lofi.c revision 3d7072f8bd27709dba14f6fe336f149d25d9e207
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2007 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* lofi (loopback file) driver - allows you to attach a file to a device,
* which can then be accessed through that device. The simple model is that
* you tell lofi to open a file, and then use the block device you get as
* you would any block device. lofi translates access to the block device
* into I/O on the underlying file. This is mostly useful for
* mounting images of filesystems.
*
* during attach, and is minor number 0. lofiadm communicates with lofi through
* ioctls on this device. When a file is attached to lofi, block and character
* are identified by their minor number, and the minor number is also used
* we'll have to divide the minor number space to identify fdisk partitions
* and slices, and the name will then be the minor number shifted down a
* few bits. Minor devices are tracked with state structures handled with
* ddi_soft_state(9F) for simplicity.
*
* A file attached to lofi is opened when attached and not closed until
* explicitly detached from lofi. This seems more sensible than deferring
* One is that any failure is likely to be noticed by the person (or script)
* running lofiadm. Another is that it would be a security problem if the
* file was replaced by another one after being added but before being opened.
*
* The only hard part about lofi is the ioctls. In order to support things
* like 'newfs' on a lofi device, it needs to support certain disk ioctls.
* So it has to fake disk geometry and partition information. More may need
* to be faked if your favorite utility doesn't work and you think it should
* (fdformat doesn't work because it really wants to know the type of floppy
* controller to talk to, and that didn't seem easy to fake. Or possibly even
* necessary, since we have mkfs_pcfs now).
*
* Normally, a lofi device cannot be detached if it is open (i.e. busy). To
* support simulation of hotplug events, an optional force flag is provided.
* If a lofi device is open when a force detach is requested, then the
* underlying file is closed and any subsequent operations return EIO. When the
* device is closed for the last time, it will be cleaned up at that time. In
* addition, the DKIOCSTATE ioctl will return DKIO_DEV_GONE when the device is
* detached but not removed.
*
* Known problems:
*
* UFS logging. Mounting a UFS filesystem image "logging"
* works for basic copy testing but wedges during a build of ON through
* that image. Some deadlock in lufs holding the log mutex and then
* getting stuck on a buf. So for now, don't do that.
*
* Direct I/O. Since the filesystem data is being cached in the buffer
* cache, _and_ again in the underlying filesystem, it's tempting to
* enable direct I/O on the underlying file. Don't, because that deadlocks.
* I think to fix the cache-twice problem we might need filesystem support.
*
* lofi on itself. The simple lock strategy (lofi_lock) precludes this
* because you'll be in lofi_ioctl, holding the lock when you open the
* file, which, if it's lofi, will grab lofi_lock. We prevent this for
* now, though not using ddi_soft_state(9F) would make it possible to
* do. Though it would still be silly.
*
* Interesting things to do:
*
* Allow multiple files for each device. A poor-man's metadisk, basically.
*
* Pass-through ioctls on block devices. You can (though it's not
* documented), give lofi a block device as a file name. Then we shouldn't
* need to fake a geometry. But this is also silly unless you're replacing
* metadisk.
*
* Encryption. tpm would like this. Apparently Windows 2000 has it, and
* so does Linux.
*/
#include <sys/sysmacros.h>
#include <sys/pathname.h>
/* seems safer than having to get the string right many times */
#define NBLOCKS_PROP_NAME "Nblocks"
#define SIZE_PROP_NAME "Size"
static dev_info_t *lofi_dip;
static void *lofi_statep;
/*
* Because lofi_taskq_nthreads limits the actual swamping of the device, the
* maxalloc parameter (lofi_taskq_maxalloc) should be tuned conservatively
* high. If we want to be assured that the underlying device is always busy,
* we must be sure that the number of bytes enqueued when the number of
* enqueued tasks exceeds maxalloc is sufficient to keep the device busy for
* the duration of the sleep time in taskq_ent_alloc(). That is, lofi should
* set maxalloc to be the maximum throughput (in bytes per second) of the
* underlying device divided by the minimum I/O size. We assume a realistic
* maximum throughput of one hundred megabytes per second; we set maxalloc on
* the lofi task queue to be 104857600 divided by DEV_BSIZE.
*/
static int
lofi_busy(void)
{
/*
* We need to make sure no mappings exist - mod_remove won't
* help because the device isn't open.
*/
return (EBUSY);
}
}
return (0);
}
static int
{
}
static int
{
switch (otyp) {
case OTYP_CHR:
break;
case OTYP_BLK:
break;
case OTYP_LYR:
lsp->ls_lyr_open_count++;
break;
default:
return (-1);
}
return (0);
}
static void
{
switch (otyp) {
case OTYP_CHR:
lsp->ls_chr_open = 0;
break;
case OTYP_BLK:
lsp->ls_blk_open = 0;
break;
case OTYP_LYR:
lsp->ls_lyr_open_count--;
break;
default:
break;
}
}
static void
{
char namebuf[50];
}
}
}
/*ARGSUSED*/
static int
{
struct lofi_state *lsp;
if (minor == 0) {
/* master control device */
/* must be opened exclusively */
return (EINVAL);
}
return (ENXIO);
}
return (EBUSY);
}
return (0);
}
/* otherwise, the mapping should already exist */
return (EINVAL);
}
return (ENXIO);
}
return (EINVAL);
}
return (0);
}
/*ARGSUSED*/
static int
{
struct lofi_state *lsp;
return (EINVAL);
}
/*
* If we have forcibly closed the underlying device, and this is the
* last close, then tear down the rest of the device.
*/
return (0);
}
/*
* This is basically what strategy used to be before we found we
* needed task queues.
*/
static void
lofi_strategy_task(void *arg)
{
int error;
struct lofi_state *lsp;
int isread;
int smflags;
}
/*
* We used to always use vn_rdwr here, but we cannot do that because
* we might decide to read or write from the the underlying
* file during this call, which would be a deadlock because
* we have the rw_lock. So instead we page, unless it's not
* mapable or it's a character device.
*/
/*
* segmap always gives us an 8K (MAXBSIZE) chunk, aligned on
* an 8K boundary, but the buf transfer address may not be
* aligned on more than a 512-byte boundary (we don't
* enforce that, though we could). This matters since the
* initial part of the transfer may not start at offset 0
* within the segmap'd chunk. So we have to compensate for
* that with 'mapoffset'. Subsequent chunks always start
* off at the beginning, and the last is capped by b_resid.
*/
do {
/*
* Now fault in the pages. This lets us check
* for errors before we reference mapaddr and
* try to resolve the fault in bcopy (which would
* panic instead). And this can easily happen,
* particularly if you've lofi'd a file over NFS
* and someone deletes the file on the server.
*/
if (error) {
else
break;
}
smflags = 0;
if (isread) {
} else {
}
/* only the first map may start partial */
mapoffset = 0;
} else {
else
}
} else {
}
}
if (--lsp->ls_vp_iocount == 0)
}
static int
{
struct lofi_state *lsp;
/*
* We cannot just do I/O here, because the current thread
* _might_ end up back in here because the underlying filesystem
* wants a buffer, which eventually gets into bio_recycle and
* might call into lofi to write out a delayed-write buffer.
* This is bad if the filesystem above lofi is the same as below.
*
* We could come up with a complex strategy using threads to
* do the I/O asynchronously, or we could use task queues. task
* queues were incredibly easy so they win.
*/
return (0);
}
/* EOF */
} else {
/* writes should fail */
}
return (0);
}
return (0);
}
lsp->ls_vp_iocount++;
}
return (0);
}
/*ARGSUSED2*/
static int
{
return (EINVAL);
}
/*ARGSUSED2*/
static int
{
return (EINVAL);
}
/*ARGSUSED2*/
static int
{
return (EINVAL);
}
/*ARGSUSED2*/
static int
{
return (EINVAL);
}
/*ARGSUSED*/
static int
{
switch (infocmd) {
case DDI_INFO_DEVT2DEVINFO:
return (DDI_SUCCESS);
case DDI_INFO_DEVT2INSTANCE:
*result = 0;
return (DDI_SUCCESS);
}
return (DDI_FAILURE);
}
static int
{
int error;
if (cmd != DDI_ATTACH)
return (DDI_FAILURE);
if (error == DDI_FAILURE) {
return (DDI_FAILURE);
}
DDI_PSEUDO, NULL);
if (error == DDI_FAILURE) {
return (DDI_FAILURE);
}
return (DDI_SUCCESS);
}
static int
{
if (cmd != DDI_DETACH)
return (DDI_FAILURE);
if (lofi_busy())
return (DDI_FAILURE);
return (DDI_SUCCESS);
}
/*
* the lofi_ioctl structure.
*/
struct lofi_ioctl *
{
struct lofi_ioctl *klip;
int error;
if (error) {
return (NULL);
}
/* make sure filename is always null-terminated */
/* validate minor number */
return (NULL);
}
return (klip);
}
int
int flag)
{
int error;
if (error)
return (EFAULT);
return (0);
}
void
{
}
/*
* Return the minor number 'filename' is mapped to, if it is.
*/
static int
file_to_minor(char *filename)
{
struct lofi_state *lsp;
continue;
return (minor);
}
return (0);
}
/*
* lofiadm does some validation, but since Joe Random (or crashme) could
* do our ioctls, we need to do some validation too.
*/
static int
valid_filename(const char *filename)
{
/* must be absolute path */
if (filename[0] != '/')
return (0);
/* must not be lofi */
return (0);
return (0);
return (1);
}
/*
* Fakes up a disk geometry, and one big partition, based on the size
* of the file. This is needed because we allow newfs'ing the device,
* and newfs will do several disk ioctls to figure out the geometry and
* partition information. It uses that information to determine the parameters
* to pass to mkfs. Geometry is pretty much irrelevant these days, but we
* have to support it.
*/
static void
{
/* dk_geom - see dkio(7I) */
/*
* dkg_ncyl _could_ be set to one here (one big cylinder with gobs
* of sectors), but that breaks programs like fdisk which want to
* partition a disk by cylinder. With one cylinder, you can't create
* an fdisk partition and put pcfs on it for testing (hard to pick
* a number between one and one).
*
* The cheezy floppy test is an attempt to not have too few cylinders
* for a small file, or so many on a big file that you waste space
* for backup superblocks or cylinder group structures.
*/
else
/* in case file file is < 100k */
/* vtoc - see dkio(7I) */
/*
* The partition size cannot just be the number of sectors, because
* that might not end on a cylinder boundary. And if that's the case,
*/
/* dk_cinfo - see dkio(7I) */
/*
* newfs uses this to set maxcontig. Must not be < 16, or it
* will be 0 when newfs multiplies it by DEV_BSIZE and divides
* it by the block size. Then tunefs doesn't work because
* maxcontig is 0.
*/
}
/*
* map a file to a minor number. Return the minor number.
*/
static int
{
struct lofi_state *lsp;
struct lofi_ioctl *klip;
int error;
int flag;
int zalloced = 0;
char namebuf[50];
return (EFAULT);
goto out;
}
goto out;
}
if (pickminor) {
/* Find a free one */
break;
if (newminor >= lofi_max_files) {
goto out;
}
} else {
goto out;
}
}
/* make sure it's valid */
if (error) {
goto out;
}
if (!V_ISLOFIABLE(v_type)) {
goto out;
}
if (error) {
/* try read-only */
&vp, 0, 0);
if (error) {
goto out;
}
}
if (error) {
goto closeout;
}
/* the file needs to be a multiple of the block size */
goto closeout;
}
goto closeout;
}
goto propout;
}
if (error == DDI_FAILURE) {
goto propout;
}
zalloced = 1;
DDI_PSEUDO, NULL);
if (error != DDI_SUCCESS) {
goto propout;
}
DDI_PSEUDO, NULL);
if (error != DDI_SUCCESS) {
/* remove block node */
goto propout;
}
}
/*
* save open mode so file can be closed properly and vnode counts
* updated correctly.
*/
/*
* Try to handle stacked lofs vnodes.
*/
} else {
/*
* Even though vp was obtained via vn_open(), we
* can't call vn_close() on it, since lofs will
* pass the VOP_CLOSE() on down to the realvp
* (which we are about to use). Hence we merely
* drop the reference to the lofs vnode and hold
* the realvp so things behave as if we've
* opened the realvp without any interaction
* with lofs.
*/
}
} else {
}
if (rvalp)
return (0);
out:
if (zalloced)
return (error);
}
/*
* unmap a file.
*/
static int
{
struct lofi_state *lsp;
struct lofi_ioctl *klip;
return (EFAULT);
if (byfilename) {
} else {
}
if (minor == 0) {
return (ENXIO);
}
return (ENXIO);
}
/*
* If the 'force' flag is set, then we forcibly close the
* underlying file. Subsequent operations will fail, and the
* DKIOCSTATE ioctl will return DKIO_DEV_GONE. When the device
* is last closed, the device will be cleaned up appropriately.
*
* This is complicated by the fact that we may have outstanding
* serialize all I/O, we keep a count of the number of
* outstanding I/O requests, as well as a flag to indicate that
* underlying vnode.
*/
while (lsp->ls_vp_iocount > 0)
credp);
return (0);
}
return (EBUSY);
}
return (0);
}
/*
* get the filename given the minor number, or the minor number given
* the name.
*/
/*ARGSUSED*/
static int
{
struct lofi_state *lsp;
struct lofi_ioctl *klip;
int error;
return (EFAULT);
switch (which) {
case LOFI_GET_FILENAME:
if (minor == 0) {
return (EINVAL);
}
return (ENXIO);
}
return (error);
case LOFI_GET_MINOR:
return (ENOENT);
}
return (error);
default:
return (EINVAL);
}
}
static int
int *rvalp)
{
int error;
enum dkio_state dkstate;
struct lofi_state *lsp;
#ifdef lint
#endif
/* lofi ioctls only apply to the master device */
if (minor == 0) {
/*
* the query command only need read-access - i.e., normal
* users are allowed to do those on the ctl device as
* long as they can open it read-only.
*/
switch (cmd) {
case LOFI_MAP_FILE:
return (EPERM);
case LOFI_MAP_FILE_MINOR:
return (EPERM);
case LOFI_UNMAP_FILE:
return (EPERM);
case LOFI_UNMAP_FILE_MINOR:
return (EPERM);
case LOFI_GET_FILENAME:
case LOFI_GET_MINOR:
case LOFI_GET_MAXMINOR:
sizeof (lofi_max_files), flag);
if (error)
return (EFAULT);
return (0);
default:
break;
}
}
return (ENXIO);
/*
* We explicitly allow DKIOCSTATE, but all other ioctls should fail with
* EIO as if the device was no longer present.
*/
return (EIO);
/* these are for faking out utilities like newfs */
switch (cmd) {
case DKIOCGVTOC:
case DDI_MODEL_ILP32: {
return (EFAULT);
break;
}
case DDI_MODEL_NONE:
return (EFAULT);
break;
}
return (0);
case DKIOCINFO:
if (error)
return (EFAULT);
return (0);
case DKIOCG_VIRTGEOM:
case DKIOCG_PHYGEOM:
case DKIOCGGEOM:
if (error)
return (EFAULT);
return (0);
case DKIOCSTATE:
/*
* Normally, lofi devices are always in the INSERTED state. If
* a device is forcefully unmapped, then the device transitions
* to the DKIO_DEV_GONE state.
*/
flag) != 0)
return (EFAULT);
/*
* By virtue of having the device open, we know that
* 'lsp' will remain valid when we return.
*/
&lsp->ls_vp_lock)) {
return (EINTR);
}
}
return (EFAULT);
return (0);
default:
return (ENOTTY);
}
}
static struct cb_ops lofi_cb_ops = {
lofi_open, /* open */
lofi_close, /* close */
lofi_strategy, /* strategy */
nodev, /* print */
nodev, /* dump */
lofi_read, /* read */
lofi_write, /* write */
lofi_ioctl, /* ioctl */
nodev, /* devmap */
nodev, /* mmap */
nodev, /* segmap */
nochpoll, /* poll */
ddi_prop_op, /* prop_op */
0, /* streamtab */
};
DEVO_REV, /* devo_rev, */
0, /* refcnt */
lofi_info, /* info */
nulldev, /* identify */
nulldev, /* probe */
lofi_attach, /* attach */
lofi_detach, /* detach */
nodev, /* reset */
&lofi_cb_ops, /* driver operations */
NULL /* no bus operations */
};
"loopback file driver (%I%)",
&lofi_ops,
};
static struct modlinkage modlinkage = {
&modldrv,
};
int
_init(void)
{
int error;
sizeof (struct lofi_state), 0);
if (error)
return (error);
if (error) {
}
return (error);
}
int
_fini(void)
{
int error;
if (lofi_busy())
return (EBUSY);
if (error)
return (error);
return (error);
}
int
{
}