1 // SPDX-License-Identifier: GPL-2.0-or-later 2 #include <linux/anon_inodes.h> 3 #include <linux/uio.h> 4 #include "internal.h" 5 6 struct ondemand_anon_file { 7 struct file *file; 8 int fd; 9 }; 10 11 static inline void cachefiles_req_put(struct cachefiles_req *req) 12 { 13 if (refcount_dec_and_test(&req->ref)) 14 kfree(req); 15 } 16 17 static int cachefiles_ondemand_fd_release(struct inode *inode, 18 struct file *file) 19 { 20 struct cachefiles_object *object = file->private_data; 21 struct cachefiles_cache *cache; 22 struct cachefiles_ondemand_info *info; 23 int object_id; 24 struct cachefiles_req *req; 25 XA_STATE(xas, NULL, 0); 26 27 if (!object) 28 return 0; 29 30 info = object->ondemand; 31 cache = object->volume->cache; 32 xas.xa = &cache->reqs; 33 34 xa_lock(&cache->reqs); 35 spin_lock(&info->lock); 36 object_id = info->ondemand_id; 37 info->ondemand_id = CACHEFILES_ONDEMAND_ID_CLOSED; 38 cachefiles_ondemand_set_object_close(object); 39 spin_unlock(&info->lock); 40 41 /* Only flush CACHEFILES_REQ_NEW marked req to avoid race with daemon_read */ 42 xas_for_each_marked(&xas, req, ULONG_MAX, CACHEFILES_REQ_NEW) { 43 if (req->msg.object_id == object_id && 44 req->msg.opcode == CACHEFILES_OP_CLOSE) { 45 complete(&req->done); 46 xas_store(&xas, NULL); 47 } 48 } 49 xa_unlock(&cache->reqs); 50 51 xa_erase(&cache->ondemand_ids, object_id); 52 trace_cachefiles_ondemand_fd_release(object, object_id); 53 cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd); 54 cachefiles_put_unbind_pincount(cache); 55 return 0; 56 } 57 58 static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb, 59 struct iov_iter *iter) 60 { 61 struct cachefiles_object *object = kiocb->ki_filp->private_data; 62 struct cachefiles_cache *cache = object->volume->cache; 63 struct file *file; 64 size_t len = iter->count, aligned_len = len; 65 loff_t pos = kiocb->ki_pos; 66 const struct cred *saved_cred; 67 int ret; 68 69 spin_lock(&object->lock); 70 file = object->file; 71 if (!file) { 72 spin_unlock(&object->lock); 73 return -ENOBUFS; 74 } 75 get_file(file); 76 spin_unlock(&object->lock); 77 78 cachefiles_begin_secure(cache, &saved_cred); 79 ret = __cachefiles_prepare_write(object, file, &pos, &aligned_len, len, true); 80 cachefiles_end_secure(cache, saved_cred); 81 if (ret < 0) 82 goto out; 83 84 trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len); 85 ret = __cachefiles_write(object, file, pos, iter, NULL, NULL); 86 if (!ret) { 87 ret = len; 88 kiocb->ki_pos += ret; 89 } 90 91 out: 92 fput(file); 93 return ret; 94 } 95 96 static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos, 97 int whence) 98 { 99 struct cachefiles_object *object = filp->private_data; 100 struct file *file; 101 loff_t ret; 102 103 spin_lock(&object->lock); 104 file = object->file; 105 if (!file) { 106 spin_unlock(&object->lock); 107 return -ENOBUFS; 108 } 109 get_file(file); 110 spin_unlock(&object->lock); 111 112 ret = vfs_llseek(file, pos, whence); 113 fput(file); 114 115 return ret; 116 } 117 118 static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl, 119 unsigned long id) 120 { 121 struct cachefiles_object *object = filp->private_data; 122 struct cachefiles_cache *cache = object->volume->cache; 123 struct cachefiles_req *req; 124 XA_STATE(xas, &cache->reqs, id); 125 126 if (ioctl != CACHEFILES_IOC_READ_COMPLETE) 127 return -EINVAL; 128 129 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 130 return -EOPNOTSUPP; 131 132 xa_lock(&cache->reqs); 133 req = xas_load(&xas); 134 if (!req || req->msg.opcode != CACHEFILES_OP_READ || 135 req->object != object) { 136 xa_unlock(&cache->reqs); 137 return -EINVAL; 138 } 139 xas_store(&xas, NULL); 140 xa_unlock(&cache->reqs); 141 142 trace_cachefiles_ondemand_cread(object, id); 143 complete(&req->done); 144 return 0; 145 } 146 147 static const struct file_operations cachefiles_ondemand_fd_fops = { 148 .owner = THIS_MODULE, 149 .release = cachefiles_ondemand_fd_release, 150 .write_iter = cachefiles_ondemand_fd_write_iter, 151 .llseek = cachefiles_ondemand_fd_llseek, 152 .unlocked_ioctl = cachefiles_ondemand_fd_ioctl, 153 }; 154 155 /* 156 * OPEN request Completion (copen) 157 * - command: "copen <id>,<cache_size>" 158 * <cache_size> indicates the object size if >=0, error code if negative 159 */ 160 int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args) 161 { 162 struct cachefiles_req *req; 163 struct fscache_cookie *cookie; 164 struct cachefiles_ondemand_info *info; 165 char *pid, *psize; 166 unsigned long id; 167 long size; 168 int ret; 169 XA_STATE(xas, &cache->reqs, 0); 170 171 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 172 return -EOPNOTSUPP; 173 174 if (!*args) { 175 pr_err("Empty id specified\n"); 176 return -EINVAL; 177 } 178 179 pid = args; 180 psize = strchr(args, ','); 181 if (!psize) { 182 pr_err("Cache size is not specified\n"); 183 return -EINVAL; 184 } 185 186 *psize = 0; 187 psize++; 188 189 ret = kstrtoul(pid, 0, &id); 190 if (ret) 191 return ret; 192 193 xa_lock(&cache->reqs); 194 xas.xa_index = id; 195 req = xas_load(&xas); 196 if (!req || req->msg.opcode != CACHEFILES_OP_OPEN || 197 !req->object->ondemand->ondemand_id) { 198 xa_unlock(&cache->reqs); 199 return -EINVAL; 200 } 201 xas_store(&xas, NULL); 202 xa_unlock(&cache->reqs); 203 204 info = req->object->ondemand; 205 /* fail OPEN request if copen format is invalid */ 206 ret = kstrtol(psize, 0, &size); 207 if (ret) { 208 req->error = ret; 209 goto out; 210 } 211 212 /* fail OPEN request if daemon reports an error */ 213 if (size < 0) { 214 if (!IS_ERR_VALUE(size)) { 215 req->error = -EINVAL; 216 ret = -EINVAL; 217 } else { 218 req->error = size; 219 ret = 0; 220 } 221 goto out; 222 } 223 224 spin_lock(&info->lock); 225 /* 226 * The anonymous fd was closed before copen ? Fail the request. 227 * 228 * t1 | t2 229 * --------------------------------------------------------- 230 * cachefiles_ondemand_copen 231 * req = xa_erase(&cache->reqs, id) 232 * // Anon fd is maliciously closed. 233 * cachefiles_ondemand_fd_release 234 * xa_lock(&cache->reqs) 235 * cachefiles_ondemand_set_object_close(object) 236 * xa_unlock(&cache->reqs) 237 * cachefiles_ondemand_set_object_open 238 * // No one will ever close it again. 239 * cachefiles_ondemand_daemon_read 240 * cachefiles_ondemand_select_req 241 * 242 * Get a read req but its fd is already closed. The daemon can't 243 * issue a cread ioctl with an closed fd, then hung. 244 */ 245 if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED) { 246 spin_unlock(&info->lock); 247 req->error = -EBADFD; 248 goto out; 249 } 250 cookie = req->object->cookie; 251 cookie->object_size = size; 252 if (size) 253 clear_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags); 254 else 255 set_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags); 256 trace_cachefiles_ondemand_copen(req->object, id, size); 257 258 cachefiles_ondemand_set_object_open(req->object); 259 spin_unlock(&info->lock); 260 wake_up_all(&cache->daemon_pollwq); 261 262 out: 263 spin_lock(&info->lock); 264 /* Need to set object close to avoid reopen status continuing */ 265 if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED) 266 cachefiles_ondemand_set_object_close(req->object); 267 spin_unlock(&info->lock); 268 complete(&req->done); 269 return ret; 270 } 271 272 int cachefiles_ondemand_restore(struct cachefiles_cache *cache, char *args) 273 { 274 struct cachefiles_req *req; 275 276 XA_STATE(xas, &cache->reqs, 0); 277 278 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 279 return -EOPNOTSUPP; 280 281 /* 282 * Reset the requests to CACHEFILES_REQ_NEW state, so that the 283 * requests have been processed halfway before the crash of the 284 * user daemon could be reprocessed after the recovery. 285 */ 286 xas_lock(&xas); 287 xas_for_each(&xas, req, ULONG_MAX) 288 xas_set_mark(&xas, CACHEFILES_REQ_NEW); 289 xas_unlock(&xas); 290 291 wake_up_all(&cache->daemon_pollwq); 292 return 0; 293 } 294 295 static int cachefiles_ondemand_get_fd(struct cachefiles_req *req, 296 struct ondemand_anon_file *anon_file) 297 { 298 struct cachefiles_object *object; 299 struct cachefiles_cache *cache; 300 struct cachefiles_open *load; 301 u32 object_id; 302 int ret; 303 304 object = cachefiles_grab_object(req->object, 305 cachefiles_obj_get_ondemand_fd); 306 cache = object->volume->cache; 307 308 ret = xa_alloc_cyclic(&cache->ondemand_ids, &object_id, NULL, 309 XA_LIMIT(1, INT_MAX), 310 &cache->ondemand_id_next, GFP_KERNEL); 311 if (ret < 0) 312 goto err; 313 314 anon_file->fd = get_unused_fd_flags(O_WRONLY); 315 if (anon_file->fd < 0) { 316 ret = anon_file->fd; 317 goto err_free_id; 318 } 319 320 anon_file->file = anon_inode_getfile_fmode("[cachefiles]", 321 &cachefiles_ondemand_fd_fops, object, 322 O_WRONLY, FMODE_PWRITE | FMODE_LSEEK); 323 if (IS_ERR(anon_file->file)) { 324 ret = PTR_ERR(anon_file->file); 325 goto err_put_fd; 326 } 327 328 spin_lock(&object->ondemand->lock); 329 if (object->ondemand->ondemand_id > 0) { 330 spin_unlock(&object->ondemand->lock); 331 /* Pair with check in cachefiles_ondemand_fd_release(). */ 332 anon_file->file->private_data = NULL; 333 ret = -EEXIST; 334 goto err_put_file; 335 } 336 337 load = (void *)req->msg.data; 338 load->fd = anon_file->fd; 339 object->ondemand->ondemand_id = object_id; 340 spin_unlock(&object->ondemand->lock); 341 342 cachefiles_get_unbind_pincount(cache); 343 trace_cachefiles_ondemand_open(object, &req->msg, load); 344 return 0; 345 346 err_put_file: 347 fput(anon_file->file); 348 anon_file->file = NULL; 349 err_put_fd: 350 put_unused_fd(anon_file->fd); 351 anon_file->fd = ret; 352 err_free_id: 353 xa_erase(&cache->ondemand_ids, object_id); 354 err: 355 spin_lock(&object->ondemand->lock); 356 /* Avoid marking an opened object as closed. */ 357 if (object->ondemand->ondemand_id <= 0) 358 cachefiles_ondemand_set_object_close(object); 359 spin_unlock(&object->ondemand->lock); 360 cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd); 361 return ret; 362 } 363 364 static void ondemand_object_worker(struct work_struct *work) 365 { 366 struct cachefiles_ondemand_info *info = 367 container_of(work, struct cachefiles_ondemand_info, ondemand_work); 368 369 cachefiles_ondemand_init_object(info->object); 370 } 371 372 /* 373 * If there are any inflight or subsequent READ requests on the 374 * closed object, reopen it. 375 * Skip read requests whose related object is reopening. 376 */ 377 static struct cachefiles_req *cachefiles_ondemand_select_req(struct xa_state *xas, 378 unsigned long xa_max) 379 { 380 struct cachefiles_req *req; 381 struct cachefiles_object *object; 382 struct cachefiles_ondemand_info *info; 383 384 xas_for_each_marked(xas, req, xa_max, CACHEFILES_REQ_NEW) { 385 if (req->msg.opcode != CACHEFILES_OP_READ) 386 return req; 387 object = req->object; 388 info = object->ondemand; 389 if (cachefiles_ondemand_object_is_close(object)) { 390 cachefiles_ondemand_set_object_reopening(object); 391 queue_work(fscache_wq, &info->ondemand_work); 392 continue; 393 } 394 if (cachefiles_ondemand_object_is_reopening(object)) 395 continue; 396 return req; 397 } 398 return NULL; 399 } 400 401 static inline bool cachefiles_ondemand_finish_req(struct cachefiles_req *req, 402 struct xa_state *xas, int err) 403 { 404 if (unlikely(!xas || !req)) 405 return false; 406 407 if (xa_cmpxchg(xas->xa, xas->xa_index, req, NULL, 0) != req) 408 return false; 409 410 req->error = err; 411 complete(&req->done); 412 return true; 413 } 414 415 ssize_t cachefiles_ondemand_daemon_read(struct cachefiles_cache *cache, 416 char __user *_buffer, size_t buflen) 417 { 418 struct cachefiles_req *req; 419 struct cachefiles_msg *msg; 420 size_t n; 421 int ret = 0; 422 struct ondemand_anon_file anon_file; 423 XA_STATE(xas, &cache->reqs, cache->req_id_next); 424 425 xa_lock(&cache->reqs); 426 /* 427 * Cyclically search for a request that has not ever been processed, 428 * to prevent requests from being processed repeatedly, and make 429 * request distribution fair. 430 */ 431 req = cachefiles_ondemand_select_req(&xas, ULONG_MAX); 432 if (!req && cache->req_id_next > 0) { 433 xas_set(&xas, 0); 434 req = cachefiles_ondemand_select_req(&xas, cache->req_id_next - 1); 435 } 436 if (!req) { 437 xa_unlock(&cache->reqs); 438 return 0; 439 } 440 441 msg = &req->msg; 442 n = msg->len; 443 444 if (n > buflen) { 445 xa_unlock(&cache->reqs); 446 return -EMSGSIZE; 447 } 448 449 xas_clear_mark(&xas, CACHEFILES_REQ_NEW); 450 cache->req_id_next = xas.xa_index + 1; 451 refcount_inc(&req->ref); 452 cachefiles_grab_object(req->object, cachefiles_obj_get_read_req); 453 xa_unlock(&cache->reqs); 454 455 if (msg->opcode == CACHEFILES_OP_OPEN) { 456 ret = cachefiles_ondemand_get_fd(req, &anon_file); 457 if (ret) 458 goto out; 459 } 460 461 msg->msg_id = xas.xa_index; 462 msg->object_id = req->object->ondemand->ondemand_id; 463 464 if (copy_to_user(_buffer, msg, n) != 0) 465 ret = -EFAULT; 466 467 if (msg->opcode == CACHEFILES_OP_OPEN) { 468 if (ret < 0) { 469 fput(anon_file.file); 470 put_unused_fd(anon_file.fd); 471 goto out; 472 } 473 fd_install(anon_file.fd, anon_file.file); 474 } 475 out: 476 cachefiles_put_object(req->object, cachefiles_obj_put_read_req); 477 /* Remove error request and CLOSE request has no reply */ 478 if (ret || msg->opcode == CACHEFILES_OP_CLOSE) 479 cachefiles_ondemand_finish_req(req, &xas, ret); 480 cachefiles_req_put(req); 481 return ret ? ret : n; 482 } 483 484 typedef int (*init_req_fn)(struct cachefiles_req *req, void *private); 485 486 static int cachefiles_ondemand_send_req(struct cachefiles_object *object, 487 enum cachefiles_opcode opcode, 488 size_t data_len, 489 init_req_fn init_req, 490 void *private) 491 { 492 struct cachefiles_cache *cache = object->volume->cache; 493 struct cachefiles_req *req = NULL; 494 XA_STATE(xas, &cache->reqs, 0); 495 int ret; 496 497 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags)) 498 return 0; 499 500 if (test_bit(CACHEFILES_DEAD, &cache->flags)) { 501 ret = -EIO; 502 goto out; 503 } 504 505 req = kzalloc(sizeof(*req) + data_len, GFP_KERNEL); 506 if (!req) { 507 ret = -ENOMEM; 508 goto out; 509 } 510 511 refcount_set(&req->ref, 1); 512 req->object = object; 513 init_completion(&req->done); 514 req->msg.opcode = opcode; 515 req->msg.len = sizeof(struct cachefiles_msg) + data_len; 516 517 ret = init_req(req, private); 518 if (ret) 519 goto out; 520 521 do { 522 /* 523 * Stop enqueuing the request when daemon is dying. The 524 * following two operations need to be atomic as a whole. 525 * 1) check cache state, and 526 * 2) enqueue request if cache is alive. 527 * Otherwise the request may be enqueued after xarray has been 528 * flushed, leaving the orphan request never being completed. 529 * 530 * CPU 1 CPU 2 531 * ===== ===== 532 * test CACHEFILES_DEAD bit 533 * set CACHEFILES_DEAD bit 534 * flush requests in the xarray 535 * enqueue the request 536 */ 537 xas_lock(&xas); 538 539 if (test_bit(CACHEFILES_DEAD, &cache->flags) || 540 cachefiles_ondemand_object_is_dropping(object)) { 541 xas_unlock(&xas); 542 ret = -EIO; 543 goto out; 544 } 545 546 /* coupled with the barrier in cachefiles_flush_reqs() */ 547 smp_mb(); 548 549 if (opcode == CACHEFILES_OP_CLOSE && 550 !cachefiles_ondemand_object_is_open(object)) { 551 WARN_ON_ONCE(object->ondemand->ondemand_id == 0); 552 xas_unlock(&xas); 553 ret = -EIO; 554 goto out; 555 } 556 557 /* 558 * Cyclically find a free xas to avoid msg_id reuse that would 559 * cause the daemon to successfully copen a stale msg_id. 560 */ 561 xas.xa_index = cache->msg_id_next; 562 xas_find_marked(&xas, UINT_MAX, XA_FREE_MARK); 563 if (xas.xa_node == XAS_RESTART) { 564 xas.xa_index = 0; 565 xas_find_marked(&xas, cache->msg_id_next - 1, XA_FREE_MARK); 566 } 567 if (xas.xa_node == XAS_RESTART) 568 xas_set_err(&xas, -EBUSY); 569 570 xas_store(&xas, req); 571 if (xas_valid(&xas)) { 572 cache->msg_id_next = xas.xa_index + 1; 573 xas_clear_mark(&xas, XA_FREE_MARK); 574 xas_set_mark(&xas, CACHEFILES_REQ_NEW); 575 } 576 xas_unlock(&xas); 577 } while (xas_nomem(&xas, GFP_KERNEL)); 578 579 ret = xas_error(&xas); 580 if (ret) 581 goto out; 582 583 wake_up_all(&cache->daemon_pollwq); 584 wait: 585 ret = wait_for_completion_killable(&req->done); 586 if (!ret) { 587 ret = req->error; 588 } else { 589 ret = -EINTR; 590 if (!cachefiles_ondemand_finish_req(req, &xas, ret)) { 591 /* Someone will complete it soon. */ 592 cpu_relax(); 593 goto wait; 594 } 595 } 596 cachefiles_req_put(req); 597 return ret; 598 out: 599 /* Reset the object to close state in error handling path. 600 * If error occurs after creating the anonymous fd, 601 * cachefiles_ondemand_fd_release() will set object to close. 602 */ 603 if (opcode == CACHEFILES_OP_OPEN && 604 !cachefiles_ondemand_object_is_dropping(object)) 605 cachefiles_ondemand_set_object_close(object); 606 kfree(req); 607 return ret; 608 } 609 610 static int cachefiles_ondemand_init_open_req(struct cachefiles_req *req, 611 void *private) 612 { 613 struct cachefiles_object *object = req->object; 614 struct fscache_cookie *cookie = object->cookie; 615 struct fscache_volume *volume = object->volume->vcookie; 616 struct cachefiles_open *load = (void *)req->msg.data; 617 size_t volume_key_size, cookie_key_size; 618 void *volume_key, *cookie_key; 619 620 /* 621 * Volume key is a NUL-terminated string. key[0] stores strlen() of the 622 * string, followed by the content of the string (excluding '\0'). 623 */ 624 volume_key_size = volume->key[0] + 1; 625 volume_key = volume->key + 1; 626 627 /* Cookie key is binary data, which is netfs specific. */ 628 cookie_key_size = cookie->key_len; 629 cookie_key = fscache_get_key(cookie); 630 631 if (!(object->cookie->advice & FSCACHE_ADV_WANT_CACHE_SIZE)) { 632 pr_err("WANT_CACHE_SIZE is needed for on-demand mode\n"); 633 return -EINVAL; 634 } 635 636 load->volume_key_size = volume_key_size; 637 load->cookie_key_size = cookie_key_size; 638 memcpy(load->data, volume_key, volume_key_size); 639 memcpy(load->data + volume_key_size, cookie_key, cookie_key_size); 640 641 return 0; 642 } 643 644 static int cachefiles_ondemand_init_close_req(struct cachefiles_req *req, 645 void *private) 646 { 647 struct cachefiles_object *object = req->object; 648 649 if (!cachefiles_ondemand_object_is_open(object)) 650 return -ENOENT; 651 652 trace_cachefiles_ondemand_close(object, &req->msg); 653 return 0; 654 } 655 656 struct cachefiles_read_ctx { 657 loff_t off; 658 size_t len; 659 }; 660 661 static int cachefiles_ondemand_init_read_req(struct cachefiles_req *req, 662 void *private) 663 { 664 struct cachefiles_object *object = req->object; 665 struct cachefiles_read *load = (void *)req->msg.data; 666 struct cachefiles_read_ctx *read_ctx = private; 667 668 load->off = read_ctx->off; 669 load->len = read_ctx->len; 670 trace_cachefiles_ondemand_read(object, &req->msg, load); 671 return 0; 672 } 673 674 int cachefiles_ondemand_init_object(struct cachefiles_object *object) 675 { 676 struct fscache_cookie *cookie = object->cookie; 677 struct fscache_volume *volume = object->volume->vcookie; 678 size_t volume_key_size, cookie_key_size, data_len; 679 680 if (!object->ondemand) 681 return 0; 682 683 /* 684 * CacheFiles will firstly check the cache file under the root cache 685 * directory. If the coherency check failed, it will fallback to 686 * creating a new tmpfile as the cache file. Reuse the previously 687 * allocated object ID if any. 688 */ 689 if (cachefiles_ondemand_object_is_open(object)) 690 return 0; 691 692 volume_key_size = volume->key[0] + 1; 693 cookie_key_size = cookie->key_len; 694 data_len = sizeof(struct cachefiles_open) + 695 volume_key_size + cookie_key_size; 696 697 return cachefiles_ondemand_send_req(object, CACHEFILES_OP_OPEN, 698 data_len, cachefiles_ondemand_init_open_req, NULL); 699 } 700 701 void cachefiles_ondemand_clean_object(struct cachefiles_object *object) 702 { 703 unsigned long index; 704 struct cachefiles_req *req; 705 struct cachefiles_cache *cache; 706 707 if (!object->ondemand) 708 return; 709 710 cachefiles_ondemand_send_req(object, CACHEFILES_OP_CLOSE, 0, 711 cachefiles_ondemand_init_close_req, NULL); 712 713 if (!object->ondemand->ondemand_id) 714 return; 715 716 /* Cancel all requests for the object that is being dropped. */ 717 cache = object->volume->cache; 718 xa_lock(&cache->reqs); 719 cachefiles_ondemand_set_object_dropping(object); 720 xa_for_each(&cache->reqs, index, req) { 721 if (req->object == object) { 722 req->error = -EIO; 723 complete(&req->done); 724 __xa_erase(&cache->reqs, index); 725 } 726 } 727 xa_unlock(&cache->reqs); 728 729 /* Wait for ondemand_object_worker() to finish to avoid UAF. */ 730 cancel_work_sync(&object->ondemand->ondemand_work); 731 } 732 733 int cachefiles_ondemand_init_obj_info(struct cachefiles_object *object, 734 struct cachefiles_volume *volume) 735 { 736 if (!cachefiles_in_ondemand_mode(volume->cache)) 737 return 0; 738 739 object->ondemand = kzalloc(sizeof(struct cachefiles_ondemand_info), 740 GFP_KERNEL); 741 if (!object->ondemand) 742 return -ENOMEM; 743 744 object->ondemand->object = object; 745 spin_lock_init(&object->ondemand->lock); 746 INIT_WORK(&object->ondemand->ondemand_work, ondemand_object_worker); 747 return 0; 748 } 749 750 void cachefiles_ondemand_deinit_obj_info(struct cachefiles_object *object) 751 { 752 kfree(object->ondemand); 753 object->ondemand = NULL; 754 } 755 756 int cachefiles_ondemand_read(struct cachefiles_object *object, 757 loff_t pos, size_t len) 758 { 759 struct cachefiles_read_ctx read_ctx = {pos, len}; 760 761 return cachefiles_ondemand_send_req(object, CACHEFILES_OP_READ, 762 sizeof(struct cachefiles_read), 763 cachefiles_ondemand_init_read_req, &read_ctx); 764 } 765