Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 1 | /* |
| 2 | FUSE: Filesystem in Userspace |
| 3 | Copyright (C) 2001-2005 Miklos Szeredi <miklos@szeredi.hu> |
| 4 | |
| 5 | This program can be distributed under the terms of the GNU GPL. |
| 6 | See the file COPYING. |
| 7 | */ |
| 8 | |
| 9 | #include "fuse_i.h" |
| 10 | |
| 11 | #include <linux/init.h> |
| 12 | #include <linux/module.h> |
| 13 | #include <linux/poll.h> |
| 14 | #include <linux/uio.h> |
| 15 | #include <linux/miscdevice.h> |
| 16 | #include <linux/pagemap.h> |
| 17 | #include <linux/file.h> |
| 18 | #include <linux/slab.h> |
| 19 | |
| 20 | MODULE_ALIAS_MISCDEV(FUSE_MINOR); |
| 21 | |
| 22 | static kmem_cache_t *fuse_req_cachep; |
| 23 | |
| 24 | static inline struct fuse_conn *fuse_get_conn(struct file *file) |
| 25 | { |
| 26 | struct fuse_conn *fc; |
| 27 | spin_lock(&fuse_lock); |
| 28 | fc = file->private_data; |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 29 | if (fc && !fc->mounted) |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 30 | fc = NULL; |
| 31 | spin_unlock(&fuse_lock); |
| 32 | return fc; |
| 33 | } |
| 34 | |
| 35 | static inline void fuse_request_init(struct fuse_req *req) |
| 36 | { |
| 37 | memset(req, 0, sizeof(*req)); |
| 38 | INIT_LIST_HEAD(&req->list); |
| 39 | init_waitqueue_head(&req->waitq); |
| 40 | atomic_set(&req->count, 1); |
| 41 | } |
| 42 | |
| 43 | struct fuse_req *fuse_request_alloc(void) |
| 44 | { |
| 45 | struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, SLAB_KERNEL); |
| 46 | if (req) |
| 47 | fuse_request_init(req); |
| 48 | return req; |
| 49 | } |
| 50 | |
| 51 | void fuse_request_free(struct fuse_req *req) |
| 52 | { |
| 53 | kmem_cache_free(fuse_req_cachep, req); |
| 54 | } |
| 55 | |
| 56 | static inline void block_sigs(sigset_t *oldset) |
| 57 | { |
| 58 | sigset_t mask; |
| 59 | |
| 60 | siginitsetinv(&mask, sigmask(SIGKILL)); |
| 61 | sigprocmask(SIG_BLOCK, &mask, oldset); |
| 62 | } |
| 63 | |
| 64 | static inline void restore_sigs(sigset_t *oldset) |
| 65 | { |
| 66 | sigprocmask(SIG_SETMASK, oldset, NULL); |
| 67 | } |
| 68 | |
| 69 | void fuse_reset_request(struct fuse_req *req) |
| 70 | { |
| 71 | int preallocated = req->preallocated; |
| 72 | BUG_ON(atomic_read(&req->count) != 1); |
| 73 | fuse_request_init(req); |
| 74 | req->preallocated = preallocated; |
| 75 | } |
| 76 | |
| 77 | static void __fuse_get_request(struct fuse_req *req) |
| 78 | { |
| 79 | atomic_inc(&req->count); |
| 80 | } |
| 81 | |
| 82 | /* Must be called with > 1 refcount */ |
| 83 | static void __fuse_put_request(struct fuse_req *req) |
| 84 | { |
| 85 | BUG_ON(atomic_read(&req->count) < 2); |
| 86 | atomic_dec(&req->count); |
| 87 | } |
| 88 | |
| 89 | static struct fuse_req *do_get_request(struct fuse_conn *fc) |
| 90 | { |
| 91 | struct fuse_req *req; |
| 92 | |
| 93 | spin_lock(&fuse_lock); |
| 94 | BUG_ON(list_empty(&fc->unused_list)); |
| 95 | req = list_entry(fc->unused_list.next, struct fuse_req, list); |
| 96 | list_del_init(&req->list); |
| 97 | spin_unlock(&fuse_lock); |
| 98 | fuse_request_init(req); |
| 99 | req->preallocated = 1; |
| 100 | req->in.h.uid = current->fsuid; |
| 101 | req->in.h.gid = current->fsgid; |
| 102 | req->in.h.pid = current->pid; |
| 103 | return req; |
| 104 | } |
| 105 | |
Miklos Szeredi | 7c352bd | 2005-09-09 13:10:39 -0700 | [diff] [blame] | 106 | /* This can return NULL, but only in case it's interrupted by a SIGKILL */ |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 107 | struct fuse_req *fuse_get_request(struct fuse_conn *fc) |
| 108 | { |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 109 | int intr; |
| 110 | sigset_t oldset; |
| 111 | |
| 112 | block_sigs(&oldset); |
| 113 | intr = down_interruptible(&fc->outstanding_sem); |
| 114 | restore_sigs(&oldset); |
| 115 | return intr ? NULL : do_get_request(fc); |
| 116 | } |
| 117 | |
| 118 | static void fuse_putback_request(struct fuse_conn *fc, struct fuse_req *req) |
| 119 | { |
| 120 | spin_lock(&fuse_lock); |
| 121 | if (req->preallocated) |
| 122 | list_add(&req->list, &fc->unused_list); |
| 123 | else |
| 124 | fuse_request_free(req); |
| 125 | |
| 126 | /* If we are in debt decrease that first */ |
| 127 | if (fc->outstanding_debt) |
| 128 | fc->outstanding_debt--; |
| 129 | else |
| 130 | up(&fc->outstanding_sem); |
| 131 | spin_unlock(&fuse_lock); |
| 132 | } |
| 133 | |
| 134 | void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req) |
| 135 | { |
| 136 | if (atomic_dec_and_test(&req->count)) |
| 137 | fuse_putback_request(fc, req); |
| 138 | } |
| 139 | |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 140 | void fuse_release_background(struct fuse_req *req) |
| 141 | { |
| 142 | iput(req->inode); |
| 143 | iput(req->inode2); |
| 144 | if (req->file) |
| 145 | fput(req->file); |
| 146 | spin_lock(&fuse_lock); |
| 147 | list_del(&req->bg_entry); |
| 148 | spin_unlock(&fuse_lock); |
| 149 | } |
| 150 | |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 151 | /* |
| 152 | * This function is called when a request is finished. Either a reply |
| 153 | * has arrived or it was interrupted (and not yet sent) or some error |
Miklos Szeredi | 1779381 | 2005-10-30 15:02:51 -0800 | [diff] [blame] | 154 | * occurred during communication with userspace, or the device file was |
| 155 | * closed. It decreases the reference count for the request. In case |
| 156 | * of a background request the reference to the stored objects are |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 157 | * released. The requester thread is woken up (if still waiting), and |
| 158 | * finally the request is either freed or put on the unused_list |
| 159 | * |
| 160 | * Called with fuse_lock, unlocks it |
| 161 | */ |
| 162 | static void request_end(struct fuse_conn *fc, struct fuse_req *req) |
| 163 | { |
| 164 | int putback; |
| 165 | req->finished = 1; |
| 166 | putback = atomic_dec_and_test(&req->count); |
| 167 | spin_unlock(&fuse_lock); |
| 168 | if (req->background) { |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 169 | down_read(&fc->sbput_sem); |
| 170 | if (fc->mounted) |
| 171 | fuse_release_background(req); |
| 172 | up_read(&fc->sbput_sem); |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 173 | } |
| 174 | wake_up(&req->waitq); |
| 175 | if (req->in.h.opcode == FUSE_INIT) { |
| 176 | int i; |
| 177 | |
| 178 | if (req->misc.init_in_out.major != FUSE_KERNEL_VERSION) |
| 179 | fc->conn_error = 1; |
| 180 | |
| 181 | /* After INIT reply is received other requests can go |
| 182 | out. So do (FUSE_MAX_OUTSTANDING - 1) number of |
| 183 | up()s on outstanding_sem. The last up() is done in |
| 184 | fuse_putback_request() */ |
| 185 | for (i = 1; i < FUSE_MAX_OUTSTANDING; i++) |
| 186 | up(&fc->outstanding_sem); |
Miklos Szeredi | fd72faa | 2005-11-07 00:59:51 -0800 | [diff] [blame] | 187 | } else if (req->in.h.opcode == FUSE_RELEASE && req->inode == NULL) { |
| 188 | /* Special case for failed iget in CREATE */ |
| 189 | u64 nodeid = req->in.h.nodeid; |
| 190 | __fuse_get_request(req); |
| 191 | fuse_reset_request(req); |
| 192 | fuse_send_forget(fc, req, nodeid, 1); |
| 193 | putback = 0; |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 194 | } |
| 195 | if (putback) |
| 196 | fuse_putback_request(fc, req); |
| 197 | } |
| 198 | |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 199 | /* |
| 200 | * Unfortunately request interruption not just solves the deadlock |
| 201 | * problem, it causes problems too. These stem from the fact, that an |
| 202 | * interrupted request is continued to be processed in userspace, |
| 203 | * while all the locks and object references (inode and file) held |
| 204 | * during the operation are released. |
| 205 | * |
| 206 | * To release the locks is exactly why there's a need to interrupt the |
| 207 | * request, so there's not a lot that can be done about this, except |
| 208 | * introduce additional locking in userspace. |
| 209 | * |
| 210 | * More important is to keep inode and file references until userspace |
| 211 | * has replied, otherwise FORGET and RELEASE could be sent while the |
| 212 | * inode/file is still used by the filesystem. |
| 213 | * |
| 214 | * For this reason the concept of "background" request is introduced. |
| 215 | * An interrupted request is backgrounded if it has been already sent |
| 216 | * to userspace. Backgrounding involves getting an extra reference to |
| 217 | * inode(s) or file used in the request, and adding the request to |
| 218 | * fc->background list. When a reply is received for a background |
| 219 | * request, the object references are released, and the request is |
| 220 | * removed from the list. If the filesystem is unmounted while there |
| 221 | * are still background requests, the list is walked and references |
| 222 | * are released as if a reply was received. |
| 223 | * |
| 224 | * There's one more use for a background request. The RELEASE message is |
| 225 | * always sent as background, since it doesn't return an error or |
| 226 | * data. |
| 227 | */ |
| 228 | static void background_request(struct fuse_conn *fc, struct fuse_req *req) |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 229 | { |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 230 | req->background = 1; |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 231 | list_add(&req->bg_entry, &fc->background); |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 232 | if (req->inode) |
| 233 | req->inode = igrab(req->inode); |
| 234 | if (req->inode2) |
| 235 | req->inode2 = igrab(req->inode2); |
| 236 | if (req->file) |
| 237 | get_file(req->file); |
| 238 | } |
| 239 | |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 240 | /* Called with fuse_lock held. Releases, and then reacquires it. */ |
Miklos Szeredi | 7c352bd | 2005-09-09 13:10:39 -0700 | [diff] [blame] | 241 | static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req) |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 242 | { |
Miklos Szeredi | 7c352bd | 2005-09-09 13:10:39 -0700 | [diff] [blame] | 243 | sigset_t oldset; |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 244 | |
| 245 | spin_unlock(&fuse_lock); |
Miklos Szeredi | 7c352bd | 2005-09-09 13:10:39 -0700 | [diff] [blame] | 246 | block_sigs(&oldset); |
| 247 | wait_event_interruptible(req->waitq, req->finished); |
| 248 | restore_sigs(&oldset); |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 249 | spin_lock(&fuse_lock); |
Miklos Szeredi | 7c352bd | 2005-09-09 13:10:39 -0700 | [diff] [blame] | 250 | if (req->finished) |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 251 | return; |
| 252 | |
Miklos Szeredi | 7c352bd | 2005-09-09 13:10:39 -0700 | [diff] [blame] | 253 | req->out.h.error = -EINTR; |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 254 | req->interrupted = 1; |
| 255 | if (req->locked) { |
| 256 | /* This is uninterruptible sleep, because data is |
| 257 | being copied to/from the buffers of req. During |
| 258 | locked state, there mustn't be any filesystem |
| 259 | operation (e.g. page fault), since that could lead |
| 260 | to deadlock */ |
| 261 | spin_unlock(&fuse_lock); |
| 262 | wait_event(req->waitq, !req->locked); |
| 263 | spin_lock(&fuse_lock); |
| 264 | } |
| 265 | if (!req->sent && !list_empty(&req->list)) { |
| 266 | list_del(&req->list); |
| 267 | __fuse_put_request(req); |
| 268 | } else if (!req->finished && req->sent) |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 269 | background_request(fc, req); |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 270 | } |
| 271 | |
| 272 | static unsigned len_args(unsigned numargs, struct fuse_arg *args) |
| 273 | { |
| 274 | unsigned nbytes = 0; |
| 275 | unsigned i; |
| 276 | |
| 277 | for (i = 0; i < numargs; i++) |
| 278 | nbytes += args[i].size; |
| 279 | |
| 280 | return nbytes; |
| 281 | } |
| 282 | |
| 283 | static void queue_request(struct fuse_conn *fc, struct fuse_req *req) |
| 284 | { |
| 285 | fc->reqctr++; |
| 286 | /* zero is special */ |
| 287 | if (fc->reqctr == 0) |
| 288 | fc->reqctr = 1; |
| 289 | req->in.h.unique = fc->reqctr; |
| 290 | req->in.h.len = sizeof(struct fuse_in_header) + |
| 291 | len_args(req->in.numargs, (struct fuse_arg *) req->in.args); |
| 292 | if (!req->preallocated) { |
| 293 | /* If request is not preallocated (either FORGET or |
| 294 | RELEASE), then still decrease outstanding_sem, so |
| 295 | user can't open infinite number of files while not |
| 296 | processing the RELEASE requests. However for |
| 297 | efficiency do it without blocking, so if down() |
| 298 | would block, just increase the debt instead */ |
| 299 | if (down_trylock(&fc->outstanding_sem)) |
| 300 | fc->outstanding_debt++; |
| 301 | } |
| 302 | list_add_tail(&req->list, &fc->pending); |
| 303 | wake_up(&fc->waitq); |
| 304 | } |
| 305 | |
Miklos Szeredi | 7c352bd | 2005-09-09 13:10:39 -0700 | [diff] [blame] | 306 | /* |
| 307 | * This can only be interrupted by a SIGKILL |
| 308 | */ |
| 309 | void request_send(struct fuse_conn *fc, struct fuse_req *req) |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 310 | { |
| 311 | req->isreply = 1; |
| 312 | spin_lock(&fuse_lock); |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 313 | if (!fc->connected) |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 314 | req->out.h.error = -ENOTCONN; |
| 315 | else if (fc->conn_error) |
| 316 | req->out.h.error = -ECONNREFUSED; |
| 317 | else { |
| 318 | queue_request(fc, req); |
| 319 | /* acquire extra reference, since request is still needed |
| 320 | after request_end() */ |
| 321 | __fuse_get_request(req); |
| 322 | |
Miklos Szeredi | 7c352bd | 2005-09-09 13:10:39 -0700 | [diff] [blame] | 323 | request_wait_answer(fc, req); |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 324 | } |
| 325 | spin_unlock(&fuse_lock); |
| 326 | } |
| 327 | |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 328 | static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req) |
| 329 | { |
| 330 | spin_lock(&fuse_lock); |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 331 | if (fc->connected) { |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 332 | queue_request(fc, req); |
| 333 | spin_unlock(&fuse_lock); |
| 334 | } else { |
| 335 | req->out.h.error = -ENOTCONN; |
| 336 | request_end(fc, req); |
| 337 | } |
| 338 | } |
| 339 | |
| 340 | void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req) |
| 341 | { |
| 342 | req->isreply = 0; |
| 343 | request_send_nowait(fc, req); |
| 344 | } |
| 345 | |
| 346 | void request_send_background(struct fuse_conn *fc, struct fuse_req *req) |
| 347 | { |
| 348 | req->isreply = 1; |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 349 | spin_lock(&fuse_lock); |
| 350 | background_request(fc, req); |
| 351 | spin_unlock(&fuse_lock); |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 352 | request_send_nowait(fc, req); |
| 353 | } |
| 354 | |
| 355 | void fuse_send_init(struct fuse_conn *fc) |
| 356 | { |
| 357 | /* This is called from fuse_read_super() so there's guaranteed |
| 358 | to be a request available */ |
| 359 | struct fuse_req *req = do_get_request(fc); |
| 360 | struct fuse_init_in_out *arg = &req->misc.init_in_out; |
| 361 | arg->major = FUSE_KERNEL_VERSION; |
| 362 | arg->minor = FUSE_KERNEL_MINOR_VERSION; |
| 363 | req->in.h.opcode = FUSE_INIT; |
| 364 | req->in.numargs = 1; |
| 365 | req->in.args[0].size = sizeof(*arg); |
| 366 | req->in.args[0].value = arg; |
| 367 | req->out.numargs = 1; |
| 368 | req->out.args[0].size = sizeof(*arg); |
| 369 | req->out.args[0].value = arg; |
| 370 | request_send_background(fc, req); |
| 371 | } |
| 372 | |
| 373 | /* |
| 374 | * Lock the request. Up to the next unlock_request() there mustn't be |
| 375 | * anything that could cause a page-fault. If the request was already |
| 376 | * interrupted bail out. |
| 377 | */ |
| 378 | static inline int lock_request(struct fuse_req *req) |
| 379 | { |
| 380 | int err = 0; |
| 381 | if (req) { |
| 382 | spin_lock(&fuse_lock); |
| 383 | if (req->interrupted) |
| 384 | err = -ENOENT; |
| 385 | else |
| 386 | req->locked = 1; |
| 387 | spin_unlock(&fuse_lock); |
| 388 | } |
| 389 | return err; |
| 390 | } |
| 391 | |
| 392 | /* |
| 393 | * Unlock request. If it was interrupted during being locked, the |
| 394 | * requester thread is currently waiting for it to be unlocked, so |
| 395 | * wake it up. |
| 396 | */ |
| 397 | static inline void unlock_request(struct fuse_req *req) |
| 398 | { |
| 399 | if (req) { |
| 400 | spin_lock(&fuse_lock); |
| 401 | req->locked = 0; |
| 402 | if (req->interrupted) |
| 403 | wake_up(&req->waitq); |
| 404 | spin_unlock(&fuse_lock); |
| 405 | } |
| 406 | } |
| 407 | |
| 408 | struct fuse_copy_state { |
| 409 | int write; |
| 410 | struct fuse_req *req; |
| 411 | const struct iovec *iov; |
| 412 | unsigned long nr_segs; |
| 413 | unsigned long seglen; |
| 414 | unsigned long addr; |
| 415 | struct page *pg; |
| 416 | void *mapaddr; |
| 417 | void *buf; |
| 418 | unsigned len; |
| 419 | }; |
| 420 | |
| 421 | static void fuse_copy_init(struct fuse_copy_state *cs, int write, |
| 422 | struct fuse_req *req, const struct iovec *iov, |
| 423 | unsigned long nr_segs) |
| 424 | { |
| 425 | memset(cs, 0, sizeof(*cs)); |
| 426 | cs->write = write; |
| 427 | cs->req = req; |
| 428 | cs->iov = iov; |
| 429 | cs->nr_segs = nr_segs; |
| 430 | } |
| 431 | |
| 432 | /* Unmap and put previous page of userspace buffer */ |
| 433 | static inline void fuse_copy_finish(struct fuse_copy_state *cs) |
| 434 | { |
| 435 | if (cs->mapaddr) { |
| 436 | kunmap_atomic(cs->mapaddr, KM_USER0); |
| 437 | if (cs->write) { |
| 438 | flush_dcache_page(cs->pg); |
| 439 | set_page_dirty_lock(cs->pg); |
| 440 | } |
| 441 | put_page(cs->pg); |
| 442 | cs->mapaddr = NULL; |
| 443 | } |
| 444 | } |
| 445 | |
| 446 | /* |
| 447 | * Get another pagefull of userspace buffer, and map it to kernel |
| 448 | * address space, and lock request |
| 449 | */ |
| 450 | static int fuse_copy_fill(struct fuse_copy_state *cs) |
| 451 | { |
| 452 | unsigned long offset; |
| 453 | int err; |
| 454 | |
| 455 | unlock_request(cs->req); |
| 456 | fuse_copy_finish(cs); |
| 457 | if (!cs->seglen) { |
| 458 | BUG_ON(!cs->nr_segs); |
| 459 | cs->seglen = cs->iov[0].iov_len; |
| 460 | cs->addr = (unsigned long) cs->iov[0].iov_base; |
| 461 | cs->iov ++; |
| 462 | cs->nr_segs --; |
| 463 | } |
| 464 | down_read(¤t->mm->mmap_sem); |
| 465 | err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0, |
| 466 | &cs->pg, NULL); |
| 467 | up_read(¤t->mm->mmap_sem); |
| 468 | if (err < 0) |
| 469 | return err; |
| 470 | BUG_ON(err != 1); |
| 471 | offset = cs->addr % PAGE_SIZE; |
| 472 | cs->mapaddr = kmap_atomic(cs->pg, KM_USER0); |
| 473 | cs->buf = cs->mapaddr + offset; |
| 474 | cs->len = min(PAGE_SIZE - offset, cs->seglen); |
| 475 | cs->seglen -= cs->len; |
| 476 | cs->addr += cs->len; |
| 477 | |
| 478 | return lock_request(cs->req); |
| 479 | } |
| 480 | |
| 481 | /* Do as much copy to/from userspace buffer as we can */ |
| 482 | static inline int fuse_copy_do(struct fuse_copy_state *cs, void **val, |
| 483 | unsigned *size) |
| 484 | { |
| 485 | unsigned ncpy = min(*size, cs->len); |
| 486 | if (val) { |
| 487 | if (cs->write) |
| 488 | memcpy(cs->buf, *val, ncpy); |
| 489 | else |
| 490 | memcpy(*val, cs->buf, ncpy); |
| 491 | *val += ncpy; |
| 492 | } |
| 493 | *size -= ncpy; |
| 494 | cs->len -= ncpy; |
| 495 | cs->buf += ncpy; |
| 496 | return ncpy; |
| 497 | } |
| 498 | |
| 499 | /* |
| 500 | * Copy a page in the request to/from the userspace buffer. Must be |
| 501 | * done atomically |
| 502 | */ |
| 503 | static inline int fuse_copy_page(struct fuse_copy_state *cs, struct page *page, |
| 504 | unsigned offset, unsigned count, int zeroing) |
| 505 | { |
| 506 | if (page && zeroing && count < PAGE_SIZE) { |
| 507 | void *mapaddr = kmap_atomic(page, KM_USER1); |
| 508 | memset(mapaddr, 0, PAGE_SIZE); |
| 509 | kunmap_atomic(mapaddr, KM_USER1); |
| 510 | } |
| 511 | while (count) { |
| 512 | int err; |
| 513 | if (!cs->len && (err = fuse_copy_fill(cs))) |
| 514 | return err; |
| 515 | if (page) { |
| 516 | void *mapaddr = kmap_atomic(page, KM_USER1); |
| 517 | void *buf = mapaddr + offset; |
| 518 | offset += fuse_copy_do(cs, &buf, &count); |
| 519 | kunmap_atomic(mapaddr, KM_USER1); |
| 520 | } else |
| 521 | offset += fuse_copy_do(cs, NULL, &count); |
| 522 | } |
| 523 | if (page && !cs->write) |
| 524 | flush_dcache_page(page); |
| 525 | return 0; |
| 526 | } |
| 527 | |
| 528 | /* Copy pages in the request to/from userspace buffer */ |
| 529 | static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes, |
| 530 | int zeroing) |
| 531 | { |
| 532 | unsigned i; |
| 533 | struct fuse_req *req = cs->req; |
| 534 | unsigned offset = req->page_offset; |
| 535 | unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset); |
| 536 | |
| 537 | for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) { |
| 538 | struct page *page = req->pages[i]; |
| 539 | int err = fuse_copy_page(cs, page, offset, count, zeroing); |
| 540 | if (err) |
| 541 | return err; |
| 542 | |
| 543 | nbytes -= count; |
| 544 | count = min(nbytes, (unsigned) PAGE_SIZE); |
| 545 | offset = 0; |
| 546 | } |
| 547 | return 0; |
| 548 | } |
| 549 | |
| 550 | /* Copy a single argument in the request to/from userspace buffer */ |
| 551 | static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size) |
| 552 | { |
| 553 | while (size) { |
| 554 | int err; |
| 555 | if (!cs->len && (err = fuse_copy_fill(cs))) |
| 556 | return err; |
| 557 | fuse_copy_do(cs, &val, &size); |
| 558 | } |
| 559 | return 0; |
| 560 | } |
| 561 | |
| 562 | /* Copy request arguments to/from userspace buffer */ |
| 563 | static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs, |
| 564 | unsigned argpages, struct fuse_arg *args, |
| 565 | int zeroing) |
| 566 | { |
| 567 | int err = 0; |
| 568 | unsigned i; |
| 569 | |
| 570 | for (i = 0; !err && i < numargs; i++) { |
| 571 | struct fuse_arg *arg = &args[i]; |
| 572 | if (i == numargs - 1 && argpages) |
| 573 | err = fuse_copy_pages(cs, arg->size, zeroing); |
| 574 | else |
| 575 | err = fuse_copy_one(cs, arg->value, arg->size); |
| 576 | } |
| 577 | return err; |
| 578 | } |
| 579 | |
| 580 | /* Wait until a request is available on the pending list */ |
| 581 | static void request_wait(struct fuse_conn *fc) |
| 582 | { |
| 583 | DECLARE_WAITQUEUE(wait, current); |
| 584 | |
| 585 | add_wait_queue_exclusive(&fc->waitq, &wait); |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 586 | while (fc->mounted && list_empty(&fc->pending)) { |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 587 | set_current_state(TASK_INTERRUPTIBLE); |
| 588 | if (signal_pending(current)) |
| 589 | break; |
| 590 | |
| 591 | spin_unlock(&fuse_lock); |
| 592 | schedule(); |
| 593 | spin_lock(&fuse_lock); |
| 594 | } |
| 595 | set_current_state(TASK_RUNNING); |
| 596 | remove_wait_queue(&fc->waitq, &wait); |
| 597 | } |
| 598 | |
| 599 | /* |
| 600 | * Read a single request into the userspace filesystem's buffer. This |
| 601 | * function waits until a request is available, then removes it from |
| 602 | * the pending list and copies request data to userspace buffer. If |
| 603 | * no reply is needed (FORGET) or request has been interrupted or |
| 604 | * there was an error during the copying then it's finished by calling |
| 605 | * request_end(). Otherwise add it to the processing list, and set |
| 606 | * the 'sent' flag. |
| 607 | */ |
| 608 | static ssize_t fuse_dev_readv(struct file *file, const struct iovec *iov, |
| 609 | unsigned long nr_segs, loff_t *off) |
| 610 | { |
| 611 | int err; |
| 612 | struct fuse_conn *fc; |
| 613 | struct fuse_req *req; |
| 614 | struct fuse_in *in; |
| 615 | struct fuse_copy_state cs; |
| 616 | unsigned reqsize; |
| 617 | |
| 618 | spin_lock(&fuse_lock); |
| 619 | fc = file->private_data; |
| 620 | err = -EPERM; |
| 621 | if (!fc) |
| 622 | goto err_unlock; |
| 623 | request_wait(fc); |
| 624 | err = -ENODEV; |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 625 | if (!fc->mounted) |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 626 | goto err_unlock; |
| 627 | err = -ERESTARTSYS; |
| 628 | if (list_empty(&fc->pending)) |
| 629 | goto err_unlock; |
| 630 | |
| 631 | req = list_entry(fc->pending.next, struct fuse_req, list); |
| 632 | list_del_init(&req->list); |
| 633 | spin_unlock(&fuse_lock); |
| 634 | |
| 635 | in = &req->in; |
| 636 | reqsize = req->in.h.len; |
| 637 | fuse_copy_init(&cs, 1, req, iov, nr_segs); |
| 638 | err = -EINVAL; |
| 639 | if (iov_length(iov, nr_segs) >= reqsize) { |
| 640 | err = fuse_copy_one(&cs, &in->h, sizeof(in->h)); |
| 641 | if (!err) |
| 642 | err = fuse_copy_args(&cs, in->numargs, in->argpages, |
| 643 | (struct fuse_arg *) in->args, 0); |
| 644 | } |
| 645 | fuse_copy_finish(&cs); |
| 646 | |
| 647 | spin_lock(&fuse_lock); |
| 648 | req->locked = 0; |
| 649 | if (!err && req->interrupted) |
| 650 | err = -ENOENT; |
| 651 | if (err) { |
| 652 | if (!req->interrupted) |
| 653 | req->out.h.error = -EIO; |
| 654 | request_end(fc, req); |
| 655 | return err; |
| 656 | } |
| 657 | if (!req->isreply) |
| 658 | request_end(fc, req); |
| 659 | else { |
| 660 | req->sent = 1; |
| 661 | list_add_tail(&req->list, &fc->processing); |
| 662 | spin_unlock(&fuse_lock); |
| 663 | } |
| 664 | return reqsize; |
| 665 | |
| 666 | err_unlock: |
| 667 | spin_unlock(&fuse_lock); |
| 668 | return err; |
| 669 | } |
| 670 | |
| 671 | static ssize_t fuse_dev_read(struct file *file, char __user *buf, |
| 672 | size_t nbytes, loff_t *off) |
| 673 | { |
| 674 | struct iovec iov; |
| 675 | iov.iov_len = nbytes; |
| 676 | iov.iov_base = buf; |
| 677 | return fuse_dev_readv(file, &iov, 1, off); |
| 678 | } |
| 679 | |
| 680 | /* Look up request on processing list by unique ID */ |
| 681 | static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique) |
| 682 | { |
| 683 | struct list_head *entry; |
| 684 | |
| 685 | list_for_each(entry, &fc->processing) { |
| 686 | struct fuse_req *req; |
| 687 | req = list_entry(entry, struct fuse_req, list); |
| 688 | if (req->in.h.unique == unique) |
| 689 | return req; |
| 690 | } |
| 691 | return NULL; |
| 692 | } |
| 693 | |
| 694 | static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out, |
| 695 | unsigned nbytes) |
| 696 | { |
| 697 | unsigned reqsize = sizeof(struct fuse_out_header); |
| 698 | |
| 699 | if (out->h.error) |
| 700 | return nbytes != reqsize ? -EINVAL : 0; |
| 701 | |
| 702 | reqsize += len_args(out->numargs, out->args); |
| 703 | |
| 704 | if (reqsize < nbytes || (reqsize > nbytes && !out->argvar)) |
| 705 | return -EINVAL; |
| 706 | else if (reqsize > nbytes) { |
| 707 | struct fuse_arg *lastarg = &out->args[out->numargs-1]; |
| 708 | unsigned diffsize = reqsize - nbytes; |
| 709 | if (diffsize > lastarg->size) |
| 710 | return -EINVAL; |
| 711 | lastarg->size -= diffsize; |
| 712 | } |
| 713 | return fuse_copy_args(cs, out->numargs, out->argpages, out->args, |
| 714 | out->page_zeroing); |
| 715 | } |
| 716 | |
| 717 | /* |
| 718 | * Write a single reply to a request. First the header is copied from |
| 719 | * the write buffer. The request is then searched on the processing |
| 720 | * list by the unique ID found in the header. If found, then remove |
| 721 | * it from the list and copy the rest of the buffer to the request. |
| 722 | * The request is finished by calling request_end() |
| 723 | */ |
| 724 | static ssize_t fuse_dev_writev(struct file *file, const struct iovec *iov, |
| 725 | unsigned long nr_segs, loff_t *off) |
| 726 | { |
| 727 | int err; |
| 728 | unsigned nbytes = iov_length(iov, nr_segs); |
| 729 | struct fuse_req *req; |
| 730 | struct fuse_out_header oh; |
| 731 | struct fuse_copy_state cs; |
| 732 | struct fuse_conn *fc = fuse_get_conn(file); |
| 733 | if (!fc) |
| 734 | return -ENODEV; |
| 735 | |
| 736 | fuse_copy_init(&cs, 0, NULL, iov, nr_segs); |
| 737 | if (nbytes < sizeof(struct fuse_out_header)) |
| 738 | return -EINVAL; |
| 739 | |
| 740 | err = fuse_copy_one(&cs, &oh, sizeof(oh)); |
| 741 | if (err) |
| 742 | goto err_finish; |
| 743 | err = -EINVAL; |
| 744 | if (!oh.unique || oh.error <= -1000 || oh.error > 0 || |
| 745 | oh.len != nbytes) |
| 746 | goto err_finish; |
| 747 | |
| 748 | spin_lock(&fuse_lock); |
| 749 | req = request_find(fc, oh.unique); |
| 750 | err = -EINVAL; |
| 751 | if (!req) |
| 752 | goto err_unlock; |
| 753 | |
| 754 | list_del_init(&req->list); |
| 755 | if (req->interrupted) { |
| 756 | request_end(fc, req); |
| 757 | fuse_copy_finish(&cs); |
| 758 | return -ENOENT; |
| 759 | } |
| 760 | req->out.h = oh; |
| 761 | req->locked = 1; |
| 762 | cs.req = req; |
| 763 | spin_unlock(&fuse_lock); |
| 764 | |
| 765 | err = copy_out_args(&cs, &req->out, nbytes); |
| 766 | fuse_copy_finish(&cs); |
| 767 | |
| 768 | spin_lock(&fuse_lock); |
| 769 | req->locked = 0; |
| 770 | if (!err) { |
| 771 | if (req->interrupted) |
| 772 | err = -ENOENT; |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 773 | } else if (!req->interrupted) |
| 774 | req->out.h.error = -EIO; |
| 775 | request_end(fc, req); |
| 776 | |
| 777 | return err ? err : nbytes; |
| 778 | |
| 779 | err_unlock: |
| 780 | spin_unlock(&fuse_lock); |
| 781 | err_finish: |
| 782 | fuse_copy_finish(&cs); |
| 783 | return err; |
| 784 | } |
| 785 | |
| 786 | static ssize_t fuse_dev_write(struct file *file, const char __user *buf, |
| 787 | size_t nbytes, loff_t *off) |
| 788 | { |
| 789 | struct iovec iov; |
| 790 | iov.iov_len = nbytes; |
| 791 | iov.iov_base = (char __user *) buf; |
| 792 | return fuse_dev_writev(file, &iov, 1, off); |
| 793 | } |
| 794 | |
| 795 | static unsigned fuse_dev_poll(struct file *file, poll_table *wait) |
| 796 | { |
| 797 | struct fuse_conn *fc = fuse_get_conn(file); |
| 798 | unsigned mask = POLLOUT | POLLWRNORM; |
| 799 | |
| 800 | if (!fc) |
| 801 | return -ENODEV; |
| 802 | |
| 803 | poll_wait(file, &fc->waitq, wait); |
| 804 | |
| 805 | spin_lock(&fuse_lock); |
| 806 | if (!list_empty(&fc->pending)) |
| 807 | mask |= POLLIN | POLLRDNORM; |
| 808 | spin_unlock(&fuse_lock); |
| 809 | |
| 810 | return mask; |
| 811 | } |
| 812 | |
| 813 | /* Abort all requests on the given list (pending or processing) */ |
| 814 | static void end_requests(struct fuse_conn *fc, struct list_head *head) |
| 815 | { |
| 816 | while (!list_empty(head)) { |
| 817 | struct fuse_req *req; |
| 818 | req = list_entry(head->next, struct fuse_req, list); |
| 819 | list_del_init(&req->list); |
| 820 | req->out.h.error = -ECONNABORTED; |
| 821 | request_end(fc, req); |
| 822 | spin_lock(&fuse_lock); |
| 823 | } |
| 824 | } |
| 825 | |
| 826 | static int fuse_dev_release(struct inode *inode, struct file *file) |
| 827 | { |
| 828 | struct fuse_conn *fc; |
| 829 | |
| 830 | spin_lock(&fuse_lock); |
| 831 | fc = file->private_data; |
| 832 | if (fc) { |
Miklos Szeredi | 1e9a4ed | 2005-09-09 13:10:31 -0700 | [diff] [blame] | 833 | fc->connected = 0; |
Miklos Szeredi | 334f485 | 2005-09-09 13:10:27 -0700 | [diff] [blame] | 834 | end_requests(fc, &fc->pending); |
| 835 | end_requests(fc, &fc->processing); |
| 836 | fuse_release_conn(fc); |
| 837 | } |
| 838 | spin_unlock(&fuse_lock); |
| 839 | return 0; |
| 840 | } |
| 841 | |
| 842 | struct file_operations fuse_dev_operations = { |
| 843 | .owner = THIS_MODULE, |
| 844 | .llseek = no_llseek, |
| 845 | .read = fuse_dev_read, |
| 846 | .readv = fuse_dev_readv, |
| 847 | .write = fuse_dev_write, |
| 848 | .writev = fuse_dev_writev, |
| 849 | .poll = fuse_dev_poll, |
| 850 | .release = fuse_dev_release, |
| 851 | }; |
| 852 | |
| 853 | static struct miscdevice fuse_miscdevice = { |
| 854 | .minor = FUSE_MINOR, |
| 855 | .name = "fuse", |
| 856 | .fops = &fuse_dev_operations, |
| 857 | }; |
| 858 | |
| 859 | int __init fuse_dev_init(void) |
| 860 | { |
| 861 | int err = -ENOMEM; |
| 862 | fuse_req_cachep = kmem_cache_create("fuse_request", |
| 863 | sizeof(struct fuse_req), |
| 864 | 0, 0, NULL, NULL); |
| 865 | if (!fuse_req_cachep) |
| 866 | goto out; |
| 867 | |
| 868 | err = misc_register(&fuse_miscdevice); |
| 869 | if (err) |
| 870 | goto out_cache_clean; |
| 871 | |
| 872 | return 0; |
| 873 | |
| 874 | out_cache_clean: |
| 875 | kmem_cache_destroy(fuse_req_cachep); |
| 876 | out: |
| 877 | return err; |
| 878 | } |
| 879 | |
| 880 | void fuse_dev_cleanup(void) |
| 881 | { |
| 882 | misc_deregister(&fuse_miscdevice); |
| 883 | kmem_cache_destroy(fuse_req_cachep); |
| 884 | } |