c8ab422553
In brd_init func, rd_nr num of brd_device are firstly allocated and add in brd_devices, then brd_devices are traversed to add each brd_device by calling add_disk func. When allocating brd_device, the disk->first_minor is set to i * max_part, if rd_nr * max_part is larger than MINORMASK, two different brd_device may have the same devt, then only one of them can be successfully added. when rmmod brd.ko, it will cause oops when calling brd_exit. Follow those steps: # modprobe brd rd_nr=3 rd_size=102400 max_part=1048576 # rmmod brd then, the oops will appear. Oops log: [ 726.613722] Call trace: [ 726.614175] kernfs_find_ns+0x24/0x130 [ 726.614852] kernfs_find_and_get_ns+0x44/0x68 [ 726.615749] sysfs_remove_group+0x38/0xb0 [ 726.616520] blk_trace_remove_sysfs+0x1c/0x28 [ 726.617320] blk_unregister_queue+0x98/0x100 [ 726.618105] del_gendisk+0x144/0x2b8 [ 726.618759] brd_exit+0x68/0x560 [brd] [ 726.619501] __arm64_sys_delete_module+0x19c/0x2a0 [ 726.620384] el0_svc_common+0x78/0x130 [ 726.621057] el0_svc_handler+0x38/0x78 [ 726.621738] el0_svc+0x8/0xc [ 726.622259] Code: aa0203f6 aa0103f7 aa1e03e0 d503201f (7940e260) Here, we add brd_check_and_reset_par func to check and limit max_part par. -- V5->V6: - remove useless code V4->V5:(suggested by Ming Lei) - make sure max_part is not larger than DISK_MAX_PARTS V3->V4:(suggested by Ming Lei) - remove useless change - add one limit of max_part V2->V3: (suggested by Ming Lei) - clear .minors when running out of consecutive minor space in brd_alloc - remove limit of rd_nr V1->V2: - add more checks in brd_check_par_valid as suggested by Ming Lei. Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> Reviewed-by: Bob Liu <bob.liu@oracle.com> Reviewed-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
571 lines
13 KiB
C
571 lines
13 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* Ram backed block device driver.
|
|
*
|
|
* Copyright (C) 2007 Nick Piggin
|
|
* Copyright (C) 2007 Novell Inc.
|
|
*
|
|
* Parts derived from drivers/block/rd.c, and drivers/block/loop.c, copyright
|
|
* of their respective owners.
|
|
*/
|
|
|
|
#include <linux/init.h>
|
|
#include <linux/initrd.h>
|
|
#include <linux/module.h>
|
|
#include <linux/moduleparam.h>
|
|
#include <linux/major.h>
|
|
#include <linux/blkdev.h>
|
|
#include <linux/bio.h>
|
|
#include <linux/highmem.h>
|
|
#include <linux/mutex.h>
|
|
#include <linux/radix-tree.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/backing-dev.h>
|
|
|
|
#include <linux/uaccess.h>
|
|
|
|
#define PAGE_SECTORS_SHIFT (PAGE_SHIFT - SECTOR_SHIFT)
|
|
#define PAGE_SECTORS (1 << PAGE_SECTORS_SHIFT)
|
|
|
|
/*
|
|
* Each block ramdisk device has a radix_tree brd_pages of pages that stores
|
|
* the pages containing the block device's contents. A brd page's ->index is
|
|
* its offset in PAGE_SIZE units. This is similar to, but in no way connected
|
|
* with, the kernel's pagecache or buffer cache (which sit above our block
|
|
* device).
|
|
*/
|
|
struct brd_device {
|
|
int brd_number;
|
|
|
|
struct request_queue *brd_queue;
|
|
struct gendisk *brd_disk;
|
|
struct list_head brd_list;
|
|
|
|
/*
|
|
* Backing store of pages and lock to protect it. This is the contents
|
|
* of the block device.
|
|
*/
|
|
spinlock_t brd_lock;
|
|
struct radix_tree_root brd_pages;
|
|
};
|
|
|
|
/*
|
|
* Look up and return a brd's page for a given sector.
|
|
*/
|
|
static struct page *brd_lookup_page(struct brd_device *brd, sector_t sector)
|
|
{
|
|
pgoff_t idx;
|
|
struct page *page;
|
|
|
|
/*
|
|
* The page lifetime is protected by the fact that we have opened the
|
|
* device node -- brd pages will never be deleted under us, so we
|
|
* don't need any further locking or refcounting.
|
|
*
|
|
* This is strictly true for the radix-tree nodes as well (ie. we
|
|
* don't actually need the rcu_read_lock()), however that is not a
|
|
* documented feature of the radix-tree API so it is better to be
|
|
* safe here (we don't have total exclusion from radix tree updates
|
|
* here, only deletes).
|
|
*/
|
|
rcu_read_lock();
|
|
idx = sector >> PAGE_SECTORS_SHIFT; /* sector to page index */
|
|
page = radix_tree_lookup(&brd->brd_pages, idx);
|
|
rcu_read_unlock();
|
|
|
|
BUG_ON(page && page->index != idx);
|
|
|
|
return page;
|
|
}
|
|
|
|
/*
|
|
* Look up and return a brd's page for a given sector.
|
|
* If one does not exist, allocate an empty page, and insert that. Then
|
|
* return it.
|
|
*/
|
|
static struct page *brd_insert_page(struct brd_device *brd, sector_t sector)
|
|
{
|
|
pgoff_t idx;
|
|
struct page *page;
|
|
gfp_t gfp_flags;
|
|
|
|
page = brd_lookup_page(brd, sector);
|
|
if (page)
|
|
return page;
|
|
|
|
/*
|
|
* Must use NOIO because we don't want to recurse back into the
|
|
* block or filesystem layers from page reclaim.
|
|
*/
|
|
gfp_flags = GFP_NOIO | __GFP_ZERO | __GFP_HIGHMEM;
|
|
page = alloc_page(gfp_flags);
|
|
if (!page)
|
|
return NULL;
|
|
|
|
if (radix_tree_preload(GFP_NOIO)) {
|
|
__free_page(page);
|
|
return NULL;
|
|
}
|
|
|
|
spin_lock(&brd->brd_lock);
|
|
idx = sector >> PAGE_SECTORS_SHIFT;
|
|
page->index = idx;
|
|
if (radix_tree_insert(&brd->brd_pages, idx, page)) {
|
|
__free_page(page);
|
|
page = radix_tree_lookup(&brd->brd_pages, idx);
|
|
BUG_ON(!page);
|
|
BUG_ON(page->index != idx);
|
|
}
|
|
spin_unlock(&brd->brd_lock);
|
|
|
|
radix_tree_preload_end();
|
|
|
|
return page;
|
|
}
|
|
|
|
/*
|
|
* Free all backing store pages and radix tree. This must only be called when
|
|
* there are no other users of the device.
|
|
*/
|
|
#define FREE_BATCH 16
|
|
static void brd_free_pages(struct brd_device *brd)
|
|
{
|
|
unsigned long pos = 0;
|
|
struct page *pages[FREE_BATCH];
|
|
int nr_pages;
|
|
|
|
do {
|
|
int i;
|
|
|
|
nr_pages = radix_tree_gang_lookup(&brd->brd_pages,
|
|
(void **)pages, pos, FREE_BATCH);
|
|
|
|
for (i = 0; i < nr_pages; i++) {
|
|
void *ret;
|
|
|
|
BUG_ON(pages[i]->index < pos);
|
|
pos = pages[i]->index;
|
|
ret = radix_tree_delete(&brd->brd_pages, pos);
|
|
BUG_ON(!ret || ret != pages[i]);
|
|
__free_page(pages[i]);
|
|
}
|
|
|
|
pos++;
|
|
|
|
/*
|
|
* It takes 3.4 seconds to remove 80GiB ramdisk.
|
|
* So, we need cond_resched to avoid stalling the CPU.
|
|
*/
|
|
cond_resched();
|
|
|
|
/*
|
|
* This assumes radix_tree_gang_lookup always returns as
|
|
* many pages as possible. If the radix-tree code changes,
|
|
* so will this have to.
|
|
*/
|
|
} while (nr_pages == FREE_BATCH);
|
|
}
|
|
|
|
/*
|
|
* copy_to_brd_setup must be called before copy_to_brd. It may sleep.
|
|
*/
|
|
static int copy_to_brd_setup(struct brd_device *brd, sector_t sector, size_t n)
|
|
{
|
|
unsigned int offset = (sector & (PAGE_SECTORS-1)) << SECTOR_SHIFT;
|
|
size_t copy;
|
|
|
|
copy = min_t(size_t, n, PAGE_SIZE - offset);
|
|
if (!brd_insert_page(brd, sector))
|
|
return -ENOSPC;
|
|
if (copy < n) {
|
|
sector += copy >> SECTOR_SHIFT;
|
|
if (!brd_insert_page(brd, sector))
|
|
return -ENOSPC;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Copy n bytes from src to the brd starting at sector. Does not sleep.
|
|
*/
|
|
static void copy_to_brd(struct brd_device *brd, const void *src,
|
|
sector_t sector, size_t n)
|
|
{
|
|
struct page *page;
|
|
void *dst;
|
|
unsigned int offset = (sector & (PAGE_SECTORS-1)) << SECTOR_SHIFT;
|
|
size_t copy;
|
|
|
|
copy = min_t(size_t, n, PAGE_SIZE - offset);
|
|
page = brd_lookup_page(brd, sector);
|
|
BUG_ON(!page);
|
|
|
|
dst = kmap_atomic(page);
|
|
memcpy(dst + offset, src, copy);
|
|
kunmap_atomic(dst);
|
|
|
|
if (copy < n) {
|
|
src += copy;
|
|
sector += copy >> SECTOR_SHIFT;
|
|
copy = n - copy;
|
|
page = brd_lookup_page(brd, sector);
|
|
BUG_ON(!page);
|
|
|
|
dst = kmap_atomic(page);
|
|
memcpy(dst, src, copy);
|
|
kunmap_atomic(dst);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Copy n bytes to dst from the brd starting at sector. Does not sleep.
|
|
*/
|
|
static void copy_from_brd(void *dst, struct brd_device *brd,
|
|
sector_t sector, size_t n)
|
|
{
|
|
struct page *page;
|
|
void *src;
|
|
unsigned int offset = (sector & (PAGE_SECTORS-1)) << SECTOR_SHIFT;
|
|
size_t copy;
|
|
|
|
copy = min_t(size_t, n, PAGE_SIZE - offset);
|
|
page = brd_lookup_page(brd, sector);
|
|
if (page) {
|
|
src = kmap_atomic(page);
|
|
memcpy(dst, src + offset, copy);
|
|
kunmap_atomic(src);
|
|
} else
|
|
memset(dst, 0, copy);
|
|
|
|
if (copy < n) {
|
|
dst += copy;
|
|
sector += copy >> SECTOR_SHIFT;
|
|
copy = n - copy;
|
|
page = brd_lookup_page(brd, sector);
|
|
if (page) {
|
|
src = kmap_atomic(page);
|
|
memcpy(dst, src, copy);
|
|
kunmap_atomic(src);
|
|
} else
|
|
memset(dst, 0, copy);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Process a single bvec of a bio.
|
|
*/
|
|
static int brd_do_bvec(struct brd_device *brd, struct page *page,
|
|
unsigned int len, unsigned int off, unsigned int op,
|
|
sector_t sector)
|
|
{
|
|
void *mem;
|
|
int err = 0;
|
|
|
|
if (op_is_write(op)) {
|
|
err = copy_to_brd_setup(brd, sector, len);
|
|
if (err)
|
|
goto out;
|
|
}
|
|
|
|
mem = kmap_atomic(page);
|
|
if (!op_is_write(op)) {
|
|
copy_from_brd(mem + off, brd, sector, len);
|
|
flush_dcache_page(page);
|
|
} else {
|
|
flush_dcache_page(page);
|
|
copy_to_brd(brd, mem + off, sector, len);
|
|
}
|
|
kunmap_atomic(mem);
|
|
|
|
out:
|
|
return err;
|
|
}
|
|
|
|
static blk_qc_t brd_make_request(struct request_queue *q, struct bio *bio)
|
|
{
|
|
struct brd_device *brd = bio->bi_disk->private_data;
|
|
struct bio_vec bvec;
|
|
sector_t sector;
|
|
struct bvec_iter iter;
|
|
|
|
sector = bio->bi_iter.bi_sector;
|
|
if (bio_end_sector(bio) > get_capacity(bio->bi_disk))
|
|
goto io_error;
|
|
|
|
bio_for_each_segment(bvec, bio, iter) {
|
|
unsigned int len = bvec.bv_len;
|
|
int err;
|
|
|
|
/* Don't support un-aligned buffer */
|
|
WARN_ON_ONCE((bvec.bv_offset & (SECTOR_SIZE - 1)) ||
|
|
(len & (SECTOR_SIZE - 1)));
|
|
|
|
err = brd_do_bvec(brd, bvec.bv_page, len, bvec.bv_offset,
|
|
bio_op(bio), sector);
|
|
if (err)
|
|
goto io_error;
|
|
sector += len >> SECTOR_SHIFT;
|
|
}
|
|
|
|
bio_endio(bio);
|
|
return BLK_QC_T_NONE;
|
|
io_error:
|
|
bio_io_error(bio);
|
|
return BLK_QC_T_NONE;
|
|
}
|
|
|
|
static int brd_rw_page(struct block_device *bdev, sector_t sector,
|
|
struct page *page, unsigned int op)
|
|
{
|
|
struct brd_device *brd = bdev->bd_disk->private_data;
|
|
int err;
|
|
|
|
if (PageTransHuge(page))
|
|
return -ENOTSUPP;
|
|
err = brd_do_bvec(brd, page, PAGE_SIZE, 0, op, sector);
|
|
page_endio(page, op_is_write(op), err);
|
|
return err;
|
|
}
|
|
|
|
static const struct block_device_operations brd_fops = {
|
|
.owner = THIS_MODULE,
|
|
.rw_page = brd_rw_page,
|
|
};
|
|
|
|
/*
|
|
* And now the modules code and kernel interface.
|
|
*/
|
|
static int rd_nr = CONFIG_BLK_DEV_RAM_COUNT;
|
|
module_param(rd_nr, int, 0444);
|
|
MODULE_PARM_DESC(rd_nr, "Maximum number of brd devices");
|
|
|
|
unsigned long rd_size = CONFIG_BLK_DEV_RAM_SIZE;
|
|
module_param(rd_size, ulong, 0444);
|
|
MODULE_PARM_DESC(rd_size, "Size of each RAM disk in kbytes.");
|
|
|
|
static int max_part = 1;
|
|
module_param(max_part, int, 0444);
|
|
MODULE_PARM_DESC(max_part, "Num Minors to reserve between devices");
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_ALIAS_BLOCKDEV_MAJOR(RAMDISK_MAJOR);
|
|
MODULE_ALIAS("rd");
|
|
|
|
#ifndef MODULE
|
|
/* Legacy boot options - nonmodular */
|
|
static int __init ramdisk_size(char *str)
|
|
{
|
|
rd_size = simple_strtol(str, NULL, 0);
|
|
return 1;
|
|
}
|
|
__setup("ramdisk_size=", ramdisk_size);
|
|
#endif
|
|
|
|
/*
|
|
* The device scheme is derived from loop.c. Keep them in synch where possible
|
|
* (should share code eventually).
|
|
*/
|
|
static LIST_HEAD(brd_devices);
|
|
static DEFINE_MUTEX(brd_devices_mutex);
|
|
|
|
static struct brd_device *brd_alloc(int i)
|
|
{
|
|
struct brd_device *brd;
|
|
struct gendisk *disk;
|
|
|
|
brd = kzalloc(sizeof(*brd), GFP_KERNEL);
|
|
if (!brd)
|
|
goto out;
|
|
brd->brd_number = i;
|
|
spin_lock_init(&brd->brd_lock);
|
|
INIT_RADIX_TREE(&brd->brd_pages, GFP_ATOMIC);
|
|
|
|
brd->brd_queue = blk_alloc_queue(GFP_KERNEL);
|
|
if (!brd->brd_queue)
|
|
goto out_free_dev;
|
|
|
|
blk_queue_make_request(brd->brd_queue, brd_make_request);
|
|
|
|
/* This is so fdisk will align partitions on 4k, because of
|
|
* direct_access API needing 4k alignment, returning a PFN
|
|
* (This is only a problem on very small devices <= 4M,
|
|
* otherwise fdisk will align on 1M. Regardless this call
|
|
* is harmless)
|
|
*/
|
|
blk_queue_physical_block_size(brd->brd_queue, PAGE_SIZE);
|
|
disk = brd->brd_disk = alloc_disk(max_part);
|
|
if (!disk)
|
|
goto out_free_queue;
|
|
disk->major = RAMDISK_MAJOR;
|
|
disk->first_minor = i * max_part;
|
|
disk->fops = &brd_fops;
|
|
disk->private_data = brd;
|
|
disk->flags = GENHD_FL_EXT_DEVT;
|
|
sprintf(disk->disk_name, "ram%d", i);
|
|
set_capacity(disk, rd_size * 2);
|
|
brd->brd_queue->backing_dev_info->capabilities |= BDI_CAP_SYNCHRONOUS_IO;
|
|
|
|
/* Tell the block layer that this is not a rotational device */
|
|
blk_queue_flag_set(QUEUE_FLAG_NONROT, brd->brd_queue);
|
|
blk_queue_flag_clear(QUEUE_FLAG_ADD_RANDOM, brd->brd_queue);
|
|
|
|
return brd;
|
|
|
|
out_free_queue:
|
|
blk_cleanup_queue(brd->brd_queue);
|
|
out_free_dev:
|
|
kfree(brd);
|
|
out:
|
|
return NULL;
|
|
}
|
|
|
|
static void brd_free(struct brd_device *brd)
|
|
{
|
|
put_disk(brd->brd_disk);
|
|
blk_cleanup_queue(brd->brd_queue);
|
|
brd_free_pages(brd);
|
|
kfree(brd);
|
|
}
|
|
|
|
static struct brd_device *brd_init_one(int i, bool *new)
|
|
{
|
|
struct brd_device *brd;
|
|
|
|
*new = false;
|
|
list_for_each_entry(brd, &brd_devices, brd_list) {
|
|
if (brd->brd_number == i)
|
|
goto out;
|
|
}
|
|
|
|
brd = brd_alloc(i);
|
|
if (brd) {
|
|
brd->brd_disk->queue = brd->brd_queue;
|
|
add_disk(brd->brd_disk);
|
|
list_add_tail(&brd->brd_list, &brd_devices);
|
|
}
|
|
*new = true;
|
|
out:
|
|
return brd;
|
|
}
|
|
|
|
static void brd_del_one(struct brd_device *brd)
|
|
{
|
|
list_del(&brd->brd_list);
|
|
del_gendisk(brd->brd_disk);
|
|
brd_free(brd);
|
|
}
|
|
|
|
static struct kobject *brd_probe(dev_t dev, int *part, void *data)
|
|
{
|
|
struct brd_device *brd;
|
|
struct kobject *kobj;
|
|
bool new;
|
|
|
|
mutex_lock(&brd_devices_mutex);
|
|
brd = brd_init_one(MINOR(dev) / max_part, &new);
|
|
kobj = brd ? get_disk_and_module(brd->brd_disk) : NULL;
|
|
mutex_unlock(&brd_devices_mutex);
|
|
|
|
if (new)
|
|
*part = 0;
|
|
|
|
return kobj;
|
|
}
|
|
|
|
static inline void brd_check_and_reset_par(void)
|
|
{
|
|
if (unlikely(!max_part))
|
|
max_part = 1;
|
|
|
|
/*
|
|
* make sure 'max_part' can be divided exactly by (1U << MINORBITS),
|
|
* otherwise, it is possiable to get same dev_t when adding partitions.
|
|
*/
|
|
if ((1U << MINORBITS) % max_part != 0)
|
|
max_part = 1UL << fls(max_part);
|
|
|
|
if (max_part > DISK_MAX_PARTS) {
|
|
pr_info("brd: max_part can't be larger than %d, reset max_part = %d.\n",
|
|
DISK_MAX_PARTS, DISK_MAX_PARTS);
|
|
max_part = DISK_MAX_PARTS;
|
|
}
|
|
}
|
|
|
|
static int __init brd_init(void)
|
|
{
|
|
struct brd_device *brd, *next;
|
|
int i;
|
|
|
|
/*
|
|
* brd module now has a feature to instantiate underlying device
|
|
* structure on-demand, provided that there is an access dev node.
|
|
*
|
|
* (1) if rd_nr is specified, create that many upfront. else
|
|
* it defaults to CONFIG_BLK_DEV_RAM_COUNT
|
|
* (2) User can further extend brd devices by create dev node themselves
|
|
* and have kernel automatically instantiate actual device
|
|
* on-demand. Example:
|
|
* mknod /path/devnod_name b 1 X # 1 is the rd major
|
|
* fdisk -l /path/devnod_name
|
|
* If (X / max_part) was not already created it will be created
|
|
* dynamically.
|
|
*/
|
|
|
|
if (register_blkdev(RAMDISK_MAJOR, "ramdisk"))
|
|
return -EIO;
|
|
|
|
brd_check_and_reset_par();
|
|
|
|
for (i = 0; i < rd_nr; i++) {
|
|
brd = brd_alloc(i);
|
|
if (!brd)
|
|
goto out_free;
|
|
list_add_tail(&brd->brd_list, &brd_devices);
|
|
}
|
|
|
|
/* point of no return */
|
|
|
|
list_for_each_entry(brd, &brd_devices, brd_list) {
|
|
/*
|
|
* associate with queue just before adding disk for
|
|
* avoiding to mess up failure path
|
|
*/
|
|
brd->brd_disk->queue = brd->brd_queue;
|
|
add_disk(brd->brd_disk);
|
|
}
|
|
|
|
blk_register_region(MKDEV(RAMDISK_MAJOR, 0), 1UL << MINORBITS,
|
|
THIS_MODULE, brd_probe, NULL, NULL);
|
|
|
|
pr_info("brd: module loaded\n");
|
|
return 0;
|
|
|
|
out_free:
|
|
list_for_each_entry_safe(brd, next, &brd_devices, brd_list) {
|
|
list_del(&brd->brd_list);
|
|
brd_free(brd);
|
|
}
|
|
unregister_blkdev(RAMDISK_MAJOR, "ramdisk");
|
|
|
|
pr_info("brd: module NOT loaded !!!\n");
|
|
return -ENOMEM;
|
|
}
|
|
|
|
static void __exit brd_exit(void)
|
|
{
|
|
struct brd_device *brd, *next;
|
|
|
|
list_for_each_entry_safe(brd, next, &brd_devices, brd_list)
|
|
brd_del_one(brd);
|
|
|
|
blk_unregister_region(MKDEV(RAMDISK_MAJOR, 0), 1UL << MINORBITS);
|
|
unregister_blkdev(RAMDISK_MAJOR, "ramdisk");
|
|
|
|
pr_info("brd: module unloaded\n");
|
|
}
|
|
|
|
module_init(brd_init);
|
|
module_exit(brd_exit);
|
|
|