The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/fs/cuse/cuse.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /* $FreeBSD$ */
    2 /*-
    3  * Copyright (c) 2010-2020 Hans Petter Selasky. All rights reserved.
    4  *
    5  * Redistribution and use in source and binary forms, with or without
    6  * modification, are permitted provided that the following conditions
    7  * are met:
    8  * 1. Redistributions of source code must retain the above copyright
    9  *    notice, this list of conditions and the following disclaimer.
   10  * 2. Redistributions in binary form must reproduce the above copyright
   11  *    notice, this list of conditions and the following disclaimer in the
   12  *    documentation and/or other materials provided with the distribution.
   13  *
   14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   24  * SUCH DAMAGE.
   25  */
   26 
   27 #include "opt_compat.h"
   28 
   29 #include <sys/stdint.h>
   30 #include <sys/stddef.h>
   31 #include <sys/param.h>
   32 #include <sys/types.h>
   33 #include <sys/systm.h>
   34 #include <sys/conf.h>
   35 #include <sys/kernel.h>
   36 #include <sys/bus.h>
   37 #include <sys/linker_set.h>
   38 #include <sys/module.h>
   39 #include <sys/lock.h>
   40 #include <sys/mutex.h>
   41 #include <sys/condvar.h>
   42 #include <sys/sysctl.h>
   43 #include <sys/unistd.h>
   44 #include <sys/malloc.h>
   45 #include <sys/priv.h>
   46 #include <sys/uio.h>
   47 #include <sys/poll.h>
   48 #include <sys/sx.h>
   49 #include <sys/rwlock.h>
   50 #include <sys/queue.h>
   51 #include <sys/fcntl.h>
   52 #include <sys/proc.h>
   53 #include <sys/vnode.h>
   54 #include <sys/selinfo.h>
   55 #include <sys/ptrace.h>
   56 #include <sys/sysent.h>
   57 
   58 #include <machine/bus.h>
   59 
   60 #include <vm/vm.h>
   61 #include <vm/pmap.h>
   62 #include <vm/vm_object.h>
   63 #include <vm/vm_page.h>
   64 #include <vm/vm_pager.h>
   65 
   66 #include <fs/cuse/cuse_defs.h>
   67 #include <fs/cuse/cuse_ioctl.h>
   68 
   69 static int
   70 cuse_modevent(module_t mod, int type, void *data)
   71 {
   72         switch (type) {
   73         case MOD_LOAD:
   74         case MOD_UNLOAD:
   75                 return (0);
   76         default:
   77                 return (EOPNOTSUPP);
   78         }
   79 }
   80 
   81 static moduledata_t cuse_mod = {
   82         .name = "cuse",
   83         .evhand = &cuse_modevent,
   84 };
   85 
   86 DECLARE_MODULE(cuse, cuse_mod, SI_SUB_DEVFS, SI_ORDER_FIRST);
   87 MODULE_VERSION(cuse, 1);
   88 
   89 /*
   90  * Prevent cuse4bsd.ko and cuse.ko from loading at the same time by
   91  * declaring support for the cuse4bsd interface in cuse.ko:
   92  */
   93 MODULE_VERSION(cuse4bsd, 1);
   94 
   95 #ifdef FEATURE
   96 FEATURE(cuse, "Userspace character devices");
   97 #endif
   98 
   99 struct cuse_command;
  100 struct cuse_server;
  101 struct cuse_client;
  102 
  103 struct cuse_client_command {
  104         TAILQ_ENTRY(cuse_client_command) entry;
  105         struct cuse_command sub;
  106         struct sx sx;
  107         struct cv cv;
  108         struct thread *entered;
  109         struct cuse_client *client;
  110         struct proc *proc_curr;
  111         int     proc_refs;
  112         int     got_signal;
  113         int     error;
  114         int     command;
  115 };
  116 
  117 struct cuse_memory {
  118         TAILQ_ENTRY(cuse_memory) entry;
  119         vm_object_t object;
  120         uint32_t page_count;
  121         uint32_t alloc_nr;
  122 };
  123 
  124 struct cuse_server_dev {
  125         TAILQ_ENTRY(cuse_server_dev) entry;
  126         struct cuse_server *server;
  127         struct cdev *kern_dev;
  128         struct cuse_dev *user_dev;
  129 };
  130 
  131 struct cuse_server {
  132         TAILQ_ENTRY(cuse_server) entry;
  133         TAILQ_HEAD(, cuse_client_command) head;
  134         TAILQ_HEAD(, cuse_server_dev) hdev;
  135         TAILQ_HEAD(, cuse_client) hcli;
  136         TAILQ_HEAD(, cuse_memory) hmem;
  137         struct mtx mtx;
  138         struct cv cv;
  139         struct selinfo selinfo;
  140         pid_t   pid;
  141         int     is_closing;
  142         int     refs;
  143 };
  144 
  145 struct cuse_client {
  146         TAILQ_ENTRY(cuse_client) entry;
  147         TAILQ_ENTRY(cuse_client) entry_ref;
  148         struct cuse_client_command cmds[CUSE_CMD_MAX];
  149         struct cuse_server *server;
  150         struct cuse_server_dev *server_dev;
  151 
  152         uint8_t ioctl_buffer[CUSE_BUFFER_MAX] __aligned(4);
  153 
  154         int     fflags;                 /* file flags */
  155         int     cflags;                 /* client flags */
  156 #define CUSE_CLI_IS_CLOSING 0x01
  157 #define CUSE_CLI_KNOTE_NEED_READ 0x02
  158 #define CUSE_CLI_KNOTE_NEED_WRITE 0x04
  159 #define CUSE_CLI_KNOTE_HAS_READ 0x08
  160 #define CUSE_CLI_KNOTE_HAS_WRITE 0x10
  161 };
  162 
  163 #define CUSE_CLIENT_CLOSING(pcc) \
  164     ((pcc)->cflags & CUSE_CLI_IS_CLOSING)
  165 
  166 static  MALLOC_DEFINE(M_CUSE, "cuse", "CUSE memory");
  167 
  168 static TAILQ_HEAD(, cuse_server) cuse_server_head;
  169 static struct mtx cuse_global_mtx;
  170 static struct cdev *cuse_dev;
  171 static struct cuse_server *cuse_alloc_unit[CUSE_DEVICES_MAX];
  172 static int cuse_alloc_unit_id[CUSE_DEVICES_MAX];
  173 
  174 static void cuse_server_wakeup_all_client_locked(struct cuse_server *pcs);
  175 static void cuse_client_kqfilter_read_detach(struct knote *kn);
  176 static void cuse_client_kqfilter_write_detach(struct knote *kn);
  177 static int cuse_client_kqfilter_read_event(struct knote *kn, long hint);
  178 static int cuse_client_kqfilter_write_event(struct knote *kn, long hint);
  179 
  180 static struct filterops cuse_client_kqfilter_read_ops = {
  181         .f_isfd = 1,
  182         .f_detach = cuse_client_kqfilter_read_detach,
  183         .f_event = cuse_client_kqfilter_read_event,
  184 };
  185 
  186 static struct filterops cuse_client_kqfilter_write_ops = {
  187         .f_isfd = 1,
  188         .f_detach = cuse_client_kqfilter_write_detach,
  189         .f_event = cuse_client_kqfilter_write_event,
  190 };
  191 
  192 static d_open_t cuse_client_open;
  193 static d_close_t cuse_client_close;
  194 static d_ioctl_t cuse_client_ioctl;
  195 static d_read_t cuse_client_read;
  196 static d_write_t cuse_client_write;
  197 static d_poll_t cuse_client_poll;
  198 static d_mmap_single_t cuse_client_mmap_single;
  199 static d_kqfilter_t cuse_client_kqfilter;
  200 
  201 static struct cdevsw cuse_client_devsw = {
  202         .d_version = D_VERSION,
  203         .d_open = cuse_client_open,
  204         .d_close = cuse_client_close,
  205         .d_ioctl = cuse_client_ioctl,
  206         .d_name = "cuse_client",
  207         .d_flags = D_TRACKCLOSE,
  208         .d_read = cuse_client_read,
  209         .d_write = cuse_client_write,
  210         .d_poll = cuse_client_poll,
  211         .d_mmap_single = cuse_client_mmap_single,
  212         .d_kqfilter = cuse_client_kqfilter,
  213 };
  214 
  215 static d_open_t cuse_server_open;
  216 static d_close_t cuse_server_close;
  217 static d_ioctl_t cuse_server_ioctl;
  218 static d_read_t cuse_server_read;
  219 static d_write_t cuse_server_write;
  220 static d_poll_t cuse_server_poll;
  221 static d_mmap_single_t cuse_server_mmap_single;
  222 
  223 static struct cdevsw cuse_server_devsw = {
  224         .d_version = D_VERSION,
  225         .d_open = cuse_server_open,
  226         .d_close = cuse_server_close,
  227         .d_ioctl = cuse_server_ioctl,
  228         .d_name = "cuse_server",
  229         .d_flags = D_TRACKCLOSE,
  230         .d_read = cuse_server_read,
  231         .d_write = cuse_server_write,
  232         .d_poll = cuse_server_poll,
  233         .d_mmap_single = cuse_server_mmap_single,
  234 };
  235 
  236 static void cuse_client_is_closing(struct cuse_client *);
  237 static int cuse_free_unit_by_id_locked(struct cuse_server *, int);
  238 
  239 static void
  240 cuse_global_lock(void)
  241 {
  242         mtx_lock(&cuse_global_mtx);
  243 }
  244 
  245 static void
  246 cuse_global_unlock(void)
  247 {
  248         mtx_unlock(&cuse_global_mtx);
  249 }
  250 
  251 static void
  252 cuse_server_lock(struct cuse_server *pcs)
  253 {
  254         mtx_lock(&pcs->mtx);
  255 }
  256 
  257 static void
  258 cuse_server_unlock(struct cuse_server *pcs)
  259 {
  260         mtx_unlock(&pcs->mtx);
  261 }
  262 
  263 static void
  264 cuse_cmd_lock(struct cuse_client_command *pccmd)
  265 {
  266         sx_xlock(&pccmd->sx);
  267 }
  268 
  269 static void
  270 cuse_cmd_unlock(struct cuse_client_command *pccmd)
  271 {
  272         sx_xunlock(&pccmd->sx);
  273 }
  274 
  275 static void
  276 cuse_kern_init(void *arg)
  277 {
  278         TAILQ_INIT(&cuse_server_head);
  279 
  280         mtx_init(&cuse_global_mtx, "cuse-global-mtx", NULL, MTX_DEF);
  281 
  282         cuse_dev = make_dev(&cuse_server_devsw, 0,
  283             UID_ROOT, GID_OPERATOR, 0600, "cuse");
  284 
  285         printf("Cuse v%d.%d.%d @ /dev/cuse\n",
  286             (CUSE_VERSION >> 16) & 0xFF, (CUSE_VERSION >> 8) & 0xFF,
  287             (CUSE_VERSION >> 0) & 0xFF);
  288 }
  289 SYSINIT(cuse_kern_init, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_init, NULL);
  290 
  291 static void
  292 cuse_kern_uninit(void *arg)
  293 {
  294         void *ptr;
  295 
  296         while (1) {
  297 
  298                 printf("Cuse: Please exit all /dev/cuse instances "
  299                     "and processes which have used this device.\n");
  300 
  301                 pause("DRAIN", 2 * hz);
  302 
  303                 cuse_global_lock();
  304                 ptr = TAILQ_FIRST(&cuse_server_head);
  305                 cuse_global_unlock();
  306 
  307                 if (ptr == NULL)
  308                         break;
  309         }
  310 
  311         if (cuse_dev != NULL)
  312                 destroy_dev(cuse_dev);
  313 
  314         mtx_destroy(&cuse_global_mtx);
  315 }
  316 SYSUNINIT(cuse_kern_uninit, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_uninit, 0);
  317 
  318 static int
  319 cuse_server_get(struct cuse_server **ppcs)
  320 {
  321         struct cuse_server *pcs;
  322         int error;
  323 
  324         error = devfs_get_cdevpriv((void **)&pcs);
  325         if (error != 0) {
  326                 *ppcs = NULL;
  327                 return (error);
  328         }
  329         if (pcs->is_closing) {
  330                 *ppcs = NULL;
  331                 return (EINVAL);
  332         }
  333         *ppcs = pcs;
  334         return (0);
  335 }
  336 
  337 static void
  338 cuse_server_is_closing(struct cuse_server *pcs)
  339 {
  340         struct cuse_client *pcc;
  341 
  342         if (pcs->is_closing)
  343                 return;
  344 
  345         pcs->is_closing = 1;
  346 
  347         TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
  348                 cuse_client_is_closing(pcc);
  349         }
  350 }
  351 
  352 static struct cuse_client_command *
  353 cuse_server_find_command(struct cuse_server *pcs, struct thread *td)
  354 {
  355         struct cuse_client *pcc;
  356         int n;
  357 
  358         if (pcs->is_closing)
  359                 goto done;
  360 
  361         TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
  362                 if (CUSE_CLIENT_CLOSING(pcc))
  363                         continue;
  364                 for (n = 0; n != CUSE_CMD_MAX; n++) {
  365                         if (pcc->cmds[n].entered == td)
  366                                 return (&pcc->cmds[n]);
  367                 }
  368         }
  369 done:
  370         return (NULL);
  371 }
  372 
  373 static void
  374 cuse_str_filter(char *ptr)
  375 {
  376         int c;
  377 
  378         while (((c = *ptr) != 0)) {
  379 
  380                 if ((c >= 'a') && (c <= 'z')) {
  381                         ptr++;
  382                         continue;
  383                 }
  384                 if ((c >= 'A') && (c <= 'Z')) {
  385                         ptr++;
  386                         continue;
  387                 }
  388                 if ((c >= '') && (c <= '9')) {
  389                         ptr++;
  390                         continue;
  391                 }
  392                 if ((c == '.') || (c == '_') || (c == '/')) {
  393                         ptr++;
  394                         continue;
  395                 }
  396                 *ptr = '_';
  397 
  398                 ptr++;
  399         }
  400 }
  401 
  402 static int
  403 cuse_convert_error(int error)
  404 {
  405         ;                               /* indent fix */
  406         switch (error) {
  407         case CUSE_ERR_NONE:
  408                 return (0);
  409         case CUSE_ERR_BUSY:
  410                 return (EBUSY);
  411         case CUSE_ERR_WOULDBLOCK:
  412                 return (EWOULDBLOCK);
  413         case CUSE_ERR_INVALID:
  414                 return (EINVAL);
  415         case CUSE_ERR_NO_MEMORY:
  416                 return (ENOMEM);
  417         case CUSE_ERR_FAULT:
  418                 return (EFAULT);
  419         case CUSE_ERR_SIGNAL:
  420                 return (EINTR);
  421         case CUSE_ERR_NO_DEVICE:
  422                 return (ENODEV);
  423         default:
  424                 return (ENXIO);
  425         }
  426 }
  427 
  428 static void
  429 cuse_vm_memory_free(struct cuse_memory *mem)
  430 {
  431         /* last user is gone - free */
  432         vm_object_deallocate(mem->object);
  433 
  434         /* free CUSE memory */
  435         free(mem, M_CUSE);
  436 }
  437 
  438 static int
  439 cuse_server_alloc_memory(struct cuse_server *pcs, uint32_t alloc_nr,
  440     uint32_t page_count)
  441 {
  442         struct cuse_memory *temp;
  443         struct cuse_memory *mem;
  444         vm_object_t object;
  445         int error;
  446 
  447         mem = malloc(sizeof(*mem), M_CUSE, M_WAITOK | M_ZERO);
  448 
  449         object = vm_pager_allocate(OBJT_SWAP, NULL, PAGE_SIZE * page_count,
  450             VM_PROT_DEFAULT, 0, curthread->td_ucred);
  451         if (object == NULL) {
  452                 error = ENOMEM;
  453                 goto error_0;
  454         }
  455 
  456         cuse_server_lock(pcs);
  457         /* check if allocation number already exists */
  458         TAILQ_FOREACH(temp, &pcs->hmem, entry) {
  459                 if (temp->alloc_nr == alloc_nr)
  460                         break;
  461         }
  462         if (temp != NULL) {
  463                 cuse_server_unlock(pcs);
  464                 error = EBUSY;
  465                 goto error_1;
  466         }
  467         mem->object = object;
  468         mem->page_count = page_count;
  469         mem->alloc_nr = alloc_nr;
  470         TAILQ_INSERT_TAIL(&pcs->hmem, mem, entry);
  471         cuse_server_unlock(pcs);
  472 
  473         return (0);
  474 
  475 error_1:
  476         vm_object_deallocate(object);
  477 error_0:
  478         free(mem, M_CUSE);
  479         return (error);
  480 }
  481 
  482 static int
  483 cuse_server_free_memory(struct cuse_server *pcs, uint32_t alloc_nr)
  484 {
  485         struct cuse_memory *mem;
  486 
  487         cuse_server_lock(pcs);
  488         TAILQ_FOREACH(mem, &pcs->hmem, entry) {
  489                 if (mem->alloc_nr == alloc_nr)
  490                         break;
  491         }
  492         if (mem == NULL) {
  493                 cuse_server_unlock(pcs);
  494                 return (EINVAL);
  495         }
  496         TAILQ_REMOVE(&pcs->hmem, mem, entry);
  497         cuse_server_unlock(pcs);
  498 
  499         cuse_vm_memory_free(mem);
  500 
  501         return (0);
  502 }
  503 
  504 static int
  505 cuse_client_get(struct cuse_client **ppcc)
  506 {
  507         struct cuse_client *pcc;
  508         int error;
  509 
  510         /* try to get private data */
  511         error = devfs_get_cdevpriv((void **)&pcc);
  512         if (error != 0) {
  513                 *ppcc = NULL;
  514                 return (error);
  515         }
  516         if (CUSE_CLIENT_CLOSING(pcc) || pcc->server->is_closing) {
  517                 *ppcc = NULL;
  518                 return (EINVAL);
  519         }
  520         *ppcc = pcc;
  521         return (0);
  522 }
  523 
  524 static void
  525 cuse_client_is_closing(struct cuse_client *pcc)
  526 {
  527         struct cuse_client_command *pccmd;
  528         uint32_t n;
  529 
  530         if (CUSE_CLIENT_CLOSING(pcc))
  531                 return;
  532 
  533         pcc->cflags |= CUSE_CLI_IS_CLOSING;
  534         pcc->server_dev = NULL;
  535 
  536         for (n = 0; n != CUSE_CMD_MAX; n++) {
  537 
  538                 pccmd = &pcc->cmds[n];
  539 
  540                 if (pccmd->entry.tqe_prev != NULL) {
  541                         TAILQ_REMOVE(&pcc->server->head, pccmd, entry);
  542                         pccmd->entry.tqe_prev = NULL;
  543                 }
  544                 cv_broadcast(&pccmd->cv);
  545         }
  546 }
  547 
  548 static void
  549 cuse_client_send_command_locked(struct cuse_client_command *pccmd,
  550     uintptr_t data_ptr, unsigned long arg, int fflags, int ioflag)
  551 {
  552         unsigned long cuse_fflags = 0;
  553         struct cuse_server *pcs;
  554 
  555         if (fflags & FREAD)
  556                 cuse_fflags |= CUSE_FFLAG_READ;
  557 
  558         if (fflags & FWRITE)
  559                 cuse_fflags |= CUSE_FFLAG_WRITE;
  560 
  561         if (ioflag & IO_NDELAY)
  562                 cuse_fflags |= CUSE_FFLAG_NONBLOCK;
  563 #if defined(__LP64__)
  564         if (SV_CURPROC_FLAG(SV_ILP32))
  565                 cuse_fflags |= CUSE_FFLAG_COMPAT32;
  566 #endif
  567         pccmd->sub.fflags = cuse_fflags;
  568         pccmd->sub.data_pointer = data_ptr;
  569         pccmd->sub.argument = arg;
  570 
  571         pcs = pccmd->client->server;
  572 
  573         if ((pccmd->entry.tqe_prev == NULL) &&
  574             (CUSE_CLIENT_CLOSING(pccmd->client) == 0) &&
  575             (pcs->is_closing == 0)) {
  576                 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry);
  577                 cv_signal(&pcs->cv);
  578         }
  579 }
  580 
  581 static void
  582 cuse_client_got_signal(struct cuse_client_command *pccmd)
  583 {
  584         struct cuse_server *pcs;
  585 
  586         pccmd->got_signal = 1;
  587 
  588         pccmd = &pccmd->client->cmds[CUSE_CMD_SIGNAL];
  589 
  590         pcs = pccmd->client->server;
  591 
  592         if ((pccmd->entry.tqe_prev == NULL) &&
  593             (CUSE_CLIENT_CLOSING(pccmd->client) == 0) &&
  594             (pcs->is_closing == 0)) {
  595                 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry);
  596                 cv_signal(&pcs->cv);
  597         }
  598 }
  599 
  600 static int
  601 cuse_client_receive_command_locked(struct cuse_client_command *pccmd,
  602     uint8_t *arg_ptr, uint32_t arg_len)
  603 {
  604         struct cuse_server *pcs;
  605         int error;
  606 
  607         pcs = pccmd->client->server;
  608         error = 0;
  609 
  610         pccmd->proc_curr = curthread->td_proc;
  611 
  612         if (CUSE_CLIENT_CLOSING(pccmd->client) || pcs->is_closing) {
  613                 error = CUSE_ERR_OTHER;
  614                 goto done;
  615         }
  616         while (pccmd->command == CUSE_CMD_NONE) {
  617                 if (error != 0) {
  618                         cv_wait(&pccmd->cv, &pcs->mtx);
  619                 } else {
  620                         error = cv_wait_sig(&pccmd->cv, &pcs->mtx);
  621 
  622                         if (error != 0)
  623                                 cuse_client_got_signal(pccmd);
  624                 }
  625                 if (CUSE_CLIENT_CLOSING(pccmd->client) || pcs->is_closing) {
  626                         error = CUSE_ERR_OTHER;
  627                         goto done;
  628                 }
  629         }
  630 
  631         error = pccmd->error;
  632         pccmd->command = CUSE_CMD_NONE;
  633         cv_signal(&pccmd->cv);
  634 
  635 done:
  636 
  637         /* wait until all process references are gone */
  638 
  639         pccmd->proc_curr = NULL;
  640 
  641         while (pccmd->proc_refs != 0)
  642                 cv_wait(&pccmd->cv, &pcs->mtx);
  643 
  644         return (error);
  645 }
  646 
  647 /*------------------------------------------------------------------------*
  648  *      CUSE SERVER PART
  649  *------------------------------------------------------------------------*/
  650 
  651 static void
  652 cuse_server_free_dev(struct cuse_server_dev *pcsd)
  653 {
  654         struct cuse_server *pcs;
  655         struct cuse_client *pcc;
  656 
  657         /* get server pointer */
  658         pcs = pcsd->server;
  659 
  660         /* prevent creation of more devices */
  661         cuse_server_lock(pcs);
  662         if (pcsd->kern_dev != NULL)
  663                 pcsd->kern_dev->si_drv1 = NULL;
  664 
  665         TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
  666                 if (pcc->server_dev == pcsd)
  667                         cuse_client_is_closing(pcc);
  668         }
  669         cuse_server_unlock(pcs);
  670 
  671         /* destroy device, if any */
  672         if (pcsd->kern_dev != NULL) {
  673                 /* destroy device synchronously */
  674                 destroy_dev(pcsd->kern_dev);
  675         }
  676         free(pcsd, M_CUSE);
  677 }
  678 
  679 static void
  680 cuse_server_unref(struct cuse_server *pcs)
  681 {
  682         struct cuse_server_dev *pcsd;
  683         struct cuse_memory *mem;
  684 
  685         cuse_server_lock(pcs);
  686         if (--(pcs->refs) != 0) {
  687                 cuse_server_unlock(pcs);
  688                 return;
  689         }
  690         cuse_server_is_closing(pcs);
  691         /* final client wakeup, if any */
  692         cuse_server_wakeup_all_client_locked(pcs);
  693 
  694         cuse_global_lock();
  695         TAILQ_REMOVE(&cuse_server_head, pcs, entry);
  696         cuse_global_unlock();
  697 
  698         while ((pcsd = TAILQ_FIRST(&pcs->hdev)) != NULL) {
  699                 TAILQ_REMOVE(&pcs->hdev, pcsd, entry);
  700                 cuse_server_unlock(pcs);
  701                 cuse_server_free_dev(pcsd);
  702                 cuse_server_lock(pcs);
  703         }
  704 
  705         cuse_free_unit_by_id_locked(pcs, -1);
  706 
  707         while ((mem = TAILQ_FIRST(&pcs->hmem)) != NULL) {
  708                 TAILQ_REMOVE(&pcs->hmem, mem, entry);
  709                 cuse_server_unlock(pcs);
  710                 cuse_vm_memory_free(mem);
  711                 cuse_server_lock(pcs);
  712         }
  713 
  714         knlist_clear(&pcs->selinfo.si_note, 1);
  715         knlist_destroy(&pcs->selinfo.si_note);
  716 
  717         cuse_server_unlock(pcs);
  718 
  719         seldrain(&pcs->selinfo);
  720 
  721         cv_destroy(&pcs->cv);
  722 
  723         mtx_destroy(&pcs->mtx);
  724 
  725         free(pcs, M_CUSE);
  726 }
  727 
  728 static int
  729 cuse_server_do_close(struct cuse_server *pcs)
  730 {
  731         int retval;
  732 
  733         cuse_server_lock(pcs);
  734         cuse_server_is_closing(pcs);
  735         /* final client wakeup, if any */
  736         cuse_server_wakeup_all_client_locked(pcs);
  737 
  738         knlist_clear(&pcs->selinfo.si_note, 1);
  739 
  740         retval = pcs->refs;
  741         cuse_server_unlock(pcs);
  742 
  743         return (retval);
  744 }
  745 
  746 static void
  747 cuse_server_free(void *arg)
  748 {
  749         struct cuse_server *pcs = arg;
  750 
  751         /*
  752          * The final server unref should be done by the server thread
  753          * to prevent deadlock in the client cdevpriv destructor,
  754          * which cannot destroy itself.
  755          */
  756         while (cuse_server_do_close(pcs) != 1)
  757                 pause("W", hz);
  758 
  759         /* drop final refcount */
  760         cuse_server_unref(pcs);
  761 }
  762 
  763 static int
  764 cuse_server_open(struct cdev *dev, int fflags, int devtype, struct thread *td)
  765 {
  766         struct cuse_server *pcs;
  767 
  768         pcs = malloc(sizeof(*pcs), M_CUSE, M_WAITOK | M_ZERO);
  769 
  770         if (devfs_set_cdevpriv(pcs, &cuse_server_free)) {
  771                 printf("Cuse: Cannot set cdevpriv.\n");
  772                 free(pcs, M_CUSE);
  773                 return (ENOMEM);
  774         }
  775         /* store current process ID */
  776         pcs->pid = curproc->p_pid;
  777 
  778         TAILQ_INIT(&pcs->head);
  779         TAILQ_INIT(&pcs->hdev);
  780         TAILQ_INIT(&pcs->hcli);
  781         TAILQ_INIT(&pcs->hmem);
  782 
  783         cv_init(&pcs->cv, "cuse-server-cv");
  784 
  785         mtx_init(&pcs->mtx, "cuse-server-mtx", NULL, MTX_DEF);
  786 
  787         knlist_init_mtx(&pcs->selinfo.si_note, &pcs->mtx);
  788 
  789         cuse_global_lock();
  790         pcs->refs++;
  791         TAILQ_INSERT_TAIL(&cuse_server_head, pcs, entry);
  792         cuse_global_unlock();
  793 
  794         return (0);
  795 }
  796 
  797 static int
  798 cuse_server_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
  799 {
  800         struct cuse_server *pcs;
  801 
  802         if (cuse_server_get(&pcs) == 0)
  803                 cuse_server_do_close(pcs);
  804 
  805         return (0);
  806 }
  807 
  808 static int
  809 cuse_server_read(struct cdev *dev, struct uio *uio, int ioflag)
  810 {
  811         return (ENXIO);
  812 }
  813 
  814 static int
  815 cuse_server_write(struct cdev *dev, struct uio *uio, int ioflag)
  816 {
  817         return (ENXIO);
  818 }
  819 
  820 static int
  821 cuse_server_ioctl_copy_locked(struct cuse_server *pcs,
  822     struct cuse_client_command *pccmd,
  823     struct cuse_data_chunk *pchk, int isread)
  824 {
  825         struct proc *p_proc;
  826         uint32_t offset;
  827         int error;
  828 
  829         offset = pchk->peer_ptr - CUSE_BUF_MIN_PTR;
  830 
  831         if (pchk->length > CUSE_BUFFER_MAX)
  832                 return (EFAULT);
  833 
  834         if (offset >= CUSE_BUFFER_MAX)
  835                 return (EFAULT);
  836 
  837         if ((offset + pchk->length) > CUSE_BUFFER_MAX)
  838                 return (EFAULT);
  839 
  840         p_proc = pccmd->proc_curr;
  841         if (p_proc == NULL)
  842                 return (ENXIO);
  843 
  844         if (pccmd->proc_refs < 0)
  845                 return (ENOMEM);
  846 
  847         pccmd->proc_refs++;
  848 
  849         cuse_server_unlock(pcs);
  850 
  851         if (isread == 0) {
  852                 error = copyin(
  853                     (void *)pchk->local_ptr,
  854                     pccmd->client->ioctl_buffer + offset,
  855                     pchk->length);
  856         } else {
  857                 error = copyout(
  858                     pccmd->client->ioctl_buffer + offset,
  859                     (void *)pchk->local_ptr,
  860                     pchk->length);
  861         }
  862 
  863         cuse_server_lock(pcs);
  864 
  865         pccmd->proc_refs--;
  866 
  867         if (pccmd->proc_curr == NULL)
  868                 cv_signal(&pccmd->cv);
  869 
  870         return (error);
  871 }
  872 
  873 static int
  874 cuse_proc2proc_copy(struct proc *proc_s, vm_offset_t data_s,
  875     struct proc *proc_d, vm_offset_t data_d, size_t len)
  876 {
  877         struct thread *td;
  878         struct proc *proc_cur;
  879         int error;
  880 
  881         td = curthread;
  882         proc_cur = td->td_proc;
  883 
  884         if (proc_cur == proc_d) {
  885                 struct iovec iov = {
  886                         .iov_base = (caddr_t)data_d,
  887                         .iov_len = len,
  888                 };
  889                 struct uio uio = {
  890                         .uio_iov = &iov,
  891                         .uio_iovcnt = 1,
  892                         .uio_offset = (off_t)data_s,
  893                         .uio_resid = len,
  894                         .uio_segflg = UIO_USERSPACE,
  895                         .uio_rw = UIO_READ,
  896                         .uio_td = td,
  897                 };
  898 
  899                 PHOLD(proc_s);
  900                 error = proc_rwmem(proc_s, &uio);
  901                 PRELE(proc_s);
  902 
  903         } else if (proc_cur == proc_s) {
  904                 struct iovec iov = {
  905                         .iov_base = (caddr_t)data_s,
  906                         .iov_len = len,
  907                 };
  908                 struct uio uio = {
  909                         .uio_iov = &iov,
  910                         .uio_iovcnt = 1,
  911                         .uio_offset = (off_t)data_d,
  912                         .uio_resid = len,
  913                         .uio_segflg = UIO_USERSPACE,
  914                         .uio_rw = UIO_WRITE,
  915                         .uio_td = td,
  916                 };
  917 
  918                 PHOLD(proc_d);
  919                 error = proc_rwmem(proc_d, &uio);
  920                 PRELE(proc_d);
  921         } else {
  922                 error = EINVAL;
  923         }
  924         return (error);
  925 }
  926 
  927 static int
  928 cuse_server_data_copy_locked(struct cuse_server *pcs,
  929     struct cuse_client_command *pccmd,
  930     struct cuse_data_chunk *pchk, int isread)
  931 {
  932         struct proc *p_proc;
  933         int error;
  934 
  935         p_proc = pccmd->proc_curr;
  936         if (p_proc == NULL)
  937                 return (ENXIO);
  938 
  939         if (pccmd->proc_refs < 0)
  940                 return (ENOMEM);
  941 
  942         pccmd->proc_refs++;
  943 
  944         cuse_server_unlock(pcs);
  945 
  946         if (isread == 0) {
  947                 error = cuse_proc2proc_copy(
  948                     curthread->td_proc, pchk->local_ptr,
  949                     p_proc, pchk->peer_ptr,
  950                     pchk->length);
  951         } else {
  952                 error = cuse_proc2proc_copy(
  953                     p_proc, pchk->peer_ptr,
  954                     curthread->td_proc, pchk->local_ptr,
  955                     pchk->length);
  956         }
  957 
  958         cuse_server_lock(pcs);
  959 
  960         pccmd->proc_refs--;
  961 
  962         if (pccmd->proc_curr == NULL)
  963                 cv_signal(&pccmd->cv);
  964 
  965         return (error);
  966 }
  967 
  968 static int
  969 cuse_alloc_unit_by_id_locked(struct cuse_server *pcs, int id)
  970 {
  971         int n;
  972         int x = 0;
  973         int match;
  974 
  975         do {
  976                 for (match = n = 0; n != CUSE_DEVICES_MAX; n++) {
  977                         if (cuse_alloc_unit[n] != NULL) {
  978                                 if ((cuse_alloc_unit_id[n] ^ id) & CUSE_ID_MASK)
  979                                         continue;
  980                                 if ((cuse_alloc_unit_id[n] & ~CUSE_ID_MASK) == x) {
  981                                         x++;
  982                                         match = 1;
  983                                 }
  984                         }
  985                 }
  986         } while (match);
  987 
  988         if (x < 256) {
  989                 for (n = 0; n != CUSE_DEVICES_MAX; n++) {
  990                         if (cuse_alloc_unit[n] == NULL) {
  991                                 cuse_alloc_unit[n] = pcs;
  992                                 cuse_alloc_unit_id[n] = id | x;
  993                                 return (x);
  994                         }
  995                 }
  996         }
  997         return (-1);
  998 }
  999 
 1000 static void
 1001 cuse_server_wakeup_locked(struct cuse_server *pcs)
 1002 {
 1003         selwakeup(&pcs->selinfo);
 1004         KNOTE_LOCKED(&pcs->selinfo.si_note, 0);
 1005 }
 1006 
 1007 static void
 1008 cuse_server_wakeup_all_client_locked(struct cuse_server *pcs)
 1009 {
 1010         struct cuse_client *pcc;
 1011 
 1012         TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
 1013                 pcc->cflags |= (CUSE_CLI_KNOTE_NEED_READ |
 1014                     CUSE_CLI_KNOTE_NEED_WRITE);
 1015         }
 1016         cuse_server_wakeup_locked(pcs);
 1017 }
 1018 
 1019 static int
 1020 cuse_free_unit_by_id_locked(struct cuse_server *pcs, int id)
 1021 {
 1022         int n;
 1023         int found = 0;
 1024 
 1025         for (n = 0; n != CUSE_DEVICES_MAX; n++) {
 1026                 if (cuse_alloc_unit[n] == pcs) {
 1027                         if (cuse_alloc_unit_id[n] == id || id == -1) {
 1028                                 cuse_alloc_unit[n] = NULL;
 1029                                 cuse_alloc_unit_id[n] = 0;
 1030                                 found = 1;
 1031                         }
 1032                 }
 1033         }
 1034 
 1035         return (found ? 0 : EINVAL);
 1036 }
 1037 
 1038 static int
 1039 cuse_server_ioctl(struct cdev *dev, unsigned long cmd,
 1040     caddr_t data, int fflag, struct thread *td)
 1041 {
 1042         struct cuse_server *pcs;
 1043         int error;
 1044 
 1045         error = cuse_server_get(&pcs);
 1046         if (error != 0)
 1047                 return (error);
 1048 
 1049         switch (cmd) {
 1050                 struct cuse_client_command *pccmd;
 1051                 struct cuse_client *pcc;
 1052                 struct cuse_command *pcmd;
 1053                 struct cuse_alloc_info *pai;
 1054                 struct cuse_create_dev *pcd;
 1055                 struct cuse_server_dev *pcsd;
 1056                 struct cuse_data_chunk *pchk;
 1057                 int n;
 1058 
 1059         case CUSE_IOCTL_GET_COMMAND:
 1060                 pcmd = (void *)data;
 1061 
 1062                 cuse_server_lock(pcs);
 1063 
 1064                 while ((pccmd = TAILQ_FIRST(&pcs->head)) == NULL) {
 1065                         error = cv_wait_sig(&pcs->cv, &pcs->mtx);
 1066 
 1067                         if (pcs->is_closing)
 1068                                 error = ENXIO;
 1069 
 1070                         if (error) {
 1071                                 cuse_server_unlock(pcs);
 1072                                 return (error);
 1073                         }
 1074                 }
 1075 
 1076                 TAILQ_REMOVE(&pcs->head, pccmd, entry);
 1077                 pccmd->entry.tqe_prev = NULL;
 1078 
 1079                 pccmd->entered = curthread;
 1080 
 1081                 *pcmd = pccmd->sub;
 1082 
 1083                 cuse_server_unlock(pcs);
 1084 
 1085                 break;
 1086 
 1087         case CUSE_IOCTL_SYNC_COMMAND:
 1088 
 1089                 cuse_server_lock(pcs);
 1090                 while ((pccmd = cuse_server_find_command(pcs, curthread)) != NULL) {
 1091 
 1092                         /* send sync command */
 1093                         pccmd->entered = NULL;
 1094                         pccmd->error = *(int *)data;
 1095                         pccmd->command = CUSE_CMD_SYNC;
 1096 
 1097                         /* signal peer, if any */
 1098                         cv_signal(&pccmd->cv);
 1099                 }
 1100                 cuse_server_unlock(pcs);
 1101 
 1102                 break;
 1103 
 1104         case CUSE_IOCTL_ALLOC_UNIT:
 1105 
 1106                 cuse_server_lock(pcs);
 1107                 n = cuse_alloc_unit_by_id_locked(pcs,
 1108                     CUSE_ID_DEFAULT(0));
 1109                 cuse_server_unlock(pcs);
 1110 
 1111                 if (n < 0)
 1112                         error = ENOMEM;
 1113                 else
 1114                         *(int *)data = n;
 1115                 break;
 1116 
 1117         case CUSE_IOCTL_ALLOC_UNIT_BY_ID:
 1118 
 1119                 n = *(int *)data;
 1120 
 1121                 n = (n & CUSE_ID_MASK);
 1122 
 1123                 cuse_server_lock(pcs);
 1124                 n = cuse_alloc_unit_by_id_locked(pcs, n);
 1125                 cuse_server_unlock(pcs);
 1126 
 1127                 if (n < 0)
 1128                         error = ENOMEM;
 1129                 else
 1130                         *(int *)data = n;
 1131                 break;
 1132 
 1133         case CUSE_IOCTL_FREE_UNIT:
 1134 
 1135                 n = *(int *)data;
 1136 
 1137                 n = CUSE_ID_DEFAULT(n);
 1138 
 1139                 cuse_server_lock(pcs);
 1140                 error = cuse_free_unit_by_id_locked(pcs, n);
 1141                 cuse_server_unlock(pcs);
 1142                 break;
 1143 
 1144         case CUSE_IOCTL_FREE_UNIT_BY_ID:
 1145 
 1146                 n = *(int *)data;
 1147 
 1148                 cuse_server_lock(pcs);
 1149                 error = cuse_free_unit_by_id_locked(pcs, n);
 1150                 cuse_server_unlock(pcs);
 1151                 break;
 1152 
 1153         case CUSE_IOCTL_ALLOC_MEMORY:
 1154 
 1155                 pai = (void *)data;
 1156 
 1157                 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) {
 1158                         error = ENOMEM;
 1159                         break;
 1160                 }
 1161                 if (pai->page_count >= CUSE_ALLOC_PAGES_MAX) {
 1162                         error = ENOMEM;
 1163                         break;
 1164                 }
 1165                 error = cuse_server_alloc_memory(pcs,
 1166                     pai->alloc_nr, pai->page_count);
 1167                 break;
 1168 
 1169         case CUSE_IOCTL_FREE_MEMORY:
 1170                 pai = (void *)data;
 1171 
 1172                 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) {
 1173                         error = ENOMEM;
 1174                         break;
 1175                 }
 1176                 error = cuse_server_free_memory(pcs, pai->alloc_nr);
 1177                 break;
 1178 
 1179         case CUSE_IOCTL_GET_SIG:
 1180 
 1181                 cuse_server_lock(pcs);
 1182                 pccmd = cuse_server_find_command(pcs, curthread);
 1183 
 1184                 if (pccmd != NULL) {
 1185                         n = pccmd->got_signal;
 1186                         pccmd->got_signal = 0;
 1187                 } else {
 1188                         n = 0;
 1189                 }
 1190                 cuse_server_unlock(pcs);
 1191 
 1192                 *(int *)data = n;
 1193 
 1194                 break;
 1195 
 1196         case CUSE_IOCTL_SET_PFH:
 1197 
 1198                 cuse_server_lock(pcs);
 1199                 pccmd = cuse_server_find_command(pcs, curthread);
 1200 
 1201                 if (pccmd != NULL) {
 1202                         pcc = pccmd->client;
 1203                         for (n = 0; n != CUSE_CMD_MAX; n++) {
 1204                                 pcc->cmds[n].sub.per_file_handle = *(uintptr_t *)data;
 1205                         }
 1206                 } else {
 1207                         error = ENXIO;
 1208                 }
 1209                 cuse_server_unlock(pcs);
 1210                 break;
 1211 
 1212         case CUSE_IOCTL_CREATE_DEV:
 1213 
 1214                 error = priv_check(curthread, PRIV_DRIVER);
 1215                 if (error)
 1216                         break;
 1217 
 1218                 pcd = (void *)data;
 1219 
 1220                 /* filter input */
 1221 
 1222                 pcd->devname[sizeof(pcd->devname) - 1] = 0;
 1223 
 1224                 if (pcd->devname[0] == 0) {
 1225                         error = EINVAL;
 1226                         break;
 1227                 }
 1228                 cuse_str_filter(pcd->devname);
 1229 
 1230                 pcd->permissions &= 0777;
 1231 
 1232                 /* try to allocate a character device */
 1233 
 1234                 pcsd = malloc(sizeof(*pcsd), M_CUSE, M_WAITOK | M_ZERO);
 1235 
 1236                 pcsd->server = pcs;
 1237 
 1238                 pcsd->user_dev = pcd->dev;
 1239 
 1240                 pcsd->kern_dev = make_dev_credf(MAKEDEV_CHECKNAME,
 1241                     &cuse_client_devsw, 0, NULL, pcd->user_id, pcd->group_id,
 1242                     pcd->permissions, "%s", pcd->devname);
 1243 
 1244                 if (pcsd->kern_dev == NULL) {
 1245                         free(pcsd, M_CUSE);
 1246                         error = ENOMEM;
 1247                         break;
 1248                 }
 1249                 pcsd->kern_dev->si_drv1 = pcsd;
 1250 
 1251                 cuse_server_lock(pcs);
 1252                 TAILQ_INSERT_TAIL(&pcs->hdev, pcsd, entry);
 1253                 cuse_server_unlock(pcs);
 1254 
 1255                 break;
 1256 
 1257         case CUSE_IOCTL_DESTROY_DEV:
 1258 
 1259                 error = priv_check(curthread, PRIV_DRIVER);
 1260                 if (error)
 1261                         break;
 1262 
 1263                 cuse_server_lock(pcs);
 1264 
 1265                 error = EINVAL;
 1266 
 1267                 pcsd = TAILQ_FIRST(&pcs->hdev);
 1268                 while (pcsd != NULL) {
 1269                         if (pcsd->user_dev == *(struct cuse_dev **)data) {
 1270                                 TAILQ_REMOVE(&pcs->hdev, pcsd, entry);
 1271                                 cuse_server_unlock(pcs);
 1272                                 cuse_server_free_dev(pcsd);
 1273                                 cuse_server_lock(pcs);
 1274                                 error = 0;
 1275                                 pcsd = TAILQ_FIRST(&pcs->hdev);
 1276                         } else {
 1277                                 pcsd = TAILQ_NEXT(pcsd, entry);
 1278                         }
 1279                 }
 1280 
 1281                 cuse_server_unlock(pcs);
 1282                 break;
 1283 
 1284         case CUSE_IOCTL_WRITE_DATA:
 1285         case CUSE_IOCTL_READ_DATA:
 1286 
 1287                 cuse_server_lock(pcs);
 1288                 pchk = (struct cuse_data_chunk *)data;
 1289 
 1290                 pccmd = cuse_server_find_command(pcs, curthread);
 1291 
 1292                 if (pccmd == NULL) {
 1293                         error = ENXIO;  /* invalid request */
 1294                 } else if (pchk->peer_ptr < CUSE_BUF_MIN_PTR) {
 1295                         error = EFAULT; /* NULL pointer */
 1296                 } else if (pchk->peer_ptr < CUSE_BUF_MAX_PTR) {
 1297                         error = cuse_server_ioctl_copy_locked(pcs, pccmd,
 1298                             pchk, cmd == CUSE_IOCTL_READ_DATA);
 1299                 } else {
 1300                         error = cuse_server_data_copy_locked(pcs, pccmd,
 1301                             pchk, cmd == CUSE_IOCTL_READ_DATA);
 1302                 }
 1303                 cuse_server_unlock(pcs);
 1304                 break;
 1305 
 1306         case CUSE_IOCTL_SELWAKEUP:
 1307                 cuse_server_lock(pcs);
 1308                 /*
 1309                  * We don't know which direction caused the event.
 1310                  * Wakeup both!
 1311                  */
 1312                 cuse_server_wakeup_all_client_locked(pcs);
 1313                 cuse_server_unlock(pcs);
 1314                 break;
 1315 
 1316         default:
 1317                 error = ENXIO;
 1318                 break;
 1319         }
 1320         return (error);
 1321 }
 1322 
 1323 static int
 1324 cuse_server_poll(struct cdev *dev, int events, struct thread *td)
 1325 {
 1326         return (events & (POLLHUP | POLLPRI | POLLIN |
 1327             POLLRDNORM | POLLOUT | POLLWRNORM));
 1328 }
 1329 
 1330 static int
 1331 cuse_server_mmap_single(struct cdev *dev, vm_ooffset_t *offset,
 1332     vm_size_t size, struct vm_object **object, int nprot)
 1333 {
 1334         uint32_t page_nr = *offset / PAGE_SIZE;
 1335         uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX;
 1336         struct cuse_memory *mem;
 1337         struct cuse_server *pcs;
 1338         int error;
 1339 
 1340         error = cuse_server_get(&pcs);
 1341         if (error != 0)
 1342                 return (error);
 1343 
 1344         cuse_server_lock(pcs);
 1345         /* lookup memory structure */
 1346         TAILQ_FOREACH(mem, &pcs->hmem, entry) {
 1347                 if (mem->alloc_nr == alloc_nr)
 1348                         break;
 1349         }
 1350         if (mem == NULL) {
 1351                 cuse_server_unlock(pcs);
 1352                 return (ENOMEM);
 1353         }
 1354         /* verify page offset */
 1355         page_nr %= CUSE_ALLOC_PAGES_MAX;
 1356         if (page_nr >= mem->page_count) {
 1357                 cuse_server_unlock(pcs);
 1358                 return (ENXIO);
 1359         }
 1360         /* verify mmap size */
 1361         if ((size % PAGE_SIZE) != 0 || (size < PAGE_SIZE) ||
 1362             (size > ((mem->page_count - page_nr) * PAGE_SIZE))) {
 1363                 cuse_server_unlock(pcs);
 1364                 return (EINVAL);
 1365         }
 1366         vm_object_reference(mem->object);
 1367         *object = mem->object;
 1368         cuse_server_unlock(pcs);
 1369 
 1370         /* set new VM object offset to use */
 1371         *offset = page_nr * PAGE_SIZE;
 1372 
 1373         /* success */
 1374         return (0);
 1375 }
 1376 
 1377 /*------------------------------------------------------------------------*
 1378  *      CUSE CLIENT PART
 1379  *------------------------------------------------------------------------*/
 1380 static void
 1381 cuse_client_free(void *arg)
 1382 {
 1383         struct cuse_client *pcc = arg;
 1384         struct cuse_client_command *pccmd;
 1385         struct cuse_server *pcs;
 1386         int n;
 1387 
 1388         pcs = pcc->server;
 1389 
 1390         cuse_server_lock(pcs);
 1391         cuse_client_is_closing(pcc);
 1392         TAILQ_REMOVE(&pcs->hcli, pcc, entry);
 1393         cuse_server_unlock(pcs);
 1394 
 1395         for (n = 0; n != CUSE_CMD_MAX; n++) {
 1396 
 1397                 pccmd = &pcc->cmds[n];
 1398 
 1399                 sx_destroy(&pccmd->sx);
 1400                 cv_destroy(&pccmd->cv);
 1401         }
 1402 
 1403         free(pcc, M_CUSE);
 1404 
 1405         /* drop reference on server */
 1406         cuse_server_unref(pcs);
 1407 }
 1408 
 1409 static int
 1410 cuse_client_open(struct cdev *dev, int fflags, int devtype, struct thread *td)
 1411 {
 1412         struct cuse_client_command *pccmd;
 1413         struct cuse_server_dev *pcsd;
 1414         struct cuse_client *pcc;
 1415         struct cuse_server *pcs;
 1416         struct cuse_dev *pcd;
 1417         int error;
 1418         int n;
 1419 
 1420         pcsd = dev->si_drv1;
 1421         if (pcsd != NULL) {
 1422                 pcs = pcsd->server;
 1423                 pcd = pcsd->user_dev;
 1424 
 1425                 cuse_server_lock(pcs);
 1426                 /*
 1427                  * Check that the refcount didn't wrap and that the
 1428                  * same process is not both client and server. This
 1429                  * can easily lead to deadlocks when destroying the
 1430                  * CUSE character device nodes:
 1431                  */
 1432                 pcs->refs++;
 1433                 if (pcs->refs < 0 || pcs->pid == curproc->p_pid) {
 1434                         /* overflow or wrong PID */
 1435                         pcs->refs--;
 1436                         cuse_server_unlock(pcs);
 1437                         return (EINVAL);
 1438                 }
 1439                 cuse_server_unlock(pcs);
 1440         } else {
 1441                 return (EINVAL);
 1442         }
 1443 
 1444         pcc = malloc(sizeof(*pcc), M_CUSE, M_WAITOK | M_ZERO);
 1445         if (devfs_set_cdevpriv(pcc, &cuse_client_free)) {
 1446                 printf("Cuse: Cannot set cdevpriv.\n");
 1447                 /* drop reference on server */
 1448                 cuse_server_unref(pcs);
 1449                 free(pcc, M_CUSE);
 1450                 return (ENOMEM);
 1451         }
 1452         pcc->fflags = fflags;
 1453         pcc->server_dev = pcsd;
 1454         pcc->server = pcs;
 1455 
 1456         for (n = 0; n != CUSE_CMD_MAX; n++) {
 1457 
 1458                 pccmd = &pcc->cmds[n];
 1459 
 1460                 pccmd->sub.dev = pcd;
 1461                 pccmd->sub.command = n;
 1462                 pccmd->client = pcc;
 1463 
 1464                 sx_init(&pccmd->sx, "cuse-client-sx");
 1465                 cv_init(&pccmd->cv, "cuse-client-cv");
 1466         }
 1467 
 1468         cuse_server_lock(pcs);
 1469 
 1470         /* cuse_client_free() assumes that the client is listed somewhere! */
 1471         /* always enqueue */
 1472 
 1473         TAILQ_INSERT_TAIL(&pcs->hcli, pcc, entry);
 1474 
 1475         /* check if server is closing */
 1476         if ((pcs->is_closing != 0) || (dev->si_drv1 == NULL)) {
 1477                 error = EINVAL;
 1478         } else {
 1479                 error = 0;
 1480         }
 1481         cuse_server_unlock(pcs);
 1482 
 1483         if (error) {
 1484                 devfs_clear_cdevpriv(); /* XXX bugfix */
 1485                 return (error);
 1486         }
 1487         pccmd = &pcc->cmds[CUSE_CMD_OPEN];
 1488 
 1489         cuse_cmd_lock(pccmd);
 1490 
 1491         cuse_server_lock(pcs);
 1492         cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0);
 1493 
 1494         error = cuse_client_receive_command_locked(pccmd, 0, 0);
 1495         cuse_server_unlock(pcs);
 1496 
 1497         if (error < 0) {
 1498                 error = cuse_convert_error(error);
 1499         } else {
 1500                 error = 0;
 1501         }
 1502 
 1503         cuse_cmd_unlock(pccmd);
 1504 
 1505         if (error)
 1506                 devfs_clear_cdevpriv(); /* XXX bugfix */
 1507 
 1508         return (error);
 1509 }
 1510 
 1511 static int
 1512 cuse_client_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
 1513 {
 1514         struct cuse_client_command *pccmd;
 1515         struct cuse_client *pcc;
 1516         struct cuse_server *pcs;
 1517         int error;
 1518 
 1519         error = cuse_client_get(&pcc);
 1520         if (error != 0)
 1521                 return (0);
 1522 
 1523         pccmd = &pcc->cmds[CUSE_CMD_CLOSE];
 1524         pcs = pcc->server;
 1525 
 1526         cuse_cmd_lock(pccmd);
 1527 
 1528         cuse_server_lock(pcs);
 1529         cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0);
 1530 
 1531         error = cuse_client_receive_command_locked(pccmd, 0, 0);
 1532         cuse_cmd_unlock(pccmd);
 1533 
 1534         cuse_client_is_closing(pcc);
 1535         cuse_server_unlock(pcs);
 1536 
 1537         return (0);
 1538 }
 1539 
 1540 static void
 1541 cuse_client_kqfilter_poll(struct cdev *dev, struct cuse_client *pcc)
 1542 {
 1543         struct cuse_server *pcs = pcc->server;
 1544         int temp;
 1545 
 1546         cuse_server_lock(pcs);
 1547         temp = (pcc->cflags & (CUSE_CLI_KNOTE_HAS_READ |
 1548             CUSE_CLI_KNOTE_HAS_WRITE));
 1549         pcc->cflags &= ~(CUSE_CLI_KNOTE_NEED_READ |
 1550             CUSE_CLI_KNOTE_NEED_WRITE);
 1551         cuse_server_unlock(pcs);
 1552 
 1553         if (temp != 0) {
 1554                 /* get the latest polling state from the server */
 1555                 temp = cuse_client_poll(dev, POLLIN | POLLOUT, NULL);
 1556 
 1557                 if (temp & (POLLIN | POLLOUT)) {
 1558                         cuse_server_lock(pcs);
 1559                         if (temp & POLLIN)
 1560                                 pcc->cflags |= CUSE_CLI_KNOTE_NEED_READ;
 1561                         if (temp & POLLOUT)
 1562                                 pcc->cflags |= CUSE_CLI_KNOTE_NEED_WRITE;
 1563 
 1564                         /* make sure the "knote" gets woken up */
 1565                         cuse_server_wakeup_locked(pcc->server);
 1566                         cuse_server_unlock(pcs);
 1567                 }
 1568         }
 1569 }
 1570 
 1571 static int
 1572 cuse_client_read(struct cdev *dev, struct uio *uio, int ioflag)
 1573 {
 1574         struct cuse_client_command *pccmd;
 1575         struct cuse_client *pcc;
 1576         struct cuse_server *pcs;
 1577         int error;
 1578         int len;
 1579 
 1580         error = cuse_client_get(&pcc);
 1581         if (error != 0)
 1582                 return (error);
 1583 
 1584         pccmd = &pcc->cmds[CUSE_CMD_READ];
 1585         pcs = pcc->server;
 1586 
 1587         if (uio->uio_segflg != UIO_USERSPACE) {
 1588                 return (EINVAL);
 1589         }
 1590         uio->uio_segflg = UIO_NOCOPY;
 1591 
 1592         cuse_cmd_lock(pccmd);
 1593 
 1594         while (uio->uio_resid != 0) {
 1595 
 1596                 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) {
 1597                         error = ENOMEM;
 1598                         break;
 1599                 }
 1600                 len = uio->uio_iov->iov_len;
 1601 
 1602                 cuse_server_lock(pcs);
 1603                 cuse_client_send_command_locked(pccmd,
 1604                     (uintptr_t)uio->uio_iov->iov_base,
 1605                     (unsigned long)(unsigned int)len, pcc->fflags, ioflag);
 1606 
 1607                 error = cuse_client_receive_command_locked(pccmd, 0, 0);
 1608                 cuse_server_unlock(pcs);
 1609 
 1610                 if (error < 0) {
 1611                         error = cuse_convert_error(error);
 1612                         break;
 1613                 } else if (error == len) {
 1614                         error = uiomove(NULL, error, uio);
 1615                         if (error)
 1616                                 break;
 1617                 } else {
 1618                         error = uiomove(NULL, error, uio);
 1619                         break;
 1620                 }
 1621         }
 1622         cuse_cmd_unlock(pccmd);
 1623 
 1624         uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */
 1625 
 1626         if (error == EWOULDBLOCK)
 1627                 cuse_client_kqfilter_poll(dev, pcc);
 1628 
 1629         return (error);
 1630 }
 1631 
 1632 static int
 1633 cuse_client_write(struct cdev *dev, struct uio *uio, int ioflag)
 1634 {
 1635         struct cuse_client_command *pccmd;
 1636         struct cuse_client *pcc;
 1637         struct cuse_server *pcs;
 1638         int error;
 1639         int len;
 1640 
 1641         error = cuse_client_get(&pcc);
 1642         if (error != 0)
 1643                 return (error);
 1644 
 1645         pccmd = &pcc->cmds[CUSE_CMD_WRITE];
 1646         pcs = pcc->server;
 1647 
 1648         if (uio->uio_segflg != UIO_USERSPACE) {
 1649                 return (EINVAL);
 1650         }
 1651         uio->uio_segflg = UIO_NOCOPY;
 1652 
 1653         cuse_cmd_lock(pccmd);
 1654 
 1655         while (uio->uio_resid != 0) {
 1656 
 1657                 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) {
 1658                         error = ENOMEM;
 1659                         break;
 1660                 }
 1661                 len = uio->uio_iov->iov_len;
 1662 
 1663                 cuse_server_lock(pcs);
 1664                 cuse_client_send_command_locked(pccmd,
 1665                     (uintptr_t)uio->uio_iov->iov_base,
 1666                     (unsigned long)(unsigned int)len, pcc->fflags, ioflag);
 1667 
 1668                 error = cuse_client_receive_command_locked(pccmd, 0, 0);
 1669                 cuse_server_unlock(pcs);
 1670 
 1671                 if (error < 0) {
 1672                         error = cuse_convert_error(error);
 1673                         break;
 1674                 } else if (error == len) {
 1675                         error = uiomove(NULL, error, uio);
 1676                         if (error)
 1677                                 break;
 1678                 } else {
 1679                         error = uiomove(NULL, error, uio);
 1680                         break;
 1681                 }
 1682         }
 1683         cuse_cmd_unlock(pccmd);
 1684 
 1685         uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */
 1686 
 1687         if (error == EWOULDBLOCK)
 1688                 cuse_client_kqfilter_poll(dev, pcc);
 1689 
 1690         return (error);
 1691 }
 1692 
 1693 int
 1694 cuse_client_ioctl(struct cdev *dev, unsigned long cmd,
 1695     caddr_t data, int fflag, struct thread *td)
 1696 {
 1697         struct cuse_client_command *pccmd;
 1698         struct cuse_client *pcc;
 1699         struct cuse_server *pcs;
 1700         int error;
 1701         int len;
 1702 
 1703         error = cuse_client_get(&pcc);
 1704         if (error != 0)
 1705                 return (error);
 1706 
 1707         len = IOCPARM_LEN(cmd);
 1708         if (len > CUSE_BUFFER_MAX)
 1709                 return (ENOMEM);
 1710 
 1711         pccmd = &pcc->cmds[CUSE_CMD_IOCTL];
 1712         pcs = pcc->server;
 1713 
 1714         cuse_cmd_lock(pccmd);
 1715 
 1716         if (cmd & (IOC_IN | IOC_VOID))
 1717                 memcpy(pcc->ioctl_buffer, data, len);
 1718 
 1719         /*
 1720          * When the ioctl-length is zero drivers can pass information
 1721          * through the data pointer of the ioctl. Make sure this information
 1722          * is forwarded to the driver.
 1723          */
 1724 
 1725         cuse_server_lock(pcs);
 1726         cuse_client_send_command_locked(pccmd,
 1727             (len == 0) ? *(long *)data : CUSE_BUF_MIN_PTR,
 1728             (unsigned long)cmd, pcc->fflags,
 1729             (fflag & O_NONBLOCK) ? IO_NDELAY : 0);
 1730 
 1731         error = cuse_client_receive_command_locked(pccmd, data, len);
 1732         cuse_server_unlock(pcs);
 1733 
 1734         if (error < 0) {
 1735                 error = cuse_convert_error(error);
 1736         } else {
 1737                 error = 0;
 1738         }
 1739 
 1740         if (cmd & IOC_OUT)
 1741                 memcpy(data, pcc->ioctl_buffer, len);
 1742 
 1743         cuse_cmd_unlock(pccmd);
 1744 
 1745         if (error == EWOULDBLOCK)
 1746                 cuse_client_kqfilter_poll(dev, pcc);
 1747 
 1748         return (error);
 1749 }
 1750 
 1751 static int
 1752 cuse_client_poll(struct cdev *dev, int events, struct thread *td)
 1753 {
 1754         struct cuse_client_command *pccmd;
 1755         struct cuse_client *pcc;
 1756         struct cuse_server *pcs;
 1757         unsigned long temp;
 1758         int error;
 1759         int revents;
 1760 
 1761         error = cuse_client_get(&pcc);
 1762         if (error != 0)
 1763                 goto pollnval;
 1764 
 1765         temp = 0;
 1766         pcs = pcc->server;
 1767 
 1768         if (events & (POLLPRI | POLLIN | POLLRDNORM))
 1769                 temp |= CUSE_POLL_READ;
 1770 
 1771         if (events & (POLLOUT | POLLWRNORM))
 1772                 temp |= CUSE_POLL_WRITE;
 1773 
 1774         if (events & POLLHUP)
 1775                 temp |= CUSE_POLL_ERROR;
 1776 
 1777         pccmd = &pcc->cmds[CUSE_CMD_POLL];
 1778 
 1779         cuse_cmd_lock(pccmd);
 1780 
 1781         /* Need to selrecord() first to not loose any events. */
 1782         if (temp != 0 && td != NULL)
 1783                 selrecord(td, &pcs->selinfo);
 1784 
 1785         cuse_server_lock(pcs);
 1786         cuse_client_send_command_locked(pccmd,
 1787             0, temp, pcc->fflags, IO_NDELAY);
 1788 
 1789         error = cuse_client_receive_command_locked(pccmd, 0, 0);
 1790         cuse_server_unlock(pcs);
 1791 
 1792         cuse_cmd_unlock(pccmd);
 1793 
 1794         if (error < 0) {
 1795                 goto pollnval;
 1796         } else {
 1797                 revents = 0;
 1798                 if (error & CUSE_POLL_READ)
 1799                         revents |= (events & (POLLPRI | POLLIN | POLLRDNORM));
 1800                 if (error & CUSE_POLL_WRITE)
 1801                         revents |= (events & (POLLOUT | POLLWRNORM));
 1802                 if (error & CUSE_POLL_ERROR)
 1803                         revents |= (events & POLLHUP);
 1804         }
 1805         return (revents);
 1806 
 1807 pollnval:
 1808         /* XXX many clients don't understand POLLNVAL */
 1809         return (events & (POLLHUP | POLLPRI | POLLIN |
 1810             POLLRDNORM | POLLOUT | POLLWRNORM));
 1811 }
 1812 
 1813 static int
 1814 cuse_client_mmap_single(struct cdev *dev, vm_ooffset_t *offset,
 1815     vm_size_t size, struct vm_object **object, int nprot)
 1816 {
 1817         uint32_t page_nr = *offset / PAGE_SIZE;
 1818         uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX;
 1819         struct cuse_memory *mem;
 1820         struct cuse_client *pcc;
 1821         struct cuse_server *pcs;
 1822         int error;
 1823 
 1824         error = cuse_client_get(&pcc);
 1825         if (error != 0)
 1826                 return (error);
 1827 
 1828         pcs = pcc->server;
 1829 
 1830         cuse_server_lock(pcs);
 1831         /* lookup memory structure */
 1832         TAILQ_FOREACH(mem, &pcs->hmem, entry) {
 1833                 if (mem->alloc_nr == alloc_nr)
 1834                         break;
 1835         }
 1836         if (mem == NULL) {
 1837                 cuse_server_unlock(pcs);
 1838                 return (ENOMEM);
 1839         }
 1840         /* verify page offset */
 1841         page_nr %= CUSE_ALLOC_PAGES_MAX;
 1842         if (page_nr >= mem->page_count) {
 1843                 cuse_server_unlock(pcs);
 1844                 return (ENXIO);
 1845         }
 1846         /* verify mmap size */
 1847         if ((size % PAGE_SIZE) != 0 || (size < PAGE_SIZE) ||
 1848             (size > ((mem->page_count - page_nr) * PAGE_SIZE))) {
 1849                 cuse_server_unlock(pcs);
 1850                 return (EINVAL);
 1851         }
 1852         vm_object_reference(mem->object);
 1853         *object = mem->object;
 1854         cuse_server_unlock(pcs);
 1855 
 1856         /* set new VM object offset to use */
 1857         *offset = page_nr * PAGE_SIZE;
 1858 
 1859         /* success */
 1860         return (0);
 1861 }
 1862 
 1863 static void
 1864 cuse_client_kqfilter_read_detach(struct knote *kn)
 1865 {
 1866         struct cuse_client *pcc;
 1867         struct cuse_server *pcs;
 1868 
 1869         pcc = kn->kn_hook;
 1870         pcs = pcc->server;
 1871 
 1872         cuse_server_lock(pcs);
 1873         knlist_remove(&pcs->selinfo.si_note, kn, 1);
 1874         cuse_server_unlock(pcs);
 1875 }
 1876 
 1877 static void
 1878 cuse_client_kqfilter_write_detach(struct knote *kn)
 1879 {
 1880         struct cuse_client *pcc;
 1881         struct cuse_server *pcs;
 1882 
 1883         pcc = kn->kn_hook;
 1884         pcs = pcc->server;
 1885 
 1886         cuse_server_lock(pcs);
 1887         knlist_remove(&pcs->selinfo.si_note, kn, 1);
 1888         cuse_server_unlock(pcs);
 1889 }
 1890 
 1891 static int
 1892 cuse_client_kqfilter_read_event(struct knote *kn, long hint)
 1893 {
 1894         struct cuse_client *pcc;
 1895 
 1896         pcc = kn->kn_hook;
 1897 
 1898         mtx_assert(&pcc->server->mtx, MA_OWNED);
 1899 
 1900         return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_READ) ? 1 : 0);
 1901 }
 1902 
 1903 static int
 1904 cuse_client_kqfilter_write_event(struct knote *kn, long hint)
 1905 {
 1906         struct cuse_client *pcc;
 1907 
 1908         pcc = kn->kn_hook;
 1909 
 1910         mtx_assert(&pcc->server->mtx, MA_OWNED);
 1911 
 1912         return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_WRITE) ? 1 : 0);
 1913 }
 1914 
 1915 static int
 1916 cuse_client_kqfilter(struct cdev *dev, struct knote *kn)
 1917 {
 1918         struct cuse_client *pcc;
 1919         struct cuse_server *pcs;
 1920         int error;
 1921 
 1922         error = cuse_client_get(&pcc);
 1923         if (error != 0)
 1924                 return (error);
 1925 
 1926         pcs = pcc->server;
 1927 
 1928         cuse_server_lock(pcs);
 1929         switch (kn->kn_filter) {
 1930         case EVFILT_READ:
 1931                 pcc->cflags |= CUSE_CLI_KNOTE_HAS_READ;
 1932                 kn->kn_hook = pcc;
 1933                 kn->kn_fop = &cuse_client_kqfilter_read_ops;
 1934                 knlist_add(&pcs->selinfo.si_note, kn, 1);
 1935                 break;
 1936         case EVFILT_WRITE:
 1937                 pcc->cflags |= CUSE_CLI_KNOTE_HAS_WRITE;
 1938                 kn->kn_hook = pcc;
 1939                 kn->kn_fop = &cuse_client_kqfilter_write_ops;
 1940                 knlist_add(&pcs->selinfo.si_note, kn, 1);
 1941                 break;
 1942         default:
 1943                 error = EINVAL;
 1944                 break;
 1945         }
 1946         cuse_server_unlock(pcs);
 1947 
 1948         if (error == 0)
 1949                 cuse_client_kqfilter_poll(dev, pcc);
 1950         return (error);
 1951 }

Cache object: 93c9fb8a910285242b5278a66aac6a1d


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.