Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/fs/cuse/cuse.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $FreeBSD: releng/11.0/sys/fs/cuse/cuse.c 302381 2016-07-06 22:21:22Z hselasky $ */ 2 /*- 3 * Copyright (c) 2010-2013 Hans Petter Selasky. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27 #include "opt_compat.h" 28 29 #include <sys/stdint.h> 30 #include <sys/stddef.h> 31 #include <sys/param.h> 32 #include <sys/types.h> 33 #include <sys/systm.h> 34 #include <sys/conf.h> 35 #include <sys/kernel.h> 36 #include <sys/bus.h> 37 #include <sys/linker_set.h> 38 #include <sys/module.h> 39 #include <sys/lock.h> 40 #include <sys/mutex.h> 41 #include <sys/condvar.h> 42 #include <sys/sysctl.h> 43 #include <sys/unistd.h> 44 #include <sys/malloc.h> 45 #include <sys/priv.h> 46 #include <sys/uio.h> 47 #include <sys/poll.h> 48 #include <sys/sx.h> 49 #include <sys/queue.h> 50 #include <sys/fcntl.h> 51 #include <sys/proc.h> 52 #include <sys/vnode.h> 53 #include <sys/selinfo.h> 54 #include <sys/ptrace.h> 55 56 #include <machine/bus.h> 57 58 #include <vm/vm.h> 59 #include <vm/pmap.h> 60 61 #include <fs/cuse/cuse_defs.h> 62 #include <fs/cuse/cuse_ioctl.h> 63 64 MODULE_VERSION(cuse, 1); 65 66 #define NBUSY ((uint8_t *)1) 67 68 #ifdef FEATURE 69 FEATURE(cuse, "Userspace character devices"); 70 #endif 71 72 struct cuse_command; 73 struct cuse_server; 74 struct cuse_client; 75 76 struct cuse_client_command { 77 TAILQ_ENTRY(cuse_client_command) entry; 78 struct cuse_command sub; 79 struct sx sx; 80 struct cv cv; 81 struct thread *entered; 82 struct cuse_client *client; 83 struct proc *proc_curr; 84 int proc_refs; 85 int got_signal; 86 int error; 87 int command; 88 }; 89 90 struct cuse_memory { 91 struct cuse_server *owner; 92 uint8_t *virtaddr; 93 uint32_t page_count; 94 uint32_t is_allocated; 95 }; 96 97 struct cuse_server_dev { 98 TAILQ_ENTRY(cuse_server_dev) entry; 99 struct cuse_server *server; 100 struct cdev *kern_dev; 101 struct cuse_dev *user_dev; 102 }; 103 104 struct cuse_server { 105 TAILQ_ENTRY(cuse_server) entry; 106 TAILQ_HEAD(, cuse_client_command) head; 107 TAILQ_HEAD(, cuse_server_dev) hdev; 108 TAILQ_HEAD(, cuse_client) hcli; 109 struct cv cv; 110 struct selinfo selinfo; 111 pid_t pid; 112 int is_closing; 113 int refs; 114 }; 115 116 struct cuse_client { 117 TAILQ_ENTRY(cuse_client) entry; 118 TAILQ_ENTRY(cuse_client) entry_ref; 119 struct cuse_client_command cmds[CUSE_CMD_MAX]; 120 struct cuse_server *server; 121 struct cuse_server_dev *server_dev; 122 123 uint8_t ioctl_buffer[CUSE_BUFFER_MAX] __aligned(4); 124 125 int fflags; /* file flags */ 126 int cflags; /* client flags */ 127 #define CUSE_CLI_IS_CLOSING 0x01 128 #define CUSE_CLI_KNOTE_NEED_READ 0x02 129 #define CUSE_CLI_KNOTE_NEED_WRITE 0x04 130 #define CUSE_CLI_KNOTE_HAS_READ 0x08 131 #define CUSE_CLI_KNOTE_HAS_WRITE 0x10 132 }; 133 134 #define CUSE_CLIENT_CLOSING(pcc) \ 135 ((pcc)->cflags & CUSE_CLI_IS_CLOSING) 136 137 static MALLOC_DEFINE(M_CUSE, "cuse", "CUSE memory"); 138 139 static TAILQ_HEAD(, cuse_server) cuse_server_head; 140 static struct mtx cuse_mtx; 141 static struct cdev *cuse_dev; 142 static struct cuse_server *cuse_alloc_unit[CUSE_DEVICES_MAX]; 143 static int cuse_alloc_unit_id[CUSE_DEVICES_MAX]; 144 static struct cuse_memory cuse_mem[CUSE_ALLOC_UNIT_MAX]; 145 146 static void cuse_server_wakeup_all_client_locked(struct cuse_server *pcs); 147 static void cuse_client_kqfilter_read_detach(struct knote *kn); 148 static void cuse_client_kqfilter_write_detach(struct knote *kn); 149 static int cuse_client_kqfilter_read_event(struct knote *kn, long hint); 150 static int cuse_client_kqfilter_write_event(struct knote *kn, long hint); 151 152 static struct filterops cuse_client_kqfilter_read_ops = { 153 .f_isfd = 1, 154 .f_detach = cuse_client_kqfilter_read_detach, 155 .f_event = cuse_client_kqfilter_read_event, 156 }; 157 158 static struct filterops cuse_client_kqfilter_write_ops = { 159 .f_isfd = 1, 160 .f_detach = cuse_client_kqfilter_write_detach, 161 .f_event = cuse_client_kqfilter_write_event, 162 }; 163 164 static d_open_t cuse_client_open; 165 static d_close_t cuse_client_close; 166 static d_ioctl_t cuse_client_ioctl; 167 static d_read_t cuse_client_read; 168 static d_write_t cuse_client_write; 169 static d_poll_t cuse_client_poll; 170 static d_mmap_t cuse_client_mmap; 171 static d_kqfilter_t cuse_client_kqfilter; 172 173 static struct cdevsw cuse_client_devsw = { 174 .d_version = D_VERSION, 175 .d_open = cuse_client_open, 176 .d_close = cuse_client_close, 177 .d_ioctl = cuse_client_ioctl, 178 .d_name = "cuse_client", 179 .d_flags = D_TRACKCLOSE, 180 .d_read = cuse_client_read, 181 .d_write = cuse_client_write, 182 .d_poll = cuse_client_poll, 183 .d_mmap = cuse_client_mmap, 184 .d_kqfilter = cuse_client_kqfilter, 185 }; 186 187 static d_open_t cuse_server_open; 188 static d_close_t cuse_server_close; 189 static d_ioctl_t cuse_server_ioctl; 190 static d_read_t cuse_server_read; 191 static d_write_t cuse_server_write; 192 static d_poll_t cuse_server_poll; 193 static d_mmap_t cuse_server_mmap; 194 195 static struct cdevsw cuse_server_devsw = { 196 .d_version = D_VERSION, 197 .d_open = cuse_server_open, 198 .d_close = cuse_server_close, 199 .d_ioctl = cuse_server_ioctl, 200 .d_name = "cuse_server", 201 .d_flags = D_TRACKCLOSE, 202 .d_read = cuse_server_read, 203 .d_write = cuse_server_write, 204 .d_poll = cuse_server_poll, 205 .d_mmap = cuse_server_mmap, 206 }; 207 208 static void cuse_client_is_closing(struct cuse_client *); 209 static int cuse_free_unit_by_id_locked(struct cuse_server *, int); 210 211 static void 212 cuse_lock(void) 213 { 214 mtx_lock(&cuse_mtx); 215 } 216 217 static void 218 cuse_unlock(void) 219 { 220 mtx_unlock(&cuse_mtx); 221 } 222 223 static void 224 cuse_cmd_lock(struct cuse_client_command *pccmd) 225 { 226 sx_xlock(&pccmd->sx); 227 } 228 229 static void 230 cuse_cmd_unlock(struct cuse_client_command *pccmd) 231 { 232 sx_xunlock(&pccmd->sx); 233 } 234 235 static void 236 cuse_kern_init(void *arg) 237 { 238 TAILQ_INIT(&cuse_server_head); 239 240 mtx_init(&cuse_mtx, "cuse-mtx", NULL, MTX_DEF); 241 242 cuse_dev = make_dev(&cuse_server_devsw, 0, 243 UID_ROOT, GID_OPERATOR, 0600, "cuse"); 244 245 printf("Cuse v%d.%d.%d @ /dev/cuse\n", 246 (CUSE_VERSION >> 16) & 0xFF, (CUSE_VERSION >> 8) & 0xFF, 247 (CUSE_VERSION >> 0) & 0xFF); 248 } 249 250 SYSINIT(cuse_kern_init, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_init, 0); 251 252 static void 253 cuse_kern_uninit(void *arg) 254 { 255 void *ptr; 256 257 while (1) { 258 259 printf("Cuse: Please exit all /dev/cuse instances " 260 "and processes which have used this device.\n"); 261 262 pause("DRAIN", 2 * hz); 263 264 cuse_lock(); 265 ptr = TAILQ_FIRST(&cuse_server_head); 266 cuse_unlock(); 267 268 if (ptr == NULL) 269 break; 270 } 271 272 if (cuse_dev != NULL) 273 destroy_dev(cuse_dev); 274 275 mtx_destroy(&cuse_mtx); 276 } 277 278 SYSUNINIT(cuse_kern_uninit, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_uninit, 0); 279 280 static int 281 cuse_server_get(struct cuse_server **ppcs) 282 { 283 struct cuse_server *pcs; 284 int error; 285 286 error = devfs_get_cdevpriv((void **)&pcs); 287 if (error != 0) { 288 *ppcs = NULL; 289 return (error); 290 } 291 /* check if closing */ 292 cuse_lock(); 293 if (pcs->is_closing) { 294 cuse_unlock(); 295 *ppcs = NULL; 296 return (EINVAL); 297 } 298 cuse_unlock(); 299 *ppcs = pcs; 300 return (0); 301 } 302 303 static void 304 cuse_server_is_closing(struct cuse_server *pcs) 305 { 306 struct cuse_client *pcc; 307 308 if (pcs->is_closing) 309 return; 310 311 pcs->is_closing = 1; 312 313 TAILQ_FOREACH(pcc, &pcs->hcli, entry) { 314 cuse_client_is_closing(pcc); 315 } 316 } 317 318 static struct cuse_client_command * 319 cuse_server_find_command(struct cuse_server *pcs, struct thread *td) 320 { 321 struct cuse_client *pcc; 322 int n; 323 324 if (pcs->is_closing) 325 goto done; 326 327 TAILQ_FOREACH(pcc, &pcs->hcli, entry) { 328 if (CUSE_CLIENT_CLOSING(pcc)) 329 continue; 330 for (n = 0; n != CUSE_CMD_MAX; n++) { 331 if (pcc->cmds[n].entered == td) 332 return (&pcc->cmds[n]); 333 } 334 } 335 done: 336 return (NULL); 337 } 338 339 static void 340 cuse_str_filter(char *ptr) 341 { 342 int c; 343 344 while (((c = *ptr) != 0)) { 345 346 if ((c >= 'a') && (c <= 'z')) { 347 ptr++; 348 continue; 349 } 350 if ((c >= 'A') && (c <= 'Z')) { 351 ptr++; 352 continue; 353 } 354 if ((c >= '') && (c <= '9')) { 355 ptr++; 356 continue; 357 } 358 if ((c == '.') || (c == '_') || (c == '/')) { 359 ptr++; 360 continue; 361 } 362 *ptr = '_'; 363 364 ptr++; 365 } 366 } 367 368 static int 369 cuse_convert_error(int error) 370 { 371 ; /* indent fix */ 372 switch (error) { 373 case CUSE_ERR_NONE: 374 return (0); 375 case CUSE_ERR_BUSY: 376 return (EBUSY); 377 case CUSE_ERR_WOULDBLOCK: 378 return (EWOULDBLOCK); 379 case CUSE_ERR_INVALID: 380 return (EINVAL); 381 case CUSE_ERR_NO_MEMORY: 382 return (ENOMEM); 383 case CUSE_ERR_FAULT: 384 return (EFAULT); 385 case CUSE_ERR_SIGNAL: 386 return (EINTR); 387 default: 388 return (ENXIO); 389 } 390 } 391 392 static void 393 cuse_server_free_memory(struct cuse_server *pcs) 394 { 395 struct cuse_memory *mem; 396 uint32_t n; 397 398 for (n = 0; n != CUSE_ALLOC_UNIT_MAX; n++) { 399 mem = &cuse_mem[n]; 400 401 /* this memory is never freed */ 402 if (mem->owner == pcs) { 403 mem->owner = NULL; 404 mem->is_allocated = 0; 405 } 406 } 407 } 408 409 static int 410 cuse_server_alloc_memory(struct cuse_server *pcs, 411 struct cuse_memory *mem, uint32_t page_count) 412 { 413 void *ptr; 414 int error; 415 416 cuse_lock(); 417 418 if (mem->virtaddr == NBUSY) { 419 cuse_unlock(); 420 return (EBUSY); 421 } 422 if (mem->virtaddr != NULL) { 423 if (mem->is_allocated != 0) { 424 cuse_unlock(); 425 return (EBUSY); 426 } 427 if (mem->page_count == page_count) { 428 mem->is_allocated = 1; 429 mem->owner = pcs; 430 cuse_unlock(); 431 return (0); 432 } 433 cuse_unlock(); 434 return (EBUSY); 435 } 436 memset(mem, 0, sizeof(*mem)); 437 438 mem->virtaddr = NBUSY; 439 440 cuse_unlock(); 441 442 ptr = malloc(page_count * PAGE_SIZE, M_CUSE, M_WAITOK | M_ZERO); 443 if (ptr == NULL) 444 error = ENOMEM; 445 else 446 error = 0; 447 448 cuse_lock(); 449 450 if (error) { 451 mem->virtaddr = NULL; 452 cuse_unlock(); 453 return (error); 454 } 455 mem->virtaddr = ptr; 456 mem->page_count = page_count; 457 mem->is_allocated = 1; 458 mem->owner = pcs; 459 cuse_unlock(); 460 461 return (0); 462 } 463 464 static int 465 cuse_client_get(struct cuse_client **ppcc) 466 { 467 struct cuse_client *pcc; 468 int error; 469 470 /* try to get private data */ 471 error = devfs_get_cdevpriv((void **)&pcc); 472 if (error != 0) { 473 *ppcc = NULL; 474 return (error); 475 } 476 /* check if closing */ 477 cuse_lock(); 478 if (CUSE_CLIENT_CLOSING(pcc) || pcc->server->is_closing) { 479 cuse_unlock(); 480 *ppcc = NULL; 481 return (EINVAL); 482 } 483 cuse_unlock(); 484 *ppcc = pcc; 485 return (0); 486 } 487 488 static void 489 cuse_client_is_closing(struct cuse_client *pcc) 490 { 491 struct cuse_client_command *pccmd; 492 uint32_t n; 493 494 if (CUSE_CLIENT_CLOSING(pcc)) 495 return; 496 497 pcc->cflags |= CUSE_CLI_IS_CLOSING; 498 pcc->server_dev = NULL; 499 500 for (n = 0; n != CUSE_CMD_MAX; n++) { 501 502 pccmd = &pcc->cmds[n]; 503 504 if (pccmd->entry.tqe_prev != NULL) { 505 TAILQ_REMOVE(&pcc->server->head, pccmd, entry); 506 pccmd->entry.tqe_prev = NULL; 507 } 508 cv_broadcast(&pccmd->cv); 509 } 510 } 511 512 static void 513 cuse_client_send_command_locked(struct cuse_client_command *pccmd, 514 uintptr_t data_ptr, unsigned long arg, int fflags, int ioflag) 515 { 516 unsigned long cuse_fflags = 0; 517 struct cuse_server *pcs; 518 519 if (fflags & FREAD) 520 cuse_fflags |= CUSE_FFLAG_READ; 521 522 if (fflags & FWRITE) 523 cuse_fflags |= CUSE_FFLAG_WRITE; 524 525 if (ioflag & IO_NDELAY) 526 cuse_fflags |= CUSE_FFLAG_NONBLOCK; 527 528 pccmd->sub.fflags = cuse_fflags; 529 pccmd->sub.data_pointer = data_ptr; 530 pccmd->sub.argument = arg; 531 532 pcs = pccmd->client->server; 533 534 if ((pccmd->entry.tqe_prev == NULL) && 535 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) && 536 (pcs->is_closing == 0)) { 537 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry); 538 cv_signal(&pcs->cv); 539 } 540 } 541 542 static void 543 cuse_client_got_signal(struct cuse_client_command *pccmd) 544 { 545 struct cuse_server *pcs; 546 547 pccmd->got_signal = 1; 548 549 pccmd = &pccmd->client->cmds[CUSE_CMD_SIGNAL]; 550 551 pcs = pccmd->client->server; 552 553 if ((pccmd->entry.tqe_prev == NULL) && 554 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) && 555 (pcs->is_closing == 0)) { 556 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry); 557 cv_signal(&pcs->cv); 558 } 559 } 560 561 static int 562 cuse_client_receive_command_locked(struct cuse_client_command *pccmd, 563 uint8_t *arg_ptr, uint32_t arg_len) 564 { 565 int error; 566 567 error = 0; 568 569 pccmd->proc_curr = curthread->td_proc; 570 571 if (CUSE_CLIENT_CLOSING(pccmd->client) || 572 pccmd->client->server->is_closing) { 573 error = CUSE_ERR_OTHER; 574 goto done; 575 } 576 while (pccmd->command == CUSE_CMD_NONE) { 577 if (error != 0) { 578 cv_wait(&pccmd->cv, &cuse_mtx); 579 } else { 580 error = cv_wait_sig(&pccmd->cv, &cuse_mtx); 581 582 if (error != 0) 583 cuse_client_got_signal(pccmd); 584 } 585 if (CUSE_CLIENT_CLOSING(pccmd->client) || 586 pccmd->client->server->is_closing) { 587 error = CUSE_ERR_OTHER; 588 goto done; 589 } 590 } 591 592 error = pccmd->error; 593 pccmd->command = CUSE_CMD_NONE; 594 cv_signal(&pccmd->cv); 595 596 done: 597 598 /* wait until all process references are gone */ 599 600 pccmd->proc_curr = NULL; 601 602 while (pccmd->proc_refs != 0) 603 cv_wait(&pccmd->cv, &cuse_mtx); 604 605 return (error); 606 } 607 608 /*------------------------------------------------------------------------* 609 * CUSE SERVER PART 610 *------------------------------------------------------------------------*/ 611 612 static void 613 cuse_server_free_dev(struct cuse_server_dev *pcsd) 614 { 615 struct cuse_server *pcs; 616 struct cuse_client *pcc; 617 618 /* get server pointer */ 619 pcs = pcsd->server; 620 621 /* prevent creation of more devices */ 622 cuse_lock(); 623 if (pcsd->kern_dev != NULL) 624 pcsd->kern_dev->si_drv1 = NULL; 625 626 TAILQ_FOREACH(pcc, &pcs->hcli, entry) { 627 if (pcc->server_dev == pcsd) 628 cuse_client_is_closing(pcc); 629 } 630 cuse_unlock(); 631 632 /* destroy device, if any */ 633 if (pcsd->kern_dev != NULL) { 634 /* destroy device synchronously */ 635 destroy_dev(pcsd->kern_dev); 636 } 637 free(pcsd, M_CUSE); 638 } 639 640 static void 641 cuse_server_free(void *arg) 642 { 643 struct cuse_server *pcs = arg; 644 struct cuse_server_dev *pcsd; 645 646 cuse_lock(); 647 pcs->refs--; 648 if (pcs->refs != 0) { 649 cuse_unlock(); 650 return; 651 } 652 cuse_server_is_closing(pcs); 653 /* final client wakeup, if any */ 654 cuse_server_wakeup_all_client_locked(pcs); 655 656 TAILQ_REMOVE(&cuse_server_head, pcs, entry); 657 658 cuse_free_unit_by_id_locked(pcs, -1); 659 660 while ((pcsd = TAILQ_FIRST(&pcs->hdev)) != NULL) { 661 TAILQ_REMOVE(&pcs->hdev, pcsd, entry); 662 cuse_unlock(); 663 cuse_server_free_dev(pcsd); 664 cuse_lock(); 665 } 666 667 cuse_server_free_memory(pcs); 668 669 knlist_clear(&pcs->selinfo.si_note, 1); 670 knlist_destroy(&pcs->selinfo.si_note); 671 672 cuse_unlock(); 673 674 seldrain(&pcs->selinfo); 675 676 cv_destroy(&pcs->cv); 677 678 free(pcs, M_CUSE); 679 } 680 681 static int 682 cuse_server_open(struct cdev *dev, int fflags, int devtype, struct thread *td) 683 { 684 struct cuse_server *pcs; 685 686 pcs = malloc(sizeof(*pcs), M_CUSE, M_WAITOK | M_ZERO); 687 if (pcs == NULL) 688 return (ENOMEM); 689 690 if (devfs_set_cdevpriv(pcs, &cuse_server_free)) { 691 printf("Cuse: Cannot set cdevpriv.\n"); 692 free(pcs, M_CUSE); 693 return (ENOMEM); 694 } 695 696 /* store current process ID */ 697 pcs->pid = curproc->p_pid; 698 699 TAILQ_INIT(&pcs->head); 700 TAILQ_INIT(&pcs->hdev); 701 TAILQ_INIT(&pcs->hcli); 702 703 cv_init(&pcs->cv, "cuse-server-cv"); 704 705 knlist_init_mtx(&pcs->selinfo.si_note, &cuse_mtx); 706 707 cuse_lock(); 708 pcs->refs++; 709 TAILQ_INSERT_TAIL(&cuse_server_head, pcs, entry); 710 cuse_unlock(); 711 712 return (0); 713 } 714 715 static int 716 cuse_server_close(struct cdev *dev, int fflag, int devtype, struct thread *td) 717 { 718 struct cuse_server *pcs; 719 int error; 720 721 error = cuse_server_get(&pcs); 722 if (error != 0) 723 goto done; 724 725 cuse_lock(); 726 cuse_server_is_closing(pcs); 727 /* final client wakeup, if any */ 728 cuse_server_wakeup_all_client_locked(pcs); 729 730 knlist_clear(&pcs->selinfo.si_note, 1); 731 cuse_unlock(); 732 733 done: 734 return (0); 735 } 736 737 static int 738 cuse_server_read(struct cdev *dev, struct uio *uio, int ioflag) 739 { 740 return (ENXIO); 741 } 742 743 static int 744 cuse_server_write(struct cdev *dev, struct uio *uio, int ioflag) 745 { 746 return (ENXIO); 747 } 748 749 static int 750 cuse_server_ioctl_copy_locked(struct cuse_client_command *pccmd, 751 struct cuse_data_chunk *pchk, int isread) 752 { 753 struct proc *p_proc; 754 uint32_t offset; 755 int error; 756 757 offset = pchk->peer_ptr - CUSE_BUF_MIN_PTR; 758 759 if (pchk->length > CUSE_BUFFER_MAX) 760 return (EFAULT); 761 762 if (offset >= CUSE_BUFFER_MAX) 763 return (EFAULT); 764 765 if ((offset + pchk->length) > CUSE_BUFFER_MAX) 766 return (EFAULT); 767 768 p_proc = pccmd->proc_curr; 769 if (p_proc == NULL) 770 return (ENXIO); 771 772 if (pccmd->proc_refs < 0) 773 return (ENOMEM); 774 775 pccmd->proc_refs++; 776 777 cuse_unlock(); 778 779 if (isread == 0) { 780 error = copyin( 781 (void *)pchk->local_ptr, 782 pccmd->client->ioctl_buffer + offset, 783 pchk->length); 784 } else { 785 error = copyout( 786 pccmd->client->ioctl_buffer + offset, 787 (void *)pchk->local_ptr, 788 pchk->length); 789 } 790 791 cuse_lock(); 792 793 pccmd->proc_refs--; 794 795 if (pccmd->proc_curr == NULL) 796 cv_signal(&pccmd->cv); 797 798 return (error); 799 } 800 801 static int 802 cuse_proc2proc_copy(struct proc *proc_s, vm_offset_t data_s, 803 struct proc *proc_d, vm_offset_t data_d, size_t len) 804 { 805 struct thread *td; 806 struct proc *proc_cur; 807 int error; 808 809 td = curthread; 810 proc_cur = td->td_proc; 811 812 if (proc_cur == proc_d) { 813 struct iovec iov = { 814 .iov_base = (caddr_t)data_d, 815 .iov_len = len, 816 }; 817 struct uio uio = { 818 .uio_iov = &iov, 819 .uio_iovcnt = 1, 820 .uio_offset = (off_t)data_s, 821 .uio_resid = len, 822 .uio_segflg = UIO_USERSPACE, 823 .uio_rw = UIO_READ, 824 .uio_td = td, 825 }; 826 827 PHOLD(proc_s); 828 error = proc_rwmem(proc_s, &uio); 829 PRELE(proc_s); 830 831 } else if (proc_cur == proc_s) { 832 struct iovec iov = { 833 .iov_base = (caddr_t)data_s, 834 .iov_len = len, 835 }; 836 struct uio uio = { 837 .uio_iov = &iov, 838 .uio_iovcnt = 1, 839 .uio_offset = (off_t)data_d, 840 .uio_resid = len, 841 .uio_segflg = UIO_USERSPACE, 842 .uio_rw = UIO_WRITE, 843 .uio_td = td, 844 }; 845 846 PHOLD(proc_d); 847 error = proc_rwmem(proc_d, &uio); 848 PRELE(proc_d); 849 } else { 850 error = EINVAL; 851 } 852 return (error); 853 } 854 855 static int 856 cuse_server_data_copy_locked(struct cuse_client_command *pccmd, 857 struct cuse_data_chunk *pchk, int isread) 858 { 859 struct proc *p_proc; 860 int error; 861 862 p_proc = pccmd->proc_curr; 863 if (p_proc == NULL) 864 return (ENXIO); 865 866 if (pccmd->proc_refs < 0) 867 return (ENOMEM); 868 869 pccmd->proc_refs++; 870 871 cuse_unlock(); 872 873 if (isread == 0) { 874 error = cuse_proc2proc_copy( 875 curthread->td_proc, pchk->local_ptr, 876 p_proc, pchk->peer_ptr, 877 pchk->length); 878 } else { 879 error = cuse_proc2proc_copy( 880 p_proc, pchk->peer_ptr, 881 curthread->td_proc, pchk->local_ptr, 882 pchk->length); 883 } 884 885 cuse_lock(); 886 887 pccmd->proc_refs--; 888 889 if (pccmd->proc_curr == NULL) 890 cv_signal(&pccmd->cv); 891 892 return (error); 893 } 894 895 static int 896 cuse_alloc_unit_by_id_locked(struct cuse_server *pcs, int id) 897 { 898 int n; 899 int x = 0; 900 int match; 901 902 do { 903 for (match = n = 0; n != CUSE_DEVICES_MAX; n++) { 904 if (cuse_alloc_unit[n] != NULL) { 905 if ((cuse_alloc_unit_id[n] ^ id) & CUSE_ID_MASK) 906 continue; 907 if ((cuse_alloc_unit_id[n] & ~CUSE_ID_MASK) == x) { 908 x++; 909 match = 1; 910 } 911 } 912 } 913 } while (match); 914 915 if (x < 256) { 916 for (n = 0; n != CUSE_DEVICES_MAX; n++) { 917 if (cuse_alloc_unit[n] == NULL) { 918 cuse_alloc_unit[n] = pcs; 919 cuse_alloc_unit_id[n] = id | x; 920 return (x); 921 } 922 } 923 } 924 return (-1); 925 } 926 927 static void 928 cuse_server_wakeup_locked(struct cuse_server *pcs) 929 { 930 selwakeup(&pcs->selinfo); 931 KNOTE_LOCKED(&pcs->selinfo.si_note, 0); 932 } 933 934 static void 935 cuse_server_wakeup_all_client_locked(struct cuse_server *pcs) 936 { 937 struct cuse_client *pcc; 938 939 TAILQ_FOREACH(pcc, &pcs->hcli, entry) { 940 pcc->cflags |= (CUSE_CLI_KNOTE_NEED_READ | 941 CUSE_CLI_KNOTE_NEED_WRITE); 942 } 943 cuse_server_wakeup_locked(pcs); 944 } 945 946 static int 947 cuse_free_unit_by_id_locked(struct cuse_server *pcs, int id) 948 { 949 int n; 950 int found = 0; 951 952 for (n = 0; n != CUSE_DEVICES_MAX; n++) { 953 if (cuse_alloc_unit[n] == pcs) { 954 if (cuse_alloc_unit_id[n] == id || id == -1) { 955 cuse_alloc_unit[n] = NULL; 956 cuse_alloc_unit_id[n] = 0; 957 found = 1; 958 } 959 } 960 } 961 962 return (found ? 0 : EINVAL); 963 } 964 965 static int 966 cuse_server_ioctl(struct cdev *dev, unsigned long cmd, 967 caddr_t data, int fflag, struct thread *td) 968 { 969 struct cuse_server *pcs; 970 int error; 971 972 error = cuse_server_get(&pcs); 973 if (error != 0) 974 return (error); 975 976 switch (cmd) { 977 struct cuse_client_command *pccmd; 978 struct cuse_client *pcc; 979 struct cuse_command *pcmd; 980 struct cuse_alloc_info *pai; 981 struct cuse_create_dev *pcd; 982 struct cuse_server_dev *pcsd; 983 struct cuse_data_chunk *pchk; 984 int n; 985 986 case CUSE_IOCTL_GET_COMMAND: 987 pcmd = (void *)data; 988 989 cuse_lock(); 990 991 while ((pccmd = TAILQ_FIRST(&pcs->head)) == NULL) { 992 error = cv_wait_sig(&pcs->cv, &cuse_mtx); 993 994 if (pcs->is_closing) 995 error = ENXIO; 996 997 if (error) { 998 cuse_unlock(); 999 return (error); 1000 } 1001 } 1002 1003 TAILQ_REMOVE(&pcs->head, pccmd, entry); 1004 pccmd->entry.tqe_prev = NULL; 1005 1006 pccmd->entered = curthread; 1007 1008 *pcmd = pccmd->sub; 1009 1010 cuse_unlock(); 1011 1012 break; 1013 1014 case CUSE_IOCTL_SYNC_COMMAND: 1015 1016 cuse_lock(); 1017 while ((pccmd = cuse_server_find_command(pcs, curthread)) != NULL) { 1018 1019 /* send sync command */ 1020 pccmd->entered = NULL; 1021 pccmd->error = *(int *)data; 1022 pccmd->command = CUSE_CMD_SYNC; 1023 1024 /* signal peer, if any */ 1025 cv_signal(&pccmd->cv); 1026 } 1027 cuse_unlock(); 1028 1029 break; 1030 1031 case CUSE_IOCTL_ALLOC_UNIT: 1032 1033 cuse_lock(); 1034 n = cuse_alloc_unit_by_id_locked(pcs, 1035 CUSE_ID_DEFAULT(0)); 1036 cuse_unlock(); 1037 1038 if (n < 0) 1039 error = ENOMEM; 1040 else 1041 *(int *)data = n; 1042 break; 1043 1044 case CUSE_IOCTL_ALLOC_UNIT_BY_ID: 1045 1046 n = *(int *)data; 1047 1048 n = (n & CUSE_ID_MASK); 1049 1050 cuse_lock(); 1051 n = cuse_alloc_unit_by_id_locked(pcs, n); 1052 cuse_unlock(); 1053 1054 if (n < 0) 1055 error = ENOMEM; 1056 else 1057 *(int *)data = n; 1058 break; 1059 1060 case CUSE_IOCTL_FREE_UNIT: 1061 1062 n = *(int *)data; 1063 1064 n = CUSE_ID_DEFAULT(n); 1065 1066 cuse_lock(); 1067 error = cuse_free_unit_by_id_locked(pcs, n); 1068 cuse_unlock(); 1069 break; 1070 1071 case CUSE_IOCTL_FREE_UNIT_BY_ID: 1072 1073 n = *(int *)data; 1074 1075 cuse_lock(); 1076 error = cuse_free_unit_by_id_locked(pcs, n); 1077 cuse_unlock(); 1078 break; 1079 1080 case CUSE_IOCTL_ALLOC_MEMORY: 1081 1082 pai = (void *)data; 1083 1084 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) { 1085 error = ENOMEM; 1086 break; 1087 } 1088 if (pai->page_count > CUSE_ALLOC_PAGES_MAX) { 1089 error = ENOMEM; 1090 break; 1091 } 1092 error = cuse_server_alloc_memory(pcs, 1093 &cuse_mem[pai->alloc_nr], pai->page_count); 1094 break; 1095 1096 case CUSE_IOCTL_FREE_MEMORY: 1097 pai = (void *)data; 1098 1099 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) { 1100 error = ENOMEM; 1101 break; 1102 } 1103 /* we trust the character device driver in this case */ 1104 1105 cuse_lock(); 1106 if (cuse_mem[pai->alloc_nr].owner == pcs) { 1107 cuse_mem[pai->alloc_nr].is_allocated = 0; 1108 cuse_mem[pai->alloc_nr].owner = NULL; 1109 } else { 1110 error = EINVAL; 1111 } 1112 cuse_unlock(); 1113 break; 1114 1115 case CUSE_IOCTL_GET_SIG: 1116 1117 cuse_lock(); 1118 pccmd = cuse_server_find_command(pcs, curthread); 1119 1120 if (pccmd != NULL) { 1121 n = pccmd->got_signal; 1122 pccmd->got_signal = 0; 1123 } else { 1124 n = 0; 1125 } 1126 cuse_unlock(); 1127 1128 *(int *)data = n; 1129 1130 break; 1131 1132 case CUSE_IOCTL_SET_PFH: 1133 1134 cuse_lock(); 1135 pccmd = cuse_server_find_command(pcs, curthread); 1136 1137 if (pccmd != NULL) { 1138 pcc = pccmd->client; 1139 for (n = 0; n != CUSE_CMD_MAX; n++) { 1140 pcc->cmds[n].sub.per_file_handle = *(uintptr_t *)data; 1141 } 1142 } else { 1143 error = ENXIO; 1144 } 1145 cuse_unlock(); 1146 break; 1147 1148 case CUSE_IOCTL_CREATE_DEV: 1149 1150 error = priv_check(curthread, PRIV_DRIVER); 1151 if (error) 1152 break; 1153 1154 pcd = (void *)data; 1155 1156 /* filter input */ 1157 1158 pcd->devname[sizeof(pcd->devname) - 1] = 0; 1159 1160 if (pcd->devname[0] == 0) { 1161 error = EINVAL; 1162 break; 1163 } 1164 cuse_str_filter(pcd->devname); 1165 1166 pcd->permissions &= 0777; 1167 1168 /* try to allocate a character device */ 1169 1170 pcsd = malloc(sizeof(*pcsd), M_CUSE, M_WAITOK | M_ZERO); 1171 1172 if (pcsd == NULL) { 1173 error = ENOMEM; 1174 break; 1175 } 1176 pcsd->server = pcs; 1177 1178 pcsd->user_dev = pcd->dev; 1179 1180 pcsd->kern_dev = make_dev_credf(MAKEDEV_CHECKNAME, 1181 &cuse_client_devsw, 0, NULL, pcd->user_id, pcd->group_id, 1182 pcd->permissions, "%s", pcd->devname); 1183 1184 if (pcsd->kern_dev == NULL) { 1185 free(pcsd, M_CUSE); 1186 error = ENOMEM; 1187 break; 1188 } 1189 pcsd->kern_dev->si_drv1 = pcsd; 1190 1191 cuse_lock(); 1192 TAILQ_INSERT_TAIL(&pcs->hdev, pcsd, entry); 1193 cuse_unlock(); 1194 1195 break; 1196 1197 case CUSE_IOCTL_DESTROY_DEV: 1198 1199 error = priv_check(curthread, PRIV_DRIVER); 1200 if (error) 1201 break; 1202 1203 cuse_lock(); 1204 1205 error = EINVAL; 1206 1207 pcsd = TAILQ_FIRST(&pcs->hdev); 1208 while (pcsd != NULL) { 1209 if (pcsd->user_dev == *(struct cuse_dev **)data) { 1210 TAILQ_REMOVE(&pcs->hdev, pcsd, entry); 1211 cuse_unlock(); 1212 cuse_server_free_dev(pcsd); 1213 cuse_lock(); 1214 error = 0; 1215 pcsd = TAILQ_FIRST(&pcs->hdev); 1216 } else { 1217 pcsd = TAILQ_NEXT(pcsd, entry); 1218 } 1219 } 1220 1221 cuse_unlock(); 1222 break; 1223 1224 case CUSE_IOCTL_WRITE_DATA: 1225 case CUSE_IOCTL_READ_DATA: 1226 1227 cuse_lock(); 1228 pchk = (struct cuse_data_chunk *)data; 1229 1230 pccmd = cuse_server_find_command(pcs, curthread); 1231 1232 if (pccmd == NULL) { 1233 error = ENXIO; /* invalid request */ 1234 } else if (pchk->peer_ptr < CUSE_BUF_MIN_PTR) { 1235 error = EFAULT; /* NULL pointer */ 1236 } else if (pchk->peer_ptr < CUSE_BUF_MAX_PTR) { 1237 error = cuse_server_ioctl_copy_locked(pccmd, 1238 pchk, cmd == CUSE_IOCTL_READ_DATA); 1239 } else { 1240 error = cuse_server_data_copy_locked(pccmd, 1241 pchk, cmd == CUSE_IOCTL_READ_DATA); 1242 } 1243 cuse_unlock(); 1244 break; 1245 1246 case CUSE_IOCTL_SELWAKEUP: 1247 cuse_lock(); 1248 /* 1249 * We don't know which direction caused the event. 1250 * Wakeup both! 1251 */ 1252 cuse_server_wakeup_all_client_locked(pcs); 1253 cuse_unlock(); 1254 break; 1255 1256 default: 1257 error = ENXIO; 1258 break; 1259 } 1260 return (error); 1261 } 1262 1263 static int 1264 cuse_server_poll(struct cdev *dev, int events, struct thread *td) 1265 { 1266 return (events & (POLLHUP | POLLPRI | POLLIN | 1267 POLLRDNORM | POLLOUT | POLLWRNORM)); 1268 } 1269 1270 static int 1271 cuse_server_mmap(struct cdev *dev, vm_ooffset_t offset, vm_paddr_t *paddr, int nprot, vm_memattr_t *memattr) 1272 { 1273 uint32_t page_nr = offset / PAGE_SIZE; 1274 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX; 1275 struct cuse_memory *mem; 1276 struct cuse_server *pcs; 1277 uint8_t *ptr; 1278 int error; 1279 1280 if (alloc_nr >= CUSE_ALLOC_UNIT_MAX) 1281 return (ENOMEM); 1282 1283 error = cuse_server_get(&pcs); 1284 if (error != 0) 1285 pcs = NULL; 1286 1287 cuse_lock(); 1288 mem = &cuse_mem[alloc_nr]; 1289 1290 /* try to enforce slight ownership */ 1291 if ((pcs != NULL) && (mem->owner != pcs)) { 1292 cuse_unlock(); 1293 return (EINVAL); 1294 } 1295 if (mem->virtaddr == NULL) { 1296 cuse_unlock(); 1297 return (ENOMEM); 1298 } 1299 if (mem->virtaddr == NBUSY) { 1300 cuse_unlock(); 1301 return (ENOMEM); 1302 } 1303 page_nr %= CUSE_ALLOC_PAGES_MAX; 1304 1305 if (page_nr >= mem->page_count) { 1306 cuse_unlock(); 1307 return (ENXIO); 1308 } 1309 ptr = mem->virtaddr + (page_nr * PAGE_SIZE); 1310 cuse_unlock(); 1311 1312 *paddr = vtophys(ptr); 1313 1314 return (0); 1315 } 1316 1317 /*------------------------------------------------------------------------* 1318 * CUSE CLIENT PART 1319 *------------------------------------------------------------------------*/ 1320 static void 1321 cuse_client_free(void *arg) 1322 { 1323 struct cuse_client *pcc = arg; 1324 struct cuse_client_command *pccmd; 1325 struct cuse_server *pcs; 1326 int n; 1327 1328 cuse_lock(); 1329 cuse_client_is_closing(pcc); 1330 TAILQ_REMOVE(&pcc->server->hcli, pcc, entry); 1331 cuse_unlock(); 1332 1333 for (n = 0; n != CUSE_CMD_MAX; n++) { 1334 1335 pccmd = &pcc->cmds[n]; 1336 1337 sx_destroy(&pccmd->sx); 1338 cv_destroy(&pccmd->cv); 1339 } 1340 1341 pcs = pcc->server; 1342 1343 free(pcc, M_CUSE); 1344 1345 /* drop reference on server */ 1346 cuse_server_free(pcs); 1347 } 1348 1349 static int 1350 cuse_client_open(struct cdev *dev, int fflags, int devtype, struct thread *td) 1351 { 1352 struct cuse_client_command *pccmd; 1353 struct cuse_server_dev *pcsd; 1354 struct cuse_client *pcc; 1355 struct cuse_server *pcs; 1356 struct cuse_dev *pcd; 1357 int error; 1358 int n; 1359 1360 cuse_lock(); 1361 pcsd = dev->si_drv1; 1362 if (pcsd != NULL) { 1363 pcs = pcsd->server; 1364 pcd = pcsd->user_dev; 1365 /* 1366 * Check that the refcount didn't wrap and that the 1367 * same process is not both client and server. This 1368 * can easily lead to deadlocks when destroying the 1369 * CUSE character device nodes: 1370 */ 1371 pcs->refs++; 1372 if (pcs->refs < 0 || pcs->pid == curproc->p_pid) { 1373 /* overflow or wrong PID */ 1374 pcs->refs--; 1375 pcsd = NULL; 1376 } 1377 } else { 1378 pcs = NULL; 1379 pcd = NULL; 1380 } 1381 cuse_unlock(); 1382 1383 if (pcsd == NULL) 1384 return (EINVAL); 1385 1386 pcc = malloc(sizeof(*pcc), M_CUSE, M_WAITOK | M_ZERO); 1387 if (pcc == NULL) { 1388 /* drop reference on server */ 1389 cuse_server_free(pcs); 1390 return (ENOMEM); 1391 } 1392 if (devfs_set_cdevpriv(pcc, &cuse_client_free)) { 1393 printf("Cuse: Cannot set cdevpriv.\n"); 1394 /* drop reference on server */ 1395 cuse_server_free(pcs); 1396 free(pcc, M_CUSE); 1397 return (ENOMEM); 1398 } 1399 pcc->fflags = fflags; 1400 pcc->server_dev = pcsd; 1401 pcc->server = pcs; 1402 1403 for (n = 0; n != CUSE_CMD_MAX; n++) { 1404 1405 pccmd = &pcc->cmds[n]; 1406 1407 pccmd->sub.dev = pcd; 1408 pccmd->sub.command = n; 1409 pccmd->client = pcc; 1410 1411 sx_init(&pccmd->sx, "cuse-client-sx"); 1412 cv_init(&pccmd->cv, "cuse-client-cv"); 1413 } 1414 1415 cuse_lock(); 1416 1417 /* cuse_client_free() assumes that the client is listed somewhere! */ 1418 /* always enqueue */ 1419 1420 TAILQ_INSERT_TAIL(&pcs->hcli, pcc, entry); 1421 1422 /* check if server is closing */ 1423 if ((pcs->is_closing != 0) || (dev->si_drv1 == NULL)) { 1424 error = EINVAL; 1425 } else { 1426 error = 0; 1427 } 1428 cuse_unlock(); 1429 1430 if (error) { 1431 devfs_clear_cdevpriv(); /* XXX bugfix */ 1432 return (error); 1433 } 1434 pccmd = &pcc->cmds[CUSE_CMD_OPEN]; 1435 1436 cuse_cmd_lock(pccmd); 1437 1438 cuse_lock(); 1439 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0); 1440 1441 error = cuse_client_receive_command_locked(pccmd, 0, 0); 1442 cuse_unlock(); 1443 1444 if (error < 0) { 1445 error = cuse_convert_error(error); 1446 } else { 1447 error = 0; 1448 } 1449 1450 cuse_cmd_unlock(pccmd); 1451 1452 if (error) 1453 devfs_clear_cdevpriv(); /* XXX bugfix */ 1454 1455 return (error); 1456 } 1457 1458 static int 1459 cuse_client_close(struct cdev *dev, int fflag, int devtype, struct thread *td) 1460 { 1461 struct cuse_client_command *pccmd; 1462 struct cuse_client *pcc; 1463 int error; 1464 1465 error = cuse_client_get(&pcc); 1466 if (error != 0) 1467 return (0); 1468 1469 pccmd = &pcc->cmds[CUSE_CMD_CLOSE]; 1470 1471 cuse_cmd_lock(pccmd); 1472 1473 cuse_lock(); 1474 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0); 1475 1476 error = cuse_client_receive_command_locked(pccmd, 0, 0); 1477 cuse_unlock(); 1478 1479 cuse_cmd_unlock(pccmd); 1480 1481 cuse_lock(); 1482 cuse_client_is_closing(pcc); 1483 cuse_unlock(); 1484 1485 return (0); 1486 } 1487 1488 static void 1489 cuse_client_kqfilter_poll(struct cdev *dev, struct cuse_client *pcc) 1490 { 1491 int temp; 1492 1493 cuse_lock(); 1494 temp = (pcc->cflags & (CUSE_CLI_KNOTE_HAS_READ | 1495 CUSE_CLI_KNOTE_HAS_WRITE)); 1496 pcc->cflags &= ~(CUSE_CLI_KNOTE_NEED_READ | 1497 CUSE_CLI_KNOTE_NEED_WRITE); 1498 cuse_unlock(); 1499 1500 if (temp != 0) { 1501 /* get the latest polling state from the server */ 1502 temp = cuse_client_poll(dev, POLLIN | POLLOUT, NULL); 1503 1504 cuse_lock(); 1505 if (temp & (POLLIN | POLLOUT)) { 1506 if (temp & POLLIN) 1507 pcc->cflags |= CUSE_CLI_KNOTE_NEED_READ; 1508 if (temp & POLLOUT) 1509 pcc->cflags |= CUSE_CLI_KNOTE_NEED_WRITE; 1510 1511 /* make sure the "knote" gets woken up */ 1512 cuse_server_wakeup_locked(pcc->server); 1513 } 1514 cuse_unlock(); 1515 } 1516 } 1517 1518 static int 1519 cuse_client_read(struct cdev *dev, struct uio *uio, int ioflag) 1520 { 1521 struct cuse_client_command *pccmd; 1522 struct cuse_client *pcc; 1523 int error; 1524 int len; 1525 1526 error = cuse_client_get(&pcc); 1527 if (error != 0) 1528 return (error); 1529 1530 pccmd = &pcc->cmds[CUSE_CMD_READ]; 1531 1532 if (uio->uio_segflg != UIO_USERSPACE) { 1533 return (EINVAL); 1534 } 1535 uio->uio_segflg = UIO_NOCOPY; 1536 1537 cuse_cmd_lock(pccmd); 1538 1539 while (uio->uio_resid != 0) { 1540 1541 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) { 1542 error = ENOMEM; 1543 break; 1544 } 1545 1546 len = uio->uio_iov->iov_len; 1547 1548 cuse_lock(); 1549 cuse_client_send_command_locked(pccmd, 1550 (uintptr_t)uio->uio_iov->iov_base, 1551 (unsigned long)(unsigned int)len, pcc->fflags, ioflag); 1552 1553 error = cuse_client_receive_command_locked(pccmd, 0, 0); 1554 cuse_unlock(); 1555 1556 if (error < 0) { 1557 error = cuse_convert_error(error); 1558 break; 1559 } else if (error == len) { 1560 error = uiomove(NULL, error, uio); 1561 if (error) 1562 break; 1563 } else { 1564 error = uiomove(NULL, error, uio); 1565 break; 1566 } 1567 } 1568 cuse_cmd_unlock(pccmd); 1569 1570 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */ 1571 1572 if (error == EWOULDBLOCK) 1573 cuse_client_kqfilter_poll(dev, pcc); 1574 1575 return (error); 1576 } 1577 1578 static int 1579 cuse_client_write(struct cdev *dev, struct uio *uio, int ioflag) 1580 { 1581 struct cuse_client_command *pccmd; 1582 struct cuse_client *pcc; 1583 int error; 1584 int len; 1585 1586 error = cuse_client_get(&pcc); 1587 if (error != 0) 1588 return (error); 1589 1590 pccmd = &pcc->cmds[CUSE_CMD_WRITE]; 1591 1592 if (uio->uio_segflg != UIO_USERSPACE) { 1593 return (EINVAL); 1594 } 1595 uio->uio_segflg = UIO_NOCOPY; 1596 1597 cuse_cmd_lock(pccmd); 1598 1599 while (uio->uio_resid != 0) { 1600 1601 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) { 1602 error = ENOMEM; 1603 break; 1604 } 1605 1606 len = uio->uio_iov->iov_len; 1607 1608 cuse_lock(); 1609 cuse_client_send_command_locked(pccmd, 1610 (uintptr_t)uio->uio_iov->iov_base, 1611 (unsigned long)(unsigned int)len, pcc->fflags, ioflag); 1612 1613 error = cuse_client_receive_command_locked(pccmd, 0, 0); 1614 cuse_unlock(); 1615 1616 if (error < 0) { 1617 error = cuse_convert_error(error); 1618 break; 1619 } else if (error == len) { 1620 error = uiomove(NULL, error, uio); 1621 if (error) 1622 break; 1623 } else { 1624 error = uiomove(NULL, error, uio); 1625 break; 1626 } 1627 } 1628 cuse_cmd_unlock(pccmd); 1629 1630 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */ 1631 1632 if (error == EWOULDBLOCK) 1633 cuse_client_kqfilter_poll(dev, pcc); 1634 1635 return (error); 1636 } 1637 1638 int 1639 cuse_client_ioctl(struct cdev *dev, unsigned long cmd, 1640 caddr_t data, int fflag, struct thread *td) 1641 { 1642 struct cuse_client_command *pccmd; 1643 struct cuse_client *pcc; 1644 int error; 1645 int len; 1646 1647 error = cuse_client_get(&pcc); 1648 if (error != 0) 1649 return (error); 1650 1651 len = IOCPARM_LEN(cmd); 1652 if (len > CUSE_BUFFER_MAX) 1653 return (ENOMEM); 1654 1655 pccmd = &pcc->cmds[CUSE_CMD_IOCTL]; 1656 1657 cuse_cmd_lock(pccmd); 1658 1659 if (cmd & (IOC_IN | IOC_VOID)) 1660 memcpy(pcc->ioctl_buffer, data, len); 1661 1662 /* 1663 * When the ioctl-length is zero drivers can pass information 1664 * through the data pointer of the ioctl. Make sure this information 1665 * is forwarded to the driver. 1666 */ 1667 1668 cuse_lock(); 1669 cuse_client_send_command_locked(pccmd, 1670 (len == 0) ? *(long *)data : CUSE_BUF_MIN_PTR, 1671 (unsigned long)cmd, pcc->fflags, 1672 (fflag & O_NONBLOCK) ? IO_NDELAY : 0); 1673 1674 error = cuse_client_receive_command_locked(pccmd, data, len); 1675 cuse_unlock(); 1676 1677 if (error < 0) { 1678 error = cuse_convert_error(error); 1679 } else { 1680 error = 0; 1681 } 1682 1683 if (cmd & IOC_OUT) 1684 memcpy(data, pcc->ioctl_buffer, len); 1685 1686 cuse_cmd_unlock(pccmd); 1687 1688 if (error == EWOULDBLOCK) 1689 cuse_client_kqfilter_poll(dev, pcc); 1690 1691 return (error); 1692 } 1693 1694 static int 1695 cuse_client_poll(struct cdev *dev, int events, struct thread *td) 1696 { 1697 struct cuse_client_command *pccmd; 1698 struct cuse_client *pcc; 1699 unsigned long temp; 1700 int error; 1701 int revents; 1702 1703 error = cuse_client_get(&pcc); 1704 if (error != 0) 1705 goto pollnval; 1706 1707 temp = 0; 1708 1709 if (events & (POLLPRI | POLLIN | POLLRDNORM)) 1710 temp |= CUSE_POLL_READ; 1711 1712 if (events & (POLLOUT | POLLWRNORM)) 1713 temp |= CUSE_POLL_WRITE; 1714 1715 if (events & POLLHUP) 1716 temp |= CUSE_POLL_ERROR; 1717 1718 pccmd = &pcc->cmds[CUSE_CMD_POLL]; 1719 1720 cuse_cmd_lock(pccmd); 1721 1722 /* Need to selrecord() first to not loose any events. */ 1723 if (temp != 0 && td != NULL) 1724 selrecord(td, &pcc->server->selinfo); 1725 1726 cuse_lock(); 1727 cuse_client_send_command_locked(pccmd, 1728 0, temp, pcc->fflags, IO_NDELAY); 1729 1730 error = cuse_client_receive_command_locked(pccmd, 0, 0); 1731 cuse_unlock(); 1732 1733 cuse_cmd_unlock(pccmd); 1734 1735 if (error < 0) { 1736 goto pollnval; 1737 } else { 1738 revents = 0; 1739 if (error & CUSE_POLL_READ) 1740 revents |= (events & (POLLPRI | POLLIN | POLLRDNORM)); 1741 if (error & CUSE_POLL_WRITE) 1742 revents |= (events & (POLLOUT | POLLWRNORM)); 1743 if (error & CUSE_POLL_ERROR) 1744 revents |= (events & POLLHUP); 1745 } 1746 return (revents); 1747 1748 pollnval: 1749 /* XXX many clients don't understand POLLNVAL */ 1750 return (events & (POLLHUP | POLLPRI | POLLIN | 1751 POLLRDNORM | POLLOUT | POLLWRNORM)); 1752 } 1753 1754 static int 1755 cuse_client_mmap(struct cdev *dev, vm_ooffset_t offset, vm_paddr_t *paddr, int nprot, vm_memattr_t *memattr) 1756 { 1757 uint32_t page_nr = offset / PAGE_SIZE; 1758 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX; 1759 struct cuse_memory *mem; 1760 struct cuse_server *pcs; 1761 struct cuse_client *pcc; 1762 uint8_t *ptr; 1763 int error; 1764 1765 if (alloc_nr >= CUSE_ALLOC_UNIT_MAX) 1766 return (ENOMEM); 1767 1768 error = cuse_client_get(&pcc); 1769 if (error != 0) 1770 pcs = NULL; 1771 else 1772 pcs = pcc->server; 1773 1774 cuse_lock(); 1775 mem = &cuse_mem[alloc_nr]; 1776 1777 /* try to enforce slight ownership */ 1778 if ((pcs != NULL) && (mem->owner != pcs)) { 1779 cuse_unlock(); 1780 return (EINVAL); 1781 } 1782 if (mem->virtaddr == NULL) { 1783 cuse_unlock(); 1784 return (ENOMEM); 1785 } 1786 if (mem->virtaddr == NBUSY) { 1787 cuse_unlock(); 1788 return (ENOMEM); 1789 } 1790 page_nr %= CUSE_ALLOC_PAGES_MAX; 1791 1792 if (page_nr >= mem->page_count) { 1793 cuse_unlock(); 1794 return (ENXIO); 1795 } 1796 ptr = mem->virtaddr + (page_nr * PAGE_SIZE); 1797 cuse_unlock(); 1798 1799 *paddr = vtophys(ptr); 1800 1801 return (0); 1802 } 1803 1804 static void 1805 cuse_client_kqfilter_read_detach(struct knote *kn) 1806 { 1807 struct cuse_client *pcc; 1808 1809 cuse_lock(); 1810 pcc = kn->kn_hook; 1811 knlist_remove(&pcc->server->selinfo.si_note, kn, 1); 1812 cuse_unlock(); 1813 } 1814 1815 static void 1816 cuse_client_kqfilter_write_detach(struct knote *kn) 1817 { 1818 struct cuse_client *pcc; 1819 1820 cuse_lock(); 1821 pcc = kn->kn_hook; 1822 knlist_remove(&pcc->server->selinfo.si_note, kn, 1); 1823 cuse_unlock(); 1824 } 1825 1826 static int 1827 cuse_client_kqfilter_read_event(struct knote *kn, long hint) 1828 { 1829 struct cuse_client *pcc; 1830 1831 mtx_assert(&cuse_mtx, MA_OWNED); 1832 1833 pcc = kn->kn_hook; 1834 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_READ) ? 1 : 0); 1835 } 1836 1837 static int 1838 cuse_client_kqfilter_write_event(struct knote *kn, long hint) 1839 { 1840 struct cuse_client *pcc; 1841 1842 mtx_assert(&cuse_mtx, MA_OWNED); 1843 1844 pcc = kn->kn_hook; 1845 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_WRITE) ? 1 : 0); 1846 } 1847 1848 static int 1849 cuse_client_kqfilter(struct cdev *dev, struct knote *kn) 1850 { 1851 struct cuse_client *pcc; 1852 struct cuse_server *pcs; 1853 int error; 1854 1855 error = cuse_client_get(&pcc); 1856 if (error != 0) 1857 return (error); 1858 1859 cuse_lock(); 1860 pcs = pcc->server; 1861 switch (kn->kn_filter) { 1862 case EVFILT_READ: 1863 pcc->cflags |= CUSE_CLI_KNOTE_HAS_READ; 1864 kn->kn_hook = pcc; 1865 kn->kn_fop = &cuse_client_kqfilter_read_ops; 1866 knlist_add(&pcs->selinfo.si_note, kn, 1); 1867 break; 1868 case EVFILT_WRITE: 1869 pcc->cflags |= CUSE_CLI_KNOTE_HAS_WRITE; 1870 kn->kn_hook = pcc; 1871 kn->kn_fop = &cuse_client_kqfilter_write_ops; 1872 knlist_add(&pcs->selinfo.si_note, kn, 1); 1873 break; 1874 default: 1875 error = EINVAL; 1876 break; 1877 } 1878 cuse_unlock(); 1879 1880 if (error == 0) 1881 cuse_client_kqfilter_poll(dev, pcc); 1882 return (error); 1883 }
Cache object: c818e01787c09996709f7dc6217cc956
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]