3 * Copyright (c) 2010-2013 Hans Petter Selasky. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include "opt_compat.h"
29 #include <sys/stdint.h>
30 #include <sys/stddef.h>
31 #include <sys/param.h>
32 #include <sys/types.h>
33 #include <sys/systm.h>
35 #include <sys/kernel.h>
37 #include <sys/linker_set.h>
38 #include <sys/module.h>
40 #include <sys/mutex.h>
41 #include <sys/condvar.h>
42 #include <sys/sysctl.h>
43 #include <sys/unistd.h>
44 #include <sys/malloc.h>
49 #include <sys/queue.h>
50 #include <sys/fcntl.h>
52 #include <sys/vnode.h>
53 #include <sys/selinfo.h>
54 #include <sys/ptrace.h>
56 #include <machine/bus.h>
61 #include <fs/cuse/cuse_defs.h>
62 #include <fs/cuse/cuse_ioctl.h>
64 MODULE_VERSION(cuse, 1);
66 #define NBUSY ((uint8_t *)1)
69 FEATURE(cuse, "Userspace character devices");
76 struct cuse_client_command {
77 TAILQ_ENTRY(cuse_client_command) entry;
78 struct cuse_command sub;
81 struct thread *entered;
82 struct cuse_client *client;
83 struct proc *proc_curr;
91 struct cuse_server *owner;
94 uint32_t is_allocated;
97 struct cuse_server_dev {
98 TAILQ_ENTRY(cuse_server_dev) entry;
99 struct cuse_server *server;
100 struct cdev *kern_dev;
101 struct cuse_dev *user_dev;
105 TAILQ_ENTRY(cuse_server) entry;
106 TAILQ_HEAD(, cuse_client_command) head;
107 TAILQ_HEAD(, cuse_server_dev) hdev;
108 TAILQ_HEAD(, cuse_client) hcli;
110 struct selinfo selinfo;
117 TAILQ_ENTRY(cuse_client) entry;
118 TAILQ_ENTRY(cuse_client) entry_ref;
119 struct cuse_client_command cmds[CUSE_CMD_MAX];
120 struct cuse_server *server;
121 struct cuse_server_dev *server_dev;
123 uint8_t ioctl_buffer[CUSE_BUFFER_MAX] __aligned(4);
125 int fflags; /* file flags */
126 int cflags; /* client flags */
127 #define CUSE_CLI_IS_CLOSING 0x01
128 #define CUSE_CLI_KNOTE_NEED_READ 0x02
129 #define CUSE_CLI_KNOTE_NEED_WRITE 0x04
130 #define CUSE_CLI_KNOTE_HAS_READ 0x08
131 #define CUSE_CLI_KNOTE_HAS_WRITE 0x10
134 #define CUSE_CLIENT_CLOSING(pcc) \
135 ((pcc)->cflags & CUSE_CLI_IS_CLOSING)
137 static MALLOC_DEFINE(M_CUSE, "cuse", "CUSE memory");
139 static TAILQ_HEAD(, cuse_server) cuse_server_head;
140 static struct mtx cuse_mtx;
141 static struct cdev *cuse_dev;
142 static struct cuse_server *cuse_alloc_unit[CUSE_DEVICES_MAX];
143 static int cuse_alloc_unit_id[CUSE_DEVICES_MAX];
144 static struct cuse_memory cuse_mem[CUSE_ALLOC_UNIT_MAX];
146 static void cuse_server_wakeup_all_client_locked(struct cuse_server *pcs);
147 static void cuse_client_kqfilter_read_detach(struct knote *kn);
148 static void cuse_client_kqfilter_write_detach(struct knote *kn);
149 static int cuse_client_kqfilter_read_event(struct knote *kn, long hint);
150 static int cuse_client_kqfilter_write_event(struct knote *kn, long hint);
152 static struct filterops cuse_client_kqfilter_read_ops = {
154 .f_detach = cuse_client_kqfilter_read_detach,
155 .f_event = cuse_client_kqfilter_read_event,
158 static struct filterops cuse_client_kqfilter_write_ops = {
160 .f_detach = cuse_client_kqfilter_write_detach,
161 .f_event = cuse_client_kqfilter_write_event,
164 static d_open_t cuse_client_open;
165 static d_close_t cuse_client_close;
166 static d_ioctl_t cuse_client_ioctl;
167 static d_read_t cuse_client_read;
168 static d_write_t cuse_client_write;
169 static d_poll_t cuse_client_poll;
170 static d_mmap_t cuse_client_mmap;
171 static d_kqfilter_t cuse_client_kqfilter;
173 static struct cdevsw cuse_client_devsw = {
174 .d_version = D_VERSION,
175 .d_open = cuse_client_open,
176 .d_close = cuse_client_close,
177 .d_ioctl = cuse_client_ioctl,
178 .d_name = "cuse_client",
179 .d_flags = D_TRACKCLOSE,
180 .d_read = cuse_client_read,
181 .d_write = cuse_client_write,
182 .d_poll = cuse_client_poll,
183 .d_mmap = cuse_client_mmap,
184 .d_kqfilter = cuse_client_kqfilter,
187 static d_open_t cuse_server_open;
188 static d_close_t cuse_server_close;
189 static d_ioctl_t cuse_server_ioctl;
190 static d_read_t cuse_server_read;
191 static d_write_t cuse_server_write;
192 static d_poll_t cuse_server_poll;
193 static d_mmap_t cuse_server_mmap;
195 static struct cdevsw cuse_server_devsw = {
196 .d_version = D_VERSION,
197 .d_open = cuse_server_open,
198 .d_close = cuse_server_close,
199 .d_ioctl = cuse_server_ioctl,
200 .d_name = "cuse_server",
201 .d_flags = D_TRACKCLOSE,
202 .d_read = cuse_server_read,
203 .d_write = cuse_server_write,
204 .d_poll = cuse_server_poll,
205 .d_mmap = cuse_server_mmap,
208 static void cuse_client_is_closing(struct cuse_client *);
209 static int cuse_free_unit_by_id_locked(struct cuse_server *, int);
220 mtx_unlock(&cuse_mtx);
224 cuse_cmd_lock(struct cuse_client_command *pccmd)
226 sx_xlock(&pccmd->sx);
230 cuse_cmd_unlock(struct cuse_client_command *pccmd)
232 sx_xunlock(&pccmd->sx);
236 cuse_kern_init(void *arg)
238 TAILQ_INIT(&cuse_server_head);
240 mtx_init(&cuse_mtx, "cuse-mtx", NULL, MTX_DEF);
242 cuse_dev = make_dev(&cuse_server_devsw, 0,
243 UID_ROOT, GID_OPERATOR, 0600, "cuse");
245 printf("Cuse v%d.%d.%d @ /dev/cuse\n",
246 (CUSE_VERSION >> 16) & 0xFF, (CUSE_VERSION >> 8) & 0xFF,
247 (CUSE_VERSION >> 0) & 0xFF);
250 SYSINIT(cuse_kern_init, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_init, 0);
253 cuse_kern_uninit(void *arg)
259 printf("Cuse: Please exit all /dev/cuse instances "
260 "and processes which have used this device.\n");
262 pause("DRAIN", 2 * hz);
265 ptr = TAILQ_FIRST(&cuse_server_head);
272 if (cuse_dev != NULL)
273 destroy_dev(cuse_dev);
275 mtx_destroy(&cuse_mtx);
278 SYSUNINIT(cuse_kern_uninit, SI_SUB_DEVFS, SI_ORDER_ANY, cuse_kern_uninit, 0);
281 cuse_server_get(struct cuse_server **ppcs)
283 struct cuse_server *pcs;
286 error = devfs_get_cdevpriv((void **)&pcs);
291 /* check if closing */
293 if (pcs->is_closing) {
304 cuse_server_is_closing(struct cuse_server *pcs)
306 struct cuse_client *pcc;
313 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
314 cuse_client_is_closing(pcc);
318 static struct cuse_client_command *
319 cuse_server_find_command(struct cuse_server *pcs, struct thread *td)
321 struct cuse_client *pcc;
327 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
328 if (CUSE_CLIENT_CLOSING(pcc))
330 for (n = 0; n != CUSE_CMD_MAX; n++) {
331 if (pcc->cmds[n].entered == td)
332 return (&pcc->cmds[n]);
340 cuse_str_filter(char *ptr)
344 while (((c = *ptr) != 0)) {
346 if ((c >= 'a') && (c <= 'z')) {
350 if ((c >= 'A') && (c <= 'Z')) {
354 if ((c >= '0') && (c <= '9')) {
358 if ((c == '.') || (c == '_') || (c == '/')) {
369 cuse_convert_error(int error)
377 case CUSE_ERR_WOULDBLOCK:
378 return (EWOULDBLOCK);
379 case CUSE_ERR_INVALID:
381 case CUSE_ERR_NO_MEMORY:
385 case CUSE_ERR_SIGNAL:
393 cuse_server_free_memory(struct cuse_server *pcs)
395 struct cuse_memory *mem;
398 for (n = 0; n != CUSE_ALLOC_UNIT_MAX; n++) {
401 /* this memory is never freed */
402 if (mem->owner == pcs) {
404 mem->is_allocated = 0;
410 cuse_server_alloc_memory(struct cuse_server *pcs,
411 struct cuse_memory *mem, uint32_t page_count)
418 if (mem->virtaddr == NBUSY) {
422 if (mem->virtaddr != NULL) {
423 if (mem->is_allocated != 0) {
427 if (mem->page_count == page_count) {
428 mem->is_allocated = 1;
436 memset(mem, 0, sizeof(*mem));
438 mem->virtaddr = NBUSY;
442 ptr = malloc(page_count * PAGE_SIZE, M_CUSE, M_WAITOK | M_ZERO);
451 mem->virtaddr = NULL;
456 mem->page_count = page_count;
457 mem->is_allocated = 1;
465 cuse_client_get(struct cuse_client **ppcc)
467 struct cuse_client *pcc;
470 /* try to get private data */
471 error = devfs_get_cdevpriv((void **)&pcc);
476 /* check if closing */
478 if (CUSE_CLIENT_CLOSING(pcc) || pcc->server->is_closing) {
489 cuse_client_is_closing(struct cuse_client *pcc)
491 struct cuse_client_command *pccmd;
494 if (CUSE_CLIENT_CLOSING(pcc))
497 pcc->cflags |= CUSE_CLI_IS_CLOSING;
498 pcc->server_dev = NULL;
500 for (n = 0; n != CUSE_CMD_MAX; n++) {
502 pccmd = &pcc->cmds[n];
504 if (pccmd->entry.tqe_prev != NULL) {
505 TAILQ_REMOVE(&pcc->server->head, pccmd, entry);
506 pccmd->entry.tqe_prev = NULL;
508 cv_broadcast(&pccmd->cv);
513 cuse_client_send_command_locked(struct cuse_client_command *pccmd,
514 uintptr_t data_ptr, unsigned long arg, int fflags, int ioflag)
516 unsigned long cuse_fflags = 0;
517 struct cuse_server *pcs;
520 cuse_fflags |= CUSE_FFLAG_READ;
523 cuse_fflags |= CUSE_FFLAG_WRITE;
525 if (ioflag & IO_NDELAY)
526 cuse_fflags |= CUSE_FFLAG_NONBLOCK;
528 pccmd->sub.fflags = cuse_fflags;
529 pccmd->sub.data_pointer = data_ptr;
530 pccmd->sub.argument = arg;
532 pcs = pccmd->client->server;
534 if ((pccmd->entry.tqe_prev == NULL) &&
535 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) &&
536 (pcs->is_closing == 0)) {
537 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry);
543 cuse_client_got_signal(struct cuse_client_command *pccmd)
545 struct cuse_server *pcs;
547 pccmd->got_signal = 1;
549 pccmd = &pccmd->client->cmds[CUSE_CMD_SIGNAL];
551 pcs = pccmd->client->server;
553 if ((pccmd->entry.tqe_prev == NULL) &&
554 (CUSE_CLIENT_CLOSING(pccmd->client) == 0) &&
555 (pcs->is_closing == 0)) {
556 TAILQ_INSERT_TAIL(&pcs->head, pccmd, entry);
562 cuse_client_receive_command_locked(struct cuse_client_command *pccmd,
563 uint8_t *arg_ptr, uint32_t arg_len)
569 pccmd->proc_curr = curthread->td_proc;
571 if (CUSE_CLIENT_CLOSING(pccmd->client) ||
572 pccmd->client->server->is_closing) {
573 error = CUSE_ERR_OTHER;
576 while (pccmd->command == CUSE_CMD_NONE) {
578 cv_wait(&pccmd->cv, &cuse_mtx);
580 error = cv_wait_sig(&pccmd->cv, &cuse_mtx);
583 cuse_client_got_signal(pccmd);
585 if (CUSE_CLIENT_CLOSING(pccmd->client) ||
586 pccmd->client->server->is_closing) {
587 error = CUSE_ERR_OTHER;
592 error = pccmd->error;
593 pccmd->command = CUSE_CMD_NONE;
594 cv_signal(&pccmd->cv);
598 /* wait until all process references are gone */
600 pccmd->proc_curr = NULL;
602 while (pccmd->proc_refs != 0)
603 cv_wait(&pccmd->cv, &cuse_mtx);
608 /*------------------------------------------------------------------------*
610 *------------------------------------------------------------------------*/
613 cuse_server_free_dev(struct cuse_server_dev *pcsd)
615 struct cuse_server *pcs;
616 struct cuse_client *pcc;
618 /* get server pointer */
621 /* prevent creation of more devices */
623 if (pcsd->kern_dev != NULL)
624 pcsd->kern_dev->si_drv1 = NULL;
626 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
627 if (pcc->server_dev == pcsd)
628 cuse_client_is_closing(pcc);
632 /* destroy device, if any */
633 if (pcsd->kern_dev != NULL) {
634 /* destroy device synchronously */
635 destroy_dev(pcsd->kern_dev);
641 cuse_server_free(void *arg)
643 struct cuse_server *pcs = arg;
644 struct cuse_server_dev *pcsd;
648 if (pcs->refs != 0) {
652 cuse_server_is_closing(pcs);
653 /* final client wakeup, if any */
654 cuse_server_wakeup_all_client_locked(pcs);
656 TAILQ_REMOVE(&cuse_server_head, pcs, entry);
658 cuse_free_unit_by_id_locked(pcs, -1);
660 while ((pcsd = TAILQ_FIRST(&pcs->hdev)) != NULL) {
661 TAILQ_REMOVE(&pcs->hdev, pcsd, entry);
663 cuse_server_free_dev(pcsd);
667 cuse_server_free_memory(pcs);
669 knlist_clear(&pcs->selinfo.si_note, 1);
670 knlist_destroy(&pcs->selinfo.si_note);
674 seldrain(&pcs->selinfo);
676 cv_destroy(&pcs->cv);
682 cuse_server_open(struct cdev *dev, int fflags, int devtype, struct thread *td)
684 struct cuse_server *pcs;
686 pcs = malloc(sizeof(*pcs), M_CUSE, M_WAITOK | M_ZERO);
690 if (devfs_set_cdevpriv(pcs, &cuse_server_free)) {
691 printf("Cuse: Cannot set cdevpriv.\n");
696 /* store current process ID */
697 pcs->pid = curproc->p_pid;
699 TAILQ_INIT(&pcs->head);
700 TAILQ_INIT(&pcs->hdev);
701 TAILQ_INIT(&pcs->hcli);
703 cv_init(&pcs->cv, "cuse-server-cv");
705 knlist_init_mtx(&pcs->selinfo.si_note, &cuse_mtx);
709 TAILQ_INSERT_TAIL(&cuse_server_head, pcs, entry);
716 cuse_server_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
718 struct cuse_server *pcs;
721 error = cuse_server_get(&pcs);
726 cuse_server_is_closing(pcs);
727 /* final client wakeup, if any */
728 cuse_server_wakeup_all_client_locked(pcs);
730 knlist_clear(&pcs->selinfo.si_note, 1);
738 cuse_server_read(struct cdev *dev, struct uio *uio, int ioflag)
744 cuse_server_write(struct cdev *dev, struct uio *uio, int ioflag)
750 cuse_server_ioctl_copy_locked(struct cuse_client_command *pccmd,
751 struct cuse_data_chunk *pchk, int isread)
757 offset = pchk->peer_ptr - CUSE_BUF_MIN_PTR;
759 if (pchk->length > CUSE_BUFFER_MAX)
762 if (offset >= CUSE_BUFFER_MAX)
765 if ((offset + pchk->length) > CUSE_BUFFER_MAX)
768 p_proc = pccmd->proc_curr;
772 if (pccmd->proc_refs < 0)
781 (void *)pchk->local_ptr,
782 pccmd->client->ioctl_buffer + offset,
786 pccmd->client->ioctl_buffer + offset,
787 (void *)pchk->local_ptr,
795 if (pccmd->proc_curr == NULL)
796 cv_signal(&pccmd->cv);
802 cuse_proc2proc_copy(struct proc *proc_s, vm_offset_t data_s,
803 struct proc *proc_d, vm_offset_t data_d, size_t len)
806 struct proc *proc_cur;
810 proc_cur = td->td_proc;
812 if (proc_cur == proc_d) {
814 .iov_base = (caddr_t)data_d,
820 .uio_offset = (off_t)data_s,
822 .uio_segflg = UIO_USERSPACE,
828 error = proc_rwmem(proc_s, &uio);
831 } else if (proc_cur == proc_s) {
833 .iov_base = (caddr_t)data_s,
839 .uio_offset = (off_t)data_d,
841 .uio_segflg = UIO_USERSPACE,
847 error = proc_rwmem(proc_d, &uio);
856 cuse_server_data_copy_locked(struct cuse_client_command *pccmd,
857 struct cuse_data_chunk *pchk, int isread)
862 p_proc = pccmd->proc_curr;
866 if (pccmd->proc_refs < 0)
874 error = cuse_proc2proc_copy(
875 curthread->td_proc, pchk->local_ptr,
876 p_proc, pchk->peer_ptr,
879 error = cuse_proc2proc_copy(
880 p_proc, pchk->peer_ptr,
881 curthread->td_proc, pchk->local_ptr,
889 if (pccmd->proc_curr == NULL)
890 cv_signal(&pccmd->cv);
896 cuse_alloc_unit_by_id_locked(struct cuse_server *pcs, int id)
903 for (match = n = 0; n != CUSE_DEVICES_MAX; n++) {
904 if (cuse_alloc_unit[n] != NULL) {
905 if ((cuse_alloc_unit_id[n] ^ id) & CUSE_ID_MASK)
907 if ((cuse_alloc_unit_id[n] & ~CUSE_ID_MASK) == x) {
916 for (n = 0; n != CUSE_DEVICES_MAX; n++) {
917 if (cuse_alloc_unit[n] == NULL) {
918 cuse_alloc_unit[n] = pcs;
919 cuse_alloc_unit_id[n] = id | x;
928 cuse_server_wakeup_locked(struct cuse_server *pcs)
930 selwakeup(&pcs->selinfo);
931 KNOTE_LOCKED(&pcs->selinfo.si_note, 0);
935 cuse_server_wakeup_all_client_locked(struct cuse_server *pcs)
937 struct cuse_client *pcc;
939 TAILQ_FOREACH(pcc, &pcs->hcli, entry) {
940 pcc->cflags |= (CUSE_CLI_KNOTE_NEED_READ |
941 CUSE_CLI_KNOTE_NEED_WRITE);
943 cuse_server_wakeup_locked(pcs);
947 cuse_free_unit_by_id_locked(struct cuse_server *pcs, int id)
952 for (n = 0; n != CUSE_DEVICES_MAX; n++) {
953 if (cuse_alloc_unit[n] == pcs) {
954 if (cuse_alloc_unit_id[n] == id || id == -1) {
955 cuse_alloc_unit[n] = NULL;
956 cuse_alloc_unit_id[n] = 0;
962 return (found ? 0 : EINVAL);
966 cuse_server_ioctl(struct cdev *dev, unsigned long cmd,
967 caddr_t data, int fflag, struct thread *td)
969 struct cuse_server *pcs;
972 error = cuse_server_get(&pcs);
977 struct cuse_client_command *pccmd;
978 struct cuse_client *pcc;
979 struct cuse_command *pcmd;
980 struct cuse_alloc_info *pai;
981 struct cuse_create_dev *pcd;
982 struct cuse_server_dev *pcsd;
983 struct cuse_data_chunk *pchk;
986 case CUSE_IOCTL_GET_COMMAND:
991 while ((pccmd = TAILQ_FIRST(&pcs->head)) == NULL) {
992 error = cv_wait_sig(&pcs->cv, &cuse_mtx);
1003 TAILQ_REMOVE(&pcs->head, pccmd, entry);
1004 pccmd->entry.tqe_prev = NULL;
1006 pccmd->entered = curthread;
1014 case CUSE_IOCTL_SYNC_COMMAND:
1017 while ((pccmd = cuse_server_find_command(pcs, curthread)) != NULL) {
1019 /* send sync command */
1020 pccmd->entered = NULL;
1021 pccmd->error = *(int *)data;
1022 pccmd->command = CUSE_CMD_SYNC;
1024 /* signal peer, if any */
1025 cv_signal(&pccmd->cv);
1031 case CUSE_IOCTL_ALLOC_UNIT:
1034 n = cuse_alloc_unit_by_id_locked(pcs,
1035 CUSE_ID_DEFAULT(0));
1044 case CUSE_IOCTL_ALLOC_UNIT_BY_ID:
1048 n = (n & CUSE_ID_MASK);
1051 n = cuse_alloc_unit_by_id_locked(pcs, n);
1060 case CUSE_IOCTL_FREE_UNIT:
1064 n = CUSE_ID_DEFAULT(n);
1067 error = cuse_free_unit_by_id_locked(pcs, n);
1071 case CUSE_IOCTL_FREE_UNIT_BY_ID:
1076 error = cuse_free_unit_by_id_locked(pcs, n);
1080 case CUSE_IOCTL_ALLOC_MEMORY:
1084 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) {
1088 if (pai->page_count > CUSE_ALLOC_PAGES_MAX) {
1092 error = cuse_server_alloc_memory(pcs,
1093 &cuse_mem[pai->alloc_nr], pai->page_count);
1096 case CUSE_IOCTL_FREE_MEMORY:
1099 if (pai->alloc_nr >= CUSE_ALLOC_UNIT_MAX) {
1103 /* we trust the character device driver in this case */
1106 if (cuse_mem[pai->alloc_nr].owner == pcs) {
1107 cuse_mem[pai->alloc_nr].is_allocated = 0;
1108 cuse_mem[pai->alloc_nr].owner = NULL;
1115 case CUSE_IOCTL_GET_SIG:
1118 pccmd = cuse_server_find_command(pcs, curthread);
1120 if (pccmd != NULL) {
1121 n = pccmd->got_signal;
1122 pccmd->got_signal = 0;
1132 case CUSE_IOCTL_SET_PFH:
1135 pccmd = cuse_server_find_command(pcs, curthread);
1137 if (pccmd != NULL) {
1138 pcc = pccmd->client;
1139 for (n = 0; n != CUSE_CMD_MAX; n++) {
1140 pcc->cmds[n].sub.per_file_handle = *(uintptr_t *)data;
1148 case CUSE_IOCTL_CREATE_DEV:
1150 error = priv_check(curthread, PRIV_DRIVER);
1158 pcd->devname[sizeof(pcd->devname) - 1] = 0;
1160 if (pcd->devname[0] == 0) {
1164 cuse_str_filter(pcd->devname);
1166 pcd->permissions &= 0777;
1168 /* try to allocate a character device */
1170 pcsd = malloc(sizeof(*pcsd), M_CUSE, M_WAITOK | M_ZERO);
1178 pcsd->user_dev = pcd->dev;
1180 pcsd->kern_dev = make_dev_credf(MAKEDEV_CHECKNAME,
1181 &cuse_client_devsw, 0, NULL, pcd->user_id, pcd->group_id,
1182 pcd->permissions, "%s", pcd->devname);
1184 if (pcsd->kern_dev == NULL) {
1189 pcsd->kern_dev->si_drv1 = pcsd;
1192 TAILQ_INSERT_TAIL(&pcs->hdev, pcsd, entry);
1197 case CUSE_IOCTL_DESTROY_DEV:
1199 error = priv_check(curthread, PRIV_DRIVER);
1207 pcsd = TAILQ_FIRST(&pcs->hdev);
1208 while (pcsd != NULL) {
1209 if (pcsd->user_dev == *(struct cuse_dev **)data) {
1210 TAILQ_REMOVE(&pcs->hdev, pcsd, entry);
1212 cuse_server_free_dev(pcsd);
1215 pcsd = TAILQ_FIRST(&pcs->hdev);
1217 pcsd = TAILQ_NEXT(pcsd, entry);
1224 case CUSE_IOCTL_WRITE_DATA:
1225 case CUSE_IOCTL_READ_DATA:
1228 pchk = (struct cuse_data_chunk *)data;
1230 pccmd = cuse_server_find_command(pcs, curthread);
1232 if (pccmd == NULL) {
1233 error = ENXIO; /* invalid request */
1234 } else if (pchk->peer_ptr < CUSE_BUF_MIN_PTR) {
1235 error = EFAULT; /* NULL pointer */
1236 } else if (pchk->peer_ptr < CUSE_BUF_MAX_PTR) {
1237 error = cuse_server_ioctl_copy_locked(pccmd,
1238 pchk, cmd == CUSE_IOCTL_READ_DATA);
1240 error = cuse_server_data_copy_locked(pccmd,
1241 pchk, cmd == CUSE_IOCTL_READ_DATA);
1246 case CUSE_IOCTL_SELWAKEUP:
1249 * We don't know which direction caused the event.
1252 cuse_server_wakeup_all_client_locked(pcs);
1264 cuse_server_poll(struct cdev *dev, int events, struct thread *td)
1266 return (events & (POLLHUP | POLLPRI | POLLIN |
1267 POLLRDNORM | POLLOUT | POLLWRNORM));
1271 cuse_server_mmap(struct cdev *dev, vm_ooffset_t offset, vm_paddr_t *paddr, int nprot, vm_memattr_t *memattr)
1273 uint32_t page_nr = offset / PAGE_SIZE;
1274 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX;
1275 struct cuse_memory *mem;
1276 struct cuse_server *pcs;
1280 if (alloc_nr >= CUSE_ALLOC_UNIT_MAX)
1283 error = cuse_server_get(&pcs);
1288 mem = &cuse_mem[alloc_nr];
1290 /* try to enforce slight ownership */
1291 if ((pcs != NULL) && (mem->owner != pcs)) {
1295 if (mem->virtaddr == NULL) {
1299 if (mem->virtaddr == NBUSY) {
1303 page_nr %= CUSE_ALLOC_PAGES_MAX;
1305 if (page_nr >= mem->page_count) {
1309 ptr = mem->virtaddr + (page_nr * PAGE_SIZE);
1312 *paddr = vtophys(ptr);
1317 /*------------------------------------------------------------------------*
1319 *------------------------------------------------------------------------*/
1321 cuse_client_free(void *arg)
1323 struct cuse_client *pcc = arg;
1324 struct cuse_client_command *pccmd;
1325 struct cuse_server *pcs;
1329 cuse_client_is_closing(pcc);
1330 TAILQ_REMOVE(&pcc->server->hcli, pcc, entry);
1333 for (n = 0; n != CUSE_CMD_MAX; n++) {
1335 pccmd = &pcc->cmds[n];
1337 sx_destroy(&pccmd->sx);
1338 cv_destroy(&pccmd->cv);
1345 /* drop reference on server */
1346 cuse_server_free(pcs);
1350 cuse_client_open(struct cdev *dev, int fflags, int devtype, struct thread *td)
1352 struct cuse_client_command *pccmd;
1353 struct cuse_server_dev *pcsd;
1354 struct cuse_client *pcc;
1355 struct cuse_server *pcs;
1356 struct cuse_dev *pcd;
1361 pcsd = dev->si_drv1;
1364 pcd = pcsd->user_dev;
1366 * Check that the refcount didn't wrap and that the
1367 * same process is not both client and server. This
1368 * can easily lead to deadlocks when destroying the
1369 * CUSE character device nodes:
1372 if (pcs->refs < 0 || pcs->pid == curproc->p_pid) {
1373 /* overflow or wrong PID */
1386 pcc = malloc(sizeof(*pcc), M_CUSE, M_WAITOK | M_ZERO);
1388 /* drop reference on server */
1389 cuse_server_free(pcs);
1392 if (devfs_set_cdevpriv(pcc, &cuse_client_free)) {
1393 printf("Cuse: Cannot set cdevpriv.\n");
1394 /* drop reference on server */
1395 cuse_server_free(pcs);
1399 pcc->fflags = fflags;
1400 pcc->server_dev = pcsd;
1403 for (n = 0; n != CUSE_CMD_MAX; n++) {
1405 pccmd = &pcc->cmds[n];
1407 pccmd->sub.dev = pcd;
1408 pccmd->sub.command = n;
1409 pccmd->client = pcc;
1411 sx_init(&pccmd->sx, "cuse-client-sx");
1412 cv_init(&pccmd->cv, "cuse-client-cv");
1417 /* cuse_client_free() assumes that the client is listed somewhere! */
1418 /* always enqueue */
1420 TAILQ_INSERT_TAIL(&pcs->hcli, pcc, entry);
1422 /* check if server is closing */
1423 if ((pcs->is_closing != 0) || (dev->si_drv1 == NULL)) {
1431 devfs_clear_cdevpriv(); /* XXX bugfix */
1434 pccmd = &pcc->cmds[CUSE_CMD_OPEN];
1436 cuse_cmd_lock(pccmd);
1439 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0);
1441 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1445 error = cuse_convert_error(error);
1450 cuse_cmd_unlock(pccmd);
1453 devfs_clear_cdevpriv(); /* XXX bugfix */
1459 cuse_client_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
1461 struct cuse_client_command *pccmd;
1462 struct cuse_client *pcc;
1465 error = cuse_client_get(&pcc);
1469 pccmd = &pcc->cmds[CUSE_CMD_CLOSE];
1471 cuse_cmd_lock(pccmd);
1474 cuse_client_send_command_locked(pccmd, 0, 0, pcc->fflags, 0);
1476 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1479 cuse_cmd_unlock(pccmd);
1482 cuse_client_is_closing(pcc);
1489 cuse_client_kqfilter_poll(struct cdev *dev, struct cuse_client *pcc)
1494 temp = (pcc->cflags & (CUSE_CLI_KNOTE_HAS_READ |
1495 CUSE_CLI_KNOTE_HAS_WRITE));
1496 pcc->cflags &= ~(CUSE_CLI_KNOTE_NEED_READ |
1497 CUSE_CLI_KNOTE_NEED_WRITE);
1501 /* get the latest polling state from the server */
1502 temp = cuse_client_poll(dev, POLLIN | POLLOUT, NULL);
1505 if (temp & (POLLIN | POLLOUT)) {
1507 pcc->cflags |= CUSE_CLI_KNOTE_NEED_READ;
1509 pcc->cflags |= CUSE_CLI_KNOTE_NEED_WRITE;
1511 /* make sure the "knote" gets woken up */
1512 cuse_server_wakeup_locked(pcc->server);
1519 cuse_client_read(struct cdev *dev, struct uio *uio, int ioflag)
1521 struct cuse_client_command *pccmd;
1522 struct cuse_client *pcc;
1526 error = cuse_client_get(&pcc);
1530 pccmd = &pcc->cmds[CUSE_CMD_READ];
1532 if (uio->uio_segflg != UIO_USERSPACE) {
1535 uio->uio_segflg = UIO_NOCOPY;
1537 cuse_cmd_lock(pccmd);
1539 while (uio->uio_resid != 0) {
1541 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) {
1546 len = uio->uio_iov->iov_len;
1549 cuse_client_send_command_locked(pccmd,
1550 (uintptr_t)uio->uio_iov->iov_base,
1551 (unsigned long)(unsigned int)len, pcc->fflags, ioflag);
1553 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1557 error = cuse_convert_error(error);
1559 } else if (error == len) {
1560 error = uiomove(NULL, error, uio);
1564 error = uiomove(NULL, error, uio);
1568 cuse_cmd_unlock(pccmd);
1570 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */
1572 if (error == EWOULDBLOCK)
1573 cuse_client_kqfilter_poll(dev, pcc);
1579 cuse_client_write(struct cdev *dev, struct uio *uio, int ioflag)
1581 struct cuse_client_command *pccmd;
1582 struct cuse_client *pcc;
1586 error = cuse_client_get(&pcc);
1590 pccmd = &pcc->cmds[CUSE_CMD_WRITE];
1592 if (uio->uio_segflg != UIO_USERSPACE) {
1595 uio->uio_segflg = UIO_NOCOPY;
1597 cuse_cmd_lock(pccmd);
1599 while (uio->uio_resid != 0) {
1601 if (uio->uio_iov->iov_len > CUSE_LENGTH_MAX) {
1606 len = uio->uio_iov->iov_len;
1609 cuse_client_send_command_locked(pccmd,
1610 (uintptr_t)uio->uio_iov->iov_base,
1611 (unsigned long)(unsigned int)len, pcc->fflags, ioflag);
1613 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1617 error = cuse_convert_error(error);
1619 } else if (error == len) {
1620 error = uiomove(NULL, error, uio);
1624 error = uiomove(NULL, error, uio);
1628 cuse_cmd_unlock(pccmd);
1630 uio->uio_segflg = UIO_USERSPACE;/* restore segment flag */
1632 if (error == EWOULDBLOCK)
1633 cuse_client_kqfilter_poll(dev, pcc);
1639 cuse_client_ioctl(struct cdev *dev, unsigned long cmd,
1640 caddr_t data, int fflag, struct thread *td)
1642 struct cuse_client_command *pccmd;
1643 struct cuse_client *pcc;
1647 error = cuse_client_get(&pcc);
1651 len = IOCPARM_LEN(cmd);
1652 if (len > CUSE_BUFFER_MAX)
1655 pccmd = &pcc->cmds[CUSE_CMD_IOCTL];
1657 cuse_cmd_lock(pccmd);
1659 if (cmd & (IOC_IN | IOC_VOID))
1660 memcpy(pcc->ioctl_buffer, data, len);
1663 * When the ioctl-length is zero drivers can pass information
1664 * through the data pointer of the ioctl. Make sure this information
1665 * is forwarded to the driver.
1669 cuse_client_send_command_locked(pccmd,
1670 (len == 0) ? *(long *)data : CUSE_BUF_MIN_PTR,
1671 (unsigned long)cmd, pcc->fflags,
1672 (fflag & O_NONBLOCK) ? IO_NDELAY : 0);
1674 error = cuse_client_receive_command_locked(pccmd, data, len);
1678 error = cuse_convert_error(error);
1684 memcpy(data, pcc->ioctl_buffer, len);
1686 cuse_cmd_unlock(pccmd);
1688 if (error == EWOULDBLOCK)
1689 cuse_client_kqfilter_poll(dev, pcc);
1695 cuse_client_poll(struct cdev *dev, int events, struct thread *td)
1697 struct cuse_client_command *pccmd;
1698 struct cuse_client *pcc;
1703 error = cuse_client_get(&pcc);
1709 if (events & (POLLPRI | POLLIN | POLLRDNORM))
1710 temp |= CUSE_POLL_READ;
1712 if (events & (POLLOUT | POLLWRNORM))
1713 temp |= CUSE_POLL_WRITE;
1715 if (events & POLLHUP)
1716 temp |= CUSE_POLL_ERROR;
1718 pccmd = &pcc->cmds[CUSE_CMD_POLL];
1720 cuse_cmd_lock(pccmd);
1722 /* Need to selrecord() first to not loose any events. */
1723 if (temp != 0 && td != NULL)
1724 selrecord(td, &pcc->server->selinfo);
1727 cuse_client_send_command_locked(pccmd,
1728 0, temp, pcc->fflags, IO_NDELAY);
1730 error = cuse_client_receive_command_locked(pccmd, 0, 0);
1733 cuse_cmd_unlock(pccmd);
1739 if (error & CUSE_POLL_READ)
1740 revents |= (events & (POLLPRI | POLLIN | POLLRDNORM));
1741 if (error & CUSE_POLL_WRITE)
1742 revents |= (events & (POLLOUT | POLLWRNORM));
1743 if (error & CUSE_POLL_ERROR)
1744 revents |= (events & POLLHUP);
1749 /* XXX many clients don't understand POLLNVAL */
1750 return (events & (POLLHUP | POLLPRI | POLLIN |
1751 POLLRDNORM | POLLOUT | POLLWRNORM));
1755 cuse_client_mmap(struct cdev *dev, vm_ooffset_t offset, vm_paddr_t *paddr, int nprot, vm_memattr_t *memattr)
1757 uint32_t page_nr = offset / PAGE_SIZE;
1758 uint32_t alloc_nr = page_nr / CUSE_ALLOC_PAGES_MAX;
1759 struct cuse_memory *mem;
1760 struct cuse_server *pcs;
1761 struct cuse_client *pcc;
1765 if (alloc_nr >= CUSE_ALLOC_UNIT_MAX)
1768 error = cuse_client_get(&pcc);
1775 mem = &cuse_mem[alloc_nr];
1777 /* try to enforce slight ownership */
1778 if ((pcs != NULL) && (mem->owner != pcs)) {
1782 if (mem->virtaddr == NULL) {
1786 if (mem->virtaddr == NBUSY) {
1790 page_nr %= CUSE_ALLOC_PAGES_MAX;
1792 if (page_nr >= mem->page_count) {
1796 ptr = mem->virtaddr + (page_nr * PAGE_SIZE);
1799 *paddr = vtophys(ptr);
1805 cuse_client_kqfilter_read_detach(struct knote *kn)
1807 struct cuse_client *pcc;
1811 knlist_remove(&pcc->server->selinfo.si_note, kn, 1);
1816 cuse_client_kqfilter_write_detach(struct knote *kn)
1818 struct cuse_client *pcc;
1822 knlist_remove(&pcc->server->selinfo.si_note, kn, 1);
1827 cuse_client_kqfilter_read_event(struct knote *kn, long hint)
1829 struct cuse_client *pcc;
1831 mtx_assert(&cuse_mtx, MA_OWNED);
1834 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_READ) ? 1 : 0);
1838 cuse_client_kqfilter_write_event(struct knote *kn, long hint)
1840 struct cuse_client *pcc;
1842 mtx_assert(&cuse_mtx, MA_OWNED);
1845 return ((pcc->cflags & CUSE_CLI_KNOTE_NEED_WRITE) ? 1 : 0);
1849 cuse_client_kqfilter(struct cdev *dev, struct knote *kn)
1851 struct cuse_client *pcc;
1852 struct cuse_server *pcs;
1855 error = cuse_client_get(&pcc);
1861 switch (kn->kn_filter) {
1863 pcc->cflags |= CUSE_CLI_KNOTE_HAS_READ;
1865 kn->kn_fop = &cuse_client_kqfilter_read_ops;
1866 knlist_add(&pcs->selinfo.si_note, kn, 1);
1869 pcc->cflags |= CUSE_CLI_KNOTE_HAS_WRITE;
1871 kn->kn_fop = &cuse_client_kqfilter_write_ops;
1872 knlist_add(&pcs->selinfo.si_note, kn, 1);
1881 cuse_client_kqfilter_poll(dev, pcc);
projects / FreeBSD / FreeBSD.git / blob