xref: /linux/net/ceph/osd_client.c (revision ef030ab17e060b0ef47028e86cf85b68988b56ae)
1 // SPDX-License-Identifier: GPL-2.0
2 
3 #include <linux/ceph/ceph_debug.h>
4 
5 #include <linux/module.h>
6 #include <linux/err.h>
7 #include <linux/highmem.h>
8 #include <linux/mm.h>
9 #include <linux/pagemap.h>
10 #include <linux/slab.h>
11 #include <linux/uaccess.h>
12 #ifdef CONFIG_BLOCK
13 #include <linux/bio.h>
14 #endif
15 
16 #include <linux/ceph/ceph_features.h>
17 #include <linux/ceph/libceph.h>
18 #include <linux/ceph/osd_client.h>
19 #include <linux/ceph/messenger.h>
20 #include <linux/ceph/decode.h>
21 #include <linux/ceph/auth.h>
22 #include <linux/ceph/pagelist.h>
23 #include <linux/ceph/striper.h>
24 
25 #define OSD_OPREPLY_FRONT_LEN	512
26 
27 static struct kmem_cache	*ceph_osd_request_cache;
28 
29 static const struct ceph_connection_operations osd_con_ops;
30 
31 /*
32  * Implement client access to distributed object storage cluster.
33  *
34  * All data objects are stored within a cluster/cloud of OSDs, or
35  * "object storage devices."  (Note that Ceph OSDs have _nothing_ to
36  * do with the T10 OSD extensions to SCSI.)  Ceph OSDs are simply
37  * remote daemons serving up and coordinating consistent and safe
38  * access to storage.
39  *
40  * Cluster membership and the mapping of data objects onto storage devices
41  * are described by the osd map.
42  *
43  * We keep track of pending OSD requests (read, write), resubmit
44  * requests to different OSDs when the cluster topology/data layout
45  * change, or retry the affected requests when the communications
46  * channel with an OSD is reset.
47  */
48 
49 static void link_request(struct ceph_osd *osd, struct ceph_osd_request *req);
50 static void unlink_request(struct ceph_osd *osd, struct ceph_osd_request *req);
51 static void link_linger(struct ceph_osd *osd,
52 			struct ceph_osd_linger_request *lreq);
53 static void unlink_linger(struct ceph_osd *osd,
54 			  struct ceph_osd_linger_request *lreq);
55 static void clear_backoffs(struct ceph_osd *osd);
56 
57 #if 1
58 static inline bool rwsem_is_wrlocked(struct rw_semaphore *sem)
59 {
60 	bool wrlocked = true;
61 
62 	if (unlikely(down_read_trylock(sem))) {
63 		wrlocked = false;
64 		up_read(sem);
65 	}
66 
67 	return wrlocked;
68 }
69 static inline void verify_osdc_locked(struct ceph_osd_client *osdc)
70 {
71 	WARN_ON(!rwsem_is_locked(&osdc->lock));
72 }
73 static inline void verify_osdc_wrlocked(struct ceph_osd_client *osdc)
74 {
75 	WARN_ON(!rwsem_is_wrlocked(&osdc->lock));
76 }
77 static inline void verify_osd_locked(struct ceph_osd *osd)
78 {
79 	struct ceph_osd_client *osdc = osd->o_osdc;
80 
81 	WARN_ON(!(mutex_is_locked(&osd->lock) &&
82 		  rwsem_is_locked(&osdc->lock)) &&
83 		!rwsem_is_wrlocked(&osdc->lock));
84 }
85 static inline void verify_lreq_locked(struct ceph_osd_linger_request *lreq)
86 {
87 	WARN_ON(!mutex_is_locked(&lreq->lock));
88 }
89 #else
90 static inline void verify_osdc_locked(struct ceph_osd_client *osdc) { }
91 static inline void verify_osdc_wrlocked(struct ceph_osd_client *osdc) { }
92 static inline void verify_osd_locked(struct ceph_osd *osd) { }
93 static inline void verify_lreq_locked(struct ceph_osd_linger_request *lreq) { }
94 #endif
95 
96 /*
97  * calculate the mapping of a file extent onto an object, and fill out the
98  * request accordingly.  shorten extent as necessary if it crosses an
99  * object boundary.
100  *
101  * fill osd op in request message.
102  */
103 static int calc_layout(struct ceph_file_layout *layout, u64 off, u64 *plen,
104 			u64 *objnum, u64 *objoff, u64 *objlen)
105 {
106 	u64 orig_len = *plen;
107 	u32 xlen;
108 
109 	/* object extent? */
110 	ceph_calc_file_object_mapping(layout, off, orig_len, objnum,
111 					  objoff, &xlen);
112 	*objlen = xlen;
113 	if (*objlen < orig_len) {
114 		*plen = *objlen;
115 		dout(" skipping last %llu, final file extent %llu~%llu\n",
116 		     orig_len - *plen, off, *plen);
117 	}
118 
119 	dout("calc_layout objnum=%llx %llu~%llu\n", *objnum, *objoff, *objlen);
120 	return 0;
121 }
122 
123 static void ceph_osd_data_init(struct ceph_osd_data *osd_data)
124 {
125 	memset(osd_data, 0, sizeof (*osd_data));
126 	osd_data->type = CEPH_OSD_DATA_TYPE_NONE;
127 }
128 
129 /*
130  * Consumes @pages if @own_pages is true.
131  */
132 static void ceph_osd_data_pages_init(struct ceph_osd_data *osd_data,
133 			struct page **pages, u64 length, u32 alignment,
134 			bool pages_from_pool, bool own_pages)
135 {
136 	osd_data->type = CEPH_OSD_DATA_TYPE_PAGES;
137 	osd_data->pages = pages;
138 	osd_data->length = length;
139 	osd_data->alignment = alignment;
140 	osd_data->pages_from_pool = pages_from_pool;
141 	osd_data->own_pages = own_pages;
142 }
143 
144 /*
145  * Consumes a ref on @pagelist.
146  */
147 static void ceph_osd_data_pagelist_init(struct ceph_osd_data *osd_data,
148 			struct ceph_pagelist *pagelist)
149 {
150 	osd_data->type = CEPH_OSD_DATA_TYPE_PAGELIST;
151 	osd_data->pagelist = pagelist;
152 }
153 
154 #ifdef CONFIG_BLOCK
155 static void ceph_osd_data_bio_init(struct ceph_osd_data *osd_data,
156 				   struct ceph_bio_iter *bio_pos,
157 				   u32 bio_length)
158 {
159 	osd_data->type = CEPH_OSD_DATA_TYPE_BIO;
160 	osd_data->bio_pos = *bio_pos;
161 	osd_data->bio_length = bio_length;
162 }
163 #endif /* CONFIG_BLOCK */
164 
165 static void ceph_osd_data_bvecs_init(struct ceph_osd_data *osd_data,
166 				     struct ceph_bvec_iter *bvec_pos,
167 				     u32 num_bvecs)
168 {
169 	osd_data->type = CEPH_OSD_DATA_TYPE_BVECS;
170 	osd_data->bvec_pos = *bvec_pos;
171 	osd_data->num_bvecs = num_bvecs;
172 }
173 
174 static struct ceph_osd_data *
175 osd_req_op_raw_data_in(struct ceph_osd_request *osd_req, unsigned int which)
176 {
177 	BUG_ON(which >= osd_req->r_num_ops);
178 
179 	return &osd_req->r_ops[which].raw_data_in;
180 }
181 
182 struct ceph_osd_data *
183 osd_req_op_extent_osd_data(struct ceph_osd_request *osd_req,
184 			unsigned int which)
185 {
186 	return osd_req_op_data(osd_req, which, extent, osd_data);
187 }
188 EXPORT_SYMBOL(osd_req_op_extent_osd_data);
189 
190 void osd_req_op_raw_data_in_pages(struct ceph_osd_request *osd_req,
191 			unsigned int which, struct page **pages,
192 			u64 length, u32 alignment,
193 			bool pages_from_pool, bool own_pages)
194 {
195 	struct ceph_osd_data *osd_data;
196 
197 	osd_data = osd_req_op_raw_data_in(osd_req, which);
198 	ceph_osd_data_pages_init(osd_data, pages, length, alignment,
199 				pages_from_pool, own_pages);
200 }
201 EXPORT_SYMBOL(osd_req_op_raw_data_in_pages);
202 
203 void osd_req_op_extent_osd_data_pages(struct ceph_osd_request *osd_req,
204 			unsigned int which, struct page **pages,
205 			u64 length, u32 alignment,
206 			bool pages_from_pool, bool own_pages)
207 {
208 	struct ceph_osd_data *osd_data;
209 
210 	osd_data = osd_req_op_data(osd_req, which, extent, osd_data);
211 	ceph_osd_data_pages_init(osd_data, pages, length, alignment,
212 				pages_from_pool, own_pages);
213 }
214 EXPORT_SYMBOL(osd_req_op_extent_osd_data_pages);
215 
216 void osd_req_op_extent_osd_data_pagelist(struct ceph_osd_request *osd_req,
217 			unsigned int which, struct ceph_pagelist *pagelist)
218 {
219 	struct ceph_osd_data *osd_data;
220 
221 	osd_data = osd_req_op_data(osd_req, which, extent, osd_data);
222 	ceph_osd_data_pagelist_init(osd_data, pagelist);
223 }
224 EXPORT_SYMBOL(osd_req_op_extent_osd_data_pagelist);
225 
226 #ifdef CONFIG_BLOCK
227 void osd_req_op_extent_osd_data_bio(struct ceph_osd_request *osd_req,
228 				    unsigned int which,
229 				    struct ceph_bio_iter *bio_pos,
230 				    u32 bio_length)
231 {
232 	struct ceph_osd_data *osd_data;
233 
234 	osd_data = osd_req_op_data(osd_req, which, extent, osd_data);
235 	ceph_osd_data_bio_init(osd_data, bio_pos, bio_length);
236 }
237 EXPORT_SYMBOL(osd_req_op_extent_osd_data_bio);
238 #endif /* CONFIG_BLOCK */
239 
240 void osd_req_op_extent_osd_data_bvecs(struct ceph_osd_request *osd_req,
241 				      unsigned int which,
242 				      struct bio_vec *bvecs, u32 num_bvecs,
243 				      u32 bytes)
244 {
245 	struct ceph_osd_data *osd_data;
246 	struct ceph_bvec_iter it = {
247 		.bvecs = bvecs,
248 		.iter = { .bi_size = bytes },
249 	};
250 
251 	osd_data = osd_req_op_data(osd_req, which, extent, osd_data);
252 	ceph_osd_data_bvecs_init(osd_data, &it, num_bvecs);
253 }
254 EXPORT_SYMBOL(osd_req_op_extent_osd_data_bvecs);
255 
256 void osd_req_op_extent_osd_data_bvec_pos(struct ceph_osd_request *osd_req,
257 					 unsigned int which,
258 					 struct ceph_bvec_iter *bvec_pos)
259 {
260 	struct ceph_osd_data *osd_data;
261 
262 	osd_data = osd_req_op_data(osd_req, which, extent, osd_data);
263 	ceph_osd_data_bvecs_init(osd_data, bvec_pos, 0);
264 }
265 EXPORT_SYMBOL(osd_req_op_extent_osd_data_bvec_pos);
266 
267 static void osd_req_op_cls_request_info_pagelist(
268 			struct ceph_osd_request *osd_req,
269 			unsigned int which, struct ceph_pagelist *pagelist)
270 {
271 	struct ceph_osd_data *osd_data;
272 
273 	osd_data = osd_req_op_data(osd_req, which, cls, request_info);
274 	ceph_osd_data_pagelist_init(osd_data, pagelist);
275 }
276 
277 void osd_req_op_cls_request_data_pagelist(
278 			struct ceph_osd_request *osd_req,
279 			unsigned int which, struct ceph_pagelist *pagelist)
280 {
281 	struct ceph_osd_data *osd_data;
282 
283 	osd_data = osd_req_op_data(osd_req, which, cls, request_data);
284 	ceph_osd_data_pagelist_init(osd_data, pagelist);
285 	osd_req->r_ops[which].cls.indata_len += pagelist->length;
286 	osd_req->r_ops[which].indata_len += pagelist->length;
287 }
288 EXPORT_SYMBOL(osd_req_op_cls_request_data_pagelist);
289 
290 void osd_req_op_cls_request_data_pages(struct ceph_osd_request *osd_req,
291 			unsigned int which, struct page **pages, u64 length,
292 			u32 alignment, bool pages_from_pool, bool own_pages)
293 {
294 	struct ceph_osd_data *osd_data;
295 
296 	osd_data = osd_req_op_data(osd_req, which, cls, request_data);
297 	ceph_osd_data_pages_init(osd_data, pages, length, alignment,
298 				pages_from_pool, own_pages);
299 	osd_req->r_ops[which].cls.indata_len += length;
300 	osd_req->r_ops[which].indata_len += length;
301 }
302 EXPORT_SYMBOL(osd_req_op_cls_request_data_pages);
303 
304 void osd_req_op_cls_request_data_bvecs(struct ceph_osd_request *osd_req,
305 				       unsigned int which,
306 				       struct bio_vec *bvecs, u32 num_bvecs,
307 				       u32 bytes)
308 {
309 	struct ceph_osd_data *osd_data;
310 	struct ceph_bvec_iter it = {
311 		.bvecs = bvecs,
312 		.iter = { .bi_size = bytes },
313 	};
314 
315 	osd_data = osd_req_op_data(osd_req, which, cls, request_data);
316 	ceph_osd_data_bvecs_init(osd_data, &it, num_bvecs);
317 	osd_req->r_ops[which].cls.indata_len += bytes;
318 	osd_req->r_ops[which].indata_len += bytes;
319 }
320 EXPORT_SYMBOL(osd_req_op_cls_request_data_bvecs);
321 
322 void osd_req_op_cls_response_data_pages(struct ceph_osd_request *osd_req,
323 			unsigned int which, struct page **pages, u64 length,
324 			u32 alignment, bool pages_from_pool, bool own_pages)
325 {
326 	struct ceph_osd_data *osd_data;
327 
328 	osd_data = osd_req_op_data(osd_req, which, cls, response_data);
329 	ceph_osd_data_pages_init(osd_data, pages, length, alignment,
330 				pages_from_pool, own_pages);
331 }
332 EXPORT_SYMBOL(osd_req_op_cls_response_data_pages);
333 
334 static u64 ceph_osd_data_length(struct ceph_osd_data *osd_data)
335 {
336 	switch (osd_data->type) {
337 	case CEPH_OSD_DATA_TYPE_NONE:
338 		return 0;
339 	case CEPH_OSD_DATA_TYPE_PAGES:
340 		return osd_data->length;
341 	case CEPH_OSD_DATA_TYPE_PAGELIST:
342 		return (u64)osd_data->pagelist->length;
343 #ifdef CONFIG_BLOCK
344 	case CEPH_OSD_DATA_TYPE_BIO:
345 		return (u64)osd_data->bio_length;
346 #endif /* CONFIG_BLOCK */
347 	case CEPH_OSD_DATA_TYPE_BVECS:
348 		return osd_data->bvec_pos.iter.bi_size;
349 	default:
350 		WARN(true, "unrecognized data type %d\n", (int)osd_data->type);
351 		return 0;
352 	}
353 }
354 
355 static void ceph_osd_data_release(struct ceph_osd_data *osd_data)
356 {
357 	if (osd_data->type == CEPH_OSD_DATA_TYPE_PAGES && osd_data->own_pages) {
358 		int num_pages;
359 
360 		num_pages = calc_pages_for((u64)osd_data->alignment,
361 						(u64)osd_data->length);
362 		ceph_release_page_vector(osd_data->pages, num_pages);
363 	} else if (osd_data->type == CEPH_OSD_DATA_TYPE_PAGELIST) {
364 		ceph_pagelist_release(osd_data->pagelist);
365 	}
366 	ceph_osd_data_init(osd_data);
367 }
368 
369 static void osd_req_op_data_release(struct ceph_osd_request *osd_req,
370 			unsigned int which)
371 {
372 	struct ceph_osd_req_op *op;
373 
374 	BUG_ON(which >= osd_req->r_num_ops);
375 	op = &osd_req->r_ops[which];
376 
377 	switch (op->op) {
378 	case CEPH_OSD_OP_READ:
379 	case CEPH_OSD_OP_WRITE:
380 	case CEPH_OSD_OP_WRITEFULL:
381 		ceph_osd_data_release(&op->extent.osd_data);
382 		break;
383 	case CEPH_OSD_OP_CALL:
384 		ceph_osd_data_release(&op->cls.request_info);
385 		ceph_osd_data_release(&op->cls.request_data);
386 		ceph_osd_data_release(&op->cls.response_data);
387 		break;
388 	case CEPH_OSD_OP_SETXATTR:
389 	case CEPH_OSD_OP_CMPXATTR:
390 		ceph_osd_data_release(&op->xattr.osd_data);
391 		break;
392 	case CEPH_OSD_OP_STAT:
393 		ceph_osd_data_release(&op->raw_data_in);
394 		break;
395 	case CEPH_OSD_OP_NOTIFY_ACK:
396 		ceph_osd_data_release(&op->notify_ack.request_data);
397 		break;
398 	case CEPH_OSD_OP_NOTIFY:
399 		ceph_osd_data_release(&op->notify.request_data);
400 		ceph_osd_data_release(&op->notify.response_data);
401 		break;
402 	case CEPH_OSD_OP_LIST_WATCHERS:
403 		ceph_osd_data_release(&op->list_watchers.response_data);
404 		break;
405 	case CEPH_OSD_OP_COPY_FROM2:
406 		ceph_osd_data_release(&op->copy_from.osd_data);
407 		break;
408 	default:
409 		break;
410 	}
411 }
412 
413 /*
414  * Assumes @t is zero-initialized.
415  */
416 static void target_init(struct ceph_osd_request_target *t)
417 {
418 	ceph_oid_init(&t->base_oid);
419 	ceph_oloc_init(&t->base_oloc);
420 	ceph_oid_init(&t->target_oid);
421 	ceph_oloc_init(&t->target_oloc);
422 
423 	ceph_osds_init(&t->acting);
424 	ceph_osds_init(&t->up);
425 	t->size = -1;
426 	t->min_size = -1;
427 
428 	t->osd = CEPH_HOMELESS_OSD;
429 }
430 
431 static void target_copy(struct ceph_osd_request_target *dest,
432 			const struct ceph_osd_request_target *src)
433 {
434 	ceph_oid_copy(&dest->base_oid, &src->base_oid);
435 	ceph_oloc_copy(&dest->base_oloc, &src->base_oloc);
436 	ceph_oid_copy(&dest->target_oid, &src->target_oid);
437 	ceph_oloc_copy(&dest->target_oloc, &src->target_oloc);
438 
439 	dest->pgid = src->pgid; /* struct */
440 	dest->spgid = src->spgid; /* struct */
441 	dest->pg_num = src->pg_num;
442 	dest->pg_num_mask = src->pg_num_mask;
443 	ceph_osds_copy(&dest->acting, &src->acting);
444 	ceph_osds_copy(&dest->up, &src->up);
445 	dest->size = src->size;
446 	dest->min_size = src->min_size;
447 	dest->sort_bitwise = src->sort_bitwise;
448 	dest->recovery_deletes = src->recovery_deletes;
449 
450 	dest->flags = src->flags;
451 	dest->used_replica = src->used_replica;
452 	dest->paused = src->paused;
453 
454 	dest->epoch = src->epoch;
455 	dest->last_force_resend = src->last_force_resend;
456 
457 	dest->osd = src->osd;
458 }
459 
460 static void target_destroy(struct ceph_osd_request_target *t)
461 {
462 	ceph_oid_destroy(&t->base_oid);
463 	ceph_oloc_destroy(&t->base_oloc);
464 	ceph_oid_destroy(&t->target_oid);
465 	ceph_oloc_destroy(&t->target_oloc);
466 }
467 
468 /*
469  * requests
470  */
471 static void request_release_checks(struct ceph_osd_request *req)
472 {
473 	WARN_ON(!RB_EMPTY_NODE(&req->r_node));
474 	WARN_ON(!RB_EMPTY_NODE(&req->r_mc_node));
475 	WARN_ON(!list_empty(&req->r_private_item));
476 	WARN_ON(req->r_osd);
477 }
478 
479 static void ceph_osdc_release_request(struct kref *kref)
480 {
481 	struct ceph_osd_request *req = container_of(kref,
482 					    struct ceph_osd_request, r_kref);
483 	unsigned int which;
484 
485 	dout("%s %p (r_request %p r_reply %p)\n", __func__, req,
486 	     req->r_request, req->r_reply);
487 	request_release_checks(req);
488 
489 	if (req->r_request)
490 		ceph_msg_put(req->r_request);
491 	if (req->r_reply)
492 		ceph_msg_put(req->r_reply);
493 
494 	for (which = 0; which < req->r_num_ops; which++)
495 		osd_req_op_data_release(req, which);
496 
497 	target_destroy(&req->r_t);
498 	ceph_put_snap_context(req->r_snapc);
499 
500 	if (req->r_mempool)
501 		mempool_free(req, req->r_osdc->req_mempool);
502 	else if (req->r_num_ops <= CEPH_OSD_SLAB_OPS)
503 		kmem_cache_free(ceph_osd_request_cache, req);
504 	else
505 		kfree(req);
506 }
507 
508 void ceph_osdc_get_request(struct ceph_osd_request *req)
509 {
510 	dout("%s %p (was %d)\n", __func__, req,
511 	     kref_read(&req->r_kref));
512 	kref_get(&req->r_kref);
513 }
514 EXPORT_SYMBOL(ceph_osdc_get_request);
515 
516 void ceph_osdc_put_request(struct ceph_osd_request *req)
517 {
518 	if (req) {
519 		dout("%s %p (was %d)\n", __func__, req,
520 		     kref_read(&req->r_kref));
521 		kref_put(&req->r_kref, ceph_osdc_release_request);
522 	}
523 }
524 EXPORT_SYMBOL(ceph_osdc_put_request);
525 
526 static void request_init(struct ceph_osd_request *req)
527 {
528 	/* req only, each op is zeroed in osd_req_op_init() */
529 	memset(req, 0, sizeof(*req));
530 
531 	kref_init(&req->r_kref);
532 	init_completion(&req->r_completion);
533 	RB_CLEAR_NODE(&req->r_node);
534 	RB_CLEAR_NODE(&req->r_mc_node);
535 	INIT_LIST_HEAD(&req->r_private_item);
536 
537 	target_init(&req->r_t);
538 }
539 
540 struct ceph_osd_request *ceph_osdc_alloc_request(struct ceph_osd_client *osdc,
541 					       struct ceph_snap_context *snapc,
542 					       unsigned int num_ops,
543 					       bool use_mempool,
544 					       gfp_t gfp_flags)
545 {
546 	struct ceph_osd_request *req;
547 
548 	if (use_mempool) {
549 		BUG_ON(num_ops > CEPH_OSD_SLAB_OPS);
550 		req = mempool_alloc(osdc->req_mempool, gfp_flags);
551 	} else if (num_ops <= CEPH_OSD_SLAB_OPS) {
552 		req = kmem_cache_alloc(ceph_osd_request_cache, gfp_flags);
553 	} else {
554 		BUG_ON(num_ops > CEPH_OSD_MAX_OPS);
555 		req = kmalloc(struct_size(req, r_ops, num_ops), gfp_flags);
556 	}
557 	if (unlikely(!req))
558 		return NULL;
559 
560 	request_init(req);
561 	req->r_osdc = osdc;
562 	req->r_mempool = use_mempool;
563 	req->r_num_ops = num_ops;
564 	req->r_snapid = CEPH_NOSNAP;
565 	req->r_snapc = ceph_get_snap_context(snapc);
566 
567 	dout("%s req %p\n", __func__, req);
568 	return req;
569 }
570 EXPORT_SYMBOL(ceph_osdc_alloc_request);
571 
572 static int ceph_oloc_encoding_size(const struct ceph_object_locator *oloc)
573 {
574 	return 8 + 4 + 4 + 4 + (oloc->pool_ns ? oloc->pool_ns->len : 0);
575 }
576 
577 static int __ceph_osdc_alloc_messages(struct ceph_osd_request *req, gfp_t gfp,
578 				      int num_request_data_items,
579 				      int num_reply_data_items)
580 {
581 	struct ceph_osd_client *osdc = req->r_osdc;
582 	struct ceph_msg *msg;
583 	int msg_size;
584 
585 	WARN_ON(req->r_request || req->r_reply);
586 	WARN_ON(ceph_oid_empty(&req->r_base_oid));
587 	WARN_ON(ceph_oloc_empty(&req->r_base_oloc));
588 
589 	/* create request message */
590 	msg_size = CEPH_ENCODING_START_BLK_LEN +
591 			CEPH_PGID_ENCODING_LEN + 1; /* spgid */
592 	msg_size += 4 + 4 + 4; /* hash, osdmap_epoch, flags */
593 	msg_size += CEPH_ENCODING_START_BLK_LEN +
594 			sizeof(struct ceph_osd_reqid); /* reqid */
595 	msg_size += sizeof(struct ceph_blkin_trace_info); /* trace */
596 	msg_size += 4 + sizeof(struct ceph_timespec); /* client_inc, mtime */
597 	msg_size += CEPH_ENCODING_START_BLK_LEN +
598 			ceph_oloc_encoding_size(&req->r_base_oloc); /* oloc */
599 	msg_size += 4 + req->r_base_oid.name_len; /* oid */
600 	msg_size += 2 + req->r_num_ops * sizeof(struct ceph_osd_op);
601 	msg_size += 8; /* snapid */
602 	msg_size += 8; /* snap_seq */
603 	msg_size += 4 + 8 * (req->r_snapc ? req->r_snapc->num_snaps : 0);
604 	msg_size += 4 + 8; /* retry_attempt, features */
605 
606 	if (req->r_mempool)
607 		msg = ceph_msgpool_get(&osdc->msgpool_op, msg_size,
608 				       num_request_data_items);
609 	else
610 		msg = ceph_msg_new2(CEPH_MSG_OSD_OP, msg_size,
611 				    num_request_data_items, gfp, true);
612 	if (!msg)
613 		return -ENOMEM;
614 
615 	memset(msg->front.iov_base, 0, msg->front.iov_len);
616 	req->r_request = msg;
617 
618 	/* create reply message */
619 	msg_size = OSD_OPREPLY_FRONT_LEN;
620 	msg_size += req->r_base_oid.name_len;
621 	msg_size += req->r_num_ops * sizeof(struct ceph_osd_op);
622 
623 	if (req->r_mempool)
624 		msg = ceph_msgpool_get(&osdc->msgpool_op_reply, msg_size,
625 				       num_reply_data_items);
626 	else
627 		msg = ceph_msg_new2(CEPH_MSG_OSD_OPREPLY, msg_size,
628 				    num_reply_data_items, gfp, true);
629 	if (!msg)
630 		return -ENOMEM;
631 
632 	req->r_reply = msg;
633 
634 	return 0;
635 }
636 
637 static bool osd_req_opcode_valid(u16 opcode)
638 {
639 	switch (opcode) {
640 #define GENERATE_CASE(op, opcode, str)	case CEPH_OSD_OP_##op: return true;
641 __CEPH_FORALL_OSD_OPS(GENERATE_CASE)
642 #undef GENERATE_CASE
643 	default:
644 		return false;
645 	}
646 }
647 
648 static void get_num_data_items(struct ceph_osd_request *req,
649 			       int *num_request_data_items,
650 			       int *num_reply_data_items)
651 {
652 	struct ceph_osd_req_op *op;
653 
654 	*num_request_data_items = 0;
655 	*num_reply_data_items = 0;
656 
657 	for (op = req->r_ops; op != &req->r_ops[req->r_num_ops]; op++) {
658 		switch (op->op) {
659 		/* request */
660 		case CEPH_OSD_OP_WRITE:
661 		case CEPH_OSD_OP_WRITEFULL:
662 		case CEPH_OSD_OP_SETXATTR:
663 		case CEPH_OSD_OP_CMPXATTR:
664 		case CEPH_OSD_OP_NOTIFY_ACK:
665 		case CEPH_OSD_OP_COPY_FROM2:
666 			*num_request_data_items += 1;
667 			break;
668 
669 		/* reply */
670 		case CEPH_OSD_OP_STAT:
671 		case CEPH_OSD_OP_READ:
672 		case CEPH_OSD_OP_LIST_WATCHERS:
673 			*num_reply_data_items += 1;
674 			break;
675 
676 		/* both */
677 		case CEPH_OSD_OP_NOTIFY:
678 			*num_request_data_items += 1;
679 			*num_reply_data_items += 1;
680 			break;
681 		case CEPH_OSD_OP_CALL:
682 			*num_request_data_items += 2;
683 			*num_reply_data_items += 1;
684 			break;
685 
686 		default:
687 			WARN_ON(!osd_req_opcode_valid(op->op));
688 			break;
689 		}
690 	}
691 }
692 
693 /*
694  * oid, oloc and OSD op opcode(s) must be filled in before this function
695  * is called.
696  */
697 int ceph_osdc_alloc_messages(struct ceph_osd_request *req, gfp_t gfp)
698 {
699 	int num_request_data_items, num_reply_data_items;
700 
701 	get_num_data_items(req, &num_request_data_items, &num_reply_data_items);
702 	return __ceph_osdc_alloc_messages(req, gfp, num_request_data_items,
703 					  num_reply_data_items);
704 }
705 EXPORT_SYMBOL(ceph_osdc_alloc_messages);
706 
707 /*
708  * This is an osd op init function for opcodes that have no data or
709  * other information associated with them.  It also serves as a
710  * common init routine for all the other init functions, below.
711  */
712 struct ceph_osd_req_op *
713 osd_req_op_init(struct ceph_osd_request *osd_req, unsigned int which,
714 		 u16 opcode, u32 flags)
715 {
716 	struct ceph_osd_req_op *op;
717 
718 	BUG_ON(which >= osd_req->r_num_ops);
719 	BUG_ON(!osd_req_opcode_valid(opcode));
720 
721 	op = &osd_req->r_ops[which];
722 	memset(op, 0, sizeof (*op));
723 	op->op = opcode;
724 	op->flags = flags;
725 
726 	return op;
727 }
728 EXPORT_SYMBOL(osd_req_op_init);
729 
730 void osd_req_op_extent_init(struct ceph_osd_request *osd_req,
731 				unsigned int which, u16 opcode,
732 				u64 offset, u64 length,
733 				u64 truncate_size, u32 truncate_seq)
734 {
735 	struct ceph_osd_req_op *op = osd_req_op_init(osd_req, which,
736 						     opcode, 0);
737 	size_t payload_len = 0;
738 
739 	BUG_ON(opcode != CEPH_OSD_OP_READ && opcode != CEPH_OSD_OP_WRITE &&
740 	       opcode != CEPH_OSD_OP_WRITEFULL && opcode != CEPH_OSD_OP_ZERO &&
741 	       opcode != CEPH_OSD_OP_TRUNCATE);
742 
743 	op->extent.offset = offset;
744 	op->extent.length = length;
745 	op->extent.truncate_size = truncate_size;
746 	op->extent.truncate_seq = truncate_seq;
747 	if (opcode == CEPH_OSD_OP_WRITE || opcode == CEPH_OSD_OP_WRITEFULL)
748 		payload_len += length;
749 
750 	op->indata_len = payload_len;
751 }
752 EXPORT_SYMBOL(osd_req_op_extent_init);
753 
754 void osd_req_op_extent_update(struct ceph_osd_request *osd_req,
755 				unsigned int which, u64 length)
756 {
757 	struct ceph_osd_req_op *op;
758 	u64 previous;
759 
760 	BUG_ON(which >= osd_req->r_num_ops);
761 	op = &osd_req->r_ops[which];
762 	previous = op->extent.length;
763 
764 	if (length == previous)
765 		return;		/* Nothing to do */
766 	BUG_ON(length > previous);
767 
768 	op->extent.length = length;
769 	if (op->op == CEPH_OSD_OP_WRITE || op->op == CEPH_OSD_OP_WRITEFULL)
770 		op->indata_len -= previous - length;
771 }
772 EXPORT_SYMBOL(osd_req_op_extent_update);
773 
774 void osd_req_op_extent_dup_last(struct ceph_osd_request *osd_req,
775 				unsigned int which, u64 offset_inc)
776 {
777 	struct ceph_osd_req_op *op, *prev_op;
778 
779 	BUG_ON(which + 1 >= osd_req->r_num_ops);
780 
781 	prev_op = &osd_req->r_ops[which];
782 	op = osd_req_op_init(osd_req, which + 1, prev_op->op, prev_op->flags);
783 	/* dup previous one */
784 	op->indata_len = prev_op->indata_len;
785 	op->outdata_len = prev_op->outdata_len;
786 	op->extent = prev_op->extent;
787 	/* adjust offset */
788 	op->extent.offset += offset_inc;
789 	op->extent.length -= offset_inc;
790 
791 	if (op->op == CEPH_OSD_OP_WRITE || op->op == CEPH_OSD_OP_WRITEFULL)
792 		op->indata_len -= offset_inc;
793 }
794 EXPORT_SYMBOL(osd_req_op_extent_dup_last);
795 
796 int osd_req_op_cls_init(struct ceph_osd_request *osd_req, unsigned int which,
797 			const char *class, const char *method)
798 {
799 	struct ceph_osd_req_op *op;
800 	struct ceph_pagelist *pagelist;
801 	size_t payload_len = 0;
802 	size_t size;
803 	int ret;
804 
805 	op = osd_req_op_init(osd_req, which, CEPH_OSD_OP_CALL, 0);
806 
807 	pagelist = ceph_pagelist_alloc(GFP_NOFS);
808 	if (!pagelist)
809 		return -ENOMEM;
810 
811 	op->cls.class_name = class;
812 	size = strlen(class);
813 	BUG_ON(size > (size_t) U8_MAX);
814 	op->cls.class_len = size;
815 	ret = ceph_pagelist_append(pagelist, class, size);
816 	if (ret)
817 		goto err_pagelist_free;
818 	payload_len += size;
819 
820 	op->cls.method_name = method;
821 	size = strlen(method);
822 	BUG_ON(size > (size_t) U8_MAX);
823 	op->cls.method_len = size;
824 	ret = ceph_pagelist_append(pagelist, method, size);
825 	if (ret)
826 		goto err_pagelist_free;
827 	payload_len += size;
828 
829 	osd_req_op_cls_request_info_pagelist(osd_req, which, pagelist);
830 	op->indata_len = payload_len;
831 	return 0;
832 
833 err_pagelist_free:
834 	ceph_pagelist_release(pagelist);
835 	return ret;
836 }
837 EXPORT_SYMBOL(osd_req_op_cls_init);
838 
839 int osd_req_op_xattr_init(struct ceph_osd_request *osd_req, unsigned int which,
840 			  u16 opcode, const char *name, const void *value,
841 			  size_t size, u8 cmp_op, u8 cmp_mode)
842 {
843 	struct ceph_osd_req_op *op = osd_req_op_init(osd_req, which,
844 						     opcode, 0);
845 	struct ceph_pagelist *pagelist;
846 	size_t payload_len;
847 	int ret;
848 
849 	BUG_ON(opcode != CEPH_OSD_OP_SETXATTR && opcode != CEPH_OSD_OP_CMPXATTR);
850 
851 	pagelist = ceph_pagelist_alloc(GFP_NOFS);
852 	if (!pagelist)
853 		return -ENOMEM;
854 
855 	payload_len = strlen(name);
856 	op->xattr.name_len = payload_len;
857 	ret = ceph_pagelist_append(pagelist, name, payload_len);
858 	if (ret)
859 		goto err_pagelist_free;
860 
861 	op->xattr.value_len = size;
862 	ret = ceph_pagelist_append(pagelist, value, size);
863 	if (ret)
864 		goto err_pagelist_free;
865 	payload_len += size;
866 
867 	op->xattr.cmp_op = cmp_op;
868 	op->xattr.cmp_mode = cmp_mode;
869 
870 	ceph_osd_data_pagelist_init(&op->xattr.osd_data, pagelist);
871 	op->indata_len = payload_len;
872 	return 0;
873 
874 err_pagelist_free:
875 	ceph_pagelist_release(pagelist);
876 	return ret;
877 }
878 EXPORT_SYMBOL(osd_req_op_xattr_init);
879 
880 /*
881  * @watch_opcode: CEPH_OSD_WATCH_OP_*
882  */
883 static void osd_req_op_watch_init(struct ceph_osd_request *req, int which,
884 				  u8 watch_opcode, u64 cookie, u32 gen)
885 {
886 	struct ceph_osd_req_op *op;
887 
888 	op = osd_req_op_init(req, which, CEPH_OSD_OP_WATCH, 0);
889 	op->watch.cookie = cookie;
890 	op->watch.op = watch_opcode;
891 	op->watch.gen = gen;
892 }
893 
894 /*
895  * prot_ver, timeout and notify payload (may be empty) should already be
896  * encoded in @request_pl
897  */
898 static void osd_req_op_notify_init(struct ceph_osd_request *req, int which,
899 				   u64 cookie, struct ceph_pagelist *request_pl)
900 {
901 	struct ceph_osd_req_op *op;
902 
903 	op = osd_req_op_init(req, which, CEPH_OSD_OP_NOTIFY, 0);
904 	op->notify.cookie = cookie;
905 
906 	ceph_osd_data_pagelist_init(&op->notify.request_data, request_pl);
907 	op->indata_len = request_pl->length;
908 }
909 
910 /*
911  * @flags: CEPH_OSD_OP_ALLOC_HINT_FLAG_*
912  */
913 void osd_req_op_alloc_hint_init(struct ceph_osd_request *osd_req,
914 				unsigned int which,
915 				u64 expected_object_size,
916 				u64 expected_write_size,
917 				u32 flags)
918 {
919 	struct ceph_osd_req_op *op;
920 
921 	op = osd_req_op_init(osd_req, which, CEPH_OSD_OP_SETALLOCHINT, 0);
922 	op->alloc_hint.expected_object_size = expected_object_size;
923 	op->alloc_hint.expected_write_size = expected_write_size;
924 	op->alloc_hint.flags = flags;
925 
926 	/*
927 	 * CEPH_OSD_OP_SETALLOCHINT op is advisory and therefore deemed
928 	 * not worth a feature bit.  Set FAILOK per-op flag to make
929 	 * sure older osds don't trip over an unsupported opcode.
930 	 */
931 	op->flags |= CEPH_OSD_OP_FLAG_FAILOK;
932 }
933 EXPORT_SYMBOL(osd_req_op_alloc_hint_init);
934 
935 static void ceph_osdc_msg_data_add(struct ceph_msg *msg,
936 				struct ceph_osd_data *osd_data)
937 {
938 	u64 length = ceph_osd_data_length(osd_data);
939 
940 	if (osd_data->type == CEPH_OSD_DATA_TYPE_PAGES) {
941 		BUG_ON(length > (u64) SIZE_MAX);
942 		if (length)
943 			ceph_msg_data_add_pages(msg, osd_data->pages,
944 					length, osd_data->alignment, false);
945 	} else if (osd_data->type == CEPH_OSD_DATA_TYPE_PAGELIST) {
946 		BUG_ON(!length);
947 		ceph_msg_data_add_pagelist(msg, osd_data->pagelist);
948 #ifdef CONFIG_BLOCK
949 	} else if (osd_data->type == CEPH_OSD_DATA_TYPE_BIO) {
950 		ceph_msg_data_add_bio(msg, &osd_data->bio_pos, length);
951 #endif
952 	} else if (osd_data->type == CEPH_OSD_DATA_TYPE_BVECS) {
953 		ceph_msg_data_add_bvecs(msg, &osd_data->bvec_pos);
954 	} else {
955 		BUG_ON(osd_data->type != CEPH_OSD_DATA_TYPE_NONE);
956 	}
957 }
958 
959 static u32 osd_req_encode_op(struct ceph_osd_op *dst,
960 			     const struct ceph_osd_req_op *src)
961 {
962 	switch (src->op) {
963 	case CEPH_OSD_OP_STAT:
964 		break;
965 	case CEPH_OSD_OP_READ:
966 	case CEPH_OSD_OP_WRITE:
967 	case CEPH_OSD_OP_WRITEFULL:
968 	case CEPH_OSD_OP_ZERO:
969 	case CEPH_OSD_OP_TRUNCATE:
970 		dst->extent.offset = cpu_to_le64(src->extent.offset);
971 		dst->extent.length = cpu_to_le64(src->extent.length);
972 		dst->extent.truncate_size =
973 			cpu_to_le64(src->extent.truncate_size);
974 		dst->extent.truncate_seq =
975 			cpu_to_le32(src->extent.truncate_seq);
976 		break;
977 	case CEPH_OSD_OP_CALL:
978 		dst->cls.class_len = src->cls.class_len;
979 		dst->cls.method_len = src->cls.method_len;
980 		dst->cls.indata_len = cpu_to_le32(src->cls.indata_len);
981 		break;
982 	case CEPH_OSD_OP_WATCH:
983 		dst->watch.cookie = cpu_to_le64(src->watch.cookie);
984 		dst->watch.ver = cpu_to_le64(0);
985 		dst->watch.op = src->watch.op;
986 		dst->watch.gen = cpu_to_le32(src->watch.gen);
987 		break;
988 	case CEPH_OSD_OP_NOTIFY_ACK:
989 		break;
990 	case CEPH_OSD_OP_NOTIFY:
991 		dst->notify.cookie = cpu_to_le64(src->notify.cookie);
992 		break;
993 	case CEPH_OSD_OP_LIST_WATCHERS:
994 		break;
995 	case CEPH_OSD_OP_SETALLOCHINT:
996 		dst->alloc_hint.expected_object_size =
997 		    cpu_to_le64(src->alloc_hint.expected_object_size);
998 		dst->alloc_hint.expected_write_size =
999 		    cpu_to_le64(src->alloc_hint.expected_write_size);
1000 		dst->alloc_hint.flags = cpu_to_le32(src->alloc_hint.flags);
1001 		break;
1002 	case CEPH_OSD_OP_SETXATTR:
1003 	case CEPH_OSD_OP_CMPXATTR:
1004 		dst->xattr.name_len = cpu_to_le32(src->xattr.name_len);
1005 		dst->xattr.value_len = cpu_to_le32(src->xattr.value_len);
1006 		dst->xattr.cmp_op = src->xattr.cmp_op;
1007 		dst->xattr.cmp_mode = src->xattr.cmp_mode;
1008 		break;
1009 	case CEPH_OSD_OP_CREATE:
1010 	case CEPH_OSD_OP_DELETE:
1011 		break;
1012 	case CEPH_OSD_OP_COPY_FROM2:
1013 		dst->copy_from.snapid = cpu_to_le64(src->copy_from.snapid);
1014 		dst->copy_from.src_version =
1015 			cpu_to_le64(src->copy_from.src_version);
1016 		dst->copy_from.flags = src->copy_from.flags;
1017 		dst->copy_from.src_fadvise_flags =
1018 			cpu_to_le32(src->copy_from.src_fadvise_flags);
1019 		break;
1020 	default:
1021 		pr_err("unsupported osd opcode %s\n",
1022 			ceph_osd_op_name(src->op));
1023 		WARN_ON(1);
1024 
1025 		return 0;
1026 	}
1027 
1028 	dst->op = cpu_to_le16(src->op);
1029 	dst->flags = cpu_to_le32(src->flags);
1030 	dst->payload_len = cpu_to_le32(src->indata_len);
1031 
1032 	return src->indata_len;
1033 }
1034 
1035 /*
1036  * build new request AND message, calculate layout, and adjust file
1037  * extent as needed.
1038  *
1039  * if the file was recently truncated, we include information about its
1040  * old and new size so that the object can be updated appropriately.  (we
1041  * avoid synchronously deleting truncated objects because it's slow.)
1042  */
1043 struct ceph_osd_request *ceph_osdc_new_request(struct ceph_osd_client *osdc,
1044 					       struct ceph_file_layout *layout,
1045 					       struct ceph_vino vino,
1046 					       u64 off, u64 *plen,
1047 					       unsigned int which, int num_ops,
1048 					       int opcode, int flags,
1049 					       struct ceph_snap_context *snapc,
1050 					       u32 truncate_seq,
1051 					       u64 truncate_size,
1052 					       bool use_mempool)
1053 {
1054 	struct ceph_osd_request *req;
1055 	u64 objnum = 0;
1056 	u64 objoff = 0;
1057 	u64 objlen = 0;
1058 	int r;
1059 
1060 	BUG_ON(opcode != CEPH_OSD_OP_READ && opcode != CEPH_OSD_OP_WRITE &&
1061 	       opcode != CEPH_OSD_OP_ZERO && opcode != CEPH_OSD_OP_TRUNCATE &&
1062 	       opcode != CEPH_OSD_OP_CREATE && opcode != CEPH_OSD_OP_DELETE);
1063 
1064 	req = ceph_osdc_alloc_request(osdc, snapc, num_ops, use_mempool,
1065 					GFP_NOFS);
1066 	if (!req) {
1067 		r = -ENOMEM;
1068 		goto fail;
1069 	}
1070 
1071 	/* calculate max write size */
1072 	r = calc_layout(layout, off, plen, &objnum, &objoff, &objlen);
1073 	if (r)
1074 		goto fail;
1075 
1076 	if (opcode == CEPH_OSD_OP_CREATE || opcode == CEPH_OSD_OP_DELETE) {
1077 		osd_req_op_init(req, which, opcode, 0);
1078 	} else {
1079 		u32 object_size = layout->object_size;
1080 		u32 object_base = off - objoff;
1081 		if (!(truncate_seq == 1 && truncate_size == -1ULL)) {
1082 			if (truncate_size <= object_base) {
1083 				truncate_size = 0;
1084 			} else {
1085 				truncate_size -= object_base;
1086 				if (truncate_size > object_size)
1087 					truncate_size = object_size;
1088 			}
1089 		}
1090 		osd_req_op_extent_init(req, which, opcode, objoff, objlen,
1091 				       truncate_size, truncate_seq);
1092 	}
1093 
1094 	req->r_base_oloc.pool = layout->pool_id;
1095 	req->r_base_oloc.pool_ns = ceph_try_get_string(layout->pool_ns);
1096 	ceph_oid_printf(&req->r_base_oid, "%llx.%08llx", vino.ino, objnum);
1097 	req->r_flags = flags | osdc->client->options->read_from_replica;
1098 
1099 	req->r_snapid = vino.snap;
1100 	if (flags & CEPH_OSD_FLAG_WRITE)
1101 		req->r_data_offset = off;
1102 
1103 	if (num_ops > 1)
1104 		/*
1105 		 * This is a special case for ceph_writepages_start(), but it
1106 		 * also covers ceph_uninline_data().  If more multi-op request
1107 		 * use cases emerge, we will need a separate helper.
1108 		 */
1109 		r = __ceph_osdc_alloc_messages(req, GFP_NOFS, num_ops, 0);
1110 	else
1111 		r = ceph_osdc_alloc_messages(req, GFP_NOFS);
1112 	if (r)
1113 		goto fail;
1114 
1115 	return req;
1116 
1117 fail:
1118 	ceph_osdc_put_request(req);
1119 	return ERR_PTR(r);
1120 }
1121 EXPORT_SYMBOL(ceph_osdc_new_request);
1122 
1123 /*
1124  * We keep osd requests in an rbtree, sorted by ->r_tid.
1125  */
1126 DEFINE_RB_FUNCS(request, struct ceph_osd_request, r_tid, r_node)
1127 DEFINE_RB_FUNCS(request_mc, struct ceph_osd_request, r_tid, r_mc_node)
1128 
1129 /*
1130  * Call @fn on each OSD request as long as @fn returns 0.
1131  */
1132 static void for_each_request(struct ceph_osd_client *osdc,
1133 			int (*fn)(struct ceph_osd_request *req, void *arg),
1134 			void *arg)
1135 {
1136 	struct rb_node *n, *p;
1137 
1138 	for (n = rb_first(&osdc->osds); n; n = rb_next(n)) {
1139 		struct ceph_osd *osd = rb_entry(n, struct ceph_osd, o_node);
1140 
1141 		for (p = rb_first(&osd->o_requests); p; ) {
1142 			struct ceph_osd_request *req =
1143 			    rb_entry(p, struct ceph_osd_request, r_node);
1144 
1145 			p = rb_next(p);
1146 			if (fn(req, arg))
1147 				return;
1148 		}
1149 	}
1150 
1151 	for (p = rb_first(&osdc->homeless_osd.o_requests); p; ) {
1152 		struct ceph_osd_request *req =
1153 		    rb_entry(p, struct ceph_osd_request, r_node);
1154 
1155 		p = rb_next(p);
1156 		if (fn(req, arg))
1157 			return;
1158 	}
1159 }
1160 
1161 static bool osd_homeless(struct ceph_osd *osd)
1162 {
1163 	return osd->o_osd == CEPH_HOMELESS_OSD;
1164 }
1165 
1166 static bool osd_registered(struct ceph_osd *osd)
1167 {
1168 	verify_osdc_locked(osd->o_osdc);
1169 
1170 	return !RB_EMPTY_NODE(&osd->o_node);
1171 }
1172 
1173 /*
1174  * Assumes @osd is zero-initialized.
1175  */
1176 static void osd_init(struct ceph_osd *osd)
1177 {
1178 	refcount_set(&osd->o_ref, 1);
1179 	RB_CLEAR_NODE(&osd->o_node);
1180 	osd->o_requests = RB_ROOT;
1181 	osd->o_linger_requests = RB_ROOT;
1182 	osd->o_backoff_mappings = RB_ROOT;
1183 	osd->o_backoffs_by_id = RB_ROOT;
1184 	INIT_LIST_HEAD(&osd->o_osd_lru);
1185 	INIT_LIST_HEAD(&osd->o_keepalive_item);
1186 	osd->o_incarnation = 1;
1187 	mutex_init(&osd->lock);
1188 }
1189 
1190 static void osd_cleanup(struct ceph_osd *osd)
1191 {
1192 	WARN_ON(!RB_EMPTY_NODE(&osd->o_node));
1193 	WARN_ON(!RB_EMPTY_ROOT(&osd->o_requests));
1194 	WARN_ON(!RB_EMPTY_ROOT(&osd->o_linger_requests));
1195 	WARN_ON(!RB_EMPTY_ROOT(&osd->o_backoff_mappings));
1196 	WARN_ON(!RB_EMPTY_ROOT(&osd->o_backoffs_by_id));
1197 	WARN_ON(!list_empty(&osd->o_osd_lru));
1198 	WARN_ON(!list_empty(&osd->o_keepalive_item));
1199 
1200 	if (osd->o_auth.authorizer) {
1201 		WARN_ON(osd_homeless(osd));
1202 		ceph_auth_destroy_authorizer(osd->o_auth.authorizer);
1203 	}
1204 }
1205 
1206 /*
1207  * Track open sessions with osds.
1208  */
1209 static struct ceph_osd *create_osd(struct ceph_osd_client *osdc, int onum)
1210 {
1211 	struct ceph_osd *osd;
1212 
1213 	WARN_ON(onum == CEPH_HOMELESS_OSD);
1214 
1215 	osd = kzalloc(sizeof(*osd), GFP_NOIO | __GFP_NOFAIL);
1216 	osd_init(osd);
1217 	osd->o_osdc = osdc;
1218 	osd->o_osd = onum;
1219 
1220 	ceph_con_init(&osd->o_con, osd, &osd_con_ops, &osdc->client->msgr);
1221 
1222 	return osd;
1223 }
1224 
1225 static struct ceph_osd *get_osd(struct ceph_osd *osd)
1226 {
1227 	if (refcount_inc_not_zero(&osd->o_ref)) {
1228 		dout("get_osd %p %d -> %d\n", osd, refcount_read(&osd->o_ref)-1,
1229 		     refcount_read(&osd->o_ref));
1230 		return osd;
1231 	} else {
1232 		dout("get_osd %p FAIL\n", osd);
1233 		return NULL;
1234 	}
1235 }
1236 
1237 static void put_osd(struct ceph_osd *osd)
1238 {
1239 	dout("put_osd %p %d -> %d\n", osd, refcount_read(&osd->o_ref),
1240 	     refcount_read(&osd->o_ref) - 1);
1241 	if (refcount_dec_and_test(&osd->o_ref)) {
1242 		osd_cleanup(osd);
1243 		kfree(osd);
1244 	}
1245 }
1246 
1247 DEFINE_RB_FUNCS(osd, struct ceph_osd, o_osd, o_node)
1248 
1249 static void __move_osd_to_lru(struct ceph_osd *osd)
1250 {
1251 	struct ceph_osd_client *osdc = osd->o_osdc;
1252 
1253 	dout("%s osd %p osd%d\n", __func__, osd, osd->o_osd);
1254 	BUG_ON(!list_empty(&osd->o_osd_lru));
1255 
1256 	spin_lock(&osdc->osd_lru_lock);
1257 	list_add_tail(&osd->o_osd_lru, &osdc->osd_lru);
1258 	spin_unlock(&osdc->osd_lru_lock);
1259 
1260 	osd->lru_ttl = jiffies + osdc->client->options->osd_idle_ttl;
1261 }
1262 
1263 static void maybe_move_osd_to_lru(struct ceph_osd *osd)
1264 {
1265 	if (RB_EMPTY_ROOT(&osd->o_requests) &&
1266 	    RB_EMPTY_ROOT(&osd->o_linger_requests))
1267 		__move_osd_to_lru(osd);
1268 }
1269 
1270 static void __remove_osd_from_lru(struct ceph_osd *osd)
1271 {
1272 	struct ceph_osd_client *osdc = osd->o_osdc;
1273 
1274 	dout("%s osd %p osd%d\n", __func__, osd, osd->o_osd);
1275 
1276 	spin_lock(&osdc->osd_lru_lock);
1277 	if (!list_empty(&osd->o_osd_lru))
1278 		list_del_init(&osd->o_osd_lru);
1279 	spin_unlock(&osdc->osd_lru_lock);
1280 }
1281 
1282 /*
1283  * Close the connection and assign any leftover requests to the
1284  * homeless session.
1285  */
1286 static void close_osd(struct ceph_osd *osd)
1287 {
1288 	struct ceph_osd_client *osdc = osd->o_osdc;
1289 	struct rb_node *n;
1290 
1291 	verify_osdc_wrlocked(osdc);
1292 	dout("%s osd %p osd%d\n", __func__, osd, osd->o_osd);
1293 
1294 	ceph_con_close(&osd->o_con);
1295 
1296 	for (n = rb_first(&osd->o_requests); n; ) {
1297 		struct ceph_osd_request *req =
1298 		    rb_entry(n, struct ceph_osd_request, r_node);
1299 
1300 		n = rb_next(n); /* unlink_request() */
1301 
1302 		dout(" reassigning req %p tid %llu\n", req, req->r_tid);
1303 		unlink_request(osd, req);
1304 		link_request(&osdc->homeless_osd, req);
1305 	}
1306 	for (n = rb_first(&osd->o_linger_requests); n; ) {
1307 		struct ceph_osd_linger_request *lreq =
1308 		    rb_entry(n, struct ceph_osd_linger_request, node);
1309 
1310 		n = rb_next(n); /* unlink_linger() */
1311 
1312 		dout(" reassigning lreq %p linger_id %llu\n", lreq,
1313 		     lreq->linger_id);
1314 		unlink_linger(osd, lreq);
1315 		link_linger(&osdc->homeless_osd, lreq);
1316 	}
1317 	clear_backoffs(osd);
1318 
1319 	__remove_osd_from_lru(osd);
1320 	erase_osd(&osdc->osds, osd);
1321 	put_osd(osd);
1322 }
1323 
1324 /*
1325  * reset osd connect
1326  */
1327 static int reopen_osd(struct ceph_osd *osd)
1328 {
1329 	struct ceph_entity_addr *peer_addr;
1330 
1331 	dout("%s osd %p osd%d\n", __func__, osd, osd->o_osd);
1332 
1333 	if (RB_EMPTY_ROOT(&osd->o_requests) &&
1334 	    RB_EMPTY_ROOT(&osd->o_linger_requests)) {
1335 		close_osd(osd);
1336 		return -ENODEV;
1337 	}
1338 
1339 	peer_addr = &osd->o_osdc->osdmap->osd_addr[osd->o_osd];
1340 	if (!memcmp(peer_addr, &osd->o_con.peer_addr, sizeof (*peer_addr)) &&
1341 			!ceph_con_opened(&osd->o_con)) {
1342 		struct rb_node *n;
1343 
1344 		dout("osd addr hasn't changed and connection never opened, "
1345 		     "letting msgr retry\n");
1346 		/* touch each r_stamp for handle_timeout()'s benfit */
1347 		for (n = rb_first(&osd->o_requests); n; n = rb_next(n)) {
1348 			struct ceph_osd_request *req =
1349 			    rb_entry(n, struct ceph_osd_request, r_node);
1350 			req->r_stamp = jiffies;
1351 		}
1352 
1353 		return -EAGAIN;
1354 	}
1355 
1356 	ceph_con_close(&osd->o_con);
1357 	ceph_con_open(&osd->o_con, CEPH_ENTITY_TYPE_OSD, osd->o_osd, peer_addr);
1358 	osd->o_incarnation++;
1359 
1360 	return 0;
1361 }
1362 
1363 static struct ceph_osd *lookup_create_osd(struct ceph_osd_client *osdc, int o,
1364 					  bool wrlocked)
1365 {
1366 	struct ceph_osd *osd;
1367 
1368 	if (wrlocked)
1369 		verify_osdc_wrlocked(osdc);
1370 	else
1371 		verify_osdc_locked(osdc);
1372 
1373 	if (o != CEPH_HOMELESS_OSD)
1374 		osd = lookup_osd(&osdc->osds, o);
1375 	else
1376 		osd = &osdc->homeless_osd;
1377 	if (!osd) {
1378 		if (!wrlocked)
1379 			return ERR_PTR(-EAGAIN);
1380 
1381 		osd = create_osd(osdc, o);
1382 		insert_osd(&osdc->osds, osd);
1383 		ceph_con_open(&osd->o_con, CEPH_ENTITY_TYPE_OSD, osd->o_osd,
1384 			      &osdc->osdmap->osd_addr[osd->o_osd]);
1385 	}
1386 
1387 	dout("%s osdc %p osd%d -> osd %p\n", __func__, osdc, o, osd);
1388 	return osd;
1389 }
1390 
1391 /*
1392  * Create request <-> OSD session relation.
1393  *
1394  * @req has to be assigned a tid, @osd may be homeless.
1395  */
1396 static void link_request(struct ceph_osd *osd, struct ceph_osd_request *req)
1397 {
1398 	verify_osd_locked(osd);
1399 	WARN_ON(!req->r_tid || req->r_osd);
1400 	dout("%s osd %p osd%d req %p tid %llu\n", __func__, osd, osd->o_osd,
1401 	     req, req->r_tid);
1402 
1403 	if (!osd_homeless(osd))
1404 		__remove_osd_from_lru(osd);
1405 	else
1406 		atomic_inc(&osd->o_osdc->num_homeless);
1407 
1408 	get_osd(osd);
1409 	insert_request(&osd->o_requests, req);
1410 	req->r_osd = osd;
1411 }
1412 
1413 static void unlink_request(struct ceph_osd *osd, struct ceph_osd_request *req)
1414 {
1415 	verify_osd_locked(osd);
1416 	WARN_ON(req->r_osd != osd);
1417 	dout("%s osd %p osd%d req %p tid %llu\n", __func__, osd, osd->o_osd,
1418 	     req, req->r_tid);
1419 
1420 	req->r_osd = NULL;
1421 	erase_request(&osd->o_requests, req);
1422 	put_osd(osd);
1423 
1424 	if (!osd_homeless(osd))
1425 		maybe_move_osd_to_lru(osd);
1426 	else
1427 		atomic_dec(&osd->o_osdc->num_homeless);
1428 }
1429 
1430 static bool __pool_full(struct ceph_pg_pool_info *pi)
1431 {
1432 	return pi->flags & CEPH_POOL_FLAG_FULL;
1433 }
1434 
1435 static bool have_pool_full(struct ceph_osd_client *osdc)
1436 {
1437 	struct rb_node *n;
1438 
1439 	for (n = rb_first(&osdc->osdmap->pg_pools); n; n = rb_next(n)) {
1440 		struct ceph_pg_pool_info *pi =
1441 		    rb_entry(n, struct ceph_pg_pool_info, node);
1442 
1443 		if (__pool_full(pi))
1444 			return true;
1445 	}
1446 
1447 	return false;
1448 }
1449 
1450 static bool pool_full(struct ceph_osd_client *osdc, s64 pool_id)
1451 {
1452 	struct ceph_pg_pool_info *pi;
1453 
1454 	pi = ceph_pg_pool_by_id(osdc->osdmap, pool_id);
1455 	if (!pi)
1456 		return false;
1457 
1458 	return __pool_full(pi);
1459 }
1460 
1461 /*
1462  * Returns whether a request should be blocked from being sent
1463  * based on the current osdmap and osd_client settings.
1464  */
1465 static bool target_should_be_paused(struct ceph_osd_client *osdc,
1466 				    const struct ceph_osd_request_target *t,
1467 				    struct ceph_pg_pool_info *pi)
1468 {
1469 	bool pauserd = ceph_osdmap_flag(osdc, CEPH_OSDMAP_PAUSERD);
1470 	bool pausewr = ceph_osdmap_flag(osdc, CEPH_OSDMAP_PAUSEWR) ||
1471 		       ceph_osdmap_flag(osdc, CEPH_OSDMAP_FULL) ||
1472 		       __pool_full(pi);
1473 
1474 	WARN_ON(pi->id != t->target_oloc.pool);
1475 	return ((t->flags & CEPH_OSD_FLAG_READ) && pauserd) ||
1476 	       ((t->flags & CEPH_OSD_FLAG_WRITE) && pausewr) ||
1477 	       (osdc->osdmap->epoch < osdc->epoch_barrier);
1478 }
1479 
1480 static int pick_random_replica(const struct ceph_osds *acting)
1481 {
1482 	int i = get_random_u32_below(acting->size);
1483 
1484 	dout("%s picked osd%d, primary osd%d\n", __func__,
1485 	     acting->osds[i], acting->primary);
1486 	return i;
1487 }
1488 
1489 /*
1490  * Picks the closest replica based on client's location given by
1491  * crush_location option.  Prefers the primary if the locality is
1492  * the same.
1493  */
1494 static int pick_closest_replica(struct ceph_osd_client *osdc,
1495 				const struct ceph_osds *acting)
1496 {
1497 	struct ceph_options *opt = osdc->client->options;
1498 	int best_i, best_locality;
1499 	int i = 0, locality;
1500 
1501 	do {
1502 		locality = ceph_get_crush_locality(osdc->osdmap,
1503 						   acting->osds[i],
1504 						   &opt->crush_locs);
1505 		if (i == 0 ||
1506 		    (locality >= 0 && best_locality < 0) ||
1507 		    (locality >= 0 && best_locality >= 0 &&
1508 		     locality < best_locality)) {
1509 			best_i = i;
1510 			best_locality = locality;
1511 		}
1512 	} while (++i < acting->size);
1513 
1514 	dout("%s picked osd%d with locality %d, primary osd%d\n", __func__,
1515 	     acting->osds[best_i], best_locality, acting->primary);
1516 	return best_i;
1517 }
1518 
1519 enum calc_target_result {
1520 	CALC_TARGET_NO_ACTION = 0,
1521 	CALC_TARGET_NEED_RESEND,
1522 	CALC_TARGET_POOL_DNE,
1523 };
1524 
1525 static enum calc_target_result calc_target(struct ceph_osd_client *osdc,
1526 					   struct ceph_osd_request_target *t,
1527 					   bool any_change)
1528 {
1529 	struct ceph_pg_pool_info *pi;
1530 	struct ceph_pg pgid, last_pgid;
1531 	struct ceph_osds up, acting;
1532 	bool is_read = t->flags & CEPH_OSD_FLAG_READ;
1533 	bool is_write = t->flags & CEPH_OSD_FLAG_WRITE;
1534 	bool force_resend = false;
1535 	bool unpaused = false;
1536 	bool legacy_change = false;
1537 	bool split = false;
1538 	bool sort_bitwise = ceph_osdmap_flag(osdc, CEPH_OSDMAP_SORTBITWISE);
1539 	bool recovery_deletes = ceph_osdmap_flag(osdc,
1540 						 CEPH_OSDMAP_RECOVERY_DELETES);
1541 	enum calc_target_result ct_res;
1542 
1543 	t->epoch = osdc->osdmap->epoch;
1544 	pi = ceph_pg_pool_by_id(osdc->osdmap, t->base_oloc.pool);
1545 	if (!pi) {
1546 		t->osd = CEPH_HOMELESS_OSD;
1547 		ct_res = CALC_TARGET_POOL_DNE;
1548 		goto out;
1549 	}
1550 
1551 	if (osdc->osdmap->epoch == pi->last_force_request_resend) {
1552 		if (t->last_force_resend < pi->last_force_request_resend) {
1553 			t->last_force_resend = pi->last_force_request_resend;
1554 			force_resend = true;
1555 		} else if (t->last_force_resend == 0) {
1556 			force_resend = true;
1557 		}
1558 	}
1559 
1560 	/* apply tiering */
1561 	ceph_oid_copy(&t->target_oid, &t->base_oid);
1562 	ceph_oloc_copy(&t->target_oloc, &t->base_oloc);
1563 	if ((t->flags & CEPH_OSD_FLAG_IGNORE_OVERLAY) == 0) {
1564 		if (is_read && pi->read_tier >= 0)
1565 			t->target_oloc.pool = pi->read_tier;
1566 		if (is_write && pi->write_tier >= 0)
1567 			t->target_oloc.pool = pi->write_tier;
1568 
1569 		pi = ceph_pg_pool_by_id(osdc->osdmap, t->target_oloc.pool);
1570 		if (!pi) {
1571 			t->osd = CEPH_HOMELESS_OSD;
1572 			ct_res = CALC_TARGET_POOL_DNE;
1573 			goto out;
1574 		}
1575 	}
1576 
1577 	__ceph_object_locator_to_pg(pi, &t->target_oid, &t->target_oloc, &pgid);
1578 	last_pgid.pool = pgid.pool;
1579 	last_pgid.seed = ceph_stable_mod(pgid.seed, t->pg_num, t->pg_num_mask);
1580 
1581 	ceph_pg_to_up_acting_osds(osdc->osdmap, pi, &pgid, &up, &acting);
1582 	if (any_change &&
1583 	    ceph_is_new_interval(&t->acting,
1584 				 &acting,
1585 				 &t->up,
1586 				 &up,
1587 				 t->size,
1588 				 pi->size,
1589 				 t->min_size,
1590 				 pi->min_size,
1591 				 t->pg_num,
1592 				 pi->pg_num,
1593 				 t->sort_bitwise,
1594 				 sort_bitwise,
1595 				 t->recovery_deletes,
1596 				 recovery_deletes,
1597 				 &last_pgid))
1598 		force_resend = true;
1599 
1600 	if (t->paused && !target_should_be_paused(osdc, t, pi)) {
1601 		t->paused = false;
1602 		unpaused = true;
1603 	}
1604 	legacy_change = ceph_pg_compare(&t->pgid, &pgid) ||
1605 			ceph_osds_changed(&t->acting, &acting,
1606 					  t->used_replica || any_change);
1607 	if (t->pg_num)
1608 		split = ceph_pg_is_split(&last_pgid, t->pg_num, pi->pg_num);
1609 
1610 	if (legacy_change || force_resend || split) {
1611 		t->pgid = pgid; /* struct */
1612 		ceph_pg_to_primary_shard(osdc->osdmap, pi, &pgid, &t->spgid);
1613 		ceph_osds_copy(&t->acting, &acting);
1614 		ceph_osds_copy(&t->up, &up);
1615 		t->size = pi->size;
1616 		t->min_size = pi->min_size;
1617 		t->pg_num = pi->pg_num;
1618 		t->pg_num_mask = pi->pg_num_mask;
1619 		t->sort_bitwise = sort_bitwise;
1620 		t->recovery_deletes = recovery_deletes;
1621 
1622 		if ((t->flags & (CEPH_OSD_FLAG_BALANCE_READS |
1623 				 CEPH_OSD_FLAG_LOCALIZE_READS)) &&
1624 		    !is_write && pi->type == CEPH_POOL_TYPE_REP &&
1625 		    acting.size > 1) {
1626 			int pos;
1627 
1628 			WARN_ON(!is_read || acting.osds[0] != acting.primary);
1629 			if (t->flags & CEPH_OSD_FLAG_BALANCE_READS) {
1630 				pos = pick_random_replica(&acting);
1631 			} else {
1632 				pos = pick_closest_replica(osdc, &acting);
1633 			}
1634 			t->osd = acting.osds[pos];
1635 			t->used_replica = pos > 0;
1636 		} else {
1637 			t->osd = acting.primary;
1638 			t->used_replica = false;
1639 		}
1640 	}
1641 
1642 	if (unpaused || legacy_change || force_resend || split)
1643 		ct_res = CALC_TARGET_NEED_RESEND;
1644 	else
1645 		ct_res = CALC_TARGET_NO_ACTION;
1646 
1647 out:
1648 	dout("%s t %p -> %d%d%d%d ct_res %d osd%d\n", __func__, t, unpaused,
1649 	     legacy_change, force_resend, split, ct_res, t->osd);
1650 	return ct_res;
1651 }
1652 
1653 static struct ceph_spg_mapping *alloc_spg_mapping(void)
1654 {
1655 	struct ceph_spg_mapping *spg;
1656 
1657 	spg = kmalloc(sizeof(*spg), GFP_NOIO);
1658 	if (!spg)
1659 		return NULL;
1660 
1661 	RB_CLEAR_NODE(&spg->node);
1662 	spg->backoffs = RB_ROOT;
1663 	return spg;
1664 }
1665 
1666 static void free_spg_mapping(struct ceph_spg_mapping *spg)
1667 {
1668 	WARN_ON(!RB_EMPTY_NODE(&spg->node));
1669 	WARN_ON(!RB_EMPTY_ROOT(&spg->backoffs));
1670 
1671 	kfree(spg);
1672 }
1673 
1674 /*
1675  * rbtree of ceph_spg_mapping for handling map<spg_t, ...>, similar to
1676  * ceph_pg_mapping.  Used to track OSD backoffs -- a backoff [range] is
1677  * defined only within a specific spgid; it does not pass anything to
1678  * children on split, or to another primary.
1679  */
1680 DEFINE_RB_FUNCS2(spg_mapping, struct ceph_spg_mapping, spgid, ceph_spg_compare,
1681 		 RB_BYPTR, const struct ceph_spg *, node)
1682 
1683 static u64 hoid_get_bitwise_key(const struct ceph_hobject_id *hoid)
1684 {
1685 	return hoid->is_max ? 0x100000000ull : hoid->hash_reverse_bits;
1686 }
1687 
1688 static void hoid_get_effective_key(const struct ceph_hobject_id *hoid,
1689 				   void **pkey, size_t *pkey_len)
1690 {
1691 	if (hoid->key_len) {
1692 		*pkey = hoid->key;
1693 		*pkey_len = hoid->key_len;
1694 	} else {
1695 		*pkey = hoid->oid;
1696 		*pkey_len = hoid->oid_len;
1697 	}
1698 }
1699 
1700 static int compare_names(const void *name1, size_t name1_len,
1701 			 const void *name2, size_t name2_len)
1702 {
1703 	int ret;
1704 
1705 	ret = memcmp(name1, name2, min(name1_len, name2_len));
1706 	if (!ret) {
1707 		if (name1_len < name2_len)
1708 			ret = -1;
1709 		else if (name1_len > name2_len)
1710 			ret = 1;
1711 	}
1712 	return ret;
1713 }
1714 
1715 static int hoid_compare(const struct ceph_hobject_id *lhs,
1716 			const struct ceph_hobject_id *rhs)
1717 {
1718 	void *effective_key1, *effective_key2;
1719 	size_t effective_key1_len, effective_key2_len;
1720 	int ret;
1721 
1722 	if (lhs->is_max < rhs->is_max)
1723 		return -1;
1724 	if (lhs->is_max > rhs->is_max)
1725 		return 1;
1726 
1727 	if (lhs->pool < rhs->pool)
1728 		return -1;
1729 	if (lhs->pool > rhs->pool)
1730 		return 1;
1731 
1732 	if (hoid_get_bitwise_key(lhs) < hoid_get_bitwise_key(rhs))
1733 		return -1;
1734 	if (hoid_get_bitwise_key(lhs) > hoid_get_bitwise_key(rhs))
1735 		return 1;
1736 
1737 	ret = compare_names(lhs->nspace, lhs->nspace_len,
1738 			    rhs->nspace, rhs->nspace_len);
1739 	if (ret)
1740 		return ret;
1741 
1742 	hoid_get_effective_key(lhs, &effective_key1, &effective_key1_len);
1743 	hoid_get_effective_key(rhs, &effective_key2, &effective_key2_len);
1744 	ret = compare_names(effective_key1, effective_key1_len,
1745 			    effective_key2, effective_key2_len);
1746 	if (ret)
1747 		return ret;
1748 
1749 	ret = compare_names(lhs->oid, lhs->oid_len, rhs->oid, rhs->oid_len);
1750 	if (ret)
1751 		return ret;
1752 
1753 	if (lhs->snapid < rhs->snapid)
1754 		return -1;
1755 	if (lhs->snapid > rhs->snapid)
1756 		return 1;
1757 
1758 	return 0;
1759 }
1760 
1761 /*
1762  * For decoding ->begin and ->end of MOSDBackoff only -- no MIN/MAX
1763  * compat stuff here.
1764  *
1765  * Assumes @hoid is zero-initialized.
1766  */
1767 static int decode_hoid(void **p, void *end, struct ceph_hobject_id *hoid)
1768 {
1769 	u8 struct_v;
1770 	u32 struct_len;
1771 	int ret;
1772 
1773 	ret = ceph_start_decoding(p, end, 4, "hobject_t", &struct_v,
1774 				  &struct_len);
1775 	if (ret)
1776 		return ret;
1777 
1778 	if (struct_v < 4) {
1779 		pr_err("got struct_v %d < 4 of hobject_t\n", struct_v);
1780 		goto e_inval;
1781 	}
1782 
1783 	hoid->key = ceph_extract_encoded_string(p, end, &hoid->key_len,
1784 						GFP_NOIO);
1785 	if (IS_ERR(hoid->key)) {
1786 		ret = PTR_ERR(hoid->key);
1787 		hoid->key = NULL;
1788 		return ret;
1789 	}
1790 
1791 	hoid->oid = ceph_extract_encoded_string(p, end, &hoid->oid_len,
1792 						GFP_NOIO);
1793 	if (IS_ERR(hoid->oid)) {
1794 		ret = PTR_ERR(hoid->oid);
1795 		hoid->oid = NULL;
1796 		return ret;
1797 	}
1798 
1799 	ceph_decode_64_safe(p, end, hoid->snapid, e_inval);
1800 	ceph_decode_32_safe(p, end, hoid->hash, e_inval);
1801 	ceph_decode_8_safe(p, end, hoid->is_max, e_inval);
1802 
1803 	hoid->nspace = ceph_extract_encoded_string(p, end, &hoid->nspace_len,
1804 						   GFP_NOIO);
1805 	if (IS_ERR(hoid->nspace)) {
1806 		ret = PTR_ERR(hoid->nspace);
1807 		hoid->nspace = NULL;
1808 		return ret;
1809 	}
1810 
1811 	ceph_decode_64_safe(p, end, hoid->pool, e_inval);
1812 
1813 	ceph_hoid_build_hash_cache(hoid);
1814 	return 0;
1815 
1816 e_inval:
1817 	return -EINVAL;
1818 }
1819 
1820 static int hoid_encoding_size(const struct ceph_hobject_id *hoid)
1821 {
1822 	return 8 + 4 + 1 + 8 + /* snapid, hash, is_max, pool */
1823 	       4 + hoid->key_len + 4 + hoid->oid_len + 4 + hoid->nspace_len;
1824 }
1825 
1826 static void encode_hoid(void **p, void *end, const struct ceph_hobject_id *hoid)
1827 {
1828 	ceph_start_encoding(p, 4, 3, hoid_encoding_size(hoid));
1829 	ceph_encode_string(p, end, hoid->key, hoid->key_len);
1830 	ceph_encode_string(p, end, hoid->oid, hoid->oid_len);
1831 	ceph_encode_64(p, hoid->snapid);
1832 	ceph_encode_32(p, hoid->hash);
1833 	ceph_encode_8(p, hoid->is_max);
1834 	ceph_encode_string(p, end, hoid->nspace, hoid->nspace_len);
1835 	ceph_encode_64(p, hoid->pool);
1836 }
1837 
1838 static void free_hoid(struct ceph_hobject_id *hoid)
1839 {
1840 	if (hoid) {
1841 		kfree(hoid->key);
1842 		kfree(hoid->oid);
1843 		kfree(hoid->nspace);
1844 		kfree(hoid);
1845 	}
1846 }
1847 
1848 static struct ceph_osd_backoff *alloc_backoff(void)
1849 {
1850 	struct ceph_osd_backoff *backoff;
1851 
1852 	backoff = kzalloc(sizeof(*backoff), GFP_NOIO);
1853 	if (!backoff)
1854 		return NULL;
1855 
1856 	RB_CLEAR_NODE(&backoff->spg_node);
1857 	RB_CLEAR_NODE(&backoff->id_node);
1858 	return backoff;
1859 }
1860 
1861 static void free_backoff(struct ceph_osd_backoff *backoff)
1862 {
1863 	WARN_ON(!RB_EMPTY_NODE(&backoff->spg_node));
1864 	WARN_ON(!RB_EMPTY_NODE(&backoff->id_node));
1865 
1866 	free_hoid(backoff->begin);
1867 	free_hoid(backoff->end);
1868 	kfree(backoff);
1869 }
1870 
1871 /*
1872  * Within a specific spgid, backoffs are managed by ->begin hoid.
1873  */
1874 DEFINE_RB_INSDEL_FUNCS2(backoff, struct ceph_osd_backoff, begin, hoid_compare,
1875 			RB_BYVAL, spg_node);
1876 
1877 static struct ceph_osd_backoff *lookup_containing_backoff(struct rb_root *root,
1878 					    const struct ceph_hobject_id *hoid)
1879 {
1880 	struct rb_node *n = root->rb_node;
1881 
1882 	while (n) {
1883 		struct ceph_osd_backoff *cur =
1884 		    rb_entry(n, struct ceph_osd_backoff, spg_node);
1885 		int cmp;
1886 
1887 		cmp = hoid_compare(hoid, cur->begin);
1888 		if (cmp < 0) {
1889 			n = n->rb_left;
1890 		} else if (cmp > 0) {
1891 			if (hoid_compare(hoid, cur->end) < 0)
1892 				return cur;
1893 
1894 			n = n->rb_right;
1895 		} else {
1896 			return cur;
1897 		}
1898 	}
1899 
1900 	return NULL;
1901 }
1902 
1903 /*
1904  * Each backoff has a unique id within its OSD session.
1905  */
1906 DEFINE_RB_FUNCS(backoff_by_id, struct ceph_osd_backoff, id, id_node)
1907 
1908 static void clear_backoffs(struct ceph_osd *osd)
1909 {
1910 	while (!RB_EMPTY_ROOT(&osd->o_backoff_mappings)) {
1911 		struct ceph_spg_mapping *spg =
1912 		    rb_entry(rb_first(&osd->o_backoff_mappings),
1913 			     struct ceph_spg_mapping, node);
1914 
1915 		while (!RB_EMPTY_ROOT(&spg->backoffs)) {
1916 			struct ceph_osd_backoff *backoff =
1917 			    rb_entry(rb_first(&spg->backoffs),
1918 				     struct ceph_osd_backoff, spg_node);
1919 
1920 			erase_backoff(&spg->backoffs, backoff);
1921 			erase_backoff_by_id(&osd->o_backoffs_by_id, backoff);
1922 			free_backoff(backoff);
1923 		}
1924 		erase_spg_mapping(&osd->o_backoff_mappings, spg);
1925 		free_spg_mapping(spg);
1926 	}
1927 }
1928 
1929 /*
1930  * Set up a temporary, non-owning view into @t.
1931  */
1932 static void hoid_fill_from_target(struct ceph_hobject_id *hoid,
1933 				  const struct ceph_osd_request_target *t)
1934 {
1935 	hoid->key = NULL;
1936 	hoid->key_len = 0;
1937 	hoid->oid = t->target_oid.name;
1938 	hoid->oid_len = t->target_oid.name_len;
1939 	hoid->snapid = CEPH_NOSNAP;
1940 	hoid->hash = t->pgid.seed;
1941 	hoid->is_max = false;
1942 	if (t->target_oloc.pool_ns) {
1943 		hoid->nspace = t->target_oloc.pool_ns->str;
1944 		hoid->nspace_len = t->target_oloc.pool_ns->len;
1945 	} else {
1946 		hoid->nspace = NULL;
1947 		hoid->nspace_len = 0;
1948 	}
1949 	hoid->pool = t->target_oloc.pool;
1950 	ceph_hoid_build_hash_cache(hoid);
1951 }
1952 
1953 static bool should_plug_request(struct ceph_osd_request *req)
1954 {
1955 	struct ceph_osd *osd = req->r_osd;
1956 	struct ceph_spg_mapping *spg;
1957 	struct ceph_osd_backoff *backoff;
1958 	struct ceph_hobject_id hoid;
1959 
1960 	spg = lookup_spg_mapping(&osd->o_backoff_mappings, &req->r_t.spgid);
1961 	if (!spg)
1962 		return false;
1963 
1964 	hoid_fill_from_target(&hoid, &req->r_t);
1965 	backoff = lookup_containing_backoff(&spg->backoffs, &hoid);
1966 	if (!backoff)
1967 		return false;
1968 
1969 	dout("%s req %p tid %llu backoff osd%d spgid %llu.%xs%d id %llu\n",
1970 	     __func__, req, req->r_tid, osd->o_osd, backoff->spgid.pgid.pool,
1971 	     backoff->spgid.pgid.seed, backoff->spgid.shard, backoff->id);
1972 	return true;
1973 }
1974 
1975 /*
1976  * Keep get_num_data_items() in sync with this function.
1977  */
1978 static void setup_request_data(struct ceph_osd_request *req)
1979 {
1980 	struct ceph_msg *request_msg = req->r_request;
1981 	struct ceph_msg *reply_msg = req->r_reply;
1982 	struct ceph_osd_req_op *op;
1983 
1984 	if (req->r_request->num_data_items || req->r_reply->num_data_items)
1985 		return;
1986 
1987 	WARN_ON(request_msg->data_length || reply_msg->data_length);
1988 	for (op = req->r_ops; op != &req->r_ops[req->r_num_ops]; op++) {
1989 		switch (op->op) {
1990 		/* request */
1991 		case CEPH_OSD_OP_WRITE:
1992 		case CEPH_OSD_OP_WRITEFULL:
1993 			WARN_ON(op->indata_len != op->extent.length);
1994 			ceph_osdc_msg_data_add(request_msg,
1995 					       &op->extent.osd_data);
1996 			break;
1997 		case CEPH_OSD_OP_SETXATTR:
1998 		case CEPH_OSD_OP_CMPXATTR:
1999 			WARN_ON(op->indata_len != op->xattr.name_len +
2000 						  op->xattr.value_len);
2001 			ceph_osdc_msg_data_add(request_msg,
2002 					       &op->xattr.osd_data);
2003 			break;
2004 		case CEPH_OSD_OP_NOTIFY_ACK:
2005 			ceph_osdc_msg_data_add(request_msg,
2006 					       &op->notify_ack.request_data);
2007 			break;
2008 		case CEPH_OSD_OP_COPY_FROM2:
2009 			ceph_osdc_msg_data_add(request_msg,
2010 					       &op->copy_from.osd_data);
2011 			break;
2012 
2013 		/* reply */
2014 		case CEPH_OSD_OP_STAT:
2015 			ceph_osdc_msg_data_add(reply_msg,
2016 					       &op->raw_data_in);
2017 			break;
2018 		case CEPH_OSD_OP_READ:
2019 			ceph_osdc_msg_data_add(reply_msg,
2020 					       &op->extent.osd_data);
2021 			break;
2022 		case CEPH_OSD_OP_LIST_WATCHERS:
2023 			ceph_osdc_msg_data_add(reply_msg,
2024 					       &op->list_watchers.response_data);
2025 			break;
2026 
2027 		/* both */
2028 		case CEPH_OSD_OP_CALL:
2029 			WARN_ON(op->indata_len != op->cls.class_len +
2030 						  op->cls.method_len +
2031 						  op->cls.indata_len);
2032 			ceph_osdc_msg_data_add(request_msg,
2033 					       &op->cls.request_info);
2034 			/* optional, can be NONE */
2035 			ceph_osdc_msg_data_add(request_msg,
2036 					       &op->cls.request_data);
2037 			/* optional, can be NONE */
2038 			ceph_osdc_msg_data_add(reply_msg,
2039 					       &op->cls.response_data);
2040 			break;
2041 		case CEPH_OSD_OP_NOTIFY:
2042 			ceph_osdc_msg_data_add(request_msg,
2043 					       &op->notify.request_data);
2044 			ceph_osdc_msg_data_add(reply_msg,
2045 					       &op->notify.response_data);
2046 			break;
2047 		}
2048 	}
2049 }
2050 
2051 static void encode_pgid(void **p, const struct ceph_pg *pgid)
2052 {
2053 	ceph_encode_8(p, 1);
2054 	ceph_encode_64(p, pgid->pool);
2055 	ceph_encode_32(p, pgid->seed);
2056 	ceph_encode_32(p, -1); /* preferred */
2057 }
2058 
2059 static void encode_spgid(void **p, const struct ceph_spg *spgid)
2060 {
2061 	ceph_start_encoding(p, 1, 1, CEPH_PGID_ENCODING_LEN + 1);
2062 	encode_pgid(p, &spgid->pgid);
2063 	ceph_encode_8(p, spgid->shard);
2064 }
2065 
2066 static void encode_oloc(void **p, void *end,
2067 			const struct ceph_object_locator *oloc)
2068 {
2069 	ceph_start_encoding(p, 5, 4, ceph_oloc_encoding_size(oloc));
2070 	ceph_encode_64(p, oloc->pool);
2071 	ceph_encode_32(p, -1); /* preferred */
2072 	ceph_encode_32(p, 0);  /* key len */
2073 	if (oloc->pool_ns)
2074 		ceph_encode_string(p, end, oloc->pool_ns->str,
2075 				   oloc->pool_ns->len);
2076 	else
2077 		ceph_encode_32(p, 0);
2078 }
2079 
2080 static void encode_request_partial(struct ceph_osd_request *req,
2081 				   struct ceph_msg *msg)
2082 {
2083 	void *p = msg->front.iov_base;
2084 	void *const end = p + msg->front_alloc_len;
2085 	u32 data_len = 0;
2086 	int i;
2087 
2088 	if (req->r_flags & CEPH_OSD_FLAG_WRITE) {
2089 		/* snapshots aren't writeable */
2090 		WARN_ON(req->r_snapid != CEPH_NOSNAP);
2091 	} else {
2092 		WARN_ON(req->r_mtime.tv_sec || req->r_mtime.tv_nsec ||
2093 			req->r_data_offset || req->r_snapc);
2094 	}
2095 
2096 	setup_request_data(req);
2097 
2098 	encode_spgid(&p, &req->r_t.spgid); /* actual spg */
2099 	ceph_encode_32(&p, req->r_t.pgid.seed); /* raw hash */
2100 	ceph_encode_32(&p, req->r_osdc->osdmap->epoch);
2101 	ceph_encode_32(&p, req->r_flags);
2102 
2103 	/* reqid */
2104 	ceph_start_encoding(&p, 2, 2, sizeof(struct ceph_osd_reqid));
2105 	memset(p, 0, sizeof(struct ceph_osd_reqid));
2106 	p += sizeof(struct ceph_osd_reqid);
2107 
2108 	/* trace */
2109 	memset(p, 0, sizeof(struct ceph_blkin_trace_info));
2110 	p += sizeof(struct ceph_blkin_trace_info);
2111 
2112 	ceph_encode_32(&p, 0); /* client_inc, always 0 */
2113 	ceph_encode_timespec64(p, &req->r_mtime);
2114 	p += sizeof(struct ceph_timespec);
2115 
2116 	encode_oloc(&p, end, &req->r_t.target_oloc);
2117 	ceph_encode_string(&p, end, req->r_t.target_oid.name,
2118 			   req->r_t.target_oid.name_len);
2119 
2120 	/* ops, can imply data */
2121 	ceph_encode_16(&p, req->r_num_ops);
2122 	for (i = 0; i < req->r_num_ops; i++) {
2123 		data_len += osd_req_encode_op(p, &req->r_ops[i]);
2124 		p += sizeof(struct ceph_osd_op);
2125 	}
2126 
2127 	ceph_encode_64(&p, req->r_snapid); /* snapid */
2128 	if (req->r_snapc) {
2129 		ceph_encode_64(&p, req->r_snapc->seq);
2130 		ceph_encode_32(&p, req->r_snapc->num_snaps);
2131 		for (i = 0; i < req->r_snapc->num_snaps; i++)
2132 			ceph_encode_64(&p, req->r_snapc->snaps[i]);
2133 	} else {
2134 		ceph_encode_64(&p, 0); /* snap_seq */
2135 		ceph_encode_32(&p, 0); /* snaps len */
2136 	}
2137 
2138 	ceph_encode_32(&p, req->r_attempts); /* retry_attempt */
2139 	BUG_ON(p > end - 8); /* space for features */
2140 
2141 	msg->hdr.version = cpu_to_le16(8); /* MOSDOp v8 */
2142 	/* front_len is finalized in encode_request_finish() */
2143 	msg->front.iov_len = p - msg->front.iov_base;
2144 	msg->hdr.front_len = cpu_to_le32(msg->front.iov_len);
2145 	msg->hdr.data_len = cpu_to_le32(data_len);
2146 	/*
2147 	 * The header "data_off" is a hint to the receiver allowing it
2148 	 * to align received data into its buffers such that there's no
2149 	 * need to re-copy it before writing it to disk (direct I/O).
2150 	 */
2151 	msg->hdr.data_off = cpu_to_le16(req->r_data_offset);
2152 
2153 	dout("%s req %p msg %p oid %s oid_len %d\n", __func__, req, msg,
2154 	     req->r_t.target_oid.name, req->r_t.target_oid.name_len);
2155 }
2156 
2157 static void encode_request_finish(struct ceph_msg *msg)
2158 {
2159 	void *p = msg->front.iov_base;
2160 	void *const partial_end = p + msg->front.iov_len;
2161 	void *const end = p + msg->front_alloc_len;
2162 
2163 	if (CEPH_HAVE_FEATURE(msg->con->peer_features, RESEND_ON_SPLIT)) {
2164 		/* luminous OSD -- encode features and be done */
2165 		p = partial_end;
2166 		ceph_encode_64(&p, msg->con->peer_features);
2167 	} else {
2168 		struct {
2169 			char spgid[CEPH_ENCODING_START_BLK_LEN +
2170 				   CEPH_PGID_ENCODING_LEN + 1];
2171 			__le32 hash;
2172 			__le32 epoch;
2173 			__le32 flags;
2174 			char reqid[CEPH_ENCODING_START_BLK_LEN +
2175 				   sizeof(struct ceph_osd_reqid)];
2176 			char trace[sizeof(struct ceph_blkin_trace_info)];
2177 			__le32 client_inc;
2178 			struct ceph_timespec mtime;
2179 		} __packed head;
2180 		struct ceph_pg pgid;
2181 		void *oloc, *oid, *tail;
2182 		int oloc_len, oid_len, tail_len;
2183 		int len;
2184 
2185 		/*
2186 		 * Pre-luminous OSD -- reencode v8 into v4 using @head
2187 		 * as a temporary buffer.  Encode the raw PG; the rest
2188 		 * is just a matter of moving oloc, oid and tail blobs
2189 		 * around.
2190 		 */
2191 		memcpy(&head, p, sizeof(head));
2192 		p += sizeof(head);
2193 
2194 		oloc = p;
2195 		p += CEPH_ENCODING_START_BLK_LEN;
2196 		pgid.pool = ceph_decode_64(&p);
2197 		p += 4 + 4; /* preferred, key len */
2198 		len = ceph_decode_32(&p);
2199 		p += len;   /* nspace */
2200 		oloc_len = p - oloc;
2201 
2202 		oid = p;
2203 		len = ceph_decode_32(&p);
2204 		p += len;
2205 		oid_len = p - oid;
2206 
2207 		tail = p;
2208 		tail_len = partial_end - p;
2209 
2210 		p = msg->front.iov_base;
2211 		ceph_encode_copy(&p, &head.client_inc, sizeof(head.client_inc));
2212 		ceph_encode_copy(&p, &head.epoch, sizeof(head.epoch));
2213 		ceph_encode_copy(&p, &head.flags, sizeof(head.flags));
2214 		ceph_encode_copy(&p, &head.mtime, sizeof(head.mtime));
2215 
2216 		/* reassert_version */
2217 		memset(p, 0, sizeof(struct ceph_eversion));
2218 		p += sizeof(struct ceph_eversion);
2219 
2220 		BUG_ON(p >= oloc);
2221 		memmove(p, oloc, oloc_len);
2222 		p += oloc_len;
2223 
2224 		pgid.seed = le32_to_cpu(head.hash);
2225 		encode_pgid(&p, &pgid); /* raw pg */
2226 
2227 		BUG_ON(p >= oid);
2228 		memmove(p, oid, oid_len);
2229 		p += oid_len;
2230 
2231 		/* tail -- ops, snapid, snapc, retry_attempt */
2232 		BUG_ON(p >= tail);
2233 		memmove(p, tail, tail_len);
2234 		p += tail_len;
2235 
2236 		msg->hdr.version = cpu_to_le16(4); /* MOSDOp v4 */
2237 	}
2238 
2239 	BUG_ON(p > end);
2240 	msg->front.iov_len = p - msg->front.iov_base;
2241 	msg->hdr.front_len = cpu_to_le32(msg->front.iov_len);
2242 
2243 	dout("%s msg %p tid %llu %u+%u+%u v%d\n", __func__, msg,
2244 	     le64_to_cpu(msg->hdr.tid), le32_to_cpu(msg->hdr.front_len),
2245 	     le32_to_cpu(msg->hdr.middle_len), le32_to_cpu(msg->hdr.data_len),
2246 	     le16_to_cpu(msg->hdr.version));
2247 }
2248 
2249 /*
2250  * @req has to be assigned a tid and registered.
2251  */
2252 static void send_request(struct ceph_osd_request *req)
2253 {
2254 	struct ceph_osd *osd = req->r_osd;
2255 
2256 	verify_osd_locked(osd);
2257 	WARN_ON(osd->o_osd != req->r_t.osd);
2258 
2259 	/* backoff? */
2260 	if (should_plug_request(req))
2261 		return;
2262 
2263 	/*
2264 	 * We may have a previously queued request message hanging
2265 	 * around.  Cancel it to avoid corrupting the msgr.
2266 	 */
2267 	if (req->r_sent)
2268 		ceph_msg_revoke(req->r_request);
2269 
2270 	req->r_flags |= CEPH_OSD_FLAG_KNOWN_REDIR;
2271 	if (req->r_attempts)
2272 		req->r_flags |= CEPH_OSD_FLAG_RETRY;
2273 	else
2274 		WARN_ON(req->r_flags & CEPH_OSD_FLAG_RETRY);
2275 
2276 	encode_request_partial(req, req->r_request);
2277 
2278 	dout("%s req %p tid %llu to pgid %llu.%x spgid %llu.%xs%d osd%d e%u flags 0x%x attempt %d\n",
2279 	     __func__, req, req->r_tid, req->r_t.pgid.pool, req->r_t.pgid.seed,
2280 	     req->r_t.spgid.pgid.pool, req->r_t.spgid.pgid.seed,
2281 	     req->r_t.spgid.shard, osd->o_osd, req->r_t.epoch, req->r_flags,
2282 	     req->r_attempts);
2283 
2284 	req->r_t.paused = false;
2285 	req->r_stamp = jiffies;
2286 	req->r_attempts++;
2287 
2288 	req->r_sent = osd->o_incarnation;
2289 	req->r_request->hdr.tid = cpu_to_le64(req->r_tid);
2290 	ceph_con_send(&osd->o_con, ceph_msg_get(req->r_request));
2291 }
2292 
2293 static void maybe_request_map(struct ceph_osd_client *osdc)
2294 {
2295 	bool continuous = false;
2296 
2297 	verify_osdc_locked(osdc);
2298 	WARN_ON(!osdc->osdmap->epoch);
2299 
2300 	if (ceph_osdmap_flag(osdc, CEPH_OSDMAP_FULL) ||
2301 	    ceph_osdmap_flag(osdc, CEPH_OSDMAP_PAUSERD) ||
2302 	    ceph_osdmap_flag(osdc, CEPH_OSDMAP_PAUSEWR)) {
2303 		dout("%s osdc %p continuous\n", __func__, osdc);
2304 		continuous = true;
2305 	} else {
2306 		dout("%s osdc %p onetime\n", __func__, osdc);
2307 	}
2308 
2309 	if (ceph_monc_want_map(&osdc->client->monc, CEPH_SUB_OSDMAP,
2310 			       osdc->osdmap->epoch + 1, continuous))
2311 		ceph_monc_renew_subs(&osdc->client->monc);
2312 }
2313 
2314 static void complete_request(struct ceph_osd_request *req, int err);
2315 static void send_map_check(struct ceph_osd_request *req);
2316 
2317 static void __submit_request(struct ceph_osd_request *req, bool wrlocked)
2318 {
2319 	struct ceph_osd_client *osdc = req->r_osdc;
2320 	struct ceph_osd *osd;
2321 	enum calc_target_result ct_res;
2322 	int err = 0;
2323 	bool need_send = false;
2324 	bool promoted = false;
2325 
2326 	WARN_ON(req->r_tid);
2327 	dout("%s req %p wrlocked %d\n", __func__, req, wrlocked);
2328 
2329 again:
2330 	ct_res = calc_target(osdc, &req->r_t, false);
2331 	if (ct_res == CALC_TARGET_POOL_DNE && !wrlocked)
2332 		goto promote;
2333 
2334 	osd = lookup_create_osd(osdc, req->r_t.osd, wrlocked);
2335 	if (IS_ERR(osd)) {
2336 		WARN_ON(PTR_ERR(osd) != -EAGAIN || wrlocked);
2337 		goto promote;
2338 	}
2339 
2340 	if (osdc->abort_err) {
2341 		dout("req %p abort_err %d\n", req, osdc->abort_err);
2342 		err = osdc->abort_err;
2343 	} else if (osdc->osdmap->epoch < osdc->epoch_barrier) {
2344 		dout("req %p epoch %u barrier %u\n", req, osdc->osdmap->epoch,
2345 		     osdc->epoch_barrier);
2346 		req->r_t.paused = true;
2347 		maybe_request_map(osdc);
2348 	} else if ((req->r_flags & CEPH_OSD_FLAG_WRITE) &&
2349 		   ceph_osdmap_flag(osdc, CEPH_OSDMAP_PAUSEWR)) {
2350 		dout("req %p pausewr\n", req);
2351 		req->r_t.paused = true;
2352 		maybe_request_map(osdc);
2353 	} else if ((req->r_flags & CEPH_OSD_FLAG_READ) &&
2354 		   ceph_osdmap_flag(osdc, CEPH_OSDMAP_PAUSERD)) {
2355 		dout("req %p pauserd\n", req);
2356 		req->r_t.paused = true;
2357 		maybe_request_map(osdc);
2358 	} else if ((req->r_flags & CEPH_OSD_FLAG_WRITE) &&
2359 		   !(req->r_flags & (CEPH_OSD_FLAG_FULL_TRY |
2360 				     CEPH_OSD_FLAG_FULL_FORCE)) &&
2361 		   (ceph_osdmap_flag(osdc, CEPH_OSDMAP_FULL) ||
2362 		    pool_full(osdc, req->r_t.base_oloc.pool))) {
2363 		dout("req %p full/pool_full\n", req);
2364 		if (ceph_test_opt(osdc->client, ABORT_ON_FULL)) {
2365 			err = -ENOSPC;
2366 		} else {
2367 			if (ceph_osdmap_flag(osdc, CEPH_OSDMAP_FULL))
2368 				pr_warn_ratelimited("cluster is full (osdmap FULL)\n");
2369 			else
2370 				pr_warn_ratelimited("pool %lld is full or reached quota\n",
2371 						    req->r_t.base_oloc.pool);
2372 			req->r_t.paused = true;
2373 			maybe_request_map(osdc);
2374 		}
2375 	} else if (!osd_homeless(osd)) {
2376 		need_send = true;
2377 	} else {
2378 		maybe_request_map(osdc);
2379 	}
2380 
2381 	mutex_lock(&osd->lock);
2382 	/*
2383 	 * Assign the tid atomically with send_request() to protect
2384 	 * multiple writes to the same object from racing with each
2385 	 * other, resulting in out of order ops on the OSDs.
2386 	 */
2387 	req->r_tid = atomic64_inc_return(&osdc->last_tid);
2388 	link_request(osd, req);
2389 	if (need_send)
2390 		send_request(req);
2391 	else if (err)
2392 		complete_request(req, err);
2393 	mutex_unlock(&osd->lock);
2394 
2395 	if (!err && ct_res == CALC_TARGET_POOL_DNE)
2396 		send_map_check(req);
2397 
2398 	if (promoted)
2399 		downgrade_write(&osdc->lock);
2400 	return;
2401 
2402 promote:
2403 	up_read(&osdc->lock);
2404 	down_write(&osdc->lock);
2405 	wrlocked = true;
2406 	promoted = true;
2407 	goto again;
2408 }
2409 
2410 static void account_request(struct ceph_osd_request *req)
2411 {
2412 	WARN_ON(req->r_flags & (CEPH_OSD_FLAG_ACK | CEPH_OSD_FLAG_ONDISK));
2413 	WARN_ON(!(req->r_flags & (CEPH_OSD_FLAG_READ | CEPH_OSD_FLAG_WRITE)));
2414 
2415 	req->r_flags |= CEPH_OSD_FLAG_ONDISK;
2416 	atomic_inc(&req->r_osdc->num_requests);
2417 
2418 	req->r_start_stamp = jiffies;
2419 	req->r_start_latency = ktime_get();
2420 }
2421 
2422 static void submit_request(struct ceph_osd_request *req, bool wrlocked)
2423 {
2424 	ceph_osdc_get_request(req);
2425 	account_request(req);
2426 	__submit_request(req, wrlocked);
2427 }
2428 
2429 static void finish_request(struct ceph_osd_request *req)
2430 {
2431 	struct ceph_osd_client *osdc = req->r_osdc;
2432 
2433 	WARN_ON(lookup_request_mc(&osdc->map_checks, req->r_tid));
2434 	dout("%s req %p tid %llu\n", __func__, req, req->r_tid);
2435 
2436 	req->r_end_latency = ktime_get();
2437 
2438 	if (req->r_osd)
2439 		unlink_request(req->r_osd, req);
2440 	atomic_dec(&osdc->num_requests);
2441 
2442 	/*
2443 	 * If an OSD has failed or returned and a request has been sent
2444 	 * twice, it's possible to get a reply and end up here while the
2445 	 * request message is queued for delivery.  We will ignore the
2446 	 * reply, so not a big deal, but better to try and catch it.
2447 	 */
2448 	ceph_msg_revoke(req->r_request);
2449 	ceph_msg_revoke_incoming(req->r_reply);
2450 }
2451 
2452 static void __complete_request(struct ceph_osd_request *req)
2453 {
2454 	dout("%s req %p tid %llu cb %ps result %d\n", __func__, req,
2455 	     req->r_tid, req->r_callback, req->r_result);
2456 
2457 	if (req->r_callback)
2458 		req->r_callback(req);
2459 	complete_all(&req->r_completion);
2460 	ceph_osdc_put_request(req);
2461 }
2462 
2463 static void complete_request_workfn(struct work_struct *work)
2464 {
2465 	struct ceph_osd_request *req =
2466 	    container_of(work, struct ceph_osd_request, r_complete_work);
2467 
2468 	__complete_request(req);
2469 }
2470 
2471 /*
2472  * This is open-coded in handle_reply().
2473  */
2474 static void complete_request(struct ceph_osd_request *req, int err)
2475 {
2476 	dout("%s req %p tid %llu err %d\n", __func__, req, req->r_tid, err);
2477 
2478 	req->r_result = err;
2479 	finish_request(req);
2480 
2481 	INIT_WORK(&req->r_complete_work, complete_request_workfn);
2482 	queue_work(req->r_osdc->completion_wq, &req->r_complete_work);
2483 }
2484 
2485 static void cancel_map_check(struct ceph_osd_request *req)
2486 {
2487 	struct ceph_osd_client *osdc = req->r_osdc;
2488 	struct ceph_osd_request *lookup_req;
2489 
2490 	verify_osdc_wrlocked(osdc);
2491 
2492 	lookup_req = lookup_request_mc(&osdc->map_checks, req->r_tid);
2493 	if (!lookup_req)
2494 		return;
2495 
2496 	WARN_ON(lookup_req != req);
2497 	erase_request_mc(&osdc->map_checks, req);
2498 	ceph_osdc_put_request(req);
2499 }
2500 
2501 static void cancel_request(struct ceph_osd_request *req)
2502 {
2503 	dout("%s req %p tid %llu\n", __func__, req, req->r_tid);
2504 
2505 	cancel_map_check(req);
2506 	finish_request(req);
2507 	complete_all(&req->r_completion);
2508 	ceph_osdc_put_request(req);
2509 }
2510 
2511 static void abort_request(struct ceph_osd_request *req, int err)
2512 {
2513 	dout("%s req %p tid %llu err %d\n", __func__, req, req->r_tid, err);
2514 
2515 	cancel_map_check(req);
2516 	complete_request(req, err);
2517 }
2518 
2519 static int abort_fn(struct ceph_osd_request *req, void *arg)
2520 {
2521 	int err = *(int *)arg;
2522 
2523 	abort_request(req, err);
2524 	return 0; /* continue iteration */
2525 }
2526 
2527 /*
2528  * Abort all in-flight requests with @err and arrange for all future
2529  * requests to be failed immediately.
2530  */
2531 void ceph_osdc_abort_requests(struct ceph_osd_client *osdc, int err)
2532 {
2533 	dout("%s osdc %p err %d\n", __func__, osdc, err);
2534 	down_write(&osdc->lock);
2535 	for_each_request(osdc, abort_fn, &err);
2536 	osdc->abort_err = err;
2537 	up_write(&osdc->lock);
2538 }
2539 EXPORT_SYMBOL(ceph_osdc_abort_requests);
2540 
2541 void ceph_osdc_clear_abort_err(struct ceph_osd_client *osdc)
2542 {
2543 	down_write(&osdc->lock);
2544 	osdc->abort_err = 0;
2545 	up_write(&osdc->lock);
2546 }
2547 EXPORT_SYMBOL(ceph_osdc_clear_abort_err);
2548 
2549 static void update_epoch_barrier(struct ceph_osd_client *osdc, u32 eb)
2550 {
2551 	if (likely(eb > osdc->epoch_barrier)) {
2552 		dout("updating epoch_barrier from %u to %u\n",
2553 				osdc->epoch_barrier, eb);
2554 		osdc->epoch_barrier = eb;
2555 		/* Request map if we're not to the barrier yet */
2556 		if (eb > osdc->osdmap->epoch)
2557 			maybe_request_map(osdc);
2558 	}
2559 }
2560 
2561 void ceph_osdc_update_epoch_barrier(struct ceph_osd_client *osdc, u32 eb)
2562 {
2563 	down_read(&osdc->lock);
2564 	if (unlikely(eb > osdc->epoch_barrier)) {
2565 		up_read(&osdc->lock);
2566 		down_write(&osdc->lock);
2567 		update_epoch_barrier(osdc, eb);
2568 		up_write(&osdc->lock);
2569 	} else {
2570 		up_read(&osdc->lock);
2571 	}
2572 }
2573 EXPORT_SYMBOL(ceph_osdc_update_epoch_barrier);
2574 
2575 /*
2576  * We can end up releasing caps as a result of abort_request().
2577  * In that case, we probably want to ensure that the cap release message
2578  * has an updated epoch barrier in it, so set the epoch barrier prior to
2579  * aborting the first request.
2580  */
2581 static int abort_on_full_fn(struct ceph_osd_request *req, void *arg)
2582 {
2583 	struct ceph_osd_client *osdc = req->r_osdc;
2584 	bool *victims = arg;
2585 
2586 	if ((req->r_flags & CEPH_OSD_FLAG_WRITE) &&
2587 	    (ceph_osdmap_flag(osdc, CEPH_OSDMAP_FULL) ||
2588 	     pool_full(osdc, req->r_t.base_oloc.pool))) {
2589 		if (!*victims) {
2590 			update_epoch_barrier(osdc, osdc->osdmap->epoch);
2591 			*victims = true;
2592 		}
2593 		abort_request(req, -ENOSPC);
2594 	}
2595 
2596 	return 0; /* continue iteration */
2597 }
2598 
2599 /*
2600  * Drop all pending requests that are stalled waiting on a full condition to
2601  * clear, and complete them with ENOSPC as the return code. Set the
2602  * osdc->epoch_barrier to the latest map epoch that we've seen if any were
2603  * cancelled.
2604  */
2605 static void ceph_osdc_abort_on_full(struct ceph_osd_client *osdc)
2606 {
2607 	bool victims = false;
2608 
2609 	if (ceph_test_opt(osdc->client, ABORT_ON_FULL) &&
2610 	    (ceph_osdmap_flag(osdc, CEPH_OSDMAP_FULL) || have_pool_full(osdc)))
2611 		for_each_request(osdc, abort_on_full_fn, &victims);
2612 }
2613 
2614 static void check_pool_dne(struct ceph_osd_request *req)
2615 {
2616 	struct ceph_osd_client *osdc = req->r_osdc;
2617 	struct ceph_osdmap *map = osdc->osdmap;
2618 
2619 	verify_osdc_wrlocked(osdc);
2620 	WARN_ON(!map->epoch);
2621 
2622 	if (req->r_attempts) {
2623 		/*
2624 		 * We sent a request earlier, which means that
2625 		 * previously the pool existed, and now it does not
2626 		 * (i.e., it was deleted).
2627 		 */
2628 		req->r_map_dne_bound = map->epoch;
2629 		dout("%s req %p tid %llu pool disappeared\n", __func__, req,
2630 		     req->r_tid);
2631 	} else {
2632 		dout("%s req %p tid %llu map_dne_bound %u have %u\n", __func__,
2633 		     req, req->r_tid, req->r_map_dne_bound, map->epoch);
2634 	}
2635 
2636 	if (req->r_map_dne_bound) {
2637 		if (map->epoch >= req->r_map_dne_bound) {
2638 			/* we had a new enough map */
2639 			pr_info_ratelimited("tid %llu pool does not exist\n",
2640 					    req->r_tid);
2641 			complete_request(req, -ENOENT);
2642 		}
2643 	} else {
2644 		send_map_check(req);
2645 	}
2646 }
2647 
2648 static void map_check_cb(struct ceph_mon_generic_request *greq)
2649 {
2650 	struct ceph_osd_client *osdc = &greq->monc->client->osdc;
2651 	struct ceph_osd_request *req;
2652 	u64 tid = greq->private_data;
2653 
2654 	WARN_ON(greq->result || !greq->u.newest);
2655 
2656 	down_write(&osdc->lock);
2657 	req = lookup_request_mc(&osdc->map_checks, tid);
2658 	if (!req) {
2659 		dout("%s tid %llu dne\n", __func__, tid);
2660 		goto out_unlock;
2661 	}
2662 
2663 	dout("%s req %p tid %llu map_dne_bound %u newest %llu\n", __func__,
2664 	     req, req->r_tid, req->r_map_dne_bound, greq->u.newest);
2665 	if (!req->r_map_dne_bound)
2666 		req->r_map_dne_bound = greq->u.newest;
2667 	erase_request_mc(&osdc->map_checks, req);
2668 	check_pool_dne(req);
2669 
2670 	ceph_osdc_put_request(req);
2671 out_unlock:
2672 	up_write(&osdc->lock);
2673 }
2674 
2675 static void send_map_check(struct ceph_osd_request *req)
2676 {
2677 	struct ceph_osd_client *osdc = req->r_osdc;
2678 	struct ceph_osd_request *lookup_req;
2679 	int ret;
2680 
2681 	verify_osdc_wrlocked(osdc);
2682 
2683 	lookup_req = lookup_request_mc(&osdc->map_checks, req->r_tid);
2684 	if (lookup_req) {
2685 		WARN_ON(lookup_req != req);
2686 		return;
2687 	}
2688 
2689 	ceph_osdc_get_request(req);
2690 	insert_request_mc(&osdc->map_checks, req);
2691 	ret = ceph_monc_get_version_async(&osdc->client->monc, "osdmap",
2692 					  map_check_cb, req->r_tid);
2693 	WARN_ON(ret);
2694 }
2695 
2696 /*
2697  * lingering requests, watch/notify v2 infrastructure
2698  */
2699 static void linger_release(struct kref *kref)
2700 {
2701 	struct ceph_osd_linger_request *lreq =
2702 	    container_of(kref, struct ceph_osd_linger_request, kref);
2703 
2704 	dout("%s lreq %p reg_req %p ping_req %p\n", __func__, lreq,
2705 	     lreq->reg_req, lreq->ping_req);
2706 	WARN_ON(!RB_EMPTY_NODE(&lreq->node));
2707 	WARN_ON(!RB_EMPTY_NODE(&lreq->osdc_node));
2708 	WARN_ON(!RB_EMPTY_NODE(&lreq->mc_node));
2709 	WARN_ON(!list_empty(&lreq->scan_item));
2710 	WARN_ON(!list_empty(&lreq->pending_lworks));
2711 	WARN_ON(lreq->osd);
2712 
2713 	if (lreq->request_pl)
2714 		ceph_pagelist_release(lreq->request_pl);
2715 	if (lreq->notify_id_pages)
2716 		ceph_release_page_vector(lreq->notify_id_pages, 1);
2717 
2718 	ceph_osdc_put_request(lreq->reg_req);
2719 	ceph_osdc_put_request(lreq->ping_req);
2720 	target_destroy(&lreq->t);
2721 	kfree(lreq);
2722 }
2723 
2724 static void linger_put(struct ceph_osd_linger_request *lreq)
2725 {
2726 	if (lreq)
2727 		kref_put(&lreq->kref, linger_release);
2728 }
2729 
2730 static struct ceph_osd_linger_request *
2731 linger_get(struct ceph_osd_linger_request *lreq)
2732 {
2733 	kref_get(&lreq->kref);
2734 	return lreq;
2735 }
2736 
2737 static struct ceph_osd_linger_request *
2738 linger_alloc(struct ceph_osd_client *osdc)
2739 {
2740 	struct ceph_osd_linger_request *lreq;
2741 
2742 	lreq = kzalloc(sizeof(*lreq), GFP_NOIO);
2743 	if (!lreq)
2744 		return NULL;
2745 
2746 	kref_init(&lreq->kref);
2747 	mutex_init(&lreq->lock);
2748 	RB_CLEAR_NODE(&lreq->node);
2749 	RB_CLEAR_NODE(&lreq->osdc_node);
2750 	RB_CLEAR_NODE(&lreq->mc_node);
2751 	INIT_LIST_HEAD(&lreq->scan_item);
2752 	INIT_LIST_HEAD(&lreq->pending_lworks);
2753 	init_completion(&lreq->reg_commit_wait);
2754 	init_completion(&lreq->notify_finish_wait);
2755 
2756 	lreq->osdc = osdc;
2757 	target_init(&lreq->t);
2758 
2759 	dout("%s lreq %p\n", __func__, lreq);
2760 	return lreq;
2761 }
2762 
2763 DEFINE_RB_INSDEL_FUNCS(linger, struct ceph_osd_linger_request, linger_id, node)
2764 DEFINE_RB_FUNCS(linger_osdc, struct ceph_osd_linger_request, linger_id, osdc_node)
2765 DEFINE_RB_FUNCS(linger_mc, struct ceph_osd_linger_request, linger_id, mc_node)
2766 
2767 /*
2768  * Create linger request <-> OSD session relation.
2769  *
2770  * @lreq has to be registered, @osd may be homeless.
2771  */
2772 static void link_linger(struct ceph_osd *osd,
2773 			struct ceph_osd_linger_request *lreq)
2774 {
2775 	verify_osd_locked(osd);
2776 	WARN_ON(!lreq->linger_id || lreq->osd);
2777 	dout("%s osd %p osd%d lreq %p linger_id %llu\n", __func__, osd,
2778 	     osd->o_osd, lreq, lreq->linger_id);
2779 
2780 	if (!osd_homeless(osd))
2781 		__remove_osd_from_lru(osd);
2782 	else
2783 		atomic_inc(&osd->o_osdc->num_homeless);
2784 
2785 	get_osd(osd);
2786 	insert_linger(&osd->o_linger_requests, lreq);
2787 	lreq->osd = osd;
2788 }
2789 
2790 static void unlink_linger(struct ceph_osd *osd,
2791 			  struct ceph_osd_linger_request *lreq)
2792 {
2793 	verify_osd_locked(osd);
2794 	WARN_ON(lreq->osd != osd);
2795 	dout("%s osd %p osd%d lreq %p linger_id %llu\n", __func__, osd,
2796 	     osd->o_osd, lreq, lreq->linger_id);
2797 
2798 	lreq->osd = NULL;
2799 	erase_linger(&osd->o_linger_requests, lreq);
2800 	put_osd(osd);
2801 
2802 	if (!osd_homeless(osd))
2803 		maybe_move_osd_to_lru(osd);
2804 	else
2805 		atomic_dec(&osd->o_osdc->num_homeless);
2806 }
2807 
2808 static bool __linger_registered(struct ceph_osd_linger_request *lreq)
2809 {
2810 	verify_osdc_locked(lreq->osdc);
2811 
2812 	return !RB_EMPTY_NODE(&lreq->osdc_node);
2813 }
2814 
2815 static bool linger_registered(struct ceph_osd_linger_request *lreq)
2816 {
2817 	struct ceph_osd_client *osdc = lreq->osdc;
2818 	bool registered;
2819 
2820 	down_read(&osdc->lock);
2821 	registered = __linger_registered(lreq);
2822 	up_read(&osdc->lock);
2823 
2824 	return registered;
2825 }
2826 
2827 static void linger_register(struct ceph_osd_linger_request *lreq)
2828 {
2829 	struct ceph_osd_client *osdc = lreq->osdc;
2830 
2831 	verify_osdc_wrlocked(osdc);
2832 	WARN_ON(lreq->linger_id);
2833 
2834 	linger_get(lreq);
2835 	lreq->linger_id = ++osdc->last_linger_id;
2836 	insert_linger_osdc(&osdc->linger_requests, lreq);
2837 }
2838 
2839 static void linger_unregister(struct ceph_osd_linger_request *lreq)
2840 {
2841 	struct ceph_osd_client *osdc = lreq->osdc;
2842 
2843 	verify_osdc_wrlocked(osdc);
2844 
2845 	erase_linger_osdc(&osdc->linger_requests, lreq);
2846 	linger_put(lreq);
2847 }
2848 
2849 static void cancel_linger_request(struct ceph_osd_request *req)
2850 {
2851 	struct ceph_osd_linger_request *lreq = req->r_priv;
2852 
2853 	WARN_ON(!req->r_linger);
2854 	cancel_request(req);
2855 	linger_put(lreq);
2856 }
2857 
2858 struct linger_work {
2859 	struct work_struct work;
2860 	struct ceph_osd_linger_request *lreq;
2861 	struct list_head pending_item;
2862 	unsigned long queued_stamp;
2863 
2864 	union {
2865 		struct {
2866 			u64 notify_id;
2867 			u64 notifier_id;
2868 			void *payload; /* points into @msg front */
2869 			size_t payload_len;
2870 
2871 			struct ceph_msg *msg; /* for ceph_msg_put() */
2872 		} notify;
2873 		struct {
2874 			int err;
2875 		} error;
2876 	};
2877 };
2878 
2879 static struct linger_work *lwork_alloc(struct ceph_osd_linger_request *lreq,
2880 				       work_func_t workfn)
2881 {
2882 	struct linger_work *lwork;
2883 
2884 	lwork = kzalloc(sizeof(*lwork), GFP_NOIO);
2885 	if (!lwork)
2886 		return NULL;
2887 
2888 	INIT_WORK(&lwork->work, workfn);
2889 	INIT_LIST_HEAD(&lwork->pending_item);
2890 	lwork->lreq = linger_get(lreq);
2891 
2892 	return lwork;
2893 }
2894 
2895 static void lwork_free(struct linger_work *lwork)
2896 {
2897 	struct ceph_osd_linger_request *lreq = lwork->lreq;
2898 
2899 	mutex_lock(&lreq->lock);
2900 	list_del(&lwork->pending_item);
2901 	mutex_unlock(&lreq->lock);
2902 
2903 	linger_put(lreq);
2904 	kfree(lwork);
2905 }
2906 
2907 static void lwork_queue(struct linger_work *lwork)
2908 {
2909 	struct ceph_osd_linger_request *lreq = lwork->lreq;
2910 	struct ceph_osd_client *osdc = lreq->osdc;
2911 
2912 	verify_lreq_locked(lreq);
2913 	WARN_ON(!list_empty(&lwork->pending_item));
2914 
2915 	lwork->queued_stamp = jiffies;
2916 	list_add_tail(&lwork->pending_item, &lreq->pending_lworks);
2917 	queue_work(osdc->notify_wq, &lwork->work);
2918 }
2919 
2920 static void do_watch_notify(struct work_struct *w)
2921 {
2922 	struct linger_work *lwork = container_of(w, struct linger_work, work);
2923 	struct ceph_osd_linger_request *lreq = lwork->lreq;
2924 
2925 	if (!linger_registered(lreq)) {
2926 		dout("%s lreq %p not registered\n", __func__, lreq);
2927 		goto out;
2928 	}
2929 
2930 	WARN_ON(!lreq->is_watch);
2931 	dout("%s lreq %p notify_id %llu notifier_id %llu payload_len %zu\n",
2932 	     __func__, lreq, lwork->notify.notify_id, lwork->notify.notifier_id,
2933 	     lwork->notify.payload_len);
2934 	lreq->wcb(lreq->data, lwork->notify.notify_id, lreq->linger_id,
2935 		  lwork->notify.notifier_id, lwork->notify.payload,
2936 		  lwork->notify.payload_len);
2937 
2938 out:
2939 	ceph_msg_put(lwork->notify.msg);
2940 	lwork_free(lwork);
2941 }
2942 
2943 static void do_watch_error(struct work_struct *w)
2944 {
2945 	struct linger_work *lwork = container_of(w, struct linger_work, work);
2946 	struct ceph_osd_linger_request *lreq = lwork->lreq;
2947 
2948 	if (!linger_registered(lreq)) {
2949 		dout("%s lreq %p not registered\n", __func__, lreq);
2950 		goto out;
2951 	}
2952 
2953 	dout("%s lreq %p err %d\n", __func__, lreq, lwork->error.err);
2954 	lreq->errcb(lreq->data, lreq->linger_id, lwork->error.err);
2955 
2956 out:
2957 	lwork_free(lwork);
2958 }
2959 
2960 static void queue_watch_error(struct ceph_osd_linger_request *lreq)
2961 {
2962 	struct linger_work *lwork;
2963 
2964 	lwork = lwork_alloc(lreq, do_watch_error);
2965 	if (!lwork) {
2966 		pr_err("failed to allocate error-lwork\n");
2967 		return;
2968 	}
2969 
2970 	lwork->error.err = lreq->last_error;
2971 	lwork_queue(lwork);
2972 }
2973 
2974 static void linger_reg_commit_complete(struct ceph_osd_linger_request *lreq,
2975 				       int result)
2976 {
2977 	if (!completion_done(&lreq->reg_commit_wait)) {
2978 		lreq->reg_commit_error = (result <= 0 ? result : 0);
2979 		complete_all(&lreq->reg_commit_wait);
2980 	}
2981 }
2982 
2983 static void linger_commit_cb(struct ceph_osd_request *req)
2984 {
2985 	struct ceph_osd_linger_request *lreq = req->r_priv;
2986 
2987 	mutex_lock(&lreq->lock);
2988 	if (req != lreq->reg_req) {
2989 		dout("%s lreq %p linger_id %llu unknown req (%p != %p)\n",
2990 		     __func__, lreq, lreq->linger_id, req, lreq->reg_req);
2991 		goto out;
2992 	}
2993 
2994 	dout("%s lreq %p linger_id %llu result %d\n", __func__, lreq,
2995 	     lreq->linger_id, req->r_result);
2996 	linger_reg_commit_complete(lreq, req->r_result);
2997 	lreq->committed = true;
2998 
2999 	if (!lreq->is_watch) {
3000 		struct ceph_osd_data *osd_data =
3001 		    osd_req_op_data(req, 0, notify, response_data);
3002 		void *p = page_address(osd_data->pages[0]);
3003 
3004 		WARN_ON(req->r_ops[0].op != CEPH_OSD_OP_NOTIFY ||
3005 			osd_data->type != CEPH_OSD_DATA_TYPE_PAGES);
3006 
3007 		/* make note of the notify_id */
3008 		if (req->r_ops[0].outdata_len >= sizeof(u64)) {
3009 			lreq->notify_id = ceph_decode_64(&p);
3010 			dout("lreq %p notify_id %llu\n", lreq,
3011 			     lreq->notify_id);
3012 		} else {
3013 			dout("lreq %p no notify_id\n", lreq);
3014 		}
3015 	}
3016 
3017 out:
3018 	mutex_unlock(&lreq->lock);
3019 	linger_put(lreq);
3020 }
3021 
3022 static int normalize_watch_error(int err)
3023 {
3024 	/*
3025 	 * Translate ENOENT -> ENOTCONN so that a delete->disconnection
3026 	 * notification and a failure to reconnect because we raced with
3027 	 * the delete appear the same to the user.
3028 	 */
3029 	if (err == -ENOENT)
3030 		err = -ENOTCONN;
3031 
3032 	return err;
3033 }
3034 
3035 static void linger_reconnect_cb(struct ceph_osd_request *req)
3036 {
3037 	struct ceph_osd_linger_request *lreq = req->r_priv;
3038 
3039 	mutex_lock(&lreq->lock);
3040 	if (req != lreq->reg_req) {
3041 		dout("%s lreq %p linger_id %llu unknown req (%p != %p)\n",
3042 		     __func__, lreq, lreq->linger_id, req, lreq->reg_req);
3043 		goto out;
3044 	}
3045 
3046 	dout("%s lreq %p linger_id %llu result %d last_error %d\n", __func__,
3047 	     lreq, lreq->linger_id, req->r_result, lreq->last_error);
3048 	if (req->r_result < 0) {
3049 		if (!lreq->last_error) {
3050 			lreq->last_error = normalize_watch_error(req->r_result);
3051 			queue_watch_error(lreq);
3052 		}
3053 	}
3054 
3055 out:
3056 	mutex_unlock(&lreq->lock);
3057 	linger_put(lreq);
3058 }
3059 
3060 static void send_linger(struct ceph_osd_linger_request *lreq)
3061 {
3062 	struct ceph_osd_client *osdc = lreq->osdc;
3063 	struct ceph_osd_request *req;
3064 	int ret;
3065 
3066 	verify_osdc_wrlocked(osdc);
3067 	mutex_lock(&lreq->lock);
3068 	dout("%s lreq %p linger_id %llu\n", __func__, lreq, lreq->linger_id);
3069 
3070 	if (lreq->reg_req) {
3071 		if (lreq->reg_req->r_osd)
3072 			cancel_linger_request(lreq->reg_req);
3073 		ceph_osdc_put_request(lreq->reg_req);
3074 	}
3075 
3076 	req = ceph_osdc_alloc_request(osdc, NULL, 1, true, GFP_NOIO);
3077 	BUG_ON(!req);
3078 
3079 	target_copy(&req->r_t, &lreq->t);
3080 	req->r_mtime = lreq->mtime;
3081 
3082 	if (lreq->is_watch && lreq->committed) {
3083 		osd_req_op_watch_init(req, 0, CEPH_OSD_WATCH_OP_RECONNECT,
3084 				      lreq->linger_id, ++lreq->register_gen);
3085 		dout("lreq %p reconnect register_gen %u\n", lreq,
3086 		     req->r_ops[0].watch.gen);
3087 		req->r_callback = linger_reconnect_cb;
3088 	} else {
3089 		if (lreq->is_watch) {
3090 			osd_req_op_watch_init(req, 0, CEPH_OSD_WATCH_OP_WATCH,
3091 					      lreq->linger_id, 0);
3092 		} else {
3093 			lreq->notify_id = 0;
3094 
3095 			refcount_inc(&lreq->request_pl->refcnt);
3096 			osd_req_op_notify_init(req, 0, lreq->linger_id,
3097 					       lreq->request_pl);
3098 			ceph_osd_data_pages_init(
3099 			    osd_req_op_data(req, 0, notify, response_data),
3100 			    lreq->notify_id_pages, PAGE_SIZE, 0, false, false);
3101 		}
3102 		dout("lreq %p register\n", lreq);
3103 		req->r_callback = linger_commit_cb;
3104 	}
3105 
3106 	ret = ceph_osdc_alloc_messages(req, GFP_NOIO);
3107 	BUG_ON(ret);
3108 
3109 	req->r_priv = linger_get(lreq);
3110 	req->r_linger = true;
3111 	lreq->reg_req = req;
3112 	mutex_unlock(&lreq->lock);
3113 
3114 	submit_request(req, true);
3115 }
3116 
3117 static void linger_ping_cb(struct ceph_osd_request *req)
3118 {
3119 	struct ceph_osd_linger_request *lreq = req->r_priv;
3120 
3121 	mutex_lock(&lreq->lock);
3122 	if (req != lreq->ping_req) {
3123 		dout("%s lreq %p linger_id %llu unknown req (%p != %p)\n",
3124 		     __func__, lreq, lreq->linger_id, req, lreq->ping_req);
3125 		goto out;
3126 	}
3127 
3128 	dout("%s lreq %p linger_id %llu result %d ping_sent %lu last_error %d\n",
3129 	     __func__, lreq, lreq->linger_id, req->r_result, lreq->ping_sent,
3130 	     lreq->last_error);
3131 	if (lreq->register_gen == req->r_ops[0].watch.gen) {
3132 		if (!req->r_result) {
3133 			lreq->watch_valid_thru = lreq->ping_sent;
3134 		} else if (!lreq->last_error) {
3135 			lreq->last_error = normalize_watch_error(req->r_result);
3136 			queue_watch_error(lreq);
3137 		}
3138 	} else {
3139 		dout("lreq %p register_gen %u ignoring old pong %u\n", lreq,
3140 		     lreq->register_gen, req->r_ops[0].watch.gen);
3141 	}
3142 
3143 out:
3144 	mutex_unlock(&lreq->lock);
3145 	linger_put(lreq);
3146 }
3147 
3148 static void send_linger_ping(struct ceph_osd_linger_request *lreq)
3149 {
3150 	struct ceph_osd_client *osdc = lreq->osdc;
3151 	struct ceph_osd_request *req;
3152 	int ret;
3153 
3154 	if (ceph_osdmap_flag(osdc, CEPH_OSDMAP_PAUSERD)) {
3155 		dout("%s PAUSERD\n", __func__);
3156 		return;
3157 	}
3158 
3159 	lreq->ping_sent = jiffies;
3160 	dout("%s lreq %p linger_id %llu ping_sent %lu register_gen %u\n",
3161 	     __func__, lreq, lreq->linger_id, lreq->ping_sent,
3162 	     lreq->register_gen);
3163 
3164 	if (lreq->ping_req) {
3165 		if (lreq->ping_req->r_osd)
3166 			cancel_linger_request(lreq->ping_req);
3167 		ceph_osdc_put_request(lreq->ping_req);
3168 	}
3169 
3170 	req = ceph_osdc_alloc_request(osdc, NULL, 1, true, GFP_NOIO);
3171 	BUG_ON(!req);
3172 
3173 	target_copy(&req->r_t, &lreq->t);
3174 	osd_req_op_watch_init(req, 0, CEPH_OSD_WATCH_OP_PING, lreq->linger_id,
3175 			      lreq->register_gen);
3176 	req->r_callback = linger_ping_cb;
3177 
3178 	ret = ceph_osdc_alloc_messages(req, GFP_NOIO);
3179 	BUG_ON(ret);
3180 
3181 	req->r_priv = linger_get(lreq);
3182 	req->r_linger = true;
3183 	lreq->ping_req = req;
3184 
3185 	ceph_osdc_get_request(req);
3186 	account_request(req);
3187 	req->r_tid = atomic64_inc_return(&osdc->last_tid);
3188 	link_request(lreq->osd, req);
3189 	send_request(req);
3190 }
3191 
3192 static void linger_submit(struct ceph_osd_linger_request *lreq)
3193 {
3194 	struct ceph_osd_client *osdc = lreq->osdc;
3195 	struct ceph_osd *osd;
3196 
3197 	down_write(&osdc->lock);
3198 	linger_register(lreq);
3199 
3200 	calc_target(osdc, &lreq->t, false);
3201 	osd = lookup_create_osd(osdc, lreq->t.osd, true);
3202 	link_linger(osd, lreq);
3203 
3204 	send_linger(lreq);
3205 	up_write(&osdc->lock);
3206 }
3207 
3208 static void cancel_linger_map_check(struct ceph_osd_linger_request *lreq)
3209 {
3210 	struct ceph_osd_client *osdc = lreq->osdc;
3211 	struct ceph_osd_linger_request *lookup_lreq;
3212 
3213 	verify_osdc_wrlocked(osdc);
3214 
3215 	lookup_lreq = lookup_linger_mc(&osdc->linger_map_checks,
3216 				       lreq->linger_id);
3217 	if (!lookup_lreq)
3218 		return;
3219 
3220 	WARN_ON(lookup_lreq != lreq);
3221 	erase_linger_mc(&osdc->linger_map_checks, lreq);
3222 	linger_put(lreq);
3223 }
3224 
3225 /*
3226  * @lreq has to be both registered and linked.
3227  */
3228 static void __linger_cancel(struct ceph_osd_linger_request *lreq)
3229 {
3230 	if (lreq->ping_req && lreq->ping_req->r_osd)
3231 		cancel_linger_request(lreq->ping_req);
3232 	if (lreq->reg_req && lreq->reg_req->r_osd)
3233 		cancel_linger_request(lreq->reg_req);
3234 	cancel_linger_map_check(lreq);
3235 	unlink_linger(lreq->osd, lreq);
3236 	linger_unregister(lreq);
3237 }
3238 
3239 static void linger_cancel(struct ceph_osd_linger_request *lreq)
3240 {
3241 	struct ceph_osd_client *osdc = lreq->osdc;
3242 
3243 	down_write(&osdc->lock);
3244 	if (__linger_registered(lreq))
3245 		__linger_cancel(lreq);
3246 	up_write(&osdc->lock);
3247 }
3248 
3249 static void send_linger_map_check(struct ceph_osd_linger_request *lreq);
3250 
3251 static void check_linger_pool_dne(struct ceph_osd_linger_request *lreq)
3252 {
3253 	struct ceph_osd_client *osdc = lreq->osdc;
3254 	struct ceph_osdmap *map = osdc->osdmap;
3255 
3256 	verify_osdc_wrlocked(osdc);
3257 	WARN_ON(!map->epoch);
3258 
3259 	if (lreq->register_gen) {
3260 		lreq->map_dne_bound = map->epoch;
3261 		dout("%s lreq %p linger_id %llu pool disappeared\n", __func__,
3262 		     lreq, lreq->linger_id);
3263 	} else {
3264 		dout("%s lreq %p linger_id %llu map_dne_bound %u have %u\n",
3265 		     __func__, lreq, lreq->linger_id, lreq->map_dne_bound,
3266 		     map->epoch);
3267 	}
3268 
3269 	if (lreq->map_dne_bound) {
3270 		if (map->epoch >= lreq->map_dne_bound) {
3271 			/* we had a new enough map */
3272 			pr_info("linger_id %llu pool does not exist\n",
3273 				lreq->linger_id);
3274 			linger_reg_commit_complete(lreq, -ENOENT);
3275 			__linger_cancel(lreq);
3276 		}
3277 	} else {
3278 		send_linger_map_check(lreq);
3279 	}
3280 }
3281 
3282 static void linger_map_check_cb(struct ceph_mon_generic_request *greq)
3283 {
3284 	struct ceph_osd_client *osdc = &greq->monc->client->osdc;
3285 	struct ceph_osd_linger_request *lreq;
3286 	u64 linger_id = greq->private_data;
3287 
3288 	WARN_ON(greq->result || !greq->u.newest);
3289 
3290 	down_write(&osdc->lock);
3291 	lreq = lookup_linger_mc(&osdc->linger_map_checks, linger_id);
3292 	if (!lreq) {
3293 		dout("%s linger_id %llu dne\n", __func__, linger_id);
3294 		goto out_unlock;
3295 	}
3296 
3297 	dout("%s lreq %p linger_id %llu map_dne_bound %u newest %llu\n",
3298 	     __func__, lreq, lreq->linger_id, lreq->map_dne_bound,
3299 	     greq->u.newest);
3300 	if (!lreq->map_dne_bound)
3301 		lreq->map_dne_bound = greq->u.newest;
3302 	erase_linger_mc(&osdc->linger_map_checks, lreq);
3303 	check_linger_pool_dne(lreq);
3304 
3305 	linger_put(lreq);
3306 out_unlock:
3307 	up_write(&osdc->lock);
3308 }
3309 
3310 static void send_linger_map_check(struct ceph_osd_linger_request *lreq)
3311 {
3312 	struct ceph_osd_client *osdc = lreq->osdc;
3313 	struct ceph_osd_linger_request *lookup_lreq;
3314 	int ret;
3315 
3316 	verify_osdc_wrlocked(osdc);
3317 
3318 	lookup_lreq = lookup_linger_mc(&osdc->linger_map_checks,
3319 				       lreq->linger_id);
3320 	if (lookup_lreq) {
3321 		WARN_ON(lookup_lreq != lreq);
3322 		return;
3323 	}
3324 
3325 	linger_get(lreq);
3326 	insert_linger_mc(&osdc->linger_map_checks, lreq);
3327 	ret = ceph_monc_get_version_async(&osdc->client->monc, "osdmap",
3328 					  linger_map_check_cb, lreq->linger_id);
3329 	WARN_ON(ret);
3330 }
3331 
3332 static int linger_reg_commit_wait(struct ceph_osd_linger_request *lreq)
3333 {
3334 	int ret;
3335 
3336 	dout("%s lreq %p linger_id %llu\n", __func__, lreq, lreq->linger_id);
3337 	ret = wait_for_completion_killable(&lreq->reg_commit_wait);
3338 	return ret ?: lreq->reg_commit_error;
3339 }
3340 
3341 static int linger_notify_finish_wait(struct ceph_osd_linger_request *lreq,
3342 				     unsigned long timeout)
3343 {
3344 	long left;
3345 
3346 	dout("%s lreq %p linger_id %llu\n", __func__, lreq, lreq->linger_id);
3347 	left = wait_for_completion_killable_timeout(&lreq->notify_finish_wait,
3348 						ceph_timeout_jiffies(timeout));
3349 	if (left <= 0)
3350 		left = left ?: -ETIMEDOUT;
3351 	else
3352 		left = lreq->notify_finish_error; /* completed */
3353 
3354 	return left;
3355 }
3356 
3357 /*
3358  * Timeout callback, called every N seconds.  When 1 or more OSD
3359  * requests has been active for more than N seconds, we send a keepalive
3360  * (tag + timestamp) to its OSD to ensure any communications channel
3361  * reset is detected.
3362  */
3363 static void handle_timeout(struct work_struct *work)
3364 {
3365 	struct ceph_osd_client *osdc =
3366 		container_of(work, struct ceph_osd_client, timeout_work.work);
3367 	struct ceph_options *opts = osdc->client->options;
3368 	unsigned long cutoff = jiffies - opts->osd_keepalive_timeout;
3369 	unsigned long expiry_cutoff = jiffies - opts->osd_request_timeout;
3370 	LIST_HEAD(slow_osds);
3371 	struct rb_node *n, *p;
3372 
3373 	dout("%s osdc %p\n", __func__, osdc);
3374 	down_write(&osdc->lock);
3375 
3376 	/*
3377 	 * ping osds that are a bit slow.  this ensures that if there
3378 	 * is a break in the TCP connection we will notice, and reopen
3379 	 * a connection with that osd (from the fault callback).
3380 	 */
3381 	for (n = rb_first(&osdc->osds); n; n = rb_next(n)) {
3382 		struct ceph_osd *osd = rb_entry(n, struct ceph_osd, o_node);
3383 		bool found = false;
3384 
3385 		for (p = rb_first(&osd->o_requests); p; ) {
3386 			struct ceph_osd_request *req =
3387 			    rb_entry(p, struct ceph_osd_request, r_node);
3388 
3389 			p = rb_next(p); /* abort_request() */
3390 
3391 			if (time_before(req->r_stamp, cutoff)) {
3392 				dout(" req %p tid %llu on osd%d is laggy\n",
3393 				     req, req->r_tid, osd->o_osd);
3394 				found = true;
3395 			}
3396 			if (opts->osd_request_timeout &&
3397 			    time_before(req->r_start_stamp, expiry_cutoff)) {
3398 				pr_err_ratelimited("tid %llu on osd%d timeout\n",
3399 				       req->r_tid, osd->o_osd);
3400 				abort_request(req, -ETIMEDOUT);
3401 			}
3402 		}
3403 		for (p = rb_first(&osd->o_linger_requests); p; p = rb_next(p)) {
3404 			struct ceph_osd_linger_request *lreq =
3405 			    rb_entry(p, struct ceph_osd_linger_request, node);
3406 
3407 			dout(" lreq %p linger_id %llu is served by osd%d\n",
3408 			     lreq, lreq->linger_id, osd->o_osd);
3409 			found = true;
3410 
3411 			mutex_lock(&lreq->lock);
3412 			if (lreq->is_watch && lreq->committed && !lreq->last_error)
3413 				send_linger_ping(lreq);
3414 			mutex_unlock(&lreq->lock);
3415 		}
3416 
3417 		if (found)
3418 			list_move_tail(&osd->o_keepalive_item, &slow_osds);
3419 	}
3420 
3421 	if (opts->osd_request_timeout) {
3422 		for (p = rb_first(&osdc->homeless_osd.o_requests); p; ) {
3423 			struct ceph_osd_request *req =
3424 			    rb_entry(p, struct ceph_osd_request, r_node);
3425 
3426 			p = rb_next(p); /* abort_request() */
3427 
3428 			if (time_before(req->r_start_stamp, expiry_cutoff)) {
3429 				pr_err_ratelimited("tid %llu on osd%d timeout\n",
3430 				       req->r_tid, osdc->homeless_osd.o_osd);
3431 				abort_request(req, -ETIMEDOUT);
3432 			}
3433 		}
3434 	}
3435 
3436 	if (atomic_read(&osdc->num_homeless) || !list_empty(&slow_osds))
3437 		maybe_request_map(osdc);
3438 
3439 	while (!list_empty(&slow_osds)) {
3440 		struct ceph_osd *osd = list_first_entry(&slow_osds,
3441 							struct ceph_osd,
3442 							o_keepalive_item);
3443 		list_del_init(&osd->o_keepalive_item);
3444 		ceph_con_keepalive(&osd->o_con);
3445 	}
3446 
3447 	up_write(&osdc->lock);
3448 	schedule_delayed_work(&osdc->timeout_work,
3449 			      osdc->client->options->osd_keepalive_timeout);
3450 }
3451 
3452 static void handle_osds_timeout(struct work_struct *work)
3453 {
3454 	struct ceph_osd_client *osdc =
3455 		container_of(work, struct ceph_osd_client,
3456 			     osds_timeout_work.work);
3457 	unsigned long delay = osdc->client->options->osd_idle_ttl / 4;
3458 	struct ceph_osd *osd, *nosd;
3459 
3460 	dout("%s osdc %p\n", __func__, osdc);
3461 	down_write(&osdc->lock);
3462 	list_for_each_entry_safe(osd, nosd, &osdc->osd_lru, o_osd_lru) {
3463 		if (time_before(jiffies, osd->lru_ttl))
3464 			break;
3465 
3466 		WARN_ON(!RB_EMPTY_ROOT(&osd->o_requests));
3467 		WARN_ON(!RB_EMPTY_ROOT(&osd->o_linger_requests));
3468 		close_osd(osd);
3469 	}
3470 
3471 	up_write(&osdc->lock);
3472 	schedule_delayed_work(&osdc->osds_timeout_work,
3473 			      round_jiffies_relative(delay));
3474 }
3475 
3476 static int ceph_oloc_decode(void **p, void *end,
3477 			    struct ceph_object_locator *oloc)
3478 {
3479 	u8 struct_v, struct_cv;
3480 	u32 len;
3481 	void *struct_end;
3482 	int ret = 0;
3483 
3484 	ceph_decode_need(p, end, 1 + 1 + 4, e_inval);
3485 	struct_v = ceph_decode_8(p);
3486 	struct_cv = ceph_decode_8(p);
3487 	if (struct_v < 3) {
3488 		pr_warn("got v %d < 3 cv %d of ceph_object_locator\n",
3489 			struct_v, struct_cv);
3490 		goto e_inval;
3491 	}
3492 	if (struct_cv > 6) {
3493 		pr_warn("got v %d cv %d > 6 of ceph_object_locator\n",
3494 			struct_v, struct_cv);
3495 		goto e_inval;
3496 	}
3497 	len = ceph_decode_32(p);
3498 	ceph_decode_need(p, end, len, e_inval);
3499 	struct_end = *p + len;
3500 
3501 	oloc->pool = ceph_decode_64(p);
3502 	*p += 4; /* skip preferred */
3503 
3504 	len = ceph_decode_32(p);
3505 	if (len > 0) {
3506 		pr_warn("ceph_object_locator::key is set\n");
3507 		goto e_inval;
3508 	}
3509 
3510 	if (struct_v >= 5) {
3511 		bool changed = false;
3512 
3513 		len = ceph_decode_32(p);
3514 		if (len > 0) {
3515 			ceph_decode_need(p, end, len, e_inval);
3516 			if (!oloc->pool_ns ||
3517 			    ceph_compare_string(oloc->pool_ns, *p, len))
3518 				changed = true;
3519 			*p += len;
3520 		} else {
3521 			if (oloc->pool_ns)
3522 				changed = true;
3523 		}
3524 		if (changed) {
3525 			/* redirect changes namespace */
3526 			pr_warn("ceph_object_locator::nspace is changed\n");
3527 			goto e_inval;
3528 		}
3529 	}
3530 
3531 	if (struct_v >= 6) {
3532 		s64 hash = ceph_decode_64(p);
3533 		if (hash != -1) {
3534 			pr_warn("ceph_object_locator::hash is set\n");
3535 			goto e_inval;
3536 		}
3537 	}
3538 
3539 	/* skip the rest */
3540 	*p = struct_end;
3541 out:
3542 	return ret;
3543 
3544 e_inval:
3545 	ret = -EINVAL;
3546 	goto out;
3547 }
3548 
3549 static int ceph_redirect_decode(void **p, void *end,
3550 				struct ceph_request_redirect *redir)
3551 {
3552 	u8 struct_v, struct_cv;
3553 	u32 len;
3554 	void *struct_end;
3555 	int ret;
3556 
3557 	ceph_decode_need(p, end, 1 + 1 + 4, e_inval);
3558 	struct_v = ceph_decode_8(p);
3559 	struct_cv = ceph_decode_8(p);
3560 	if (struct_cv > 1) {
3561 		pr_warn("got v %d cv %d > 1 of ceph_request_redirect\n",
3562 			struct_v, struct_cv);
3563 		goto e_inval;
3564 	}
3565 	len = ceph_decode_32(p);
3566 	ceph_decode_need(p, end, len, e_inval);
3567 	struct_end = *p + len;
3568 
3569 	ret = ceph_oloc_decode(p, end, &redir->oloc);
3570 	if (ret)
3571 		goto out;
3572 
3573 	len = ceph_decode_32(p);
3574 	if (len > 0) {
3575 		pr_warn("ceph_request_redirect::object_name is set\n");
3576 		goto e_inval;
3577 	}
3578 
3579 	/* skip the rest */
3580 	*p = struct_end;
3581 out:
3582 	return ret;
3583 
3584 e_inval:
3585 	ret = -EINVAL;
3586 	goto out;
3587 }
3588 
3589 struct MOSDOpReply {
3590 	struct ceph_pg pgid;
3591 	u64 flags;
3592 	int result;
3593 	u32 epoch;
3594 	int num_ops;
3595 	u32 outdata_len[CEPH_OSD_MAX_OPS];
3596 	s32 rval[CEPH_OSD_MAX_OPS];
3597 	int retry_attempt;
3598 	struct ceph_eversion replay_version;
3599 	u64 user_version;
3600 	struct ceph_request_redirect redirect;
3601 };
3602 
3603 static int decode_MOSDOpReply(const struct ceph_msg *msg, struct MOSDOpReply *m)
3604 {
3605 	void *p = msg->front.iov_base;
3606 	void *const end = p + msg->front.iov_len;
3607 	u16 version = le16_to_cpu(msg->hdr.version);
3608 	struct ceph_eversion bad_replay_version;
3609 	u8 decode_redir;
3610 	u32 len;
3611 	int ret;
3612 	int i;
3613 
3614 	ceph_decode_32_safe(&p, end, len, e_inval);
3615 	ceph_decode_need(&p, end, len, e_inval);
3616 	p += len; /* skip oid */
3617 
3618 	ret = ceph_decode_pgid(&p, end, &m->pgid);
3619 	if (ret)
3620 		return ret;
3621 
3622 	ceph_decode_64_safe(&p, end, m->flags, e_inval);
3623 	ceph_decode_32_safe(&p, end, m->result, e_inval);
3624 	ceph_decode_need(&p, end, sizeof(bad_replay_version), e_inval);
3625 	memcpy(&bad_replay_version, p, sizeof(bad_replay_version));
3626 	p += sizeof(bad_replay_version);
3627 	ceph_decode_32_safe(&p, end, m->epoch, e_inval);
3628 
3629 	ceph_decode_32_safe(&p, end, m->num_ops, e_inval);
3630 	if (m->num_ops > ARRAY_SIZE(m->outdata_len))
3631 		goto e_inval;
3632 
3633 	ceph_decode_need(&p, end, m->num_ops * sizeof(struct ceph_osd_op),
3634 			 e_inval);
3635 	for (i = 0; i < m->num_ops; i++) {
3636 		struct ceph_osd_op *op = p;
3637 
3638 		m->outdata_len[i] = le32_to_cpu(op->payload_len);
3639 		p += sizeof(*op);
3640 	}
3641 
3642 	ceph_decode_32_safe(&p, end, m->retry_attempt, e_inval);
3643 	for (i = 0; i < m->num_ops; i++)
3644 		ceph_decode_32_safe(&p, end, m->rval[i], e_inval);
3645 
3646 	if (version >= 5) {
3647 		ceph_decode_need(&p, end, sizeof(m->replay_version), e_inval);
3648 		memcpy(&m->replay_version, p, sizeof(m->replay_version));
3649 		p += sizeof(m->replay_version);
3650 		ceph_decode_64_safe(&p, end, m->user_version, e_inval);
3651 	} else {
3652 		m->replay_version = bad_replay_version; /* struct */
3653 		m->user_version = le64_to_cpu(m->replay_version.version);
3654 	}
3655 
3656 	if (version >= 6) {
3657 		if (version >= 7)
3658 			ceph_decode_8_safe(&p, end, decode_redir, e_inval);
3659 		else
3660 			decode_redir = 1;
3661 	} else {
3662 		decode_redir = 0;
3663 	}
3664 
3665 	if (decode_redir) {
3666 		ret = ceph_redirect_decode(&p, end, &m->redirect);
3667 		if (ret)
3668 			return ret;
3669 	} else {
3670 		ceph_oloc_init(&m->redirect.oloc);
3671 	}
3672 
3673 	return 0;
3674 
3675 e_inval:
3676 	return -EINVAL;
3677 }
3678 
3679 /*
3680  * Handle MOSDOpReply.  Set ->r_result and call the callback if it is
3681  * specified.
3682  */
3683 static void handle_reply(struct ceph_osd *osd, struct ceph_msg *msg)
3684 {
3685 	struct ceph_osd_client *osdc = osd->o_osdc;
3686 	struct ceph_osd_request *req;
3687 	struct MOSDOpReply m;
3688 	u64 tid = le64_to_cpu(msg->hdr.tid);
3689 	u32 data_len = 0;
3690 	int ret;
3691 	int i;
3692 
3693 	dout("%s msg %p tid %llu\n", __func__, msg, tid);
3694 
3695 	down_read(&osdc->lock);
3696 	if (!osd_registered(osd)) {
3697 		dout("%s osd%d unknown\n", __func__, osd->o_osd);
3698 		goto out_unlock_osdc;
3699 	}
3700 	WARN_ON(osd->o_osd != le64_to_cpu(msg->hdr.src.num));
3701 
3702 	mutex_lock(&osd->lock);
3703 	req = lookup_request(&osd->o_requests, tid);
3704 	if (!req) {
3705 		dout("%s osd%d tid %llu unknown\n", __func__, osd->o_osd, tid);
3706 		goto out_unlock_session;
3707 	}
3708 
3709 	m.redirect.oloc.pool_ns = req->r_t.target_oloc.pool_ns;
3710 	ret = decode_MOSDOpReply(msg, &m);
3711 	m.redirect.oloc.pool_ns = NULL;
3712 	if (ret) {
3713 		pr_err("failed to decode MOSDOpReply for tid %llu: %d\n",
3714 		       req->r_tid, ret);
3715 		ceph_msg_dump(msg);
3716 		goto fail_request;
3717 	}
3718 	dout("%s req %p tid %llu flags 0x%llx pgid %llu.%x epoch %u attempt %d v %u'%llu uv %llu\n",
3719 	     __func__, req, req->r_tid, m.flags, m.pgid.pool, m.pgid.seed,
3720 	     m.epoch, m.retry_attempt, le32_to_cpu(m.replay_version.epoch),
3721 	     le64_to_cpu(m.replay_version.version), m.user_version);
3722 
3723 	if (m.retry_attempt >= 0) {
3724 		if (m.retry_attempt != req->r_attempts - 1) {
3725 			dout("req %p tid %llu retry_attempt %d != %d, ignoring\n",
3726 			     req, req->r_tid, m.retry_attempt,
3727 			     req->r_attempts - 1);
3728 			goto out_unlock_session;
3729 		}
3730 	} else {
3731 		WARN_ON(1); /* MOSDOpReply v4 is assumed */
3732 	}
3733 
3734 	if (!ceph_oloc_empty(&m.redirect.oloc)) {
3735 		dout("req %p tid %llu redirect pool %lld\n", req, req->r_tid,
3736 		     m.redirect.oloc.pool);
3737 		unlink_request(osd, req);
3738 		mutex_unlock(&osd->lock);
3739 
3740 		/*
3741 		 * Not ceph_oloc_copy() - changing pool_ns is not
3742 		 * supported.
3743 		 */
3744 		req->r_t.target_oloc.pool = m.redirect.oloc.pool;
3745 		req->r_flags |= CEPH_OSD_FLAG_REDIRECTED |
3746 				CEPH_OSD_FLAG_IGNORE_OVERLAY |
3747 				CEPH_OSD_FLAG_IGNORE_CACHE;
3748 		req->r_tid = 0;
3749 		__submit_request(req, false);
3750 		goto out_unlock_osdc;
3751 	}
3752 
3753 	if (m.result == -EAGAIN) {
3754 		dout("req %p tid %llu EAGAIN\n", req, req->r_tid);
3755 		unlink_request(osd, req);
3756 		mutex_unlock(&osd->lock);
3757 
3758 		/*
3759 		 * The object is missing on the replica or not (yet)
3760 		 * readable.  Clear pgid to force a resend to the primary
3761 		 * via legacy_change.
3762 		 */
3763 		req->r_t.pgid.pool = 0;
3764 		req->r_t.pgid.seed = 0;
3765 		WARN_ON(!req->r_t.used_replica);
3766 		req->r_flags &= ~(CEPH_OSD_FLAG_BALANCE_READS |
3767 				  CEPH_OSD_FLAG_LOCALIZE_READS);
3768 		req->r_tid = 0;
3769 		__submit_request(req, false);
3770 		goto out_unlock_osdc;
3771 	}
3772 
3773 	if (m.num_ops != req->r_num_ops) {
3774 		pr_err("num_ops %d != %d for tid %llu\n", m.num_ops,
3775 		       req->r_num_ops, req->r_tid);
3776 		goto fail_request;
3777 	}
3778 	for (i = 0; i < req->r_num_ops; i++) {
3779 		dout(" req %p tid %llu op %d rval %d len %u\n", req,
3780 		     req->r_tid, i, m.rval[i], m.outdata_len[i]);
3781 		req->r_ops[i].rval = m.rval[i];
3782 		req->r_ops[i].outdata_len = m.outdata_len[i];
3783 		data_len += m.outdata_len[i];
3784 	}
3785 	if (data_len != le32_to_cpu(msg->hdr.data_len)) {
3786 		pr_err("sum of lens %u != %u for tid %llu\n", data_len,
3787 		       le32_to_cpu(msg->hdr.data_len), req->r_tid);
3788 		goto fail_request;
3789 	}
3790 	dout("%s req %p tid %llu result %d data_len %u\n", __func__,
3791 	     req, req->r_tid, m.result, data_len);
3792 
3793 	/*
3794 	 * Since we only ever request ONDISK, we should only ever get
3795 	 * one (type of) reply back.
3796 	 */
3797 	WARN_ON(!(m.flags & CEPH_OSD_FLAG_ONDISK));
3798 	req->r_result = m.result ?: data_len;
3799 	finish_request(req);
3800 	mutex_unlock(&osd->lock);
3801 	up_read(&osdc->lock);
3802 
3803 	__complete_request(req);
3804 	return;
3805 
3806 fail_request:
3807 	complete_request(req, -EIO);
3808 out_unlock_session:
3809 	mutex_unlock(&osd->lock);
3810 out_unlock_osdc:
3811 	up_read(&osdc->lock);
3812 }
3813 
3814 static void set_pool_was_full(struct ceph_osd_client *osdc)
3815 {
3816 	struct rb_node *n;
3817 
3818 	for (n = rb_first(&osdc->osdmap->pg_pools); n; n = rb_next(n)) {
3819 		struct ceph_pg_pool_info *pi =
3820 		    rb_entry(n, struct ceph_pg_pool_info, node);
3821 
3822 		pi->was_full = __pool_full(pi);
3823 	}
3824 }
3825 
3826 static bool pool_cleared_full(struct ceph_osd_client *osdc, s64 pool_id)
3827 {
3828 	struct ceph_pg_pool_info *pi;
3829 
3830 	pi = ceph_pg_pool_by_id(osdc->osdmap, pool_id);
3831 	if (!pi)
3832 		return false;
3833 
3834 	return pi->was_full && !__pool_full(pi);
3835 }
3836 
3837 static enum calc_target_result
3838 recalc_linger_target(struct ceph_osd_linger_request *lreq)
3839 {
3840 	struct ceph_osd_client *osdc = lreq->osdc;
3841 	enum calc_target_result ct_res;
3842 
3843 	ct_res = calc_target(osdc, &lreq->t, true);
3844 	if (ct_res == CALC_TARGET_NEED_RESEND) {
3845 		struct ceph_osd *osd;
3846 
3847 		osd = lookup_create_osd(osdc, lreq->t.osd, true);
3848 		if (osd != lreq->osd) {
3849 			unlink_linger(lreq->osd, lreq);
3850 			link_linger(osd, lreq);
3851 		}
3852 	}
3853 
3854 	return ct_res;
3855 }
3856 
3857 /*
3858  * Requeue requests whose mapping to an OSD has changed.
3859  */
3860 static void scan_requests(struct ceph_osd *osd,
3861 			  bool force_resend,
3862 			  bool cleared_full,
3863 			  bool check_pool_cleared_full,
3864 			  struct rb_root *need_resend,
3865 			  struct list_head *need_resend_linger)
3866 {
3867 	struct ceph_osd_client *osdc = osd->o_osdc;
3868 	struct rb_node *n;
3869 	bool force_resend_writes;
3870 
3871 	for (n = rb_first(&osd->o_linger_requests); n; ) {
3872 		struct ceph_osd_linger_request *lreq =
3873 		    rb_entry(n, struct ceph_osd_linger_request, node);
3874 		enum calc_target_result ct_res;
3875 
3876 		n = rb_next(n); /* recalc_linger_target() */
3877 
3878 		dout("%s lreq %p linger_id %llu\n", __func__, lreq,
3879 		     lreq->linger_id);
3880 		ct_res = recalc_linger_target(lreq);
3881 		switch (ct_res) {
3882 		case CALC_TARGET_NO_ACTION:
3883 			force_resend_writes = cleared_full ||
3884 			    (check_pool_cleared_full &&
3885 			     pool_cleared_full(osdc, lreq->t.base_oloc.pool));
3886 			if (!force_resend && !force_resend_writes)
3887 				break;
3888 
3889 			fallthrough;
3890 		case CALC_TARGET_NEED_RESEND:
3891 			cancel_linger_map_check(lreq);
3892 			/*
3893 			 * scan_requests() for the previous epoch(s)
3894 			 * may have already added it to the list, since
3895 			 * it's not unlinked here.
3896 			 */
3897 			if (list_empty(&lreq->scan_item))
3898 				list_add_tail(&lreq->scan_item, need_resend_linger);
3899 			break;
3900 		case CALC_TARGET_POOL_DNE:
3901 			list_del_init(&lreq->scan_item);
3902 			check_linger_pool_dne(lreq);
3903 			break;
3904 		}
3905 	}
3906 
3907 	for (n = rb_first(&osd->o_requests); n; ) {
3908 		struct ceph_osd_request *req =
3909 		    rb_entry(n, struct ceph_osd_request, r_node);
3910 		enum calc_target_result ct_res;
3911 
3912 		n = rb_next(n); /* unlink_request(), check_pool_dne() */
3913 
3914 		dout("%s req %p tid %llu\n", __func__, req, req->r_tid);
3915 		ct_res = calc_target(osdc, &req->r_t, false);
3916 		switch (ct_res) {
3917 		case CALC_TARGET_NO_ACTION:
3918 			force_resend_writes = cleared_full ||
3919 			    (check_pool_cleared_full &&
3920 			     pool_cleared_full(osdc, req->r_t.base_oloc.pool));
3921 			if (!force_resend &&
3922 			    (!(req->r_flags & CEPH_OSD_FLAG_WRITE) ||
3923 			     !force_resend_writes))
3924 				break;
3925 
3926 			fallthrough;
3927 		case CALC_TARGET_NEED_RESEND:
3928 			cancel_map_check(req);
3929 			unlink_request(osd, req);
3930 			insert_request(need_resend, req);
3931 			break;
3932 		case CALC_TARGET_POOL_DNE:
3933 			check_pool_dne(req);
3934 			break;
3935 		}
3936 	}
3937 }
3938 
3939 static int handle_one_map(struct ceph_osd_client *osdc,
3940 			  void *p, void *end, bool incremental,
3941 			  struct rb_root *need_resend,
3942 			  struct list_head *need_resend_linger)
3943 {
3944 	struct ceph_osdmap *newmap;
3945 	struct rb_node *n;
3946 	bool skipped_map = false;
3947 	bool was_full;
3948 
3949 	was_full = ceph_osdmap_flag(osdc, CEPH_OSDMAP_FULL);
3950 	set_pool_was_full(osdc);
3951 
3952 	if (incremental)
3953 		newmap = osdmap_apply_incremental(&p, end,
3954 						  ceph_msgr2(osdc->client),
3955 						  osdc->osdmap);
3956 	else
3957 		newmap = ceph_osdmap_decode(&p, end, ceph_msgr2(osdc->client));
3958 	if (IS_ERR(newmap))
3959 		return PTR_ERR(newmap);
3960 
3961 	if (newmap != osdc->osdmap) {
3962 		/*
3963 		 * Preserve ->was_full before destroying the old map.
3964 		 * For pools that weren't in the old map, ->was_full
3965 		 * should be false.
3966 		 */
3967 		for (n = rb_first(&newmap->pg_pools); n; n = rb_next(n)) {
3968 			struct ceph_pg_pool_info *pi =
3969 			    rb_entry(n, struct ceph_pg_pool_info, node);
3970 			struct ceph_pg_pool_info *old_pi;
3971 
3972 			old_pi = ceph_pg_pool_by_id(osdc->osdmap, pi->id);
3973 			if (old_pi)
3974 				pi->was_full = old_pi->was_full;
3975 			else
3976 				WARN_ON(pi->was_full);
3977 		}
3978 
3979 		if (osdc->osdmap->epoch &&
3980 		    osdc->osdmap->epoch + 1 < newmap->epoch) {
3981 			WARN_ON(incremental);
3982 			skipped_map = true;
3983 		}
3984 
3985 		ceph_osdmap_destroy(osdc->osdmap);
3986 		osdc->osdmap = newmap;
3987 	}
3988 
3989 	was_full &= !ceph_osdmap_flag(osdc, CEPH_OSDMAP_FULL);
3990 	scan_requests(&osdc->homeless_osd, skipped_map, was_full, true,
3991 		      need_resend, need_resend_linger);
3992 
3993 	for (n = rb_first(&osdc->osds); n; ) {
3994 		struct ceph_osd *osd = rb_entry(n, struct ceph_osd, o_node);
3995 
3996 		n = rb_next(n); /* close_osd() */
3997 
3998 		scan_requests(osd, skipped_map, was_full, true, need_resend,
3999 			      need_resend_linger);
4000 		if (!ceph_osd_is_up(osdc->osdmap, osd->o_osd) ||
4001 		    memcmp(&osd->o_con.peer_addr,
4002 			   ceph_osd_addr(osdc->osdmap, osd->o_osd),
4003 			   sizeof(struct ceph_entity_addr)))
4004 			close_osd(osd);
4005 	}
4006 
4007 	return 0;
4008 }
4009 
4010 static void kick_requests(struct ceph_osd_client *osdc,
4011 			  struct rb_root *need_resend,
4012 			  struct list_head *need_resend_linger)
4013 {
4014 	struct ceph_osd_linger_request *lreq, *nlreq;
4015 	enum calc_target_result ct_res;
4016 	struct rb_node *n;
4017 
4018 	/* make sure need_resend targets reflect latest map */
4019 	for (n = rb_first(need_resend); n; ) {
4020 		struct ceph_osd_request *req =
4021 		    rb_entry(n, struct ceph_osd_request, r_node);
4022 
4023 		n = rb_next(n);
4024 
4025 		if (req->r_t.epoch < osdc->osdmap->epoch) {
4026 			ct_res = calc_target(osdc, &req->r_t, false);
4027 			if (ct_res == CALC_TARGET_POOL_DNE) {
4028 				erase_request(need_resend, req);
4029 				check_pool_dne(req);
4030 			}
4031 		}
4032 	}
4033 
4034 	for (n = rb_first(need_resend); n; ) {
4035 		struct ceph_osd_request *req =
4036 		    rb_entry(n, struct ceph_osd_request, r_node);
4037 		struct ceph_osd *osd;
4038 
4039 		n = rb_next(n);
4040 		erase_request(need_resend, req); /* before link_request() */
4041 
4042 		osd = lookup_create_osd(osdc, req->r_t.osd, true);
4043 		link_request(osd, req);
4044 		if (!req->r_linger) {
4045 			if (!osd_homeless(osd) && !req->r_t.paused)
4046 				send_request(req);
4047 		} else {
4048 			cancel_linger_request(req);
4049 		}
4050 	}
4051 
4052 	list_for_each_entry_safe(lreq, nlreq, need_resend_linger, scan_item) {
4053 		if (!osd_homeless(lreq->osd))
4054 			send_linger(lreq);
4055 
4056 		list_del_init(&lreq->scan_item);
4057 	}
4058 }
4059 
4060 /*
4061  * Process updated osd map.
4062  *
4063  * The message contains any number of incremental and full maps, normally
4064  * indicating some sort of topology change in the cluster.  Kick requests
4065  * off to different OSDs as needed.
4066  */
4067 void ceph_osdc_handle_map(struct ceph_osd_client *osdc, struct ceph_msg *msg)
4068 {
4069 	void *p = msg->front.iov_base;
4070 	void *const end = p + msg->front.iov_len;
4071 	u32 nr_maps, maplen;
4072 	u32 epoch;
4073 	struct ceph_fsid fsid;
4074 	struct rb_root need_resend = RB_ROOT;
4075 	LIST_HEAD(need_resend_linger);
4076 	bool handled_incremental = false;
4077 	bool was_pauserd, was_pausewr;
4078 	bool pauserd, pausewr;
4079 	int err;
4080 
4081 	dout("%s have %u\n", __func__, osdc->osdmap->epoch);
4082 	down_write(&osdc->lock);
4083 
4084 	/* verify fsid */
4085 	ceph_decode_need(&p, end, sizeof(fsid), bad);
4086 	ceph_decode_copy(&p, &fsid, sizeof(fsid));
4087 	if (ceph_check_fsid(osdc->client, &fsid) < 0)
4088 		goto bad;
4089 
4090 	was_pauserd = ceph_osdmap_flag(osdc, CEPH_OSDMAP_PAUSERD);
4091 	was_pausewr = ceph_osdmap_flag(osdc, CEPH_OSDMAP_PAUSEWR) ||
4092 		      ceph_osdmap_flag(osdc, CEPH_OSDMAP_FULL) ||
4093 		      have_pool_full(osdc);
4094 
4095 	/* incremental maps */
4096 	ceph_decode_32_safe(&p, end, nr_maps, bad);
4097 	dout(" %d inc maps\n", nr_maps);
4098 	while (nr_maps > 0) {
4099 		ceph_decode_need(&p, end, 2*sizeof(u32), bad);
4100 		epoch = ceph_decode_32(&p);
4101 		maplen = ceph_decode_32(&p);
4102 		ceph_decode_need(&p, end, maplen, bad);
4103 		if (osdc->osdmap->epoch &&
4104 		    osdc->osdmap->epoch + 1 == epoch) {
4105 			dout("applying incremental map %u len %d\n",
4106 			     epoch, maplen);
4107 			err = handle_one_map(osdc, p, p + maplen, true,
4108 					     &need_resend, &need_resend_linger);
4109 			if (err)
4110 				goto bad;
4111 			handled_incremental = true;
4112 		} else {
4113 			dout("ignoring incremental map %u len %d\n",
4114 			     epoch, maplen);
4115 		}
4116 		p += maplen;
4117 		nr_maps--;
4118 	}
4119 	if (handled_incremental)
4120 		goto done;
4121 
4122 	/* full maps */
4123 	ceph_decode_32_safe(&p, end, nr_maps, bad);
4124 	dout(" %d full maps\n", nr_maps);
4125 	while (nr_maps) {
4126 		ceph_decode_need(&p, end, 2*sizeof(u32), bad);
4127 		epoch = ceph_decode_32(&p);
4128 		maplen = ceph_decode_32(&p);
4129 		ceph_decode_need(&p, end, maplen, bad);
4130 		if (nr_maps > 1) {
4131 			dout("skipping non-latest full map %u len %d\n",
4132 			     epoch, maplen);
4133 		} else if (osdc->osdmap->epoch >= epoch) {
4134 			dout("skipping full map %u len %d, "
4135 			     "older than our %u\n", epoch, maplen,
4136 			     osdc->osdmap->epoch);
4137 		} else {
4138 			dout("taking full map %u len %d\n", epoch, maplen);
4139 			err = handle_one_map(osdc, p, p + maplen, false,
4140 					     &need_resend, &need_resend_linger);
4141 			if (err)
4142 				goto bad;
4143 		}
4144 		p += maplen;
4145 		nr_maps--;
4146 	}
4147 
4148 done:
4149 	/*
4150 	 * subscribe to subsequent osdmap updates if full to ensure
4151 	 * we find out when we are no longer full and stop returning
4152 	 * ENOSPC.
4153 	 */
4154 	pauserd = ceph_osdmap_flag(osdc, CEPH_OSDMAP_PAUSERD);
4155 	pausewr = ceph_osdmap_flag(osdc, CEPH_OSDMAP_PAUSEWR) ||
4156 		  ceph_osdmap_flag(osdc, CEPH_OSDMAP_FULL) ||
4157 		  have_pool_full(osdc);
4158 	if (was_pauserd || was_pausewr || pauserd || pausewr ||
4159 	    osdc->osdmap->epoch < osdc->epoch_barrier)
4160 		maybe_request_map(osdc);
4161 
4162 	kick_requests(osdc, &need_resend, &need_resend_linger);
4163 
4164 	ceph_osdc_abort_on_full(osdc);
4165 	ceph_monc_got_map(&osdc->client->monc, CEPH_SUB_OSDMAP,
4166 			  osdc->osdmap->epoch);
4167 	up_write(&osdc->lock);
4168 	wake_up_all(&osdc->client->auth_wq);
4169 	return;
4170 
4171 bad:
4172 	pr_err("osdc handle_map corrupt msg\n");
4173 	ceph_msg_dump(msg);
4174 	up_write(&osdc->lock);
4175 }
4176 
4177 /*
4178  * Resubmit requests pending on the given osd.
4179  */
4180 static void kick_osd_requests(struct ceph_osd *osd)
4181 {
4182 	struct rb_node *n;
4183 
4184 	clear_backoffs(osd);
4185 
4186 	for (n = rb_first(&osd->o_requests); n; ) {
4187 		struct ceph_osd_request *req =
4188 		    rb_entry(n, struct ceph_osd_request, r_node);
4189 
4190 		n = rb_next(n); /* cancel_linger_request() */
4191 
4192 		if (!req->r_linger) {
4193 			if (!req->r_t.paused)
4194 				send_request(req);
4195 		} else {
4196 			cancel_linger_request(req);
4197 		}
4198 	}
4199 	for (n = rb_first(&osd->o_linger_requests); n; n = rb_next(n)) {
4200 		struct ceph_osd_linger_request *lreq =
4201 		    rb_entry(n, struct ceph_osd_linger_request, node);
4202 
4203 		send_linger(lreq);
4204 	}
4205 }
4206 
4207 /*
4208  * If the osd connection drops, we need to resubmit all requests.
4209  */
4210 static void osd_fault(struct ceph_connection *con)
4211 {
4212 	struct ceph_osd *osd = con->private;
4213 	struct ceph_osd_client *osdc = osd->o_osdc;
4214 
4215 	dout("%s osd %p osd%d\n", __func__, osd, osd->o_osd);
4216 
4217 	down_write(&osdc->lock);
4218 	if (!osd_registered(osd)) {
4219 		dout("%s osd%d unknown\n", __func__, osd->o_osd);
4220 		goto out_unlock;
4221 	}
4222 
4223 	if (!reopen_osd(osd))
4224 		kick_osd_requests(osd);
4225 	maybe_request_map(osdc);
4226 
4227 out_unlock:
4228 	up_write(&osdc->lock);
4229 }
4230 
4231 struct MOSDBackoff {
4232 	struct ceph_spg spgid;
4233 	u32 map_epoch;
4234 	u8 op;
4235 	u64 id;
4236 	struct ceph_hobject_id *begin;
4237 	struct ceph_hobject_id *end;
4238 };
4239 
4240 static int decode_MOSDBackoff(const struct ceph_msg *msg, struct MOSDBackoff *m)
4241 {
4242 	void *p = msg->front.iov_base;
4243 	void *const end = p + msg->front.iov_len;
4244 	u8 struct_v;
4245 	u32 struct_len;
4246 	int ret;
4247 
4248 	ret = ceph_start_decoding(&p, end, 1, "spg_t", &struct_v, &struct_len);
4249 	if (ret)
4250 		return ret;
4251 
4252 	ret = ceph_decode_pgid(&p, end, &m->spgid.pgid);
4253 	if (ret)
4254 		return ret;
4255 
4256 	ceph_decode_8_safe(&p, end, m->spgid.shard, e_inval);
4257 	ceph_decode_32_safe(&p, end, m->map_epoch, e_inval);
4258 	ceph_decode_8_safe(&p, end, m->op, e_inval);
4259 	ceph_decode_64_safe(&p, end, m->id, e_inval);
4260 
4261 	m->begin = kzalloc(sizeof(*m->begin), GFP_NOIO);
4262 	if (!m->begin)
4263 		return -ENOMEM;
4264 
4265 	ret = decode_hoid(&p, end, m->begin);
4266 	if (ret) {
4267 		free_hoid(m->begin);
4268 		return ret;
4269 	}
4270 
4271 	m->end = kzalloc(sizeof(*m->end), GFP_NOIO);
4272 	if (!m->end) {
4273 		free_hoid(m->begin);
4274 		return -ENOMEM;
4275 	}
4276 
4277 	ret = decode_hoid(&p, end, m->end);
4278 	if (ret) {
4279 		free_hoid(m->begin);
4280 		free_hoid(m->end);
4281 		return ret;
4282 	}
4283 
4284 	return 0;
4285 
4286 e_inval:
4287 	return -EINVAL;
4288 }
4289 
4290 static struct ceph_msg *create_backoff_message(
4291 				const struct ceph_osd_backoff *backoff,
4292 				u32 map_epoch)
4293 {
4294 	struct ceph_msg *msg;
4295 	void *p, *end;
4296 	int msg_size;
4297 
4298 	msg_size = CEPH_ENCODING_START_BLK_LEN +
4299 			CEPH_PGID_ENCODING_LEN + 1; /* spgid */
4300 	msg_size += 4 + 1 + 8; /* map_epoch, op, id */
4301 	msg_size += CEPH_ENCODING_START_BLK_LEN +
4302 			hoid_encoding_size(backoff->begin);
4303 	msg_size += CEPH_ENCODING_START_BLK_LEN +
4304 			hoid_encoding_size(backoff->end);
4305 
4306 	msg = ceph_msg_new(CEPH_MSG_OSD_BACKOFF, msg_size, GFP_NOIO, true);
4307 	if (!msg)
4308 		return NULL;
4309 
4310 	p = msg->front.iov_base;
4311 	end = p + msg->front_alloc_len;
4312 
4313 	encode_spgid(&p, &backoff->spgid);
4314 	ceph_encode_32(&p, map_epoch);
4315 	ceph_encode_8(&p, CEPH_OSD_BACKOFF_OP_ACK_BLOCK);
4316 	ceph_encode_64(&p, backoff->id);
4317 	encode_hoid(&p, end, backoff->begin);
4318 	encode_hoid(&p, end, backoff->end);
4319 	BUG_ON(p != end);
4320 
4321 	msg->front.iov_len = p - msg->front.iov_base;
4322 	msg->hdr.version = cpu_to_le16(1); /* MOSDBackoff v1 */
4323 	msg->hdr.front_len = cpu_to_le32(msg->front.iov_len);
4324 
4325 	return msg;
4326 }
4327 
4328 static void handle_backoff_block(struct ceph_osd *osd, struct MOSDBackoff *m)
4329 {
4330 	struct ceph_spg_mapping *spg;
4331 	struct ceph_osd_backoff *backoff;
4332 	struct ceph_msg *msg;
4333 
4334 	dout("%s osd%d spgid %llu.%xs%d id %llu\n", __func__, osd->o_osd,
4335 	     m->spgid.pgid.pool, m->spgid.pgid.seed, m->spgid.shard, m->id);
4336 
4337 	spg = lookup_spg_mapping(&osd->o_backoff_mappings, &m->spgid);
4338 	if (!spg) {
4339 		spg = alloc_spg_mapping();
4340 		if (!spg) {
4341 			pr_err("%s failed to allocate spg\n", __func__);
4342 			return;
4343 		}
4344 		spg->spgid = m->spgid; /* struct */
4345 		insert_spg_mapping(&osd->o_backoff_mappings, spg);
4346 	}
4347 
4348 	backoff = alloc_backoff();
4349 	if (!backoff) {
4350 		pr_err("%s failed to allocate backoff\n", __func__);
4351 		return;
4352 	}
4353 	backoff->spgid = m->spgid; /* struct */
4354 	backoff->id = m->id;
4355 	backoff->begin = m->begin;
4356 	m->begin = NULL; /* backoff now owns this */
4357 	backoff->end = m->end;
4358 	m->end = NULL;   /* ditto */
4359 
4360 	insert_backoff(&spg->backoffs, backoff);
4361 	insert_backoff_by_id(&osd->o_backoffs_by_id, backoff);
4362 
4363 	/*
4364 	 * Ack with original backoff's epoch so that the OSD can
4365 	 * discard this if there was a PG split.
4366 	 */
4367 	msg = create_backoff_message(backoff, m->map_epoch);
4368 	if (!msg) {
4369 		pr_err("%s failed to allocate msg\n", __func__);
4370 		return;
4371 	}
4372 	ceph_con_send(&osd->o_con, msg);
4373 }
4374 
4375 static bool target_contained_by(const struct ceph_osd_request_target *t,
4376 				const struct ceph_hobject_id *begin,
4377 				const struct ceph_hobject_id *end)
4378 {
4379 	struct ceph_hobject_id hoid;
4380 	int cmp;
4381 
4382 	hoid_fill_from_target(&hoid, t);
4383 	cmp = hoid_compare(&hoid, begin);
4384 	return !cmp || (cmp > 0 && hoid_compare(&hoid, end) < 0);
4385 }
4386 
4387 static void handle_backoff_unblock(struct ceph_osd *osd,
4388 				   const struct MOSDBackoff *m)
4389 {
4390 	struct ceph_spg_mapping *spg;
4391 	struct ceph_osd_backoff *backoff;
4392 	struct rb_node *n;
4393 
4394 	dout("%s osd%d spgid %llu.%xs%d id %llu\n", __func__, osd->o_osd,
4395 	     m->spgid.pgid.pool, m->spgid.pgid.seed, m->spgid.shard, m->id);
4396 
4397 	backoff = lookup_backoff_by_id(&osd->o_backoffs_by_id, m->id);
4398 	if (!backoff) {
4399 		pr_err("%s osd%d spgid %llu.%xs%d id %llu backoff dne\n",
4400 		       __func__, osd->o_osd, m->spgid.pgid.pool,
4401 		       m->spgid.pgid.seed, m->spgid.shard, m->id);
4402 		return;
4403 	}
4404 
4405 	if (hoid_compare(backoff->begin, m->begin) &&
4406 	    hoid_compare(backoff->end, m->end)) {
4407 		pr_err("%s osd%d spgid %llu.%xs%d id %llu bad range?\n",
4408 		       __func__, osd->o_osd, m->spgid.pgid.pool,
4409 		       m->spgid.pgid.seed, m->spgid.shard, m->id);
4410 		/* unblock it anyway... */
4411 	}
4412 
4413 	spg = lookup_spg_mapping(&osd->o_backoff_mappings, &backoff->spgid);
4414 	BUG_ON(!spg);
4415 
4416 	erase_backoff(&spg->backoffs, backoff);
4417 	erase_backoff_by_id(&osd->o_backoffs_by_id, backoff);
4418 	free_backoff(backoff);
4419 
4420 	if (RB_EMPTY_ROOT(&spg->backoffs)) {
4421 		erase_spg_mapping(&osd->o_backoff_mappings, spg);
4422 		free_spg_mapping(spg);
4423 	}
4424 
4425 	for (n = rb_first(&osd->o_requests); n; n = rb_next(n)) {
4426 		struct ceph_osd_request *req =
4427 		    rb_entry(n, struct ceph_osd_request, r_node);
4428 
4429 		if (!ceph_spg_compare(&req->r_t.spgid, &m->spgid)) {
4430 			/*
4431 			 * Match against @m, not @backoff -- the PG may
4432 			 * have split on the OSD.
4433 			 */
4434 			if (target_contained_by(&req->r_t, m->begin, m->end)) {
4435 				/*
4436 				 * If no other installed backoff applies,
4437 				 * resend.
4438 				 */
4439 				send_request(req);
4440 			}
4441 		}
4442 	}
4443 }
4444 
4445 static void handle_backoff(struct ceph_osd *osd, struct ceph_msg *msg)
4446 {
4447 	struct ceph_osd_client *osdc = osd->o_osdc;
4448 	struct MOSDBackoff m;
4449 	int ret;
4450 
4451 	down_read(&osdc->lock);
4452 	if (!osd_registered(osd)) {
4453 		dout("%s osd%d unknown\n", __func__, osd->o_osd);
4454 		up_read(&osdc->lock);
4455 		return;
4456 	}
4457 	WARN_ON(osd->o_osd != le64_to_cpu(msg->hdr.src.num));
4458 
4459 	mutex_lock(&osd->lock);
4460 	ret = decode_MOSDBackoff(msg, &m);
4461 	if (ret) {
4462 		pr_err("failed to decode MOSDBackoff: %d\n", ret);
4463 		ceph_msg_dump(msg);
4464 		goto out_unlock;
4465 	}
4466 
4467 	switch (m.op) {
4468 	case CEPH_OSD_BACKOFF_OP_BLOCK:
4469 		handle_backoff_block(osd, &m);
4470 		break;
4471 	case CEPH_OSD_BACKOFF_OP_UNBLOCK:
4472 		handle_backoff_unblock(osd, &m);
4473 		break;
4474 	default:
4475 		pr_err("%s osd%d unknown op %d\n", __func__, osd->o_osd, m.op);
4476 	}
4477 
4478 	free_hoid(m.begin);
4479 	free_hoid(m.end);
4480 
4481 out_unlock:
4482 	mutex_unlock(&osd->lock);
4483 	up_read(&osdc->lock);
4484 }
4485 
4486 /*
4487  * Process osd watch notifications
4488  */
4489 static void handle_watch_notify(struct ceph_osd_client *osdc,
4490 				struct ceph_msg *msg)
4491 {
4492 	void *p = msg->front.iov_base;
4493 	void *const end = p + msg->front.iov_len;
4494 	struct ceph_osd_linger_request *lreq;
4495 	struct linger_work *lwork;
4496 	u8 proto_ver, opcode;
4497 	u64 cookie, notify_id;
4498 	u64 notifier_id = 0;
4499 	s32 return_code = 0;
4500 	void *payload = NULL;
4501 	u32 payload_len = 0;
4502 
4503 	ceph_decode_8_safe(&p, end, proto_ver, bad);
4504 	ceph_decode_8_safe(&p, end, opcode, bad);
4505 	ceph_decode_64_safe(&p, end, cookie, bad);
4506 	p += 8; /* skip ver */
4507 	ceph_decode_64_safe(&p, end, notify_id, bad);
4508 
4509 	if (proto_ver >= 1) {
4510 		ceph_decode_32_safe(&p, end, payload_len, bad);
4511 		ceph_decode_need(&p, end, payload_len, bad);
4512 		payload = p;
4513 		p += payload_len;
4514 	}
4515 
4516 	if (le16_to_cpu(msg->hdr.version) >= 2)
4517 		ceph_decode_32_safe(&p, end, return_code, bad);
4518 
4519 	if (le16_to_cpu(msg->hdr.version) >= 3)
4520 		ceph_decode_64_safe(&p, end, notifier_id, bad);
4521 
4522 	down_read(&osdc->lock);
4523 	lreq = lookup_linger_osdc(&osdc->linger_requests, cookie);
4524 	if (!lreq) {
4525 		dout("%s opcode %d cookie %llu dne\n", __func__, opcode,
4526 		     cookie);
4527 		goto out_unlock_osdc;
4528 	}
4529 
4530 	mutex_lock(&lreq->lock);
4531 	dout("%s opcode %d cookie %llu lreq %p is_watch %d\n", __func__,
4532 	     opcode, cookie, lreq, lreq->is_watch);
4533 	if (opcode == CEPH_WATCH_EVENT_DISCONNECT) {
4534 		if (!lreq->last_error) {
4535 			lreq->last_error = -ENOTCONN;
4536 			queue_watch_error(lreq);
4537 		}
4538 	} else if (!lreq->is_watch) {
4539 		/* CEPH_WATCH_EVENT_NOTIFY_COMPLETE */
4540 		if (lreq->notify_id && lreq->notify_id != notify_id) {
4541 			dout("lreq %p notify_id %llu != %llu, ignoring\n", lreq,
4542 			     lreq->notify_id, notify_id);
4543 		} else if (!completion_done(&lreq->notify_finish_wait)) {
4544 			struct ceph_msg_data *data =
4545 			    msg->num_data_items ? &msg->data[0] : NULL;
4546 
4547 			if (data) {
4548 				if (lreq->preply_pages) {
4549 					WARN_ON(data->type !=
4550 							CEPH_MSG_DATA_PAGES);
4551 					*lreq->preply_pages = data->pages;
4552 					*lreq->preply_len = data->length;
4553 					data->own_pages = false;
4554 				}
4555 			}
4556 			lreq->notify_finish_error = return_code;
4557 			complete_all(&lreq->notify_finish_wait);
4558 		}
4559 	} else {
4560 		/* CEPH_WATCH_EVENT_NOTIFY */
4561 		lwork = lwork_alloc(lreq, do_watch_notify);
4562 		if (!lwork) {
4563 			pr_err("failed to allocate notify-lwork\n");
4564 			goto out_unlock_lreq;
4565 		}
4566 
4567 		lwork->notify.notify_id = notify_id;
4568 		lwork->notify.notifier_id = notifier_id;
4569 		lwork->notify.payload = payload;
4570 		lwork->notify.payload_len = payload_len;
4571 		lwork->notify.msg = ceph_msg_get(msg);
4572 		lwork_queue(lwork);
4573 	}
4574 
4575 out_unlock_lreq:
4576 	mutex_unlock(&lreq->lock);
4577 out_unlock_osdc:
4578 	up_read(&osdc->lock);
4579 	return;
4580 
4581 bad:
4582 	pr_err("osdc handle_watch_notify corrupt msg\n");
4583 }
4584 
4585 /*
4586  * Register request, send initial attempt.
4587  */
4588 void ceph_osdc_start_request(struct ceph_osd_client *osdc,
4589 			     struct ceph_osd_request *req)
4590 {
4591 	down_read(&osdc->lock);
4592 	submit_request(req, false);
4593 	up_read(&osdc->lock);
4594 }
4595 EXPORT_SYMBOL(ceph_osdc_start_request);
4596 
4597 /*
4598  * Unregister request.  If @req was registered, it isn't completed:
4599  * r_result isn't set and __complete_request() isn't invoked.
4600  *
4601  * If @req wasn't registered, this call may have raced with
4602  * handle_reply(), in which case r_result would already be set and
4603  * __complete_request() would be getting invoked, possibly even
4604  * concurrently with this call.
4605  */
4606 void ceph_osdc_cancel_request(struct ceph_osd_request *req)
4607 {
4608 	struct ceph_osd_client *osdc = req->r_osdc;
4609 
4610 	down_write(&osdc->lock);
4611 	if (req->r_osd)
4612 		cancel_request(req);
4613 	up_write(&osdc->lock);
4614 }
4615 EXPORT_SYMBOL(ceph_osdc_cancel_request);
4616 
4617 /*
4618  * @timeout: in jiffies, 0 means "wait forever"
4619  */
4620 static int wait_request_timeout(struct ceph_osd_request *req,
4621 				unsigned long timeout)
4622 {
4623 	long left;
4624 
4625 	dout("%s req %p tid %llu\n", __func__, req, req->r_tid);
4626 	left = wait_for_completion_killable_timeout(&req->r_completion,
4627 						ceph_timeout_jiffies(timeout));
4628 	if (left <= 0) {
4629 		left = left ?: -ETIMEDOUT;
4630 		ceph_osdc_cancel_request(req);
4631 	} else {
4632 		left = req->r_result; /* completed */
4633 	}
4634 
4635 	return left;
4636 }
4637 
4638 /*
4639  * wait for a request to complete
4640  */
4641 int ceph_osdc_wait_request(struct ceph_osd_client *osdc,
4642 			   struct ceph_osd_request *req)
4643 {
4644 	return wait_request_timeout(req, 0);
4645 }
4646 EXPORT_SYMBOL(ceph_osdc_wait_request);
4647 
4648 /*
4649  * sync - wait for all in-flight requests to flush.  avoid starvation.
4650  */
4651 void ceph_osdc_sync(struct ceph_osd_client *osdc)
4652 {
4653 	struct rb_node *n, *p;
4654 	u64 last_tid = atomic64_read(&osdc->last_tid);
4655 
4656 again:
4657 	down_read(&osdc->lock);
4658 	for (n = rb_first(&osdc->osds); n; n = rb_next(n)) {
4659 		struct ceph_osd *osd = rb_entry(n, struct ceph_osd, o_node);
4660 
4661 		mutex_lock(&osd->lock);
4662 		for (p = rb_first(&osd->o_requests); p; p = rb_next(p)) {
4663 			struct ceph_osd_request *req =
4664 			    rb_entry(p, struct ceph_osd_request, r_node);
4665 
4666 			if (req->r_tid > last_tid)
4667 				break;
4668 
4669 			if (!(req->r_flags & CEPH_OSD_FLAG_WRITE))
4670 				continue;
4671 
4672 			ceph_osdc_get_request(req);
4673 			mutex_unlock(&osd->lock);
4674 			up_read(&osdc->lock);
4675 			dout("%s waiting on req %p tid %llu last_tid %llu\n",
4676 			     __func__, req, req->r_tid, last_tid);
4677 			wait_for_completion(&req->r_completion);
4678 			ceph_osdc_put_request(req);
4679 			goto again;
4680 		}
4681 
4682 		mutex_unlock(&osd->lock);
4683 	}
4684 
4685 	up_read(&osdc->lock);
4686 	dout("%s done last_tid %llu\n", __func__, last_tid);
4687 }
4688 EXPORT_SYMBOL(ceph_osdc_sync);
4689 
4690 /*
4691  * Returns a handle, caller owns a ref.
4692  */
4693 struct ceph_osd_linger_request *
4694 ceph_osdc_watch(struct ceph_osd_client *osdc,
4695 		struct ceph_object_id *oid,
4696 		struct ceph_object_locator *oloc,
4697 		rados_watchcb2_t wcb,
4698 		rados_watcherrcb_t errcb,
4699 		void *data)
4700 {
4701 	struct ceph_osd_linger_request *lreq;
4702 	int ret;
4703 
4704 	lreq = linger_alloc(osdc);
4705 	if (!lreq)
4706 		return ERR_PTR(-ENOMEM);
4707 
4708 	lreq->is_watch = true;
4709 	lreq->wcb = wcb;
4710 	lreq->errcb = errcb;
4711 	lreq->data = data;
4712 	lreq->watch_valid_thru = jiffies;
4713 
4714 	ceph_oid_copy(&lreq->t.base_oid, oid);
4715 	ceph_oloc_copy(&lreq->t.base_oloc, oloc);
4716 	lreq->t.flags = CEPH_OSD_FLAG_WRITE;
4717 	ktime_get_real_ts64(&lreq->mtime);
4718 
4719 	linger_submit(lreq);
4720 	ret = linger_reg_commit_wait(lreq);
4721 	if (ret) {
4722 		linger_cancel(lreq);
4723 		goto err_put_lreq;
4724 	}
4725 
4726 	return lreq;
4727 
4728 err_put_lreq:
4729 	linger_put(lreq);
4730 	return ERR_PTR(ret);
4731 }
4732 EXPORT_SYMBOL(ceph_osdc_watch);
4733 
4734 /*
4735  * Releases a ref.
4736  *
4737  * Times out after mount_timeout to preserve rbd unmap behaviour
4738  * introduced in 2894e1d76974 ("rbd: timeout watch teardown on unmap
4739  * with mount_timeout").
4740  */
4741 int ceph_osdc_unwatch(struct ceph_osd_client *osdc,
4742 		      struct ceph_osd_linger_request *lreq)
4743 {
4744 	struct ceph_options *opts = osdc->client->options;
4745 	struct ceph_osd_request *req;
4746 	int ret;
4747 
4748 	req = ceph_osdc_alloc_request(osdc, NULL, 1, false, GFP_NOIO);
4749 	if (!req)
4750 		return -ENOMEM;
4751 
4752 	ceph_oid_copy(&req->r_base_oid, &lreq->t.base_oid);
4753 	ceph_oloc_copy(&req->r_base_oloc, &lreq->t.base_oloc);
4754 	req->r_flags = CEPH_OSD_FLAG_WRITE;
4755 	ktime_get_real_ts64(&req->r_mtime);
4756 	osd_req_op_watch_init(req, 0, CEPH_OSD_WATCH_OP_UNWATCH,
4757 			      lreq->linger_id, 0);
4758 
4759 	ret = ceph_osdc_alloc_messages(req, GFP_NOIO);
4760 	if (ret)
4761 		goto out_put_req;
4762 
4763 	ceph_osdc_start_request(osdc, req);
4764 	linger_cancel(lreq);
4765 	linger_put(lreq);
4766 	ret = wait_request_timeout(req, opts->mount_timeout);
4767 
4768 out_put_req:
4769 	ceph_osdc_put_request(req);
4770 	return ret;
4771 }
4772 EXPORT_SYMBOL(ceph_osdc_unwatch);
4773 
4774 static int osd_req_op_notify_ack_init(struct ceph_osd_request *req, int which,
4775 				      u64 notify_id, u64 cookie, void *payload,
4776 				      u32 payload_len)
4777 {
4778 	struct ceph_osd_req_op *op;
4779 	struct ceph_pagelist *pl;
4780 	int ret;
4781 
4782 	op = osd_req_op_init(req, which, CEPH_OSD_OP_NOTIFY_ACK, 0);
4783 
4784 	pl = ceph_pagelist_alloc(GFP_NOIO);
4785 	if (!pl)
4786 		return -ENOMEM;
4787 
4788 	ret = ceph_pagelist_encode_64(pl, notify_id);
4789 	ret |= ceph_pagelist_encode_64(pl, cookie);
4790 	if (payload) {
4791 		ret |= ceph_pagelist_encode_32(pl, payload_len);
4792 		ret |= ceph_pagelist_append(pl, payload, payload_len);
4793 	} else {
4794 		ret |= ceph_pagelist_encode_32(pl, 0);
4795 	}
4796 	if (ret) {
4797 		ceph_pagelist_release(pl);
4798 		return -ENOMEM;
4799 	}
4800 
4801 	ceph_osd_data_pagelist_init(&op->notify_ack.request_data, pl);
4802 	op->indata_len = pl->length;
4803 	return 0;
4804 }
4805 
4806 int ceph_osdc_notify_ack(struct ceph_osd_client *osdc,
4807 			 struct ceph_object_id *oid,
4808 			 struct ceph_object_locator *oloc,
4809 			 u64 notify_id,
4810 			 u64 cookie,
4811 			 void *payload,
4812 			 u32 payload_len)
4813 {
4814 	struct ceph_osd_request *req;
4815 	int ret;
4816 
4817 	req = ceph_osdc_alloc_request(osdc, NULL, 1, false, GFP_NOIO);
4818 	if (!req)
4819 		return -ENOMEM;
4820 
4821 	ceph_oid_copy(&req->r_base_oid, oid);
4822 	ceph_oloc_copy(&req->r_base_oloc, oloc);
4823 	req->r_flags = CEPH_OSD_FLAG_READ;
4824 
4825 	ret = osd_req_op_notify_ack_init(req, 0, notify_id, cookie, payload,
4826 					 payload_len);
4827 	if (ret)
4828 		goto out_put_req;
4829 
4830 	ret = ceph_osdc_alloc_messages(req, GFP_NOIO);
4831 	if (ret)
4832 		goto out_put_req;
4833 
4834 	ceph_osdc_start_request(osdc, req);
4835 	ret = ceph_osdc_wait_request(osdc, req);
4836 
4837 out_put_req:
4838 	ceph_osdc_put_request(req);
4839 	return ret;
4840 }
4841 EXPORT_SYMBOL(ceph_osdc_notify_ack);
4842 
4843 /*
4844  * @timeout: in seconds
4845  *
4846  * @preply_{pages,len} are initialized both on success and error.
4847  * The caller is responsible for:
4848  *
4849  *     ceph_release_page_vector(reply_pages, calc_pages_for(0, reply_len))
4850  */
4851 int ceph_osdc_notify(struct ceph_osd_client *osdc,
4852 		     struct ceph_object_id *oid,
4853 		     struct ceph_object_locator *oloc,
4854 		     void *payload,
4855 		     u32 payload_len,
4856 		     u32 timeout,
4857 		     struct page ***preply_pages,
4858 		     size_t *preply_len)
4859 {
4860 	struct ceph_osd_linger_request *lreq;
4861 	int ret;
4862 
4863 	WARN_ON(!timeout);
4864 	if (preply_pages) {
4865 		*preply_pages = NULL;
4866 		*preply_len = 0;
4867 	}
4868 
4869 	lreq = linger_alloc(osdc);
4870 	if (!lreq)
4871 		return -ENOMEM;
4872 
4873 	lreq->request_pl = ceph_pagelist_alloc(GFP_NOIO);
4874 	if (!lreq->request_pl) {
4875 		ret = -ENOMEM;
4876 		goto out_put_lreq;
4877 	}
4878 
4879 	ret = ceph_pagelist_encode_32(lreq->request_pl, 1); /* prot_ver */
4880 	ret |= ceph_pagelist_encode_32(lreq->request_pl, timeout);
4881 	ret |= ceph_pagelist_encode_32(lreq->request_pl, payload_len);
4882 	ret |= ceph_pagelist_append(lreq->request_pl, payload, payload_len);
4883 	if (ret) {
4884 		ret = -ENOMEM;
4885 		goto out_put_lreq;
4886 	}
4887 
4888 	/* for notify_id */
4889 	lreq->notify_id_pages = ceph_alloc_page_vector(1, GFP_NOIO);
4890 	if (IS_ERR(lreq->notify_id_pages)) {
4891 		ret = PTR_ERR(lreq->notify_id_pages);
4892 		lreq->notify_id_pages = NULL;
4893 		goto out_put_lreq;
4894 	}
4895 
4896 	lreq->preply_pages = preply_pages;
4897 	lreq->preply_len = preply_len;
4898 
4899 	ceph_oid_copy(&lreq->t.base_oid, oid);
4900 	ceph_oloc_copy(&lreq->t.base_oloc, oloc);
4901 	lreq->t.flags = CEPH_OSD_FLAG_READ;
4902 
4903 	linger_submit(lreq);
4904 	ret = linger_reg_commit_wait(lreq);
4905 	if (!ret)
4906 		ret = linger_notify_finish_wait(lreq,
4907 				 msecs_to_jiffies(2 * timeout * MSEC_PER_SEC));
4908 	else
4909 		dout("lreq %p failed to initiate notify %d\n", lreq, ret);
4910 
4911 	linger_cancel(lreq);
4912 out_put_lreq:
4913 	linger_put(lreq);
4914 	return ret;
4915 }
4916 EXPORT_SYMBOL(ceph_osdc_notify);
4917 
4918 /*
4919  * Return the number of milliseconds since the watch was last
4920  * confirmed, or an error.  If there is an error, the watch is no
4921  * longer valid, and should be destroyed with ceph_osdc_unwatch().
4922  */
4923 int ceph_osdc_watch_check(struct ceph_osd_client *osdc,
4924 			  struct ceph_osd_linger_request *lreq)
4925 {
4926 	unsigned long stamp, age;
4927 	int ret;
4928 
4929 	down_read(&osdc->lock);
4930 	mutex_lock(&lreq->lock);
4931 	stamp = lreq->watch_valid_thru;
4932 	if (!list_empty(&lreq->pending_lworks)) {
4933 		struct linger_work *lwork =
4934 		    list_first_entry(&lreq->pending_lworks,
4935 				     struct linger_work,
4936 				     pending_item);
4937 
4938 		if (time_before(lwork->queued_stamp, stamp))
4939 			stamp = lwork->queued_stamp;
4940 	}
4941 	age = jiffies - stamp;
4942 	dout("%s lreq %p linger_id %llu age %lu last_error %d\n", __func__,
4943 	     lreq, lreq->linger_id, age, lreq->last_error);
4944 	/* we are truncating to msecs, so return a safe upper bound */
4945 	ret = lreq->last_error ?: 1 + jiffies_to_msecs(age);
4946 
4947 	mutex_unlock(&lreq->lock);
4948 	up_read(&osdc->lock);
4949 	return ret;
4950 }
4951 
4952 static int decode_watcher(void **p, void *end, struct ceph_watch_item *item)
4953 {
4954 	u8 struct_v;
4955 	u32 struct_len;
4956 	int ret;
4957 
4958 	ret = ceph_start_decoding(p, end, 2, "watch_item_t",
4959 				  &struct_v, &struct_len);
4960 	if (ret)
4961 		goto bad;
4962 
4963 	ret = -EINVAL;
4964 	ceph_decode_copy_safe(p, end, &item->name, sizeof(item->name), bad);
4965 	ceph_decode_64_safe(p, end, item->cookie, bad);
4966 	ceph_decode_skip_32(p, end, bad); /* skip timeout seconds */
4967 
4968 	if (struct_v >= 2) {
4969 		ret = ceph_decode_entity_addr(p, end, &item->addr);
4970 		if (ret)
4971 			goto bad;
4972 	} else {
4973 		ret = 0;
4974 	}
4975 
4976 	dout("%s %s%llu cookie %llu addr %s\n", __func__,
4977 	     ENTITY_NAME(item->name), item->cookie,
4978 	     ceph_pr_addr(&item->addr));
4979 bad:
4980 	return ret;
4981 }
4982 
4983 static int decode_watchers(void **p, void *end,
4984 			   struct ceph_watch_item **watchers,
4985 			   u32 *num_watchers)
4986 {
4987 	u8 struct_v;
4988 	u32 struct_len;
4989 	int i;
4990 	int ret;
4991 
4992 	ret = ceph_start_decoding(p, end, 1, "obj_list_watch_response_t",
4993 				  &struct_v, &struct_len);
4994 	if (ret)
4995 		return ret;
4996 
4997 	*num_watchers = ceph_decode_32(p);
4998 	*watchers = kcalloc(*num_watchers, sizeof(**watchers), GFP_NOIO);
4999 	if (!*watchers)
5000 		return -ENOMEM;
5001 
5002 	for (i = 0; i < *num_watchers; i++) {
5003 		ret = decode_watcher(p, end, *watchers + i);
5004 		if (ret) {
5005 			kfree(*watchers);
5006 			return ret;
5007 		}
5008 	}
5009 
5010 	return 0;
5011 }
5012 
5013 /*
5014  * On success, the caller is responsible for:
5015  *
5016  *     kfree(watchers);
5017  */
5018 int ceph_osdc_list_watchers(struct ceph_osd_client *osdc,
5019 			    struct ceph_object_id *oid,
5020 			    struct ceph_object_locator *oloc,
5021 			    struct ceph_watch_item **watchers,
5022 			    u32 *num_watchers)
5023 {
5024 	struct ceph_osd_request *req;
5025 	struct page **pages;
5026 	int ret;
5027 
5028 	req = ceph_osdc_alloc_request(osdc, NULL, 1, false, GFP_NOIO);
5029 	if (!req)
5030 		return -ENOMEM;
5031 
5032 	ceph_oid_copy(&req->r_base_oid, oid);
5033 	ceph_oloc_copy(&req->r_base_oloc, oloc);
5034 	req->r_flags = CEPH_OSD_FLAG_READ;
5035 
5036 	pages = ceph_alloc_page_vector(1, GFP_NOIO);
5037 	if (IS_ERR(pages)) {
5038 		ret = PTR_ERR(pages);
5039 		goto out_put_req;
5040 	}
5041 
5042 	osd_req_op_init(req, 0, CEPH_OSD_OP_LIST_WATCHERS, 0);
5043 	ceph_osd_data_pages_init(osd_req_op_data(req, 0, list_watchers,
5044 						 response_data),
5045 				 pages, PAGE_SIZE, 0, false, true);
5046 
5047 	ret = ceph_osdc_alloc_messages(req, GFP_NOIO);
5048 	if (ret)
5049 		goto out_put_req;
5050 
5051 	ceph_osdc_start_request(osdc, req);
5052 	ret = ceph_osdc_wait_request(osdc, req);
5053 	if (ret >= 0) {
5054 		void *p = page_address(pages[0]);
5055 		void *const end = p + req->r_ops[0].outdata_len;
5056 
5057 		ret = decode_watchers(&p, end, watchers, num_watchers);
5058 	}
5059 
5060 out_put_req:
5061 	ceph_osdc_put_request(req);
5062 	return ret;
5063 }
5064 EXPORT_SYMBOL(ceph_osdc_list_watchers);
5065 
5066 /*
5067  * Call all pending notify callbacks - for use after a watch is
5068  * unregistered, to make sure no more callbacks for it will be invoked
5069  */
5070 void ceph_osdc_flush_notifies(struct ceph_osd_client *osdc)
5071 {
5072 	dout("%s osdc %p\n", __func__, osdc);
5073 	flush_workqueue(osdc->notify_wq);
5074 }
5075 EXPORT_SYMBOL(ceph_osdc_flush_notifies);
5076 
5077 void ceph_osdc_maybe_request_map(struct ceph_osd_client *osdc)
5078 {
5079 	down_read(&osdc->lock);
5080 	maybe_request_map(osdc);
5081 	up_read(&osdc->lock);
5082 }
5083 EXPORT_SYMBOL(ceph_osdc_maybe_request_map);
5084 
5085 /*
5086  * Execute an OSD class method on an object.
5087  *
5088  * @flags: CEPH_OSD_FLAG_*
5089  * @resp_len: in/out param for reply length
5090  */
5091 int ceph_osdc_call(struct ceph_osd_client *osdc,
5092 		   struct ceph_object_id *oid,
5093 		   struct ceph_object_locator *oloc,
5094 		   const char *class, const char *method,
5095 		   unsigned int flags,
5096 		   struct page *req_page, size_t req_len,
5097 		   struct page **resp_pages, size_t *resp_len)
5098 {
5099 	struct ceph_osd_request *req;
5100 	int ret;
5101 
5102 	if (req_len > PAGE_SIZE)
5103 		return -E2BIG;
5104 
5105 	req = ceph_osdc_alloc_request(osdc, NULL, 1, false, GFP_NOIO);
5106 	if (!req)
5107 		return -ENOMEM;
5108 
5109 	ceph_oid_copy(&req->r_base_oid, oid);
5110 	ceph_oloc_copy(&req->r_base_oloc, oloc);
5111 	req->r_flags = flags;
5112 
5113 	ret = osd_req_op_cls_init(req, 0, class, method);
5114 	if (ret)
5115 		goto out_put_req;
5116 
5117 	if (req_page)
5118 		osd_req_op_cls_request_data_pages(req, 0, &req_page, req_len,
5119 						  0, false, false);
5120 	if (resp_pages)
5121 		osd_req_op_cls_response_data_pages(req, 0, resp_pages,
5122 						   *resp_len, 0, false, false);
5123 
5124 	ret = ceph_osdc_alloc_messages(req, GFP_NOIO);
5125 	if (ret)
5126 		goto out_put_req;
5127 
5128 	ceph_osdc_start_request(osdc, req);
5129 	ret = ceph_osdc_wait_request(osdc, req);
5130 	if (ret >= 0) {
5131 		ret = req->r_ops[0].rval;
5132 		if (resp_pages)
5133 			*resp_len = req->r_ops[0].outdata_len;
5134 	}
5135 
5136 out_put_req:
5137 	ceph_osdc_put_request(req);
5138 	return ret;
5139 }
5140 EXPORT_SYMBOL(ceph_osdc_call);
5141 
5142 /*
5143  * reset all osd connections
5144  */
5145 void ceph_osdc_reopen_osds(struct ceph_osd_client *osdc)
5146 {
5147 	struct rb_node *n;
5148 
5149 	down_write(&osdc->lock);
5150 	for (n = rb_first(&osdc->osds); n; ) {
5151 		struct ceph_osd *osd = rb_entry(n, struct ceph_osd, o_node);
5152 
5153 		n = rb_next(n);
5154 		if (!reopen_osd(osd))
5155 			kick_osd_requests(osd);
5156 	}
5157 	up_write(&osdc->lock);
5158 }
5159 
5160 /*
5161  * init, shutdown
5162  */
5163 int ceph_osdc_init(struct ceph_osd_client *osdc, struct ceph_client *client)
5164 {
5165 	int err;
5166 
5167 	dout("init\n");
5168 	osdc->client = client;
5169 	init_rwsem(&osdc->lock);
5170 	osdc->osds = RB_ROOT;
5171 	INIT_LIST_HEAD(&osdc->osd_lru);
5172 	spin_lock_init(&osdc->osd_lru_lock);
5173 	osd_init(&osdc->homeless_osd);
5174 	osdc->homeless_osd.o_osdc = osdc;
5175 	osdc->homeless_osd.o_osd = CEPH_HOMELESS_OSD;
5176 	osdc->last_linger_id = CEPH_LINGER_ID_START;
5177 	osdc->linger_requests = RB_ROOT;
5178 	osdc->map_checks = RB_ROOT;
5179 	osdc->linger_map_checks = RB_ROOT;
5180 	INIT_DELAYED_WORK(&osdc->timeout_work, handle_timeout);
5181 	INIT_DELAYED_WORK(&osdc->osds_timeout_work, handle_osds_timeout);
5182 
5183 	err = -ENOMEM;
5184 	osdc->osdmap = ceph_osdmap_alloc();
5185 	if (!osdc->osdmap)
5186 		goto out;
5187 
5188 	osdc->req_mempool = mempool_create_slab_pool(10,
5189 						     ceph_osd_request_cache);
5190 	if (!osdc->req_mempool)
5191 		goto out_map;
5192 
5193 	err = ceph_msgpool_init(&osdc->msgpool_op, CEPH_MSG_OSD_OP,
5194 				PAGE_SIZE, CEPH_OSD_SLAB_OPS, 10, "osd_op");
5195 	if (err < 0)
5196 		goto out_mempool;
5197 	err = ceph_msgpool_init(&osdc->msgpool_op_reply, CEPH_MSG_OSD_OPREPLY,
5198 				PAGE_SIZE, CEPH_OSD_SLAB_OPS, 10,
5199 				"osd_op_reply");
5200 	if (err < 0)
5201 		goto out_msgpool;
5202 
5203 	err = -ENOMEM;
5204 	osdc->notify_wq = create_singlethread_workqueue("ceph-watch-notify");
5205 	if (!osdc->notify_wq)
5206 		goto out_msgpool_reply;
5207 
5208 	osdc->completion_wq = create_singlethread_workqueue("ceph-completion");
5209 	if (!osdc->completion_wq)
5210 		goto out_notify_wq;
5211 
5212 	schedule_delayed_work(&osdc->timeout_work,
5213 			      osdc->client->options->osd_keepalive_timeout);
5214 	schedule_delayed_work(&osdc->osds_timeout_work,
5215 	    round_jiffies_relative(osdc->client->options->osd_idle_ttl));
5216 
5217 	return 0;
5218 
5219 out_notify_wq:
5220 	destroy_workqueue(osdc->notify_wq);
5221 out_msgpool_reply:
5222 	ceph_msgpool_destroy(&osdc->msgpool_op_reply);
5223 out_msgpool:
5224 	ceph_msgpool_destroy(&osdc->msgpool_op);
5225 out_mempool:
5226 	mempool_destroy(osdc->req_mempool);
5227 out_map:
5228 	ceph_osdmap_destroy(osdc->osdmap);
5229 out:
5230 	return err;
5231 }
5232 
5233 void ceph_osdc_stop(struct ceph_osd_client *osdc)
5234 {
5235 	destroy_workqueue(osdc->completion_wq);
5236 	destroy_workqueue(osdc->notify_wq);
5237 	cancel_delayed_work_sync(&osdc->timeout_work);
5238 	cancel_delayed_work_sync(&osdc->osds_timeout_work);
5239 
5240 	down_write(&osdc->lock);
5241 	while (!RB_EMPTY_ROOT(&osdc->osds)) {
5242 		struct ceph_osd *osd = rb_entry(rb_first(&osdc->osds),
5243 						struct ceph_osd, o_node);
5244 		close_osd(osd);
5245 	}
5246 	up_write(&osdc->lock);
5247 	WARN_ON(refcount_read(&osdc->homeless_osd.o_ref) != 1);
5248 	osd_cleanup(&osdc->homeless_osd);
5249 
5250 	WARN_ON(!list_empty(&osdc->osd_lru));
5251 	WARN_ON(!RB_EMPTY_ROOT(&osdc->linger_requests));
5252 	WARN_ON(!RB_EMPTY_ROOT(&osdc->map_checks));
5253 	WARN_ON(!RB_EMPTY_ROOT(&osdc->linger_map_checks));
5254 	WARN_ON(atomic_read(&osdc->num_requests));
5255 	WARN_ON(atomic_read(&osdc->num_homeless));
5256 
5257 	ceph_osdmap_destroy(osdc->osdmap);
5258 	mempool_destroy(osdc->req_mempool);
5259 	ceph_msgpool_destroy(&osdc->msgpool_op);
5260 	ceph_msgpool_destroy(&osdc->msgpool_op_reply);
5261 }
5262 
5263 int osd_req_op_copy_from_init(struct ceph_osd_request *req,
5264 			      u64 src_snapid, u64 src_version,
5265 			      struct ceph_object_id *src_oid,
5266 			      struct ceph_object_locator *src_oloc,
5267 			      u32 src_fadvise_flags,
5268 			      u32 dst_fadvise_flags,
5269 			      u32 truncate_seq, u64 truncate_size,
5270 			      u8 copy_from_flags)
5271 {
5272 	struct ceph_osd_req_op *op;
5273 	struct page **pages;
5274 	void *p, *end;
5275 
5276 	pages = ceph_alloc_page_vector(1, GFP_KERNEL);
5277 	if (IS_ERR(pages))
5278 		return PTR_ERR(pages);
5279 
5280 	op = osd_req_op_init(req, 0, CEPH_OSD_OP_COPY_FROM2,
5281 			     dst_fadvise_flags);
5282 	op->copy_from.snapid = src_snapid;
5283 	op->copy_from.src_version = src_version;
5284 	op->copy_from.flags = copy_from_flags;
5285 	op->copy_from.src_fadvise_flags = src_fadvise_flags;
5286 
5287 	p = page_address(pages[0]);
5288 	end = p + PAGE_SIZE;
5289 	ceph_encode_string(&p, end, src_oid->name, src_oid->name_len);
5290 	encode_oloc(&p, end, src_oloc);
5291 	ceph_encode_32(&p, truncate_seq);
5292 	ceph_encode_64(&p, truncate_size);
5293 	op->indata_len = PAGE_SIZE - (end - p);
5294 
5295 	ceph_osd_data_pages_init(&op->copy_from.osd_data, pages,
5296 				 op->indata_len, 0, false, true);
5297 	return 0;
5298 }
5299 EXPORT_SYMBOL(osd_req_op_copy_from_init);
5300 
5301 int __init ceph_osdc_setup(void)
5302 {
5303 	size_t size = sizeof(struct ceph_osd_request) +
5304 	    CEPH_OSD_SLAB_OPS * sizeof(struct ceph_osd_req_op);
5305 
5306 	BUG_ON(ceph_osd_request_cache);
5307 	ceph_osd_request_cache = kmem_cache_create("ceph_osd_request", size,
5308 						   0, 0, NULL);
5309 
5310 	return ceph_osd_request_cache ? 0 : -ENOMEM;
5311 }
5312 
5313 void ceph_osdc_cleanup(void)
5314 {
5315 	BUG_ON(!ceph_osd_request_cache);
5316 	kmem_cache_destroy(ceph_osd_request_cache);
5317 	ceph_osd_request_cache = NULL;
5318 }
5319 
5320 /*
5321  * handle incoming message
5322  */
5323 static void osd_dispatch(struct ceph_connection *con, struct ceph_msg *msg)
5324 {
5325 	struct ceph_osd *osd = con->private;
5326 	struct ceph_osd_client *osdc = osd->o_osdc;
5327 	int type = le16_to_cpu(msg->hdr.type);
5328 
5329 	switch (type) {
5330 	case CEPH_MSG_OSD_MAP:
5331 		ceph_osdc_handle_map(osdc, msg);
5332 		break;
5333 	case CEPH_MSG_OSD_OPREPLY:
5334 		handle_reply(osd, msg);
5335 		break;
5336 	case CEPH_MSG_OSD_BACKOFF:
5337 		handle_backoff(osd, msg);
5338 		break;
5339 	case CEPH_MSG_WATCH_NOTIFY:
5340 		handle_watch_notify(osdc, msg);
5341 		break;
5342 
5343 	default:
5344 		pr_err("received unknown message type %d %s\n", type,
5345 		       ceph_msg_type_name(type));
5346 	}
5347 
5348 	ceph_msg_put(msg);
5349 }
5350 
5351 /*
5352  * Lookup and return message for incoming reply.  Don't try to do
5353  * anything about a larger than preallocated data portion of the
5354  * message at the moment - for now, just skip the message.
5355  */
5356 static struct ceph_msg *get_reply(struct ceph_connection *con,
5357 				  struct ceph_msg_header *hdr,
5358 				  int *skip)
5359 {
5360 	struct ceph_osd *osd = con->private;
5361 	struct ceph_osd_client *osdc = osd->o_osdc;
5362 	struct ceph_msg *m = NULL;
5363 	struct ceph_osd_request *req;
5364 	int front_len = le32_to_cpu(hdr->front_len);
5365 	int data_len = le32_to_cpu(hdr->data_len);
5366 	u64 tid = le64_to_cpu(hdr->tid);
5367 
5368 	down_read(&osdc->lock);
5369 	if (!osd_registered(osd)) {
5370 		dout("%s osd%d unknown, skipping\n", __func__, osd->o_osd);
5371 		*skip = 1;
5372 		goto out_unlock_osdc;
5373 	}
5374 	WARN_ON(osd->o_osd != le64_to_cpu(hdr->src.num));
5375 
5376 	mutex_lock(&osd->lock);
5377 	req = lookup_request(&osd->o_requests, tid);
5378 	if (!req) {
5379 		dout("%s osd%d tid %llu unknown, skipping\n", __func__,
5380 		     osd->o_osd, tid);
5381 		*skip = 1;
5382 		goto out_unlock_session;
5383 	}
5384 
5385 	ceph_msg_revoke_incoming(req->r_reply);
5386 
5387 	if (front_len > req->r_reply->front_alloc_len) {
5388 		pr_warn("%s osd%d tid %llu front %d > preallocated %d\n",
5389 			__func__, osd->o_osd, req->r_tid, front_len,
5390 			req->r_reply->front_alloc_len);
5391 		m = ceph_msg_new(CEPH_MSG_OSD_OPREPLY, front_len, GFP_NOFS,
5392 				 false);
5393 		if (!m)
5394 			goto out_unlock_session;
5395 		ceph_msg_put(req->r_reply);
5396 		req->r_reply = m;
5397 	}
5398 
5399 	if (data_len > req->r_reply->data_length) {
5400 		pr_warn("%s osd%d tid %llu data %d > preallocated %zu, skipping\n",
5401 			__func__, osd->o_osd, req->r_tid, data_len,
5402 			req->r_reply->data_length);
5403 		m = NULL;
5404 		*skip = 1;
5405 		goto out_unlock_session;
5406 	}
5407 
5408 	m = ceph_msg_get(req->r_reply);
5409 	dout("get_reply tid %lld %p\n", tid, m);
5410 
5411 out_unlock_session:
5412 	mutex_unlock(&osd->lock);
5413 out_unlock_osdc:
5414 	up_read(&osdc->lock);
5415 	return m;
5416 }
5417 
5418 static struct ceph_msg *alloc_msg_with_page_vector(struct ceph_msg_header *hdr)
5419 {
5420 	struct ceph_msg *m;
5421 	int type = le16_to_cpu(hdr->type);
5422 	u32 front_len = le32_to_cpu(hdr->front_len);
5423 	u32 data_len = le32_to_cpu(hdr->data_len);
5424 
5425 	m = ceph_msg_new2(type, front_len, 1, GFP_NOIO, false);
5426 	if (!m)
5427 		return NULL;
5428 
5429 	if (data_len) {
5430 		struct page **pages;
5431 
5432 		pages = ceph_alloc_page_vector(calc_pages_for(0, data_len),
5433 					       GFP_NOIO);
5434 		if (IS_ERR(pages)) {
5435 			ceph_msg_put(m);
5436 			return NULL;
5437 		}
5438 
5439 		ceph_msg_data_add_pages(m, pages, data_len, 0, true);
5440 	}
5441 
5442 	return m;
5443 }
5444 
5445 static struct ceph_msg *osd_alloc_msg(struct ceph_connection *con,
5446 				      struct ceph_msg_header *hdr,
5447 				      int *skip)
5448 {
5449 	struct ceph_osd *osd = con->private;
5450 	int type = le16_to_cpu(hdr->type);
5451 
5452 	*skip = 0;
5453 	switch (type) {
5454 	case CEPH_MSG_OSD_MAP:
5455 	case CEPH_MSG_OSD_BACKOFF:
5456 	case CEPH_MSG_WATCH_NOTIFY:
5457 		return alloc_msg_with_page_vector(hdr);
5458 	case CEPH_MSG_OSD_OPREPLY:
5459 		return get_reply(con, hdr, skip);
5460 	default:
5461 		pr_warn("%s osd%d unknown msg type %d, skipping\n", __func__,
5462 			osd->o_osd, type);
5463 		*skip = 1;
5464 		return NULL;
5465 	}
5466 }
5467 
5468 /*
5469  * Wrappers to refcount containing ceph_osd struct
5470  */
5471 static struct ceph_connection *osd_get_con(struct ceph_connection *con)
5472 {
5473 	struct ceph_osd *osd = con->private;
5474 	if (get_osd(osd))
5475 		return con;
5476 	return NULL;
5477 }
5478 
5479 static void osd_put_con(struct ceph_connection *con)
5480 {
5481 	struct ceph_osd *osd = con->private;
5482 	put_osd(osd);
5483 }
5484 
5485 /*
5486  * authentication
5487  */
5488 
5489 /*
5490  * Note: returned pointer is the address of a structure that's
5491  * managed separately.  Caller must *not* attempt to free it.
5492  */
5493 static struct ceph_auth_handshake *
5494 osd_get_authorizer(struct ceph_connection *con, int *proto, int force_new)
5495 {
5496 	struct ceph_osd *o = con->private;
5497 	struct ceph_osd_client *osdc = o->o_osdc;
5498 	struct ceph_auth_client *ac = osdc->client->monc.auth;
5499 	struct ceph_auth_handshake *auth = &o->o_auth;
5500 	int ret;
5501 
5502 	ret = __ceph_auth_get_authorizer(ac, auth, CEPH_ENTITY_TYPE_OSD,
5503 					 force_new, proto, NULL, NULL);
5504 	if (ret)
5505 		return ERR_PTR(ret);
5506 
5507 	return auth;
5508 }
5509 
5510 static int osd_add_authorizer_challenge(struct ceph_connection *con,
5511 				    void *challenge_buf, int challenge_buf_len)
5512 {
5513 	struct ceph_osd *o = con->private;
5514 	struct ceph_osd_client *osdc = o->o_osdc;
5515 	struct ceph_auth_client *ac = osdc->client->monc.auth;
5516 
5517 	return ceph_auth_add_authorizer_challenge(ac, o->o_auth.authorizer,
5518 					    challenge_buf, challenge_buf_len);
5519 }
5520 
5521 static int osd_verify_authorizer_reply(struct ceph_connection *con)
5522 {
5523 	struct ceph_osd *o = con->private;
5524 	struct ceph_osd_client *osdc = o->o_osdc;
5525 	struct ceph_auth_client *ac = osdc->client->monc.auth;
5526 	struct ceph_auth_handshake *auth = &o->o_auth;
5527 
5528 	return ceph_auth_verify_authorizer_reply(ac, auth->authorizer,
5529 		auth->authorizer_reply_buf, auth->authorizer_reply_buf_len,
5530 		NULL, NULL, NULL, NULL);
5531 }
5532 
5533 static int osd_invalidate_authorizer(struct ceph_connection *con)
5534 {
5535 	struct ceph_osd *o = con->private;
5536 	struct ceph_osd_client *osdc = o->o_osdc;
5537 	struct ceph_auth_client *ac = osdc->client->monc.auth;
5538 
5539 	ceph_auth_invalidate_authorizer(ac, CEPH_ENTITY_TYPE_OSD);
5540 	return ceph_monc_validate_auth(&osdc->client->monc);
5541 }
5542 
5543 static int osd_get_auth_request(struct ceph_connection *con,
5544 				void *buf, int *buf_len,
5545 				void **authorizer, int *authorizer_len)
5546 {
5547 	struct ceph_osd *o = con->private;
5548 	struct ceph_auth_client *ac = o->o_osdc->client->monc.auth;
5549 	struct ceph_auth_handshake *auth = &o->o_auth;
5550 	int ret;
5551 
5552 	ret = ceph_auth_get_authorizer(ac, auth, CEPH_ENTITY_TYPE_OSD,
5553 				       buf, buf_len);
5554 	if (ret)
5555 		return ret;
5556 
5557 	*authorizer = auth->authorizer_buf;
5558 	*authorizer_len = auth->authorizer_buf_len;
5559 	return 0;
5560 }
5561 
5562 static int osd_handle_auth_reply_more(struct ceph_connection *con,
5563 				      void *reply, int reply_len,
5564 				      void *buf, int *buf_len,
5565 				      void **authorizer, int *authorizer_len)
5566 {
5567 	struct ceph_osd *o = con->private;
5568 	struct ceph_auth_client *ac = o->o_osdc->client->monc.auth;
5569 	struct ceph_auth_handshake *auth = &o->o_auth;
5570 	int ret;
5571 
5572 	ret = ceph_auth_handle_svc_reply_more(ac, auth, reply, reply_len,
5573 					      buf, buf_len);
5574 	if (ret)
5575 		return ret;
5576 
5577 	*authorizer = auth->authorizer_buf;
5578 	*authorizer_len = auth->authorizer_buf_len;
5579 	return 0;
5580 }
5581 
5582 static int osd_handle_auth_done(struct ceph_connection *con,
5583 				u64 global_id, void *reply, int reply_len,
5584 				u8 *session_key, int *session_key_len,
5585 				u8 *con_secret, int *con_secret_len)
5586 {
5587 	struct ceph_osd *o = con->private;
5588 	struct ceph_auth_client *ac = o->o_osdc->client->monc.auth;
5589 	struct ceph_auth_handshake *auth = &o->o_auth;
5590 
5591 	return ceph_auth_handle_svc_reply_done(ac, auth, reply, reply_len,
5592 					       session_key, session_key_len,
5593 					       con_secret, con_secret_len);
5594 }
5595 
5596 static int osd_handle_auth_bad_method(struct ceph_connection *con,
5597 				      int used_proto, int result,
5598 				      const int *allowed_protos, int proto_cnt,
5599 				      const int *allowed_modes, int mode_cnt)
5600 {
5601 	struct ceph_osd *o = con->private;
5602 	struct ceph_mon_client *monc = &o->o_osdc->client->monc;
5603 	int ret;
5604 
5605 	if (ceph_auth_handle_bad_authorizer(monc->auth, CEPH_ENTITY_TYPE_OSD,
5606 					    used_proto, result,
5607 					    allowed_protos, proto_cnt,
5608 					    allowed_modes, mode_cnt)) {
5609 		ret = ceph_monc_validate_auth(monc);
5610 		if (ret)
5611 			return ret;
5612 	}
5613 
5614 	return -EACCES;
5615 }
5616 
5617 static void osd_reencode_message(struct ceph_msg *msg)
5618 {
5619 	int type = le16_to_cpu(msg->hdr.type);
5620 
5621 	if (type == CEPH_MSG_OSD_OP)
5622 		encode_request_finish(msg);
5623 }
5624 
5625 static int osd_sign_message(struct ceph_msg *msg)
5626 {
5627 	struct ceph_osd *o = msg->con->private;
5628 	struct ceph_auth_handshake *auth = &o->o_auth;
5629 
5630 	return ceph_auth_sign_message(auth, msg);
5631 }
5632 
5633 static int osd_check_message_signature(struct ceph_msg *msg)
5634 {
5635 	struct ceph_osd *o = msg->con->private;
5636 	struct ceph_auth_handshake *auth = &o->o_auth;
5637 
5638 	return ceph_auth_check_message_signature(auth, msg);
5639 }
5640 
5641 static const struct ceph_connection_operations osd_con_ops = {
5642 	.get = osd_get_con,
5643 	.put = osd_put_con,
5644 	.alloc_msg = osd_alloc_msg,
5645 	.dispatch = osd_dispatch,
5646 	.fault = osd_fault,
5647 	.reencode_message = osd_reencode_message,
5648 	.get_authorizer = osd_get_authorizer,
5649 	.add_authorizer_challenge = osd_add_authorizer_challenge,
5650 	.verify_authorizer_reply = osd_verify_authorizer_reply,
5651 	.invalidate_authorizer = osd_invalidate_authorizer,
5652 	.sign_message = osd_sign_message,
5653 	.check_message_signature = osd_check_message_signature,
5654 	.get_auth_request = osd_get_auth_request,
5655 	.handle_auth_reply_more = osd_handle_auth_reply_more,
5656 	.handle_auth_done = osd_handle_auth_done,
5657 	.handle_auth_bad_method = osd_handle_auth_bad_method,
5658 };
5659