xref: /freebsd/sys/dev/md/md.c (revision e6bfd18d21b225af6a0ed67ceeaf1293b7b9eba5)
1 /*-
2  * SPDX-License-Identifier: (Beerware AND BSD-3-Clause)
3  *
4  * ----------------------------------------------------------------------------
5  * "THE BEER-WARE LICENSE" (Revision 42):
6  * <phk@FreeBSD.ORG> wrote this file.  As long as you retain this notice you
7  * can do whatever you want with this stuff. If we meet some day, and you think
8  * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
9  * ----------------------------------------------------------------------------
10  *
11  * $FreeBSD$
12  *
13  */
14 
15 /*-
16  * The following functions are based on the vn(4) driver: mdstart_swap(),
17  * mdstart_vnode(), mdcreate_swap(), mdcreate_vnode() and mddestroy(),
18  * and as such under the following copyright:
19  *
20  * Copyright (c) 1988 University of Utah.
21  * Copyright (c) 1990, 1993
22  *	The Regents of the University of California.  All rights reserved.
23  * Copyright (c) 2013 The FreeBSD Foundation
24  * All rights reserved.
25  *
26  * This code is derived from software contributed to Berkeley by
27  * the Systems Programming Group of the University of Utah Computer
28  * Science Department.
29  *
30  * Portions of this software were developed by Konstantin Belousov
31  * under sponsorship from the FreeBSD Foundation.
32  *
33  * Redistribution and use in source and binary forms, with or without
34  * modification, are permitted provided that the following conditions
35  * are met:
36  * 1. Redistributions of source code must retain the above copyright
37  *    notice, this list of conditions and the following disclaimer.
38  * 2. Redistributions in binary form must reproduce the above copyright
39  *    notice, this list of conditions and the following disclaimer in the
40  *    documentation and/or other materials provided with the distribution.
41  * 3. Neither the name of the University nor the names of its contributors
42  *    may be used to endorse or promote products derived from this software
43  *    without specific prior written permission.
44  *
45  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
46  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
49  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55  * SUCH DAMAGE.
56  *
57  * from: Utah Hdr: vn.c 1.13 94/04/02
58  *
59  *	from: @(#)vn.c	8.6 (Berkeley) 4/1/94
60  * From: src/sys/dev/vn/vn.c,v 1.122 2000/12/16 16:06:03
61  */
62 
63 #include "opt_rootdevname.h"
64 #include "opt_geom.h"
65 #include "opt_md.h"
66 
67 #include <sys/param.h>
68 #include <sys/systm.h>
69 #include <sys/bio.h>
70 #include <sys/buf.h>
71 #include <sys/conf.h>
72 #include <sys/devicestat.h>
73 #include <sys/fcntl.h>
74 #include <sys/kernel.h>
75 #include <sys/kthread.h>
76 #include <sys/limits.h>
77 #include <sys/linker.h>
78 #include <sys/lock.h>
79 #include <sys/malloc.h>
80 #include <sys/mdioctl.h>
81 #include <sys/mount.h>
82 #include <sys/mutex.h>
83 #include <sys/sx.h>
84 #include <sys/namei.h>
85 #include <sys/proc.h>
86 #include <sys/queue.h>
87 #include <sys/rwlock.h>
88 #include <sys/sbuf.h>
89 #include <sys/sched.h>
90 #include <sys/sf_buf.h>
91 #include <sys/sysctl.h>
92 #include <sys/uio.h>
93 #include <sys/unistd.h>
94 #include <sys/vnode.h>
95 #include <sys/disk.h>
96 
97 #include <geom/geom.h>
98 #include <geom/geom_int.h>
99 
100 #include <vm/vm.h>
101 #include <vm/vm_extern.h>
102 #include <vm/vm_param.h>
103 #include <vm/vm_object.h>
104 #include <vm/vm_page.h>
105 #include <vm/vm_pager.h>
106 #include <vm/swap_pager.h>
107 #include <vm/uma.h>
108 
109 #include <machine/bus.h>
110 
111 #define MD_MODVER 1
112 
113 #define MD_SHUTDOWN	0x10000		/* Tell worker thread to terminate. */
114 #define	MD_EXITING	0x20000		/* Worker thread is exiting. */
115 #define MD_PROVIDERGONE	0x40000		/* Safe to free the softc */
116 
117 #ifndef MD_NSECT
118 #define MD_NSECT (10000 * 2)
119 #endif
120 
121 struct md_req {
122 	unsigned	md_unit;	/* unit number */
123 	enum md_types	md_type;	/* type of disk */
124 	off_t		md_mediasize;	/* size of disk in bytes */
125 	unsigned	md_sectorsize;	/* sectorsize */
126 	unsigned	md_options;	/* options */
127 	int		md_fwheads;	/* firmware heads */
128 	int		md_fwsectors;	/* firmware sectors */
129 	char		*md_file;	/* pathname of file to mount */
130 	enum uio_seg	md_file_seg;	/* location of md_file */
131 	char		*md_label;	/* label of the device (userspace) */
132 	int		*md_units;	/* pointer to units array (kernel) */
133 	size_t		md_units_nitems; /* items in md_units array */
134 };
135 
136 #ifdef COMPAT_FREEBSD32
137 struct md_ioctl32 {
138 	unsigned	md_version;
139 	unsigned	md_unit;
140 	enum md_types	md_type;
141 	uint32_t	md_file;
142 	off_t		md_mediasize;
143 	unsigned	md_sectorsize;
144 	unsigned	md_options;
145 	uint64_t	md_base;
146 	int		md_fwheads;
147 	int		md_fwsectors;
148 	uint32_t	md_label;
149 	int		md_pad[MDNPAD];
150 } __attribute__((__packed__));
151 CTASSERT((sizeof(struct md_ioctl32)) == 436);
152 
153 #define	MDIOCATTACH_32	_IOC_NEWTYPE(MDIOCATTACH, struct md_ioctl32)
154 #define	MDIOCDETACH_32	_IOC_NEWTYPE(MDIOCDETACH, struct md_ioctl32)
155 #define	MDIOCQUERY_32	_IOC_NEWTYPE(MDIOCQUERY, struct md_ioctl32)
156 #define	MDIOCRESIZE_32	_IOC_NEWTYPE(MDIOCRESIZE, struct md_ioctl32)
157 #endif /* COMPAT_FREEBSD32 */
158 
159 static MALLOC_DEFINE(M_MD, "md_disk", "Memory Disk");
160 static MALLOC_DEFINE(M_MDSECT, "md_sectors", "Memory Disk Sectors");
161 
162 static int md_debug;
163 SYSCTL_INT(_debug, OID_AUTO, mddebug, CTLFLAG_RW, &md_debug, 0,
164     "Enable md(4) debug messages");
165 static int md_malloc_wait;
166 SYSCTL_INT(_vm, OID_AUTO, md_malloc_wait, CTLFLAG_RW, &md_malloc_wait, 0,
167     "Allow malloc to wait for memory allocations");
168 
169 #if defined(MD_ROOT) && !defined(MD_ROOT_FSTYPE)
170 #define	MD_ROOT_FSTYPE	"ufs"
171 #endif
172 
173 #if defined(MD_ROOT)
174 /*
175  * Preloaded image gets put here.
176  */
177 #if defined(MD_ROOT_SIZE)
178 /*
179  * We put the mfs_root symbol into the oldmfs section of the kernel object file.
180  * Applications that patch the object with the image can determine
181  * the size looking at the oldmfs section size within the kernel.
182  */
183 u_char mfs_root[MD_ROOT_SIZE*1024] __attribute__ ((section ("oldmfs")));
184 const int mfs_root_size = sizeof(mfs_root);
185 #elif defined(MD_ROOT_MEM)
186 /* MD region already mapped in the memory */
187 u_char *mfs_root;
188 int mfs_root_size;
189 #else
190 extern volatile u_char __weak_symbol mfs_root;
191 extern volatile u_char __weak_symbol mfs_root_end;
192 #define mfs_root_size ((uintptr_t)(&mfs_root_end - &mfs_root))
193 #endif
194 #endif
195 
196 static g_init_t g_md_init;
197 static g_fini_t g_md_fini;
198 static g_start_t g_md_start;
199 static g_access_t g_md_access;
200 static void g_md_dumpconf(struct sbuf *sb, const char *indent,
201     struct g_geom *gp, struct g_consumer *cp __unused, struct g_provider *pp);
202 static g_provgone_t g_md_providergone;
203 
204 static struct cdev *status_dev = NULL;
205 static struct sx md_sx;
206 static struct unrhdr *md_uh;
207 
208 static d_ioctl_t mdctlioctl;
209 
210 static struct cdevsw mdctl_cdevsw = {
211 	.d_version =	D_VERSION,
212 	.d_ioctl =	mdctlioctl,
213 	.d_name =	MD_NAME,
214 };
215 
216 struct g_class g_md_class = {
217 	.name = "MD",
218 	.version = G_VERSION,
219 	.init = g_md_init,
220 	.fini = g_md_fini,
221 	.start = g_md_start,
222 	.access = g_md_access,
223 	.dumpconf = g_md_dumpconf,
224 	.providergone = g_md_providergone,
225 };
226 
227 DECLARE_GEOM_CLASS(g_md_class, g_md);
228 MODULE_VERSION(geom_md, 0);
229 
230 static LIST_HEAD(, md_s) md_softc_list = LIST_HEAD_INITIALIZER(md_softc_list);
231 
232 #define NINDIR	(PAGE_SIZE / sizeof(uintptr_t))
233 #define NMASK	(NINDIR-1)
234 static int nshift;
235 
236 struct indir {
237 	uintptr_t	*array;
238 	u_int		total;
239 	u_int		used;
240 	u_int		shift;
241 };
242 
243 struct md_s {
244 	int unit;
245 	LIST_ENTRY(md_s) list;
246 	struct bio_queue_head bio_queue;
247 	struct mtx queue_mtx;
248 	struct cdev *dev;
249 	enum md_types type;
250 	off_t mediasize;
251 	unsigned sectorsize;
252 	unsigned opencount;
253 	unsigned fwheads;
254 	unsigned fwsectors;
255 	char ident[32];
256 	unsigned flags;
257 	char name[20];
258 	struct proc *procp;
259 	struct g_geom *gp;
260 	struct g_provider *pp;
261 	int (*start)(struct md_s *sc, struct bio *bp);
262 	struct devstat *devstat;
263 	bool candelete;
264 
265 	/* MD_MALLOC related fields */
266 	struct indir *indir;
267 	uma_zone_t uma;
268 
269 	/* MD_PRELOAD related fields */
270 	u_char *pl_ptr;
271 	size_t pl_len;
272 
273 	/* MD_VNODE related fields */
274 	struct vnode *vnode;
275 	char file[PATH_MAX];
276 	char label[PATH_MAX];
277 	struct ucred *cred;
278 	vm_offset_t kva;
279 
280 	/* MD_SWAP related fields */
281 	vm_object_t object;
282 };
283 
284 static struct indir *
285 new_indir(u_int shift)
286 {
287 	struct indir *ip;
288 
289 	ip = malloc(sizeof *ip, M_MD, (md_malloc_wait ? M_WAITOK : M_NOWAIT)
290 	    | M_ZERO);
291 	if (ip == NULL)
292 		return (NULL);
293 	ip->array = malloc(sizeof(uintptr_t) * NINDIR,
294 	    M_MDSECT, (md_malloc_wait ? M_WAITOK : M_NOWAIT) | M_ZERO);
295 	if (ip->array == NULL) {
296 		free(ip, M_MD);
297 		return (NULL);
298 	}
299 	ip->total = NINDIR;
300 	ip->shift = shift;
301 	return (ip);
302 }
303 
304 static void
305 del_indir(struct indir *ip)
306 {
307 
308 	free(ip->array, M_MDSECT);
309 	free(ip, M_MD);
310 }
311 
312 static void
313 destroy_indir(struct md_s *sc, struct indir *ip)
314 {
315 	int i;
316 
317 	for (i = 0; i < NINDIR; i++) {
318 		if (!ip->array[i])
319 			continue;
320 		if (ip->shift)
321 			destroy_indir(sc, (struct indir*)(ip->array[i]));
322 		else if (ip->array[i] > 255)
323 			uma_zfree(sc->uma, (void *)(ip->array[i]));
324 	}
325 	del_indir(ip);
326 }
327 
328 /*
329  * This function does the math and allocates the top level "indir" structure
330  * for a device of "size" sectors.
331  */
332 
333 static struct indir *
334 dimension(off_t size)
335 {
336 	off_t rcnt;
337 	struct indir *ip;
338 	int layer;
339 
340 	rcnt = size;
341 	layer = 0;
342 	while (rcnt > NINDIR) {
343 		rcnt /= NINDIR;
344 		layer++;
345 	}
346 
347 	/*
348 	 * XXX: the top layer is probably not fully populated, so we allocate
349 	 * too much space for ip->array in here.
350 	 */
351 	ip = malloc(sizeof *ip, M_MD, M_WAITOK | M_ZERO);
352 	ip->array = malloc(sizeof(uintptr_t) * NINDIR,
353 	    M_MDSECT, M_WAITOK | M_ZERO);
354 	ip->total = NINDIR;
355 	ip->shift = layer * nshift;
356 	return (ip);
357 }
358 
359 /*
360  * Read a given sector
361  */
362 
363 static uintptr_t
364 s_read(struct indir *ip, off_t offset)
365 {
366 	struct indir *cip;
367 	int idx;
368 	uintptr_t up;
369 
370 	if (md_debug > 1)
371 		printf("s_read(%jd)\n", (intmax_t)offset);
372 	up = 0;
373 	for (cip = ip; cip != NULL;) {
374 		if (cip->shift) {
375 			idx = (offset >> cip->shift) & NMASK;
376 			up = cip->array[idx];
377 			cip = (struct indir *)up;
378 			continue;
379 		}
380 		idx = offset & NMASK;
381 		return (cip->array[idx]);
382 	}
383 	return (0);
384 }
385 
386 /*
387  * Write a given sector, prune the tree if the value is 0
388  */
389 
390 static int
391 s_write(struct indir *ip, off_t offset, uintptr_t ptr)
392 {
393 	struct indir *cip, *lip[10];
394 	int idx, li;
395 	uintptr_t up;
396 
397 	if (md_debug > 1)
398 		printf("s_write(%jd, %p)\n", (intmax_t)offset, (void *)ptr);
399 	up = 0;
400 	li = 0;
401 	cip = ip;
402 	for (;;) {
403 		lip[li++] = cip;
404 		if (cip->shift) {
405 			idx = (offset >> cip->shift) & NMASK;
406 			up = cip->array[idx];
407 			if (up != 0) {
408 				cip = (struct indir *)up;
409 				continue;
410 			}
411 			/* Allocate branch */
412 			cip->array[idx] =
413 			    (uintptr_t)new_indir(cip->shift - nshift);
414 			if (cip->array[idx] == 0)
415 				return (ENOSPC);
416 			cip->used++;
417 			up = cip->array[idx];
418 			cip = (struct indir *)up;
419 			continue;
420 		}
421 		/* leafnode */
422 		idx = offset & NMASK;
423 		up = cip->array[idx];
424 		if (up != 0)
425 			cip->used--;
426 		cip->array[idx] = ptr;
427 		if (ptr != 0)
428 			cip->used++;
429 		break;
430 	}
431 	if (cip->used != 0 || li == 1)
432 		return (0);
433 	li--;
434 	while (cip->used == 0 && cip != ip) {
435 		li--;
436 		idx = (offset >> lip[li]->shift) & NMASK;
437 		up = lip[li]->array[idx];
438 		KASSERT(up == (uintptr_t)cip, ("md screwed up"));
439 		del_indir(cip);
440 		lip[li]->array[idx] = 0;
441 		lip[li]->used--;
442 		cip = lip[li];
443 	}
444 	return (0);
445 }
446 
447 static int
448 g_md_access(struct g_provider *pp, int r, int w, int e)
449 {
450 	struct md_s *sc;
451 
452 	sc = pp->geom->softc;
453 	if (sc == NULL) {
454 		if (r <= 0 && w <= 0 && e <= 0)
455 			return (0);
456 		return (ENXIO);
457 	}
458 	r += pp->acr;
459 	w += pp->acw;
460 	e += pp->ace;
461 	if ((sc->flags & MD_READONLY) != 0 && w > 0)
462 		return (EROFS);
463 	if ((pp->acr + pp->acw + pp->ace) == 0 && (r + w + e) > 0) {
464 		sc->opencount = 1;
465 	} else if ((pp->acr + pp->acw + pp->ace) > 0 && (r + w + e) == 0) {
466 		sc->opencount = 0;
467 	}
468 	return (0);
469 }
470 
471 static void
472 g_md_start(struct bio *bp)
473 {
474 	struct md_s *sc;
475 
476 	sc = bp->bio_to->geom->softc;
477 	if ((bp->bio_cmd == BIO_READ) || (bp->bio_cmd == BIO_WRITE)) {
478 		devstat_start_transaction_bio(sc->devstat, bp);
479 	}
480 	mtx_lock(&sc->queue_mtx);
481 	bioq_disksort(&sc->bio_queue, bp);
482 	wakeup(sc);
483 	mtx_unlock(&sc->queue_mtx);
484 }
485 
486 #define	MD_MALLOC_MOVE_ZERO	1
487 #define	MD_MALLOC_MOVE_FILL	2
488 #define	MD_MALLOC_MOVE_READ	3
489 #define	MD_MALLOC_MOVE_WRITE	4
490 #define	MD_MALLOC_MOVE_CMP	5
491 
492 static int
493 md_malloc_move_ma(vm_page_t **mp, int *ma_offs, unsigned sectorsize,
494     void *ptr, u_char fill, int op)
495 {
496 	struct sf_buf *sf;
497 	vm_page_t m, *mp1;
498 	char *p, first;
499 	off_t *uc;
500 	unsigned n;
501 	int error, i, ma_offs1, sz, first_read;
502 
503 	m = NULL;
504 	error = 0;
505 	sf = NULL;
506 	/* if (op == MD_MALLOC_MOVE_CMP) { gcc */
507 		first = 0;
508 		first_read = 0;
509 		uc = ptr;
510 		mp1 = *mp;
511 		ma_offs1 = *ma_offs;
512 	/* } */
513 	sched_pin();
514 	for (n = sectorsize; n != 0; n -= sz) {
515 		sz = imin(PAGE_SIZE - *ma_offs, n);
516 		if (m != **mp) {
517 			if (sf != NULL)
518 				sf_buf_free(sf);
519 			m = **mp;
520 			sf = sf_buf_alloc(m, SFB_CPUPRIVATE |
521 			    (md_malloc_wait ? 0 : SFB_NOWAIT));
522 			if (sf == NULL) {
523 				error = ENOMEM;
524 				break;
525 			}
526 		}
527 		p = (char *)sf_buf_kva(sf) + *ma_offs;
528 		switch (op) {
529 		case MD_MALLOC_MOVE_ZERO:
530 			bzero(p, sz);
531 			break;
532 		case MD_MALLOC_MOVE_FILL:
533 			memset(p, fill, sz);
534 			break;
535 		case MD_MALLOC_MOVE_READ:
536 			bcopy(ptr, p, sz);
537 			cpu_flush_dcache(p, sz);
538 			break;
539 		case MD_MALLOC_MOVE_WRITE:
540 			bcopy(p, ptr, sz);
541 			break;
542 		case MD_MALLOC_MOVE_CMP:
543 			for (i = 0; i < sz; i++, p++) {
544 				if (!first_read) {
545 					*uc = (u_char)*p;
546 					first = *p;
547 					first_read = 1;
548 				} else if (*p != first) {
549 					error = EDOOFUS;
550 					break;
551 				}
552 			}
553 			break;
554 		default:
555 			KASSERT(0, ("md_malloc_move_ma unknown op %d\n", op));
556 			break;
557 		}
558 		if (error != 0)
559 			break;
560 		*ma_offs += sz;
561 		*ma_offs %= PAGE_SIZE;
562 		if (*ma_offs == 0)
563 			(*mp)++;
564 		ptr = (char *)ptr + sz;
565 	}
566 
567 	if (sf != NULL)
568 		sf_buf_free(sf);
569 	sched_unpin();
570 	if (op == MD_MALLOC_MOVE_CMP && error != 0) {
571 		*mp = mp1;
572 		*ma_offs = ma_offs1;
573 	}
574 	return (error);
575 }
576 
577 static int
578 md_malloc_move_vlist(bus_dma_segment_t **pvlist, int *pma_offs,
579     unsigned len, void *ptr, u_char fill, int op)
580 {
581 	bus_dma_segment_t *vlist;
582 	uint8_t *p, *end, first;
583 	off_t *uc;
584 	int ma_offs, seg_len;
585 
586 	vlist = *pvlist;
587 	ma_offs = *pma_offs;
588 	uc = ptr;
589 
590 	for (; len != 0; len -= seg_len) {
591 		seg_len = imin(vlist->ds_len - ma_offs, len);
592 		p = (uint8_t *)(uintptr_t)vlist->ds_addr + ma_offs;
593 		switch (op) {
594 		case MD_MALLOC_MOVE_ZERO:
595 			bzero(p, seg_len);
596 			break;
597 		case MD_MALLOC_MOVE_FILL:
598 			memset(p, fill, seg_len);
599 			break;
600 		case MD_MALLOC_MOVE_READ:
601 			bcopy(ptr, p, seg_len);
602 			cpu_flush_dcache(p, seg_len);
603 			break;
604 		case MD_MALLOC_MOVE_WRITE:
605 			bcopy(p, ptr, seg_len);
606 			break;
607 		case MD_MALLOC_MOVE_CMP:
608 			end = p + seg_len;
609 			first = *uc = *p;
610 			/* Confirm all following bytes match the first */
611 			while (++p < end) {
612 				if (*p != first)
613 					return (EDOOFUS);
614 			}
615 			break;
616 		default:
617 			KASSERT(0, ("md_malloc_move_vlist unknown op %d\n", op));
618 			break;
619 		}
620 
621 		ma_offs += seg_len;
622 		if (ma_offs == vlist->ds_len) {
623 			ma_offs = 0;
624 			vlist++;
625 		}
626 		ptr = (uint8_t *)ptr + seg_len;
627 	}
628 	*pvlist = vlist;
629 	*pma_offs = ma_offs;
630 
631 	return (0);
632 }
633 
634 static int
635 mdstart_malloc(struct md_s *sc, struct bio *bp)
636 {
637 	u_char *dst;
638 	vm_page_t *m;
639 	bus_dma_segment_t *vlist;
640 	int i, error, error1, ma_offs, notmapped;
641 	off_t secno, nsec, uc;
642 	uintptr_t sp, osp;
643 
644 	switch (bp->bio_cmd) {
645 	case BIO_READ:
646 	case BIO_WRITE:
647 	case BIO_DELETE:
648 		break;
649 	case BIO_FLUSH:
650 		return (0);
651 	default:
652 		return (EOPNOTSUPP);
653 	}
654 
655 	notmapped = (bp->bio_flags & BIO_UNMAPPED) != 0;
656 	vlist = (bp->bio_flags & BIO_VLIST) != 0 ?
657 	    (bus_dma_segment_t *)bp->bio_data : NULL;
658 	if (notmapped) {
659 		m = bp->bio_ma;
660 		ma_offs = bp->bio_ma_offset;
661 		dst = NULL;
662 		KASSERT(vlist == NULL, ("vlists cannot be unmapped"));
663 	} else if (vlist != NULL) {
664 		ma_offs = bp->bio_ma_offset;
665 		dst = NULL;
666 	} else {
667 		dst = bp->bio_data;
668 	}
669 
670 	nsec = bp->bio_length / sc->sectorsize;
671 	secno = bp->bio_offset / sc->sectorsize;
672 	error = 0;
673 	while (nsec--) {
674 		osp = s_read(sc->indir, secno);
675 		if (bp->bio_cmd == BIO_DELETE) {
676 			if (osp != 0)
677 				error = s_write(sc->indir, secno, 0);
678 		} else if (bp->bio_cmd == BIO_READ) {
679 			if (osp == 0) {
680 				if (notmapped) {
681 					error = md_malloc_move_ma(&m, &ma_offs,
682 					    sc->sectorsize, NULL, 0,
683 					    MD_MALLOC_MOVE_ZERO);
684 				} else if (vlist != NULL) {
685 					error = md_malloc_move_vlist(&vlist,
686 					    &ma_offs, sc->sectorsize, NULL, 0,
687 					    MD_MALLOC_MOVE_ZERO);
688 				} else
689 					bzero(dst, sc->sectorsize);
690 			} else if (osp <= 255) {
691 				if (notmapped) {
692 					error = md_malloc_move_ma(&m, &ma_offs,
693 					    sc->sectorsize, NULL, osp,
694 					    MD_MALLOC_MOVE_FILL);
695 				} else if (vlist != NULL) {
696 					error = md_malloc_move_vlist(&vlist,
697 					    &ma_offs, sc->sectorsize, NULL, osp,
698 					    MD_MALLOC_MOVE_FILL);
699 				} else
700 					memset(dst, osp, sc->sectorsize);
701 			} else {
702 				if (notmapped) {
703 					error = md_malloc_move_ma(&m, &ma_offs,
704 					    sc->sectorsize, (void *)osp, 0,
705 					    MD_MALLOC_MOVE_READ);
706 				} else if (vlist != NULL) {
707 					error = md_malloc_move_vlist(&vlist,
708 					    &ma_offs, sc->sectorsize,
709 					    (void *)osp, 0,
710 					    MD_MALLOC_MOVE_READ);
711 				} else {
712 					bcopy((void *)osp, dst, sc->sectorsize);
713 					cpu_flush_dcache(dst, sc->sectorsize);
714 				}
715 			}
716 			osp = 0;
717 		} else if (bp->bio_cmd == BIO_WRITE) {
718 			if (sc->flags & MD_COMPRESS) {
719 				if (notmapped) {
720 					error1 = md_malloc_move_ma(&m, &ma_offs,
721 					    sc->sectorsize, &uc, 0,
722 					    MD_MALLOC_MOVE_CMP);
723 					i = error1 == 0 ? sc->sectorsize : 0;
724 				} else if (vlist != NULL) {
725 					error1 = md_malloc_move_vlist(&vlist,
726 					    &ma_offs, sc->sectorsize, &uc, 0,
727 					    MD_MALLOC_MOVE_CMP);
728 					i = error1 == 0 ? sc->sectorsize : 0;
729 				} else {
730 					uc = dst[0];
731 					for (i = 1; i < sc->sectorsize; i++) {
732 						if (dst[i] != uc)
733 							break;
734 					}
735 				}
736 			} else {
737 				i = 0;
738 				uc = 0;
739 			}
740 			if (i == sc->sectorsize) {
741 				if (osp != uc)
742 					error = s_write(sc->indir, secno, uc);
743 			} else {
744 				if (osp <= 255) {
745 					sp = (uintptr_t)uma_zalloc(sc->uma,
746 					    md_malloc_wait ? M_WAITOK :
747 					    M_NOWAIT);
748 					if (sp == 0) {
749 						error = ENOSPC;
750 						break;
751 					}
752 					if (notmapped) {
753 						error = md_malloc_move_ma(&m,
754 						    &ma_offs, sc->sectorsize,
755 						    (void *)sp, 0,
756 						    MD_MALLOC_MOVE_WRITE);
757 					} else if (vlist != NULL) {
758 						error = md_malloc_move_vlist(
759 						    &vlist, &ma_offs,
760 						    sc->sectorsize, (void *)sp,
761 						    0, MD_MALLOC_MOVE_WRITE);
762 					} else {
763 						bcopy(dst, (void *)sp,
764 						    sc->sectorsize);
765 					}
766 					error = s_write(sc->indir, secno, sp);
767 				} else {
768 					if (notmapped) {
769 						error = md_malloc_move_ma(&m,
770 						    &ma_offs, sc->sectorsize,
771 						    (void *)osp, 0,
772 						    MD_MALLOC_MOVE_WRITE);
773 					} else if (vlist != NULL) {
774 						error = md_malloc_move_vlist(
775 						    &vlist, &ma_offs,
776 						    sc->sectorsize, (void *)osp,
777 						    0, MD_MALLOC_MOVE_WRITE);
778 					} else {
779 						bcopy(dst, (void *)osp,
780 						    sc->sectorsize);
781 					}
782 					osp = 0;
783 				}
784 			}
785 		} else {
786 			error = EOPNOTSUPP;
787 		}
788 		if (osp > 255)
789 			uma_zfree(sc->uma, (void*)osp);
790 		if (error != 0)
791 			break;
792 		secno++;
793 		if (!notmapped && vlist == NULL)
794 			dst += sc->sectorsize;
795 	}
796 	bp->bio_resid = 0;
797 	return (error);
798 }
799 
800 static void
801 mdcopyto_vlist(void *src, bus_dma_segment_t *vlist, off_t offset, off_t len)
802 {
803 	off_t seg_len;
804 
805 	while (offset >= vlist->ds_len) {
806 		offset -= vlist->ds_len;
807 		vlist++;
808 	}
809 
810 	while (len != 0) {
811 		seg_len = omin(len, vlist->ds_len - offset);
812 		bcopy(src, (void *)(uintptr_t)(vlist->ds_addr + offset),
813 		    seg_len);
814 		offset = 0;
815 		src = (uint8_t *)src + seg_len;
816 		len -= seg_len;
817 		vlist++;
818 	}
819 }
820 
821 static void
822 mdcopyfrom_vlist(bus_dma_segment_t *vlist, off_t offset, void *dst, off_t len)
823 {
824 	off_t seg_len;
825 
826 	while (offset >= vlist->ds_len) {
827 		offset -= vlist->ds_len;
828 		vlist++;
829 	}
830 
831 	while (len != 0) {
832 		seg_len = omin(len, vlist->ds_len - offset);
833 		bcopy((void *)(uintptr_t)(vlist->ds_addr + offset), dst,
834 		    seg_len);
835 		offset = 0;
836 		dst = (uint8_t *)dst + seg_len;
837 		len -= seg_len;
838 		vlist++;
839 	}
840 }
841 
842 static int
843 mdstart_preload(struct md_s *sc, struct bio *bp)
844 {
845 	uint8_t *p;
846 
847 	p = sc->pl_ptr + bp->bio_offset;
848 	switch (bp->bio_cmd) {
849 	case BIO_READ:
850 		if ((bp->bio_flags & BIO_VLIST) != 0) {
851 			mdcopyto_vlist(p, (bus_dma_segment_t *)bp->bio_data,
852 			    bp->bio_ma_offset, bp->bio_length);
853 		} else {
854 			bcopy(p, bp->bio_data, bp->bio_length);
855 		}
856 		cpu_flush_dcache(bp->bio_data, bp->bio_length);
857 		break;
858 	case BIO_WRITE:
859 		if ((bp->bio_flags & BIO_VLIST) != 0) {
860 			mdcopyfrom_vlist((bus_dma_segment_t *)bp->bio_data,
861 			    bp->bio_ma_offset, p, bp->bio_length);
862 		} else {
863 			bcopy(bp->bio_data, p, bp->bio_length);
864 		}
865 		break;
866 	}
867 	bp->bio_resid = 0;
868 	return (0);
869 }
870 
871 static int
872 mdstart_vnode(struct md_s *sc, struct bio *bp)
873 {
874 	int error;
875 	struct uio auio;
876 	struct iovec aiov;
877 	struct iovec *piov;
878 	struct mount *mp;
879 	struct vnode *vp;
880 	bus_dma_segment_t *vlist;
881 	struct thread *td;
882 	off_t iolen, iostart, off, len;
883 	int ma_offs, npages;
884 	bool mapped;
885 
886 	switch (bp->bio_cmd) {
887 	case BIO_READ:
888 		auio.uio_rw = UIO_READ;
889 		break;
890 	case BIO_WRITE:
891 		auio.uio_rw = UIO_WRITE;
892 		break;
893 	case BIO_FLUSH:
894 		break;
895 	case BIO_DELETE:
896 		if (sc->candelete)
897 			break;
898 		/* FALLTHROUGH */
899 	default:
900 		return (EOPNOTSUPP);
901 	}
902 
903 	td = curthread;
904 	vp = sc->vnode;
905 	piov = NULL;
906 	ma_offs = bp->bio_ma_offset;
907 	off = bp->bio_offset;
908 	len = bp->bio_length;
909 	mapped = false;
910 
911 	/*
912 	 * VNODE I/O
913 	 *
914 	 * If an error occurs, we set BIO_ERROR but we do not set
915 	 * B_INVAL because (for a write anyway), the buffer is
916 	 * still valid.
917 	 */
918 
919 	if (bp->bio_cmd == BIO_FLUSH) {
920 		do {
921 			(void)vn_start_write(vp, &mp, V_WAIT);
922 			vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
923 			error = VOP_FSYNC(vp, MNT_WAIT, td);
924 			VOP_UNLOCK(vp);
925 			vn_finished_write(mp);
926 		} while (error == ERELOOKUP);
927 		return (error);
928 	} else if (bp->bio_cmd == BIO_DELETE) {
929 		error = vn_deallocate(vp, &off, &len, 0,
930 		    sc->flags & MD_ASYNC ? 0 : IO_SYNC, sc->cred, NOCRED);
931 		bp->bio_resid = len;
932 		return (error);
933 	}
934 
935 	auio.uio_offset = (vm_ooffset_t)bp->bio_offset;
936 	auio.uio_resid = bp->bio_length;
937 	auio.uio_segflg = UIO_SYSSPACE;
938 	auio.uio_td = td;
939 
940 	if ((bp->bio_flags & BIO_VLIST) != 0) {
941 		piov = malloc(sizeof(*piov) * bp->bio_ma_n, M_MD, M_WAITOK);
942 		auio.uio_iov = piov;
943 		vlist = (bus_dma_segment_t *)bp->bio_data;
944 		while (len > 0) {
945 			piov->iov_base = (void *)(uintptr_t)(vlist->ds_addr +
946 			    ma_offs);
947 			piov->iov_len = vlist->ds_len - ma_offs;
948 			if (piov->iov_len > len)
949 				piov->iov_len = len;
950 			len -= piov->iov_len;
951 			ma_offs = 0;
952 			vlist++;
953 			piov++;
954 		}
955 		auio.uio_iovcnt = piov - auio.uio_iov;
956 		piov = auio.uio_iov;
957 	} else if ((bp->bio_flags & BIO_UNMAPPED) != 0) {
958 		bp->bio_resid = len;
959 unmapped_step:
960 		npages = atop(min(maxphys, round_page(len + (ma_offs &
961 		    PAGE_MASK))));
962 		iolen = min(ptoa(npages) - (ma_offs & PAGE_MASK), len);
963 		KASSERT(iolen > 0, ("zero iolen"));
964 		KASSERT(npages <= atop(MAXPHYS + PAGE_SIZE),
965 		    ("npages %d too large", npages));
966 		pmap_qenter(sc->kva, &bp->bio_ma[atop(ma_offs)], npages);
967 		aiov.iov_base = (void *)(sc->kva + (ma_offs & PAGE_MASK));
968 		aiov.iov_len = iolen;
969 		auio.uio_iov = &aiov;
970 		auio.uio_iovcnt = 1;
971 		auio.uio_resid = iolen;
972 		mapped = true;
973 	} else {
974 		aiov.iov_base = bp->bio_data;
975 		aiov.iov_len = bp->bio_length;
976 		auio.uio_iov = &aiov;
977 		auio.uio_iovcnt = 1;
978 	}
979 	iostart = auio.uio_offset;
980 	if (auio.uio_rw == UIO_READ) {
981 		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
982 		error = VOP_READ(vp, &auio, 0, sc->cred);
983 		VOP_UNLOCK(vp);
984 	} else {
985 		(void) vn_start_write(vp, &mp, V_WAIT);
986 		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
987 		error = VOP_WRITE(vp, &auio, sc->flags & MD_ASYNC ? 0 : IO_SYNC,
988 		    sc->cred);
989 		VOP_UNLOCK(vp);
990 		vn_finished_write(mp);
991 		if (error == 0)
992 			sc->flags &= ~MD_VERIFY;
993 	}
994 
995 	/* When MD_CACHE is set, try to avoid double-caching the data. */
996 	if (error == 0 && (sc->flags & MD_CACHE) == 0)
997 		VOP_ADVISE(vp, iostart, auio.uio_offset - 1,
998 		    POSIX_FADV_DONTNEED);
999 
1000 	if (mapped) {
1001 		pmap_qremove(sc->kva, npages);
1002 		if (error == 0) {
1003 			len -= iolen;
1004 			bp->bio_resid -= iolen;
1005 			ma_offs += iolen;
1006 			if (len > 0)
1007 				goto unmapped_step;
1008 		}
1009 	} else {
1010 		bp->bio_resid = auio.uio_resid;
1011 	}
1012 
1013 	free(piov, M_MD);
1014 	return (error);
1015 }
1016 
1017 static int
1018 mdstart_swap(struct md_s *sc, struct bio *bp)
1019 {
1020 	vm_page_t m;
1021 	u_char *p;
1022 	vm_pindex_t i, lastp;
1023 	bus_dma_segment_t *vlist;
1024 	int rv, ma_offs, offs, len, lastend;
1025 
1026 	switch (bp->bio_cmd) {
1027 	case BIO_READ:
1028 	case BIO_WRITE:
1029 	case BIO_DELETE:
1030 		break;
1031 	case BIO_FLUSH:
1032 		return (0);
1033 	default:
1034 		return (EOPNOTSUPP);
1035 	}
1036 
1037 	p = bp->bio_data;
1038 	ma_offs = (bp->bio_flags & (BIO_UNMAPPED|BIO_VLIST)) != 0 ?
1039 	    bp->bio_ma_offset : 0;
1040 	vlist = (bp->bio_flags & BIO_VLIST) != 0 ?
1041 	    (bus_dma_segment_t *)bp->bio_data : NULL;
1042 
1043 	/*
1044 	 * offs is the offset at which to start operating on the
1045 	 * next (ie, first) page.  lastp is the last page on
1046 	 * which we're going to operate.  lastend is the ending
1047 	 * position within that last page (ie, PAGE_SIZE if
1048 	 * we're operating on complete aligned pages).
1049 	 */
1050 	offs = bp->bio_offset % PAGE_SIZE;
1051 	lastp = (bp->bio_offset + bp->bio_length - 1) / PAGE_SIZE;
1052 	lastend = (bp->bio_offset + bp->bio_length - 1) % PAGE_SIZE + 1;
1053 
1054 	rv = VM_PAGER_OK;
1055 	vm_object_pip_add(sc->object, 1);
1056 	for (i = bp->bio_offset / PAGE_SIZE; i <= lastp; i++) {
1057 		len = ((i == lastp) ? lastend : PAGE_SIZE) - offs;
1058 		m = vm_page_grab_unlocked(sc->object, i, VM_ALLOC_SYSTEM);
1059 		if (bp->bio_cmd == BIO_READ) {
1060 			if (vm_page_all_valid(m))
1061 				rv = VM_PAGER_OK;
1062 			else
1063 				rv = vm_pager_get_pages(sc->object, &m, 1,
1064 				    NULL, NULL);
1065 			if (rv == VM_PAGER_ERROR) {
1066 				VM_OBJECT_WLOCK(sc->object);
1067 				vm_page_free(m);
1068 				VM_OBJECT_WUNLOCK(sc->object);
1069 				break;
1070 			} else if (rv == VM_PAGER_FAIL) {
1071 				/*
1072 				 * Pager does not have the page.  Zero
1073 				 * the allocated page, and mark it as
1074 				 * valid. Do not set dirty, the page
1075 				 * can be recreated if thrown out.
1076 				 */
1077 				pmap_zero_page(m);
1078 				vm_page_valid(m);
1079 			}
1080 			if ((bp->bio_flags & BIO_UNMAPPED) != 0) {
1081 				pmap_copy_pages(&m, offs, bp->bio_ma,
1082 				    ma_offs, len);
1083 			} else if ((bp->bio_flags & BIO_VLIST) != 0) {
1084 				physcopyout_vlist(VM_PAGE_TO_PHYS(m) + offs,
1085 				    vlist, ma_offs, len);
1086 				cpu_flush_dcache(p, len);
1087 			} else {
1088 				physcopyout(VM_PAGE_TO_PHYS(m) + offs, p, len);
1089 				cpu_flush_dcache(p, len);
1090 			}
1091 		} else if (bp->bio_cmd == BIO_WRITE) {
1092 			if (len == PAGE_SIZE || vm_page_all_valid(m))
1093 				rv = VM_PAGER_OK;
1094 			else
1095 				rv = vm_pager_get_pages(sc->object, &m, 1,
1096 				    NULL, NULL);
1097 			if (rv == VM_PAGER_ERROR) {
1098 				VM_OBJECT_WLOCK(sc->object);
1099 				vm_page_free(m);
1100 				VM_OBJECT_WUNLOCK(sc->object);
1101 				break;
1102 			} else if (rv == VM_PAGER_FAIL)
1103 				pmap_zero_page(m);
1104 
1105 			if ((bp->bio_flags & BIO_UNMAPPED) != 0) {
1106 				pmap_copy_pages(bp->bio_ma, ma_offs, &m,
1107 				    offs, len);
1108 			} else if ((bp->bio_flags & BIO_VLIST) != 0) {
1109 				physcopyin_vlist(vlist, ma_offs,
1110 				    VM_PAGE_TO_PHYS(m) + offs, len);
1111 			} else {
1112 				physcopyin(p, VM_PAGE_TO_PHYS(m) + offs, len);
1113 			}
1114 
1115 			vm_page_valid(m);
1116 			vm_page_set_dirty(m);
1117 		} else if (bp->bio_cmd == BIO_DELETE) {
1118 			if (len == PAGE_SIZE || vm_page_all_valid(m))
1119 				rv = VM_PAGER_OK;
1120 			else
1121 				rv = vm_pager_get_pages(sc->object, &m, 1,
1122 				    NULL, NULL);
1123 			VM_OBJECT_WLOCK(sc->object);
1124 			if (rv == VM_PAGER_ERROR) {
1125 				vm_page_free(m);
1126 				VM_OBJECT_WUNLOCK(sc->object);
1127 				break;
1128 			} else if (rv == VM_PAGER_FAIL) {
1129 				vm_page_free(m);
1130 				m = NULL;
1131 			} else {
1132 				/* Page is valid. */
1133 				if (len != PAGE_SIZE) {
1134 					pmap_zero_page_area(m, offs, len);
1135 					vm_page_set_dirty(m);
1136 				} else {
1137 					vm_pager_page_unswapped(m);
1138 					vm_page_free(m);
1139 					m = NULL;
1140 				}
1141 			}
1142 			VM_OBJECT_WUNLOCK(sc->object);
1143 		}
1144 		if (m != NULL) {
1145 			/*
1146 			 * The page may be deactivated prior to setting
1147 			 * PGA_REFERENCED, but in this case it will be
1148 			 * reactivated by the page daemon.
1149 			 */
1150 			if (vm_page_active(m))
1151 				vm_page_reference(m);
1152 			else
1153 				vm_page_activate(m);
1154 			vm_page_xunbusy(m);
1155 		}
1156 
1157 		/* Actions on further pages start at offset 0 */
1158 		p += PAGE_SIZE - offs;
1159 		offs = 0;
1160 		ma_offs += len;
1161 	}
1162 	vm_object_pip_wakeup(sc->object);
1163 	return (rv != VM_PAGER_ERROR ? 0 : ENOSPC);
1164 }
1165 
1166 static int
1167 mdstart_null(struct md_s *sc, struct bio *bp)
1168 {
1169 
1170 	switch (bp->bio_cmd) {
1171 	case BIO_READ:
1172 		bzero(bp->bio_data, bp->bio_length);
1173 		cpu_flush_dcache(bp->bio_data, bp->bio_length);
1174 		break;
1175 	case BIO_WRITE:
1176 		break;
1177 	}
1178 	bp->bio_resid = 0;
1179 	return (0);
1180 }
1181 
1182 static void
1183 md_handleattr(struct md_s *sc, struct bio *bp)
1184 {
1185 	if (sc->fwsectors && sc->fwheads &&
1186 	    (g_handleattr_int(bp, "GEOM::fwsectors", sc->fwsectors) != 0 ||
1187 	    g_handleattr_int(bp, "GEOM::fwheads", sc->fwheads) != 0))
1188 		return;
1189 	if (g_handleattr_int(bp, "GEOM::candelete", sc->candelete) != 0)
1190 		return;
1191 	if (sc->ident[0] != '\0' &&
1192 	    g_handleattr_str(bp, "GEOM::ident", sc->ident) != 0)
1193 		return;
1194 	if (g_handleattr_int(bp, "MNT::verified", (sc->flags & MD_VERIFY) != 0))
1195 		return;
1196 	g_io_deliver(bp, EOPNOTSUPP);
1197 }
1198 
1199 static void
1200 md_kthread(void *arg)
1201 {
1202 	struct md_s *sc;
1203 	struct bio *bp;
1204 	int error;
1205 
1206 	sc = arg;
1207 	thread_lock(curthread);
1208 	sched_prio(curthread, PRIBIO);
1209 	thread_unlock(curthread);
1210 	if (sc->type == MD_VNODE)
1211 		curthread->td_pflags |= TDP_NORUNNINGBUF;
1212 
1213 	for (;;) {
1214 		mtx_lock(&sc->queue_mtx);
1215 		if (sc->flags & MD_SHUTDOWN) {
1216 			sc->flags |= MD_EXITING;
1217 			mtx_unlock(&sc->queue_mtx);
1218 			kproc_exit(0);
1219 		}
1220 		bp = bioq_takefirst(&sc->bio_queue);
1221 		if (!bp) {
1222 			msleep(sc, &sc->queue_mtx, PRIBIO | PDROP, "mdwait", 0);
1223 			continue;
1224 		}
1225 		mtx_unlock(&sc->queue_mtx);
1226 		if (bp->bio_cmd == BIO_GETATTR) {
1227 			md_handleattr(sc, bp);
1228 		} else {
1229 			error = sc->start(sc, bp);
1230 			if (bp->bio_cmd == BIO_READ || bp->bio_cmd == BIO_WRITE) {
1231 				/*
1232 				 * Devstat uses (bio_bcount, bio_resid) for
1233 				 * determining the length of the completed part
1234 				 * of the i/o.  g_io_deliver() will translate
1235 				 * from bio_completed to that, but it also
1236 				 * destroys the bio so we must do our own
1237 				 * translation.
1238 				 */
1239 				bp->bio_bcount = bp->bio_length;
1240 				devstat_end_transaction_bio(sc->devstat, bp);
1241 			}
1242 			bp->bio_completed = bp->bio_length - bp->bio_resid;
1243 			g_io_deliver(bp, error);
1244 		}
1245 	}
1246 }
1247 
1248 static struct md_s *
1249 mdfind(int unit)
1250 {
1251 	struct md_s *sc;
1252 
1253 	LIST_FOREACH(sc, &md_softc_list, list) {
1254 		if (sc->unit == unit)
1255 			break;
1256 	}
1257 	return (sc);
1258 }
1259 
1260 static struct md_s *
1261 mdnew(int unit, int *errp, enum md_types type)
1262 {
1263 	struct md_s *sc;
1264 	int error;
1265 
1266 	*errp = 0;
1267 	if (unit == -1)
1268 		unit = alloc_unr(md_uh);
1269 	else
1270 		unit = alloc_unr_specific(md_uh, unit);
1271 
1272 	if (unit == -1) {
1273 		*errp = EBUSY;
1274 		return (NULL);
1275 	}
1276 
1277 	sc = malloc(sizeof(*sc), M_MD, M_WAITOK | M_ZERO);
1278 	sc->type = type;
1279 	bioq_init(&sc->bio_queue);
1280 	mtx_init(&sc->queue_mtx, "md bio queue", NULL, MTX_DEF);
1281 	sc->unit = unit;
1282 	sprintf(sc->name, "md%d", unit);
1283 	LIST_INSERT_HEAD(&md_softc_list, sc, list);
1284 	error = kproc_create(md_kthread, sc, &sc->procp, 0, 0,"%s", sc->name);
1285 	if (error == 0)
1286 		return (sc);
1287 	LIST_REMOVE(sc, list);
1288 	mtx_destroy(&sc->queue_mtx);
1289 	free_unr(md_uh, sc->unit);
1290 	free(sc, M_MD);
1291 	*errp = error;
1292 	return (NULL);
1293 }
1294 
1295 static void
1296 mdinit(struct md_s *sc)
1297 {
1298 	struct g_geom *gp;
1299 	struct g_provider *pp;
1300 
1301 	g_topology_lock();
1302 	gp = g_new_geomf(&g_md_class, "md%d", sc->unit);
1303 	gp->softc = sc;
1304 	pp = g_new_providerf(gp, "md%d", sc->unit);
1305 	devstat_remove_entry(pp->stat);
1306 	pp->stat = NULL;
1307 	pp->flags |= G_PF_DIRECT_SEND | G_PF_DIRECT_RECEIVE;
1308 	pp->mediasize = sc->mediasize;
1309 	pp->sectorsize = sc->sectorsize;
1310 	switch (sc->type) {
1311 	case MD_MALLOC:
1312 	case MD_VNODE:
1313 	case MD_SWAP:
1314 		pp->flags |= G_PF_ACCEPT_UNMAPPED;
1315 		break;
1316 	case MD_PRELOAD:
1317 	case MD_NULL:
1318 		break;
1319 	}
1320 	sc->gp = gp;
1321 	sc->pp = pp;
1322 	sc->devstat = devstat_new_entry("md", sc->unit, sc->sectorsize,
1323 	    DEVSTAT_ALL_SUPPORTED, DEVSTAT_TYPE_DIRECT, DEVSTAT_PRIORITY_MAX);
1324 	sc->devstat->id = pp;
1325 	g_error_provider(pp, 0);
1326 	g_topology_unlock();
1327 }
1328 
1329 static int
1330 mdcreate_malloc(struct md_s *sc, struct md_req *mdr)
1331 {
1332 	uintptr_t sp;
1333 	int error;
1334 	off_t u;
1335 
1336 	error = 0;
1337 	if (mdr->md_options & ~(MD_AUTOUNIT | MD_COMPRESS | MD_RESERVE))
1338 		return (EINVAL);
1339 	if (mdr->md_sectorsize != 0 && !powerof2(mdr->md_sectorsize))
1340 		return (EINVAL);
1341 	/* Compression doesn't make sense if we have reserved space */
1342 	if (mdr->md_options & MD_RESERVE)
1343 		mdr->md_options &= ~MD_COMPRESS;
1344 	if (mdr->md_fwsectors != 0)
1345 		sc->fwsectors = mdr->md_fwsectors;
1346 	if (mdr->md_fwheads != 0)
1347 		sc->fwheads = mdr->md_fwheads;
1348 	sc->flags = mdr->md_options & (MD_COMPRESS | MD_FORCE);
1349 	sc->indir = dimension(sc->mediasize / sc->sectorsize);
1350 	sc->uma = uma_zcreate(sc->name, sc->sectorsize, NULL, NULL, NULL, NULL,
1351 	    0x1ff, 0);
1352 	if (mdr->md_options & MD_RESERVE) {
1353 		off_t nsectors;
1354 
1355 		nsectors = sc->mediasize / sc->sectorsize;
1356 		for (u = 0; u < nsectors; u++) {
1357 			sp = (uintptr_t)uma_zalloc(sc->uma, (md_malloc_wait ?
1358 			    M_WAITOK : M_NOWAIT) | M_ZERO);
1359 			if (sp != 0)
1360 				error = s_write(sc->indir, u, sp);
1361 			else
1362 				error = ENOMEM;
1363 			if (error != 0)
1364 				break;
1365 		}
1366 	}
1367 	return (error);
1368 }
1369 
1370 static int
1371 mdsetcred(struct md_s *sc, struct ucred *cred)
1372 {
1373 	char *tmpbuf;
1374 	int error = 0;
1375 
1376 	/*
1377 	 * Set credits in our softc
1378 	 */
1379 
1380 	if (sc->cred)
1381 		crfree(sc->cred);
1382 	sc->cred = crhold(cred);
1383 
1384 	/*
1385 	 * Horrible kludge to establish credentials for NFS  XXX.
1386 	 */
1387 
1388 	if (sc->vnode) {
1389 		struct uio auio;
1390 		struct iovec aiov;
1391 
1392 		tmpbuf = malloc(sc->sectorsize, M_TEMP, M_WAITOK);
1393 		bzero(&auio, sizeof(auio));
1394 
1395 		aiov.iov_base = tmpbuf;
1396 		aiov.iov_len = sc->sectorsize;
1397 		auio.uio_iov = &aiov;
1398 		auio.uio_iovcnt = 1;
1399 		auio.uio_offset = 0;
1400 		auio.uio_rw = UIO_READ;
1401 		auio.uio_segflg = UIO_SYSSPACE;
1402 		auio.uio_resid = aiov.iov_len;
1403 		vn_lock(sc->vnode, LK_EXCLUSIVE | LK_RETRY);
1404 		error = VOP_READ(sc->vnode, &auio, 0, sc->cred);
1405 		VOP_UNLOCK(sc->vnode);
1406 		free(tmpbuf, M_TEMP);
1407 	}
1408 	return (error);
1409 }
1410 
1411 static int
1412 mdcreate_vnode(struct md_s *sc, struct md_req *mdr, struct thread *td)
1413 {
1414 	struct vattr vattr;
1415 	struct nameidata nd;
1416 	char *fname;
1417 	int error, flags;
1418 	long v;
1419 
1420 	fname = mdr->md_file;
1421 	if (mdr->md_file_seg == UIO_USERSPACE) {
1422 		error = copyinstr(fname, sc->file, sizeof(sc->file), NULL);
1423 		if (error != 0)
1424 			return (error);
1425 	} else if (mdr->md_file_seg == UIO_SYSSPACE)
1426 		strlcpy(sc->file, fname, sizeof(sc->file));
1427 	else
1428 		return (EDOOFUS);
1429 
1430 	/*
1431 	 * If the user specified that this is a read only device, don't
1432 	 * set the FWRITE mask before trying to open the backing store.
1433 	 */
1434 	flags = FREAD | ((mdr->md_options & MD_READONLY) ? 0 : FWRITE) \
1435 	    | ((mdr->md_options & MD_VERIFY) ? O_VERIFY : 0);
1436 	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, sc->file);
1437 	error = vn_open(&nd, &flags, 0, NULL);
1438 	if (error != 0)
1439 		return (error);
1440 	NDFREE_PNBUF(&nd);
1441 	if (nd.ni_vp->v_type != VREG) {
1442 		error = EINVAL;
1443 		goto bad;
1444 	}
1445 	error = VOP_GETATTR(nd.ni_vp, &vattr, td->td_ucred);
1446 	if (error != 0)
1447 		goto bad;
1448 	if ((mdr->md_options & MD_MUSTDEALLOC) != 0) {
1449 		error = VOP_PATHCONF(nd.ni_vp, _PC_DEALLOC_PRESENT, &v);
1450 		if (error != 0)
1451 			goto bad;
1452 		if (v == 0)
1453 			sc->candelete = false;
1454 	}
1455 	if (VOP_ISLOCKED(nd.ni_vp) != LK_EXCLUSIVE) {
1456 		vn_lock(nd.ni_vp, LK_UPGRADE | LK_RETRY);
1457 		if (VN_IS_DOOMED(nd.ni_vp)) {
1458 			/* Forced unmount. */
1459 			error = EBADF;
1460 			goto bad;
1461 		}
1462 	}
1463 	nd.ni_vp->v_vflag |= VV_MD;
1464 	VOP_UNLOCK(nd.ni_vp);
1465 
1466 	if (mdr->md_fwsectors != 0)
1467 		sc->fwsectors = mdr->md_fwsectors;
1468 	if (mdr->md_fwheads != 0)
1469 		sc->fwheads = mdr->md_fwheads;
1470 	snprintf(sc->ident, sizeof(sc->ident), "MD-DEV%ju-INO%ju",
1471 	    (uintmax_t)vattr.va_fsid, (uintmax_t)vattr.va_fileid);
1472 	sc->flags = mdr->md_options & (MD_ASYNC | MD_CACHE | MD_FORCE |
1473 	    MD_VERIFY);
1474 	if (!(flags & FWRITE))
1475 		sc->flags |= MD_READONLY;
1476 	sc->vnode = nd.ni_vp;
1477 
1478 	error = mdsetcred(sc, td->td_ucred);
1479 	if (error != 0) {
1480 		sc->vnode = NULL;
1481 		vn_lock(nd.ni_vp, LK_EXCLUSIVE | LK_RETRY);
1482 		nd.ni_vp->v_vflag &= ~VV_MD;
1483 		goto bad;
1484 	}
1485 
1486 	sc->kva = kva_alloc(MAXPHYS + PAGE_SIZE);
1487 	return (0);
1488 bad:
1489 	VOP_UNLOCK(nd.ni_vp);
1490 	(void)vn_close(nd.ni_vp, flags, td->td_ucred, td);
1491 	return (error);
1492 }
1493 
1494 static void
1495 g_md_providergone(struct g_provider *pp)
1496 {
1497 	struct md_s *sc = pp->geom->softc;
1498 
1499 	mtx_lock(&sc->queue_mtx);
1500 	sc->flags |= MD_PROVIDERGONE;
1501 	wakeup(&sc->flags);
1502 	mtx_unlock(&sc->queue_mtx);
1503 }
1504 
1505 static int
1506 mddestroy(struct md_s *sc, struct thread *td)
1507 {
1508 
1509 	if (sc->gp) {
1510 		g_topology_lock();
1511 		g_wither_geom(sc->gp, ENXIO);
1512 		g_topology_unlock();
1513 
1514 		mtx_lock(&sc->queue_mtx);
1515 		while (!(sc->flags & MD_PROVIDERGONE))
1516 			msleep(&sc->flags, &sc->queue_mtx, PRIBIO, "mddestroy", 0);
1517 		mtx_unlock(&sc->queue_mtx);
1518 	}
1519 	if (sc->devstat) {
1520 		devstat_remove_entry(sc->devstat);
1521 		sc->devstat = NULL;
1522 	}
1523 	mtx_lock(&sc->queue_mtx);
1524 	sc->flags |= MD_SHUTDOWN;
1525 	wakeup(sc);
1526 	while (!(sc->flags & MD_EXITING))
1527 		msleep(sc->procp, &sc->queue_mtx, PRIBIO, "mddestroy", hz / 10);
1528 	mtx_unlock(&sc->queue_mtx);
1529 	mtx_destroy(&sc->queue_mtx);
1530 	if (sc->vnode != NULL) {
1531 		vn_lock(sc->vnode, LK_EXCLUSIVE | LK_RETRY);
1532 		sc->vnode->v_vflag &= ~VV_MD;
1533 		VOP_UNLOCK(sc->vnode);
1534 		(void)vn_close(sc->vnode, sc->flags & MD_READONLY ?
1535 		    FREAD : (FREAD|FWRITE), sc->cred, td);
1536 	}
1537 	if (sc->cred != NULL)
1538 		crfree(sc->cred);
1539 	if (sc->object != NULL)
1540 		vm_object_deallocate(sc->object);
1541 	if (sc->indir)
1542 		destroy_indir(sc, sc->indir);
1543 	if (sc->uma)
1544 		uma_zdestroy(sc->uma);
1545 	if (sc->kva)
1546 		kva_free(sc->kva, MAXPHYS + PAGE_SIZE);
1547 
1548 	LIST_REMOVE(sc, list);
1549 	free_unr(md_uh, sc->unit);
1550 	free(sc, M_MD);
1551 	return (0);
1552 }
1553 
1554 static int
1555 mdresize(struct md_s *sc, struct md_req *mdr)
1556 {
1557 	int error, res;
1558 	vm_pindex_t oldpages, newpages;
1559 
1560 	switch (sc->type) {
1561 	case MD_VNODE:
1562 	case MD_NULL:
1563 		break;
1564 	case MD_SWAP:
1565 		if (mdr->md_mediasize <= 0 ||
1566 		    (mdr->md_mediasize % PAGE_SIZE) != 0)
1567 			return (EDOM);
1568 		oldpages = OFF_TO_IDX(sc->mediasize);
1569 		newpages = OFF_TO_IDX(mdr->md_mediasize);
1570 		if (newpages < oldpages) {
1571 			VM_OBJECT_WLOCK(sc->object);
1572 			vm_object_page_remove(sc->object, newpages, 0, 0);
1573 			swap_release_by_cred(IDX_TO_OFF(oldpages -
1574 			    newpages), sc->cred);
1575 			sc->object->charge = IDX_TO_OFF(newpages);
1576 			sc->object->size = newpages;
1577 			VM_OBJECT_WUNLOCK(sc->object);
1578 		} else if (newpages > oldpages) {
1579 			res = swap_reserve_by_cred(IDX_TO_OFF(newpages -
1580 			    oldpages), sc->cred);
1581 			if (!res)
1582 				return (ENOMEM);
1583 			if ((mdr->md_options & MD_RESERVE) ||
1584 			    (sc->flags & MD_RESERVE)) {
1585 				error = swap_pager_reserve(sc->object,
1586 				    oldpages, newpages - oldpages);
1587 				if (error < 0) {
1588 					swap_release_by_cred(
1589 					    IDX_TO_OFF(newpages - oldpages),
1590 					    sc->cred);
1591 					return (EDOM);
1592 				}
1593 			}
1594 			VM_OBJECT_WLOCK(sc->object);
1595 			sc->object->charge = IDX_TO_OFF(newpages);
1596 			sc->object->size = newpages;
1597 			VM_OBJECT_WUNLOCK(sc->object);
1598 		}
1599 		break;
1600 	default:
1601 		return (EOPNOTSUPP);
1602 	}
1603 
1604 	sc->mediasize = mdr->md_mediasize;
1605 
1606 	g_topology_lock();
1607 	g_resize_provider(sc->pp, sc->mediasize);
1608 	g_topology_unlock();
1609 	return (0);
1610 }
1611 
1612 static int
1613 mdcreate_swap(struct md_s *sc, struct md_req *mdr, struct thread *td)
1614 {
1615 	vm_ooffset_t npage;
1616 	int error;
1617 
1618 	/*
1619 	 * Range check.  Disallow negative sizes and sizes not being
1620 	 * multiple of page size.
1621 	 */
1622 	if (sc->mediasize <= 0 || (sc->mediasize % PAGE_SIZE) != 0)
1623 		return (EDOM);
1624 
1625 	/*
1626 	 * Allocate an OBJT_SWAP object.
1627 	 *
1628 	 * Note the truncation.
1629 	 */
1630 
1631 	if ((mdr->md_options & MD_VERIFY) != 0)
1632 		return (EINVAL);
1633 	npage = mdr->md_mediasize / PAGE_SIZE;
1634 	if (mdr->md_fwsectors != 0)
1635 		sc->fwsectors = mdr->md_fwsectors;
1636 	if (mdr->md_fwheads != 0)
1637 		sc->fwheads = mdr->md_fwheads;
1638 	sc->object = vm_pager_allocate(OBJT_SWAP, NULL, PAGE_SIZE * npage,
1639 	    VM_PROT_DEFAULT, 0, td->td_ucred);
1640 	if (sc->object == NULL)
1641 		return (ENOMEM);
1642 	sc->flags = mdr->md_options & (MD_FORCE | MD_RESERVE);
1643 	if (mdr->md_options & MD_RESERVE) {
1644 		if (swap_pager_reserve(sc->object, 0, npage) < 0) {
1645 			error = EDOM;
1646 			goto finish;
1647 		}
1648 	}
1649 	error = mdsetcred(sc, td->td_ucred);
1650  finish:
1651 	if (error != 0) {
1652 		vm_object_deallocate(sc->object);
1653 		sc->object = NULL;
1654 	}
1655 	return (error);
1656 }
1657 
1658 static int
1659 mdcreate_null(struct md_s *sc, struct md_req *mdr, struct thread *td)
1660 {
1661 
1662 	/*
1663 	 * Range check.  Disallow negative sizes and sizes not being
1664 	 * multiple of page size.
1665 	 */
1666 	if (sc->mediasize <= 0 || (sc->mediasize % PAGE_SIZE) != 0)
1667 		return (EDOM);
1668 
1669 	return (0);
1670 }
1671 
1672 static int
1673 kern_mdattach_locked(struct thread *td, struct md_req *mdr)
1674 {
1675 	struct md_s *sc;
1676 	unsigned sectsize;
1677 	int error, i;
1678 
1679 	sx_assert(&md_sx, SA_XLOCKED);
1680 
1681 	switch (mdr->md_type) {
1682 	case MD_MALLOC:
1683 	case MD_PRELOAD:
1684 	case MD_VNODE:
1685 	case MD_SWAP:
1686 	case MD_NULL:
1687 		break;
1688 	default:
1689 		return (EINVAL);
1690 	}
1691 	if (mdr->md_sectorsize == 0)
1692 		sectsize = DEV_BSIZE;
1693 	else
1694 		sectsize = mdr->md_sectorsize;
1695 	if (sectsize > maxphys || mdr->md_mediasize < sectsize)
1696 		return (EINVAL);
1697 	if (mdr->md_options & MD_AUTOUNIT)
1698 		sc = mdnew(-1, &error, mdr->md_type);
1699 	else {
1700 		if (mdr->md_unit > INT_MAX)
1701 			return (EINVAL);
1702 		sc = mdnew(mdr->md_unit, &error, mdr->md_type);
1703 	}
1704 	if (sc == NULL)
1705 		return (error);
1706 	if (mdr->md_label != NULL)
1707 		error = copyinstr(mdr->md_label, sc->label,
1708 		    sizeof(sc->label), NULL);
1709 	if (error != 0)
1710 		goto err_after_new;
1711 	if (mdr->md_options & MD_AUTOUNIT)
1712 		mdr->md_unit = sc->unit;
1713 	sc->mediasize = mdr->md_mediasize;
1714 	sc->sectorsize = sectsize;
1715 	sc->candelete = true;
1716 	error = EDOOFUS;
1717 	switch (sc->type) {
1718 	case MD_MALLOC:
1719 		sc->start = mdstart_malloc;
1720 		error = mdcreate_malloc(sc, mdr);
1721 		break;
1722 	case MD_PRELOAD:
1723 		/*
1724 		 * We disallow attaching preloaded memory disks via
1725 		 * ioctl. Preloaded memory disks are automatically
1726 		 * attached in g_md_init().
1727 		 */
1728 		error = EOPNOTSUPP;
1729 		break;
1730 	case MD_VNODE:
1731 		sc->start = mdstart_vnode;
1732 		error = mdcreate_vnode(sc, mdr, td);
1733 		break;
1734 	case MD_SWAP:
1735 		sc->start = mdstart_swap;
1736 		error = mdcreate_swap(sc, mdr, td);
1737 		break;
1738 	case MD_NULL:
1739 		sc->start = mdstart_null;
1740 		error = mdcreate_null(sc, mdr, td);
1741 		break;
1742 	}
1743 err_after_new:
1744 	if (error != 0) {
1745 		mddestroy(sc, td);
1746 		return (error);
1747 	}
1748 
1749 	/* Prune off any residual fractional sector */
1750 	i = sc->mediasize % sc->sectorsize;
1751 	sc->mediasize -= i;
1752 
1753 	mdinit(sc);
1754 	return (0);
1755 }
1756 
1757 static int
1758 kern_mdattach(struct thread *td, struct md_req *mdr)
1759 {
1760 	int error;
1761 
1762 	sx_xlock(&md_sx);
1763 	error = kern_mdattach_locked(td, mdr);
1764 	sx_xunlock(&md_sx);
1765 	return (error);
1766 }
1767 
1768 static int
1769 kern_mddetach_locked(struct thread *td, struct md_req *mdr)
1770 {
1771 	struct md_s *sc;
1772 
1773 	sx_assert(&md_sx, SA_XLOCKED);
1774 
1775 	if (mdr->md_mediasize != 0 ||
1776 	    (mdr->md_options & ~MD_FORCE) != 0)
1777 		return (EINVAL);
1778 
1779 	sc = mdfind(mdr->md_unit);
1780 	if (sc == NULL)
1781 		return (ENOENT);
1782 	if (sc->opencount != 0 && !(sc->flags & MD_FORCE) &&
1783 	    !(mdr->md_options & MD_FORCE))
1784 		return (EBUSY);
1785 	return (mddestroy(sc, td));
1786 }
1787 
1788 static int
1789 kern_mddetach(struct thread *td, struct md_req *mdr)
1790 {
1791 	int error;
1792 
1793 	sx_xlock(&md_sx);
1794 	error = kern_mddetach_locked(td, mdr);
1795 	sx_xunlock(&md_sx);
1796 	return (error);
1797 }
1798 
1799 static int
1800 kern_mdresize_locked(struct md_req *mdr)
1801 {
1802 	struct md_s *sc;
1803 
1804 	sx_assert(&md_sx, SA_XLOCKED);
1805 
1806 	if ((mdr->md_options & ~(MD_FORCE | MD_RESERVE)) != 0)
1807 		return (EINVAL);
1808 
1809 	sc = mdfind(mdr->md_unit);
1810 	if (sc == NULL)
1811 		return (ENOENT);
1812 	if (mdr->md_mediasize < sc->sectorsize)
1813 		return (EINVAL);
1814 	mdr->md_mediasize -= mdr->md_mediasize % sc->sectorsize;
1815 	if (mdr->md_mediasize < sc->mediasize &&
1816 	    !(sc->flags & MD_FORCE) &&
1817 	    !(mdr->md_options & MD_FORCE))
1818 		return (EBUSY);
1819 	return (mdresize(sc, mdr));
1820 }
1821 
1822 static int
1823 kern_mdresize(struct md_req *mdr)
1824 {
1825 	int error;
1826 
1827 	sx_xlock(&md_sx);
1828 	error = kern_mdresize_locked(mdr);
1829 	sx_xunlock(&md_sx);
1830 	return (error);
1831 }
1832 
1833 static int
1834 kern_mdquery_locked(struct md_req *mdr)
1835 {
1836 	struct md_s *sc;
1837 	int error;
1838 
1839 	sx_assert(&md_sx, SA_XLOCKED);
1840 
1841 	sc = mdfind(mdr->md_unit);
1842 	if (sc == NULL)
1843 		return (ENOENT);
1844 	mdr->md_type = sc->type;
1845 	mdr->md_options = sc->flags;
1846 	mdr->md_mediasize = sc->mediasize;
1847 	mdr->md_sectorsize = sc->sectorsize;
1848 	error = 0;
1849 	if (mdr->md_label != NULL) {
1850 		error = copyout(sc->label, mdr->md_label,
1851 		    strlen(sc->label) + 1);
1852 		if (error != 0)
1853 			return (error);
1854 	}
1855 	if (sc->type == MD_VNODE ||
1856 	    (sc->type == MD_PRELOAD && mdr->md_file != NULL))
1857 		error = copyout(sc->file, mdr->md_file,
1858 		    strlen(sc->file) + 1);
1859 	return (error);
1860 }
1861 
1862 static int
1863 kern_mdquery(struct md_req *mdr)
1864 {
1865 	int error;
1866 
1867 	sx_xlock(&md_sx);
1868 	error = kern_mdquery_locked(mdr);
1869 	sx_xunlock(&md_sx);
1870 	return (error);
1871 }
1872 
1873 /* Copy members that are not userspace pointers. */
1874 #define	MD_IOCTL2REQ(mdio, mdr) do {					\
1875 	(mdr)->md_unit = (mdio)->md_unit;				\
1876 	(mdr)->md_type = (mdio)->md_type;				\
1877 	(mdr)->md_mediasize = (mdio)->md_mediasize;			\
1878 	(mdr)->md_sectorsize = (mdio)->md_sectorsize;			\
1879 	(mdr)->md_options = (mdio)->md_options;				\
1880 	(mdr)->md_fwheads = (mdio)->md_fwheads;				\
1881 	(mdr)->md_fwsectors = (mdio)->md_fwsectors;			\
1882 	(mdr)->md_units = &(mdio)->md_pad[0];				\
1883 	(mdr)->md_units_nitems = nitems((mdio)->md_pad);		\
1884 } while(0)
1885 
1886 /* Copy members that might have been updated */
1887 #define MD_REQ2IOCTL(mdr, mdio) do {					\
1888 	(mdio)->md_unit = (mdr)->md_unit;				\
1889 	(mdio)->md_type = (mdr)->md_type;				\
1890 	(mdio)->md_mediasize = (mdr)->md_mediasize;			\
1891 	(mdio)->md_sectorsize = (mdr)->md_sectorsize;			\
1892 	(mdio)->md_options = (mdr)->md_options;				\
1893 	(mdio)->md_fwheads = (mdr)->md_fwheads;				\
1894 	(mdio)->md_fwsectors = (mdr)->md_fwsectors;			\
1895 } while(0)
1896 
1897 static int
1898 mdctlioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags,
1899     struct thread *td)
1900 {
1901 	struct md_req mdr;
1902 	int error;
1903 
1904 	if (md_debug)
1905 		printf("mdctlioctl(%s %lx %p %x %p)\n",
1906 			devtoname(dev), cmd, addr, flags, td);
1907 
1908 	bzero(&mdr, sizeof(mdr));
1909 	switch (cmd) {
1910 	case MDIOCATTACH:
1911 	case MDIOCDETACH:
1912 	case MDIOCRESIZE:
1913 	case MDIOCQUERY: {
1914 		struct md_ioctl *mdio = (struct md_ioctl *)addr;
1915 		if (mdio->md_version != MDIOVERSION)
1916 			return (EINVAL);
1917 		MD_IOCTL2REQ(mdio, &mdr);
1918 		mdr.md_file = mdio->md_file;
1919 		mdr.md_file_seg = UIO_USERSPACE;
1920 		/* If the file is adjacent to the md_ioctl it's in kernel. */
1921 		if ((void *)mdio->md_file == (void *)(mdio + 1))
1922 			mdr.md_file_seg = UIO_SYSSPACE;
1923 		mdr.md_label = mdio->md_label;
1924 		break;
1925 	}
1926 #ifdef COMPAT_FREEBSD32
1927 	case MDIOCATTACH_32:
1928 	case MDIOCDETACH_32:
1929 	case MDIOCRESIZE_32:
1930 	case MDIOCQUERY_32: {
1931 		struct md_ioctl32 *mdio = (struct md_ioctl32 *)addr;
1932 		if (mdio->md_version != MDIOVERSION)
1933 			return (EINVAL);
1934 		MD_IOCTL2REQ(mdio, &mdr);
1935 		mdr.md_file = (void *)(uintptr_t)mdio->md_file;
1936 		mdr.md_file_seg = UIO_USERSPACE;
1937 		mdr.md_label = (void *)(uintptr_t)mdio->md_label;
1938 		break;
1939 	}
1940 #endif
1941 	default:
1942 		/* Fall through to handler switch. */
1943 		break;
1944 	}
1945 
1946 	error = 0;
1947 	switch (cmd) {
1948 	case MDIOCATTACH:
1949 #ifdef COMPAT_FREEBSD32
1950 	case MDIOCATTACH_32:
1951 #endif
1952 		error = kern_mdattach(td, &mdr);
1953 		break;
1954 	case MDIOCDETACH:
1955 #ifdef COMPAT_FREEBSD32
1956 	case MDIOCDETACH_32:
1957 #endif
1958 		error = kern_mddetach(td, &mdr);
1959 		break;
1960 	case MDIOCRESIZE:
1961 #ifdef COMPAT_FREEBSD32
1962 	case MDIOCRESIZE_32:
1963 #endif
1964 		error = kern_mdresize(&mdr);
1965 		break;
1966 	case MDIOCQUERY:
1967 #ifdef COMPAT_FREEBSD32
1968 	case MDIOCQUERY_32:
1969 #endif
1970 		error = kern_mdquery(&mdr);
1971 		break;
1972 	default:
1973 		error = ENOIOCTL;
1974 	}
1975 
1976 	switch (cmd) {
1977 	case MDIOCATTACH:
1978 	case MDIOCQUERY: {
1979 		struct md_ioctl *mdio = (struct md_ioctl *)addr;
1980 		MD_REQ2IOCTL(&mdr, mdio);
1981 		break;
1982 	}
1983 #ifdef COMPAT_FREEBSD32
1984 	case MDIOCATTACH_32:
1985 	case MDIOCQUERY_32: {
1986 		struct md_ioctl32 *mdio = (struct md_ioctl32 *)addr;
1987 		MD_REQ2IOCTL(&mdr, mdio);
1988 		break;
1989 	}
1990 #endif
1991 	default:
1992 		/* Other commands to not alter mdr. */
1993 		break;
1994 	}
1995 
1996 	return (error);
1997 }
1998 
1999 static void
2000 md_preloaded(u_char *image, size_t length, const char *name)
2001 {
2002 	struct md_s *sc;
2003 	int error;
2004 
2005 	sc = mdnew(-1, &error, MD_PRELOAD);
2006 	if (sc == NULL)
2007 		return;
2008 	sc->mediasize = length;
2009 	sc->sectorsize = DEV_BSIZE;
2010 	sc->pl_ptr = image;
2011 	sc->pl_len = length;
2012 	sc->start = mdstart_preload;
2013 	if (name != NULL)
2014 		strlcpy(sc->file, name, sizeof(sc->file));
2015 #ifdef MD_ROOT
2016 	if (sc->unit == 0) {
2017 #ifndef ROOTDEVNAME
2018 		rootdevnames[0] = MD_ROOT_FSTYPE ":/dev/md0";
2019 #endif
2020 #ifdef MD_ROOT_READONLY
2021 		sc->flags |= MD_READONLY;
2022 #endif
2023 	}
2024 #endif
2025 	mdinit(sc);
2026 	if (name != NULL) {
2027 		printf("%s%d: Preloaded image <%s> %zd bytes at %p\n",
2028 		    MD_NAME, sc->unit, name, length, image);
2029 	} else {
2030 		printf("%s%d: Embedded image %zd bytes at %p\n",
2031 		    MD_NAME, sc->unit, length, image);
2032 	}
2033 }
2034 
2035 static void
2036 g_md_init(struct g_class *mp __unused)
2037 {
2038 	caddr_t mod;
2039 	u_char *ptr, *name, *type;
2040 	unsigned len;
2041 	int i;
2042 
2043 	/* figure out log2(NINDIR) */
2044 	for (i = NINDIR, nshift = -1; i; nshift++)
2045 		i >>= 1;
2046 
2047 	mod = NULL;
2048 	sx_init(&md_sx, "MD config lock");
2049 	g_topology_unlock();
2050 	md_uh = new_unrhdr(0, INT_MAX, NULL);
2051 #ifdef MD_ROOT
2052 	if (mfs_root_size != 0) {
2053 		sx_xlock(&md_sx);
2054 #ifdef MD_ROOT_MEM
2055 		md_preloaded(mfs_root, mfs_root_size, NULL);
2056 #else
2057 		md_preloaded(__DEVOLATILE(u_char *, &mfs_root), mfs_root_size,
2058 		    NULL);
2059 #endif
2060 		sx_xunlock(&md_sx);
2061 	}
2062 #endif
2063 	/* XXX: are preload_* static or do they need Giant ? */
2064 	while ((mod = preload_search_next_name(mod)) != NULL) {
2065 		name = (char *)preload_search_info(mod, MODINFO_NAME);
2066 		if (name == NULL)
2067 			continue;
2068 		type = (char *)preload_search_info(mod, MODINFO_TYPE);
2069 		if (type == NULL)
2070 			continue;
2071 		if (strcmp(type, "md_image") && strcmp(type, "mfs_root"))
2072 			continue;
2073 		ptr = preload_fetch_addr(mod);
2074 		len = preload_fetch_size(mod);
2075 		if (ptr != NULL && len != 0) {
2076 			sx_xlock(&md_sx);
2077 			md_preloaded(ptr, len, name);
2078 			sx_xunlock(&md_sx);
2079 		}
2080 	}
2081 	status_dev = make_dev(&mdctl_cdevsw, INT_MAX, UID_ROOT, GID_WHEEL,
2082 	    0600, MDCTL_NAME);
2083 	g_topology_lock();
2084 }
2085 
2086 static void
2087 g_md_dumpconf(struct sbuf *sb, const char *indent, struct g_geom *gp,
2088     struct g_consumer *cp __unused, struct g_provider *pp)
2089 {
2090 	struct md_s *mp;
2091 	char *type;
2092 
2093 	mp = gp->softc;
2094 	if (mp == NULL)
2095 		return;
2096 
2097 	switch (mp->type) {
2098 	case MD_MALLOC:
2099 		type = "malloc";
2100 		break;
2101 	case MD_PRELOAD:
2102 		type = "preload";
2103 		break;
2104 	case MD_VNODE:
2105 		type = "vnode";
2106 		break;
2107 	case MD_SWAP:
2108 		type = "swap";
2109 		break;
2110 	case MD_NULL:
2111 		type = "null";
2112 		break;
2113 	default:
2114 		type = "unknown";
2115 		break;
2116 	}
2117 
2118 	if (pp != NULL) {
2119 		if (indent == NULL) {
2120 			sbuf_printf(sb, " u %d", mp->unit);
2121 			sbuf_printf(sb, " s %ju", (uintmax_t) mp->sectorsize);
2122 			sbuf_printf(sb, " f %ju", (uintmax_t) mp->fwheads);
2123 			sbuf_printf(sb, " fs %ju", (uintmax_t) mp->fwsectors);
2124 			sbuf_printf(sb, " l %ju", (uintmax_t) mp->mediasize);
2125 			sbuf_printf(sb, " t %s", type);
2126 			if ((mp->type == MD_VNODE && mp->vnode != NULL) ||
2127 			    (mp->type == MD_PRELOAD && mp->file[0] != '\0'))
2128 				sbuf_printf(sb, " file %s", mp->file);
2129 			sbuf_printf(sb, " label %s", mp->label);
2130 		} else {
2131 			sbuf_printf(sb, "%s<unit>%d</unit>\n", indent,
2132 			    mp->unit);
2133 			sbuf_printf(sb, "%s<sectorsize>%ju</sectorsize>\n",
2134 			    indent, (uintmax_t) mp->sectorsize);
2135 			sbuf_printf(sb, "%s<fwheads>%ju</fwheads>\n",
2136 			    indent, (uintmax_t) mp->fwheads);
2137 			sbuf_printf(sb, "%s<fwsectors>%ju</fwsectors>\n",
2138 			    indent, (uintmax_t) mp->fwsectors);
2139 			if (mp->ident[0] != '\0') {
2140 				sbuf_printf(sb, "%s<ident>", indent);
2141 				g_conf_printf_escaped(sb, "%s", mp->ident);
2142 				sbuf_printf(sb, "</ident>\n");
2143 			}
2144 			sbuf_printf(sb, "%s<length>%ju</length>\n",
2145 			    indent, (uintmax_t) mp->mediasize);
2146 			sbuf_printf(sb, "%s<compression>%s</compression>\n", indent,
2147 			    (mp->flags & MD_COMPRESS) == 0 ? "off": "on");
2148 			sbuf_printf(sb, "%s<access>%s</access>\n", indent,
2149 			    (mp->flags & MD_READONLY) == 0 ? "read-write":
2150 			    "read-only");
2151 			sbuf_printf(sb, "%s<type>%s</type>\n", indent,
2152 			    type);
2153 			if ((mp->type == MD_VNODE && mp->vnode != NULL) ||
2154 			    (mp->type == MD_PRELOAD && mp->file[0] != '\0')) {
2155 				sbuf_printf(sb, "%s<file>", indent);
2156 				g_conf_printf_escaped(sb, "%s", mp->file);
2157 				sbuf_printf(sb, "</file>\n");
2158 			}
2159 			if (mp->type == MD_VNODE)
2160 				sbuf_printf(sb, "%s<cache>%s</cache>\n", indent,
2161 				    (mp->flags & MD_CACHE) == 0 ? "off": "on");
2162 			sbuf_printf(sb, "%s<label>", indent);
2163 			g_conf_printf_escaped(sb, "%s", mp->label);
2164 			sbuf_printf(sb, "</label>\n");
2165 		}
2166 	}
2167 }
2168 
2169 static void
2170 g_md_fini(struct g_class *mp __unused)
2171 {
2172 
2173 	sx_destroy(&md_sx);
2174 	if (status_dev != NULL)
2175 		destroy_dev(status_dev);
2176 	delete_unrhdr(md_uh);
2177 }
2178