1 /* $NetBSD: spec_vnops.c,v 1.210 2022/03/28 12:39:10 riastradh Exp $ */ 2 3 /*- 4 * Copyright (c) 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * Copyright (c) 1989, 1993 31 * The Regents of the University of California. All rights reserved. 32 * 33 * Redistribution and use in source and binary forms, with or without 34 * modification, are permitted provided that the following conditions 35 * are met: 36 * 1. Redistributions of source code must retain the above copyright 37 * notice, this list of conditions and the following disclaimer. 38 * 2. Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in the 40 * documentation and/or other materials provided with the distribution. 41 * 3. Neither the name of the University nor the names of its contributors 42 * may be used to endorse or promote products derived from this software 43 * without specific prior written permission. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 55 * SUCH DAMAGE. 56 * 57 * @(#)spec_vnops.c 8.15 (Berkeley) 7/14/95 58 */ 59 60 #include <sys/cdefs.h> 61 __KERNEL_RCSID(0, "$NetBSD: spec_vnops.c,v 1.210 2022/03/28 12:39:10 riastradh Exp $"); 62 63 #include <sys/param.h> 64 #include <sys/proc.h> 65 #include <sys/systm.h> 66 #include <sys/kernel.h> 67 #include <sys/conf.h> 68 #include <sys/buf.h> 69 #include <sys/mount.h> 70 #include <sys/namei.h> 71 #include <sys/vnode_impl.h> 72 #include <sys/stat.h> 73 #include <sys/errno.h> 74 #include <sys/ioctl.h> 75 #include <sys/poll.h> 76 #include <sys/file.h> 77 #include <sys/disklabel.h> 78 #include <sys/disk.h> 79 #include <sys/lockf.h> 80 #include <sys/tty.h> 81 #include <sys/kauth.h> 82 #include <sys/fstrans.h> 83 #include <sys/module.h> 84 #include <sys/atomic.h> 85 86 #include <miscfs/genfs/genfs.h> 87 #include <miscfs/specfs/specdev.h> 88 89 /* 90 * Lock order: 91 * 92 * vnode lock 93 * -> device_lock 94 * -> struct vnode::v_interlock 95 */ 96 97 /* symbolic sleep message strings for devices */ 98 const char devopn[] = "devopn"; 99 const char devio[] = "devio"; 100 const char devwait[] = "devwait"; 101 const char devin[] = "devin"; 102 const char devout[] = "devout"; 103 const char devioc[] = "devioc"; 104 const char devcls[] = "devcls"; 105 106 #define SPECHSZ 64 107 #if ((SPECHSZ&(SPECHSZ-1)) == 0) 108 #define SPECHASH(rdev) (((rdev>>5)+(rdev))&(SPECHSZ-1)) 109 #else 110 #define SPECHASH(rdev) (((unsigned)((rdev>>5)+(rdev)))%SPECHSZ) 111 #endif 112 113 static vnode_t *specfs_hash[SPECHSZ]; 114 extern struct mount *dead_rootmount; 115 116 /* 117 * This vnode operations vector is used for special device nodes 118 * created from whole cloth by the kernel. For the ops vector for 119 * vnodes built from special devices found in a filesystem, see (e.g) 120 * ffs_specop_entries[] in ffs_vnops.c or the equivalent for other 121 * filesystems. 122 */ 123 124 int (**spec_vnodeop_p)(void *); 125 const struct vnodeopv_entry_desc spec_vnodeop_entries[] = { 126 { &vop_default_desc, vn_default_error }, 127 { &vop_parsepath_desc, genfs_parsepath }, /* parsepath */ 128 { &vop_lookup_desc, spec_lookup }, /* lookup */ 129 { &vop_create_desc, genfs_badop }, /* create */ 130 { &vop_mknod_desc, genfs_badop }, /* mknod */ 131 { &vop_open_desc, spec_open }, /* open */ 132 { &vop_close_desc, spec_close }, /* close */ 133 { &vop_access_desc, genfs_ebadf }, /* access */ 134 { &vop_accessx_desc, genfs_ebadf }, /* accessx */ 135 { &vop_getattr_desc, genfs_ebadf }, /* getattr */ 136 { &vop_setattr_desc, genfs_ebadf }, /* setattr */ 137 { &vop_read_desc, spec_read }, /* read */ 138 { &vop_write_desc, spec_write }, /* write */ 139 { &vop_fallocate_desc, genfs_eopnotsupp }, /* fallocate */ 140 { &vop_fdiscard_desc, spec_fdiscard }, /* fdiscard */ 141 { &vop_fcntl_desc, genfs_fcntl }, /* fcntl */ 142 { &vop_ioctl_desc, spec_ioctl }, /* ioctl */ 143 { &vop_poll_desc, spec_poll }, /* poll */ 144 { &vop_kqfilter_desc, spec_kqfilter }, /* kqfilter */ 145 { &vop_revoke_desc, genfs_revoke }, /* revoke */ 146 { &vop_mmap_desc, spec_mmap }, /* mmap */ 147 { &vop_fsync_desc, spec_fsync }, /* fsync */ 148 { &vop_seek_desc, spec_seek }, /* seek */ 149 { &vop_remove_desc, genfs_badop }, /* remove */ 150 { &vop_link_desc, genfs_badop }, /* link */ 151 { &vop_rename_desc, genfs_badop }, /* rename */ 152 { &vop_mkdir_desc, genfs_badop }, /* mkdir */ 153 { &vop_rmdir_desc, genfs_badop }, /* rmdir */ 154 { &vop_symlink_desc, genfs_badop }, /* symlink */ 155 { &vop_readdir_desc, genfs_badop }, /* readdir */ 156 { &vop_readlink_desc, genfs_badop }, /* readlink */ 157 { &vop_abortop_desc, genfs_badop }, /* abortop */ 158 { &vop_inactive_desc, spec_inactive }, /* inactive */ 159 { &vop_reclaim_desc, spec_reclaim }, /* reclaim */ 160 { &vop_lock_desc, genfs_lock }, /* lock */ 161 { &vop_unlock_desc, genfs_unlock }, /* unlock */ 162 { &vop_bmap_desc, spec_bmap }, /* bmap */ 163 { &vop_strategy_desc, spec_strategy }, /* strategy */ 164 { &vop_print_desc, spec_print }, /* print */ 165 { &vop_islocked_desc, genfs_islocked }, /* islocked */ 166 { &vop_pathconf_desc, spec_pathconf }, /* pathconf */ 167 { &vop_advlock_desc, spec_advlock }, /* advlock */ 168 { &vop_bwrite_desc, vn_bwrite }, /* bwrite */ 169 { &vop_getpages_desc, genfs_getpages }, /* getpages */ 170 { &vop_putpages_desc, genfs_putpages }, /* putpages */ 171 { NULL, NULL } 172 }; 173 const struct vnodeopv_desc spec_vnodeop_opv_desc = 174 { &spec_vnodeop_p, spec_vnodeop_entries }; 175 176 static kauth_listener_t rawio_listener; 177 static struct kcondvar specfs_iocv; 178 179 /* Returns true if vnode is /dev/mem or /dev/kmem. */ 180 bool 181 iskmemvp(struct vnode *vp) 182 { 183 return ((vp->v_type == VCHR) && iskmemdev(vp->v_rdev)); 184 } 185 186 /* 187 * Returns true if dev is /dev/mem or /dev/kmem. 188 */ 189 int 190 iskmemdev(dev_t dev) 191 { 192 /* mem_no is emitted by config(8) to generated devsw.c */ 193 extern const int mem_no; 194 195 /* minor 14 is /dev/io on i386 with COMPAT_10 */ 196 return (major(dev) == mem_no && (minor(dev) < 2 || minor(dev) == 14)); 197 } 198 199 static int 200 rawio_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 201 void *arg0, void *arg1, void *arg2, void *arg3) 202 { 203 int result; 204 205 result = KAUTH_RESULT_DEFER; 206 207 if ((action != KAUTH_DEVICE_RAWIO_SPEC) && 208 (action != KAUTH_DEVICE_RAWIO_PASSTHRU)) 209 return result; 210 211 /* Access is mandated by permissions. */ 212 result = KAUTH_RESULT_ALLOW; 213 214 return result; 215 } 216 217 void 218 spec_init(void) 219 { 220 221 rawio_listener = kauth_listen_scope(KAUTH_SCOPE_DEVICE, 222 rawio_listener_cb, NULL); 223 cv_init(&specfs_iocv, "specio"); 224 } 225 226 /* 227 * spec_io_enter(vp, &sn, &dev) 228 * 229 * Enter an operation that may not hold vp's vnode lock or an 230 * fstrans on vp's mount. Until spec_io_exit, the vnode will not 231 * be revoked. 232 * 233 * On success, set sn to the specnode pointer and dev to the dev_t 234 * number and return zero. Caller must later call spec_io_exit 235 * when done. 236 * 237 * On failure, return ENXIO -- the device has been revoked and no 238 * longer exists. 239 */ 240 static int 241 spec_io_enter(struct vnode *vp, struct specnode **snp, dev_t *devp) 242 { 243 dev_t dev; 244 struct specnode *sn; 245 unsigned iocnt; 246 int error = 0; 247 248 mutex_enter(vp->v_interlock); 249 250 /* 251 * Extract all the info we need from the vnode, unless the 252 * vnode has already been reclaimed. This can happen if the 253 * underlying device has been removed and all the device nodes 254 * for it have been revoked. The caller may not hold a vnode 255 * lock or fstrans to prevent this from happening before it has 256 * had an opportunity to notice the vnode is dead. 257 */ 258 if (vdead_check(vp, VDEAD_NOWAIT) != 0 || 259 (sn = vp->v_specnode) == NULL || 260 (dev = vp->v_rdev) == NODEV) { 261 error = ENXIO; 262 goto out; 263 } 264 265 /* 266 * Notify spec_close that we are doing an I/O operation which 267 * may not be not bracketed by fstrans(9) and thus is not 268 * blocked by vfs suspension. 269 * 270 * We could hold this reference with psref(9) instead, but we 271 * already have to take the interlock for vdead_check, so 272 * there's not much more cost here to another atomic operation. 273 */ 274 do { 275 iocnt = atomic_load_relaxed(&sn->sn_dev->sd_iocnt); 276 if (__predict_false(iocnt == UINT_MAX)) { 277 /* 278 * The I/O count is limited by the number of 279 * LWPs (which will never overflow this) -- 280 * unless one driver uses another driver via 281 * specfs, which is rather unusual, but which 282 * could happen via pud(4) userspace drivers. 283 * We could use a 64-bit count, but can't use 284 * atomics for that on all platforms. 285 * (Probably better to switch to psref or 286 * localcount instead.) 287 */ 288 error = EBUSY; 289 goto out; 290 } 291 } while (atomic_cas_uint(&sn->sn_dev->sd_iocnt, iocnt, iocnt + 1) 292 != iocnt); 293 294 /* Success! */ 295 *snp = sn; 296 *devp = dev; 297 error = 0; 298 299 out: mutex_exit(vp->v_interlock); 300 return error; 301 } 302 303 /* 304 * spec_io_exit(vp, sn) 305 * 306 * Exit an operation entered with a successful spec_io_enter -- 307 * allow concurrent spec_node_revoke to proceed. The argument sn 308 * must match the struct specnode pointer returned by spec_io_exit 309 * for vp. 310 */ 311 static void 312 spec_io_exit(struct vnode *vp, struct specnode *sn) 313 { 314 struct specdev *sd = sn->sn_dev; 315 unsigned iocnt; 316 317 KASSERT(vp->v_specnode == sn); 318 319 /* 320 * We are done. Notify spec_close if appropriate. The 321 * transition of 1 -> 0 must happen under device_lock so 322 * spec_close doesn't miss a wakeup. 323 */ 324 do { 325 iocnt = atomic_load_relaxed(&sd->sd_iocnt); 326 KASSERT(iocnt > 0); 327 if (iocnt == 1) { 328 mutex_enter(&device_lock); 329 if (atomic_dec_uint_nv(&sd->sd_iocnt) == 0) 330 cv_broadcast(&specfs_iocv); 331 mutex_exit(&device_lock); 332 break; 333 } 334 } while (atomic_cas_uint(&sd->sd_iocnt, iocnt, iocnt - 1) != iocnt); 335 } 336 337 /* 338 * spec_io_drain(sd) 339 * 340 * Wait for all existing spec_io_enter/exit sections to complete. 341 * Caller must ensure spec_io_enter will fail at this point. 342 */ 343 static void 344 spec_io_drain(struct specdev *sd) 345 { 346 347 /* 348 * I/O at the same time as closing is unlikely -- it often 349 * indicates an application bug. 350 */ 351 if (__predict_true(atomic_load_relaxed(&sd->sd_iocnt) == 0)) 352 return; 353 354 mutex_enter(&device_lock); 355 while (atomic_load_relaxed(&sd->sd_iocnt) > 0) 356 cv_wait(&specfs_iocv, &device_lock); 357 mutex_exit(&device_lock); 358 } 359 360 /* 361 * Initialize a vnode that represents a device. 362 */ 363 void 364 spec_node_init(vnode_t *vp, dev_t rdev) 365 { 366 specnode_t *sn; 367 specdev_t *sd; 368 vnode_t *vp2; 369 vnode_t **vpp; 370 371 KASSERT(vp->v_type == VBLK || vp->v_type == VCHR); 372 KASSERT(vp->v_specnode == NULL); 373 374 /* 375 * Search the hash table for this device. If known, add a 376 * reference to the device structure. If not known, create 377 * a new entry to represent the device. In all cases add 378 * the vnode to the hash table. 379 */ 380 sn = kmem_alloc(sizeof(*sn), KM_SLEEP); 381 sd = kmem_alloc(sizeof(*sd), KM_SLEEP); 382 mutex_enter(&device_lock); 383 vpp = &specfs_hash[SPECHASH(rdev)]; 384 for (vp2 = *vpp; vp2 != NULL; vp2 = vp2->v_specnext) { 385 KASSERT(vp2->v_specnode != NULL); 386 if (rdev == vp2->v_rdev && vp->v_type == vp2->v_type) { 387 break; 388 } 389 } 390 if (vp2 == NULL) { 391 /* No existing record, create a new one. */ 392 sd->sd_rdev = rdev; 393 sd->sd_mountpoint = NULL; 394 sd->sd_lockf = NULL; 395 sd->sd_refcnt = 1; 396 sd->sd_opencnt = 0; 397 sd->sd_bdevvp = NULL; 398 sd->sd_iocnt = 0; 399 sd->sd_opened = false; 400 sd->sd_closing = false; 401 sn->sn_dev = sd; 402 sd = NULL; 403 } else { 404 /* Use the existing record. */ 405 sn->sn_dev = vp2->v_specnode->sn_dev; 406 sn->sn_dev->sd_refcnt++; 407 } 408 /* Insert vnode into the hash chain. */ 409 sn->sn_opencnt = 0; 410 sn->sn_rdev = rdev; 411 sn->sn_gone = false; 412 vp->v_specnode = sn; 413 vp->v_specnext = *vpp; 414 *vpp = vp; 415 mutex_exit(&device_lock); 416 417 /* Free the record we allocated if unused. */ 418 if (sd != NULL) { 419 kmem_free(sd, sizeof(*sd)); 420 } 421 } 422 423 /* 424 * Lookup a vnode by device number and return it referenced. 425 */ 426 int 427 spec_node_lookup_by_dev(enum vtype type, dev_t dev, int flags, vnode_t **vpp) 428 { 429 int error; 430 vnode_t *vp; 431 432 top: mutex_enter(&device_lock); 433 for (vp = specfs_hash[SPECHASH(dev)]; vp; vp = vp->v_specnext) { 434 if (type == vp->v_type && dev == vp->v_rdev) { 435 mutex_enter(vp->v_interlock); 436 /* If clean or being cleaned, then ignore it. */ 437 if (vdead_check(vp, VDEAD_NOWAIT) == 0) 438 break; 439 if ((flags & VDEAD_NOWAIT) == 0) { 440 mutex_exit(&device_lock); 441 /* 442 * It may be being revoked as we speak, 443 * and the caller wants to wait until 444 * all revocation has completed. Let 445 * vcache_vget wait for it to finish 446 * dying; as a side effect, vcache_vget 447 * releases vp->v_interlock. Note that 448 * vcache_vget cannot succeed at this 449 * point because vdead_check already 450 * failed. 451 */ 452 error = vcache_vget(vp); 453 KASSERT(error); 454 goto top; 455 } 456 mutex_exit(vp->v_interlock); 457 } 458 } 459 KASSERT(vp == NULL || mutex_owned(vp->v_interlock)); 460 if (vp == NULL) { 461 mutex_exit(&device_lock); 462 return ENOENT; 463 } 464 /* 465 * If it is an opened block device return the opened vnode. 466 */ 467 if (type == VBLK && vp->v_specnode->sn_dev->sd_bdevvp != NULL) { 468 mutex_exit(vp->v_interlock); 469 vp = vp->v_specnode->sn_dev->sd_bdevvp; 470 mutex_enter(vp->v_interlock); 471 } 472 mutex_exit(&device_lock); 473 error = vcache_vget(vp); 474 if (error != 0) 475 return error; 476 *vpp = vp; 477 478 return 0; 479 } 480 481 /* 482 * Lookup a vnode by file system mounted on and return it referenced. 483 */ 484 int 485 spec_node_lookup_by_mount(struct mount *mp, vnode_t **vpp) 486 { 487 int i, error; 488 vnode_t *vp, *vq; 489 490 mutex_enter(&device_lock); 491 for (i = 0, vq = NULL; i < SPECHSZ && vq == NULL; i++) { 492 for (vp = specfs_hash[i]; vp; vp = vp->v_specnext) { 493 if (vp->v_type != VBLK) 494 continue; 495 vq = vp->v_specnode->sn_dev->sd_bdevvp; 496 if (vq != NULL && 497 vq->v_specnode->sn_dev->sd_mountpoint == mp) 498 break; 499 vq = NULL; 500 } 501 } 502 if (vq == NULL) { 503 mutex_exit(&device_lock); 504 return ENOENT; 505 } 506 mutex_enter(vq->v_interlock); 507 mutex_exit(&device_lock); 508 error = vcache_vget(vq); 509 if (error != 0) 510 return error; 511 *vpp = vq; 512 513 return 0; 514 515 } 516 517 /* 518 * Get the file system mounted on this block device. 519 * 520 * XXX Caller should hold the vnode lock -- shared or exclusive -- so 521 * that this can't changed, and the vnode can't be revoked while we 522 * examine it. But not all callers do, and they're scattered through a 523 * lot of file systems, so we can't assert this yet. 524 */ 525 struct mount * 526 spec_node_getmountedfs(vnode_t *devvp) 527 { 528 struct mount *mp; 529 530 KASSERT(devvp->v_type == VBLK); 531 mp = devvp->v_specnode->sn_dev->sd_mountpoint; 532 533 return mp; 534 } 535 536 /* 537 * Set the file system mounted on this block device. 538 * 539 * XXX Caller should hold the vnode lock exclusively so this can't be 540 * changed or assumed by spec_node_getmountedfs while we change it, and 541 * the vnode can't be revoked while we handle it. But not all callers 542 * do, and they're scattered through a lot of file systems, so we can't 543 * assert this yet. Instead, for now, we'll take an I/O reference so 544 * at least the ioctl doesn't race with revoke/detach. 545 * 546 * If you do change this to assert an exclusive vnode lock, you must 547 * also do vdead_check before trying bdev_ioctl, because the vnode may 548 * have been revoked by the time the caller locked it, and this is 549 * _not_ a vop -- calls to spec_node_setmountedfs don't go through 550 * v_op, so revoking the vnode doesn't prevent further calls. 551 * 552 * XXX Caller should additionally have the vnode open, at least if mp 553 * is nonnull, but I'm not sure all callers do that -- need to audit. 554 * Currently udf closes the vnode before clearing the mount. 555 */ 556 void 557 spec_node_setmountedfs(vnode_t *devvp, struct mount *mp) 558 { 559 struct dkwedge_info dkw; 560 struct specnode *sn; 561 dev_t dev; 562 int error; 563 564 KASSERT(devvp->v_type == VBLK); 565 566 error = spec_io_enter(devvp, &sn, &dev); 567 if (error) 568 return; 569 570 KASSERT(sn->sn_dev->sd_mountpoint == NULL || mp == NULL); 571 sn->sn_dev->sd_mountpoint = mp; 572 if (mp == NULL) 573 goto out; 574 575 error = bdev_ioctl(dev, DIOCGWEDGEINFO, &dkw, FREAD, curlwp); 576 if (error) 577 goto out; 578 579 strlcpy(mp->mnt_stat.f_mntfromlabel, dkw.dkw_wname, 580 sizeof(mp->mnt_stat.f_mntfromlabel)); 581 582 out: spec_io_exit(devvp, sn); 583 } 584 585 /* 586 * A vnode representing a special device is going away. Close 587 * the device if the vnode holds it open. 588 */ 589 void 590 spec_node_revoke(vnode_t *vp) 591 { 592 specnode_t *sn; 593 specdev_t *sd; 594 struct vnode **vpp; 595 596 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 597 598 sn = vp->v_specnode; 599 sd = sn->sn_dev; 600 601 KASSERT(vp->v_type == VBLK || vp->v_type == VCHR); 602 KASSERT(vp->v_specnode != NULL); 603 KASSERT(sn->sn_gone == false); 604 605 mutex_enter(&device_lock); 606 KASSERT(sn->sn_opencnt <= sd->sd_opencnt); 607 sn->sn_gone = true; 608 if (sn->sn_opencnt != 0) { 609 sd->sd_opencnt -= (sn->sn_opencnt - 1); 610 sn->sn_opencnt = 1; 611 mutex_exit(&device_lock); 612 613 VOP_CLOSE(vp, FNONBLOCK, NOCRED); 614 615 mutex_enter(&device_lock); 616 KASSERT(sn->sn_opencnt == 0); 617 } 618 619 /* 620 * We may have revoked the vnode in this thread while another 621 * thread was in the middle of spec_close, in the window when 622 * spec_close releases the vnode lock to call .d_close for the 623 * last close. In that case, wait for the concurrent 624 * spec_close to complete. 625 */ 626 while (sd->sd_closing) 627 cv_wait(&specfs_iocv, &device_lock); 628 629 /* 630 * Remove from the hash so lookups stop returning this 631 * specnode. We will dissociate it from the specdev -- and 632 * possibly free the specdev -- in spec_node_destroy. 633 */ 634 KASSERT(sn->sn_gone); 635 KASSERT(sn->sn_opencnt == 0); 636 for (vpp = &specfs_hash[SPECHASH(vp->v_rdev)];; 637 vpp = &(*vpp)->v_specnext) { 638 if (*vpp == vp) { 639 *vpp = vp->v_specnext; 640 vp->v_specnext = NULL; 641 break; 642 } 643 } 644 mutex_exit(&device_lock); 645 } 646 647 /* 648 * A vnode representing a special device is being recycled. 649 * Destroy the specfs component. 650 */ 651 void 652 spec_node_destroy(vnode_t *vp) 653 { 654 specnode_t *sn; 655 specdev_t *sd; 656 int refcnt; 657 658 sn = vp->v_specnode; 659 sd = sn->sn_dev; 660 661 KASSERT(vp->v_type == VBLK || vp->v_type == VCHR); 662 KASSERT(vp->v_specnode != NULL); 663 KASSERT(sn->sn_opencnt == 0); 664 665 mutex_enter(&device_lock); 666 sn = vp->v_specnode; 667 vp->v_specnode = NULL; 668 refcnt = sd->sd_refcnt--; 669 KASSERT(refcnt > 0); 670 mutex_exit(&device_lock); 671 672 /* If the device is no longer in use, destroy our record. */ 673 if (refcnt == 1) { 674 KASSERT(sd->sd_iocnt == 0); 675 KASSERT(sd->sd_opencnt == 0); 676 KASSERT(sd->sd_bdevvp == NULL); 677 kmem_free(sd, sizeof(*sd)); 678 } 679 kmem_free(sn, sizeof(*sn)); 680 } 681 682 /* 683 * Trivial lookup routine that always fails. 684 */ 685 int 686 spec_lookup(void *v) 687 { 688 struct vop_lookup_v2_args /* { 689 struct vnode *a_dvp; 690 struct vnode **a_vpp; 691 struct componentname *a_cnp; 692 } */ *ap = v; 693 694 *ap->a_vpp = NULL; 695 return (ENOTDIR); 696 } 697 698 typedef int (*spec_ioctl_t)(dev_t, u_long, void *, int, struct lwp *); 699 700 /* 701 * Open a special file. 702 */ 703 /* ARGSUSED */ 704 int 705 spec_open(void *v) 706 { 707 struct vop_open_args /* { 708 struct vnode *a_vp; 709 int a_mode; 710 kauth_cred_t a_cred; 711 } */ *ap = v; 712 struct lwp *l = curlwp; 713 struct vnode *vp = ap->a_vp; 714 dev_t dev, dev1; 715 int error; 716 enum kauth_device_req req; 717 specnode_t *sn, *sn1; 718 specdev_t *sd; 719 spec_ioctl_t ioctl; 720 u_int gen = 0; 721 const char *name = NULL; 722 bool needclose = false; 723 struct partinfo pi; 724 725 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 726 KASSERTMSG(vp->v_type == VBLK || vp->v_type == VCHR, "type=%d", 727 vp->v_type); 728 729 dev = vp->v_rdev; 730 sn = vp->v_specnode; 731 sd = sn->sn_dev; 732 733 /* 734 * Don't allow open if fs is mounted -nodev. 735 */ 736 if (vp->v_mount && (vp->v_mount->mnt_flag & MNT_NODEV)) 737 return (ENXIO); 738 739 switch (ap->a_mode & (FREAD | FWRITE)) { 740 case FREAD | FWRITE: 741 req = KAUTH_REQ_DEVICE_RAWIO_SPEC_RW; 742 break; 743 case FWRITE: 744 req = KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE; 745 break; 746 default: 747 req = KAUTH_REQ_DEVICE_RAWIO_SPEC_READ; 748 break; 749 } 750 error = kauth_authorize_device_spec(ap->a_cred, req, vp); 751 if (error != 0) 752 return (error); 753 754 /* 755 * Acquire an open reference -- as long as we hold onto it, and 756 * the vnode isn't revoked, it can't be closed, and the vnode 757 * can't be revoked until we release the vnode lock. 758 */ 759 mutex_enter(&device_lock); 760 KASSERT(!sn->sn_gone); 761 switch (vp->v_type) { 762 case VCHR: 763 /* 764 * Character devices can accept opens from multiple 765 * vnodes. But first, wait for any close to finish. 766 * Wait under the vnode lock so we don't have to worry 767 * about the vnode being revoked while we wait. 768 */ 769 while (sd->sd_closing) { 770 error = cv_wait_sig(&specfs_iocv, &device_lock); 771 if (error) 772 break; 773 } 774 if (error) 775 break; 776 sd->sd_opencnt++; 777 sn->sn_opencnt++; 778 break; 779 case VBLK: 780 /* 781 * For block devices, permit only one open. The buffer 782 * cache cannot remain self-consistent with multiple 783 * vnodes holding a block device open. 784 * 785 * Treat zero opencnt with non-NULL mountpoint as open. 786 * This may happen after forced detach of a mounted device. 787 */ 788 if (sd->sd_opencnt != 0 || sd->sd_mountpoint != NULL) { 789 error = EBUSY; 790 break; 791 } 792 KASSERTMSG(sn->sn_opencnt == 0, "%u", sn->sn_opencnt); 793 sn->sn_opencnt = 1; 794 sd->sd_opencnt = 1; 795 sd->sd_bdevvp = vp; 796 break; 797 default: 798 panic("invalid specfs vnode type: %d", vp->v_type); 799 } 800 mutex_exit(&device_lock); 801 if (error) 802 return error; 803 804 /* 805 * Set VV_ISTTY if this is a tty cdev. 806 * 807 * XXX This does the wrong thing if the module has to be 808 * autoloaded. We should maybe set this after autoloading 809 * modules and calling .d_open successfully, except (a) we need 810 * the vnode lock to touch it, and (b) once we acquire the 811 * vnode lock again, the vnode may have been revoked, and 812 * deadfs's dead_read needs VV_ISTTY to be already set in order 813 * to return the right answer. So this needs some additional 814 * synchronization to be made to work correctly with tty driver 815 * module autoload. For now, let's just hope it doesn't cause 816 * too much trouble for a tty from an autoloaded driver module 817 * to fail with EIO instead of returning EOF. 818 */ 819 if (vp->v_type == VCHR) { 820 if (cdev_type(dev) == D_TTY) 821 vp->v_vflag |= VV_ISTTY; 822 } 823 824 /* 825 * Because opening the device may block indefinitely, e.g. when 826 * opening a tty, and loading a module may cross into many 827 * other subsystems, we must not hold the vnode lock while 828 * calling .d_open, so release it now and reacquire it when 829 * done. 830 * 831 * Take an I/O reference so that any concurrent spec_close via 832 * spec_node_revoke will wait for us to finish calling .d_open. 833 * The vnode can't be dead at this point because we have it 834 * locked. Note that if revoked, the driver must interrupt 835 * .d_open before spec_close starts waiting for I/O to drain so 836 * this doesn't deadlock. 837 */ 838 VOP_UNLOCK(vp); 839 error = spec_io_enter(vp, &sn1, &dev1); 840 if (error) { 841 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 842 return error; 843 } 844 KASSERT(sn1 == sn); 845 KASSERT(dev1 == dev); 846 847 /* 848 * Open the device. If .d_open returns ENXIO (device not 849 * configured), the driver may not be loaded, so try 850 * autoloading a module and then try .d_open again if anything 851 * got loaded. 852 */ 853 switch (vp->v_type) { 854 case VCHR: 855 do { 856 const struct cdevsw *cdev; 857 858 gen = module_gen; 859 error = cdev_open(dev, ap->a_mode, S_IFCHR, l); 860 if (error != ENXIO) 861 break; 862 863 /* Check if we already have a valid driver */ 864 mutex_enter(&device_lock); 865 cdev = cdevsw_lookup(dev); 866 mutex_exit(&device_lock); 867 if (cdev != NULL) 868 break; 869 870 /* Get device name from devsw_conv array */ 871 if ((name = cdevsw_getname(major(dev))) == NULL) 872 break; 873 874 /* Try to autoload device module */ 875 (void) module_autoload(name, MODULE_CLASS_DRIVER); 876 } while (gen != module_gen); 877 break; 878 879 case VBLK: 880 do { 881 const struct bdevsw *bdev; 882 883 gen = module_gen; 884 error = bdev_open(dev, ap->a_mode, S_IFBLK, l); 885 if (error != ENXIO) 886 break; 887 888 /* Check if we already have a valid driver */ 889 mutex_enter(&device_lock); 890 bdev = bdevsw_lookup(dev); 891 mutex_exit(&device_lock); 892 if (bdev != NULL) 893 break; 894 895 /* Get device name from devsw_conv array */ 896 if ((name = bdevsw_getname(major(dev))) == NULL) 897 break; 898 899 /* Try to autoload device module */ 900 (void) module_autoload(name, MODULE_CLASS_DRIVER); 901 } while (gen != module_gen); 902 break; 903 904 default: 905 __unreachable(); 906 } 907 908 /* 909 * Release the I/O reference now that we have called .d_open, 910 * and reacquire the vnode lock. At this point, the device may 911 * have been revoked, so we must tread carefully. However, sn 912 * and sd remain valid pointers until we drop our reference. 913 */ 914 spec_io_exit(vp, sn); 915 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 916 KASSERT(vp->v_specnode == sn); 917 918 /* 919 * If it has been revoked since we released the vnode lock and 920 * reacquired it, then spec_node_revoke has closed it, and we 921 * must fail with EBADF. 922 * 923 * Otherwise, if opening it failed, back out and release the 924 * open reference. If it was ever successfully opened and we 925 * got the last reference this way, it's now our job to close 926 * it. This might happen in the following scenario: 927 * 928 * Thread 1 Thread 2 929 * VOP_OPEN 930 * ... 931 * .d_open -> 0 (success) 932 * acquire vnode lock 933 * do stuff VOP_OPEN 934 * release vnode lock ... 935 * .d_open -> EBUSY 936 * VOP_CLOSE 937 * acquire vnode lock 938 * --sd_opencnt != 0 939 * => no .d_close 940 * release vnode lock 941 * acquire vnode lock 942 * --sd_opencnt == 0 943 * 944 * We can't resolve this by making spec_close wait for .d_open 945 * to complete before examining sd_opencnt, because .d_open can 946 * hang indefinitely, e.g. for a tty. 947 */ 948 mutex_enter(&device_lock); 949 if (sn->sn_gone) { 950 if (error == 0) 951 error = EBADF; 952 } else if (error == 0) { 953 sd->sd_opened = true; 954 } else if (sd->sd_opencnt == 1 && sd->sd_opened) { 955 /* 956 * We're the last reference to a _previous_ open even 957 * though this one failed, so we have to close it. 958 * Don't decrement the reference count here -- 959 * spec_close will do that. 960 */ 961 KASSERT(sn->sn_opencnt == 1); 962 needclose = true; 963 } else { 964 KASSERT(sd->sd_opencnt); 965 KASSERT(sn->sn_opencnt); 966 sd->sd_opencnt--; 967 sn->sn_opencnt--; 968 if (vp->v_type == VBLK) 969 sd->sd_bdevvp = NULL; 970 } 971 mutex_exit(&device_lock); 972 973 /* 974 * If this open failed, but the device was previously opened, 975 * and another thread concurrently closed the vnode while we 976 * were in the middle of reopening it, the other thread will 977 * see sd_opencnt > 0 and thus decide not to call .d_close -- 978 * it is now our responsibility to do so. 979 * 980 * XXX The flags passed to VOP_CLOSE here are wrong, but 981 * drivers can't rely on FREAD|FWRITE anyway -- e.g., consider 982 * a device opened by thread 0 with O_READ, then opened by 983 * thread 1 with O_WRITE, then closed by thread 0, and finally 984 * closed by thread 1; the last .d_close call will have FWRITE 985 * but not FREAD. We should just eliminate the FREAD/FWRITE 986 * parameter to .d_close altogether. 987 */ 988 if (needclose) { 989 KASSERT(error); 990 VOP_CLOSE(vp, FNONBLOCK, NOCRED); 991 } 992 993 /* If anything went wrong, we're done. */ 994 if (error) 995 return error; 996 997 /* 998 * For disk devices, automagically set the vnode size to the 999 * partition size, if we can. This applies to block devices 1000 * and character devices alike -- every block device must have 1001 * a corresponding character device. And if the module is 1002 * loaded it will remain loaded until we're done here (it is 1003 * forbidden to devsw_detach until closed). So it is safe to 1004 * query cdev_type unconditionally here. 1005 */ 1006 if (cdev_type(dev) == D_DISK) { 1007 ioctl = vp->v_type == VCHR ? cdev_ioctl : bdev_ioctl; 1008 if ((*ioctl)(dev, DIOCGPARTINFO, &pi, FREAD, curlwp) == 0) 1009 uvm_vnp_setsize(vp, 1010 (voff_t)pi.pi_secsize * pi.pi_size); 1011 } 1012 1013 /* Success! */ 1014 return 0; 1015 } 1016 1017 /* 1018 * Vnode op for read 1019 */ 1020 /* ARGSUSED */ 1021 int 1022 spec_read(void *v) 1023 { 1024 struct vop_read_args /* { 1025 struct vnode *a_vp; 1026 struct uio *a_uio; 1027 int a_ioflag; 1028 kauth_cred_t a_cred; 1029 } */ *ap = v; 1030 struct vnode *vp = ap->a_vp; 1031 struct uio *uio = ap->a_uio; 1032 struct lwp *l = curlwp; 1033 struct specnode *sn; 1034 dev_t dev; 1035 struct buf *bp; 1036 daddr_t bn; 1037 int bsize, bscale; 1038 struct partinfo pi; 1039 int n, on; 1040 int error = 0; 1041 int i, nra; 1042 daddr_t lastbn, *rablks; 1043 int *rasizes; 1044 int nrablks, ratogo; 1045 1046 KASSERT(uio->uio_rw == UIO_READ); 1047 KASSERTMSG(VMSPACE_IS_KERNEL_P(uio->uio_vmspace) || 1048 uio->uio_vmspace == curproc->p_vmspace, 1049 "vmspace belongs to neither kernel nor curproc"); 1050 1051 if (uio->uio_resid == 0) 1052 return (0); 1053 1054 switch (vp->v_type) { 1055 1056 case VCHR: 1057 /* 1058 * Release the lock while we sleep -- possibly 1059 * indefinitely, if this is, e.g., a tty -- in 1060 * cdev_read, so we don't hold up everything else that 1061 * might want access to the vnode. 1062 * 1063 * But before we issue the read, take an I/O reference 1064 * to the specnode so close will know when we're done 1065 * reading. Note that the moment we release the lock, 1066 * the vnode's identity may change; hence spec_io_enter 1067 * may fail, and the caller may have a dead vnode on 1068 * their hands, if the file system on which vp lived 1069 * has been unmounted. 1070 */ 1071 VOP_UNLOCK(vp); 1072 error = spec_io_enter(vp, &sn, &dev); 1073 if (error) 1074 goto out; 1075 error = cdev_read(dev, uio, ap->a_ioflag); 1076 spec_io_exit(vp, sn); 1077 out: vn_lock(vp, LK_SHARED | LK_RETRY); 1078 return (error); 1079 1080 case VBLK: 1081 KASSERT(vp == vp->v_specnode->sn_dev->sd_bdevvp); 1082 if (uio->uio_offset < 0) 1083 return (EINVAL); 1084 1085 if (bdev_ioctl(vp->v_rdev, DIOCGPARTINFO, &pi, FREAD, l) == 0) 1086 bsize = imin(imax(pi.pi_bsize, DEV_BSIZE), MAXBSIZE); 1087 else 1088 bsize = BLKDEV_IOSIZE; 1089 1090 bscale = bsize >> DEV_BSHIFT; 1091 1092 nra = uimax(16 * MAXPHYS / bsize - 1, 511); 1093 rablks = kmem_alloc(nra * sizeof(*rablks), KM_SLEEP); 1094 rasizes = kmem_alloc(nra * sizeof(*rasizes), KM_SLEEP); 1095 lastbn = ((uio->uio_offset + uio->uio_resid - 1) >> DEV_BSHIFT) 1096 &~ (bscale - 1); 1097 nrablks = ratogo = 0; 1098 do { 1099 bn = (uio->uio_offset >> DEV_BSHIFT) &~ (bscale - 1); 1100 on = uio->uio_offset % bsize; 1101 n = uimin((unsigned)(bsize - on), uio->uio_resid); 1102 1103 if (ratogo == 0) { 1104 nrablks = uimin((lastbn - bn) / bscale, nra); 1105 ratogo = nrablks; 1106 1107 for (i = 0; i < nrablks; ++i) { 1108 rablks[i] = bn + (i+1) * bscale; 1109 rasizes[i] = bsize; 1110 } 1111 1112 error = breadn(vp, bn, bsize, 1113 rablks, rasizes, nrablks, 1114 0, &bp); 1115 } else { 1116 if (ratogo > 0) 1117 --ratogo; 1118 error = bread(vp, bn, bsize, 0, &bp); 1119 } 1120 if (error) 1121 break; 1122 n = uimin(n, bsize - bp->b_resid); 1123 error = uiomove((char *)bp->b_data + on, n, uio); 1124 brelse(bp, 0); 1125 } while (error == 0 && uio->uio_resid > 0 && n != 0); 1126 1127 kmem_free(rablks, nra * sizeof(*rablks)); 1128 kmem_free(rasizes, nra * sizeof(*rasizes)); 1129 1130 return (error); 1131 1132 default: 1133 panic("spec_read type"); 1134 } 1135 /* NOTREACHED */ 1136 } 1137 1138 /* 1139 * Vnode op for write 1140 */ 1141 /* ARGSUSED */ 1142 int 1143 spec_write(void *v) 1144 { 1145 struct vop_write_args /* { 1146 struct vnode *a_vp; 1147 struct uio *a_uio; 1148 int a_ioflag; 1149 kauth_cred_t a_cred; 1150 } */ *ap = v; 1151 struct vnode *vp = ap->a_vp; 1152 struct uio *uio = ap->a_uio; 1153 struct lwp *l = curlwp; 1154 struct specnode *sn; 1155 dev_t dev; 1156 struct buf *bp; 1157 daddr_t bn; 1158 int bsize, bscale; 1159 struct partinfo pi; 1160 int n, on; 1161 int error = 0; 1162 1163 KASSERT(uio->uio_rw == UIO_WRITE); 1164 KASSERTMSG(VMSPACE_IS_KERNEL_P(uio->uio_vmspace) || 1165 uio->uio_vmspace == curproc->p_vmspace, 1166 "vmspace belongs to neither kernel nor curproc"); 1167 1168 switch (vp->v_type) { 1169 1170 case VCHR: 1171 /* 1172 * Release the lock while we sleep -- possibly 1173 * indefinitely, if this is, e.g., a tty -- in 1174 * cdev_write, so we don't hold up everything else that 1175 * might want access to the vnode. 1176 * 1177 * But before we issue the write, take an I/O reference 1178 * to the specnode so close will know when we're done 1179 * writing. Note that the moment we release the lock, 1180 * the vnode's identity may change; hence spec_io_enter 1181 * may fail, and the caller may have a dead vnode on 1182 * their hands, if the file system on which vp lived 1183 * has been unmounted. 1184 */ 1185 VOP_UNLOCK(vp); 1186 error = spec_io_enter(vp, &sn, &dev); 1187 if (error) 1188 goto out; 1189 error = cdev_write(dev, uio, ap->a_ioflag); 1190 spec_io_exit(vp, sn); 1191 out: vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 1192 return (error); 1193 1194 case VBLK: 1195 KASSERT(vp == vp->v_specnode->sn_dev->sd_bdevvp); 1196 if (uio->uio_resid == 0) 1197 return (0); 1198 if (uio->uio_offset < 0) 1199 return (EINVAL); 1200 1201 if (bdev_ioctl(vp->v_rdev, DIOCGPARTINFO, &pi, FREAD, l) == 0) 1202 bsize = imin(imax(pi.pi_bsize, DEV_BSIZE), MAXBSIZE); 1203 else 1204 bsize = BLKDEV_IOSIZE; 1205 1206 bscale = bsize >> DEV_BSHIFT; 1207 do { 1208 bn = (uio->uio_offset >> DEV_BSHIFT) &~ (bscale - 1); 1209 on = uio->uio_offset % bsize; 1210 n = uimin((unsigned)(bsize - on), uio->uio_resid); 1211 if (n == bsize) 1212 bp = getblk(vp, bn, bsize, 0, 0); 1213 else 1214 error = bread(vp, bn, bsize, B_MODIFY, &bp); 1215 if (error) { 1216 return (error); 1217 } 1218 n = uimin(n, bsize - bp->b_resid); 1219 error = uiomove((char *)bp->b_data + on, n, uio); 1220 if (error) 1221 brelse(bp, 0); 1222 else { 1223 if (n + on == bsize) 1224 bawrite(bp); 1225 else 1226 bdwrite(bp); 1227 error = bp->b_error; 1228 } 1229 } while (error == 0 && uio->uio_resid > 0 && n != 0); 1230 return (error); 1231 1232 default: 1233 panic("spec_write type"); 1234 } 1235 /* NOTREACHED */ 1236 } 1237 1238 /* 1239 * fdiscard, which on disk devices becomes TRIM. 1240 */ 1241 int 1242 spec_fdiscard(void *v) 1243 { 1244 struct vop_fdiscard_args /* { 1245 struct vnode *a_vp; 1246 off_t a_pos; 1247 off_t a_len; 1248 } */ *ap = v; 1249 struct vnode *vp = ap->a_vp; 1250 dev_t dev; 1251 1252 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 1253 1254 dev = vp->v_rdev; 1255 1256 switch (vp->v_type) { 1257 case VCHR: 1258 // this is not stored for character devices 1259 //KASSERT(vp == vp->v_specnode->sn_dev->sd_cdevvp); 1260 return cdev_discard(dev, ap->a_pos, ap->a_len); 1261 case VBLK: 1262 KASSERT(vp == vp->v_specnode->sn_dev->sd_bdevvp); 1263 return bdev_discard(dev, ap->a_pos, ap->a_len); 1264 default: 1265 panic("spec_fdiscard: not a device\n"); 1266 } 1267 } 1268 1269 /* 1270 * Device ioctl operation. 1271 */ 1272 /* ARGSUSED */ 1273 int 1274 spec_ioctl(void *v) 1275 { 1276 struct vop_ioctl_args /* { 1277 struct vnode *a_vp; 1278 u_long a_command; 1279 void *a_data; 1280 int a_fflag; 1281 kauth_cred_t a_cred; 1282 } */ *ap = v; 1283 struct vnode *vp = ap->a_vp; 1284 struct specnode *sn; 1285 dev_t dev; 1286 int error; 1287 1288 error = spec_io_enter(vp, &sn, &dev); 1289 if (error) 1290 return error; 1291 1292 switch (vp->v_type) { 1293 case VCHR: 1294 error = cdev_ioctl(dev, ap->a_command, ap->a_data, 1295 ap->a_fflag, curlwp); 1296 break; 1297 case VBLK: 1298 KASSERT(vp == vp->v_specnode->sn_dev->sd_bdevvp); 1299 error = bdev_ioctl(dev, ap->a_command, ap->a_data, 1300 ap->a_fflag, curlwp); 1301 break; 1302 default: 1303 panic("spec_ioctl"); 1304 /* NOTREACHED */ 1305 } 1306 1307 spec_io_exit(vp, sn); 1308 return error; 1309 } 1310 1311 /* ARGSUSED */ 1312 int 1313 spec_poll(void *v) 1314 { 1315 struct vop_poll_args /* { 1316 struct vnode *a_vp; 1317 int a_events; 1318 } */ *ap = v; 1319 struct vnode *vp = ap->a_vp; 1320 struct specnode *sn; 1321 dev_t dev; 1322 int revents; 1323 1324 if (spec_io_enter(vp, &sn, &dev) != 0) 1325 return POLLERR; 1326 1327 switch (vp->v_type) { 1328 case VCHR: 1329 revents = cdev_poll(dev, ap->a_events, curlwp); 1330 break; 1331 default: 1332 revents = genfs_poll(v); 1333 break; 1334 } 1335 1336 spec_io_exit(vp, sn); 1337 return revents; 1338 } 1339 1340 /* ARGSUSED */ 1341 int 1342 spec_kqfilter(void *v) 1343 { 1344 struct vop_kqfilter_args /* { 1345 struct vnode *a_vp; 1346 struct proc *a_kn; 1347 } */ *ap = v; 1348 struct vnode *vp = ap->a_vp; 1349 struct specnode *sn; 1350 dev_t dev; 1351 int error; 1352 1353 error = spec_io_enter(vp, &sn, &dev); 1354 if (error) 1355 return error; 1356 1357 switch (vp->v_type) { 1358 case VCHR: 1359 error = cdev_kqfilter(dev, ap->a_kn); 1360 break; 1361 default: 1362 /* 1363 * Block devices don't support kqfilter, and refuse it 1364 * for any other files (like those vflush()ed) too. 1365 */ 1366 error = EOPNOTSUPP; 1367 break; 1368 } 1369 1370 spec_io_exit(vp, sn); 1371 return error; 1372 } 1373 1374 /* 1375 * Allow mapping of only D_DISK. This is called only for VBLK. 1376 */ 1377 int 1378 spec_mmap(void *v) 1379 { 1380 struct vop_mmap_args /* { 1381 struct vnode *a_vp; 1382 vm_prot_t a_prot; 1383 kauth_cred_t a_cred; 1384 } */ *ap = v; 1385 struct vnode *vp = ap->a_vp; 1386 struct specnode *sn; 1387 dev_t dev; 1388 int error; 1389 1390 KASSERT(vp->v_type == VBLK); 1391 1392 error = spec_io_enter(vp, &sn, &dev); 1393 if (error) 1394 return error; 1395 1396 error = bdev_type(dev) == D_DISK ? 0 : EINVAL; 1397 1398 spec_io_exit(vp, sn); 1399 return 0; 1400 } 1401 1402 /* 1403 * Synch buffers associated with a block device 1404 */ 1405 /* ARGSUSED */ 1406 int 1407 spec_fsync(void *v) 1408 { 1409 struct vop_fsync_args /* { 1410 struct vnode *a_vp; 1411 kauth_cred_t a_cred; 1412 int a_flags; 1413 off_t offlo; 1414 off_t offhi; 1415 } */ *ap = v; 1416 struct vnode *vp = ap->a_vp; 1417 struct mount *mp; 1418 int error; 1419 1420 if (vp->v_type == VBLK) { 1421 if ((mp = spec_node_getmountedfs(vp)) != NULL) { 1422 error = VFS_FSYNC(mp, vp, ap->a_flags); 1423 if (error != EOPNOTSUPP) 1424 return error; 1425 } 1426 return vflushbuf(vp, ap->a_flags); 1427 } 1428 return (0); 1429 } 1430 1431 /* 1432 * Just call the device strategy routine 1433 */ 1434 int 1435 spec_strategy(void *v) 1436 { 1437 struct vop_strategy_args /* { 1438 struct vnode *a_vp; 1439 struct buf *a_bp; 1440 } */ *ap = v; 1441 struct vnode *vp = ap->a_vp; 1442 struct buf *bp = ap->a_bp; 1443 struct specnode *sn = NULL; 1444 dev_t dev; 1445 int error; 1446 1447 error = spec_io_enter(vp, &sn, &dev); 1448 if (error) 1449 goto out; 1450 1451 bp->b_dev = dev; 1452 1453 if (!(bp->b_flags & B_READ)) { 1454 #ifdef DIAGNOSTIC 1455 if (bp->b_vp && bp->b_vp->v_type == VBLK) { 1456 struct mount *mp = spec_node_getmountedfs(bp->b_vp); 1457 1458 if (mp && (mp->mnt_flag & MNT_RDONLY)) { 1459 printf("%s blk %"PRId64" written while ro!\n", 1460 mp->mnt_stat.f_mntonname, bp->b_blkno); 1461 } 1462 } 1463 #endif /* DIAGNOSTIC */ 1464 error = fscow_run(bp, false); 1465 if (error) 1466 goto out; 1467 } 1468 bdev_strategy(bp); 1469 1470 error = 0; 1471 1472 out: if (sn) 1473 spec_io_exit(vp, sn); 1474 if (error) { 1475 bp->b_error = error; 1476 bp->b_resid = bp->b_bcount; 1477 biodone(bp); 1478 } 1479 return error; 1480 } 1481 1482 int 1483 spec_inactive(void *v) 1484 { 1485 struct vop_inactive_v2_args /* { 1486 struct vnode *a_vp; 1487 struct bool *a_recycle; 1488 } */ *ap = v; 1489 1490 KASSERT(ap->a_vp->v_mount == dead_rootmount); 1491 *ap->a_recycle = true; 1492 1493 return 0; 1494 } 1495 1496 int 1497 spec_reclaim(void *v) 1498 { 1499 struct vop_reclaim_v2_args /* { 1500 struct vnode *a_vp; 1501 } */ *ap = v; 1502 struct vnode *vp = ap->a_vp; 1503 1504 KASSERT(vp->v_specnode->sn_opencnt == 0); 1505 1506 VOP_UNLOCK(vp); 1507 1508 KASSERT(vp->v_mount == dead_rootmount); 1509 return 0; 1510 } 1511 1512 /* 1513 * This is a noop, simply returning what one has been given. 1514 */ 1515 int 1516 spec_bmap(void *v) 1517 { 1518 struct vop_bmap_args /* { 1519 struct vnode *a_vp; 1520 daddr_t a_bn; 1521 struct vnode **a_vpp; 1522 daddr_t *a_bnp; 1523 int *a_runp; 1524 } */ *ap = v; 1525 1526 if (ap->a_vpp != NULL) 1527 *ap->a_vpp = ap->a_vp; 1528 if (ap->a_bnp != NULL) 1529 *ap->a_bnp = ap->a_bn; 1530 if (ap->a_runp != NULL) 1531 *ap->a_runp = (MAXBSIZE >> DEV_BSHIFT) - 1; 1532 return (0); 1533 } 1534 1535 /* 1536 * Device close routine 1537 */ 1538 /* ARGSUSED */ 1539 int 1540 spec_close(void *v) 1541 { 1542 struct vop_close_args /* { 1543 struct vnode *a_vp; 1544 int a_fflag; 1545 kauth_cred_t a_cred; 1546 } */ *ap = v; 1547 struct vnode *vp = ap->a_vp; 1548 struct session *sess; 1549 dev_t dev; 1550 int flags = ap->a_fflag; 1551 int mode, error, count; 1552 specnode_t *sn; 1553 specdev_t *sd; 1554 1555 KASSERT(VOP_ISLOCKED(vp) == LK_EXCLUSIVE); 1556 1557 mutex_enter(vp->v_interlock); 1558 sn = vp->v_specnode; 1559 dev = vp->v_rdev; 1560 sd = sn->sn_dev; 1561 /* 1562 * If we're going away soon, make this non-blocking. 1563 * Also ensures that we won't wedge in vn_lock below. 1564 */ 1565 if (vdead_check(vp, VDEAD_NOWAIT) != 0) 1566 flags |= FNONBLOCK; 1567 mutex_exit(vp->v_interlock); 1568 1569 switch (vp->v_type) { 1570 1571 case VCHR: 1572 /* 1573 * Hack: a tty device that is a controlling terminal 1574 * has a reference from the session structure. We 1575 * cannot easily tell that a character device is a 1576 * controlling terminal, unless it is the closing 1577 * process' controlling terminal. In that case, if the 1578 * open count is 1 release the reference from the 1579 * session. Also, remove the link from the tty back to 1580 * the session and pgrp. 1581 * 1582 * XXX V. fishy. 1583 */ 1584 mutex_enter(&proc_lock); 1585 sess = curlwp->l_proc->p_session; 1586 if (sn->sn_opencnt == 1 && vp == sess->s_ttyvp) { 1587 mutex_spin_enter(&tty_lock); 1588 sess->s_ttyvp = NULL; 1589 if (sess->s_ttyp->t_session != NULL) { 1590 sess->s_ttyp->t_pgrp = NULL; 1591 sess->s_ttyp->t_session = NULL; 1592 mutex_spin_exit(&tty_lock); 1593 /* Releases proc_lock. */ 1594 proc_sessrele(sess); 1595 } else { 1596 mutex_spin_exit(&tty_lock); 1597 if (sess->s_ttyp->t_pgrp != NULL) 1598 panic("spec_close: spurious pgrp ref"); 1599 mutex_exit(&proc_lock); 1600 } 1601 vrele(vp); 1602 } else 1603 mutex_exit(&proc_lock); 1604 1605 /* 1606 * If the vnode is locked, then we are in the midst 1607 * of forcably closing the device, otherwise we only 1608 * close on last reference. 1609 */ 1610 mode = S_IFCHR; 1611 break; 1612 1613 case VBLK: 1614 KASSERT(vp == vp->v_specnode->sn_dev->sd_bdevvp); 1615 /* 1616 * On last close of a block device (that isn't mounted) 1617 * we must invalidate any in core blocks, so that 1618 * we can, for instance, change floppy disks. 1619 */ 1620 error = vinvalbuf(vp, V_SAVE, ap->a_cred, curlwp, 0, 0); 1621 if (error) 1622 return (error); 1623 /* 1624 * We do not want to really close the device if it 1625 * is still in use unless we are trying to close it 1626 * forcibly. Since every use (buffer, vnode, swap, cmap) 1627 * holds a reference to the vnode, and because we mark 1628 * any other vnodes that alias this device, when the 1629 * sum of the reference counts on all the aliased 1630 * vnodes descends to one, we are on last close. 1631 */ 1632 mode = S_IFBLK; 1633 break; 1634 1635 default: 1636 panic("spec_close: not special"); 1637 } 1638 1639 /* 1640 * Decrement the open reference count of this node and the 1641 * device. For block devices, the open reference count must be 1642 * 1 at this point. If the device's open reference count goes 1643 * to zero, we're the last one out so get the lights. 1644 * 1645 * We may find --sd->sd_opencnt gives zero, and yet 1646 * sd->sd_opened is false. This happens if the vnode is 1647 * revoked at the same time as it is being opened, which can 1648 * happen when opening a tty blocks indefinitely. In that 1649 * case, we still must call close -- it is the job of close to 1650 * interrupt the open. Either way, the device will be no 1651 * longer opened, so we have to clear sd->sd_opened; subsequent 1652 * opens will have responsibility for issuing close. 1653 * 1654 * This has the side effect that the sequence of opens might 1655 * happen out of order -- we might end up doing open, open, 1656 * close, close, instead of open, close, open, close. This is 1657 * unavoidable with the current devsw API, where open is 1658 * allowed to block and close must be able to run concurrently 1659 * to interrupt it. It is the driver's responsibility to 1660 * ensure that close is idempotent so that this works. Drivers 1661 * requiring per-open state and exact 1:1 correspondence 1662 * between open and close can use fd_clone. 1663 */ 1664 mutex_enter(&device_lock); 1665 KASSERT(sn->sn_opencnt); 1666 KASSERT(sd->sd_opencnt); 1667 sn->sn_opencnt--; 1668 count = --sd->sd_opencnt; 1669 if (vp->v_type == VBLK) { 1670 KASSERTMSG(count == 0, "block device with %u opens", 1671 count + 1); 1672 sd->sd_bdevvp = NULL; 1673 } 1674 if (count == 0) { 1675 sd->sd_opened = false; 1676 sd->sd_closing = true; 1677 } 1678 mutex_exit(&device_lock); 1679 1680 if (count != 0) 1681 return 0; 1682 1683 /* 1684 * If we're able to block, release the vnode lock & reacquire. We 1685 * might end up sleeping for someone else who wants our queues. They 1686 * won't get them if we hold the vnode locked. 1687 */ 1688 if (!(flags & FNONBLOCK)) 1689 VOP_UNLOCK(vp); 1690 1691 /* 1692 * If we can cancel all outstanding I/O, then wait for it to 1693 * drain before we call .d_close. Drivers that split up 1694 * .d_cancel and .d_close this way need not have any internal 1695 * mechanism for waiting in .d_close for I/O to drain. 1696 */ 1697 if (vp->v_type == VBLK) 1698 error = bdev_cancel(dev, flags, mode, curlwp); 1699 else 1700 error = cdev_cancel(dev, flags, mode, curlwp); 1701 if (error == 0) 1702 spec_io_drain(sd); 1703 else 1704 KASSERTMSG(error == ENODEV, "cancel dev=0x%lx failed with %d", 1705 (unsigned long)dev, error); 1706 1707 if (vp->v_type == VBLK) 1708 error = bdev_close(dev, flags, mode, curlwp); 1709 else 1710 error = cdev_close(dev, flags, mode, curlwp); 1711 1712 /* 1713 * Wait for all other devsw operations to drain. After this 1714 * point, no bdev/cdev_* can be active for this specdev. 1715 */ 1716 spec_io_drain(sd); 1717 1718 /* 1719 * Wake any spec_open calls waiting for close to finish -- do 1720 * this before reacquiring the vnode lock, because spec_open 1721 * holds the vnode lock while waiting, so doing this after 1722 * reacquiring the lock would deadlock. 1723 */ 1724 mutex_enter(&device_lock); 1725 KASSERT(sd->sd_closing); 1726 sd->sd_closing = false; 1727 cv_broadcast(&specfs_iocv); 1728 mutex_exit(&device_lock); 1729 1730 if (!(flags & FNONBLOCK)) 1731 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY); 1732 1733 return (error); 1734 } 1735 1736 /* 1737 * Print out the contents of a special device vnode. 1738 */ 1739 int 1740 spec_print(void *v) 1741 { 1742 struct vop_print_args /* { 1743 struct vnode *a_vp; 1744 } */ *ap = v; 1745 1746 printf("dev %llu, %llu\n", (unsigned long long)major(ap->a_vp->v_rdev), 1747 (unsigned long long)minor(ap->a_vp->v_rdev)); 1748 return 0; 1749 } 1750 1751 /* 1752 * Return POSIX pathconf information applicable to special devices. 1753 */ 1754 int 1755 spec_pathconf(void *v) 1756 { 1757 struct vop_pathconf_args /* { 1758 struct vnode *a_vp; 1759 int a_name; 1760 register_t *a_retval; 1761 } */ *ap = v; 1762 1763 switch (ap->a_name) { 1764 case _PC_LINK_MAX: 1765 *ap->a_retval = LINK_MAX; 1766 return (0); 1767 case _PC_MAX_CANON: 1768 *ap->a_retval = MAX_CANON; 1769 return (0); 1770 case _PC_MAX_INPUT: 1771 *ap->a_retval = MAX_INPUT; 1772 return (0); 1773 case _PC_PIPE_BUF: 1774 *ap->a_retval = PIPE_BUF; 1775 return (0); 1776 case _PC_CHOWN_RESTRICTED: 1777 *ap->a_retval = 1; 1778 return (0); 1779 case _PC_VDISABLE: 1780 *ap->a_retval = _POSIX_VDISABLE; 1781 return (0); 1782 case _PC_SYNC_IO: 1783 *ap->a_retval = 1; 1784 return (0); 1785 default: 1786 return genfs_pathconf(ap); 1787 } 1788 /* NOTREACHED */ 1789 } 1790 1791 /* 1792 * Advisory record locking support. 1793 */ 1794 int 1795 spec_advlock(void *v) 1796 { 1797 struct vop_advlock_args /* { 1798 struct vnode *a_vp; 1799 void *a_id; 1800 int a_op; 1801 struct flock *a_fl; 1802 int a_flags; 1803 } */ *ap = v; 1804 struct vnode *vp = ap->a_vp; 1805 1806 return lf_advlock(ap, &vp->v_speclockf, (off_t)0); 1807 } 1808