1 /* 2 FUSE: Filesystem in Userspace 3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu> 4 5 This program can be distributed under the terms of the GNU GPL. 6 See the file COPYING. 7 */ 8 9 #include "fuse_i.h" 10 11 #include <linux/pagemap.h> 12 #include <linux/file.h> 13 #include <linux/fs_context.h> 14 #include <linux/moduleparam.h> 15 #include <linux/sched.h> 16 #include <linux/namei.h> 17 #include <linux/slab.h> 18 #include <linux/xattr.h> 19 #include <linux/iversion.h> 20 #include <linux/posix_acl.h> 21 #include <linux/security.h> 22 #include <linux/types.h> 23 #include <linux/kernel.h> 24 25 static bool __read_mostly allow_sys_admin_access; 26 module_param(allow_sys_admin_access, bool, 0644); 27 MODULE_PARM_DESC(allow_sys_admin_access, 28 "Allow users with CAP_SYS_ADMIN in initial userns to bypass allow_other access check"); 29 fuse_advise_use_readdirplus(struct inode * dir)30 static void fuse_advise_use_readdirplus(struct inode *dir) 31 { 32 struct fuse_inode *fi = get_fuse_inode(dir); 33 34 set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state); 35 } 36 37 #if BITS_PER_LONG >= 64 __fuse_dentry_settime(struct dentry * entry,u64 time)38 static inline void __fuse_dentry_settime(struct dentry *entry, u64 time) 39 { 40 entry->d_fsdata = (void *) time; 41 } 42 fuse_dentry_time(const struct dentry * entry)43 static inline u64 fuse_dentry_time(const struct dentry *entry) 44 { 45 return (u64)entry->d_fsdata; 46 } 47 48 #else 49 union fuse_dentry { 50 u64 time; 51 struct rcu_head rcu; 52 }; 53 __fuse_dentry_settime(struct dentry * dentry,u64 time)54 static inline void __fuse_dentry_settime(struct dentry *dentry, u64 time) 55 { 56 ((union fuse_dentry *) dentry->d_fsdata)->time = time; 57 } 58 fuse_dentry_time(const struct dentry * entry)59 static inline u64 fuse_dentry_time(const struct dentry *entry) 60 { 61 return ((union fuse_dentry *) entry->d_fsdata)->time; 62 } 63 #endif 64 fuse_dentry_settime(struct dentry * dentry,u64 time)65 static void fuse_dentry_settime(struct dentry *dentry, u64 time) 66 { 67 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb); 68 bool delete = !time && fc->delete_stale; 69 /* 70 * Mess with DCACHE_OP_DELETE because dput() will be faster without it. 71 * Don't care about races, either way it's just an optimization 72 */ 73 if ((!delete && (dentry->d_flags & DCACHE_OP_DELETE)) || 74 (delete && !(dentry->d_flags & DCACHE_OP_DELETE))) { 75 spin_lock(&dentry->d_lock); 76 if (!delete) 77 dentry->d_flags &= ~DCACHE_OP_DELETE; 78 else 79 dentry->d_flags |= DCACHE_OP_DELETE; 80 spin_unlock(&dentry->d_lock); 81 } 82 83 __fuse_dentry_settime(dentry, time); 84 } 85 86 /* 87 * FUSE caches dentries and attributes with separate timeout. The 88 * time in jiffies until the dentry/attributes are valid is stored in 89 * dentry->d_fsdata and fuse_inode->i_time respectively. 90 */ 91 92 /* 93 * Calculate the time in jiffies until a dentry/attributes are valid 94 */ fuse_time_to_jiffies(u64 sec,u32 nsec)95 u64 fuse_time_to_jiffies(u64 sec, u32 nsec) 96 { 97 if (sec || nsec) { 98 struct timespec64 ts = { 99 sec, 100 min_t(u32, nsec, NSEC_PER_SEC - 1) 101 }; 102 103 return get_jiffies_64() + timespec64_to_jiffies(&ts); 104 } else 105 return 0; 106 } 107 108 /* 109 * Set dentry and possibly attribute timeouts from the lookup/mk* 110 * replies 111 */ fuse_change_entry_timeout(struct dentry * entry,struct fuse_entry_out * o)112 void fuse_change_entry_timeout(struct dentry *entry, struct fuse_entry_out *o) 113 { 114 fuse_dentry_settime(entry, 115 fuse_time_to_jiffies(o->entry_valid, o->entry_valid_nsec)); 116 } 117 fuse_invalidate_attr_mask(struct inode * inode,u32 mask)118 void fuse_invalidate_attr_mask(struct inode *inode, u32 mask) 119 { 120 set_mask_bits(&get_fuse_inode(inode)->inval_mask, 0, mask); 121 } 122 123 /* 124 * Mark the attributes as stale, so that at the next call to 125 * ->getattr() they will be fetched from userspace 126 */ fuse_invalidate_attr(struct inode * inode)127 void fuse_invalidate_attr(struct inode *inode) 128 { 129 fuse_invalidate_attr_mask(inode, STATX_BASIC_STATS); 130 } 131 fuse_dir_changed(struct inode * dir)132 static void fuse_dir_changed(struct inode *dir) 133 { 134 fuse_invalidate_attr(dir); 135 inode_maybe_inc_iversion(dir, false); 136 } 137 138 /* 139 * Mark the attributes as stale due to an atime change. Avoid the invalidate if 140 * atime is not used. 141 */ fuse_invalidate_atime(struct inode * inode)142 void fuse_invalidate_atime(struct inode *inode) 143 { 144 if (!IS_RDONLY(inode)) 145 fuse_invalidate_attr_mask(inode, STATX_ATIME); 146 } 147 148 /* 149 * Just mark the entry as stale, so that a next attempt to look it up 150 * will result in a new lookup call to userspace 151 * 152 * This is called when a dentry is about to become negative and the 153 * timeout is unknown (unlink, rmdir, rename and in some cases 154 * lookup) 155 */ fuse_invalidate_entry_cache(struct dentry * entry)156 void fuse_invalidate_entry_cache(struct dentry *entry) 157 { 158 fuse_dentry_settime(entry, 0); 159 } 160 161 /* 162 * Same as fuse_invalidate_entry_cache(), but also try to remove the 163 * dentry from the hash 164 */ fuse_invalidate_entry(struct dentry * entry)165 static void fuse_invalidate_entry(struct dentry *entry) 166 { 167 d_invalidate(entry); 168 fuse_invalidate_entry_cache(entry); 169 } 170 fuse_lookup_init(struct fuse_conn * fc,struct fuse_args * args,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg)171 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args, 172 u64 nodeid, const struct qstr *name, 173 struct fuse_entry_out *outarg) 174 { 175 memset(outarg, 0, sizeof(struct fuse_entry_out)); 176 args->opcode = FUSE_LOOKUP; 177 args->nodeid = nodeid; 178 args->in_numargs = 3; 179 fuse_set_zero_arg0(args); 180 args->in_args[1].size = name->len; 181 args->in_args[1].value = name->name; 182 args->in_args[2].size = 1; 183 args->in_args[2].value = ""; 184 args->out_numargs = 1; 185 args->out_args[0].size = sizeof(struct fuse_entry_out); 186 args->out_args[0].value = outarg; 187 } 188 189 /* 190 * Check whether the dentry is still valid 191 * 192 * If the entry validity timeout has expired and the dentry is 193 * positive, try to redo the lookup. If the lookup results in a 194 * different inode, then let the VFS invalidate the dentry and redo 195 * the lookup once more. If the lookup results in the same inode, 196 * then refresh the attributes, timeouts and mark the dentry valid. 197 */ fuse_dentry_revalidate(struct inode * dir,const struct qstr * name,struct dentry * entry,unsigned int flags)198 static int fuse_dentry_revalidate(struct inode *dir, const struct qstr *name, 199 struct dentry *entry, unsigned int flags) 200 { 201 struct inode *inode; 202 struct fuse_mount *fm; 203 struct fuse_inode *fi; 204 int ret; 205 206 inode = d_inode_rcu(entry); 207 if (inode && fuse_is_bad(inode)) 208 goto invalid; 209 else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) || 210 (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) { 211 struct fuse_entry_out outarg; 212 FUSE_ARGS(args); 213 struct fuse_forget_link *forget; 214 u64 attr_version; 215 216 /* For negative dentries, always do a fresh lookup */ 217 if (!inode) 218 goto invalid; 219 220 ret = -ECHILD; 221 if (flags & LOOKUP_RCU) 222 goto out; 223 224 fm = get_fuse_mount(inode); 225 226 forget = fuse_alloc_forget(); 227 ret = -ENOMEM; 228 if (!forget) 229 goto out; 230 231 attr_version = fuse_get_attr_version(fm->fc); 232 233 fuse_lookup_init(fm->fc, &args, get_node_id(dir), 234 name, &outarg); 235 ret = fuse_simple_request(fm, &args); 236 /* Zero nodeid is same as -ENOENT */ 237 if (!ret && !outarg.nodeid) 238 ret = -ENOENT; 239 if (!ret) { 240 fi = get_fuse_inode(inode); 241 if (outarg.nodeid != get_node_id(inode) || 242 (bool) IS_AUTOMOUNT(inode) != (bool) (outarg.attr.flags & FUSE_ATTR_SUBMOUNT)) { 243 fuse_queue_forget(fm->fc, forget, 244 outarg.nodeid, 1); 245 goto invalid; 246 } 247 spin_lock(&fi->lock); 248 fi->nlookup++; 249 spin_unlock(&fi->lock); 250 } 251 kfree(forget); 252 if (ret == -ENOMEM || ret == -EINTR) 253 goto out; 254 if (ret || fuse_invalid_attr(&outarg.attr) || 255 fuse_stale_inode(inode, outarg.generation, &outarg.attr)) 256 goto invalid; 257 258 forget_all_cached_acls(inode); 259 fuse_change_attributes(inode, &outarg.attr, NULL, 260 ATTR_TIMEOUT(&outarg), 261 attr_version); 262 fuse_change_entry_timeout(entry, &outarg); 263 } else if (inode) { 264 fi = get_fuse_inode(inode); 265 if (flags & LOOKUP_RCU) { 266 if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state)) 267 return -ECHILD; 268 } else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) { 269 fuse_advise_use_readdirplus(dir); 270 } 271 } 272 ret = 1; 273 out: 274 return ret; 275 276 invalid: 277 ret = 0; 278 goto out; 279 } 280 281 #if BITS_PER_LONG < 64 fuse_dentry_init(struct dentry * dentry)282 static int fuse_dentry_init(struct dentry *dentry) 283 { 284 dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry), 285 GFP_KERNEL_ACCOUNT | __GFP_RECLAIMABLE); 286 287 return dentry->d_fsdata ? 0 : -ENOMEM; 288 } fuse_dentry_release(struct dentry * dentry)289 static void fuse_dentry_release(struct dentry *dentry) 290 { 291 union fuse_dentry *fd = dentry->d_fsdata; 292 293 kfree_rcu(fd, rcu); 294 } 295 #endif 296 fuse_dentry_delete(const struct dentry * dentry)297 static int fuse_dentry_delete(const struct dentry *dentry) 298 { 299 return time_before64(fuse_dentry_time(dentry), get_jiffies_64()); 300 } 301 302 /* 303 * Create a fuse_mount object with a new superblock (with path->dentry 304 * as the root), and return that mount so it can be auto-mounted on 305 * @path. 306 */ fuse_dentry_automount(struct path * path)307 static struct vfsmount *fuse_dentry_automount(struct path *path) 308 { 309 struct fs_context *fsc; 310 struct vfsmount *mnt; 311 struct fuse_inode *mp_fi = get_fuse_inode(d_inode(path->dentry)); 312 313 fsc = fs_context_for_submount(path->mnt->mnt_sb->s_type, path->dentry); 314 if (IS_ERR(fsc)) 315 return ERR_CAST(fsc); 316 317 /* Pass the FUSE inode of the mount for fuse_get_tree_submount() */ 318 fsc->fs_private = mp_fi; 319 320 /* Create the submount */ 321 mnt = fc_mount(fsc); 322 if (!IS_ERR(mnt)) 323 mntget(mnt); 324 325 put_fs_context(fsc); 326 return mnt; 327 } 328 329 const struct dentry_operations fuse_dentry_operations = { 330 .d_revalidate = fuse_dentry_revalidate, 331 .d_delete = fuse_dentry_delete, 332 #if BITS_PER_LONG < 64 333 .d_init = fuse_dentry_init, 334 .d_release = fuse_dentry_release, 335 #endif 336 .d_automount = fuse_dentry_automount, 337 }; 338 339 const struct dentry_operations fuse_root_dentry_operations = { 340 #if BITS_PER_LONG < 64 341 .d_init = fuse_dentry_init, 342 .d_release = fuse_dentry_release, 343 #endif 344 }; 345 fuse_valid_type(int m)346 int fuse_valid_type(int m) 347 { 348 return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) || 349 S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m); 350 } 351 fuse_valid_size(u64 size)352 static bool fuse_valid_size(u64 size) 353 { 354 return size <= LLONG_MAX; 355 } 356 fuse_invalid_attr(struct fuse_attr * attr)357 bool fuse_invalid_attr(struct fuse_attr *attr) 358 { 359 return !fuse_valid_type(attr->mode) || !fuse_valid_size(attr->size); 360 } 361 fuse_lookup_name(struct super_block * sb,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg,struct inode ** inode)362 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name, 363 struct fuse_entry_out *outarg, struct inode **inode) 364 { 365 struct fuse_mount *fm = get_fuse_mount_super(sb); 366 FUSE_ARGS(args); 367 struct fuse_forget_link *forget; 368 u64 attr_version, evict_ctr; 369 int err; 370 371 *inode = NULL; 372 err = -ENAMETOOLONG; 373 if (name->len > FUSE_NAME_MAX) 374 goto out; 375 376 377 forget = fuse_alloc_forget(); 378 err = -ENOMEM; 379 if (!forget) 380 goto out; 381 382 attr_version = fuse_get_attr_version(fm->fc); 383 evict_ctr = fuse_get_evict_ctr(fm->fc); 384 385 fuse_lookup_init(fm->fc, &args, nodeid, name, outarg); 386 err = fuse_simple_request(fm, &args); 387 /* Zero nodeid is same as -ENOENT, but with valid timeout */ 388 if (err || !outarg->nodeid) 389 goto out_put_forget; 390 391 err = -EIO; 392 if (fuse_invalid_attr(&outarg->attr)) 393 goto out_put_forget; 394 if (outarg->nodeid == FUSE_ROOT_ID && outarg->generation != 0) { 395 pr_warn_once("root generation should be zero\n"); 396 outarg->generation = 0; 397 } 398 399 *inode = fuse_iget(sb, outarg->nodeid, outarg->generation, 400 &outarg->attr, ATTR_TIMEOUT(outarg), 401 attr_version, evict_ctr); 402 err = -ENOMEM; 403 if (!*inode) { 404 fuse_queue_forget(fm->fc, forget, outarg->nodeid, 1); 405 goto out; 406 } 407 err = 0; 408 409 out_put_forget: 410 kfree(forget); 411 out: 412 return err; 413 } 414 fuse_lookup(struct inode * dir,struct dentry * entry,unsigned int flags)415 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry, 416 unsigned int flags) 417 { 418 int err; 419 struct fuse_entry_out outarg; 420 struct inode *inode; 421 struct dentry *newent; 422 bool outarg_valid = true; 423 bool locked; 424 425 if (fuse_is_bad(dir)) 426 return ERR_PTR(-EIO); 427 428 locked = fuse_lock_inode(dir); 429 err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name, 430 &outarg, &inode); 431 fuse_unlock_inode(dir, locked); 432 if (err == -ENOENT) { 433 outarg_valid = false; 434 err = 0; 435 } 436 if (err) 437 goto out_err; 438 439 err = -EIO; 440 if (inode && get_node_id(inode) == FUSE_ROOT_ID) 441 goto out_iput; 442 443 newent = d_splice_alias(inode, entry); 444 err = PTR_ERR(newent); 445 if (IS_ERR(newent)) 446 goto out_err; 447 448 entry = newent ? newent : entry; 449 if (outarg_valid) 450 fuse_change_entry_timeout(entry, &outarg); 451 else 452 fuse_invalidate_entry_cache(entry); 453 454 if (inode) 455 fuse_advise_use_readdirplus(dir); 456 return newent; 457 458 out_iput: 459 iput(inode); 460 out_err: 461 return ERR_PTR(err); 462 } 463 get_security_context(struct dentry * entry,umode_t mode,struct fuse_in_arg * ext)464 static int get_security_context(struct dentry *entry, umode_t mode, 465 struct fuse_in_arg *ext) 466 { 467 struct fuse_secctx *fctx; 468 struct fuse_secctx_header *header; 469 struct lsm_context lsmctx = { }; 470 void *ptr; 471 u32 total_len = sizeof(*header); 472 int err, nr_ctx = 0; 473 const char *name = NULL; 474 size_t namelen; 475 476 err = security_dentry_init_security(entry, mode, &entry->d_name, 477 &name, &lsmctx); 478 479 /* If no LSM is supporting this security hook ignore error */ 480 if (err && err != -EOPNOTSUPP) 481 goto out_err; 482 483 if (lsmctx.len) { 484 nr_ctx = 1; 485 namelen = strlen(name) + 1; 486 err = -EIO; 487 if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || 488 lsmctx.len > S32_MAX)) 489 goto out_err; 490 total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + 491 lsmctx.len); 492 } 493 494 err = -ENOMEM; 495 header = ptr = kzalloc(total_len, GFP_KERNEL); 496 if (!ptr) 497 goto out_err; 498 499 header->nr_secctx = nr_ctx; 500 header->size = total_len; 501 ptr += sizeof(*header); 502 if (nr_ctx) { 503 fctx = ptr; 504 fctx->size = lsmctx.len; 505 ptr += sizeof(*fctx); 506 507 strcpy(ptr, name); 508 ptr += namelen; 509 510 memcpy(ptr, lsmctx.context, lsmctx.len); 511 } 512 ext->size = total_len; 513 ext->value = header; 514 err = 0; 515 out_err: 516 if (nr_ctx) 517 security_release_secctx(&lsmctx); 518 return err; 519 } 520 extend_arg(struct fuse_in_arg * buf,u32 bytes)521 static void *extend_arg(struct fuse_in_arg *buf, u32 bytes) 522 { 523 void *p; 524 u32 newlen = buf->size + bytes; 525 526 p = krealloc(buf->value, newlen, GFP_KERNEL); 527 if (!p) { 528 kfree(buf->value); 529 buf->size = 0; 530 buf->value = NULL; 531 return NULL; 532 } 533 534 memset(p + buf->size, 0, bytes); 535 buf->value = p; 536 buf->size = newlen; 537 538 return p + newlen - bytes; 539 } 540 fuse_ext_size(size_t size)541 static u32 fuse_ext_size(size_t size) 542 { 543 return FUSE_REC_ALIGN(sizeof(struct fuse_ext_header) + size); 544 } 545 546 /* 547 * This adds just a single supplementary group that matches the parent's group. 548 */ get_create_supp_group(struct mnt_idmap * idmap,struct inode * dir,struct fuse_in_arg * ext)549 static int get_create_supp_group(struct mnt_idmap *idmap, 550 struct inode *dir, 551 struct fuse_in_arg *ext) 552 { 553 struct fuse_conn *fc = get_fuse_conn(dir); 554 struct fuse_ext_header *xh; 555 struct fuse_supp_groups *sg; 556 kgid_t kgid = dir->i_gid; 557 vfsgid_t vfsgid = make_vfsgid(idmap, fc->user_ns, kgid); 558 gid_t parent_gid = from_kgid(fc->user_ns, kgid); 559 560 u32 sg_len = fuse_ext_size(sizeof(*sg) + sizeof(sg->groups[0])); 561 562 if (parent_gid == (gid_t) -1 || vfsgid_eq_kgid(vfsgid, current_fsgid()) || 563 !vfsgid_in_group_p(vfsgid)) 564 return 0; 565 566 xh = extend_arg(ext, sg_len); 567 if (!xh) 568 return -ENOMEM; 569 570 xh->size = sg_len; 571 xh->type = FUSE_EXT_GROUPS; 572 573 sg = (struct fuse_supp_groups *) &xh[1]; 574 sg->nr_groups = 1; 575 sg->groups[0] = parent_gid; 576 577 return 0; 578 } 579 get_create_ext(struct mnt_idmap * idmap,struct fuse_args * args,struct inode * dir,struct dentry * dentry,umode_t mode)580 static int get_create_ext(struct mnt_idmap *idmap, 581 struct fuse_args *args, 582 struct inode *dir, struct dentry *dentry, 583 umode_t mode) 584 { 585 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb); 586 struct fuse_in_arg ext = { .size = 0, .value = NULL }; 587 int err = 0; 588 589 if (fc->init_security) 590 err = get_security_context(dentry, mode, &ext); 591 if (!err && fc->create_supp_group) 592 err = get_create_supp_group(idmap, dir, &ext); 593 594 if (!err && ext.size) { 595 WARN_ON(args->in_numargs >= ARRAY_SIZE(args->in_args)); 596 args->is_ext = true; 597 args->ext_idx = args->in_numargs++; 598 args->in_args[args->ext_idx] = ext; 599 } else { 600 kfree(ext.value); 601 } 602 603 return err; 604 } 605 free_ext_value(struct fuse_args * args)606 static void free_ext_value(struct fuse_args *args) 607 { 608 if (args->is_ext) 609 kfree(args->in_args[args->ext_idx].value); 610 } 611 612 /* 613 * Atomic create+open operation 614 * 615 * If the filesystem doesn't support this, then fall back to separate 616 * 'mknod' + 'open' requests. 617 */ fuse_create_open(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,struct file * file,unsigned int flags,umode_t mode,u32 opcode)618 static int fuse_create_open(struct mnt_idmap *idmap, struct inode *dir, 619 struct dentry *entry, struct file *file, 620 unsigned int flags, umode_t mode, u32 opcode) 621 { 622 int err; 623 struct inode *inode; 624 struct fuse_mount *fm = get_fuse_mount(dir); 625 FUSE_ARGS(args); 626 struct fuse_forget_link *forget; 627 struct fuse_create_in inarg; 628 struct fuse_open_out *outopenp; 629 struct fuse_entry_out outentry; 630 struct fuse_inode *fi; 631 struct fuse_file *ff; 632 bool trunc = flags & O_TRUNC; 633 634 /* Userspace expects S_IFREG in create mode */ 635 BUG_ON((mode & S_IFMT) != S_IFREG); 636 637 forget = fuse_alloc_forget(); 638 err = -ENOMEM; 639 if (!forget) 640 goto out_err; 641 642 err = -ENOMEM; 643 ff = fuse_file_alloc(fm, true); 644 if (!ff) 645 goto out_put_forget_req; 646 647 if (!fm->fc->dont_mask) 648 mode &= ~current_umask(); 649 650 flags &= ~O_NOCTTY; 651 memset(&inarg, 0, sizeof(inarg)); 652 memset(&outentry, 0, sizeof(outentry)); 653 inarg.flags = flags; 654 inarg.mode = mode; 655 inarg.umask = current_umask(); 656 657 if (fm->fc->handle_killpriv_v2 && trunc && 658 !(flags & O_EXCL) && !capable(CAP_FSETID)) { 659 inarg.open_flags |= FUSE_OPEN_KILL_SUIDGID; 660 } 661 662 args.opcode = opcode; 663 args.nodeid = get_node_id(dir); 664 args.in_numargs = 2; 665 args.in_args[0].size = sizeof(inarg); 666 args.in_args[0].value = &inarg; 667 args.in_args[1].size = entry->d_name.len + 1; 668 args.in_args[1].value = entry->d_name.name; 669 args.out_numargs = 2; 670 args.out_args[0].size = sizeof(outentry); 671 args.out_args[0].value = &outentry; 672 /* Store outarg for fuse_finish_open() */ 673 outopenp = &ff->args->open_outarg; 674 args.out_args[1].size = sizeof(*outopenp); 675 args.out_args[1].value = outopenp; 676 677 err = get_create_ext(idmap, &args, dir, entry, mode); 678 if (err) 679 goto out_free_ff; 680 681 err = fuse_simple_idmap_request(idmap, fm, &args); 682 free_ext_value(&args); 683 if (err) 684 goto out_free_ff; 685 686 err = -EIO; 687 if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid) || 688 fuse_invalid_attr(&outentry.attr)) 689 goto out_free_ff; 690 691 ff->fh = outopenp->fh; 692 ff->nodeid = outentry.nodeid; 693 ff->open_flags = outopenp->open_flags; 694 inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation, 695 &outentry.attr, ATTR_TIMEOUT(&outentry), 0, 0); 696 if (!inode) { 697 flags &= ~(O_CREAT | O_EXCL | O_TRUNC); 698 fuse_sync_release(NULL, ff, flags); 699 fuse_queue_forget(fm->fc, forget, outentry.nodeid, 1); 700 err = -ENOMEM; 701 goto out_err; 702 } 703 kfree(forget); 704 d_instantiate(entry, inode); 705 fuse_change_entry_timeout(entry, &outentry); 706 fuse_dir_changed(dir); 707 err = generic_file_open(inode, file); 708 if (!err) { 709 file->private_data = ff; 710 err = finish_open(file, entry, fuse_finish_open); 711 } 712 if (err) { 713 fi = get_fuse_inode(inode); 714 fuse_sync_release(fi, ff, flags); 715 } else { 716 if (fm->fc->atomic_o_trunc && trunc) 717 truncate_pagecache(inode, 0); 718 else if (!(ff->open_flags & FOPEN_KEEP_CACHE)) 719 invalidate_inode_pages2(inode->i_mapping); 720 } 721 return err; 722 723 out_free_ff: 724 fuse_file_free(ff); 725 out_put_forget_req: 726 kfree(forget); 727 out_err: 728 return err; 729 } 730 731 static int fuse_mknod(struct mnt_idmap *, struct inode *, struct dentry *, 732 umode_t, dev_t); fuse_atomic_open(struct inode * dir,struct dentry * entry,struct file * file,unsigned flags,umode_t mode)733 static int fuse_atomic_open(struct inode *dir, struct dentry *entry, 734 struct file *file, unsigned flags, 735 umode_t mode) 736 { 737 int err; 738 struct mnt_idmap *idmap = file_mnt_idmap(file); 739 struct fuse_conn *fc = get_fuse_conn(dir); 740 struct dentry *res = NULL; 741 742 if (fuse_is_bad(dir)) 743 return -EIO; 744 745 if (d_in_lookup(entry)) { 746 res = fuse_lookup(dir, entry, 0); 747 if (IS_ERR(res)) 748 return PTR_ERR(res); 749 750 if (res) 751 entry = res; 752 } 753 754 if (!(flags & O_CREAT) || d_really_is_positive(entry)) 755 goto no_open; 756 757 /* Only creates */ 758 file->f_mode |= FMODE_CREATED; 759 760 if (fc->no_create) 761 goto mknod; 762 763 err = fuse_create_open(idmap, dir, entry, file, flags, mode, FUSE_CREATE); 764 if (err == -ENOSYS) { 765 fc->no_create = 1; 766 goto mknod; 767 } else if (err == -EEXIST) 768 fuse_invalidate_entry(entry); 769 out_dput: 770 dput(res); 771 return err; 772 773 mknod: 774 err = fuse_mknod(idmap, dir, entry, mode, 0); 775 if (err) 776 goto out_dput; 777 no_open: 778 return finish_no_open(file, res); 779 } 780 781 /* 782 * Code shared between mknod, mkdir, symlink and link 783 */ create_new_entry(struct mnt_idmap * idmap,struct fuse_mount * fm,struct fuse_args * args,struct inode * dir,struct dentry * entry,umode_t mode)784 static struct dentry *create_new_entry(struct mnt_idmap *idmap, struct fuse_mount *fm, 785 struct fuse_args *args, struct inode *dir, 786 struct dentry *entry, umode_t mode) 787 { 788 struct fuse_entry_out outarg; 789 struct inode *inode; 790 struct dentry *d; 791 int err; 792 struct fuse_forget_link *forget; 793 794 if (fuse_is_bad(dir)) 795 return ERR_PTR(-EIO); 796 797 forget = fuse_alloc_forget(); 798 if (!forget) 799 return ERR_PTR(-ENOMEM); 800 801 memset(&outarg, 0, sizeof(outarg)); 802 args->nodeid = get_node_id(dir); 803 args->out_numargs = 1; 804 args->out_args[0].size = sizeof(outarg); 805 args->out_args[0].value = &outarg; 806 807 if (args->opcode != FUSE_LINK) { 808 err = get_create_ext(idmap, args, dir, entry, mode); 809 if (err) 810 goto out_put_forget_req; 811 } 812 813 err = fuse_simple_idmap_request(idmap, fm, args); 814 free_ext_value(args); 815 if (err) 816 goto out_put_forget_req; 817 818 err = -EIO; 819 if (invalid_nodeid(outarg.nodeid) || fuse_invalid_attr(&outarg.attr)) 820 goto out_put_forget_req; 821 822 if ((outarg.attr.mode ^ mode) & S_IFMT) 823 goto out_put_forget_req; 824 825 inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation, 826 &outarg.attr, ATTR_TIMEOUT(&outarg), 0, 0); 827 if (!inode) { 828 fuse_queue_forget(fm->fc, forget, outarg.nodeid, 1); 829 return ERR_PTR(-ENOMEM); 830 } 831 kfree(forget); 832 833 d_drop(entry); 834 d = d_splice_alias(inode, entry); 835 if (IS_ERR(d)) 836 return d; 837 838 if (d) 839 fuse_change_entry_timeout(d, &outarg); 840 else 841 fuse_change_entry_timeout(entry, &outarg); 842 fuse_dir_changed(dir); 843 return d; 844 845 out_put_forget_req: 846 if (err == -EEXIST) 847 fuse_invalidate_entry(entry); 848 kfree(forget); 849 return ERR_PTR(err); 850 } 851 create_new_nondir(struct mnt_idmap * idmap,struct fuse_mount * fm,struct fuse_args * args,struct inode * dir,struct dentry * entry,umode_t mode)852 static int create_new_nondir(struct mnt_idmap *idmap, struct fuse_mount *fm, 853 struct fuse_args *args, struct inode *dir, 854 struct dentry *entry, umode_t mode) 855 { 856 /* 857 * Note that when creating anything other than a directory we 858 * can be sure create_new_entry() will NOT return an alternate 859 * dentry as d_splice_alias() only returns an alternate dentry 860 * for directories. So we don't need to check for that case 861 * when passing back the result. 862 */ 863 WARN_ON_ONCE(S_ISDIR(mode)); 864 865 return PTR_ERR(create_new_entry(idmap, fm, args, dir, entry, mode)); 866 } 867 fuse_mknod(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,umode_t mode,dev_t rdev)868 static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir, 869 struct dentry *entry, umode_t mode, dev_t rdev) 870 { 871 struct fuse_mknod_in inarg; 872 struct fuse_mount *fm = get_fuse_mount(dir); 873 FUSE_ARGS(args); 874 875 if (!fm->fc->dont_mask) 876 mode &= ~current_umask(); 877 878 memset(&inarg, 0, sizeof(inarg)); 879 inarg.mode = mode; 880 inarg.rdev = new_encode_dev(rdev); 881 inarg.umask = current_umask(); 882 args.opcode = FUSE_MKNOD; 883 args.in_numargs = 2; 884 args.in_args[0].size = sizeof(inarg); 885 args.in_args[0].value = &inarg; 886 args.in_args[1].size = entry->d_name.len + 1; 887 args.in_args[1].value = entry->d_name.name; 888 return create_new_nondir(idmap, fm, &args, dir, entry, mode); 889 } 890 fuse_create(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,umode_t mode,bool excl)891 static int fuse_create(struct mnt_idmap *idmap, struct inode *dir, 892 struct dentry *entry, umode_t mode, bool excl) 893 { 894 return fuse_mknod(idmap, dir, entry, mode, 0); 895 } 896 fuse_tmpfile(struct mnt_idmap * idmap,struct inode * dir,struct file * file,umode_t mode)897 static int fuse_tmpfile(struct mnt_idmap *idmap, struct inode *dir, 898 struct file *file, umode_t mode) 899 { 900 struct fuse_conn *fc = get_fuse_conn(dir); 901 int err; 902 903 if (fc->no_tmpfile) 904 return -EOPNOTSUPP; 905 906 err = fuse_create_open(idmap, dir, file->f_path.dentry, file, 907 file->f_flags, mode, FUSE_TMPFILE); 908 if (err == -ENOSYS) { 909 fc->no_tmpfile = 1; 910 err = -EOPNOTSUPP; 911 } 912 return err; 913 } 914 fuse_mkdir(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,umode_t mode)915 static struct dentry *fuse_mkdir(struct mnt_idmap *idmap, struct inode *dir, 916 struct dentry *entry, umode_t mode) 917 { 918 struct fuse_mkdir_in inarg; 919 struct fuse_mount *fm = get_fuse_mount(dir); 920 FUSE_ARGS(args); 921 922 if (!fm->fc->dont_mask) 923 mode &= ~current_umask(); 924 925 memset(&inarg, 0, sizeof(inarg)); 926 inarg.mode = mode; 927 inarg.umask = current_umask(); 928 args.opcode = FUSE_MKDIR; 929 args.in_numargs = 2; 930 args.in_args[0].size = sizeof(inarg); 931 args.in_args[0].value = &inarg; 932 args.in_args[1].size = entry->d_name.len + 1; 933 args.in_args[1].value = entry->d_name.name; 934 return create_new_entry(idmap, fm, &args, dir, entry, S_IFDIR); 935 } 936 fuse_symlink(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,const char * link)937 static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir, 938 struct dentry *entry, const char *link) 939 { 940 struct fuse_mount *fm = get_fuse_mount(dir); 941 unsigned len = strlen(link) + 1; 942 FUSE_ARGS(args); 943 944 args.opcode = FUSE_SYMLINK; 945 args.in_numargs = 3; 946 fuse_set_zero_arg0(&args); 947 args.in_args[1].size = entry->d_name.len + 1; 948 args.in_args[1].value = entry->d_name.name; 949 args.in_args[2].size = len; 950 args.in_args[2].value = link; 951 return create_new_nondir(idmap, fm, &args, dir, entry, S_IFLNK); 952 } 953 fuse_flush_time_update(struct inode * inode)954 void fuse_flush_time_update(struct inode *inode) 955 { 956 int err = sync_inode_metadata(inode, 1); 957 958 mapping_set_error(inode->i_mapping, err); 959 } 960 fuse_update_ctime_in_cache(struct inode * inode)961 static void fuse_update_ctime_in_cache(struct inode *inode) 962 { 963 if (!IS_NOCMTIME(inode)) { 964 inode_set_ctime_current(inode); 965 mark_inode_dirty_sync(inode); 966 fuse_flush_time_update(inode); 967 } 968 } 969 fuse_update_ctime(struct inode * inode)970 void fuse_update_ctime(struct inode *inode) 971 { 972 fuse_invalidate_attr_mask(inode, STATX_CTIME); 973 fuse_update_ctime_in_cache(inode); 974 } 975 fuse_entry_unlinked(struct dentry * entry)976 static void fuse_entry_unlinked(struct dentry *entry) 977 { 978 struct inode *inode = d_inode(entry); 979 struct fuse_conn *fc = get_fuse_conn(inode); 980 struct fuse_inode *fi = get_fuse_inode(inode); 981 982 spin_lock(&fi->lock); 983 fi->attr_version = atomic64_inc_return(&fc->attr_version); 984 /* 985 * If i_nlink == 0 then unlink doesn't make sense, yet this can 986 * happen if userspace filesystem is careless. It would be 987 * difficult to enforce correct nlink usage so just ignore this 988 * condition here 989 */ 990 if (S_ISDIR(inode->i_mode)) 991 clear_nlink(inode); 992 else if (inode->i_nlink > 0) 993 drop_nlink(inode); 994 spin_unlock(&fi->lock); 995 fuse_invalidate_entry_cache(entry); 996 fuse_update_ctime(inode); 997 } 998 fuse_unlink(struct inode * dir,struct dentry * entry)999 static int fuse_unlink(struct inode *dir, struct dentry *entry) 1000 { 1001 int err; 1002 struct fuse_mount *fm = get_fuse_mount(dir); 1003 FUSE_ARGS(args); 1004 1005 if (fuse_is_bad(dir)) 1006 return -EIO; 1007 1008 args.opcode = FUSE_UNLINK; 1009 args.nodeid = get_node_id(dir); 1010 args.in_numargs = 2; 1011 fuse_set_zero_arg0(&args); 1012 args.in_args[1].size = entry->d_name.len + 1; 1013 args.in_args[1].value = entry->d_name.name; 1014 err = fuse_simple_request(fm, &args); 1015 if (!err) { 1016 fuse_dir_changed(dir); 1017 fuse_entry_unlinked(entry); 1018 } else if (err == -EINTR || err == -ENOENT) 1019 fuse_invalidate_entry(entry); 1020 return err; 1021 } 1022 fuse_rmdir(struct inode * dir,struct dentry * entry)1023 static int fuse_rmdir(struct inode *dir, struct dentry *entry) 1024 { 1025 int err; 1026 struct fuse_mount *fm = get_fuse_mount(dir); 1027 FUSE_ARGS(args); 1028 1029 if (fuse_is_bad(dir)) 1030 return -EIO; 1031 1032 args.opcode = FUSE_RMDIR; 1033 args.nodeid = get_node_id(dir); 1034 args.in_numargs = 2; 1035 fuse_set_zero_arg0(&args); 1036 args.in_args[1].size = entry->d_name.len + 1; 1037 args.in_args[1].value = entry->d_name.name; 1038 err = fuse_simple_request(fm, &args); 1039 if (!err) { 1040 fuse_dir_changed(dir); 1041 fuse_entry_unlinked(entry); 1042 } else if (err == -EINTR || err == -ENOENT) 1043 fuse_invalidate_entry(entry); 1044 return err; 1045 } 1046 fuse_rename_common(struct mnt_idmap * idmap,struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags,int opcode,size_t argsize)1047 static int fuse_rename_common(struct mnt_idmap *idmap, struct inode *olddir, struct dentry *oldent, 1048 struct inode *newdir, struct dentry *newent, 1049 unsigned int flags, int opcode, size_t argsize) 1050 { 1051 int err; 1052 struct fuse_rename2_in inarg; 1053 struct fuse_mount *fm = get_fuse_mount(olddir); 1054 FUSE_ARGS(args); 1055 1056 memset(&inarg, 0, argsize); 1057 inarg.newdir = get_node_id(newdir); 1058 inarg.flags = flags; 1059 args.opcode = opcode; 1060 args.nodeid = get_node_id(olddir); 1061 args.in_numargs = 3; 1062 args.in_args[0].size = argsize; 1063 args.in_args[0].value = &inarg; 1064 args.in_args[1].size = oldent->d_name.len + 1; 1065 args.in_args[1].value = oldent->d_name.name; 1066 args.in_args[2].size = newent->d_name.len + 1; 1067 args.in_args[2].value = newent->d_name.name; 1068 err = fuse_simple_idmap_request(idmap, fm, &args); 1069 if (!err) { 1070 /* ctime changes */ 1071 fuse_update_ctime(d_inode(oldent)); 1072 1073 if (flags & RENAME_EXCHANGE) 1074 fuse_update_ctime(d_inode(newent)); 1075 1076 fuse_dir_changed(olddir); 1077 if (olddir != newdir) 1078 fuse_dir_changed(newdir); 1079 1080 /* newent will end up negative */ 1081 if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent)) 1082 fuse_entry_unlinked(newent); 1083 } else if (err == -EINTR || err == -ENOENT) { 1084 /* If request was interrupted, DEITY only knows if the 1085 rename actually took place. If the invalidation 1086 fails (e.g. some process has CWD under the renamed 1087 directory), then there can be inconsistency between 1088 the dcache and the real filesystem. Tough luck. */ 1089 fuse_invalidate_entry(oldent); 1090 if (d_really_is_positive(newent)) 1091 fuse_invalidate_entry(newent); 1092 } 1093 1094 return err; 1095 } 1096 fuse_rename2(struct mnt_idmap * idmap,struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags)1097 static int fuse_rename2(struct mnt_idmap *idmap, struct inode *olddir, 1098 struct dentry *oldent, struct inode *newdir, 1099 struct dentry *newent, unsigned int flags) 1100 { 1101 struct fuse_conn *fc = get_fuse_conn(olddir); 1102 int err; 1103 1104 if (fuse_is_bad(olddir)) 1105 return -EIO; 1106 1107 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 1108 return -EINVAL; 1109 1110 if (flags) { 1111 if (fc->no_rename2 || fc->minor < 23) 1112 return -EINVAL; 1113 1114 err = fuse_rename_common((flags & RENAME_WHITEOUT) ? idmap : &invalid_mnt_idmap, 1115 olddir, oldent, newdir, newent, flags, 1116 FUSE_RENAME2, 1117 sizeof(struct fuse_rename2_in)); 1118 if (err == -ENOSYS) { 1119 fc->no_rename2 = 1; 1120 err = -EINVAL; 1121 } 1122 } else { 1123 err = fuse_rename_common(&invalid_mnt_idmap, olddir, oldent, newdir, newent, 0, 1124 FUSE_RENAME, 1125 sizeof(struct fuse_rename_in)); 1126 } 1127 1128 return err; 1129 } 1130 fuse_link(struct dentry * entry,struct inode * newdir,struct dentry * newent)1131 static int fuse_link(struct dentry *entry, struct inode *newdir, 1132 struct dentry *newent) 1133 { 1134 int err; 1135 struct fuse_link_in inarg; 1136 struct inode *inode = d_inode(entry); 1137 struct fuse_mount *fm = get_fuse_mount(inode); 1138 FUSE_ARGS(args); 1139 1140 memset(&inarg, 0, sizeof(inarg)); 1141 inarg.oldnodeid = get_node_id(inode); 1142 args.opcode = FUSE_LINK; 1143 args.in_numargs = 2; 1144 args.in_args[0].size = sizeof(inarg); 1145 args.in_args[0].value = &inarg; 1146 args.in_args[1].size = newent->d_name.len + 1; 1147 args.in_args[1].value = newent->d_name.name; 1148 err = create_new_nondir(&invalid_mnt_idmap, fm, &args, newdir, newent, inode->i_mode); 1149 if (!err) 1150 fuse_update_ctime_in_cache(inode); 1151 else if (err == -EINTR) 1152 fuse_invalidate_attr(inode); 1153 1154 return err; 1155 } 1156 fuse_fillattr(struct mnt_idmap * idmap,struct inode * inode,struct fuse_attr * attr,struct kstat * stat)1157 static void fuse_fillattr(struct mnt_idmap *idmap, struct inode *inode, 1158 struct fuse_attr *attr, struct kstat *stat) 1159 { 1160 unsigned int blkbits; 1161 struct fuse_conn *fc = get_fuse_conn(inode); 1162 vfsuid_t vfsuid = make_vfsuid(idmap, fc->user_ns, 1163 make_kuid(fc->user_ns, attr->uid)); 1164 vfsgid_t vfsgid = make_vfsgid(idmap, fc->user_ns, 1165 make_kgid(fc->user_ns, attr->gid)); 1166 1167 stat->dev = inode->i_sb->s_dev; 1168 stat->ino = attr->ino; 1169 stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777); 1170 stat->nlink = attr->nlink; 1171 stat->uid = vfsuid_into_kuid(vfsuid); 1172 stat->gid = vfsgid_into_kgid(vfsgid); 1173 stat->rdev = inode->i_rdev; 1174 stat->atime.tv_sec = attr->atime; 1175 stat->atime.tv_nsec = attr->atimensec; 1176 stat->mtime.tv_sec = attr->mtime; 1177 stat->mtime.tv_nsec = attr->mtimensec; 1178 stat->ctime.tv_sec = attr->ctime; 1179 stat->ctime.tv_nsec = attr->ctimensec; 1180 stat->size = attr->size; 1181 stat->blocks = attr->blocks; 1182 1183 if (attr->blksize != 0) 1184 blkbits = ilog2(attr->blksize); 1185 else 1186 blkbits = inode->i_sb->s_blocksize_bits; 1187 1188 stat->blksize = 1 << blkbits; 1189 } 1190 fuse_statx_to_attr(struct fuse_statx * sx,struct fuse_attr * attr)1191 static void fuse_statx_to_attr(struct fuse_statx *sx, struct fuse_attr *attr) 1192 { 1193 memset(attr, 0, sizeof(*attr)); 1194 attr->ino = sx->ino; 1195 attr->size = sx->size; 1196 attr->blocks = sx->blocks; 1197 attr->atime = sx->atime.tv_sec; 1198 attr->mtime = sx->mtime.tv_sec; 1199 attr->ctime = sx->ctime.tv_sec; 1200 attr->atimensec = sx->atime.tv_nsec; 1201 attr->mtimensec = sx->mtime.tv_nsec; 1202 attr->ctimensec = sx->ctime.tv_nsec; 1203 attr->mode = sx->mode; 1204 attr->nlink = sx->nlink; 1205 attr->uid = sx->uid; 1206 attr->gid = sx->gid; 1207 attr->rdev = new_encode_dev(MKDEV(sx->rdev_major, sx->rdev_minor)); 1208 attr->blksize = sx->blksize; 1209 } 1210 fuse_do_statx(struct mnt_idmap * idmap,struct inode * inode,struct file * file,struct kstat * stat)1211 static int fuse_do_statx(struct mnt_idmap *idmap, struct inode *inode, 1212 struct file *file, struct kstat *stat) 1213 { 1214 int err; 1215 struct fuse_attr attr; 1216 struct fuse_statx *sx; 1217 struct fuse_statx_in inarg; 1218 struct fuse_statx_out outarg; 1219 struct fuse_mount *fm = get_fuse_mount(inode); 1220 u64 attr_version = fuse_get_attr_version(fm->fc); 1221 FUSE_ARGS(args); 1222 1223 memset(&inarg, 0, sizeof(inarg)); 1224 memset(&outarg, 0, sizeof(outarg)); 1225 /* Directories have separate file-handle space */ 1226 if (file && S_ISREG(inode->i_mode)) { 1227 struct fuse_file *ff = file->private_data; 1228 1229 inarg.getattr_flags |= FUSE_GETATTR_FH; 1230 inarg.fh = ff->fh; 1231 } 1232 /* For now leave sync hints as the default, request all stats. */ 1233 inarg.sx_flags = 0; 1234 inarg.sx_mask = STATX_BASIC_STATS | STATX_BTIME; 1235 args.opcode = FUSE_STATX; 1236 args.nodeid = get_node_id(inode); 1237 args.in_numargs = 1; 1238 args.in_args[0].size = sizeof(inarg); 1239 args.in_args[0].value = &inarg; 1240 args.out_numargs = 1; 1241 args.out_args[0].size = sizeof(outarg); 1242 args.out_args[0].value = &outarg; 1243 err = fuse_simple_request(fm, &args); 1244 if (err) 1245 return err; 1246 1247 sx = &outarg.stat; 1248 if (((sx->mask & STATX_SIZE) && !fuse_valid_size(sx->size)) || 1249 ((sx->mask & STATX_TYPE) && (!fuse_valid_type(sx->mode) || 1250 inode_wrong_type(inode, sx->mode)))) { 1251 fuse_make_bad(inode); 1252 return -EIO; 1253 } 1254 1255 fuse_statx_to_attr(&outarg.stat, &attr); 1256 if ((sx->mask & STATX_BASIC_STATS) == STATX_BASIC_STATS) { 1257 fuse_change_attributes(inode, &attr, &outarg.stat, 1258 ATTR_TIMEOUT(&outarg), attr_version); 1259 } 1260 1261 if (stat) { 1262 stat->result_mask = sx->mask & (STATX_BASIC_STATS | STATX_BTIME); 1263 stat->btime.tv_sec = sx->btime.tv_sec; 1264 stat->btime.tv_nsec = min_t(u32, sx->btime.tv_nsec, NSEC_PER_SEC - 1); 1265 fuse_fillattr(idmap, inode, &attr, stat); 1266 stat->result_mask |= STATX_TYPE; 1267 } 1268 1269 return 0; 1270 } 1271 fuse_do_getattr(struct mnt_idmap * idmap,struct inode * inode,struct kstat * stat,struct file * file)1272 static int fuse_do_getattr(struct mnt_idmap *idmap, struct inode *inode, 1273 struct kstat *stat, struct file *file) 1274 { 1275 int err; 1276 struct fuse_getattr_in inarg; 1277 struct fuse_attr_out outarg; 1278 struct fuse_mount *fm = get_fuse_mount(inode); 1279 FUSE_ARGS(args); 1280 u64 attr_version; 1281 1282 attr_version = fuse_get_attr_version(fm->fc); 1283 1284 memset(&inarg, 0, sizeof(inarg)); 1285 memset(&outarg, 0, sizeof(outarg)); 1286 /* Directories have separate file-handle space */ 1287 if (file && S_ISREG(inode->i_mode)) { 1288 struct fuse_file *ff = file->private_data; 1289 1290 inarg.getattr_flags |= FUSE_GETATTR_FH; 1291 inarg.fh = ff->fh; 1292 } 1293 args.opcode = FUSE_GETATTR; 1294 args.nodeid = get_node_id(inode); 1295 args.in_numargs = 1; 1296 args.in_args[0].size = sizeof(inarg); 1297 args.in_args[0].value = &inarg; 1298 args.out_numargs = 1; 1299 args.out_args[0].size = sizeof(outarg); 1300 args.out_args[0].value = &outarg; 1301 err = fuse_simple_request(fm, &args); 1302 if (!err) { 1303 if (fuse_invalid_attr(&outarg.attr) || 1304 inode_wrong_type(inode, outarg.attr.mode)) { 1305 fuse_make_bad(inode); 1306 err = -EIO; 1307 } else { 1308 fuse_change_attributes(inode, &outarg.attr, NULL, 1309 ATTR_TIMEOUT(&outarg), 1310 attr_version); 1311 if (stat) 1312 fuse_fillattr(idmap, inode, &outarg.attr, stat); 1313 } 1314 } 1315 return err; 1316 } 1317 fuse_update_get_attr(struct mnt_idmap * idmap,struct inode * inode,struct file * file,struct kstat * stat,u32 request_mask,unsigned int flags)1318 static int fuse_update_get_attr(struct mnt_idmap *idmap, struct inode *inode, 1319 struct file *file, struct kstat *stat, 1320 u32 request_mask, unsigned int flags) 1321 { 1322 struct fuse_inode *fi = get_fuse_inode(inode); 1323 struct fuse_conn *fc = get_fuse_conn(inode); 1324 int err = 0; 1325 bool sync; 1326 u32 inval_mask = READ_ONCE(fi->inval_mask); 1327 u32 cache_mask = fuse_get_cache_mask(inode); 1328 1329 1330 /* FUSE only supports basic stats and possibly btime */ 1331 request_mask &= STATX_BASIC_STATS | STATX_BTIME; 1332 retry: 1333 if (fc->no_statx) 1334 request_mask &= STATX_BASIC_STATS; 1335 1336 if (!request_mask) 1337 sync = false; 1338 else if (flags & AT_STATX_FORCE_SYNC) 1339 sync = true; 1340 else if (flags & AT_STATX_DONT_SYNC) 1341 sync = false; 1342 else if (request_mask & inval_mask & ~cache_mask) 1343 sync = true; 1344 else 1345 sync = time_before64(fi->i_time, get_jiffies_64()); 1346 1347 if (sync) { 1348 forget_all_cached_acls(inode); 1349 /* Try statx if BTIME is requested */ 1350 if (!fc->no_statx && (request_mask & ~STATX_BASIC_STATS)) { 1351 err = fuse_do_statx(idmap, inode, file, stat); 1352 if (err == -ENOSYS) { 1353 fc->no_statx = 1; 1354 err = 0; 1355 goto retry; 1356 } 1357 } else { 1358 err = fuse_do_getattr(idmap, inode, stat, file); 1359 } 1360 } else if (stat) { 1361 generic_fillattr(idmap, request_mask, inode, stat); 1362 stat->mode = fi->orig_i_mode; 1363 stat->ino = fi->orig_ino; 1364 if (test_bit(FUSE_I_BTIME, &fi->state)) { 1365 stat->btime = fi->i_btime; 1366 stat->result_mask |= STATX_BTIME; 1367 } 1368 } 1369 1370 return err; 1371 } 1372 fuse_update_attributes(struct inode * inode,struct file * file,u32 mask)1373 int fuse_update_attributes(struct inode *inode, struct file *file, u32 mask) 1374 { 1375 return fuse_update_get_attr(&nop_mnt_idmap, inode, file, NULL, mask, 0); 1376 } 1377 fuse_reverse_inval_entry(struct fuse_conn * fc,u64 parent_nodeid,u64 child_nodeid,struct qstr * name,u32 flags)1378 int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid, 1379 u64 child_nodeid, struct qstr *name, u32 flags) 1380 { 1381 int err = -ENOTDIR; 1382 struct inode *parent; 1383 struct dentry *dir; 1384 struct dentry *entry; 1385 1386 parent = fuse_ilookup(fc, parent_nodeid, NULL); 1387 if (!parent) 1388 return -ENOENT; 1389 1390 inode_lock_nested(parent, I_MUTEX_PARENT); 1391 if (!S_ISDIR(parent->i_mode)) 1392 goto unlock; 1393 1394 err = -ENOENT; 1395 dir = d_find_alias(parent); 1396 if (!dir) 1397 goto unlock; 1398 1399 name->hash = full_name_hash(dir, name->name, name->len); 1400 entry = d_lookup(dir, name); 1401 dput(dir); 1402 if (!entry) 1403 goto unlock; 1404 1405 fuse_dir_changed(parent); 1406 if (!(flags & FUSE_EXPIRE_ONLY)) 1407 d_invalidate(entry); 1408 fuse_invalidate_entry_cache(entry); 1409 1410 if (child_nodeid != 0 && d_really_is_positive(entry)) { 1411 inode_lock(d_inode(entry)); 1412 if (get_node_id(d_inode(entry)) != child_nodeid) { 1413 err = -ENOENT; 1414 goto badentry; 1415 } 1416 if (d_mountpoint(entry)) { 1417 err = -EBUSY; 1418 goto badentry; 1419 } 1420 if (d_is_dir(entry)) { 1421 shrink_dcache_parent(entry); 1422 if (!simple_empty(entry)) { 1423 err = -ENOTEMPTY; 1424 goto badentry; 1425 } 1426 d_inode(entry)->i_flags |= S_DEAD; 1427 } 1428 dont_mount(entry); 1429 clear_nlink(d_inode(entry)); 1430 err = 0; 1431 badentry: 1432 inode_unlock(d_inode(entry)); 1433 if (!err) 1434 d_delete(entry); 1435 } else { 1436 err = 0; 1437 } 1438 dput(entry); 1439 1440 unlock: 1441 inode_unlock(parent); 1442 iput(parent); 1443 return err; 1444 } 1445 fuse_permissible_uidgid(struct fuse_conn * fc)1446 static inline bool fuse_permissible_uidgid(struct fuse_conn *fc) 1447 { 1448 const struct cred *cred = current_cred(); 1449 1450 return (uid_eq(cred->euid, fc->user_id) && 1451 uid_eq(cred->suid, fc->user_id) && 1452 uid_eq(cred->uid, fc->user_id) && 1453 gid_eq(cred->egid, fc->group_id) && 1454 gid_eq(cred->sgid, fc->group_id) && 1455 gid_eq(cred->gid, fc->group_id)); 1456 } 1457 1458 /* 1459 * Calling into a user-controlled filesystem gives the filesystem 1460 * daemon ptrace-like capabilities over the current process. This 1461 * means, that the filesystem daemon is able to record the exact 1462 * filesystem operations performed, and can also control the behavior 1463 * of the requester process in otherwise impossible ways. For example 1464 * it can delay the operation for arbitrary length of time allowing 1465 * DoS against the requester. 1466 * 1467 * For this reason only those processes can call into the filesystem, 1468 * for which the owner of the mount has ptrace privilege. This 1469 * excludes processes started by other users, suid or sgid processes. 1470 */ fuse_allow_current_process(struct fuse_conn * fc)1471 bool fuse_allow_current_process(struct fuse_conn *fc) 1472 { 1473 bool allow; 1474 1475 if (fc->allow_other) 1476 allow = current_in_userns(fc->user_ns); 1477 else 1478 allow = fuse_permissible_uidgid(fc); 1479 1480 if (!allow && allow_sys_admin_access && capable(CAP_SYS_ADMIN)) 1481 allow = true; 1482 1483 return allow; 1484 } 1485 fuse_access(struct inode * inode,int mask)1486 static int fuse_access(struct inode *inode, int mask) 1487 { 1488 struct fuse_mount *fm = get_fuse_mount(inode); 1489 FUSE_ARGS(args); 1490 struct fuse_access_in inarg; 1491 int err; 1492 1493 BUG_ON(mask & MAY_NOT_BLOCK); 1494 1495 /* 1496 * We should not send FUSE_ACCESS to the userspace 1497 * when idmapped mounts are enabled as for this case 1498 * we have fc->default_permissions = 1 and access 1499 * permission checks are done on the kernel side. 1500 */ 1501 WARN_ON_ONCE(!(fm->sb->s_iflags & SB_I_NOIDMAP)); 1502 1503 if (fm->fc->no_access) 1504 return 0; 1505 1506 memset(&inarg, 0, sizeof(inarg)); 1507 inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC); 1508 args.opcode = FUSE_ACCESS; 1509 args.nodeid = get_node_id(inode); 1510 args.in_numargs = 1; 1511 args.in_args[0].size = sizeof(inarg); 1512 args.in_args[0].value = &inarg; 1513 err = fuse_simple_request(fm, &args); 1514 if (err == -ENOSYS) { 1515 fm->fc->no_access = 1; 1516 err = 0; 1517 } 1518 return err; 1519 } 1520 fuse_perm_getattr(struct inode * inode,int mask)1521 static int fuse_perm_getattr(struct inode *inode, int mask) 1522 { 1523 if (mask & MAY_NOT_BLOCK) 1524 return -ECHILD; 1525 1526 forget_all_cached_acls(inode); 1527 return fuse_do_getattr(&nop_mnt_idmap, inode, NULL, NULL); 1528 } 1529 1530 /* 1531 * Check permission. The two basic access models of FUSE are: 1532 * 1533 * 1) Local access checking ('default_permissions' mount option) based 1534 * on file mode. This is the plain old disk filesystem permission 1535 * model. 1536 * 1537 * 2) "Remote" access checking, where server is responsible for 1538 * checking permission in each inode operation. An exception to this 1539 * is if ->permission() was invoked from sys_access() in which case an 1540 * access request is sent. Execute permission is still checked 1541 * locally based on file mode. 1542 */ fuse_permission(struct mnt_idmap * idmap,struct inode * inode,int mask)1543 static int fuse_permission(struct mnt_idmap *idmap, 1544 struct inode *inode, int mask) 1545 { 1546 struct fuse_conn *fc = get_fuse_conn(inode); 1547 bool refreshed = false; 1548 int err = 0; 1549 1550 if (fuse_is_bad(inode)) 1551 return -EIO; 1552 1553 if (!fuse_allow_current_process(fc)) 1554 return -EACCES; 1555 1556 /* 1557 * If attributes are needed, refresh them before proceeding 1558 */ 1559 if (fc->default_permissions || 1560 ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) { 1561 struct fuse_inode *fi = get_fuse_inode(inode); 1562 u32 perm_mask = STATX_MODE | STATX_UID | STATX_GID; 1563 1564 if (perm_mask & READ_ONCE(fi->inval_mask) || 1565 time_before64(fi->i_time, get_jiffies_64())) { 1566 refreshed = true; 1567 1568 err = fuse_perm_getattr(inode, mask); 1569 if (err) 1570 return err; 1571 } 1572 } 1573 1574 if (fc->default_permissions) { 1575 err = generic_permission(idmap, inode, mask); 1576 1577 /* If permission is denied, try to refresh file 1578 attributes. This is also needed, because the root 1579 node will at first have no permissions */ 1580 if (err == -EACCES && !refreshed) { 1581 err = fuse_perm_getattr(inode, mask); 1582 if (!err) 1583 err = generic_permission(idmap, 1584 inode, mask); 1585 } 1586 1587 /* Note: the opposite of the above test does not 1588 exist. So if permissions are revoked this won't be 1589 noticed immediately, only after the attribute 1590 timeout has expired */ 1591 } else if (mask & (MAY_ACCESS | MAY_CHDIR)) { 1592 err = fuse_access(inode, mask); 1593 } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) { 1594 if (!(inode->i_mode & S_IXUGO)) { 1595 if (refreshed) 1596 return -EACCES; 1597 1598 err = fuse_perm_getattr(inode, mask); 1599 if (!err && !(inode->i_mode & S_IXUGO)) 1600 return -EACCES; 1601 } 1602 } 1603 return err; 1604 } 1605 fuse_readlink_page(struct inode * inode,struct folio * folio)1606 static int fuse_readlink_page(struct inode *inode, struct folio *folio) 1607 { 1608 struct fuse_mount *fm = get_fuse_mount(inode); 1609 struct fuse_folio_desc desc = { .length = PAGE_SIZE - 1 }; 1610 struct fuse_args_pages ap = { 1611 .num_folios = 1, 1612 .folios = &folio, 1613 .descs = &desc, 1614 }; 1615 char *link; 1616 ssize_t res; 1617 1618 ap.args.opcode = FUSE_READLINK; 1619 ap.args.nodeid = get_node_id(inode); 1620 ap.args.out_pages = true; 1621 ap.args.out_argvar = true; 1622 ap.args.page_zeroing = true; 1623 ap.args.out_numargs = 1; 1624 ap.args.out_args[0].size = desc.length; 1625 res = fuse_simple_request(fm, &ap.args); 1626 1627 fuse_invalidate_atime(inode); 1628 1629 if (res < 0) 1630 return res; 1631 1632 if (WARN_ON(res >= PAGE_SIZE)) 1633 return -EIO; 1634 1635 link = folio_address(folio); 1636 link[res] = '\0'; 1637 1638 return 0; 1639 } 1640 fuse_get_link(struct dentry * dentry,struct inode * inode,struct delayed_call * callback)1641 static const char *fuse_get_link(struct dentry *dentry, struct inode *inode, 1642 struct delayed_call *callback) 1643 { 1644 struct fuse_conn *fc = get_fuse_conn(inode); 1645 struct folio *folio; 1646 int err; 1647 1648 err = -EIO; 1649 if (fuse_is_bad(inode)) 1650 goto out_err; 1651 1652 if (fc->cache_symlinks) 1653 return page_get_link_raw(dentry, inode, callback); 1654 1655 err = -ECHILD; 1656 if (!dentry) 1657 goto out_err; 1658 1659 folio = folio_alloc(GFP_KERNEL, 0); 1660 err = -ENOMEM; 1661 if (!folio) 1662 goto out_err; 1663 1664 err = fuse_readlink_page(inode, folio); 1665 if (err) { 1666 folio_put(folio); 1667 goto out_err; 1668 } 1669 1670 set_delayed_call(callback, page_put_link, &folio->page); 1671 1672 return folio_address(folio); 1673 1674 out_err: 1675 return ERR_PTR(err); 1676 } 1677 fuse_dir_open(struct inode * inode,struct file * file)1678 static int fuse_dir_open(struct inode *inode, struct file *file) 1679 { 1680 struct fuse_mount *fm = get_fuse_mount(inode); 1681 int err; 1682 1683 if (fuse_is_bad(inode)) 1684 return -EIO; 1685 1686 err = generic_file_open(inode, file); 1687 if (err) 1688 return err; 1689 1690 err = fuse_do_open(fm, get_node_id(inode), file, true); 1691 if (!err) { 1692 struct fuse_file *ff = file->private_data; 1693 1694 /* 1695 * Keep handling FOPEN_STREAM and FOPEN_NONSEEKABLE for 1696 * directories for backward compatibility, though it's unlikely 1697 * to be useful. 1698 */ 1699 if (ff->open_flags & (FOPEN_STREAM | FOPEN_NONSEEKABLE)) 1700 nonseekable_open(inode, file); 1701 if (!(ff->open_flags & FOPEN_KEEP_CACHE)) 1702 invalidate_inode_pages2(inode->i_mapping); 1703 } 1704 1705 return err; 1706 } 1707 fuse_dir_release(struct inode * inode,struct file * file)1708 static int fuse_dir_release(struct inode *inode, struct file *file) 1709 { 1710 fuse_release_common(file, true); 1711 1712 return 0; 1713 } 1714 fuse_dir_fsync(struct file * file,loff_t start,loff_t end,int datasync)1715 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end, 1716 int datasync) 1717 { 1718 struct inode *inode = file->f_mapping->host; 1719 struct fuse_conn *fc = get_fuse_conn(inode); 1720 int err; 1721 1722 if (fuse_is_bad(inode)) 1723 return -EIO; 1724 1725 if (fc->no_fsyncdir) 1726 return 0; 1727 1728 inode_lock(inode); 1729 err = fuse_fsync_common(file, start, end, datasync, FUSE_FSYNCDIR); 1730 if (err == -ENOSYS) { 1731 fc->no_fsyncdir = 1; 1732 err = 0; 1733 } 1734 inode_unlock(inode); 1735 1736 return err; 1737 } 1738 fuse_dir_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1739 static long fuse_dir_ioctl(struct file *file, unsigned int cmd, 1740 unsigned long arg) 1741 { 1742 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host); 1743 1744 /* FUSE_IOCTL_DIR only supported for API version >= 7.18 */ 1745 if (fc->minor < 18) 1746 return -ENOTTY; 1747 1748 return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR); 1749 } 1750 fuse_dir_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1751 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd, 1752 unsigned long arg) 1753 { 1754 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host); 1755 1756 if (fc->minor < 18) 1757 return -ENOTTY; 1758 1759 return fuse_ioctl_common(file, cmd, arg, 1760 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR); 1761 } 1762 update_mtime(unsigned ivalid,bool trust_local_mtime)1763 static bool update_mtime(unsigned ivalid, bool trust_local_mtime) 1764 { 1765 /* Always update if mtime is explicitly set */ 1766 if (ivalid & ATTR_MTIME_SET) 1767 return true; 1768 1769 /* Or if kernel i_mtime is the official one */ 1770 if (trust_local_mtime) 1771 return true; 1772 1773 /* If it's an open(O_TRUNC) or an ftruncate(), don't update */ 1774 if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE))) 1775 return false; 1776 1777 /* In all other cases update */ 1778 return true; 1779 } 1780 iattr_to_fattr(struct mnt_idmap * idmap,struct fuse_conn * fc,struct iattr * iattr,struct fuse_setattr_in * arg,bool trust_local_cmtime)1781 static void iattr_to_fattr(struct mnt_idmap *idmap, struct fuse_conn *fc, 1782 struct iattr *iattr, struct fuse_setattr_in *arg, 1783 bool trust_local_cmtime) 1784 { 1785 unsigned ivalid = iattr->ia_valid; 1786 1787 if (ivalid & ATTR_MODE) 1788 arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode; 1789 1790 if (ivalid & ATTR_UID) { 1791 kuid_t fsuid = from_vfsuid(idmap, fc->user_ns, iattr->ia_vfsuid); 1792 1793 arg->valid |= FATTR_UID; 1794 arg->uid = from_kuid(fc->user_ns, fsuid); 1795 } 1796 1797 if (ivalid & ATTR_GID) { 1798 kgid_t fsgid = from_vfsgid(idmap, fc->user_ns, iattr->ia_vfsgid); 1799 1800 arg->valid |= FATTR_GID; 1801 arg->gid = from_kgid(fc->user_ns, fsgid); 1802 } 1803 1804 if (ivalid & ATTR_SIZE) 1805 arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size; 1806 if (ivalid & ATTR_ATIME) { 1807 arg->valid |= FATTR_ATIME; 1808 arg->atime = iattr->ia_atime.tv_sec; 1809 arg->atimensec = iattr->ia_atime.tv_nsec; 1810 if (!(ivalid & ATTR_ATIME_SET)) 1811 arg->valid |= FATTR_ATIME_NOW; 1812 } 1813 if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) { 1814 arg->valid |= FATTR_MTIME; 1815 arg->mtime = iattr->ia_mtime.tv_sec; 1816 arg->mtimensec = iattr->ia_mtime.tv_nsec; 1817 if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime) 1818 arg->valid |= FATTR_MTIME_NOW; 1819 } 1820 if ((ivalid & ATTR_CTIME) && trust_local_cmtime) { 1821 arg->valid |= FATTR_CTIME; 1822 arg->ctime = iattr->ia_ctime.tv_sec; 1823 arg->ctimensec = iattr->ia_ctime.tv_nsec; 1824 } 1825 } 1826 1827 /* 1828 * Prevent concurrent writepages on inode 1829 * 1830 * This is done by adding a negative bias to the inode write counter 1831 * and waiting for all pending writes to finish. 1832 */ fuse_set_nowrite(struct inode * inode)1833 void fuse_set_nowrite(struct inode *inode) 1834 { 1835 struct fuse_inode *fi = get_fuse_inode(inode); 1836 1837 BUG_ON(!inode_is_locked(inode)); 1838 1839 spin_lock(&fi->lock); 1840 BUG_ON(fi->writectr < 0); 1841 fi->writectr += FUSE_NOWRITE; 1842 spin_unlock(&fi->lock); 1843 wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE); 1844 } 1845 1846 /* 1847 * Allow writepages on inode 1848 * 1849 * Remove the bias from the writecounter and send any queued 1850 * writepages. 1851 */ __fuse_release_nowrite(struct inode * inode)1852 static void __fuse_release_nowrite(struct inode *inode) 1853 { 1854 struct fuse_inode *fi = get_fuse_inode(inode); 1855 1856 BUG_ON(fi->writectr != FUSE_NOWRITE); 1857 fi->writectr = 0; 1858 fuse_flush_writepages(inode); 1859 } 1860 fuse_release_nowrite(struct inode * inode)1861 void fuse_release_nowrite(struct inode *inode) 1862 { 1863 struct fuse_inode *fi = get_fuse_inode(inode); 1864 1865 spin_lock(&fi->lock); 1866 __fuse_release_nowrite(inode); 1867 spin_unlock(&fi->lock); 1868 } 1869 fuse_setattr_fill(struct fuse_conn * fc,struct fuse_args * args,struct inode * inode,struct fuse_setattr_in * inarg_p,struct fuse_attr_out * outarg_p)1870 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args, 1871 struct inode *inode, 1872 struct fuse_setattr_in *inarg_p, 1873 struct fuse_attr_out *outarg_p) 1874 { 1875 args->opcode = FUSE_SETATTR; 1876 args->nodeid = get_node_id(inode); 1877 args->in_numargs = 1; 1878 args->in_args[0].size = sizeof(*inarg_p); 1879 args->in_args[0].value = inarg_p; 1880 args->out_numargs = 1; 1881 args->out_args[0].size = sizeof(*outarg_p); 1882 args->out_args[0].value = outarg_p; 1883 } 1884 1885 /* 1886 * Flush inode->i_mtime to the server 1887 */ fuse_flush_times(struct inode * inode,struct fuse_file * ff)1888 int fuse_flush_times(struct inode *inode, struct fuse_file *ff) 1889 { 1890 struct fuse_mount *fm = get_fuse_mount(inode); 1891 FUSE_ARGS(args); 1892 struct fuse_setattr_in inarg; 1893 struct fuse_attr_out outarg; 1894 1895 memset(&inarg, 0, sizeof(inarg)); 1896 memset(&outarg, 0, sizeof(outarg)); 1897 1898 inarg.valid = FATTR_MTIME; 1899 inarg.mtime = inode_get_mtime_sec(inode); 1900 inarg.mtimensec = inode_get_mtime_nsec(inode); 1901 if (fm->fc->minor >= 23) { 1902 inarg.valid |= FATTR_CTIME; 1903 inarg.ctime = inode_get_ctime_sec(inode); 1904 inarg.ctimensec = inode_get_ctime_nsec(inode); 1905 } 1906 if (ff) { 1907 inarg.valid |= FATTR_FH; 1908 inarg.fh = ff->fh; 1909 } 1910 fuse_setattr_fill(fm->fc, &args, inode, &inarg, &outarg); 1911 1912 return fuse_simple_request(fm, &args); 1913 } 1914 1915 /* 1916 * Set attributes, and at the same time refresh them. 1917 * 1918 * Truncation is slightly complicated, because the 'truncate' request 1919 * may fail, in which case we don't want to touch the mapping. 1920 * vmtruncate() doesn't allow for this case, so do the rlimit checking 1921 * and the actual truncation by hand. 1922 */ fuse_do_setattr(struct mnt_idmap * idmap,struct dentry * dentry,struct iattr * attr,struct file * file)1923 int fuse_do_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 1924 struct iattr *attr, struct file *file) 1925 { 1926 struct inode *inode = d_inode(dentry); 1927 struct fuse_mount *fm = get_fuse_mount(inode); 1928 struct fuse_conn *fc = fm->fc; 1929 struct fuse_inode *fi = get_fuse_inode(inode); 1930 struct address_space *mapping = inode->i_mapping; 1931 FUSE_ARGS(args); 1932 struct fuse_setattr_in inarg; 1933 struct fuse_attr_out outarg; 1934 bool is_truncate = false; 1935 bool is_wb = fc->writeback_cache && S_ISREG(inode->i_mode); 1936 loff_t oldsize; 1937 int err; 1938 bool trust_local_cmtime = is_wb; 1939 bool fault_blocked = false; 1940 1941 if (!fc->default_permissions) 1942 attr->ia_valid |= ATTR_FORCE; 1943 1944 err = setattr_prepare(idmap, dentry, attr); 1945 if (err) 1946 return err; 1947 1948 if (attr->ia_valid & ATTR_SIZE) { 1949 if (WARN_ON(!S_ISREG(inode->i_mode))) 1950 return -EIO; 1951 is_truncate = true; 1952 } 1953 1954 if (FUSE_IS_DAX(inode) && is_truncate) { 1955 filemap_invalidate_lock(mapping); 1956 fault_blocked = true; 1957 err = fuse_dax_break_layouts(inode, 0, 0); 1958 if (err) { 1959 filemap_invalidate_unlock(mapping); 1960 return err; 1961 } 1962 } 1963 1964 if (attr->ia_valid & ATTR_OPEN) { 1965 /* This is coming from open(..., ... | O_TRUNC); */ 1966 WARN_ON(!(attr->ia_valid & ATTR_SIZE)); 1967 WARN_ON(attr->ia_size != 0); 1968 if (fc->atomic_o_trunc) { 1969 /* 1970 * No need to send request to userspace, since actual 1971 * truncation has already been done by OPEN. But still 1972 * need to truncate page cache. 1973 */ 1974 i_size_write(inode, 0); 1975 truncate_pagecache(inode, 0); 1976 goto out; 1977 } 1978 file = NULL; 1979 } 1980 1981 /* Flush dirty data/metadata before non-truncate SETATTR */ 1982 if (is_wb && 1983 attr->ia_valid & 1984 (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET | 1985 ATTR_TIMES_SET)) { 1986 err = write_inode_now(inode, true); 1987 if (err) 1988 return err; 1989 1990 fuse_set_nowrite(inode); 1991 fuse_release_nowrite(inode); 1992 } 1993 1994 if (is_truncate) { 1995 fuse_set_nowrite(inode); 1996 set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); 1997 if (trust_local_cmtime && attr->ia_size != inode->i_size) 1998 attr->ia_valid |= ATTR_MTIME | ATTR_CTIME; 1999 } 2000 2001 memset(&inarg, 0, sizeof(inarg)); 2002 memset(&outarg, 0, sizeof(outarg)); 2003 iattr_to_fattr(idmap, fc, attr, &inarg, trust_local_cmtime); 2004 if (file) { 2005 struct fuse_file *ff = file->private_data; 2006 inarg.valid |= FATTR_FH; 2007 inarg.fh = ff->fh; 2008 } 2009 2010 /* Kill suid/sgid for non-directory chown unconditionally */ 2011 if (fc->handle_killpriv_v2 && !S_ISDIR(inode->i_mode) && 2012 attr->ia_valid & (ATTR_UID | ATTR_GID)) 2013 inarg.valid |= FATTR_KILL_SUIDGID; 2014 2015 if (attr->ia_valid & ATTR_SIZE) { 2016 /* For mandatory locking in truncate */ 2017 inarg.valid |= FATTR_LOCKOWNER; 2018 inarg.lock_owner = fuse_lock_owner_id(fc, current->files); 2019 2020 /* Kill suid/sgid for truncate only if no CAP_FSETID */ 2021 if (fc->handle_killpriv_v2 && !capable(CAP_FSETID)) 2022 inarg.valid |= FATTR_KILL_SUIDGID; 2023 } 2024 fuse_setattr_fill(fc, &args, inode, &inarg, &outarg); 2025 err = fuse_simple_request(fm, &args); 2026 if (err) { 2027 if (err == -EINTR) 2028 fuse_invalidate_attr(inode); 2029 goto error; 2030 } 2031 2032 if (fuse_invalid_attr(&outarg.attr) || 2033 inode_wrong_type(inode, outarg.attr.mode)) { 2034 fuse_make_bad(inode); 2035 err = -EIO; 2036 goto error; 2037 } 2038 2039 spin_lock(&fi->lock); 2040 /* the kernel maintains i_mtime locally */ 2041 if (trust_local_cmtime) { 2042 if (attr->ia_valid & ATTR_MTIME) 2043 inode_set_mtime_to_ts(inode, attr->ia_mtime); 2044 if (attr->ia_valid & ATTR_CTIME) 2045 inode_set_ctime_to_ts(inode, attr->ia_ctime); 2046 /* FIXME: clear I_DIRTY_SYNC? */ 2047 } 2048 2049 fuse_change_attributes_common(inode, &outarg.attr, NULL, 2050 ATTR_TIMEOUT(&outarg), 2051 fuse_get_cache_mask(inode), 0); 2052 oldsize = inode->i_size; 2053 /* see the comment in fuse_change_attributes() */ 2054 if (!is_wb || is_truncate) 2055 i_size_write(inode, outarg.attr.size); 2056 2057 if (is_truncate) { 2058 /* NOTE: this may release/reacquire fi->lock */ 2059 __fuse_release_nowrite(inode); 2060 } 2061 spin_unlock(&fi->lock); 2062 2063 /* 2064 * Only call invalidate_inode_pages2() after removing 2065 * FUSE_NOWRITE, otherwise fuse_launder_folio() would deadlock. 2066 */ 2067 if ((is_truncate || !is_wb) && 2068 S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) { 2069 truncate_pagecache(inode, outarg.attr.size); 2070 invalidate_inode_pages2(mapping); 2071 } 2072 2073 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); 2074 out: 2075 if (fault_blocked) 2076 filemap_invalidate_unlock(mapping); 2077 2078 return 0; 2079 2080 error: 2081 if (is_truncate) 2082 fuse_release_nowrite(inode); 2083 2084 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); 2085 2086 if (fault_blocked) 2087 filemap_invalidate_unlock(mapping); 2088 return err; 2089 } 2090 fuse_setattr(struct mnt_idmap * idmap,struct dentry * entry,struct iattr * attr)2091 static int fuse_setattr(struct mnt_idmap *idmap, struct dentry *entry, 2092 struct iattr *attr) 2093 { 2094 struct inode *inode = d_inode(entry); 2095 struct fuse_conn *fc = get_fuse_conn(inode); 2096 struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL; 2097 int ret; 2098 2099 if (fuse_is_bad(inode)) 2100 return -EIO; 2101 2102 if (!fuse_allow_current_process(get_fuse_conn(inode))) 2103 return -EACCES; 2104 2105 if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) { 2106 attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | 2107 ATTR_MODE); 2108 2109 /* 2110 * The only sane way to reliably kill suid/sgid is to do it in 2111 * the userspace filesystem 2112 * 2113 * This should be done on write(), truncate() and chown(). 2114 */ 2115 if (!fc->handle_killpriv && !fc->handle_killpriv_v2) { 2116 /* 2117 * ia_mode calculation may have used stale i_mode. 2118 * Refresh and recalculate. 2119 */ 2120 ret = fuse_do_getattr(idmap, inode, NULL, file); 2121 if (ret) 2122 return ret; 2123 2124 attr->ia_mode = inode->i_mode; 2125 if (inode->i_mode & S_ISUID) { 2126 attr->ia_valid |= ATTR_MODE; 2127 attr->ia_mode &= ~S_ISUID; 2128 } 2129 if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { 2130 attr->ia_valid |= ATTR_MODE; 2131 attr->ia_mode &= ~S_ISGID; 2132 } 2133 } 2134 } 2135 if (!attr->ia_valid) 2136 return 0; 2137 2138 ret = fuse_do_setattr(idmap, entry, attr, file); 2139 if (!ret) { 2140 /* 2141 * If filesystem supports acls it may have updated acl xattrs in 2142 * the filesystem, so forget cached acls for the inode. 2143 */ 2144 if (fc->posix_acl) 2145 forget_all_cached_acls(inode); 2146 2147 /* Directory mode changed, may need to revalidate access */ 2148 if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE)) 2149 fuse_invalidate_entry_cache(entry); 2150 } 2151 return ret; 2152 } 2153 fuse_getattr(struct mnt_idmap * idmap,const struct path * path,struct kstat * stat,u32 request_mask,unsigned int flags)2154 static int fuse_getattr(struct mnt_idmap *idmap, 2155 const struct path *path, struct kstat *stat, 2156 u32 request_mask, unsigned int flags) 2157 { 2158 struct inode *inode = d_inode(path->dentry); 2159 struct fuse_conn *fc = get_fuse_conn(inode); 2160 2161 if (fuse_is_bad(inode)) 2162 return -EIO; 2163 2164 if (!fuse_allow_current_process(fc)) { 2165 if (!request_mask) { 2166 /* 2167 * If user explicitly requested *nothing* then don't 2168 * error out, but return st_dev only. 2169 */ 2170 stat->result_mask = 0; 2171 stat->dev = inode->i_sb->s_dev; 2172 return 0; 2173 } 2174 return -EACCES; 2175 } 2176 2177 return fuse_update_get_attr(idmap, inode, NULL, stat, request_mask, flags); 2178 } 2179 2180 static const struct inode_operations fuse_dir_inode_operations = { 2181 .lookup = fuse_lookup, 2182 .mkdir = fuse_mkdir, 2183 .symlink = fuse_symlink, 2184 .unlink = fuse_unlink, 2185 .rmdir = fuse_rmdir, 2186 .rename = fuse_rename2, 2187 .link = fuse_link, 2188 .setattr = fuse_setattr, 2189 .create = fuse_create, 2190 .atomic_open = fuse_atomic_open, 2191 .tmpfile = fuse_tmpfile, 2192 .mknod = fuse_mknod, 2193 .permission = fuse_permission, 2194 .getattr = fuse_getattr, 2195 .listxattr = fuse_listxattr, 2196 .get_inode_acl = fuse_get_inode_acl, 2197 .get_acl = fuse_get_acl, 2198 .set_acl = fuse_set_acl, 2199 .fileattr_get = fuse_fileattr_get, 2200 .fileattr_set = fuse_fileattr_set, 2201 }; 2202 2203 static const struct file_operations fuse_dir_operations = { 2204 .llseek = generic_file_llseek, 2205 .read = generic_read_dir, 2206 .iterate_shared = fuse_readdir, 2207 .open = fuse_dir_open, 2208 .release = fuse_dir_release, 2209 .fsync = fuse_dir_fsync, 2210 .unlocked_ioctl = fuse_dir_ioctl, 2211 .compat_ioctl = fuse_dir_compat_ioctl, 2212 }; 2213 2214 static const struct inode_operations fuse_common_inode_operations = { 2215 .setattr = fuse_setattr, 2216 .permission = fuse_permission, 2217 .getattr = fuse_getattr, 2218 .listxattr = fuse_listxattr, 2219 .get_inode_acl = fuse_get_inode_acl, 2220 .get_acl = fuse_get_acl, 2221 .set_acl = fuse_set_acl, 2222 .fileattr_get = fuse_fileattr_get, 2223 .fileattr_set = fuse_fileattr_set, 2224 }; 2225 2226 static const struct inode_operations fuse_symlink_inode_operations = { 2227 .setattr = fuse_setattr, 2228 .get_link = fuse_get_link, 2229 .getattr = fuse_getattr, 2230 .listxattr = fuse_listxattr, 2231 }; 2232 fuse_init_common(struct inode * inode)2233 void fuse_init_common(struct inode *inode) 2234 { 2235 inode->i_op = &fuse_common_inode_operations; 2236 } 2237 fuse_init_dir(struct inode * inode)2238 void fuse_init_dir(struct inode *inode) 2239 { 2240 struct fuse_inode *fi = get_fuse_inode(inode); 2241 2242 inode->i_op = &fuse_dir_inode_operations; 2243 inode->i_fop = &fuse_dir_operations; 2244 2245 spin_lock_init(&fi->rdc.lock); 2246 fi->rdc.cached = false; 2247 fi->rdc.size = 0; 2248 fi->rdc.pos = 0; 2249 fi->rdc.version = 0; 2250 } 2251 fuse_symlink_read_folio(struct file * null,struct folio * folio)2252 static int fuse_symlink_read_folio(struct file *null, struct folio *folio) 2253 { 2254 int err = fuse_readlink_page(folio->mapping->host, folio); 2255 2256 if (!err) 2257 folio_mark_uptodate(folio); 2258 2259 folio_unlock(folio); 2260 2261 return err; 2262 } 2263 2264 static const struct address_space_operations fuse_symlink_aops = { 2265 .read_folio = fuse_symlink_read_folio, 2266 }; 2267 fuse_init_symlink(struct inode * inode)2268 void fuse_init_symlink(struct inode *inode) 2269 { 2270 inode->i_op = &fuse_symlink_inode_operations; 2271 inode->i_data.a_ops = &fuse_symlink_aops; 2272 inode_nohighmem(inode); 2273 } 2274