1 /* 2 FUSE: Filesystem in Userspace 3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu> 4 5 This program can be distributed under the terms of the GNU GPL. 6 See the file COPYING. 7 */ 8 9 #include "fuse_i.h" 10 11 #include <linux/init.h> 12 #include <linux/module.h> 13 #include <linux/poll.h> 14 #include <linux/uio.h> 15 #include <linux/miscdevice.h> 16 #include <linux/pagemap.h> 17 #include <linux/file.h> 18 #include <linux/slab.h> 19 #include <linux/pipe_fs_i.h> 20 #include <linux/swap.h> 21 #include <linux/splice.h> 22 23 MODULE_ALIAS_MISCDEV(FUSE_MINOR); 24 MODULE_ALIAS("devname:fuse"); 25 26 static struct kmem_cache *fuse_req_cachep; 27 28 static struct fuse_conn *fuse_get_conn(struct file *file) 29 { 30 /* 31 * Lockless access is OK, because file->private data is set 32 * once during mount and is valid until the file is released. 33 */ 34 return file->private_data; 35 } 36 37 static void fuse_request_init(struct fuse_req *req, struct page **pages, 38 struct fuse_page_desc *page_descs, 39 unsigned npages) 40 { 41 memset(req, 0, sizeof(*req)); 42 memset(pages, 0, sizeof(*pages) * npages); 43 memset(page_descs, 0, sizeof(*page_descs) * npages); 44 INIT_LIST_HEAD(&req->list); 45 INIT_LIST_HEAD(&req->intr_entry); 46 init_waitqueue_head(&req->waitq); 47 atomic_set(&req->count, 1); 48 req->pages = pages; 49 req->page_descs = page_descs; 50 req->max_pages = npages; 51 } 52 53 static struct fuse_req *__fuse_request_alloc(unsigned npages, gfp_t flags) 54 { 55 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, flags); 56 if (req) { 57 struct page **pages; 58 struct fuse_page_desc *page_descs; 59 60 if (npages <= FUSE_REQ_INLINE_PAGES) { 61 pages = req->inline_pages; 62 page_descs = req->inline_page_descs; 63 } else { 64 pages = kmalloc(sizeof(struct page *) * npages, flags); 65 page_descs = kmalloc(sizeof(struct fuse_page_desc) * 66 npages, flags); 67 } 68 69 if (!pages || !page_descs) { 70 kfree(pages); 71 kfree(page_descs); 72 kmem_cache_free(fuse_req_cachep, req); 73 return NULL; 74 } 75 76 fuse_request_init(req, pages, page_descs, npages); 77 } 78 return req; 79 } 80 81 struct fuse_req *fuse_request_alloc(unsigned npages) 82 { 83 return __fuse_request_alloc(npages, GFP_KERNEL); 84 } 85 EXPORT_SYMBOL_GPL(fuse_request_alloc); 86 87 struct fuse_req *fuse_request_alloc_nofs(unsigned npages) 88 { 89 return __fuse_request_alloc(npages, GFP_NOFS); 90 } 91 92 void fuse_request_free(struct fuse_req *req) 93 { 94 if (req->pages != req->inline_pages) { 95 kfree(req->pages); 96 kfree(req->page_descs); 97 } 98 kmem_cache_free(fuse_req_cachep, req); 99 } 100 101 static void block_sigs(sigset_t *oldset) 102 { 103 sigset_t mask; 104 105 siginitsetinv(&mask, sigmask(SIGKILL)); 106 sigprocmask(SIG_BLOCK, &mask, oldset); 107 } 108 109 static void restore_sigs(sigset_t *oldset) 110 { 111 sigprocmask(SIG_SETMASK, oldset, NULL); 112 } 113 114 void __fuse_get_request(struct fuse_req *req) 115 { 116 atomic_inc(&req->count); 117 } 118 119 /* Must be called with > 1 refcount */ 120 static void __fuse_put_request(struct fuse_req *req) 121 { 122 BUG_ON(atomic_read(&req->count) < 2); 123 atomic_dec(&req->count); 124 } 125 126 static void fuse_req_init_context(struct fuse_req *req) 127 { 128 req->in.h.uid = from_kuid_munged(&init_user_ns, current_fsuid()); 129 req->in.h.gid = from_kgid_munged(&init_user_ns, current_fsgid()); 130 req->in.h.pid = current->pid; 131 } 132 133 void fuse_set_initialized(struct fuse_conn *fc) 134 { 135 /* Make sure stores before this are seen on another CPU */ 136 smp_wmb(); 137 fc->initialized = 1; 138 } 139 140 static bool fuse_block_alloc(struct fuse_conn *fc, bool for_background) 141 { 142 return !fc->initialized || (for_background && fc->blocked); 143 } 144 145 static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages, 146 bool for_background) 147 { 148 struct fuse_req *req; 149 int err; 150 atomic_inc(&fc->num_waiting); 151 152 if (fuse_block_alloc(fc, for_background)) { 153 sigset_t oldset; 154 int intr; 155 156 block_sigs(&oldset); 157 intr = wait_event_interruptible_exclusive(fc->blocked_waitq, 158 !fuse_block_alloc(fc, for_background)); 159 restore_sigs(&oldset); 160 err = -EINTR; 161 if (intr) 162 goto out; 163 } 164 /* Matches smp_wmb() in fuse_set_initialized() */ 165 smp_rmb(); 166 167 err = -ENOTCONN; 168 if (!fc->connected) 169 goto out; 170 171 req = fuse_request_alloc(npages); 172 err = -ENOMEM; 173 if (!req) { 174 if (for_background) 175 wake_up(&fc->blocked_waitq); 176 goto out; 177 } 178 179 fuse_req_init_context(req); 180 req->waiting = 1; 181 req->background = for_background; 182 return req; 183 184 out: 185 atomic_dec(&fc->num_waiting); 186 return ERR_PTR(err); 187 } 188 189 struct fuse_req *fuse_get_req(struct fuse_conn *fc, unsigned npages) 190 { 191 return __fuse_get_req(fc, npages, false); 192 } 193 EXPORT_SYMBOL_GPL(fuse_get_req); 194 195 struct fuse_req *fuse_get_req_for_background(struct fuse_conn *fc, 196 unsigned npages) 197 { 198 return __fuse_get_req(fc, npages, true); 199 } 200 EXPORT_SYMBOL_GPL(fuse_get_req_for_background); 201 202 /* 203 * Return request in fuse_file->reserved_req. However that may 204 * currently be in use. If that is the case, wait for it to become 205 * available. 206 */ 207 static struct fuse_req *get_reserved_req(struct fuse_conn *fc, 208 struct file *file) 209 { 210 struct fuse_req *req = NULL; 211 struct fuse_file *ff = file->private_data; 212 213 do { 214 wait_event(fc->reserved_req_waitq, ff->reserved_req); 215 spin_lock(&fc->lock); 216 if (ff->reserved_req) { 217 req = ff->reserved_req; 218 ff->reserved_req = NULL; 219 req->stolen_file = get_file(file); 220 } 221 spin_unlock(&fc->lock); 222 } while (!req); 223 224 return req; 225 } 226 227 /* 228 * Put stolen request back into fuse_file->reserved_req 229 */ 230 static void put_reserved_req(struct fuse_conn *fc, struct fuse_req *req) 231 { 232 struct file *file = req->stolen_file; 233 struct fuse_file *ff = file->private_data; 234 235 spin_lock(&fc->lock); 236 fuse_request_init(req, req->pages, req->page_descs, req->max_pages); 237 BUG_ON(ff->reserved_req); 238 ff->reserved_req = req; 239 wake_up_all(&fc->reserved_req_waitq); 240 spin_unlock(&fc->lock); 241 fput(file); 242 } 243 244 /* 245 * Gets a requests for a file operation, always succeeds 246 * 247 * This is used for sending the FLUSH request, which must get to 248 * userspace, due to POSIX locks which may need to be unlocked. 249 * 250 * If allocation fails due to OOM, use the reserved request in 251 * fuse_file. 252 * 253 * This is very unlikely to deadlock accidentally, since the 254 * filesystem should not have it's own file open. If deadlock is 255 * intentional, it can still be broken by "aborting" the filesystem. 256 */ 257 struct fuse_req *fuse_get_req_nofail_nopages(struct fuse_conn *fc, 258 struct file *file) 259 { 260 struct fuse_req *req; 261 262 atomic_inc(&fc->num_waiting); 263 wait_event(fc->blocked_waitq, fc->initialized); 264 /* Matches smp_wmb() in fuse_set_initialized() */ 265 smp_rmb(); 266 req = fuse_request_alloc(0); 267 if (!req) 268 req = get_reserved_req(fc, file); 269 270 fuse_req_init_context(req); 271 req->waiting = 1; 272 req->background = 0; 273 return req; 274 } 275 276 void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req) 277 { 278 if (atomic_dec_and_test(&req->count)) { 279 if (unlikely(req->background)) { 280 /* 281 * We get here in the unlikely case that a background 282 * request was allocated but not sent 283 */ 284 spin_lock(&fc->lock); 285 if (!fc->blocked) 286 wake_up(&fc->blocked_waitq); 287 spin_unlock(&fc->lock); 288 } 289 290 if (req->waiting) 291 atomic_dec(&fc->num_waiting); 292 293 if (req->stolen_file) 294 put_reserved_req(fc, req); 295 else 296 fuse_request_free(req); 297 } 298 } 299 EXPORT_SYMBOL_GPL(fuse_put_request); 300 301 static unsigned len_args(unsigned numargs, struct fuse_arg *args) 302 { 303 unsigned nbytes = 0; 304 unsigned i; 305 306 for (i = 0; i < numargs; i++) 307 nbytes += args[i].size; 308 309 return nbytes; 310 } 311 312 static u64 fuse_get_unique(struct fuse_conn *fc) 313 { 314 fc->reqctr++; 315 /* zero is special */ 316 if (fc->reqctr == 0) 317 fc->reqctr = 1; 318 319 return fc->reqctr; 320 } 321 322 static void queue_request(struct fuse_conn *fc, struct fuse_req *req) 323 { 324 req->in.h.len = sizeof(struct fuse_in_header) + 325 len_args(req->in.numargs, (struct fuse_arg *) req->in.args); 326 list_add_tail(&req->list, &fc->pending); 327 req->state = FUSE_REQ_PENDING; 328 if (!req->waiting) { 329 req->waiting = 1; 330 atomic_inc(&fc->num_waiting); 331 } 332 wake_up(&fc->waitq); 333 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 334 } 335 336 void fuse_queue_forget(struct fuse_conn *fc, struct fuse_forget_link *forget, 337 u64 nodeid, u64 nlookup) 338 { 339 forget->forget_one.nodeid = nodeid; 340 forget->forget_one.nlookup = nlookup; 341 342 spin_lock(&fc->lock); 343 if (fc->connected) { 344 fc->forget_list_tail->next = forget; 345 fc->forget_list_tail = forget; 346 wake_up(&fc->waitq); 347 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 348 } else { 349 kfree(forget); 350 } 351 spin_unlock(&fc->lock); 352 } 353 354 static void flush_bg_queue(struct fuse_conn *fc) 355 { 356 while (fc->active_background < fc->max_background && 357 !list_empty(&fc->bg_queue)) { 358 struct fuse_req *req; 359 360 req = list_entry(fc->bg_queue.next, struct fuse_req, list); 361 list_del(&req->list); 362 fc->active_background++; 363 req->in.h.unique = fuse_get_unique(fc); 364 queue_request(fc, req); 365 } 366 } 367 368 /* 369 * This function is called when a request is finished. Either a reply 370 * has arrived or it was aborted (and not yet sent) or some error 371 * occurred during communication with userspace, or the device file 372 * was closed. The requester thread is woken up (if still waiting), 373 * the 'end' callback is called if given, else the reference to the 374 * request is released 375 * 376 * Called with fc->lock, unlocks it 377 */ 378 static void request_end(struct fuse_conn *fc, struct fuse_req *req) 379 __releases(fc->lock) 380 { 381 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end; 382 req->end = NULL; 383 list_del(&req->list); 384 list_del(&req->intr_entry); 385 req->state = FUSE_REQ_FINISHED; 386 if (req->background) { 387 req->background = 0; 388 389 if (fc->num_background == fc->max_background) 390 fc->blocked = 0; 391 392 /* Wake up next waiter, if any */ 393 if (!fc->blocked && waitqueue_active(&fc->blocked_waitq)) 394 wake_up(&fc->blocked_waitq); 395 396 if (fc->num_background == fc->congestion_threshold && 397 fc->connected && fc->bdi_initialized) { 398 clear_bdi_congested(&fc->bdi, BLK_RW_SYNC); 399 clear_bdi_congested(&fc->bdi, BLK_RW_ASYNC); 400 } 401 fc->num_background--; 402 fc->active_background--; 403 flush_bg_queue(fc); 404 } 405 spin_unlock(&fc->lock); 406 wake_up(&req->waitq); 407 if (end) 408 end(fc, req); 409 fuse_put_request(fc, req); 410 } 411 412 static void wait_answer_interruptible(struct fuse_conn *fc, 413 struct fuse_req *req) 414 __releases(fc->lock) 415 __acquires(fc->lock) 416 { 417 if (signal_pending(current)) 418 return; 419 420 spin_unlock(&fc->lock); 421 wait_event_interruptible(req->waitq, req->state == FUSE_REQ_FINISHED); 422 spin_lock(&fc->lock); 423 } 424 425 static void queue_interrupt(struct fuse_conn *fc, struct fuse_req *req) 426 { 427 list_add_tail(&req->intr_entry, &fc->interrupts); 428 wake_up(&fc->waitq); 429 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 430 } 431 432 static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req) 433 __releases(fc->lock) 434 __acquires(fc->lock) 435 { 436 if (!fc->no_interrupt) { 437 /* Any signal may interrupt this */ 438 wait_answer_interruptible(fc, req); 439 440 if (req->aborted) 441 goto aborted; 442 if (req->state == FUSE_REQ_FINISHED) 443 return; 444 445 req->interrupted = 1; 446 if (req->state == FUSE_REQ_SENT) 447 queue_interrupt(fc, req); 448 } 449 450 if (!req->force) { 451 sigset_t oldset; 452 453 /* Only fatal signals may interrupt this */ 454 block_sigs(&oldset); 455 wait_answer_interruptible(fc, req); 456 restore_sigs(&oldset); 457 458 if (req->aborted) 459 goto aborted; 460 if (req->state == FUSE_REQ_FINISHED) 461 return; 462 463 /* Request is not yet in userspace, bail out */ 464 if (req->state == FUSE_REQ_PENDING) { 465 list_del(&req->list); 466 __fuse_put_request(req); 467 req->out.h.error = -EINTR; 468 return; 469 } 470 } 471 472 /* 473 * Either request is already in userspace, or it was forced. 474 * Wait it out. 475 */ 476 spin_unlock(&fc->lock); 477 wait_event(req->waitq, req->state == FUSE_REQ_FINISHED); 478 spin_lock(&fc->lock); 479 480 if (!req->aborted) 481 return; 482 483 aborted: 484 BUG_ON(req->state != FUSE_REQ_FINISHED); 485 if (req->locked) { 486 /* This is uninterruptible sleep, because data is 487 being copied to/from the buffers of req. During 488 locked state, there mustn't be any filesystem 489 operation (e.g. page fault), since that could lead 490 to deadlock */ 491 spin_unlock(&fc->lock); 492 wait_event(req->waitq, !req->locked); 493 spin_lock(&fc->lock); 494 } 495 } 496 497 static void __fuse_request_send(struct fuse_conn *fc, struct fuse_req *req) 498 { 499 BUG_ON(req->background); 500 spin_lock(&fc->lock); 501 if (!fc->connected) 502 req->out.h.error = -ENOTCONN; 503 else if (fc->conn_error) 504 req->out.h.error = -ECONNREFUSED; 505 else { 506 req->in.h.unique = fuse_get_unique(fc); 507 queue_request(fc, req); 508 /* acquire extra reference, since request is still needed 509 after request_end() */ 510 __fuse_get_request(req); 511 512 request_wait_answer(fc, req); 513 } 514 spin_unlock(&fc->lock); 515 } 516 517 void fuse_request_send(struct fuse_conn *fc, struct fuse_req *req) 518 { 519 req->isreply = 1; 520 __fuse_request_send(fc, req); 521 } 522 EXPORT_SYMBOL_GPL(fuse_request_send); 523 524 static void fuse_adjust_compat(struct fuse_conn *fc, struct fuse_args *args) 525 { 526 if (fc->minor < 4 && args->in.h.opcode == FUSE_STATFS) 527 args->out.args[0].size = FUSE_COMPAT_STATFS_SIZE; 528 529 if (fc->minor < 9) { 530 switch (args->in.h.opcode) { 531 case FUSE_LOOKUP: 532 case FUSE_CREATE: 533 case FUSE_MKNOD: 534 case FUSE_MKDIR: 535 case FUSE_SYMLINK: 536 case FUSE_LINK: 537 args->out.args[0].size = FUSE_COMPAT_ENTRY_OUT_SIZE; 538 break; 539 case FUSE_GETATTR: 540 case FUSE_SETATTR: 541 args->out.args[0].size = FUSE_COMPAT_ATTR_OUT_SIZE; 542 break; 543 } 544 } 545 if (fc->minor < 12) { 546 switch (args->in.h.opcode) { 547 case FUSE_CREATE: 548 args->in.args[0].size = sizeof(struct fuse_open_in); 549 break; 550 case FUSE_MKNOD: 551 args->in.args[0].size = FUSE_COMPAT_MKNOD_IN_SIZE; 552 break; 553 } 554 } 555 } 556 557 ssize_t fuse_simple_request(struct fuse_conn *fc, struct fuse_args *args) 558 { 559 struct fuse_req *req; 560 ssize_t ret; 561 562 req = fuse_get_req(fc, 0); 563 if (IS_ERR(req)) 564 return PTR_ERR(req); 565 566 /* Needs to be done after fuse_get_req() so that fc->minor is valid */ 567 fuse_adjust_compat(fc, args); 568 569 req->in.h.opcode = args->in.h.opcode; 570 req->in.h.nodeid = args->in.h.nodeid; 571 req->in.numargs = args->in.numargs; 572 memcpy(req->in.args, args->in.args, 573 args->in.numargs * sizeof(struct fuse_in_arg)); 574 req->out.argvar = args->out.argvar; 575 req->out.numargs = args->out.numargs; 576 memcpy(req->out.args, args->out.args, 577 args->out.numargs * sizeof(struct fuse_arg)); 578 fuse_request_send(fc, req); 579 ret = req->out.h.error; 580 if (!ret && args->out.argvar) { 581 BUG_ON(args->out.numargs != 1); 582 ret = req->out.args[0].size; 583 } 584 fuse_put_request(fc, req); 585 586 return ret; 587 } 588 589 static void fuse_request_send_nowait_locked(struct fuse_conn *fc, 590 struct fuse_req *req) 591 { 592 BUG_ON(!req->background); 593 fc->num_background++; 594 if (fc->num_background == fc->max_background) 595 fc->blocked = 1; 596 if (fc->num_background == fc->congestion_threshold && 597 fc->bdi_initialized) { 598 set_bdi_congested(&fc->bdi, BLK_RW_SYNC); 599 set_bdi_congested(&fc->bdi, BLK_RW_ASYNC); 600 } 601 list_add_tail(&req->list, &fc->bg_queue); 602 flush_bg_queue(fc); 603 } 604 605 static void fuse_request_send_nowait(struct fuse_conn *fc, struct fuse_req *req) 606 { 607 spin_lock(&fc->lock); 608 if (fc->connected) { 609 fuse_request_send_nowait_locked(fc, req); 610 spin_unlock(&fc->lock); 611 } else { 612 req->out.h.error = -ENOTCONN; 613 request_end(fc, req); 614 } 615 } 616 617 void fuse_request_send_background(struct fuse_conn *fc, struct fuse_req *req) 618 { 619 req->isreply = 1; 620 fuse_request_send_nowait(fc, req); 621 } 622 EXPORT_SYMBOL_GPL(fuse_request_send_background); 623 624 static int fuse_request_send_notify_reply(struct fuse_conn *fc, 625 struct fuse_req *req, u64 unique) 626 { 627 int err = -ENODEV; 628 629 req->isreply = 0; 630 req->in.h.unique = unique; 631 spin_lock(&fc->lock); 632 if (fc->connected) { 633 queue_request(fc, req); 634 err = 0; 635 } 636 spin_unlock(&fc->lock); 637 638 return err; 639 } 640 641 /* 642 * Called under fc->lock 643 * 644 * fc->connected must have been checked previously 645 */ 646 void fuse_request_send_background_locked(struct fuse_conn *fc, 647 struct fuse_req *req) 648 { 649 req->isreply = 1; 650 fuse_request_send_nowait_locked(fc, req); 651 } 652 653 void fuse_force_forget(struct file *file, u64 nodeid) 654 { 655 struct inode *inode = file_inode(file); 656 struct fuse_conn *fc = get_fuse_conn(inode); 657 struct fuse_req *req; 658 struct fuse_forget_in inarg; 659 660 memset(&inarg, 0, sizeof(inarg)); 661 inarg.nlookup = 1; 662 req = fuse_get_req_nofail_nopages(fc, file); 663 req->in.h.opcode = FUSE_FORGET; 664 req->in.h.nodeid = nodeid; 665 req->in.numargs = 1; 666 req->in.args[0].size = sizeof(inarg); 667 req->in.args[0].value = &inarg; 668 req->isreply = 0; 669 __fuse_request_send(fc, req); 670 /* ignore errors */ 671 fuse_put_request(fc, req); 672 } 673 674 /* 675 * Lock the request. Up to the next unlock_request() there mustn't be 676 * anything that could cause a page-fault. If the request was already 677 * aborted bail out. 678 */ 679 static int lock_request(struct fuse_conn *fc, struct fuse_req *req) 680 { 681 int err = 0; 682 if (req) { 683 spin_lock(&fc->lock); 684 if (req->aborted) 685 err = -ENOENT; 686 else 687 req->locked = 1; 688 spin_unlock(&fc->lock); 689 } 690 return err; 691 } 692 693 /* 694 * Unlock request. If it was aborted during being locked, the 695 * requester thread is currently waiting for it to be unlocked, so 696 * wake it up. 697 */ 698 static void unlock_request(struct fuse_conn *fc, struct fuse_req *req) 699 { 700 if (req) { 701 spin_lock(&fc->lock); 702 req->locked = 0; 703 if (req->aborted) 704 wake_up(&req->waitq); 705 spin_unlock(&fc->lock); 706 } 707 } 708 709 struct fuse_copy_state { 710 struct fuse_conn *fc; 711 int write; 712 struct fuse_req *req; 713 struct iov_iter *iter; 714 struct pipe_buffer *pipebufs; 715 struct pipe_buffer *currbuf; 716 struct pipe_inode_info *pipe; 717 unsigned long nr_segs; 718 struct page *pg; 719 unsigned len; 720 unsigned offset; 721 unsigned move_pages:1; 722 }; 723 724 static void fuse_copy_init(struct fuse_copy_state *cs, 725 struct fuse_conn *fc, 726 int write, 727 struct iov_iter *iter) 728 { 729 memset(cs, 0, sizeof(*cs)); 730 cs->fc = fc; 731 cs->write = write; 732 cs->iter = iter; 733 } 734 735 /* Unmap and put previous page of userspace buffer */ 736 static void fuse_copy_finish(struct fuse_copy_state *cs) 737 { 738 if (cs->currbuf) { 739 struct pipe_buffer *buf = cs->currbuf; 740 741 if (cs->write) 742 buf->len = PAGE_SIZE - cs->len; 743 cs->currbuf = NULL; 744 } else if (cs->pg) { 745 if (cs->write) { 746 flush_dcache_page(cs->pg); 747 set_page_dirty_lock(cs->pg); 748 } 749 put_page(cs->pg); 750 } 751 cs->pg = NULL; 752 } 753 754 /* 755 * Get another pagefull of userspace buffer, and map it to kernel 756 * address space, and lock request 757 */ 758 static int fuse_copy_fill(struct fuse_copy_state *cs) 759 { 760 struct page *page; 761 int err; 762 763 unlock_request(cs->fc, cs->req); 764 fuse_copy_finish(cs); 765 if (cs->pipebufs) { 766 struct pipe_buffer *buf = cs->pipebufs; 767 768 if (!cs->write) { 769 err = buf->ops->confirm(cs->pipe, buf); 770 if (err) 771 return err; 772 773 BUG_ON(!cs->nr_segs); 774 cs->currbuf = buf; 775 cs->pg = buf->page; 776 cs->offset = buf->offset; 777 cs->len = buf->len; 778 cs->pipebufs++; 779 cs->nr_segs--; 780 } else { 781 if (cs->nr_segs == cs->pipe->buffers) 782 return -EIO; 783 784 page = alloc_page(GFP_HIGHUSER); 785 if (!page) 786 return -ENOMEM; 787 788 buf->page = page; 789 buf->offset = 0; 790 buf->len = 0; 791 792 cs->currbuf = buf; 793 cs->pg = page; 794 cs->offset = 0; 795 cs->len = PAGE_SIZE; 796 cs->pipebufs++; 797 cs->nr_segs++; 798 } 799 } else { 800 size_t off; 801 err = iov_iter_get_pages(cs->iter, &page, PAGE_SIZE, 1, &off); 802 if (err < 0) 803 return err; 804 BUG_ON(!err); 805 cs->len = err; 806 cs->offset = off; 807 cs->pg = page; 808 cs->offset = off; 809 iov_iter_advance(cs->iter, err); 810 } 811 812 return lock_request(cs->fc, cs->req); 813 } 814 815 /* Do as much copy to/from userspace buffer as we can */ 816 static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size) 817 { 818 unsigned ncpy = min(*size, cs->len); 819 if (val) { 820 void *pgaddr = kmap_atomic(cs->pg); 821 void *buf = pgaddr + cs->offset; 822 823 if (cs->write) 824 memcpy(buf, *val, ncpy); 825 else 826 memcpy(*val, buf, ncpy); 827 828 kunmap_atomic(pgaddr); 829 *val += ncpy; 830 } 831 *size -= ncpy; 832 cs->len -= ncpy; 833 cs->offset += ncpy; 834 return ncpy; 835 } 836 837 static int fuse_check_page(struct page *page) 838 { 839 if (page_mapcount(page) || 840 page->mapping != NULL || 841 page_count(page) != 1 || 842 (page->flags & PAGE_FLAGS_CHECK_AT_PREP & 843 ~(1 << PG_locked | 844 1 << PG_referenced | 845 1 << PG_uptodate | 846 1 << PG_lru | 847 1 << PG_active | 848 1 << PG_reclaim))) { 849 printk(KERN_WARNING "fuse: trying to steal weird page\n"); 850 printk(KERN_WARNING " page=%p index=%li flags=%08lx, count=%i, mapcount=%i, mapping=%p\n", page, page->index, page->flags, page_count(page), page_mapcount(page), page->mapping); 851 return 1; 852 } 853 return 0; 854 } 855 856 static int fuse_try_move_page(struct fuse_copy_state *cs, struct page **pagep) 857 { 858 int err; 859 struct page *oldpage = *pagep; 860 struct page *newpage; 861 struct pipe_buffer *buf = cs->pipebufs; 862 863 unlock_request(cs->fc, cs->req); 864 fuse_copy_finish(cs); 865 866 err = buf->ops->confirm(cs->pipe, buf); 867 if (err) 868 return err; 869 870 BUG_ON(!cs->nr_segs); 871 cs->currbuf = buf; 872 cs->len = buf->len; 873 cs->pipebufs++; 874 cs->nr_segs--; 875 876 if (cs->len != PAGE_SIZE) 877 goto out_fallback; 878 879 if (buf->ops->steal(cs->pipe, buf) != 0) 880 goto out_fallback; 881 882 newpage = buf->page; 883 884 if (!PageUptodate(newpage)) 885 SetPageUptodate(newpage); 886 887 ClearPageMappedToDisk(newpage); 888 889 if (fuse_check_page(newpage) != 0) 890 goto out_fallback_unlock; 891 892 /* 893 * This is a new and locked page, it shouldn't be mapped or 894 * have any special flags on it 895 */ 896 if (WARN_ON(page_mapped(oldpage))) 897 goto out_fallback_unlock; 898 if (WARN_ON(page_has_private(oldpage))) 899 goto out_fallback_unlock; 900 if (WARN_ON(PageDirty(oldpage) || PageWriteback(oldpage))) 901 goto out_fallback_unlock; 902 if (WARN_ON(PageMlocked(oldpage))) 903 goto out_fallback_unlock; 904 905 err = replace_page_cache_page(oldpage, newpage, GFP_KERNEL); 906 if (err) { 907 unlock_page(newpage); 908 return err; 909 } 910 911 page_cache_get(newpage); 912 913 if (!(buf->flags & PIPE_BUF_FLAG_LRU)) 914 lru_cache_add_file(newpage); 915 916 err = 0; 917 spin_lock(&cs->fc->lock); 918 if (cs->req->aborted) 919 err = -ENOENT; 920 else 921 *pagep = newpage; 922 spin_unlock(&cs->fc->lock); 923 924 if (err) { 925 unlock_page(newpage); 926 page_cache_release(newpage); 927 return err; 928 } 929 930 unlock_page(oldpage); 931 page_cache_release(oldpage); 932 cs->len = 0; 933 934 return 0; 935 936 out_fallback_unlock: 937 unlock_page(newpage); 938 out_fallback: 939 cs->pg = buf->page; 940 cs->offset = buf->offset; 941 942 err = lock_request(cs->fc, cs->req); 943 if (err) 944 return err; 945 946 return 1; 947 } 948 949 static int fuse_ref_page(struct fuse_copy_state *cs, struct page *page, 950 unsigned offset, unsigned count) 951 { 952 struct pipe_buffer *buf; 953 954 if (cs->nr_segs == cs->pipe->buffers) 955 return -EIO; 956 957 unlock_request(cs->fc, cs->req); 958 fuse_copy_finish(cs); 959 960 buf = cs->pipebufs; 961 page_cache_get(page); 962 buf->page = page; 963 buf->offset = offset; 964 buf->len = count; 965 966 cs->pipebufs++; 967 cs->nr_segs++; 968 cs->len = 0; 969 970 return 0; 971 } 972 973 /* 974 * Copy a page in the request to/from the userspace buffer. Must be 975 * done atomically 976 */ 977 static int fuse_copy_page(struct fuse_copy_state *cs, struct page **pagep, 978 unsigned offset, unsigned count, int zeroing) 979 { 980 int err; 981 struct page *page = *pagep; 982 983 if (page && zeroing && count < PAGE_SIZE) 984 clear_highpage(page); 985 986 while (count) { 987 if (cs->write && cs->pipebufs && page) { 988 return fuse_ref_page(cs, page, offset, count); 989 } else if (!cs->len) { 990 if (cs->move_pages && page && 991 offset == 0 && count == PAGE_SIZE) { 992 err = fuse_try_move_page(cs, pagep); 993 if (err <= 0) 994 return err; 995 } else { 996 err = fuse_copy_fill(cs); 997 if (err) 998 return err; 999 } 1000 } 1001 if (page) { 1002 void *mapaddr = kmap_atomic(page); 1003 void *buf = mapaddr + offset; 1004 offset += fuse_copy_do(cs, &buf, &count); 1005 kunmap_atomic(mapaddr); 1006 } else 1007 offset += fuse_copy_do(cs, NULL, &count); 1008 } 1009 if (page && !cs->write) 1010 flush_dcache_page(page); 1011 return 0; 1012 } 1013 1014 /* Copy pages in the request to/from userspace buffer */ 1015 static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes, 1016 int zeroing) 1017 { 1018 unsigned i; 1019 struct fuse_req *req = cs->req; 1020 1021 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) { 1022 int err; 1023 unsigned offset = req->page_descs[i].offset; 1024 unsigned count = min(nbytes, req->page_descs[i].length); 1025 1026 err = fuse_copy_page(cs, &req->pages[i], offset, count, 1027 zeroing); 1028 if (err) 1029 return err; 1030 1031 nbytes -= count; 1032 } 1033 return 0; 1034 } 1035 1036 /* Copy a single argument in the request to/from userspace buffer */ 1037 static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size) 1038 { 1039 while (size) { 1040 if (!cs->len) { 1041 int err = fuse_copy_fill(cs); 1042 if (err) 1043 return err; 1044 } 1045 fuse_copy_do(cs, &val, &size); 1046 } 1047 return 0; 1048 } 1049 1050 /* Copy request arguments to/from userspace buffer */ 1051 static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs, 1052 unsigned argpages, struct fuse_arg *args, 1053 int zeroing) 1054 { 1055 int err = 0; 1056 unsigned i; 1057 1058 for (i = 0; !err && i < numargs; i++) { 1059 struct fuse_arg *arg = &args[i]; 1060 if (i == numargs - 1 && argpages) 1061 err = fuse_copy_pages(cs, arg->size, zeroing); 1062 else 1063 err = fuse_copy_one(cs, arg->value, arg->size); 1064 } 1065 return err; 1066 } 1067 1068 static int forget_pending(struct fuse_conn *fc) 1069 { 1070 return fc->forget_list_head.next != NULL; 1071 } 1072 1073 static int request_pending(struct fuse_conn *fc) 1074 { 1075 return !list_empty(&fc->pending) || !list_empty(&fc->interrupts) || 1076 forget_pending(fc); 1077 } 1078 1079 /* Wait until a request is available on the pending list */ 1080 static void request_wait(struct fuse_conn *fc) 1081 __releases(fc->lock) 1082 __acquires(fc->lock) 1083 { 1084 DECLARE_WAITQUEUE(wait, current); 1085 1086 add_wait_queue_exclusive(&fc->waitq, &wait); 1087 while (fc->connected && !request_pending(fc)) { 1088 set_current_state(TASK_INTERRUPTIBLE); 1089 if (signal_pending(current)) 1090 break; 1091 1092 spin_unlock(&fc->lock); 1093 schedule(); 1094 spin_lock(&fc->lock); 1095 } 1096 set_current_state(TASK_RUNNING); 1097 remove_wait_queue(&fc->waitq, &wait); 1098 } 1099 1100 /* 1101 * Transfer an interrupt request to userspace 1102 * 1103 * Unlike other requests this is assembled on demand, without a need 1104 * to allocate a separate fuse_req structure. 1105 * 1106 * Called with fc->lock held, releases it 1107 */ 1108 static int fuse_read_interrupt(struct fuse_conn *fc, struct fuse_copy_state *cs, 1109 size_t nbytes, struct fuse_req *req) 1110 __releases(fc->lock) 1111 { 1112 struct fuse_in_header ih; 1113 struct fuse_interrupt_in arg; 1114 unsigned reqsize = sizeof(ih) + sizeof(arg); 1115 int err; 1116 1117 list_del_init(&req->intr_entry); 1118 req->intr_unique = fuse_get_unique(fc); 1119 memset(&ih, 0, sizeof(ih)); 1120 memset(&arg, 0, sizeof(arg)); 1121 ih.len = reqsize; 1122 ih.opcode = FUSE_INTERRUPT; 1123 ih.unique = req->intr_unique; 1124 arg.unique = req->in.h.unique; 1125 1126 spin_unlock(&fc->lock); 1127 if (nbytes < reqsize) 1128 return -EINVAL; 1129 1130 err = fuse_copy_one(cs, &ih, sizeof(ih)); 1131 if (!err) 1132 err = fuse_copy_one(cs, &arg, sizeof(arg)); 1133 fuse_copy_finish(cs); 1134 1135 return err ? err : reqsize; 1136 } 1137 1138 static struct fuse_forget_link *dequeue_forget(struct fuse_conn *fc, 1139 unsigned max, 1140 unsigned *countp) 1141 { 1142 struct fuse_forget_link *head = fc->forget_list_head.next; 1143 struct fuse_forget_link **newhead = &head; 1144 unsigned count; 1145 1146 for (count = 0; *newhead != NULL && count < max; count++) 1147 newhead = &(*newhead)->next; 1148 1149 fc->forget_list_head.next = *newhead; 1150 *newhead = NULL; 1151 if (fc->forget_list_head.next == NULL) 1152 fc->forget_list_tail = &fc->forget_list_head; 1153 1154 if (countp != NULL) 1155 *countp = count; 1156 1157 return head; 1158 } 1159 1160 static int fuse_read_single_forget(struct fuse_conn *fc, 1161 struct fuse_copy_state *cs, 1162 size_t nbytes) 1163 __releases(fc->lock) 1164 { 1165 int err; 1166 struct fuse_forget_link *forget = dequeue_forget(fc, 1, NULL); 1167 struct fuse_forget_in arg = { 1168 .nlookup = forget->forget_one.nlookup, 1169 }; 1170 struct fuse_in_header ih = { 1171 .opcode = FUSE_FORGET, 1172 .nodeid = forget->forget_one.nodeid, 1173 .unique = fuse_get_unique(fc), 1174 .len = sizeof(ih) + sizeof(arg), 1175 }; 1176 1177 spin_unlock(&fc->lock); 1178 kfree(forget); 1179 if (nbytes < ih.len) 1180 return -EINVAL; 1181 1182 err = fuse_copy_one(cs, &ih, sizeof(ih)); 1183 if (!err) 1184 err = fuse_copy_one(cs, &arg, sizeof(arg)); 1185 fuse_copy_finish(cs); 1186 1187 if (err) 1188 return err; 1189 1190 return ih.len; 1191 } 1192 1193 static int fuse_read_batch_forget(struct fuse_conn *fc, 1194 struct fuse_copy_state *cs, size_t nbytes) 1195 __releases(fc->lock) 1196 { 1197 int err; 1198 unsigned max_forgets; 1199 unsigned count; 1200 struct fuse_forget_link *head; 1201 struct fuse_batch_forget_in arg = { .count = 0 }; 1202 struct fuse_in_header ih = { 1203 .opcode = FUSE_BATCH_FORGET, 1204 .unique = fuse_get_unique(fc), 1205 .len = sizeof(ih) + sizeof(arg), 1206 }; 1207 1208 if (nbytes < ih.len) { 1209 spin_unlock(&fc->lock); 1210 return -EINVAL; 1211 } 1212 1213 max_forgets = (nbytes - ih.len) / sizeof(struct fuse_forget_one); 1214 head = dequeue_forget(fc, max_forgets, &count); 1215 spin_unlock(&fc->lock); 1216 1217 arg.count = count; 1218 ih.len += count * sizeof(struct fuse_forget_one); 1219 err = fuse_copy_one(cs, &ih, sizeof(ih)); 1220 if (!err) 1221 err = fuse_copy_one(cs, &arg, sizeof(arg)); 1222 1223 while (head) { 1224 struct fuse_forget_link *forget = head; 1225 1226 if (!err) { 1227 err = fuse_copy_one(cs, &forget->forget_one, 1228 sizeof(forget->forget_one)); 1229 } 1230 head = forget->next; 1231 kfree(forget); 1232 } 1233 1234 fuse_copy_finish(cs); 1235 1236 if (err) 1237 return err; 1238 1239 return ih.len; 1240 } 1241 1242 static int fuse_read_forget(struct fuse_conn *fc, struct fuse_copy_state *cs, 1243 size_t nbytes) 1244 __releases(fc->lock) 1245 { 1246 if (fc->minor < 16 || fc->forget_list_head.next->next == NULL) 1247 return fuse_read_single_forget(fc, cs, nbytes); 1248 else 1249 return fuse_read_batch_forget(fc, cs, nbytes); 1250 } 1251 1252 /* 1253 * Read a single request into the userspace filesystem's buffer. This 1254 * function waits until a request is available, then removes it from 1255 * the pending list and copies request data to userspace buffer. If 1256 * no reply is needed (FORGET) or request has been aborted or there 1257 * was an error during the copying then it's finished by calling 1258 * request_end(). Otherwise add it to the processing list, and set 1259 * the 'sent' flag. 1260 */ 1261 static ssize_t fuse_dev_do_read(struct fuse_conn *fc, struct file *file, 1262 struct fuse_copy_state *cs, size_t nbytes) 1263 { 1264 int err; 1265 struct fuse_req *req; 1266 struct fuse_in *in; 1267 unsigned reqsize; 1268 1269 restart: 1270 spin_lock(&fc->lock); 1271 err = -EAGAIN; 1272 if ((file->f_flags & O_NONBLOCK) && fc->connected && 1273 !request_pending(fc)) 1274 goto err_unlock; 1275 1276 request_wait(fc); 1277 err = -ENODEV; 1278 if (!fc->connected) 1279 goto err_unlock; 1280 err = -ERESTARTSYS; 1281 if (!request_pending(fc)) 1282 goto err_unlock; 1283 1284 if (!list_empty(&fc->interrupts)) { 1285 req = list_entry(fc->interrupts.next, struct fuse_req, 1286 intr_entry); 1287 return fuse_read_interrupt(fc, cs, nbytes, req); 1288 } 1289 1290 if (forget_pending(fc)) { 1291 if (list_empty(&fc->pending) || fc->forget_batch-- > 0) 1292 return fuse_read_forget(fc, cs, nbytes); 1293 1294 if (fc->forget_batch <= -8) 1295 fc->forget_batch = 16; 1296 } 1297 1298 req = list_entry(fc->pending.next, struct fuse_req, list); 1299 req->state = FUSE_REQ_READING; 1300 list_move(&req->list, &fc->io); 1301 1302 in = &req->in; 1303 reqsize = in->h.len; 1304 /* If request is too large, reply with an error and restart the read */ 1305 if (nbytes < reqsize) { 1306 req->out.h.error = -EIO; 1307 /* SETXATTR is special, since it may contain too large data */ 1308 if (in->h.opcode == FUSE_SETXATTR) 1309 req->out.h.error = -E2BIG; 1310 request_end(fc, req); 1311 goto restart; 1312 } 1313 spin_unlock(&fc->lock); 1314 cs->req = req; 1315 err = fuse_copy_one(cs, &in->h, sizeof(in->h)); 1316 if (!err) 1317 err = fuse_copy_args(cs, in->numargs, in->argpages, 1318 (struct fuse_arg *) in->args, 0); 1319 fuse_copy_finish(cs); 1320 spin_lock(&fc->lock); 1321 req->locked = 0; 1322 if (req->aborted) { 1323 request_end(fc, req); 1324 return -ENODEV; 1325 } 1326 if (err) { 1327 req->out.h.error = -EIO; 1328 request_end(fc, req); 1329 return err; 1330 } 1331 if (!req->isreply) 1332 request_end(fc, req); 1333 else { 1334 req->state = FUSE_REQ_SENT; 1335 list_move_tail(&req->list, &fc->processing); 1336 if (req->interrupted) 1337 queue_interrupt(fc, req); 1338 spin_unlock(&fc->lock); 1339 } 1340 return reqsize; 1341 1342 err_unlock: 1343 spin_unlock(&fc->lock); 1344 return err; 1345 } 1346 1347 static int fuse_dev_open(struct inode *inode, struct file *file) 1348 { 1349 /* 1350 * The fuse device's file's private_data is used to hold 1351 * the fuse_conn(ection) when it is mounted, and is used to 1352 * keep track of whether the file has been mounted already. 1353 */ 1354 file->private_data = NULL; 1355 return 0; 1356 } 1357 1358 static ssize_t fuse_dev_read(struct kiocb *iocb, struct iov_iter *to) 1359 { 1360 struct fuse_copy_state cs; 1361 struct file *file = iocb->ki_filp; 1362 struct fuse_conn *fc = fuse_get_conn(file); 1363 if (!fc) 1364 return -EPERM; 1365 1366 if (!iter_is_iovec(to)) 1367 return -EINVAL; 1368 1369 fuse_copy_init(&cs, fc, 1, to); 1370 1371 return fuse_dev_do_read(fc, file, &cs, iov_iter_count(to)); 1372 } 1373 1374 static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, 1375 struct pipe_inode_info *pipe, 1376 size_t len, unsigned int flags) 1377 { 1378 int ret; 1379 int page_nr = 0; 1380 int do_wakeup = 0; 1381 struct pipe_buffer *bufs; 1382 struct fuse_copy_state cs; 1383 struct fuse_conn *fc = fuse_get_conn(in); 1384 if (!fc) 1385 return -EPERM; 1386 1387 bufs = kmalloc(pipe->buffers * sizeof(struct pipe_buffer), GFP_KERNEL); 1388 if (!bufs) 1389 return -ENOMEM; 1390 1391 fuse_copy_init(&cs, fc, 1, NULL); 1392 cs.pipebufs = bufs; 1393 cs.pipe = pipe; 1394 ret = fuse_dev_do_read(fc, in, &cs, len); 1395 if (ret < 0) 1396 goto out; 1397 1398 ret = 0; 1399 pipe_lock(pipe); 1400 1401 if (!pipe->readers) { 1402 send_sig(SIGPIPE, current, 0); 1403 if (!ret) 1404 ret = -EPIPE; 1405 goto out_unlock; 1406 } 1407 1408 if (pipe->nrbufs + cs.nr_segs > pipe->buffers) { 1409 ret = -EIO; 1410 goto out_unlock; 1411 } 1412 1413 while (page_nr < cs.nr_segs) { 1414 int newbuf = (pipe->curbuf + pipe->nrbufs) & (pipe->buffers - 1); 1415 struct pipe_buffer *buf = pipe->bufs + newbuf; 1416 1417 buf->page = bufs[page_nr].page; 1418 buf->offset = bufs[page_nr].offset; 1419 buf->len = bufs[page_nr].len; 1420 /* 1421 * Need to be careful about this. Having buf->ops in module 1422 * code can Oops if the buffer persists after module unload. 1423 */ 1424 buf->ops = &nosteal_pipe_buf_ops; 1425 1426 pipe->nrbufs++; 1427 page_nr++; 1428 ret += buf->len; 1429 1430 if (pipe->files) 1431 do_wakeup = 1; 1432 } 1433 1434 out_unlock: 1435 pipe_unlock(pipe); 1436 1437 if (do_wakeup) { 1438 smp_mb(); 1439 if (waitqueue_active(&pipe->wait)) 1440 wake_up_interruptible(&pipe->wait); 1441 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); 1442 } 1443 1444 out: 1445 for (; page_nr < cs.nr_segs; page_nr++) 1446 page_cache_release(bufs[page_nr].page); 1447 1448 kfree(bufs); 1449 return ret; 1450 } 1451 1452 static int fuse_notify_poll(struct fuse_conn *fc, unsigned int size, 1453 struct fuse_copy_state *cs) 1454 { 1455 struct fuse_notify_poll_wakeup_out outarg; 1456 int err = -EINVAL; 1457 1458 if (size != sizeof(outarg)) 1459 goto err; 1460 1461 err = fuse_copy_one(cs, &outarg, sizeof(outarg)); 1462 if (err) 1463 goto err; 1464 1465 fuse_copy_finish(cs); 1466 return fuse_notify_poll_wakeup(fc, &outarg); 1467 1468 err: 1469 fuse_copy_finish(cs); 1470 return err; 1471 } 1472 1473 static int fuse_notify_inval_inode(struct fuse_conn *fc, unsigned int size, 1474 struct fuse_copy_state *cs) 1475 { 1476 struct fuse_notify_inval_inode_out outarg; 1477 int err = -EINVAL; 1478 1479 if (size != sizeof(outarg)) 1480 goto err; 1481 1482 err = fuse_copy_one(cs, &outarg, sizeof(outarg)); 1483 if (err) 1484 goto err; 1485 fuse_copy_finish(cs); 1486 1487 down_read(&fc->killsb); 1488 err = -ENOENT; 1489 if (fc->sb) { 1490 err = fuse_reverse_inval_inode(fc->sb, outarg.ino, 1491 outarg.off, outarg.len); 1492 } 1493 up_read(&fc->killsb); 1494 return err; 1495 1496 err: 1497 fuse_copy_finish(cs); 1498 return err; 1499 } 1500 1501 static int fuse_notify_inval_entry(struct fuse_conn *fc, unsigned int size, 1502 struct fuse_copy_state *cs) 1503 { 1504 struct fuse_notify_inval_entry_out outarg; 1505 int err = -ENOMEM; 1506 char *buf; 1507 struct qstr name; 1508 1509 buf = kzalloc(FUSE_NAME_MAX + 1, GFP_KERNEL); 1510 if (!buf) 1511 goto err; 1512 1513 err = -EINVAL; 1514 if (size < sizeof(outarg)) 1515 goto err; 1516 1517 err = fuse_copy_one(cs, &outarg, sizeof(outarg)); 1518 if (err) 1519 goto err; 1520 1521 err = -ENAMETOOLONG; 1522 if (outarg.namelen > FUSE_NAME_MAX) 1523 goto err; 1524 1525 err = -EINVAL; 1526 if (size != sizeof(outarg) + outarg.namelen + 1) 1527 goto err; 1528 1529 name.name = buf; 1530 name.len = outarg.namelen; 1531 err = fuse_copy_one(cs, buf, outarg.namelen + 1); 1532 if (err) 1533 goto err; 1534 fuse_copy_finish(cs); 1535 buf[outarg.namelen] = 0; 1536 name.hash = full_name_hash(name.name, name.len); 1537 1538 down_read(&fc->killsb); 1539 err = -ENOENT; 1540 if (fc->sb) 1541 err = fuse_reverse_inval_entry(fc->sb, outarg.parent, 0, &name); 1542 up_read(&fc->killsb); 1543 kfree(buf); 1544 return err; 1545 1546 err: 1547 kfree(buf); 1548 fuse_copy_finish(cs); 1549 return err; 1550 } 1551 1552 static int fuse_notify_delete(struct fuse_conn *fc, unsigned int size, 1553 struct fuse_copy_state *cs) 1554 { 1555 struct fuse_notify_delete_out outarg; 1556 int err = -ENOMEM; 1557 char *buf; 1558 struct qstr name; 1559 1560 buf = kzalloc(FUSE_NAME_MAX + 1, GFP_KERNEL); 1561 if (!buf) 1562 goto err; 1563 1564 err = -EINVAL; 1565 if (size < sizeof(outarg)) 1566 goto err; 1567 1568 err = fuse_copy_one(cs, &outarg, sizeof(outarg)); 1569 if (err) 1570 goto err; 1571 1572 err = -ENAMETOOLONG; 1573 if (outarg.namelen > FUSE_NAME_MAX) 1574 goto err; 1575 1576 err = -EINVAL; 1577 if (size != sizeof(outarg) + outarg.namelen + 1) 1578 goto err; 1579 1580 name.name = buf; 1581 name.len = outarg.namelen; 1582 err = fuse_copy_one(cs, buf, outarg.namelen + 1); 1583 if (err) 1584 goto err; 1585 fuse_copy_finish(cs); 1586 buf[outarg.namelen] = 0; 1587 name.hash = full_name_hash(name.name, name.len); 1588 1589 down_read(&fc->killsb); 1590 err = -ENOENT; 1591 if (fc->sb) 1592 err = fuse_reverse_inval_entry(fc->sb, outarg.parent, 1593 outarg.child, &name); 1594 up_read(&fc->killsb); 1595 kfree(buf); 1596 return err; 1597 1598 err: 1599 kfree(buf); 1600 fuse_copy_finish(cs); 1601 return err; 1602 } 1603 1604 static int fuse_notify_store(struct fuse_conn *fc, unsigned int size, 1605 struct fuse_copy_state *cs) 1606 { 1607 struct fuse_notify_store_out outarg; 1608 struct inode *inode; 1609 struct address_space *mapping; 1610 u64 nodeid; 1611 int err; 1612 pgoff_t index; 1613 unsigned int offset; 1614 unsigned int num; 1615 loff_t file_size; 1616 loff_t end; 1617 1618 err = -EINVAL; 1619 if (size < sizeof(outarg)) 1620 goto out_finish; 1621 1622 err = fuse_copy_one(cs, &outarg, sizeof(outarg)); 1623 if (err) 1624 goto out_finish; 1625 1626 err = -EINVAL; 1627 if (size - sizeof(outarg) != outarg.size) 1628 goto out_finish; 1629 1630 nodeid = outarg.nodeid; 1631 1632 down_read(&fc->killsb); 1633 1634 err = -ENOENT; 1635 if (!fc->sb) 1636 goto out_up_killsb; 1637 1638 inode = ilookup5(fc->sb, nodeid, fuse_inode_eq, &nodeid); 1639 if (!inode) 1640 goto out_up_killsb; 1641 1642 mapping = inode->i_mapping; 1643 index = outarg.offset >> PAGE_CACHE_SHIFT; 1644 offset = outarg.offset & ~PAGE_CACHE_MASK; 1645 file_size = i_size_read(inode); 1646 end = outarg.offset + outarg.size; 1647 if (end > file_size) { 1648 file_size = end; 1649 fuse_write_update_size(inode, file_size); 1650 } 1651 1652 num = outarg.size; 1653 while (num) { 1654 struct page *page; 1655 unsigned int this_num; 1656 1657 err = -ENOMEM; 1658 page = find_or_create_page(mapping, index, 1659 mapping_gfp_mask(mapping)); 1660 if (!page) 1661 goto out_iput; 1662 1663 this_num = min_t(unsigned, num, PAGE_CACHE_SIZE - offset); 1664 err = fuse_copy_page(cs, &page, offset, this_num, 0); 1665 if (!err && offset == 0 && 1666 (this_num == PAGE_CACHE_SIZE || file_size == end)) 1667 SetPageUptodate(page); 1668 unlock_page(page); 1669 page_cache_release(page); 1670 1671 if (err) 1672 goto out_iput; 1673 1674 num -= this_num; 1675 offset = 0; 1676 index++; 1677 } 1678 1679 err = 0; 1680 1681 out_iput: 1682 iput(inode); 1683 out_up_killsb: 1684 up_read(&fc->killsb); 1685 out_finish: 1686 fuse_copy_finish(cs); 1687 return err; 1688 } 1689 1690 static void fuse_retrieve_end(struct fuse_conn *fc, struct fuse_req *req) 1691 { 1692 release_pages(req->pages, req->num_pages, false); 1693 } 1694 1695 static int fuse_retrieve(struct fuse_conn *fc, struct inode *inode, 1696 struct fuse_notify_retrieve_out *outarg) 1697 { 1698 int err; 1699 struct address_space *mapping = inode->i_mapping; 1700 struct fuse_req *req; 1701 pgoff_t index; 1702 loff_t file_size; 1703 unsigned int num; 1704 unsigned int offset; 1705 size_t total_len = 0; 1706 int num_pages; 1707 1708 offset = outarg->offset & ~PAGE_CACHE_MASK; 1709 file_size = i_size_read(inode); 1710 1711 num = outarg->size; 1712 if (outarg->offset > file_size) 1713 num = 0; 1714 else if (outarg->offset + num > file_size) 1715 num = file_size - outarg->offset; 1716 1717 num_pages = (num + offset + PAGE_SIZE - 1) >> PAGE_SHIFT; 1718 num_pages = min(num_pages, FUSE_MAX_PAGES_PER_REQ); 1719 1720 req = fuse_get_req(fc, num_pages); 1721 if (IS_ERR(req)) 1722 return PTR_ERR(req); 1723 1724 req->in.h.opcode = FUSE_NOTIFY_REPLY; 1725 req->in.h.nodeid = outarg->nodeid; 1726 req->in.numargs = 2; 1727 req->in.argpages = 1; 1728 req->page_descs[0].offset = offset; 1729 req->end = fuse_retrieve_end; 1730 1731 index = outarg->offset >> PAGE_CACHE_SHIFT; 1732 1733 while (num && req->num_pages < num_pages) { 1734 struct page *page; 1735 unsigned int this_num; 1736 1737 page = find_get_page(mapping, index); 1738 if (!page) 1739 break; 1740 1741 this_num = min_t(unsigned, num, PAGE_CACHE_SIZE - offset); 1742 req->pages[req->num_pages] = page; 1743 req->page_descs[req->num_pages].length = this_num; 1744 req->num_pages++; 1745 1746 offset = 0; 1747 num -= this_num; 1748 total_len += this_num; 1749 index++; 1750 } 1751 req->misc.retrieve_in.offset = outarg->offset; 1752 req->misc.retrieve_in.size = total_len; 1753 req->in.args[0].size = sizeof(req->misc.retrieve_in); 1754 req->in.args[0].value = &req->misc.retrieve_in; 1755 req->in.args[1].size = total_len; 1756 1757 err = fuse_request_send_notify_reply(fc, req, outarg->notify_unique); 1758 if (err) 1759 fuse_retrieve_end(fc, req); 1760 1761 return err; 1762 } 1763 1764 static int fuse_notify_retrieve(struct fuse_conn *fc, unsigned int size, 1765 struct fuse_copy_state *cs) 1766 { 1767 struct fuse_notify_retrieve_out outarg; 1768 struct inode *inode; 1769 int err; 1770 1771 err = -EINVAL; 1772 if (size != sizeof(outarg)) 1773 goto copy_finish; 1774 1775 err = fuse_copy_one(cs, &outarg, sizeof(outarg)); 1776 if (err) 1777 goto copy_finish; 1778 1779 fuse_copy_finish(cs); 1780 1781 down_read(&fc->killsb); 1782 err = -ENOENT; 1783 if (fc->sb) { 1784 u64 nodeid = outarg.nodeid; 1785 1786 inode = ilookup5(fc->sb, nodeid, fuse_inode_eq, &nodeid); 1787 if (inode) { 1788 err = fuse_retrieve(fc, inode, &outarg); 1789 iput(inode); 1790 } 1791 } 1792 up_read(&fc->killsb); 1793 1794 return err; 1795 1796 copy_finish: 1797 fuse_copy_finish(cs); 1798 return err; 1799 } 1800 1801 static int fuse_notify(struct fuse_conn *fc, enum fuse_notify_code code, 1802 unsigned int size, struct fuse_copy_state *cs) 1803 { 1804 /* Don't try to move pages (yet) */ 1805 cs->move_pages = 0; 1806 1807 switch (code) { 1808 case FUSE_NOTIFY_POLL: 1809 return fuse_notify_poll(fc, size, cs); 1810 1811 case FUSE_NOTIFY_INVAL_INODE: 1812 return fuse_notify_inval_inode(fc, size, cs); 1813 1814 case FUSE_NOTIFY_INVAL_ENTRY: 1815 return fuse_notify_inval_entry(fc, size, cs); 1816 1817 case FUSE_NOTIFY_STORE: 1818 return fuse_notify_store(fc, size, cs); 1819 1820 case FUSE_NOTIFY_RETRIEVE: 1821 return fuse_notify_retrieve(fc, size, cs); 1822 1823 case FUSE_NOTIFY_DELETE: 1824 return fuse_notify_delete(fc, size, cs); 1825 1826 default: 1827 fuse_copy_finish(cs); 1828 return -EINVAL; 1829 } 1830 } 1831 1832 /* Look up request on processing list by unique ID */ 1833 static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique) 1834 { 1835 struct fuse_req *req; 1836 1837 list_for_each_entry(req, &fc->processing, list) { 1838 if (req->in.h.unique == unique || req->intr_unique == unique) 1839 return req; 1840 } 1841 return NULL; 1842 } 1843 1844 static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out, 1845 unsigned nbytes) 1846 { 1847 unsigned reqsize = sizeof(struct fuse_out_header); 1848 1849 if (out->h.error) 1850 return nbytes != reqsize ? -EINVAL : 0; 1851 1852 reqsize += len_args(out->numargs, out->args); 1853 1854 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar)) 1855 return -EINVAL; 1856 else if (reqsize > nbytes) { 1857 struct fuse_arg *lastarg = &out->args[out->numargs-1]; 1858 unsigned diffsize = reqsize - nbytes; 1859 if (diffsize > lastarg->size) 1860 return -EINVAL; 1861 lastarg->size -= diffsize; 1862 } 1863 return fuse_copy_args(cs, out->numargs, out->argpages, out->args, 1864 out->page_zeroing); 1865 } 1866 1867 /* 1868 * Write a single reply to a request. First the header is copied from 1869 * the write buffer. The request is then searched on the processing 1870 * list by the unique ID found in the header. If found, then remove 1871 * it from the list and copy the rest of the buffer to the request. 1872 * The request is finished by calling request_end() 1873 */ 1874 static ssize_t fuse_dev_do_write(struct fuse_conn *fc, 1875 struct fuse_copy_state *cs, size_t nbytes) 1876 { 1877 int err; 1878 struct fuse_req *req; 1879 struct fuse_out_header oh; 1880 1881 if (nbytes < sizeof(struct fuse_out_header)) 1882 return -EINVAL; 1883 1884 err = fuse_copy_one(cs, &oh, sizeof(oh)); 1885 if (err) 1886 goto err_finish; 1887 1888 err = -EINVAL; 1889 if (oh.len != nbytes) 1890 goto err_finish; 1891 1892 /* 1893 * Zero oh.unique indicates unsolicited notification message 1894 * and error contains notification code. 1895 */ 1896 if (!oh.unique) { 1897 err = fuse_notify(fc, oh.error, nbytes - sizeof(oh), cs); 1898 return err ? err : nbytes; 1899 } 1900 1901 err = -EINVAL; 1902 if (oh.error <= -1000 || oh.error > 0) 1903 goto err_finish; 1904 1905 spin_lock(&fc->lock); 1906 err = -ENOENT; 1907 if (!fc->connected) 1908 goto err_unlock; 1909 1910 req = request_find(fc, oh.unique); 1911 if (!req) 1912 goto err_unlock; 1913 1914 if (req->aborted) { 1915 spin_unlock(&fc->lock); 1916 fuse_copy_finish(cs); 1917 spin_lock(&fc->lock); 1918 request_end(fc, req); 1919 return -ENOENT; 1920 } 1921 /* Is it an interrupt reply? */ 1922 if (req->intr_unique == oh.unique) { 1923 err = -EINVAL; 1924 if (nbytes != sizeof(struct fuse_out_header)) 1925 goto err_unlock; 1926 1927 if (oh.error == -ENOSYS) 1928 fc->no_interrupt = 1; 1929 else if (oh.error == -EAGAIN) 1930 queue_interrupt(fc, req); 1931 1932 spin_unlock(&fc->lock); 1933 fuse_copy_finish(cs); 1934 return nbytes; 1935 } 1936 1937 req->state = FUSE_REQ_WRITING; 1938 list_move(&req->list, &fc->io); 1939 req->out.h = oh; 1940 req->locked = 1; 1941 cs->req = req; 1942 if (!req->out.page_replace) 1943 cs->move_pages = 0; 1944 spin_unlock(&fc->lock); 1945 1946 err = copy_out_args(cs, &req->out, nbytes); 1947 fuse_copy_finish(cs); 1948 1949 spin_lock(&fc->lock); 1950 req->locked = 0; 1951 if (!err) { 1952 if (req->aborted) 1953 err = -ENOENT; 1954 } else if (!req->aborted) 1955 req->out.h.error = -EIO; 1956 request_end(fc, req); 1957 1958 return err ? err : nbytes; 1959 1960 err_unlock: 1961 spin_unlock(&fc->lock); 1962 err_finish: 1963 fuse_copy_finish(cs); 1964 return err; 1965 } 1966 1967 static ssize_t fuse_dev_write(struct kiocb *iocb, struct iov_iter *from) 1968 { 1969 struct fuse_copy_state cs; 1970 struct fuse_conn *fc = fuse_get_conn(iocb->ki_filp); 1971 if (!fc) 1972 return -EPERM; 1973 1974 if (!iter_is_iovec(from)) 1975 return -EINVAL; 1976 1977 fuse_copy_init(&cs, fc, 0, from); 1978 1979 return fuse_dev_do_write(fc, &cs, iov_iter_count(from)); 1980 } 1981 1982 static ssize_t fuse_dev_splice_write(struct pipe_inode_info *pipe, 1983 struct file *out, loff_t *ppos, 1984 size_t len, unsigned int flags) 1985 { 1986 unsigned nbuf; 1987 unsigned idx; 1988 struct pipe_buffer *bufs; 1989 struct fuse_copy_state cs; 1990 struct fuse_conn *fc; 1991 size_t rem; 1992 ssize_t ret; 1993 1994 fc = fuse_get_conn(out); 1995 if (!fc) 1996 return -EPERM; 1997 1998 bufs = kmalloc(pipe->buffers * sizeof(struct pipe_buffer), GFP_KERNEL); 1999 if (!bufs) 2000 return -ENOMEM; 2001 2002 pipe_lock(pipe); 2003 nbuf = 0; 2004 rem = 0; 2005 for (idx = 0; idx < pipe->nrbufs && rem < len; idx++) 2006 rem += pipe->bufs[(pipe->curbuf + idx) & (pipe->buffers - 1)].len; 2007 2008 ret = -EINVAL; 2009 if (rem < len) { 2010 pipe_unlock(pipe); 2011 goto out; 2012 } 2013 2014 rem = len; 2015 while (rem) { 2016 struct pipe_buffer *ibuf; 2017 struct pipe_buffer *obuf; 2018 2019 BUG_ON(nbuf >= pipe->buffers); 2020 BUG_ON(!pipe->nrbufs); 2021 ibuf = &pipe->bufs[pipe->curbuf]; 2022 obuf = &bufs[nbuf]; 2023 2024 if (rem >= ibuf->len) { 2025 *obuf = *ibuf; 2026 ibuf->ops = NULL; 2027 pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1); 2028 pipe->nrbufs--; 2029 } else { 2030 ibuf->ops->get(pipe, ibuf); 2031 *obuf = *ibuf; 2032 obuf->flags &= ~PIPE_BUF_FLAG_GIFT; 2033 obuf->len = rem; 2034 ibuf->offset += obuf->len; 2035 ibuf->len -= obuf->len; 2036 } 2037 nbuf++; 2038 rem -= obuf->len; 2039 } 2040 pipe_unlock(pipe); 2041 2042 fuse_copy_init(&cs, fc, 0, NULL); 2043 cs.pipebufs = bufs; 2044 cs.nr_segs = nbuf; 2045 cs.pipe = pipe; 2046 2047 if (flags & SPLICE_F_MOVE) 2048 cs.move_pages = 1; 2049 2050 ret = fuse_dev_do_write(fc, &cs, len); 2051 2052 for (idx = 0; idx < nbuf; idx++) { 2053 struct pipe_buffer *buf = &bufs[idx]; 2054 buf->ops->release(pipe, buf); 2055 } 2056 out: 2057 kfree(bufs); 2058 return ret; 2059 } 2060 2061 static unsigned fuse_dev_poll(struct file *file, poll_table *wait) 2062 { 2063 unsigned mask = POLLOUT | POLLWRNORM; 2064 struct fuse_conn *fc = fuse_get_conn(file); 2065 if (!fc) 2066 return POLLERR; 2067 2068 poll_wait(file, &fc->waitq, wait); 2069 2070 spin_lock(&fc->lock); 2071 if (!fc->connected) 2072 mask = POLLERR; 2073 else if (request_pending(fc)) 2074 mask |= POLLIN | POLLRDNORM; 2075 spin_unlock(&fc->lock); 2076 2077 return mask; 2078 } 2079 2080 /* 2081 * Abort all requests on the given list (pending or processing) 2082 * 2083 * This function releases and reacquires fc->lock 2084 */ 2085 static void end_requests(struct fuse_conn *fc, struct list_head *head) 2086 __releases(fc->lock) 2087 __acquires(fc->lock) 2088 { 2089 while (!list_empty(head)) { 2090 struct fuse_req *req; 2091 req = list_entry(head->next, struct fuse_req, list); 2092 req->out.h.error = -ECONNABORTED; 2093 request_end(fc, req); 2094 spin_lock(&fc->lock); 2095 } 2096 } 2097 2098 /* 2099 * Abort requests under I/O 2100 * 2101 * The requests are set to aborted and finished, and the request 2102 * waiter is woken up. This will make request_wait_answer() wait 2103 * until the request is unlocked and then return. 2104 * 2105 * If the request is asynchronous, then the end function needs to be 2106 * called after waiting for the request to be unlocked (if it was 2107 * locked). 2108 */ 2109 static void end_io_requests(struct fuse_conn *fc) 2110 __releases(fc->lock) 2111 __acquires(fc->lock) 2112 { 2113 while (!list_empty(&fc->io)) { 2114 struct fuse_req *req = 2115 list_entry(fc->io.next, struct fuse_req, list); 2116 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end; 2117 2118 req->aborted = 1; 2119 req->out.h.error = -ECONNABORTED; 2120 req->state = FUSE_REQ_FINISHED; 2121 list_del_init(&req->list); 2122 wake_up(&req->waitq); 2123 if (end) { 2124 req->end = NULL; 2125 __fuse_get_request(req); 2126 spin_unlock(&fc->lock); 2127 wait_event(req->waitq, !req->locked); 2128 end(fc, req); 2129 fuse_put_request(fc, req); 2130 spin_lock(&fc->lock); 2131 } 2132 } 2133 } 2134 2135 static void end_queued_requests(struct fuse_conn *fc) 2136 __releases(fc->lock) 2137 __acquires(fc->lock) 2138 { 2139 fc->max_background = UINT_MAX; 2140 flush_bg_queue(fc); 2141 end_requests(fc, &fc->pending); 2142 end_requests(fc, &fc->processing); 2143 while (forget_pending(fc)) 2144 kfree(dequeue_forget(fc, 1, NULL)); 2145 } 2146 2147 static void end_polls(struct fuse_conn *fc) 2148 { 2149 struct rb_node *p; 2150 2151 p = rb_first(&fc->polled_files); 2152 2153 while (p) { 2154 struct fuse_file *ff; 2155 ff = rb_entry(p, struct fuse_file, polled_node); 2156 wake_up_interruptible_all(&ff->poll_wait); 2157 2158 p = rb_next(p); 2159 } 2160 } 2161 2162 /* 2163 * Abort all requests. 2164 * 2165 * Emergency exit in case of a malicious or accidental deadlock, or 2166 * just a hung filesystem. 2167 * 2168 * The same effect is usually achievable through killing the 2169 * filesystem daemon and all users of the filesystem. The exception 2170 * is the combination of an asynchronous request and the tricky 2171 * deadlock (see Documentation/filesystems/fuse.txt). 2172 * 2173 * During the aborting, progression of requests from the pending and 2174 * processing lists onto the io list, and progression of new requests 2175 * onto the pending list is prevented by req->connected being false. 2176 * 2177 * Progression of requests under I/O to the processing list is 2178 * prevented by the req->aborted flag being true for these requests. 2179 * For this reason requests on the io list must be aborted first. 2180 */ 2181 void fuse_abort_conn(struct fuse_conn *fc) 2182 { 2183 spin_lock(&fc->lock); 2184 if (fc->connected) { 2185 fc->connected = 0; 2186 fc->blocked = 0; 2187 fuse_set_initialized(fc); 2188 end_io_requests(fc); 2189 end_queued_requests(fc); 2190 end_polls(fc); 2191 wake_up_all(&fc->waitq); 2192 wake_up_all(&fc->blocked_waitq); 2193 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 2194 } 2195 spin_unlock(&fc->lock); 2196 } 2197 EXPORT_SYMBOL_GPL(fuse_abort_conn); 2198 2199 int fuse_dev_release(struct inode *inode, struct file *file) 2200 { 2201 struct fuse_conn *fc = fuse_get_conn(file); 2202 if (fc) { 2203 spin_lock(&fc->lock); 2204 fc->connected = 0; 2205 fc->blocked = 0; 2206 fuse_set_initialized(fc); 2207 end_queued_requests(fc); 2208 end_polls(fc); 2209 wake_up_all(&fc->blocked_waitq); 2210 spin_unlock(&fc->lock); 2211 fuse_conn_put(fc); 2212 } 2213 2214 return 0; 2215 } 2216 EXPORT_SYMBOL_GPL(fuse_dev_release); 2217 2218 static int fuse_dev_fasync(int fd, struct file *file, int on) 2219 { 2220 struct fuse_conn *fc = fuse_get_conn(file); 2221 if (!fc) 2222 return -EPERM; 2223 2224 /* No locking - fasync_helper does its own locking */ 2225 return fasync_helper(fd, file, on, &fc->fasync); 2226 } 2227 2228 const struct file_operations fuse_dev_operations = { 2229 .owner = THIS_MODULE, 2230 .open = fuse_dev_open, 2231 .llseek = no_llseek, 2232 .read_iter = fuse_dev_read, 2233 .splice_read = fuse_dev_splice_read, 2234 .write_iter = fuse_dev_write, 2235 .splice_write = fuse_dev_splice_write, 2236 .poll = fuse_dev_poll, 2237 .release = fuse_dev_release, 2238 .fasync = fuse_dev_fasync, 2239 }; 2240 EXPORT_SYMBOL_GPL(fuse_dev_operations); 2241 2242 static struct miscdevice fuse_miscdevice = { 2243 .minor = FUSE_MINOR, 2244 .name = "fuse", 2245 .fops = &fuse_dev_operations, 2246 }; 2247 2248 int __init fuse_dev_init(void) 2249 { 2250 int err = -ENOMEM; 2251 fuse_req_cachep = kmem_cache_create("fuse_request", 2252 sizeof(struct fuse_req), 2253 0, 0, NULL); 2254 if (!fuse_req_cachep) 2255 goto out; 2256 2257 err = misc_register(&fuse_miscdevice); 2258 if (err) 2259 goto out_cache_clean; 2260 2261 return 0; 2262 2263 out_cache_clean: 2264 kmem_cache_destroy(fuse_req_cachep); 2265 out: 2266 return err; 2267 } 2268 2269 void fuse_dev_cleanup(void) 2270 { 2271 misc_deregister(&fuse_miscdevice); 2272 kmem_cache_destroy(fuse_req_cachep); 2273 } 2274