_dev = img_req->rbd_dev;
3528 
3529 	if (!need_exclusive_lock(img_req))
3530 		return 1;
3531 
3532 	if (rbd_lock_add_request(img_req))
3533 		return 1;
3534 
3535 	if (rbd_dev->opts->exclusive) {
3536 		WARN_ON(1); /* lock got released? */
3537 		return -EROFS;
3538 	}
3539 
3540 	/*
3541 	 * Note the use of mod_delayed_work() in rbd_acquire_lock()
3542 	 * and cancel_delayed_work() in wake_lock_waiters().
3543 	 */
3544 	dout("%s rbd_dev %p queueing lock_dwork\n", __func__, rbd_dev);
3545 	queue_delayed_work(rbd_dev->task_wq, &rbd_dev->lock_dwork, 0);
3546 	return 0;
3547 }
3548 
3549 static void rbd_img_object_requests(struct rbd_img_request *img_req)
3550 {
3551 	struct rbd_obj_request *obj_req;
3552 
3553 	rbd_assert(!img_req->pending.result && !img_req->pending.num_pending);
3554 
3555 	for_each_obj_request(img_req, obj_req) {
3556 		int result = 0;
3557 
3558 		if (__rbd_obj_handle_request(obj_req, &result)) {
3559 			if (result) {
3560 				img_req->pending.result = result;
3561 				return;
3562 			}
3563 		} else {
3564 			img_req->pending.num_pending++;
3565 		}
3566 	}
3567 }
3568 
3569 static bool rbd_img_advance(struct rbd_img_request *img_req, int *result)
3570 {
3571 	struct rbd_device *rbd_dev = img_req->rbd_dev;
3572 	int ret;
3573 
3574 again:
3575 	switch (img_req->state) {
3576 	case RBD_IMG_START:
3577 		rbd_assert(!*result);
3578 
3579 		ret = rbd_img_exclusive_lock(img_req);
3580 		if (ret < 0) {
3581 			*result = ret;
3582 			return true;
3583 		}
3584 		img_req->state = RBD_IMG_EXCLUSIVE_LOCK;
3585 		if (ret > 0)
3586 			goto again;
3587 		return false;
3588 	case RBD_IMG_EXCLUSIVE_LOCK:
3589 		if (*result)
3590 			return true;
3591 
3592 		rbd_assert(!need_exclusive_lock(img_req) ||
3593 			   __rbd_is_lock_owner(rbd_dev));
3594 
3595 		rbd_img_object_requests(img_req);
3596 		if (!img_req->pending.num_pending) {
3597 			*result = img_req->pending.result;
3598 			img_req->state = RBD_IMG_OBJECT_REQUESTS;
3599 			goto again;
3600 		}
3601 		img_req->state = __RBD_IMG_OBJECT_REQUESTS;
3602 		return false;
3603 	case __RBD_IMG_OBJECT_REQUESTS:
3604 		if (!pending_result_dec(&img_req->pending, result))
3605 			return false;
3606 		/* fall through */
3607 	case RBD_IMG_OBJECT_REQUESTS:
3608 		return true;
3609 	default:
3610 		BUG();
3611 	}
3612 }
3613 
3614 /*
3615  * Return true if @img_req is completed.
3616  */
3617 static bool __rbd_img_handle_request(struct rbd_img_request *img_req,
3618 				     int *result)
3619 {
3620 	struct rbd_device *rbd_dev = img_req->rbd_dev;
3621 	bool done;
3622 
3623 	if (need_exclusive_lock(img_req)) {
3624 		down_read(&rbd_dev->lock_rwsem);
3625 		mutex_lock(&img_req->state_mutex);
3626 		done = rbd_img_advance(img_req, result);
3627 		if (done)
3628 			rbd_lock_del_request(img_req);
3629 		mutex_unlock(&img_req->state_mutex);
3630 		up_read(&rbd_dev->lock_rwsem);
3631 	} else {
3632 		mutex_lock(&img_req->state_mutex);
3633 		done = rbd_img_advance(img_req, result);
3634 		mutex_unlock(&img_req->state_mutex);
3635 	}
3636 
3637 	if (done && *result) {
3638 		rbd_assert(*result < 0);
3639 		rbd_warn(rbd_dev, "%s%s result %d",
3640 		      test_bit(IMG_REQ_CHILD, &img_req->flags) ? "child " : "",
3641 		      obj_op_name(img_req->op_type), *result);
3642 	}
3643 	return done;
3644 }
3645 
3646 static void rbd_img_handle_request(struct rbd_img_request *img_req, int result)
3647 {
3648 again:
3649 	if (!__rbd_img_handle_request(img_req, &result))
3650 		return;
3651 
3652 	if (test_bit(IMG_REQ_CHILD, &img_req->flags)) {
3653 		struct rbd_obj_request *obj_req = img_req->obj_request;
3654 
3655 		rbd_img_request_put(img_req);
3656 		if (__rbd_obj_handle_request(obj_req, &result)) {
3657 			img_req = obj_req->img_request;
3658 			goto again;
3659 		}
3660 	} else {
3661 		struct request *rq = img_req->rq;
3662 
3663 		rbd_img_request_put(img_req);
3664 		blk_mq_end_request(rq, errno_to_blk_status(result));
3665 	}
3666 }
3667 
3668 static const struct rbd_client_id rbd_empty_cid;
3669 
3670 static bool rbd_cid_equal(const struct rbd_client_id *lhs,
3671 			  const struct rbd_client_id *rhs)
3672 {
3673 	return lhs->gid == rhs->gid && lhs->handle == rhs->handle;
3674 }
3675 
3676 static struct rbd_client_id rbd_get_cid(struct rbd_device *rbd_dev)
3677 {
3678 	struct rbd_client_id cid;
3679 
3680 	mutex_lock(&rbd_dev->watch_mutex);
3681 	cid.gid = ceph_client_gid(rbd_dev->rbd_client->client);
3682 	cid.handle = rbd_dev->watch_cookie;
3683 	mutex_unlock(&rbd_dev->watch_mutex);
3684 	return cid;
3685 }
3686 
3687 /*
3688  * lock_rwsem must be held for write
3689  */
3690 static void rbd_set_owner_cid(struct rbd_device *rbd_dev,
3691 			      const struct rbd_client_id *cid)
3692 {
3693 	dout("%s rbd_dev %p %llu-%llu -> %llu-%llu\n", __func__, rbd_dev,
3694 	     rbd_dev->owner_cid.gid, rbd_dev->owner_cid.handle,
3695 	     cid->gid, cid->handle);
3696 	rbd_dev->owner_cid = *cid; /* struct */
3697 }
3698 
3699 static void format_lock_cookie(struct rbd_device *rbd_dev, char *buf)
3700 {
3701 	mutex_lock(&rbd_dev->watch_mutex);
3702 	sprintf(buf, "%s %llu", RBD_LOCK_COOKIE_PREFIX, rbd_dev->watch_cookie);
3703 	mutex_unlock(&rbd_dev->watch_mutex);
3704 }
3705 
3706 static void __rbd_lock(struct rbd_device *rbd_dev, const char *cookie)
3707 {
3708 	struct rbd_client_id cid = rbd_get_cid(rbd_dev);
3709 
3710 	rbd_dev->lock_state = RBD_LOCK_STATE_LOCKED;
3711 	strcpy(rbd_dev->lock_cookie, cookie);
3712 	rbd_set_owner_cid(rbd_dev, &cid);
3713 	queue_work(rbd_dev->task_wq, &rbd_dev->acquired_lock_work);
3714 }
3715 
3716 /*
3717  * lock_rwsem must be held for write
3718  */
3719 static int rbd_lock(struct rbd_device *rbd_dev)
3720 {
3721 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3722 	char cookie[32];
3723 	int ret;
3724 
3725 	WARN_ON(__rbd_is_lock_owner(rbd_dev) ||
3726 		rbd_dev->lock_cookie[0] != '\0');
3727 
3728 	format_lock_cookie(rbd_dev, cookie);
3729 	ret = ceph_cls_lock(osdc, &rbd_dev->header_oid, &rbd_dev->header_oloc,
3730 			    RBD_LOCK_NAME, CEPH_CLS_LOCK_EXCLUSIVE, cookie,
3731 			    RBD_LOCK_TAG, "", 0);
3732 	if (ret)
3733 		return ret;
3734 
3735 	__rbd_lock(rbd_dev, cookie);
3736 	return 0;
3737 }
3738 
3739 /*
3740  * lock_rwsem must be held for write
3741  */
3742 static void rbd_unlock(struct rbd_device *rbd_dev)
3743 {
3744 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3745 	int ret;
3746 
3747 	WARN_ON(!__rbd_is_lock_owner(rbd_dev) ||
3748 		rbd_dev->lock_cookie[0] == '\0');
3749 
3750 	ret = ceph_cls_unlock(osdc, &rbd_dev->header_oid, &rbd_dev->header_oloc,
3751 			      RBD_LOCK_NAME, rbd_dev->lock_cookie);
3752 	if (ret && ret != -ENOENT)
3753 		rbd_warn(rbd_dev, "failed to unlock header: %d", ret);
3754 
3755 	/* treat errors as the image is unlocked */
3756 	rbd_dev->lock_state = RBD_LOCK_STATE_UNLOCKED;
3757 	rbd_dev->lock_cookie[0] = '\0';
3758 	rbd_set_owner_cid(rbd_dev, &rbd_empty_cid);
3759 	queue_work(rbd_dev->task_wq, &rbd_dev->released_lock_work);
3760 }
3761 
3762 static int __rbd_notify_op_lock(struct rbd_device *rbd_dev,
3763 				enum rbd_notify_op notify_op,
3764 				struct page ***preply_pages,
3765 				size_t *preply_len)
3766 {
3767 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3768 	struct rbd_client_id cid = rbd_get_cid(rbd_dev);
3769 	char buf[4 + 8 + 8 + CEPH_ENCODING_START_BLK_LEN];
3770 	int buf_size = sizeof(buf);
3771 	void *p = buf;
3772 
3773 	dout("%s rbd_dev %p notify_op %d\n", __func__, rbd_dev, notify_op);
3774 
3775 	/* encode *LockPayload NotifyMessage (op + ClientId) */
3776 	ceph_start_encoding(&p, 2, 1, buf_size - CEPH_ENCODING_START_BLK_LEN);
3777 	ceph_encode_32(&p, notify_op);
3778 	ceph_encode_64(&p, cid.gid);
3779 	ceph_encode_64(&p, cid.handle);
3780 
3781 	return ceph_osdc_notify(osdc, &rbd_dev->header_oid,
3782 				&rbd_dev->header_oloc, buf, buf_size,
3783 				RBD_NOTIFY_TIMEOUT, preply_pages, preply_len);
3784 }
3785 
3786 static void rbd_notify_op_lock(struct rbd_device *rbd_dev,
3787 			       enum rbd_notify_op notify_op)
3788 {
3789 	struct page **reply_pages;
3790 	size_t reply_len;
3791 
3792 	__rbd_notify_op_lock(rbd_dev, notify_op, &reply_pages, &reply_len);
3793 	ceph_release_page_vector(reply_pages, calc_pages_for(0, reply_len));
3794 }
3795 
3796 static void rbd_notify_acquired_lock(struct work_struct *work)
3797 {
3798 	struct rbd_device *rbd_dev = container_of(work, struct rbd_device,
3799 						  acquired_lock_work);
3800 
3801 	rbd_notify_op_lock(rbd_dev, RBD_NOTIFY_OP_ACQUIRED_LOCK);
3802 }
3803 
3804 static void rbd_notify_released_lock(struct work_struct *work)
3805 {
3806 	struct rbd_device *rbd_dev = container_of(work, struct rbd_device,
3807 						  released_lock_work);
3808 
3809 	rbd_notify_op_lock(rbd_dev, RBD_NOTIFY_OP_RELEASED_LOCK);
3810 }
3811 
3812 static int rbd_request_lock(struct rbd_device *rbd_dev)
3813 {
3814 	struct page **reply_pages;
3815 	size_t reply_len;
3816 	bool lock_owner_responded = false;
3817 	int ret;
3818 
3819 	dout("%s rbd_dev %p\n", __func__, rbd_dev);
3820 
3821 	ret = __rbd_notify_op_lock(rbd_dev, RBD_NOTIFY_OP_REQUEST_LOCK,
3822 				   &reply_pages, &reply_len);
3823 	if (ret && ret != -ETIMEDOUT) {
3824 		rbd_warn(rbd_dev, "failed to request lock: %d", ret);
3825 		goto out;
3826 	}
3827 
3828 	if (reply_len > 0 && reply_len <= PAGE_SIZE) {
3829 		void *p = page_address(reply_pages[0]);
3830 		void *const end = p + reply_len;
3831 		u32 n;
3832 
3833 		ceph_decode_32_safe(&p, end, n, e_inval); /* num_acks */
3834 		while (n--) {
3835 			u8 struct_v;
3836 			u32 len;
3837 
3838 			ceph_decode_need(&p, end, 8 + 8, e_inval);
3839 			p += 8 + 8; /* skip gid and cookie */
3840 
3841 			ceph_decode_32_safe(&p, end, len, e_inval);
3842 			if (!len)
3843 				continue;
3844 
3845 			if (lock_owner_responded) {
3846 				rbd_warn(rbd_dev,
3847 					 "duplicate lock owners detected");
3848 				ret = -EIO;
3849 				goto out;
3850 			}
3851 
3852 			lock_owner_responded = true;
3853 			ret = ceph_start_decoding(&p, end, 1, "ResponseMessage",
3854 						  &struct_v, &len);
3855 			if (ret) {
3856 				rbd_warn(rbd_dev,
3857 					 "failed to decode ResponseMessage: %d",
3858 					 ret);
3859 				goto e_inval;
3860 			}
3861 
3862 			ret = ceph_decode_32(&p);
3863 		}
3864 	}
3865 
3866 	if (!lock_owner_responded) {
3867 		rbd_warn(rbd_dev, "no lock owners detected");
3868 		ret = -ETIMEDOUT;
3869 	}
3870 
3871 out:
3872 	ceph_release_page_vector(reply_pages, calc_pages_for(0, reply_len));
3873 	return ret;
3874 
3875 e_inval:
3876 	ret = -EINVAL;
3877 	goto out;
3878 }
3879 
3880 /*
3881  * Either image request state machine(s) or rbd_add_acquire_lock()
3882  * (i.e. "rbd map").
3883  */
3884 static void wake_lock_waiters(struct rbd_device *rbd_dev, int result)
3885 {
3886 	struct rbd_img_request *img_req;
3887 
3888 	dout("%s rbd_dev %p result %d\n", __func__, rbd_dev, result);
3889 	lockdep_assert_held_write(&rbd_dev->lock_rwsem);
3890 
3891 	cancel_delayed_work(&rbd_dev->lock_dwork);
3892 	if (!completion_done(&rbd_dev->acquire_wait)) {
3893 		rbd_assert(list_empty(&rbd_dev->acquiring_list) &&
3894 			   list_empty(&rbd_dev->running_list));
3895 		rbd_dev->acquire_err = result;
3896 		complete_all(&rbd_dev->acquire_wait);
3897 		return;
3898 	}
3899 
3900 	list_for_each_entry(img_req, &rbd_dev->acquiring_list, lock_item) {
3901 		mutex_lock(&img_req->state_mutex);
3902 		rbd_assert(img_req->state == RBD_IMG_EXCLUSIVE_LOCK);
3903 		rbd_img_schedule(img_req, result);
3904 		mutex_unlock(&img_req->state_mutex);
3905 	}
3906 
3907 	list_splice_tail_init(&rbd_dev->acquiring_list, &rbd_dev->running_list);
3908 }
3909 
3910 static int get_lock_owner_info(struct rbd_device *rbd_dev,
3911 			       struct ceph_locker **lockers, u32 *num_lockers)
3912 {
3913 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3914 	u8 lock_type;
3915 	char *lock_tag;
3916 	int ret;
3917 
3918 	dout("%s rbd_dev %p\n", __func__, rbd_dev);
3919 
3920 	ret = ceph_cls_lock_info(osdc, &rbd_dev->header_oid,
3921 				 &rbd_dev->header_oloc, RBD_LOCK_NAME,
3922 				 &lock_type, &lock_tag, lockers, num_lockers);
3923 	if (ret)
3924 		return ret;
3925 
3926 	if (*num_lockers == 0) {
3927 		dout("%s rbd_dev %p no lockers detected\n", __func__, rbd_dev);
3928 		goto out;
3929 	}
3930 
3931 	if (strcmp(lock_tag, RBD_LOCK_TAG)) {
3932 		rbd_warn(rbd_dev, "locked by external mechanism, tag %s",
3933 			 lock_tag);
3934 		ret = -EBUSY;
3935 		goto out;
3936 	}
3937 
3938 	if (lock_type == CEPH_CLS_LOCK_SHARED) {
3939 		rbd_warn(rbd_dev, "shared lock type detected");
3940 		ret = -EBUSY;
3941 		goto out;
3942 	}
3943 
3944 	if (strncmp((*lockers)[0].id.cookie, RBD_LOCK_COOKIE_PREFIX,
3945 		    strlen(RBD_LOCK_COOKIE_PREFIX))) {
3946 		rbd_warn(rbd_dev, "locked by external mechanism, cookie %s",
3947 			 (*lockers)[0].id.cookie);
3948 		ret = -EBUSY;
3949 		goto out;
3950 	}
3951 
3952 out:
3953 	kfree(lock_tag);
3954 	return ret;
3955 }
3956 
3957 static int find_watcher(struct rbd_device *rbd_dev,
3958 			const struct ceph_locker *locker)
3959 {
3960 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
3961 	struct ceph_watch_item *watchers;
3962 	u32 num_watchers;
3963 	u64 cookie;
3964 	int i;
3965 	int ret;
3966 
3967 	ret = ceph_osdc_list_watchers(osdc, &rbd_dev->header_oid,
3968 				      &rbd_dev->header_oloc, &watchers,
3969 				      &num_watchers);
3970 	if (ret)
3971 		return ret;
3972 
3973 	sscanf(locker->id.cookie, RBD_LOCK_COOKIE_PREFIX " %llu", &cookie);
3974 	for (i = 0; i < num_watchers; i++) {
3975 		if (!memcmp(&watchers[i].addr, &locker->info.addr,
3976 			    sizeof(locker->info.addr)) &&
3977 		    watchers[i].cookie == cookie) {
3978 			struct rbd_client_id cid = {
3979 				.gid = le64_to_cpu(watchers[i].name.num),
3980 				.handle = cookie,
3981 			};
3982 
3983 			dout("%s rbd_dev %p found cid %llu-%llu\n", __func__,
3984 			     rbd_dev, cid.gid, cid.handle);
3985 			rbd_set_owner_cid(rbd_dev, &cid);
3986 			ret = 1;
3987 			goto out;
3988 		}
3989 	}
3990 
3991 	dout("%s rbd_dev %p no watchers\n", __func__, rbd_dev);
3992 	ret = 0;
3993 out:
3994 	kfree(watchers);
3995 	return ret;
3996 }
3997 
3998 /*
3999  * lock_rwsem must be held for write
4000  */
4001 static int rbd_try_lock(struct rbd_device *rbd_dev)
4002 {
4003 	struct ceph_client *client = rbd_dev->rbd_client->client;
4004 	struct ceph_locker *lockers;
4005 	u32 num_lockers;
4006 	int ret;
4007 
4008 	for (;;) {
4009 		ret = rbd_lock(rbd_dev);
4010 		if (ret != -EBUSY)
4011 			return ret;
4012 
4013 		/* determine if the current lock holder is still alive */
4014 		ret = get_lock_owner_info(rbd_dev, &lockers, &num_lockers);
4015 		if (ret)
4016 			return ret;
4017 
4018 		if (num_lockers == 0)
4019 			goto again;
4020 
4021 		ret = find_watcher(rbd_dev, lockers);
4022 		if (ret)
4023 			goto out; /* request lock or error */
4024 
4025 		rbd_warn(rbd_dev, "breaking header lock owned by %s%llu",
4026 			 ENTITY_NAME(lockers[0].id.name));
4027 
4028 		ret = ceph_monc_blacklist_add(&client->monc,
4029 					      &lockers[0].info.addr);
4030 		if (ret) {
4031 			rbd_warn(rbd_dev, "blacklist of %s%llu failed: %d",
4032 				 ENTITY_NAME(lockers[0].id.name), ret);
4033 			goto out;
4034 		}
4035 
4036 		ret = ceph_cls_break_lock(&client->osdc, &rbd_dev->header_oid,
4037 					  &rbd_dev->header_oloc, RBD_LOCK_NAME,
4038 					  lockers[0].id.cookie,
4039 					  &lockers[0].id.name);
4040 		if (ret && ret != -ENOENT)
4041 			goto out;
4042 
4043 again:
4044 		ceph_free_lockers(lockers, num_lockers);
4045 	}
4046 
4047 out:
4048 	ceph_free_lockers(lockers, num_lockers);
4049 	return ret;
4050 }
4051 
4052 static int rbd_post_acquire_action(struct rbd_device *rbd_dev)
4053 {
4054 	int ret;
4055 
4056 	if (rbd_dev->header.features & RBD_FEATURE_OBJECT_MAP) {
4057 		ret = rbd_object_map_open(rbd_dev);
4058 		if (ret)
4059 			return ret;
4060 	}
4061 
4062 	return 0;
4063 }
4064 
4065 /*
4066  * Return:
4067  *   0 - lock acquired
4068  *   1 - caller should call rbd_request_lock()
4069  *  <0 - error
4070  */
4071 static int rbd_try_acquire_lock(struct rbd_device *rbd_dev)
4072 {
4073 	int ret;
4074 
4075 	down_read(&rbd_dev->lock_rwsem);
4076 	dout("%s rbd_dev %p read lock_state %d\n", __func__, rbd_dev,
4077 	     rbd_dev->lock_state);
4078 	if (__rbd_is_lock_owner(rbd_dev)) {
4079 		up_read(&rbd_dev->lock_rwsem);
4080 		return 0;
4081 	}
4082 
4083 	up_read(&rbd_dev->lock_rwsem);
4084 	down_write(&rbd_dev->lock_rwsem);
4085 	dout("%s rbd_dev %p write lock_state %d\n", __func__, rbd_dev,
4086 	     rbd_dev->lock_state);
4087 	if (__rbd_is_lock_owner(rbd_dev)) {
4088 		up_write(&rbd_dev->lock_rwsem);
4089 		return 0;
4090 	}
4091 
4092 	ret = rbd_try_lock(rbd_dev);
4093 	if (ret < 0) {
4094 		rbd_warn(rbd_dev, "failed to lock header: %d", ret);
4095 		if (ret == -EBLACKLISTED)
4096 			goto out;
4097 
4098 		ret = 1; /* request lock anyway */
4099 	}
4100 	if (ret > 0) {
4101 		up_write(&rbd_dev->lock_rwsem);
4102 		return ret;
4103 	}
4104 
4105 	rbd_assert(rbd_dev->lock_state == RBD_LOCK_STATE_LOCKED);
4106 	rbd_assert(list_empty(&rbd_dev->running_list));
4107 
4108 	ret = rbd_post_acquire_action(rbd_dev);
4109 	if (ret) {
4110 		rbd_warn(rbd_dev, "post-acquire action failed: %d", ret);
4111 		/*
4112 		 * Can't stay in RBD_LOCK_STATE_LOCKED because
4113 		 * rbd_lock_add_request() would let the request through,
4114 		 * assuming that e.g. object map is locked and loaded.
4115 		 */
4116 		rbd_unlock(rbd_dev);
4117 	}
4118 
4119 out:
4120 	wake_lock_waiters(rbd_dev, ret);
4121 	up_write(&rbd_dev->lock_rwsem);
4122 	return ret;
4123 }
4124 
4125 static void rbd_acquire_lock(struct work_struct *work)
4126 {
4127 	struct rbd_device *rbd_dev = container_of(to_delayed_work(work),
4128 					    struct rbd_device, lock_dwork);
4129 	int ret;
4130 
4131 	dout("%s rbd_dev %p\n", __func__, rbd_dev);
4132 again:
4133 	ret = rbd_try_acquire_lock(rbd_dev);
4134 	if (ret <= 0) {
4135 		dout("%s rbd_dev %p ret %d - done\n", __func__, rbd_dev, ret);
4136 		return;
4137 	}
4138 
4139 	ret = rbd_request_lock(rbd_dev);
4140 	if (ret == -ETIMEDOUT) {
4141 		goto again; /* treat this as a dead client */
4142 	} else if (ret == -EROFS) {
4143 		rbd_warn(rbd_dev, "peer will not release lock");
4144 		down_write(&rbd_dev->lock_rwsem);
4145 		wake_lock_waiters(rbd_dev, ret);
4146 		up_write(&rbd_dev->lock_rwsem);
4147 	} else if (ret < 0) {
4148 		rbd_warn(rbd_dev, "error requesting lock: %d", ret);
4149 		mod_delayed_work(rbd_dev->task_wq, &rbd_dev->lock_dwork,
4150 				 RBD_RETRY_DELAY);
4151 	} else {
4152 		/*
4153 		 * lock owner acked, but resend if we don't see them
4154 		 * release the lock
4155 		 */
4156 		dout("%s rbd_dev %p requeuing lock_dwork\n", __func__,
4157 		     rbd_dev);
4158 		mod_delayed_work(rbd_dev->task_wq, &rbd_dev->lock_dwork,
4159 		    msecs_to_jiffies(2 * RBD_NOTIFY_TIMEOUT * MSEC_PER_SEC));
4160 	}
4161 }
4162 
4163 static bool rbd_quiesce_lock(struct rbd_device *rbd_dev)
4164 {
4165 	bool need_wait;
4166 
4167 	dout("%s rbd_dev %p\n", __func__, rbd_dev);
4168 	lockdep_assert_held_write(&rbd_dev->lock_rwsem);
4169 
4170 	if (rbd_dev->lock_state != RBD_LOCK_STATE_LOCKED)
4171 		return false;
4172 
4173 	/*
4174 	 * Ensure that all in-flight IO is flushed.
4175 	 */
4176 	rbd_dev->lock_state = RBD_LOCK_STATE_RELEASING;
4177 	rbd_assert(!completion_done(&rbd_dev->releasing_wait));
4178 	need_wait = !list_empty(&rbd_dev->running_list);
4179 	downgrade_write(&rbd_dev->lock_rwsem);
4180 	if (need_wait)
4181 		wait_for_completion(&rbd_dev->releasing_wait);
4182 	up_read(&rbd_dev->lock_rwsem);
4183 
4184 	down_write(&rbd_dev->lock_rwsem);
4185 	if (rbd_dev->lock_state != RBD_LOCK_STATE_RELEASING)
4186 		return false;
4187 
4188 	rbd_assert(list_empty(&rbd_dev->running_list));
4189 	return true;
4190 }
4191 
4192 static void rbd_pre_release_action(struct rbd_device *rbd_dev)
4193 {
4194 	if (rbd_dev->header.features & RBD_FEATURE_OBJECT_MAP)
4195 		rbd_object_map_close(rbd_dev);
4196 }
4197 
4198 static void __rbd_release_lock(struct rbd_device *rbd_dev)
4199 {
4200 	rbd_assert(list_empty(&rbd_dev->running_list));
4201 
4202 	rbd_pre_release_action(rbd_dev);
4203 	rbd_unlock(rbd_dev);
4204 }
4205 
4206 /*
4207  * lock_rwsem must be held for write
4208  */
4209 static void rbd_release_lock(struct rbd_device *rbd_dev)
4210 {
4211 	if (!rbd_quiesce_lock(rbd_dev))
4212 		return;
4213 
4214 	__rbd_release_lock(rbd_dev);
4215 
4216 	/*
4217 	 * Give others a chance to grab the lock - we would re-acquire
4218 	 * almost immediately if we got new IO while draining the running
4219 	 * list otherwise.  We need to ack our own notifications, so this
4220 	 * lock_dwork will be requeued from rbd_handle_released_lock() by
4221 	 * way of maybe_kick_acquire().
4222 	 */
4223 	cancel_delayed_work(&rbd_dev->lock_dwork);
4224 }
4225 
4226 static void rbd_release_lock_work(struct work_struct *work)
4227 {
4228 	struct rbd_device *rbd_dev = container_of(work, struct rbd_device,
4229 						  unlock_work);
4230 
4231 	down_write(&rbd_dev->lock_rwsem);
4232 	rbd_release_lock(rbd_dev);
4233 	up_write(&rbd_dev->lock_rwsem);
4234 }
4235 
4236 static void maybe_kick_acquire(struct rbd_device *rbd_dev)
4237 {
4238 	bool have_requests;
4239 
4240 	dout("%s rbd_dev %p\n", __func__, rbd_dev);
4241 	if (__rbd_is_lock_owner(rbd_dev))
4242 		return;
4243 
4244 	spin_lock(&rbd_dev->lock_lists_lock);
4245 	have_requests = !list_empty(&rbd_dev->acquiring_list);
4246 	spin_unlock(&rbd_dev->lock_lists_lock);
4247 	if (have_requests || delayed_work_pending(&rbd_dev->lock_dwork)) {
4248 		dout("%s rbd_dev %p kicking lock_dwork\n", __func__, rbd_dev);
4249 		mod_delayed_work(rbd_dev->task_wq, &rbd_dev->lock_dwork, 0);
4250 	}
4251 }
4252 
4253 static void rbd_handle_acquired_lock(struct rbd_device *rbd_dev, u8 struct_v,
4254 				     void **p)
4255 {
4256 	struct rbd_client_id cid = { 0 };
4257 
4258 	if (struct_v >= 2) {
4259 		cid.gid = ceph_decode_64(p);
4260 		cid.handle = ceph_decode_64(p);
4261 	}
4262 
4263 	dout("%s rbd_dev %p cid %llu-%llu\n", __func__, rbd_dev, cid.gid,
4264 	     cid.handle);
4265 	if (!rbd_cid_equal(&cid, &rbd_empty_cid)) {
4266 		down_write(&rbd_dev->lock_rwsem);
4267 		if (rbd_cid_equal(&cid, &rbd_dev->owner_cid)) {
4268 			/*
4269 			 * we already know that the remote client is
4270 			 * the owner
4271 			 */
4272 			up_write(&rbd_dev->lock_rwsem);
4273 			return;
4274 		}
4275 
4276 		rbd_set_owner_cid(rbd_dev, &cid);
4277 		downgrade_write(&rbd_dev->lock_rwsem);
4278 	} else {
4279 		down_read(&rbd_dev->lock_rwsem);
4280 	}
4281 
4282 	maybe_kick_acquire(rbd_dev);
4283 	up_read(&rbd_dev->lock_rwsem);
4284 }
4285 
4286 static void rbd_handle_released_lock(struct rbd_device *rbd_dev, u8 struct_v,
4287 				     void **p)
4288 {
4289 	struct rbd_client_id cid = { 0 };
4290 
4291 	if (struct_v >= 2) {
4292 		cid.gid = ceph_decode_64(p);
4293 		cid.handle = ceph_decode_64(p);
4294 	}
4295 
4296 	dout("%s rbd_dev %p cid %llu-%llu\n", __func__, rbd_dev, cid.gid,
4297 	     cid.handle);
4298 	if (!rbd_cid_equal(&cid, &rbd_empty_cid)) {
4299 		down_write(&rbd_dev->lock_rwsem);
4300 		if (!rbd_cid_equal(&cid, &rbd_dev->owner_cid)) {
4301 			dout("%s rbd_dev %p unexpected owner, cid %llu-%llu != owner_cid %llu-%llu\n",
4302 			     __func__, rbd_dev, cid.gid, cid.handle,
4303 			     rbd_dev->owner_cid.gid, rbd_dev->owner_cid.handle);
4304 			up_write(&rbd_dev->lock_rwsem);
4305 			return;
4306 		}
4307 
4308 		rbd_set_owner_cid(rbd_dev, &rbd_empty_cid);
4309 		downgrade_write(&rbd_dev->lock_rwsem);
4310 	} else {
4311 		down_read(&rbd_dev->lock_rwsem);
4312 	}
4313 
4314 	maybe_kick_acquire(rbd_dev);
4315 	up_read(&rbd_dev->lock_rwsem);
4316 }
4317 
4318 /*
4319  * Returns result for ResponseMessage to be encoded (<= 0), or 1 if no
4320  * ResponseMessage is needed.
4321  */
4322 static int rbd_handle_request_lock(struct rbd_device *rbd_dev, u8 struct_v,
4323 				   void **p)
4324 {
4325 	struct rbd_client_id my_cid = rbd_get_cid(rbd_dev);
4326 	struct rbd_client_id cid = { 0 };
4327 	int result = 1;
4328 
4329 	if (struct_v >= 2) {
4330 		cid.gid = ceph_decode_64(p);
4331 		cid.handle = ceph_decode_64(p);
4332 	}
4333 
4334 	dout("%s rbd_dev %p cid %llu-%llu\n", __func__, rbd_dev, cid.gid,
4335 	     cid.handle);
4336 	if (rbd_cid_equal(&cid, &my_cid))
4337 		return result;
4338 
4339 	down_read(&rbd_dev->lock_rwsem);
4340 	if (__rbd_is_lock_owner(rbd_dev)) {
4341 		if (rbd_dev->lock_state == RBD_LOCK_STATE_LOCKED &&
4342 		    rbd_cid_equal(&rbd_dev->owner_cid, &rbd_empty_cid))
4343 			goto out_unlock;
4344 
4345 		/*
4346 		 * encode ResponseMessage(0) so the peer can detect
4347 		 * a missing owner
4348 		 */
4349 		result = 0;
4350 
4351 		if (rbd_dev->lock_state == RBD_LOCK_STATE_LOCKED) {
4352 			if (!rbd_dev->opts->exclusive) {
4353 				dout("%s rbd_dev %p queueing unlock_work\n",
4354 				     __func__, rbd_dev);
4355 				queue_work(rbd_dev->task_wq,
4356 					   &rbd_dev->unlock_work);
4357 			} else {
4358 				/* refuse to release the lock */
4359 				result = -EROFS;
4360 			}
4361 		}
4362 	}
4363 
4364 out_unlock:
4365 	up_read(&rbd_dev->lock_rwsem);
4366 	return result;
4367 }
4368 
4369 static void __rbd_acknowledge_notify(struct rbd_device *rbd_dev,
4370 				     u64 notify_id, u64 cookie, s32 *result)
4371 {
4372 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
4373 	char buf[4 + CEPH_ENCODING_START_BLK_LEN];
4374 	int buf_size = sizeof(buf);
4375 	int ret;
4376 
4377 	if (result) {
4378 		void *p = buf;
4379 
4380 		/* encode ResponseMessage */
4381 		ceph_start_encoding(&p, 1, 1,
4382 				    buf_size - CEPH_ENCODING_START_BLK_LEN);
4383 		ceph_encode_32(&p, *result);
4384 	} else {
4385 		buf_size = 0;
4386 	}
4387 
4388 	ret = ceph_osdc_notify_ack(osdc, &rbd_dev->header_oid,
4389 				   &rbd_dev->header_oloc, notify_id, cookie,
4390 				   buf, buf_size);
4391 	if (ret)
4392 		rbd_warn(rbd_dev, "acknowledge_notify failed: %d", ret);
4393 }
4394 
4395 static void rbd_acknowledge_notify(struct rbd_device *rbd_dev, u64 notify_id,
4396 				   u64 cookie)
4397 {
4398 	dout("%s rbd_dev %p\n", __func__, rbd_dev);
4399 	__rbd_acknowledge_notify(rbd_dev, notify_id, cookie, NULL);
4400 }
4401 
4402 static void rbd_acknowledge_notify_result(struct rbd_device *rbd_dev,
4403 					  u64 notify_id, u64 cookie, s32 result)
4404 {
4405 	dout("%s rbd_dev %p result %d\n", __func__, rbd_dev, result);
4406 	__rbd_acknowledge_notify(rbd_dev, notify_id, cookie, &result);
4407 }
4408 
4409 static void rbd_watch_cb(void *arg, u64 notify_id, u64 cookie,
4410 			 u64 notifier_id, void *data, size_t data_len)
4411 {
4412 	struct rbd_device *rbd_dev = arg;
4413 	void *p = data;
4414 	void *const end = p + data_len;
4415 	u8 struct_v = 0;
4416 	u32 len;
4417 	u32 notify_op;
4418 	int ret;
4419 
4420 	dout("%s rbd_dev %p cookie %llu notify_id %llu data_len %zu\n",
4421 	     __func__, rbd_dev, cookie, notify_id, data_len);
4422 	if (data_len) {
4423 		ret = ceph_start_decoding(&p, end, 1, "NotifyMessage",
4424 					  &struct_v, &len);
4425 		if (ret) {
4426 			rbd_warn(rbd_dev, "failed to decode NotifyMessage: %d",
4427 				 ret);
4428 			return;
4429 		}
4430 
4431 		notify_op = ceph_decode_32(&p);
4432 	} else {
4433 		/* legacy notification for header updates */
4434 		notify_op = RBD_NOTIFY_OP_HEADER_UPDATE;
4435 		len = 0;
4436 	}
4437 
4438 	dout("%s rbd_dev %p notify_op %u\n", __func__, rbd_dev, notify_op);
4439 	switch (notify_op) {
4440 	case RBD_NOTIFY_OP_ACQUIRED_LOCK:
4441 		rbd_handle_acquired_lock(rbd_dev, struct_v, &p);
4442 		rbd_acknowledge_notify(rbd_dev, notify_id, cookie);
4443 		break;
4444 	case RBD_NOTIFY_OP_RELEASED_LOCK:
4445 		rbd_handle_released_lock(rbd_dev, struct_v, &p);
4446 		rbd_acknowledge_notify(rbd_dev, notify_id, cookie);
4447 		break;
4448 	case RBD_NOTIFY_OP_REQUEST_LOCK:
4449 		ret = rbd_handle_request_lock(rbd_dev, struct_v, &p);
4450 		if (ret <= 0)
4451 			rbd_acknowledge_notify_result(rbd_dev, notify_id,
4452 						      cookie, ret);
4453 		else
4454 			rbd_acknowledge_notify(rbd_dev, notify_id, cookie);
4455 		break;
4456 	case RBD_NOTIFY_OP_HEADER_UPDATE:
4457 		ret = rbd_dev_refresh(rbd_dev);
4458 		if (ret)
4459 			rbd_warn(rbd_dev, "refresh failed: %d", ret);
4460 
4461 		rbd_acknowledge_notify(rbd_dev, notify_id, cookie);
4462 		break;
4463 	default:
4464 		if (rbd_is_lock_owner(rbd_dev))
4465 			rbd_acknowledge_notify_result(rbd_dev, notify_id,
4466 						      cookie, -EOPNOTSUPP);
4467 		else
4468 			rbd_acknowledge_notify(rbd_dev, notify_id, cookie);
4469 		break;
4470 	}
4471 }
4472 
4473 static void __rbd_unregister_watch(struct rbd_device *rbd_dev);
4474 
4475 static void rbd_watch_errcb(void *arg, u64 cookie, int err)
4476 {
4477 	struct rbd_device *rbd_dev = arg;
4478 
4479 	rbd_warn(rbd_dev, "encountered watch error: %d", err);
4480 
4481 	down_write(&rbd_dev->lock_rwsem);
4482 	rbd_set_owner_cid(rbd_dev, &rbd_empty_cid);
4483 	up_write(&rbd_dev->lock_rwsem);
4484 
4485 	mutex_lock(&rbd_dev->watch_mutex);
4486 	if (rbd_dev->watch_state == RBD_WATCH_STATE_REGISTERED) {
4487 		__rbd_unregister_watch(rbd_dev);
4488 		rbd_dev->watch_state = RBD_WATCH_STATE_ERROR;
4489 
4490 		queue_delayed_work(rbd_dev->task_wq, &rbd_dev->watch_dwork, 0);
4491 	}
4492 	mutex_unlock(&rbd_dev->watch_mutex);
4493 }
4494 
4495 /*
4496  * watch_mutex must be locked
4497  */
4498 static int __rbd_register_watch(struct rbd_device *rbd_dev)
4499 {
4500 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
4501 	struct ceph_osd_linger_request *handle;
4502 
4503 	rbd_assert(!rbd_dev->watch_handle);
4504 	dout("%s rbd_dev %p\n", __func__, rbd_dev);
4505 
4506 	handle = ceph_osdc_watch(osdc, &rbd_dev->header_oid,
4507 				 &rbd_dev->header_oloc, rbd_watch_cb,
4508 				 rbd_watch_errcb, rbd_dev);
4509 	if (IS_ERR(handle))
4510 		return PTR_ERR(handle);
4511 
4512 	rbd_dev->watch_handle = handle;
4513 	return 0;
4514 }
4515 
4516 /*
4517  * watch_mutex must be locked
4518  */
4519 static void __rbd_unregister_watch(struct rbd_device *rbd_dev)
4520 {
4521 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
4522 	int ret;
4523 
4524 	rbd_assert(rbd_dev->watch_handle);
4525 	dout("%s rbd_dev %p\n", __func__, rbd_dev);
4526 
4527 	ret = ceph_osdc_unwatch(osdc, rbd_dev->watch_handle);
4528 	if (ret)
4529 		rbd_warn(rbd_dev, "failed to unwatch: %d", ret);
4530 
4531 	rbd_dev->watch_handle = NULL;
4532 }
4533 
4534 static int rbd_register_watch(struct rbd_device *rbd_dev)
4535 {
4536 	int ret;
4537 
4538 	mutex_lock(&rbd_dev->watch_mutex);
4539 	rbd_assert(rbd_dev->watch_state == RBD_WATCH_STATE_UNREGISTERED);
4540 	ret = __rbd_register_watch(rbd_dev);
4541 	if (ret)
4542 		goto out;
4543 
4544 	rbd_dev->watch_state = RBD_WATCH_STATE_REGISTERED;
4545 	rbd_dev->watch_cookie = rbd_dev->watch_handle->linger_id;
4546 
4547 out:
4548 	mutex_unlock(&rbd_dev->watch_mutex);
4549 	return ret;
4550 }
4551 
4552 static void cancel_tasks_sync(struct rbd_device *rbd_dev)
4553 {
4554 	dout("%s rbd_dev %p\n", __func__, rbd_dev);
4555 
4556 	cancel_work_sync(&rbd_dev->acquired_lock_work);
4557 	cancel_work_sync(&rbd_dev->released_lock_work);
4558 	cancel_delayed_work_sync(&rbd_dev->lock_dwork);
4559 	cancel_work_sync(&rbd_dev->unlock_work);
4560 }
4561 
4562 static void rbd_unregister_watch(struct rbd_device *rbd_dev)
4563 {
4564 	cancel_tasks_sync(rbd_dev);
4565 
4566 	mutex_lock(&rbd_dev->watch_mutex);
4567 	if (rbd_dev->watch_state == RBD_WATCH_STATE_REGISTERED)
4568 		__rbd_unregister_watch(rbd_dev);
4569 	rbd_dev->watch_state = RBD_WATCH_STATE_UNREGISTERED;
4570 	mutex_unlock(&rbd_dev->watch_mutex);
4571 
4572 	cancel_delayed_work_sync(&rbd_dev->watch_dwork);
4573 	ceph_osdc_flush_notifies(&rbd_dev->rbd_client->client->osdc);
4574 }
4575 
4576 /*
4577  * lock_rwsem must be held for write
4578  */
4579 static void rbd_reacquire_lock(struct rbd_device *rbd_dev)
4580 {
4581 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
4582 	char cookie[32];
4583 	int ret;
4584 
4585 	if (!rbd_quiesce_lock(rbd_dev))
4586 		return;
4587 
4588 	format_lock_cookie(rbd_dev, cookie);
4589 	ret = ceph_cls_set_cookie(osdc, &rbd_dev->header_oid,
4590 				  &rbd_dev->header_oloc, RBD_LOCK_NAME,
4591 				  CEPH_CLS_LOCK_EXCLUSIVE, rbd_dev->lock_cookie,
4592 				  RBD_LOCK_TAG, cookie);
4593 	if (ret) {
4594 		if (ret != -EOPNOTSUPP)
4595 			rbd_warn(rbd_dev, "failed to update lock cookie: %d",
4596 				 ret);
4597 
4598 		/*
4599 		 * Lock cookie cannot be updated on older OSDs, so do
4600 		 * a manual release and queue an acquire.
4601 		 */
4602 		__rbd_release_lock(rbd_dev);
4603 		queue_delayed_work(rbd_dev->task_wq, &rbd_dev->lock_dwork, 0);
4604 	} else {
4605 		__rbd_lock(rbd_dev, cookie);
4606 		wake_lock_waiters(rbd_dev, 0);
4607 	}
4608 }
4609 
4610 static void rbd_reregister_watch(struct work_struct *work)
4611 {
4612 	struct rbd_device *rbd_dev = container_of(to_delayed_work(work),
4613 					    struct rbd_device, watch_dwork);
4614 	int ret;
4615 
4616 	dout("%s rbd_dev %p\n", __func__, rbd_dev);
4617 
4618 	mutex_lock(&rbd_dev->watch_mutex);
4619 	if (rbd_dev->watch_state != RBD_WATCH_STATE_ERROR) {
4620 		mutex_unlock(&rbd_dev->watch_mutex);
4621 		return;
4622 	}
4623 
4624 	ret = __rbd_register_watch(rbd_dev);
4625 	if (ret) {
4626 		rbd_warn(rbd_dev, "failed to reregister watch: %d", ret);
4627 		if (ret != -EBLACKLISTED && ret != -ENOENT) {
4628 			queue_delayed_work(rbd_dev->task_wq,
4629 					   &rbd_dev->watch_dwork,
4630 					   RBD_RETRY_DELAY);
4631 			mutex_unlock(&rbd_dev->watch_mutex);
4632 			return;
4633 		}
4634 
4635 		mutex_unlock(&rbd_dev->watch_mutex);
4636 		down_write(&rbd_dev->lock_rwsem);
4637 		wake_lock_waiters(rbd_dev, ret);
4638 		up_write(&rbd_dev->lock_rwsem);
4639 		return;
4640 	}
4641 
4642 	rbd_dev->watch_state = RBD_WATCH_STATE_REGISTERED;
4643 	rbd_dev->watch_cookie = rbd_dev->watch_handle->linger_id;
4644 	mutex_unlock(&rbd_dev->watch_mutex);
4645 
4646 	down_write(&rbd_dev->lock_rwsem);
4647 	if (rbd_dev->lock_state == RBD_LOCK_STATE_LOCKED)
4648 		rbd_reacquire_lock(rbd_dev);
4649 	up_write(&rbd_dev->lock_rwsem);
4650 
4651 	ret = rbd_dev_refresh(rbd_dev);
4652 	if (ret)
4653 		rbd_warn(rbd_dev, "reregistration refresh failed: %d", ret);
4654 }
4655 
4656 /*
4657  * Synchronous osd object method call.  Returns the number of bytes
4658  * returned in the outbound buffer, or a negative error code.
4659  */
4660 static int rbd_obj_method_sync(struct rbd_device *rbd_dev,
4661 			     struct ceph_object_id *oid,
4662 			     struct ceph_object_locator *oloc,
4663 			     const char *method_name,
4664 			     const void *outbound,
4665 			     size_t outbound_size,
4666 			     void *inbound,
4667 			     size_t inbound_size)
4668 {
4669 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
4670 	struct page *req_page = NULL;
4671 	struct page *reply_page;
4672 	int ret;
4673 
4674 	/*
4675 	 * Method calls are ultimately read operations.  The result
4676 	 * should placed into the inbound buffer provided.  They
4677 	 * also supply outbound data--parameters for the object
4678 	 * method.  Currently if this is present it will be a
4679 	 * snapshot id.
4680 	 */
4681 	if (outbound) {
4682 		if (outbound_size > PAGE_SIZE)
4683 			return -E2BIG;
4684 
4685 		req_page = alloc_page(GFP_KERNEL);
4686 		if (!req_page)
4687 			return -ENOMEM;
4688 
4689 		memcpy(page_address(req_page), outbound, outbound_size);
4690 	}
4691 
4692 	reply_page = alloc_page(GFP_KERNEL);
4693 	if (!reply_page) {
4694 		if (req_page)
4695 			__free_page(req_page);
4696 		return -ENOMEM;
4697 	}
4698 
4699 	ret = ceph_osdc_call(osdc, oid, oloc, RBD_DRV_NAME, method_name,
4700 			     CEPH_OSD_FLAG_READ, req_page, outbound_size,
4701 			     &reply_page, &inbound_size);
4702 	if (!ret) {
4703 		memcpy(inbound, page_address(reply_page), inbound_size);
4704 		ret = inbound_size;
4705 	}
4706 
4707 	if (req_page)
4708 		__free_page(req_page);
4709 	__free_page(reply_page);
4710 	return ret;
4711 }
4712 
4713 static void rbd_queue_workfn(struct work_struct *work)
4714 {
4715 	struct request *rq = blk_mq_rq_from_pdu(work);
4716 	struct rbd_device *rbd_dev = rq->q->queuedata;
4717 	struct rbd_img_request *img_request;
4718 	struct ceph_snap_context *snapc = NULL;
4719 	u64 offset = (u64)blk_rq_pos(rq) << SECTOR_SHIFT;
4720 	u64 length = blk_rq_bytes(rq);
4721 	enum obj_operation_type op_type;
4722 	u64 mapping_size;
4723 	int result;
4724 
4725 	switch (req_op(rq)) {
4726 	case REQ_OP_DISCARD:
4727 		op_type = OBJ_OP_DISCARD;
4728 		break;
4729 	case REQ_OP_WRITE_ZEROES:
4730 		op_type = OBJ_OP_ZEROOUT;
4731 		break;
4732 	case REQ_OP_WRITE:
4733 		op_type = OBJ_OP_WRITE;
4734 		break;
4735 	case REQ_OP_READ:
4736 		op_type = OBJ_OP_READ;
4737 		break;
4738 	default:
4739 		dout("%s: non-fs request type %d\n", __func__, req_op(rq));
4740 		result = -EIO;
4741 		goto err;
4742 	}
4743 
4744 	/* Ignore/skip any zero-length requests */
4745 
4746 	if (!length) {
4747 		dout("%s: zero-length request\n", __func__);
4748 		result = 0;
4749 		goto err_rq;
4750 	}
4751 
4752 	if (op_type != OBJ_OP_READ) {
4753 		if (rbd_is_ro(rbd_dev)) {
4754 			rbd_warn(rbd_dev, "%s on read-only mapping",
4755 				 obj_op_name(op_type));
4756 			result = -EIO;
4757 			goto err;
4758 		}
4759 		rbd_assert(!rbd_is_snap(rbd_dev));
4760 	}
4761 
4762 	if (offset && length > U64_MAX - offset + 1) {
4763 		rbd_warn(rbd_dev, "bad request range (%llu~%llu)", offset,
4764 			 length);
4765 		result = -EINVAL;
4766 		goto err_rq;	/* Shouldn't happen */
4767 	}
4768 
4769 	blk_mq_start_request(rq);
4770 
4771 	down_read(&rbd_dev->header_rwsem);
4772 	mapping_size = rbd_dev->mapping.size;
4773 	if (op_type != OBJ_OP_READ) {
4774 		snapc = rbd_dev->header.snapc;
4775 		ceph_get_snap_context(snapc);
4776 	}
4777 	up_read(&rbd_dev->header_rwsem);
4778 
4779 	if (offset + length > mapping_size) {
4780 		rbd_warn(rbd_dev, "beyond EOD (%llu~%llu > %llu)", offset,
4781 			 length, mapping_size);
4782 		result = -EIO;
4783 		goto err_rq;
4784 	}
4785 
4786 	img_request = rbd_img_request_create(rbd_dev, op_type, snapc);
4787 	if (!img_request) {
4788 		result = -ENOMEM;
4789 		goto err_rq;
4790 	}
4791 	img_request->rq = rq;
4792 	snapc = NULL; /* img_request consumes a ref */
4793 
4794 	dout("%s rbd_dev %p img_req %p %s %llu~%llu\n", __func__, rbd_dev,
4795 	     img_request, obj_op_name(op_type), offset, length);
4796 
4797 	if (op_type == OBJ_OP_DISCARD || op_type == OBJ_OP_ZEROOUT)
4798 		result = rbd_img_fill_nodata(img_request, offset, length);
4799 	else
4800 		result = rbd_img_fill_from_bio(img_request, offset, length,
4801 					       rq->bio);
4802 	if (result)
4803 		goto err_img_request;
4804 
4805 	rbd_img_handle_request(img_request, 0);
4806 	return;
4807 
4808 err_img_request:
4809 	rbd_img_request_put(img_request);
4810 err_rq:
4811 	if (result)
4812 		rbd_warn(rbd_dev, "%s %llx at %llx result %d",
4813 			 obj_op_name(op_type), length, offset, result);
4814 	ceph_put_snap_context(snapc);
4815 err:
4816 	blk_mq_end_request(rq, errno_to_blk_status(result));
4817 }
4818 
4819 static blk_status_t rbd_queue_rq(struct blk_mq_hw_ctx *hctx,
4820 		const struct blk_mq_queue_data *bd)
4821 {
4822 	struct request *rq = bd->rq;
4823 	struct work_struct *work = blk_mq_rq_to_pdu(rq);
4824 
4825 	queue_work(rbd_wq, work);
4826 	return BLK_STS_OK;
4827 }
4828 
4829 static void rbd_free_disk(struct rbd_device *rbd_dev)
4830 {
4831 	blk_cleanup_queue(rbd_dev->disk->queue);
4832 	blk_mq_free_tag_set(&rbd_dev->tag_set);
4833 	put_disk(rbd_dev->disk);
4834 	rbd_dev->disk = NULL;
4835 }
4836 
4837 static int rbd_obj_read_sync(struct rbd_device *rbd_dev,
4838 			     struct ceph_object_id *oid,
4839 			     struct ceph_object_locator *oloc,
4840 			     void *buf, int buf_len)
4841 
4842 {
4843 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
4844 	struct ceph_osd_request *req;
4845 	struct page **pages;
4846 	int num_pages = calc_pages_for(0, buf_len);
4847 	int ret;
4848 
4849 	req = ceph_osdc_alloc_request(osdc, NULL, 1, false, GFP_KERNEL);
4850 	if (!req)
4851 		return -ENOMEM;
4852 
4853 	ceph_oid_copy(&req->r_base_oid, oid);
4854 	ceph_oloc_copy(&req->r_base_oloc, oloc);
4855 	req->r_flags = CEPH_OSD_FLAG_READ;
4856 
4857 	pages = ceph_alloc_page_vector(num_pages, GFP_KERNEL);
4858 	if (IS_ERR(pages)) {
4859 		ret = PTR_ERR(pages);
4860 		goto out_req;
4861 	}
4862 
4863 	osd_req_op_extent_init(req, 0, CEPH_OSD_OP_READ, 0, buf_len, 0, 0);
4864 	osd_req_op_extent_osd_data_pages(req, 0, pages, buf_len, 0, false,
4865 					 true);
4866 
4867 	ret = ceph_osdc_alloc_messages(req, GFP_KERNEL);
4868 	if (ret)
4869 		goto out_req;
4870 
4871 	ceph_osdc_start_request(osdc, req, false);
4872 	ret = ceph_osdc_wait_request(osdc, req);
4873 	if (ret >= 0)
4874 		ceph_copy_from_page_vector(pages, buf, 0, ret);
4875 
4876 out_req:
4877 	ceph_osdc_put_request(req);
4878 	return ret;
4879 }
4880 
4881 /*
4882  * Read the complete header for the given rbd device.  On successful
4883  * return, the rbd_dev->header field will contain up-to-date
4884  * information about the image.
4885  */
4886 static int rbd_dev_v1_header_info(struct rbd_device *rbd_dev)
4887 {
4888 	struct rbd_image_header_ondisk *ondisk = NULL;
4889 	u32 snap_count = 0;
4890 	u64 names_size = 0;
4891 	u32 want_count;
4892 	int ret;
4893 
4894 	/*
4895 	 * The complete header will include an array of its 64-bit
4896 	 * snapshot ids, followed by the names of those snapshots as
4897 	 * a contiguous block of NUL-terminated strings.  Note that
4898 	 * the number of snapshots could change by the time we read
4899 	 * it in, in which case we re-read it.
4900 	 */
4901 	do {
4902 		size_t size;
4903 
4904 		kfree(ondisk);
4905 
4906 		size = sizeof (*ondisk);
4907 		size += snap_count * sizeof (struct rbd_image_snap_ondisk);
4908 		size += names_size;
4909 		ondisk = kmalloc(size, GFP_KERNEL);
4910 		if (!ondisk)
4911 			return -ENOMEM;
4912 
4913 		ret = rbd_obj_read_sync(rbd_dev, &rbd_dev->header_oid,
4914 					&rbd_dev->header_oloc, ondisk, size);
4915 		if (ret < 0)
4916 			goto out;
4917 		if ((size_t)ret < size) {
4918 			ret = -ENXIO;
4919 			rbd_warn(rbd_dev, "short header read (want %zd got %d)",
4920 				size, ret);
4921 			goto out;
4922 		}
4923 		if (!rbd_dev_ondisk_valid(ondisk)) {
4924 			ret = -ENXIO;
4925 			rbd_warn(rbd_dev, "invalid header");
4926 			goto out;
4927 		}
4928 
4929 		names_size = le64_to_cpu(ondisk->snap_names_len);
4930 		want_count = snap_count;
4931 		snap_count = le32_to_cpu(ondisk->snap_count);
4932 	} while (snap_count != want_count);
4933 
4934 	ret = rbd_header_from_disk(rbd_dev, ondisk);
4935 out:
4936 	kfree(ondisk);
4937 
4938 	return ret;
4939 }
4940 
4941 static void rbd_dev_update_size(struct rbd_device *rbd_dev)
4942 {
4943 	sector_t size;
4944 
4945 	/*
4946 	 * If EXISTS is not set, rbd_dev->disk may be NULL, so don't
4947 	 * try to update its size.  If REMOVING is set, updating size
4948 	 * is just useless work since the device can't be opened.
4949 	 */
4950 	if (test_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags) &&
4951 	    !test_bit(RBD_DEV_FLAG_REMOVING, &rbd_dev->flags)) {
4952 		size = (sector_t)rbd_dev->mapping.size / SECTOR_SIZE;
4953 		dout("setting size to %llu sectors", (unsigned long long)size);
4954 		set_capacity(rbd_dev->disk, size);
4955 		revalidate_disk(rbd_dev->disk);
4956 	}
4957 }
4958 
4959 static int rbd_dev_refresh(struct rbd_device *rbd_dev)
4960 {
4961 	u64 mapping_size;
4962 	int ret;
4963 
4964 	down_write(&rbd_dev->header_rwsem);
4965 	mapping_size = rbd_dev->mapping.size;
4966 
4967 	ret = rbd_dev_header_info(rbd_dev);
4968 	if (ret)
4969 		goto out;
4970 
4971 	/*
4972 	 * If there is a parent, see if it has disappeared due to the
4973 	 * mapped image getting flattened.
4974 	 */
4975 	if (rbd_dev->parent) {
4976 		ret = rbd_dev_v2_parent_info(rbd_dev);
4977 		if (ret)
4978 			goto out;
4979 	}
4980 
4981 	rbd_assert(!rbd_is_snap(rbd_dev));
4982 	rbd_dev->mapping.size = rbd_dev->header.image_size;
4983 
4984 out:
4985 	up_write(&rbd_dev->header_rwsem);
4986 	if (!ret && mapping_size != rbd_dev->mapping.size)
4987 		rbd_dev_update_size(rbd_dev);
4988 
4989 	return ret;
4990 }
4991 
4992 static int rbd_init_request(struct blk_mq_tag_set *set, struct request *rq,
4993 		unsigned int hctx_idx, unsigned int numa_node)
4994 {
4995 	struct work_struct *work = blk_mq_rq_to_pdu(rq);
4996 
4997 	INIT_WORK(work, rbd_queue_workfn);
4998 	return 0;
4999 }
5000 
5001 static const struct blk_mq_ops rbd_mq_ops = {
5002 	.queue_rq	= rbd_queue_rq,
5003 	.init_request	= rbd_init_request,
5004 };
5005 
5006 static int rbd_init_disk(struct rbd_device *rbd_dev)
5007 {
5008 	struct gendisk *disk;
5009 	struct request_queue *q;
5010 	unsigned int objset_bytes =
5011 	    rbd_dev->layout.object_size * rbd_dev->layout.stripe_count;
5012 	int err;
5013 
5014 	/* create gendisk info */
5015 	disk = alloc_disk(single_major ?
5016 			  (1 << RBD_SINGLE_MAJOR_PART_SHIFT) :
5017 			  RBD_MINORS_PER_MAJOR);
5018 	if (!disk)
5019 		return -ENOMEM;
5020 
5021 	snprintf(disk->disk_name, sizeof(disk->disk_name), RBD_DRV_NAME "%d",
5022 		 rbd_dev->dev_id);
5023 	disk->major = rbd_dev->major;
5024 	disk->first_minor = rbd_dev->minor;
5025 	if (single_major)
5026 		disk->flags |= GENHD_FL_EXT_DEVT;
5027 	disk->fops = &rbd_bd_ops;
5028 	disk->private_data = rbd_dev;
5029 
5030 	memset(&rbd_dev->tag_set, 0, sizeof(rbd_dev->tag_set));
5031 	rbd_dev->tag_set.ops = &rbd_mq_ops;
5032 	rbd_dev->tag_set.queue_depth = rbd_dev->opts->queue_depth;
5033 	rbd_dev->tag_set.numa_node = NUMA_NO_NODE;
5034 	rbd_dev->tag_set.flags = BLK_MQ_F_SHOULD_MERGE;
5035 	rbd_dev->tag_set.nr_hw_queues = 1;
5036 	rbd_dev->tag_set.cmd_size = sizeof(struct work_struct);
5037 
5038 	err = blk_mq_alloc_tag_set(&rbd_dev->tag_set);
5039 	if (err)
5040 		goto out_disk;
5041 
5042 	q = blk_mq_init_queue(&rbd_dev->tag_set);
5043 	if (IS_ERR(q)) {
5044 		err = PTR_ERR(q);
5045 		goto out_tag_set;
5046 	}
5047 
5048 	blk_queue_flag_set(QUEUE_FLAG_NONROT, q);
5049 	/* QUEUE_FLAG_ADD_RANDOM is off by default for blk-mq */
5050 
5051 	blk_queue_max_hw_sectors(q, objset_bytes >> SECTOR_SHIFT);
5052 	q->limits.max_sectors = queue_max_hw_sectors(q);
5053 	blk_queue_max_segments(q, USHRT_MAX);
5054 	blk_queue_max_segment_size(q, UINT_MAX);
5055 	blk_queue_io_min(q, rbd_dev->opts->alloc_size);
5056 	blk_queue_io_opt(q, rbd_dev->opts->alloc_size);
5057 
5058 	if (rbd_dev->opts->trim) {
5059 		blk_queue_flag_set(QUEUE_FLAG_DISCARD, q);
5060 		q->limits.discard_granularity = rbd_dev->opts->alloc_size;
5061 		blk_queue_max_discard_sectors(q, objset_bytes >> SECTOR_SHIFT);
5062 		blk_queue_max_write_zeroes_sectors(q, objset_bytes >> SECTOR_SHIFT);
5063 	}
5064 
5065 	if (!ceph_test_opt(rbd_dev->rbd_client->client, NOCRC))
5066 		q->backing_dev_info->capabilities |= BDI_CAP_STABLE_WRITES;
5067 
5068 	/*
5069 	 * disk_release() expects a queue ref from add_disk() and will
5070 	 * put it.  Hold an extra ref until add_disk() is called.
5071 	 */
5072 	WARN_ON(!blk_get_queue(q));
5073 	disk->queue = q;
5074 	q->queuedata = rbd_dev;
5075 
5076 	rbd_dev->disk = disk;
5077 
5078 	return 0;
5079 out_tag_set:
5080 	blk_mq_free_tag_set(&rbd_dev->tag_set);
5081 out_disk:
5082 	put_disk(disk);
5083 	return err;
5084 }
5085 
5086 /*
5087   sysfs
5088 */
5089 
5090 static struct rbd_device *dev_to_rbd_dev(struct device *dev)
5091 {
5092 	return container_of(dev, struct rbd_device, dev);
5093 }
5094 
5095 static ssize_t rbd_size_show(struct device *dev,
5096 			     struct device_attribute *attr, char *buf)
5097 {
5098 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5099 
5100 	return sprintf(buf, "%llu\n",
5101 		(unsigned long long)rbd_dev->mapping.size);
5102 }
5103 
5104 static ssize_t rbd_features_show(struct device *dev,
5105 			     struct device_attribute *attr, char *buf)
5106 {
5107 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5108 
5109 	return sprintf(buf, "0x%016llx\n", rbd_dev->header.features);
5110 }
5111 
5112 static ssize_t rbd_major_show(struct device *dev,
5113 			      struct device_attribute *attr, char *buf)
5114 {
5115 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5116 
5117 	if (rbd_dev->major)
5118 		return sprintf(buf, "%d\n", rbd_dev->major);
5119 
5120 	return sprintf(buf, "(none)\n");
5121 }
5122 
5123 static ssize_t rbd_minor_show(struct device *dev,
5124 			      struct device_attribute *attr, char *buf)
5125 {
5126 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5127 
5128 	return sprintf(buf, "%d\n", rbd_dev->minor);
5129 }
5130 
5131 static ssize_t rbd_client_addr_show(struct device *dev,
5132 				    struct device_attribute *attr, char *buf)
5133 {
5134 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5135 	struct ceph_entity_addr *client_addr =
5136 	    ceph_client_addr(rbd_dev->rbd_client->client);
5137 
5138 	return sprintf(buf, "%pISpc/%u\n", &client_addr->in_addr,
5139 		       le32_to_cpu(client_addr->nonce));
5140 }
5141 
5142 static ssize_t rbd_client_id_show(struct device *dev,
5143 				  struct device_attribute *attr, char *buf)
5144 {
5145 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5146 
5147 	return sprintf(buf, "client%lld\n",
5148 		       ceph_client_gid(rbd_dev->rbd_client->client));
5149 }
5150 
5151 static ssize_t rbd_cluster_fsid_show(struct device *dev,
5152 				     struct device_attribute *attr, char *buf)
5153 {
5154 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5155 
5156 	return sprintf(buf, "%pU\n", &rbd_dev->rbd_client->client->fsid);
5157 }
5158 
5159 static ssize_t rbd_config_info_show(struct device *dev,
5160 				    struct device_attribute *attr, char *buf)
5161 {
5162 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5163 
5164 	return sprintf(buf, "%s\n", rbd_dev->config_info);
5165 }
5166 
5167 static ssize_t rbd_pool_show(struct device *dev,
5168 			     struct device_attribute *attr, char *buf)
5169 {
5170 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5171 
5172 	return sprintf(buf, "%s\n", rbd_dev->spec->pool_name);
5173 }
5174 
5175 static ssize_t rbd_pool_id_show(struct device *dev,
5176 			     struct device_attribute *attr, char *buf)
5177 {
5178 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5179 
5180 	return sprintf(buf, "%llu\n",
5181 			(unsigned long long) rbd_dev->spec->pool_id);
5182 }
5183 
5184 static ssize_t rbd_pool_ns_show(struct device *dev,
5185 				struct device_attribute *attr, char *buf)
5186 {
5187 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5188 
5189 	return sprintf(buf, "%s\n", rbd_dev->spec->pool_ns ?: "");
5190 }
5191 
5192 static ssize_t rbd_name_show(struct device *dev,
5193 			     struct device_attribute *attr, char *buf)
5194 {
5195 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5196 
5197 	if (rbd_dev->spec->image_name)
5198 		return sprintf(buf, "%s\n", rbd_dev->spec->image_name);
5199 
5200 	return sprintf(buf, "(unknown)\n");
5201 }
5202 
5203 static ssize_t rbd_image_id_show(struct device *dev,
5204 			     struct device_attribute *attr, char *buf)
5205 {
5206 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5207 
5208 	return sprintf(buf, "%s\n", rbd_dev->spec->image_id);
5209 }
5210 
5211 /*
5212  * Shows the name of the currently-mapped snapshot (or
5213  * RBD_SNAP_HEAD_NAME for the base image).
5214  */
5215 static ssize_t rbd_snap_show(struct device *dev,
5216 			     struct device_attribute *attr,
5217 			     char *buf)
5218 {
5219 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5220 
5221 	return sprintf(buf, "%s\n", rbd_dev->spec->snap_name);
5222 }
5223 
5224 static ssize_t rbd_snap_id_show(struct device *dev,
5225 				struct device_attribute *attr, char *buf)
5226 {
5227 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5228 
5229 	return sprintf(buf, "%llu\n", rbd_dev->spec->snap_id);
5230 }
5231 
5232 /*
5233  * For a v2 image, shows the chain of parent images, separated by empty
5234  * lines.  For v1 images or if there is no parent, shows "(no parent
5235  * image)".
5236  */
5237 static ssize_t rbd_parent_show(struct device *dev,
5238 			       struct device_attribute *attr,
5239 			       char *buf)
5240 {
5241 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5242 	ssize_t count = 0;
5243 
5244 	if (!rbd_dev->parent)
5245 		return sprintf(buf, "(no parent image)\n");
5246 
5247 	for ( ; rbd_dev->parent; rbd_dev = rbd_dev->parent) {
5248 		struct rbd_spec *spec = rbd_dev->parent_spec;
5249 
5250 		count += sprintf(&buf[count], "%s"
5251 			    "pool_id %llu\npool_name %s\n"
5252 			    "pool_ns %s\n"
5253 			    "image_id %s\nimage_name %s\n"
5254 			    "snap_id %llu\nsnap_name %s\n"
5255 			    "overlap %llu\n",
5256 			    !count ? "" : "\n", /* first? */
5257 			    spec->pool_id, spec->pool_name,
5258 			    spec->pool_ns ?: "",
5259 			    spec->image_id, spec->image_name ?: "(unknown)",
5260 			    spec->snap_id, spec->snap_name,
5261 			    rbd_dev->parent_overlap);
5262 	}
5263 
5264 	return count;
5265 }
5266 
5267 static ssize_t rbd_image_refresh(struct device *dev,
5268 				 struct device_attribute *attr,
5269 				 const char *buf,
5270 				 size_t size)
5271 {
5272 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5273 	int ret;
5274 
5275 	ret = rbd_dev_refresh(rbd_dev);
5276 	if (ret)
5277 		return ret;
5278 
5279 	return size;
5280 }
5281 
5282 static DEVICE_ATTR(size, 0444, rbd_size_show, NULL);
5283 static DEVICE_ATTR(features, 0444, rbd_features_show, NULL);
5284 static DEVICE_ATTR(major, 0444, rbd_major_show, NULL);
5285 static DEVICE_ATTR(minor, 0444, rbd_minor_show, NULL);
5286 static DEVICE_ATTR(client_addr, 0444, rbd_client_addr_show, NULL);
5287 static DEVICE_ATTR(client_id, 0444, rbd_client_id_show, NULL);
5288 static DEVICE_ATTR(cluster_fsid, 0444, rbd_cluster_fsid_show, NULL);
5289 static DEVICE_ATTR(config_info, 0400, rbd_config_info_show, NULL);
5290 static DEVICE_ATTR(pool, 0444, rbd_pool_show, NULL);
5291 static DEVICE_ATTR(pool_id, 0444, rbd_pool_id_show, NULL);
5292 static DEVICE_ATTR(pool_ns, 0444, rbd_pool_ns_show, NULL);
5293 static DEVICE_ATTR(name, 0444, rbd_name_show, NULL);
5294 static DEVICE_ATTR(image_id, 0444, rbd_image_id_show, NULL);
5295 static DEVICE_ATTR(refresh, 0200, NULL, rbd_image_refresh);
5296 static DEVICE_ATTR(current_snap, 0444, rbd_snap_show, NULL);
5297 static DEVICE_ATTR(snap_id, 0444, rbd_snap_id_show, NULL);
5298 static DEVICE_ATTR(parent, 0444, rbd_parent_show, NULL);
5299 
5300 static struct attribute *rbd_attrs[] = {
5301 	&dev_attr_size.attr,
5302 	&dev_attr_features.attr,
5303 	&dev_attr_major.attr,
5304 	&dev_attr_minor.attr,
5305 	&dev_attr_client_addr.attr,
5306 	&dev_attr_client_id.attr,
5307 	&dev_attr_cluster_fsid.attr,
5308 	&dev_attr_config_info.attr,
5309 	&dev_attr_pool.attr,
5310 	&dev_attr_pool_id.attr,
5311 	&dev_attr_pool_ns.attr,
5312 	&dev_attr_name.attr,
5313 	&dev_attr_image_id.attr,
5314 	&dev_attr_current_snap.attr,
5315 	&dev_attr_snap_id.attr,
5316 	&dev_attr_parent.attr,
5317 	&dev_attr_refresh.attr,
5318 	NULL
5319 };
5320 
5321 static struct attribute_group rbd_attr_group = {
5322 	.attrs = rbd_attrs,
5323 };
5324 
5325 static const struct attribute_group *rbd_attr_groups[] = {
5326 	&rbd_attr_group,
5327 	NULL
5328 };
5329 
5330 static void rbd_dev_release(struct device *dev);
5331 
5332 static const struct device_type rbd_device_type = {
5333 	.name		= "rbd",
5334 	.groups		= rbd_attr_groups,
5335 	.release	= rbd_dev_release,
5336 };
5337 
5338 static struct rbd_spec *rbd_spec_get(struct rbd_spec *spec)
5339 {
5340 	kref_get(&spec->kref);
5341 
5342 	return spec;
5343 }
5344 
5345 static void rbd_spec_free(struct kref *kref);
5346 static void rbd_spec_put(struct rbd_spec *spec)
5347 {
5348 	if (spec)
5349 		kref_put(&spec->kref, rbd_spec_free);
5350 }
5351 
5352 static struct rbd_spec *rbd_spec_alloc(void)
5353 {
5354 	struct rbd_spec *spec;
5355 
5356 	spec = kzalloc(sizeof (*spec), GFP_KERNEL);
5357 	if (!spec)
5358 		return NULL;
5359 
5360 	spec->pool_id = CEPH_NOPOOL;
5361 	spec->snap_id = CEPH_NOSNAP;
5362 	kref_init(&spec->kref);
5363 
5364 	return spec;
5365 }
5366 
5367 static void rbd_spec_free(struct kref *kref)
5368 {
5369 	struct rbd_spec *spec = container_of(kref, struct rbd_spec, kref);
5370 
5371 	kfree(spec->pool_name);
5372 	kfree(spec->pool_ns);
5373 	kfree(spec->image_id);
5374 	kfree(spec->image_name);
5375 	kfree(spec->snap_name);
5376 	kfree(spec);
5377 }
5378 
5379 static void rbd_dev_free(struct rbd_device *rbd_dev)
5380 {
5381 	WARN_ON(rbd_dev->watch_state != RBD_WATCH_STATE_UNREGISTERED);
5382 	WARN_ON(rbd_dev->lock_state != RBD_LOCK_STATE_UNLOCKED);
5383 
5384 	ceph_oid_destroy(&rbd_dev->header_oid);
5385 	ceph_oloc_destroy(&rbd_dev->header_oloc);
5386 	kfree(rbd_dev->config_info);
5387 
5388 	rbd_put_client(rbd_dev->rbd_client);
5389 	rbd_spec_put(rbd_dev->spec);
5390 	kfree(rbd_dev->opts);
5391 	kfree(rbd_dev);
5392 }
5393 
5394 static void rbd_dev_release(struct device *dev)
5395 {
5396 	struct rbd_device *rbd_dev = dev_to_rbd_dev(dev);
5397 	bool need_put = !!rbd_dev->opts;
5398 
5399 	if (need_put) {
5400 		destroy_workqueue(rbd_dev->task_wq);
5401 		ida_simple_remove(&rbd_dev_id_ida, rbd_dev->dev_id);
5402 	}
5403 
5404 	rbd_dev_free(rbd_dev);
5405 
5406 	/*
5407 	 * This is racy, but way better than putting module outside of
5408 	 * the release callback.  The race window is pretty small, so
5409 	 * doing something similar to dm (dm-builtin.c) is overkill.
5410 	 */
5411 	if (need_put)
5412 		module_put(THIS_MODULE);
5413 }
5414 
5415 static struct rbd_device *__rbd_dev_create(struct rbd_client *rbdc,
5416 					   struct rbd_spec *spec)
5417 {
5418 	struct rbd_device *rbd_dev;
5419 
5420 	rbd_dev = kzalloc(sizeof(*rbd_dev), GFP_KERNEL);
5421 	if (!rbd_dev)
5422 		return NULL;
5423 
5424 	spin_lock_init(&rbd_dev->lock);
5425 	INIT_LIST_HEAD(&rbd_dev->node);
5426 	init_rwsem(&rbd_dev->header_rwsem);
5427 
5428 	rbd_dev->header.data_pool_id = CEPH_NOPOOL;
5429 	ceph_oid_init(&rbd_dev->header_oid);
5430 	rbd_dev->header_oloc.pool = spec->pool_id;
5431 	if (spec->pool_ns) {
5432 		WARN_ON(!*spec->pool_ns);
5433 		rbd_dev->header_oloc.pool_ns =
5434 		    ceph_find_or_create_string(spec->pool_ns,
5435 					       strlen(spec->pool_ns));
5436 	}
5437 
5438 	mutex_init(&rbd_dev->watch_mutex);
5439 	rbd_dev->watch_state = RBD_WATCH_STATE_UNREGISTERED;
5440 	INIT_DELAYED_WORK(&rbd_dev->watch_dwork, rbd_reregister_watch);
5441 
5442 	init_rwsem(&rbd_dev->lock_rwsem);
5443 	rbd_dev->lock_state = RBD_LOCK_STATE_UNLOCKED;
5444 	INIT_WORK(&rbd_dev->acquired_lock_work, rbd_notify_acquired_lock);
5445 	INIT_WORK(&rbd_dev->released_lock_work, rbd_notify_released_lock);
5446 	INIT_DELAYED_WORK(&rbd_dev->lock_dwork, rbd_acquire_lock);
5447 	INIT_WORK(&rbd_dev->unlock_work, rbd_release_lock_work);
5448 	spin_lock_init(&rbd_dev->lock_lists_lock);
5449 	INIT_LIST_HEAD(&rbd_dev->acquiring_list);
5450 	INIT_LIST_HEAD(&rbd_dev->running_list);
5451 	init_completion(&rbd_dev->acquire_wait);
5452 	init_completion(&rbd_dev->releasing_wait);
5453 
5454 	spin_lock_init(&rbd_dev->object_map_lock);
5455 
5456 	rbd_dev->dev.bus = &rbd_bus_type;
5457 	rbd_dev->dev.type = &rbd_device_type;
5458 	rbd_dev->dev.parent = &rbd_root_dev;
5459 	device_initialize(&rbd_dev->dev);
5460 
5461 	rbd_dev->rbd_client = rbdc;
5462 	rbd_dev->spec = spec;
5463 
5464 	return rbd_dev;
5465 }
5466 
5467 /*
5468  * Create a mapping rbd_dev.
5469  */
5470 static struct rbd_device *rbd_dev_create(struct rbd_client *rbdc,
5471 					 struct rbd_spec *spec,
5472 					 struct rbd_options *opts)
5473 {
5474 	struct rbd_device *rbd_dev;
5475 
5476 	rbd_dev = __rbd_dev_create(rbdc, spec);
5477 	if (!rbd_dev)
5478 		return NULL;
5479 
5480 	rbd_dev->opts = opts;
5481 
5482 	/* get an id and fill in device name */
5483 	rbd_dev->dev_id = ida_simple_get(&rbd_dev_id_ida, 0,
5484 					 minor_to_rbd_dev_id(1 << MINORBITS),
5485 					 GFP_KERNEL);
5486 	if (rbd_dev->dev_id < 0)
5487 		goto fail_rbd_dev;
5488 
5489 	sprintf(rbd_dev->name, RBD_DRV_NAME "%d", rbd_dev->dev_id);
5490 	rbd_dev->task_wq = alloc_ordered_workqueue("%s-tasks", WQ_MEM_RECLAIM,
5491 						   rbd_dev->name);
5492 	if (!rbd_dev->task_wq)
5493 		goto fail_dev_id;
5494 
5495 	/* we have a ref from do_rbd_add() */
5496 	__module_get(THIS_MODULE);
5497 
5498 	dout("%s rbd_dev %p dev_id %d\n", __func__, rbd_dev, rbd_dev->dev_id);
5499 	return rbd_dev;
5500 
5501 fail_dev_id:
5502 	ida_simple_remove(&rbd_dev_id_ida, rbd_dev->dev_id);
5503 fail_rbd_dev:
5504 	rbd_dev_free(rbd_dev);
5505 	return NULL;
5506 }
5507 
5508 static void rbd_dev_destroy(struct rbd_device *rbd_dev)
5509 {
5510 	if (rbd_dev)
5511 		put_device(&rbd_dev->dev);
5512 }
5513 
5514 /*
5515  * Get the size and object order for an image snapshot, or if
5516  * snap_id is CEPH_NOSNAP, gets this information for the base
5517  * image.
5518  */
5519 static int _rbd_dev_v2_snap_size(struct rbd_device *rbd_dev, u64 snap_id,
5520 				u8 *order, u64 *snap_size)
5521 {
5522 	__le64 snapid = cpu_to_le64(snap_id);
5523 	int ret;
5524 	struct {
5525 		u8 order;
5526 		__le64 size;
5527 	} __attribute__ ((packed)) size_buf = { 0 };
5528 
5529 	ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid,
5530 				  &rbd_dev->header_oloc, "get_size",
5531 				  &snapid, sizeof(snapid),
5532 				  &size_buf, sizeof(size_buf));
5533 	dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
5534 	if (ret < 0)
5535 		return ret;
5536 	if (ret < sizeof (size_buf))
5537 		return -ERANGE;
5538 
5539 	if (order) {
5540 		*order = size_buf.order;
5541 		dout("  order %u", (unsigned int)*order);
5542 	}
5543 	*snap_size = le64_to_cpu(size_buf.size);
5544 
5545 	dout("  snap_id 0x%016llx snap_size = %llu\n",
5546 		(unsigned long long)snap_id,
5547 		(unsigned long long)*snap_size);
5548 
5549 	return 0;
5550 }
5551 
5552 static int rbd_dev_v2_image_size(struct rbd_device *rbd_dev)
5553 {
5554 	return _rbd_dev_v2_snap_size(rbd_dev, CEPH_NOSNAP,
5555 					&rbd_dev->header.obj_order,
5556 					&rbd_dev->header.image_size);
5557 }
5558 
5559 static int rbd_dev_v2_object_prefix(struct rbd_device *rbd_dev)
5560 {
5561 	size_t size;
5562 	void *reply_buf;
5563 	int ret;
5564 	void *p;
5565 
5566 	/* Response will be an encoded string, which includes a length */
5567 	size = sizeof(__le32) + RBD_OBJ_PREFIX_LEN_MAX;
5568 	reply_buf = kzalloc(size, GFP_KERNEL);
5569 	if (!reply_buf)
5570 		return -ENOMEM;
5571 
5572 	ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid,
5573 				  &rbd_dev->header_oloc, "get_object_prefix",
5574 				  NULL, 0, reply_buf, size);
5575 	dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
5576 	if (ret < 0)
5577 		goto out;
5578 
5579 	p = reply_buf;
5580 	rbd_dev->header.object_prefix = ceph_extract_encoded_string(&p,
5581 						p + ret, NULL, GFP_NOIO);
5582 	ret = 0;
5583 
5584 	if (IS_ERR(rbd_dev->header.object_prefix)) {
5585 		ret = PTR_ERR(rbd_dev->header.object_prefix);
5586 		rbd_dev->header.object_prefix = NULL;
5587 	} else {
5588 		dout("  object_prefix = %s\n", rbd_dev->header.object_prefix);
5589 	}
5590 out:
5591 	kfree(reply_buf);
5592 
5593 	return ret;
5594 }
5595 
5596 static int _rbd_dev_v2_snap_features(struct rbd_device *rbd_dev, u64 snap_id,
5597 				     bool read_only, u64 *snap_features)
5598 {
5599 	struct {
5600 		__le64 snap_id;
5601 		u8 read_only;
5602 	} features_in;
5603 	struct {
5604 		__le64 features;
5605 		__le64 incompat;
5606 	} __attribute__ ((packed)) features_buf = { 0 };
5607 	u64 unsup;
5608 	int ret;
5609 
5610 	features_in.snap_id = cpu_to_le64(snap_id);
5611 	features_in.read_only = read_only;
5612 
5613 	ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid,
5614 				  &rbd_dev->header_oloc, "get_features",
5615 				  &features_in, sizeof(features_in),
5616 				  &features_buf, sizeof(features_buf));
5617 	dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
5618 	if (ret < 0)
5619 		return ret;
5620 	if (ret < sizeof (features_buf))
5621 		return -ERANGE;
5622 
5623 	unsup = le64_to_cpu(features_buf.incompat) & ~RBD_FEATURES_SUPPORTED;
5624 	if (unsup) {
5625 		rbd_warn(rbd_dev, "image uses unsupported features: 0x%llx",
5626 			 unsup);
5627 		return -ENXIO;
5628 	}
5629 
5630 	*snap_features = le64_to_cpu(features_buf.features);
5631 
5632 	dout("  snap_id 0x%016llx features = 0x%016llx incompat = 0x%016llx\n",
5633 		(unsigned long long)snap_id,
5634 		(unsigned long long)*snap_features,
5635 		(unsigned long long)le64_to_cpu(features_buf.incompat));
5636 
5637 	return 0;
5638 }
5639 
5640 static int rbd_dev_v2_features(struct rbd_device *rbd_dev)
5641 {
5642 	return _rbd_dev_v2_snap_features(rbd_dev, CEPH_NOSNAP,
5643 					 rbd_is_ro(rbd_dev),
5644 					 &rbd_dev->header.features);
5645 }
5646 
5647 /*
5648  * These are generic image flags, but since they are used only for
5649  * object map, store them in rbd_dev->object_map_flags.
5650  *
5651  * For the same reason, this function is called only on object map
5652  * (re)load and not on header refresh.
5653  */
5654 static int rbd_dev_v2_get_flags(struct rbd_device *rbd_dev)
5655 {
5656 	__le64 snapid = cpu_to_le64(rbd_dev->spec->snap_id);
5657 	__le64 flags;
5658 	int ret;
5659 
5660 	ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid,
5661 				  &rbd_dev->header_oloc, "get_flags",
5662 				  &snapid, sizeof(snapid),
5663 				  &flags, sizeof(flags));
5664 	if (ret < 0)
5665 		return ret;
5666 	if (ret < sizeof(flags))
5667 		return -EBADMSG;
5668 
5669 	rbd_dev->object_map_flags = le64_to_cpu(flags);
5670 	return 0;
5671 }
5672 
5673 struct parent_image_info {
5674 	u64		pool_id;
5675 	const char	*pool_ns;
5676 	const char	*image_id;
5677 	u64		snap_id;
5678 
5679 	bool		has_overlap;
5680 	u64		overlap;
5681 };
5682 
5683 /*
5684  * The caller is responsible for @pii.
5685  */
5686 static int decode_parent_image_spec(void **p, void *end,
5687 				    struct parent_image_info *pii)
5688 {
5689 	u8 struct_v;
5690 	u32 struct_len;
5691 	int ret;
5692 
5693 	ret = ceph_start_decoding(p, end, 1, "ParentImageSpec",
5694 				  &struct_v, &struct_len);
5695 	if (ret)
5696 		return ret;
5697 
5698 	ceph_decode_64_safe(p, end, pii->pool_id, e_inval);
5699 	pii->pool_ns = ceph_extract_encoded_string(p, end, NULL, GFP_KERNEL);
5700 	if (IS_ERR(pii->pool_ns)) {
5701 		ret = PTR_ERR(pii->pool_ns);
5702 		pii->pool_ns = NULL;
5703 		return ret;
5704 	}
5705 	pii->image_id = ceph_extract_encoded_string(p, end, NULL, GFP_KERNEL);
5706 	if (IS_ERR(pii->image_id)) {
5707 		ret = PTR_ERR(pii->image_id);
5708 		pii->image_id = NULL;
5709 		return ret;
5710 	}
5711 	ceph_decode_64_safe(p, end, pii->snap_id, e_inval);
5712 	return 0;
5713 
5714 e_inval:
5715 	return -EINVAL;
5716 }
5717 
5718 static int __get_parent_info(struct rbd_device *rbd_dev,
5719 			     struct page *req_page,
5720 			     struct page *reply_page,
5721 			     struct parent_image_info *pii)
5722 {
5723 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
5724 	size_t reply_len = PAGE_SIZE;
5725 	void *p, *end;
5726 	int ret;
5727 
5728 	ret = ceph_osdc_call(osdc, &rbd_dev->header_oid, &rbd_dev->header_oloc,
5729 			     "rbd", "parent_get", CEPH_OSD_FLAG_READ,
5730 			     req_page, sizeof(u64), &reply_page, &reply_len);
5731 	if (ret)
5732 		return ret == -EOPNOTSUPP ? 1 : ret;
5733 
5734 	p = page_address(reply_page);
5735 	end = p + reply_len;
5736 	ret = decode_parent_image_spec(&p, end, pii);
5737 	if (ret)
5738 		return ret;
5739 
5740 	ret = ceph_osdc_call(osdc, &rbd_dev->header_oid, &rbd_dev->header_oloc,
5741 			     "rbd", "parent_overlap_get", CEPH_OSD_FLAG_READ,
5742 			     req_page, sizeof(u64), &reply_page, &reply_len);
5743 	if (ret)
5744 		return ret;
5745 
5746 	p = page_address(reply_page);
5747 	end = p + reply_len;
5748 	ceph_decode_8_safe(&p, end, pii->has_overlap, e_inval);
5749 	if (pii->has_overlap)
5750 		ceph_decode_64_safe(&p, end, pii->overlap, e_inval);
5751 
5752 	return 0;
5753 
5754 e_inval:
5755 	return -EINVAL;
5756 }
5757 
5758 /*
5759  * The caller is responsible for @pii.
5760  */
5761 static int __get_parent_info_legacy(struct rbd_device *rbd_dev,
5762 				    struct page *req_page,
5763 				    struct page *reply_page,
5764 				    struct parent_image_info *pii)
5765 {
5766 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
5767 	size_t reply_len = PAGE_SIZE;
5768 	void *p, *end;
5769 	int ret;
5770 
5771 	ret = ceph_osdc_call(osdc, &rbd_dev->header_oid, &rbd_dev->header_oloc,
5772 			     "rbd", "get_parent", CEPH_OSD_FLAG_READ,
5773 			     req_page, sizeof(u64), &reply_page, &reply_len);
5774 	if (ret)
5775 		return ret;
5776 
5777 	p = page_address(reply_page);
5778 	end = p + reply_len;
5779 	ceph_decode_64_safe(&p, end, pii->pool_id, e_inval);
5780 	pii->image_id = ceph_extract_encoded_string(&p, end, NULL, GFP_KERNEL);
5781 	if (IS_ERR(pii->image_id)) {
5782 		ret = PTR_ERR(pii->image_id);
5783 		pii->image_id = NULL;
5784 		return ret;
5785 	}
5786 	ceph_decode_64_safe(&p, end, pii->snap_id, e_inval);
5787 	pii->has_overlap = true;
5788 	ceph_decode_64_safe(&p, end, pii->overlap, e_inval);
5789 
5790 	return 0;
5791 
5792 e_inval:
5793 	return -EINVAL;
5794 }
5795 
5796 static int get_parent_info(struct rbd_device *rbd_dev,
5797 			   struct parent_image_info *pii)
5798 {
5799 	struct page *req_page, *reply_page;
5800 	void *p;
5801 	int ret;
5802 
5803 	req_page = alloc_page(GFP_KERNEL);
5804 	if (!req_page)
5805 		return -ENOMEM;
5806 
5807 	reply_page = alloc_page(GFP_KERNEL);
5808 	if (!reply_page) {
5809 		__free_page(req_page);
5810 		return -ENOMEM;
5811 	}
5812 
5813 	p = page_address(req_page);
5814 	ceph_encode_64(&p, rbd_dev->spec->snap_id);
5815 	ret = __get_parent_info(rbd_dev, req_page, reply_page, pii);
5816 	if (ret > 0)
5817 		ret = __get_parent_info_legacy(rbd_dev, req_page, reply_page,
5818 					       pii);
5819 
5820 	__free_page(req_page);
5821 	__free_page(reply_page);
5822 	return ret;
5823 }
5824 
5825 static int rbd_dev_v2_parent_info(struct rbd_device *rbd_dev)
5826 {
5827 	struct rbd_spec *parent_spec;
5828 	struct parent_image_info pii = { 0 };
5829 	int ret;
5830 
5831 	parent_spec = rbd_spec_alloc();
5832 	if (!parent_spec)
5833 		return -ENOMEM;
5834 
5835 	ret = get_parent_info(rbd_dev, &pii);
5836 	if (ret)
5837 		goto out_err;
5838 
5839 	dout("%s pool_id %llu pool_ns %s image_id %s snap_id %llu has_overlap %d overlap %llu\n",
5840 	     __func__, pii.pool_id, pii.pool_ns, pii.image_id, pii.snap_id,
5841 	     pii.has_overlap, pii.overlap);
5842 
5843 	if (pii.pool_id == CEPH_NOPOOL || !pii.has_overlap) {
5844 		/*
5845 		 * Either the parent never existed, or we have
5846 		 * record of it but the image got flattened so it no
5847 		 * longer has a parent.  When the parent of a
5848 		 * layered image disappears we immediately set the
5849 		 * overlap to 0.  The effect of this is that all new
5850 		 * requests will be treated as if the image had no
5851 		 * parent.
5852 		 *
5853 		 * If !pii.has_overlap, the parent image spec is not
5854 		 * applicable.  It's there to avoid duplication in each
5855 		 * snapshot record.
5856 		 */
5857 		if (rbd_dev->parent_overlap) {
5858 			rbd_dev->parent_overlap = 0;
5859 			rbd_dev_parent_put(rbd_dev);
5860 			pr_info("%s: clone image has been flattened\n",
5861 				rbd_dev->disk->disk_name);
5862 		}
5863 
5864 		goto out;	/* No parent?  No problem. */
5865 	}
5866 
5867 	/* The ceph file layout needs to fit pool id in 32 bits */
5868 
5869 	ret = -EIO;
5870 	if (pii.pool_id > (u64)U32_MAX) {
5871 		rbd_warn(NULL, "parent pool id too large (%llu > %u)",
5872 			(unsigned long long)pii.pool_id, U32_MAX);
5873 		goto out_err;
5874 	}
5875 
5876 	/*
5877 	 * The parent won't change (except when the clone is
5878 	 * flattened, already handled that).  So we only need to
5879 	 * record the parent spec we have not already done so.
5880 	 */
5881 	if (!rbd_dev->parent_spec) {
5882 		parent_spec->pool_id = pii.pool_id;
5883 		if (pii.pool_ns && *pii.pool_ns) {
5884 			parent_spec->pool_ns = pii.pool_ns;
5885 			pii.pool_ns = NULL;
5886 		}
5887 		parent_spec->image_id = pii.image_id;
5888 		pii.image_id = NULL;
5889 		parent_spec->snap_id = pii.snap_id;
5890 
5891 		rbd_dev->parent_spec = parent_spec;
5892 		parent_spec = NULL;	/* rbd_dev now owns this */
5893 	}
5894 
5895 	/*
5896 	 * We always update the parent overlap.  If it's zero we issue
5897 	 * a warning, as we will proceed as if there was no parent.
5898 	 */
5899 	if (!pii.overlap) {
5900 		if (parent_spec) {
5901 			/* refresh, careful to warn just once */
5902 			if (rbd_dev->parent_overlap)
5903 				rbd_warn(rbd_dev,
5904 				    "clone now standalone (overlap became 0)");
5905 		} else {
5906 			/* initial probe */
5907 			rbd_warn(rbd_dev, "clone is standalone (overlap 0)");
5908 		}
5909 	}
5910 	rbd_dev->parent_overlap = pii.overlap;
5911 
5912 out:
5913 	ret = 0;
5914 out_err:
5915 	kfree(pii.pool_ns);
5916 	kfree(pii.image_id);
5917 	rbd_spec_put(parent_spec);
5918 	return ret;
5919 }
5920 
5921 static int rbd_dev_v2_striping_info(struct rbd_device *rbd_dev)
5922 {
5923 	struct {
5924 		__le64 stripe_unit;
5925 		__le64 stripe_count;
5926 	} __attribute__ ((packed)) striping_info_buf = { 0 };
5927 	size_t size = sizeof (striping_info_buf);
5928 	void *p;
5929 	int ret;
5930 
5931 	ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid,
5932 				&rbd_dev->header_oloc, "get_stripe_unit_count",
5933 				NULL, 0, &striping_info_buf, size);
5934 	dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
5935 	if (ret < 0)
5936 		return ret;
5937 	if (ret < size)
5938 		return -ERANGE;
5939 
5940 	p = &striping_info_buf;
5941 	rbd_dev->header.stripe_unit = ceph_decode_64(&p);
5942 	rbd_dev->header.stripe_count = ceph_decode_64(&p);
5943 	return 0;
5944 }
5945 
5946 static int rbd_dev_v2_data_pool(struct rbd_device *rbd_dev)
5947 {
5948 	__le64 data_pool_id;
5949 	int ret;
5950 
5951 	ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid,
5952 				  &rbd_dev->header_oloc, "get_data_pool",
5953 				  NULL, 0, &data_pool_id, sizeof(data_pool_id));
5954 	if (ret < 0)
5955 		return ret;
5956 	if (ret < sizeof(data_pool_id))
5957 		return -EBADMSG;
5958 
5959 	rbd_dev->header.data_pool_id = le64_to_cpu(data_pool_id);
5960 	WARN_ON(rbd_dev->header.data_pool_id == CEPH_NOPOOL);
5961 	return 0;
5962 }
5963 
5964 static char *rbd_dev_image_name(struct rbd_device *rbd_dev)
5965 {
5966 	CEPH_DEFINE_OID_ONSTACK(oid);
5967 	size_t image_id_size;
5968 	char *image_id;
5969 	void *p;
5970 	void *end;
5971 	size_t size;
5972 	void *reply_buf = NULL;
5973 	size_t len = 0;
5974 	char *image_name = NULL;
5975 	int ret;
5976 
5977 	rbd_assert(!rbd_dev->spec->image_name);
5978 
5979 	len = strlen(rbd_dev->spec->image_id);
5980 	image_id_size = sizeof (__le32) + len;
5981 	image_id = kmalloc(image_id_size, GFP_KERNEL);
5982 	if (!image_id)
5983 		return NULL;
5984 
5985 	p = image_id;
5986 	end = image_id + image_id_size;
5987 	ceph_encode_string(&p, end, rbd_dev->spec->image_id, (u32)len);
5988 
5989 	size = sizeof (__le32) + RBD_IMAGE_NAME_LEN_MAX;
5990 	reply_buf = kmalloc(size, GFP_KERNEL);
5991 	if (!reply_buf)
5992 		goto out;
5993 
5994 	ceph_oid_printf(&oid, "%s", RBD_DIRECTORY);
5995 	ret = rbd_obj_method_sync(rbd_dev, &oid, &rbd_dev->header_oloc,
5996 				  "dir_get_name", image_id, image_id_size,
5997 				  reply_buf, size);
5998 	if (ret < 0)
5999 		goto out;
6000 	p = reply_buf;
6001 	end = reply_buf + ret;
6002 
6003 	image_name = ceph_extract_encoded_string(&p, end, &len, GFP_KERNEL);
6004 	if (IS_ERR(image_name))
6005 		image_name = NULL;
6006 	else
6007 		dout("%s: name is %s len is %zd\n", __func__, image_name, len);
6008 out:
6009 	kfree(reply_buf);
6010 	kfree(image_id);
6011 
6012 	return image_name;
6013 }
6014 
6015 static u64 rbd_v1_snap_id_by_name(struct rbd_device *rbd_dev, const char *name)
6016 {
6017 	struct ceph_snap_context *snapc = rbd_dev->header.snapc;
6018 	const char *snap_name;
6019 	u32 which = 0;
6020 
6021 	/* Skip over names until we find the one we are looking for */
6022 
6023 	snap_name = rbd_dev->header.snap_names;
6024 	while (which < snapc->num_snaps) {
6025 		if (!strcmp(name, snap_name))
6026 			return snapc->snaps[which];
6027 		snap_name += strlen(snap_name) + 1;
6028 		which++;
6029 	}
6030 	return CEPH_NOSNAP;
6031 }
6032 
6033 static u64 rbd_v2_snap_id_by_name(struct rbd_device *rbd_dev, const char *name)
6034 {
6035 	struct ceph_snap_context *snapc = rbd_dev->header.snapc;
6036 	u32 which;
6037 	bool found = false;
6038 	u64 snap_id;
6039 
6040 	for (which = 0; !found && which < snapc->num_snaps; which++) {
6041 		const char *snap_name;
6042 
6043 		snap_id = snapc->snaps[which];
6044 		snap_name = rbd_dev_v2_snap_name(rbd_dev, snap_id);
6045 		if (IS_ERR(snap_name)) {
6046 			/* ignore no-longer existing snapshots */
6047 			if (PTR_ERR(snap_name) == -ENOENT)
6048 				continue;
6049 			else
6050 				break;
6051 		}
6052 		found = !strcmp(name, snap_name);
6053 		kfree(snap_name);
6054 	}
6055 	return found ? snap_id : CEPH_NOSNAP;
6056 }
6057 
6058 /*
6059  * Assumes name is never RBD_SNAP_HEAD_NAME; returns CEPH_NOSNAP if
6060  * no snapshot by that name is found, or if an error occurs.
6061  */
6062 static u64 rbd_snap_id_by_name(struct rbd_device *rbd_dev, const char *name)
6063 {
6064 	if (rbd_dev->image_format == 1)
6065 		return rbd_v1_snap_id_by_name(rbd_dev, name);
6066 
6067 	return rbd_v2_snap_id_by_name(rbd_dev, name);
6068 }
6069 
6070 /*
6071  * An image being mapped will have everything but the snap id.
6072  */
6073 static int rbd_spec_fill_snap_id(struct rbd_device *rbd_dev)
6074 {
6075 	struct rbd_spec *spec = rbd_dev->spec;
6076 
6077 	rbd_assert(spec->pool_id != CEPH_NOPOOL && spec->pool_name);
6078 	rbd_assert(spec->image_id && spec->image_name);
6079 	rbd_assert(spec->snap_name);
6080 
6081 	if (strcmp(spec->snap_name, RBD_SNAP_HEAD_NAME)) {
6082 		u64 snap_id;
6083 
6084 		snap_id = rbd_snap_id_by_name(rbd_dev, spec->snap_name);
6085 		if (snap_id == CEPH_NOSNAP)
6086 			return -ENOENT;
6087 
6088 		spec->snap_id = snap_id;
6089 	} else {
6090 		spec->snap_id = CEPH_NOSNAP;
6091 	}
6092 
6093 	return 0;
6094 }
6095 
6096 /*
6097  * A parent image will have all ids but none of the names.
6098  *
6099  * All names in an rbd spec are dynamically allocated.  It's OK if we
6100  * can't figure out the name for an image id.
6101  */
6102 static int rbd_spec_fill_names(struct rbd_device *rbd_dev)
6103 {
6104 	struct ceph_osd_client *osdc = &rbd_dev->rbd_client->client->osdc;
6105 	struct rbd_spec *spec = rbd_dev->spec;
6106 	const char *pool_name;
6107 	const char *image_name;
6108 	const char *snap_name;
6109 	int ret;
6110 
6111 	rbd_assert(spec->pool_id != CEPH_NOPOOL);
6112 	rbd_assert(spec->image_id);
6113 	rbd_assert(spec->snap_id != CEPH_NOSNAP);
6114 
6115 	/* Get the pool name; we have to make our own copy of this */
6116 
6117 	pool_name = ceph_pg_pool_name_by_id(osdc->osdmap, spec->pool_id);
6118 	if (!pool_name) {
6119 		rbd_warn(rbd_dev, "no pool with id %llu", spec->pool_id);
6120 		return -EIO;
6121 	}
6122 	pool_name = kstrdup(pool_name, GFP_KERNEL);
6123 	if (!pool_name)
6124 		return -ENOMEM;
6125 
6126 	/* Fetch the image name; tolerate failure here */
6127 
6128 	image_name = rbd_dev_image_name(rbd_dev);
6129 	if (!image_name)
6130 		rbd_warn(rbd_dev, "unable to get image name");
6131 
6132 	/* Fetch the snapshot name */
6133 
6134 	snap_name = rbd_snap_name(rbd_dev, spec->snap_id);
6135 	if (IS_ERR(snap_name)) {
6136 		ret = PTR_ERR(snap_name);
6137 		goto out_err;
6138 	}
6139 
6140 	spec->pool_name = pool_name;
6141 	spec->image_name = image_name;
6142 	spec->snap_name = snap_name;
6143 
6144 	return 0;
6145 
6146 out_err:
6147 	kfree(image_name);
6148 	kfree(pool_name);
6149 	return ret;
6150 }
6151 
6152 static int rbd_dev_v2_snap_context(struct rbd_device *rbd_dev)
6153 {
6154 	size_t size;
6155 	int ret;
6156 	void *reply_buf;
6157 	void *p;
6158 	void *end;
6159 	u64 seq;
6160 	u32 snap_count;
6161 	struct ceph_snap_context *snapc;
6162 	u32 i;
6163 
6164 	/*
6165 	 * We'll need room for the seq value (maximum snapshot id),
6166 	 * snapshot count, and array of that many snapshot ids.
6167 	 * For now we have a fixed upper limit on the number we're
6168 	 * prepared to receive.
6169 	 */
6170 	size = sizeof (__le64) + sizeof (__le32) +
6171 			RBD_MAX_SNAP_COUNT * sizeof (__le64);
6172 	reply_buf = kzalloc(size, GFP_KERNEL);
6173 	if (!reply_buf)
6174 		return -ENOMEM;
6175 
6176 	ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid,
6177 				  &rbd_dev->header_oloc, "get_snapcontext",
6178 				  NULL, 0, reply_buf, size);
6179 	dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
6180 	if (ret < 0)
6181 		goto out;
6182 
6183 	p = reply_buf;
6184 	end = reply_buf + ret;
6185 	ret = -ERANGE;
6186 	ceph_decode_64_safe(&p, end, seq, out);
6187 	ceph_decode_32_safe(&p, end, snap_count, out);
6188 
6189 	/*
6190 	 * Make sure the reported number of snapshot ids wouldn't go
6191 	 * beyond the end of our buffer.  But before checking that,
6192 	 * make sure the computed size of the snapshot context we
6193 	 * allocate is representable in a size_t.
6194 	 */
6195 	if (snap_count > (SIZE_MAX - sizeof (struct ceph_snap_context))
6196 				 / sizeof (u64)) {
6197 		ret = -EINVAL;
6198 		goto out;
6199 	}
6200 	if (!ceph_has_room(&p, end, snap_count * sizeof (__le64)))
6201 		goto out;
6202 	ret = 0;
6203 
6204 	snapc = ceph_create_snap_context(snap_count, GFP_KERNEL);
6205 	if (!snapc) {
6206 		ret = -ENOMEM;
6207 		goto out;
6208 	}
6209 	snapc->seq = seq;
6210 	for (i = 0; i < snap_count; i++)
6211 		snapc->snaps[i] = ceph_decode_64(&p);
6212 
6213 	ceph_put_snap_context(rbd_dev->header.snapc);
6214 	rbd_dev->header.snapc = snapc;
6215 
6216 	dout("  snap context seq = %llu, snap_count = %u\n",
6217 		(unsigned long long)seq, (unsigned int)snap_count);
6218 out:
6219 	kfree(reply_buf);
6220 
6221 	return ret;
6222 }
6223 
6224 static const char *rbd_dev_v2_snap_name(struct rbd_device *rbd_dev,
6225 					u64 snap_id)
6226 {
6227 	size_t size;
6228 	void *reply_buf;
6229 	__le64 snapid;
6230 	int ret;
6231 	void *p;
6232 	void *end;
6233 	char *snap_name;
6234 
6235 	size = sizeof (__le32) + RBD_MAX_SNAP_NAME_LEN;
6236 	reply_buf = kmalloc(size, GFP_KERNEL);
6237 	if (!reply_buf)
6238 		return ERR_PTR(-ENOMEM);
6239 
6240 	snapid = cpu_to_le64(snap_id);
6241 	ret = rbd_obj_method_sync(rbd_dev, &rbd_dev->header_oid,
6242 				  &rbd_dev->header_oloc, "get_snapshot_name",
6243 				  &snapid, sizeof(snapid), reply_buf, size);
6244 	dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
6245 	if (ret < 0) {
6246 		snap_name = ERR_PTR(ret);
6247 		goto out;
6248 	}
6249 
6250 	p = reply_buf;
6251 	end = reply_buf + ret;
6252 	snap_name = ceph_extract_encoded_string(&p, end, NULL, GFP_KERNEL);
6253 	if (IS_ERR(snap_name))
6254 		goto out;
6255 
6256 	dout("  snap_id 0x%016llx snap_name = %s\n",
6257 		(unsigned long long)snap_id, snap_name);
6258 out:
6259 	kfree(reply_buf);
6260 
6261 	return snap_name;
6262 }
6263 
6264 static int rbd_dev_v2_header_info(struct rbd_device *rbd_dev)
6265 {
6266 	bool first_time = rbd_dev->header.object_prefix == NULL;
6267 	int ret;
6268 
6269 	ret = rbd_dev_v2_image_size(rbd_dev);
6270 	if (ret)
6271 		return ret;
6272 
6273 	if (first_time) {
6274 		ret = rbd_dev_v2_header_onetime(rbd_dev);
6275 		if (ret)
6276 			return ret;
6277 	}
6278 
6279 	ret = rbd_dev_v2_snap_context(rbd_dev);
6280 	if (ret && first_time) {
6281 		kfree(rbd_dev->header.object_prefix);
6282 		rbd_dev->header.object_prefix = NULL;
6283 	}
6284 
6285 	return ret;
6286 }
6287 
6288 static int rbd_dev_header_info(struct rbd_device *rbd_dev)
6289 {
6290 	rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
6291 
6292 	if (rbd_dev->image_format == 1)
6293 		return rbd_dev_v1_header_info(rbd_dev);
6294 
6295 	return rbd_dev_v2_header_info(rbd_dev);
6296 }
6297 
6298 /*
6299  * Skips over white space at *buf, and updates *buf to point to the
6300  * first found non-space character (if any). Returns the length of
6301  * the token (string of non-white space characters) found.  Note
6302  * that *buf must be terminated with '\0'.
6303  */
6304 static inline size_t next_token(const char **buf)
6305 {
6306         /*
6307         * These are the characters that produce nonzero for
6308         * isspace() in the "C" and "POSIX" locales.
6309         */
6310         const char *spaces = " \f\n\r\t\v";
6311 
6312         *buf += strspn(*buf, spaces);	/* Find start of token */
6313 
6314 	return strcspn(*buf, spaces);   /* Return token length */
6315 }
6316 
6317 /*
6318  * Finds the next token in *buf, dynamically allocates a buffer big
6319  * enough to hold a copy of it, and copies the token into the new
6320  * buffer.  The copy is guaranteed to be terminated with '\0'.  Note
6321  * that a duplicate buffer is created even for a zero-length token.
6322  *
6323  * Returns a pointer to the newly-allocated duplicate, or a null
6324  * pointer if memory for the duplicate was not available.  If
6325  * the lenp argument is a non-null pointer, the length of the token
6326  * (not including the '\0') is returned in *lenp.
6327  *
6328  * If successful, the *buf pointer will be updated to point beyond
6329  * the end of the found token.
6330  *
6331  * Note: uses GFP_KERNEL for allocation.
6332  */
6333 static inline char *dup_token(const char **buf, size_t *lenp)
6334 {
6335 	char *dup;
6336 	size_t len;
6337 
6338 	len = next_token(buf);
6339 	dup = kmemdup(*buf, len + 1, GFP_KERNEL);
6340 	if (!dup)
6341 		return NULL;
6342 	*(dup + len) = '\0';
6343 	*buf += len;
6344 
6345 	if (lenp)
6346 		*lenp = len;
6347 
6348 	return dup;
6349 }
6350 
6351 static int rbd_parse_param(struct fs_parameter *param,
6352 			    struct rbd_parse_opts_ctx *pctx)
6353 {
6354 	struct rbd_options *opt = pctx->opts;
6355 	struct fs_parse_result result;
6356 	int token, ret;
6357 
6358 	ret = ceph_parse_param(param, pctx->copts, NULL);
6359 	if (ret != -ENOPARAM)
6360 		return ret;
6361 
6362 	token = fs_parse(NULL, &rbd_parameters, param, &result);
6363 	dout("%s fs_parse '%s' token %d\n", __func__, param->key, token);
6364 	if (token < 0) {
6365 		if (token == -ENOPARAM) {
6366 			return invalf(NULL, "rbd: Unknown parameter '%s'",
6367 				      param->key);
6368 		}
6369 		return token;
6370 	}
6371 
6372 	switch (token) {
6373 	case Opt_queue_depth:
6374 		if (result.uint_32 < 1)
6375 			goto out_of_range;
6376 		opt->queue_depth = result.uint_32;
6377 		break;
6378 	case Opt_alloc_size:
6379 		if (result.uint_32 < SECTOR_SIZE)
6380 			goto out_of_range;
6381 		if (!is_power_of_2(result.uint_32)) {
6382 			return invalf(NULL, "rbd: alloc_size must be a power of 2");
6383 		}
6384 		opt->alloc_size = result.uint_32;
6385 		break;
6386 	case Opt_lock_timeout:
6387 		/* 0 is "wait forever" (i.e. infinite timeout) */
6388 		if (result.uint_32 > INT_MAX / 1000)
6389 			goto out_of_range;
6390 		opt->lock_timeout = msecs_to_jiffies(result.uint_32 * 1000);
6391 		break;
6392 	case Opt_pool_ns:
6393 		kfree(pctx->spec->pool_ns);
6394 		pctx->spec->pool_ns = param->string;
6395 		param->string = NULL;
6396 		break;
6397 	case Opt_read_only:
6398 		opt->read_only = true;
6399 		break;
6400 	case Opt_read_write:
6401 		opt->read_only = false;
6402 		break;
6403 	case Opt_lock_on_read:
6404 		opt->lock_on_read = true;
6405 		break;
6406 	case Opt_exclusive:
6407 		opt->exclusive = true;
6408 		break;
6409 	case Opt_notrim:
6410 		opt->trim = false;
6411 		break;
6412 	default:
6413 		BUG();
6414 	}
6415 
6416 	return 0;
6417 
6418 out_of_range:
6419 	return invalf(NULL, "rbd: %s out of range", param->key);
6420 }
6421 
6422 /*
6423  * This duplicates most of generic_parse_monolithic(), untying it from
6424  * fs_context and skipping standard superblock and security options.
6425  */
6426 static int rbd_parse_options(char *options, struct rbd_parse_opts_ctx *pctx)
6427 {
6428 	char *key;
6429 	int ret = 0;
6430 
6431 	dout("%s '%s'\n", __func__, options);
6432 	while ((key = strsep(&options, ",")) != NULL) {
6433 		if (*key) {
6434 			struct fs_parameter param = {
6435 				.key	= key,
6436 				.type	= fs_value_is_string,
6437 			};
6438 			char *value = strchr(key, '=');
6439 			size_t v_len = 0;
6440 
6441 			if (value) {
6442 				if (value == key)
6443 					continue;
6444 				*value++ = 0;
6445 				v_len = strlen(value);
6446 			}
6447 
6448 
6449 			if (v_len > 0) {
6450 				param.string = kmemdup_nul(value, v_len,
6451 							   GFP_KERNEL);
6452 				if (!param.string)
6453 					return -ENOMEM;
6454 			}
6455 			param.size = v_len;
6456 
6457 			ret = rbd_parse_param(&param, pctx);
6458 			kfree(param.string);
6459 			if (ret)
6460 				break;
6461 		}
6462 	}
6463 
6464 	return ret;
6465 }
6466 
6467 /*
6468  * Parse the options provided for an "rbd add" (i.e., rbd image
6469  * mapping) request.  These arrive via a write to /sys/bus/rbd/add,
6470  * and the data written is passed here via a NUL-terminated buffer.
6471  * Returns 0 if successful or an error code otherwise.
6472  *
6473  * The information extracted from these options is recorded in
6474  * the other parameters which return dynamically-allocated
6475  * structures:
6476  *  ceph_opts
6477  *      The address of a pointer that will refer to a ceph options
6478  *      structure.  Caller must release the returned pointer using
6479  *      ceph_destroy_options() when it is no longer needed.
6480  *  rbd_opts
6481  *	Address of an rbd options pointer.  Fully initialized by
6482  *	this function; caller must release with kfree().
6483  *  spec
6484  *	Address of an rbd image specification pointer.  Fully
6485  *	initialized by this function based on parsed options.
6486  *	Caller must release with rbd_spec_put().
6487  *
6488  * The options passed take this form:
6489  *  <mon_addrs> <options> <pool_name> <image_name> [<snap_id>]
6490  * where:
6491  *  <mon_addrs>
6492  *      A comma-separated list of one or more monitor addresses.
6493  *      A monitor address is an ip address, optionally followed
6494  *      by a port number (separated by a colon).
6495  *        I.e.:  ip1[:port1][,ip2[:port2]...]
6496  *  <options>
6497  *      A comma-separated list of ceph and/or rbd options.
6498  *  <pool_name>
6499  *      The name of the rados pool containing the rbd image.
6500  *  <image_name>
6501  *      The name of the image in that pool to map.
6502  *  <snap_id>
6503  *      An optional snapshot id.  If provided, the mapping will
6504  *      present data from the image at the time that snapshot was
6505  *      created.  The image head is used if no snapshot id is
6506  *      provided.  Snapshot mappings are always read-only.
6507  */
6508 static int rbd_add_parse_args(const char *buf,
6509 				struct ceph_options **ceph_opts,
6510 				struct rbd_options **opts,
6511 				struct rbd_spec **rbd_spec)
6512 {
6513 	size_t len;
6514 	char *options;
6515 	const char *mon_addrs;
6516 	char *snap_name;
6517 	size_t mon_addrs_size;
6518 	struct rbd_parse_opts_ctx pctx = { 0 };
6519 	int ret;
6520 
6521 	/* The first four tokens are required */
6522 
6523 	len = next_token(&buf);
6524 	if (!len) {
6525 		rbd_warn(NULL, "no monitor address(es) provided");
6526 		return -EINVAL;
6527 	}
6528 	mon_addrs = buf;
6529 	mon_addrs_size = len;
6530 	buf += len;
6531 
6532 	ret = -EINVAL;
6533 	options = dup_token(&buf, NULL);
6534 	if (!options)
6535 		return -ENOMEM;
6536 	if (!*options) {
6537 		rbd_warn(NULL, "no options provided");
6538 		goto out_err;
6539 	}
6540 
6541 	pctx.spec = rbd_spec_alloc();
6542 	if (!pctx.spec)
6543 		goto out_mem;
6544 
6545 	pctx.spec->pool_name = dup_token(&buf, NULL);
6546 	if (!pctx.spec->pool_name)
6547 		goto out_mem;
6548 	if (!*pctx.spec->pool_name) {
6549 		rbd_warn(NULL, "no pool name provided");
6550 		goto out_err;
6551 	}
6552 
6553 	pctx.spec->image_name = dup_token(&buf, NULL);
6554 	if (!pctx.spec->image_name)
6555 		goto out_mem;
6556 	if (!*pctx.spec->image_name) {
6557 		rbd_warn(NULL, "no image name provided");
6558 		goto out_err;
6559 	}
6560 
6561 	/*
6562 	 * Snapshot name is optional; default is to use "-"
6563 	 * (indicating the head/no snapshot).
6564 	 */
6565 	len = next_token(&buf);
6566 	if (!len) {
6567 		buf = RBD_SNAP_HEAD_NAME; /* No snapshot supplied */
6568 		len = sizeof (RBD_SNAP_HEAD_NAME) - 1;
6569 	} else if (len > RBD_MAX_SNAP_NAME_LEN) {
6570 		ret = -ENAMETOOLONG;
6571 		goto out_err;
6572 	}
6573 	snap_name = kmemdup(buf, len + 1, GFP_KERNEL);
6574 	if (!snap_name)
6575 		goto out_mem;
6576 	*(snap_name + len) = '\0';
6577 	pctx.spec->snap_name = snap_name;
6578 
6579 	pctx.copts = ceph_alloc_options();
6580 	if (!pctx.copts)
6581 		goto out_mem;
6582 
6583 	/* Initialize all rbd options to the defaults */
6584 
6585 	pctx.opts = kzalloc(sizeof(*pctx.opts), GFP_KERNEL);
6586 	if (!pctx.opts)
6587 		goto out_mem;
6588 
6589 	pctx.opts->read_only = RBD_READ_ONLY_DEFAULT;
6590 	pctx.opts->queue_depth = RBD_QUEUE_DEPTH_DEFAULT;
6591 	pctx.opts->alloc_size = RBD_ALLOC_SIZE_DEFAULT;
6592 	pctx.opts->lock_timeout = RBD_LOCK_TIMEOUT_DEFAULT;
6593 	pctx.opts->lock_on_read = RBD_LOCK_ON_READ_DEFAULT;
6594 	pctx.opts->exclusive = RBD_EXCLUSIVE_DEFAULT;
6595 	pctx.opts->trim = RBD_TRIM_DEFAULT;
6596 
6597 	ret = ceph_parse_mon_ips(mon_addrs, mon_addrs_size, pctx.copts, NULL);
6598 	if (ret)
6599 		goto out_err;
6600 
6601 	ret = rbd_parse_options(options, &pctx);
6602 	if (ret)
6603 		goto out_err;
6604 
6605 	*ceph_opts = pctx.copts;
6606 	*opts = pctx.opts;
6607 	*rbd_spec = pctx.spec;
6608 	kfree(options);
6609 	return 0;
6610 
6611 out_mem:
6612 	ret = -ENOMEM;
6613 out_err:
6614 	kfree(pctx.opts);
6615 	ceph_destroy_options(pctx.copts);
6616 	rbd_spec_put(pctx.spec);
6617 	kfree(options);
6618 	return ret;
6619 }
6620 
6621 static void rbd_dev_image_unlock(struct rbd_device *rbd_dev)
6622 {
6623 	down_write(&rbd_dev->lock_rwsem);
6624 	if (__rbd_is_lock_owner(rbd_dev))
6625 		__rbd_release_lock(rbd_dev);
6626 	up_write(&rbd_dev->lock_rwsem);
6627 }
6628 
6629 /*
6630  * If the wait is interrupted, an error is returned even if the lock
6631  * was successfully acquired.  rbd_dev_image_unlock() will release it
6632  * if needed.
6633  */
6634 static int rbd_add_acquire_lock(struct rbd_device *rbd_dev)
6635 {
6636 	long ret;
6637 
6638 	if (!(rbd_dev->header.features & RBD_FEATURE_EXCLUSIVE_LOCK)) {
6639 		if (!rbd_dev->opts->exclusive && !rbd_dev->opts->lock_on_read)
6640 			return 0;
6641 
6642 		rbd_warn(rbd_dev, "exclusive-lock feature is not enabled");
6643 		return -EINVAL;
6644 	}
6645 
6646 	if (rbd_is_ro(rbd_dev))
6647 		return 0;
6648 
6649 	rbd_assert(!rbd_is_lock_owner(rbd_dev));
6650 	queue_delayed_work(rbd_dev->task_wq, &rbd_dev->lock_dwork, 0);
6651 	ret = wait_for_completion_killable_timeout(&rbd_dev->acquire_wait,
6652 			    ceph_timeout_jiffies(rbd_dev->opts->lock_timeout));
6653 	if (ret > 0) {
6654 		ret = rbd_dev->acquire_err;
6655 	} else {
6656 		cancel_delayed_work_sync(&rbd_dev->lock_dwork);
6657 		if (!ret)
6658 			ret = -ETIMEDOUT;
6659 	}
6660 
6661 	if (ret) {
6662 		rbd_warn(rbd_dev, "failed to acquire exclusive lock: %ld", ret);
6663 		return ret;
6664 	}
6665 
6666 	/*
6667 	 * The lock may have been released by now, unless automatic lock
6668 	 * transitions are disabled.
6669 	 */
6670 	rbd_assert(!rbd_dev->opts->exclusive || rbd_is_lock_owner(rbd_dev));
6671 	return 0;
6672 }
6673 
6674 /*
6675  * An rbd format 2 image has a unique identifier, distinct from the
6676  * name given to it by the user.  Internally, that identifier is
6677  * what's used to specify the names of objects related to the image.
6678  *
6679  * A special "rbd id" object is used to map an rbd image name to its
6680  * id.  If that object doesn't exist, then there is no v2 rbd image
6681  * with the supplied name.
6682  *
6683  * This function will record the given rbd_dev's image_id field if
6684  * it can be determined, and in that case will return 0.  If any
6685  * errors occur a negative errno will be returned and the rbd_dev's
6686  * image_id field will be unchanged (and should be NULL).
6687  */
6688 static int rbd_dev_image_id(struct rbd_device *rbd_dev)
6689 {
6690 	int ret;
6691 	size_t size;
6692 	CEPH_DEFINE_OID_ONSTACK(oid);
6693 	void *response;
6694 	char *image_id;
6695 
6696 	/*
6697 	 * When probing a parent image, the image id is already
6698 	 * known (and the image name likely is not).  There's no
6699 	 * need to fetch the image id again in this case.  We
6700 	 * do still need to set the image format though.
6701 	 */
6702 	if (rbd_dev->spec->image_id) {
6703 		rbd_dev->image_format = *rbd_dev->spec->image_id ? 2 : 1;
6704 
6705 		return 0;
6706 	}
6707 
6708 	/*
6709 	 * First, see if the format 2 image id file exists, and if
6710 	 * so, get the image's persistent id from it.
6711 	 */
6712 	ret = ceph_oid_aprintf(&oid, GFP_KERNEL, "%s%s", RBD_ID_PREFIX,
6713 			       rbd_dev->spec->image_name);
6714 	if (ret)
6715 		return ret;
6716 
6717 	dout("rbd id object name is %s\n", oid.name);
6718 
6719 	/* Response will be an encoded string, which includes a length */
6720 	size = sizeof (__le32) + RBD_IMAGE_ID_LEN_MAX;
6721 	response = kzalloc(size, GFP_NOIO);
6722 	if (!response) {
6723 		ret = -ENOMEM;
6724 		goto out;
6725 	}
6726 
6727 	/* If it doesn't exist we'll assume it's a format 1 image */
6728 
6729 	ret = rbd_obj_method_sync(rbd_dev, &oid, &rbd_dev->header_oloc,
6730 				  "get_id", NULL, 0,
6731 				  response, size);
6732 	dout("%s: rbd_obj_method_sync returned %d\n", __func__, ret);
6733 	if (ret == -ENOENT) {
6734 		image_id = kstrdup("", GFP_KERNEL);
6735 		ret = image_id ? 0 : -ENOMEM;
6736 		if (!ret)
6737 			rbd_dev->image_format = 1;
6738 	} else if (ret >= 0) {
6739 		void *p = response;
6740 
6741 		image_id = ceph_extract_encoded_string(&p, p + ret,
6742 						NULL, GFP_NOIO);
6743 		ret = PTR_ERR_OR_ZERO(image_id);
6744 		if (!ret)
6745 			rbd_dev->image_format = 2;
6746 	}
6747 
6748 	if (!ret) {
6749 		rbd_dev->spec->image_id = image_id;
6750 		dout("image_id is %s\n", image_id);
6751 	}
6752 out:
6753 	kfree(response);
6754 	ceph_oid_destroy(&oid);
6755 	return ret;
6756 }
6757 
6758 /*
6759  * Undo whatever state changes are made by v1 or v2 header info
6760  * call.
6761  */
6762 static void rbd_dev_unprobe(struct rbd_device *rbd_dev)
6763 {
6764 	struct rbd_image_header	*header;
6765 
6766 	rbd_dev_parent_put(rbd_dev);
6767 	rbd_object_map_free(rbd_dev);
6768 	rbd_dev_mapping_clear(rbd_dev);
6769 
6770 	/* Free dynamic fields from the header, then zero it out */
6771 
6772 	header = &rbd_dev->header;
6773 	ceph_put_snap_context(header->snapc);
6774 	kfree(header->snap_sizes);
6775 	kfree(header->snap_names);
6776 	kfree(header->object_prefix);
6777 	memset(header, 0, sizeof (*header));
6778 }
6779 
6780 static int rbd_dev_v2_header_onetime(struct rbd_device *rbd_dev)
6781 {
6782 	int ret;
6783 
6784 	ret = rbd_dev_v2_object_prefix(rbd_dev);
6785 	if (ret)
6786 		goto out_err;
6787 
6788 	/*
6789 	 * Get the and check features for the image.  Currently the
6790 	 * features are assumed to never change.
6791 	 */
6792 	ret = rbd_dev_v2_features(rbd_dev);
6793 	if (ret)
6794 		goto out_err;
6795 
6796 	/* If the image supports fancy striping, get its parameters */
6797 
6798 	if (rbd_dev->header.features & RBD_FEATURE_STRIPINGV2) {
6799 		ret = rbd_dev_v2_striping_info(rbd_dev);
6800 		if (ret < 0)
6801 			goto out_err;
6802 	}
6803 
6804 	if (rbd_dev->header.features & RBD_FEATURE_DATA_POOL) {
6805 		ret = rbd_dev_v2_data_pool(rbd_dev);
6806 		if (ret)
6807 			goto out_err;
6808 	}
6809 
6810 	rbd_init_layout(rbd_dev);
6811 	return 0;
6812 
6813 out_err:
6814 	rbd_dev->header.features = 0;
6815 	kfree(rbd_dev->header.object_prefix);
6816 	rbd_dev->header.object_prefix = NULL;
6817 	return ret;
6818 }
6819 
6820 /*
6821  * @depth is rbd_dev_image_probe() -> rbd_dev_probe_parent() ->
6822  * rbd_dev_image_probe() recursion depth, which means it's also the
6823  * length of the already discovered part of the parent chain.
6824  */
6825 static int rbd_dev_probe_parent(struct rbd_device *rbd_dev, int depth)
6826 {
6827 	struct rbd_device *parent = NULL;
6828 	int ret;
6829 
6830 	if (!rbd_dev->parent_spec)
6831 		return 0;
6832 
6833 	if (++depth > RBD_MAX_PARENT_CHAIN_LEN) {
6834 		pr_info("parent chain is too long (%d)\n", depth);
6835 		ret = -EINVAL;
6836 		goto out_err;
6837 	}
6838 
6839 	parent = __rbd_dev_create(rbd_dev->rbd_client, rbd_dev->parent_spec);
6840 	if (!parent) {
6841 		ret = -ENOMEM;
6842 		goto out_err;
6843 	}
6844 
6845 	/*
6846 	 * Images related by parent/child relationships always share
6847 	 * rbd_client and spec/parent_spec, so bump their refcounts.
6848 	 */
6849 	__rbd_get_client(rbd_dev->rbd_client);
6850 	rbd_spec_get(rbd_dev->parent_spec);
6851 
6852 	__set_bit(RBD_DEV_FLAG_READONLY, &parent->flags);
6853 
6854 	ret = rbd_dev_image_probe(parent, depth);
6855 	if (ret < 0)
6856 		goto out_err;
6857 
6858 	rbd_dev->parent = parent;
6859 	atomic_set(&rbd_dev->parent_ref, 1);
6860 	return 0;
6861 
6862 out_err:
6863 	rbd_dev_unparent(rbd_dev);
6864 	rbd_dev_destroy(parent);
6865 	return ret;
6866 }
6867 
6868 static void rbd_dev_device_release(struct rbd_device *rbd_dev)
6869 {
6870 	clear_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags);
6871 	rbd_free_disk(rbd_dev);
6872 	if (!single_major)
6873 		unregister_blkdev(rbd_dev->major, rbd_dev->name);
6874 }
6875 
6876 /*
6877  * rbd_dev->header_rwsem must be locked for write and will be unlocked
6878  * upon return.
6879  */
6880 static int rbd_dev_device_setup(struct rbd_device *rbd_dev)
6881 {
6882 	int ret;
6883 
6884 	/* Record our major and minor device numbers. */
6885 
6886 	if (!single_major) {
6887 		ret = register_blkdev(0, rbd_dev->name);
6888 		if (ret < 0)
6889 			goto err_out_unlock;
6890 
6891 		rbd_dev->major = ret;
6892 		rbd_dev->minor = 0;
6893 	} else {
6894 		rbd_dev->major = rbd_major;
6895 		rbd_dev->minor = rbd_dev_id_to_minor(rbd_dev->dev_id);
6896 	}
6897 
6898 	/* Set up the blkdev mapping. */
6899 
6900 	ret = rbd_init_disk(rbd_dev);
6901 	if (ret)
6902 		goto err_out_blkdev;
6903 
6904 	set_capacity(rbd_dev->disk, rbd_dev->mapping.size / SECTOR_SIZE);
6905 	set_disk_ro(rbd_dev->disk, rbd_is_ro(rbd_dev));
6906 
6907 	ret = dev_set_name(&rbd_dev->dev, "%d", rbd_dev->dev_id);
6908 	if (ret)
6909 		goto err_out_disk;
6910 
6911 	set_bit(RBD_DEV_FLAG_EXISTS, &rbd_dev->flags);
6912 	up_write(&rbd_dev->header_rwsem);
6913 	return 0;
6914 
6915 err_out_disk:
6916 	rbd_free_disk(rbd_dev);
6917 err_out_blkdev:
6918 	if (!single_major)
6919 		unregister_blkdev(rbd_dev->major, rbd_dev->name);
6920 err_out_unlock:
6921 	up_write(&rbd_dev->header_rwsem);
6922 	return ret;
6923 }
6924 
6925 static int rbd_dev_header_name(struct rbd_device *rbd_dev)
6926 {
6927 	struct rbd_spec *spec = rbd_dev->spec;
6928 	int ret;
6929 
6930 	/* Record the header object name for this rbd image. */
6931 
6932 	rbd_assert(rbd_image_format_valid(rbd_dev->image_format));
6933 	if (rbd_dev->image_format == 1)
6934 		ret = ceph_oid_aprintf(&rbd_dev->header_oid, GFP_KERNEL, "%s%s",
6935 				       spec->image_name, RBD_SUFFIX);
6936 	else
6937 		ret = ceph_oid_aprintf(&rbd_dev->header_oid, GFP_KERNEL, "%s%s",
6938 				       RBD_HEADER_PREFIX, spec->image_id);
6939 
6940 	return ret;
6941 }
6942 
6943 static void rbd_print_dne(struct rbd_device *rbd_dev, bool is_snap)
6944 {
6945 	if (!is_snap) {
6946 		pr_info("image %s/%s%s%s does not exist\n",
6947 			rbd_dev->spec->pool_name,
6948 			rbd_dev->spec->pool_ns ?: "",
6949 			rbd_dev->spec->pool_ns ? "/" : "",
6950 			rbd_dev->spec->image_name);
6951 	} else {
6952 		pr_info("snap %s/%s%s%s@%s does not exist\n",
6953 			rbd_dev->spec->pool_name,
6954 			rbd_dev->spec->pool_ns ?: "",
6955 			rbd_dev->spec->pool_ns ? "/" : "",
6956 			rbd_dev->spec->image_name,
6957 			rbd_dev->spec->snap_name);
6958 	}
6959 }
6960 
6961 static void rbd_dev_image_release(struct rbd_device *rbd_dev)
6962 {
6963 	rbd_dev_unprobe(rbd_dev);
6964 	if (rbd_dev->opts)
6965 		rbd_unregister_watch(rbd_dev);
6966 	rbd_dev->image_format = 0;
6967 	kfree(rbd_dev->spec->image_id);
6968 	rbd_dev->spec->image_id = NULL;
6969 }
6970 
6971 /*
6972  * Probe for the existence of the header object for the given rbd
6973  * device.  If this image is the one being mapped (i.e., not a
6974  * parent), initiate a watch on its header object before using that
6975  * object to get detailed information about the rbd image.
6976  */
6977 static int rbd_dev_image_probe(struct rbd_device *rbd_dev, int depth)
6978 {
6979 	bool need_watch = !rbd_is_ro(rbd_dev);
6980 	int ret;
6981 
6982 	/*
6983 	 * Get the id from the image id object.  Unless there's an
6984 	 * error, rbd_dev->spec->image_id will be filled in with
6985 	 * a dynamically-allocated string, and rbd_dev->image_format
6986 	 * will be set to either 1 or 2.
6987 	 */
6988 	ret = rbd_dev_image_id(rbd_dev);
6989 	if (ret)
6990 		return ret;
6991 
6992 	ret = rbd_dev_header_name(rbd_dev);
6993 	if (ret)
6994 		goto err_out_format;
6995 
6996 	if (need_watch) {
6997 		ret = rbd_register_watch(rbd_dev);
6998 		if (ret) {
6999 			if (ret == -ENOENT)
7000 				rbd_print_dne(rbd_dev, false);
7001 			goto err_out_format;
7002 		}
7003 	}
7004 
7005 	ret = rbd_dev_header_info(rbd_dev);
7006 	if (ret) {
7007 		if (ret == -ENOENT && !need_watch)
7008 			rbd_print_dne(rbd_dev, false);
7009 		goto err_out_watch;
7010 	}
7011 
7012 	/*
7013 	 * If this image is the one being mapped, we have pool name and
7014 	 * id, image name and id, and snap name - need to fill snap id.
7015 	 * Otherwise this is a parent image, identified by pool, image
7016 	 * and snap ids - need to fill in names for those ids.
7017 	 */
7018 	if (!depth)
7019 		ret = rbd_spec_fill_snap_id(rbd_dev);
7020 	else
7021 		ret = rbd_spec_fill_names(rbd_dev);
7022 	if (ret) {
7023 		if (ret == -ENOENT)
7024 			rbd_print_dne(rbd_dev, true);
7025 		goto err_out_probe;
7026 	}
7027 
7028 	ret = rbd_dev_mapping_set(rbd_dev);
7029 	if (ret)
7030 		goto err_out_probe;
7031 
7032 	if (rbd_is_snap(rbd_dev) &&
7033 	    (rbd_dev->header.features & RBD_FEATURE_OBJECT_MAP)) {
7034 		ret = rbd_object_map_load(rbd_dev);
7035 		if (ret)
7036 			goto err_out_probe;
7037 	}
7038 
7039 	if (rbd_dev->header.features & RBD_FEATURE_LAYERING) {
7040 		ret = rbd_dev_v2_parent_info(rbd_dev);
7041 		if (ret)
7042 			goto err_out_probe;
7043 	}
7044 
7045 	ret = rbd_dev_probe_parent(rbd_dev, depth);
7046 	if (ret)
7047 		goto err_out_probe;
7048 
7049 	dout("discovered format %u image, header name is %s\n",
7050 		rbd_dev->image_format, rbd_dev->header_oid.name);
7051 	return 0;
7052 
7053 err_out_probe:
7054 	rbd_dev_unprobe(rbd_dev);
7055 err_out_watch:
7056 	if (need_watch)
7057 		rbd_unregister_watch(rbd_dev);
7058 err_out_format:
7059 	rbd_dev->image_format = 0;
7060 	kfree(rbd_dev->spec->image_id);
7061 	rbd_dev->spec->image_id = NULL;
7062 	return ret;
7063 }
7064 
7065 static ssize_t do_rbd_add(struct bus_type *bus,
7066 			  const char *buf,
7067 			  size_t count)
7068 {
7069 	struct rbd_device *rbd_dev = NULL;
7070 	struct ceph_options *ceph_opts = NULL;
7071 	struct rbd_options *rbd_opts = NULL;
7072 	struct rbd_spec *spec = NULL;
7073 	struct rbd_client *rbdc;
7074 	int rc;
7075 
7076 	if (!try_module_get(THIS_MODULE))
7077 		return -ENODEV;
7078 
7079 	/* parse add command */
7080 	rc = rbd_add_parse_args(buf, &ceph_opts, &rbd_opts, &spec);
7081 	if (rc < 0)
7082 		goto out;
7083 
7084 	rbdc = rbd_get_client(ceph_opts);
7085 	if (IS_ERR(rbdc)) {
7086 		rc = PTR_ERR(rbdc);
7087 		goto err_out_args;
7088 	}
7089 
7090 	/* pick the pool */
7091 	rc = ceph_pg_poolid_by_name(rbdc->client->osdc.osdmap, spec->pool_name);
7092 	if (rc < 0) {
7093 		if (rc == -ENOENT)
7094 			pr_info("pool %s does not exist\n", spec->pool_name);
7095 		goto err_out_client;
7096 	}
7097 	spec->pool_id = (u64)rc;
7098 
7099 	rbd_dev = rbd_dev_create(rbdc, spec, rbd_opts);
7100 	if (!rbd_dev) {
7101 		rc = -ENOMEM;
7102 		goto err_out_client;
7103 	}
7104 	rbdc = NULL;		/* rbd_dev now owns this */
7105 	spec = NULL;		/* rbd_dev now owns this */
7106 	rbd_opts = NULL;	/* rbd_dev now owns this */
7107 
7108 	/* if we are mapping a snapshot it will be a read-only mapping */
7109 	if (rbd_dev->opts->read_only ||
7110 	    strcmp(rbd_dev->spec->snap_name, RBD_SNAP_HEAD_NAME))
7111 		__set_bit(RBD_DEV_FLAG_READONLY, &rbd_dev->flags);
7112 
7113 	rbd_dev->config_info = kstrdup(buf, GFP_KERNEL);
7114 	if (!rbd_dev->config_info) {
7115 		rc = -ENOMEM;
7116 		goto err_out_rbd_dev;
7117 	}
7118 
7119 	down_write(&rbd_dev->header_rwsem);
7120 	rc = rbd_dev_image_probe(rbd_dev, 0);
7121 	if (rc < 0) {
7122 		up_write(&rbd_dev->header_rwsem);
7123 		goto err_out_rbd_dev;
7124 	}
7125 
7126 	if (rbd_dev->opts->alloc_size > rbd_dev->layout.object_size) {
7127 		rbd_warn(rbd_dev, "alloc_size adjusted to %u",
7128 			 rbd_dev->layout.object_size);
7129 		rbd_dev->opts->alloc_size = rbd_dev->layout.object_size;
7130 	}
7131 
7132 	rc = rbd_dev_device_setup(rbd_dev);
7133 	if (rc)
7134 		goto err_out_image_probe;
7135 
7136 	rc = rbd_add_acquire_lock(rbd_dev);
7137 	if (rc)
7138 		goto err_out_image_lock;
7139 
7140 	/* Everything's ready.  Announce the disk to the world. */
7141 
7142 	rc = device_add(&rbd_dev->dev);
7143 	if (rc)
7144 		goto err_out_image_lock;
7145 
7146 	add_disk(rbd_dev->disk);
7147 	/* see rbd_init_disk() */
7148 	blk_put_queue(rbd_dev->disk->queue);
7149 
7150 	spin_lock(&rbd_dev_list_lock);
7151 	list_add_tail(&rbd_dev->node, &rbd_dev_list);
7152 	spin_unlock(&rbd_dev_list_lock);
7153 
7154 	pr_info("%s: capacity %llu features 0x%llx\n", rbd_dev->disk->disk_name,
7155 		(unsigned long long)get_capacity(rbd_dev->disk) << SECTOR_SHIFT,
7156 		rbd_dev->header.features);
7157 	rc = count;
7158 out:
7159 	module_put(THIS_MODULE);
7160 	return rc;
7161 
7162 err_out_image_lock:
7163 	rbd_dev_image_unlock(rbd_dev);
7164 	rbd_dev_device_release(rbd_dev);
7165 err_out_image_probe:
7166 	rbd_dev_image_release(rbd_dev);
7167 err_out_rbd_dev:
7168 	rbd_dev_destroy(rbd_dev);
7169 err_out_client:
7170 	rbd_put_client(rbdc);
7171 err_out_args:
7172 	rbd_spec_put(spec);
7173 	kfree(rbd_opts);
7174 	goto out;
7175 }
7176 
7177 static ssize_t add_store(struct bus_type *bus, const char *buf, size_t count)
7178 {
7179 	if (single_major)
7180 		return -EINVAL;
7181 
7182 	return do_rbd_add(bus, buf, count);
7183 }
7184 
7185 static ssize_t add_single_major_store(struct bus_type *bus, const char *buf,
7186 				      size_t count)
7187 {
7188 	return do_rbd_add(bus, buf, count);
7189 }
7190 
7191 static void rbd_dev_remove_parent(struct rbd_device *rbd_dev)
7192 {
7193 	while (rbd_dev->parent) {
7194 		struct rbd_device *first = rbd_dev;
7195 		struct rbd_device *second = first->parent;
7196 		struct rbd_device *third;
7197 
7198 		/*
7199 		 * Follow to the parent with no grandparent and
7200 		 * remove it.
7201 		 */
7202 		while (second && (third = second->parent)) {
7203 			first = second;
7204 			second = third;
7205 		}
7206 		rbd_assert(second);
7207 		rbd_dev_image_release(second);
7208 		rbd_dev_destroy(second);
7209 		first->parent = NULL;
7210 		first->parent_overlap = 0;
7211 
7212 		rbd_assert(first->parent_spec);
7213 		rbd_spec_put(first->parent_spec);
7214 		first->parent_spec = NULL;
7215 	}
7216 }
7217 
7218 static ssize_t do_rbd_remove(struct bus_type *bus,
7219 			     const char *buf,
7220 			     size_t count)
7221 {
7222 	struct rbd_device *rbd_dev = NULL;
7223 	struct list_head *tmp;
7224 	int dev_id;
7225 	char opt_buf[6];
7226 	bool force = false;
7227 	int ret;
7228 
7229 	dev_id = -1;
7230 	opt_buf[0] = '\0';
7231 	sscanf(buf, "%d %5s", &dev_id, opt_buf);
7232 	if (dev_id < 0) {
7233 		pr_err("dev_id out of range\n");
7234 		return -EINVAL;
7235 	}
7236 	if (opt_buf[0] != '\0') {
7237 		if (!strcmp(opt_buf, "force")) {
7238 			force = true;
7239 		} else {
7240 			pr_err("bad remove option at '%s'\n", opt_buf);
7241 			return -EINVAL;
7242 		}
7243 	}
7244 
7245 	ret = -ENOENT;
7246 	spin_lock(&rbd_dev_list_lock);
7247 	list_for_each(tmp, &rbd_dev_list) {
7248 		rbd_dev = list_entry(tmp, struct rbd_device, node);
7249 		if (rbd_dev->dev_id == dev_id) {
7250 			ret = 0;
7251 			break;
7252 		}
7253 	}
7254 	if (!ret) {
7255 		spin_lock_irq(&rbd_dev->lock);
7256 		if (rbd_dev->open_count && !force)
7257 			ret = -EBUSY;
7258 		else if (test_and_set_bit(RBD_DEV_FLAG_REMOVING,
7259 					  &rbd_dev->flags))
7260 			ret = -EINPROGRESS;
7261 		spin_unlock_irq(&rbd_dev->lock);
7262 	}
7263 	spin_unlock(&rbd_dev_list_lock);
7264 	if (ret)
7265 		return ret;
7266 
7267 	if (force) {
7268 		/*
7269 		 * Prevent new IO from being queued and wait for existing
7270 		 * IO to complete/fail.
7271 		 */
7272 		blk_mq_freeze_queue(rbd_dev->disk->queue);
7273 		blk_set_queue_dying(rbd_dev->disk->queue);
7274 	}
7275 
7276 	del_gendisk(rbd_dev->disk);
7277 	spin_lock(&rbd_dev_list_lock);
7278 	list_del_init(&rbd_dev->node);
7279 	spin_unlock(&rbd_dev_list_lock);
7280 	device_del(&rbd_dev->dev);
7281 
7282 	rbd_dev_image_unlock(rbd_dev);
7283 	rbd_dev_device_release(rbd_dev);
7284 	rbd_dev_image_release(rbd_dev);
7285 	rbd_dev_destroy(rbd_dev);
7286 	return count;
7287 }
7288 
7289 static ssize_t remove_store(struct bus_type *bus, const char *buf, size_t count)
7290 {
7291 	if (single_major)
7292 		return -EINVAL;
7293 
7294 	return do_rbd_remove(bus, buf, count);
7295 }
7296 
7297 static ssize_t remove_single_major_store(struct bus_type *bus, const char *buf,
7298 					 size_t count)
7299 {
7300 	return do_rbd_remove(bus, buf, count);
7301 }
7302 
7303 /*
7304  * create control files in sysfs
7305  * /sys/bus/rbd/...
7306  */
7307 static int __init rbd_sysfs_init(void)
7308 {
7309 	int ret;
7310 
7311 	ret = device_register(&rbd_root_dev);
7312 	if (ret < 0)
7313 		return ret;
7314 
7315 	ret = bus_register(&rbd_bus_type);
7316 	if (ret < 0)
7317 		device_unregister(&rbd_root_dev);
7318 
7319 	return ret;
7320 }
7321 
7322 static void __exit rbd_sysfs_cleanup(void)
7323 {
7324 	bus_unregister(&rbd_bus_type);
7325 	device_unregister(&rbd_root_dev);
7326 }
7327 
7328 static int __init rbd_slab_init(void)
7329 {
7330 	rbd_assert(!rbd_img_request_cache);
7331 	rbd_img_request_cache = KMEM_CACHE(rbd_img_request, 0);
7332 	if (!rbd_img_request_cache)
7333 		return -ENOMEM;
7334 
7335 	rbd_assert(!rbd_obj_request_cache);
7336 	rbd_obj_request_cache = KMEM_CACHE(rbd_obj_request, 0);
7337 	if (!rbd_obj_request_cache)
7338 		goto out_err;
7339 
7340 	return 0;
7341 
7342 out_err:
7343 	kmem_cache_destroy(rbd_img_request_cache);
7344 	rbd_img_request_cache = NULL;
7345 	return -ENOMEM;
7346 }
7347 
7348 static void rbd_slab_exit(void)
7349 {
7350 	rbd_assert(rbd_obj_request_cache);
7351 	kmem_cache_destroy(rbd_obj_request_cache);
7352 	rbd_obj_request_cache = NULL;
7353 
7354 	rbd_assert(rbd_img_request_cache);
7355 	kmem_cache_destroy(rbd_img_request_cache);
7356 	rbd_img_request_cache = NULL;
7357 }
7358 
7359 static int __init rbd_init(void)
7360 {
7361 	int rc;
7362 
7363 	if (!libceph_compatible(NULL)) {
7364 		rbd_warn(NULL, "libceph incompatibility (quitting)");
7365 		return -EINVAL;
7366 	}
7367 
7368 	rc = rbd_slab_init();
7369 	if (rc)
7370 		return rc;
7371 
7372 	/*
7373 	 * The number of active work items is limited by the number of
7374 	 * rbd devices * queue depth, so leave @max_active at default.
7375 	 */
7376 	rbd_wq = alloc_workqueue(RBD_DRV_NAME, WQ_MEM_RECLAIM, 0);
7377 	if (!rbd_wq) {
7378 		rc = -ENOMEM;
7379 		goto err_out_slab;
7380 	}
7381 
7382 	if (single_major) {
7383 		rbd_major = register_blkdev(0, RBD_DRV_NAME);
7384 		if (rbd_major < 0) {
7385 			rc = rbd_major;
7386 			goto err_out_wq;
7387 		}
7388 	}
7389 
7390 	rc = rbd_sysfs_init();
7391 	if (rc)
7392 		goto err_out_blkdev;
7393 
7394 	if (single_major)
7395 		pr_info("loaded (major %d)\n", rbd_major);
7396 	else
7397 		pr_info("loaded\n");
7398 
7399 	return 0;
7400 
7401 err_out_blkdev:
7402 	if (single_major)
7403 		unregister_blkdev(rbd_major, RBD_DRV_NAME);
7404 err_out_wq:
7405 	destroy_workqueue(rbd_wq);
7406 err_out_slab:
7407 	rbd_slab_exit();
7408 	return rc;
7409 }
7410 
7411 static void __exit rbd_exit(void)
7412 {
7413 	ida_destroy(&rbd_dev_id_ida);
7414 	rbd_sysfs_cleanup();
7415 	if (single_major)
7416 		unregister_blkdev(rbd_major, RBD_DRV_NAME);
7417 	destroy_workqueue(rbd_wq);
7418 	rbd_slab_exit();
7419 }
7420 
7421 module_init(rbd_init);
7422 module_exit(rbd_exit);
7423 
7424 MODULE_AUTHOR("Alex Elder <elder@inktank.com>");
7425 MODULE_AUTHOR("Sage Weil <sage@newdream.net>");
7426 MODULE_AUTHOR("Yehuda Sadeh <yehuda@hq.newdream.net>");
7427 /* following authorship retained from original osdblk.c */
7428 MODULE_AUTHOR("Jeff Garzik <jeff@garzik.org>");
7429 
7430 MODULE_DESCRIPTION("RADOS Block Device (RBD) driver");
7431 MODULE_LICENSE("GPL");
7432