2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2006 Miklos Szeredi <miklos@szeredi.hu>
5 This program can be distributed under the terms of the GNU GPL.
11 #include <linux/init.h>
12 #include <linux/module.h>
13 #include <linux/poll.h>
14 #include <linux/uio.h>
15 #include <linux/miscdevice.h>
16 #include <linux/pagemap.h>
17 #include <linux/file.h>
18 #include <linux/slab.h>
20 MODULE_ALIAS_MISCDEV(FUSE_MINOR);
22 static kmem_cache_t *fuse_req_cachep;
24 static struct fuse_conn *fuse_get_conn(struct file *file)
27 * Lockless access is OK, because file->private data is set
28 * once during mount and is valid until the file is released.
30 return file->private_data;
33 static void fuse_request_init(struct fuse_req *req)
35 memset(req, 0, sizeof(*req));
36 INIT_LIST_HEAD(&req->list);
37 init_waitqueue_head(&req->waitq);
38 atomic_set(&req->count, 1);
41 struct fuse_req *fuse_request_alloc(void)
43 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, SLAB_KERNEL);
45 fuse_request_init(req);
49 void fuse_request_free(struct fuse_req *req)
51 kmem_cache_free(fuse_req_cachep, req);
54 static void block_sigs(sigset_t *oldset)
58 siginitsetinv(&mask, sigmask(SIGKILL));
59 sigprocmask(SIG_BLOCK, &mask, oldset);
62 static void restore_sigs(sigset_t *oldset)
64 sigprocmask(SIG_SETMASK, oldset, NULL);
67 static void __fuse_get_request(struct fuse_req *req)
69 atomic_inc(&req->count);
72 /* Must be called with > 1 refcount */
73 static void __fuse_put_request(struct fuse_req *req)
75 BUG_ON(atomic_read(&req->count) < 2);
76 atomic_dec(&req->count);
79 struct fuse_req *fuse_get_req(struct fuse_conn *fc)
86 atomic_inc(&fc->num_waiting);
88 intr = wait_event_interruptible(fc->blocked_waitq, !fc->blocked);
89 restore_sigs(&oldset);
98 req = fuse_request_alloc();
103 req->in.h.uid = current->fsuid;
104 req->in.h.gid = current->fsgid;
105 req->in.h.pid = current->pid;
110 atomic_dec(&fc->num_waiting);
114 void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
116 if (atomic_dec_and_test(&req->count)) {
118 atomic_dec(&fc->num_waiting);
119 fuse_request_free(req);
124 * This function is called when a request is finished. Either a reply
125 * has arrived or it was interrupted (and not yet sent) or some error
126 * occurred during communication with userspace, or the device file
127 * was closed. The requester thread is woken up (if still waiting),
128 * the 'end' callback is called if given, else the reference to the
129 * request is released
131 * Called with fc->lock, unlocks it
133 static void request_end(struct fuse_conn *fc, struct fuse_req *req)
135 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
137 list_del(&req->list);
138 req->state = FUSE_REQ_FINISHED;
139 if (req->background) {
140 if (fc->num_background == FUSE_MAX_BACKGROUND) {
142 wake_up_all(&fc->blocked_waitq);
144 fc->num_background--;
146 spin_unlock(&fc->lock);
148 mntput(req->vfsmount);
151 wake_up(&req->waitq);
155 fuse_put_request(fc, req);
158 /* Called with fc->lock held. Releases, and then reacquires it. */
159 static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req)
163 spin_unlock(&fc->lock);
165 wait_event(req->waitq, req->state == FUSE_REQ_FINISHED);
168 wait_event_interruptible(req->waitq,
169 req->state == FUSE_REQ_FINISHED);
170 restore_sigs(&oldset);
172 spin_lock(&fc->lock);
173 if (req->state == FUSE_REQ_FINISHED && !req->interrupted)
176 if (!req->interrupted) {
177 req->out.h.error = -EINTR;
178 req->interrupted = 1;
181 /* This is uninterruptible sleep, because data is
182 being copied to/from the buffers of req. During
183 locked state, there mustn't be any filesystem
184 operation (e.g. page fault), since that could lead
186 spin_unlock(&fc->lock);
187 wait_event(req->waitq, !req->locked);
188 spin_lock(&fc->lock);
190 if (req->state == FUSE_REQ_PENDING) {
191 list_del(&req->list);
192 __fuse_put_request(req);
193 } else if (req->state == FUSE_REQ_SENT) {
194 spin_unlock(&fc->lock);
195 wait_event(req->waitq, req->state == FUSE_REQ_FINISHED);
196 spin_lock(&fc->lock);
200 static unsigned len_args(unsigned numargs, struct fuse_arg *args)
205 for (i = 0; i < numargs; i++)
206 nbytes += args[i].size;
211 static void queue_request(struct fuse_conn *fc, struct fuse_req *req)
214 /* zero is special */
217 req->in.h.unique = fc->reqctr;
218 req->in.h.len = sizeof(struct fuse_in_header) +
219 len_args(req->in.numargs, (struct fuse_arg *) req->in.args);
220 list_add_tail(&req->list, &fc->pending);
221 req->state = FUSE_REQ_PENDING;
224 atomic_inc(&fc->num_waiting);
227 kill_fasync(&fc->fasync, SIGIO, POLL_IN);
231 * This can only be interrupted by a SIGKILL
233 void request_send(struct fuse_conn *fc, struct fuse_req *req)
236 spin_lock(&fc->lock);
238 req->out.h.error = -ENOTCONN;
239 else if (fc->conn_error)
240 req->out.h.error = -ECONNREFUSED;
242 queue_request(fc, req);
243 /* acquire extra reference, since request is still needed
244 after request_end() */
245 __fuse_get_request(req);
247 request_wait_answer(fc, req);
249 spin_unlock(&fc->lock);
252 static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req)
254 spin_lock(&fc->lock);
257 fc->num_background++;
258 if (fc->num_background == FUSE_MAX_BACKGROUND)
261 queue_request(fc, req);
262 spin_unlock(&fc->lock);
264 req->out.h.error = -ENOTCONN;
265 request_end(fc, req);
269 void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req)
272 request_send_nowait(fc, req);
275 void request_send_background(struct fuse_conn *fc, struct fuse_req *req)
278 request_send_nowait(fc, req);
282 * Lock the request. Up to the next unlock_request() there mustn't be
283 * anything that could cause a page-fault. If the request was already
284 * interrupted bail out.
286 static int lock_request(struct fuse_conn *fc, struct fuse_req *req)
290 spin_lock(&fc->lock);
291 if (req->interrupted)
295 spin_unlock(&fc->lock);
301 * Unlock request. If it was interrupted during being locked, the
302 * requester thread is currently waiting for it to be unlocked, so
305 static void unlock_request(struct fuse_conn *fc, struct fuse_req *req)
308 spin_lock(&fc->lock);
310 if (req->interrupted)
311 wake_up(&req->waitq);
312 spin_unlock(&fc->lock);
316 struct fuse_copy_state {
317 struct fuse_conn *fc;
319 struct fuse_req *req;
320 const struct iovec *iov;
321 unsigned long nr_segs;
322 unsigned long seglen;
330 static void fuse_copy_init(struct fuse_copy_state *cs, struct fuse_conn *fc,
331 int write, struct fuse_req *req,
332 const struct iovec *iov, unsigned long nr_segs)
334 memset(cs, 0, sizeof(*cs));
339 cs->nr_segs = nr_segs;
342 /* Unmap and put previous page of userspace buffer */
343 static void fuse_copy_finish(struct fuse_copy_state *cs)
346 kunmap_atomic(cs->mapaddr, KM_USER0);
348 flush_dcache_page(cs->pg);
349 set_page_dirty_lock(cs->pg);
357 * Get another pagefull of userspace buffer, and map it to kernel
358 * address space, and lock request
360 static int fuse_copy_fill(struct fuse_copy_state *cs)
362 unsigned long offset;
365 unlock_request(cs->fc, cs->req);
366 fuse_copy_finish(cs);
368 BUG_ON(!cs->nr_segs);
369 cs->seglen = cs->iov[0].iov_len;
370 cs->addr = (unsigned long) cs->iov[0].iov_base;
374 down_read(¤t->mm->mmap_sem);
375 err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0,
377 up_read(¤t->mm->mmap_sem);
381 offset = cs->addr % PAGE_SIZE;
382 cs->mapaddr = kmap_atomic(cs->pg, KM_USER0);
383 cs->buf = cs->mapaddr + offset;
384 cs->len = min(PAGE_SIZE - offset, cs->seglen);
385 cs->seglen -= cs->len;
388 return lock_request(cs->fc, cs->req);
391 /* Do as much copy to/from userspace buffer as we can */
392 static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size)
394 unsigned ncpy = min(*size, cs->len);
397 memcpy(cs->buf, *val, ncpy);
399 memcpy(*val, cs->buf, ncpy);
409 * Copy a page in the request to/from the userspace buffer. Must be
412 static int fuse_copy_page(struct fuse_copy_state *cs, struct page *page,
413 unsigned offset, unsigned count, int zeroing)
415 if (page && zeroing && count < PAGE_SIZE) {
416 void *mapaddr = kmap_atomic(page, KM_USER1);
417 memset(mapaddr, 0, PAGE_SIZE);
418 kunmap_atomic(mapaddr, KM_USER1);
422 if (!cs->len && (err = fuse_copy_fill(cs)))
425 void *mapaddr = kmap_atomic(page, KM_USER1);
426 void *buf = mapaddr + offset;
427 offset += fuse_copy_do(cs, &buf, &count);
428 kunmap_atomic(mapaddr, KM_USER1);
430 offset += fuse_copy_do(cs, NULL, &count);
432 if (page && !cs->write)
433 flush_dcache_page(page);
437 /* Copy pages in the request to/from userspace buffer */
438 static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes,
442 struct fuse_req *req = cs->req;
443 unsigned offset = req->page_offset;
444 unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset);
446 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) {
447 struct page *page = req->pages[i];
448 int err = fuse_copy_page(cs, page, offset, count, zeroing);
453 count = min(nbytes, (unsigned) PAGE_SIZE);
459 /* Copy a single argument in the request to/from userspace buffer */
460 static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size)
464 if (!cs->len && (err = fuse_copy_fill(cs)))
466 fuse_copy_do(cs, &val, &size);
471 /* Copy request arguments to/from userspace buffer */
472 static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs,
473 unsigned argpages, struct fuse_arg *args,
479 for (i = 0; !err && i < numargs; i++) {
480 struct fuse_arg *arg = &args[i];
481 if (i == numargs - 1 && argpages)
482 err = fuse_copy_pages(cs, arg->size, zeroing);
484 err = fuse_copy_one(cs, arg->value, arg->size);
489 /* Wait until a request is available on the pending list */
490 static void request_wait(struct fuse_conn *fc)
492 DECLARE_WAITQUEUE(wait, current);
494 add_wait_queue_exclusive(&fc->waitq, &wait);
495 while (fc->connected && list_empty(&fc->pending)) {
496 set_current_state(TASK_INTERRUPTIBLE);
497 if (signal_pending(current))
500 spin_unlock(&fc->lock);
502 spin_lock(&fc->lock);
504 set_current_state(TASK_RUNNING);
505 remove_wait_queue(&fc->waitq, &wait);
509 * Read a single request into the userspace filesystem's buffer. This
510 * function waits until a request is available, then removes it from
511 * the pending list and copies request data to userspace buffer. If
512 * no reply is needed (FORGET) or request has been interrupted or
513 * there was an error during the copying then it's finished by calling
514 * request_end(). Otherwise add it to the processing list, and set
517 static ssize_t fuse_dev_readv(struct file *file, const struct iovec *iov,
518 unsigned long nr_segs, loff_t *off)
521 struct fuse_req *req;
523 struct fuse_copy_state cs;
525 struct fuse_conn *fc = fuse_get_conn(file);
530 spin_lock(&fc->lock);
532 if ((file->f_flags & O_NONBLOCK) && fc->connected &&
533 list_empty(&fc->pending))
541 if (list_empty(&fc->pending))
544 req = list_entry(fc->pending.next, struct fuse_req, list);
545 req->state = FUSE_REQ_READING;
546 list_move(&req->list, &fc->io);
550 /* If request is too large, reply with an error and restart the read */
551 if (iov_length(iov, nr_segs) < reqsize) {
552 req->out.h.error = -EIO;
553 /* SETXATTR is special, since it may contain too large data */
554 if (in->h.opcode == FUSE_SETXATTR)
555 req->out.h.error = -E2BIG;
556 request_end(fc, req);
559 spin_unlock(&fc->lock);
560 fuse_copy_init(&cs, fc, 1, req, iov, nr_segs);
561 err = fuse_copy_one(&cs, &in->h, sizeof(in->h));
563 err = fuse_copy_args(&cs, in->numargs, in->argpages,
564 (struct fuse_arg *) in->args, 0);
565 fuse_copy_finish(&cs);
566 spin_lock(&fc->lock);
568 if (!err && req->interrupted)
571 if (!req->interrupted)
572 req->out.h.error = -EIO;
573 request_end(fc, req);
577 request_end(fc, req);
579 req->state = FUSE_REQ_SENT;
580 list_move_tail(&req->list, &fc->processing);
581 spin_unlock(&fc->lock);
586 spin_unlock(&fc->lock);
590 static ssize_t fuse_dev_read(struct file *file, char __user *buf,
591 size_t nbytes, loff_t *off)
594 iov.iov_len = nbytes;
596 return fuse_dev_readv(file, &iov, 1, off);
599 /* Look up request on processing list by unique ID */
600 static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique)
602 struct list_head *entry;
604 list_for_each(entry, &fc->processing) {
605 struct fuse_req *req;
606 req = list_entry(entry, struct fuse_req, list);
607 if (req->in.h.unique == unique)
613 static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out,
616 unsigned reqsize = sizeof(struct fuse_out_header);
619 return nbytes != reqsize ? -EINVAL : 0;
621 reqsize += len_args(out->numargs, out->args);
623 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar))
625 else if (reqsize > nbytes) {
626 struct fuse_arg *lastarg = &out->args[out->numargs-1];
627 unsigned diffsize = reqsize - nbytes;
628 if (diffsize > lastarg->size)
630 lastarg->size -= diffsize;
632 return fuse_copy_args(cs, out->numargs, out->argpages, out->args,
637 * Write a single reply to a request. First the header is copied from
638 * the write buffer. The request is then searched on the processing
639 * list by the unique ID found in the header. If found, then remove
640 * it from the list and copy the rest of the buffer to the request.
641 * The request is finished by calling request_end()
643 static ssize_t fuse_dev_writev(struct file *file, const struct iovec *iov,
644 unsigned long nr_segs, loff_t *off)
647 unsigned nbytes = iov_length(iov, nr_segs);
648 struct fuse_req *req;
649 struct fuse_out_header oh;
650 struct fuse_copy_state cs;
651 struct fuse_conn *fc = fuse_get_conn(file);
655 fuse_copy_init(&cs, fc, 0, NULL, iov, nr_segs);
656 if (nbytes < sizeof(struct fuse_out_header))
659 err = fuse_copy_one(&cs, &oh, sizeof(oh));
663 if (!oh.unique || oh.error <= -1000 || oh.error > 0 ||
667 spin_lock(&fc->lock);
672 req = request_find(fc, oh.unique);
677 if (req->interrupted) {
678 spin_unlock(&fc->lock);
679 fuse_copy_finish(&cs);
680 spin_lock(&fc->lock);
681 request_end(fc, req);
684 list_move(&req->list, &fc->io);
688 spin_unlock(&fc->lock);
690 err = copy_out_args(&cs, &req->out, nbytes);
691 fuse_copy_finish(&cs);
693 spin_lock(&fc->lock);
696 if (req->interrupted)
698 } else if (!req->interrupted)
699 req->out.h.error = -EIO;
700 request_end(fc, req);
702 return err ? err : nbytes;
705 spin_unlock(&fc->lock);
707 fuse_copy_finish(&cs);
711 static ssize_t fuse_dev_write(struct file *file, const char __user *buf,
712 size_t nbytes, loff_t *off)
715 iov.iov_len = nbytes;
716 iov.iov_base = (char __user *) buf;
717 return fuse_dev_writev(file, &iov, 1, off);
720 static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
722 unsigned mask = POLLOUT | POLLWRNORM;
723 struct fuse_conn *fc = fuse_get_conn(file);
727 poll_wait(file, &fc->waitq, wait);
729 spin_lock(&fc->lock);
732 else if (!list_empty(&fc->pending))
733 mask |= POLLIN | POLLRDNORM;
734 spin_unlock(&fc->lock);
740 * Abort all requests on the given list (pending or processing)
742 * This function releases and reacquires fc->lock
744 static void end_requests(struct fuse_conn *fc, struct list_head *head)
746 while (!list_empty(head)) {
747 struct fuse_req *req;
748 req = list_entry(head->next, struct fuse_req, list);
749 req->out.h.error = -ECONNABORTED;
750 request_end(fc, req);
751 spin_lock(&fc->lock);
756 * Abort requests under I/O
758 * The requests are set to interrupted and finished, and the request
759 * waiter is woken up. This will make request_wait_answer() wait
760 * until the request is unlocked and then return.
762 * If the request is asynchronous, then the end function needs to be
763 * called after waiting for the request to be unlocked (if it was
766 static void end_io_requests(struct fuse_conn *fc)
768 while (!list_empty(&fc->io)) {
769 struct fuse_req *req =
770 list_entry(fc->io.next, struct fuse_req, list);
771 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
773 req->interrupted = 1;
774 req->out.h.error = -ECONNABORTED;
775 req->state = FUSE_REQ_FINISHED;
776 list_del_init(&req->list);
777 wake_up(&req->waitq);
780 /* The end function will consume this reference */
781 __fuse_get_request(req);
782 spin_unlock(&fc->lock);
783 wait_event(req->waitq, !req->locked);
785 spin_lock(&fc->lock);
791 * Abort all requests.
793 * Emergency exit in case of a malicious or accidental deadlock, or
794 * just a hung filesystem.
796 * The same effect is usually achievable through killing the
797 * filesystem daemon and all users of the filesystem. The exception
798 * is the combination of an asynchronous request and the tricky
799 * deadlock (see Documentation/filesystems/fuse.txt).
801 * During the aborting, progression of requests from the pending and
802 * processing lists onto the io list, and progression of new requests
803 * onto the pending list is prevented by req->connected being false.
805 * Progression of requests under I/O to the processing list is
806 * prevented by the req->interrupted flag being true for these
807 * requests. For this reason requests on the io list must be aborted
810 void fuse_abort_conn(struct fuse_conn *fc)
812 spin_lock(&fc->lock);
817 end_requests(fc, &fc->pending);
818 end_requests(fc, &fc->processing);
819 wake_up_all(&fc->waitq);
820 wake_up_all(&fc->blocked_waitq);
821 kill_fasync(&fc->fasync, SIGIO, POLL_IN);
823 spin_unlock(&fc->lock);
826 static int fuse_dev_release(struct inode *inode, struct file *file)
828 struct fuse_conn *fc = fuse_get_conn(file);
830 spin_lock(&fc->lock);
832 end_requests(fc, &fc->pending);
833 end_requests(fc, &fc->processing);
834 spin_unlock(&fc->lock);
835 fasync_helper(-1, file, 0, &fc->fasync);
836 kobject_put(&fc->kobj);
842 static int fuse_dev_fasync(int fd, struct file *file, int on)
844 struct fuse_conn *fc = fuse_get_conn(file);
848 /* No locking - fasync_helper does its own locking */
849 return fasync_helper(fd, file, on, &fc->fasync);
852 const struct file_operations fuse_dev_operations = {
853 .owner = THIS_MODULE,
855 .read = fuse_dev_read,
856 .readv = fuse_dev_readv,
857 .write = fuse_dev_write,
858 .writev = fuse_dev_writev,
859 .poll = fuse_dev_poll,
860 .release = fuse_dev_release,
861 .fasync = fuse_dev_fasync,
864 static struct miscdevice fuse_miscdevice = {
867 .fops = &fuse_dev_operations,
870 int __init fuse_dev_init(void)
873 fuse_req_cachep = kmem_cache_create("fuse_request",
874 sizeof(struct fuse_req),
876 if (!fuse_req_cachep)
879 err = misc_register(&fuse_miscdevice);
881 goto out_cache_clean;
886 kmem_cache_destroy(fuse_req_cachep);
891 void fuse_dev_cleanup(void)
893 misc_deregister(&fuse_miscdevice);
894 kmem_cache_destroy(fuse_req_cachep);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob