1c8383054SJeffle Xu // SPDX-License-Identifier: GPL-2.0-or-later 2c8383054SJeffle Xu #include <linux/fdtable.h> 3c8383054SJeffle Xu #include <linux/anon_inodes.h> 4c8383054SJeffle Xu #include <linux/uio.h> 5c8383054SJeffle Xu #include "internal.h" 6c8383054SJeffle Xu 7d2d3eb37SBaokun Li struct ondemand_anon_file { 8d2d3eb37SBaokun Li struct file *file; 9d2d3eb37SBaokun Li int fd; 10d2d3eb37SBaokun Li }; 11d2d3eb37SBaokun Li 12a6de8276SBaokun Li static inline void cachefiles_req_put(struct cachefiles_req *req) 13a6de8276SBaokun Li { 14a6de8276SBaokun Li if (refcount_dec_and_test(&req->ref)) 15a6de8276SBaokun Li kfree(req); 16a6de8276SBaokun Li } 17a6de8276SBaokun Li 18c8383054SJeffle Xu static int cachefiles_ondemand_fd_release(struct inode *inode, 19c8383054SJeffle Xu struct file *file) 20c8383054SJeffle Xu { 21c8383054SJeffle Xu struct cachefiles_object *object = file->private_data; 22527db1cbSBaokun Li struct cachefiles_cache *cache; 23527db1cbSBaokun Li struct cachefiles_ondemand_info *info; 24e564e48cSBaokun Li int object_id; 259032b6e8SJeffle Xu struct cachefiles_req *req; 26527db1cbSBaokun Li XA_STATE(xas, NULL, 0); 27527db1cbSBaokun Li 28527db1cbSBaokun Li if (!object) 29527db1cbSBaokun Li return 0; 30527db1cbSBaokun Li 31527db1cbSBaokun Li info = object->ondemand; 32527db1cbSBaokun Li cache = object->volume->cache; 33527db1cbSBaokun Li xas.xa = &cache->reqs; 34c8383054SJeffle Xu 359032b6e8SJeffle Xu xa_lock(&cache->reqs); 36e564e48cSBaokun Li spin_lock(&info->lock); 37e564e48cSBaokun Li object_id = info->ondemand_id; 3833d21f06SJia Zhu info->ondemand_id = CACHEFILES_ONDEMAND_ID_CLOSED; 39955190e1SJia Zhu cachefiles_ondemand_set_object_close(object); 40e564e48cSBaokun Li spin_unlock(&info->lock); 419032b6e8SJeffle Xu 42f740fd94SJia Zhu /* Only flush CACHEFILES_REQ_NEW marked req to avoid race with daemon_read */ 43f740fd94SJia Zhu xas_for_each_marked(&xas, req, ULONG_MAX, CACHEFILES_REQ_NEW) { 4465aa5f6fSJia Zhu if (req->msg.object_id == object_id && 45f740fd94SJia Zhu req->msg.opcode == CACHEFILES_OP_CLOSE) { 469032b6e8SJeffle Xu complete(&req->done); 479032b6e8SJeffle Xu xas_store(&xas, NULL); 489032b6e8SJeffle Xu } 499032b6e8SJeffle Xu } 509032b6e8SJeffle Xu xa_unlock(&cache->reqs); 519032b6e8SJeffle Xu 52c8383054SJeffle Xu xa_erase(&cache->ondemand_ids, object_id); 531519670eSJeffle Xu trace_cachefiles_ondemand_fd_release(object, object_id); 54c8383054SJeffle Xu cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd); 55d11b0b04SJeffle Xu cachefiles_put_unbind_pincount(cache); 56c8383054SJeffle Xu return 0; 57c8383054SJeffle Xu } 58c8383054SJeffle Xu 59c8383054SJeffle Xu static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb, 60c8383054SJeffle Xu struct iov_iter *iter) 61c8383054SJeffle Xu { 62c8383054SJeffle Xu struct cachefiles_object *object = kiocb->ki_filp->private_data; 63c8383054SJeffle Xu struct cachefiles_cache *cache = object->volume->cache; 64c8383054SJeffle Xu struct file *file = object->file; 65c8383054SJeffle Xu size_t len = iter->count; 66c8383054SJeffle Xu loff_t pos = kiocb->ki_pos; 67c8383054SJeffle Xu const struct cred *saved_cred; 68c8383054SJeffle Xu int ret; 69c8383054SJeffle Xu 70c8383054SJeffle Xu if (!file) 71c8383054SJeffle Xu return -ENOBUFS; 72c8383054SJeffle Xu 73c8383054SJeffle Xu cachefiles_begin_secure(cache, &saved_cred); 74c8383054SJeffle Xu ret = __cachefiles_prepare_write(object, file, &pos, &len, true); 75c8383054SJeffle Xu cachefiles_end_secure(cache, saved_cred); 76c8383054SJeffle Xu if (ret < 0) 77c8383054SJeffle Xu return ret; 78c8383054SJeffle Xu 791519670eSJeffle Xu trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len); 80c8383054SJeffle Xu ret = __cachefiles_write(object, file, pos, iter, NULL, NULL); 81c8383054SJeffle Xu if (!ret) 82c8383054SJeffle Xu ret = len; 83c8383054SJeffle Xu 84c8383054SJeffle Xu return ret; 85c8383054SJeffle Xu } 86c8383054SJeffle Xu 87c8383054SJeffle Xu static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos, 88c8383054SJeffle Xu int whence) 89c8383054SJeffle Xu { 90c8383054SJeffle Xu struct cachefiles_object *object = filp->private_data; 91c8383054SJeffle Xu struct file *file = object->file; 92c8383054SJeffle Xu 93c8383054SJeffle Xu if (!file) 94c8383054SJeffle Xu return -ENOBUFS; 95c8383054SJeffle Xu 96c8383054SJeffle Xu return vfs_llseek(file, pos, whence); 97c8383054SJeffle Xu } 98c8383054SJeffle Xu 999032b6e8SJeffle Xu static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl, 10036d845ccSBaokun Li unsigned long id) 1019032b6e8SJeffle Xu { 1029032b6e8SJeffle Xu struct cachefiles_object *object = filp->private_data; 1039032b6e8SJeffle Xu struct cachefiles_cache *cache = object->volume->cache; 1049032b6e8SJeffle Xu struct cachefiles_req *req; 10536d845ccSBaokun Li XA_STATE(xas, &cache->reqs, id); 1069032b6e8SJeffle Xu 1079032b6e8SJeffle Xu if (ioctl != CACHEFILES_IOC_READ_COMPLETE) 1089032b6e8SJeffle Xu return -EINVAL; 1099032b6e8SJeffle Xu 1109032b6e8SJeffle Xu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 1119032b6e8SJeffle Xu return -EOPNOTSUPP; 1129032b6e8SJeffle Xu 11336d845ccSBaokun Li xa_lock(&cache->reqs); 11436d845ccSBaokun Li req = xas_load(&xas); 11536d845ccSBaokun Li if (!req || req->msg.opcode != CACHEFILES_OP_READ || 11636d845ccSBaokun Li req->object != object) { 11736d845ccSBaokun Li xa_unlock(&cache->reqs); 1189032b6e8SJeffle Xu return -EINVAL; 11936d845ccSBaokun Li } 12036d845ccSBaokun Li xas_store(&xas, NULL); 12136d845ccSBaokun Li xa_unlock(&cache->reqs); 1229032b6e8SJeffle Xu 1231519670eSJeffle Xu trace_cachefiles_ondemand_cread(object, id); 1249032b6e8SJeffle Xu complete(&req->done); 1259032b6e8SJeffle Xu return 0; 1269032b6e8SJeffle Xu } 1279032b6e8SJeffle Xu 128c8383054SJeffle Xu static const struct file_operations cachefiles_ondemand_fd_fops = { 129c8383054SJeffle Xu .owner = THIS_MODULE, 130c8383054SJeffle Xu .release = cachefiles_ondemand_fd_release, 131c8383054SJeffle Xu .write_iter = cachefiles_ondemand_fd_write_iter, 132c8383054SJeffle Xu .llseek = cachefiles_ondemand_fd_llseek, 1339032b6e8SJeffle Xu .unlocked_ioctl = cachefiles_ondemand_fd_ioctl, 134c8383054SJeffle Xu }; 135c8383054SJeffle Xu 136c8383054SJeffle Xu /* 137c8383054SJeffle Xu * OPEN request Completion (copen) 138c8383054SJeffle Xu * - command: "copen <id>,<cache_size>" 139c8383054SJeffle Xu * <cache_size> indicates the object size if >=0, error code if negative 140c8383054SJeffle Xu */ 141c8383054SJeffle Xu int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args) 142c8383054SJeffle Xu { 143c8383054SJeffle Xu struct cachefiles_req *req; 144c8383054SJeffle Xu struct fscache_cookie *cookie; 145e564e48cSBaokun Li struct cachefiles_ondemand_info *info; 146c8383054SJeffle Xu char *pid, *psize; 147c8383054SJeffle Xu unsigned long id; 148c8383054SJeffle Xu long size; 149c8383054SJeffle Xu int ret; 15036d845ccSBaokun Li XA_STATE(xas, &cache->reqs, 0); 151c8383054SJeffle Xu 152c8383054SJeffle Xu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 153c8383054SJeffle Xu return -EOPNOTSUPP; 154c8383054SJeffle Xu 155c8383054SJeffle Xu if (!*args) { 156c8383054SJeffle Xu pr_err("Empty id specified\n"); 157c8383054SJeffle Xu return -EINVAL; 158c8383054SJeffle Xu } 159c8383054SJeffle Xu 160c8383054SJeffle Xu pid = args; 161c8383054SJeffle Xu psize = strchr(args, ','); 162c8383054SJeffle Xu if (!psize) { 163c8383054SJeffle Xu pr_err("Cache size is not specified\n"); 164c8383054SJeffle Xu return -EINVAL; 165c8383054SJeffle Xu } 166c8383054SJeffle Xu 167c8383054SJeffle Xu *psize = 0; 168c8383054SJeffle Xu psize++; 169c8383054SJeffle Xu 170c8383054SJeffle Xu ret = kstrtoul(pid, 0, &id); 171c8383054SJeffle Xu if (ret) 172c8383054SJeffle Xu return ret; 173c8383054SJeffle Xu 17436d845ccSBaokun Li xa_lock(&cache->reqs); 17536d845ccSBaokun Li xas.xa_index = id; 17636d845ccSBaokun Li req = xas_load(&xas); 17736d845ccSBaokun Li if (!req || req->msg.opcode != CACHEFILES_OP_OPEN || 17836d845ccSBaokun Li !req->object->ondemand->ondemand_id) { 17936d845ccSBaokun Li xa_unlock(&cache->reqs); 180c8383054SJeffle Xu return -EINVAL; 18136d845ccSBaokun Li } 18236d845ccSBaokun Li xas_store(&xas, NULL); 18336d845ccSBaokun Li xa_unlock(&cache->reqs); 184c8383054SJeffle Xu 185*c32ee78fSZizhi Wo info = req->object->ondemand; 186c8383054SJeffle Xu /* fail OPEN request if copen format is invalid */ 187c8383054SJeffle Xu ret = kstrtol(psize, 0, &size); 188c8383054SJeffle Xu if (ret) { 189c8383054SJeffle Xu req->error = ret; 190c8383054SJeffle Xu goto out; 191c8383054SJeffle Xu } 192c8383054SJeffle Xu 193c8383054SJeffle Xu /* fail OPEN request if daemon reports an error */ 194c8383054SJeffle Xu if (size < 0) { 195c93ccd63SSun Ke if (!IS_ERR_VALUE(size)) { 196c93ccd63SSun Ke req->error = -EINVAL; 197c93ccd63SSun Ke ret = -EINVAL; 198c93ccd63SSun Ke } else { 199c8383054SJeffle Xu req->error = size; 200c93ccd63SSun Ke ret = 0; 201c93ccd63SSun Ke } 202c8383054SJeffle Xu goto out; 203c8383054SJeffle Xu } 204c8383054SJeffle Xu 205e564e48cSBaokun Li spin_lock(&info->lock); 206e564e48cSBaokun Li /* 207e564e48cSBaokun Li * The anonymous fd was closed before copen ? Fail the request. 208e564e48cSBaokun Li * 209e564e48cSBaokun Li * t1 | t2 210e564e48cSBaokun Li * --------------------------------------------------------- 211e564e48cSBaokun Li * cachefiles_ondemand_copen 212e564e48cSBaokun Li * req = xa_erase(&cache->reqs, id) 213e564e48cSBaokun Li * // Anon fd is maliciously closed. 214e564e48cSBaokun Li * cachefiles_ondemand_fd_release 215e564e48cSBaokun Li * xa_lock(&cache->reqs) 216e564e48cSBaokun Li * cachefiles_ondemand_set_object_close(object) 217e564e48cSBaokun Li * xa_unlock(&cache->reqs) 218e564e48cSBaokun Li * cachefiles_ondemand_set_object_open 219e564e48cSBaokun Li * // No one will ever close it again. 220e564e48cSBaokun Li * cachefiles_ondemand_daemon_read 221e564e48cSBaokun Li * cachefiles_ondemand_select_req 222e564e48cSBaokun Li * 223e564e48cSBaokun Li * Get a read req but its fd is already closed. The daemon can't 224e564e48cSBaokun Li * issue a cread ioctl with an closed fd, then hung. 225e564e48cSBaokun Li */ 226e564e48cSBaokun Li if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED) { 227e564e48cSBaokun Li spin_unlock(&info->lock); 228e564e48cSBaokun Li req->error = -EBADFD; 229e564e48cSBaokun Li goto out; 230e564e48cSBaokun Li } 231c8383054SJeffle Xu cookie = req->object->cookie; 232c8383054SJeffle Xu cookie->object_size = size; 233c8383054SJeffle Xu if (size) 234c8383054SJeffle Xu clear_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags); 235c8383054SJeffle Xu else 236c8383054SJeffle Xu set_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags); 2371519670eSJeffle Xu trace_cachefiles_ondemand_copen(req->object, id, size); 238c8383054SJeffle Xu 239955190e1SJia Zhu cachefiles_ondemand_set_object_open(req->object); 240e564e48cSBaokun Li spin_unlock(&info->lock); 241f740fd94SJia Zhu wake_up_all(&cache->daemon_pollwq); 242955190e1SJia Zhu 243c8383054SJeffle Xu out: 244*c32ee78fSZizhi Wo spin_lock(&info->lock); 245*c32ee78fSZizhi Wo /* Need to set object close to avoid reopen status continuing */ 246*c32ee78fSZizhi Wo if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED) 247*c32ee78fSZizhi Wo cachefiles_ondemand_set_object_close(req->object); 248*c32ee78fSZizhi Wo spin_unlock(&info->lock); 249c8383054SJeffle Xu complete(&req->done); 250c8383054SJeffle Xu return ret; 251c8383054SJeffle Xu } 252c8383054SJeffle Xu 2539f5fa40fSJia Zhu int cachefiles_ondemand_restore(struct cachefiles_cache *cache, char *args) 2549f5fa40fSJia Zhu { 2559f5fa40fSJia Zhu struct cachefiles_req *req; 2569f5fa40fSJia Zhu 2579f5fa40fSJia Zhu XA_STATE(xas, &cache->reqs, 0); 2589f5fa40fSJia Zhu 2599f5fa40fSJia Zhu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 2609f5fa40fSJia Zhu return -EOPNOTSUPP; 2619f5fa40fSJia Zhu 2629f5fa40fSJia Zhu /* 2639f5fa40fSJia Zhu * Reset the requests to CACHEFILES_REQ_NEW state, so that the 2649f5fa40fSJia Zhu * requests have been processed halfway before the crash of the 2659f5fa40fSJia Zhu * user daemon could be reprocessed after the recovery. 2669f5fa40fSJia Zhu */ 2679f5fa40fSJia Zhu xas_lock(&xas); 2689f5fa40fSJia Zhu xas_for_each(&xas, req, ULONG_MAX) 2699f5fa40fSJia Zhu xas_set_mark(&xas, CACHEFILES_REQ_NEW); 2709f5fa40fSJia Zhu xas_unlock(&xas); 2719f5fa40fSJia Zhu 2729f5fa40fSJia Zhu wake_up_all(&cache->daemon_pollwq); 2739f5fa40fSJia Zhu return 0; 2749f5fa40fSJia Zhu } 2759f5fa40fSJia Zhu 276d2d3eb37SBaokun Li static int cachefiles_ondemand_get_fd(struct cachefiles_req *req, 277d2d3eb37SBaokun Li struct ondemand_anon_file *anon_file) 278c8383054SJeffle Xu { 279c8383054SJeffle Xu struct cachefiles_object *object; 280c8383054SJeffle Xu struct cachefiles_cache *cache; 281c8383054SJeffle Xu struct cachefiles_open *load; 282c8383054SJeffle Xu u32 object_id; 283d2d3eb37SBaokun Li int ret; 284c8383054SJeffle Xu 285c8383054SJeffle Xu object = cachefiles_grab_object(req->object, 286c8383054SJeffle Xu cachefiles_obj_get_ondemand_fd); 287c8383054SJeffle Xu cache = object->volume->cache; 288c8383054SJeffle Xu 289c8383054SJeffle Xu ret = xa_alloc_cyclic(&cache->ondemand_ids, &object_id, NULL, 290c8383054SJeffle Xu XA_LIMIT(1, INT_MAX), 291c8383054SJeffle Xu &cache->ondemand_id_next, GFP_KERNEL); 292c8383054SJeffle Xu if (ret < 0) 293c8383054SJeffle Xu goto err; 294c8383054SJeffle Xu 295d2d3eb37SBaokun Li anon_file->fd = get_unused_fd_flags(O_WRONLY); 296d2d3eb37SBaokun Li if (anon_file->fd < 0) { 297d2d3eb37SBaokun Li ret = anon_file->fd; 298c8383054SJeffle Xu goto err_free_id; 299c8383054SJeffle Xu } 300c8383054SJeffle Xu 301d2d3eb37SBaokun Li anon_file->file = anon_inode_getfile("[cachefiles]", 302d2d3eb37SBaokun Li &cachefiles_ondemand_fd_fops, object, O_WRONLY); 303d2d3eb37SBaokun Li if (IS_ERR(anon_file->file)) { 304d2d3eb37SBaokun Li ret = PTR_ERR(anon_file->file); 305c8383054SJeffle Xu goto err_put_fd; 306c8383054SJeffle Xu } 307c8383054SJeffle Xu 308527db1cbSBaokun Li spin_lock(&object->ondemand->lock); 309527db1cbSBaokun Li if (object->ondemand->ondemand_id > 0) { 310527db1cbSBaokun Li spin_unlock(&object->ondemand->lock); 311527db1cbSBaokun Li /* Pair with check in cachefiles_ondemand_fd_release(). */ 312d2d3eb37SBaokun Li anon_file->file->private_data = NULL; 313527db1cbSBaokun Li ret = -EEXIST; 314527db1cbSBaokun Li goto err_put_file; 315527db1cbSBaokun Li } 316527db1cbSBaokun Li 317d2d3eb37SBaokun Li anon_file->file->f_mode |= FMODE_PWRITE | FMODE_LSEEK; 318c8383054SJeffle Xu 319c8383054SJeffle Xu load = (void *)req->msg.data; 320d2d3eb37SBaokun Li load->fd = anon_file->fd; 32133d21f06SJia Zhu object->ondemand->ondemand_id = object_id; 322527db1cbSBaokun Li spin_unlock(&object->ondemand->lock); 323d11b0b04SJeffle Xu 324d11b0b04SJeffle Xu cachefiles_get_unbind_pincount(cache); 3251519670eSJeffle Xu trace_cachefiles_ondemand_open(object, &req->msg, load); 326c8383054SJeffle Xu return 0; 327c8383054SJeffle Xu 328527db1cbSBaokun Li err_put_file: 329d2d3eb37SBaokun Li fput(anon_file->file); 330d2d3eb37SBaokun Li anon_file->file = NULL; 331c8383054SJeffle Xu err_put_fd: 332d2d3eb37SBaokun Li put_unused_fd(anon_file->fd); 333d2d3eb37SBaokun Li anon_file->fd = ret; 334c8383054SJeffle Xu err_free_id: 335c8383054SJeffle Xu xa_erase(&cache->ondemand_ids, object_id); 336c8383054SJeffle Xu err: 337527db1cbSBaokun Li spin_lock(&object->ondemand->lock); 338527db1cbSBaokun Li /* Avoid marking an opened object as closed. */ 339527db1cbSBaokun Li if (object->ondemand->ondemand_id <= 0) 340527db1cbSBaokun Li cachefiles_ondemand_set_object_close(object); 341527db1cbSBaokun Li spin_unlock(&object->ondemand->lock); 342c8383054SJeffle Xu cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd); 343c8383054SJeffle Xu return ret; 344c8383054SJeffle Xu } 345c8383054SJeffle Xu 346f740fd94SJia Zhu static void ondemand_object_worker(struct work_struct *work) 347f740fd94SJia Zhu { 348f740fd94SJia Zhu struct cachefiles_ondemand_info *info = 349f740fd94SJia Zhu container_of(work, struct cachefiles_ondemand_info, ondemand_work); 350f740fd94SJia Zhu 351f740fd94SJia Zhu cachefiles_ondemand_init_object(info->object); 352f740fd94SJia Zhu } 353f740fd94SJia Zhu 354f740fd94SJia Zhu /* 355f740fd94SJia Zhu * If there are any inflight or subsequent READ requests on the 356f740fd94SJia Zhu * closed object, reopen it. 357f740fd94SJia Zhu * Skip read requests whose related object is reopening. 358f740fd94SJia Zhu */ 359f740fd94SJia Zhu static struct cachefiles_req *cachefiles_ondemand_select_req(struct xa_state *xas, 360f740fd94SJia Zhu unsigned long xa_max) 361f740fd94SJia Zhu { 362f740fd94SJia Zhu struct cachefiles_req *req; 363f740fd94SJia Zhu struct cachefiles_object *object; 364f740fd94SJia Zhu struct cachefiles_ondemand_info *info; 365f740fd94SJia Zhu 366f740fd94SJia Zhu xas_for_each_marked(xas, req, xa_max, CACHEFILES_REQ_NEW) { 367f740fd94SJia Zhu if (req->msg.opcode != CACHEFILES_OP_READ) 368f740fd94SJia Zhu return req; 369f740fd94SJia Zhu object = req->object; 370f740fd94SJia Zhu info = object->ondemand; 371f740fd94SJia Zhu if (cachefiles_ondemand_object_is_close(object)) { 372f740fd94SJia Zhu cachefiles_ondemand_set_object_reopening(object); 373f740fd94SJia Zhu queue_work(fscache_wq, &info->ondemand_work); 374f740fd94SJia Zhu continue; 375f740fd94SJia Zhu } 376f740fd94SJia Zhu if (cachefiles_ondemand_object_is_reopening(object)) 377f740fd94SJia Zhu continue; 378f740fd94SJia Zhu return req; 379f740fd94SJia Zhu } 380f740fd94SJia Zhu return NULL; 381f740fd94SJia Zhu } 382f740fd94SJia Zhu 383c8383054SJeffle Xu ssize_t cachefiles_ondemand_daemon_read(struct cachefiles_cache *cache, 384c8383054SJeffle Xu char __user *_buffer, size_t buflen) 385c8383054SJeffle Xu { 386c8383054SJeffle Xu struct cachefiles_req *req; 387c8383054SJeffle Xu struct cachefiles_msg *msg; 388c8383054SJeffle Xu size_t n; 389c8383054SJeffle Xu int ret = 0; 390d2d3eb37SBaokun Li struct ondemand_anon_file anon_file; 3911122f400SXin Yin XA_STATE(xas, &cache->reqs, cache->req_id_next); 392c8383054SJeffle Xu 393f740fd94SJia Zhu xa_lock(&cache->reqs); 394c8383054SJeffle Xu /* 3951122f400SXin Yin * Cyclically search for a request that has not ever been processed, 3961122f400SXin Yin * to prevent requests from being processed repeatedly, and make 3971122f400SXin Yin * request distribution fair. 398c8383054SJeffle Xu */ 399f740fd94SJia Zhu req = cachefiles_ondemand_select_req(&xas, ULONG_MAX); 4001122f400SXin Yin if (!req && cache->req_id_next > 0) { 4011122f400SXin Yin xas_set(&xas, 0); 402f740fd94SJia Zhu req = cachefiles_ondemand_select_req(&xas, cache->req_id_next - 1); 4031122f400SXin Yin } 404c8383054SJeffle Xu if (!req) { 405c8383054SJeffle Xu xa_unlock(&cache->reqs); 406c8383054SJeffle Xu return 0; 407c8383054SJeffle Xu } 408c8383054SJeffle Xu 409c8383054SJeffle Xu msg = &req->msg; 410c8383054SJeffle Xu n = msg->len; 411c8383054SJeffle Xu 412c8383054SJeffle Xu if (n > buflen) { 413c8383054SJeffle Xu xa_unlock(&cache->reqs); 414c8383054SJeffle Xu return -EMSGSIZE; 415c8383054SJeffle Xu } 416c8383054SJeffle Xu 417c8383054SJeffle Xu xas_clear_mark(&xas, CACHEFILES_REQ_NEW); 4181122f400SXin Yin cache->req_id_next = xas.xa_index + 1; 419a6de8276SBaokun Li refcount_inc(&req->ref); 4203958679cSBaokun Li cachefiles_grab_object(req->object, cachefiles_obj_get_read_req); 421c8383054SJeffle Xu xa_unlock(&cache->reqs); 422c8383054SJeffle Xu 423c8383054SJeffle Xu if (msg->opcode == CACHEFILES_OP_OPEN) { 424d2d3eb37SBaokun Li ret = cachefiles_ondemand_get_fd(req, &anon_file); 425527db1cbSBaokun Li if (ret) 4261d95e501SBaokun Li goto out; 427c8383054SJeffle Xu } 428f740fd94SJia Zhu 4291d95e501SBaokun Li msg->msg_id = xas.xa_index; 430f740fd94SJia Zhu msg->object_id = req->object->ondemand->ondemand_id; 431c8383054SJeffle Xu 432d2d3eb37SBaokun Li if (copy_to_user(_buffer, msg, n) != 0) 433c8383054SJeffle Xu ret = -EFAULT; 434d2d3eb37SBaokun Li 435d2d3eb37SBaokun Li if (msg->opcode == CACHEFILES_OP_OPEN) { 436d2d3eb37SBaokun Li if (ret < 0) { 437d2d3eb37SBaokun Li fput(anon_file.file); 438d2d3eb37SBaokun Li put_unused_fd(anon_file.fd); 439d2d3eb37SBaokun Li goto out; 440d2d3eb37SBaokun Li } 441d2d3eb37SBaokun Li fd_install(anon_file.fd, anon_file.file); 4421d95e501SBaokun Li } 4431d95e501SBaokun Li out: 4443958679cSBaokun Li cachefiles_put_object(req->object, cachefiles_obj_put_read_req); 4451d95e501SBaokun Li /* Remove error request and CLOSE request has no reply */ 4461d95e501SBaokun Li if (ret || msg->opcode == CACHEFILES_OP_CLOSE) { 447a6de8276SBaokun Li xas_reset(&xas); 448a6de8276SBaokun Li xas_lock(&xas); 449a6de8276SBaokun Li if (xas_load(&xas) == req) { 450c8383054SJeffle Xu req->error = ret; 451c8383054SJeffle Xu complete(&req->done); 452a6de8276SBaokun Li xas_store(&xas, NULL); 453a6de8276SBaokun Li } 454a6de8276SBaokun Li xas_unlock(&xas); 4551d95e501SBaokun Li } 456a6de8276SBaokun Li cachefiles_req_put(req); 4571d95e501SBaokun Li return ret ? ret : n; 458c8383054SJeffle Xu } 459c8383054SJeffle Xu 460c8383054SJeffle Xu typedef int (*init_req_fn)(struct cachefiles_req *req, void *private); 461c8383054SJeffle Xu 462c8383054SJeffle Xu static int cachefiles_ondemand_send_req(struct cachefiles_object *object, 463c8383054SJeffle Xu enum cachefiles_opcode opcode, 464c8383054SJeffle Xu size_t data_len, 465c8383054SJeffle Xu init_req_fn init_req, 466c8383054SJeffle Xu void *private) 467c8383054SJeffle Xu { 468c8383054SJeffle Xu struct cachefiles_cache *cache = object->volume->cache; 469f740fd94SJia Zhu struct cachefiles_req *req = NULL; 470c8383054SJeffle Xu XA_STATE(xas, &cache->reqs, 0); 471c8383054SJeffle Xu int ret; 472c8383054SJeffle Xu 473c8383054SJeffle Xu if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 474c8383054SJeffle Xu return 0; 475c8383054SJeffle Xu 476f740fd94SJia Zhu if (test_bit(CACHEFILES_DEAD, &cache->flags)) { 477f740fd94SJia Zhu ret = -EIO; 478f740fd94SJia Zhu goto out; 479f740fd94SJia Zhu } 480c8383054SJeffle Xu 481c8383054SJeffle Xu req = kzalloc(sizeof(*req) + data_len, GFP_KERNEL); 482f740fd94SJia Zhu if (!req) { 483f740fd94SJia Zhu ret = -ENOMEM; 484f740fd94SJia Zhu goto out; 485f740fd94SJia Zhu } 486c8383054SJeffle Xu 487a6de8276SBaokun Li refcount_set(&req->ref, 1); 488c8383054SJeffle Xu req->object = object; 489c8383054SJeffle Xu init_completion(&req->done); 490c8383054SJeffle Xu req->msg.opcode = opcode; 491c8383054SJeffle Xu req->msg.len = sizeof(struct cachefiles_msg) + data_len; 492c8383054SJeffle Xu 493c8383054SJeffle Xu ret = init_req(req, private); 494c8383054SJeffle Xu if (ret) 495c8383054SJeffle Xu goto out; 496c8383054SJeffle Xu 497c8383054SJeffle Xu do { 498c8383054SJeffle Xu /* 499c8383054SJeffle Xu * Stop enqueuing the request when daemon is dying. The 500c8383054SJeffle Xu * following two operations need to be atomic as a whole. 501c8383054SJeffle Xu * 1) check cache state, and 502c8383054SJeffle Xu * 2) enqueue request if cache is alive. 503c8383054SJeffle Xu * Otherwise the request may be enqueued after xarray has been 504c8383054SJeffle Xu * flushed, leaving the orphan request never being completed. 505c8383054SJeffle Xu * 506c8383054SJeffle Xu * CPU 1 CPU 2 507c8383054SJeffle Xu * ===== ===== 508c8383054SJeffle Xu * test CACHEFILES_DEAD bit 509c8383054SJeffle Xu * set CACHEFILES_DEAD bit 510c8383054SJeffle Xu * flush requests in the xarray 511c8383054SJeffle Xu * enqueue the request 512c8383054SJeffle Xu */ 513c8383054SJeffle Xu xas_lock(&xas); 514c8383054SJeffle Xu 51532e0a9a7SBaokun Li if (test_bit(CACHEFILES_DEAD, &cache->flags) || 51632e0a9a7SBaokun Li cachefiles_ondemand_object_is_dropping(object)) { 517c8383054SJeffle Xu xas_unlock(&xas); 518c8383054SJeffle Xu ret = -EIO; 519c8383054SJeffle Xu goto out; 520c8383054SJeffle Xu } 521c8383054SJeffle Xu 522c8383054SJeffle Xu /* coupled with the barrier in cachefiles_flush_reqs() */ 523c8383054SJeffle Xu smp_mb(); 524c8383054SJeffle Xu 525f740fd94SJia Zhu if (opcode == CACHEFILES_OP_CLOSE && 526955190e1SJia Zhu !cachefiles_ondemand_object_is_open(object)) { 52733d21f06SJia Zhu WARN_ON_ONCE(object->ondemand->ondemand_id == 0); 528324b954aSJeffle Xu xas_unlock(&xas); 529324b954aSJeffle Xu ret = -EIO; 530324b954aSJeffle Xu goto out; 531324b954aSJeffle Xu } 532324b954aSJeffle Xu 533de045a82SBaokun Li /* 534de045a82SBaokun Li * Cyclically find a free xas to avoid msg_id reuse that would 535de045a82SBaokun Li * cause the daemon to successfully copen a stale msg_id. 536de045a82SBaokun Li */ 537de045a82SBaokun Li xas.xa_index = cache->msg_id_next; 538c8383054SJeffle Xu xas_find_marked(&xas, UINT_MAX, XA_FREE_MARK); 539de045a82SBaokun Li if (xas.xa_node == XAS_RESTART) { 540de045a82SBaokun Li xas.xa_index = 0; 541de045a82SBaokun Li xas_find_marked(&xas, cache->msg_id_next - 1, XA_FREE_MARK); 542de045a82SBaokun Li } 543c8383054SJeffle Xu if (xas.xa_node == XAS_RESTART) 544c8383054SJeffle Xu xas_set_err(&xas, -EBUSY); 545de045a82SBaokun Li 546c8383054SJeffle Xu xas_store(&xas, req); 547de045a82SBaokun Li if (xas_valid(&xas)) { 548de045a82SBaokun Li cache->msg_id_next = xas.xa_index + 1; 549c8383054SJeffle Xu xas_clear_mark(&xas, XA_FREE_MARK); 550c8383054SJeffle Xu xas_set_mark(&xas, CACHEFILES_REQ_NEW); 551de045a82SBaokun Li } 552c8383054SJeffle Xu xas_unlock(&xas); 553c8383054SJeffle Xu } while (xas_nomem(&xas, GFP_KERNEL)); 554c8383054SJeffle Xu 555c8383054SJeffle Xu ret = xas_error(&xas); 556c8383054SJeffle Xu if (ret) 557c8383054SJeffle Xu goto out; 558c8383054SJeffle Xu 559c8383054SJeffle Xu wake_up_all(&cache->daemon_pollwq); 560c8383054SJeffle Xu wait_for_completion(&req->done); 561c8383054SJeffle Xu ret = req->error; 562a6de8276SBaokun Li cachefiles_req_put(req); 563f740fd94SJia Zhu return ret; 564c8383054SJeffle Xu out: 565f740fd94SJia Zhu /* Reset the object to close state in error handling path. 566f740fd94SJia Zhu * If error occurs after creating the anonymous fd, 567f740fd94SJia Zhu * cachefiles_ondemand_fd_release() will set object to close. 568f740fd94SJia Zhu */ 56932e0a9a7SBaokun Li if (opcode == CACHEFILES_OP_OPEN && 57032e0a9a7SBaokun Li !cachefiles_ondemand_object_is_dropping(object)) 571f740fd94SJia Zhu cachefiles_ondemand_set_object_close(object); 572c8383054SJeffle Xu kfree(req); 573c8383054SJeffle Xu return ret; 574c8383054SJeffle Xu } 575c8383054SJeffle Xu 576c8383054SJeffle Xu static int cachefiles_ondemand_init_open_req(struct cachefiles_req *req, 577c8383054SJeffle Xu void *private) 578c8383054SJeffle Xu { 579c8383054SJeffle Xu struct cachefiles_object *object = req->object; 580c8383054SJeffle Xu struct fscache_cookie *cookie = object->cookie; 581c8383054SJeffle Xu struct fscache_volume *volume = object->volume->vcookie; 582c8383054SJeffle Xu struct cachefiles_open *load = (void *)req->msg.data; 583c8383054SJeffle Xu size_t volume_key_size, cookie_key_size; 584c8383054SJeffle Xu void *volume_key, *cookie_key; 585c8383054SJeffle Xu 586c8383054SJeffle Xu /* 587c8383054SJeffle Xu * Volume key is a NUL-terminated string. key[0] stores strlen() of the 588c8383054SJeffle Xu * string, followed by the content of the string (excluding '\0'). 589c8383054SJeffle Xu */ 590c8383054SJeffle Xu volume_key_size = volume->key[0] + 1; 591c8383054SJeffle Xu volume_key = volume->key + 1; 592c8383054SJeffle Xu 593c8383054SJeffle Xu /* Cookie key is binary data, which is netfs specific. */ 594c8383054SJeffle Xu cookie_key_size = cookie->key_len; 595c8383054SJeffle Xu cookie_key = fscache_get_key(cookie); 596c8383054SJeffle Xu 597c8383054SJeffle Xu if (!(object->cookie->advice & FSCACHE_ADV_WANT_CACHE_SIZE)) { 598c8383054SJeffle Xu pr_err("WANT_CACHE_SIZE is needed for on-demand mode\n"); 599c8383054SJeffle Xu return -EINVAL; 600c8383054SJeffle Xu } 601c8383054SJeffle Xu 602c8383054SJeffle Xu load->volume_key_size = volume_key_size; 603c8383054SJeffle Xu load->cookie_key_size = cookie_key_size; 604c8383054SJeffle Xu memcpy(load->data, volume_key, volume_key_size); 605c8383054SJeffle Xu memcpy(load->data + volume_key_size, cookie_key, cookie_key_size); 606c8383054SJeffle Xu 607c8383054SJeffle Xu return 0; 608c8383054SJeffle Xu } 609c8383054SJeffle Xu 610324b954aSJeffle Xu static int cachefiles_ondemand_init_close_req(struct cachefiles_req *req, 611324b954aSJeffle Xu void *private) 612324b954aSJeffle Xu { 613324b954aSJeffle Xu struct cachefiles_object *object = req->object; 614324b954aSJeffle Xu 615955190e1SJia Zhu if (!cachefiles_ondemand_object_is_open(object)) 616324b954aSJeffle Xu return -ENOENT; 617324b954aSJeffle Xu 6181519670eSJeffle Xu trace_cachefiles_ondemand_close(object, &req->msg); 619324b954aSJeffle Xu return 0; 620324b954aSJeffle Xu } 621324b954aSJeffle Xu 6229032b6e8SJeffle Xu struct cachefiles_read_ctx { 6239032b6e8SJeffle Xu loff_t off; 6249032b6e8SJeffle Xu size_t len; 6259032b6e8SJeffle Xu }; 6269032b6e8SJeffle Xu 6279032b6e8SJeffle Xu static int cachefiles_ondemand_init_read_req(struct cachefiles_req *req, 6289032b6e8SJeffle Xu void *private) 6299032b6e8SJeffle Xu { 6309032b6e8SJeffle Xu struct cachefiles_object *object = req->object; 6319032b6e8SJeffle Xu struct cachefiles_read *load = (void *)req->msg.data; 6329032b6e8SJeffle Xu struct cachefiles_read_ctx *read_ctx = private; 6339032b6e8SJeffle Xu 6349032b6e8SJeffle Xu load->off = read_ctx->off; 6359032b6e8SJeffle Xu load->len = read_ctx->len; 6361519670eSJeffle Xu trace_cachefiles_ondemand_read(object, &req->msg, load); 6379032b6e8SJeffle Xu return 0; 6389032b6e8SJeffle Xu } 6399032b6e8SJeffle Xu 640c8383054SJeffle Xu int cachefiles_ondemand_init_object(struct cachefiles_object *object) 641c8383054SJeffle Xu { 642c8383054SJeffle Xu struct fscache_cookie *cookie = object->cookie; 643c8383054SJeffle Xu struct fscache_volume *volume = object->volume->vcookie; 644c8383054SJeffle Xu size_t volume_key_size, cookie_key_size, data_len; 645c8383054SJeffle Xu 6468a73c08eSDavid Howells if (!object->ondemand) 6478a73c08eSDavid Howells return 0; 6488a73c08eSDavid Howells 649c8383054SJeffle Xu /* 650c8383054SJeffle Xu * CacheFiles will firstly check the cache file under the root cache 651c8383054SJeffle Xu * directory. If the coherency check failed, it will fallback to 652c8383054SJeffle Xu * creating a new tmpfile as the cache file. Reuse the previously 653c8383054SJeffle Xu * allocated object ID if any. 654c8383054SJeffle Xu */ 655955190e1SJia Zhu if (cachefiles_ondemand_object_is_open(object)) 656c8383054SJeffle Xu return 0; 657c8383054SJeffle Xu 658c8383054SJeffle Xu volume_key_size = volume->key[0] + 1; 659c8383054SJeffle Xu cookie_key_size = cookie->key_len; 660c8383054SJeffle Xu data_len = sizeof(struct cachefiles_open) + 661c8383054SJeffle Xu volume_key_size + cookie_key_size; 662c8383054SJeffle Xu 663c8383054SJeffle Xu return cachefiles_ondemand_send_req(object, CACHEFILES_OP_OPEN, 664c8383054SJeffle Xu data_len, cachefiles_ondemand_init_open_req, NULL); 665c8383054SJeffle Xu } 666324b954aSJeffle Xu 667324b954aSJeffle Xu void cachefiles_ondemand_clean_object(struct cachefiles_object *object) 668324b954aSJeffle Xu { 669ed60c1a8SBaokun Li unsigned long index; 670ed60c1a8SBaokun Li struct cachefiles_req *req; 671ed60c1a8SBaokun Li struct cachefiles_cache *cache; 672ed60c1a8SBaokun Li 67332e0a9a7SBaokun Li if (!object->ondemand) 67432e0a9a7SBaokun Li return; 67532e0a9a7SBaokun Li 676324b954aSJeffle Xu cachefiles_ondemand_send_req(object, CACHEFILES_OP_CLOSE, 0, 677324b954aSJeffle Xu cachefiles_ondemand_init_close_req, NULL); 678ed60c1a8SBaokun Li 679ed60c1a8SBaokun Li if (!object->ondemand->ondemand_id) 680ed60c1a8SBaokun Li return; 681ed60c1a8SBaokun Li 682ed60c1a8SBaokun Li /* Cancel all requests for the object that is being dropped. */ 683ed60c1a8SBaokun Li cache = object->volume->cache; 684ed60c1a8SBaokun Li xa_lock(&cache->reqs); 68532e0a9a7SBaokun Li cachefiles_ondemand_set_object_dropping(object); 686ed60c1a8SBaokun Li xa_for_each(&cache->reqs, index, req) { 687ed60c1a8SBaokun Li if (req->object == object) { 688ed60c1a8SBaokun Li req->error = -EIO; 689ed60c1a8SBaokun Li complete(&req->done); 690ed60c1a8SBaokun Li __xa_erase(&cache->reqs, index); 691ed60c1a8SBaokun Li } 692ed60c1a8SBaokun Li } 693ed60c1a8SBaokun Li xa_unlock(&cache->reqs); 694d3179baeSHou Tao 695d3179baeSHou Tao /* Wait for ondemand_object_worker() to finish to avoid UAF. */ 696d3179baeSHou Tao cancel_work_sync(&object->ondemand->ondemand_work); 697324b954aSJeffle Xu } 6989032b6e8SJeffle Xu 69933d21f06SJia Zhu int cachefiles_ondemand_init_obj_info(struct cachefiles_object *object, 70033d21f06SJia Zhu struct cachefiles_volume *volume) 70133d21f06SJia Zhu { 70233d21f06SJia Zhu if (!cachefiles_in_ondemand_mode(volume->cache)) 70333d21f06SJia Zhu return 0; 70433d21f06SJia Zhu 70533d21f06SJia Zhu object->ondemand = kzalloc(sizeof(struct cachefiles_ondemand_info), 70633d21f06SJia Zhu GFP_KERNEL); 70733d21f06SJia Zhu if (!object->ondemand) 70833d21f06SJia Zhu return -ENOMEM; 70933d21f06SJia Zhu 71033d21f06SJia Zhu object->ondemand->object = object; 711e564e48cSBaokun Li spin_lock_init(&object->ondemand->lock); 712f740fd94SJia Zhu INIT_WORK(&object->ondemand->ondemand_work, ondemand_object_worker); 71333d21f06SJia Zhu return 0; 71433d21f06SJia Zhu } 71533d21f06SJia Zhu 71633d21f06SJia Zhu void cachefiles_ondemand_deinit_obj_info(struct cachefiles_object *object) 71733d21f06SJia Zhu { 71833d21f06SJia Zhu kfree(object->ondemand); 71933d21f06SJia Zhu object->ondemand = NULL; 72033d21f06SJia Zhu } 72133d21f06SJia Zhu 7229032b6e8SJeffle Xu int cachefiles_ondemand_read(struct cachefiles_object *object, 7239032b6e8SJeffle Xu loff_t pos, size_t len) 7249032b6e8SJeffle Xu { 7259032b6e8SJeffle Xu struct cachefiles_read_ctx read_ctx = {pos, len}; 7269032b6e8SJeffle Xu 7279032b6e8SJeffle Xu return cachefiles_ondemand_send_req(object, CACHEFILES_OP_READ, 7289032b6e8SJeffle Xu sizeof(struct cachefiles_read), 7299032b6e8SJeffle Xu cachefiles_ondemand_init_read_req, &read_ctx); 7309032b6e8SJeffle Xu } 731