1 /* 2 FUSE: Filesystem in Userspace 3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu> 4 5 This program can be distributed under the terms of the GNU GPL. 6 See the file COPYING. 7 */ 8 9 #include "fuse_i.h" 10 11 #include <linux/pagemap.h> 12 #include <linux/slab.h> 13 #include <linux/kernel.h> 14 #include <linux/sched.h> 15 16 static const struct file_operations fuse_direct_io_file_operations; 17 18 static int fuse_send_open(struct inode *inode, struct file *file, int isdir, 19 struct fuse_open_out *outargp) 20 { 21 struct fuse_conn *fc = get_fuse_conn(inode); 22 struct fuse_open_in inarg; 23 struct fuse_req *req; 24 int err; 25 26 req = fuse_get_req(fc); 27 if (IS_ERR(req)) 28 return PTR_ERR(req); 29 30 memset(&inarg, 0, sizeof(inarg)); 31 inarg.flags = file->f_flags & ~(O_CREAT | O_EXCL | O_NOCTTY); 32 if (!fc->atomic_o_trunc) 33 inarg.flags &= ~O_TRUNC; 34 req->in.h.opcode = isdir ? FUSE_OPENDIR : FUSE_OPEN; 35 req->in.h.nodeid = get_node_id(inode); 36 req->in.numargs = 1; 37 req->in.args[0].size = sizeof(inarg); 38 req->in.args[0].value = &inarg; 39 req->out.numargs = 1; 40 req->out.args[0].size = sizeof(*outargp); 41 req->out.args[0].value = outargp; 42 fuse_request_send(fc, req); 43 err = req->out.h.error; 44 fuse_put_request(fc, req); 45 46 return err; 47 } 48 49 struct fuse_file *fuse_file_alloc(struct fuse_conn *fc) 50 { 51 struct fuse_file *ff; 52 ff = kmalloc(sizeof(struct fuse_file), GFP_KERNEL); 53 if (ff) { 54 ff->reserved_req = fuse_request_alloc(); 55 if (!ff->reserved_req) { 56 kfree(ff); 57 return NULL; 58 } else { 59 INIT_LIST_HEAD(&ff->write_entry); 60 atomic_set(&ff->count, 0); 61 spin_lock(&fc->lock); 62 ff->kh = ++fc->khctr; 63 spin_unlock(&fc->lock); 64 } 65 RB_CLEAR_NODE(&ff->polled_node); 66 init_waitqueue_head(&ff->poll_wait); 67 } 68 return ff; 69 } 70 71 void fuse_file_free(struct fuse_file *ff) 72 { 73 fuse_request_free(ff->reserved_req); 74 kfree(ff); 75 } 76 77 static struct fuse_file *fuse_file_get(struct fuse_file *ff) 78 { 79 atomic_inc(&ff->count); 80 return ff; 81 } 82 83 static void fuse_release_end(struct fuse_conn *fc, struct fuse_req *req) 84 { 85 dput(req->misc.release.dentry); 86 mntput(req->misc.release.vfsmount); 87 } 88 89 static void fuse_file_put(struct fuse_file *ff) 90 { 91 if (atomic_dec_and_test(&ff->count)) { 92 struct fuse_req *req = ff->reserved_req; 93 struct inode *inode = req->misc.release.dentry->d_inode; 94 struct fuse_conn *fc = get_fuse_conn(inode); 95 req->end = fuse_release_end; 96 fuse_request_send_background(fc, req); 97 kfree(ff); 98 } 99 } 100 101 void fuse_finish_open(struct inode *inode, struct file *file, 102 struct fuse_file *ff, struct fuse_open_out *outarg) 103 { 104 if (outarg->open_flags & FOPEN_DIRECT_IO) 105 file->f_op = &fuse_direct_io_file_operations; 106 if (!(outarg->open_flags & FOPEN_KEEP_CACHE)) 107 invalidate_inode_pages2(inode->i_mapping); 108 if (outarg->open_flags & FOPEN_NONSEEKABLE) 109 nonseekable_open(inode, file); 110 ff->fh = outarg->fh; 111 file->private_data = fuse_file_get(ff); 112 } 113 114 int fuse_open_common(struct inode *inode, struct file *file, int isdir) 115 { 116 struct fuse_conn *fc = get_fuse_conn(inode); 117 struct fuse_open_out outarg; 118 struct fuse_file *ff; 119 int err; 120 121 /* VFS checks this, but only _after_ ->open() */ 122 if (file->f_flags & O_DIRECT) 123 return -EINVAL; 124 125 err = generic_file_open(inode, file); 126 if (err) 127 return err; 128 129 ff = fuse_file_alloc(fc); 130 if (!ff) 131 return -ENOMEM; 132 133 err = fuse_send_open(inode, file, isdir, &outarg); 134 if (err) 135 fuse_file_free(ff); 136 else { 137 if (isdir) 138 outarg.open_flags &= ~FOPEN_DIRECT_IO; 139 fuse_finish_open(inode, file, ff, &outarg); 140 } 141 142 return err; 143 } 144 145 void fuse_release_fill(struct fuse_file *ff, u64 nodeid, int flags, int opcode) 146 { 147 struct fuse_req *req = ff->reserved_req; 148 struct fuse_release_in *inarg = &req->misc.release.in; 149 150 inarg->fh = ff->fh; 151 inarg->flags = flags; 152 req->in.h.opcode = opcode; 153 req->in.h.nodeid = nodeid; 154 req->in.numargs = 1; 155 req->in.args[0].size = sizeof(struct fuse_release_in); 156 req->in.args[0].value = inarg; 157 } 158 159 int fuse_release_common(struct inode *inode, struct file *file, int isdir) 160 { 161 struct fuse_file *ff = file->private_data; 162 if (ff) { 163 struct fuse_conn *fc = get_fuse_conn(inode); 164 struct fuse_req *req = ff->reserved_req; 165 166 fuse_release_fill(ff, get_node_id(inode), file->f_flags, 167 isdir ? FUSE_RELEASEDIR : FUSE_RELEASE); 168 169 /* Hold vfsmount and dentry until release is finished */ 170 req->misc.release.vfsmount = mntget(file->f_path.mnt); 171 req->misc.release.dentry = dget(file->f_path.dentry); 172 173 spin_lock(&fc->lock); 174 list_del(&ff->write_entry); 175 if (!RB_EMPTY_NODE(&ff->polled_node)) 176 rb_erase(&ff->polled_node, &fc->polled_files); 177 spin_unlock(&fc->lock); 178 179 wake_up_interruptible_sync(&ff->poll_wait); 180 /* 181 * Normally this will send the RELEASE request, 182 * however if some asynchronous READ or WRITE requests 183 * are outstanding, the sending will be delayed 184 */ 185 fuse_file_put(ff); 186 } 187 188 /* Return value is ignored by VFS */ 189 return 0; 190 } 191 192 static int fuse_open(struct inode *inode, struct file *file) 193 { 194 return fuse_open_common(inode, file, 0); 195 } 196 197 static int fuse_release(struct inode *inode, struct file *file) 198 { 199 return fuse_release_common(inode, file, 0); 200 } 201 202 /* 203 * Scramble the ID space with XTEA, so that the value of the files_struct 204 * pointer is not exposed to userspace. 205 */ 206 u64 fuse_lock_owner_id(struct fuse_conn *fc, fl_owner_t id) 207 { 208 u32 *k = fc->scramble_key; 209 u64 v = (unsigned long) id; 210 u32 v0 = v; 211 u32 v1 = v >> 32; 212 u32 sum = 0; 213 int i; 214 215 for (i = 0; i < 32; i++) { 216 v0 += ((v1 << 4 ^ v1 >> 5) + v1) ^ (sum + k[sum & 3]); 217 sum += 0x9E3779B9; 218 v1 += ((v0 << 4 ^ v0 >> 5) + v0) ^ (sum + k[sum>>11 & 3]); 219 } 220 221 return (u64) v0 + ((u64) v1 << 32); 222 } 223 224 /* 225 * Check if page is under writeback 226 * 227 * This is currently done by walking the list of writepage requests 228 * for the inode, which can be pretty inefficient. 229 */ 230 static bool fuse_page_is_writeback(struct inode *inode, pgoff_t index) 231 { 232 struct fuse_conn *fc = get_fuse_conn(inode); 233 struct fuse_inode *fi = get_fuse_inode(inode); 234 struct fuse_req *req; 235 bool found = false; 236 237 spin_lock(&fc->lock); 238 list_for_each_entry(req, &fi->writepages, writepages_entry) { 239 pgoff_t curr_index; 240 241 BUG_ON(req->inode != inode); 242 curr_index = req->misc.write.in.offset >> PAGE_CACHE_SHIFT; 243 if (curr_index == index) { 244 found = true; 245 break; 246 } 247 } 248 spin_unlock(&fc->lock); 249 250 return found; 251 } 252 253 /* 254 * Wait for page writeback to be completed. 255 * 256 * Since fuse doesn't rely on the VM writeback tracking, this has to 257 * use some other means. 258 */ 259 static int fuse_wait_on_page_writeback(struct inode *inode, pgoff_t index) 260 { 261 struct fuse_inode *fi = get_fuse_inode(inode); 262 263 wait_event(fi->page_waitq, !fuse_page_is_writeback(inode, index)); 264 return 0; 265 } 266 267 static int fuse_flush(struct file *file, fl_owner_t id) 268 { 269 struct inode *inode = file->f_path.dentry->d_inode; 270 struct fuse_conn *fc = get_fuse_conn(inode); 271 struct fuse_file *ff = file->private_data; 272 struct fuse_req *req; 273 struct fuse_flush_in inarg; 274 int err; 275 276 if (is_bad_inode(inode)) 277 return -EIO; 278 279 if (fc->no_flush) 280 return 0; 281 282 req = fuse_get_req_nofail(fc, file); 283 memset(&inarg, 0, sizeof(inarg)); 284 inarg.fh = ff->fh; 285 inarg.lock_owner = fuse_lock_owner_id(fc, id); 286 req->in.h.opcode = FUSE_FLUSH; 287 req->in.h.nodeid = get_node_id(inode); 288 req->in.numargs = 1; 289 req->in.args[0].size = sizeof(inarg); 290 req->in.args[0].value = &inarg; 291 req->force = 1; 292 fuse_request_send(fc, req); 293 err = req->out.h.error; 294 fuse_put_request(fc, req); 295 if (err == -ENOSYS) { 296 fc->no_flush = 1; 297 err = 0; 298 } 299 return err; 300 } 301 302 /* 303 * Wait for all pending writepages on the inode to finish. 304 * 305 * This is currently done by blocking further writes with FUSE_NOWRITE 306 * and waiting for all sent writes to complete. 307 * 308 * This must be called under i_mutex, otherwise the FUSE_NOWRITE usage 309 * could conflict with truncation. 310 */ 311 static void fuse_sync_writes(struct inode *inode) 312 { 313 fuse_set_nowrite(inode); 314 fuse_release_nowrite(inode); 315 } 316 317 int fuse_fsync_common(struct file *file, struct dentry *de, int datasync, 318 int isdir) 319 { 320 struct inode *inode = de->d_inode; 321 struct fuse_conn *fc = get_fuse_conn(inode); 322 struct fuse_file *ff = file->private_data; 323 struct fuse_req *req; 324 struct fuse_fsync_in inarg; 325 int err; 326 327 if (is_bad_inode(inode)) 328 return -EIO; 329 330 if ((!isdir && fc->no_fsync) || (isdir && fc->no_fsyncdir)) 331 return 0; 332 333 /* 334 * Start writeback against all dirty pages of the inode, then 335 * wait for all outstanding writes, before sending the FSYNC 336 * request. 337 */ 338 err = write_inode_now(inode, 0); 339 if (err) 340 return err; 341 342 fuse_sync_writes(inode); 343 344 req = fuse_get_req(fc); 345 if (IS_ERR(req)) 346 return PTR_ERR(req); 347 348 memset(&inarg, 0, sizeof(inarg)); 349 inarg.fh = ff->fh; 350 inarg.fsync_flags = datasync ? 1 : 0; 351 req->in.h.opcode = isdir ? FUSE_FSYNCDIR : FUSE_FSYNC; 352 req->in.h.nodeid = get_node_id(inode); 353 req->in.numargs = 1; 354 req->in.args[0].size = sizeof(inarg); 355 req->in.args[0].value = &inarg; 356 fuse_request_send(fc, req); 357 err = req->out.h.error; 358 fuse_put_request(fc, req); 359 if (err == -ENOSYS) { 360 if (isdir) 361 fc->no_fsyncdir = 1; 362 else 363 fc->no_fsync = 1; 364 err = 0; 365 } 366 return err; 367 } 368 369 static int fuse_fsync(struct file *file, struct dentry *de, int datasync) 370 { 371 return fuse_fsync_common(file, de, datasync, 0); 372 } 373 374 void fuse_read_fill(struct fuse_req *req, struct file *file, 375 struct inode *inode, loff_t pos, size_t count, int opcode) 376 { 377 struct fuse_read_in *inarg = &req->misc.read.in; 378 struct fuse_file *ff = file->private_data; 379 380 inarg->fh = ff->fh; 381 inarg->offset = pos; 382 inarg->size = count; 383 inarg->flags = file->f_flags; 384 req->in.h.opcode = opcode; 385 req->in.h.nodeid = get_node_id(inode); 386 req->in.numargs = 1; 387 req->in.args[0].size = sizeof(struct fuse_read_in); 388 req->in.args[0].value = inarg; 389 req->out.argpages = 1; 390 req->out.argvar = 1; 391 req->out.numargs = 1; 392 req->out.args[0].size = count; 393 } 394 395 static size_t fuse_send_read(struct fuse_req *req, struct file *file, 396 struct inode *inode, loff_t pos, size_t count, 397 fl_owner_t owner) 398 { 399 struct fuse_conn *fc = get_fuse_conn(inode); 400 401 fuse_read_fill(req, file, inode, pos, count, FUSE_READ); 402 if (owner != NULL) { 403 struct fuse_read_in *inarg = &req->misc.read.in; 404 405 inarg->read_flags |= FUSE_READ_LOCKOWNER; 406 inarg->lock_owner = fuse_lock_owner_id(fc, owner); 407 } 408 fuse_request_send(fc, req); 409 return req->out.args[0].size; 410 } 411 412 static void fuse_read_update_size(struct inode *inode, loff_t size, 413 u64 attr_ver) 414 { 415 struct fuse_conn *fc = get_fuse_conn(inode); 416 struct fuse_inode *fi = get_fuse_inode(inode); 417 418 spin_lock(&fc->lock); 419 if (attr_ver == fi->attr_version && size < inode->i_size) { 420 fi->attr_version = ++fc->attr_version; 421 i_size_write(inode, size); 422 } 423 spin_unlock(&fc->lock); 424 } 425 426 static int fuse_readpage(struct file *file, struct page *page) 427 { 428 struct inode *inode = page->mapping->host; 429 struct fuse_conn *fc = get_fuse_conn(inode); 430 struct fuse_req *req; 431 size_t num_read; 432 loff_t pos = page_offset(page); 433 size_t count = PAGE_CACHE_SIZE; 434 u64 attr_ver; 435 int err; 436 437 err = -EIO; 438 if (is_bad_inode(inode)) 439 goto out; 440 441 /* 442 * Page writeback can extend beyond the liftime of the 443 * page-cache page, so make sure we read a properly synced 444 * page. 445 */ 446 fuse_wait_on_page_writeback(inode, page->index); 447 448 req = fuse_get_req(fc); 449 err = PTR_ERR(req); 450 if (IS_ERR(req)) 451 goto out; 452 453 attr_ver = fuse_get_attr_version(fc); 454 455 req->out.page_zeroing = 1; 456 req->num_pages = 1; 457 req->pages[0] = page; 458 num_read = fuse_send_read(req, file, inode, pos, count, NULL); 459 err = req->out.h.error; 460 fuse_put_request(fc, req); 461 462 if (!err) { 463 /* 464 * Short read means EOF. If file size is larger, truncate it 465 */ 466 if (num_read < count) 467 fuse_read_update_size(inode, pos + num_read, attr_ver); 468 469 SetPageUptodate(page); 470 } 471 472 fuse_invalidate_attr(inode); /* atime changed */ 473 out: 474 unlock_page(page); 475 return err; 476 } 477 478 static void fuse_readpages_end(struct fuse_conn *fc, struct fuse_req *req) 479 { 480 int i; 481 size_t count = req->misc.read.in.size; 482 size_t num_read = req->out.args[0].size; 483 struct inode *inode = req->pages[0]->mapping->host; 484 485 /* 486 * Short read means EOF. If file size is larger, truncate it 487 */ 488 if (!req->out.h.error && num_read < count) { 489 loff_t pos = page_offset(req->pages[0]) + num_read; 490 fuse_read_update_size(inode, pos, req->misc.read.attr_ver); 491 } 492 493 fuse_invalidate_attr(inode); /* atime changed */ 494 495 for (i = 0; i < req->num_pages; i++) { 496 struct page *page = req->pages[i]; 497 if (!req->out.h.error) 498 SetPageUptodate(page); 499 else 500 SetPageError(page); 501 unlock_page(page); 502 } 503 if (req->ff) 504 fuse_file_put(req->ff); 505 } 506 507 static void fuse_send_readpages(struct fuse_req *req, struct file *file, 508 struct inode *inode) 509 { 510 struct fuse_conn *fc = get_fuse_conn(inode); 511 loff_t pos = page_offset(req->pages[0]); 512 size_t count = req->num_pages << PAGE_CACHE_SHIFT; 513 req->out.page_zeroing = 1; 514 fuse_read_fill(req, file, inode, pos, count, FUSE_READ); 515 req->misc.read.attr_ver = fuse_get_attr_version(fc); 516 if (fc->async_read) { 517 struct fuse_file *ff = file->private_data; 518 req->ff = fuse_file_get(ff); 519 req->end = fuse_readpages_end; 520 fuse_request_send_background(fc, req); 521 } else { 522 fuse_request_send(fc, req); 523 fuse_readpages_end(fc, req); 524 fuse_put_request(fc, req); 525 } 526 } 527 528 struct fuse_fill_data { 529 struct fuse_req *req; 530 struct file *file; 531 struct inode *inode; 532 }; 533 534 static int fuse_readpages_fill(void *_data, struct page *page) 535 { 536 struct fuse_fill_data *data = _data; 537 struct fuse_req *req = data->req; 538 struct inode *inode = data->inode; 539 struct fuse_conn *fc = get_fuse_conn(inode); 540 541 fuse_wait_on_page_writeback(inode, page->index); 542 543 if (req->num_pages && 544 (req->num_pages == FUSE_MAX_PAGES_PER_REQ || 545 (req->num_pages + 1) * PAGE_CACHE_SIZE > fc->max_read || 546 req->pages[req->num_pages - 1]->index + 1 != page->index)) { 547 fuse_send_readpages(req, data->file, inode); 548 data->req = req = fuse_get_req(fc); 549 if (IS_ERR(req)) { 550 unlock_page(page); 551 return PTR_ERR(req); 552 } 553 } 554 req->pages[req->num_pages] = page; 555 req->num_pages++; 556 return 0; 557 } 558 559 static int fuse_readpages(struct file *file, struct address_space *mapping, 560 struct list_head *pages, unsigned nr_pages) 561 { 562 struct inode *inode = mapping->host; 563 struct fuse_conn *fc = get_fuse_conn(inode); 564 struct fuse_fill_data data; 565 int err; 566 567 err = -EIO; 568 if (is_bad_inode(inode)) 569 goto out; 570 571 data.file = file; 572 data.inode = inode; 573 data.req = fuse_get_req(fc); 574 err = PTR_ERR(data.req); 575 if (IS_ERR(data.req)) 576 goto out; 577 578 err = read_cache_pages(mapping, pages, fuse_readpages_fill, &data); 579 if (!err) { 580 if (data.req->num_pages) 581 fuse_send_readpages(data.req, file, inode); 582 else 583 fuse_put_request(fc, data.req); 584 } 585 out: 586 return err; 587 } 588 589 static ssize_t fuse_file_aio_read(struct kiocb *iocb, const struct iovec *iov, 590 unsigned long nr_segs, loff_t pos) 591 { 592 struct inode *inode = iocb->ki_filp->f_mapping->host; 593 594 if (pos + iov_length(iov, nr_segs) > i_size_read(inode)) { 595 int err; 596 /* 597 * If trying to read past EOF, make sure the i_size 598 * attribute is up-to-date. 599 */ 600 err = fuse_update_attributes(inode, NULL, iocb->ki_filp, NULL); 601 if (err) 602 return err; 603 } 604 605 return generic_file_aio_read(iocb, iov, nr_segs, pos); 606 } 607 608 static void fuse_write_fill(struct fuse_req *req, struct file *file, 609 struct fuse_file *ff, struct inode *inode, 610 loff_t pos, size_t count, int writepage) 611 { 612 struct fuse_conn *fc = get_fuse_conn(inode); 613 struct fuse_write_in *inarg = &req->misc.write.in; 614 struct fuse_write_out *outarg = &req->misc.write.out; 615 616 memset(inarg, 0, sizeof(struct fuse_write_in)); 617 inarg->fh = ff->fh; 618 inarg->offset = pos; 619 inarg->size = count; 620 inarg->write_flags = writepage ? FUSE_WRITE_CACHE : 0; 621 inarg->flags = file ? file->f_flags : 0; 622 req->in.h.opcode = FUSE_WRITE; 623 req->in.h.nodeid = get_node_id(inode); 624 req->in.argpages = 1; 625 req->in.numargs = 2; 626 if (fc->minor < 9) 627 req->in.args[0].size = FUSE_COMPAT_WRITE_IN_SIZE; 628 else 629 req->in.args[0].size = sizeof(struct fuse_write_in); 630 req->in.args[0].value = inarg; 631 req->in.args[1].size = count; 632 req->out.numargs = 1; 633 req->out.args[0].size = sizeof(struct fuse_write_out); 634 req->out.args[0].value = outarg; 635 } 636 637 static size_t fuse_send_write(struct fuse_req *req, struct file *file, 638 struct inode *inode, loff_t pos, size_t count, 639 fl_owner_t owner) 640 { 641 struct fuse_conn *fc = get_fuse_conn(inode); 642 fuse_write_fill(req, file, file->private_data, inode, pos, count, 0); 643 if (owner != NULL) { 644 struct fuse_write_in *inarg = &req->misc.write.in; 645 inarg->write_flags |= FUSE_WRITE_LOCKOWNER; 646 inarg->lock_owner = fuse_lock_owner_id(fc, owner); 647 } 648 fuse_request_send(fc, req); 649 return req->misc.write.out.size; 650 } 651 652 static int fuse_write_begin(struct file *file, struct address_space *mapping, 653 loff_t pos, unsigned len, unsigned flags, 654 struct page **pagep, void **fsdata) 655 { 656 pgoff_t index = pos >> PAGE_CACHE_SHIFT; 657 658 *pagep = grab_cache_page_write_begin(mapping, index, flags); 659 if (!*pagep) 660 return -ENOMEM; 661 return 0; 662 } 663 664 static void fuse_write_update_size(struct inode *inode, loff_t pos) 665 { 666 struct fuse_conn *fc = get_fuse_conn(inode); 667 struct fuse_inode *fi = get_fuse_inode(inode); 668 669 spin_lock(&fc->lock); 670 fi->attr_version = ++fc->attr_version; 671 if (pos > inode->i_size) 672 i_size_write(inode, pos); 673 spin_unlock(&fc->lock); 674 } 675 676 static int fuse_buffered_write(struct file *file, struct inode *inode, 677 loff_t pos, unsigned count, struct page *page) 678 { 679 int err; 680 size_t nres; 681 struct fuse_conn *fc = get_fuse_conn(inode); 682 unsigned offset = pos & (PAGE_CACHE_SIZE - 1); 683 struct fuse_req *req; 684 685 if (is_bad_inode(inode)) 686 return -EIO; 687 688 /* 689 * Make sure writepages on the same page are not mixed up with 690 * plain writes. 691 */ 692 fuse_wait_on_page_writeback(inode, page->index); 693 694 req = fuse_get_req(fc); 695 if (IS_ERR(req)) 696 return PTR_ERR(req); 697 698 req->num_pages = 1; 699 req->pages[0] = page; 700 req->page_offset = offset; 701 nres = fuse_send_write(req, file, inode, pos, count, NULL); 702 err = req->out.h.error; 703 fuse_put_request(fc, req); 704 if (!err && !nres) 705 err = -EIO; 706 if (!err) { 707 pos += nres; 708 fuse_write_update_size(inode, pos); 709 if (count == PAGE_CACHE_SIZE) 710 SetPageUptodate(page); 711 } 712 fuse_invalidate_attr(inode); 713 return err ? err : nres; 714 } 715 716 static int fuse_write_end(struct file *file, struct address_space *mapping, 717 loff_t pos, unsigned len, unsigned copied, 718 struct page *page, void *fsdata) 719 { 720 struct inode *inode = mapping->host; 721 int res = 0; 722 723 if (copied) 724 res = fuse_buffered_write(file, inode, pos, copied, page); 725 726 unlock_page(page); 727 page_cache_release(page); 728 return res; 729 } 730 731 static size_t fuse_send_write_pages(struct fuse_req *req, struct file *file, 732 struct inode *inode, loff_t pos, 733 size_t count) 734 { 735 size_t res; 736 unsigned offset; 737 unsigned i; 738 739 for (i = 0; i < req->num_pages; i++) 740 fuse_wait_on_page_writeback(inode, req->pages[i]->index); 741 742 res = fuse_send_write(req, file, inode, pos, count, NULL); 743 744 offset = req->page_offset; 745 count = res; 746 for (i = 0; i < req->num_pages; i++) { 747 struct page *page = req->pages[i]; 748 749 if (!req->out.h.error && !offset && count >= PAGE_CACHE_SIZE) 750 SetPageUptodate(page); 751 752 if (count > PAGE_CACHE_SIZE - offset) 753 count -= PAGE_CACHE_SIZE - offset; 754 else 755 count = 0; 756 offset = 0; 757 758 unlock_page(page); 759 page_cache_release(page); 760 } 761 762 return res; 763 } 764 765 static ssize_t fuse_fill_write_pages(struct fuse_req *req, 766 struct address_space *mapping, 767 struct iov_iter *ii, loff_t pos) 768 { 769 struct fuse_conn *fc = get_fuse_conn(mapping->host); 770 unsigned offset = pos & (PAGE_CACHE_SIZE - 1); 771 size_t count = 0; 772 int err; 773 774 req->page_offset = offset; 775 776 do { 777 size_t tmp; 778 struct page *page; 779 pgoff_t index = pos >> PAGE_CACHE_SHIFT; 780 size_t bytes = min_t(size_t, PAGE_CACHE_SIZE - offset, 781 iov_iter_count(ii)); 782 783 bytes = min_t(size_t, bytes, fc->max_write - count); 784 785 again: 786 err = -EFAULT; 787 if (iov_iter_fault_in_readable(ii, bytes)) 788 break; 789 790 err = -ENOMEM; 791 page = grab_cache_page_write_begin(mapping, index, 0); 792 if (!page) 793 break; 794 795 pagefault_disable(); 796 tmp = iov_iter_copy_from_user_atomic(page, ii, offset, bytes); 797 pagefault_enable(); 798 flush_dcache_page(page); 799 800 if (!tmp) { 801 unlock_page(page); 802 page_cache_release(page); 803 bytes = min(bytes, iov_iter_single_seg_count(ii)); 804 goto again; 805 } 806 807 err = 0; 808 req->pages[req->num_pages] = page; 809 req->num_pages++; 810 811 iov_iter_advance(ii, tmp); 812 count += tmp; 813 pos += tmp; 814 offset += tmp; 815 if (offset == PAGE_CACHE_SIZE) 816 offset = 0; 817 818 if (!fc->big_writes) 819 break; 820 } while (iov_iter_count(ii) && count < fc->max_write && 821 req->num_pages < FUSE_MAX_PAGES_PER_REQ && offset == 0); 822 823 return count > 0 ? count : err; 824 } 825 826 static ssize_t fuse_perform_write(struct file *file, 827 struct address_space *mapping, 828 struct iov_iter *ii, loff_t pos) 829 { 830 struct inode *inode = mapping->host; 831 struct fuse_conn *fc = get_fuse_conn(inode); 832 int err = 0; 833 ssize_t res = 0; 834 835 if (is_bad_inode(inode)) 836 return -EIO; 837 838 do { 839 struct fuse_req *req; 840 ssize_t count; 841 842 req = fuse_get_req(fc); 843 if (IS_ERR(req)) { 844 err = PTR_ERR(req); 845 break; 846 } 847 848 count = fuse_fill_write_pages(req, mapping, ii, pos); 849 if (count <= 0) { 850 err = count; 851 } else { 852 size_t num_written; 853 854 num_written = fuse_send_write_pages(req, file, inode, 855 pos, count); 856 err = req->out.h.error; 857 if (!err) { 858 res += num_written; 859 pos += num_written; 860 861 /* break out of the loop on short write */ 862 if (num_written != count) 863 err = -EIO; 864 } 865 } 866 fuse_put_request(fc, req); 867 } while (!err && iov_iter_count(ii)); 868 869 if (res > 0) 870 fuse_write_update_size(inode, pos); 871 872 fuse_invalidate_attr(inode); 873 874 return res > 0 ? res : err; 875 } 876 877 static ssize_t fuse_file_aio_write(struct kiocb *iocb, const struct iovec *iov, 878 unsigned long nr_segs, loff_t pos) 879 { 880 struct file *file = iocb->ki_filp; 881 struct address_space *mapping = file->f_mapping; 882 size_t count = 0; 883 ssize_t written = 0; 884 struct inode *inode = mapping->host; 885 ssize_t err; 886 struct iov_iter i; 887 888 WARN_ON(iocb->ki_pos != pos); 889 890 err = generic_segment_checks(iov, &nr_segs, &count, VERIFY_READ); 891 if (err) 892 return err; 893 894 mutex_lock(&inode->i_mutex); 895 vfs_check_frozen(inode->i_sb, SB_FREEZE_WRITE); 896 897 /* We can write back this queue in page reclaim */ 898 current->backing_dev_info = mapping->backing_dev_info; 899 900 err = generic_write_checks(file, &pos, &count, S_ISBLK(inode->i_mode)); 901 if (err) 902 goto out; 903 904 if (count == 0) 905 goto out; 906 907 err = file_remove_suid(file); 908 if (err) 909 goto out; 910 911 file_update_time(file); 912 913 iov_iter_init(&i, iov, nr_segs, count, 0); 914 written = fuse_perform_write(file, mapping, &i, pos); 915 if (written >= 0) 916 iocb->ki_pos = pos + written; 917 918 out: 919 current->backing_dev_info = NULL; 920 mutex_unlock(&inode->i_mutex); 921 922 return written ? written : err; 923 } 924 925 static void fuse_release_user_pages(struct fuse_req *req, int write) 926 { 927 unsigned i; 928 929 for (i = 0; i < req->num_pages; i++) { 930 struct page *page = req->pages[i]; 931 if (write) 932 set_page_dirty_lock(page); 933 put_page(page); 934 } 935 } 936 937 static int fuse_get_user_pages(struct fuse_req *req, const char __user *buf, 938 unsigned nbytes, int write) 939 { 940 unsigned long user_addr = (unsigned long) buf; 941 unsigned offset = user_addr & ~PAGE_MASK; 942 int npages; 943 944 /* This doesn't work with nfsd */ 945 if (!current->mm) 946 return -EPERM; 947 948 nbytes = min(nbytes, (unsigned) FUSE_MAX_PAGES_PER_REQ << PAGE_SHIFT); 949 npages = (nbytes + offset + PAGE_SIZE - 1) >> PAGE_SHIFT; 950 npages = clamp(npages, 1, FUSE_MAX_PAGES_PER_REQ); 951 down_read(¤t->mm->mmap_sem); 952 npages = get_user_pages(current, current->mm, user_addr, npages, write, 953 0, req->pages, NULL); 954 up_read(¤t->mm->mmap_sem); 955 if (npages < 0) 956 return npages; 957 958 req->num_pages = npages; 959 req->page_offset = offset; 960 return 0; 961 } 962 963 static ssize_t fuse_direct_io(struct file *file, const char __user *buf, 964 size_t count, loff_t *ppos, int write) 965 { 966 struct inode *inode = file->f_path.dentry->d_inode; 967 struct fuse_conn *fc = get_fuse_conn(inode); 968 size_t nmax = write ? fc->max_write : fc->max_read; 969 loff_t pos = *ppos; 970 ssize_t res = 0; 971 struct fuse_req *req; 972 973 if (is_bad_inode(inode)) 974 return -EIO; 975 976 req = fuse_get_req(fc); 977 if (IS_ERR(req)) 978 return PTR_ERR(req); 979 980 while (count) { 981 size_t nres; 982 size_t nbytes_limit = min(count, nmax); 983 size_t nbytes; 984 int err = fuse_get_user_pages(req, buf, nbytes_limit, !write); 985 if (err) { 986 res = err; 987 break; 988 } 989 nbytes = (req->num_pages << PAGE_SHIFT) - req->page_offset; 990 nbytes = min(nbytes_limit, nbytes); 991 if (write) 992 nres = fuse_send_write(req, file, inode, pos, nbytes, 993 current->files); 994 else 995 nres = fuse_send_read(req, file, inode, pos, nbytes, 996 current->files); 997 fuse_release_user_pages(req, !write); 998 if (req->out.h.error) { 999 if (!res) 1000 res = req->out.h.error; 1001 break; 1002 } else if (nres > nbytes) { 1003 res = -EIO; 1004 break; 1005 } 1006 count -= nres; 1007 res += nres; 1008 pos += nres; 1009 buf += nres; 1010 if (nres != nbytes) 1011 break; 1012 if (count) { 1013 fuse_put_request(fc, req); 1014 req = fuse_get_req(fc); 1015 if (IS_ERR(req)) 1016 break; 1017 } 1018 } 1019 fuse_put_request(fc, req); 1020 if (res > 0) { 1021 if (write) 1022 fuse_write_update_size(inode, pos); 1023 *ppos = pos; 1024 } 1025 fuse_invalidate_attr(inode); 1026 1027 return res; 1028 } 1029 1030 static ssize_t fuse_direct_read(struct file *file, char __user *buf, 1031 size_t count, loff_t *ppos) 1032 { 1033 return fuse_direct_io(file, buf, count, ppos, 0); 1034 } 1035 1036 static ssize_t fuse_direct_write(struct file *file, const char __user *buf, 1037 size_t count, loff_t *ppos) 1038 { 1039 struct inode *inode = file->f_path.dentry->d_inode; 1040 ssize_t res; 1041 /* Don't allow parallel writes to the same file */ 1042 mutex_lock(&inode->i_mutex); 1043 res = generic_write_checks(file, ppos, &count, 0); 1044 if (!res) 1045 res = fuse_direct_io(file, buf, count, ppos, 1); 1046 mutex_unlock(&inode->i_mutex); 1047 return res; 1048 } 1049 1050 static void fuse_writepage_free(struct fuse_conn *fc, struct fuse_req *req) 1051 { 1052 __free_page(req->pages[0]); 1053 fuse_file_put(req->ff); 1054 } 1055 1056 static void fuse_writepage_finish(struct fuse_conn *fc, struct fuse_req *req) 1057 { 1058 struct inode *inode = req->inode; 1059 struct fuse_inode *fi = get_fuse_inode(inode); 1060 struct backing_dev_info *bdi = inode->i_mapping->backing_dev_info; 1061 1062 list_del(&req->writepages_entry); 1063 dec_bdi_stat(bdi, BDI_WRITEBACK); 1064 dec_zone_page_state(req->pages[0], NR_WRITEBACK_TEMP); 1065 bdi_writeout_inc(bdi); 1066 wake_up(&fi->page_waitq); 1067 } 1068 1069 /* Called under fc->lock, may release and reacquire it */ 1070 static void fuse_send_writepage(struct fuse_conn *fc, struct fuse_req *req) 1071 __releases(&fc->lock) 1072 __acquires(&fc->lock) 1073 { 1074 struct fuse_inode *fi = get_fuse_inode(req->inode); 1075 loff_t size = i_size_read(req->inode); 1076 struct fuse_write_in *inarg = &req->misc.write.in; 1077 1078 if (!fc->connected) 1079 goto out_free; 1080 1081 if (inarg->offset + PAGE_CACHE_SIZE <= size) { 1082 inarg->size = PAGE_CACHE_SIZE; 1083 } else if (inarg->offset < size) { 1084 inarg->size = size & (PAGE_CACHE_SIZE - 1); 1085 } else { 1086 /* Got truncated off completely */ 1087 goto out_free; 1088 } 1089 1090 req->in.args[1].size = inarg->size; 1091 fi->writectr++; 1092 fuse_request_send_background_locked(fc, req); 1093 return; 1094 1095 out_free: 1096 fuse_writepage_finish(fc, req); 1097 spin_unlock(&fc->lock); 1098 fuse_writepage_free(fc, req); 1099 fuse_put_request(fc, req); 1100 spin_lock(&fc->lock); 1101 } 1102 1103 /* 1104 * If fi->writectr is positive (no truncate or fsync going on) send 1105 * all queued writepage requests. 1106 * 1107 * Called with fc->lock 1108 */ 1109 void fuse_flush_writepages(struct inode *inode) 1110 __releases(&fc->lock) 1111 __acquires(&fc->lock) 1112 { 1113 struct fuse_conn *fc = get_fuse_conn(inode); 1114 struct fuse_inode *fi = get_fuse_inode(inode); 1115 struct fuse_req *req; 1116 1117 while (fi->writectr >= 0 && !list_empty(&fi->queued_writes)) { 1118 req = list_entry(fi->queued_writes.next, struct fuse_req, list); 1119 list_del_init(&req->list); 1120 fuse_send_writepage(fc, req); 1121 } 1122 } 1123 1124 static void fuse_writepage_end(struct fuse_conn *fc, struct fuse_req *req) 1125 { 1126 struct inode *inode = req->inode; 1127 struct fuse_inode *fi = get_fuse_inode(inode); 1128 1129 mapping_set_error(inode->i_mapping, req->out.h.error); 1130 spin_lock(&fc->lock); 1131 fi->writectr--; 1132 fuse_writepage_finish(fc, req); 1133 spin_unlock(&fc->lock); 1134 fuse_writepage_free(fc, req); 1135 } 1136 1137 static int fuse_writepage_locked(struct page *page) 1138 { 1139 struct address_space *mapping = page->mapping; 1140 struct inode *inode = mapping->host; 1141 struct fuse_conn *fc = get_fuse_conn(inode); 1142 struct fuse_inode *fi = get_fuse_inode(inode); 1143 struct fuse_req *req; 1144 struct fuse_file *ff; 1145 struct page *tmp_page; 1146 1147 set_page_writeback(page); 1148 1149 req = fuse_request_alloc_nofs(); 1150 if (!req) 1151 goto err; 1152 1153 tmp_page = alloc_page(GFP_NOFS | __GFP_HIGHMEM); 1154 if (!tmp_page) 1155 goto err_free; 1156 1157 spin_lock(&fc->lock); 1158 BUG_ON(list_empty(&fi->write_files)); 1159 ff = list_entry(fi->write_files.next, struct fuse_file, write_entry); 1160 req->ff = fuse_file_get(ff); 1161 spin_unlock(&fc->lock); 1162 1163 fuse_write_fill(req, NULL, ff, inode, page_offset(page), 0, 1); 1164 1165 copy_highpage(tmp_page, page); 1166 req->num_pages = 1; 1167 req->pages[0] = tmp_page; 1168 req->page_offset = 0; 1169 req->end = fuse_writepage_end; 1170 req->inode = inode; 1171 1172 inc_bdi_stat(mapping->backing_dev_info, BDI_WRITEBACK); 1173 inc_zone_page_state(tmp_page, NR_WRITEBACK_TEMP); 1174 end_page_writeback(page); 1175 1176 spin_lock(&fc->lock); 1177 list_add(&req->writepages_entry, &fi->writepages); 1178 list_add_tail(&req->list, &fi->queued_writes); 1179 fuse_flush_writepages(inode); 1180 spin_unlock(&fc->lock); 1181 1182 return 0; 1183 1184 err_free: 1185 fuse_request_free(req); 1186 err: 1187 end_page_writeback(page); 1188 return -ENOMEM; 1189 } 1190 1191 static int fuse_writepage(struct page *page, struct writeback_control *wbc) 1192 { 1193 int err; 1194 1195 err = fuse_writepage_locked(page); 1196 unlock_page(page); 1197 1198 return err; 1199 } 1200 1201 static int fuse_launder_page(struct page *page) 1202 { 1203 int err = 0; 1204 if (clear_page_dirty_for_io(page)) { 1205 struct inode *inode = page->mapping->host; 1206 err = fuse_writepage_locked(page); 1207 if (!err) 1208 fuse_wait_on_page_writeback(inode, page->index); 1209 } 1210 return err; 1211 } 1212 1213 /* 1214 * Write back dirty pages now, because there may not be any suitable 1215 * open files later 1216 */ 1217 static void fuse_vma_close(struct vm_area_struct *vma) 1218 { 1219 filemap_write_and_wait(vma->vm_file->f_mapping); 1220 } 1221 1222 /* 1223 * Wait for writeback against this page to complete before allowing it 1224 * to be marked dirty again, and hence written back again, possibly 1225 * before the previous writepage completed. 1226 * 1227 * Block here, instead of in ->writepage(), so that the userspace fs 1228 * can only block processes actually operating on the filesystem. 1229 * 1230 * Otherwise unprivileged userspace fs would be able to block 1231 * unrelated: 1232 * 1233 * - page migration 1234 * - sync(2) 1235 * - try_to_free_pages() with order > PAGE_ALLOC_COSTLY_ORDER 1236 */ 1237 static int fuse_page_mkwrite(struct vm_area_struct *vma, struct page *page) 1238 { 1239 /* 1240 * Don't use page->mapping as it may become NULL from a 1241 * concurrent truncate. 1242 */ 1243 struct inode *inode = vma->vm_file->f_mapping->host; 1244 1245 fuse_wait_on_page_writeback(inode, page->index); 1246 return 0; 1247 } 1248 1249 static struct vm_operations_struct fuse_file_vm_ops = { 1250 .close = fuse_vma_close, 1251 .fault = filemap_fault, 1252 .page_mkwrite = fuse_page_mkwrite, 1253 }; 1254 1255 static int fuse_file_mmap(struct file *file, struct vm_area_struct *vma) 1256 { 1257 if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_MAYWRITE)) { 1258 struct inode *inode = file->f_dentry->d_inode; 1259 struct fuse_conn *fc = get_fuse_conn(inode); 1260 struct fuse_inode *fi = get_fuse_inode(inode); 1261 struct fuse_file *ff = file->private_data; 1262 /* 1263 * file may be written through mmap, so chain it onto the 1264 * inodes's write_file list 1265 */ 1266 spin_lock(&fc->lock); 1267 if (list_empty(&ff->write_entry)) 1268 list_add(&ff->write_entry, &fi->write_files); 1269 spin_unlock(&fc->lock); 1270 } 1271 file_accessed(file); 1272 vma->vm_ops = &fuse_file_vm_ops; 1273 return 0; 1274 } 1275 1276 static int convert_fuse_file_lock(const struct fuse_file_lock *ffl, 1277 struct file_lock *fl) 1278 { 1279 switch (ffl->type) { 1280 case F_UNLCK: 1281 break; 1282 1283 case F_RDLCK: 1284 case F_WRLCK: 1285 if (ffl->start > OFFSET_MAX || ffl->end > OFFSET_MAX || 1286 ffl->end < ffl->start) 1287 return -EIO; 1288 1289 fl->fl_start = ffl->start; 1290 fl->fl_end = ffl->end; 1291 fl->fl_pid = ffl->pid; 1292 break; 1293 1294 default: 1295 return -EIO; 1296 } 1297 fl->fl_type = ffl->type; 1298 return 0; 1299 } 1300 1301 static void fuse_lk_fill(struct fuse_req *req, struct file *file, 1302 const struct file_lock *fl, int opcode, pid_t pid, 1303 int flock) 1304 { 1305 struct inode *inode = file->f_path.dentry->d_inode; 1306 struct fuse_conn *fc = get_fuse_conn(inode); 1307 struct fuse_file *ff = file->private_data; 1308 struct fuse_lk_in *arg = &req->misc.lk_in; 1309 1310 arg->fh = ff->fh; 1311 arg->owner = fuse_lock_owner_id(fc, fl->fl_owner); 1312 arg->lk.start = fl->fl_start; 1313 arg->lk.end = fl->fl_end; 1314 arg->lk.type = fl->fl_type; 1315 arg->lk.pid = pid; 1316 if (flock) 1317 arg->lk_flags |= FUSE_LK_FLOCK; 1318 req->in.h.opcode = opcode; 1319 req->in.h.nodeid = get_node_id(inode); 1320 req->in.numargs = 1; 1321 req->in.args[0].size = sizeof(*arg); 1322 req->in.args[0].value = arg; 1323 } 1324 1325 static int fuse_getlk(struct file *file, struct file_lock *fl) 1326 { 1327 struct inode *inode = file->f_path.dentry->d_inode; 1328 struct fuse_conn *fc = get_fuse_conn(inode); 1329 struct fuse_req *req; 1330 struct fuse_lk_out outarg; 1331 int err; 1332 1333 req = fuse_get_req(fc); 1334 if (IS_ERR(req)) 1335 return PTR_ERR(req); 1336 1337 fuse_lk_fill(req, file, fl, FUSE_GETLK, 0, 0); 1338 req->out.numargs = 1; 1339 req->out.args[0].size = sizeof(outarg); 1340 req->out.args[0].value = &outarg; 1341 fuse_request_send(fc, req); 1342 err = req->out.h.error; 1343 fuse_put_request(fc, req); 1344 if (!err) 1345 err = convert_fuse_file_lock(&outarg.lk, fl); 1346 1347 return err; 1348 } 1349 1350 static int fuse_setlk(struct file *file, struct file_lock *fl, int flock) 1351 { 1352 struct inode *inode = file->f_path.dentry->d_inode; 1353 struct fuse_conn *fc = get_fuse_conn(inode); 1354 struct fuse_req *req; 1355 int opcode = (fl->fl_flags & FL_SLEEP) ? FUSE_SETLKW : FUSE_SETLK; 1356 pid_t pid = fl->fl_type != F_UNLCK ? current->tgid : 0; 1357 int err; 1358 1359 if (fl->fl_lmops && fl->fl_lmops->fl_grant) { 1360 /* NLM needs asynchronous locks, which we don't support yet */ 1361 return -ENOLCK; 1362 } 1363 1364 /* Unlock on close is handled by the flush method */ 1365 if (fl->fl_flags & FL_CLOSE) 1366 return 0; 1367 1368 req = fuse_get_req(fc); 1369 if (IS_ERR(req)) 1370 return PTR_ERR(req); 1371 1372 fuse_lk_fill(req, file, fl, opcode, pid, flock); 1373 fuse_request_send(fc, req); 1374 err = req->out.h.error; 1375 /* locking is restartable */ 1376 if (err == -EINTR) 1377 err = -ERESTARTSYS; 1378 fuse_put_request(fc, req); 1379 return err; 1380 } 1381 1382 static int fuse_file_lock(struct file *file, int cmd, struct file_lock *fl) 1383 { 1384 struct inode *inode = file->f_path.dentry->d_inode; 1385 struct fuse_conn *fc = get_fuse_conn(inode); 1386 int err; 1387 1388 if (cmd == F_CANCELLK) { 1389 err = 0; 1390 } else if (cmd == F_GETLK) { 1391 if (fc->no_lock) { 1392 posix_test_lock(file, fl); 1393 err = 0; 1394 } else 1395 err = fuse_getlk(file, fl); 1396 } else { 1397 if (fc->no_lock) 1398 err = posix_lock_file(file, fl, NULL); 1399 else 1400 err = fuse_setlk(file, fl, 0); 1401 } 1402 return err; 1403 } 1404 1405 static int fuse_file_flock(struct file *file, int cmd, struct file_lock *fl) 1406 { 1407 struct inode *inode = file->f_path.dentry->d_inode; 1408 struct fuse_conn *fc = get_fuse_conn(inode); 1409 int err; 1410 1411 if (fc->no_lock) { 1412 err = flock_lock_file_wait(file, fl); 1413 } else { 1414 /* emulate flock with POSIX locks */ 1415 fl->fl_owner = (fl_owner_t) file; 1416 err = fuse_setlk(file, fl, 1); 1417 } 1418 1419 return err; 1420 } 1421 1422 static sector_t fuse_bmap(struct address_space *mapping, sector_t block) 1423 { 1424 struct inode *inode = mapping->host; 1425 struct fuse_conn *fc = get_fuse_conn(inode); 1426 struct fuse_req *req; 1427 struct fuse_bmap_in inarg; 1428 struct fuse_bmap_out outarg; 1429 int err; 1430 1431 if (!inode->i_sb->s_bdev || fc->no_bmap) 1432 return 0; 1433 1434 req = fuse_get_req(fc); 1435 if (IS_ERR(req)) 1436 return 0; 1437 1438 memset(&inarg, 0, sizeof(inarg)); 1439 inarg.block = block; 1440 inarg.blocksize = inode->i_sb->s_blocksize; 1441 req->in.h.opcode = FUSE_BMAP; 1442 req->in.h.nodeid = get_node_id(inode); 1443 req->in.numargs = 1; 1444 req->in.args[0].size = sizeof(inarg); 1445 req->in.args[0].value = &inarg; 1446 req->out.numargs = 1; 1447 req->out.args[0].size = sizeof(outarg); 1448 req->out.args[0].value = &outarg; 1449 fuse_request_send(fc, req); 1450 err = req->out.h.error; 1451 fuse_put_request(fc, req); 1452 if (err == -ENOSYS) 1453 fc->no_bmap = 1; 1454 1455 return err ? 0 : outarg.block; 1456 } 1457 1458 static loff_t fuse_file_llseek(struct file *file, loff_t offset, int origin) 1459 { 1460 loff_t retval; 1461 struct inode *inode = file->f_path.dentry->d_inode; 1462 1463 mutex_lock(&inode->i_mutex); 1464 switch (origin) { 1465 case SEEK_END: 1466 retval = fuse_update_attributes(inode, NULL, file, NULL); 1467 if (retval) 1468 return retval; 1469 offset += i_size_read(inode); 1470 break; 1471 case SEEK_CUR: 1472 offset += file->f_pos; 1473 } 1474 retval = -EINVAL; 1475 if (offset >= 0 && offset <= inode->i_sb->s_maxbytes) { 1476 if (offset != file->f_pos) { 1477 file->f_pos = offset; 1478 file->f_version = 0; 1479 } 1480 retval = offset; 1481 } 1482 mutex_unlock(&inode->i_mutex); 1483 return retval; 1484 } 1485 1486 static int fuse_ioctl_copy_user(struct page **pages, struct iovec *iov, 1487 unsigned int nr_segs, size_t bytes, bool to_user) 1488 { 1489 struct iov_iter ii; 1490 int page_idx = 0; 1491 1492 if (!bytes) 1493 return 0; 1494 1495 iov_iter_init(&ii, iov, nr_segs, bytes, 0); 1496 1497 while (iov_iter_count(&ii)) { 1498 struct page *page = pages[page_idx++]; 1499 size_t todo = min_t(size_t, PAGE_SIZE, iov_iter_count(&ii)); 1500 void *kaddr, *map; 1501 1502 kaddr = map = kmap(page); 1503 1504 while (todo) { 1505 char __user *uaddr = ii.iov->iov_base + ii.iov_offset; 1506 size_t iov_len = ii.iov->iov_len - ii.iov_offset; 1507 size_t copy = min(todo, iov_len); 1508 size_t left; 1509 1510 if (!to_user) 1511 left = copy_from_user(kaddr, uaddr, copy); 1512 else 1513 left = copy_to_user(uaddr, kaddr, copy); 1514 1515 if (unlikely(left)) 1516 return -EFAULT; 1517 1518 iov_iter_advance(&ii, copy); 1519 todo -= copy; 1520 kaddr += copy; 1521 } 1522 1523 kunmap(map); 1524 } 1525 1526 return 0; 1527 } 1528 1529 /* 1530 * For ioctls, there is no generic way to determine how much memory 1531 * needs to be read and/or written. Furthermore, ioctls are allowed 1532 * to dereference the passed pointer, so the parameter requires deep 1533 * copying but FUSE has no idea whatsoever about what to copy in or 1534 * out. 1535 * 1536 * This is solved by allowing FUSE server to retry ioctl with 1537 * necessary in/out iovecs. Let's assume the ioctl implementation 1538 * needs to read in the following structure. 1539 * 1540 * struct a { 1541 * char *buf; 1542 * size_t buflen; 1543 * } 1544 * 1545 * On the first callout to FUSE server, inarg->in_size and 1546 * inarg->out_size will be NULL; then, the server completes the ioctl 1547 * with FUSE_IOCTL_RETRY set in out->flags, out->in_iovs set to 1 and 1548 * the actual iov array to 1549 * 1550 * { { .iov_base = inarg.arg, .iov_len = sizeof(struct a) } } 1551 * 1552 * which tells FUSE to copy in the requested area and retry the ioctl. 1553 * On the second round, the server has access to the structure and 1554 * from that it can tell what to look for next, so on the invocation, 1555 * it sets FUSE_IOCTL_RETRY, out->in_iovs to 2 and iov array to 1556 * 1557 * { { .iov_base = inarg.arg, .iov_len = sizeof(struct a) }, 1558 * { .iov_base = a.buf, .iov_len = a.buflen } } 1559 * 1560 * FUSE will copy both struct a and the pointed buffer from the 1561 * process doing the ioctl and retry ioctl with both struct a and the 1562 * buffer. 1563 * 1564 * This time, FUSE server has everything it needs and completes ioctl 1565 * without FUSE_IOCTL_RETRY which finishes the ioctl call. 1566 * 1567 * Copying data out works the same way. 1568 * 1569 * Note that if FUSE_IOCTL_UNRESTRICTED is clear, the kernel 1570 * automatically initializes in and out iovs by decoding @cmd with 1571 * _IOC_* macros and the server is not allowed to request RETRY. This 1572 * limits ioctl data transfers to well-formed ioctls and is the forced 1573 * behavior for all FUSE servers. 1574 */ 1575 static long fuse_file_do_ioctl(struct file *file, unsigned int cmd, 1576 unsigned long arg, unsigned int flags) 1577 { 1578 struct inode *inode = file->f_dentry->d_inode; 1579 struct fuse_file *ff = file->private_data; 1580 struct fuse_conn *fc = get_fuse_conn(inode); 1581 struct fuse_ioctl_in inarg = { 1582 .fh = ff->fh, 1583 .cmd = cmd, 1584 .arg = arg, 1585 .flags = flags 1586 }; 1587 struct fuse_ioctl_out outarg; 1588 struct fuse_req *req = NULL; 1589 struct page **pages = NULL; 1590 struct page *iov_page = NULL; 1591 struct iovec *in_iov = NULL, *out_iov = NULL; 1592 unsigned int in_iovs = 0, out_iovs = 0, num_pages = 0, max_pages; 1593 size_t in_size, out_size, transferred; 1594 int err; 1595 1596 /* assume all the iovs returned by client always fits in a page */ 1597 BUILD_BUG_ON(sizeof(struct iovec) * FUSE_IOCTL_MAX_IOV > PAGE_SIZE); 1598 1599 if (!fuse_allow_task(fc, current)) 1600 return -EACCES; 1601 1602 err = -EIO; 1603 if (is_bad_inode(inode)) 1604 goto out; 1605 1606 err = -ENOMEM; 1607 pages = kzalloc(sizeof(pages[0]) * FUSE_MAX_PAGES_PER_REQ, GFP_KERNEL); 1608 iov_page = alloc_page(GFP_KERNEL); 1609 if (!pages || !iov_page) 1610 goto out; 1611 1612 /* 1613 * If restricted, initialize IO parameters as encoded in @cmd. 1614 * RETRY from server is not allowed. 1615 */ 1616 if (!(flags & FUSE_IOCTL_UNRESTRICTED)) { 1617 struct iovec *iov = page_address(iov_page); 1618 1619 iov->iov_base = (void __user *)arg; 1620 iov->iov_len = _IOC_SIZE(cmd); 1621 1622 if (_IOC_DIR(cmd) & _IOC_WRITE) { 1623 in_iov = iov; 1624 in_iovs = 1; 1625 } 1626 1627 if (_IOC_DIR(cmd) & _IOC_READ) { 1628 out_iov = iov; 1629 out_iovs = 1; 1630 } 1631 } 1632 1633 retry: 1634 inarg.in_size = in_size = iov_length(in_iov, in_iovs); 1635 inarg.out_size = out_size = iov_length(out_iov, out_iovs); 1636 1637 /* 1638 * Out data can be used either for actual out data or iovs, 1639 * make sure there always is at least one page. 1640 */ 1641 out_size = max_t(size_t, out_size, PAGE_SIZE); 1642 max_pages = DIV_ROUND_UP(max(in_size, out_size), PAGE_SIZE); 1643 1644 /* make sure there are enough buffer pages and init request with them */ 1645 err = -ENOMEM; 1646 if (max_pages > FUSE_MAX_PAGES_PER_REQ) 1647 goto out; 1648 while (num_pages < max_pages) { 1649 pages[num_pages] = alloc_page(GFP_KERNEL | __GFP_HIGHMEM); 1650 if (!pages[num_pages]) 1651 goto out; 1652 num_pages++; 1653 } 1654 1655 req = fuse_get_req(fc); 1656 if (IS_ERR(req)) { 1657 err = PTR_ERR(req); 1658 req = NULL; 1659 goto out; 1660 } 1661 memcpy(req->pages, pages, sizeof(req->pages[0]) * num_pages); 1662 req->num_pages = num_pages; 1663 1664 /* okay, let's send it to the client */ 1665 req->in.h.opcode = FUSE_IOCTL; 1666 req->in.h.nodeid = get_node_id(inode); 1667 req->in.numargs = 1; 1668 req->in.args[0].size = sizeof(inarg); 1669 req->in.args[0].value = &inarg; 1670 if (in_size) { 1671 req->in.numargs++; 1672 req->in.args[1].size = in_size; 1673 req->in.argpages = 1; 1674 1675 err = fuse_ioctl_copy_user(pages, in_iov, in_iovs, in_size, 1676 false); 1677 if (err) 1678 goto out; 1679 } 1680 1681 req->out.numargs = 2; 1682 req->out.args[0].size = sizeof(outarg); 1683 req->out.args[0].value = &outarg; 1684 req->out.args[1].size = out_size; 1685 req->out.argpages = 1; 1686 req->out.argvar = 1; 1687 1688 fuse_request_send(fc, req); 1689 err = req->out.h.error; 1690 transferred = req->out.args[1].size; 1691 fuse_put_request(fc, req); 1692 req = NULL; 1693 if (err) 1694 goto out; 1695 1696 /* did it ask for retry? */ 1697 if (outarg.flags & FUSE_IOCTL_RETRY) { 1698 char *vaddr; 1699 1700 /* no retry if in restricted mode */ 1701 err = -EIO; 1702 if (!(flags & FUSE_IOCTL_UNRESTRICTED)) 1703 goto out; 1704 1705 in_iovs = outarg.in_iovs; 1706 out_iovs = outarg.out_iovs; 1707 1708 /* 1709 * Make sure things are in boundary, separate checks 1710 * are to protect against overflow. 1711 */ 1712 err = -ENOMEM; 1713 if (in_iovs > FUSE_IOCTL_MAX_IOV || 1714 out_iovs > FUSE_IOCTL_MAX_IOV || 1715 in_iovs + out_iovs > FUSE_IOCTL_MAX_IOV) 1716 goto out; 1717 1718 err = -EIO; 1719 if ((in_iovs + out_iovs) * sizeof(struct iovec) != transferred) 1720 goto out; 1721 1722 /* okay, copy in iovs and retry */ 1723 vaddr = kmap_atomic(pages[0], KM_USER0); 1724 memcpy(page_address(iov_page), vaddr, transferred); 1725 kunmap_atomic(vaddr, KM_USER0); 1726 1727 in_iov = page_address(iov_page); 1728 out_iov = in_iov + in_iovs; 1729 1730 goto retry; 1731 } 1732 1733 err = -EIO; 1734 if (transferred > inarg.out_size) 1735 goto out; 1736 1737 err = fuse_ioctl_copy_user(pages, out_iov, out_iovs, transferred, true); 1738 out: 1739 if (req) 1740 fuse_put_request(fc, req); 1741 if (iov_page) 1742 __free_page(iov_page); 1743 while (num_pages) 1744 __free_page(pages[--num_pages]); 1745 kfree(pages); 1746 1747 return err ? err : outarg.result; 1748 } 1749 1750 static long fuse_file_ioctl(struct file *file, unsigned int cmd, 1751 unsigned long arg) 1752 { 1753 return fuse_file_do_ioctl(file, cmd, arg, 0); 1754 } 1755 1756 static long fuse_file_compat_ioctl(struct file *file, unsigned int cmd, 1757 unsigned long arg) 1758 { 1759 return fuse_file_do_ioctl(file, cmd, arg, FUSE_IOCTL_COMPAT); 1760 } 1761 1762 /* 1763 * All files which have been polled are linked to RB tree 1764 * fuse_conn->polled_files which is indexed by kh. Walk the tree and 1765 * find the matching one. 1766 */ 1767 static struct rb_node **fuse_find_polled_node(struct fuse_conn *fc, u64 kh, 1768 struct rb_node **parent_out) 1769 { 1770 struct rb_node **link = &fc->polled_files.rb_node; 1771 struct rb_node *last = NULL; 1772 1773 while (*link) { 1774 struct fuse_file *ff; 1775 1776 last = *link; 1777 ff = rb_entry(last, struct fuse_file, polled_node); 1778 1779 if (kh < ff->kh) 1780 link = &last->rb_left; 1781 else if (kh > ff->kh) 1782 link = &last->rb_right; 1783 else 1784 return link; 1785 } 1786 1787 if (parent_out) 1788 *parent_out = last; 1789 return link; 1790 } 1791 1792 /* 1793 * The file is about to be polled. Make sure it's on the polled_files 1794 * RB tree. Note that files once added to the polled_files tree are 1795 * not removed before the file is released. This is because a file 1796 * polled once is likely to be polled again. 1797 */ 1798 static void fuse_register_polled_file(struct fuse_conn *fc, 1799 struct fuse_file *ff) 1800 { 1801 spin_lock(&fc->lock); 1802 if (RB_EMPTY_NODE(&ff->polled_node)) { 1803 struct rb_node **link, *parent; 1804 1805 link = fuse_find_polled_node(fc, ff->kh, &parent); 1806 BUG_ON(*link); 1807 rb_link_node(&ff->polled_node, parent, link); 1808 rb_insert_color(&ff->polled_node, &fc->polled_files); 1809 } 1810 spin_unlock(&fc->lock); 1811 } 1812 1813 static unsigned fuse_file_poll(struct file *file, poll_table *wait) 1814 { 1815 struct inode *inode = file->f_dentry->d_inode; 1816 struct fuse_file *ff = file->private_data; 1817 struct fuse_conn *fc = get_fuse_conn(inode); 1818 struct fuse_poll_in inarg = { .fh = ff->fh, .kh = ff->kh }; 1819 struct fuse_poll_out outarg; 1820 struct fuse_req *req; 1821 int err; 1822 1823 if (fc->no_poll) 1824 return DEFAULT_POLLMASK; 1825 1826 poll_wait(file, &ff->poll_wait, wait); 1827 1828 /* 1829 * Ask for notification iff there's someone waiting for it. 1830 * The client may ignore the flag and always notify. 1831 */ 1832 if (waitqueue_active(&ff->poll_wait)) { 1833 inarg.flags |= FUSE_POLL_SCHEDULE_NOTIFY; 1834 fuse_register_polled_file(fc, ff); 1835 } 1836 1837 req = fuse_get_req(fc); 1838 if (IS_ERR(req)) 1839 return PTR_ERR(req); 1840 1841 req->in.h.opcode = FUSE_POLL; 1842 req->in.h.nodeid = get_node_id(inode); 1843 req->in.numargs = 1; 1844 req->in.args[0].size = sizeof(inarg); 1845 req->in.args[0].value = &inarg; 1846 req->out.numargs = 1; 1847 req->out.args[0].size = sizeof(outarg); 1848 req->out.args[0].value = &outarg; 1849 fuse_request_send(fc, req); 1850 err = req->out.h.error; 1851 fuse_put_request(fc, req); 1852 1853 if (!err) 1854 return outarg.revents; 1855 if (err == -ENOSYS) { 1856 fc->no_poll = 1; 1857 return DEFAULT_POLLMASK; 1858 } 1859 return POLLERR; 1860 } 1861 1862 /* 1863 * This is called from fuse_handle_notify() on FUSE_NOTIFY_POLL and 1864 * wakes up the poll waiters. 1865 */ 1866 int fuse_notify_poll_wakeup(struct fuse_conn *fc, 1867 struct fuse_notify_poll_wakeup_out *outarg) 1868 { 1869 u64 kh = outarg->kh; 1870 struct rb_node **link; 1871 1872 spin_lock(&fc->lock); 1873 1874 link = fuse_find_polled_node(fc, kh, NULL); 1875 if (*link) { 1876 struct fuse_file *ff; 1877 1878 ff = rb_entry(*link, struct fuse_file, polled_node); 1879 wake_up_interruptible_sync(&ff->poll_wait); 1880 } 1881 1882 spin_unlock(&fc->lock); 1883 return 0; 1884 } 1885 1886 static const struct file_operations fuse_file_operations = { 1887 .llseek = fuse_file_llseek, 1888 .read = do_sync_read, 1889 .aio_read = fuse_file_aio_read, 1890 .write = do_sync_write, 1891 .aio_write = fuse_file_aio_write, 1892 .mmap = fuse_file_mmap, 1893 .open = fuse_open, 1894 .flush = fuse_flush, 1895 .release = fuse_release, 1896 .fsync = fuse_fsync, 1897 .lock = fuse_file_lock, 1898 .flock = fuse_file_flock, 1899 .splice_read = generic_file_splice_read, 1900 .unlocked_ioctl = fuse_file_ioctl, 1901 .compat_ioctl = fuse_file_compat_ioctl, 1902 .poll = fuse_file_poll, 1903 }; 1904 1905 static const struct file_operations fuse_direct_io_file_operations = { 1906 .llseek = fuse_file_llseek, 1907 .read = fuse_direct_read, 1908 .write = fuse_direct_write, 1909 .open = fuse_open, 1910 .flush = fuse_flush, 1911 .release = fuse_release, 1912 .fsync = fuse_fsync, 1913 .lock = fuse_file_lock, 1914 .flock = fuse_file_flock, 1915 .unlocked_ioctl = fuse_file_ioctl, 1916 .compat_ioctl = fuse_file_compat_ioctl, 1917 .poll = fuse_file_poll, 1918 /* no mmap and splice_read */ 1919 }; 1920 1921 static const struct address_space_operations fuse_file_aops = { 1922 .readpage = fuse_readpage, 1923 .writepage = fuse_writepage, 1924 .launder_page = fuse_launder_page, 1925 .write_begin = fuse_write_begin, 1926 .write_end = fuse_write_end, 1927 .readpages = fuse_readpages, 1928 .set_page_dirty = __set_page_dirty_nobuffers, 1929 .bmap = fuse_bmap, 1930 }; 1931 1932 void fuse_init_file_inode(struct inode *inode) 1933 { 1934 inode->i_fop = &fuse_file_operations; 1935 inode->i_data.a_ops = &fuse_file_aops; 1936 } 1937