3 * Copyright (c) 2010-2017 Hans Petter Selasky. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/stdint.h>
28 #include <sys/stddef.h>
29 #include <sys/param.h>
30 #include <sys/types.h>
31 #include <sys/systm.h>
33 #include <sys/kernel.h>
35 #include <sys/linker_set.h>
36 #include <sys/module.h>
38 #include <sys/mutex.h>
39 #include <sys/condvar.h>
40 #include <sys/sysctl.h>
41 #include <sys/unistd.h>
42 #include <sys/malloc.h>
47 #include <sys/rwlock.h>
48 #include <sys/queue.h>
49 #include <sys/fcntl.h>
51 #include <sys/vnode.h>
52 #include <sys/selinfo.h>
53 #include <sys/ptrace.h>
55 #include <machine/bus.h>
59 #include <vm/vm_object.h>
60 #include <vm/vm_page.h>
61 #include <vm/vm_pager.h>
63 #include <fs/cuse/cuse_defs.h>
64 #include <fs/cuse/cuse_ioctl.h>
66 MODULE_VERSION(cuse, 1);
69 * Prevent cuse4bsd.ko and cuse.ko from loading at the same time by
70 * declaring support for the cuse4bsd interface in cuse.ko:
72 MODULE_VERSION(cuse4bsd, 1);
75 FEATURE(cuse, "Userspace character devices");
82 struct cuse_client_command {
83 TAILQ_ENTRY(cuse_client_command) entry;
84 struct cuse_command sub;
87 struct thread *entered;
88 struct cuse_client *client;
89 struct proc *proc_curr;
97 TAILQ_ENTRY(cuse_memory) entry;
103 struct cuse_server_dev {
104 TAILQ_ENTRY(cuse_server_dev) entry;
105 struct cuse_server *server;
106 struct cdev *kern_dev;
107 struct cuse_dev *user_dev;
111 TAILQ_ENTRY(cuse_server) entry;
112 TAILQ_HEAD(, cuse_client_command) head;
113 TAILQ_HEAD(, cuse_server_dev) hdev;
114 TAILQ_HEAD(, cuse_client) hcli;
115 TAILQ_HEAD(, cuse_memory) hmem;
117 struct selinfo selinfo;
124 TAILQ_ENTRY(cuse_client) entry;
125 TAILQ_ENTRY(cuse_client) entry_ref;
126 struct cuse_client_command cmds[CUSE_CMD_MAX];
127 struct cuse_server *server;
128 struct cuse_server_dev *server_dev;
130 uint8_t ioctl_buffer[CUSE_BUFFER_MAX] __aligned(4);
132 int fflags; /* file flags */
133 int cflags; /* client flags */
134 #define CUSE_CLI_IS_CLOSING 0x01
135 #define CUSE_CLI_KNOTE_NEED_READ 0x02
136 #define CUSE_CLI_KNOTE_NEED_WRITE 0x04
137 #define CUSE_CLI_KNOTE_HAS_READ 0x08
138 #define CUSE_CLI_KNOTE_HAS_WRITE 0x10
141 #define CUSE_CLIENT_CLOSING(pcc) \
142 ((pcc)->cflags & CUSE_CLI_IS_CLOSING)
144 static MALLOC_DEFINE(M_CUSE, "cuse", "CUSE memory");
146 static TAILQ_HEAD(, cuse_server) cuse_server_head;
147 static struct mtx cuse_mtx;
148 static struct cdev *cuse_dev;
149 static struct cuse_server *cuse_alloc_unit[CUSE_DEVICES_MAX];
150 static int cuse_alloc_unit_id[CUSE_DEVICES_MAX];
152 static void cuse_server_wakeup_all_client_locked(struct cuse_server *pcs);
153 static void cuse_client_kqfilter_read_detach(struct knote *kn);
154 static void cuse_client_kqfilter_write_detach(struct knote *kn);
155 static int cuse_client_kqfilter_read_event(struct knote *kn, long hint);
156 static int cuse_client_kqfilter_write_event(struct knote *kn, long hint);
158 static struct filterops cuse_client_kqfilter_read_ops = {
160 .f_detach = cuse_client_kqfilter_read_detach,
161 .f_event = cuse_client_kqfilter_read_event,
164 static struct filterops cuse_client_kqfilter_write_ops = {
166 .f_detach = cuse_client_kqfilter_write_detach,
167 .f_event = cuse_client_kqfilter_write_event,
170 static d_open_t cuse_client_open;
171 static d_close_t cuse_client_close;
172 static d_ioctl_t cuse_client_ioctl;
173 static d_read_t cuse_client_read;
174 static d_write_t cuse_client_write;
175 static d_poll_t cuse_client_poll;
176 static d_mmap_single_t cuse_client_mmap_single;
177 static d_kqfilter_t cuse_client_kqfilter;
179 static struct cdevsw cuse_client_devsw = {
180 .d_version = D_VERSION,
181 .d_open = cuse_client_open,
182 .d_close = cuse_client_close,
183 .d_ioctl = cuse_client_ioctl,
184 .d_name = "cuse_client",
185 .d_flags = D_TRACKCLOSE,
186 .d_read = cuse_client_read,
187 .d_write = cuse_client_write,
188 .d_poll = cuse_client_poll,
189 .d_mmap_single = cuse_client_mmap_single,
190 .d_kqfilter = cuse_client_kqfilter,
193 static d_open_t cuse_server_open;
194 static d_close_t cuse_server_close;
195 static d_ioctl_t cuse_server_ioctl;
196 static d_read_t cuse_server_read;
197 static d_write_t cuse_server_write;
198 static d_poll_t cuse_server_poll;
199 static d_mmap_single_t cuse_server_mmap_single;
201 static struct cdevsw cuse_server_devsw = {
202 .d_version = D_VERSION,
203 .d_open = cuse_server_open,
204 .d_close = cuse_server_close,
205 .d_ioctl = cuse_server_ioctl,
206 .d_name = "cuse_server",
207 .d_flags = D_TRACKCLOSE,
208 .d_read = cuse_server_read,
209 .d_write = cuse_server_write,
210 .d_poll = cuse_server_poll,
211 .d_mmap_single = cuse_server_mmap_single,
214 static void cuse_client_is_closing(struct cuse_client *);
215 static int cuse_free_unit_by_id_locked(struct cuse_server *, int);
226 mtx_unlock(&cuse_mtx);
230 cuse_cmd_lock(struct cuse_client_command *pccmd)
232 sx_xlock(&pccmd->sx);
236 cuse_cmd_unlock(struct cuse_client_command *pccmd)
238 sx_xunlock(&pccmd->sx);
242 cuse_kern_init(void *arg)
244 TAILQ_INIT(&cuse_server_head);
246 mtx_init(&cuse_mtx, "cuse-mtx", NULL, MTX_DEF);
248 cuse_dev = make_dev(&cuse_server_devsw, 0,
249 UID_ROOT, GID_OPERATOR, 0600, "cuse");
251 printf("Cuse v%d.%d.%d @ /dev/cuse\n",
252 (CUSE_VERSION >> 16) & 0xFF, (CUSE_VERSION >> 8) & 0xFF,
253 (CUSE_VERSION >> 0) & 0xFF);
255 SYSINIT(cuse_kern_init, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_init, NULL);
258 cuse_kern_uninit(void *arg)
264 printf("Cuse: Please exit all /dev/cuse instances "
265 "and processes which have used this device.\n");
267 pause("DRAIN", 2 * hz);
270 ptr = TAILQ_FIRST(&cuse_server_head);
277 if (cuse_dev != NULL)
278 destroy_dev(cuse_dev);
280 mtx_destroy(&cuse_mtx);
282 SYSUNINIT(cuse_kern_uninit, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_uninit, 0);
285 cuse_server_get(struct cuse_server **ppcs)
287 struct cuse_server *pcs;
290 error = devfs_get_cdevpriv((void **)&pcs);
295 /* check if closing */
297 if (pcs->is_closing) {
308 cuse_server_is_closing(struct cuse_server *pcs)
310 struct cuse_client *pcc;
317 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
318 cuse_client_is_closing(pcc);
322 static struct cuse_client_command *
323 cuse_server_find_command(struct cuse_server *pcs, struct thread *td)
325 struct cuse_client *pcc;
331 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
332 if (CUSE_CLIENT_CLOSING(pcc))
334 for (n = 0; n != CUSE_CMD_MAX; n++) {
335 if (pcc->cmds[n].entered == td)
336 return (&pcc->cmds[n]);
344 cuse_str_filter(char *ptr)
348 while (((c = *ptr) != 0)) {
350 if ((c >= 'a') && (c <= 'z')) {
354 if ((c >= 'A') && (c <= 'Z')) {
358 if ((c >= '0') && (c <= '9')) {
362 if ((c == '.') || (c == '_') || (c == '/')) {
373 cuse_convert_error(int error)
381 case CUSE_ERR_WOULDBLOCK:
382 return (EWOULDBLOCK);
383 case CUSE_ERR_INVALID:
385 case CUSE_ERR_NO_MEMORY:
389 case CUSE_ERR_SIGNAL:
391 case CUSE_ERR_NO_DEVICE:
399 cuse_vm_memory_free(struct cuse_memory *mem)
401 /* last user is gone - free */
402 vm_object_deallocate(mem->object);
404 /* free CUSE memory */
409 cuse_server_alloc_memory(struct cuse_server *pcs, uint32_t alloc_nr,
412 struct cuse_memory *temp;
413 struct cuse_memory *mem;
417 mem = malloc(sizeof(*mem), M_CUSE, M_WAITOK | M_ZERO);
421 object = vm_pager_allocate(OBJT_SWAP, NULL, PAGE_SIZE * page_count,
422 VM_PROT_DEFAULT, 0, curthread->td_ucred);
423 if (object == NULL) {
429 /* check if allocation number already exists */
430 TAILQ_FOREACH(temp, &pcs->hmem, entry) {
431 if (temp->alloc_nr == alloc_nr)
439 mem->object = object;
440 mem->page_count = page_count;
441 mem->alloc_nr = alloc_nr;
442 TAILQ_INSERT_TAIL(&pcs->hmem, mem, entry);
448 vm_object_deallocate(object);
455 cuse_server_free_memory(struct cuse_server *pcs, uint32_t alloc_nr)
457 struct cuse_memory *mem;
460 TAILQ_FOREACH(mem, &pcs->hmem, entry) {
461 if (mem->alloc_nr == alloc_nr)
468 TAILQ_REMOVE(&pcs->hmem, mem, entry);
471 cuse_vm_memory_free(mem);
477 cuse_client_get(struct cuse_client **ppcc)
479 struct cuse_client *pcc;
482 /* try to get private data */
483 error = devfs_get_cdevpriv((void **)&pcc);
488 /* check if closing */
490 if (CUSE_CLIENT_CLOSING(pcc) || pcc->server->is_closing) {
501 cuse_client_is_closing(struct cuse_client *pcc)
503 struct cuse_client_command *pccmd;
506 if (CUSE_CLIENT_CLOSING(pcc))
509 pcc->cflags |= CUSE_CLI_IS_CLOSING;
510 pcc->server_dev = NULL;
512 for (n = 0; n != CUSE_CMD_MAX; n++) {
514 pccmd = &pcc->cmds[n];
516 if (pccmd->entry.tqe_prev != NULL) {
517 TAILQ_REMOVE(&pcc->server->head, pccmd, entry);
518 pccmd->entry.tqe_prev = NULL;
520 cv_broadcast(&pccmd->cv);
525 cuse_client_send_command_locked(struct cuse_client_command *pccmd,
526 uintptr_t data_ptr, unsigned long arg, int fflags, int ioflag)
528 unsigned long cuse_fflags = 0;
529 struct cuse_server *pcs;
532 cuse_fflags |= CUSE_FFLAG_READ;
535 cuse_fflags |= CUSE_FFLAG_WRITE;
537 if (ioflag & IO_NDELAY)
538 cuse_fflags |= CUSE_FFLAG_NONBLOCK;
540 pccmd->sub.fflags = cuse_fflags;
541 pccmd->sub.data_pointer = data_ptr;
542 pccmd->sub.argument = arg;
544 pcs = pccmd->client->server;
546 if ((pccmd->entry.tqe_prev == NULL) &&
547 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) &&
548 (pcs->is_closing == 0)) {
549 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry);
555 cuse_client_got_signal(struct cuse_client_command *pccmd)
557 struct cuse_server *pcs;
559 pccmd->got_signal = 1;
561 pccmd = &pccmd->client->cmds[CUSE_CMD_SIGNAL];
563 pcs = pccmd->client->server;
565 if ((pccmd->entry.tqe_prev == NULL) &&
566 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) &&
567 (pcs->is_closing == 0)) {
568 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry);
574 cuse_client_receive_command_locked(struct cuse_client_command *pccmd,
575 uint8_t *arg_ptr, uint32_t arg_len)
581 pccmd->proc_curr = curthread->td_proc;
583 if (CUSE_CLIENT_CLOSING(pccmd->client) ||
584 pccmd->client->server->is_closing) {
585 error = CUSE_ERR_OTHER;
588 while (pccmd->command == CUSE_CMD_NONE) {
590 cv_wait(&pccmd->cv, &cuse_mtx);
592 error = cv_wait_sig(&pccmd->cv, &cuse_mtx);
595 cuse_client_got_signal(pccmd);
597 if (CUSE_CLIENT_CLOSING(pccmd->client) ||
598 pccmd->client->server->is_closing) {
599 error = CUSE_ERR_OTHER;
604 error = pccmd->error;
605 pccmd->command = CUSE_CMD_NONE;
606 cv_signal(&pccmd->cv);
610 /* wait until all process references are gone */
612 pccmd->proc_curr = NULL;
614 while (pccmd->proc_refs != 0)
615 cv_wait(&pccmd->cv, &cuse_mtx);
620 /*------------------------------------------------------------------------*
622 *------------------------------------------------------------------------*/
625 cuse_server_free_dev(struct cuse_server_dev *pcsd)
627 struct cuse_server *pcs;
628 struct cuse_client *pcc;
630 /* get server pointer */
633 /* prevent creation of more devices */
635 if (pcsd->kern_dev != NULL)
636 pcsd->kern_dev->si_drv1 = NULL;
638 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
639 if (pcc->server_dev == pcsd)
640 cuse_client_is_closing(pcc);
644 /* destroy device, if any */
645 if (pcsd->kern_dev != NULL) {
646 /* destroy device synchronously */
647 destroy_dev(pcsd->kern_dev);
653 cuse_server_unref(struct cuse_server *pcs)
655 struct cuse_server_dev *pcsd;
656 struct cuse_memory *mem;
660 if (pcs->refs != 0) {
664 cuse_server_is_closing(pcs);
665 /* final client wakeup, if any */
666 cuse_server_wakeup_all_client_locked(pcs);
668 TAILQ_REMOVE(&cuse_server_head, pcs, entry);
670 cuse_free_unit_by_id_locked(pcs, -1);
672 while ((pcsd = TAILQ_FIRST(&pcs->hdev)) != NULL) {
673 TAILQ_REMOVE(&pcs->hdev, pcsd, entry);
675 cuse_server_free_dev(pcsd);
679 while ((mem = TAILQ_FIRST(&pcs->hmem)) != NULL) {
680 TAILQ_REMOVE(&pcs->hmem, mem, entry);
682 cuse_vm_memory_free(mem);
686 knlist_clear(&pcs->selinfo.si_note, 1);
687 knlist_destroy(&pcs->selinfo.si_note);
691 seldrain(&pcs->selinfo);
693 cv_destroy(&pcs->cv);
699 cuse_server_free(void *arg)
701 struct cuse_server *pcs = arg;
704 cuse_server_unref(pcs);
708 cuse_server_open(struct cdev *dev, int fflags, int devtype, struct thread *td)
710 struct cuse_server *pcs;
712 pcs = malloc(sizeof(*pcs), M_CUSE, M_WAITOK | M_ZERO);
716 if (devfs_set_cdevpriv(pcs, &cuse_server_free)) {
717 printf("Cuse: Cannot set cdevpriv.\n");
721 /* store current process ID */
722 pcs->pid = curproc->p_pid;
724 TAILQ_INIT(&pcs->head);
725 TAILQ_INIT(&pcs->hdev);
726 TAILQ_INIT(&pcs->hcli);
727 TAILQ_INIT(&pcs->hmem);
729 cv_init(&pcs->cv, "cuse-server-cv");
731 knlist_init_mtx(&pcs->selinfo.si_note, &cuse_mtx);
735 TAILQ_INSERT_TAIL(&cuse_server_head, pcs, entry);
742 cuse_server_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
744 struct cuse_server *pcs;
747 error = cuse_server_get(&pcs);
752 cuse_server_is_closing(pcs);
753 /* final client wakeup, if any */
754 cuse_server_wakeup_all_client_locked(pcs);
756 knlist_clear(&pcs->selinfo.si_note, 1);
764 cuse_server_read(struct cdev *dev, struct uio *uio, int ioflag)
770 cuse_server_write(struct cdev *dev, struct uio *uio, int ioflag)
776 cuse_server_ioctl_copy_locked(struct cuse_client_command *pccmd,
777 struct cuse_data_chunk *pchk, int isread)
783 offset = pchk->peer_ptr - CUSE_BUF_MIN_PTR;
785 if (pchk->length > CUSE_BUFFER_MAX)
788 if (offset >= CUSE_BUFFER_MAX)
791 if ((offset + pchk->length) > CUSE_BUFFER_MAX)
794 p_proc = pccmd->proc_curr;
798 if (pccmd->proc_refs < 0)
807 (void *)pchk->local_ptr,
808 pccmd->client->ioctl_buffer + offset,
812 pccmd->client->ioctl_buffer + offset,
813 (void *)pchk->local_ptr,
821 if (pccmd->proc_curr == NULL)
822 cv_signal(&pccmd->cv);
828 cuse_proc2proc_copy(struct proc *proc_s, vm_offset_t data_s,
829 struct proc *proc_d, vm_offset_t data_d, size_t len)
832 struct proc *proc_cur;
836 proc_cur = td->td_proc;
838 if (proc_cur == proc_d) {
840 .iov_base = (caddr_t)data_d,
846 .uio_offset = (off_t)data_s,
848 .uio_segflg = UIO_USERSPACE,
854 error = proc_rwmem(proc_s, &uio);
857 } else if (proc_cur == proc_s) {
859 .iov_base = (caddr_t)data_s,
865 .uio_offset = (off_t)data_d,
867 .uio_segflg = UIO_USERSPACE,
873 error = proc_rwmem(proc_d, &uio);
882 cuse_server_data_copy_locked(struct cuse_client_command *pccmd,
883 struct cuse_data_chunk *pchk, int isread)
888 p_proc = pccmd->proc_curr;
892 if (pccmd->proc_refs < 0)
900 error = cuse_proc2proc_copy(
901 curthread->td_proc, pchk->local_ptr,
902 p_proc, pchk->peer_ptr,
905 error = cuse_proc2proc_copy(
906 p_proc, pchk->peer_ptr,
907 curthread->td_proc, pchk->local_ptr,
915 if (pccmd->proc_curr == NULL)
916 cv_signal(&pccmd->cv);
922 cuse_alloc_unit_by_id_locked(struct cuse_server *pcs, int id)
929 for (match = n = 0; n != CUSE_DEVICES_MAX; n++) {
930 if (cuse_alloc_unit[n] != NULL) {
931 if ((cuse_alloc_unit_id[n] ^ id) & CUSE_ID_MASK)
933 if ((cuse_alloc_unit_id[n] & ~CUSE_ID_MASK) == x) {
942 for (n = 0; n != CUSE_DEVICES_MAX; n++) {
943 if (cuse_alloc_unit[n] == NULL) {
944 cuse_alloc_unit[n] = pcs;
945 cuse_alloc_unit_id[n] = id | x;
954 cuse_server_wakeup_locked(struct cuse_server *pcs)
956 selwakeup(&pcs->selinfo);
957 KNOTE_LOCKED(&pcs->selinfo.si_note, 0);
961 cuse_server_wakeup_all_client_locked(struct cuse_server *pcs)
963 struct cuse_client *pcc;
965 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
966 pcc->cflags |= (CUSE_CLI_KNOTE_NEED_READ |
967 CUSE_CLI_KNOTE_NEED_WRITE);
969 cuse_server_wakeup_locked(pcs);
973 cuse_free_unit_by_id_locked(struct cuse_server *pcs, int id)
978 for (n = 0; n != CUSE_DEVICES_MAX; n++) {
979 if (cuse_alloc_unit[n] == pcs) {
980 if (cuse_alloc_unit_id[n] == id || id == -1) {
981 cuse_alloc_unit[n] = NULL;
982 cuse_alloc_unit_id[n] = 0;
988 return (found ? 0 : EINVAL);
992 cuse_server_ioctl(struct cdev *dev, unsigned long cmd,
993 caddr_t data, int fflag, struct thread *td)
995 struct cuse_server *pcs;
998 error = cuse_server_get(&pcs);
1003 struct cuse_client_command *pccmd;
1004 struct cuse_client *pcc;
1005 struct cuse_command *pcmd;
1006 struct cuse_alloc_info *pai;
1007 struct cuse_create_dev *pcd;
1008 struct cuse_server_dev *pcsd;
1009 struct cuse_data_chunk *pchk;
1012 case CUSE_IOCTL_GET_COMMAND:
1013 pcmd = (void *)data;
1017 while ((pccmd = TAILQ_FIRST(&pcs->head)) == NULL) {
1018 error = cv_wait_sig(&pcs->cv, &cuse_mtx);
1020 if (pcs->is_closing)
1029 TAILQ_REMOVE(&pcs->head, pccmd, entry);
1030 pccmd->entry.tqe_prev = NULL;
1032 pccmd->entered = curthread;
1040 case CUSE_IOCTL_SYNC_COMMAND:
1043 while ((pccmd = cuse_server_find_command(pcs, curthread)) != NULL) {
1045 /* send sync command */
1046 pccmd->entered = NULL;
1047 pccmd->error = *(int *)data;
1048 pccmd->command = CUSE_CMD_SYNC;
1050 /* signal peer, if any */
1051 cv_signal(&pccmd->cv);
1057 case CUSE_IOCTL_ALLOC_UNIT:
1060 n = cuse_alloc_unit_by_id_locked(pcs,
1061 CUSE_ID_DEFAULT(0));
1070 case CUSE_IOCTL_ALLOC_UNIT_BY_ID:
1074 n = (n & CUSE_ID_MASK);
1077 n = cuse_alloc_unit_by_id_locked(pcs, n);
1086 case CUSE_IOCTL_FREE_UNIT:
1090 n = CUSE_ID_DEFAULT(n);
1093 error = cuse_free_unit_by_id_locked(pcs, n);
1097 case CUSE_IOCTL_FREE_UNIT_BY_ID:
1102 error = cuse_free_unit_by_id_locked(pcs, n);
1106 case CUSE_IOCTL_ALLOC_MEMORY:
1110 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) {
1114 if (pai->page_count >= CUSE_ALLOC_PAGES_MAX) {
1118 error = cuse_server_alloc_memory(pcs,
1119 pai->alloc_nr, pai->page_count);
1122 case CUSE_IOCTL_FREE_MEMORY:
1125 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) {
1129 error = cuse_server_free_memory(pcs, pai->alloc_nr);
1132 case CUSE_IOCTL_GET_SIG:
1135 pccmd = cuse_server_find_command(pcs, curthread);
1137 if (pccmd != NULL) {
1138 n = pccmd->got_signal;
1139 pccmd->got_signal = 0;
1149 case CUSE_IOCTL_SET_PFH:
1152 pccmd = cuse_server_find_command(pcs, curthread);
1154 if (pccmd != NULL) {
1155 pcc = pccmd->client;
1156 for (n = 0; n != CUSE_CMD_MAX; n++) {
1157 pcc->cmds[n].sub.per_file_handle = *(uintptr_t *)data;
1165 case CUSE_IOCTL_CREATE_DEV:
1167 error = priv_check(curthread, PRIV_DRIVER);
1175 pcd->devname[sizeof(pcd->devname) - 1] = 0;
1177 if (pcd->devname[0] == 0) {
1181 cuse_str_filter(pcd->devname);
1183 pcd->permissions &= 0777;
1185 /* try to allocate a character device */
1187 pcsd = malloc(sizeof(*pcsd), M_CUSE, M_WAITOK | M_ZERO);
1195 pcsd->user_dev = pcd->dev;
1197 pcsd->kern_dev = make_dev_credf(MAKEDEV_CHECKNAME,
1198 &cuse_client_devsw, 0, NULL, pcd->user_id, pcd->group_id,
1199 pcd->permissions, "%s", pcd->devname);
1201 if (pcsd->kern_dev == NULL) {
1206 pcsd->kern_dev->si_drv1 = pcsd;
1209 TAILQ_INSERT_TAIL(&pcs->hdev, pcsd, entry);
1214 case CUSE_IOCTL_DESTROY_DEV:
1216 error = priv_check(curthread, PRIV_DRIVER);
1224 pcsd = TAILQ_FIRST(&pcs->hdev);
1225 while (pcsd != NULL) {
1226 if (pcsd->user_dev == *(struct cuse_dev **)data) {
1227 TAILQ_REMOVE(&pcs->hdev, pcsd, entry);
1229 cuse_server_free_dev(pcsd);
1232 pcsd = TAILQ_FIRST(&pcs->hdev);
1234 pcsd = TAILQ_NEXT(pcsd, entry);
1241 case CUSE_IOCTL_WRITE_DATA:
1242 case CUSE_IOCTL_READ_DATA:
1245 pchk = (struct cuse_data_chunk *)data;
1247 pccmd = cuse_server_find_command(pcs, curthread);
1249 if (pccmd == NULL) {
1250 error = ENXIO; /* invalid request */
1251 } else if (pchk->peer_ptr < CUSE_BUF_MIN_PTR) {
1252 error = EFAULT; /* NULL pointer */
1253 } else if (pchk->peer_ptr < CUSE_BUF_MAX_PTR) {
1254 error = cuse_server_ioctl_copy_locked(pccmd,
1255 pchk, cmd == CUSE_IOCTL_READ_DATA);
1257 error = cuse_server_data_copy_locked(pccmd,
1258 pchk, cmd == CUSE_IOCTL_READ_DATA);
1263 case CUSE_IOCTL_SELWAKEUP:
1266 * We don't know which direction caused the event.
1269 cuse_server_wakeup_all_client_locked(pcs);
1281 cuse_server_poll(struct cdev *dev, int events, struct thread *td)
1283 return (events & (POLLHUP | POLLPRI | POLLIN |
1284 POLLRDNORM | POLLOUT | POLLWRNORM));
1288 cuse_server_mmap_single(struct cdev *dev, vm_ooffset_t *offset,
1289 vm_size_t size, struct vm_object **object, int nprot)
1291 uint32_t page_nr = *offset / PAGE_SIZE;
1292 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX;
1293 struct cuse_memory *mem;
1294 struct cuse_server *pcs;
1297 error = cuse_server_get(&pcs);
1302 /* lookup memory structure */
1303 TAILQ_FOREACH(mem, &pcs->hmem, entry) {
1304 if (mem->alloc_nr == alloc_nr)
1311 /* verify page offset */
1312 page_nr %= CUSE_ALLOC_PAGES_MAX;
1313 if (page_nr >= mem->page_count) {
1317 /* verify mmap size */
1318 if ((size % PAGE_SIZE) != 0 || (size < PAGE_SIZE) ||
1319 (size > ((mem->page_count - page_nr) * PAGE_SIZE))) {
1323 vm_object_reference(mem->object);
1324 *object = mem->object;
1327 /* set new VM object offset to use */
1328 *offset = page_nr * PAGE_SIZE;
1334 /*------------------------------------------------------------------------*
1336 *------------------------------------------------------------------------*/
1338 cuse_client_free(void *arg)
1340 struct cuse_client *pcc = arg;
1341 struct cuse_client_command *pccmd;
1342 struct cuse_server *pcs;
1346 cuse_client_is_closing(pcc);
1347 TAILQ_REMOVE(&pcc->server->hcli, pcc, entry);
1350 for (n = 0; n != CUSE_CMD_MAX; n++) {
1352 pccmd = &pcc->cmds[n];
1354 sx_destroy(&pccmd->sx);
1355 cv_destroy(&pccmd->cv);
1362 /* drop reference on server */
1363 cuse_server_unref(pcs);
1367 cuse_client_open(struct cdev *dev, int fflags, int devtype, struct thread *td)
1369 struct cuse_client_command *pccmd;
1370 struct cuse_server_dev *pcsd;
1371 struct cuse_client *pcc;
1372 struct cuse_server *pcs;
1373 struct cuse_dev *pcd;
1378 pcsd = dev->si_drv1;
1381 pcd = pcsd->user_dev;
1383 * Check that the refcount didn't wrap and that the
1384 * same process is not both client and server. This
1385 * can easily lead to deadlocks when destroying the
1386 * CUSE character device nodes:
1389 if (pcs->refs < 0 || pcs->pid == curproc->p_pid) {
1390 /* overflow or wrong PID */
1403 pcc = malloc(sizeof(*pcc), M_CUSE, M_WAITOK | M_ZERO);
1405 /* drop reference on server */
1406 cuse_server_unref(pcs);
1409 if (devfs_set_cdevpriv(pcc, &cuse_client_free)) {
1410 printf("Cuse: Cannot set cdevpriv.\n");
1411 /* drop reference on server */
1412 cuse_server_unref(pcs);
1416 pcc->fflags = fflags;
1417 pcc->server_dev = pcsd;
1420 for (n = 0; n != CUSE_CMD_MAX; n++) {
1422 pccmd = &pcc->cmds[n];
1424 pccmd->sub.dev = pcd;
1425 pccmd->sub.command = n;
1426 pccmd->client = pcc;
1428 sx_init(&pccmd->sx, "cuse-client-sx");
1429 cv_init(&pccmd->cv, "cuse-client-cv");
1434 /* cuse_client_free() assumes that the client is listed somewhere! */
1435 /* always enqueue */
1437 TAILQ_INSERT_TAIL(&pcs->hcli, pcc, entry);
1439 /* check if server is closing */
1440 if ((pcs->is_closing != 0) || (dev->si_drv1 == NULL)) {
1448 devfs_clear_cdevpriv(); /* XXX bugfix */
1451 pccmd = &pcc->cmds[CUSE_CMD_OPEN];
1453 cuse_cmd_lock(pccmd);
1456 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0);
1458 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1462 error = cuse_convert_error(error);
1467 cuse_cmd_unlock(pccmd);
1470 devfs_clear_cdevpriv(); /* XXX bugfix */
1476 cuse_client_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
1478 struct cuse_client_command *pccmd;
1479 struct cuse_client *pcc;
1482 error = cuse_client_get(&pcc);
1486 pccmd = &pcc->cmds[CUSE_CMD_CLOSE];
1488 cuse_cmd_lock(pccmd);
1491 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0);
1493 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1496 cuse_cmd_unlock(pccmd);
1499 cuse_client_is_closing(pcc);
1506 cuse_client_kqfilter_poll(struct cdev *dev, struct cuse_client *pcc)
1511 temp = (pcc->cflags & (CUSE_CLI_KNOTE_HAS_READ |
1512 CUSE_CLI_KNOTE_HAS_WRITE));
1513 pcc->cflags &= ~(CUSE_CLI_KNOTE_NEED_READ |
1514 CUSE_CLI_KNOTE_NEED_WRITE);
1518 /* get the latest polling state from the server */
1519 temp = cuse_client_poll(dev, POLLIN | POLLOUT, NULL);
1521 if (temp & (POLLIN | POLLOUT)) {
1524 pcc->cflags |= CUSE_CLI_KNOTE_NEED_READ;
1526 pcc->cflags |= CUSE_CLI_KNOTE_NEED_WRITE;
1528 /* make sure the "knote" gets woken up */
1529 cuse_server_wakeup_locked(pcc->server);
1536 cuse_client_read(struct cdev *dev, struct uio *uio, int ioflag)
1538 struct cuse_client_command *pccmd;
1539 struct cuse_client *pcc;
1543 error = cuse_client_get(&pcc);
1547 pccmd = &pcc->cmds[CUSE_CMD_READ];
1549 if (uio->uio_segflg != UIO_USERSPACE) {
1552 uio->uio_segflg = UIO_NOCOPY;
1554 cuse_cmd_lock(pccmd);
1556 while (uio->uio_resid != 0) {
1558 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) {
1562 len = uio->uio_iov->iov_len;
1565 cuse_client_send_command_locked(pccmd,
1566 (uintptr_t)uio->uio_iov->iov_base,
1567 (unsigned long)(unsigned int)len, pcc->fflags, ioflag);
1569 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1573 error = cuse_convert_error(error);
1575 } else if (error == len) {
1576 error = uiomove(NULL, error, uio);
1580 error = uiomove(NULL, error, uio);
1584 cuse_cmd_unlock(pccmd);
1586 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */
1588 if (error == EWOULDBLOCK)
1589 cuse_client_kqfilter_poll(dev, pcc);
1595 cuse_client_write(struct cdev *dev, struct uio *uio, int ioflag)
1597 struct cuse_client_command *pccmd;
1598 struct cuse_client *pcc;
1602 error = cuse_client_get(&pcc);
1606 pccmd = &pcc->cmds[CUSE_CMD_WRITE];
1608 if (uio->uio_segflg != UIO_USERSPACE) {
1611 uio->uio_segflg = UIO_NOCOPY;
1613 cuse_cmd_lock(pccmd);
1615 while (uio->uio_resid != 0) {
1617 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) {
1621 len = uio->uio_iov->iov_len;
1624 cuse_client_send_command_locked(pccmd,
1625 (uintptr_t)uio->uio_iov->iov_base,
1626 (unsigned long)(unsigned int)len, pcc->fflags, ioflag);
1628 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1632 error = cuse_convert_error(error);
1634 } else if (error == len) {
1635 error = uiomove(NULL, error, uio);
1639 error = uiomove(NULL, error, uio);
1643 cuse_cmd_unlock(pccmd);
1645 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */
1647 if (error == EWOULDBLOCK)
1648 cuse_client_kqfilter_poll(dev, pcc);
1654 cuse_client_ioctl(struct cdev *dev, unsigned long cmd,
1655 caddr_t data, int fflag, struct thread *td)
1657 struct cuse_client_command *pccmd;
1658 struct cuse_client *pcc;
1662 error = cuse_client_get(&pcc);
1666 len = IOCPARM_LEN(cmd);
1667 if (len > CUSE_BUFFER_MAX)
1670 pccmd = &pcc->cmds[CUSE_CMD_IOCTL];
1672 cuse_cmd_lock(pccmd);
1674 if (cmd & (IOC_IN | IOC_VOID))
1675 memcpy(pcc->ioctl_buffer, data, len);
1678 * When the ioctl-length is zero drivers can pass information
1679 * through the data pointer of the ioctl. Make sure this information
1680 * is forwarded to the driver.
1684 cuse_client_send_command_locked(pccmd,
1685 (len == 0) ? *(long *)data : CUSE_BUF_MIN_PTR,
1686 (unsigned long)cmd, pcc->fflags,
1687 (fflag & O_NONBLOCK) ? IO_NDELAY : 0);
1689 error = cuse_client_receive_command_locked(pccmd, data, len);
1693 error = cuse_convert_error(error);
1699 memcpy(data, pcc->ioctl_buffer, len);
1701 cuse_cmd_unlock(pccmd);
1703 if (error == EWOULDBLOCK)
1704 cuse_client_kqfilter_poll(dev, pcc);
1710 cuse_client_poll(struct cdev *dev, int events, struct thread *td)
1712 struct cuse_client_command *pccmd;
1713 struct cuse_client *pcc;
1718 error = cuse_client_get(&pcc);
1724 if (events & (POLLPRI | POLLIN | POLLRDNORM))
1725 temp |= CUSE_POLL_READ;
1727 if (events & (POLLOUT | POLLWRNORM))
1728 temp |= CUSE_POLL_WRITE;
1730 if (events & POLLHUP)
1731 temp |= CUSE_POLL_ERROR;
1733 pccmd = &pcc->cmds[CUSE_CMD_POLL];
1735 cuse_cmd_lock(pccmd);
1737 /* Need to selrecord() first to not loose any events. */
1738 if (temp != 0 && td != NULL)
1739 selrecord(td, &pcc->server->selinfo);
1742 cuse_client_send_command_locked(pccmd,
1743 0, temp, pcc->fflags, IO_NDELAY);
1745 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1748 cuse_cmd_unlock(pccmd);
1754 if (error & CUSE_POLL_READ)
1755 revents |= (events & (POLLPRI | POLLIN | POLLRDNORM));
1756 if (error & CUSE_POLL_WRITE)
1757 revents |= (events & (POLLOUT | POLLWRNORM));
1758 if (error & CUSE_POLL_ERROR)
1759 revents |= (events & POLLHUP);
1764 /* XXX many clients don't understand POLLNVAL */
1765 return (events & (POLLHUP | POLLPRI | POLLIN |
1766 POLLRDNORM | POLLOUT | POLLWRNORM));
1770 cuse_client_mmap_single(struct cdev *dev, vm_ooffset_t *offset,
1771 vm_size_t size, struct vm_object **object, int nprot)
1773 uint32_t page_nr = *offset / PAGE_SIZE;
1774 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX;
1775 struct cuse_memory *mem;
1776 struct cuse_client *pcc;
1779 error = cuse_client_get(&pcc);
1784 /* lookup memory structure */
1785 TAILQ_FOREACH(mem, &pcc->server->hmem, entry) {
1786 if (mem->alloc_nr == alloc_nr)
1793 /* verify page offset */
1794 page_nr %= CUSE_ALLOC_PAGES_MAX;
1795 if (page_nr >= mem->page_count) {
1799 /* verify mmap size */
1800 if ((size % PAGE_SIZE) != 0 || (size < PAGE_SIZE) ||
1801 (size > ((mem->page_count - page_nr) * PAGE_SIZE))) {
1805 vm_object_reference(mem->object);
1806 *object = mem->object;
1809 /* set new VM object offset to use */
1810 *offset = page_nr * PAGE_SIZE;
1817 cuse_client_kqfilter_read_detach(struct knote *kn)
1819 struct cuse_client *pcc;
1823 knlist_remove(&pcc->server->selinfo.si_note, kn, 1);
1828 cuse_client_kqfilter_write_detach(struct knote *kn)
1830 struct cuse_client *pcc;
1834 knlist_remove(&pcc->server->selinfo.si_note, kn, 1);
1839 cuse_client_kqfilter_read_event(struct knote *kn, long hint)
1841 struct cuse_client *pcc;
1843 mtx_assert(&cuse_mtx, MA_OWNED);
1846 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_READ) ? 1 : 0);
1850 cuse_client_kqfilter_write_event(struct knote *kn, long hint)
1852 struct cuse_client *pcc;
1854 mtx_assert(&cuse_mtx, MA_OWNED);
1857 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_WRITE) ? 1 : 0);
1861 cuse_client_kqfilter(struct cdev *dev, struct knote *kn)
1863 struct cuse_client *pcc;
1864 struct cuse_server *pcs;
1867 error = cuse_client_get(&pcc);
1873 switch (kn->kn_filter) {
1875 pcc->cflags |= CUSE_CLI_KNOTE_HAS_READ;
1877 kn->kn_fop = &cuse_client_kqfilter_read_ops;
1878 knlist_add(&pcs->selinfo.si_note, kn, 1);
1881 pcc->cflags |= CUSE_CLI_KNOTE_HAS_WRITE;
1883 kn->kn_fop = &cuse_client_kqfilter_write_ops;
1884 knlist_add(&pcs->selinfo.si_note, kn, 1);
1893 cuse_client_kqfilter_poll(dev, pcc);
projects / FreeBSD / FreeBSD.git / blob