FreeBSD/Linux Kernel Cross Reference
sys/fs/cuse/cuse.c
1 /* $FreeBSD$ */
2 /*-
3 * Copyright (c) 2010-2020 Hans Petter Selasky. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27 #include "opt_compat.h"
28
29 #include <sys/stdint.h>
30 #include <sys/stddef.h>
31 #include <sys/param.h>
32 #include <sys/types.h>
33 #include <sys/systm.h>
34 #include <sys/conf.h>
35 #include <sys/kernel.h>
36 #include <sys/bus.h>
37 #include <sys/linker_set.h>
38 #include <sys/module.h>
39 #include <sys/lock.h>
40 #include <sys/mutex.h>
41 #include <sys/condvar.h>
42 #include <sys/sysctl.h>
43 #include <sys/unistd.h>
44 #include <sys/malloc.h>
45 #include <sys/priv.h>
46 #include <sys/uio.h>
47 #include <sys/poll.h>
48 #include <sys/sx.h>
49 #include <sys/rwlock.h>
50 #include <sys/queue.h>
51 #include <sys/fcntl.h>
52 #include <sys/proc.h>
53 #include <sys/vnode.h>
54 #include <sys/selinfo.h>
55 #include <sys/ptrace.h>
56 #include <sys/sysent.h>
57
58 #include <machine/bus.h>
59
60 #include <vm/vm.h>
61 #include <vm/pmap.h>
62 #include <vm/vm_object.h>
63 #include <vm/vm_page.h>
64 #include <vm/vm_pager.h>
65
66 #include <fs/cuse/cuse_defs.h>
67 #include <fs/cuse/cuse_ioctl.h>
68
69 static int
70 cuse_modevent(module_t mod, int type, void *data)
71 {
72 switch (type) {
73 case MOD_LOAD:
74 case MOD_UNLOAD:
75 return (0);
76 default:
77 return (EOPNOTSUPP);
78 }
79 }
80
81 static moduledata_t cuse_mod = {
82 .name = "cuse",
83 .evhand = &cuse_modevent,
84 };
85
86 DECLARE_MODULE(cuse, cuse_mod, SI_SUB_DEVFS, SI_ORDER_FIRST);
87 MODULE_VERSION(cuse, 1);
88
89 /*
90 * Prevent cuse4bsd.ko and cuse.ko from loading at the same time by
91 * declaring support for the cuse4bsd interface in cuse.ko:
92 */
93 MODULE_VERSION(cuse4bsd, 1);
94
95 #ifdef FEATURE
96 FEATURE(cuse, "Userspace character devices");
97 #endif
98
99 struct cuse_command;
100 struct cuse_server;
101 struct cuse_client;
102
103 struct cuse_client_command {
104 TAILQ_ENTRY(cuse_client_command) entry;
105 struct cuse_command sub;
106 struct sx sx;
107 struct cv cv;
108 struct thread *entered;
109 struct cuse_client *client;
110 struct proc *proc_curr;
111 int proc_refs;
112 int got_signal;
113 int error;
114 int command;
115 };
116
117 struct cuse_memory {
118 TAILQ_ENTRY(cuse_memory) entry;
119 vm_object_t object;
120 uint32_t page_count;
121 uint32_t alloc_nr;
122 };
123
124 struct cuse_server_dev {
125 TAILQ_ENTRY(cuse_server_dev) entry;
126 struct cuse_server *server;
127 struct cdev *kern_dev;
128 struct cuse_dev *user_dev;
129 };
130
131 struct cuse_server {
132 TAILQ_ENTRY(cuse_server) entry;
133 TAILQ_HEAD(, cuse_client_command) head;
134 TAILQ_HEAD(, cuse_server_dev) hdev;
135 TAILQ_HEAD(, cuse_client) hcli;
136 TAILQ_HEAD(, cuse_memory) hmem;
137 struct mtx mtx;
138 struct cv cv;
139 struct selinfo selinfo;
140 pid_t pid;
141 int is_closing;
142 int refs;
143 };
144
145 struct cuse_client {
146 TAILQ_ENTRY(cuse_client) entry;
147 TAILQ_ENTRY(cuse_client) entry_ref;
148 struct cuse_client_command cmds[CUSE_CMD_MAX];
149 struct cuse_server *server;
150 struct cuse_server_dev *server_dev;
151
152 uint8_t ioctl_buffer[CUSE_BUFFER_MAX] __aligned(4);
153
154 int fflags; /* file flags */
155 int cflags; /* client flags */
156 #define CUSE_CLI_IS_CLOSING 0x01
157 #define CUSE_CLI_KNOTE_NEED_READ 0x02
158 #define CUSE_CLI_KNOTE_NEED_WRITE 0x04
159 #define CUSE_CLI_KNOTE_HAS_READ 0x08
160 #define CUSE_CLI_KNOTE_HAS_WRITE 0x10
161 };
162
163 #define CUSE_CLIENT_CLOSING(pcc) \
164 ((pcc)->cflags & CUSE_CLI_IS_CLOSING)
165
166 static MALLOC_DEFINE(M_CUSE, "cuse", "CUSE memory");
167
168 static TAILQ_HEAD(, cuse_server) cuse_server_head;
169 static struct mtx cuse_global_mtx;
170 static struct cdev *cuse_dev;
171 static struct cuse_server *cuse_alloc_unit[CUSE_DEVICES_MAX];
172 static int cuse_alloc_unit_id[CUSE_DEVICES_MAX];
173
174 static void cuse_server_wakeup_all_client_locked(struct cuse_server *pcs);
175 static void cuse_client_kqfilter_read_detach(struct knote *kn);
176 static void cuse_client_kqfilter_write_detach(struct knote *kn);
177 static int cuse_client_kqfilter_read_event(struct knote *kn, long hint);
178 static int cuse_client_kqfilter_write_event(struct knote *kn, long hint);
179
180 static struct filterops cuse_client_kqfilter_read_ops = {
181 .f_isfd = 1,
182 .f_detach = cuse_client_kqfilter_read_detach,
183 .f_event = cuse_client_kqfilter_read_event,
184 };
185
186 static struct filterops cuse_client_kqfilter_write_ops = {
187 .f_isfd = 1,
188 .f_detach = cuse_client_kqfilter_write_detach,
189 .f_event = cuse_client_kqfilter_write_event,
190 };
191
192 static d_open_t cuse_client_open;
193 static d_close_t cuse_client_close;
194 static d_ioctl_t cuse_client_ioctl;
195 static d_read_t cuse_client_read;
196 static d_write_t cuse_client_write;
197 static d_poll_t cuse_client_poll;
198 static d_mmap_single_t cuse_client_mmap_single;
199 static d_kqfilter_t cuse_client_kqfilter;
200
201 static struct cdevsw cuse_client_devsw = {
202 .d_version = D_VERSION,
203 .d_open = cuse_client_open,
204 .d_close = cuse_client_close,
205 .d_ioctl = cuse_client_ioctl,
206 .d_name = "cuse_client",
207 .d_flags = D_TRACKCLOSE,
208 .d_read = cuse_client_read,
209 .d_write = cuse_client_write,
210 .d_poll = cuse_client_poll,
211 .d_mmap_single = cuse_client_mmap_single,
212 .d_kqfilter = cuse_client_kqfilter,
213 };
214
215 static d_open_t cuse_server_open;
216 static d_close_t cuse_server_close;
217 static d_ioctl_t cuse_server_ioctl;
218 static d_read_t cuse_server_read;
219 static d_write_t cuse_server_write;
220 static d_poll_t cuse_server_poll;
221 static d_mmap_single_t cuse_server_mmap_single;
222
223 static struct cdevsw cuse_server_devsw = {
224 .d_version = D_VERSION,
225 .d_open = cuse_server_open,
226 .d_close = cuse_server_close,
227 .d_ioctl = cuse_server_ioctl,
228 .d_name = "cuse_server",
229 .d_flags = D_TRACKCLOSE,
230 .d_read = cuse_server_read,
231 .d_write = cuse_server_write,
232 .d_poll = cuse_server_poll,
233 .d_mmap_single = cuse_server_mmap_single,
234 };
235
236 static void cuse_client_is_closing(struct cuse_client *);
237 static int cuse_free_unit_by_id_locked(struct cuse_server *, int);
238
239 static void
240 cuse_global_lock(void)
241 {
242 mtx_lock(&cuse_global_mtx);
243 }
244
245 static void
246 cuse_global_unlock(void)
247 {
248 mtx_unlock(&cuse_global_mtx);
249 }
250
251 static void
252 cuse_server_lock(struct cuse_server *pcs)
253 {
254 mtx_lock(&pcs->mtx);
255 }
256
257 static void
258 cuse_server_unlock(struct cuse_server *pcs)
259 {
260 mtx_unlock(&pcs->mtx);
261 }
262
263 static void
264 cuse_cmd_lock(struct cuse_client_command *pccmd)
265 {
266 sx_xlock(&pccmd->sx);
267 }
268
269 static void
270 cuse_cmd_unlock(struct cuse_client_command *pccmd)
271 {
272 sx_xunlock(&pccmd->sx);
273 }
274
275 static void
276 cuse_kern_init(void *arg)
277 {
278 TAILQ_INIT(&cuse_server_head);
279
280 mtx_init(&cuse_global_mtx, "cuse-global-mtx", NULL, MTX_DEF);
281
282 cuse_dev = make_dev(&cuse_server_devsw, 0,
283 UID_ROOT, GID_OPERATOR, 0600, "cuse");
284
285 printf("Cuse v%d.%d.%d @ /dev/cuse\n",
286 (CUSE_VERSION >> 16) & 0xFF, (CUSE_VERSION >> 8) & 0xFF,
287 (CUSE_VERSION >> 0) & 0xFF);
288 }
289 SYSINIT(cuse_kern_init, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_init, NULL);
290
291 static void
292 cuse_kern_uninit(void *arg)
293 {
294 void *ptr;
295
296 while (1) {
297
298 printf("Cuse: Please exit all /dev/cuse instances "
299 "and processes which have used this device.\n");
300
301 pause("DRAIN", 2 * hz);
302
303 cuse_global_lock();
304 ptr = TAILQ_FIRST(&cuse_server_head);
305 cuse_global_unlock();
306
307 if (ptr == NULL)
308 break;
309 }
310
311 if (cuse_dev != NULL)
312 destroy_dev(cuse_dev);
313
314 mtx_destroy(&cuse_global_mtx);
315 }
316 SYSUNINIT(cuse_kern_uninit, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_uninit, 0);
317
318 static int
319 cuse_server_get(struct cuse_server **ppcs)
320 {
321 struct cuse_server *pcs;
322 int error;
323
324 error = devfs_get_cdevpriv((void **)&pcs);
325 if (error != 0) {
326 *ppcs = NULL;
327 return (error);
328 }
329 if (pcs->is_closing) {
330 *ppcs = NULL;
331 return (EINVAL);
332 }
333 *ppcs = pcs;
334 return (0);
335 }
336
337 static void
338 cuse_server_is_closing(struct cuse_server *pcs)
339 {
340 struct cuse_client *pcc;
341
342 if (pcs->is_closing)
343 return;
344
345 pcs->is_closing = 1;
346
347 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
348 cuse_client_is_closing(pcc);
349 }
350 }
351
352 static struct cuse_client_command *
353 cuse_server_find_command(struct cuse_server *pcs, struct thread *td)
354 {
355 struct cuse_client *pcc;
356 int n;
357
358 if (pcs->is_closing)
359 goto done;
360
361 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
362 if (CUSE_CLIENT_CLOSING(pcc))
363 continue;
364 for (n = 0; n != CUSE_CMD_MAX; n++) {
365 if (pcc->cmds[n].entered == td)
366 return (&pcc->cmds[n]);
367 }
368 }
369 done:
370 return (NULL);
371 }
372
373 static void
374 cuse_str_filter(char *ptr)
375 {
376 int c;
377
378 while (((c = *ptr) != 0)) {
379
380 if ((c >= 'a') && (c <= 'z')) {
381 ptr++;
382 continue;
383 }
384 if ((c >= 'A') && (c <= 'Z')) {
385 ptr++;
386 continue;
387 }
388 if ((c >= '') && (c <= '9')) {
389 ptr++;
390 continue;
391 }
392 if ((c == '.') || (c == '_') || (c == '/')) {
393 ptr++;
394 continue;
395 }
396 *ptr = '_';
397
398 ptr++;
399 }
400 }
401
402 static int
403 cuse_convert_error(int error)
404 {
405 ; /* indent fix */
406 switch (error) {
407 case CUSE_ERR_NONE:
408 return (0);
409 case CUSE_ERR_BUSY:
410 return (EBUSY);
411 case CUSE_ERR_WOULDBLOCK:
412 return (EWOULDBLOCK);
413 case CUSE_ERR_INVALID:
414 return (EINVAL);
415 case CUSE_ERR_NO_MEMORY:
416 return (ENOMEM);
417 case CUSE_ERR_FAULT:
418 return (EFAULT);
419 case CUSE_ERR_SIGNAL:
420 return (EINTR);
421 case CUSE_ERR_NO_DEVICE:
422 return (ENODEV);
423 default:
424 return (ENXIO);
425 }
426 }
427
428 static void
429 cuse_vm_memory_free(struct cuse_memory *mem)
430 {
431 /* last user is gone - free */
432 vm_object_deallocate(mem->object);
433
434 /* free CUSE memory */
435 free(mem, M_CUSE);
436 }
437
438 static int
439 cuse_server_alloc_memory(struct cuse_server *pcs, uint32_t alloc_nr,
440 uint32_t page_count)
441 {
442 struct cuse_memory *temp;
443 struct cuse_memory *mem;
444 vm_object_t object;
445 int error;
446
447 mem = malloc(sizeof(*mem), M_CUSE, M_WAITOK | M_ZERO);
448
449 object = vm_pager_allocate(OBJT_SWAP, NULL, PAGE_SIZE * page_count,
450 VM_PROT_DEFAULT, 0, curthread->td_ucred);
451 if (object == NULL) {
452 error = ENOMEM;
453 goto error_0;
454 }
455
456 cuse_server_lock(pcs);
457 /* check if allocation number already exists */
458 TAILQ_FOREACH(temp, &pcs->hmem, entry) {
459 if (temp->alloc_nr == alloc_nr)
460 break;
461 }
462 if (temp != NULL) {
463 cuse_server_unlock(pcs);
464 error = EBUSY;
465 goto error_1;
466 }
467 mem->object = object;
468 mem->page_count = page_count;
469 mem->alloc_nr = alloc_nr;
470 TAILQ_INSERT_TAIL(&pcs->hmem, mem, entry);
471 cuse_server_unlock(pcs);
472
473 return (0);
474
475 error_1:
476 vm_object_deallocate(object);
477 error_0:
478 free(mem, M_CUSE);
479 return (error);
480 }
481
482 static int
483 cuse_server_free_memory(struct cuse_server *pcs, uint32_t alloc_nr)
484 {
485 struct cuse_memory *mem;
486
487 cuse_server_lock(pcs);
488 TAILQ_FOREACH(mem, &pcs->hmem, entry) {
489 if (mem->alloc_nr == alloc_nr)
490 break;
491 }
492 if (mem == NULL) {
493 cuse_server_unlock(pcs);
494 return (EINVAL);
495 }
496 TAILQ_REMOVE(&pcs->hmem, mem, entry);
497 cuse_server_unlock(pcs);
498
499 cuse_vm_memory_free(mem);
500
501 return (0);
502 }
503
504 static int
505 cuse_client_get(struct cuse_client **ppcc)
506 {
507 struct cuse_client *pcc;
508 int error;
509
510 /* try to get private data */
511 error = devfs_get_cdevpriv((void **)&pcc);
512 if (error != 0) {
513 *ppcc = NULL;
514 return (error);
515 }
516 if (CUSE_CLIENT_CLOSING(pcc) || pcc->server->is_closing) {
517 *ppcc = NULL;
518 return (EINVAL);
519 }
520 *ppcc = pcc;
521 return (0);
522 }
523
524 static void
525 cuse_client_is_closing(struct cuse_client *pcc)
526 {
527 struct cuse_client_command *pccmd;
528 uint32_t n;
529
530 if (CUSE_CLIENT_CLOSING(pcc))
531 return;
532
533 pcc->cflags |= CUSE_CLI_IS_CLOSING;
534 pcc->server_dev = NULL;
535
536 for (n = 0; n != CUSE_CMD_MAX; n++) {
537
538 pccmd = &pcc->cmds[n];
539
540 if (pccmd->entry.tqe_prev != NULL) {
541 TAILQ_REMOVE(&pcc->server->head, pccmd, entry);
542 pccmd->entry.tqe_prev = NULL;
543 }
544 cv_broadcast(&pccmd->cv);
545 }
546 }
547
548 static void
549 cuse_client_send_command_locked(struct cuse_client_command *pccmd,
550 uintptr_t data_ptr, unsigned long arg, int fflags, int ioflag)
551 {
552 unsigned long cuse_fflags = 0;
553 struct cuse_server *pcs;
554
555 if (fflags & FREAD)
556 cuse_fflags |= CUSE_FFLAG_READ;
557
558 if (fflags & FWRITE)
559 cuse_fflags |= CUSE_FFLAG_WRITE;
560
561 if (ioflag & IO_NDELAY)
562 cuse_fflags |= CUSE_FFLAG_NONBLOCK;
563 #if defined(__LP64__)
564 if (SV_CURPROC_FLAG(SV_ILP32))
565 cuse_fflags |= CUSE_FFLAG_COMPAT32;
566 #endif
567 pccmd->sub.fflags = cuse_fflags;
568 pccmd->sub.data_pointer = data_ptr;
569 pccmd->sub.argument = arg;
570
571 pcs = pccmd->client->server;
572
573 if ((pccmd->entry.tqe_prev == NULL) &&
574 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) &&
575 (pcs->is_closing == 0)) {
576 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry);
577 cv_signal(&pcs->cv);
578 }
579 }
580
581 static void
582 cuse_client_got_signal(struct cuse_client_command *pccmd)
583 {
584 struct cuse_server *pcs;
585
586 pccmd->got_signal = 1;
587
588 pccmd = &pccmd->client->cmds[CUSE_CMD_SIGNAL];
589
590 pcs = pccmd->client->server;
591
592 if ((pccmd->entry.tqe_prev == NULL) &&
593 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) &&
594 (pcs->is_closing == 0)) {
595 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry);
596 cv_signal(&pcs->cv);
597 }
598 }
599
600 static int
601 cuse_client_receive_command_locked(struct cuse_client_command *pccmd,
602 uint8_t *arg_ptr, uint32_t arg_len)
603 {
604 struct cuse_server *pcs;
605 int error;
606
607 pcs = pccmd->client->server;
608 error = 0;
609
610 pccmd->proc_curr = curthread->td_proc;
611
612 if (CUSE_CLIENT_CLOSING(pccmd->client) || pcs->is_closing) {
613 error = CUSE_ERR_OTHER;
614 goto done;
615 }
616 while (pccmd->command == CUSE_CMD_NONE) {
617 if (error != 0) {
618 cv_wait(&pccmd->cv, &pcs->mtx);
619 } else {
620 error = cv_wait_sig(&pccmd->cv, &pcs->mtx);
621
622 if (error != 0)
623 cuse_client_got_signal(pccmd);
624 }
625 if (CUSE_CLIENT_CLOSING(pccmd->client) || pcs->is_closing) {
626 error = CUSE_ERR_OTHER;
627 goto done;
628 }
629 }
630
631 error = pccmd->error;
632 pccmd->command = CUSE_CMD_NONE;
633 cv_signal(&pccmd->cv);
634
635 done:
636
637 /* wait until all process references are gone */
638
639 pccmd->proc_curr = NULL;
640
641 while (pccmd->proc_refs != 0)
642 cv_wait(&pccmd->cv, &pcs->mtx);
643
644 return (error);
645 }
646
647 /*------------------------------------------------------------------------*
648 * CUSE SERVER PART
649 *------------------------------------------------------------------------*/
650
651 static void
652 cuse_server_free_dev(struct cuse_server_dev *pcsd)
653 {
654 struct cuse_server *pcs;
655 struct cuse_client *pcc;
656
657 /* get server pointer */
658 pcs = pcsd->server;
659
660 /* prevent creation of more devices */
661 cuse_server_lock(pcs);
662 if (pcsd->kern_dev != NULL)
663 pcsd->kern_dev->si_drv1 = NULL;
664
665 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
666 if (pcc->server_dev == pcsd)
667 cuse_client_is_closing(pcc);
668 }
669 cuse_server_unlock(pcs);
670
671 /* destroy device, if any */
672 if (pcsd->kern_dev != NULL) {
673 /* destroy device synchronously */
674 destroy_dev(pcsd->kern_dev);
675 }
676 free(pcsd, M_CUSE);
677 }
678
679 static void
680 cuse_server_unref(struct cuse_server *pcs)
681 {
682 struct cuse_server_dev *pcsd;
683 struct cuse_memory *mem;
684
685 cuse_server_lock(pcs);
686 if (--(pcs->refs) != 0) {
687 cuse_server_unlock(pcs);
688 return;
689 }
690 cuse_server_is_closing(pcs);
691 /* final client wakeup, if any */
692 cuse_server_wakeup_all_client_locked(pcs);
693
694 cuse_global_lock();
695 TAILQ_REMOVE(&cuse_server_head, pcs, entry);
696 cuse_global_unlock();
697
698 while ((pcsd = TAILQ_FIRST(&pcs->hdev)) != NULL) {
699 TAILQ_REMOVE(&pcs->hdev, pcsd, entry);
700 cuse_server_unlock(pcs);
701 cuse_server_free_dev(pcsd);
702 cuse_server_lock(pcs);
703 }
704
705 cuse_free_unit_by_id_locked(pcs, -1);
706
707 while ((mem = TAILQ_FIRST(&pcs->hmem)) != NULL) {
708 TAILQ_REMOVE(&pcs->hmem, mem, entry);
709 cuse_server_unlock(pcs);
710 cuse_vm_memory_free(mem);
711 cuse_server_lock(pcs);
712 }
713
714 knlist_clear(&pcs->selinfo.si_note, 1);
715 knlist_destroy(&pcs->selinfo.si_note);
716
717 cuse_server_unlock(pcs);
718
719 seldrain(&pcs->selinfo);
720
721 cv_destroy(&pcs->cv);
722
723 mtx_destroy(&pcs->mtx);
724
725 free(pcs, M_CUSE);
726 }
727
728 static int
729 cuse_server_do_close(struct cuse_server *pcs)
730 {
731 int retval;
732
733 cuse_server_lock(pcs);
734 cuse_server_is_closing(pcs);
735 /* final client wakeup, if any */
736 cuse_server_wakeup_all_client_locked(pcs);
737
738 knlist_clear(&pcs->selinfo.si_note, 1);
739
740 retval = pcs->refs;
741 cuse_server_unlock(pcs);
742
743 return (retval);
744 }
745
746 static void
747 cuse_server_free(void *arg)
748 {
749 struct cuse_server *pcs = arg;
750
751 /*
752 * The final server unref should be done by the server thread
753 * to prevent deadlock in the client cdevpriv destructor,
754 * which cannot destroy itself.
755 */
756 while (cuse_server_do_close(pcs) != 1)
757 pause("W", hz);
758
759 /* drop final refcount */
760 cuse_server_unref(pcs);
761 }
762
763 static int
764 cuse_server_open(struct cdev *dev, int fflags, int devtype, struct thread *td)
765 {
766 struct cuse_server *pcs;
767
768 pcs = malloc(sizeof(*pcs), M_CUSE, M_WAITOK | M_ZERO);
769
770 if (devfs_set_cdevpriv(pcs, &cuse_server_free)) {
771 printf("Cuse: Cannot set cdevpriv.\n");
772 free(pcs, M_CUSE);
773 return (ENOMEM);
774 }
775 /* store current process ID */
776 pcs->pid = curproc->p_pid;
777
778 TAILQ_INIT(&pcs->head);
779 TAILQ_INIT(&pcs->hdev);
780 TAILQ_INIT(&pcs->hcli);
781 TAILQ_INIT(&pcs->hmem);
782
783 cv_init(&pcs->cv, "cuse-server-cv");
784
785 mtx_init(&pcs->mtx, "cuse-server-mtx", NULL, MTX_DEF);
786
787 knlist_init_mtx(&pcs->selinfo.si_note, &pcs->mtx);
788
789 cuse_global_lock();
790 pcs->refs++;
791 TAILQ_INSERT_TAIL(&cuse_server_head, pcs, entry);
792 cuse_global_unlock();
793
794 return (0);
795 }
796
797 static int
798 cuse_server_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
799 {
800 struct cuse_server *pcs;
801
802 if (cuse_server_get(&pcs) == 0)
803 cuse_server_do_close(pcs);
804
805 return (0);
806 }
807
808 static int
809 cuse_server_read(struct cdev *dev, struct uio *uio, int ioflag)
810 {
811 return (ENXIO);
812 }
813
814 static int
815 cuse_server_write(struct cdev *dev, struct uio *uio, int ioflag)
816 {
817 return (ENXIO);
818 }
819
820 static int
821 cuse_server_ioctl_copy_locked(struct cuse_server *pcs,
822 struct cuse_client_command *pccmd,
823 struct cuse_data_chunk *pchk, int isread)
824 {
825 struct proc *p_proc;
826 uint32_t offset;
827 int error;
828
829 offset = pchk->peer_ptr - CUSE_BUF_MIN_PTR;
830
831 if (pchk->length > CUSE_BUFFER_MAX)
832 return (EFAULT);
833
834 if (offset >= CUSE_BUFFER_MAX)
835 return (EFAULT);
836
837 if ((offset + pchk->length) > CUSE_BUFFER_MAX)
838 return (EFAULT);
839
840 p_proc = pccmd->proc_curr;
841 if (p_proc == NULL)
842 return (ENXIO);
843
844 if (pccmd->proc_refs < 0)
845 return (ENOMEM);
846
847 pccmd->proc_refs++;
848
849 cuse_server_unlock(pcs);
850
851 if (isread == 0) {
852 error = copyin(
853 (void *)pchk->local_ptr,
854 pccmd->client->ioctl_buffer + offset,
855 pchk->length);
856 } else {
857 error = copyout(
858 pccmd->client->ioctl_buffer + offset,
859 (void *)pchk->local_ptr,
860 pchk->length);
861 }
862
863 cuse_server_lock(pcs);
864
865 pccmd->proc_refs--;
866
867 if (pccmd->proc_curr == NULL)
868 cv_signal(&pccmd->cv);
869
870 return (error);
871 }
872
873 static int
874 cuse_proc2proc_copy(struct proc *proc_s, vm_offset_t data_s,
875 struct proc *proc_d, vm_offset_t data_d, size_t len)
876 {
877 struct thread *td;
878 struct proc *proc_cur;
879 int error;
880
881 td = curthread;
882 proc_cur = td->td_proc;
883
884 if (proc_cur == proc_d) {
885 struct iovec iov = {
886 .iov_base = (caddr_t)data_d,
887 .iov_len = len,
888 };
889 struct uio uio = {
890 .uio_iov = &iov,
891 .uio_iovcnt = 1,
892 .uio_offset = (off_t)data_s,
893 .uio_resid = len,
894 .uio_segflg = UIO_USERSPACE,
895 .uio_rw = UIO_READ,
896 .uio_td = td,
897 };
898
899 PHOLD(proc_s);
900 error = proc_rwmem(proc_s, &uio);
901 PRELE(proc_s);
902
903 } else if (proc_cur == proc_s) {
904 struct iovec iov = {
905 .iov_base = (caddr_t)data_s,
906 .iov_len = len,
907 };
908 struct uio uio = {
909 .uio_iov = &iov,
910 .uio_iovcnt = 1,
911 .uio_offset = (off_t)data_d,
912 .uio_resid = len,
913 .uio_segflg = UIO_USERSPACE,
914 .uio_rw = UIO_WRITE,
915 .uio_td = td,
916 };
917
918 PHOLD(proc_d);
919 error = proc_rwmem(proc_d, &uio);
920 PRELE(proc_d);
921 } else {
922 error = EINVAL;
923 }
924 return (error);
925 }
926
927 static int
928 cuse_server_data_copy_locked(struct cuse_server *pcs,
929 struct cuse_client_command *pccmd,
930 struct cuse_data_chunk *pchk, int isread)
931 {
932 struct proc *p_proc;
933 int error;
934
935 p_proc = pccmd->proc_curr;
936 if (p_proc == NULL)
937 return (ENXIO);
938
939 if (pccmd->proc_refs < 0)
940 return (ENOMEM);
941
942 pccmd->proc_refs++;
943
944 cuse_server_unlock(pcs);
945
946 if (isread == 0) {
947 error = cuse_proc2proc_copy(
948 curthread->td_proc, pchk->local_ptr,
949 p_proc, pchk->peer_ptr,
950 pchk->length);
951 } else {
952 error = cuse_proc2proc_copy(
953 p_proc, pchk->peer_ptr,
954 curthread->td_proc, pchk->local_ptr,
955 pchk->length);
956 }
957
958 cuse_server_lock(pcs);
959
960 pccmd->proc_refs--;
961
962 if (pccmd->proc_curr == NULL)
963 cv_signal(&pccmd->cv);
964
965 return (error);
966 }
967
968 static int
969 cuse_alloc_unit_by_id_locked(struct cuse_server *pcs, int id)
970 {
971 int n;
972 int x = 0;
973 int match;
974
975 do {
976 for (match = n = 0; n != CUSE_DEVICES_MAX; n++) {
977 if (cuse_alloc_unit[n] != NULL) {
978 if ((cuse_alloc_unit_id[n] ^ id) & CUSE_ID_MASK)
979 continue;
980 if ((cuse_alloc_unit_id[n] & ~CUSE_ID_MASK) == x) {
981 x++;
982 match = 1;
983 }
984 }
985 }
986 } while (match);
987
988 if (x < 256) {
989 for (n = 0; n != CUSE_DEVICES_MAX; n++) {
990 if (cuse_alloc_unit[n] == NULL) {
991 cuse_alloc_unit[n] = pcs;
992 cuse_alloc_unit_id[n] = id | x;
993 return (x);
994 }
995 }
996 }
997 return (-1);
998 }
999
1000 static void
1001 cuse_server_wakeup_locked(struct cuse_server *pcs)
1002 {
1003 selwakeup(&pcs->selinfo);
1004 KNOTE_LOCKED(&pcs->selinfo.si_note, 0);
1005 }
1006
1007 static void
1008 cuse_server_wakeup_all_client_locked(struct cuse_server *pcs)
1009 {
1010 struct cuse_client *pcc;
1011
1012 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
1013 pcc->cflags |= (CUSE_CLI_KNOTE_NEED_READ |
1014 CUSE_CLI_KNOTE_NEED_WRITE);
1015 }
1016 cuse_server_wakeup_locked(pcs);
1017 }
1018
1019 static int
1020 cuse_free_unit_by_id_locked(struct cuse_server *pcs, int id)
1021 {
1022 int n;
1023 int found = 0;
1024
1025 for (n = 0; n != CUSE_DEVICES_MAX; n++) {
1026 if (cuse_alloc_unit[n] == pcs) {
1027 if (cuse_alloc_unit_id[n] == id || id == -1) {
1028 cuse_alloc_unit[n] = NULL;
1029 cuse_alloc_unit_id[n] = 0;
1030 found = 1;
1031 }
1032 }
1033 }
1034
1035 return (found ? 0 : EINVAL);
1036 }
1037
1038 static int
1039 cuse_server_ioctl(struct cdev *dev, unsigned long cmd,
1040 caddr_t data, int fflag, struct thread *td)
1041 {
1042 struct cuse_server *pcs;
1043 int error;
1044
1045 error = cuse_server_get(&pcs);
1046 if (error != 0)
1047 return (error);
1048
1049 switch (cmd) {
1050 struct cuse_client_command *pccmd;
1051 struct cuse_client *pcc;
1052 struct cuse_command *pcmd;
1053 struct cuse_alloc_info *pai;
1054 struct cuse_create_dev *pcd;
1055 struct cuse_server_dev *pcsd;
1056 struct cuse_data_chunk *pchk;
1057 int n;
1058
1059 case CUSE_IOCTL_GET_COMMAND:
1060 pcmd = (void *)data;
1061
1062 cuse_server_lock(pcs);
1063
1064 while ((pccmd = TAILQ_FIRST(&pcs->head)) == NULL) {
1065 error = cv_wait_sig(&pcs->cv, &pcs->mtx);
1066
1067 if (pcs->is_closing)
1068 error = ENXIO;
1069
1070 if (error) {
1071 cuse_server_unlock(pcs);
1072 return (error);
1073 }
1074 }
1075
1076 TAILQ_REMOVE(&pcs->head, pccmd, entry);
1077 pccmd->entry.tqe_prev = NULL;
1078
1079 pccmd->entered = curthread;
1080
1081 *pcmd = pccmd->sub;
1082
1083 cuse_server_unlock(pcs);
1084
1085 break;
1086
1087 case CUSE_IOCTL_SYNC_COMMAND:
1088
1089 cuse_server_lock(pcs);
1090 while ((pccmd = cuse_server_find_command(pcs, curthread)) != NULL) {
1091
1092 /* send sync command */
1093 pccmd->entered = NULL;
1094 pccmd->error = *(int *)data;
1095 pccmd->command = CUSE_CMD_SYNC;
1096
1097 /* signal peer, if any */
1098 cv_signal(&pccmd->cv);
1099 }
1100 cuse_server_unlock(pcs);
1101
1102 break;
1103
1104 case CUSE_IOCTL_ALLOC_UNIT:
1105
1106 cuse_server_lock(pcs);
1107 n = cuse_alloc_unit_by_id_locked(pcs,
1108 CUSE_ID_DEFAULT(0));
1109 cuse_server_unlock(pcs);
1110
1111 if (n < 0)
1112 error = ENOMEM;
1113 else
1114 *(int *)data = n;
1115 break;
1116
1117 case CUSE_IOCTL_ALLOC_UNIT_BY_ID:
1118
1119 n = *(int *)data;
1120
1121 n = (n & CUSE_ID_MASK);
1122
1123 cuse_server_lock(pcs);
1124 n = cuse_alloc_unit_by_id_locked(pcs, n);
1125 cuse_server_unlock(pcs);
1126
1127 if (n < 0)
1128 error = ENOMEM;
1129 else
1130 *(int *)data = n;
1131 break;
1132
1133 case CUSE_IOCTL_FREE_UNIT:
1134
1135 n = *(int *)data;
1136
1137 n = CUSE_ID_DEFAULT(n);
1138
1139 cuse_server_lock(pcs);
1140 error = cuse_free_unit_by_id_locked(pcs, n);
1141 cuse_server_unlock(pcs);
1142 break;
1143
1144 case CUSE_IOCTL_FREE_UNIT_BY_ID:
1145
1146 n = *(int *)data;
1147
1148 cuse_server_lock(pcs);
1149 error = cuse_free_unit_by_id_locked(pcs, n);
1150 cuse_server_unlock(pcs);
1151 break;
1152
1153 case CUSE_IOCTL_ALLOC_MEMORY:
1154
1155 pai = (void *)data;
1156
1157 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) {
1158 error = ENOMEM;
1159 break;
1160 }
1161 if (pai->page_count >= CUSE_ALLOC_PAGES_MAX) {
1162 error = ENOMEM;
1163 break;
1164 }
1165 error = cuse_server_alloc_memory(pcs,
1166 pai->alloc_nr, pai->page_count);
1167 break;
1168
1169 case CUSE_IOCTL_FREE_MEMORY:
1170 pai = (void *)data;
1171
1172 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) {
1173 error = ENOMEM;
1174 break;
1175 }
1176 error = cuse_server_free_memory(pcs, pai->alloc_nr);
1177 break;
1178
1179 case CUSE_IOCTL_GET_SIG:
1180
1181 cuse_server_lock(pcs);
1182 pccmd = cuse_server_find_command(pcs, curthread);
1183
1184 if (pccmd != NULL) {
1185 n = pccmd->got_signal;
1186 pccmd->got_signal = 0;
1187 } else {
1188 n = 0;
1189 }
1190 cuse_server_unlock(pcs);
1191
1192 *(int *)data = n;
1193
1194 break;
1195
1196 case CUSE_IOCTL_SET_PFH:
1197
1198 cuse_server_lock(pcs);
1199 pccmd = cuse_server_find_command(pcs, curthread);
1200
1201 if (pccmd != NULL) {
1202 pcc = pccmd->client;
1203 for (n = 0; n != CUSE_CMD_MAX; n++) {
1204 pcc->cmds[n].sub.per_file_handle = *(uintptr_t *)data;
1205 }
1206 } else {
1207 error = ENXIO;
1208 }
1209 cuse_server_unlock(pcs);
1210 break;
1211
1212 case CUSE_IOCTL_CREATE_DEV:
1213
1214 error = priv_check(curthread, PRIV_DRIVER);
1215 if (error)
1216 break;
1217
1218 pcd = (void *)data;
1219
1220 /* filter input */
1221
1222 pcd->devname[sizeof(pcd->devname) - 1] = 0;
1223
1224 if (pcd->devname[0] == 0) {
1225 error = EINVAL;
1226 break;
1227 }
1228 cuse_str_filter(pcd->devname);
1229
1230 pcd->permissions &= 0777;
1231
1232 /* try to allocate a character device */
1233
1234 pcsd = malloc(sizeof(*pcsd), M_CUSE, M_WAITOK | M_ZERO);
1235
1236 pcsd->server = pcs;
1237
1238 pcsd->user_dev = pcd->dev;
1239
1240 pcsd->kern_dev = make_dev_credf(MAKEDEV_CHECKNAME,
1241 &cuse_client_devsw, 0, NULL, pcd->user_id, pcd->group_id,
1242 pcd->permissions, "%s", pcd->devname);
1243
1244 if (pcsd->kern_dev == NULL) {
1245 free(pcsd, M_CUSE);
1246 error = ENOMEM;
1247 break;
1248 }
1249 pcsd->kern_dev->si_drv1 = pcsd;
1250
1251 cuse_server_lock(pcs);
1252 TAILQ_INSERT_TAIL(&pcs->hdev, pcsd, entry);
1253 cuse_server_unlock(pcs);
1254
1255 break;
1256
1257 case CUSE_IOCTL_DESTROY_DEV:
1258
1259 error = priv_check(curthread, PRIV_DRIVER);
1260 if (error)
1261 break;
1262
1263 cuse_server_lock(pcs);
1264
1265 error = EINVAL;
1266
1267 pcsd = TAILQ_FIRST(&pcs->hdev);
1268 while (pcsd != NULL) {
1269 if (pcsd->user_dev == *(struct cuse_dev **)data) {
1270 TAILQ_REMOVE(&pcs->hdev, pcsd, entry);
1271 cuse_server_unlock(pcs);
1272 cuse_server_free_dev(pcsd);
1273 cuse_server_lock(pcs);
1274 error = 0;
1275 pcsd = TAILQ_FIRST(&pcs->hdev);
1276 } else {
1277 pcsd = TAILQ_NEXT(pcsd, entry);
1278 }
1279 }
1280
1281 cuse_server_unlock(pcs);
1282 break;
1283
1284 case CUSE_IOCTL_WRITE_DATA:
1285 case CUSE_IOCTL_READ_DATA:
1286
1287 cuse_server_lock(pcs);
1288 pchk = (struct cuse_data_chunk *)data;
1289
1290 pccmd = cuse_server_find_command(pcs, curthread);
1291
1292 if (pccmd == NULL) {
1293 error = ENXIO; /* invalid request */
1294 } else if (pchk->peer_ptr < CUSE_BUF_MIN_PTR) {
1295 error = EFAULT; /* NULL pointer */
1296 } else if (pchk->peer_ptr < CUSE_BUF_MAX_PTR) {
1297 error = cuse_server_ioctl_copy_locked(pcs, pccmd,
1298 pchk, cmd == CUSE_IOCTL_READ_DATA);
1299 } else {
1300 error = cuse_server_data_copy_locked(pcs, pccmd,
1301 pchk, cmd == CUSE_IOCTL_READ_DATA);
1302 }
1303 cuse_server_unlock(pcs);
1304 break;
1305
1306 case CUSE_IOCTL_SELWAKEUP:
1307 cuse_server_lock(pcs);
1308 /*
1309 * We don't know which direction caused the event.
1310 * Wakeup both!
1311 */
1312 cuse_server_wakeup_all_client_locked(pcs);
1313 cuse_server_unlock(pcs);
1314 break;
1315
1316 default:
1317 error = ENXIO;
1318 break;
1319 }
1320 return (error);
1321 }
1322
1323 static int
1324 cuse_server_poll(struct cdev *dev, int events, struct thread *td)
1325 {
1326 return (events & (POLLHUP | POLLPRI | POLLIN |
1327 POLLRDNORM | POLLOUT | POLLWRNORM));
1328 }
1329
1330 static int
1331 cuse_server_mmap_single(struct cdev *dev, vm_ooffset_t *offset,
1332 vm_size_t size, struct vm_object **object, int nprot)
1333 {
1334 uint32_t page_nr = *offset / PAGE_SIZE;
1335 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX;
1336 struct cuse_memory *mem;
1337 struct cuse_server *pcs;
1338 int error;
1339
1340 error = cuse_server_get(&pcs);
1341 if (error != 0)
1342 return (error);
1343
1344 cuse_server_lock(pcs);
1345 /* lookup memory structure */
1346 TAILQ_FOREACH(mem, &pcs->hmem, entry) {
1347 if (mem->alloc_nr == alloc_nr)
1348 break;
1349 }
1350 if (mem == NULL) {
1351 cuse_server_unlock(pcs);
1352 return (ENOMEM);
1353 }
1354 /* verify page offset */
1355 page_nr %= CUSE_ALLOC_PAGES_MAX;
1356 if (page_nr >= mem->page_count) {
1357 cuse_server_unlock(pcs);
1358 return (ENXIO);
1359 }
1360 /* verify mmap size */
1361 if ((size % PAGE_SIZE) != 0 || (size < PAGE_SIZE) ||
1362 (size > ((mem->page_count - page_nr) * PAGE_SIZE))) {
1363 cuse_server_unlock(pcs);
1364 return (EINVAL);
1365 }
1366 vm_object_reference(mem->object);
1367 *object = mem->object;
1368 cuse_server_unlock(pcs);
1369
1370 /* set new VM object offset to use */
1371 *offset = page_nr * PAGE_SIZE;
1372
1373 /* success */
1374 return (0);
1375 }
1376
1377 /*------------------------------------------------------------------------*
1378 * CUSE CLIENT PART
1379 *------------------------------------------------------------------------*/
1380 static void
1381 cuse_client_free(void *arg)
1382 {
1383 struct cuse_client *pcc = arg;
1384 struct cuse_client_command *pccmd;
1385 struct cuse_server *pcs;
1386 int n;
1387
1388 pcs = pcc->server;
1389
1390 cuse_server_lock(pcs);
1391 cuse_client_is_closing(pcc);
1392 TAILQ_REMOVE(&pcs->hcli, pcc, entry);
1393 cuse_server_unlock(pcs);
1394
1395 for (n = 0; n != CUSE_CMD_MAX; n++) {
1396
1397 pccmd = &pcc->cmds[n];
1398
1399 sx_destroy(&pccmd->sx);
1400 cv_destroy(&pccmd->cv);
1401 }
1402
1403 free(pcc, M_CUSE);
1404
1405 /* drop reference on server */
1406 cuse_server_unref(pcs);
1407 }
1408
1409 static int
1410 cuse_client_open(struct cdev *dev, int fflags, int devtype, struct thread *td)
1411 {
1412 struct cuse_client_command *pccmd;
1413 struct cuse_server_dev *pcsd;
1414 struct cuse_client *pcc;
1415 struct cuse_server *pcs;
1416 struct cuse_dev *pcd;
1417 int error;
1418 int n;
1419
1420 pcsd = dev->si_drv1;
1421 if (pcsd != NULL) {
1422 pcs = pcsd->server;
1423 pcd = pcsd->user_dev;
1424
1425 cuse_server_lock(pcs);
1426 /*
1427 * Check that the refcount didn't wrap and that the
1428 * same process is not both client and server. This
1429 * can easily lead to deadlocks when destroying the
1430 * CUSE character device nodes:
1431 */
1432 pcs->refs++;
1433 if (pcs->refs < 0 || pcs->pid == curproc->p_pid) {
1434 /* overflow or wrong PID */
1435 pcs->refs--;
1436 cuse_server_unlock(pcs);
1437 return (EINVAL);
1438 }
1439 cuse_server_unlock(pcs);
1440 } else {
1441 return (EINVAL);
1442 }
1443
1444 pcc = malloc(sizeof(*pcc), M_CUSE, M_WAITOK | M_ZERO);
1445 if (devfs_set_cdevpriv(pcc, &cuse_client_free)) {
1446 printf("Cuse: Cannot set cdevpriv.\n");
1447 /* drop reference on server */
1448 cuse_server_unref(pcs);
1449 free(pcc, M_CUSE);
1450 return (ENOMEM);
1451 }
1452 pcc->fflags = fflags;
1453 pcc->server_dev = pcsd;
1454 pcc->server = pcs;
1455
1456 for (n = 0; n != CUSE_CMD_MAX; n++) {
1457
1458 pccmd = &pcc->cmds[n];
1459
1460 pccmd->sub.dev = pcd;
1461 pccmd->sub.command = n;
1462 pccmd->client = pcc;
1463
1464 sx_init(&pccmd->sx, "cuse-client-sx");
1465 cv_init(&pccmd->cv, "cuse-client-cv");
1466 }
1467
1468 cuse_server_lock(pcs);
1469
1470 /* cuse_client_free() assumes that the client is listed somewhere! */
1471 /* always enqueue */
1472
1473 TAILQ_INSERT_TAIL(&pcs->hcli, pcc, entry);
1474
1475 /* check if server is closing */
1476 if ((pcs->is_closing != 0) || (dev->si_drv1 == NULL)) {
1477 error = EINVAL;
1478 } else {
1479 error = 0;
1480 }
1481 cuse_server_unlock(pcs);
1482
1483 if (error) {
1484 devfs_clear_cdevpriv(); /* XXX bugfix */
1485 return (error);
1486 }
1487 pccmd = &pcc->cmds[CUSE_CMD_OPEN];
1488
1489 cuse_cmd_lock(pccmd);
1490
1491 cuse_server_lock(pcs);
1492 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0);
1493
1494 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1495 cuse_server_unlock(pcs);
1496
1497 if (error < 0) {
1498 error = cuse_convert_error(error);
1499 } else {
1500 error = 0;
1501 }
1502
1503 cuse_cmd_unlock(pccmd);
1504
1505 if (error)
1506 devfs_clear_cdevpriv(); /* XXX bugfix */
1507
1508 return (error);
1509 }
1510
1511 static int
1512 cuse_client_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
1513 {
1514 struct cuse_client_command *pccmd;
1515 struct cuse_client *pcc;
1516 struct cuse_server *pcs;
1517 int error;
1518
1519 error = cuse_client_get(&pcc);
1520 if (error != 0)
1521 return (0);
1522
1523 pccmd = &pcc->cmds[CUSE_CMD_CLOSE];
1524 pcs = pcc->server;
1525
1526 cuse_cmd_lock(pccmd);
1527
1528 cuse_server_lock(pcs);
1529 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0);
1530
1531 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1532 cuse_cmd_unlock(pccmd);
1533
1534 cuse_client_is_closing(pcc);
1535 cuse_server_unlock(pcs);
1536
1537 return (0);
1538 }
1539
1540 static void
1541 cuse_client_kqfilter_poll(struct cdev *dev, struct cuse_client *pcc)
1542 {
1543 struct cuse_server *pcs = pcc->server;
1544 int temp;
1545
1546 cuse_server_lock(pcs);
1547 temp = (pcc->cflags & (CUSE_CLI_KNOTE_HAS_READ |
1548 CUSE_CLI_KNOTE_HAS_WRITE));
1549 pcc->cflags &= ~(CUSE_CLI_KNOTE_NEED_READ |
1550 CUSE_CLI_KNOTE_NEED_WRITE);
1551 cuse_server_unlock(pcs);
1552
1553 if (temp != 0) {
1554 /* get the latest polling state from the server */
1555 temp = cuse_client_poll(dev, POLLIN | POLLOUT, NULL);
1556
1557 if (temp & (POLLIN | POLLOUT)) {
1558 cuse_server_lock(pcs);
1559 if (temp & POLLIN)
1560 pcc->cflags |= CUSE_CLI_KNOTE_NEED_READ;
1561 if (temp & POLLOUT)
1562 pcc->cflags |= CUSE_CLI_KNOTE_NEED_WRITE;
1563
1564 /* make sure the "knote" gets woken up */
1565 cuse_server_wakeup_locked(pcc->server);
1566 cuse_server_unlock(pcs);
1567 }
1568 }
1569 }
1570
1571 static int
1572 cuse_client_read(struct cdev *dev, struct uio *uio, int ioflag)
1573 {
1574 struct cuse_client_command *pccmd;
1575 struct cuse_client *pcc;
1576 struct cuse_server *pcs;
1577 int error;
1578 int len;
1579
1580 error = cuse_client_get(&pcc);
1581 if (error != 0)
1582 return (error);
1583
1584 pccmd = &pcc->cmds[CUSE_CMD_READ];
1585 pcs = pcc->server;
1586
1587 if (uio->uio_segflg != UIO_USERSPACE) {
1588 return (EINVAL);
1589 }
1590 uio->uio_segflg = UIO_NOCOPY;
1591
1592 cuse_cmd_lock(pccmd);
1593
1594 while (uio->uio_resid != 0) {
1595
1596 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) {
1597 error = ENOMEM;
1598 break;
1599 }
1600 len = uio->uio_iov->iov_len;
1601
1602 cuse_server_lock(pcs);
1603 cuse_client_send_command_locked(pccmd,
1604 (uintptr_t)uio->uio_iov->iov_base,
1605 (unsigned long)(unsigned int)len, pcc->fflags, ioflag);
1606
1607 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1608 cuse_server_unlock(pcs);
1609
1610 if (error < 0) {
1611 error = cuse_convert_error(error);
1612 break;
1613 } else if (error == len) {
1614 error = uiomove(NULL, error, uio);
1615 if (error)
1616 break;
1617 } else {
1618 error = uiomove(NULL, error, uio);
1619 break;
1620 }
1621 }
1622 cuse_cmd_unlock(pccmd);
1623
1624 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */
1625
1626 if (error == EWOULDBLOCK)
1627 cuse_client_kqfilter_poll(dev, pcc);
1628
1629 return (error);
1630 }
1631
1632 static int
1633 cuse_client_write(struct cdev *dev, struct uio *uio, int ioflag)
1634 {
1635 struct cuse_client_command *pccmd;
1636 struct cuse_client *pcc;
1637 struct cuse_server *pcs;
1638 int error;
1639 int len;
1640
1641 error = cuse_client_get(&pcc);
1642 if (error != 0)
1643 return (error);
1644
1645 pccmd = &pcc->cmds[CUSE_CMD_WRITE];
1646 pcs = pcc->server;
1647
1648 if (uio->uio_segflg != UIO_USERSPACE) {
1649 return (EINVAL);
1650 }
1651 uio->uio_segflg = UIO_NOCOPY;
1652
1653 cuse_cmd_lock(pccmd);
1654
1655 while (uio->uio_resid != 0) {
1656
1657 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) {
1658 error = ENOMEM;
1659 break;
1660 }
1661 len = uio->uio_iov->iov_len;
1662
1663 cuse_server_lock(pcs);
1664 cuse_client_send_command_locked(pccmd,
1665 (uintptr_t)uio->uio_iov->iov_base,
1666 (unsigned long)(unsigned int)len, pcc->fflags, ioflag);
1667
1668 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1669 cuse_server_unlock(pcs);
1670
1671 if (error < 0) {
1672 error = cuse_convert_error(error);
1673 break;
1674 } else if (error == len) {
1675 error = uiomove(NULL, error, uio);
1676 if (error)
1677 break;
1678 } else {
1679 error = uiomove(NULL, error, uio);
1680 break;
1681 }
1682 }
1683 cuse_cmd_unlock(pccmd);
1684
1685 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */
1686
1687 if (error == EWOULDBLOCK)
1688 cuse_client_kqfilter_poll(dev, pcc);
1689
1690 return (error);
1691 }
1692
1693 int
1694 cuse_client_ioctl(struct cdev *dev, unsigned long cmd,
1695 caddr_t data, int fflag, struct thread *td)
1696 {
1697 struct cuse_client_command *pccmd;
1698 struct cuse_client *pcc;
1699 struct cuse_server *pcs;
1700 int error;
1701 int len;
1702
1703 error = cuse_client_get(&pcc);
1704 if (error != 0)
1705 return (error);
1706
1707 len = IOCPARM_LEN(cmd);
1708 if (len > CUSE_BUFFER_MAX)
1709 return (ENOMEM);
1710
1711 pccmd = &pcc->cmds[CUSE_CMD_IOCTL];
1712 pcs = pcc->server;
1713
1714 cuse_cmd_lock(pccmd);
1715
1716 if (cmd & (IOC_IN | IOC_VOID))
1717 memcpy(pcc->ioctl_buffer, data, len);
1718
1719 /*
1720 * When the ioctl-length is zero drivers can pass information
1721 * through the data pointer of the ioctl. Make sure this information
1722 * is forwarded to the driver.
1723 */
1724
1725 cuse_server_lock(pcs);
1726 cuse_client_send_command_locked(pccmd,
1727 (len == 0) ? *(long *)data : CUSE_BUF_MIN_PTR,
1728 (unsigned long)cmd, pcc->fflags,
1729 (fflag & O_NONBLOCK) ? IO_NDELAY : 0);
1730
1731 error = cuse_client_receive_command_locked(pccmd, data, len);
1732 cuse_server_unlock(pcs);
1733
1734 if (error < 0) {
1735 error = cuse_convert_error(error);
1736 } else {
1737 error = 0;
1738 }
1739
1740 if (cmd & IOC_OUT)
1741 memcpy(data, pcc->ioctl_buffer, len);
1742
1743 cuse_cmd_unlock(pccmd);
1744
1745 if (error == EWOULDBLOCK)
1746 cuse_client_kqfilter_poll(dev, pcc);
1747
1748 return (error);
1749 }
1750
1751 static int
1752 cuse_client_poll(struct cdev *dev, int events, struct thread *td)
1753 {
1754 struct cuse_client_command *pccmd;
1755 struct cuse_client *pcc;
1756 struct cuse_server *pcs;
1757 unsigned long temp;
1758 int error;
1759 int revents;
1760
1761 error = cuse_client_get(&pcc);
1762 if (error != 0)
1763 goto pollnval;
1764
1765 temp = 0;
1766 pcs = pcc->server;
1767
1768 if (events & (POLLPRI | POLLIN | POLLRDNORM))
1769 temp |= CUSE_POLL_READ;
1770
1771 if (events & (POLLOUT | POLLWRNORM))
1772 temp |= CUSE_POLL_WRITE;
1773
1774 if (events & POLLHUP)
1775 temp |= CUSE_POLL_ERROR;
1776
1777 pccmd = &pcc->cmds[CUSE_CMD_POLL];
1778
1779 cuse_cmd_lock(pccmd);
1780
1781 /* Need to selrecord() first to not loose any events. */
1782 if (temp != 0 && td != NULL)
1783 selrecord(td, &pcs->selinfo);
1784
1785 cuse_server_lock(pcs);
1786 cuse_client_send_command_locked(pccmd,
1787 0, temp, pcc->fflags, IO_NDELAY);
1788
1789 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1790 cuse_server_unlock(pcs);
1791
1792 cuse_cmd_unlock(pccmd);
1793
1794 if (error < 0) {
1795 goto pollnval;
1796 } else {
1797 revents = 0;
1798 if (error & CUSE_POLL_READ)
1799 revents |= (events & (POLLPRI | POLLIN | POLLRDNORM));
1800 if (error & CUSE_POLL_WRITE)
1801 revents |= (events & (POLLOUT | POLLWRNORM));
1802 if (error & CUSE_POLL_ERROR)
1803 revents |= (events & POLLHUP);
1804 }
1805 return (revents);
1806
1807 pollnval:
1808 /* XXX many clients don't understand POLLNVAL */
1809 return (events & (POLLHUP | POLLPRI | POLLIN |
1810 POLLRDNORM | POLLOUT | POLLWRNORM));
1811 }
1812
1813 static int
1814 cuse_client_mmap_single(struct cdev *dev, vm_ooffset_t *offset,
1815 vm_size_t size, struct vm_object **object, int nprot)
1816 {
1817 uint32_t page_nr = *offset / PAGE_SIZE;
1818 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX;
1819 struct cuse_memory *mem;
1820 struct cuse_client *pcc;
1821 struct cuse_server *pcs;
1822 int error;
1823
1824 error = cuse_client_get(&pcc);
1825 if (error != 0)
1826 return (error);
1827
1828 pcs = pcc->server;
1829
1830 cuse_server_lock(pcs);
1831 /* lookup memory structure */
1832 TAILQ_FOREACH(mem, &pcs->hmem, entry) {
1833 if (mem->alloc_nr == alloc_nr)
1834 break;
1835 }
1836 if (mem == NULL) {
1837 cuse_server_unlock(pcs);
1838 return (ENOMEM);
1839 }
1840 /* verify page offset */
1841 page_nr %= CUSE_ALLOC_PAGES_MAX;
1842 if (page_nr >= mem->page_count) {
1843 cuse_server_unlock(pcs);
1844 return (ENXIO);
1845 }
1846 /* verify mmap size */
1847 if ((size % PAGE_SIZE) != 0 || (size < PAGE_SIZE) ||
1848 (size > ((mem->page_count - page_nr) * PAGE_SIZE))) {
1849 cuse_server_unlock(pcs);
1850 return (EINVAL);
1851 }
1852 vm_object_reference(mem->object);
1853 *object = mem->object;
1854 cuse_server_unlock(pcs);
1855
1856 /* set new VM object offset to use */
1857 *offset = page_nr * PAGE_SIZE;
1858
1859 /* success */
1860 return (0);
1861 }
1862
1863 static void
1864 cuse_client_kqfilter_read_detach(struct knote *kn)
1865 {
1866 struct cuse_client *pcc;
1867 struct cuse_server *pcs;
1868
1869 pcc = kn->kn_hook;
1870 pcs = pcc->server;
1871
1872 cuse_server_lock(pcs);
1873 knlist_remove(&pcs->selinfo.si_note, kn, 1);
1874 cuse_server_unlock(pcs);
1875 }
1876
1877 static void
1878 cuse_client_kqfilter_write_detach(struct knote *kn)
1879 {
1880 struct cuse_client *pcc;
1881 struct cuse_server *pcs;
1882
1883 pcc = kn->kn_hook;
1884 pcs = pcc->server;
1885
1886 cuse_server_lock(pcs);
1887 knlist_remove(&pcs->selinfo.si_note, kn, 1);
1888 cuse_server_unlock(pcs);
1889 }
1890
1891 static int
1892 cuse_client_kqfilter_read_event(struct knote *kn, long hint)
1893 {
1894 struct cuse_client *pcc;
1895
1896 pcc = kn->kn_hook;
1897
1898 mtx_assert(&pcc->server->mtx, MA_OWNED);
1899
1900 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_READ) ? 1 : 0);
1901 }
1902
1903 static int
1904 cuse_client_kqfilter_write_event(struct knote *kn, long hint)
1905 {
1906 struct cuse_client *pcc;
1907
1908 pcc = kn->kn_hook;
1909
1910 mtx_assert(&pcc->server->mtx, MA_OWNED);
1911
1912 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_WRITE) ? 1 : 0);
1913 }
1914
1915 static int
1916 cuse_client_kqfilter(struct cdev *dev, struct knote *kn)
1917 {
1918 struct cuse_client *pcc;
1919 struct cuse_server *pcs;
1920 int error;
1921
1922 error = cuse_client_get(&pcc);
1923 if (error != 0)
1924 return (error);
1925
1926 pcs = pcc->server;
1927
1928 cuse_server_lock(pcs);
1929 switch (kn->kn_filter) {
1930 case EVFILT_READ:
1931 pcc->cflags |= CUSE_CLI_KNOTE_HAS_READ;
1932 kn->kn_hook = pcc;
1933 kn->kn_fop = &cuse_client_kqfilter_read_ops;
1934 knlist_add(&pcs->selinfo.si_note, kn, 1);
1935 break;
1936 case EVFILT_WRITE:
1937 pcc->cflags |= CUSE_CLI_KNOTE_HAS_WRITE;
1938 kn->kn_hook = pcc;
1939 kn->kn_fop = &cuse_client_kqfilter_write_ops;
1940 knlist_add(&pcs->selinfo.si_note, kn, 1);
1941 break;
1942 default:
1943 error = EINVAL;
1944 break;
1945 }
1946 cuse_server_unlock(pcs);
1947
1948 if (error == 0)
1949 cuse_client_kqfilter_poll(dev, pcc);
1950 return (error);
1951 }
Cache object: 93c9fb8a910285242b5278a66aac6a1d
|