xref: /freebsd/sys/dev/md/md.c (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1 /*-
2  * SPDX-License-Identifier: (Beerware AND BSD-3-Clause)
3  *
4  * ----------------------------------------------------------------------------
5  * "THE BEER-WARE LICENSE" (Revision 42):
6  * <phk@FreeBSD.ORG> wrote this file.  As long as you retain this notice you
7  * can do whatever you want with this stuff. If we meet some day, and you think
8  * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
9  * ----------------------------------------------------------------------------
10  *
11  */
12 
13 /*-
14  * The following functions are based on the vn(4) driver: mdstart_swap(),
15  * mdstart_vnode(), mdcreate_swap(), mdcreate_vnode() and mddestroy(),
16  * and as such under the following copyright:
17  *
18  * Copyright (c) 1988 University of Utah.
19  * Copyright (c) 1990, 1993
20  *	The Regents of the University of California.  All rights reserved.
21  * Copyright (c) 2013 The FreeBSD Foundation
22  * All rights reserved.
23  *
24  * This code is derived from software contributed to Berkeley by
25  * the Systems Programming Group of the University of Utah Computer
26  * Science Department.
27  *
28  * Portions of this software were developed by Konstantin Belousov
29  * under sponsorship from the FreeBSD Foundation.
30  *
31  * Redistribution and use in source and binary forms, with or without
32  * modification, are permitted provided that the following conditions
33  * are met:
34  * 1. Redistributions of source code must retain the above copyright
35  *    notice, this list of conditions and the following disclaimer.
36  * 2. Redistributions in binary form must reproduce the above copyright
37  *    notice, this list of conditions and the following disclaimer in the
38  *    documentation and/or other materials provided with the distribution.
39  * 3. Neither the name of the University nor the names of its contributors
40  *    may be used to endorse or promote products derived from this software
41  *    without specific prior written permission.
42  *
43  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
44  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
47  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53  * SUCH DAMAGE.
54  *
55  * from: Utah Hdr: vn.c 1.13 94/04/02
56  * From: src/sys/dev/vn/vn.c,v 1.122 2000/12/16 16:06:03
57  */
58 
59 #include "opt_rootdevname.h"
60 #include "opt_geom.h"
61 #include "opt_md.h"
62 
63 #include <sys/param.h>
64 #include <sys/systm.h>
65 #include <sys/bio.h>
66 #include <sys/buf.h>
67 #include <sys/conf.h>
68 #include <sys/devicestat.h>
69 #include <sys/fcntl.h>
70 #include <sys/kernel.h>
71 #include <sys/kthread.h>
72 #include <sys/limits.h>
73 #include <sys/linker.h>
74 #include <sys/lock.h>
75 #include <sys/malloc.h>
76 #include <sys/mdioctl.h>
77 #include <sys/mount.h>
78 #include <sys/mutex.h>
79 #include <sys/sx.h>
80 #include <sys/namei.h>
81 #include <sys/proc.h>
82 #include <sys/queue.h>
83 #include <sys/rwlock.h>
84 #include <sys/sbuf.h>
85 #include <sys/sched.h>
86 #include <sys/sf_buf.h>
87 #include <sys/sysctl.h>
88 #include <sys/uio.h>
89 #include <sys/unistd.h>
90 #include <sys/vnode.h>
91 #include <sys/disk.h>
92 
93 #include <geom/geom.h>
94 #include <geom/geom_int.h>
95 
96 #include <vm/vm.h>
97 #include <vm/vm_extern.h>
98 #include <vm/vm_param.h>
99 #include <vm/vm_object.h>
100 #include <vm/vm_page.h>
101 #include <vm/vm_pager.h>
102 #include <vm/swap_pager.h>
103 #include <vm/uma.h>
104 
105 #include <machine/bus.h>
106 
107 #define MD_MODVER 1
108 
109 #define MD_SHUTDOWN	0x10000		/* Tell worker thread to terminate. */
110 #define	MD_EXITING	0x20000		/* Worker thread is exiting. */
111 #define MD_PROVIDERGONE	0x40000		/* Safe to free the softc */
112 
113 #ifndef MD_NSECT
114 #define MD_NSECT (10000 * 2)
115 #endif
116 
117 struct md_req {
118 	unsigned	md_unit;	/* unit number */
119 	enum md_types	md_type;	/* type of disk */
120 	off_t		md_mediasize;	/* size of disk in bytes */
121 	unsigned	md_sectorsize;	/* sectorsize */
122 	unsigned	md_options;	/* options */
123 	int		md_fwheads;	/* firmware heads */
124 	int		md_fwsectors;	/* firmware sectors */
125 	char		*md_file;	/* pathname of file to mount */
126 	enum uio_seg	md_file_seg;	/* location of md_file */
127 	char		*md_label;	/* label of the device (userspace) */
128 	int		*md_units;	/* pointer to units array (kernel) */
129 	size_t		md_units_nitems; /* items in md_units array */
130 };
131 
132 #ifdef COMPAT_FREEBSD32
133 struct md_ioctl32 {
134 	unsigned	md_version;
135 	unsigned	md_unit;
136 	enum md_types	md_type;
137 	uint32_t	md_file;
138 	off_t		md_mediasize;
139 	unsigned	md_sectorsize;
140 	unsigned	md_options;
141 	uint64_t	md_base;
142 	int		md_fwheads;
143 	int		md_fwsectors;
144 	uint32_t	md_label;
145 	int		md_pad[MDNPAD];
146 }
147 #ifdef __amd64__
148 __attribute__((__packed__))
149 #endif
150 ;
151 #ifndef __amd64__
152 CTASSERT((sizeof(struct md_ioctl32)) == 440);
153 #else
154 CTASSERT((sizeof(struct md_ioctl32)) == 436);
155 #endif
156 
157 #define	MDIOCATTACH_32	_IOC_NEWTYPE(MDIOCATTACH, struct md_ioctl32)
158 #define	MDIOCDETACH_32	_IOC_NEWTYPE(MDIOCDETACH, struct md_ioctl32)
159 #define	MDIOCQUERY_32	_IOC_NEWTYPE(MDIOCQUERY, struct md_ioctl32)
160 #define	MDIOCRESIZE_32	_IOC_NEWTYPE(MDIOCRESIZE, struct md_ioctl32)
161 #endif /* COMPAT_FREEBSD32 */
162 
163 static MALLOC_DEFINE(M_MD, "md_disk", "Memory Disk");
164 static MALLOC_DEFINE(M_MDSECT, "md_sectors", "Memory Disk Sectors");
165 
166 static int md_debug;
167 SYSCTL_INT(_debug, OID_AUTO, mddebug, CTLFLAG_RW, &md_debug, 0,
168     "Enable md(4) debug messages");
169 static int md_malloc_wait;
170 SYSCTL_INT(_vm, OID_AUTO, md_malloc_wait, CTLFLAG_RW, &md_malloc_wait, 0,
171     "Allow malloc to wait for memory allocations");
172 
173 #if defined(MD_ROOT) && !defined(MD_ROOT_FSTYPE)
174 #define	MD_ROOT_FSTYPE	"ufs"
175 #endif
176 
177 #if defined(MD_ROOT)
178 /*
179  * Preloaded image gets put here.
180  */
181 #if defined(MD_ROOT_SIZE)
182 /*
183  * We put the mfs_root symbol into the oldmfs section of the kernel object file.
184  * Applications that patch the object with the image can determine
185  * the size looking at the oldmfs section size within the kernel.
186  */
187 u_char mfs_root[MD_ROOT_SIZE*1024] __attribute__ ((section ("oldmfs")));
188 const int mfs_root_size = sizeof(mfs_root);
189 #elif defined(MD_ROOT_MEM)
190 /* MD region already mapped in the memory */
191 u_char *mfs_root;
192 int mfs_root_size;
193 #else
194 extern volatile u_char __weak_symbol mfs_root;
195 extern volatile u_char __weak_symbol mfs_root_end;
196 #define mfs_root_size ((uintptr_t)(&mfs_root_end - &mfs_root))
197 #endif
198 #endif
199 
200 static g_init_t g_md_init;
201 static g_fini_t g_md_fini;
202 static g_start_t g_md_start;
203 static g_access_t g_md_access;
204 static void g_md_dumpconf(struct sbuf *sb, const char *indent,
205     struct g_geom *gp, struct g_consumer *cp __unused, struct g_provider *pp);
206 static g_provgone_t g_md_providergone;
207 
208 static struct cdev *status_dev = NULL;
209 static struct sx md_sx;
210 static struct unrhdr *md_uh;
211 
212 static d_ioctl_t mdctlioctl;
213 
214 static struct cdevsw mdctl_cdevsw = {
215 	.d_version =	D_VERSION,
216 	.d_ioctl =	mdctlioctl,
217 	.d_name =	MD_NAME,
218 };
219 
220 struct g_class g_md_class = {
221 	.name = "MD",
222 	.version = G_VERSION,
223 	.init = g_md_init,
224 	.fini = g_md_fini,
225 	.start = g_md_start,
226 	.access = g_md_access,
227 	.dumpconf = g_md_dumpconf,
228 	.providergone = g_md_providergone,
229 };
230 
231 DECLARE_GEOM_CLASS(g_md_class, g_md);
232 MODULE_VERSION(geom_md, 0);
233 
234 static LIST_HEAD(, md_s) md_softc_list = LIST_HEAD_INITIALIZER(md_softc_list);
235 
236 #define NINDIR	(PAGE_SIZE / sizeof(uintptr_t))
237 #define NMASK	(NINDIR-1)
238 static int nshift;
239 
240 struct indir {
241 	uintptr_t	*array;
242 	u_int		total;
243 	u_int		used;
244 	u_int		shift;
245 };
246 
247 struct md_s {
248 	int unit;
249 	LIST_ENTRY(md_s) list;
250 	struct bio_queue_head bio_queue;
251 	struct mtx queue_mtx;
252 	struct cdev *dev;
253 	enum md_types type;
254 	off_t mediasize;
255 	unsigned sectorsize;
256 	unsigned opencount;
257 	unsigned fwheads;
258 	unsigned fwsectors;
259 	char ident[32];
260 	unsigned flags;
261 	char name[20];
262 	struct proc *procp;
263 	struct g_geom *gp;
264 	struct g_provider *pp;
265 	int (*start)(struct md_s *sc, struct bio *bp);
266 	struct devstat *devstat;
267 	bool candelete;
268 
269 	/* MD_MALLOC related fields */
270 	struct indir *indir;
271 	uma_zone_t uma;
272 
273 	/* MD_PRELOAD related fields */
274 	u_char *pl_ptr;
275 	size_t pl_len;
276 
277 	/* MD_VNODE related fields */
278 	struct vnode *vnode;
279 	char file[PATH_MAX];
280 	char label[PATH_MAX];
281 	struct ucred *cred;
282 	vm_offset_t kva;
283 
284 	/* MD_SWAP related fields */
285 	vm_object_t object;
286 };
287 
288 static struct indir *
289 new_indir(u_int shift)
290 {
291 	struct indir *ip;
292 
293 	ip = malloc(sizeof *ip, M_MD, (md_malloc_wait ? M_WAITOK : M_NOWAIT)
294 	    | M_ZERO);
295 	if (ip == NULL)
296 		return (NULL);
297 	ip->array = malloc(sizeof(uintptr_t) * NINDIR,
298 	    M_MDSECT, (md_malloc_wait ? M_WAITOK : M_NOWAIT) | M_ZERO);
299 	if (ip->array == NULL) {
300 		free(ip, M_MD);
301 		return (NULL);
302 	}
303 	ip->total = NINDIR;
304 	ip->shift = shift;
305 	return (ip);
306 }
307 
308 static void
309 del_indir(struct indir *ip)
310 {
311 
312 	free(ip->array, M_MDSECT);
313 	free(ip, M_MD);
314 }
315 
316 static void
317 destroy_indir(struct md_s *sc, struct indir *ip)
318 {
319 	int i;
320 
321 	for (i = 0; i < NINDIR; i++) {
322 		if (!ip->array[i])
323 			continue;
324 		if (ip->shift)
325 			destroy_indir(sc, (struct indir*)(ip->array[i]));
326 		else if (ip->array[i] > 255)
327 			uma_zfree(sc->uma, (void *)(ip->array[i]));
328 	}
329 	del_indir(ip);
330 }
331 
332 /*
333  * This function does the math and allocates the top level "indir" structure
334  * for a device of "size" sectors.
335  */
336 
337 static struct indir *
338 dimension(off_t size)
339 {
340 	off_t rcnt;
341 	struct indir *ip;
342 	int layer;
343 
344 	rcnt = size;
345 	layer = 0;
346 	while (rcnt > NINDIR) {
347 		rcnt /= NINDIR;
348 		layer++;
349 	}
350 
351 	/*
352 	 * XXX: the top layer is probably not fully populated, so we allocate
353 	 * too much space for ip->array in here.
354 	 */
355 	ip = malloc(sizeof *ip, M_MD, M_WAITOK | M_ZERO);
356 	ip->array = malloc(sizeof(uintptr_t) * NINDIR,
357 	    M_MDSECT, M_WAITOK | M_ZERO);
358 	ip->total = NINDIR;
359 	ip->shift = layer * nshift;
360 	return (ip);
361 }
362 
363 /*
364  * Read a given sector
365  */
366 
367 static uintptr_t
368 s_read(struct indir *ip, off_t offset)
369 {
370 	struct indir *cip;
371 	int idx;
372 	uintptr_t up;
373 
374 	if (md_debug > 1)
375 		printf("s_read(%jd)\n", (intmax_t)offset);
376 	up = 0;
377 	for (cip = ip; cip != NULL;) {
378 		if (cip->shift) {
379 			idx = (offset >> cip->shift) & NMASK;
380 			up = cip->array[idx];
381 			cip = (struct indir *)up;
382 			continue;
383 		}
384 		idx = offset & NMASK;
385 		return (cip->array[idx]);
386 	}
387 	return (0);
388 }
389 
390 /*
391  * Write a given sector, prune the tree if the value is 0
392  */
393 
394 static int
395 s_write(struct indir *ip, off_t offset, uintptr_t ptr)
396 {
397 	struct indir *cip, *lip[10];
398 	int idx, li;
399 	uintptr_t up;
400 
401 	if (md_debug > 1)
402 		printf("s_write(%jd, %p)\n", (intmax_t)offset, (void *)ptr);
403 	up = 0;
404 	li = 0;
405 	cip = ip;
406 	for (;;) {
407 		lip[li++] = cip;
408 		if (cip->shift) {
409 			idx = (offset >> cip->shift) & NMASK;
410 			up = cip->array[idx];
411 			if (up != 0) {
412 				cip = (struct indir *)up;
413 				continue;
414 			}
415 			/* Allocate branch */
416 			cip->array[idx] =
417 			    (uintptr_t)new_indir(cip->shift - nshift);
418 			if (cip->array[idx] == 0)
419 				return (ENOSPC);
420 			cip->used++;
421 			up = cip->array[idx];
422 			cip = (struct indir *)up;
423 			continue;
424 		}
425 		/* leafnode */
426 		idx = offset & NMASK;
427 		up = cip->array[idx];
428 		if (up != 0)
429 			cip->used--;
430 		cip->array[idx] = ptr;
431 		if (ptr != 0)
432 			cip->used++;
433 		break;
434 	}
435 	if (cip->used != 0 || li == 1)
436 		return (0);
437 	li--;
438 	while (cip->used == 0 && cip != ip) {
439 		li--;
440 		idx = (offset >> lip[li]->shift) & NMASK;
441 		up = lip[li]->array[idx];
442 		KASSERT(up == (uintptr_t)cip, ("md screwed up"));
443 		del_indir(cip);
444 		lip[li]->array[idx] = 0;
445 		lip[li]->used--;
446 		cip = lip[li];
447 	}
448 	return (0);
449 }
450 
451 static int
452 g_md_access(struct g_provider *pp, int r, int w, int e)
453 {
454 	struct md_s *sc;
455 
456 	sc = pp->geom->softc;
457 	if (sc == NULL) {
458 		if (r <= 0 && w <= 0 && e <= 0)
459 			return (0);
460 		return (ENXIO);
461 	}
462 	r += pp->acr;
463 	w += pp->acw;
464 	e += pp->ace;
465 	if ((sc->flags & MD_READONLY) != 0 && w > 0)
466 		return (EROFS);
467 	if ((pp->acr + pp->acw + pp->ace) == 0 && (r + w + e) > 0) {
468 		sc->opencount = 1;
469 	} else if ((pp->acr + pp->acw + pp->ace) > 0 && (r + w + e) == 0) {
470 		sc->opencount = 0;
471 	}
472 	return (0);
473 }
474 
475 static void
476 g_md_start(struct bio *bp)
477 {
478 	struct md_s *sc;
479 
480 	sc = bp->bio_to->geom->softc;
481 	if ((bp->bio_cmd == BIO_READ) || (bp->bio_cmd == BIO_WRITE)) {
482 		devstat_start_transaction_bio(sc->devstat, bp);
483 	}
484 	mtx_lock(&sc->queue_mtx);
485 	bioq_disksort(&sc->bio_queue, bp);
486 	wakeup(sc);
487 	mtx_unlock(&sc->queue_mtx);
488 }
489 
490 #define	MD_MALLOC_MOVE_ZERO	1
491 #define	MD_MALLOC_MOVE_FILL	2
492 #define	MD_MALLOC_MOVE_READ	3
493 #define	MD_MALLOC_MOVE_WRITE	4
494 #define	MD_MALLOC_MOVE_CMP	5
495 
496 static int
497 md_malloc_move_ma(vm_page_t **mp, int *ma_offs, unsigned sectorsize,
498     void *ptr, u_char fill, int op)
499 {
500 	struct sf_buf *sf;
501 	vm_page_t m, *mp1;
502 	char *p, first;
503 	off_t *uc;
504 	unsigned n;
505 	int error, i, ma_offs1, sz, first_read;
506 
507 	m = NULL;
508 	error = 0;
509 	sf = NULL;
510 	/* if (op == MD_MALLOC_MOVE_CMP) { gcc */
511 		first = 0;
512 		first_read = 0;
513 		uc = ptr;
514 		mp1 = *mp;
515 		ma_offs1 = *ma_offs;
516 	/* } */
517 	sched_pin();
518 	for (n = sectorsize; n != 0; n -= sz) {
519 		sz = imin(PAGE_SIZE - *ma_offs, n);
520 		if (m != **mp) {
521 			if (sf != NULL)
522 				sf_buf_free(sf);
523 			m = **mp;
524 			sf = sf_buf_alloc(m, SFB_CPUPRIVATE |
525 			    (md_malloc_wait ? 0 : SFB_NOWAIT));
526 			if (sf == NULL) {
527 				error = ENOMEM;
528 				break;
529 			}
530 		}
531 		p = (char *)sf_buf_kva(sf) + *ma_offs;
532 		switch (op) {
533 		case MD_MALLOC_MOVE_ZERO:
534 			bzero(p, sz);
535 			break;
536 		case MD_MALLOC_MOVE_FILL:
537 			memset(p, fill, sz);
538 			break;
539 		case MD_MALLOC_MOVE_READ:
540 			bcopy(ptr, p, sz);
541 			cpu_flush_dcache(p, sz);
542 			break;
543 		case MD_MALLOC_MOVE_WRITE:
544 			bcopy(p, ptr, sz);
545 			break;
546 		case MD_MALLOC_MOVE_CMP:
547 			for (i = 0; i < sz; i++, p++) {
548 				if (!first_read) {
549 					*uc = (u_char)*p;
550 					first = *p;
551 					first_read = 1;
552 				} else if (*p != first) {
553 					error = EDOOFUS;
554 					break;
555 				}
556 			}
557 			break;
558 		default:
559 			KASSERT(0, ("md_malloc_move_ma unknown op %d\n", op));
560 			break;
561 		}
562 		if (error != 0)
563 			break;
564 		*ma_offs += sz;
565 		*ma_offs %= PAGE_SIZE;
566 		if (*ma_offs == 0)
567 			(*mp)++;
568 		ptr = (char *)ptr + sz;
569 	}
570 
571 	if (sf != NULL)
572 		sf_buf_free(sf);
573 	sched_unpin();
574 	if (op == MD_MALLOC_MOVE_CMP && error != 0) {
575 		*mp = mp1;
576 		*ma_offs = ma_offs1;
577 	}
578 	return (error);
579 }
580 
581 static int
582 md_malloc_move_vlist(bus_dma_segment_t **pvlist, int *pma_offs,
583     unsigned len, void *ptr, u_char fill, int op)
584 {
585 	bus_dma_segment_t *vlist;
586 	uint8_t *p, *end, first;
587 	off_t *uc;
588 	int ma_offs, seg_len;
589 
590 	vlist = *pvlist;
591 	ma_offs = *pma_offs;
592 	uc = ptr;
593 
594 	for (; len != 0; len -= seg_len) {
595 		seg_len = imin(vlist->ds_len - ma_offs, len);
596 		p = (uint8_t *)(uintptr_t)vlist->ds_addr + ma_offs;
597 		switch (op) {
598 		case MD_MALLOC_MOVE_ZERO:
599 			bzero(p, seg_len);
600 			break;
601 		case MD_MALLOC_MOVE_FILL:
602 			memset(p, fill, seg_len);
603 			break;
604 		case MD_MALLOC_MOVE_READ:
605 			bcopy(ptr, p, seg_len);
606 			cpu_flush_dcache(p, seg_len);
607 			break;
608 		case MD_MALLOC_MOVE_WRITE:
609 			bcopy(p, ptr, seg_len);
610 			break;
611 		case MD_MALLOC_MOVE_CMP:
612 			end = p + seg_len;
613 			first = *uc = *p;
614 			/* Confirm all following bytes match the first */
615 			while (++p < end) {
616 				if (*p != first)
617 					return (EDOOFUS);
618 			}
619 			break;
620 		default:
621 			KASSERT(0, ("md_malloc_move_vlist unknown op %d\n", op));
622 			break;
623 		}
624 
625 		ma_offs += seg_len;
626 		if (ma_offs == vlist->ds_len) {
627 			ma_offs = 0;
628 			vlist++;
629 		}
630 		ptr = (uint8_t *)ptr + seg_len;
631 	}
632 	*pvlist = vlist;
633 	*pma_offs = ma_offs;
634 
635 	return (0);
636 }
637 
638 static int
639 mdstart_malloc(struct md_s *sc, struct bio *bp)
640 {
641 	u_char *dst;
642 	vm_page_t *m;
643 	bus_dma_segment_t *vlist;
644 	int i, error, error1, ma_offs, notmapped;
645 	off_t secno, nsec, uc;
646 	uintptr_t sp, osp;
647 
648 	switch (bp->bio_cmd) {
649 	case BIO_READ:
650 	case BIO_WRITE:
651 	case BIO_DELETE:
652 		break;
653 	case BIO_FLUSH:
654 		return (0);
655 	default:
656 		return (EOPNOTSUPP);
657 	}
658 
659 	notmapped = (bp->bio_flags & BIO_UNMAPPED) != 0;
660 	vlist = (bp->bio_flags & BIO_VLIST) != 0 ?
661 	    (bus_dma_segment_t *)bp->bio_data : NULL;
662 	if (notmapped) {
663 		m = bp->bio_ma;
664 		ma_offs = bp->bio_ma_offset;
665 		dst = NULL;
666 		KASSERT(vlist == NULL, ("vlists cannot be unmapped"));
667 	} else if (vlist != NULL) {
668 		ma_offs = bp->bio_ma_offset;
669 		dst = NULL;
670 	} else {
671 		dst = bp->bio_data;
672 	}
673 
674 	nsec = bp->bio_length / sc->sectorsize;
675 	secno = bp->bio_offset / sc->sectorsize;
676 	error = 0;
677 	while (nsec--) {
678 		osp = s_read(sc->indir, secno);
679 		if (bp->bio_cmd == BIO_DELETE) {
680 			if (osp != 0)
681 				error = s_write(sc->indir, secno, 0);
682 		} else if (bp->bio_cmd == BIO_READ) {
683 			if (osp == 0) {
684 				if (notmapped) {
685 					error = md_malloc_move_ma(&m, &ma_offs,
686 					    sc->sectorsize, NULL, 0,
687 					    MD_MALLOC_MOVE_ZERO);
688 				} else if (vlist != NULL) {
689 					error = md_malloc_move_vlist(&vlist,
690 					    &ma_offs, sc->sectorsize, NULL, 0,
691 					    MD_MALLOC_MOVE_ZERO);
692 				} else
693 					bzero(dst, sc->sectorsize);
694 			} else if (osp <= 255) {
695 				if (notmapped) {
696 					error = md_malloc_move_ma(&m, &ma_offs,
697 					    sc->sectorsize, NULL, osp,
698 					    MD_MALLOC_MOVE_FILL);
699 				} else if (vlist != NULL) {
700 					error = md_malloc_move_vlist(&vlist,
701 					    &ma_offs, sc->sectorsize, NULL, osp,
702 					    MD_MALLOC_MOVE_FILL);
703 				} else
704 					memset(dst, osp, sc->sectorsize);
705 			} else {
706 				if (notmapped) {
707 					error = md_malloc_move_ma(&m, &ma_offs,
708 					    sc->sectorsize, (void *)osp, 0,
709 					    MD_MALLOC_MOVE_READ);
710 				} else if (vlist != NULL) {
711 					error = md_malloc_move_vlist(&vlist,
712 					    &ma_offs, sc->sectorsize,
713 					    (void *)osp, 0,
714 					    MD_MALLOC_MOVE_READ);
715 				} else {
716 					bcopy((void *)osp, dst, sc->sectorsize);
717 					cpu_flush_dcache(dst, sc->sectorsize);
718 				}
719 			}
720 			osp = 0;
721 		} else if (bp->bio_cmd == BIO_WRITE) {
722 			if (sc->flags & MD_COMPRESS) {
723 				if (notmapped) {
724 					error1 = md_malloc_move_ma(&m, &ma_offs,
725 					    sc->sectorsize, &uc, 0,
726 					    MD_MALLOC_MOVE_CMP);
727 					i = error1 == 0 ? sc->sectorsize : 0;
728 				} else if (vlist != NULL) {
729 					error1 = md_malloc_move_vlist(&vlist,
730 					    &ma_offs, sc->sectorsize, &uc, 0,
731 					    MD_MALLOC_MOVE_CMP);
732 					i = error1 == 0 ? sc->sectorsize : 0;
733 				} else {
734 					uc = dst[0];
735 					for (i = 1; i < sc->sectorsize; i++) {
736 						if (dst[i] != uc)
737 							break;
738 					}
739 				}
740 			} else {
741 				i = 0;
742 				uc = 0;
743 			}
744 			if (i == sc->sectorsize) {
745 				if (osp != uc)
746 					error = s_write(sc->indir, secno, uc);
747 			} else {
748 				if (osp <= 255) {
749 					sp = (uintptr_t)uma_zalloc(sc->uma,
750 					    md_malloc_wait ? M_WAITOK :
751 					    M_NOWAIT);
752 					if (sp == 0) {
753 						error = ENOSPC;
754 						break;
755 					}
756 					if (notmapped) {
757 						error = md_malloc_move_ma(&m,
758 						    &ma_offs, sc->sectorsize,
759 						    (void *)sp, 0,
760 						    MD_MALLOC_MOVE_WRITE);
761 					} else if (vlist != NULL) {
762 						error = md_malloc_move_vlist(
763 						    &vlist, &ma_offs,
764 						    sc->sectorsize, (void *)sp,
765 						    0, MD_MALLOC_MOVE_WRITE);
766 					} else {
767 						bcopy(dst, (void *)sp,
768 						    sc->sectorsize);
769 					}
770 					error = s_write(sc->indir, secno, sp);
771 				} else {
772 					if (notmapped) {
773 						error = md_malloc_move_ma(&m,
774 						    &ma_offs, sc->sectorsize,
775 						    (void *)osp, 0,
776 						    MD_MALLOC_MOVE_WRITE);
777 					} else if (vlist != NULL) {
778 						error = md_malloc_move_vlist(
779 						    &vlist, &ma_offs,
780 						    sc->sectorsize, (void *)osp,
781 						    0, MD_MALLOC_MOVE_WRITE);
782 					} else {
783 						bcopy(dst, (void *)osp,
784 						    sc->sectorsize);
785 					}
786 					osp = 0;
787 				}
788 			}
789 		} else {
790 			error = EOPNOTSUPP;
791 		}
792 		if (osp > 255)
793 			uma_zfree(sc->uma, (void*)osp);
794 		if (error != 0)
795 			break;
796 		secno++;
797 		if (!notmapped && vlist == NULL)
798 			dst += sc->sectorsize;
799 	}
800 	bp->bio_resid = 0;
801 	return (error);
802 }
803 
804 static void
805 mdcopyto_vlist(void *src, bus_dma_segment_t *vlist, off_t offset, off_t len)
806 {
807 	off_t seg_len;
808 
809 	while (offset >= vlist->ds_len) {
810 		offset -= vlist->ds_len;
811 		vlist++;
812 	}
813 
814 	while (len != 0) {
815 		seg_len = omin(len, vlist->ds_len - offset);
816 		bcopy(src, (void *)(uintptr_t)(vlist->ds_addr + offset),
817 		    seg_len);
818 		offset = 0;
819 		src = (uint8_t *)src + seg_len;
820 		len -= seg_len;
821 		vlist++;
822 	}
823 }
824 
825 static void
826 mdcopyfrom_vlist(bus_dma_segment_t *vlist, off_t offset, void *dst, off_t len)
827 {
828 	off_t seg_len;
829 
830 	while (offset >= vlist->ds_len) {
831 		offset -= vlist->ds_len;
832 		vlist++;
833 	}
834 
835 	while (len != 0) {
836 		seg_len = omin(len, vlist->ds_len - offset);
837 		bcopy((void *)(uintptr_t)(vlist->ds_addr + offset), dst,
838 		    seg_len);
839 		offset = 0;
840 		dst = (uint8_t *)dst + seg_len;
841 		len -= seg_len;
842 		vlist++;
843 	}
844 }
845 
846 static int
847 mdstart_preload(struct md_s *sc, struct bio *bp)
848 {
849 	uint8_t *p;
850 
851 	p = sc->pl_ptr + bp->bio_offset;
852 	switch (bp->bio_cmd) {
853 	case BIO_READ:
854 		if ((bp->bio_flags & BIO_VLIST) != 0) {
855 			mdcopyto_vlist(p, (bus_dma_segment_t *)bp->bio_data,
856 			    bp->bio_ma_offset, bp->bio_length);
857 		} else {
858 			bcopy(p, bp->bio_data, bp->bio_length);
859 		}
860 		cpu_flush_dcache(bp->bio_data, bp->bio_length);
861 		break;
862 	case BIO_WRITE:
863 		if ((bp->bio_flags & BIO_VLIST) != 0) {
864 			mdcopyfrom_vlist((bus_dma_segment_t *)bp->bio_data,
865 			    bp->bio_ma_offset, p, bp->bio_length);
866 		} else {
867 			bcopy(bp->bio_data, p, bp->bio_length);
868 		}
869 		break;
870 	}
871 	bp->bio_resid = 0;
872 	return (0);
873 }
874 
875 static int
876 mdstart_vnode(struct md_s *sc, struct bio *bp)
877 {
878 	int error;
879 	struct uio auio;
880 	struct iovec aiov;
881 	struct iovec *piov;
882 	struct mount *mp;
883 	struct vnode *vp;
884 	bus_dma_segment_t *vlist;
885 	struct thread *td;
886 	off_t iolen, iostart, off, len;
887 	int ma_offs, npages;
888 	bool mapped;
889 
890 	switch (bp->bio_cmd) {
891 	case BIO_READ:
892 		auio.uio_rw = UIO_READ;
893 		break;
894 	case BIO_WRITE:
895 		auio.uio_rw = UIO_WRITE;
896 		break;
897 	case BIO_FLUSH:
898 		break;
899 	case BIO_DELETE:
900 		if (sc->candelete)
901 			break;
902 		/* FALLTHROUGH */
903 	default:
904 		return (EOPNOTSUPP);
905 	}
906 
907 	td = curthread;
908 	vp = sc->vnode;
909 	piov = NULL;
910 	ma_offs = bp->bio_ma_offset;
911 	off = bp->bio_offset;
912 	len = bp->bio_length;
913 	mapped = false;
914 
915 	/*
916 	 * VNODE I/O
917 	 *
918 	 * If an error occurs, we set BIO_ERROR but we do not set
919 	 * B_INVAL because (for a write anyway), the buffer is
920 	 * still valid.
921 	 */
922 
923 	if (bp->bio_cmd == BIO_FLUSH) {
924 		do {
925 			(void)vn_start_write(vp, &mp, V_WAIT);
926 			vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
927 			error = VOP_FSYNC(vp, MNT_WAIT, td);
928 			VOP_UNLOCK(vp);
929 			vn_finished_write(mp);
930 		} while (error == ERELOOKUP);
931 		return (error);
932 	} else if (bp->bio_cmd == BIO_DELETE) {
933 		error = vn_deallocate(vp, &off, &len, 0,
934 		    sc->flags & MD_ASYNC ? 0 : IO_SYNC, sc->cred, NOCRED);
935 		bp->bio_resid = len;
936 		return (error);
937 	}
938 
939 	auio.uio_offset = (vm_ooffset_t)bp->bio_offset;
940 	auio.uio_resid = bp->bio_length;
941 	auio.uio_segflg = UIO_SYSSPACE;
942 	auio.uio_td = td;
943 
944 	if ((bp->bio_flags & BIO_VLIST) != 0) {
945 		piov = malloc(sizeof(*piov) * bp->bio_ma_n, M_MD, M_WAITOK);
946 		auio.uio_iov = piov;
947 		vlist = (bus_dma_segment_t *)bp->bio_data;
948 		while (len > 0) {
949 			piov->iov_base = (void *)(uintptr_t)(vlist->ds_addr +
950 			    ma_offs);
951 			piov->iov_len = vlist->ds_len - ma_offs;
952 			if (piov->iov_len > len)
953 				piov->iov_len = len;
954 			len -= piov->iov_len;
955 			ma_offs = 0;
956 			vlist++;
957 			piov++;
958 		}
959 		auio.uio_iovcnt = piov - auio.uio_iov;
960 		piov = auio.uio_iov;
961 	} else if ((bp->bio_flags & BIO_UNMAPPED) != 0) {
962 		bp->bio_resid = len;
963 unmapped_step:
964 		npages = atop(min(maxphys, round_page(len + (ma_offs &
965 		    PAGE_MASK))));
966 		iolen = min(ptoa(npages) - (ma_offs & PAGE_MASK), len);
967 		KASSERT(iolen > 0, ("zero iolen"));
968 		KASSERT(npages <= atop(MAXPHYS + PAGE_SIZE),
969 		    ("npages %d too large", npages));
970 		pmap_qenter(sc->kva, &bp->bio_ma[atop(ma_offs)], npages);
971 		aiov.iov_base = (void *)(sc->kva + (ma_offs & PAGE_MASK));
972 		aiov.iov_len = iolen;
973 		auio.uio_iov = &aiov;
974 		auio.uio_iovcnt = 1;
975 		auio.uio_resid = iolen;
976 		mapped = true;
977 	} else {
978 		aiov.iov_base = bp->bio_data;
979 		aiov.iov_len = bp->bio_length;
980 		auio.uio_iov = &aiov;
981 		auio.uio_iovcnt = 1;
982 	}
983 	iostart = auio.uio_offset;
984 	if (auio.uio_rw == UIO_READ) {
985 		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
986 		error = VOP_READ(vp, &auio, 0, sc->cred);
987 		VOP_UNLOCK(vp);
988 	} else {
989 		(void) vn_start_write(vp, &mp, V_WAIT);
990 		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
991 		error = VOP_WRITE(vp, &auio, sc->flags & MD_ASYNC ? 0 : IO_SYNC,
992 		    sc->cred);
993 		VOP_UNLOCK(vp);
994 		vn_finished_write(mp);
995 		if (error == 0)
996 			sc->flags &= ~MD_VERIFY;
997 	}
998 
999 	/* When MD_CACHE is set, try to avoid double-caching the data. */
1000 	if (error == 0 && (sc->flags & MD_CACHE) == 0)
1001 		VOP_ADVISE(vp, iostart, auio.uio_offset - 1,
1002 		    POSIX_FADV_DONTNEED);
1003 
1004 	if (mapped) {
1005 		pmap_qremove(sc->kva, npages);
1006 		if (error == 0) {
1007 			len -= iolen;
1008 			bp->bio_resid -= iolen;
1009 			ma_offs += iolen;
1010 			if (len > 0)
1011 				goto unmapped_step;
1012 		}
1013 	} else {
1014 		bp->bio_resid = auio.uio_resid;
1015 	}
1016 
1017 	free(piov, M_MD);
1018 	return (error);
1019 }
1020 
1021 static int
1022 mdstart_swap(struct md_s *sc, struct bio *bp)
1023 {
1024 	vm_page_t m;
1025 	u_char *p;
1026 	vm_pindex_t i, lastp;
1027 	bus_dma_segment_t *vlist;
1028 	int rv, ma_offs, offs, len, lastend;
1029 
1030 	switch (bp->bio_cmd) {
1031 	case BIO_READ:
1032 	case BIO_WRITE:
1033 	case BIO_DELETE:
1034 		break;
1035 	case BIO_FLUSH:
1036 		return (0);
1037 	default:
1038 		return (EOPNOTSUPP);
1039 	}
1040 
1041 	p = bp->bio_data;
1042 	ma_offs = (bp->bio_flags & (BIO_UNMAPPED|BIO_VLIST)) != 0 ?
1043 	    bp->bio_ma_offset : 0;
1044 	vlist = (bp->bio_flags & BIO_VLIST) != 0 ?
1045 	    (bus_dma_segment_t *)bp->bio_data : NULL;
1046 
1047 	/*
1048 	 * offs is the offset at which to start operating on the
1049 	 * next (ie, first) page.  lastp is the last page on
1050 	 * which we're going to operate.  lastend is the ending
1051 	 * position within that last page (ie, PAGE_SIZE if
1052 	 * we're operating on complete aligned pages).
1053 	 */
1054 	offs = bp->bio_offset % PAGE_SIZE;
1055 	lastp = (bp->bio_offset + bp->bio_length - 1) / PAGE_SIZE;
1056 	lastend = (bp->bio_offset + bp->bio_length - 1) % PAGE_SIZE + 1;
1057 
1058 	rv = VM_PAGER_OK;
1059 	vm_object_pip_add(sc->object, 1);
1060 	for (i = bp->bio_offset / PAGE_SIZE; i <= lastp; i++) {
1061 		len = ((i == lastp) ? lastend : PAGE_SIZE) - offs;
1062 		m = vm_page_grab_unlocked(sc->object, i, VM_ALLOC_SYSTEM);
1063 		if (bp->bio_cmd == BIO_READ) {
1064 			if (vm_page_all_valid(m))
1065 				rv = VM_PAGER_OK;
1066 			else
1067 				rv = vm_pager_get_pages(sc->object, &m, 1,
1068 				    NULL, NULL);
1069 			if (rv == VM_PAGER_ERROR) {
1070 				VM_OBJECT_WLOCK(sc->object);
1071 				vm_page_free(m);
1072 				VM_OBJECT_WUNLOCK(sc->object);
1073 				break;
1074 			} else if (rv == VM_PAGER_FAIL) {
1075 				/*
1076 				 * Pager does not have the page.  Zero
1077 				 * the allocated page, and mark it as
1078 				 * valid. Do not set dirty, the page
1079 				 * can be recreated if thrown out.
1080 				 */
1081 				pmap_zero_page(m);
1082 				vm_page_valid(m);
1083 			}
1084 			if ((bp->bio_flags & BIO_UNMAPPED) != 0) {
1085 				pmap_copy_pages(&m, offs, bp->bio_ma,
1086 				    ma_offs, len);
1087 			} else if ((bp->bio_flags & BIO_VLIST) != 0) {
1088 				physcopyout_vlist(VM_PAGE_TO_PHYS(m) + offs,
1089 				    vlist, ma_offs, len);
1090 				cpu_flush_dcache(p, len);
1091 			} else {
1092 				physcopyout(VM_PAGE_TO_PHYS(m) + offs, p, len);
1093 				cpu_flush_dcache(p, len);
1094 			}
1095 		} else if (bp->bio_cmd == BIO_WRITE) {
1096 			if (len == PAGE_SIZE || vm_page_all_valid(m))
1097 				rv = VM_PAGER_OK;
1098 			else
1099 				rv = vm_pager_get_pages(sc->object, &m, 1,
1100 				    NULL, NULL);
1101 			if (rv == VM_PAGER_ERROR) {
1102 				VM_OBJECT_WLOCK(sc->object);
1103 				vm_page_free(m);
1104 				VM_OBJECT_WUNLOCK(sc->object);
1105 				break;
1106 			} else if (rv == VM_PAGER_FAIL)
1107 				pmap_zero_page(m);
1108 
1109 			if ((bp->bio_flags & BIO_UNMAPPED) != 0) {
1110 				pmap_copy_pages(bp->bio_ma, ma_offs, &m,
1111 				    offs, len);
1112 			} else if ((bp->bio_flags & BIO_VLIST) != 0) {
1113 				physcopyin_vlist(vlist, ma_offs,
1114 				    VM_PAGE_TO_PHYS(m) + offs, len);
1115 			} else {
1116 				physcopyin(p, VM_PAGE_TO_PHYS(m) + offs, len);
1117 			}
1118 
1119 			vm_page_valid(m);
1120 			vm_page_set_dirty(m);
1121 		} else if (bp->bio_cmd == BIO_DELETE) {
1122 			if (len == PAGE_SIZE || vm_page_all_valid(m))
1123 				rv = VM_PAGER_OK;
1124 			else
1125 				rv = vm_pager_get_pages(sc->object, &m, 1,
1126 				    NULL, NULL);
1127 			VM_OBJECT_WLOCK(sc->object);
1128 			if (rv == VM_PAGER_ERROR) {
1129 				vm_page_free(m);
1130 				VM_OBJECT_WUNLOCK(sc->object);
1131 				break;
1132 			} else if (rv == VM_PAGER_FAIL) {
1133 				vm_page_free(m);
1134 				m = NULL;
1135 			} else {
1136 				/* Page is valid. */
1137 				if (len != PAGE_SIZE) {
1138 					pmap_zero_page_area(m, offs, len);
1139 					vm_page_set_dirty(m);
1140 				} else {
1141 					vm_pager_page_unswapped(m);
1142 					vm_page_free(m);
1143 					m = NULL;
1144 				}
1145 			}
1146 			VM_OBJECT_WUNLOCK(sc->object);
1147 		}
1148 		if (m != NULL) {
1149 			/*
1150 			 * The page may be deactivated prior to setting
1151 			 * PGA_REFERENCED, but in this case it will be
1152 			 * reactivated by the page daemon.
1153 			 */
1154 			if (vm_page_active(m))
1155 				vm_page_reference(m);
1156 			else
1157 				vm_page_activate(m);
1158 			vm_page_xunbusy(m);
1159 		}
1160 
1161 		/* Actions on further pages start at offset 0 */
1162 		p += PAGE_SIZE - offs;
1163 		offs = 0;
1164 		ma_offs += len;
1165 	}
1166 	vm_object_pip_wakeup(sc->object);
1167 	return (rv != VM_PAGER_ERROR ? 0 : ENOSPC);
1168 }
1169 
1170 static int
1171 mdstart_null(struct md_s *sc, struct bio *bp)
1172 {
1173 
1174 	switch (bp->bio_cmd) {
1175 	case BIO_READ:
1176 		bzero(bp->bio_data, bp->bio_length);
1177 		cpu_flush_dcache(bp->bio_data, bp->bio_length);
1178 		break;
1179 	case BIO_WRITE:
1180 		break;
1181 	}
1182 	bp->bio_resid = 0;
1183 	return (0);
1184 }
1185 
1186 static void
1187 md_handleattr(struct md_s *sc, struct bio *bp)
1188 {
1189 	if (sc->fwsectors && sc->fwheads &&
1190 	    (g_handleattr_int(bp, "GEOM::fwsectors", sc->fwsectors) != 0 ||
1191 	    g_handleattr_int(bp, "GEOM::fwheads", sc->fwheads) != 0))
1192 		return;
1193 	if (g_handleattr_int(bp, "GEOM::candelete", sc->candelete) != 0)
1194 		return;
1195 	if (sc->ident[0] != '\0' &&
1196 	    g_handleattr_str(bp, "GEOM::ident", sc->ident) != 0)
1197 		return;
1198 	if (g_handleattr_int(bp, "MNT::verified", (sc->flags & MD_VERIFY) != 0))
1199 		return;
1200 	g_io_deliver(bp, EOPNOTSUPP);
1201 }
1202 
1203 static void
1204 md_kthread(void *arg)
1205 {
1206 	struct md_s *sc;
1207 	struct bio *bp;
1208 	int error;
1209 
1210 	sc = arg;
1211 	thread_lock(curthread);
1212 	sched_prio(curthread, PRIBIO);
1213 	thread_unlock(curthread);
1214 	if (sc->type == MD_VNODE)
1215 		curthread->td_pflags |= TDP_NORUNNINGBUF;
1216 
1217 	for (;;) {
1218 		mtx_lock(&sc->queue_mtx);
1219 		if (sc->flags & MD_SHUTDOWN) {
1220 			sc->flags |= MD_EXITING;
1221 			mtx_unlock(&sc->queue_mtx);
1222 			kproc_exit(0);
1223 		}
1224 		bp = bioq_takefirst(&sc->bio_queue);
1225 		if (!bp) {
1226 			msleep(sc, &sc->queue_mtx, PRIBIO | PDROP, "mdwait", 0);
1227 			continue;
1228 		}
1229 		mtx_unlock(&sc->queue_mtx);
1230 		if (bp->bio_cmd == BIO_GETATTR) {
1231 			md_handleattr(sc, bp);
1232 		} else {
1233 			error = sc->start(sc, bp);
1234 			if (bp->bio_cmd == BIO_READ || bp->bio_cmd == BIO_WRITE) {
1235 				/*
1236 				 * Devstat uses (bio_bcount, bio_resid) for
1237 				 * determining the length of the completed part
1238 				 * of the i/o.  g_io_deliver() will translate
1239 				 * from bio_completed to that, but it also
1240 				 * destroys the bio so we must do our own
1241 				 * translation.
1242 				 */
1243 				bp->bio_bcount = bp->bio_length;
1244 				devstat_end_transaction_bio(sc->devstat, bp);
1245 			}
1246 			bp->bio_completed = bp->bio_length - bp->bio_resid;
1247 			g_io_deliver(bp, error);
1248 		}
1249 	}
1250 }
1251 
1252 static struct md_s *
1253 mdfind(int unit)
1254 {
1255 	struct md_s *sc;
1256 
1257 	LIST_FOREACH(sc, &md_softc_list, list) {
1258 		if (sc->unit == unit)
1259 			break;
1260 	}
1261 	return (sc);
1262 }
1263 
1264 static struct md_s *
1265 mdnew(int unit, int *errp, enum md_types type)
1266 {
1267 	struct md_s *sc;
1268 	int error;
1269 
1270 	*errp = 0;
1271 	if (unit == -1)
1272 		unit = alloc_unr(md_uh);
1273 	else
1274 		unit = alloc_unr_specific(md_uh, unit);
1275 
1276 	if (unit == -1) {
1277 		*errp = EBUSY;
1278 		return (NULL);
1279 	}
1280 
1281 	sc = malloc(sizeof(*sc), M_MD, M_WAITOK | M_ZERO);
1282 	sc->type = type;
1283 	bioq_init(&sc->bio_queue);
1284 	mtx_init(&sc->queue_mtx, "md bio queue", NULL, MTX_DEF);
1285 	sc->unit = unit;
1286 	sprintf(sc->name, "md%d", unit);
1287 	LIST_INSERT_HEAD(&md_softc_list, sc, list);
1288 	error = kproc_create(md_kthread, sc, &sc->procp, 0, 0,"%s", sc->name);
1289 	if (error == 0)
1290 		return (sc);
1291 	LIST_REMOVE(sc, list);
1292 	mtx_destroy(&sc->queue_mtx);
1293 	free_unr(md_uh, sc->unit);
1294 	free(sc, M_MD);
1295 	*errp = error;
1296 	return (NULL);
1297 }
1298 
1299 static void
1300 mdinit(struct md_s *sc)
1301 {
1302 	struct g_geom *gp;
1303 	struct g_provider *pp;
1304 
1305 	g_topology_lock();
1306 	gp = g_new_geomf(&g_md_class, "md%d", sc->unit);
1307 	gp->softc = sc;
1308 	pp = g_new_providerf(gp, "md%d", sc->unit);
1309 	devstat_remove_entry(pp->stat);
1310 	pp->stat = NULL;
1311 	pp->flags |= G_PF_DIRECT_SEND | G_PF_DIRECT_RECEIVE;
1312 	pp->mediasize = sc->mediasize;
1313 	pp->sectorsize = sc->sectorsize;
1314 	switch (sc->type) {
1315 	case MD_MALLOC:
1316 	case MD_VNODE:
1317 	case MD_SWAP:
1318 		pp->flags |= G_PF_ACCEPT_UNMAPPED;
1319 		break;
1320 	case MD_PRELOAD:
1321 	case MD_NULL:
1322 		break;
1323 	}
1324 	sc->gp = gp;
1325 	sc->pp = pp;
1326 	sc->devstat = devstat_new_entry("md", sc->unit, sc->sectorsize,
1327 	    DEVSTAT_ALL_SUPPORTED, DEVSTAT_TYPE_DIRECT, DEVSTAT_PRIORITY_MAX);
1328 	sc->devstat->id = pp;
1329 	g_error_provider(pp, 0);
1330 	g_topology_unlock();
1331 }
1332 
1333 static int
1334 mdcreate_malloc(struct md_s *sc, struct md_req *mdr)
1335 {
1336 	uintptr_t sp;
1337 	int error;
1338 	off_t u;
1339 
1340 	error = 0;
1341 	if (mdr->md_options & ~(MD_AUTOUNIT | MD_COMPRESS | MD_RESERVE))
1342 		return (EINVAL);
1343 	if (mdr->md_sectorsize != 0 && !powerof2(mdr->md_sectorsize))
1344 		return (EINVAL);
1345 	/* Compression doesn't make sense if we have reserved space */
1346 	if (mdr->md_options & MD_RESERVE)
1347 		mdr->md_options &= ~MD_COMPRESS;
1348 	if (mdr->md_fwsectors != 0)
1349 		sc->fwsectors = mdr->md_fwsectors;
1350 	if (mdr->md_fwheads != 0)
1351 		sc->fwheads = mdr->md_fwheads;
1352 	sc->flags = mdr->md_options & (MD_COMPRESS | MD_FORCE);
1353 	sc->indir = dimension(sc->mediasize / sc->sectorsize);
1354 	sc->uma = uma_zcreate(sc->name, sc->sectorsize, NULL, NULL, NULL, NULL,
1355 	    0x1ff, 0);
1356 	if (mdr->md_options & MD_RESERVE) {
1357 		off_t nsectors;
1358 
1359 		nsectors = sc->mediasize / sc->sectorsize;
1360 		for (u = 0; u < nsectors; u++) {
1361 			sp = (uintptr_t)uma_zalloc(sc->uma, (md_malloc_wait ?
1362 			    M_WAITOK : M_NOWAIT) | M_ZERO);
1363 			if (sp != 0)
1364 				error = s_write(sc->indir, u, sp);
1365 			else
1366 				error = ENOMEM;
1367 			if (error != 0)
1368 				break;
1369 		}
1370 	}
1371 	return (error);
1372 }
1373 
1374 static int
1375 mdsetcred(struct md_s *sc, struct ucred *cred)
1376 {
1377 	char *tmpbuf;
1378 	int error = 0;
1379 
1380 	/*
1381 	 * Set credits in our softc
1382 	 */
1383 
1384 	if (sc->cred)
1385 		crfree(sc->cred);
1386 	sc->cred = crhold(cred);
1387 
1388 	/*
1389 	 * Horrible kludge to establish credentials for NFS  XXX.
1390 	 */
1391 
1392 	if (sc->vnode) {
1393 		struct uio auio;
1394 		struct iovec aiov;
1395 
1396 		tmpbuf = malloc(sc->sectorsize, M_TEMP, M_WAITOK);
1397 		bzero(&auio, sizeof(auio));
1398 
1399 		aiov.iov_base = tmpbuf;
1400 		aiov.iov_len = sc->sectorsize;
1401 		auio.uio_iov = &aiov;
1402 		auio.uio_iovcnt = 1;
1403 		auio.uio_offset = 0;
1404 		auio.uio_rw = UIO_READ;
1405 		auio.uio_segflg = UIO_SYSSPACE;
1406 		auio.uio_resid = aiov.iov_len;
1407 		vn_lock(sc->vnode, LK_EXCLUSIVE | LK_RETRY);
1408 		error = VOP_READ(sc->vnode, &auio, 0, sc->cred);
1409 		VOP_UNLOCK(sc->vnode);
1410 		free(tmpbuf, M_TEMP);
1411 	}
1412 	return (error);
1413 }
1414 
1415 static int
1416 mdcreate_vnode(struct md_s *sc, struct md_req *mdr, struct thread *td)
1417 {
1418 	struct vattr vattr;
1419 	struct nameidata nd;
1420 	char *fname;
1421 	int error, flags;
1422 	long v;
1423 
1424 	fname = mdr->md_file;
1425 	if (mdr->md_file_seg == UIO_USERSPACE) {
1426 		error = copyinstr(fname, sc->file, sizeof(sc->file), NULL);
1427 		if (error != 0)
1428 			return (error);
1429 	} else if (mdr->md_file_seg == UIO_SYSSPACE)
1430 		strlcpy(sc->file, fname, sizeof(sc->file));
1431 	else
1432 		return (EDOOFUS);
1433 
1434 	/*
1435 	 * If the user specified that this is a read only device, don't
1436 	 * set the FWRITE mask before trying to open the backing store.
1437 	 */
1438 	flags = FREAD | ((mdr->md_options & MD_READONLY) ? 0 : FWRITE) \
1439 	    | ((mdr->md_options & MD_VERIFY) ? O_VERIFY : 0);
1440 	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, sc->file);
1441 	error = vn_open(&nd, &flags, 0, NULL);
1442 	if (error != 0)
1443 		return (error);
1444 	NDFREE_PNBUF(&nd);
1445 	if (nd.ni_vp->v_type != VREG) {
1446 		error = EINVAL;
1447 		goto bad;
1448 	}
1449 	error = VOP_GETATTR(nd.ni_vp, &vattr, td->td_ucred);
1450 	if (error != 0)
1451 		goto bad;
1452 	if ((mdr->md_options & MD_MUSTDEALLOC) != 0) {
1453 		error = VOP_PATHCONF(nd.ni_vp, _PC_DEALLOC_PRESENT, &v);
1454 		if (error != 0)
1455 			goto bad;
1456 		if (v == 0)
1457 			sc->candelete = false;
1458 	}
1459 	if (VOP_ISLOCKED(nd.ni_vp) != LK_EXCLUSIVE) {
1460 		vn_lock(nd.ni_vp, LK_UPGRADE | LK_RETRY);
1461 		if (VN_IS_DOOMED(nd.ni_vp)) {
1462 			/* Forced unmount. */
1463 			error = EBADF;
1464 			goto bad;
1465 		}
1466 	}
1467 	nd.ni_vp->v_vflag |= VV_MD;
1468 	VOP_UNLOCK(nd.ni_vp);
1469 
1470 	if (mdr->md_fwsectors != 0)
1471 		sc->fwsectors = mdr->md_fwsectors;
1472 	if (mdr->md_fwheads != 0)
1473 		sc->fwheads = mdr->md_fwheads;
1474 	snprintf(sc->ident, sizeof(sc->ident), "MD-DEV%ju-INO%ju",
1475 	    (uintmax_t)vattr.va_fsid, (uintmax_t)vattr.va_fileid);
1476 	sc->flags = mdr->md_options & (MD_ASYNC | MD_CACHE | MD_FORCE |
1477 	    MD_VERIFY);
1478 	if (!(flags & FWRITE))
1479 		sc->flags |= MD_READONLY;
1480 	sc->vnode = nd.ni_vp;
1481 
1482 	error = mdsetcred(sc, td->td_ucred);
1483 	if (error != 0) {
1484 		sc->vnode = NULL;
1485 		vn_lock(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY);
1486 		nd.ni_vp->v_vflag &= ~VV_MD;
1487 		goto bad;
1488 	}
1489 
1490 	sc->kva = kva_alloc(MAXPHYS + PAGE_SIZE);
1491 	return (0);
1492 bad:
1493 	VOP_UNLOCK(nd.ni_vp);
1494 	(void)vn_close(nd.ni_vp, flags, td->td_ucred, td);
1495 	return (error);
1496 }
1497 
1498 static void
1499 g_md_providergone(struct g_provider *pp)
1500 {
1501 	struct md_s *sc = pp->geom->softc;
1502 
1503 	mtx_lock(&sc->queue_mtx);
1504 	sc->flags |= MD_PROVIDERGONE;
1505 	wakeup(&sc->flags);
1506 	mtx_unlock(&sc->queue_mtx);
1507 }
1508 
1509 static int
1510 mddestroy(struct md_s *sc, struct thread *td)
1511 {
1512 
1513 	if (sc->gp) {
1514 		g_topology_lock();
1515 		g_wither_geom(sc->gp, ENXIO);
1516 		g_topology_unlock();
1517 
1518 		mtx_lock(&sc->queue_mtx);
1519 		while (!(sc->flags & MD_PROVIDERGONE))
1520 			msleep(&sc->flags, &sc->queue_mtx, PRIBIO, "mddestroy", 0);
1521 		mtx_unlock(&sc->queue_mtx);
1522 	}
1523 	if (sc->devstat) {
1524 		devstat_remove_entry(sc->devstat);
1525 		sc->devstat = NULL;
1526 	}
1527 	mtx_lock(&sc->queue_mtx);
1528 	sc->flags |= MD_SHUTDOWN;
1529 	wakeup(sc);
1530 	while (!(sc->flags & MD_EXITING))
1531 		msleep(sc->procp, &sc->queue_mtx, PRIBIO, "mddestroy", hz / 10);
1532 	mtx_unlock(&sc->queue_mtx);
1533 	mtx_destroy(&sc->queue_mtx);
1534 	if (sc->vnode != NULL) {
1535 		vn_lock(sc->vnode, LK_EXCLUSIVE | LK_RETRY);
1536 		sc->vnode->v_vflag &= ~VV_MD;
1537 		VOP_UNLOCK(sc->vnode);
1538 		(void)vn_close(sc->vnode, sc->flags & MD_READONLY ?
1539 		    FREAD : (FREAD|FWRITE), sc->cred, td);
1540 	}
1541 	if (sc->cred != NULL)
1542 		crfree(sc->cred);
1543 	if (sc->object != NULL)
1544 		vm_object_deallocate(sc->object);
1545 	if (sc->indir)
1546 		destroy_indir(sc, sc->indir);
1547 	if (sc->uma)
1548 		uma_zdestroy(sc->uma);
1549 	if (sc->kva)
1550 		kva_free(sc->kva, MAXPHYS + PAGE_SIZE);
1551 
1552 	LIST_REMOVE(sc, list);
1553 	free_unr(md_uh, sc->unit);
1554 	free(sc, M_MD);
1555 	return (0);
1556 }
1557 
1558 static int
1559 mdresize(struct md_s *sc, struct md_req *mdr)
1560 {
1561 	int error, res;
1562 	vm_pindex_t oldpages, newpages;
1563 
1564 	switch (sc->type) {
1565 	case MD_VNODE:
1566 	case MD_NULL:
1567 		break;
1568 	case MD_SWAP:
1569 		if (mdr->md_mediasize <= 0 ||
1570 		    (mdr->md_mediasize % PAGE_SIZE) != 0)
1571 			return (EDOM);
1572 		oldpages = OFF_TO_IDX(sc->mediasize);
1573 		newpages = OFF_TO_IDX(mdr->md_mediasize);
1574 		if (newpages < oldpages) {
1575 			VM_OBJECT_WLOCK(sc->object);
1576 			vm_object_page_remove(sc->object, newpages, 0, 0);
1577 			swap_release_by_cred(IDX_TO_OFF(oldpages -
1578 			    newpages), sc->cred);
1579 			sc->object->charge = IDX_TO_OFF(newpages);
1580 			sc->object->size = newpages;
1581 			VM_OBJECT_WUNLOCK(sc->object);
1582 		} else if (newpages > oldpages) {
1583 			res = swap_reserve_by_cred(IDX_TO_OFF(newpages -
1584 			    oldpages), sc->cred);
1585 			if (!res)
1586 				return (ENOMEM);
1587 			if ((mdr->md_options & MD_RESERVE) ||
1588 			    (sc->flags & MD_RESERVE)) {
1589 				error = swap_pager_reserve(sc->object,
1590 				    oldpages, newpages - oldpages);
1591 				if (error < 0) {
1592 					swap_release_by_cred(
1593 					    IDX_TO_OFF(newpages - oldpages),
1594 					    sc->cred);
1595 					return (EDOM);
1596 				}
1597 			}
1598 			VM_OBJECT_WLOCK(sc->object);
1599 			sc->object->charge = IDX_TO_OFF(newpages);
1600 			sc->object->size = newpages;
1601 			VM_OBJECT_WUNLOCK(sc->object);
1602 		}
1603 		break;
1604 	default:
1605 		return (EOPNOTSUPP);
1606 	}
1607 
1608 	sc->mediasize = mdr->md_mediasize;
1609 
1610 	g_topology_lock();
1611 	g_resize_provider(sc->pp, sc->mediasize);
1612 	g_topology_unlock();
1613 	return (0);
1614 }
1615 
1616 static int
1617 mdcreate_swap(struct md_s *sc, struct md_req *mdr, struct thread *td)
1618 {
1619 	vm_ooffset_t npage;
1620 	int error;
1621 
1622 	/*
1623 	 * Range check.  Disallow negative sizes and sizes not being
1624 	 * multiple of page size.
1625 	 */
1626 	if (sc->mediasize <= 0 || (sc->mediasize % PAGE_SIZE) != 0)
1627 		return (EDOM);
1628 
1629 	/*
1630 	 * Allocate an OBJT_SWAP object.
1631 	 *
1632 	 * Note the truncation.
1633 	 */
1634 
1635 	if ((mdr->md_options & MD_VERIFY) != 0)
1636 		return (EINVAL);
1637 	npage = mdr->md_mediasize / PAGE_SIZE;
1638 	if (mdr->md_fwsectors != 0)
1639 		sc->fwsectors = mdr->md_fwsectors;
1640 	if (mdr->md_fwheads != 0)
1641 		sc->fwheads = mdr->md_fwheads;
1642 	sc->object = vm_pager_allocate(OBJT_SWAP, NULL, PAGE_SIZE * npage,
1643 	    VM_PROT_DEFAULT, 0, td->td_ucred);
1644 	if (sc->object == NULL)
1645 		return (ENOMEM);
1646 	sc->flags = mdr->md_options & (MD_FORCE | MD_RESERVE);
1647 	if (mdr->md_options & MD_RESERVE) {
1648 		if (swap_pager_reserve(sc->object, 0, npage) < 0) {
1649 			error = EDOM;
1650 			goto finish;
1651 		}
1652 	}
1653 	error = mdsetcred(sc, td->td_ucred);
1654  finish:
1655 	if (error != 0) {
1656 		vm_object_deallocate(sc->object);
1657 		sc->object = NULL;
1658 	}
1659 	return (error);
1660 }
1661 
1662 static int
1663 mdcreate_null(struct md_s *sc, struct md_req *mdr, struct thread *td)
1664 {
1665 
1666 	/*
1667 	 * Range check.  Disallow negative sizes and sizes not being
1668 	 * multiple of page size.
1669 	 */
1670 	if (sc->mediasize <= 0 || (sc->mediasize % PAGE_SIZE) != 0)
1671 		return (EDOM);
1672 
1673 	return (0);
1674 }
1675 
1676 static int
1677 kern_mdattach_locked(struct thread *td, struct md_req *mdr)
1678 {
1679 	struct md_s *sc;
1680 	unsigned sectsize;
1681 	int error, i;
1682 
1683 	sx_assert(&md_sx, SA_XLOCKED);
1684 
1685 	switch (mdr->md_type) {
1686 	case MD_MALLOC:
1687 	case MD_PRELOAD:
1688 	case MD_VNODE:
1689 	case MD_SWAP:
1690 	case MD_NULL:
1691 		break;
1692 	default:
1693 		return (EINVAL);
1694 	}
1695 	if (mdr->md_sectorsize == 0)
1696 		sectsize = DEV_BSIZE;
1697 	else
1698 		sectsize = mdr->md_sectorsize;
1699 	if (sectsize > maxphys || mdr->md_mediasize < sectsize)
1700 		return (EINVAL);
1701 	if (mdr->md_options & MD_AUTOUNIT)
1702 		sc = mdnew(-1, &error, mdr->md_type);
1703 	else {
1704 		if (mdr->md_unit > INT_MAX)
1705 			return (EINVAL);
1706 		sc = mdnew(mdr->md_unit, &error, mdr->md_type);
1707 	}
1708 	if (sc == NULL)
1709 		return (error);
1710 	if (mdr->md_label != NULL)
1711 		error = copyinstr(mdr->md_label, sc->label,
1712 		    sizeof(sc->label), NULL);
1713 	if (error != 0)
1714 		goto err_after_new;
1715 	if (mdr->md_options & MD_AUTOUNIT)
1716 		mdr->md_unit = sc->unit;
1717 	sc->mediasize = mdr->md_mediasize;
1718 	sc->sectorsize = sectsize;
1719 	sc->candelete = true;
1720 	error = EDOOFUS;
1721 	switch (sc->type) {
1722 	case MD_MALLOC:
1723 		sc->start = mdstart_malloc;
1724 		error = mdcreate_malloc(sc, mdr);
1725 		break;
1726 	case MD_PRELOAD:
1727 		/*
1728 		 * We disallow attaching preloaded memory disks via
1729 		 * ioctl. Preloaded memory disks are automatically
1730 		 * attached in g_md_init().
1731 		 */
1732 		error = EOPNOTSUPP;
1733 		break;
1734 	case MD_VNODE:
1735 		sc->start = mdstart_vnode;
1736 		error = mdcreate_vnode(sc, mdr, td);
1737 		break;
1738 	case MD_SWAP:
1739 		sc->start = mdstart_swap;
1740 		error = mdcreate_swap(sc, mdr, td);
1741 		break;
1742 	case MD_NULL:
1743 		sc->start = mdstart_null;
1744 		error = mdcreate_null(sc, mdr, td);
1745 		break;
1746 	}
1747 err_after_new:
1748 	if (error != 0) {
1749 		mddestroy(sc, td);
1750 		return (error);
1751 	}
1752 
1753 	/* Prune off any residual fractional sector */
1754 	i = sc->mediasize % sc->sectorsize;
1755 	sc->mediasize -= i;
1756 
1757 	mdinit(sc);
1758 	return (0);
1759 }
1760 
1761 static int
1762 kern_mdattach(struct thread *td, struct md_req *mdr)
1763 {
1764 	int error;
1765 
1766 	sx_xlock(&md_sx);
1767 	error = kern_mdattach_locked(td, mdr);
1768 	sx_xunlock(&md_sx);
1769 	return (error);
1770 }
1771 
1772 static int
1773 kern_mddetach_locked(struct thread *td, struct md_req *mdr)
1774 {
1775 	struct md_s *sc;
1776 
1777 	sx_assert(&md_sx, SA_XLOCKED);
1778 
1779 	if (mdr->md_mediasize != 0 ||
1780 	    (mdr->md_options & ~MD_FORCE) != 0)
1781 		return (EINVAL);
1782 
1783 	sc = mdfind(mdr->md_unit);
1784 	if (sc == NULL)
1785 		return (ENOENT);
1786 	if (sc->opencount != 0 && !(sc->flags & MD_FORCE) &&
1787 	    !(mdr->md_options & MD_FORCE))
1788 		return (EBUSY);
1789 	return (mddestroy(sc, td));
1790 }
1791 
1792 static int
1793 kern_mddetach(struct thread *td, struct md_req *mdr)
1794 {
1795 	int error;
1796 
1797 	sx_xlock(&md_sx);
1798 	error = kern_mddetach_locked(td, mdr);
1799 	sx_xunlock(&md_sx);
1800 	return (error);
1801 }
1802 
1803 static int
1804 kern_mdresize_locked(struct md_req *mdr)
1805 {
1806 	struct md_s *sc;
1807 
1808 	sx_assert(&md_sx, SA_XLOCKED);
1809 
1810 	if ((mdr->md_options & ~(MD_FORCE | MD_RESERVE)) != 0)
1811 		return (EINVAL);
1812 
1813 	sc = mdfind(mdr->md_unit);
1814 	if (sc == NULL)
1815 		return (ENOENT);
1816 	if (mdr->md_mediasize < sc->sectorsize)
1817 		return (EINVAL);
1818 	mdr->md_mediasize -= mdr->md_mediasize % sc->sectorsize;
1819 	if (mdr->md_mediasize < sc->mediasize &&
1820 	    !(sc->flags & MD_FORCE) &&
1821 	    !(mdr->md_options & MD_FORCE))
1822 		return (EBUSY);
1823 	return (mdresize(sc, mdr));
1824 }
1825 
1826 static int
1827 kern_mdresize(struct md_req *mdr)
1828 {
1829 	int error;
1830 
1831 	sx_xlock(&md_sx);
1832 	error = kern_mdresize_locked(mdr);
1833 	sx_xunlock(&md_sx);
1834 	return (error);
1835 }
1836 
1837 static int
1838 kern_mdquery_locked(struct md_req *mdr)
1839 {
1840 	struct md_s *sc;
1841 	int error;
1842 
1843 	sx_assert(&md_sx, SA_XLOCKED);
1844 
1845 	sc = mdfind(mdr->md_unit);
1846 	if (sc == NULL)
1847 		return (ENOENT);
1848 	mdr->md_type = sc->type;
1849 	mdr->md_options = sc->flags;
1850 	mdr->md_mediasize = sc->mediasize;
1851 	mdr->md_sectorsize = sc->sectorsize;
1852 	error = 0;
1853 	if (mdr->md_label != NULL) {
1854 		error = copyout(sc->label, mdr->md_label,
1855 		    strlen(sc->label) + 1);
1856 		if (error != 0)
1857 			return (error);
1858 	}
1859 	if (sc->type == MD_VNODE ||
1860 	    (sc->type == MD_PRELOAD && mdr->md_file != NULL))
1861 		error = copyout(sc->file, mdr->md_file,
1862 		    strlen(sc->file) + 1);
1863 	return (error);
1864 }
1865 
1866 static int
1867 kern_mdquery(struct md_req *mdr)
1868 {
1869 	int error;
1870 
1871 	sx_xlock(&md_sx);
1872 	error = kern_mdquery_locked(mdr);
1873 	sx_xunlock(&md_sx);
1874 	return (error);
1875 }
1876 
1877 /* Copy members that are not userspace pointers. */
1878 #define	MD_IOCTL2REQ(mdio, mdr) do {					\
1879 	(mdr)->md_unit = (mdio)->md_unit;				\
1880 	(mdr)->md_type = (mdio)->md_type;				\
1881 	(mdr)->md_mediasize = (mdio)->md_mediasize;			\
1882 	(mdr)->md_sectorsize = (mdio)->md_sectorsize;			\
1883 	(mdr)->md_options = (mdio)->md_options;				\
1884 	(mdr)->md_fwheads = (mdio)->md_fwheads;				\
1885 	(mdr)->md_fwsectors = (mdio)->md_fwsectors;			\
1886 	(mdr)->md_units = &(mdio)->md_pad[0];				\
1887 	(mdr)->md_units_nitems = nitems((mdio)->md_pad);		\
1888 } while(0)
1889 
1890 /* Copy members that might have been updated */
1891 #define MD_REQ2IOCTL(mdr, mdio) do {					\
1892 	(mdio)->md_unit = (mdr)->md_unit;				\
1893 	(mdio)->md_type = (mdr)->md_type;				\
1894 	(mdio)->md_mediasize = (mdr)->md_mediasize;			\
1895 	(mdio)->md_sectorsize = (mdr)->md_sectorsize;			\
1896 	(mdio)->md_options = (mdr)->md_options;				\
1897 	(mdio)->md_fwheads = (mdr)->md_fwheads;				\
1898 	(mdio)->md_fwsectors = (mdr)->md_fwsectors;			\
1899 } while(0)
1900 
1901 static int
1902 mdctlioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
1903     struct thread *td)
1904 {
1905 	struct md_req mdr;
1906 	int error;
1907 
1908 	if (md_debug)
1909 		printf("mdctlioctl(%s %lx %p %x %p)\n",
1910 			devtoname(dev), cmd, addr, flags, td);
1911 
1912 	bzero(&mdr, sizeof(mdr));
1913 	switch (cmd) {
1914 	case MDIOCATTACH:
1915 	case MDIOCDETACH:
1916 	case MDIOCRESIZE:
1917 	case MDIOCQUERY: {
1918 		struct md_ioctl *mdio = (struct md_ioctl *)addr;
1919 		if (mdio->md_version != MDIOVERSION)
1920 			return (EINVAL);
1921 		MD_IOCTL2REQ(mdio, &mdr);
1922 		mdr.md_file = mdio->md_file;
1923 		mdr.md_file_seg = UIO_USERSPACE;
1924 		/* If the file is adjacent to the md_ioctl it's in kernel. */
1925 		if ((void *)mdio->md_file == (void *)(mdio + 1))
1926 			mdr.md_file_seg = UIO_SYSSPACE;
1927 		mdr.md_label = mdio->md_label;
1928 		break;
1929 	}
1930 #ifdef COMPAT_FREEBSD32
1931 	case MDIOCATTACH_32:
1932 	case MDIOCDETACH_32:
1933 	case MDIOCRESIZE_32:
1934 	case MDIOCQUERY_32: {
1935 		struct md_ioctl32 *mdio = (struct md_ioctl32 *)addr;
1936 		if (mdio->md_version != MDIOVERSION)
1937 			return (EINVAL);
1938 		MD_IOCTL2REQ(mdio, &mdr);
1939 		mdr.md_file = (void *)(uintptr_t)mdio->md_file;
1940 		mdr.md_file_seg = UIO_USERSPACE;
1941 		mdr.md_label = (void *)(uintptr_t)mdio->md_label;
1942 		break;
1943 	}
1944 #endif
1945 	default:
1946 		/* Fall through to handler switch. */
1947 		break;
1948 	}
1949 
1950 	error = 0;
1951 	switch (cmd) {
1952 	case MDIOCATTACH:
1953 #ifdef COMPAT_FREEBSD32
1954 	case MDIOCATTACH_32:
1955 #endif
1956 		error = kern_mdattach(td, &mdr);
1957 		break;
1958 	case MDIOCDETACH:
1959 #ifdef COMPAT_FREEBSD32
1960 	case MDIOCDETACH_32:
1961 #endif
1962 		error = kern_mddetach(td, &mdr);
1963 		break;
1964 	case MDIOCRESIZE:
1965 #ifdef COMPAT_FREEBSD32
1966 	case MDIOCRESIZE_32:
1967 #endif
1968 		error = kern_mdresize(&mdr);
1969 		break;
1970 	case MDIOCQUERY:
1971 #ifdef COMPAT_FREEBSD32
1972 	case MDIOCQUERY_32:
1973 #endif
1974 		error = kern_mdquery(&mdr);
1975 		break;
1976 	default:
1977 		error = ENOIOCTL;
1978 	}
1979 
1980 	switch (cmd) {
1981 	case MDIOCATTACH:
1982 	case MDIOCQUERY: {
1983 		struct md_ioctl *mdio = (struct md_ioctl *)addr;
1984 		MD_REQ2IOCTL(&mdr, mdio);
1985 		break;
1986 	}
1987 #ifdef COMPAT_FREEBSD32
1988 	case MDIOCATTACH_32:
1989 	case MDIOCQUERY_32: {
1990 		struct md_ioctl32 *mdio = (struct md_ioctl32 *)addr;
1991 		MD_REQ2IOCTL(&mdr, mdio);
1992 		break;
1993 	}
1994 #endif
1995 	default:
1996 		/* Other commands to not alter mdr. */
1997 		break;
1998 	}
1999 
2000 	return (error);
2001 }
2002 
2003 static void
2004 md_preloaded(u_char *image, size_t length, const char *name)
2005 {
2006 	struct md_s *sc;
2007 	int error;
2008 
2009 	sc = mdnew(-1, &error, MD_PRELOAD);
2010 	if (sc == NULL)
2011 		return;
2012 	sc->mediasize = length;
2013 	sc->sectorsize = DEV_BSIZE;
2014 	sc->pl_ptr = image;
2015 	sc->pl_len = length;
2016 	sc->start = mdstart_preload;
2017 	if (name != NULL)
2018 		strlcpy(sc->file, name, sizeof(sc->file));
2019 #ifdef MD_ROOT
2020 	if (sc->unit == 0) {
2021 #ifndef ROOTDEVNAME
2022 		rootdevnames[0] = MD_ROOT_FSTYPE ":/dev/md0";
2023 #endif
2024 #ifdef MD_ROOT_READONLY
2025 		sc->flags |= MD_READONLY;
2026 #endif
2027 	}
2028 #endif
2029 	mdinit(sc);
2030 	if (name != NULL) {
2031 		printf("%s%d: Preloaded image <%s> %zd bytes at %p\n",
2032 		    MD_NAME, sc->unit, name, length, image);
2033 	} else {
2034 		printf("%s%d: Embedded image %zd bytes at %p\n",
2035 		    MD_NAME, sc->unit, length, image);
2036 	}
2037 }
2038 
2039 static void
2040 g_md_init(struct g_class *mp __unused)
2041 {
2042 	caddr_t mod;
2043 	u_char *ptr, *name, *type;
2044 	unsigned len;
2045 	int i;
2046 
2047 	/* figure out log2(NINDIR) */
2048 	for (i = NINDIR, nshift = -1; i; nshift++)
2049 		i >>= 1;
2050 
2051 	mod = NULL;
2052 	sx_init(&md_sx, "MD config lock");
2053 	g_topology_unlock();
2054 	md_uh = new_unrhdr(0, INT_MAX, NULL);
2055 #ifdef MD_ROOT
2056 	if (mfs_root_size != 0) {
2057 		sx_xlock(&md_sx);
2058 #ifdef MD_ROOT_MEM
2059 		md_preloaded(mfs_root, mfs_root_size, NULL);
2060 #else
2061 		md_preloaded(__DEVOLATILE(u_char *, &mfs_root), mfs_root_size,
2062 		    NULL);
2063 #endif
2064 		sx_xunlock(&md_sx);
2065 	}
2066 #endif
2067 	/* XXX: are preload_* static or do they need Giant ? */
2068 	while ((mod = preload_search_next_name(mod)) != NULL) {
2069 		name = (char *)preload_search_info(mod, MODINFO_NAME);
2070 		if (name == NULL)
2071 			continue;
2072 		type = (char *)preload_search_info(mod, MODINFO_TYPE);
2073 		if (type == NULL)
2074 			continue;
2075 		if (strcmp(type, "md_image") && strcmp(type, "mfs_root"))
2076 			continue;
2077 		ptr = preload_fetch_addr(mod);
2078 		len = preload_fetch_size(mod);
2079 		if (ptr != NULL && len != 0) {
2080 			sx_xlock(&md_sx);
2081 			md_preloaded(ptr, len, name);
2082 			sx_xunlock(&md_sx);
2083 		}
2084 	}
2085 	status_dev = make_dev(&mdctl_cdevsw, INT_MAX, UID_ROOT, GID_WHEEL,
2086 	    0600, MDCTL_NAME);
2087 	g_topology_lock();
2088 }
2089 
2090 static void
2091 g_md_dumpconf(struct sbuf *sb, const char *indent, struct g_geom *gp,
2092     struct g_consumer *cp __unused, struct g_provider *pp)
2093 {
2094 	struct md_s *mp;
2095 	char *type;
2096 
2097 	mp = gp->softc;
2098 	if (mp == NULL)
2099 		return;
2100 
2101 	switch (mp->type) {
2102 	case MD_MALLOC:
2103 		type = "malloc";
2104 		break;
2105 	case MD_PRELOAD:
2106 		type = "preload";
2107 		break;
2108 	case MD_VNODE:
2109 		type = "vnode";
2110 		break;
2111 	case MD_SWAP:
2112 		type = "swap";
2113 		break;
2114 	case MD_NULL:
2115 		type = "null";
2116 		break;
2117 	default:
2118 		type = "unknown";
2119 		break;
2120 	}
2121 
2122 	if (pp != NULL) {
2123 		if (indent == NULL) {
2124 			sbuf_printf(sb, " u %d", mp->unit);
2125 			sbuf_printf(sb, " s %ju", (uintmax_t) mp->sectorsize);
2126 			sbuf_printf(sb, " f %ju", (uintmax_t) mp->fwheads);
2127 			sbuf_printf(sb, " fs %ju", (uintmax_t) mp->fwsectors);
2128 			sbuf_printf(sb, " l %ju", (uintmax_t) mp->mediasize);
2129 			sbuf_printf(sb, " t %s", type);
2130 			if ((mp->type == MD_VNODE && mp->vnode != NULL) ||
2131 			    (mp->type == MD_PRELOAD && mp->file[0] != '\0'))
2132 				sbuf_printf(sb, " file %s", mp->file);
2133 			sbuf_printf(sb, " label %s", mp->label);
2134 		} else {
2135 			sbuf_printf(sb, "%s<unit>%d</unit>\n", indent,
2136 			    mp->unit);
2137 			sbuf_printf(sb, "%s<sectorsize>%ju</sectorsize>\n",
2138 			    indent, (uintmax_t) mp->sectorsize);
2139 			sbuf_printf(sb, "%s<fwheads>%ju</fwheads>\n",
2140 			    indent, (uintmax_t) mp->fwheads);
2141 			sbuf_printf(sb, "%s<fwsectors>%ju</fwsectors>\n",
2142 			    indent, (uintmax_t) mp->fwsectors);
2143 			if (mp->ident[0] != '\0') {
2144 				sbuf_printf(sb, "%s<ident>", indent);
2145 				g_conf_printf_escaped(sb, "%s", mp->ident);
2146 				sbuf_printf(sb, "</ident>\n");
2147 			}
2148 			sbuf_printf(sb, "%s<length>%ju</length>\n",
2149 			    indent, (uintmax_t) mp->mediasize);
2150 			sbuf_printf(sb, "%s<compression>%s</compression>\n", indent,
2151 			    (mp->flags & MD_COMPRESS) == 0 ? "off": "on");
2152 			sbuf_printf(sb, "%s<access>%s</access>\n", indent,
2153 			    (mp->flags & MD_READONLY) == 0 ? "read-write":
2154 			    "read-only");
2155 			sbuf_printf(sb, "%s<type>%s</type>\n", indent,
2156 			    type);
2157 			if ((mp->type == MD_VNODE && mp->vnode != NULL) ||
2158 			    (mp->type == MD_PRELOAD && mp->file[0] != '\0')) {
2159 				sbuf_printf(sb, "%s<file>", indent);
2160 				g_conf_printf_escaped(sb, "%s", mp->file);
2161 				sbuf_printf(sb, "</file>\n");
2162 			}
2163 			if (mp->type == MD_VNODE)
2164 				sbuf_printf(sb, "%s<cache>%s</cache>\n", indent,
2165 				    (mp->flags & MD_CACHE) == 0 ? "off": "on");
2166 			sbuf_printf(sb, "%s<label>", indent);
2167 			g_conf_printf_escaped(sb, "%s", mp->label);
2168 			sbuf_printf(sb, "</label>\n");
2169 		}
2170 	}
2171 }
2172 
2173 static void
2174 g_md_fini(struct g_class *mp __unused)
2175 {
2176 
2177 	sx_destroy(&md_sx);
2178 	if (status_dev != NULL)
2179 		destroy_dev(status_dev);
2180 	delete_unrhdr(md_uh);
2181 }
2182