1 files changed, 96 insertions, 191 deletions
diff --git a/drivers/hv/hv_fcopy.c b/drivers/hv/hv_fcopy.c
index cd453e4b2a07..b50dd330cf31 100644
--- a/drivers/hv/hv_fcopy.c
+++ b/drivers/hv/hv_fcopy.c
@@ -19,17 +19,13 @@
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-#include <linux/semaphore.h>
-#include <linux/fs.h>
 #include <linux/nls.h>
 #include <linux/workqueue.h>
-#include <linux/cdev.h>
 #include <linux/hyperv.h>
 #include <linux/sched.h>
-#include <linux/uaccess.h>
-#include <linux/miscdevice.h>
 #include "hyperv_vmbus.h"
+#include "hv_utils_transport.h"
 #define WIN8_SRV_MAJOR          1
 #define WIN8_SRV_MINOR          1
@@ -47,39 +43,31 @@
 * ensure this by serializing packet processing in this driver - we do not
 * read additional packets from the VMBUs until the current packet is fully
 * handled.
- *
- * The transaction "active" state is set when we receive a request from the
- * host and we cleanup this state when the transaction is completed - when we
- * respond to the host with our response. When the transaction active state is
- * set, we defer handling incoming packets.
 */
 static struct {
-        bool active; /* transaction status - active or not */
+        int state;   /* hvutil_device_state */
        int recv_len; /* number of bytes received. */
        struct hv_fcopy_hdr  *fcopy_msg; /* current message */
-        struct hv_start_fcopy  message; /*  sent to daemon */
        struct vmbus_channel *recv_channel; /* chn we got the request */
        u64 recv_req_id; /* request ID. */
        void *fcopy_context; /* for the channel callback */
-        struct semaphore read_sema;
 } fcopy_transaction;
-static bool opened; /* currently device opened */
-/*
- * Before we can accept copy messages from the host, we need
- * to handshake with the user level daemon. This state tracks
- * if we are in the handshake phase.
- */
-static bool in_hand_shake = true;
-static void fcopy_send_data(void);
 static void fcopy_respond_to_host(int error);
-static void fcopy_work_func(struct work_struct *dummy);
+static void fcopy_send_data(struct work_struct *dummy);
-static DECLARE_DELAYED_WORK(fcopy_work, fcopy_work_func);
+static void fcopy_timeout_func(struct work_struct *dummy);
+static DECLARE_DELAYED_WORK(fcopy_timeout_work, fcopy_timeout_func);
+static DECLARE_WORK(fcopy_send_work, fcopy_send_data);
+static const char fcopy_devname[] = "vmbus/hv_fcopy";
 static u8 *recv_buffer;
+static struct hvutil_transport *hvt;
+/*
+ * This state maintains the version number registered by the daemon.
+ */
+static int dm_reg_value;
-static void fcopy_work_func(struct work_struct *dummy)
+static void fcopy_timeout_func(struct work_struct *dummy)
 {
        /*
         * If the timer fires, the user-mode component has not responded;
@@ -87,23 +75,28 @@ static void fcopy_work_func(struct work_struct *dummy)
         */
        fcopy_respond_to_host(HV_E_FAIL);
-        /* In the case the user-space daemon crashes, hangs or is killed, we
+        /* Transaction is finished, reset the state. */
-         * need to down the semaphore, otherwise, after the daemon starts next
+        if (fcopy_transaction.state > HVUTIL_READY)
-         * time, the obsolete data in fcopy_transaction.message or
+                fcopy_transaction.state = HVUTIL_READY;
-         * fcopy_transaction.fcopy_msg will be used immediately.
-         *
-         * NOTE: fcopy_read() happens to get the semaphore (very rare)? We're
-         * still OK, because we've reported the failure to the host.
-         */
-        if (down_trylock(&fcopy_transaction.read_sema))
-                ;
+        hv_poll_channel(fcopy_transaction.fcopy_context,
+                        hv_fcopy_onchannelcallback);
 }
 static int fcopy_handle_handshake(u32 version)
 {
+        u32 our_ver = FCOPY_CURRENT_VERSION;
        switch (version) {
-        case FCOPY_CURRENT_VERSION:
+        case FCOPY_VERSION_0:
+                /* Daemon doesn't expect us to reply */
+                dm_reg_value = version;
+                break;
+        case FCOPY_VERSION_1:
+                /* Daemon expects us to reply with our own version */
+                if (hvutil_transport_send(hvt, &our_ver, sizeof(our_ver)))
+                        return -EFAULT;
+                dm_reg_value = version;
                break;
        default:
                /*
@@ -114,20 +107,20 @@ static int fcopy_handle_handshake(u32 version)
                 */
                return -EINVAL;
        }
-        pr_info("FCP: user-mode registering done. Daemon version: %d\n",
+        pr_debug("FCP: userspace daemon ver. %d registered\n", version);
-                version);
+        fcopy_transaction.state = HVUTIL_READY;
-        fcopy_transaction.active = false;
+        hv_poll_channel(fcopy_transaction.fcopy_context,
-        if (fcopy_transaction.fcopy_context)
+                        hv_fcopy_onchannelcallback);
-                hv_fcopy_onchannelcallback(fcopy_transaction.fcopy_context);
-        in_hand_shake = false;
        return 0;
 }
-static void fcopy_send_data(void)
+static void fcopy_send_data(struct work_struct *dummy)
 {
-        struct hv_start_fcopy *smsg_out = &fcopy_transaction.message;
+        struct hv_start_fcopy smsg_out;
        int operation = fcopy_transaction.fcopy_msg->operation;
        struct hv_start_fcopy *smsg_in;
+        void *out_src;
+        int rc, out_len;
        /*
         * The  strings sent from the host are encoded in
@@ -142,26 +135,39 @@ static void fcopy_send_data(void)
        switch (operation) {
        case START_FILE_COPY:
-                memset(smsg_out, 0, sizeof(struct hv_start_fcopy));
+                out_len = sizeof(struct hv_start_fcopy);
-                smsg_out->hdr.operation = operation;
+                memset(&smsg_out, 0, out_len);
+                smsg_out.hdr.operation = operation;
                smsg_in = (struct hv_start_fcopy *)fcopy_transaction.fcopy_msg;
                utf16s_to_utf8s((wchar_t *)smsg_in->file_name, W_MAX_PATH,
                                UTF16_LITTLE_ENDIAN,
-                                (__u8 *)smsg_out->file_name, W_MAX_PATH - 1);
+                                (__u8 *)&smsg_out.file_name, W_MAX_PATH - 1);
                utf16s_to_utf8s((wchar_t *)smsg_in->path_name, W_MAX_PATH,
                                UTF16_LITTLE_ENDIAN,
-                                (__u8 *)smsg_out->path_name, W_MAX_PATH - 1);
+                                (__u8 *)&smsg_out.path_name, W_MAX_PATH - 1);
-                smsg_out->copy_flags = smsg_in->copy_flags;
+                smsg_out.copy_flags = smsg_in->copy_flags;
-                smsg_out->file_size = smsg_in->file_size;
+                smsg_out.file_size = smsg_in->file_size;
+                out_src = &smsg_out;
                break;
        default:
+                out_src = fcopy_transaction.fcopy_msg;
+                out_len = fcopy_transaction.recv_len;
                break;
        }
-        up(&fcopy_transaction.read_sema);
+        fcopy_transaction.state = HVUTIL_USERSPACE_REQ;
+        rc = hvutil_transport_send(hvt, out_src, out_len);
+        if (rc) {
+                pr_debug("FCP: failed to communicate to the daemon: %d\n", rc);
+                if (cancel_delayed_work_sync(&fcopy_timeout_work)) {
+                        fcopy_respond_to_host(HV_E_FAIL);
+                        fcopy_transaction.state = HVUTIL_READY;
+                }
+        }
        return;
 }
@@ -189,8 +195,6 @@ fcopy_respond_to_host(int error)
        channel = fcopy_transaction.recv_channel;
        req_id = fcopy_transaction.recv_req_id;
-        fcopy_transaction.active = false;
        icmsghdr = (struct icmsg_hdr *)
                        &recv_buffer[sizeof(struct vmbuspipe_hdr)];
@@ -218,7 +222,7 @@ void hv_fcopy_onchannelcallback(void *context)
        int util_fw_version;
        int fcopy_srv_version;
-        if (fcopy_transaction.active) {
+        if (fcopy_transaction.state > HVUTIL_READY) {
                /*
                 * We will defer processing this callback once
                 * the current transaction is complete.
@@ -226,6 +230,7 @@ void hv_fcopy_onchannelcallback(void *context)
                fcopy_transaction.fcopy_context = context;
                return;
        }
+        fcopy_transaction.fcopy_context = NULL;
        vmbus_recvpacket(channel, recv_buffer, PAGE_SIZE * 2, &recvlen,
                         &requestid);
@@ -249,17 +254,23 @@ void hv_fcopy_onchannelcallback(void *context)
                 * transaction; note transactions are serialized.
                 */
-                fcopy_transaction.active = true;
                fcopy_transaction.recv_len = recvlen;
                fcopy_transaction.recv_channel = channel;
                fcopy_transaction.recv_req_id = requestid;
                fcopy_transaction.fcopy_msg = fcopy_msg;
+                if (fcopy_transaction.state < HVUTIL_READY) {
+                        /* Userspace is not registered yet */
+                        fcopy_respond_to_host(HV_E_FAIL);
+                        return;
+                }
+                fcopy_transaction.state = HVUTIL_HOSTMSG_RECEIVED;
                /*
                 * Send the information to the user-level daemon.
                 */
-                schedule_delayed_work(&fcopy_work, 5*HZ);
+                schedule_work(&fcopy_send_work);
-                fcopy_send_data();
+                schedule_delayed_work(&fcopy_timeout_work, 5*HZ);
                return;
        }
        icmsghdr->icflags = ICMSGHDRFLAG_TRANSACTION | ICMSGHDRFLAG_RESPONSE;
@@ -267,155 +278,44 @@ void hv_fcopy_onchannelcallback(void *context)
                        VM_PKT_DATA_INBAND, 0);
 }
-/*
+/* Callback when data is received from userspace */
- * Create a char device that can support read/write for passing
+static int fcopy_on_msg(void *msg, int len)
- * the payload.
- */
-static ssize_t fcopy_read(struct file *file, char __user *buf,
-                size_t count, loff_t *ppos)
-{
-        void *src;
-        size_t copy_size;
-        int operation;
-        /*
-         * Wait until there is something to be read.
-         */
-        if (down_interruptible(&fcopy_transaction.read_sema))
-                return -EINTR;
-        /*
-         * The channel may be rescinded and in this case, we will wakeup the
-         * the thread blocked on the semaphore and we will use the opened
-         * state to correctly handle this case.
-         */
-        if (!opened)
-                return -ENODEV;
-        operation = fcopy_transaction.fcopy_msg->operation;
-        if (operation == START_FILE_COPY) {
-                src = &fcopy_transaction.message;
-                copy_size = sizeof(struct hv_start_fcopy);
-                if (count < copy_size)
-                        return 0;
-        } else {
-                src = fcopy_transaction.fcopy_msg;
-                copy_size = sizeof(struct hv_do_fcopy);
-                if (count < copy_size)
-                        return 0;
-        }
-        if (copy_to_user(buf, src, copy_size))
-                return -EFAULT;
-        return copy_size;
-}
-static ssize_t fcopy_write(struct file *file, const char __user *buf,
-                        size_t count, loff_t *ppos)
 {
-        int response = 0;
+        int *val = (int *)msg;
-        if (count != sizeof(int))
+        if (len != sizeof(int))
                return -EINVAL;
-        if (copy_from_user(&response, buf, sizeof(int)))
+        if (fcopy_transaction.state == HVUTIL_DEVICE_INIT)
-                return -EFAULT;
+                return fcopy_handle_handshake(*val);
-        if (in_hand_shake) {
+        if (fcopy_transaction.state != HVUTIL_USERSPACE_REQ)
-                if (fcopy_handle_handshake(response))
+                return -EINVAL;
-                        return -EINVAL;
-                return sizeof(int);
-        }
        /*
         * Complete the transaction by forwarding the result
         * to the host. But first, cancel the timeout.
         */
-        if (cancel_delayed_work_sync(&fcopy_work))
+        if (cancel_delayed_work_sync(&fcopy_timeout_work)) {
-                fcopy_respond_to_host(response);
+                fcopy_transaction.state = HVUTIL_USERSPACE_RECV;
+                fcopy_respond_to_host(*val);
-        return sizeof(int);
+                fcopy_transaction.state = HVUTIL_READY;
-}
+                hv_poll_channel(fcopy_transaction.fcopy_context,
+                                hv_fcopy_onchannelcallback);
-static int fcopy_open(struct inode *inode, struct file *f)
+        }
-{
-        /*
-         * The user level daemon that will open this device is
-         * really an extension of this driver. We can have only
-         * active open at a time.
-         */
-        if (opened)
-                return -EBUSY;
-        /*
-         * The daemon is alive; setup the state.
-         */
-        opened = true;
        return 0;
 }
-/* XXX: there are still some tricky corner cases, e.g.,
+static void fcopy_on_reset(void)
- * 1) In a SMP guest, when fcopy_release() runs between
- * schedule_delayed_work() and fcopy_send_data(), there is
- * still a chance an obsolete message will be queued.
- *
- * 2) When the fcopy daemon is running, if we unload the driver,
- * we'll notice a kernel oops when we kill the daemon later.
- */
-static int fcopy_release(struct inode *inode, struct file *f)
 {
        /*
         * The daemon has exited; reset the state.
         */
-        in_hand_shake = true;
+        fcopy_transaction.state = HVUTIL_DEVICE_INIT;
-        opened = false;
-        if (cancel_delayed_work_sync(&fcopy_work)) {
+        if (cancel_delayed_work_sync(&fcopy_timeout_work))
-                /* We haven't up()-ed the semaphore(very rare)? */
-                if (down_trylock(&fcopy_transaction.read_sema))
-                        ;
                fcopy_respond_to_host(HV_E_FAIL);
-        }
-        return 0;
-}
-static const struct file_operations fcopy_fops = {
-        .read           = fcopy_read,
-        .write          = fcopy_write,
-        .release        = fcopy_release,
-        .open           = fcopy_open,
-};
-static struct miscdevice fcopy_misc = {
-        .minor          = MISC_DYNAMIC_MINOR,
-        .name           = "vmbus/hv_fcopy",
-        .fops           = &fcopy_fops,
-};
-static int fcopy_dev_init(void)
-{
-        return misc_register(&fcopy_misc);
-}
-static void fcopy_dev_deinit(void)
-{
-        /*
-         * The device is going away - perhaps because the
-         * host has rescinded the channel. Setup state so that
-         * user level daemon can gracefully exit if it is blocked
-         * on the read semaphore.
-         */
-        opened = false;
-        /*
-         * Signal the semaphore as the device is
-         * going away.
-         */
-        up(&fcopy_transaction.read_sema);
-        misc_deregister(&fcopy_misc);
 }
 int hv_fcopy_init(struct hv_util_service *srv)
@@ -428,14 +328,19 @@ int hv_fcopy_init(struct hv_util_service *srv)
         * Defer processing channel callbacks until the daemon
         * has registered.
         */
-        fcopy_transaction.active = true;
+        fcopy_transaction.state = HVUTIL_DEVICE_INIT;
-        sema_init(&fcopy_transaction.read_sema, 0);
+        hvt = hvutil_transport_init(fcopy_devname, 0, 0,
+                                    fcopy_on_msg, fcopy_on_reset);
+        if (!hvt)
+                return -EFAULT;
-        return fcopy_dev_init();
+        return 0;
 }
 void hv_fcopy_deinit(void)
 {
-        cancel_delayed_work_sync(&fcopy_work);
+        fcopy_transaction.state = HVUTIL_DEVICE_DYING;
-        fcopy_dev_deinit();
+        cancel_delayed_work_sync(&fcopy_timeout_work);
+        hvutil_transport_destroy(hvt);
 }

diff --git a/drivers/hv/hv_fcopy.c b/drivers/hv/hv_fcopy.c index cd453e4b2a07..b50dd330cf31 100644 --- a/drivers/hv/hv_fcopy.c +++ b/drivers/hv/hv_fcopy.c
@@ -19,17 +19,13 @@
19		19
20	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt	20	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
21		21
22	#include <linux/semaphore.h>
23	#include <linux/fs.h>
24	#include <linux/nls.h>	22	#include <linux/nls.h>
25	#include <linux/workqueue.h>	23	#include <linux/workqueue.h>
26	#include <linux/cdev.h>
27	#include <linux/hyperv.h>	24	#include <linux/hyperv.h>
28	#include <linux/sched.h>	25	#include <linux/sched.h>
29	#include <linux/uaccess.h>
30	#include <linux/miscdevice.h>
31		26
32	#include "hyperv_vmbus.h"	27	#include "hyperv_vmbus.h"
		28	#include "hv_utils_transport.h"
33		29
34	#define WIN8_SRV_MAJOR 1	30	#define WIN8_SRV_MAJOR 1
35	#define WIN8_SRV_MINOR 1	31	#define WIN8_SRV_MINOR 1
@@ -47,39 +43,31 @@
47	* ensure this by serializing packet processing in this driver - we do not	43	* ensure this by serializing packet processing in this driver - we do not
48	* read additional packets from the VMBUs until the current packet is fully	44	* read additional packets from the VMBUs until the current packet is fully
49	* handled.	45	* handled.
50	*
51	* The transaction "active" state is set when we receive a request from the
52	* host and we cleanup this state when the transaction is completed - when we
53	* respond to the host with our response. When the transaction active state is
54	* set, we defer handling incoming packets.
55	*/	46	*/
56		47
57	static struct {	48	static struct {
58	bool active; /* transaction status - active or not */	49	int state; /* hvutil_device_state */
59	int recv_len; /* number of bytes received. */	50	int recv_len; /* number of bytes received. */
60	struct hv_fcopy_hdr fcopy_msg; / current message */	51	struct hv_fcopy_hdr fcopy_msg; / current message */
61	struct hv_start_fcopy message; /* sent to daemon */
62	struct vmbus_channel recv_channel; / chn we got the request */	52	struct vmbus_channel recv_channel; / chn we got the request */
63	u64 recv_req_id; /* request ID. */	53	u64 recv_req_id; /* request ID. */
64	void fcopy_context; / for the channel callback */	54	void fcopy_context; / for the channel callback */
65	struct semaphore read_sema;
66	} fcopy_transaction;	55	} fcopy_transaction;
67		56
68	static bool opened; /* currently device opened */
69
70	/*
71	* Before we can accept copy messages from the host, we need
72	* to handshake with the user level daemon. This state tracks
73	* if we are in the handshake phase.
74	*/
75	static bool in_hand_shake = true;
76	static void fcopy_send_data(void);
77	static void fcopy_respond_to_host(int error);	57	static void fcopy_respond_to_host(int error);
78	static void fcopy_work_func(struct work_struct *dummy);	58	static void fcopy_send_data(struct work_struct *dummy);
79	static DECLARE_DELAYED_WORK(fcopy_work, fcopy_work_func);	59	static void fcopy_timeout_func(struct work_struct *dummy);
		60	static DECLARE_DELAYED_WORK(fcopy_timeout_work, fcopy_timeout_func);
		61	static DECLARE_WORK(fcopy_send_work, fcopy_send_data);
		62	static const char fcopy_devname[] = "vmbus/hv_fcopy";
80	static u8 *recv_buffer;	63	static u8 *recv_buffer;
		64	static struct hvutil_transport *hvt;
		65	/*
		66	* This state maintains the version number registered by the daemon.
		67	*/
		68	static int dm_reg_value;
81		69
82	static void fcopy_work_func(struct work_struct *dummy)	70	static void fcopy_timeout_func(struct work_struct *dummy)
83	{	71	{
84	/*	72	/*
85	* If the timer fires, the user-mode component has not responded;	73	* If the timer fires, the user-mode component has not responded;
@@ -87,23 +75,28 @@ static void fcopy_work_func(struct work_struct *dummy)
87	*/	75	*/
88	fcopy_respond_to_host(HV_E_FAIL);	76	fcopy_respond_to_host(HV_E_FAIL);
89		77
90	/* In the case the user-space daemon crashes, hangs or is killed, we	78	/* Transaction is finished, reset the state. */
91	* need to down the semaphore, otherwise, after the daemon starts next	79	if (fcopy_transaction.state > HVUTIL_READY)
92	* time, the obsolete data in fcopy_transaction.message or	80	fcopy_transaction.state = HVUTIL_READY;
93	* fcopy_transaction.fcopy_msg will be used immediately.
94	*
95	* NOTE: fcopy_read() happens to get the semaphore (very rare)? We're
96	* still OK, because we've reported the failure to the host.
97	*/
98	if (down_trylock(&fcopy_transaction.read_sema))
99	;
100		81
		82	hv_poll_channel(fcopy_transaction.fcopy_context,
		83	hv_fcopy_onchannelcallback);
101	}	84	}
102		85
103	static int fcopy_handle_handshake(u32 version)	86	static int fcopy_handle_handshake(u32 version)
104	{	87	{
		88	u32 our_ver = FCOPY_CURRENT_VERSION;
		89
105	switch (version) {	90	switch (version) {
106	case FCOPY_CURRENT_VERSION:	91	case FCOPY_VERSION_0:
		92	/* Daemon doesn't expect us to reply */
		93	dm_reg_value = version;
		94	break;
		95	case FCOPY_VERSION_1:
		96	/* Daemon expects us to reply with our own version */
		97	if (hvutil_transport_send(hvt, &our_ver, sizeof(our_ver)))
		98	return -EFAULT;
		99	dm_reg_value = version;
107	break;	100	break;
108	default:	101	default:
109	/*	102	/*
@@ -114,20 +107,20 @@ static int fcopy_handle_handshake(u32 version)
114	*/	107	*/
115	return -EINVAL;	108	return -EINVAL;
116	}	109	}
117	pr_info("FCP: user-mode registering done. Daemon version: %d\n",	110	pr_debug("FCP: userspace daemon ver. %d registered\n", version);
118	version);	111	fcopy_transaction.state = HVUTIL_READY;
119	fcopy_transaction.active = false;	112	hv_poll_channel(fcopy_transaction.fcopy_context,
120	if (fcopy_transaction.fcopy_context)	113	hv_fcopy_onchannelcallback);
121	hv_fcopy_onchannelcallback(fcopy_transaction.fcopy_context);
122	in_hand_shake = false;
123	return 0;	114	return 0;
124	}	115	}
125		116
126	static void fcopy_send_data(void)	117	static void fcopy_send_data(struct work_struct *dummy)
127	{	118	{
128	struct hv_start_fcopy *smsg_out = &fcopy_transaction.message;	119	struct hv_start_fcopy smsg_out;
129	int operation = fcopy_transaction.fcopy_msg->operation;	120	int operation = fcopy_transaction.fcopy_msg->operation;
130	struct hv_start_fcopy *smsg_in;	121	struct hv_start_fcopy *smsg_in;
		122	void *out_src;
		123	int rc, out_len;
131		124
132	/*	125	/*
133	* The strings sent from the host are encoded in	126	* The strings sent from the host are encoded in
@@ -142,26 +135,39 @@ static void fcopy_send_data(void)
142		135
143	switch (operation) {	136	switch (operation) {
144	case START_FILE_COPY:	137	case START_FILE_COPY:
145	memset(smsg_out, 0, sizeof(struct hv_start_fcopy));	138	out_len = sizeof(struct hv_start_fcopy);
146	smsg_out->hdr.operation = operation;	139	memset(&smsg_out, 0, out_len);
		140	smsg_out.hdr.operation = operation;
147	smsg_in = (struct hv_start_fcopy *)fcopy_transaction.fcopy_msg;	141	smsg_in = (struct hv_start_fcopy *)fcopy_transaction.fcopy_msg;
148		142
149	utf16s_to_utf8s((wchar_t *)smsg_in->file_name, W_MAX_PATH,	143	utf16s_to_utf8s((wchar_t *)smsg_in->file_name, W_MAX_PATH,
150	UTF16_LITTLE_ENDIAN,	144	UTF16_LITTLE_ENDIAN,
151	(__u8 *)smsg_out->file_name, W_MAX_PATH - 1);	145	(__u8 *)&smsg_out.file_name, W_MAX_PATH - 1);
152		146
153	utf16s_to_utf8s((wchar_t *)smsg_in->path_name, W_MAX_PATH,	147	utf16s_to_utf8s((wchar_t *)smsg_in->path_name, W_MAX_PATH,
154	UTF16_LITTLE_ENDIAN,	148	UTF16_LITTLE_ENDIAN,
155	(__u8 *)smsg_out->path_name, W_MAX_PATH - 1);	149	(__u8 *)&smsg_out.path_name, W_MAX_PATH - 1);
156		150
157	smsg_out->copy_flags = smsg_in->copy_flags;	151	smsg_out.copy_flags = smsg_in->copy_flags;
158	smsg_out->file_size = smsg_in->file_size;	152	smsg_out.file_size = smsg_in->file_size;
		153	out_src = &smsg_out;
159	break;	154	break;
160		155
161	default:	156	default:
		157	out_src = fcopy_transaction.fcopy_msg;
		158	out_len = fcopy_transaction.recv_len;
162	break;	159	break;
163	}	160	}
164	up(&fcopy_transaction.read_sema);	161
		162	fcopy_transaction.state = HVUTIL_USERSPACE_REQ;
		163	rc = hvutil_transport_send(hvt, out_src, out_len);
		164	if (rc) {
		165	pr_debug("FCP: failed to communicate to the daemon: %d\n", rc);
		166	if (cancel_delayed_work_sync(&fcopy_timeout_work)) {
		167	fcopy_respond_to_host(HV_E_FAIL);
		168	fcopy_transaction.state = HVUTIL_READY;
		169	}
		170	}
165	return;	171	return;
166	}	172	}
167		173
@@ -189,8 +195,6 @@ fcopy_respond_to_host(int error)
189	channel = fcopy_transaction.recv_channel;	195	channel = fcopy_transaction.recv_channel;
190	req_id = fcopy_transaction.recv_req_id;	196	req_id = fcopy_transaction.recv_req_id;
191		197
192	fcopy_transaction.active = false;
193
194	icmsghdr = (struct icmsg_hdr *)	198	icmsghdr = (struct icmsg_hdr *)
195	&recv_buffer[sizeof(struct vmbuspipe_hdr)];	199	&recv_buffer[sizeof(struct vmbuspipe_hdr)];
196		200
@@ -218,7 +222,7 @@ void hv_fcopy_onchannelcallback(void *context)
218	int util_fw_version;	222	int util_fw_version;
219	int fcopy_srv_version;	223	int fcopy_srv_version;
220		224
221	if (fcopy_transaction.active) {	225	if (fcopy_transaction.state > HVUTIL_READY) {
222	/*	226	/*
223	* We will defer processing this callback once	227	* We will defer processing this callback once
224	* the current transaction is complete.	228	* the current transaction is complete.
@@ -226,6 +230,7 @@ void hv_fcopy_onchannelcallback(void *context)
226	fcopy_transaction.fcopy_context = context;	230	fcopy_transaction.fcopy_context = context;
227	return;	231	return;
228	}	232	}
		233	fcopy_transaction.fcopy_context = NULL;
229		234
230	vmbus_recvpacket(channel, recv_buffer, PAGE_SIZE * 2, &recvlen,	235	vmbus_recvpacket(channel, recv_buffer, PAGE_SIZE * 2, &recvlen,
231	&requestid);	236	&requestid);
@@ -249,17 +254,23 @@ void hv_fcopy_onchannelcallback(void *context)
249	* transaction; note transactions are serialized.	254	* transaction; note transactions are serialized.
250	*/	255	*/
251		256
252	fcopy_transaction.active = true;
253	fcopy_transaction.recv_len = recvlen;	257	fcopy_transaction.recv_len = recvlen;
254	fcopy_transaction.recv_channel = channel;	258	fcopy_transaction.recv_channel = channel;
255	fcopy_transaction.recv_req_id = requestid;	259	fcopy_transaction.recv_req_id = requestid;
256	fcopy_transaction.fcopy_msg = fcopy_msg;	260	fcopy_transaction.fcopy_msg = fcopy_msg;
257		261
		262	if (fcopy_transaction.state < HVUTIL_READY) {
		263	/* Userspace is not registered yet */
		264	fcopy_respond_to_host(HV_E_FAIL);
		265	return;
		266	}
		267	fcopy_transaction.state = HVUTIL_HOSTMSG_RECEIVED;
		268
258	/*	269	/*
259	* Send the information to the user-level daemon.	270	* Send the information to the user-level daemon.
260	*/	271	*/
261	schedule_delayed_work(&fcopy_work, 5*HZ);	272	schedule_work(&fcopy_send_work);
262	fcopy_send_data();	273	schedule_delayed_work(&fcopy_timeout_work, 5*HZ);
263	return;	274	return;
264	}	275	}
265	icmsghdr->icflags = ICMSGHDRFLAG_TRANSACTION \| ICMSGHDRFLAG_RESPONSE;	276	icmsghdr->icflags = ICMSGHDRFLAG_TRANSACTION \| ICMSGHDRFLAG_RESPONSE;
@@ -267,155 +278,44 @@ void hv_fcopy_onchannelcallback(void *context)
267	VM_PKT_DATA_INBAND, 0);	278	VM_PKT_DATA_INBAND, 0);
268	}	279	}
269		280
270	/*	281	/* Callback when data is received from userspace */
271	* Create a char device that can support read/write for passing	282	static int fcopy_on_msg(void *msg, int len)
272	* the payload.
273	*/
274
275	static ssize_t fcopy_read(struct file file, char __user buf,
276	size_t count, loff_t *ppos)
277	{
278	void *src;
279	size_t copy_size;
280	int operation;
281
282	/*
283	* Wait until there is something to be read.
284	*/
285	if (down_interruptible(&fcopy_transaction.read_sema))
286	return -EINTR;
287
288	/*
289	* The channel may be rescinded and in this case, we will wakeup the
290	* the thread blocked on the semaphore and we will use the opened
291	* state to correctly handle this case.
292	*/
293	if (!opened)
294	return -ENODEV;
295
296	operation = fcopy_transaction.fcopy_msg->operation;
297
298	if (operation == START_FILE_COPY) {
299	src = &fcopy_transaction.message;
300	copy_size = sizeof(struct hv_start_fcopy);
301	if (count < copy_size)
302	return 0;
303	} else {
304	src = fcopy_transaction.fcopy_msg;
305	copy_size = sizeof(struct hv_do_fcopy);
306	if (count < copy_size)
307	return 0;
308	}
309	if (copy_to_user(buf, src, copy_size))
310	return -EFAULT;
311
312	return copy_size;
313	}
314
315	static ssize_t fcopy_write(struct file file, const char __user buf,
316	size_t count, loff_t *ppos)
317	{	283	{
318	int response = 0;	284	int val = (int )msg;
319		285
320	if (count != sizeof(int))	286	if (len != sizeof(int))
321	return -EINVAL;	287	return -EINVAL;
322		288
323	if (copy_from_user(&response, buf, sizeof(int)))	289	if (fcopy_transaction.state == HVUTIL_DEVICE_INIT)
324	return -EFAULT;	290	return fcopy_handle_handshake(*val);
325		291
326	if (in_hand_shake) {	292	if (fcopy_transaction.state != HVUTIL_USERSPACE_REQ)
327	if (fcopy_handle_handshake(response))	293	return -EINVAL;
328	return -EINVAL;
329	return sizeof(int);
330	}
331		294
332	/*	295	/*
333	* Complete the transaction by forwarding the result	296	* Complete the transaction by forwarding the result
334	* to the host. But first, cancel the timeout.	297	* to the host. But first, cancel the timeout.
335	*/	298	*/
336	if (cancel_delayed_work_sync(&fcopy_work))	299	if (cancel_delayed_work_sync(&fcopy_timeout_work)) {
337	fcopy_respond_to_host(response);	300	fcopy_transaction.state = HVUTIL_USERSPACE_RECV;
338		301	fcopy_respond_to_host(*val);
339	return sizeof(int);	302	fcopy_transaction.state = HVUTIL_READY;
340	}	303	hv_poll_channel(fcopy_transaction.fcopy_context,
341		304	hv_fcopy_onchannelcallback);
342	static int fcopy_open(struct inode inode, struct file f)	305	}
343	{
344	/*
345	* The user level daemon that will open this device is
346	* really an extension of this driver. We can have only
347	* active open at a time.
348	*/
349	if (opened)
350	return -EBUSY;
351		306
352	/*
353	* The daemon is alive; setup the state.
354	*/
355	opened = true;
356	return 0;	307	return 0;
357	}	308	}
358		309
359	/* XXX: there are still some tricky corner cases, e.g.,	310	static void fcopy_on_reset(void)
360	* 1) In a SMP guest, when fcopy_release() runs between
361	* schedule_delayed_work() and fcopy_send_data(), there is
362	* still a chance an obsolete message will be queued.
363	*
364	* 2) When the fcopy daemon is running, if we unload the driver,
365	* we'll notice a kernel oops when we kill the daemon later.
366	*/
367	static int fcopy_release(struct inode inode, struct file f)
368	{	311	{
369	/*	312	/*
370	* The daemon has exited; reset the state.	313	* The daemon has exited; reset the state.
371	*/	314	*/
372	in_hand_shake = true;	315	fcopy_transaction.state = HVUTIL_DEVICE_INIT;
373	opened = false;
374		316
375	if (cancel_delayed_work_sync(&fcopy_work)) {	317	if (cancel_delayed_work_sync(&fcopy_timeout_work))
376	/* We haven't up()-ed the semaphore(very rare)? */
377	if (down_trylock(&fcopy_transaction.read_sema))
378	;
379	fcopy_respond_to_host(HV_E_FAIL);	318	fcopy_respond_to_host(HV_E_FAIL);
380	}
381	return 0;
382	}
383
384
385	static const struct file_operations fcopy_fops = {
386	.read = fcopy_read,
387	.write = fcopy_write,
388	.release = fcopy_release,
389	.open = fcopy_open,
390	};
391
392	static struct miscdevice fcopy_misc = {
393	.minor = MISC_DYNAMIC_MINOR,
394	.name = "vmbus/hv_fcopy",
395	.fops = &fcopy_fops,
396	};
397
398	static int fcopy_dev_init(void)
399	{
400	return misc_register(&fcopy_misc);
401	}
402
403	static void fcopy_dev_deinit(void)
404	{
405
406	/*
407	* The device is going away - perhaps because the
408	* host has rescinded the channel. Setup state so that
409	* user level daemon can gracefully exit if it is blocked
410	* on the read semaphore.
411	*/
412	opened = false;
413	/*
414	* Signal the semaphore as the device is
415	* going away.
416	*/
417	up(&fcopy_transaction.read_sema);
418	misc_deregister(&fcopy_misc);
419	}	319	}
420		320
421	int hv_fcopy_init(struct hv_util_service *srv)	321	int hv_fcopy_init(struct hv_util_service *srv)
@@ -428,14 +328,19 @@ int hv_fcopy_init(struct hv_util_service *srv)
428	* Defer processing channel callbacks until the daemon	328	* Defer processing channel callbacks until the daemon
429	* has registered.	329	* has registered.
430	*/	330	*/
431	fcopy_transaction.active = true;	331	fcopy_transaction.state = HVUTIL_DEVICE_INIT;
432	sema_init(&fcopy_transaction.read_sema, 0);	332
		333	hvt = hvutil_transport_init(fcopy_devname, 0, 0,
		334	fcopy_on_msg, fcopy_on_reset);
		335	if (!hvt)
		336	return -EFAULT;
433		337
434	return fcopy_dev_init();	338	return 0;
435	}	339	}
436		340
437	void hv_fcopy_deinit(void)	341	void hv_fcopy_deinit(void)
438	{	342	{
439	cancel_delayed_work_sync(&fcopy_work);	343	fcopy_transaction.state = HVUTIL_DEVICE_DYING;
440	fcopy_dev_deinit();	344	cancel_delayed_work_sync(&fcopy_timeout_work);
		345	hvutil_transport_destroy(hvt);
441	}	346	}