tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / fs / fuse / dev.c
at v2.6.21 26 kB view raw
1/* 2 FUSE: Filesystem in Userspace 3 Copyright (C) 2001-2006 Miklos Szeredi <miklos@szeredi.hu> 4 5 This program can be distributed under the terms of the GNU GPL. 6 See the file COPYING. 7*/ 8 9#include "fuse_i.h" 10 11#include <linux/init.h> 12#include <linux/module.h> 13#include <linux/poll.h> 14#include <linux/uio.h> 15#include <linux/miscdevice.h> 16#include <linux/pagemap.h> 17#include <linux/file.h> 18#include <linux/slab.h> 19 20MODULE_ALIAS_MISCDEV(FUSE_MINOR); 21 22static struct kmem_cache *fuse_req_cachep; 23 24static struct fuse_conn *fuse_get_conn(struct file *file) 25{ 26 /* 27 * Lockless access is OK, because file->private data is set 28 * once during mount and is valid until the file is released. 29 */ 30 return file->private_data; 31} 32 33static void fuse_request_init(struct fuse_req *req) 34{ 35 memset(req, 0, sizeof(*req)); 36 INIT_LIST_HEAD(&req->list); 37 INIT_LIST_HEAD(&req->intr_entry); 38 init_waitqueue_head(&req->waitq); 39 atomic_set(&req->count, 1); 40} 41 42struct fuse_req *fuse_request_alloc(void) 43{ 44 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, GFP_KERNEL); 45 if (req) 46 fuse_request_init(req); 47 return req; 48} 49 50void fuse_request_free(struct fuse_req *req) 51{ 52 kmem_cache_free(fuse_req_cachep, req); 53} 54 55static void block_sigs(sigset_t *oldset) 56{ 57 sigset_t mask; 58 59 siginitsetinv(&mask, sigmask(SIGKILL)); 60 sigprocmask(SIG_BLOCK, &mask, oldset); 61} 62 63static void restore_sigs(sigset_t *oldset) 64{ 65 sigprocmask(SIG_SETMASK, oldset, NULL); 66} 67 68static void __fuse_get_request(struct fuse_req *req) 69{ 70 atomic_inc(&req->count); 71} 72 73/* Must be called with > 1 refcount */ 74static void __fuse_put_request(struct fuse_req *req) 75{ 76 BUG_ON(atomic_read(&req->count) < 2); 77 atomic_dec(&req->count); 78} 79 80static void fuse_req_init_context(struct fuse_req *req) 81{ 82 req->in.h.uid = current->fsuid; 83 req->in.h.gid = current->fsgid; 84 req->in.h.pid = current->pid; 85} 86 87struct fuse_req *fuse_get_req(struct fuse_conn *fc) 88{ 89 struct fuse_req *req; 90 sigset_t oldset; 91 int intr; 92 int err; 93 94 atomic_inc(&fc->num_waiting); 95 block_sigs(&oldset); 96 intr = wait_event_interruptible(fc->blocked_waitq, !fc->blocked); 97 restore_sigs(&oldset); 98 err = -EINTR; 99 if (intr) 100 goto out; 101 102 err = -ENOTCONN; 103 if (!fc->connected) 104 goto out; 105 106 req = fuse_request_alloc(); 107 err = -ENOMEM; 108 if (!req) 109 goto out; 110 111 fuse_req_init_context(req); 112 req->waiting = 1; 113 return req; 114 115 out: 116 atomic_dec(&fc->num_waiting); 117 return ERR_PTR(err); 118} 119 120/* 121 * Return request in fuse_file->reserved_req. However that may 122 * currently be in use. If that is the case, wait for it to become 123 * available. 124 */ 125static struct fuse_req *get_reserved_req(struct fuse_conn *fc, 126 struct file *file) 127{ 128 struct fuse_req *req = NULL; 129 struct fuse_file *ff = file->private_data; 130 131 do { 132 wait_event(fc->blocked_waitq, ff->reserved_req); 133 spin_lock(&fc->lock); 134 if (ff->reserved_req) { 135 req = ff->reserved_req; 136 ff->reserved_req = NULL; 137 get_file(file); 138 req->stolen_file = file; 139 } 140 spin_unlock(&fc->lock); 141 } while (!req); 142 143 return req; 144} 145 146/* 147 * Put stolen request back into fuse_file->reserved_req 148 */ 149static void put_reserved_req(struct fuse_conn *fc, struct fuse_req *req) 150{ 151 struct file *file = req->stolen_file; 152 struct fuse_file *ff = file->private_data; 153 154 spin_lock(&fc->lock); 155 fuse_request_init(req); 156 BUG_ON(ff->reserved_req); 157 ff->reserved_req = req; 158 wake_up(&fc->blocked_waitq); 159 spin_unlock(&fc->lock); 160 fput(file); 161} 162 163/* 164 * Gets a requests for a file operation, always succeeds 165 * 166 * This is used for sending the FLUSH request, which must get to 167 * userspace, due to POSIX locks which may need to be unlocked. 168 * 169 * If allocation fails due to OOM, use the reserved request in 170 * fuse_file. 171 * 172 * This is very unlikely to deadlock accidentally, since the 173 * filesystem should not have it's own file open. If deadlock is 174 * intentional, it can still be broken by "aborting" the filesystem. 175 */ 176struct fuse_req *fuse_get_req_nofail(struct fuse_conn *fc, struct file *file) 177{ 178 struct fuse_req *req; 179 180 atomic_inc(&fc->num_waiting); 181 wait_event(fc->blocked_waitq, !fc->blocked); 182 req = fuse_request_alloc(); 183 if (!req) 184 req = get_reserved_req(fc, file); 185 186 fuse_req_init_context(req); 187 req->waiting = 1; 188 return req; 189} 190 191void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req) 192{ 193 if (atomic_dec_and_test(&req->count)) { 194 if (req->waiting) 195 atomic_dec(&fc->num_waiting); 196 197 if (req->stolen_file) 198 put_reserved_req(fc, req); 199 else 200 fuse_request_free(req); 201 } 202} 203 204/* 205 * This function is called when a request is finished. Either a reply 206 * has arrived or it was aborted (and not yet sent) or some error 207 * occurred during communication with userspace, or the device file 208 * was closed. The requester thread is woken up (if still waiting), 209 * the 'end' callback is called if given, else the reference to the 210 * request is released 211 * 212 * Called with fc->lock, unlocks it 213 */ 214static void request_end(struct fuse_conn *fc, struct fuse_req *req) 215 __releases(fc->lock) 216{ 217 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end; 218 req->end = NULL; 219 list_del(&req->list); 220 list_del(&req->intr_entry); 221 req->state = FUSE_REQ_FINISHED; 222 if (req->background) { 223 if (fc->num_background == FUSE_MAX_BACKGROUND) { 224 fc->blocked = 0; 225 wake_up_all(&fc->blocked_waitq); 226 } 227 fc->num_background--; 228 } 229 spin_unlock(&fc->lock); 230 dput(req->dentry); 231 mntput(req->vfsmount); 232 if (req->file) 233 fput(req->file); 234 wake_up(&req->waitq); 235 if (end) 236 end(fc, req); 237 else 238 fuse_put_request(fc, req); 239} 240 241static void wait_answer_interruptible(struct fuse_conn *fc, 242 struct fuse_req *req) 243{ 244 if (signal_pending(current)) 245 return; 246 247 spin_unlock(&fc->lock); 248 wait_event_interruptible(req->waitq, req->state == FUSE_REQ_FINISHED); 249 spin_lock(&fc->lock); 250} 251 252static void queue_interrupt(struct fuse_conn *fc, struct fuse_req *req) 253{ 254 list_add_tail(&req->intr_entry, &fc->interrupts); 255 wake_up(&fc->waitq); 256 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 257} 258 259/* Called with fc->lock held. Releases, and then reacquires it. */ 260static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req) 261{ 262 if (!fc->no_interrupt) { 263 /* Any signal may interrupt this */ 264 wait_answer_interruptible(fc, req); 265 266 if (req->aborted) 267 goto aborted; 268 if (req->state == FUSE_REQ_FINISHED) 269 return; 270 271 req->interrupted = 1; 272 if (req->state == FUSE_REQ_SENT) 273 queue_interrupt(fc, req); 274 } 275 276 if (req->force) { 277 spin_unlock(&fc->lock); 278 wait_event(req->waitq, req->state == FUSE_REQ_FINISHED); 279 spin_lock(&fc->lock); 280 } else { 281 sigset_t oldset; 282 283 /* Only fatal signals may interrupt this */ 284 block_sigs(&oldset); 285 wait_answer_interruptible(fc, req); 286 restore_sigs(&oldset); 287 } 288 289 if (req->aborted) 290 goto aborted; 291 if (req->state == FUSE_REQ_FINISHED) 292 return; 293 294 req->out.h.error = -EINTR; 295 req->aborted = 1; 296 297 aborted: 298 if (req->locked) { 299 /* This is uninterruptible sleep, because data is 300 being copied to/from the buffers of req. During 301 locked state, there mustn't be any filesystem 302 operation (e.g. page fault), since that could lead 303 to deadlock */ 304 spin_unlock(&fc->lock); 305 wait_event(req->waitq, !req->locked); 306 spin_lock(&fc->lock); 307 } 308 if (req->state == FUSE_REQ_PENDING) { 309 list_del(&req->list); 310 __fuse_put_request(req); 311 } else if (req->state == FUSE_REQ_SENT) { 312 spin_unlock(&fc->lock); 313 wait_event(req->waitq, req->state == FUSE_REQ_FINISHED); 314 spin_lock(&fc->lock); 315 } 316} 317 318static unsigned len_args(unsigned numargs, struct fuse_arg *args) 319{ 320 unsigned nbytes = 0; 321 unsigned i; 322 323 for (i = 0; i < numargs; i++) 324 nbytes += args[i].size; 325 326 return nbytes; 327} 328 329static u64 fuse_get_unique(struct fuse_conn *fc) 330 { 331 fc->reqctr++; 332 /* zero is special */ 333 if (fc->reqctr == 0) 334 fc->reqctr = 1; 335 336 return fc->reqctr; 337} 338 339static void queue_request(struct fuse_conn *fc, struct fuse_req *req) 340{ 341 req->in.h.unique = fuse_get_unique(fc); 342 req->in.h.len = sizeof(struct fuse_in_header) + 343 len_args(req->in.numargs, (struct fuse_arg *) req->in.args); 344 list_add_tail(&req->list, &fc->pending); 345 req->state = FUSE_REQ_PENDING; 346 if (!req->waiting) { 347 req->waiting = 1; 348 atomic_inc(&fc->num_waiting); 349 } 350 wake_up(&fc->waitq); 351 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 352} 353 354void request_send(struct fuse_conn *fc, struct fuse_req *req) 355{ 356 req->isreply = 1; 357 spin_lock(&fc->lock); 358 if (!fc->connected) 359 req->out.h.error = -ENOTCONN; 360 else if (fc->conn_error) 361 req->out.h.error = -ECONNREFUSED; 362 else { 363 queue_request(fc, req); 364 /* acquire extra reference, since request is still needed 365 after request_end() */ 366 __fuse_get_request(req); 367 368 request_wait_answer(fc, req); 369 } 370 spin_unlock(&fc->lock); 371} 372 373static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req) 374{ 375 spin_lock(&fc->lock); 376 if (fc->connected) { 377 req->background = 1; 378 fc->num_background++; 379 if (fc->num_background == FUSE_MAX_BACKGROUND) 380 fc->blocked = 1; 381 382 queue_request(fc, req); 383 spin_unlock(&fc->lock); 384 } else { 385 req->out.h.error = -ENOTCONN; 386 request_end(fc, req); 387 } 388} 389 390void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req) 391{ 392 req->isreply = 0; 393 request_send_nowait(fc, req); 394} 395 396void request_send_background(struct fuse_conn *fc, struct fuse_req *req) 397{ 398 req->isreply = 1; 399 request_send_nowait(fc, req); 400} 401 402/* 403 * Lock the request. Up to the next unlock_request() there mustn't be 404 * anything that could cause a page-fault. If the request was already 405 * aborted bail out. 406 */ 407static int lock_request(struct fuse_conn *fc, struct fuse_req *req) 408{ 409 int err = 0; 410 if (req) { 411 spin_lock(&fc->lock); 412 if (req->aborted) 413 err = -ENOENT; 414 else 415 req->locked = 1; 416 spin_unlock(&fc->lock); 417 } 418 return err; 419} 420 421/* 422 * Unlock request. If it was aborted during being locked, the 423 * requester thread is currently waiting for it to be unlocked, so 424 * wake it up. 425 */ 426static void unlock_request(struct fuse_conn *fc, struct fuse_req *req) 427{ 428 if (req) { 429 spin_lock(&fc->lock); 430 req->locked = 0; 431 if (req->aborted) 432 wake_up(&req->waitq); 433 spin_unlock(&fc->lock); 434 } 435} 436 437struct fuse_copy_state { 438 struct fuse_conn *fc; 439 int write; 440 struct fuse_req *req; 441 const struct iovec *iov; 442 unsigned long nr_segs; 443 unsigned long seglen; 444 unsigned long addr; 445 struct page *pg; 446 void *mapaddr; 447 void *buf; 448 unsigned len; 449}; 450 451static void fuse_copy_init(struct fuse_copy_state *cs, struct fuse_conn *fc, 452 int write, struct fuse_req *req, 453 const struct iovec *iov, unsigned long nr_segs) 454{ 455 memset(cs, 0, sizeof(*cs)); 456 cs->fc = fc; 457 cs->write = write; 458 cs->req = req; 459 cs->iov = iov; 460 cs->nr_segs = nr_segs; 461} 462 463/* Unmap and put previous page of userspace buffer */ 464static void fuse_copy_finish(struct fuse_copy_state *cs) 465{ 466 if (cs->mapaddr) { 467 kunmap_atomic(cs->mapaddr, KM_USER0); 468 if (cs->write) { 469 flush_dcache_page(cs->pg); 470 set_page_dirty_lock(cs->pg); 471 } 472 put_page(cs->pg); 473 cs->mapaddr = NULL; 474 } 475} 476 477/* 478 * Get another pagefull of userspace buffer, and map it to kernel 479 * address space, and lock request 480 */ 481static int fuse_copy_fill(struct fuse_copy_state *cs) 482{ 483 unsigned long offset; 484 int err; 485 486 unlock_request(cs->fc, cs->req); 487 fuse_copy_finish(cs); 488 if (!cs->seglen) { 489 BUG_ON(!cs->nr_segs); 490 cs->seglen = cs->iov[0].iov_len; 491 cs->addr = (unsigned long) cs->iov[0].iov_base; 492 cs->iov ++; 493 cs->nr_segs --; 494 } 495 down_read(&current->mm->mmap_sem); 496 err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0, 497 &cs->pg, NULL); 498 up_read(&current->mm->mmap_sem); 499 if (err < 0) 500 return err; 501 BUG_ON(err != 1); 502 offset = cs->addr % PAGE_SIZE; 503 cs->mapaddr = kmap_atomic(cs->pg, KM_USER0); 504 cs->buf = cs->mapaddr + offset; 505 cs->len = min(PAGE_SIZE - offset, cs->seglen); 506 cs->seglen -= cs->len; 507 cs->addr += cs->len; 508 509 return lock_request(cs->fc, cs->req); 510} 511 512/* Do as much copy to/from userspace buffer as we can */ 513static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size) 514{ 515 unsigned ncpy = min(*size, cs->len); 516 if (val) { 517 if (cs->write) 518 memcpy(cs->buf, *val, ncpy); 519 else 520 memcpy(*val, cs->buf, ncpy); 521 *val += ncpy; 522 } 523 *size -= ncpy; 524 cs->len -= ncpy; 525 cs->buf += ncpy; 526 return ncpy; 527} 528 529/* 530 * Copy a page in the request to/from the userspace buffer. Must be 531 * done atomically 532 */ 533static int fuse_copy_page(struct fuse_copy_state *cs, struct page *page, 534 unsigned offset, unsigned count, int zeroing) 535{ 536 if (page && zeroing && count < PAGE_SIZE) { 537 void *mapaddr = kmap_atomic(page, KM_USER1); 538 memset(mapaddr, 0, PAGE_SIZE); 539 kunmap_atomic(mapaddr, KM_USER1); 540 } 541 while (count) { 542 int err; 543 if (!cs->len && (err = fuse_copy_fill(cs))) 544 return err; 545 if (page) { 546 void *mapaddr = kmap_atomic(page, KM_USER1); 547 void *buf = mapaddr + offset; 548 offset += fuse_copy_do(cs, &buf, &count); 549 kunmap_atomic(mapaddr, KM_USER1); 550 } else 551 offset += fuse_copy_do(cs, NULL, &count); 552 } 553 if (page && !cs->write) 554 flush_dcache_page(page); 555 return 0; 556} 557 558/* Copy pages in the request to/from userspace buffer */ 559static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes, 560 int zeroing) 561{ 562 unsigned i; 563 struct fuse_req *req = cs->req; 564 unsigned offset = req->page_offset; 565 unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset); 566 567 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) { 568 struct page *page = req->pages[i]; 569 int err = fuse_copy_page(cs, page, offset, count, zeroing); 570 if (err) 571 return err; 572 573 nbytes -= count; 574 count = min(nbytes, (unsigned) PAGE_SIZE); 575 offset = 0; 576 } 577 return 0; 578} 579 580/* Copy a single argument in the request to/from userspace buffer */ 581static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size) 582{ 583 while (size) { 584 int err; 585 if (!cs->len && (err = fuse_copy_fill(cs))) 586 return err; 587 fuse_copy_do(cs, &val, &size); 588 } 589 return 0; 590} 591 592/* Copy request arguments to/from userspace buffer */ 593static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs, 594 unsigned argpages, struct fuse_arg *args, 595 int zeroing) 596{ 597 int err = 0; 598 unsigned i; 599 600 for (i = 0; !err && i < numargs; i++) { 601 struct fuse_arg *arg = &args[i]; 602 if (i == numargs - 1 && argpages) 603 err = fuse_copy_pages(cs, arg->size, zeroing); 604 else 605 err = fuse_copy_one(cs, arg->value, arg->size); 606 } 607 return err; 608} 609 610static int request_pending(struct fuse_conn *fc) 611{ 612 return !list_empty(&fc->pending) || !list_empty(&fc->interrupts); 613} 614 615/* Wait until a request is available on the pending list */ 616static void request_wait(struct fuse_conn *fc) 617{ 618 DECLARE_WAITQUEUE(wait, current); 619 620 add_wait_queue_exclusive(&fc->waitq, &wait); 621 while (fc->connected && !request_pending(fc)) { 622 set_current_state(TASK_INTERRUPTIBLE); 623 if (signal_pending(current)) 624 break; 625 626 spin_unlock(&fc->lock); 627 schedule(); 628 spin_lock(&fc->lock); 629 } 630 set_current_state(TASK_RUNNING); 631 remove_wait_queue(&fc->waitq, &wait); 632} 633 634/* 635 * Transfer an interrupt request to userspace 636 * 637 * Unlike other requests this is assembled on demand, without a need 638 * to allocate a separate fuse_req structure. 639 * 640 * Called with fc->lock held, releases it 641 */ 642static int fuse_read_interrupt(struct fuse_conn *fc, struct fuse_req *req, 643 const struct iovec *iov, unsigned long nr_segs) 644 __releases(fc->lock) 645{ 646 struct fuse_copy_state cs; 647 struct fuse_in_header ih; 648 struct fuse_interrupt_in arg; 649 unsigned reqsize = sizeof(ih) + sizeof(arg); 650 int err; 651 652 list_del_init(&req->intr_entry); 653 req->intr_unique = fuse_get_unique(fc); 654 memset(&ih, 0, sizeof(ih)); 655 memset(&arg, 0, sizeof(arg)); 656 ih.len = reqsize; 657 ih.opcode = FUSE_INTERRUPT; 658 ih.unique = req->intr_unique; 659 arg.unique = req->in.h.unique; 660 661 spin_unlock(&fc->lock); 662 if (iov_length(iov, nr_segs) < reqsize) 663 return -EINVAL; 664 665 fuse_copy_init(&cs, fc, 1, NULL, iov, nr_segs); 666 err = fuse_copy_one(&cs, &ih, sizeof(ih)); 667 if (!err) 668 err = fuse_copy_one(&cs, &arg, sizeof(arg)); 669 fuse_copy_finish(&cs); 670 671 return err ? err : reqsize; 672} 673 674/* 675 * Read a single request into the userspace filesystem's buffer. This 676 * function waits until a request is available, then removes it from 677 * the pending list and copies request data to userspace buffer. If 678 * no reply is needed (FORGET) or request has been aborted or there 679 * was an error during the copying then it's finished by calling 680 * request_end(). Otherwise add it to the processing list, and set 681 * the 'sent' flag. 682 */ 683static ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov, 684 unsigned long nr_segs, loff_t pos) 685{ 686 int err; 687 struct fuse_req *req; 688 struct fuse_in *in; 689 struct fuse_copy_state cs; 690 unsigned reqsize; 691 struct file *file = iocb->ki_filp; 692 struct fuse_conn *fc = fuse_get_conn(file); 693 if (!fc) 694 return -EPERM; 695 696 restart: 697 spin_lock(&fc->lock); 698 err = -EAGAIN; 699 if ((file->f_flags & O_NONBLOCK) && fc->connected && 700 !request_pending(fc)) 701 goto err_unlock; 702 703 request_wait(fc); 704 err = -ENODEV; 705 if (!fc->connected) 706 goto err_unlock; 707 err = -ERESTARTSYS; 708 if (!request_pending(fc)) 709 goto err_unlock; 710 711 if (!list_empty(&fc->interrupts)) { 712 req = list_entry(fc->interrupts.next, struct fuse_req, 713 intr_entry); 714 return fuse_read_interrupt(fc, req, iov, nr_segs); 715 } 716 717 req = list_entry(fc->pending.next, struct fuse_req, list); 718 req->state = FUSE_REQ_READING; 719 list_move(&req->list, &fc->io); 720 721 in = &req->in; 722 reqsize = in->h.len; 723 /* If request is too large, reply with an error and restart the read */ 724 if (iov_length(iov, nr_segs) < reqsize) { 725 req->out.h.error = -EIO; 726 /* SETXATTR is special, since it may contain too large data */ 727 if (in->h.opcode == FUSE_SETXATTR) 728 req->out.h.error = -E2BIG; 729 request_end(fc, req); 730 goto restart; 731 } 732 spin_unlock(&fc->lock); 733 fuse_copy_init(&cs, fc, 1, req, iov, nr_segs); 734 err = fuse_copy_one(&cs, &in->h, sizeof(in->h)); 735 if (!err) 736 err = fuse_copy_args(&cs, in->numargs, in->argpages, 737 (struct fuse_arg *) in->args, 0); 738 fuse_copy_finish(&cs); 739 spin_lock(&fc->lock); 740 req->locked = 0; 741 if (!err && req->aborted) 742 err = -ENOENT; 743 if (err) { 744 if (!req->aborted) 745 req->out.h.error = -EIO; 746 request_end(fc, req); 747 return err; 748 } 749 if (!req->isreply) 750 request_end(fc, req); 751 else { 752 req->state = FUSE_REQ_SENT; 753 list_move_tail(&req->list, &fc->processing); 754 if (req->interrupted) 755 queue_interrupt(fc, req); 756 spin_unlock(&fc->lock); 757 } 758 return reqsize; 759 760 err_unlock: 761 spin_unlock(&fc->lock); 762 return err; 763} 764 765/* Look up request on processing list by unique ID */ 766static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique) 767{ 768 struct list_head *entry; 769 770 list_for_each(entry, &fc->processing) { 771 struct fuse_req *req; 772 req = list_entry(entry, struct fuse_req, list); 773 if (req->in.h.unique == unique || req->intr_unique == unique) 774 return req; 775 } 776 return NULL; 777} 778 779static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out, 780 unsigned nbytes) 781{ 782 unsigned reqsize = sizeof(struct fuse_out_header); 783 784 if (out->h.error) 785 return nbytes != reqsize ? -EINVAL : 0; 786 787 reqsize += len_args(out->numargs, out->args); 788 789 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar)) 790 return -EINVAL; 791 else if (reqsize > nbytes) { 792 struct fuse_arg *lastarg = &out->args[out->numargs-1]; 793 unsigned diffsize = reqsize - nbytes; 794 if (diffsize > lastarg->size) 795 return -EINVAL; 796 lastarg->size -= diffsize; 797 } 798 return fuse_copy_args(cs, out->numargs, out->argpages, out->args, 799 out->page_zeroing); 800} 801 802/* 803 * Write a single reply to a request. First the header is copied from 804 * the write buffer. The request is then searched on the processing 805 * list by the unique ID found in the header. If found, then remove 806 * it from the list and copy the rest of the buffer to the request. 807 * The request is finished by calling request_end() 808 */ 809static ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov, 810 unsigned long nr_segs, loff_t pos) 811{ 812 int err; 813 unsigned nbytes = iov_length(iov, nr_segs); 814 struct fuse_req *req; 815 struct fuse_out_header oh; 816 struct fuse_copy_state cs; 817 struct fuse_conn *fc = fuse_get_conn(iocb->ki_filp); 818 if (!fc) 819 return -EPERM; 820 821 fuse_copy_init(&cs, fc, 0, NULL, iov, nr_segs); 822 if (nbytes < sizeof(struct fuse_out_header)) 823 return -EINVAL; 824 825 err = fuse_copy_one(&cs, &oh, sizeof(oh)); 826 if (err) 827 goto err_finish; 828 err = -EINVAL; 829 if (!oh.unique || oh.error <= -1000 || oh.error > 0 || 830 oh.len != nbytes) 831 goto err_finish; 832 833 spin_lock(&fc->lock); 834 err = -ENOENT; 835 if (!fc->connected) 836 goto err_unlock; 837 838 req = request_find(fc, oh.unique); 839 if (!req) 840 goto err_unlock; 841 842 if (req->aborted) { 843 spin_unlock(&fc->lock); 844 fuse_copy_finish(&cs); 845 spin_lock(&fc->lock); 846 request_end(fc, req); 847 return -ENOENT; 848 } 849 /* Is it an interrupt reply? */ 850 if (req->intr_unique == oh.unique) { 851 err = -EINVAL; 852 if (nbytes != sizeof(struct fuse_out_header)) 853 goto err_unlock; 854 855 if (oh.error == -ENOSYS) 856 fc->no_interrupt = 1; 857 else if (oh.error == -EAGAIN) 858 queue_interrupt(fc, req); 859 860 spin_unlock(&fc->lock); 861 fuse_copy_finish(&cs); 862 return nbytes; 863 } 864 865 req->state = FUSE_REQ_WRITING; 866 list_move(&req->list, &fc->io); 867 req->out.h = oh; 868 req->locked = 1; 869 cs.req = req; 870 spin_unlock(&fc->lock); 871 872 err = copy_out_args(&cs, &req->out, nbytes); 873 fuse_copy_finish(&cs); 874 875 spin_lock(&fc->lock); 876 req->locked = 0; 877 if (!err) { 878 if (req->aborted) 879 err = -ENOENT; 880 } else if (!req->aborted) 881 req->out.h.error = -EIO; 882 request_end(fc, req); 883 884 return err ? err : nbytes; 885 886 err_unlock: 887 spin_unlock(&fc->lock); 888 err_finish: 889 fuse_copy_finish(&cs); 890 return err; 891} 892 893static unsigned fuse_dev_poll(struct file *file, poll_table *wait) 894{ 895 unsigned mask = POLLOUT | POLLWRNORM; 896 struct fuse_conn *fc = fuse_get_conn(file); 897 if (!fc) 898 return POLLERR; 899 900 poll_wait(file, &fc->waitq, wait); 901 902 spin_lock(&fc->lock); 903 if (!fc->connected) 904 mask = POLLERR; 905 else if (request_pending(fc)) 906 mask |= POLLIN | POLLRDNORM; 907 spin_unlock(&fc->lock); 908 909 return mask; 910} 911 912/* 913 * Abort all requests on the given list (pending or processing) 914 * 915 * This function releases and reacquires fc->lock 916 */ 917static void end_requests(struct fuse_conn *fc, struct list_head *head) 918{ 919 while (!list_empty(head)) { 920 struct fuse_req *req; 921 req = list_entry(head->next, struct fuse_req, list); 922 req->out.h.error = -ECONNABORTED; 923 request_end(fc, req); 924 spin_lock(&fc->lock); 925 } 926} 927 928/* 929 * Abort requests under I/O 930 * 931 * The requests are set to aborted and finished, and the request 932 * waiter is woken up. This will make request_wait_answer() wait 933 * until the request is unlocked and then return. 934 * 935 * If the request is asynchronous, then the end function needs to be 936 * called after waiting for the request to be unlocked (if it was 937 * locked). 938 */ 939static void end_io_requests(struct fuse_conn *fc) 940{ 941 while (!list_empty(&fc->io)) { 942 struct fuse_req *req = 943 list_entry(fc->io.next, struct fuse_req, list); 944 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end; 945 946 req->aborted = 1; 947 req->out.h.error = -ECONNABORTED; 948 req->state = FUSE_REQ_FINISHED; 949 list_del_init(&req->list); 950 wake_up(&req->waitq); 951 if (end) { 952 req->end = NULL; 953 /* The end function will consume this reference */ 954 __fuse_get_request(req); 955 spin_unlock(&fc->lock); 956 wait_event(req->waitq, !req->locked); 957 end(fc, req); 958 spin_lock(&fc->lock); 959 } 960 } 961} 962 963/* 964 * Abort all requests. 965 * 966 * Emergency exit in case of a malicious or accidental deadlock, or 967 * just a hung filesystem. 968 * 969 * The same effect is usually achievable through killing the 970 * filesystem daemon and all users of the filesystem. The exception 971 * is the combination of an asynchronous request and the tricky 972 * deadlock (see Documentation/filesystems/fuse.txt). 973 * 974 * During the aborting, progression of requests from the pending and 975 * processing lists onto the io list, and progression of new requests 976 * onto the pending list is prevented by req->connected being false. 977 * 978 * Progression of requests under I/O to the processing list is 979 * prevented by the req->aborted flag being true for these requests. 980 * For this reason requests on the io list must be aborted first. 981 */ 982void fuse_abort_conn(struct fuse_conn *fc) 983{ 984 spin_lock(&fc->lock); 985 if (fc->connected) { 986 fc->connected = 0; 987 fc->blocked = 0; 988 end_io_requests(fc); 989 end_requests(fc, &fc->pending); 990 end_requests(fc, &fc->processing); 991 wake_up_all(&fc->waitq); 992 wake_up_all(&fc->blocked_waitq); 993 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 994 } 995 spin_unlock(&fc->lock); 996} 997 998static int fuse_dev_release(struct inode *inode, struct file *file) 999{ 1000 struct fuse_conn *fc = fuse_get_conn(file); 1001 if (fc) { 1002 spin_lock(&fc->lock); 1003 fc->connected = 0; 1004 end_requests(fc, &fc->pending); 1005 end_requests(fc, &fc->processing); 1006 spin_unlock(&fc->lock); 1007 fasync_helper(-1, file, 0, &fc->fasync); 1008 fuse_conn_put(fc); 1009 } 1010 1011 return 0; 1012} 1013 1014static int fuse_dev_fasync(int fd, struct file *file, int on) 1015{ 1016 struct fuse_conn *fc = fuse_get_conn(file); 1017 if (!fc) 1018 return -EPERM; 1019 1020 /* No locking - fasync_helper does its own locking */ 1021 return fasync_helper(fd, file, on, &fc->fasync); 1022} 1023 1024const struct file_operations fuse_dev_operations = { 1025 .owner = THIS_MODULE, 1026 .llseek = no_llseek, 1027 .read = do_sync_read, 1028 .aio_read = fuse_dev_read, 1029 .write = do_sync_write, 1030 .aio_write = fuse_dev_write, 1031 .poll = fuse_dev_poll, 1032 .release = fuse_dev_release, 1033 .fasync = fuse_dev_fasync, 1034}; 1035 1036static struct miscdevice fuse_miscdevice = { 1037 .minor = FUSE_MINOR, 1038 .name = "fuse", 1039 .fops = &fuse_dev_operations, 1040}; 1041 1042int __init fuse_dev_init(void) 1043{ 1044 int err = -ENOMEM; 1045 fuse_req_cachep = kmem_cache_create("fuse_request", 1046 sizeof(struct fuse_req), 1047 0, 0, NULL, NULL); 1048 if (!fuse_req_cachep) 1049 goto out; 1050 1051 err = misc_register(&fuse_miscdevice); 1052 if (err) 1053 goto out_cache_clean; 1054 1055 return 0; 1056 1057 out_cache_clean: 1058 kmem_cache_destroy(fuse_req_cachep); 1059 out: 1060 return err; 1061} 1062 1063void fuse_dev_cleanup(void) 1064{ 1065 misc_deregister(&fuse_miscdevice); 1066 kmem_cache_destroy(fuse_req_cachep); 1067}