Merge tag 'fuse-update-6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse

``/proc/sys/fs/fuse/max_pages_limit`` is a read/write file for

setting/getting the maximum number of pages that can be used for servicing

requests in FUSE.

``/proc/sys/fs/fuse/default_request_timeout`` is a read/write file for

setting/getting the default timeout (in seconds) for a fuse server to

reply to a kernel-issued request in the event where the server did not

specify a timeout at mount. If the server set a timeout,

then default_request_timeout will be ignored.  The default

"default_request_timeout" is set to 0. 0 indicates no default timeout.

The maximum value that can be set is 65535.

``/proc/sys/fs/fuse/max_request_timeout`` is a read/write file for

setting/getting the maximum timeout (in seconds) for a fuse server to

reply to a kernel-issued request. A value greater than 0 automatically opts

the server into a timeout that will be set to at most "max_request_timeout",

even if the server did not specify a timeout and default_request_timeout is

set to 0. If max_request_timeout is greater than 0 and the server set a timeout

greater than max_request_timeout or default_request_timeout is set to a value

greater than max_request_timeout, the system will use max_request_timeout as the

timeout. 0 indicates no max request timeout. The maximum value that can be set

is 65535.

For timeouts, if the server does not respond to the request by the time

the set timeout elapses, then the connection to the fuse server will be aborted.

Please note that the timeouts are not 100% precise (eg you may set 60 seconds but

the timeout may kick in after 70 seconds). The upper margin of error for the

timeout is roughly FUSE_TIMEOUT_TIMER_FREQ seconds.

static struct kmem_cache *fuse_req_cachep;

const unsigned long fuse_timeout_timer_freq =

	secs_to_jiffies(FUSE_TIMEOUT_TIMER_FREQ);

bool fuse_request_expired(struct fuse_conn *fc, struct list_head *list)

{

	struct fuse_req *req;

	req = list_first_entry_or_null(list, struct fuse_req, list);

	if (!req)

		return false;

	return time_is_before_jiffies(req->create_time + fc->timeout.req_timeout);

}

bool fuse_fpq_processing_expired(struct fuse_conn *fc, struct list_head *processing)

{

	int i;

	for (i = 0; i < FUSE_PQ_HASH_SIZE; i++)

		if (fuse_request_expired(fc, &processing[i]))

			return true;

	return false;

}

/*

 * Check if any requests aren't being completed by the time the request timeout

 * elapses. To do so, we:

 * - check the fiq pending list

 * - check the bg queue

 * - check the fpq io and processing lists

 *

 * To make this fast, we only check against the head request on each list since

 * these are generally queued in order of creation time (eg newer requests get

 * queued to the tail). We might miss a few edge cases (eg requests transitioning

 * between lists, re-sent requests at the head of the pending list having a

 * later creation time than other requests on that list, etc.) but that is fine

 * since if the request never gets fulfilled, it will eventually be caught.

 */

void fuse_check_timeout(struct work_struct *work)

{

	struct delayed_work *dwork = to_delayed_work(work);

	struct fuse_conn *fc = container_of(dwork, struct fuse_conn,

					    timeout.work);

	struct fuse_iqueue *fiq = &fc->iq;

	struct fuse_dev *fud;

	struct fuse_pqueue *fpq;

	bool expired = false;

	if (!atomic_read(&fc->num_waiting))

	    goto out;

	spin_lock(&fiq->lock);

	expired = fuse_request_expired(fc, &fiq->pending);

	spin_unlock(&fiq->lock);

	if (expired)

		goto abort_conn;

	spin_lock(&fc->bg_lock);

	expired = fuse_request_expired(fc, &fc->bg_queue);

	spin_unlock(&fc->bg_lock);

	if (expired)

		goto abort_conn;

	spin_lock(&fc->lock);

	if (!fc->connected) {

		spin_unlock(&fc->lock);

		return;

	}

	list_for_each_entry(fud, &fc->devices, entry) {

		fpq = &fud->pq;

		spin_lock(&fpq->lock);

		if (fuse_request_expired(fc, &fpq->io) ||

		    fuse_fpq_processing_expired(fc, fpq->processing)) {

			spin_unlock(&fpq->lock);

			spin_unlock(&fc->lock);

			goto abort_conn;

		}

		spin_unlock(&fpq->lock);

	}

	spin_unlock(&fc->lock);

	if (fuse_uring_request_expired(fc))

	    goto abort_conn;

out:

	queue_delayed_work(system_wq, &fc->timeout.work,

			   fuse_timeout_timer_freq);

	return;

abort_conn:

	fuse_abort_conn(fc);

}

static void fuse_request_init(struct fuse_mount *fm, struct fuse_req *req)

{

	INIT_LIST_HEAD(&req->list);

	refcount_set(&req->count, 1);

	__set_bit(FR_PENDING, &req->flags);

	req->fm = fm;

	req->create_time = jiffies;

}

static struct fuse_req *fuse_request_alloc(struct fuse_mount *fm, gfp_t flags)

	return 0;

}

bool fuse_remove_pending_req(struct fuse_req *req, spinlock_t *lock)

{

	spin_lock(lock);

	if (test_bit(FR_PENDING, &req->flags)) {

		/*

		 * FR_PENDING does not get cleared as the request will end

		 * up in destruction anyway.

		 */

		list_del(&req->list);

		spin_unlock(lock);

		__fuse_put_request(req);

		req->out.h.error = -EINTR;

		return true;

	}

	spin_unlock(lock);

	return false;

}

static void request_wait_answer(struct fuse_req *req)

{

	struct fuse_conn *fc = req->fm->fc;

	}

	if (!test_bit(FR_FORCE, &req->flags)) {

		bool removed;

		/* Only fatal signals may interrupt this */

		err = wait_event_killable(req->waitq,

					test_bit(FR_FINISHED, &req->flags));

		if (!err)

			return;

		spin_lock(&fiq->lock);

		/* Request is not yet in userspace, bail out */

		if (test_bit(FR_PENDING, &req->flags)) {

			list_del(&req->list);

			spin_unlock(&fiq->lock);

			__fuse_put_request(req);

			req->out.h.error = -EINTR;

		if (test_bit(FR_URING, &req->flags))

			removed = fuse_uring_remove_pending_req(req);

		else

			removed = fuse_remove_pending_req(req, &fiq->lock);

		if (removed)

			return;

	}

		spin_unlock(&fiq->lock);

	}

	/*

	 * Either request is already in userspace, or it was forced.

				   struct fuse_copy_state *cs)

{

	struct fuse_notify_inval_entry_out outarg;

	int err = -ENOMEM;

	char *buf;

	int err;

	char *buf = NULL;

	struct qstr name;

	buf = kzalloc(FUSE_NAME_MAX + 1, GFP_KERNEL);

	if (!buf)

		goto err;

	err = -EINVAL;

	if (size < sizeof(outarg))

		goto err;

		goto err;

	err = -ENAMETOOLONG;

	if (outarg.namelen > FUSE_NAME_MAX)

	if (outarg.namelen > fc->name_max)

		goto err;

	err = -EINVAL;

	if (size != sizeof(outarg) + outarg.namelen + 1)

		goto err;

	err = -ENOMEM;

	buf = kzalloc(outarg.namelen + 1, GFP_KERNEL);

	if (!buf)

		goto err;

	name.name = buf;

	name.len = outarg.namelen;

	err = fuse_copy_one(cs, buf, outarg.namelen + 1);

			      struct fuse_copy_state *cs)

{

	struct fuse_notify_delete_out outarg;

	int err = -ENOMEM;

	char *buf;

	int err;

	char *buf = NULL;

	struct qstr name;

	buf = kzalloc(FUSE_NAME_MAX + 1, GFP_KERNEL);

	if (!buf)

		goto err;

	err = -EINVAL;

	if (size < sizeof(outarg))

		goto err;

		goto err;

	err = -ENAMETOOLONG;

	if (outarg.namelen > FUSE_NAME_MAX)

	if (outarg.namelen > fc->name_max)

		goto err;

	err = -EINVAL;

	if (size != sizeof(outarg) + outarg.namelen + 1)

		goto err;

	err = -ENOMEM;

	buf = kzalloc(outarg.namelen + 1, GFP_KERNEL);

	if (!buf)

		goto err;

	name.name = buf;

	name.len = outarg.namelen;

	err = fuse_copy_one(cs, buf, outarg.namelen + 1);

		LIST_HEAD(to_end);

		unsigned int i;

		if (fc->timeout.req_timeout)

			cancel_delayed_work(&fc->timeout.work);

		/* Background queuing checks fc->connected under bg_lock */

		spin_lock(&fc->bg_lock);

		fc->connected = 0;

	}

}

bool fuse_uring_request_expired(struct fuse_conn *fc)

{

	struct fuse_ring *ring = fc->ring;

	struct fuse_ring_queue *queue;

	int qid;

	if (!ring)

		return false;

	for (qid = 0; qid < ring->nr_queues; qid++) {

		queue = READ_ONCE(ring->queues[qid]);

		if (!queue)

			continue;

		spin_lock(&queue->lock);

		if (fuse_request_expired(fc, &queue->fuse_req_queue) ||

		    fuse_request_expired(fc, &queue->fuse_req_bg_queue) ||

		    fuse_fpq_processing_expired(fc, queue->fpq.processing)) {

			spin_unlock(&queue->lock);

			return true;

		}

		spin_unlock(&queue->lock);

	}

	return false;

}

void fuse_uring_destruct(struct fuse_conn *fc)

{

	struct fuse_ring *ring = fc->ring;

	ring->nr_queues = nr_queues;

	ring->fc = fc;

	ring->max_payload_sz = max_payload_size;

	atomic_set(&ring->queue_refs, 0);

	smp_store_release(&fc->ring, ring);

	spin_unlock(&fc->lock);

					   struct fuse_req *req)

{

	struct fuse_ring_queue *queue = ent->queue;

	struct fuse_conn *fc = req->fm->fc;

	struct fuse_iqueue *fiq = &fc->iq;

	lockdep_assert_held(&queue->lock);

			ent->state);

	}

	spin_lock(&fiq->lock);

	clear_bit(FR_PENDING, &req->flags);

	spin_unlock(&fiq->lock);

	ent->fuse_req = req;

	ent->state = FRRS_FUSE_REQ;

	list_move(&ent->list, &queue->ent_w_req_queue);

	if (unlikely(queue->stopped))

		goto err_unlock;

	set_bit(FR_URING, &req->flags);

	req->ring_queue = queue;

	ent = list_first_entry_or_null(&queue->ent_avail_queue,

				       struct fuse_ring_ent, list);

	if (ent)

		return false;

	}

	set_bit(FR_URING, &req->flags);

	req->ring_queue = queue;

	list_add_tail(&req->list, &queue->fuse_req_bg_queue);

	ent = list_first_entry_or_null(&queue->ent_avail_queue,

	return true;

}

bool fuse_uring_remove_pending_req(struct fuse_req *req)

{

	struct fuse_ring_queue *queue = req->ring_queue;

	return fuse_remove_pending_req(req, &queue->lock);

}

static const struct fuse_iqueue_ops fuse_io_uring_ops = {

	/* should be send over io-uring as enhancement */

	.send_forget = fuse_dev_queue_forget,

int fuse_uring_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags);

void fuse_uring_queue_fuse_req(struct fuse_iqueue *fiq, struct fuse_req *req);

bool fuse_uring_queue_bq_req(struct fuse_req *req);

bool fuse_uring_remove_pending_req(struct fuse_req *req);

bool fuse_uring_request_expired(struct fuse_conn *fc);

static inline void fuse_uring_abort(struct fuse_conn *fc)

{

#else /* CONFIG_FUSE_IO_URING */

struct fuse_ring;

static inline void fuse_uring_create(struct fuse_conn *fc)

{

}

static inline void fuse_uring_destruct(struct fuse_conn *fc)

{

}

	return false;

}

static inline bool fuse_uring_remove_pending_req(struct fuse_req *req)

{

	return false;

}

static inline bool fuse_uring_request_expired(struct fuse_conn *fc)

{

	return false;

}

#endif /* CONFIG_FUSE_IO_URING */

#endif /* _FS_FUSE_DEV_URING_I_H */

	*inode = NULL;

	err = -ENAMETOOLONG;

	if (name->len > FUSE_NAME_MAX)

	if (name->len > fm->fc->name_max)

		goto out;

	struct fuse_mount *fm = get_fuse_mount(inode);

	FUSE_ARGS(args);

	if (fm->fc->no_link)

		goto out;

	memset(&inarg, 0, sizeof(inarg));

	inarg.oldnodeid = get_node_id(inode);

	args.opcode = FUSE_LINK;

	else if (err == -EINTR)

		fuse_invalidate_attr(inode);

	if (err == -ENOSYS)

		fm->fc->no_link = 1;

out:

	if (fm->fc->no_link)

		return -EPERM;

	return err;

}