1c8383054SJeffle Xu // SPDX-License-Identifier: GPL-2.0-or-later 2c8383054SJeffle Xu #include <linux/fdtable.h> 3c8383054SJeffle Xu #include <linux/anon_inodes.h> 4c8383054SJeffle Xu #include <linux/uio.h> 5c8383054SJeffle Xu #include "internal.h" 6c8383054SJeffle Xu 7d2d3eb37SBaokun Li struct ondemand_anon_file { 8d2d3eb37SBaokun Li struct file *file; 9d2d3eb37SBaokun Li int fd; 10d2d3eb37SBaokun Li }; 11d2d3eb37SBaokun Li 12a6de8276SBaokun Li static inline void cachefiles_req_put(struct cachefiles_req *req) 13a6de8276SBaokun Li { 14a6de8276SBaokun Li if (refcount_dec_and_test(&req->ref)) 15a6de8276SBaokun Li kfree(req); 16a6de8276SBaokun Li } 17a6de8276SBaokun Li 18c8383054SJeffle Xu static int cachefiles_ondemand_fd_release(struct inode *inode, 19c8383054SJeffle Xu struct file *file) 20c8383054SJeffle Xu { 21c8383054SJeffle Xu struct cachefiles_object *object = file->private_data; 22527db1cbSBaokun Li struct cachefiles_cache *cache; 23527db1cbSBaokun Li struct cachefiles_ondemand_info *info; 24e564e48cSBaokun Li int object_id; 259032b6e8SJeffle Xu struct cachefiles_req *req; 26527db1cbSBaokun Li XA_STATE(xas, NULL, 0); 27527db1cbSBaokun Li 28527db1cbSBaokun Li if (!object) 29527db1cbSBaokun Li return 0; 30527db1cbSBaokun Li 31527db1cbSBaokun Li info = object->ondemand; 32527db1cbSBaokun Li cache = object->volume->cache; 33527db1cbSBaokun Li xas.xa = &cache->reqs; 34c8383054SJeffle Xu 359032b6e8SJeffle Xu xa_lock(&cache->reqs); 36e564e48cSBaokun Li spin_lock(&info->lock); 37e564e48cSBaokun Li object_id = info->ondemand_id; 3833d21f06SJia Zhu info->ondemand_id = CACHEFILES_ONDEMAND_ID_CLOSED; 39955190e1SJia Zhu cachefiles_ondemand_set_object_close(object); 40e564e48cSBaokun Li spin_unlock(&info->lock); 419032b6e8SJeffle Xu 42f740fd94SJia Zhu /* Only flush CACHEFILES_REQ_NEW marked req to avoid race with daemon_read */ 43f740fd94SJia Zhu xas_for_each_marked(&xas, req, ULONG_MAX, CACHEFILES_REQ_NEW) { 4465aa5f6fSJia Zhu if (req->msg.object_id == object_id && 45f740fd94SJia Zhu req->msg.opcode == CACHEFILES_OP_CLOSE) { 469032b6e8SJeffle Xu complete(&req->done); 479032b6e8SJeffle Xu xas_store(&xas, NULL); 489032b6e8SJeffle Xu } 499032b6e8SJeffle Xu } 509032b6e8SJeffle Xu xa_unlock(&cache->reqs); 519032b6e8SJeffle Xu 52c8383054SJeffle Xu xa_erase(&cache->ondemand_ids, object_id); 531519670eSJeffle Xu trace_cachefiles_ondemand_fd_release(object, object_id); 54c8383054SJeffle Xu cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd); 55d11b0b04SJeffle Xu cachefiles_put_unbind_pincount(cache); 56c8383054SJeffle Xu return 0; 57c8383054SJeffle Xu } 58c8383054SJeffle Xu 59c8383054SJeffle Xu static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb, 60c8383054SJeffle Xu struct iov_iter *iter) 61c8383054SJeffle Xu { 62c8383054SJeffle Xu struct cachefiles_object *object = kiocb->ki_filp->private_data; 63c8383054SJeffle Xu struct cachefiles_cache *cache = object->volume->cache; 64c8383054SJeffle Xu struct file *file = object->file; 65c8383054SJeffle Xu size_t len = iter->count; 66c8383054SJeffle Xu loff_t pos = kiocb->ki_pos; 67c8383054SJeffle Xu const struct cred *saved_cred; 68c8383054SJeffle Xu int ret; 69c8383054SJeffle Xu 70c8383054SJeffle Xu if (!file) 71c8383054SJeffle Xu return -ENOBUFS; 72c8383054SJeffle Xu 73c8383054SJeffle Xu cachefiles_begin_secure(cache, &saved_cred); 74c8383054SJeffle Xu ret = __cachefiles_prepare_write(object, file, &pos, &len, true); 75c8383054SJeffle Xu cachefiles_end_secure(cache, saved_cred); 76c8383054SJeffle Xu if (ret < 0) 77c8383054SJeffle Xu return ret; 78c8383054SJeffle Xu 791519670eSJeffle Xu trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len); 80c8383054SJeffle Xu ret = __cachefiles_write(object, file, pos, iter, NULL, NULL); 81c8383054SJeffle Xu if (!ret) 82c8383054SJeffle Xu ret = len; 83c8383054SJeffle Xu 84c8383054SJeffle Xu return ret; 85c8383054SJeffle Xu } 86c8383054SJeffle Xu 87c8383054SJeffle Xu static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos, 88c8383054SJeffle Xu int whence) 89c8383054SJeffle Xu { 90c8383054SJeffle Xu struct cachefiles_object *object = filp->private_data; 91c8383054SJeffle Xu struct file *file = object->file; 92c8383054SJeffle Xu 93c8383054SJeffle Xu if (!file) 94c8383054SJeffle Xu return -ENOBUFS; 95c8383054SJeffle Xu 96c8383054SJeffle Xu return vfs_llseek(file, pos, whence); 97c8383054SJeffle Xu } 98c8383054SJeffle Xu 999032b6e8SJeffle Xu static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl, 100*36d845ccSBaokun Li unsigned long id) 1019032b6e8SJeffle Xu { 1029032b6e8SJeffle Xu struct cachefiles_object *object = filp->private_data; 1039032b6e8SJeffle Xu struct cachefiles_cache *cache = object->volume->cache; 1049032b6e8SJeffle Xu struct cachefiles_req *req; 105*36d845ccSBaokun Li XA_STATE(xas, &cache->reqs, id); 1069032b6e8SJeffle Xu 1079032b6e8SJeffle Xu if (ioctl != CACHEFILES_IOC_READ_COMPLETE) 1089032b6e8SJeffle Xu return -EINVAL; 1099032b6e8SJeffle Xu 1109032b6e8SJeffle Xu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 1119032b6e8SJeffle Xu return -EOPNOTSUPP; 1129032b6e8SJeffle Xu 113*36d845ccSBaokun Li xa_lock(&cache->reqs); 114*36d845ccSBaokun Li req = xas_load(&xas); 115*36d845ccSBaokun Li if (!req || req->msg.opcode != CACHEFILES_OP_READ || 116*36d845ccSBaokun Li req->object != object) { 117*36d845ccSBaokun Li xa_unlock(&cache->reqs); 1189032b6e8SJeffle Xu return -EINVAL; 119*36d845ccSBaokun Li } 120*36d845ccSBaokun Li xas_store(&xas, NULL); 121*36d845ccSBaokun Li xa_unlock(&cache->reqs); 1229032b6e8SJeffle Xu 1231519670eSJeffle Xu trace_cachefiles_ondemand_cread(object, id); 1249032b6e8SJeffle Xu complete(&req->done); 1259032b6e8SJeffle Xu return 0; 1269032b6e8SJeffle Xu } 1279032b6e8SJeffle Xu 128c8383054SJeffle Xu static const struct file_operations cachefiles_ondemand_fd_fops = { 129c8383054SJeffle Xu .owner = THIS_MODULE, 130c8383054SJeffle Xu .release = cachefiles_ondemand_fd_release, 131c8383054SJeffle Xu .write_iter = cachefiles_ondemand_fd_write_iter, 132c8383054SJeffle Xu .llseek = cachefiles_ondemand_fd_llseek, 1339032b6e8SJeffle Xu .unlocked_ioctl = cachefiles_ondemand_fd_ioctl, 134c8383054SJeffle Xu }; 135c8383054SJeffle Xu 136c8383054SJeffle Xu /* 137c8383054SJeffle Xu * OPEN request Completion (copen) 138c8383054SJeffle Xu * - command: "copen <id>,<cache_size>" 139c8383054SJeffle Xu * <cache_size> indicates the object size if >=0, error code if negative 140c8383054SJeffle Xu */ 141c8383054SJeffle Xu int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args) 142c8383054SJeffle Xu { 143c8383054SJeffle Xu struct cachefiles_req *req; 144c8383054SJeffle Xu struct fscache_cookie *cookie; 145e564e48cSBaokun Li struct cachefiles_ondemand_info *info; 146c8383054SJeffle Xu char *pid, *psize; 147c8383054SJeffle Xu unsigned long id; 148c8383054SJeffle Xu long size; 149c8383054SJeffle Xu int ret; 150*36d845ccSBaokun Li XA_STATE(xas, &cache->reqs, 0); 151c8383054SJeffle Xu 152c8383054SJeffle Xu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 153c8383054SJeffle Xu return -EOPNOTSUPP; 154c8383054SJeffle Xu 155c8383054SJeffle Xu if (!*args) { 156c8383054SJeffle Xu pr_err("Empty id specified\n"); 157c8383054SJeffle Xu return -EINVAL; 158c8383054SJeffle Xu } 159c8383054SJeffle Xu 160c8383054SJeffle Xu pid = args; 161c8383054SJeffle Xu psize = strchr(args, ','); 162c8383054SJeffle Xu if (!psize) { 163c8383054SJeffle Xu pr_err("Cache size is not specified\n"); 164c8383054SJeffle Xu return -EINVAL; 165c8383054SJeffle Xu } 166c8383054SJeffle Xu 167c8383054SJeffle Xu *psize = 0; 168c8383054SJeffle Xu psize++; 169c8383054SJeffle Xu 170c8383054SJeffle Xu ret = kstrtoul(pid, 0, &id); 171c8383054SJeffle Xu if (ret) 172c8383054SJeffle Xu return ret; 173c8383054SJeffle Xu 174*36d845ccSBaokun Li xa_lock(&cache->reqs); 175*36d845ccSBaokun Li xas.xa_index = id; 176*36d845ccSBaokun Li req = xas_load(&xas); 177*36d845ccSBaokun Li if (!req || req->msg.opcode != CACHEFILES_OP_OPEN || 178*36d845ccSBaokun Li !req->object->ondemand->ondemand_id) { 179*36d845ccSBaokun Li xa_unlock(&cache->reqs); 180c8383054SJeffle Xu return -EINVAL; 181*36d845ccSBaokun Li } 182*36d845ccSBaokun Li xas_store(&xas, NULL); 183*36d845ccSBaokun Li xa_unlock(&cache->reqs); 184c8383054SJeffle Xu 185c8383054SJeffle Xu /* fail OPEN request if copen format is invalid */ 186c8383054SJeffle Xu ret = kstrtol(psize, 0, &size); 187c8383054SJeffle Xu if (ret) { 188c8383054SJeffle Xu req->error = ret; 189c8383054SJeffle Xu goto out; 190c8383054SJeffle Xu } 191c8383054SJeffle Xu 192c8383054SJeffle Xu /* fail OPEN request if daemon reports an error */ 193c8383054SJeffle Xu if (size < 0) { 194c93ccd63SSun Ke if (!IS_ERR_VALUE(size)) { 195c93ccd63SSun Ke req->error = -EINVAL; 196c93ccd63SSun Ke ret = -EINVAL; 197c93ccd63SSun Ke } else { 198c8383054SJeffle Xu req->error = size; 199c93ccd63SSun Ke ret = 0; 200c93ccd63SSun Ke } 201c8383054SJeffle Xu goto out; 202c8383054SJeffle Xu } 203c8383054SJeffle Xu 204e564e48cSBaokun Li info = req->object->ondemand; 205e564e48cSBaokun Li spin_lock(&info->lock); 206e564e48cSBaokun Li /* 207e564e48cSBaokun Li * The anonymous fd was closed before copen ? Fail the request. 208e564e48cSBaokun Li * 209e564e48cSBaokun Li * t1 | t2 210e564e48cSBaokun Li * --------------------------------------------------------- 211e564e48cSBaokun Li * cachefiles_ondemand_copen 212e564e48cSBaokun Li * req = xa_erase(&cache->reqs, id) 213e564e48cSBaokun Li * // Anon fd is maliciously closed. 214e564e48cSBaokun Li * cachefiles_ondemand_fd_release 215e564e48cSBaokun Li * xa_lock(&cache->reqs) 216e564e48cSBaokun Li * cachefiles_ondemand_set_object_close(object) 217e564e48cSBaokun Li * xa_unlock(&cache->reqs) 218e564e48cSBaokun Li * cachefiles_ondemand_set_object_open 219e564e48cSBaokun Li * // No one will ever close it again. 220e564e48cSBaokun Li * cachefiles_ondemand_daemon_read 221e564e48cSBaokun Li * cachefiles_ondemand_select_req 222e564e48cSBaokun Li * 223e564e48cSBaokun Li * Get a read req but its fd is already closed. The daemon can't 224e564e48cSBaokun Li * issue a cread ioctl with an closed fd, then hung. 225e564e48cSBaokun Li */ 226e564e48cSBaokun Li if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED) { 227e564e48cSBaokun Li spin_unlock(&info->lock); 228e564e48cSBaokun Li req->error = -EBADFD; 229e564e48cSBaokun Li goto out; 230e564e48cSBaokun Li } 231c8383054SJeffle Xu cookie = req->object->cookie; 232c8383054SJeffle Xu cookie->object_size = size; 233c8383054SJeffle Xu if (size) 234c8383054SJeffle Xu clear_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags); 235c8383054SJeffle Xu else 236c8383054SJeffle Xu set_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags); 2371519670eSJeffle Xu trace_cachefiles_ondemand_copen(req->object, id, size); 238c8383054SJeffle Xu 239955190e1SJia Zhu cachefiles_ondemand_set_object_open(req->object); 240e564e48cSBaokun Li spin_unlock(&info->lock); 241f740fd94SJia Zhu wake_up_all(&cache->daemon_pollwq); 242955190e1SJia Zhu 243c8383054SJeffle Xu out: 244c8383054SJeffle Xu complete(&req->done); 245c8383054SJeffle Xu return ret; 246c8383054SJeffle Xu } 247c8383054SJeffle Xu 2489f5fa40fSJia Zhu int cachefiles_ondemand_restore(struct cachefiles_cache *cache, char *args) 2499f5fa40fSJia Zhu { 2509f5fa40fSJia Zhu struct cachefiles_req *req; 2519f5fa40fSJia Zhu 2529f5fa40fSJia Zhu XA_STATE(xas, &cache->reqs, 0); 2539f5fa40fSJia Zhu 2549f5fa40fSJia Zhu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 2559f5fa40fSJia Zhu return -EOPNOTSUPP; 2569f5fa40fSJia Zhu 2579f5fa40fSJia Zhu /* 2589f5fa40fSJia Zhu * Reset the requests to CACHEFILES_REQ_NEW state, so that the 2599f5fa40fSJia Zhu * requests have been processed halfway before the crash of the 2609f5fa40fSJia Zhu * user daemon could be reprocessed after the recovery. 2619f5fa40fSJia Zhu */ 2629f5fa40fSJia Zhu xas_lock(&xas); 2639f5fa40fSJia Zhu xas_for_each(&xas, req, ULONG_MAX) 2649f5fa40fSJia Zhu xas_set_mark(&xas, CACHEFILES_REQ_NEW); 2659f5fa40fSJia Zhu xas_unlock(&xas); 2669f5fa40fSJia Zhu 2679f5fa40fSJia Zhu wake_up_all(&cache->daemon_pollwq); 2689f5fa40fSJia Zhu return 0; 2699f5fa40fSJia Zhu } 2709f5fa40fSJia Zhu 271d2d3eb37SBaokun Li static int cachefiles_ondemand_get_fd(struct cachefiles_req *req, 272d2d3eb37SBaokun Li struct ondemand_anon_file *anon_file) 273c8383054SJeffle Xu { 274c8383054SJeffle Xu struct cachefiles_object *object; 275c8383054SJeffle Xu struct cachefiles_cache *cache; 276c8383054SJeffle Xu struct cachefiles_open *load; 277c8383054SJeffle Xu u32 object_id; 278d2d3eb37SBaokun Li int ret; 279c8383054SJeffle Xu 280c8383054SJeffle Xu object = cachefiles_grab_object(req->object, 281c8383054SJeffle Xu cachefiles_obj_get_ondemand_fd); 282c8383054SJeffle Xu cache = object->volume->cache; 283c8383054SJeffle Xu 284c8383054SJeffle Xu ret = xa_alloc_cyclic(&cache->ondemand_ids, &object_id, NULL, 285c8383054SJeffle Xu XA_LIMIT(1, INT_MAX), 286c8383054SJeffle Xu &cache->ondemand_id_next, GFP_KERNEL); 287c8383054SJeffle Xu if (ret < 0) 288c8383054SJeffle Xu goto err; 289c8383054SJeffle Xu 290d2d3eb37SBaokun Li anon_file->fd = get_unused_fd_flags(O_WRONLY); 291d2d3eb37SBaokun Li if (anon_file->fd < 0) { 292d2d3eb37SBaokun Li ret = anon_file->fd; 293c8383054SJeffle Xu goto err_free_id; 294c8383054SJeffle Xu } 295c8383054SJeffle Xu 296d2d3eb37SBaokun Li anon_file->file = anon_inode_getfile("[cachefiles]", 297d2d3eb37SBaokun Li &cachefiles_ondemand_fd_fops, object, O_WRONLY); 298d2d3eb37SBaokun Li if (IS_ERR(anon_file->file)) { 299d2d3eb37SBaokun Li ret = PTR_ERR(anon_file->file); 300c8383054SJeffle Xu goto err_put_fd; 301c8383054SJeffle Xu } 302c8383054SJeffle Xu 303527db1cbSBaokun Li spin_lock(&object->ondemand->lock); 304527db1cbSBaokun Li if (object->ondemand->ondemand_id > 0) { 305527db1cbSBaokun Li spin_unlock(&object->ondemand->lock); 306527db1cbSBaokun Li /* Pair with check in cachefiles_ondemand_fd_release(). */ 307d2d3eb37SBaokun Li anon_file->file->private_data = NULL; 308527db1cbSBaokun Li ret = -EEXIST; 309527db1cbSBaokun Li goto err_put_file; 310527db1cbSBaokun Li } 311527db1cbSBaokun Li 312d2d3eb37SBaokun Li anon_file->file->f_mode |= FMODE_PWRITE | FMODE_LSEEK; 313c8383054SJeffle Xu 314c8383054SJeffle Xu load = (void *)req->msg.data; 315d2d3eb37SBaokun Li load->fd = anon_file->fd; 31633d21f06SJia Zhu object->ondemand->ondemand_id = object_id; 317527db1cbSBaokun Li spin_unlock(&object->ondemand->lock); 318d11b0b04SJeffle Xu 319d11b0b04SJeffle Xu cachefiles_get_unbind_pincount(cache); 3201519670eSJeffle Xu trace_cachefiles_ondemand_open(object, &req->msg, load); 321c8383054SJeffle Xu return 0; 322c8383054SJeffle Xu 323527db1cbSBaokun Li err_put_file: 324d2d3eb37SBaokun Li fput(anon_file->file); 325d2d3eb37SBaokun Li anon_file->file = NULL; 326c8383054SJeffle Xu err_put_fd: 327d2d3eb37SBaokun Li put_unused_fd(anon_file->fd); 328d2d3eb37SBaokun Li anon_file->fd = ret; 329c8383054SJeffle Xu err_free_id: 330c8383054SJeffle Xu xa_erase(&cache->ondemand_ids, object_id); 331c8383054SJeffle Xu err: 332527db1cbSBaokun Li spin_lock(&object->ondemand->lock); 333527db1cbSBaokun Li /* Avoid marking an opened object as closed. */ 334527db1cbSBaokun Li if (object->ondemand->ondemand_id <= 0) 335527db1cbSBaokun Li cachefiles_ondemand_set_object_close(object); 336527db1cbSBaokun Li spin_unlock(&object->ondemand->lock); 337c8383054SJeffle Xu cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd); 338c8383054SJeffle Xu return ret; 339c8383054SJeffle Xu } 340c8383054SJeffle Xu 341f740fd94SJia Zhu static void ondemand_object_worker(struct work_struct *work) 342f740fd94SJia Zhu { 343f740fd94SJia Zhu struct cachefiles_ondemand_info *info = 344f740fd94SJia Zhu container_of(work, struct cachefiles_ondemand_info, ondemand_work); 345f740fd94SJia Zhu 346f740fd94SJia Zhu cachefiles_ondemand_init_object(info->object); 347f740fd94SJia Zhu } 348f740fd94SJia Zhu 349f740fd94SJia Zhu /* 350f740fd94SJia Zhu * If there are any inflight or subsequent READ requests on the 351f740fd94SJia Zhu * closed object, reopen it. 352f740fd94SJia Zhu * Skip read requests whose related object is reopening. 353f740fd94SJia Zhu */ 354f740fd94SJia Zhu static struct cachefiles_req *cachefiles_ondemand_select_req(struct xa_state *xas, 355f740fd94SJia Zhu unsigned long xa_max) 356f740fd94SJia Zhu { 357f740fd94SJia Zhu struct cachefiles_req *req; 358f740fd94SJia Zhu struct cachefiles_object *object; 359f740fd94SJia Zhu struct cachefiles_ondemand_info *info; 360f740fd94SJia Zhu 361f740fd94SJia Zhu xas_for_each_marked(xas, req, xa_max, CACHEFILES_REQ_NEW) { 362f740fd94SJia Zhu if (req->msg.opcode != CACHEFILES_OP_READ) 363f740fd94SJia Zhu return req; 364f740fd94SJia Zhu object = req->object; 365f740fd94SJia Zhu info = object->ondemand; 366f740fd94SJia Zhu if (cachefiles_ondemand_object_is_close(object)) { 367f740fd94SJia Zhu cachefiles_ondemand_set_object_reopening(object); 368f740fd94SJia Zhu queue_work(fscache_wq, &info->ondemand_work); 369f740fd94SJia Zhu continue; 370f740fd94SJia Zhu } 371f740fd94SJia Zhu if (cachefiles_ondemand_object_is_reopening(object)) 372f740fd94SJia Zhu continue; 373f740fd94SJia Zhu return req; 374f740fd94SJia Zhu } 375f740fd94SJia Zhu return NULL; 376f740fd94SJia Zhu } 377f740fd94SJia Zhu 378c8383054SJeffle Xu ssize_t cachefiles_ondemand_daemon_read(struct cachefiles_cache *cache, 379c8383054SJeffle Xu char __user *_buffer, size_t buflen) 380c8383054SJeffle Xu { 381c8383054SJeffle Xu struct cachefiles_req *req; 382c8383054SJeffle Xu struct cachefiles_msg *msg; 383c8383054SJeffle Xu size_t n; 384c8383054SJeffle Xu int ret = 0; 385d2d3eb37SBaokun Li struct ondemand_anon_file anon_file; 3861122f400SXin Yin XA_STATE(xas, &cache->reqs, cache->req_id_next); 387c8383054SJeffle Xu 388f740fd94SJia Zhu xa_lock(&cache->reqs); 389c8383054SJeffle Xu /* 3901122f400SXin Yin * Cyclically search for a request that has not ever been processed, 3911122f400SXin Yin * to prevent requests from being processed repeatedly, and make 3921122f400SXin Yin * request distribution fair. 393c8383054SJeffle Xu */ 394f740fd94SJia Zhu req = cachefiles_ondemand_select_req(&xas, ULONG_MAX); 3951122f400SXin Yin if (!req && cache->req_id_next > 0) { 3961122f400SXin Yin xas_set(&xas, 0); 397f740fd94SJia Zhu req = cachefiles_ondemand_select_req(&xas, cache->req_id_next - 1); 3981122f400SXin Yin } 399c8383054SJeffle Xu if (!req) { 400c8383054SJeffle Xu xa_unlock(&cache->reqs); 401c8383054SJeffle Xu return 0; 402c8383054SJeffle Xu } 403c8383054SJeffle Xu 404c8383054SJeffle Xu msg = &req->msg; 405c8383054SJeffle Xu n = msg->len; 406c8383054SJeffle Xu 407c8383054SJeffle Xu if (n > buflen) { 408c8383054SJeffle Xu xa_unlock(&cache->reqs); 409c8383054SJeffle Xu return -EMSGSIZE; 410c8383054SJeffle Xu } 411c8383054SJeffle Xu 412c8383054SJeffle Xu xas_clear_mark(&xas, CACHEFILES_REQ_NEW); 4131122f400SXin Yin cache->req_id_next = xas.xa_index + 1; 414a6de8276SBaokun Li refcount_inc(&req->ref); 4153958679cSBaokun Li cachefiles_grab_object(req->object, cachefiles_obj_get_read_req); 416c8383054SJeffle Xu xa_unlock(&cache->reqs); 417c8383054SJeffle Xu 418c8383054SJeffle Xu if (msg->opcode == CACHEFILES_OP_OPEN) { 419d2d3eb37SBaokun Li ret = cachefiles_ondemand_get_fd(req, &anon_file); 420527db1cbSBaokun Li if (ret) 4211d95e501SBaokun Li goto out; 422c8383054SJeffle Xu } 423f740fd94SJia Zhu 4241d95e501SBaokun Li msg->msg_id = xas.xa_index; 425f740fd94SJia Zhu msg->object_id = req->object->ondemand->ondemand_id; 426c8383054SJeffle Xu 427d2d3eb37SBaokun Li if (copy_to_user(_buffer, msg, n) != 0) 428c8383054SJeffle Xu ret = -EFAULT; 429d2d3eb37SBaokun Li 430d2d3eb37SBaokun Li if (msg->opcode == CACHEFILES_OP_OPEN) { 431d2d3eb37SBaokun Li if (ret < 0) { 432d2d3eb37SBaokun Li fput(anon_file.file); 433d2d3eb37SBaokun Li put_unused_fd(anon_file.fd); 434d2d3eb37SBaokun Li goto out; 435d2d3eb37SBaokun Li } 436d2d3eb37SBaokun Li fd_install(anon_file.fd, anon_file.file); 4371d95e501SBaokun Li } 4381d95e501SBaokun Li out: 4393958679cSBaokun Li cachefiles_put_object(req->object, cachefiles_obj_put_read_req); 4401d95e501SBaokun Li /* Remove error request and CLOSE request has no reply */ 4411d95e501SBaokun Li if (ret || msg->opcode == CACHEFILES_OP_CLOSE) { 442a6de8276SBaokun Li xas_reset(&xas); 443a6de8276SBaokun Li xas_lock(&xas); 444a6de8276SBaokun Li if (xas_load(&xas) == req) { 445c8383054SJeffle Xu req->error = ret; 446c8383054SJeffle Xu complete(&req->done); 447a6de8276SBaokun Li xas_store(&xas, NULL); 448a6de8276SBaokun Li } 449a6de8276SBaokun Li xas_unlock(&xas); 4501d95e501SBaokun Li } 451a6de8276SBaokun Li cachefiles_req_put(req); 4521d95e501SBaokun Li return ret ? ret : n; 453c8383054SJeffle Xu } 454c8383054SJeffle Xu 455c8383054SJeffle Xu typedef int (*init_req_fn)(struct cachefiles_req *req, void *private); 456c8383054SJeffle Xu 457c8383054SJeffle Xu static int cachefiles_ondemand_send_req(struct cachefiles_object *object, 458c8383054SJeffle Xu enum cachefiles_opcode opcode, 459c8383054SJeffle Xu size_t data_len, 460c8383054SJeffle Xu init_req_fn init_req, 461c8383054SJeffle Xu void *private) 462c8383054SJeffle Xu { 463c8383054SJeffle Xu struct cachefiles_cache *cache = object->volume->cache; 464f740fd94SJia Zhu struct cachefiles_req *req = NULL; 465c8383054SJeffle Xu XA_STATE(xas, &cache->reqs, 0); 466c8383054SJeffle Xu int ret; 467c8383054SJeffle Xu 468c8383054SJeffle Xu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 469c8383054SJeffle Xu return 0; 470c8383054SJeffle Xu 471f740fd94SJia Zhu if (test_bit(CACHEFILES_DEAD, &cache->flags)) { 472f740fd94SJia Zhu ret = -EIO; 473f740fd94SJia Zhu goto out; 474f740fd94SJia Zhu } 475c8383054SJeffle Xu 476c8383054SJeffle Xu req = kzalloc(sizeof(*req) + data_len, GFP_KERNEL); 477f740fd94SJia Zhu if (!req) { 478f740fd94SJia Zhu ret = -ENOMEM; 479f740fd94SJia Zhu goto out; 480f740fd94SJia Zhu } 481c8383054SJeffle Xu 482a6de8276SBaokun Li refcount_set(&req->ref, 1); 483c8383054SJeffle Xu req->object = object; 484c8383054SJeffle Xu init_completion(&req->done); 485c8383054SJeffle Xu req->msg.opcode = opcode; 486c8383054SJeffle Xu req->msg.len = sizeof(struct cachefiles_msg) + data_len; 487c8383054SJeffle Xu 488c8383054SJeffle Xu ret = init_req(req, private); 489c8383054SJeffle Xu if (ret) 490c8383054SJeffle Xu goto out; 491c8383054SJeffle Xu 492c8383054SJeffle Xu do { 493c8383054SJeffle Xu /* 494c8383054SJeffle Xu * Stop enqueuing the request when daemon is dying. The 495c8383054SJeffle Xu * following two operations need to be atomic as a whole. 496c8383054SJeffle Xu * 1) check cache state, and 497c8383054SJeffle Xu * 2) enqueue request if cache is alive. 498c8383054SJeffle Xu * Otherwise the request may be enqueued after xarray has been 499c8383054SJeffle Xu * flushed, leaving the orphan request never being completed. 500c8383054SJeffle Xu * 501c8383054SJeffle Xu * CPU 1 CPU 2 502c8383054SJeffle Xu * ===== ===== 503c8383054SJeffle Xu * test CACHEFILES_DEAD bit 504c8383054SJeffle Xu * set CACHEFILES_DEAD bit 505c8383054SJeffle Xu * flush requests in the xarray 506c8383054SJeffle Xu * enqueue the request 507c8383054SJeffle Xu */ 508c8383054SJeffle Xu xas_lock(&xas); 509c8383054SJeffle Xu 51032e0a9a7SBaokun Li if (test_bit(CACHEFILES_DEAD, &cache->flags) || 51132e0a9a7SBaokun Li cachefiles_ondemand_object_is_dropping(object)) { 512c8383054SJeffle Xu xas_unlock(&xas); 513c8383054SJeffle Xu ret = -EIO; 514c8383054SJeffle Xu goto out; 515c8383054SJeffle Xu } 516c8383054SJeffle Xu 517c8383054SJeffle Xu /* coupled with the barrier in cachefiles_flush_reqs() */ 518c8383054SJeffle Xu smp_mb(); 519c8383054SJeffle Xu 520f740fd94SJia Zhu if (opcode == CACHEFILES_OP_CLOSE && 521955190e1SJia Zhu !cachefiles_ondemand_object_is_open(object)) { 52233d21f06SJia Zhu WARN_ON_ONCE(object->ondemand->ondemand_id == 0); 523324b954aSJeffle Xu xas_unlock(&xas); 524324b954aSJeffle Xu ret = -EIO; 525324b954aSJeffle Xu goto out; 526324b954aSJeffle Xu } 527324b954aSJeffle Xu 528de045a82SBaokun Li /* 529de045a82SBaokun Li * Cyclically find a free xas to avoid msg_id reuse that would 530de045a82SBaokun Li * cause the daemon to successfully copen a stale msg_id. 531de045a82SBaokun Li */ 532de045a82SBaokun Li xas.xa_index = cache->msg_id_next; 533c8383054SJeffle Xu xas_find_marked(&xas, UINT_MAX, XA_FREE_MARK); 534de045a82SBaokun Li if (xas.xa_node == XAS_RESTART) { 535de045a82SBaokun Li xas.xa_index = 0; 536de045a82SBaokun Li xas_find_marked(&xas, cache->msg_id_next - 1, XA_FREE_MARK); 537de045a82SBaokun Li } 538c8383054SJeffle Xu if (xas.xa_node == XAS_RESTART) 539c8383054SJeffle Xu xas_set_err(&xas, -EBUSY); 540de045a82SBaokun Li 541c8383054SJeffle Xu xas_store(&xas, req); 542de045a82SBaokun Li if (xas_valid(&xas)) { 543de045a82SBaokun Li cache->msg_id_next = xas.xa_index + 1; 544c8383054SJeffle Xu xas_clear_mark(&xas, XA_FREE_MARK); 545c8383054SJeffle Xu xas_set_mark(&xas, CACHEFILES_REQ_NEW); 546de045a82SBaokun Li } 547c8383054SJeffle Xu xas_unlock(&xas); 548c8383054SJeffle Xu } while (xas_nomem(&xas, GFP_KERNEL)); 549c8383054SJeffle Xu 550c8383054SJeffle Xu ret = xas_error(&xas); 551c8383054SJeffle Xu if (ret) 552c8383054SJeffle Xu goto out; 553c8383054SJeffle Xu 554c8383054SJeffle Xu wake_up_all(&cache->daemon_pollwq); 555c8383054SJeffle Xu wait_for_completion(&req->done); 556c8383054SJeffle Xu ret = req->error; 557a6de8276SBaokun Li cachefiles_req_put(req); 558f740fd94SJia Zhu return ret; 559c8383054SJeffle Xu out: 560f740fd94SJia Zhu /* Reset the object to close state in error handling path. 561f740fd94SJia Zhu * If error occurs after creating the anonymous fd, 562f740fd94SJia Zhu * cachefiles_ondemand_fd_release() will set object to close. 563f740fd94SJia Zhu */ 56432e0a9a7SBaokun Li if (opcode == CACHEFILES_OP_OPEN && 56532e0a9a7SBaokun Li !cachefiles_ondemand_object_is_dropping(object)) 566f740fd94SJia Zhu cachefiles_ondemand_set_object_close(object); 567c8383054SJeffle Xu kfree(req); 568c8383054SJeffle Xu return ret; 569c8383054SJeffle Xu } 570c8383054SJeffle Xu 571c8383054SJeffle Xu static int cachefiles_ondemand_init_open_req(struct cachefiles_req *req, 572c8383054SJeffle Xu void *private) 573c8383054SJeffle Xu { 574c8383054SJeffle Xu struct cachefiles_object *object = req->object; 575c8383054SJeffle Xu struct fscache_cookie *cookie = object->cookie; 576c8383054SJeffle Xu struct fscache_volume *volume = object->volume->vcookie; 577c8383054SJeffle Xu struct cachefiles_open *load = (void *)req->msg.data; 578c8383054SJeffle Xu size_t volume_key_size, cookie_key_size; 579c8383054SJeffle Xu void *volume_key, *cookie_key; 580c8383054SJeffle Xu 581c8383054SJeffle Xu /* 582c8383054SJeffle Xu * Volume key is a NUL-terminated string. key[0] stores strlen() of the 583c8383054SJeffle Xu * string, followed by the content of the string (excluding '\0'). 584c8383054SJeffle Xu */ 585c8383054SJeffle Xu volume_key_size = volume->key[0] + 1; 586c8383054SJeffle Xu volume_key = volume->key + 1; 587c8383054SJeffle Xu 588c8383054SJeffle Xu /* Cookie key is binary data, which is netfs specific. */ 589c8383054SJeffle Xu cookie_key_size = cookie->key_len; 590c8383054SJeffle Xu cookie_key = fscache_get_key(cookie); 591c8383054SJeffle Xu 592c8383054SJeffle Xu if (!(object->cookie->advice & FSCACHE_ADV_WANT_CACHE_SIZE)) { 593c8383054SJeffle Xu pr_err("WANT_CACHE_SIZE is needed for on-demand mode\n"); 594c8383054SJeffle Xu return -EINVAL; 595c8383054SJeffle Xu } 596c8383054SJeffle Xu 597c8383054SJeffle Xu load->volume_key_size = volume_key_size; 598c8383054SJeffle Xu load->cookie_key_size = cookie_key_size; 599c8383054SJeffle Xu memcpy(load->data, volume_key, volume_key_size); 600c8383054SJeffle Xu memcpy(load->data + volume_key_size, cookie_key, cookie_key_size); 601c8383054SJeffle Xu 602c8383054SJeffle Xu return 0; 603c8383054SJeffle Xu } 604c8383054SJeffle Xu 605324b954aSJeffle Xu static int cachefiles_ondemand_init_close_req(struct cachefiles_req *req, 606324b954aSJeffle Xu void *private) 607324b954aSJeffle Xu { 608324b954aSJeffle Xu struct cachefiles_object *object = req->object; 609324b954aSJeffle Xu 610955190e1SJia Zhu if (!cachefiles_ondemand_object_is_open(object)) 611324b954aSJeffle Xu return -ENOENT; 612324b954aSJeffle Xu 6131519670eSJeffle Xu trace_cachefiles_ondemand_close(object, &req->msg); 614324b954aSJeffle Xu return 0; 615324b954aSJeffle Xu } 616324b954aSJeffle Xu 6179032b6e8SJeffle Xu struct cachefiles_read_ctx { 6189032b6e8SJeffle Xu loff_t off; 6199032b6e8SJeffle Xu size_t len; 6209032b6e8SJeffle Xu }; 6219032b6e8SJeffle Xu 6229032b6e8SJeffle Xu static int cachefiles_ondemand_init_read_req(struct cachefiles_req *req, 6239032b6e8SJeffle Xu void *private) 6249032b6e8SJeffle Xu { 6259032b6e8SJeffle Xu struct cachefiles_object *object = req->object; 6269032b6e8SJeffle Xu struct cachefiles_read *load = (void *)req->msg.data; 6279032b6e8SJeffle Xu struct cachefiles_read_ctx *read_ctx = private; 6289032b6e8SJeffle Xu 6299032b6e8SJeffle Xu load->off = read_ctx->off; 6309032b6e8SJeffle Xu load->len = read_ctx->len; 6311519670eSJeffle Xu trace_cachefiles_ondemand_read(object, &req->msg, load); 6329032b6e8SJeffle Xu return 0; 6339032b6e8SJeffle Xu } 6349032b6e8SJeffle Xu 635c8383054SJeffle Xu int cachefiles_ondemand_init_object(struct cachefiles_object *object) 636c8383054SJeffle Xu { 637c8383054SJeffle Xu struct fscache_cookie *cookie = object->cookie; 638c8383054SJeffle Xu struct fscache_volume *volume = object->volume->vcookie; 639c8383054SJeffle Xu size_t volume_key_size, cookie_key_size, data_len; 640c8383054SJeffle Xu 6418a73c08eSDavid Howells if (!object->ondemand) 6428a73c08eSDavid Howells return 0; 6438a73c08eSDavid Howells 644c8383054SJeffle Xu /* 645c8383054SJeffle Xu * CacheFiles will firstly check the cache file under the root cache 646c8383054SJeffle Xu * directory. If the coherency check failed, it will fallback to 647c8383054SJeffle Xu * creating a new tmpfile as the cache file. Reuse the previously 648c8383054SJeffle Xu * allocated object ID if any. 649c8383054SJeffle Xu */ 650955190e1SJia Zhu if (cachefiles_ondemand_object_is_open(object)) 651c8383054SJeffle Xu return 0; 652c8383054SJeffle Xu 653c8383054SJeffle Xu volume_key_size = volume->key[0] + 1; 654c8383054SJeffle Xu cookie_key_size = cookie->key_len; 655c8383054SJeffle Xu data_len = sizeof(struct cachefiles_open) + 656c8383054SJeffle Xu volume_key_size + cookie_key_size; 657c8383054SJeffle Xu 658c8383054SJeffle Xu return cachefiles_ondemand_send_req(object, CACHEFILES_OP_OPEN, 659c8383054SJeffle Xu data_len, cachefiles_ondemand_init_open_req, NULL); 660c8383054SJeffle Xu } 661324b954aSJeffle Xu 662324b954aSJeffle Xu void cachefiles_ondemand_clean_object(struct cachefiles_object *object) 663324b954aSJeffle Xu { 664ed60c1a8SBaokun Li unsigned long index; 665ed60c1a8SBaokun Li struct cachefiles_req *req; 666ed60c1a8SBaokun Li struct cachefiles_cache *cache; 667ed60c1a8SBaokun Li 66832e0a9a7SBaokun Li if (!object->ondemand) 66932e0a9a7SBaokun Li return; 67032e0a9a7SBaokun Li 671324b954aSJeffle Xu cachefiles_ondemand_send_req(object, CACHEFILES_OP_CLOSE, 0, 672324b954aSJeffle Xu cachefiles_ondemand_init_close_req, NULL); 673ed60c1a8SBaokun Li 674ed60c1a8SBaokun Li if (!object->ondemand->ondemand_id) 675ed60c1a8SBaokun Li return; 676ed60c1a8SBaokun Li 677ed60c1a8SBaokun Li /* Cancel all requests for the object that is being dropped. */ 678ed60c1a8SBaokun Li cache = object->volume->cache; 679ed60c1a8SBaokun Li xa_lock(&cache->reqs); 68032e0a9a7SBaokun Li cachefiles_ondemand_set_object_dropping(object); 681ed60c1a8SBaokun Li xa_for_each(&cache->reqs, index, req) { 682ed60c1a8SBaokun Li if (req->object == object) { 683ed60c1a8SBaokun Li req->error = -EIO; 684ed60c1a8SBaokun Li complete(&req->done); 685ed60c1a8SBaokun Li __xa_erase(&cache->reqs, index); 686ed60c1a8SBaokun Li } 687ed60c1a8SBaokun Li } 688ed60c1a8SBaokun Li xa_unlock(&cache->reqs); 689d3179baeSHou Tao 690d3179baeSHou Tao /* Wait for ondemand_object_worker() to finish to avoid UAF. */ 691d3179baeSHou Tao cancel_work_sync(&object->ondemand->ondemand_work); 692324b954aSJeffle Xu } 6939032b6e8SJeffle Xu 69433d21f06SJia Zhu int cachefiles_ondemand_init_obj_info(struct cachefiles_object *object, 69533d21f06SJia Zhu struct cachefiles_volume *volume) 69633d21f06SJia Zhu { 69733d21f06SJia Zhu if (!cachefiles_in_ondemand_mode(volume->cache)) 69833d21f06SJia Zhu return 0; 69933d21f06SJia Zhu 70033d21f06SJia Zhu object->ondemand = kzalloc(sizeof(struct cachefiles_ondemand_info), 70133d21f06SJia Zhu GFP_KERNEL); 70233d21f06SJia Zhu if (!object->ondemand) 70333d21f06SJia Zhu return -ENOMEM; 70433d21f06SJia Zhu 70533d21f06SJia Zhu object->ondemand->object = object; 706e564e48cSBaokun Li spin_lock_init(&object->ondemand->lock); 707f740fd94SJia Zhu INIT_WORK(&object->ondemand->ondemand_work, ondemand_object_worker); 70833d21f06SJia Zhu return 0; 70933d21f06SJia Zhu } 71033d21f06SJia Zhu 71133d21f06SJia Zhu void cachefiles_ondemand_deinit_obj_info(struct cachefiles_object *object) 71233d21f06SJia Zhu { 71333d21f06SJia Zhu kfree(object->ondemand); 71433d21f06SJia Zhu object->ondemand = NULL; 71533d21f06SJia Zhu } 71633d21f06SJia Zhu 7179032b6e8SJeffle Xu int cachefiles_ondemand_read(struct cachefiles_object *object, 7189032b6e8SJeffle Xu loff_t pos, size_t len) 7199032b6e8SJeffle Xu { 7209032b6e8SJeffle Xu struct cachefiles_read_ctx read_ctx = {pos, len}; 7219032b6e8SJeffle Xu 7229032b6e8SJeffle Xu return cachefiles_ondemand_send_req(object, CACHEFILES_OP_READ, 7239032b6e8SJeffle Xu sizeof(struct cachefiles_read), 7249032b6e8SJeffle Xu cachefiles_ondemand_init_read_req, &read_ctx); 7259032b6e8SJeffle Xu } 726