1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright 2020 Google LLC
4 */
5
6 #include <linux/file.h>
7 #include <linux/fs.h>
8 #include <linux/fsnotify.h>
9 #include <linux/namei.h>
10 #include <linux/poll.h>
11 #include <linux/syscalls.h>
12 #include <linux/fdtable.h>
13
14 #include <uapi/linux/incrementalfs.h>
15
16 #include "pseudo_files.h"
17
18 #include "data_mgmt.h"
19 #include "format.h"
20 #include "integrity.h"
21 #include "vfs.h"
22
23 #define READ_WRITE_FILE_MODE 0666
24
25 static bool is_pseudo_filename(struct mem_range name);
26
27 /*******************************************************************************
28 * .pending_reads pseudo file definition
29 ******************************************************************************/
30 #define INCFS_PENDING_READS_INODE 2
31 static const char pending_reads_file_name[] = INCFS_PENDING_READS_FILENAME;
32
33 /* State of an open .pending_reads file, unique for each file descriptor. */
34 struct pending_reads_state {
35 /* A serial number of the last pending read obtained from this file. */
36 int last_pending_read_sn;
37 };
38
pending_reads_read(struct file * f,char __user * buf,size_t len,loff_t * ppos)39 static ssize_t pending_reads_read(struct file *f, char __user *buf, size_t len,
40 loff_t *ppos)
41 {
42 struct pending_reads_state *pr_state = f->private_data;
43 struct mount_info *mi = get_mount_info(file_superblock(f));
44 bool report_uid;
45 unsigned long page = 0;
46 struct incfs_pending_read_info *reads_buf = NULL;
47 struct incfs_pending_read_info2 *reads_buf2 = NULL;
48 size_t record_size;
49 size_t reads_to_collect;
50 int last_known_read_sn = READ_ONCE(pr_state->last_pending_read_sn);
51 int new_max_sn = last_known_read_sn;
52 int reads_collected = 0;
53 ssize_t result = 0;
54
55 if (!mi)
56 return -EFAULT;
57
58 report_uid = mi->mi_options.report_uid;
59 record_size = report_uid ? sizeof(*reads_buf2) : sizeof(*reads_buf);
60 reads_to_collect = len / record_size;
61
62 if (!incfs_fresh_pending_reads_exist(mi, last_known_read_sn))
63 return 0;
64
65 page = get_zeroed_page(GFP_NOFS);
66 if (!page)
67 return -ENOMEM;
68
69 if (report_uid)
70 reads_buf2 = (struct incfs_pending_read_info2 *) page;
71 else
72 reads_buf = (struct incfs_pending_read_info *) page;
73
74 reads_to_collect =
75 min_t(size_t, PAGE_SIZE / record_size, reads_to_collect);
76
77 reads_collected = incfs_collect_pending_reads(mi, last_known_read_sn,
78 reads_buf, reads_buf2, reads_to_collect,
79 &new_max_sn);
80
81 if (reads_collected < 0) {
82 result = reads_collected;
83 goto out;
84 }
85
86 /*
87 * Just to make sure that we don't accidentally copy more data
88 * to reads buffer than userspace can handle.
89 */
90 reads_collected = min_t(size_t, reads_collected, reads_to_collect);
91 result = reads_collected * record_size;
92
93 /* Copy reads info to the userspace buffer */
94 if (copy_to_user(buf, (void *)page, result)) {
95 result = -EFAULT;
96 goto out;
97 }
98
99 WRITE_ONCE(pr_state->last_pending_read_sn, new_max_sn);
100 *ppos = 0;
101
102 out:
103 free_page(page);
104 return result;
105 }
106
pending_reads_poll(struct file * file,poll_table * wait)107 static __poll_t pending_reads_poll(struct file *file, poll_table *wait)
108 {
109 struct pending_reads_state *state = file->private_data;
110 struct mount_info *mi = get_mount_info(file_superblock(file));
111 __poll_t ret = 0;
112
113 poll_wait(file, &mi->mi_pending_reads_notif_wq, wait);
114 if (incfs_fresh_pending_reads_exist(mi,
115 state->last_pending_read_sn))
116 ret = EPOLLIN | EPOLLRDNORM;
117
118 return ret;
119 }
120
pending_reads_open(struct inode * inode,struct file * file)121 static int pending_reads_open(struct inode *inode, struct file *file)
122 {
123 struct pending_reads_state *state = NULL;
124
125 state = kzalloc(sizeof(*state), GFP_NOFS);
126 if (!state)
127 return -ENOMEM;
128
129 file->private_data = state;
130 return 0;
131 }
132
pending_reads_release(struct inode * inode,struct file * file)133 static int pending_reads_release(struct inode *inode, struct file *file)
134 {
135 kfree(file->private_data);
136 return 0;
137 }
138
ioctl_permit_fill(struct file * f,void __user * arg)139 static long ioctl_permit_fill(struct file *f, void __user *arg)
140 {
141 struct incfs_permit_fill __user *usr_permit_fill = arg;
142 struct incfs_permit_fill permit_fill;
143 long error = 0;
144 struct file *file = NULL;
145 struct incfs_file_data *fd;
146
147 if (copy_from_user(&permit_fill, usr_permit_fill, sizeof(permit_fill)))
148 return -EFAULT;
149
150 file = fget(permit_fill.file_descriptor);
151 if (IS_ERR_OR_NULL(file)) {
152 if (!file)
153 return -ENOENT;
154
155 return PTR_ERR(file);
156 }
157
158 if (file->f_op != &incfs_file_ops) {
159 error = -EPERM;
160 goto out;
161 }
162
163 if (file->f_inode->i_sb != f->f_inode->i_sb) {
164 error = -EPERM;
165 goto out;
166 }
167
168 fd = file->private_data;
169
170 switch (fd->fd_fill_permission) {
171 case CANT_FILL:
172 fd->fd_fill_permission = CAN_FILL;
173 break;
174
175 case CAN_FILL:
176 pr_debug("CAN_FILL already set");
177 break;
178
179 default:
180 pr_warn("Invalid file private data");
181 error = -EFAULT;
182 goto out;
183 }
184
185 out:
186 fput(file);
187 return error;
188 }
189
chmod(struct dentry * dentry,umode_t mode)190 static int chmod(struct dentry *dentry, umode_t mode)
191 {
192 struct inode *inode = dentry->d_inode;
193 struct inode *delegated_inode = NULL;
194 struct iattr newattrs;
195 int error;
196
197 retry_deleg:
198 inode_lock(inode);
199 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
200 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
201 error = notify_change(&init_user_ns, dentry, &newattrs, &delegated_inode);
202 inode_unlock(inode);
203 if (delegated_inode) {
204 error = break_deleg_wait(&delegated_inode);
205 if (!error)
206 goto retry_deleg;
207 }
208 return error;
209 }
210
incfs_equal_ranges(struct mem_range lhs,struct mem_range rhs)211 static bool incfs_equal_ranges(struct mem_range lhs, struct mem_range rhs)
212 {
213 if (lhs.len != rhs.len)
214 return false;
215 return memcmp(lhs.data, rhs.data, lhs.len) == 0;
216 }
217
validate_name(char * file_name)218 static int validate_name(char *file_name)
219 {
220 struct mem_range name = range(file_name, strlen(file_name));
221 int i = 0;
222
223 if (name.len > INCFS_MAX_NAME_LEN)
224 return -ENAMETOOLONG;
225
226 if (is_pseudo_filename(name))
227 return -EINVAL;
228
229 for (i = 0; i < name.len; i++)
230 if (name.data[i] == '/')
231 return -EINVAL;
232
233 return 0;
234 }
235
dir_relative_path_resolve(struct mount_info * mi,const char __user * relative_path,struct path * result_path,struct path * base_path)236 static int dir_relative_path_resolve(
237 struct mount_info *mi,
238 const char __user *relative_path,
239 struct path *result_path,
240 struct path *base_path)
241 {
242 int dir_fd = get_unused_fd_flags(0);
243 struct file *dir_f = NULL;
244 int error = 0;
245
246 if (!base_path)
247 base_path = &mi->mi_backing_dir_path;
248
249 if (dir_fd < 0)
250 return dir_fd;
251
252 dir_f = dentry_open(base_path, O_RDONLY | O_NOATIME, current_cred());
253
254 if (IS_ERR(dir_f)) {
255 error = PTR_ERR(dir_f);
256 goto out;
257 }
258 fd_install(dir_fd, dir_f);
259
260 if (!relative_path) {
261 /* No relative path given, just return the base dir. */
262 *result_path = *base_path;
263 path_get(result_path);
264 goto out;
265 }
266
267 error = user_path_at_empty(dir_fd, relative_path,
268 LOOKUP_FOLLOW | LOOKUP_DIRECTORY, result_path, NULL);
269
270 out:
271 close_fd(dir_fd);
272 if (error)
273 pr_debug("Error: %d\n", error);
274 return error;
275 }
276
incfs_copy_signature_info_from_user(u8 __user * original,u64 size)277 static struct mem_range incfs_copy_signature_info_from_user(u8 __user *original,
278 u64 size)
279 {
280 u8 *result;
281
282 if (!original)
283 return range(NULL, 0);
284
285 if (size > INCFS_MAX_SIGNATURE_SIZE)
286 return range(ERR_PTR(-EFAULT), 0);
287
288 result = kzalloc(size, GFP_NOFS | __GFP_COMP);
289 if (!result)
290 return range(ERR_PTR(-ENOMEM), 0);
291
292 if (copy_from_user(result, original, size)) {
293 kfree(result);
294 return range(ERR_PTR(-EFAULT), 0);
295 }
296
297 return range(result, size);
298 }
299
init_new_file(struct mount_info * mi,struct dentry * dentry,incfs_uuid_t * uuid,u64 size,struct mem_range attr,u8 __user * user_signature_info,u64 signature_size)300 static int init_new_file(struct mount_info *mi, struct dentry *dentry,
301 incfs_uuid_t *uuid, u64 size, struct mem_range attr,
302 u8 __user *user_signature_info, u64 signature_size)
303 {
304 struct path path = {};
305 struct file *new_file;
306 int error = 0;
307 struct backing_file_context *bfc = NULL;
308 u32 block_count;
309 struct mem_range raw_signature = { NULL };
310 struct mtree *hash_tree = NULL;
311
312 if (!mi || !dentry || !uuid)
313 return -EFAULT;
314
315 /* Resize newly created file to its true size. */
316 path = (struct path) {
317 .mnt = mi->mi_backing_dir_path.mnt,
318 .dentry = dentry
319 };
320
321 new_file = dentry_open(&path, O_RDWR | O_NOATIME | O_LARGEFILE,
322 current_cred());
323
324 if (IS_ERR(new_file)) {
325 error = PTR_ERR(new_file);
326 goto out;
327 }
328
329 bfc = incfs_alloc_bfc(mi, new_file);
330 fput(new_file);
331 if (IS_ERR(bfc)) {
332 error = PTR_ERR(bfc);
333 bfc = NULL;
334 goto out;
335 }
336
337 mutex_lock(&bfc->bc_mutex);
338 error = incfs_write_fh_to_backing_file(bfc, uuid, size);
339 if (error)
340 goto out;
341
342 block_count = (u32)get_blocks_count_for_size(size);
343
344 if (user_signature_info) {
345 raw_signature = incfs_copy_signature_info_from_user(
346 user_signature_info, signature_size);
347
348 if (IS_ERR(raw_signature.data)) {
349 error = PTR_ERR(raw_signature.data);
350 raw_signature.data = NULL;
351 goto out;
352 }
353
354 hash_tree = incfs_alloc_mtree(raw_signature, block_count);
355 if (IS_ERR(hash_tree)) {
356 error = PTR_ERR(hash_tree);
357 hash_tree = NULL;
358 goto out;
359 }
360
361 error = incfs_write_signature_to_backing_file(bfc,
362 raw_signature, hash_tree->hash_tree_area_size,
363 NULL, NULL);
364 if (error)
365 goto out;
366
367 block_count += get_blocks_count_for_size(
368 hash_tree->hash_tree_area_size);
369 }
370
371 if (block_count)
372 error = incfs_write_blockmap_to_backing_file(bfc, block_count);
373
374 if (error)
375 goto out;
376
377 out:
378 if (bfc) {
379 mutex_unlock(&bfc->bc_mutex);
380 incfs_free_bfc(bfc);
381 }
382 incfs_free_mtree(hash_tree);
383 kfree(raw_signature.data);
384
385 if (error)
386 pr_debug("incfs: %s error: %d\n", __func__, error);
387 return error;
388 }
389
notify_create(struct file * pending_reads_file,const char __user * dir_name,const char * file_name,const char * file_id_str,bool incomplete_file)390 static void notify_create(struct file *pending_reads_file,
391 const char __user *dir_name, const char *file_name,
392 const char *file_id_str, bool incomplete_file)
393 {
394 struct mount_info *mi =
395 get_mount_info(file_superblock(pending_reads_file));
396 struct path base_path = {
397 .mnt = pending_reads_file->f_path.mnt,
398 .dentry = pending_reads_file->f_path.dentry->d_parent,
399 };
400 struct path dir_path = {};
401 struct dentry *file = NULL;
402 struct dentry *dir = NULL;
403 int error;
404
405 error = dir_relative_path_resolve(mi, dir_name, &dir_path, &base_path);
406 if (error)
407 goto out;
408
409 file = incfs_lookup_dentry(dir_path.dentry, file_name);
410 if (IS_ERR(file)) {
411 error = PTR_ERR(file);
412 file = NULL;
413 goto out;
414 }
415
416 fsnotify_create(d_inode(dir_path.dentry), file);
417
418 if (file_id_str) {
419 dir = incfs_lookup_dentry(base_path.dentry, INCFS_INDEX_NAME);
420 if (IS_ERR(dir)) {
421 error = PTR_ERR(dir);
422 dir = NULL;
423 goto out;
424 }
425
426 dput(file);
427 file = incfs_lookup_dentry(dir, file_id_str);
428 if (IS_ERR(file)) {
429 error = PTR_ERR(file);
430 file = NULL;
431 goto out;
432 }
433
434 fsnotify_create(d_inode(dir), file);
435
436 if (incomplete_file) {
437 dput(dir);
438 dir = incfs_lookup_dentry(base_path.dentry,
439 INCFS_INCOMPLETE_NAME);
440 if (IS_ERR(dir)) {
441 error = PTR_ERR(dir);
442 dir = NULL;
443 goto out;
444 }
445
446 dput(file);
447 file = incfs_lookup_dentry(dir, file_id_str);
448 if (IS_ERR(file)) {
449 error = PTR_ERR(file);
450 file = NULL;
451 goto out;
452 }
453
454 fsnotify_create(d_inode(dir), file);
455 }
456 }
457 out:
458 if (error)
459 pr_warn("%s failed with error %d\n", __func__, error);
460
461 dput(dir);
462 dput(file);
463 path_put(&dir_path);
464 }
465
ioctl_create_file(struct file * file,struct incfs_new_file_args __user * usr_args)466 static long ioctl_create_file(struct file *file,
467 struct incfs_new_file_args __user *usr_args)
468 {
469 struct mount_info *mi = get_mount_info(file_superblock(file));
470 struct incfs_new_file_args args;
471 char *file_id_str = NULL;
472 struct dentry *index_file_dentry = NULL;
473 struct dentry *named_file_dentry = NULL;
474 struct dentry *incomplete_file_dentry = NULL;
475 struct path parent_dir_path = {};
476 struct inode *index_dir_inode = NULL;
477 __le64 size_attr_value = 0;
478 char *file_name = NULL;
479 char *attr_value = NULL;
480 int error = 0;
481 bool locked = false;
482 bool index_linked = false;
483 bool name_linked = false;
484 bool incomplete_linked = false;
485
486 if (!mi || !mi->mi_index_dir || !mi->mi_incomplete_dir) {
487 error = -EFAULT;
488 goto out;
489 }
490
491 if (copy_from_user(&args, usr_args, sizeof(args)) > 0) {
492 error = -EFAULT;
493 goto out;
494 }
495
496 file_name = strndup_user(u64_to_user_ptr(args.file_name), PATH_MAX);
497 if (IS_ERR(file_name)) {
498 error = PTR_ERR(file_name);
499 file_name = NULL;
500 goto out;
501 }
502
503 error = validate_name(file_name);
504 if (error)
505 goto out;
506
507 file_id_str = file_id_to_str(args.file_id);
508 if (!file_id_str) {
509 error = -ENOMEM;
510 goto out;
511 }
512
513 error = mutex_lock_interruptible(&mi->mi_dir_struct_mutex);
514 if (error)
515 goto out;
516 locked = true;
517
518 /* Find a directory to put the file into. */
519 error = dir_relative_path_resolve(mi,
520 u64_to_user_ptr(args.directory_path),
521 &parent_dir_path, NULL);
522 if (error)
523 goto out;
524
525 if (parent_dir_path.dentry == mi->mi_index_dir) {
526 /* Can't create a file directly inside .index */
527 error = -EBUSY;
528 goto out;
529 }
530
531 if (parent_dir_path.dentry == mi->mi_incomplete_dir) {
532 /* Can't create a file directly inside .incomplete */
533 error = -EBUSY;
534 goto out;
535 }
536
537 /* Look up a dentry in the parent dir. It should be negative. */
538 named_file_dentry = incfs_lookup_dentry(parent_dir_path.dentry,
539 file_name);
540 if (!named_file_dentry) {
541 error = -EFAULT;
542 goto out;
543 }
544 if (IS_ERR(named_file_dentry)) {
545 error = PTR_ERR(named_file_dentry);
546 named_file_dentry = NULL;
547 goto out;
548 }
549 if (d_really_is_positive(named_file_dentry)) {
550 /* File with this path already exists. */
551 error = -EEXIST;
552 goto out;
553 }
554
555 /* Look up a dentry in the incomplete dir. It should be negative. */
556 incomplete_file_dentry = incfs_lookup_dentry(mi->mi_incomplete_dir,
557 file_id_str);
558 if (!incomplete_file_dentry) {
559 error = -EFAULT;
560 goto out;
561 }
562 if (IS_ERR(incomplete_file_dentry)) {
563 error = PTR_ERR(incomplete_file_dentry);
564 incomplete_file_dentry = NULL;
565 goto out;
566 }
567 if (d_really_is_positive(incomplete_file_dentry)) {
568 /* File with this path already exists. */
569 error = -EEXIST;
570 goto out;
571 }
572
573 /* Look up a dentry in the .index dir. It should be negative. */
574 index_file_dentry = incfs_lookup_dentry(mi->mi_index_dir, file_id_str);
575 if (!index_file_dentry) {
576 error = -EFAULT;
577 goto out;
578 }
579 if (IS_ERR(index_file_dentry)) {
580 error = PTR_ERR(index_file_dentry);
581 index_file_dentry = NULL;
582 goto out;
583 }
584 if (d_really_is_positive(index_file_dentry)) {
585 /* File with this ID already exists in index. */
586 error = -EEXIST;
587 goto out;
588 }
589
590 /* Creating a file in the .index dir. */
591 index_dir_inode = d_inode(mi->mi_index_dir);
592 inode_lock_nested(index_dir_inode, I_MUTEX_PARENT);
593 error = vfs_create(&init_user_ns, index_dir_inode, index_file_dentry,
594 args.mode | 0222, true);
595 inode_unlock(index_dir_inode);
596
597 if (error)
598 goto out;
599 if (!d_really_is_positive(index_file_dentry)) {
600 error = -EINVAL;
601 goto out;
602 }
603
604 error = chmod(index_file_dentry, args.mode | 0222);
605 if (error) {
606 pr_debug("incfs: chmod err: %d\n", error);
607 goto out;
608 }
609
610 /* Save the file's ID as an xattr for easy fetching in future. */
611 error = vfs_setxattr(&init_user_ns, index_file_dentry, INCFS_XATTR_ID_NAME,
612 file_id_str, strlen(file_id_str), XATTR_CREATE);
613 if (error) {
614 pr_debug("incfs: vfs_setxattr err:%d\n", error);
615 goto out;
616 }
617
618 /* Save the file's size as an xattr for easy fetching in future. */
619 size_attr_value = cpu_to_le64(args.size);
620 error = vfs_setxattr(&init_user_ns, index_file_dentry, INCFS_XATTR_SIZE_NAME,
621 (char *)&size_attr_value, sizeof(size_attr_value),
622 XATTR_CREATE);
623 if (error) {
624 pr_debug("incfs: vfs_setxattr err:%d\n", error);
625 goto out;
626 }
627
628 /* Save the file's attribute as an xattr */
629 if (args.file_attr_len && args.file_attr) {
630 if (args.file_attr_len > INCFS_MAX_FILE_ATTR_SIZE) {
631 error = -E2BIG;
632 goto out;
633 }
634
635 attr_value = kmalloc(args.file_attr_len, GFP_NOFS);
636 if (!attr_value) {
637 error = -ENOMEM;
638 goto out;
639 }
640
641 if (copy_from_user(attr_value,
642 u64_to_user_ptr(args.file_attr),
643 args.file_attr_len) > 0) {
644 error = -EFAULT;
645 goto out;
646 }
647
648 error = vfs_setxattr(&init_user_ns, index_file_dentry,
649 INCFS_XATTR_METADATA_NAME,
650 attr_value, args.file_attr_len,
651 XATTR_CREATE);
652
653 if (error)
654 goto out;
655 }
656
657 /* Initializing a newly created file. */
658 error = init_new_file(mi, index_file_dentry, &args.file_id, args.size,
659 range(attr_value, args.file_attr_len),
660 u64_to_user_ptr(args.signature_info),
661 args.signature_size);
662 if (error)
663 goto out;
664 index_linked = true;
665
666 /* Linking a file with its real name from the requested dir. */
667 error = incfs_link(index_file_dentry, named_file_dentry);
668 if (error)
669 goto out;
670 name_linked = true;
671
672 if (args.size) {
673 /* Linking a file with its incomplete entry */
674 error = incfs_link(index_file_dentry, incomplete_file_dentry);
675 if (error)
676 goto out;
677 incomplete_linked = true;
678 }
679
680 notify_create(file, u64_to_user_ptr(args.directory_path), file_name,
681 file_id_str, args.size != 0);
682
683 out:
684 if (error) {
685 pr_debug("incfs: %s err:%d\n", __func__, error);
686 if (index_linked)
687 incfs_unlink(index_file_dentry);
688 if (name_linked)
689 incfs_unlink(named_file_dentry);
690 if (incomplete_linked)
691 incfs_unlink(incomplete_file_dentry);
692 }
693
694 kfree(file_id_str);
695 kfree(file_name);
696 kfree(attr_value);
697 dput(named_file_dentry);
698 dput(index_file_dentry);
699 dput(incomplete_file_dentry);
700 path_put(&parent_dir_path);
701 if (locked)
702 mutex_unlock(&mi->mi_dir_struct_mutex);
703
704 return error;
705 }
706
init_new_mapped_file(struct mount_info * mi,struct dentry * dentry,incfs_uuid_t * uuid,u64 size,u64 offset)707 static int init_new_mapped_file(struct mount_info *mi, struct dentry *dentry,
708 incfs_uuid_t *uuid, u64 size, u64 offset)
709 {
710 struct path path = {};
711 struct file *new_file;
712 int error = 0;
713 struct backing_file_context *bfc = NULL;
714
715 if (!mi || !dentry || !uuid)
716 return -EFAULT;
717
718 /* Resize newly created file to its true size. */
719 path = (struct path) {
720 .mnt = mi->mi_backing_dir_path.mnt,
721 .dentry = dentry
722 };
723 new_file = dentry_open(&path, O_RDWR | O_NOATIME | O_LARGEFILE,
724 current_cred());
725
726 if (IS_ERR(new_file)) {
727 error = PTR_ERR(new_file);
728 goto out;
729 }
730
731 bfc = incfs_alloc_bfc(mi, new_file);
732 fput(new_file);
733 if (IS_ERR(bfc)) {
734 error = PTR_ERR(bfc);
735 bfc = NULL;
736 goto out;
737 }
738
739 mutex_lock(&bfc->bc_mutex);
740 error = incfs_write_mapping_fh_to_backing_file(bfc, uuid, size, offset);
741 if (error)
742 goto out;
743
744 out:
745 if (bfc) {
746 mutex_unlock(&bfc->bc_mutex);
747 incfs_free_bfc(bfc);
748 }
749
750 if (error)
751 pr_debug("incfs: %s error: %d\n", __func__, error);
752 return error;
753 }
754
ioctl_create_mapped_file(struct file * file,void __user * arg)755 static long ioctl_create_mapped_file(struct file *file, void __user *arg)
756 {
757 struct mount_info *mi = get_mount_info(file_superblock(file));
758 struct incfs_create_mapped_file_args __user *args_usr_ptr = arg;
759 struct incfs_create_mapped_file_args args = {};
760 char *file_name;
761 int error = 0;
762 struct path parent_dir_path = {};
763 char *source_file_name = NULL;
764 struct dentry *source_file_dentry = NULL;
765 u64 source_file_size;
766 struct dentry *file_dentry = NULL;
767 struct inode *parent_inode;
768 __le64 size_attr_value;
769
770 if (copy_from_user(&args, args_usr_ptr, sizeof(args)) > 0)
771 return -EINVAL;
772
773 file_name = strndup_user(u64_to_user_ptr(args.file_name), PATH_MAX);
774 if (IS_ERR(file_name)) {
775 error = PTR_ERR(file_name);
776 file_name = NULL;
777 goto out;
778 }
779
780 error = validate_name(file_name);
781 if (error)
782 goto out;
783
784 if (args.source_offset % INCFS_DATA_FILE_BLOCK_SIZE) {
785 error = -EINVAL;
786 goto out;
787 }
788
789 /* Validate file mapping is in range */
790 source_file_name = file_id_to_str(args.source_file_id);
791 if (!source_file_name) {
792 pr_warn("Failed to alloc source_file_name\n");
793 error = -ENOMEM;
794 goto out;
795 }
796
797 source_file_dentry = incfs_lookup_dentry(mi->mi_index_dir,
798 source_file_name);
799 if (!source_file_dentry) {
800 pr_warn("Source file does not exist\n");
801 error = -EINVAL;
802 goto out;
803 }
804 if (IS_ERR(source_file_dentry)) {
805 pr_warn("Error opening source file\n");
806 error = PTR_ERR(source_file_dentry);
807 source_file_dentry = NULL;
808 goto out;
809 }
810 if (!d_really_is_positive(source_file_dentry)) {
811 pr_warn("Source file dentry negative\n");
812 error = -EINVAL;
813 goto out;
814 }
815
816 error = vfs_getxattr(&init_user_ns, source_file_dentry, INCFS_XATTR_SIZE_NAME,
817 (char *)&size_attr_value, sizeof(size_attr_value));
818 if (error < 0)
819 goto out;
820
821 if (error != sizeof(size_attr_value)) {
822 pr_warn("Mapped file has no size attr\n");
823 error = -EINVAL;
824 goto out;
825 }
826
827 source_file_size = le64_to_cpu(size_attr_value);
828 if (args.source_offset + args.size > source_file_size) {
829 pr_warn("Mapped file out of range\n");
830 error = -EINVAL;
831 goto out;
832 }
833
834 /* Find a directory to put the file into. */
835 error = dir_relative_path_resolve(mi,
836 u64_to_user_ptr(args.directory_path),
837 &parent_dir_path, NULL);
838 if (error)
839 goto out;
840
841 if (parent_dir_path.dentry == mi->mi_index_dir) {
842 /* Can't create a file directly inside .index */
843 error = -EBUSY;
844 goto out;
845 }
846
847 /* Look up a dentry in the parent dir. It should be negative. */
848 file_dentry = incfs_lookup_dentry(parent_dir_path.dentry,
849 file_name);
850 if (!file_dentry) {
851 error = -EFAULT;
852 goto out;
853 }
854 if (IS_ERR(file_dentry)) {
855 error = PTR_ERR(file_dentry);
856 file_dentry = NULL;
857 goto out;
858 }
859 if (d_really_is_positive(file_dentry)) {
860 error = -EEXIST;
861 goto out;
862 }
863
864 parent_inode = d_inode(parent_dir_path.dentry);
865 inode_lock_nested(parent_inode, I_MUTEX_PARENT);
866 error = vfs_create(&init_user_ns, parent_inode, file_dentry,
867 args.mode | 0222, true);
868 inode_unlock(parent_inode);
869 if (error)
870 goto out;
871
872 error = chmod(file_dentry, args.mode | 0222);
873 if (error) {
874 pr_debug("incfs: chmod err: %d\n", error);
875 goto delete_file;
876 }
877
878 /* Save the file's size as an xattr for easy fetching in future. */
879 size_attr_value = cpu_to_le64(args.size);
880 error = vfs_setxattr(&init_user_ns, file_dentry, INCFS_XATTR_SIZE_NAME,
881 (char *)&size_attr_value, sizeof(size_attr_value),
882 XATTR_CREATE);
883 if (error) {
884 pr_debug("incfs: vfs_setxattr err:%d\n", error);
885 goto delete_file;
886 }
887
888 error = init_new_mapped_file(mi, file_dentry, &args.source_file_id,
889 args.size, args.source_offset);
890 if (error)
891 goto delete_file;
892
893 notify_create(file, u64_to_user_ptr(args.directory_path), file_name,
894 NULL, false);
895
896 goto out;
897
898 delete_file:
899 incfs_unlink(file_dentry);
900
901 out:
902 dput(file_dentry);
903 dput(source_file_dentry);
904 path_put(&parent_dir_path);
905 kfree(file_name);
906 kfree(source_file_name);
907 return error;
908 }
909
ioctl_get_read_timeouts(struct mount_info * mi,void __user * arg)910 static long ioctl_get_read_timeouts(struct mount_info *mi, void __user *arg)
911 {
912 struct incfs_get_read_timeouts_args __user *args_usr_ptr = arg;
913 struct incfs_get_read_timeouts_args args = {};
914 int error = 0;
915 struct incfs_per_uid_read_timeouts *buffer;
916 int size;
917
918 if (copy_from_user(&args, args_usr_ptr, sizeof(args)))
919 return -EINVAL;
920
921 if (args.timeouts_array_size > INCFS_DATA_FILE_BLOCK_SIZE)
922 return -EINVAL;
923
924 buffer = kzalloc(args.timeouts_array_size, GFP_NOFS);
925 if (!buffer)
926 return -ENOMEM;
927
928 spin_lock(&mi->mi_per_uid_read_timeouts_lock);
929 size = mi->mi_per_uid_read_timeouts_size;
930 if (args.timeouts_array_size < size)
931 error = -E2BIG;
932 else if (size)
933 memcpy(buffer, mi->mi_per_uid_read_timeouts, size);
934 spin_unlock(&mi->mi_per_uid_read_timeouts_lock);
935
936 args.timeouts_array_size_out = size;
937 if (!error && size)
938 if (copy_to_user(u64_to_user_ptr(args.timeouts_array), buffer,
939 size))
940 error = -EFAULT;
941
942 if (!error || error == -E2BIG)
943 if (copy_to_user(args_usr_ptr, &args, sizeof(args)) > 0)
944 error = -EFAULT;
945
946 kfree(buffer);
947 return error;
948 }
949
ioctl_set_read_timeouts(struct mount_info * mi,void __user * arg)950 static long ioctl_set_read_timeouts(struct mount_info *mi, void __user *arg)
951 {
952 struct incfs_set_read_timeouts_args __user *args_usr_ptr = arg;
953 struct incfs_set_read_timeouts_args args = {};
954 int error = 0;
955 int size;
956 struct incfs_per_uid_read_timeouts *buffer = NULL, *tmp;
957 int i;
958
959 if (copy_from_user(&args, args_usr_ptr, sizeof(args)))
960 return -EINVAL;
961
962 size = args.timeouts_array_size;
963 if (size) {
964 if (size > INCFS_DATA_FILE_BLOCK_SIZE ||
965 size % sizeof(*buffer) != 0)
966 return -EINVAL;
967
968 buffer = kzalloc(size, GFP_NOFS);
969 if (!buffer)
970 return -ENOMEM;
971
972 if (copy_from_user(buffer, u64_to_user_ptr(args.timeouts_array),
973 size)) {
974 error = -EINVAL;
975 goto out;
976 }
977
978 for (i = 0; i < size / sizeof(*buffer); ++i) {
979 struct incfs_per_uid_read_timeouts *t = &buffer[i];
980
981 if (t->min_pending_time_us > t->max_pending_time_us) {
982 error = -EINVAL;
983 goto out;
984 }
985 }
986 }
987
988 spin_lock(&mi->mi_per_uid_read_timeouts_lock);
989 mi->mi_per_uid_read_timeouts_size = size;
990 tmp = mi->mi_per_uid_read_timeouts;
991 mi->mi_per_uid_read_timeouts = buffer;
992 buffer = tmp;
993 spin_unlock(&mi->mi_per_uid_read_timeouts_lock);
994
995 out:
996 kfree(buffer);
997 return error;
998 }
999
ioctl_get_last_read_error(struct mount_info * mi,void __user * arg)1000 static long ioctl_get_last_read_error(struct mount_info *mi, void __user *arg)
1001 {
1002 struct incfs_get_last_read_error_args __user *args_usr_ptr = arg;
1003 struct incfs_get_last_read_error_args args = {};
1004 int error;
1005
1006 error = mutex_lock_interruptible(&mi->mi_le_mutex);
1007 if (error)
1008 return error;
1009
1010 args.file_id_out = mi->mi_le_file_id;
1011 args.time_us_out = mi->mi_le_time_us;
1012 args.page_out = mi->mi_le_page;
1013 args.errno_out = mi->mi_le_errno;
1014 args.uid_out = mi->mi_le_uid;
1015
1016 mutex_unlock(&mi->mi_le_mutex);
1017 if (copy_to_user(args_usr_ptr, &args, sizeof(args)) > 0)
1018 error = -EFAULT;
1019
1020 return error;
1021 }
1022
pending_reads_dispatch_ioctl(struct file * f,unsigned int req,unsigned long arg)1023 static long pending_reads_dispatch_ioctl(struct file *f, unsigned int req,
1024 unsigned long arg)
1025 {
1026 struct mount_info *mi = get_mount_info(file_superblock(f));
1027
1028 switch (req) {
1029 case INCFS_IOC_CREATE_FILE:
1030 return ioctl_create_file(f, (void __user *)arg);
1031 case INCFS_IOC_PERMIT_FILL:
1032 return ioctl_permit_fill(f, (void __user *)arg);
1033 case INCFS_IOC_CREATE_MAPPED_FILE:
1034 return ioctl_create_mapped_file(f, (void __user *)arg);
1035 case INCFS_IOC_GET_READ_TIMEOUTS:
1036 return ioctl_get_read_timeouts(mi, (void __user *)arg);
1037 case INCFS_IOC_SET_READ_TIMEOUTS:
1038 return ioctl_set_read_timeouts(mi, (void __user *)arg);
1039 case INCFS_IOC_GET_LAST_READ_ERROR:
1040 return ioctl_get_last_read_error(mi, (void __user *)arg);
1041 default:
1042 return -EINVAL;
1043 }
1044 }
1045
1046 static const struct file_operations incfs_pending_reads_file_ops = {
1047 .read = pending_reads_read,
1048 .poll = pending_reads_poll,
1049 .open = pending_reads_open,
1050 .release = pending_reads_release,
1051 .llseek = noop_llseek,
1052 .unlocked_ioctl = pending_reads_dispatch_ioctl,
1053 .compat_ioctl = pending_reads_dispatch_ioctl
1054 };
1055
1056 /*******************************************************************************
1057 * .log pseudo file definition
1058 ******************************************************************************/
1059 #define INCFS_LOG_INODE 3
1060 static const char log_file_name[] = INCFS_LOG_FILENAME;
1061
1062 /* State of an open .log file, unique for each file descriptor. */
1063 struct log_file_state {
1064 struct read_log_state state;
1065 };
1066
log_read(struct file * f,char __user * buf,size_t len,loff_t * ppos)1067 static ssize_t log_read(struct file *f, char __user *buf, size_t len,
1068 loff_t *ppos)
1069 {
1070 struct log_file_state *log_state = f->private_data;
1071 struct mount_info *mi = get_mount_info(file_superblock(f));
1072 int total_reads_collected = 0;
1073 int rl_size;
1074 ssize_t result = 0;
1075 bool report_uid;
1076 unsigned long page = 0;
1077 struct incfs_pending_read_info *reads_buf = NULL;
1078 struct incfs_pending_read_info2 *reads_buf2 = NULL;
1079 size_t record_size;
1080 ssize_t reads_to_collect;
1081 ssize_t reads_per_page;
1082
1083 if (!mi)
1084 return -EFAULT;
1085
1086 report_uid = mi->mi_options.report_uid;
1087 record_size = report_uid ? sizeof(*reads_buf2) : sizeof(*reads_buf);
1088 reads_to_collect = len / record_size;
1089 reads_per_page = PAGE_SIZE / record_size;
1090
1091 rl_size = READ_ONCE(mi->mi_log.rl_size);
1092 if (rl_size == 0)
1093 return 0;
1094
1095 page = __get_free_page(GFP_NOFS);
1096 if (!page)
1097 return -ENOMEM;
1098
1099 if (report_uid)
1100 reads_buf2 = (struct incfs_pending_read_info2 *)page;
1101 else
1102 reads_buf = (struct incfs_pending_read_info *)page;
1103
1104 reads_to_collect = min_t(ssize_t, rl_size, reads_to_collect);
1105 while (reads_to_collect > 0) {
1106 struct read_log_state next_state;
1107 int reads_collected;
1108
1109 memcpy(&next_state, &log_state->state, sizeof(next_state));
1110 reads_collected = incfs_collect_logged_reads(
1111 mi, &next_state, reads_buf, reads_buf2,
1112 min_t(ssize_t, reads_to_collect, reads_per_page));
1113 if (reads_collected <= 0) {
1114 result = total_reads_collected ?
1115 total_reads_collected * record_size :
1116 reads_collected;
1117 goto out;
1118 }
1119 if (copy_to_user(buf, (void *)page,
1120 reads_collected * record_size)) {
1121 result = total_reads_collected ?
1122 total_reads_collected * record_size :
1123 -EFAULT;
1124 goto out;
1125 }
1126
1127 memcpy(&log_state->state, &next_state, sizeof(next_state));
1128 total_reads_collected += reads_collected;
1129 buf += reads_collected * record_size;
1130 reads_to_collect -= reads_collected;
1131 }
1132
1133 result = total_reads_collected * record_size;
1134 *ppos = 0;
1135 out:
1136 free_page(page);
1137 return result;
1138 }
1139
log_poll(struct file * file,poll_table * wait)1140 static __poll_t log_poll(struct file *file, poll_table *wait)
1141 {
1142 struct log_file_state *log_state = file->private_data;
1143 struct mount_info *mi = get_mount_info(file_superblock(file));
1144 int count;
1145 __poll_t ret = 0;
1146
1147 poll_wait(file, &mi->mi_log.ml_notif_wq, wait);
1148 count = incfs_get_uncollected_logs_count(mi, &log_state->state);
1149 if (count >= mi->mi_options.read_log_wakeup_count)
1150 ret = EPOLLIN | EPOLLRDNORM;
1151
1152 return ret;
1153 }
1154
log_open(struct inode * inode,struct file * file)1155 static int log_open(struct inode *inode, struct file *file)
1156 {
1157 struct log_file_state *log_state = NULL;
1158 struct mount_info *mi = get_mount_info(file_superblock(file));
1159
1160 log_state = kzalloc(sizeof(*log_state), GFP_NOFS);
1161 if (!log_state)
1162 return -ENOMEM;
1163
1164 log_state->state = incfs_get_log_state(mi);
1165 file->private_data = log_state;
1166 return 0;
1167 }
1168
log_release(struct inode * inode,struct file * file)1169 static int log_release(struct inode *inode, struct file *file)
1170 {
1171 kfree(file->private_data);
1172 return 0;
1173 }
1174
1175 static const struct file_operations incfs_log_file_ops = {
1176 .read = log_read,
1177 .poll = log_poll,
1178 .open = log_open,
1179 .release = log_release,
1180 .llseek = noop_llseek,
1181 };
1182
1183 /*******************************************************************************
1184 * .blocks_written pseudo file definition
1185 ******************************************************************************/
1186 #define INCFS_BLOCKS_WRITTEN_INODE 4
1187 static const char blocks_written_file_name[] = INCFS_BLOCKS_WRITTEN_FILENAME;
1188
1189 /* State of an open .blocks_written file, unique for each file descriptor. */
1190 struct blocks_written_file_state {
1191 unsigned long blocks_written;
1192 };
1193
blocks_written_read(struct file * f,char __user * buf,size_t len,loff_t * ppos)1194 static ssize_t blocks_written_read(struct file *f, char __user *buf, size_t len,
1195 loff_t *ppos)
1196 {
1197 struct mount_info *mi = get_mount_info(file_superblock(f));
1198 struct blocks_written_file_state *state = f->private_data;
1199 unsigned long blocks_written;
1200 char string[21];
1201 int result = 0;
1202
1203 if (!mi)
1204 return -EFAULT;
1205
1206 blocks_written = atomic_read(&mi->mi_blocks_written);
1207 if (state->blocks_written == blocks_written)
1208 return 0;
1209
1210 result = snprintf(string, sizeof(string), "%lu", blocks_written);
1211 if (result > len)
1212 result = len;
1213 if (copy_to_user(buf, string, result))
1214 return -EFAULT;
1215
1216 state->blocks_written = blocks_written;
1217 return result;
1218 }
1219
blocks_written_poll(struct file * f,poll_table * wait)1220 static __poll_t blocks_written_poll(struct file *f, poll_table *wait)
1221 {
1222 struct mount_info *mi = get_mount_info(file_superblock(f));
1223 struct blocks_written_file_state *state = f->private_data;
1224 unsigned long blocks_written;
1225
1226 if (!mi)
1227 return 0;
1228
1229 poll_wait(f, &mi->mi_blocks_written_notif_wq, wait);
1230 blocks_written = atomic_read(&mi->mi_blocks_written);
1231 if (state->blocks_written == blocks_written)
1232 return 0;
1233
1234 return EPOLLIN | EPOLLRDNORM;
1235 }
1236
blocks_written_open(struct inode * inode,struct file * file)1237 static int blocks_written_open(struct inode *inode, struct file *file)
1238 {
1239 struct blocks_written_file_state *state =
1240 kzalloc(sizeof(*state), GFP_NOFS);
1241
1242 if (!state)
1243 return -ENOMEM;
1244
1245 state->blocks_written = -1;
1246 file->private_data = state;
1247 return 0;
1248 }
1249
blocks_written_release(struct inode * inode,struct file * file)1250 static int blocks_written_release(struct inode *inode, struct file *file)
1251 {
1252 kfree(file->private_data);
1253 return 0;
1254 }
1255
1256 static const struct file_operations incfs_blocks_written_file_ops = {
1257 .read = blocks_written_read,
1258 .poll = blocks_written_poll,
1259 .open = blocks_written_open,
1260 .release = blocks_written_release,
1261 .llseek = noop_llseek,
1262 };
1263
1264 /*******************************************************************************
1265 * Generic inode lookup functionality
1266 ******************************************************************************/
1267
1268 const struct mem_range incfs_pseudo_file_names[] = {
1269 { .data = (u8 *)pending_reads_file_name,
1270 .len = ARRAY_SIZE(pending_reads_file_name) - 1 },
1271 { .data = (u8 *)log_file_name, .len = ARRAY_SIZE(log_file_name) - 1 },
1272 { .data = (u8 *)blocks_written_file_name,
1273 .len = ARRAY_SIZE(blocks_written_file_name) - 1 }
1274 };
1275
1276 const unsigned long incfs_pseudo_file_inodes[] = { INCFS_PENDING_READS_INODE,
1277 INCFS_LOG_INODE,
1278 INCFS_BLOCKS_WRITTEN_INODE };
1279
1280 static const struct file_operations *const pseudo_file_operations[] = {
1281 &incfs_pending_reads_file_ops, &incfs_log_file_ops,
1282 &incfs_blocks_written_file_ops
1283 };
1284
is_pseudo_filename(struct mem_range name)1285 static bool is_pseudo_filename(struct mem_range name)
1286 {
1287 int i = 0;
1288
1289 for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i)
1290 if (incfs_equal_ranges(incfs_pseudo_file_names[i], name))
1291 return true;
1292 return false;
1293 }
1294
get_pseudo_inode(int ino,struct inode * inode)1295 static bool get_pseudo_inode(int ino, struct inode *inode)
1296 {
1297 int i = 0;
1298
1299 for (; i < ARRAY_SIZE(incfs_pseudo_file_inodes); ++i)
1300 if (ino == incfs_pseudo_file_inodes[i])
1301 break;
1302 if (i == ARRAY_SIZE(incfs_pseudo_file_inodes))
1303 return false;
1304
1305 inode->i_ctime = (struct timespec64){};
1306 inode->i_mtime = inode->i_ctime;
1307 inode->i_atime = inode->i_ctime;
1308 inode->i_size = 0;
1309 inode->i_ino = ino;
1310 inode->i_private = NULL;
1311 inode_init_owner(&init_user_ns, inode, NULL, S_IFREG | READ_WRITE_FILE_MODE);
1312 inode->i_op = &incfs_file_inode_ops;
1313 inode->i_fop = pseudo_file_operations[i];
1314 return true;
1315 }
1316
1317 struct inode_search {
1318 unsigned long ino;
1319 };
1320
inode_test(struct inode * inode,void * opaque)1321 static int inode_test(struct inode *inode, void *opaque)
1322 {
1323 struct inode_search *search = opaque;
1324
1325 return inode->i_ino == search->ino;
1326 }
1327
inode_set(struct inode * inode,void * opaque)1328 static int inode_set(struct inode *inode, void *opaque)
1329 {
1330 struct inode_search *search = opaque;
1331
1332 if (get_pseudo_inode(search->ino, inode))
1333 return 0;
1334
1335 /* Unknown inode requested. */
1336 return -EINVAL;
1337 }
1338
fetch_inode(struct super_block * sb,unsigned long ino)1339 static struct inode *fetch_inode(struct super_block *sb, unsigned long ino)
1340 {
1341 struct inode_search search = {
1342 .ino = ino
1343 };
1344 struct inode *inode = iget5_locked(sb, search.ino, inode_test,
1345 inode_set, &search);
1346
1347 if (!inode)
1348 return ERR_PTR(-ENOMEM);
1349
1350 if (inode->i_state & I_NEW)
1351 unlock_new_inode(inode);
1352
1353 return inode;
1354 }
1355
dir_lookup_pseudo_files(struct super_block * sb,struct dentry * dentry)1356 int dir_lookup_pseudo_files(struct super_block *sb, struct dentry *dentry)
1357 {
1358 struct mem_range name_range =
1359 range((u8 *)dentry->d_name.name, dentry->d_name.len);
1360 unsigned long ino;
1361 struct inode *inode;
1362 int i = 0;
1363
1364 for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i)
1365 if (incfs_equal_ranges(incfs_pseudo_file_names[i], name_range))
1366 break;
1367 if (i == ARRAY_SIZE(incfs_pseudo_file_names))
1368 return -ENOENT;
1369
1370 ino = incfs_pseudo_file_inodes[i];
1371
1372 inode = fetch_inode(sb, ino);
1373 if (IS_ERR(inode))
1374 return PTR_ERR(inode);
1375
1376 d_add(dentry, inode);
1377 return 0;
1378 }
1379
emit_pseudo_files(struct dir_context * ctx)1380 int emit_pseudo_files(struct dir_context *ctx)
1381 {
1382 loff_t i = ctx->pos;
1383
1384 for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i) {
1385 if (!dir_emit(ctx, incfs_pseudo_file_names[i].data,
1386 incfs_pseudo_file_names[i].len,
1387 incfs_pseudo_file_inodes[i], DT_REG))
1388 return -EINVAL;
1389
1390 ctx->pos++;
1391 }
1392 return 0;
1393 }
1394