tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / fs / fuse / dev.c
at v2.6.18 26 kB view raw
1/* 2 FUSE: Filesystem in Userspace 3 Copyright (C) 2001-2006 Miklos Szeredi <miklos@szeredi.hu> 4 5 This program can be distributed under the terms of the GNU GPL. 6 See the file COPYING. 7*/ 8 9#include "fuse_i.h" 10 11#include <linux/init.h> 12#include <linux/module.h> 13#include <linux/poll.h> 14#include <linux/uio.h> 15#include <linux/miscdevice.h> 16#include <linux/pagemap.h> 17#include <linux/file.h> 18#include <linux/slab.h> 19 20MODULE_ALIAS_MISCDEV(FUSE_MINOR); 21 22static kmem_cache_t *fuse_req_cachep; 23 24static struct fuse_conn *fuse_get_conn(struct file *file) 25{ 26 /* 27 * Lockless access is OK, because file->private data is set 28 * once during mount and is valid until the file is released. 29 */ 30 return file->private_data; 31} 32 33static void fuse_request_init(struct fuse_req *req) 34{ 35 memset(req, 0, sizeof(*req)); 36 INIT_LIST_HEAD(&req->list); 37 INIT_LIST_HEAD(&req->intr_entry); 38 init_waitqueue_head(&req->waitq); 39 atomic_set(&req->count, 1); 40} 41 42struct fuse_req *fuse_request_alloc(void) 43{ 44 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, SLAB_KERNEL); 45 if (req) 46 fuse_request_init(req); 47 return req; 48} 49 50void fuse_request_free(struct fuse_req *req) 51{ 52 kmem_cache_free(fuse_req_cachep, req); 53} 54 55static void block_sigs(sigset_t *oldset) 56{ 57 sigset_t mask; 58 59 siginitsetinv(&mask, sigmask(SIGKILL)); 60 sigprocmask(SIG_BLOCK, &mask, oldset); 61} 62 63static void restore_sigs(sigset_t *oldset) 64{ 65 sigprocmask(SIG_SETMASK, oldset, NULL); 66} 67 68static void __fuse_get_request(struct fuse_req *req) 69{ 70 atomic_inc(&req->count); 71} 72 73/* Must be called with > 1 refcount */ 74static void __fuse_put_request(struct fuse_req *req) 75{ 76 BUG_ON(atomic_read(&req->count) < 2); 77 atomic_dec(&req->count); 78} 79 80static void fuse_req_init_context(struct fuse_req *req) 81{ 82 req->in.h.uid = current->fsuid; 83 req->in.h.gid = current->fsgid; 84 req->in.h.pid = current->pid; 85} 86 87struct fuse_req *fuse_get_req(struct fuse_conn *fc) 88{ 89 struct fuse_req *req; 90 sigset_t oldset; 91 int intr; 92 int err; 93 94 atomic_inc(&fc->num_waiting); 95 block_sigs(&oldset); 96 intr = wait_event_interruptible(fc->blocked_waitq, !fc->blocked); 97 restore_sigs(&oldset); 98 err = -EINTR; 99 if (intr) 100 goto out; 101 102 err = -ENOTCONN; 103 if (!fc->connected) 104 goto out; 105 106 req = fuse_request_alloc(); 107 err = -ENOMEM; 108 if (!req) 109 goto out; 110 111 fuse_req_init_context(req); 112 req->waiting = 1; 113 return req; 114 115 out: 116 atomic_dec(&fc->num_waiting); 117 return ERR_PTR(err); 118} 119 120/* 121 * Return request in fuse_file->reserved_req. However that may 122 * currently be in use. If that is the case, wait for it to become 123 * available. 124 */ 125static struct fuse_req *get_reserved_req(struct fuse_conn *fc, 126 struct file *file) 127{ 128 struct fuse_req *req = NULL; 129 struct fuse_file *ff = file->private_data; 130 131 do { 132 wait_event(fc->blocked_waitq, ff->reserved_req); 133 spin_lock(&fc->lock); 134 if (ff->reserved_req) { 135 req = ff->reserved_req; 136 ff->reserved_req = NULL; 137 get_file(file); 138 req->stolen_file = file; 139 } 140 spin_unlock(&fc->lock); 141 } while (!req); 142 143 return req; 144} 145 146/* 147 * Put stolen request back into fuse_file->reserved_req 148 */ 149static void put_reserved_req(struct fuse_conn *fc, struct fuse_req *req) 150{ 151 struct file *file = req->stolen_file; 152 struct fuse_file *ff = file->private_data; 153 154 spin_lock(&fc->lock); 155 fuse_request_init(req); 156 BUG_ON(ff->reserved_req); 157 ff->reserved_req = req; 158 wake_up(&fc->blocked_waitq); 159 spin_unlock(&fc->lock); 160 fput(file); 161} 162 163/* 164 * Gets a requests for a file operation, always succeeds 165 * 166 * This is used for sending the FLUSH request, which must get to 167 * userspace, due to POSIX locks which may need to be unlocked. 168 * 169 * If allocation fails due to OOM, use the reserved request in 170 * fuse_file. 171 * 172 * This is very unlikely to deadlock accidentally, since the 173 * filesystem should not have it's own file open. If deadlock is 174 * intentional, it can still be broken by "aborting" the filesystem. 175 */ 176struct fuse_req *fuse_get_req_nofail(struct fuse_conn *fc, struct file *file) 177{ 178 struct fuse_req *req; 179 180 atomic_inc(&fc->num_waiting); 181 wait_event(fc->blocked_waitq, !fc->blocked); 182 req = fuse_request_alloc(); 183 if (!req) 184 req = get_reserved_req(fc, file); 185 186 fuse_req_init_context(req); 187 req->waiting = 1; 188 return req; 189} 190 191void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req) 192{ 193 if (atomic_dec_and_test(&req->count)) { 194 if (req->waiting) 195 atomic_dec(&fc->num_waiting); 196 197 if (req->stolen_file) 198 put_reserved_req(fc, req); 199 else 200 fuse_request_free(req); 201 } 202} 203 204/* 205 * This function is called when a request is finished. Either a reply 206 * has arrived or it was aborted (and not yet sent) or some error 207 * occurred during communication with userspace, or the device file 208 * was closed. The requester thread is woken up (if still waiting), 209 * the 'end' callback is called if given, else the reference to the 210 * request is released 211 * 212 * Called with fc->lock, unlocks it 213 */ 214static void request_end(struct fuse_conn *fc, struct fuse_req *req) 215{ 216 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end; 217 req->end = NULL; 218 list_del(&req->list); 219 list_del(&req->intr_entry); 220 req->state = FUSE_REQ_FINISHED; 221 if (req->background) { 222 if (fc->num_background == FUSE_MAX_BACKGROUND) { 223 fc->blocked = 0; 224 wake_up_all(&fc->blocked_waitq); 225 } 226 fc->num_background--; 227 } 228 spin_unlock(&fc->lock); 229 dput(req->dentry); 230 mntput(req->vfsmount); 231 if (req->file) 232 fput(req->file); 233 wake_up(&req->waitq); 234 if (end) 235 end(fc, req); 236 else 237 fuse_put_request(fc, req); 238} 239 240static void wait_answer_interruptible(struct fuse_conn *fc, 241 struct fuse_req *req) 242{ 243 if (signal_pending(current)) 244 return; 245 246 spin_unlock(&fc->lock); 247 wait_event_interruptible(req->waitq, req->state == FUSE_REQ_FINISHED); 248 spin_lock(&fc->lock); 249} 250 251static void queue_interrupt(struct fuse_conn *fc, struct fuse_req *req) 252{ 253 list_add_tail(&req->intr_entry, &fc->interrupts); 254 wake_up(&fc->waitq); 255 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 256} 257 258/* Called with fc->lock held. Releases, and then reacquires it. */ 259static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req) 260{ 261 if (!fc->no_interrupt) { 262 /* Any signal may interrupt this */ 263 wait_answer_interruptible(fc, req); 264 265 if (req->aborted) 266 goto aborted; 267 if (req->state == FUSE_REQ_FINISHED) 268 return; 269 270 req->interrupted = 1; 271 if (req->state == FUSE_REQ_SENT) 272 queue_interrupt(fc, req); 273 } 274 275 if (req->force) { 276 spin_unlock(&fc->lock); 277 wait_event(req->waitq, req->state == FUSE_REQ_FINISHED); 278 spin_lock(&fc->lock); 279 } else { 280 sigset_t oldset; 281 282 /* Only fatal signals may interrupt this */ 283 block_sigs(&oldset); 284 wait_answer_interruptible(fc, req); 285 restore_sigs(&oldset); 286 } 287 288 if (req->aborted) 289 goto aborted; 290 if (req->state == FUSE_REQ_FINISHED) 291 return; 292 293 req->out.h.error = -EINTR; 294 req->aborted = 1; 295 296 aborted: 297 if (req->locked) { 298 /* This is uninterruptible sleep, because data is 299 being copied to/from the buffers of req. During 300 locked state, there mustn't be any filesystem 301 operation (e.g. page fault), since that could lead 302 to deadlock */ 303 spin_unlock(&fc->lock); 304 wait_event(req->waitq, !req->locked); 305 spin_lock(&fc->lock); 306 } 307 if (req->state == FUSE_REQ_PENDING) { 308 list_del(&req->list); 309 __fuse_put_request(req); 310 } else if (req->state == FUSE_REQ_SENT) { 311 spin_unlock(&fc->lock); 312 wait_event(req->waitq, req->state == FUSE_REQ_FINISHED); 313 spin_lock(&fc->lock); 314 } 315} 316 317static unsigned len_args(unsigned numargs, struct fuse_arg *args) 318{ 319 unsigned nbytes = 0; 320 unsigned i; 321 322 for (i = 0; i < numargs; i++) 323 nbytes += args[i].size; 324 325 return nbytes; 326} 327 328static u64 fuse_get_unique(struct fuse_conn *fc) 329 { 330 fc->reqctr++; 331 /* zero is special */ 332 if (fc->reqctr == 0) 333 fc->reqctr = 1; 334 335 return fc->reqctr; 336} 337 338static void queue_request(struct fuse_conn *fc, struct fuse_req *req) 339{ 340 req->in.h.unique = fuse_get_unique(fc); 341 req->in.h.len = sizeof(struct fuse_in_header) + 342 len_args(req->in.numargs, (struct fuse_arg *) req->in.args); 343 list_add_tail(&req->list, &fc->pending); 344 req->state = FUSE_REQ_PENDING; 345 if (!req->waiting) { 346 req->waiting = 1; 347 atomic_inc(&fc->num_waiting); 348 } 349 wake_up(&fc->waitq); 350 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 351} 352 353void request_send(struct fuse_conn *fc, struct fuse_req *req) 354{ 355 req->isreply = 1; 356 spin_lock(&fc->lock); 357 if (!fc->connected) 358 req->out.h.error = -ENOTCONN; 359 else if (fc->conn_error) 360 req->out.h.error = -ECONNREFUSED; 361 else { 362 queue_request(fc, req); 363 /* acquire extra reference, since request is still needed 364 after request_end() */ 365 __fuse_get_request(req); 366 367 request_wait_answer(fc, req); 368 } 369 spin_unlock(&fc->lock); 370} 371 372static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req) 373{ 374 spin_lock(&fc->lock); 375 if (fc->connected) { 376 req->background = 1; 377 fc->num_background++; 378 if (fc->num_background == FUSE_MAX_BACKGROUND) 379 fc->blocked = 1; 380 381 queue_request(fc, req); 382 spin_unlock(&fc->lock); 383 } else { 384 req->out.h.error = -ENOTCONN; 385 request_end(fc, req); 386 } 387} 388 389void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req) 390{ 391 req->isreply = 0; 392 request_send_nowait(fc, req); 393} 394 395void request_send_background(struct fuse_conn *fc, struct fuse_req *req) 396{ 397 req->isreply = 1; 398 request_send_nowait(fc, req); 399} 400 401/* 402 * Lock the request. Up to the next unlock_request() there mustn't be 403 * anything that could cause a page-fault. If the request was already 404 * aborted bail out. 405 */ 406static int lock_request(struct fuse_conn *fc, struct fuse_req *req) 407{ 408 int err = 0; 409 if (req) { 410 spin_lock(&fc->lock); 411 if (req->aborted) 412 err = -ENOENT; 413 else 414 req->locked = 1; 415 spin_unlock(&fc->lock); 416 } 417 return err; 418} 419 420/* 421 * Unlock request. If it was aborted during being locked, the 422 * requester thread is currently waiting for it to be unlocked, so 423 * wake it up. 424 */ 425static void unlock_request(struct fuse_conn *fc, struct fuse_req *req) 426{ 427 if (req) { 428 spin_lock(&fc->lock); 429 req->locked = 0; 430 if (req->aborted) 431 wake_up(&req->waitq); 432 spin_unlock(&fc->lock); 433 } 434} 435 436struct fuse_copy_state { 437 struct fuse_conn *fc; 438 int write; 439 struct fuse_req *req; 440 const struct iovec *iov; 441 unsigned long nr_segs; 442 unsigned long seglen; 443 unsigned long addr; 444 struct page *pg; 445 void *mapaddr; 446 void *buf; 447 unsigned len; 448}; 449 450static void fuse_copy_init(struct fuse_copy_state *cs, struct fuse_conn *fc, 451 int write, struct fuse_req *req, 452 const struct iovec *iov, unsigned long nr_segs) 453{ 454 memset(cs, 0, sizeof(*cs)); 455 cs->fc = fc; 456 cs->write = write; 457 cs->req = req; 458 cs->iov = iov; 459 cs->nr_segs = nr_segs; 460} 461 462/* Unmap and put previous page of userspace buffer */ 463static void fuse_copy_finish(struct fuse_copy_state *cs) 464{ 465 if (cs->mapaddr) { 466 kunmap_atomic(cs->mapaddr, KM_USER0); 467 if (cs->write) { 468 flush_dcache_page(cs->pg); 469 set_page_dirty_lock(cs->pg); 470 } 471 put_page(cs->pg); 472 cs->mapaddr = NULL; 473 } 474} 475 476/* 477 * Get another pagefull of userspace buffer, and map it to kernel 478 * address space, and lock request 479 */ 480static int fuse_copy_fill(struct fuse_copy_state *cs) 481{ 482 unsigned long offset; 483 int err; 484 485 unlock_request(cs->fc, cs->req); 486 fuse_copy_finish(cs); 487 if (!cs->seglen) { 488 BUG_ON(!cs->nr_segs); 489 cs->seglen = cs->iov[0].iov_len; 490 cs->addr = (unsigned long) cs->iov[0].iov_base; 491 cs->iov ++; 492 cs->nr_segs --; 493 } 494 down_read(&current->mm->mmap_sem); 495 err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0, 496 &cs->pg, NULL); 497 up_read(&current->mm->mmap_sem); 498 if (err < 0) 499 return err; 500 BUG_ON(err != 1); 501 offset = cs->addr % PAGE_SIZE; 502 cs->mapaddr = kmap_atomic(cs->pg, KM_USER0); 503 cs->buf = cs->mapaddr + offset; 504 cs->len = min(PAGE_SIZE - offset, cs->seglen); 505 cs->seglen -= cs->len; 506 cs->addr += cs->len; 507 508 return lock_request(cs->fc, cs->req); 509} 510 511/* Do as much copy to/from userspace buffer as we can */ 512static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size) 513{ 514 unsigned ncpy = min(*size, cs->len); 515 if (val) { 516 if (cs->write) 517 memcpy(cs->buf, *val, ncpy); 518 else 519 memcpy(*val, cs->buf, ncpy); 520 *val += ncpy; 521 } 522 *size -= ncpy; 523 cs->len -= ncpy; 524 cs->buf += ncpy; 525 return ncpy; 526} 527 528/* 529 * Copy a page in the request to/from the userspace buffer. Must be 530 * done atomically 531 */ 532static int fuse_copy_page(struct fuse_copy_state *cs, struct page *page, 533 unsigned offset, unsigned count, int zeroing) 534{ 535 if (page && zeroing && count < PAGE_SIZE) { 536 void *mapaddr = kmap_atomic(page, KM_USER1); 537 memset(mapaddr, 0, PAGE_SIZE); 538 kunmap_atomic(mapaddr, KM_USER1); 539 } 540 while (count) { 541 int err; 542 if (!cs->len && (err = fuse_copy_fill(cs))) 543 return err; 544 if (page) { 545 void *mapaddr = kmap_atomic(page, KM_USER1); 546 void *buf = mapaddr + offset; 547 offset += fuse_copy_do(cs, &buf, &count); 548 kunmap_atomic(mapaddr, KM_USER1); 549 } else 550 offset += fuse_copy_do(cs, NULL, &count); 551 } 552 if (page && !cs->write) 553 flush_dcache_page(page); 554 return 0; 555} 556 557/* Copy pages in the request to/from userspace buffer */ 558static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes, 559 int zeroing) 560{ 561 unsigned i; 562 struct fuse_req *req = cs->req; 563 unsigned offset = req->page_offset; 564 unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset); 565 566 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) { 567 struct page *page = req->pages[i]; 568 int err = fuse_copy_page(cs, page, offset, count, zeroing); 569 if (err) 570 return err; 571 572 nbytes -= count; 573 count = min(nbytes, (unsigned) PAGE_SIZE); 574 offset = 0; 575 } 576 return 0; 577} 578 579/* Copy a single argument in the request to/from userspace buffer */ 580static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size) 581{ 582 while (size) { 583 int err; 584 if (!cs->len && (err = fuse_copy_fill(cs))) 585 return err; 586 fuse_copy_do(cs, &val, &size); 587 } 588 return 0; 589} 590 591/* Copy request arguments to/from userspace buffer */ 592static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs, 593 unsigned argpages, struct fuse_arg *args, 594 int zeroing) 595{ 596 int err = 0; 597 unsigned i; 598 599 for (i = 0; !err && i < numargs; i++) { 600 struct fuse_arg *arg = &args[i]; 601 if (i == numargs - 1 && argpages) 602 err = fuse_copy_pages(cs, arg->size, zeroing); 603 else 604 err = fuse_copy_one(cs, arg->value, arg->size); 605 } 606 return err; 607} 608 609static int request_pending(struct fuse_conn *fc) 610{ 611 return !list_empty(&fc->pending) || !list_empty(&fc->interrupts); 612} 613 614/* Wait until a request is available on the pending list */ 615static void request_wait(struct fuse_conn *fc) 616{ 617 DECLARE_WAITQUEUE(wait, current); 618 619 add_wait_queue_exclusive(&fc->waitq, &wait); 620 while (fc->connected && !request_pending(fc)) { 621 set_current_state(TASK_INTERRUPTIBLE); 622 if (signal_pending(current)) 623 break; 624 625 spin_unlock(&fc->lock); 626 schedule(); 627 spin_lock(&fc->lock); 628 } 629 set_current_state(TASK_RUNNING); 630 remove_wait_queue(&fc->waitq, &wait); 631} 632 633/* 634 * Transfer an interrupt request to userspace 635 * 636 * Unlike other requests this is assembled on demand, without a need 637 * to allocate a separate fuse_req structure. 638 * 639 * Called with fc->lock held, releases it 640 */ 641static int fuse_read_interrupt(struct fuse_conn *fc, struct fuse_req *req, 642 const struct iovec *iov, unsigned long nr_segs) 643{ 644 struct fuse_copy_state cs; 645 struct fuse_in_header ih; 646 struct fuse_interrupt_in arg; 647 unsigned reqsize = sizeof(ih) + sizeof(arg); 648 int err; 649 650 list_del_init(&req->intr_entry); 651 req->intr_unique = fuse_get_unique(fc); 652 memset(&ih, 0, sizeof(ih)); 653 memset(&arg, 0, sizeof(arg)); 654 ih.len = reqsize; 655 ih.opcode = FUSE_INTERRUPT; 656 ih.unique = req->intr_unique; 657 arg.unique = req->in.h.unique; 658 659 spin_unlock(&fc->lock); 660 if (iov_length(iov, nr_segs) < reqsize) 661 return -EINVAL; 662 663 fuse_copy_init(&cs, fc, 1, NULL, iov, nr_segs); 664 err = fuse_copy_one(&cs, &ih, sizeof(ih)); 665 if (!err) 666 err = fuse_copy_one(&cs, &arg, sizeof(arg)); 667 fuse_copy_finish(&cs); 668 669 return err ? err : reqsize; 670} 671 672/* 673 * Read a single request into the userspace filesystem's buffer. This 674 * function waits until a request is available, then removes it from 675 * the pending list and copies request data to userspace buffer. If 676 * no reply is needed (FORGET) or request has been aborted or there 677 * was an error during the copying then it's finished by calling 678 * request_end(). Otherwise add it to the processing list, and set 679 * the 'sent' flag. 680 */ 681static ssize_t fuse_dev_readv(struct file *file, const struct iovec *iov, 682 unsigned long nr_segs, loff_t *off) 683{ 684 int err; 685 struct fuse_req *req; 686 struct fuse_in *in; 687 struct fuse_copy_state cs; 688 unsigned reqsize; 689 struct fuse_conn *fc = fuse_get_conn(file); 690 if (!fc) 691 return -EPERM; 692 693 restart: 694 spin_lock(&fc->lock); 695 err = -EAGAIN; 696 if ((file->f_flags & O_NONBLOCK) && fc->connected && 697 !request_pending(fc)) 698 goto err_unlock; 699 700 request_wait(fc); 701 err = -ENODEV; 702 if (!fc->connected) 703 goto err_unlock; 704 err = -ERESTARTSYS; 705 if (!request_pending(fc)) 706 goto err_unlock; 707 708 if (!list_empty(&fc->interrupts)) { 709 req = list_entry(fc->interrupts.next, struct fuse_req, 710 intr_entry); 711 return fuse_read_interrupt(fc, req, iov, nr_segs); 712 } 713 714 req = list_entry(fc->pending.next, struct fuse_req, list); 715 req->state = FUSE_REQ_READING; 716 list_move(&req->list, &fc->io); 717 718 in = &req->in; 719 reqsize = in->h.len; 720 /* If request is too large, reply with an error and restart the read */ 721 if (iov_length(iov, nr_segs) < reqsize) { 722 req->out.h.error = -EIO; 723 /* SETXATTR is special, since it may contain too large data */ 724 if (in->h.opcode == FUSE_SETXATTR) 725 req->out.h.error = -E2BIG; 726 request_end(fc, req); 727 goto restart; 728 } 729 spin_unlock(&fc->lock); 730 fuse_copy_init(&cs, fc, 1, req, iov, nr_segs); 731 err = fuse_copy_one(&cs, &in->h, sizeof(in->h)); 732 if (!err) 733 err = fuse_copy_args(&cs, in->numargs, in->argpages, 734 (struct fuse_arg *) in->args, 0); 735 fuse_copy_finish(&cs); 736 spin_lock(&fc->lock); 737 req->locked = 0; 738 if (!err && req->aborted) 739 err = -ENOENT; 740 if (err) { 741 if (!req->aborted) 742 req->out.h.error = -EIO; 743 request_end(fc, req); 744 return err; 745 } 746 if (!req->isreply) 747 request_end(fc, req); 748 else { 749 req->state = FUSE_REQ_SENT; 750 list_move_tail(&req->list, &fc->processing); 751 if (req->interrupted) 752 queue_interrupt(fc, req); 753 spin_unlock(&fc->lock); 754 } 755 return reqsize; 756 757 err_unlock: 758 spin_unlock(&fc->lock); 759 return err; 760} 761 762static ssize_t fuse_dev_read(struct file *file, char __user *buf, 763 size_t nbytes, loff_t *off) 764{ 765 struct iovec iov; 766 iov.iov_len = nbytes; 767 iov.iov_base = buf; 768 return fuse_dev_readv(file, &iov, 1, off); 769} 770 771/* Look up request on processing list by unique ID */ 772static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique) 773{ 774 struct list_head *entry; 775 776 list_for_each(entry, &fc->processing) { 777 struct fuse_req *req; 778 req = list_entry(entry, struct fuse_req, list); 779 if (req->in.h.unique == unique || req->intr_unique == unique) 780 return req; 781 } 782 return NULL; 783} 784 785static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out, 786 unsigned nbytes) 787{ 788 unsigned reqsize = sizeof(struct fuse_out_header); 789 790 if (out->h.error) 791 return nbytes != reqsize ? -EINVAL : 0; 792 793 reqsize += len_args(out->numargs, out->args); 794 795 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar)) 796 return -EINVAL; 797 else if (reqsize > nbytes) { 798 struct fuse_arg *lastarg = &out->args[out->numargs-1]; 799 unsigned diffsize = reqsize - nbytes; 800 if (diffsize > lastarg->size) 801 return -EINVAL; 802 lastarg->size -= diffsize; 803 } 804 return fuse_copy_args(cs, out->numargs, out->argpages, out->args, 805 out->page_zeroing); 806} 807 808/* 809 * Write a single reply to a request. First the header is copied from 810 * the write buffer. The request is then searched on the processing 811 * list by the unique ID found in the header. If found, then remove 812 * it from the list and copy the rest of the buffer to the request. 813 * The request is finished by calling request_end() 814 */ 815static ssize_t fuse_dev_writev(struct file *file, const struct iovec *iov, 816 unsigned long nr_segs, loff_t *off) 817{ 818 int err; 819 unsigned nbytes = iov_length(iov, nr_segs); 820 struct fuse_req *req; 821 struct fuse_out_header oh; 822 struct fuse_copy_state cs; 823 struct fuse_conn *fc = fuse_get_conn(file); 824 if (!fc) 825 return -EPERM; 826 827 fuse_copy_init(&cs, fc, 0, NULL, iov, nr_segs); 828 if (nbytes < sizeof(struct fuse_out_header)) 829 return -EINVAL; 830 831 err = fuse_copy_one(&cs, &oh, sizeof(oh)); 832 if (err) 833 goto err_finish; 834 err = -EINVAL; 835 if (!oh.unique || oh.error <= -1000 || oh.error > 0 || 836 oh.len != nbytes) 837 goto err_finish; 838 839 spin_lock(&fc->lock); 840 err = -ENOENT; 841 if (!fc->connected) 842 goto err_unlock; 843 844 req = request_find(fc, oh.unique); 845 if (!req) 846 goto err_unlock; 847 848 if (req->aborted) { 849 spin_unlock(&fc->lock); 850 fuse_copy_finish(&cs); 851 spin_lock(&fc->lock); 852 request_end(fc, req); 853 return -ENOENT; 854 } 855 /* Is it an interrupt reply? */ 856 if (req->intr_unique == oh.unique) { 857 err = -EINVAL; 858 if (nbytes != sizeof(struct fuse_out_header)) 859 goto err_unlock; 860 861 if (oh.error == -ENOSYS) 862 fc->no_interrupt = 1; 863 else if (oh.error == -EAGAIN) 864 queue_interrupt(fc, req); 865 866 spin_unlock(&fc->lock); 867 fuse_copy_finish(&cs); 868 return nbytes; 869 } 870 871 req->state = FUSE_REQ_WRITING; 872 list_move(&req->list, &fc->io); 873 req->out.h = oh; 874 req->locked = 1; 875 cs.req = req; 876 spin_unlock(&fc->lock); 877 878 err = copy_out_args(&cs, &req->out, nbytes); 879 fuse_copy_finish(&cs); 880 881 spin_lock(&fc->lock); 882 req->locked = 0; 883 if (!err) { 884 if (req->aborted) 885 err = -ENOENT; 886 } else if (!req->aborted) 887 req->out.h.error = -EIO; 888 request_end(fc, req); 889 890 return err ? err : nbytes; 891 892 err_unlock: 893 spin_unlock(&fc->lock); 894 err_finish: 895 fuse_copy_finish(&cs); 896 return err; 897} 898 899static ssize_t fuse_dev_write(struct file *file, const char __user *buf, 900 size_t nbytes, loff_t *off) 901{ 902 struct iovec iov; 903 iov.iov_len = nbytes; 904 iov.iov_base = (char __user *) buf; 905 return fuse_dev_writev(file, &iov, 1, off); 906} 907 908static unsigned fuse_dev_poll(struct file *file, poll_table *wait) 909{ 910 unsigned mask = POLLOUT | POLLWRNORM; 911 struct fuse_conn *fc = fuse_get_conn(file); 912 if (!fc) 913 return POLLERR; 914 915 poll_wait(file, &fc->waitq, wait); 916 917 spin_lock(&fc->lock); 918 if (!fc->connected) 919 mask = POLLERR; 920 else if (request_pending(fc)) 921 mask |= POLLIN | POLLRDNORM; 922 spin_unlock(&fc->lock); 923 924 return mask; 925} 926 927/* 928 * Abort all requests on the given list (pending or processing) 929 * 930 * This function releases and reacquires fc->lock 931 */ 932static void end_requests(struct fuse_conn *fc, struct list_head *head) 933{ 934 while (!list_empty(head)) { 935 struct fuse_req *req; 936 req = list_entry(head->next, struct fuse_req, list); 937 req->out.h.error = -ECONNABORTED; 938 request_end(fc, req); 939 spin_lock(&fc->lock); 940 } 941} 942 943/* 944 * Abort requests under I/O 945 * 946 * The requests are set to aborted and finished, and the request 947 * waiter is woken up. This will make request_wait_answer() wait 948 * until the request is unlocked and then return. 949 * 950 * If the request is asynchronous, then the end function needs to be 951 * called after waiting for the request to be unlocked (if it was 952 * locked). 953 */ 954static void end_io_requests(struct fuse_conn *fc) 955{ 956 while (!list_empty(&fc->io)) { 957 struct fuse_req *req = 958 list_entry(fc->io.next, struct fuse_req, list); 959 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end; 960 961 req->aborted = 1; 962 req->out.h.error = -ECONNABORTED; 963 req->state = FUSE_REQ_FINISHED; 964 list_del_init(&req->list); 965 wake_up(&req->waitq); 966 if (end) { 967 req->end = NULL; 968 /* The end function will consume this reference */ 969 __fuse_get_request(req); 970 spin_unlock(&fc->lock); 971 wait_event(req->waitq, !req->locked); 972 end(fc, req); 973 spin_lock(&fc->lock); 974 } 975 } 976} 977 978/* 979 * Abort all requests. 980 * 981 * Emergency exit in case of a malicious or accidental deadlock, or 982 * just a hung filesystem. 983 * 984 * The same effect is usually achievable through killing the 985 * filesystem daemon and all users of the filesystem. The exception 986 * is the combination of an asynchronous request and the tricky 987 * deadlock (see Documentation/filesystems/fuse.txt). 988 * 989 * During the aborting, progression of requests from the pending and 990 * processing lists onto the io list, and progression of new requests 991 * onto the pending list is prevented by req->connected being false. 992 * 993 * Progression of requests under I/O to the processing list is 994 * prevented by the req->aborted flag being true for these requests. 995 * For this reason requests on the io list must be aborted first. 996 */ 997void fuse_abort_conn(struct fuse_conn *fc) 998{ 999 spin_lock(&fc->lock); 1000 if (fc->connected) { 1001 fc->connected = 0; 1002 fc->blocked = 0; 1003 end_io_requests(fc); 1004 end_requests(fc, &fc->pending); 1005 end_requests(fc, &fc->processing); 1006 wake_up_all(&fc->waitq); 1007 wake_up_all(&fc->blocked_waitq); 1008 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 1009 } 1010 spin_unlock(&fc->lock); 1011} 1012 1013static int fuse_dev_release(struct inode *inode, struct file *file) 1014{ 1015 struct fuse_conn *fc = fuse_get_conn(file); 1016 if (fc) { 1017 spin_lock(&fc->lock); 1018 fc->connected = 0; 1019 end_requests(fc, &fc->pending); 1020 end_requests(fc, &fc->processing); 1021 spin_unlock(&fc->lock); 1022 fasync_helper(-1, file, 0, &fc->fasync); 1023 fuse_conn_put(fc); 1024 } 1025 1026 return 0; 1027} 1028 1029static int fuse_dev_fasync(int fd, struct file *file, int on) 1030{ 1031 struct fuse_conn *fc = fuse_get_conn(file); 1032 if (!fc) 1033 return -EPERM; 1034 1035 /* No locking - fasync_helper does its own locking */ 1036 return fasync_helper(fd, file, on, &fc->fasync); 1037} 1038 1039const struct file_operations fuse_dev_operations = { 1040 .owner = THIS_MODULE, 1041 .llseek = no_llseek, 1042 .read = fuse_dev_read, 1043 .readv = fuse_dev_readv, 1044 .write = fuse_dev_write, 1045 .writev = fuse_dev_writev, 1046 .poll = fuse_dev_poll, 1047 .release = fuse_dev_release, 1048 .fasync = fuse_dev_fasync, 1049}; 1050 1051static struct miscdevice fuse_miscdevice = { 1052 .minor = FUSE_MINOR, 1053 .name = "fuse", 1054 .fops = &fuse_dev_operations, 1055}; 1056 1057int __init fuse_dev_init(void) 1058{ 1059 int err = -ENOMEM; 1060 fuse_req_cachep = kmem_cache_create("fuse_request", 1061 sizeof(struct fuse_req), 1062 0, 0, NULL, NULL); 1063 if (!fuse_req_cachep) 1064 goto out; 1065 1066 err = misc_register(&fuse_miscdevice); 1067 if (err) 1068 goto out_cache_clean; 1069 1070 return 0; 1071 1072 out_cache_clean: 1073 kmem_cache_destroy(fuse_req_cachep); 1074 out: 1075 return err; 1076} 1077 1078void fuse_dev_cleanup(void) 1079{ 1080 misc_deregister(&fuse_miscdevice); 1081 kmem_cache_destroy(fuse_req_cachep); 1082}