1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright 2020 Google LLC
4 */
5
6 #include <linux/file.h>
7 #include <linux/fs.h>
8 #include <linux/fsnotify.h>
9 #include <linux/namei.h>
10 #include <linux/poll.h>
11 #include <linux/syscalls.h>
12 #include <linux/fdtable.h>
13 #include <linux/filelock.h>
14
15 #include <uapi/linux/incrementalfs.h>
16
17 #include "pseudo_files.h"
18
19 #include "data_mgmt.h"
20 #include "format.h"
21 #include "integrity.h"
22 #include "vfs.h"
23
24 #define READ_WRITE_FILE_MODE 0666
25
26 static bool is_pseudo_filename(struct mem_range name);
27
28 /*******************************************************************************
29 * .pending_reads pseudo file definition
30 ******************************************************************************/
31 #define INCFS_PENDING_READS_INODE 2
32 static const char pending_reads_file_name[] = INCFS_PENDING_READS_FILENAME;
33
34 /* State of an open .pending_reads file, unique for each file descriptor. */
35 struct pending_reads_state {
36 /* A serial number of the last pending read obtained from this file. */
37 int last_pending_read_sn;
38 };
39
pending_reads_read(struct file * f,char __user * buf,size_t len,loff_t * ppos)40 static ssize_t pending_reads_read(struct file *f, char __user *buf, size_t len,
41 loff_t *ppos)
42 {
43 struct pending_reads_state *pr_state = f->private_data;
44 struct mount_info *mi = get_mount_info(file_superblock(f));
45 bool report_uid;
46 unsigned long page = 0;
47 struct incfs_pending_read_info *reads_buf = NULL;
48 struct incfs_pending_read_info2 *reads_buf2 = NULL;
49 size_t record_size;
50 size_t reads_to_collect;
51 int last_known_read_sn = READ_ONCE(pr_state->last_pending_read_sn);
52 int new_max_sn = last_known_read_sn;
53 int reads_collected = 0;
54 ssize_t result = 0;
55
56 if (!mi)
57 return -EFAULT;
58
59 report_uid = mi->mi_options.report_uid;
60 record_size = report_uid ? sizeof(*reads_buf2) : sizeof(*reads_buf);
61 reads_to_collect = len / record_size;
62
63 if (!incfs_fresh_pending_reads_exist(mi, last_known_read_sn))
64 return 0;
65
66 page = get_zeroed_page(GFP_NOFS);
67 if (!page)
68 return -ENOMEM;
69
70 if (report_uid)
71 reads_buf2 = (struct incfs_pending_read_info2 *) page;
72 else
73 reads_buf = (struct incfs_pending_read_info *) page;
74
75 reads_to_collect =
76 min_t(size_t, PAGE_SIZE / record_size, reads_to_collect);
77
78 reads_collected = incfs_collect_pending_reads(mi, last_known_read_sn,
79 reads_buf, reads_buf2, reads_to_collect,
80 &new_max_sn);
81
82 if (reads_collected < 0) {
83 result = reads_collected;
84 goto out;
85 }
86
87 /*
88 * Just to make sure that we don't accidentally copy more data
89 * to reads buffer than userspace can handle.
90 */
91 reads_collected = min_t(size_t, reads_collected, reads_to_collect);
92 result = reads_collected * record_size;
93
94 /* Copy reads info to the userspace buffer */
95 if (copy_to_user(buf, (void *)page, result)) {
96 result = -EFAULT;
97 goto out;
98 }
99
100 WRITE_ONCE(pr_state->last_pending_read_sn, new_max_sn);
101 *ppos = 0;
102
103 out:
104 free_page(page);
105 return result;
106 }
107
pending_reads_poll(struct file * file,poll_table * wait)108 static __poll_t pending_reads_poll(struct file *file, poll_table *wait)
109 {
110 struct pending_reads_state *state = file->private_data;
111 struct mount_info *mi = get_mount_info(file_superblock(file));
112 __poll_t ret = 0;
113
114 poll_wait(file, &mi->mi_pending_reads_notif_wq, wait);
115 if (incfs_fresh_pending_reads_exist(mi,
116 state->last_pending_read_sn))
117 ret = EPOLLIN | EPOLLRDNORM;
118
119 return ret;
120 }
121
pending_reads_open(struct inode * inode,struct file * file)122 static int pending_reads_open(struct inode *inode, struct file *file)
123 {
124 struct pending_reads_state *state = NULL;
125
126 state = kzalloc(sizeof(*state), GFP_NOFS);
127 if (!state)
128 return -ENOMEM;
129
130 file->private_data = state;
131 return 0;
132 }
133
pending_reads_release(struct inode * inode,struct file * file)134 static int pending_reads_release(struct inode *inode, struct file *file)
135 {
136 kfree(file->private_data);
137 return 0;
138 }
139
ioctl_permit_fill(struct file * f,void __user * arg)140 static long ioctl_permit_fill(struct file *f, void __user *arg)
141 {
142 struct incfs_permit_fill __user *usr_permit_fill = arg;
143 struct incfs_permit_fill permit_fill;
144 long error = 0;
145 struct file *file = NULL;
146 struct incfs_file_data *fd;
147
148 if (copy_from_user(&permit_fill, usr_permit_fill, sizeof(permit_fill)))
149 return -EFAULT;
150
151 file = fget(permit_fill.file_descriptor);
152 if (IS_ERR_OR_NULL(file)) {
153 if (!file)
154 return -ENOENT;
155
156 return PTR_ERR(file);
157 }
158
159 if (file->f_op != &incfs_file_ops) {
160 error = -EPERM;
161 goto out;
162 }
163
164 if (file->f_inode->i_sb != f->f_inode->i_sb) {
165 error = -EPERM;
166 goto out;
167 }
168
169 fd = file->private_data;
170
171 switch (fd->fd_fill_permission) {
172 case CANT_FILL:
173 fd->fd_fill_permission = CAN_FILL;
174 break;
175
176 case CAN_FILL:
177 pr_debug("CAN_FILL already set");
178 break;
179
180 default:
181 pr_warn("Invalid file private data");
182 error = -EFAULT;
183 goto out;
184 }
185
186 out:
187 fput(file);
188 return error;
189 }
190
chmod(struct dentry * dentry,umode_t mode)191 static int chmod(struct dentry *dentry, umode_t mode)
192 {
193 struct inode *inode = dentry->d_inode;
194 struct inode *delegated_inode = NULL;
195 struct iattr newattrs;
196 int error;
197
198 retry_deleg:
199 inode_lock(inode);
200 newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
201 newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
202 error = notify_change(&nop_mnt_idmap, dentry, &newattrs, &delegated_inode);
203 inode_unlock(inode);
204 if (delegated_inode) {
205 error = break_deleg_wait(&delegated_inode);
206 if (!error)
207 goto retry_deleg;
208 }
209 return error;
210 }
211
incfs_equal_ranges(struct mem_range lhs,struct mem_range rhs)212 static bool incfs_equal_ranges(struct mem_range lhs, struct mem_range rhs)
213 {
214 if (lhs.len != rhs.len)
215 return false;
216 return memcmp(lhs.data, rhs.data, lhs.len) == 0;
217 }
218
validate_name(char * file_name)219 static int validate_name(char *file_name)
220 {
221 struct mem_range name = range(file_name, strlen(file_name));
222 int i = 0;
223
224 if (name.len > INCFS_MAX_NAME_LEN)
225 return -ENAMETOOLONG;
226
227 if (is_pseudo_filename(name))
228 return -EINVAL;
229
230 for (i = 0; i < name.len; i++)
231 if (name.data[i] == '/')
232 return -EINVAL;
233
234 return 0;
235 }
236
dir_relative_path_resolve(struct mount_info * mi,const char __user * relative_path,struct path * result_path,struct path * base_path)237 static int dir_relative_path_resolve(
238 struct mount_info *mi,
239 const char __user *relative_path,
240 struct path *result_path,
241 struct path *base_path)
242 {
243 int dir_fd = get_unused_fd_flags(0);
244 struct file *dir_f = NULL;
245 int error = 0;
246
247 if (!base_path)
248 base_path = &mi->mi_backing_dir_path;
249
250 if (dir_fd < 0)
251 return dir_fd;
252
253 dir_f = dentry_open(base_path, O_RDONLY | O_NOATIME, current_cred());
254
255 if (IS_ERR(dir_f)) {
256 error = PTR_ERR(dir_f);
257 goto out;
258 }
259 fd_install(dir_fd, dir_f);
260
261 if (!relative_path) {
262 /* No relative path given, just return the base dir. */
263 *result_path = *base_path;
264 path_get(result_path);
265 goto out;
266 }
267
268 error = user_path_at_empty(dir_fd, relative_path,
269 LOOKUP_FOLLOW | LOOKUP_DIRECTORY, result_path, NULL);
270
271 out:
272 close_fd(dir_fd);
273 if (error)
274 pr_debug("Error: %d\n", error);
275 return error;
276 }
277
incfs_copy_signature_info_from_user(u8 __user * original,u64 size)278 static struct mem_range incfs_copy_signature_info_from_user(u8 __user *original,
279 u64 size)
280 {
281 u8 *result;
282
283 if (!original)
284 return range(NULL, 0);
285
286 if (size > INCFS_MAX_SIGNATURE_SIZE)
287 return range(ERR_PTR(-EFAULT), 0);
288
289 result = kzalloc(size, GFP_NOFS | __GFP_COMP);
290 if (!result)
291 return range(ERR_PTR(-ENOMEM), 0);
292
293 if (copy_from_user(result, original, size)) {
294 kfree(result);
295 return range(ERR_PTR(-EFAULT), 0);
296 }
297
298 return range(result, size);
299 }
300
init_new_file(struct mount_info * mi,struct dentry * dentry,incfs_uuid_t * uuid,u64 size,struct mem_range attr,u8 __user * user_signature_info,u64 signature_size)301 static int init_new_file(struct mount_info *mi, struct dentry *dentry,
302 incfs_uuid_t *uuid, u64 size, struct mem_range attr,
303 u8 __user *user_signature_info, u64 signature_size)
304 {
305 struct path path = {};
306 struct file *new_file;
307 int error = 0;
308 struct backing_file_context *bfc = NULL;
309 u32 block_count;
310 struct mem_range raw_signature = { NULL };
311 struct mtree *hash_tree = NULL;
312
313 if (!mi || !dentry || !uuid)
314 return -EFAULT;
315
316 /* Resize newly created file to its true size. */
317 path = (struct path) {
318 .mnt = mi->mi_backing_dir_path.mnt,
319 .dentry = dentry
320 };
321
322 new_file = dentry_open(&path, O_RDWR | O_NOATIME | O_LARGEFILE,
323 current_cred());
324
325 if (IS_ERR(new_file)) {
326 error = PTR_ERR(new_file);
327 goto out;
328 }
329
330 bfc = incfs_alloc_bfc(mi, new_file);
331 fput(new_file);
332 if (IS_ERR(bfc)) {
333 error = PTR_ERR(bfc);
334 bfc = NULL;
335 goto out;
336 }
337
338 mutex_lock(&bfc->bc_mutex);
339 error = incfs_write_fh_to_backing_file(bfc, uuid, size);
340 if (error)
341 goto out;
342
343 block_count = (u32)get_blocks_count_for_size(size);
344
345 if (user_signature_info) {
346 raw_signature = incfs_copy_signature_info_from_user(
347 user_signature_info, signature_size);
348
349 if (IS_ERR(raw_signature.data)) {
350 error = PTR_ERR(raw_signature.data);
351 raw_signature.data = NULL;
352 goto out;
353 }
354
355 hash_tree = incfs_alloc_mtree(raw_signature, block_count);
356 if (IS_ERR(hash_tree)) {
357 error = PTR_ERR(hash_tree);
358 hash_tree = NULL;
359 goto out;
360 }
361
362 error = incfs_write_signature_to_backing_file(bfc,
363 raw_signature, hash_tree->hash_tree_area_size,
364 NULL, NULL);
365 if (error)
366 goto out;
367
368 block_count += get_blocks_count_for_size(
369 hash_tree->hash_tree_area_size);
370 }
371
372 if (block_count)
373 error = incfs_write_blockmap_to_backing_file(bfc, block_count);
374
375 if (error)
376 goto out;
377
378 out:
379 if (bfc) {
380 mutex_unlock(&bfc->bc_mutex);
381 incfs_free_bfc(bfc);
382 }
383 incfs_free_mtree(hash_tree);
384 kfree(raw_signature.data);
385
386 if (error)
387 pr_debug("incfs: %s error: %d\n", __func__, error);
388 return error;
389 }
390
notify_create(struct file * pending_reads_file,const char __user * dir_name,const char * file_name,const char * file_id_str,bool incomplete_file)391 static void notify_create(struct file *pending_reads_file,
392 const char __user *dir_name, const char *file_name,
393 const char *file_id_str, bool incomplete_file)
394 {
395 struct mount_info *mi =
396 get_mount_info(file_superblock(pending_reads_file));
397 struct path base_path = {
398 .mnt = pending_reads_file->f_path.mnt,
399 .dentry = pending_reads_file->f_path.dentry->d_parent,
400 };
401 struct path dir_path = {};
402 struct dentry *file = NULL;
403 struct dentry *dir = NULL;
404 int error;
405
406 error = dir_relative_path_resolve(mi, dir_name, &dir_path, &base_path);
407 if (error)
408 goto out;
409
410 file = incfs_lookup_dentry(dir_path.dentry, file_name);
411 if (IS_ERR(file)) {
412 error = PTR_ERR(file);
413 file = NULL;
414 goto out;
415 }
416
417 fsnotify_create(d_inode(dir_path.dentry), file);
418
419 if (file_id_str) {
420 dir = incfs_lookup_dentry(base_path.dentry, INCFS_INDEX_NAME);
421 if (IS_ERR(dir)) {
422 error = PTR_ERR(dir);
423 dir = NULL;
424 goto out;
425 }
426
427 dput(file);
428 file = incfs_lookup_dentry(dir, file_id_str);
429 if (IS_ERR(file)) {
430 error = PTR_ERR(file);
431 file = NULL;
432 goto out;
433 }
434
435 fsnotify_create(d_inode(dir), file);
436
437 if (incomplete_file) {
438 dput(dir);
439 dir = incfs_lookup_dentry(base_path.dentry,
440 INCFS_INCOMPLETE_NAME);
441 if (IS_ERR(dir)) {
442 error = PTR_ERR(dir);
443 dir = NULL;
444 goto out;
445 }
446
447 dput(file);
448 file = incfs_lookup_dentry(dir, file_id_str);
449 if (IS_ERR(file)) {
450 error = PTR_ERR(file);
451 file = NULL;
452 goto out;
453 }
454
455 fsnotify_create(d_inode(dir), file);
456 }
457 }
458 out:
459 if (error)
460 pr_warn("%s failed with error %d\n", __func__, error);
461
462 dput(dir);
463 dput(file);
464 path_put(&dir_path);
465 }
466
ioctl_create_file(struct file * file,struct incfs_new_file_args __user * usr_args)467 static long ioctl_create_file(struct file *file,
468 struct incfs_new_file_args __user *usr_args)
469 {
470 struct mount_info *mi = get_mount_info(file_superblock(file));
471 struct incfs_new_file_args args;
472 char *file_id_str = NULL;
473 struct dentry *index_file_dentry = NULL;
474 struct dentry *named_file_dentry = NULL;
475 struct dentry *incomplete_file_dentry = NULL;
476 struct path parent_dir_path = {};
477 struct inode *index_dir_inode = NULL;
478 __le64 size_attr_value = 0;
479 char *file_name = NULL;
480 char *attr_value = NULL;
481 int error = 0;
482 bool locked = false;
483 bool index_linked = false;
484 bool name_linked = false;
485 bool incomplete_linked = false;
486
487 if (!mi || !mi->mi_index_dir || !mi->mi_incomplete_dir) {
488 error = -EFAULT;
489 goto out;
490 }
491
492 if (copy_from_user(&args, usr_args, sizeof(args)) > 0) {
493 error = -EFAULT;
494 goto out;
495 }
496
497 file_name = strndup_user(u64_to_user_ptr(args.file_name), PATH_MAX);
498 if (IS_ERR(file_name)) {
499 error = PTR_ERR(file_name);
500 file_name = NULL;
501 goto out;
502 }
503
504 error = validate_name(file_name);
505 if (error)
506 goto out;
507
508 file_id_str = file_id_to_str(args.file_id);
509 if (!file_id_str) {
510 error = -ENOMEM;
511 goto out;
512 }
513
514 error = mutex_lock_interruptible(&mi->mi_dir_struct_mutex);
515 if (error)
516 goto out;
517 locked = true;
518
519 /* Find a directory to put the file into. */
520 error = dir_relative_path_resolve(mi,
521 u64_to_user_ptr(args.directory_path),
522 &parent_dir_path, NULL);
523 if (error)
524 goto out;
525
526 if (parent_dir_path.dentry == mi->mi_index_dir) {
527 /* Can't create a file directly inside .index */
528 error = -EBUSY;
529 goto out;
530 }
531
532 if (parent_dir_path.dentry == mi->mi_incomplete_dir) {
533 /* Can't create a file directly inside .incomplete */
534 error = -EBUSY;
535 goto out;
536 }
537
538 /* Look up a dentry in the parent dir. It should be negative. */
539 named_file_dentry = incfs_lookup_dentry(parent_dir_path.dentry,
540 file_name);
541 if (!named_file_dentry) {
542 error = -EFAULT;
543 goto out;
544 }
545 if (IS_ERR(named_file_dentry)) {
546 error = PTR_ERR(named_file_dentry);
547 named_file_dentry = NULL;
548 goto out;
549 }
550 if (d_really_is_positive(named_file_dentry)) {
551 /* File with this path already exists. */
552 error = -EEXIST;
553 goto out;
554 }
555
556 /* Look up a dentry in the incomplete dir. It should be negative. */
557 incomplete_file_dentry = incfs_lookup_dentry(mi->mi_incomplete_dir,
558 file_id_str);
559 if (!incomplete_file_dentry) {
560 error = -EFAULT;
561 goto out;
562 }
563 if (IS_ERR(incomplete_file_dentry)) {
564 error = PTR_ERR(incomplete_file_dentry);
565 incomplete_file_dentry = NULL;
566 goto out;
567 }
568 if (d_really_is_positive(incomplete_file_dentry)) {
569 /* File with this path already exists. */
570 error = -EEXIST;
571 goto out;
572 }
573
574 /* Look up a dentry in the .index dir. It should be negative. */
575 index_file_dentry = incfs_lookup_dentry(mi->mi_index_dir, file_id_str);
576 if (!index_file_dentry) {
577 error = -EFAULT;
578 goto out;
579 }
580 if (IS_ERR(index_file_dentry)) {
581 error = PTR_ERR(index_file_dentry);
582 index_file_dentry = NULL;
583 goto out;
584 }
585 if (d_really_is_positive(index_file_dentry)) {
586 /* File with this ID already exists in index. */
587 error = -EEXIST;
588 goto out;
589 }
590
591 /* Creating a file in the .index dir. */
592 index_dir_inode = d_inode(mi->mi_index_dir);
593 inode_lock_nested(index_dir_inode, I_MUTEX_PARENT);
594 error = vfs_create(&nop_mnt_idmap, index_dir_inode, index_file_dentry,
595 args.mode | 0222, true);
596 inode_unlock(index_dir_inode);
597
598 if (error)
599 goto out;
600 if (!d_really_is_positive(index_file_dentry)) {
601 error = -EINVAL;
602 goto out;
603 }
604
605 error = chmod(index_file_dentry, args.mode | 0222);
606 if (error) {
607 pr_debug("incfs: chmod err: %d\n", error);
608 goto out;
609 }
610
611 /* Save the file's ID as an xattr for easy fetching in future. */
612 error = vfs_setxattr(&nop_mnt_idmap, index_file_dentry, INCFS_XATTR_ID_NAME,
613 file_id_str, strlen(file_id_str), XATTR_CREATE);
614 if (error) {
615 pr_debug("incfs: vfs_setxattr err:%d\n", error);
616 goto out;
617 }
618
619 /* Save the file's size as an xattr for easy fetching in future. */
620 size_attr_value = cpu_to_le64(args.size);
621 error = vfs_setxattr(&nop_mnt_idmap, index_file_dentry, INCFS_XATTR_SIZE_NAME,
622 (char *)&size_attr_value, sizeof(size_attr_value),
623 XATTR_CREATE);
624 if (error) {
625 pr_debug("incfs: vfs_setxattr err:%d\n", error);
626 goto out;
627 }
628
629 /* Save the file's attribute as an xattr */
630 if (args.file_attr_len && args.file_attr) {
631 if (args.file_attr_len > INCFS_MAX_FILE_ATTR_SIZE) {
632 error = -E2BIG;
633 goto out;
634 }
635
636 attr_value = kmalloc(args.file_attr_len, GFP_NOFS);
637 if (!attr_value) {
638 error = -ENOMEM;
639 goto out;
640 }
641
642 if (copy_from_user(attr_value,
643 u64_to_user_ptr(args.file_attr),
644 args.file_attr_len) > 0) {
645 error = -EFAULT;
646 goto out;
647 }
648
649 error = vfs_setxattr(&nop_mnt_idmap, index_file_dentry,
650 INCFS_XATTR_METADATA_NAME,
651 attr_value, args.file_attr_len,
652 XATTR_CREATE);
653
654 if (error)
655 goto out;
656 }
657
658 /* Initializing a newly created file. */
659 error = init_new_file(mi, index_file_dentry, &args.file_id, args.size,
660 range(attr_value, args.file_attr_len),
661 u64_to_user_ptr(args.signature_info),
662 args.signature_size);
663 if (error)
664 goto out;
665 index_linked = true;
666
667 /* Linking a file with its real name from the requested dir. */
668 error = incfs_link(index_file_dentry, named_file_dentry);
669 if (error)
670 goto out;
671 name_linked = true;
672
673 if (args.size) {
674 /* Linking a file with its incomplete entry */
675 error = incfs_link(index_file_dentry, incomplete_file_dentry);
676 if (error)
677 goto out;
678 incomplete_linked = true;
679 }
680
681 notify_create(file, u64_to_user_ptr(args.directory_path), file_name,
682 file_id_str, args.size != 0);
683
684 out:
685 if (error) {
686 pr_debug("incfs: %s err:%d\n", __func__, error);
687 if (index_linked)
688 incfs_unlink(index_file_dentry);
689 if (name_linked)
690 incfs_unlink(named_file_dentry);
691 if (incomplete_linked)
692 incfs_unlink(incomplete_file_dentry);
693 }
694
695 kfree(file_id_str);
696 kfree(file_name);
697 kfree(attr_value);
698 dput(named_file_dentry);
699 dput(index_file_dentry);
700 dput(incomplete_file_dentry);
701 path_put(&parent_dir_path);
702 if (locked)
703 mutex_unlock(&mi->mi_dir_struct_mutex);
704
705 return error;
706 }
707
init_new_mapped_file(struct mount_info * mi,struct dentry * dentry,incfs_uuid_t * uuid,u64 size,u64 offset)708 static int init_new_mapped_file(struct mount_info *mi, struct dentry *dentry,
709 incfs_uuid_t *uuid, u64 size, u64 offset)
710 {
711 struct path path = {};
712 struct file *new_file;
713 int error = 0;
714 struct backing_file_context *bfc = NULL;
715
716 if (!mi || !dentry || !uuid)
717 return -EFAULT;
718
719 /* Resize newly created file to its true size. */
720 path = (struct path) {
721 .mnt = mi->mi_backing_dir_path.mnt,
722 .dentry = dentry
723 };
724 new_file = dentry_open(&path, O_RDWR | O_NOATIME | O_LARGEFILE,
725 current_cred());
726
727 if (IS_ERR(new_file)) {
728 error = PTR_ERR(new_file);
729 goto out;
730 }
731
732 bfc = incfs_alloc_bfc(mi, new_file);
733 fput(new_file);
734 if (IS_ERR(bfc)) {
735 error = PTR_ERR(bfc);
736 bfc = NULL;
737 goto out;
738 }
739
740 mutex_lock(&bfc->bc_mutex);
741 error = incfs_write_mapping_fh_to_backing_file(bfc, uuid, size, offset);
742 if (error)
743 goto out;
744
745 out:
746 if (bfc) {
747 mutex_unlock(&bfc->bc_mutex);
748 incfs_free_bfc(bfc);
749 }
750
751 if (error)
752 pr_debug("incfs: %s error: %d\n", __func__, error);
753 return error;
754 }
755
ioctl_create_mapped_file(struct file * file,void __user * arg)756 static long ioctl_create_mapped_file(struct file *file, void __user *arg)
757 {
758 struct mount_info *mi = get_mount_info(file_superblock(file));
759 struct incfs_create_mapped_file_args __user *args_usr_ptr = arg;
760 struct incfs_create_mapped_file_args args = {};
761 char *file_name;
762 int error = 0;
763 struct path parent_dir_path = {};
764 char *source_file_name = NULL;
765 struct dentry *source_file_dentry = NULL;
766 u64 source_file_size;
767 struct dentry *file_dentry = NULL;
768 struct inode *parent_inode;
769 __le64 size_attr_value;
770
771 if (copy_from_user(&args, args_usr_ptr, sizeof(args)) > 0)
772 return -EINVAL;
773
774 file_name = strndup_user(u64_to_user_ptr(args.file_name), PATH_MAX);
775 if (IS_ERR(file_name)) {
776 error = PTR_ERR(file_name);
777 file_name = NULL;
778 goto out;
779 }
780
781 error = validate_name(file_name);
782 if (error)
783 goto out;
784
785 if (args.source_offset % INCFS_DATA_FILE_BLOCK_SIZE) {
786 error = -EINVAL;
787 goto out;
788 }
789
790 /* Validate file mapping is in range */
791 source_file_name = file_id_to_str(args.source_file_id);
792 if (!source_file_name) {
793 pr_warn("Failed to alloc source_file_name\n");
794 error = -ENOMEM;
795 goto out;
796 }
797
798 source_file_dentry = incfs_lookup_dentry(mi->mi_index_dir,
799 source_file_name);
800 if (!source_file_dentry) {
801 pr_warn("Source file does not exist\n");
802 error = -EINVAL;
803 goto out;
804 }
805 if (IS_ERR(source_file_dentry)) {
806 pr_warn("Error opening source file\n");
807 error = PTR_ERR(source_file_dentry);
808 source_file_dentry = NULL;
809 goto out;
810 }
811 if (!d_really_is_positive(source_file_dentry)) {
812 pr_warn("Source file dentry negative\n");
813 error = -EINVAL;
814 goto out;
815 }
816
817 error = vfs_getxattr(&nop_mnt_idmap, source_file_dentry, INCFS_XATTR_SIZE_NAME,
818 (char *)&size_attr_value, sizeof(size_attr_value));
819 if (error < 0)
820 goto out;
821
822 if (error != sizeof(size_attr_value)) {
823 pr_warn("Mapped file has no size attr\n");
824 error = -EINVAL;
825 goto out;
826 }
827
828 source_file_size = le64_to_cpu(size_attr_value);
829 if (args.source_offset + args.size > source_file_size) {
830 pr_warn("Mapped file out of range\n");
831 error = -EINVAL;
832 goto out;
833 }
834
835 /* Find a directory to put the file into. */
836 error = dir_relative_path_resolve(mi,
837 u64_to_user_ptr(args.directory_path),
838 &parent_dir_path, NULL);
839 if (error)
840 goto out;
841
842 if (parent_dir_path.dentry == mi->mi_index_dir) {
843 /* Can't create a file directly inside .index */
844 error = -EBUSY;
845 goto out;
846 }
847
848 /* Look up a dentry in the parent dir. It should be negative. */
849 file_dentry = incfs_lookup_dentry(parent_dir_path.dentry,
850 file_name);
851 if (!file_dentry) {
852 error = -EFAULT;
853 goto out;
854 }
855 if (IS_ERR(file_dentry)) {
856 error = PTR_ERR(file_dentry);
857 file_dentry = NULL;
858 goto out;
859 }
860 if (d_really_is_positive(file_dentry)) {
861 error = -EEXIST;
862 goto out;
863 }
864
865 parent_inode = d_inode(parent_dir_path.dentry);
866 inode_lock_nested(parent_inode, I_MUTEX_PARENT);
867 error = vfs_create(&nop_mnt_idmap, parent_inode, file_dentry,
868 args.mode | 0222, true);
869 inode_unlock(parent_inode);
870 if (error)
871 goto out;
872
873 error = chmod(file_dentry, args.mode | 0222);
874 if (error) {
875 pr_debug("incfs: chmod err: %d\n", error);
876 goto delete_file;
877 }
878
879 /* Save the file's size as an xattr for easy fetching in future. */
880 size_attr_value = cpu_to_le64(args.size);
881 error = vfs_setxattr(&nop_mnt_idmap, file_dentry, INCFS_XATTR_SIZE_NAME,
882 (char *)&size_attr_value, sizeof(size_attr_value),
883 XATTR_CREATE);
884 if (error) {
885 pr_debug("incfs: vfs_setxattr err:%d\n", error);
886 goto delete_file;
887 }
888
889 error = init_new_mapped_file(mi, file_dentry, &args.source_file_id,
890 args.size, args.source_offset);
891 if (error)
892 goto delete_file;
893
894 notify_create(file, u64_to_user_ptr(args.directory_path), file_name,
895 NULL, false);
896
897 goto out;
898
899 delete_file:
900 incfs_unlink(file_dentry);
901
902 out:
903 dput(file_dentry);
904 dput(source_file_dentry);
905 path_put(&parent_dir_path);
906 kfree(file_name);
907 kfree(source_file_name);
908 return error;
909 }
910
ioctl_get_read_timeouts(struct mount_info * mi,void __user * arg)911 static long ioctl_get_read_timeouts(struct mount_info *mi, void __user *arg)
912 {
913 struct incfs_get_read_timeouts_args __user *args_usr_ptr = arg;
914 struct incfs_get_read_timeouts_args args = {};
915 int error = 0;
916 struct incfs_per_uid_read_timeouts *buffer;
917 int size;
918
919 if (copy_from_user(&args, args_usr_ptr, sizeof(args)))
920 return -EINVAL;
921
922 if (args.timeouts_array_size > INCFS_DATA_FILE_BLOCK_SIZE)
923 return -EINVAL;
924
925 buffer = kzalloc(args.timeouts_array_size, GFP_NOFS);
926 if (!buffer)
927 return -ENOMEM;
928
929 spin_lock(&mi->mi_per_uid_read_timeouts_lock);
930 size = mi->mi_per_uid_read_timeouts_size;
931 if (args.timeouts_array_size < size)
932 error = -E2BIG;
933 else if (size)
934 memcpy(buffer, mi->mi_per_uid_read_timeouts, size);
935 spin_unlock(&mi->mi_per_uid_read_timeouts_lock);
936
937 args.timeouts_array_size_out = size;
938 if (!error && size)
939 if (copy_to_user(u64_to_user_ptr(args.timeouts_array), buffer,
940 size))
941 error = -EFAULT;
942
943 if (!error || error == -E2BIG)
944 if (copy_to_user(args_usr_ptr, &args, sizeof(args)) > 0)
945 error = -EFAULT;
946
947 kfree(buffer);
948 return error;
949 }
950
ioctl_set_read_timeouts(struct mount_info * mi,void __user * arg)951 static long ioctl_set_read_timeouts(struct mount_info *mi, void __user *arg)
952 {
953 struct incfs_set_read_timeouts_args __user *args_usr_ptr = arg;
954 struct incfs_set_read_timeouts_args args = {};
955 int error = 0;
956 int size;
957 struct incfs_per_uid_read_timeouts *buffer = NULL, *tmp;
958 int i;
959
960 if (copy_from_user(&args, args_usr_ptr, sizeof(args)))
961 return -EINVAL;
962
963 size = args.timeouts_array_size;
964 if (size) {
965 if (size > INCFS_DATA_FILE_BLOCK_SIZE ||
966 size % sizeof(*buffer) != 0)
967 return -EINVAL;
968
969 buffer = kzalloc(size, GFP_NOFS);
970 if (!buffer)
971 return -ENOMEM;
972
973 if (copy_from_user(buffer, u64_to_user_ptr(args.timeouts_array),
974 size)) {
975 error = -EINVAL;
976 goto out;
977 }
978
979 for (i = 0; i < size / sizeof(*buffer); ++i) {
980 struct incfs_per_uid_read_timeouts *t = &buffer[i];
981
982 if (t->min_pending_time_us > t->max_pending_time_us) {
983 error = -EINVAL;
984 goto out;
985 }
986 }
987 }
988
989 spin_lock(&mi->mi_per_uid_read_timeouts_lock);
990 mi->mi_per_uid_read_timeouts_size = size;
991 tmp = mi->mi_per_uid_read_timeouts;
992 mi->mi_per_uid_read_timeouts = buffer;
993 buffer = tmp;
994 spin_unlock(&mi->mi_per_uid_read_timeouts_lock);
995
996 out:
997 kfree(buffer);
998 return error;
999 }
1000
ioctl_get_last_read_error(struct mount_info * mi,void __user * arg)1001 static long ioctl_get_last_read_error(struct mount_info *mi, void __user *arg)
1002 {
1003 struct incfs_get_last_read_error_args __user *args_usr_ptr = arg;
1004 struct incfs_get_last_read_error_args args = {};
1005 int error;
1006
1007 error = mutex_lock_interruptible(&mi->mi_le_mutex);
1008 if (error)
1009 return error;
1010
1011 args.file_id_out = mi->mi_le_file_id;
1012 args.time_us_out = mi->mi_le_time_us;
1013 args.page_out = mi->mi_le_page;
1014 args.errno_out = mi->mi_le_errno;
1015 args.uid_out = mi->mi_le_uid;
1016
1017 mutex_unlock(&mi->mi_le_mutex);
1018 if (copy_to_user(args_usr_ptr, &args, sizeof(args)) > 0)
1019 error = -EFAULT;
1020
1021 return error;
1022 }
1023
pending_reads_dispatch_ioctl(struct file * f,unsigned int req,unsigned long arg)1024 static long pending_reads_dispatch_ioctl(struct file *f, unsigned int req,
1025 unsigned long arg)
1026 {
1027 struct mount_info *mi = get_mount_info(file_superblock(f));
1028
1029 switch (req) {
1030 case INCFS_IOC_CREATE_FILE:
1031 return ioctl_create_file(f, (void __user *)arg);
1032 case INCFS_IOC_PERMIT_FILL:
1033 return ioctl_permit_fill(f, (void __user *)arg);
1034 case INCFS_IOC_CREATE_MAPPED_FILE:
1035 return ioctl_create_mapped_file(f, (void __user *)arg);
1036 case INCFS_IOC_GET_READ_TIMEOUTS:
1037 return ioctl_get_read_timeouts(mi, (void __user *)arg);
1038 case INCFS_IOC_SET_READ_TIMEOUTS:
1039 return ioctl_set_read_timeouts(mi, (void __user *)arg);
1040 case INCFS_IOC_GET_LAST_READ_ERROR:
1041 return ioctl_get_last_read_error(mi, (void __user *)arg);
1042 default:
1043 return -EINVAL;
1044 }
1045 }
1046
1047 static const struct file_operations incfs_pending_reads_file_ops = {
1048 .read = pending_reads_read,
1049 .poll = pending_reads_poll,
1050 .open = pending_reads_open,
1051 .release = pending_reads_release,
1052 .llseek = noop_llseek,
1053 .unlocked_ioctl = pending_reads_dispatch_ioctl,
1054 .compat_ioctl = pending_reads_dispatch_ioctl
1055 };
1056
1057 /*******************************************************************************
1058 * .log pseudo file definition
1059 ******************************************************************************/
1060 #define INCFS_LOG_INODE 3
1061 static const char log_file_name[] = INCFS_LOG_FILENAME;
1062
1063 /* State of an open .log file, unique for each file descriptor. */
1064 struct log_file_state {
1065 struct read_log_state state;
1066 };
1067
log_read(struct file * f,char __user * buf,size_t len,loff_t * ppos)1068 static ssize_t log_read(struct file *f, char __user *buf, size_t len,
1069 loff_t *ppos)
1070 {
1071 struct log_file_state *log_state = f->private_data;
1072 struct mount_info *mi = get_mount_info(file_superblock(f));
1073 int total_reads_collected = 0;
1074 int rl_size;
1075 ssize_t result = 0;
1076 bool report_uid;
1077 void *page = 0;
1078 struct incfs_pending_read_info *reads_buf = NULL;
1079 struct incfs_pending_read_info2 *reads_buf2 = NULL;
1080 size_t record_size;
1081 ssize_t reads_to_collect;
1082 ssize_t reads_per_page;
1083
1084 if (!mi)
1085 return -EFAULT;
1086
1087 report_uid = mi->mi_options.report_uid;
1088 record_size = report_uid ? sizeof(*reads_buf2) : sizeof(*reads_buf);
1089 reads_to_collect = len / record_size;
1090 reads_per_page = INCFS_DATA_FILE_BLOCK_SIZE / record_size;
1091
1092 rl_size = READ_ONCE(mi->mi_log.rl_size);
1093 if (rl_size == 0)
1094 return 0;
1095
1096 page = kzalloc(INCFS_DATA_FILE_BLOCK_SIZE, GFP_NOFS);
1097 if (!page)
1098 return -ENOMEM;
1099
1100 if (report_uid)
1101 reads_buf2 = (struct incfs_pending_read_info2 *)page;
1102 else
1103 reads_buf = (struct incfs_pending_read_info *)page;
1104
1105 reads_to_collect = min_t(ssize_t, rl_size, reads_to_collect);
1106 while (reads_to_collect > 0) {
1107 struct read_log_state next_state;
1108 int reads_collected;
1109
1110 memcpy(&next_state, &log_state->state, sizeof(next_state));
1111 reads_collected = incfs_collect_logged_reads(
1112 mi, &next_state, reads_buf, reads_buf2,
1113 min_t(ssize_t, reads_to_collect, reads_per_page));
1114 if (reads_collected <= 0) {
1115 result = total_reads_collected ?
1116 total_reads_collected * record_size :
1117 reads_collected;
1118 goto out;
1119 }
1120 if (copy_to_user(buf, page,
1121 reads_collected * record_size)) {
1122 result = total_reads_collected ?
1123 total_reads_collected * record_size :
1124 -EFAULT;
1125 goto out;
1126 }
1127
1128 memcpy(&log_state->state, &next_state, sizeof(next_state));
1129 total_reads_collected += reads_collected;
1130 buf += reads_collected * record_size;
1131 reads_to_collect -= reads_collected;
1132 }
1133
1134 result = total_reads_collected * record_size;
1135 *ppos = 0;
1136 out:
1137 kfree(page);
1138 return result;
1139 }
1140
log_poll(struct file * file,poll_table * wait)1141 static __poll_t log_poll(struct file *file, poll_table *wait)
1142 {
1143 struct log_file_state *log_state = file->private_data;
1144 struct mount_info *mi = get_mount_info(file_superblock(file));
1145 int count;
1146 __poll_t ret = 0;
1147
1148 poll_wait(file, &mi->mi_log.ml_notif_wq, wait);
1149 count = incfs_get_uncollected_logs_count(mi, &log_state->state);
1150 if (count >= mi->mi_options.read_log_wakeup_count)
1151 ret = EPOLLIN | EPOLLRDNORM;
1152
1153 return ret;
1154 }
1155
log_open(struct inode * inode,struct file * file)1156 static int log_open(struct inode *inode, struct file *file)
1157 {
1158 struct log_file_state *log_state = NULL;
1159 struct mount_info *mi = get_mount_info(file_superblock(file));
1160
1161 log_state = kzalloc(sizeof(*log_state), GFP_NOFS);
1162 if (!log_state)
1163 return -ENOMEM;
1164
1165 log_state->state = incfs_get_log_state(mi);
1166 file->private_data = log_state;
1167 return 0;
1168 }
1169
log_release(struct inode * inode,struct file * file)1170 static int log_release(struct inode *inode, struct file *file)
1171 {
1172 kfree(file->private_data);
1173 return 0;
1174 }
1175
1176 static const struct file_operations incfs_log_file_ops = {
1177 .read = log_read,
1178 .poll = log_poll,
1179 .open = log_open,
1180 .release = log_release,
1181 .llseek = noop_llseek,
1182 };
1183
1184 /*******************************************************************************
1185 * .blocks_written pseudo file definition
1186 ******************************************************************************/
1187 #define INCFS_BLOCKS_WRITTEN_INODE 4
1188 static const char blocks_written_file_name[] = INCFS_BLOCKS_WRITTEN_FILENAME;
1189
1190 /* State of an open .blocks_written file, unique for each file descriptor. */
1191 struct blocks_written_file_state {
1192 unsigned long blocks_written;
1193 };
1194
blocks_written_read(struct file * f,char __user * buf,size_t len,loff_t * ppos)1195 static ssize_t blocks_written_read(struct file *f, char __user *buf, size_t len,
1196 loff_t *ppos)
1197 {
1198 struct mount_info *mi = get_mount_info(file_superblock(f));
1199 struct blocks_written_file_state *state = f->private_data;
1200 unsigned long blocks_written;
1201 char string[21];
1202 int result = 0;
1203
1204 if (!mi)
1205 return -EFAULT;
1206
1207 blocks_written = atomic_read(&mi->mi_blocks_written);
1208 if (state->blocks_written == blocks_written)
1209 return 0;
1210
1211 result = snprintf(string, sizeof(string), "%lu", blocks_written);
1212 if (result > len)
1213 result = len;
1214 if (copy_to_user(buf, string, result))
1215 return -EFAULT;
1216
1217 state->blocks_written = blocks_written;
1218 return result;
1219 }
1220
blocks_written_poll(struct file * f,poll_table * wait)1221 static __poll_t blocks_written_poll(struct file *f, poll_table *wait)
1222 {
1223 struct mount_info *mi = get_mount_info(file_superblock(f));
1224 struct blocks_written_file_state *state = f->private_data;
1225 unsigned long blocks_written;
1226
1227 if (!mi)
1228 return 0;
1229
1230 poll_wait(f, &mi->mi_blocks_written_notif_wq, wait);
1231 blocks_written = atomic_read(&mi->mi_blocks_written);
1232 if (state->blocks_written == blocks_written)
1233 return 0;
1234
1235 return EPOLLIN | EPOLLRDNORM;
1236 }
1237
blocks_written_open(struct inode * inode,struct file * file)1238 static int blocks_written_open(struct inode *inode, struct file *file)
1239 {
1240 struct blocks_written_file_state *state =
1241 kzalloc(sizeof(*state), GFP_NOFS);
1242
1243 if (!state)
1244 return -ENOMEM;
1245
1246 state->blocks_written = -1;
1247 file->private_data = state;
1248 return 0;
1249 }
1250
blocks_written_release(struct inode * inode,struct file * file)1251 static int blocks_written_release(struct inode *inode, struct file *file)
1252 {
1253 kfree(file->private_data);
1254 return 0;
1255 }
1256
1257 static const struct file_operations incfs_blocks_written_file_ops = {
1258 .read = blocks_written_read,
1259 .poll = blocks_written_poll,
1260 .open = blocks_written_open,
1261 .release = blocks_written_release,
1262 .llseek = noop_llseek,
1263 };
1264
1265 /*******************************************************************************
1266 * Generic inode lookup functionality
1267 ******************************************************************************/
1268
1269 const struct mem_range incfs_pseudo_file_names[] = {
1270 { .data = (u8 *)pending_reads_file_name,
1271 .len = ARRAY_SIZE(pending_reads_file_name) - 1 },
1272 { .data = (u8 *)log_file_name, .len = ARRAY_SIZE(log_file_name) - 1 },
1273 { .data = (u8 *)blocks_written_file_name,
1274 .len = ARRAY_SIZE(blocks_written_file_name) - 1 }
1275 };
1276
1277 const unsigned long incfs_pseudo_file_inodes[] = { INCFS_PENDING_READS_INODE,
1278 INCFS_LOG_INODE,
1279 INCFS_BLOCKS_WRITTEN_INODE };
1280
1281 static const struct file_operations *const pseudo_file_operations[] = {
1282 &incfs_pending_reads_file_ops, &incfs_log_file_ops,
1283 &incfs_blocks_written_file_ops
1284 };
1285
is_pseudo_filename(struct mem_range name)1286 static bool is_pseudo_filename(struct mem_range name)
1287 {
1288 int i = 0;
1289
1290 for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i)
1291 if (incfs_equal_ranges(incfs_pseudo_file_names[i], name))
1292 return true;
1293 return false;
1294 }
1295
get_pseudo_inode(int ino,struct inode * inode)1296 static bool get_pseudo_inode(int ino, struct inode *inode)
1297 {
1298 int i = 0;
1299
1300 for (; i < ARRAY_SIZE(incfs_pseudo_file_inodes); ++i)
1301 if (ino == incfs_pseudo_file_inodes[i])
1302 break;
1303 if (i == ARRAY_SIZE(incfs_pseudo_file_inodes))
1304 return false;
1305
1306 inode->i_mtime = inode->i_atime = inode_set_ctime(inode, 0, 0);
1307 inode->i_size = 0;
1308 inode->i_ino = ino;
1309 inode->i_private = NULL;
1310 inode_init_owner(&nop_mnt_idmap, inode, NULL, S_IFREG | READ_WRITE_FILE_MODE);
1311 inode->i_op = &incfs_file_inode_ops;
1312 inode->i_fop = pseudo_file_operations[i];
1313 return true;
1314 }
1315
1316 struct inode_search {
1317 unsigned long ino;
1318 };
1319
inode_test(struct inode * inode,void * opaque)1320 static int inode_test(struct inode *inode, void *opaque)
1321 {
1322 struct inode_search *search = opaque;
1323
1324 return inode->i_ino == search->ino;
1325 }
1326
inode_set(struct inode * inode,void * opaque)1327 static int inode_set(struct inode *inode, void *opaque)
1328 {
1329 struct inode_search *search = opaque;
1330
1331 if (get_pseudo_inode(search->ino, inode))
1332 return 0;
1333
1334 /* Unknown inode requested. */
1335 return -EINVAL;
1336 }
1337
fetch_inode(struct super_block * sb,unsigned long ino)1338 static struct inode *fetch_inode(struct super_block *sb, unsigned long ino)
1339 {
1340 struct inode_search search = {
1341 .ino = ino
1342 };
1343 struct inode *inode = iget5_locked(sb, search.ino, inode_test,
1344 inode_set, &search);
1345
1346 if (!inode)
1347 return ERR_PTR(-ENOMEM);
1348
1349 if (inode->i_state & I_NEW)
1350 unlock_new_inode(inode);
1351
1352 return inode;
1353 }
1354
dir_lookup_pseudo_files(struct super_block * sb,struct dentry * dentry)1355 int dir_lookup_pseudo_files(struct super_block *sb, struct dentry *dentry)
1356 {
1357 struct mem_range name_range =
1358 range((u8 *)dentry->d_name.name, dentry->d_name.len);
1359 unsigned long ino;
1360 struct inode *inode;
1361 int i = 0;
1362
1363 for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i)
1364 if (incfs_equal_ranges(incfs_pseudo_file_names[i], name_range))
1365 break;
1366 if (i == ARRAY_SIZE(incfs_pseudo_file_names))
1367 return -ENOENT;
1368
1369 ino = incfs_pseudo_file_inodes[i];
1370
1371 inode = fetch_inode(sb, ino);
1372 if (IS_ERR(inode))
1373 return PTR_ERR(inode);
1374
1375 d_add(dentry, inode);
1376 return 0;
1377 }
1378
emit_pseudo_files(struct dir_context * ctx)1379 int emit_pseudo_files(struct dir_context *ctx)
1380 {
1381 loff_t i = ctx->pos;
1382
1383 for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i) {
1384 if (!dir_emit(ctx, incfs_pseudo_file_names[i].data,
1385 incfs_pseudo_file_names[i].len,
1386 incfs_pseudo_file_inodes[i], DT_REG))
1387 return -EINVAL;
1388
1389 ctx->pos++;
1390 }
1391 return 0;
1392 }
1393