blob: 8f873e621f4107e9c3d40d00e21bfaabd848ed66 [file] [log] [blame]
Miklos Szeredi334f4852005-09-09 13:10:27 -07001/*
2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2005 Miklos Szeredi <miklos@szeredi.hu>
4
5 This program can be distributed under the terms of the GNU GPL.
6 See the file COPYING.
7*/
8
9#include "fuse_i.h"
10
11#include <linux/init.h>
12#include <linux/module.h>
13#include <linux/poll.h>
14#include <linux/uio.h>
15#include <linux/miscdevice.h>
16#include <linux/pagemap.h>
17#include <linux/file.h>
18#include <linux/slab.h>
19
20MODULE_ALIAS_MISCDEV(FUSE_MINOR);
21
22static kmem_cache_t *fuse_req_cachep;
23
24static inline struct fuse_conn *fuse_get_conn(struct file *file)
25{
26 struct fuse_conn *fc;
27 spin_lock(&fuse_lock);
28 fc = file->private_data;
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -070029 if (fc && !fc->mounted)
Miklos Szeredi334f4852005-09-09 13:10:27 -070030 fc = NULL;
31 spin_unlock(&fuse_lock);
32 return fc;
33}
34
35static inline void fuse_request_init(struct fuse_req *req)
36{
37 memset(req, 0, sizeof(*req));
38 INIT_LIST_HEAD(&req->list);
39 init_waitqueue_head(&req->waitq);
40 atomic_set(&req->count, 1);
41}
42
43struct fuse_req *fuse_request_alloc(void)
44{
45 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, SLAB_KERNEL);
46 if (req)
47 fuse_request_init(req);
48 return req;
49}
50
51void fuse_request_free(struct fuse_req *req)
52{
53 kmem_cache_free(fuse_req_cachep, req);
54}
55
56static inline void block_sigs(sigset_t *oldset)
57{
58 sigset_t mask;
59
60 siginitsetinv(&mask, sigmask(SIGKILL));
61 sigprocmask(SIG_BLOCK, &mask, oldset);
62}
63
64static inline void restore_sigs(sigset_t *oldset)
65{
66 sigprocmask(SIG_SETMASK, oldset, NULL);
67}
68
69void fuse_reset_request(struct fuse_req *req)
70{
71 int preallocated = req->preallocated;
72 BUG_ON(atomic_read(&req->count) != 1);
73 fuse_request_init(req);
74 req->preallocated = preallocated;
75}
76
77static void __fuse_get_request(struct fuse_req *req)
78{
79 atomic_inc(&req->count);
80}
81
82/* Must be called with > 1 refcount */
83static void __fuse_put_request(struct fuse_req *req)
84{
85 BUG_ON(atomic_read(&req->count) < 2);
86 atomic_dec(&req->count);
87}
88
89static struct fuse_req *do_get_request(struct fuse_conn *fc)
90{
91 struct fuse_req *req;
92
93 spin_lock(&fuse_lock);
94 BUG_ON(list_empty(&fc->unused_list));
95 req = list_entry(fc->unused_list.next, struct fuse_req, list);
96 list_del_init(&req->list);
97 spin_unlock(&fuse_lock);
98 fuse_request_init(req);
99 req->preallocated = 1;
100 req->in.h.uid = current->fsuid;
101 req->in.h.gid = current->fsgid;
102 req->in.h.pid = current->pid;
103 return req;
104}
105
Miklos Szeredi7c352bd2005-09-09 13:10:39 -0700106/* This can return NULL, but only in case it's interrupted by a SIGKILL */
Miklos Szeredi334f4852005-09-09 13:10:27 -0700107struct fuse_req *fuse_get_request(struct fuse_conn *fc)
108{
Miklos Szeredi334f4852005-09-09 13:10:27 -0700109 int intr;
110 sigset_t oldset;
111
112 block_sigs(&oldset);
113 intr = down_interruptible(&fc->outstanding_sem);
114 restore_sigs(&oldset);
115 return intr ? NULL : do_get_request(fc);
116}
117
118static void fuse_putback_request(struct fuse_conn *fc, struct fuse_req *req)
119{
120 spin_lock(&fuse_lock);
121 if (req->preallocated)
122 list_add(&req->list, &fc->unused_list);
123 else
124 fuse_request_free(req);
125
126 /* If we are in debt decrease that first */
127 if (fc->outstanding_debt)
128 fc->outstanding_debt--;
129 else
130 up(&fc->outstanding_sem);
131 spin_unlock(&fuse_lock);
132}
133
134void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
135{
136 if (atomic_dec_and_test(&req->count))
137 fuse_putback_request(fc, req);
138}
139
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -0700140void fuse_release_background(struct fuse_req *req)
141{
142 iput(req->inode);
143 iput(req->inode2);
144 if (req->file)
145 fput(req->file);
146 spin_lock(&fuse_lock);
147 list_del(&req->bg_entry);
148 spin_unlock(&fuse_lock);
149}
150
Miklos Szeredi334f4852005-09-09 13:10:27 -0700151/*
152 * This function is called when a request is finished. Either a reply
153 * has arrived or it was interrupted (and not yet sent) or some error
Miklos Szeredi17793812005-10-30 15:02:51 -0800154 * occurred during communication with userspace, or the device file was
155 * closed. It decreases the reference count for the request. In case
156 * of a background request the reference to the stored objects are
Miklos Szeredi334f4852005-09-09 13:10:27 -0700157 * released. The requester thread is woken up (if still waiting), and
158 * finally the request is either freed or put on the unused_list
159 *
160 * Called with fuse_lock, unlocks it
161 */
162static void request_end(struct fuse_conn *fc, struct fuse_req *req)
163{
164 int putback;
165 req->finished = 1;
166 putback = atomic_dec_and_test(&req->count);
167 spin_unlock(&fuse_lock);
168 if (req->background) {
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -0700169 down_read(&fc->sbput_sem);
170 if (fc->mounted)
171 fuse_release_background(req);
172 up_read(&fc->sbput_sem);
Miklos Szeredi334f4852005-09-09 13:10:27 -0700173 }
174 wake_up(&req->waitq);
175 if (req->in.h.opcode == FUSE_INIT) {
176 int i;
177
178 if (req->misc.init_in_out.major != FUSE_KERNEL_VERSION)
179 fc->conn_error = 1;
180
181 /* After INIT reply is received other requests can go
182 out. So do (FUSE_MAX_OUTSTANDING - 1) number of
183 up()s on outstanding_sem. The last up() is done in
184 fuse_putback_request() */
185 for (i = 1; i < FUSE_MAX_OUTSTANDING; i++)
186 up(&fc->outstanding_sem);
Miklos Szeredifd72faa2005-11-07 00:59:51 -0800187 } else if (req->in.h.opcode == FUSE_RELEASE && req->inode == NULL) {
188 /* Special case for failed iget in CREATE */
189 u64 nodeid = req->in.h.nodeid;
190 __fuse_get_request(req);
191 fuse_reset_request(req);
192 fuse_send_forget(fc, req, nodeid, 1);
193 putback = 0;
Miklos Szeredi334f4852005-09-09 13:10:27 -0700194 }
195 if (putback)
196 fuse_putback_request(fc, req);
197}
198
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -0700199/*
200 * Unfortunately request interruption not just solves the deadlock
201 * problem, it causes problems too. These stem from the fact, that an
202 * interrupted request is continued to be processed in userspace,
203 * while all the locks and object references (inode and file) held
204 * during the operation are released.
205 *
206 * To release the locks is exactly why there's a need to interrupt the
207 * request, so there's not a lot that can be done about this, except
208 * introduce additional locking in userspace.
209 *
210 * More important is to keep inode and file references until userspace
211 * has replied, otherwise FORGET and RELEASE could be sent while the
212 * inode/file is still used by the filesystem.
213 *
214 * For this reason the concept of "background" request is introduced.
215 * An interrupted request is backgrounded if it has been already sent
216 * to userspace. Backgrounding involves getting an extra reference to
217 * inode(s) or file used in the request, and adding the request to
218 * fc->background list. When a reply is received for a background
219 * request, the object references are released, and the request is
220 * removed from the list. If the filesystem is unmounted while there
221 * are still background requests, the list is walked and references
222 * are released as if a reply was received.
223 *
224 * There's one more use for a background request. The RELEASE message is
225 * always sent as background, since it doesn't return an error or
226 * data.
227 */
228static void background_request(struct fuse_conn *fc, struct fuse_req *req)
Miklos Szeredi334f4852005-09-09 13:10:27 -0700229{
Miklos Szeredi334f4852005-09-09 13:10:27 -0700230 req->background = 1;
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -0700231 list_add(&req->bg_entry, &fc->background);
Miklos Szeredi334f4852005-09-09 13:10:27 -0700232 if (req->inode)
233 req->inode = igrab(req->inode);
234 if (req->inode2)
235 req->inode2 = igrab(req->inode2);
236 if (req->file)
237 get_file(req->file);
238}
239
Miklos Szeredi334f4852005-09-09 13:10:27 -0700240/* Called with fuse_lock held. Releases, and then reacquires it. */
Miklos Szeredi7c352bd2005-09-09 13:10:39 -0700241static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req)
Miklos Szeredi334f4852005-09-09 13:10:27 -0700242{
Miklos Szeredi7c352bd2005-09-09 13:10:39 -0700243 sigset_t oldset;
Miklos Szeredi334f4852005-09-09 13:10:27 -0700244
245 spin_unlock(&fuse_lock);
Miklos Szeredi7c352bd2005-09-09 13:10:39 -0700246 block_sigs(&oldset);
247 wait_event_interruptible(req->waitq, req->finished);
248 restore_sigs(&oldset);
Miklos Szeredi334f4852005-09-09 13:10:27 -0700249 spin_lock(&fuse_lock);
Miklos Szeredi7c352bd2005-09-09 13:10:39 -0700250 if (req->finished)
Miklos Szeredi334f4852005-09-09 13:10:27 -0700251 return;
252
Miklos Szeredi7c352bd2005-09-09 13:10:39 -0700253 req->out.h.error = -EINTR;
Miklos Szeredi334f4852005-09-09 13:10:27 -0700254 req->interrupted = 1;
255 if (req->locked) {
256 /* This is uninterruptible sleep, because data is
257 being copied to/from the buffers of req. During
258 locked state, there mustn't be any filesystem
259 operation (e.g. page fault), since that could lead
260 to deadlock */
261 spin_unlock(&fuse_lock);
262 wait_event(req->waitq, !req->locked);
263 spin_lock(&fuse_lock);
264 }
265 if (!req->sent && !list_empty(&req->list)) {
266 list_del(&req->list);
267 __fuse_put_request(req);
268 } else if (!req->finished && req->sent)
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -0700269 background_request(fc, req);
Miklos Szeredi334f4852005-09-09 13:10:27 -0700270}
271
272static unsigned len_args(unsigned numargs, struct fuse_arg *args)
273{
274 unsigned nbytes = 0;
275 unsigned i;
276
277 for (i = 0; i < numargs; i++)
278 nbytes += args[i].size;
279
280 return nbytes;
281}
282
283static void queue_request(struct fuse_conn *fc, struct fuse_req *req)
284{
285 fc->reqctr++;
286 /* zero is special */
287 if (fc->reqctr == 0)
288 fc->reqctr = 1;
289 req->in.h.unique = fc->reqctr;
290 req->in.h.len = sizeof(struct fuse_in_header) +
291 len_args(req->in.numargs, (struct fuse_arg *) req->in.args);
292 if (!req->preallocated) {
293 /* If request is not preallocated (either FORGET or
294 RELEASE), then still decrease outstanding_sem, so
295 user can't open infinite number of files while not
296 processing the RELEASE requests. However for
297 efficiency do it without blocking, so if down()
298 would block, just increase the debt instead */
299 if (down_trylock(&fc->outstanding_sem))
300 fc->outstanding_debt++;
301 }
302 list_add_tail(&req->list, &fc->pending);
303 wake_up(&fc->waitq);
304}
305
Miklos Szeredi7c352bd2005-09-09 13:10:39 -0700306/*
307 * This can only be interrupted by a SIGKILL
308 */
309void request_send(struct fuse_conn *fc, struct fuse_req *req)
Miklos Szeredi334f4852005-09-09 13:10:27 -0700310{
311 req->isreply = 1;
312 spin_lock(&fuse_lock);
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -0700313 if (!fc->connected)
Miklos Szeredi334f4852005-09-09 13:10:27 -0700314 req->out.h.error = -ENOTCONN;
315 else if (fc->conn_error)
316 req->out.h.error = -ECONNREFUSED;
317 else {
318 queue_request(fc, req);
319 /* acquire extra reference, since request is still needed
320 after request_end() */
321 __fuse_get_request(req);
322
Miklos Szeredi7c352bd2005-09-09 13:10:39 -0700323 request_wait_answer(fc, req);
Miklos Szeredi334f4852005-09-09 13:10:27 -0700324 }
325 spin_unlock(&fuse_lock);
326}
327
Miklos Szeredi334f4852005-09-09 13:10:27 -0700328static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req)
329{
330 spin_lock(&fuse_lock);
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -0700331 if (fc->connected) {
Miklos Szeredi334f4852005-09-09 13:10:27 -0700332 queue_request(fc, req);
333 spin_unlock(&fuse_lock);
334 } else {
335 req->out.h.error = -ENOTCONN;
336 request_end(fc, req);
337 }
338}
339
340void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req)
341{
342 req->isreply = 0;
343 request_send_nowait(fc, req);
344}
345
346void request_send_background(struct fuse_conn *fc, struct fuse_req *req)
347{
348 req->isreply = 1;
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -0700349 spin_lock(&fuse_lock);
350 background_request(fc, req);
351 spin_unlock(&fuse_lock);
Miklos Szeredi334f4852005-09-09 13:10:27 -0700352 request_send_nowait(fc, req);
353}
354
355void fuse_send_init(struct fuse_conn *fc)
356{
357 /* This is called from fuse_read_super() so there's guaranteed
358 to be a request available */
359 struct fuse_req *req = do_get_request(fc);
360 struct fuse_init_in_out *arg = &req->misc.init_in_out;
361 arg->major = FUSE_KERNEL_VERSION;
362 arg->minor = FUSE_KERNEL_MINOR_VERSION;
363 req->in.h.opcode = FUSE_INIT;
364 req->in.numargs = 1;
365 req->in.args[0].size = sizeof(*arg);
366 req->in.args[0].value = arg;
367 req->out.numargs = 1;
368 req->out.args[0].size = sizeof(*arg);
369 req->out.args[0].value = arg;
370 request_send_background(fc, req);
371}
372
373/*
374 * Lock the request. Up to the next unlock_request() there mustn't be
375 * anything that could cause a page-fault. If the request was already
376 * interrupted bail out.
377 */
378static inline int lock_request(struct fuse_req *req)
379{
380 int err = 0;
381 if (req) {
382 spin_lock(&fuse_lock);
383 if (req->interrupted)
384 err = -ENOENT;
385 else
386 req->locked = 1;
387 spin_unlock(&fuse_lock);
388 }
389 return err;
390}
391
392/*
393 * Unlock request. If it was interrupted during being locked, the
394 * requester thread is currently waiting for it to be unlocked, so
395 * wake it up.
396 */
397static inline void unlock_request(struct fuse_req *req)
398{
399 if (req) {
400 spin_lock(&fuse_lock);
401 req->locked = 0;
402 if (req->interrupted)
403 wake_up(&req->waitq);
404 spin_unlock(&fuse_lock);
405 }
406}
407
408struct fuse_copy_state {
409 int write;
410 struct fuse_req *req;
411 const struct iovec *iov;
412 unsigned long nr_segs;
413 unsigned long seglen;
414 unsigned long addr;
415 struct page *pg;
416 void *mapaddr;
417 void *buf;
418 unsigned len;
419};
420
421static void fuse_copy_init(struct fuse_copy_state *cs, int write,
422 struct fuse_req *req, const struct iovec *iov,
423 unsigned long nr_segs)
424{
425 memset(cs, 0, sizeof(*cs));
426 cs->write = write;
427 cs->req = req;
428 cs->iov = iov;
429 cs->nr_segs = nr_segs;
430}
431
432/* Unmap and put previous page of userspace buffer */
433static inline void fuse_copy_finish(struct fuse_copy_state *cs)
434{
435 if (cs->mapaddr) {
436 kunmap_atomic(cs->mapaddr, KM_USER0);
437 if (cs->write) {
438 flush_dcache_page(cs->pg);
439 set_page_dirty_lock(cs->pg);
440 }
441 put_page(cs->pg);
442 cs->mapaddr = NULL;
443 }
444}
445
446/*
447 * Get another pagefull of userspace buffer, and map it to kernel
448 * address space, and lock request
449 */
450static int fuse_copy_fill(struct fuse_copy_state *cs)
451{
452 unsigned long offset;
453 int err;
454
455 unlock_request(cs->req);
456 fuse_copy_finish(cs);
457 if (!cs->seglen) {
458 BUG_ON(!cs->nr_segs);
459 cs->seglen = cs->iov[0].iov_len;
460 cs->addr = (unsigned long) cs->iov[0].iov_base;
461 cs->iov ++;
462 cs->nr_segs --;
463 }
464 down_read(&current->mm->mmap_sem);
465 err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0,
466 &cs->pg, NULL);
467 up_read(&current->mm->mmap_sem);
468 if (err < 0)
469 return err;
470 BUG_ON(err != 1);
471 offset = cs->addr % PAGE_SIZE;
472 cs->mapaddr = kmap_atomic(cs->pg, KM_USER0);
473 cs->buf = cs->mapaddr + offset;
474 cs->len = min(PAGE_SIZE - offset, cs->seglen);
475 cs->seglen -= cs->len;
476 cs->addr += cs->len;
477
478 return lock_request(cs->req);
479}
480
481/* Do as much copy to/from userspace buffer as we can */
482static inline int fuse_copy_do(struct fuse_copy_state *cs, void **val,
483 unsigned *size)
484{
485 unsigned ncpy = min(*size, cs->len);
486 if (val) {
487 if (cs->write)
488 memcpy(cs->buf, *val, ncpy);
489 else
490 memcpy(*val, cs->buf, ncpy);
491 *val += ncpy;
492 }
493 *size -= ncpy;
494 cs->len -= ncpy;
495 cs->buf += ncpy;
496 return ncpy;
497}
498
499/*
500 * Copy a page in the request to/from the userspace buffer. Must be
501 * done atomically
502 */
503static inline int fuse_copy_page(struct fuse_copy_state *cs, struct page *page,
504 unsigned offset, unsigned count, int zeroing)
505{
506 if (page && zeroing && count < PAGE_SIZE) {
507 void *mapaddr = kmap_atomic(page, KM_USER1);
508 memset(mapaddr, 0, PAGE_SIZE);
509 kunmap_atomic(mapaddr, KM_USER1);
510 }
511 while (count) {
512 int err;
513 if (!cs->len && (err = fuse_copy_fill(cs)))
514 return err;
515 if (page) {
516 void *mapaddr = kmap_atomic(page, KM_USER1);
517 void *buf = mapaddr + offset;
518 offset += fuse_copy_do(cs, &buf, &count);
519 kunmap_atomic(mapaddr, KM_USER1);
520 } else
521 offset += fuse_copy_do(cs, NULL, &count);
522 }
523 if (page && !cs->write)
524 flush_dcache_page(page);
525 return 0;
526}
527
528/* Copy pages in the request to/from userspace buffer */
529static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes,
530 int zeroing)
531{
532 unsigned i;
533 struct fuse_req *req = cs->req;
534 unsigned offset = req->page_offset;
535 unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset);
536
537 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) {
538 struct page *page = req->pages[i];
539 int err = fuse_copy_page(cs, page, offset, count, zeroing);
540 if (err)
541 return err;
542
543 nbytes -= count;
544 count = min(nbytes, (unsigned) PAGE_SIZE);
545 offset = 0;
546 }
547 return 0;
548}
549
550/* Copy a single argument in the request to/from userspace buffer */
551static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size)
552{
553 while (size) {
554 int err;
555 if (!cs->len && (err = fuse_copy_fill(cs)))
556 return err;
557 fuse_copy_do(cs, &val, &size);
558 }
559 return 0;
560}
561
562/* Copy request arguments to/from userspace buffer */
563static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs,
564 unsigned argpages, struct fuse_arg *args,
565 int zeroing)
566{
567 int err = 0;
568 unsigned i;
569
570 for (i = 0; !err && i < numargs; i++) {
571 struct fuse_arg *arg = &args[i];
572 if (i == numargs - 1 && argpages)
573 err = fuse_copy_pages(cs, arg->size, zeroing);
574 else
575 err = fuse_copy_one(cs, arg->value, arg->size);
576 }
577 return err;
578}
579
580/* Wait until a request is available on the pending list */
581static void request_wait(struct fuse_conn *fc)
582{
583 DECLARE_WAITQUEUE(wait, current);
584
585 add_wait_queue_exclusive(&fc->waitq, &wait);
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -0700586 while (fc->mounted && list_empty(&fc->pending)) {
Miklos Szeredi334f4852005-09-09 13:10:27 -0700587 set_current_state(TASK_INTERRUPTIBLE);
588 if (signal_pending(current))
589 break;
590
591 spin_unlock(&fuse_lock);
592 schedule();
593 spin_lock(&fuse_lock);
594 }
595 set_current_state(TASK_RUNNING);
596 remove_wait_queue(&fc->waitq, &wait);
597}
598
599/*
600 * Read a single request into the userspace filesystem's buffer. This
601 * function waits until a request is available, then removes it from
602 * the pending list and copies request data to userspace buffer. If
603 * no reply is needed (FORGET) or request has been interrupted or
604 * there was an error during the copying then it's finished by calling
605 * request_end(). Otherwise add it to the processing list, and set
606 * the 'sent' flag.
607 */
608static ssize_t fuse_dev_readv(struct file *file, const struct iovec *iov,
609 unsigned long nr_segs, loff_t *off)
610{
611 int err;
612 struct fuse_conn *fc;
613 struct fuse_req *req;
614 struct fuse_in *in;
615 struct fuse_copy_state cs;
616 unsigned reqsize;
617
618 spin_lock(&fuse_lock);
619 fc = file->private_data;
620 err = -EPERM;
621 if (!fc)
622 goto err_unlock;
623 request_wait(fc);
624 err = -ENODEV;
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -0700625 if (!fc->mounted)
Miklos Szeredi334f4852005-09-09 13:10:27 -0700626 goto err_unlock;
627 err = -ERESTARTSYS;
628 if (list_empty(&fc->pending))
629 goto err_unlock;
630
631 req = list_entry(fc->pending.next, struct fuse_req, list);
632 list_del_init(&req->list);
633 spin_unlock(&fuse_lock);
634
635 in = &req->in;
636 reqsize = req->in.h.len;
637 fuse_copy_init(&cs, 1, req, iov, nr_segs);
638 err = -EINVAL;
639 if (iov_length(iov, nr_segs) >= reqsize) {
640 err = fuse_copy_one(&cs, &in->h, sizeof(in->h));
641 if (!err)
642 err = fuse_copy_args(&cs, in->numargs, in->argpages,
643 (struct fuse_arg *) in->args, 0);
644 }
645 fuse_copy_finish(&cs);
646
647 spin_lock(&fuse_lock);
648 req->locked = 0;
649 if (!err && req->interrupted)
650 err = -ENOENT;
651 if (err) {
652 if (!req->interrupted)
653 req->out.h.error = -EIO;
654 request_end(fc, req);
655 return err;
656 }
657 if (!req->isreply)
658 request_end(fc, req);
659 else {
660 req->sent = 1;
661 list_add_tail(&req->list, &fc->processing);
662 spin_unlock(&fuse_lock);
663 }
664 return reqsize;
665
666 err_unlock:
667 spin_unlock(&fuse_lock);
668 return err;
669}
670
671static ssize_t fuse_dev_read(struct file *file, char __user *buf,
672 size_t nbytes, loff_t *off)
673{
674 struct iovec iov;
675 iov.iov_len = nbytes;
676 iov.iov_base = buf;
677 return fuse_dev_readv(file, &iov, 1, off);
678}
679
680/* Look up request on processing list by unique ID */
681static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique)
682{
683 struct list_head *entry;
684
685 list_for_each(entry, &fc->processing) {
686 struct fuse_req *req;
687 req = list_entry(entry, struct fuse_req, list);
688 if (req->in.h.unique == unique)
689 return req;
690 }
691 return NULL;
692}
693
694static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out,
695 unsigned nbytes)
696{
697 unsigned reqsize = sizeof(struct fuse_out_header);
698
699 if (out->h.error)
700 return nbytes != reqsize ? -EINVAL : 0;
701
702 reqsize += len_args(out->numargs, out->args);
703
704 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar))
705 return -EINVAL;
706 else if (reqsize > nbytes) {
707 struct fuse_arg *lastarg = &out->args[out->numargs-1];
708 unsigned diffsize = reqsize - nbytes;
709 if (diffsize > lastarg->size)
710 return -EINVAL;
711 lastarg->size -= diffsize;
712 }
713 return fuse_copy_args(cs, out->numargs, out->argpages, out->args,
714 out->page_zeroing);
715}
716
717/*
718 * Write a single reply to a request. First the header is copied from
719 * the write buffer. The request is then searched on the processing
720 * list by the unique ID found in the header. If found, then remove
721 * it from the list and copy the rest of the buffer to the request.
722 * The request is finished by calling request_end()
723 */
724static ssize_t fuse_dev_writev(struct file *file, const struct iovec *iov,
725 unsigned long nr_segs, loff_t *off)
726{
727 int err;
728 unsigned nbytes = iov_length(iov, nr_segs);
729 struct fuse_req *req;
730 struct fuse_out_header oh;
731 struct fuse_copy_state cs;
732 struct fuse_conn *fc = fuse_get_conn(file);
733 if (!fc)
734 return -ENODEV;
735
736 fuse_copy_init(&cs, 0, NULL, iov, nr_segs);
737 if (nbytes < sizeof(struct fuse_out_header))
738 return -EINVAL;
739
740 err = fuse_copy_one(&cs, &oh, sizeof(oh));
741 if (err)
742 goto err_finish;
743 err = -EINVAL;
744 if (!oh.unique || oh.error <= -1000 || oh.error > 0 ||
745 oh.len != nbytes)
746 goto err_finish;
747
748 spin_lock(&fuse_lock);
749 req = request_find(fc, oh.unique);
750 err = -EINVAL;
751 if (!req)
752 goto err_unlock;
753
754 list_del_init(&req->list);
755 if (req->interrupted) {
756 request_end(fc, req);
757 fuse_copy_finish(&cs);
758 return -ENOENT;
759 }
760 req->out.h = oh;
761 req->locked = 1;
762 cs.req = req;
763 spin_unlock(&fuse_lock);
764
765 err = copy_out_args(&cs, &req->out, nbytes);
766 fuse_copy_finish(&cs);
767
768 spin_lock(&fuse_lock);
769 req->locked = 0;
770 if (!err) {
771 if (req->interrupted)
772 err = -ENOENT;
Miklos Szeredi334f4852005-09-09 13:10:27 -0700773 } else if (!req->interrupted)
774 req->out.h.error = -EIO;
775 request_end(fc, req);
776
777 return err ? err : nbytes;
778
779 err_unlock:
780 spin_unlock(&fuse_lock);
781 err_finish:
782 fuse_copy_finish(&cs);
783 return err;
784}
785
786static ssize_t fuse_dev_write(struct file *file, const char __user *buf,
787 size_t nbytes, loff_t *off)
788{
789 struct iovec iov;
790 iov.iov_len = nbytes;
791 iov.iov_base = (char __user *) buf;
792 return fuse_dev_writev(file, &iov, 1, off);
793}
794
795static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
796{
797 struct fuse_conn *fc = fuse_get_conn(file);
798 unsigned mask = POLLOUT | POLLWRNORM;
799
800 if (!fc)
801 return -ENODEV;
802
803 poll_wait(file, &fc->waitq, wait);
804
805 spin_lock(&fuse_lock);
806 if (!list_empty(&fc->pending))
807 mask |= POLLIN | POLLRDNORM;
808 spin_unlock(&fuse_lock);
809
810 return mask;
811}
812
813/* Abort all requests on the given list (pending or processing) */
814static void end_requests(struct fuse_conn *fc, struct list_head *head)
815{
816 while (!list_empty(head)) {
817 struct fuse_req *req;
818 req = list_entry(head->next, struct fuse_req, list);
819 list_del_init(&req->list);
820 req->out.h.error = -ECONNABORTED;
821 request_end(fc, req);
822 spin_lock(&fuse_lock);
823 }
824}
825
826static int fuse_dev_release(struct inode *inode, struct file *file)
827{
828 struct fuse_conn *fc;
829
830 spin_lock(&fuse_lock);
831 fc = file->private_data;
832 if (fc) {
Miklos Szeredi1e9a4ed2005-09-09 13:10:31 -0700833 fc->connected = 0;
Miklos Szeredi334f4852005-09-09 13:10:27 -0700834 end_requests(fc, &fc->pending);
835 end_requests(fc, &fc->processing);
836 fuse_release_conn(fc);
837 }
838 spin_unlock(&fuse_lock);
839 return 0;
840}
841
842struct file_operations fuse_dev_operations = {
843 .owner = THIS_MODULE,
844 .llseek = no_llseek,
845 .read = fuse_dev_read,
846 .readv = fuse_dev_readv,
847 .write = fuse_dev_write,
848 .writev = fuse_dev_writev,
849 .poll = fuse_dev_poll,
850 .release = fuse_dev_release,
851};
852
853static struct miscdevice fuse_miscdevice = {
854 .minor = FUSE_MINOR,
855 .name = "fuse",
856 .fops = &fuse_dev_operations,
857};
858
859int __init fuse_dev_init(void)
860{
861 int err = -ENOMEM;
862 fuse_req_cachep = kmem_cache_create("fuse_request",
863 sizeof(struct fuse_req),
864 0, 0, NULL, NULL);
865 if (!fuse_req_cachep)
866 goto out;
867
868 err = misc_register(&fuse_miscdevice);
869 if (err)
870 goto out_cache_clean;
871
872 return 0;
873
874 out_cache_clean:
875 kmem_cache_destroy(fuse_req_cachep);
876 out:
877 return err;
878}
879
880void fuse_dev_cleanup(void)
881{
882 misc_deregister(&fuse_miscdevice);
883 kmem_cache_destroy(fuse_req_cachep);
884}