1 /*
2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu>
4
5 This program can be distributed under the terms of the GNU GPL.
6 See the file COPYING.
7 */
8
9 #include "fuse_i.h"
10
11 #include <linux/pagemap.h>
12 #include <linux/file.h>
13 #include <linux/sched.h>
14 #include <linux/namei.h>
15 #include <linux/slab.h>
16 #include <linux/xattr.h>
17 #include <linux/posix_acl.h>
18
fuse_use_readdirplus(struct inode * dir,struct dir_context * ctx)19 static bool fuse_use_readdirplus(struct inode *dir, struct dir_context *ctx)
20 {
21 struct fuse_conn *fc = get_fuse_conn(dir);
22 struct fuse_inode *fi = get_fuse_inode(dir);
23
24 if (!fc->do_readdirplus)
25 return false;
26 if (!fc->readdirplus_auto)
27 return true;
28 if (test_and_clear_bit(FUSE_I_ADVISE_RDPLUS, &fi->state))
29 return true;
30 if (ctx->pos == 0)
31 return true;
32 return false;
33 }
34
fuse_advise_use_readdirplus(struct inode * dir)35 static void fuse_advise_use_readdirplus(struct inode *dir)
36 {
37 struct fuse_inode *fi = get_fuse_inode(dir);
38
39 set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state);
40 }
41
42 union fuse_dentry {
43 u64 time;
44 struct rcu_head rcu;
45 };
46
fuse_dentry_settime(struct dentry * entry,u64 time)47 static inline void fuse_dentry_settime(struct dentry *entry, u64 time)
48 {
49 ((union fuse_dentry *) entry->d_fsdata)->time = time;
50 }
51
fuse_dentry_time(struct dentry * entry)52 static inline u64 fuse_dentry_time(struct dentry *entry)
53 {
54 return ((union fuse_dentry *) entry->d_fsdata)->time;
55 }
56
57 /*
58 * FUSE caches dentries and attributes with separate timeout. The
59 * time in jiffies until the dentry/attributes are valid is stored in
60 * dentry->d_fsdata and fuse_inode->i_time respectively.
61 */
62
63 /*
64 * Calculate the time in jiffies until a dentry/attributes are valid
65 */
time_to_jiffies(u64 sec,u32 nsec)66 static u64 time_to_jiffies(u64 sec, u32 nsec)
67 {
68 if (sec || nsec) {
69 struct timespec64 ts = {
70 sec,
71 min_t(u32, nsec, NSEC_PER_SEC - 1)
72 };
73
74 return get_jiffies_64() + timespec64_to_jiffies(&ts);
75 } else
76 return 0;
77 }
78
79 /*
80 * Set dentry and possibly attribute timeouts from the lookup/mk*
81 * replies
82 */
fuse_change_entry_timeout(struct dentry * entry,struct fuse_entry_out * o)83 static void fuse_change_entry_timeout(struct dentry *entry,
84 struct fuse_entry_out *o)
85 {
86 fuse_dentry_settime(entry,
87 time_to_jiffies(o->entry_valid, o->entry_valid_nsec));
88 }
89
attr_timeout(struct fuse_attr_out * o)90 static u64 attr_timeout(struct fuse_attr_out *o)
91 {
92 return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
93 }
94
entry_attr_timeout(struct fuse_entry_out * o)95 static u64 entry_attr_timeout(struct fuse_entry_out *o)
96 {
97 return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
98 }
99
100 /*
101 * Mark the attributes as stale, so that at the next call to
102 * ->getattr() they will be fetched from userspace
103 */
fuse_invalidate_attr(struct inode * inode)104 void fuse_invalidate_attr(struct inode *inode)
105 {
106 get_fuse_inode(inode)->i_time = 0;
107 }
108
109 /**
110 * Mark the attributes as stale due to an atime change. Avoid the invalidate if
111 * atime is not used.
112 */
fuse_invalidate_atime(struct inode * inode)113 void fuse_invalidate_atime(struct inode *inode)
114 {
115 if (!IS_RDONLY(inode))
116 fuse_invalidate_attr(inode);
117 }
118
119 /*
120 * Just mark the entry as stale, so that a next attempt to look it up
121 * will result in a new lookup call to userspace
122 *
123 * This is called when a dentry is about to become negative and the
124 * timeout is unknown (unlink, rmdir, rename and in some cases
125 * lookup)
126 */
fuse_invalidate_entry_cache(struct dentry * entry)127 void fuse_invalidate_entry_cache(struct dentry *entry)
128 {
129 fuse_dentry_settime(entry, 0);
130 }
131
132 /*
133 * Same as fuse_invalidate_entry_cache(), but also try to remove the
134 * dentry from the hash
135 */
fuse_invalidate_entry(struct dentry * entry)136 static void fuse_invalidate_entry(struct dentry *entry)
137 {
138 d_invalidate(entry);
139 fuse_invalidate_entry_cache(entry);
140 }
141
fuse_lookup_init(struct fuse_conn * fc,struct fuse_args * args,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg)142 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args,
143 u64 nodeid, const struct qstr *name,
144 struct fuse_entry_out *outarg)
145 {
146 memset(outarg, 0, sizeof(struct fuse_entry_out));
147 args->in.h.opcode = FUSE_LOOKUP;
148 args->in.h.nodeid = nodeid;
149 args->in.numargs = 1;
150 args->in.args[0].size = name->len + 1;
151 args->in.args[0].value = name->name;
152 args->out.numargs = 1;
153 args->out.args[0].size = sizeof(struct fuse_entry_out);
154 args->out.args[0].value = outarg;
155 }
156
fuse_get_attr_version(struct fuse_conn * fc)157 u64 fuse_get_attr_version(struct fuse_conn *fc)
158 {
159 u64 curr_version;
160
161 /*
162 * The spin lock isn't actually needed on 64bit archs, but we
163 * don't yet care too much about such optimizations.
164 */
165 spin_lock(&fc->lock);
166 curr_version = fc->attr_version;
167 spin_unlock(&fc->lock);
168
169 return curr_version;
170 }
171
172 /*
173 * Check whether the dentry is still valid
174 *
175 * If the entry validity timeout has expired and the dentry is
176 * positive, try to redo the lookup. If the lookup results in a
177 * different inode, then let the VFS invalidate the dentry and redo
178 * the lookup once more. If the lookup results in the same inode,
179 * then refresh the attributes, timeouts and mark the dentry valid.
180 */
fuse_dentry_revalidate(struct dentry * entry,unsigned int flags)181 static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags)
182 {
183 struct inode *inode;
184 struct dentry *parent;
185 struct fuse_conn *fc;
186 struct fuse_inode *fi;
187 int ret;
188
189 inode = d_inode_rcu(entry);
190 if (inode && is_bad_inode(inode))
191 goto invalid;
192 else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||
193 (flags & LOOKUP_REVAL)) {
194 struct fuse_entry_out outarg;
195 FUSE_ARGS(args);
196 struct fuse_forget_link *forget;
197 u64 attr_version;
198
199 /* For negative dentries, always do a fresh lookup */
200 if (!inode)
201 goto invalid;
202
203 ret = -ECHILD;
204 if (flags & LOOKUP_RCU)
205 goto out;
206
207 fc = get_fuse_conn(inode);
208
209 forget = fuse_alloc_forget();
210 ret = -ENOMEM;
211 if (!forget)
212 goto out;
213
214 attr_version = fuse_get_attr_version(fc);
215
216 parent = dget_parent(entry);
217 fuse_lookup_init(fc, &args, get_node_id(d_inode(parent)),
218 &entry->d_name, &outarg);
219 ret = fuse_simple_request(fc, &args);
220 dput(parent);
221 /* Zero nodeid is same as -ENOENT */
222 if (!ret && !outarg.nodeid)
223 ret = -ENOENT;
224 if (!ret) {
225 fi = get_fuse_inode(inode);
226 if (outarg.nodeid != get_node_id(inode)) {
227 fuse_queue_forget(fc, forget, outarg.nodeid, 1);
228 goto invalid;
229 }
230 spin_lock(&fc->lock);
231 fi->nlookup++;
232 spin_unlock(&fc->lock);
233 }
234 kfree(forget);
235 if (ret == -ENOMEM)
236 goto out;
237 if (ret || fuse_invalid_attr(&outarg.attr) ||
238 (outarg.attr.mode ^ inode->i_mode) & S_IFMT)
239 goto invalid;
240
241 forget_all_cached_acls(inode);
242 fuse_change_attributes(inode, &outarg.attr,
243 entry_attr_timeout(&outarg),
244 attr_version);
245 fuse_change_entry_timeout(entry, &outarg);
246 } else if (inode) {
247 fi = get_fuse_inode(inode);
248 if (flags & LOOKUP_RCU) {
249 if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state))
250 return -ECHILD;
251 } else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) {
252 parent = dget_parent(entry);
253 fuse_advise_use_readdirplus(d_inode(parent));
254 dput(parent);
255 }
256 }
257 ret = 1;
258 out:
259 return ret;
260
261 invalid:
262 ret = 0;
263 goto out;
264 }
265
266 /*
267 * Get the canonical path. Since we must translate to a path, this must be done
268 * in the context of the userspace daemon, however, the userspace daemon cannot
269 * look up paths on its own. Instead, we handle the lookup as a special case
270 * inside of the write request.
271 */
fuse_dentry_canonical_path(const struct path * path,struct path * canonical_path)272 static void fuse_dentry_canonical_path(const struct path *path, struct path *canonical_path) {
273 struct inode *inode = path->dentry->d_inode;
274 struct fuse_conn *fc = get_fuse_conn(inode);
275 struct fuse_req *req;
276 int err;
277 char *path_name;
278
279 req = fuse_get_req(fc, 1);
280 err = PTR_ERR(req);
281 if (IS_ERR(req))
282 goto default_path;
283
284 path_name = (char*)__get_free_page(GFP_KERNEL);
285 if (!path_name) {
286 fuse_put_request(fc, req);
287 goto default_path;
288 }
289
290 req->in.h.opcode = FUSE_CANONICAL_PATH;
291 req->in.h.nodeid = get_node_id(inode);
292 req->in.numargs = 0;
293 req->out.numargs = 1;
294 req->out.args[0].size = PATH_MAX;
295 req->out.args[0].value = path_name;
296 req->canonical_path = canonical_path;
297 req->out.argvar = 1;
298 fuse_request_send(fc, req);
299 err = req->out.h.error;
300 fuse_put_request(fc, req);
301 free_page((unsigned long)path_name);
302 if (!err)
303 return;
304 default_path:
305 canonical_path->dentry = path->dentry;
306 canonical_path->mnt = path->mnt;
307 path_get(canonical_path);
308 }
309
invalid_nodeid(u64 nodeid)310 static int invalid_nodeid(u64 nodeid)
311 {
312 return !nodeid || nodeid == FUSE_ROOT_ID;
313 }
314
fuse_dentry_init(struct dentry * dentry)315 static int fuse_dentry_init(struct dentry *dentry)
316 {
317 dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry), GFP_KERNEL);
318
319 return dentry->d_fsdata ? 0 : -ENOMEM;
320 }
fuse_dentry_release(struct dentry * dentry)321 static void fuse_dentry_release(struct dentry *dentry)
322 {
323 union fuse_dentry *fd = dentry->d_fsdata;
324
325 kfree_rcu(fd, rcu);
326 }
327
328 const struct dentry_operations fuse_dentry_operations = {
329 .d_revalidate = fuse_dentry_revalidate,
330 .d_init = fuse_dentry_init,
331 .d_release = fuse_dentry_release,
332 .d_canonical_path = fuse_dentry_canonical_path,
333 };
334
335 const struct dentry_operations fuse_root_dentry_operations = {
336 .d_init = fuse_dentry_init,
337 .d_release = fuse_dentry_release,
338 .d_canonical_path = fuse_dentry_canonical_path,
339 };
340
fuse_valid_type(int m)341 int fuse_valid_type(int m)
342 {
343 return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) ||
344 S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m);
345 }
346
fuse_invalid_attr(struct fuse_attr * attr)347 bool fuse_invalid_attr(struct fuse_attr *attr)
348 {
349 return !fuse_valid_type(attr->mode) ||
350 attr->size > LLONG_MAX;
351 }
352
fuse_lookup_name(struct super_block * sb,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg,struct inode ** inode)353 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name,
354 struct fuse_entry_out *outarg, struct inode **inode)
355 {
356 struct fuse_conn *fc = get_fuse_conn_super(sb);
357 FUSE_ARGS(args);
358 struct fuse_forget_link *forget;
359 u64 attr_version;
360 int err;
361
362 *inode = NULL;
363 err = -ENAMETOOLONG;
364 if (name->len > FUSE_NAME_MAX)
365 goto out;
366
367
368 forget = fuse_alloc_forget();
369 err = -ENOMEM;
370 if (!forget)
371 goto out;
372
373 attr_version = fuse_get_attr_version(fc);
374
375 fuse_lookup_init(fc, &args, nodeid, name, outarg);
376 err = fuse_simple_request(fc, &args);
377 /* Zero nodeid is same as -ENOENT, but with valid timeout */
378 if (err || !outarg->nodeid)
379 goto out_put_forget;
380
381 err = -EIO;
382 if (!outarg->nodeid)
383 goto out_put_forget;
384 if (fuse_invalid_attr(&outarg->attr))
385 goto out_put_forget;
386
387 *inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
388 &outarg->attr, entry_attr_timeout(outarg),
389 attr_version);
390 err = -ENOMEM;
391 if (!*inode) {
392 fuse_queue_forget(fc, forget, outarg->nodeid, 1);
393 goto out;
394 }
395 err = 0;
396
397 out_put_forget:
398 kfree(forget);
399 out:
400 return err;
401 }
402
fuse_lookup(struct inode * dir,struct dentry * entry,unsigned int flags)403 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
404 unsigned int flags)
405 {
406 int err;
407 struct fuse_entry_out outarg;
408 struct inode *inode;
409 struct dentry *newent;
410 bool outarg_valid = true;
411 bool locked;
412
413 locked = fuse_lock_inode(dir);
414 err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name,
415 &outarg, &inode);
416 fuse_unlock_inode(dir, locked);
417 if (err == -ENOENT) {
418 outarg_valid = false;
419 err = 0;
420 }
421 if (err)
422 goto out_err;
423
424 err = -EIO;
425 if (inode && get_node_id(inode) == FUSE_ROOT_ID)
426 goto out_iput;
427
428 newent = d_splice_alias(inode, entry);
429 err = PTR_ERR(newent);
430 if (IS_ERR(newent))
431 goto out_err;
432
433 entry = newent ? newent : entry;
434 if (outarg_valid)
435 fuse_change_entry_timeout(entry, &outarg);
436 else
437 fuse_invalidate_entry_cache(entry);
438
439 fuse_advise_use_readdirplus(dir);
440 return newent;
441
442 out_iput:
443 iput(inode);
444 out_err:
445 return ERR_PTR(err);
446 }
447
448 /*
449 * Atomic create+open operation
450 *
451 * If the filesystem doesn't support this, then fall back to separate
452 * 'mknod' + 'open' requests.
453 */
fuse_create_open(struct inode * dir,struct dentry * entry,struct file * file,unsigned flags,umode_t mode,int * opened)454 static int fuse_create_open(struct inode *dir, struct dentry *entry,
455 struct file *file, unsigned flags,
456 umode_t mode, int *opened)
457 {
458 int err;
459 struct inode *inode;
460 struct fuse_conn *fc = get_fuse_conn(dir);
461 FUSE_ARGS(args);
462 struct fuse_forget_link *forget;
463 struct fuse_create_in inarg;
464 struct fuse_open_out outopen;
465 struct fuse_entry_out outentry;
466 struct fuse_file *ff;
467
468 /* Userspace expects S_IFREG in create mode */
469 BUG_ON((mode & S_IFMT) != S_IFREG);
470
471 forget = fuse_alloc_forget();
472 err = -ENOMEM;
473 if (!forget)
474 goto out_err;
475
476 err = -ENOMEM;
477 ff = fuse_file_alloc(fc);
478 if (!ff)
479 goto out_put_forget_req;
480
481 if (!fc->dont_mask)
482 mode &= ~current_umask();
483
484 flags &= ~O_NOCTTY;
485 memset(&inarg, 0, sizeof(inarg));
486 memset(&outentry, 0, sizeof(outentry));
487 inarg.flags = flags;
488 inarg.mode = mode;
489 inarg.umask = current_umask();
490 args.in.h.opcode = FUSE_CREATE;
491 args.in.h.nodeid = get_node_id(dir);
492 args.in.numargs = 2;
493 args.in.args[0].size = sizeof(inarg);
494 args.in.args[0].value = &inarg;
495 args.in.args[1].size = entry->d_name.len + 1;
496 args.in.args[1].value = entry->d_name.name;
497 args.out.numargs = 2;
498 args.out.args[0].size = sizeof(outentry);
499 args.out.args[0].value = &outentry;
500 args.out.args[1].size = sizeof(outopen);
501 args.out.args[1].value = &outopen;
502 err = fuse_simple_request(fc, &args);
503 if (err)
504 goto out_free_ff;
505
506 err = -EIO;
507 if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid) ||
508 fuse_invalid_attr(&outentry.attr))
509 goto out_free_ff;
510
511 ff->fh = outopen.fh;
512 ff->nodeid = outentry.nodeid;
513 ff->open_flags = outopen.open_flags;
514 inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation,
515 &outentry.attr, entry_attr_timeout(&outentry), 0);
516 if (!inode) {
517 flags &= ~(O_CREAT | O_EXCL | O_TRUNC);
518 fuse_sync_release(ff, flags);
519 fuse_queue_forget(fc, forget, outentry.nodeid, 1);
520 err = -ENOMEM;
521 goto out_err;
522 }
523 kfree(forget);
524 d_instantiate(entry, inode);
525 fuse_change_entry_timeout(entry, &outentry);
526 fuse_invalidate_attr(dir);
527 err = finish_open(file, entry, generic_file_open, opened);
528 if (err) {
529 fuse_sync_release(ff, flags);
530 } else {
531 file->private_data = ff;
532 fuse_finish_open(inode, file);
533 }
534 return err;
535
536 out_free_ff:
537 fuse_file_free(ff);
538 out_put_forget_req:
539 kfree(forget);
540 out_err:
541 return err;
542 }
543
544 static int fuse_mknod(struct inode *, struct dentry *, umode_t, dev_t);
fuse_atomic_open(struct inode * dir,struct dentry * entry,struct file * file,unsigned flags,umode_t mode,int * opened)545 static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
546 struct file *file, unsigned flags,
547 umode_t mode, int *opened)
548 {
549 int err;
550 struct fuse_conn *fc = get_fuse_conn(dir);
551 struct dentry *res = NULL;
552
553 if (d_in_lookup(entry)) {
554 res = fuse_lookup(dir, entry, 0);
555 if (IS_ERR(res))
556 return PTR_ERR(res);
557
558 if (res)
559 entry = res;
560 }
561
562 if (!(flags & O_CREAT) || d_really_is_positive(entry))
563 goto no_open;
564
565 /* Only creates */
566 *opened |= FILE_CREATED;
567
568 if (fc->no_create)
569 goto mknod;
570
571 err = fuse_create_open(dir, entry, file, flags, mode, opened);
572 if (err == -ENOSYS) {
573 fc->no_create = 1;
574 goto mknod;
575 }
576 out_dput:
577 dput(res);
578 return err;
579
580 mknod:
581 err = fuse_mknod(dir, entry, mode, 0);
582 if (err)
583 goto out_dput;
584 no_open:
585 return finish_no_open(file, res);
586 }
587
588 /*
589 * Code shared between mknod, mkdir, symlink and link
590 */
create_new_entry(struct fuse_conn * fc,struct fuse_args * args,struct inode * dir,struct dentry * entry,umode_t mode)591 static int create_new_entry(struct fuse_conn *fc, struct fuse_args *args,
592 struct inode *dir, struct dentry *entry,
593 umode_t mode)
594 {
595 struct fuse_entry_out outarg;
596 struct inode *inode;
597 int err;
598 struct fuse_forget_link *forget;
599
600 forget = fuse_alloc_forget();
601 if (!forget)
602 return -ENOMEM;
603
604 memset(&outarg, 0, sizeof(outarg));
605 args->in.h.nodeid = get_node_id(dir);
606 args->out.numargs = 1;
607 args->out.args[0].size = sizeof(outarg);
608 args->out.args[0].value = &outarg;
609 err = fuse_simple_request(fc, args);
610 if (err)
611 goto out_put_forget_req;
612
613 err = -EIO;
614 if (invalid_nodeid(outarg.nodeid) || fuse_invalid_attr(&outarg.attr))
615 goto out_put_forget_req;
616
617 if ((outarg.attr.mode ^ mode) & S_IFMT)
618 goto out_put_forget_req;
619
620 inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation,
621 &outarg.attr, entry_attr_timeout(&outarg), 0);
622 if (!inode) {
623 fuse_queue_forget(fc, forget, outarg.nodeid, 1);
624 return -ENOMEM;
625 }
626 kfree(forget);
627
628 err = d_instantiate_no_diralias(entry, inode);
629 if (err)
630 return err;
631
632 fuse_change_entry_timeout(entry, &outarg);
633 fuse_invalidate_attr(dir);
634 return 0;
635
636 out_put_forget_req:
637 kfree(forget);
638 return err;
639 }
640
fuse_mknod(struct inode * dir,struct dentry * entry,umode_t mode,dev_t rdev)641 static int fuse_mknod(struct inode *dir, struct dentry *entry, umode_t mode,
642 dev_t rdev)
643 {
644 struct fuse_mknod_in inarg;
645 struct fuse_conn *fc = get_fuse_conn(dir);
646 FUSE_ARGS(args);
647
648 if (!fc->dont_mask)
649 mode &= ~current_umask();
650
651 memset(&inarg, 0, sizeof(inarg));
652 inarg.mode = mode;
653 inarg.rdev = new_encode_dev(rdev);
654 inarg.umask = current_umask();
655 args.in.h.opcode = FUSE_MKNOD;
656 args.in.numargs = 2;
657 args.in.args[0].size = sizeof(inarg);
658 args.in.args[0].value = &inarg;
659 args.in.args[1].size = entry->d_name.len + 1;
660 args.in.args[1].value = entry->d_name.name;
661 return create_new_entry(fc, &args, dir, entry, mode);
662 }
663
fuse_create(struct inode * dir,struct dentry * entry,umode_t mode,bool excl)664 static int fuse_create(struct inode *dir, struct dentry *entry, umode_t mode,
665 bool excl)
666 {
667 return fuse_mknod(dir, entry, mode, 0);
668 }
669
fuse_mkdir(struct inode * dir,struct dentry * entry,umode_t mode)670 static int fuse_mkdir(struct inode *dir, struct dentry *entry, umode_t mode)
671 {
672 struct fuse_mkdir_in inarg;
673 struct fuse_conn *fc = get_fuse_conn(dir);
674 FUSE_ARGS(args);
675
676 if (!fc->dont_mask)
677 mode &= ~current_umask();
678
679 memset(&inarg, 0, sizeof(inarg));
680 inarg.mode = mode;
681 inarg.umask = current_umask();
682 args.in.h.opcode = FUSE_MKDIR;
683 args.in.numargs = 2;
684 args.in.args[0].size = sizeof(inarg);
685 args.in.args[0].value = &inarg;
686 args.in.args[1].size = entry->d_name.len + 1;
687 args.in.args[1].value = entry->d_name.name;
688 return create_new_entry(fc, &args, dir, entry, S_IFDIR);
689 }
690
fuse_symlink(struct inode * dir,struct dentry * entry,const char * link)691 static int fuse_symlink(struct inode *dir, struct dentry *entry,
692 const char *link)
693 {
694 struct fuse_conn *fc = get_fuse_conn(dir);
695 unsigned len = strlen(link) + 1;
696 FUSE_ARGS(args);
697
698 args.in.h.opcode = FUSE_SYMLINK;
699 args.in.numargs = 2;
700 args.in.args[0].size = entry->d_name.len + 1;
701 args.in.args[0].value = entry->d_name.name;
702 args.in.args[1].size = len;
703 args.in.args[1].value = link;
704 return create_new_entry(fc, &args, dir, entry, S_IFLNK);
705 }
706
fuse_update_ctime(struct inode * inode)707 void fuse_update_ctime(struct inode *inode)
708 {
709 if (!IS_NOCMTIME(inode)) {
710 inode->i_ctime = current_time(inode);
711 mark_inode_dirty_sync(inode);
712 }
713 }
714
fuse_unlink(struct inode * dir,struct dentry * entry)715 static int fuse_unlink(struct inode *dir, struct dentry *entry)
716 {
717 int err;
718 struct fuse_conn *fc = get_fuse_conn(dir);
719 FUSE_ARGS(args);
720
721 args.in.h.opcode = FUSE_UNLINK;
722 args.in.h.nodeid = get_node_id(dir);
723 args.in.numargs = 1;
724 args.in.args[0].size = entry->d_name.len + 1;
725 args.in.args[0].value = entry->d_name.name;
726 err = fuse_simple_request(fc, &args);
727 if (!err) {
728 struct inode *inode = d_inode(entry);
729 struct fuse_inode *fi = get_fuse_inode(inode);
730
731 spin_lock(&fc->lock);
732 fi->attr_version = ++fc->attr_version;
733 /*
734 * If i_nlink == 0 then unlink doesn't make sense, yet this can
735 * happen if userspace filesystem is careless. It would be
736 * difficult to enforce correct nlink usage so just ignore this
737 * condition here
738 */
739 if (inode->i_nlink > 0)
740 drop_nlink(inode);
741 spin_unlock(&fc->lock);
742 fuse_invalidate_attr(inode);
743 fuse_invalidate_attr(dir);
744 fuse_invalidate_entry_cache(entry);
745 fuse_update_ctime(inode);
746 } else if (err == -EINTR)
747 fuse_invalidate_entry(entry);
748 return err;
749 }
750
fuse_rmdir(struct inode * dir,struct dentry * entry)751 static int fuse_rmdir(struct inode *dir, struct dentry *entry)
752 {
753 int err;
754 struct fuse_conn *fc = get_fuse_conn(dir);
755 FUSE_ARGS(args);
756
757 args.in.h.opcode = FUSE_RMDIR;
758 args.in.h.nodeid = get_node_id(dir);
759 args.in.numargs = 1;
760 args.in.args[0].size = entry->d_name.len + 1;
761 args.in.args[0].value = entry->d_name.name;
762 err = fuse_simple_request(fc, &args);
763 if (!err) {
764 clear_nlink(d_inode(entry));
765 fuse_invalidate_attr(dir);
766 fuse_invalidate_entry_cache(entry);
767 } else if (err == -EINTR)
768 fuse_invalidate_entry(entry);
769 return err;
770 }
771
fuse_rename_common(struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags,int opcode,size_t argsize)772 static int fuse_rename_common(struct inode *olddir, struct dentry *oldent,
773 struct inode *newdir, struct dentry *newent,
774 unsigned int flags, int opcode, size_t argsize)
775 {
776 int err;
777 struct fuse_rename2_in inarg;
778 struct fuse_conn *fc = get_fuse_conn(olddir);
779 FUSE_ARGS(args);
780
781 memset(&inarg, 0, argsize);
782 inarg.newdir = get_node_id(newdir);
783 inarg.flags = flags;
784 args.in.h.opcode = opcode;
785 args.in.h.nodeid = get_node_id(olddir);
786 args.in.numargs = 3;
787 args.in.args[0].size = argsize;
788 args.in.args[0].value = &inarg;
789 args.in.args[1].size = oldent->d_name.len + 1;
790 args.in.args[1].value = oldent->d_name.name;
791 args.in.args[2].size = newent->d_name.len + 1;
792 args.in.args[2].value = newent->d_name.name;
793 err = fuse_simple_request(fc, &args);
794 if (!err) {
795 /* ctime changes */
796 fuse_invalidate_attr(d_inode(oldent));
797 fuse_update_ctime(d_inode(oldent));
798
799 if (flags & RENAME_EXCHANGE) {
800 fuse_invalidate_attr(d_inode(newent));
801 fuse_update_ctime(d_inode(newent));
802 }
803
804 fuse_invalidate_attr(olddir);
805 if (olddir != newdir)
806 fuse_invalidate_attr(newdir);
807
808 /* newent will end up negative */
809 if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent)) {
810 fuse_invalidate_attr(d_inode(newent));
811 fuse_invalidate_entry_cache(newent);
812 fuse_update_ctime(d_inode(newent));
813 }
814 } else if (err == -EINTR) {
815 /* If request was interrupted, DEITY only knows if the
816 rename actually took place. If the invalidation
817 fails (e.g. some process has CWD under the renamed
818 directory), then there can be inconsistency between
819 the dcache and the real filesystem. Tough luck. */
820 fuse_invalidate_entry(oldent);
821 if (d_really_is_positive(newent))
822 fuse_invalidate_entry(newent);
823 }
824
825 return err;
826 }
827
fuse_rename2(struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags)828 static int fuse_rename2(struct inode *olddir, struct dentry *oldent,
829 struct inode *newdir, struct dentry *newent,
830 unsigned int flags)
831 {
832 struct fuse_conn *fc = get_fuse_conn(olddir);
833 int err;
834
835 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE))
836 return -EINVAL;
837
838 if (flags) {
839 if (fc->no_rename2 || fc->minor < 23)
840 return -EINVAL;
841
842 err = fuse_rename_common(olddir, oldent, newdir, newent, flags,
843 FUSE_RENAME2,
844 sizeof(struct fuse_rename2_in));
845 if (err == -ENOSYS) {
846 fc->no_rename2 = 1;
847 err = -EINVAL;
848 }
849 } else {
850 err = fuse_rename_common(olddir, oldent, newdir, newent, 0,
851 FUSE_RENAME,
852 sizeof(struct fuse_rename_in));
853 }
854
855 return err;
856 }
857
fuse_link(struct dentry * entry,struct inode * newdir,struct dentry * newent)858 static int fuse_link(struct dentry *entry, struct inode *newdir,
859 struct dentry *newent)
860 {
861 int err;
862 struct fuse_link_in inarg;
863 struct inode *inode = d_inode(entry);
864 struct fuse_conn *fc = get_fuse_conn(inode);
865 FUSE_ARGS(args);
866
867 memset(&inarg, 0, sizeof(inarg));
868 inarg.oldnodeid = get_node_id(inode);
869 args.in.h.opcode = FUSE_LINK;
870 args.in.numargs = 2;
871 args.in.args[0].size = sizeof(inarg);
872 args.in.args[0].value = &inarg;
873 args.in.args[1].size = newent->d_name.len + 1;
874 args.in.args[1].value = newent->d_name.name;
875 err = create_new_entry(fc, &args, newdir, newent, inode->i_mode);
876 /* Contrary to "normal" filesystems it can happen that link
877 makes two "logical" inodes point to the same "physical"
878 inode. We invalidate the attributes of the old one, so it
879 will reflect changes in the backing inode (link count,
880 etc.)
881 */
882 if (!err) {
883 struct fuse_inode *fi = get_fuse_inode(inode);
884
885 spin_lock(&fc->lock);
886 fi->attr_version = ++fc->attr_version;
887 if (likely(inode->i_nlink < UINT_MAX))
888 inc_nlink(inode);
889 spin_unlock(&fc->lock);
890 fuse_invalidate_attr(inode);
891 fuse_update_ctime(inode);
892 } else if (err == -EINTR) {
893 fuse_invalidate_attr(inode);
894 }
895 return err;
896 }
897
fuse_fillattr(struct inode * inode,struct fuse_attr * attr,struct kstat * stat)898 static void fuse_fillattr(struct inode *inode, struct fuse_attr *attr,
899 struct kstat *stat)
900 {
901 unsigned int blkbits;
902 struct fuse_conn *fc = get_fuse_conn(inode);
903
904 /* see the comment in fuse_change_attributes() */
905 if (fc->writeback_cache && S_ISREG(inode->i_mode)) {
906 attr->size = i_size_read(inode);
907 attr->mtime = inode->i_mtime.tv_sec;
908 attr->mtimensec = inode->i_mtime.tv_nsec;
909 attr->ctime = inode->i_ctime.tv_sec;
910 attr->ctimensec = inode->i_ctime.tv_nsec;
911 }
912
913 stat->dev = inode->i_sb->s_dev;
914 stat->ino = attr->ino;
915 stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777);
916 stat->nlink = attr->nlink;
917 stat->uid = make_kuid(&init_user_ns, attr->uid);
918 stat->gid = make_kgid(&init_user_ns, attr->gid);
919 stat->rdev = inode->i_rdev;
920 stat->atime.tv_sec = attr->atime;
921 stat->atime.tv_nsec = attr->atimensec;
922 stat->mtime.tv_sec = attr->mtime;
923 stat->mtime.tv_nsec = attr->mtimensec;
924 stat->ctime.tv_sec = attr->ctime;
925 stat->ctime.tv_nsec = attr->ctimensec;
926 stat->size = attr->size;
927 stat->blocks = attr->blocks;
928
929 if (attr->blksize != 0)
930 blkbits = ilog2(attr->blksize);
931 else
932 blkbits = inode->i_sb->s_blocksize_bits;
933
934 stat->blksize = 1 << blkbits;
935 }
936
fuse_do_getattr(struct inode * inode,struct kstat * stat,struct file * file)937 static int fuse_do_getattr(struct inode *inode, struct kstat *stat,
938 struct file *file)
939 {
940 int err;
941 struct fuse_getattr_in inarg;
942 struct fuse_attr_out outarg;
943 struct fuse_conn *fc = get_fuse_conn(inode);
944 FUSE_ARGS(args);
945 u64 attr_version;
946
947 attr_version = fuse_get_attr_version(fc);
948
949 memset(&inarg, 0, sizeof(inarg));
950 memset(&outarg, 0, sizeof(outarg));
951 /* Directories have separate file-handle space */
952 if (file && S_ISREG(inode->i_mode)) {
953 struct fuse_file *ff = file->private_data;
954
955 inarg.getattr_flags |= FUSE_GETATTR_FH;
956 inarg.fh = ff->fh;
957 }
958 args.in.h.opcode = FUSE_GETATTR;
959 args.in.h.nodeid = get_node_id(inode);
960 args.in.numargs = 1;
961 args.in.args[0].size = sizeof(inarg);
962 args.in.args[0].value = &inarg;
963 args.out.numargs = 1;
964 args.out.args[0].size = sizeof(outarg);
965 args.out.args[0].value = &outarg;
966 err = fuse_simple_request(fc, &args);
967 if (!err) {
968 if (fuse_invalid_attr(&outarg.attr) ||
969 (inode->i_mode ^ outarg.attr.mode) & S_IFMT) {
970 make_bad_inode(inode);
971 err = -EIO;
972 } else {
973 fuse_change_attributes(inode, &outarg.attr,
974 attr_timeout(&outarg),
975 attr_version);
976 if (stat)
977 fuse_fillattr(inode, &outarg.attr, stat);
978 }
979 }
980 return err;
981 }
982
fuse_update_get_attr(struct inode * inode,struct file * file,struct kstat * stat)983 static int fuse_update_get_attr(struct inode *inode, struct file *file,
984 struct kstat *stat)
985 {
986 struct fuse_inode *fi = get_fuse_inode(inode);
987 int err = 0;
988
989 if (time_before64(fi->i_time, get_jiffies_64())) {
990 forget_all_cached_acls(inode);
991 err = fuse_do_getattr(inode, stat, file);
992 } else if (stat) {
993 generic_fillattr(inode, stat);
994 stat->mode = fi->orig_i_mode;
995 stat->ino = fi->orig_ino;
996 }
997
998 return err;
999 }
1000
fuse_update_attributes(struct inode * inode,struct file * file)1001 int fuse_update_attributes(struct inode *inode, struct file *file)
1002 {
1003 return fuse_update_get_attr(inode, file, NULL);
1004 }
1005
fuse_reverse_inval_entry(struct super_block * sb,u64 parent_nodeid,u64 child_nodeid,struct qstr * name)1006 int fuse_reverse_inval_entry(struct super_block *sb, u64 parent_nodeid,
1007 u64 child_nodeid, struct qstr *name)
1008 {
1009 int err = -ENOTDIR;
1010 struct inode *parent;
1011 struct dentry *dir;
1012 struct dentry *entry;
1013
1014 parent = ilookup5(sb, parent_nodeid, fuse_inode_eq, &parent_nodeid);
1015 if (!parent)
1016 return -ENOENT;
1017
1018 inode_lock(parent);
1019 if (!S_ISDIR(parent->i_mode))
1020 goto unlock;
1021
1022 err = -ENOENT;
1023 dir = d_find_alias(parent);
1024 if (!dir)
1025 goto unlock;
1026
1027 name->hash = full_name_hash(dir, name->name, name->len);
1028 entry = d_lookup(dir, name);
1029 dput(dir);
1030 if (!entry)
1031 goto unlock;
1032
1033 fuse_invalidate_attr(parent);
1034 fuse_invalidate_entry(entry);
1035
1036 if (child_nodeid != 0 && d_really_is_positive(entry)) {
1037 inode_lock(d_inode(entry));
1038 if (get_node_id(d_inode(entry)) != child_nodeid) {
1039 err = -ENOENT;
1040 goto badentry;
1041 }
1042 if (d_mountpoint(entry)) {
1043 err = -EBUSY;
1044 goto badentry;
1045 }
1046 if (d_is_dir(entry)) {
1047 shrink_dcache_parent(entry);
1048 if (!simple_empty(entry)) {
1049 err = -ENOTEMPTY;
1050 goto badentry;
1051 }
1052 d_inode(entry)->i_flags |= S_DEAD;
1053 }
1054 dont_mount(entry);
1055 clear_nlink(d_inode(entry));
1056 err = 0;
1057 badentry:
1058 inode_unlock(d_inode(entry));
1059 if (!err)
1060 d_delete(entry);
1061 } else {
1062 err = 0;
1063 }
1064 dput(entry);
1065
1066 unlock:
1067 inode_unlock(parent);
1068 iput(parent);
1069 return err;
1070 }
1071
1072 /*
1073 * Calling into a user-controlled filesystem gives the filesystem
1074 * daemon ptrace-like capabilities over the current process. This
1075 * means, that the filesystem daemon is able to record the exact
1076 * filesystem operations performed, and can also control the behavior
1077 * of the requester process in otherwise impossible ways. For example
1078 * it can delay the operation for arbitrary length of time allowing
1079 * DoS against the requester.
1080 *
1081 * For this reason only those processes can call into the filesystem,
1082 * for which the owner of the mount has ptrace privilege. This
1083 * excludes processes started by other users, suid or sgid processes.
1084 */
fuse_allow_current_process(struct fuse_conn * fc)1085 int fuse_allow_current_process(struct fuse_conn *fc)
1086 {
1087 const struct cred *cred;
1088
1089 if (fc->allow_other)
1090 return 1;
1091
1092 cred = current_cred();
1093 if (uid_eq(cred->euid, fc->user_id) &&
1094 uid_eq(cred->suid, fc->user_id) &&
1095 uid_eq(cred->uid, fc->user_id) &&
1096 gid_eq(cred->egid, fc->group_id) &&
1097 gid_eq(cred->sgid, fc->group_id) &&
1098 gid_eq(cred->gid, fc->group_id))
1099 return 1;
1100
1101 return 0;
1102 }
1103
fuse_access(struct inode * inode,int mask)1104 static int fuse_access(struct inode *inode, int mask)
1105 {
1106 struct fuse_conn *fc = get_fuse_conn(inode);
1107 FUSE_ARGS(args);
1108 struct fuse_access_in inarg;
1109 int err;
1110
1111 BUG_ON(mask & MAY_NOT_BLOCK);
1112
1113 if (fc->no_access)
1114 return 0;
1115
1116 memset(&inarg, 0, sizeof(inarg));
1117 inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
1118 args.in.h.opcode = FUSE_ACCESS;
1119 args.in.h.nodeid = get_node_id(inode);
1120 args.in.numargs = 1;
1121 args.in.args[0].size = sizeof(inarg);
1122 args.in.args[0].value = &inarg;
1123 err = fuse_simple_request(fc, &args);
1124 if (err == -ENOSYS) {
1125 fc->no_access = 1;
1126 err = 0;
1127 }
1128 return err;
1129 }
1130
fuse_perm_getattr(struct inode * inode,int mask)1131 static int fuse_perm_getattr(struct inode *inode, int mask)
1132 {
1133 if (mask & MAY_NOT_BLOCK)
1134 return -ECHILD;
1135
1136 forget_all_cached_acls(inode);
1137 return fuse_do_getattr(inode, NULL, NULL);
1138 }
1139
1140 /*
1141 * Check permission. The two basic access models of FUSE are:
1142 *
1143 * 1) Local access checking ('default_permissions' mount option) based
1144 * on file mode. This is the plain old disk filesystem permission
1145 * modell.
1146 *
1147 * 2) "Remote" access checking, where server is responsible for
1148 * checking permission in each inode operation. An exception to this
1149 * is if ->permission() was invoked from sys_access() in which case an
1150 * access request is sent. Execute permission is still checked
1151 * locally based on file mode.
1152 */
fuse_permission(struct inode * inode,int mask)1153 static int fuse_permission(struct inode *inode, int mask)
1154 {
1155 struct fuse_conn *fc = get_fuse_conn(inode);
1156 bool refreshed = false;
1157 int err = 0;
1158
1159 if (!fuse_allow_current_process(fc))
1160 return -EACCES;
1161
1162 /*
1163 * If attributes are needed, refresh them before proceeding
1164 */
1165 if (fc->default_permissions ||
1166 ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
1167 struct fuse_inode *fi = get_fuse_inode(inode);
1168
1169 if (time_before64(fi->i_time, get_jiffies_64())) {
1170 refreshed = true;
1171
1172 err = fuse_perm_getattr(inode, mask);
1173 if (err)
1174 return err;
1175 }
1176 }
1177
1178 if (fc->default_permissions) {
1179 err = generic_permission(inode, mask);
1180
1181 /* If permission is denied, try to refresh file
1182 attributes. This is also needed, because the root
1183 node will at first have no permissions */
1184 if (err == -EACCES && !refreshed) {
1185 err = fuse_perm_getattr(inode, mask);
1186 if (!err)
1187 err = generic_permission(inode, mask);
1188 }
1189
1190 /* Note: the opposite of the above test does not
1191 exist. So if permissions are revoked this won't be
1192 noticed immediately, only after the attribute
1193 timeout has expired */
1194 } else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
1195 err = fuse_access(inode, mask);
1196 } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
1197 if (!(inode->i_mode & S_IXUGO)) {
1198 if (refreshed)
1199 return -EACCES;
1200
1201 err = fuse_perm_getattr(inode, mask);
1202 if (!err && !(inode->i_mode & S_IXUGO))
1203 return -EACCES;
1204 }
1205 }
1206 return err;
1207 }
1208
parse_dirfile(char * buf,size_t nbytes,struct file * file,struct dir_context * ctx)1209 static int parse_dirfile(char *buf, size_t nbytes, struct file *file,
1210 struct dir_context *ctx)
1211 {
1212 while (nbytes >= FUSE_NAME_OFFSET) {
1213 struct fuse_dirent *dirent = (struct fuse_dirent *) buf;
1214 size_t reclen = FUSE_DIRENT_SIZE(dirent);
1215 if (!dirent->namelen || dirent->namelen > FUSE_NAME_MAX)
1216 return -EIO;
1217 if (reclen > nbytes)
1218 break;
1219 if (memchr(dirent->name, '/', dirent->namelen) != NULL)
1220 return -EIO;
1221
1222 if (!dir_emit(ctx, dirent->name, dirent->namelen,
1223 dirent->ino, dirent->type))
1224 break;
1225
1226 buf += reclen;
1227 nbytes -= reclen;
1228 ctx->pos = dirent->off;
1229 }
1230
1231 return 0;
1232 }
1233
fuse_direntplus_link(struct file * file,struct fuse_direntplus * direntplus,u64 attr_version)1234 static int fuse_direntplus_link(struct file *file,
1235 struct fuse_direntplus *direntplus,
1236 u64 attr_version)
1237 {
1238 struct fuse_entry_out *o = &direntplus->entry_out;
1239 struct fuse_dirent *dirent = &direntplus->dirent;
1240 struct dentry *parent = file->f_path.dentry;
1241 struct qstr name = QSTR_INIT(dirent->name, dirent->namelen);
1242 struct dentry *dentry;
1243 struct dentry *alias;
1244 struct inode *dir = d_inode(parent);
1245 struct fuse_conn *fc;
1246 struct inode *inode;
1247 DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq);
1248
1249 if (!o->nodeid) {
1250 /*
1251 * Unlike in the case of fuse_lookup, zero nodeid does not mean
1252 * ENOENT. Instead, it only means the userspace filesystem did
1253 * not want to return attributes/handle for this entry.
1254 *
1255 * So do nothing.
1256 */
1257 return 0;
1258 }
1259
1260 if (name.name[0] == '.') {
1261 /*
1262 * We could potentially refresh the attributes of the directory
1263 * and its parent?
1264 */
1265 if (name.len == 1)
1266 return 0;
1267 if (name.name[1] == '.' && name.len == 2)
1268 return 0;
1269 }
1270
1271 if (invalid_nodeid(o->nodeid))
1272 return -EIO;
1273 if (fuse_invalid_attr(&o->attr))
1274 return -EIO;
1275
1276 fc = get_fuse_conn(dir);
1277
1278 name.hash = full_name_hash(parent, name.name, name.len);
1279 dentry = d_lookup(parent, &name);
1280 if (!dentry) {
1281 retry:
1282 dentry = d_alloc_parallel(parent, &name, &wq);
1283 if (IS_ERR(dentry))
1284 return PTR_ERR(dentry);
1285 }
1286 if (!d_in_lookup(dentry)) {
1287 struct fuse_inode *fi;
1288 inode = d_inode(dentry);
1289 if (!inode ||
1290 get_node_id(inode) != o->nodeid ||
1291 ((o->attr.mode ^ inode->i_mode) & S_IFMT)) {
1292 d_invalidate(dentry);
1293 dput(dentry);
1294 goto retry;
1295 }
1296 if (is_bad_inode(inode)) {
1297 dput(dentry);
1298 return -EIO;
1299 }
1300
1301 fi = get_fuse_inode(inode);
1302 spin_lock(&fc->lock);
1303 fi->nlookup++;
1304 spin_unlock(&fc->lock);
1305
1306 forget_all_cached_acls(inode);
1307 fuse_change_attributes(inode, &o->attr,
1308 entry_attr_timeout(o),
1309 attr_version);
1310 /*
1311 * The other branch comes via fuse_iget()
1312 * which bumps nlookup inside
1313 */
1314 } else {
1315 inode = fuse_iget(dir->i_sb, o->nodeid, o->generation,
1316 &o->attr, entry_attr_timeout(o),
1317 attr_version);
1318 if (!inode)
1319 inode = ERR_PTR(-ENOMEM);
1320
1321 alias = d_splice_alias(inode, dentry);
1322 d_lookup_done(dentry);
1323 if (alias) {
1324 dput(dentry);
1325 dentry = alias;
1326 }
1327 if (IS_ERR(dentry))
1328 return PTR_ERR(dentry);
1329 }
1330 if (fc->readdirplus_auto)
1331 set_bit(FUSE_I_INIT_RDPLUS, &get_fuse_inode(inode)->state);
1332 fuse_change_entry_timeout(dentry, o);
1333
1334 dput(dentry);
1335 return 0;
1336 }
1337
parse_dirplusfile(char * buf,size_t nbytes,struct file * file,struct dir_context * ctx,u64 attr_version)1338 static int parse_dirplusfile(char *buf, size_t nbytes, struct file *file,
1339 struct dir_context *ctx, u64 attr_version)
1340 {
1341 struct fuse_direntplus *direntplus;
1342 struct fuse_dirent *dirent;
1343 size_t reclen;
1344 int over = 0;
1345 int ret;
1346
1347 while (nbytes >= FUSE_NAME_OFFSET_DIRENTPLUS) {
1348 direntplus = (struct fuse_direntplus *) buf;
1349 dirent = &direntplus->dirent;
1350 reclen = FUSE_DIRENTPLUS_SIZE(direntplus);
1351
1352 if (!dirent->namelen || dirent->namelen > FUSE_NAME_MAX)
1353 return -EIO;
1354 if (reclen > nbytes)
1355 break;
1356 if (memchr(dirent->name, '/', dirent->namelen) != NULL)
1357 return -EIO;
1358
1359 if (!over) {
1360 /* We fill entries into dstbuf only as much as
1361 it can hold. But we still continue iterating
1362 over remaining entries to link them. If not,
1363 we need to send a FORGET for each of those
1364 which we did not link.
1365 */
1366 over = !dir_emit(ctx, dirent->name, dirent->namelen,
1367 dirent->ino, dirent->type);
1368 if (!over)
1369 ctx->pos = dirent->off;
1370 }
1371
1372 buf += reclen;
1373 nbytes -= reclen;
1374
1375 ret = fuse_direntplus_link(file, direntplus, attr_version);
1376 if (ret)
1377 fuse_force_forget(file, direntplus->entry_out.nodeid);
1378 }
1379
1380 return 0;
1381 }
1382
fuse_readdir(struct file * file,struct dir_context * ctx)1383 static int fuse_readdir(struct file *file, struct dir_context *ctx)
1384 {
1385 int plus, err;
1386 size_t nbytes;
1387 struct page *page;
1388 struct inode *inode = file_inode(file);
1389 struct fuse_conn *fc = get_fuse_conn(inode);
1390 struct fuse_req *req;
1391 u64 attr_version = 0;
1392 bool locked;
1393
1394 if (is_bad_inode(inode))
1395 return -EIO;
1396
1397 req = fuse_get_req(fc, 1);
1398 if (IS_ERR(req))
1399 return PTR_ERR(req);
1400
1401 page = alloc_page(GFP_KERNEL);
1402 if (!page) {
1403 fuse_put_request(fc, req);
1404 return -ENOMEM;
1405 }
1406
1407 plus = fuse_use_readdirplus(inode, ctx);
1408 req->out.argpages = 1;
1409 req->num_pages = 1;
1410 req->pages[0] = page;
1411 req->page_descs[0].length = PAGE_SIZE;
1412 if (plus) {
1413 attr_version = fuse_get_attr_version(fc);
1414 fuse_read_fill(req, file, ctx->pos, PAGE_SIZE,
1415 FUSE_READDIRPLUS);
1416 } else {
1417 fuse_read_fill(req, file, ctx->pos, PAGE_SIZE,
1418 FUSE_READDIR);
1419 }
1420 locked = fuse_lock_inode(inode);
1421 fuse_request_send(fc, req);
1422 fuse_unlock_inode(inode, locked);
1423 nbytes = req->out.args[0].size;
1424 err = req->out.h.error;
1425 fuse_put_request(fc, req);
1426 if (!err) {
1427 if (plus) {
1428 err = parse_dirplusfile(page_address(page), nbytes,
1429 file, ctx,
1430 attr_version);
1431 } else {
1432 err = parse_dirfile(page_address(page), nbytes, file,
1433 ctx);
1434 }
1435 }
1436
1437 __free_page(page);
1438 fuse_invalidate_atime(inode);
1439 return err;
1440 }
1441
fuse_get_link(struct dentry * dentry,struct inode * inode,struct delayed_call * done)1442 static const char *fuse_get_link(struct dentry *dentry,
1443 struct inode *inode,
1444 struct delayed_call *done)
1445 {
1446 struct fuse_conn *fc = get_fuse_conn(inode);
1447 FUSE_ARGS(args);
1448 char *link;
1449 ssize_t ret;
1450
1451 if (!dentry)
1452 return ERR_PTR(-ECHILD);
1453
1454 link = kmalloc(PAGE_SIZE, GFP_KERNEL);
1455 if (!link)
1456 return ERR_PTR(-ENOMEM);
1457
1458 args.in.h.opcode = FUSE_READLINK;
1459 args.in.h.nodeid = get_node_id(inode);
1460 args.out.argvar = 1;
1461 args.out.numargs = 1;
1462 args.out.args[0].size = PAGE_SIZE - 1;
1463 args.out.args[0].value = link;
1464 ret = fuse_simple_request(fc, &args);
1465 if (ret < 0) {
1466 kfree(link);
1467 link = ERR_PTR(ret);
1468 } else {
1469 link[ret] = '\0';
1470 set_delayed_call(done, kfree_link, link);
1471 }
1472 fuse_invalidate_atime(inode);
1473 return link;
1474 }
1475
fuse_dir_open(struct inode * inode,struct file * file)1476 static int fuse_dir_open(struct inode *inode, struct file *file)
1477 {
1478 return fuse_open_common(inode, file, true);
1479 }
1480
fuse_dir_release(struct inode * inode,struct file * file)1481 static int fuse_dir_release(struct inode *inode, struct file *file)
1482 {
1483 fuse_release_common(file, true);
1484
1485 return 0;
1486 }
1487
fuse_dir_fsync(struct file * file,loff_t start,loff_t end,int datasync)1488 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end,
1489 int datasync)
1490 {
1491 return fuse_fsync_common(file, start, end, datasync, 1);
1492 }
1493
fuse_dir_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1494 static long fuse_dir_ioctl(struct file *file, unsigned int cmd,
1495 unsigned long arg)
1496 {
1497 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1498
1499 /* FUSE_IOCTL_DIR only supported for API version >= 7.18 */
1500 if (fc->minor < 18)
1501 return -ENOTTY;
1502
1503 return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR);
1504 }
1505
fuse_dir_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1506 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd,
1507 unsigned long arg)
1508 {
1509 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1510
1511 if (fc->minor < 18)
1512 return -ENOTTY;
1513
1514 return fuse_ioctl_common(file, cmd, arg,
1515 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR);
1516 }
1517
update_mtime(unsigned ivalid,bool trust_local_mtime)1518 static bool update_mtime(unsigned ivalid, bool trust_local_mtime)
1519 {
1520 /* Always update if mtime is explicitly set */
1521 if (ivalid & ATTR_MTIME_SET)
1522 return true;
1523
1524 /* Or if kernel i_mtime is the official one */
1525 if (trust_local_mtime)
1526 return true;
1527
1528 /* If it's an open(O_TRUNC) or an ftruncate(), don't update */
1529 if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE)))
1530 return false;
1531
1532 /* In all other cases update */
1533 return true;
1534 }
1535
iattr_to_fattr(struct iattr * iattr,struct fuse_setattr_in * arg,bool trust_local_cmtime)1536 static void iattr_to_fattr(struct iattr *iattr, struct fuse_setattr_in *arg,
1537 bool trust_local_cmtime)
1538 {
1539 unsigned ivalid = iattr->ia_valid;
1540
1541 if (ivalid & ATTR_MODE)
1542 arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode;
1543 if (ivalid & ATTR_UID)
1544 arg->valid |= FATTR_UID, arg->uid = from_kuid(&init_user_ns, iattr->ia_uid);
1545 if (ivalid & ATTR_GID)
1546 arg->valid |= FATTR_GID, arg->gid = from_kgid(&init_user_ns, iattr->ia_gid);
1547 if (ivalid & ATTR_SIZE)
1548 arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size;
1549 if (ivalid & ATTR_ATIME) {
1550 arg->valid |= FATTR_ATIME;
1551 arg->atime = iattr->ia_atime.tv_sec;
1552 arg->atimensec = iattr->ia_atime.tv_nsec;
1553 if (!(ivalid & ATTR_ATIME_SET))
1554 arg->valid |= FATTR_ATIME_NOW;
1555 }
1556 if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) {
1557 arg->valid |= FATTR_MTIME;
1558 arg->mtime = iattr->ia_mtime.tv_sec;
1559 arg->mtimensec = iattr->ia_mtime.tv_nsec;
1560 if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime)
1561 arg->valid |= FATTR_MTIME_NOW;
1562 }
1563 if ((ivalid & ATTR_CTIME) && trust_local_cmtime) {
1564 arg->valid |= FATTR_CTIME;
1565 arg->ctime = iattr->ia_ctime.tv_sec;
1566 arg->ctimensec = iattr->ia_ctime.tv_nsec;
1567 }
1568 }
1569
1570 /*
1571 * Prevent concurrent writepages on inode
1572 *
1573 * This is done by adding a negative bias to the inode write counter
1574 * and waiting for all pending writes to finish.
1575 */
fuse_set_nowrite(struct inode * inode)1576 void fuse_set_nowrite(struct inode *inode)
1577 {
1578 struct fuse_conn *fc = get_fuse_conn(inode);
1579 struct fuse_inode *fi = get_fuse_inode(inode);
1580
1581 BUG_ON(!inode_is_locked(inode));
1582
1583 spin_lock(&fc->lock);
1584 BUG_ON(fi->writectr < 0);
1585 fi->writectr += FUSE_NOWRITE;
1586 spin_unlock(&fc->lock);
1587 wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE);
1588 }
1589
1590 /*
1591 * Allow writepages on inode
1592 *
1593 * Remove the bias from the writecounter and send any queued
1594 * writepages.
1595 */
__fuse_release_nowrite(struct inode * inode)1596 static void __fuse_release_nowrite(struct inode *inode)
1597 {
1598 struct fuse_inode *fi = get_fuse_inode(inode);
1599
1600 BUG_ON(fi->writectr != FUSE_NOWRITE);
1601 fi->writectr = 0;
1602 fuse_flush_writepages(inode);
1603 }
1604
fuse_release_nowrite(struct inode * inode)1605 void fuse_release_nowrite(struct inode *inode)
1606 {
1607 struct fuse_conn *fc = get_fuse_conn(inode);
1608
1609 spin_lock(&fc->lock);
1610 __fuse_release_nowrite(inode);
1611 spin_unlock(&fc->lock);
1612 }
1613
fuse_setattr_fill(struct fuse_conn * fc,struct fuse_args * args,struct inode * inode,struct fuse_setattr_in * inarg_p,struct fuse_attr_out * outarg_p)1614 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args,
1615 struct inode *inode,
1616 struct fuse_setattr_in *inarg_p,
1617 struct fuse_attr_out *outarg_p)
1618 {
1619 args->in.h.opcode = FUSE_SETATTR;
1620 args->in.h.nodeid = get_node_id(inode);
1621 args->in.numargs = 1;
1622 args->in.args[0].size = sizeof(*inarg_p);
1623 args->in.args[0].value = inarg_p;
1624 args->out.numargs = 1;
1625 args->out.args[0].size = sizeof(*outarg_p);
1626 args->out.args[0].value = outarg_p;
1627 }
1628
1629 /*
1630 * Flush inode->i_mtime to the server
1631 */
fuse_flush_times(struct inode * inode,struct fuse_file * ff)1632 int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
1633 {
1634 struct fuse_conn *fc = get_fuse_conn(inode);
1635 FUSE_ARGS(args);
1636 struct fuse_setattr_in inarg;
1637 struct fuse_attr_out outarg;
1638
1639 memset(&inarg, 0, sizeof(inarg));
1640 memset(&outarg, 0, sizeof(outarg));
1641
1642 inarg.valid = FATTR_MTIME;
1643 inarg.mtime = inode->i_mtime.tv_sec;
1644 inarg.mtimensec = inode->i_mtime.tv_nsec;
1645 if (fc->minor >= 23) {
1646 inarg.valid |= FATTR_CTIME;
1647 inarg.ctime = inode->i_ctime.tv_sec;
1648 inarg.ctimensec = inode->i_ctime.tv_nsec;
1649 }
1650 if (ff) {
1651 inarg.valid |= FATTR_FH;
1652 inarg.fh = ff->fh;
1653 }
1654 fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
1655
1656 return fuse_simple_request(fc, &args);
1657 }
1658
1659 /*
1660 * Set attributes, and at the same time refresh them.
1661 *
1662 * Truncation is slightly complicated, because the 'truncate' request
1663 * may fail, in which case we don't want to touch the mapping.
1664 * vmtruncate() doesn't allow for this case, so do the rlimit checking
1665 * and the actual truncation by hand.
1666 */
fuse_do_setattr(struct dentry * dentry,struct iattr * attr,struct file * file)1667 int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
1668 struct file *file)
1669 {
1670 struct inode *inode = d_inode(dentry);
1671 struct fuse_conn *fc = get_fuse_conn(inode);
1672 struct fuse_inode *fi = get_fuse_inode(inode);
1673 FUSE_ARGS(args);
1674 struct fuse_setattr_in inarg;
1675 struct fuse_attr_out outarg;
1676 bool is_truncate = false;
1677 bool is_wb = fc->writeback_cache;
1678 loff_t oldsize;
1679 int err;
1680 bool trust_local_cmtime = is_wb && S_ISREG(inode->i_mode);
1681
1682 if (!fc->default_permissions)
1683 attr->ia_valid |= ATTR_FORCE;
1684
1685 err = setattr_prepare(dentry, attr);
1686 if (err)
1687 return err;
1688
1689 if (attr->ia_valid & ATTR_OPEN) {
1690 /* This is coming from open(..., ... | O_TRUNC); */
1691 WARN_ON(!(attr->ia_valid & ATTR_SIZE));
1692 WARN_ON(attr->ia_size != 0);
1693 if (fc->atomic_o_trunc) {
1694 /*
1695 * No need to send request to userspace, since actual
1696 * truncation has already been done by OPEN. But still
1697 * need to truncate page cache.
1698 */
1699 i_size_write(inode, 0);
1700 truncate_pagecache(inode, 0);
1701 return 0;
1702 }
1703 file = NULL;
1704 }
1705
1706 if (attr->ia_valid & ATTR_SIZE)
1707 is_truncate = true;
1708
1709 /* Flush dirty data/metadata before non-truncate SETATTR */
1710 if (is_wb && S_ISREG(inode->i_mode) &&
1711 attr->ia_valid &
1712 (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET |
1713 ATTR_TIMES_SET)) {
1714 err = write_inode_now(inode, true);
1715 if (err)
1716 return err;
1717
1718 fuse_set_nowrite(inode);
1719 fuse_release_nowrite(inode);
1720 }
1721
1722 if (is_truncate) {
1723 fuse_set_nowrite(inode);
1724 set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1725 if (trust_local_cmtime && attr->ia_size != inode->i_size)
1726 attr->ia_valid |= ATTR_MTIME | ATTR_CTIME;
1727 }
1728
1729 memset(&inarg, 0, sizeof(inarg));
1730 memset(&outarg, 0, sizeof(outarg));
1731 iattr_to_fattr(attr, &inarg, trust_local_cmtime);
1732 if (file) {
1733 struct fuse_file *ff = file->private_data;
1734 inarg.valid |= FATTR_FH;
1735 inarg.fh = ff->fh;
1736 }
1737 if (attr->ia_valid & ATTR_SIZE) {
1738 /* For mandatory locking in truncate */
1739 inarg.valid |= FATTR_LOCKOWNER;
1740 inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
1741 }
1742 fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
1743 err = fuse_simple_request(fc, &args);
1744 if (err) {
1745 if (err == -EINTR)
1746 fuse_invalidate_attr(inode);
1747 goto error;
1748 }
1749
1750 if (fuse_invalid_attr(&outarg.attr) ||
1751 (inode->i_mode ^ outarg.attr.mode) & S_IFMT) {
1752 make_bad_inode(inode);
1753 err = -EIO;
1754 goto error;
1755 }
1756
1757 spin_lock(&fc->lock);
1758 /* the kernel maintains i_mtime locally */
1759 if (trust_local_cmtime) {
1760 if (attr->ia_valid & ATTR_MTIME)
1761 inode->i_mtime = attr->ia_mtime;
1762 if (attr->ia_valid & ATTR_CTIME)
1763 inode->i_ctime = attr->ia_ctime;
1764 /* FIXME: clear I_DIRTY_SYNC? */
1765 }
1766
1767 fuse_change_attributes_common(inode, &outarg.attr,
1768 attr_timeout(&outarg));
1769 oldsize = inode->i_size;
1770 /* see the comment in fuse_change_attributes() */
1771 if (!is_wb || is_truncate || !S_ISREG(inode->i_mode))
1772 i_size_write(inode, outarg.attr.size);
1773
1774 if (is_truncate) {
1775 /* NOTE: this may release/reacquire fc->lock */
1776 __fuse_release_nowrite(inode);
1777 }
1778 spin_unlock(&fc->lock);
1779
1780 /*
1781 * Only call invalidate_inode_pages2() after removing
1782 * FUSE_NOWRITE, otherwise fuse_launder_page() would deadlock.
1783 */
1784 if ((is_truncate || !is_wb) &&
1785 S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) {
1786 truncate_pagecache(inode, outarg.attr.size);
1787 invalidate_inode_pages2(inode->i_mapping);
1788 }
1789
1790 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1791 return 0;
1792
1793 error:
1794 if (is_truncate)
1795 fuse_release_nowrite(inode);
1796
1797 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1798 return err;
1799 }
1800
fuse_setattr(struct dentry * entry,struct iattr * attr)1801 static int fuse_setattr(struct dentry *entry, struct iattr *attr)
1802 {
1803 struct inode *inode = d_inode(entry);
1804 struct fuse_conn *fc = get_fuse_conn(inode);
1805 struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
1806 int ret;
1807
1808 if (!fuse_allow_current_process(get_fuse_conn(inode)))
1809 return -EACCES;
1810
1811 if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
1812 attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
1813 ATTR_MODE);
1814
1815 /*
1816 * The only sane way to reliably kill suid/sgid is to do it in
1817 * the userspace filesystem
1818 *
1819 * This should be done on write(), truncate() and chown().
1820 */
1821 if (!fc->handle_killpriv) {
1822 /*
1823 * ia_mode calculation may have used stale i_mode.
1824 * Refresh and recalculate.
1825 */
1826 ret = fuse_do_getattr(inode, NULL, file);
1827 if (ret)
1828 return ret;
1829
1830 attr->ia_mode = inode->i_mode;
1831 if (inode->i_mode & S_ISUID) {
1832 attr->ia_valid |= ATTR_MODE;
1833 attr->ia_mode &= ~S_ISUID;
1834 }
1835 if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
1836 attr->ia_valid |= ATTR_MODE;
1837 attr->ia_mode &= ~S_ISGID;
1838 }
1839 }
1840 }
1841 if (!attr->ia_valid)
1842 return 0;
1843
1844 ret = fuse_do_setattr(entry, attr, file);
1845 if (!ret) {
1846 /*
1847 * If filesystem supports acls it may have updated acl xattrs in
1848 * the filesystem, so forget cached acls for the inode.
1849 */
1850 if (fc->posix_acl)
1851 forget_all_cached_acls(inode);
1852
1853 /* Directory mode changed, may need to revalidate access */
1854 if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
1855 fuse_invalidate_entry_cache(entry);
1856 }
1857 return ret;
1858 }
1859
fuse_getattr(const struct path * path,struct kstat * stat,u32 request_mask,unsigned int flags)1860 static int fuse_getattr(const struct path *path, struct kstat *stat,
1861 u32 request_mask, unsigned int flags)
1862 {
1863 struct inode *inode = d_inode(path->dentry);
1864 struct fuse_conn *fc = get_fuse_conn(inode);
1865
1866 if (!fuse_allow_current_process(fc))
1867 return -EACCES;
1868
1869 return fuse_update_get_attr(inode, NULL, stat);
1870 }
1871
1872 static const struct inode_operations fuse_dir_inode_operations = {
1873 .lookup = fuse_lookup,
1874 .mkdir = fuse_mkdir,
1875 .symlink = fuse_symlink,
1876 .unlink = fuse_unlink,
1877 .rmdir = fuse_rmdir,
1878 .rename = fuse_rename2,
1879 .link = fuse_link,
1880 .setattr = fuse_setattr,
1881 .create = fuse_create,
1882 .atomic_open = fuse_atomic_open,
1883 .mknod = fuse_mknod,
1884 .permission = fuse_permission,
1885 .getattr = fuse_getattr,
1886 .listxattr = fuse_listxattr,
1887 .get_acl = fuse_get_acl,
1888 .set_acl = fuse_set_acl,
1889 };
1890
1891 static const struct file_operations fuse_dir_operations = {
1892 .llseek = generic_file_llseek,
1893 .read = generic_read_dir,
1894 .iterate_shared = fuse_readdir,
1895 .open = fuse_dir_open,
1896 .release = fuse_dir_release,
1897 .fsync = fuse_dir_fsync,
1898 .unlocked_ioctl = fuse_dir_ioctl,
1899 .compat_ioctl = fuse_dir_compat_ioctl,
1900 };
1901
1902 static const struct inode_operations fuse_common_inode_operations = {
1903 .setattr = fuse_setattr,
1904 .permission = fuse_permission,
1905 .getattr = fuse_getattr,
1906 .listxattr = fuse_listxattr,
1907 .get_acl = fuse_get_acl,
1908 .set_acl = fuse_set_acl,
1909 };
1910
1911 static const struct inode_operations fuse_symlink_inode_operations = {
1912 .setattr = fuse_setattr,
1913 .get_link = fuse_get_link,
1914 .getattr = fuse_getattr,
1915 .listxattr = fuse_listxattr,
1916 };
1917
fuse_init_common(struct inode * inode)1918 void fuse_init_common(struct inode *inode)
1919 {
1920 inode->i_op = &fuse_common_inode_operations;
1921 }
1922
fuse_init_dir(struct inode * inode)1923 void fuse_init_dir(struct inode *inode)
1924 {
1925 inode->i_op = &fuse_dir_inode_operations;
1926 inode->i_fop = &fuse_dir_operations;
1927 }
1928
fuse_init_symlink(struct inode * inode)1929 void fuse_init_symlink(struct inode *inode)
1930 {
1931 inode->i_op = &fuse_symlink_inode_operations;
1932 }
1933