3 * Copyright (c) 2010-2013 Hans Petter Selasky. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include "opt_compat.h"
29 #include <sys/stdint.h>
30 #include <sys/stddef.h>
31 #include <sys/param.h>
32 #include <sys/types.h>
33 #include <sys/systm.h>
35 #include <sys/kernel.h>
37 #include <sys/linker_set.h>
38 #include <sys/module.h>
40 #include <sys/mutex.h>
41 #include <sys/condvar.h>
42 #include <sys/sysctl.h>
43 #include <sys/unistd.h>
44 #include <sys/malloc.h>
49 #include <sys/queue.h>
50 #include <sys/fcntl.h>
52 #include <sys/vnode.h>
53 #include <sys/selinfo.h>
54 #include <sys/ptrace.h>
56 #include <machine/bus.h>
61 #include <fs/cuse/cuse_defs.h>
62 #include <fs/cuse/cuse_ioctl.h>
64 MODULE_VERSION(cuse, 1);
66 #define NBUSY ((uint8_t *)1)
69 FEATURE(cuse, "Userspace character devices");
76 struct cuse_client_command {
77 TAILQ_ENTRY(cuse_client_command) entry;
78 struct cuse_command sub;
81 struct thread *entered;
82 struct cuse_client *client;
83 struct proc *proc_curr;
91 struct cuse_server *owner;
94 uint32_t is_allocated;
97 struct cuse_server_dev {
98 TAILQ_ENTRY(cuse_server_dev) entry;
99 struct cuse_server *server;
100 struct cdev *kern_dev;
101 struct cuse_dev *user_dev;
105 TAILQ_ENTRY(cuse_server) entry;
106 TAILQ_HEAD(, cuse_client_command) head;
107 TAILQ_HEAD(, cuse_server_dev) hdev;
108 TAILQ_HEAD(, cuse_client) hcli;
110 struct selinfo selinfo;
116 TAILQ_ENTRY(cuse_client) entry;
117 TAILQ_ENTRY(cuse_client) entry_ref;
118 struct cuse_client_command cmds[CUSE_CMD_MAX];
119 struct cuse_server *server;
120 struct cuse_server_dev *server_dev;
122 uint8_t ioctl_buffer[CUSE_BUFFER_MAX] __aligned(4);
124 int fflags; /* file flags */
125 int cflags; /* client flags */
126 #define CUSE_CLI_IS_CLOSING 0x01
127 #define CUSE_CLI_KNOTE_NEED_READ 0x02
128 #define CUSE_CLI_KNOTE_NEED_WRITE 0x04
129 #define CUSE_CLI_KNOTE_HAS_READ 0x08
130 #define CUSE_CLI_KNOTE_HAS_WRITE 0x10
133 #define CUSE_CLIENT_CLOSING(pcc) \
134 ((pcc)->cflags & CUSE_CLI_IS_CLOSING)
136 static MALLOC_DEFINE(M_CUSE, "cuse", "CUSE memory");
138 static TAILQ_HEAD(, cuse_server) cuse_server_head;
139 static struct mtx cuse_mtx;
140 static struct cdev *cuse_dev;
141 static struct cuse_server *cuse_alloc_unit[CUSE_DEVICES_MAX];
142 static int cuse_alloc_unit_id[CUSE_DEVICES_MAX];
143 static struct cuse_memory cuse_mem[CUSE_ALLOC_UNIT_MAX];
145 static void cuse_client_kqfilter_read_detach(struct knote *kn);
146 static void cuse_client_kqfilter_write_detach(struct knote *kn);
147 static int cuse_client_kqfilter_read_event(struct knote *kn, long hint);
148 static int cuse_client_kqfilter_write_event(struct knote *kn, long hint);
150 static struct filterops cuse_client_kqfilter_read_ops = {
152 .f_detach = cuse_client_kqfilter_read_detach,
153 .f_event = cuse_client_kqfilter_read_event,
156 static struct filterops cuse_client_kqfilter_write_ops = {
158 .f_detach = cuse_client_kqfilter_write_detach,
159 .f_event = cuse_client_kqfilter_write_event,
162 static d_open_t cuse_client_open;
163 static d_close_t cuse_client_close;
164 static d_ioctl_t cuse_client_ioctl;
165 static d_read_t cuse_client_read;
166 static d_write_t cuse_client_write;
167 static d_poll_t cuse_client_poll;
168 static d_mmap_t cuse_client_mmap;
169 static d_kqfilter_t cuse_client_kqfilter;
171 static struct cdevsw cuse_client_devsw = {
172 .d_version = D_VERSION,
173 .d_open = cuse_client_open,
174 .d_close = cuse_client_close,
175 .d_ioctl = cuse_client_ioctl,
176 .d_name = "cuse_client",
177 .d_flags = D_TRACKCLOSE,
178 .d_read = cuse_client_read,
179 .d_write = cuse_client_write,
180 .d_poll = cuse_client_poll,
181 .d_mmap = cuse_client_mmap,
182 .d_kqfilter = cuse_client_kqfilter,
185 static d_open_t cuse_server_open;
186 static d_close_t cuse_server_close;
187 static d_ioctl_t cuse_server_ioctl;
188 static d_read_t cuse_server_read;
189 static d_write_t cuse_server_write;
190 static d_poll_t cuse_server_poll;
191 static d_mmap_t cuse_server_mmap;
193 static struct cdevsw cuse_server_devsw = {
194 .d_version = D_VERSION,
195 .d_open = cuse_server_open,
196 .d_close = cuse_server_close,
197 .d_ioctl = cuse_server_ioctl,
198 .d_name = "cuse_server",
199 .d_flags = D_TRACKCLOSE,
200 .d_read = cuse_server_read,
201 .d_write = cuse_server_write,
202 .d_poll = cuse_server_poll,
203 .d_mmap = cuse_server_mmap,
206 static void cuse_client_is_closing(struct cuse_client *);
207 static int cuse_free_unit_by_id_locked(struct cuse_server *, int);
218 mtx_unlock(&cuse_mtx);
222 cuse_cmd_lock(struct cuse_client_command *pccmd)
224 sx_xlock(&pccmd->sx);
228 cuse_cmd_unlock(struct cuse_client_command *pccmd)
230 sx_xunlock(&pccmd->sx);
234 cuse_kern_init(void *arg)
236 TAILQ_INIT(&cuse_server_head);
238 mtx_init(&cuse_mtx, "cuse-mtx", NULL, MTX_DEF);
240 cuse_dev = make_dev(&cuse_server_devsw, 0,
241 UID_ROOT, GID_OPERATOR, 0600, "cuse");
243 printf("Cuse v%d.%d.%d @ /dev/cuse\n",
244 (CUSE_VERSION >> 16) & 0xFF, (CUSE_VERSION >> 8) & 0xFF,
245 (CUSE_VERSION >> 0) & 0xFF);
248 SYSINIT(cuse_kern_init, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_init, 0);
251 cuse_kern_uninit(void *arg)
257 printf("Cuse: Please exit all /dev/cuse instances "
258 "and processes which have used this device.\n");
260 pause("DRAIN", 2 * hz);
263 ptr = TAILQ_FIRST(&cuse_server_head);
270 if (cuse_dev != NULL)
271 destroy_dev(cuse_dev);
273 mtx_destroy(&cuse_mtx);
276 SYSUNINIT(cuse_kern_uninit, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_uninit, 0);
279 cuse_server_get(struct cuse_server **ppcs)
281 struct cuse_server *pcs;
284 error = devfs_get_cdevpriv((void **)&pcs);
289 /* check if closing */
291 if (pcs->is_closing) {
302 cuse_server_is_closing(struct cuse_server *pcs)
304 struct cuse_client *pcc;
311 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
312 cuse_client_is_closing(pcc);
316 static struct cuse_client_command *
317 cuse_server_find_command(struct cuse_server *pcs, struct thread *td)
319 struct cuse_client *pcc;
325 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
326 if (CUSE_CLIENT_CLOSING(pcc))
328 for (n = 0; n != CUSE_CMD_MAX; n++) {
329 if (pcc->cmds[n].entered == td)
330 return (&pcc->cmds[n]);
338 cuse_str_filter(char *ptr)
342 while (((c = *ptr) != 0)) {
344 if ((c >= 'a') && (c <= 'z')) {
348 if ((c >= 'A') && (c <= 'Z')) {
352 if ((c >= '0') && (c <= '9')) {
356 if ((c == '.') || (c == '_') || (c == '/')) {
367 cuse_convert_error(int error)
375 case CUSE_ERR_WOULDBLOCK:
376 return (EWOULDBLOCK);
377 case CUSE_ERR_INVALID:
379 case CUSE_ERR_NO_MEMORY:
383 case CUSE_ERR_SIGNAL:
391 cuse_server_free_memory(struct cuse_server *pcs)
393 struct cuse_memory *mem;
396 for (n = 0; n != CUSE_ALLOC_UNIT_MAX; n++) {
399 /* this memory is never freed */
400 if (mem->owner == pcs) {
402 mem->is_allocated = 0;
408 cuse_server_alloc_memory(struct cuse_server *pcs,
409 struct cuse_memory *mem, uint32_t page_count)
416 if (mem->virtaddr == NBUSY) {
420 if (mem->virtaddr != NULL) {
421 if (mem->is_allocated != 0) {
425 if (mem->page_count == page_count) {
426 mem->is_allocated = 1;
434 memset(mem, 0, sizeof(*mem));
436 mem->virtaddr = NBUSY;
440 ptr = malloc(page_count * PAGE_SIZE, M_CUSE, M_WAITOK | M_ZERO);
449 mem->virtaddr = NULL;
454 mem->page_count = page_count;
455 mem->is_allocated = 1;
463 cuse_client_get(struct cuse_client **ppcc)
465 struct cuse_client *pcc;
468 /* try to get private data */
469 error = devfs_get_cdevpriv((void **)&pcc);
474 /* check if closing */
476 if (CUSE_CLIENT_CLOSING(pcc) || pcc->server->is_closing) {
487 cuse_client_is_closing(struct cuse_client *pcc)
489 struct cuse_client_command *pccmd;
492 if (CUSE_CLIENT_CLOSING(pcc))
495 pcc->cflags |= CUSE_CLI_IS_CLOSING;
496 pcc->server_dev = NULL;
498 for (n = 0; n != CUSE_CMD_MAX; n++) {
500 pccmd = &pcc->cmds[n];
502 if (pccmd->entry.tqe_prev != NULL) {
503 TAILQ_REMOVE(&pcc->server->head, pccmd, entry);
504 pccmd->entry.tqe_prev = NULL;
506 cv_broadcast(&pccmd->cv);
511 cuse_client_send_command_locked(struct cuse_client_command *pccmd,
512 unsigned long data_ptr, unsigned long arg, int fflags, int ioflag)
514 unsigned long cuse_fflags = 0;
515 struct cuse_server *pcs;
518 cuse_fflags |= CUSE_FFLAG_READ;
521 cuse_fflags |= CUSE_FFLAG_WRITE;
523 if (ioflag & IO_NDELAY)
524 cuse_fflags |= CUSE_FFLAG_NONBLOCK;
526 pccmd->sub.fflags = cuse_fflags;
527 pccmd->sub.data_pointer = data_ptr;
528 pccmd->sub.argument = arg;
530 pcs = pccmd->client->server;
532 if ((pccmd->entry.tqe_prev == NULL) &&
533 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) &&
534 (pcs->is_closing == 0)) {
535 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry);
541 cuse_client_got_signal(struct cuse_client_command *pccmd)
543 struct cuse_server *pcs;
545 pccmd->got_signal = 1;
547 pccmd = &pccmd->client->cmds[CUSE_CMD_SIGNAL];
549 pcs = pccmd->client->server;
551 if ((pccmd->entry.tqe_prev == NULL) &&
552 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) &&
553 (pcs->is_closing == 0)) {
554 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry);
560 cuse_client_receive_command_locked(struct cuse_client_command *pccmd,
561 uint8_t *arg_ptr, uint32_t arg_len)
567 pccmd->proc_curr = curthread->td_proc;
569 if (CUSE_CLIENT_CLOSING(pccmd->client) ||
570 pccmd->client->server->is_closing) {
571 error = CUSE_ERR_OTHER;
574 while (pccmd->command == CUSE_CMD_NONE) {
576 cv_wait(&pccmd->cv, &cuse_mtx);
578 error = cv_wait_sig(&pccmd->cv, &cuse_mtx);
581 cuse_client_got_signal(pccmd);
583 if (CUSE_CLIENT_CLOSING(pccmd->client) ||
584 pccmd->client->server->is_closing) {
585 error = CUSE_ERR_OTHER;
590 error = pccmd->error;
591 pccmd->command = CUSE_CMD_NONE;
592 cv_signal(&pccmd->cv);
596 /* wait until all process references are gone */
598 pccmd->proc_curr = NULL;
600 while (pccmd->proc_refs != 0)
601 cv_wait(&pccmd->cv, &cuse_mtx);
606 /*------------------------------------------------------------------------*
608 *------------------------------------------------------------------------*/
611 cuse_server_free_dev(struct cuse_server_dev *pcsd)
613 struct cuse_server *pcs;
614 struct cuse_client *pcc;
616 /* get server pointer */
619 /* prevent creation of more devices */
621 if (pcsd->kern_dev != NULL)
622 pcsd->kern_dev->si_drv1 = NULL;
624 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
625 if (pcc->server_dev == pcsd)
626 cuse_client_is_closing(pcc);
630 /* destroy device, if any */
631 if (pcsd->kern_dev != NULL) {
632 /* destroy device synchronously */
633 destroy_dev(pcsd->kern_dev);
639 cuse_server_free(void *arg)
641 struct cuse_server *pcs = arg;
642 struct cuse_server_dev *pcsd;
646 if (pcs->refs != 0) {
650 cuse_server_is_closing(pcs);
652 TAILQ_REMOVE(&cuse_server_head, pcs, entry);
654 cuse_free_unit_by_id_locked(pcs, -1);
656 while ((pcsd = TAILQ_FIRST(&pcs->hdev)) != NULL) {
657 TAILQ_REMOVE(&pcs->hdev, pcsd, entry);
659 cuse_server_free_dev(pcsd);
663 cuse_server_free_memory(pcs);
665 knlist_clear(&pcs->selinfo.si_note, 1);
666 knlist_destroy(&pcs->selinfo.si_note);
670 seldrain(&pcs->selinfo);
672 cv_destroy(&pcs->cv);
678 cuse_server_open(struct cdev *dev, int fflags, int devtype, struct thread *td)
680 struct cuse_server *pcs;
682 pcs = malloc(sizeof(*pcs), M_CUSE, M_WAITOK | M_ZERO);
686 if (devfs_set_cdevpriv(pcs, &cuse_server_free)) {
687 printf("Cuse: Cannot set cdevpriv.\n");
691 TAILQ_INIT(&pcs->head);
692 TAILQ_INIT(&pcs->hdev);
693 TAILQ_INIT(&pcs->hcli);
695 cv_init(&pcs->cv, "cuse-server-cv");
697 knlist_init_mtx(&pcs->selinfo.si_note, &cuse_mtx);
701 TAILQ_INSERT_TAIL(&cuse_server_head, pcs, entry);
708 cuse_server_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
710 struct cuse_server *pcs;
713 error = cuse_server_get(&pcs);
718 cuse_server_is_closing(pcs);
719 knlist_clear(&pcs->selinfo.si_note, 1);
727 cuse_server_read(struct cdev *dev, struct uio *uio, int ioflag)
733 cuse_server_write(struct cdev *dev, struct uio *uio, int ioflag)
739 cuse_server_ioctl_copy_locked(struct cuse_client_command *pccmd,
740 struct cuse_data_chunk *pchk, int isread)
746 offset = pchk->peer_ptr - CUSE_BUF_MIN_PTR;
748 if (pchk->length > CUSE_BUFFER_MAX)
751 if (offset >= CUSE_BUFFER_MAX)
754 if ((offset + pchk->length) > CUSE_BUFFER_MAX)
757 p_proc = pccmd->proc_curr;
761 if (pccmd->proc_refs < 0)
770 (void *)pchk->local_ptr,
771 pccmd->client->ioctl_buffer + offset,
775 pccmd->client->ioctl_buffer + offset,
776 (void *)pchk->local_ptr,
784 if (pccmd->proc_curr == NULL)
785 cv_signal(&pccmd->cv);
791 cuse_proc2proc_copy(struct proc *proc_s, vm_offset_t data_s,
792 struct proc *proc_d, vm_offset_t data_d, size_t len)
795 struct proc *proc_cur;
799 proc_cur = td->td_proc;
801 if (proc_cur == proc_d) {
803 .iov_base = (caddr_t)data_d,
809 .uio_offset = (off_t)data_s,
811 .uio_segflg = UIO_USERSPACE,
817 error = proc_rwmem(proc_s, &uio);
820 } else if (proc_cur == proc_s) {
822 .iov_base = (caddr_t)data_s,
828 .uio_offset = (off_t)data_d,
830 .uio_segflg = UIO_USERSPACE,
836 error = proc_rwmem(proc_d, &uio);
845 cuse_server_data_copy_locked(struct cuse_client_command *pccmd,
846 struct cuse_data_chunk *pchk, int isread)
851 p_proc = pccmd->proc_curr;
855 if (pccmd->proc_refs < 0)
863 error = cuse_proc2proc_copy(
864 curthread->td_proc, pchk->local_ptr,
865 p_proc, pchk->peer_ptr,
868 error = cuse_proc2proc_copy(
869 p_proc, pchk->peer_ptr,
870 curthread->td_proc, pchk->local_ptr,
878 if (pccmd->proc_curr == NULL)
879 cv_signal(&pccmd->cv);
885 cuse_alloc_unit_by_id_locked(struct cuse_server *pcs, int id)
892 for (match = n = 0; n != CUSE_DEVICES_MAX; n++) {
893 if (cuse_alloc_unit[n] != NULL) {
894 if ((cuse_alloc_unit_id[n] ^ id) & CUSE_ID_MASK)
896 if ((cuse_alloc_unit_id[n] & ~CUSE_ID_MASK) == x) {
905 for (n = 0; n != CUSE_DEVICES_MAX; n++) {
906 if (cuse_alloc_unit[n] == NULL) {
907 cuse_alloc_unit[n] = pcs;
908 cuse_alloc_unit_id[n] = id | x;
917 cuse_server_wakeup_locked(struct cuse_server *pcs)
919 selwakeup(&pcs->selinfo);
920 KNOTE_LOCKED(&pcs->selinfo.si_note, 0);
924 cuse_free_unit_by_id_locked(struct cuse_server *pcs, int id)
929 for (n = 0; n != CUSE_DEVICES_MAX; n++) {
930 if (cuse_alloc_unit[n] == pcs) {
931 if (cuse_alloc_unit_id[n] == id || id == -1) {
932 cuse_alloc_unit[n] = NULL;
933 cuse_alloc_unit_id[n] = 0;
939 return (found ? 0 : EINVAL);
943 cuse_server_ioctl(struct cdev *dev, unsigned long cmd,
944 caddr_t data, int fflag, struct thread *td)
946 struct cuse_server *pcs;
949 error = cuse_server_get(&pcs);
954 struct cuse_client_command *pccmd;
955 struct cuse_client *pcc;
956 struct cuse_command *pcmd;
957 struct cuse_alloc_info *pai;
958 struct cuse_create_dev *pcd;
959 struct cuse_server_dev *pcsd;
960 struct cuse_data_chunk *pchk;
963 case CUSE_IOCTL_GET_COMMAND:
968 while ((pccmd = TAILQ_FIRST(&pcs->head)) == NULL) {
969 error = cv_wait_sig(&pcs->cv, &cuse_mtx);
980 TAILQ_REMOVE(&pcs->head, pccmd, entry);
981 pccmd->entry.tqe_prev = NULL;
983 pccmd->entered = curthread;
991 case CUSE_IOCTL_SYNC_COMMAND:
994 while ((pccmd = cuse_server_find_command(pcs, curthread)) != NULL) {
996 /* send sync command */
997 pccmd->entered = NULL;
998 pccmd->error = *(int *)data;
999 pccmd->command = CUSE_CMD_SYNC;
1001 /* signal peer, if any */
1002 cv_signal(&pccmd->cv);
1008 case CUSE_IOCTL_ALLOC_UNIT:
1011 n = cuse_alloc_unit_by_id_locked(pcs,
1012 CUSE_ID_DEFAULT(0));
1021 case CUSE_IOCTL_ALLOC_UNIT_BY_ID:
1025 n = (n & CUSE_ID_MASK);
1028 n = cuse_alloc_unit_by_id_locked(pcs, n);
1037 case CUSE_IOCTL_FREE_UNIT:
1041 n = CUSE_ID_DEFAULT(n);
1044 error = cuse_free_unit_by_id_locked(pcs, n);
1048 case CUSE_IOCTL_FREE_UNIT_BY_ID:
1053 error = cuse_free_unit_by_id_locked(pcs, n);
1057 case CUSE_IOCTL_ALLOC_MEMORY:
1061 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) {
1065 if (pai->page_count > CUSE_ALLOC_PAGES_MAX) {
1069 error = cuse_server_alloc_memory(pcs,
1070 &cuse_mem[pai->alloc_nr], pai->page_count);
1073 case CUSE_IOCTL_FREE_MEMORY:
1076 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) {
1080 /* we trust the character device driver in this case */
1083 if (cuse_mem[pai->alloc_nr].owner == pcs) {
1084 cuse_mem[pai->alloc_nr].is_allocated = 0;
1085 cuse_mem[pai->alloc_nr].owner = NULL;
1092 case CUSE_IOCTL_GET_SIG:
1095 pccmd = cuse_server_find_command(pcs, curthread);
1097 if (pccmd != NULL) {
1098 n = pccmd->got_signal;
1099 pccmd->got_signal = 0;
1109 case CUSE_IOCTL_SET_PFH:
1112 pccmd = cuse_server_find_command(pcs, curthread);
1114 if (pccmd != NULL) {
1115 pcc = pccmd->client;
1116 for (n = 0; n != CUSE_CMD_MAX; n++) {
1117 pcc->cmds[n].sub.per_file_handle = *(unsigned long *)data;
1125 case CUSE_IOCTL_CREATE_DEV:
1127 error = priv_check(curthread, PRIV_DRIVER);
1135 pcd->devname[sizeof(pcd->devname) - 1] = 0;
1137 if (pcd->devname[0] == 0) {
1141 cuse_str_filter(pcd->devname);
1143 pcd->permissions &= 0777;
1145 /* try to allocate a character device */
1147 pcsd = malloc(sizeof(*pcsd), M_CUSE, M_WAITOK | M_ZERO);
1155 pcsd->user_dev = pcd->dev;
1157 pcsd->kern_dev = make_dev_credf(MAKEDEV_CHECKNAME,
1158 &cuse_client_devsw, 0, NULL, pcd->user_id, pcd->group_id,
1159 pcd->permissions, "%s", pcd->devname);
1161 if (pcsd->kern_dev == NULL) {
1166 pcsd->kern_dev->si_drv1 = pcsd;
1169 TAILQ_INSERT_TAIL(&pcs->hdev, pcsd, entry);
1174 case CUSE_IOCTL_DESTROY_DEV:
1176 error = priv_check(curthread, PRIV_DRIVER);
1184 pcsd = TAILQ_FIRST(&pcs->hdev);
1185 while (pcsd != NULL) {
1186 if (pcsd->user_dev == *(struct cuse_dev **)data) {
1187 TAILQ_REMOVE(&pcs->hdev, pcsd, entry);
1189 cuse_server_free_dev(pcsd);
1192 pcsd = TAILQ_FIRST(&pcs->hdev);
1194 pcsd = TAILQ_NEXT(pcsd, entry);
1201 case CUSE_IOCTL_WRITE_DATA:
1202 case CUSE_IOCTL_READ_DATA:
1205 pchk = (struct cuse_data_chunk *)data;
1207 pccmd = cuse_server_find_command(pcs, curthread);
1209 if (pccmd == NULL) {
1210 error = ENXIO; /* invalid request */
1211 } else if (pchk->peer_ptr < CUSE_BUF_MIN_PTR) {
1212 error = EFAULT; /* NULL pointer */
1213 } else if (pchk->peer_ptr < CUSE_BUF_MAX_PTR) {
1214 error = cuse_server_ioctl_copy_locked(pccmd,
1215 pchk, cmd == CUSE_IOCTL_READ_DATA);
1217 error = cuse_server_data_copy_locked(pccmd,
1218 pchk, cmd == CUSE_IOCTL_READ_DATA);
1223 case CUSE_IOCTL_SELWAKEUP:
1226 * We don't know which direction caused the event.
1229 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
1230 pcc->cflags |= (CUSE_CLI_KNOTE_NEED_READ |
1231 CUSE_CLI_KNOTE_NEED_WRITE);
1233 cuse_server_wakeup_locked(pcs);
1245 cuse_server_poll(struct cdev *dev, int events, struct thread *td)
1247 return (events & (POLLHUP | POLLPRI | POLLIN |
1248 POLLRDNORM | POLLOUT | POLLWRNORM));
1252 cuse_server_mmap(struct cdev *dev, vm_ooffset_t offset, vm_paddr_t *paddr, int nprot, vm_memattr_t *memattr)
1254 uint32_t page_nr = offset / PAGE_SIZE;
1255 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX;
1256 struct cuse_memory *mem;
1257 struct cuse_server *pcs;
1261 if (alloc_nr >= CUSE_ALLOC_UNIT_MAX)
1264 error = cuse_server_get(&pcs);
1269 mem = &cuse_mem[alloc_nr];
1271 /* try to enforce slight ownership */
1272 if ((pcs != NULL) && (mem->owner != pcs)) {
1276 if (mem->virtaddr == NULL) {
1280 if (mem->virtaddr == NBUSY) {
1284 page_nr %= CUSE_ALLOC_PAGES_MAX;
1286 if (page_nr >= mem->page_count) {
1290 ptr = mem->virtaddr + (page_nr * PAGE_SIZE);
1293 *paddr = vtophys(ptr);
1298 /*------------------------------------------------------------------------*
1300 *------------------------------------------------------------------------*/
1302 cuse_client_free(void *arg)
1304 struct cuse_client *pcc = arg;
1305 struct cuse_client_command *pccmd;
1306 struct cuse_server *pcs;
1310 cuse_client_is_closing(pcc);
1311 TAILQ_REMOVE(&pcc->server->hcli, pcc, entry);
1314 for (n = 0; n != CUSE_CMD_MAX; n++) {
1316 pccmd = &pcc->cmds[n];
1318 sx_destroy(&pccmd->sx);
1319 cv_destroy(&pccmd->cv);
1326 /* drop reference on server */
1327 cuse_server_free(pcs);
1331 cuse_client_open(struct cdev *dev, int fflags, int devtype, struct thread *td)
1333 struct cuse_client_command *pccmd;
1334 struct cuse_server_dev *pcsd;
1335 struct cuse_client *pcc;
1336 struct cuse_server *pcs;
1337 struct cuse_dev *pcd;
1342 pcsd = dev->si_drv1;
1345 pcd = pcsd->user_dev;
1347 if (pcs->refs < 0) {
1361 pcc = malloc(sizeof(*pcc), M_CUSE, M_WAITOK | M_ZERO);
1363 /* drop reference on server */
1364 cuse_server_free(pcs);
1367 if (devfs_set_cdevpriv(pcc, &cuse_client_free)) {
1368 printf("Cuse: Cannot set cdevpriv.\n");
1369 /* drop reference on server */
1370 cuse_server_free(pcs);
1374 pcc->fflags = fflags;
1375 pcc->server_dev = pcsd;
1378 for (n = 0; n != CUSE_CMD_MAX; n++) {
1380 pccmd = &pcc->cmds[n];
1382 pccmd->sub.dev = pcd;
1383 pccmd->sub.command = n;
1384 pccmd->client = pcc;
1386 sx_init(&pccmd->sx, "cuse-client-sx");
1387 cv_init(&pccmd->cv, "cuse-client-cv");
1392 /* cuse_client_free() assumes that the client is listed somewhere! */
1393 /* always enqueue */
1395 TAILQ_INSERT_TAIL(&pcs->hcli, pcc, entry);
1397 /* check if server is closing */
1398 if ((pcs->is_closing != 0) || (dev->si_drv1 == NULL)) {
1406 devfs_clear_cdevpriv(); /* XXX bugfix */
1409 pccmd = &pcc->cmds[CUSE_CMD_OPEN];
1411 cuse_cmd_lock(pccmd);
1414 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0);
1416 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1420 error = cuse_convert_error(error);
1425 cuse_cmd_unlock(pccmd);
1428 devfs_clear_cdevpriv(); /* XXX bugfix */
1434 cuse_client_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
1436 struct cuse_client_command *pccmd;
1437 struct cuse_client *pcc;
1440 error = cuse_client_get(&pcc);
1444 pccmd = &pcc->cmds[CUSE_CMD_CLOSE];
1446 cuse_cmd_lock(pccmd);
1449 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0);
1451 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1454 cuse_cmd_unlock(pccmd);
1457 cuse_client_is_closing(pcc);
1464 cuse_client_kqfilter_poll(struct cdev *dev, struct cuse_client *pcc)
1469 temp = (pcc->cflags & (CUSE_CLI_KNOTE_HAS_READ |
1470 CUSE_CLI_KNOTE_HAS_WRITE));
1471 pcc->cflags &= ~(CUSE_CLI_KNOTE_NEED_READ |
1472 CUSE_CLI_KNOTE_NEED_WRITE);
1476 /* get the latest polling state from the server */
1477 temp = cuse_client_poll(dev, POLLIN | POLLOUT, NULL);
1480 if (temp & (POLLIN | POLLOUT)) {
1482 pcc->cflags |= CUSE_CLI_KNOTE_NEED_READ;
1484 pcc->cflags |= CUSE_CLI_KNOTE_NEED_WRITE;
1486 /* make sure the "knote" gets woken up */
1487 cuse_server_wakeup_locked(pcc->server);
1494 cuse_client_read(struct cdev *dev, struct uio *uio, int ioflag)
1496 struct cuse_client_command *pccmd;
1497 struct cuse_client *pcc;
1501 error = cuse_client_get(&pcc);
1505 pccmd = &pcc->cmds[CUSE_CMD_READ];
1507 if (uio->uio_segflg != UIO_USERSPACE) {
1510 uio->uio_segflg = UIO_NOCOPY;
1512 cuse_cmd_lock(pccmd);
1514 while (uio->uio_resid != 0) {
1516 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) {
1521 len = uio->uio_iov->iov_len;
1524 cuse_client_send_command_locked(pccmd,
1525 (unsigned long)uio->uio_iov->iov_base,
1526 (unsigned long)(unsigned int)len, pcc->fflags, ioflag);
1528 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1532 error = cuse_convert_error(error);
1534 } else if (error == len) {
1535 error = uiomove(NULL, error, uio);
1539 error = uiomove(NULL, error, uio);
1543 cuse_cmd_unlock(pccmd);
1545 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */
1547 if (error == EWOULDBLOCK)
1548 cuse_client_kqfilter_poll(dev, pcc);
1554 cuse_client_write(struct cdev *dev, struct uio *uio, int ioflag)
1556 struct cuse_client_command *pccmd;
1557 struct cuse_client *pcc;
1561 error = cuse_client_get(&pcc);
1565 pccmd = &pcc->cmds[CUSE_CMD_WRITE];
1567 if (uio->uio_segflg != UIO_USERSPACE) {
1570 uio->uio_segflg = UIO_NOCOPY;
1572 cuse_cmd_lock(pccmd);
1574 while (uio->uio_resid != 0) {
1576 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) {
1581 len = uio->uio_iov->iov_len;
1584 cuse_client_send_command_locked(pccmd,
1585 (unsigned long)uio->uio_iov->iov_base,
1586 (unsigned long)(unsigned int)len, pcc->fflags, ioflag);
1588 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1592 error = cuse_convert_error(error);
1594 } else if (error == len) {
1595 error = uiomove(NULL, error, uio);
1599 error = uiomove(NULL, error, uio);
1603 cuse_cmd_unlock(pccmd);
1605 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */
1607 if (error == EWOULDBLOCK)
1608 cuse_client_kqfilter_poll(dev, pcc);
1614 cuse_client_ioctl(struct cdev *dev, unsigned long cmd,
1615 caddr_t data, int fflag, struct thread *td)
1617 struct cuse_client_command *pccmd;
1618 struct cuse_client *pcc;
1622 error = cuse_client_get(&pcc);
1626 len = IOCPARM_LEN(cmd);
1627 if (len > CUSE_BUFFER_MAX)
1630 pccmd = &pcc->cmds[CUSE_CMD_IOCTL];
1632 cuse_cmd_lock(pccmd);
1635 memcpy(pcc->ioctl_buffer, data, len);
1638 * When the ioctl-length is zero drivers can pass information
1639 * through the data pointer of the ioctl. Make sure this information
1640 * is forwarded to the driver.
1644 cuse_client_send_command_locked(pccmd,
1645 (len == 0) ? *(long *)data : CUSE_BUF_MIN_PTR,
1646 (unsigned long)cmd, pcc->fflags,
1647 (fflag & O_NONBLOCK) ? IO_NDELAY : 0);
1649 error = cuse_client_receive_command_locked(pccmd, data, len);
1653 error = cuse_convert_error(error);
1659 memcpy(data, pcc->ioctl_buffer, len);
1661 cuse_cmd_unlock(pccmd);
1663 if (error == EWOULDBLOCK)
1664 cuse_client_kqfilter_poll(dev, pcc);
1670 cuse_client_poll(struct cdev *dev, int events, struct thread *td)
1672 struct cuse_client_command *pccmd;
1673 struct cuse_client *pcc;
1678 error = cuse_client_get(&pcc);
1684 if (events & (POLLPRI | POLLIN | POLLRDNORM))
1685 temp |= CUSE_POLL_READ;
1687 if (events & (POLLOUT | POLLWRNORM))
1688 temp |= CUSE_POLL_WRITE;
1690 if (events & POLLHUP)
1691 temp |= CUSE_POLL_ERROR;
1693 pccmd = &pcc->cmds[CUSE_CMD_POLL];
1695 cuse_cmd_lock(pccmd);
1697 /* Need to selrecord() first to not loose any events. */
1698 if (temp != 0 && td != NULL)
1699 selrecord(td, &pcc->server->selinfo);
1702 cuse_client_send_command_locked(pccmd,
1703 0, temp, pcc->fflags, IO_NDELAY);
1705 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1712 if (error & CUSE_POLL_READ)
1713 revents |= (events & (POLLPRI | POLLIN | POLLRDNORM));
1714 if (error & CUSE_POLL_WRITE)
1715 revents |= (events & (POLLOUT | POLLWRNORM));
1716 if (error & CUSE_POLL_ERROR)
1717 revents |= (events & POLLHUP);
1720 cuse_cmd_unlock(pccmd);
1726 cuse_client_mmap(struct cdev *dev, vm_ooffset_t offset, vm_paddr_t *paddr, int nprot, vm_memattr_t *memattr)
1728 uint32_t page_nr = offset / PAGE_SIZE;
1729 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX;
1730 struct cuse_memory *mem;
1731 struct cuse_server *pcs;
1732 struct cuse_client *pcc;
1736 if (alloc_nr >= CUSE_ALLOC_UNIT_MAX)
1739 error = cuse_client_get(&pcc);
1746 mem = &cuse_mem[alloc_nr];
1748 /* try to enforce slight ownership */
1749 if ((pcs != NULL) && (mem->owner != pcs)) {
1753 if (mem->virtaddr == NULL) {
1757 if (mem->virtaddr == NBUSY) {
1761 page_nr %= CUSE_ALLOC_PAGES_MAX;
1763 if (page_nr >= mem->page_count) {
1767 ptr = mem->virtaddr + (page_nr * PAGE_SIZE);
1770 *paddr = vtophys(ptr);
1776 cuse_client_kqfilter_read_detach(struct knote *kn)
1778 struct cuse_client *pcc;
1782 knlist_remove(&pcc->server->selinfo.si_note, kn, 1);
1787 cuse_client_kqfilter_write_detach(struct knote *kn)
1789 struct cuse_client *pcc;
1793 knlist_remove(&pcc->server->selinfo.si_note, kn, 1);
1798 cuse_client_kqfilter_read_event(struct knote *kn, long hint)
1800 struct cuse_client *pcc;
1802 mtx_assert(&cuse_mtx, MA_OWNED);
1805 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_READ) ? 1 : 0);
1809 cuse_client_kqfilter_write_event(struct knote *kn, long hint)
1811 struct cuse_client *pcc;
1813 mtx_assert(&cuse_mtx, MA_OWNED);
1816 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_WRITE) ? 1 : 0);
1820 cuse_client_kqfilter(struct cdev *dev, struct knote *kn)
1822 struct cuse_client *pcc;
1823 struct cuse_server *pcs;
1826 error = cuse_client_get(&pcc);
1832 switch (kn->kn_filter) {
1834 pcc->cflags |= CUSE_CLI_KNOTE_HAS_READ;
1836 kn->kn_fop = &cuse_client_kqfilter_read_ops;
1837 knlist_add(&pcs->selinfo.si_note, kn, 1);
1840 pcc->cflags |= CUSE_CLI_KNOTE_HAS_WRITE;
1842 kn->kn_fop = &cuse_client_kqfilter_write_ops;
1843 knlist_add(&pcs->selinfo.si_note, kn, 1);
1852 cuse_client_kqfilter_poll(dev, pcc);
projects / FreeBSD / FreeBSD.git / blob