1 /*
2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu>
4
5 This program can be distributed under the terms of the GNU GPL.
6 See the file COPYING.
7 */
8
9 #include "fuse_i.h"
10
11 #include <linux/pagemap.h>
12 #include <linux/file.h>
13 #include <linux/fs_context.h>
14 #include <linux/sched.h>
15 #include <linux/namei.h>
16 #include <linux/slab.h>
17 #include <linux/xattr.h>
18 #include <linux/iversion.h>
19 #include <linux/posix_acl.h>
20
fuse_advise_use_readdirplus(struct inode * dir)21 static void fuse_advise_use_readdirplus(struct inode *dir)
22 {
23 struct fuse_inode *fi = get_fuse_inode(dir);
24
25 set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state);
26 }
27
28 #if BITS_PER_LONG >= 64
__fuse_dentry_settime(struct dentry * entry,u64 time)29 static inline void __fuse_dentry_settime(struct dentry *entry, u64 time)
30 {
31 entry->d_fsdata = (void *) time;
32 }
33
fuse_dentry_time(const struct dentry * entry)34 static inline u64 fuse_dentry_time(const struct dentry *entry)
35 {
36 return (u64)entry->d_fsdata;
37 }
38
39 #else
40 union fuse_dentry {
41 u64 time;
42 struct rcu_head rcu;
43 };
44
__fuse_dentry_settime(struct dentry * dentry,u64 time)45 static inline void __fuse_dentry_settime(struct dentry *dentry, u64 time)
46 {
47 ((union fuse_dentry *) dentry->d_fsdata)->time = time;
48 }
49
fuse_dentry_time(const struct dentry * entry)50 static inline u64 fuse_dentry_time(const struct dentry *entry)
51 {
52 return ((union fuse_dentry *) entry->d_fsdata)->time;
53 }
54 #endif
55
fuse_dentry_settime(struct dentry * dentry,u64 time)56 static void fuse_dentry_settime(struct dentry *dentry, u64 time)
57 {
58 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
59 bool delete = !time && fc->delete_stale;
60 /*
61 * Mess with DCACHE_OP_DELETE because dput() will be faster without it.
62 * Don't care about races, either way it's just an optimization
63 */
64 if ((!delete && (dentry->d_flags & DCACHE_OP_DELETE)) ||
65 (delete && !(dentry->d_flags & DCACHE_OP_DELETE))) {
66 spin_lock(&dentry->d_lock);
67 if (!delete)
68 dentry->d_flags &= ~DCACHE_OP_DELETE;
69 else
70 dentry->d_flags |= DCACHE_OP_DELETE;
71 spin_unlock(&dentry->d_lock);
72 }
73
74 __fuse_dentry_settime(dentry, time);
75 }
76
77 /*
78 * FUSE caches dentries and attributes with separate timeout. The
79 * time in jiffies until the dentry/attributes are valid is stored in
80 * dentry->d_fsdata and fuse_inode->i_time respectively.
81 */
82
83 /*
84 * Calculate the time in jiffies until a dentry/attributes are valid
85 */
time_to_jiffies(u64 sec,u32 nsec)86 static u64 time_to_jiffies(u64 sec, u32 nsec)
87 {
88 if (sec || nsec) {
89 struct timespec64 ts = {
90 sec,
91 min_t(u32, nsec, NSEC_PER_SEC - 1)
92 };
93
94 return get_jiffies_64() + timespec64_to_jiffies(&ts);
95 } else
96 return 0;
97 }
98
99 /*
100 * Set dentry and possibly attribute timeouts from the lookup/mk*
101 * replies
102 */
fuse_change_entry_timeout(struct dentry * entry,struct fuse_entry_out * o)103 void fuse_change_entry_timeout(struct dentry *entry, struct fuse_entry_out *o)
104 {
105 fuse_dentry_settime(entry,
106 time_to_jiffies(o->entry_valid, o->entry_valid_nsec));
107 }
108
attr_timeout(struct fuse_attr_out * o)109 static u64 attr_timeout(struct fuse_attr_out *o)
110 {
111 return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
112 }
113
entry_attr_timeout(struct fuse_entry_out * o)114 u64 entry_attr_timeout(struct fuse_entry_out *o)
115 {
116 return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
117 }
118
fuse_invalidate_attr_mask(struct inode * inode,u32 mask)119 static void fuse_invalidate_attr_mask(struct inode *inode, u32 mask)
120 {
121 set_mask_bits(&get_fuse_inode(inode)->inval_mask, 0, mask);
122 }
123
124 /*
125 * Mark the attributes as stale, so that at the next call to
126 * ->getattr() they will be fetched from userspace
127 */
fuse_invalidate_attr(struct inode * inode)128 void fuse_invalidate_attr(struct inode *inode)
129 {
130 fuse_invalidate_attr_mask(inode, STATX_BASIC_STATS);
131 }
132
fuse_dir_changed(struct inode * dir)133 static void fuse_dir_changed(struct inode *dir)
134 {
135 fuse_invalidate_attr(dir);
136 inode_maybe_inc_iversion(dir, false);
137 }
138
139 /**
140 * Mark the attributes as stale due to an atime change. Avoid the invalidate if
141 * atime is not used.
142 */
fuse_invalidate_atime(struct inode * inode)143 void fuse_invalidate_atime(struct inode *inode)
144 {
145 if (!IS_RDONLY(inode))
146 fuse_invalidate_attr_mask(inode, STATX_ATIME);
147 }
148
149 /*
150 * Just mark the entry as stale, so that a next attempt to look it up
151 * will result in a new lookup call to userspace
152 *
153 * This is called when a dentry is about to become negative and the
154 * timeout is unknown (unlink, rmdir, rename and in some cases
155 * lookup)
156 */
fuse_invalidate_entry_cache(struct dentry * entry)157 void fuse_invalidate_entry_cache(struct dentry *entry)
158 {
159 fuse_dentry_settime(entry, 0);
160 }
161
162 /*
163 * Same as fuse_invalidate_entry_cache(), but also try to remove the
164 * dentry from the hash
165 */
fuse_invalidate_entry(struct dentry * entry)166 static void fuse_invalidate_entry(struct dentry *entry)
167 {
168 d_invalidate(entry);
169 fuse_invalidate_entry_cache(entry);
170 }
171
fuse_lookup_init(struct fuse_conn * fc,struct fuse_args * args,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg)172 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args,
173 u64 nodeid, const struct qstr *name,
174 struct fuse_entry_out *outarg)
175 {
176 memset(outarg, 0, sizeof(struct fuse_entry_out));
177 args->opcode = FUSE_LOOKUP;
178 args->nodeid = nodeid;
179 args->in_numargs = 1;
180 args->in_args[0].size = name->len + 1;
181 args->in_args[0].value = name->name;
182 args->out_numargs = 1;
183 args->out_args[0].size = sizeof(struct fuse_entry_out);
184 args->out_args[0].value = outarg;
185 }
186
187 /*
188 * Check whether the dentry is still valid
189 *
190 * If the entry validity timeout has expired and the dentry is
191 * positive, try to redo the lookup. If the lookup results in a
192 * different inode, then let the VFS invalidate the dentry and redo
193 * the lookup once more. If the lookup results in the same inode,
194 * then refresh the attributes, timeouts and mark the dentry valid.
195 */
fuse_dentry_revalidate(struct dentry * entry,unsigned int flags)196 static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags)
197 {
198 struct inode *inode;
199 struct dentry *parent;
200 struct fuse_mount *fm;
201 struct fuse_inode *fi;
202 int ret;
203
204 inode = d_inode_rcu(entry);
205 if (inode && fuse_is_bad(inode))
206 goto invalid;
207 else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||
208 (flags & LOOKUP_REVAL)) {
209 struct fuse_entry_out outarg;
210 FUSE_ARGS(args);
211 struct fuse_forget_link *forget;
212 u64 attr_version;
213
214 /* For negative dentries, always do a fresh lookup */
215 if (!inode)
216 goto invalid;
217
218 ret = -ECHILD;
219 if (flags & LOOKUP_RCU)
220 goto out;
221
222 fm = get_fuse_mount(inode);
223
224 forget = fuse_alloc_forget();
225 ret = -ENOMEM;
226 if (!forget)
227 goto out;
228
229 attr_version = fuse_get_attr_version(fm->fc);
230
231 parent = dget_parent(entry);
232 fuse_lookup_init(fm->fc, &args, get_node_id(d_inode(parent)),
233 &entry->d_name, &outarg);
234 ret = fuse_simple_request(fm, &args);
235 dput(parent);
236 /* Zero nodeid is same as -ENOENT */
237 if (!ret && !outarg.nodeid)
238 ret = -ENOENT;
239 if (!ret) {
240 fi = get_fuse_inode(inode);
241 if (outarg.nodeid != get_node_id(inode) ||
242 (bool) IS_AUTOMOUNT(inode) != (bool) (outarg.attr.flags & FUSE_ATTR_SUBMOUNT)) {
243 fuse_queue_forget(fm->fc, forget,
244 outarg.nodeid, 1);
245 goto invalid;
246 }
247 spin_lock(&fi->lock);
248 fi->nlookup++;
249 spin_unlock(&fi->lock);
250 }
251 kfree(forget);
252 if (ret == -ENOMEM)
253 goto out;
254 if (ret || fuse_invalid_attr(&outarg.attr) ||
255 fuse_stale_inode(inode, outarg.generation, &outarg.attr))
256 goto invalid;
257
258 forget_all_cached_acls(inode);
259 fuse_change_attributes(inode, &outarg.attr,
260 entry_attr_timeout(&outarg),
261 attr_version);
262 fuse_change_entry_timeout(entry, &outarg);
263 } else if (inode) {
264 fi = get_fuse_inode(inode);
265 if (flags & LOOKUP_RCU) {
266 if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state))
267 return -ECHILD;
268 } else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) {
269 parent = dget_parent(entry);
270 fuse_advise_use_readdirplus(d_inode(parent));
271 dput(parent);
272 }
273 }
274 ret = 1;
275 out:
276 return ret;
277
278 invalid:
279 ret = 0;
280 goto out;
281 }
282
283 #if BITS_PER_LONG < 64
fuse_dentry_init(struct dentry * dentry)284 static int fuse_dentry_init(struct dentry *dentry)
285 {
286 dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry),
287 GFP_KERNEL_ACCOUNT | __GFP_RECLAIMABLE);
288
289 return dentry->d_fsdata ? 0 : -ENOMEM;
290 }
fuse_dentry_release(struct dentry * dentry)291 static void fuse_dentry_release(struct dentry *dentry)
292 {
293 union fuse_dentry *fd = dentry->d_fsdata;
294
295 kfree_rcu(fd, rcu);
296 }
297 #endif
298
fuse_dentry_delete(const struct dentry * dentry)299 static int fuse_dentry_delete(const struct dentry *dentry)
300 {
301 return time_before64(fuse_dentry_time(dentry), get_jiffies_64());
302 }
303
304 /*
305 * Create a fuse_mount object with a new superblock (with path->dentry
306 * as the root), and return that mount so it can be auto-mounted on
307 * @path.
308 */
fuse_dentry_automount(struct path * path)309 static struct vfsmount *fuse_dentry_automount(struct path *path)
310 {
311 struct fs_context *fsc;
312 struct fuse_mount *parent_fm = get_fuse_mount_super(path->mnt->mnt_sb);
313 struct fuse_conn *fc = parent_fm->fc;
314 struct fuse_mount *fm;
315 struct vfsmount *mnt;
316 struct fuse_inode *mp_fi = get_fuse_inode(d_inode(path->dentry));
317 struct super_block *sb;
318 int err;
319
320 fsc = fs_context_for_submount(path->mnt->mnt_sb->s_type, path->dentry);
321 if (IS_ERR(fsc)) {
322 err = PTR_ERR(fsc);
323 goto out;
324 }
325
326 err = -ENOMEM;
327 fm = kzalloc(sizeof(struct fuse_mount), GFP_KERNEL);
328 if (!fm)
329 goto out_put_fsc;
330
331 refcount_set(&fm->count, 1);
332 fsc->s_fs_info = fm;
333 sb = sget_fc(fsc, NULL, set_anon_super_fc);
334 if (IS_ERR(sb)) {
335 err = PTR_ERR(sb);
336 fuse_mount_put(fm);
337 goto out_put_fsc;
338 }
339 fm->fc = fuse_conn_get(fc);
340
341 /* Initialize superblock, making @mp_fi its root */
342 err = fuse_fill_super_submount(sb, mp_fi);
343 if (err) {
344 fuse_conn_put(fc);
345 kfree(fm);
346 sb->s_fs_info = NULL;
347 goto out_put_sb;
348 }
349
350 down_write(&fc->killsb);
351 list_add_tail(&fm->fc_entry, &fc->mounts);
352 up_write(&fc->killsb);
353
354 sb->s_flags |= SB_ACTIVE;
355 fsc->root = dget(sb->s_root);
356
357 /*
358 * FIXME: setting SB_BORN requires a write barrier for
359 * super_cache_count(). We should actually come
360 * up with a proper ->get_tree() implementation
361 * for submounts and call vfs_get_tree() to take
362 * care of the write barrier.
363 */
364 smp_wmb();
365 sb->s_flags |= SB_BORN;
366
367 /* We are done configuring the superblock, so unlock it */
368 up_write(&sb->s_umount);
369
370 /* Create the submount */
371 mnt = vfs_create_mount(fsc);
372 if (IS_ERR(mnt)) {
373 err = PTR_ERR(mnt);
374 goto out_put_fsc;
375 }
376 mntget(mnt);
377 put_fs_context(fsc);
378 return mnt;
379
380 out_put_sb:
381 /*
382 * Only jump here when fsc->root is NULL and sb is still locked
383 * (otherwise put_fs_context() will put the superblock)
384 */
385 deactivate_locked_super(sb);
386 out_put_fsc:
387 put_fs_context(fsc);
388 out:
389 return ERR_PTR(err);
390 }
391
392 const struct dentry_operations fuse_dentry_operations = {
393 .d_revalidate = fuse_dentry_revalidate,
394 .d_delete = fuse_dentry_delete,
395 #if BITS_PER_LONG < 64
396 .d_init = fuse_dentry_init,
397 .d_release = fuse_dentry_release,
398 #endif
399 .d_automount = fuse_dentry_automount,
400 };
401
402 const struct dentry_operations fuse_root_dentry_operations = {
403 #if BITS_PER_LONG < 64
404 .d_init = fuse_dentry_init,
405 .d_release = fuse_dentry_release,
406 #endif
407 };
408
fuse_valid_type(int m)409 int fuse_valid_type(int m)
410 {
411 return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) ||
412 S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m);
413 }
414
fuse_invalid_attr(struct fuse_attr * attr)415 bool fuse_invalid_attr(struct fuse_attr *attr)
416 {
417 return !fuse_valid_type(attr->mode) ||
418 attr->size > LLONG_MAX;
419 }
420
fuse_lookup_name(struct super_block * sb,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg,struct inode ** inode)421 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name,
422 struct fuse_entry_out *outarg, struct inode **inode)
423 {
424 struct fuse_mount *fm = get_fuse_mount_super(sb);
425 FUSE_ARGS(args);
426 struct fuse_forget_link *forget;
427 u64 attr_version;
428 int err;
429
430 *inode = NULL;
431 err = -ENAMETOOLONG;
432 if (name->len > FUSE_NAME_MAX)
433 goto out;
434
435
436 forget = fuse_alloc_forget();
437 err = -ENOMEM;
438 if (!forget)
439 goto out;
440
441 attr_version = fuse_get_attr_version(fm->fc);
442
443 fuse_lookup_init(fm->fc, &args, nodeid, name, outarg);
444 err = fuse_simple_request(fm, &args);
445 /* Zero nodeid is same as -ENOENT, but with valid timeout */
446 if (err || !outarg->nodeid)
447 goto out_put_forget;
448
449 err = -EIO;
450 if (!outarg->nodeid)
451 goto out_put_forget;
452 if (fuse_invalid_attr(&outarg->attr))
453 goto out_put_forget;
454
455 *inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
456 &outarg->attr, entry_attr_timeout(outarg),
457 attr_version);
458 err = -ENOMEM;
459 if (!*inode) {
460 fuse_queue_forget(fm->fc, forget, outarg->nodeid, 1);
461 goto out;
462 }
463 err = 0;
464
465 out_put_forget:
466 kfree(forget);
467 out:
468 return err;
469 }
470
fuse_lookup(struct inode * dir,struct dentry * entry,unsigned int flags)471 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
472 unsigned int flags)
473 {
474 int err;
475 struct fuse_entry_out outarg;
476 struct inode *inode;
477 struct dentry *newent;
478 bool outarg_valid = true;
479 bool locked;
480
481 if (fuse_is_bad(dir))
482 return ERR_PTR(-EIO);
483
484 locked = fuse_lock_inode(dir);
485 err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name,
486 &outarg, &inode);
487 fuse_unlock_inode(dir, locked);
488 if (err == -ENOENT) {
489 outarg_valid = false;
490 err = 0;
491 }
492 if (err)
493 goto out_err;
494
495 err = -EIO;
496 if (inode && get_node_id(inode) == FUSE_ROOT_ID)
497 goto out_iput;
498
499 newent = d_splice_alias(inode, entry);
500 err = PTR_ERR(newent);
501 if (IS_ERR(newent))
502 goto out_err;
503
504 entry = newent ? newent : entry;
505 if (outarg_valid)
506 fuse_change_entry_timeout(entry, &outarg);
507 else
508 fuse_invalidate_entry_cache(entry);
509
510 if (inode)
511 fuse_advise_use_readdirplus(dir);
512 return newent;
513
514 out_iput:
515 iput(inode);
516 out_err:
517 return ERR_PTR(err);
518 }
519
520 /*
521 * Atomic create+open operation
522 *
523 * If the filesystem doesn't support this, then fall back to separate
524 * 'mknod' + 'open' requests.
525 */
fuse_create_open(struct inode * dir,struct dentry * entry,struct file * file,unsigned flags,umode_t mode)526 static int fuse_create_open(struct inode *dir, struct dentry *entry,
527 struct file *file, unsigned flags,
528 umode_t mode)
529 {
530 int err;
531 struct inode *inode;
532 struct fuse_mount *fm = get_fuse_mount(dir);
533 FUSE_ARGS(args);
534 struct fuse_forget_link *forget;
535 struct fuse_create_in inarg;
536 struct fuse_open_out outopen;
537 struct fuse_entry_out outentry;
538 struct fuse_inode *fi;
539 struct fuse_file *ff;
540
541 /* Userspace expects S_IFREG in create mode */
542 BUG_ON((mode & S_IFMT) != S_IFREG);
543
544 forget = fuse_alloc_forget();
545 err = -ENOMEM;
546 if (!forget)
547 goto out_err;
548
549 err = -ENOMEM;
550 ff = fuse_file_alloc(fm);
551 if (!ff)
552 goto out_put_forget_req;
553
554 if (!fm->fc->dont_mask)
555 mode &= ~current_umask();
556
557 flags &= ~O_NOCTTY;
558 memset(&inarg, 0, sizeof(inarg));
559 memset(&outentry, 0, sizeof(outentry));
560 inarg.flags = flags;
561 inarg.mode = mode;
562 inarg.umask = current_umask();
563 args.opcode = FUSE_CREATE;
564 args.nodeid = get_node_id(dir);
565 args.in_numargs = 2;
566 args.in_args[0].size = sizeof(inarg);
567 args.in_args[0].value = &inarg;
568 args.in_args[1].size = entry->d_name.len + 1;
569 args.in_args[1].value = entry->d_name.name;
570 args.out_numargs = 2;
571 args.out_args[0].size = sizeof(outentry);
572 args.out_args[0].value = &outentry;
573 args.out_args[1].size = sizeof(outopen);
574 args.out_args[1].value = &outopen;
575 err = fuse_simple_request(fm, &args);
576 if (err)
577 goto out_free_ff;
578
579 err = -EIO;
580 if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid) ||
581 fuse_invalid_attr(&outentry.attr))
582 goto out_free_ff;
583
584 ff->fh = outopen.fh;
585 ff->nodeid = outentry.nodeid;
586 ff->open_flags = outopen.open_flags;
587 inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation,
588 &outentry.attr, entry_attr_timeout(&outentry), 0);
589 if (!inode) {
590 flags &= ~(O_CREAT | O_EXCL | O_TRUNC);
591 fuse_sync_release(NULL, ff, flags);
592 fuse_queue_forget(fm->fc, forget, outentry.nodeid, 1);
593 err = -ENOMEM;
594 goto out_err;
595 }
596 kfree(forget);
597 d_instantiate(entry, inode);
598 fuse_change_entry_timeout(entry, &outentry);
599 fuse_dir_changed(dir);
600 err = finish_open(file, entry, generic_file_open);
601 if (err) {
602 fi = get_fuse_inode(inode);
603 fuse_sync_release(fi, ff, flags);
604 } else {
605 file->private_data = ff;
606 fuse_finish_open(inode, file);
607 }
608 return err;
609
610 out_free_ff:
611 fuse_file_free(ff);
612 out_put_forget_req:
613 kfree(forget);
614 out_err:
615 return err;
616 }
617
618 static int fuse_mknod(struct inode *, struct dentry *, umode_t, dev_t);
fuse_atomic_open(struct inode * dir,struct dentry * entry,struct file * file,unsigned flags,umode_t mode)619 static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
620 struct file *file, unsigned flags,
621 umode_t mode)
622 {
623 int err;
624 struct fuse_conn *fc = get_fuse_conn(dir);
625 struct dentry *res = NULL;
626
627 if (fuse_is_bad(dir))
628 return -EIO;
629
630 if (d_in_lookup(entry)) {
631 res = fuse_lookup(dir, entry, 0);
632 if (IS_ERR(res))
633 return PTR_ERR(res);
634
635 if (res)
636 entry = res;
637 }
638
639 if (!(flags & O_CREAT) || d_really_is_positive(entry))
640 goto no_open;
641
642 /* Only creates */
643 file->f_mode |= FMODE_CREATED;
644
645 if (fc->no_create)
646 goto mknod;
647
648 err = fuse_create_open(dir, entry, file, flags, mode);
649 if (err == -ENOSYS) {
650 fc->no_create = 1;
651 goto mknod;
652 }
653 out_dput:
654 dput(res);
655 return err;
656
657 mknod:
658 err = fuse_mknod(dir, entry, mode, 0);
659 if (err)
660 goto out_dput;
661 no_open:
662 return finish_no_open(file, res);
663 }
664
665 /*
666 * Code shared between mknod, mkdir, symlink and link
667 */
create_new_entry(struct fuse_mount * fm,struct fuse_args * args,struct inode * dir,struct dentry * entry,umode_t mode)668 static int create_new_entry(struct fuse_mount *fm, struct fuse_args *args,
669 struct inode *dir, struct dentry *entry,
670 umode_t mode)
671 {
672 struct fuse_entry_out outarg;
673 struct inode *inode;
674 struct dentry *d;
675 int err;
676 struct fuse_forget_link *forget;
677
678 if (fuse_is_bad(dir))
679 return -EIO;
680
681 forget = fuse_alloc_forget();
682 if (!forget)
683 return -ENOMEM;
684
685 memset(&outarg, 0, sizeof(outarg));
686 args->nodeid = get_node_id(dir);
687 args->out_numargs = 1;
688 args->out_args[0].size = sizeof(outarg);
689 args->out_args[0].value = &outarg;
690 err = fuse_simple_request(fm, args);
691 if (err)
692 goto out_put_forget_req;
693
694 err = -EIO;
695 if (invalid_nodeid(outarg.nodeid) || fuse_invalid_attr(&outarg.attr))
696 goto out_put_forget_req;
697
698 if ((outarg.attr.mode ^ mode) & S_IFMT)
699 goto out_put_forget_req;
700
701 inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation,
702 &outarg.attr, entry_attr_timeout(&outarg), 0);
703 if (!inode) {
704 fuse_queue_forget(fm->fc, forget, outarg.nodeid, 1);
705 return -ENOMEM;
706 }
707 kfree(forget);
708
709 d_drop(entry);
710 d = d_splice_alias(inode, entry);
711 if (IS_ERR(d))
712 return PTR_ERR(d);
713
714 if (d) {
715 fuse_change_entry_timeout(d, &outarg);
716 dput(d);
717 } else {
718 fuse_change_entry_timeout(entry, &outarg);
719 }
720 fuse_dir_changed(dir);
721 return 0;
722
723 out_put_forget_req:
724 kfree(forget);
725 return err;
726 }
727
fuse_mknod(struct inode * dir,struct dentry * entry,umode_t mode,dev_t rdev)728 static int fuse_mknod(struct inode *dir, struct dentry *entry, umode_t mode,
729 dev_t rdev)
730 {
731 struct fuse_mknod_in inarg;
732 struct fuse_mount *fm = get_fuse_mount(dir);
733 FUSE_ARGS(args);
734
735 if (!fm->fc->dont_mask)
736 mode &= ~current_umask();
737
738 memset(&inarg, 0, sizeof(inarg));
739 inarg.mode = mode;
740 inarg.rdev = new_encode_dev(rdev);
741 inarg.umask = current_umask();
742 args.opcode = FUSE_MKNOD;
743 args.in_numargs = 2;
744 args.in_args[0].size = sizeof(inarg);
745 args.in_args[0].value = &inarg;
746 args.in_args[1].size = entry->d_name.len + 1;
747 args.in_args[1].value = entry->d_name.name;
748 return create_new_entry(fm, &args, dir, entry, mode);
749 }
750
fuse_create(struct inode * dir,struct dentry * entry,umode_t mode,bool excl)751 static int fuse_create(struct inode *dir, struct dentry *entry, umode_t mode,
752 bool excl)
753 {
754 return fuse_mknod(dir, entry, mode, 0);
755 }
756
fuse_mkdir(struct inode * dir,struct dentry * entry,umode_t mode)757 static int fuse_mkdir(struct inode *dir, struct dentry *entry, umode_t mode)
758 {
759 struct fuse_mkdir_in inarg;
760 struct fuse_mount *fm = get_fuse_mount(dir);
761 FUSE_ARGS(args);
762
763 if (!fm->fc->dont_mask)
764 mode &= ~current_umask();
765
766 memset(&inarg, 0, sizeof(inarg));
767 inarg.mode = mode;
768 inarg.umask = current_umask();
769 args.opcode = FUSE_MKDIR;
770 args.in_numargs = 2;
771 args.in_args[0].size = sizeof(inarg);
772 args.in_args[0].value = &inarg;
773 args.in_args[1].size = entry->d_name.len + 1;
774 args.in_args[1].value = entry->d_name.name;
775 return create_new_entry(fm, &args, dir, entry, S_IFDIR);
776 }
777
fuse_symlink(struct inode * dir,struct dentry * entry,const char * link)778 static int fuse_symlink(struct inode *dir, struct dentry *entry,
779 const char *link)
780 {
781 struct fuse_mount *fm = get_fuse_mount(dir);
782 unsigned len = strlen(link) + 1;
783 FUSE_ARGS(args);
784
785 args.opcode = FUSE_SYMLINK;
786 args.in_numargs = 2;
787 args.in_args[0].size = entry->d_name.len + 1;
788 args.in_args[0].value = entry->d_name.name;
789 args.in_args[1].size = len;
790 args.in_args[1].value = link;
791 return create_new_entry(fm, &args, dir, entry, S_IFLNK);
792 }
793
fuse_flush_time_update(struct inode * inode)794 void fuse_flush_time_update(struct inode *inode)
795 {
796 int err = sync_inode_metadata(inode, 1);
797
798 mapping_set_error(inode->i_mapping, err);
799 }
800
fuse_update_ctime(struct inode * inode)801 void fuse_update_ctime(struct inode *inode)
802 {
803 if (!IS_NOCMTIME(inode)) {
804 inode->i_ctime = current_time(inode);
805 mark_inode_dirty_sync(inode);
806 fuse_flush_time_update(inode);
807 }
808 }
809
fuse_unlink(struct inode * dir,struct dentry * entry)810 static int fuse_unlink(struct inode *dir, struct dentry *entry)
811 {
812 int err;
813 struct fuse_mount *fm = get_fuse_mount(dir);
814 FUSE_ARGS(args);
815
816 if (fuse_is_bad(dir))
817 return -EIO;
818
819 args.opcode = FUSE_UNLINK;
820 args.nodeid = get_node_id(dir);
821 args.in_numargs = 1;
822 args.in_args[0].size = entry->d_name.len + 1;
823 args.in_args[0].value = entry->d_name.name;
824 err = fuse_simple_request(fm, &args);
825 if (!err) {
826 struct inode *inode = d_inode(entry);
827 struct fuse_inode *fi = get_fuse_inode(inode);
828
829 spin_lock(&fi->lock);
830 fi->attr_version = atomic64_inc_return(&fm->fc->attr_version);
831 /*
832 * If i_nlink == 0 then unlink doesn't make sense, yet this can
833 * happen if userspace filesystem is careless. It would be
834 * difficult to enforce correct nlink usage so just ignore this
835 * condition here
836 */
837 if (inode->i_nlink > 0)
838 drop_nlink(inode);
839 spin_unlock(&fi->lock);
840 fuse_invalidate_attr(inode);
841 fuse_dir_changed(dir);
842 fuse_invalidate_entry_cache(entry);
843 fuse_update_ctime(inode);
844 } else if (err == -EINTR)
845 fuse_invalidate_entry(entry);
846 return err;
847 }
848
fuse_rmdir(struct inode * dir,struct dentry * entry)849 static int fuse_rmdir(struct inode *dir, struct dentry *entry)
850 {
851 int err;
852 struct fuse_mount *fm = get_fuse_mount(dir);
853 FUSE_ARGS(args);
854
855 if (fuse_is_bad(dir))
856 return -EIO;
857
858 args.opcode = FUSE_RMDIR;
859 args.nodeid = get_node_id(dir);
860 args.in_numargs = 1;
861 args.in_args[0].size = entry->d_name.len + 1;
862 args.in_args[0].value = entry->d_name.name;
863 err = fuse_simple_request(fm, &args);
864 if (!err) {
865 clear_nlink(d_inode(entry));
866 fuse_dir_changed(dir);
867 fuse_invalidate_entry_cache(entry);
868 } else if (err == -EINTR)
869 fuse_invalidate_entry(entry);
870 return err;
871 }
872
fuse_rename_common(struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags,int opcode,size_t argsize)873 static int fuse_rename_common(struct inode *olddir, struct dentry *oldent,
874 struct inode *newdir, struct dentry *newent,
875 unsigned int flags, int opcode, size_t argsize)
876 {
877 int err;
878 struct fuse_rename2_in inarg;
879 struct fuse_mount *fm = get_fuse_mount(olddir);
880 FUSE_ARGS(args);
881
882 memset(&inarg, 0, argsize);
883 inarg.newdir = get_node_id(newdir);
884 inarg.flags = flags;
885 args.opcode = opcode;
886 args.nodeid = get_node_id(olddir);
887 args.in_numargs = 3;
888 args.in_args[0].size = argsize;
889 args.in_args[0].value = &inarg;
890 args.in_args[1].size = oldent->d_name.len + 1;
891 args.in_args[1].value = oldent->d_name.name;
892 args.in_args[2].size = newent->d_name.len + 1;
893 args.in_args[2].value = newent->d_name.name;
894 err = fuse_simple_request(fm, &args);
895 if (!err) {
896 /* ctime changes */
897 fuse_invalidate_attr(d_inode(oldent));
898 fuse_update_ctime(d_inode(oldent));
899
900 if (flags & RENAME_EXCHANGE) {
901 fuse_invalidate_attr(d_inode(newent));
902 fuse_update_ctime(d_inode(newent));
903 }
904
905 fuse_dir_changed(olddir);
906 if (olddir != newdir)
907 fuse_dir_changed(newdir);
908
909 /* newent will end up negative */
910 if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent)) {
911 fuse_invalidate_attr(d_inode(newent));
912 fuse_invalidate_entry_cache(newent);
913 fuse_update_ctime(d_inode(newent));
914 }
915 } else if (err == -EINTR) {
916 /* If request was interrupted, DEITY only knows if the
917 rename actually took place. If the invalidation
918 fails (e.g. some process has CWD under the renamed
919 directory), then there can be inconsistency between
920 the dcache and the real filesystem. Tough luck. */
921 fuse_invalidate_entry(oldent);
922 if (d_really_is_positive(newent))
923 fuse_invalidate_entry(newent);
924 }
925
926 return err;
927 }
928
fuse_rename2(struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags)929 static int fuse_rename2(struct inode *olddir, struct dentry *oldent,
930 struct inode *newdir, struct dentry *newent,
931 unsigned int flags)
932 {
933 struct fuse_conn *fc = get_fuse_conn(olddir);
934 int err;
935
936 if (fuse_is_bad(olddir))
937 return -EIO;
938
939 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
940 return -EINVAL;
941
942 if (flags) {
943 if (fc->no_rename2 || fc->minor < 23)
944 return -EINVAL;
945
946 err = fuse_rename_common(olddir, oldent, newdir, newent, flags,
947 FUSE_RENAME2,
948 sizeof(struct fuse_rename2_in));
949 if (err == -ENOSYS) {
950 fc->no_rename2 = 1;
951 err = -EINVAL;
952 }
953 } else {
954 err = fuse_rename_common(olddir, oldent, newdir, newent, 0,
955 FUSE_RENAME,
956 sizeof(struct fuse_rename_in));
957 }
958
959 return err;
960 }
961
fuse_link(struct dentry * entry,struct inode * newdir,struct dentry * newent)962 static int fuse_link(struct dentry *entry, struct inode *newdir,
963 struct dentry *newent)
964 {
965 int err;
966 struct fuse_link_in inarg;
967 struct inode *inode = d_inode(entry);
968 struct fuse_mount *fm = get_fuse_mount(inode);
969 FUSE_ARGS(args);
970
971 memset(&inarg, 0, sizeof(inarg));
972 inarg.oldnodeid = get_node_id(inode);
973 args.opcode = FUSE_LINK;
974 args.in_numargs = 2;
975 args.in_args[0].size = sizeof(inarg);
976 args.in_args[0].value = &inarg;
977 args.in_args[1].size = newent->d_name.len + 1;
978 args.in_args[1].value = newent->d_name.name;
979 err = create_new_entry(fm, &args, newdir, newent, inode->i_mode);
980 /* Contrary to "normal" filesystems it can happen that link
981 makes two "logical" inodes point to the same "physical"
982 inode. We invalidate the attributes of the old one, so it
983 will reflect changes in the backing inode (link count,
984 etc.)
985 */
986 if (!err) {
987 struct fuse_inode *fi = get_fuse_inode(inode);
988
989 spin_lock(&fi->lock);
990 fi->attr_version = atomic64_inc_return(&fm->fc->attr_version);
991 if (likely(inode->i_nlink < UINT_MAX))
992 inc_nlink(inode);
993 spin_unlock(&fi->lock);
994 fuse_invalidate_attr(inode);
995 fuse_update_ctime(inode);
996 } else if (err == -EINTR) {
997 fuse_invalidate_attr(inode);
998 }
999 return err;
1000 }
1001
fuse_fillattr(struct inode * inode,struct fuse_attr * attr,struct kstat * stat)1002 static void fuse_fillattr(struct inode *inode, struct fuse_attr *attr,
1003 struct kstat *stat)
1004 {
1005 unsigned int blkbits;
1006 struct fuse_conn *fc = get_fuse_conn(inode);
1007
1008 /* see the comment in fuse_change_attributes() */
1009 if (fc->writeback_cache && S_ISREG(inode->i_mode)) {
1010 attr->size = i_size_read(inode);
1011 attr->mtime = inode->i_mtime.tv_sec;
1012 attr->mtimensec = inode->i_mtime.tv_nsec;
1013 attr->ctime = inode->i_ctime.tv_sec;
1014 attr->ctimensec = inode->i_ctime.tv_nsec;
1015 }
1016
1017 stat->dev = inode->i_sb->s_dev;
1018 stat->ino = attr->ino;
1019 stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777);
1020 stat->nlink = attr->nlink;
1021 stat->uid = make_kuid(fc->user_ns, attr->uid);
1022 stat->gid = make_kgid(fc->user_ns, attr->gid);
1023 stat->rdev = inode->i_rdev;
1024 stat->atime.tv_sec = attr->atime;
1025 stat->atime.tv_nsec = attr->atimensec;
1026 stat->mtime.tv_sec = attr->mtime;
1027 stat->mtime.tv_nsec = attr->mtimensec;
1028 stat->ctime.tv_sec = attr->ctime;
1029 stat->ctime.tv_nsec = attr->ctimensec;
1030 stat->size = attr->size;
1031 stat->blocks = attr->blocks;
1032
1033 if (attr->blksize != 0)
1034 blkbits = ilog2(attr->blksize);
1035 else
1036 blkbits = inode->i_sb->s_blocksize_bits;
1037
1038 stat->blksize = 1 << blkbits;
1039 }
1040
fuse_do_getattr(struct inode * inode,struct kstat * stat,struct file * file)1041 static int fuse_do_getattr(struct inode *inode, struct kstat *stat,
1042 struct file *file)
1043 {
1044 int err;
1045 struct fuse_getattr_in inarg;
1046 struct fuse_attr_out outarg;
1047 struct fuse_mount *fm = get_fuse_mount(inode);
1048 FUSE_ARGS(args);
1049 u64 attr_version;
1050
1051 attr_version = fuse_get_attr_version(fm->fc);
1052
1053 memset(&inarg, 0, sizeof(inarg));
1054 memset(&outarg, 0, sizeof(outarg));
1055 /* Directories have separate file-handle space */
1056 if (file && S_ISREG(inode->i_mode)) {
1057 struct fuse_file *ff = file->private_data;
1058
1059 inarg.getattr_flags |= FUSE_GETATTR_FH;
1060 inarg.fh = ff->fh;
1061 }
1062 args.opcode = FUSE_GETATTR;
1063 args.nodeid = get_node_id(inode);
1064 args.in_numargs = 1;
1065 args.in_args[0].size = sizeof(inarg);
1066 args.in_args[0].value = &inarg;
1067 args.out_numargs = 1;
1068 args.out_args[0].size = sizeof(outarg);
1069 args.out_args[0].value = &outarg;
1070 err = fuse_simple_request(fm, &args);
1071 if (!err) {
1072 if (fuse_invalid_attr(&outarg.attr) ||
1073 inode_wrong_type(inode, outarg.attr.mode)) {
1074 fuse_make_bad(inode);
1075 err = -EIO;
1076 } else {
1077 fuse_change_attributes(inode, &outarg.attr,
1078 attr_timeout(&outarg),
1079 attr_version);
1080 if (stat)
1081 fuse_fillattr(inode, &outarg.attr, stat);
1082 }
1083 }
1084 return err;
1085 }
1086
fuse_update_get_attr(struct inode * inode,struct file * file,struct kstat * stat,u32 request_mask,unsigned int flags)1087 static int fuse_update_get_attr(struct inode *inode, struct file *file,
1088 struct kstat *stat, u32 request_mask,
1089 unsigned int flags)
1090 {
1091 struct fuse_inode *fi = get_fuse_inode(inode);
1092 int err = 0;
1093 bool sync;
1094
1095 if (flags & AT_STATX_FORCE_SYNC)
1096 sync = true;
1097 else if (flags & AT_STATX_DONT_SYNC)
1098 sync = false;
1099 else if (request_mask & READ_ONCE(fi->inval_mask))
1100 sync = true;
1101 else
1102 sync = time_before64(fi->i_time, get_jiffies_64());
1103
1104 if (sync) {
1105 forget_all_cached_acls(inode);
1106 err = fuse_do_getattr(inode, stat, file);
1107 } else if (stat) {
1108 generic_fillattr(inode, stat);
1109 stat->mode = fi->orig_i_mode;
1110 stat->ino = fi->orig_ino;
1111 }
1112
1113 return err;
1114 }
1115
fuse_update_attributes(struct inode * inode,struct file * file)1116 int fuse_update_attributes(struct inode *inode, struct file *file)
1117 {
1118 /* Do *not* need to get atime for internal purposes */
1119 return fuse_update_get_attr(inode, file, NULL,
1120 STATX_BASIC_STATS & ~STATX_ATIME, 0);
1121 }
1122
fuse_reverse_inval_entry(struct fuse_conn * fc,u64 parent_nodeid,u64 child_nodeid,struct qstr * name)1123 int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid,
1124 u64 child_nodeid, struct qstr *name)
1125 {
1126 int err = -ENOTDIR;
1127 struct inode *parent;
1128 struct dentry *dir;
1129 struct dentry *entry;
1130
1131 parent = fuse_ilookup(fc, parent_nodeid, NULL);
1132 if (!parent)
1133 return -ENOENT;
1134
1135 inode_lock_nested(parent, I_MUTEX_PARENT);
1136 if (!S_ISDIR(parent->i_mode))
1137 goto unlock;
1138
1139 err = -ENOENT;
1140 dir = d_find_alias(parent);
1141 if (!dir)
1142 goto unlock;
1143
1144 name->hash = full_name_hash(dir, name->name, name->len);
1145 entry = d_lookup(dir, name);
1146 dput(dir);
1147 if (!entry)
1148 goto unlock;
1149
1150 fuse_dir_changed(parent);
1151 fuse_invalidate_entry(entry);
1152
1153 if (child_nodeid != 0 && d_really_is_positive(entry)) {
1154 inode_lock(d_inode(entry));
1155 if (get_node_id(d_inode(entry)) != child_nodeid) {
1156 err = -ENOENT;
1157 goto badentry;
1158 }
1159 if (d_mountpoint(entry)) {
1160 err = -EBUSY;
1161 goto badentry;
1162 }
1163 if (d_is_dir(entry)) {
1164 shrink_dcache_parent(entry);
1165 if (!simple_empty(entry)) {
1166 err = -ENOTEMPTY;
1167 goto badentry;
1168 }
1169 d_inode(entry)->i_flags |= S_DEAD;
1170 }
1171 dont_mount(entry);
1172 clear_nlink(d_inode(entry));
1173 err = 0;
1174 badentry:
1175 inode_unlock(d_inode(entry));
1176 if (!err)
1177 d_delete(entry);
1178 } else {
1179 err = 0;
1180 }
1181 dput(entry);
1182
1183 unlock:
1184 inode_unlock(parent);
1185 iput(parent);
1186 return err;
1187 }
1188
1189 /*
1190 * Calling into a user-controlled filesystem gives the filesystem
1191 * daemon ptrace-like capabilities over the current process. This
1192 * means, that the filesystem daemon is able to record the exact
1193 * filesystem operations performed, and can also control the behavior
1194 * of the requester process in otherwise impossible ways. For example
1195 * it can delay the operation for arbitrary length of time allowing
1196 * DoS against the requester.
1197 *
1198 * For this reason only those processes can call into the filesystem,
1199 * for which the owner of the mount has ptrace privilege. This
1200 * excludes processes started by other users, suid or sgid processes.
1201 */
fuse_allow_current_process(struct fuse_conn * fc)1202 int fuse_allow_current_process(struct fuse_conn *fc)
1203 {
1204 const struct cred *cred;
1205
1206 if (fc->allow_other)
1207 return current_in_userns(fc->user_ns);
1208
1209 cred = current_cred();
1210 if (uid_eq(cred->euid, fc->user_id) &&
1211 uid_eq(cred->suid, fc->user_id) &&
1212 uid_eq(cred->uid, fc->user_id) &&
1213 gid_eq(cred->egid, fc->group_id) &&
1214 gid_eq(cred->sgid, fc->group_id) &&
1215 gid_eq(cred->gid, fc->group_id))
1216 return 1;
1217
1218 return 0;
1219 }
1220
fuse_access(struct inode * inode,int mask)1221 static int fuse_access(struct inode *inode, int mask)
1222 {
1223 struct fuse_mount *fm = get_fuse_mount(inode);
1224 FUSE_ARGS(args);
1225 struct fuse_access_in inarg;
1226 int err;
1227
1228 BUG_ON(mask & MAY_NOT_BLOCK);
1229
1230 if (fm->fc->no_access)
1231 return 0;
1232
1233 memset(&inarg, 0, sizeof(inarg));
1234 inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
1235 args.opcode = FUSE_ACCESS;
1236 args.nodeid = get_node_id(inode);
1237 args.in_numargs = 1;
1238 args.in_args[0].size = sizeof(inarg);
1239 args.in_args[0].value = &inarg;
1240 err = fuse_simple_request(fm, &args);
1241 if (err == -ENOSYS) {
1242 fm->fc->no_access = 1;
1243 err = 0;
1244 }
1245 return err;
1246 }
1247
fuse_perm_getattr(struct inode * inode,int mask)1248 static int fuse_perm_getattr(struct inode *inode, int mask)
1249 {
1250 if (mask & MAY_NOT_BLOCK)
1251 return -ECHILD;
1252
1253 forget_all_cached_acls(inode);
1254 return fuse_do_getattr(inode, NULL, NULL);
1255 }
1256
1257 /*
1258 * Check permission. The two basic access models of FUSE are:
1259 *
1260 * 1) Local access checking ('default_permissions' mount option) based
1261 * on file mode. This is the plain old disk filesystem permission
1262 * modell.
1263 *
1264 * 2) "Remote" access checking, where server is responsible for
1265 * checking permission in each inode operation. An exception to this
1266 * is if ->permission() was invoked from sys_access() in which case an
1267 * access request is sent. Execute permission is still checked
1268 * locally based on file mode.
1269 */
fuse_permission(struct inode * inode,int mask)1270 static int fuse_permission(struct inode *inode, int mask)
1271 {
1272 struct fuse_conn *fc = get_fuse_conn(inode);
1273 bool refreshed = false;
1274 int err = 0;
1275
1276 if (fuse_is_bad(inode))
1277 return -EIO;
1278
1279 if (!fuse_allow_current_process(fc))
1280 return -EACCES;
1281
1282 /*
1283 * If attributes are needed, refresh them before proceeding
1284 */
1285 if (fc->default_permissions ||
1286 ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
1287 struct fuse_inode *fi = get_fuse_inode(inode);
1288 u32 perm_mask = STATX_MODE | STATX_UID | STATX_GID;
1289
1290 if (perm_mask & READ_ONCE(fi->inval_mask) ||
1291 time_before64(fi->i_time, get_jiffies_64())) {
1292 refreshed = true;
1293
1294 err = fuse_perm_getattr(inode, mask);
1295 if (err)
1296 return err;
1297 }
1298 }
1299
1300 if (fc->default_permissions) {
1301 err = generic_permission(inode, mask);
1302
1303 /* If permission is denied, try to refresh file
1304 attributes. This is also needed, because the root
1305 node will at first have no permissions */
1306 if (err == -EACCES && !refreshed) {
1307 err = fuse_perm_getattr(inode, mask);
1308 if (!err)
1309 err = generic_permission(inode, mask);
1310 }
1311
1312 /* Note: the opposite of the above test does not
1313 exist. So if permissions are revoked this won't be
1314 noticed immediately, only after the attribute
1315 timeout has expired */
1316 } else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
1317 err = fuse_access(inode, mask);
1318 } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
1319 if (!(inode->i_mode & S_IXUGO)) {
1320 if (refreshed)
1321 return -EACCES;
1322
1323 err = fuse_perm_getattr(inode, mask);
1324 if (!err && !(inode->i_mode & S_IXUGO))
1325 return -EACCES;
1326 }
1327 }
1328 return err;
1329 }
1330
fuse_readlink_page(struct inode * inode,struct page * page)1331 static int fuse_readlink_page(struct inode *inode, struct page *page)
1332 {
1333 struct fuse_mount *fm = get_fuse_mount(inode);
1334 struct fuse_page_desc desc = { .length = PAGE_SIZE - 1 };
1335 struct fuse_args_pages ap = {
1336 .num_pages = 1,
1337 .pages = &page,
1338 .descs = &desc,
1339 };
1340 char *link;
1341 ssize_t res;
1342
1343 ap.args.opcode = FUSE_READLINK;
1344 ap.args.nodeid = get_node_id(inode);
1345 ap.args.out_pages = true;
1346 ap.args.out_argvar = true;
1347 ap.args.page_zeroing = true;
1348 ap.args.out_numargs = 1;
1349 ap.args.out_args[0].size = desc.length;
1350 res = fuse_simple_request(fm, &ap.args);
1351
1352 fuse_invalidate_atime(inode);
1353
1354 if (res < 0)
1355 return res;
1356
1357 if (WARN_ON(res >= PAGE_SIZE))
1358 return -EIO;
1359
1360 link = page_address(page);
1361 link[res] = '\0';
1362
1363 return 0;
1364 }
1365
fuse_get_link(struct dentry * dentry,struct inode * inode,struct delayed_call * callback)1366 static const char *fuse_get_link(struct dentry *dentry, struct inode *inode,
1367 struct delayed_call *callback)
1368 {
1369 struct fuse_conn *fc = get_fuse_conn(inode);
1370 struct page *page;
1371 int err;
1372
1373 err = -EIO;
1374 if (fuse_is_bad(inode))
1375 goto out_err;
1376
1377 if (fc->cache_symlinks)
1378 return page_get_link(dentry, inode, callback);
1379
1380 err = -ECHILD;
1381 if (!dentry)
1382 goto out_err;
1383
1384 page = alloc_page(GFP_KERNEL);
1385 err = -ENOMEM;
1386 if (!page)
1387 goto out_err;
1388
1389 err = fuse_readlink_page(inode, page);
1390 if (err) {
1391 __free_page(page);
1392 goto out_err;
1393 }
1394
1395 set_delayed_call(callback, page_put_link, page);
1396
1397 return page_address(page);
1398
1399 out_err:
1400 return ERR_PTR(err);
1401 }
1402
fuse_dir_open(struct inode * inode,struct file * file)1403 static int fuse_dir_open(struct inode *inode, struct file *file)
1404 {
1405 return fuse_open_common(inode, file, true);
1406 }
1407
fuse_dir_release(struct inode * inode,struct file * file)1408 static int fuse_dir_release(struct inode *inode, struct file *file)
1409 {
1410 fuse_release_common(file, true);
1411
1412 return 0;
1413 }
1414
fuse_dir_fsync(struct file * file,loff_t start,loff_t end,int datasync)1415 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end,
1416 int datasync)
1417 {
1418 struct inode *inode = file->f_mapping->host;
1419 struct fuse_conn *fc = get_fuse_conn(inode);
1420 int err;
1421
1422 if (fuse_is_bad(inode))
1423 return -EIO;
1424
1425 if (fc->no_fsyncdir)
1426 return 0;
1427
1428 inode_lock(inode);
1429 err = fuse_fsync_common(file, start, end, datasync, FUSE_FSYNCDIR);
1430 if (err == -ENOSYS) {
1431 fc->no_fsyncdir = 1;
1432 err = 0;
1433 }
1434 inode_unlock(inode);
1435
1436 return err;
1437 }
1438
fuse_dir_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1439 static long fuse_dir_ioctl(struct file *file, unsigned int cmd,
1440 unsigned long arg)
1441 {
1442 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1443
1444 /* FUSE_IOCTL_DIR only supported for API version >= 7.18 */
1445 if (fc->minor < 18)
1446 return -ENOTTY;
1447
1448 return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR);
1449 }
1450
fuse_dir_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1451 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd,
1452 unsigned long arg)
1453 {
1454 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1455
1456 if (fc->minor < 18)
1457 return -ENOTTY;
1458
1459 return fuse_ioctl_common(file, cmd, arg,
1460 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR);
1461 }
1462
update_mtime(unsigned ivalid,bool trust_local_mtime)1463 static bool update_mtime(unsigned ivalid, bool trust_local_mtime)
1464 {
1465 /* Always update if mtime is explicitly set */
1466 if (ivalid & ATTR_MTIME_SET)
1467 return true;
1468
1469 /* Or if kernel i_mtime is the official one */
1470 if (trust_local_mtime)
1471 return true;
1472
1473 /* If it's an open(O_TRUNC) or an ftruncate(), don't update */
1474 if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE)))
1475 return false;
1476
1477 /* In all other cases update */
1478 return true;
1479 }
1480
iattr_to_fattr(struct fuse_conn * fc,struct iattr * iattr,struct fuse_setattr_in * arg,bool trust_local_cmtime)1481 static void iattr_to_fattr(struct fuse_conn *fc, struct iattr *iattr,
1482 struct fuse_setattr_in *arg, bool trust_local_cmtime)
1483 {
1484 unsigned ivalid = iattr->ia_valid;
1485
1486 if (ivalid & ATTR_MODE)
1487 arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode;
1488 if (ivalid & ATTR_UID)
1489 arg->valid |= FATTR_UID, arg->uid = from_kuid(fc->user_ns, iattr->ia_uid);
1490 if (ivalid & ATTR_GID)
1491 arg->valid |= FATTR_GID, arg->gid = from_kgid(fc->user_ns, iattr->ia_gid);
1492 if (ivalid & ATTR_SIZE)
1493 arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size;
1494 if (ivalid & ATTR_ATIME) {
1495 arg->valid |= FATTR_ATIME;
1496 arg->atime = iattr->ia_atime.tv_sec;
1497 arg->atimensec = iattr->ia_atime.tv_nsec;
1498 if (!(ivalid & ATTR_ATIME_SET))
1499 arg->valid |= FATTR_ATIME_NOW;
1500 }
1501 if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) {
1502 arg->valid |= FATTR_MTIME;
1503 arg->mtime = iattr->ia_mtime.tv_sec;
1504 arg->mtimensec = iattr->ia_mtime.tv_nsec;
1505 if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime)
1506 arg->valid |= FATTR_MTIME_NOW;
1507 }
1508 if ((ivalid & ATTR_CTIME) && trust_local_cmtime) {
1509 arg->valid |= FATTR_CTIME;
1510 arg->ctime = iattr->ia_ctime.tv_sec;
1511 arg->ctimensec = iattr->ia_ctime.tv_nsec;
1512 }
1513 }
1514
1515 /*
1516 * Prevent concurrent writepages on inode
1517 *
1518 * This is done by adding a negative bias to the inode write counter
1519 * and waiting for all pending writes to finish.
1520 */
fuse_set_nowrite(struct inode * inode)1521 void fuse_set_nowrite(struct inode *inode)
1522 {
1523 struct fuse_inode *fi = get_fuse_inode(inode);
1524
1525 BUG_ON(!inode_is_locked(inode));
1526
1527 spin_lock(&fi->lock);
1528 BUG_ON(fi->writectr < 0);
1529 fi->writectr += FUSE_NOWRITE;
1530 spin_unlock(&fi->lock);
1531 wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE);
1532 }
1533
1534 /*
1535 * Allow writepages on inode
1536 *
1537 * Remove the bias from the writecounter and send any queued
1538 * writepages.
1539 */
__fuse_release_nowrite(struct inode * inode)1540 static void __fuse_release_nowrite(struct inode *inode)
1541 {
1542 struct fuse_inode *fi = get_fuse_inode(inode);
1543
1544 BUG_ON(fi->writectr != FUSE_NOWRITE);
1545 fi->writectr = 0;
1546 fuse_flush_writepages(inode);
1547 }
1548
fuse_release_nowrite(struct inode * inode)1549 void fuse_release_nowrite(struct inode *inode)
1550 {
1551 struct fuse_inode *fi = get_fuse_inode(inode);
1552
1553 spin_lock(&fi->lock);
1554 __fuse_release_nowrite(inode);
1555 spin_unlock(&fi->lock);
1556 }
1557
fuse_setattr_fill(struct fuse_conn * fc,struct fuse_args * args,struct inode * inode,struct fuse_setattr_in * inarg_p,struct fuse_attr_out * outarg_p)1558 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args,
1559 struct inode *inode,
1560 struct fuse_setattr_in *inarg_p,
1561 struct fuse_attr_out *outarg_p)
1562 {
1563 args->opcode = FUSE_SETATTR;
1564 args->nodeid = get_node_id(inode);
1565 args->in_numargs = 1;
1566 args->in_args[0].size = sizeof(*inarg_p);
1567 args->in_args[0].value = inarg_p;
1568 args->out_numargs = 1;
1569 args->out_args[0].size = sizeof(*outarg_p);
1570 args->out_args[0].value = outarg_p;
1571 }
1572
1573 /*
1574 * Flush inode->i_mtime to the server
1575 */
fuse_flush_times(struct inode * inode,struct fuse_file * ff)1576 int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
1577 {
1578 struct fuse_mount *fm = get_fuse_mount(inode);
1579 FUSE_ARGS(args);
1580 struct fuse_setattr_in inarg;
1581 struct fuse_attr_out outarg;
1582
1583 memset(&inarg, 0, sizeof(inarg));
1584 memset(&outarg, 0, sizeof(outarg));
1585
1586 inarg.valid = FATTR_MTIME;
1587 inarg.mtime = inode->i_mtime.tv_sec;
1588 inarg.mtimensec = inode->i_mtime.tv_nsec;
1589 if (fm->fc->minor >= 23) {
1590 inarg.valid |= FATTR_CTIME;
1591 inarg.ctime = inode->i_ctime.tv_sec;
1592 inarg.ctimensec = inode->i_ctime.tv_nsec;
1593 }
1594 if (ff) {
1595 inarg.valid |= FATTR_FH;
1596 inarg.fh = ff->fh;
1597 }
1598 fuse_setattr_fill(fm->fc, &args, inode, &inarg, &outarg);
1599
1600 return fuse_simple_request(fm, &args);
1601 }
1602
1603 /*
1604 * Set attributes, and at the same time refresh them.
1605 *
1606 * Truncation is slightly complicated, because the 'truncate' request
1607 * may fail, in which case we don't want to touch the mapping.
1608 * vmtruncate() doesn't allow for this case, so do the rlimit checking
1609 * and the actual truncation by hand.
1610 */
fuse_do_setattr(struct dentry * dentry,struct iattr * attr,struct file * file)1611 int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
1612 struct file *file)
1613 {
1614 struct inode *inode = d_inode(dentry);
1615 struct fuse_mount *fm = get_fuse_mount(inode);
1616 struct fuse_conn *fc = fm->fc;
1617 struct fuse_inode *fi = get_fuse_inode(inode);
1618 FUSE_ARGS(args);
1619 struct fuse_setattr_in inarg;
1620 struct fuse_attr_out outarg;
1621 bool is_truncate = false;
1622 bool is_wb = fc->writeback_cache;
1623 loff_t oldsize;
1624 int err;
1625 bool trust_local_cmtime = is_wb && S_ISREG(inode->i_mode);
1626 bool fault_blocked = false;
1627
1628 if (!fc->default_permissions)
1629 attr->ia_valid |= ATTR_FORCE;
1630
1631 err = setattr_prepare(dentry, attr);
1632 if (err)
1633 return err;
1634
1635 if (attr->ia_valid & ATTR_SIZE) {
1636 if (WARN_ON(!S_ISREG(inode->i_mode)))
1637 return -EIO;
1638 is_truncate = true;
1639 }
1640
1641 if (FUSE_IS_DAX(inode) && is_truncate) {
1642 down_write(&fi->i_mmap_sem);
1643 fault_blocked = true;
1644 err = fuse_dax_break_layouts(inode, 0, 0);
1645 if (err) {
1646 up_write(&fi->i_mmap_sem);
1647 return err;
1648 }
1649 }
1650
1651 if (attr->ia_valid & ATTR_OPEN) {
1652 /* This is coming from open(..., ... | O_TRUNC); */
1653 WARN_ON(!(attr->ia_valid & ATTR_SIZE));
1654 WARN_ON(attr->ia_size != 0);
1655 if (fc->atomic_o_trunc) {
1656 /*
1657 * No need to send request to userspace, since actual
1658 * truncation has already been done by OPEN. But still
1659 * need to truncate page cache.
1660 */
1661 i_size_write(inode, 0);
1662 truncate_pagecache(inode, 0);
1663 goto out;
1664 }
1665 file = NULL;
1666 }
1667
1668 /* Flush dirty data/metadata before non-truncate SETATTR */
1669 if (is_wb && S_ISREG(inode->i_mode) &&
1670 attr->ia_valid &
1671 (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET |
1672 ATTR_TIMES_SET)) {
1673 err = write_inode_now(inode, true);
1674 if (err)
1675 return err;
1676
1677 fuse_set_nowrite(inode);
1678 fuse_release_nowrite(inode);
1679 }
1680
1681 if (is_truncate) {
1682 fuse_set_nowrite(inode);
1683 set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1684 if (trust_local_cmtime && attr->ia_size != inode->i_size)
1685 attr->ia_valid |= ATTR_MTIME | ATTR_CTIME;
1686 }
1687
1688 memset(&inarg, 0, sizeof(inarg));
1689 memset(&outarg, 0, sizeof(outarg));
1690 iattr_to_fattr(fc, attr, &inarg, trust_local_cmtime);
1691 if (file) {
1692 struct fuse_file *ff = file->private_data;
1693 inarg.valid |= FATTR_FH;
1694 inarg.fh = ff->fh;
1695 }
1696 if (attr->ia_valid & ATTR_SIZE) {
1697 /* For mandatory locking in truncate */
1698 inarg.valid |= FATTR_LOCKOWNER;
1699 inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
1700 }
1701 fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
1702 err = fuse_simple_request(fm, &args);
1703 if (err) {
1704 if (err == -EINTR)
1705 fuse_invalidate_attr(inode);
1706 goto error;
1707 }
1708
1709 if (fuse_invalid_attr(&outarg.attr) ||
1710 inode_wrong_type(inode, outarg.attr.mode)) {
1711 fuse_make_bad(inode);
1712 err = -EIO;
1713 goto error;
1714 }
1715
1716 spin_lock(&fi->lock);
1717 /* the kernel maintains i_mtime locally */
1718 if (trust_local_cmtime) {
1719 if (attr->ia_valid & ATTR_MTIME)
1720 inode->i_mtime = attr->ia_mtime;
1721 if (attr->ia_valid & ATTR_CTIME)
1722 inode->i_ctime = attr->ia_ctime;
1723 /* FIXME: clear I_DIRTY_SYNC? */
1724 }
1725
1726 fuse_change_attributes_common(inode, &outarg.attr,
1727 attr_timeout(&outarg));
1728 oldsize = inode->i_size;
1729 /* see the comment in fuse_change_attributes() */
1730 if (!is_wb || is_truncate || !S_ISREG(inode->i_mode))
1731 i_size_write(inode, outarg.attr.size);
1732
1733 if (is_truncate) {
1734 /* NOTE: this may release/reacquire fi->lock */
1735 __fuse_release_nowrite(inode);
1736 }
1737 spin_unlock(&fi->lock);
1738
1739 /*
1740 * Only call invalidate_inode_pages2() after removing
1741 * FUSE_NOWRITE, otherwise fuse_launder_page() would deadlock.
1742 */
1743 if ((is_truncate || !is_wb) &&
1744 S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) {
1745 truncate_pagecache(inode, outarg.attr.size);
1746 invalidate_inode_pages2(inode->i_mapping);
1747 }
1748
1749 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1750 out:
1751 if (fault_blocked)
1752 up_write(&fi->i_mmap_sem);
1753
1754 return 0;
1755
1756 error:
1757 if (is_truncate)
1758 fuse_release_nowrite(inode);
1759
1760 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1761
1762 if (fault_blocked)
1763 up_write(&fi->i_mmap_sem);
1764 return err;
1765 }
1766
fuse_setattr(struct dentry * entry,struct iattr * attr)1767 static int fuse_setattr(struct dentry *entry, struct iattr *attr)
1768 {
1769 struct inode *inode = d_inode(entry);
1770 struct fuse_conn *fc = get_fuse_conn(inode);
1771 struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
1772 int ret;
1773
1774 if (fuse_is_bad(inode))
1775 return -EIO;
1776
1777 if (!fuse_allow_current_process(get_fuse_conn(inode)))
1778 return -EACCES;
1779
1780 if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
1781 attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
1782 ATTR_MODE);
1783
1784 /*
1785 * The only sane way to reliably kill suid/sgid is to do it in
1786 * the userspace filesystem
1787 *
1788 * This should be done on write(), truncate() and chown().
1789 */
1790 if (!fc->handle_killpriv) {
1791 /*
1792 * ia_mode calculation may have used stale i_mode.
1793 * Refresh and recalculate.
1794 */
1795 ret = fuse_do_getattr(inode, NULL, file);
1796 if (ret)
1797 return ret;
1798
1799 attr->ia_mode = inode->i_mode;
1800 if (inode->i_mode & S_ISUID) {
1801 attr->ia_valid |= ATTR_MODE;
1802 attr->ia_mode &= ~S_ISUID;
1803 }
1804 if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
1805 attr->ia_valid |= ATTR_MODE;
1806 attr->ia_mode &= ~S_ISGID;
1807 }
1808 }
1809 }
1810 if (!attr->ia_valid)
1811 return 0;
1812
1813 ret = fuse_do_setattr(entry, attr, file);
1814 if (!ret) {
1815 /*
1816 * If filesystem supports acls it may have updated acl xattrs in
1817 * the filesystem, so forget cached acls for the inode.
1818 */
1819 if (fc->posix_acl)
1820 forget_all_cached_acls(inode);
1821
1822 /* Directory mode changed, may need to revalidate access */
1823 if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
1824 fuse_invalidate_entry_cache(entry);
1825 }
1826 return ret;
1827 }
1828
fuse_getattr(const struct path * path,struct kstat * stat,u32 request_mask,unsigned int flags)1829 static int fuse_getattr(const struct path *path, struct kstat *stat,
1830 u32 request_mask, unsigned int flags)
1831 {
1832 struct inode *inode = d_inode(path->dentry);
1833 struct fuse_conn *fc = get_fuse_conn(inode);
1834
1835 if (fuse_is_bad(inode))
1836 return -EIO;
1837
1838 if (!fuse_allow_current_process(fc)) {
1839 if (!request_mask) {
1840 /*
1841 * If user explicitly requested *nothing* then don't
1842 * error out, but return st_dev only.
1843 */
1844 stat->result_mask = 0;
1845 stat->dev = inode->i_sb->s_dev;
1846 return 0;
1847 }
1848 return -EACCES;
1849 }
1850
1851 return fuse_update_get_attr(inode, NULL, stat, request_mask, flags);
1852 }
1853
1854 static const struct inode_operations fuse_dir_inode_operations = {
1855 .lookup = fuse_lookup,
1856 .mkdir = fuse_mkdir,
1857 .symlink = fuse_symlink,
1858 .unlink = fuse_unlink,
1859 .rmdir = fuse_rmdir,
1860 .rename = fuse_rename2,
1861 .link = fuse_link,
1862 .setattr = fuse_setattr,
1863 .create = fuse_create,
1864 .atomic_open = fuse_atomic_open,
1865 .mknod = fuse_mknod,
1866 .permission = fuse_permission,
1867 .getattr = fuse_getattr,
1868 .listxattr = fuse_listxattr,
1869 .get_acl = fuse_get_acl,
1870 .set_acl = fuse_set_acl,
1871 };
1872
1873 static const struct file_operations fuse_dir_operations = {
1874 .llseek = generic_file_llseek,
1875 .read = generic_read_dir,
1876 .iterate_shared = fuse_readdir,
1877 .open = fuse_dir_open,
1878 .release = fuse_dir_release,
1879 .fsync = fuse_dir_fsync,
1880 .unlocked_ioctl = fuse_dir_ioctl,
1881 .compat_ioctl = fuse_dir_compat_ioctl,
1882 };
1883
1884 static const struct inode_operations fuse_common_inode_operations = {
1885 .setattr = fuse_setattr,
1886 .permission = fuse_permission,
1887 .getattr = fuse_getattr,
1888 .listxattr = fuse_listxattr,
1889 .get_acl = fuse_get_acl,
1890 .set_acl = fuse_set_acl,
1891 };
1892
1893 static const struct inode_operations fuse_symlink_inode_operations = {
1894 .setattr = fuse_setattr,
1895 .get_link = fuse_get_link,
1896 .getattr = fuse_getattr,
1897 .listxattr = fuse_listxattr,
1898 };
1899
fuse_init_common(struct inode * inode)1900 void fuse_init_common(struct inode *inode)
1901 {
1902 inode->i_op = &fuse_common_inode_operations;
1903 }
1904
fuse_init_dir(struct inode * inode)1905 void fuse_init_dir(struct inode *inode)
1906 {
1907 struct fuse_inode *fi = get_fuse_inode(inode);
1908
1909 inode->i_op = &fuse_dir_inode_operations;
1910 inode->i_fop = &fuse_dir_operations;
1911
1912 spin_lock_init(&fi->rdc.lock);
1913 fi->rdc.cached = false;
1914 fi->rdc.size = 0;
1915 fi->rdc.pos = 0;
1916 fi->rdc.version = 0;
1917 }
1918
fuse_symlink_readpage(struct file * null,struct page * page)1919 static int fuse_symlink_readpage(struct file *null, struct page *page)
1920 {
1921 int err = fuse_readlink_page(page->mapping->host, page);
1922
1923 if (!err)
1924 SetPageUptodate(page);
1925
1926 unlock_page(page);
1927
1928 return err;
1929 }
1930
1931 static const struct address_space_operations fuse_symlink_aops = {
1932 .readpage = fuse_symlink_readpage,
1933 };
1934
fuse_init_symlink(struct inode * inode)1935 void fuse_init_symlink(struct inode *inode)
1936 {
1937 inode->i_op = &fuse_symlink_inode_operations;
1938 inode->i_data.a_ops = &fuse_symlink_aops;
1939 inode_nohighmem(inode);
1940 }
1941