Thomas Gleixner | 55716d2 | 2019-06-01 10:08:42 +0200 | [diff] [blame] | 1 | // SPDX-License-Identifier: GPL-2.0-only |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 2 | /* |
| 3 | * CUSE: Character device in Userspace |
| 4 | * |
| 5 | * Copyright (C) 2008-2009 SUSE Linux Products GmbH |
| 6 | * Copyright (C) 2008-2009 Tejun Heo <tj@kernel.org> |
| 7 | * |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 8 | * CUSE enables character devices to be implemented from userland much |
| 9 | * like FUSE allows filesystems. On initialization /dev/cuse is |
| 10 | * created. By opening the file and replying to the CUSE_INIT request |
| 11 | * userland CUSE server can create a character device. After that the |
| 12 | * operation is very similar to FUSE. |
| 13 | * |
| 14 | * A CUSE instance involves the following objects. |
| 15 | * |
| 16 | * cuse_conn : contains fuse_conn and serves as bonding structure |
| 17 | * channel : file handle connected to the userland CUSE server |
| 18 | * cdev : the implemented character device |
| 19 | * dev : generic device for cdev |
| 20 | * |
| 21 | * Note that 'channel' is what 'dev' is in FUSE. As CUSE deals with |
| 22 | * devices, it's called 'channel' to reduce confusion. |
| 23 | * |
| 24 | * channel determines when the character device dies. When channel is |
| 25 | * closed, everything begins to destruct. The cuse_conn is taken off |
| 26 | * the lookup table preventing further access from cdev, cdev and |
| 27 | * generic device are removed and the base reference of cuse_conn is |
| 28 | * put. |
| 29 | * |
| 30 | * On each open, the matching cuse_conn is looked up and if found an |
| 31 | * additional reference is taken which is released when the file is |
| 32 | * closed. |
| 33 | */ |
| 34 | |
Kirill Smelkov | f229448 | 2019-03-27 09:15:17 +0000 | [diff] [blame] | 35 | #define pr_fmt(fmt) "CUSE: " fmt |
| 36 | |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 37 | #include <linux/fuse.h> |
| 38 | #include <linux/cdev.h> |
| 39 | #include <linux/device.h> |
| 40 | #include <linux/file.h> |
| 41 | #include <linux/fs.h> |
| 42 | #include <linux/kdev_t.h> |
| 43 | #include <linux/kthread.h> |
| 44 | #include <linux/list.h> |
| 45 | #include <linux/magic.h> |
| 46 | #include <linux/miscdevice.h> |
| 47 | #include <linux/mutex.h> |
Tejun Heo | 5a0e3ad | 2010-03-24 17:04:11 +0900 | [diff] [blame] | 48 | #include <linux/slab.h> |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 49 | #include <linux/stat.h> |
Paul Gortmaker | 143cb49 | 2011-07-01 14:23:34 -0400 | [diff] [blame] | 50 | #include <linux/module.h> |
Christoph Hellwig | e2e40f2 | 2015-02-22 08:58:50 -0800 | [diff] [blame] | 51 | #include <linux/uio.h> |
Eric W. Biederman | 8cb0832 | 2018-02-21 11:18:07 -0600 | [diff] [blame] | 52 | #include <linux/user_namespace.h> |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 53 | |
| 54 | #include "fuse_i.h" |
| 55 | |
| 56 | #define CUSE_CONNTBL_LEN 64 |
| 57 | |
| 58 | struct cuse_conn { |
| 59 | struct list_head list; /* linked on cuse_conntbl */ |
| 60 | struct fuse_conn fc; /* fuse connection */ |
| 61 | struct cdev *cdev; /* associated character device */ |
| 62 | struct device *dev; /* device representing @cdev */ |
| 63 | |
| 64 | /* init parameters, set once during initialization */ |
| 65 | bool unrestricted_ioctl; |
| 66 | }; |
| 67 | |
David Herrmann | 8ce03fd | 2012-11-17 12:45:47 +0100 | [diff] [blame] | 68 | static DEFINE_MUTEX(cuse_lock); /* protects registration */ |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 69 | static struct list_head cuse_conntbl[CUSE_CONNTBL_LEN]; |
| 70 | static struct class *cuse_class; |
| 71 | |
| 72 | static struct cuse_conn *fc_to_cc(struct fuse_conn *fc) |
| 73 | { |
| 74 | return container_of(fc, struct cuse_conn, fc); |
| 75 | } |
| 76 | |
| 77 | static struct list_head *cuse_conntbl_head(dev_t devt) |
| 78 | { |
| 79 | return &cuse_conntbl[(MAJOR(devt) + MINOR(devt)) % CUSE_CONNTBL_LEN]; |
| 80 | } |
| 81 | |
| 82 | |
| 83 | /************************************************************************** |
| 84 | * CUSE frontend operations |
| 85 | * |
| 86 | * These are file operations for the character device. |
| 87 | * |
| 88 | * On open, CUSE opens a file from the FUSE mnt and stores it to |
| 89 | * private_data of the open file. All other ops call FUSE ops on the |
| 90 | * FUSE file. |
| 91 | */ |
| 92 | |
Al Viro | cfa86a7 | 2015-03-21 09:01:45 -0400 | [diff] [blame] | 93 | static ssize_t cuse_read_iter(struct kiocb *kiocb, struct iov_iter *to) |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 94 | { |
Miklos Szeredi | e1c0eec | 2017-09-12 16:57:53 +0200 | [diff] [blame] | 95 | struct fuse_io_priv io = FUSE_IO_PRIV_SYNC(kiocb); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 96 | loff_t pos = 0; |
| 97 | |
Al Viro | cfa86a7 | 2015-03-21 09:01:45 -0400 | [diff] [blame] | 98 | return fuse_direct_io(&io, to, &pos, FUSE_DIO_CUSE); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 99 | } |
| 100 | |
Al Viro | cfa86a7 | 2015-03-21 09:01:45 -0400 | [diff] [blame] | 101 | static ssize_t cuse_write_iter(struct kiocb *kiocb, struct iov_iter *from) |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 102 | { |
Miklos Szeredi | e1c0eec | 2017-09-12 16:57:53 +0200 | [diff] [blame] | 103 | struct fuse_io_priv io = FUSE_IO_PRIV_SYNC(kiocb); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 104 | loff_t pos = 0; |
| 105 | /* |
| 106 | * No locking or generic_write_checks(), the server is |
| 107 | * responsible for locking and sanity checks. |
| 108 | */ |
Al Viro | cfa86a7 | 2015-03-21 09:01:45 -0400 | [diff] [blame] | 109 | return fuse_direct_io(&io, from, &pos, |
Pavel Emelyanov | ea8cd33 | 2013-10-10 17:12:05 +0400 | [diff] [blame] | 110 | FUSE_DIO_WRITE | FUSE_DIO_CUSE); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 111 | } |
| 112 | |
| 113 | static int cuse_open(struct inode *inode, struct file *file) |
| 114 | { |
| 115 | dev_t devt = inode->i_cdev->dev; |
| 116 | struct cuse_conn *cc = NULL, *pos; |
| 117 | int rc; |
| 118 | |
| 119 | /* look up and get the connection */ |
David Herrmann | 8ce03fd | 2012-11-17 12:45:47 +0100 | [diff] [blame] | 120 | mutex_lock(&cuse_lock); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 121 | list_for_each_entry(pos, cuse_conntbl_head(devt), list) |
| 122 | if (pos->dev->devt == devt) { |
| 123 | fuse_conn_get(&pos->fc); |
| 124 | cc = pos; |
| 125 | break; |
| 126 | } |
David Herrmann | 8ce03fd | 2012-11-17 12:45:47 +0100 | [diff] [blame] | 127 | mutex_unlock(&cuse_lock); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 128 | |
| 129 | /* dead? */ |
| 130 | if (!cc) |
| 131 | return -ENODEV; |
| 132 | |
| 133 | /* |
| 134 | * Generic permission check is already done against the chrdev |
| 135 | * file, proceed to open. |
| 136 | */ |
| 137 | rc = fuse_do_open(&cc->fc, 0, file, 0); |
| 138 | if (rc) |
| 139 | fuse_conn_put(&cc->fc); |
| 140 | return rc; |
| 141 | } |
| 142 | |
| 143 | static int cuse_release(struct inode *inode, struct file *file) |
| 144 | { |
| 145 | struct fuse_file *ff = file->private_data; |
| 146 | struct fuse_conn *fc = ff->fc; |
| 147 | |
Miklos Szeredi | 56d250e | 2019-08-29 11:01:18 +0200 | [diff] [blame] | 148 | fuse_sync_release(NULL, ff, file->f_flags); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 149 | fuse_conn_put(fc); |
| 150 | |
| 151 | return 0; |
| 152 | } |
| 153 | |
| 154 | static long cuse_file_ioctl(struct file *file, unsigned int cmd, |
| 155 | unsigned long arg) |
| 156 | { |
| 157 | struct fuse_file *ff = file->private_data; |
| 158 | struct cuse_conn *cc = fc_to_cc(ff->fc); |
| 159 | unsigned int flags = 0; |
| 160 | |
| 161 | if (cc->unrestricted_ioctl) |
| 162 | flags |= FUSE_IOCTL_UNRESTRICTED; |
| 163 | |
| 164 | return fuse_do_ioctl(file, cmd, arg, flags); |
| 165 | } |
| 166 | |
| 167 | static long cuse_file_compat_ioctl(struct file *file, unsigned int cmd, |
| 168 | unsigned long arg) |
| 169 | { |
| 170 | struct fuse_file *ff = file->private_data; |
| 171 | struct cuse_conn *cc = fc_to_cc(ff->fc); |
| 172 | unsigned int flags = FUSE_IOCTL_COMPAT; |
| 173 | |
| 174 | if (cc->unrestricted_ioctl) |
| 175 | flags |= FUSE_IOCTL_UNRESTRICTED; |
| 176 | |
| 177 | return fuse_do_ioctl(file, cmd, arg, flags); |
| 178 | } |
| 179 | |
| 180 | static const struct file_operations cuse_frontend_fops = { |
| 181 | .owner = THIS_MODULE, |
Al Viro | cfa86a7 | 2015-03-21 09:01:45 -0400 | [diff] [blame] | 182 | .read_iter = cuse_read_iter, |
| 183 | .write_iter = cuse_write_iter, |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 184 | .open = cuse_open, |
| 185 | .release = cuse_release, |
| 186 | .unlocked_ioctl = cuse_file_ioctl, |
| 187 | .compat_ioctl = cuse_file_compat_ioctl, |
| 188 | .poll = fuse_file_poll, |
Arnd Bergmann | 6038f37 | 2010-08-15 18:52:59 +0200 | [diff] [blame] | 189 | .llseek = noop_llseek, |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 190 | }; |
| 191 | |
| 192 | |
| 193 | /************************************************************************** |
| 194 | * CUSE channel initialization and destruction |
| 195 | */ |
| 196 | |
| 197 | struct cuse_devinfo { |
| 198 | const char *name; |
| 199 | }; |
| 200 | |
| 201 | /** |
| 202 | * cuse_parse_one - parse one key=value pair |
| 203 | * @pp: i/o parameter for the current position |
| 204 | * @end: points to one past the end of the packed string |
| 205 | * @keyp: out parameter for key |
| 206 | * @valp: out parameter for value |
| 207 | * |
| 208 | * *@pp points to packed strings - "key0=val0\0key1=val1\0" which ends |
| 209 | * at @end - 1. This function parses one pair and set *@keyp to the |
| 210 | * start of the key and *@valp to the start of the value. Note that |
| 211 | * the original string is modified such that the key string is |
| 212 | * terminated with '\0'. *@pp is updated to point to the next string. |
| 213 | * |
| 214 | * RETURNS: |
| 215 | * 1 on successful parse, 0 on EOF, -errno on failure. |
| 216 | */ |
| 217 | static int cuse_parse_one(char **pp, char *end, char **keyp, char **valp) |
| 218 | { |
| 219 | char *p = *pp; |
| 220 | char *key, *val; |
| 221 | |
| 222 | while (p < end && *p == '\0') |
| 223 | p++; |
| 224 | if (p == end) |
| 225 | return 0; |
| 226 | |
| 227 | if (end[-1] != '\0') { |
Kirill Smelkov | f229448 | 2019-03-27 09:15:17 +0000 | [diff] [blame] | 228 | pr_err("info not properly terminated\n"); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 229 | return -EINVAL; |
| 230 | } |
| 231 | |
| 232 | key = val = p; |
| 233 | p += strlen(p); |
| 234 | |
| 235 | if (valp) { |
| 236 | strsep(&val, "="); |
| 237 | if (!val) |
| 238 | val = key + strlen(key); |
| 239 | key = strstrip(key); |
| 240 | val = strstrip(val); |
| 241 | } else |
| 242 | key = strstrip(key); |
| 243 | |
| 244 | if (!strlen(key)) { |
Kirill Smelkov | f229448 | 2019-03-27 09:15:17 +0000 | [diff] [blame] | 245 | pr_err("zero length info key specified\n"); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 246 | return -EINVAL; |
| 247 | } |
| 248 | |
| 249 | *pp = p; |
| 250 | *keyp = key; |
| 251 | if (valp) |
| 252 | *valp = val; |
| 253 | |
| 254 | return 1; |
| 255 | } |
| 256 | |
| 257 | /** |
| 258 | * cuse_parse_dev_info - parse device info |
| 259 | * @p: device info string |
| 260 | * @len: length of device info string |
| 261 | * @devinfo: out parameter for parsed device info |
| 262 | * |
| 263 | * Parse @p to extract device info and store it into @devinfo. String |
| 264 | * pointed to by @p is modified by parsing and @devinfo points into |
| 265 | * them, so @p shouldn't be freed while @devinfo is in use. |
| 266 | * |
| 267 | * RETURNS: |
| 268 | * 0 on success, -errno on failure. |
| 269 | */ |
| 270 | static int cuse_parse_devinfo(char *p, size_t len, struct cuse_devinfo *devinfo) |
| 271 | { |
| 272 | char *end = p + len; |
Kees Cook | 3f649ab | 2020-06-03 13:09:38 -0700 | [diff] [blame] | 273 | char *key, *val; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 274 | int rc; |
| 275 | |
| 276 | while (true) { |
| 277 | rc = cuse_parse_one(&p, end, &key, &val); |
| 278 | if (rc < 0) |
| 279 | return rc; |
| 280 | if (!rc) |
| 281 | break; |
| 282 | if (strcmp(key, "DEVNAME") == 0) |
| 283 | devinfo->name = val; |
| 284 | else |
Kirill Smelkov | f229448 | 2019-03-27 09:15:17 +0000 | [diff] [blame] | 285 | pr_warn("unknown device info \"%s\"\n", key); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 286 | } |
| 287 | |
| 288 | if (!devinfo->name || !strlen(devinfo->name)) { |
Kirill Smelkov | f229448 | 2019-03-27 09:15:17 +0000 | [diff] [blame] | 289 | pr_err("DEVNAME unspecified\n"); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 290 | return -EINVAL; |
| 291 | } |
| 292 | |
| 293 | return 0; |
| 294 | } |
| 295 | |
| 296 | static void cuse_gendev_release(struct device *dev) |
| 297 | { |
| 298 | kfree(dev); |
| 299 | } |
| 300 | |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 301 | struct cuse_init_args { |
| 302 | struct fuse_args_pages ap; |
| 303 | struct cuse_init_in in; |
| 304 | struct cuse_init_out out; |
| 305 | struct page *page; |
| 306 | struct fuse_page_desc desc; |
| 307 | }; |
| 308 | |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 309 | /** |
| 310 | * cuse_process_init_reply - finish initializing CUSE channel |
| 311 | * |
| 312 | * This function creates the character device and sets up all the |
| 313 | * required data structures for it. Please read the comment at the |
| 314 | * top of this file for high level overview. |
| 315 | */ |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 316 | static void cuse_process_init_reply(struct fuse_conn *fc, |
| 317 | struct fuse_args *args, int error) |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 318 | { |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 319 | struct cuse_init_args *ia = container_of(args, typeof(*ia), ap.args); |
| 320 | struct fuse_args_pages *ap = &ia->ap; |
David Herrmann | 3078358 | 2012-11-17 12:45:48 +0100 | [diff] [blame] | 321 | struct cuse_conn *cc = fc_to_cc(fc), *pos; |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 322 | struct cuse_init_out *arg = &ia->out; |
| 323 | struct page *page = ap->pages[0]; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 324 | struct cuse_devinfo devinfo = { }; |
| 325 | struct device *dev; |
| 326 | struct cdev *cdev; |
| 327 | dev_t devt; |
David Herrmann | 3078358 | 2012-11-17 12:45:48 +0100 | [diff] [blame] | 328 | int rc, i; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 329 | |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 330 | if (error || arg->major != FUSE_KERNEL_VERSION || arg->minor < 11) |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 331 | goto err; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 332 | |
| 333 | fc->minor = arg->minor; |
| 334 | fc->max_read = max_t(unsigned, arg->max_read, 4096); |
| 335 | fc->max_write = max_t(unsigned, arg->max_write, 4096); |
| 336 | |
| 337 | /* parse init reply */ |
| 338 | cc->unrestricted_ioctl = arg->flags & CUSE_UNRESTRICTED_IOCTL; |
| 339 | |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 340 | rc = cuse_parse_devinfo(page_address(page), ap->args.out_args[1].size, |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 341 | &devinfo); |
| 342 | if (rc) |
| 343 | goto err; |
| 344 | |
| 345 | /* determine and reserve devt */ |
| 346 | devt = MKDEV(arg->dev_major, arg->dev_minor); |
| 347 | if (!MAJOR(devt)) |
| 348 | rc = alloc_chrdev_region(&devt, MINOR(devt), 1, devinfo.name); |
| 349 | else |
| 350 | rc = register_chrdev_region(devt, 1, devinfo.name); |
| 351 | if (rc) { |
Kirill Smelkov | f229448 | 2019-03-27 09:15:17 +0000 | [diff] [blame] | 352 | pr_err("failed to register chrdev region\n"); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 353 | goto err; |
| 354 | } |
| 355 | |
| 356 | /* devt determined, create device */ |
| 357 | rc = -ENOMEM; |
| 358 | dev = kzalloc(sizeof(*dev), GFP_KERNEL); |
| 359 | if (!dev) |
| 360 | goto err_region; |
| 361 | |
| 362 | device_initialize(dev); |
| 363 | dev_set_uevent_suppress(dev, 1); |
| 364 | dev->class = cuse_class; |
| 365 | dev->devt = devt; |
| 366 | dev->release = cuse_gendev_release; |
| 367 | dev_set_drvdata(dev, cc); |
| 368 | dev_set_name(dev, "%s", devinfo.name); |
| 369 | |
David Herrmann | 3078358 | 2012-11-17 12:45:48 +0100 | [diff] [blame] | 370 | mutex_lock(&cuse_lock); |
| 371 | |
| 372 | /* make sure the device-name is unique */ |
| 373 | for (i = 0; i < CUSE_CONNTBL_LEN; ++i) { |
| 374 | list_for_each_entry(pos, &cuse_conntbl[i], list) |
| 375 | if (!strcmp(dev_name(pos->dev), dev_name(dev))) |
| 376 | goto err_unlock; |
| 377 | } |
| 378 | |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 379 | rc = device_add(dev); |
| 380 | if (rc) |
David Herrmann | 3078358 | 2012-11-17 12:45:48 +0100 | [diff] [blame] | 381 | goto err_unlock; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 382 | |
| 383 | /* register cdev */ |
| 384 | rc = -ENOMEM; |
| 385 | cdev = cdev_alloc(); |
| 386 | if (!cdev) |
David Herrmann | 3078358 | 2012-11-17 12:45:48 +0100 | [diff] [blame] | 387 | goto err_unlock; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 388 | |
| 389 | cdev->owner = THIS_MODULE; |
| 390 | cdev->ops = &cuse_frontend_fops; |
| 391 | |
| 392 | rc = cdev_add(cdev, devt, 1); |
| 393 | if (rc) |
| 394 | goto err_cdev; |
| 395 | |
| 396 | cc->dev = dev; |
| 397 | cc->cdev = cdev; |
| 398 | |
| 399 | /* make the device available */ |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 400 | list_add(&cc->list, cuse_conntbl_head(devt)); |
David Herrmann | 8ce03fd | 2012-11-17 12:45:47 +0100 | [diff] [blame] | 401 | mutex_unlock(&cuse_lock); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 402 | |
| 403 | /* announce device availability */ |
| 404 | dev_set_uevent_suppress(dev, 0); |
| 405 | kobject_uevent(&dev->kobj, KOBJ_ADD); |
| 406 | out: |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 407 | kfree(ia); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 408 | __free_page(page); |
| 409 | return; |
| 410 | |
| 411 | err_cdev: |
| 412 | cdev_del(cdev); |
David Herrmann | 3078358 | 2012-11-17 12:45:48 +0100 | [diff] [blame] | 413 | err_unlock: |
| 414 | mutex_unlock(&cuse_lock); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 415 | put_device(dev); |
| 416 | err_region: |
| 417 | unregister_chrdev_region(devt, 1); |
| 418 | err: |
Miklos Szeredi | eb98e3bd | 2019-01-24 10:40:16 +0100 | [diff] [blame] | 419 | fuse_abort_conn(fc); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 420 | goto out; |
| 421 | } |
| 422 | |
| 423 | static int cuse_send_init(struct cuse_conn *cc) |
| 424 | { |
| 425 | int rc; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 426 | struct page *page; |
| 427 | struct fuse_conn *fc = &cc->fc; |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 428 | struct cuse_init_args *ia; |
| 429 | struct fuse_args_pages *ap; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 430 | |
| 431 | BUILD_BUG_ON(CUSE_INIT_INFO_MAX > PAGE_SIZE); |
| 432 | |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 433 | rc = -ENOMEM; |
| 434 | page = alloc_page(GFP_KERNEL | __GFP_ZERO); |
| 435 | if (!page) |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 436 | goto err; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 437 | |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 438 | ia = kzalloc(sizeof(*ia), GFP_KERNEL); |
| 439 | if (!ia) |
Miklos Szeredi | 07d5f69 | 2011-03-21 13:58:05 +0100 | [diff] [blame] | 440 | goto err_free_page; |
| 441 | |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 442 | ap = &ia->ap; |
| 443 | ia->in.major = FUSE_KERNEL_VERSION; |
| 444 | ia->in.minor = FUSE_KERNEL_MINOR_VERSION; |
| 445 | ia->in.flags |= CUSE_UNRESTRICTED_IOCTL; |
| 446 | ap->args.opcode = CUSE_INIT; |
| 447 | ap->args.in_numargs = 1; |
| 448 | ap->args.in_args[0].size = sizeof(ia->in); |
| 449 | ap->args.in_args[0].value = &ia->in; |
| 450 | ap->args.out_numargs = 2; |
| 451 | ap->args.out_args[0].size = sizeof(ia->out); |
| 452 | ap->args.out_args[0].value = &ia->out; |
| 453 | ap->args.out_args[1].size = CUSE_INIT_INFO_MAX; |
zhengbin | cabdb4f | 2020-01-14 20:39:45 +0800 | [diff] [blame] | 454 | ap->args.out_argvar = true; |
| 455 | ap->args.out_pages = true; |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 456 | ap->num_pages = 1; |
| 457 | ap->pages = &ia->page; |
| 458 | ap->descs = &ia->desc; |
| 459 | ia->page = page; |
| 460 | ia->desc.length = ap->args.out_args[1].size; |
| 461 | ap->args.end = cuse_process_init_reply; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 462 | |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 463 | rc = fuse_simple_background(fc, &ap->args, GFP_KERNEL); |
| 464 | if (rc) { |
| 465 | kfree(ia); |
Miklos Szeredi | 07d5f69 | 2011-03-21 13:58:05 +0100 | [diff] [blame] | 466 | err_free_page: |
Miklos Szeredi | b50ef7c | 2019-09-10 15:04:10 +0200 | [diff] [blame] | 467 | __free_page(page); |
| 468 | } |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 469 | err: |
| 470 | return rc; |
| 471 | } |
| 472 | |
| 473 | static void cuse_fc_release(struct fuse_conn *fc) |
| 474 | { |
| 475 | struct cuse_conn *cc = fc_to_cc(fc); |
Al Viro | dd3e2c55 | 2013-10-03 21:21:39 -0400 | [diff] [blame] | 476 | kfree_rcu(cc, fc.rcu); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 477 | } |
| 478 | |
| 479 | /** |
| 480 | * cuse_channel_open - open method for /dev/cuse |
| 481 | * @inode: inode for /dev/cuse |
| 482 | * @file: file struct being opened |
| 483 | * |
| 484 | * Userland CUSE server can create a CUSE device by opening /dev/cuse |
Paul Bolle | 8272f4c | 2011-02-15 00:05:34 +0100 | [diff] [blame] | 485 | * and replying to the initialization request kernel sends. This |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 486 | * function is responsible for handling CUSE device initialization. |
| 487 | * Because the fd opened by this function is used during |
| 488 | * initialization, this function only creates cuse_conn and sends |
| 489 | * init. The rest is delegated to a kthread. |
| 490 | * |
| 491 | * RETURNS: |
| 492 | * 0 on success, -errno on failure. |
| 493 | */ |
| 494 | static int cuse_channel_open(struct inode *inode, struct file *file) |
| 495 | { |
Miklos Szeredi | cc080e9 | 2015-07-01 16:26:08 +0200 | [diff] [blame] | 496 | struct fuse_dev *fud; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 497 | struct cuse_conn *cc; |
| 498 | int rc; |
| 499 | |
| 500 | /* set up cuse_conn */ |
| 501 | cc = kzalloc(sizeof(*cc), GFP_KERNEL); |
| 502 | if (!cc) |
| 503 | return -ENOMEM; |
| 504 | |
Eric W. Biederman | 8cb0832 | 2018-02-21 11:18:07 -0600 | [diff] [blame] | 505 | /* |
| 506 | * Limit the cuse channel to requests that can |
| 507 | * be represented in file->f_cred->user_ns. |
| 508 | */ |
Stefan Hajnoczi | ae3aad7 | 2018-06-18 15:53:19 +0100 | [diff] [blame] | 509 | fuse_conn_init(&cc->fc, file->f_cred->user_ns, &fuse_dev_fiq_ops, NULL); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 510 | |
Vivek Goyal | 0cd1eb9a | 2019-03-06 16:51:40 -0500 | [diff] [blame] | 511 | fud = fuse_dev_alloc_install(&cc->fc); |
Miklos Szeredi | cc080e9 | 2015-07-01 16:26:08 +0200 | [diff] [blame] | 512 | if (!fud) { |
| 513 | kfree(cc); |
| 514 | return -ENOMEM; |
| 515 | } |
| 516 | |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 517 | INIT_LIST_HEAD(&cc->list); |
| 518 | cc->fc.release = cuse_fc_release; |
| 519 | |
Maxim Patlasov | 796523fb | 2013-03-21 18:02:15 +0400 | [diff] [blame] | 520 | cc->fc.initialized = 1; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 521 | rc = cuse_send_init(cc); |
| 522 | if (rc) { |
Miklos Szeredi | cc080e9 | 2015-07-01 16:26:08 +0200 | [diff] [blame] | 523 | fuse_dev_free(fud); |
zhengbin | 9ad09b1 | 2019-08-14 15:59:09 +0800 | [diff] [blame] | 524 | fuse_conn_put(&cc->fc); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 525 | return rc; |
| 526 | } |
Miklos Szeredi | cc080e9 | 2015-07-01 16:26:08 +0200 | [diff] [blame] | 527 | file->private_data = fud; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 528 | |
| 529 | return 0; |
| 530 | } |
| 531 | |
| 532 | /** |
| 533 | * cuse_channel_release - release method for /dev/cuse |
| 534 | * @inode: inode for /dev/cuse |
| 535 | * @file: file struct being closed |
| 536 | * |
| 537 | * Disconnect the channel, deregister CUSE device and initiate |
| 538 | * destruction by putting the default reference. |
| 539 | * |
| 540 | * RETURNS: |
| 541 | * 0 on success, -errno on failure. |
| 542 | */ |
| 543 | static int cuse_channel_release(struct inode *inode, struct file *file) |
| 544 | { |
Miklos Szeredi | cc080e9 | 2015-07-01 16:26:08 +0200 | [diff] [blame] | 545 | struct fuse_dev *fud = file->private_data; |
| 546 | struct cuse_conn *cc = fc_to_cc(fud->fc); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 547 | int rc; |
| 548 | |
| 549 | /* remove from the conntbl, no more access from this point on */ |
David Herrmann | 8ce03fd | 2012-11-17 12:45:47 +0100 | [diff] [blame] | 550 | mutex_lock(&cuse_lock); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 551 | list_del_init(&cc->list); |
David Herrmann | 8ce03fd | 2012-11-17 12:45:47 +0100 | [diff] [blame] | 552 | mutex_unlock(&cuse_lock); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 553 | |
| 554 | /* remove device */ |
| 555 | if (cc->dev) |
| 556 | device_unregister(cc->dev); |
| 557 | if (cc->cdev) { |
| 558 | unregister_chrdev_region(cc->cdev->dev, 1); |
| 559 | cdev_del(cc->cdev); |
| 560 | } |
Miklos Szeredi | 2c5816b | 2015-11-10 10:32:36 +0100 | [diff] [blame] | 561 | /* Base reference is now owned by "fud" */ |
| 562 | fuse_conn_put(&cc->fc); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 563 | |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 564 | rc = fuse_dev_release(inode, file); /* puts the base reference */ |
| 565 | |
| 566 | return rc; |
| 567 | } |
| 568 | |
| 569 | static struct file_operations cuse_channel_fops; /* initialized during init */ |
| 570 | |
| 571 | |
| 572 | /************************************************************************** |
| 573 | * Misc stuff and module initializatiion |
| 574 | * |
| 575 | * CUSE exports the same set of attributes to sysfs as fusectl. |
| 576 | */ |
| 577 | |
| 578 | static ssize_t cuse_class_waiting_show(struct device *dev, |
| 579 | struct device_attribute *attr, char *buf) |
| 580 | { |
| 581 | struct cuse_conn *cc = dev_get_drvdata(dev); |
| 582 | |
| 583 | return sprintf(buf, "%d\n", atomic_read(&cc->fc.num_waiting)); |
| 584 | } |
Rusty Russell | 58f86cc | 2014-03-24 12:00:34 +1030 | [diff] [blame] | 585 | static DEVICE_ATTR(waiting, 0400, cuse_class_waiting_show, NULL); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 586 | |
| 587 | static ssize_t cuse_class_abort_store(struct device *dev, |
| 588 | struct device_attribute *attr, |
| 589 | const char *buf, size_t count) |
| 590 | { |
| 591 | struct cuse_conn *cc = dev_get_drvdata(dev); |
| 592 | |
Miklos Szeredi | eb98e3bd | 2019-01-24 10:40:16 +0100 | [diff] [blame] | 593 | fuse_abort_conn(&cc->fc); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 594 | return count; |
| 595 | } |
Rusty Russell | 58f86cc | 2014-03-24 12:00:34 +1030 | [diff] [blame] | 596 | static DEVICE_ATTR(abort, 0200, NULL, cuse_class_abort_store); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 597 | |
Greg Kroah-Hartman | 4183fb9 | 2013-07-24 15:05:24 -0700 | [diff] [blame] | 598 | static struct attribute *cuse_class_dev_attrs[] = { |
| 599 | &dev_attr_waiting.attr, |
| 600 | &dev_attr_abort.attr, |
| 601 | NULL, |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 602 | }; |
Greg Kroah-Hartman | 4183fb9 | 2013-07-24 15:05:24 -0700 | [diff] [blame] | 603 | ATTRIBUTE_GROUPS(cuse_class_dev); |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 604 | |
| 605 | static struct miscdevice cuse_miscdev = { |
Tom Gundersen | cb2ffb2 | 2013-09-09 20:18:27 +0200 | [diff] [blame] | 606 | .minor = CUSE_MINOR, |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 607 | .name = "cuse", |
| 608 | .fops = &cuse_channel_fops, |
| 609 | }; |
| 610 | |
Tom Gundersen | cb2ffb2 | 2013-09-09 20:18:27 +0200 | [diff] [blame] | 611 | MODULE_ALIAS_MISCDEV(CUSE_MINOR); |
| 612 | MODULE_ALIAS("devname:cuse"); |
| 613 | |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 614 | static int __init cuse_init(void) |
| 615 | { |
| 616 | int i, rc; |
| 617 | |
| 618 | /* init conntbl */ |
| 619 | for (i = 0; i < CUSE_CONNTBL_LEN; i++) |
| 620 | INIT_LIST_HEAD(&cuse_conntbl[i]); |
| 621 | |
| 622 | /* inherit and extend fuse_dev_operations */ |
| 623 | cuse_channel_fops = fuse_dev_operations; |
| 624 | cuse_channel_fops.owner = THIS_MODULE; |
| 625 | cuse_channel_fops.open = cuse_channel_open; |
| 626 | cuse_channel_fops.release = cuse_channel_release; |
| 627 | |
| 628 | cuse_class = class_create(THIS_MODULE, "cuse"); |
| 629 | if (IS_ERR(cuse_class)) |
| 630 | return PTR_ERR(cuse_class); |
| 631 | |
Greg Kroah-Hartman | 4183fb9 | 2013-07-24 15:05:24 -0700 | [diff] [blame] | 632 | cuse_class->dev_groups = cuse_class_dev_groups; |
Tejun Heo | 151060a | 2009-04-14 10:54:54 +0900 | [diff] [blame] | 633 | |
| 634 | rc = misc_register(&cuse_miscdev); |
| 635 | if (rc) { |
| 636 | class_destroy(cuse_class); |
| 637 | return rc; |
| 638 | } |
| 639 | |
| 640 | return 0; |
| 641 | } |
| 642 | |
| 643 | static void __exit cuse_exit(void) |
| 644 | { |
| 645 | misc_deregister(&cuse_miscdev); |
| 646 | class_destroy(cuse_class); |
| 647 | } |
| 648 | |
| 649 | module_init(cuse_init); |
| 650 | module_exit(cuse_exit); |
| 651 | |
| 652 | MODULE_AUTHOR("Tejun Heo <tj@kernel.org>"); |
| 653 | MODULE_DESCRIPTION("Character device in Userspace"); |
| 654 | MODULE_LICENSE("GPL"); |