Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2194215/?format=api
{ "id": 2194215, "url": "http://patchwork.ozlabs.org/api/patches/2194215/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260207120901.17222-5-hibriansong@gmail.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260207120901.17222-5-hibriansong@gmail.com>", "list_archive_url": null, "date": "2026-02-07T12:08:58", "name": "[v4,4/7] fuse: refactor FUSE request handler", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "f439e415021ba1d1563fffe49af7f4552e510b51", "submitter": { "id": 90672, "url": "http://patchwork.ozlabs.org/api/people/90672/?format=api", "name": "Brian Song", "email": "hibriansong@gmail.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260207120901.17222-5-hibriansong@gmail.com/mbox/", "series": [ { "id": 491376, "url": "http://patchwork.ozlabs.org/api/series/491376/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=491376", "date": "2026-02-07T12:08:56", "name": "add fuse-over-io_uring support", "version": 4, "mbox": "http://patchwork.ozlabs.org/series/491376/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2194215/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2194215/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20230601 header.b=dmlNpVNN;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4f7VFS577Jz1xvj\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 07 Feb 2026 23:12:12 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1voh8d-0007Cc-0g; Sat, 07 Feb 2026 07:10:11 -0500", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <hibriansong@gmail.com>)\n id 1voh8a-0007CE-2R\n for qemu-devel@nongnu.org; Sat, 07 Feb 2026 07:10:08 -0500", "from mail-pj1-x102a.google.com ([2607:f8b0:4864:20::102a])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from <hibriansong@gmail.com>)\n id 1voh8X-00035R-4V\n for qemu-devel@nongnu.org; Sat, 07 Feb 2026 07:10:07 -0500", "by mail-pj1-x102a.google.com with SMTP id\n 98e67ed59e1d1-34c93e0269cso2498824a91.1\n for <qemu-devel@nongnu.org>; Sat, 07 Feb 2026 04:10:04 -0800 (PST)", "from brian.. (n058152022104.netvigator.com. [58.152.22.104])\n by smtp.gmail.com with ESMTPSA id\n 98e67ed59e1d1-354b30f899csm2178530a91.3.2026.02.07.04.09.58\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Sat, 07 Feb 2026 04:10:02 -0800 (PST)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20230601; t=1770466203; x=1771071003; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=nqUt3VRnKO0/pU94K0c5xLOUyYWLmsrVycHnTDp9Wik=;\n b=dmlNpVNNMripvANhoQ1+eA3oI0Q0mEodomP0mMB4JLrl2eO7BH8HF1vG/cMcoNfaqu\n 1KmDiN1ZANVIBuQinr7bJPrNSiMDfxqb40EWhLoyi9N3rKNfBBsHaxOej8/bVvIWi23+\n Fpu/AbFN5XLRyN8gtyQdvCMCF0LjwKCSuwKYReX0tjlqArY21g7w26UnXW6o3RCHUjT1\n xvg9F1yQXTqg/xk0WvTKr9VkAgWqsD6cJHx5YyYOR6si6cN+rVi1fPxY8Kv7ooceIIDt\n xFaoy+5hCcQFWPKARGaBuX+zgl3j/9DfhARtHm0kppGDnwDRf+QWHxvPP8/vApMIWC1a\n 76SA==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1770466203; x=1771071003;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=nqUt3VRnKO0/pU94K0c5xLOUyYWLmsrVycHnTDp9Wik=;\n b=i3HTlR0cHg3xmZp73Hw+Hn643QmIlv2LHCG0J9qcywuy1i2iD3KBuFS6kXXBVOBKP6\n 42EF+7+QzJnqnaMKfI6ZdP9TGbF9hLXQbYaN6acO9jQTtPDdy2/UsI68QsfZpnZLS1uO\n cB+KCq994OT8IFqNiRZ7Exa8gGT7UqlcAiNr7ToUa3U9KOCcQvg5nH/ZPVAAXnpnd6vf\n 7lLyeZpljXOxd0sjsJP5R49h9WVBQ+nP8sQPFhqxTfU/jCJ9sVkBj+EUeRjEPjUzTEJ7\n JVikxqL3V4ow8Mgr9c1krLauFLLmenBtiQFdK547z53SngyZ7t4IDDqqG6hH3S474GvW\n zxAw==", "X-Gm-Message-State": "AOJu0YwbdaSXe5yAFi/5E4DJOdTPNWMKS6jp36RumK4lMvc+OVVjjooO\n a37fnRY+xdZ7ES7ImeZ9+JfnApvIEkURCkwhXuhAyHfM+9NWSsp/uego", "X-Gm-Gg": "AZuq6aLdONoNOJ1Va1uy3FJNweJ1dh0ET2QZlui+2+u0X6Pp23EkkEJ5FNpgWeqc0PB\n 81wqBqrh5RGMntZH9Dq1llD0KaLbzD8robe/p/8enzC7qOw5t/cIiyOnTPTauUZ4u0phEjcMVvg\n 8SwfjH8Pg1sUSpvnQkbCDn1u792Z+Hmt5KcmJZCexliTZzl6ZGoaY+aZBVrRXEc0dbwoFYNiLz3\n j6paDAbNW062rsZWUiHtIViTbQqzayr2rtvvD3qvtf3T53xYcFMeGhT2obVpx8SV06uhlXNPRQx\n 2+1yjn0BGVz4fG6fh8/2qEXpCocWxZ2h1+p4MFlks4JiV/HTyKvohekUs2VvsoPGf5tOduNk40N\n 7cBSWgogMkZQJSZFzXVC4AuHJaidkB5JU2usMYSA/QaCBObyZsTf9H2jSwPHT5tJyWUyu9sD1Jx\n 6bJFR4/JQaKvkzsTigLDLmmO7ybWO75K1rJh36WM+x1B/MM8E=", "X-Received": "by 2002:a17:90b:4c8f:b0:354:7e46:4ab8 with SMTP id\n 98e67ed59e1d1-3549bc3e1f4mr8070810a91.18.1770466203215;\n Sat, 07 Feb 2026 04:10:03 -0800 (PST)", "From": "Brian Song <hibriansong@gmail.com>", "To": "qemu-block@nongnu.org", "Cc": "qemu-devel@nongnu.org, hibriansong@gmail.com, hreitz@redhat.com,\n kwolf@redhat.com, eblake@redhat.com, armbru@redhat.com,\n stefanha@redhat.com, fam@euphon.net, bernd@bsbernd.com", "Subject": "[Patch v4 4/7] fuse: refactor FUSE request handler", "Date": "Sat, 7 Feb 2026 20:08:58 +0800", "Message-ID": "<20260207120901.17222-5-hibriansong@gmail.com>", "X-Mailer": "git-send-email 2.43.0", "In-Reply-To": "<20260207120901.17222-1-hibriansong@gmail.com>", "References": "<20260207120901.17222-1-hibriansong@gmail.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Received-SPF": "pass client-ip=2607:f8b0:4864:20::102a;\n envelope-from=hibriansong@gmail.com; helo=mail-pj1-x102a.google.com", "X-Spam_score_int": "-20", "X-Spam_score": "-2.1", "X-Spam_bar": "--", "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,\n RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "This patch implements the CQE handler for FUSE-over-io_uring. Upon\nreceiving a FUSE request via a Completion Queue Entry (CQE), the\nhandler processes the request and submits the response back to the\nkernel via the FUSE_IO_URING_CMD_COMMIT_AND_FETCH command.\n\nAdditionally, the request processing logic shared between legacy and\nio_uring modes has been extracted into fuse_co_process_request_common().\nThe execution flow now dispatches requests to the appropriate\nmode-specific logic based on the uring_started flag.\n\nSuggested-by: Kevin Wolf <kwolf@redhat.com>\nSuggested-by: Stefan Hajnoczi <stefanha@redhat.com>\nSigned-off-by: Brian Song <hibriansong@gmail.com>\n---\n block/export/fuse.c | 400 +++++++++++++++++++++++++++++++++-----------\n 1 file changed, 301 insertions(+), 99 deletions(-)\n\n--\n2.43.0", "diff": "diff --git a/block/export/fuse.c b/block/export/fuse.c\nindex 867752555a..c117e081cd 100644\n--- a/block/export/fuse.c\n+++ b/block/export/fuse.c\n@@ -138,8 +138,8 @@ struct FuseQueue {\n * FUSE_MIN_READ_BUFFER (from linux/fuse.h) bytes.\n * This however is just the first part of the buffer; every read is given\n * a vector of this buffer (which should be enough for all normal requests,\n- * which we check via the static assertion in FUSE_IN_OP_STRUCT()) and the\n- * spill-over buffer below.\n+ * which we check via the static assertion in FUSE_IN_OP_STRUCT_LEGACY())\n+ * and the spill-over buffer below.\n * Therefore, the size of this buffer plus FUSE_SPILLOVER_BUF_SIZE must be\n * FUSE_MIN_READ_BUFFER or more (checked via static assertion below).\n */\n@@ -912,6 +912,7 @@ static void coroutine_fn co_read_from_fuse_fd(void *opaque)\n }\n\n fuse_co_process_request(q, spillover_buf);\n+ qemu_vfree(spillover_buf);\n\n no_request:\n fuse_dec_in_flight(exp);\n@@ -1684,100 +1685,75 @@ static int fuse_write_buf_response(int fd, uint32_t req_id,\n }\n\n /*\n- * For use in fuse_co_process_request():\n+ * For use in fuse_co_process_request_common():\n * Returns a pointer to the parameter object for the given operation (inside of\n- * queue->request_buf, which is assumed to hold a fuse_in_header first).\n- * Verifies that the object is complete (queue->request_buf is large enough to\n- * hold it in one piece, and the request length includes the whole object).\n+ * in_buf, which is assumed to hold a fuse_in_header first).\n+ * Verifies that the object is complete (in_buf is large enough to hold it in\n+ * one piece, and the request length includes the whole object).\n+ * Only performs verification for legacy FUSE.\n *\n * Note that queue->request_buf may be overwritten after yielding, so the\n * returned pointer must not be used across a function that may yield!\n */\n-#define FUSE_IN_OP_STRUCT(op_name, queue) \\\n+#define FUSE_IN_OP_STRUCT_LEGACY(op_name, queue) \\\n ({ \\\n const struct fuse_in_header *__in_hdr = \\\n (const struct fuse_in_header *)(queue)->request_buf; \\\n const struct fuse_##op_name##_in *__in = \\\n (const struct fuse_##op_name##_in *)(__in_hdr + 1); \\\n const size_t __param_len = sizeof(*__in_hdr) + sizeof(*__in); \\\n- uint32_t __req_len; \\\n \\\n- QEMU_BUILD_BUG_ON(sizeof((queue)->request_buf) < __param_len); \\\n+ QEMU_BUILD_BUG_ON(sizeof((queue)->request_buf) < \\\n+ (sizeof(struct fuse_in_header) + \\\n+ sizeof(struct fuse_##op_name##_in))); \\\n \\\n- __req_len = __in_hdr->len; \\\n+ uint32_t __req_len = __in_hdr->len; \\\n if (__req_len < __param_len) { \\\n warn_report(\"FUSE request truncated (%\" PRIu32 \" < %zu)\", \\\n __req_len, __param_len); \\\n ret = -EINVAL; \\\n- break; \\\n+ __in = NULL; \\\n } \\\n __in; \\\n })\n\n /*\n- * For use in fuse_co_process_request():\n+ * For use in fuse_co_process_request_common():\n * Returns a pointer to the return object for the given operation (inside of\n * out_buf, which is assumed to hold a fuse_out_header first).\n- * Verifies that out_buf is large enough to hold the whole object.\n+ * Only performs verification for legacy FUSE.\n+ * Note: Buffer size verification is done via static assertions in the caller\n+ * (fuse_co_process_request) where out_buf is a local array.\n *\n- * (out_buf should be a char[] array.)\n+ * (out_buf should be a char[] array in the caller.)\n */\n-#define FUSE_OUT_OP_STRUCT(op_name, out_buf) \\\n+#define FUSE_OUT_OP_STRUCT_LEGACY(op_name, out_buf) \\\n ({ \\\n struct fuse_out_header *__out_hdr = \\\n (struct fuse_out_header *)(out_buf); \\\n struct fuse_##op_name##_out *__out = \\\n (struct fuse_##op_name##_out *)(__out_hdr + 1); \\\n \\\n- QEMU_BUILD_BUG_ON(sizeof(*__out_hdr) + sizeof(*__out) > \\\n- sizeof(out_buf)); \\\n- \\\n __out; \\\n })\n\n /**\n- * Process a FUSE request, incl. writing the response.\n- *\n- * Note that yielding in any request-processing function can overwrite the\n- * contents of q->request_buf. Anything that takes a buffer needs to take\n- * care that the content is copied before yielding.\n- *\n- * @spillover_buf can contain the tail of a write request too large to fit into\n- * q->request_buf. This function takes ownership of it (i.e. will free it),\n- * which assumes that its contents will not be overwritten by concurrent\n- * requests (as opposed to q->request_buf).\n+ * Shared helper for FUSE request processing. Handles both legacy and io_uring\n+ * paths.\n */\n-static void coroutine_fn\n-fuse_co_process_request(FuseQueue *q, void *spillover_buf)\n+static void coroutine_fn fuse_co_process_request_common(\n+ FuseExport *exp,\n+ uint32_t opcode,\n+ uint64_t req_id,\n+ void *in_buf,\n+ void *spillover_buf,\n+ void *out_buf,\n+ void (*send_response)(void *opaque, uint32_t req_id, int ret,\n+ const void *buf, void *out_buf),\n+ void *opaque /* FuseQueue* or FuseUringEnt* */)\n {\n- FuseExport *exp = q->exp;\n- uint32_t opcode;\n- uint64_t req_id;\n- /*\n- * Return buffer. Must be large enough to hold all return headers, but does\n- * not include space for data returned by read requests.\n- * (FUSE_IN_OP_STRUCT() verifies at compile time that out_buf is indeed\n- * large enough.)\n- */\n- char out_buf[sizeof(struct fuse_out_header) +\n- MAX_CONST(sizeof(struct fuse_init_out),\n- MAX_CONST(sizeof(struct fuse_open_out),\n- MAX_CONST(sizeof(struct fuse_attr_out),\n- MAX_CONST(sizeof(struct fuse_write_out),\n- sizeof(struct fuse_lseek_out)))))];\n- struct fuse_out_header *out_hdr = (struct fuse_out_header *)out_buf;\n- /* For read requests: Data to be returned */\n void *out_data_buffer = NULL;\n- ssize_t ret;\n-\n- /* Limit scope to ensure pointer is no longer used after yielding */\n- {\n- const struct fuse_in_header *in_hdr =\n- (const struct fuse_in_header *)q->request_buf;\n-\n- opcode = in_hdr->opcode;\n- req_id = in_hdr->unique;\n- }\n+ int ret = 0;\n\n #ifdef CONFIG_LINUX_IO_URING\n /*\n@@ -1794,15 +1770,32 @@ fuse_co_process_request(FuseQueue *q, void *spillover_buf)\n\n switch (opcode) {\n case FUSE_INIT: {\n- const struct fuse_init_in *in = FUSE_IN_OP_STRUCT(init, q);\n- ret = fuse_co_init(exp, FUSE_OUT_OP_STRUCT(init, out_buf),\n- in->max_readahead, in);\n+ FuseQueue *q = opaque;\n+ const struct fuse_init_in *in =\n+ FUSE_IN_OP_STRUCT_LEGACY(init, q);\n+ if (!in) {\n+ break;\n+ }\n+\n+ struct fuse_init_out *out =\n+ FUSE_OUT_OP_STRUCT_LEGACY(init, out_buf);\n+\n+ ret = fuse_co_init(exp, out, in->max_readahead, in);\n break;\n }\n\n- case FUSE_OPEN:\n- ret = fuse_co_open(exp, FUSE_OUT_OP_STRUCT(open, out_buf));\n+ case FUSE_OPEN: {\n+ struct fuse_open_out *out;\n+\n+ if (exp->uring_started) {\n+ out = out_buf;\n+ } else {\n+ out = FUSE_OUT_OP_STRUCT_LEGACY(open, out_buf);\n+ }\n+\n+ ret = fuse_co_open(exp, out);\n break;\n+ }\n\n case FUSE_RELEASE:\n ret = 0;\n@@ -1812,37 +1805,105 @@ fuse_co_process_request(FuseQueue *q, void *spillover_buf)\n ret = -ENOENT; /* There is no node but the root node */\n break;\n\n- case FUSE_GETATTR:\n- ret = fuse_co_getattr(exp, FUSE_OUT_OP_STRUCT(attr, out_buf));\n+ case FUSE_GETATTR: {\n+ struct fuse_attr_out *out;\n+\n+ if (exp->uring_started) {\n+ out = out_buf;\n+ } else {\n+ out = FUSE_OUT_OP_STRUCT_LEGACY(attr, out_buf);\n+ }\n+\n+ ret = fuse_co_getattr(exp, out);\n break;\n+ }\n\n case FUSE_SETATTR: {\n- const struct fuse_setattr_in *in = FUSE_IN_OP_STRUCT(setattr, q);\n- ret = fuse_co_setattr(exp, FUSE_OUT_OP_STRUCT(attr, out_buf),\n- in->valid, in->size, in->mode, in->uid, in->gid);\n+ const struct fuse_setattr_in *in;\n+ struct fuse_attr_out *out;\n+\n+ if (exp->uring_started) {\n+ in = in_buf;\n+ out = out_buf;\n+ } else {\n+ FuseQueue *q = opaque;\n+ in = FUSE_IN_OP_STRUCT_LEGACY(setattr, q);\n+ if (!in) {\n+ break;\n+ }\n+\n+ out = FUSE_OUT_OP_STRUCT_LEGACY(attr, out_buf);\n+ }\n+\n+ ret = fuse_co_setattr(exp, out, in->valid, in->size, in->mode,\n+ in->uid, in->gid);\n break;\n }\n\n case FUSE_READ: {\n- const struct fuse_read_in *in = FUSE_IN_OP_STRUCT(read, q);\n+ const struct fuse_read_in *in;\n+\n+ if (exp->uring_started) {\n+ in = in_buf;\n+ } else {\n+ FuseQueue *q = opaque;\n+ in = FUSE_IN_OP_STRUCT_LEGACY(read, q);\n+ if (!in) {\n+ break;\n+ }\n+ }\n+\n ret = fuse_co_read(exp, &out_data_buffer, in->offset, in->size);\n break;\n }\n\n case FUSE_WRITE: {\n- const struct fuse_write_in *in = FUSE_IN_OP_STRUCT(write, q);\n- uint32_t req_len;\n-\n- req_len = ((const struct fuse_in_header *)q->request_buf)->len;\n- if (unlikely(req_len < sizeof(struct fuse_in_header) + sizeof(*in) +\n- in->size)) {\n- warn_report(\"FUSE WRITE truncated; received %zu bytes of %\" PRIu32,\n- req_len - sizeof(struct fuse_in_header) - sizeof(*in),\n- in->size);\n- ret = -EINVAL;\n- break;\n- }\n+ const struct fuse_write_in *in;\n+ struct fuse_write_out *out;\n+ const void *in_place_buf;\n+ const void *spill_buf;\n+\n+ if (exp->uring_started) {\n+ FuseUringEnt *ent = opaque;\n+\n+ in = in_buf;\n+ out = out_buf;\n+\n+ assert(in->size <= ent->req_header.ring_ent_in_out.payload_sz);\n\n+ /*\n+ * In uring mode, the \"out_buf\" (ent->payload) actually holds the\n+ * input data for WRITE requests.\n+ */\n+ in_place_buf = NULL;\n+ spill_buf = out_buf;\n+ } else {\n+ FuseQueue *q = opaque;\n+ in = FUSE_IN_OP_STRUCT_LEGACY(write, q);\n+ if (!in) {\n+ break;\n+ }\n+\n+ out = FUSE_OUT_OP_STRUCT_LEGACY(write, out_buf);\n+\n+ /* Additional check for WRITE: verify the request includes data */\n+ uint32_t req_len =\n+ ((const struct fuse_in_header *)(q->request_buf))->len;\n+\n+ if (unlikely(req_len < sizeof(struct fuse_in_header) + sizeof(*in) +\n+ in->size)) {\n+ warn_report(\"FUSE WRITE truncated; received %zu bytes of %\"\n+ PRIu32,\n+ req_len - sizeof(struct fuse_in_header) - sizeof(*in),\n+ in->size);\n+ ret = -EINVAL;\n+ break;\n+ }\n+\n+ /* Legacy buffer setup */\n+ in_place_buf = in + 1;\n+ spill_buf = spillover_buf;\n+ }\n /*\n * poll_fuse_fd() has checked that in_hdr->len matches the number of\n * bytes read, which cannot exceed the max_write value we set\n@@ -1856,13 +1917,24 @@ fuse_co_process_request(FuseQueue *q, void *spillover_buf)\n * fuse_co_write() takes care to copy its contents before potentially\n * yielding.\n */\n- ret = fuse_co_write(exp, FUSE_OUT_OP_STRUCT(write, out_buf),\n- in->offset, in->size, in + 1, spillover_buf);\n+ ret = fuse_co_write(exp, out, in->offset, in->size,\n+ in_place_buf, spill_buf);\n break;\n }\n\n case FUSE_FALLOCATE: {\n- const struct fuse_fallocate_in *in = FUSE_IN_OP_STRUCT(fallocate, q);\n+ const struct fuse_fallocate_in *in;\n+\n+ if (exp->uring_started) {\n+ in = in_buf;\n+ } else {\n+ FuseQueue *q = opaque;\n+ in = FUSE_IN_OP_STRUCT_LEGACY(fallocate, q);\n+ if (!in) {\n+ break;\n+ }\n+ }\n+\n ret = fuse_co_fallocate(exp, in->offset, in->length, in->mode);\n break;\n }\n@@ -1877,9 +1949,23 @@ fuse_co_process_request(FuseQueue *q, void *spillover_buf)\n\n #ifdef CONFIG_FUSE_LSEEK\n case FUSE_LSEEK: {\n- const struct fuse_lseek_in *in = FUSE_IN_OP_STRUCT(lseek, q);\n- ret = fuse_co_lseek(exp, FUSE_OUT_OP_STRUCT(lseek, out_buf),\n- in->offset, in->whence);\n+ const struct fuse_lseek_in *in;\n+ struct fuse_lseek_out *out;\n+\n+ if (exp->uring_started) {\n+ in = in_buf;\n+ out = out_buf;\n+ } else {\n+ FuseQueue *q = opaque;\n+ in = FUSE_IN_OP_STRUCT_LEGACY(lseek, q);\n+ if (!in) {\n+ break;\n+ }\n+\n+ out = FUSE_OUT_OP_STRUCT_LEGACY(lseek, out_buf);\n+ }\n+\n+ ret = fuse_co_lseek(exp, out, in->offset, in->whence);\n break;\n }\n #endif\n@@ -1888,20 +1974,12 @@ fuse_co_process_request(FuseQueue *q, void *spillover_buf)\n ret = -ENOSYS;\n }\n\n- /* Ignore errors from fuse_write*(), nothing we can do anyway */\n+ send_response(opaque, req_id, ret, out_data_buffer, out_buf);\n+\n if (out_data_buffer) {\n- assert(ret >= 0);\n- fuse_write_buf_response(q->fuse_fd, req_id, out_hdr,\n- out_data_buffer, ret);\n qemu_vfree(out_data_buffer);\n- } else {\n- fuse_write_response(q->fuse_fd, req_id, out_hdr,\n- ret < 0 ? ret : 0,\n- ret < 0 ? 0 : ret);\n }\n\n- qemu_vfree(spillover_buf);\n-\n #ifdef CONFIG_LINUX_IO_URING\n if (unlikely(opcode == FUSE_INIT) && uring_initially_enabled) {\n if (exp->is_uring && !exp->uring_started) {\n@@ -1910,7 +1988,8 @@ fuse_co_process_request(FuseQueue *q, void *spillover_buf)\n * If io_uring mode was requested for this export but it has not\n * been started yet, start it now.\n */\n- struct fuse_init_out *out = FUSE_OUT_OP_STRUCT(init, out_buf);\n+ struct fuse_init_out *out =\n+ FUSE_OUT_OP_STRUCT_LEGACY(init, out_buf);\n fuse_uring_start(exp, out);\n } else if (ret == -EOPNOTSUPP) {\n /*\n@@ -1923,12 +2002,135 @@ fuse_co_process_request(FuseQueue *q, void *spillover_buf)\n }\n #endif\n }\n+/* Helper to send response for legacy */\n+static void send_response_legacy(void *opaque, uint32_t req_id, int ret,\n+ const void *buf, void *out_buf)\n+{\n+ FuseQueue *q = (FuseQueue *)opaque;\n+ struct fuse_out_header *out_hdr = (struct fuse_out_header *)out_buf;\n+ if (buf) {\n+ assert(ret >= 0);\n+ fuse_write_buf_response(q->fuse_fd, req_id, out_hdr, buf, ret);\n+ } else {\n+ fuse_write_response(q->fuse_fd, req_id, out_hdr,\n+ ret < 0 ? ret : 0,\n+ ret < 0 ? 0 : ret);\n+ }\n+}\n+\n+static void coroutine_fn\n+fuse_co_process_request(FuseQueue *q, void *spillover_buf)\n+{\n+ FuseExport *exp = q->exp;\n+ uint32_t opcode;\n+ uint64_t req_id;\n+\n+ /*\n+ * Return buffer. Must be large enough to hold all return headers, but does\n+ * not include space for data returned by read requests.\n+ */\n+ char out_buf[sizeof(struct fuse_out_header) +\n+ MAX_CONST(sizeof(struct fuse_init_out),\n+ MAX_CONST(sizeof(struct fuse_open_out),\n+ MAX_CONST(sizeof(struct fuse_attr_out),\n+ MAX_CONST(sizeof(struct fuse_write_out),\n+ sizeof(struct fuse_lseek_out)))))] = {0};\n+\n+ /* Verify that out_buf is large enough for all output structures */\n+ QEMU_BUILD_BUG_ON(sizeof(struct fuse_out_header) +\n+ sizeof(struct fuse_init_out) > sizeof(out_buf));\n+ QEMU_BUILD_BUG_ON(sizeof(struct fuse_out_header) +\n+ sizeof(struct fuse_open_out) > sizeof(out_buf));\n+ QEMU_BUILD_BUG_ON(sizeof(struct fuse_out_header) +\n+ sizeof(struct fuse_attr_out) > sizeof(out_buf));\n+ QEMU_BUILD_BUG_ON(sizeof(struct fuse_out_header) +\n+ sizeof(struct fuse_write_out) > sizeof(out_buf));\n+#ifdef CONFIG_FUSE_LSEEK\n+ QEMU_BUILD_BUG_ON(sizeof(struct fuse_out_header) +\n+ sizeof(struct fuse_lseek_out) > sizeof(out_buf));\n+#endif\n+\n+ /* Limit scope to ensure pointer is no longer used after yielding */\n+ {\n+ const struct fuse_in_header *in_hdr =\n+ (const struct fuse_in_header *)q->request_buf;\n+\n+ opcode = in_hdr->opcode;\n+ req_id = in_hdr->unique;\n+ }\n+\n+ fuse_co_process_request_common(exp, opcode, req_id, NULL, spillover_buf,\n+ out_buf, send_response_legacy, q);\n+}\n\n #ifdef CONFIG_LINUX_IO_URING\n+static void fuse_uring_prep_sqe_commit(struct io_uring_sqe *sqe, void *opaque)\n+{\n+ FuseUringEnt *ent = opaque;\n+ struct fuse_uring_cmd_req *req = (void *)&sqe->cmd[0];\n+\n+ ent->last_cmd = FUSE_IO_URING_CMD_COMMIT_AND_FETCH;\n+\n+ fuse_uring_sqe_prepare(sqe, ent->rq->q, ent->last_cmd);\n+ fuse_uring_sqe_set_req_data(req, ent->rq->rqid, ent->req_commit_id);\n+}\n+\n+static void\n+fuse_uring_send_response(FuseUringEnt *ent, uint32_t req_id, int ret,\n+ const void *out_data_buffer)\n+{\n+ FuseExport *exp = ent->rq->q->exp;\n+\n+ struct fuse_uring_req_header *rrh = &ent->req_header;\n+ struct fuse_out_header *out_header = (struct fuse_out_header *)&rrh->in_out;\n+ struct fuse_uring_ent_in_out *ent_in_out =\n+ (struct fuse_uring_ent_in_out *)&rrh->ring_ent_in_out;\n+\n+ /* FUSE_READ */\n+ if (out_data_buffer && ret > 0) {\n+ memcpy(ent->req_payload, out_data_buffer, ret);\n+ }\n+\n+ out_header->error = ret < 0 ? ret : 0;\n+ out_header->unique = req_id;\n+ ent_in_out->payload_sz = ret > 0 ? ret : 0;\n+\n+ /* Commit and fetch a uring entry */\n+ blk_exp_ref(&exp->common);\n+ aio_add_sqe(fuse_uring_prep_sqe_commit, ent, &ent->fuse_cqe_handler);\n+}\n+\n+/* Helper to send response for uring */\n+static void send_response_uring(void *opaque, uint32_t req_id, int ret,\n+ const void *out_data_buffer, void *payload)\n+{\n+ FuseUringEnt *ent = (FuseUringEnt *)opaque;\n+\n+ fuse_uring_send_response(ent, req_id, ret, out_data_buffer);\n+}\n+\n static void coroutine_fn fuse_uring_co_process_request(FuseUringEnt *ent)\n {\n- /* TODO */\n- (void)ent;\n+ FuseExport *exp = ent->rq->q->exp;\n+ struct fuse_uring_req_header *rrh = &ent->req_header;\n+ struct fuse_uring_ent_in_out *ent_in_out =\n+ (struct fuse_uring_ent_in_out *)&rrh->ring_ent_in_out;\n+ struct fuse_in_header *in_hdr =\n+ (struct fuse_in_header *)&rrh->in_out;\n+ uint32_t opcode = in_hdr->opcode;\n+ uint64_t req_id = in_hdr->unique;\n+\n+ ent->req_commit_id = ent_in_out->commit_id;\n+\n+ if (unlikely(ent->req_commit_id == 0)) {\n+ error_report(\"If this happens kernel will not find the response - \"\n+ \"it will be stuck forever - better to abort immediately.\");\n+ fuse_export_halt(exp);\n+ return;\n+ }\n+\n+ fuse_co_process_request_common(exp, opcode, req_id, &rrh->op_in,\n+ NULL, ent->req_payload, send_response_uring, ent);\n }\n #endif /* CONFIG_LINUX_IO_URING */\n\n", "prefixes": [ "v4", "4/7" ] }