1 /*
2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu>
4
5 This program can be distributed under the terms of the GNU GPL.
6 See the file COPYING.
7 */
8
9 #include "fuse_i.h"
10
11 #include <linux/pagemap.h>
12 #include <linux/file.h>
13 #include <linux/fs_context.h>
14 #include <linux/moduleparam.h>
15 #include <linux/sched.h>
16 #include <linux/namei.h>
17 #include <linux/slab.h>
18 #include <linux/xattr.h>
19 #include <linux/iversion.h>
20 #include <linux/posix_acl.h>
21 #include <linux/security.h>
22 #include <linux/types.h>
23 #include <linux/kernel.h>
24
25 static bool __read_mostly allow_sys_admin_access;
26 module_param(allow_sys_admin_access, bool, 0644);
27 MODULE_PARM_DESC(allow_sys_admin_access,
28 "Allow users with CAP_SYS_ADMIN in initial userns to bypass allow_other access check");
29
fuse_advise_use_readdirplus(struct inode * dir)30 static void fuse_advise_use_readdirplus(struct inode *dir)
31 {
32 struct fuse_inode *fi = get_fuse_inode(dir);
33
34 set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state);
35 }
36
37 #if BITS_PER_LONG >= 64
__fuse_dentry_settime(struct dentry * entry,u64 time)38 static inline void __fuse_dentry_settime(struct dentry *entry, u64 time)
39 {
40 entry->d_fsdata = (void *) time;
41 }
42
fuse_dentry_time(const struct dentry * entry)43 static inline u64 fuse_dentry_time(const struct dentry *entry)
44 {
45 return (u64)entry->d_fsdata;
46 }
47
48 #else
49 union fuse_dentry {
50 u64 time;
51 struct rcu_head rcu;
52 };
53
__fuse_dentry_settime(struct dentry * dentry,u64 time)54 static inline void __fuse_dentry_settime(struct dentry *dentry, u64 time)
55 {
56 ((union fuse_dentry *) dentry->d_fsdata)->time = time;
57 }
58
fuse_dentry_time(const struct dentry * entry)59 static inline u64 fuse_dentry_time(const struct dentry *entry)
60 {
61 return ((union fuse_dentry *) entry->d_fsdata)->time;
62 }
63 #endif
64
fuse_dentry_settime(struct dentry * dentry,u64 time)65 static void fuse_dentry_settime(struct dentry *dentry, u64 time)
66 {
67 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
68 bool delete = !time && fc->delete_stale;
69 /*
70 * Mess with DCACHE_OP_DELETE because dput() will be faster without it.
71 * Don't care about races, either way it's just an optimization
72 */
73 if ((!delete && (dentry->d_flags & DCACHE_OP_DELETE)) ||
74 (delete && !(dentry->d_flags & DCACHE_OP_DELETE))) {
75 spin_lock(&dentry->d_lock);
76 if (!delete)
77 dentry->d_flags &= ~DCACHE_OP_DELETE;
78 else
79 dentry->d_flags |= DCACHE_OP_DELETE;
80 spin_unlock(&dentry->d_lock);
81 }
82
83 __fuse_dentry_settime(dentry, time);
84 }
85
86 /*
87 * FUSE caches dentries and attributes with separate timeout. The
88 * time in jiffies until the dentry/attributes are valid is stored in
89 * dentry->d_fsdata and fuse_inode->i_time respectively.
90 */
91
92 /*
93 * Calculate the time in jiffies until a dentry/attributes are valid
94 */
fuse_time_to_jiffies(u64 sec,u32 nsec)95 u64 fuse_time_to_jiffies(u64 sec, u32 nsec)
96 {
97 if (sec || nsec) {
98 struct timespec64 ts = {
99 sec,
100 min_t(u32, nsec, NSEC_PER_SEC - 1)
101 };
102
103 return get_jiffies_64() + timespec64_to_jiffies(&ts);
104 } else
105 return 0;
106 }
107
108 /*
109 * Set dentry and possibly attribute timeouts from the lookup/mk*
110 * replies
111 */
fuse_change_entry_timeout(struct dentry * entry,struct fuse_entry_out * o)112 void fuse_change_entry_timeout(struct dentry *entry, struct fuse_entry_out *o)
113 {
114 fuse_dentry_settime(entry,
115 fuse_time_to_jiffies(o->entry_valid, o->entry_valid_nsec));
116 }
117
fuse_invalidate_attr_mask(struct inode * inode,u32 mask)118 void fuse_invalidate_attr_mask(struct inode *inode, u32 mask)
119 {
120 set_mask_bits(&get_fuse_inode(inode)->inval_mask, 0, mask);
121 }
122
123 /*
124 * Mark the attributes as stale, so that at the next call to
125 * ->getattr() they will be fetched from userspace
126 */
fuse_invalidate_attr(struct inode * inode)127 void fuse_invalidate_attr(struct inode *inode)
128 {
129 fuse_invalidate_attr_mask(inode, STATX_BASIC_STATS);
130 }
131
fuse_dir_changed(struct inode * dir)132 static void fuse_dir_changed(struct inode *dir)
133 {
134 fuse_invalidate_attr(dir);
135 inode_maybe_inc_iversion(dir, false);
136 }
137
138 /*
139 * Mark the attributes as stale due to an atime change. Avoid the invalidate if
140 * atime is not used.
141 */
fuse_invalidate_atime(struct inode * inode)142 void fuse_invalidate_atime(struct inode *inode)
143 {
144 if (!IS_RDONLY(inode))
145 fuse_invalidate_attr_mask(inode, STATX_ATIME);
146 }
147
148 /*
149 * Just mark the entry as stale, so that a next attempt to look it up
150 * will result in a new lookup call to userspace
151 *
152 * This is called when a dentry is about to become negative and the
153 * timeout is unknown (unlink, rmdir, rename and in some cases
154 * lookup)
155 */
fuse_invalidate_entry_cache(struct dentry * entry)156 void fuse_invalidate_entry_cache(struct dentry *entry)
157 {
158 fuse_dentry_settime(entry, 0);
159 }
160
161 /*
162 * Same as fuse_invalidate_entry_cache(), but also try to remove the
163 * dentry from the hash
164 */
fuse_invalidate_entry(struct dentry * entry)165 static void fuse_invalidate_entry(struct dentry *entry)
166 {
167 d_invalidate(entry);
168 fuse_invalidate_entry_cache(entry);
169 }
170
fuse_lookup_init(struct fuse_conn * fc,struct fuse_args * args,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg)171 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args,
172 u64 nodeid, const struct qstr *name,
173 struct fuse_entry_out *outarg)
174 {
175 memset(outarg, 0, sizeof(struct fuse_entry_out));
176 args->opcode = FUSE_LOOKUP;
177 args->nodeid = nodeid;
178 args->in_numargs = 1;
179 args->in_args[0].size = name->len + 1;
180 args->in_args[0].value = name->name;
181 args->out_numargs = 1;
182 args->out_args[0].size = sizeof(struct fuse_entry_out);
183 args->out_args[0].value = outarg;
184 }
185
186 /*
187 * Check whether the dentry is still valid
188 *
189 * If the entry validity timeout has expired and the dentry is
190 * positive, try to redo the lookup. If the lookup results in a
191 * different inode, then let the VFS invalidate the dentry and redo
192 * the lookup once more. If the lookup results in the same inode,
193 * then refresh the attributes, timeouts and mark the dentry valid.
194 */
fuse_dentry_revalidate(struct dentry * entry,unsigned int flags)195 static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags)
196 {
197 struct inode *inode;
198 struct dentry *parent;
199 struct fuse_mount *fm;
200 struct fuse_inode *fi;
201 int ret;
202
203 inode = d_inode_rcu(entry);
204 if (inode && fuse_is_bad(inode))
205 goto invalid;
206 else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||
207 (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) {
208 struct fuse_entry_out outarg;
209 FUSE_ARGS(args);
210 struct fuse_forget_link *forget;
211 u64 attr_version;
212
213 /* For negative dentries, always do a fresh lookup */
214 if (!inode)
215 goto invalid;
216
217 ret = -ECHILD;
218 if (flags & LOOKUP_RCU)
219 goto out;
220
221 fm = get_fuse_mount(inode);
222
223 forget = fuse_alloc_forget();
224 ret = -ENOMEM;
225 if (!forget)
226 goto out;
227
228 attr_version = fuse_get_attr_version(fm->fc);
229
230 parent = dget_parent(entry);
231 fuse_lookup_init(fm->fc, &args, get_node_id(d_inode(parent)),
232 &entry->d_name, &outarg);
233 ret = fuse_simple_request(fm, &args);
234 dput(parent);
235 /* Zero nodeid is same as -ENOENT */
236 if (!ret && !outarg.nodeid)
237 ret = -ENOENT;
238 if (!ret) {
239 fi = get_fuse_inode(inode);
240 if (outarg.nodeid != get_node_id(inode) ||
241 (bool) IS_AUTOMOUNT(inode) != (bool) (outarg.attr.flags & FUSE_ATTR_SUBMOUNT)) {
242 fuse_queue_forget(fm->fc, forget,
243 outarg.nodeid, 1);
244 goto invalid;
245 }
246 spin_lock(&fi->lock);
247 fi->nlookup++;
248 spin_unlock(&fi->lock);
249 }
250 kfree(forget);
251 if (ret == -ENOMEM || ret == -EINTR)
252 goto out;
253 if (ret || fuse_invalid_attr(&outarg.attr) ||
254 fuse_stale_inode(inode, outarg.generation, &outarg.attr))
255 goto invalid;
256
257 forget_all_cached_acls(inode);
258 fuse_change_attributes(inode, &outarg.attr, NULL,
259 ATTR_TIMEOUT(&outarg),
260 attr_version);
261 fuse_change_entry_timeout(entry, &outarg);
262 } else if (inode) {
263 fi = get_fuse_inode(inode);
264 if (flags & LOOKUP_RCU) {
265 if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state))
266 return -ECHILD;
267 } else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) {
268 parent = dget_parent(entry);
269 fuse_advise_use_readdirplus(d_inode(parent));
270 dput(parent);
271 }
272 }
273 ret = 1;
274 out:
275 return ret;
276
277 invalid:
278 ret = 0;
279 goto out;
280 }
281
282 #if BITS_PER_LONG < 64
fuse_dentry_init(struct dentry * dentry)283 static int fuse_dentry_init(struct dentry *dentry)
284 {
285 dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry),
286 GFP_KERNEL_ACCOUNT | __GFP_RECLAIMABLE);
287
288 return dentry->d_fsdata ? 0 : -ENOMEM;
289 }
fuse_dentry_release(struct dentry * dentry)290 static void fuse_dentry_release(struct dentry *dentry)
291 {
292 union fuse_dentry *fd = dentry->d_fsdata;
293
294 kfree_rcu(fd, rcu);
295 }
296 #endif
297
fuse_dentry_delete(const struct dentry * dentry)298 static int fuse_dentry_delete(const struct dentry *dentry)
299 {
300 return time_before64(fuse_dentry_time(dentry), get_jiffies_64());
301 }
302
303 /*
304 * Create a fuse_mount object with a new superblock (with path->dentry
305 * as the root), and return that mount so it can be auto-mounted on
306 * @path.
307 */
fuse_dentry_automount(struct path * path)308 static struct vfsmount *fuse_dentry_automount(struct path *path)
309 {
310 struct fs_context *fsc;
311 struct vfsmount *mnt;
312 struct fuse_inode *mp_fi = get_fuse_inode(d_inode(path->dentry));
313
314 fsc = fs_context_for_submount(path->mnt->mnt_sb->s_type, path->dentry);
315 if (IS_ERR(fsc))
316 return ERR_CAST(fsc);
317
318 /* Pass the FUSE inode of the mount for fuse_get_tree_submount() */
319 fsc->fs_private = mp_fi;
320
321 /* Create the submount */
322 mnt = fc_mount(fsc);
323 if (!IS_ERR(mnt))
324 mntget(mnt);
325
326 put_fs_context(fsc);
327 return mnt;
328 }
329
330 const struct dentry_operations fuse_dentry_operations = {
331 .d_revalidate = fuse_dentry_revalidate,
332 .d_delete = fuse_dentry_delete,
333 #if BITS_PER_LONG < 64
334 .d_init = fuse_dentry_init,
335 .d_release = fuse_dentry_release,
336 #endif
337 .d_automount = fuse_dentry_automount,
338 };
339
340 const struct dentry_operations fuse_root_dentry_operations = {
341 #if BITS_PER_LONG < 64
342 .d_init = fuse_dentry_init,
343 .d_release = fuse_dentry_release,
344 #endif
345 };
346
fuse_valid_type(int m)347 int fuse_valid_type(int m)
348 {
349 return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) ||
350 S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m);
351 }
352
fuse_valid_size(u64 size)353 static bool fuse_valid_size(u64 size)
354 {
355 return size <= LLONG_MAX;
356 }
357
fuse_invalid_attr(struct fuse_attr * attr)358 bool fuse_invalid_attr(struct fuse_attr *attr)
359 {
360 return !fuse_valid_type(attr->mode) || !fuse_valid_size(attr->size);
361 }
362
fuse_lookup_name(struct super_block * sb,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg,struct inode ** inode)363 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name,
364 struct fuse_entry_out *outarg, struct inode **inode)
365 {
366 struct fuse_mount *fm = get_fuse_mount_super(sb);
367 FUSE_ARGS(args);
368 struct fuse_forget_link *forget;
369 u64 attr_version, evict_ctr;
370 int err;
371
372 *inode = NULL;
373 err = -ENAMETOOLONG;
374 if (name->len > FUSE_NAME_MAX)
375 goto out;
376
377
378 forget = fuse_alloc_forget();
379 err = -ENOMEM;
380 if (!forget)
381 goto out;
382
383 attr_version = fuse_get_attr_version(fm->fc);
384 evict_ctr = fuse_get_evict_ctr(fm->fc);
385
386 fuse_lookup_init(fm->fc, &args, nodeid, name, outarg);
387 err = fuse_simple_request(fm, &args);
388 /* Zero nodeid is same as -ENOENT, but with valid timeout */
389 if (err || !outarg->nodeid)
390 goto out_put_forget;
391
392 err = -EIO;
393 if (fuse_invalid_attr(&outarg->attr))
394 goto out_put_forget;
395 if (outarg->nodeid == FUSE_ROOT_ID && outarg->generation != 0) {
396 pr_warn_once("root generation should be zero\n");
397 outarg->generation = 0;
398 }
399
400 *inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
401 &outarg->attr, ATTR_TIMEOUT(outarg),
402 attr_version, evict_ctr);
403 err = -ENOMEM;
404 if (!*inode) {
405 fuse_queue_forget(fm->fc, forget, outarg->nodeid, 1);
406 goto out;
407 }
408 err = 0;
409
410 out_put_forget:
411 kfree(forget);
412 out:
413 return err;
414 }
415
fuse_lookup(struct inode * dir,struct dentry * entry,unsigned int flags)416 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
417 unsigned int flags)
418 {
419 int err;
420 struct fuse_entry_out outarg;
421 struct inode *inode;
422 struct dentry *newent;
423 bool outarg_valid = true;
424 bool locked;
425
426 if (fuse_is_bad(dir))
427 return ERR_PTR(-EIO);
428
429 locked = fuse_lock_inode(dir);
430 err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name,
431 &outarg, &inode);
432 fuse_unlock_inode(dir, locked);
433 if (err == -ENOENT) {
434 outarg_valid = false;
435 err = 0;
436 }
437 if (err)
438 goto out_err;
439
440 err = -EIO;
441 if (inode && get_node_id(inode) == FUSE_ROOT_ID)
442 goto out_iput;
443
444 newent = d_splice_alias(inode, entry);
445 err = PTR_ERR(newent);
446 if (IS_ERR(newent))
447 goto out_err;
448
449 entry = newent ? newent : entry;
450 if (outarg_valid)
451 fuse_change_entry_timeout(entry, &outarg);
452 else
453 fuse_invalidate_entry_cache(entry);
454
455 if (inode)
456 fuse_advise_use_readdirplus(dir);
457 return newent;
458
459 out_iput:
460 iput(inode);
461 out_err:
462 return ERR_PTR(err);
463 }
464
get_security_context(struct dentry * entry,umode_t mode,struct fuse_in_arg * ext)465 static int get_security_context(struct dentry *entry, umode_t mode,
466 struct fuse_in_arg *ext)
467 {
468 struct fuse_secctx *fctx;
469 struct fuse_secctx_header *header;
470 void *ctx = NULL, *ptr;
471 u32 ctxlen, total_len = sizeof(*header);
472 int err, nr_ctx = 0;
473 const char *name;
474 size_t namelen;
475
476 err = security_dentry_init_security(entry, mode, &entry->d_name,
477 &name, &ctx, &ctxlen);
478 if (err) {
479 if (err != -EOPNOTSUPP)
480 goto out_err;
481 /* No LSM is supporting this security hook. Ignore error */
482 ctxlen = 0;
483 ctx = NULL;
484 }
485
486 if (ctxlen) {
487 nr_ctx = 1;
488 namelen = strlen(name) + 1;
489 err = -EIO;
490 if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || ctxlen > S32_MAX))
491 goto out_err;
492 total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + ctxlen);
493 }
494
495 err = -ENOMEM;
496 header = ptr = kzalloc(total_len, GFP_KERNEL);
497 if (!ptr)
498 goto out_err;
499
500 header->nr_secctx = nr_ctx;
501 header->size = total_len;
502 ptr += sizeof(*header);
503 if (nr_ctx) {
504 fctx = ptr;
505 fctx->size = ctxlen;
506 ptr += sizeof(*fctx);
507
508 strcpy(ptr, name);
509 ptr += namelen;
510
511 memcpy(ptr, ctx, ctxlen);
512 }
513 ext->size = total_len;
514 ext->value = header;
515 err = 0;
516 out_err:
517 kfree(ctx);
518 return err;
519 }
520
extend_arg(struct fuse_in_arg * buf,u32 bytes)521 static void *extend_arg(struct fuse_in_arg *buf, u32 bytes)
522 {
523 void *p;
524 u32 newlen = buf->size + bytes;
525
526 p = krealloc(buf->value, newlen, GFP_KERNEL);
527 if (!p) {
528 kfree(buf->value);
529 buf->size = 0;
530 buf->value = NULL;
531 return NULL;
532 }
533
534 memset(p + buf->size, 0, bytes);
535 buf->value = p;
536 buf->size = newlen;
537
538 return p + newlen - bytes;
539 }
540
fuse_ext_size(size_t size)541 static u32 fuse_ext_size(size_t size)
542 {
543 return FUSE_REC_ALIGN(sizeof(struct fuse_ext_header) + size);
544 }
545
546 /*
547 * This adds just a single supplementary group that matches the parent's group.
548 */
get_create_supp_group(struct mnt_idmap * idmap,struct inode * dir,struct fuse_in_arg * ext)549 static int get_create_supp_group(struct mnt_idmap *idmap,
550 struct inode *dir,
551 struct fuse_in_arg *ext)
552 {
553 struct fuse_conn *fc = get_fuse_conn(dir);
554 struct fuse_ext_header *xh;
555 struct fuse_supp_groups *sg;
556 kgid_t kgid = dir->i_gid;
557 vfsgid_t vfsgid = make_vfsgid(idmap, fc->user_ns, kgid);
558 gid_t parent_gid = from_kgid(fc->user_ns, kgid);
559
560 u32 sg_len = fuse_ext_size(sizeof(*sg) + sizeof(sg->groups[0]));
561
562 if (parent_gid == (gid_t) -1 || vfsgid_eq_kgid(vfsgid, current_fsgid()) ||
563 !vfsgid_in_group_p(vfsgid))
564 return 0;
565
566 xh = extend_arg(ext, sg_len);
567 if (!xh)
568 return -ENOMEM;
569
570 xh->size = sg_len;
571 xh->type = FUSE_EXT_GROUPS;
572
573 sg = (struct fuse_supp_groups *) &xh[1];
574 sg->nr_groups = 1;
575 sg->groups[0] = parent_gid;
576
577 return 0;
578 }
579
get_create_ext(struct mnt_idmap * idmap,struct fuse_args * args,struct inode * dir,struct dentry * dentry,umode_t mode)580 static int get_create_ext(struct mnt_idmap *idmap,
581 struct fuse_args *args,
582 struct inode *dir, struct dentry *dentry,
583 umode_t mode)
584 {
585 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
586 struct fuse_in_arg ext = { .size = 0, .value = NULL };
587 int err = 0;
588
589 if (fc->init_security)
590 err = get_security_context(dentry, mode, &ext);
591 if (!err && fc->create_supp_group)
592 err = get_create_supp_group(idmap, dir, &ext);
593
594 if (!err && ext.size) {
595 WARN_ON(args->in_numargs >= ARRAY_SIZE(args->in_args));
596 args->is_ext = true;
597 args->ext_idx = args->in_numargs++;
598 args->in_args[args->ext_idx] = ext;
599 } else {
600 kfree(ext.value);
601 }
602
603 return err;
604 }
605
free_ext_value(struct fuse_args * args)606 static void free_ext_value(struct fuse_args *args)
607 {
608 if (args->is_ext)
609 kfree(args->in_args[args->ext_idx].value);
610 }
611
612 /*
613 * Atomic create+open operation
614 *
615 * If the filesystem doesn't support this, then fall back to separate
616 * 'mknod' + 'open' requests.
617 */
fuse_create_open(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,struct file * file,unsigned int flags,umode_t mode,u32 opcode)618 static int fuse_create_open(struct mnt_idmap *idmap, struct inode *dir,
619 struct dentry *entry, struct file *file,
620 unsigned int flags, umode_t mode, u32 opcode)
621 {
622 int err;
623 struct inode *inode;
624 struct fuse_mount *fm = get_fuse_mount(dir);
625 FUSE_ARGS(args);
626 struct fuse_forget_link *forget;
627 struct fuse_create_in inarg;
628 struct fuse_open_out *outopenp;
629 struct fuse_entry_out outentry;
630 struct fuse_inode *fi;
631 struct fuse_file *ff;
632 bool trunc = flags & O_TRUNC;
633
634 /* Userspace expects S_IFREG in create mode */
635 BUG_ON((mode & S_IFMT) != S_IFREG);
636
637 forget = fuse_alloc_forget();
638 err = -ENOMEM;
639 if (!forget)
640 goto out_err;
641
642 err = -ENOMEM;
643 ff = fuse_file_alloc(fm, true);
644 if (!ff)
645 goto out_put_forget_req;
646
647 if (!fm->fc->dont_mask)
648 mode &= ~current_umask();
649
650 flags &= ~O_NOCTTY;
651 memset(&inarg, 0, sizeof(inarg));
652 memset(&outentry, 0, sizeof(outentry));
653 inarg.flags = flags;
654 inarg.mode = mode;
655 inarg.umask = current_umask();
656
657 if (fm->fc->handle_killpriv_v2 && trunc &&
658 !(flags & O_EXCL) && !capable(CAP_FSETID)) {
659 inarg.open_flags |= FUSE_OPEN_KILL_SUIDGID;
660 }
661
662 args.opcode = opcode;
663 args.nodeid = get_node_id(dir);
664 args.in_numargs = 2;
665 args.in_args[0].size = sizeof(inarg);
666 args.in_args[0].value = &inarg;
667 args.in_args[1].size = entry->d_name.len + 1;
668 args.in_args[1].value = entry->d_name.name;
669 args.out_numargs = 2;
670 args.out_args[0].size = sizeof(outentry);
671 args.out_args[0].value = &outentry;
672 /* Store outarg for fuse_finish_open() */
673 outopenp = &ff->args->open_outarg;
674 args.out_args[1].size = sizeof(*outopenp);
675 args.out_args[1].value = outopenp;
676
677 err = get_create_ext(idmap, &args, dir, entry, mode);
678 if (err)
679 goto out_free_ff;
680
681 err = fuse_simple_idmap_request(idmap, fm, &args);
682 free_ext_value(&args);
683 if (err)
684 goto out_free_ff;
685
686 err = -EIO;
687 if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid) ||
688 fuse_invalid_attr(&outentry.attr))
689 goto out_free_ff;
690
691 ff->fh = outopenp->fh;
692 ff->nodeid = outentry.nodeid;
693 ff->open_flags = outopenp->open_flags;
694 inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation,
695 &outentry.attr, ATTR_TIMEOUT(&outentry), 0, 0);
696 if (!inode) {
697 flags &= ~(O_CREAT | O_EXCL | O_TRUNC);
698 fuse_sync_release(NULL, ff, flags);
699 fuse_queue_forget(fm->fc, forget, outentry.nodeid, 1);
700 err = -ENOMEM;
701 goto out_err;
702 }
703 kfree(forget);
704 d_instantiate(entry, inode);
705 fuse_change_entry_timeout(entry, &outentry);
706 fuse_dir_changed(dir);
707 err = generic_file_open(inode, file);
708 if (!err) {
709 file->private_data = ff;
710 err = finish_open(file, entry, fuse_finish_open);
711 }
712 if (err) {
713 fi = get_fuse_inode(inode);
714 fuse_sync_release(fi, ff, flags);
715 } else {
716 if (fm->fc->atomic_o_trunc && trunc)
717 truncate_pagecache(inode, 0);
718 else if (!(ff->open_flags & FOPEN_KEEP_CACHE))
719 invalidate_inode_pages2(inode->i_mapping);
720 }
721 return err;
722
723 out_free_ff:
724 fuse_file_free(ff);
725 out_put_forget_req:
726 kfree(forget);
727 out_err:
728 return err;
729 }
730
731 static int fuse_mknod(struct mnt_idmap *, struct inode *, struct dentry *,
732 umode_t, dev_t);
fuse_atomic_open(struct inode * dir,struct dentry * entry,struct file * file,unsigned flags,umode_t mode)733 static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
734 struct file *file, unsigned flags,
735 umode_t mode)
736 {
737 int err;
738 struct mnt_idmap *idmap = file_mnt_idmap(file);
739 struct fuse_conn *fc = get_fuse_conn(dir);
740 struct dentry *res = NULL;
741
742 if (fuse_is_bad(dir))
743 return -EIO;
744
745 if (d_in_lookup(entry)) {
746 res = fuse_lookup(dir, entry, 0);
747 if (IS_ERR(res))
748 return PTR_ERR(res);
749
750 if (res)
751 entry = res;
752 }
753
754 if (!(flags & O_CREAT) || d_really_is_positive(entry))
755 goto no_open;
756
757 /* Only creates */
758 file->f_mode |= FMODE_CREATED;
759
760 if (fc->no_create)
761 goto mknod;
762
763 err = fuse_create_open(idmap, dir, entry, file, flags, mode, FUSE_CREATE);
764 if (err == -ENOSYS) {
765 fc->no_create = 1;
766 goto mknod;
767 } else if (err == -EEXIST)
768 fuse_invalidate_entry(entry);
769 out_dput:
770 dput(res);
771 return err;
772
773 mknod:
774 err = fuse_mknod(idmap, dir, entry, mode, 0);
775 if (err)
776 goto out_dput;
777 no_open:
778 return finish_no_open(file, res);
779 }
780
781 /*
782 * Code shared between mknod, mkdir, symlink and link
783 */
create_new_entry(struct mnt_idmap * idmap,struct fuse_mount * fm,struct fuse_args * args,struct inode * dir,struct dentry * entry,umode_t mode)784 static int create_new_entry(struct mnt_idmap *idmap, struct fuse_mount *fm,
785 struct fuse_args *args, struct inode *dir,
786 struct dentry *entry, umode_t mode)
787 {
788 struct fuse_entry_out outarg;
789 struct inode *inode;
790 struct dentry *d;
791 int err;
792 struct fuse_forget_link *forget;
793
794 if (fuse_is_bad(dir))
795 return -EIO;
796
797 forget = fuse_alloc_forget();
798 if (!forget)
799 return -ENOMEM;
800
801 memset(&outarg, 0, sizeof(outarg));
802 args->nodeid = get_node_id(dir);
803 args->out_numargs = 1;
804 args->out_args[0].size = sizeof(outarg);
805 args->out_args[0].value = &outarg;
806
807 if (args->opcode != FUSE_LINK) {
808 err = get_create_ext(idmap, args, dir, entry, mode);
809 if (err)
810 goto out_put_forget_req;
811 }
812
813 err = fuse_simple_idmap_request(idmap, fm, args);
814 free_ext_value(args);
815 if (err)
816 goto out_put_forget_req;
817
818 err = -EIO;
819 if (invalid_nodeid(outarg.nodeid) || fuse_invalid_attr(&outarg.attr))
820 goto out_put_forget_req;
821
822 if ((outarg.attr.mode ^ mode) & S_IFMT)
823 goto out_put_forget_req;
824
825 inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation,
826 &outarg.attr, ATTR_TIMEOUT(&outarg), 0, 0);
827 if (!inode) {
828 fuse_queue_forget(fm->fc, forget, outarg.nodeid, 1);
829 return -ENOMEM;
830 }
831 kfree(forget);
832
833 d_drop(entry);
834 d = d_splice_alias(inode, entry);
835 if (IS_ERR(d))
836 return PTR_ERR(d);
837
838 if (d) {
839 fuse_change_entry_timeout(d, &outarg);
840 dput(d);
841 } else {
842 fuse_change_entry_timeout(entry, &outarg);
843 }
844 fuse_dir_changed(dir);
845 return 0;
846
847 out_put_forget_req:
848 if (err == -EEXIST)
849 fuse_invalidate_entry(entry);
850 kfree(forget);
851 return err;
852 }
853
fuse_mknod(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,umode_t mode,dev_t rdev)854 static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir,
855 struct dentry *entry, umode_t mode, dev_t rdev)
856 {
857 struct fuse_mknod_in inarg;
858 struct fuse_mount *fm = get_fuse_mount(dir);
859 FUSE_ARGS(args);
860
861 if (!fm->fc->dont_mask)
862 mode &= ~current_umask();
863
864 memset(&inarg, 0, sizeof(inarg));
865 inarg.mode = mode;
866 inarg.rdev = new_encode_dev(rdev);
867 inarg.umask = current_umask();
868 args.opcode = FUSE_MKNOD;
869 args.in_numargs = 2;
870 args.in_args[0].size = sizeof(inarg);
871 args.in_args[0].value = &inarg;
872 args.in_args[1].size = entry->d_name.len + 1;
873 args.in_args[1].value = entry->d_name.name;
874 return create_new_entry(idmap, fm, &args, dir, entry, mode);
875 }
876
fuse_create(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,umode_t mode,bool excl)877 static int fuse_create(struct mnt_idmap *idmap, struct inode *dir,
878 struct dentry *entry, umode_t mode, bool excl)
879 {
880 return fuse_mknod(idmap, dir, entry, mode, 0);
881 }
882
fuse_tmpfile(struct mnt_idmap * idmap,struct inode * dir,struct file * file,umode_t mode)883 static int fuse_tmpfile(struct mnt_idmap *idmap, struct inode *dir,
884 struct file *file, umode_t mode)
885 {
886 struct fuse_conn *fc = get_fuse_conn(dir);
887 int err;
888
889 if (fc->no_tmpfile)
890 return -EOPNOTSUPP;
891
892 err = fuse_create_open(idmap, dir, file->f_path.dentry, file,
893 file->f_flags, mode, FUSE_TMPFILE);
894 if (err == -ENOSYS) {
895 fc->no_tmpfile = 1;
896 err = -EOPNOTSUPP;
897 }
898 return err;
899 }
900
fuse_mkdir(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,umode_t mode)901 static int fuse_mkdir(struct mnt_idmap *idmap, struct inode *dir,
902 struct dentry *entry, umode_t mode)
903 {
904 struct fuse_mkdir_in inarg;
905 struct fuse_mount *fm = get_fuse_mount(dir);
906 FUSE_ARGS(args);
907
908 if (!fm->fc->dont_mask)
909 mode &= ~current_umask();
910
911 memset(&inarg, 0, sizeof(inarg));
912 inarg.mode = mode;
913 inarg.umask = current_umask();
914 args.opcode = FUSE_MKDIR;
915 args.in_numargs = 2;
916 args.in_args[0].size = sizeof(inarg);
917 args.in_args[0].value = &inarg;
918 args.in_args[1].size = entry->d_name.len + 1;
919 args.in_args[1].value = entry->d_name.name;
920 return create_new_entry(idmap, fm, &args, dir, entry, S_IFDIR);
921 }
922
fuse_symlink(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,const char * link)923 static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir,
924 struct dentry *entry, const char *link)
925 {
926 struct fuse_mount *fm = get_fuse_mount(dir);
927 unsigned len = strlen(link) + 1;
928 FUSE_ARGS(args);
929
930 args.opcode = FUSE_SYMLINK;
931 args.in_numargs = 2;
932 args.in_args[0].size = entry->d_name.len + 1;
933 args.in_args[0].value = entry->d_name.name;
934 args.in_args[1].size = len;
935 args.in_args[1].value = link;
936 return create_new_entry(idmap, fm, &args, dir, entry, S_IFLNK);
937 }
938
fuse_flush_time_update(struct inode * inode)939 void fuse_flush_time_update(struct inode *inode)
940 {
941 int err = sync_inode_metadata(inode, 1);
942
943 mapping_set_error(inode->i_mapping, err);
944 }
945
fuse_update_ctime_in_cache(struct inode * inode)946 static void fuse_update_ctime_in_cache(struct inode *inode)
947 {
948 if (!IS_NOCMTIME(inode)) {
949 inode_set_ctime_current(inode);
950 mark_inode_dirty_sync(inode);
951 fuse_flush_time_update(inode);
952 }
953 }
954
fuse_update_ctime(struct inode * inode)955 void fuse_update_ctime(struct inode *inode)
956 {
957 fuse_invalidate_attr_mask(inode, STATX_CTIME);
958 fuse_update_ctime_in_cache(inode);
959 }
960
fuse_entry_unlinked(struct dentry * entry)961 static void fuse_entry_unlinked(struct dentry *entry)
962 {
963 struct inode *inode = d_inode(entry);
964 struct fuse_conn *fc = get_fuse_conn(inode);
965 struct fuse_inode *fi = get_fuse_inode(inode);
966
967 spin_lock(&fi->lock);
968 fi->attr_version = atomic64_inc_return(&fc->attr_version);
969 /*
970 * If i_nlink == 0 then unlink doesn't make sense, yet this can
971 * happen if userspace filesystem is careless. It would be
972 * difficult to enforce correct nlink usage so just ignore this
973 * condition here
974 */
975 if (S_ISDIR(inode->i_mode))
976 clear_nlink(inode);
977 else if (inode->i_nlink > 0)
978 drop_nlink(inode);
979 spin_unlock(&fi->lock);
980 fuse_invalidate_entry_cache(entry);
981 fuse_update_ctime(inode);
982 }
983
fuse_unlink(struct inode * dir,struct dentry * entry)984 static int fuse_unlink(struct inode *dir, struct dentry *entry)
985 {
986 int err;
987 struct fuse_mount *fm = get_fuse_mount(dir);
988 FUSE_ARGS(args);
989
990 if (fuse_is_bad(dir))
991 return -EIO;
992
993 args.opcode = FUSE_UNLINK;
994 args.nodeid = get_node_id(dir);
995 args.in_numargs = 1;
996 args.in_args[0].size = entry->d_name.len + 1;
997 args.in_args[0].value = entry->d_name.name;
998 err = fuse_simple_request(fm, &args);
999 if (!err) {
1000 fuse_dir_changed(dir);
1001 fuse_entry_unlinked(entry);
1002 } else if (err == -EINTR || err == -ENOENT)
1003 fuse_invalidate_entry(entry);
1004 return err;
1005 }
1006
fuse_rmdir(struct inode * dir,struct dentry * entry)1007 static int fuse_rmdir(struct inode *dir, struct dentry *entry)
1008 {
1009 int err;
1010 struct fuse_mount *fm = get_fuse_mount(dir);
1011 FUSE_ARGS(args);
1012
1013 if (fuse_is_bad(dir))
1014 return -EIO;
1015
1016 args.opcode = FUSE_RMDIR;
1017 args.nodeid = get_node_id(dir);
1018 args.in_numargs = 1;
1019 args.in_args[0].size = entry->d_name.len + 1;
1020 args.in_args[0].value = entry->d_name.name;
1021 err = fuse_simple_request(fm, &args);
1022 if (!err) {
1023 fuse_dir_changed(dir);
1024 fuse_entry_unlinked(entry);
1025 } else if (err == -EINTR || err == -ENOENT)
1026 fuse_invalidate_entry(entry);
1027 return err;
1028 }
1029
fuse_rename_common(struct mnt_idmap * idmap,struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags,int opcode,size_t argsize)1030 static int fuse_rename_common(struct mnt_idmap *idmap, struct inode *olddir, struct dentry *oldent,
1031 struct inode *newdir, struct dentry *newent,
1032 unsigned int flags, int opcode, size_t argsize)
1033 {
1034 int err;
1035 struct fuse_rename2_in inarg;
1036 struct fuse_mount *fm = get_fuse_mount(olddir);
1037 FUSE_ARGS(args);
1038
1039 memset(&inarg, 0, argsize);
1040 inarg.newdir = get_node_id(newdir);
1041 inarg.flags = flags;
1042 args.opcode = opcode;
1043 args.nodeid = get_node_id(olddir);
1044 args.in_numargs = 3;
1045 args.in_args[0].size = argsize;
1046 args.in_args[0].value = &inarg;
1047 args.in_args[1].size = oldent->d_name.len + 1;
1048 args.in_args[1].value = oldent->d_name.name;
1049 args.in_args[2].size = newent->d_name.len + 1;
1050 args.in_args[2].value = newent->d_name.name;
1051 err = fuse_simple_idmap_request(idmap, fm, &args);
1052 if (!err) {
1053 /* ctime changes */
1054 fuse_update_ctime(d_inode(oldent));
1055
1056 if (flags & RENAME_EXCHANGE)
1057 fuse_update_ctime(d_inode(newent));
1058
1059 fuse_dir_changed(olddir);
1060 if (olddir != newdir)
1061 fuse_dir_changed(newdir);
1062
1063 /* newent will end up negative */
1064 if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent))
1065 fuse_entry_unlinked(newent);
1066 } else if (err == -EINTR || err == -ENOENT) {
1067 /* If request was interrupted, DEITY only knows if the
1068 rename actually took place. If the invalidation
1069 fails (e.g. some process has CWD under the renamed
1070 directory), then there can be inconsistency between
1071 the dcache and the real filesystem. Tough luck. */
1072 fuse_invalidate_entry(oldent);
1073 if (d_really_is_positive(newent))
1074 fuse_invalidate_entry(newent);
1075 }
1076
1077 return err;
1078 }
1079
fuse_rename2(struct mnt_idmap * idmap,struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags)1080 static int fuse_rename2(struct mnt_idmap *idmap, struct inode *olddir,
1081 struct dentry *oldent, struct inode *newdir,
1082 struct dentry *newent, unsigned int flags)
1083 {
1084 struct fuse_conn *fc = get_fuse_conn(olddir);
1085 int err;
1086
1087 if (fuse_is_bad(olddir))
1088 return -EIO;
1089
1090 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
1091 return -EINVAL;
1092
1093 if (flags) {
1094 if (fc->no_rename2 || fc->minor < 23)
1095 return -EINVAL;
1096
1097 err = fuse_rename_common((flags & RENAME_WHITEOUT) ? idmap : &invalid_mnt_idmap,
1098 olddir, oldent, newdir, newent, flags,
1099 FUSE_RENAME2,
1100 sizeof(struct fuse_rename2_in));
1101 if (err == -ENOSYS) {
1102 fc->no_rename2 = 1;
1103 err = -EINVAL;
1104 }
1105 } else {
1106 err = fuse_rename_common(&invalid_mnt_idmap, olddir, oldent, newdir, newent, 0,
1107 FUSE_RENAME,
1108 sizeof(struct fuse_rename_in));
1109 }
1110
1111 return err;
1112 }
1113
fuse_link(struct dentry * entry,struct inode * newdir,struct dentry * newent)1114 static int fuse_link(struct dentry *entry, struct inode *newdir,
1115 struct dentry *newent)
1116 {
1117 int err;
1118 struct fuse_link_in inarg;
1119 struct inode *inode = d_inode(entry);
1120 struct fuse_mount *fm = get_fuse_mount(inode);
1121 FUSE_ARGS(args);
1122
1123 memset(&inarg, 0, sizeof(inarg));
1124 inarg.oldnodeid = get_node_id(inode);
1125 args.opcode = FUSE_LINK;
1126 args.in_numargs = 2;
1127 args.in_args[0].size = sizeof(inarg);
1128 args.in_args[0].value = &inarg;
1129 args.in_args[1].size = newent->d_name.len + 1;
1130 args.in_args[1].value = newent->d_name.name;
1131 err = create_new_entry(&invalid_mnt_idmap, fm, &args, newdir, newent, inode->i_mode);
1132 if (!err)
1133 fuse_update_ctime_in_cache(inode);
1134 else if (err == -EINTR)
1135 fuse_invalidate_attr(inode);
1136
1137 return err;
1138 }
1139
fuse_fillattr(struct mnt_idmap * idmap,struct inode * inode,struct fuse_attr * attr,struct kstat * stat)1140 static void fuse_fillattr(struct mnt_idmap *idmap, struct inode *inode,
1141 struct fuse_attr *attr, struct kstat *stat)
1142 {
1143 unsigned int blkbits;
1144 struct fuse_conn *fc = get_fuse_conn(inode);
1145 vfsuid_t vfsuid = make_vfsuid(idmap, fc->user_ns,
1146 make_kuid(fc->user_ns, attr->uid));
1147 vfsgid_t vfsgid = make_vfsgid(idmap, fc->user_ns,
1148 make_kgid(fc->user_ns, attr->gid));
1149
1150 stat->dev = inode->i_sb->s_dev;
1151 stat->ino = attr->ino;
1152 stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777);
1153 stat->nlink = attr->nlink;
1154 stat->uid = vfsuid_into_kuid(vfsuid);
1155 stat->gid = vfsgid_into_kgid(vfsgid);
1156 stat->rdev = inode->i_rdev;
1157 stat->atime.tv_sec = attr->atime;
1158 stat->atime.tv_nsec = attr->atimensec;
1159 stat->mtime.tv_sec = attr->mtime;
1160 stat->mtime.tv_nsec = attr->mtimensec;
1161 stat->ctime.tv_sec = attr->ctime;
1162 stat->ctime.tv_nsec = attr->ctimensec;
1163 stat->size = attr->size;
1164 stat->blocks = attr->blocks;
1165
1166 if (attr->blksize != 0)
1167 blkbits = ilog2(attr->blksize);
1168 else
1169 blkbits = inode->i_sb->s_blocksize_bits;
1170
1171 stat->blksize = 1 << blkbits;
1172 }
1173
fuse_statx_to_attr(struct fuse_statx * sx,struct fuse_attr * attr)1174 static void fuse_statx_to_attr(struct fuse_statx *sx, struct fuse_attr *attr)
1175 {
1176 memset(attr, 0, sizeof(*attr));
1177 attr->ino = sx->ino;
1178 attr->size = sx->size;
1179 attr->blocks = sx->blocks;
1180 attr->atime = sx->atime.tv_sec;
1181 attr->mtime = sx->mtime.tv_sec;
1182 attr->ctime = sx->ctime.tv_sec;
1183 attr->atimensec = sx->atime.tv_nsec;
1184 attr->mtimensec = sx->mtime.tv_nsec;
1185 attr->ctimensec = sx->ctime.tv_nsec;
1186 attr->mode = sx->mode;
1187 attr->nlink = sx->nlink;
1188 attr->uid = sx->uid;
1189 attr->gid = sx->gid;
1190 attr->rdev = new_encode_dev(MKDEV(sx->rdev_major, sx->rdev_minor));
1191 attr->blksize = sx->blksize;
1192 }
1193
fuse_do_statx(struct mnt_idmap * idmap,struct inode * inode,struct file * file,struct kstat * stat)1194 static int fuse_do_statx(struct mnt_idmap *idmap, struct inode *inode,
1195 struct file *file, struct kstat *stat)
1196 {
1197 int err;
1198 struct fuse_attr attr;
1199 struct fuse_statx *sx;
1200 struct fuse_statx_in inarg;
1201 struct fuse_statx_out outarg;
1202 struct fuse_mount *fm = get_fuse_mount(inode);
1203 u64 attr_version = fuse_get_attr_version(fm->fc);
1204 FUSE_ARGS(args);
1205
1206 memset(&inarg, 0, sizeof(inarg));
1207 memset(&outarg, 0, sizeof(outarg));
1208 /* Directories have separate file-handle space */
1209 if (file && S_ISREG(inode->i_mode)) {
1210 struct fuse_file *ff = file->private_data;
1211
1212 inarg.getattr_flags |= FUSE_GETATTR_FH;
1213 inarg.fh = ff->fh;
1214 }
1215 /* For now leave sync hints as the default, request all stats. */
1216 inarg.sx_flags = 0;
1217 inarg.sx_mask = STATX_BASIC_STATS | STATX_BTIME;
1218 args.opcode = FUSE_STATX;
1219 args.nodeid = get_node_id(inode);
1220 args.in_numargs = 1;
1221 args.in_args[0].size = sizeof(inarg);
1222 args.in_args[0].value = &inarg;
1223 args.out_numargs = 1;
1224 args.out_args[0].size = sizeof(outarg);
1225 args.out_args[0].value = &outarg;
1226 err = fuse_simple_request(fm, &args);
1227 if (err)
1228 return err;
1229
1230 sx = &outarg.stat;
1231 if (((sx->mask & STATX_SIZE) && !fuse_valid_size(sx->size)) ||
1232 ((sx->mask & STATX_TYPE) && (!fuse_valid_type(sx->mode) ||
1233 inode_wrong_type(inode, sx->mode)))) {
1234 fuse_make_bad(inode);
1235 return -EIO;
1236 }
1237
1238 fuse_statx_to_attr(&outarg.stat, &attr);
1239 if ((sx->mask & STATX_BASIC_STATS) == STATX_BASIC_STATS) {
1240 fuse_change_attributes(inode, &attr, &outarg.stat,
1241 ATTR_TIMEOUT(&outarg), attr_version);
1242 }
1243
1244 if (stat) {
1245 stat->result_mask = sx->mask & (STATX_BASIC_STATS | STATX_BTIME);
1246 stat->btime.tv_sec = sx->btime.tv_sec;
1247 stat->btime.tv_nsec = min_t(u32, sx->btime.tv_nsec, NSEC_PER_SEC - 1);
1248 fuse_fillattr(idmap, inode, &attr, stat);
1249 stat->result_mask |= STATX_TYPE;
1250 }
1251
1252 return 0;
1253 }
1254
fuse_do_getattr(struct mnt_idmap * idmap,struct inode * inode,struct kstat * stat,struct file * file)1255 static int fuse_do_getattr(struct mnt_idmap *idmap, struct inode *inode,
1256 struct kstat *stat, struct file *file)
1257 {
1258 int err;
1259 struct fuse_getattr_in inarg;
1260 struct fuse_attr_out outarg;
1261 struct fuse_mount *fm = get_fuse_mount(inode);
1262 FUSE_ARGS(args);
1263 u64 attr_version;
1264
1265 attr_version = fuse_get_attr_version(fm->fc);
1266
1267 memset(&inarg, 0, sizeof(inarg));
1268 memset(&outarg, 0, sizeof(outarg));
1269 /* Directories have separate file-handle space */
1270 if (file && S_ISREG(inode->i_mode)) {
1271 struct fuse_file *ff = file->private_data;
1272
1273 inarg.getattr_flags |= FUSE_GETATTR_FH;
1274 inarg.fh = ff->fh;
1275 }
1276 args.opcode = FUSE_GETATTR;
1277 args.nodeid = get_node_id(inode);
1278 args.in_numargs = 1;
1279 args.in_args[0].size = sizeof(inarg);
1280 args.in_args[0].value = &inarg;
1281 args.out_numargs = 1;
1282 args.out_args[0].size = sizeof(outarg);
1283 args.out_args[0].value = &outarg;
1284 err = fuse_simple_request(fm, &args);
1285 if (!err) {
1286 if (fuse_invalid_attr(&outarg.attr) ||
1287 inode_wrong_type(inode, outarg.attr.mode)) {
1288 fuse_make_bad(inode);
1289 err = -EIO;
1290 } else {
1291 fuse_change_attributes(inode, &outarg.attr, NULL,
1292 ATTR_TIMEOUT(&outarg),
1293 attr_version);
1294 if (stat)
1295 fuse_fillattr(idmap, inode, &outarg.attr, stat);
1296 }
1297 }
1298 return err;
1299 }
1300
fuse_update_get_attr(struct mnt_idmap * idmap,struct inode * inode,struct file * file,struct kstat * stat,u32 request_mask,unsigned int flags)1301 static int fuse_update_get_attr(struct mnt_idmap *idmap, struct inode *inode,
1302 struct file *file, struct kstat *stat,
1303 u32 request_mask, unsigned int flags)
1304 {
1305 struct fuse_inode *fi = get_fuse_inode(inode);
1306 struct fuse_conn *fc = get_fuse_conn(inode);
1307 int err = 0;
1308 bool sync;
1309 u32 inval_mask = READ_ONCE(fi->inval_mask);
1310 u32 cache_mask = fuse_get_cache_mask(inode);
1311
1312
1313 /* FUSE only supports basic stats and possibly btime */
1314 request_mask &= STATX_BASIC_STATS | STATX_BTIME;
1315 retry:
1316 if (fc->no_statx)
1317 request_mask &= STATX_BASIC_STATS;
1318
1319 if (!request_mask)
1320 sync = false;
1321 else if (flags & AT_STATX_FORCE_SYNC)
1322 sync = true;
1323 else if (flags & AT_STATX_DONT_SYNC)
1324 sync = false;
1325 else if (request_mask & inval_mask & ~cache_mask)
1326 sync = true;
1327 else
1328 sync = time_before64(fi->i_time, get_jiffies_64());
1329
1330 if (sync) {
1331 forget_all_cached_acls(inode);
1332 /* Try statx if BTIME is requested */
1333 if (!fc->no_statx && (request_mask & ~STATX_BASIC_STATS)) {
1334 err = fuse_do_statx(idmap, inode, file, stat);
1335 if (err == -ENOSYS) {
1336 fc->no_statx = 1;
1337 err = 0;
1338 goto retry;
1339 }
1340 } else {
1341 err = fuse_do_getattr(idmap, inode, stat, file);
1342 }
1343 } else if (stat) {
1344 generic_fillattr(idmap, request_mask, inode, stat);
1345 stat->mode = fi->orig_i_mode;
1346 stat->ino = fi->orig_ino;
1347 if (test_bit(FUSE_I_BTIME, &fi->state)) {
1348 stat->btime = fi->i_btime;
1349 stat->result_mask |= STATX_BTIME;
1350 }
1351 }
1352
1353 return err;
1354 }
1355
fuse_update_attributes(struct inode * inode,struct file * file,u32 mask)1356 int fuse_update_attributes(struct inode *inode, struct file *file, u32 mask)
1357 {
1358 return fuse_update_get_attr(&nop_mnt_idmap, inode, file, NULL, mask, 0);
1359 }
1360
fuse_reverse_inval_entry(struct fuse_conn * fc,u64 parent_nodeid,u64 child_nodeid,struct qstr * name,u32 flags)1361 int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid,
1362 u64 child_nodeid, struct qstr *name, u32 flags)
1363 {
1364 int err = -ENOTDIR;
1365 struct inode *parent;
1366 struct dentry *dir;
1367 struct dentry *entry;
1368
1369 parent = fuse_ilookup(fc, parent_nodeid, NULL);
1370 if (!parent)
1371 return -ENOENT;
1372
1373 inode_lock_nested(parent, I_MUTEX_PARENT);
1374 if (!S_ISDIR(parent->i_mode))
1375 goto unlock;
1376
1377 err = -ENOENT;
1378 dir = d_find_alias(parent);
1379 if (!dir)
1380 goto unlock;
1381
1382 name->hash = full_name_hash(dir, name->name, name->len);
1383 entry = d_lookup(dir, name);
1384 dput(dir);
1385 if (!entry)
1386 goto unlock;
1387
1388 fuse_dir_changed(parent);
1389 if (!(flags & FUSE_EXPIRE_ONLY))
1390 d_invalidate(entry);
1391 fuse_invalidate_entry_cache(entry);
1392
1393 if (child_nodeid != 0 && d_really_is_positive(entry)) {
1394 inode_lock(d_inode(entry));
1395 if (get_node_id(d_inode(entry)) != child_nodeid) {
1396 err = -ENOENT;
1397 goto badentry;
1398 }
1399 if (d_mountpoint(entry)) {
1400 err = -EBUSY;
1401 goto badentry;
1402 }
1403 if (d_is_dir(entry)) {
1404 shrink_dcache_parent(entry);
1405 if (!simple_empty(entry)) {
1406 err = -ENOTEMPTY;
1407 goto badentry;
1408 }
1409 d_inode(entry)->i_flags |= S_DEAD;
1410 }
1411 dont_mount(entry);
1412 clear_nlink(d_inode(entry));
1413 err = 0;
1414 badentry:
1415 inode_unlock(d_inode(entry));
1416 if (!err)
1417 d_delete(entry);
1418 } else {
1419 err = 0;
1420 }
1421 dput(entry);
1422
1423 unlock:
1424 inode_unlock(parent);
1425 iput(parent);
1426 return err;
1427 }
1428
fuse_permissible_uidgid(struct fuse_conn * fc)1429 static inline bool fuse_permissible_uidgid(struct fuse_conn *fc)
1430 {
1431 const struct cred *cred = current_cred();
1432
1433 return (uid_eq(cred->euid, fc->user_id) &&
1434 uid_eq(cred->suid, fc->user_id) &&
1435 uid_eq(cred->uid, fc->user_id) &&
1436 gid_eq(cred->egid, fc->group_id) &&
1437 gid_eq(cred->sgid, fc->group_id) &&
1438 gid_eq(cred->gid, fc->group_id));
1439 }
1440
1441 /*
1442 * Calling into a user-controlled filesystem gives the filesystem
1443 * daemon ptrace-like capabilities over the current process. This
1444 * means, that the filesystem daemon is able to record the exact
1445 * filesystem operations performed, and can also control the behavior
1446 * of the requester process in otherwise impossible ways. For example
1447 * it can delay the operation for arbitrary length of time allowing
1448 * DoS against the requester.
1449 *
1450 * For this reason only those processes can call into the filesystem,
1451 * for which the owner of the mount has ptrace privilege. This
1452 * excludes processes started by other users, suid or sgid processes.
1453 */
fuse_allow_current_process(struct fuse_conn * fc)1454 bool fuse_allow_current_process(struct fuse_conn *fc)
1455 {
1456 bool allow;
1457
1458 if (fc->allow_other)
1459 allow = current_in_userns(fc->user_ns);
1460 else
1461 allow = fuse_permissible_uidgid(fc);
1462
1463 if (!allow && allow_sys_admin_access && capable(CAP_SYS_ADMIN))
1464 allow = true;
1465
1466 return allow;
1467 }
1468
fuse_access(struct inode * inode,int mask)1469 static int fuse_access(struct inode *inode, int mask)
1470 {
1471 struct fuse_mount *fm = get_fuse_mount(inode);
1472 FUSE_ARGS(args);
1473 struct fuse_access_in inarg;
1474 int err;
1475
1476 BUG_ON(mask & MAY_NOT_BLOCK);
1477
1478 /*
1479 * We should not send FUSE_ACCESS to the userspace
1480 * when idmapped mounts are enabled as for this case
1481 * we have fc->default_permissions = 1 and access
1482 * permission checks are done on the kernel side.
1483 */
1484 WARN_ON_ONCE(!(fm->sb->s_iflags & SB_I_NOIDMAP));
1485
1486 if (fm->fc->no_access)
1487 return 0;
1488
1489 memset(&inarg, 0, sizeof(inarg));
1490 inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
1491 args.opcode = FUSE_ACCESS;
1492 args.nodeid = get_node_id(inode);
1493 args.in_numargs = 1;
1494 args.in_args[0].size = sizeof(inarg);
1495 args.in_args[0].value = &inarg;
1496 err = fuse_simple_request(fm, &args);
1497 if (err == -ENOSYS) {
1498 fm->fc->no_access = 1;
1499 err = 0;
1500 }
1501 return err;
1502 }
1503
fuse_perm_getattr(struct inode * inode,int mask)1504 static int fuse_perm_getattr(struct inode *inode, int mask)
1505 {
1506 if (mask & MAY_NOT_BLOCK)
1507 return -ECHILD;
1508
1509 forget_all_cached_acls(inode);
1510 return fuse_do_getattr(&nop_mnt_idmap, inode, NULL, NULL);
1511 }
1512
1513 /*
1514 * Check permission. The two basic access models of FUSE are:
1515 *
1516 * 1) Local access checking ('default_permissions' mount option) based
1517 * on file mode. This is the plain old disk filesystem permission
1518 * model.
1519 *
1520 * 2) "Remote" access checking, where server is responsible for
1521 * checking permission in each inode operation. An exception to this
1522 * is if ->permission() was invoked from sys_access() in which case an
1523 * access request is sent. Execute permission is still checked
1524 * locally based on file mode.
1525 */
fuse_permission(struct mnt_idmap * idmap,struct inode * inode,int mask)1526 static int fuse_permission(struct mnt_idmap *idmap,
1527 struct inode *inode, int mask)
1528 {
1529 struct fuse_conn *fc = get_fuse_conn(inode);
1530 bool refreshed = false;
1531 int err = 0;
1532
1533 if (fuse_is_bad(inode))
1534 return -EIO;
1535
1536 if (!fuse_allow_current_process(fc))
1537 return -EACCES;
1538
1539 /*
1540 * If attributes are needed, refresh them before proceeding
1541 */
1542 if (fc->default_permissions ||
1543 ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
1544 struct fuse_inode *fi = get_fuse_inode(inode);
1545 u32 perm_mask = STATX_MODE | STATX_UID | STATX_GID;
1546
1547 if (perm_mask & READ_ONCE(fi->inval_mask) ||
1548 time_before64(fi->i_time, get_jiffies_64())) {
1549 refreshed = true;
1550
1551 err = fuse_perm_getattr(inode, mask);
1552 if (err)
1553 return err;
1554 }
1555 }
1556
1557 if (fc->default_permissions) {
1558 err = generic_permission(idmap, inode, mask);
1559
1560 /* If permission is denied, try to refresh file
1561 attributes. This is also needed, because the root
1562 node will at first have no permissions */
1563 if (err == -EACCES && !refreshed) {
1564 err = fuse_perm_getattr(inode, mask);
1565 if (!err)
1566 err = generic_permission(idmap,
1567 inode, mask);
1568 }
1569
1570 /* Note: the opposite of the above test does not
1571 exist. So if permissions are revoked this won't be
1572 noticed immediately, only after the attribute
1573 timeout has expired */
1574 } else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
1575 err = fuse_access(inode, mask);
1576 } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
1577 if (!(inode->i_mode & S_IXUGO)) {
1578 if (refreshed)
1579 return -EACCES;
1580
1581 err = fuse_perm_getattr(inode, mask);
1582 if (!err && !(inode->i_mode & S_IXUGO))
1583 return -EACCES;
1584 }
1585 }
1586 return err;
1587 }
1588
fuse_readlink_page(struct inode * inode,struct folio * folio)1589 static int fuse_readlink_page(struct inode *inode, struct folio *folio)
1590 {
1591 struct fuse_mount *fm = get_fuse_mount(inode);
1592 struct fuse_folio_desc desc = { .length = PAGE_SIZE - 1 };
1593 struct fuse_args_pages ap = {
1594 .num_folios = 1,
1595 .folios = &folio,
1596 .descs = &desc,
1597 };
1598 char *link;
1599 ssize_t res;
1600
1601 ap.args.opcode = FUSE_READLINK;
1602 ap.args.nodeid = get_node_id(inode);
1603 ap.args.out_pages = true;
1604 ap.args.out_argvar = true;
1605 ap.args.page_zeroing = true;
1606 ap.args.out_numargs = 1;
1607 ap.args.out_args[0].size = desc.length;
1608 res = fuse_simple_request(fm, &ap.args);
1609
1610 fuse_invalidate_atime(inode);
1611
1612 if (res < 0)
1613 return res;
1614
1615 if (WARN_ON(res >= PAGE_SIZE))
1616 return -EIO;
1617
1618 link = folio_address(folio);
1619 link[res] = '\0';
1620
1621 return 0;
1622 }
1623
fuse_get_link(struct dentry * dentry,struct inode * inode,struct delayed_call * callback)1624 static const char *fuse_get_link(struct dentry *dentry, struct inode *inode,
1625 struct delayed_call *callback)
1626 {
1627 struct fuse_conn *fc = get_fuse_conn(inode);
1628 struct folio *folio;
1629 int err;
1630
1631 err = -EIO;
1632 if (fuse_is_bad(inode))
1633 goto out_err;
1634
1635 if (fc->cache_symlinks)
1636 return page_get_link(dentry, inode, callback);
1637
1638 err = -ECHILD;
1639 if (!dentry)
1640 goto out_err;
1641
1642 folio = folio_alloc(GFP_KERNEL, 0);
1643 err = -ENOMEM;
1644 if (!folio)
1645 goto out_err;
1646
1647 err = fuse_readlink_page(inode, folio);
1648 if (err) {
1649 folio_put(folio);
1650 goto out_err;
1651 }
1652
1653 set_delayed_call(callback, page_put_link, &folio->page);
1654
1655 return folio_address(folio);
1656
1657 out_err:
1658 return ERR_PTR(err);
1659 }
1660
fuse_dir_open(struct inode * inode,struct file * file)1661 static int fuse_dir_open(struct inode *inode, struct file *file)
1662 {
1663 struct fuse_mount *fm = get_fuse_mount(inode);
1664 int err;
1665
1666 if (fuse_is_bad(inode))
1667 return -EIO;
1668
1669 err = generic_file_open(inode, file);
1670 if (err)
1671 return err;
1672
1673 err = fuse_do_open(fm, get_node_id(inode), file, true);
1674 if (!err) {
1675 struct fuse_file *ff = file->private_data;
1676
1677 /*
1678 * Keep handling FOPEN_STREAM and FOPEN_NONSEEKABLE for
1679 * directories for backward compatibility, though it's unlikely
1680 * to be useful.
1681 */
1682 if (ff->open_flags & (FOPEN_STREAM | FOPEN_NONSEEKABLE))
1683 nonseekable_open(inode, file);
1684 if (!(ff->open_flags & FOPEN_KEEP_CACHE))
1685 invalidate_inode_pages2(inode->i_mapping);
1686 }
1687
1688 return err;
1689 }
1690
fuse_dir_release(struct inode * inode,struct file * file)1691 static int fuse_dir_release(struct inode *inode, struct file *file)
1692 {
1693 fuse_release_common(file, true);
1694
1695 return 0;
1696 }
1697
fuse_dir_fsync(struct file * file,loff_t start,loff_t end,int datasync)1698 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end,
1699 int datasync)
1700 {
1701 struct inode *inode = file->f_mapping->host;
1702 struct fuse_conn *fc = get_fuse_conn(inode);
1703 int err;
1704
1705 if (fuse_is_bad(inode))
1706 return -EIO;
1707
1708 if (fc->no_fsyncdir)
1709 return 0;
1710
1711 inode_lock(inode);
1712 err = fuse_fsync_common(file, start, end, datasync, FUSE_FSYNCDIR);
1713 if (err == -ENOSYS) {
1714 fc->no_fsyncdir = 1;
1715 err = 0;
1716 }
1717 inode_unlock(inode);
1718
1719 return err;
1720 }
1721
fuse_dir_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1722 static long fuse_dir_ioctl(struct file *file, unsigned int cmd,
1723 unsigned long arg)
1724 {
1725 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1726
1727 /* FUSE_IOCTL_DIR only supported for API version >= 7.18 */
1728 if (fc->minor < 18)
1729 return -ENOTTY;
1730
1731 return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR);
1732 }
1733
fuse_dir_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1734 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd,
1735 unsigned long arg)
1736 {
1737 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1738
1739 if (fc->minor < 18)
1740 return -ENOTTY;
1741
1742 return fuse_ioctl_common(file, cmd, arg,
1743 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR);
1744 }
1745
update_mtime(unsigned ivalid,bool trust_local_mtime)1746 static bool update_mtime(unsigned ivalid, bool trust_local_mtime)
1747 {
1748 /* Always update if mtime is explicitly set */
1749 if (ivalid & ATTR_MTIME_SET)
1750 return true;
1751
1752 /* Or if kernel i_mtime is the official one */
1753 if (trust_local_mtime)
1754 return true;
1755
1756 /* If it's an open(O_TRUNC) or an ftruncate(), don't update */
1757 if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE)))
1758 return false;
1759
1760 /* In all other cases update */
1761 return true;
1762 }
1763
iattr_to_fattr(struct mnt_idmap * idmap,struct fuse_conn * fc,struct iattr * iattr,struct fuse_setattr_in * arg,bool trust_local_cmtime)1764 static void iattr_to_fattr(struct mnt_idmap *idmap, struct fuse_conn *fc,
1765 struct iattr *iattr, struct fuse_setattr_in *arg,
1766 bool trust_local_cmtime)
1767 {
1768 unsigned ivalid = iattr->ia_valid;
1769
1770 if (ivalid & ATTR_MODE)
1771 arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode;
1772
1773 if (ivalid & ATTR_UID) {
1774 kuid_t fsuid = from_vfsuid(idmap, fc->user_ns, iattr->ia_vfsuid);
1775
1776 arg->valid |= FATTR_UID;
1777 arg->uid = from_kuid(fc->user_ns, fsuid);
1778 }
1779
1780 if (ivalid & ATTR_GID) {
1781 kgid_t fsgid = from_vfsgid(idmap, fc->user_ns, iattr->ia_vfsgid);
1782
1783 arg->valid |= FATTR_GID;
1784 arg->gid = from_kgid(fc->user_ns, fsgid);
1785 }
1786
1787 if (ivalid & ATTR_SIZE)
1788 arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size;
1789 if (ivalid & ATTR_ATIME) {
1790 arg->valid |= FATTR_ATIME;
1791 arg->atime = iattr->ia_atime.tv_sec;
1792 arg->atimensec = iattr->ia_atime.tv_nsec;
1793 if (!(ivalid & ATTR_ATIME_SET))
1794 arg->valid |= FATTR_ATIME_NOW;
1795 }
1796 if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) {
1797 arg->valid |= FATTR_MTIME;
1798 arg->mtime = iattr->ia_mtime.tv_sec;
1799 arg->mtimensec = iattr->ia_mtime.tv_nsec;
1800 if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime)
1801 arg->valid |= FATTR_MTIME_NOW;
1802 }
1803 if ((ivalid & ATTR_CTIME) && trust_local_cmtime) {
1804 arg->valid |= FATTR_CTIME;
1805 arg->ctime = iattr->ia_ctime.tv_sec;
1806 arg->ctimensec = iattr->ia_ctime.tv_nsec;
1807 }
1808 }
1809
1810 /*
1811 * Prevent concurrent writepages on inode
1812 *
1813 * This is done by adding a negative bias to the inode write counter
1814 * and waiting for all pending writes to finish.
1815 */
fuse_set_nowrite(struct inode * inode)1816 void fuse_set_nowrite(struct inode *inode)
1817 {
1818 struct fuse_inode *fi = get_fuse_inode(inode);
1819
1820 BUG_ON(!inode_is_locked(inode));
1821
1822 spin_lock(&fi->lock);
1823 BUG_ON(fi->writectr < 0);
1824 fi->writectr += FUSE_NOWRITE;
1825 spin_unlock(&fi->lock);
1826 wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE);
1827 }
1828
1829 /*
1830 * Allow writepages on inode
1831 *
1832 * Remove the bias from the writecounter and send any queued
1833 * writepages.
1834 */
__fuse_release_nowrite(struct inode * inode)1835 static void __fuse_release_nowrite(struct inode *inode)
1836 {
1837 struct fuse_inode *fi = get_fuse_inode(inode);
1838
1839 BUG_ON(fi->writectr != FUSE_NOWRITE);
1840 fi->writectr = 0;
1841 fuse_flush_writepages(inode);
1842 }
1843
fuse_release_nowrite(struct inode * inode)1844 void fuse_release_nowrite(struct inode *inode)
1845 {
1846 struct fuse_inode *fi = get_fuse_inode(inode);
1847
1848 spin_lock(&fi->lock);
1849 __fuse_release_nowrite(inode);
1850 spin_unlock(&fi->lock);
1851 }
1852
fuse_setattr_fill(struct fuse_conn * fc,struct fuse_args * args,struct inode * inode,struct fuse_setattr_in * inarg_p,struct fuse_attr_out * outarg_p)1853 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args,
1854 struct inode *inode,
1855 struct fuse_setattr_in *inarg_p,
1856 struct fuse_attr_out *outarg_p)
1857 {
1858 args->opcode = FUSE_SETATTR;
1859 args->nodeid = get_node_id(inode);
1860 args->in_numargs = 1;
1861 args->in_args[0].size = sizeof(*inarg_p);
1862 args->in_args[0].value = inarg_p;
1863 args->out_numargs = 1;
1864 args->out_args[0].size = sizeof(*outarg_p);
1865 args->out_args[0].value = outarg_p;
1866 }
1867
1868 /*
1869 * Flush inode->i_mtime to the server
1870 */
fuse_flush_times(struct inode * inode,struct fuse_file * ff)1871 int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
1872 {
1873 struct fuse_mount *fm = get_fuse_mount(inode);
1874 FUSE_ARGS(args);
1875 struct fuse_setattr_in inarg;
1876 struct fuse_attr_out outarg;
1877
1878 memset(&inarg, 0, sizeof(inarg));
1879 memset(&outarg, 0, sizeof(outarg));
1880
1881 inarg.valid = FATTR_MTIME;
1882 inarg.mtime = inode_get_mtime_sec(inode);
1883 inarg.mtimensec = inode_get_mtime_nsec(inode);
1884 if (fm->fc->minor >= 23) {
1885 inarg.valid |= FATTR_CTIME;
1886 inarg.ctime = inode_get_ctime_sec(inode);
1887 inarg.ctimensec = inode_get_ctime_nsec(inode);
1888 }
1889 if (ff) {
1890 inarg.valid |= FATTR_FH;
1891 inarg.fh = ff->fh;
1892 }
1893 fuse_setattr_fill(fm->fc, &args, inode, &inarg, &outarg);
1894
1895 return fuse_simple_request(fm, &args);
1896 }
1897
1898 /*
1899 * Set attributes, and at the same time refresh them.
1900 *
1901 * Truncation is slightly complicated, because the 'truncate' request
1902 * may fail, in which case we don't want to touch the mapping.
1903 * vmtruncate() doesn't allow for this case, so do the rlimit checking
1904 * and the actual truncation by hand.
1905 */
fuse_do_setattr(struct mnt_idmap * idmap,struct dentry * dentry,struct iattr * attr,struct file * file)1906 int fuse_do_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
1907 struct iattr *attr, struct file *file)
1908 {
1909 struct inode *inode = d_inode(dentry);
1910 struct fuse_mount *fm = get_fuse_mount(inode);
1911 struct fuse_conn *fc = fm->fc;
1912 struct fuse_inode *fi = get_fuse_inode(inode);
1913 struct address_space *mapping = inode->i_mapping;
1914 FUSE_ARGS(args);
1915 struct fuse_setattr_in inarg;
1916 struct fuse_attr_out outarg;
1917 bool is_truncate = false;
1918 bool is_wb = fc->writeback_cache && S_ISREG(inode->i_mode);
1919 loff_t oldsize;
1920 int err;
1921 bool trust_local_cmtime = is_wb;
1922 bool fault_blocked = false;
1923
1924 if (!fc->default_permissions)
1925 attr->ia_valid |= ATTR_FORCE;
1926
1927 err = setattr_prepare(idmap, dentry, attr);
1928 if (err)
1929 return err;
1930
1931 if (attr->ia_valid & ATTR_SIZE) {
1932 if (WARN_ON(!S_ISREG(inode->i_mode)))
1933 return -EIO;
1934 is_truncate = true;
1935 }
1936
1937 if (FUSE_IS_DAX(inode) && is_truncate) {
1938 filemap_invalidate_lock(mapping);
1939 fault_blocked = true;
1940 err = fuse_dax_break_layouts(inode, 0, 0);
1941 if (err) {
1942 filemap_invalidate_unlock(mapping);
1943 return err;
1944 }
1945 }
1946
1947 if (attr->ia_valid & ATTR_OPEN) {
1948 /* This is coming from open(..., ... | O_TRUNC); */
1949 WARN_ON(!(attr->ia_valid & ATTR_SIZE));
1950 WARN_ON(attr->ia_size != 0);
1951 if (fc->atomic_o_trunc) {
1952 /*
1953 * No need to send request to userspace, since actual
1954 * truncation has already been done by OPEN. But still
1955 * need to truncate page cache.
1956 */
1957 i_size_write(inode, 0);
1958 truncate_pagecache(inode, 0);
1959 goto out;
1960 }
1961 file = NULL;
1962 }
1963
1964 /* Flush dirty data/metadata before non-truncate SETATTR */
1965 if (is_wb &&
1966 attr->ia_valid &
1967 (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET |
1968 ATTR_TIMES_SET)) {
1969 err = write_inode_now(inode, true);
1970 if (err)
1971 return err;
1972
1973 fuse_set_nowrite(inode);
1974 fuse_release_nowrite(inode);
1975 }
1976
1977 if (is_truncate) {
1978 fuse_set_nowrite(inode);
1979 set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1980 if (trust_local_cmtime && attr->ia_size != inode->i_size)
1981 attr->ia_valid |= ATTR_MTIME | ATTR_CTIME;
1982 }
1983
1984 memset(&inarg, 0, sizeof(inarg));
1985 memset(&outarg, 0, sizeof(outarg));
1986 iattr_to_fattr(idmap, fc, attr, &inarg, trust_local_cmtime);
1987 if (file) {
1988 struct fuse_file *ff = file->private_data;
1989 inarg.valid |= FATTR_FH;
1990 inarg.fh = ff->fh;
1991 }
1992
1993 /* Kill suid/sgid for non-directory chown unconditionally */
1994 if (fc->handle_killpriv_v2 && !S_ISDIR(inode->i_mode) &&
1995 attr->ia_valid & (ATTR_UID | ATTR_GID))
1996 inarg.valid |= FATTR_KILL_SUIDGID;
1997
1998 if (attr->ia_valid & ATTR_SIZE) {
1999 /* For mandatory locking in truncate */
2000 inarg.valid |= FATTR_LOCKOWNER;
2001 inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
2002
2003 /* Kill suid/sgid for truncate only if no CAP_FSETID */
2004 if (fc->handle_killpriv_v2 && !capable(CAP_FSETID))
2005 inarg.valid |= FATTR_KILL_SUIDGID;
2006 }
2007 fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
2008 err = fuse_simple_request(fm, &args);
2009 if (err) {
2010 if (err == -EINTR)
2011 fuse_invalidate_attr(inode);
2012 goto error;
2013 }
2014
2015 if (fuse_invalid_attr(&outarg.attr) ||
2016 inode_wrong_type(inode, outarg.attr.mode)) {
2017 fuse_make_bad(inode);
2018 err = -EIO;
2019 goto error;
2020 }
2021
2022 spin_lock(&fi->lock);
2023 /* the kernel maintains i_mtime locally */
2024 if (trust_local_cmtime) {
2025 if (attr->ia_valid & ATTR_MTIME)
2026 inode_set_mtime_to_ts(inode, attr->ia_mtime);
2027 if (attr->ia_valid & ATTR_CTIME)
2028 inode_set_ctime_to_ts(inode, attr->ia_ctime);
2029 /* FIXME: clear I_DIRTY_SYNC? */
2030 }
2031
2032 fuse_change_attributes_common(inode, &outarg.attr, NULL,
2033 ATTR_TIMEOUT(&outarg),
2034 fuse_get_cache_mask(inode), 0);
2035 oldsize = inode->i_size;
2036 /* see the comment in fuse_change_attributes() */
2037 if (!is_wb || is_truncate)
2038 i_size_write(inode, outarg.attr.size);
2039
2040 if (is_truncate) {
2041 /* NOTE: this may release/reacquire fi->lock */
2042 __fuse_release_nowrite(inode);
2043 }
2044 spin_unlock(&fi->lock);
2045
2046 /*
2047 * Only call invalidate_inode_pages2() after removing
2048 * FUSE_NOWRITE, otherwise fuse_launder_folio() would deadlock.
2049 */
2050 if ((is_truncate || !is_wb) &&
2051 S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) {
2052 truncate_pagecache(inode, outarg.attr.size);
2053 invalidate_inode_pages2(mapping);
2054 }
2055
2056 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
2057 out:
2058 if (fault_blocked)
2059 filemap_invalidate_unlock(mapping);
2060
2061 return 0;
2062
2063 error:
2064 if (is_truncate)
2065 fuse_release_nowrite(inode);
2066
2067 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
2068
2069 if (fault_blocked)
2070 filemap_invalidate_unlock(mapping);
2071 return err;
2072 }
2073
fuse_setattr(struct mnt_idmap * idmap,struct dentry * entry,struct iattr * attr)2074 static int fuse_setattr(struct mnt_idmap *idmap, struct dentry *entry,
2075 struct iattr *attr)
2076 {
2077 struct inode *inode = d_inode(entry);
2078 struct fuse_conn *fc = get_fuse_conn(inode);
2079 struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
2080 int ret;
2081
2082 if (fuse_is_bad(inode))
2083 return -EIO;
2084
2085 if (!fuse_allow_current_process(get_fuse_conn(inode)))
2086 return -EACCES;
2087
2088 if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
2089 attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
2090 ATTR_MODE);
2091
2092 /*
2093 * The only sane way to reliably kill suid/sgid is to do it in
2094 * the userspace filesystem
2095 *
2096 * This should be done on write(), truncate() and chown().
2097 */
2098 if (!fc->handle_killpriv && !fc->handle_killpriv_v2) {
2099 /*
2100 * ia_mode calculation may have used stale i_mode.
2101 * Refresh and recalculate.
2102 */
2103 ret = fuse_do_getattr(idmap, inode, NULL, file);
2104 if (ret)
2105 return ret;
2106
2107 attr->ia_mode = inode->i_mode;
2108 if (inode->i_mode & S_ISUID) {
2109 attr->ia_valid |= ATTR_MODE;
2110 attr->ia_mode &= ~S_ISUID;
2111 }
2112 if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
2113 attr->ia_valid |= ATTR_MODE;
2114 attr->ia_mode &= ~S_ISGID;
2115 }
2116 }
2117 }
2118 if (!attr->ia_valid)
2119 return 0;
2120
2121 ret = fuse_do_setattr(idmap, entry, attr, file);
2122 if (!ret) {
2123 /*
2124 * If filesystem supports acls it may have updated acl xattrs in
2125 * the filesystem, so forget cached acls for the inode.
2126 */
2127 if (fc->posix_acl)
2128 forget_all_cached_acls(inode);
2129
2130 /* Directory mode changed, may need to revalidate access */
2131 if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
2132 fuse_invalidate_entry_cache(entry);
2133 }
2134 return ret;
2135 }
2136
fuse_getattr(struct mnt_idmap * idmap,const struct path * path,struct kstat * stat,u32 request_mask,unsigned int flags)2137 static int fuse_getattr(struct mnt_idmap *idmap,
2138 const struct path *path, struct kstat *stat,
2139 u32 request_mask, unsigned int flags)
2140 {
2141 struct inode *inode = d_inode(path->dentry);
2142 struct fuse_conn *fc = get_fuse_conn(inode);
2143
2144 if (fuse_is_bad(inode))
2145 return -EIO;
2146
2147 if (!fuse_allow_current_process(fc)) {
2148 if (!request_mask) {
2149 /*
2150 * If user explicitly requested *nothing* then don't
2151 * error out, but return st_dev only.
2152 */
2153 stat->result_mask = 0;
2154 stat->dev = inode->i_sb->s_dev;
2155 return 0;
2156 }
2157 return -EACCES;
2158 }
2159
2160 return fuse_update_get_attr(idmap, inode, NULL, stat, request_mask, flags);
2161 }
2162
2163 static const struct inode_operations fuse_dir_inode_operations = {
2164 .lookup = fuse_lookup,
2165 .mkdir = fuse_mkdir,
2166 .symlink = fuse_symlink,
2167 .unlink = fuse_unlink,
2168 .rmdir = fuse_rmdir,
2169 .rename = fuse_rename2,
2170 .link = fuse_link,
2171 .setattr = fuse_setattr,
2172 .create = fuse_create,
2173 .atomic_open = fuse_atomic_open,
2174 .tmpfile = fuse_tmpfile,
2175 .mknod = fuse_mknod,
2176 .permission = fuse_permission,
2177 .getattr = fuse_getattr,
2178 .listxattr = fuse_listxattr,
2179 .get_inode_acl = fuse_get_inode_acl,
2180 .get_acl = fuse_get_acl,
2181 .set_acl = fuse_set_acl,
2182 .fileattr_get = fuse_fileattr_get,
2183 .fileattr_set = fuse_fileattr_set,
2184 };
2185
2186 static const struct file_operations fuse_dir_operations = {
2187 .llseek = generic_file_llseek,
2188 .read = generic_read_dir,
2189 .iterate_shared = fuse_readdir,
2190 .open = fuse_dir_open,
2191 .release = fuse_dir_release,
2192 .fsync = fuse_dir_fsync,
2193 .unlocked_ioctl = fuse_dir_ioctl,
2194 .compat_ioctl = fuse_dir_compat_ioctl,
2195 };
2196
2197 static const struct inode_operations fuse_common_inode_operations = {
2198 .setattr = fuse_setattr,
2199 .permission = fuse_permission,
2200 .getattr = fuse_getattr,
2201 .listxattr = fuse_listxattr,
2202 .get_inode_acl = fuse_get_inode_acl,
2203 .get_acl = fuse_get_acl,
2204 .set_acl = fuse_set_acl,
2205 .fileattr_get = fuse_fileattr_get,
2206 .fileattr_set = fuse_fileattr_set,
2207 };
2208
2209 static const struct inode_operations fuse_symlink_inode_operations = {
2210 .setattr = fuse_setattr,
2211 .get_link = fuse_get_link,
2212 .getattr = fuse_getattr,
2213 .listxattr = fuse_listxattr,
2214 };
2215
fuse_init_common(struct inode * inode)2216 void fuse_init_common(struct inode *inode)
2217 {
2218 inode->i_op = &fuse_common_inode_operations;
2219 }
2220
fuse_init_dir(struct inode * inode)2221 void fuse_init_dir(struct inode *inode)
2222 {
2223 struct fuse_inode *fi = get_fuse_inode(inode);
2224
2225 inode->i_op = &fuse_dir_inode_operations;
2226 inode->i_fop = &fuse_dir_operations;
2227
2228 spin_lock_init(&fi->rdc.lock);
2229 fi->rdc.cached = false;
2230 fi->rdc.size = 0;
2231 fi->rdc.pos = 0;
2232 fi->rdc.version = 0;
2233 }
2234
fuse_symlink_read_folio(struct file * null,struct folio * folio)2235 static int fuse_symlink_read_folio(struct file *null, struct folio *folio)
2236 {
2237 int err = fuse_readlink_page(folio->mapping->host, folio);
2238
2239 if (!err)
2240 folio_mark_uptodate(folio);
2241
2242 folio_unlock(folio);
2243
2244 return err;
2245 }
2246
2247 static const struct address_space_operations fuse_symlink_aops = {
2248 .read_folio = fuse_symlink_read_folio,
2249 };
2250
fuse_init_symlink(struct inode * inode)2251 void fuse_init_symlink(struct inode *inode)
2252 {
2253 inode->i_op = &fuse_symlink_inode_operations;
2254 inode->i_data.a_ops = &fuse_symlink_aops;
2255 inode_nohighmem(inode);
2256 }
2257