2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu>
5 This program can be distributed under the terms of the GNU GPL.
11 #include <linux/init.h>
12 #include <linux/module.h>
13 #include <linux/poll.h>
14 #include <linux/uio.h>
15 #include <linux/miscdevice.h>
16 #include <linux/namei.h>
17 #include <linux/pagemap.h>
18 #include <linux/file.h>
19 #include <linux/slab.h>
20 #include <linux/pipe_fs_i.h>
21 #include <linux/swap.h>
22 #include <linux/splice.h>
23 #include <linux/freezer.h>
25 MODULE_ALIAS_MISCDEV(FUSE_MINOR);
26 MODULE_ALIAS("devname:fuse");
28 static struct kmem_cache *fuse_req_cachep;
30 static struct fuse_dev *fuse_get_dev(struct file *file)
33 * Lockless access is OK, because file->private data is set
34 * once during mount and is valid until the file is released.
36 return ACCESS_ONCE(file->private_data);
39 static void fuse_request_init(struct fuse_req *req, struct page **pages,
40 struct fuse_page_desc *page_descs,
43 memset(req, 0, sizeof(*req));
44 memset(pages, 0, sizeof(*pages) * npages);
45 memset(page_descs, 0, sizeof(*page_descs) * npages);
46 INIT_LIST_HEAD(&req->list);
47 INIT_LIST_HEAD(&req->intr_entry);
48 init_waitqueue_head(&req->waitq);
49 atomic_set(&req->count, 1);
51 req->page_descs = page_descs;
52 req->max_pages = npages;
53 __set_bit(FR_PENDING, &req->flags);
56 static struct fuse_req *__fuse_request_alloc(unsigned npages, gfp_t flags)
58 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, flags);
61 struct fuse_page_desc *page_descs;
63 if (npages <= FUSE_REQ_INLINE_PAGES) {
64 pages = req->inline_pages;
65 page_descs = req->inline_page_descs;
67 pages = kmalloc(sizeof(struct page *) * npages, flags);
68 page_descs = kmalloc(sizeof(struct fuse_page_desc) *
72 if (!pages || !page_descs) {
75 kmem_cache_free(fuse_req_cachep, req);
79 fuse_request_init(req, pages, page_descs, npages);
84 struct fuse_req *fuse_request_alloc(unsigned npages)
86 return __fuse_request_alloc(npages, GFP_KERNEL);
88 EXPORT_SYMBOL_GPL(fuse_request_alloc);
90 struct fuse_req *fuse_request_alloc_nofs(unsigned npages)
92 return __fuse_request_alloc(npages, GFP_NOFS);
95 void fuse_request_free(struct fuse_req *req)
97 if (req->pages != req->inline_pages) {
99 kfree(req->page_descs);
101 kmem_cache_free(fuse_req_cachep, req);
104 static void block_sigs(sigset_t *oldset)
108 siginitsetinv(&mask, sigmask(SIGKILL));
109 sigprocmask(SIG_BLOCK, &mask, oldset);
112 static void restore_sigs(sigset_t *oldset)
114 sigprocmask(SIG_SETMASK, oldset, NULL);
117 void __fuse_get_request(struct fuse_req *req)
119 atomic_inc(&req->count);
122 /* Must be called with > 1 refcount */
123 static void __fuse_put_request(struct fuse_req *req)
125 BUG_ON(atomic_read(&req->count) < 2);
126 atomic_dec(&req->count);
129 static void fuse_req_init_context(struct fuse_req *req)
131 req->in.h.uid = from_kuid_munged(&init_user_ns, current_fsuid());
132 req->in.h.gid = from_kgid_munged(&init_user_ns, current_fsgid());
133 req->in.h.pid = current->pid;
136 void fuse_set_initialized(struct fuse_conn *fc)
138 /* Make sure stores before this are seen on another CPU */
143 static bool fuse_block_alloc(struct fuse_conn *fc, bool for_background)
145 return !fc->initialized || (for_background && fc->blocked);
148 static void fuse_drop_waiting(struct fuse_conn *fc)
151 atomic_dec(&fc->num_waiting);
152 } else if (atomic_dec_and_test(&fc->num_waiting)) {
153 /* wake up aborters */
154 wake_up_all(&fc->blocked_waitq);
158 static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages,
161 struct fuse_req *req;
163 atomic_inc(&fc->num_waiting);
165 if (fuse_block_alloc(fc, for_background)) {
170 intr = wait_event_interruptible_exclusive(fc->blocked_waitq,
171 !fuse_block_alloc(fc, for_background));
172 restore_sigs(&oldset);
177 /* Matches smp_wmb() in fuse_set_initialized() */
188 req = fuse_request_alloc(npages);
192 wake_up(&fc->blocked_waitq);
196 fuse_req_init_context(req);
197 __set_bit(FR_WAITING, &req->flags);
199 __set_bit(FR_BACKGROUND, &req->flags);
204 fuse_drop_waiting(fc);
208 struct fuse_req *fuse_get_req(struct fuse_conn *fc, unsigned npages)
210 return __fuse_get_req(fc, npages, false);
212 EXPORT_SYMBOL_GPL(fuse_get_req);
214 struct fuse_req *fuse_get_req_for_background(struct fuse_conn *fc,
217 return __fuse_get_req(fc, npages, true);
219 EXPORT_SYMBOL_GPL(fuse_get_req_for_background);
222 * Return request in fuse_file->reserved_req. However that may
223 * currently be in use. If that is the case, wait for it to become
226 static struct fuse_req *get_reserved_req(struct fuse_conn *fc,
229 struct fuse_req *req = NULL;
230 struct fuse_file *ff = file->private_data;
233 wait_event(fc->reserved_req_waitq, ff->reserved_req);
234 spin_lock(&fc->lock);
235 if (ff->reserved_req) {
236 req = ff->reserved_req;
237 ff->reserved_req = NULL;
238 req->stolen_file = get_file(file);
240 spin_unlock(&fc->lock);
247 * Put stolen request back into fuse_file->reserved_req
249 static void put_reserved_req(struct fuse_conn *fc, struct fuse_req *req)
251 struct file *file = req->stolen_file;
252 struct fuse_file *ff = file->private_data;
254 spin_lock(&fc->lock);
255 fuse_request_init(req, req->pages, req->page_descs, req->max_pages);
256 BUG_ON(ff->reserved_req);
257 ff->reserved_req = req;
258 wake_up_all(&fc->reserved_req_waitq);
259 spin_unlock(&fc->lock);
264 * Gets a requests for a file operation, always succeeds
266 * This is used for sending the FLUSH request, which must get to
267 * userspace, due to POSIX locks which may need to be unlocked.
269 * If allocation fails due to OOM, use the reserved request in
272 * This is very unlikely to deadlock accidentally, since the
273 * filesystem should not have it's own file open. If deadlock is
274 * intentional, it can still be broken by "aborting" the filesystem.
276 struct fuse_req *fuse_get_req_nofail_nopages(struct fuse_conn *fc,
279 struct fuse_req *req;
281 atomic_inc(&fc->num_waiting);
282 wait_event(fc->blocked_waitq, fc->initialized);
283 /* Matches smp_wmb() in fuse_set_initialized() */
285 req = fuse_request_alloc(0);
287 req = get_reserved_req(fc, file);
289 fuse_req_init_context(req);
290 __set_bit(FR_WAITING, &req->flags);
291 __clear_bit(FR_BACKGROUND, &req->flags);
295 void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
297 if (atomic_dec_and_test(&req->count)) {
298 if (test_bit(FR_BACKGROUND, &req->flags)) {
300 * We get here in the unlikely case that a background
301 * request was allocated but not sent
303 spin_lock(&fc->lock);
305 wake_up(&fc->blocked_waitq);
306 spin_unlock(&fc->lock);
309 if (test_bit(FR_WAITING, &req->flags)) {
310 __clear_bit(FR_WAITING, &req->flags);
311 fuse_drop_waiting(fc);
314 if (req->stolen_file)
315 put_reserved_req(fc, req);
317 fuse_request_free(req);
320 EXPORT_SYMBOL_GPL(fuse_put_request);
322 static unsigned len_args(unsigned numargs, struct fuse_arg *args)
327 for (i = 0; i < numargs; i++)
328 nbytes += args[i].size;
333 static u64 fuse_get_unique(struct fuse_iqueue *fiq)
335 return ++fiq->reqctr;
338 static void queue_request(struct fuse_iqueue *fiq, struct fuse_req *req)
340 req->in.h.len = sizeof(struct fuse_in_header) +
341 len_args(req->in.numargs, (struct fuse_arg *) req->in.args);
342 list_add_tail(&req->list, &fiq->pending);
343 wake_up_locked(&fiq->waitq);
344 kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
347 void fuse_queue_forget(struct fuse_conn *fc, struct fuse_forget_link *forget,
348 u64 nodeid, u64 nlookup)
350 struct fuse_iqueue *fiq = &fc->iq;
352 forget->forget_one.nodeid = nodeid;
353 forget->forget_one.nlookup = nlookup;
355 spin_lock(&fiq->waitq.lock);
356 if (fiq->connected) {
357 fiq->forget_list_tail->next = forget;
358 fiq->forget_list_tail = forget;
359 wake_up_locked(&fiq->waitq);
360 kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
364 spin_unlock(&fiq->waitq.lock);
367 static void flush_bg_queue(struct fuse_conn *fc)
369 while (fc->active_background < fc->max_background &&
370 !list_empty(&fc->bg_queue)) {
371 struct fuse_req *req;
372 struct fuse_iqueue *fiq = &fc->iq;
374 req = list_entry(fc->bg_queue.next, struct fuse_req, list);
375 list_del(&req->list);
376 fc->active_background++;
377 spin_lock(&fiq->waitq.lock);
378 req->in.h.unique = fuse_get_unique(fiq);
379 queue_request(fiq, req);
380 spin_unlock(&fiq->waitq.lock);
385 * This function is called when a request is finished. Either a reply
386 * has arrived or it was aborted (and not yet sent) or some error
387 * occurred during communication with userspace, or the device file
388 * was closed. The requester thread is woken up (if still waiting),
389 * the 'end' callback is called if given, else the reference to the
390 * request is released
392 static void request_end(struct fuse_conn *fc, struct fuse_req *req)
394 struct fuse_iqueue *fiq = &fc->iq;
396 if (test_and_set_bit(FR_FINISHED, &req->flags))
399 spin_lock(&fiq->waitq.lock);
400 list_del_init(&req->intr_entry);
401 spin_unlock(&fiq->waitq.lock);
402 WARN_ON(test_bit(FR_PENDING, &req->flags));
403 WARN_ON(test_bit(FR_SENT, &req->flags));
404 if (test_bit(FR_BACKGROUND, &req->flags)) {
405 spin_lock(&fc->lock);
406 clear_bit(FR_BACKGROUND, &req->flags);
407 if (fc->num_background == fc->max_background)
410 /* Wake up next waiter, if any */
411 if (!fc->blocked && waitqueue_active(&fc->blocked_waitq))
412 wake_up(&fc->blocked_waitq);
414 if (fc->num_background == fc->congestion_threshold &&
415 fc->connected && fc->bdi_initialized) {
416 clear_bdi_congested(&fc->bdi, BLK_RW_SYNC);
417 clear_bdi_congested(&fc->bdi, BLK_RW_ASYNC);
419 fc->num_background--;
420 fc->active_background--;
422 spin_unlock(&fc->lock);
424 wake_up(&req->waitq);
428 fuse_put_request(fc, req);
431 static void queue_interrupt(struct fuse_iqueue *fiq, struct fuse_req *req)
433 spin_lock(&fiq->waitq.lock);
434 if (test_bit(FR_FINISHED, &req->flags)) {
435 spin_unlock(&fiq->waitq.lock);
438 if (list_empty(&req->intr_entry)) {
439 list_add_tail(&req->intr_entry, &fiq->interrupts);
440 wake_up_locked(&fiq->waitq);
442 spin_unlock(&fiq->waitq.lock);
443 kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
446 static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req)
448 struct fuse_iqueue *fiq = &fc->iq;
451 if (!fc->no_interrupt) {
452 /* Any signal may interrupt this */
453 err = wait_event_interruptible(req->waitq,
454 test_bit(FR_FINISHED, &req->flags));
458 set_bit(FR_INTERRUPTED, &req->flags);
459 /* matches barrier in fuse_dev_do_read() */
460 smp_mb__after_atomic();
461 if (test_bit(FR_SENT, &req->flags))
462 queue_interrupt(fiq, req);
465 if (!test_bit(FR_FORCE, &req->flags)) {
468 /* Only fatal signals may interrupt this */
470 err = wait_event_interruptible(req->waitq,
471 test_bit(FR_FINISHED, &req->flags));
472 restore_sigs(&oldset);
477 spin_lock(&fiq->waitq.lock);
478 /* Request is not yet in userspace, bail out */
479 if (test_bit(FR_PENDING, &req->flags)) {
480 list_del(&req->list);
481 spin_unlock(&fiq->waitq.lock);
482 __fuse_put_request(req);
483 req->out.h.error = -EINTR;
486 spin_unlock(&fiq->waitq.lock);
490 * Either request is already in userspace, or it was forced.
493 while (!test_bit(FR_FINISHED, &req->flags))
494 wait_event_freezable(req->waitq,
495 test_bit(FR_FINISHED, &req->flags));
498 static void __fuse_request_send(struct fuse_conn *fc, struct fuse_req *req)
500 struct fuse_iqueue *fiq = &fc->iq;
502 BUG_ON(test_bit(FR_BACKGROUND, &req->flags));
503 spin_lock(&fiq->waitq.lock);
504 if (!fiq->connected) {
505 spin_unlock(&fiq->waitq.lock);
506 req->out.h.error = -ENOTCONN;
508 req->in.h.unique = fuse_get_unique(fiq);
509 queue_request(fiq, req);
510 /* acquire extra reference, since request is still needed
511 after request_end() */
512 __fuse_get_request(req);
513 spin_unlock(&fiq->waitq.lock);
515 request_wait_answer(fc, req);
516 /* Pairs with smp_wmb() in request_end() */
521 void fuse_request_send(struct fuse_conn *fc, struct fuse_req *req)
523 __set_bit(FR_ISREPLY, &req->flags);
524 if (!test_bit(FR_WAITING, &req->flags)) {
525 __set_bit(FR_WAITING, &req->flags);
526 atomic_inc(&fc->num_waiting);
528 __fuse_request_send(fc, req);
530 EXPORT_SYMBOL_GPL(fuse_request_send);
532 static void fuse_adjust_compat(struct fuse_conn *fc, struct fuse_args *args)
534 if (fc->minor < 4 && args->in.h.opcode == FUSE_STATFS)
535 args->out.args[0].size = FUSE_COMPAT_STATFS_SIZE;
538 switch (args->in.h.opcode) {
545 args->out.args[0].size = FUSE_COMPAT_ENTRY_OUT_SIZE;
549 args->out.args[0].size = FUSE_COMPAT_ATTR_OUT_SIZE;
553 if (fc->minor < 12) {
554 switch (args->in.h.opcode) {
556 args->in.args[0].size = sizeof(struct fuse_open_in);
559 args->in.args[0].size = FUSE_COMPAT_MKNOD_IN_SIZE;
565 ssize_t fuse_simple_request(struct fuse_conn *fc, struct fuse_args *args)
567 struct fuse_req *req;
570 req = fuse_get_req(fc, 0);
574 /* Needs to be done after fuse_get_req() so that fc->minor is valid */
575 fuse_adjust_compat(fc, args);
577 req->in.h.opcode = args->in.h.opcode;
578 req->in.h.nodeid = args->in.h.nodeid;
579 req->in.numargs = args->in.numargs;
580 memcpy(req->in.args, args->in.args,
581 args->in.numargs * sizeof(struct fuse_in_arg));
582 req->out.argvar = args->out.argvar;
583 req->out.numargs = args->out.numargs;
584 memcpy(req->out.args, args->out.args,
585 args->out.numargs * sizeof(struct fuse_arg));
586 fuse_request_send(fc, req);
587 ret = req->out.h.error;
588 if (!ret && args->out.argvar) {
589 BUG_ON(args->out.numargs != 1);
590 ret = req->out.args[0].size;
592 fuse_put_request(fc, req);
598 * Called under fc->lock
600 * fc->connected must have been checked previously
602 void fuse_request_send_background_locked(struct fuse_conn *fc,
603 struct fuse_req *req)
605 BUG_ON(!test_bit(FR_BACKGROUND, &req->flags));
606 if (!test_bit(FR_WAITING, &req->flags)) {
607 __set_bit(FR_WAITING, &req->flags);
608 atomic_inc(&fc->num_waiting);
610 __set_bit(FR_ISREPLY, &req->flags);
611 fc->num_background++;
612 if (fc->num_background == fc->max_background)
614 if (fc->num_background == fc->congestion_threshold &&
615 fc->bdi_initialized) {
616 set_bdi_congested(&fc->bdi, BLK_RW_SYNC);
617 set_bdi_congested(&fc->bdi, BLK_RW_ASYNC);
619 list_add_tail(&req->list, &fc->bg_queue);
623 void fuse_request_send_background(struct fuse_conn *fc, struct fuse_req *req)
626 spin_lock(&fc->lock);
628 fuse_request_send_background_locked(fc, req);
629 spin_unlock(&fc->lock);
631 spin_unlock(&fc->lock);
632 req->out.h.error = -ENOTCONN;
634 fuse_put_request(fc, req);
637 EXPORT_SYMBOL_GPL(fuse_request_send_background);
639 static int fuse_request_send_notify_reply(struct fuse_conn *fc,
640 struct fuse_req *req, u64 unique)
643 struct fuse_iqueue *fiq = &fc->iq;
645 __clear_bit(FR_ISREPLY, &req->flags);
646 req->in.h.unique = unique;
647 spin_lock(&fiq->waitq.lock);
648 if (fiq->connected) {
649 queue_request(fiq, req);
652 spin_unlock(&fiq->waitq.lock);
657 void fuse_force_forget(struct file *file, u64 nodeid)
659 struct inode *inode = file_inode(file);
660 struct fuse_conn *fc = get_fuse_conn(inode);
661 struct fuse_req *req;
662 struct fuse_forget_in inarg;
664 memset(&inarg, 0, sizeof(inarg));
666 req = fuse_get_req_nofail_nopages(fc, file);
667 req->in.h.opcode = FUSE_FORGET;
668 req->in.h.nodeid = nodeid;
670 req->in.args[0].size = sizeof(inarg);
671 req->in.args[0].value = &inarg;
672 __clear_bit(FR_ISREPLY, &req->flags);
673 __fuse_request_send(fc, req);
675 fuse_put_request(fc, req);
679 * Lock the request. Up to the next unlock_request() there mustn't be
680 * anything that could cause a page-fault. If the request was already
683 static int lock_request(struct fuse_req *req)
687 spin_lock(&req->waitq.lock);
688 if (test_bit(FR_ABORTED, &req->flags))
691 set_bit(FR_LOCKED, &req->flags);
692 spin_unlock(&req->waitq.lock);
698 * Unlock request. If it was aborted while locked, caller is responsible
699 * for unlocking and ending the request.
701 static int unlock_request(struct fuse_req *req)
705 spin_lock(&req->waitq.lock);
706 if (test_bit(FR_ABORTED, &req->flags))
709 clear_bit(FR_LOCKED, &req->flags);
710 spin_unlock(&req->waitq.lock);
715 struct fuse_copy_state {
717 struct fuse_req *req;
718 struct iov_iter *iter;
719 struct pipe_buffer *pipebufs;
720 struct pipe_buffer *currbuf;
721 struct pipe_inode_info *pipe;
722 unsigned long nr_segs;
726 unsigned move_pages:1;
729 static void fuse_copy_init(struct fuse_copy_state *cs, int write,
730 struct iov_iter *iter)
732 memset(cs, 0, sizeof(*cs));
737 /* Unmap and put previous page of userspace buffer */
738 static void fuse_copy_finish(struct fuse_copy_state *cs)
741 struct pipe_buffer *buf = cs->currbuf;
744 buf->len = PAGE_SIZE - cs->len;
748 flush_dcache_page(cs->pg);
749 set_page_dirty_lock(cs->pg);
757 * Get another pagefull of userspace buffer, and map it to kernel
758 * address space, and lock request
760 static int fuse_copy_fill(struct fuse_copy_state *cs)
765 err = unlock_request(cs->req);
769 fuse_copy_finish(cs);
771 struct pipe_buffer *buf = cs->pipebufs;
774 err = buf->ops->confirm(cs->pipe, buf);
778 BUG_ON(!cs->nr_segs);
781 cs->offset = buf->offset;
786 if (cs->nr_segs == cs->pipe->buffers)
789 page = alloc_page(GFP_HIGHUSER);
806 err = iov_iter_get_pages(cs->iter, &page, PAGE_SIZE, 1, &off);
814 iov_iter_advance(cs->iter, err);
817 return lock_request(cs->req);
820 /* Do as much copy to/from userspace buffer as we can */
821 static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size)
823 unsigned ncpy = min(*size, cs->len);
825 void *pgaddr = kmap_atomic(cs->pg);
826 void *buf = pgaddr + cs->offset;
829 memcpy(buf, *val, ncpy);
831 memcpy(*val, buf, ncpy);
833 kunmap_atomic(pgaddr);
842 static int fuse_check_page(struct page *page)
844 if (page_mapcount(page) ||
845 page->mapping != NULL ||
846 page_count(page) != 1 ||
847 (page->flags & PAGE_FLAGS_CHECK_AT_PREP &
854 printk(KERN_WARNING "fuse: trying to steal weird page\n");
855 printk(KERN_WARNING " page=%p index=%li flags=%08lx, count=%i, mapcount=%i, mapping=%p\n", page, page->index, page->flags, page_count(page), page_mapcount(page), page->mapping);
861 static int fuse_try_move_page(struct fuse_copy_state *cs, struct page **pagep)
864 struct page *oldpage = *pagep;
865 struct page *newpage;
866 struct pipe_buffer *buf = cs->pipebufs;
868 err = unlock_request(cs->req);
872 fuse_copy_finish(cs);
874 err = buf->ops->confirm(cs->pipe, buf);
878 BUG_ON(!cs->nr_segs);
884 if (cs->len != PAGE_SIZE)
887 if (buf->ops->steal(cs->pipe, buf) != 0)
892 if (!PageUptodate(newpage))
893 SetPageUptodate(newpage);
895 ClearPageMappedToDisk(newpage);
897 if (fuse_check_page(newpage) != 0)
898 goto out_fallback_unlock;
901 * This is a new and locked page, it shouldn't be mapped or
902 * have any special flags on it
904 if (WARN_ON(page_mapped(oldpage)))
905 goto out_fallback_unlock;
906 if (WARN_ON(page_has_private(oldpage)))
907 goto out_fallback_unlock;
908 if (WARN_ON(PageDirty(oldpage) || PageWriteback(oldpage)))
909 goto out_fallback_unlock;
910 if (WARN_ON(PageMlocked(oldpage)))
911 goto out_fallback_unlock;
913 err = replace_page_cache_page(oldpage, newpage, GFP_KERNEL);
915 unlock_page(newpage);
919 page_cache_get(newpage);
921 if (!(buf->flags & PIPE_BUF_FLAG_LRU))
922 lru_cache_add_file(newpage);
925 spin_lock(&cs->req->waitq.lock);
926 if (test_bit(FR_ABORTED, &cs->req->flags))
930 spin_unlock(&cs->req->waitq.lock);
933 unlock_page(newpage);
934 page_cache_release(newpage);
938 unlock_page(oldpage);
939 page_cache_release(oldpage);
945 unlock_page(newpage);
948 cs->offset = buf->offset;
950 err = lock_request(cs->req);
957 static int fuse_ref_page(struct fuse_copy_state *cs, struct page *page,
958 unsigned offset, unsigned count)
960 struct pipe_buffer *buf;
963 if (cs->nr_segs == cs->pipe->buffers)
966 err = unlock_request(cs->req);
970 fuse_copy_finish(cs);
973 page_cache_get(page);
975 buf->offset = offset;
986 * Copy a page in the request to/from the userspace buffer. Must be
989 static int fuse_copy_page(struct fuse_copy_state *cs, struct page **pagep,
990 unsigned offset, unsigned count, int zeroing)
993 struct page *page = *pagep;
995 if (page && zeroing && count < PAGE_SIZE)
996 clear_highpage(page);
999 if (cs->write && cs->pipebufs && page) {
1000 return fuse_ref_page(cs, page, offset, count);
1001 } else if (!cs->len) {
1002 if (cs->move_pages && page &&
1003 offset == 0 && count == PAGE_SIZE) {
1004 err = fuse_try_move_page(cs, pagep);
1008 err = fuse_copy_fill(cs);
1014 void *mapaddr = kmap_atomic(page);
1015 void *buf = mapaddr + offset;
1016 offset += fuse_copy_do(cs, &buf, &count);
1017 kunmap_atomic(mapaddr);
1019 offset += fuse_copy_do(cs, NULL, &count);
1021 if (page && !cs->write)
1022 flush_dcache_page(page);
1026 /* Copy pages in the request to/from userspace buffer */
1027 static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes,
1031 struct fuse_req *req = cs->req;
1033 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) {
1035 unsigned offset = req->page_descs[i].offset;
1036 unsigned count = min(nbytes, req->page_descs[i].length);
1038 err = fuse_copy_page(cs, &req->pages[i], offset, count,
1048 /* Copy a single argument in the request to/from userspace buffer */
1049 static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size)
1053 int err = fuse_copy_fill(cs);
1057 fuse_copy_do(cs, &val, &size);
1062 /* Copy request arguments to/from userspace buffer */
1063 static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs,
1064 unsigned argpages, struct fuse_arg *args,
1070 for (i = 0; !err && i < numargs; i++) {
1071 struct fuse_arg *arg = &args[i];
1072 if (i == numargs - 1 && argpages)
1073 err = fuse_copy_pages(cs, arg->size, zeroing);
1075 err = fuse_copy_one(cs, arg->value, arg->size);
1080 static int forget_pending(struct fuse_iqueue *fiq)
1082 return fiq->forget_list_head.next != NULL;
1085 static int request_pending(struct fuse_iqueue *fiq)
1087 return !list_empty(&fiq->pending) || !list_empty(&fiq->interrupts) ||
1088 forget_pending(fiq);
1092 * Transfer an interrupt request to userspace
1094 * Unlike other requests this is assembled on demand, without a need
1095 * to allocate a separate fuse_req structure.
1097 * Called with fiq->waitq.lock held, releases it
1099 static int fuse_read_interrupt(struct fuse_iqueue *fiq,
1100 struct fuse_copy_state *cs,
1101 size_t nbytes, struct fuse_req *req)
1102 __releases(fiq->waitq.lock)
1104 struct fuse_in_header ih;
1105 struct fuse_interrupt_in arg;
1106 unsigned reqsize = sizeof(ih) + sizeof(arg);
1109 list_del_init(&req->intr_entry);
1110 req->intr_unique = fuse_get_unique(fiq);
1111 memset(&ih, 0, sizeof(ih));
1112 memset(&arg, 0, sizeof(arg));
1114 ih.opcode = FUSE_INTERRUPT;
1115 ih.unique = req->intr_unique;
1116 arg.unique = req->in.h.unique;
1118 spin_unlock(&fiq->waitq.lock);
1119 if (nbytes < reqsize)
1122 err = fuse_copy_one(cs, &ih, sizeof(ih));
1124 err = fuse_copy_one(cs, &arg, sizeof(arg));
1125 fuse_copy_finish(cs);
1127 return err ? err : reqsize;
1130 static struct fuse_forget_link *dequeue_forget(struct fuse_iqueue *fiq,
1134 struct fuse_forget_link *head = fiq->forget_list_head.next;
1135 struct fuse_forget_link **newhead = &head;
1138 for (count = 0; *newhead != NULL && count < max; count++)
1139 newhead = &(*newhead)->next;
1141 fiq->forget_list_head.next = *newhead;
1143 if (fiq->forget_list_head.next == NULL)
1144 fiq->forget_list_tail = &fiq->forget_list_head;
1152 static int fuse_read_single_forget(struct fuse_iqueue *fiq,
1153 struct fuse_copy_state *cs,
1155 __releases(fiq->waitq.lock)
1158 struct fuse_forget_link *forget = dequeue_forget(fiq, 1, NULL);
1159 struct fuse_forget_in arg = {
1160 .nlookup = forget->forget_one.nlookup,
1162 struct fuse_in_header ih = {
1163 .opcode = FUSE_FORGET,
1164 .nodeid = forget->forget_one.nodeid,
1165 .unique = fuse_get_unique(fiq),
1166 .len = sizeof(ih) + sizeof(arg),
1169 spin_unlock(&fiq->waitq.lock);
1171 if (nbytes < ih.len)
1174 err = fuse_copy_one(cs, &ih, sizeof(ih));
1176 err = fuse_copy_one(cs, &arg, sizeof(arg));
1177 fuse_copy_finish(cs);
1185 static int fuse_read_batch_forget(struct fuse_iqueue *fiq,
1186 struct fuse_copy_state *cs, size_t nbytes)
1187 __releases(fiq->waitq.lock)
1190 unsigned max_forgets;
1192 struct fuse_forget_link *head;
1193 struct fuse_batch_forget_in arg = { .count = 0 };
1194 struct fuse_in_header ih = {
1195 .opcode = FUSE_BATCH_FORGET,
1196 .unique = fuse_get_unique(fiq),
1197 .len = sizeof(ih) + sizeof(arg),
1200 if (nbytes < ih.len) {
1201 spin_unlock(&fiq->waitq.lock);
1205 max_forgets = (nbytes - ih.len) / sizeof(struct fuse_forget_one);
1206 head = dequeue_forget(fiq, max_forgets, &count);
1207 spin_unlock(&fiq->waitq.lock);
1210 ih.len += count * sizeof(struct fuse_forget_one);
1211 err = fuse_copy_one(cs, &ih, sizeof(ih));
1213 err = fuse_copy_one(cs, &arg, sizeof(arg));
1216 struct fuse_forget_link *forget = head;
1219 err = fuse_copy_one(cs, &forget->forget_one,
1220 sizeof(forget->forget_one));
1222 head = forget->next;
1226 fuse_copy_finish(cs);
1234 static int fuse_read_forget(struct fuse_conn *fc, struct fuse_iqueue *fiq,
1235 struct fuse_copy_state *cs,
1237 __releases(fiq->waitq.lock)
1239 if (fc->minor < 16 || fiq->forget_list_head.next->next == NULL)
1240 return fuse_read_single_forget(fiq, cs, nbytes);
1242 return fuse_read_batch_forget(fiq, cs, nbytes);
1246 * Read a single request into the userspace filesystem's buffer. This
1247 * function waits until a request is available, then removes it from
1248 * the pending list and copies request data to userspace buffer. If
1249 * no reply is needed (FORGET) or request has been aborted or there
1250 * was an error during the copying then it's finished by calling
1251 * request_end(). Otherwise add it to the processing list, and set
1254 static ssize_t fuse_dev_do_read(struct fuse_dev *fud, struct file *file,
1255 struct fuse_copy_state *cs, size_t nbytes)
1258 struct fuse_conn *fc = fud->fc;
1259 struct fuse_iqueue *fiq = &fc->iq;
1260 struct fuse_pqueue *fpq = &fud->pq;
1261 struct fuse_req *req;
1266 spin_lock(&fiq->waitq.lock);
1268 if ((file->f_flags & O_NONBLOCK) && fiq->connected &&
1269 !request_pending(fiq))
1272 err = wait_event_interruptible_exclusive_locked(fiq->waitq,
1273 !fiq->connected || request_pending(fiq));
1278 if (!fiq->connected)
1281 if (!list_empty(&fiq->interrupts)) {
1282 req = list_entry(fiq->interrupts.next, struct fuse_req,
1284 return fuse_read_interrupt(fiq, cs, nbytes, req);
1287 if (forget_pending(fiq)) {
1288 if (list_empty(&fiq->pending) || fiq->forget_batch-- > 0)
1289 return fuse_read_forget(fc, fiq, cs, nbytes);
1291 if (fiq->forget_batch <= -8)
1292 fiq->forget_batch = 16;
1295 req = list_entry(fiq->pending.next, struct fuse_req, list);
1296 clear_bit(FR_PENDING, &req->flags);
1297 list_del_init(&req->list);
1298 spin_unlock(&fiq->waitq.lock);
1301 reqsize = in->h.len;
1302 /* If request is too large, reply with an error and restart the read */
1303 if (nbytes < reqsize) {
1304 req->out.h.error = -EIO;
1305 /* SETXATTR is special, since it may contain too large data */
1306 if (in->h.opcode == FUSE_SETXATTR)
1307 req->out.h.error = -E2BIG;
1308 request_end(fc, req);
1311 spin_lock(&fpq->lock);
1312 list_add(&req->list, &fpq->io);
1313 spin_unlock(&fpq->lock);
1315 err = fuse_copy_one(cs, &in->h, sizeof(in->h));
1317 err = fuse_copy_args(cs, in->numargs, in->argpages,
1318 (struct fuse_arg *) in->args, 0);
1319 fuse_copy_finish(cs);
1320 spin_lock(&fpq->lock);
1321 clear_bit(FR_LOCKED, &req->flags);
1322 if (!fpq->connected) {
1327 req->out.h.error = -EIO;
1330 if (!test_bit(FR_ISREPLY, &req->flags)) {
1334 list_move_tail(&req->list, &fpq->processing);
1335 spin_unlock(&fpq->lock);
1336 set_bit(FR_SENT, &req->flags);
1337 /* matches barrier in request_wait_answer() */
1338 smp_mb__after_atomic();
1339 if (test_bit(FR_INTERRUPTED, &req->flags))
1340 queue_interrupt(fiq, req);
1345 if (!test_bit(FR_PRIVATE, &req->flags))
1346 list_del_init(&req->list);
1347 spin_unlock(&fpq->lock);
1348 request_end(fc, req);
1352 spin_unlock(&fiq->waitq.lock);
1356 static int fuse_dev_open(struct inode *inode, struct file *file)
1359 * The fuse device's file's private_data is used to hold
1360 * the fuse_conn(ection) when it is mounted, and is used to
1361 * keep track of whether the file has been mounted already.
1363 file->private_data = NULL;
1367 static ssize_t fuse_dev_read(struct kiocb *iocb, struct iov_iter *to)
1369 struct fuse_copy_state cs;
1370 struct file *file = iocb->ki_filp;
1371 struct fuse_dev *fud = fuse_get_dev(file);
1376 if (!iter_is_iovec(to))
1379 fuse_copy_init(&cs, 1, to);
1381 return fuse_dev_do_read(fud, file, &cs, iov_iter_count(to));
1384 static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
1385 struct pipe_inode_info *pipe,
1386 size_t len, unsigned int flags)
1391 struct pipe_buffer *bufs;
1392 struct fuse_copy_state cs;
1393 struct fuse_dev *fud = fuse_get_dev(in);
1398 bufs = kmalloc(pipe->buffers * sizeof(struct pipe_buffer), GFP_KERNEL);
1402 fuse_copy_init(&cs, 1, NULL);
1405 ret = fuse_dev_do_read(fud, in, &cs, len);
1412 if (!pipe->readers) {
1413 send_sig(SIGPIPE, current, 0);
1419 if (pipe->nrbufs + cs.nr_segs > pipe->buffers) {
1424 while (page_nr < cs.nr_segs) {
1425 int newbuf = (pipe->curbuf + pipe->nrbufs) & (pipe->buffers - 1);
1426 struct pipe_buffer *buf = pipe->bufs + newbuf;
1428 buf->page = bufs[page_nr].page;
1429 buf->offset = bufs[page_nr].offset;
1430 buf->len = bufs[page_nr].len;
1432 * Need to be careful about this. Having buf->ops in module
1433 * code can Oops if the buffer persists after module unload.
1435 buf->ops = &nosteal_pipe_buf_ops;
1450 if (waitqueue_active(&pipe->wait))
1451 wake_up_interruptible(&pipe->wait);
1452 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
1456 for (; page_nr < cs.nr_segs; page_nr++)
1457 page_cache_release(bufs[page_nr].page);
1463 static int fuse_notify_poll(struct fuse_conn *fc, unsigned int size,
1464 struct fuse_copy_state *cs)
1466 struct fuse_notify_poll_wakeup_out outarg;
1469 if (size != sizeof(outarg))
1472 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1476 fuse_copy_finish(cs);
1477 return fuse_notify_poll_wakeup(fc, &outarg);
1480 fuse_copy_finish(cs);
1484 static int fuse_notify_inval_inode(struct fuse_conn *fc, unsigned int size,
1485 struct fuse_copy_state *cs)
1487 struct fuse_notify_inval_inode_out outarg;
1490 if (size != sizeof(outarg))
1493 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1496 fuse_copy_finish(cs);
1498 down_read(&fc->killsb);
1501 err = fuse_reverse_inval_inode(fc->sb, outarg.ino,
1502 outarg.off, outarg.len);
1504 up_read(&fc->killsb);
1508 fuse_copy_finish(cs);
1512 static int fuse_notify_inval_entry(struct fuse_conn *fc, unsigned int size,
1513 struct fuse_copy_state *cs)
1515 struct fuse_notify_inval_entry_out outarg;
1520 buf = kzalloc(FUSE_NAME_MAX + 1, GFP_KERNEL);
1525 if (size < sizeof(outarg))
1528 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1532 err = -ENAMETOOLONG;
1533 if (outarg.namelen > FUSE_NAME_MAX)
1537 if (size != sizeof(outarg) + outarg.namelen + 1)
1541 name.len = outarg.namelen;
1542 err = fuse_copy_one(cs, buf, outarg.namelen + 1);
1545 fuse_copy_finish(cs);
1546 buf[outarg.namelen] = 0;
1547 name.hash = full_name_hash(name.name, name.len);
1549 down_read(&fc->killsb);
1552 err = fuse_reverse_inval_entry(fc->sb, outarg.parent, 0, &name);
1553 up_read(&fc->killsb);
1559 fuse_copy_finish(cs);
1563 static int fuse_notify_delete(struct fuse_conn *fc, unsigned int size,
1564 struct fuse_copy_state *cs)
1566 struct fuse_notify_delete_out outarg;
1571 buf = kzalloc(FUSE_NAME_MAX + 1, GFP_KERNEL);
1576 if (size < sizeof(outarg))
1579 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1583 err = -ENAMETOOLONG;
1584 if (outarg.namelen > FUSE_NAME_MAX)
1588 if (size != sizeof(outarg) + outarg.namelen + 1)
1592 name.len = outarg.namelen;
1593 err = fuse_copy_one(cs, buf, outarg.namelen + 1);
1596 fuse_copy_finish(cs);
1597 buf[outarg.namelen] = 0;
1598 name.hash = full_name_hash(name.name, name.len);
1600 down_read(&fc->killsb);
1603 err = fuse_reverse_inval_entry(fc->sb, outarg.parent,
1604 outarg.child, &name);
1605 up_read(&fc->killsb);
1611 fuse_copy_finish(cs);
1615 static int fuse_notify_store(struct fuse_conn *fc, unsigned int size,
1616 struct fuse_copy_state *cs)
1618 struct fuse_notify_store_out outarg;
1619 struct inode *inode;
1620 struct address_space *mapping;
1624 unsigned int offset;
1630 if (size < sizeof(outarg))
1633 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1638 if (size - sizeof(outarg) != outarg.size)
1641 nodeid = outarg.nodeid;
1643 down_read(&fc->killsb);
1649 inode = ilookup5(fc->sb, nodeid, fuse_inode_eq, &nodeid);
1653 mapping = inode->i_mapping;
1654 index = outarg.offset >> PAGE_CACHE_SHIFT;
1655 offset = outarg.offset & ~PAGE_CACHE_MASK;
1656 file_size = i_size_read(inode);
1657 end = outarg.offset + outarg.size;
1658 if (end > file_size) {
1660 fuse_write_update_size(inode, file_size);
1666 unsigned int this_num;
1669 page = find_or_create_page(mapping, index,
1670 mapping_gfp_mask(mapping));
1674 this_num = min_t(unsigned, num, PAGE_CACHE_SIZE - offset);
1675 err = fuse_copy_page(cs, &page, offset, this_num, 0);
1676 if (!err && offset == 0 &&
1677 (this_num == PAGE_CACHE_SIZE || file_size == end))
1678 SetPageUptodate(page);
1680 page_cache_release(page);
1695 up_read(&fc->killsb);
1697 fuse_copy_finish(cs);
1701 static void fuse_retrieve_end(struct fuse_conn *fc, struct fuse_req *req)
1703 release_pages(req->pages, req->num_pages, false);
1706 static int fuse_retrieve(struct fuse_conn *fc, struct inode *inode,
1707 struct fuse_notify_retrieve_out *outarg)
1710 struct address_space *mapping = inode->i_mapping;
1711 struct fuse_req *req;
1715 unsigned int offset;
1716 size_t total_len = 0;
1719 offset = outarg->offset & ~PAGE_CACHE_MASK;
1720 file_size = i_size_read(inode);
1723 if (outarg->offset > file_size)
1725 else if (outarg->offset + num > file_size)
1726 num = file_size - outarg->offset;
1728 num_pages = (num + offset + PAGE_SIZE - 1) >> PAGE_SHIFT;
1729 num_pages = min(num_pages, FUSE_MAX_PAGES_PER_REQ);
1731 req = fuse_get_req(fc, num_pages);
1733 return PTR_ERR(req);
1735 req->in.h.opcode = FUSE_NOTIFY_REPLY;
1736 req->in.h.nodeid = outarg->nodeid;
1737 req->in.numargs = 2;
1738 req->in.argpages = 1;
1739 req->page_descs[0].offset = offset;
1740 req->end = fuse_retrieve_end;
1742 index = outarg->offset >> PAGE_CACHE_SHIFT;
1744 while (num && req->num_pages < num_pages) {
1746 unsigned int this_num;
1748 page = find_get_page(mapping, index);
1752 this_num = min_t(unsigned, num, PAGE_CACHE_SIZE - offset);
1753 req->pages[req->num_pages] = page;
1754 req->page_descs[req->num_pages].length = this_num;
1759 total_len += this_num;
1762 req->misc.retrieve_in.offset = outarg->offset;
1763 req->misc.retrieve_in.size = total_len;
1764 req->in.args[0].size = sizeof(req->misc.retrieve_in);
1765 req->in.args[0].value = &req->misc.retrieve_in;
1766 req->in.args[1].size = total_len;
1768 err = fuse_request_send_notify_reply(fc, req, outarg->notify_unique);
1770 fuse_retrieve_end(fc, req);
1775 static int fuse_notify_retrieve(struct fuse_conn *fc, unsigned int size,
1776 struct fuse_copy_state *cs)
1778 struct fuse_notify_retrieve_out outarg;
1779 struct inode *inode;
1783 if (size != sizeof(outarg))
1786 err = fuse_copy_one(cs, &outarg, sizeof(outarg));
1790 fuse_copy_finish(cs);
1792 down_read(&fc->killsb);
1795 u64 nodeid = outarg.nodeid;
1797 inode = ilookup5(fc->sb, nodeid, fuse_inode_eq, &nodeid);
1799 err = fuse_retrieve(fc, inode, &outarg);
1803 up_read(&fc->killsb);
1808 fuse_copy_finish(cs);
1812 static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code,
1813 unsigned int size, struct fuse_copy_state *cs)
1815 /* Don't try to move pages (yet) */
1819 case FUSE_NOTIFY_POLL:
1820 return fuse_notify_poll(fc, size, cs);
1822 case FUSE_NOTIFY_INVAL_INODE:
1823 return fuse_notify_inval_inode(fc, size, cs);
1825 case FUSE_NOTIFY_INVAL_ENTRY:
1826 return fuse_notify_inval_entry(fc, size, cs);
1828 case FUSE_NOTIFY_STORE:
1829 return fuse_notify_store(fc, size, cs);
1831 case FUSE_NOTIFY_RETRIEVE:
1832 return fuse_notify_retrieve(fc, size, cs);
1834 case FUSE_NOTIFY_DELETE:
1835 return fuse_notify_delete(fc, size, cs);
1838 fuse_copy_finish(cs);
1843 /* Look up request on processing list by unique ID */
1844 static struct fuse_req *request_find(struct fuse_pqueue *fpq, u64 unique)
1846 struct fuse_req *req;
1848 list_for_each_entry(req, &fpq->processing, list) {
1849 if (req->in.h.unique == unique || req->intr_unique == unique)
1855 static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out,
1858 unsigned reqsize = sizeof(struct fuse_out_header);
1861 return nbytes != reqsize ? -EINVAL : 0;
1863 reqsize += len_args(out->numargs, out->args);
1865 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar))
1867 else if (reqsize > nbytes) {
1868 struct fuse_arg *lastarg = &out->args[out->numargs-1];
1869 unsigned diffsize = reqsize - nbytes;
1870 if (diffsize > lastarg->size)
1872 lastarg->size -= diffsize;
1874 return fuse_copy_args(cs, out->numargs, out->argpages, out->args,
1879 * Write a single reply to a request. First the header is copied from
1880 * the write buffer. The request is then searched on the processing
1881 * list by the unique ID found in the header. If found, then remove
1882 * it from the list and copy the rest of the buffer to the request.
1883 * The request is finished by calling request_end()
1885 static ssize_t fuse_dev_do_write(struct fuse_dev *fud,
1886 struct fuse_copy_state *cs, size_t nbytes)
1889 struct fuse_conn *fc = fud->fc;
1890 struct fuse_pqueue *fpq = &fud->pq;
1891 struct fuse_req *req;
1892 struct fuse_out_header oh;
1894 if (nbytes < sizeof(struct fuse_out_header))
1897 err = fuse_copy_one(cs, &oh, sizeof(oh));
1902 if (oh.len != nbytes)
1906 * Zero oh.unique indicates unsolicited notification message
1907 * and error contains notification code.
1910 err = fuse_notify(fc, oh.error, nbytes - sizeof(oh), cs);
1911 return err ? err : nbytes;
1915 if (oh.error <= -1000 || oh.error > 0)
1918 spin_lock(&fpq->lock);
1920 if (!fpq->connected)
1923 req = request_find(fpq, oh.unique);
1927 /* Is it an interrupt reply? */
1928 if (req->intr_unique == oh.unique) {
1929 spin_unlock(&fpq->lock);
1932 if (nbytes != sizeof(struct fuse_out_header))
1935 if (oh.error == -ENOSYS)
1936 fc->no_interrupt = 1;
1937 else if (oh.error == -EAGAIN)
1938 queue_interrupt(&fc->iq, req);
1940 fuse_copy_finish(cs);
1944 clear_bit(FR_SENT, &req->flags);
1945 list_move(&req->list, &fpq->io);
1947 set_bit(FR_LOCKED, &req->flags);
1948 spin_unlock(&fpq->lock);
1950 if (!req->out.page_replace)
1953 err = copy_out_args(cs, &req->out, nbytes);
1954 if (req->in.h.opcode == FUSE_CANONICAL_PATH) {
1955 char *path = (char *)req->out.args[0].value;
1957 path[req->out.args[0].size - 1] = 0;
1958 req->out.h.error = kern_path(path, 0, req->canonical_path);
1960 fuse_copy_finish(cs);
1962 spin_lock(&fpq->lock);
1963 clear_bit(FR_LOCKED, &req->flags);
1964 if (!fpq->connected)
1967 req->out.h.error = -EIO;
1968 if (!test_bit(FR_PRIVATE, &req->flags))
1969 list_del_init(&req->list);
1970 spin_unlock(&fpq->lock);
1972 request_end(fc, req);
1974 return err ? err : nbytes;
1977 spin_unlock(&fpq->lock);
1979 fuse_copy_finish(cs);
1983 static ssize_t fuse_dev_write(struct kiocb *iocb, struct iov_iter *from)
1985 struct fuse_copy_state cs;
1986 struct fuse_dev *fud = fuse_get_dev(iocb->ki_filp);
1991 if (!iter_is_iovec(from))
1994 fuse_copy_init(&cs, 0, from);
1996 return fuse_dev_do_write(fud, &cs, iov_iter_count(from));
1999 static ssize_t fuse_dev_splice_write(struct pipe_inode_info *pipe,
2000 struct file *out, loff_t *ppos,
2001 size_t len, unsigned int flags)
2005 struct pipe_buffer *bufs;
2006 struct fuse_copy_state cs;
2007 struct fuse_dev *fud;
2011 fud = fuse_get_dev(out);
2017 bufs = kmalloc(pipe->buffers * sizeof(struct pipe_buffer), GFP_KERNEL);
2025 for (idx = 0; idx < pipe->nrbufs && rem < len; idx++)
2026 rem += pipe->bufs[(pipe->curbuf + idx) & (pipe->buffers - 1)].len;
2036 struct pipe_buffer *ibuf;
2037 struct pipe_buffer *obuf;
2039 BUG_ON(nbuf >= pipe->buffers);
2040 BUG_ON(!pipe->nrbufs);
2041 ibuf = &pipe->bufs[pipe->curbuf];
2044 if (rem >= ibuf->len) {
2047 pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1);
2050 ibuf->ops->get(pipe, ibuf);
2052 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
2054 ibuf->offset += obuf->len;
2055 ibuf->len -= obuf->len;
2062 fuse_copy_init(&cs, 0, NULL);
2067 if (flags & SPLICE_F_MOVE)
2070 ret = fuse_dev_do_write(fud, &cs, len);
2072 for (idx = 0; idx < nbuf; idx++) {
2073 struct pipe_buffer *buf = &bufs[idx];
2074 buf->ops->release(pipe, buf);
2081 static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
2083 unsigned mask = POLLOUT | POLLWRNORM;
2084 struct fuse_iqueue *fiq;
2085 struct fuse_dev *fud = fuse_get_dev(file);
2091 poll_wait(file, &fiq->waitq, wait);
2093 spin_lock(&fiq->waitq.lock);
2094 if (!fiq->connected)
2096 else if (request_pending(fiq))
2097 mask |= POLLIN | POLLRDNORM;
2098 spin_unlock(&fiq->waitq.lock);
2104 * Abort all requests on the given list (pending or processing)
2106 * This function releases and reacquires fc->lock
2108 static void end_requests(struct fuse_conn *fc, struct list_head *head)
2110 while (!list_empty(head)) {
2111 struct fuse_req *req;
2112 req = list_entry(head->next, struct fuse_req, list);
2113 req->out.h.error = -ECONNABORTED;
2114 clear_bit(FR_SENT, &req->flags);
2115 list_del_init(&req->list);
2116 request_end(fc, req);
2120 static void end_polls(struct fuse_conn *fc)
2124 p = rb_first(&fc->polled_files);
2127 struct fuse_file *ff;
2128 ff = rb_entry(p, struct fuse_file, polled_node);
2129 wake_up_interruptible_all(&ff->poll_wait);
2136 * Abort all requests.
2138 * Emergency exit in case of a malicious or accidental deadlock, or just a hung
2141 * The same effect is usually achievable through killing the filesystem daemon
2142 * and all users of the filesystem. The exception is the combination of an
2143 * asynchronous request and the tricky deadlock (see
2144 * Documentation/filesystems/fuse.txt).
2146 * Aborting requests under I/O goes as follows: 1: Separate out unlocked
2147 * requests, they should be finished off immediately. Locked requests will be
2148 * finished after unlock; see unlock_request(). 2: Finish off the unlocked
2149 * requests. It is possible that some request will finish before we can. This
2150 * is OK, the request will in that case be removed from the list before we touch
2153 void fuse_abort_conn(struct fuse_conn *fc)
2155 struct fuse_iqueue *fiq = &fc->iq;
2157 spin_lock(&fc->lock);
2158 if (fc->connected) {
2159 struct fuse_dev *fud;
2160 struct fuse_req *req, *next;
2166 fuse_set_initialized(fc);
2167 list_for_each_entry(fud, &fc->devices, entry) {
2168 struct fuse_pqueue *fpq = &fud->pq;
2170 spin_lock(&fpq->lock);
2172 list_for_each_entry_safe(req, next, &fpq->io, list) {
2173 req->out.h.error = -ECONNABORTED;
2174 spin_lock(&req->waitq.lock);
2175 set_bit(FR_ABORTED, &req->flags);
2176 if (!test_bit(FR_LOCKED, &req->flags)) {
2177 set_bit(FR_PRIVATE, &req->flags);
2178 __fuse_get_request(req);
2179 list_move(&req->list, &to_end1);
2181 spin_unlock(&req->waitq.lock);
2183 list_splice_init(&fpq->processing, &to_end2);
2184 spin_unlock(&fpq->lock);
2186 fc->max_background = UINT_MAX;
2189 spin_lock(&fiq->waitq.lock);
2191 list_splice_init(&fiq->pending, &to_end2);
2192 list_for_each_entry(req, &to_end2, list)
2193 clear_bit(FR_PENDING, &req->flags);
2194 while (forget_pending(fiq))
2195 kfree(dequeue_forget(fiq, 1, NULL));
2196 wake_up_all_locked(&fiq->waitq);
2197 spin_unlock(&fiq->waitq.lock);
2198 kill_fasync(&fiq->fasync, SIGIO, POLL_IN);
2200 wake_up_all(&fc->blocked_waitq);
2201 spin_unlock(&fc->lock);
2203 while (!list_empty(&to_end1)) {
2204 req = list_first_entry(&to_end1, struct fuse_req, list);
2205 list_del_init(&req->list);
2206 request_end(fc, req);
2208 end_requests(fc, &to_end2);
2210 spin_unlock(&fc->lock);
2213 EXPORT_SYMBOL_GPL(fuse_abort_conn);
2215 void fuse_wait_aborted(struct fuse_conn *fc)
2217 wait_event(fc->blocked_waitq, atomic_read(&fc->num_waiting) == 0);
2220 int fuse_dev_release(struct inode *inode, struct file *file)
2222 struct fuse_dev *fud = fuse_get_dev(file);
2225 struct fuse_conn *fc = fud->fc;
2226 struct fuse_pqueue *fpq = &fud->pq;
2229 spin_lock(&fpq->lock);
2230 WARN_ON(!list_empty(&fpq->io));
2231 list_splice_init(&fpq->processing, &to_end);
2232 spin_unlock(&fpq->lock);
2234 end_requests(fc, &to_end);
2236 /* Are we the last open device? */
2237 if (atomic_dec_and_test(&fc->dev_count)) {
2238 WARN_ON(fc->iq.fasync != NULL);
2239 fuse_abort_conn(fc);
2245 EXPORT_SYMBOL_GPL(fuse_dev_release);
2247 static int fuse_dev_fasync(int fd, struct file *file, int on)
2249 struct fuse_dev *fud = fuse_get_dev(file);
2254 /* No locking - fasync_helper does its own locking */
2255 return fasync_helper(fd, file, on, &fud->fc->iq.fasync);
2258 static int fuse_device_clone(struct fuse_conn *fc, struct file *new)
2260 struct fuse_dev *fud;
2262 if (new->private_data)
2265 fud = fuse_dev_alloc(fc);
2269 new->private_data = fud;
2270 atomic_inc(&fc->dev_count);
2275 static long fuse_dev_ioctl(struct file *file, unsigned int cmd,
2280 if (cmd == FUSE_DEV_IOC_CLONE) {
2284 if (!get_user(oldfd, (__u32 __user *) arg)) {
2285 struct file *old = fget(oldfd);
2289 struct fuse_dev *fud = NULL;
2292 * Check against file->f_op because CUSE
2293 * uses the same ioctl handler.
2295 if (old->f_op == file->f_op &&
2296 old->f_cred->user_ns == file->f_cred->user_ns)
2297 fud = fuse_get_dev(old);
2300 mutex_lock(&fuse_mutex);
2301 err = fuse_device_clone(fud->fc, file);
2302 mutex_unlock(&fuse_mutex);
2311 const struct file_operations fuse_dev_operations = {
2312 .owner = THIS_MODULE,
2313 .open = fuse_dev_open,
2314 .llseek = no_llseek,
2315 .read_iter = fuse_dev_read,
2316 .splice_read = fuse_dev_splice_read,
2317 .write_iter = fuse_dev_write,
2318 .splice_write = fuse_dev_splice_write,
2319 .poll = fuse_dev_poll,
2320 .release = fuse_dev_release,
2321 .fasync = fuse_dev_fasync,
2322 .unlocked_ioctl = fuse_dev_ioctl,
2323 .compat_ioctl = fuse_dev_ioctl,
2325 EXPORT_SYMBOL_GPL(fuse_dev_operations);
2327 static struct miscdevice fuse_miscdevice = {
2328 .minor = FUSE_MINOR,
2330 .fops = &fuse_dev_operations,
2333 int __init fuse_dev_init(void)
2336 fuse_req_cachep = kmem_cache_create("fuse_request",
2337 sizeof(struct fuse_req),
2339 if (!fuse_req_cachep)
2342 err = misc_register(&fuse_miscdevice);
2344 goto out_cache_clean;
2349 kmem_cache_destroy(fuse_req_cachep);
2354 void fuse_dev_cleanup(void)
2356 misc_deregister(&fuse_miscdevice);
2357 kmem_cache_destroy(fuse_req_cachep);