2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2006 Miklos Szeredi <miklos@szeredi.hu>
5 This program can be distributed under the terms of the GNU GPL.
11 #include <linux/init.h>
12 #include <linux/module.h>
13 #include <linux/poll.h>
14 #include <linux/uio.h>
15 #include <linux/miscdevice.h>
16 #include <linux/pagemap.h>
17 #include <linux/file.h>
18 #include <linux/slab.h>
20 MODULE_ALIAS_MISCDEV(FUSE_MINOR);
22 static kmem_cache_t *fuse_req_cachep;
24 static struct fuse_conn *fuse_get_conn(struct file *file)
27 * Lockless access is OK, because file->private data is set
28 * once during mount and is valid until the file is released.
30 return file->private_data;
33 static void fuse_request_init(struct fuse_req *req)
35 memset(req, 0, sizeof(*req));
36 INIT_LIST_HEAD(&req->list);
37 init_waitqueue_head(&req->waitq);
38 atomic_set(&req->count, 1);
41 struct fuse_req *fuse_request_alloc(void)
43 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, SLAB_KERNEL);
45 fuse_request_init(req);
49 void fuse_request_free(struct fuse_req *req)
51 kmem_cache_free(fuse_req_cachep, req);
54 static void block_sigs(sigset_t *oldset)
58 siginitsetinv(&mask, sigmask(SIGKILL));
59 sigprocmask(SIG_BLOCK, &mask, oldset);
62 static void restore_sigs(sigset_t *oldset)
64 sigprocmask(SIG_SETMASK, oldset, NULL);
68 * Reset request, so that it can be reused
70 * The caller must be _very_ careful to make sure, that it is holding
71 * the only reference to req
73 void fuse_reset_request(struct fuse_req *req)
75 BUG_ON(atomic_read(&req->count) != 1);
76 fuse_request_init(req);
79 static void __fuse_get_request(struct fuse_req *req)
81 atomic_inc(&req->count);
84 /* Must be called with > 1 refcount */
85 static void __fuse_put_request(struct fuse_req *req)
87 BUG_ON(atomic_read(&req->count) < 2);
88 atomic_dec(&req->count);
91 struct fuse_req *fuse_get_req(struct fuse_conn *fc)
98 atomic_inc(&fc->num_waiting);
100 intr = wait_event_interruptible(fc->blocked_waitq, !fc->blocked);
101 restore_sigs(&oldset);
106 req = fuse_request_alloc();
111 req->in.h.uid = current->fsuid;
112 req->in.h.gid = current->fsgid;
113 req->in.h.pid = current->pid;
118 atomic_dec(&fc->num_waiting);
122 void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
124 if (atomic_dec_and_test(&req->count)) {
126 atomic_dec(&fc->num_waiting);
127 fuse_request_free(req);
131 void fuse_remove_background(struct fuse_conn *fc, struct fuse_req *req)
133 list_del_init(&req->bg_entry);
134 if (fc->num_background == FUSE_MAX_BACKGROUND) {
136 wake_up_all(&fc->blocked_waitq);
138 fc->num_background--;
142 * This function is called when a request is finished. Either a reply
143 * has arrived or it was interrupted (and not yet sent) or some error
144 * occurred during communication with userspace, or the device file
145 * was closed. In case of a background request the reference to the
146 * stored objects are released. The requester thread is woken up (if
147 * still waiting), the 'end' callback is called if given, else the
148 * reference to the request is released
150 * Releasing extra reference for foreground requests must be done
151 * within the same locked region as setting state to finished. This
152 * is because fuse_reset_request() may be called after request is
153 * finished and it must be the sole possessor. If request is
154 * interrupted and put in the background, it will return with an error
155 * and hence never be reset and reused.
157 * Called with fc->lock, unlocks it
159 static void request_end(struct fuse_conn *fc, struct fuse_req *req)
161 list_del(&req->list);
162 req->state = FUSE_REQ_FINISHED;
163 if (!req->background) {
164 spin_unlock(&fc->lock);
165 wake_up(&req->waitq);
166 fuse_put_request(fc, req);
168 struct inode *inode = req->inode;
169 struct inode *inode2 = req->inode2;
170 struct file *file = req->file;
171 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
176 if (!list_empty(&req->bg_entry))
177 fuse_remove_background(fc, req);
178 spin_unlock(&fc->lock);
183 fuse_put_request(fc, req);
193 * Unfortunately request interruption not just solves the deadlock
194 * problem, it causes problems too. These stem from the fact, that an
195 * interrupted request is continued to be processed in userspace,
196 * while all the locks and object references (inode and file) held
197 * during the operation are released.
199 * To release the locks is exactly why there's a need to interrupt the
200 * request, so there's not a lot that can be done about this, except
201 * introduce additional locking in userspace.
203 * More important is to keep inode and file references until userspace
204 * has replied, otherwise FORGET and RELEASE could be sent while the
205 * inode/file is still used by the filesystem.
207 * For this reason the concept of "background" request is introduced.
208 * An interrupted request is backgrounded if it has been already sent
209 * to userspace. Backgrounding involves getting an extra reference to
210 * inode(s) or file used in the request, and adding the request to
211 * fc->background list. When a reply is received for a background
212 * request, the object references are released, and the request is
213 * removed from the list. If the filesystem is unmounted while there
214 * are still background requests, the list is walked and references
215 * are released as if a reply was received.
217 * There's one more use for a background request. The RELEASE message is
218 * always sent as background, since it doesn't return an error or
221 static void background_request(struct fuse_conn *fc, struct fuse_req *req)
224 list_add(&req->bg_entry, &fc->background);
225 fc->num_background++;
226 if (fc->num_background == FUSE_MAX_BACKGROUND)
229 req->inode = igrab(req->inode);
231 req->inode2 = igrab(req->inode2);
236 /* Called with fc->lock held. Releases, and then reacquires it. */
237 static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req)
241 spin_unlock(&fc->lock);
243 wait_event_interruptible(req->waitq, req->state == FUSE_REQ_FINISHED);
244 restore_sigs(&oldset);
245 spin_lock(&fc->lock);
246 if (req->state == FUSE_REQ_FINISHED && !req->interrupted)
249 if (!req->interrupted) {
250 req->out.h.error = -EINTR;
251 req->interrupted = 1;
254 /* This is uninterruptible sleep, because data is
255 being copied to/from the buffers of req. During
256 locked state, there mustn't be any filesystem
257 operation (e.g. page fault), since that could lead
259 spin_unlock(&fc->lock);
260 wait_event(req->waitq, !req->locked);
261 spin_lock(&fc->lock);
263 if (req->state == FUSE_REQ_PENDING) {
264 list_del(&req->list);
265 __fuse_put_request(req);
266 } else if (req->state == FUSE_REQ_SENT)
267 background_request(fc, req);
270 static unsigned len_args(unsigned numargs, struct fuse_arg *args)
275 for (i = 0; i < numargs; i++)
276 nbytes += args[i].size;
281 static void queue_request(struct fuse_conn *fc, struct fuse_req *req)
284 /* zero is special */
287 req->in.h.unique = fc->reqctr;
288 req->in.h.len = sizeof(struct fuse_in_header) +
289 len_args(req->in.numargs, (struct fuse_arg *) req->in.args);
290 list_add_tail(&req->list, &fc->pending);
291 req->state = FUSE_REQ_PENDING;
294 atomic_inc(&fc->num_waiting);
297 kill_fasync(&fc->fasync, SIGIO, POLL_IN);
301 * This can only be interrupted by a SIGKILL
303 void request_send(struct fuse_conn *fc, struct fuse_req *req)
306 spin_lock(&fc->lock);
308 req->out.h.error = -ENOTCONN;
309 else if (fc->conn_error)
310 req->out.h.error = -ECONNREFUSED;
312 queue_request(fc, req);
313 /* acquire extra reference, since request is still needed
314 after request_end() */
315 __fuse_get_request(req);
317 request_wait_answer(fc, req);
319 spin_unlock(&fc->lock);
322 static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req)
324 spin_lock(&fc->lock);
325 background_request(fc, req);
327 queue_request(fc, req);
328 spin_unlock(&fc->lock);
330 req->out.h.error = -ENOTCONN;
331 request_end(fc, req);
335 void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req)
338 request_send_nowait(fc, req);
341 void request_send_background(struct fuse_conn *fc, struct fuse_req *req)
344 request_send_nowait(fc, req);
348 * Lock the request. Up to the next unlock_request() there mustn't be
349 * anything that could cause a page-fault. If the request was already
350 * interrupted bail out.
352 static int lock_request(struct fuse_conn *fc, struct fuse_req *req)
356 spin_lock(&fc->lock);
357 if (req->interrupted)
361 spin_unlock(&fc->lock);
367 * Unlock request. If it was interrupted during being locked, the
368 * requester thread is currently waiting for it to be unlocked, so
371 static void unlock_request(struct fuse_conn *fc, struct fuse_req *req)
374 spin_lock(&fc->lock);
376 if (req->interrupted)
377 wake_up(&req->waitq);
378 spin_unlock(&fc->lock);
382 struct fuse_copy_state {
383 struct fuse_conn *fc;
385 struct fuse_req *req;
386 const struct iovec *iov;
387 unsigned long nr_segs;
388 unsigned long seglen;
396 static void fuse_copy_init(struct fuse_copy_state *cs, struct fuse_conn *fc,
397 int write, struct fuse_req *req,
398 const struct iovec *iov, unsigned long nr_segs)
400 memset(cs, 0, sizeof(*cs));
405 cs->nr_segs = nr_segs;
408 /* Unmap and put previous page of userspace buffer */
409 static void fuse_copy_finish(struct fuse_copy_state *cs)
412 kunmap_atomic(cs->mapaddr, KM_USER0);
414 flush_dcache_page(cs->pg);
415 set_page_dirty_lock(cs->pg);
423 * Get another pagefull of userspace buffer, and map it to kernel
424 * address space, and lock request
426 static int fuse_copy_fill(struct fuse_copy_state *cs)
428 unsigned long offset;
431 unlock_request(cs->fc, cs->req);
432 fuse_copy_finish(cs);
434 BUG_ON(!cs->nr_segs);
435 cs->seglen = cs->iov[0].iov_len;
436 cs->addr = (unsigned long) cs->iov[0].iov_base;
440 down_read(¤t->mm->mmap_sem);
441 err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0,
443 up_read(¤t->mm->mmap_sem);
447 offset = cs->addr % PAGE_SIZE;
448 cs->mapaddr = kmap_atomic(cs->pg, KM_USER0);
449 cs->buf = cs->mapaddr + offset;
450 cs->len = min(PAGE_SIZE - offset, cs->seglen);
451 cs->seglen -= cs->len;
454 return lock_request(cs->fc, cs->req);
457 /* Do as much copy to/from userspace buffer as we can */
458 static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size)
460 unsigned ncpy = min(*size, cs->len);
463 memcpy(cs->buf, *val, ncpy);
465 memcpy(*val, cs->buf, ncpy);
475 * Copy a page in the request to/from the userspace buffer. Must be
478 static int fuse_copy_page(struct fuse_copy_state *cs, struct page *page,
479 unsigned offset, unsigned count, int zeroing)
481 if (page && zeroing && count < PAGE_SIZE) {
482 void *mapaddr = kmap_atomic(page, KM_USER1);
483 memset(mapaddr, 0, PAGE_SIZE);
484 kunmap_atomic(mapaddr, KM_USER1);
488 if (!cs->len && (err = fuse_copy_fill(cs)))
491 void *mapaddr = kmap_atomic(page, KM_USER1);
492 void *buf = mapaddr + offset;
493 offset += fuse_copy_do(cs, &buf, &count);
494 kunmap_atomic(mapaddr, KM_USER1);
496 offset += fuse_copy_do(cs, NULL, &count);
498 if (page && !cs->write)
499 flush_dcache_page(page);
503 /* Copy pages in the request to/from userspace buffer */
504 static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes,
508 struct fuse_req *req = cs->req;
509 unsigned offset = req->page_offset;
510 unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset);
512 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) {
513 struct page *page = req->pages[i];
514 int err = fuse_copy_page(cs, page, offset, count, zeroing);
519 count = min(nbytes, (unsigned) PAGE_SIZE);
525 /* Copy a single argument in the request to/from userspace buffer */
526 static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size)
530 if (!cs->len && (err = fuse_copy_fill(cs)))
532 fuse_copy_do(cs, &val, &size);
537 /* Copy request arguments to/from userspace buffer */
538 static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs,
539 unsigned argpages, struct fuse_arg *args,
545 for (i = 0; !err && i < numargs; i++) {
546 struct fuse_arg *arg = &args[i];
547 if (i == numargs - 1 && argpages)
548 err = fuse_copy_pages(cs, arg->size, zeroing);
550 err = fuse_copy_one(cs, arg->value, arg->size);
555 /* Wait until a request is available on the pending list */
556 static void request_wait(struct fuse_conn *fc)
558 DECLARE_WAITQUEUE(wait, current);
560 add_wait_queue_exclusive(&fc->waitq, &wait);
561 while (fc->connected && list_empty(&fc->pending)) {
562 set_current_state(TASK_INTERRUPTIBLE);
563 if (signal_pending(current))
566 spin_unlock(&fc->lock);
568 spin_lock(&fc->lock);
570 set_current_state(TASK_RUNNING);
571 remove_wait_queue(&fc->waitq, &wait);
575 * Read a single request into the userspace filesystem's buffer. This
576 * function waits until a request is available, then removes it from
577 * the pending list and copies request data to userspace buffer. If
578 * no reply is needed (FORGET) or request has been interrupted or
579 * there was an error during the copying then it's finished by calling
580 * request_end(). Otherwise add it to the processing list, and set
583 static ssize_t fuse_dev_readv(struct file *file, const struct iovec *iov,
584 unsigned long nr_segs, loff_t *off)
587 struct fuse_req *req;
589 struct fuse_copy_state cs;
591 struct fuse_conn *fc = fuse_get_conn(file);
596 spin_lock(&fc->lock);
598 if ((file->f_flags & O_NONBLOCK) && fc->connected &&
599 list_empty(&fc->pending))
607 if (list_empty(&fc->pending))
610 req = list_entry(fc->pending.next, struct fuse_req, list);
611 req->state = FUSE_REQ_READING;
612 list_move(&req->list, &fc->io);
616 /* If request is too large, reply with an error and restart the read */
617 if (iov_length(iov, nr_segs) < reqsize) {
618 req->out.h.error = -EIO;
619 /* SETXATTR is special, since it may contain too large data */
620 if (in->h.opcode == FUSE_SETXATTR)
621 req->out.h.error = -E2BIG;
622 request_end(fc, req);
625 spin_unlock(&fc->lock);
626 fuse_copy_init(&cs, fc, 1, req, iov, nr_segs);
627 err = fuse_copy_one(&cs, &in->h, sizeof(in->h));
629 err = fuse_copy_args(&cs, in->numargs, in->argpages,
630 (struct fuse_arg *) in->args, 0);
631 fuse_copy_finish(&cs);
632 spin_lock(&fc->lock);
634 if (!err && req->interrupted)
637 if (!req->interrupted)
638 req->out.h.error = -EIO;
639 request_end(fc, req);
643 request_end(fc, req);
645 req->state = FUSE_REQ_SENT;
646 list_move_tail(&req->list, &fc->processing);
647 spin_unlock(&fc->lock);
652 spin_unlock(&fc->lock);
656 static ssize_t fuse_dev_read(struct file *file, char __user *buf,
657 size_t nbytes, loff_t *off)
660 iov.iov_len = nbytes;
662 return fuse_dev_readv(file, &iov, 1, off);
665 /* Look up request on processing list by unique ID */
666 static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique)
668 struct list_head *entry;
670 list_for_each(entry, &fc->processing) {
671 struct fuse_req *req;
672 req = list_entry(entry, struct fuse_req, list);
673 if (req->in.h.unique == unique)
679 static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out,
682 unsigned reqsize = sizeof(struct fuse_out_header);
685 return nbytes != reqsize ? -EINVAL : 0;
687 reqsize += len_args(out->numargs, out->args);
689 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar))
691 else if (reqsize > nbytes) {
692 struct fuse_arg *lastarg = &out->args[out->numargs-1];
693 unsigned diffsize = reqsize - nbytes;
694 if (diffsize > lastarg->size)
696 lastarg->size -= diffsize;
698 return fuse_copy_args(cs, out->numargs, out->argpages, out->args,
703 * Write a single reply to a request. First the header is copied from
704 * the write buffer. The request is then searched on the processing
705 * list by the unique ID found in the header. If found, then remove
706 * it from the list and copy the rest of the buffer to the request.
707 * The request is finished by calling request_end()
709 static ssize_t fuse_dev_writev(struct file *file, const struct iovec *iov,
710 unsigned long nr_segs, loff_t *off)
713 unsigned nbytes = iov_length(iov, nr_segs);
714 struct fuse_req *req;
715 struct fuse_out_header oh;
716 struct fuse_copy_state cs;
717 struct fuse_conn *fc = fuse_get_conn(file);
721 fuse_copy_init(&cs, fc, 0, NULL, iov, nr_segs);
722 if (nbytes < sizeof(struct fuse_out_header))
725 err = fuse_copy_one(&cs, &oh, sizeof(oh));
729 if (!oh.unique || oh.error <= -1000 || oh.error > 0 ||
733 spin_lock(&fc->lock);
738 req = request_find(fc, oh.unique);
743 if (req->interrupted) {
744 spin_unlock(&fc->lock);
745 fuse_copy_finish(&cs);
746 spin_lock(&fc->lock);
747 request_end(fc, req);
750 list_move(&req->list, &fc->io);
754 spin_unlock(&fc->lock);
756 err = copy_out_args(&cs, &req->out, nbytes);
757 fuse_copy_finish(&cs);
759 spin_lock(&fc->lock);
762 if (req->interrupted)
764 } else if (!req->interrupted)
765 req->out.h.error = -EIO;
766 request_end(fc, req);
768 return err ? err : nbytes;
771 spin_unlock(&fc->lock);
773 fuse_copy_finish(&cs);
777 static ssize_t fuse_dev_write(struct file *file, const char __user *buf,
778 size_t nbytes, loff_t *off)
781 iov.iov_len = nbytes;
782 iov.iov_base = (char __user *) buf;
783 return fuse_dev_writev(file, &iov, 1, off);
786 static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
788 unsigned mask = POLLOUT | POLLWRNORM;
789 struct fuse_conn *fc = fuse_get_conn(file);
793 poll_wait(file, &fc->waitq, wait);
795 spin_lock(&fc->lock);
798 else if (!list_empty(&fc->pending))
799 mask |= POLLIN | POLLRDNORM;
800 spin_unlock(&fc->lock);
806 * Abort all requests on the given list (pending or processing)
808 * This function releases and reacquires fc->lock
810 static void end_requests(struct fuse_conn *fc, struct list_head *head)
812 while (!list_empty(head)) {
813 struct fuse_req *req;
814 req = list_entry(head->next, struct fuse_req, list);
815 req->out.h.error = -ECONNABORTED;
816 request_end(fc, req);
817 spin_lock(&fc->lock);
822 * Abort requests under I/O
824 * The requests are set to interrupted and finished, and the request
825 * waiter is woken up. This will make request_wait_answer() wait
826 * until the request is unlocked and then return.
828 * If the request is asynchronous, then the end function needs to be
829 * called after waiting for the request to be unlocked (if it was
832 static void end_io_requests(struct fuse_conn *fc)
834 while (!list_empty(&fc->io)) {
835 struct fuse_req *req =
836 list_entry(fc->io.next, struct fuse_req, list);
837 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
839 req->interrupted = 1;
840 req->out.h.error = -ECONNABORTED;
841 req->state = FUSE_REQ_FINISHED;
842 list_del_init(&req->list);
843 wake_up(&req->waitq);
846 /* The end function will consume this reference */
847 __fuse_get_request(req);
848 spin_unlock(&fc->lock);
849 wait_event(req->waitq, !req->locked);
851 spin_lock(&fc->lock);
857 * Abort all requests.
859 * Emergency exit in case of a malicious or accidental deadlock, or
860 * just a hung filesystem.
862 * The same effect is usually achievable through killing the
863 * filesystem daemon and all users of the filesystem. The exception
864 * is the combination of an asynchronous request and the tricky
865 * deadlock (see Documentation/filesystems/fuse.txt).
867 * During the aborting, progression of requests from the pending and
868 * processing lists onto the io list, and progression of new requests
869 * onto the pending list is prevented by req->connected being false.
871 * Progression of requests under I/O to the processing list is
872 * prevented by the req->interrupted flag being true for these
873 * requests. For this reason requests on the io list must be aborted
876 void fuse_abort_conn(struct fuse_conn *fc)
878 spin_lock(&fc->lock);
882 end_requests(fc, &fc->pending);
883 end_requests(fc, &fc->processing);
884 wake_up_all(&fc->waitq);
885 kill_fasync(&fc->fasync, SIGIO, POLL_IN);
887 spin_unlock(&fc->lock);
890 static int fuse_dev_release(struct inode *inode, struct file *file)
892 struct fuse_conn *fc = fuse_get_conn(file);
894 spin_lock(&fc->lock);
896 end_requests(fc, &fc->pending);
897 end_requests(fc, &fc->processing);
898 spin_unlock(&fc->lock);
899 fasync_helper(-1, file, 0, &fc->fasync);
900 kobject_put(&fc->kobj);
906 static int fuse_dev_fasync(int fd, struct file *file, int on)
908 struct fuse_conn *fc = fuse_get_conn(file);
912 /* No locking - fasync_helper does its own locking */
913 return fasync_helper(fd, file, on, &fc->fasync);
916 const struct file_operations fuse_dev_operations = {
917 .owner = THIS_MODULE,
919 .read = fuse_dev_read,
920 .readv = fuse_dev_readv,
921 .write = fuse_dev_write,
922 .writev = fuse_dev_writev,
923 .poll = fuse_dev_poll,
924 .release = fuse_dev_release,
925 .fasync = fuse_dev_fasync,
928 static struct miscdevice fuse_miscdevice = {
931 .fops = &fuse_dev_operations,
934 int __init fuse_dev_init(void)
937 fuse_req_cachep = kmem_cache_create("fuse_request",
938 sizeof(struct fuse_req),
940 if (!fuse_req_cachep)
943 err = misc_register(&fuse_miscdevice);
945 goto out_cache_clean;
950 kmem_cache_destroy(fuse_req_cachep);
955 void fuse_dev_cleanup(void)
957 misc_deregister(&fuse_miscdevice);
958 kmem_cache_destroy(fuse_req_cachep);
git.openpandora.org / pandora-kernel.git / blob