1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright 2020 Google LLC
4 */
5
6 #include <linux/file.h>
7 #include <linux/fs.h>
8 #include <linux/fsnotify.h>
9 #include <linux/namei.h>
10 #include <linux/poll.h>
11 #include <linux/syscalls.h>
12
13 #include <uapi/linux/incrementalfs.h>
14
15 #include "pseudo_files.h"
16
17 #include "data_mgmt.h"
18 #include "format.h"
19 #include "integrity.h"
20 #include "vfs.h"
21
22 #define READ_WRITE_FILE_MODE 0666
23
24 static bool is_pseudo_filename(struct mem_range name);
25
26 /*******************************************************************************
27 * .pending_reads pseudo file definition
28 ******************************************************************************/
29 #define INCFS_PENDING_READS_INODE 2
30 static const char pending_reads_file_name[] = INCFS_PENDING_READS_FILENAME;
31
32 /* State of an open .pending_reads file, unique for each file descriptor. */
33 struct pending_reads_state {
34 /* A serial number of the last pending read obtained from this file. */
35 int last_pending_read_sn;
36 };
37
pending_reads_read(struct file * f,char __user * buf,size_t len,loff_t * ppos)38 static ssize_t pending_reads_read(struct file *f, char __user *buf, size_t len,
39 loff_t *ppos)
40 {
41 struct pending_reads_state *pr_state = f->private_data;
42 struct mount_info *mi = get_mount_info(file_superblock(f));
43 bool report_uid;
44 unsigned long page = 0;
45 struct incfs_pending_read_info *reads_buf = NULL;
46 struct incfs_pending_read_info2 *reads_buf2 = NULL;
47 size_t record_size;
48 size_t reads_to_collect;
49 int last_known_read_sn = READ_ONCE(pr_state->last_pending_read_sn);
50 int new_max_sn = last_known_read_sn;
51 int reads_collected = 0;
52 ssize_t result = 0;
53
54 if (!mi)
55 return -EFAULT;
56
57 report_uid = mi->mi_options.report_uid;
58 record_size = report_uid ? sizeof(*reads_buf2) : sizeof(*reads_buf);
59 reads_to_collect = len / record_size;
60
61 if (!incfs_fresh_pending_reads_exist(mi, last_known_read_sn))
62 return 0;
63
64 page = get_zeroed_page(GFP_NOFS);
65 if (!page)
66 return -ENOMEM;
67
68 if (report_uid)
69 reads_buf2 = (struct incfs_pending_read_info2 *) page;
70 else
71 reads_buf = (struct incfs_pending_read_info *) page;
72
73 reads_to_collect =
74 min_t(size_t, PAGE_SIZE / record_size, reads_to_collect);
75
76 reads_collected = incfs_collect_pending_reads(mi, last_known_read_sn,
77 reads_buf, reads_buf2, reads_to_collect,
78 &new_max_sn);
79
80 if (reads_collected < 0) {
81 result = reads_collected;
82 goto out;
83 }
84
85 /*
86 * Just to make sure that we don't accidentally copy more data
87 * to reads buffer than userspace can handle.
88 */
89 reads_collected = min_t(size_t, reads_collected, reads_to_collect);
90 result = reads_collected * record_size;
91
92 /* Copy reads info to the userspace buffer */
93 if (copy_to_user(buf, (void *)page, result)) {
94 result = -EFAULT;
95 goto out;
96 }
97
98 WRITE_ONCE(pr_state->last_pending_read_sn, new_max_sn);
99 *ppos = 0;
100
101 out:
102 free_page(page);
103 return result;
104 }
105
pending_reads_poll(struct file * file,poll_table * wait)106 static __poll_t pending_reads_poll(struct file *file, poll_table *wait)
107 {
108 struct pending_reads_state *state = file->private_data;
109 struct mount_info *mi = get_mount_info(file_superblock(file));
110 __poll_t ret = 0;
111
112 poll_wait(file, &mi->mi_pending_reads_notif_wq, wait);
113 if (incfs_fresh_pending_reads_exist(mi,
114 state->last_pending_read_sn))
115 ret = EPOLLIN | EPOLLRDNORM;
116
117 return ret;
118 }
119
pending_reads_open(struct inode * inode,struct file * file)120 static int pending_reads_open(struct inode *inode, struct file *file)
121 {
122 struct pending_reads_state *state = NULL;
123
124 state = kzalloc(sizeof(*state), GFP_NOFS);
125 if (!state)
126 return -ENOMEM;
127
128 file->private_data = state;
129 return 0;
130 }
131
pending_reads_release(struct inode * inode,struct file * file)132 static int pending_reads_release(struct inode *inode, struct file *file)
133 {
134 kfree(file->private_data);
135 return 0;
136 }
137
ioctl_permit_fill(struct file * f,void __user * arg)138 static long ioctl_permit_fill(struct file *f, void __user *arg)
139 {
140 struct incfs_permit_fill __user *usr_permit_fill = arg;
141 struct incfs_permit_fill permit_fill;
142 long error = 0;
143 struct file *file = NULL;
144 struct incfs_file_data *fd;
145
146 if (copy_from_user(&permit_fill, usr_permit_fill, sizeof(permit_fill)))
147 return -EFAULT;
148
149 file = fget(permit_fill.file_descriptor);
150 if (IS_ERR_OR_NULL(file)) {
151 if (!file)
152 return -ENOENT;
153
154 return PTR_ERR(file);
155 }
156
157 if (file->f_op != &incfs_file_ops) {
158 error = -EPERM;
159 goto out;
160 }
161
162 if (file->f_inode->i_sb != f->f_inode->i_sb) {
163 error = -EPERM;
164 goto out;
165 }
166
167 fd = file->private_data;
168
169 switch (fd->fd_fill_permission) {
170 case CANT_FILL:
171 fd->fd_fill_permission = CAN_FILL;
172 break;
173
174 case CAN_FILL:
175 pr_debug("CAN_FILL already set");
176 break;
177
178 default:
179 pr_warn("Invalid file private data");
180 error = -EFAULT;
181 goto out;
182 }
183
184 out:
185 fput(file);
186 return error;
187 }
188
chmod(struct dentry * dentry,umode_t mode)189 static int chmod(struct dentry *dentry, umode_t mode)
190 {
191 struct inode *inode = dentry->d_inode;
192 struct inode *delegated_inode = NULL;
193 struct iattr newattrs;
194 int error;
195
196 retry_deleg:
197 inode_lock(inode);
198 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
199 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
200 error = notify_change(dentry, &newattrs, &delegated_inode);
201 inode_unlock(inode);
202 if (delegated_inode) {
203 error = break_deleg_wait(&delegated_inode);
204 if (!error)
205 goto retry_deleg;
206 }
207 return error;
208 }
209
incfs_equal_ranges(struct mem_range lhs,struct mem_range rhs)210 static bool incfs_equal_ranges(struct mem_range lhs, struct mem_range rhs)
211 {
212 if (lhs.len != rhs.len)
213 return false;
214 return memcmp(lhs.data, rhs.data, lhs.len) == 0;
215 }
216
validate_name(char * file_name)217 static int validate_name(char *file_name)
218 {
219 struct mem_range name = range(file_name, strlen(file_name));
220 int i = 0;
221
222 if (name.len > INCFS_MAX_NAME_LEN)
223 return -ENAMETOOLONG;
224
225 if (is_pseudo_filename(name))
226 return -EINVAL;
227
228 for (i = 0; i < name.len; i++)
229 if (name.data[i] == '/')
230 return -EINVAL;
231
232 return 0;
233 }
234
dir_relative_path_resolve(struct mount_info * mi,const char __user * relative_path,struct path * result_path,struct path * base_path)235 static int dir_relative_path_resolve(
236 struct mount_info *mi,
237 const char __user *relative_path,
238 struct path *result_path,
239 struct path *base_path)
240 {
241 int dir_fd = get_unused_fd_flags(0);
242 struct file *dir_f = NULL;
243 int error = 0;
244
245 if (!base_path)
246 base_path = &mi->mi_backing_dir_path;
247
248 if (dir_fd < 0)
249 return dir_fd;
250
251 dir_f = dentry_open(base_path, O_RDONLY | O_NOATIME, current_cred());
252
253 if (IS_ERR(dir_f)) {
254 error = PTR_ERR(dir_f);
255 goto out;
256 }
257 fd_install(dir_fd, dir_f);
258
259 if (!relative_path) {
260 /* No relative path given, just return the base dir. */
261 *result_path = *base_path;
262 path_get(result_path);
263 goto out;
264 }
265
266 error = user_path_at_empty(dir_fd, relative_path,
267 LOOKUP_FOLLOW | LOOKUP_DIRECTORY, result_path, NULL);
268
269 out:
270 ksys_close(dir_fd);
271 if (error)
272 pr_debug("Error: %d\n", error);
273 return error;
274 }
275
incfs_copy_signature_info_from_user(u8 __user * original,u64 size)276 static struct mem_range incfs_copy_signature_info_from_user(u8 __user *original,
277 u64 size)
278 {
279 u8 *result;
280
281 if (!original)
282 return range(NULL, 0);
283
284 if (size > INCFS_MAX_SIGNATURE_SIZE)
285 return range(ERR_PTR(-EFAULT), 0);
286
287 result = kzalloc(size, GFP_NOFS | __GFP_COMP);
288 if (!result)
289 return range(ERR_PTR(-ENOMEM), 0);
290
291 if (copy_from_user(result, original, size)) {
292 kfree(result);
293 return range(ERR_PTR(-EFAULT), 0);
294 }
295
296 return range(result, size);
297 }
298
init_new_file(struct mount_info * mi,struct dentry * dentry,incfs_uuid_t * uuid,u64 size,struct mem_range attr,u8 __user * user_signature_info,u64 signature_size)299 static int init_new_file(struct mount_info *mi, struct dentry *dentry,
300 incfs_uuid_t *uuid, u64 size, struct mem_range attr,
301 u8 __user *user_signature_info, u64 signature_size)
302 {
303 struct path path = {};
304 struct file *new_file;
305 int error = 0;
306 struct backing_file_context *bfc = NULL;
307 u32 block_count;
308 struct mem_range raw_signature = { NULL };
309 struct mtree *hash_tree = NULL;
310
311 if (!mi || !dentry || !uuid)
312 return -EFAULT;
313
314 /* Resize newly created file to its true size. */
315 path = (struct path) {
316 .mnt = mi->mi_backing_dir_path.mnt,
317 .dentry = dentry
318 };
319
320 new_file = dentry_open(&path, O_RDWR | O_NOATIME | O_LARGEFILE,
321 current_cred());
322
323 if (IS_ERR(new_file)) {
324 error = PTR_ERR(new_file);
325 goto out;
326 }
327
328 bfc = incfs_alloc_bfc(mi, new_file);
329 fput(new_file);
330 if (IS_ERR(bfc)) {
331 error = PTR_ERR(bfc);
332 bfc = NULL;
333 goto out;
334 }
335
336 mutex_lock(&bfc->bc_mutex);
337 error = incfs_write_fh_to_backing_file(bfc, uuid, size);
338 if (error)
339 goto out;
340
341 block_count = (u32)get_blocks_count_for_size(size);
342
343 if (user_signature_info) {
344 raw_signature = incfs_copy_signature_info_from_user(
345 user_signature_info, signature_size);
346
347 if (IS_ERR(raw_signature.data)) {
348 error = PTR_ERR(raw_signature.data);
349 raw_signature.data = NULL;
350 goto out;
351 }
352
353 hash_tree = incfs_alloc_mtree(raw_signature, block_count);
354 if (IS_ERR(hash_tree)) {
355 error = PTR_ERR(hash_tree);
356 hash_tree = NULL;
357 goto out;
358 }
359
360 error = incfs_write_signature_to_backing_file(bfc,
361 raw_signature, hash_tree->hash_tree_area_size,
362 NULL, NULL);
363 if (error)
364 goto out;
365
366 block_count += get_blocks_count_for_size(
367 hash_tree->hash_tree_area_size);
368 }
369
370 if (block_count)
371 error = incfs_write_blockmap_to_backing_file(bfc, block_count);
372
373 if (error)
374 goto out;
375
376 out:
377 if (bfc) {
378 mutex_unlock(&bfc->bc_mutex);
379 incfs_free_bfc(bfc);
380 }
381 incfs_free_mtree(hash_tree);
382 kfree(raw_signature.data);
383
384 if (error)
385 pr_debug("incfs: %s error: %d\n", __func__, error);
386 return error;
387 }
388
notify_create(struct file * pending_reads_file,const char __user * dir_name,const char * file_name,const char * file_id_str,bool incomplete_file)389 static void notify_create(struct file *pending_reads_file,
390 const char __user *dir_name, const char *file_name,
391 const char *file_id_str, bool incomplete_file)
392 {
393 struct mount_info *mi =
394 get_mount_info(file_superblock(pending_reads_file));
395 struct path base_path = {
396 .mnt = pending_reads_file->f_path.mnt,
397 .dentry = pending_reads_file->f_path.dentry->d_parent,
398 };
399 struct path dir_path = {};
400 struct dentry *file = NULL;
401 struct dentry *dir = NULL;
402 int error;
403
404 error = dir_relative_path_resolve(mi, dir_name, &dir_path, &base_path);
405 if (error)
406 goto out;
407
408 file = incfs_lookup_dentry(dir_path.dentry, file_name);
409 if (IS_ERR(file)) {
410 error = PTR_ERR(file);
411 file = NULL;
412 goto out;
413 }
414
415 fsnotify_create(d_inode(dir_path.dentry), file);
416
417 if (file_id_str) {
418 dir = incfs_lookup_dentry(base_path.dentry, INCFS_INDEX_NAME);
419 if (IS_ERR(dir)) {
420 error = PTR_ERR(dir);
421 dir = NULL;
422 goto out;
423 }
424
425 dput(file);
426 file = incfs_lookup_dentry(dir, file_id_str);
427 if (IS_ERR(file)) {
428 error = PTR_ERR(file);
429 file = NULL;
430 goto out;
431 }
432
433 fsnotify_create(d_inode(dir), file);
434
435 if (incomplete_file) {
436 dput(dir);
437 dir = incfs_lookup_dentry(base_path.dentry,
438 INCFS_INCOMPLETE_NAME);
439 if (IS_ERR(dir)) {
440 error = PTR_ERR(dir);
441 dir = NULL;
442 goto out;
443 }
444
445 dput(file);
446 file = incfs_lookup_dentry(dir, file_id_str);
447 if (IS_ERR(file)) {
448 error = PTR_ERR(file);
449 file = NULL;
450 goto out;
451 }
452
453 fsnotify_create(d_inode(dir), file);
454 }
455 }
456 out:
457 if (error)
458 pr_warn("%s failed with error %d\n", __func__, error);
459
460 dput(dir);
461 dput(file);
462 path_put(&dir_path);
463 }
464
ioctl_create_file(struct file * file,struct incfs_new_file_args __user * usr_args)465 static long ioctl_create_file(struct file *file,
466 struct incfs_new_file_args __user *usr_args)
467 {
468 struct mount_info *mi = get_mount_info(file_superblock(file));
469 struct incfs_new_file_args args;
470 char *file_id_str = NULL;
471 struct dentry *index_file_dentry = NULL;
472 struct dentry *named_file_dentry = NULL;
473 struct dentry *incomplete_file_dentry = NULL;
474 struct path parent_dir_path = {};
475 struct inode *index_dir_inode = NULL;
476 __le64 size_attr_value = 0;
477 char *file_name = NULL;
478 char *attr_value = NULL;
479 int error = 0;
480 bool locked = false;
481 bool index_linked = false;
482 bool name_linked = false;
483 bool incomplete_linked = false;
484
485 if (!mi || !mi->mi_index_dir || !mi->mi_incomplete_dir) {
486 error = -EFAULT;
487 goto out;
488 }
489
490 if (copy_from_user(&args, usr_args, sizeof(args)) > 0) {
491 error = -EFAULT;
492 goto out;
493 }
494
495 file_name = strndup_user(u64_to_user_ptr(args.file_name), PATH_MAX);
496 if (IS_ERR(file_name)) {
497 error = PTR_ERR(file_name);
498 file_name = NULL;
499 goto out;
500 }
501
502 error = validate_name(file_name);
503 if (error)
504 goto out;
505
506 file_id_str = file_id_to_str(args.file_id);
507 if (!file_id_str) {
508 error = -ENOMEM;
509 goto out;
510 }
511
512 error = mutex_lock_interruptible(&mi->mi_dir_struct_mutex);
513 if (error)
514 goto out;
515 locked = true;
516
517 /* Find a directory to put the file into. */
518 error = dir_relative_path_resolve(mi,
519 u64_to_user_ptr(args.directory_path),
520 &parent_dir_path, NULL);
521 if (error)
522 goto out;
523
524 if (parent_dir_path.dentry == mi->mi_index_dir) {
525 /* Can't create a file directly inside .index */
526 error = -EBUSY;
527 goto out;
528 }
529
530 if (parent_dir_path.dentry == mi->mi_incomplete_dir) {
531 /* Can't create a file directly inside .incomplete */
532 error = -EBUSY;
533 goto out;
534 }
535
536 /* Look up a dentry in the parent dir. It should be negative. */
537 named_file_dentry = incfs_lookup_dentry(parent_dir_path.dentry,
538 file_name);
539 if (!named_file_dentry) {
540 error = -EFAULT;
541 goto out;
542 }
543 if (IS_ERR(named_file_dentry)) {
544 error = PTR_ERR(named_file_dentry);
545 named_file_dentry = NULL;
546 goto out;
547 }
548 if (d_really_is_positive(named_file_dentry)) {
549 /* File with this path already exists. */
550 error = -EEXIST;
551 goto out;
552 }
553
554 /* Look up a dentry in the incomplete dir. It should be negative. */
555 incomplete_file_dentry = incfs_lookup_dentry(mi->mi_incomplete_dir,
556 file_id_str);
557 if (!incomplete_file_dentry) {
558 error = -EFAULT;
559 goto out;
560 }
561 if (IS_ERR(incomplete_file_dentry)) {
562 error = PTR_ERR(incomplete_file_dentry);
563 incomplete_file_dentry = NULL;
564 goto out;
565 }
566 if (d_really_is_positive(incomplete_file_dentry)) {
567 /* File with this path already exists. */
568 error = -EEXIST;
569 goto out;
570 }
571
572 /* Look up a dentry in the .index dir. It should be negative. */
573 index_file_dentry = incfs_lookup_dentry(mi->mi_index_dir, file_id_str);
574 if (!index_file_dentry) {
575 error = -EFAULT;
576 goto out;
577 }
578 if (IS_ERR(index_file_dentry)) {
579 error = PTR_ERR(index_file_dentry);
580 index_file_dentry = NULL;
581 goto out;
582 }
583 if (d_really_is_positive(index_file_dentry)) {
584 /* File with this ID already exists in index. */
585 error = -EEXIST;
586 goto out;
587 }
588
589 /* Creating a file in the .index dir. */
590 index_dir_inode = d_inode(mi->mi_index_dir);
591 inode_lock_nested(index_dir_inode, I_MUTEX_PARENT);
592 error = vfs_create(index_dir_inode, index_file_dentry, args.mode | 0222,
593 true);
594 inode_unlock(index_dir_inode);
595
596 if (error)
597 goto out;
598 if (!d_really_is_positive(index_file_dentry)) {
599 error = -EINVAL;
600 goto out;
601 }
602
603 error = chmod(index_file_dentry, args.mode | 0222);
604 if (error) {
605 pr_debug("incfs: chmod err: %d\n", error);
606 goto out;
607 }
608
609 /* Save the file's ID as an xattr for easy fetching in future. */
610 error = vfs_setxattr(index_file_dentry, INCFS_XATTR_ID_NAME,
611 file_id_str, strlen(file_id_str), XATTR_CREATE);
612 if (error) {
613 pr_debug("incfs: vfs_setxattr err:%d\n", error);
614 goto out;
615 }
616
617 /* Save the file's size as an xattr for easy fetching in future. */
618 size_attr_value = cpu_to_le64(args.size);
619 error = vfs_setxattr(index_file_dentry, INCFS_XATTR_SIZE_NAME,
620 (char *)&size_attr_value, sizeof(size_attr_value),
621 XATTR_CREATE);
622 if (error) {
623 pr_debug("incfs: vfs_setxattr err:%d\n", error);
624 goto out;
625 }
626
627 /* Save the file's attribute as an xattr */
628 if (args.file_attr_len && args.file_attr) {
629 if (args.file_attr_len > INCFS_MAX_FILE_ATTR_SIZE) {
630 error = -E2BIG;
631 goto out;
632 }
633
634 attr_value = kmalloc(args.file_attr_len, GFP_NOFS);
635 if (!attr_value) {
636 error = -ENOMEM;
637 goto out;
638 }
639
640 if (copy_from_user(attr_value,
641 u64_to_user_ptr(args.file_attr),
642 args.file_attr_len) > 0) {
643 error = -EFAULT;
644 goto out;
645 }
646
647 error = vfs_setxattr(index_file_dentry,
648 INCFS_XATTR_METADATA_NAME,
649 attr_value, args.file_attr_len,
650 XATTR_CREATE);
651
652 if (error)
653 goto out;
654 }
655
656 /* Initializing a newly created file. */
657 error = init_new_file(mi, index_file_dentry, &args.file_id, args.size,
658 range(attr_value, args.file_attr_len),
659 u64_to_user_ptr(args.signature_info),
660 args.signature_size);
661 if (error)
662 goto out;
663 index_linked = true;
664
665 /* Linking a file with its real name from the requested dir. */
666 error = incfs_link(index_file_dentry, named_file_dentry);
667 if (error)
668 goto out;
669 name_linked = true;
670
671 if (args.size) {
672 /* Linking a file with its incomplete entry */
673 error = incfs_link(index_file_dentry, incomplete_file_dentry);
674 if (error)
675 goto out;
676 incomplete_linked = true;
677 }
678
679 notify_create(file, u64_to_user_ptr(args.directory_path), file_name,
680 file_id_str, args.size != 0);
681
682 out:
683 if (error) {
684 pr_debug("incfs: %s err:%d\n", __func__, error);
685 if (index_linked)
686 incfs_unlink(index_file_dentry);
687 if (name_linked)
688 incfs_unlink(named_file_dentry);
689 if (incomplete_linked)
690 incfs_unlink(incomplete_file_dentry);
691 }
692
693 kfree(file_id_str);
694 kfree(file_name);
695 kfree(attr_value);
696 dput(named_file_dentry);
697 dput(index_file_dentry);
698 dput(incomplete_file_dentry);
699 path_put(&parent_dir_path);
700 if (locked)
701 mutex_unlock(&mi->mi_dir_struct_mutex);
702
703 return error;
704 }
705
init_new_mapped_file(struct mount_info * mi,struct dentry * dentry,incfs_uuid_t * uuid,u64 size,u64 offset)706 static int init_new_mapped_file(struct mount_info *mi, struct dentry *dentry,
707 incfs_uuid_t *uuid, u64 size, u64 offset)
708 {
709 struct path path = {};
710 struct file *new_file;
711 int error = 0;
712 struct backing_file_context *bfc = NULL;
713
714 if (!mi || !dentry || !uuid)
715 return -EFAULT;
716
717 /* Resize newly created file to its true size. */
718 path = (struct path) {
719 .mnt = mi->mi_backing_dir_path.mnt,
720 .dentry = dentry
721 };
722 new_file = dentry_open(&path, O_RDWR | O_NOATIME | O_LARGEFILE,
723 current_cred());
724
725 if (IS_ERR(new_file)) {
726 error = PTR_ERR(new_file);
727 goto out;
728 }
729
730 bfc = incfs_alloc_bfc(mi, new_file);
731 fput(new_file);
732 if (IS_ERR(bfc)) {
733 error = PTR_ERR(bfc);
734 bfc = NULL;
735 goto out;
736 }
737
738 mutex_lock(&bfc->bc_mutex);
739 error = incfs_write_mapping_fh_to_backing_file(bfc, uuid, size, offset);
740 if (error)
741 goto out;
742
743 out:
744 if (bfc) {
745 mutex_unlock(&bfc->bc_mutex);
746 incfs_free_bfc(bfc);
747 }
748
749 if (error)
750 pr_debug("incfs: %s error: %d\n", __func__, error);
751 return error;
752 }
753
ioctl_create_mapped_file(struct file * file,void __user * arg)754 static long ioctl_create_mapped_file(struct file *file, void __user *arg)
755 {
756 struct mount_info *mi = get_mount_info(file_superblock(file));
757 struct incfs_create_mapped_file_args __user *args_usr_ptr = arg;
758 struct incfs_create_mapped_file_args args = {};
759 char *file_name;
760 int error = 0;
761 struct path parent_dir_path = {};
762 char *source_file_name = NULL;
763 struct dentry *source_file_dentry = NULL;
764 u64 source_file_size;
765 struct dentry *file_dentry = NULL;
766 struct inode *parent_inode;
767 __le64 size_attr_value;
768
769 if (copy_from_user(&args, args_usr_ptr, sizeof(args)) > 0)
770 return -EINVAL;
771
772 file_name = strndup_user(u64_to_user_ptr(args.file_name), PATH_MAX);
773 if (IS_ERR(file_name)) {
774 error = PTR_ERR(file_name);
775 file_name = NULL;
776 goto out;
777 }
778
779 error = validate_name(file_name);
780 if (error)
781 goto out;
782
783 if (args.source_offset % INCFS_DATA_FILE_BLOCK_SIZE) {
784 error = -EINVAL;
785 goto out;
786 }
787
788 /* Validate file mapping is in range */
789 source_file_name = file_id_to_str(args.source_file_id);
790 if (!source_file_name) {
791 pr_warn("Failed to alloc source_file_name\n");
792 error = -ENOMEM;
793 goto out;
794 }
795
796 source_file_dentry = incfs_lookup_dentry(mi->mi_index_dir,
797 source_file_name);
798 if (!source_file_dentry) {
799 pr_warn("Source file does not exist\n");
800 error = -EINVAL;
801 goto out;
802 }
803 if (IS_ERR(source_file_dentry)) {
804 pr_warn("Error opening source file\n");
805 error = PTR_ERR(source_file_dentry);
806 source_file_dentry = NULL;
807 goto out;
808 }
809 if (!d_really_is_positive(source_file_dentry)) {
810 pr_warn("Source file dentry negative\n");
811 error = -EINVAL;
812 goto out;
813 }
814
815 error = vfs_getxattr(source_file_dentry, INCFS_XATTR_SIZE_NAME,
816 (char *)&size_attr_value, sizeof(size_attr_value));
817 if (error < 0)
818 goto out;
819
820 if (error != sizeof(size_attr_value)) {
821 pr_warn("Mapped file has no size attr\n");
822 error = -EINVAL;
823 goto out;
824 }
825
826 source_file_size = le64_to_cpu(size_attr_value);
827 if (args.source_offset + args.size > source_file_size) {
828 pr_warn("Mapped file out of range\n");
829 error = -EINVAL;
830 goto out;
831 }
832
833 /* Find a directory to put the file into. */
834 error = dir_relative_path_resolve(mi,
835 u64_to_user_ptr(args.directory_path),
836 &parent_dir_path, NULL);
837 if (error)
838 goto out;
839
840 if (parent_dir_path.dentry == mi->mi_index_dir) {
841 /* Can't create a file directly inside .index */
842 error = -EBUSY;
843 goto out;
844 }
845
846 /* Look up a dentry in the parent dir. It should be negative. */
847 file_dentry = incfs_lookup_dentry(parent_dir_path.dentry,
848 file_name);
849 if (!file_dentry) {
850 error = -EFAULT;
851 goto out;
852 }
853 if (IS_ERR(file_dentry)) {
854 error = PTR_ERR(file_dentry);
855 file_dentry = NULL;
856 goto out;
857 }
858 if (d_really_is_positive(file_dentry)) {
859 error = -EEXIST;
860 goto out;
861 }
862
863 parent_inode = d_inode(parent_dir_path.dentry);
864 inode_lock_nested(parent_inode, I_MUTEX_PARENT);
865 error = vfs_create(parent_inode, file_dentry, args.mode | 0222, true);
866 inode_unlock(parent_inode);
867 if (error)
868 goto out;
869
870 error = chmod(file_dentry, args.mode | 0222);
871 if (error) {
872 pr_debug("incfs: chmod err: %d\n", error);
873 goto delete_file;
874 }
875
876 /* Save the file's size as an xattr for easy fetching in future. */
877 size_attr_value = cpu_to_le64(args.size);
878 error = vfs_setxattr(file_dentry, INCFS_XATTR_SIZE_NAME,
879 (char *)&size_attr_value, sizeof(size_attr_value),
880 XATTR_CREATE);
881 if (error) {
882 pr_debug("incfs: vfs_setxattr err:%d\n", error);
883 goto delete_file;
884 }
885
886 error = init_new_mapped_file(mi, file_dentry, &args.source_file_id,
887 args.size, args.source_offset);
888 if (error)
889 goto delete_file;
890
891 notify_create(file, u64_to_user_ptr(args.directory_path), file_name,
892 NULL, false);
893
894 goto out;
895
896 delete_file:
897 incfs_unlink(file_dentry);
898
899 out:
900 dput(file_dentry);
901 dput(source_file_dentry);
902 path_put(&parent_dir_path);
903 kfree(file_name);
904 kfree(source_file_name);
905 return error;
906 }
907
ioctl_get_read_timeouts(struct mount_info * mi,void __user * arg)908 static long ioctl_get_read_timeouts(struct mount_info *mi, void __user *arg)
909 {
910 struct incfs_get_read_timeouts_args __user *args_usr_ptr = arg;
911 struct incfs_get_read_timeouts_args args = {};
912 int error = 0;
913 struct incfs_per_uid_read_timeouts *buffer;
914 int size;
915
916 if (copy_from_user(&args, args_usr_ptr, sizeof(args)))
917 return -EINVAL;
918
919 if (args.timeouts_array_size > INCFS_DATA_FILE_BLOCK_SIZE)
920 return -EINVAL;
921
922 buffer = kzalloc(args.timeouts_array_size, GFP_NOFS);
923 if (!buffer)
924 return -ENOMEM;
925
926 spin_lock(&mi->mi_per_uid_read_timeouts_lock);
927 size = mi->mi_per_uid_read_timeouts_size;
928 if (args.timeouts_array_size < size)
929 error = -E2BIG;
930 else if (size)
931 memcpy(buffer, mi->mi_per_uid_read_timeouts, size);
932 spin_unlock(&mi->mi_per_uid_read_timeouts_lock);
933
934 args.timeouts_array_size_out = size;
935 if (!error && size)
936 if (copy_to_user(u64_to_user_ptr(args.timeouts_array), buffer,
937 size))
938 error = -EFAULT;
939
940 if (!error || error == -E2BIG)
941 if (copy_to_user(args_usr_ptr, &args, sizeof(args)) > 0)
942 error = -EFAULT;
943
944 kfree(buffer);
945 return error;
946 }
947
ioctl_set_read_timeouts(struct mount_info * mi,void __user * arg)948 static long ioctl_set_read_timeouts(struct mount_info *mi, void __user *arg)
949 {
950 struct incfs_set_read_timeouts_args __user *args_usr_ptr = arg;
951 struct incfs_set_read_timeouts_args args = {};
952 int error = 0;
953 int size;
954 struct incfs_per_uid_read_timeouts *buffer = NULL, *tmp;
955 int i;
956
957 if (copy_from_user(&args, args_usr_ptr, sizeof(args)))
958 return -EINVAL;
959
960 size = args.timeouts_array_size;
961 if (size) {
962 if (size > INCFS_DATA_FILE_BLOCK_SIZE ||
963 size % sizeof(*buffer) != 0)
964 return -EINVAL;
965
966 buffer = kzalloc(size, GFP_NOFS);
967 if (!buffer)
968 return -ENOMEM;
969
970 if (copy_from_user(buffer, u64_to_user_ptr(args.timeouts_array),
971 size)) {
972 error = -EINVAL;
973 goto out;
974 }
975
976 for (i = 0; i < size / sizeof(*buffer); ++i) {
977 struct incfs_per_uid_read_timeouts *t = &buffer[i];
978
979 if (t->min_pending_time_us > t->max_pending_time_us) {
980 error = -EINVAL;
981 goto out;
982 }
983 }
984 }
985
986 spin_lock(&mi->mi_per_uid_read_timeouts_lock);
987 mi->mi_per_uid_read_timeouts_size = size;
988 tmp = mi->mi_per_uid_read_timeouts;
989 mi->mi_per_uid_read_timeouts = buffer;
990 buffer = tmp;
991 spin_unlock(&mi->mi_per_uid_read_timeouts_lock);
992
993 out:
994 kfree(buffer);
995 return error;
996 }
997
ioctl_get_last_read_error(struct mount_info * mi,void __user * arg)998 static long ioctl_get_last_read_error(struct mount_info *mi, void __user *arg)
999 {
1000 struct incfs_get_last_read_error_args __user *args_usr_ptr = arg;
1001 struct incfs_get_last_read_error_args args = {};
1002 int error;
1003
1004 error = mutex_lock_interruptible(&mi->mi_le_mutex);
1005 if (error)
1006 return error;
1007
1008 args.file_id_out = mi->mi_le_file_id;
1009 args.time_us_out = mi->mi_le_time_us;
1010 args.page_out = mi->mi_le_page;
1011 args.errno_out = mi->mi_le_errno;
1012 args.uid_out = mi->mi_le_uid;
1013
1014 mutex_unlock(&mi->mi_le_mutex);
1015 if (copy_to_user(args_usr_ptr, &args, sizeof(args)) > 0)
1016 error = -EFAULT;
1017
1018 return error;
1019 }
1020
pending_reads_dispatch_ioctl(struct file * f,unsigned int req,unsigned long arg)1021 static long pending_reads_dispatch_ioctl(struct file *f, unsigned int req,
1022 unsigned long arg)
1023 {
1024 struct mount_info *mi = get_mount_info(file_superblock(f));
1025
1026 switch (req) {
1027 case INCFS_IOC_CREATE_FILE:
1028 return ioctl_create_file(f, (void __user *)arg);
1029 case INCFS_IOC_PERMIT_FILL:
1030 return ioctl_permit_fill(f, (void __user *)arg);
1031 case INCFS_IOC_CREATE_MAPPED_FILE:
1032 return ioctl_create_mapped_file(f, (void __user *)arg);
1033 case INCFS_IOC_GET_READ_TIMEOUTS:
1034 return ioctl_get_read_timeouts(mi, (void __user *)arg);
1035 case INCFS_IOC_SET_READ_TIMEOUTS:
1036 return ioctl_set_read_timeouts(mi, (void __user *)arg);
1037 case INCFS_IOC_GET_LAST_READ_ERROR:
1038 return ioctl_get_last_read_error(mi, (void __user *)arg);
1039 default:
1040 return -EINVAL;
1041 }
1042 }
1043
1044 static const struct file_operations incfs_pending_reads_file_ops = {
1045 .read = pending_reads_read,
1046 .poll = pending_reads_poll,
1047 .open = pending_reads_open,
1048 .release = pending_reads_release,
1049 .llseek = noop_llseek,
1050 .unlocked_ioctl = pending_reads_dispatch_ioctl,
1051 .compat_ioctl = pending_reads_dispatch_ioctl
1052 };
1053
1054 /*******************************************************************************
1055 * .log pseudo file definition
1056 ******************************************************************************/
1057 #define INCFS_LOG_INODE 3
1058 static const char log_file_name[] = INCFS_LOG_FILENAME;
1059
1060 /* State of an open .log file, unique for each file descriptor. */
1061 struct log_file_state {
1062 struct read_log_state state;
1063 };
1064
log_read(struct file * f,char __user * buf,size_t len,loff_t * ppos)1065 static ssize_t log_read(struct file *f, char __user *buf, size_t len,
1066 loff_t *ppos)
1067 {
1068 struct log_file_state *log_state = f->private_data;
1069 struct mount_info *mi = get_mount_info(file_superblock(f));
1070 int total_reads_collected = 0;
1071 int rl_size;
1072 ssize_t result = 0;
1073 bool report_uid;
1074 unsigned long page = 0;
1075 struct incfs_pending_read_info *reads_buf = NULL;
1076 struct incfs_pending_read_info2 *reads_buf2 = NULL;
1077 size_t record_size;
1078 ssize_t reads_to_collect;
1079 ssize_t reads_per_page;
1080
1081 if (!mi)
1082 return -EFAULT;
1083
1084 report_uid = mi->mi_options.report_uid;
1085 record_size = report_uid ? sizeof(*reads_buf2) : sizeof(*reads_buf);
1086 reads_to_collect = len / record_size;
1087 reads_per_page = PAGE_SIZE / record_size;
1088
1089 rl_size = READ_ONCE(mi->mi_log.rl_size);
1090 if (rl_size == 0)
1091 return 0;
1092
1093 page = __get_free_page(GFP_NOFS);
1094 if (!page)
1095 return -ENOMEM;
1096
1097 if (report_uid)
1098 reads_buf2 = (struct incfs_pending_read_info2 *)page;
1099 else
1100 reads_buf = (struct incfs_pending_read_info *)page;
1101
1102 reads_to_collect = min_t(ssize_t, rl_size, reads_to_collect);
1103 while (reads_to_collect > 0) {
1104 struct read_log_state next_state;
1105 int reads_collected;
1106
1107 memcpy(&next_state, &log_state->state, sizeof(next_state));
1108 reads_collected = incfs_collect_logged_reads(
1109 mi, &next_state, reads_buf, reads_buf2,
1110 min_t(ssize_t, reads_to_collect, reads_per_page));
1111 if (reads_collected <= 0) {
1112 result = total_reads_collected ?
1113 total_reads_collected * record_size :
1114 reads_collected;
1115 goto out;
1116 }
1117 if (copy_to_user(buf, (void *)page,
1118 reads_collected * record_size)) {
1119 result = total_reads_collected ?
1120 total_reads_collected * record_size :
1121 -EFAULT;
1122 goto out;
1123 }
1124
1125 memcpy(&log_state->state, &next_state, sizeof(next_state));
1126 total_reads_collected += reads_collected;
1127 buf += reads_collected * record_size;
1128 reads_to_collect -= reads_collected;
1129 }
1130
1131 result = total_reads_collected * record_size;
1132 *ppos = 0;
1133 out:
1134 free_page(page);
1135 return result;
1136 }
1137
log_poll(struct file * file,poll_table * wait)1138 static __poll_t log_poll(struct file *file, poll_table *wait)
1139 {
1140 struct log_file_state *log_state = file->private_data;
1141 struct mount_info *mi = get_mount_info(file_superblock(file));
1142 int count;
1143 __poll_t ret = 0;
1144
1145 poll_wait(file, &mi->mi_log.ml_notif_wq, wait);
1146 count = incfs_get_uncollected_logs_count(mi, &log_state->state);
1147 if (count >= mi->mi_options.read_log_wakeup_count)
1148 ret = EPOLLIN | EPOLLRDNORM;
1149
1150 return ret;
1151 }
1152
log_open(struct inode * inode,struct file * file)1153 static int log_open(struct inode *inode, struct file *file)
1154 {
1155 struct log_file_state *log_state = NULL;
1156 struct mount_info *mi = get_mount_info(file_superblock(file));
1157
1158 log_state = kzalloc(sizeof(*log_state), GFP_NOFS);
1159 if (!log_state)
1160 return -ENOMEM;
1161
1162 log_state->state = incfs_get_log_state(mi);
1163 file->private_data = log_state;
1164 return 0;
1165 }
1166
log_release(struct inode * inode,struct file * file)1167 static int log_release(struct inode *inode, struct file *file)
1168 {
1169 kfree(file->private_data);
1170 return 0;
1171 }
1172
1173 static const struct file_operations incfs_log_file_ops = {
1174 .read = log_read,
1175 .poll = log_poll,
1176 .open = log_open,
1177 .release = log_release,
1178 .llseek = noop_llseek,
1179 };
1180
1181 /*******************************************************************************
1182 * .blocks_written pseudo file definition
1183 ******************************************************************************/
1184 #define INCFS_BLOCKS_WRITTEN_INODE 4
1185 static const char blocks_written_file_name[] = INCFS_BLOCKS_WRITTEN_FILENAME;
1186
1187 /* State of an open .blocks_written file, unique for each file descriptor. */
1188 struct blocks_written_file_state {
1189 unsigned long blocks_written;
1190 };
1191
blocks_written_read(struct file * f,char __user * buf,size_t len,loff_t * ppos)1192 static ssize_t blocks_written_read(struct file *f, char __user *buf, size_t len,
1193 loff_t *ppos)
1194 {
1195 struct mount_info *mi = get_mount_info(file_superblock(f));
1196 struct blocks_written_file_state *state = f->private_data;
1197 unsigned long blocks_written;
1198 char string[21];
1199 int result = 0;
1200
1201 if (!mi)
1202 return -EFAULT;
1203
1204 blocks_written = atomic_read(&mi->mi_blocks_written);
1205 if (state->blocks_written == blocks_written)
1206 return 0;
1207
1208 result = snprintf(string, sizeof(string), "%lu", blocks_written);
1209 if (result > len)
1210 result = len;
1211 if (copy_to_user(buf, string, result))
1212 return -EFAULT;
1213
1214 state->blocks_written = blocks_written;
1215 return result;
1216 }
1217
blocks_written_poll(struct file * f,poll_table * wait)1218 static __poll_t blocks_written_poll(struct file *f, poll_table *wait)
1219 {
1220 struct mount_info *mi = get_mount_info(file_superblock(f));
1221 struct blocks_written_file_state *state = f->private_data;
1222 unsigned long blocks_written;
1223
1224 if (!mi)
1225 return 0;
1226
1227 poll_wait(f, &mi->mi_blocks_written_notif_wq, wait);
1228 blocks_written = atomic_read(&mi->mi_blocks_written);
1229 if (state->blocks_written == blocks_written)
1230 return 0;
1231
1232 return EPOLLIN | EPOLLRDNORM;
1233 }
1234
blocks_written_open(struct inode * inode,struct file * file)1235 static int blocks_written_open(struct inode *inode, struct file *file)
1236 {
1237 struct blocks_written_file_state *state =
1238 kzalloc(sizeof(*state), GFP_NOFS);
1239
1240 if (!state)
1241 return -ENOMEM;
1242
1243 state->blocks_written = -1;
1244 file->private_data = state;
1245 return 0;
1246 }
1247
blocks_written_release(struct inode * inode,struct file * file)1248 static int blocks_written_release(struct inode *inode, struct file *file)
1249 {
1250 kfree(file->private_data);
1251 return 0;
1252 }
1253
1254 static const struct file_operations incfs_blocks_written_file_ops = {
1255 .read = blocks_written_read,
1256 .poll = blocks_written_poll,
1257 .open = blocks_written_open,
1258 .release = blocks_written_release,
1259 .llseek = noop_llseek,
1260 };
1261
1262 /*******************************************************************************
1263 * Generic inode lookup functionality
1264 ******************************************************************************/
1265
1266 const struct mem_range incfs_pseudo_file_names[] = {
1267 { .data = (u8 *)pending_reads_file_name,
1268 .len = ARRAY_SIZE(pending_reads_file_name) - 1 },
1269 { .data = (u8 *)log_file_name, .len = ARRAY_SIZE(log_file_name) - 1 },
1270 { .data = (u8 *)blocks_written_file_name,
1271 .len = ARRAY_SIZE(blocks_written_file_name) - 1 }
1272 };
1273
1274 const unsigned long incfs_pseudo_file_inodes[] = { INCFS_PENDING_READS_INODE,
1275 INCFS_LOG_INODE,
1276 INCFS_BLOCKS_WRITTEN_INODE };
1277
1278 static const struct file_operations *const pseudo_file_operations[] = {
1279 &incfs_pending_reads_file_ops, &incfs_log_file_ops,
1280 &incfs_blocks_written_file_ops
1281 };
1282
is_pseudo_filename(struct mem_range name)1283 static bool is_pseudo_filename(struct mem_range name)
1284 {
1285 int i = 0;
1286
1287 for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i)
1288 if (incfs_equal_ranges(incfs_pseudo_file_names[i], name))
1289 return true;
1290 return false;
1291 }
1292
get_pseudo_inode(int ino,struct inode * inode)1293 static bool get_pseudo_inode(int ino, struct inode *inode)
1294 {
1295 int i = 0;
1296
1297 for (; i < ARRAY_SIZE(incfs_pseudo_file_inodes); ++i)
1298 if (ino == incfs_pseudo_file_inodes[i])
1299 break;
1300 if (i == ARRAY_SIZE(incfs_pseudo_file_inodes))
1301 return false;
1302
1303 inode->i_ctime = (struct timespec64){};
1304 inode->i_mtime = inode->i_ctime;
1305 inode->i_atime = inode->i_ctime;
1306 inode->i_size = 0;
1307 inode->i_ino = ino;
1308 inode->i_private = NULL;
1309 inode_init_owner(inode, NULL, S_IFREG | READ_WRITE_FILE_MODE);
1310 inode->i_op = &incfs_file_inode_ops;
1311 inode->i_fop = pseudo_file_operations[i];
1312 return true;
1313 }
1314
1315 struct inode_search {
1316 unsigned long ino;
1317 };
1318
inode_test(struct inode * inode,void * opaque)1319 static int inode_test(struct inode *inode, void *opaque)
1320 {
1321 struct inode_search *search = opaque;
1322
1323 return inode->i_ino == search->ino;
1324 }
1325
inode_set(struct inode * inode,void * opaque)1326 static int inode_set(struct inode *inode, void *opaque)
1327 {
1328 struct inode_search *search = opaque;
1329
1330 if (get_pseudo_inode(search->ino, inode))
1331 return 0;
1332
1333 /* Unknown inode requested. */
1334 return -EINVAL;
1335 }
1336
fetch_inode(struct super_block * sb,unsigned long ino)1337 static struct inode *fetch_inode(struct super_block *sb, unsigned long ino)
1338 {
1339 struct inode_search search = {
1340 .ino = ino
1341 };
1342 struct inode *inode = iget5_locked(sb, search.ino, inode_test,
1343 inode_set, &search);
1344
1345 if (!inode)
1346 return ERR_PTR(-ENOMEM);
1347
1348 if (inode->i_state & I_NEW)
1349 unlock_new_inode(inode);
1350
1351 return inode;
1352 }
1353
dir_lookup_pseudo_files(struct super_block * sb,struct dentry * dentry)1354 int dir_lookup_pseudo_files(struct super_block *sb, struct dentry *dentry)
1355 {
1356 struct mem_range name_range =
1357 range((u8 *)dentry->d_name.name, dentry->d_name.len);
1358 unsigned long ino;
1359 struct inode *inode;
1360 int i = 0;
1361
1362 for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i)
1363 if (incfs_equal_ranges(incfs_pseudo_file_names[i], name_range))
1364 break;
1365 if (i == ARRAY_SIZE(incfs_pseudo_file_names))
1366 return -ENOENT;
1367
1368 ino = incfs_pseudo_file_inodes[i];
1369
1370 inode = fetch_inode(sb, ino);
1371 if (IS_ERR(inode))
1372 return PTR_ERR(inode);
1373
1374 d_add(dentry, inode);
1375 return 0;
1376 }
1377
emit_pseudo_files(struct dir_context * ctx)1378 int emit_pseudo_files(struct dir_context *ctx)
1379 {
1380 loff_t i = ctx->pos;
1381
1382 for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i) {
1383 if (!dir_emit(ctx, incfs_pseudo_file_names[i].data,
1384 incfs_pseudo_file_names[i].len,
1385 incfs_pseudo_file_inodes[i], DT_REG))
1386 return -EINVAL;
1387
1388 ctx->pos++;
1389 }
1390 return 0;
1391 }
1392