{
memset(req, 0, sizeof(*req));
INIT_LIST_HEAD(&req->list);
- INIT_LIST_HEAD(&req->intr_entry);
init_waitqueue_head(&req->waitq);
atomic_set(&req->count, 1);
}
sigprocmask(SIG_SETMASK, oldset, NULL);
}
+/*
+ * Reset request, so that it can be reused
+ *
+ * The caller must be _very_ careful to make sure, that it is holding
+ * the only reference to req
+ */
+void fuse_reset_request(struct fuse_req *req)
+{
+ BUG_ON(atomic_read(&req->count) != 1);
+ fuse_request_init(req);
+}
+
static void __fuse_get_request(struct fuse_req *req)
{
atomic_inc(&req->count);
atomic_dec(&req->count);
}
-static void fuse_req_init_context(struct fuse_req *req)
-{
- req->in.h.uid = current->fsuid;
- req->in.h.gid = current->fsgid;
- req->in.h.pid = current->pid;
-}
-
struct fuse_req *fuse_get_req(struct fuse_conn *fc)
{
struct fuse_req *req;
if (intr)
goto out;
- err = -ENOTCONN;
- if (!fc->connected)
- goto out;
-
req = fuse_request_alloc();
err = -ENOMEM;
if (!req)
goto out;
- fuse_req_init_context(req);
+ req->in.h.uid = current->fsuid;
+ req->in.h.gid = current->fsgid;
+ req->in.h.pid = current->pid;
req->waiting = 1;
return req;
return ERR_PTR(err);
}
-/*
- * Return request in fuse_file->reserved_req. However that may
- * currently be in use. If that is the case, wait for it to become
- * available.
- */
-static struct fuse_req *get_reserved_req(struct fuse_conn *fc,
- struct file *file)
+void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
{
- struct fuse_req *req = NULL;
- struct fuse_file *ff = file->private_data;
-
- do {
- wait_event(fc->blocked_waitq, ff->reserved_req);
- spin_lock(&fc->lock);
- if (ff->reserved_req) {
- req = ff->reserved_req;
- ff->reserved_req = NULL;
- get_file(file);
- req->stolen_file = file;
- }
- spin_unlock(&fc->lock);
- } while (!req);
-
- return req;
+ if (atomic_dec_and_test(&req->count)) {
+ if (req->waiting)
+ atomic_dec(&fc->num_waiting);
+ fuse_request_free(req);
+ }
}
/*
- * Put stolen request back into fuse_file->reserved_req
+ * Called with sbput_sem held for read (request_end) or write
+ * (fuse_put_super). By the time fuse_put_super() is finished, all
+ * inodes belonging to background requests must be released, so the
+ * iputs have to be done within the locked region.
*/
-static void put_reserved_req(struct fuse_conn *fc, struct fuse_req *req)
+void fuse_release_background(struct fuse_conn *fc, struct fuse_req *req)
{
- struct file *file = req->stolen_file;
- struct fuse_file *ff = file->private_data;
-
+ iput(req->inode);
+ iput(req->inode2);
spin_lock(&fc->lock);
- fuse_request_init(req);
- BUG_ON(ff->reserved_req);
- ff->reserved_req = req;
- wake_up(&fc->blocked_waitq);
+ list_del(&req->bg_entry);
+ if (fc->num_background == FUSE_MAX_BACKGROUND) {
+ fc->blocked = 0;
+ wake_up_all(&fc->blocked_waitq);
+ }
+ fc->num_background--;
spin_unlock(&fc->lock);
- fput(file);
}
/*
- * Gets a requests for a file operation, always succeeds
- *
- * This is used for sending the FLUSH request, which must get to
- * userspace, due to POSIX locks which may need to be unlocked.
+ * This function is called when a request is finished. Either a reply
+ * has arrived or it was interrupted (and not yet sent) or some error
+ * occurred during communication with userspace, or the device file
+ * was closed. In case of a background request the reference to the
+ * stored objects are released. The requester thread is woken up (if
+ * still waiting), the 'end' callback is called if given, else the
+ * reference to the request is released
*
- * If allocation fails due to OOM, use the reserved request in
- * fuse_file.
+ * Releasing extra reference for foreground requests must be done
+ * within the same locked region as setting state to finished. This
+ * is because fuse_reset_request() may be called after request is
+ * finished and it must be the sole possessor. If request is
+ * interrupted and put in the background, it will return with an error
+ * and hence never be reset and reused.
*
- * This is very unlikely to deadlock accidentally, since the
- * filesystem should not have it's own file open. If deadlock is
- * intentional, it can still be broken by "aborting" the filesystem.
+ * Called with fc->lock, unlocks it
*/
-struct fuse_req *fuse_get_req_nofail(struct fuse_conn *fc, struct file *file)
+static void request_end(struct fuse_conn *fc, struct fuse_req *req)
{
- struct fuse_req *req;
-
- atomic_inc(&fc->num_waiting);
- wait_event(fc->blocked_waitq, !fc->blocked);
- req = fuse_request_alloc();
- if (!req)
- req = get_reserved_req(fc, file);
-
- fuse_req_init_context(req);
- req->waiting = 1;
- return req;
-}
+ list_del(&req->list);
+ req->state = FUSE_REQ_FINISHED;
+ if (!req->background) {
+ spin_unlock(&fc->lock);
+ wake_up(&req->waitq);
+ fuse_put_request(fc, req);
+ } else {
+ void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
+ req->end = NULL;
+ spin_unlock(&fc->lock);
+ down_read(&fc->sbput_sem);
+ if (fc->mounted)
+ fuse_release_background(fc, req);
+ up_read(&fc->sbput_sem);
-void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
-{
- if (atomic_dec_and_test(&req->count)) {
- if (req->waiting)
- atomic_dec(&fc->num_waiting);
+ /* fput must go outside sbput_sem, otherwise it can deadlock */
+ if (req->file)
+ fput(req->file);
- if (req->stolen_file)
- put_reserved_req(fc, req);
+ if (end)
+ end(fc, req);
else
- fuse_request_free(req);
+ fuse_put_request(fc, req);
}
}
/*
- * This function is called when a request is finished. Either a reply
- * has arrived or it was aborted (and not yet sent) or some error
- * occurred during communication with userspace, or the device file
- * was closed. The requester thread is woken up (if still waiting),
- * the 'end' callback is called if given, else the reference to the
- * request is released
+ * Unfortunately request interruption not just solves the deadlock
+ * problem, it causes problems too. These stem from the fact, that an
+ * interrupted request is continued to be processed in userspace,
+ * while all the locks and object references (inode and file) held
+ * during the operation are released.
*
- * Called with fc->lock, unlocks it
+ * To release the locks is exactly why there's a need to interrupt the
+ * request, so there's not a lot that can be done about this, except
+ * introduce additional locking in userspace.
+ *
+ * More important is to keep inode and file references until userspace
+ * has replied, otherwise FORGET and RELEASE could be sent while the
+ * inode/file is still used by the filesystem.
+ *
+ * For this reason the concept of "background" request is introduced.
+ * An interrupted request is backgrounded if it has been already sent
+ * to userspace. Backgrounding involves getting an extra reference to
+ * inode(s) or file used in the request, and adding the request to
+ * fc->background list. When a reply is received for a background
+ * request, the object references are released, and the request is
+ * removed from the list. If the filesystem is unmounted while there
+ * are still background requests, the list is walked and references
+ * are released as if a reply was received.
+ *
+ * There's one more use for a background request. The RELEASE message is
+ * always sent as background, since it doesn't return an error or
+ * data.
*/
-static void request_end(struct fuse_conn *fc, struct fuse_req *req)
-{
- void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
- req->end = NULL;
- list_del(&req->list);
- list_del(&req->intr_entry);
- req->state = FUSE_REQ_FINISHED;
- if (req->background) {
- if (fc->num_background == FUSE_MAX_BACKGROUND) {
- fc->blocked = 0;
- wake_up_all(&fc->blocked_waitq);
- }
- fc->num_background--;
- }
- spin_unlock(&fc->lock);
- dput(req->dentry);
- mntput(req->vfsmount);
+static void background_request(struct fuse_conn *fc, struct fuse_req *req)
+{
+ req->background = 1;
+ list_add(&req->bg_entry, &fc->background);
+ fc->num_background++;
+ if (fc->num_background == FUSE_MAX_BACKGROUND)
+ fc->blocked = 1;
+ if (req->inode)
+ req->inode = igrab(req->inode);
+ if (req->inode2)
+ req->inode2 = igrab(req->inode2);
if (req->file)
- fput(req->file);
- wake_up(&req->waitq);
- if (end)
- end(fc, req);
- else
- fuse_put_request(fc, req);
+ get_file(req->file);
}
-static void wait_answer_interruptible(struct fuse_conn *fc,
- struct fuse_req *req)
+/* Called with fc->lock held. Releases, and then reacquires it. */
+static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req)
{
- if (signal_pending(current))
- return;
+ sigset_t oldset;
spin_unlock(&fc->lock);
+ block_sigs(&oldset);
wait_event_interruptible(req->waitq, req->state == FUSE_REQ_FINISHED);
+ restore_sigs(&oldset);
spin_lock(&fc->lock);
-}
-
-static void queue_interrupt(struct fuse_conn *fc, struct fuse_req *req)
-{
- list_add_tail(&req->intr_entry, &fc->interrupts);
- wake_up(&fc->waitq);
- kill_fasync(&fc->fasync, SIGIO, POLL_IN);
-}
-
-/* Called with fc->lock held. Releases, and then reacquires it. */
-static void request_wait_answer(struct fuse_conn *fc, struct fuse_req *req)
-{
- if (!fc->no_interrupt) {
- /* Any signal may interrupt this */
- wait_answer_interruptible(fc, req);
-
- if (req->aborted)
- goto aborted;
- if (req->state == FUSE_REQ_FINISHED)
- return;
+ if (req->state == FUSE_REQ_FINISHED && !req->interrupted)
+ return;
+ if (!req->interrupted) {
+ req->out.h.error = -EINTR;
req->interrupted = 1;
- if (req->state == FUSE_REQ_SENT)
- queue_interrupt(fc, req);
- }
-
- if (req->force) {
- spin_unlock(&fc->lock);
- wait_event(req->waitq, req->state == FUSE_REQ_FINISHED);
- spin_lock(&fc->lock);
- } else {
- sigset_t oldset;
-
- /* Only fatal signals may interrupt this */
- block_sigs(&oldset);
- wait_answer_interruptible(fc, req);
- restore_sigs(&oldset);
}
-
- if (req->aborted)
- goto aborted;
- if (req->state == FUSE_REQ_FINISHED)
- return;
-
- req->out.h.error = -EINTR;
- req->aborted = 1;
-
- aborted:
if (req->locked) {
/* This is uninterruptible sleep, because data is
being copied to/from the buffers of req. During
if (req->state == FUSE_REQ_PENDING) {
list_del(&req->list);
__fuse_put_request(req);
- } else if (req->state == FUSE_REQ_SENT) {
- spin_unlock(&fc->lock);
- wait_event(req->waitq, req->state == FUSE_REQ_FINISHED);
- spin_lock(&fc->lock);
- }
+ } else if (req->state == FUSE_REQ_SENT)
+ background_request(fc, req);
}
static unsigned len_args(unsigned numargs, struct fuse_arg *args)
return nbytes;
}
-static u64 fuse_get_unique(struct fuse_conn *fc)
- {
- fc->reqctr++;
- /* zero is special */
- if (fc->reqctr == 0)
- fc->reqctr = 1;
-
- return fc->reqctr;
-}
-
static void queue_request(struct fuse_conn *fc, struct fuse_req *req)
{
- req->in.h.unique = fuse_get_unique(fc);
+ fc->reqctr++;
+ /* zero is special */
+ if (fc->reqctr == 0)
+ fc->reqctr = 1;
+ req->in.h.unique = fc->reqctr;
req->in.h.len = sizeof(struct fuse_in_header) +
len_args(req->in.numargs, (struct fuse_arg *) req->in.args);
list_add_tail(&req->list, &fc->pending);
kill_fasync(&fc->fasync, SIGIO, POLL_IN);
}
+/*
+ * This can only be interrupted by a SIGKILL
+ */
void request_send(struct fuse_conn *fc, struct fuse_req *req)
{
req->isreply = 1;
static void request_send_nowait(struct fuse_conn *fc, struct fuse_req *req)
{
spin_lock(&fc->lock);
+ background_request(fc, req);
if (fc->connected) {
- req->background = 1;
- fc->num_background++;
- if (fc->num_background == FUSE_MAX_BACKGROUND)
- fc->blocked = 1;
-
queue_request(fc, req);
spin_unlock(&fc->lock);
} else {
/*
* Lock the request. Up to the next unlock_request() there mustn't be
* anything that could cause a page-fault. If the request was already
- * aborted bail out.
+ * interrupted bail out.
*/
static int lock_request(struct fuse_conn *fc, struct fuse_req *req)
{
int err = 0;
if (req) {
spin_lock(&fc->lock);
- if (req->aborted)
+ if (req->interrupted)
err = -ENOENT;
else
req->locked = 1;
}
/*
- * Unlock request. If it was aborted during being locked, the
+ * Unlock request. If it was interrupted during being locked, the
* requester thread is currently waiting for it to be unlocked, so
* wake it up.
*/
if (req) {
spin_lock(&fc->lock);
req->locked = 0;
- if (req->aborted)
+ if (req->interrupted)
wake_up(&req->waitq);
spin_unlock(&fc->lock);
}
return err;
}
-static int request_pending(struct fuse_conn *fc)
-{
- return !list_empty(&fc->pending) || !list_empty(&fc->interrupts);
-}
-
/* Wait until a request is available on the pending list */
static void request_wait(struct fuse_conn *fc)
{
DECLARE_WAITQUEUE(wait, current);
add_wait_queue_exclusive(&fc->waitq, &wait);
- while (fc->connected && !request_pending(fc)) {
+ while (fc->connected && list_empty(&fc->pending)) {
set_current_state(TASK_INTERRUPTIBLE);
if (signal_pending(current))
break;
remove_wait_queue(&fc->waitq, &wait);
}
-/*
- * Transfer an interrupt request to userspace
- *
- * Unlike other requests this is assembled on demand, without a need
- * to allocate a separate fuse_req structure.
- *
- * Called with fc->lock held, releases it
- */
-static int fuse_read_interrupt(struct fuse_conn *fc, struct fuse_req *req,
- const struct iovec *iov, unsigned long nr_segs)
-{
- struct fuse_copy_state cs;
- struct fuse_in_header ih;
- struct fuse_interrupt_in arg;
- unsigned reqsize = sizeof(ih) + sizeof(arg);
- int err;
-
- list_del_init(&req->intr_entry);
- req->intr_unique = fuse_get_unique(fc);
- memset(&ih, 0, sizeof(ih));
- memset(&arg, 0, sizeof(arg));
- ih.len = reqsize;
- ih.opcode = FUSE_INTERRUPT;
- ih.unique = req->intr_unique;
- arg.unique = req->in.h.unique;
-
- spin_unlock(&fc->lock);
- if (iov_length(iov, nr_segs) < reqsize)
- return -EINVAL;
-
- fuse_copy_init(&cs, fc, 1, NULL, iov, nr_segs);
- err = fuse_copy_one(&cs, &ih, sizeof(ih));
- if (!err)
- err = fuse_copy_one(&cs, &arg, sizeof(arg));
- fuse_copy_finish(&cs);
-
- return err ? err : reqsize;
-}
-
/*
* Read a single request into the userspace filesystem's buffer. This
* function waits until a request is available, then removes it from
* the pending list and copies request data to userspace buffer. If
- * no reply is needed (FORGET) or request has been aborted or there
- * was an error during the copying then it's finished by calling
+ * no reply is needed (FORGET) or request has been interrupted or
+ * there was an error during the copying then it's finished by calling
* request_end(). Otherwise add it to the processing list, and set
* the 'sent' flag.
*/
spin_lock(&fc->lock);
err = -EAGAIN;
if ((file->f_flags & O_NONBLOCK) && fc->connected &&
- !request_pending(fc))
+ list_empty(&fc->pending))
goto err_unlock;
request_wait(fc);
if (!fc->connected)
goto err_unlock;
err = -ERESTARTSYS;
- if (!request_pending(fc))
+ if (list_empty(&fc->pending))
goto err_unlock;
- if (!list_empty(&fc->interrupts)) {
- req = list_entry(fc->interrupts.next, struct fuse_req,
- intr_entry);
- return fuse_read_interrupt(fc, req, iov, nr_segs);
- }
-
req = list_entry(fc->pending.next, struct fuse_req, list);
req->state = FUSE_REQ_READING;
list_move(&req->list, &fc->io);
fuse_copy_finish(&cs);
spin_lock(&fc->lock);
req->locked = 0;
- if (!err && req->aborted)
+ if (!err && req->interrupted)
err = -ENOENT;
if (err) {
- if (!req->aborted)
+ if (!req->interrupted)
req->out.h.error = -EIO;
request_end(fc, req);
return err;
else {
req->state = FUSE_REQ_SENT;
list_move_tail(&req->list, &fc->processing);
- if (req->interrupted)
- queue_interrupt(fc, req);
spin_unlock(&fc->lock);
}
return reqsize;
list_for_each(entry, &fc->processing) {
struct fuse_req *req;
req = list_entry(entry, struct fuse_req, list);
- if (req->in.h.unique == unique || req->intr_unique == unique)
+ if (req->in.h.unique == unique)
return req;
}
return NULL;
goto err_unlock;
req = request_find(fc, oh.unique);
+ err = -EINVAL;
if (!req)
goto err_unlock;
- if (req->aborted) {
+ if (req->interrupted) {
spin_unlock(&fc->lock);
fuse_copy_finish(&cs);
spin_lock(&fc->lock);
request_end(fc, req);
return -ENOENT;
}
- /* Is it an interrupt reply? */
- if (req->intr_unique == oh.unique) {
- err = -EINVAL;
- if (nbytes != sizeof(struct fuse_out_header))
- goto err_unlock;
-
- if (oh.error == -ENOSYS)
- fc->no_interrupt = 1;
- else if (oh.error == -EAGAIN)
- queue_interrupt(fc, req);
-
- spin_unlock(&fc->lock);
- fuse_copy_finish(&cs);
- return nbytes;
- }
-
- req->state = FUSE_REQ_WRITING;
list_move(&req->list, &fc->io);
req->out.h = oh;
req->locked = 1;
spin_lock(&fc->lock);
req->locked = 0;
if (!err) {
- if (req->aborted)
+ if (req->interrupted)
err = -ENOENT;
- } else if (!req->aborted)
+ } else if (!req->interrupted)
req->out.h.error = -EIO;
request_end(fc, req);
spin_lock(&fc->lock);
if (!fc->connected)
mask = POLLERR;
- else if (request_pending(fc))
+ else if (!list_empty(&fc->pending))
mask |= POLLIN | POLLRDNORM;
spin_unlock(&fc->lock);
/*
* Abort requests under I/O
*
- * The requests are set to aborted and finished, and the request
+ * The requests are set to interrupted and finished, and the request
* waiter is woken up. This will make request_wait_answer() wait
* until the request is unlocked and then return.
*
list_entry(fc->io.next, struct fuse_req, list);
void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
- req->aborted = 1;
+ req->interrupted = 1;
req->out.h.error = -ECONNABORTED;
req->state = FUSE_REQ_FINISHED;
list_del_init(&req->list);
* onto the pending list is prevented by req->connected being false.
*
* Progression of requests under I/O to the processing list is
- * prevented by the req->aborted flag being true for these requests.
- * For this reason requests on the io list must be aborted first.
+ * prevented by the req->interrupted flag being true for these
+ * requests. For this reason requests on the io list must be aborted
+ * first.
*/
void fuse_abort_conn(struct fuse_conn *fc)
{
spin_lock(&fc->lock);
if (fc->connected) {
fc->connected = 0;
- fc->blocked = 0;
end_io_requests(fc);
end_requests(fc, &fc->pending);
end_requests(fc, &fc->processing);
wake_up_all(&fc->waitq);
- wake_up_all(&fc->blocked_waitq);
kill_fasync(&fc->fasync, SIGIO, POLL_IN);
}
spin_unlock(&fc->lock);
end_requests(fc, &fc->processing);
spin_unlock(&fc->lock);
fasync_helper(-1, file, 0, &fc->fasync);
- fuse_conn_put(fc);
+ kobject_put(&fc->kobj);
}
return 0;