Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2#include <linux/fdtable.h>
3#include <linux/anon_inodes.h>
4#include <linux/uio.h>
5#include "internal.h"
6
7static int cachefiles_ondemand_fd_release(struct inode *inode,
8 struct file *file)
9{
10 struct cachefiles_object *object = file->private_data;
11 struct cachefiles_cache *cache = object->volume->cache;
12 struct cachefiles_ondemand_info *info = object->ondemand;
13 int object_id = info->ondemand_id;
14 struct cachefiles_req *req;
15 XA_STATE(xas, &cache->reqs, 0);
16
17 xa_lock(&cache->reqs);
18 info->ondemand_id = CACHEFILES_ONDEMAND_ID_CLOSED;
19 cachefiles_ondemand_set_object_close(object);
20
21 /* Only flush CACHEFILES_REQ_NEW marked req to avoid race with daemon_read */
22 xas_for_each_marked(&xas, req, ULONG_MAX, CACHEFILES_REQ_NEW) {
23 if (req->msg.object_id == object_id &&
24 req->msg.opcode == CACHEFILES_OP_CLOSE) {
25 complete(&req->done);
26 xas_store(&xas, NULL);
27 }
28 }
29 xa_unlock(&cache->reqs);
30
31 xa_erase(&cache->ondemand_ids, object_id);
32 trace_cachefiles_ondemand_fd_release(object, object_id);
33 cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd);
34 cachefiles_put_unbind_pincount(cache);
35 return 0;
36}
37
38static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
39 struct iov_iter *iter)
40{
41 struct cachefiles_object *object = kiocb->ki_filp->private_data;
42 struct cachefiles_cache *cache = object->volume->cache;
43 struct file *file = object->file;
44 size_t len = iter->count;
45 loff_t pos = kiocb->ki_pos;
46 const struct cred *saved_cred;
47 int ret;
48
49 if (!file)
50 return -ENOBUFS;
51
52 cachefiles_begin_secure(cache, &saved_cred);
53 ret = __cachefiles_prepare_write(object, file, &pos, &len, len, true);
54 cachefiles_end_secure(cache, saved_cred);
55 if (ret < 0)
56 return ret;
57
58 trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len);
59 ret = __cachefiles_write(object, file, pos, iter, NULL, NULL);
60 if (!ret)
61 ret = len;
62
63 return ret;
64}
65
66static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos,
67 int whence)
68{
69 struct cachefiles_object *object = filp->private_data;
70 struct file *file = object->file;
71
72 if (!file)
73 return -ENOBUFS;
74
75 return vfs_llseek(file, pos, whence);
76}
77
78static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl,
79 unsigned long arg)
80{
81 struct cachefiles_object *object = filp->private_data;
82 struct cachefiles_cache *cache = object->volume->cache;
83 struct cachefiles_req *req;
84 unsigned long id;
85
86 if (ioctl != CACHEFILES_IOC_READ_COMPLETE)
87 return -EINVAL;
88
89 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
90 return -EOPNOTSUPP;
91
92 id = arg;
93 req = xa_erase(&cache->reqs, id);
94 if (!req)
95 return -EINVAL;
96
97 trace_cachefiles_ondemand_cread(object, id);
98 complete(&req->done);
99 return 0;
100}
101
102static const struct file_operations cachefiles_ondemand_fd_fops = {
103 .owner = THIS_MODULE,
104 .release = cachefiles_ondemand_fd_release,
105 .write_iter = cachefiles_ondemand_fd_write_iter,
106 .llseek = cachefiles_ondemand_fd_llseek,
107 .unlocked_ioctl = cachefiles_ondemand_fd_ioctl,
108};
109
110/*
111 * OPEN request Completion (copen)
112 * - command: "copen <id>,<cache_size>"
113 * <cache_size> indicates the object size if >=0, error code if negative
114 */
115int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args)
116{
117 struct cachefiles_req *req;
118 struct fscache_cookie *cookie;
119 char *pid, *psize;
120 unsigned long id;
121 long size;
122 int ret;
123
124 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
125 return -EOPNOTSUPP;
126
127 if (!*args) {
128 pr_err("Empty id specified\n");
129 return -EINVAL;
130 }
131
132 pid = args;
133 psize = strchr(args, ',');
134 if (!psize) {
135 pr_err("Cache size is not specified\n");
136 return -EINVAL;
137 }
138
139 *psize = 0;
140 psize++;
141
142 ret = kstrtoul(pid, 0, &id);
143 if (ret)
144 return ret;
145
146 req = xa_erase(&cache->reqs, id);
147 if (!req)
148 return -EINVAL;
149
150 /* fail OPEN request if copen format is invalid */
151 ret = kstrtol(psize, 0, &size);
152 if (ret) {
153 req->error = ret;
154 goto out;
155 }
156
157 /* fail OPEN request if daemon reports an error */
158 if (size < 0) {
159 if (!IS_ERR_VALUE(size)) {
160 req->error = -EINVAL;
161 ret = -EINVAL;
162 } else {
163 req->error = size;
164 ret = 0;
165 }
166 goto out;
167 }
168
169 cookie = req->object->cookie;
170 cookie->object_size = size;
171 if (size)
172 clear_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags);
173 else
174 set_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags);
175 trace_cachefiles_ondemand_copen(req->object, id, size);
176
177 cachefiles_ondemand_set_object_open(req->object);
178 wake_up_all(&cache->daemon_pollwq);
179
180out:
181 complete(&req->done);
182 return ret;
183}
184
185int cachefiles_ondemand_restore(struct cachefiles_cache *cache, char *args)
186{
187 struct cachefiles_req *req;
188
189 XA_STATE(xas, &cache->reqs, 0);
190
191 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
192 return -EOPNOTSUPP;
193
194 /*
195 * Reset the requests to CACHEFILES_REQ_NEW state, so that the
196 * requests have been processed halfway before the crash of the
197 * user daemon could be reprocessed after the recovery.
198 */
199 xas_lock(&xas);
200 xas_for_each(&xas, req, ULONG_MAX)
201 xas_set_mark(&xas, CACHEFILES_REQ_NEW);
202 xas_unlock(&xas);
203
204 wake_up_all(&cache->daemon_pollwq);
205 return 0;
206}
207
208static int cachefiles_ondemand_get_fd(struct cachefiles_req *req)
209{
210 struct cachefiles_object *object;
211 struct cachefiles_cache *cache;
212 struct cachefiles_open *load;
213 struct file *file;
214 u32 object_id;
215 int ret, fd;
216
217 object = cachefiles_grab_object(req->object,
218 cachefiles_obj_get_ondemand_fd);
219 cache = object->volume->cache;
220
221 ret = xa_alloc_cyclic(&cache->ondemand_ids, &object_id, NULL,
222 XA_LIMIT(1, INT_MAX),
223 &cache->ondemand_id_next, GFP_KERNEL);
224 if (ret < 0)
225 goto err;
226
227 fd = get_unused_fd_flags(O_WRONLY);
228 if (fd < 0) {
229 ret = fd;
230 goto err_free_id;
231 }
232
233 file = anon_inode_getfile("[cachefiles]", &cachefiles_ondemand_fd_fops,
234 object, O_WRONLY);
235 if (IS_ERR(file)) {
236 ret = PTR_ERR(file);
237 goto err_put_fd;
238 }
239
240 file->f_mode |= FMODE_PWRITE | FMODE_LSEEK;
241 fd_install(fd, file);
242
243 load = (void *)req->msg.data;
244 load->fd = fd;
245 object->ondemand->ondemand_id = object_id;
246
247 cachefiles_get_unbind_pincount(cache);
248 trace_cachefiles_ondemand_open(object, &req->msg, load);
249 return 0;
250
251err_put_fd:
252 put_unused_fd(fd);
253err_free_id:
254 xa_erase(&cache->ondemand_ids, object_id);
255err:
256 cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd);
257 return ret;
258}
259
260static void ondemand_object_worker(struct work_struct *work)
261{
262 struct cachefiles_ondemand_info *info =
263 container_of(work, struct cachefiles_ondemand_info, ondemand_work);
264
265 cachefiles_ondemand_init_object(info->object);
266}
267
268/*
269 * If there are any inflight or subsequent READ requests on the
270 * closed object, reopen it.
271 * Skip read requests whose related object is reopening.
272 */
273static struct cachefiles_req *cachefiles_ondemand_select_req(struct xa_state *xas,
274 unsigned long xa_max)
275{
276 struct cachefiles_req *req;
277 struct cachefiles_object *object;
278 struct cachefiles_ondemand_info *info;
279
280 xas_for_each_marked(xas, req, xa_max, CACHEFILES_REQ_NEW) {
281 if (req->msg.opcode != CACHEFILES_OP_READ)
282 return req;
283 object = req->object;
284 info = object->ondemand;
285 if (cachefiles_ondemand_object_is_close(object)) {
286 cachefiles_ondemand_set_object_reopening(object);
287 queue_work(fscache_wq, &info->ondemand_work);
288 continue;
289 }
290 if (cachefiles_ondemand_object_is_reopening(object))
291 continue;
292 return req;
293 }
294 return NULL;
295}
296
297ssize_t cachefiles_ondemand_daemon_read(struct cachefiles_cache *cache,
298 char __user *_buffer, size_t buflen)
299{
300 struct cachefiles_req *req;
301 struct cachefiles_msg *msg;
302 unsigned long id = 0;
303 size_t n;
304 int ret = 0;
305 XA_STATE(xas, &cache->reqs, cache->req_id_next);
306
307 xa_lock(&cache->reqs);
308 /*
309 * Cyclically search for a request that has not ever been processed,
310 * to prevent requests from being processed repeatedly, and make
311 * request distribution fair.
312 */
313 req = cachefiles_ondemand_select_req(&xas, ULONG_MAX);
314 if (!req && cache->req_id_next > 0) {
315 xas_set(&xas, 0);
316 req = cachefiles_ondemand_select_req(&xas, cache->req_id_next - 1);
317 }
318 if (!req) {
319 xa_unlock(&cache->reqs);
320 return 0;
321 }
322
323 msg = &req->msg;
324 n = msg->len;
325
326 if (n > buflen) {
327 xa_unlock(&cache->reqs);
328 return -EMSGSIZE;
329 }
330
331 xas_clear_mark(&xas, CACHEFILES_REQ_NEW);
332 cache->req_id_next = xas.xa_index + 1;
333 xa_unlock(&cache->reqs);
334
335 id = xas.xa_index;
336
337 if (msg->opcode == CACHEFILES_OP_OPEN) {
338 ret = cachefiles_ondemand_get_fd(req);
339 if (ret) {
340 cachefiles_ondemand_set_object_close(req->object);
341 goto error;
342 }
343 }
344
345 msg->msg_id = id;
346 msg->object_id = req->object->ondemand->ondemand_id;
347
348 if (copy_to_user(_buffer, msg, n) != 0) {
349 ret = -EFAULT;
350 goto err_put_fd;
351 }
352
353 /* CLOSE request has no reply */
354 if (msg->opcode == CACHEFILES_OP_CLOSE) {
355 xa_erase(&cache->reqs, id);
356 complete(&req->done);
357 }
358
359 return n;
360
361err_put_fd:
362 if (msg->opcode == CACHEFILES_OP_OPEN)
363 close_fd(((struct cachefiles_open *)msg->data)->fd);
364error:
365 xa_erase(&cache->reqs, id);
366 req->error = ret;
367 complete(&req->done);
368 return ret;
369}
370
371typedef int (*init_req_fn)(struct cachefiles_req *req, void *private);
372
373static int cachefiles_ondemand_send_req(struct cachefiles_object *object,
374 enum cachefiles_opcode opcode,
375 size_t data_len,
376 init_req_fn init_req,
377 void *private)
378{
379 struct cachefiles_cache *cache = object->volume->cache;
380 struct cachefiles_req *req = NULL;
381 XA_STATE(xas, &cache->reqs, 0);
382 int ret;
383
384 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
385 return 0;
386
387 if (test_bit(CACHEFILES_DEAD, &cache->flags)) {
388 ret = -EIO;
389 goto out;
390 }
391
392 req = kzalloc(sizeof(*req) + data_len, GFP_KERNEL);
393 if (!req) {
394 ret = -ENOMEM;
395 goto out;
396 }
397
398 req->object = object;
399 init_completion(&req->done);
400 req->msg.opcode = opcode;
401 req->msg.len = sizeof(struct cachefiles_msg) + data_len;
402
403 ret = init_req(req, private);
404 if (ret)
405 goto out;
406
407 do {
408 /*
409 * Stop enqueuing the request when daemon is dying. The
410 * following two operations need to be atomic as a whole.
411 * 1) check cache state, and
412 * 2) enqueue request if cache is alive.
413 * Otherwise the request may be enqueued after xarray has been
414 * flushed, leaving the orphan request never being completed.
415 *
416 * CPU 1 CPU 2
417 * ===== =====
418 * test CACHEFILES_DEAD bit
419 * set CACHEFILES_DEAD bit
420 * flush requests in the xarray
421 * enqueue the request
422 */
423 xas_lock(&xas);
424
425 if (test_bit(CACHEFILES_DEAD, &cache->flags)) {
426 xas_unlock(&xas);
427 ret = -EIO;
428 goto out;
429 }
430
431 /* coupled with the barrier in cachefiles_flush_reqs() */
432 smp_mb();
433
434 if (opcode == CACHEFILES_OP_CLOSE &&
435 !cachefiles_ondemand_object_is_open(object)) {
436 WARN_ON_ONCE(object->ondemand->ondemand_id == 0);
437 xas_unlock(&xas);
438 ret = -EIO;
439 goto out;
440 }
441
442 xas.xa_index = 0;
443 xas_find_marked(&xas, UINT_MAX, XA_FREE_MARK);
444 if (xas.xa_node == XAS_RESTART)
445 xas_set_err(&xas, -EBUSY);
446 xas_store(&xas, req);
447 xas_clear_mark(&xas, XA_FREE_MARK);
448 xas_set_mark(&xas, CACHEFILES_REQ_NEW);
449 xas_unlock(&xas);
450 } while (xas_nomem(&xas, GFP_KERNEL));
451
452 ret = xas_error(&xas);
453 if (ret)
454 goto out;
455
456 wake_up_all(&cache->daemon_pollwq);
457 wait_for_completion(&req->done);
458 ret = req->error;
459 kfree(req);
460 return ret;
461out:
462 /* Reset the object to close state in error handling path.
463 * If error occurs after creating the anonymous fd,
464 * cachefiles_ondemand_fd_release() will set object to close.
465 */
466 if (opcode == CACHEFILES_OP_OPEN)
467 cachefiles_ondemand_set_object_close(object);
468 kfree(req);
469 return ret;
470}
471
472static int cachefiles_ondemand_init_open_req(struct cachefiles_req *req,
473 void *private)
474{
475 struct cachefiles_object *object = req->object;
476 struct fscache_cookie *cookie = object->cookie;
477 struct fscache_volume *volume = object->volume->vcookie;
478 struct cachefiles_open *load = (void *)req->msg.data;
479 size_t volume_key_size, cookie_key_size;
480 void *volume_key, *cookie_key;
481
482 /*
483 * Volume key is a NUL-terminated string. key[0] stores strlen() of the
484 * string, followed by the content of the string (excluding '\0').
485 */
486 volume_key_size = volume->key[0] + 1;
487 volume_key = volume->key + 1;
488
489 /* Cookie key is binary data, which is netfs specific. */
490 cookie_key_size = cookie->key_len;
491 cookie_key = fscache_get_key(cookie);
492
493 if (!(object->cookie->advice & FSCACHE_ADV_WANT_CACHE_SIZE)) {
494 pr_err("WANT_CACHE_SIZE is needed for on-demand mode\n");
495 return -EINVAL;
496 }
497
498 load->volume_key_size = volume_key_size;
499 load->cookie_key_size = cookie_key_size;
500 memcpy(load->data, volume_key, volume_key_size);
501 memcpy(load->data + volume_key_size, cookie_key, cookie_key_size);
502
503 return 0;
504}
505
506static int cachefiles_ondemand_init_close_req(struct cachefiles_req *req,
507 void *private)
508{
509 struct cachefiles_object *object = req->object;
510
511 if (!cachefiles_ondemand_object_is_open(object))
512 return -ENOENT;
513
514 trace_cachefiles_ondemand_close(object, &req->msg);
515 return 0;
516}
517
518struct cachefiles_read_ctx {
519 loff_t off;
520 size_t len;
521};
522
523static int cachefiles_ondemand_init_read_req(struct cachefiles_req *req,
524 void *private)
525{
526 struct cachefiles_object *object = req->object;
527 struct cachefiles_read *load = (void *)req->msg.data;
528 struct cachefiles_read_ctx *read_ctx = private;
529
530 load->off = read_ctx->off;
531 load->len = read_ctx->len;
532 trace_cachefiles_ondemand_read(object, &req->msg, load);
533 return 0;
534}
535
536int cachefiles_ondemand_init_object(struct cachefiles_object *object)
537{
538 struct fscache_cookie *cookie = object->cookie;
539 struct fscache_volume *volume = object->volume->vcookie;
540 size_t volume_key_size, cookie_key_size, data_len;
541
542 if (!object->ondemand)
543 return 0;
544
545 /*
546 * CacheFiles will firstly check the cache file under the root cache
547 * directory. If the coherency check failed, it will fallback to
548 * creating a new tmpfile as the cache file. Reuse the previously
549 * allocated object ID if any.
550 */
551 if (cachefiles_ondemand_object_is_open(object))
552 return 0;
553
554 volume_key_size = volume->key[0] + 1;
555 cookie_key_size = cookie->key_len;
556 data_len = sizeof(struct cachefiles_open) +
557 volume_key_size + cookie_key_size;
558
559 return cachefiles_ondemand_send_req(object, CACHEFILES_OP_OPEN,
560 data_len, cachefiles_ondemand_init_open_req, NULL);
561}
562
563void cachefiles_ondemand_clean_object(struct cachefiles_object *object)
564{
565 cachefiles_ondemand_send_req(object, CACHEFILES_OP_CLOSE, 0,
566 cachefiles_ondemand_init_close_req, NULL);
567}
568
569int cachefiles_ondemand_init_obj_info(struct cachefiles_object *object,
570 struct cachefiles_volume *volume)
571{
572 if (!cachefiles_in_ondemand_mode(volume->cache))
573 return 0;
574
575 object->ondemand = kzalloc(sizeof(struct cachefiles_ondemand_info),
576 GFP_KERNEL);
577 if (!object->ondemand)
578 return -ENOMEM;
579
580 object->ondemand->object = object;
581 INIT_WORK(&object->ondemand->ondemand_work, ondemand_object_worker);
582 return 0;
583}
584
585void cachefiles_ondemand_deinit_obj_info(struct cachefiles_object *object)
586{
587 kfree(object->ondemand);
588 object->ondemand = NULL;
589}
590
591int cachefiles_ondemand_read(struct cachefiles_object *object,
592 loff_t pos, size_t len)
593{
594 struct cachefiles_read_ctx read_ctx = {pos, len};
595
596 return cachefiles_ondemand_send_req(object, CACHEFILES_OP_READ,
597 sizeof(struct cachefiles_read),
598 cachefiles_ondemand_init_read_req, &read_ctx);
599}
1// SPDX-License-Identifier: GPL-2.0-or-later
2#include <linux/anon_inodes.h>
3#include <linux/uio.h>
4#include "internal.h"
5
6struct ondemand_anon_file {
7 struct file *file;
8 int fd;
9};
10
11static inline void cachefiles_req_put(struct cachefiles_req *req)
12{
13 if (refcount_dec_and_test(&req->ref))
14 kfree(req);
15}
16
17static int cachefiles_ondemand_fd_release(struct inode *inode,
18 struct file *file)
19{
20 struct cachefiles_object *object = file->private_data;
21 struct cachefiles_cache *cache;
22 struct cachefiles_ondemand_info *info;
23 int object_id;
24 struct cachefiles_req *req;
25 XA_STATE(xas, NULL, 0);
26
27 if (!object)
28 return 0;
29
30 info = object->ondemand;
31 cache = object->volume->cache;
32 xas.xa = &cache->reqs;
33
34 xa_lock(&cache->reqs);
35 spin_lock(&info->lock);
36 object_id = info->ondemand_id;
37 info->ondemand_id = CACHEFILES_ONDEMAND_ID_CLOSED;
38 cachefiles_ondemand_set_object_close(object);
39 spin_unlock(&info->lock);
40
41 /* Only flush CACHEFILES_REQ_NEW marked req to avoid race with daemon_read */
42 xas_for_each_marked(&xas, req, ULONG_MAX, CACHEFILES_REQ_NEW) {
43 if (req->msg.object_id == object_id &&
44 req->msg.opcode == CACHEFILES_OP_CLOSE) {
45 complete(&req->done);
46 xas_store(&xas, NULL);
47 }
48 }
49 xa_unlock(&cache->reqs);
50
51 xa_erase(&cache->ondemand_ids, object_id);
52 trace_cachefiles_ondemand_fd_release(object, object_id);
53 cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd);
54 cachefiles_put_unbind_pincount(cache);
55 return 0;
56}
57
58static ssize_t cachefiles_ondemand_fd_write_iter(struct kiocb *kiocb,
59 struct iov_iter *iter)
60{
61 struct cachefiles_object *object = kiocb->ki_filp->private_data;
62 struct cachefiles_cache *cache = object->volume->cache;
63 struct file *file;
64 size_t len = iter->count, aligned_len = len;
65 loff_t pos = kiocb->ki_pos;
66 const struct cred *saved_cred;
67 int ret;
68
69 spin_lock(&object->lock);
70 file = object->file;
71 if (!file) {
72 spin_unlock(&object->lock);
73 return -ENOBUFS;
74 }
75 get_file(file);
76 spin_unlock(&object->lock);
77
78 cachefiles_begin_secure(cache, &saved_cred);
79 ret = __cachefiles_prepare_write(object, file, &pos, &aligned_len, len, true);
80 cachefiles_end_secure(cache, saved_cred);
81 if (ret < 0)
82 goto out;
83
84 trace_cachefiles_ondemand_fd_write(object, file_inode(file), pos, len);
85 ret = __cachefiles_write(object, file, pos, iter, NULL, NULL);
86 if (!ret) {
87 ret = len;
88 kiocb->ki_pos += ret;
89 }
90
91out:
92 fput(file);
93 return ret;
94}
95
96static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos,
97 int whence)
98{
99 struct cachefiles_object *object = filp->private_data;
100 struct file *file;
101 loff_t ret;
102
103 spin_lock(&object->lock);
104 file = object->file;
105 if (!file) {
106 spin_unlock(&object->lock);
107 return -ENOBUFS;
108 }
109 get_file(file);
110 spin_unlock(&object->lock);
111
112 ret = vfs_llseek(file, pos, whence);
113 fput(file);
114
115 return ret;
116}
117
118static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl,
119 unsigned long id)
120{
121 struct cachefiles_object *object = filp->private_data;
122 struct cachefiles_cache *cache = object->volume->cache;
123 struct cachefiles_req *req;
124 XA_STATE(xas, &cache->reqs, id);
125
126 if (ioctl != CACHEFILES_IOC_READ_COMPLETE)
127 return -EINVAL;
128
129 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
130 return -EOPNOTSUPP;
131
132 xa_lock(&cache->reqs);
133 req = xas_load(&xas);
134 if (!req || req->msg.opcode != CACHEFILES_OP_READ ||
135 req->object != object) {
136 xa_unlock(&cache->reqs);
137 return -EINVAL;
138 }
139 xas_store(&xas, NULL);
140 xa_unlock(&cache->reqs);
141
142 trace_cachefiles_ondemand_cread(object, id);
143 complete(&req->done);
144 return 0;
145}
146
147static const struct file_operations cachefiles_ondemand_fd_fops = {
148 .owner = THIS_MODULE,
149 .release = cachefiles_ondemand_fd_release,
150 .write_iter = cachefiles_ondemand_fd_write_iter,
151 .llseek = cachefiles_ondemand_fd_llseek,
152 .unlocked_ioctl = cachefiles_ondemand_fd_ioctl,
153};
154
155/*
156 * OPEN request Completion (copen)
157 * - command: "copen <id>,<cache_size>"
158 * <cache_size> indicates the object size if >=0, error code if negative
159 */
160int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args)
161{
162 struct cachefiles_req *req;
163 struct fscache_cookie *cookie;
164 struct cachefiles_ondemand_info *info;
165 char *pid, *psize;
166 unsigned long id;
167 long size;
168 int ret;
169 XA_STATE(xas, &cache->reqs, 0);
170
171 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
172 return -EOPNOTSUPP;
173
174 if (!*args) {
175 pr_err("Empty id specified\n");
176 return -EINVAL;
177 }
178
179 pid = args;
180 psize = strchr(args, ',');
181 if (!psize) {
182 pr_err("Cache size is not specified\n");
183 return -EINVAL;
184 }
185
186 *psize = 0;
187 psize++;
188
189 ret = kstrtoul(pid, 0, &id);
190 if (ret)
191 return ret;
192
193 xa_lock(&cache->reqs);
194 xas.xa_index = id;
195 req = xas_load(&xas);
196 if (!req || req->msg.opcode != CACHEFILES_OP_OPEN ||
197 !req->object->ondemand->ondemand_id) {
198 xa_unlock(&cache->reqs);
199 return -EINVAL;
200 }
201 xas_store(&xas, NULL);
202 xa_unlock(&cache->reqs);
203
204 info = req->object->ondemand;
205 /* fail OPEN request if copen format is invalid */
206 ret = kstrtol(psize, 0, &size);
207 if (ret) {
208 req->error = ret;
209 goto out;
210 }
211
212 /* fail OPEN request if daemon reports an error */
213 if (size < 0) {
214 if (!IS_ERR_VALUE(size)) {
215 req->error = -EINVAL;
216 ret = -EINVAL;
217 } else {
218 req->error = size;
219 ret = 0;
220 }
221 goto out;
222 }
223
224 spin_lock(&info->lock);
225 /*
226 * The anonymous fd was closed before copen ? Fail the request.
227 *
228 * t1 | t2
229 * ---------------------------------------------------------
230 * cachefiles_ondemand_copen
231 * req = xa_erase(&cache->reqs, id)
232 * // Anon fd is maliciously closed.
233 * cachefiles_ondemand_fd_release
234 * xa_lock(&cache->reqs)
235 * cachefiles_ondemand_set_object_close(object)
236 * xa_unlock(&cache->reqs)
237 * cachefiles_ondemand_set_object_open
238 * // No one will ever close it again.
239 * cachefiles_ondemand_daemon_read
240 * cachefiles_ondemand_select_req
241 *
242 * Get a read req but its fd is already closed. The daemon can't
243 * issue a cread ioctl with an closed fd, then hung.
244 */
245 if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED) {
246 spin_unlock(&info->lock);
247 req->error = -EBADFD;
248 goto out;
249 }
250 cookie = req->object->cookie;
251 cookie->object_size = size;
252 if (size)
253 clear_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags);
254 else
255 set_bit(FSCACHE_COOKIE_NO_DATA_TO_READ, &cookie->flags);
256 trace_cachefiles_ondemand_copen(req->object, id, size);
257
258 cachefiles_ondemand_set_object_open(req->object);
259 spin_unlock(&info->lock);
260 wake_up_all(&cache->daemon_pollwq);
261
262out:
263 spin_lock(&info->lock);
264 /* Need to set object close to avoid reopen status continuing */
265 if (info->ondemand_id == CACHEFILES_ONDEMAND_ID_CLOSED)
266 cachefiles_ondemand_set_object_close(req->object);
267 spin_unlock(&info->lock);
268 complete(&req->done);
269 return ret;
270}
271
272int cachefiles_ondemand_restore(struct cachefiles_cache *cache, char *args)
273{
274 struct cachefiles_req *req;
275
276 XA_STATE(xas, &cache->reqs, 0);
277
278 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
279 return -EOPNOTSUPP;
280
281 /*
282 * Reset the requests to CACHEFILES_REQ_NEW state, so that the
283 * requests have been processed halfway before the crash of the
284 * user daemon could be reprocessed after the recovery.
285 */
286 xas_lock(&xas);
287 xas_for_each(&xas, req, ULONG_MAX)
288 xas_set_mark(&xas, CACHEFILES_REQ_NEW);
289 xas_unlock(&xas);
290
291 wake_up_all(&cache->daemon_pollwq);
292 return 0;
293}
294
295static int cachefiles_ondemand_get_fd(struct cachefiles_req *req,
296 struct ondemand_anon_file *anon_file)
297{
298 struct cachefiles_object *object;
299 struct cachefiles_cache *cache;
300 struct cachefiles_open *load;
301 u32 object_id;
302 int ret;
303
304 object = cachefiles_grab_object(req->object,
305 cachefiles_obj_get_ondemand_fd);
306 cache = object->volume->cache;
307
308 ret = xa_alloc_cyclic(&cache->ondemand_ids, &object_id, NULL,
309 XA_LIMIT(1, INT_MAX),
310 &cache->ondemand_id_next, GFP_KERNEL);
311 if (ret < 0)
312 goto err;
313
314 anon_file->fd = get_unused_fd_flags(O_WRONLY);
315 if (anon_file->fd < 0) {
316 ret = anon_file->fd;
317 goto err_free_id;
318 }
319
320 anon_file->file = anon_inode_getfile("[cachefiles]",
321 &cachefiles_ondemand_fd_fops, object, O_WRONLY);
322 if (IS_ERR(anon_file->file)) {
323 ret = PTR_ERR(anon_file->file);
324 goto err_put_fd;
325 }
326
327 spin_lock(&object->ondemand->lock);
328 if (object->ondemand->ondemand_id > 0) {
329 spin_unlock(&object->ondemand->lock);
330 /* Pair with check in cachefiles_ondemand_fd_release(). */
331 anon_file->file->private_data = NULL;
332 ret = -EEXIST;
333 goto err_put_file;
334 }
335
336 anon_file->file->f_mode |= FMODE_PWRITE | FMODE_LSEEK;
337
338 load = (void *)req->msg.data;
339 load->fd = anon_file->fd;
340 object->ondemand->ondemand_id = object_id;
341 spin_unlock(&object->ondemand->lock);
342
343 cachefiles_get_unbind_pincount(cache);
344 trace_cachefiles_ondemand_open(object, &req->msg, load);
345 return 0;
346
347err_put_file:
348 fput(anon_file->file);
349 anon_file->file = NULL;
350err_put_fd:
351 put_unused_fd(anon_file->fd);
352 anon_file->fd = ret;
353err_free_id:
354 xa_erase(&cache->ondemand_ids, object_id);
355err:
356 spin_lock(&object->ondemand->lock);
357 /* Avoid marking an opened object as closed. */
358 if (object->ondemand->ondemand_id <= 0)
359 cachefiles_ondemand_set_object_close(object);
360 spin_unlock(&object->ondemand->lock);
361 cachefiles_put_object(object, cachefiles_obj_put_ondemand_fd);
362 return ret;
363}
364
365static void ondemand_object_worker(struct work_struct *work)
366{
367 struct cachefiles_ondemand_info *info =
368 container_of(work, struct cachefiles_ondemand_info, ondemand_work);
369
370 cachefiles_ondemand_init_object(info->object);
371}
372
373/*
374 * If there are any inflight or subsequent READ requests on the
375 * closed object, reopen it.
376 * Skip read requests whose related object is reopening.
377 */
378static struct cachefiles_req *cachefiles_ondemand_select_req(struct xa_state *xas,
379 unsigned long xa_max)
380{
381 struct cachefiles_req *req;
382 struct cachefiles_object *object;
383 struct cachefiles_ondemand_info *info;
384
385 xas_for_each_marked(xas, req, xa_max, CACHEFILES_REQ_NEW) {
386 if (req->msg.opcode != CACHEFILES_OP_READ)
387 return req;
388 object = req->object;
389 info = object->ondemand;
390 if (cachefiles_ondemand_object_is_close(object)) {
391 cachefiles_ondemand_set_object_reopening(object);
392 queue_work(fscache_wq, &info->ondemand_work);
393 continue;
394 }
395 if (cachefiles_ondemand_object_is_reopening(object))
396 continue;
397 return req;
398 }
399 return NULL;
400}
401
402static inline bool cachefiles_ondemand_finish_req(struct cachefiles_req *req,
403 struct xa_state *xas, int err)
404{
405 if (unlikely(!xas || !req))
406 return false;
407
408 if (xa_cmpxchg(xas->xa, xas->xa_index, req, NULL, 0) != req)
409 return false;
410
411 req->error = err;
412 complete(&req->done);
413 return true;
414}
415
416ssize_t cachefiles_ondemand_daemon_read(struct cachefiles_cache *cache,
417 char __user *_buffer, size_t buflen)
418{
419 struct cachefiles_req *req;
420 struct cachefiles_msg *msg;
421 size_t n;
422 int ret = 0;
423 struct ondemand_anon_file anon_file;
424 XA_STATE(xas, &cache->reqs, cache->req_id_next);
425
426 xa_lock(&cache->reqs);
427 /*
428 * Cyclically search for a request that has not ever been processed,
429 * to prevent requests from being processed repeatedly, and make
430 * request distribution fair.
431 */
432 req = cachefiles_ondemand_select_req(&xas, ULONG_MAX);
433 if (!req && cache->req_id_next > 0) {
434 xas_set(&xas, 0);
435 req = cachefiles_ondemand_select_req(&xas, cache->req_id_next - 1);
436 }
437 if (!req) {
438 xa_unlock(&cache->reqs);
439 return 0;
440 }
441
442 msg = &req->msg;
443 n = msg->len;
444
445 if (n > buflen) {
446 xa_unlock(&cache->reqs);
447 return -EMSGSIZE;
448 }
449
450 xas_clear_mark(&xas, CACHEFILES_REQ_NEW);
451 cache->req_id_next = xas.xa_index + 1;
452 refcount_inc(&req->ref);
453 cachefiles_grab_object(req->object, cachefiles_obj_get_read_req);
454 xa_unlock(&cache->reqs);
455
456 if (msg->opcode == CACHEFILES_OP_OPEN) {
457 ret = cachefiles_ondemand_get_fd(req, &anon_file);
458 if (ret)
459 goto out;
460 }
461
462 msg->msg_id = xas.xa_index;
463 msg->object_id = req->object->ondemand->ondemand_id;
464
465 if (copy_to_user(_buffer, msg, n) != 0)
466 ret = -EFAULT;
467
468 if (msg->opcode == CACHEFILES_OP_OPEN) {
469 if (ret < 0) {
470 fput(anon_file.file);
471 put_unused_fd(anon_file.fd);
472 goto out;
473 }
474 fd_install(anon_file.fd, anon_file.file);
475 }
476out:
477 cachefiles_put_object(req->object, cachefiles_obj_put_read_req);
478 /* Remove error request and CLOSE request has no reply */
479 if (ret || msg->opcode == CACHEFILES_OP_CLOSE)
480 cachefiles_ondemand_finish_req(req, &xas, ret);
481 cachefiles_req_put(req);
482 return ret ? ret : n;
483}
484
485typedef int (*init_req_fn)(struct cachefiles_req *req, void *private);
486
487static int cachefiles_ondemand_send_req(struct cachefiles_object *object,
488 enum cachefiles_opcode opcode,
489 size_t data_len,
490 init_req_fn init_req,
491 void *private)
492{
493 struct cachefiles_cache *cache = object->volume->cache;
494 struct cachefiles_req *req = NULL;
495 XA_STATE(xas, &cache->reqs, 0);
496 int ret;
497
498 if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
499 return 0;
500
501 if (test_bit(CACHEFILES_DEAD, &cache->flags)) {
502 ret = -EIO;
503 goto out;
504 }
505
506 req = kzalloc(sizeof(*req) + data_len, GFP_KERNEL);
507 if (!req) {
508 ret = -ENOMEM;
509 goto out;
510 }
511
512 refcount_set(&req->ref, 1);
513 req->object = object;
514 init_completion(&req->done);
515 req->msg.opcode = opcode;
516 req->msg.len = sizeof(struct cachefiles_msg) + data_len;
517
518 ret = init_req(req, private);
519 if (ret)
520 goto out;
521
522 do {
523 /*
524 * Stop enqueuing the request when daemon is dying. The
525 * following two operations need to be atomic as a whole.
526 * 1) check cache state, and
527 * 2) enqueue request if cache is alive.
528 * Otherwise the request may be enqueued after xarray has been
529 * flushed, leaving the orphan request never being completed.
530 *
531 * CPU 1 CPU 2
532 * ===== =====
533 * test CACHEFILES_DEAD bit
534 * set CACHEFILES_DEAD bit
535 * flush requests in the xarray
536 * enqueue the request
537 */
538 xas_lock(&xas);
539
540 if (test_bit(CACHEFILES_DEAD, &cache->flags) ||
541 cachefiles_ondemand_object_is_dropping(object)) {
542 xas_unlock(&xas);
543 ret = -EIO;
544 goto out;
545 }
546
547 /* coupled with the barrier in cachefiles_flush_reqs() */
548 smp_mb();
549
550 if (opcode == CACHEFILES_OP_CLOSE &&
551 !cachefiles_ondemand_object_is_open(object)) {
552 WARN_ON_ONCE(object->ondemand->ondemand_id == 0);
553 xas_unlock(&xas);
554 ret = -EIO;
555 goto out;
556 }
557
558 /*
559 * Cyclically find a free xas to avoid msg_id reuse that would
560 * cause the daemon to successfully copen a stale msg_id.
561 */
562 xas.xa_index = cache->msg_id_next;
563 xas_find_marked(&xas, UINT_MAX, XA_FREE_MARK);
564 if (xas.xa_node == XAS_RESTART) {
565 xas.xa_index = 0;
566 xas_find_marked(&xas, cache->msg_id_next - 1, XA_FREE_MARK);
567 }
568 if (xas.xa_node == XAS_RESTART)
569 xas_set_err(&xas, -EBUSY);
570
571 xas_store(&xas, req);
572 if (xas_valid(&xas)) {
573 cache->msg_id_next = xas.xa_index + 1;
574 xas_clear_mark(&xas, XA_FREE_MARK);
575 xas_set_mark(&xas, CACHEFILES_REQ_NEW);
576 }
577 xas_unlock(&xas);
578 } while (xas_nomem(&xas, GFP_KERNEL));
579
580 ret = xas_error(&xas);
581 if (ret)
582 goto out;
583
584 wake_up_all(&cache->daemon_pollwq);
585wait:
586 ret = wait_for_completion_killable(&req->done);
587 if (!ret) {
588 ret = req->error;
589 } else {
590 ret = -EINTR;
591 if (!cachefiles_ondemand_finish_req(req, &xas, ret)) {
592 /* Someone will complete it soon. */
593 cpu_relax();
594 goto wait;
595 }
596 }
597 cachefiles_req_put(req);
598 return ret;
599out:
600 /* Reset the object to close state in error handling path.
601 * If error occurs after creating the anonymous fd,
602 * cachefiles_ondemand_fd_release() will set object to close.
603 */
604 if (opcode == CACHEFILES_OP_OPEN &&
605 !cachefiles_ondemand_object_is_dropping(object))
606 cachefiles_ondemand_set_object_close(object);
607 kfree(req);
608 return ret;
609}
610
611static int cachefiles_ondemand_init_open_req(struct cachefiles_req *req,
612 void *private)
613{
614 struct cachefiles_object *object = req->object;
615 struct fscache_cookie *cookie = object->cookie;
616 struct fscache_volume *volume = object->volume->vcookie;
617 struct cachefiles_open *load = (void *)req->msg.data;
618 size_t volume_key_size, cookie_key_size;
619 void *volume_key, *cookie_key;
620
621 /*
622 * Volume key is a NUL-terminated string. key[0] stores strlen() of the
623 * string, followed by the content of the string (excluding '\0').
624 */
625 volume_key_size = volume->key[0] + 1;
626 volume_key = volume->key + 1;
627
628 /* Cookie key is binary data, which is netfs specific. */
629 cookie_key_size = cookie->key_len;
630 cookie_key = fscache_get_key(cookie);
631
632 if (!(object->cookie->advice & FSCACHE_ADV_WANT_CACHE_SIZE)) {
633 pr_err("WANT_CACHE_SIZE is needed for on-demand mode\n");
634 return -EINVAL;
635 }
636
637 load->volume_key_size = volume_key_size;
638 load->cookie_key_size = cookie_key_size;
639 memcpy(load->data, volume_key, volume_key_size);
640 memcpy(load->data + volume_key_size, cookie_key, cookie_key_size);
641
642 return 0;
643}
644
645static int cachefiles_ondemand_init_close_req(struct cachefiles_req *req,
646 void *private)
647{
648 struct cachefiles_object *object = req->object;
649
650 if (!cachefiles_ondemand_object_is_open(object))
651 return -ENOENT;
652
653 trace_cachefiles_ondemand_close(object, &req->msg);
654 return 0;
655}
656
657struct cachefiles_read_ctx {
658 loff_t off;
659 size_t len;
660};
661
662static int cachefiles_ondemand_init_read_req(struct cachefiles_req *req,
663 void *private)
664{
665 struct cachefiles_object *object = req->object;
666 struct cachefiles_read *load = (void *)req->msg.data;
667 struct cachefiles_read_ctx *read_ctx = private;
668
669 load->off = read_ctx->off;
670 load->len = read_ctx->len;
671 trace_cachefiles_ondemand_read(object, &req->msg, load);
672 return 0;
673}
674
675int cachefiles_ondemand_init_object(struct cachefiles_object *object)
676{
677 struct fscache_cookie *cookie = object->cookie;
678 struct fscache_volume *volume = object->volume->vcookie;
679 size_t volume_key_size, cookie_key_size, data_len;
680
681 if (!object->ondemand)
682 return 0;
683
684 /*
685 * CacheFiles will firstly check the cache file under the root cache
686 * directory. If the coherency check failed, it will fallback to
687 * creating a new tmpfile as the cache file. Reuse the previously
688 * allocated object ID if any.
689 */
690 if (cachefiles_ondemand_object_is_open(object))
691 return 0;
692
693 volume_key_size = volume->key[0] + 1;
694 cookie_key_size = cookie->key_len;
695 data_len = sizeof(struct cachefiles_open) +
696 volume_key_size + cookie_key_size;
697
698 return cachefiles_ondemand_send_req(object, CACHEFILES_OP_OPEN,
699 data_len, cachefiles_ondemand_init_open_req, NULL);
700}
701
702void cachefiles_ondemand_clean_object(struct cachefiles_object *object)
703{
704 unsigned long index;
705 struct cachefiles_req *req;
706 struct cachefiles_cache *cache;
707
708 if (!object->ondemand)
709 return;
710
711 cachefiles_ondemand_send_req(object, CACHEFILES_OP_CLOSE, 0,
712 cachefiles_ondemand_init_close_req, NULL);
713
714 if (!object->ondemand->ondemand_id)
715 return;
716
717 /* Cancel all requests for the object that is being dropped. */
718 cache = object->volume->cache;
719 xa_lock(&cache->reqs);
720 cachefiles_ondemand_set_object_dropping(object);
721 xa_for_each(&cache->reqs, index, req) {
722 if (req->object == object) {
723 req->error = -EIO;
724 complete(&req->done);
725 __xa_erase(&cache->reqs, index);
726 }
727 }
728 xa_unlock(&cache->reqs);
729
730 /* Wait for ondemand_object_worker() to finish to avoid UAF. */
731 cancel_work_sync(&object->ondemand->ondemand_work);
732}
733
734int cachefiles_ondemand_init_obj_info(struct cachefiles_object *object,
735 struct cachefiles_volume *volume)
736{
737 if (!cachefiles_in_ondemand_mode(volume->cache))
738 return 0;
739
740 object->ondemand = kzalloc(sizeof(struct cachefiles_ondemand_info),
741 GFP_KERNEL);
742 if (!object->ondemand)
743 return -ENOMEM;
744
745 object->ondemand->object = object;
746 spin_lock_init(&object->ondemand->lock);
747 INIT_WORK(&object->ondemand->ondemand_work, ondemand_object_worker);
748 return 0;
749}
750
751void cachefiles_ondemand_deinit_obj_info(struct cachefiles_object *object)
752{
753 kfree(object->ondemand);
754 object->ondemand = NULL;
755}
756
757int cachefiles_ondemand_read(struct cachefiles_object *object,
758 loff_t pos, size_t len)
759{
760 struct cachefiles_read_ctx read_ctx = {pos, len};
761
762 return cachefiles_ondemand_send_req(object, CACHEFILES_OP_READ,
763 sizeof(struct cachefiles_read),
764 cachefiles_ondemand_init_read_req, &read_ctx);
765}