1c8383054SJeffle Xu // SPDX-License-Identifier: GPL-2.0-or-later
2c8383054SJeffle Xu #include <linux/fdtable.h>
3c8383054SJeffle Xu #include <linux/anon_inodes.h>
4c8383054SJeffle Xu #include <linux/uio.h>
5c8383054SJeffle Xu #include "internal.h"
6c8383054SJeffle Xu
7d2d3eb37SBaokun Li struct ondemand_anon_file {
8d2d3eb37SBaokun Li struct file *file;
9d2d3eb37SBaokun Li int fd;
10d2d3eb37SBaokun Li };
11d2d3eb37SBaokun Li
cachefiles_req_put(struct cachefiles_req * req)12a6de8276SBaokun Li static inline void cachefiles_req_put(struct cachefiles_req *req)
13a6de8276SBaokun Li {
14a6de8276SBaokun Li if (refcount_dec_and_test(&req->ref))
15a6de8276SBaokun Li kfree(req);
16a6de8276SBaokun Li }
17a6de8276SBaokun Li
cachefiles_ondemand_fd_release(struct inode * inode,struct file * file)18c8383054SJeffle Xu static int cachefiles_ondemand_fd_release(struct inode *inode,
19c8383054SJeffle Xu struct file *file)
20c8383054SJeffle Xu {
21c8383054SJeffle Xu struct cachefiles_object *object = file->private_data;
22527db1cbSBaokun Li struct cachefiles_cache *cache;
23527db1cbSBaokun Li struct cachefiles_ondemand_info *info;
24e564e48cSBaokun Li int object_id;
259032b6e8SJeffle Xu struct cachefiles_req *req;
26527db1cbSBaokun Li XA_STATE(xas, NULL, 0);
27527db1cbSBaokun Li
28527db1cbSBaokun Li if (!object)
29527db1cbSBaokun Li return 0;
30527db1cbSBaokun Li
31527db1cbSBaokun Li info = object->ondemand;
32527db1cbSBaokun Li cache = object->volume->cache;
33527db1cbSBaokun Li xas.xa = &cache->reqs;
34c8383054SJeffle Xu
359032b6e8SJeffle Xu xa_lock(&cache->reqs);
36e564e48cSBaokun Li spin_lock(&info->lock);
37e564e48cSBaokun Li object_id = info->ondemand_id;
3833d21f06SJia Zhu info->ondemand_id = CACHEFILES_ONDEMAND_ID_CLOSED;
39955190e1SJia Zhu cachefiles_ondemand_set_object_close(object);
40e564e48cSBaokun Li spin_unlock(&info->lock);
419032b6e8SJeffle Xu
42f740fd94SJia Zhu /* Only flush CACHEFILES_REQ_NEW marked req to avoid race with daemon_read */
43f740fd94SJia Zhu xas_for_each_marked(&xas, req, ULONG_MAX, CACHEFILES_REQ_NEW) {
4465aa5f6fSJia Zhu if (req->msg.object_id == object_id &&
45f740fd94SJia Zhu req->msg.opcode == CACHEFILES_OP_CLOSE) {
469032b6e8SJeffle Xu complete(&req->done);
479032b6e8SJeffle Xu xas_store(&xas, NULL);
489032b6e8SJeffle Xu }
499032b6e8SJeffle Xu }
509032b6e8SJeffle Xu xa_unlock(&cache->reqs);
519032b6e8SJeffle Xu
52c8383054SJeffle Xu xa_erase(&cache->ondemand_ids, object_id);
531519670eSJeffle Xu trace_cachefiles_ondemand_fd_release(object, object_id);
54c8383054SJeffle Xu cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd);
55d11b0b04SJeffle Xu cachefiles_put_unbind_pincount(cache);
56c8383054SJeffle Xu return 0;
57c8383054SJeffle Xu }
58c8383054SJeffle Xu
cachefiles_ondemand_fd_write_iter(struct kiocb * kiocb,struct iov_iter * iter)59c8383054SJeffle Xu static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
60c8383054SJeffle Xu struct iov_iter *iter)
61c8383054SJeffle Xu {
62c8383054SJeffle Xu struct cachefiles_object *object = kiocb->ki_filp->private_data;
63c8383054SJeffle Xu struct cachefiles_cache *cache = object->volume->cache;
64c8383054SJeffle Xu struct file *file = object->file;
65c8383054SJeffle Xu size_t len = iter->count;
66c8383054SJeffle Xu loff_t pos = kiocb->ki_pos;
67c8383054SJeffle Xu const struct cred *saved_cred;
68c8383054SJeffle Xu int ret;
69c8383054SJeffle Xu
70c8383054SJeffle Xu if (!file)
71c8383054SJeffle Xu return -ENOBUFS;
72c8383054SJeffle Xu
73c8383054SJeffle Xu cachefiles_begin_secure(cache, &saved_cred);
74c8383054SJeffle Xu ret = __cachefiles_prepare_write(object, file, &pos, &len, true);
75c8383054SJeffle Xu cachefiles_end_secure(cache, saved_cred);
76c8383054SJeffle Xu if (ret < 0)
77c8383054SJeffle Xu return ret;
78c8383054SJeffle Xu
791519670eSJeffle Xu trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len);
80c8383054SJeffle Xu ret = __cachefiles_write(object, file, pos, iter, NULL, NULL);
81*ae8c9639SZizhi Wo if (!ret) {
82c8383054SJeffle Xu ret = len;
83*ae8c9639SZizhi Wo kiocb->ki_pos += ret;
84*ae8c9639SZizhi Wo }
85c8383054SJeffle Xu
86c8383054SJeffle Xu return ret;
87c8383054SJeffle Xu }
88c8383054SJeffle Xu
cachefiles_ondemand_fd_llseek(struct file * filp,loff_t pos,int whence)89c8383054SJeffle Xu static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos,
90c8383054SJeffle Xu int whence)
91c8383054SJeffle Xu {
92c8383054SJeffle Xu struct cachefiles_object *object = filp->private_data;
93c8383054SJeffle Xu struct file *file = object->file;
94c8383054SJeffle Xu
95c8383054SJeffle Xu if (!file)
96c8383054SJeffle Xu return -ENOBUFS;
97c8383054SJeffle Xu
98c8383054SJeffle Xu return vfs_llseek(file, pos, whence);
99c8383054SJeffle Xu }
100c8383054SJeffle Xu
cachefiles_ondemand_fd_ioctl(struct file * filp,unsigned int ioctl,unsigned long id)1019032b6e8SJeffle Xu static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl,
10236d845ccSBaokun Li unsigned long id)
1039032b6e8SJeffle Xu {
1049032b6e8SJeffle Xu struct cachefiles_object *object = filp->private_data;
1059032b6e8SJeffle Xu struct cachefiles_cache *cache = object->volume->cache;
1069032b6e8SJeffle Xu struct cachefiles_req *req;
10736d845ccSBaokun Li XA_STATE(xas, &cache->reqs, id);
1089032b6e8SJeffle Xu
1099032b6e8SJeffle Xu if (ioctl != CACHEFILES_IOC_READ_COMPLETE)
1109032b6e8SJeffle Xu return -EINVAL;
1119032b6e8SJeffle Xu
1129032b6e8SJeffle Xu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
1139032b6e8SJeffle Xu return -EOPNOTSUPP;
1149032b6e8SJeffle Xu
11536d845ccSBaokun Li xa_lock(&cache->reqs);
11636d845ccSBaokun Li req = xas_load(&xas);
11736d845ccSBaokun Li if (!req || req->msg.opcode != CACHEFILES_OP_READ ||
11836d845ccSBaokun Li req->object != object) {
11936d845ccSBaokun Li xa_unlock(&cache->reqs);
1209032b6e8SJeffle Xu return -EINVAL;
12136d845ccSBaokun Li }
12236d845ccSBaokun Li xas_store(&xas, NULL);
12336d845ccSBaokun Li xa_unlock(&cache->reqs);
1249032b6e8SJeffle Xu
1251519670eSJeffle Xu trace_cachefiles_ondemand_cread(object, id);
1269032b6e8SJeffle Xu complete(&req->done);
1279032b6e8SJeffle Xu return 0;
1289032b6e8SJeffle Xu }
1299032b6e8SJeffle Xu
130c8383054SJeffle Xu static const struct file_operations cachefiles_ondemand_fd_fops = {
131c8383054SJeffle Xu .owner = THIS_MODULE,
132c8383054SJeffle Xu .release = cachefiles_ondemand_fd_release,
133c8383054SJeffle Xu .write_iter = cachefiles_ondemand_fd_write_iter,
134c8383054SJeffle Xu .llseek = cachefiles_ondemand_fd_llseek,
1359032b6e8SJeffle Xu .unlocked_ioctl = cachefiles_ondemand_fd_ioctl,
136c8383054SJeffle Xu };
137c8383054SJeffle Xu
138c8383054SJeffle Xu /*
139c8383054SJeffle Xu * OPEN request Completion (copen)
140c8383054SJeffle Xu * - command: "copen <id>,<cache_size>"
141c8383054SJeffle Xu * <cache_size> indicates the object size if >=0, error code if negative
142c8383054SJeffle Xu */
cachefiles_ondemand_copen(struct cachefiles_cache * cache,char * args)143c8383054SJeffle Xu int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args)
144c8383054SJeffle Xu {
145c8383054SJeffle Xu struct cachefiles_req *req;
146c8383054SJeffle Xu struct fscache_cookie *cookie;
147e564e48cSBaokun Li struct cachefiles_ondemand_info *info;
148c8383054SJeffle Xu char *pid, *psize;
149c8383054SJeffle Xu unsigned long id;
150c8383054SJeffle Xu long size;
151c8383054SJeffle Xu int ret;
15236d845ccSBaokun Li XA_STATE(xas, &cache->reqs, 0);
153c8383054SJeffle Xu
154c8383054SJeffle Xu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
155c8383054SJeffle Xu return -EOPNOTSUPP;
156c8383054SJeffle Xu
157c8383054SJeffle Xu if (!*args) {
158c8383054SJeffle Xu pr_err("Empty id specified\n");
159c8383054SJeffle Xu return -EINVAL;
160c8383054SJeffle Xu }
161c8383054SJeffle Xu
162c8383054SJeffle Xu pid = args;
163c8383054SJeffle Xu psize = strchr(args, ',');
164c8383054SJeffle Xu if (!psize) {
165c8383054SJeffle Xu pr_err("Cache size is not specified\n");
166c8383054SJeffle Xu return -EINVAL;
167c8383054SJeffle Xu }
168c8383054SJeffle Xu
169c8383054SJeffle Xu *psize = 0;
170c8383054SJeffle Xu psize++;
171c8383054SJeffle Xu
172c8383054SJeffle Xu ret = kstrtoul(pid, 0, &id);
173c8383054SJeffle Xu if (ret)
174c8383054SJeffle Xu return ret;
175c8383054SJeffle Xu
17636d845ccSBaokun Li xa_lock(&cache->reqs);
17736d845ccSBaokun Li xas.xa_index = id;
17836d845ccSBaokun Li req = xas_load(&xas);
17936d845ccSBaokun Li if (!req || req->msg.opcode != CACHEFILES_OP_OPEN ||
18036d845ccSBaokun Li !req->object->ondemand->ondemand_id) {
18136d845ccSBaokun Li xa_unlock(&cache->reqs);
182c8383054SJeffle Xu return -EINVAL;
18336d845ccSBaokun Li }
18436d845ccSBaokun Li xas_store(&xas, NULL);
18536d845ccSBaokun Li xa_unlock(&cache->reqs);
186c8383054SJeffle Xu
187c32ee78fSZizhi Wo info = req->object->ondemand;
188c8383054SJeffle Xu /* fail OPEN request if copen format is invalid */
189c8383054SJeffle Xu ret = kstrtol(psize, 0, &size);
190c8383054SJeffle Xu if (ret) {
191c8383054SJeffle Xu req->error = ret;
192c8383054SJeffle Xu goto out;
193c8383054SJeffle Xu }
194c8383054SJeffle Xu
195c8383054SJeffle Xu /* fail OPEN request if daemon reports an error */
196c8383054SJeffle Xu if (size < 0) {
197c93ccd63SSun Ke if (!IS_ERR_VALUE(size)) {
198c93ccd63SSun Ke req->error = -EINVAL;
199c93ccd63SSun Ke ret = -EINVAL;
200c93ccd63SSun Ke } else {
201c8383054SJeffle Xu req->error = size;
202c93ccd63SSun Ke ret = 0;
203c93ccd63SSun Ke }
204c8383054SJeffle Xu goto out;
205c8383054SJeffle Xu }
206c8383054SJeffle Xu
207e564e48cSBaokun Li spin_lock(&info->lock);
208e564e48cSBaokun Li /*
209e564e48cSBaokun Li * The anonymous fd was closed before copen ? Fail the request.
210e564e48cSBaokun Li *
211e564e48cSBaokun Li * t1 | t2
212e564e48cSBaokun Li * ---------------------------------------------------------
213e564e48cSBaokun Li * cachefiles_ondemand_copen
214e564e48cSBaokun Li * req = xa_erase(&cache->reqs, id)
215e564e48cSBaokun Li * // Anon fd is maliciously closed.
216e564e48cSBaokun Li * cachefiles_ondemand_fd_release
217e564e48cSBaokun Li * xa_lock(&cache->reqs)
218e564e48cSBaokun Li * cachefiles_ondemand_set_object_close(object)
219e564e48cSBaokun Li * xa_unlock(&cache->reqs)
220e564e48cSBaokun Li * cachefiles_ondemand_set_object_open
221e564e48cSBaokun Li * // No one will ever close it again.
222e564e48cSBaokun Li * cachefiles_ondemand_daemon_read
223e564e48cSBaokun Li * cachefiles_ondemand_select_req
224e564e48cSBaokun Li *
225e564e48cSBaokun Li * Get a read req but its fd is already closed. The daemon can't
226e564e48cSBaokun Li * issue a cread ioctl with an closed fd, then hung.
227e564e48cSBaokun Li */
228e564e48cSBaokun Li if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED) {
229e564e48cSBaokun Li spin_unlock(&info->lock);
230e564e48cSBaokun Li req->error = -EBADFD;
231e564e48cSBaokun Li goto out;
232e564e48cSBaokun Li }
233c8383054SJeffle Xu cookie = req->object->cookie;
234c8383054SJeffle Xu cookie->object_size = size;
235c8383054SJeffle Xu if (size)
236c8383054SJeffle Xu clear_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags);
237c8383054SJeffle Xu else
238c8383054SJeffle Xu set_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags);
2391519670eSJeffle Xu trace_cachefiles_ondemand_copen(req->object, id, size);
240c8383054SJeffle Xu
241955190e1SJia Zhu cachefiles_ondemand_set_object_open(req->object);
242e564e48cSBaokun Li spin_unlock(&info->lock);
243f740fd94SJia Zhu wake_up_all(&cache->daemon_pollwq);
244955190e1SJia Zhu
245c8383054SJeffle Xu out:
246c32ee78fSZizhi Wo spin_lock(&info->lock);
247c32ee78fSZizhi Wo /* Need to set object close to avoid reopen status continuing */
248c32ee78fSZizhi Wo if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED)
249c32ee78fSZizhi Wo cachefiles_ondemand_set_object_close(req->object);
250c32ee78fSZizhi Wo spin_unlock(&info->lock);
251c8383054SJeffle Xu complete(&req->done);
252c8383054SJeffle Xu return ret;
253c8383054SJeffle Xu }
254c8383054SJeffle Xu
cachefiles_ondemand_restore(struct cachefiles_cache * cache,char * args)2559f5fa40fSJia Zhu int cachefiles_ondemand_restore(struct cachefiles_cache *cache, char *args)
2569f5fa40fSJia Zhu {
2579f5fa40fSJia Zhu struct cachefiles_req *req;
2589f5fa40fSJia Zhu
2599f5fa40fSJia Zhu XA_STATE(xas, &cache->reqs, 0);
2609f5fa40fSJia Zhu
2619f5fa40fSJia Zhu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
2629f5fa40fSJia Zhu return -EOPNOTSUPP;
2639f5fa40fSJia Zhu
2649f5fa40fSJia Zhu /*
2659f5fa40fSJia Zhu * Reset the requests to CACHEFILES_REQ_NEW state, so that the
2669f5fa40fSJia Zhu * requests have been processed halfway before the crash of the
2679f5fa40fSJia Zhu * user daemon could be reprocessed after the recovery.
2689f5fa40fSJia Zhu */
2699f5fa40fSJia Zhu xas_lock(&xas);
2709f5fa40fSJia Zhu xas_for_each(&xas, req, ULONG_MAX)
2719f5fa40fSJia Zhu xas_set_mark(&xas, CACHEFILES_REQ_NEW);
2729f5fa40fSJia Zhu xas_unlock(&xas);
2739f5fa40fSJia Zhu
2749f5fa40fSJia Zhu wake_up_all(&cache->daemon_pollwq);
2759f5fa40fSJia Zhu return 0;
2769f5fa40fSJia Zhu }
2779f5fa40fSJia Zhu
cachefiles_ondemand_get_fd(struct cachefiles_req * req,struct ondemand_anon_file * anon_file)278d2d3eb37SBaokun Li static int cachefiles_ondemand_get_fd(struct cachefiles_req *req,
279d2d3eb37SBaokun Li struct ondemand_anon_file *anon_file)
280c8383054SJeffle Xu {
281c8383054SJeffle Xu struct cachefiles_object *object;
282c8383054SJeffle Xu struct cachefiles_cache *cache;
283c8383054SJeffle Xu struct cachefiles_open *load;
284c8383054SJeffle Xu u32 object_id;
285d2d3eb37SBaokun Li int ret;
286c8383054SJeffle Xu
287c8383054SJeffle Xu object = cachefiles_grab_object(req->object,
288c8383054SJeffle Xu cachefiles_obj_get_ondemand_fd);
289c8383054SJeffle Xu cache = object->volume->cache;
290c8383054SJeffle Xu
291c8383054SJeffle Xu ret = xa_alloc_cyclic(&cache->ondemand_ids, &object_id, NULL,
292c8383054SJeffle Xu XA_LIMIT(1, INT_MAX),
293c8383054SJeffle Xu &cache->ondemand_id_next, GFP_KERNEL);
294c8383054SJeffle Xu if (ret < 0)
295c8383054SJeffle Xu goto err;
296c8383054SJeffle Xu
297d2d3eb37SBaokun Li anon_file->fd = get_unused_fd_flags(O_WRONLY);
298d2d3eb37SBaokun Li if (anon_file->fd < 0) {
299d2d3eb37SBaokun Li ret = anon_file->fd;
300c8383054SJeffle Xu goto err_free_id;
301c8383054SJeffle Xu }
302c8383054SJeffle Xu
303d2d3eb37SBaokun Li anon_file->file = anon_inode_getfile("[cachefiles]",
304d2d3eb37SBaokun Li &cachefiles_ondemand_fd_fops, object, O_WRONLY);
305d2d3eb37SBaokun Li if (IS_ERR(anon_file->file)) {
306d2d3eb37SBaokun Li ret = PTR_ERR(anon_file->file);
307c8383054SJeffle Xu goto err_put_fd;
308c8383054SJeffle Xu }
309c8383054SJeffle Xu
310527db1cbSBaokun Li spin_lock(&object->ondemand->lock);
311527db1cbSBaokun Li if (object->ondemand->ondemand_id > 0) {
312527db1cbSBaokun Li spin_unlock(&object->ondemand->lock);
313527db1cbSBaokun Li /* Pair with check in cachefiles_ondemand_fd_release(). */
314d2d3eb37SBaokun Li anon_file->file->private_data = NULL;
315527db1cbSBaokun Li ret = -EEXIST;
316527db1cbSBaokun Li goto err_put_file;
317527db1cbSBaokun Li }
318527db1cbSBaokun Li
319d2d3eb37SBaokun Li anon_file->file->f_mode |= FMODE_PWRITE | FMODE_LSEEK;
320c8383054SJeffle Xu
321c8383054SJeffle Xu load = (void *)req->msg.data;
322d2d3eb37SBaokun Li load->fd = anon_file->fd;
32333d21f06SJia Zhu object->ondemand->ondemand_id = object_id;
324527db1cbSBaokun Li spin_unlock(&object->ondemand->lock);
325d11b0b04SJeffle Xu
326d11b0b04SJeffle Xu cachefiles_get_unbind_pincount(cache);
3271519670eSJeffle Xu trace_cachefiles_ondemand_open(object, &req->msg, load);
328c8383054SJeffle Xu return 0;
329c8383054SJeffle Xu
330527db1cbSBaokun Li err_put_file:
331d2d3eb37SBaokun Li fput(anon_file->file);
332d2d3eb37SBaokun Li anon_file->file = NULL;
333c8383054SJeffle Xu err_put_fd:
334d2d3eb37SBaokun Li put_unused_fd(anon_file->fd);
335d2d3eb37SBaokun Li anon_file->fd = ret;
336c8383054SJeffle Xu err_free_id:
337c8383054SJeffle Xu xa_erase(&cache->ondemand_ids, object_id);
338c8383054SJeffle Xu err:
339527db1cbSBaokun Li spin_lock(&object->ondemand->lock);
340527db1cbSBaokun Li /* Avoid marking an opened object as closed. */
341527db1cbSBaokun Li if (object->ondemand->ondemand_id <= 0)
342527db1cbSBaokun Li cachefiles_ondemand_set_object_close(object);
343527db1cbSBaokun Li spin_unlock(&object->ondemand->lock);
344c8383054SJeffle Xu cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd);
345c8383054SJeffle Xu return ret;
346c8383054SJeffle Xu }
347c8383054SJeffle Xu
ondemand_object_worker(struct work_struct * work)348f740fd94SJia Zhu static void ondemand_object_worker(struct work_struct *work)
349f740fd94SJia Zhu {
350f740fd94SJia Zhu struct cachefiles_ondemand_info *info =
351f740fd94SJia Zhu container_of(work, struct cachefiles_ondemand_info, ondemand_work);
352f740fd94SJia Zhu
353f740fd94SJia Zhu cachefiles_ondemand_init_object(info->object);
354f740fd94SJia Zhu }
355f740fd94SJia Zhu
356f740fd94SJia Zhu /*
357f740fd94SJia Zhu * If there are any inflight or subsequent READ requests on the
358f740fd94SJia Zhu * closed object, reopen it.
359f740fd94SJia Zhu * Skip read requests whose related object is reopening.
360f740fd94SJia Zhu */
cachefiles_ondemand_select_req(struct xa_state * xas,unsigned long xa_max)361f740fd94SJia Zhu static struct cachefiles_req *cachefiles_ondemand_select_req(struct xa_state *xas,
362f740fd94SJia Zhu unsigned long xa_max)
363f740fd94SJia Zhu {
364f740fd94SJia Zhu struct cachefiles_req *req;
365f740fd94SJia Zhu struct cachefiles_object *object;
366f740fd94SJia Zhu struct cachefiles_ondemand_info *info;
367f740fd94SJia Zhu
368f740fd94SJia Zhu xas_for_each_marked(xas, req, xa_max, CACHEFILES_REQ_NEW) {
369f740fd94SJia Zhu if (req->msg.opcode != CACHEFILES_OP_READ)
370f740fd94SJia Zhu return req;
371f740fd94SJia Zhu object = req->object;
372f740fd94SJia Zhu info = object->ondemand;
373f740fd94SJia Zhu if (cachefiles_ondemand_object_is_close(object)) {
374f740fd94SJia Zhu cachefiles_ondemand_set_object_reopening(object);
375f740fd94SJia Zhu queue_work(fscache_wq, &info->ondemand_work);
376f740fd94SJia Zhu continue;
377f740fd94SJia Zhu }
378f740fd94SJia Zhu if (cachefiles_ondemand_object_is_reopening(object))
379f740fd94SJia Zhu continue;
380f740fd94SJia Zhu return req;
381f740fd94SJia Zhu }
382f740fd94SJia Zhu return NULL;
383f740fd94SJia Zhu }
384f740fd94SJia Zhu
cachefiles_ondemand_finish_req(struct cachefiles_req * req,struct xa_state * xas,int err)3857c6ec082SBaokun Li static inline bool cachefiles_ondemand_finish_req(struct cachefiles_req *req,
3867c6ec082SBaokun Li struct xa_state *xas, int err)
3877c6ec082SBaokun Li {
3887c6ec082SBaokun Li if (unlikely(!xas || !req))
3897c6ec082SBaokun Li return false;
3907c6ec082SBaokun Li
3917c6ec082SBaokun Li if (xa_cmpxchg(xas->xa, xas->xa_index, req, NULL, 0) != req)
3927c6ec082SBaokun Li return false;
3937c6ec082SBaokun Li
3947c6ec082SBaokun Li req->error = err;
3957c6ec082SBaokun Li complete(&req->done);
3967c6ec082SBaokun Li return true;
3977c6ec082SBaokun Li }
3987c6ec082SBaokun Li
cachefiles_ondemand_daemon_read(struct cachefiles_cache * cache,char __user * _buffer,size_t buflen)399c8383054SJeffle Xu ssize_t cachefiles_ondemand_daemon_read(struct cachefiles_cache *cache,
400c8383054SJeffle Xu char __user *_buffer, size_t buflen)
401c8383054SJeffle Xu {
402c8383054SJeffle Xu struct cachefiles_req *req;
403c8383054SJeffle Xu struct cachefiles_msg *msg;
404c8383054SJeffle Xu size_t n;
405c8383054SJeffle Xu int ret = 0;
406d2d3eb37SBaokun Li struct ondemand_anon_file anon_file;
4071122f400SXin Yin XA_STATE(xas, &cache->reqs, cache->req_id_next);
408c8383054SJeffle Xu
409f740fd94SJia Zhu xa_lock(&cache->reqs);
410c8383054SJeffle Xu /*
4111122f400SXin Yin * Cyclically search for a request that has not ever been processed,
4121122f400SXin Yin * to prevent requests from being processed repeatedly, and make
4131122f400SXin Yin * request distribution fair.
414c8383054SJeffle Xu */
415f740fd94SJia Zhu req = cachefiles_ondemand_select_req(&xas, ULONG_MAX);
4161122f400SXin Yin if (!req && cache->req_id_next > 0) {
4171122f400SXin Yin xas_set(&xas, 0);
418f740fd94SJia Zhu req = cachefiles_ondemand_select_req(&xas, cache->req_id_next - 1);
4191122f400SXin Yin }
420c8383054SJeffle Xu if (!req) {
421c8383054SJeffle Xu xa_unlock(&cache->reqs);
422c8383054SJeffle Xu return 0;
423c8383054SJeffle Xu }
424c8383054SJeffle Xu
425c8383054SJeffle Xu msg = &req->msg;
426c8383054SJeffle Xu n = msg->len;
427c8383054SJeffle Xu
428c8383054SJeffle Xu if (n > buflen) {
429c8383054SJeffle Xu xa_unlock(&cache->reqs);
430c8383054SJeffle Xu return -EMSGSIZE;
431c8383054SJeffle Xu }
432c8383054SJeffle Xu
433c8383054SJeffle Xu xas_clear_mark(&xas, CACHEFILES_REQ_NEW);
4341122f400SXin Yin cache->req_id_next = xas.xa_index + 1;
435a6de8276SBaokun Li refcount_inc(&req->ref);
4363958679cSBaokun Li cachefiles_grab_object(req->object, cachefiles_obj_get_read_req);
437c8383054SJeffle Xu xa_unlock(&cache->reqs);
438c8383054SJeffle Xu
439c8383054SJeffle Xu if (msg->opcode == CACHEFILES_OP_OPEN) {
440d2d3eb37SBaokun Li ret = cachefiles_ondemand_get_fd(req, &anon_file);
441527db1cbSBaokun Li if (ret)
4421d95e501SBaokun Li goto out;
443c8383054SJeffle Xu }
444f740fd94SJia Zhu
4451d95e501SBaokun Li msg->msg_id = xas.xa_index;
446f740fd94SJia Zhu msg->object_id = req->object->ondemand->ondemand_id;
447c8383054SJeffle Xu
448d2d3eb37SBaokun Li if (copy_to_user(_buffer, msg, n) != 0)
449c8383054SJeffle Xu ret = -EFAULT;
450d2d3eb37SBaokun Li
451d2d3eb37SBaokun Li if (msg->opcode == CACHEFILES_OP_OPEN) {
452d2d3eb37SBaokun Li if (ret < 0) {
453d2d3eb37SBaokun Li fput(anon_file.file);
454d2d3eb37SBaokun Li put_unused_fd(anon_file.fd);
455d2d3eb37SBaokun Li goto out;
456d2d3eb37SBaokun Li }
457d2d3eb37SBaokun Li fd_install(anon_file.fd, anon_file.file);
4581d95e501SBaokun Li }
4591d95e501SBaokun Li out:
4603958679cSBaokun Li cachefiles_put_object(req->object, cachefiles_obj_put_read_req);
4611d95e501SBaokun Li /* Remove error request and CLOSE request has no reply */
4627c6ec082SBaokun Li if (ret || msg->opcode == CACHEFILES_OP_CLOSE)
4637c6ec082SBaokun Li cachefiles_ondemand_finish_req(req, &xas, ret);
464a6de8276SBaokun Li cachefiles_req_put(req);
4651d95e501SBaokun Li return ret ? ret : n;
466c8383054SJeffle Xu }
467c8383054SJeffle Xu
468c8383054SJeffle Xu typedef int (*init_req_fn)(struct cachefiles_req *req, void *private);
469c8383054SJeffle Xu
cachefiles_ondemand_send_req(struct cachefiles_object * object,enum cachefiles_opcode opcode,size_t data_len,init_req_fn init_req,void * private)470c8383054SJeffle Xu static int cachefiles_ondemand_send_req(struct cachefiles_object *object,
471c8383054SJeffle Xu enum cachefiles_opcode opcode,
472c8383054SJeffle Xu size_t data_len,
473c8383054SJeffle Xu init_req_fn init_req,
474c8383054SJeffle Xu void *private)
475c8383054SJeffle Xu {
476c8383054SJeffle Xu struct cachefiles_cache *cache = object->volume->cache;
477f740fd94SJia Zhu struct cachefiles_req *req = NULL;
478c8383054SJeffle Xu XA_STATE(xas, &cache->reqs, 0);
479c8383054SJeffle Xu int ret;
480c8383054SJeffle Xu
481c8383054SJeffle Xu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
482c8383054SJeffle Xu return 0;
483c8383054SJeffle Xu
484f740fd94SJia Zhu if (test_bit(CACHEFILES_DEAD, &cache->flags)) {
485f740fd94SJia Zhu ret = -EIO;
486f740fd94SJia Zhu goto out;
487f740fd94SJia Zhu }
488c8383054SJeffle Xu
489c8383054SJeffle Xu req = kzalloc(sizeof(*req) + data_len, GFP_KERNEL);
490f740fd94SJia Zhu if (!req) {
491f740fd94SJia Zhu ret = -ENOMEM;
492f740fd94SJia Zhu goto out;
493f740fd94SJia Zhu }
494c8383054SJeffle Xu
495a6de8276SBaokun Li refcount_set(&req->ref, 1);
496c8383054SJeffle Xu req->object = object;
497c8383054SJeffle Xu init_completion(&req->done);
498c8383054SJeffle Xu req->msg.opcode = opcode;
499c8383054SJeffle Xu req->msg.len = sizeof(struct cachefiles_msg) + data_len;
500c8383054SJeffle Xu
501c8383054SJeffle Xu ret = init_req(req, private);
502c8383054SJeffle Xu if (ret)
503c8383054SJeffle Xu goto out;
504c8383054SJeffle Xu
505c8383054SJeffle Xu do {
506c8383054SJeffle Xu /*
507c8383054SJeffle Xu * Stop enqueuing the request when daemon is dying. The
508c8383054SJeffle Xu * following two operations need to be atomic as a whole.
509c8383054SJeffle Xu * 1) check cache state, and
510c8383054SJeffle Xu * 2) enqueue request if cache is alive.
511c8383054SJeffle Xu * Otherwise the request may be enqueued after xarray has been
512c8383054SJeffle Xu * flushed, leaving the orphan request never being completed.
513c8383054SJeffle Xu *
514c8383054SJeffle Xu * CPU 1 CPU 2
515c8383054SJeffle Xu * ===== =====
516c8383054SJeffle Xu * test CACHEFILES_DEAD bit
517c8383054SJeffle Xu * set CACHEFILES_DEAD bit
518c8383054SJeffle Xu * flush requests in the xarray
519c8383054SJeffle Xu * enqueue the request
520c8383054SJeffle Xu */
521c8383054SJeffle Xu xas_lock(&xas);
522c8383054SJeffle Xu
52332e0a9a7SBaokun Li if (test_bit(CACHEFILES_DEAD, &cache->flags) ||
52432e0a9a7SBaokun Li cachefiles_ondemand_object_is_dropping(object)) {
525c8383054SJeffle Xu xas_unlock(&xas);
526c8383054SJeffle Xu ret = -EIO;
527c8383054SJeffle Xu goto out;
528c8383054SJeffle Xu }
529c8383054SJeffle Xu
530c8383054SJeffle Xu /* coupled with the barrier in cachefiles_flush_reqs() */
531c8383054SJeffle Xu smp_mb();
532c8383054SJeffle Xu
533f740fd94SJia Zhu if (opcode == CACHEFILES_OP_CLOSE &&
534955190e1SJia Zhu !cachefiles_ondemand_object_is_open(object)) {
53533d21f06SJia Zhu WARN_ON_ONCE(object->ondemand->ondemand_id == 0);
536324b954aSJeffle Xu xas_unlock(&xas);
537324b954aSJeffle Xu ret = -EIO;
538324b954aSJeffle Xu goto out;
539324b954aSJeffle Xu }
540324b954aSJeffle Xu
541de045a82SBaokun Li /*
542de045a82SBaokun Li * Cyclically find a free xas to avoid msg_id reuse that would
543de045a82SBaokun Li * cause the daemon to successfully copen a stale msg_id.
544de045a82SBaokun Li */
545de045a82SBaokun Li xas.xa_index = cache->msg_id_next;
546c8383054SJeffle Xu xas_find_marked(&xas, UINT_MAX, XA_FREE_MARK);
547de045a82SBaokun Li if (xas.xa_node == XAS_RESTART) {
548de045a82SBaokun Li xas.xa_index = 0;
549de045a82SBaokun Li xas_find_marked(&xas, cache->msg_id_next - 1, XA_FREE_MARK);
550de045a82SBaokun Li }
551c8383054SJeffle Xu if (xas.xa_node == XAS_RESTART)
552c8383054SJeffle Xu xas_set_err(&xas, -EBUSY);
553de045a82SBaokun Li
554c8383054SJeffle Xu xas_store(&xas, req);
555de045a82SBaokun Li if (xas_valid(&xas)) {
556de045a82SBaokun Li cache->msg_id_next = xas.xa_index + 1;
557c8383054SJeffle Xu xas_clear_mark(&xas, XA_FREE_MARK);
558c8383054SJeffle Xu xas_set_mark(&xas, CACHEFILES_REQ_NEW);
559de045a82SBaokun Li }
560c8383054SJeffle Xu xas_unlock(&xas);
561c8383054SJeffle Xu } while (xas_nomem(&xas, GFP_KERNEL));
562c8383054SJeffle Xu
563c8383054SJeffle Xu ret = xas_error(&xas);
564c8383054SJeffle Xu if (ret)
565c8383054SJeffle Xu goto out;
566c8383054SJeffle Xu
567c8383054SJeffle Xu wake_up_all(&cache->daemon_pollwq);
5687c6ec082SBaokun Li wait:
5697c6ec082SBaokun Li ret = wait_for_completion_killable(&req->done);
5707c6ec082SBaokun Li if (!ret) {
571c8383054SJeffle Xu ret = req->error;
5727c6ec082SBaokun Li } else {
5737c6ec082SBaokun Li ret = -EINTR;
5747c6ec082SBaokun Li if (!cachefiles_ondemand_finish_req(req, &xas, ret)) {
5757c6ec082SBaokun Li /* Someone will complete it soon. */
5767c6ec082SBaokun Li cpu_relax();
5777c6ec082SBaokun Li goto wait;
5787c6ec082SBaokun Li }
5797c6ec082SBaokun Li }
580a6de8276SBaokun Li cachefiles_req_put(req);
581f740fd94SJia Zhu return ret;
582c8383054SJeffle Xu out:
583f740fd94SJia Zhu /* Reset the object to close state in error handling path.
584f740fd94SJia Zhu * If error occurs after creating the anonymous fd,
585f740fd94SJia Zhu * cachefiles_ondemand_fd_release() will set object to close.
586f740fd94SJia Zhu */
58732e0a9a7SBaokun Li if (opcode == CACHEFILES_OP_OPEN &&
58832e0a9a7SBaokun Li !cachefiles_ondemand_object_is_dropping(object))
589f740fd94SJia Zhu cachefiles_ondemand_set_object_close(object);
590c8383054SJeffle Xu kfree(req);
591c8383054SJeffle Xu return ret;
592c8383054SJeffle Xu }
593c8383054SJeffle Xu
cachefiles_ondemand_init_open_req(struct cachefiles_req * req,void * private)594c8383054SJeffle Xu static int cachefiles_ondemand_init_open_req(struct cachefiles_req *req,
595c8383054SJeffle Xu void *private)
596c8383054SJeffle Xu {
597c8383054SJeffle Xu struct cachefiles_object *object = req->object;
598c8383054SJeffle Xu struct fscache_cookie *cookie = object->cookie;
599c8383054SJeffle Xu struct fscache_volume *volume = object->volume->vcookie;
600c8383054SJeffle Xu struct cachefiles_open *load = (void *)req->msg.data;
601c8383054SJeffle Xu size_t volume_key_size, cookie_key_size;
602c8383054SJeffle Xu void *volume_key, *cookie_key;
603c8383054SJeffle Xu
604c8383054SJeffle Xu /*
605c8383054SJeffle Xu * Volume key is a NUL-terminated string. key[0] stores strlen() of the
606c8383054SJeffle Xu * string, followed by the content of the string (excluding '\0').
607c8383054SJeffle Xu */
608c8383054SJeffle Xu volume_key_size = volume->key[0] + 1;
609c8383054SJeffle Xu volume_key = volume->key + 1;
610c8383054SJeffle Xu
611c8383054SJeffle Xu /* Cookie key is binary data, which is netfs specific. */
612c8383054SJeffle Xu cookie_key_size = cookie->key_len;
613c8383054SJeffle Xu cookie_key = fscache_get_key(cookie);
614c8383054SJeffle Xu
615c8383054SJeffle Xu if (!(object->cookie->advice & FSCACHE_ADV_WANT_CACHE_SIZE)) {
616c8383054SJeffle Xu pr_err("WANT_CACHE_SIZE is needed for on-demand mode\n");
617c8383054SJeffle Xu return -EINVAL;
618c8383054SJeffle Xu }
619c8383054SJeffle Xu
620c8383054SJeffle Xu load->volume_key_size = volume_key_size;
621c8383054SJeffle Xu load->cookie_key_size = cookie_key_size;
622c8383054SJeffle Xu memcpy(load->data, volume_key, volume_key_size);
623c8383054SJeffle Xu memcpy(load->data + volume_key_size, cookie_key, cookie_key_size);
624c8383054SJeffle Xu
625c8383054SJeffle Xu return 0;
626c8383054SJeffle Xu }
627c8383054SJeffle Xu
cachefiles_ondemand_init_close_req(struct cachefiles_req * req,void * private)628324b954aSJeffle Xu static int cachefiles_ondemand_init_close_req(struct cachefiles_req *req,
629324b954aSJeffle Xu void *private)
630324b954aSJeffle Xu {
631324b954aSJeffle Xu struct cachefiles_object *object = req->object;
632324b954aSJeffle Xu
633955190e1SJia Zhu if (!cachefiles_ondemand_object_is_open(object))
634324b954aSJeffle Xu return -ENOENT;
635324b954aSJeffle Xu
6361519670eSJeffle Xu trace_cachefiles_ondemand_close(object, &req->msg);
637324b954aSJeffle Xu return 0;
638324b954aSJeffle Xu }
639324b954aSJeffle Xu
6409032b6e8SJeffle Xu struct cachefiles_read_ctx {
6419032b6e8SJeffle Xu loff_t off;
6429032b6e8SJeffle Xu size_t len;
6439032b6e8SJeffle Xu };
6449032b6e8SJeffle Xu
cachefiles_ondemand_init_read_req(struct cachefiles_req * req,void * private)6459032b6e8SJeffle Xu static int cachefiles_ondemand_init_read_req(struct cachefiles_req *req,
6469032b6e8SJeffle Xu void *private)
6479032b6e8SJeffle Xu {
6489032b6e8SJeffle Xu struct cachefiles_object *object = req->object;
6499032b6e8SJeffle Xu struct cachefiles_read *load = (void *)req->msg.data;
6509032b6e8SJeffle Xu struct cachefiles_read_ctx *read_ctx = private;
6519032b6e8SJeffle Xu
6529032b6e8SJeffle Xu load->off = read_ctx->off;
6539032b6e8SJeffle Xu load->len = read_ctx->len;
6541519670eSJeffle Xu trace_cachefiles_ondemand_read(object, &req->msg, load);
6559032b6e8SJeffle Xu return 0;
6569032b6e8SJeffle Xu }
6579032b6e8SJeffle Xu
cachefiles_ondemand_init_object(struct cachefiles_object * object)658c8383054SJeffle Xu int cachefiles_ondemand_init_object(struct cachefiles_object *object)
659c8383054SJeffle Xu {
660c8383054SJeffle Xu struct fscache_cookie *cookie = object->cookie;
661c8383054SJeffle Xu struct fscache_volume *volume = object->volume->vcookie;
662c8383054SJeffle Xu size_t volume_key_size, cookie_key_size, data_len;
663c8383054SJeffle Xu
6648a73c08eSDavid Howells if (!object->ondemand)
6658a73c08eSDavid Howells return 0;
6668a73c08eSDavid Howells
667c8383054SJeffle Xu /*
668c8383054SJeffle Xu * CacheFiles will firstly check the cache file under the root cache
669c8383054SJeffle Xu * directory. If the coherency check failed, it will fallback to
670c8383054SJeffle Xu * creating a new tmpfile as the cache file. Reuse the previously
671c8383054SJeffle Xu * allocated object ID if any.
672c8383054SJeffle Xu */
673955190e1SJia Zhu if (cachefiles_ondemand_object_is_open(object))
674c8383054SJeffle Xu return 0;
675c8383054SJeffle Xu
676c8383054SJeffle Xu volume_key_size = volume->key[0] + 1;
677c8383054SJeffle Xu cookie_key_size = cookie->key_len;
678c8383054SJeffle Xu data_len = sizeof(struct cachefiles_open) +
679c8383054SJeffle Xu volume_key_size + cookie_key_size;
680c8383054SJeffle Xu
681c8383054SJeffle Xu return cachefiles_ondemand_send_req(object, CACHEFILES_OP_OPEN,
682c8383054SJeffle Xu data_len, cachefiles_ondemand_init_open_req, NULL);
683c8383054SJeffle Xu }
684324b954aSJeffle Xu
cachefiles_ondemand_clean_object(struct cachefiles_object * object)685324b954aSJeffle Xu void cachefiles_ondemand_clean_object(struct cachefiles_object *object)
686324b954aSJeffle Xu {
687ed60c1a8SBaokun Li unsigned long index;
688ed60c1a8SBaokun Li struct cachefiles_req *req;
689ed60c1a8SBaokun Li struct cachefiles_cache *cache;
690ed60c1a8SBaokun Li
69132e0a9a7SBaokun Li if (!object->ondemand)
69232e0a9a7SBaokun Li return;
69332e0a9a7SBaokun Li
694324b954aSJeffle Xu cachefiles_ondemand_send_req(object, CACHEFILES_OP_CLOSE, 0,
695324b954aSJeffle Xu cachefiles_ondemand_init_close_req, NULL);
696ed60c1a8SBaokun Li
697ed60c1a8SBaokun Li if (!object->ondemand->ondemand_id)
698ed60c1a8SBaokun Li return;
699ed60c1a8SBaokun Li
700ed60c1a8SBaokun Li /* Cancel all requests for the object that is being dropped. */
701ed60c1a8SBaokun Li cache = object->volume->cache;
702ed60c1a8SBaokun Li xa_lock(&cache->reqs);
70332e0a9a7SBaokun Li cachefiles_ondemand_set_object_dropping(object);
704ed60c1a8SBaokun Li xa_for_each(&cache->reqs, index, req) {
705ed60c1a8SBaokun Li if (req->object == object) {
706ed60c1a8SBaokun Li req->error = -EIO;
707ed60c1a8SBaokun Li complete(&req->done);
708ed60c1a8SBaokun Li __xa_erase(&cache->reqs, index);
709ed60c1a8SBaokun Li }
710ed60c1a8SBaokun Li }
711ed60c1a8SBaokun Li xa_unlock(&cache->reqs);
712d3179baeSHou Tao
713d3179baeSHou Tao /* Wait for ondemand_object_worker() to finish to avoid UAF. */
714d3179baeSHou Tao cancel_work_sync(&object->ondemand->ondemand_work);
715324b954aSJeffle Xu }
7169032b6e8SJeffle Xu
cachefiles_ondemand_init_obj_info(struct cachefiles_object * object,struct cachefiles_volume * volume)71733d21f06SJia Zhu int cachefiles_ondemand_init_obj_info(struct cachefiles_object *object,
71833d21f06SJia Zhu struct cachefiles_volume *volume)
71933d21f06SJia Zhu {
72033d21f06SJia Zhu if (!cachefiles_in_ondemand_mode(volume->cache))
72133d21f06SJia Zhu return 0;
72233d21f06SJia Zhu
72333d21f06SJia Zhu object->ondemand = kzalloc(sizeof(struct cachefiles_ondemand_info),
72433d21f06SJia Zhu GFP_KERNEL);
72533d21f06SJia Zhu if (!object->ondemand)
72633d21f06SJia Zhu return -ENOMEM;
72733d21f06SJia Zhu
72833d21f06SJia Zhu object->ondemand->object = object;
729e564e48cSBaokun Li spin_lock_init(&object->ondemand->lock);
730f740fd94SJia Zhu INIT_WORK(&object->ondemand->ondemand_work, ondemand_object_worker);
73133d21f06SJia Zhu return 0;
73233d21f06SJia Zhu }
73333d21f06SJia Zhu
cachefiles_ondemand_deinit_obj_info(struct cachefiles_object * object)73433d21f06SJia Zhu void cachefiles_ondemand_deinit_obj_info(struct cachefiles_object *object)
73533d21f06SJia Zhu {
73633d21f06SJia Zhu kfree(object->ondemand);
73733d21f06SJia Zhu object->ondemand = NULL;
73833d21f06SJia Zhu }
73933d21f06SJia Zhu
cachefiles_ondemand_read(struct cachefiles_object * object,loff_t pos,size_t len)7409032b6e8SJeffle Xu int cachefiles_ondemand_read(struct cachefiles_object *object,
7419032b6e8SJeffle Xu loff_t pos, size_t len)
7429032b6e8SJeffle Xu {
7439032b6e8SJeffle Xu struct cachefiles_read_ctx read_ctx = {pos, len};
7449032b6e8SJeffle Xu
7459032b6e8SJeffle Xu return cachefiles_ondemand_send_req(object, CACHEFILES_OP_READ,
7469032b6e8SJeffle Xu sizeof(struct cachefiles_read),
7479032b6e8SJeffle Xu cachefiles_ondemand_init_read_req, &read_ctx);
7489032b6e8SJeffle Xu }
749