Commit | Line | Data |
---|---|---|
334f485d MS |
1 | /* |
2 | FUSE: Filesystem in Userspace | |
3 | Copyright (C) 2001-2005 Miklos Szeredi <miklos@szeredi.hu> | |
4 | ||
5 | This program can be distributed under the terms of the GNU GPL. | |
6 | See the file COPYING. | |
7 | */ | |
8 | ||
9 | #include "fuse_i.h" | |
10 | ||
11 | #include <linux/init.h> | |
12 | #include <linux/module.h> | |
13 | #include <linux/poll.h> | |
14 | #include <linux/uio.h> | |
15 | #include <linux/miscdevice.h> | |
16 | #include <linux/pagemap.h> | |
17 | #include <linux/file.h> | |
18 | #include <linux/slab.h> | |
19 | ||
20 | MODULE_ALIAS_MISCDEV(FUSE_MINOR); | |
21 | ||
22 | static kmem_cache_t *fuse_req_cachep; | |
23 | ||
8bfc016d | 24 | static struct fuse_conn *fuse_get_conn(struct file *file) |
334f485d MS |
25 | { |
26 | struct fuse_conn *fc; | |
27 | spin_lock(&fuse_lock); | |
28 | fc = file->private_data; | |
1e9a4ed9 | 29 | if (fc && !fc->mounted) |
334f485d MS |
30 | fc = NULL; |
31 | spin_unlock(&fuse_lock); | |
32 | return fc; | |
33 | } | |
34 | ||
8bfc016d | 35 | static void fuse_request_init(struct fuse_req *req) |
334f485d MS |
36 | { |
37 | memset(req, 0, sizeof(*req)); | |
38 | INIT_LIST_HEAD(&req->list); | |
39 | init_waitqueue_head(&req->waitq); | |
40 | atomic_set(&req->count, 1); | |
41 | } | |
42 | ||
43 | struct fuse_req *fuse_request_alloc(void) | |
44 | { | |
45 | struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, SLAB_KERNEL); | |
46 | if (req) | |
47 | fuse_request_init(req); | |
48 | return req; | |
49 | } | |
50 | ||
51 | void fuse_request_free(struct fuse_req *req) | |
52 | { | |
53 | kmem_cache_free(fuse_req_cachep, req); | |
54 | } | |
55 | ||
8bfc016d | 56 | static void block_sigs(sigset_t *oldset) |
334f485d MS |
57 | { |
58 | sigset_t mask; | |
59 | ||
60 | siginitsetinv(&mask, sigmask(SIGKILL)); | |
61 | sigprocmask(SIG_BLOCK, &mask, oldset); | |
62 | } | |
63 | ||
8bfc016d | 64 | static void restore_sigs(sigset_t *oldset) |
334f485d MS |
65 | { |
66 | sigprocmask(SIG_SETMASK, oldset, NULL); | |
67 | } | |
68 | ||
69 | void fuse_reset_request(struct fuse_req *req) | |
70 | { | |
71 | int preallocated = req->preallocated; | |
72 | BUG_ON(atomic_read(&req->count) != 1); | |
73 | fuse_request_init(req); | |
74 | req->preallocated = preallocated; | |
75 | } | |
76 | ||
77 | static void __fuse_get_request(struct fuse_req *req) | |
78 | { | |
79 | atomic_inc(&req->count); | |
80 | } | |
81 | ||
82 | /* Must be called with > 1 refcount */ | |
83 | static void __fuse_put_request(struct fuse_req *req) | |
84 | { | |
85 | BUG_ON(atomic_read(&req->count) < 2); | |
86 | atomic_dec(&req->count); | |
87 | } | |
88 | ||
89 | static struct fuse_req *do_get_request(struct fuse_conn *fc) | |
90 | { | |
91 | struct fuse_req *req; | |
92 | ||
93 | spin_lock(&fuse_lock); | |
94 | BUG_ON(list_empty(&fc->unused_list)); | |
95 | req = list_entry(fc->unused_list.next, struct fuse_req, list); | |
96 | list_del_init(&req->list); | |
97 | spin_unlock(&fuse_lock); | |
98 | fuse_request_init(req); | |
99 | req->preallocated = 1; | |
100 | req->in.h.uid = current->fsuid; | |
101 | req->in.h.gid = current->fsgid; | |
102 | req->in.h.pid = current->pid; | |
103 | return req; | |
104 | } | |
105 | ||
7c352bdf | 106 | /* This can return NULL, but only in case it's interrupted by a SIGKILL */ |
334f485d | 107 | struct fuse_req *fuse_get_request(struct fuse_conn *fc) |
334f485d MS |
108 | { |
109 | int intr; | |
110 | sigset_t oldset; | |
111 | ||
112 | block_sigs(&oldset); | |
113 | intr = down_interruptible(&fc->outstanding_sem); | |
114 | restore_sigs(&oldset); | |
115 | return intr ? NULL : do_get_request(fc); | |
116 | } | |
117 | ||
118 | static void fuse_putback_request(struct fuse_conn *fc, struct fuse_req *req) | |
119 | { | |
120 | spin_lock(&fuse_lock); | |
121 | if (req->preallocated) | |
122 | list_add(&req->list, &fc->unused_list); | |
123 | else | |
124 | fuse_request_free(req); | |
125 | ||
126 | /* If we are in debt decrease that first */ | |
127 | if (fc->outstanding_debt) | |
128 | fc->outstanding_debt--; | |
129 | else | |
130 | up(&fc->outstanding_sem); | |
131 | spin_unlock(&fuse_lock); | |
132 | } | |
133 | ||
134 | void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req) | |
135 | { | |
136 | if (atomic_dec_and_test(&req->count)) | |
137 | fuse_putback_request(fc, req); | |
138 | } | |
139 | ||
1e9a4ed9 MS |
140 | void fuse_release_background(struct fuse_req *req) |
141 | { | |
142 | iput(req->inode); | |
143 | iput(req->inode2); | |
144 | if (req->file) | |
145 | fput(req->file); | |
146 | spin_lock(&fuse_lock); | |
147 | list_del(&req->bg_entry); | |
148 | spin_unlock(&fuse_lock); | |
149 | } | |
150 | ||
3ec870d5 MS |
151 | static void process_init_reply(struct fuse_conn *fc, struct fuse_req *req) |
152 | { | |
153 | int i; | |
154 | struct fuse_init_out *arg = &req->misc.init_out; | |
155 | ||
b3bebd94 | 156 | if (req->out.h.error || arg->major != FUSE_KERNEL_VERSION) |
3ec870d5 MS |
157 | fc->conn_error = 1; |
158 | else { | |
159 | fc->minor = arg->minor; | |
160 | fc->max_write = arg->minor < 5 ? 4096 : arg->max_write; | |
161 | } | |
162 | ||
163 | /* After INIT reply is received other requests can go | |
164 | out. So do (FUSE_MAX_OUTSTANDING - 1) number of | |
165 | up()s on outstanding_sem. The last up() is done in | |
166 | fuse_putback_request() */ | |
167 | for (i = 1; i < FUSE_MAX_OUTSTANDING; i++) | |
168 | up(&fc->outstanding_sem); | |
169 | } | |
170 | ||
334f485d MS |
171 | /* |
172 | * This function is called when a request is finished. Either a reply | |
173 | * has arrived or it was interrupted (and not yet sent) or some error | |
f43b155a MS |
174 | * occurred during communication with userspace, or the device file |
175 | * was closed. In case of a background request the reference to the | |
176 | * stored objects are released. The requester thread is woken up (if | |
177 | * still waiting), and finally the reference to the request is | |
178 | * released | |
334f485d MS |
179 | * |
180 | * Called with fuse_lock, unlocks it | |
181 | */ | |
182 | static void request_end(struct fuse_conn *fc, struct fuse_req *req) | |
183 | { | |
83cfd493 | 184 | req->state = FUSE_REQ_FINISHED; |
334f485d MS |
185 | spin_unlock(&fuse_lock); |
186 | if (req->background) { | |
1e9a4ed9 MS |
187 | down_read(&fc->sbput_sem); |
188 | if (fc->mounted) | |
189 | fuse_release_background(req); | |
190 | up_read(&fc->sbput_sem); | |
334f485d MS |
191 | } |
192 | wake_up(&req->waitq); | |
3ec870d5 MS |
193 | if (req->in.h.opcode == FUSE_INIT) |
194 | process_init_reply(fc, req); | |
195 | else if (req->in.h.opcode == FUSE_RELEASE && req->inode == NULL) { | |
fd72faac MS |
196 | /* Special case for failed iget in CREATE */ |
197 | u64 nodeid = req->in.h.nodeid; | |
fd72faac MS |
198 | fuse_reset_request(req); |
199 | fuse_send_forget(fc, req, nodeid, 1); | |
f43b155a | 200 | return; |
334f485d | 201 | } |
f43b155a | 202 | fuse_put_request(fc, req); |
334f485d MS |
203 | } |
204 | ||
1e9a4ed9 MS |
205 | /* |
206 | * Unfortunately request interruption not just solves the deadlock | |
207 | * problem, it causes problems too. These stem from the fact, that an | |
208 | * interrupted request is continued to be processed in userspace, | |
209 | * while all the locks and object references (inode and file) held | |
210 | * during the operation are released. | |
211 | * | |
212 | * To release the locks is exactly why there's a need to interrupt the | |
213 | * request, so there's not a lot that can be done about this, except | |
214 | * introduce additional locking in userspace. | |
215 | * | |
216 | * More important is to keep inode and file references until userspace | |
217 | * has replied, otherwise FORGET and RELEASE could be sent while the | |
218 | * inode/file is still used by the filesystem. | |
219 | * | |
220 | * For this reason the concept of "background" request is introduced. | |
221 | * An interrupted request is backgrounded if it has been already sent | |
222 | * to userspace. Backgrounding involves getting an extra reference to | |
223 | * inode(s) or file used in the request, and adding the request to | |
224 | * fc->background list. When a reply is received for a background | |
225 | * request, the object references are released, and the request is | |
226 | * removed from the list. If the filesystem is unmounted while there | |
227 | * are still background requests, the list is walked and references | |
228 | * are released as if a reply was received. | |
229 | * | |
230 | * There's one more use for a background request. The RELEASE message is | |
231 | * always sent as background, since it doesn't return an error or | |
232 | * data. | |
233 | */ | |
234 | static void background_request(struct fuse_conn *fc, struct fuse_req *req) | |
334f485d | 235 | { |
334f485d | 236 | req->background = 1; |
1e9a4ed9 | 237 | list_add(&req->bg_entry, &fc->background); |
334f485d MS |
238 | if (req->inode) |
239 | req->inode = igrab(req->inode); | |
240 | if (req->inode2) | |
241 | req->inode2 = igrab(req->inode2); | |
242 | if (req->file) | |
243 | get_file(req->file); | |
244 | } | |
245 | ||
334f485d | 246 | /* Called with fuse_lock held. Releases, and then reacquires it. */ |
7c352bdf | 247 | static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req) |
334f485d | 248 | { |
7c352bdf | 249 | sigset_t oldset; |
334f485d MS |
250 | |
251 | spin_unlock(&fuse_lock); | |
7c352bdf | 252 | block_sigs(&oldset); |
83cfd493 | 253 | wait_event_interruptible(req->waitq, req->state == FUSE_REQ_FINISHED); |
7c352bdf | 254 | restore_sigs(&oldset); |
334f485d | 255 | spin_lock(&fuse_lock); |
83cfd493 | 256 | if (req->state == FUSE_REQ_FINISHED) |
334f485d MS |
257 | return; |
258 | ||
7c352bdf | 259 | req->out.h.error = -EINTR; |
334f485d MS |
260 | req->interrupted = 1; |
261 | if (req->locked) { | |
262 | /* This is uninterruptible sleep, because data is | |
263 | being copied to/from the buffers of req. During | |
264 | locked state, there mustn't be any filesystem | |
265 | operation (e.g. page fault), since that could lead | |
266 | to deadlock */ | |
267 | spin_unlock(&fuse_lock); | |
268 | wait_event(req->waitq, !req->locked); | |
269 | spin_lock(&fuse_lock); | |
270 | } | |
83cfd493 | 271 | if (req->state == FUSE_REQ_PENDING) { |
334f485d MS |
272 | list_del(&req->list); |
273 | __fuse_put_request(req); | |
83cfd493 | 274 | } else if (req->state == FUSE_REQ_SENT) |
1e9a4ed9 | 275 | background_request(fc, req); |
334f485d MS |
276 | } |
277 | ||
278 | static unsigned len_args(unsigned numargs, struct fuse_arg *args) | |
279 | { | |
280 | unsigned nbytes = 0; | |
281 | unsigned i; | |
282 | ||
283 | for (i = 0; i < numargs; i++) | |
284 | nbytes += args[i].size; | |
285 | ||
286 | return nbytes; | |
287 | } | |
288 | ||
289 | static void queue_request(struct fuse_conn *fc, struct fuse_req *req) | |
290 | { | |
291 | fc->reqctr++; | |
292 | /* zero is special */ | |
293 | if (fc->reqctr == 0) | |
294 | fc->reqctr = 1; | |
295 | req->in.h.unique = fc->reqctr; | |
296 | req->in.h.len = sizeof(struct fuse_in_header) + | |
297 | len_args(req->in.numargs, (struct fuse_arg *) req->in.args); | |
298 | if (!req->preallocated) { | |
299 | /* If request is not preallocated (either FORGET or | |
300 | RELEASE), then still decrease outstanding_sem, so | |
301 | user can't open infinite number of files while not | |
302 | processing the RELEASE requests. However for | |
303 | efficiency do it without blocking, so if down() | |
304 | would block, just increase the debt instead */ | |
305 | if (down_trylock(&fc->outstanding_sem)) | |
306 | fc->outstanding_debt++; | |
307 | } | |
308 | list_add_tail(&req->list, &fc->pending); | |
83cfd493 | 309 | req->state = FUSE_REQ_PENDING; |
334f485d MS |
310 | wake_up(&fc->waitq); |
311 | } | |
312 | ||
7c352bdf MS |
313 | /* |
314 | * This can only be interrupted by a SIGKILL | |
315 | */ | |
316 | void request_send(struct fuse_conn *fc, struct fuse_req *req) | |
334f485d MS |
317 | { |
318 | req->isreply = 1; | |
319 | spin_lock(&fuse_lock); | |
1e9a4ed9 | 320 | if (!fc->connected) |
334f485d MS |
321 | req->out.h.error = -ENOTCONN; |
322 | else if (fc->conn_error) | |
323 | req->out.h.error = -ECONNREFUSED; | |
324 | else { | |
325 | queue_request(fc, req); | |
326 | /* acquire extra reference, since request is still needed | |
327 | after request_end() */ | |
328 | __fuse_get_request(req); | |
329 | ||
7c352bdf | 330 | request_wait_answer(fc, req); |
334f485d MS |
331 | } |
332 | spin_unlock(&fuse_lock); | |
333 | } | |
334 | ||
334f485d MS |
335 | static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req) |
336 | { | |
337 | spin_lock(&fuse_lock); | |
1e9a4ed9 | 338 | if (fc->connected) { |
334f485d MS |
339 | queue_request(fc, req); |
340 | spin_unlock(&fuse_lock); | |
341 | } else { | |
342 | req->out.h.error = -ENOTCONN; | |
343 | request_end(fc, req); | |
344 | } | |
345 | } | |
346 | ||
347 | void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req) | |
348 | { | |
349 | req->isreply = 0; | |
350 | request_send_nowait(fc, req); | |
351 | } | |
352 | ||
353 | void request_send_background(struct fuse_conn *fc, struct fuse_req *req) | |
354 | { | |
355 | req->isreply = 1; | |
1e9a4ed9 MS |
356 | spin_lock(&fuse_lock); |
357 | background_request(fc, req); | |
358 | spin_unlock(&fuse_lock); | |
334f485d MS |
359 | request_send_nowait(fc, req); |
360 | } | |
361 | ||
362 | void fuse_send_init(struct fuse_conn *fc) | |
363 | { | |
364 | /* This is called from fuse_read_super() so there's guaranteed | |
6383bdaa MS |
365 | to be exactly one request available */ |
366 | struct fuse_req *req = fuse_get_request(fc); | |
3ec870d5 | 367 | struct fuse_init_in *arg = &req->misc.init_in; |
334f485d MS |
368 | arg->major = FUSE_KERNEL_VERSION; |
369 | arg->minor = FUSE_KERNEL_MINOR_VERSION; | |
370 | req->in.h.opcode = FUSE_INIT; | |
371 | req->in.numargs = 1; | |
372 | req->in.args[0].size = sizeof(*arg); | |
373 | req->in.args[0].value = arg; | |
374 | req->out.numargs = 1; | |
3ec870d5 MS |
375 | /* Variable length arguement used for backward compatibility |
376 | with interface version < 7.5. Rest of init_out is zeroed | |
377 | by do_get_request(), so a short reply is not a problem */ | |
378 | req->out.argvar = 1; | |
379 | req->out.args[0].size = sizeof(struct fuse_init_out); | |
380 | req->out.args[0].value = &req->misc.init_out; | |
334f485d MS |
381 | request_send_background(fc, req); |
382 | } | |
383 | ||
384 | /* | |
385 | * Lock the request. Up to the next unlock_request() there mustn't be | |
386 | * anything that could cause a page-fault. If the request was already | |
387 | * interrupted bail out. | |
388 | */ | |
8bfc016d | 389 | static int lock_request(struct fuse_req *req) |
334f485d MS |
390 | { |
391 | int err = 0; | |
392 | if (req) { | |
393 | spin_lock(&fuse_lock); | |
394 | if (req->interrupted) | |
395 | err = -ENOENT; | |
396 | else | |
397 | req->locked = 1; | |
398 | spin_unlock(&fuse_lock); | |
399 | } | |
400 | return err; | |
401 | } | |
402 | ||
403 | /* | |
404 | * Unlock request. If it was interrupted during being locked, the | |
405 | * requester thread is currently waiting for it to be unlocked, so | |
406 | * wake it up. | |
407 | */ | |
8bfc016d | 408 | static void unlock_request(struct fuse_req *req) |
334f485d MS |
409 | { |
410 | if (req) { | |
411 | spin_lock(&fuse_lock); | |
412 | req->locked = 0; | |
413 | if (req->interrupted) | |
414 | wake_up(&req->waitq); | |
415 | spin_unlock(&fuse_lock); | |
416 | } | |
417 | } | |
418 | ||
419 | struct fuse_copy_state { | |
420 | int write; | |
421 | struct fuse_req *req; | |
422 | const struct iovec *iov; | |
423 | unsigned long nr_segs; | |
424 | unsigned long seglen; | |
425 | unsigned long addr; | |
426 | struct page *pg; | |
427 | void *mapaddr; | |
428 | void *buf; | |
429 | unsigned len; | |
430 | }; | |
431 | ||
432 | static void fuse_copy_init(struct fuse_copy_state *cs, int write, | |
433 | struct fuse_req *req, const struct iovec *iov, | |
434 | unsigned long nr_segs) | |
435 | { | |
436 | memset(cs, 0, sizeof(*cs)); | |
437 | cs->write = write; | |
438 | cs->req = req; | |
439 | cs->iov = iov; | |
440 | cs->nr_segs = nr_segs; | |
441 | } | |
442 | ||
443 | /* Unmap and put previous page of userspace buffer */ | |
8bfc016d | 444 | static void fuse_copy_finish(struct fuse_copy_state *cs) |
334f485d MS |
445 | { |
446 | if (cs->mapaddr) { | |
447 | kunmap_atomic(cs->mapaddr, KM_USER0); | |
448 | if (cs->write) { | |
449 | flush_dcache_page(cs->pg); | |
450 | set_page_dirty_lock(cs->pg); | |
451 | } | |
452 | put_page(cs->pg); | |
453 | cs->mapaddr = NULL; | |
454 | } | |
455 | } | |
456 | ||
457 | /* | |
458 | * Get another pagefull of userspace buffer, and map it to kernel | |
459 | * address space, and lock request | |
460 | */ | |
461 | static int fuse_copy_fill(struct fuse_copy_state *cs) | |
462 | { | |
463 | unsigned long offset; | |
464 | int err; | |
465 | ||
466 | unlock_request(cs->req); | |
467 | fuse_copy_finish(cs); | |
468 | if (!cs->seglen) { | |
469 | BUG_ON(!cs->nr_segs); | |
470 | cs->seglen = cs->iov[0].iov_len; | |
471 | cs->addr = (unsigned long) cs->iov[0].iov_base; | |
472 | cs->iov ++; | |
473 | cs->nr_segs --; | |
474 | } | |
475 | down_read(¤t->mm->mmap_sem); | |
476 | err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0, | |
477 | &cs->pg, NULL); | |
478 | up_read(¤t->mm->mmap_sem); | |
479 | if (err < 0) | |
480 | return err; | |
481 | BUG_ON(err != 1); | |
482 | offset = cs->addr % PAGE_SIZE; | |
483 | cs->mapaddr = kmap_atomic(cs->pg, KM_USER0); | |
484 | cs->buf = cs->mapaddr + offset; | |
485 | cs->len = min(PAGE_SIZE - offset, cs->seglen); | |
486 | cs->seglen -= cs->len; | |
487 | cs->addr += cs->len; | |
488 | ||
489 | return lock_request(cs->req); | |
490 | } | |
491 | ||
492 | /* Do as much copy to/from userspace buffer as we can */ | |
8bfc016d | 493 | static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size) |
334f485d MS |
494 | { |
495 | unsigned ncpy = min(*size, cs->len); | |
496 | if (val) { | |
497 | if (cs->write) | |
498 | memcpy(cs->buf, *val, ncpy); | |
499 | else | |
500 | memcpy(*val, cs->buf, ncpy); | |
501 | *val += ncpy; | |
502 | } | |
503 | *size -= ncpy; | |
504 | cs->len -= ncpy; | |
505 | cs->buf += ncpy; | |
506 | return ncpy; | |
507 | } | |
508 | ||
509 | /* | |
510 | * Copy a page in the request to/from the userspace buffer. Must be | |
511 | * done atomically | |
512 | */ | |
8bfc016d MS |
513 | static int fuse_copy_page(struct fuse_copy_state *cs, struct page *page, |
514 | unsigned offset, unsigned count, int zeroing) | |
334f485d MS |
515 | { |
516 | if (page && zeroing && count < PAGE_SIZE) { | |
517 | void *mapaddr = kmap_atomic(page, KM_USER1); | |
518 | memset(mapaddr, 0, PAGE_SIZE); | |
519 | kunmap_atomic(mapaddr, KM_USER1); | |
520 | } | |
521 | while (count) { | |
522 | int err; | |
523 | if (!cs->len && (err = fuse_copy_fill(cs))) | |
524 | return err; | |
525 | if (page) { | |
526 | void *mapaddr = kmap_atomic(page, KM_USER1); | |
527 | void *buf = mapaddr + offset; | |
528 | offset += fuse_copy_do(cs, &buf, &count); | |
529 | kunmap_atomic(mapaddr, KM_USER1); | |
530 | } else | |
531 | offset += fuse_copy_do(cs, NULL, &count); | |
532 | } | |
533 | if (page && !cs->write) | |
534 | flush_dcache_page(page); | |
535 | return 0; | |
536 | } | |
537 | ||
538 | /* Copy pages in the request to/from userspace buffer */ | |
539 | static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes, | |
540 | int zeroing) | |
541 | { | |
542 | unsigned i; | |
543 | struct fuse_req *req = cs->req; | |
544 | unsigned offset = req->page_offset; | |
545 | unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset); | |
546 | ||
547 | for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) { | |
548 | struct page *page = req->pages[i]; | |
549 | int err = fuse_copy_page(cs, page, offset, count, zeroing); | |
550 | if (err) | |
551 | return err; | |
552 | ||
553 | nbytes -= count; | |
554 | count = min(nbytes, (unsigned) PAGE_SIZE); | |
555 | offset = 0; | |
556 | } | |
557 | return 0; | |
558 | } | |
559 | ||
560 | /* Copy a single argument in the request to/from userspace buffer */ | |
561 | static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size) | |
562 | { | |
563 | while (size) { | |
564 | int err; | |
565 | if (!cs->len && (err = fuse_copy_fill(cs))) | |
566 | return err; | |
567 | fuse_copy_do(cs, &val, &size); | |
568 | } | |
569 | return 0; | |
570 | } | |
571 | ||
572 | /* Copy request arguments to/from userspace buffer */ | |
573 | static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs, | |
574 | unsigned argpages, struct fuse_arg *args, | |
575 | int zeroing) | |
576 | { | |
577 | int err = 0; | |
578 | unsigned i; | |
579 | ||
580 | for (i = 0; !err && i < numargs; i++) { | |
581 | struct fuse_arg *arg = &args[i]; | |
582 | if (i == numargs - 1 && argpages) | |
583 | err = fuse_copy_pages(cs, arg->size, zeroing); | |
584 | else | |
585 | err = fuse_copy_one(cs, arg->value, arg->size); | |
586 | } | |
587 | return err; | |
588 | } | |
589 | ||
590 | /* Wait until a request is available on the pending list */ | |
591 | static void request_wait(struct fuse_conn *fc) | |
592 | { | |
593 | DECLARE_WAITQUEUE(wait, current); | |
594 | ||
595 | add_wait_queue_exclusive(&fc->waitq, &wait); | |
1e9a4ed9 | 596 | while (fc->mounted && list_empty(&fc->pending)) { |
334f485d MS |
597 | set_current_state(TASK_INTERRUPTIBLE); |
598 | if (signal_pending(current)) | |
599 | break; | |
600 | ||
601 | spin_unlock(&fuse_lock); | |
602 | schedule(); | |
603 | spin_lock(&fuse_lock); | |
604 | } | |
605 | set_current_state(TASK_RUNNING); | |
606 | remove_wait_queue(&fc->waitq, &wait); | |
607 | } | |
608 | ||
609 | /* | |
610 | * Read a single request into the userspace filesystem's buffer. This | |
611 | * function waits until a request is available, then removes it from | |
612 | * the pending list and copies request data to userspace buffer. If | |
613 | * no reply is needed (FORGET) or request has been interrupted or | |
614 | * there was an error during the copying then it's finished by calling | |
615 | * request_end(). Otherwise add it to the processing list, and set | |
616 | * the 'sent' flag. | |
617 | */ | |
618 | static ssize_t fuse_dev_readv(struct file *file, const struct iovec *iov, | |
619 | unsigned long nr_segs, loff_t *off) | |
620 | { | |
621 | int err; | |
622 | struct fuse_conn *fc; | |
623 | struct fuse_req *req; | |
624 | struct fuse_in *in; | |
625 | struct fuse_copy_state cs; | |
626 | unsigned reqsize; | |
627 | ||
1d3d752b | 628 | restart: |
334f485d MS |
629 | spin_lock(&fuse_lock); |
630 | fc = file->private_data; | |
631 | err = -EPERM; | |
632 | if (!fc) | |
633 | goto err_unlock; | |
634 | request_wait(fc); | |
635 | err = -ENODEV; | |
1e9a4ed9 | 636 | if (!fc->mounted) |
334f485d MS |
637 | goto err_unlock; |
638 | err = -ERESTARTSYS; | |
639 | if (list_empty(&fc->pending)) | |
640 | goto err_unlock; | |
641 | ||
642 | req = list_entry(fc->pending.next, struct fuse_req, list); | |
83cfd493 | 643 | req->state = FUSE_REQ_READING; |
334f485d | 644 | list_del_init(&req->list); |
334f485d MS |
645 | |
646 | in = &req->in; | |
1d3d752b MS |
647 | reqsize = in->h.len; |
648 | /* If request is too large, reply with an error and restart the read */ | |
649 | if (iov_length(iov, nr_segs) < reqsize) { | |
650 | req->out.h.error = -EIO; | |
651 | /* SETXATTR is special, since it may contain too large data */ | |
652 | if (in->h.opcode == FUSE_SETXATTR) | |
653 | req->out.h.error = -E2BIG; | |
654 | request_end(fc, req); | |
655 | goto restart; | |
334f485d | 656 | } |
1d3d752b MS |
657 | spin_unlock(&fuse_lock); |
658 | fuse_copy_init(&cs, 1, req, iov, nr_segs); | |
659 | err = fuse_copy_one(&cs, &in->h, sizeof(in->h)); | |
660 | if (!err) | |
661 | err = fuse_copy_args(&cs, in->numargs, in->argpages, | |
662 | (struct fuse_arg *) in->args, 0); | |
334f485d | 663 | fuse_copy_finish(&cs); |
334f485d MS |
664 | spin_lock(&fuse_lock); |
665 | req->locked = 0; | |
666 | if (!err && req->interrupted) | |
667 | err = -ENOENT; | |
668 | if (err) { | |
669 | if (!req->interrupted) | |
670 | req->out.h.error = -EIO; | |
671 | request_end(fc, req); | |
672 | return err; | |
673 | } | |
674 | if (!req->isreply) | |
675 | request_end(fc, req); | |
676 | else { | |
83cfd493 | 677 | req->state = FUSE_REQ_SENT; |
334f485d MS |
678 | list_add_tail(&req->list, &fc->processing); |
679 | spin_unlock(&fuse_lock); | |
680 | } | |
681 | return reqsize; | |
682 | ||
683 | err_unlock: | |
684 | spin_unlock(&fuse_lock); | |
685 | return err; | |
686 | } | |
687 | ||
688 | static ssize_t fuse_dev_read(struct file *file, char __user *buf, | |
689 | size_t nbytes, loff_t *off) | |
690 | { | |
691 | struct iovec iov; | |
692 | iov.iov_len = nbytes; | |
693 | iov.iov_base = buf; | |
694 | return fuse_dev_readv(file, &iov, 1, off); | |
695 | } | |
696 | ||
697 | /* Look up request on processing list by unique ID */ | |
698 | static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique) | |
699 | { | |
700 | struct list_head *entry; | |
701 | ||
702 | list_for_each(entry, &fc->processing) { | |
703 | struct fuse_req *req; | |
704 | req = list_entry(entry, struct fuse_req, list); | |
705 | if (req->in.h.unique == unique) | |
706 | return req; | |
707 | } | |
708 | return NULL; | |
709 | } | |
710 | ||
711 | static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out, | |
712 | unsigned nbytes) | |
713 | { | |
714 | unsigned reqsize = sizeof(struct fuse_out_header); | |
715 | ||
716 | if (out->h.error) | |
717 | return nbytes != reqsize ? -EINVAL : 0; | |
718 | ||
719 | reqsize += len_args(out->numargs, out->args); | |
720 | ||
721 | if (reqsize < nbytes || (reqsize > nbytes && !out->argvar)) | |
722 | return -EINVAL; | |
723 | else if (reqsize > nbytes) { | |
724 | struct fuse_arg *lastarg = &out->args[out->numargs-1]; | |
725 | unsigned diffsize = reqsize - nbytes; | |
726 | if (diffsize > lastarg->size) | |
727 | return -EINVAL; | |
728 | lastarg->size -= diffsize; | |
729 | } | |
730 | return fuse_copy_args(cs, out->numargs, out->argpages, out->args, | |
731 | out->page_zeroing); | |
732 | } | |
733 | ||
734 | /* | |
735 | * Write a single reply to a request. First the header is copied from | |
736 | * the write buffer. The request is then searched on the processing | |
737 | * list by the unique ID found in the header. If found, then remove | |
738 | * it from the list and copy the rest of the buffer to the request. | |
739 | * The request is finished by calling request_end() | |
740 | */ | |
741 | static ssize_t fuse_dev_writev(struct file *file, const struct iovec *iov, | |
742 | unsigned long nr_segs, loff_t *off) | |
743 | { | |
744 | int err; | |
745 | unsigned nbytes = iov_length(iov, nr_segs); | |
746 | struct fuse_req *req; | |
747 | struct fuse_out_header oh; | |
748 | struct fuse_copy_state cs; | |
749 | struct fuse_conn *fc = fuse_get_conn(file); | |
750 | if (!fc) | |
751 | return -ENODEV; | |
752 | ||
753 | fuse_copy_init(&cs, 0, NULL, iov, nr_segs); | |
754 | if (nbytes < sizeof(struct fuse_out_header)) | |
755 | return -EINVAL; | |
756 | ||
757 | err = fuse_copy_one(&cs, &oh, sizeof(oh)); | |
758 | if (err) | |
759 | goto err_finish; | |
760 | err = -EINVAL; | |
761 | if (!oh.unique || oh.error <= -1000 || oh.error > 0 || | |
762 | oh.len != nbytes) | |
763 | goto err_finish; | |
764 | ||
765 | spin_lock(&fuse_lock); | |
766 | req = request_find(fc, oh.unique); | |
767 | err = -EINVAL; | |
768 | if (!req) | |
769 | goto err_unlock; | |
770 | ||
771 | list_del_init(&req->list); | |
772 | if (req->interrupted) { | |
222f1d69 | 773 | spin_unlock(&fuse_lock); |
334f485d | 774 | fuse_copy_finish(&cs); |
222f1d69 MS |
775 | spin_lock(&fuse_lock); |
776 | request_end(fc, req); | |
334f485d MS |
777 | return -ENOENT; |
778 | } | |
779 | req->out.h = oh; | |
780 | req->locked = 1; | |
781 | cs.req = req; | |
782 | spin_unlock(&fuse_lock); | |
783 | ||
784 | err = copy_out_args(&cs, &req->out, nbytes); | |
785 | fuse_copy_finish(&cs); | |
786 | ||
787 | spin_lock(&fuse_lock); | |
788 | req->locked = 0; | |
789 | if (!err) { | |
790 | if (req->interrupted) | |
791 | err = -ENOENT; | |
792 | } else if (!req->interrupted) | |
793 | req->out.h.error = -EIO; | |
794 | request_end(fc, req); | |
795 | ||
796 | return err ? err : nbytes; | |
797 | ||
798 | err_unlock: | |
799 | spin_unlock(&fuse_lock); | |
800 | err_finish: | |
801 | fuse_copy_finish(&cs); | |
802 | return err; | |
803 | } | |
804 | ||
805 | static ssize_t fuse_dev_write(struct file *file, const char __user *buf, | |
806 | size_t nbytes, loff_t *off) | |
807 | { | |
808 | struct iovec iov; | |
809 | iov.iov_len = nbytes; | |
810 | iov.iov_base = (char __user *) buf; | |
811 | return fuse_dev_writev(file, &iov, 1, off); | |
812 | } | |
813 | ||
814 | static unsigned fuse_dev_poll(struct file *file, poll_table *wait) | |
815 | { | |
816 | struct fuse_conn *fc = fuse_get_conn(file); | |
817 | unsigned mask = POLLOUT | POLLWRNORM; | |
818 | ||
819 | if (!fc) | |
820 | return -ENODEV; | |
821 | ||
822 | poll_wait(file, &fc->waitq, wait); | |
823 | ||
824 | spin_lock(&fuse_lock); | |
825 | if (!list_empty(&fc->pending)) | |
826 | mask |= POLLIN | POLLRDNORM; | |
827 | spin_unlock(&fuse_lock); | |
828 | ||
829 | return mask; | |
830 | } | |
831 | ||
832 | /* Abort all requests on the given list (pending or processing) */ | |
833 | static void end_requests(struct fuse_conn *fc, struct list_head *head) | |
834 | { | |
835 | while (!list_empty(head)) { | |
836 | struct fuse_req *req; | |
837 | req = list_entry(head->next, struct fuse_req, list); | |
838 | list_del_init(&req->list); | |
839 | req->out.h.error = -ECONNABORTED; | |
840 | request_end(fc, req); | |
841 | spin_lock(&fuse_lock); | |
842 | } | |
843 | } | |
844 | ||
845 | static int fuse_dev_release(struct inode *inode, struct file *file) | |
846 | { | |
847 | struct fuse_conn *fc; | |
848 | ||
849 | spin_lock(&fuse_lock); | |
850 | fc = file->private_data; | |
851 | if (fc) { | |
1e9a4ed9 | 852 | fc->connected = 0; |
334f485d MS |
853 | end_requests(fc, &fc->pending); |
854 | end_requests(fc, &fc->processing); | |
855 | fuse_release_conn(fc); | |
856 | } | |
857 | spin_unlock(&fuse_lock); | |
858 | return 0; | |
859 | } | |
860 | ||
861 | struct file_operations fuse_dev_operations = { | |
862 | .owner = THIS_MODULE, | |
863 | .llseek = no_llseek, | |
864 | .read = fuse_dev_read, | |
865 | .readv = fuse_dev_readv, | |
866 | .write = fuse_dev_write, | |
867 | .writev = fuse_dev_writev, | |
868 | .poll = fuse_dev_poll, | |
869 | .release = fuse_dev_release, | |
870 | }; | |
871 | ||
872 | static struct miscdevice fuse_miscdevice = { | |
873 | .minor = FUSE_MINOR, | |
874 | .name = "fuse", | |
875 | .fops = &fuse_dev_operations, | |
876 | }; | |
877 | ||
878 | int __init fuse_dev_init(void) | |
879 | { | |
880 | int err = -ENOMEM; | |
881 | fuse_req_cachep = kmem_cache_create("fuse_request", | |
882 | sizeof(struct fuse_req), | |
883 | 0, 0, NULL, NULL); | |
884 | if (!fuse_req_cachep) | |
885 | goto out; | |
886 | ||
887 | err = misc_register(&fuse_miscdevice); | |
888 | if (err) | |
889 | goto out_cache_clean; | |
890 | ||
891 | return 0; | |
892 | ||
893 | out_cache_clean: | |
894 | kmem_cache_destroy(fuse_req_cachep); | |
895 | out: | |
896 | return err; | |
897 | } | |
898 | ||
899 | void fuse_dev_cleanup(void) | |
900 | { | |
901 | misc_deregister(&fuse_miscdevice); | |
902 | kmem_cache_destroy(fuse_req_cachep); | |
903 | } |