tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / fs / fuse / dev.c
at v2.6.30 28 kB view raw
1/* 2 FUSE: Filesystem in Userspace 3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu> 4 5 This program can be distributed under the terms of the GNU GPL. 6 See the file COPYING. 7*/ 8 9#include "fuse_i.h" 10 11#include <linux/init.h> 12#include <linux/module.h> 13#include <linux/poll.h> 14#include <linux/uio.h> 15#include <linux/miscdevice.h> 16#include <linux/pagemap.h> 17#include <linux/file.h> 18#include <linux/slab.h> 19 20MODULE_ALIAS_MISCDEV(FUSE_MINOR); 21 22static struct kmem_cache *fuse_req_cachep; 23 24static struct fuse_conn *fuse_get_conn(struct file *file) 25{ 26 /* 27 * Lockless access is OK, because file->private data is set 28 * once during mount and is valid until the file is released. 29 */ 30 return file->private_data; 31} 32 33static void fuse_request_init(struct fuse_req *req) 34{ 35 memset(req, 0, sizeof(*req)); 36 INIT_LIST_HEAD(&req->list); 37 INIT_LIST_HEAD(&req->intr_entry); 38 init_waitqueue_head(&req->waitq); 39 atomic_set(&req->count, 1); 40} 41 42struct fuse_req *fuse_request_alloc(void) 43{ 44 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, GFP_KERNEL); 45 if (req) 46 fuse_request_init(req); 47 return req; 48} 49 50struct fuse_req *fuse_request_alloc_nofs(void) 51{ 52 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, GFP_NOFS); 53 if (req) 54 fuse_request_init(req); 55 return req; 56} 57 58void fuse_request_free(struct fuse_req *req) 59{ 60 kmem_cache_free(fuse_req_cachep, req); 61} 62 63static void block_sigs(sigset_t *oldset) 64{ 65 sigset_t mask; 66 67 siginitsetinv(&mask, sigmask(SIGKILL)); 68 sigprocmask(SIG_BLOCK, &mask, oldset); 69} 70 71static void restore_sigs(sigset_t *oldset) 72{ 73 sigprocmask(SIG_SETMASK, oldset, NULL); 74} 75 76static void __fuse_get_request(struct fuse_req *req) 77{ 78 atomic_inc(&req->count); 79} 80 81/* Must be called with > 1 refcount */ 82static void __fuse_put_request(struct fuse_req *req) 83{ 84 BUG_ON(atomic_read(&req->count) < 2); 85 atomic_dec(&req->count); 86} 87 88static void fuse_req_init_context(struct fuse_req *req) 89{ 90 req->in.h.uid = current_fsuid(); 91 req->in.h.gid = current_fsgid(); 92 req->in.h.pid = current->pid; 93} 94 95struct fuse_req *fuse_get_req(struct fuse_conn *fc) 96{ 97 struct fuse_req *req; 98 sigset_t oldset; 99 int intr; 100 int err; 101 102 atomic_inc(&fc->num_waiting); 103 block_sigs(&oldset); 104 intr = wait_event_interruptible(fc->blocked_waitq, !fc->blocked); 105 restore_sigs(&oldset); 106 err = -EINTR; 107 if (intr) 108 goto out; 109 110 err = -ENOTCONN; 111 if (!fc->connected) 112 goto out; 113 114 req = fuse_request_alloc(); 115 err = -ENOMEM; 116 if (!req) 117 goto out; 118 119 fuse_req_init_context(req); 120 req->waiting = 1; 121 return req; 122 123 out: 124 atomic_dec(&fc->num_waiting); 125 return ERR_PTR(err); 126} 127 128/* 129 * Return request in fuse_file->reserved_req. However that may 130 * currently be in use. If that is the case, wait for it to become 131 * available. 132 */ 133static struct fuse_req *get_reserved_req(struct fuse_conn *fc, 134 struct file *file) 135{ 136 struct fuse_req *req = NULL; 137 struct fuse_file *ff = file->private_data; 138 139 do { 140 wait_event(fc->reserved_req_waitq, ff->reserved_req); 141 spin_lock(&fc->lock); 142 if (ff->reserved_req) { 143 req = ff->reserved_req; 144 ff->reserved_req = NULL; 145 get_file(file); 146 req->stolen_file = file; 147 } 148 spin_unlock(&fc->lock); 149 } while (!req); 150 151 return req; 152} 153 154/* 155 * Put stolen request back into fuse_file->reserved_req 156 */ 157static void put_reserved_req(struct fuse_conn *fc, struct fuse_req *req) 158{ 159 struct file *file = req->stolen_file; 160 struct fuse_file *ff = file->private_data; 161 162 spin_lock(&fc->lock); 163 fuse_request_init(req); 164 BUG_ON(ff->reserved_req); 165 ff->reserved_req = req; 166 wake_up_all(&fc->reserved_req_waitq); 167 spin_unlock(&fc->lock); 168 fput(file); 169} 170 171/* 172 * Gets a requests for a file operation, always succeeds 173 * 174 * This is used for sending the FLUSH request, which must get to 175 * userspace, due to POSIX locks which may need to be unlocked. 176 * 177 * If allocation fails due to OOM, use the reserved request in 178 * fuse_file. 179 * 180 * This is very unlikely to deadlock accidentally, since the 181 * filesystem should not have it's own file open. If deadlock is 182 * intentional, it can still be broken by "aborting" the filesystem. 183 */ 184struct fuse_req *fuse_get_req_nofail(struct fuse_conn *fc, struct file *file) 185{ 186 struct fuse_req *req; 187 188 atomic_inc(&fc->num_waiting); 189 wait_event(fc->blocked_waitq, !fc->blocked); 190 req = fuse_request_alloc(); 191 if (!req) 192 req = get_reserved_req(fc, file); 193 194 fuse_req_init_context(req); 195 req->waiting = 1; 196 return req; 197} 198 199void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req) 200{ 201 if (atomic_dec_and_test(&req->count)) { 202 if (req->waiting) 203 atomic_dec(&fc->num_waiting); 204 205 if (req->stolen_file) 206 put_reserved_req(fc, req); 207 else 208 fuse_request_free(req); 209 } 210} 211 212static unsigned len_args(unsigned numargs, struct fuse_arg *args) 213{ 214 unsigned nbytes = 0; 215 unsigned i; 216 217 for (i = 0; i < numargs; i++) 218 nbytes += args[i].size; 219 220 return nbytes; 221} 222 223static u64 fuse_get_unique(struct fuse_conn *fc) 224{ 225 fc->reqctr++; 226 /* zero is special */ 227 if (fc->reqctr == 0) 228 fc->reqctr = 1; 229 230 return fc->reqctr; 231} 232 233static void queue_request(struct fuse_conn *fc, struct fuse_req *req) 234{ 235 req->in.h.unique = fuse_get_unique(fc); 236 req->in.h.len = sizeof(struct fuse_in_header) + 237 len_args(req->in.numargs, (struct fuse_arg *) req->in.args); 238 list_add_tail(&req->list, &fc->pending); 239 req->state = FUSE_REQ_PENDING; 240 if (!req->waiting) { 241 req->waiting = 1; 242 atomic_inc(&fc->num_waiting); 243 } 244 wake_up(&fc->waitq); 245 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 246} 247 248static void flush_bg_queue(struct fuse_conn *fc) 249{ 250 while (fc->active_background < FUSE_MAX_BACKGROUND && 251 !list_empty(&fc->bg_queue)) { 252 struct fuse_req *req; 253 254 req = list_entry(fc->bg_queue.next, struct fuse_req, list); 255 list_del(&req->list); 256 fc->active_background++; 257 queue_request(fc, req); 258 } 259} 260 261/* 262 * This function is called when a request is finished. Either a reply 263 * has arrived or it was aborted (and not yet sent) or some error 264 * occurred during communication with userspace, or the device file 265 * was closed. The requester thread is woken up (if still waiting), 266 * the 'end' callback is called if given, else the reference to the 267 * request is released 268 * 269 * Called with fc->lock, unlocks it 270 */ 271static void request_end(struct fuse_conn *fc, struct fuse_req *req) 272__releases(&fc->lock) 273{ 274 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end; 275 req->end = NULL; 276 list_del(&req->list); 277 list_del(&req->intr_entry); 278 req->state = FUSE_REQ_FINISHED; 279 if (req->background) { 280 if (fc->num_background == FUSE_MAX_BACKGROUND) { 281 fc->blocked = 0; 282 wake_up_all(&fc->blocked_waitq); 283 } 284 if (fc->num_background == FUSE_CONGESTION_THRESHOLD && 285 fc->connected) { 286 clear_bdi_congested(&fc->bdi, READ); 287 clear_bdi_congested(&fc->bdi, WRITE); 288 } 289 fc->num_background--; 290 fc->active_background--; 291 flush_bg_queue(fc); 292 } 293 spin_unlock(&fc->lock); 294 wake_up(&req->waitq); 295 if (end) 296 end(fc, req); 297 fuse_put_request(fc, req); 298} 299 300static void wait_answer_interruptible(struct fuse_conn *fc, 301 struct fuse_req *req) 302__releases(&fc->lock) 303__acquires(&fc->lock) 304{ 305 if (signal_pending(current)) 306 return; 307 308 spin_unlock(&fc->lock); 309 wait_event_interruptible(req->waitq, req->state == FUSE_REQ_FINISHED); 310 spin_lock(&fc->lock); 311} 312 313static void queue_interrupt(struct fuse_conn *fc, struct fuse_req *req) 314{ 315 list_add_tail(&req->intr_entry, &fc->interrupts); 316 wake_up(&fc->waitq); 317 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 318} 319 320static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req) 321__releases(&fc->lock) 322__acquires(&fc->lock) 323{ 324 if (!fc->no_interrupt) { 325 /* Any signal may interrupt this */ 326 wait_answer_interruptible(fc, req); 327 328 if (req->aborted) 329 goto aborted; 330 if (req->state == FUSE_REQ_FINISHED) 331 return; 332 333 req->interrupted = 1; 334 if (req->state == FUSE_REQ_SENT) 335 queue_interrupt(fc, req); 336 } 337 338 if (!req->force) { 339 sigset_t oldset; 340 341 /* Only fatal signals may interrupt this */ 342 block_sigs(&oldset); 343 wait_answer_interruptible(fc, req); 344 restore_sigs(&oldset); 345 346 if (req->aborted) 347 goto aborted; 348 if (req->state == FUSE_REQ_FINISHED) 349 return; 350 351 /* Request is not yet in userspace, bail out */ 352 if (req->state == FUSE_REQ_PENDING) { 353 list_del(&req->list); 354 __fuse_put_request(req); 355 req->out.h.error = -EINTR; 356 return; 357 } 358 } 359 360 /* 361 * Either request is already in userspace, or it was forced. 362 * Wait it out. 363 */ 364 spin_unlock(&fc->lock); 365 wait_event(req->waitq, req->state == FUSE_REQ_FINISHED); 366 spin_lock(&fc->lock); 367 368 if (!req->aborted) 369 return; 370 371 aborted: 372 BUG_ON(req->state != FUSE_REQ_FINISHED); 373 if (req->locked) { 374 /* This is uninterruptible sleep, because data is 375 being copied to/from the buffers of req. During 376 locked state, there mustn't be any filesystem 377 operation (e.g. page fault), since that could lead 378 to deadlock */ 379 spin_unlock(&fc->lock); 380 wait_event(req->waitq, !req->locked); 381 spin_lock(&fc->lock); 382 } 383} 384 385void fuse_request_send(struct fuse_conn *fc, struct fuse_req *req) 386{ 387 req->isreply = 1; 388 spin_lock(&fc->lock); 389 if (!fc->connected) 390 req->out.h.error = -ENOTCONN; 391 else if (fc->conn_error) 392 req->out.h.error = -ECONNREFUSED; 393 else { 394 queue_request(fc, req); 395 /* acquire extra reference, since request is still needed 396 after request_end() */ 397 __fuse_get_request(req); 398 399 request_wait_answer(fc, req); 400 } 401 spin_unlock(&fc->lock); 402} 403 404static void fuse_request_send_nowait_locked(struct fuse_conn *fc, 405 struct fuse_req *req) 406{ 407 req->background = 1; 408 fc->num_background++; 409 if (fc->num_background == FUSE_MAX_BACKGROUND) 410 fc->blocked = 1; 411 if (fc->num_background == FUSE_CONGESTION_THRESHOLD) { 412 set_bdi_congested(&fc->bdi, READ); 413 set_bdi_congested(&fc->bdi, WRITE); 414 } 415 list_add_tail(&req->list, &fc->bg_queue); 416 flush_bg_queue(fc); 417} 418 419static void fuse_request_send_nowait(struct fuse_conn *fc, struct fuse_req *req) 420{ 421 spin_lock(&fc->lock); 422 if (fc->connected) { 423 fuse_request_send_nowait_locked(fc, req); 424 spin_unlock(&fc->lock); 425 } else { 426 req->out.h.error = -ENOTCONN; 427 request_end(fc, req); 428 } 429} 430 431void fuse_request_send_noreply(struct fuse_conn *fc, struct fuse_req *req) 432{ 433 req->isreply = 0; 434 fuse_request_send_nowait(fc, req); 435} 436 437void fuse_request_send_background(struct fuse_conn *fc, struct fuse_req *req) 438{ 439 req->isreply = 1; 440 fuse_request_send_nowait(fc, req); 441} 442 443/* 444 * Called under fc->lock 445 * 446 * fc->connected must have been checked previously 447 */ 448void fuse_request_send_background_locked(struct fuse_conn *fc, 449 struct fuse_req *req) 450{ 451 req->isreply = 1; 452 fuse_request_send_nowait_locked(fc, req); 453} 454 455/* 456 * Lock the request. Up to the next unlock_request() there mustn't be 457 * anything that could cause a page-fault. If the request was already 458 * aborted bail out. 459 */ 460static int lock_request(struct fuse_conn *fc, struct fuse_req *req) 461{ 462 int err = 0; 463 if (req) { 464 spin_lock(&fc->lock); 465 if (req->aborted) 466 err = -ENOENT; 467 else 468 req->locked = 1; 469 spin_unlock(&fc->lock); 470 } 471 return err; 472} 473 474/* 475 * Unlock request. If it was aborted during being locked, the 476 * requester thread is currently waiting for it to be unlocked, so 477 * wake it up. 478 */ 479static void unlock_request(struct fuse_conn *fc, struct fuse_req *req) 480{ 481 if (req) { 482 spin_lock(&fc->lock); 483 req->locked = 0; 484 if (req->aborted) 485 wake_up(&req->waitq); 486 spin_unlock(&fc->lock); 487 } 488} 489 490struct fuse_copy_state { 491 struct fuse_conn *fc; 492 int write; 493 struct fuse_req *req; 494 const struct iovec *iov; 495 unsigned long nr_segs; 496 unsigned long seglen; 497 unsigned long addr; 498 struct page *pg; 499 void *mapaddr; 500 void *buf; 501 unsigned len; 502}; 503 504static void fuse_copy_init(struct fuse_copy_state *cs, struct fuse_conn *fc, 505 int write, struct fuse_req *req, 506 const struct iovec *iov, unsigned long nr_segs) 507{ 508 memset(cs, 0, sizeof(*cs)); 509 cs->fc = fc; 510 cs->write = write; 511 cs->req = req; 512 cs->iov = iov; 513 cs->nr_segs = nr_segs; 514} 515 516/* Unmap and put previous page of userspace buffer */ 517static void fuse_copy_finish(struct fuse_copy_state *cs) 518{ 519 if (cs->mapaddr) { 520 kunmap_atomic(cs->mapaddr, KM_USER0); 521 if (cs->write) { 522 flush_dcache_page(cs->pg); 523 set_page_dirty_lock(cs->pg); 524 } 525 put_page(cs->pg); 526 cs->mapaddr = NULL; 527 } 528} 529 530/* 531 * Get another pagefull of userspace buffer, and map it to kernel 532 * address space, and lock request 533 */ 534static int fuse_copy_fill(struct fuse_copy_state *cs) 535{ 536 unsigned long offset; 537 int err; 538 539 unlock_request(cs->fc, cs->req); 540 fuse_copy_finish(cs); 541 if (!cs->seglen) { 542 BUG_ON(!cs->nr_segs); 543 cs->seglen = cs->iov[0].iov_len; 544 cs->addr = (unsigned long) cs->iov[0].iov_base; 545 cs->iov++; 546 cs->nr_segs--; 547 } 548 down_read(&current->mm->mmap_sem); 549 err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0, 550 &cs->pg, NULL); 551 up_read(&current->mm->mmap_sem); 552 if (err < 0) 553 return err; 554 BUG_ON(err != 1); 555 offset = cs->addr % PAGE_SIZE; 556 cs->mapaddr = kmap_atomic(cs->pg, KM_USER0); 557 cs->buf = cs->mapaddr + offset; 558 cs->len = min(PAGE_SIZE - offset, cs->seglen); 559 cs->seglen -= cs->len; 560 cs->addr += cs->len; 561 562 return lock_request(cs->fc, cs->req); 563} 564 565/* Do as much copy to/from userspace buffer as we can */ 566static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size) 567{ 568 unsigned ncpy = min(*size, cs->len); 569 if (val) { 570 if (cs->write) 571 memcpy(cs->buf, *val, ncpy); 572 else 573 memcpy(*val, cs->buf, ncpy); 574 *val += ncpy; 575 } 576 *size -= ncpy; 577 cs->len -= ncpy; 578 cs->buf += ncpy; 579 return ncpy; 580} 581 582/* 583 * Copy a page in the request to/from the userspace buffer. Must be 584 * done atomically 585 */ 586static int fuse_copy_page(struct fuse_copy_state *cs, struct page *page, 587 unsigned offset, unsigned count, int zeroing) 588{ 589 if (page && zeroing && count < PAGE_SIZE) { 590 void *mapaddr = kmap_atomic(page, KM_USER1); 591 memset(mapaddr, 0, PAGE_SIZE); 592 kunmap_atomic(mapaddr, KM_USER1); 593 } 594 while (count) { 595 if (!cs->len) { 596 int err = fuse_copy_fill(cs); 597 if (err) 598 return err; 599 } 600 if (page) { 601 void *mapaddr = kmap_atomic(page, KM_USER1); 602 void *buf = mapaddr + offset; 603 offset += fuse_copy_do(cs, &buf, &count); 604 kunmap_atomic(mapaddr, KM_USER1); 605 } else 606 offset += fuse_copy_do(cs, NULL, &count); 607 } 608 if (page && !cs->write) 609 flush_dcache_page(page); 610 return 0; 611} 612 613/* Copy pages in the request to/from userspace buffer */ 614static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes, 615 int zeroing) 616{ 617 unsigned i; 618 struct fuse_req *req = cs->req; 619 unsigned offset = req->page_offset; 620 unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset); 621 622 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) { 623 struct page *page = req->pages[i]; 624 int err = fuse_copy_page(cs, page, offset, count, zeroing); 625 if (err) 626 return err; 627 628 nbytes -= count; 629 count = min(nbytes, (unsigned) PAGE_SIZE); 630 offset = 0; 631 } 632 return 0; 633} 634 635/* Copy a single argument in the request to/from userspace buffer */ 636static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size) 637{ 638 while (size) { 639 if (!cs->len) { 640 int err = fuse_copy_fill(cs); 641 if (err) 642 return err; 643 } 644 fuse_copy_do(cs, &val, &size); 645 } 646 return 0; 647} 648 649/* Copy request arguments to/from userspace buffer */ 650static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs, 651 unsigned argpages, struct fuse_arg *args, 652 int zeroing) 653{ 654 int err = 0; 655 unsigned i; 656 657 for (i = 0; !err && i < numargs; i++) { 658 struct fuse_arg *arg = &args[i]; 659 if (i == numargs - 1 && argpages) 660 err = fuse_copy_pages(cs, arg->size, zeroing); 661 else 662 err = fuse_copy_one(cs, arg->value, arg->size); 663 } 664 return err; 665} 666 667static int request_pending(struct fuse_conn *fc) 668{ 669 return !list_empty(&fc->pending) || !list_empty(&fc->interrupts); 670} 671 672/* Wait until a request is available on the pending list */ 673static void request_wait(struct fuse_conn *fc) 674__releases(&fc->lock) 675__acquires(&fc->lock) 676{ 677 DECLARE_WAITQUEUE(wait, current); 678 679 add_wait_queue_exclusive(&fc->waitq, &wait); 680 while (fc->connected && !request_pending(fc)) { 681 set_current_state(TASK_INTERRUPTIBLE); 682 if (signal_pending(current)) 683 break; 684 685 spin_unlock(&fc->lock); 686 schedule(); 687 spin_lock(&fc->lock); 688 } 689 set_current_state(TASK_RUNNING); 690 remove_wait_queue(&fc->waitq, &wait); 691} 692 693/* 694 * Transfer an interrupt request to userspace 695 * 696 * Unlike other requests this is assembled on demand, without a need 697 * to allocate a separate fuse_req structure. 698 * 699 * Called with fc->lock held, releases it 700 */ 701static int fuse_read_interrupt(struct fuse_conn *fc, struct fuse_req *req, 702 const struct iovec *iov, unsigned long nr_segs) 703__releases(&fc->lock) 704{ 705 struct fuse_copy_state cs; 706 struct fuse_in_header ih; 707 struct fuse_interrupt_in arg; 708 unsigned reqsize = sizeof(ih) + sizeof(arg); 709 int err; 710 711 list_del_init(&req->intr_entry); 712 req->intr_unique = fuse_get_unique(fc); 713 memset(&ih, 0, sizeof(ih)); 714 memset(&arg, 0, sizeof(arg)); 715 ih.len = reqsize; 716 ih.opcode = FUSE_INTERRUPT; 717 ih.unique = req->intr_unique; 718 arg.unique = req->in.h.unique; 719 720 spin_unlock(&fc->lock); 721 if (iov_length(iov, nr_segs) < reqsize) 722 return -EINVAL; 723 724 fuse_copy_init(&cs, fc, 1, NULL, iov, nr_segs); 725 err = fuse_copy_one(&cs, &ih, sizeof(ih)); 726 if (!err) 727 err = fuse_copy_one(&cs, &arg, sizeof(arg)); 728 fuse_copy_finish(&cs); 729 730 return err ? err : reqsize; 731} 732 733/* 734 * Read a single request into the userspace filesystem's buffer. This 735 * function waits until a request is available, then removes it from 736 * the pending list and copies request data to userspace buffer. If 737 * no reply is needed (FORGET) or request has been aborted or there 738 * was an error during the copying then it's finished by calling 739 * request_end(). Otherwise add it to the processing list, and set 740 * the 'sent' flag. 741 */ 742static ssize_t fuse_dev_read(struct kiocb *iocb, const struct iovec *iov, 743 unsigned long nr_segs, loff_t pos) 744{ 745 int err; 746 struct fuse_req *req; 747 struct fuse_in *in; 748 struct fuse_copy_state cs; 749 unsigned reqsize; 750 struct file *file = iocb->ki_filp; 751 struct fuse_conn *fc = fuse_get_conn(file); 752 if (!fc) 753 return -EPERM; 754 755 restart: 756 spin_lock(&fc->lock); 757 err = -EAGAIN; 758 if ((file->f_flags & O_NONBLOCK) && fc->connected && 759 !request_pending(fc)) 760 goto err_unlock; 761 762 request_wait(fc); 763 err = -ENODEV; 764 if (!fc->connected) 765 goto err_unlock; 766 err = -ERESTARTSYS; 767 if (!request_pending(fc)) 768 goto err_unlock; 769 770 if (!list_empty(&fc->interrupts)) { 771 req = list_entry(fc->interrupts.next, struct fuse_req, 772 intr_entry); 773 return fuse_read_interrupt(fc, req, iov, nr_segs); 774 } 775 776 req = list_entry(fc->pending.next, struct fuse_req, list); 777 req->state = FUSE_REQ_READING; 778 list_move(&req->list, &fc->io); 779 780 in = &req->in; 781 reqsize = in->h.len; 782 /* If request is too large, reply with an error and restart the read */ 783 if (iov_length(iov, nr_segs) < reqsize) { 784 req->out.h.error = -EIO; 785 /* SETXATTR is special, since it may contain too large data */ 786 if (in->h.opcode == FUSE_SETXATTR) 787 req->out.h.error = -E2BIG; 788 request_end(fc, req); 789 goto restart; 790 } 791 spin_unlock(&fc->lock); 792 fuse_copy_init(&cs, fc, 1, req, iov, nr_segs); 793 err = fuse_copy_one(&cs, &in->h, sizeof(in->h)); 794 if (!err) 795 err = fuse_copy_args(&cs, in->numargs, in->argpages, 796 (struct fuse_arg *) in->args, 0); 797 fuse_copy_finish(&cs); 798 spin_lock(&fc->lock); 799 req->locked = 0; 800 if (req->aborted) { 801 request_end(fc, req); 802 return -ENODEV; 803 } 804 if (err) { 805 req->out.h.error = -EIO; 806 request_end(fc, req); 807 return err; 808 } 809 if (!req->isreply) 810 request_end(fc, req); 811 else { 812 req->state = FUSE_REQ_SENT; 813 list_move_tail(&req->list, &fc->processing); 814 if (req->interrupted) 815 queue_interrupt(fc, req); 816 spin_unlock(&fc->lock); 817 } 818 return reqsize; 819 820 err_unlock: 821 spin_unlock(&fc->lock); 822 return err; 823} 824 825static int fuse_notify_poll(struct fuse_conn *fc, unsigned int size, 826 struct fuse_copy_state *cs) 827{ 828 struct fuse_notify_poll_wakeup_out outarg; 829 int err = -EINVAL; 830 831 if (size != sizeof(outarg)) 832 goto err; 833 834 err = fuse_copy_one(cs, &outarg, sizeof(outarg)); 835 if (err) 836 goto err; 837 838 fuse_copy_finish(cs); 839 return fuse_notify_poll_wakeup(fc, &outarg); 840 841err: 842 fuse_copy_finish(cs); 843 return err; 844} 845 846static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code, 847 unsigned int size, struct fuse_copy_state *cs) 848{ 849 switch (code) { 850 case FUSE_NOTIFY_POLL: 851 return fuse_notify_poll(fc, size, cs); 852 853 default: 854 fuse_copy_finish(cs); 855 return -EINVAL; 856 } 857} 858 859/* Look up request on processing list by unique ID */ 860static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique) 861{ 862 struct list_head *entry; 863 864 list_for_each(entry, &fc->processing) { 865 struct fuse_req *req; 866 req = list_entry(entry, struct fuse_req, list); 867 if (req->in.h.unique == unique || req->intr_unique == unique) 868 return req; 869 } 870 return NULL; 871} 872 873static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out, 874 unsigned nbytes) 875{ 876 unsigned reqsize = sizeof(struct fuse_out_header); 877 878 if (out->h.error) 879 return nbytes != reqsize ? -EINVAL : 0; 880 881 reqsize += len_args(out->numargs, out->args); 882 883 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar)) 884 return -EINVAL; 885 else if (reqsize > nbytes) { 886 struct fuse_arg *lastarg = &out->args[out->numargs-1]; 887 unsigned diffsize = reqsize - nbytes; 888 if (diffsize > lastarg->size) 889 return -EINVAL; 890 lastarg->size -= diffsize; 891 } 892 return fuse_copy_args(cs, out->numargs, out->argpages, out->args, 893 out->page_zeroing); 894} 895 896/* 897 * Write a single reply to a request. First the header is copied from 898 * the write buffer. The request is then searched on the processing 899 * list by the unique ID found in the header. If found, then remove 900 * it from the list and copy the rest of the buffer to the request. 901 * The request is finished by calling request_end() 902 */ 903static ssize_t fuse_dev_write(struct kiocb *iocb, const struct iovec *iov, 904 unsigned long nr_segs, loff_t pos) 905{ 906 int err; 907 unsigned nbytes = iov_length(iov, nr_segs); 908 struct fuse_req *req; 909 struct fuse_out_header oh; 910 struct fuse_copy_state cs; 911 struct fuse_conn *fc = fuse_get_conn(iocb->ki_filp); 912 if (!fc) 913 return -EPERM; 914 915 fuse_copy_init(&cs, fc, 0, NULL, iov, nr_segs); 916 if (nbytes < sizeof(struct fuse_out_header)) 917 return -EINVAL; 918 919 err = fuse_copy_one(&cs, &oh, sizeof(oh)); 920 if (err) 921 goto err_finish; 922 923 err = -EINVAL; 924 if (oh.len != nbytes) 925 goto err_finish; 926 927 /* 928 * Zero oh.unique indicates unsolicited notification message 929 * and error contains notification code. 930 */ 931 if (!oh.unique) { 932 err = fuse_notify(fc, oh.error, nbytes - sizeof(oh), &cs); 933 return err ? err : nbytes; 934 } 935 936 err = -EINVAL; 937 if (oh.error <= -1000 || oh.error > 0) 938 goto err_finish; 939 940 spin_lock(&fc->lock); 941 err = -ENOENT; 942 if (!fc->connected) 943 goto err_unlock; 944 945 req = request_find(fc, oh.unique); 946 if (!req) 947 goto err_unlock; 948 949 if (req->aborted) { 950 spin_unlock(&fc->lock); 951 fuse_copy_finish(&cs); 952 spin_lock(&fc->lock); 953 request_end(fc, req); 954 return -ENOENT; 955 } 956 /* Is it an interrupt reply? */ 957 if (req->intr_unique == oh.unique) { 958 err = -EINVAL; 959 if (nbytes != sizeof(struct fuse_out_header)) 960 goto err_unlock; 961 962 if (oh.error == -ENOSYS) 963 fc->no_interrupt = 1; 964 else if (oh.error == -EAGAIN) 965 queue_interrupt(fc, req); 966 967 spin_unlock(&fc->lock); 968 fuse_copy_finish(&cs); 969 return nbytes; 970 } 971 972 req->state = FUSE_REQ_WRITING; 973 list_move(&req->list, &fc->io); 974 req->out.h = oh; 975 req->locked = 1; 976 cs.req = req; 977 spin_unlock(&fc->lock); 978 979 err = copy_out_args(&cs, &req->out, nbytes); 980 fuse_copy_finish(&cs); 981 982 spin_lock(&fc->lock); 983 req->locked = 0; 984 if (!err) { 985 if (req->aborted) 986 err = -ENOENT; 987 } else if (!req->aborted) 988 req->out.h.error = -EIO; 989 request_end(fc, req); 990 991 return err ? err : nbytes; 992 993 err_unlock: 994 spin_unlock(&fc->lock); 995 err_finish: 996 fuse_copy_finish(&cs); 997 return err; 998} 999 1000static unsigned fuse_dev_poll(struct file *file, poll_table *wait) 1001{ 1002 unsigned mask = POLLOUT | POLLWRNORM; 1003 struct fuse_conn *fc = fuse_get_conn(file); 1004 if (!fc) 1005 return POLLERR; 1006 1007 poll_wait(file, &fc->waitq, wait); 1008 1009 spin_lock(&fc->lock); 1010 if (!fc->connected) 1011 mask = POLLERR; 1012 else if (request_pending(fc)) 1013 mask |= POLLIN | POLLRDNORM; 1014 spin_unlock(&fc->lock); 1015 1016 return mask; 1017} 1018 1019/* 1020 * Abort all requests on the given list (pending or processing) 1021 * 1022 * This function releases and reacquires fc->lock 1023 */ 1024static void end_requests(struct fuse_conn *fc, struct list_head *head) 1025__releases(&fc->lock) 1026__acquires(&fc->lock) 1027{ 1028 while (!list_empty(head)) { 1029 struct fuse_req *req; 1030 req = list_entry(head->next, struct fuse_req, list); 1031 req->out.h.error = -ECONNABORTED; 1032 request_end(fc, req); 1033 spin_lock(&fc->lock); 1034 } 1035} 1036 1037/* 1038 * Abort requests under I/O 1039 * 1040 * The requests are set to aborted and finished, and the request 1041 * waiter is woken up. This will make request_wait_answer() wait 1042 * until the request is unlocked and then return. 1043 * 1044 * If the request is asynchronous, then the end function needs to be 1045 * called after waiting for the request to be unlocked (if it was 1046 * locked). 1047 */ 1048static void end_io_requests(struct fuse_conn *fc) 1049__releases(&fc->lock) 1050__acquires(&fc->lock) 1051{ 1052 while (!list_empty(&fc->io)) { 1053 struct fuse_req *req = 1054 list_entry(fc->io.next, struct fuse_req, list); 1055 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end; 1056 1057 req->aborted = 1; 1058 req->out.h.error = -ECONNABORTED; 1059 req->state = FUSE_REQ_FINISHED; 1060 list_del_init(&req->list); 1061 wake_up(&req->waitq); 1062 if (end) { 1063 req->end = NULL; 1064 __fuse_get_request(req); 1065 spin_unlock(&fc->lock); 1066 wait_event(req->waitq, !req->locked); 1067 end(fc, req); 1068 fuse_put_request(fc, req); 1069 spin_lock(&fc->lock); 1070 } 1071 } 1072} 1073 1074/* 1075 * Abort all requests. 1076 * 1077 * Emergency exit in case of a malicious or accidental deadlock, or 1078 * just a hung filesystem. 1079 * 1080 * The same effect is usually achievable through killing the 1081 * filesystem daemon and all users of the filesystem. The exception 1082 * is the combination of an asynchronous request and the tricky 1083 * deadlock (see Documentation/filesystems/fuse.txt). 1084 * 1085 * During the aborting, progression of requests from the pending and 1086 * processing lists onto the io list, and progression of new requests 1087 * onto the pending list is prevented by req->connected being false. 1088 * 1089 * Progression of requests under I/O to the processing list is 1090 * prevented by the req->aborted flag being true for these requests. 1091 * For this reason requests on the io list must be aborted first. 1092 */ 1093void fuse_abort_conn(struct fuse_conn *fc) 1094{ 1095 spin_lock(&fc->lock); 1096 if (fc->connected) { 1097 fc->connected = 0; 1098 fc->blocked = 0; 1099 end_io_requests(fc); 1100 end_requests(fc, &fc->pending); 1101 end_requests(fc, &fc->processing); 1102 wake_up_all(&fc->waitq); 1103 wake_up_all(&fc->blocked_waitq); 1104 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 1105 } 1106 spin_unlock(&fc->lock); 1107} 1108 1109static int fuse_dev_release(struct inode *inode, struct file *file) 1110{ 1111 struct fuse_conn *fc = fuse_get_conn(file); 1112 if (fc) { 1113 spin_lock(&fc->lock); 1114 fc->connected = 0; 1115 end_requests(fc, &fc->pending); 1116 end_requests(fc, &fc->processing); 1117 spin_unlock(&fc->lock); 1118 fuse_conn_put(fc); 1119 } 1120 1121 return 0; 1122} 1123 1124static int fuse_dev_fasync(int fd, struct file *file, int on) 1125{ 1126 struct fuse_conn *fc = fuse_get_conn(file); 1127 if (!fc) 1128 return -EPERM; 1129 1130 /* No locking - fasync_helper does its own locking */ 1131 return fasync_helper(fd, file, on, &fc->fasync); 1132} 1133 1134const struct file_operations fuse_dev_operations = { 1135 .owner = THIS_MODULE, 1136 .llseek = no_llseek, 1137 .read = do_sync_read, 1138 .aio_read = fuse_dev_read, 1139 .write = do_sync_write, 1140 .aio_write = fuse_dev_write, 1141 .poll = fuse_dev_poll, 1142 .release = fuse_dev_release, 1143 .fasync = fuse_dev_fasync, 1144}; 1145 1146static struct miscdevice fuse_miscdevice = { 1147 .minor = FUSE_MINOR, 1148 .name = "fuse", 1149 .fops = &fuse_dev_operations, 1150}; 1151 1152int __init fuse_dev_init(void) 1153{ 1154 int err = -ENOMEM; 1155 fuse_req_cachep = kmem_cache_create("fuse_request", 1156 sizeof(struct fuse_req), 1157 0, 0, NULL); 1158 if (!fuse_req_cachep) 1159 goto out; 1160 1161 err = misc_register(&fuse_miscdevice); 1162 if (err) 1163 goto out_cache_clean; 1164 1165 return 0; 1166 1167 out_cache_clean: 1168 kmem_cache_destroy(fuse_req_cachep); 1169 out: 1170 return err; 1171} 1172 1173void fuse_dev_cleanup(void) 1174{ 1175 misc_deregister(&fuse_miscdevice); 1176 kmem_cache_destroy(fuse_req_cachep); 1177}