Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/fs/cuse/cuse.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $FreeBSD$ */ 2 /*- 3 * Copyright (c) 2010-2020 Hans Petter Selasky. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27 #include "opt_compat.h" 28 29 #include <sys/stdint.h> 30 #include <sys/stddef.h> 31 #include <sys/param.h> 32 #include <sys/types.h> 33 #include <sys/systm.h> 34 #include <sys/conf.h> 35 #include <sys/kernel.h> 36 #include <sys/bus.h> 37 #include <sys/linker_set.h> 38 #include <sys/module.h> 39 #include <sys/lock.h> 40 #include <sys/mutex.h> 41 #include <sys/condvar.h> 42 #include <sys/sysctl.h> 43 #include <sys/unistd.h> 44 #include <sys/malloc.h> 45 #include <sys/priv.h> 46 #include <sys/uio.h> 47 #include <sys/poll.h> 48 #include <sys/sx.h> 49 #include <sys/rwlock.h> 50 #include <sys/queue.h> 51 #include <sys/fcntl.h> 52 #include <sys/proc.h> 53 #include <sys/vnode.h> 54 #include <sys/selinfo.h> 55 #include <sys/ptrace.h> 56 #include <sys/sysent.h> 57 58 #include <machine/bus.h> 59 60 #include <vm/vm.h> 61 #include <vm/pmap.h> 62 #include <vm/vm_object.h> 63 #include <vm/vm_page.h> 64 #include <vm/vm_pager.h> 65 66 #include <fs/cuse/cuse_defs.h> 67 #include <fs/cuse/cuse_ioctl.h> 68 69 static int 70 cuse_modevent(module_t mod, int type, void *data) 71 { 72 switch (type) { 73 case MOD_LOAD: 74 case MOD_UNLOAD: 75 return (0); 76 default: 77 return (EOPNOTSUPP); 78 } 79 } 80 81 static moduledata_t cuse_mod = { 82 .name = "cuse", 83 .evhand = &cuse_modevent, 84 }; 85 86 DECLARE_MODULE(cuse, cuse_mod, SI_SUB_DEVFS, SI_ORDER_FIRST); 87 MODULE_VERSION(cuse, 1); 88 89 /* 90 * Prevent cuse4bsd.ko and cuse.ko from loading at the same time by 91 * declaring support for the cuse4bsd interface in cuse.ko: 92 */ 93 MODULE_VERSION(cuse4bsd, 1); 94 95 #ifdef FEATURE 96 FEATURE(cuse, "Userspace character devices"); 97 #endif 98 99 struct cuse_command; 100 struct cuse_server; 101 struct cuse_client; 102 103 struct cuse_client_command { 104 TAILQ_ENTRY(cuse_client_command) entry; 105 struct cuse_command sub; 106 struct sx sx; 107 struct cv cv; 108 struct thread *entered; 109 struct cuse_client *client; 110 struct proc *proc_curr; 111 int proc_refs; 112 int got_signal; 113 int error; 114 int command; 115 }; 116 117 struct cuse_memory { 118 TAILQ_ENTRY(cuse_memory) entry; 119 vm_object_t object; 120 uint32_t page_count; 121 uint32_t alloc_nr; 122 }; 123 124 struct cuse_server_dev { 125 TAILQ_ENTRY(cuse_server_dev) entry; 126 struct cuse_server *server; 127 struct cdev *kern_dev; 128 struct cuse_dev *user_dev; 129 }; 130 131 struct cuse_server { 132 TAILQ_ENTRY(cuse_server) entry; 133 TAILQ_HEAD(, cuse_client_command) head; 134 TAILQ_HEAD(, cuse_server_dev) hdev; 135 TAILQ_HEAD(, cuse_client) hcli; 136 TAILQ_HEAD(, cuse_memory) hmem; 137 struct mtx mtx; 138 struct cv cv; 139 struct selinfo selinfo; 140 pid_t pid; 141 int is_closing; 142 int refs; 143 }; 144 145 struct cuse_client { 146 TAILQ_ENTRY(cuse_client) entry; 147 TAILQ_ENTRY(cuse_client) entry_ref; 148 struct cuse_client_command cmds[CUSE_CMD_MAX]; 149 struct cuse_server *server; 150 struct cuse_server_dev *server_dev; 151 152 uint8_t ioctl_buffer[CUSE_BUFFER_MAX] __aligned(4); 153 154 int fflags; /* file flags */ 155 int cflags; /* client flags */ 156 #define CUSE_CLI_IS_CLOSING 0x01 157 #define CUSE_CLI_KNOTE_NEED_READ 0x02 158 #define CUSE_CLI_KNOTE_NEED_WRITE 0x04 159 #define CUSE_CLI_KNOTE_HAS_READ 0x08 160 #define CUSE_CLI_KNOTE_HAS_WRITE 0x10 161 }; 162 163 #define CUSE_CLIENT_CLOSING(pcc) \ 164 ((pcc)->cflags & CUSE_CLI_IS_CLOSING) 165 166 static MALLOC_DEFINE(M_CUSE, "cuse", "CUSE memory"); 167 168 static TAILQ_HEAD(, cuse_server) cuse_server_head; 169 static struct mtx cuse_global_mtx; 170 static struct cdev *cuse_dev; 171 static struct cuse_server *cuse_alloc_unit[CUSE_DEVICES_MAX]; 172 static int cuse_alloc_unit_id[CUSE_DEVICES_MAX]; 173 174 static void cuse_server_wakeup_all_client_locked(struct cuse_server *pcs); 175 static void cuse_client_kqfilter_read_detach(struct knote *kn); 176 static void cuse_client_kqfilter_write_detach(struct knote *kn); 177 static int cuse_client_kqfilter_read_event(struct knote *kn, long hint); 178 static int cuse_client_kqfilter_write_event(struct knote *kn, long hint); 179 180 static struct filterops cuse_client_kqfilter_read_ops = { 181 .f_isfd = 1, 182 .f_detach = cuse_client_kqfilter_read_detach, 183 .f_event = cuse_client_kqfilter_read_event, 184 }; 185 186 static struct filterops cuse_client_kqfilter_write_ops = { 187 .f_isfd = 1, 188 .f_detach = cuse_client_kqfilter_write_detach, 189 .f_event = cuse_client_kqfilter_write_event, 190 }; 191 192 static d_open_t cuse_client_open; 193 static d_close_t cuse_client_close; 194 static d_ioctl_t cuse_client_ioctl; 195 static d_read_t cuse_client_read; 196 static d_write_t cuse_client_write; 197 static d_poll_t cuse_client_poll; 198 static d_mmap_single_t cuse_client_mmap_single; 199 static d_kqfilter_t cuse_client_kqfilter; 200 201 static struct cdevsw cuse_client_devsw = { 202 .d_version = D_VERSION, 203 .d_open = cuse_client_open, 204 .d_close = cuse_client_close, 205 .d_ioctl = cuse_client_ioctl, 206 .d_name = "cuse_client", 207 .d_flags = D_TRACKCLOSE, 208 .d_read = cuse_client_read, 209 .d_write = cuse_client_write, 210 .d_poll = cuse_client_poll, 211 .d_mmap_single = cuse_client_mmap_single, 212 .d_kqfilter = cuse_client_kqfilter, 213 }; 214 215 static d_open_t cuse_server_open; 216 static d_close_t cuse_server_close; 217 static d_ioctl_t cuse_server_ioctl; 218 static d_read_t cuse_server_read; 219 static d_write_t cuse_server_write; 220 static d_poll_t cuse_server_poll; 221 static d_mmap_single_t cuse_server_mmap_single; 222 223 static struct cdevsw cuse_server_devsw = { 224 .d_version = D_VERSION, 225 .d_open = cuse_server_open, 226 .d_close = cuse_server_close, 227 .d_ioctl = cuse_server_ioctl, 228 .d_name = "cuse_server", 229 .d_flags = D_TRACKCLOSE, 230 .d_read = cuse_server_read, 231 .d_write = cuse_server_write, 232 .d_poll = cuse_server_poll, 233 .d_mmap_single = cuse_server_mmap_single, 234 }; 235 236 static void cuse_client_is_closing(struct cuse_client *); 237 static int cuse_free_unit_by_id_locked(struct cuse_server *, int); 238 239 static void 240 cuse_global_lock(void) 241 { 242 mtx_lock(&cuse_global_mtx); 243 } 244 245 static void 246 cuse_global_unlock(void) 247 { 248 mtx_unlock(&cuse_global_mtx); 249 } 250 251 static void 252 cuse_server_lock(struct cuse_server *pcs) 253 { 254 mtx_lock(&pcs->mtx); 255 } 256 257 static void 258 cuse_server_unlock(struct cuse_server *pcs) 259 { 260 mtx_unlock(&pcs->mtx); 261 } 262 263 static void 264 cuse_cmd_lock(struct cuse_client_command *pccmd) 265 { 266 sx_xlock(&pccmd->sx); 267 } 268 269 static void 270 cuse_cmd_unlock(struct cuse_client_command *pccmd) 271 { 272 sx_xunlock(&pccmd->sx); 273 } 274 275 static void 276 cuse_kern_init(void *arg) 277 { 278 TAILQ_INIT(&cuse_server_head); 279 280 mtx_init(&cuse_global_mtx, "cuse-global-mtx", NULL, MTX_DEF); 281 282 cuse_dev = make_dev(&cuse_server_devsw, 0, 283 UID_ROOT, GID_OPERATOR, 0600, "cuse"); 284 285 printf("Cuse v%d.%d.%d @ /dev/cuse\n", 286 (CUSE_VERSION >> 16) & 0xFF, (CUSE_VERSION >> 8) & 0xFF, 287 (CUSE_VERSION >> 0) & 0xFF); 288 } 289 SYSINIT(cuse_kern_init, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_init, NULL); 290 291 static void 292 cuse_kern_uninit(void *arg) 293 { 294 void *ptr; 295 296 while (1) { 297 298 printf("Cuse: Please exit all /dev/cuse instances " 299 "and processes which have used this device.\n"); 300 301 pause("DRAIN", 2 * hz); 302 303 cuse_global_lock(); 304 ptr = TAILQ_FIRST(&cuse_server_head); 305 cuse_global_unlock(); 306 307 if (ptr == NULL) 308 break; 309 } 310 311 if (cuse_dev != NULL) 312 destroy_dev(cuse_dev); 313 314 mtx_destroy(&cuse_global_mtx); 315 } 316 SYSUNINIT(cuse_kern_uninit, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_uninit, 0); 317 318 static int 319 cuse_server_get(struct cuse_server **ppcs) 320 { 321 struct cuse_server *pcs; 322 int error; 323 324 error = devfs_get_cdevpriv((void **)&pcs); 325 if (error != 0) { 326 *ppcs = NULL; 327 return (error); 328 } 329 if (pcs->is_closing) { 330 *ppcs = NULL; 331 return (EINVAL); 332 } 333 *ppcs = pcs; 334 return (0); 335 } 336 337 static void 338 cuse_server_is_closing(struct cuse_server *pcs) 339 { 340 struct cuse_client *pcc; 341 342 if (pcs->is_closing) 343 return; 344 345 pcs->is_closing = 1; 346 347 TAILQ_FOREACH(pcc, &pcs->hcli, entry) { 348 cuse_client_is_closing(pcc); 349 } 350 } 351 352 static struct cuse_client_command * 353 cuse_server_find_command(struct cuse_server *pcs, struct thread *td) 354 { 355 struct cuse_client *pcc; 356 int n; 357 358 if (pcs->is_closing) 359 goto done; 360 361 TAILQ_FOREACH(pcc, &pcs->hcli, entry) { 362 if (CUSE_CLIENT_CLOSING(pcc)) 363 continue; 364 for (n = 0; n != CUSE_CMD_MAX; n++) { 365 if (pcc->cmds[n].entered == td) 366 return (&pcc->cmds[n]); 367 } 368 } 369 done: 370 return (NULL); 371 } 372 373 static void 374 cuse_str_filter(char *ptr) 375 { 376 int c; 377 378 while (((c = *ptr) != 0)) { 379 380 if ((c >= 'a') && (c <= 'z')) { 381 ptr++; 382 continue; 383 } 384 if ((c >= 'A') && (c <= 'Z')) { 385 ptr++; 386 continue; 387 } 388 if ((c >= '') && (c <= '9')) { 389 ptr++; 390 continue; 391 } 392 if ((c == '.') || (c == '_') || (c == '/')) { 393 ptr++; 394 continue; 395 } 396 *ptr = '_'; 397 398 ptr++; 399 } 400 } 401 402 static int 403 cuse_convert_error(int error) 404 { 405 ; /* indent fix */ 406 switch (error) { 407 case CUSE_ERR_NONE: 408 return (0); 409 case CUSE_ERR_BUSY: 410 return (EBUSY); 411 case CUSE_ERR_WOULDBLOCK: 412 return (EWOULDBLOCK); 413 case CUSE_ERR_INVALID: 414 return (EINVAL); 415 case CUSE_ERR_NO_MEMORY: 416 return (ENOMEM); 417 case CUSE_ERR_FAULT: 418 return (EFAULT); 419 case CUSE_ERR_SIGNAL: 420 return (EINTR); 421 case CUSE_ERR_NO_DEVICE: 422 return (ENODEV); 423 default: 424 return (ENXIO); 425 } 426 } 427 428 static void 429 cuse_vm_memory_free(struct cuse_memory *mem) 430 { 431 /* last user is gone - free */ 432 vm_object_deallocate(mem->object); 433 434 /* free CUSE memory */ 435 free(mem, M_CUSE); 436 } 437 438 static int 439 cuse_server_alloc_memory(struct cuse_server *pcs, uint32_t alloc_nr, 440 uint32_t page_count) 441 { 442 struct cuse_memory *temp; 443 struct cuse_memory *mem; 444 vm_object_t object; 445 int error; 446 447 mem = malloc(sizeof(*mem), M_CUSE, M_WAITOK | M_ZERO); 448 449 object = vm_pager_allocate(OBJT_SWAP, NULL, PAGE_SIZE * page_count, 450 VM_PROT_DEFAULT, 0, curthread->td_ucred); 451 if (object == NULL) { 452 error = ENOMEM; 453 goto error_0; 454 } 455 456 cuse_server_lock(pcs); 457 /* check if allocation number already exists */ 458 TAILQ_FOREACH(temp, &pcs->hmem, entry) { 459 if (temp->alloc_nr == alloc_nr) 460 break; 461 } 462 if (temp != NULL) { 463 cuse_server_unlock(pcs); 464 error = EBUSY; 465 goto error_1; 466 } 467 mem->object = object; 468 mem->page_count = page_count; 469 mem->alloc_nr = alloc_nr; 470 TAILQ_INSERT_TAIL(&pcs->hmem, mem, entry); 471 cuse_server_unlock(pcs); 472 473 return (0); 474 475 error_1: 476 vm_object_deallocate(object); 477 error_0: 478 free(mem, M_CUSE); 479 return (error); 480 } 481 482 static int 483 cuse_server_free_memory(struct cuse_server *pcs, uint32_t alloc_nr) 484 { 485 struct cuse_memory *mem; 486 487 cuse_server_lock(pcs); 488 TAILQ_FOREACH(mem, &pcs->hmem, entry) { 489 if (mem->alloc_nr == alloc_nr) 490 break; 491 } 492 if (mem == NULL) { 493 cuse_server_unlock(pcs); 494 return (EINVAL); 495 } 496 TAILQ_REMOVE(&pcs->hmem, mem, entry); 497 cuse_server_unlock(pcs); 498 499 cuse_vm_memory_free(mem); 500 501 return (0); 502 } 503 504 static int 505 cuse_client_get(struct cuse_client **ppcc) 506 { 507 struct cuse_client *pcc; 508 int error; 509 510 /* try to get private data */ 511 error = devfs_get_cdevpriv((void **)&pcc); 512 if (error != 0) { 513 *ppcc = NULL; 514 return (error); 515 } 516 if (CUSE_CLIENT_CLOSING(pcc) || pcc->server->is_closing) { 517 *ppcc = NULL; 518 return (EINVAL); 519 } 520 *ppcc = pcc; 521 return (0); 522 } 523 524 static void 525 cuse_client_is_closing(struct cuse_client *pcc) 526 { 527 struct cuse_client_command *pccmd; 528 uint32_t n; 529 530 if (CUSE_CLIENT_CLOSING(pcc)) 531 return; 532 533 pcc->cflags |= CUSE_CLI_IS_CLOSING; 534 pcc->server_dev = NULL; 535 536 for (n = 0; n != CUSE_CMD_MAX; n++) { 537 538 pccmd = &pcc->cmds[n]; 539 540 if (pccmd->entry.tqe_prev != NULL) { 541 TAILQ_REMOVE(&pcc->server->head, pccmd, entry); 542 pccmd->entry.tqe_prev = NULL; 543 } 544 cv_broadcast(&pccmd->cv); 545 } 546 } 547 548 static void 549 cuse_client_send_command_locked(struct cuse_client_command *pccmd, 550 uintptr_t data_ptr, unsigned long arg, int fflags, int ioflag) 551 { 552 unsigned long cuse_fflags = 0; 553 struct cuse_server *pcs; 554 555 if (fflags & FREAD) 556 cuse_fflags |= CUSE_FFLAG_READ; 557 558 if (fflags & FWRITE) 559 cuse_fflags |= CUSE_FFLAG_WRITE; 560 561 if (ioflag & IO_NDELAY) 562 cuse_fflags |= CUSE_FFLAG_NONBLOCK; 563 #if defined(__LP64__) 564 if (SV_CURPROC_FLAG(SV_ILP32)) 565 cuse_fflags |= CUSE_FFLAG_COMPAT32; 566 #endif 567 pccmd->sub.fflags = cuse_fflags; 568 pccmd->sub.data_pointer = data_ptr; 569 pccmd->sub.argument = arg; 570 571 pcs = pccmd->client->server; 572 573 if ((pccmd->entry.tqe_prev == NULL) && 574 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) && 575 (pcs->is_closing == 0)) { 576 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry); 577 cv_signal(&pcs->cv); 578 } 579 } 580 581 static void 582 cuse_client_got_signal(struct cuse_client_command *pccmd) 583 { 584 struct cuse_server *pcs; 585 586 pccmd->got_signal = 1; 587 588 pccmd = &pccmd->client->cmds[CUSE_CMD_SIGNAL]; 589 590 pcs = pccmd->client->server; 591 592 if ((pccmd->entry.tqe_prev == NULL) && 593 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) && 594 (pcs->is_closing == 0)) { 595 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry); 596 cv_signal(&pcs->cv); 597 } 598 } 599 600 static int 601 cuse_client_receive_command_locked(struct cuse_client_command *pccmd, 602 uint8_t *arg_ptr, uint32_t arg_len) 603 { 604 struct cuse_server *pcs; 605 int error; 606 607 pcs = pccmd->client->server; 608 error = 0; 609 610 pccmd->proc_curr = curthread->td_proc; 611 612 if (CUSE_CLIENT_CLOSING(pccmd->client) || pcs->is_closing) { 613 error = CUSE_ERR_OTHER; 614 goto done; 615 } 616 while (pccmd->command == CUSE_CMD_NONE) { 617 if (error != 0) { 618 cv_wait(&pccmd->cv, &pcs->mtx); 619 } else { 620 error = cv_wait_sig(&pccmd->cv, &pcs->mtx); 621 622 if (error != 0) 623 cuse_client_got_signal(pccmd); 624 } 625 if (CUSE_CLIENT_CLOSING(pccmd->client) || pcs->is_closing) { 626 error = CUSE_ERR_OTHER; 627 goto done; 628 } 629 } 630 631 error = pccmd->error; 632 pccmd->command = CUSE_CMD_NONE; 633 cv_signal(&pccmd->cv); 634 635 done: 636 637 /* wait until all process references are gone */ 638 639 pccmd->proc_curr = NULL; 640 641 while (pccmd->proc_refs != 0) 642 cv_wait(&pccmd->cv, &pcs->mtx); 643 644 return (error); 645 } 646 647 /*------------------------------------------------------------------------* 648 * CUSE SERVER PART 649 *------------------------------------------------------------------------*/ 650 651 static void 652 cuse_server_free_dev(struct cuse_server_dev *pcsd) 653 { 654 struct cuse_server *pcs; 655 struct cuse_client *pcc; 656 657 /* get server pointer */ 658 pcs = pcsd->server; 659 660 /* prevent creation of more devices */ 661 cuse_server_lock(pcs); 662 if (pcsd->kern_dev != NULL) 663 pcsd->kern_dev->si_drv1 = NULL; 664 665 TAILQ_FOREACH(pcc, &pcs->hcli, entry) { 666 if (pcc->server_dev == pcsd) 667 cuse_client_is_closing(pcc); 668 } 669 cuse_server_unlock(pcs); 670 671 /* destroy device, if any */ 672 if (pcsd->kern_dev != NULL) { 673 /* destroy device synchronously */ 674 destroy_dev(pcsd->kern_dev); 675 } 676 free(pcsd, M_CUSE); 677 } 678 679 static void 680 cuse_server_unref(struct cuse_server *pcs) 681 { 682 struct cuse_server_dev *pcsd; 683 struct cuse_memory *mem; 684 685 cuse_server_lock(pcs); 686 if (--(pcs->refs) != 0) { 687 cuse_server_unlock(pcs); 688 return; 689 } 690 cuse_server_is_closing(pcs); 691 /* final client wakeup, if any */ 692 cuse_server_wakeup_all_client_locked(pcs); 693 694 cuse_global_lock(); 695 TAILQ_REMOVE(&cuse_server_head, pcs, entry); 696 cuse_global_unlock(); 697 698 while ((pcsd = TAILQ_FIRST(&pcs->hdev)) != NULL) { 699 TAILQ_REMOVE(&pcs->hdev, pcsd, entry); 700 cuse_server_unlock(pcs); 701 cuse_server_free_dev(pcsd); 702 cuse_server_lock(pcs); 703 } 704 705 cuse_free_unit_by_id_locked(pcs, -1); 706 707 while ((mem = TAILQ_FIRST(&pcs->hmem)) != NULL) { 708 TAILQ_REMOVE(&pcs->hmem, mem, entry); 709 cuse_server_unlock(pcs); 710 cuse_vm_memory_free(mem); 711 cuse_server_lock(pcs); 712 } 713 714 knlist_clear(&pcs->selinfo.si_note, 1); 715 knlist_destroy(&pcs->selinfo.si_note); 716 717 cuse_server_unlock(pcs); 718 719 seldrain(&pcs->selinfo); 720 721 cv_destroy(&pcs->cv); 722 723 mtx_destroy(&pcs->mtx); 724 725 free(pcs, M_CUSE); 726 } 727 728 static int 729 cuse_server_do_close(struct cuse_server *pcs) 730 { 731 int retval; 732 733 cuse_server_lock(pcs); 734 cuse_server_is_closing(pcs); 735 /* final client wakeup, if any */ 736 cuse_server_wakeup_all_client_locked(pcs); 737 738 knlist_clear(&pcs->selinfo.si_note, 1); 739 740 retval = pcs->refs; 741 cuse_server_unlock(pcs); 742 743 return (retval); 744 } 745 746 static void 747 cuse_server_free(void *arg) 748 { 749 struct cuse_server *pcs = arg; 750 751 /* 752 * The final server unref should be done by the server thread 753 * to prevent deadlock in the client cdevpriv destructor, 754 * which cannot destroy itself. 755 */ 756 while (cuse_server_do_close(pcs) != 1) 757 pause("W", hz); 758 759 /* drop final refcount */ 760 cuse_server_unref(pcs); 761 } 762 763 static int 764 cuse_server_open(struct cdev *dev, int fflags, int devtype, struct thread *td) 765 { 766 struct cuse_server *pcs; 767 768 pcs = malloc(sizeof(*pcs), M_CUSE, M_WAITOK | M_ZERO); 769 770 if (devfs_set_cdevpriv(pcs, &cuse_server_free)) { 771 printf("Cuse: Cannot set cdevpriv.\n"); 772 free(pcs, M_CUSE); 773 return (ENOMEM); 774 } 775 /* store current process ID */ 776 pcs->pid = curproc->p_pid; 777 778 TAILQ_INIT(&pcs->head); 779 TAILQ_INIT(&pcs->hdev); 780 TAILQ_INIT(&pcs->hcli); 781 TAILQ_INIT(&pcs->hmem); 782 783 cv_init(&pcs->cv, "cuse-server-cv"); 784 785 mtx_init(&pcs->mtx, "cuse-server-mtx", NULL, MTX_DEF); 786 787 knlist_init_mtx(&pcs->selinfo.si_note, &pcs->mtx); 788 789 cuse_global_lock(); 790 pcs->refs++; 791 TAILQ_INSERT_TAIL(&cuse_server_head, pcs, entry); 792 cuse_global_unlock(); 793 794 return (0); 795 } 796 797 static int 798 cuse_server_close(struct cdev *dev, int fflag, int devtype, struct thread *td) 799 { 800 struct cuse_server *pcs; 801 802 if (cuse_server_get(&pcs) == 0) 803 cuse_server_do_close(pcs); 804 805 return (0); 806 } 807 808 static int 809 cuse_server_read(struct cdev *dev, struct uio *uio, int ioflag) 810 { 811 return (ENXIO); 812 } 813 814 static int 815 cuse_server_write(struct cdev *dev, struct uio *uio, int ioflag) 816 { 817 return (ENXIO); 818 } 819 820 static int 821 cuse_server_ioctl_copy_locked(struct cuse_server *pcs, 822 struct cuse_client_command *pccmd, 823 struct cuse_data_chunk *pchk, int isread) 824 { 825 struct proc *p_proc; 826 uint32_t offset; 827 int error; 828 829 offset = pchk->peer_ptr - CUSE_BUF_MIN_PTR; 830 831 if (pchk->length > CUSE_BUFFER_MAX) 832 return (EFAULT); 833 834 if (offset >= CUSE_BUFFER_MAX) 835 return (EFAULT); 836 837 if ((offset + pchk->length) > CUSE_BUFFER_MAX) 838 return (EFAULT); 839 840 p_proc = pccmd->proc_curr; 841 if (p_proc == NULL) 842 return (ENXIO); 843 844 if (pccmd->proc_refs < 0) 845 return (ENOMEM); 846 847 pccmd->proc_refs++; 848 849 cuse_server_unlock(pcs); 850 851 if (isread == 0) { 852 error = copyin( 853 (void *)pchk->local_ptr, 854 pccmd->client->ioctl_buffer + offset, 855 pchk->length); 856 } else { 857 error = copyout( 858 pccmd->client->ioctl_buffer + offset, 859 (void *)pchk->local_ptr, 860 pchk->length); 861 } 862 863 cuse_server_lock(pcs); 864 865 pccmd->proc_refs--; 866 867 if (pccmd->proc_curr == NULL) 868 cv_signal(&pccmd->cv); 869 870 return (error); 871 } 872 873 static int 874 cuse_proc2proc_copy(struct proc *proc_s, vm_offset_t data_s, 875 struct proc *proc_d, vm_offset_t data_d, size_t len) 876 { 877 struct thread *td; 878 struct proc *proc_cur; 879 int error; 880 881 td = curthread; 882 proc_cur = td->td_proc; 883 884 if (proc_cur == proc_d) { 885 struct iovec iov = { 886 .iov_base = (caddr_t)data_d, 887 .iov_len = len, 888 }; 889 struct uio uio = { 890 .uio_iov = &iov, 891 .uio_iovcnt = 1, 892 .uio_offset = (off_t)data_s, 893 .uio_resid = len, 894 .uio_segflg = UIO_USERSPACE, 895 .uio_rw = UIO_READ, 896 .uio_td = td, 897 }; 898 899 PHOLD(proc_s); 900 error = proc_rwmem(proc_s, &uio); 901 PRELE(proc_s); 902 903 } else if (proc_cur == proc_s) { 904 struct iovec iov = { 905 .iov_base = (caddr_t)data_s, 906 .iov_len = len, 907 }; 908 struct uio uio = { 909 .uio_iov = &iov, 910 .uio_iovcnt = 1, 911 .uio_offset = (off_t)data_d, 912 .uio_resid = len, 913 .uio_segflg = UIO_USERSPACE, 914 .uio_rw = UIO_WRITE, 915 .uio_td = td, 916 }; 917 918 PHOLD(proc_d); 919 error = proc_rwmem(proc_d, &uio); 920 PRELE(proc_d); 921 } else { 922 error = EINVAL; 923 } 924 return (error); 925 } 926 927 static int 928 cuse_server_data_copy_locked(struct cuse_server *pcs, 929 struct cuse_client_command *pccmd, 930 struct cuse_data_chunk *pchk, int isread) 931 { 932 struct proc *p_proc; 933 int error; 934 935 p_proc = pccmd->proc_curr; 936 if (p_proc == NULL) 937 return (ENXIO); 938 939 if (pccmd->proc_refs < 0) 940 return (ENOMEM); 941 942 pccmd->proc_refs++; 943 944 cuse_server_unlock(pcs); 945 946 if (isread == 0) { 947 error = cuse_proc2proc_copy( 948 curthread->td_proc, pchk->local_ptr, 949 p_proc, pchk->peer_ptr, 950 pchk->length); 951 } else { 952 error = cuse_proc2proc_copy( 953 p_proc, pchk->peer_ptr, 954 curthread->td_proc, pchk->local_ptr, 955 pchk->length); 956 } 957 958 cuse_server_lock(pcs); 959 960 pccmd->proc_refs--; 961 962 if (pccmd->proc_curr == NULL) 963 cv_signal(&pccmd->cv); 964 965 return (error); 966 } 967 968 static int 969 cuse_alloc_unit_by_id_locked(struct cuse_server *pcs, int id) 970 { 971 int n; 972 int x = 0; 973 int match; 974 975 do { 976 for (match = n = 0; n != CUSE_DEVICES_MAX; n++) { 977 if (cuse_alloc_unit[n] != NULL) { 978 if ((cuse_alloc_unit_id[n] ^ id) & CUSE_ID_MASK) 979 continue; 980 if ((cuse_alloc_unit_id[n] & ~CUSE_ID_MASK) == x) { 981 x++; 982 match = 1; 983 } 984 } 985 } 986 } while (match); 987 988 if (x < 256) { 989 for (n = 0; n != CUSE_DEVICES_MAX; n++) { 990 if (cuse_alloc_unit[n] == NULL) { 991 cuse_alloc_unit[n] = pcs; 992 cuse_alloc_unit_id[n] = id | x; 993 return (x); 994 } 995 } 996 } 997 return (-1); 998 } 999 1000 static void 1001 cuse_server_wakeup_locked(struct cuse_server *pcs) 1002 { 1003 selwakeup(&pcs->selinfo); 1004 KNOTE_LOCKED(&pcs->selinfo.si_note, 0); 1005 } 1006 1007 static void 1008 cuse_server_wakeup_all_client_locked(struct cuse_server *pcs) 1009 { 1010 struct cuse_client *pcc; 1011 1012 TAILQ_FOREACH(pcc, &pcs->hcli, entry) { 1013 pcc->cflags |= (CUSE_CLI_KNOTE_NEED_READ | 1014 CUSE_CLI_KNOTE_NEED_WRITE); 1015 } 1016 cuse_server_wakeup_locked(pcs); 1017 } 1018 1019 static int 1020 cuse_free_unit_by_id_locked(struct cuse_server *pcs, int id) 1021 { 1022 int n; 1023 int found = 0; 1024 1025 for (n = 0; n != CUSE_DEVICES_MAX; n++) { 1026 if (cuse_alloc_unit[n] == pcs) { 1027 if (cuse_alloc_unit_id[n] == id || id == -1) { 1028 cuse_alloc_unit[n] = NULL; 1029 cuse_alloc_unit_id[n] = 0; 1030 found = 1; 1031 } 1032 } 1033 } 1034 1035 return (found ? 0 : EINVAL); 1036 } 1037 1038 static int 1039 cuse_server_ioctl(struct cdev *dev, unsigned long cmd, 1040 caddr_t data, int fflag, struct thread *td) 1041 { 1042 struct cuse_server *pcs; 1043 int error; 1044 1045 error = cuse_server_get(&pcs); 1046 if (error != 0) 1047 return (error); 1048 1049 switch (cmd) { 1050 struct cuse_client_command *pccmd; 1051 struct cuse_client *pcc; 1052 struct cuse_command *pcmd; 1053 struct cuse_alloc_info *pai; 1054 struct cuse_create_dev *pcd; 1055 struct cuse_server_dev *pcsd; 1056 struct cuse_data_chunk *pchk; 1057 int n; 1058 1059 case CUSE_IOCTL_GET_COMMAND: 1060 pcmd = (void *)data; 1061 1062 cuse_server_lock(pcs); 1063 1064 while ((pccmd = TAILQ_FIRST(&pcs->head)) == NULL) { 1065 error = cv_wait_sig(&pcs->cv, &pcs->mtx); 1066 1067 if (pcs->is_closing) 1068 error = ENXIO; 1069 1070 if (error) { 1071 cuse_server_unlock(pcs); 1072 return (error); 1073 } 1074 } 1075 1076 TAILQ_REMOVE(&pcs->head, pccmd, entry); 1077 pccmd->entry.tqe_prev = NULL; 1078 1079 pccmd->entered = curthread; 1080 1081 *pcmd = pccmd->sub; 1082 1083 cuse_server_unlock(pcs); 1084 1085 break; 1086 1087 case CUSE_IOCTL_SYNC_COMMAND: 1088 1089 cuse_server_lock(pcs); 1090 while ((pccmd = cuse_server_find_command(pcs, curthread)) != NULL) { 1091 1092 /* send sync command */ 1093 pccmd->entered = NULL; 1094 pccmd->error = *(int *)data; 1095 pccmd->command = CUSE_CMD_SYNC; 1096 1097 /* signal peer, if any */ 1098 cv_signal(&pccmd->cv); 1099 } 1100 cuse_server_unlock(pcs); 1101 1102 break; 1103 1104 case CUSE_IOCTL_ALLOC_UNIT: 1105 1106 cuse_server_lock(pcs); 1107 n = cuse_alloc_unit_by_id_locked(pcs, 1108 CUSE_ID_DEFAULT(0)); 1109 cuse_server_unlock(pcs); 1110 1111 if (n < 0) 1112 error = ENOMEM; 1113 else 1114 *(int *)data = n; 1115 break; 1116 1117 case CUSE_IOCTL_ALLOC_UNIT_BY_ID: 1118 1119 n = *(int *)data; 1120 1121 n = (n & CUSE_ID_MASK); 1122 1123 cuse_server_lock(pcs); 1124 n = cuse_alloc_unit_by_id_locked(pcs, n); 1125 cuse_server_unlock(pcs); 1126 1127 if (n < 0) 1128 error = ENOMEM; 1129 else 1130 *(int *)data = n; 1131 break; 1132 1133 case CUSE_IOCTL_FREE_UNIT: 1134 1135 n = *(int *)data; 1136 1137 n = CUSE_ID_DEFAULT(n); 1138 1139 cuse_server_lock(pcs); 1140 error = cuse_free_unit_by_id_locked(pcs, n); 1141 cuse_server_unlock(pcs); 1142 break; 1143 1144 case CUSE_IOCTL_FREE_UNIT_BY_ID: 1145 1146 n = *(int *)data; 1147 1148 cuse_server_lock(pcs); 1149 error = cuse_free_unit_by_id_locked(pcs, n); 1150 cuse_server_unlock(pcs); 1151 break; 1152 1153 case CUSE_IOCTL_ALLOC_MEMORY: 1154 1155 pai = (void *)data; 1156 1157 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) { 1158 error = ENOMEM; 1159 break; 1160 } 1161 if (pai->page_count >= CUSE_ALLOC_PAGES_MAX) { 1162 error = ENOMEM; 1163 break; 1164 } 1165 error = cuse_server_alloc_memory(pcs, 1166 pai->alloc_nr, pai->page_count); 1167 break; 1168 1169 case CUSE_IOCTL_FREE_MEMORY: 1170 pai = (void *)data; 1171 1172 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) { 1173 error = ENOMEM; 1174 break; 1175 } 1176 error = cuse_server_free_memory(pcs, pai->alloc_nr); 1177 break; 1178 1179 case CUSE_IOCTL_GET_SIG: 1180 1181 cuse_server_lock(pcs); 1182 pccmd = cuse_server_find_command(pcs, curthread); 1183 1184 if (pccmd != NULL) { 1185 n = pccmd->got_signal; 1186 pccmd->got_signal = 0; 1187 } else { 1188 n = 0; 1189 } 1190 cuse_server_unlock(pcs); 1191 1192 *(int *)data = n; 1193 1194 break; 1195 1196 case CUSE_IOCTL_SET_PFH: 1197 1198 cuse_server_lock(pcs); 1199 pccmd = cuse_server_find_command(pcs, curthread); 1200 1201 if (pccmd != NULL) { 1202 pcc = pccmd->client; 1203 for (n = 0; n != CUSE_CMD_MAX; n++) { 1204 pcc->cmds[n].sub.per_file_handle = *(uintptr_t *)data; 1205 } 1206 } else { 1207 error = ENXIO; 1208 } 1209 cuse_server_unlock(pcs); 1210 break; 1211 1212 case CUSE_IOCTL_CREATE_DEV: 1213 1214 error = priv_check(curthread, PRIV_DRIVER); 1215 if (error) 1216 break; 1217 1218 pcd = (void *)data; 1219 1220 /* filter input */ 1221 1222 pcd->devname[sizeof(pcd->devname) - 1] = 0; 1223 1224 if (pcd->devname[0] == 0) { 1225 error = EINVAL; 1226 break; 1227 } 1228 cuse_str_filter(pcd->devname); 1229 1230 pcd->permissions &= 0777; 1231 1232 /* try to allocate a character device */ 1233 1234 pcsd = malloc(sizeof(*pcsd), M_CUSE, M_WAITOK | M_ZERO); 1235 1236 pcsd->server = pcs; 1237 1238 pcsd->user_dev = pcd->dev; 1239 1240 pcsd->kern_dev = make_dev_credf(MAKEDEV_CHECKNAME, 1241 &cuse_client_devsw, 0, NULL, pcd->user_id, pcd->group_id, 1242 pcd->permissions, "%s", pcd->devname); 1243 1244 if (pcsd->kern_dev == NULL) { 1245 free(pcsd, M_CUSE); 1246 error = ENOMEM; 1247 break; 1248 } 1249 pcsd->kern_dev->si_drv1 = pcsd; 1250 1251 cuse_server_lock(pcs); 1252 TAILQ_INSERT_TAIL(&pcs->hdev, pcsd, entry); 1253 cuse_server_unlock(pcs); 1254 1255 break; 1256 1257 case CUSE_IOCTL_DESTROY_DEV: 1258 1259 error = priv_check(curthread, PRIV_DRIVER); 1260 if (error) 1261 break; 1262 1263 cuse_server_lock(pcs); 1264 1265 error = EINVAL; 1266 1267 pcsd = TAILQ_FIRST(&pcs->hdev); 1268 while (pcsd != NULL) { 1269 if (pcsd->user_dev == *(struct cuse_dev **)data) { 1270 TAILQ_REMOVE(&pcs->hdev, pcsd, entry); 1271 cuse_server_unlock(pcs); 1272 cuse_server_free_dev(pcsd); 1273 cuse_server_lock(pcs); 1274 error = 0; 1275 pcsd = TAILQ_FIRST(&pcs->hdev); 1276 } else { 1277 pcsd = TAILQ_NEXT(pcsd, entry); 1278 } 1279 } 1280 1281 cuse_server_unlock(pcs); 1282 break; 1283 1284 case CUSE_IOCTL_WRITE_DATA: 1285 case CUSE_IOCTL_READ_DATA: 1286 1287 cuse_server_lock(pcs); 1288 pchk = (struct cuse_data_chunk *)data; 1289 1290 pccmd = cuse_server_find_command(pcs, curthread); 1291 1292 if (pccmd == NULL) { 1293 error = ENXIO; /* invalid request */ 1294 } else if (pchk->peer_ptr < CUSE_BUF_MIN_PTR) { 1295 error = EFAULT; /* NULL pointer */ 1296 } else if (pchk->peer_ptr < CUSE_BUF_MAX_PTR) { 1297 error = cuse_server_ioctl_copy_locked(pcs, pccmd, 1298 pchk, cmd == CUSE_IOCTL_READ_DATA); 1299 } else { 1300 error = cuse_server_data_copy_locked(pcs, pccmd, 1301 pchk, cmd == CUSE_IOCTL_READ_DATA); 1302 } 1303 cuse_server_unlock(pcs); 1304 break; 1305 1306 case CUSE_IOCTL_SELWAKEUP: 1307 cuse_server_lock(pcs); 1308 /* 1309 * We don't know which direction caused the event. 1310 * Wakeup both! 1311 */ 1312 cuse_server_wakeup_all_client_locked(pcs); 1313 cuse_server_unlock(pcs); 1314 break; 1315 1316 default: 1317 error = ENXIO; 1318 break; 1319 } 1320 return (error); 1321 } 1322 1323 static int 1324 cuse_server_poll(struct cdev *dev, int events, struct thread *td) 1325 { 1326 return (events & (POLLHUP | POLLPRI | POLLIN | 1327 POLLRDNORM | POLLOUT | POLLWRNORM)); 1328 } 1329 1330 static int 1331 cuse_server_mmap_single(struct cdev *dev, vm_ooffset_t *offset, 1332 vm_size_t size, struct vm_object **object, int nprot) 1333 { 1334 uint32_t page_nr = *offset / PAGE_SIZE; 1335 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX; 1336 struct cuse_memory *mem; 1337 struct cuse_server *pcs; 1338 int error; 1339 1340 error = cuse_server_get(&pcs); 1341 if (error != 0) 1342 return (error); 1343 1344 cuse_server_lock(pcs); 1345 /* lookup memory structure */ 1346 TAILQ_FOREACH(mem, &pcs->hmem, entry) { 1347 if (mem->alloc_nr == alloc_nr) 1348 break; 1349 } 1350 if (mem == NULL) { 1351 cuse_server_unlock(pcs); 1352 return (ENOMEM); 1353 } 1354 /* verify page offset */ 1355 page_nr %= CUSE_ALLOC_PAGES_MAX; 1356 if (page_nr >= mem->page_count) { 1357 cuse_server_unlock(pcs); 1358 return (ENXIO); 1359 } 1360 /* verify mmap size */ 1361 if ((size % PAGE_SIZE) != 0 || (size < PAGE_SIZE) || 1362 (size > ((mem->page_count - page_nr) * PAGE_SIZE))) { 1363 cuse_server_unlock(pcs); 1364 return (EINVAL); 1365 } 1366 vm_object_reference(mem->object); 1367 *object = mem->object; 1368 cuse_server_unlock(pcs); 1369 1370 /* set new VM object offset to use */ 1371 *offset = page_nr * PAGE_SIZE; 1372 1373 /* success */ 1374 return (0); 1375 } 1376 1377 /*------------------------------------------------------------------------* 1378 * CUSE CLIENT PART 1379 *------------------------------------------------------------------------*/ 1380 static void 1381 cuse_client_free(void *arg) 1382 { 1383 struct cuse_client *pcc = arg; 1384 struct cuse_client_command *pccmd; 1385 struct cuse_server *pcs; 1386 int n; 1387 1388 pcs = pcc->server; 1389 1390 cuse_server_lock(pcs); 1391 cuse_client_is_closing(pcc); 1392 TAILQ_REMOVE(&pcs->hcli, pcc, entry); 1393 cuse_server_unlock(pcs); 1394 1395 for (n = 0; n != CUSE_CMD_MAX; n++) { 1396 1397 pccmd = &pcc->cmds[n]; 1398 1399 sx_destroy(&pccmd->sx); 1400 cv_destroy(&pccmd->cv); 1401 } 1402 1403 free(pcc, M_CUSE); 1404 1405 /* drop reference on server */ 1406 cuse_server_unref(pcs); 1407 } 1408 1409 static int 1410 cuse_client_open(struct cdev *dev, int fflags, int devtype, struct thread *td) 1411 { 1412 struct cuse_client_command *pccmd; 1413 struct cuse_server_dev *pcsd; 1414 struct cuse_client *pcc; 1415 struct cuse_server *pcs; 1416 struct cuse_dev *pcd; 1417 int error; 1418 int n; 1419 1420 pcsd = dev->si_drv1; 1421 if (pcsd != NULL) { 1422 pcs = pcsd->server; 1423 pcd = pcsd->user_dev; 1424 1425 cuse_server_lock(pcs); 1426 /* 1427 * Check that the refcount didn't wrap and that the 1428 * same process is not both client and server. This 1429 * can easily lead to deadlocks when destroying the 1430 * CUSE character device nodes: 1431 */ 1432 pcs->refs++; 1433 if (pcs->refs < 0 || pcs->pid == curproc->p_pid) { 1434 /* overflow or wrong PID */ 1435 pcs->refs--; 1436 cuse_server_unlock(pcs); 1437 return (EINVAL); 1438 } 1439 cuse_server_unlock(pcs); 1440 } else { 1441 return (EINVAL); 1442 } 1443 1444 pcc = malloc(sizeof(*pcc), M_CUSE, M_WAITOK | M_ZERO); 1445 if (devfs_set_cdevpriv(pcc, &cuse_client_free)) { 1446 printf("Cuse: Cannot set cdevpriv.\n"); 1447 /* drop reference on server */ 1448 cuse_server_unref(pcs); 1449 free(pcc, M_CUSE); 1450 return (ENOMEM); 1451 } 1452 pcc->fflags = fflags; 1453 pcc->server_dev = pcsd; 1454 pcc->server = pcs; 1455 1456 for (n = 0; n != CUSE_CMD_MAX; n++) { 1457 1458 pccmd = &pcc->cmds[n]; 1459 1460 pccmd->sub.dev = pcd; 1461 pccmd->sub.command = n; 1462 pccmd->client = pcc; 1463 1464 sx_init(&pccmd->sx, "cuse-client-sx"); 1465 cv_init(&pccmd->cv, "cuse-client-cv"); 1466 } 1467 1468 cuse_server_lock(pcs); 1469 1470 /* cuse_client_free() assumes that the client is listed somewhere! */ 1471 /* always enqueue */ 1472 1473 TAILQ_INSERT_TAIL(&pcs->hcli, pcc, entry); 1474 1475 /* check if server is closing */ 1476 if ((pcs->is_closing != 0) || (dev->si_drv1 == NULL)) { 1477 error = EINVAL; 1478 } else { 1479 error = 0; 1480 } 1481 cuse_server_unlock(pcs); 1482 1483 if (error) { 1484 devfs_clear_cdevpriv(); /* XXX bugfix */ 1485 return (error); 1486 } 1487 pccmd = &pcc->cmds[CUSE_CMD_OPEN]; 1488 1489 cuse_cmd_lock(pccmd); 1490 1491 cuse_server_lock(pcs); 1492 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0); 1493 1494 error = cuse_client_receive_command_locked(pccmd, 0, 0); 1495 cuse_server_unlock(pcs); 1496 1497 if (error < 0) { 1498 error = cuse_convert_error(error); 1499 } else { 1500 error = 0; 1501 } 1502 1503 cuse_cmd_unlock(pccmd); 1504 1505 if (error) 1506 devfs_clear_cdevpriv(); /* XXX bugfix */ 1507 1508 return (error); 1509 } 1510 1511 static int 1512 cuse_client_close(struct cdev *dev, int fflag, int devtype, struct thread *td) 1513 { 1514 struct cuse_client_command *pccmd; 1515 struct cuse_client *pcc; 1516 struct cuse_server *pcs; 1517 int error; 1518 1519 error = cuse_client_get(&pcc); 1520 if (error != 0) 1521 return (0); 1522 1523 pccmd = &pcc->cmds[CUSE_CMD_CLOSE]; 1524 pcs = pcc->server; 1525 1526 cuse_cmd_lock(pccmd); 1527 1528 cuse_server_lock(pcs); 1529 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0); 1530 1531 error = cuse_client_receive_command_locked(pccmd, 0, 0); 1532 cuse_cmd_unlock(pccmd); 1533 1534 cuse_client_is_closing(pcc); 1535 cuse_server_unlock(pcs); 1536 1537 return (0); 1538 } 1539 1540 static void 1541 cuse_client_kqfilter_poll(struct cdev *dev, struct cuse_client *pcc) 1542 { 1543 struct cuse_server *pcs = pcc->server; 1544 int temp; 1545 1546 cuse_server_lock(pcs); 1547 temp = (pcc->cflags & (CUSE_CLI_KNOTE_HAS_READ | 1548 CUSE_CLI_KNOTE_HAS_WRITE)); 1549 pcc->cflags &= ~(CUSE_CLI_KNOTE_NEED_READ | 1550 CUSE_CLI_KNOTE_NEED_WRITE); 1551 cuse_server_unlock(pcs); 1552 1553 if (temp != 0) { 1554 /* get the latest polling state from the server */ 1555 temp = cuse_client_poll(dev, POLLIN | POLLOUT, NULL); 1556 1557 if (temp & (POLLIN | POLLOUT)) { 1558 cuse_server_lock(pcs); 1559 if (temp & POLLIN) 1560 pcc->cflags |= CUSE_CLI_KNOTE_NEED_READ; 1561 if (temp & POLLOUT) 1562 pcc->cflags |= CUSE_CLI_KNOTE_NEED_WRITE; 1563 1564 /* make sure the "knote" gets woken up */ 1565 cuse_server_wakeup_locked(pcc->server); 1566 cuse_server_unlock(pcs); 1567 } 1568 } 1569 } 1570 1571 static int 1572 cuse_client_read(struct cdev *dev, struct uio *uio, int ioflag) 1573 { 1574 struct cuse_client_command *pccmd; 1575 struct cuse_client *pcc; 1576 struct cuse_server *pcs; 1577 int error; 1578 int len; 1579 1580 error = cuse_client_get(&pcc); 1581 if (error != 0) 1582 return (error); 1583 1584 pccmd = &pcc->cmds[CUSE_CMD_READ]; 1585 pcs = pcc->server; 1586 1587 if (uio->uio_segflg != UIO_USERSPACE) { 1588 return (EINVAL); 1589 } 1590 uio->uio_segflg = UIO_NOCOPY; 1591 1592 cuse_cmd_lock(pccmd); 1593 1594 while (uio->uio_resid != 0) { 1595 1596 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) { 1597 error = ENOMEM; 1598 break; 1599 } 1600 len = uio->uio_iov->iov_len; 1601 1602 cuse_server_lock(pcs); 1603 cuse_client_send_command_locked(pccmd, 1604 (uintptr_t)uio->uio_iov->iov_base, 1605 (unsigned long)(unsigned int)len, pcc->fflags, ioflag); 1606 1607 error = cuse_client_receive_command_locked(pccmd, 0, 0); 1608 cuse_server_unlock(pcs); 1609 1610 if (error < 0) { 1611 error = cuse_convert_error(error); 1612 break; 1613 } else if (error == len) { 1614 error = uiomove(NULL, error, uio); 1615 if (error) 1616 break; 1617 } else { 1618 error = uiomove(NULL, error, uio); 1619 break; 1620 } 1621 } 1622 cuse_cmd_unlock(pccmd); 1623 1624 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */ 1625 1626 if (error == EWOULDBLOCK) 1627 cuse_client_kqfilter_poll(dev, pcc); 1628 1629 return (error); 1630 } 1631 1632 static int 1633 cuse_client_write(struct cdev *dev, struct uio *uio, int ioflag) 1634 { 1635 struct cuse_client_command *pccmd; 1636 struct cuse_client *pcc; 1637 struct cuse_server *pcs; 1638 int error; 1639 int len; 1640 1641 error = cuse_client_get(&pcc); 1642 if (error != 0) 1643 return (error); 1644 1645 pccmd = &pcc->cmds[CUSE_CMD_WRITE]; 1646 pcs = pcc->server; 1647 1648 if (uio->uio_segflg != UIO_USERSPACE) { 1649 return (EINVAL); 1650 } 1651 uio->uio_segflg = UIO_NOCOPY; 1652 1653 cuse_cmd_lock(pccmd); 1654 1655 while (uio->uio_resid != 0) { 1656 1657 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) { 1658 error = ENOMEM; 1659 break; 1660 } 1661 len = uio->uio_iov->iov_len; 1662 1663 cuse_server_lock(pcs); 1664 cuse_client_send_command_locked(pccmd, 1665 (uintptr_t)uio->uio_iov->iov_base, 1666 (unsigned long)(unsigned int)len, pcc->fflags, ioflag); 1667 1668 error = cuse_client_receive_command_locked(pccmd, 0, 0); 1669 cuse_server_unlock(pcs); 1670 1671 if (error < 0) { 1672 error = cuse_convert_error(error); 1673 break; 1674 } else if (error == len) { 1675 error = uiomove(NULL, error, uio); 1676 if (error) 1677 break; 1678 } else { 1679 error = uiomove(NULL, error, uio); 1680 break; 1681 } 1682 } 1683 cuse_cmd_unlock(pccmd); 1684 1685 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */ 1686 1687 if (error == EWOULDBLOCK) 1688 cuse_client_kqfilter_poll(dev, pcc); 1689 1690 return (error); 1691 } 1692 1693 int 1694 cuse_client_ioctl(struct cdev *dev, unsigned long cmd, 1695 caddr_t data, int fflag, struct thread *td) 1696 { 1697 struct cuse_client_command *pccmd; 1698 struct cuse_client *pcc; 1699 struct cuse_server *pcs; 1700 int error; 1701 int len; 1702 1703 error = cuse_client_get(&pcc); 1704 if (error != 0) 1705 return (error); 1706 1707 len = IOCPARM_LEN(cmd); 1708 if (len > CUSE_BUFFER_MAX) 1709 return (ENOMEM); 1710 1711 pccmd = &pcc->cmds[CUSE_CMD_IOCTL]; 1712 pcs = pcc->server; 1713 1714 cuse_cmd_lock(pccmd); 1715 1716 if (cmd & (IOC_IN | IOC_VOID)) 1717 memcpy(pcc->ioctl_buffer, data, len); 1718 1719 /* 1720 * When the ioctl-length is zero drivers can pass information 1721 * through the data pointer of the ioctl. Make sure this information 1722 * is forwarded to the driver. 1723 */ 1724 1725 cuse_server_lock(pcs); 1726 cuse_client_send_command_locked(pccmd, 1727 (len == 0) ? *(long *)data : CUSE_BUF_MIN_PTR, 1728 (unsigned long)cmd, pcc->fflags, 1729 (fflag & O_NONBLOCK) ? IO_NDELAY : 0); 1730 1731 error = cuse_client_receive_command_locked(pccmd, data, len); 1732 cuse_server_unlock(pcs); 1733 1734 if (error < 0) { 1735 error = cuse_convert_error(error); 1736 } else { 1737 error = 0; 1738 } 1739 1740 if (cmd & IOC_OUT) 1741 memcpy(data, pcc->ioctl_buffer, len); 1742 1743 cuse_cmd_unlock(pccmd); 1744 1745 if (error == EWOULDBLOCK) 1746 cuse_client_kqfilter_poll(dev, pcc); 1747 1748 return (error); 1749 } 1750 1751 static int 1752 cuse_client_poll(struct cdev *dev, int events, struct thread *td) 1753 { 1754 struct cuse_client_command *pccmd; 1755 struct cuse_client *pcc; 1756 struct cuse_server *pcs; 1757 unsigned long temp; 1758 int error; 1759 int revents; 1760 1761 error = cuse_client_get(&pcc); 1762 if (error != 0) 1763 goto pollnval; 1764 1765 temp = 0; 1766 pcs = pcc->server; 1767 1768 if (events & (POLLPRI | POLLIN | POLLRDNORM)) 1769 temp |= CUSE_POLL_READ; 1770 1771 if (events & (POLLOUT | POLLWRNORM)) 1772 temp |= CUSE_POLL_WRITE; 1773 1774 if (events & POLLHUP) 1775 temp |= CUSE_POLL_ERROR; 1776 1777 pccmd = &pcc->cmds[CUSE_CMD_POLL]; 1778 1779 cuse_cmd_lock(pccmd); 1780 1781 /* Need to selrecord() first to not loose any events. */ 1782 if (temp != 0 && td != NULL) 1783 selrecord(td, &pcs->selinfo); 1784 1785 cuse_server_lock(pcs); 1786 cuse_client_send_command_locked(pccmd, 1787 0, temp, pcc->fflags, IO_NDELAY); 1788 1789 error = cuse_client_receive_command_locked(pccmd, 0, 0); 1790 cuse_server_unlock(pcs); 1791 1792 cuse_cmd_unlock(pccmd); 1793 1794 if (error < 0) { 1795 goto pollnval; 1796 } else { 1797 revents = 0; 1798 if (error & CUSE_POLL_READ) 1799 revents |= (events & (POLLPRI | POLLIN | POLLRDNORM)); 1800 if (error & CUSE_POLL_WRITE) 1801 revents |= (events & (POLLOUT | POLLWRNORM)); 1802 if (error & CUSE_POLL_ERROR) 1803 revents |= (events & POLLHUP); 1804 } 1805 return (revents); 1806 1807 pollnval: 1808 /* XXX many clients don't understand POLLNVAL */ 1809 return (events & (POLLHUP | POLLPRI | POLLIN | 1810 POLLRDNORM | POLLOUT | POLLWRNORM)); 1811 } 1812 1813 static int 1814 cuse_client_mmap_single(struct cdev *dev, vm_ooffset_t *offset, 1815 vm_size_t size, struct vm_object **object, int nprot) 1816 { 1817 uint32_t page_nr = *offset / PAGE_SIZE; 1818 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX; 1819 struct cuse_memory *mem; 1820 struct cuse_client *pcc; 1821 struct cuse_server *pcs; 1822 int error; 1823 1824 error = cuse_client_get(&pcc); 1825 if (error != 0) 1826 return (error); 1827 1828 pcs = pcc->server; 1829 1830 cuse_server_lock(pcs); 1831 /* lookup memory structure */ 1832 TAILQ_FOREACH(mem, &pcs->hmem, entry) { 1833 if (mem->alloc_nr == alloc_nr) 1834 break; 1835 } 1836 if (mem == NULL) { 1837 cuse_server_unlock(pcs); 1838 return (ENOMEM); 1839 } 1840 /* verify page offset */ 1841 page_nr %= CUSE_ALLOC_PAGES_MAX; 1842 if (page_nr >= mem->page_count) { 1843 cuse_server_unlock(pcs); 1844 return (ENXIO); 1845 } 1846 /* verify mmap size */ 1847 if ((size % PAGE_SIZE) != 0 || (size < PAGE_SIZE) || 1848 (size > ((mem->page_count - page_nr) * PAGE_SIZE))) { 1849 cuse_server_unlock(pcs); 1850 return (EINVAL); 1851 } 1852 vm_object_reference(mem->object); 1853 *object = mem->object; 1854 cuse_server_unlock(pcs); 1855 1856 /* set new VM object offset to use */ 1857 *offset = page_nr * PAGE_SIZE; 1858 1859 /* success */ 1860 return (0); 1861 } 1862 1863 static void 1864 cuse_client_kqfilter_read_detach(struct knote *kn) 1865 { 1866 struct cuse_client *pcc; 1867 struct cuse_server *pcs; 1868 1869 pcc = kn->kn_hook; 1870 pcs = pcc->server; 1871 1872 cuse_server_lock(pcs); 1873 knlist_remove(&pcs->selinfo.si_note, kn, 1); 1874 cuse_server_unlock(pcs); 1875 } 1876 1877 static void 1878 cuse_client_kqfilter_write_detach(struct knote *kn) 1879 { 1880 struct cuse_client *pcc; 1881 struct cuse_server *pcs; 1882 1883 pcc = kn->kn_hook; 1884 pcs = pcc->server; 1885 1886 cuse_server_lock(pcs); 1887 knlist_remove(&pcs->selinfo.si_note, kn, 1); 1888 cuse_server_unlock(pcs); 1889 } 1890 1891 static int 1892 cuse_client_kqfilter_read_event(struct knote *kn, long hint) 1893 { 1894 struct cuse_client *pcc; 1895 1896 pcc = kn->kn_hook; 1897 1898 mtx_assert(&pcc->server->mtx, MA_OWNED); 1899 1900 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_READ) ? 1 : 0); 1901 } 1902 1903 static int 1904 cuse_client_kqfilter_write_event(struct knote *kn, long hint) 1905 { 1906 struct cuse_client *pcc; 1907 1908 pcc = kn->kn_hook; 1909 1910 mtx_assert(&pcc->server->mtx, MA_OWNED); 1911 1912 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_WRITE) ? 1 : 0); 1913 } 1914 1915 static int 1916 cuse_client_kqfilter(struct cdev *dev, struct knote *kn) 1917 { 1918 struct cuse_client *pcc; 1919 struct cuse_server *pcs; 1920 int error; 1921 1922 error = cuse_client_get(&pcc); 1923 if (error != 0) 1924 return (error); 1925 1926 pcs = pcc->server; 1927 1928 cuse_server_lock(pcs); 1929 switch (kn->kn_filter) { 1930 case EVFILT_READ: 1931 pcc->cflags |= CUSE_CLI_KNOTE_HAS_READ; 1932 kn->kn_hook = pcc; 1933 kn->kn_fop = &cuse_client_kqfilter_read_ops; 1934 knlist_add(&pcs->selinfo.si_note, kn, 1); 1935 break; 1936 case EVFILT_WRITE: 1937 pcc->cflags |= CUSE_CLI_KNOTE_HAS_WRITE; 1938 kn->kn_hook = pcc; 1939 kn->kn_fop = &cuse_client_kqfilter_write_ops; 1940 knlist_add(&pcs->selinfo.si_note, kn, 1); 1941 break; 1942 default: 1943 error = EINVAL; 1944 break; 1945 } 1946 cuse_server_unlock(pcs); 1947 1948 if (error == 0) 1949 cuse_client_kqfilter_poll(dev, pcc); 1950 return (error); 1951 }
Cache object: 93c9fb8a910285242b5278a66aac6a1d
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]