search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[PATCH] Kprobes: Fix deadlock in function-return probes
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / fs / fuse / dev.c
blob4526da8907c6d384fefee03b18bd6894558bf459
1 /*
2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2005 Miklos Szeredi <miklos@szeredi.hu>
4
5 This program can be distributed under the terms of the GNU GPL.
6 See the file COPYING.
7 */
8
9 #include "fuse_i.h"
10
11 #include <linux/init.h>
12 #include <linux/module.h>
13 #include <linux/poll.h>
14 #include <linux/uio.h>
15 #include <linux/miscdevice.h>
16 #include <linux/pagemap.h>
17 #include <linux/file.h>
18 #include <linux/slab.h>
19
20 MODULE_ALIAS_MISCDEV(FUSE_MINOR);
21
22 static kmem_cache_t *fuse_req_cachep;
23
24 static struct fuse_conn *fuse_get_conn(struct file *file)
25 {
26 struct fuse_conn *fc;
27 spin_lock(&fuse_lock);
28 fc = file->private_data;
29 if (fc && !fc->connected)
30 fc = NULL;
31 spin_unlock(&fuse_lock);
32 return fc;
33 }
34
35 static void fuse_request_init(struct fuse_req *req)
36 {
37 memset(req, 0, sizeof(*req));
38 INIT_LIST_HEAD(&req->list);
39 init_waitqueue_head(&req->waitq);
40 atomic_set(&req->count, 1);
41 }
42
43 struct fuse_req *fuse_request_alloc(void)
44 {
45 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, SLAB_KERNEL);
46 if (req)
47 fuse_request_init(req);
48 return req;
49 }
50
51 void fuse_request_free(struct fuse_req *req)
52 {
53 kmem_cache_free(fuse_req_cachep, req);
54 }
55
56 static void block_sigs(sigset_t *oldset)
57 {
58 sigset_t mask;
59
60 siginitsetinv(&mask, sigmask(SIGKILL));
61 sigprocmask(SIG_BLOCK, &mask, oldset);
62 }
63
64 static void restore_sigs(sigset_t *oldset)
65 {
66 sigprocmask(SIG_SETMASK, oldset, NULL);
67 }
68
69 void fuse_reset_request(struct fuse_req *req)
70 {
71 int preallocated = req->preallocated;
72 BUG_ON(atomic_read(&req->count) != 1);
73 fuse_request_init(req);
74 req->preallocated = preallocated;
75 }
76
77 static void __fuse_get_request(struct fuse_req *req)
78 {
79 atomic_inc(&req->count);
80 }
81
82 /* Must be called with > 1 refcount */
83 static void __fuse_put_request(struct fuse_req *req)
84 {
85 BUG_ON(atomic_read(&req->count) < 2);
86 atomic_dec(&req->count);
87 }
88
89 static struct fuse_req *do_get_request(struct fuse_conn *fc)
90 {
91 struct fuse_req *req;
92
93 spin_lock(&fuse_lock);
94 BUG_ON(list_empty(&fc->unused_list));
95 req = list_entry(fc->unused_list.next, struct fuse_req, list);
96 list_del_init(&req->list);
97 spin_unlock(&fuse_lock);
98 fuse_request_init(req);
99 req->preallocated = 1;
100 req->in.h.uid = current->fsuid;
101 req->in.h.gid = current->fsgid;
102 req->in.h.pid = current->pid;
103 return req;
104 }
105
106 /* This can return NULL, but only in case it's interrupted by a SIGKILL */
107 struct fuse_req *fuse_get_request(struct fuse_conn *fc)
108 {
109 int intr;
110 sigset_t oldset;
111
112 atomic_inc(&fc->num_waiting);
113 block_sigs(&oldset);
114 intr = down_interruptible(&fc->outstanding_sem);
115 restore_sigs(&oldset);
116 if (intr) {
117 atomic_dec(&fc->num_waiting);
118 return NULL;
119 }
120 return do_get_request(fc);
121 }
122
123 static void fuse_putback_request(struct fuse_conn *fc, struct fuse_req *req)
124 {
125 spin_lock(&fuse_lock);
126 if (req->preallocated) {
127 atomic_dec(&fc->num_waiting);
128 list_add(&req->list, &fc->unused_list);
129 } else
130 fuse_request_free(req);
131
132 /* If we are in debt decrease that first */
133 if (fc->outstanding_debt)
134 fc->outstanding_debt--;
135 else
136 up(&fc->outstanding_sem);
137 spin_unlock(&fuse_lock);
138 }
139
140 void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
141 {
142 if (atomic_dec_and_test(&req->count))
143 fuse_putback_request(fc, req);
144 }
145
146 void fuse_release_background(struct fuse_req *req)
147 {
148 iput(req->inode);
149 iput(req->inode2);
150 if (req->file)
151 fput(req->file);
152 spin_lock(&fuse_lock);
153 list_del(&req->bg_entry);
154 spin_unlock(&fuse_lock);
155 }
156
157 /*
158 * This function is called when a request is finished. Either a reply
159 * has arrived or it was interrupted (and not yet sent) or some error
160 * occurred during communication with userspace, or the device file
161 * was closed. In case of a background request the reference to the
162 * stored objects are released. The requester thread is woken up (if
163 * still waiting), the 'end' callback is called if given, else the
164 * reference to the request is released
165 *
166 * Called with fuse_lock, unlocks it
167 */
168 static void request_end(struct fuse_conn *fc, struct fuse_req *req)
169 {
170 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
171 req->end = NULL;
172 list_del(&req->list);
173 req->state = FUSE_REQ_FINISHED;
174 spin_unlock(&fuse_lock);
175 if (req->background) {
176 down_read(&fc->sbput_sem);
177 if (fc->mounted)
178 fuse_release_background(req);
179 up_read(&fc->sbput_sem);
180 }
181 wake_up(&req->waitq);
182 if (end)
183 end(fc, req);
184 else
185 fuse_put_request(fc, req);
186 }
187
188 /*
189 * Unfortunately request interruption not just solves the deadlock
190 * problem, it causes problems too. These stem from the fact, that an
191 * interrupted request is continued to be processed in userspace,
192 * while all the locks and object references (inode and file) held
193 * during the operation are released.
194 *
195 * To release the locks is exactly why there's a need to interrupt the
196 * request, so there's not a lot that can be done about this, except
197 * introduce additional locking in userspace.
198 *
199 * More important is to keep inode and file references until userspace
200 * has replied, otherwise FORGET and RELEASE could be sent while the
201 * inode/file is still used by the filesystem.
202 *
203 * For this reason the concept of "background" request is introduced.
204 * An interrupted request is backgrounded if it has been already sent
205 * to userspace. Backgrounding involves getting an extra reference to
206 * inode(s) or file used in the request, and adding the request to
207 * fc->background list. When a reply is received for a background
208 * request, the object references are released, and the request is
209 * removed from the list. If the filesystem is unmounted while there
210 * are still background requests, the list is walked and references
211 * are released as if a reply was received.
212 *
213 * There's one more use for a background request. The RELEASE message is
214 * always sent as background, since it doesn't return an error or
215 * data.
216 */
217 static void background_request(struct fuse_conn *fc, struct fuse_req *req)
218 {
219 req->background = 1;
220 list_add(&req->bg_entry, &fc->background);
221 if (req->inode)
222 req->inode = igrab(req->inode);
223 if (req->inode2)
224 req->inode2 = igrab(req->inode2);
225 if (req->file)
226 get_file(req->file);
227 }
228
229 /* Called with fuse_lock held. Releases, and then reacquires it. */
230 static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req)
231 {
232 sigset_t oldset;
233
234 spin_unlock(&fuse_lock);
235 block_sigs(&oldset);
236 wait_event_interruptible(req->waitq, req->state == FUSE_REQ_FINISHED);
237 restore_sigs(&oldset);
238 spin_lock(&fuse_lock);
239 if (req->state == FUSE_REQ_FINISHED && !req->interrupted)
240 return;
241
242 if (!req->interrupted) {
243 req->out.h.error = -EINTR;
244 req->interrupted = 1;
245 }
246 if (req->locked) {
247 /* This is uninterruptible sleep, because data is
248 being copied to/from the buffers of req. During
249 locked state, there mustn't be any filesystem
250 operation (e.g. page fault), since that could lead
251 to deadlock */
252 spin_unlock(&fuse_lock);
253 wait_event(req->waitq, !req->locked);
254 spin_lock(&fuse_lock);
255 }
256 if (req->state == FUSE_REQ_PENDING) {
257 list_del(&req->list);
258 __fuse_put_request(req);
259 } else if (req->state == FUSE_REQ_SENT)
260 background_request(fc, req);
261 }
262
263 static unsigned len_args(unsigned numargs, struct fuse_arg *args)
264 {
265 unsigned nbytes = 0;
266 unsigned i;
267
268 for (i = 0; i < numargs; i++)
269 nbytes += args[i].size;
270
271 return nbytes;
272 }
273
274 static void queue_request(struct fuse_conn *fc, struct fuse_req *req)
275 {
276 fc->reqctr++;
277 /* zero is special */
278 if (fc->reqctr == 0)
279 fc->reqctr = 1;
280 req->in.h.unique = fc->reqctr;
281 req->in.h.len = sizeof(struct fuse_in_header) +
282 len_args(req->in.numargs, (struct fuse_arg *) req->in.args);
283 if (!req->preallocated) {
284 /* If request is not preallocated (either FORGET or
285 RELEASE), then still decrease outstanding_sem, so
286 user can't open infinite number of files while not
287 processing the RELEASE requests. However for
288 efficiency do it without blocking, so if down()
289 would block, just increase the debt instead */
290 if (down_trylock(&fc->outstanding_sem))
291 fc->outstanding_debt++;
292 }
293 list_add_tail(&req->list, &fc->pending);
294 req->state = FUSE_REQ_PENDING;
295 wake_up(&fc->waitq);
296 }
297
298 /*
299 * This can only be interrupted by a SIGKILL
300 */
301 void request_send(struct fuse_conn *fc, struct fuse_req *req)
302 {
303 req->isreply = 1;
304 spin_lock(&fuse_lock);
305 if (!fc->connected)
306 req->out.h.error = -ENOTCONN;
307 else if (fc->conn_error)
308 req->out.h.error = -ECONNREFUSED;
309 else {
310 queue_request(fc, req);
311 /* acquire extra reference, since request is still needed
312 after request_end() */
313 __fuse_get_request(req);
314
315 request_wait_answer(fc, req);
316 }
317 spin_unlock(&fuse_lock);
318 }
319
320 static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req)
321 {
322 spin_lock(&fuse_lock);
323 if (fc->connected) {
324 queue_request(fc, req);
325 spin_unlock(&fuse_lock);
326 } else {
327 req->out.h.error = -ENOTCONN;
328 request_end(fc, req);
329 }
330 }
331
332 void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req)
333 {
334 req->isreply = 0;
335 request_send_nowait(fc, req);
336 }
337
338 void request_send_background(struct fuse_conn *fc, struct fuse_req *req)
339 {
340 req->isreply = 1;
341 spin_lock(&fuse_lock);
342 background_request(fc, req);
343 spin_unlock(&fuse_lock);
344 request_send_nowait(fc, req);
345 }
346
347 /*
348 * Lock the request. Up to the next unlock_request() there mustn't be
349 * anything that could cause a page-fault. If the request was already
350 * interrupted bail out.
351 */
352 static int lock_request(struct fuse_req *req)
353 {
354 int err = 0;
355 if (req) {
356 spin_lock(&fuse_lock);
357 if (req->interrupted)
358 err = -ENOENT;
359 else
360 req->locked = 1;
361 spin_unlock(&fuse_lock);
362 }
363 return err;
364 }
365
366 /*
367 * Unlock request. If it was interrupted during being locked, the
368 * requester thread is currently waiting for it to be unlocked, so
369 * wake it up.
370 */
371 static void unlock_request(struct fuse_req *req)
372 {
373 if (req) {
374 spin_lock(&fuse_lock);
375 req->locked = 0;
376 if (req->interrupted)
377 wake_up(&req->waitq);
378 spin_unlock(&fuse_lock);
379 }
380 }
381
382 struct fuse_copy_state {
383 int write;
384 struct fuse_req *req;
385 const struct iovec *iov;
386 unsigned long nr_segs;
387 unsigned long seglen;
388 unsigned long addr;
389 struct page *pg;
390 void *mapaddr;
391 void *buf;
392 unsigned len;
393 };
394
395 static void fuse_copy_init(struct fuse_copy_state *cs, int write,
396 struct fuse_req *req, const struct iovec *iov,
397 unsigned long nr_segs)
398 {
399 memset(cs, 0, sizeof(*cs));
400 cs->write = write;
401 cs->req = req;
402 cs->iov = iov;
403 cs->nr_segs = nr_segs;
404 }
405
406 /* Unmap and put previous page of userspace buffer */
407 static void fuse_copy_finish(struct fuse_copy_state *cs)
408 {
409 if (cs->mapaddr) {
410 kunmap_atomic(cs->mapaddr, KM_USER0);
411 if (cs->write) {
412 flush_dcache_page(cs->pg);
413 set_page_dirty_lock(cs->pg);
414 }
415 put_page(cs->pg);
416 cs->mapaddr = NULL;
417 }
418 }
419
420 /*
421 * Get another pagefull of userspace buffer, and map it to kernel
422 * address space, and lock request
423 */
424 static int fuse_copy_fill(struct fuse_copy_state *cs)
425 {
426 unsigned long offset;
427 int err;
428
429 unlock_request(cs->req);
430 fuse_copy_finish(cs);
431 if (!cs->seglen) {
432 BUG_ON(!cs->nr_segs);
433 cs->seglen = cs->iov[0].iov_len;
434 cs->addr = (unsigned long) cs->iov[0].iov_base;
435 cs->iov ++;
436 cs->nr_segs --;
437 }
438 down_read(&current->mm->mmap_sem);
439 err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0,
440 &cs->pg, NULL);
441 up_read(&current->mm->mmap_sem);
442 if (err < 0)
443 return err;
444 BUG_ON(err != 1);
445 offset = cs->addr % PAGE_SIZE;
446 cs->mapaddr = kmap_atomic(cs->pg, KM_USER0);
447 cs->buf = cs->mapaddr + offset;
448 cs->len = min(PAGE_SIZE - offset, cs->seglen);
449 cs->seglen -= cs->len;
450 cs->addr += cs->len;
451
452 return lock_request(cs->req);
453 }
454
455 /* Do as much copy to/from userspace buffer as we can */
456 static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size)
457 {
458 unsigned ncpy = min(*size, cs->len);
459 if (val) {
460 if (cs->write)
461 memcpy(cs->buf, *val, ncpy);
462 else
463 memcpy(*val, cs->buf, ncpy);
464 *val += ncpy;
465 }
466 *size -= ncpy;
467 cs->len -= ncpy;
468 cs->buf += ncpy;
469 return ncpy;
470 }
471
472 /*
473 * Copy a page in the request to/from the userspace buffer. Must be
474 * done atomically
475 */
476 static int fuse_copy_page(struct fuse_copy_state *cs, struct page *page,
477 unsigned offset, unsigned count, int zeroing)
478 {
479 if (page && zeroing && count < PAGE_SIZE) {
480 void *mapaddr = kmap_atomic(page, KM_USER1);
481 memset(mapaddr, 0, PAGE_SIZE);
482 kunmap_atomic(mapaddr, KM_USER1);
483 }
484 while (count) {
485 int err;
486 if (!cs->len && (err = fuse_copy_fill(cs)))
487 return err;
488 if (page) {
489 void *mapaddr = kmap_atomic(page, KM_USER1);
490 void *buf = mapaddr + offset;
491 offset += fuse_copy_do(cs, &buf, &count);
492 kunmap_atomic(mapaddr, KM_USER1);
493 } else
494 offset += fuse_copy_do(cs, NULL, &count);
495 }
496 if (page && !cs->write)
497 flush_dcache_page(page);
498 return 0;
499 }
500
501 /* Copy pages in the request to/from userspace buffer */
502 static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes,
503 int zeroing)
504 {
505 unsigned i;
506 struct fuse_req *req = cs->req;
507 unsigned offset = req->page_offset;
508 unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset);
509
510 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) {
511 struct page *page = req->pages[i];
512 int err = fuse_copy_page(cs, page, offset, count, zeroing);
513 if (err)
514 return err;
515
516 nbytes -= count;
517 count = min(nbytes, (unsigned) PAGE_SIZE);
518 offset = 0;
519 }
520 return 0;
521 }
522
523 /* Copy a single argument in the request to/from userspace buffer */
524 static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size)
525 {
526 while (size) {
527 int err;
528 if (!cs->len && (err = fuse_copy_fill(cs)))
529 return err;
530 fuse_copy_do(cs, &val, &size);
531 }
532 return 0;
533 }
534
535 /* Copy request arguments to/from userspace buffer */
536 static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs,
537 unsigned argpages, struct fuse_arg *args,
538 int zeroing)
539 {
540 int err = 0;
541 unsigned i;
542
543 for (i = 0; !err && i < numargs; i++) {
544 struct fuse_arg *arg = &args[i];
545 if (i == numargs - 1 && argpages)
546 err = fuse_copy_pages(cs, arg->size, zeroing);
547 else
548 err = fuse_copy_one(cs, arg->value, arg->size);
549 }
550 return err;
551 }
552
553 /* Wait until a request is available on the pending list */
554 static void request_wait(struct fuse_conn *fc)
555 {
556 DECLARE_WAITQUEUE(wait, current);
557
558 add_wait_queue_exclusive(&fc->waitq, &wait);
559 while (fc->connected && list_empty(&fc->pending)) {
560 set_current_state(TASK_INTERRUPTIBLE);
561 if (signal_pending(current))
562 break;
563
564 spin_unlock(&fuse_lock);
565 schedule();
566 spin_lock(&fuse_lock);
567 }
568 set_current_state(TASK_RUNNING);
569 remove_wait_queue(&fc->waitq, &wait);
570 }
571
572 /*
573 * Read a single request into the userspace filesystem's buffer. This
574 * function waits until a request is available, then removes it from
575 * the pending list and copies request data to userspace buffer. If
576 * no reply is needed (FORGET) or request has been interrupted or
577 * there was an error during the copying then it's finished by calling
578 * request_end(). Otherwise add it to the processing list, and set
579 * the 'sent' flag.
580 */
581 static ssize_t fuse_dev_readv(struct file *file, const struct iovec *iov,
582 unsigned long nr_segs, loff_t *off)
583 {
584 int err;
585 struct fuse_conn *fc;
586 struct fuse_req *req;
587 struct fuse_in *in;
588 struct fuse_copy_state cs;
589 unsigned reqsize;
590
591 restart:
592 spin_lock(&fuse_lock);
593 fc = file->private_data;
594 err = -EPERM;
595 if (!fc)
596 goto err_unlock;
597 request_wait(fc);
598 err = -ENODEV;
599 if (!fc->connected)
600 goto err_unlock;
601 err = -ERESTARTSYS;
602 if (list_empty(&fc->pending))
603 goto err_unlock;
604
605 req = list_entry(fc->pending.next, struct fuse_req, list);
606 req->state = FUSE_REQ_READING;
607 list_move(&req->list, &fc->io);
608
609 in = &req->in;
610 reqsize = in->h.len;
611 /* If request is too large, reply with an error and restart the read */
612 if (iov_length(iov, nr_segs) < reqsize) {
613 req->out.h.error = -EIO;
614 /* SETXATTR is special, since it may contain too large data */
615 if (in->h.opcode == FUSE_SETXATTR)
616 req->out.h.error = -E2BIG;
617 request_end(fc, req);
618 goto restart;
619 }
620 spin_unlock(&fuse_lock);
621 fuse_copy_init(&cs, 1, req, iov, nr_segs);
622 err = fuse_copy_one(&cs, &in->h, sizeof(in->h));
623 if (!err)
624 err = fuse_copy_args(&cs, in->numargs, in->argpages,
625 (struct fuse_arg *) in->args, 0);
626 fuse_copy_finish(&cs);
627 spin_lock(&fuse_lock);
628 req->locked = 0;
629 if (!err && req->interrupted)
630 err = -ENOENT;
631 if (err) {
632 if (!req->interrupted)
633 req->out.h.error = -EIO;
634 request_end(fc, req);
635 return err;
636 }
637 if (!req->isreply)
638 request_end(fc, req);
639 else {
640 req->state = FUSE_REQ_SENT;
641 list_move_tail(&req->list, &fc->processing);
642 spin_unlock(&fuse_lock);
643 }
644 return reqsize;
645
646 err_unlock:
647 spin_unlock(&fuse_lock);
648 return err;
649 }
650
651 static ssize_t fuse_dev_read(struct file *file, char __user *buf,
652 size_t nbytes, loff_t *off)
653 {
654 struct iovec iov;
655 iov.iov_len = nbytes;
656 iov.iov_base = buf;
657 return fuse_dev_readv(file, &iov, 1, off);
658 }
659
660 /* Look up request on processing list by unique ID */
661 static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique)
662 {
663 struct list_head *entry;
664
665 list_for_each(entry, &fc->processing) {
666 struct fuse_req *req;
667 req = list_entry(entry, struct fuse_req, list);
668 if (req->in.h.unique == unique)
669 return req;
670 }
671 return NULL;
672 }
673
674 static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out,
675 unsigned nbytes)
676 {
677 unsigned reqsize = sizeof(struct fuse_out_header);
678
679 if (out->h.error)
680 return nbytes != reqsize ? -EINVAL : 0;
681
682 reqsize += len_args(out->numargs, out->args);
683
684 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar))
685 return -EINVAL;
686 else if (reqsize > nbytes) {
687 struct fuse_arg *lastarg = &out->args[out->numargs-1];
688 unsigned diffsize = reqsize - nbytes;
689 if (diffsize > lastarg->size)
690 return -EINVAL;
691 lastarg->size -= diffsize;
692 }
693 return fuse_copy_args(cs, out->numargs, out->argpages, out->args,
694 out->page_zeroing);
695 }
696
697 /*
698 * Write a single reply to a request. First the header is copied from
699 * the write buffer. The request is then searched on the processing
700 * list by the unique ID found in the header. If found, then remove
701 * it from the list and copy the rest of the buffer to the request.
702 * The request is finished by calling request_end()
703 */
704 static ssize_t fuse_dev_writev(struct file *file, const struct iovec *iov,
705 unsigned long nr_segs, loff_t *off)
706 {
707 int err;
708 unsigned nbytes = iov_length(iov, nr_segs);
709 struct fuse_req *req;
710 struct fuse_out_header oh;
711 struct fuse_copy_state cs;
712 struct fuse_conn *fc = fuse_get_conn(file);
713 if (!fc)
714 return -ENODEV;
715
716 fuse_copy_init(&cs, 0, NULL, iov, nr_segs);
717 if (nbytes < sizeof(struct fuse_out_header))
718 return -EINVAL;
719
720 err = fuse_copy_one(&cs, &oh, sizeof(oh));
721 if (err)
722 goto err_finish;
723 err = -EINVAL;
724 if (!oh.unique || oh.error <= -1000 || oh.error > 0 ||
725 oh.len != nbytes)
726 goto err_finish;
727
728 spin_lock(&fuse_lock);
729 err = -ENOENT;
730 if (!fc->connected)
731 goto err_unlock;
732
733 req = request_find(fc, oh.unique);
734 err = -EINVAL;
735 if (!req)
736 goto err_unlock;
737
738 if (req->interrupted) {
739 spin_unlock(&fuse_lock);
740 fuse_copy_finish(&cs);
741 spin_lock(&fuse_lock);
742 request_end(fc, req);
743 return -ENOENT;
744 }
745 list_move(&req->list, &fc->io);
746 req->out.h = oh;
747 req->locked = 1;
748 cs.req = req;
749 spin_unlock(&fuse_lock);
750
751 err = copy_out_args(&cs, &req->out, nbytes);
752 fuse_copy_finish(&cs);
753
754 spin_lock(&fuse_lock);
755 req->locked = 0;
756 if (!err) {
757 if (req->interrupted)
758 err = -ENOENT;
759 } else if (!req->interrupted)
760 req->out.h.error = -EIO;
761 request_end(fc, req);
762
763 return err ? err : nbytes;
764
765 err_unlock:
766 spin_unlock(&fuse_lock);
767 err_finish:
768 fuse_copy_finish(&cs);
769 return err;
770 }
771
772 static ssize_t fuse_dev_write(struct file *file, const char __user *buf,
773 size_t nbytes, loff_t *off)
774 {
775 struct iovec iov;
776 iov.iov_len = nbytes;
777 iov.iov_base = (char __user *) buf;
778 return fuse_dev_writev(file, &iov, 1, off);
779 }
780
781 static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
782 {
783 struct fuse_conn *fc = fuse_get_conn(file);
784 unsigned mask = POLLOUT | POLLWRNORM;
785
786 if (!fc)
787 return -ENODEV;
788
789 poll_wait(file, &fc->waitq, wait);
790
791 spin_lock(&fuse_lock);
792 if (!list_empty(&fc->pending))
793 mask |= POLLIN | POLLRDNORM;
794 spin_unlock(&fuse_lock);
795
796 return mask;
797 }
798
799 /*
800 * Abort all requests on the given list (pending or processing)
801 *
802 * This function releases and reacquires fuse_lock
803 */
804 static void end_requests(struct fuse_conn *fc, struct list_head *head)
805 {
806 while (!list_empty(head)) {
807 struct fuse_req *req;
808 req = list_entry(head->next, struct fuse_req, list);
809 req->out.h.error = -ECONNABORTED;
810 request_end(fc, req);
811 spin_lock(&fuse_lock);
812 }
813 }
814
815 /*
816 * Abort requests under I/O
817 *
818 * The requests are set to interrupted and finished, and the request
819 * waiter is woken up. This will make request_wait_answer() wait
820 * until the request is unlocked and then return.
821 *
822 * If the request is asynchronous, then the end function needs to be
823 * called after waiting for the request to be unlocked (if it was
824 * locked).
825 */
826 static void end_io_requests(struct fuse_conn *fc)
827 {
828 while (!list_empty(&fc->io)) {
829 struct fuse_req *req =
830 list_entry(fc->io.next, struct fuse_req, list);
831 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
832
833 req->interrupted = 1;
834 req->out.h.error = -ECONNABORTED;
835 req->state = FUSE_REQ_FINISHED;
836 list_del_init(&req->list);
837 wake_up(&req->waitq);
838 if (end) {
839 req->end = NULL;
840 /* The end function will consume this reference */
841 __fuse_get_request(req);
842 spin_unlock(&fuse_lock);
843 wait_event(req->waitq, !req->locked);
844 end(fc, req);
845 spin_lock(&fuse_lock);
846 }
847 }
848 }
849
850 /*
851 * Abort all requests.
852 *
853 * Emergency exit in case of a malicious or accidental deadlock, or
854 * just a hung filesystem.
855 *
856 * The same effect is usually achievable through killing the
857 * filesystem daemon and all users of the filesystem. The exception
858 * is the combination of an asynchronous request and the tricky
859 * deadlock (see Documentation/filesystems/fuse.txt).
860 *
861 * During the aborting, progression of requests from the pending and
862 * processing lists onto the io list, and progression of new requests
863 * onto the pending list is prevented by req->connected being false.
864 *
865 * Progression of requests under I/O to the processing list is
866 * prevented by the req->interrupted flag being true for these
867 * requests. For this reason requests on the io list must be aborted
868 * first.
869 */
870 void fuse_abort_conn(struct fuse_conn *fc)
871 {
872 spin_lock(&fuse_lock);
873 if (fc->connected) {
874 fc->connected = 0;
875 end_io_requests(fc);
876 end_requests(fc, &fc->pending);
877 end_requests(fc, &fc->processing);
878 wake_up_all(&fc->waitq);
879 }
880 spin_unlock(&fuse_lock);
881 }
882
883 static int fuse_dev_release(struct inode *inode, struct file *file)
884 {
885 struct fuse_conn *fc;
886
887 spin_lock(&fuse_lock);
888 fc = file->private_data;
889 if (fc) {
890 fc->connected = 0;
891 end_requests(fc, &fc->pending);
892 end_requests(fc, &fc->processing);
893 }
894 spin_unlock(&fuse_lock);
895 if (fc)
896 kobject_put(&fc->kobj);
897
898 return 0;
899 }
900
901 struct file_operations fuse_dev_operations = {
902 .owner = THIS_MODULE,
903 .llseek = no_llseek,
904 .read = fuse_dev_read,
905 .readv = fuse_dev_readv,
906 .write = fuse_dev_write,
907 .writev = fuse_dev_writev,
908 .poll = fuse_dev_poll,
909 .release = fuse_dev_release,
910 };
911
912 static struct miscdevice fuse_miscdevice = {
913 .minor = FUSE_MINOR,
914 .name = "fuse",
915 .fops = &fuse_dev_operations,
916 };
917
918 int __init fuse_dev_init(void)
919 {
920 int err = -ENOMEM;
921 fuse_req_cachep = kmem_cache_create("fuse_request",
922 sizeof(struct fuse_req),
923 0, 0, NULL, NULL);
924 if (!fuse_req_cachep)
925 goto out;
926
927 err = misc_register(&fuse_miscdevice);
928 if (err)
929 goto out_cache_clean;
930
931 return 0;
932
933 out_cache_clean:
934 kmem_cache_destroy(fuse_req_cachep);
935 out:
936 return err;
937 }
938
939 void fuse_dev_cleanup(void)
940 {
941 misc_deregister(&fuse_miscdevice);
942 kmem_cache_destroy(fuse_req_cachep);
943 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree