xref: /titanic_52/usr/src/uts/common/io/lofi.c (revision d321a33cdd896e6b211d113a33698dd76e89b861)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 /*
29  * lofi (loopback file) driver - allows you to attach a file to a device,
30  * which can then be accessed through that device. The simple model is that
31  * you tell lofi to open a file, and then use the block device you get as
32  * you would any block device. lofi translates access to the block device
33  * into I/O on the underlying file. This is mostly useful for
34  * mounting images of filesystems.
35  *
36  * lofi is controlled through /dev/lofictl - this is the only device exported
37  * during attach, and is minor number 0. lofiadm communicates with lofi through
38  * ioctls on this device. When a file is attached to lofi, block and character
39  * devices are exported in /dev/lofi and /dev/rlofi. Currently, these devices
40  * are identified by their minor number, and the minor number is also used
41  * as the name in /dev/lofi. If we ever decide to support virtual disks,
42  * we'll have to divide the minor number space to identify fdisk partitions
43  * and slices, and the name will then be the minor number shifted down a
44  * few bits. Minor devices are tracked with state structures handled with
45  * ddi_soft_state(9F) for simplicity.
46  *
47  * A file attached to lofi is opened when attached and not closed until
48  * explicitly detached from lofi. This seems more sensible than deferring
49  * the open until the /dev/lofi device is opened, for a number of reasons.
50  * One is that any failure is likely to be noticed by the person (or script)
51  * running lofiadm. Another is that it would be a security problem if the
52  * file was replaced by another one after being added but before being opened.
53  *
54  * The only hard part about lofi is the ioctls. In order to support things
55  * like 'newfs' on a lofi device, it needs to support certain disk ioctls.
56  * So it has to fake disk geometry and partition information. More may need
57  * to be faked if your favorite utility doesn't work and you think it should
58  * (fdformat doesn't work because it really wants to know the type of floppy
59  * controller to talk to, and that didn't seem easy to fake. Or possibly even
60  * necessary, since we have mkfs_pcfs now).
61  *
62  * Normally, a lofi device cannot be detached if it is open (i.e. busy).  To
63  * support simulation of hotplug events, an optional force flag is provided.
64  * If a lofi device is open when a force detach is requested, then the
65  * underlying file is closed and any subsequent operations return EIO.  When the
66  * device is closed for the last time, it will be cleaned up at that time.  In
67  * addition, the DKIOCSTATE ioctl will return DKIO_DEV_GONE when the device is
68  * detached but not removed.
69  *
70  * Known problems:
71  *
72  *	UFS logging. Mounting a UFS filesystem image "logging"
73  *	works for basic copy testing but wedges during a build of ON through
74  *	that image. Some deadlock in lufs holding the log mutex and then
75  *	getting stuck on a buf. So for now, don't do that.
76  *
77  *	Direct I/O. Since the filesystem data is being cached in the buffer
78  *	cache, _and_ again in the underlying filesystem, it's tempting to
79  *	enable direct I/O on the underlying file. Don't, because that deadlocks.
80  *	I think to fix the cache-twice problem we might need filesystem support.
81  *
82  *	lofi on itself. The simple lock strategy (lofi_lock) precludes this
83  *	because you'll be in lofi_ioctl, holding the lock when you open the
84  *	file, which, if it's lofi, will grab lofi_lock. We prevent this for
85  *	now, though not using ddi_soft_state(9F) would make it possible to
86  *	do. Though it would still be silly.
87  *
88  * Interesting things to do:
89  *
90  *	Allow multiple files for each device. A poor-man's metadisk, basically.
91  *
92  *	Pass-through ioctls on block devices. You can (though it's not
93  *	documented), give lofi a block device as a file name. Then we shouldn't
94  *	need to fake a geometry. But this is also silly unless you're replacing
95  *	metadisk.
96  *
97  *	Encryption. tpm would like this. Apparently Windows 2000 has it, and
98  *	so does Linux.
99  */
100 
101 #include <sys/types.h>
102 #include <netinet/in.h>
103 #include <sys/sysmacros.h>
104 #include <sys/cmn_err.h>
105 #include <sys/uio.h>
106 #include <sys/kmem.h>
107 #include <sys/cred.h>
108 #include <sys/mman.h>
109 #include <sys/errno.h>
110 #include <sys/aio_req.h>
111 #include <sys/stat.h>
112 #include <sys/file.h>
113 #include <sys/modctl.h>
114 #include <sys/conf.h>
115 #include <sys/debug.h>
116 #include <sys/vnode.h>
117 #include <sys/lofi.h>
118 #include <sys/fcntl.h>
119 #include <sys/pathname.h>
120 #include <sys/filio.h>
121 #include <sys/fdio.h>
122 #include <sys/open.h>
123 #include <sys/disp.h>
124 #include <vm/seg_map.h>
125 #include <sys/ddi.h>
126 #include <sys/sunddi.h>
127 #include <sys/zmod.h>
128 
129 #define	NBLOCKS_PROP_NAME	"Nblocks"
130 #define	SIZE_PROP_NAME		"Size"
131 
132 static dev_info_t *lofi_dip;
133 static void	*lofi_statep;
134 static kmutex_t lofi_lock;		/* state lock */
135 
136 /*
137  * Because lofi_taskq_nthreads limits the actual swamping of the device, the
138  * maxalloc parameter (lofi_taskq_maxalloc) should be tuned conservatively
139  * high.  If we want to be assured that the underlying device is always busy,
140  * we must be sure that the number of bytes enqueued when the number of
141  * enqueued tasks exceeds maxalloc is sufficient to keep the device busy for
142  * the duration of the sleep time in taskq_ent_alloc().  That is, lofi should
143  * set maxalloc to be the maximum throughput (in bytes per second) of the
144  * underlying device divided by the minimum I/O size.  We assume a realistic
145  * maximum throughput of one hundred megabytes per second; we set maxalloc on
146  * the lofi task queue to be 104857600 divided by DEV_BSIZE.
147  */
148 static int lofi_taskq_maxalloc = 104857600 / DEV_BSIZE;
149 static int lofi_taskq_nthreads = 4;	/* # of taskq threads per device */
150 
151 uint32_t lofi_max_files = LOFI_MAX_FILES;
152 
153 static int gzip_decompress(void *src, size_t srclen, void *dst,
154 	size_t *destlen, int level);
155 
156 lofi_compress_info_t lofi_compress_table[LOFI_COMPRESS_FUNCTIONS] = {
157 	{gzip_decompress,	NULL,	6,	"gzip"}, /* default */
158 	{gzip_decompress,	NULL,	6,	"gzip-6"},
159 	{gzip_decompress,	NULL,	9,	"gzip-9"}
160 };
161 
162 static int
163 lofi_busy(void)
164 {
165 	minor_t	minor;
166 
167 	/*
168 	 * We need to make sure no mappings exist - mod_remove won't
169 	 * help because the device isn't open.
170 	 */
171 	mutex_enter(&lofi_lock);
172 	for (minor = 1; minor <= lofi_max_files; minor++) {
173 		if (ddi_get_soft_state(lofi_statep, minor) != NULL) {
174 			mutex_exit(&lofi_lock);
175 			return (EBUSY);
176 		}
177 	}
178 	mutex_exit(&lofi_lock);
179 	return (0);
180 }
181 
182 static int
183 is_opened(struct lofi_state *lsp)
184 {
185 	ASSERT(mutex_owned(&lofi_lock));
186 	return (lsp->ls_chr_open || lsp->ls_blk_open || lsp->ls_lyr_open_count);
187 }
188 
189 static int
190 mark_opened(struct lofi_state *lsp, int otyp)
191 {
192 	ASSERT(mutex_owned(&lofi_lock));
193 	switch (otyp) {
194 	case OTYP_CHR:
195 		lsp->ls_chr_open = 1;
196 		break;
197 	case OTYP_BLK:
198 		lsp->ls_blk_open = 1;
199 		break;
200 	case OTYP_LYR:
201 		lsp->ls_lyr_open_count++;
202 		break;
203 	default:
204 		return (-1);
205 	}
206 	return (0);
207 }
208 
209 static void
210 mark_closed(struct lofi_state *lsp, int otyp)
211 {
212 	ASSERT(mutex_owned(&lofi_lock));
213 	switch (otyp) {
214 	case OTYP_CHR:
215 		lsp->ls_chr_open = 0;
216 		break;
217 	case OTYP_BLK:
218 		lsp->ls_blk_open = 0;
219 		break;
220 	case OTYP_LYR:
221 		lsp->ls_lyr_open_count--;
222 		break;
223 	default:
224 		break;
225 	}
226 }
227 
228 static void
229 lofi_free_handle(dev_t dev, minor_t minor, struct lofi_state *lsp,
230     cred_t *credp)
231 {
232 	dev_t	newdev;
233 	char	namebuf[50];
234 
235 	if (lsp->ls_vp) {
236 		(void) VOP_CLOSE(lsp->ls_vp, lsp->ls_openflag,
237 		    1, 0, credp, NULL);
238 		VN_RELE(lsp->ls_vp);
239 		lsp->ls_vp = NULL;
240 	}
241 
242 	newdev = makedevice(getmajor(dev), minor);
243 	(void) ddi_prop_remove(newdev, lofi_dip, SIZE_PROP_NAME);
244 	(void) ddi_prop_remove(newdev, lofi_dip, NBLOCKS_PROP_NAME);
245 
246 	(void) snprintf(namebuf, sizeof (namebuf), "%d", minor);
247 	ddi_remove_minor_node(lofi_dip, namebuf);
248 	(void) snprintf(namebuf, sizeof (namebuf), "%d,raw", minor);
249 	ddi_remove_minor_node(lofi_dip, namebuf);
250 
251 	kmem_free(lsp->ls_filename, lsp->ls_filename_sz);
252 	taskq_destroy(lsp->ls_taskq);
253 	if (lsp->ls_kstat) {
254 		kstat_delete(lsp->ls_kstat);
255 		mutex_destroy(&lsp->ls_kstat_lock);
256 	}
257 	ddi_soft_state_free(lofi_statep, minor);
258 }
259 
260 /*ARGSUSED*/
261 static int
262 lofi_open(dev_t *devp, int flag, int otyp, struct cred *credp)
263 {
264 	minor_t	minor;
265 	struct lofi_state *lsp;
266 
267 	mutex_enter(&lofi_lock);
268 	minor = getminor(*devp);
269 	if (minor == 0) {
270 		/* master control device */
271 		/* must be opened exclusively */
272 		if (((flag & FEXCL) != FEXCL) || (otyp != OTYP_CHR)) {
273 			mutex_exit(&lofi_lock);
274 			return (EINVAL);
275 		}
276 		lsp = ddi_get_soft_state(lofi_statep, 0);
277 		if (lsp == NULL) {
278 			mutex_exit(&lofi_lock);
279 			return (ENXIO);
280 		}
281 		if (is_opened(lsp)) {
282 			mutex_exit(&lofi_lock);
283 			return (EBUSY);
284 		}
285 		(void) mark_opened(lsp, OTYP_CHR);
286 		mutex_exit(&lofi_lock);
287 		return (0);
288 	}
289 
290 	/* otherwise, the mapping should already exist */
291 	lsp = ddi_get_soft_state(lofi_statep, minor);
292 	if (lsp == NULL) {
293 		mutex_exit(&lofi_lock);
294 		return (EINVAL);
295 	}
296 
297 	if (lsp->ls_vp == NULL) {
298 		mutex_exit(&lofi_lock);
299 		return (ENXIO);
300 	}
301 
302 	if (mark_opened(lsp, otyp) == -1) {
303 		mutex_exit(&lofi_lock);
304 		return (EINVAL);
305 	}
306 
307 	mutex_exit(&lofi_lock);
308 	return (0);
309 }
310 
311 /*ARGSUSED*/
312 static int
313 lofi_close(dev_t dev, int flag, int otyp, struct cred *credp)
314 {
315 	minor_t	minor;
316 	struct lofi_state *lsp;
317 
318 	mutex_enter(&lofi_lock);
319 	minor = getminor(dev);
320 	lsp = ddi_get_soft_state(lofi_statep, minor);
321 	if (lsp == NULL) {
322 		mutex_exit(&lofi_lock);
323 		return (EINVAL);
324 	}
325 	mark_closed(lsp, otyp);
326 
327 	/*
328 	 * If we have forcibly closed the underlying device, and this is the
329 	 * last close, then tear down the rest of the device.
330 	 */
331 	if (minor != 0 && lsp->ls_vp == NULL && !is_opened(lsp))
332 		lofi_free_handle(dev, minor, lsp, credp);
333 	mutex_exit(&lofi_lock);
334 	return (0);
335 }
336 
337 static int
338 lofi_mapped_rdwr(caddr_t bufaddr, offset_t offset, struct buf *bp,
339 	struct lofi_state *lsp)
340 {
341 	int error;
342 	offset_t alignedoffset, mapoffset;
343 	size_t	xfersize;
344 	int	isread;
345 	int 	smflags;
346 	caddr_t	mapaddr;
347 	size_t	len;
348 	enum seg_rw srw;
349 
350 	/*
351 	 * segmap always gives us an 8K (MAXBSIZE) chunk, aligned on
352 	 * an 8K boundary, but the buf transfer address may not be
353 	 * aligned on more than a 512-byte boundary (we don't enforce
354 	 * that even though we could). This matters since the initial
355 	 * part of the transfer may not start at offset 0 within the
356 	 * segmap'd chunk. So we have to compensate for that with
357 	 * 'mapoffset'. Subsequent chunks always start off at the
358 	 * beginning, and the last is capped by b_resid
359 	 */
360 	mapoffset = offset & MAXBOFFSET;
361 	alignedoffset = offset - mapoffset;
362 	bp->b_resid = bp->b_bcount;
363 	isread = bp->b_flags & B_READ;
364 	srw = isread ? S_READ : S_WRITE;
365 	do {
366 		xfersize = MIN(lsp->ls_vp_comp_size - offset,
367 		    MIN(MAXBSIZE - mapoffset, bp->b_resid));
368 		len = roundup(mapoffset + xfersize, PAGESIZE);
369 		mapaddr = segmap_getmapflt(segkmap, lsp->ls_vp,
370 		    alignedoffset, MAXBSIZE, 1, srw);
371 		/*
372 		 * Now fault in the pages. This lets us check
373 		 * for errors before we reference mapaddr and
374 		 * try to resolve the fault in bcopy (which would
375 		 * panic instead). And this can easily happen,
376 		 * particularly if you've lofi'd a file over NFS
377 		 * and someone deletes the file on the server.
378 		 */
379 		error = segmap_fault(kas.a_hat, segkmap, mapaddr,
380 		    len, F_SOFTLOCK, srw);
381 		if (error) {
382 			(void) segmap_release(segkmap, mapaddr, 0);
383 			if (FC_CODE(error) == FC_OBJERR)
384 				error = FC_ERRNO(error);
385 			else
386 				error = EIO;
387 			break;
388 		}
389 		smflags = 0;
390 		if (isread) {
391 			smflags |= SM_FREE;
392 			/*
393 			 * If we're reading an entire page starting
394 			 * at a page boundary, there's a good chance
395 			 * we won't need it again. Put it on the
396 			 * head of the freelist.
397 			 */
398 			if (mapoffset == 0 && xfersize == PAGESIZE)
399 				smflags |= SM_DONTNEED;
400 			bcopy(mapaddr + mapoffset, bufaddr, xfersize);
401 		} else {
402 			smflags |= SM_WRITE;
403 			bcopy(bufaddr, mapaddr + mapoffset, xfersize);
404 		}
405 		bp->b_resid -= xfersize;
406 		bufaddr += xfersize;
407 		offset += xfersize;
408 		(void) segmap_fault(kas.a_hat, segkmap, mapaddr,
409 		    len, F_SOFTUNLOCK, srw);
410 		error = segmap_release(segkmap, mapaddr, smflags);
411 		/* only the first map may start partial */
412 		mapoffset = 0;
413 		alignedoffset += MAXBSIZE;
414 	} while ((error == 0) && (bp->b_resid > 0) &&
415 	    (offset < lsp->ls_vp_comp_size));
416 
417 	return (error);
418 }
419 
420 /*ARGSUSED*/
421 static int gzip_decompress(void *src, size_t srclen, void *dst,
422     size_t *dstlen, int level)
423 {
424 	ASSERT(*dstlen >= srclen);
425 
426 	if (z_uncompress(dst, dstlen, src, srclen) != Z_OK)
427 		return (-1);
428 	return (0);
429 }
430 
431 /*
432  * This is basically what strategy used to be before we found we
433  * needed task queues.
434  */
435 static void
436 lofi_strategy_task(void *arg)
437 {
438 	struct buf *bp = (struct buf *)arg;
439 	int error;
440 	struct lofi_state *lsp;
441 	uint64_t sblkno, eblkno, cmpbytes;
442 	offset_t offset, sblkoff, eblkoff;
443 	u_offset_t salign, ealign;
444 	u_offset_t sdiff;
445 	uint32_t comp_data_sz;
446 	caddr_t bufaddr;
447 	unsigned char *compressed_seg = NULL, *cmpbuf;
448 	unsigned char *uncompressed_seg = NULL;
449 	lofi_compress_info_t *li;
450 	size_t oblkcount, xfersize;
451 	unsigned long seglen;
452 
453 	lsp = ddi_get_soft_state(lofi_statep, getminor(bp->b_edev));
454 	if (lsp->ls_kstat) {
455 		mutex_enter(lsp->ls_kstat->ks_lock);
456 		kstat_waitq_to_runq(KSTAT_IO_PTR(lsp->ls_kstat));
457 		mutex_exit(lsp->ls_kstat->ks_lock);
458 	}
459 	bp_mapin(bp);
460 	bufaddr = bp->b_un.b_addr;
461 	offset = bp->b_lblkno * DEV_BSIZE;	/* offset within file */
462 
463 	/*
464 	 * We used to always use vn_rdwr here, but we cannot do that because
465 	 * we might decide to read or write from the the underlying
466 	 * file during this call, which would be a deadlock because
467 	 * we have the rw_lock. So instead we page, unless it's not
468 	 * mapable or it's a character device.
469 	 */
470 	if (lsp->ls_vp == NULL || lsp->ls_vp_closereq) {
471 		error = EIO;
472 	} else if (((lsp->ls_vp->v_flag & VNOMAP) == 0) &&
473 	    (lsp->ls_vp->v_type != VCHR)) {
474 		uint64_t i;
475 
476 		/*
477 		 * Handle uncompressed files with a regular read
478 		 */
479 		if (lsp->ls_uncomp_seg_sz == 0) {
480 			error = lofi_mapped_rdwr(bufaddr, offset, bp, lsp);
481 			goto done;
482 		}
483 
484 		/*
485 		 * From here on we're dealing primarily with compressed files
486 		 */
487 
488 		/*
489 		 * Compressed files can only be read from and
490 		 * not written to
491 		 */
492 		if (!(bp->b_flags & B_READ)) {
493 			bp->b_resid = bp->b_bcount;
494 			error = EROFS;
495 			goto done;
496 		}
497 
498 		ASSERT(lsp->ls_comp_algorithm_index >= 0);
499 		li = &lofi_compress_table[lsp->ls_comp_algorithm_index];
500 		/*
501 		 * Compute starting and ending compressed segment numbers
502 		 * We use only bitwise operations avoiding division and
503 		 * modulus because we enforce the compression segment size
504 		 * to a power of 2
505 		 */
506 		sblkno = offset >> lsp->ls_comp_seg_shift;
507 		sblkoff = offset & (lsp->ls_uncomp_seg_sz - 1);
508 		eblkno = (offset + bp->b_bcount) >> lsp->ls_comp_seg_shift;
509 		eblkoff = (offset + bp->b_bcount) & (lsp->ls_uncomp_seg_sz - 1);
510 
511 		/*
512 		 * Align start offset to block boundary for segmap
513 		 */
514 		salign = lsp->ls_comp_seg_index[sblkno];
515 		sdiff = salign & (DEV_BSIZE - 1);
516 		salign -= sdiff;
517 		if (eblkno >= (lsp->ls_comp_index_sz - 1)) {
518 			/*
519 			 * We're dealing with the last segment of
520 			 * the compressed file -- the size of this
521 			 * segment *may not* be the same as the
522 			 * segment size for the file
523 			 */
524 			eblkoff = (offset + bp->b_bcount) &
525 			    (lsp->ls_uncomp_last_seg_sz - 1);
526 			ealign = lsp->ls_vp_comp_size;
527 		} else {
528 			ealign = lsp->ls_comp_seg_index[eblkno + 1];
529 		}
530 
531 		/*
532 		 * Preserve original request paramaters
533 		 */
534 		oblkcount = bp->b_bcount;
535 
536 		/*
537 		 * Assign the calculated parameters
538 		 */
539 		comp_data_sz = ealign - salign;
540 		bp->b_bcount = comp_data_sz;
541 
542 		/*
543 		 * Allocate fixed size memory blocks to hold compressed
544 		 * segments and one uncompressed segment since we
545 		 * uncompress segments one at a time
546 		 */
547 		compressed_seg = kmem_alloc(bp->b_bcount, KM_SLEEP);
548 		uncompressed_seg = kmem_alloc(lsp->ls_uncomp_seg_sz, KM_SLEEP);
549 		/*
550 		 * Map in the calculated number of blocks
551 		 */
552 		error = lofi_mapped_rdwr((caddr_t)compressed_seg, salign,
553 		    bp, lsp);
554 
555 		bp->b_bcount = oblkcount;
556 		bp->b_resid = oblkcount;
557 		if (error != 0)
558 			goto done;
559 
560 		/*
561 		 * We have the compressed blocks, now uncompress them
562 		 */
563 		cmpbuf = compressed_seg + sdiff;
564 		for (i = sblkno; i < (eblkno + 1) && i < lsp->ls_comp_index_sz;
565 		    i++) {
566 			/*
567 			 * Each of the segment index entries contains
568 			 * the starting block number for that segment.
569 			 * The number of compressed bytes in a segment
570 			 * is thus the difference between the starting
571 			 * block number of this segment and the starting
572 			 * block number of the next segment.
573 			 */
574 			if ((i == eblkno) &&
575 			    (i == lsp->ls_comp_index_sz - 1)) {
576 				cmpbytes = lsp->ls_vp_comp_size -
577 				    lsp->ls_comp_seg_index[i];
578 			} else {
579 				cmpbytes = lsp->ls_comp_seg_index[i + 1] -
580 				    lsp->ls_comp_seg_index[i];
581 			}
582 
583 			/*
584 			 * The first byte in a compressed segment is a flag
585 			 * that indicates whether this segment is compressed
586 			 * at all
587 			 */
588 			if (*cmpbuf == UNCOMPRESSED) {
589 				bcopy((cmpbuf + SEGHDR), uncompressed_seg,
590 				    (cmpbytes - SEGHDR));
591 			} else {
592 				seglen = lsp->ls_uncomp_seg_sz;
593 
594 				if (li->l_decompress((cmpbuf + SEGHDR),
595 				    (cmpbytes - SEGHDR), uncompressed_seg,
596 				    &seglen, li->l_level) != 0) {
597 					error = EIO;
598 					goto done;
599 				}
600 			}
601 
602 			/*
603 			 * Determine how much uncompressed data we
604 			 * have to copy and copy it
605 			 */
606 			xfersize = lsp->ls_uncomp_seg_sz - sblkoff;
607 			if (i == eblkno) {
608 				if (i == (lsp->ls_comp_index_sz - 1))
609 					xfersize -= (lsp->ls_uncomp_last_seg_sz
610 					    - eblkoff);
611 				else
612 					xfersize -=
613 					    (lsp->ls_uncomp_seg_sz - eblkoff);
614 			}
615 
616 			bcopy((uncompressed_seg + sblkoff), bufaddr, xfersize);
617 
618 			cmpbuf += cmpbytes;
619 			bufaddr += xfersize;
620 			bp->b_resid -= xfersize;
621 			sblkoff = 0;
622 
623 			if (bp->b_resid == 0)
624 				break;
625 		}
626 	} else {
627 		ssize_t	resid;
628 		enum uio_rw rw;
629 
630 		if (bp->b_flags & B_READ)
631 			rw = UIO_READ;
632 		else
633 			rw = UIO_WRITE;
634 		error = vn_rdwr(rw, lsp->ls_vp, bufaddr, bp->b_bcount,
635 		    offset, UIO_SYSSPACE, 0, RLIM64_INFINITY, kcred, &resid);
636 		bp->b_resid = resid;
637 	}
638 
639 done:
640 	if (compressed_seg != NULL)
641 		kmem_free(compressed_seg, comp_data_sz);
642 	if (uncompressed_seg != NULL)
643 		kmem_free(uncompressed_seg, lsp->ls_uncomp_seg_sz);
644 
645 	if (lsp->ls_kstat) {
646 		size_t n_done = bp->b_bcount - bp->b_resid;
647 		kstat_io_t *kioptr;
648 
649 		mutex_enter(lsp->ls_kstat->ks_lock);
650 		kioptr = KSTAT_IO_PTR(lsp->ls_kstat);
651 		if (bp->b_flags & B_READ) {
652 			kioptr->nread += n_done;
653 			kioptr->reads++;
654 		} else {
655 			kioptr->nwritten += n_done;
656 			kioptr->writes++;
657 		}
658 		kstat_runq_exit(kioptr);
659 		mutex_exit(lsp->ls_kstat->ks_lock);
660 	}
661 
662 	mutex_enter(&lsp->ls_vp_lock);
663 	if (--lsp->ls_vp_iocount == 0)
664 		cv_broadcast(&lsp->ls_vp_cv);
665 	mutex_exit(&lsp->ls_vp_lock);
666 
667 	bioerror(bp, error);
668 	biodone(bp);
669 }
670 
671 static int
672 lofi_strategy(struct buf *bp)
673 {
674 	struct lofi_state *lsp;
675 	offset_t	offset;
676 
677 	/*
678 	 * We cannot just do I/O here, because the current thread
679 	 * _might_ end up back in here because the underlying filesystem
680 	 * wants a buffer, which eventually gets into bio_recycle and
681 	 * might call into lofi to write out a delayed-write buffer.
682 	 * This is bad if the filesystem above lofi is the same as below.
683 	 *
684 	 * We could come up with a complex strategy using threads to
685 	 * do the I/O asynchronously, or we could use task queues. task
686 	 * queues were incredibly easy so they win.
687 	 */
688 	lsp = ddi_get_soft_state(lofi_statep, getminor(bp->b_edev));
689 	mutex_enter(&lsp->ls_vp_lock);
690 	if (lsp->ls_vp == NULL || lsp->ls_vp_closereq) {
691 		bioerror(bp, EIO);
692 		biodone(bp);
693 		mutex_exit(&lsp->ls_vp_lock);
694 		return (0);
695 	}
696 
697 	offset = bp->b_lblkno * DEV_BSIZE;	/* offset within file */
698 	if (offset == lsp->ls_vp_size) {
699 		/* EOF */
700 		if ((bp->b_flags & B_READ) != 0) {
701 			bp->b_resid = bp->b_bcount;
702 			bioerror(bp, 0);
703 		} else {
704 			/* writes should fail */
705 			bioerror(bp, ENXIO);
706 		}
707 		biodone(bp);
708 		mutex_exit(&lsp->ls_vp_lock);
709 		return (0);
710 	}
711 	if (offset > lsp->ls_vp_size) {
712 		bioerror(bp, ENXIO);
713 		biodone(bp);
714 		mutex_exit(&lsp->ls_vp_lock);
715 		return (0);
716 	}
717 	lsp->ls_vp_iocount++;
718 	mutex_exit(&lsp->ls_vp_lock);
719 
720 	if (lsp->ls_kstat) {
721 		mutex_enter(lsp->ls_kstat->ks_lock);
722 		kstat_waitq_enter(KSTAT_IO_PTR(lsp->ls_kstat));
723 		mutex_exit(lsp->ls_kstat->ks_lock);
724 	}
725 	(void) taskq_dispatch(lsp->ls_taskq, lofi_strategy_task, bp, KM_SLEEP);
726 	return (0);
727 }
728 
729 /*ARGSUSED2*/
730 static int
731 lofi_read(dev_t dev, struct uio *uio, struct cred *credp)
732 {
733 	if (getminor(dev) == 0)
734 		return (EINVAL);
735 	return (physio(lofi_strategy, NULL, dev, B_READ, minphys, uio));
736 }
737 
738 /*ARGSUSED2*/
739 static int
740 lofi_write(dev_t dev, struct uio *uio, struct cred *credp)
741 {
742 	if (getminor(dev) == 0)
743 		return (EINVAL);
744 	return (physio(lofi_strategy, NULL, dev, B_WRITE, minphys, uio));
745 }
746 
747 /*ARGSUSED2*/
748 static int
749 lofi_aread(dev_t dev, struct aio_req *aio, struct cred *credp)
750 {
751 	if (getminor(dev) == 0)
752 		return (EINVAL);
753 	return (aphysio(lofi_strategy, anocancel, dev, B_READ, minphys, aio));
754 }
755 
756 /*ARGSUSED2*/
757 static int
758 lofi_awrite(dev_t dev, struct aio_req *aio, struct cred *credp)
759 {
760 	if (getminor(dev) == 0)
761 		return (EINVAL);
762 	return (aphysio(lofi_strategy, anocancel, dev, B_WRITE, minphys, aio));
763 }
764 
765 /*ARGSUSED*/
766 static int
767 lofi_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result)
768 {
769 	switch (infocmd) {
770 	case DDI_INFO_DEVT2DEVINFO:
771 		*result = lofi_dip;
772 		return (DDI_SUCCESS);
773 	case DDI_INFO_DEVT2INSTANCE:
774 		*result = 0;
775 		return (DDI_SUCCESS);
776 	}
777 	return (DDI_FAILURE);
778 }
779 
780 static int
781 lofi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
782 {
783 	int	error;
784 
785 	if (cmd != DDI_ATTACH)
786 		return (DDI_FAILURE);
787 	error = ddi_soft_state_zalloc(lofi_statep, 0);
788 	if (error == DDI_FAILURE) {
789 		return (DDI_FAILURE);
790 	}
791 	error = ddi_create_minor_node(dip, LOFI_CTL_NODE, S_IFCHR, 0,
792 	    DDI_PSEUDO, NULL);
793 	if (error == DDI_FAILURE) {
794 		ddi_soft_state_free(lofi_statep, 0);
795 		return (DDI_FAILURE);
796 	}
797 	/* driver handles kernel-issued IOCTLs */
798 	if (ddi_prop_create(DDI_DEV_T_NONE, dip, DDI_PROP_CANSLEEP,
799 	    DDI_KERNEL_IOCTL, NULL, 0) != DDI_PROP_SUCCESS) {
800 		ddi_remove_minor_node(dip, NULL);
801 		ddi_soft_state_free(lofi_statep, 0);
802 		return (DDI_FAILURE);
803 	}
804 	lofi_dip = dip;
805 	ddi_report_dev(dip);
806 	return (DDI_SUCCESS);
807 }
808 
809 static int
810 lofi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd)
811 {
812 	if (cmd != DDI_DETACH)
813 		return (DDI_FAILURE);
814 	if (lofi_busy())
815 		return (DDI_FAILURE);
816 	lofi_dip = NULL;
817 	ddi_remove_minor_node(dip, NULL);
818 	ddi_prop_remove_all(dip);
819 	ddi_soft_state_free(lofi_statep, 0);
820 	return (DDI_SUCCESS);
821 }
822 
823 /*
824  * These two just simplify the rest of the ioctls that need to copyin/out
825  * the lofi_ioctl structure.
826  */
827 struct lofi_ioctl *
828 copy_in_lofi_ioctl(const struct lofi_ioctl *ulip, int flag)
829 {
830 	struct lofi_ioctl *klip;
831 	int	error;
832 
833 	klip = kmem_alloc(sizeof (struct lofi_ioctl), KM_SLEEP);
834 	error = ddi_copyin(ulip, klip, sizeof (struct lofi_ioctl), flag);
835 	if (error) {
836 		kmem_free(klip, sizeof (struct lofi_ioctl));
837 		return (NULL);
838 	}
839 
840 	/* make sure filename is always null-terminated */
841 	klip->li_filename[MAXPATHLEN] = '\0';
842 
843 	/* validate minor number */
844 	if (klip->li_minor > lofi_max_files) {
845 		kmem_free(klip, sizeof (struct lofi_ioctl));
846 		return (NULL);
847 	}
848 	return (klip);
849 }
850 
851 int
852 copy_out_lofi_ioctl(const struct lofi_ioctl *klip, struct lofi_ioctl *ulip,
853 	int flag)
854 {
855 	int	error;
856 
857 	error = ddi_copyout(klip, ulip, sizeof (struct lofi_ioctl), flag);
858 	if (error)
859 		return (EFAULT);
860 	return (0);
861 }
862 
863 void
864 free_lofi_ioctl(struct lofi_ioctl *klip)
865 {
866 	kmem_free(klip, sizeof (struct lofi_ioctl));
867 }
868 
869 /*
870  * Return the minor number 'filename' is mapped to, if it is.
871  */
872 static int
873 file_to_minor(char *filename)
874 {
875 	minor_t	minor;
876 	struct lofi_state *lsp;
877 
878 	ASSERT(mutex_owned(&lofi_lock));
879 	for (minor = 1; minor <= lofi_max_files; minor++) {
880 		lsp = ddi_get_soft_state(lofi_statep, minor);
881 		if (lsp == NULL)
882 			continue;
883 		if (strcmp(lsp->ls_filename, filename) == 0)
884 			return (minor);
885 	}
886 	return (0);
887 }
888 
889 /*
890  * lofiadm does some validation, but since Joe Random (or crashme) could
891  * do our ioctls, we need to do some validation too.
892  */
893 static int
894 valid_filename(const char *filename)
895 {
896 	static char *blkprefix = "/dev/" LOFI_BLOCK_NAME "/";
897 	static char *charprefix = "/dev/" LOFI_CHAR_NAME "/";
898 
899 	/* must be absolute path */
900 	if (filename[0] != '/')
901 		return (0);
902 	/* must not be lofi */
903 	if (strncmp(filename, blkprefix, strlen(blkprefix)) == 0)
904 		return (0);
905 	if (strncmp(filename, charprefix, strlen(charprefix)) == 0)
906 		return (0);
907 	return (1);
908 }
909 
910 /*
911  * Fakes up a disk geometry, and one big partition, based on the size
912  * of the file. This is needed because we allow newfs'ing the device,
913  * and newfs will do several disk ioctls to figure out the geometry and
914  * partition information. It uses that information to determine the parameters
915  * to pass to mkfs. Geometry is pretty much irrelevant these days, but we
916  * have to support it.
917  */
918 static void
919 fake_disk_geometry(struct lofi_state *lsp)
920 {
921 	/* dk_geom - see dkio(7I) */
922 	/*
923 	 * dkg_ncyl _could_ be set to one here (one big cylinder with gobs
924 	 * of sectors), but that breaks programs like fdisk which want to
925 	 * partition a disk by cylinder. With one cylinder, you can't create
926 	 * an fdisk partition and put pcfs on it for testing (hard to pick
927 	 * a number between one and one).
928 	 *
929 	 * The cheezy floppy test is an attempt to not have too few cylinders
930 	 * for a small file, or so many on a big file that you waste space
931 	 * for backup superblocks or cylinder group structures.
932 	 */
933 	if (lsp->ls_vp_size < (2 * 1024 * 1024)) /* floppy? */
934 		lsp->ls_dkg.dkg_ncyl = lsp->ls_vp_size / (100 * 1024);
935 	else
936 		lsp->ls_dkg.dkg_ncyl = lsp->ls_vp_size / (300 * 1024);
937 	/* in case file file is < 100k */
938 	if (lsp->ls_dkg.dkg_ncyl == 0)
939 		lsp->ls_dkg.dkg_ncyl = 1;
940 	lsp->ls_dkg.dkg_acyl = 0;
941 	lsp->ls_dkg.dkg_bcyl = 0;
942 	lsp->ls_dkg.dkg_nhead = 1;
943 	lsp->ls_dkg.dkg_obs1 = 0;
944 	lsp->ls_dkg.dkg_intrlv = 0;
945 	lsp->ls_dkg.dkg_obs2 = 0;
946 	lsp->ls_dkg.dkg_obs3 = 0;
947 	lsp->ls_dkg.dkg_apc = 0;
948 	lsp->ls_dkg.dkg_rpm = 7200;
949 	lsp->ls_dkg.dkg_pcyl = lsp->ls_dkg.dkg_ncyl + lsp->ls_dkg.dkg_acyl;
950 	lsp->ls_dkg.dkg_nsect = lsp->ls_vp_size /
951 	    (DEV_BSIZE * lsp->ls_dkg.dkg_ncyl);
952 	lsp->ls_dkg.dkg_write_reinstruct = 0;
953 	lsp->ls_dkg.dkg_read_reinstruct = 0;
954 
955 	/* vtoc - see dkio(7I) */
956 	bzero(&lsp->ls_vtoc, sizeof (struct vtoc));
957 	lsp->ls_vtoc.v_sanity = VTOC_SANE;
958 	lsp->ls_vtoc.v_version = V_VERSION;
959 	bcopy(LOFI_DRIVER_NAME, lsp->ls_vtoc.v_volume, 7);
960 	lsp->ls_vtoc.v_sectorsz = DEV_BSIZE;
961 	lsp->ls_vtoc.v_nparts = 1;
962 	lsp->ls_vtoc.v_part[0].p_tag = V_UNASSIGNED;
963 
964 	/*
965 	 * A compressed file is read-only, other files can
966 	 * be read-write
967 	 */
968 	if (lsp->ls_uncomp_seg_sz > 0) {
969 		lsp->ls_vtoc.v_part[0].p_flag = V_UNMNT | V_RONLY;
970 	} else {
971 		lsp->ls_vtoc.v_part[0].p_flag = V_UNMNT;
972 	}
973 	lsp->ls_vtoc.v_part[0].p_start = (daddr_t)0;
974 	/*
975 	 * The partition size cannot just be the number of sectors, because
976 	 * that might not end on a cylinder boundary. And if that's the case,
977 	 * newfs/mkfs will print a scary warning. So just figure the size
978 	 * based on the number of cylinders and sectors/cylinder.
979 	 */
980 	lsp->ls_vtoc.v_part[0].p_size = lsp->ls_dkg.dkg_pcyl *
981 	    lsp->ls_dkg.dkg_nsect * lsp->ls_dkg.dkg_nhead;
982 
983 	/* dk_cinfo - see dkio(7I) */
984 	bzero(&lsp->ls_ci, sizeof (struct dk_cinfo));
985 	(void) strcpy(lsp->ls_ci.dki_cname, LOFI_DRIVER_NAME);
986 	lsp->ls_ci.dki_ctype = DKC_MD;
987 	lsp->ls_ci.dki_flags = 0;
988 	lsp->ls_ci.dki_cnum = 0;
989 	lsp->ls_ci.dki_addr = 0;
990 	lsp->ls_ci.dki_space = 0;
991 	lsp->ls_ci.dki_prio = 0;
992 	lsp->ls_ci.dki_vec = 0;
993 	(void) strcpy(lsp->ls_ci.dki_dname, LOFI_DRIVER_NAME);
994 	lsp->ls_ci.dki_unit = 0;
995 	lsp->ls_ci.dki_slave = 0;
996 	lsp->ls_ci.dki_partition = 0;
997 	/*
998 	 * newfs uses this to set maxcontig. Must not be < 16, or it
999 	 * will be 0 when newfs multiplies it by DEV_BSIZE and divides
1000 	 * it by the block size. Then tunefs doesn't work because
1001 	 * maxcontig is 0.
1002 	 */
1003 	lsp->ls_ci.dki_maxtransfer = 16;
1004 }
1005 
1006 /*
1007  * map in a compressed file
1008  *
1009  * Read in the header and the index that follows.
1010  *
1011  * The header is as follows -
1012  *
1013  * Signature (name of the compression algorithm)
1014  * Compression segment size (a multiple of 512)
1015  * Number of index entries
1016  * Size of the last block
1017  * The array containing the index entries
1018  *
1019  * The header information is always stored in
1020  * network byte order on disk.
1021  */
1022 static int
1023 lofi_map_compressed_file(struct lofi_state *lsp, char *buf)
1024 {
1025 	uint32_t index_sz, header_len, i;
1026 	ssize_t	resid;
1027 	enum uio_rw rw;
1028 	char *tbuf = buf;
1029 	int error;
1030 
1031 	/* The signature has already been read */
1032 	tbuf += sizeof (lsp->ls_comp_algorithm);
1033 	bcopy(tbuf, &(lsp->ls_uncomp_seg_sz), sizeof (lsp->ls_uncomp_seg_sz));
1034 	lsp->ls_uncomp_seg_sz = ntohl(lsp->ls_uncomp_seg_sz);
1035 
1036 	/*
1037 	 * The compressed segment size must be a power of 2
1038 	 */
1039 	if (lsp->ls_uncomp_seg_sz % 2)
1040 		return (EINVAL);
1041 
1042 	for (i = 0; !((lsp->ls_uncomp_seg_sz >> i) & 1); i++)
1043 		;
1044 
1045 	lsp->ls_comp_seg_shift = i;
1046 
1047 	tbuf += sizeof (lsp->ls_uncomp_seg_sz);
1048 	bcopy(tbuf, &(lsp->ls_comp_index_sz), sizeof (lsp->ls_comp_index_sz));
1049 	lsp->ls_comp_index_sz = ntohl(lsp->ls_comp_index_sz);
1050 
1051 	tbuf += sizeof (lsp->ls_comp_index_sz);
1052 	bcopy(tbuf, &(lsp->ls_uncomp_last_seg_sz),
1053 	    sizeof (lsp->ls_uncomp_last_seg_sz));
1054 	lsp->ls_uncomp_last_seg_sz = ntohl(lsp->ls_uncomp_last_seg_sz);
1055 
1056 	/*
1057 	 * Compute the total size of the uncompressed data
1058 	 * for use in fake_disk_geometry and other calculations.
1059 	 * Disk geometry has to be faked with respect to the
1060 	 * actual uncompressed data size rather than the
1061 	 * compressed file size.
1062 	 */
1063 	lsp->ls_vp_size = (lsp->ls_comp_index_sz - 2) * lsp->ls_uncomp_seg_sz
1064 	    + lsp->ls_uncomp_last_seg_sz;
1065 
1066 	/*
1067 	 * Index size is rounded up to a 512 byte boundary for ease
1068 	 * of segmapping
1069 	 */
1070 	index_sz = sizeof (*lsp->ls_comp_seg_index) * lsp->ls_comp_index_sz;
1071 	header_len = sizeof (lsp->ls_comp_algorithm) +
1072 	    sizeof (lsp->ls_uncomp_seg_sz) +
1073 	    sizeof (lsp->ls_comp_index_sz) +
1074 	    sizeof (lsp->ls_uncomp_last_seg_sz);
1075 	lsp->ls_comp_offbase = header_len + index_sz;
1076 
1077 	index_sz += header_len;
1078 	index_sz = roundup(index_sz, DEV_BSIZE);
1079 
1080 	lsp->ls_comp_index_data = kmem_alloc(index_sz, KM_SLEEP);
1081 	lsp->ls_comp_index_data_sz = index_sz;
1082 
1083 	/*
1084 	 * Read in the index -- this has a side-effect
1085 	 * of reading in the header as well
1086 	 */
1087 	rw = UIO_READ;
1088 	error = vn_rdwr(rw, lsp->ls_vp, lsp->ls_comp_index_data, index_sz,
1089 	    0, UIO_SYSSPACE, 0, RLIM64_INFINITY, kcred, &resid);
1090 
1091 	if (error != 0)
1092 		return (error);
1093 
1094 	/* Skip the header, this is where the index really begins */
1095 	lsp->ls_comp_seg_index =
1096 	    /*LINTED*/
1097 	    (uint64_t *)(lsp->ls_comp_index_data + header_len);
1098 
1099 	/*
1100 	 * Now recompute offsets in the index to account for
1101 	 * the header length
1102 	 */
1103 	for (i = 0; i < lsp->ls_comp_index_sz; i++) {
1104 		lsp->ls_comp_seg_index[i] = lsp->ls_comp_offbase +
1105 		    BE_64(lsp->ls_comp_seg_index[i]);
1106 	}
1107 
1108 	return (error);
1109 }
1110 
1111 /*
1112  * Check to see if the passed in signature is a valid
1113  * one. If it is valid, return the index into
1114  * lofi_compress_table.
1115  *
1116  * Return -1 if it is invalid
1117  */
1118 static int lofi_compress_select(char *signature)
1119 {
1120 	int i;
1121 
1122 	for (i = 0; i < LOFI_COMPRESS_FUNCTIONS; i++) {
1123 		if (strcmp(lofi_compress_table[i].l_name, signature) == 0)
1124 			return (i);
1125 	}
1126 
1127 	return (-1);
1128 }
1129 
1130 /*
1131  * map a file to a minor number. Return the minor number.
1132  */
1133 static int
1134 lofi_map_file(dev_t dev, struct lofi_ioctl *ulip, int pickminor,
1135     int *rvalp, struct cred *credp, int ioctl_flag)
1136 {
1137 	minor_t	newminor;
1138 	struct lofi_state *lsp;
1139 	struct lofi_ioctl *klip;
1140 	int	error;
1141 	struct vnode *vp;
1142 	int64_t	Nblocks_prop_val;
1143 	int64_t	Size_prop_val;
1144 	int	compress_index;
1145 	vattr_t	vattr;
1146 	int	flag;
1147 	enum vtype v_type;
1148 	int zalloced = 0;
1149 	dev_t	newdev;
1150 	char	namebuf[50];
1151 	char 	buf[DEV_BSIZE];
1152 	char 	*tbuf;
1153 	ssize_t	resid;
1154 	enum uio_rw rw;
1155 
1156 	klip = copy_in_lofi_ioctl(ulip, ioctl_flag);
1157 	if (klip == NULL)
1158 		return (EFAULT);
1159 
1160 	mutex_enter(&lofi_lock);
1161 
1162 	if (!valid_filename(klip->li_filename)) {
1163 		error = EINVAL;
1164 		goto out;
1165 	}
1166 
1167 	if (file_to_minor(klip->li_filename) != 0) {
1168 		error = EBUSY;
1169 		goto out;
1170 	}
1171 
1172 	if (pickminor) {
1173 		/* Find a free one */
1174 		for (newminor = 1; newminor <= lofi_max_files; newminor++)
1175 			if (ddi_get_soft_state(lofi_statep, newminor) == NULL)
1176 				break;
1177 		if (newminor >= lofi_max_files) {
1178 			error = EAGAIN;
1179 			goto out;
1180 		}
1181 	} else {
1182 		newminor = klip->li_minor;
1183 		if (ddi_get_soft_state(lofi_statep, newminor) != NULL) {
1184 			error = EEXIST;
1185 			goto out;
1186 		}
1187 	}
1188 
1189 	/* make sure it's valid */
1190 	error = lookupname(klip->li_filename, UIO_SYSSPACE, FOLLOW,
1191 	    NULLVPP, &vp);
1192 	if (error) {
1193 		goto out;
1194 	}
1195 	v_type = vp->v_type;
1196 	VN_RELE(vp);
1197 	if (!V_ISLOFIABLE(v_type)) {
1198 		error = EINVAL;
1199 		goto out;
1200 	}
1201 	flag = FREAD | FWRITE | FOFFMAX | FEXCL;
1202 	error = vn_open(klip->li_filename, UIO_SYSSPACE, flag, 0, &vp, 0, 0);
1203 	if (error) {
1204 		/* try read-only */
1205 		flag &= ~FWRITE;
1206 		error = vn_open(klip->li_filename, UIO_SYSSPACE, flag, 0,
1207 		    &vp, 0, 0);
1208 		if (error) {
1209 			goto out;
1210 		}
1211 	}
1212 	vattr.va_mask = AT_SIZE;
1213 	error = VOP_GETATTR(vp, &vattr, 0, credp, NULL);
1214 	if (error) {
1215 		goto closeout;
1216 	}
1217 	/* the file needs to be a multiple of the block size */
1218 	if ((vattr.va_size % DEV_BSIZE) != 0) {
1219 		error = EINVAL;
1220 		goto closeout;
1221 	}
1222 	newdev = makedevice(getmajor(dev), newminor);
1223 	Size_prop_val = vattr.va_size;
1224 	if ((ddi_prop_update_int64(newdev, lofi_dip,
1225 	    SIZE_PROP_NAME, Size_prop_val)) != DDI_PROP_SUCCESS) {
1226 		error = EINVAL;
1227 		goto closeout;
1228 	}
1229 	Nblocks_prop_val = vattr.va_size / DEV_BSIZE;
1230 	if ((ddi_prop_update_int64(newdev, lofi_dip,
1231 	    NBLOCKS_PROP_NAME, Nblocks_prop_val)) != DDI_PROP_SUCCESS) {
1232 		error = EINVAL;
1233 		goto propout;
1234 	}
1235 	error = ddi_soft_state_zalloc(lofi_statep, newminor);
1236 	if (error == DDI_FAILURE) {
1237 		error = ENOMEM;
1238 		goto propout;
1239 	}
1240 	zalloced = 1;
1241 	(void) snprintf(namebuf, sizeof (namebuf), "%d", newminor);
1242 	(void) ddi_create_minor_node(lofi_dip, namebuf, S_IFBLK, newminor,
1243 	    DDI_PSEUDO, NULL);
1244 	if (error != DDI_SUCCESS) {
1245 		error = ENXIO;
1246 		goto propout;
1247 	}
1248 	(void) snprintf(namebuf, sizeof (namebuf), "%d,raw", newminor);
1249 	error = ddi_create_minor_node(lofi_dip, namebuf, S_IFCHR, newminor,
1250 	    DDI_PSEUDO, NULL);
1251 	if (error != DDI_SUCCESS) {
1252 		/* remove block node */
1253 		(void) snprintf(namebuf, sizeof (namebuf), "%d", newminor);
1254 		ddi_remove_minor_node(lofi_dip, namebuf);
1255 		error = ENXIO;
1256 		goto propout;
1257 	}
1258 	lsp = ddi_get_soft_state(lofi_statep, newminor);
1259 	lsp->ls_filename_sz = strlen(klip->li_filename) + 1;
1260 	lsp->ls_filename = kmem_alloc(lsp->ls_filename_sz, KM_SLEEP);
1261 	(void) snprintf(namebuf, sizeof (namebuf), "%s_taskq_%d",
1262 	    LOFI_DRIVER_NAME, newminor);
1263 	lsp->ls_taskq = taskq_create(namebuf, lofi_taskq_nthreads,
1264 	    minclsyspri, 1, lofi_taskq_maxalloc, 0);
1265 	lsp->ls_kstat = kstat_create(LOFI_DRIVER_NAME, newminor,
1266 	    NULL, "disk", KSTAT_TYPE_IO, 1, 0);
1267 	if (lsp->ls_kstat) {
1268 		mutex_init(&lsp->ls_kstat_lock, NULL, MUTEX_DRIVER, NULL);
1269 		lsp->ls_kstat->ks_lock = &lsp->ls_kstat_lock;
1270 		kstat_install(lsp->ls_kstat);
1271 	}
1272 	cv_init(&lsp->ls_vp_cv, NULL, CV_DRIVER, NULL);
1273 	mutex_init(&lsp->ls_vp_lock, NULL, MUTEX_DRIVER, NULL);
1274 
1275 	/*
1276 	 * save open mode so file can be closed properly and vnode counts
1277 	 * updated correctly.
1278 	 */
1279 	lsp->ls_openflag = flag;
1280 
1281 	/*
1282 	 * Try to handle stacked lofs vnodes.
1283 	 */
1284 	if (vp->v_type == VREG) {
1285 		if (VOP_REALVP(vp, &lsp->ls_vp, NULL) != 0) {
1286 			lsp->ls_vp = vp;
1287 		} else {
1288 			/*
1289 			 * Even though vp was obtained via vn_open(), we
1290 			 * can't call vn_close() on it, since lofs will
1291 			 * pass the VOP_CLOSE() on down to the realvp
1292 			 * (which we are about to use). Hence we merely
1293 			 * drop the reference to the lofs vnode and hold
1294 			 * the realvp so things behave as if we've
1295 			 * opened the realvp without any interaction
1296 			 * with lofs.
1297 			 */
1298 			VN_HOLD(lsp->ls_vp);
1299 			VN_RELE(vp);
1300 		}
1301 	} else {
1302 		lsp->ls_vp = vp;
1303 	}
1304 	lsp->ls_vp_size = vattr.va_size;
1305 	(void) strcpy(lsp->ls_filename, klip->li_filename);
1306 	if (rvalp)
1307 		*rvalp = (int)newminor;
1308 	klip->li_minor = newminor;
1309 
1310 	/*
1311 	 * Read the file signature to check if it is compressed.
1312 	 * 'rw' is set to read since only reads are allowed to
1313 	 * a compressed file.
1314 	 */
1315 	rw = UIO_READ;
1316 	error = vn_rdwr(rw, lsp->ls_vp, buf, DEV_BSIZE, 0, UIO_SYSSPACE,
1317 	    0, RLIM64_INFINITY, kcred, &resid);
1318 
1319 	if (error != 0)
1320 		goto propout;
1321 
1322 	tbuf = buf;
1323 	lsp->ls_uncomp_seg_sz = 0;
1324 	lsp->ls_vp_comp_size = lsp->ls_vp_size;
1325 	lsp->ls_comp_algorithm[0] = '\0';
1326 
1327 	compress_index = lofi_compress_select(tbuf);
1328 	if (compress_index != -1) {
1329 		lsp->ls_comp_algorithm_index = compress_index;
1330 		(void) strlcpy(lsp->ls_comp_algorithm,
1331 		    lofi_compress_table[compress_index].l_name,
1332 		    sizeof (lsp->ls_comp_algorithm));
1333 		error = lofi_map_compressed_file(lsp, buf);
1334 		if (error != 0)
1335 			goto propout;
1336 
1337 		/* update DDI properties */
1338 		Size_prop_val = lsp->ls_vp_size;
1339 		if ((ddi_prop_update_int64(newdev, lofi_dip, SIZE_PROP_NAME,
1340 		    Size_prop_val)) != DDI_PROP_SUCCESS) {
1341 			error = EINVAL;
1342 			goto propout;
1343 		}
1344 
1345 		Nblocks_prop_val = lsp->ls_vp_size / DEV_BSIZE;
1346 		if ((ddi_prop_update_int64(newdev, lofi_dip, NBLOCKS_PROP_NAME,
1347 		    Nblocks_prop_val)) != DDI_PROP_SUCCESS) {
1348 			error = EINVAL;
1349 			goto propout;
1350 		}
1351 	}
1352 
1353 	fake_disk_geometry(lsp);
1354 	mutex_exit(&lofi_lock);
1355 	(void) copy_out_lofi_ioctl(klip, ulip, ioctl_flag);
1356 	free_lofi_ioctl(klip);
1357 	return (0);
1358 
1359 propout:
1360 	(void) ddi_prop_remove(newdev, lofi_dip, SIZE_PROP_NAME);
1361 	(void) ddi_prop_remove(newdev, lofi_dip, NBLOCKS_PROP_NAME);
1362 closeout:
1363 	(void) VOP_CLOSE(vp, flag, 1, 0, credp, NULL);
1364 	VN_RELE(vp);
1365 out:
1366 	if (zalloced)
1367 		ddi_soft_state_free(lofi_statep, newminor);
1368 	mutex_exit(&lofi_lock);
1369 	free_lofi_ioctl(klip);
1370 	return (error);
1371 }
1372 
1373 /*
1374  * unmap a file.
1375  */
1376 static int
1377 lofi_unmap_file(dev_t dev, struct lofi_ioctl *ulip, int byfilename,
1378     struct cred *credp, int ioctl_flag)
1379 {
1380 	struct lofi_state *lsp;
1381 	struct lofi_ioctl *klip;
1382 	minor_t	minor;
1383 
1384 	klip = copy_in_lofi_ioctl(ulip, ioctl_flag);
1385 	if (klip == NULL)
1386 		return (EFAULT);
1387 
1388 	mutex_enter(&lofi_lock);
1389 	if (byfilename) {
1390 		minor = file_to_minor(klip->li_filename);
1391 	} else {
1392 		minor = klip->li_minor;
1393 	}
1394 	if (minor == 0) {
1395 		mutex_exit(&lofi_lock);
1396 		free_lofi_ioctl(klip);
1397 		return (ENXIO);
1398 	}
1399 	lsp = ddi_get_soft_state(lofi_statep, minor);
1400 	if (lsp == NULL || lsp->ls_vp == NULL) {
1401 		mutex_exit(&lofi_lock);
1402 		free_lofi_ioctl(klip);
1403 		return (ENXIO);
1404 	}
1405 
1406 	if (is_opened(lsp)) {
1407 		/*
1408 		 * If the 'force' flag is set, then we forcibly close the
1409 		 * underlying file.  Subsequent operations will fail, and the
1410 		 * DKIOCSTATE ioctl will return DKIO_DEV_GONE.  When the device
1411 		 * is last closed, the device will be cleaned up appropriately.
1412 		 *
1413 		 * This is complicated by the fact that we may have outstanding
1414 		 * dispatched I/Os.  Rather than having a single mutex to
1415 		 * serialize all I/O, we keep a count of the number of
1416 		 * outstanding I/O requests, as well as a flag to indicate that
1417 		 * no new I/Os should be dispatched.  We set the flag, wait for
1418 		 * the number of outstanding I/Os to reach 0, and then close the
1419 		 * underlying vnode.
1420 		 */
1421 		if (klip->li_force) {
1422 			mutex_enter(&lsp->ls_vp_lock);
1423 			lsp->ls_vp_closereq = B_TRUE;
1424 			while (lsp->ls_vp_iocount > 0)
1425 				cv_wait(&lsp->ls_vp_cv, &lsp->ls_vp_lock);
1426 			(void) VOP_CLOSE(lsp->ls_vp, lsp->ls_openflag, 1, 0,
1427 			    credp, NULL);
1428 			VN_RELE(lsp->ls_vp);
1429 			lsp->ls_vp = NULL;
1430 			cv_broadcast(&lsp->ls_vp_cv);
1431 			mutex_exit(&lsp->ls_vp_lock);
1432 			mutex_exit(&lofi_lock);
1433 			klip->li_minor = minor;
1434 			(void) copy_out_lofi_ioctl(klip, ulip, ioctl_flag);
1435 			free_lofi_ioctl(klip);
1436 			return (0);
1437 		}
1438 		mutex_exit(&lofi_lock);
1439 		free_lofi_ioctl(klip);
1440 		return (EBUSY);
1441 	}
1442 
1443 	if (lsp->ls_uncomp_seg_sz > 0) {
1444 		kmem_free(lsp->ls_comp_index_data, lsp->ls_comp_index_data_sz);
1445 		lsp->ls_uncomp_seg_sz = 0;
1446 	}
1447 
1448 	lofi_free_handle(dev, minor, lsp, credp);
1449 
1450 	klip->li_minor = minor;
1451 	mutex_exit(&lofi_lock);
1452 	(void) copy_out_lofi_ioctl(klip, ulip, ioctl_flag);
1453 	free_lofi_ioctl(klip);
1454 	return (0);
1455 }
1456 
1457 /*
1458  * get the filename given the minor number, or the minor number given
1459  * the name.
1460  */
1461 /*ARGSUSED*/
1462 static int
1463 lofi_get_info(dev_t dev, struct lofi_ioctl *ulip, int which,
1464     struct cred *credp, int ioctl_flag)
1465 {
1466 	struct lofi_state *lsp;
1467 	struct lofi_ioctl *klip;
1468 	int	error;
1469 	minor_t	minor;
1470 
1471 	klip = copy_in_lofi_ioctl(ulip, ioctl_flag);
1472 	if (klip == NULL)
1473 		return (EFAULT);
1474 
1475 	switch (which) {
1476 	case LOFI_GET_FILENAME:
1477 		minor = klip->li_minor;
1478 		if (minor == 0) {
1479 			free_lofi_ioctl(klip);
1480 			return (EINVAL);
1481 		}
1482 
1483 		mutex_enter(&lofi_lock);
1484 		lsp = ddi_get_soft_state(lofi_statep, minor);
1485 		if (lsp == NULL) {
1486 			mutex_exit(&lofi_lock);
1487 			free_lofi_ioctl(klip);
1488 			return (ENXIO);
1489 		}
1490 		(void) strcpy(klip->li_filename, lsp->ls_filename);
1491 		(void) strlcpy(klip->li_algorithm, lsp->ls_comp_algorithm,
1492 		    sizeof (klip->li_algorithm));
1493 		mutex_exit(&lofi_lock);
1494 		error = copy_out_lofi_ioctl(klip, ulip, ioctl_flag);
1495 		free_lofi_ioctl(klip);
1496 		return (error);
1497 	case LOFI_GET_MINOR:
1498 		mutex_enter(&lofi_lock);
1499 		klip->li_minor = file_to_minor(klip->li_filename);
1500 		mutex_exit(&lofi_lock);
1501 		if (klip->li_minor == 0) {
1502 			free_lofi_ioctl(klip);
1503 			return (ENOENT);
1504 		}
1505 		error = copy_out_lofi_ioctl(klip, ulip, ioctl_flag);
1506 		free_lofi_ioctl(klip);
1507 		return (error);
1508 	case LOFI_CHECK_COMPRESSED:
1509 		mutex_enter(&lofi_lock);
1510 		klip->li_minor = file_to_minor(klip->li_filename);
1511 		mutex_exit(&lofi_lock);
1512 		if (klip->li_minor == 0) {
1513 			free_lofi_ioctl(klip);
1514 			return (ENOENT);
1515 		}
1516 		mutex_enter(&lofi_lock);
1517 		lsp = ddi_get_soft_state(lofi_statep, klip->li_minor);
1518 		if (lsp == NULL) {
1519 			mutex_exit(&lofi_lock);
1520 			free_lofi_ioctl(klip);
1521 			return (ENXIO);
1522 		}
1523 		ASSERT(strcmp(klip->li_filename, lsp->ls_filename) == 0);
1524 
1525 		(void) strlcpy(klip->li_algorithm, lsp->ls_comp_algorithm,
1526 		    sizeof (klip->li_algorithm));
1527 		mutex_exit(&lofi_lock);
1528 		error = copy_out_lofi_ioctl(klip, ulip, ioctl_flag);
1529 		free_lofi_ioctl(klip);
1530 		return (error);
1531 	default:
1532 		free_lofi_ioctl(klip);
1533 		return (EINVAL);
1534 	}
1535 
1536 }
1537 
1538 static int
1539 lofi_ioctl(dev_t dev, int cmd, intptr_t arg, int flag, cred_t *credp,
1540     int *rvalp)
1541 {
1542 	int	error;
1543 	enum dkio_state dkstate;
1544 	struct lofi_state *lsp;
1545 	minor_t	minor;
1546 
1547 #ifdef lint
1548 	credp = credp;
1549 #endif
1550 
1551 	minor = getminor(dev);
1552 	/* lofi ioctls only apply to the master device */
1553 	if (minor == 0) {
1554 		struct lofi_ioctl *lip = (struct lofi_ioctl *)arg;
1555 
1556 		/*
1557 		 * the query command only need read-access - i.e., normal
1558 		 * users are allowed to do those on the ctl device as
1559 		 * long as they can open it read-only.
1560 		 */
1561 		switch (cmd) {
1562 		case LOFI_MAP_FILE:
1563 			if ((flag & FWRITE) == 0)
1564 				return (EPERM);
1565 			return (lofi_map_file(dev, lip, 1, rvalp, credp, flag));
1566 		case LOFI_MAP_FILE_MINOR:
1567 			if ((flag & FWRITE) == 0)
1568 				return (EPERM);
1569 			return (lofi_map_file(dev, lip, 0, rvalp, credp, flag));
1570 		case LOFI_UNMAP_FILE:
1571 			if ((flag & FWRITE) == 0)
1572 				return (EPERM);
1573 			return (lofi_unmap_file(dev, lip, 1, credp, flag));
1574 		case LOFI_UNMAP_FILE_MINOR:
1575 			if ((flag & FWRITE) == 0)
1576 				return (EPERM);
1577 			return (lofi_unmap_file(dev, lip, 0, credp, flag));
1578 		case LOFI_GET_FILENAME:
1579 			return (lofi_get_info(dev, lip, LOFI_GET_FILENAME,
1580 			    credp, flag));
1581 		case LOFI_GET_MINOR:
1582 			return (lofi_get_info(dev, lip, LOFI_GET_MINOR,
1583 			    credp, flag));
1584 		case LOFI_GET_MAXMINOR:
1585 			error = ddi_copyout(&lofi_max_files, &lip->li_minor,
1586 			    sizeof (lofi_max_files), flag);
1587 			if (error)
1588 				return (EFAULT);
1589 			return (0);
1590 		case LOFI_CHECK_COMPRESSED:
1591 			return (lofi_get_info(dev, lip, LOFI_CHECK_COMPRESSED,
1592 			    credp, flag));
1593 		default:
1594 			break;
1595 		}
1596 	}
1597 
1598 	lsp = ddi_get_soft_state(lofi_statep, minor);
1599 	if (lsp == NULL)
1600 		return (ENXIO);
1601 
1602 	/*
1603 	 * We explicitly allow DKIOCSTATE, but all other ioctls should fail with
1604 	 * EIO as if the device was no longer present.
1605 	 */
1606 	if (lsp->ls_vp == NULL && cmd != DKIOCSTATE)
1607 		return (EIO);
1608 
1609 	/* these are for faking out utilities like newfs */
1610 	switch (cmd) {
1611 	case DKIOCGVTOC:
1612 		switch (ddi_model_convert_from(flag & FMODELS)) {
1613 		case DDI_MODEL_ILP32: {
1614 			struct vtoc32 vtoc32;
1615 
1616 			vtoctovtoc32(lsp->ls_vtoc, vtoc32);
1617 			if (ddi_copyout(&vtoc32, (void *)arg,
1618 			    sizeof (struct vtoc32), flag))
1619 				return (EFAULT);
1620 				break;
1621 			}
1622 
1623 		case DDI_MODEL_NONE:
1624 			if (ddi_copyout(&lsp->ls_vtoc, (void *)arg,
1625 			    sizeof (struct vtoc), flag))
1626 				return (EFAULT);
1627 			break;
1628 		}
1629 		return (0);
1630 	case DKIOCINFO:
1631 		error = ddi_copyout(&lsp->ls_ci, (void *)arg,
1632 		    sizeof (struct dk_cinfo), flag);
1633 		if (error)
1634 			return (EFAULT);
1635 		return (0);
1636 	case DKIOCG_VIRTGEOM:
1637 	case DKIOCG_PHYGEOM:
1638 	case DKIOCGGEOM:
1639 		error = ddi_copyout(&lsp->ls_dkg, (void *)arg,
1640 		    sizeof (struct dk_geom), flag);
1641 		if (error)
1642 			return (EFAULT);
1643 		return (0);
1644 	case DKIOCSTATE:
1645 		/*
1646 		 * Normally, lofi devices are always in the INSERTED state.  If
1647 		 * a device is forcefully unmapped, then the device transitions
1648 		 * to the DKIO_DEV_GONE state.
1649 		 */
1650 		if (ddi_copyin((void *)arg, &dkstate, sizeof (dkstate),
1651 		    flag) != 0)
1652 			return (EFAULT);
1653 
1654 		mutex_enter(&lsp->ls_vp_lock);
1655 		while ((dkstate == DKIO_INSERTED && lsp->ls_vp != NULL) ||
1656 		    (dkstate == DKIO_DEV_GONE && lsp->ls_vp == NULL)) {
1657 			/*
1658 			 * By virtue of having the device open, we know that
1659 			 * 'lsp' will remain valid when we return.
1660 			 */
1661 			if (!cv_wait_sig(&lsp->ls_vp_cv,
1662 			    &lsp->ls_vp_lock)) {
1663 				mutex_exit(&lsp->ls_vp_lock);
1664 				return (EINTR);
1665 			}
1666 		}
1667 
1668 		dkstate = (lsp->ls_vp != NULL ? DKIO_INSERTED : DKIO_DEV_GONE);
1669 		mutex_exit(&lsp->ls_vp_lock);
1670 
1671 		if (ddi_copyout(&dkstate, (void *)arg,
1672 		    sizeof (dkstate), flag) != 0)
1673 			return (EFAULT);
1674 		return (0);
1675 	default:
1676 		return (ENOTTY);
1677 	}
1678 }
1679 
1680 static struct cb_ops lofi_cb_ops = {
1681 	lofi_open,		/* open */
1682 	lofi_close,		/* close */
1683 	lofi_strategy,		/* strategy */
1684 	nodev,			/* print */
1685 	nodev,			/* dump */
1686 	lofi_read,		/* read */
1687 	lofi_write,		/* write */
1688 	lofi_ioctl,		/* ioctl */
1689 	nodev,			/* devmap */
1690 	nodev,			/* mmap */
1691 	nodev,			/* segmap */
1692 	nochpoll,		/* poll */
1693 	ddi_prop_op,		/* prop_op */
1694 	0,			/* streamtab  */
1695 	D_64BIT | D_NEW | D_MP,	/* Driver compatibility flag */
1696 	CB_REV,
1697 	lofi_aread,
1698 	lofi_awrite
1699 };
1700 
1701 static struct dev_ops lofi_ops = {
1702 	DEVO_REV,		/* devo_rev, */
1703 	0,			/* refcnt  */
1704 	lofi_info,		/* info */
1705 	nulldev,		/* identify */
1706 	nulldev,		/* probe */
1707 	lofi_attach,		/* attach */
1708 	lofi_detach,		/* detach */
1709 	nodev,			/* reset */
1710 	&lofi_cb_ops,		/* driver operations */
1711 	NULL			/* no bus operations */
1712 };
1713 
1714 static struct modldrv modldrv = {
1715 	&mod_driverops,
1716 	"loopback file driver (%I%)",
1717 	&lofi_ops,
1718 };
1719 
1720 static struct modlinkage modlinkage = {
1721 	MODREV_1,
1722 	&modldrv,
1723 	NULL
1724 };
1725 
1726 int
1727 _init(void)
1728 {
1729 	int error;
1730 
1731 	error = ddi_soft_state_init(&lofi_statep,
1732 	    sizeof (struct lofi_state), 0);
1733 	if (error)
1734 		return (error);
1735 
1736 	mutex_init(&lofi_lock, NULL, MUTEX_DRIVER, NULL);
1737 	error = mod_install(&modlinkage);
1738 	if (error) {
1739 		mutex_destroy(&lofi_lock);
1740 		ddi_soft_state_fini(&lofi_statep);
1741 	}
1742 
1743 	return (error);
1744 }
1745 
1746 int
1747 _fini(void)
1748 {
1749 	int	error;
1750 
1751 	if (lofi_busy())
1752 		return (EBUSY);
1753 
1754 	error = mod_remove(&modlinkage);
1755 	if (error)
1756 		return (error);
1757 
1758 	mutex_destroy(&lofi_lock);
1759 	ddi_soft_state_fini(&lofi_statep);
1760 
1761 	return (error);
1762 }
1763 
1764 int
1765 _info(struct modinfo *modinfop)
1766 {
1767 	return (mod_info(&modlinkage, modinfop));
1768 }
1769