1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright 2018 Google LLC
4 */
5
6 #include <linux/blkdev.h>
7 #include <linux/compat.h>
8 #include <linux/delay.h>
9 #include <linux/file.h>
10 #include <linux/fs.h>
11 #include <linux/fs_stack.h>
12 #include <linux/fsnotify.h>
13 #include <linux/fsverity.h>
14 #include <linux/mmap_lock.h>
15 #include <linux/namei.h>
16 #include <linux/pagemap.h>
17 #include <linux/parser.h>
18 #include <linux/seq_file.h>
19 #include <linux/backing-dev-defs.h>
20
21 #include <uapi/linux/incrementalfs.h>
22
23 #include "vfs.h"
24
25 #include "data_mgmt.h"
26 #include "format.h"
27 #include "internal.h"
28 #include "pseudo_files.h"
29 #include "sysfs.h"
30 #include "verity.h"
31
32 static int incfs_remount_fs(struct super_block *sb, int *flags, char *data);
33
34 static int dentry_revalidate(struct dentry *dentry, unsigned int flags);
35 static void dentry_release(struct dentry *d);
36
37 static int iterate_incfs_dir(struct file *file, struct dir_context *ctx);
38 static struct dentry *dir_lookup(struct inode *dir_inode,
39 struct dentry *dentry, unsigned int flags);
40 static int dir_mkdir(struct user_namespace *ns, struct inode *dir,
41 struct dentry *dentry, umode_t mode);
42 static int dir_unlink(struct inode *dir, struct dentry *dentry);
43 static int dir_link(struct dentry *old_dentry, struct inode *dir,
44 struct dentry *new_dentry);
45 static int dir_rmdir(struct inode *dir, struct dentry *dentry);
46 static int dir_rename(struct inode *old_dir, struct dentry *old_dentry,
47 struct inode *new_dir, struct dentry *new_dentry,
48 unsigned int flags);
49
50 static int file_open(struct inode *inode, struct file *file);
51 static int file_release(struct inode *inode, struct file *file);
52 static int read_single_page(struct file *f, struct page *page);
53 static long dispatch_ioctl(struct file *f, unsigned int req, unsigned long arg);
54
55 #ifdef CONFIG_COMPAT
56 static long incfs_compat_ioctl(struct file *file, unsigned int cmd,
57 unsigned long arg);
58 #endif
59
60 static struct inode *alloc_inode(struct super_block *sb);
61 static void free_inode(struct inode *inode);
62 static void evict_inode(struct inode *inode);
63
64 static int incfs_setattr(struct user_namespace *ns, struct dentry *dentry,
65 struct iattr *ia);
66 static int incfs_getattr(struct user_namespace *ns, const struct path *path,
67 struct kstat *stat, u32 request_mask,
68 unsigned int query_flags);
69 static ssize_t incfs_getxattr(struct dentry *d, const char *name,
70 void *value, size_t size);
71 static ssize_t incfs_setxattr(struct user_namespace *ns, struct dentry *d,
72 const char *name, const void *value, size_t size,
73 int flags);
74 static ssize_t incfs_listxattr(struct dentry *d, char *list, size_t size);
75
76 static int show_options(struct seq_file *, struct dentry *);
77
78 static const struct super_operations incfs_super_ops = {
79 .statfs = simple_statfs,
80 .remount_fs = incfs_remount_fs,
81 .alloc_inode = alloc_inode,
82 .destroy_inode = free_inode,
83 .evict_inode = evict_inode,
84 .show_options = show_options
85 };
86
dir_rename_wrap(struct user_namespace * ns,struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)87 static int dir_rename_wrap(struct user_namespace *ns, struct inode *old_dir,
88 struct dentry *old_dentry, struct inode *new_dir,
89 struct dentry *new_dentry, unsigned int flags)
90 {
91 return dir_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
92 }
93
94 static const struct inode_operations incfs_dir_inode_ops = {
95 .lookup = dir_lookup,
96 .mkdir = dir_mkdir,
97 .rename = dir_rename_wrap,
98 .unlink = dir_unlink,
99 .link = dir_link,
100 .rmdir = dir_rmdir,
101 .setattr = incfs_setattr,
102 };
103
104 static const struct file_operations incfs_dir_fops = {
105 .llseek = generic_file_llseek,
106 .read = generic_read_dir,
107 .iterate = iterate_incfs_dir,
108 .open = file_open,
109 .release = file_release,
110 };
111
112 static const struct dentry_operations incfs_dentry_ops = {
113 .d_revalidate = dentry_revalidate,
114 .d_release = dentry_release
115 };
116
117 static const struct address_space_operations incfs_address_space_ops = {
118 .readpage = read_single_page,
119 /* .readpages = readpages */
120 };
121
incfs_fault(struct vm_fault * vmf)122 static vm_fault_t incfs_fault(struct vm_fault *vmf)
123 {
124 vmf->flags &= ~FAULT_FLAG_ALLOW_RETRY;
125 return filemap_fault(vmf);
126 }
127
128 static const struct vm_operations_struct incfs_file_vm_ops = {
129 .fault = incfs_fault,
130 .map_pages = filemap_map_pages,
131 .page_mkwrite = filemap_page_mkwrite,
132 };
133
134 /* This is used for a general mmap of a disk file */
135
incfs_file_mmap(struct file * file,struct vm_area_struct * vma)136 static int incfs_file_mmap(struct file *file, struct vm_area_struct *vma)
137 {
138 struct address_space *mapping = file->f_mapping;
139
140 if (!mapping->a_ops->readpage)
141 return -ENOEXEC;
142 file_accessed(file);
143 vma->vm_ops = &incfs_file_vm_ops;
144 return 0;
145 }
146
147 const struct file_operations incfs_file_ops = {
148 .open = file_open,
149 .release = file_release,
150 .read_iter = generic_file_read_iter,
151 .mmap = incfs_file_mmap,
152 .splice_read = generic_file_splice_read,
153 .llseek = generic_file_llseek,
154 .unlocked_ioctl = dispatch_ioctl,
155 #ifdef CONFIG_COMPAT
156 .compat_ioctl = incfs_compat_ioctl,
157 #endif
158 };
159
160 const struct inode_operations incfs_file_inode_ops = {
161 .setattr = incfs_setattr,
162 .getattr = incfs_getattr,
163 .listxattr = incfs_listxattr
164 };
165
incfs_handler_getxattr(const struct xattr_handler * xh,struct dentry * d,struct inode * inode,const char * name,void * buffer,size_t size)166 static int incfs_handler_getxattr(const struct xattr_handler *xh,
167 struct dentry *d, struct inode *inode,
168 const char *name, void *buffer, size_t size)
169 {
170 return incfs_getxattr(d, name, buffer, size);
171 }
172
incfs_handler_setxattr(const struct xattr_handler * xh,struct user_namespace * ns,struct dentry * d,struct inode * inode,const char * name,const void * buffer,size_t size,int flags)173 static int incfs_handler_setxattr(const struct xattr_handler *xh,
174 struct user_namespace *ns,
175 struct dentry *d, struct inode *inode,
176 const char *name, const void *buffer,
177 size_t size, int flags)
178 {
179 return incfs_setxattr(ns, d, name, buffer, size, flags);
180 }
181
182 static const struct xattr_handler incfs_xattr_handler = {
183 .prefix = "", /* AKA all attributes */
184 .get = incfs_handler_getxattr,
185 .set = incfs_handler_setxattr,
186 };
187
188 static const struct xattr_handler *incfs_xattr_ops[] = {
189 &incfs_xattr_handler,
190 NULL,
191 };
192
193 struct inode_search {
194 unsigned long ino;
195
196 struct dentry *backing_dentry;
197
198 size_t size;
199
200 bool verity;
201 };
202
203 enum parse_parameter {
204 Opt_read_timeout,
205 Opt_readahead_pages,
206 Opt_rlog_pages,
207 Opt_rlog_wakeup_cnt,
208 Opt_report_uid,
209 Opt_sysfs_name,
210 Opt_err
211 };
212
213 static const match_table_t option_tokens = {
214 { Opt_read_timeout, "read_timeout_ms=%u" },
215 { Opt_readahead_pages, "readahead=%u" },
216 { Opt_rlog_pages, "rlog_pages=%u" },
217 { Opt_rlog_wakeup_cnt, "rlog_wakeup_cnt=%u" },
218 { Opt_report_uid, "report_uid" },
219 { Opt_sysfs_name, "sysfs_name=%s" },
220 { Opt_err, NULL }
221 };
222
free_options(struct mount_options * opts)223 static void free_options(struct mount_options *opts)
224 {
225 kfree(opts->sysfs_name);
226 opts->sysfs_name = NULL;
227 }
228
parse_options(struct mount_options * opts,char * str)229 static int parse_options(struct mount_options *opts, char *str)
230 {
231 substring_t args[MAX_OPT_ARGS];
232 int value;
233 char *position;
234
235 if (opts == NULL)
236 return -EFAULT;
237
238 *opts = (struct mount_options) {
239 .read_timeout_ms = 1000, /* Default: 1s */
240 .readahead_pages = 10,
241 .read_log_pages = 2,
242 .read_log_wakeup_count = 10,
243 };
244
245 if (str == NULL || *str == 0)
246 return 0;
247
248 while ((position = strsep(&str, ",")) != NULL) {
249 int token;
250
251 if (!*position)
252 continue;
253
254 token = match_token(position, option_tokens, args);
255
256 switch (token) {
257 case Opt_read_timeout:
258 if (match_int(&args[0], &value))
259 return -EINVAL;
260 if (value > 3600000)
261 return -EINVAL;
262 opts->read_timeout_ms = value;
263 break;
264 case Opt_readahead_pages:
265 if (match_int(&args[0], &value))
266 return -EINVAL;
267 opts->readahead_pages = value;
268 break;
269 case Opt_rlog_pages:
270 if (match_int(&args[0], &value))
271 return -EINVAL;
272 opts->read_log_pages = value;
273 break;
274 case Opt_rlog_wakeup_cnt:
275 if (match_int(&args[0], &value))
276 return -EINVAL;
277 opts->read_log_wakeup_count = value;
278 break;
279 case Opt_report_uid:
280 opts->report_uid = true;
281 break;
282 case Opt_sysfs_name:
283 opts->sysfs_name = match_strdup(&args[0]);
284 break;
285 default:
286 free_options(opts);
287 return -EINVAL;
288 }
289 }
290
291 return 0;
292 }
293
294 /* Read file size from the attribute. Quicker than reading the header */
read_size_attr(struct dentry * backing_dentry)295 static u64 read_size_attr(struct dentry *backing_dentry)
296 {
297 __le64 attr_value;
298 ssize_t bytes_read;
299
300 bytes_read = vfs_getxattr(&init_user_ns, backing_dentry, INCFS_XATTR_SIZE_NAME,
301 (char *)&attr_value, sizeof(attr_value));
302
303 if (bytes_read != sizeof(attr_value))
304 return 0;
305
306 return le64_to_cpu(attr_value);
307 }
308
309 /* Read verity flag from the attribute. Quicker than reading the header */
read_verity_attr(struct dentry * backing_dentry)310 static bool read_verity_attr(struct dentry *backing_dentry)
311 {
312 return vfs_getxattr(&init_user_ns, backing_dentry, INCFS_XATTR_VERITY_NAME, NULL, 0)
313 >= 0;
314 }
315
inode_test(struct inode * inode,void * opaque)316 static int inode_test(struct inode *inode, void *opaque)
317 {
318 struct inode_search *search = opaque;
319 struct inode_info *node = get_incfs_node(inode);
320 struct inode *backing_inode = d_inode(search->backing_dentry);
321
322 if (!node)
323 return 0;
324
325 return node->n_backing_inode == backing_inode &&
326 inode->i_ino == search->ino;
327 }
328
inode_set(struct inode * inode,void * opaque)329 static int inode_set(struct inode *inode, void *opaque)
330 {
331 struct inode_search *search = opaque;
332 struct inode_info *node = get_incfs_node(inode);
333 struct dentry *backing_dentry = search->backing_dentry;
334 struct inode *backing_inode = d_inode(backing_dentry);
335
336 fsstack_copy_attr_all(inode, backing_inode);
337 if (S_ISREG(inode->i_mode)) {
338 u64 size = search->size;
339
340 inode->i_size = size;
341 inode->i_blocks = get_blocks_count_for_size(size);
342 inode->i_mapping->a_ops = &incfs_address_space_ops;
343 inode->i_op = &incfs_file_inode_ops;
344 inode->i_fop = &incfs_file_ops;
345 inode->i_mode &= ~0222;
346 if (search->verity)
347 inode_set_flags(inode, S_VERITY, S_VERITY);
348 } else if (S_ISDIR(inode->i_mode)) {
349 inode->i_size = 0;
350 inode->i_blocks = 1;
351 inode->i_mapping->a_ops = &incfs_address_space_ops;
352 inode->i_op = &incfs_dir_inode_ops;
353 inode->i_fop = &incfs_dir_fops;
354 } else {
355 pr_warn_once("incfs: Unexpected inode type\n");
356 return -EBADF;
357 }
358
359 ihold(backing_inode);
360 node->n_backing_inode = backing_inode;
361 node->n_mount_info = get_mount_info(inode->i_sb);
362 inode->i_ctime = backing_inode->i_ctime;
363 inode->i_mtime = backing_inode->i_mtime;
364 inode->i_atime = backing_inode->i_atime;
365 inode->i_ino = backing_inode->i_ino;
366 if (backing_inode->i_ino < INCFS_START_INO_RANGE) {
367 pr_warn("incfs: ino conflict with backing FS %ld\n",
368 backing_inode->i_ino);
369 }
370
371 return 0;
372 }
373
fetch_regular_inode(struct super_block * sb,struct dentry * backing_dentry)374 static struct inode *fetch_regular_inode(struct super_block *sb,
375 struct dentry *backing_dentry)
376 {
377 struct inode *backing_inode = d_inode(backing_dentry);
378 struct inode_search search = {
379 .ino = backing_inode->i_ino,
380 .backing_dentry = backing_dentry,
381 .size = read_size_attr(backing_dentry),
382 .verity = read_verity_attr(backing_dentry),
383 };
384 struct inode *inode = iget5_locked(sb, search.ino, inode_test,
385 inode_set, &search);
386
387 if (!inode)
388 return ERR_PTR(-ENOMEM);
389
390 if (inode->i_state & I_NEW)
391 unlock_new_inode(inode);
392
393 return inode;
394 }
395
iterate_incfs_dir(struct file * file,struct dir_context * ctx)396 static int iterate_incfs_dir(struct file *file, struct dir_context *ctx)
397 {
398 struct dir_file *dir = get_incfs_dir_file(file);
399 int error = 0;
400 struct mount_info *mi = get_mount_info(file_superblock(file));
401 bool root;
402
403 if (!dir) {
404 error = -EBADF;
405 goto out;
406 }
407
408 root = dir->backing_dir->f_inode
409 == d_inode(mi->mi_backing_dir_path.dentry);
410
411 if (root) {
412 error = emit_pseudo_files(ctx);
413 if (error)
414 goto out;
415 }
416
417 ctx->pos -= PSEUDO_FILE_COUNT;
418 error = iterate_dir(dir->backing_dir, ctx);
419 ctx->pos += PSEUDO_FILE_COUNT;
420 file->f_pos = dir->backing_dir->f_pos;
421 out:
422 if (error)
423 pr_warn("incfs: %s %s %d\n", __func__,
424 file->f_path.dentry->d_name.name, error);
425 return error;
426 }
427
incfs_init_dentry(struct dentry * dentry,struct path * path)428 static int incfs_init_dentry(struct dentry *dentry, struct path *path)
429 {
430 struct dentry_info *d_info = NULL;
431
432 if (!dentry || !path)
433 return -EFAULT;
434
435 d_info = kzalloc(sizeof(*d_info), GFP_NOFS);
436 if (!d_info)
437 return -ENOMEM;
438
439 d_info->backing_path = *path;
440 path_get(path);
441
442 dentry->d_fsdata = d_info;
443 return 0;
444 }
445
open_or_create_special_dir(struct dentry * backing_dir,const char * name,bool * created)446 static struct dentry *open_or_create_special_dir(struct dentry *backing_dir,
447 const char *name,
448 bool *created)
449 {
450 struct dentry *index_dentry;
451 struct inode *backing_inode = d_inode(backing_dir);
452 int err = 0;
453
454 index_dentry = incfs_lookup_dentry(backing_dir, name);
455 if (!index_dentry) {
456 return ERR_PTR(-EINVAL);
457 } else if (IS_ERR(index_dentry)) {
458 return index_dentry;
459 } else if (d_really_is_positive(index_dentry)) {
460 /* Index already exists. */
461 *created = false;
462 return index_dentry;
463 }
464
465 /* Index needs to be created. */
466 inode_lock_nested(backing_inode, I_MUTEX_PARENT);
467 err = vfs_mkdir(&init_user_ns, backing_inode, index_dentry, 0777);
468 inode_unlock(backing_inode);
469
470 if (err) {
471 dput(index_dentry);
472 return ERR_PTR(err);
473 }
474
475 if (!d_really_is_positive(index_dentry) ||
476 unlikely(d_unhashed(index_dentry))) {
477 dput(index_dentry);
478 return ERR_PTR(-EINVAL);
479 }
480
481 *created = true;
482 return index_dentry;
483 }
484
read_single_page_timeouts(struct data_file * df,struct file * f,int block_index,struct mem_range range,struct mem_range tmp,unsigned int * delayed_min_us)485 static int read_single_page_timeouts(struct data_file *df, struct file *f,
486 int block_index, struct mem_range range,
487 struct mem_range tmp,
488 unsigned int *delayed_min_us)
489 {
490 struct mount_info *mi = df->df_mount_info;
491 struct incfs_read_data_file_timeouts timeouts = {
492 .max_pending_time_us = U32_MAX,
493 };
494 int uid = current_uid().val;
495 int i;
496
497 spin_lock(&mi->mi_per_uid_read_timeouts_lock);
498 for (i = 0; i < mi->mi_per_uid_read_timeouts_size /
499 sizeof(*mi->mi_per_uid_read_timeouts); ++i) {
500 struct incfs_per_uid_read_timeouts *t =
501 &mi->mi_per_uid_read_timeouts[i];
502
503 if(t->uid == uid) {
504 timeouts.min_time_us = t->min_time_us;
505 timeouts.min_pending_time_us = t->min_pending_time_us;
506 timeouts.max_pending_time_us = t->max_pending_time_us;
507 break;
508 }
509 }
510 spin_unlock(&mi->mi_per_uid_read_timeouts_lock);
511 if (timeouts.max_pending_time_us == U32_MAX) {
512 u64 read_timeout_us = (u64)mi->mi_options.read_timeout_ms *
513 1000;
514
515 timeouts.max_pending_time_us = read_timeout_us <= U32_MAX ?
516 read_timeout_us : U32_MAX;
517 }
518
519 return incfs_read_data_file_block(range, f, block_index, tmp,
520 &timeouts, delayed_min_us);
521 }
522
usleep_interruptible(u32 us)523 static int usleep_interruptible(u32 us)
524 {
525 /* See:
526 * https://www.kernel.org/doc/Documentation/timers/timers-howto.txt
527 * for explanation
528 */
529 if (us < 10) {
530 udelay(us);
531 return 0;
532 } else if (us < 20000) {
533 usleep_range(us, us + us / 10);
534 return 0;
535 } else
536 return msleep_interruptible(us / 1000);
537 }
538
read_single_page(struct file * f,struct page * page)539 static int read_single_page(struct file *f, struct page *page)
540 {
541 loff_t offset = 0;
542 loff_t size = 0;
543 ssize_t bytes_to_read = 0;
544 ssize_t read_result = 0;
545 struct data_file *df = get_incfs_data_file(f);
546 int result = 0;
547 void *page_start;
548 int block_index;
549 unsigned int delayed_min_us = 0;
550
551 if (!df) {
552 SetPageError(page);
553 unlock_page(page);
554 return -EBADF;
555 }
556
557 page_start = kmap(page);
558 offset = page_offset(page);
559 block_index = (offset + df->df_mapped_offset) /
560 INCFS_DATA_FILE_BLOCK_SIZE;
561 size = df->df_size;
562
563 if (offset < size) {
564 struct mem_range tmp = {
565 .len = 2 * INCFS_DATA_FILE_BLOCK_SIZE
566 };
567 tmp.data = (u8 *)__get_free_pages(GFP_NOFS, get_order(tmp.len));
568 if (!tmp.data) {
569 read_result = -ENOMEM;
570 goto err;
571 }
572 bytes_to_read = min_t(loff_t, size - offset, PAGE_SIZE);
573
574 read_result = read_single_page_timeouts(df, f, block_index,
575 range(page_start, bytes_to_read), tmp,
576 &delayed_min_us);
577
578 free_pages((unsigned long)tmp.data, get_order(tmp.len));
579 } else {
580 bytes_to_read = 0;
581 read_result = 0;
582 }
583
584 err:
585 if (read_result < 0)
586 result = read_result;
587 else if (read_result < PAGE_SIZE)
588 zero_user(page, read_result, PAGE_SIZE - read_result);
589
590 if (result == 0)
591 SetPageUptodate(page);
592 else
593 SetPageError(page);
594
595 flush_dcache_page(page);
596 kunmap(page);
597 unlock_page(page);
598 if (delayed_min_us)
599 usleep_interruptible(delayed_min_us);
600 return result;
601 }
602
incfs_link(struct dentry * what,struct dentry * where)603 int incfs_link(struct dentry *what, struct dentry *where)
604 {
605 struct dentry *parent_dentry = dget_parent(where);
606 struct inode *pinode = d_inode(parent_dentry);
607 int error = 0;
608
609 inode_lock_nested(pinode, I_MUTEX_PARENT);
610 error = vfs_link(what, &init_user_ns, pinode, where, NULL);
611 inode_unlock(pinode);
612
613 dput(parent_dentry);
614 return error;
615 }
616
incfs_unlink(struct dentry * dentry)617 int incfs_unlink(struct dentry *dentry)
618 {
619 struct dentry *parent_dentry = dget_parent(dentry);
620 struct inode *pinode = d_inode(parent_dentry);
621 int error = 0;
622
623 inode_lock_nested(pinode, I_MUTEX_PARENT);
624 error = vfs_unlink(&init_user_ns, pinode, dentry, NULL);
625 inode_unlock(pinode);
626
627 dput(parent_dentry);
628 return error;
629 }
630
incfs_rmdir(struct dentry * dentry)631 static int incfs_rmdir(struct dentry *dentry)
632 {
633 struct dentry *parent_dentry = dget_parent(dentry);
634 struct inode *pinode = d_inode(parent_dentry);
635 int error = 0;
636
637 inode_lock_nested(pinode, I_MUTEX_PARENT);
638 error = vfs_rmdir(&init_user_ns, pinode, dentry);
639 inode_unlock(pinode);
640
641 dput(parent_dentry);
642 return error;
643 }
644
notify_unlink(struct dentry * dentry,const char * file_id_str,const char * special_directory)645 static void notify_unlink(struct dentry *dentry, const char *file_id_str,
646 const char *special_directory)
647 {
648 struct dentry *root = dentry;
649 struct dentry *file = NULL;
650 struct dentry *dir = NULL;
651 int error = 0;
652 bool take_lock = root->d_parent != root->d_parent->d_parent;
653
654 while (root != root->d_parent)
655 root = root->d_parent;
656
657 if (take_lock)
658 dir = incfs_lookup_dentry(root, special_directory);
659 else
660 dir = lookup_one_len(special_directory, root,
661 strlen(special_directory));
662
663 if (IS_ERR(dir)) {
664 error = PTR_ERR(dir);
665 goto out;
666 }
667 if (d_is_negative(dir)) {
668 error = -ENOENT;
669 goto out;
670 }
671
672 file = incfs_lookup_dentry(dir, file_id_str);
673 if (IS_ERR(file)) {
674 error = PTR_ERR(file);
675 goto out;
676 }
677 if (d_is_negative(file)) {
678 error = -ENOENT;
679 goto out;
680 }
681
682 fsnotify_unlink(d_inode(dir), file);
683 d_delete(file);
684
685 out:
686 if (error)
687 pr_warn("%s failed with error %d\n", __func__, error);
688
689 dput(dir);
690 dput(file);
691 }
692
handle_file_completed(struct file * f,struct data_file * df)693 static void handle_file_completed(struct file *f, struct data_file *df)
694 {
695 struct backing_file_context *bfc;
696 struct mount_info *mi = df->df_mount_info;
697 char *file_id_str = NULL;
698 struct dentry *incomplete_file_dentry = NULL;
699 const struct cred *old_cred = override_creds(mi->mi_owner);
700 int error;
701
702 /* Truncate file to remove any preallocated space */
703 bfc = df->df_backing_file_context;
704 if (bfc) {
705 struct file *f = bfc->bc_file;
706
707 if (f) {
708 loff_t size = i_size_read(file_inode(f));
709
710 error = vfs_truncate(&f->f_path, size);
711 if (error)
712 /* No useful action on failure */
713 pr_warn("incfs: Failed to truncate complete file: %d\n",
714 error);
715 }
716 }
717
718 /* This is best effort - there is no useful action to take on failure */
719 file_id_str = file_id_to_str(df->df_id);
720 if (!file_id_str)
721 goto out;
722
723 incomplete_file_dentry = incfs_lookup_dentry(
724 df->df_mount_info->mi_incomplete_dir,
725 file_id_str);
726 if (!incomplete_file_dentry || IS_ERR(incomplete_file_dentry)) {
727 incomplete_file_dentry = NULL;
728 goto out;
729 }
730
731 if (!d_really_is_positive(incomplete_file_dentry))
732 goto out;
733
734 vfs_fsync(df->df_backing_file_context->bc_file, 0);
735 error = incfs_unlink(incomplete_file_dentry);
736 if (error) {
737 pr_warn("incfs: Deleting incomplete file failed: %d\n", error);
738 goto out;
739 }
740
741 notify_unlink(f->f_path.dentry, file_id_str, INCFS_INCOMPLETE_NAME);
742
743 out:
744 dput(incomplete_file_dentry);
745 kfree(file_id_str);
746 revert_creds(old_cred);
747 }
748
ioctl_fill_blocks(struct file * f,void __user * arg)749 static long ioctl_fill_blocks(struct file *f, void __user *arg)
750 {
751 struct incfs_fill_blocks __user *usr_fill_blocks = arg;
752 struct incfs_fill_blocks fill_blocks;
753 struct incfs_fill_block __user *usr_fill_block_array;
754 struct data_file *df = get_incfs_data_file(f);
755 struct incfs_file_data *fd = f->private_data;
756 const ssize_t data_buf_size = 2 * INCFS_DATA_FILE_BLOCK_SIZE;
757 u8 *data_buf = NULL;
758 ssize_t error = 0;
759 int i = 0;
760 bool complete = false;
761
762 if (!df)
763 return -EBADF;
764
765 if (!fd || fd->fd_fill_permission != CAN_FILL)
766 return -EPERM;
767
768 if (copy_from_user(&fill_blocks, usr_fill_blocks, sizeof(fill_blocks)))
769 return -EFAULT;
770
771 usr_fill_block_array = u64_to_user_ptr(fill_blocks.fill_blocks);
772 data_buf = (u8 *)__get_free_pages(GFP_NOFS | __GFP_COMP,
773 get_order(data_buf_size));
774 if (!data_buf)
775 return -ENOMEM;
776
777 for (i = 0; i < fill_blocks.count; i++) {
778 struct incfs_fill_block fill_block = {};
779
780 if (copy_from_user(&fill_block, &usr_fill_block_array[i],
781 sizeof(fill_block)) > 0) {
782 error = -EFAULT;
783 break;
784 }
785
786 if (fill_block.data_len > data_buf_size) {
787 error = -E2BIG;
788 break;
789 }
790
791 if (copy_from_user(data_buf, u64_to_user_ptr(fill_block.data),
792 fill_block.data_len) > 0) {
793 error = -EFAULT;
794 break;
795 }
796 fill_block.data = 0; /* To make sure nobody uses it. */
797 if (fill_block.flags & INCFS_BLOCK_FLAGS_HASH) {
798 error = incfs_process_new_hash_block(df, &fill_block,
799 data_buf);
800 } else {
801 error = incfs_process_new_data_block(df, &fill_block,
802 data_buf, &complete);
803 }
804 if (error)
805 break;
806 }
807
808 if (data_buf)
809 free_pages((unsigned long)data_buf, get_order(data_buf_size));
810
811 if (complete)
812 handle_file_completed(f, df);
813
814 /*
815 * Only report the error if no records were processed, otherwise
816 * just return how many were processed successfully.
817 */
818 if (i == 0)
819 return error;
820
821 return i;
822 }
823
ioctl_read_file_signature(struct file * f,void __user * arg)824 static long ioctl_read_file_signature(struct file *f, void __user *arg)
825 {
826 struct incfs_get_file_sig_args __user *args_usr_ptr = arg;
827 struct incfs_get_file_sig_args args = {};
828 u8 *sig_buffer = NULL;
829 size_t sig_buf_size = 0;
830 int error = 0;
831 int read_result = 0;
832 struct data_file *df = get_incfs_data_file(f);
833
834 if (!df)
835 return -EINVAL;
836
837 if (copy_from_user(&args, args_usr_ptr, sizeof(args)) > 0)
838 return -EINVAL;
839
840 sig_buf_size = args.file_signature_buf_size;
841 if (sig_buf_size > INCFS_MAX_SIGNATURE_SIZE)
842 return -E2BIG;
843
844 sig_buffer = kzalloc(sig_buf_size, GFP_NOFS | __GFP_COMP);
845 if (!sig_buffer)
846 return -ENOMEM;
847
848 read_result = incfs_read_file_signature(df,
849 range(sig_buffer, sig_buf_size));
850
851 if (read_result < 0) {
852 error = read_result;
853 goto out;
854 }
855
856 if (copy_to_user(u64_to_user_ptr(args.file_signature), sig_buffer,
857 read_result)) {
858 error = -EFAULT;
859 goto out;
860 }
861
862 args.file_signature_len_out = read_result;
863 if (copy_to_user(args_usr_ptr, &args, sizeof(args)))
864 error = -EFAULT;
865
866 out:
867 kfree(sig_buffer);
868
869 return error;
870 }
871
ioctl_get_filled_blocks(struct file * f,void __user * arg)872 static long ioctl_get_filled_blocks(struct file *f, void __user *arg)
873 {
874 struct incfs_get_filled_blocks_args __user *args_usr_ptr = arg;
875 struct incfs_get_filled_blocks_args args = {};
876 struct data_file *df = get_incfs_data_file(f);
877 struct incfs_file_data *fd = f->private_data;
878 int error;
879
880 if (!df || !fd)
881 return -EINVAL;
882
883 if (fd->fd_fill_permission != CAN_FILL)
884 return -EPERM;
885
886 if (copy_from_user(&args, args_usr_ptr, sizeof(args)) > 0)
887 return -EINVAL;
888
889 error = incfs_get_filled_blocks(df, fd, &args);
890
891 if (copy_to_user(args_usr_ptr, &args, sizeof(args)))
892 return -EFAULT;
893
894 return error;
895 }
896
ioctl_get_block_count(struct file * f,void __user * arg)897 static long ioctl_get_block_count(struct file *f, void __user *arg)
898 {
899 struct incfs_get_block_count_args __user *args_usr_ptr = arg;
900 struct incfs_get_block_count_args args = {};
901 struct data_file *df = get_incfs_data_file(f);
902
903 if (!df)
904 return -EINVAL;
905
906 args.total_data_blocks_out = df->df_data_block_count;
907 args.filled_data_blocks_out = atomic_read(&df->df_data_blocks_written);
908 args.total_hash_blocks_out = df->df_total_block_count -
909 df->df_data_block_count;
910 args.filled_hash_blocks_out = atomic_read(&df->df_hash_blocks_written);
911
912 if (copy_to_user(args_usr_ptr, &args, sizeof(args)))
913 return -EFAULT;
914
915 return 0;
916 }
917
incfs_ioctl_get_flags(struct file * f,void __user * arg)918 static int incfs_ioctl_get_flags(struct file *f, void __user *arg)
919 {
920 u32 flags = IS_VERITY(file_inode(f)) ? FS_VERITY_FL : 0;
921
922 return put_user(flags, (int __user *) arg);
923 }
924
dispatch_ioctl(struct file * f,unsigned int req,unsigned long arg)925 static long dispatch_ioctl(struct file *f, unsigned int req, unsigned long arg)
926 {
927 switch (req) {
928 case INCFS_IOC_FILL_BLOCKS:
929 return ioctl_fill_blocks(f, (void __user *)arg);
930 case INCFS_IOC_READ_FILE_SIGNATURE:
931 return ioctl_read_file_signature(f, (void __user *)arg);
932 case INCFS_IOC_GET_FILLED_BLOCKS:
933 return ioctl_get_filled_blocks(f, (void __user *)arg);
934 case INCFS_IOC_GET_BLOCK_COUNT:
935 return ioctl_get_block_count(f, (void __user *)arg);
936 case FS_IOC_ENABLE_VERITY:
937 return incfs_ioctl_enable_verity(f, (const void __user *)arg);
938 case FS_IOC_GETFLAGS:
939 return incfs_ioctl_get_flags(f, (void __user *) arg);
940 case FS_IOC_MEASURE_VERITY:
941 return incfs_ioctl_measure_verity(f, (void __user *)arg);
942 case FS_IOC_READ_VERITY_METADATA:
943 return incfs_ioctl_read_verity_metadata(f, (void __user *)arg);
944 default:
945 return -EINVAL;
946 }
947 }
948
949 #ifdef CONFIG_COMPAT
incfs_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)950 static long incfs_compat_ioctl(struct file *file, unsigned int cmd,
951 unsigned long arg)
952 {
953 switch (cmd) {
954 case FS_IOC32_GETFLAGS:
955 cmd = FS_IOC_GETFLAGS;
956 break;
957 case INCFS_IOC_FILL_BLOCKS:
958 case INCFS_IOC_READ_FILE_SIGNATURE:
959 case INCFS_IOC_GET_FILLED_BLOCKS:
960 case INCFS_IOC_GET_BLOCK_COUNT:
961 case FS_IOC_ENABLE_VERITY:
962 case FS_IOC_MEASURE_VERITY:
963 case FS_IOC_READ_VERITY_METADATA:
964 break;
965 default:
966 return -ENOIOCTLCMD;
967 }
968 return dispatch_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
969 }
970 #endif
971
dir_lookup(struct inode * dir_inode,struct dentry * dentry,unsigned int flags)972 static struct dentry *dir_lookup(struct inode *dir_inode, struct dentry *dentry,
973 unsigned int flags)
974 {
975 struct mount_info *mi = get_mount_info(dir_inode->i_sb);
976 struct dentry *dir_dentry = NULL;
977 struct dentry *backing_dentry = NULL;
978 struct path dir_backing_path = {};
979 struct inode_info *dir_info = get_incfs_node(dir_inode);
980 int err = 0;
981
982 if (!mi || !dir_info || !dir_info->n_backing_inode)
983 return ERR_PTR(-EBADF);
984
985 if (d_inode(mi->mi_backing_dir_path.dentry) ==
986 dir_info->n_backing_inode) {
987 /* We do lookup in the FS root. Show pseudo files. */
988 err = dir_lookup_pseudo_files(dir_inode->i_sb, dentry);
989 if (err != -ENOENT)
990 goto out;
991 err = 0;
992 }
993
994 dir_dentry = dget_parent(dentry);
995 get_incfs_backing_path(dir_dentry, &dir_backing_path);
996 backing_dentry = incfs_lookup_dentry(dir_backing_path.dentry,
997 dentry->d_name.name);
998
999 if (!backing_dentry || IS_ERR(backing_dentry)) {
1000 err = IS_ERR(backing_dentry)
1001 ? PTR_ERR(backing_dentry)
1002 : -EFAULT;
1003 backing_dentry = NULL;
1004 goto out;
1005 } else {
1006 struct inode *inode = NULL;
1007 struct path backing_path = {
1008 .mnt = dir_backing_path.mnt,
1009 .dentry = backing_dentry
1010 };
1011
1012 err = incfs_init_dentry(dentry, &backing_path);
1013 if (err)
1014 goto out;
1015
1016 if (!d_really_is_positive(backing_dentry)) {
1017 /*
1018 * No such entry found in the backing dir.
1019 * Create a negative entry.
1020 */
1021 d_add(dentry, NULL);
1022 err = 0;
1023 goto out;
1024 }
1025
1026 if (d_inode(backing_dentry)->i_sb !=
1027 dir_info->n_backing_inode->i_sb) {
1028 /*
1029 * Somehow after the path lookup we ended up in a
1030 * different fs mount. If we keep going it's going
1031 * to end badly.
1032 */
1033 err = -EXDEV;
1034 goto out;
1035 }
1036
1037 inode = fetch_regular_inode(dir_inode->i_sb, backing_dentry);
1038 if (IS_ERR(inode)) {
1039 err = PTR_ERR(inode);
1040 goto out;
1041 }
1042
1043 d_add(dentry, inode);
1044 }
1045
1046 out:
1047 dput(dir_dentry);
1048 dput(backing_dentry);
1049 path_put(&dir_backing_path);
1050 if (err)
1051 pr_debug("incfs: %s %s %d\n", __func__,
1052 dentry->d_name.name, err);
1053 return ERR_PTR(err);
1054 }
1055
dir_mkdir(struct user_namespace * ns,struct inode * dir,struct dentry * dentry,umode_t mode)1056 static int dir_mkdir(struct user_namespace *ns, struct inode *dir, struct dentry *dentry, umode_t mode)
1057 {
1058 struct mount_info *mi = get_mount_info(dir->i_sb);
1059 struct inode_info *dir_node = get_incfs_node(dir);
1060 struct dentry *backing_dentry = NULL;
1061 struct path backing_path = {};
1062 int err = 0;
1063
1064
1065 if (!mi || !dir_node || !dir_node->n_backing_inode)
1066 return -EBADF;
1067
1068 err = mutex_lock_interruptible(&mi->mi_dir_struct_mutex);
1069 if (err)
1070 return err;
1071
1072 get_incfs_backing_path(dentry, &backing_path);
1073 backing_dentry = backing_path.dentry;
1074
1075 if (!backing_dentry) {
1076 err = -EBADF;
1077 goto path_err;
1078 }
1079
1080 if (backing_dentry->d_parent == mi->mi_index_dir) {
1081 /* Can't create a subdir inside .index */
1082 err = -EBUSY;
1083 goto out;
1084 }
1085
1086 if (backing_dentry->d_parent == mi->mi_incomplete_dir) {
1087 /* Can't create a subdir inside .incomplete */
1088 err = -EBUSY;
1089 goto out;
1090 }
1091 inode_lock_nested(dir_node->n_backing_inode, I_MUTEX_PARENT);
1092 err = vfs_mkdir(ns, dir_node->n_backing_inode, backing_dentry, mode | 0222);
1093 inode_unlock(dir_node->n_backing_inode);
1094 if (!err) {
1095 struct inode *inode = NULL;
1096
1097 if (d_really_is_negative(backing_dentry) ||
1098 unlikely(d_unhashed(backing_dentry))) {
1099 err = -EINVAL;
1100 goto out;
1101 }
1102
1103 inode = fetch_regular_inode(dir->i_sb, backing_dentry);
1104 if (IS_ERR(inode)) {
1105 err = PTR_ERR(inode);
1106 goto out;
1107 }
1108 d_instantiate(dentry, inode);
1109 }
1110
1111 out:
1112 if (d_really_is_negative(dentry))
1113 d_drop(dentry);
1114 path_put(&backing_path);
1115
1116 path_err:
1117 mutex_unlock(&mi->mi_dir_struct_mutex);
1118 if (err)
1119 pr_debug("incfs: %s err:%d\n", __func__, err);
1120 return err;
1121 }
1122
1123 /*
1124 * Delete file referenced by backing_dentry and if appropriate its hardlink
1125 * from .index and .incomplete
1126 */
file_delete(struct mount_info * mi,struct dentry * dentry,struct dentry * backing_dentry,int nlink)1127 static int file_delete(struct mount_info *mi, struct dentry *dentry,
1128 struct dentry *backing_dentry, int nlink)
1129 {
1130 struct dentry *index_file_dentry = NULL;
1131 struct dentry *incomplete_file_dentry = NULL;
1132 /* 2 chars per byte of file ID + 1 char for \0 */
1133 char file_id_str[2 * sizeof(incfs_uuid_t) + 1] = {0};
1134 ssize_t uuid_size = 0;
1135 int error = 0;
1136
1137 WARN_ON(!mutex_is_locked(&mi->mi_dir_struct_mutex));
1138
1139 if (nlink > 3)
1140 goto just_unlink;
1141
1142 uuid_size = vfs_getxattr(&init_user_ns, backing_dentry, INCFS_XATTR_ID_NAME,
1143 file_id_str, 2 * sizeof(incfs_uuid_t));
1144 if (uuid_size < 0) {
1145 error = uuid_size;
1146 goto out;
1147 }
1148
1149 if (uuid_size != 2 * sizeof(incfs_uuid_t)) {
1150 error = -EBADMSG;
1151 goto out;
1152 }
1153
1154 index_file_dentry = incfs_lookup_dentry(mi->mi_index_dir, file_id_str);
1155 if (IS_ERR(index_file_dentry)) {
1156 error = PTR_ERR(index_file_dentry);
1157 index_file_dentry = NULL;
1158 goto out;
1159 }
1160
1161 if (d_really_is_positive(index_file_dentry) && nlink > 0)
1162 nlink--;
1163
1164 if (nlink > 2)
1165 goto just_unlink;
1166
1167 incomplete_file_dentry = incfs_lookup_dentry(mi->mi_incomplete_dir,
1168 file_id_str);
1169 if (IS_ERR(incomplete_file_dentry)) {
1170 error = PTR_ERR(incomplete_file_dentry);
1171 incomplete_file_dentry = NULL;
1172 goto out;
1173 }
1174
1175 if (d_really_is_positive(incomplete_file_dentry) && nlink > 0)
1176 nlink--;
1177
1178 if (nlink > 1)
1179 goto just_unlink;
1180
1181 if (d_really_is_positive(index_file_dentry)) {
1182 error = incfs_unlink(index_file_dentry);
1183 if (error)
1184 goto out;
1185 notify_unlink(dentry, file_id_str, INCFS_INDEX_NAME);
1186 }
1187
1188 if (d_really_is_positive(incomplete_file_dentry)) {
1189 error = incfs_unlink(incomplete_file_dentry);
1190 if (error)
1191 goto out;
1192 notify_unlink(dentry, file_id_str, INCFS_INCOMPLETE_NAME);
1193 }
1194
1195 just_unlink:
1196 error = incfs_unlink(backing_dentry);
1197
1198 out:
1199 dput(index_file_dentry);
1200 dput(incomplete_file_dentry);
1201 if (error)
1202 pr_debug("incfs: delete_file_from_index err:%d\n", error);
1203 return error;
1204 }
1205
dir_unlink(struct inode * dir,struct dentry * dentry)1206 static int dir_unlink(struct inode *dir, struct dentry *dentry)
1207 {
1208 struct mount_info *mi = get_mount_info(dir->i_sb);
1209 struct path backing_path = {};
1210 struct kstat stat;
1211 int err = 0;
1212
1213 if (!mi)
1214 return -EBADF;
1215
1216 err = mutex_lock_interruptible(&mi->mi_dir_struct_mutex);
1217 if (err)
1218 return err;
1219
1220 get_incfs_backing_path(dentry, &backing_path);
1221 if (!backing_path.dentry) {
1222 err = -EBADF;
1223 goto path_err;
1224 }
1225
1226 if (backing_path.dentry->d_parent == mi->mi_index_dir) {
1227 /* Direct unlink from .index are not allowed. */
1228 err = -EBUSY;
1229 goto out;
1230 }
1231
1232 if (backing_path.dentry->d_parent == mi->mi_incomplete_dir) {
1233 /* Direct unlink from .incomplete are not allowed. */
1234 err = -EBUSY;
1235 goto out;
1236 }
1237
1238 err = vfs_getattr(&backing_path, &stat, STATX_NLINK,
1239 AT_STATX_SYNC_AS_STAT);
1240 if (err)
1241 goto out;
1242
1243 err = file_delete(mi, dentry, backing_path.dentry, stat.nlink);
1244
1245 d_drop(dentry);
1246 out:
1247 path_put(&backing_path);
1248 path_err:
1249 if (err)
1250 pr_debug("incfs: %s err:%d\n", __func__, err);
1251 mutex_unlock(&mi->mi_dir_struct_mutex);
1252 return err;
1253 }
1254
dir_link(struct dentry * old_dentry,struct inode * dir,struct dentry * new_dentry)1255 static int dir_link(struct dentry *old_dentry, struct inode *dir,
1256 struct dentry *new_dentry)
1257 {
1258 struct mount_info *mi = get_mount_info(dir->i_sb);
1259 struct path backing_old_path = {};
1260 struct path backing_new_path = {};
1261 int error = 0;
1262
1263 if (!mi)
1264 return -EBADF;
1265
1266 error = mutex_lock_interruptible(&mi->mi_dir_struct_mutex);
1267 if (error)
1268 return error;
1269
1270 get_incfs_backing_path(old_dentry, &backing_old_path);
1271 get_incfs_backing_path(new_dentry, &backing_new_path);
1272
1273 if (backing_new_path.dentry->d_parent == mi->mi_index_dir) {
1274 /* Can't link to .index */
1275 error = -EBUSY;
1276 goto out;
1277 }
1278
1279 if (backing_new_path.dentry->d_parent == mi->mi_incomplete_dir) {
1280 /* Can't link to .incomplete */
1281 error = -EBUSY;
1282 goto out;
1283 }
1284
1285 error = incfs_link(backing_old_path.dentry, backing_new_path.dentry);
1286 if (!error) {
1287 struct inode *inode = NULL;
1288 struct dentry *bdentry = backing_new_path.dentry;
1289
1290 if (d_really_is_negative(bdentry)) {
1291 error = -EINVAL;
1292 goto out;
1293 }
1294
1295 inode = fetch_regular_inode(dir->i_sb, bdentry);
1296 if (IS_ERR(inode)) {
1297 error = PTR_ERR(inode);
1298 goto out;
1299 }
1300 d_instantiate(new_dentry, inode);
1301 }
1302
1303 out:
1304 path_put(&backing_old_path);
1305 path_put(&backing_new_path);
1306 if (error)
1307 pr_debug("incfs: %s err:%d\n", __func__, error);
1308 mutex_unlock(&mi->mi_dir_struct_mutex);
1309 return error;
1310 }
1311
dir_rmdir(struct inode * dir,struct dentry * dentry)1312 static int dir_rmdir(struct inode *dir, struct dentry *dentry)
1313 {
1314 struct mount_info *mi = get_mount_info(dir->i_sb);
1315 struct path backing_path = {};
1316 int err = 0;
1317
1318 if (!mi)
1319 return -EBADF;
1320
1321 err = mutex_lock_interruptible(&mi->mi_dir_struct_mutex);
1322 if (err)
1323 return err;
1324
1325 get_incfs_backing_path(dentry, &backing_path);
1326 if (!backing_path.dentry) {
1327 err = -EBADF;
1328 goto path_err;
1329 }
1330
1331 if (backing_path.dentry == mi->mi_index_dir) {
1332 /* Can't delete .index */
1333 err = -EBUSY;
1334 goto out;
1335 }
1336
1337 if (backing_path.dentry == mi->mi_incomplete_dir) {
1338 /* Can't delete .incomplete */
1339 err = -EBUSY;
1340 goto out;
1341 }
1342
1343 err = incfs_rmdir(backing_path.dentry);
1344 if (!err)
1345 d_drop(dentry);
1346 out:
1347 path_put(&backing_path);
1348
1349 path_err:
1350 if (err)
1351 pr_debug("incfs: %s err:%d\n", __func__, err);
1352 mutex_unlock(&mi->mi_dir_struct_mutex);
1353 return err;
1354 }
1355
dir_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)1356 static int dir_rename(struct inode *old_dir, struct dentry *old_dentry,
1357 struct inode *new_dir, struct dentry *new_dentry,
1358 unsigned int flags)
1359 {
1360 struct mount_info *mi = get_mount_info(old_dir->i_sb);
1361 struct dentry *backing_old_dentry;
1362 struct dentry *backing_new_dentry;
1363 struct dentry *backing_old_dir_dentry;
1364 struct dentry *backing_new_dir_dentry;
1365 struct inode *target_inode;
1366 struct dentry *trap;
1367 struct renamedata rd = {};
1368 int error = 0;
1369
1370 error = mutex_lock_interruptible(&mi->mi_dir_struct_mutex);
1371 if (error)
1372 return error;
1373
1374 backing_old_dentry = get_incfs_dentry(old_dentry)->backing_path.dentry;
1375
1376 if (!backing_old_dentry || backing_old_dentry == mi->mi_index_dir ||
1377 backing_old_dentry == mi->mi_incomplete_dir) {
1378 /* Renaming .index or .incomplete not allowed */
1379 error = -EBUSY;
1380 goto exit;
1381 }
1382
1383 backing_new_dentry = get_incfs_dentry(new_dentry)->backing_path.dentry;
1384 dget(backing_old_dentry);
1385 dget(backing_new_dentry);
1386
1387 backing_old_dir_dentry = dget_parent(backing_old_dentry);
1388 backing_new_dir_dentry = dget_parent(backing_new_dentry);
1389 target_inode = d_inode(new_dentry);
1390
1391 if (backing_old_dir_dentry == mi->mi_index_dir ||
1392 backing_old_dir_dentry == mi->mi_incomplete_dir) {
1393 /* Direct moves from .index or .incomplete are not allowed. */
1394 error = -EBUSY;
1395 goto out;
1396 }
1397
1398 trap = lock_rename(backing_old_dir_dentry, backing_new_dir_dentry);
1399
1400 if (trap == backing_old_dentry) {
1401 error = -EINVAL;
1402 goto unlock_out;
1403 }
1404 if (trap == backing_new_dentry) {
1405 error = -ENOTEMPTY;
1406 goto unlock_out;
1407 }
1408
1409 rd.old_dir = d_inode(backing_old_dir_dentry);
1410 rd.old_dentry = backing_old_dentry;
1411 rd.new_dir = d_inode(backing_new_dir_dentry);
1412 rd.new_dentry = backing_new_dentry;
1413 rd.flags = flags;
1414 rd.old_mnt_userns = &init_user_ns;
1415 rd.new_mnt_userns = &init_user_ns;
1416 rd.delegated_inode = NULL;
1417
1418 error = vfs_rename(&rd);
1419 if (error)
1420 goto unlock_out;
1421 if (target_inode)
1422 fsstack_copy_attr_all(target_inode,
1423 get_incfs_node(target_inode)->n_backing_inode);
1424 fsstack_copy_attr_all(new_dir, d_inode(backing_new_dir_dentry));
1425 if (new_dir != old_dir)
1426 fsstack_copy_attr_all(old_dir, d_inode(backing_old_dir_dentry));
1427
1428 unlock_out:
1429 unlock_rename(backing_old_dir_dentry, backing_new_dir_dentry);
1430
1431 out:
1432 dput(backing_new_dir_dentry);
1433 dput(backing_old_dir_dentry);
1434 dput(backing_new_dentry);
1435 dput(backing_old_dentry);
1436
1437 exit:
1438 mutex_unlock(&mi->mi_dir_struct_mutex);
1439 if (error)
1440 pr_debug("incfs: %s err:%d\n", __func__, error);
1441 return error;
1442 }
1443
1444
file_open(struct inode * inode,struct file * file)1445 static int file_open(struct inode *inode, struct file *file)
1446 {
1447 struct mount_info *mi = get_mount_info(inode->i_sb);
1448 struct file *backing_file = NULL;
1449 struct path backing_path = {};
1450 int err = 0;
1451 int flags = O_NOATIME | O_LARGEFILE |
1452 (S_ISDIR(inode->i_mode) ? O_RDONLY : O_RDWR);
1453 const struct cred *old_cred;
1454
1455 WARN_ON(file->private_data);
1456
1457 if (!mi)
1458 return -EBADF;
1459
1460 get_incfs_backing_path(file->f_path.dentry, &backing_path);
1461 if (!backing_path.dentry)
1462 return -EBADF;
1463
1464 old_cred = override_creds(mi->mi_owner);
1465 backing_file = dentry_open(&backing_path, flags, current_cred());
1466 revert_creds(old_cred);
1467 path_put(&backing_path);
1468
1469 if (IS_ERR(backing_file)) {
1470 err = PTR_ERR(backing_file);
1471 backing_file = NULL;
1472 goto out;
1473 }
1474
1475 if (S_ISREG(inode->i_mode)) {
1476 struct incfs_file_data *fd = kzalloc(sizeof(*fd), GFP_NOFS);
1477
1478 if (!fd) {
1479 err = -ENOMEM;
1480 goto out;
1481 }
1482
1483 *fd = (struct incfs_file_data) {
1484 .fd_fill_permission = CANT_FILL,
1485 };
1486 file->private_data = fd;
1487
1488 err = make_inode_ready_for_data_ops(mi, inode, backing_file);
1489 if (err)
1490 goto out;
1491
1492 err = incfs_fsverity_file_open(inode, file);
1493 if (err)
1494 goto out;
1495 } else if (S_ISDIR(inode->i_mode)) {
1496 struct dir_file *dir = NULL;
1497
1498 dir = incfs_open_dir_file(mi, backing_file);
1499 if (IS_ERR(dir))
1500 err = PTR_ERR(dir);
1501 else
1502 file->private_data = dir;
1503 } else
1504 err = -EBADF;
1505
1506 out:
1507 if (err) {
1508 pr_debug("name:%s err: %d\n",
1509 file->f_path.dentry->d_name.name, err);
1510 if (S_ISREG(inode->i_mode))
1511 kfree(file->private_data);
1512 else if (S_ISDIR(inode->i_mode))
1513 incfs_free_dir_file(file->private_data);
1514
1515 file->private_data = NULL;
1516 }
1517
1518 if (backing_file)
1519 fput(backing_file);
1520 return err;
1521 }
1522
file_release(struct inode * inode,struct file * file)1523 static int file_release(struct inode *inode, struct file *file)
1524 {
1525 if (S_ISREG(inode->i_mode)) {
1526 kfree(file->private_data);
1527 file->private_data = NULL;
1528 } else if (S_ISDIR(inode->i_mode)) {
1529 struct dir_file *dir = get_incfs_dir_file(file);
1530
1531 incfs_free_dir_file(dir);
1532 }
1533
1534 return 0;
1535 }
1536
dentry_revalidate(struct dentry * d,unsigned int flags)1537 static int dentry_revalidate(struct dentry *d, unsigned int flags)
1538 {
1539 struct path backing_path = {};
1540 struct inode_info *info = get_incfs_node(d_inode(d));
1541 struct inode *binode = (info == NULL) ? NULL : info->n_backing_inode;
1542 struct dentry *backing_dentry = NULL;
1543 int result = 0;
1544
1545 if (flags & LOOKUP_RCU)
1546 return -ECHILD;
1547
1548 get_incfs_backing_path(d, &backing_path);
1549 backing_dentry = backing_path.dentry;
1550 if (!backing_dentry)
1551 goto out;
1552
1553 if (d_inode(backing_dentry) != binode) {
1554 /*
1555 * Backing inodes obtained via dentry and inode don't match.
1556 * It indicates that most likely backing dir has changed
1557 * directly bypassing Incremental FS interface.
1558 */
1559 goto out;
1560 }
1561
1562 if (backing_dentry->d_flags & DCACHE_OP_REVALIDATE) {
1563 result = backing_dentry->d_op->d_revalidate(backing_dentry,
1564 flags);
1565 } else
1566 result = 1;
1567
1568 out:
1569 path_put(&backing_path);
1570 return result;
1571 }
1572
dentry_release(struct dentry * d)1573 static void dentry_release(struct dentry *d)
1574 {
1575 struct dentry_info *di = get_incfs_dentry(d);
1576
1577 if (di)
1578 path_put(&di->backing_path);
1579 kfree(d->d_fsdata);
1580 d->d_fsdata = NULL;
1581 }
1582
alloc_inode(struct super_block * sb)1583 static struct inode *alloc_inode(struct super_block *sb)
1584 {
1585 struct inode_info *node = kzalloc(sizeof(*node), GFP_NOFS);
1586
1587 /* TODO: add a slab-based cache here. */
1588 if (!node)
1589 return NULL;
1590 inode_init_once(&node->n_vfs_inode);
1591 return &node->n_vfs_inode;
1592 }
1593
free_inode(struct inode * inode)1594 static void free_inode(struct inode *inode)
1595 {
1596 struct inode_info *node = get_incfs_node(inode);
1597
1598 kfree(node);
1599 }
1600
evict_inode(struct inode * inode)1601 static void evict_inode(struct inode *inode)
1602 {
1603 struct inode_info *node = get_incfs_node(inode);
1604
1605 if (node) {
1606 if (node->n_backing_inode) {
1607 iput(node->n_backing_inode);
1608 node->n_backing_inode = NULL;
1609 }
1610 if (node->n_file) {
1611 incfs_free_data_file(node->n_file);
1612 node->n_file = NULL;
1613 }
1614 }
1615
1616 truncate_inode_pages(&inode->i_data, 0);
1617 clear_inode(inode);
1618 }
1619
incfs_setattr(struct user_namespace * ns,struct dentry * dentry,struct iattr * ia)1620 static int incfs_setattr(struct user_namespace *ns, struct dentry *dentry,
1621 struct iattr *ia)
1622 {
1623 struct dentry_info *di = get_incfs_dentry(dentry);
1624 struct dentry *backing_dentry;
1625 struct inode *backing_inode;
1626 int error;
1627
1628 if (ia->ia_valid & ATTR_SIZE)
1629 return -EINVAL;
1630
1631 if ((ia->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID)) &&
1632 (ia->ia_valid & ATTR_MODE))
1633 return -EINVAL;
1634
1635 if (!di)
1636 return -EINVAL;
1637 backing_dentry = di->backing_path.dentry;
1638 if (!backing_dentry)
1639 return -EINVAL;
1640
1641 backing_inode = d_inode(backing_dentry);
1642
1643 /* incfs files are readonly, but the backing files must be writeable */
1644 if (S_ISREG(backing_inode->i_mode)) {
1645 if ((ia->ia_valid & ATTR_MODE) && (ia->ia_mode & 0222))
1646 return -EINVAL;
1647
1648 ia->ia_mode |= 0222;
1649 }
1650
1651 inode_lock(d_inode(backing_dentry));
1652 error = notify_change(ns, backing_dentry, ia, NULL);
1653 inode_unlock(d_inode(backing_dentry));
1654
1655 if (error)
1656 return error;
1657
1658 if (S_ISREG(backing_inode->i_mode))
1659 ia->ia_mode &= ~0222;
1660
1661 return simple_setattr(ns, dentry, ia);
1662 }
1663
1664
incfs_getattr(struct user_namespace * ns,const struct path * path,struct kstat * stat,u32 request_mask,unsigned int query_flags)1665 static int incfs_getattr(struct user_namespace *ns, const struct path *path,
1666 struct kstat *stat, u32 request_mask,
1667 unsigned int query_flags)
1668 {
1669 struct inode *inode = d_inode(path->dentry);
1670
1671 generic_fillattr(ns, inode, stat);
1672
1673 if (inode->i_ino < INCFS_START_INO_RANGE)
1674 return 0;
1675
1676 stat->attributes &= ~STATX_ATTR_VERITY;
1677 if (IS_VERITY(inode))
1678 stat->attributes |= STATX_ATTR_VERITY;
1679 stat->attributes_mask |= STATX_ATTR_VERITY;
1680
1681 if (request_mask & STATX_BLOCKS) {
1682 struct kstat backing_kstat;
1683 struct dentry_info *di = get_incfs_dentry(path->dentry);
1684 int error = 0;
1685 struct path *backing_path;
1686
1687 if (!di)
1688 return -EFSCORRUPTED;
1689 backing_path = &di->backing_path;
1690 error = vfs_getattr(backing_path, &backing_kstat, STATX_BLOCKS,
1691 AT_STATX_SYNC_AS_STAT);
1692 if (error)
1693 return error;
1694
1695 stat->blocks = backing_kstat.blocks;
1696 }
1697
1698 return 0;
1699 }
1700
incfs_getxattr(struct dentry * d,const char * name,void * value,size_t size)1701 static ssize_t incfs_getxattr(struct dentry *d, const char *name,
1702 void *value, size_t size)
1703 {
1704 struct dentry_info *di = get_incfs_dentry(d);
1705 struct mount_info *mi = get_mount_info(d->d_sb);
1706 char *stored_value;
1707 size_t stored_size;
1708 int i;
1709
1710 if (di && di->backing_path.dentry)
1711 return vfs_getxattr(&init_user_ns, di->backing_path.dentry, name, value, size);
1712
1713 if (strcmp(name, "security.selinux"))
1714 return -ENODATA;
1715
1716 for (i = 0; i < PSEUDO_FILE_COUNT; ++i)
1717 if (!strcmp(d->d_iname, incfs_pseudo_file_names[i].data))
1718 break;
1719 if (i == PSEUDO_FILE_COUNT)
1720 return -ENODATA;
1721
1722 stored_value = mi->pseudo_file_xattr[i].data;
1723 stored_size = mi->pseudo_file_xattr[i].len;
1724 if (!stored_value)
1725 return -ENODATA;
1726
1727 if (stored_size > size)
1728 return -E2BIG;
1729
1730 memcpy(value, stored_value, stored_size);
1731 return stored_size;
1732 }
1733
1734
incfs_setxattr(struct user_namespace * ns,struct dentry * d,const char * name,const void * value,size_t size,int flags)1735 static ssize_t incfs_setxattr(struct user_namespace *ns, struct dentry *d,
1736 const char *name, const void *value, size_t size,
1737 int flags)
1738 {
1739 struct dentry_info *di = get_incfs_dentry(d);
1740 struct mount_info *mi = get_mount_info(d->d_sb);
1741 u8 **stored_value;
1742 size_t *stored_size;
1743 int i;
1744
1745 if (di && di->backing_path.dentry)
1746 return vfs_setxattr(ns, di->backing_path.dentry, name, value,
1747 size, flags);
1748
1749 if (strcmp(name, "security.selinux"))
1750 return -ENODATA;
1751
1752 if (size > INCFS_MAX_FILE_ATTR_SIZE)
1753 return -E2BIG;
1754
1755 for (i = 0; i < PSEUDO_FILE_COUNT; ++i)
1756 if (!strcmp(d->d_iname, incfs_pseudo_file_names[i].data))
1757 break;
1758 if (i == PSEUDO_FILE_COUNT)
1759 return -ENODATA;
1760
1761 stored_value = &mi->pseudo_file_xattr[i].data;
1762 stored_size = &mi->pseudo_file_xattr[i].len;
1763 kfree (*stored_value);
1764 *stored_value = kzalloc(size, GFP_NOFS);
1765 if (!*stored_value)
1766 return -ENOMEM;
1767
1768 memcpy(*stored_value, value, size);
1769 *stored_size = size;
1770 return 0;
1771 }
1772
incfs_listxattr(struct dentry * d,char * list,size_t size)1773 static ssize_t incfs_listxattr(struct dentry *d, char *list, size_t size)
1774 {
1775 struct dentry_info *di = get_incfs_dentry(d);
1776
1777 if (!di || !di->backing_path.dentry)
1778 return -ENODATA;
1779
1780 return vfs_listxattr(di->backing_path.dentry, list, size);
1781 }
1782
incfs_mount_fs(struct file_system_type * type,int flags,const char * dev_name,void * data)1783 struct dentry *incfs_mount_fs(struct file_system_type *type, int flags,
1784 const char *dev_name, void *data)
1785 {
1786 struct mount_options options = {};
1787 struct mount_info *mi = NULL;
1788 struct path backing_dir_path = {};
1789 struct dentry *index_dir = NULL;
1790 struct dentry *incomplete_dir = NULL;
1791 struct super_block *src_fs_sb = NULL;
1792 struct inode *root_inode = NULL;
1793 struct super_block *sb = sget(type, NULL, set_anon_super, flags, NULL);
1794 bool dir_created = false;
1795 int error = 0;
1796
1797 if (IS_ERR(sb))
1798 return ERR_CAST(sb);
1799
1800 sb->s_op = &incfs_super_ops;
1801 sb->s_d_op = &incfs_dentry_ops;
1802 sb->s_flags |= S_NOATIME;
1803 sb->s_magic = INCFS_MAGIC_NUMBER;
1804 sb->s_time_gran = 1;
1805 sb->s_blocksize = INCFS_DATA_FILE_BLOCK_SIZE;
1806 sb->s_blocksize_bits = blksize_bits(sb->s_blocksize);
1807 sb->s_xattr = incfs_xattr_ops;
1808
1809 BUILD_BUG_ON(PAGE_SIZE != INCFS_DATA_FILE_BLOCK_SIZE);
1810
1811 if (!dev_name) {
1812 pr_err("incfs: Backing dir is not set, filesystem can't be mounted.\n");
1813 error = -ENOENT;
1814 goto err_deactivate;
1815 }
1816
1817 error = parse_options(&options, (char *)data);
1818 if (error != 0) {
1819 pr_err("incfs: Options parsing error. %d\n", error);
1820 goto err_deactivate;
1821 }
1822
1823 sb->s_bdi->ra_pages = options.readahead_pages;
1824 if (!dev_name) {
1825 pr_err("incfs: Backing dir is not set, filesystem can't be mounted.\n");
1826 error = -ENOENT;
1827 goto err_free_opts;
1828 }
1829
1830 error = kern_path(dev_name, LOOKUP_FOLLOW | LOOKUP_DIRECTORY,
1831 &backing_dir_path);
1832 if (error || backing_dir_path.dentry == NULL ||
1833 !d_really_is_positive(backing_dir_path.dentry)) {
1834 pr_err("incfs: Error accessing: %s.\n",
1835 dev_name);
1836 goto err_free_opts;
1837 }
1838 src_fs_sb = backing_dir_path.dentry->d_sb;
1839 sb->s_maxbytes = src_fs_sb->s_maxbytes;
1840 sb->s_stack_depth = src_fs_sb->s_stack_depth + 1;
1841
1842 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
1843 error = -EINVAL;
1844 goto err_put_path;
1845 }
1846
1847 mi = incfs_alloc_mount_info(sb, &options, &backing_dir_path);
1848 if (IS_ERR_OR_NULL(mi)) {
1849 error = PTR_ERR(mi);
1850 pr_err("incfs: Error allocating mount info. %d\n", error);
1851 goto err_put_path;
1852 }
1853
1854 sb->s_fs_info = mi;
1855 mi->mi_backing_dir_path = backing_dir_path;
1856 index_dir = open_or_create_special_dir(backing_dir_path.dentry,
1857 INCFS_INDEX_NAME, &dir_created);
1858 if (IS_ERR_OR_NULL(index_dir)) {
1859 error = PTR_ERR(index_dir);
1860 pr_err("incfs: Can't find or create .index dir in %s\n",
1861 dev_name);
1862 /* No need to null index_dir since we don't put it */
1863 goto err_put_path;
1864 }
1865
1866 mi->mi_index_dir = index_dir;
1867 mi->mi_index_free = dir_created;
1868
1869 incomplete_dir = open_or_create_special_dir(backing_dir_path.dentry,
1870 INCFS_INCOMPLETE_NAME,
1871 &dir_created);
1872 if (IS_ERR_OR_NULL(incomplete_dir)) {
1873 error = PTR_ERR(incomplete_dir);
1874 pr_err("incfs: Can't find or create .incomplete dir in %s\n",
1875 dev_name);
1876 /* No need to null incomplete_dir since we don't put it */
1877 goto err_put_path;
1878 }
1879 mi->mi_incomplete_dir = incomplete_dir;
1880 mi->mi_incomplete_free = dir_created;
1881
1882 root_inode = fetch_regular_inode(sb, backing_dir_path.dentry);
1883 if (IS_ERR(root_inode)) {
1884 error = PTR_ERR(root_inode);
1885 goto err_put_path;
1886 }
1887
1888 sb->s_root = d_make_root(root_inode);
1889 if (!sb->s_root) {
1890 error = -ENOMEM;
1891 goto err_put_path;
1892 }
1893 error = incfs_init_dentry(sb->s_root, &backing_dir_path);
1894 if (error)
1895 goto err_put_path;
1896
1897 path_put(&backing_dir_path);
1898 sb->s_flags |= SB_ACTIVE;
1899
1900 pr_debug("incfs: mount\n");
1901 return dget(sb->s_root);
1902
1903 err_put_path:
1904 path_put(&backing_dir_path);
1905 err_free_opts:
1906 free_options(&options);
1907 err_deactivate:
1908 deactivate_locked_super(sb);
1909 pr_err("incfs: mount failed %d\n", error);
1910 return ERR_PTR(error);
1911 }
1912
incfs_remount_fs(struct super_block * sb,int * flags,char * data)1913 static int incfs_remount_fs(struct super_block *sb, int *flags, char *data)
1914 {
1915 struct mount_options options;
1916 struct mount_info *mi = get_mount_info(sb);
1917 int err = 0;
1918
1919 sync_filesystem(sb);
1920 err = parse_options(&options, (char *)data);
1921 if (err)
1922 return err;
1923
1924 if (options.report_uid != mi->mi_options.report_uid) {
1925 pr_err("incfs: Can't change report_uid mount option on remount\n");
1926 err = -EOPNOTSUPP;
1927 goto out;
1928 }
1929
1930 err = incfs_realloc_mount_info(mi, &options);
1931 if (err)
1932 goto out;
1933
1934 pr_debug("incfs: remount\n");
1935
1936 out:
1937 free_options(&options);
1938 return err;
1939 }
1940
incfs_kill_sb(struct super_block * sb)1941 void incfs_kill_sb(struct super_block *sb)
1942 {
1943 struct mount_info *mi = sb->s_fs_info;
1944 struct inode *dinode = NULL;
1945
1946 pr_debug("incfs: unmount\n");
1947
1948 /*
1949 * We must kill the super before freeing mi, since killing the super
1950 * triggers inode eviction, which triggers the final update of the
1951 * backing file, which uses certain information for mi
1952 */
1953 kill_anon_super(sb);
1954
1955 if (mi) {
1956 if (mi->mi_backing_dir_path.dentry)
1957 dinode = d_inode(mi->mi_backing_dir_path.dentry);
1958
1959 if (dinode) {
1960 if (mi->mi_index_dir && mi->mi_index_free)
1961 vfs_rmdir(&init_user_ns, dinode,
1962 mi->mi_index_dir);
1963
1964 if (mi->mi_incomplete_dir && mi->mi_incomplete_free)
1965 vfs_rmdir(&init_user_ns, dinode,
1966 mi->mi_incomplete_dir);
1967 }
1968
1969 incfs_free_mount_info(mi);
1970 sb->s_fs_info = NULL;
1971 }
1972 }
1973
show_options(struct seq_file * m,struct dentry * root)1974 static int show_options(struct seq_file *m, struct dentry *root)
1975 {
1976 struct mount_info *mi = get_mount_info(root->d_sb);
1977
1978 seq_printf(m, ",read_timeout_ms=%u", mi->mi_options.read_timeout_ms);
1979 seq_printf(m, ",readahead=%u", mi->mi_options.readahead_pages);
1980 if (mi->mi_options.read_log_pages != 0) {
1981 seq_printf(m, ",rlog_pages=%u", mi->mi_options.read_log_pages);
1982 seq_printf(m, ",rlog_wakeup_cnt=%u",
1983 mi->mi_options.read_log_wakeup_count);
1984 }
1985 if (mi->mi_options.report_uid)
1986 seq_puts(m, ",report_uid");
1987
1988 if (mi->mi_sysfs_node)
1989 seq_printf(m, ",sysfs_name=%s",
1990 kobject_name(&mi->mi_sysfs_node->isn_sysfs_node));
1991 return 0;
1992 }
1993