2 * Copyright (c) 2002 Poul-Henning Kamp
3 * Copyright (c) 2002 Networks Associates Technology, Inc.
6 * This software was developed for the FreeBSD Project by Poul-Henning Kamp
7 * and NAI Labs, the Security Research Division of Network Associates, Inc.
8 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
9 * DARPA CHATS research program.
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. The names of the authors may not be used to endorse or promote
20 * products derived from this software without specific prior written
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36 #include <sys/cdefs.h>
37 __FBSDID("$FreeBSD$");
39 #include <sys/param.h>
40 #include <sys/systm.h>
41 #include <sys/devicestat.h>
42 #include <sys/kernel.h>
43 #include <sys/malloc.h>
45 #include <sys/sysctl.h>
47 #include <sys/kthread.h>
49 #include <sys/mutex.h>
50 #include <sys/errno.h>
52 #include <geom/geom.h>
53 #include <geom/geom_int.h>
54 #include <machine/stdarg.h>
56 struct class_list_head g_classes = LIST_HEAD_INITIALIZER(g_classes);
57 static struct g_tailq_head geoms = TAILQ_HEAD_INITIALIZER(geoms);
58 char *g_wait_event, *g_wait_up, *g_wait_down, *g_wait_sim;
66 * This event offers a new class a chance to taste all preexisting providers.
69 g_load_class(void *arg, int flag)
72 struct g_class *mp2, *mp;
74 struct g_provider *pp;
77 if (flag == EV_CANCEL) /* XXX: can't happen ? */
85 g_trace(G_T_TOPOLOGY, "g_load_class(%s)", mp->name);
86 KASSERT(mp->name != NULL && *mp->name != '\0',
87 ("GEOM class has no name"));
88 LIST_FOREACH(mp2, &g_classes, class) {
90 ("The GEOM class %s already loaded", mp2->name));
91 KASSERT(strcmp(mp2->name, mp->name) != 0,
92 ("A GEOM class named %s is already loaded", mp2->name));
96 LIST_INSERT_HEAD(&g_classes, mp, class);
99 if (mp->taste == NULL)
101 LIST_FOREACH(mp2, &g_classes, class) {
104 LIST_FOREACH(gp, &mp2->geom, geom) {
105 LIST_FOREACH(pp, &gp->provider, provider) {
106 mp->taste(mp, pp, 0);
114 g_unload_class(void *arg, int flag)
119 struct g_provider *pp;
120 struct g_consumer *cp;
127 g_trace(G_T_TOPOLOGY, "g_unload_class(%s)", mp->name);
130 * We allow unloading if we have no geoms, or a class
131 * method we can use to get rid of them.
133 if (!LIST_EMPTY(&mp->geom) && mp->destroy_geom == NULL) {
134 hh->error = EOPNOTSUPP;
138 /* We refuse to unload if anything is open */
139 LIST_FOREACH(gp, &mp->geom, geom) {
140 LIST_FOREACH(pp, &gp->provider, provider)
141 if (pp->acr || pp->acw || pp->ace) {
145 LIST_FOREACH(cp, &gp->consumer, consumer)
146 if (cp->acr || cp->acw || cp->ace) {
152 /* Bar new entries */
158 gp = LIST_FIRST(&mp->geom);
161 error = mp->destroy_geom(NULL, mp, gp);
166 if (mp->fini != NULL)
168 LIST_REMOVE(mp, class);
175 g_modevent(module_t mod, int type, void *data)
179 static int g_ignition;
183 if (mp->version != G_VERSION) {
184 printf("GEOM class %s has Wrong version %x\n",
185 mp->name, mp->version);
192 hh = g_malloc(sizeof *hh, M_WAITOK | M_ZERO);
197 g_trace(G_T_TOPOLOGY, "g_modevent(%s, LOAD)", hh->mp->name);
198 g_post_event(g_load_class, hh, M_WAITOK, NULL);
202 g_trace(G_T_TOPOLOGY, "g_modevent(%s, UNLOAD)", hh->mp->name);
203 error = g_waitfor_event(g_unload_class, hh, M_WAITOK, NULL);
208 KASSERT(LIST_EMPTY(&hh->mp->geom),
209 ("Unloaded class (%s) still has geom", hh->mp->name));
221 g_new_geomf(struct g_class *mp, const char *fmt, ...)
229 sb = sbuf_new(NULL, NULL, 0, SBUF_AUTOEXTEND);
231 sbuf_vprintf(sb, fmt, ap);
234 gp = g_malloc(sizeof *gp, M_WAITOK | M_ZERO);
235 gp->name = g_malloc(sbuf_len(sb) + 1, M_WAITOK | M_ZERO);
238 LIST_INIT(&gp->consumer);
239 LIST_INIT(&gp->provider);
240 LIST_INSERT_HEAD(&mp->geom, gp, geom);
241 TAILQ_INSERT_HEAD(&geoms, gp, geoms);
242 strcpy(gp->name, sbuf_data(sb));
244 /* Fill in defaults from class */
245 gp->start = mp->start;
246 gp->spoiled = mp->spoiled;
247 gp->dumpconf = mp->dumpconf;
248 gp->access = mp->access;
249 gp->orphan = mp->orphan;
250 gp->ioctl = mp->ioctl;
255 g_destroy_geom(struct g_geom *gp)
260 g_trace(G_T_TOPOLOGY, "g_destroy_geom(%p(%s))", gp, gp->name);
261 KASSERT(LIST_EMPTY(&gp->consumer),
262 ("g_destroy_geom(%s) with consumer(s) [%p]",
263 gp->name, LIST_FIRST(&gp->consumer)));
264 KASSERT(LIST_EMPTY(&gp->provider),
265 ("g_destroy_geom(%s) with provider(s) [%p]",
266 gp->name, LIST_FIRST(&gp->provider)));
268 LIST_REMOVE(gp, geom);
269 TAILQ_REMOVE(&geoms, gp, geoms);
275 * This function is called (repeatedly) until the has withered away.
278 g_wither_geom(struct g_geom *gp, int error)
280 struct g_provider *pp;
284 g_trace(G_T_TOPOLOGY, "g_wither_geom(%p(%s))", gp, gp->name);
285 if (!(gp->flags & G_GEOM_WITHER)) {
286 gp->flags |= G_GEOM_WITHER;
287 LIST_FOREACH(pp, &gp->provider, provider)
288 if (!(pp->flags & G_PF_ORPHAN))
289 g_orphan_provider(pp, error);
295 * This function is called (repeatedly) until we cant wash away more
296 * withered bits at present. Return value contains two bits. Bit 0
297 * set means "withering stuff we can't wash now", bit 1 means "call
298 * me again, there may be stuff I didn't get the first time around.
304 struct g_geom *gp, *gp2;
305 struct g_provider *pp, *pp2;
306 struct g_consumer *cp, *cp2;
311 LIST_FOREACH(mp, &g_classes, class) {
312 LIST_FOREACH_SAFE(gp, &mp->geom, geom, gp2) {
313 LIST_FOREACH_SAFE(pp, &gp->provider, provider, pp2) {
314 if (!(pp->flags & G_PF_WITHER))
316 if (LIST_EMPTY(&pp->consumers))
317 g_destroy_provider(pp);
321 if (!(gp->flags & G_GEOM_WITHER))
323 LIST_FOREACH_SAFE(pp, &gp->provider, provider, pp2) {
324 if (LIST_EMPTY(&pp->consumers))
325 g_destroy_provider(pp);
329 LIST_FOREACH_SAFE(cp, &gp->consumer, consumer, cp2) {
330 if (cp->acr || cp->acw || cp->ace) {
334 if (cp->provider != NULL)
336 g_destroy_consumer(cp);
339 if (LIST_EMPTY(&gp->provider) &&
340 LIST_EMPTY(&gp->consumer))
350 g_new_consumer(struct g_geom *gp)
352 struct g_consumer *cp;
356 KASSERT(!(gp->flags & G_GEOM_WITHER),
357 ("g_new_consumer on WITHERing geom(%s) (class %s)",
358 gp->name, gp->class->name));
359 KASSERT(gp->orphan != NULL,
360 ("g_new_consumer on geom(%s) (class %s) without orphan",
361 gp->name, gp->class->name));
363 cp = g_malloc(sizeof *cp, M_WAITOK | M_ZERO);
365 cp->stat = devstat_new_entry(cp, -1, 0, DEVSTAT_ALL_SUPPORTED,
366 DEVSTAT_TYPE_DIRECT, DEVSTAT_PRIORITY_MAX);
367 LIST_INSERT_HEAD(&gp->consumer, cp, consumer);
372 g_destroy_consumer(struct g_consumer *cp)
377 G_VALID_CONSUMER(cp);
378 g_trace(G_T_TOPOLOGY, "g_destroy_consumer(%p)", cp);
379 KASSERT (cp->provider == NULL, ("g_destroy_consumer but attached"));
380 KASSERT (cp->acr == 0, ("g_destroy_consumer with acr"));
381 KASSERT (cp->acw == 0, ("g_destroy_consumer with acw"));
382 KASSERT (cp->ace == 0, ("g_destroy_consumer with ace"));
385 LIST_REMOVE(cp, consumer);
386 devstat_remove_entry(cp->stat);
388 if (gp->flags & G_GEOM_WITHER)
393 g_new_provider_event(void *arg, int flag)
396 struct g_provider *pp;
397 struct g_consumer *cp;
401 if (flag == EV_CANCEL)
406 G_VALID_PROVIDER(pp);
407 LIST_FOREACH(mp, &g_classes, class) {
408 if (mp->taste == NULL)
411 LIST_FOREACH(cp, &pp->consumers, consumers)
412 if (cp->geom->class == mp)
416 mp->taste(mp, pp, 0);
423 g_new_providerf(struct g_geom *gp, const char *fmt, ...)
425 struct g_provider *pp;
431 KASSERT(gp->access != NULL,
432 ("new provider on geom(%s) without ->access (class %s)",
433 gp->name, gp->class->name));
434 KASSERT(gp->start != NULL,
435 ("new provider on geom(%s) without ->start (class %s)",
436 gp->name, gp->class->name));
437 KASSERT(!(gp->flags & G_GEOM_WITHER),
438 ("new provider on WITHERing geom(%s) (class %s)",
439 gp->name, gp->class->name));
440 sb = sbuf_new(NULL, NULL, 0, SBUF_AUTOEXTEND);
442 sbuf_vprintf(sb, fmt, ap);
445 pp = g_malloc(sizeof *pp + sbuf_len(sb) + 1, M_WAITOK | M_ZERO);
446 pp->name = (char *)(pp + 1);
447 strcpy(pp->name, sbuf_data(sb));
449 LIST_INIT(&pp->consumers);
452 pp->stat = devstat_new_entry(pp, -1, 0, DEVSTAT_ALL_SUPPORTED,
453 DEVSTAT_TYPE_DIRECT, DEVSTAT_PRIORITY_MAX);
454 LIST_INSERT_HEAD(&gp->provider, pp, provider);
455 g_post_event(g_new_provider_event, pp, M_WAITOK, pp, gp, NULL);
460 g_error_provider(struct g_provider *pp, int error)
463 /* G_VALID_PROVIDER(pp); We may not have g_topology */
468 g_provider_by_name(char const *arg)
472 struct g_provider *pp;
474 LIST_FOREACH(cp, &g_classes, class) {
475 LIST_FOREACH(gp, &cp->geom, geom) {
476 LIST_FOREACH(pp, &gp->provider, provider) {
477 if (!strcmp(arg, pp->name))
486 g_destroy_provider(struct g_provider *pp)
491 G_VALID_PROVIDER(pp);
492 KASSERT(LIST_EMPTY(&pp->consumers),
493 ("g_destroy_provider but attached"));
494 KASSERT (pp->acr == 0, ("g_destroy_provider with acr"));
495 KASSERT (pp->acw == 0, ("g_destroy_provider with acw"));
496 KASSERT (pp->acw == 0, ("g_destroy_provider with ace"));
498 LIST_REMOVE(pp, provider);
500 devstat_remove_entry(pp->stat);
502 if ((gp->flags & G_GEOM_WITHER))
507 * We keep the "geoms" list sorted by topological order (== increasing
508 * numerical rank) at all times.
509 * When an attach is done, the attaching geoms rank is invalidated
510 * and it is moved to the tail of the list.
511 * All geoms later in the sequence has their ranks reevaluated in
512 * sequence. If we cannot assign rank to a geom because it's
513 * prerequisites do not have rank, we move that element to the tail
514 * of the sequence with invalid rank as well.
515 * At some point we encounter our original geom and if we stil fail
516 * to assign it a rank, there must be a loop and we fail back to
517 * g_attach() which detach again and calls redo_rank again
518 * to fix up the damage.
519 * It would be much simpler code wise to do it recursively, but we
520 * can't risk that on the kernel stack.
524 redo_rank(struct g_geom *gp)
526 struct g_consumer *cp;
527 struct g_geom *gp1, *gp2;
533 /* Invalidate this geoms rank and move it to the tail */
534 gp1 = TAILQ_NEXT(gp, geoms);
537 TAILQ_REMOVE(&geoms, gp, geoms);
538 TAILQ_INSERT_TAIL(&geoms, gp, geoms);
543 /* re-rank the rest of the sequence */
544 for (; gp1 != NULL; gp1 = gp2) {
547 LIST_FOREACH(cp, &gp1->consumer, consumer) {
548 if (cp->provider == NULL)
550 n = cp->provider->geom->rank;
558 gp2 = TAILQ_NEXT(gp1, geoms);
560 /* got a rank, moving on */
564 /* no rank to original geom means loop */
568 /* no rank, put it at the end move on */
569 TAILQ_REMOVE(&geoms, gp1, geoms);
570 TAILQ_INSERT_TAIL(&geoms, gp1, geoms);
576 g_attach(struct g_consumer *cp, struct g_provider *pp)
581 G_VALID_CONSUMER(cp);
582 G_VALID_PROVIDER(pp);
583 KASSERT(cp->provider == NULL, ("attach but attached"));
585 LIST_INSERT_HEAD(&pp->consumers, cp, consumers);
586 error = redo_rank(cp->geom);
588 LIST_REMOVE(cp, consumers);
596 g_detach(struct g_consumer *cp)
598 struct g_provider *pp;
601 G_VALID_CONSUMER(cp);
602 g_trace(G_T_TOPOLOGY, "g_detach(%p)", cp);
603 KASSERT(cp->provider != NULL, ("detach but not attached"));
604 KASSERT(cp->acr == 0, ("detach but nonzero acr"));
605 KASSERT(cp->acw == 0, ("detach but nonzero acw"));
606 KASSERT(cp->ace == 0, ("detach but nonzero ace"));
607 KASSERT(cp->nstart == cp->nend,
608 ("detach with active requests"));
610 LIST_REMOVE(cp, consumers);
612 if (pp->geom->flags & G_GEOM_WITHER)
614 else if (pp->flags & G_PF_WITHER)
622 * Access-check with delta values. The question asked is "can provider
623 * "cp" change the access counters by the relative amounts dc[rwe] ?"
627 g_access(struct g_consumer *cp, int dcr, int dcw, int dce)
629 struct g_provider *pp;
634 G_VALID_CONSUMER(cp);
636 KASSERT(pp != NULL, ("access but not attached"));
637 G_VALID_PROVIDER(pp);
639 g_trace(G_T_ACCESS, "g_access(%p(%s), %d, %d, %d)",
640 cp, pp->name, dcr, dcw, dce);
642 KASSERT(cp->acr + dcr >= 0, ("access resulting in negative acr"));
643 KASSERT(cp->acw + dcw >= 0, ("access resulting in negative acw"));
644 KASSERT(cp->ace + dce >= 0, ("access resulting in negative ace"));
645 KASSERT(dcr != 0 || dcw != 0 || dce != 0, ("NOP access request"));
646 KASSERT(pp->geom->access != NULL, ("NULL geom->access"));
649 * If our class cares about being spoiled, and we have been, we
650 * are probably just ahead of the event telling us that. Fail
651 * now rather than having to unravel this later.
653 if (cp->geom->spoiled != NULL && cp->spoiled &&
654 (dcr > 0 || dcw > 0 || dce > 0))
658 * Figure out what counts the provider would have had, if this
659 * consumer had (r0w0e0) at this time.
661 pr = pp->acr - cp->acr;
662 pw = pp->acw - cp->acw;
663 pe = pp->ace - cp->ace;
666 "open delta:[r%dw%de%d] old:[r%dw%de%d] provider:[r%dw%de%d] %p(%s)",
668 cp->acr, cp->acw, cp->ace,
669 pp->acr, pp->acw, pp->ace,
672 /* If foot-shooting is enabled, any open on rank#1 is OK */
673 if ((g_debugflags & 16) && pp->geom->rank == 1)
675 /* If we try exclusive but already write: fail */
676 else if (dce > 0 && pw > 0)
678 /* If we try write but already exclusive: fail */
679 else if (dcw > 0 && pe > 0)
681 /* If we try to open more but provider is error'ed: fail */
682 else if ((dcr > 0 || dcw > 0 || dce > 0) && pp->error != 0)
687 error = pp->geom->access(pp, dcr, dcw, dce);
688 KASSERT(dcr > 0 || dcw > 0 || dce > 0 || error == 0,
689 ("Geom provider %s::%s failed closing ->access()",
690 pp->geom->class->name, pp->name));
693 * If we open first write, spoil any partner consumers.
694 * If we close last write, trigger re-taste.
696 if (pp->acw == 0 && dcw != 0)
698 else if (pp->acw != 0 && pp->acw == -dcw &&
699 !(pp->geom->flags & G_GEOM_WITHER))
700 g_post_event(g_new_provider_event, pp, M_WAITOK,
714 g_handleattr_int(struct bio *bp, const char *attribute, int val)
717 return (g_handleattr(bp, attribute, &val, sizeof val));
721 g_handleattr_off_t(struct bio *bp, const char *attribute, off_t val)
724 return (g_handleattr(bp, attribute, &val, sizeof val));
728 g_handleattr(struct bio *bp, const char *attribute, void *val, int len)
732 if (strcmp(bp->bio_attribute, attribute))
734 if (bp->bio_length != len) {
735 printf("bio_length %jd len %d -> EFAULT\n",
736 (intmax_t)bp->bio_length, len);
740 bcopy(val, bp->bio_data, len);
741 bp->bio_completed = len;
743 g_io_deliver(bp, error);
748 g_std_access(struct g_provider *pp,
749 int dr __unused, int dw __unused, int de __unused)
753 G_VALID_PROVIDER(pp);
758 g_std_done(struct bio *bp)
762 bp2 = bp->bio_parent;
763 if (bp2->bio_error == 0)
764 bp2->bio_error = bp->bio_error;
765 bp2->bio_completed += bp->bio_completed;
768 if (bp2->bio_children == bp2->bio_inbed)
769 g_io_deliver(bp2, bp2->bio_error);
772 /* XXX: maybe this is only g_slice_spoiled */
775 g_std_spoiled(struct g_consumer *cp)
778 struct g_provider *pp;
781 G_VALID_CONSUMER(cp);
782 g_trace(G_T_TOPOLOGY, "g_std_spoiled(%p)", cp);
785 LIST_FOREACH(pp, &gp->provider, provider)
786 g_orphan_provider(pp, ENXIO);
787 g_destroy_consumer(cp);
788 if (LIST_EMPTY(&gp->provider) && LIST_EMPTY(&gp->consumer))
791 gp->flags |= G_GEOM_WITHER;
795 * Spoiling happens when a provider is opened for writing, but consumers
796 * which are configured by in-band data are attached (slicers for instance).
797 * Since the write might potentially change the in-band data, such consumers
798 * need to re-evaluate their existence after the writing session closes.
799 * We do this by (offering to) tear them down when the open for write happens
800 * in return for a re-taste when it closes again.
801 * Together with the fact that such consumers grab an 'e' bit whenever they
802 * are open, regardless of mode, this ends up DTRT.
806 g_spoil_event(void *arg, int flag)
808 struct g_provider *pp;
809 struct g_consumer *cp, *cp2;
812 if (flag == EV_CANCEL)
815 G_VALID_PROVIDER(pp);
816 for (cp = LIST_FIRST(&pp->consumers); cp != NULL; cp = cp2) {
817 cp2 = LIST_NEXT(cp, consumers);
821 if (cp->geom->spoiled == NULL)
823 cp->geom->spoiled(cp);
829 g_spoil(struct g_provider *pp, struct g_consumer *cp)
831 struct g_consumer *cp2;
834 G_VALID_PROVIDER(pp);
835 G_VALID_CONSUMER(cp);
837 LIST_FOREACH(cp2, &pp->consumers, consumers) {
841 KASSERT(cp2->acr == 0, ("spoiling cp->acr = %d", cp2->acr));
842 KASSERT(cp2->acw == 0, ("spoiling cp->acw = %d", cp2->acw));
844 KASSERT(cp2->ace == 0, ("spoiling cp->ace = %d", cp2->ace));
847 g_post_event(g_spoil_event, pp, M_WAITOK, pp, NULL);
851 g_getattr__(const char *attr, struct g_consumer *cp, void *var, int len)
856 error = g_io_getattr(attr, cp, &i, var);
866 * This function walks (topologically unsafely) the mesh and return a
867 * non-zero integer if it finds the argument pointer is an object.
868 * The return value indicates which type of object it is belived to be.
869 * If topology is not locked, this function is potentially dangerous,
870 * but since it is for debugging purposes and can be useful for instance
871 * from DDB, we do not assert topology lock is held.
874 g_valid_obj(void const *ptr)
878 struct g_consumer *cp;
879 struct g_provider *pp;
881 LIST_FOREACH(mp, &g_classes, class) {
884 LIST_FOREACH(gp, &mp->geom, geom) {
887 LIST_FOREACH(cp, &gp->consumer, consumer)
890 LIST_FOREACH(pp, &gp->provider, provider)