dev.c 29 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268
  1. /*
  2. FUSE: Filesystem in Userspace
  3. Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu>
  4. This program can be distributed under the terms of the GNU GPL.
  5. See the file COPYING.
  6. */
  7. #include "fuse_i.h"
  8. #include <linux/init.h>
  9. #include <linux/module.h>
  10. #include <linux/poll.h>
  11. #include <linux/uio.h>
  12. #include <linux/miscdevice.h>
  13. #include <linux/pagemap.h>
  14. #include <linux/file.h>
  15. #include <linux/slab.h>
  16. MODULE_ALIAS_MISCDEV(FUSE_MINOR);
  17. MODULE_ALIAS("devname:fuse");
  18. static struct kmem_cache *fuse_req_cachep;
  19. static struct fuse_conn *fuse_get_conn(struct file *file)
  20. {
  21. /*
  22. * Lockless access is OK, because file->private data is set
  23. * once during mount and is valid until the file is released.
  24. */
  25. return file->private_data;
  26. }
  27. static void fuse_request_init(struct fuse_req *req)
  28. {
  29. memset(req, 0, sizeof(*req));
  30. INIT_LIST_HEAD(&req->list);
  31. INIT_LIST_HEAD(&req->intr_entry);
  32. init_waitqueue_head(&req->waitq);
  33. atomic_set(&req->count, 1);
  34. }
  35. struct fuse_req *fuse_request_alloc(void)
  36. {
  37. struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, GFP_KERNEL);
  38. if (req)
  39. fuse_request_init(req);
  40. return req;
  41. }
  42. EXPORT_SYMBOL_GPL(fuse_request_alloc);
  43. struct fuse_req *fuse_request_alloc_nofs(void)
  44. {
  45. struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, GFP_NOFS);
  46. if (req)
  47. fuse_request_init(req);
  48. return req;
  49. }
  50. void fuse_request_free(struct fuse_req *req)
  51. {
  52. kmem_cache_free(fuse_req_cachep, req);
  53. }
  54. static void block_sigs(sigset_t *oldset)
  55. {
  56. sigset_t mask;
  57. siginitsetinv(&mask, sigmask(SIGKILL));
  58. sigprocmask(SIG_BLOCK, &mask, oldset);
  59. }
  60. static void restore_sigs(sigset_t *oldset)
  61. {
  62. sigprocmask(SIG_SETMASK, oldset, NULL);
  63. }
  64. static void __fuse_get_request(struct fuse_req *req)
  65. {
  66. atomic_inc(&req->count);
  67. }
  68. /* Must be called with > 1 refcount */
  69. static void __fuse_put_request(struct fuse_req *req)
  70. {
  71. BUG_ON(atomic_read(&req->count) < 2);
  72. atomic_dec(&req->count);
  73. }
  74. static void fuse_req_init_context(struct fuse_req *req)
  75. {
  76. req->in.h.uid = current_fsuid();
  77. req->in.h.gid = current_fsgid();
  78. req->in.h.pid = current->pid;
  79. }
  80. struct fuse_req *fuse_get_req(struct fuse_conn *fc)
  81. {
  82. struct fuse_req *req;
  83. sigset_t oldset;
  84. int intr;
  85. int err;
  86. atomic_inc(&fc->num_waiting);
  87. block_sigs(&oldset);
  88. intr = wait_event_interruptible(fc->blocked_waitq, !fc->blocked);
  89. restore_sigs(&oldset);
  90. err = -EINTR;
  91. if (intr)
  92. goto out;
  93. err = -ENOTCONN;
  94. if (!fc->connected)
  95. goto out;
  96. req = fuse_request_alloc();
  97. err = -ENOMEM;
  98. if (!req)
  99. goto out;
  100. fuse_req_init_context(req);
  101. req->waiting = 1;
  102. return req;
  103. out:
  104. atomic_dec(&fc->num_waiting);
  105. return ERR_PTR(err);
  106. }
  107. EXPORT_SYMBOL_GPL(fuse_get_req);
  108. /*
  109. * Return request in fuse_file->reserved_req. However that may
  110. * currently be in use. If that is the case, wait for it to become
  111. * available.
  112. */
  113. static struct fuse_req *get_reserved_req(struct fuse_conn *fc,
  114. struct file *file)
  115. {
  116. struct fuse_req *req = NULL;
  117. struct fuse_file *ff = file->private_data;
  118. do {
  119. wait_event(fc->reserved_req_waitq, ff->reserved_req);
  120. spin_lock(&fc->lock);
  121. if (ff->reserved_req) {
  122. req = ff->reserved_req;
  123. ff->reserved_req = NULL;
  124. get_file(file);
  125. req->stolen_file = file;
  126. }
  127. spin_unlock(&fc->lock);
  128. } while (!req);
  129. return req;
  130. }
  131. /*
  132. * Put stolen request back into fuse_file->reserved_req
  133. */
  134. static void put_reserved_req(struct fuse_conn *fc, struct fuse_req *req)
  135. {
  136. struct file *file = req->stolen_file;
  137. struct fuse_file *ff = file->private_data;
  138. spin_lock(&fc->lock);
  139. fuse_request_init(req);
  140. BUG_ON(ff->reserved_req);
  141. ff->reserved_req = req;
  142. wake_up_all(&fc->reserved_req_waitq);
  143. spin_unlock(&fc->lock);
  144. fput(file);
  145. }
  146. /*
  147. * Gets a requests for a file operation, always succeeds
  148. *
  149. * This is used for sending the FLUSH request, which must get to
  150. * userspace, due to POSIX locks which may need to be unlocked.
  151. *
  152. * If allocation fails due to OOM, use the reserved request in
  153. * fuse_file.
  154. *
  155. * This is very unlikely to deadlock accidentally, since the
  156. * filesystem should not have it's own file open. If deadlock is
  157. * intentional, it can still be broken by "aborting" the filesystem.
  158. */
  159. struct fuse_req *fuse_get_req_nofail(struct fuse_conn *fc, struct file *file)
  160. {
  161. struct fuse_req *req;
  162. atomic_inc(&fc->num_waiting);
  163. wait_event(fc->blocked_waitq, !fc->blocked);
  164. req = fuse_request_alloc();
  165. if (!req)
  166. req = get_reserved_req(fc, file);
  167. fuse_req_init_context(req);
  168. req->waiting = 1;
  169. return req;
  170. }
  171. void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
  172. {
  173. if (atomic_dec_and_test(&req->count)) {
  174. if (req->waiting)
  175. atomic_dec(&fc->num_waiting);
  176. if (req->stolen_file)
  177. put_reserved_req(fc, req);
  178. else
  179. fuse_request_free(req);
  180. }
  181. }
  182. EXPORT_SYMBOL_GPL(fuse_put_request);
  183. static unsigned len_args(unsigned numargs, struct fuse_arg *args)
  184. {
  185. unsigned nbytes = 0;
  186. unsigned i;
  187. for (i = 0; i < numargs; i++)
  188. nbytes += args[i].size;
  189. return nbytes;
  190. }
  191. static u64 fuse_get_unique(struct fuse_conn *fc)
  192. {
  193. fc->reqctr++;
  194. /* zero is special */
  195. if (fc->reqctr == 0)
  196. fc->reqctr = 1;
  197. return fc->reqctr;
  198. }
  199. static void queue_request(struct fuse_conn *fc, struct fuse_req *req)
  200. {
  201. req->in.h.unique = fuse_get_unique(fc);
  202. req->in.h.len = sizeof(struct fuse_in_header) +
  203. len_args(req->in.numargs, (struct fuse_arg *) req->in.args);
  204. list_add_tail(&req->list, &fc->pending);
  205. req->state = FUSE_REQ_PENDING;
  206. if (!req->waiting) {
  207. req->waiting = 1;
  208. atomic_inc(&fc->num_waiting);
  209. }
  210. wake_up(&fc->waitq);
  211. kill_fasync(&fc->fasync, SIGIO, POLL_IN);
  212. }
  213. static void flush_bg_queue(struct fuse_conn *fc)
  214. {
  215. while (fc->active_background < fc->max_background &&
  216. !list_empty(&fc->bg_queue)) {
  217. struct fuse_req *req;
  218. req = list_entry(fc->bg_queue.next, struct fuse_req, list);
  219. list_del(&req->list);
  220. fc->active_background++;
  221. queue_request(fc, req);
  222. }
  223. }
  224. /*
  225. * This function is called when a request is finished. Either a reply
  226. * has arrived or it was aborted (and not yet sent) or some error
  227. * occurred during communication with userspace, or the device file
  228. * was closed. The requester thread is woken up (if still waiting),
  229. * the 'end' callback is called if given, else the reference to the
  230. * request is released
  231. *
  232. * Called with fc->lock, unlocks it
  233. */
  234. static void request_end(struct fuse_conn *fc, struct fuse_req *req)
  235. __releases(&fc->lock)
  236. {
  237. void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
  238. req->end = NULL;
  239. list_del(&req->list);
  240. list_del(&req->intr_entry);
  241. req->state = FUSE_REQ_FINISHED;
  242. if (req->background) {
  243. if (fc->num_background == fc->max_background) {
  244. fc->blocked = 0;
  245. wake_up_all(&fc->blocked_waitq);
  246. }
  247. if (fc->num_background == fc->congestion_threshold &&
  248. fc->connected && fc->bdi_initialized) {
  249. clear_bdi_congested(&fc->bdi, BLK_RW_SYNC);
  250. clear_bdi_congested(&fc->bdi, BLK_RW_ASYNC);
  251. }
  252. fc->num_background--;
  253. fc->active_background--;
  254. flush_bg_queue(fc);
  255. }
  256. spin_unlock(&fc->lock);
  257. wake_up(&req->waitq);
  258. if (end)
  259. end(fc, req);
  260. fuse_put_request(fc, req);
  261. }
  262. static void wait_answer_interruptible(struct fuse_conn *fc,
  263. struct fuse_req *req)
  264. __releases(&fc->lock)
  265. __acquires(&fc->lock)
  266. {
  267. if (signal_pending(current))
  268. return;
  269. spin_unlock(&fc->lock);
  270. wait_event_interruptible(req->waitq, req->state == FUSE_REQ_FINISHED);
  271. spin_lock(&fc->lock);
  272. }
  273. static void queue_interrupt(struct fuse_conn *fc, struct fuse_req *req)
  274. {
  275. list_add_tail(&req->intr_entry, &fc->interrupts);
  276. wake_up(&fc->waitq);
  277. kill_fasync(&fc->fasync, SIGIO, POLL_IN);
  278. }
  279. static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req)
  280. __releases(&fc->lock)
  281. __acquires(&fc->lock)
  282. {
  283. if (!fc->no_interrupt) {
  284. /* Any signal may interrupt this */
  285. wait_answer_interruptible(fc, req);
  286. if (req->aborted)
  287. goto aborted;
  288. if (req->state == FUSE_REQ_FINISHED)
  289. return;
  290. req->interrupted = 1;
  291. if (req->state == FUSE_REQ_SENT)
  292. queue_interrupt(fc, req);
  293. }
  294. if (!req->force) {
  295. sigset_t oldset;
  296. /* Only fatal signals may interrupt this */
  297. block_sigs(&oldset);
  298. wait_answer_interruptible(fc, req);
  299. restore_sigs(&oldset);
  300. if (req->aborted)
  301. goto aborted;
  302. if (req->state == FUSE_REQ_FINISHED)
  303. return;
  304. /* Request is not yet in userspace, bail out */
  305. if (req->state == FUSE_REQ_PENDING) {
  306. list_del(&req->list);
  307. __fuse_put_request(req);
  308. req->out.h.error = -EINTR;
  309. return;
  310. }
  311. }
  312. /*
  313. * Either request is already in userspace, or it was forced.
  314. * Wait it out.
  315. */
  316. spin_unlock(&fc->lock);
  317. wait_event(req->waitq, req->state == FUSE_REQ_FINISHED);
  318. spin_lock(&fc->lock);
  319. if (!req->aborted)
  320. return;
  321. aborted:
  322. BUG_ON(req->state != FUSE_REQ_FINISHED);
  323. if (req->locked) {
  324. /* This is uninterruptible sleep, because data is
  325. being copied to/from the buffers of req. During
  326. locked state, there mustn't be any filesystem
  327. operation (e.g. page fault), since that could lead
  328. to deadlock */
  329. spin_unlock(&fc->lock);
  330. wait_event(req->waitq, !req->locked);
  331. spin_lock(&fc->lock);
  332. }
  333. }
  334. void fuse_request_send(struct fuse_conn *fc, struct fuse_req *req)
  335. {
  336. req->isreply = 1;
  337. spin_lock(&fc->lock);
  338. if (!fc->connected)
  339. req->out.h.error = -ENOTCONN;
  340. else if (fc->conn_error)
  341. req->out.h.error = -ECONNREFUSED;
  342. else {
  343. queue_request(fc, req);
  344. /* acquire extra reference, since request is still needed
  345. after request_end() */
  346. __fuse_get_request(req);
  347. request_wait_answer(fc, req);
  348. }
  349. spin_unlock(&fc->lock);
  350. }
  351. EXPORT_SYMBOL_GPL(fuse_request_send);
  352. static void fuse_request_send_nowait_locked(struct fuse_conn *fc,
  353. struct fuse_req *req)
  354. {
  355. req->background = 1;
  356. fc->num_background++;
  357. if (fc->num_background == fc->max_background)
  358. fc->blocked = 1;
  359. if (fc->num_background == fc->congestion_threshold &&
  360. fc->bdi_initialized) {
  361. set_bdi_congested(&fc->bdi, BLK_RW_SYNC);
  362. set_bdi_congested(&fc->bdi, BLK_RW_ASYNC);
  363. }
  364. list_add_tail(&req->list, &fc->bg_queue);
  365. flush_bg_queue(fc);
  366. }
  367. static void fuse_request_send_nowait(struct fuse_conn *fc, struct fuse_req *req)
  368. {
  369. spin_lock(&fc->lock);
  370. if (fc->connected) {
  371. fuse_request_send_nowait_locked(fc, req);
  372. spin_unlock(&fc->lock);
  373. } else {
  374. req->out.h.error = -ENOTCONN;
  375. request_end(fc, req);
  376. }
  377. }
  378. void fuse_request_send_noreply(struct fuse_conn *fc, struct fuse_req *req)
  379. {
  380. req->isreply = 0;
  381. fuse_request_send_nowait(fc, req);
  382. }
  383. void fuse_request_send_background(struct fuse_conn *fc, struct fuse_req *req)
  384. {
  385. req->isreply = 1;
  386. fuse_request_send_nowait(fc, req);
  387. }
  388. EXPORT_SYMBOL_GPL(fuse_request_send_background);
  389. /*
  390. * Called under fc->lock
  391. *
  392. * fc->connected must have been checked previously
  393. */
  394. void fuse_request_send_background_locked(struct fuse_conn *fc,
  395. struct fuse_req *req)
  396. {
  397. req->isreply = 1;
  398. fuse_request_send_nowait_locked(fc, req);
  399. }
  400. /*
  401. * Lock the request. Up to the next unlock_request() there mustn't be
  402. * anything that could cause a page-fault. If the request was already
  403. * aborted bail out.
  404. */
  405. static int lock_request(struct fuse_conn *fc, struct fuse_req *req)
  406. {
  407. int err = 0;
  408. if (req) {
  409. spin_lock(&fc->lock);
  410. if (req->aborted)
  411. err = -ENOENT;
  412. else
  413. req->locked = 1;
  414. spin_unlock(&fc->lock);
  415. }
  416. return err;
  417. }
  418. /*
  419. * Unlock request. If it was aborted during being locked, the
  420. * requester thread is currently waiting for it to be unlocked, so
  421. * wake it up.
  422. */
  423. static void unlock_request(struct fuse_conn *fc, struct fuse_req *req)
  424. {
  425. if (req) {
  426. spin_lock(&fc->lock);
  427. req->locked = 0;
  428. if (req->aborted)
  429. wake_up(&req->waitq);
  430. spin_unlock(&fc->lock);
  431. }
  432. }
  433. struct fuse_copy_state {
  434. struct fuse_conn *fc;
  435. int write;
  436. struct fuse_req *req;
  437. const struct iovec *iov;
  438. unsigned long nr_segs;
  439. unsigned long seglen;
  440. unsigned long addr;
  441. struct page *pg;
  442. void *mapaddr;
  443. void *buf;
  444. unsigned len;
  445. };
  446. static void fuse_copy_init(struct fuse_copy_state *cs, struct fuse_conn *fc,
  447. int write, struct fuse_req *req,
  448. const struct iovec *iov, unsigned long nr_segs)
  449. {
  450. memset(cs, 0, sizeof(*cs));
  451. cs->fc = fc;
  452. cs->write = write;
  453. cs->req = req;
  454. cs->iov = iov;
  455. cs->nr_segs = nr_segs;
  456. }
  457. /* Unmap and put previous page of userspace buffer */
  458. static void fuse_copy_finish(struct fuse_copy_state *cs)
  459. {
  460. if (cs->mapaddr) {
  461. kunmap_atomic(cs->mapaddr, KM_USER0);
  462. if (cs->write) {
  463. flush_dcache_page(cs->pg);
  464. set_page_dirty_lock(cs->pg);
  465. }
  466. put_page(cs->pg);
  467. cs->mapaddr = NULL;
  468. }
  469. }
  470. /*
  471. * Get another pagefull of userspace buffer, and map it to kernel
  472. * address space, and lock request
  473. */
  474. static int fuse_copy_fill(struct fuse_copy_state *cs)
  475. {
  476. unsigned long offset;
  477. int err;
  478. unlock_request(cs->fc, cs->req);
  479. fuse_copy_finish(cs);
  480. if (!cs->seglen) {
  481. BUG_ON(!cs->nr_segs);
  482. cs->seglen = cs->iov[0].iov_len;
  483. cs->addr = (unsigned long) cs->iov[0].iov_base;
  484. cs->iov++;
  485. cs->nr_segs--;
  486. }
  487. down_read(&current->mm->mmap_sem);
  488. err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0,
  489. &cs->pg, NULL);
  490. up_read(&current->mm->mmap_sem);
  491. if (err < 0)
  492. return err;
  493. BUG_ON(err != 1);
  494. offset = cs->addr % PAGE_SIZE;
  495. cs->mapaddr = kmap_atomic(cs->pg, KM_USER0);
  496. cs->buf = cs->mapaddr + offset;
  497. cs->len = min(PAGE_SIZE - offset, cs->seglen);
  498. cs->seglen -= cs->len;
  499. cs->addr += cs->len;
  500. return lock_request(cs->fc, cs->req);
  501. }
  502. /* Do as much copy to/from userspace buffer as we can */
  503. static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size)
  504. {
  505. unsigned ncpy = min(*size, cs->len);
  506. if (val) {
  507. if (cs->write)
  508. memcpy(cs->buf, *val, ncpy);
  509. else
  510. memcpy(*val, cs->buf, ncpy);
  511. *val += ncpy;
  512. }
  513. *size -= ncpy;
  514. cs->len -= ncpy;
  515. cs->buf += ncpy;
  516. return ncpy;
  517. }
  518. /*
  519. * Copy a page in the request to/from the userspace buffer. Must be
  520. * done atomically
  521. */
  522. static int fuse_copy_page(struct fuse_copy_state *cs, struct page *page,
  523. unsigned offset, unsigned count, int zeroing)
  524. {
  525. if (page && zeroing && count < PAGE_SIZE) {
  526. void *mapaddr = kmap_atomic(page, KM_USER1);
  527. memset(mapaddr, 0, PAGE_SIZE);
  528. kunmap_atomic(mapaddr, KM_USER1);
  529. }
  530. while (count) {
  531. if (!cs->len) {
  532. int err = fuse_copy_fill(cs);
  533. if (err)
  534. return err;
  535. }
  536. if (page) {
  537. void *mapaddr = kmap_atomic(page, KM_USER1);
  538. void *buf = mapaddr + offset;
  539. offset += fuse_copy_do(cs, &buf, &count);
  540. kunmap_atomic(mapaddr, KM_USER1);
  541. } else
  542. offset += fuse_copy_do(cs, NULL, &count);
  543. }
  544. if (page && !cs->write)
  545. flush_dcache_page(page);
  546. return 0;
  547. }
  548. /* Copy pages in the request to/from userspace buffer */
  549. static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes,
  550. int zeroing)
  551. {
  552. unsigned i;
  553. struct fuse_req *req = cs->req;
  554. unsigned offset = req->page_offset;
  555. unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset);
  556. for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) {
  557. struct page *page = req->pages[i];
  558. int err = fuse_copy_page(cs, page, offset, count, zeroing);
  559. if (err)
  560. return err;
  561. nbytes -= count;
  562. count = min(nbytes, (unsigned) PAGE_SIZE);
  563. offset = 0;
  564. }
  565. return 0;
  566. }
  567. /* Copy a single argument in the request to/from userspace buffer */
  568. static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size)
  569. {
  570. while (size) {
  571. if (!cs->len) {
  572. int err = fuse_copy_fill(cs);
  573. if (err)
  574. return err;
  575. }
  576. fuse_copy_do(cs, &val, &size);
  577. }
  578. return 0;
  579. }
  580. /* Copy request arguments to/from userspace buffer */
  581. static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs,
  582. unsigned argpages, struct fuse_arg *args,
  583. int zeroing)
  584. {
  585. int err = 0;
  586. unsigned i;
  587. for (i = 0; !err && i < numargs; i++) {
  588. struct fuse_arg *arg = &args[i];
  589. if (i == numargs - 1 && argpages)
  590. err = fuse_copy_pages(cs, arg->size, zeroing);
  591. else
  592. err = fuse_copy_one(cs, arg->value, arg->size);
  593. }
  594. return err;
  595. }
  596. static int request_pending(struct fuse_conn *fc)
  597. {
  598. return !list_empty(&fc->pending) || !list_empty(&fc->interrupts);
  599. }
  600. /* Wait until a request is available on the pending list */
  601. static void request_wait(struct fuse_conn *fc)
  602. __releases(&fc->lock)
  603. __acquires(&fc->lock)
  604. {
  605. DECLARE_WAITQUEUE(wait, current);
  606. add_wait_queue_exclusive(&fc->waitq, &wait);
  607. while (fc->connected && !request_pending(fc)) {
  608. set_current_state(TASK_INTERRUPTIBLE);
  609. if (signal_pending(current))
  610. break;
  611. spin_unlock(&fc->lock);
  612. schedule();
  613. spin_lock(&fc->lock);
  614. }
  615. set_current_state(TASK_RUNNING);
  616. remove_wait_queue(&fc->waitq, &wait);
  617. }
  618. /*
  619. * Transfer an interrupt request to userspace
  620. *
  621. * Unlike other requests this is assembled on demand, without a need
  622. * to allocate a separate fuse_req structure.
  623. *
  624. * Called with fc->lock held, releases it
  625. */
  626. static int fuse_read_interrupt(struct fuse_conn *fc, struct fuse_req *req,
  627. const struct iovec *iov, unsigned long nr_segs)
  628. __releases(&fc->lock)
  629. {
  630. struct fuse_copy_state cs;
  631. struct fuse_in_header ih;
  632. struct fuse_interrupt_in arg;
  633. unsigned reqsize = sizeof(ih) + sizeof(arg);
  634. int err;
  635. list_del_init(&req->intr_entry);
  636. req->intr_unique = fuse_get_unique(fc);
  637. memset(&ih, 0, sizeof(ih));
  638. memset(&arg, 0, sizeof(arg));
  639. ih.len = reqsize;
  640. ih.opcode = FUSE_INTERRUPT;
  641. ih.unique = req->intr_unique;
  642. arg.unique = req->in.h.unique;
  643. spin_unlock(&fc->lock);
  644. if (iov_length(iov, nr_segs) < reqsize)
  645. return -EINVAL;
  646. fuse_copy_init(&cs, fc, 1, NULL, iov, nr_segs);
  647. err = fuse_copy_one(&cs, &ih, sizeof(ih));
  648. if (!err)
  649. err = fuse_copy_one(&cs, &arg, sizeof(arg));
  650. fuse_copy_finish(&cs);
  651. return err ? err : reqsize;
  652. }
  653. /*
  654. * Read a single request into the userspace filesystem's buffer. This
  655. * function waits until a request is available, then removes it from
  656. * the pending list and copies request data to userspace buffer. If
  657. * no reply is needed (FORGET) or request has been aborted or there
  658. * was an error during the copying then it's finished by calling
  659. * request_end(). Otherwise add it to the processing list, and set
  660. * the 'sent' flag.
  661. */
  662. static ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov,
  663. unsigned long nr_segs, loff_t pos)
  664. {
  665. int err;
  666. struct fuse_req *req;
  667. struct fuse_in *in;
  668. struct fuse_copy_state cs;
  669. unsigned reqsize;
  670. struct file *file = iocb->ki_filp;
  671. struct fuse_conn *fc = fuse_get_conn(file);
  672. if (!fc)
  673. return -EPERM;
  674. restart:
  675. spin_lock(&fc->lock);
  676. err = -EAGAIN;
  677. if ((file->f_flags & O_NONBLOCK) && fc->connected &&
  678. !request_pending(fc))
  679. goto err_unlock;
  680. request_wait(fc);
  681. err = -ENODEV;
  682. if (!fc->connected)
  683. goto err_unlock;
  684. err = -ERESTARTSYS;
  685. if (!request_pending(fc))
  686. goto err_unlock;
  687. if (!list_empty(&fc->interrupts)) {
  688. req = list_entry(fc->interrupts.next, struct fuse_req,
  689. intr_entry);
  690. return fuse_read_interrupt(fc, req, iov, nr_segs);
  691. }
  692. req = list_entry(fc->pending.next, struct fuse_req, list);
  693. req->state = FUSE_REQ_READING;
  694. list_move(&req->list, &fc->io);
  695. in = &req->in;
  696. reqsize = in->h.len;
  697. /* If request is too large, reply with an error and restart the read */
  698. if (iov_length(iov, nr_segs) < reqsize) {
  699. req->out.h.error = -EIO;
  700. /* SETXATTR is special, since it may contain too large data */
  701. if (in->h.opcode == FUSE_SETXATTR)
  702. req->out.h.error = -E2BIG;
  703. request_end(fc, req);
  704. goto restart;
  705. }
  706. spin_unlock(&fc->lock);
  707. fuse_copy_init(&cs, fc, 1, req, iov, nr_segs);
  708. err = fuse_copy_one(&cs, &in->h, sizeof(in->h));
  709. if (!err)
  710. err = fuse_copy_args(&cs, in->numargs, in->argpages,
  711. (struct fuse_arg *) in->args, 0);
  712. fuse_copy_finish(&cs);
  713. spin_lock(&fc->lock);
  714. req->locked = 0;
  715. if (req->aborted) {
  716. request_end(fc, req);
  717. return -ENODEV;
  718. }
  719. if (err) {
  720. req->out.h.error = -EIO;
  721. request_end(fc, req);
  722. return err;
  723. }
  724. if (!req->isreply)
  725. request_end(fc, req);
  726. else {
  727. req->state = FUSE_REQ_SENT;
  728. list_move_tail(&req->list, &fc->processing);
  729. if (req->interrupted)
  730. queue_interrupt(fc, req);
  731. spin_unlock(&fc->lock);
  732. }
  733. return reqsize;
  734. err_unlock:
  735. spin_unlock(&fc->lock);
  736. return err;
  737. }
  738. static int fuse_notify_poll(struct fuse_conn *fc, unsigned int size,
  739. struct fuse_copy_state *cs)
  740. {
  741. struct fuse_notify_poll_wakeup_out outarg;
  742. int err = -EINVAL;
  743. if (size != sizeof(outarg))
  744. goto err;
  745. err = fuse_copy_one(cs, &outarg, sizeof(outarg));
  746. if (err)
  747. goto err;
  748. fuse_copy_finish(cs);
  749. return fuse_notify_poll_wakeup(fc, &outarg);
  750. err:
  751. fuse_copy_finish(cs);
  752. return err;
  753. }
  754. static int fuse_notify_inval_inode(struct fuse_conn *fc, unsigned int size,
  755. struct fuse_copy_state *cs)
  756. {
  757. struct fuse_notify_inval_inode_out outarg;
  758. int err = -EINVAL;
  759. if (size != sizeof(outarg))
  760. goto err;
  761. err = fuse_copy_one(cs, &outarg, sizeof(outarg));
  762. if (err)
  763. goto err;
  764. fuse_copy_finish(cs);
  765. down_read(&fc->killsb);
  766. err = -ENOENT;
  767. if (fc->sb) {
  768. err = fuse_reverse_inval_inode(fc->sb, outarg.ino,
  769. outarg.off, outarg.len);
  770. }
  771. up_read(&fc->killsb);
  772. return err;
  773. err:
  774. fuse_copy_finish(cs);
  775. return err;
  776. }
  777. static int fuse_notify_inval_entry(struct fuse_conn *fc, unsigned int size,
  778. struct fuse_copy_state *cs)
  779. {
  780. struct fuse_notify_inval_entry_out outarg;
  781. int err = -ENOMEM;
  782. char *buf;
  783. struct qstr name;
  784. buf = kzalloc(FUSE_NAME_MAX + 1, GFP_KERNEL);
  785. if (!buf)
  786. goto err;
  787. err = -EINVAL;
  788. if (size < sizeof(outarg))
  789. goto err;
  790. err = fuse_copy_one(cs, &outarg, sizeof(outarg));
  791. if (err)
  792. goto err;
  793. err = -ENAMETOOLONG;
  794. if (outarg.namelen > FUSE_NAME_MAX)
  795. goto err;
  796. name.name = buf;
  797. name.len = outarg.namelen;
  798. err = fuse_copy_one(cs, buf, outarg.namelen + 1);
  799. if (err)
  800. goto err;
  801. fuse_copy_finish(cs);
  802. buf[outarg.namelen] = 0;
  803. name.hash = full_name_hash(name.name, name.len);
  804. down_read(&fc->killsb);
  805. err = -ENOENT;
  806. if (fc->sb)
  807. err = fuse_reverse_inval_entry(fc->sb, outarg.parent, &name);
  808. up_read(&fc->killsb);
  809. kfree(buf);
  810. return err;
  811. err:
  812. kfree(buf);
  813. fuse_copy_finish(cs);
  814. return err;
  815. }
  816. static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code,
  817. unsigned int size, struct fuse_copy_state *cs)
  818. {
  819. switch (code) {
  820. case FUSE_NOTIFY_POLL:
  821. return fuse_notify_poll(fc, size, cs);
  822. case FUSE_NOTIFY_INVAL_INODE:
  823. return fuse_notify_inval_inode(fc, size, cs);
  824. case FUSE_NOTIFY_INVAL_ENTRY:
  825. return fuse_notify_inval_entry(fc, size, cs);
  826. default:
  827. fuse_copy_finish(cs);
  828. return -EINVAL;
  829. }
  830. }
  831. /* Look up request on processing list by unique ID */
  832. static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique)
  833. {
  834. struct list_head *entry;
  835. list_for_each(entry, &fc->processing) {
  836. struct fuse_req *req;
  837. req = list_entry(entry, struct fuse_req, list);
  838. if (req->in.h.unique == unique || req->intr_unique == unique)
  839. return req;
  840. }
  841. return NULL;
  842. }
  843. static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out,
  844. unsigned nbytes)
  845. {
  846. unsigned reqsize = sizeof(struct fuse_out_header);
  847. if (out->h.error)
  848. return nbytes != reqsize ? -EINVAL : 0;
  849. reqsize += len_args(out->numargs, out->args);
  850. if (reqsize < nbytes || (reqsize > nbytes && !out->argvar))
  851. return -EINVAL;
  852. else if (reqsize > nbytes) {
  853. struct fuse_arg *lastarg = &out->args[out->numargs-1];
  854. unsigned diffsize = reqsize - nbytes;
  855. if (diffsize > lastarg->size)
  856. return -EINVAL;
  857. lastarg->size -= diffsize;
  858. }
  859. return fuse_copy_args(cs, out->numargs, out->argpages, out->args,
  860. out->page_zeroing);
  861. }
  862. /*
  863. * Write a single reply to a request. First the header is copied from
  864. * the write buffer. The request is then searched on the processing
  865. * list by the unique ID found in the header. If found, then remove
  866. * it from the list and copy the rest of the buffer to the request.
  867. * The request is finished by calling request_end()
  868. */
  869. static ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov,
  870. unsigned long nr_segs, loff_t pos)
  871. {
  872. int err;
  873. size_t nbytes = iov_length(iov, nr_segs);
  874. struct fuse_req *req;
  875. struct fuse_out_header oh;
  876. struct fuse_copy_state cs;
  877. struct fuse_conn *fc = fuse_get_conn(iocb->ki_filp);
  878. if (!fc)
  879. return -EPERM;
  880. fuse_copy_init(&cs, fc, 0, NULL, iov, nr_segs);
  881. if (nbytes < sizeof(struct fuse_out_header))
  882. return -EINVAL;
  883. err = fuse_copy_one(&cs, &oh, sizeof(oh));
  884. if (err)
  885. goto err_finish;
  886. err = -EINVAL;
  887. if (oh.len != nbytes)
  888. goto err_finish;
  889. /*
  890. * Zero oh.unique indicates unsolicited notification message
  891. * and error contains notification code.
  892. */
  893. if (!oh.unique) {
  894. err = fuse_notify(fc, oh.error, nbytes - sizeof(oh), &cs);
  895. return err ? err : nbytes;
  896. }
  897. err = -EINVAL;
  898. if (oh.error <= -1000 || oh.error > 0)
  899. goto err_finish;
  900. spin_lock(&fc->lock);
  901. err = -ENOENT;
  902. if (!fc->connected)
  903. goto err_unlock;
  904. req = request_find(fc, oh.unique);
  905. if (!req)
  906. goto err_unlock;
  907. if (req->aborted) {
  908. spin_unlock(&fc->lock);
  909. fuse_copy_finish(&cs);
  910. spin_lock(&fc->lock);
  911. request_end(fc, req);
  912. return -ENOENT;
  913. }
  914. /* Is it an interrupt reply? */
  915. if (req->intr_unique == oh.unique) {
  916. err = -EINVAL;
  917. if (nbytes != sizeof(struct fuse_out_header))
  918. goto err_unlock;
  919. if (oh.error == -ENOSYS)
  920. fc->no_interrupt = 1;
  921. else if (oh.error == -EAGAIN)
  922. queue_interrupt(fc, req);
  923. spin_unlock(&fc->lock);
  924. fuse_copy_finish(&cs);
  925. return nbytes;
  926. }
  927. req->state = FUSE_REQ_WRITING;
  928. list_move(&req->list, &fc->io);
  929. req->out.h = oh;
  930. req->locked = 1;
  931. cs.req = req;
  932. spin_unlock(&fc->lock);
  933. err = copy_out_args(&cs, &req->out, nbytes);
  934. fuse_copy_finish(&cs);
  935. spin_lock(&fc->lock);
  936. req->locked = 0;
  937. if (!err) {
  938. if (req->aborted)
  939. err = -ENOENT;
  940. } else if (!req->aborted)
  941. req->out.h.error = -EIO;
  942. request_end(fc, req);
  943. return err ? err : nbytes;
  944. err_unlock:
  945. spin_unlock(&fc->lock);
  946. err_finish:
  947. fuse_copy_finish(&cs);
  948. return err;
  949. }
  950. static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
  951. {
  952. unsigned mask = POLLOUT | POLLWRNORM;
  953. struct fuse_conn *fc = fuse_get_conn(file);
  954. if (!fc)
  955. return POLLERR;
  956. poll_wait(file, &fc->waitq, wait);
  957. spin_lock(&fc->lock);
  958. if (!fc->connected)
  959. mask = POLLERR;
  960. else if (request_pending(fc))
  961. mask |= POLLIN | POLLRDNORM;
  962. spin_unlock(&fc->lock);
  963. return mask;
  964. }
  965. /*
  966. * Abort all requests on the given list (pending or processing)
  967. *
  968. * This function releases and reacquires fc->lock
  969. */
  970. static void end_requests(struct fuse_conn *fc, struct list_head *head)
  971. __releases(&fc->lock)
  972. __acquires(&fc->lock)
  973. {
  974. while (!list_empty(head)) {
  975. struct fuse_req *req;
  976. req = list_entry(head->next, struct fuse_req, list);
  977. req->out.h.error = -ECONNABORTED;
  978. request_end(fc, req);
  979. spin_lock(&fc->lock);
  980. }
  981. }
  982. /*
  983. * Abort requests under I/O
  984. *
  985. * The requests are set to aborted and finished, and the request
  986. * waiter is woken up. This will make request_wait_answer() wait
  987. * until the request is unlocked and then return.
  988. *
  989. * If the request is asynchronous, then the end function needs to be
  990. * called after waiting for the request to be unlocked (if it was
  991. * locked).
  992. */
  993. static void end_io_requests(struct fuse_conn *fc)
  994. __releases(&fc->lock)
  995. __acquires(&fc->lock)
  996. {
  997. while (!list_empty(&fc->io)) {
  998. struct fuse_req *req =
  999. list_entry(fc->io.next, struct fuse_req, list);
  1000. void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
  1001. req->aborted = 1;
  1002. req->out.h.error = -ECONNABORTED;
  1003. req->state = FUSE_REQ_FINISHED;
  1004. list_del_init(&req->list);
  1005. wake_up(&req->waitq);
  1006. if (end) {
  1007. req->end = NULL;
  1008. __fuse_get_request(req);
  1009. spin_unlock(&fc->lock);
  1010. wait_event(req->waitq, !req->locked);
  1011. end(fc, req);
  1012. fuse_put_request(fc, req);
  1013. spin_lock(&fc->lock);
  1014. }
  1015. }
  1016. }
  1017. /*
  1018. * Abort all requests.
  1019. *
  1020. * Emergency exit in case of a malicious or accidental deadlock, or
  1021. * just a hung filesystem.
  1022. *
  1023. * The same effect is usually achievable through killing the
  1024. * filesystem daemon and all users of the filesystem. The exception
  1025. * is the combination of an asynchronous request and the tricky
  1026. * deadlock (see Documentation/filesystems/fuse.txt).
  1027. *
  1028. * During the aborting, progression of requests from the pending and
  1029. * processing lists onto the io list, and progression of new requests
  1030. * onto the pending list is prevented by req->connected being false.
  1031. *
  1032. * Progression of requests under I/O to the processing list is
  1033. * prevented by the req->aborted flag being true for these requests.
  1034. * For this reason requests on the io list must be aborted first.
  1035. */
  1036. void fuse_abort_conn(struct fuse_conn *fc)
  1037. {
  1038. spin_lock(&fc->lock);
  1039. if (fc->connected) {
  1040. fc->connected = 0;
  1041. fc->blocked = 0;
  1042. end_io_requests(fc);
  1043. end_requests(fc, &fc->pending);
  1044. end_requests(fc, &fc->processing);
  1045. wake_up_all(&fc->waitq);
  1046. wake_up_all(&fc->blocked_waitq);
  1047. kill_fasync(&fc->fasync, SIGIO, POLL_IN);
  1048. }
  1049. spin_unlock(&fc->lock);
  1050. }
  1051. EXPORT_SYMBOL_GPL(fuse_abort_conn);
  1052. int fuse_dev_release(struct inode *inode, struct file *file)
  1053. {
  1054. struct fuse_conn *fc = fuse_get_conn(file);
  1055. if (fc) {
  1056. spin_lock(&fc->lock);
  1057. fc->connected = 0;
  1058. end_requests(fc, &fc->pending);
  1059. end_requests(fc, &fc->processing);
  1060. spin_unlock(&fc->lock);
  1061. fuse_conn_put(fc);
  1062. }
  1063. return 0;
  1064. }
  1065. EXPORT_SYMBOL_GPL(fuse_dev_release);
  1066. static int fuse_dev_fasync(int fd, struct file *file, int on)
  1067. {
  1068. struct fuse_conn *fc = fuse_get_conn(file);
  1069. if (!fc)
  1070. return -EPERM;
  1071. /* No locking - fasync_helper does its own locking */
  1072. return fasync_helper(fd, file, on, &fc->fasync);
  1073. }
  1074. const struct file_operations fuse_dev_operations = {
  1075. .owner = THIS_MODULE,
  1076. .llseek = no_llseek,
  1077. .read = do_sync_read,
  1078. .aio_read = fuse_dev_read,
  1079. .write = do_sync_write,
  1080. .aio_write = fuse_dev_write,
  1081. .poll = fuse_dev_poll,
  1082. .release = fuse_dev_release,
  1083. .fasync = fuse_dev_fasync,
  1084. };
  1085. EXPORT_SYMBOL_GPL(fuse_dev_operations);
  1086. static struct miscdevice fuse_miscdevice = {
  1087. .minor = FUSE_MINOR,
  1088. .name = "fuse",
  1089. .fops = &fuse_dev_operations,
  1090. };
  1091. int __init fuse_dev_init(void)
  1092. {
  1093. int err = -ENOMEM;
  1094. fuse_req_cachep = kmem_cache_create("fuse_request",
  1095. sizeof(struct fuse_req),
  1096. 0, 0, NULL);
  1097. if (!fuse_req_cachep)
  1098. goto out;
  1099. err = misc_register(&fuse_miscdevice);
  1100. if (err)
  1101. goto out_cache_clean;
  1102. return 0;
  1103. out_cache_clean:
  1104. kmem_cache_destroy(fuse_req_cachep);
  1105. out:
  1106. return err;
  1107. }
  1108. void fuse_dev_cleanup(void)
  1109. {
  1110. misc_deregister(&fuse_miscdevice);
  1111. kmem_cache_destroy(fuse_req_cachep);
  1112. }