projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] fuse: fix async read for legacy filesystems
[linux-2.6-block.git] / fs / fuse / dev.c
CommitLineData
334f485d
MS		 1/*
2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2005 Miklos Szeredi <miklos@szeredi.hu>
4
5 This program can be distributed under the terms of the GNU GPL.
6 See the file COPYING.
7*/
8
9#include "fuse_i.h"
10
11#include <linux/init.h>
12#include <linux/module.h>
13#include <linux/poll.h>
14#include <linux/uio.h>
15#include <linux/miscdevice.h>
16#include <linux/pagemap.h>
17#include <linux/file.h>
18#include <linux/slab.h>
19
20MODULE_ALIAS_MISCDEV(FUSE_MINOR);
21
22static kmem_cache_t *fuse_req_cachep;
23
8bfc016d 24static struct fuse_conn *fuse_get_conn(struct file *file)
334f485d
MS		 25{
26 struct fuse_conn *fc;
27 spin_lock(&fuse_lock);
28 fc = file->private_data;
9ba7cbba 29 if (fc && !fc->connected)
334f485d
MS		 30 fc = NULL;
31 spin_unlock(&fuse_lock);
32 return fc;
33}
34
8bfc016d 35static void fuse_request_init(struct fuse_req *req)
334f485d
MS		 36{
37 memset(req, 0, sizeof(*req));
38 INIT_LIST_HEAD(&req->list);
39 init_waitqueue_head(&req->waitq);
40 atomic_set(&req->count, 1);
41}
42
43struct fuse_req *fuse_request_alloc(void)
44{
45 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, SLAB_KERNEL);
46 if (req)
47 fuse_request_init(req);
48 return req;
49}
50
51void fuse_request_free(struct fuse_req *req)
52{
53 kmem_cache_free(fuse_req_cachep, req);
54}
55
8bfc016d 56static void block_sigs(sigset_t *oldset)
334f485d
MS		 57{
58 sigset_t mask;
59
60 siginitsetinv(&mask, sigmask(SIGKILL));
61 sigprocmask(SIG_BLOCK, &mask, oldset);
62}
63
8bfc016d 64static void restore_sigs(sigset_t *oldset)
334f485d
MS		 65{
66 sigprocmask(SIG_SETMASK, oldset, NULL);
67}
68
69void fuse_reset_request(struct fuse_req *req)
70{
71 int preallocated = req->preallocated;
72 BUG_ON(atomic_read(&req->count) != 1);
73 fuse_request_init(req);
74 req->preallocated = preallocated;
75}
76
77static void __fuse_get_request(struct fuse_req *req)
78{
79 atomic_inc(&req->count);
80}
81
82/* Must be called with > 1 refcount */
83static void __fuse_put_request(struct fuse_req *req)
84{
85 BUG_ON(atomic_read(&req->count) < 2);
86 atomic_dec(&req->count);
87}
88
89static struct fuse_req *do_get_request(struct fuse_conn *fc)
90{
91 struct fuse_req *req;
92
93 spin_lock(&fuse_lock);
94 BUG_ON(list_empty(&fc->unused_list));
95 req = list_entry(fc->unused_list.next, struct fuse_req, list);
96 list_del_init(&req->list);
97 spin_unlock(&fuse_lock);
98 fuse_request_init(req);
99 req->preallocated = 1;
100 req->in.h.uid = current->fsuid;
101 req->in.h.gid = current->fsgid;
102 req->in.h.pid = current->pid;
103 return req;
104}
105
7c352bdf 106/* This can return NULL, but only in case it's interrupted by a SIGKILL */
334f485d 107struct fuse_req *fuse_get_request(struct fuse_conn *fc)
334f485d
MS		 108{
109 int intr;
110 sigset_t oldset;
111
0cd5b885 112 atomic_inc(&fc->num_waiting);
334f485d
MS		 113 block_sigs(&oldset);
114 intr = down_interruptible(&fc->outstanding_sem);
115 restore_sigs(&oldset);
0cd5b885
MS		 116 if (intr) {
117 atomic_dec(&fc->num_waiting);
118 return NULL;
119 }
120 return do_get_request(fc);
334f485d
MS		 121}
122
123static void fuse_putback_request(struct fuse_conn *fc, struct fuse_req *req)
124{
125 spin_lock(&fuse_lock);
0cd5b885
MS		 126 if (req->preallocated) {
127 atomic_dec(&fc->num_waiting);
334f485d 128 list_add(&req->list, &fc->unused_list);
0cd5b885 129 } else
334f485d
MS		 130 fuse_request_free(req);
131
132 /* If we are in debt decrease that first */
133 if (fc->outstanding_debt)
134 fc->outstanding_debt--;
135 else
136 up(&fc->outstanding_sem);
137 spin_unlock(&fuse_lock);
138}
139
140void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
141{
142 if (atomic_dec_and_test(&req->count))
143 fuse_putback_request(fc, req);
144}
145
1e9a4ed9
MS		 146void fuse_release_background(struct fuse_req *req)
147{
148 iput(req->inode);
149 iput(req->inode2);
150 if (req->file)
151 fput(req->file);
152 spin_lock(&fuse_lock);
153 list_del(&req->bg_entry);
154 spin_unlock(&fuse_lock);
155}
156
334f485d
MS		 157/*
158 * This function is called when a request is finished. Either a reply
159 * has arrived or it was interrupted (and not yet sent) or some error
f43b155a
MS		 160 * occurred during communication with userspace, or the device file
161 * was closed. In case of a background request the reference to the
162 * stored objects are released. The requester thread is woken up (if
64c6d8ed
MS		 163 * still waiting), the 'end' callback is called if given, else the
164 * reference to the request is released
334f485d
MS		 165 *
166 * Called with fuse_lock, unlocks it
167 */
168static void request_end(struct fuse_conn *fc, struct fuse_req *req)
169{
64c6d8ed
MS		 170 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
171 req->end = NULL;
d77a1d5b 172 list_del(&req->list);
83cfd493 173 req->state = FUSE_REQ_FINISHED;
334f485d
MS		 174 spin_unlock(&fuse_lock);
175 if (req->background) {
1e9a4ed9
MS		 176 down_read(&fc->sbput_sem);
177 if (fc->mounted)
178 fuse_release_background(req);
179 up_read(&fc->sbput_sem);
334f485d
MS		 180 }
181 wake_up(&req->waitq);
64c6d8ed
MS		 182 if (end)
183 end(fc, req);
184 else
185 fuse_put_request(fc, req);
334f485d
MS		 186}
187
1e9a4ed9
MS		 188/*
189 * Unfortunately request interruption not just solves the deadlock
190 * problem, it causes problems too. These stem from the fact, that an
191 * interrupted request is continued to be processed in userspace,
192 * while all the locks and object references (inode and file) held
193 * during the operation are released.
194 *
195 * To release the locks is exactly why there's a need to interrupt the
196 * request, so there's not a lot that can be done about this, except
197 * introduce additional locking in userspace.
198 *
199 * More important is to keep inode and file references until userspace
200 * has replied, otherwise FORGET and RELEASE could be sent while the
201 * inode/file is still used by the filesystem.
202 *
203 * For this reason the concept of "background" request is introduced.
204 * An interrupted request is backgrounded if it has been already sent
205 * to userspace. Backgrounding involves getting an extra reference to
206 * inode(s) or file used in the request, and adding the request to
207 * fc->background list. When a reply is received for a background
208 * request, the object references are released, and the request is
209 * removed from the list. If the filesystem is unmounted while there
210 * are still background requests, the list is walked and references
211 * are released as if a reply was received.
212 *
213 * There's one more use for a background request. The RELEASE message is
214 * always sent as background, since it doesn't return an error or
215 * data.
216 */
217static void background_request(struct fuse_conn *fc, struct fuse_req *req)
334f485d 218{
334f485d 219 req->background = 1;
1e9a4ed9 220 list_add(&req->bg_entry, &fc->background);
334f485d
MS		 221 if (req->inode)
222 req->inode = igrab(req->inode);
223 if (req->inode2)
224 req->inode2 = igrab(req->inode2);
225 if (req->file)
226 get_file(req->file);
227}
228
334f485d 229/* Called with fuse_lock held. Releases, and then reacquires it. */
7c352bdf 230static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req)
334f485d 231{
7c352bdf 232 sigset_t oldset;
334f485d
MS		 233
234 spin_unlock(&fuse_lock);
7c352bdf 235 block_sigs(&oldset);
83cfd493 236 wait_event_interruptible(req->waitq, req->state == FUSE_REQ_FINISHED);
7c352bdf 237 restore_sigs(&oldset);
334f485d 238 spin_lock(&fuse_lock);
69a53bf2 239 if (req->state == FUSE_REQ_FINISHED && !req->interrupted)
334f485d
MS		 240 return;
241
69a53bf2
MS		 242 if (!req->interrupted) {
243 req->out.h.error = -EINTR;
244 req->interrupted = 1;
245 }
334f485d
MS		 246 if (req->locked) {
247 /* This is uninterruptible sleep, because data is
248 being copied to/from the buffers of req. During
249 locked state, there mustn't be any filesystem
250 operation (e.g. page fault), since that could lead
251 to deadlock */
252 spin_unlock(&fuse_lock);
253 wait_event(req->waitq, !req->locked);
254 spin_lock(&fuse_lock);
255 }
83cfd493 256 if (req->state == FUSE_REQ_PENDING) {
334f485d
MS		 257 list_del(&req->list);
258 __fuse_put_request(req);
83cfd493 259 } else if (req->state == FUSE_REQ_SENT)
1e9a4ed9 260 background_request(fc, req);
334f485d
MS		 261}
262
263static unsigned len_args(unsigned numargs, struct fuse_arg *args)
264{
265 unsigned nbytes = 0;
266 unsigned i;
267
268 for (i = 0; i < numargs; i++)
269 nbytes += args[i].size;
270
271 return nbytes;
272}
273
274static void queue_request(struct fuse_conn *fc, struct fuse_req *req)
275{
276 fc->reqctr++;
277 /* zero is special */
278 if (fc->reqctr == 0)
279 fc->reqctr = 1;
280 req->in.h.unique = fc->reqctr;
281 req->in.h.len = sizeof(struct fuse_in_header) +
282 len_args(req->in.numargs, (struct fuse_arg *) req->in.args);
283 if (!req->preallocated) {
284 /* If request is not preallocated (either FORGET or
285 RELEASE), then still decrease outstanding_sem, so
286 user can't open infinite number of files while not
287 processing the RELEASE requests. However for
288 efficiency do it without blocking, so if down()
289 would block, just increase the debt instead */
290 if (down_trylock(&fc->outstanding_sem))
291 fc->outstanding_debt++;
292 }
293 list_add_tail(&req->list, &fc->pending);
83cfd493 294 req->state = FUSE_REQ_PENDING;
334f485d
MS		 295 wake_up(&fc->waitq);
296}
297
7c352bdf
MS		 298/*
299 * This can only be interrupted by a SIGKILL
300 */
301void request_send(struct fuse_conn *fc, struct fuse_req *req)
334f485d
MS		 302{
303 req->isreply = 1;
304 spin_lock(&fuse_lock);
1e9a4ed9 305 if (!fc->connected)
334f485d
MS		 306 req->out.h.error = -ENOTCONN;
307 else if (fc->conn_error)
308 req->out.h.error = -ECONNREFUSED;
309 else {
310 queue_request(fc, req);
311 /* acquire extra reference, since request is still needed
312 after request_end() */
313 __fuse_get_request(req);
314
7c352bdf 315 request_wait_answer(fc, req);
334f485d
MS		 316 }
317 spin_unlock(&fuse_lock);
318}
319
334f485d
MS		 320static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req)
321{
322 spin_lock(&fuse_lock);
1e9a4ed9 323 if (fc->connected) {
334f485d
MS		 324 queue_request(fc, req);
325 spin_unlock(&fuse_lock);
326 } else {
327 req->out.h.error = -ENOTCONN;
328 request_end(fc, req);
329 }
330}
331
332void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req)
333{
334 req->isreply = 0;
335 request_send_nowait(fc, req);
336}
337
338void request_send_background(struct fuse_conn *fc, struct fuse_req *req)
339{
340 req->isreply = 1;
1e9a4ed9
MS		 341 spin_lock(&fuse_lock);
342 background_request(fc, req);
343 spin_unlock(&fuse_lock);
334f485d
MS		 344 request_send_nowait(fc, req);
345}
346
334f485d
MS		 347/*
348 * Lock the request. Up to the next unlock_request() there mustn't be
349 * anything that could cause a page-fault. If the request was already
350 * interrupted bail out.
351 */
8bfc016d 352static int lock_request(struct fuse_req *req)
334f485d
MS		 353{
354 int err = 0;
355 if (req) {
356 spin_lock(&fuse_lock);
357 if (req->interrupted)
358 err = -ENOENT;
359 else
360 req->locked = 1;
361 spin_unlock(&fuse_lock);
362 }
363 return err;
364}
365
366/*
367 * Unlock request. If it was interrupted during being locked, the
368 * requester thread is currently waiting for it to be unlocked, so
369 * wake it up.
370 */
8bfc016d 371static void unlock_request(struct fuse_req *req)
334f485d
MS		 372{
373 if (req) {
374 spin_lock(&fuse_lock);
375 req->locked = 0;
376 if (req->interrupted)
377 wake_up(&req->waitq);
378 spin_unlock(&fuse_lock);
379 }
380}
381
382struct fuse_copy_state {
383 int write;
384 struct fuse_req *req;
385 const struct iovec *iov;
386 unsigned long nr_segs;
387 unsigned long seglen;
388 unsigned long addr;
389 struct page *pg;
390 void *mapaddr;
391 void *buf;
392 unsigned len;
393};
394
395static void fuse_copy_init(struct fuse_copy_state *cs, int write,
396 struct fuse_req *req, const struct iovec *iov,
397 unsigned long nr_segs)
398{
399 memset(cs, 0, sizeof(*cs));
400 cs->write = write;
401 cs->req = req;
402 cs->iov = iov;
403 cs->nr_segs = nr_segs;
404}
405
406/* Unmap and put previous page of userspace buffer */
8bfc016d 407static void fuse_copy_finish(struct fuse_copy_state *cs)
334f485d
MS		 408{
409 if (cs->mapaddr) {
410 kunmap_atomic(cs->mapaddr, KM_USER0);
411 if (cs->write) {
412 flush_dcache_page(cs->pg);
413 set_page_dirty_lock(cs->pg);
414 }
415 put_page(cs->pg);
416 cs->mapaddr = NULL;
417 }
418}
419
420/*
421 * Get another pagefull of userspace buffer, and map it to kernel
422 * address space, and lock request
423 */
424static int fuse_copy_fill(struct fuse_copy_state *cs)
425{
426 unsigned long offset;
427 int err;
428
429 unlock_request(cs->req);
430 fuse_copy_finish(cs);
431 if (!cs->seglen) {
432 BUG_ON(!cs->nr_segs);
433 cs->seglen = cs->iov[0].iov_len;
434 cs->addr = (unsigned long) cs->iov[0].iov_base;
435 cs->iov ++;
436 cs->nr_segs --;
437 }
438 down_read(&current->mm->mmap_sem);
439 err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0,
440 &cs->pg, NULL);
441 up_read(&current->mm->mmap_sem);
442 if (err < 0)
443 return err;
444 BUG_ON(err != 1);
445 offset = cs->addr % PAGE_SIZE;
446 cs->mapaddr = kmap_atomic(cs->pg, KM_USER0);
447 cs->buf = cs->mapaddr + offset;
448 cs->len = min(PAGE_SIZE - offset, cs->seglen);
449 cs->seglen -= cs->len;
450 cs->addr += cs->len;
451
452 return lock_request(cs->req);
453}
454
455/* Do as much copy to/from userspace buffer as we can */
8bfc016d 456static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size)
334f485d
MS		 457{
458 unsigned ncpy = min(*size, cs->len);
459 if (val) {
460 if (cs->write)
461 memcpy(cs->buf, *val, ncpy);
462 else
463 memcpy(*val, cs->buf, ncpy);
464 *val += ncpy;
465 }
466 *size -= ncpy;
467 cs->len -= ncpy;
468 cs->buf += ncpy;
469 return ncpy;
470}
471
472/*
473 * Copy a page in the request to/from the userspace buffer. Must be
474 * done atomically
475 */
8bfc016d
MS		 476static int fuse_copy_page(struct fuse_copy_state *cs, struct page *page,
477 unsigned offset, unsigned count, int zeroing)
334f485d
MS		 478{
479 if (page && zeroing && count < PAGE_SIZE) {
480 void *mapaddr = kmap_atomic(page, KM_USER1);
481 memset(mapaddr, 0, PAGE_SIZE);
482 kunmap_atomic(mapaddr, KM_USER1);
483 }
484 while (count) {
485 int err;
486 if (!cs->len && (err = fuse_copy_fill(cs)))
487 return err;
488 if (page) {
489 void *mapaddr = kmap_atomic(page, KM_USER1);
490 void *buf = mapaddr + offset;
491 offset += fuse_copy_do(cs, &buf, &count);
492 kunmap_atomic(mapaddr, KM_USER1);
493 } else
494 offset += fuse_copy_do(cs, NULL, &count);
495 }
496 if (page && !cs->write)
497 flush_dcache_page(page);
498 return 0;
499}
500
501/* Copy pages in the request to/from userspace buffer */
502static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes,
503 int zeroing)
504{
505 unsigned i;
506 struct fuse_req *req = cs->req;
507 unsigned offset = req->page_offset;
508 unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset);
509
510 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) {
511 struct page *page = req->pages[i];
512 int err = fuse_copy_page(cs, page, offset, count, zeroing);
513 if (err)
514 return err;
515
516 nbytes -= count;
517 count = min(nbytes, (unsigned) PAGE_SIZE);
518 offset = 0;
519 }
520 return 0;
521}
522
523/* Copy a single argument in the request to/from userspace buffer */
524static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size)
525{
526 while (size) {
527 int err;
528 if (!cs->len && (err = fuse_copy_fill(cs)))
529 return err;
530 fuse_copy_do(cs, &val, &size);
531 }
532 return 0;
533}
534
535/* Copy request arguments to/from userspace buffer */
536static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs,
537 unsigned argpages, struct fuse_arg *args,
538 int zeroing)
539{
540 int err = 0;
541 unsigned i;
542
543 for (i = 0; !err && i < numargs; i++) {
544 struct fuse_arg *arg = &args[i];
545 if (i == numargs - 1 && argpages)
546 err = fuse_copy_pages(cs, arg->size, zeroing);
547 else
548 err = fuse_copy_one(cs, arg->value, arg->size);
549 }
550 return err;
551}
552
553/* Wait until a request is available on the pending list */
554static void request_wait(struct fuse_conn *fc)
555{
556 DECLARE_WAITQUEUE(wait, current);
557
558 add_wait_queue_exclusive(&fc->waitq, &wait);
9ba7cbba 559 while (fc->connected && list_empty(&fc->pending)) {
334f485d
MS		 560 set_current_state(TASK_INTERRUPTIBLE);
561 if (signal_pending(current))
562 break;
563
564 spin_unlock(&fuse_lock);
565 schedule();
566 spin_lock(&fuse_lock);
567 }
568 set_current_state(TASK_RUNNING);
569 remove_wait_queue(&fc->waitq, &wait);
570}
571
572/*
573 * Read a single request into the userspace filesystem's buffer. This
574 * function waits until a request is available, then removes it from
575 * the pending list and copies request data to userspace buffer. If
576 * no reply is needed (FORGET) or request has been interrupted or
577 * there was an error during the copying then it's finished by calling
578 * request_end(). Otherwise add it to the processing list, and set
579 * the 'sent' flag.
580 */
581static ssize_t fuse_dev_readv(struct file *file, const struct iovec *iov,
582 unsigned long nr_segs, loff_t *off)
583{
584 int err;
585 struct fuse_conn *fc;
586 struct fuse_req *req;
587 struct fuse_in *in;
588 struct fuse_copy_state cs;
589 unsigned reqsize;
590
1d3d752b 591 restart:
334f485d
MS		 592 spin_lock(&fuse_lock);
593 fc = file->private_data;
594 err = -EPERM;
595 if (!fc)
596 goto err_unlock;
597 request_wait(fc);
598 err = -ENODEV;
9ba7cbba 599 if (!fc->connected)
334f485d
MS		 600 goto err_unlock;
601 err = -ERESTARTSYS;
602 if (list_empty(&fc->pending))
603 goto err_unlock;
604
605 req = list_entry(fc->pending.next, struct fuse_req, list);
83cfd493 606 req->state = FUSE_REQ_READING;
d77a1d5b 607 list_move(&req->list, &fc->io);
334f485d
MS		 608
609 in = &req->in;
1d3d752b
MS		 610 reqsize = in->h.len;
611 /* If request is too large, reply with an error and restart the read */
612 if (iov_length(iov, nr_segs) < reqsize) {
613 req->out.h.error = -EIO;
614 /* SETXATTR is special, since it may contain too large data */
615 if (in->h.opcode == FUSE_SETXATTR)
616 req->out.h.error = -E2BIG;
617 request_end(fc, req);
618 goto restart;
334f485d 619 }
1d3d752b
MS		 620 spin_unlock(&fuse_lock);
621 fuse_copy_init(&cs, 1, req, iov, nr_segs);
622 err = fuse_copy_one(&cs, &in->h, sizeof(in->h));
623 if (!err)
624 err = fuse_copy_args(&cs, in->numargs, in->argpages,
625 (struct fuse_arg *) in->args, 0);
334f485d 626 fuse_copy_finish(&cs);
334f485d
MS		 627 spin_lock(&fuse_lock);
628 req->locked = 0;
629 if (!err && req->interrupted)
630 err = -ENOENT;
631 if (err) {
632 if (!req->interrupted)
633 req->out.h.error = -EIO;
634 request_end(fc, req);
635 return err;
636 }
637 if (!req->isreply)
638 request_end(fc, req);
639 else {
83cfd493 640 req->state = FUSE_REQ_SENT;
d77a1d5b 641 list_move_tail(&req->list, &fc->processing);
334f485d
MS		 642 spin_unlock(&fuse_lock);
643 }
644 return reqsize;
645
646 err_unlock:
647 spin_unlock(&fuse_lock);
648 return err;
649}
650
651static ssize_t fuse_dev_read(struct file *file, char __user *buf,
652 size_t nbytes, loff_t *off)
653{
654 struct iovec iov;
655 iov.iov_len = nbytes;
656 iov.iov_base = buf;
657 return fuse_dev_readv(file, &iov, 1, off);
658}
659
660/* Look up request on processing list by unique ID */
661static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique)
662{
663 struct list_head *entry;
664
665 list_for_each(entry, &fc->processing) {
666 struct fuse_req *req;
667 req = list_entry(entry, struct fuse_req, list);
668 if (req->in.h.unique == unique)
669 return req;
670 }
671 return NULL;
672}
673
674static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out,
675 unsigned nbytes)
676{
677 unsigned reqsize = sizeof(struct fuse_out_header);
678
679 if (out->h.error)
680 return nbytes != reqsize ? -EINVAL : 0;
681
682 reqsize += len_args(out->numargs, out->args);
683
684 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar))
685 return -EINVAL;
686 else if (reqsize > nbytes) {
687 struct fuse_arg *lastarg = &out->args[out->numargs-1];
688 unsigned diffsize = reqsize - nbytes;
689 if (diffsize > lastarg->size)
690 return -EINVAL;
691 lastarg->size -= diffsize;
692 }
693 return fuse_copy_args(cs, out->numargs, out->argpages, out->args,
694 out->page_zeroing);
695}
696
697/*
698 * Write a single reply to a request. First the header is copied from
699 * the write buffer. The request is then searched on the processing
700 * list by the unique ID found in the header. If found, then remove
701 * it from the list and copy the rest of the buffer to the request.
702 * The request is finished by calling request_end()
703 */
704static ssize_t fuse_dev_writev(struct file *file, const struct iovec *iov,
705 unsigned long nr_segs, loff_t *off)
706{
707 int err;
708 unsigned nbytes = iov_length(iov, nr_segs);
709 struct fuse_req *req;
710 struct fuse_out_header oh;
711 struct fuse_copy_state cs;
712 struct fuse_conn *fc = fuse_get_conn(file);
713 if (!fc)
714 return -ENODEV;
715
716 fuse_copy_init(&cs, 0, NULL, iov, nr_segs);
717 if (nbytes < sizeof(struct fuse_out_header))
718 return -EINVAL;
719
720 err = fuse_copy_one(&cs, &oh, sizeof(oh));
721 if (err)
722 goto err_finish;
723 err = -EINVAL;
724 if (!oh.unique || oh.error <= -1000 || oh.error > 0 ||
725 oh.len != nbytes)
726 goto err_finish;
727
728 spin_lock(&fuse_lock);
69a53bf2
MS		 729 err = -ENOENT;
730 if (!fc->connected)
731 goto err_unlock;
732
334f485d
MS		 733 req = request_find(fc, oh.unique);
734 err = -EINVAL;
735 if (!req)
736 goto err_unlock;
737
334f485d 738 if (req->interrupted) {
222f1d69 739 spin_unlock(&fuse_lock);
334f485d 740 fuse_copy_finish(&cs);
222f1d69
MS		 741 spin_lock(&fuse_lock);
742 request_end(fc, req);
334f485d
MS		 743 return -ENOENT;
744 }
d77a1d5b 745 list_move(&req->list, &fc->io);
334f485d
MS		 746 req->out.h = oh;
747 req->locked = 1;
748 cs.req = req;
749 spin_unlock(&fuse_lock);
750
751 err = copy_out_args(&cs, &req->out, nbytes);
752 fuse_copy_finish(&cs);
753
754 spin_lock(&fuse_lock);
755 req->locked = 0;
756 if (!err) {
757 if (req->interrupted)
758 err = -ENOENT;
759 } else if (!req->interrupted)
760 req->out.h.error = -EIO;
761 request_end(fc, req);
762
763 return err ? err : nbytes;
764
765 err_unlock:
766 spin_unlock(&fuse_lock);
767 err_finish:
768 fuse_copy_finish(&cs);
769 return err;
770}
771
772static ssize_t fuse_dev_write(struct file *file, const char __user *buf,
773 size_t nbytes, loff_t *off)
774{
775 struct iovec iov;
776 iov.iov_len = nbytes;
777 iov.iov_base = (char __user *) buf;
778 return fuse_dev_writev(file, &iov, 1, off);
779}
780
781static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
782{
783 struct fuse_conn *fc = fuse_get_conn(file);
784 unsigned mask = POLLOUT | POLLWRNORM;
785
786 if (!fc)
787 return -ENODEV;
788
789 poll_wait(file, &fc->waitq, wait);
790
791 spin_lock(&fuse_lock);
792 if (!list_empty(&fc->pending))
793 mask |= POLLIN | POLLRDNORM;
794 spin_unlock(&fuse_lock);
795
796 return mask;
797}
798
69a53bf2
MS		 799/*
800 * Abort all requests on the given list (pending or processing)
801 *
802 * This function releases and reacquires fuse_lock
803 */
334f485d
MS		 804static void end_requests(struct fuse_conn *fc, struct list_head *head)
805{
806 while (!list_empty(head)) {
807 struct fuse_req *req;
808 req = list_entry(head->next, struct fuse_req, list);
334f485d
MS		 809 req->out.h.error = -ECONNABORTED;
810 request_end(fc, req);
811 spin_lock(&fuse_lock);
812 }
813}
814
69a53bf2
MS		 815/*
816 * Abort requests under I/O
817 *
818 * The requests are set to interrupted and finished, and the request
819 * waiter is woken up. This will make request_wait_answer() wait
820 * until the request is unlocked and then return.
64c6d8ed
MS		 821 *
822 * If the request is asynchronous, then the end function needs to be
823 * called after waiting for the request to be unlocked (if it was
824 * locked).
69a53bf2
MS		 825 */
826static void end_io_requests(struct fuse_conn *fc)
827{
828 while (!list_empty(&fc->io)) {
64c6d8ed
MS		 829 struct fuse_req *req =
830 list_entry(fc->io.next, struct fuse_req, list);
831 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
832
69a53bf2
MS		 833 req->interrupted = 1;
834 req->out.h.error = -ECONNABORTED;
835 req->state = FUSE_REQ_FINISHED;
836 list_del_init(&req->list);
837 wake_up(&req->waitq);
64c6d8ed
MS		 838 if (end) {
839 req->end = NULL;
840 /* The end function will consume this reference */
841 __fuse_get_request(req);
842 spin_unlock(&fuse_lock);
843 wait_event(req->waitq, !req->locked);
844 end(fc, req);
845 spin_lock(&fuse_lock);
846 }
69a53bf2
MS		 847 }
848}
849
850/*
851 * Abort all requests.
852 *
853 * Emergency exit in case of a malicious or accidental deadlock, or
854 * just a hung filesystem.
855 *
856 * The same effect is usually achievable through killing the
857 * filesystem daemon and all users of the filesystem. The exception
858 * is the combination of an asynchronous request and the tricky
859 * deadlock (see Documentation/filesystems/fuse.txt).
860 *
861 * During the aborting, progression of requests from the pending and
862 * processing lists onto the io list, and progression of new requests
863 * onto the pending list is prevented by req->connected being false.
864 *
865 * Progression of requests under I/O to the processing list is
866 * prevented by the req->interrupted flag being true for these
867 * requests. For this reason requests on the io list must be aborted
868 * first.
869 */
870void fuse_abort_conn(struct fuse_conn *fc)
871{
872 spin_lock(&fuse_lock);
873 if (fc->connected) {
874 fc->connected = 0;
875 end_io_requests(fc);
876 end_requests(fc, &fc->pending);
877 end_requests(fc, &fc->processing);
878 wake_up_all(&fc->waitq);
879 }
880 spin_unlock(&fuse_lock);
881}
882
334f485d
MS		 883static int fuse_dev_release(struct inode *inode, struct file *file)
884{
885 struct fuse_conn *fc;
886
887 spin_lock(&fuse_lock);
888 fc = file->private_data;
889 if (fc) {
1e9a4ed9 890 fc->connected = 0;
334f485d
MS		 891 end_requests(fc, &fc->pending);
892 end_requests(fc, &fc->processing);
334f485d
MS		 893 }
894 spin_unlock(&fuse_lock);
f543f253
MS		 895 if (fc)
896 kobject_put(&fc->kobj);
897
334f485d
MS		 898 return 0;
899}
900
901struct file_operations fuse_dev_operations = {
902 .owner = THIS_MODULE,
903 .llseek = no_llseek,
904 .read = fuse_dev_read,
905 .readv = fuse_dev_readv,
906 .write = fuse_dev_write,
907 .writev = fuse_dev_writev,
908 .poll = fuse_dev_poll,
909 .release = fuse_dev_release,
910};
911
912static struct miscdevice fuse_miscdevice = {
913 .minor = FUSE_MINOR,
914 .name = "fuse",
915 .fops = &fuse_dev_operations,
916};
917
918int __init fuse_dev_init(void)
919{
920 int err = -ENOMEM;
921 fuse_req_cachep = kmem_cache_create("fuse_request",
922 sizeof(struct fuse_req),
923 0, 0, NULL, NULL);
924 if (!fuse_req_cachep)
925 goto out;
926
927 err = misc_register(&fuse_miscdevice);
928 if (err)
929 goto out_cache_clean;
930
931 return 0;
932
933 out_cache_clean:
934 kmem_cache_destroy(fuse_req_cachep);
935 out:
936 return err;
937}
938
939void fuse_dev_cleanup(void)
940{
941 misc_deregister(&fuse_miscdevice);
942 kmem_cache_destroy(fuse_req_cachep);
943}
Linux 6.x block layer and io_uring tree(s)