liveupdate: luo_session: add ioctls for file preservation

	LIVEUPDATE_CMD_RETRIEVE_SESSION = 0x01,

};

/* ioctl commands for session file descriptors */

enum {

	LIVEUPDATE_CMD_SESSION_BASE = 0x40,

	LIVEUPDATE_CMD_SESSION_PRESERVE_FD = LIVEUPDATE_CMD_SESSION_BASE,

	LIVEUPDATE_CMD_SESSION_RETRIEVE_FD = 0x41,

	LIVEUPDATE_CMD_SESSION_FINISH = 0x42,

};

/**

 * struct liveupdate_ioctl_create_session - ioctl(LIVEUPDATE_IOCTL_CREATE_SESSION)

 * @size:	Input; sizeof(struct liveupdate_ioctl_create_session)

#define LIVEUPDATE_IOCTL_RETRIEVE_SESSION \

	_IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_RETRIEVE_SESSION)

/* Session specific IOCTLs */

/**

 * struct liveupdate_session_preserve_fd - ioctl(LIVEUPDATE_SESSION_PRESERVE_FD)

 * @size:  Input; sizeof(struct liveupdate_session_preserve_fd)

 * @fd:    Input; The user-space file descriptor to be preserved.

 * @token: Input; An opaque, unique token for preserved resource.

 *

 * Holds parameters for preserving a file descriptor.

 *

 * User sets the @fd field identifying the file descriptor to preserve

 * (e.g., memfd, kvm, iommufd, VFIO). The kernel validates if this FD type

 * and its dependencies are supported for preservation. If validation passes,

 * the kernel marks the FD internally and *initiates the process* of preparing

 * its state for saving. The actual snapshotting of the state typically occurs

 * during the subsequent %LIVEUPDATE_IOCTL_PREPARE execution phase, though

 * some finalization might occur during freeze.

 * On successful validation and initiation, the kernel uses the @token

 * field with an opaque identifier representing the resource being preserved.

 * This token confirms the FD is targeted for preservation and is required for

 * the subsequent %LIVEUPDATE_SESSION_RETRIEVE_FD call after the live update.

 *

 * Return: 0 on success (validation passed, preservation initiated), negative

 * error code on failure (e.g., unsupported FD type, dependency issue,

 * validation failed).

 */

struct liveupdate_session_preserve_fd {

	__u32		size;

	__s32		fd;

	__aligned_u64	token;

};

#define LIVEUPDATE_SESSION_PRESERVE_FD					\

	_IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_SESSION_PRESERVE_FD)

/**

 * struct liveupdate_session_retrieve_fd - ioctl(LIVEUPDATE_SESSION_RETRIEVE_FD)

 * @size:  Input; sizeof(struct liveupdate_session_retrieve_fd)

 * @fd:    Output; The new file descriptor representing the fully restored

 *         kernel resource.

 * @token: Input; An opaque, token that was used to preserve the resource.

 *

 * Retrieve a previously preserved file descriptor.

 *

 * User sets the @token field to the value obtained from a successful

 * %LIVEUPDATE_IOCTL_FD_PRESERVE call before the live update. On success,

 * the kernel restores the state (saved during the PREPARE/FREEZE phases)

 * associated with the token and populates the @fd field with a new file

 * descriptor referencing the restored resource in the current (new) kernel.

 * This operation must be performed *before* signaling completion via

 * %LIVEUPDATE_IOCTL_FINISH.

 *

 * Return: 0 on success, negative error code on failure (e.g., invalid token).

 */

struct liveupdate_session_retrieve_fd {

	__u32		size;

	__s32		fd;

	__aligned_u64	token;

};

#define LIVEUPDATE_SESSION_RETRIEVE_FD					\

	_IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_SESSION_RETRIEVE_FD)

/**

 * struct liveupdate_session_finish - ioctl(LIVEUPDATE_SESSION_FINISH)

 * @size:     Input; sizeof(struct liveupdate_session_finish)

 * @reserved: Input; Must be zero. Reserved for future use.

 *

 * Signals the completion of the restoration process for a retrieved session.

 * This is the final operation that should be performed on a session file

 * descriptor after a live update.

 *

 * This ioctl must be called once all required file descriptors for the session

 * have been successfully retrieved (using %LIVEUPDATE_SESSION_RETRIEVE_FD) and

 * are fully restored from the userspace and kernel perspective.

 *

 * Upon success, the kernel releases its ownership of the preserved resources

 * associated with this session. This allows internal resources to be freed,

 * typically by decrementing reference counts on the underlying preserved

 * objects.

 *

 * If this operation fails, the resources remain preserved in memory. Userspace

 * may attempt to call finish again. The resources will otherwise be reset

 * during the next live update cycle.

 *

 * Return: 0 on success, negative error code on failure.

 */

struct liveupdate_session_finish {

	__u32		size;

	__u32		reserved;

};

#define LIVEUPDATE_SESSION_FINISH					\

	_IO(LIVEUPDATE_IOCTL_TYPE, LIVEUPDATE_CMD_SESSION_FINISH)

#endif /* _UAPI_LIVEUPDATE_H */

		return ERR_PTR(-ENOMEM);

	strscpy(session->name, name, sizeof(session->name));

	INIT_LIST_HEAD(&session->file_set.files_list);

	luo_file_set_init(&session->file_set);

	INIT_LIST_HEAD(&session->list);

	mutex_init(&session->mutex);

static void luo_session_free(struct luo_session *session)

{

	luo_file_set_destroy(&session->file_set);

	mutex_destroy(&session->mutex);

	kfree(session);

}

	sh->count--;

}

static int luo_session_finish_one(struct luo_session *session)

{

	guard(mutex)(&session->mutex);

	return luo_file_finish(&session->file_set);

}

static void luo_session_unfreeze_one(struct luo_session *session,

				     struct luo_session_ser *ser)

{

	guard(mutex)(&session->mutex);

	luo_file_unfreeze(&session->file_set, &ser->file_set_ser);

}

static int luo_session_freeze_one(struct luo_session *session,

				  struct luo_session_ser *ser)

{

	guard(mutex)(&session->mutex);

	return luo_file_freeze(&session->file_set, &ser->file_set_ser);

}

static int luo_session_release(struct inode *inodep, struct file *filep)

{

	struct luo_session *session = filep->private_data;

	struct luo_session_header *sh;

	/* If retrieved is set, it means this session is from incoming list */

	if (session->retrieved)

	if (session->retrieved) {

		int err = luo_session_finish_one(session);

		if (err) {

			pr_warn("Unable to finish session [%s] on release\n",

				session->name);

			return err;

		}

		sh = &luo_session_global.incoming;

	else

	} else {

		scoped_guard(mutex, &session->mutex)

			luo_file_unpreserve_files(&session->file_set);

		sh = &luo_session_global.outgoing;

	}

	luo_session_remove(sh, session);

	luo_session_free(session);

	return 0;

}

static int luo_session_preserve_fd(struct luo_session *session,

				   struct luo_ucmd *ucmd)

{

	struct liveupdate_session_preserve_fd *argp = ucmd->cmd;

	int err;

	guard(mutex)(&session->mutex);

	err = luo_preserve_file(&session->file_set, argp->token, argp->fd);

	if (err)

		return err;

	err = luo_ucmd_respond(ucmd, sizeof(*argp));

	if (err)

		pr_warn("The file was successfully preserved, but response to user failed\n");

	return err;

}

static int luo_session_retrieve_fd(struct luo_session *session,

				   struct luo_ucmd *ucmd)

{

	struct liveupdate_session_retrieve_fd *argp = ucmd->cmd;

	struct file *file;

	int err;

	argp->fd = get_unused_fd_flags(O_CLOEXEC);

	if (argp->fd < 0)

		return argp->fd;

	guard(mutex)(&session->mutex);

	err = luo_retrieve_file(&session->file_set, argp->token, &file);

	if (err < 0)

		goto  err_put_fd;

	err = luo_ucmd_respond(ucmd, sizeof(*argp));

	if (err)

		goto err_put_file;

	fd_install(argp->fd, file);

	return 0;

err_put_file:

	fput(file);

err_put_fd:

	put_unused_fd(argp->fd);

	return err;

}

static int luo_session_finish(struct luo_session *session,

			      struct luo_ucmd *ucmd)

{

	struct liveupdate_session_finish *argp = ucmd->cmd;

	int err = luo_session_finish_one(session);

	if (err)

		return err;

	return luo_ucmd_respond(ucmd, sizeof(*argp));

}

union ucmd_buffer {

	struct liveupdate_session_finish finish;

	struct liveupdate_session_preserve_fd preserve;

	struct liveupdate_session_retrieve_fd retrieve;

};

struct luo_ioctl_op {

	unsigned int size;

	unsigned int min_size;

	unsigned int ioctl_num;

	int (*execute)(struct luo_session *session, struct luo_ucmd *ucmd);

};

#define IOCTL_OP(_ioctl, _fn, _struct, _last)                                  \

	[_IOC_NR(_ioctl) - LIVEUPDATE_CMD_SESSION_BASE] = {                    \

		.size = sizeof(_struct) +                                      \

			BUILD_BUG_ON_ZERO(sizeof(union ucmd_buffer) <          \

					  sizeof(_struct)),                    \

		.min_size = offsetofend(_struct, _last),                       \

		.ioctl_num = _ioctl,                                           \

		.execute = _fn,                                                \

	}

static const struct luo_ioctl_op luo_session_ioctl_ops[] = {

	IOCTL_OP(LIVEUPDATE_SESSION_FINISH, luo_session_finish,

		 struct liveupdate_session_finish, reserved),

	IOCTL_OP(LIVEUPDATE_SESSION_PRESERVE_FD, luo_session_preserve_fd,

		 struct liveupdate_session_preserve_fd, token),

	IOCTL_OP(LIVEUPDATE_SESSION_RETRIEVE_FD, luo_session_retrieve_fd,

		 struct liveupdate_session_retrieve_fd, token),

};

static long luo_session_ioctl(struct file *filep, unsigned int cmd,

			      unsigned long arg)

{

	struct luo_session *session = filep->private_data;

	const struct luo_ioctl_op *op;

	struct luo_ucmd ucmd = {};

	union ucmd_buffer buf;

	unsigned int nr;

	int ret;

	nr = _IOC_NR(cmd);

	if (nr < LIVEUPDATE_CMD_SESSION_BASE || (nr - LIVEUPDATE_CMD_SESSION_BASE) >=

	    ARRAY_SIZE(luo_session_ioctl_ops)) {

		return -EINVAL;

	}

	ucmd.ubuffer = (void __user *)arg;

	ret = get_user(ucmd.user_size, (u32 __user *)ucmd.ubuffer);

	if (ret)

		return ret;

	op = &luo_session_ioctl_ops[nr - LIVEUPDATE_CMD_SESSION_BASE];

	if (op->ioctl_num != cmd)

		return -ENOIOCTLCMD;

	if (ucmd.user_size < op->min_size)

		return -EINVAL;

	ucmd.cmd = &buf;

	ret = copy_struct_from_user(ucmd.cmd, op->size, ucmd.ubuffer,

				    ucmd.user_size);

	if (ret)

		return ret;

	return op->execute(session, &ucmd);

}

static const struct file_operations luo_session_fops = {

	.owner = THIS_MODULE,

	.release = luo_session_release,

	.unlocked_ioctl = luo_session_ioctl,

};

/* Create a "struct file" for session */

			luo_session_free(session);

			return err;

		}

		scoped_guard(mutex, &session->mutex) {

			luo_file_deserialize(&session->file_set,

					     &sh->ser[i].file_set_ser);

		}

	}

	kho_restore_free(sh->header_ser);

	struct luo_session_header *sh = &luo_session_global.outgoing;

	struct luo_session *session;

	int i = 0;

	int err;

	guard(rwsem_write)(&sh->rwsem);

	list_for_each_entry(session, &sh->list, list) {

		err = luo_session_freeze_one(session, &sh->ser[i]);

		if (err)

			goto err_undo;

		strscpy(sh->ser[i].name, session->name,

			sizeof(sh->ser[i].name));

		i++;

	sh->header_ser->count = sh->count;

	return 0;

err_undo:

	list_for_each_entry_continue_reverse(session, &sh->list, list) {

		i--;

		luo_session_unfreeze_one(session, &sh->ser[i]);

		memset(sh->ser[i].name, 0, sizeof(sh->ser[i].name));

	}

	return err;

}

/**