1 // SPDX-License-Identifier: GPL-2.0-or-later 2 #include <linux/anon_inodes.h> 3 #include <linux/uio.h> 4 #include "internal.h" 5 6 struct ondemand_anon_file { 7 struct file *file; 8 int fd; 9 }; 10 11 static inline void cachefiles_req_put(struct cachefiles_req *req) 12 { 13 if (refcount_dec_and_test(&req->ref)) 14 kfree(req); 15 } 16 17 static int cachefiles_ondemand_fd_release(struct inode *inode, 18 struct file *file) 19 { 20 struct cachefiles_object *object = file->private_data; 21 struct cachefiles_cache *cache; 22 struct cachefiles_ondemand_info *info; 23 int object_id; 24 struct cachefiles_req *req; 25 XA_STATE(xas, NULL, 0); 26 27 if (!object) 28 return 0; 29 30 info = object->ondemand; 31 cache = object->volume->cache; 32 xas.xa = &cache->reqs; 33 34 xa_lock(&cache->reqs); 35 spin_lock(&info->lock); 36 object_id = info->ondemand_id; 37 info->ondemand_id = CACHEFILES_ONDEMAND_ID_CLOSED; 38 cachefiles_ondemand_set_object_close(object); 39 spin_unlock(&info->lock); 40 41 /* Only flush CACHEFILES_REQ_NEW marked req to avoid race with daemon_read */ 42 xas_for_each_marked(&xas, req, ULONG_MAX, CACHEFILES_REQ_NEW) { 43 if (req->msg.object_id == object_id && 44 req->msg.opcode == CACHEFILES_OP_CLOSE) { 45 complete(&req->done); 46 xas_store(&xas, NULL); 47 } 48 } 49 xa_unlock(&cache->reqs); 50 51 xa_erase(&cache->ondemand_ids, object_id); 52 trace_cachefiles_ondemand_fd_release(object, object_id); 53 cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd); 54 cachefiles_put_unbind_pincount(cache); 55 return 0; 56 } 57 58 static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb, 59 struct iov_iter *iter) 60 { 61 struct cachefiles_object *object = kiocb->ki_filp->private_data; 62 struct cachefiles_cache *cache = object->volume->cache; 63 struct file *file; 64 size_t len = iter->count, aligned_len = len; 65 loff_t pos = kiocb->ki_pos; 66 const struct cred *saved_cred; 67 int ret; 68 69 spin_lock(&object->lock); 70 file = object->file; 71 if (!file) { 72 spin_unlock(&object->lock); 73 return -ENOBUFS; 74 } 75 get_file(file); 76 spin_unlock(&object->lock); 77 78 cachefiles_begin_secure(cache, &saved_cred); 79 ret = __cachefiles_prepare_write(object, file, &pos, &aligned_len, len, true); 80 cachefiles_end_secure(cache, saved_cred); 81 if (ret < 0) 82 goto out; 83 84 trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len); 85 ret = __cachefiles_write(object, file, pos, iter, NULL, NULL); 86 if (!ret) { 87 ret = len; 88 kiocb->ki_pos += ret; 89 } 90 91 out: 92 fput(file); 93 return ret; 94 } 95 96 static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos, 97 int whence) 98 { 99 struct cachefiles_object *object = filp->private_data; 100 struct file *file; 101 loff_t ret; 102 103 spin_lock(&object->lock); 104 file = object->file; 105 if (!file) { 106 spin_unlock(&object->lock); 107 return -ENOBUFS; 108 } 109 get_file(file); 110 spin_unlock(&object->lock); 111 112 ret = vfs_llseek(file, pos, whence); 113 fput(file); 114 115 return ret; 116 } 117 118 static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl, 119 unsigned long id) 120 { 121 struct cachefiles_object *object = filp->private_data; 122 struct cachefiles_cache *cache = object->volume->cache; 123 struct cachefiles_req *req; 124 XA_STATE(xas, &cache->reqs, id); 125 126 if (ioctl != CACHEFILES_IOC_READ_COMPLETE) 127 return -EINVAL; 128 129 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 130 return -EOPNOTSUPP; 131 132 xa_lock(&cache->reqs); 133 req = xas_load(&xas); 134 if (!req || req->msg.opcode != CACHEFILES_OP_READ || 135 req->object != object) { 136 xa_unlock(&cache->reqs); 137 return -EINVAL; 138 } 139 xas_store(&xas, NULL); 140 xa_unlock(&cache->reqs); 141 142 trace_cachefiles_ondemand_cread(object, id); 143 complete(&req->done); 144 return 0; 145 } 146 147 static const struct file_operations cachefiles_ondemand_fd_fops = { 148 .owner = THIS_MODULE, 149 .release = cachefiles_ondemand_fd_release, 150 .write_iter = cachefiles_ondemand_fd_write_iter, 151 .llseek = cachefiles_ondemand_fd_llseek, 152 .unlocked_ioctl = cachefiles_ondemand_fd_ioctl, 153 }; 154 155 /* 156 * OPEN request Completion (copen) 157 * - command: "copen <id>,<cache_size>" 158 * <cache_size> indicates the object size if >=0, error code if negative 159 */ 160 int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args) 161 { 162 struct cachefiles_req *req; 163 struct fscache_cookie *cookie; 164 struct cachefiles_ondemand_info *info; 165 char *pid, *psize; 166 unsigned long id; 167 long size; 168 int ret; 169 XA_STATE(xas, &cache->reqs, 0); 170 171 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 172 return -EOPNOTSUPP; 173 174 if (!*args) { 175 pr_err("Empty id specified\n"); 176 return -EINVAL; 177 } 178 179 pid = args; 180 psize = strchr(args, ','); 181 if (!psize) { 182 pr_err("Cache size is not specified\n"); 183 return -EINVAL; 184 } 185 186 *psize = 0; 187 psize++; 188 189 ret = kstrtoul(pid, 0, &id); 190 if (ret) 191 return ret; 192 193 xa_lock(&cache->reqs); 194 xas.xa_index = id; 195 req = xas_load(&xas); 196 if (!req || req->msg.opcode != CACHEFILES_OP_OPEN || 197 !req->object->ondemand->ondemand_id) { 198 xa_unlock(&cache->reqs); 199 return -EINVAL; 200 } 201 xas_store(&xas, NULL); 202 xa_unlock(&cache->reqs); 203 204 info = req->object->ondemand; 205 /* fail OPEN request if copen format is invalid */ 206 ret = kstrtol(psize, 0, &size); 207 if (ret) { 208 req->error = ret; 209 goto out; 210 } 211 212 /* fail OPEN request if daemon reports an error */ 213 if (size < 0) { 214 if (!IS_ERR_VALUE(size)) { 215 req->error = -EINVAL; 216 ret = -EINVAL; 217 } else { 218 req->error = size; 219 ret = 0; 220 } 221 goto out; 222 } 223 224 spin_lock(&info->lock); 225 /* 226 * The anonymous fd was closed before copen ? Fail the request. 227 * 228 * t1 | t2 229 * --------------------------------------------------------- 230 * cachefiles_ondemand_copen 231 * req = xa_erase(&cache->reqs, id) 232 * // Anon fd is maliciously closed. 233 * cachefiles_ondemand_fd_release 234 * xa_lock(&cache->reqs) 235 * cachefiles_ondemand_set_object_close(object) 236 * xa_unlock(&cache->reqs) 237 * cachefiles_ondemand_set_object_open 238 * // No one will ever close it again. 239 * cachefiles_ondemand_daemon_read 240 * cachefiles_ondemand_select_req 241 * 242 * Get a read req but its fd is already closed. The daemon can't 243 * issue a cread ioctl with an closed fd, then hung. 244 */ 245 if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED) { 246 spin_unlock(&info->lock); 247 req->error = -EBADFD; 248 goto out; 249 } 250 cookie = req->object->cookie; 251 cookie->object_size = size; 252 if (size) 253 clear_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags); 254 else 255 set_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags); 256 trace_cachefiles_ondemand_copen(req->object, id, size); 257 258 cachefiles_ondemand_set_object_open(req->object); 259 spin_unlock(&info->lock); 260 wake_up_all(&cache->daemon_pollwq); 261 262 out: 263 spin_lock(&info->lock); 264 /* Need to set object close to avoid reopen status continuing */ 265 if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED) 266 cachefiles_ondemand_set_object_close(req->object); 267 spin_unlock(&info->lock); 268 complete(&req->done); 269 return ret; 270 } 271 272 int cachefiles_ondemand_restore(struct cachefiles_cache *cache, char *args) 273 { 274 struct cachefiles_req *req; 275 276 XA_STATE(xas, &cache->reqs, 0); 277 278 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 279 return -EOPNOTSUPP; 280 281 /* 282 * Reset the requests to CACHEFILES_REQ_NEW state, so that the 283 * requests have been processed halfway before the crash of the 284 * user daemon could be reprocessed after the recovery. 285 */ 286 xas_lock(&xas); 287 xas_for_each(&xas, req, ULONG_MAX) 288 xas_set_mark(&xas, CACHEFILES_REQ_NEW); 289 xas_unlock(&xas); 290 291 wake_up_all(&cache->daemon_pollwq); 292 return 0; 293 } 294 295 static int cachefiles_ondemand_get_fd(struct cachefiles_req *req, 296 struct ondemand_anon_file *anon_file) 297 { 298 struct cachefiles_object *object; 299 struct cachefiles_cache *cache; 300 struct cachefiles_open *load; 301 u32 object_id; 302 int ret; 303 304 object = cachefiles_grab_object(req->object, 305 cachefiles_obj_get_ondemand_fd); 306 cache = object->volume->cache; 307 308 ret = xa_alloc_cyclic(&cache->ondemand_ids, &object_id, NULL, 309 XA_LIMIT(1, INT_MAX), 310 &cache->ondemand_id_next, GFP_KERNEL); 311 if (ret < 0) 312 goto err; 313 314 anon_file->fd = get_unused_fd_flags(O_WRONLY); 315 if (anon_file->fd < 0) { 316 ret = anon_file->fd; 317 goto err_free_id; 318 } 319 320 anon_file->file = anon_inode_getfile("[cachefiles]", 321 &cachefiles_ondemand_fd_fops, object, O_WRONLY); 322 if (IS_ERR(anon_file->file)) { 323 ret = PTR_ERR(anon_file->file); 324 goto err_put_fd; 325 } 326 327 spin_lock(&object->ondemand->lock); 328 if (object->ondemand->ondemand_id > 0) { 329 spin_unlock(&object->ondemand->lock); 330 /* Pair with check in cachefiles_ondemand_fd_release(). */ 331 anon_file->file->private_data = NULL; 332 ret = -EEXIST; 333 goto err_put_file; 334 } 335 336 anon_file->file->f_mode |= FMODE_PWRITE | FMODE_LSEEK; 337 338 load = (void *)req->msg.data; 339 load->fd = anon_file->fd; 340 object->ondemand->ondemand_id = object_id; 341 spin_unlock(&object->ondemand->lock); 342 343 cachefiles_get_unbind_pincount(cache); 344 trace_cachefiles_ondemand_open(object, &req->msg, load); 345 return 0; 346 347 err_put_file: 348 fput(anon_file->file); 349 anon_file->file = NULL; 350 err_put_fd: 351 put_unused_fd(anon_file->fd); 352 anon_file->fd = ret; 353 err_free_id: 354 xa_erase(&cache->ondemand_ids, object_id); 355 err: 356 spin_lock(&object->ondemand->lock); 357 /* Avoid marking an opened object as closed. */ 358 if (object->ondemand->ondemand_id <= 0) 359 cachefiles_ondemand_set_object_close(object); 360 spin_unlock(&object->ondemand->lock); 361 cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd); 362 return ret; 363 } 364 365 static void ondemand_object_worker(struct work_struct *work) 366 { 367 struct cachefiles_ondemand_info *info = 368 container_of(work, struct cachefiles_ondemand_info, ondemand_work); 369 370 cachefiles_ondemand_init_object(info->object); 371 } 372 373 /* 374 * If there are any inflight or subsequent READ requests on the 375 * closed object, reopen it. 376 * Skip read requests whose related object is reopening. 377 */ 378 static struct cachefiles_req *cachefiles_ondemand_select_req(struct xa_state *xas, 379 unsigned long xa_max) 380 { 381 struct cachefiles_req *req; 382 struct cachefiles_object *object; 383 struct cachefiles_ondemand_info *info; 384 385 xas_for_each_marked(xas, req, xa_max, CACHEFILES_REQ_NEW) { 386 if (req->msg.opcode != CACHEFILES_OP_READ) 387 return req; 388 object = req->object; 389 info = object->ondemand; 390 if (cachefiles_ondemand_object_is_close(object)) { 391 cachefiles_ondemand_set_object_reopening(object); 392 queue_work(fscache_wq, &info->ondemand_work); 393 continue; 394 } 395 if (cachefiles_ondemand_object_is_reopening(object)) 396 continue; 397 return req; 398 } 399 return NULL; 400 } 401 402 static inline bool cachefiles_ondemand_finish_req(struct cachefiles_req *req, 403 struct xa_state *xas, int err) 404 { 405 if (unlikely(!xas || !req)) 406 return false; 407 408 if (xa_cmpxchg(xas->xa, xas->xa_index, req, NULL, 0) != req) 409 return false; 410 411 req->error = err; 412 complete(&req->done); 413 return true; 414 } 415 416 ssize_t cachefiles_ondemand_daemon_read(struct cachefiles_cache *cache, 417 char __user *_buffer, size_t buflen) 418 { 419 struct cachefiles_req *req; 420 struct cachefiles_msg *msg; 421 size_t n; 422 int ret = 0; 423 struct ondemand_anon_file anon_file; 424 XA_STATE(xas, &cache->reqs, cache->req_id_next); 425 426 xa_lock(&cache->reqs); 427 /* 428 * Cyclically search for a request that has not ever been processed, 429 * to prevent requests from being processed repeatedly, and make 430 * request distribution fair. 431 */ 432 req = cachefiles_ondemand_select_req(&xas, ULONG_MAX); 433 if (!req && cache->req_id_next > 0) { 434 xas_set(&xas, 0); 435 req = cachefiles_ondemand_select_req(&xas, cache->req_id_next - 1); 436 } 437 if (!req) { 438 xa_unlock(&cache->reqs); 439 return 0; 440 } 441 442 msg = &req->msg; 443 n = msg->len; 444 445 if (n > buflen) { 446 xa_unlock(&cache->reqs); 447 return -EMSGSIZE; 448 } 449 450 xas_clear_mark(&xas, CACHEFILES_REQ_NEW); 451 cache->req_id_next = xas.xa_index + 1; 452 refcount_inc(&req->ref); 453 cachefiles_grab_object(req->object, cachefiles_obj_get_read_req); 454 xa_unlock(&cache->reqs); 455 456 if (msg->opcode == CACHEFILES_OP_OPEN) { 457 ret = cachefiles_ondemand_get_fd(req, &anon_file); 458 if (ret) 459 goto out; 460 } 461 462 msg->msg_id = xas.xa_index; 463 msg->object_id = req->object->ondemand->ondemand_id; 464 465 if (copy_to_user(_buffer, msg, n) != 0) 466 ret = -EFAULT; 467 468 if (msg->opcode == CACHEFILES_OP_OPEN) { 469 if (ret < 0) { 470 fput(anon_file.file); 471 put_unused_fd(anon_file.fd); 472 goto out; 473 } 474 fd_install(anon_file.fd, anon_file.file); 475 } 476 out: 477 cachefiles_put_object(req->object, cachefiles_obj_put_read_req); 478 /* Remove error request and CLOSE request has no reply */ 479 if (ret || msg->opcode == CACHEFILES_OP_CLOSE) 480 cachefiles_ondemand_finish_req(req, &xas, ret); 481 cachefiles_req_put(req); 482 return ret ? ret : n; 483 } 484 485 typedef int (*init_req_fn)(struct cachefiles_req *req, void *private); 486 487 static int cachefiles_ondemand_send_req(struct cachefiles_object *object, 488 enum cachefiles_opcode opcode, 489 size_t data_len, 490 init_req_fn init_req, 491 void *private) 492 { 493 struct cachefiles_cache *cache = object->volume->cache; 494 struct cachefiles_req *req = NULL; 495 XA_STATE(xas, &cache->reqs, 0); 496 int ret; 497 498 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 499 return 0; 500 501 if (test_bit(CACHEFILES_DEAD, &cache->flags)) { 502 ret = -EIO; 503 goto out; 504 } 505 506 req = kzalloc(sizeof(*req) + data_len, GFP_KERNEL); 507 if (!req) { 508 ret = -ENOMEM; 509 goto out; 510 } 511 512 refcount_set(&req->ref, 1); 513 req->object = object; 514 init_completion(&req->done); 515 req->msg.opcode = opcode; 516 req->msg.len = sizeof(struct cachefiles_msg) + data_len; 517 518 ret = init_req(req, private); 519 if (ret) 520 goto out; 521 522 do { 523 /* 524 * Stop enqueuing the request when daemon is dying. The 525 * following two operations need to be atomic as a whole. 526 * 1) check cache state, and 527 * 2) enqueue request if cache is alive. 528 * Otherwise the request may be enqueued after xarray has been 529 * flushed, leaving the orphan request never being completed. 530 * 531 * CPU 1 CPU 2 532 * ===== ===== 533 * test CACHEFILES_DEAD bit 534 * set CACHEFILES_DEAD bit 535 * flush requests in the xarray 536 * enqueue the request 537 */ 538 xas_lock(&xas); 539 540 if (test_bit(CACHEFILES_DEAD, &cache->flags) || 541 cachefiles_ondemand_object_is_dropping(object)) { 542 xas_unlock(&xas); 543 ret = -EIO; 544 goto out; 545 } 546 547 /* coupled with the barrier in cachefiles_flush_reqs() */ 548 smp_mb(); 549 550 if (opcode == CACHEFILES_OP_CLOSE && 551 !cachefiles_ondemand_object_is_open(object)) { 552 WARN_ON_ONCE(object->ondemand->ondemand_id == 0); 553 xas_unlock(&xas); 554 ret = -EIO; 555 goto out; 556 } 557 558 /* 559 * Cyclically find a free xas to avoid msg_id reuse that would 560 * cause the daemon to successfully copen a stale msg_id. 561 */ 562 xas.xa_index = cache->msg_id_next; 563 xas_find_marked(&xas, UINT_MAX, XA_FREE_MARK); 564 if (xas.xa_node == XAS_RESTART) { 565 xas.xa_index = 0; 566 xas_find_marked(&xas, cache->msg_id_next - 1, XA_FREE_MARK); 567 } 568 if (xas.xa_node == XAS_RESTART) 569 xas_set_err(&xas, -EBUSY); 570 571 xas_store(&xas, req); 572 if (xas_valid(&xas)) { 573 cache->msg_id_next = xas.xa_index + 1; 574 xas_clear_mark(&xas, XA_FREE_MARK); 575 xas_set_mark(&xas, CACHEFILES_REQ_NEW); 576 } 577 xas_unlock(&xas); 578 } while (xas_nomem(&xas, GFP_KERNEL)); 579 580 ret = xas_error(&xas); 581 if (ret) 582 goto out; 583 584 wake_up_all(&cache->daemon_pollwq); 585 wait: 586 ret = wait_for_completion_killable(&req->done); 587 if (!ret) { 588 ret = req->error; 589 } else { 590 ret = -EINTR; 591 if (!cachefiles_ondemand_finish_req(req, &xas, ret)) { 592 /* Someone will complete it soon. */ 593 cpu_relax(); 594 goto wait; 595 } 596 } 597 cachefiles_req_put(req); 598 return ret; 599 out: 600 /* Reset the object to close state in error handling path. 601 * If error occurs after creating the anonymous fd, 602 * cachefiles_ondemand_fd_release() will set object to close. 603 */ 604 if (opcode == CACHEFILES_OP_OPEN && 605 !cachefiles_ondemand_object_is_dropping(object)) 606 cachefiles_ondemand_set_object_close(object); 607 kfree(req); 608 return ret; 609 } 610 611 static int cachefiles_ondemand_init_open_req(struct cachefiles_req *req, 612 void *private) 613 { 614 struct cachefiles_object *object = req->object; 615 struct fscache_cookie *cookie = object->cookie; 616 struct fscache_volume *volume = object->volume->vcookie; 617 struct cachefiles_open *load = (void *)req->msg.data; 618 size_t volume_key_size, cookie_key_size; 619 void *volume_key, *cookie_key; 620 621 /* 622 * Volume key is a NUL-terminated string. key[0] stores strlen() of the 623 * string, followed by the content of the string (excluding '\0'). 624 */ 625 volume_key_size = volume->key[0] + 1; 626 volume_key = volume->key + 1; 627 628 /* Cookie key is binary data, which is netfs specific. */ 629 cookie_key_size = cookie->key_len; 630 cookie_key = fscache_get_key(cookie); 631 632 if (!(object->cookie->advice & FSCACHE_ADV_WANT_CACHE_SIZE)) { 633 pr_err("WANT_CACHE_SIZE is needed for on-demand mode\n"); 634 return -EINVAL; 635 } 636 637 load->volume_key_size = volume_key_size; 638 load->cookie_key_size = cookie_key_size; 639 memcpy(load->data, volume_key, volume_key_size); 640 memcpy(load->data + volume_key_size, cookie_key, cookie_key_size); 641 642 return 0; 643 } 644 645 static int cachefiles_ondemand_init_close_req(struct cachefiles_req *req, 646 void *private) 647 { 648 struct cachefiles_object *object = req->object; 649 650 if (!cachefiles_ondemand_object_is_open(object)) 651 return -ENOENT; 652 653 trace_cachefiles_ondemand_close(object, &req->msg); 654 return 0; 655 } 656 657 struct cachefiles_read_ctx { 658 loff_t off; 659 size_t len; 660 }; 661 662 static int cachefiles_ondemand_init_read_req(struct cachefiles_req *req, 663 void *private) 664 { 665 struct cachefiles_object *object = req->object; 666 struct cachefiles_read *load = (void *)req->msg.data; 667 struct cachefiles_read_ctx *read_ctx = private; 668 669 load->off = read_ctx->off; 670 load->len = read_ctx->len; 671 trace_cachefiles_ondemand_read(object, &req->msg, load); 672 return 0; 673 } 674 675 int cachefiles_ondemand_init_object(struct cachefiles_object *object) 676 { 677 struct fscache_cookie *cookie = object->cookie; 678 struct fscache_volume *volume = object->volume->vcookie; 679 size_t volume_key_size, cookie_key_size, data_len; 680 681 if (!object->ondemand) 682 return 0; 683 684 /* 685 * CacheFiles will firstly check the cache file under the root cache 686 * directory. If the coherency check failed, it will fallback to 687 * creating a new tmpfile as the cache file. Reuse the previously 688 * allocated object ID if any. 689 */ 690 if (cachefiles_ondemand_object_is_open(object)) 691 return 0; 692 693 volume_key_size = volume->key[0] + 1; 694 cookie_key_size = cookie->key_len; 695 data_len = sizeof(struct cachefiles_open) + 696 volume_key_size + cookie_key_size; 697 698 return cachefiles_ondemand_send_req(object, CACHEFILES_OP_OPEN, 699 data_len, cachefiles_ondemand_init_open_req, NULL); 700 } 701 702 void cachefiles_ondemand_clean_object(struct cachefiles_object *object) 703 { 704 unsigned long index; 705 struct cachefiles_req *req; 706 struct cachefiles_cache *cache; 707 708 if (!object->ondemand) 709 return; 710 711 cachefiles_ondemand_send_req(object, CACHEFILES_OP_CLOSE, 0, 712 cachefiles_ondemand_init_close_req, NULL); 713 714 if (!object->ondemand->ondemand_id) 715 return; 716 717 /* Cancel all requests for the object that is being dropped. */ 718 cache = object->volume->cache; 719 xa_lock(&cache->reqs); 720 cachefiles_ondemand_set_object_dropping(object); 721 xa_for_each(&cache->reqs, index, req) { 722 if (req->object == object) { 723 req->error = -EIO; 724 complete(&req->done); 725 __xa_erase(&cache->reqs, index); 726 } 727 } 728 xa_unlock(&cache->reqs); 729 730 /* Wait for ondemand_object_worker() to finish to avoid UAF. */ 731 cancel_work_sync(&object->ondemand->ondemand_work); 732 } 733 734 int cachefiles_ondemand_init_obj_info(struct cachefiles_object *object, 735 struct cachefiles_volume *volume) 736 { 737 if (!cachefiles_in_ondemand_mode(volume->cache)) 738 return 0; 739 740 object->ondemand = kzalloc(sizeof(struct cachefiles_ondemand_info), 741 GFP_KERNEL); 742 if (!object->ondemand) 743 return -ENOMEM; 744 745 object->ondemand->object = object; 746 spin_lock_init(&object->ondemand->lock); 747 INIT_WORK(&object->ondemand->ondemand_work, ondemand_object_worker); 748 return 0; 749 } 750 751 void cachefiles_ondemand_deinit_obj_info(struct cachefiles_object *object) 752 { 753 kfree(object->ondemand); 754 object->ondemand = NULL; 755 } 756 757 int cachefiles_ondemand_read(struct cachefiles_object *object, 758 loff_t pos, size_t len) 759 { 760 struct cachefiles_read_ctx read_ctx = {pos, len}; 761 762 return cachefiles_ondemand_send_req(object, CACHEFILES_OP_READ, 763 sizeof(struct cachefiles_read), 764 cachefiles_ondemand_init_read_req, &read_ctx); 765 } 766