2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu>
5 This program can be distributed under the terms of the GNU GPL.
11 #include <linux/init.h>
12 #include <linux/module.h>
13 #include <linux/poll.h>
14 #include <linux/uio.h>
15 #include <linux/miscdevice.h>
16 #include <linux/pagemap.h>
17 #include <linux/file.h>
18 #include <linux/slab.h>
19 #include <linux/pipe_fs_i.h>
20 #include <linux/swap.h>
21 #include <linux/splice.h>
23 MODULE_ALIAS_MISCDEV(FUSE_MINOR);
24 MODULE_ALIAS("devname:fuse");
26 static struct kmem_cache *fuse_req_cachep;
28 static struct fuse_conn *fuse_get_conn(struct file *file)
31 * Lockless access is OK, because file->private data is set
32 * once during mount and is valid until the file is released.
34 return file->private_data;
37 static void fuse_request_init(struct fuse_req *req, struct page **pages,
38 struct fuse_page_desc *page_descs,
41 memset(req, 0, sizeof(*req));
42 memset(pages, 0, sizeof(*pages) * npages);
43 memset(page_descs, 0, sizeof(*page_descs) * npages);
44 INIT_LIST_HEAD(&req->list);
45 INIT_LIST_HEAD(&req->intr_entry);
46 init_waitqueue_head(&req->waitq);
47 atomic_set(&req->count, 1);
49 req->page_descs = page_descs;
50 req->max_pages = npages;
51 __set_bit(FR_PENDING, &req->flags);
54 static struct fuse_req *__fuse_request_alloc(unsigned npages, gfp_t flags)
56 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, flags);
59 struct fuse_page_desc *page_descs;
61 if (npages <= FUSE_REQ_INLINE_PAGES) {
62 pages = req->inline_pages;
63 page_descs = req->inline_page_descs;
65 pages = kmalloc(sizeof(struct page *) * npages, flags);
66 page_descs = kmalloc(sizeof(struct fuse_page_desc) *
70 if (!pages || !page_descs) {
73 kmem_cache_free(fuse_req_cachep, req);
77 fuse_request_init(req, pages, page_descs, npages);
82 struct fuse_req *fuse_request_alloc(unsigned npages)
84 return __fuse_request_alloc(npages, GFP_KERNEL);
86 EXPORT_SYMBOL_GPL(fuse_request_alloc);
88 struct fuse_req *fuse_request_alloc_nofs(unsigned npages)
90 return __fuse_request_alloc(npages, GFP_NOFS);
93 void fuse_request_free(struct fuse_req *req)
95 if (req->pages != req->inline_pages) {
97 kfree(req->page_descs);
99 kmem_cache_free(fuse_req_cachep, req);
102 static void block_sigs(sigset_t *oldset)
106 siginitsetinv(&mask, sigmask(SIGKILL));
107 sigprocmask(SIG_BLOCK, &mask, oldset);
110 static void restore_sigs(sigset_t *oldset)
112 sigprocmask(SIG_SETMASK, oldset, NULL);
115 void __fuse_get_request(struct fuse_req *req)
117 atomic_inc(&req->count);
120 /* Must be called with > 1 refcount */
121 static void __fuse_put_request(struct fuse_req *req)
123 BUG_ON(atomic_read(&req->count) < 2);
124 atomic_dec(&req->count);
127 static void fuse_req_init_context(struct fuse_req *req)
129 req->in.h.uid = from_kuid_munged(&init_user_ns, current_fsuid());
130 req->in.h.gid = from_kgid_munged(&init_user_ns, current_fsgid());
131 req->in.h.pid = current->pid;
134 void fuse_set_initialized(struct fuse_conn *fc)
136 /* Make sure stores before this are seen on another CPU */
141 static bool fuse_block_alloc(struct fuse_conn *fc, bool for_background)
143 return !fc->initialized || (for_background && fc->blocked);
146 static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages,
149 struct fuse_req *req;
151 atomic_inc(&fc->num_waiting);
153 if (fuse_block_alloc(fc, for_background)) {
158 intr = wait_event_interruptible_exclusive(fc->blocked_waitq,
159 !fuse_block_alloc(fc, for_background));
160 restore_sigs(&oldset);
165 /* Matches smp_wmb() in fuse_set_initialized() */
176 req = fuse_request_alloc(npages);
180 wake_up(&fc->blocked_waitq);
184 fuse_req_init_context(req);
185 __set_bit(FR_WAITING, &req->flags);
187 __set_bit(FR_BACKGROUND, &req->flags);
192 atomic_dec(&fc->num_waiting);
196 struct fuse_req *fuse_get_req(struct fuse_conn *fc, unsigned npages)
198 return __fuse_get_req(fc, npages, false);
200 EXPORT_SYMBOL_GPL(fuse_get_req);
202 struct fuse_req *fuse_get_req_for_background(struct fuse_conn *fc,
205 return __fuse_get_req(fc, npages, true);
207 EXPORT_SYMBOL_GPL(fuse_get_req_for_background);
210 * Return request in fuse_file->reserved_req. However that may
211 * currently be in use. If that is the case, wait for it to become
214 static struct fuse_req *get_reserved_req(struct fuse_conn *fc,
217 struct fuse_req *req = NULL;
218 struct fuse_file *ff = file->private_data;
221 wait_event(fc->reserved_req_waitq, ff->reserved_req);
222 spin_lock(&fc->lock);
223 if (ff->reserved_req) {
224 req = ff->reserved_req;
225 ff->reserved_req = NULL;
226 req->stolen_file = get_file(file);
228 spin_unlock(&fc->lock);
235 * Put stolen request back into fuse_file->reserved_req
237 static void put_reserved_req(struct fuse_conn *fc, struct fuse_req *req)
239 struct file *file = req->stolen_file;
240 struct fuse_file *ff = file->private_data;
242 spin_lock(&fc->lock);
243 fuse_request_init(req, req->pages, req->page_descs, req->max_pages);
244 BUG_ON(ff->reserved_req);
245 ff->reserved_req = req;
246 wake_up_all(&fc->reserved_req_waitq);
247 spin_unlock(&fc->lock);
252 * Gets a requests for a file operation, always succeeds
254 * This is used for sending the FLUSH request, which must get to
255 * userspace, due to POSIX locks which may need to be unlocked.
257 * If allocation fails due to OOM, use the reserved request in
260 * This is very unlikely to deadlock accidentally, since the
261 * filesystem should not have it's own file open. If deadlock is
262 * intentional, it can still be broken by "aborting" the filesystem.
264 struct fuse_req *fuse_get_req_nofail_nopages(struct fuse_conn *fc,
267 struct fuse_req *req;
269 atomic_inc(&fc->num_waiting);
270 wait_event(fc->blocked_waitq, fc->initialized);
271 /* Matches smp_wmb() in fuse_set_initialized() */
273 req = fuse_request_alloc(0);
275 req = get_reserved_req(fc, file);
277 fuse_req_init_context(req);
278 __set_bit(FR_WAITING, &req->flags);
279 __clear_bit(FR_BACKGROUND, &req->flags);
283 void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
285 if (atomic_dec_and_test(&req->count)) {
286 if (test_bit(FR_BACKGROUND, &req->flags)) {
288 * We get here in the unlikely case that a background
289 * request was allocated but not sent
291 spin_lock(&fc->lock);
293 wake_up(&fc->blocked_waitq);
294 spin_unlock(&fc->lock);
297 if (test_bit(FR_WAITING, &req->flags)) {
298 __clear_bit(FR_WAITING, &req->flags);
299 atomic_dec(&fc->num_waiting);
302 if (req->stolen_file)
303 put_reserved_req(fc, req);
305 fuse_request_free(req);
308 EXPORT_SYMBOL_GPL(fuse_put_request);
310 static unsigned len_args(unsigned numargs, struct fuse_arg *args)
315 for (i = 0; i < numargs; i++)
316 nbytes += args[i].size;
321 static u64 fuse_get_unique(struct fuse_iqueue *fiq)
323 return ++fiq->reqctr;
326 static void queue_request(struct fuse_iqueue *fiq, struct fuse_req *req)
328 req->in.h.len = sizeof(struct fuse_in_header) +
329 len_args(req->in.numargs, (struct fuse_arg *) req->in.args);
330 list_add_tail(&req->list, &fiq->pending);
331 wake_up_locked(&fiq->waitq);
332 kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
335 void fuse_queue_forget(struct fuse_conn *fc, struct fuse_forget_link *forget,
336 u64 nodeid, u64 nlookup)
338 struct fuse_iqueue *fiq = &fc->iq;
340 forget->forget_one.nodeid = nodeid;
341 forget->forget_one.nlookup = nlookup;
343 spin_lock(&fiq->waitq.lock);
344 if (fiq->connected) {
345 fiq->forget_list_tail->next = forget;
346 fiq->forget_list_tail = forget;
347 wake_up_locked(&fiq->waitq);
348 kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
352 spin_unlock(&fiq->waitq.lock);
355 static void flush_bg_queue(struct fuse_conn *fc)
357 while (fc->active_background < fc->max_background &&
358 !list_empty(&fc->bg_queue)) {
359 struct fuse_req *req;
360 struct fuse_iqueue *fiq = &fc->iq;
362 req = list_entry(fc->bg_queue.next, struct fuse_req, list);
363 list_del(&req->list);
364 fc->active_background++;
365 spin_lock(&fiq->waitq.lock);
366 req->in.h.unique = fuse_get_unique(fiq);
367 queue_request(fiq, req);
368 spin_unlock(&fiq->waitq.lock);
373 * This function is called when a request is finished. Either a reply
374 * has arrived or it was aborted (and not yet sent) or some error
375 * occurred during communication with userspace, or the device file
376 * was closed. The requester thread is woken up (if still waiting),
377 * the 'end' callback is called if given, else the reference to the
378 * request is released
380 * Called with fc->lock, unlocks it
382 static void request_end(struct fuse_conn *fc, struct fuse_req *req)
385 struct fuse_iqueue *fiq = &fc->iq;
386 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
388 list_del_init(&req->list);
389 spin_lock(&fiq->waitq.lock);
390 list_del_init(&req->intr_entry);
391 spin_unlock(&fiq->waitq.lock);
392 WARN_ON(test_bit(FR_PENDING, &req->flags));
393 WARN_ON(test_bit(FR_SENT, &req->flags));
395 set_bit(FR_FINISHED, &req->flags);
396 if (test_bit(FR_BACKGROUND, &req->flags)) {
397 clear_bit(FR_BACKGROUND, &req->flags);
398 if (fc->num_background == fc->max_background)
401 /* Wake up next waiter, if any */
402 if (!fc->blocked && waitqueue_active(&fc->blocked_waitq))
403 wake_up(&fc->blocked_waitq);
405 if (fc->num_background == fc->congestion_threshold &&
406 fc->connected && fc->bdi_initialized) {
407 clear_bdi_congested(&fc->bdi, BLK_RW_SYNC);
408 clear_bdi_congested(&fc->bdi, BLK_RW_ASYNC);
410 fc->num_background--;
411 fc->active_background--;
414 spin_unlock(&fc->lock);
415 wake_up(&req->waitq);
418 fuse_put_request(fc, req);
421 static void queue_interrupt(struct fuse_iqueue *fiq, struct fuse_req *req)
423 spin_lock(&fiq->waitq.lock);
424 if (list_empty(&req->intr_entry)) {
425 list_add_tail(&req->intr_entry, &fiq->interrupts);
426 wake_up_locked(&fiq->waitq);
428 spin_unlock(&fiq->waitq.lock);
429 kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
432 static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req)
434 struct fuse_iqueue *fiq = &fc->iq;
437 if (!fc->no_interrupt) {
438 /* Any signal may interrupt this */
439 err = wait_event_interruptible(req->waitq,
440 test_bit(FR_FINISHED, &req->flags));
444 set_bit(FR_INTERRUPTED, &req->flags);
445 /* matches barrier in fuse_dev_do_read() */
446 smp_mb__after_atomic();
447 if (test_bit(FR_SENT, &req->flags))
448 queue_interrupt(fiq, req);
451 if (!test_bit(FR_FORCE, &req->flags)) {
454 /* Only fatal signals may interrupt this */
456 err = wait_event_interruptible(req->waitq,
457 test_bit(FR_FINISHED, &req->flags));
458 restore_sigs(&oldset);
463 spin_lock(&fiq->waitq.lock);
464 /* Request is not yet in userspace, bail out */
465 if (test_bit(FR_PENDING, &req->flags)) {
466 list_del(&req->list);
467 spin_unlock(&fiq->waitq.lock);
468 __fuse_put_request(req);
469 req->out.h.error = -EINTR;
472 spin_unlock(&fiq->waitq.lock);
476 * Either request is already in userspace, or it was forced.
479 wait_event(req->waitq, test_bit(FR_FINISHED, &req->flags));
482 static void __fuse_request_send(struct fuse_conn *fc, struct fuse_req *req)
484 struct fuse_iqueue *fiq = &fc->iq;
486 BUG_ON(test_bit(FR_BACKGROUND, &req->flags));
487 spin_lock(&fiq->waitq.lock);
488 if (!fiq->connected) {
489 spin_unlock(&fiq->waitq.lock);
490 req->out.h.error = -ENOTCONN;
492 req->in.h.unique = fuse_get_unique(fiq);
493 queue_request(fiq, req);
494 /* acquire extra reference, since request is still needed
495 after request_end() */
496 __fuse_get_request(req);
497 spin_unlock(&fiq->waitq.lock);
499 request_wait_answer(fc, req);
500 /* Pairs with smp_wmb() in request_end() */
505 void fuse_request_send(struct fuse_conn *fc, struct fuse_req *req)
507 __set_bit(FR_ISREPLY, &req->flags);
508 if (!test_bit(FR_WAITING, &req->flags)) {
509 __set_bit(FR_WAITING, &req->flags);
510 atomic_inc(&fc->num_waiting);
512 __fuse_request_send(fc, req);
514 EXPORT_SYMBOL_GPL(fuse_request_send);
516 static void fuse_adjust_compat(struct fuse_conn *fc, struct fuse_args *args)
518 if (fc->minor < 4 && args->in.h.opcode == FUSE_STATFS)
519 args->out.args[0].size = FUSE_COMPAT_STATFS_SIZE;
522 switch (args->in.h.opcode) {
529 args->out.args[0].size = FUSE_COMPAT_ENTRY_OUT_SIZE;
533 args->out.args[0].size = FUSE_COMPAT_ATTR_OUT_SIZE;
537 if (fc->minor < 12) {
538 switch (args->in.h.opcode) {
540 args->in.args[0].size = sizeof(struct fuse_open_in);
543 args->in.args[0].size = FUSE_COMPAT_MKNOD_IN_SIZE;
549 ssize_t fuse_simple_request(struct fuse_conn *fc, struct fuse_args *args)
551 struct fuse_req *req;
554 req = fuse_get_req(fc, 0);
558 /* Needs to be done after fuse_get_req() so that fc->minor is valid */
559 fuse_adjust_compat(fc, args);
561 req->in.h.opcode = args->in.h.opcode;
562 req->in.h.nodeid = args->in.h.nodeid;
563 req->in.numargs = args->in.numargs;
564 memcpy(req->in.args, args->in.args,
565 args->in.numargs * sizeof(struct fuse_in_arg));
566 req->out.argvar = args->out.argvar;
567 req->out.numargs = args->out.numargs;
568 memcpy(req->out.args, args->out.args,
569 args->out.numargs * sizeof(struct fuse_arg));
570 fuse_request_send(fc, req);
571 ret = req->out.h.error;
572 if (!ret && args->out.argvar) {
573 BUG_ON(args->out.numargs != 1);
574 ret = req->out.args[0].size;
576 fuse_put_request(fc, req);
582 * Called under fc->lock
584 * fc->connected must have been checked previously
586 void fuse_request_send_background_locked(struct fuse_conn *fc,
587 struct fuse_req *req)
589 BUG_ON(!test_bit(FR_BACKGROUND, &req->flags));
590 if (!test_bit(FR_WAITING, &req->flags)) {
591 __set_bit(FR_WAITING, &req->flags);
592 atomic_inc(&fc->num_waiting);
594 __set_bit(FR_ISREPLY, &req->flags);
595 fc->num_background++;
596 if (fc->num_background == fc->max_background)
598 if (fc->num_background == fc->congestion_threshold &&
599 fc->bdi_initialized) {
600 set_bdi_congested(&fc->bdi, BLK_RW_SYNC);
601 set_bdi_congested(&fc->bdi, BLK_RW_ASYNC);
603 list_add_tail(&req->list, &fc->bg_queue);
607 void fuse_request_send_background(struct fuse_conn *fc, struct fuse_req *req)
610 spin_lock(&fc->lock);
612 fuse_request_send_background_locked(fc, req);
613 spin_unlock(&fc->lock);
615 spin_unlock(&fc->lock);
616 req->out.h.error = -ENOTCONN;
618 fuse_put_request(fc, req);
621 EXPORT_SYMBOL_GPL(fuse_request_send_background);
623 static int fuse_request_send_notify_reply(struct fuse_conn *fc,
624 struct fuse_req *req, u64 unique)
627 struct fuse_iqueue *fiq = &fc->iq;
629 __clear_bit(FR_ISREPLY, &req->flags);
630 req->in.h.unique = unique;
631 spin_lock(&fiq->waitq.lock);
632 if (fiq->connected) {
633 queue_request(fiq, req);
636 spin_unlock(&fiq->waitq.lock);
641 void fuse_force_forget(struct file *file, u64 nodeid)
643 struct inode *inode = file_inode(file);
644 struct fuse_conn *fc = get_fuse_conn(inode);
645 struct fuse_req *req;
646 struct fuse_forget_in inarg;
648 memset(&inarg, 0, sizeof(inarg));
650 req = fuse_get_req_nofail_nopages(fc, file);
651 req->in.h.opcode = FUSE_FORGET;
652 req->in.h.nodeid = nodeid;
654 req->in.args[0].size = sizeof(inarg);
655 req->in.args[0].value = &inarg;
656 __clear_bit(FR_ISREPLY, &req->flags);
657 __fuse_request_send(fc, req);
659 fuse_put_request(fc, req);
663 * Lock the request. Up to the next unlock_request() there mustn't be
664 * anything that could cause a page-fault. If the request was already
667 static int lock_request(struct fuse_req *req)
671 spin_lock(&req->waitq.lock);
672 if (test_bit(FR_ABORTED, &req->flags))
675 set_bit(FR_LOCKED, &req->flags);
676 spin_unlock(&req->waitq.lock);
682 * Unlock request. If it was aborted while locked, caller is responsible
683 * for unlocking and ending the request.
685 static int unlock_request(struct fuse_req *req)
689 spin_lock(&req->waitq.lock);
690 if (test_bit(FR_ABORTED, &req->flags))
693 clear_bit(FR_LOCKED, &req->flags);
694 spin_unlock(&req->waitq.lock);
699 struct fuse_copy_state {
701 struct fuse_req *req;
702 struct iov_iter *iter;
703 struct pipe_buffer *pipebufs;
704 struct pipe_buffer *currbuf;
705 struct pipe_inode_info *pipe;
706 unsigned long nr_segs;
710 unsigned move_pages:1;
713 static void fuse_copy_init(struct fuse_copy_state *cs, int write,
714 struct iov_iter *iter)
716 memset(cs, 0, sizeof(*cs));
721 /* Unmap and put previous page of userspace buffer */
722 static void fuse_copy_finish(struct fuse_copy_state *cs)
725 struct pipe_buffer *buf = cs->currbuf;
728 buf->len = PAGE_SIZE - cs->len;
732 flush_dcache_page(cs->pg);
733 set_page_dirty_lock(cs->pg);
741 * Get another pagefull of userspace buffer, and map it to kernel
742 * address space, and lock request
744 static int fuse_copy_fill(struct fuse_copy_state *cs)
749 err = unlock_request(cs->req);
753 fuse_copy_finish(cs);
755 struct pipe_buffer *buf = cs->pipebufs;
758 err = buf->ops->confirm(cs->pipe, buf);
762 BUG_ON(!cs->nr_segs);
765 cs->offset = buf->offset;
770 if (cs->nr_segs == cs->pipe->buffers)
773 page = alloc_page(GFP_HIGHUSER);
790 err = iov_iter_get_pages(cs->iter, &page, PAGE_SIZE, 1, &off);
798 iov_iter_advance(cs->iter, err);
801 return lock_request(cs->req);
804 /* Do as much copy to/from userspace buffer as we can */
805 static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size)
807 unsigned ncpy = min(*size, cs->len);
809 void *pgaddr = kmap_atomic(cs->pg);
810 void *buf = pgaddr + cs->offset;
813 memcpy(buf, *val, ncpy);
815 memcpy(*val, buf, ncpy);
817 kunmap_atomic(pgaddr);
826 static int fuse_check_page(struct page *page)
828 if (page_mapcount(page) ||
829 page->mapping != NULL ||
830 page_count(page) != 1 ||
831 (page->flags & PAGE_FLAGS_CHECK_AT_PREP &
838 printk(KERN_WARNING "fuse: trying to steal weird page\n");
839 printk(KERN_WARNING " page=%p index=%li flags=%08lx, count=%i, mapcount=%i, mapping=%p\n", page, page->index, page->flags, page_count(page), page_mapcount(page), page->mapping);
845 static int fuse_try_move_page(struct fuse_copy_state *cs, struct page **pagep)
848 struct page *oldpage = *pagep;
849 struct page *newpage;
850 struct pipe_buffer *buf = cs->pipebufs;
852 err = unlock_request(cs->req);
856 fuse_copy_finish(cs);
858 err = buf->ops->confirm(cs->pipe, buf);
862 BUG_ON(!cs->nr_segs);
868 if (cs->len != PAGE_SIZE)
871 if (buf->ops->steal(cs->pipe, buf) != 0)
876 if (!PageUptodate(newpage))
877 SetPageUptodate(newpage);
879 ClearPageMappedToDisk(newpage);
881 if (fuse_check_page(newpage) != 0)
882 goto out_fallback_unlock;
885 * This is a new and locked page, it shouldn't be mapped or
886 * have any special flags on it
888 if (WARN_ON(page_mapped(oldpage)))
889 goto out_fallback_unlock;
890 if (WARN_ON(page_has_private(oldpage)))
891 goto out_fallback_unlock;
892 if (WARN_ON(PageDirty(oldpage) || PageWriteback(oldpage)))
893 goto out_fallback_unlock;
894 if (WARN_ON(PageMlocked(oldpage)))
895 goto out_fallback_unlock;
897 err = replace_page_cache_page(oldpage, newpage, GFP_KERNEL);
899 unlock_page(newpage);
903 page_cache_get(newpage);
905 if (!(buf->flags & PIPE_BUF_FLAG_LRU))
906 lru_cache_add_file(newpage);
909 spin_lock(&cs->req->waitq.lock);
910 if (test_bit(FR_ABORTED, &cs->req->flags))
914 spin_unlock(&cs->req->waitq.lock);
917 unlock_page(newpage);
918 page_cache_release(newpage);
922 unlock_page(oldpage);
923 page_cache_release(oldpage);
929 unlock_page(newpage);
932 cs->offset = buf->offset;
934 err = lock_request(cs->req);
941 static int fuse_ref_page(struct fuse_copy_state *cs, struct page *page,
942 unsigned offset, unsigned count)
944 struct pipe_buffer *buf;
947 if (cs->nr_segs == cs->pipe->buffers)
950 err = unlock_request(cs->req);
954 fuse_copy_finish(cs);
957 page_cache_get(page);
959 buf->offset = offset;
970 * Copy a page in the request to/from the userspace buffer. Must be
973 static int fuse_copy_page(struct fuse_copy_state *cs, struct page **pagep,
974 unsigned offset, unsigned count, int zeroing)
977 struct page *page = *pagep;
979 if (page && zeroing && count < PAGE_SIZE)
980 clear_highpage(page);
983 if (cs->write && cs->pipebufs && page) {
984 return fuse_ref_page(cs, page, offset, count);
985 } else if (!cs->len) {
986 if (cs->move_pages && page &&
987 offset == 0 && count == PAGE_SIZE) {
988 err = fuse_try_move_page(cs, pagep);
992 err = fuse_copy_fill(cs);
998 void *mapaddr = kmap_atomic(page);
999 void *buf = mapaddr + offset;
1000 offset += fuse_copy_do(cs, &buf, &count);
1001 kunmap_atomic(mapaddr);
1003 offset += fuse_copy_do(cs, NULL, &count);
1005 if (page && !cs->write)
1006 flush_dcache_page(page);
1010 /* Copy pages in the request to/from userspace buffer */
1011 static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes,
1015 struct fuse_req *req = cs->req;
1017 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) {
1019 unsigned offset = req->page_descs[i].offset;
1020 unsigned count = min(nbytes, req->page_descs[i].length);
1022 err = fuse_copy_page(cs, &req->pages[i], offset, count,
1032 /* Copy a single argument in the request to/from userspace buffer */
1033 static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size)
1037 int err = fuse_copy_fill(cs);
1041 fuse_copy_do(cs, &val, &size);
1046 /* Copy request arguments to/from userspace buffer */
1047 static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs,
1048 unsigned argpages, struct fuse_arg *args,
1054 for (i = 0; !err && i < numargs; i++) {
1055 struct fuse_arg *arg = &args[i];
1056 if (i == numargs - 1 && argpages)
1057 err = fuse_copy_pages(cs, arg->size, zeroing);
1059 err = fuse_copy_one(cs, arg->value, arg->size);
1064 static int forget_pending(struct fuse_iqueue *fiq)
1066 return fiq->forget_list_head.next != NULL;
1069 static int request_pending(struct fuse_iqueue *fiq)
1071 return !list_empty(&fiq->pending) || !list_empty(&fiq->interrupts) ||
1072 forget_pending(fiq);
1076 * Transfer an interrupt request to userspace
1078 * Unlike other requests this is assembled on demand, without a need
1079 * to allocate a separate fuse_req structure.
1081 * Called with fiq->waitq.lock held, releases it
1083 static int fuse_read_interrupt(struct fuse_iqueue *fiq,
1084 struct fuse_copy_state *cs,
1085 size_t nbytes, struct fuse_req *req)
1086 __releases(fiq->waitq.lock)
1088 struct fuse_in_header ih;
1089 struct fuse_interrupt_in arg;
1090 unsigned reqsize = sizeof(ih) + sizeof(arg);
1093 list_del_init(&req->intr_entry);
1094 req->intr_unique = fuse_get_unique(fiq);
1095 memset(&ih, 0, sizeof(ih));
1096 memset(&arg, 0, sizeof(arg));
1098 ih.opcode = FUSE_INTERRUPT;
1099 ih.unique = req->intr_unique;
1100 arg.unique = req->in.h.unique;
1102 spin_unlock(&fiq->waitq.lock);
1103 if (nbytes < reqsize)
1106 err = fuse_copy_one(cs, &ih, sizeof(ih));
1108 err = fuse_copy_one(cs, &arg, sizeof(arg));
1109 fuse_copy_finish(cs);
1111 return err ? err : reqsize;
1114 static struct fuse_forget_link *dequeue_forget(struct fuse_iqueue *fiq,
1118 struct fuse_forget_link *head = fiq->forget_list_head.next;
1119 struct fuse_forget_link **newhead = &head;
1122 for (count = 0; *newhead != NULL && count < max; count++)
1123 newhead = &(*newhead)->next;
1125 fiq->forget_list_head.next = *newhead;
1127 if (fiq->forget_list_head.next == NULL)
1128 fiq->forget_list_tail = &fiq->forget_list_head;
1136 static int fuse_read_single_forget(struct fuse_iqueue *fiq,
1137 struct fuse_copy_state *cs,
1139 __releases(fiq->waitq.lock)
1142 struct fuse_forget_link *forget = dequeue_forget(fiq, 1, NULL);
1143 struct fuse_forget_in arg = {
1144 .nlookup = forget->forget_one.nlookup,
1146 struct fuse_in_header ih = {
1147 .opcode = FUSE_FORGET,
1148 .nodeid = forget->forget_one.nodeid,
1149 .unique = fuse_get_unique(fiq),
1150 .len = sizeof(ih) + sizeof(arg),
1153 spin_unlock(&fiq->waitq.lock);
1155 if (nbytes < ih.len)
1158 err = fuse_copy_one(cs, &ih, sizeof(ih));
1160 err = fuse_copy_one(cs, &arg, sizeof(arg));
1161 fuse_copy_finish(cs);
1169 static int fuse_read_batch_forget(struct fuse_iqueue *fiq,
1170 struct fuse_copy_state *cs, size_t nbytes)
1171 __releases(fiq->waitq.lock)
1174 unsigned max_forgets;
1176 struct fuse_forget_link *head;
1177 struct fuse_batch_forget_in arg = { .count = 0 };
1178 struct fuse_in_header ih = {
1179 .opcode = FUSE_BATCH_FORGET,
1180 .unique = fuse_get_unique(fiq),
1181 .len = sizeof(ih) + sizeof(arg),
1184 if (nbytes < ih.len) {
1185 spin_unlock(&fiq->waitq.lock);
1189 max_forgets = (nbytes - ih.len) / sizeof(struct fuse_forget_one);
1190 head = dequeue_forget(fiq, max_forgets, &count);
1191 spin_unlock(&fiq->waitq.lock);
1194 ih.len += count * sizeof(struct fuse_forget_one);
1195 err = fuse_copy_one(cs, &ih, sizeof(ih));
1197 err = fuse_copy_one(cs, &arg, sizeof(arg));
1200 struct fuse_forget_link *forget = head;
1203 err = fuse_copy_one(cs, &forget->forget_one,
1204 sizeof(forget->forget_one));
1206 head = forget->next;
1210 fuse_copy_finish(cs);
1218 static int fuse_read_forget(struct fuse_conn *fc, struct fuse_iqueue *fiq,
1219 struct fuse_copy_state *cs,
1221 __releases(fiq->waitq.lock)
1223 if (fc->minor < 16 || fiq->forget_list_head.next->next == NULL)
1224 return fuse_read_single_forget(fiq, cs, nbytes);
1226 return fuse_read_batch_forget(fiq, cs, nbytes);
1230 * Read a single request into the userspace filesystem's buffer. This
1231 * function waits until a request is available, then removes it from
1232 * the pending list and copies request data to userspace buffer. If
1233 * no reply is needed (FORGET) or request has been aborted or there
1234 * was an error during the copying then it's finished by calling
1235 * request_end(). Otherwise add it to the processing list, and set
1238 static ssize_t fuse_dev_do_read(struct fuse_conn *fc, struct file *file,
1239 struct fuse_copy_state *cs, size_t nbytes)
1242 struct fuse_iqueue *fiq = &fc->iq;
1243 struct fuse_pqueue *fpq = &fc->pq;
1244 struct fuse_req *req;
1249 spin_lock(&fiq->waitq.lock);
1251 if ((file->f_flags & O_NONBLOCK) && fiq->connected &&
1252 !request_pending(fiq))
1255 err = wait_event_interruptible_exclusive_locked(fiq->waitq,
1256 !fiq->connected || request_pending(fiq));
1261 if (!fiq->connected)
1264 if (!list_empty(&fiq->interrupts)) {
1265 req = list_entry(fiq->interrupts.next, struct fuse_req,
1267 return fuse_read_interrupt(fiq, cs, nbytes, req);
1270 if (forget_pending(fiq)) {
1271 if (list_empty(&fiq->pending) || fiq->forget_batch-- > 0)
1272 return fuse_read_forget(fc, fiq, cs, nbytes);
1274 if (fiq->forget_batch <= -8)
1275 fiq->forget_batch = 16;
1278 req = list_entry(fiq->pending.next, struct fuse_req, list);
1279 clear_bit(FR_PENDING, &req->flags);
1280 list_del_init(&req->list);
1281 spin_unlock(&fiq->waitq.lock);
1283 spin_lock(&fc->lock);
1284 list_add(&req->list, &fpq->io);
1287 reqsize = in->h.len;
1288 /* If request is too large, reply with an error and restart the read */
1289 if (nbytes < reqsize) {
1290 req->out.h.error = -EIO;
1291 /* SETXATTR is special, since it may contain too large data */
1292 if (in->h.opcode == FUSE_SETXATTR)
1293 req->out.h.error = -E2BIG;
1294 request_end(fc, req);
1297 spin_unlock(&fc->lock);
1299 err = fuse_copy_one(cs, &in->h, sizeof(in->h));
1301 err = fuse_copy_args(cs, in->numargs, in->argpages,
1302 (struct fuse_arg *) in->args, 0);
1303 fuse_copy_finish(cs);
1304 spin_lock(&fc->lock);
1305 clear_bit(FR_LOCKED, &req->flags);
1306 if (!fc->connected) {
1307 request_end(fc, req);
1311 req->out.h.error = -EIO;
1312 request_end(fc, req);
1315 if (!test_bit(FR_ISREPLY, &req->flags)) {
1316 request_end(fc, req);
1318 list_move_tail(&req->list, &fpq->processing);
1319 set_bit(FR_SENT, &req->flags);
1320 /* matches barrier in request_wait_answer() */
1321 smp_mb__after_atomic();
1322 if (test_bit(FR_INTERRUPTED, &req->flags))
1323 queue_interrupt(fiq, req);
1324 spin_unlock(&fc->lock);
1329 spin_unlock(&fiq->waitq.lock);
1333 static int fuse_dev_open(struct inode *inode, struct file *file)
1336 * The fuse device's file's private_data is used to hold
1337 * the fuse_conn(ection) when it is mounted, and is used to
1338 * keep track of whether the file has been mounted already.
1340 file->private_data = NULL;
1344 static ssize_t fuse_dev_read(struct kiocb *iocb, struct iov_iter *to)
1346 struct fuse_copy_state cs;
1347 struct file *file = iocb->ki_filp;
1348 struct fuse_conn *fc = fuse_get_conn(file);
1352 if (!iter_is_iovec(to))
1355 fuse_copy_init(&cs, 1, to);
1357 return fuse_dev_do_read(fc, file, &cs, iov_iter_count(to));
1360 static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
1361 struct pipe_inode_info *pipe,
1362 size_t len, unsigned int flags)
1367 struct pipe_buffer *bufs;
1368 struct fuse_copy_state cs;
1369 struct fuse_conn *fc = fuse_get_conn(in);
1373 bufs = kmalloc(pipe->buffers * sizeof(struct pipe_buffer), GFP_KERNEL);
1377 fuse_copy_init(&cs, 1, NULL);
1380 ret = fuse_dev_do_read(fc, in, &cs, len);
1387 if (!pipe->readers) {
1388 send_sig(SIGPIPE, current, 0);
1394 if (pipe->nrbufs + cs.nr_segs > pipe->buffers) {
1399 while (page_nr < cs.nr_segs) {
1400 int newbuf = (pipe->curbuf + pipe->nrbufs) & (pipe->buffers - 1);
1401 struct pipe_buffer *buf = pipe->bufs + newbuf;
1403 buf->page = bufs[page_nr].page;
1404 buf->offset = bufs[page_nr].offset;
1405 buf->len = bufs[page_nr].len;
1407 * Need to be careful about this. Having buf->ops in module
1408 * code can Oops if the buffer persists after module unload.
1410 buf->ops = &nosteal_pipe_buf_ops;
1425 if (waitqueue_active(&pipe->wait))
1426 wake_up_interruptible(&pipe->wait);
1427 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
1431 for (; page_nr < cs.nr_segs; page_nr++)
1432 page_cache_release(bufs[page_nr].page);
1438 static int fuse_notify_poll(struct fuse_conn *fc, unsigned int size,
1439 struct fuse_copy_state *cs)
1441 struct fuse_notify_poll_wakeup_out outarg;
1444 if (size != sizeof(outarg))
1447 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1451 fuse_copy_finish(cs);
1452 return fuse_notify_poll_wakeup(fc, &outarg);
1455 fuse_copy_finish(cs);
1459 static int fuse_notify_inval_inode(struct fuse_conn *fc, unsigned int size,
1460 struct fuse_copy_state *cs)
1462 struct fuse_notify_inval_inode_out outarg;
1465 if (size != sizeof(outarg))
1468 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1471 fuse_copy_finish(cs);
1473 down_read(&fc->killsb);
1476 err = fuse_reverse_inval_inode(fc->sb, outarg.ino,
1477 outarg.off, outarg.len);
1479 up_read(&fc->killsb);
1483 fuse_copy_finish(cs);
1487 static int fuse_notify_inval_entry(struct fuse_conn *fc, unsigned int size,
1488 struct fuse_copy_state *cs)
1490 struct fuse_notify_inval_entry_out outarg;
1495 buf = kzalloc(FUSE_NAME_MAX + 1, GFP_KERNEL);
1500 if (size < sizeof(outarg))
1503 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1507 err = -ENAMETOOLONG;
1508 if (outarg.namelen > FUSE_NAME_MAX)
1512 if (size != sizeof(outarg) + outarg.namelen + 1)
1516 name.len = outarg.namelen;
1517 err = fuse_copy_one(cs, buf, outarg.namelen + 1);
1520 fuse_copy_finish(cs);
1521 buf[outarg.namelen] = 0;
1522 name.hash = full_name_hash(name.name, name.len);
1524 down_read(&fc->killsb);
1527 err = fuse_reverse_inval_entry(fc->sb, outarg.parent, 0, &name);
1528 up_read(&fc->killsb);
1534 fuse_copy_finish(cs);
1538 static int fuse_notify_delete(struct fuse_conn *fc, unsigned int size,
1539 struct fuse_copy_state *cs)
1541 struct fuse_notify_delete_out outarg;
1546 buf = kzalloc(FUSE_NAME_MAX + 1, GFP_KERNEL);
1551 if (size < sizeof(outarg))
1554 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1558 err = -ENAMETOOLONG;
1559 if (outarg.namelen > FUSE_NAME_MAX)
1563 if (size != sizeof(outarg) + outarg.namelen + 1)
1567 name.len = outarg.namelen;
1568 err = fuse_copy_one(cs, buf, outarg.namelen + 1);
1571 fuse_copy_finish(cs);
1572 buf[outarg.namelen] = 0;
1573 name.hash = full_name_hash(name.name, name.len);
1575 down_read(&fc->killsb);
1578 err = fuse_reverse_inval_entry(fc->sb, outarg.parent,
1579 outarg.child, &name);
1580 up_read(&fc->killsb);
1586 fuse_copy_finish(cs);
1590 static int fuse_notify_store(struct fuse_conn *fc, unsigned int size,
1591 struct fuse_copy_state *cs)
1593 struct fuse_notify_store_out outarg;
1594 struct inode *inode;
1595 struct address_space *mapping;
1599 unsigned int offset;
1605 if (size < sizeof(outarg))
1608 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1613 if (size - sizeof(outarg) != outarg.size)
1616 nodeid = outarg.nodeid;
1618 down_read(&fc->killsb);
1624 inode = ilookup5(fc->sb, nodeid, fuse_inode_eq, &nodeid);
1628 mapping = inode->i_mapping;
1629 index = outarg.offset >> PAGE_CACHE_SHIFT;
1630 offset = outarg.offset & ~PAGE_CACHE_MASK;
1631 file_size = i_size_read(inode);
1632 end = outarg.offset + outarg.size;
1633 if (end > file_size) {
1635 fuse_write_update_size(inode, file_size);
1641 unsigned int this_num;
1644 page = find_or_create_page(mapping, index,
1645 mapping_gfp_mask(mapping));
1649 this_num = min_t(unsigned, num, PAGE_CACHE_SIZE - offset);
1650 err = fuse_copy_page(cs, &page, offset, this_num, 0);
1651 if (!err && offset == 0 &&
1652 (this_num == PAGE_CACHE_SIZE || file_size == end))
1653 SetPageUptodate(page);
1655 page_cache_release(page);
1670 up_read(&fc->killsb);
1672 fuse_copy_finish(cs);
1676 static void fuse_retrieve_end(struct fuse_conn *fc, struct fuse_req *req)
1678 release_pages(req->pages, req->num_pages, false);
1681 static int fuse_retrieve(struct fuse_conn *fc, struct inode *inode,
1682 struct fuse_notify_retrieve_out *outarg)
1685 struct address_space *mapping = inode->i_mapping;
1686 struct fuse_req *req;
1690 unsigned int offset;
1691 size_t total_len = 0;
1694 offset = outarg->offset & ~PAGE_CACHE_MASK;
1695 file_size = i_size_read(inode);
1698 if (outarg->offset > file_size)
1700 else if (outarg->offset + num > file_size)
1701 num = file_size - outarg->offset;
1703 num_pages = (num + offset + PAGE_SIZE - 1) >> PAGE_SHIFT;
1704 num_pages = min(num_pages, FUSE_MAX_PAGES_PER_REQ);
1706 req = fuse_get_req(fc, num_pages);
1708 return PTR_ERR(req);
1710 req->in.h.opcode = FUSE_NOTIFY_REPLY;
1711 req->in.h.nodeid = outarg->nodeid;
1712 req->in.numargs = 2;
1713 req->in.argpages = 1;
1714 req->page_descs[0].offset = offset;
1715 req->end = fuse_retrieve_end;
1717 index = outarg->offset >> PAGE_CACHE_SHIFT;
1719 while (num && req->num_pages < num_pages) {
1721 unsigned int this_num;
1723 page = find_get_page(mapping, index);
1727 this_num = min_t(unsigned, num, PAGE_CACHE_SIZE - offset);
1728 req->pages[req->num_pages] = page;
1729 req->page_descs[req->num_pages].length = this_num;
1734 total_len += this_num;
1737 req->misc.retrieve_in.offset = outarg->offset;
1738 req->misc.retrieve_in.size = total_len;
1739 req->in.args[0].size = sizeof(req->misc.retrieve_in);
1740 req->in.args[0].value = &req->misc.retrieve_in;
1741 req->in.args[1].size = total_len;
1743 err = fuse_request_send_notify_reply(fc, req, outarg->notify_unique);
1745 fuse_retrieve_end(fc, req);
1750 static int fuse_notify_retrieve(struct fuse_conn *fc, unsigned int size,
1751 struct fuse_copy_state *cs)
1753 struct fuse_notify_retrieve_out outarg;
1754 struct inode *inode;
1758 if (size != sizeof(outarg))
1761 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1765 fuse_copy_finish(cs);
1767 down_read(&fc->killsb);
1770 u64 nodeid = outarg.nodeid;
1772 inode = ilookup5(fc->sb, nodeid, fuse_inode_eq, &nodeid);
1774 err = fuse_retrieve(fc, inode, &outarg);
1778 up_read(&fc->killsb);
1783 fuse_copy_finish(cs);
1787 static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code,
1788 unsigned int size, struct fuse_copy_state *cs)
1790 /* Don't try to move pages (yet) */
1794 case FUSE_NOTIFY_POLL:
1795 return fuse_notify_poll(fc, size, cs);
1797 case FUSE_NOTIFY_INVAL_INODE:
1798 return fuse_notify_inval_inode(fc, size, cs);
1800 case FUSE_NOTIFY_INVAL_ENTRY:
1801 return fuse_notify_inval_entry(fc, size, cs);
1803 case FUSE_NOTIFY_STORE:
1804 return fuse_notify_store(fc, size, cs);
1806 case FUSE_NOTIFY_RETRIEVE:
1807 return fuse_notify_retrieve(fc, size, cs);
1809 case FUSE_NOTIFY_DELETE:
1810 return fuse_notify_delete(fc, size, cs);
1813 fuse_copy_finish(cs);
1818 /* Look up request on processing list by unique ID */
1819 static struct fuse_req *request_find(struct fuse_pqueue *fpq, u64 unique)
1821 struct fuse_req *req;
1823 list_for_each_entry(req, &fpq->processing, list) {
1824 if (req->in.h.unique == unique || req->intr_unique == unique)
1830 static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out,
1833 unsigned reqsize = sizeof(struct fuse_out_header);
1836 return nbytes != reqsize ? -EINVAL : 0;
1838 reqsize += len_args(out->numargs, out->args);
1840 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar))
1842 else if (reqsize > nbytes) {
1843 struct fuse_arg *lastarg = &out->args[out->numargs-1];
1844 unsigned diffsize = reqsize - nbytes;
1845 if (diffsize > lastarg->size)
1847 lastarg->size -= diffsize;
1849 return fuse_copy_args(cs, out->numargs, out->argpages, out->args,
1854 * Write a single reply to a request. First the header is copied from
1855 * the write buffer. The request is then searched on the processing
1856 * list by the unique ID found in the header. If found, then remove
1857 * it from the list and copy the rest of the buffer to the request.
1858 * The request is finished by calling request_end()
1860 static ssize_t fuse_dev_do_write(struct fuse_conn *fc,
1861 struct fuse_copy_state *cs, size_t nbytes)
1864 struct fuse_pqueue *fpq = &fc->pq;
1865 struct fuse_req *req;
1866 struct fuse_out_header oh;
1868 if (nbytes < sizeof(struct fuse_out_header))
1871 err = fuse_copy_one(cs, &oh, sizeof(oh));
1876 if (oh.len != nbytes)
1880 * Zero oh.unique indicates unsolicited notification message
1881 * and error contains notification code.
1884 err = fuse_notify(fc, oh.error, nbytes - sizeof(oh), cs);
1885 return err ? err : nbytes;
1889 if (oh.error <= -1000 || oh.error > 0)
1892 spin_lock(&fc->lock);
1897 req = request_find(fpq, oh.unique);
1901 /* Is it an interrupt reply? */
1902 if (req->intr_unique == oh.unique) {
1904 if (nbytes != sizeof(struct fuse_out_header))
1907 if (oh.error == -ENOSYS)
1908 fc->no_interrupt = 1;
1909 else if (oh.error == -EAGAIN)
1910 queue_interrupt(&fc->iq, req);
1912 spin_unlock(&fc->lock);
1913 fuse_copy_finish(cs);
1917 clear_bit(FR_SENT, &req->flags);
1918 list_move(&req->list, &fpq->io);
1920 set_bit(FR_LOCKED, &req->flags);
1922 if (!req->out.page_replace)
1924 spin_unlock(&fc->lock);
1926 err = copy_out_args(cs, &req->out, nbytes);
1927 fuse_copy_finish(cs);
1929 spin_lock(&fc->lock);
1930 clear_bit(FR_LOCKED, &req->flags);
1934 req->out.h.error = -EIO;
1935 request_end(fc, req);
1937 return err ? err : nbytes;
1940 spin_unlock(&fc->lock);
1942 fuse_copy_finish(cs);
1946 static ssize_t fuse_dev_write(struct kiocb *iocb, struct iov_iter *from)
1948 struct fuse_copy_state cs;
1949 struct fuse_conn *fc = fuse_get_conn(iocb->ki_filp);
1953 if (!iter_is_iovec(from))
1956 fuse_copy_init(&cs, 0, from);
1958 return fuse_dev_do_write(fc, &cs, iov_iter_count(from));
1961 static ssize_t fuse_dev_splice_write(struct pipe_inode_info *pipe,
1962 struct file *out, loff_t *ppos,
1963 size_t len, unsigned int flags)
1967 struct pipe_buffer *bufs;
1968 struct fuse_copy_state cs;
1969 struct fuse_conn *fc;
1973 fc = fuse_get_conn(out);
1977 bufs = kmalloc(pipe->buffers * sizeof(struct pipe_buffer), GFP_KERNEL);
1984 for (idx = 0; idx < pipe->nrbufs && rem < len; idx++)
1985 rem += pipe->bufs[(pipe->curbuf + idx) & (pipe->buffers - 1)].len;
1995 struct pipe_buffer *ibuf;
1996 struct pipe_buffer *obuf;
1998 BUG_ON(nbuf >= pipe->buffers);
1999 BUG_ON(!pipe->nrbufs);
2000 ibuf = &pipe->bufs[pipe->curbuf];
2003 if (rem >= ibuf->len) {
2006 pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1);
2009 ibuf->ops->get(pipe, ibuf);
2011 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
2013 ibuf->offset += obuf->len;
2014 ibuf->len -= obuf->len;
2021 fuse_copy_init(&cs, 0, NULL);
2026 if (flags & SPLICE_F_MOVE)
2029 ret = fuse_dev_do_write(fc, &cs, len);
2031 for (idx = 0; idx < nbuf; idx++) {
2032 struct pipe_buffer *buf = &bufs[idx];
2033 buf->ops->release(pipe, buf);
2040 static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
2042 unsigned mask = POLLOUT | POLLWRNORM;
2043 struct fuse_iqueue *fiq;
2044 struct fuse_conn *fc = fuse_get_conn(file);
2049 poll_wait(file, &fiq->waitq, wait);
2051 spin_lock(&fiq->waitq.lock);
2052 if (!fiq->connected)
2054 else if (request_pending(fiq))
2055 mask |= POLLIN | POLLRDNORM;
2056 spin_unlock(&fiq->waitq.lock);
2062 * Abort all requests on the given list (pending or processing)
2064 * This function releases and reacquires fc->lock
2066 static void end_requests(struct fuse_conn *fc, struct list_head *head)
2067 __releases(fc->lock)
2068 __acquires(fc->lock)
2070 while (!list_empty(head)) {
2071 struct fuse_req *req;
2072 req = list_entry(head->next, struct fuse_req, list);
2073 req->out.h.error = -ECONNABORTED;
2074 clear_bit(FR_PENDING, &req->flags);
2075 clear_bit(FR_SENT, &req->flags);
2076 request_end(fc, req);
2077 spin_lock(&fc->lock);
2081 static void end_polls(struct fuse_conn *fc)
2085 p = rb_first(&fc->polled_files);
2088 struct fuse_file *ff;
2089 ff = rb_entry(p, struct fuse_file, polled_node);
2090 wake_up_interruptible_all(&ff->poll_wait);
2097 * Abort all requests.
2099 * Emergency exit in case of a malicious or accidental deadlock, or just a hung
2102 * The same effect is usually achievable through killing the filesystem daemon
2103 * and all users of the filesystem. The exception is the combination of an
2104 * asynchronous request and the tricky deadlock (see
2105 * Documentation/filesystems/fuse.txt).
2107 * Aborting requests under I/O goes as follows: 1: Separate out unlocked
2108 * requests, they should be finished off immediately. Locked requests will be
2109 * finished after unlock; see unlock_request(). 2: Finish off the unlocked
2110 * requests. It is possible that some request will finish before we can. This
2111 * is OK, the request will in that case be removed from the list before we touch
2114 void fuse_abort_conn(struct fuse_conn *fc)
2116 struct fuse_iqueue *fiq = &fc->iq;
2117 struct fuse_pqueue *fpq = &fc->pq;
2119 spin_lock(&fc->lock);
2120 if (fc->connected) {
2121 struct fuse_req *req, *next;
2127 fuse_set_initialized(fc);
2128 list_for_each_entry_safe(req, next, &fpq->io, list) {
2129 req->out.h.error = -ECONNABORTED;
2130 spin_lock(&req->waitq.lock);
2131 set_bit(FR_ABORTED, &req->flags);
2132 if (!test_bit(FR_LOCKED, &req->flags))
2133 list_move(&req->list, &to_end1);
2134 spin_unlock(&req->waitq.lock);
2136 fc->max_background = UINT_MAX;
2139 spin_lock(&fiq->waitq.lock);
2141 list_splice_init(&fiq->pending, &to_end2);
2142 while (forget_pending(fiq))
2143 kfree(dequeue_forget(fiq, 1, NULL));
2144 wake_up_all_locked(&fiq->waitq);
2145 spin_unlock(&fiq->waitq.lock);
2146 kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
2148 list_splice_init(&fpq->processing, &to_end2);
2149 while (!list_empty(&to_end1)) {
2150 req = list_first_entry(&to_end1, struct fuse_req, list);
2151 __fuse_get_request(req);
2152 request_end(fc, req);
2153 spin_lock(&fc->lock);
2155 end_requests(fc, &to_end2);
2157 wake_up_all(&fc->blocked_waitq);
2159 spin_unlock(&fc->lock);
2161 EXPORT_SYMBOL_GPL(fuse_abort_conn);
2163 int fuse_dev_release(struct inode *inode, struct file *file)
2165 struct fuse_conn *fc = fuse_get_conn(file);
2167 WARN_ON(!list_empty(&fc->pq.io));
2168 WARN_ON(fc->iq.fasync != NULL);
2169 fuse_abort_conn(fc);
2175 EXPORT_SYMBOL_GPL(fuse_dev_release);
2177 static int fuse_dev_fasync(int fd, struct file *file, int on)
2179 struct fuse_conn *fc = fuse_get_conn(file);
2183 /* No locking - fasync_helper does its own locking */
2184 return fasync_helper(fd, file, on, &fc->iq.fasync);
2187 const struct file_operations fuse_dev_operations = {
2188 .owner = THIS_MODULE,
2189 .open = fuse_dev_open,
2190 .llseek = no_llseek,
2191 .read_iter = fuse_dev_read,
2192 .splice_read = fuse_dev_splice_read,
2193 .write_iter = fuse_dev_write,
2194 .splice_write = fuse_dev_splice_write,
2195 .poll = fuse_dev_poll,
2196 .release = fuse_dev_release,
2197 .fasync = fuse_dev_fasync,
2199 EXPORT_SYMBOL_GPL(fuse_dev_operations);
2201 static struct miscdevice fuse_miscdevice = {
2202 .minor = FUSE_MINOR,
2204 .fops = &fuse_dev_operations,
2207 int __init fuse_dev_init(void)
2210 fuse_req_cachep = kmem_cache_create("fuse_request",
2211 sizeof(struct fuse_req),
2213 if (!fuse_req_cachep)
2216 err = misc_register(&fuse_miscdevice);
2218 goto out_cache_clean;
2223 kmem_cache_destroy(fuse_req_cachep);
2228 void fuse_dev_cleanup(void)
2230 misc_deregister(&fuse_miscdevice);
2231 kmem_cache_destroy(fuse_req_cachep);
projects / linux-beck.git / blob