1 /*
2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu>
4
5 This program can be distributed under the terms of the GNU GPL.
6 See the file COPYING.
7 */
8
9 #include "fuse_i.h"
10
11 #include <linux/pagemap.h>
12 #include <linux/file.h>
13 #include <linux/sched.h>
14 #include <linux/namei.h>
15 #include <linux/slab.h>
16 #include <linux/xattr.h>
17 #include <linux/posix_acl.h>
18
fuse_use_readdirplus(struct inode * dir,struct dir_context * ctx)19 static bool fuse_use_readdirplus(struct inode *dir, struct dir_context *ctx)
20 {
21 struct fuse_conn *fc = get_fuse_conn(dir);
22 struct fuse_inode *fi = get_fuse_inode(dir);
23
24 if (!fc->do_readdirplus)
25 return false;
26 if (!fc->readdirplus_auto)
27 return true;
28 if (test_and_clear_bit(FUSE_I_ADVISE_RDPLUS, &fi->state))
29 return true;
30 if (ctx->pos == 0)
31 return true;
32 return false;
33 }
34
fuse_advise_use_readdirplus(struct inode * dir)35 static void fuse_advise_use_readdirplus(struct inode *dir)
36 {
37 struct fuse_inode *fi = get_fuse_inode(dir);
38
39 set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state);
40 }
41
42 union fuse_dentry {
43 u64 time;
44 struct rcu_head rcu;
45 };
46
fuse_dentry_settime(struct dentry * entry,u64 time)47 static inline void fuse_dentry_settime(struct dentry *entry, u64 time)
48 {
49 ((union fuse_dentry *) entry->d_fsdata)->time = time;
50 }
51
fuse_dentry_time(struct dentry * entry)52 static inline u64 fuse_dentry_time(struct dentry *entry)
53 {
54 return ((union fuse_dentry *) entry->d_fsdata)->time;
55 }
56
57 /*
58 * FUSE caches dentries and attributes with separate timeout. The
59 * time in jiffies until the dentry/attributes are valid is stored in
60 * dentry->d_fsdata and fuse_inode->i_time respectively.
61 */
62
63 /*
64 * Calculate the time in jiffies until a dentry/attributes are valid
65 */
time_to_jiffies(u64 sec,u32 nsec)66 static u64 time_to_jiffies(u64 sec, u32 nsec)
67 {
68 if (sec || nsec) {
69 struct timespec64 ts = {
70 sec,
71 min_t(u32, nsec, NSEC_PER_SEC - 1)
72 };
73
74 return get_jiffies_64() + timespec64_to_jiffies(&ts);
75 } else
76 return 0;
77 }
78
79 /*
80 * Set dentry and possibly attribute timeouts from the lookup/mk*
81 * replies
82 */
fuse_change_entry_timeout(struct dentry * entry,struct fuse_entry_out * o)83 static void fuse_change_entry_timeout(struct dentry *entry,
84 struct fuse_entry_out *o)
85 {
86 fuse_dentry_settime(entry,
87 time_to_jiffies(o->entry_valid, o->entry_valid_nsec));
88 }
89
attr_timeout(struct fuse_attr_out * o)90 static u64 attr_timeout(struct fuse_attr_out *o)
91 {
92 return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
93 }
94
entry_attr_timeout(struct fuse_entry_out * o)95 static u64 entry_attr_timeout(struct fuse_entry_out *o)
96 {
97 return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
98 }
99
100 /*
101 * Mark the attributes as stale, so that at the next call to
102 * ->getattr() they will be fetched from userspace
103 */
fuse_invalidate_attr(struct inode * inode)104 void fuse_invalidate_attr(struct inode *inode)
105 {
106 get_fuse_inode(inode)->i_time = 0;
107 }
108
109 /**
110 * Mark the attributes as stale due to an atime change. Avoid the invalidate if
111 * atime is not used.
112 */
fuse_invalidate_atime(struct inode * inode)113 void fuse_invalidate_atime(struct inode *inode)
114 {
115 if (!IS_RDONLY(inode))
116 fuse_invalidate_attr(inode);
117 }
118
119 /*
120 * Just mark the entry as stale, so that a next attempt to look it up
121 * will result in a new lookup call to userspace
122 *
123 * This is called when a dentry is about to become negative and the
124 * timeout is unknown (unlink, rmdir, rename and in some cases
125 * lookup)
126 */
fuse_invalidate_entry_cache(struct dentry * entry)127 void fuse_invalidate_entry_cache(struct dentry *entry)
128 {
129 fuse_dentry_settime(entry, 0);
130 }
131
132 /*
133 * Same as fuse_invalidate_entry_cache(), but also try to remove the
134 * dentry from the hash
135 */
fuse_invalidate_entry(struct dentry * entry)136 static void fuse_invalidate_entry(struct dentry *entry)
137 {
138 d_invalidate(entry);
139 fuse_invalidate_entry_cache(entry);
140 }
141
fuse_lookup_init(struct fuse_conn * fc,struct fuse_args * args,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg)142 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args,
143 u64 nodeid, const struct qstr *name,
144 struct fuse_entry_out *outarg)
145 {
146 memset(outarg, 0, sizeof(struct fuse_entry_out));
147 args->in.h.opcode = FUSE_LOOKUP;
148 args->in.h.nodeid = nodeid;
149 args->in.numargs = 1;
150 args->in.args[0].size = name->len + 1;
151 args->in.args[0].value = name->name;
152 args->out.numargs = 1;
153 args->out.args[0].size = sizeof(struct fuse_entry_out);
154 args->out.args[0].value = outarg;
155 }
156
fuse_get_attr_version(struct fuse_conn * fc)157 u64 fuse_get_attr_version(struct fuse_conn *fc)
158 {
159 u64 curr_version;
160
161 /*
162 * The spin lock isn't actually needed on 64bit archs, but we
163 * don't yet care too much about such optimizations.
164 */
165 spin_lock(&fc->lock);
166 curr_version = fc->attr_version;
167 spin_unlock(&fc->lock);
168
169 return curr_version;
170 }
171
172 /*
173 * Check whether the dentry is still valid
174 *
175 * If the entry validity timeout has expired and the dentry is
176 * positive, try to redo the lookup. If the lookup results in a
177 * different inode, then let the VFS invalidate the dentry and redo
178 * the lookup once more. If the lookup results in the same inode,
179 * then refresh the attributes, timeouts and mark the dentry valid.
180 */
fuse_dentry_revalidate(struct dentry * entry,unsigned int flags)181 static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags)
182 {
183 struct inode *inode;
184 struct dentry *parent;
185 struct fuse_conn *fc;
186 struct fuse_inode *fi;
187 int ret;
188
189 inode = d_inode_rcu(entry);
190 if (inode && fuse_is_bad(inode))
191 goto invalid;
192 else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||
193 (flags & LOOKUP_REVAL)) {
194 struct fuse_entry_out outarg;
195 FUSE_ARGS(args);
196 struct fuse_forget_link *forget;
197 u64 attr_version;
198
199 /* For negative dentries, always do a fresh lookup */
200 if (!inode)
201 goto invalid;
202
203 ret = -ECHILD;
204 if (flags & LOOKUP_RCU)
205 goto out;
206
207 fc = get_fuse_conn(inode);
208
209 forget = fuse_alloc_forget();
210 ret = -ENOMEM;
211 if (!forget)
212 goto out;
213
214 attr_version = fuse_get_attr_version(fc);
215
216 parent = dget_parent(entry);
217 fuse_lookup_init(fc, &args, get_node_id(d_inode(parent)),
218 &entry->d_name, &outarg);
219 ret = fuse_simple_request(fc, &args);
220 dput(parent);
221 /* Zero nodeid is same as -ENOENT */
222 if (!ret && !outarg.nodeid)
223 ret = -ENOENT;
224 if (!ret) {
225 fi = get_fuse_inode(inode);
226 if (outarg.nodeid != get_node_id(inode)) {
227 fuse_queue_forget(fc, forget, outarg.nodeid, 1);
228 goto invalid;
229 }
230 spin_lock(&fc->lock);
231 fi->nlookup++;
232 spin_unlock(&fc->lock);
233 }
234 kfree(forget);
235 if (ret == -ENOMEM || ret == -EINTR)
236 goto out;
237 if (ret || fuse_invalid_attr(&outarg.attr) ||
238 (outarg.attr.mode ^ inode->i_mode) & S_IFMT)
239 goto invalid;
240
241 forget_all_cached_acls(inode);
242 fuse_change_attributes(inode, &outarg.attr,
243 entry_attr_timeout(&outarg),
244 attr_version);
245 fuse_change_entry_timeout(entry, &outarg);
246 } else if (inode) {
247 fi = get_fuse_inode(inode);
248 if (flags & LOOKUP_RCU) {
249 if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state))
250 return -ECHILD;
251 } else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) {
252 parent = dget_parent(entry);
253 fuse_advise_use_readdirplus(d_inode(parent));
254 dput(parent);
255 }
256 }
257 ret = 1;
258 out:
259 return ret;
260
261 invalid:
262 ret = 0;
263 goto out;
264 }
265
invalid_nodeid(u64 nodeid)266 static int invalid_nodeid(u64 nodeid)
267 {
268 return !nodeid || nodeid == FUSE_ROOT_ID;
269 }
270
fuse_dentry_init(struct dentry * dentry)271 static int fuse_dentry_init(struct dentry *dentry)
272 {
273 dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry), GFP_KERNEL);
274
275 return dentry->d_fsdata ? 0 : -ENOMEM;
276 }
fuse_dentry_release(struct dentry * dentry)277 static void fuse_dentry_release(struct dentry *dentry)
278 {
279 union fuse_dentry *fd = dentry->d_fsdata;
280
281 kfree_rcu(fd, rcu);
282 }
283
284 const struct dentry_operations fuse_dentry_operations = {
285 .d_revalidate = fuse_dentry_revalidate,
286 .d_init = fuse_dentry_init,
287 .d_release = fuse_dentry_release,
288 };
289
290 const struct dentry_operations fuse_root_dentry_operations = {
291 .d_init = fuse_dentry_init,
292 .d_release = fuse_dentry_release,
293 };
294
fuse_valid_type(int m)295 int fuse_valid_type(int m)
296 {
297 return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) ||
298 S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m);
299 }
300
fuse_invalid_attr(struct fuse_attr * attr)301 bool fuse_invalid_attr(struct fuse_attr *attr)
302 {
303 return !fuse_valid_type(attr->mode) ||
304 attr->size > LLONG_MAX;
305 }
306
fuse_lookup_name(struct super_block * sb,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg,struct inode ** inode)307 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name,
308 struct fuse_entry_out *outarg, struct inode **inode)
309 {
310 struct fuse_conn *fc = get_fuse_conn_super(sb);
311 FUSE_ARGS(args);
312 struct fuse_forget_link *forget;
313 u64 attr_version;
314 int err;
315
316 *inode = NULL;
317 err = -ENAMETOOLONG;
318 if (name->len > FUSE_NAME_MAX)
319 goto out;
320
321
322 forget = fuse_alloc_forget();
323 err = -ENOMEM;
324 if (!forget)
325 goto out;
326
327 attr_version = fuse_get_attr_version(fc);
328
329 fuse_lookup_init(fc, &args, nodeid, name, outarg);
330 err = fuse_simple_request(fc, &args);
331 /* Zero nodeid is same as -ENOENT, but with valid timeout */
332 if (err || !outarg->nodeid)
333 goto out_put_forget;
334
335 err = -EIO;
336 if (!outarg->nodeid)
337 goto out_put_forget;
338 if (fuse_invalid_attr(&outarg->attr))
339 goto out_put_forget;
340
341 *inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
342 &outarg->attr, entry_attr_timeout(outarg),
343 attr_version);
344 err = -ENOMEM;
345 if (!*inode) {
346 fuse_queue_forget(fc, forget, outarg->nodeid, 1);
347 goto out;
348 }
349 err = 0;
350
351 out_put_forget:
352 kfree(forget);
353 out:
354 return err;
355 }
356
fuse_lookup(struct inode * dir,struct dentry * entry,unsigned int flags)357 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
358 unsigned int flags)
359 {
360 int err;
361 struct fuse_entry_out outarg;
362 struct inode *inode;
363 struct dentry *newent;
364 bool outarg_valid = true;
365 bool locked;
366
367 if (fuse_is_bad(dir))
368 return ERR_PTR(-EIO);
369
370 locked = fuse_lock_inode(dir);
371 err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name,
372 &outarg, &inode);
373 fuse_unlock_inode(dir, locked);
374 if (err == -ENOENT) {
375 outarg_valid = false;
376 err = 0;
377 }
378 if (err)
379 goto out_err;
380
381 err = -EIO;
382 if (inode && get_node_id(inode) == FUSE_ROOT_ID)
383 goto out_iput;
384
385 newent = d_splice_alias(inode, entry);
386 err = PTR_ERR(newent);
387 if (IS_ERR(newent))
388 goto out_err;
389
390 entry = newent ? newent : entry;
391 if (outarg_valid)
392 fuse_change_entry_timeout(entry, &outarg);
393 else
394 fuse_invalidate_entry_cache(entry);
395
396 fuse_advise_use_readdirplus(dir);
397 return newent;
398
399 out_iput:
400 iput(inode);
401 out_err:
402 return ERR_PTR(err);
403 }
404
405 /*
406 * Atomic create+open operation
407 *
408 * If the filesystem doesn't support this, then fall back to separate
409 * 'mknod' + 'open' requests.
410 */
fuse_create_open(struct inode * dir,struct dentry * entry,struct file * file,unsigned flags,umode_t mode)411 static int fuse_create_open(struct inode *dir, struct dentry *entry,
412 struct file *file, unsigned flags,
413 umode_t mode)
414 {
415 int err;
416 struct inode *inode;
417 struct fuse_conn *fc = get_fuse_conn(dir);
418 FUSE_ARGS(args);
419 struct fuse_forget_link *forget;
420 struct fuse_create_in inarg;
421 struct fuse_open_out outopen;
422 struct fuse_entry_out outentry;
423 struct fuse_file *ff;
424
425 /* Userspace expects S_IFREG in create mode */
426 BUG_ON((mode & S_IFMT) != S_IFREG);
427
428 forget = fuse_alloc_forget();
429 err = -ENOMEM;
430 if (!forget)
431 goto out_err;
432
433 err = -ENOMEM;
434 ff = fuse_file_alloc(fc);
435 if (!ff)
436 goto out_put_forget_req;
437
438 if (!fc->dont_mask)
439 mode &= ~current_umask();
440
441 flags &= ~O_NOCTTY;
442 memset(&inarg, 0, sizeof(inarg));
443 memset(&outentry, 0, sizeof(outentry));
444 inarg.flags = flags;
445 inarg.mode = mode;
446 inarg.umask = current_umask();
447 args.in.h.opcode = FUSE_CREATE;
448 args.in.h.nodeid = get_node_id(dir);
449 args.in.numargs = 2;
450 args.in.args[0].size = sizeof(inarg);
451 args.in.args[0].value = &inarg;
452 args.in.args[1].size = entry->d_name.len + 1;
453 args.in.args[1].value = entry->d_name.name;
454 args.out.numargs = 2;
455 args.out.args[0].size = sizeof(outentry);
456 args.out.args[0].value = &outentry;
457 args.out.args[1].size = sizeof(outopen);
458 args.out.args[1].value = &outopen;
459 err = fuse_simple_request(fc, &args);
460 if (err)
461 goto out_free_ff;
462
463 err = -EIO;
464 if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid) ||
465 fuse_invalid_attr(&outentry.attr))
466 goto out_free_ff;
467
468 ff->fh = outopen.fh;
469 ff->nodeid = outentry.nodeid;
470 ff->open_flags = outopen.open_flags;
471 inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation,
472 &outentry.attr, entry_attr_timeout(&outentry), 0);
473 if (!inode) {
474 flags &= ~(O_CREAT | O_EXCL | O_TRUNC);
475 fuse_sync_release(ff, flags);
476 fuse_queue_forget(fc, forget, outentry.nodeid, 1);
477 err = -ENOMEM;
478 goto out_err;
479 }
480 kfree(forget);
481 d_instantiate(entry, inode);
482 fuse_change_entry_timeout(entry, &outentry);
483 fuse_invalidate_attr(dir);
484 err = finish_open(file, entry, generic_file_open);
485 if (err) {
486 fuse_sync_release(ff, flags);
487 } else {
488 file->private_data = ff;
489 fuse_finish_open(inode, file);
490 }
491 return err;
492
493 out_free_ff:
494 fuse_file_free(ff);
495 out_put_forget_req:
496 kfree(forget);
497 out_err:
498 return err;
499 }
500
501 static int fuse_mknod(struct inode *, struct dentry *, umode_t, dev_t);
fuse_atomic_open(struct inode * dir,struct dentry * entry,struct file * file,unsigned flags,umode_t mode)502 static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
503 struct file *file, unsigned flags,
504 umode_t mode)
505 {
506 int err;
507 struct fuse_conn *fc = get_fuse_conn(dir);
508 struct dentry *res = NULL;
509
510 if (fuse_is_bad(dir))
511 return -EIO;
512
513 if (d_in_lookup(entry)) {
514 res = fuse_lookup(dir, entry, 0);
515 if (IS_ERR(res))
516 return PTR_ERR(res);
517
518 if (res)
519 entry = res;
520 }
521
522 if (!(flags & O_CREAT) || d_really_is_positive(entry))
523 goto no_open;
524
525 /* Only creates */
526 file->f_mode |= FMODE_CREATED;
527
528 if (fc->no_create)
529 goto mknod;
530
531 err = fuse_create_open(dir, entry, file, flags, mode);
532 if (err == -ENOSYS) {
533 fc->no_create = 1;
534 goto mknod;
535 }
536 out_dput:
537 dput(res);
538 return err;
539
540 mknod:
541 err = fuse_mknod(dir, entry, mode, 0);
542 if (err)
543 goto out_dput;
544 no_open:
545 return finish_no_open(file, res);
546 }
547
548 /*
549 * Code shared between mknod, mkdir, symlink and link
550 */
create_new_entry(struct fuse_conn * fc,struct fuse_args * args,struct inode * dir,struct dentry * entry,umode_t mode)551 static int create_new_entry(struct fuse_conn *fc, struct fuse_args *args,
552 struct inode *dir, struct dentry *entry,
553 umode_t mode)
554 {
555 struct fuse_entry_out outarg;
556 struct inode *inode;
557 struct dentry *d;
558 int err;
559 struct fuse_forget_link *forget;
560
561 if (fuse_is_bad(dir))
562 return -EIO;
563
564 forget = fuse_alloc_forget();
565 if (!forget)
566 return -ENOMEM;
567
568 memset(&outarg, 0, sizeof(outarg));
569 args->in.h.nodeid = get_node_id(dir);
570 args->out.numargs = 1;
571 args->out.args[0].size = sizeof(outarg);
572 args->out.args[0].value = &outarg;
573 err = fuse_simple_request(fc, args);
574 if (err)
575 goto out_put_forget_req;
576
577 err = -EIO;
578 if (invalid_nodeid(outarg.nodeid) || fuse_invalid_attr(&outarg.attr))
579 goto out_put_forget_req;
580
581 if ((outarg.attr.mode ^ mode) & S_IFMT)
582 goto out_put_forget_req;
583
584 inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation,
585 &outarg.attr, entry_attr_timeout(&outarg), 0);
586 if (!inode) {
587 fuse_queue_forget(fc, forget, outarg.nodeid, 1);
588 return -ENOMEM;
589 }
590 kfree(forget);
591
592 d_drop(entry);
593 d = d_splice_alias(inode, entry);
594 if (IS_ERR(d))
595 return PTR_ERR(d);
596
597 if (d) {
598 fuse_change_entry_timeout(d, &outarg);
599 dput(d);
600 } else {
601 fuse_change_entry_timeout(entry, &outarg);
602 }
603 fuse_invalidate_attr(dir);
604 return 0;
605
606 out_put_forget_req:
607 kfree(forget);
608 return err;
609 }
610
fuse_mknod(struct inode * dir,struct dentry * entry,umode_t mode,dev_t rdev)611 static int fuse_mknod(struct inode *dir, struct dentry *entry, umode_t mode,
612 dev_t rdev)
613 {
614 struct fuse_mknod_in inarg;
615 struct fuse_conn *fc = get_fuse_conn(dir);
616 FUSE_ARGS(args);
617
618 if (!fc->dont_mask)
619 mode &= ~current_umask();
620
621 memset(&inarg, 0, sizeof(inarg));
622 inarg.mode = mode;
623 inarg.rdev = new_encode_dev(rdev);
624 inarg.umask = current_umask();
625 args.in.h.opcode = FUSE_MKNOD;
626 args.in.numargs = 2;
627 args.in.args[0].size = sizeof(inarg);
628 args.in.args[0].value = &inarg;
629 args.in.args[1].size = entry->d_name.len + 1;
630 args.in.args[1].value = entry->d_name.name;
631 return create_new_entry(fc, &args, dir, entry, mode);
632 }
633
fuse_create(struct inode * dir,struct dentry * entry,umode_t mode,bool excl)634 static int fuse_create(struct inode *dir, struct dentry *entry, umode_t mode,
635 bool excl)
636 {
637 return fuse_mknod(dir, entry, mode, 0);
638 }
639
fuse_mkdir(struct inode * dir,struct dentry * entry,umode_t mode)640 static int fuse_mkdir(struct inode *dir, struct dentry *entry, umode_t mode)
641 {
642 struct fuse_mkdir_in inarg;
643 struct fuse_conn *fc = get_fuse_conn(dir);
644 FUSE_ARGS(args);
645
646 if (!fc->dont_mask)
647 mode &= ~current_umask();
648
649 memset(&inarg, 0, sizeof(inarg));
650 inarg.mode = mode;
651 inarg.umask = current_umask();
652 args.in.h.opcode = FUSE_MKDIR;
653 args.in.numargs = 2;
654 args.in.args[0].size = sizeof(inarg);
655 args.in.args[0].value = &inarg;
656 args.in.args[1].size = entry->d_name.len + 1;
657 args.in.args[1].value = entry->d_name.name;
658 return create_new_entry(fc, &args, dir, entry, S_IFDIR);
659 }
660
fuse_symlink(struct inode * dir,struct dentry * entry,const char * link)661 static int fuse_symlink(struct inode *dir, struct dentry *entry,
662 const char *link)
663 {
664 struct fuse_conn *fc = get_fuse_conn(dir);
665 unsigned len = strlen(link) + 1;
666 FUSE_ARGS(args);
667
668 args.in.h.opcode = FUSE_SYMLINK;
669 args.in.numargs = 2;
670 args.in.args[0].size = entry->d_name.len + 1;
671 args.in.args[0].value = entry->d_name.name;
672 args.in.args[1].size = len;
673 args.in.args[1].value = link;
674 return create_new_entry(fc, &args, dir, entry, S_IFLNK);
675 }
676
fuse_update_ctime(struct inode * inode)677 void fuse_update_ctime(struct inode *inode)
678 {
679 if (!IS_NOCMTIME(inode)) {
680 inode->i_ctime = current_time(inode);
681 mark_inode_dirty_sync(inode);
682 }
683 }
684
fuse_unlink(struct inode * dir,struct dentry * entry)685 static int fuse_unlink(struct inode *dir, struct dentry *entry)
686 {
687 int err;
688 struct fuse_conn *fc = get_fuse_conn(dir);
689 FUSE_ARGS(args);
690
691 if (fuse_is_bad(dir))
692 return -EIO;
693
694 args.in.h.opcode = FUSE_UNLINK;
695 args.in.h.nodeid = get_node_id(dir);
696 args.in.numargs = 1;
697 args.in.args[0].size = entry->d_name.len + 1;
698 args.in.args[0].value = entry->d_name.name;
699 err = fuse_simple_request(fc, &args);
700 if (!err) {
701 struct inode *inode = d_inode(entry);
702 struct fuse_inode *fi = get_fuse_inode(inode);
703
704 spin_lock(&fc->lock);
705 fi->attr_version = ++fc->attr_version;
706 /*
707 * If i_nlink == 0 then unlink doesn't make sense, yet this can
708 * happen if userspace filesystem is careless. It would be
709 * difficult to enforce correct nlink usage so just ignore this
710 * condition here
711 */
712 if (inode->i_nlink > 0)
713 drop_nlink(inode);
714 spin_unlock(&fc->lock);
715 fuse_invalidate_attr(inode);
716 fuse_invalidate_attr(dir);
717 fuse_invalidate_entry_cache(entry);
718 fuse_update_ctime(inode);
719 } else if (err == -EINTR)
720 fuse_invalidate_entry(entry);
721 return err;
722 }
723
fuse_rmdir(struct inode * dir,struct dentry * entry)724 static int fuse_rmdir(struct inode *dir, struct dentry *entry)
725 {
726 int err;
727 struct fuse_conn *fc = get_fuse_conn(dir);
728 FUSE_ARGS(args);
729
730 if (fuse_is_bad(dir))
731 return -EIO;
732
733 args.in.h.opcode = FUSE_RMDIR;
734 args.in.h.nodeid = get_node_id(dir);
735 args.in.numargs = 1;
736 args.in.args[0].size = entry->d_name.len + 1;
737 args.in.args[0].value = entry->d_name.name;
738 err = fuse_simple_request(fc, &args);
739 if (!err) {
740 clear_nlink(d_inode(entry));
741 fuse_invalidate_attr(dir);
742 fuse_invalidate_entry_cache(entry);
743 } else if (err == -EINTR)
744 fuse_invalidate_entry(entry);
745 return err;
746 }
747
fuse_rename_common(struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags,int opcode,size_t argsize)748 static int fuse_rename_common(struct inode *olddir, struct dentry *oldent,
749 struct inode *newdir, struct dentry *newent,
750 unsigned int flags, int opcode, size_t argsize)
751 {
752 int err;
753 struct fuse_rename2_in inarg;
754 struct fuse_conn *fc = get_fuse_conn(olddir);
755 FUSE_ARGS(args);
756
757 memset(&inarg, 0, argsize);
758 inarg.newdir = get_node_id(newdir);
759 inarg.flags = flags;
760 args.in.h.opcode = opcode;
761 args.in.h.nodeid = get_node_id(olddir);
762 args.in.numargs = 3;
763 args.in.args[0].size = argsize;
764 args.in.args[0].value = &inarg;
765 args.in.args[1].size = oldent->d_name.len + 1;
766 args.in.args[1].value = oldent->d_name.name;
767 args.in.args[2].size = newent->d_name.len + 1;
768 args.in.args[2].value = newent->d_name.name;
769 err = fuse_simple_request(fc, &args);
770 if (!err) {
771 /* ctime changes */
772 fuse_invalidate_attr(d_inode(oldent));
773 fuse_update_ctime(d_inode(oldent));
774
775 if (flags & RENAME_EXCHANGE) {
776 fuse_invalidate_attr(d_inode(newent));
777 fuse_update_ctime(d_inode(newent));
778 }
779
780 fuse_invalidate_attr(olddir);
781 if (olddir != newdir)
782 fuse_invalidate_attr(newdir);
783
784 /* newent will end up negative */
785 if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent)) {
786 fuse_invalidate_attr(d_inode(newent));
787 fuse_invalidate_entry_cache(newent);
788 fuse_update_ctime(d_inode(newent));
789 }
790 } else if (err == -EINTR) {
791 /* If request was interrupted, DEITY only knows if the
792 rename actually took place. If the invalidation
793 fails (e.g. some process has CWD under the renamed
794 directory), then there can be inconsistency between
795 the dcache and the real filesystem. Tough luck. */
796 fuse_invalidate_entry(oldent);
797 if (d_really_is_positive(newent))
798 fuse_invalidate_entry(newent);
799 }
800
801 return err;
802 }
803
fuse_rename2(struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags)804 static int fuse_rename2(struct inode *olddir, struct dentry *oldent,
805 struct inode *newdir, struct dentry *newent,
806 unsigned int flags)
807 {
808 struct fuse_conn *fc = get_fuse_conn(olddir);
809 int err;
810
811 if (fuse_is_bad(olddir))
812 return -EIO;
813
814 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE))
815 return -EINVAL;
816
817 if (flags) {
818 if (fc->no_rename2 || fc->minor < 23)
819 return -EINVAL;
820
821 err = fuse_rename_common(olddir, oldent, newdir, newent, flags,
822 FUSE_RENAME2,
823 sizeof(struct fuse_rename2_in));
824 if (err == -ENOSYS) {
825 fc->no_rename2 = 1;
826 err = -EINVAL;
827 }
828 } else {
829 err = fuse_rename_common(olddir, oldent, newdir, newent, 0,
830 FUSE_RENAME,
831 sizeof(struct fuse_rename_in));
832 }
833
834 return err;
835 }
836
fuse_link(struct dentry * entry,struct inode * newdir,struct dentry * newent)837 static int fuse_link(struct dentry *entry, struct inode *newdir,
838 struct dentry *newent)
839 {
840 int err;
841 struct fuse_link_in inarg;
842 struct inode *inode = d_inode(entry);
843 struct fuse_conn *fc = get_fuse_conn(inode);
844 FUSE_ARGS(args);
845
846 memset(&inarg, 0, sizeof(inarg));
847 inarg.oldnodeid = get_node_id(inode);
848 args.in.h.opcode = FUSE_LINK;
849 args.in.numargs = 2;
850 args.in.args[0].size = sizeof(inarg);
851 args.in.args[0].value = &inarg;
852 args.in.args[1].size = newent->d_name.len + 1;
853 args.in.args[1].value = newent->d_name.name;
854 err = create_new_entry(fc, &args, newdir, newent, inode->i_mode);
855 /* Contrary to "normal" filesystems it can happen that link
856 makes two "logical" inodes point to the same "physical"
857 inode. We invalidate the attributes of the old one, so it
858 will reflect changes in the backing inode (link count,
859 etc.)
860 */
861 if (!err) {
862 struct fuse_inode *fi = get_fuse_inode(inode);
863
864 spin_lock(&fc->lock);
865 fi->attr_version = ++fc->attr_version;
866 if (likely(inode->i_nlink < UINT_MAX))
867 inc_nlink(inode);
868 spin_unlock(&fc->lock);
869 fuse_invalidate_attr(inode);
870 fuse_update_ctime(inode);
871 } else if (err == -EINTR) {
872 fuse_invalidate_attr(inode);
873 }
874 return err;
875 }
876
fuse_fillattr(struct inode * inode,struct fuse_attr * attr,struct kstat * stat)877 static void fuse_fillattr(struct inode *inode, struct fuse_attr *attr,
878 struct kstat *stat)
879 {
880 unsigned int blkbits;
881 struct fuse_conn *fc = get_fuse_conn(inode);
882
883 /* see the comment in fuse_change_attributes() */
884 if (fc->writeback_cache && S_ISREG(inode->i_mode)) {
885 attr->size = i_size_read(inode);
886 attr->mtime = inode->i_mtime.tv_sec;
887 attr->mtimensec = inode->i_mtime.tv_nsec;
888 attr->ctime = inode->i_ctime.tv_sec;
889 attr->ctimensec = inode->i_ctime.tv_nsec;
890 }
891
892 stat->dev = inode->i_sb->s_dev;
893 stat->ino = attr->ino;
894 stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777);
895 stat->nlink = attr->nlink;
896 stat->uid = make_kuid(fc->user_ns, attr->uid);
897 stat->gid = make_kgid(fc->user_ns, attr->gid);
898 stat->rdev = inode->i_rdev;
899 stat->atime.tv_sec = attr->atime;
900 stat->atime.tv_nsec = attr->atimensec;
901 stat->mtime.tv_sec = attr->mtime;
902 stat->mtime.tv_nsec = attr->mtimensec;
903 stat->ctime.tv_sec = attr->ctime;
904 stat->ctime.tv_nsec = attr->ctimensec;
905 stat->size = attr->size;
906 stat->blocks = attr->blocks;
907
908 if (attr->blksize != 0)
909 blkbits = ilog2(attr->blksize);
910 else
911 blkbits = inode->i_sb->s_blocksize_bits;
912
913 stat->blksize = 1 << blkbits;
914 }
915
fuse_do_getattr(struct inode * inode,struct kstat * stat,struct file * file)916 static int fuse_do_getattr(struct inode *inode, struct kstat *stat,
917 struct file *file)
918 {
919 int err;
920 struct fuse_getattr_in inarg;
921 struct fuse_attr_out outarg;
922 struct fuse_conn *fc = get_fuse_conn(inode);
923 FUSE_ARGS(args);
924 u64 attr_version;
925
926 attr_version = fuse_get_attr_version(fc);
927
928 memset(&inarg, 0, sizeof(inarg));
929 memset(&outarg, 0, sizeof(outarg));
930 /* Directories have separate file-handle space */
931 if (file && S_ISREG(inode->i_mode)) {
932 struct fuse_file *ff = file->private_data;
933
934 inarg.getattr_flags |= FUSE_GETATTR_FH;
935 inarg.fh = ff->fh;
936 }
937 args.in.h.opcode = FUSE_GETATTR;
938 args.in.h.nodeid = get_node_id(inode);
939 args.in.numargs = 1;
940 args.in.args[0].size = sizeof(inarg);
941 args.in.args[0].value = &inarg;
942 args.out.numargs = 1;
943 args.out.args[0].size = sizeof(outarg);
944 args.out.args[0].value = &outarg;
945 err = fuse_simple_request(fc, &args);
946 if (!err) {
947 if (fuse_invalid_attr(&outarg.attr) ||
948 (inode->i_mode ^ outarg.attr.mode) & S_IFMT) {
949 fuse_make_bad(inode);
950 err = -EIO;
951 } else {
952 fuse_change_attributes(inode, &outarg.attr,
953 attr_timeout(&outarg),
954 attr_version);
955 if (stat)
956 fuse_fillattr(inode, &outarg.attr, stat);
957 }
958 }
959 return err;
960 }
961
fuse_update_get_attr(struct inode * inode,struct file * file,struct kstat * stat,unsigned int flags)962 static int fuse_update_get_attr(struct inode *inode, struct file *file,
963 struct kstat *stat, unsigned int flags)
964 {
965 struct fuse_inode *fi = get_fuse_inode(inode);
966 int err = 0;
967 bool sync;
968
969 if (flags & AT_STATX_FORCE_SYNC)
970 sync = true;
971 else if (flags & AT_STATX_DONT_SYNC)
972 sync = false;
973 else
974 sync = time_before64(fi->i_time, get_jiffies_64());
975
976 if (sync) {
977 forget_all_cached_acls(inode);
978 err = fuse_do_getattr(inode, stat, file);
979 } else if (stat) {
980 generic_fillattr(inode, stat);
981 stat->mode = fi->orig_i_mode;
982 stat->ino = fi->orig_ino;
983 }
984
985 return err;
986 }
987
fuse_update_attributes(struct inode * inode,struct file * file)988 int fuse_update_attributes(struct inode *inode, struct file *file)
989 {
990 return fuse_update_get_attr(inode, file, NULL, 0);
991 }
992
fuse_reverse_inval_entry(struct super_block * sb,u64 parent_nodeid,u64 child_nodeid,struct qstr * name)993 int fuse_reverse_inval_entry(struct super_block *sb, u64 parent_nodeid,
994 u64 child_nodeid, struct qstr *name)
995 {
996 int err = -ENOTDIR;
997 struct inode *parent;
998 struct dentry *dir;
999 struct dentry *entry;
1000
1001 parent = ilookup5(sb, parent_nodeid, fuse_inode_eq, &parent_nodeid);
1002 if (!parent)
1003 return -ENOENT;
1004
1005 inode_lock_nested(parent, I_MUTEX_PARENT);
1006 if (!S_ISDIR(parent->i_mode))
1007 goto unlock;
1008
1009 err = -ENOENT;
1010 dir = d_find_alias(parent);
1011 if (!dir)
1012 goto unlock;
1013
1014 name->hash = full_name_hash(dir, name->name, name->len);
1015 entry = d_lookup(dir, name);
1016 dput(dir);
1017 if (!entry)
1018 goto unlock;
1019
1020 fuse_invalidate_attr(parent);
1021 fuse_invalidate_entry(entry);
1022
1023 if (child_nodeid != 0 && d_really_is_positive(entry)) {
1024 inode_lock(d_inode(entry));
1025 if (get_node_id(d_inode(entry)) != child_nodeid) {
1026 err = -ENOENT;
1027 goto badentry;
1028 }
1029 if (d_mountpoint(entry)) {
1030 err = -EBUSY;
1031 goto badentry;
1032 }
1033 if (d_is_dir(entry)) {
1034 shrink_dcache_parent(entry);
1035 if (!simple_empty(entry)) {
1036 err = -ENOTEMPTY;
1037 goto badentry;
1038 }
1039 d_inode(entry)->i_flags |= S_DEAD;
1040 }
1041 dont_mount(entry);
1042 clear_nlink(d_inode(entry));
1043 err = 0;
1044 badentry:
1045 inode_unlock(d_inode(entry));
1046 if (!err)
1047 d_delete(entry);
1048 } else {
1049 err = 0;
1050 }
1051 dput(entry);
1052
1053 unlock:
1054 inode_unlock(parent);
1055 iput(parent);
1056 return err;
1057 }
1058
1059 /*
1060 * Calling into a user-controlled filesystem gives the filesystem
1061 * daemon ptrace-like capabilities over the current process. This
1062 * means, that the filesystem daemon is able to record the exact
1063 * filesystem operations performed, and can also control the behavior
1064 * of the requester process in otherwise impossible ways. For example
1065 * it can delay the operation for arbitrary length of time allowing
1066 * DoS against the requester.
1067 *
1068 * For this reason only those processes can call into the filesystem,
1069 * for which the owner of the mount has ptrace privilege. This
1070 * excludes processes started by other users, suid or sgid processes.
1071 */
fuse_allow_current_process(struct fuse_conn * fc)1072 int fuse_allow_current_process(struct fuse_conn *fc)
1073 {
1074 const struct cred *cred;
1075
1076 if (fc->allow_other)
1077 return current_in_userns(fc->user_ns);
1078
1079 cred = current_cred();
1080 if (uid_eq(cred->euid, fc->user_id) &&
1081 uid_eq(cred->suid, fc->user_id) &&
1082 uid_eq(cred->uid, fc->user_id) &&
1083 gid_eq(cred->egid, fc->group_id) &&
1084 gid_eq(cred->sgid, fc->group_id) &&
1085 gid_eq(cred->gid, fc->group_id))
1086 return 1;
1087
1088 return 0;
1089 }
1090
fuse_access(struct inode * inode,int mask)1091 static int fuse_access(struct inode *inode, int mask)
1092 {
1093 struct fuse_conn *fc = get_fuse_conn(inode);
1094 FUSE_ARGS(args);
1095 struct fuse_access_in inarg;
1096 int err;
1097
1098 BUG_ON(mask & MAY_NOT_BLOCK);
1099
1100 if (fc->no_access)
1101 return 0;
1102
1103 memset(&inarg, 0, sizeof(inarg));
1104 inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
1105 args.in.h.opcode = FUSE_ACCESS;
1106 args.in.h.nodeid = get_node_id(inode);
1107 args.in.numargs = 1;
1108 args.in.args[0].size = sizeof(inarg);
1109 args.in.args[0].value = &inarg;
1110 err = fuse_simple_request(fc, &args);
1111 if (err == -ENOSYS) {
1112 fc->no_access = 1;
1113 err = 0;
1114 }
1115 return err;
1116 }
1117
fuse_perm_getattr(struct inode * inode,int mask)1118 static int fuse_perm_getattr(struct inode *inode, int mask)
1119 {
1120 if (mask & MAY_NOT_BLOCK)
1121 return -ECHILD;
1122
1123 forget_all_cached_acls(inode);
1124 return fuse_do_getattr(inode, NULL, NULL);
1125 }
1126
1127 /*
1128 * Check permission. The two basic access models of FUSE are:
1129 *
1130 * 1) Local access checking ('default_permissions' mount option) based
1131 * on file mode. This is the plain old disk filesystem permission
1132 * modell.
1133 *
1134 * 2) "Remote" access checking, where server is responsible for
1135 * checking permission in each inode operation. An exception to this
1136 * is if ->permission() was invoked from sys_access() in which case an
1137 * access request is sent. Execute permission is still checked
1138 * locally based on file mode.
1139 */
fuse_permission(struct inode * inode,int mask)1140 static int fuse_permission(struct inode *inode, int mask)
1141 {
1142 struct fuse_conn *fc = get_fuse_conn(inode);
1143 bool refreshed = false;
1144 int err = 0;
1145
1146 if (fuse_is_bad(inode))
1147 return -EIO;
1148
1149 if (!fuse_allow_current_process(fc))
1150 return -EACCES;
1151
1152 /*
1153 * If attributes are needed, refresh them before proceeding
1154 */
1155 if (fc->default_permissions ||
1156 ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
1157 struct fuse_inode *fi = get_fuse_inode(inode);
1158
1159 if (time_before64(fi->i_time, get_jiffies_64())) {
1160 refreshed = true;
1161
1162 err = fuse_perm_getattr(inode, mask);
1163 if (err)
1164 return err;
1165 }
1166 }
1167
1168 if (fc->default_permissions) {
1169 err = generic_permission(inode, mask);
1170
1171 /* If permission is denied, try to refresh file
1172 attributes. This is also needed, because the root
1173 node will at first have no permissions */
1174 if (err == -EACCES && !refreshed) {
1175 err = fuse_perm_getattr(inode, mask);
1176 if (!err)
1177 err = generic_permission(inode, mask);
1178 }
1179
1180 /* Note: the opposite of the above test does not
1181 exist. So if permissions are revoked this won't be
1182 noticed immediately, only after the attribute
1183 timeout has expired */
1184 } else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
1185 err = fuse_access(inode, mask);
1186 } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
1187 if (!(inode->i_mode & S_IXUGO)) {
1188 if (refreshed)
1189 return -EACCES;
1190
1191 err = fuse_perm_getattr(inode, mask);
1192 if (!err && !(inode->i_mode & S_IXUGO))
1193 return -EACCES;
1194 }
1195 }
1196 return err;
1197 }
1198
parse_dirfile(char * buf,size_t nbytes,struct file * file,struct dir_context * ctx)1199 static int parse_dirfile(char *buf, size_t nbytes, struct file *file,
1200 struct dir_context *ctx)
1201 {
1202 while (nbytes >= FUSE_NAME_OFFSET) {
1203 struct fuse_dirent *dirent = (struct fuse_dirent *) buf;
1204 size_t reclen = FUSE_DIRENT_SIZE(dirent);
1205 if (!dirent->namelen || dirent->namelen > FUSE_NAME_MAX)
1206 return -EIO;
1207 if (reclen > nbytes)
1208 break;
1209 if (memchr(dirent->name, '/', dirent->namelen) != NULL)
1210 return -EIO;
1211
1212 if (!dir_emit(ctx, dirent->name, dirent->namelen,
1213 dirent->ino, dirent->type))
1214 break;
1215
1216 buf += reclen;
1217 nbytes -= reclen;
1218 ctx->pos = dirent->off;
1219 }
1220
1221 return 0;
1222 }
1223
fuse_direntplus_link(struct file * file,struct fuse_direntplus * direntplus,u64 attr_version)1224 static int fuse_direntplus_link(struct file *file,
1225 struct fuse_direntplus *direntplus,
1226 u64 attr_version)
1227 {
1228 struct fuse_entry_out *o = &direntplus->entry_out;
1229 struct fuse_dirent *dirent = &direntplus->dirent;
1230 struct dentry *parent = file->f_path.dentry;
1231 struct qstr name = QSTR_INIT(dirent->name, dirent->namelen);
1232 struct dentry *dentry;
1233 struct dentry *alias;
1234 struct inode *dir = d_inode(parent);
1235 struct fuse_conn *fc;
1236 struct inode *inode;
1237 DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq);
1238
1239 if (!o->nodeid) {
1240 /*
1241 * Unlike in the case of fuse_lookup, zero nodeid does not mean
1242 * ENOENT. Instead, it only means the userspace filesystem did
1243 * not want to return attributes/handle for this entry.
1244 *
1245 * So do nothing.
1246 */
1247 return 0;
1248 }
1249
1250 if (name.name[0] == '.') {
1251 /*
1252 * We could potentially refresh the attributes of the directory
1253 * and its parent?
1254 */
1255 if (name.len == 1)
1256 return 0;
1257 if (name.name[1] == '.' && name.len == 2)
1258 return 0;
1259 }
1260
1261 if (invalid_nodeid(o->nodeid))
1262 return -EIO;
1263 if (fuse_invalid_attr(&o->attr))
1264 return -EIO;
1265
1266 fc = get_fuse_conn(dir);
1267
1268 name.hash = full_name_hash(parent, name.name, name.len);
1269 dentry = d_lookup(parent, &name);
1270 if (!dentry) {
1271 retry:
1272 dentry = d_alloc_parallel(parent, &name, &wq);
1273 if (IS_ERR(dentry))
1274 return PTR_ERR(dentry);
1275 }
1276 if (!d_in_lookup(dentry)) {
1277 struct fuse_inode *fi;
1278 inode = d_inode(dentry);
1279 if (!inode ||
1280 get_node_id(inode) != o->nodeid ||
1281 ((o->attr.mode ^ inode->i_mode) & S_IFMT)) {
1282 d_invalidate(dentry);
1283 dput(dentry);
1284 goto retry;
1285 }
1286 if (fuse_is_bad(inode)) {
1287 dput(dentry);
1288 return -EIO;
1289 }
1290
1291 fi = get_fuse_inode(inode);
1292 spin_lock(&fc->lock);
1293 fi->nlookup++;
1294 spin_unlock(&fc->lock);
1295
1296 forget_all_cached_acls(inode);
1297 fuse_change_attributes(inode, &o->attr,
1298 entry_attr_timeout(o),
1299 attr_version);
1300 /*
1301 * The other branch comes via fuse_iget()
1302 * which bumps nlookup inside
1303 */
1304 } else {
1305 inode = fuse_iget(dir->i_sb, o->nodeid, o->generation,
1306 &o->attr, entry_attr_timeout(o),
1307 attr_version);
1308 if (!inode)
1309 inode = ERR_PTR(-ENOMEM);
1310
1311 alias = d_splice_alias(inode, dentry);
1312 d_lookup_done(dentry);
1313 if (alias) {
1314 dput(dentry);
1315 dentry = alias;
1316 }
1317 if (IS_ERR(dentry))
1318 return PTR_ERR(dentry);
1319 }
1320 if (fc->readdirplus_auto)
1321 set_bit(FUSE_I_INIT_RDPLUS, &get_fuse_inode(inode)->state);
1322 fuse_change_entry_timeout(dentry, o);
1323
1324 dput(dentry);
1325 return 0;
1326 }
1327
parse_dirplusfile(char * buf,size_t nbytes,struct file * file,struct dir_context * ctx,u64 attr_version)1328 static int parse_dirplusfile(char *buf, size_t nbytes, struct file *file,
1329 struct dir_context *ctx, u64 attr_version)
1330 {
1331 struct fuse_direntplus *direntplus;
1332 struct fuse_dirent *dirent;
1333 size_t reclen;
1334 int over = 0;
1335 int ret;
1336
1337 while (nbytes >= FUSE_NAME_OFFSET_DIRENTPLUS) {
1338 direntplus = (struct fuse_direntplus *) buf;
1339 dirent = &direntplus->dirent;
1340 reclen = FUSE_DIRENTPLUS_SIZE(direntplus);
1341
1342 if (!dirent->namelen || dirent->namelen > FUSE_NAME_MAX)
1343 return -EIO;
1344 if (reclen > nbytes)
1345 break;
1346 if (memchr(dirent->name, '/', dirent->namelen) != NULL)
1347 return -EIO;
1348
1349 if (!over) {
1350 /* We fill entries into dstbuf only as much as
1351 it can hold. But we still continue iterating
1352 over remaining entries to link them. If not,
1353 we need to send a FORGET for each of those
1354 which we did not link.
1355 */
1356 over = !dir_emit(ctx, dirent->name, dirent->namelen,
1357 dirent->ino, dirent->type);
1358 if (!over)
1359 ctx->pos = dirent->off;
1360 }
1361
1362 buf += reclen;
1363 nbytes -= reclen;
1364
1365 ret = fuse_direntplus_link(file, direntplus, attr_version);
1366 if (ret)
1367 fuse_force_forget(file, direntplus->entry_out.nodeid);
1368 }
1369
1370 return 0;
1371 }
1372
fuse_readdir(struct file * file,struct dir_context * ctx)1373 static int fuse_readdir(struct file *file, struct dir_context *ctx)
1374 {
1375 int plus, err;
1376 size_t nbytes;
1377 struct page *page;
1378 struct inode *inode = file_inode(file);
1379 struct fuse_conn *fc = get_fuse_conn(inode);
1380 struct fuse_req *req;
1381 u64 attr_version = 0;
1382 bool locked;
1383
1384 if (fuse_is_bad(inode))
1385 return -EIO;
1386
1387 req = fuse_get_req(fc, 1);
1388 if (IS_ERR(req))
1389 return PTR_ERR(req);
1390
1391 page = alloc_page(GFP_KERNEL);
1392 if (!page) {
1393 fuse_put_request(fc, req);
1394 return -ENOMEM;
1395 }
1396
1397 plus = fuse_use_readdirplus(inode, ctx);
1398 req->out.argpages = 1;
1399 req->num_pages = 1;
1400 req->pages[0] = page;
1401 req->page_descs[0].length = PAGE_SIZE;
1402 if (plus) {
1403 attr_version = fuse_get_attr_version(fc);
1404 fuse_read_fill(req, file, ctx->pos, PAGE_SIZE,
1405 FUSE_READDIRPLUS);
1406 } else {
1407 fuse_read_fill(req, file, ctx->pos, PAGE_SIZE,
1408 FUSE_READDIR);
1409 }
1410 locked = fuse_lock_inode(inode);
1411 fuse_request_send(fc, req);
1412 fuse_unlock_inode(inode, locked);
1413 nbytes = req->out.args[0].size;
1414 err = req->out.h.error;
1415 fuse_put_request(fc, req);
1416 if (!err) {
1417 if (plus) {
1418 err = parse_dirplusfile(page_address(page), nbytes,
1419 file, ctx,
1420 attr_version);
1421 } else {
1422 err = parse_dirfile(page_address(page), nbytes, file,
1423 ctx);
1424 }
1425 }
1426
1427 __free_page(page);
1428 fuse_invalidate_atime(inode);
1429 return err;
1430 }
1431
fuse_get_link(struct dentry * dentry,struct inode * inode,struct delayed_call * done)1432 static const char *fuse_get_link(struct dentry *dentry,
1433 struct inode *inode,
1434 struct delayed_call *done)
1435 {
1436 struct fuse_conn *fc = get_fuse_conn(inode);
1437 FUSE_ARGS(args);
1438 char *link;
1439 ssize_t ret;
1440
1441 if (!dentry)
1442 return ERR_PTR(-ECHILD);
1443
1444 if (fuse_is_bad(inode))
1445 return ERR_PTR(-EIO);
1446
1447 link = kmalloc(PAGE_SIZE, GFP_KERNEL);
1448 if (!link)
1449 return ERR_PTR(-ENOMEM);
1450
1451 args.in.h.opcode = FUSE_READLINK;
1452 args.in.h.nodeid = get_node_id(inode);
1453 args.out.argvar = 1;
1454 args.out.numargs = 1;
1455 args.out.args[0].size = PAGE_SIZE - 1;
1456 args.out.args[0].value = link;
1457 ret = fuse_simple_request(fc, &args);
1458 if (ret < 0) {
1459 kfree(link);
1460 link = ERR_PTR(ret);
1461 } else {
1462 link[ret] = '\0';
1463 set_delayed_call(done, kfree_link, link);
1464 }
1465 fuse_invalidate_atime(inode);
1466 return link;
1467 }
1468
fuse_dir_open(struct inode * inode,struct file * file)1469 static int fuse_dir_open(struct inode *inode, struct file *file)
1470 {
1471 return fuse_open_common(inode, file, true);
1472 }
1473
fuse_dir_release(struct inode * inode,struct file * file)1474 static int fuse_dir_release(struct inode *inode, struct file *file)
1475 {
1476 fuse_release_common(file, true);
1477
1478 return 0;
1479 }
1480
fuse_dir_fsync(struct file * file,loff_t start,loff_t end,int datasync)1481 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end,
1482 int datasync)
1483 {
1484 return fuse_fsync_common(file, start, end, datasync, 1);
1485 }
1486
fuse_dir_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1487 static long fuse_dir_ioctl(struct file *file, unsigned int cmd,
1488 unsigned long arg)
1489 {
1490 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1491
1492 /* FUSE_IOCTL_DIR only supported for API version >= 7.18 */
1493 if (fc->minor < 18)
1494 return -ENOTTY;
1495
1496 return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR);
1497 }
1498
fuse_dir_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1499 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd,
1500 unsigned long arg)
1501 {
1502 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1503
1504 if (fc->minor < 18)
1505 return -ENOTTY;
1506
1507 return fuse_ioctl_common(file, cmd, arg,
1508 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR);
1509 }
1510
update_mtime(unsigned ivalid,bool trust_local_mtime)1511 static bool update_mtime(unsigned ivalid, bool trust_local_mtime)
1512 {
1513 /* Always update if mtime is explicitly set */
1514 if (ivalid & ATTR_MTIME_SET)
1515 return true;
1516
1517 /* Or if kernel i_mtime is the official one */
1518 if (trust_local_mtime)
1519 return true;
1520
1521 /* If it's an open(O_TRUNC) or an ftruncate(), don't update */
1522 if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE)))
1523 return false;
1524
1525 /* In all other cases update */
1526 return true;
1527 }
1528
iattr_to_fattr(struct fuse_conn * fc,struct iattr * iattr,struct fuse_setattr_in * arg,bool trust_local_cmtime)1529 static void iattr_to_fattr(struct fuse_conn *fc, struct iattr *iattr,
1530 struct fuse_setattr_in *arg, bool trust_local_cmtime)
1531 {
1532 unsigned ivalid = iattr->ia_valid;
1533
1534 if (ivalid & ATTR_MODE)
1535 arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode;
1536 if (ivalid & ATTR_UID)
1537 arg->valid |= FATTR_UID, arg->uid = from_kuid(fc->user_ns, iattr->ia_uid);
1538 if (ivalid & ATTR_GID)
1539 arg->valid |= FATTR_GID, arg->gid = from_kgid(fc->user_ns, iattr->ia_gid);
1540 if (ivalid & ATTR_SIZE)
1541 arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size;
1542 if (ivalid & ATTR_ATIME) {
1543 arg->valid |= FATTR_ATIME;
1544 arg->atime = iattr->ia_atime.tv_sec;
1545 arg->atimensec = iattr->ia_atime.tv_nsec;
1546 if (!(ivalid & ATTR_ATIME_SET))
1547 arg->valid |= FATTR_ATIME_NOW;
1548 }
1549 if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) {
1550 arg->valid |= FATTR_MTIME;
1551 arg->mtime = iattr->ia_mtime.tv_sec;
1552 arg->mtimensec = iattr->ia_mtime.tv_nsec;
1553 if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime)
1554 arg->valid |= FATTR_MTIME_NOW;
1555 }
1556 if ((ivalid & ATTR_CTIME) && trust_local_cmtime) {
1557 arg->valid |= FATTR_CTIME;
1558 arg->ctime = iattr->ia_ctime.tv_sec;
1559 arg->ctimensec = iattr->ia_ctime.tv_nsec;
1560 }
1561 }
1562
1563 /*
1564 * Prevent concurrent writepages on inode
1565 *
1566 * This is done by adding a negative bias to the inode write counter
1567 * and waiting for all pending writes to finish.
1568 */
fuse_set_nowrite(struct inode * inode)1569 void fuse_set_nowrite(struct inode *inode)
1570 {
1571 struct fuse_conn *fc = get_fuse_conn(inode);
1572 struct fuse_inode *fi = get_fuse_inode(inode);
1573
1574 BUG_ON(!inode_is_locked(inode));
1575
1576 spin_lock(&fc->lock);
1577 BUG_ON(fi->writectr < 0);
1578 fi->writectr += FUSE_NOWRITE;
1579 spin_unlock(&fc->lock);
1580 wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE);
1581 }
1582
1583 /*
1584 * Allow writepages on inode
1585 *
1586 * Remove the bias from the writecounter and send any queued
1587 * writepages.
1588 */
__fuse_release_nowrite(struct inode * inode)1589 static void __fuse_release_nowrite(struct inode *inode)
1590 {
1591 struct fuse_inode *fi = get_fuse_inode(inode);
1592
1593 BUG_ON(fi->writectr != FUSE_NOWRITE);
1594 fi->writectr = 0;
1595 fuse_flush_writepages(inode);
1596 }
1597
fuse_release_nowrite(struct inode * inode)1598 void fuse_release_nowrite(struct inode *inode)
1599 {
1600 struct fuse_conn *fc = get_fuse_conn(inode);
1601
1602 spin_lock(&fc->lock);
1603 __fuse_release_nowrite(inode);
1604 spin_unlock(&fc->lock);
1605 }
1606
fuse_setattr_fill(struct fuse_conn * fc,struct fuse_args * args,struct inode * inode,struct fuse_setattr_in * inarg_p,struct fuse_attr_out * outarg_p)1607 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args,
1608 struct inode *inode,
1609 struct fuse_setattr_in *inarg_p,
1610 struct fuse_attr_out *outarg_p)
1611 {
1612 args->in.h.opcode = FUSE_SETATTR;
1613 args->in.h.nodeid = get_node_id(inode);
1614 args->in.numargs = 1;
1615 args->in.args[0].size = sizeof(*inarg_p);
1616 args->in.args[0].value = inarg_p;
1617 args->out.numargs = 1;
1618 args->out.args[0].size = sizeof(*outarg_p);
1619 args->out.args[0].value = outarg_p;
1620 }
1621
1622 /*
1623 * Flush inode->i_mtime to the server
1624 */
fuse_flush_times(struct inode * inode,struct fuse_file * ff)1625 int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
1626 {
1627 struct fuse_conn *fc = get_fuse_conn(inode);
1628 FUSE_ARGS(args);
1629 struct fuse_setattr_in inarg;
1630 struct fuse_attr_out outarg;
1631
1632 memset(&inarg, 0, sizeof(inarg));
1633 memset(&outarg, 0, sizeof(outarg));
1634
1635 inarg.valid = FATTR_MTIME;
1636 inarg.mtime = inode->i_mtime.tv_sec;
1637 inarg.mtimensec = inode->i_mtime.tv_nsec;
1638 if (fc->minor >= 23) {
1639 inarg.valid |= FATTR_CTIME;
1640 inarg.ctime = inode->i_ctime.tv_sec;
1641 inarg.ctimensec = inode->i_ctime.tv_nsec;
1642 }
1643 if (ff) {
1644 inarg.valid |= FATTR_FH;
1645 inarg.fh = ff->fh;
1646 }
1647 fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
1648
1649 return fuse_simple_request(fc, &args);
1650 }
1651
1652 /*
1653 * Set attributes, and at the same time refresh them.
1654 *
1655 * Truncation is slightly complicated, because the 'truncate' request
1656 * may fail, in which case we don't want to touch the mapping.
1657 * vmtruncate() doesn't allow for this case, so do the rlimit checking
1658 * and the actual truncation by hand.
1659 */
fuse_do_setattr(struct dentry * dentry,struct iattr * attr,struct file * file)1660 int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
1661 struct file *file)
1662 {
1663 struct inode *inode = d_inode(dentry);
1664 struct fuse_conn *fc = get_fuse_conn(inode);
1665 struct fuse_inode *fi = get_fuse_inode(inode);
1666 FUSE_ARGS(args);
1667 struct fuse_setattr_in inarg;
1668 struct fuse_attr_out outarg;
1669 bool is_truncate = false;
1670 bool is_wb = fc->writeback_cache;
1671 loff_t oldsize;
1672 int err;
1673 bool trust_local_cmtime = is_wb && S_ISREG(inode->i_mode);
1674
1675 if (!fc->default_permissions)
1676 attr->ia_valid |= ATTR_FORCE;
1677
1678 err = setattr_prepare(dentry, attr);
1679 if (err)
1680 return err;
1681
1682 if (attr->ia_valid & ATTR_OPEN) {
1683 /* This is coming from open(..., ... | O_TRUNC); */
1684 WARN_ON(!(attr->ia_valid & ATTR_SIZE));
1685 WARN_ON(attr->ia_size != 0);
1686 if (fc->atomic_o_trunc) {
1687 /*
1688 * No need to send request to userspace, since actual
1689 * truncation has already been done by OPEN. But still
1690 * need to truncate page cache.
1691 */
1692 i_size_write(inode, 0);
1693 truncate_pagecache(inode, 0);
1694 return 0;
1695 }
1696 file = NULL;
1697 }
1698
1699 if (attr->ia_valid & ATTR_SIZE)
1700 is_truncate = true;
1701
1702 /* Flush dirty data/metadata before non-truncate SETATTR */
1703 if (is_wb && S_ISREG(inode->i_mode) &&
1704 attr->ia_valid &
1705 (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET |
1706 ATTR_TIMES_SET)) {
1707 err = write_inode_now(inode, true);
1708 if (err)
1709 return err;
1710
1711 fuse_set_nowrite(inode);
1712 fuse_release_nowrite(inode);
1713 }
1714
1715 if (is_truncate) {
1716 fuse_set_nowrite(inode);
1717 set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1718 if (trust_local_cmtime && attr->ia_size != inode->i_size)
1719 attr->ia_valid |= ATTR_MTIME | ATTR_CTIME;
1720 }
1721
1722 memset(&inarg, 0, sizeof(inarg));
1723 memset(&outarg, 0, sizeof(outarg));
1724 iattr_to_fattr(fc, attr, &inarg, trust_local_cmtime);
1725 if (file) {
1726 struct fuse_file *ff = file->private_data;
1727 inarg.valid |= FATTR_FH;
1728 inarg.fh = ff->fh;
1729 }
1730 if (attr->ia_valid & ATTR_SIZE) {
1731 /* For mandatory locking in truncate */
1732 inarg.valid |= FATTR_LOCKOWNER;
1733 inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
1734 }
1735 fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
1736 err = fuse_simple_request(fc, &args);
1737 if (err) {
1738 if (err == -EINTR)
1739 fuse_invalidate_attr(inode);
1740 goto error;
1741 }
1742
1743 if (fuse_invalid_attr(&outarg.attr) ||
1744 (inode->i_mode ^ outarg.attr.mode) & S_IFMT) {
1745 fuse_make_bad(inode);
1746 err = -EIO;
1747 goto error;
1748 }
1749
1750 spin_lock(&fc->lock);
1751 /* the kernel maintains i_mtime locally */
1752 if (trust_local_cmtime) {
1753 if (attr->ia_valid & ATTR_MTIME)
1754 inode->i_mtime = attr->ia_mtime;
1755 if (attr->ia_valid & ATTR_CTIME)
1756 inode->i_ctime = attr->ia_ctime;
1757 /* FIXME: clear I_DIRTY_SYNC? */
1758 }
1759
1760 fuse_change_attributes_common(inode, &outarg.attr,
1761 attr_timeout(&outarg));
1762 oldsize = inode->i_size;
1763 /* see the comment in fuse_change_attributes() */
1764 if (!is_wb || is_truncate || !S_ISREG(inode->i_mode))
1765 i_size_write(inode, outarg.attr.size);
1766
1767 if (is_truncate) {
1768 /* NOTE: this may release/reacquire fc->lock */
1769 __fuse_release_nowrite(inode);
1770 }
1771 spin_unlock(&fc->lock);
1772
1773 /*
1774 * Only call invalidate_inode_pages2() after removing
1775 * FUSE_NOWRITE, otherwise fuse_launder_page() would deadlock.
1776 */
1777 if ((is_truncate || !is_wb) &&
1778 S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) {
1779 truncate_pagecache(inode, outarg.attr.size);
1780 invalidate_inode_pages2(inode->i_mapping);
1781 }
1782
1783 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1784 return 0;
1785
1786 error:
1787 if (is_truncate)
1788 fuse_release_nowrite(inode);
1789
1790 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1791 return err;
1792 }
1793
fuse_setattr(struct dentry * entry,struct iattr * attr)1794 static int fuse_setattr(struct dentry *entry, struct iattr *attr)
1795 {
1796 struct inode *inode = d_inode(entry);
1797 struct fuse_conn *fc = get_fuse_conn(inode);
1798 struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
1799 int ret;
1800
1801 if (fuse_is_bad(inode))
1802 return -EIO;
1803
1804 if (!fuse_allow_current_process(get_fuse_conn(inode)))
1805 return -EACCES;
1806
1807 if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
1808 attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
1809 ATTR_MODE);
1810
1811 /*
1812 * The only sane way to reliably kill suid/sgid is to do it in
1813 * the userspace filesystem
1814 *
1815 * This should be done on write(), truncate() and chown().
1816 */
1817 if (!fc->handle_killpriv) {
1818 /*
1819 * ia_mode calculation may have used stale i_mode.
1820 * Refresh and recalculate.
1821 */
1822 ret = fuse_do_getattr(inode, NULL, file);
1823 if (ret)
1824 return ret;
1825
1826 attr->ia_mode = inode->i_mode;
1827 if (inode->i_mode & S_ISUID) {
1828 attr->ia_valid |= ATTR_MODE;
1829 attr->ia_mode &= ~S_ISUID;
1830 }
1831 if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
1832 attr->ia_valid |= ATTR_MODE;
1833 attr->ia_mode &= ~S_ISGID;
1834 }
1835 }
1836 }
1837 if (!attr->ia_valid)
1838 return 0;
1839
1840 ret = fuse_do_setattr(entry, attr, file);
1841 if (!ret) {
1842 /*
1843 * If filesystem supports acls it may have updated acl xattrs in
1844 * the filesystem, so forget cached acls for the inode.
1845 */
1846 if (fc->posix_acl)
1847 forget_all_cached_acls(inode);
1848
1849 /* Directory mode changed, may need to revalidate access */
1850 if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
1851 fuse_invalidate_entry_cache(entry);
1852 }
1853 return ret;
1854 }
1855
fuse_getattr(const struct path * path,struct kstat * stat,u32 request_mask,unsigned int flags)1856 static int fuse_getattr(const struct path *path, struct kstat *stat,
1857 u32 request_mask, unsigned int flags)
1858 {
1859 struct inode *inode = d_inode(path->dentry);
1860 struct fuse_conn *fc = get_fuse_conn(inode);
1861
1862 if (fuse_is_bad(inode))
1863 return -EIO;
1864
1865 if (!fuse_allow_current_process(fc))
1866 return -EACCES;
1867
1868 return fuse_update_get_attr(inode, NULL, stat, flags);
1869 }
1870
1871 static const struct inode_operations fuse_dir_inode_operations = {
1872 .lookup = fuse_lookup,
1873 .mkdir = fuse_mkdir,
1874 .symlink = fuse_symlink,
1875 .unlink = fuse_unlink,
1876 .rmdir = fuse_rmdir,
1877 .rename = fuse_rename2,
1878 .link = fuse_link,
1879 .setattr = fuse_setattr,
1880 .create = fuse_create,
1881 .atomic_open = fuse_atomic_open,
1882 .mknod = fuse_mknod,
1883 .permission = fuse_permission,
1884 .getattr = fuse_getattr,
1885 .listxattr = fuse_listxattr,
1886 .get_acl = fuse_get_acl,
1887 .set_acl = fuse_set_acl,
1888 };
1889
1890 static const struct file_operations fuse_dir_operations = {
1891 .llseek = generic_file_llseek,
1892 .read = generic_read_dir,
1893 .iterate_shared = fuse_readdir,
1894 .open = fuse_dir_open,
1895 .release = fuse_dir_release,
1896 .fsync = fuse_dir_fsync,
1897 .unlocked_ioctl = fuse_dir_ioctl,
1898 .compat_ioctl = fuse_dir_compat_ioctl,
1899 };
1900
1901 static const struct inode_operations fuse_common_inode_operations = {
1902 .setattr = fuse_setattr,
1903 .permission = fuse_permission,
1904 .getattr = fuse_getattr,
1905 .listxattr = fuse_listxattr,
1906 .get_acl = fuse_get_acl,
1907 .set_acl = fuse_set_acl,
1908 };
1909
1910 static const struct inode_operations fuse_symlink_inode_operations = {
1911 .setattr = fuse_setattr,
1912 .get_link = fuse_get_link,
1913 .getattr = fuse_getattr,
1914 .listxattr = fuse_listxattr,
1915 };
1916
fuse_init_common(struct inode * inode)1917 void fuse_init_common(struct inode *inode)
1918 {
1919 inode->i_op = &fuse_common_inode_operations;
1920 }
1921
fuse_init_dir(struct inode * inode)1922 void fuse_init_dir(struct inode *inode)
1923 {
1924 inode->i_op = &fuse_dir_inode_operations;
1925 inode->i_fop = &fuse_dir_operations;
1926 }
1927
fuse_init_symlink(struct inode * inode)1928 void fuse_init_symlink(struct inode *inode)
1929 {
1930 inode->i_op = &fuse_symlink_inode_operations;
1931 }
1932