1 /* 2 FUSE: Filesystem in Userspace 3 Copyright (C) 2001-2005 Miklos Szeredi <miklos@szeredi.hu> 4 5 This program can be distributed under the terms of the GNU GPL. 6 See the file COPYING. 7 */ 8 9 #include "fuse_i.h" 10 11 #include <linux/init.h> 12 #include <linux/module.h> 13 #include <linux/poll.h> 14 #include <linux/uio.h> 15 #include <linux/miscdevice.h> 16 #include <linux/pagemap.h> 17 #include <linux/file.h> 18 #include <linux/slab.h> 19 20 MODULE_ALIAS_MISCDEV(FUSE_MINOR); 21 22 static kmem_cache_t *fuse_req_cachep; 23 24 static inline struct fuse_conn *fuse_get_conn(struct file *file) 25 { 26 struct fuse_conn *fc; 27 spin_lock(&fuse_lock); 28 fc = file->private_data; 29 if (fc && !fc->sb) 30 fc = NULL; 31 spin_unlock(&fuse_lock); 32 return fc; 33 } 34 35 static inline void fuse_request_init(struct fuse_req *req) 36 { 37 memset(req, 0, sizeof(*req)); 38 INIT_LIST_HEAD(&req->list); 39 init_waitqueue_head(&req->waitq); 40 atomic_set(&req->count, 1); 41 } 42 43 struct fuse_req *fuse_request_alloc(void) 44 { 45 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, SLAB_KERNEL); 46 if (req) 47 fuse_request_init(req); 48 return req; 49 } 50 51 void fuse_request_free(struct fuse_req *req) 52 { 53 kmem_cache_free(fuse_req_cachep, req); 54 } 55 56 static inline void block_sigs(sigset_t *oldset) 57 { 58 sigset_t mask; 59 60 siginitsetinv(&mask, sigmask(SIGKILL)); 61 sigprocmask(SIG_BLOCK, &mask, oldset); 62 } 63 64 static inline void restore_sigs(sigset_t *oldset) 65 { 66 sigprocmask(SIG_SETMASK, oldset, NULL); 67 } 68 69 void fuse_reset_request(struct fuse_req *req) 70 { 71 int preallocated = req->preallocated; 72 BUG_ON(atomic_read(&req->count) != 1); 73 fuse_request_init(req); 74 req->preallocated = preallocated; 75 } 76 77 static void __fuse_get_request(struct fuse_req *req) 78 { 79 atomic_inc(&req->count); 80 } 81 82 /* Must be called with > 1 refcount */ 83 static void __fuse_put_request(struct fuse_req *req) 84 { 85 BUG_ON(atomic_read(&req->count) < 2); 86 atomic_dec(&req->count); 87 } 88 89 static struct fuse_req *do_get_request(struct fuse_conn *fc) 90 { 91 struct fuse_req *req; 92 93 spin_lock(&fuse_lock); 94 BUG_ON(list_empty(&fc->unused_list)); 95 req = list_entry(fc->unused_list.next, struct fuse_req, list); 96 list_del_init(&req->list); 97 spin_unlock(&fuse_lock); 98 fuse_request_init(req); 99 req->preallocated = 1; 100 req->in.h.uid = current->fsuid; 101 req->in.h.gid = current->fsgid; 102 req->in.h.pid = current->pid; 103 return req; 104 } 105 106 struct fuse_req *fuse_get_request(struct fuse_conn *fc) 107 { 108 if (down_interruptible(&fc->outstanding_sem)) 109 return NULL; 110 return do_get_request(fc); 111 } 112 113 /* 114 * Non-interruptible version of the above function is for operations 115 * which can't legally return -ERESTART{SYS,NOINTR}. This can still 116 * return NULL, but only in case the signal is SIGKILL. 117 */ 118 struct fuse_req *fuse_get_request_nonint(struct fuse_conn *fc) 119 { 120 int intr; 121 sigset_t oldset; 122 123 block_sigs(&oldset); 124 intr = down_interruptible(&fc->outstanding_sem); 125 restore_sigs(&oldset); 126 return intr ? NULL : do_get_request(fc); 127 } 128 129 static void fuse_putback_request(struct fuse_conn *fc, struct fuse_req *req) 130 { 131 spin_lock(&fuse_lock); 132 if (req->preallocated) 133 list_add(&req->list, &fc->unused_list); 134 else 135 fuse_request_free(req); 136 137 /* If we are in debt decrease that first */ 138 if (fc->outstanding_debt) 139 fc->outstanding_debt--; 140 else 141 up(&fc->outstanding_sem); 142 spin_unlock(&fuse_lock); 143 } 144 145 void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req) 146 { 147 if (atomic_dec_and_test(&req->count)) 148 fuse_putback_request(fc, req); 149 } 150 151 /* 152 * This function is called when a request is finished. Either a reply 153 * has arrived or it was interrupted (and not yet sent) or some error 154 * occured during communication with userspace, or the device file was 155 * closed. It decreases the referece count for the request. In case 156 * of a background request the referece to the stored objects are 157 * released. The requester thread is woken up (if still waiting), and 158 * finally the request is either freed or put on the unused_list 159 * 160 * Called with fuse_lock, unlocks it 161 */ 162 static void request_end(struct fuse_conn *fc, struct fuse_req *req) 163 { 164 int putback; 165 req->finished = 1; 166 putback = atomic_dec_and_test(&req->count); 167 spin_unlock(&fuse_lock); 168 if (req->background) { 169 if (req->inode) 170 iput(req->inode); 171 if (req->inode2) 172 iput(req->inode2); 173 if (req->file) 174 fput(req->file); 175 } 176 wake_up(&req->waitq); 177 if (req->in.h.opcode == FUSE_INIT) { 178 int i; 179 180 if (req->misc.init_in_out.major != FUSE_KERNEL_VERSION) 181 fc->conn_error = 1; 182 183 /* After INIT reply is received other requests can go 184 out. So do (FUSE_MAX_OUTSTANDING - 1) number of 185 up()s on outstanding_sem. The last up() is done in 186 fuse_putback_request() */ 187 for (i = 1; i < FUSE_MAX_OUTSTANDING; i++) 188 up(&fc->outstanding_sem); 189 } 190 if (putback) 191 fuse_putback_request(fc, req); 192 } 193 194 static void background_request(struct fuse_req *req) 195 { 196 /* Need to get hold of the inode(s) and/or file used in the 197 request, so FORGET and RELEASE are not sent too early */ 198 req->background = 1; 199 if (req->inode) 200 req->inode = igrab(req->inode); 201 if (req->inode2) 202 req->inode2 = igrab(req->inode2); 203 if (req->file) 204 get_file(req->file); 205 } 206 207 static int request_wait_answer_nonint(struct fuse_req *req) 208 { 209 int err; 210 sigset_t oldset; 211 block_sigs(&oldset); 212 err = wait_event_interruptible(req->waitq, req->finished); 213 restore_sigs(&oldset); 214 return err; 215 } 216 217 /* Called with fuse_lock held. Releases, and then reacquires it. */ 218 static void request_wait_answer(struct fuse_req *req, int interruptible) 219 { 220 int intr; 221 222 spin_unlock(&fuse_lock); 223 if (interruptible) 224 intr = wait_event_interruptible(req->waitq, req->finished); 225 else 226 intr = request_wait_answer_nonint(req); 227 spin_lock(&fuse_lock); 228 if (intr && interruptible && req->sent) { 229 /* If request is already in userspace, only allow KILL 230 signal to interrupt */ 231 spin_unlock(&fuse_lock); 232 intr = request_wait_answer_nonint(req); 233 spin_lock(&fuse_lock); 234 } 235 if (!intr) 236 return; 237 238 if (!interruptible || req->sent) 239 req->out.h.error = -EINTR; 240 else 241 req->out.h.error = -ERESTARTNOINTR; 242 243 req->interrupted = 1; 244 if (req->locked) { 245 /* This is uninterruptible sleep, because data is 246 being copied to/from the buffers of req. During 247 locked state, there mustn't be any filesystem 248 operation (e.g. page fault), since that could lead 249 to deadlock */ 250 spin_unlock(&fuse_lock); 251 wait_event(req->waitq, !req->locked); 252 spin_lock(&fuse_lock); 253 } 254 if (!req->sent && !list_empty(&req->list)) { 255 list_del(&req->list); 256 __fuse_put_request(req); 257 } else if (!req->finished && req->sent) 258 background_request(req); 259 } 260 261 static unsigned len_args(unsigned numargs, struct fuse_arg *args) 262 { 263 unsigned nbytes = 0; 264 unsigned i; 265 266 for (i = 0; i < numargs; i++) 267 nbytes += args[i].size; 268 269 return nbytes; 270 } 271 272 static void queue_request(struct fuse_conn *fc, struct fuse_req *req) 273 { 274 fc->reqctr++; 275 /* zero is special */ 276 if (fc->reqctr == 0) 277 fc->reqctr = 1; 278 req->in.h.unique = fc->reqctr; 279 req->in.h.len = sizeof(struct fuse_in_header) + 280 len_args(req->in.numargs, (struct fuse_arg *) req->in.args); 281 if (!req->preallocated) { 282 /* If request is not preallocated (either FORGET or 283 RELEASE), then still decrease outstanding_sem, so 284 user can't open infinite number of files while not 285 processing the RELEASE requests. However for 286 efficiency do it without blocking, so if down() 287 would block, just increase the debt instead */ 288 if (down_trylock(&fc->outstanding_sem)) 289 fc->outstanding_debt++; 290 } 291 list_add_tail(&req->list, &fc->pending); 292 wake_up(&fc->waitq); 293 } 294 295 static void request_send_wait(struct fuse_conn *fc, struct fuse_req *req, 296 int interruptible) 297 { 298 req->isreply = 1; 299 spin_lock(&fuse_lock); 300 if (!fc->file) 301 req->out.h.error = -ENOTCONN; 302 else if (fc->conn_error) 303 req->out.h.error = -ECONNREFUSED; 304 else { 305 queue_request(fc, req); 306 /* acquire extra reference, since request is still needed 307 after request_end() */ 308 __fuse_get_request(req); 309 310 request_wait_answer(req, interruptible); 311 } 312 spin_unlock(&fuse_lock); 313 } 314 315 void request_send(struct fuse_conn *fc, struct fuse_req *req) 316 { 317 request_send_wait(fc, req, 1); 318 } 319 320 /* 321 * Non-interruptible version of the above function is for operations 322 * which can't legally return -ERESTART{SYS,NOINTR}. This can still 323 * be interrupted but only with SIGKILL. 324 */ 325 void request_send_nonint(struct fuse_conn *fc, struct fuse_req *req) 326 { 327 request_send_wait(fc, req, 0); 328 } 329 330 static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req) 331 { 332 spin_lock(&fuse_lock); 333 if (fc->file) { 334 queue_request(fc, req); 335 spin_unlock(&fuse_lock); 336 } else { 337 req->out.h.error = -ENOTCONN; 338 request_end(fc, req); 339 } 340 } 341 342 void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req) 343 { 344 req->isreply = 0; 345 request_send_nowait(fc, req); 346 } 347 348 void request_send_background(struct fuse_conn *fc, struct fuse_req *req) 349 { 350 req->isreply = 1; 351 background_request(req); 352 request_send_nowait(fc, req); 353 } 354 355 void fuse_send_init(struct fuse_conn *fc) 356 { 357 /* This is called from fuse_read_super() so there's guaranteed 358 to be a request available */ 359 struct fuse_req *req = do_get_request(fc); 360 struct fuse_init_in_out *arg = &req->misc.init_in_out; 361 arg->major = FUSE_KERNEL_VERSION; 362 arg->minor = FUSE_KERNEL_MINOR_VERSION; 363 req->in.h.opcode = FUSE_INIT; 364 req->in.numargs = 1; 365 req->in.args[0].size = sizeof(*arg); 366 req->in.args[0].value = arg; 367 req->out.numargs = 1; 368 req->out.args[0].size = sizeof(*arg); 369 req->out.args[0].value = arg; 370 request_send_background(fc, req); 371 } 372 373 /* 374 * Lock the request. Up to the next unlock_request() there mustn't be 375 * anything that could cause a page-fault. If the request was already 376 * interrupted bail out. 377 */ 378 static inline int lock_request(struct fuse_req *req) 379 { 380 int err = 0; 381 if (req) { 382 spin_lock(&fuse_lock); 383 if (req->interrupted) 384 err = -ENOENT; 385 else 386 req->locked = 1; 387 spin_unlock(&fuse_lock); 388 } 389 return err; 390 } 391 392 /* 393 * Unlock request. If it was interrupted during being locked, the 394 * requester thread is currently waiting for it to be unlocked, so 395 * wake it up. 396 */ 397 static inline void unlock_request(struct fuse_req *req) 398 { 399 if (req) { 400 spin_lock(&fuse_lock); 401 req->locked = 0; 402 if (req->interrupted) 403 wake_up(&req->waitq); 404 spin_unlock(&fuse_lock); 405 } 406 } 407 408 struct fuse_copy_state { 409 int write; 410 struct fuse_req *req; 411 const struct iovec *iov; 412 unsigned long nr_segs; 413 unsigned long seglen; 414 unsigned long addr; 415 struct page *pg; 416 void *mapaddr; 417 void *buf; 418 unsigned len; 419 }; 420 421 static void fuse_copy_init(struct fuse_copy_state *cs, int write, 422 struct fuse_req *req, const struct iovec *iov, 423 unsigned long nr_segs) 424 { 425 memset(cs, 0, sizeof(*cs)); 426 cs->write = write; 427 cs->req = req; 428 cs->iov = iov; 429 cs->nr_segs = nr_segs; 430 } 431 432 /* Unmap and put previous page of userspace buffer */ 433 static inline void fuse_copy_finish(struct fuse_copy_state *cs) 434 { 435 if (cs->mapaddr) { 436 kunmap_atomic(cs->mapaddr, KM_USER0); 437 if (cs->write) { 438 flush_dcache_page(cs->pg); 439 set_page_dirty_lock(cs->pg); 440 } 441 put_page(cs->pg); 442 cs->mapaddr = NULL; 443 } 444 } 445 446 /* 447 * Get another pagefull of userspace buffer, and map it to kernel 448 * address space, and lock request 449 */ 450 static int fuse_copy_fill(struct fuse_copy_state *cs) 451 { 452 unsigned long offset; 453 int err; 454 455 unlock_request(cs->req); 456 fuse_copy_finish(cs); 457 if (!cs->seglen) { 458 BUG_ON(!cs->nr_segs); 459 cs->seglen = cs->iov[0].iov_len; 460 cs->addr = (unsigned long) cs->iov[0].iov_base; 461 cs->iov ++; 462 cs->nr_segs --; 463 } 464 down_read(¤t->mm->mmap_sem); 465 err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0, 466 &cs->pg, NULL); 467 up_read(¤t->mm->mmap_sem); 468 if (err < 0) 469 return err; 470 BUG_ON(err != 1); 471 offset = cs->addr % PAGE_SIZE; 472 cs->mapaddr = kmap_atomic(cs->pg, KM_USER0); 473 cs->buf = cs->mapaddr + offset; 474 cs->len = min(PAGE_SIZE - offset, cs->seglen); 475 cs->seglen -= cs->len; 476 cs->addr += cs->len; 477 478 return lock_request(cs->req); 479 } 480 481 /* Do as much copy to/from userspace buffer as we can */ 482 static inline int fuse_copy_do(struct fuse_copy_state *cs, void **val, 483 unsigned *size) 484 { 485 unsigned ncpy = min(*size, cs->len); 486 if (val) { 487 if (cs->write) 488 memcpy(cs->buf, *val, ncpy); 489 else 490 memcpy(*val, cs->buf, ncpy); 491 *val += ncpy; 492 } 493 *size -= ncpy; 494 cs->len -= ncpy; 495 cs->buf += ncpy; 496 return ncpy; 497 } 498 499 /* 500 * Copy a page in the request to/from the userspace buffer. Must be 501 * done atomically 502 */ 503 static inline int fuse_copy_page(struct fuse_copy_state *cs, struct page *page, 504 unsigned offset, unsigned count, int zeroing) 505 { 506 if (page && zeroing && count < PAGE_SIZE) { 507 void *mapaddr = kmap_atomic(page, KM_USER1); 508 memset(mapaddr, 0, PAGE_SIZE); 509 kunmap_atomic(mapaddr, KM_USER1); 510 } 511 while (count) { 512 int err; 513 if (!cs->len && (err = fuse_copy_fill(cs))) 514 return err; 515 if (page) { 516 void *mapaddr = kmap_atomic(page, KM_USER1); 517 void *buf = mapaddr + offset; 518 offset += fuse_copy_do(cs, &buf, &count); 519 kunmap_atomic(mapaddr, KM_USER1); 520 } else 521 offset += fuse_copy_do(cs, NULL, &count); 522 } 523 if (page && !cs->write) 524 flush_dcache_page(page); 525 return 0; 526 } 527 528 /* Copy pages in the request to/from userspace buffer */ 529 static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes, 530 int zeroing) 531 { 532 unsigned i; 533 struct fuse_req *req = cs->req; 534 unsigned offset = req->page_offset; 535 unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset); 536 537 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) { 538 struct page *page = req->pages[i]; 539 int err = fuse_copy_page(cs, page, offset, count, zeroing); 540 if (err) 541 return err; 542 543 nbytes -= count; 544 count = min(nbytes, (unsigned) PAGE_SIZE); 545 offset = 0; 546 } 547 return 0; 548 } 549 550 /* Copy a single argument in the request to/from userspace buffer */ 551 static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size) 552 { 553 while (size) { 554 int err; 555 if (!cs->len && (err = fuse_copy_fill(cs))) 556 return err; 557 fuse_copy_do(cs, &val, &size); 558 } 559 return 0; 560 } 561 562 /* Copy request arguments to/from userspace buffer */ 563 static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs, 564 unsigned argpages, struct fuse_arg *args, 565 int zeroing) 566 { 567 int err = 0; 568 unsigned i; 569 570 for (i = 0; !err && i < numargs; i++) { 571 struct fuse_arg *arg = &args[i]; 572 if (i == numargs - 1 && argpages) 573 err = fuse_copy_pages(cs, arg->size, zeroing); 574 else 575 err = fuse_copy_one(cs, arg->value, arg->size); 576 } 577 return err; 578 } 579 580 /* Wait until a request is available on the pending list */ 581 static void request_wait(struct fuse_conn *fc) 582 { 583 DECLARE_WAITQUEUE(wait, current); 584 585 add_wait_queue_exclusive(&fc->waitq, &wait); 586 while (fc->sb && list_empty(&fc->pending)) { 587 set_current_state(TASK_INTERRUPTIBLE); 588 if (signal_pending(current)) 589 break; 590 591 spin_unlock(&fuse_lock); 592 schedule(); 593 spin_lock(&fuse_lock); 594 } 595 set_current_state(TASK_RUNNING); 596 remove_wait_queue(&fc->waitq, &wait); 597 } 598 599 /* 600 * Read a single request into the userspace filesystem's buffer. This 601 * function waits until a request is available, then removes it from 602 * the pending list and copies request data to userspace buffer. If 603 * no reply is needed (FORGET) or request has been interrupted or 604 * there was an error during the copying then it's finished by calling 605 * request_end(). Otherwise add it to the processing list, and set 606 * the 'sent' flag. 607 */ 608 static ssize_t fuse_dev_readv(struct file *file, const struct iovec *iov, 609 unsigned long nr_segs, loff_t *off) 610 { 611 int err; 612 struct fuse_conn *fc; 613 struct fuse_req *req; 614 struct fuse_in *in; 615 struct fuse_copy_state cs; 616 unsigned reqsize; 617 618 spin_lock(&fuse_lock); 619 fc = file->private_data; 620 err = -EPERM; 621 if (!fc) 622 goto err_unlock; 623 request_wait(fc); 624 err = -ENODEV; 625 if (!fc->sb) 626 goto err_unlock; 627 err = -ERESTARTSYS; 628 if (list_empty(&fc->pending)) 629 goto err_unlock; 630 631 req = list_entry(fc->pending.next, struct fuse_req, list); 632 list_del_init(&req->list); 633 spin_unlock(&fuse_lock); 634 635 in = &req->in; 636 reqsize = req->in.h.len; 637 fuse_copy_init(&cs, 1, req, iov, nr_segs); 638 err = -EINVAL; 639 if (iov_length(iov, nr_segs) >= reqsize) { 640 err = fuse_copy_one(&cs, &in->h, sizeof(in->h)); 641 if (!err) 642 err = fuse_copy_args(&cs, in->numargs, in->argpages, 643 (struct fuse_arg *) in->args, 0); 644 } 645 fuse_copy_finish(&cs); 646 647 spin_lock(&fuse_lock); 648 req->locked = 0; 649 if (!err && req->interrupted) 650 err = -ENOENT; 651 if (err) { 652 if (!req->interrupted) 653 req->out.h.error = -EIO; 654 request_end(fc, req); 655 return err; 656 } 657 if (!req->isreply) 658 request_end(fc, req); 659 else { 660 req->sent = 1; 661 list_add_tail(&req->list, &fc->processing); 662 spin_unlock(&fuse_lock); 663 } 664 return reqsize; 665 666 err_unlock: 667 spin_unlock(&fuse_lock); 668 return err; 669 } 670 671 static ssize_t fuse_dev_read(struct file *file, char __user *buf, 672 size_t nbytes, loff_t *off) 673 { 674 struct iovec iov; 675 iov.iov_len = nbytes; 676 iov.iov_base = buf; 677 return fuse_dev_readv(file, &iov, 1, off); 678 } 679 680 /* Look up request on processing list by unique ID */ 681 static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique) 682 { 683 struct list_head *entry; 684 685 list_for_each(entry, &fc->processing) { 686 struct fuse_req *req; 687 req = list_entry(entry, struct fuse_req, list); 688 if (req->in.h.unique == unique) 689 return req; 690 } 691 return NULL; 692 } 693 694 /* fget() needs to be done in this context */ 695 static void process_getdir(struct fuse_req *req) 696 { 697 struct fuse_getdir_out_i *arg = req->out.args[0].value; 698 arg->file = fget(arg->fd); 699 } 700 701 static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out, 702 unsigned nbytes) 703 { 704 unsigned reqsize = sizeof(struct fuse_out_header); 705 706 if (out->h.error) 707 return nbytes != reqsize ? -EINVAL : 0; 708 709 reqsize += len_args(out->numargs, out->args); 710 711 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar)) 712 return -EINVAL; 713 else if (reqsize > nbytes) { 714 struct fuse_arg *lastarg = &out->args[out->numargs-1]; 715 unsigned diffsize = reqsize - nbytes; 716 if (diffsize > lastarg->size) 717 return -EINVAL; 718 lastarg->size -= diffsize; 719 } 720 return fuse_copy_args(cs, out->numargs, out->argpages, out->args, 721 out->page_zeroing); 722 } 723 724 /* 725 * Write a single reply to a request. First the header is copied from 726 * the write buffer. The request is then searched on the processing 727 * list by the unique ID found in the header. If found, then remove 728 * it from the list and copy the rest of the buffer to the request. 729 * The request is finished by calling request_end() 730 */ 731 static ssize_t fuse_dev_writev(struct file *file, const struct iovec *iov, 732 unsigned long nr_segs, loff_t *off) 733 { 734 int err; 735 unsigned nbytes = iov_length(iov, nr_segs); 736 struct fuse_req *req; 737 struct fuse_out_header oh; 738 struct fuse_copy_state cs; 739 struct fuse_conn *fc = fuse_get_conn(file); 740 if (!fc) 741 return -ENODEV; 742 743 fuse_copy_init(&cs, 0, NULL, iov, nr_segs); 744 if (nbytes < sizeof(struct fuse_out_header)) 745 return -EINVAL; 746 747 err = fuse_copy_one(&cs, &oh, sizeof(oh)); 748 if (err) 749 goto err_finish; 750 err = -EINVAL; 751 if (!oh.unique || oh.error <= -1000 || oh.error > 0 || 752 oh.len != nbytes) 753 goto err_finish; 754 755 spin_lock(&fuse_lock); 756 req = request_find(fc, oh.unique); 757 err = -EINVAL; 758 if (!req) 759 goto err_unlock; 760 761 list_del_init(&req->list); 762 if (req->interrupted) { 763 request_end(fc, req); 764 fuse_copy_finish(&cs); 765 return -ENOENT; 766 } 767 req->out.h = oh; 768 req->locked = 1; 769 cs.req = req; 770 spin_unlock(&fuse_lock); 771 772 err = copy_out_args(&cs, &req->out, nbytes); 773 fuse_copy_finish(&cs); 774 775 spin_lock(&fuse_lock); 776 req->locked = 0; 777 if (!err) { 778 if (req->interrupted) 779 err = -ENOENT; 780 else if (req->in.h.opcode == FUSE_GETDIR && !oh.error) 781 process_getdir(req); 782 } else if (!req->interrupted) 783 req->out.h.error = -EIO; 784 request_end(fc, req); 785 786 return err ? err : nbytes; 787 788 err_unlock: 789 spin_unlock(&fuse_lock); 790 err_finish: 791 fuse_copy_finish(&cs); 792 return err; 793 } 794 795 static ssize_t fuse_dev_write(struct file *file, const char __user *buf, 796 size_t nbytes, loff_t *off) 797 { 798 struct iovec iov; 799 iov.iov_len = nbytes; 800 iov.iov_base = (char __user *) buf; 801 return fuse_dev_writev(file, &iov, 1, off); 802 } 803 804 static unsigned fuse_dev_poll(struct file *file, poll_table *wait) 805 { 806 struct fuse_conn *fc = fuse_get_conn(file); 807 unsigned mask = POLLOUT | POLLWRNORM; 808 809 if (!fc) 810 return -ENODEV; 811 812 poll_wait(file, &fc->waitq, wait); 813 814 spin_lock(&fuse_lock); 815 if (!list_empty(&fc->pending)) 816 mask |= POLLIN | POLLRDNORM; 817 spin_unlock(&fuse_lock); 818 819 return mask; 820 } 821 822 /* Abort all requests on the given list (pending or processing) */ 823 static void end_requests(struct fuse_conn *fc, struct list_head *head) 824 { 825 while (!list_empty(head)) { 826 struct fuse_req *req; 827 req = list_entry(head->next, struct fuse_req, list); 828 list_del_init(&req->list); 829 req->out.h.error = -ECONNABORTED; 830 request_end(fc, req); 831 spin_lock(&fuse_lock); 832 } 833 } 834 835 static int fuse_dev_release(struct inode *inode, struct file *file) 836 { 837 struct fuse_conn *fc; 838 839 spin_lock(&fuse_lock); 840 fc = file->private_data; 841 if (fc) { 842 fc->file = NULL; 843 end_requests(fc, &fc->pending); 844 end_requests(fc, &fc->processing); 845 fuse_release_conn(fc); 846 } 847 spin_unlock(&fuse_lock); 848 return 0; 849 } 850 851 struct file_operations fuse_dev_operations = { 852 .owner = THIS_MODULE, 853 .llseek = no_llseek, 854 .read = fuse_dev_read, 855 .readv = fuse_dev_readv, 856 .write = fuse_dev_write, 857 .writev = fuse_dev_writev, 858 .poll = fuse_dev_poll, 859 .release = fuse_dev_release, 860 }; 861 862 static struct miscdevice fuse_miscdevice = { 863 .minor = FUSE_MINOR, 864 .name = "fuse", 865 .fops = &fuse_dev_operations, 866 }; 867 868 int __init fuse_dev_init(void) 869 { 870 int err = -ENOMEM; 871 fuse_req_cachep = kmem_cache_create("fuse_request", 872 sizeof(struct fuse_req), 873 0, 0, NULL, NULL); 874 if (!fuse_req_cachep) 875 goto out; 876 877 err = misc_register(&fuse_miscdevice); 878 if (err) 879 goto out_cache_clean; 880 881 return 0; 882 883 out_cache_clean: 884 kmem_cache_destroy(fuse_req_cachep); 885 out: 886 return err; 887 } 888 889 void fuse_dev_cleanup(void) 890 { 891 misc_deregister(&fuse_miscdevice); 892 kmem_cache_destroy(fuse_req_cachep); 893 } 894