lofi.c revision b1efbcd6740f24e4bce347c64e48d9b74b472c67
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* lofi (loopback file) driver - allows you to attach a file to a device,
* which can then be accessed through that device. The simple model is that
* you tell lofi to open a file, and then use the block device you get as
* you would any block device. lofi translates access to the block device
* into I/O on the underlying file. This is mostly useful for
* mounting images of filesystems.
*
* during attach, and is minor number 0. lofiadm communicates with lofi through
* ioctls on this device. When a file is attached to lofi, block and character
* are identified by their minor number, and the minor number is also used
* we'll have to divide the minor number space to identify fdisk partitions
* and slices, and the name will then be the minor number shifted down a
* few bits. Minor devices are tracked with state structures handled with
* ddi_soft_state(9F) for simplicity.
*
* A file attached to lofi is opened when attached and not closed until
* explicitly detached from lofi. This seems more sensible than deferring
* One is that any failure is likely to be noticed by the person (or script)
* running lofiadm. Another is that it would be a security problem if the
* file was replaced by another one after being added but before being opened.
*
* The only hard part about lofi is the ioctls. In order to support things
* like 'newfs' on a lofi device, it needs to support certain disk ioctls.
* So it has to fake disk geometry and partition information. More may need
* to be faked if your favorite utility doesn't work and you think it should
* (fdformat doesn't work because it really wants to know the type of floppy
* controller to talk to, and that didn't seem easy to fake. Or possibly even
* necessary, since we have mkfs_pcfs now).
*
* Normally, a lofi device cannot be detached if it is open (i.e. busy). To
* support simulation of hotplug events, an optional force flag is provided.
* If a lofi device is open when a force detach is requested, then the
* underlying file is closed and any subsequent operations return EIO. When the
* device is closed for the last time, it will be cleaned up at that time. In
* addition, the DKIOCSTATE ioctl will return DKIO_DEV_GONE when the device is
* detached but not removed.
*
* Known problems:
*
* UFS logging. Mounting a UFS filesystem image "logging"
* works for basic copy testing but wedges during a build of ON through
* that image. Some deadlock in lufs holding the log mutex and then
* getting stuck on a buf. So for now, don't do that.
*
* Direct I/O. Since the filesystem data is being cached in the buffer
* cache, _and_ again in the underlying filesystem, it's tempting to
* enable direct I/O on the underlying file. Don't, because that deadlocks.
* I think to fix the cache-twice problem we might need filesystem support.
*
* lofi on itself. The simple lock strategy (lofi_lock) precludes this
* because you'll be in lofi_ioctl, holding the lock when you open the
* file, which, if it's lofi, will grab lofi_lock. We prevent this for
* now, though not using ddi_soft_state(9F) would make it possible to
* do. Though it would still be silly.
*
* Interesting things to do:
*
* Allow multiple files for each device. A poor-man's metadisk, basically.
*
* Pass-through ioctls on block devices. You can (though it's not
* documented), give lofi a block device as a file name. Then we shouldn't
* need to fake a geometry, however, it may be relevant if you're replacing
* metadisk, or using lofi to get crypto.
* In fact this even makes sense if you have lofi "above" metadisk.
*
* Encryption:
* Each lofi device can have its own symmetric key and cipher.
* They are passed to us by lofiadm(1m) in the correct format for use
*
* Each block has its own IV, that is calculated in lofi_blk_mech(), based
* on the "master" key held in the lsp and the block number of the buffer.
*/
#include <sys/sysmacros.h>
#include <sys/pathname.h>
#include <LzmaDec.h>
/*
* Crypto metadata, if it exists, is located at the end of the boot block
* (BBOFF + BBSIZE, which is SBOFF). The super block and everything after
* is offset by the size of the crypto metadata which is handled by
* lsp->ls_crypto_offset.
*/
#define NBLOCKS_PROP_NAME "Nblocks"
#define SIZE_PROP_NAME "Size"
return (EINVAL); \
}
static void *lofi_statep = NULL;
/*
* Because lofi_taskq_nthreads limits the actual swamping of the device, the
* maxalloc parameter (lofi_taskq_maxalloc) should be tuned conservatively
* high. If we want to be assured that the underlying device is always busy,
* we must be sure that the number of bytes enqueued when the number of
* enqueued tasks exceeds maxalloc is sufficient to keep the device busy for
* the duration of the sleep time in taskq_ent_alloc(). That is, lofi should
* set maxalloc to be the maximum throughput (in bytes per second) of the
* underlying device divided by the minimum I/O size. We assume a realistic
* maximum throughput of one hundred megabytes per second; we set maxalloc on
* the lofi task queue to be 104857600 divided by DEV_BSIZE.
*/
};
/*ARGSUSED*/
static void
{
}
/*ARGSUSED*/
static void
{
}
static int
lofi_busy(void)
{
/*
* We need to make sure no mappings exist - mod_remove won't
* help because the device isn't open.
*/
return (EBUSY);
}
}
return (0);
}
static int
{
}
static int
{
switch (otyp) {
case OTYP_CHR:
break;
case OTYP_BLK:
break;
case OTYP_LYR:
lsp->ls_lyr_open_count++;
break;
default:
return (-1);
}
return (0);
}
static void
{
switch (otyp) {
case OTYP_CHR:
lsp->ls_chr_open = 0;
break;
case OTYP_BLK:
lsp->ls_blk_open = 0;
break;
case OTYP_LYR:
lsp->ls_lyr_open_count--;
break;
default:
break;
}
}
static void
{
if (lsp->ls_crypto_enabled) {
/*
* Clean up the crypto state so that it doesn't hang around
* in memory after we are done with it.
*/
}
}
}
}
static void
{
char namebuf[50];
}
}
if (lsp->ls_uncomp_seg_sz > 0) {
lsp->ls_uncomp_seg_sz = 0;
}
}
/*ARGSUSED*/
static int
{
struct lofi_state *lsp;
if (minor == 0) {
/* master control device */
/* must be opened exclusively */
return (EINVAL);
}
return (ENXIO);
}
return (EBUSY);
}
return (0);
}
/* otherwise, the mapping should already exist */
return (EINVAL);
}
return (ENXIO);
}
return (EINVAL);
}
return (0);
}
/*ARGSUSED*/
static int
{
struct lofi_state *lsp;
return (EINVAL);
}
/*
* If we forcibly closed the underlying device (li_force), or
* asked for cleanup (li_cleanup), finish up if we're the last
* out of the door.
*/
return (0);
}
/*
* Sets the mechanism's initialization vector (IV) if one is needed.
* The IV is computed from the data block number. lsp->ls_mech is
* altered so that:
* lsp->ls_mech.cm_param_len is set to the IV len.
* lsp->ls_mech.cm_param is set to the IV.
*/
static int
{
int ret;
char *iv;
void *data;
return (CRYPTO_DEVICE_ERROR);
/* lsp->ls_mech.cm_param{_len} has already been set for static iv */
return (CRYPTO_SUCCESS);
}
/*
* if kmem already alloced from previous call and it's the same size
* we need now, just recycle it; allocate new kmem only if we have to
*/
} else {
}
switch (lsp->ls_iv_type) {
case IVM_ENC_BLKNO:
/* iv is not static, lblkno changes each time */
break;
default:
data = 0;
datasz = 0;
break;
}
/*
* write blkno into the iv buffer padded on the left in case
* blkno ever grows bigger than its current longlong_t size
* or a variation other than blkno is used for the iv data
*/
/* encrypt the data in-place to get the IV */
if (ret != CRYPTO_SUCCESS) {
return (ret);
}
/* clean up the iv from the last computation */
return (CRYPTO_SUCCESS);
}
/*
* Performs encryption and decryption of a chunk of data of size "len",
* one DEV_BSIZE block at a time. "len" is assumed to be a multiple of
* DEV_BSIZE.
*/
static int
{
int ret;
/*
* to break it into DEV_BSIZE pieces to capture blkno incrementing
*/
}
do {
if (ret != CRYPTO_SUCCESS)
continue;
if (op_encrypt) {
} else {
}
if (ciphertext != NULL)
lblkno++;
if (ret != CRYPTO_SUCCESS) {
}
return (ret);
}
#define RDWR_RAW 1
#define RDWR_BCOPY 2
static int
{
int isread;
int error;
/*
* Note: offset is already shifted by lsp->ls_crypto_offset
* when it gets here.
*/
if (isread) {
if (method == RDWR_BCOPY) {
/* DO NOT update bp->b_resid for bcopy */
error = 0;
} else { /* RDWR_RAW */
&resid);
}
B_FALSE) != CRYPTO_SUCCESS) {
/*
* XXX: original code didn't set residual
* back to len because no error was expected
* from bcopy() if encryption is not enabled
*/
if (method != RDWR_BCOPY)
}
}
return (error);
} else {
if (lsp->ls_crypto_enabled) {
/* don't do in-place crypto to keep bufaddr intact */
B_TRUE) != CRYPTO_SUCCESS) {
if (method != RDWR_BCOPY)
return (EIO);
}
}
if (method == RDWR_BCOPY) {
/* DO NOT update bp->b_resid for bcopy */
error = 0;
} else { /* RDWR_RAW */
&resid);
}
if (lsp->ls_crypto_enabled) {
}
return (error);
}
}
static int
struct lofi_state *lsp)
{
int error;
int isread;
int smflags;
int save_error;
/*
* Note: offset is already shifted by lsp->ls_crypto_offset
* when it gets here.
*/
if (lsp->ls_crypto_enabled)
/*
* segmap always gives us an 8K (MAXBSIZE) chunk, aligned on
* an 8K boundary, but the buf transfer address may not be
* aligned on more than a 512-byte boundary (we don't enforce
* that even though we could). This matters since the initial
* part of the transfer may not start at offset 0 within the
* segmap'd chunk. So we have to compensate for that with
* 'mapoffset'. Subsequent chunks always start off at the
* beginning, and the last is capped by b_resid
*
* Visually, where "|" represents page map boundaries:
* alignedoffset (mapaddr begins at this segmap boundary)
* | offset (from beginning of file)
* | | len
* v v v
* ===|====X========|====...======|========X====|====
* /-------------...---------------/
* /----/--------/----...------/--------/
* ^ ^ ^ ^ ^
* | | | | nth xfersize (<= MAXBSIZE)
* | | 2nd thru n-1st xfersize (= MAXBSIZE)
* | 1st xfersize (<= MAXBSIZE)
* mapoffset (offset into 1st segmap, non-0 1st time, 0 thereafter)
*
* Notes: "alignedoffset" is "offset" rounded down to nearest
* MAXBSIZE boundary. "len" is next page boundary of size
* PAGESIZE after "alignedoffset".
*/
do {
/*
* Now fault in the pages. This lets us check
* for errors before we reference mapaddr and
* try to resolve the fault in bcopy (which would
* panic instead). And this can easily happen,
* particularly if you've lofi'd a file over NFS
* and someone deletes the file on the server.
*/
if (error) {
else
break;
}
/* error may be non-zero for encrypted lofi */
if (error == 0) {
}
smflags = 0;
if (isread) {
/*
* If we're reading an entire page starting
* at a page boundary, there's a good chance
* we won't need it again. Put it on the
* head of the freelist.
*/
smflags |= SM_DONTNEED;
} else {
if (error == 0) /* write back good pages */
}
if (error == 0)
error = save_error;
/* only the first map may start partial */
mapoffset = 0;
return (error);
}
/*ARGSUSED*/
static int
{
return (-1);
return (0);
}
/*ARGSUSED*/
static int
{
void *actual_src;
return (-1);
}
return (0);
}
/*
* This is basically what strategy used to be before we found we
* needed task queues.
*/
static void
lofi_strategy_task(void *arg)
{
int error;
struct lofi_state *lsp;
goto errout;
}
}
if (lsp->ls_crypto_enabled) {
/* encrypted data really begins after crypto header */
}
goto errout;
}
/*
* We used to always use vn_rdwr here, but we cannot do that because
* we might decide to read or write from the the underlying
* file during this call, which would be a deadlock because
* we have the rw_lock. So instead we page, unless it's not
* mapable or it's a character device or it's an encrypted lofi.
*/
lsp->ls_crypto_enabled) {
NULL);
} else if (lsp->ls_uncomp_seg_sz == 0) {
} else {
unsigned char *uncompressed_seg = NULL;
unsigned long seglen;
uint64_t i;
/*
* From here on we're dealing primarily with compressed files
*/
/*
* Compressed files can only be read from and
* not written to
*/
goto done;
}
/*
* Compute starting and ending compressed segment numbers
* We use only bitwise operations avoiding division and
* modulus because we enforce the compression segment size
* to a power of 2
*/
/*
* Align start offset to block boundary for segmap
*/
/*
* We're dealing with the last segment of
* the compressed file -- the size of this
* segment *may not* be the same as the
* segment size for the file
*/
} else {
}
/*
* Preserve original request paramaters
*/
/*
* Assign the calculated parameters
*/
/*
* Allocate fixed size memory blocks to hold compressed
* segments and one uncompressed segment since we
* uncompress segments one at a time
*/
/*
* Map in the calculated number of blocks
*/
if (error != 0)
goto done;
/*
* We have the compressed blocks, now uncompress them
*/
/*
* The last segment is special in that it is
* most likely not going to be the same
* (uncompressed) size as the other segments.
*/
} else {
}
/*
* Each of the segment index entries contains
* the starting block number for that segment.
* The number of compressed bytes in a segment
* is thus the difference between the starting
* block number of this segment and the starting
* block number of the next segment.
*/
lsp->ls_comp_seg_index[i];
/*
* The first byte in a compressed segment is a flag
* that indicates whether this segment is compressed
* at all
*/
if (*cmpbuf == UNCOMPRESSED) {
} else {
goto done;
}
}
/*
* Determine how much uncompressed data we
* have to copy and copy it
*/
if (i == eblkno)
sblkoff = 0;
break;
}
done:
if (compressed_seg != NULL)
if (uncompressed_seg != NULL)
} /* end of handling compressed files */
} else {
}
}
if (--lsp->ls_vp_iocount == 0)
}
static int
{
struct lofi_state *lsp;
/*
* We cannot just do I/O here, because the current thread
* _might_ end up back in here because the underlying filesystem
* wants a buffer, which eventually gets into bio_recycle and
* might call into lofi to write out a delayed-write buffer.
* This is bad if the filesystem above lofi is the same as below.
*
* We could come up with a complex strategy using threads to
* do the I/O asynchronously, or we could use task queues. task
* queues were incredibly easy so they win.
*/
return (0);
}
return (0);
}
if (lsp->ls_crypto_enabled) {
/* encrypted data really begins after crypto header */
}
/* EOF */
} else {
/* writes should fail */
}
return (0);
}
return (0);
}
lsp->ls_vp_iocount++;
}
return (0);
}
/*ARGSUSED2*/
static int
{
return (EINVAL);
}
/*ARGSUSED2*/
static int
{
return (EINVAL);
}
/*ARGSUSED2*/
static int
{
return (EINVAL);
}
/*ARGSUSED2*/
static int
{
return (EINVAL);
}
/*ARGSUSED*/
static int
{
switch (infocmd) {
case DDI_INFO_DEVT2DEVINFO:
return (DDI_SUCCESS);
case DDI_INFO_DEVT2INSTANCE:
*result = 0;
return (DDI_SUCCESS);
}
return (DDI_FAILURE);
}
static int
{
int error;
if (cmd != DDI_ATTACH)
return (DDI_FAILURE);
if (error == DDI_FAILURE) {
return (DDI_FAILURE);
}
DDI_PSEUDO, NULL);
if (error == DDI_FAILURE) {
return (DDI_FAILURE);
}
/* driver handles kernel-issued IOCTLs */
return (DDI_FAILURE);
}
return (DDI_SUCCESS);
}
static int
{
if (cmd != DDI_DETACH)
return (DDI_FAILURE);
if (lofi_busy())
return (DDI_FAILURE);
return (DDI_SUCCESS);
}
/*
* With addition of encryption, be careful that encryption key is wiped before
* kernel memory structures are freed, and also that key is not accidentally
* passed out into userland structures.
*/
static void
{
/* Make sure this encryption key doesn't stick around */
}
/*
* the lofi_ioctl structure.
*/
struct lofi_ioctl *
{
struct lofi_ioctl *klip;
int error;
if (error) {
return (NULL);
}
/* make sure filename is always null-terminated */
/* validate minor number */
return (NULL);
}
return (klip);
}
int
int flag)
{
int error;
/*
* NOTE: Do NOT copy the crypto_key_t "back" to userland.
* This ensures that an attacker can't trivially find the
* key for a mapping just by issuing the ioctl.
*
* It can still be found by poking around in kmem with mdb(1),
* but there is no point in making it easy when the info isn't
* of any use in this direction anyway.
*
* Either way we don't actually have the raw key stored in
* a form that we can get it anyway, since we just used it
* to create a ctx template and didn't keep "the original".
*/
if (error)
return (EFAULT);
return (0);
}
/*
* Return the minor number 'filename' is mapped to, if it is.
*/
static int
file_to_minor(char *filename)
{
struct lofi_state *lsp;
continue;
return (minor);
}
return (0);
}
/*
* lofiadm does some validation, but since Joe Random (or crashme) could
* do our ioctls, we need to do some validation too.
*/
static int
valid_filename(const char *filename)
{
/* must be absolute path */
if (filename[0] != '/')
return (0);
/* must not be lofi */
return (0);
return (0);
return (1);
}
/*
* Fakes up a disk geometry, and one big partition, based on the size
* of the file. This is needed because we allow newfs'ing the device,
* and newfs will do several disk ioctls to figure out the geometry and
* partition information. It uses that information to determine the parameters
* to pass to mkfs. Geometry is pretty much irrelevant these days, but we
* have to support it.
*/
static void
{
/* dk_geom - see dkio(7I) */
/*
* dkg_ncyl _could_ be set to one here (one big cylinder with gobs
* of sectors), but that breaks programs like fdisk which want to
* partition a disk by cylinder. With one cylinder, you can't create
* an fdisk partition and put pcfs on it for testing (hard to pick
* a number between one and one).
*
* The cheezy floppy test is an attempt to not have too few cylinders
* for a small file, or so many on a big file that you waste space
* for backup superblocks or cylinder group structures.
*/
else
/* in case file file is < 100k */
/* vtoc - see dkio(7I) */
/*
* A compressed file is read-only, other files can
* be read-write
*/
if (lsp->ls_uncomp_seg_sz > 0) {
} else {
}
/*
* The partition size cannot just be the number of sectors, because
* that might not end on a cylinder boundary. And if that's the case,
*/
/* dk_cinfo - see dkio(7I) */
/*
* newfs uses this to set maxcontig. Must not be < 16, or it
* will be 0 when newfs multiplies it by DEV_BSIZE and divides
* it by the block size. Then tunefs doesn't work because
* maxcontig is 0.
*/
}
/*
* map in a compressed file
*
* Read in the header and the index that follows.
*
* The header is as follows -
*
* Signature (name of the compression algorithm)
* Compression segment size (a multiple of 512)
* Number of index entries
* Size of the last block
* The array containing the index entries
*
* The header information is always stored in
* network byte order on disk.
*/
static int
{
int error;
/* The signature has already been read */
/*
* The compressed segment size must be a power of 2
*/
return (EINVAL);
;
lsp->ls_comp_seg_shift = i;
sizeof (lsp->ls_uncomp_last_seg_sz));
/*
* Compute the total size of the uncompressed data
* for use in fake_disk_geometry and other calculations.
* Disk geometry has to be faked with respect to the
* actual uncompressed data size rather than the
* compressed file size.
*/
/*
* Index size is rounded up to DEV_BSIZE for ease
* of segmapping
*/
sizeof (lsp->ls_uncomp_seg_sz) +
sizeof (lsp->ls_comp_index_sz) +
sizeof (lsp->ls_uncomp_last_seg_sz);
index_sz += header_len;
/*
* Read in the index -- this has a side-effect
* of reading in the header as well
*/
if (error != 0)
return (error);
/* Skip the header, this is where the index really begins */
/*LINTED*/
/*
* Now recompute offsets in the index to account for
* the header length
*/
for (i = 0; i < lsp->ls_comp_index_sz; i++) {
}
return (error);
}
/*
* Check to see if the passed in signature is a valid
* one. If it is valid, return the index into
* lofi_compress_table.
*
* Return -1 if it is invalid
*/
static int lofi_compress_select(char *signature)
{
int i;
for (i = 0; i < LOFI_COMPRESS_FUNCTIONS; i++) {
return (i);
}
return (-1);
}
/*
* map a file to a minor number. Return the minor number.
*/
static int
{
struct lofi_state *lsp;
struct lofi_ioctl *klip;
int error;
int compress_index;
int flag;
int zalloced = 0;
char namebuf[50];
return (EFAULT);
goto out;
}
goto out;
}
if (pickminor) {
/* Find a free one */
break;
if (newminor >= lofi_max_files) {
goto out;
}
} else {
goto out;
}
}
/* make sure it's valid */
if (error) {
goto out;
}
if (!V_ISLOFIABLE(v_type)) {
goto out;
}
if (error) {
/* try read-only */
&vp, 0, 0);
if (error) {
goto out;
}
}
if (error) {
goto out;
}
/* the file needs to be a multiple of the block size */
goto out;
}
goto out;
}
goto propout;
}
if (error == DDI_FAILURE) {
goto propout;
}
zalloced = 1;
DDI_PSEUDO, NULL);
if (error != DDI_SUCCESS) {
goto propout;
}
DDI_PSEUDO, NULL);
if (error != DDI_SUCCESS) {
/* remove block node */
goto propout;
}
}
/*
* save open mode so file can be closed properly and vnode counts
* updated correctly.
*/
/*
* Try to handle stacked lofs vnodes.
*/
} else {
/*
* Even though vp was obtained via vn_open(), we
* can't call vn_close() on it, since lofs will
* pass the VOP_CLOSE() on down to the realvp
* (which we are about to use). Hence we merely
* drop the reference to the lofs vnode and hold
* the realvp so things behave as if we've
* opened the realvp without any interaction
* with lofs.
*/
}
} else {
}
if (rvalp)
/*
* Initialize crypto details for encrypted lofi
*/
if (klip->li_crypto_enabled) {
int ret;
goto propout;
}
/* this is just initialization here */
goto propout;
}
/* iv mech must itself take a null iv */
/*
* Create ctx using li_cipher & the raw li_key after checking
* that it isn't a weak key.
*/
if (ret != CRYPTO_SUCCESS) {
goto propout;
}
}
/*
* Read the file signature to check if it is compressed or encrypted.
* Crypto signature is in a different location; both areas should
* read to keep compression and encryption mutually exclusive.
*/
if (lsp->ls_crypto_enabled) {
if (error != 0)
goto propout;
}
if (error != 0)
goto propout;
/* initialize these variables for all lofi files */
lsp->ls_uncomp_seg_sz = 0;
lsp->ls_crypto_offset = 0;
/* this is a compressed lofi */
/* compression and encryption are mutually exclusive */
if (klip->li_crypto_enabled) {
goto propout;
}
/* initialize compression info for compressed lofi */
sizeof (lsp->ls_comp_algorithm));
if (error != 0)
goto propout;
/* this is an encrypted lofi */
sizeof (lofi_crypto_magic)) == 0) {
/*
* This is the case where the header in the lofi image is
* already initialized to indicate it is encrypted.
* There is another case (see below) where encryption is
* requested but the lofi image has never been used yet,
* so the header needs to be written with encryption magic.
*/
/* indicate this must be an encrypted lofi due to magic */
/*
* The encryption header information is laid out this way:
* 6 bytes: hex "CFLOFI"
* 2 bytes: version = 0 ... for now
* 96 bytes: reserved1 (not implemented yet)
* 4 bytes: data_sector = 2 ... for now
* more... not implemented yet
*/
/* copy the magic */
/* read the encryption version number */
/* read a chunk of reserved data */
/* read block number where encrypted data begins */
/* and ignore the rest until it is implemented */
/* neither compressed nor encrypted, BUT could be new encrypted lofi */
} else if (klip->li_crypto_enabled) {
/*
* This is the case where encryption was requested but the
* appears to be entirely blank where the encryption header
* would have been in the lofi image. If it is blank,
* assume it is a brand new lofi image and initialize the
* header area with encryption magic and current version
* header data. If it is not blank, that's an error.
*/
int i;
char *marker;
struct crypto_meta chead;
for (i = 0; i < sizeof (struct crypto_meta); i++)
if (crybuf[i] != '\0')
break;
if (i != sizeof (struct crypto_meta)) {
goto propout;
}
/* nothing there, initialize as encrypted lofi */
marker += sizeof (lofi_crypto_magic);
/* write the header */
if (error != 0)
goto propout;
/* fix things up so it looks like we read this info */
sizeof (lofi_crypto_magic));
}
/*
* Either lsp->ls_vp_size or lsp->ls_crypto_offset changed;
* for encrypted lofi, advertise that it is somewhat shorter
* due to embedded crypto metadata section
*/
if (need_size_update) {
/* update DDI properties */
Size_prop_val)) != DDI_PROP_SUCCESS) {
goto propout;
}
Nblocks_prop_val)) != DDI_PROP_SUCCESS) {
goto propout;
}
}
return (0);
if (keycopied) {
}
if (zalloced)
out:
if (need_vn_close) {
}
return (error);
}
/*
* unmap a file.
*/
static int
{
struct lofi_state *lsp;
struct lofi_ioctl *klip;
return (EFAULT);
if (byfilename) {
} else {
}
if (minor == 0) {
return (ENXIO);
}
return (ENXIO);
}
/*
* If it's still held open, we'll do one of three things:
*
* If no flag is set, just return EBUSY.
*
* If the 'cleanup' flag is set, unmap and remove the device when
* the last user finishes.
*
* If the 'force' flag is set, then we forcibly close the underlying
* file. Subsequent operations will fail, and the DKIOCSTATE ioctl
* will return DKIO_DEV_GONE. When the device is last closed, the
* device will be cleaned up appropriately.
*
* This is complicated by the fact that we may have outstanding
* I/O, we keep a count of the number of outstanding I/O requests
* should be dispatched (ls_vp_closereq).
*
* and then close the underlying vnode.
*/
/*
* XXX: the section marked here should probably be
* carefully incorporated into lofi_free_handle();
* afterward just replace this section with:
* lofi_free_handle(dev, minor, lsp, credp);
* and clean up lofi_unmap_file() a bit more
*/
while (lsp->ls_vp_iocount > 0)
/*
* XXX: to here
*/
return (0);
} else if (klip->li_cleanup) {
return (0);
}
return (EBUSY);
}
return (0);
}
/*
* get the filename given the minor number, or the minor number given
* the name.
*/
/*ARGSUSED*/
static int
{
struct lofi_state *lsp;
struct lofi_ioctl *klip;
int error;
return (EFAULT);
switch (which) {
case LOFI_GET_FILENAME:
if (minor == 0) {
return (EINVAL);
}
return (ENXIO);
}
sizeof (klip->li_algorithm));
return (error);
case LOFI_GET_MINOR:
/* caller should not depend on klip->li_crypto_enabled here */
return (ENOENT);
}
return (error);
case LOFI_CHECK_COMPRESSED:
return (ENOENT);
}
return (ENXIO);
}
sizeof (klip->li_algorithm));
return (error);
default:
return (EINVAL);
}
}
static int
int *rvalp)
{
int error;
enum dkio_state dkstate;
struct lofi_state *lsp;
/* lofi ioctls only apply to the master device */
if (minor == 0) {
/*
* the query command only need read-access - i.e., normal
* users are allowed to do those on the ctl device as
* long as they can open it read-only.
*/
switch (cmd) {
case LOFI_MAP_FILE:
return (EPERM);
case LOFI_MAP_FILE_MINOR:
return (EPERM);
case LOFI_UNMAP_FILE:
return (EPERM);
case LOFI_UNMAP_FILE_MINOR:
return (EPERM);
case LOFI_GET_FILENAME:
case LOFI_GET_MINOR:
case LOFI_GET_MAXMINOR:
sizeof (lofi_max_files), flag);
if (error)
return (EFAULT);
return (0);
case LOFI_CHECK_COMPRESSED:
default:
break;
}
}
return (ENXIO);
/*
* We explicitly allow DKIOCSTATE, but all other ioctls should fail with
* EIO as if the device was no longer present.
*/
return (EIO);
/* these are for faking out utilities like newfs */
switch (cmd) {
case DKIOCGVTOC:
case DDI_MODEL_ILP32: {
return (EFAULT);
break;
}
case DDI_MODEL_NONE:
return (EFAULT);
break;
}
return (0);
case DKIOCINFO:
if (error)
return (EFAULT);
return (0);
case DKIOCG_VIRTGEOM:
case DKIOCG_PHYGEOM:
case DKIOCGGEOM:
if (error)
return (EFAULT);
return (0);
case DKIOCSTATE:
/*
* Normally, lofi devices are always in the INSERTED state. If
* a device is forcefully unmapped, then the device transitions
* to the DKIO_DEV_GONE state.
*/
flag) != 0)
return (EFAULT);
/*
* By virtue of having the device open, we know that
* 'lsp' will remain valid when we return.
*/
&lsp->ls_vp_lock)) {
return (EINTR);
}
}
return (EFAULT);
return (0);
default:
return (ENOTTY);
}
}
static struct cb_ops lofi_cb_ops = {
lofi_open, /* open */
lofi_close, /* close */
lofi_strategy, /* strategy */
nodev, /* print */
nodev, /* dump */
lofi_read, /* read */
lofi_write, /* write */
lofi_ioctl, /* ioctl */
nodev, /* devmap */
nodev, /* mmap */
nodev, /* segmap */
nochpoll, /* poll */
ddi_prop_op, /* prop_op */
0, /* streamtab */
};
DEVO_REV, /* devo_rev, */
0, /* refcnt */
lofi_info, /* info */
nulldev, /* identify */
nulldev, /* probe */
lofi_attach, /* attach */
lofi_detach, /* detach */
nodev, /* reset */
&lofi_cb_ops, /* driver operations */
NULL, /* no bus operations */
NULL, /* power */
ddi_quiesce_not_needed, /* quiesce */
};
"loopback file driver",
&lofi_ops,
};
static struct modlinkage modlinkage = {
&modldrv,
};
int
_init(void)
{
int error;
sizeof (struct lofi_state), 0);
if (error)
return (error);
if (error) {
}
return (error);
}
int
_fini(void)
{
int error;
if (lofi_busy())
return (EBUSY);
if (error)
return (error);
return (error);
}
int
{
}