2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2005 Miklos Szeredi <miklos@szeredi.hu>
5 This program can be distributed under the terms of the GNU GPL.
11 #include <linux/init.h>
12 #include <linux/module.h>
13 #include <linux/poll.h>
14 #include <linux/uio.h>
15 #include <linux/miscdevice.h>
16 #include <linux/pagemap.h>
17 #include <linux/file.h>
18 #include <linux/slab.h>
20 MODULE_ALIAS_MISCDEV(FUSE_MINOR);
22 static kmem_cache_t *fuse_req_cachep;
24 static struct fuse_conn *fuse_get_conn(struct file *file)
27 spin_lock(&fuse_lock);
28 fc = file->private_data;
29 if (fc && !fc->connected)
31 spin_unlock(&fuse_lock);
35 static void fuse_request_init(struct fuse_req *req)
37 memset(req, 0, sizeof(*req));
38 INIT_LIST_HEAD(&req->list);
39 init_waitqueue_head(&req->waitq);
40 atomic_set(&req->count, 1);
43 struct fuse_req *fuse_request_alloc(void)
45 struct fuse_req *req = kmem_cache_alloc(fuse_req_cachep, SLAB_KERNEL);
47 fuse_request_init(req);
51 void fuse_request_free(struct fuse_req *req)
53 kmem_cache_free(fuse_req_cachep, req);
56 static void block_sigs(sigset_t *oldset)
60 siginitsetinv(&mask, sigmask(SIGKILL));
61 sigprocmask(SIG_BLOCK, &mask, oldset);
64 static void restore_sigs(sigset_t *oldset)
66 sigprocmask(SIG_SETMASK, oldset, NULL);
70 * Reset request, so that it can be reused
72 * The caller must be _very_ careful to make sure, that it is holding
73 * the only reference to req
75 void fuse_reset_request(struct fuse_req *req)
77 int preallocated = req->preallocated;
78 BUG_ON(atomic_read(&req->count) != 1);
79 fuse_request_init(req);
80 req->preallocated = preallocated;
83 static void __fuse_get_request(struct fuse_req *req)
85 atomic_inc(&req->count);
88 /* Must be called with > 1 refcount */
89 static void __fuse_put_request(struct fuse_req *req)
91 BUG_ON(atomic_read(&req->count) < 2);
92 atomic_dec(&req->count);
95 static struct fuse_req *do_get_request(struct fuse_conn *fc)
99 spin_lock(&fuse_lock);
100 BUG_ON(list_empty(&fc->unused_list));
101 req = list_entry(fc->unused_list.next, struct fuse_req, list);
102 list_del_init(&req->list);
103 spin_unlock(&fuse_lock);
104 fuse_request_init(req);
105 req->preallocated = 1;
106 req->in.h.uid = current->fsuid;
107 req->in.h.gid = current->fsgid;
108 req->in.h.pid = current->pid;
112 /* This can return NULL, but only in case it's interrupted by a SIGKILL */
113 struct fuse_req *fuse_get_request(struct fuse_conn *fc)
118 atomic_inc(&fc->num_waiting);
120 intr = down_interruptible(&fc->outstanding_sem);
121 restore_sigs(&oldset);
123 atomic_dec(&fc->num_waiting);
126 return do_get_request(fc);
129 /* Must be called with fuse_lock held */
130 static void fuse_putback_request(struct fuse_conn *fc, struct fuse_req *req)
132 if (req->preallocated) {
133 atomic_dec(&fc->num_waiting);
134 list_add(&req->list, &fc->unused_list);
136 fuse_request_free(req);
138 /* If we are in debt decrease that first */
139 if (fc->outstanding_debt)
140 fc->outstanding_debt--;
142 up(&fc->outstanding_sem);
145 void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
147 if (atomic_dec_and_test(&req->count)) {
148 spin_lock(&fuse_lock);
149 fuse_putback_request(fc, req);
150 spin_unlock(&fuse_lock);
154 static void fuse_put_request_locked(struct fuse_conn *fc, struct fuse_req *req)
156 if (atomic_dec_and_test(&req->count))
157 fuse_putback_request(fc, req);
160 void fuse_release_background(struct fuse_req *req)
166 spin_lock(&fuse_lock);
167 list_del(&req->bg_entry);
168 spin_unlock(&fuse_lock);
172 * This function is called when a request is finished. Either a reply
173 * has arrived or it was interrupted (and not yet sent) or some error
174 * occurred during communication with userspace, or the device file
175 * was closed. In case of a background request the reference to the
176 * stored objects are released. The requester thread is woken up (if
177 * still waiting), the 'end' callback is called if given, else the
178 * reference to the request is released
180 * Releasing extra reference for foreground requests must be done
181 * within the same locked region as setting state to finished. This
182 * is because fuse_reset_request() may be called after request is
183 * finished and it must be the sole possessor. If request is
184 * interrupted and put in the background, it will return with an error
185 * and hence never be reset and reused.
187 * Called with fuse_lock, unlocks it
189 static void request_end(struct fuse_conn *fc, struct fuse_req *req)
191 list_del(&req->list);
192 req->state = FUSE_REQ_FINISHED;
193 if (!req->background) {
194 wake_up(&req->waitq);
195 fuse_put_request_locked(fc, req);
196 spin_unlock(&fuse_lock);
198 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
200 spin_unlock(&fuse_lock);
201 down_read(&fc->sbput_sem);
203 fuse_release_background(req);
204 up_read(&fc->sbput_sem);
208 fuse_put_request(fc, req);
213 * Unfortunately request interruption not just solves the deadlock
214 * problem, it causes problems too. These stem from the fact, that an
215 * interrupted request is continued to be processed in userspace,
216 * while all the locks and object references (inode and file) held
217 * during the operation are released.
219 * To release the locks is exactly why there's a need to interrupt the
220 * request, so there's not a lot that can be done about this, except
221 * introduce additional locking in userspace.
223 * More important is to keep inode and file references until userspace
224 * has replied, otherwise FORGET and RELEASE could be sent while the
225 * inode/file is still used by the filesystem.
227 * For this reason the concept of "background" request is introduced.
228 * An interrupted request is backgrounded if it has been already sent
229 * to userspace. Backgrounding involves getting an extra reference to
230 * inode(s) or file used in the request, and adding the request to
231 * fc->background list. When a reply is received for a background
232 * request, the object references are released, and the request is
233 * removed from the list. If the filesystem is unmounted while there
234 * are still background requests, the list is walked and references
235 * are released as if a reply was received.
237 * There's one more use for a background request. The RELEASE message is
238 * always sent as background, since it doesn't return an error or
241 static void background_request(struct fuse_conn *fc, struct fuse_req *req)
244 list_add(&req->bg_entry, &fc->background);
246 req->inode = igrab(req->inode);
248 req->inode2 = igrab(req->inode2);
253 /* Called with fuse_lock held. Releases, and then reacquires it. */
254 static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req)
258 spin_unlock(&fuse_lock);
260 wait_event_interruptible(req->waitq, req->state == FUSE_REQ_FINISHED);
261 restore_sigs(&oldset);
262 spin_lock(&fuse_lock);
263 if (req->state == FUSE_REQ_FINISHED && !req->interrupted)
266 if (!req->interrupted) {
267 req->out.h.error = -EINTR;
268 req->interrupted = 1;
271 /* This is uninterruptible sleep, because data is
272 being copied to/from the buffers of req. During
273 locked state, there mustn't be any filesystem
274 operation (e.g. page fault), since that could lead
276 spin_unlock(&fuse_lock);
277 wait_event(req->waitq, !req->locked);
278 spin_lock(&fuse_lock);
280 if (req->state == FUSE_REQ_PENDING) {
281 list_del(&req->list);
282 __fuse_put_request(req);
283 } else if (req->state == FUSE_REQ_SENT)
284 background_request(fc, req);
287 static unsigned len_args(unsigned numargs, struct fuse_arg *args)
292 for (i = 0; i < numargs; i++)
293 nbytes += args[i].size;
298 static void queue_request(struct fuse_conn *fc, struct fuse_req *req)
301 /* zero is special */
304 req->in.h.unique = fc->reqctr;
305 req->in.h.len = sizeof(struct fuse_in_header) +
306 len_args(req->in.numargs, (struct fuse_arg *) req->in.args);
307 if (!req->preallocated) {
308 /* If request is not preallocated (either FORGET or
309 RELEASE), then still decrease outstanding_sem, so
310 user can't open infinite number of files while not
311 processing the RELEASE requests. However for
312 efficiency do it without blocking, so if down()
313 would block, just increase the debt instead */
314 if (down_trylock(&fc->outstanding_sem))
315 fc->outstanding_debt++;
317 list_add_tail(&req->list, &fc->pending);
318 req->state = FUSE_REQ_PENDING;
323 * This can only be interrupted by a SIGKILL
325 void request_send(struct fuse_conn *fc, struct fuse_req *req)
328 spin_lock(&fuse_lock);
330 req->out.h.error = -ENOTCONN;
331 else if (fc->conn_error)
332 req->out.h.error = -ECONNREFUSED;
334 queue_request(fc, req);
335 /* acquire extra reference, since request is still needed
336 after request_end() */
337 __fuse_get_request(req);
339 request_wait_answer(fc, req);
341 spin_unlock(&fuse_lock);
344 static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req)
346 spin_lock(&fuse_lock);
348 queue_request(fc, req);
349 spin_unlock(&fuse_lock);
351 req->out.h.error = -ENOTCONN;
352 request_end(fc, req);
356 void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req)
359 request_send_nowait(fc, req);
362 void request_send_background(struct fuse_conn *fc, struct fuse_req *req)
365 spin_lock(&fuse_lock);
366 background_request(fc, req);
367 spin_unlock(&fuse_lock);
368 request_send_nowait(fc, req);
372 * Lock the request. Up to the next unlock_request() there mustn't be
373 * anything that could cause a page-fault. If the request was already
374 * interrupted bail out.
376 static int lock_request(struct fuse_req *req)
380 spin_lock(&fuse_lock);
381 if (req->interrupted)
385 spin_unlock(&fuse_lock);
391 * Unlock request. If it was interrupted during being locked, the
392 * requester thread is currently waiting for it to be unlocked, so
395 static void unlock_request(struct fuse_req *req)
398 spin_lock(&fuse_lock);
400 if (req->interrupted)
401 wake_up(&req->waitq);
402 spin_unlock(&fuse_lock);
406 struct fuse_copy_state {
408 struct fuse_req *req;
409 const struct iovec *iov;
410 unsigned long nr_segs;
411 unsigned long seglen;
419 static void fuse_copy_init(struct fuse_copy_state *cs, int write,
420 struct fuse_req *req, const struct iovec *iov,
421 unsigned long nr_segs)
423 memset(cs, 0, sizeof(*cs));
427 cs->nr_segs = nr_segs;
430 /* Unmap and put previous page of userspace buffer */
431 static void fuse_copy_finish(struct fuse_copy_state *cs)
434 kunmap_atomic(cs->mapaddr, KM_USER0);
436 flush_dcache_page(cs->pg);
437 set_page_dirty_lock(cs->pg);
445 * Get another pagefull of userspace buffer, and map it to kernel
446 * address space, and lock request
448 static int fuse_copy_fill(struct fuse_copy_state *cs)
450 unsigned long offset;
453 unlock_request(cs->req);
454 fuse_copy_finish(cs);
456 BUG_ON(!cs->nr_segs);
457 cs->seglen = cs->iov[0].iov_len;
458 cs->addr = (unsigned long) cs->iov[0].iov_base;
462 down_read(¤t->mm->mmap_sem);
463 err = get_user_pages(current, current->mm, cs->addr, 1, cs->write, 0,
465 up_read(¤t->mm->mmap_sem);
469 offset = cs->addr % PAGE_SIZE;
470 cs->mapaddr = kmap_atomic(cs->pg, KM_USER0);
471 cs->buf = cs->mapaddr + offset;
472 cs->len = min(PAGE_SIZE - offset, cs->seglen);
473 cs->seglen -= cs->len;
476 return lock_request(cs->req);
479 /* Do as much copy to/from userspace buffer as we can */
480 static int fuse_copy_do(struct fuse_copy_state *cs, void **val, unsigned *size)
482 unsigned ncpy = min(*size, cs->len);
485 memcpy(cs->buf, *val, ncpy);
487 memcpy(*val, cs->buf, ncpy);
497 * Copy a page in the request to/from the userspace buffer. Must be
500 static int fuse_copy_page(struct fuse_copy_state *cs, struct page *page,
501 unsigned offset, unsigned count, int zeroing)
503 if (page && zeroing && count < PAGE_SIZE) {
504 void *mapaddr = kmap_atomic(page, KM_USER1);
505 memset(mapaddr, 0, PAGE_SIZE);
506 kunmap_atomic(mapaddr, KM_USER1);
510 if (!cs->len && (err = fuse_copy_fill(cs)))
513 void *mapaddr = kmap_atomic(page, KM_USER1);
514 void *buf = mapaddr + offset;
515 offset += fuse_copy_do(cs, &buf, &count);
516 kunmap_atomic(mapaddr, KM_USER1);
518 offset += fuse_copy_do(cs, NULL, &count);
520 if (page && !cs->write)
521 flush_dcache_page(page);
525 /* Copy pages in the request to/from userspace buffer */
526 static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes,
530 struct fuse_req *req = cs->req;
531 unsigned offset = req->page_offset;
532 unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset);
534 for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) {
535 struct page *page = req->pages[i];
536 int err = fuse_copy_page(cs, page, offset, count, zeroing);
541 count = min(nbytes, (unsigned) PAGE_SIZE);
547 /* Copy a single argument in the request to/from userspace buffer */
548 static int fuse_copy_one(struct fuse_copy_state *cs, void *val, unsigned size)
552 if (!cs->len && (err = fuse_copy_fill(cs)))
554 fuse_copy_do(cs, &val, &size);
559 /* Copy request arguments to/from userspace buffer */
560 static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs,
561 unsigned argpages, struct fuse_arg *args,
567 for (i = 0; !err && i < numargs; i++) {
568 struct fuse_arg *arg = &args[i];
569 if (i == numargs - 1 && argpages)
570 err = fuse_copy_pages(cs, arg->size, zeroing);
572 err = fuse_copy_one(cs, arg->value, arg->size);
577 /* Wait until a request is available on the pending list */
578 static void request_wait(struct fuse_conn *fc)
580 DECLARE_WAITQUEUE(wait, current);
582 add_wait_queue_exclusive(&fc->waitq, &wait);
583 while (fc->connected && list_empty(&fc->pending)) {
584 set_current_state(TASK_INTERRUPTIBLE);
585 if (signal_pending(current))
588 spin_unlock(&fuse_lock);
590 spin_lock(&fuse_lock);
592 set_current_state(TASK_RUNNING);
593 remove_wait_queue(&fc->waitq, &wait);
597 * Read a single request into the userspace filesystem's buffer. This
598 * function waits until a request is available, then removes it from
599 * the pending list and copies request data to userspace buffer. If
600 * no reply is needed (FORGET) or request has been interrupted or
601 * there was an error during the copying then it's finished by calling
602 * request_end(). Otherwise add it to the processing list, and set
605 static ssize_t fuse_dev_readv(struct file *file, const struct iovec *iov,
606 unsigned long nr_segs, loff_t *off)
609 struct fuse_conn *fc;
610 struct fuse_req *req;
612 struct fuse_copy_state cs;
616 spin_lock(&fuse_lock);
617 fc = file->private_data;
626 if (list_empty(&fc->pending))
629 req = list_entry(fc->pending.next, struct fuse_req, list);
630 req->state = FUSE_REQ_READING;
631 list_move(&req->list, &fc->io);
635 /* If request is too large, reply with an error and restart the read */
636 if (iov_length(iov, nr_segs) < reqsize) {
637 req->out.h.error = -EIO;
638 /* SETXATTR is special, since it may contain too large data */
639 if (in->h.opcode == FUSE_SETXATTR)
640 req->out.h.error = -E2BIG;
641 request_end(fc, req);
644 spin_unlock(&fuse_lock);
645 fuse_copy_init(&cs, 1, req, iov, nr_segs);
646 err = fuse_copy_one(&cs, &in->h, sizeof(in->h));
648 err = fuse_copy_args(&cs, in->numargs, in->argpages,
649 (struct fuse_arg *) in->args, 0);
650 fuse_copy_finish(&cs);
651 spin_lock(&fuse_lock);
653 if (!err && req->interrupted)
656 if (!req->interrupted)
657 req->out.h.error = -EIO;
658 request_end(fc, req);
662 request_end(fc, req);
664 req->state = FUSE_REQ_SENT;
665 list_move_tail(&req->list, &fc->processing);
666 spin_unlock(&fuse_lock);
671 spin_unlock(&fuse_lock);
675 static ssize_t fuse_dev_read(struct file *file, char __user *buf,
676 size_t nbytes, loff_t *off)
679 iov.iov_len = nbytes;
681 return fuse_dev_readv(file, &iov, 1, off);
684 /* Look up request on processing list by unique ID */
685 static struct fuse_req *request_find(struct fuse_conn *fc, u64 unique)
687 struct list_head *entry;
689 list_for_each(entry, &fc->processing) {
690 struct fuse_req *req;
691 req = list_entry(entry, struct fuse_req, list);
692 if (req->in.h.unique == unique)
698 static int copy_out_args(struct fuse_copy_state *cs, struct fuse_out *out,
701 unsigned reqsize = sizeof(struct fuse_out_header);
704 return nbytes != reqsize ? -EINVAL : 0;
706 reqsize += len_args(out->numargs, out->args);
708 if (reqsize < nbytes || (reqsize > nbytes && !out->argvar))
710 else if (reqsize > nbytes) {
711 struct fuse_arg *lastarg = &out->args[out->numargs-1];
712 unsigned diffsize = reqsize - nbytes;
713 if (diffsize > lastarg->size)
715 lastarg->size -= diffsize;
717 return fuse_copy_args(cs, out->numargs, out->argpages, out->args,
722 * Write a single reply to a request. First the header is copied from
723 * the write buffer. The request is then searched on the processing
724 * list by the unique ID found in the header. If found, then remove
725 * it from the list and copy the rest of the buffer to the request.
726 * The request is finished by calling request_end()
728 static ssize_t fuse_dev_writev(struct file *file, const struct iovec *iov,
729 unsigned long nr_segs, loff_t *off)
732 unsigned nbytes = iov_length(iov, nr_segs);
733 struct fuse_req *req;
734 struct fuse_out_header oh;
735 struct fuse_copy_state cs;
736 struct fuse_conn *fc = fuse_get_conn(file);
740 fuse_copy_init(&cs, 0, NULL, iov, nr_segs);
741 if (nbytes < sizeof(struct fuse_out_header))
744 err = fuse_copy_one(&cs, &oh, sizeof(oh));
748 if (!oh.unique || oh.error <= -1000 || oh.error > 0 ||
752 spin_lock(&fuse_lock);
757 req = request_find(fc, oh.unique);
762 if (req->interrupted) {
763 spin_unlock(&fuse_lock);
764 fuse_copy_finish(&cs);
765 spin_lock(&fuse_lock);
766 request_end(fc, req);
769 list_move(&req->list, &fc->io);
773 spin_unlock(&fuse_lock);
775 err = copy_out_args(&cs, &req->out, nbytes);
776 fuse_copy_finish(&cs);
778 spin_lock(&fuse_lock);
781 if (req->interrupted)
783 } else if (!req->interrupted)
784 req->out.h.error = -EIO;
785 request_end(fc, req);
787 return err ? err : nbytes;
790 spin_unlock(&fuse_lock);
792 fuse_copy_finish(&cs);
796 static ssize_t fuse_dev_write(struct file *file, const char __user *buf,
797 size_t nbytes, loff_t *off)
800 iov.iov_len = nbytes;
801 iov.iov_base = (char __user *) buf;
802 return fuse_dev_writev(file, &iov, 1, off);
805 static unsigned fuse_dev_poll(struct file *file, poll_table *wait)
807 struct fuse_conn *fc = fuse_get_conn(file);
808 unsigned mask = POLLOUT | POLLWRNORM;
813 poll_wait(file, &fc->waitq, wait);
815 spin_lock(&fuse_lock);
816 if (!list_empty(&fc->pending))
817 mask |= POLLIN | POLLRDNORM;
818 spin_unlock(&fuse_lock);
824 * Abort all requests on the given list (pending or processing)
826 * This function releases and reacquires fuse_lock
828 static void end_requests(struct fuse_conn *fc, struct list_head *head)
830 while (!list_empty(head)) {
831 struct fuse_req *req;
832 req = list_entry(head->next, struct fuse_req, list);
833 req->out.h.error = -ECONNABORTED;
834 request_end(fc, req);
835 spin_lock(&fuse_lock);
840 * Abort requests under I/O
842 * The requests are set to interrupted and finished, and the request
843 * waiter is woken up. This will make request_wait_answer() wait
844 * until the request is unlocked and then return.
846 * If the request is asynchronous, then the end function needs to be
847 * called after waiting for the request to be unlocked (if it was
850 static void end_io_requests(struct fuse_conn *fc)
852 while (!list_empty(&fc->io)) {
853 struct fuse_req *req =
854 list_entry(fc->io.next, struct fuse_req, list);
855 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
857 req->interrupted = 1;
858 req->out.h.error = -ECONNABORTED;
859 req->state = FUSE_REQ_FINISHED;
860 list_del_init(&req->list);
861 wake_up(&req->waitq);
864 /* The end function will consume this reference */
865 __fuse_get_request(req);
866 spin_unlock(&fuse_lock);
867 wait_event(req->waitq, !req->locked);
869 spin_lock(&fuse_lock);
875 * Abort all requests.
877 * Emergency exit in case of a malicious or accidental deadlock, or
878 * just a hung filesystem.
880 * The same effect is usually achievable through killing the
881 * filesystem daemon and all users of the filesystem. The exception
882 * is the combination of an asynchronous request and the tricky
883 * deadlock (see Documentation/filesystems/fuse.txt).
885 * During the aborting, progression of requests from the pending and
886 * processing lists onto the io list, and progression of new requests
887 * onto the pending list is prevented by req->connected being false.
889 * Progression of requests under I/O to the processing list is
890 * prevented by the req->interrupted flag being true for these
891 * requests. For this reason requests on the io list must be aborted
894 void fuse_abort_conn(struct fuse_conn *fc)
896 spin_lock(&fuse_lock);
900 end_requests(fc, &fc->pending);
901 end_requests(fc, &fc->processing);
902 wake_up_all(&fc->waitq);
904 spin_unlock(&fuse_lock);
907 static int fuse_dev_release(struct inode *inode, struct file *file)
909 struct fuse_conn *fc;
911 spin_lock(&fuse_lock);
912 fc = file->private_data;
915 end_requests(fc, &fc->pending);
916 end_requests(fc, &fc->processing);
918 spin_unlock(&fuse_lock);
920 kobject_put(&fc->kobj);
925 struct file_operations fuse_dev_operations = {
926 .owner = THIS_MODULE,
928 .read = fuse_dev_read,
929 .readv = fuse_dev_readv,
930 .write = fuse_dev_write,
931 .writev = fuse_dev_writev,
932 .poll = fuse_dev_poll,
933 .release = fuse_dev_release,
936 static struct miscdevice fuse_miscdevice = {
939 .fops = &fuse_dev_operations,
942 int __init fuse_dev_init(void)
945 fuse_req_cachep = kmem_cache_create("fuse_request",
946 sizeof(struct fuse_req),
948 if (!fuse_req_cachep)
951 err = misc_register(&fuse_miscdevice);
953 goto out_cache_clean;
958 kmem_cache_destroy(fuse_req_cachep);
963 void fuse_dev_cleanup(void)
965 misc_deregister(&fuse_miscdevice);
966 kmem_cache_destroy(fuse_req_cachep);
git://git.onelab.eu / linux-2.6.git / blob