xref: /freebsd/sys/fs/fuse/fuse_io.c (revision 681ce946f33e75c590e97c53076e86dff1fe8f4a)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 2007-2009 Google Inc.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions are
9  * met:
10  *
11  * * Redistributions of source code must retain the above copyright
12  *   notice, this list of conditions and the following disclaimer.
13  * * Redistributions in binary form must reproduce the above
14  *   copyright notice, this list of conditions and the following disclaimer
15  *   in the documentation and/or other materials provided with the
16  *   distribution.
17  * * Neither the name of Google Inc. nor the names of its
18  *   contributors may be used to endorse or promote products derived from
19  *   this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  *
33  * Copyright (C) 2005 Csaba Henk.
34  * All rights reserved.
35  *
36  * Copyright (c) 2019 The FreeBSD Foundation
37  *
38  * Portions of this software were developed by BFF Storage Systems, LLC under
39  * sponsorship from the FreeBSD Foundation.
40  *
41  * Redistribution and use in source and binary forms, with or without
42  * modification, are permitted provided that the following conditions
43  * are met:
44  * 1. Redistributions of source code must retain the above copyright
45  *    notice, this list of conditions and the following disclaimer.
46  * 2. Redistributions in binary form must reproduce the above copyright
47  *    notice, this list of conditions and the following disclaimer in the
48  *    documentation and/or other materials provided with the distribution.
49  *
50  * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
51  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53  * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
54  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60  * SUCH DAMAGE.
61  */
62 
63 #include <sys/cdefs.h>
64 __FBSDID("$FreeBSD$");
65 
66 #include <sys/types.h>
67 #include <sys/param.h>
68 #include <sys/module.h>
69 #include <sys/systm.h>
70 #include <sys/errno.h>
71 #include <sys/param.h>
72 #include <sys/kernel.h>
73 #include <sys/conf.h>
74 #include <sys/uio.h>
75 #include <sys/malloc.h>
76 #include <sys/queue.h>
77 #include <sys/lock.h>
78 #include <sys/sx.h>
79 #include <sys/mutex.h>
80 #include <sys/rwlock.h>
81 #include <sys/priv.h>
82 #include <sys/proc.h>
83 #include <sys/mount.h>
84 #include <sys/vnode.h>
85 #include <sys/stat.h>
86 #include <sys/unistd.h>
87 #include <sys/filedesc.h>
88 #include <sys/file.h>
89 #include <sys/fcntl.h>
90 #include <sys/bio.h>
91 #include <sys/buf.h>
92 #include <sys/sysctl.h>
93 #include <sys/vmmeter.h>
94 
95 #include <vm/vm.h>
96 #include <vm/vm_extern.h>
97 #include <vm/pmap.h>
98 #include <vm/vm_map.h>
99 #include <vm/vm_page.h>
100 #include <vm/vm_object.h>
101 
102 #include "fuse.h"
103 #include "fuse_file.h"
104 #include "fuse_node.h"
105 #include "fuse_internal.h"
106 #include "fuse_ipc.h"
107 #include "fuse_io.h"
108 
109 /*
110  * Set in a struct buf to indicate that the write came from the buffer cache
111  * and the originating cred and pid are no longer known.
112  */
113 #define B_FUSEFS_WRITE_CACHE B_FS_FLAG1
114 
115 SDT_PROVIDER_DECLARE(fusefs);
116 /*
117  * Fuse trace probe:
118  * arg0: verbosity.  Higher numbers give more verbose messages
119  * arg1: Textual message
120  */
121 SDT_PROBE_DEFINE2(fusefs, , io, trace, "int", "char*");
122 
123 SDT_PROBE_DEFINE4(fusefs, , io, read_bio_backend_start, "int", "int", "int", "int");
124 SDT_PROBE_DEFINE2(fusefs, , io, read_bio_backend_feed, "int", "struct buf*");
125 SDT_PROBE_DEFINE4(fusefs, , io, read_bio_backend_end, "int", "ssize_t", "int",
126 		"struct buf*");
127 int
128 fuse_read_biobackend(struct vnode *vp, struct uio *uio, int ioflag,
129     struct ucred *cred, struct fuse_filehandle *fufh, pid_t pid)
130 {
131 	struct buf *bp;
132 	struct mount *mp;
133 	struct fuse_data *data;
134 	daddr_t lbn, nextlbn;
135 	int bcount, nextsize;
136 	int err, n = 0, on = 0, seqcount;
137 	off_t filesize;
138 
139 	const int biosize = fuse_iosize(vp);
140 	mp = vnode_mount(vp);
141 	data = fuse_get_mpdata(mp);
142 
143 	if (uio->uio_offset < 0)
144 		return (EINVAL);
145 
146 	seqcount = ioflag >> IO_SEQSHIFT;
147 
148 	err = fuse_vnode_size(vp, &filesize, cred, curthread);
149 	if (err)
150 		return err;
151 
152 	for (err = 0, bp = NULL; uio->uio_resid > 0; bp = NULL) {
153 		if (fuse_isdeadfs(vp)) {
154 			err = ENXIO;
155 			break;
156 		}
157 		if (filesize - uio->uio_offset <= 0)
158 			break;
159 		lbn = uio->uio_offset / biosize;
160 		on = uio->uio_offset & (biosize - 1);
161 
162 		if ((off_t)lbn * biosize >= filesize) {
163 			bcount = 0;
164 		} else if ((off_t)(lbn + 1) * biosize > filesize) {
165 			bcount = filesize - (off_t)lbn *biosize;
166 		} else {
167 			bcount = biosize;
168 		}
169 		nextlbn = lbn + 1;
170 		nextsize = MIN(biosize, filesize - nextlbn * biosize);
171 
172 		SDT_PROBE4(fusefs, , io, read_bio_backend_start,
173 			biosize, (int)lbn, on, bcount);
174 
175 		if (bcount < biosize) {
176 			/* If near EOF, don't do readahead */
177 			err = bread(vp, lbn, bcount, NOCRED, &bp);
178 		} else if ((vp->v_mount->mnt_flag & MNT_NOCLUSTERR) == 0) {
179 			/* Try clustered read */
180 			long totread = uio->uio_resid + on;
181 			seqcount = MIN(seqcount,
182 				data->max_readahead_blocks + 1);
183 			err = cluster_read(vp, filesize, lbn, bcount, NOCRED,
184 				totread, seqcount, 0, &bp);
185 		} else if (seqcount > 1 && data->max_readahead_blocks >= 1) {
186 			/* Try non-clustered readahead */
187 			err = breadn(vp, lbn, bcount, &nextlbn, &nextsize, 1,
188 				NOCRED, &bp);
189 		} else {
190 			/* Just read what was requested */
191 			err = bread(vp, lbn, bcount, NOCRED, &bp);
192 		}
193 
194 		if (err) {
195 			brelse(bp);
196 			bp = NULL;
197 			break;
198 		}
199 
200 		/*
201 	         * on is the offset into the current bp.  Figure out how many
202 	         * bytes we can copy out of the bp.  Note that bcount is
203 	         * NOT DEV_BSIZE aligned.
204 	         *
205 	         * Then figure out how many bytes we can copy into the uio.
206 	         */
207 
208 		n = 0;
209 		if (on < bcount - bp->b_resid)
210 			n = MIN((unsigned)(bcount - bp->b_resid - on),
211 			    uio->uio_resid);
212 		if (n > 0) {
213 			SDT_PROBE2(fusefs, , io, read_bio_backend_feed, n, bp);
214 			err = uiomove(bp->b_data + on, n, uio);
215 		}
216 		vfs_bio_brelse(bp, ioflag);
217 		SDT_PROBE4(fusefs, , io, read_bio_backend_end, err,
218 			uio->uio_resid, n, bp);
219 		if (bp->b_resid > 0) {
220 			/* Short read indicates EOF */
221 			break;
222 		}
223 	}
224 
225 	return (err);
226 }
227 
228 SDT_PROBE_DEFINE1(fusefs, , io, read_directbackend_start,
229 	"struct fuse_read_in*");
230 SDT_PROBE_DEFINE3(fusefs, , io, read_directbackend_complete,
231 	"struct fuse_dispatcher*", "struct fuse_read_in*", "struct uio*");
232 
233 int
234 fuse_read_directbackend(struct vnode *vp, struct uio *uio,
235     struct ucred *cred, struct fuse_filehandle *fufh)
236 {
237 	struct fuse_data *data;
238 	struct fuse_dispatcher fdi;
239 	struct fuse_read_in *fri;
240 	int err = 0;
241 
242 	data = fuse_get_mpdata(vp->v_mount);
243 
244 	if (uio->uio_resid == 0)
245 		return (0);
246 
247 	fdisp_init(&fdi, 0);
248 
249 	/*
250          * XXX In "normal" case we use an intermediate kernel buffer for
251          * transmitting data from daemon's context to ours. Eventually, we should
252          * get rid of this. Anyway, if the target uio lives in sysspace (we are
253          * called from pageops), and the input data doesn't need kernel-side
254          * processing (we are not called from readdir) we can already invoke
255          * an optimized, "peer-to-peer" I/O routine.
256          */
257 	while (uio->uio_resid > 0) {
258 		fdi.iosize = sizeof(*fri);
259 		fdisp_make_vp(&fdi, FUSE_READ, vp, uio->uio_td, cred);
260 		fri = fdi.indata;
261 		fri->fh = fufh->fh_id;
262 		fri->offset = uio->uio_offset;
263 		fri->size = MIN(uio->uio_resid,
264 		    fuse_get_mpdata(vp->v_mount)->max_read);
265 		if (fuse_libabi_geq(data, 7, 9)) {
266 			/* See comment regarding FUSE_WRITE_LOCKOWNER */
267 			fri->read_flags = 0;
268 			fri->flags = fufh_type_2_fflags(fufh->fufh_type);
269 		}
270 
271 		SDT_PROBE1(fusefs, , io, read_directbackend_start, fri);
272 
273 		if ((err = fdisp_wait_answ(&fdi)))
274 			goto out;
275 
276 		SDT_PROBE3(fusefs, , io, read_directbackend_complete,
277 			&fdi, fri, uio);
278 
279 		if ((err = uiomove(fdi.answ, MIN(fri->size, fdi.iosize), uio)))
280 			break;
281 		if (fdi.iosize < fri->size) {
282 			/*
283 			 * Short read.  Should only happen at EOF or with
284 			 * direct io.
285 			 */
286 			break;
287 		}
288 	}
289 
290 out:
291 	fdisp_destroy(&fdi);
292 	return (err);
293 }
294 
295 int
296 fuse_write_directbackend(struct vnode *vp, struct uio *uio,
297     struct ucred *cred, struct fuse_filehandle *fufh, off_t filesize,
298     int ioflag, bool pages)
299 {
300 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
301 	struct fuse_data *data;
302 	struct fuse_write_in *fwi;
303 	struct fuse_write_out *fwo;
304 	struct fuse_dispatcher fdi;
305 	size_t chunksize;
306 	void *fwi_data;
307 	off_t as_written_offset;
308 	int diff;
309 	int err = 0;
310 	bool direct_io = fufh->fuse_open_flags & FOPEN_DIRECT_IO;
311 	bool wrote_anything = false;
312 	uint32_t write_flags;
313 
314 	data = fuse_get_mpdata(vp->v_mount);
315 
316 	/*
317 	 * Don't set FUSE_WRITE_LOCKOWNER in write_flags.  It can't be set
318 	 * accurately when using POSIX AIO, libfuse doesn't use it, and I'm not
319 	 * aware of any file systems that do.  It was an attempt to add
320 	 * Linux-style mandatory locking to the FUSE protocol, but mandatory
321 	 * locking is deprecated even on Linux.  See Linux commit
322 	 * f33321141b273d60cbb3a8f56a5489baad82ba5e .
323 	 */
324 	/*
325 	 * Set FUSE_WRITE_CACHE whenever we don't know the uid, gid, and/or pid
326 	 * that originated a write.  For example when writing from the
327 	 * writeback cache.  I don't know of a single file system that cares,
328 	 * but the protocol says we're supposed to do this.
329 	 */
330 	write_flags = !pages && (
331 		(ioflag & IO_DIRECT) ||
332 		!fsess_opt_datacache(vnode_mount(vp)) ||
333 		!fsess_opt_writeback(vnode_mount(vp))) ? 0 : FUSE_WRITE_CACHE;
334 
335 	if (uio->uio_resid == 0)
336 		return (0);
337 
338 	if (ioflag & IO_APPEND)
339 		uio_setoffset(uio, filesize);
340 
341 	if (vn_rlimit_fsize(vp, uio, uio->uio_td))
342 		return (EFBIG);
343 
344 	fdisp_init(&fdi, 0);
345 
346 	while (uio->uio_resid > 0) {
347 		size_t sizeof_fwi;
348 
349 		if (fuse_libabi_geq(data, 7, 9)) {
350 			sizeof_fwi = sizeof(*fwi);
351 		} else {
352 			sizeof_fwi = FUSE_COMPAT_WRITE_IN_SIZE;
353 		}
354 
355 		chunksize = MIN(uio->uio_resid, data->max_write);
356 
357 		fdi.iosize = sizeof_fwi + chunksize;
358 		fdisp_make_vp(&fdi, FUSE_WRITE, vp, uio->uio_td, cred);
359 
360 		fwi = fdi.indata;
361 		fwi->fh = fufh->fh_id;
362 		fwi->offset = uio->uio_offset;
363 		fwi->size = chunksize;
364 		fwi->write_flags = write_flags;
365 		if (fuse_libabi_geq(data, 7, 9)) {
366 			fwi->flags = fufh_type_2_fflags(fufh->fufh_type);
367 		}
368 		fwi_data = (char *)fdi.indata + sizeof_fwi;
369 
370 		if ((err = uiomove(fwi_data, chunksize, uio)))
371 			break;
372 
373 retry:
374 		err = fdisp_wait_answ(&fdi);
375 		if (err == ERESTART || err == EINTR || err == EWOULDBLOCK) {
376 			/*
377 			 * Rewind the uio so dofilewrite will know it's
378 			 * incomplete
379 			 */
380 			uio->uio_resid += fwi->size;
381 			uio->uio_offset -= fwi->size;
382 			/*
383 			 * Change ERESTART into EINTR because we can't rewind
384 			 * uio->uio_iov.  Basically, once uiomove(9) has been
385 			 * called, it's impossible to restart a syscall.
386 			 */
387 			if (err == ERESTART)
388 				err = EINTR;
389 			break;
390 		} else if (err) {
391 			break;
392 		} else {
393 			wrote_anything = true;
394 		}
395 
396 		fwo = ((struct fuse_write_out *)fdi.answ);
397 
398 		/* Adjust the uio in the case of short writes */
399 		diff = fwi->size - fwo->size;
400 		as_written_offset = uio->uio_offset - diff;
401 
402 		if (as_written_offset - diff > filesize)
403 			fuse_vnode_setsize(vp, as_written_offset, false);
404 		if (as_written_offset - diff >= filesize)
405 			fvdat->flag &= ~FN_SIZECHANGE;
406 
407 		if (diff < 0) {
408 			fuse_warn(data, FSESS_WARN_WROTE_LONG,
409 				"wrote more data than we provided it.");
410 			err = EINVAL;
411 			break;
412 		} else if (diff > 0) {
413 			/* Short write */
414 			if (!direct_io) {
415 				fuse_warn(data, FSESS_WARN_SHORT_WRITE,
416 					"short writes are only allowed with "
417 					"direct_io.");
418 			}
419 			if (ioflag & IO_DIRECT) {
420 				/* Return early */
421 				uio->uio_resid += diff;
422 				uio->uio_offset -= diff;
423 				break;
424 			} else {
425 				/* Resend the unwritten portion of data */
426 				fdi.iosize = sizeof_fwi + diff;
427 				/* Refresh fdi without clearing data buffer */
428 				fdisp_refresh_vp(&fdi, FUSE_WRITE, vp,
429 					uio->uio_td, cred);
430 				fwi = fdi.indata;
431 				MPASS2(fwi == fdi.indata, "FUSE dispatcher "
432 					"reallocated despite no increase in "
433 					"size?");
434 				void *src = (char*)fwi_data + fwo->size;
435 				memmove(fwi_data, src, diff);
436 				fwi->fh = fufh->fh_id;
437 				fwi->offset = as_written_offset;
438 				fwi->size = diff;
439 				fwi->write_flags = write_flags;
440 				goto retry;
441 			}
442 		}
443 	}
444 
445 	fdisp_destroy(&fdi);
446 
447 	if (wrote_anything)
448 		fuse_vnode_undirty_cached_timestamps(vp, false);
449 
450 	return (err);
451 }
452 
453 SDT_PROBE_DEFINE6(fusefs, , io, write_biobackend_start, "int64_t", "int", "int",
454 		"struct uio*", "int", "bool");
455 SDT_PROBE_DEFINE2(fusefs, , io, write_biobackend_append_race, "long", "int");
456 SDT_PROBE_DEFINE2(fusefs, , io, write_biobackend_issue, "int", "struct buf*");
457 
458 int
459 fuse_write_biobackend(struct vnode *vp, struct uio *uio,
460     struct ucred *cred, struct fuse_filehandle *fufh, int ioflag, pid_t pid)
461 {
462 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
463 	struct buf *bp;
464 	daddr_t lbn;
465 	off_t filesize;
466 	int bcount;
467 	int n, on, seqcount, err = 0;
468 	bool last_page;
469 
470 	const int biosize = fuse_iosize(vp);
471 
472 	seqcount = ioflag >> IO_SEQSHIFT;
473 
474 	KASSERT(uio->uio_rw == UIO_WRITE, ("fuse_write_biobackend mode"));
475 	if (vp->v_type != VREG)
476 		return (EIO);
477 	if (uio->uio_offset < 0)
478 		return (EINVAL);
479 	if (uio->uio_resid == 0)
480 		return (0);
481 
482 	err = fuse_vnode_size(vp, &filesize, cred, curthread);
483 	if (err)
484 		return err;
485 
486 	if (ioflag & IO_APPEND)
487 		uio_setoffset(uio, filesize);
488 
489 	if (vn_rlimit_fsize(vp, uio, uio->uio_td))
490 		return (EFBIG);
491 
492 	do {
493 		bool direct_append, extending;
494 
495 		if (fuse_isdeadfs(vp)) {
496 			err = ENXIO;
497 			break;
498 		}
499 		lbn = uio->uio_offset / biosize;
500 		on = uio->uio_offset & (biosize - 1);
501 		n = MIN((unsigned)(biosize - on), uio->uio_resid);
502 
503 again:
504 		/* Get or create a buffer for the write */
505 		direct_append = uio->uio_offset == filesize && n;
506 		if (uio->uio_offset + n < filesize) {
507 			extending = false;
508 			if ((off_t)(lbn + 1) * biosize < filesize) {
509 				/* Not the file's last block */
510 				bcount = biosize;
511 			} else {
512 				/* The file's last block */
513 				bcount = filesize - (off_t)lbn * biosize;
514 			}
515 		} else {
516 			extending = true;
517 			bcount = on + n;
518 		}
519 		if (howmany(((off_t)lbn * biosize + on + n - 1), PAGE_SIZE) >=
520 		    howmany(filesize, PAGE_SIZE))
521 			last_page = true;
522 		else
523 			last_page = false;
524 		if (direct_append) {
525 			/*
526 			 * Take care to preserve the buffer's B_CACHE state so
527 			 * as not to cause an unnecessary read.
528 			 */
529 			bp = getblk(vp, lbn, on, PCATCH, 0, 0);
530 			if (bp != NULL) {
531 				uint32_t save = bp->b_flags & B_CACHE;
532 				allocbuf(bp, bcount);
533 				bp->b_flags |= save;
534 			}
535 		} else {
536 			bp = getblk(vp, lbn, bcount, PCATCH, 0, 0);
537 		}
538 		if (!bp) {
539 			err = EINTR;
540 			break;
541 		}
542 		if (extending) {
543 			/*
544 			 * Extend file _after_ locking buffer so we won't race
545 			 * with other readers
546 			 */
547 			err = fuse_vnode_setsize(vp, uio->uio_offset + n, false);
548 			filesize = uio->uio_offset + n;
549 			fvdat->flag |= FN_SIZECHANGE;
550 			if (err) {
551 				brelse(bp);
552 				break;
553 			}
554 		}
555 
556 		SDT_PROBE6(fusefs, , io, write_biobackend_start,
557 			lbn, on, n, uio, bcount, direct_append);
558 		/*
559 	         * Issue a READ if B_CACHE is not set.  In special-append
560 	         * mode, B_CACHE is based on the buffer prior to the write
561 	         * op and is typically set, avoiding the read.  If a read
562 	         * is required in special append mode, the server will
563 	         * probably send us a short-read since we extended the file
564 	         * on our end, resulting in b_resid == 0 and, thusly,
565 	         * B_CACHE getting set.
566 	         *
567 	         * We can also avoid issuing the read if the write covers
568 	         * the entire buffer.  We have to make sure the buffer state
569 	         * is reasonable in this case since we will not be initiating
570 	         * I/O.  See the comments in kern/vfs_bio.c's getblk() for
571 	         * more information.
572 	         *
573 	         * B_CACHE may also be set due to the buffer being cached
574 	         * normally.
575 	         */
576 
577 		if (on == 0 && n == bcount) {
578 			bp->b_flags |= B_CACHE;
579 			bp->b_flags &= ~B_INVAL;
580 			bp->b_ioflags &= ~BIO_ERROR;
581 		}
582 		if ((bp->b_flags & B_CACHE) == 0) {
583 			bp->b_iocmd = BIO_READ;
584 			vfs_busy_pages(bp, 0);
585 			fuse_io_strategy(vp, bp);
586 			if ((err = bp->b_error)) {
587 				brelse(bp);
588 				break;
589 			}
590 			if (bp->b_resid > 0) {
591 				/*
592 				 * Short read indicates EOF.  Update file size
593 				 * from the server and try again.
594 				 */
595 				SDT_PROBE2(fusefs, , io, trace, 1,
596 					"Short read during a RMW");
597 				brelse(bp);
598 				err = fuse_vnode_size(vp, &filesize, cred,
599 				    curthread);
600 				if (err)
601 					break;
602 				else
603 					goto again;
604 			}
605 		}
606 		if (bp->b_wcred == NOCRED)
607 			bp->b_wcred = crhold(cred);
608 
609 		/*
610 	         * If dirtyend exceeds file size, chop it down.  This should
611 	         * not normally occur but there is an append race where it
612 	         * might occur XXX, so we log it.
613 	         *
614 	         * If the chopping creates a reverse-indexed or degenerate
615 	         * situation with dirtyoff/end, we 0 both of them.
616 	         */
617 		if (bp->b_dirtyend > bcount) {
618 			SDT_PROBE2(fusefs, , io, write_biobackend_append_race,
619 			    (long)bp->b_blkno * biosize,
620 			    bp->b_dirtyend - bcount);
621 			bp->b_dirtyend = bcount;
622 		}
623 		if (bp->b_dirtyoff >= bp->b_dirtyend)
624 			bp->b_dirtyoff = bp->b_dirtyend = 0;
625 
626 		/*
627 	         * If the new write will leave a contiguous dirty
628 	         * area, just update the b_dirtyoff and b_dirtyend,
629 	         * otherwise force a write rpc of the old dirty area.
630 	         *
631 	         * While it is possible to merge discontiguous writes due to
632 	         * our having a B_CACHE buffer ( and thus valid read data
633 	         * for the hole), we don't because it could lead to
634 	         * significant cache coherency problems with multiple clients,
635 	         * especially if locking is implemented later on.
636 	         *
637 	         * as an optimization we could theoretically maintain
638 	         * a linked list of discontinuous areas, but we would still
639 	         * have to commit them separately so there isn't much
640 	         * advantage to it except perhaps a bit of asynchronization.
641 	         */
642 
643 		if (bp->b_dirtyend > 0 &&
644 		    (on > bp->b_dirtyend || (on + n) < bp->b_dirtyoff)) {
645 			/*
646 	                 * Yes, we mean it. Write out everything to "storage"
647 	                 * immediately, without hesitation. (Apart from other
648 	                 * reasons: the only way to know if a write is valid
649 	                 * if its actually written out.)
650 	                 */
651 			SDT_PROBE2(fusefs, , io, write_biobackend_issue, 0, bp);
652 			bwrite(bp);
653 			if (bp->b_error == EINTR) {
654 				err = EINTR;
655 				break;
656 			}
657 			goto again;
658 		}
659 		err = uiomove((char *)bp->b_data + on, n, uio);
660 
661 		if (err) {
662 			bp->b_ioflags |= BIO_ERROR;
663 			bp->b_error = err;
664 			brelse(bp);
665 			break;
666 			/* TODO: vfs_bio_clrbuf like ffs_write does? */
667 		}
668 		/*
669 	         * Only update dirtyoff/dirtyend if not a degenerate
670 	         * condition.
671 	         */
672 		if (n) {
673 			if (bp->b_dirtyend > 0) {
674 				bp->b_dirtyoff = MIN(on, bp->b_dirtyoff);
675 				bp->b_dirtyend = MAX((on + n), bp->b_dirtyend);
676 			} else {
677 				bp->b_dirtyoff = on;
678 				bp->b_dirtyend = on + n;
679 			}
680 			vfs_bio_set_valid(bp, on, n);
681 		}
682 
683 		vfs_bio_set_flags(bp, ioflag);
684 
685 		bp->b_flags |= B_FUSEFS_WRITE_CACHE;
686 		if (ioflag & IO_SYNC) {
687 			SDT_PROBE2(fusefs, , io, write_biobackend_issue, 2, bp);
688 			if (!(ioflag & IO_VMIO))
689 				bp->b_flags &= ~B_FUSEFS_WRITE_CACHE;
690 			err = bwrite(bp);
691 		} else if (vm_page_count_severe() ||
692 			    buf_dirty_count_severe() ||
693 			    (ioflag & IO_ASYNC)) {
694 			bp->b_flags |= B_CLUSTEROK;
695 			SDT_PROBE2(fusefs, , io, write_biobackend_issue, 3, bp);
696 			bawrite(bp);
697 		} else if (on == 0 && n == bcount) {
698 			if ((vp->v_mount->mnt_flag & MNT_NOCLUSTERW) == 0) {
699 				bp->b_flags |= B_CLUSTEROK;
700 				SDT_PROBE2(fusefs, , io, write_biobackend_issue,
701 					4, bp);
702 				cluster_write(vp, &fvdat->clusterw, bp,
703 				    filesize, seqcount, 0);
704 			} else {
705 				SDT_PROBE2(fusefs, , io, write_biobackend_issue,
706 					5, bp);
707 				bawrite(bp);
708 			}
709 		} else if (ioflag & IO_DIRECT) {
710 			bp->b_flags |= B_CLUSTEROK;
711 			SDT_PROBE2(fusefs, , io, write_biobackend_issue, 6, bp);
712 			bawrite(bp);
713 		} else {
714 			bp->b_flags &= ~B_CLUSTEROK;
715 			SDT_PROBE2(fusefs, , io, write_biobackend_issue, 7, bp);
716 			bdwrite(bp);
717 		}
718 		if (err)
719 			break;
720 	} while (uio->uio_resid > 0 && n > 0);
721 
722 	return (err);
723 }
724 
725 int
726 fuse_io_strategy(struct vnode *vp, struct buf *bp)
727 {
728 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
729 	struct fuse_filehandle *fufh;
730 	struct ucred *cred;
731 	struct uio *uiop;
732 	struct uio uio;
733 	struct iovec io;
734 	off_t filesize;
735 	int error = 0;
736 	int fflag;
737 	/* We don't know the true pid when we're dealing with the cache */
738 	pid_t pid = 0;
739 
740 	const int biosize = fuse_iosize(vp);
741 
742 	MPASS(vp->v_type == VREG || vp->v_type == VDIR);
743 	MPASS(bp->b_iocmd == BIO_READ || bp->b_iocmd == BIO_WRITE);
744 
745 	fflag = bp->b_iocmd == BIO_READ ? FREAD : FWRITE;
746 	cred = bp->b_iocmd == BIO_READ ? bp->b_rcred : bp->b_wcred;
747 	error = fuse_filehandle_getrw(vp, fflag, &fufh, cred, pid);
748 	if (bp->b_iocmd == BIO_READ && error == EBADF) {
749 		/*
750 		 * This may be a read-modify-write operation on a cached file
751 		 * opened O_WRONLY.  The FUSE protocol allows this.
752 		 */
753 		error = fuse_filehandle_get(vp, FWRITE, &fufh, cred, pid);
754 	}
755 	if (error) {
756 		printf("FUSE: strategy: filehandles are closed\n");
757 		bp->b_ioflags |= BIO_ERROR;
758 		bp->b_error = error;
759 		bufdone(bp);
760 		return (error);
761 	}
762 
763 	uiop = &uio;
764 	uiop->uio_iov = &io;
765 	uiop->uio_iovcnt = 1;
766 	uiop->uio_segflg = UIO_SYSSPACE;
767 	uiop->uio_td = curthread;
768 
769 	/*
770          * clear BIO_ERROR and B_INVAL state prior to initiating the I/O.  We
771          * do this here so we do not have to do it in all the code that
772          * calls us.
773          */
774 	bp->b_flags &= ~B_INVAL;
775 	bp->b_ioflags &= ~BIO_ERROR;
776 
777 	KASSERT(!(bp->b_flags & B_DONE),
778 	    ("fuse_io_strategy: bp %p already marked done", bp));
779 	if (bp->b_iocmd == BIO_READ) {
780 		ssize_t left;
781 
782 		io.iov_len = uiop->uio_resid = bp->b_bcount;
783 		io.iov_base = bp->b_data;
784 		uiop->uio_rw = UIO_READ;
785 
786 		uiop->uio_offset = ((off_t)bp->b_lblkno) * biosize;
787 		error = fuse_read_directbackend(vp, uiop, cred, fufh);
788 		/*
789 		 * Store the amount we failed to read in the buffer's private
790 		 * field, so callers can truncate the file if necessary'
791 		 */
792 
793 		if (!error && uiop->uio_resid) {
794 			int nread = bp->b_bcount - uiop->uio_resid;
795 			left = uiop->uio_resid;
796 			bzero((char *)bp->b_data + nread, left);
797 
798 			if ((fvdat->flag & FN_SIZECHANGE) == 0) {
799 				/*
800 				 * A short read with no error, when not using
801 				 * direct io, and when no writes are cached,
802 				 * indicates EOF caused by a server-side
803 				 * truncation.  Clear the attr cache so we'll
804 				 * pick up the new file size and timestamps.
805 				 *
806 				 * We must still bzero the remaining buffer so
807 				 * uninitialized data doesn't get exposed by a
808 				 * future truncate that extends the file.
809 				 *
810 				 * To prevent lock order problems, we must
811 				 * truncate the file upstack, not here.
812 				 */
813 				SDT_PROBE2(fusefs, , io, trace, 1,
814 					"Short read of a clean file");
815 				fuse_vnode_clear_attr_cache(vp);
816 			} else {
817 				/*
818 				 * If dirty writes _are_ cached beyond EOF,
819 				 * that indicates a newly created hole that the
820 				 * server doesn't know about.  Those don't pose
821 				 * any problem.
822 				 * XXX: we don't currently track whether dirty
823 				 * writes are cached beyond EOF, before EOF, or
824 				 * both.
825 				 */
826 				SDT_PROBE2(fusefs, , io, trace, 1,
827 					"Short read of a dirty file");
828 				uiop->uio_resid = 0;
829 			}
830 		}
831 		if (error) {
832 			bp->b_ioflags |= BIO_ERROR;
833 			bp->b_error = error;
834 		}
835 	} else {
836 		/*
837 	         * Setup for actual write
838 	         */
839 		/*
840 		 * If the file's size is cached, use that value, even if the
841 		 * cache is expired.  At this point we're already committed to
842 		 * writing something.  If the FUSE server has changed the
843 		 * file's size behind our back, it's too late for us to do
844 		 * anything about it.  In particular, we can't invalidate any
845 		 * part of the file's buffers because VOP_STRATEGY is called
846 		 * with them already locked.
847 		 */
848 		filesize = fvdat->cached_attrs.va_size;
849 		/* filesize must've been cached by fuse_vnop_open.  */
850 		KASSERT(filesize != VNOVAL, ("filesize should've been cached"));
851 
852 		if ((off_t)bp->b_lblkno * biosize + bp->b_dirtyend > filesize)
853 			bp->b_dirtyend = filesize -
854 				(off_t)bp->b_lblkno * biosize;
855 
856 		if (bp->b_dirtyend > bp->b_dirtyoff) {
857 			io.iov_len = uiop->uio_resid = bp->b_dirtyend
858 			    - bp->b_dirtyoff;
859 			uiop->uio_offset = (off_t)bp->b_lblkno * biosize
860 			    + bp->b_dirtyoff;
861 			io.iov_base = (char *)bp->b_data + bp->b_dirtyoff;
862 			uiop->uio_rw = UIO_WRITE;
863 
864 			bool pages = bp->b_flags & B_FUSEFS_WRITE_CACHE;
865 			error = fuse_write_directbackend(vp, uiop, cred, fufh,
866 				filesize, 0, pages);
867 
868 			if (error == EINTR || error == ETIMEDOUT) {
869 				bp->b_flags &= ~(B_INVAL | B_NOCACHE);
870 				if ((bp->b_flags & B_PAGING) == 0) {
871 					bdirty(bp);
872 					bp->b_flags &= ~B_DONE;
873 				}
874 				if ((error == EINTR || error == ETIMEDOUT) &&
875 				    (bp->b_flags & B_ASYNC) == 0)
876 					bp->b_flags |= B_EINTR;
877 			} else {
878 				if (error) {
879 					bp->b_ioflags |= BIO_ERROR;
880 					bp->b_flags |= B_INVAL;
881 					bp->b_error = error;
882 				}
883 				bp->b_dirtyoff = bp->b_dirtyend = 0;
884 			}
885 		} else {
886 			bp->b_resid = 0;
887 			bufdone(bp);
888 			return (0);
889 		}
890 	}
891 	bp->b_resid = uiop->uio_resid;
892 	bufdone(bp);
893 	return (error);
894 }
895 
896 int
897 fuse_io_flushbuf(struct vnode *vp, int waitfor, struct thread *td)
898 {
899 
900 	return (vn_fsync_buf(vp, waitfor));
901 }
902 
903 /*
904  * Flush and invalidate all dirty buffers. If another process is already
905  * doing the flush, just wait for completion.
906  */
907 int
908 fuse_io_invalbuf(struct vnode *vp, struct thread *td)
909 {
910 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
911 	int error = 0;
912 
913 	if (VN_IS_DOOMED(vp))
914 		return 0;
915 
916 	ASSERT_VOP_ELOCKED(vp, "fuse_io_invalbuf");
917 
918 	while (fvdat->flag & FN_FLUSHINPROG) {
919 		struct proc *p = td->td_proc;
920 
921 		if (vp->v_mount->mnt_kern_flag & MNTK_UNMOUNTF)
922 			return EIO;
923 		fvdat->flag |= FN_FLUSHWANT;
924 		tsleep(&fvdat->flag, PRIBIO + 2, "fusevinv", 2 * hz);
925 		error = 0;
926 		if (p != NULL) {
927 			PROC_LOCK(p);
928 			if (SIGNOTEMPTY(p->p_siglist) ||
929 			    SIGNOTEMPTY(td->td_siglist))
930 				error = EINTR;
931 			PROC_UNLOCK(p);
932 		}
933 		if (error == EINTR)
934 			return EINTR;
935 	}
936 	fvdat->flag |= FN_FLUSHINPROG;
937 
938 	if (vp->v_bufobj.bo_object != NULL) {
939 		VM_OBJECT_WLOCK(vp->v_bufobj.bo_object);
940 		vm_object_page_clean(vp->v_bufobj.bo_object, 0, 0, OBJPC_SYNC);
941 		VM_OBJECT_WUNLOCK(vp->v_bufobj.bo_object);
942 	}
943 	error = vinvalbuf(vp, V_SAVE, PCATCH, 0);
944 	while (error) {
945 		if (error == ERESTART || error == EINTR) {
946 			fvdat->flag &= ~FN_FLUSHINPROG;
947 			if (fvdat->flag & FN_FLUSHWANT) {
948 				fvdat->flag &= ~FN_FLUSHWANT;
949 				wakeup(&fvdat->flag);
950 			}
951 			return EINTR;
952 		}
953 		error = vinvalbuf(vp, V_SAVE, PCATCH, 0);
954 	}
955 	fvdat->flag &= ~FN_FLUSHINPROG;
956 	if (fvdat->flag & FN_FLUSHWANT) {
957 		fvdat->flag &= ~FN_FLUSHWANT;
958 		wakeup(&fvdat->flag);
959 	}
960 	return (error);
961 }
962