xref: /freebsd/sys/fs/fuse/fuse_internal.c (revision 036d2e814bf0f5d88ffb4b24c159320894541757)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 2007-2009 Google Inc. and Amit Singh
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions are
9  * met:
10  *
11  * * Redistributions of source code must retain the above copyright
12  *   notice, this list of conditions and the following disclaimer.
13  * * Redistributions in binary form must reproduce the above
14  *   copyright notice, this list of conditions and the following disclaimer
15  *   in the documentation and/or other materials provided with the
16  *   distribution.
17  * * Neither the name of Google Inc. nor the names of its
18  *   contributors may be used to endorse or promote products derived from
19  *   this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  *
33  * Copyright (C) 2005 Csaba Henk.
34  * All rights reserved.
35  *
36  * Copyright (c) 2019 The FreeBSD Foundation
37  *
38  * Portions of this software were developed by BFF Storage Systems, LLC under
39  * sponsorship from the FreeBSD Foundation.
40  *
41  * Redistribution and use in source and binary forms, with or without
42  * modification, are permitted provided that the following conditions
43  * are met:
44  * 1. Redistributions of source code must retain the above copyright
45  *    notice, this list of conditions and the following disclaimer.
46  * 2. Redistributions in binary form must reproduce the above copyright
47  *    notice, this list of conditions and the following disclaimer in the
48  *    documentation and/or other materials provided with the distribution.
49  *
50  * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
51  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53  * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
54  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60  * SUCH DAMAGE.
61  */
62 
63 #include <sys/cdefs.h>
64 __FBSDID("$FreeBSD$");
65 
66 #include <sys/param.h>
67 #include <sys/systm.h>
68 #include <sys/counter.h>
69 #include <sys/module.h>
70 #include <sys/errno.h>
71 #include <sys/kernel.h>
72 #include <sys/conf.h>
73 #include <sys/uio.h>
74 #include <sys/malloc.h>
75 #include <sys/queue.h>
76 #include <sys/lock.h>
77 #include <sys/mutex.h>
78 #include <sys/sdt.h>
79 #include <sys/sx.h>
80 #include <sys/proc.h>
81 #include <sys/mount.h>
82 #include <sys/vnode.h>
83 #include <sys/namei.h>
84 #include <sys/stat.h>
85 #include <sys/unistd.h>
86 #include <sys/filedesc.h>
87 #include <sys/file.h>
88 #include <sys/fcntl.h>
89 #include <sys/dirent.h>
90 #include <sys/bio.h>
91 #include <sys/buf.h>
92 #include <sys/sysctl.h>
93 #include <sys/priv.h>
94 
95 #include "fuse.h"
96 #include "fuse_file.h"
97 #include "fuse_internal.h"
98 #include "fuse_io.h"
99 #include "fuse_ipc.h"
100 #include "fuse_node.h"
101 #include "fuse_file.h"
102 
103 SDT_PROVIDER_DECLARE(fusefs);
104 /*
105  * Fuse trace probe:
106  * arg0: verbosity.  Higher numbers give more verbose messages
107  * arg1: Textual message
108  */
109 SDT_PROBE_DEFINE2(fusefs, , internal, trace, "int", "char*");
110 
111 #ifdef ZERO_PAD_INCOMPLETE_BUFS
112 static int isbzero(void *buf, size_t len);
113 
114 #endif
115 
116 counter_u64_t fuse_lookup_cache_hits;
117 counter_u64_t fuse_lookup_cache_misses;
118 
119 SYSCTL_COUNTER_U64(_vfs_fusefs_stats, OID_AUTO, lookup_cache_hits, CTLFLAG_RD,
120     &fuse_lookup_cache_hits, "number of positive cache hits in lookup");
121 
122 SYSCTL_COUNTER_U64(_vfs_fusefs_stats, OID_AUTO, lookup_cache_misses, CTLFLAG_RD,
123     &fuse_lookup_cache_misses, "number of cache misses in lookup");
124 
125 int
126 fuse_internal_get_cached_vnode(struct mount* mp, ino_t ino, int flags,
127 	struct vnode **vpp)
128 {
129 	struct bintime now;
130 	struct thread *td = curthread;
131 	uint64_t nodeid = ino;
132 	int error;
133 
134 	*vpp = NULL;
135 
136 	error = vfs_hash_get(mp, fuse_vnode_hash(nodeid), flags, td, vpp,
137 	    fuse_vnode_cmp, &nodeid);
138 	if (error)
139 		return error;
140 	/*
141 	 * Check the entry cache timeout.  We have to do this within fusefs
142 	 * instead of by using cache_enter_time/cache_lookup because those
143 	 * routines are only intended to work with pathnames, not inodes
144 	 */
145 	if (*vpp != NULL) {
146 		getbinuptime(&now);
147 		if (bintime_cmp(&(VTOFUD(*vpp)->entry_cache_timeout), &now, >)){
148 			counter_u64_add(fuse_lookup_cache_hits, 1);
149 			return 0;
150 		} else {
151 			/* Entry cache timeout */
152 			counter_u64_add(fuse_lookup_cache_misses, 1);
153 			cache_purge(*vpp);
154 			vput(*vpp);
155 			*vpp = NULL;
156 		}
157 	}
158 	return 0;
159 }
160 
161 /* Synchronously send a FUSE_ACCESS operation */
162 int
163 fuse_internal_access(struct vnode *vp,
164     accmode_t mode,
165     struct thread *td,
166     struct ucred *cred)
167 {
168 	int err = 0;
169 	uint32_t mask = F_OK;
170 	int dataflags;
171 	int vtype;
172 	struct mount *mp;
173 	struct fuse_dispatcher fdi;
174 	struct fuse_access_in *fai;
175 	struct fuse_data *data;
176 
177 	mp = vnode_mount(vp);
178 	vtype = vnode_vtype(vp);
179 
180 	data = fuse_get_mpdata(mp);
181 	dataflags = data->dataflags;
182 
183 	if (mode == 0)
184 		return 0;
185 
186 	if (mode & VMODIFY_PERMS && vfs_isrdonly(mp)) {
187 		switch (vp->v_type) {
188 		case VDIR:
189 			/* FALLTHROUGH */
190 		case VLNK:
191 			/* FALLTHROUGH */
192 		case VREG:
193 			return EROFS;
194 		default:
195 			break;
196 		}
197 	}
198 
199 	/* Unless explicitly permitted, deny everyone except the fs owner. */
200 	if (!(dataflags & FSESS_DAEMON_CAN_SPY)) {
201 		if (fuse_match_cred(data->daemoncred, cred))
202 			return EPERM;
203 	}
204 
205 	if (dataflags & FSESS_DEFAULT_PERMISSIONS) {
206 		struct vattr va;
207 
208 		fuse_internal_getattr(vp, &va, cred, td);
209 		return vaccess(vp->v_type, va.va_mode, va.va_uid,
210 		    va.va_gid, mode, cred, NULL);
211 	}
212 
213 	if (!fsess_isimpl(mp, FUSE_ACCESS))
214 		return 0;
215 
216 	if ((mode & (VWRITE | VAPPEND | VADMIN)) != 0)
217 		mask |= W_OK;
218 	if ((mode & VREAD) != 0)
219 		mask |= R_OK;
220 	if ((mode & VEXEC) != 0)
221 		mask |= X_OK;
222 
223 	fdisp_init(&fdi, sizeof(*fai));
224 	fdisp_make_vp(&fdi, FUSE_ACCESS, vp, td, cred);
225 
226 	fai = fdi.indata;
227 	fai->mask = mask;
228 
229 	err = fdisp_wait_answ(&fdi);
230 	fdisp_destroy(&fdi);
231 
232 	if (err == ENOSYS) {
233 		fsess_set_notimpl(mp, FUSE_ACCESS);
234 		err = 0;
235 	}
236 	return err;
237 }
238 
239 /*
240  * Cache FUSE attributes from attr, in attribute cache associated with vnode
241  * 'vp'.  Optionally, if argument 'vap' is not NULL, store a copy of the
242  * converted attributes there as well.
243  *
244  * If the nominal attribute cache TTL is zero, do not cache on the 'vp' (but do
245  * return the result to the caller).
246  */
247 void
248 fuse_internal_cache_attrs(struct vnode *vp, struct fuse_attr *attr,
249 	uint64_t attr_valid, uint32_t attr_valid_nsec, struct vattr *vap)
250 {
251 	struct mount *mp;
252 	struct fuse_vnode_data *fvdat;
253 	struct fuse_data *data;
254 	struct vattr *vp_cache_at;
255 
256 	mp = vnode_mount(vp);
257 	fvdat = VTOFUD(vp);
258 	data = fuse_get_mpdata(mp);
259 
260 	ASSERT_VOP_ELOCKED(vp, "fuse_internal_cache_attrs");
261 
262 	fuse_validity_2_bintime(attr_valid, attr_valid_nsec,
263 		&fvdat->attr_cache_timeout);
264 
265 	/* Fix our buffers if the filesize changed without us knowing */
266 	if (vnode_isreg(vp) && attr->size != fvdat->cached_attrs.va_size) {
267 		(void)fuse_vnode_setsize(vp, attr->size);
268 		fvdat->cached_attrs.va_size = attr->size;
269 	}
270 
271 	if (attr_valid > 0 || attr_valid_nsec > 0)
272 		vp_cache_at = &(fvdat->cached_attrs);
273 	else if (vap != NULL)
274 		vp_cache_at = vap;
275 	else
276 		return;
277 
278 	vattr_null(vp_cache_at);
279 	vp_cache_at->va_fsid = mp->mnt_stat.f_fsid.val[0];
280 	vp_cache_at->va_fileid = attr->ino;
281 	vp_cache_at->va_mode = attr->mode & ~S_IFMT;
282 	vp_cache_at->va_nlink     = attr->nlink;
283 	vp_cache_at->va_uid       = attr->uid;
284 	vp_cache_at->va_gid       = attr->gid;
285 	vp_cache_at->va_rdev      = attr->rdev;
286 	vp_cache_at->va_size      = attr->size;
287 	/* XXX on i386, seconds are truncated to 32 bits */
288 	vp_cache_at->va_atime.tv_sec  = attr->atime;
289 	vp_cache_at->va_atime.tv_nsec = attr->atimensec;
290 	vp_cache_at->va_mtime.tv_sec  = attr->mtime;
291 	vp_cache_at->va_mtime.tv_nsec = attr->mtimensec;
292 	vp_cache_at->va_ctime.tv_sec  = attr->ctime;
293 	vp_cache_at->va_ctime.tv_nsec = attr->ctimensec;
294 	if (fuse_libabi_geq(data, 7, 9) && attr->blksize > 0)
295 		vp_cache_at->va_blocksize = attr->blksize;
296 	else
297 		vp_cache_at->va_blocksize = PAGE_SIZE;
298 	vp_cache_at->va_type = IFTOVT(attr->mode);
299 	vp_cache_at->va_bytes = attr->blocks * S_BLKSIZE;
300 	vp_cache_at->va_flags = 0;
301 
302 	if (vap != vp_cache_at && vap != NULL)
303 		memcpy(vap, vp_cache_at, sizeof(*vap));
304 }
305 
306 
307 /* fsync */
308 
309 int
310 fuse_internal_fsync_callback(struct fuse_ticket *tick, struct uio *uio)
311 {
312 	if (tick->tk_aw_ohead.error == ENOSYS) {
313 		fsess_set_notimpl(tick->tk_data->mp, fticket_opcode(tick));
314 	}
315 	return 0;
316 }
317 
318 int
319 fuse_internal_fsync(struct vnode *vp,
320     struct thread *td,
321     int waitfor,
322     bool datasync)
323 {
324 	struct fuse_fsync_in *ffsi = NULL;
325 	struct fuse_dispatcher fdi;
326 	struct fuse_filehandle *fufh;
327 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
328 	struct mount *mp = vnode_mount(vp);
329 	int op = FUSE_FSYNC;
330 	int err = 0;
331 
332 	if (!fsess_isimpl(vnode_mount(vp),
333 	    (vnode_vtype(vp) == VDIR ? FUSE_FSYNCDIR : FUSE_FSYNC))) {
334 		return 0;
335 	}
336 	if (vnode_isdir(vp))
337 		op = FUSE_FSYNCDIR;
338 
339 	if (!fsess_isimpl(mp, op))
340 		return 0;
341 
342 	fdisp_init(&fdi, sizeof(*ffsi));
343 	/*
344 	 * fsync every open file handle for this file, because we can't be sure
345 	 * which file handle the caller is really referring to.
346 	 */
347 	LIST_FOREACH(fufh, &fvdat->handles, next) {
348 		if (ffsi == NULL)
349 			fdisp_make_vp(&fdi, op, vp, td, NULL);
350 		else
351 			fdisp_refresh_vp(&fdi, op, vp, td, NULL);
352 		ffsi = fdi.indata;
353 		ffsi->fh = fufh->fh_id;
354 		ffsi->fsync_flags = 0;
355 
356 		if (datasync)
357 			ffsi->fsync_flags = 1;
358 
359 		if (waitfor == MNT_WAIT) {
360 			err = fdisp_wait_answ(&fdi);
361 		} else {
362 			fuse_insert_callback(fdi.tick,
363 				fuse_internal_fsync_callback);
364 			fuse_insert_message(fdi.tick, false);
365 		}
366 		if (err == ENOSYS) {
367 			/* ENOSYS means "success, and don't call again" */
368 			fsess_set_notimpl(mp, op);
369 			err = 0;
370 			break;
371 		}
372 	}
373 	fdisp_destroy(&fdi);
374 
375 	return err;
376 }
377 
378 /* Asynchronous invalidation */
379 SDT_PROBE_DEFINE2(fusefs, , internal, invalidate_cache_hit,
380 	"struct vnode*", "struct vnode*");
381 int
382 fuse_internal_invalidate_entry(struct mount *mp, struct uio *uio)
383 {
384 	struct fuse_notify_inval_entry_out fnieo;
385 	struct componentname cn;
386 	struct vnode *dvp, *vp;
387 	char name[PATH_MAX];
388 	int err;
389 
390 	if ((err = uiomove(&fnieo, sizeof(fnieo), uio)) != 0)
391 		return (err);
392 
393 	if (fnieo.namelen >= sizeof(name))
394 		return (EINVAL);
395 
396 	if ((err = uiomove(name, fnieo.namelen, uio)) != 0)
397 		return (err);
398 	name[fnieo.namelen] = '\0';
399 	/* fusefs does not cache "." or ".." entries */
400 	if (strncmp(name, ".", sizeof(".")) == 0 ||
401 	    strncmp(name, "..", sizeof("..")) == 0)
402 		return (0);
403 
404 	if (fnieo.parent == FUSE_ROOT_ID)
405 		err = VFS_ROOT(mp, LK_SHARED, &dvp);
406 	else
407 		err = fuse_internal_get_cached_vnode( mp, fnieo.parent,
408 			LK_SHARED, &dvp);
409 	/*
410 	 * If dvp is not in the cache, then it must've been reclaimed.  And
411 	 * since fuse_vnop_reclaim does a cache_purge, name's entry must've
412 	 * been invalidated already.  So we can safely return if dvp == NULL
413 	 */
414 	if (err != 0 || dvp == NULL)
415 		return (err);
416 	/*
417 	 * XXX we can't check dvp's generation because the FUSE invalidate
418 	 * entry message doesn't include it.  Worse case is that we invalidate
419 	 * an entry that didn't need to be invalidated.
420 	 */
421 
422 	cn.cn_nameiop = LOOKUP;
423 	cn.cn_flags = 0;	/* !MAKEENTRY means free cached entry */
424 	cn.cn_thread = curthread;
425 	cn.cn_cred = curthread->td_ucred;
426 	cn.cn_lkflags = LK_SHARED;
427 	cn.cn_pnbuf = NULL;
428 	cn.cn_nameptr = name;
429 	cn.cn_namelen = fnieo.namelen;
430 	err = cache_lookup(dvp, &vp, &cn, NULL, NULL);
431 	MPASS(err == 0);
432 	fuse_vnode_clear_attr_cache(dvp);
433 	vput(dvp);
434 	return (0);
435 }
436 
437 int
438 fuse_internal_invalidate_inode(struct mount *mp, struct uio *uio)
439 {
440 	struct fuse_notify_inval_inode_out fniio;
441 	struct vnode *vp;
442 	int err;
443 
444 	if ((err = uiomove(&fniio, sizeof(fniio), uio)) != 0)
445 		return (err);
446 
447 	if (fniio.ino == FUSE_ROOT_ID)
448 		err = VFS_ROOT(mp, LK_EXCLUSIVE, &vp);
449 	else
450 		err = fuse_internal_get_cached_vnode(mp, fniio.ino, LK_SHARED,
451 			&vp);
452 	if (err != 0 || vp == NULL)
453 		return (err);
454 	/*
455 	 * XXX we can't check vp's generation because the FUSE invalidate
456 	 * entry message doesn't include it.  Worse case is that we invalidate
457 	 * an inode that didn't need to be invalidated.
458 	 */
459 
460 	/*
461 	 * Flush and invalidate buffers if off >= 0.  Technically we only need
462 	 * to flush and invalidate the range of offsets [off, off + len), but
463 	 * for simplicity's sake we do everything.
464 	 */
465 	if (fniio.off >= 0)
466 		fuse_io_invalbuf(vp, curthread);
467 	fuse_vnode_clear_attr_cache(vp);
468 	vput(vp);
469 	return (0);
470 }
471 
472 /* mknod */
473 int
474 fuse_internal_mknod(struct vnode *dvp, struct vnode **vpp,
475 	struct componentname *cnp, struct vattr *vap)
476 {
477 	struct fuse_data *data;
478 	struct fuse_mknod_in fmni;
479 	size_t insize;
480 
481 	data = fuse_get_mpdata(dvp->v_mount);
482 
483 	fmni.mode = MAKEIMODE(vap->va_type, vap->va_mode);
484 	fmni.rdev = vap->va_rdev;
485 	if (fuse_libabi_geq(data, 7, 12)) {
486 		insize = sizeof(fmni);
487 		fmni.umask = curthread->td_proc->p_fd->fd_cmask;
488 	} else {
489 		insize = FUSE_COMPAT_MKNOD_IN_SIZE;
490 	}
491 	return (fuse_internal_newentry(dvp, vpp, cnp, FUSE_MKNOD, &fmni,
492 	    insize, vap->va_type));
493 }
494 
495 /* readdir */
496 
497 int
498 fuse_internal_readdir(struct vnode *vp,
499     struct uio *uio,
500     off_t startoff,
501     struct fuse_filehandle *fufh,
502     struct fuse_iov *cookediov,
503     int *ncookies,
504     u_long *cookies)
505 {
506 	int err = 0;
507 	struct fuse_dispatcher fdi;
508 	struct fuse_read_in *fri = NULL;
509 	int fnd_start;
510 
511 	if (uio_resid(uio) == 0)
512 		return 0;
513 	fdisp_init(&fdi, 0);
514 
515 	/*
516 	 * Note that we DO NOT have a UIO_SYSSPACE here (so no need for p2p
517 	 * I/O).
518 	 */
519 
520 	/*
521 	 * fnd_start is set non-zero once the offset in the directory gets
522 	 * to the startoff.  This is done because directories must be read
523 	 * from the beginning (offset == 0) when fuse_vnop_readdir() needs
524 	 * to do an open of the directory.
525 	 * If it is not set non-zero here, it will be set non-zero in
526 	 * fuse_internal_readdir_processdata() when uio_offset == startoff.
527 	 */
528 	fnd_start = 0;
529 	if (uio->uio_offset == startoff)
530 		fnd_start = 1;
531 	while (uio_resid(uio) > 0) {
532 		fdi.iosize = sizeof(*fri);
533 		if (fri == NULL)
534 			fdisp_make_vp(&fdi, FUSE_READDIR, vp, NULL, NULL);
535 		else
536 			fdisp_refresh_vp(&fdi, FUSE_READDIR, vp, NULL, NULL);
537 
538 		fri = fdi.indata;
539 		fri->fh = fufh->fh_id;
540 		fri->offset = uio_offset(uio);
541 		fri->size = MIN(uio->uio_resid,
542 		    fuse_get_mpdata(vp->v_mount)->max_read);
543 
544 		if ((err = fdisp_wait_answ(&fdi)))
545 			break;
546 		if ((err = fuse_internal_readdir_processdata(uio, startoff,
547 		    &fnd_start, fri->size, fdi.answ, fdi.iosize, cookediov,
548 		    ncookies, &cookies)))
549 			break;
550 	}
551 
552 	fdisp_destroy(&fdi);
553 	return ((err == -1) ? 0 : err);
554 }
555 
556 /*
557  * Return -1 to indicate that this readdir is finished, 0 if it copied
558  * all the directory data read in and it may be possible to read more
559  * and greater than 0 for a failure.
560  */
561 int
562 fuse_internal_readdir_processdata(struct uio *uio,
563     off_t startoff,
564     int *fnd_start,
565     size_t reqsize,
566     void *buf,
567     size_t bufsize,
568     struct fuse_iov *cookediov,
569     int *ncookies,
570     u_long **cookiesp)
571 {
572 	int err = 0;
573 	int bytesavail;
574 	size_t freclen;
575 
576 	struct dirent *de;
577 	struct fuse_dirent *fudge;
578 	u_long *cookies;
579 
580 	cookies = *cookiesp;
581 	if (bufsize < FUSE_NAME_OFFSET)
582 		return -1;
583 	for (;;) {
584 		if (bufsize < FUSE_NAME_OFFSET) {
585 			err = -1;
586 			break;
587 		}
588 		fudge = (struct fuse_dirent *)buf;
589 		freclen = FUSE_DIRENT_SIZE(fudge);
590 
591 		if (bufsize < freclen) {
592 			/*
593 			 * This indicates a partial directory entry at the
594 			 * end of the directory data.
595 			 */
596 			err = -1;
597 			break;
598 		}
599 #ifdef ZERO_PAD_INCOMPLETE_BUFS
600 		if (isbzero(buf, FUSE_NAME_OFFSET)) {
601 			err = -1;
602 			break;
603 		}
604 #endif
605 
606 		if (!fudge->namelen || fudge->namelen > MAXNAMLEN) {
607 			err = EINVAL;
608 			break;
609 		}
610 		bytesavail = GENERIC_DIRSIZ((struct pseudo_dirent *)
611 					    &fudge->namelen);
612 
613 		if (bytesavail > uio_resid(uio)) {
614 			/* Out of space for the dir so we are done. */
615 			err = -1;
616 			break;
617 		}
618 		/*
619 		 * Don't start to copy the directory entries out until
620 		 * the requested offset in the directory is found.
621 		 */
622 		if (*fnd_start != 0) {
623 			fiov_adjust(cookediov, bytesavail);
624 			bzero(cookediov->base, bytesavail);
625 
626 			de = (struct dirent *)cookediov->base;
627 			de->d_fileno = fudge->ino;
628 			de->d_reclen = bytesavail;
629 			de->d_type = fudge->type;
630 			de->d_namlen = fudge->namelen;
631 			memcpy((char *)cookediov->base + sizeof(struct dirent) -
632 			       MAXNAMLEN - 1,
633 			       (char *)buf + FUSE_NAME_OFFSET, fudge->namelen);
634 			dirent_terminate(de);
635 
636 			err = uiomove(cookediov->base, cookediov->len, uio);
637 			if (err)
638 				break;
639 			if (cookies != NULL) {
640 				if (*ncookies == 0) {
641 					err = -1;
642 					break;
643 				}
644 				*cookies = fudge->off;
645 				cookies++;
646 				(*ncookies)--;
647 			}
648 		} else if (startoff == fudge->off)
649 			*fnd_start = 1;
650 		buf = (char *)buf + freclen;
651 		bufsize -= freclen;
652 		uio_setoffset(uio, fudge->off);
653 	}
654 	*cookiesp = cookies;
655 
656 	return err;
657 }
658 
659 /* remove */
660 
661 int
662 fuse_internal_remove(struct vnode *dvp,
663     struct vnode *vp,
664     struct componentname *cnp,
665     enum fuse_opcode op)
666 {
667 	struct fuse_dispatcher fdi;
668 	nlink_t nlink;
669 	int err = 0;
670 
671 	fdisp_init(&fdi, cnp->cn_namelen + 1);
672 	fdisp_make_vp(&fdi, op, dvp, cnp->cn_thread, cnp->cn_cred);
673 
674 	memcpy(fdi.indata, cnp->cn_nameptr, cnp->cn_namelen);
675 	((char *)fdi.indata)[cnp->cn_namelen] = '\0';
676 
677 	err = fdisp_wait_answ(&fdi);
678 	fdisp_destroy(&fdi);
679 
680 	if (err)
681 		return (err);
682 
683 	/*
684 	 * Access the cached nlink even if the attr cached has expired.  If
685 	 * it's inaccurate, the worst that will happen is:
686 	 * 1) We'll recycle the vnode even though the file has another link we
687 	 *    don't know about, costing a bit of cpu time, or
688 	 * 2) We won't recycle the vnode even though all of its links are gone.
689 	 *    It will linger around until vnlru reclaims it, costing a bit of
690 	 *    temporary memory.
691 	 */
692 	nlink = VTOFUD(vp)->cached_attrs.va_nlink--;
693 
694 	/*
695 	 * Purge the parent's attribute cache because the daemon
696 	 * should've updated its mtime and ctime.
697 	 */
698 	fuse_vnode_clear_attr_cache(dvp);
699 
700 	/* NB: nlink could be zero if it was never cached */
701 	if (nlink <= 1 || vnode_vtype(vp) == VDIR) {
702 		fuse_internal_vnode_disappear(vp);
703 	} else {
704 		cache_purge(vp);
705 		fuse_vnode_update(vp, FN_CTIMECHANGE);
706 	}
707 
708 	return err;
709 }
710 
711 /* rename */
712 
713 int
714 fuse_internal_rename(struct vnode *fdvp,
715     struct componentname *fcnp,
716     struct vnode *tdvp,
717     struct componentname *tcnp)
718 {
719 	struct fuse_dispatcher fdi;
720 	struct fuse_rename_in *fri;
721 	int err = 0;
722 
723 	fdisp_init(&fdi, sizeof(*fri) + fcnp->cn_namelen + tcnp->cn_namelen + 2);
724 	fdisp_make_vp(&fdi, FUSE_RENAME, fdvp, tcnp->cn_thread, tcnp->cn_cred);
725 
726 	fri = fdi.indata;
727 	fri->newdir = VTOI(tdvp);
728 	memcpy((char *)fdi.indata + sizeof(*fri), fcnp->cn_nameptr,
729 	    fcnp->cn_namelen);
730 	((char *)fdi.indata)[sizeof(*fri) + fcnp->cn_namelen] = '\0';
731 	memcpy((char *)fdi.indata + sizeof(*fri) + fcnp->cn_namelen + 1,
732 	    tcnp->cn_nameptr, tcnp->cn_namelen);
733 	((char *)fdi.indata)[sizeof(*fri) + fcnp->cn_namelen +
734 	    tcnp->cn_namelen + 1] = '\0';
735 
736 	err = fdisp_wait_answ(&fdi);
737 	fdisp_destroy(&fdi);
738 	return err;
739 }
740 
741 /* strategy */
742 
743 /* entity creation */
744 
745 void
746 fuse_internal_newentry_makerequest(struct mount *mp,
747     uint64_t dnid,
748     struct componentname *cnp,
749     enum fuse_opcode op,
750     void *buf,
751     size_t bufsize,
752     struct fuse_dispatcher *fdip)
753 {
754 	fdip->iosize = bufsize + cnp->cn_namelen + 1;
755 
756 	fdisp_make(fdip, op, mp, dnid, cnp->cn_thread, cnp->cn_cred);
757 	memcpy(fdip->indata, buf, bufsize);
758 	memcpy((char *)fdip->indata + bufsize, cnp->cn_nameptr, cnp->cn_namelen);
759 	((char *)fdip->indata)[bufsize + cnp->cn_namelen] = '\0';
760 }
761 
762 int
763 fuse_internal_newentry_core(struct vnode *dvp,
764     struct vnode **vpp,
765     struct componentname *cnp,
766     enum vtype vtyp,
767     struct fuse_dispatcher *fdip)
768 {
769 	int err = 0;
770 	struct fuse_entry_out *feo;
771 	struct mount *mp = vnode_mount(dvp);
772 
773 	if ((err = fdisp_wait_answ(fdip))) {
774 		return err;
775 	}
776 	feo = fdip->answ;
777 
778 	if ((err = fuse_internal_checkentry(feo, vtyp))) {
779 		return err;
780 	}
781 	err = fuse_vnode_get(mp, feo, feo->nodeid, dvp, vpp, cnp, vtyp);
782 	if (err) {
783 		fuse_internal_forget_send(mp, cnp->cn_thread, cnp->cn_cred,
784 		    feo->nodeid, 1);
785 		return err;
786 	}
787 
788 	/*
789 	 * Purge the parent's attribute cache because the daemon should've
790 	 * updated its mtime and ctime
791 	 */
792 	fuse_vnode_clear_attr_cache(dvp);
793 
794 	fuse_internal_cache_attrs(*vpp, &feo->attr, feo->attr_valid,
795 		feo->attr_valid_nsec, NULL);
796 
797 	return err;
798 }
799 
800 int
801 fuse_internal_newentry(struct vnode *dvp,
802     struct vnode **vpp,
803     struct componentname *cnp,
804     enum fuse_opcode op,
805     void *buf,
806     size_t bufsize,
807     enum vtype vtype)
808 {
809 	int err;
810 	struct fuse_dispatcher fdi;
811 	struct mount *mp = vnode_mount(dvp);
812 
813 	fdisp_init(&fdi, 0);
814 	fuse_internal_newentry_makerequest(mp, VTOI(dvp), cnp, op, buf,
815 	    bufsize, &fdi);
816 	err = fuse_internal_newentry_core(dvp, vpp, cnp, vtype, &fdi);
817 	fdisp_destroy(&fdi);
818 
819 	return err;
820 }
821 
822 /* entity destruction */
823 
824 int
825 fuse_internal_forget_callback(struct fuse_ticket *ftick, struct uio *uio)
826 {
827 	fuse_internal_forget_send(ftick->tk_data->mp, curthread, NULL,
828 	    ((struct fuse_in_header *)ftick->tk_ms_fiov.base)->nodeid, 1);
829 
830 	return 0;
831 }
832 
833 void
834 fuse_internal_forget_send(struct mount *mp,
835     struct thread *td,
836     struct ucred *cred,
837     uint64_t nodeid,
838     uint64_t nlookup)
839 {
840 
841 	struct fuse_dispatcher fdi;
842 	struct fuse_forget_in *ffi;
843 
844 	/*
845          * KASSERT(nlookup > 0, ("zero-times forget for vp #%llu",
846          *         (long long unsigned) nodeid));
847          */
848 
849 	fdisp_init(&fdi, sizeof(*ffi));
850 	fdisp_make(&fdi, FUSE_FORGET, mp, nodeid, td, cred);
851 
852 	ffi = fdi.indata;
853 	ffi->nlookup = nlookup;
854 
855 	fuse_insert_message(fdi.tick, false);
856 	fdisp_destroy(&fdi);
857 }
858 
859 /* Fetch the vnode's attributes from the daemon*/
860 int
861 fuse_internal_do_getattr(struct vnode *vp, struct vattr *vap,
862 	struct ucred *cred, struct thread *td)
863 {
864 	struct fuse_dispatcher fdi;
865 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
866 	struct fuse_getattr_in *fgai;
867 	struct fuse_attr_out *fao;
868 	off_t old_filesize = fvdat->cached_attrs.va_size;
869 	struct timespec old_ctime = fvdat->cached_attrs.va_ctime;
870 	struct timespec old_mtime = fvdat->cached_attrs.va_mtime;
871 	enum vtype vtyp;
872 	int err;
873 
874 	fdisp_init(&fdi, sizeof(*fgai));
875 	fdisp_make_vp(&fdi, FUSE_GETATTR, vp, td, cred);
876 	fgai = fdi.indata;
877 	/*
878 	 * We could look up a file handle and set it in fgai->fh, but that
879 	 * involves extra runtime work and I'm unaware of any file systems that
880 	 * care.
881 	 */
882 	fgai->getattr_flags = 0;
883 	if ((err = fdisp_wait_answ(&fdi))) {
884 		if (err == ENOENT)
885 			fuse_internal_vnode_disappear(vp);
886 		goto out;
887 	}
888 
889 	fao = (struct fuse_attr_out *)fdi.answ;
890 	vtyp = IFTOVT(fao->attr.mode);
891 	if (fvdat->flag & FN_SIZECHANGE)
892 		fao->attr.size = old_filesize;
893 	if (fvdat->flag & FN_CTIMECHANGE) {
894 		fao->attr.ctime = old_ctime.tv_sec;
895 		fao->attr.ctimensec = old_ctime.tv_nsec;
896 	}
897 	if (fvdat->flag & FN_MTIMECHANGE) {
898 		fao->attr.mtime = old_mtime.tv_sec;
899 		fao->attr.mtimensec = old_mtime.tv_nsec;
900 	}
901 	fuse_internal_cache_attrs(vp, &fao->attr, fao->attr_valid,
902 		fao->attr_valid_nsec, vap);
903 	if (vtyp != vnode_vtype(vp)) {
904 		fuse_internal_vnode_disappear(vp);
905 		err = ENOENT;
906 	}
907 
908 out:
909 	fdisp_destroy(&fdi);
910 	return err;
911 }
912 
913 /* Read a vnode's attributes from cache or fetch them from the fuse daemon */
914 int
915 fuse_internal_getattr(struct vnode *vp, struct vattr *vap, struct ucred *cred,
916 	struct thread *td)
917 {
918 	struct vattr *attrs;
919 
920 	if ((attrs = VTOVA(vp)) != NULL) {
921 		*vap = *attrs;	/* struct copy */
922 		return 0;
923 	}
924 
925 	return fuse_internal_do_getattr(vp, vap, cred, td);
926 }
927 
928 void
929 fuse_internal_vnode_disappear(struct vnode *vp)
930 {
931 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
932 
933 	ASSERT_VOP_ELOCKED(vp, "fuse_internal_vnode_disappear");
934 	fvdat->flag |= FN_REVOKED;
935 	cache_purge(vp);
936 }
937 
938 /* fuse start/stop */
939 
940 int
941 fuse_internal_init_callback(struct fuse_ticket *tick, struct uio *uio)
942 {
943 	int err = 0;
944 	struct fuse_data *data = tick->tk_data;
945 	struct fuse_init_out *fiio;
946 
947 	if ((err = tick->tk_aw_ohead.error)) {
948 		goto out;
949 	}
950 	if ((err = fticket_pull(tick, uio))) {
951 		goto out;
952 	}
953 	fiio = fticket_resp(tick)->base;
954 
955 	data->fuse_libabi_major = fiio->major;
956 	data->fuse_libabi_minor = fiio->minor;
957 	if (!fuse_libabi_geq(data, 7, 4)) {
958 		/*
959 		 * With a little work we could support servers as old as 7.1.
960 		 * But there would be little payoff.
961 		 */
962 		SDT_PROBE2(fusefs, , internal, trace, 1,
963 			"userpace version too low");
964 		err = EPROTONOSUPPORT;
965 		goto out;
966 	}
967 
968 	if (fuse_libabi_geq(data, 7, 5)) {
969 		if (fticket_resp(tick)->len == sizeof(struct fuse_init_out) ||
970 		    fticket_resp(tick)->len == FUSE_COMPAT_22_INIT_OUT_SIZE) {
971 			data->max_write = fiio->max_write;
972 			if (fiio->flags & FUSE_ASYNC_READ)
973 				data->dataflags |= FSESS_ASYNC_READ;
974 			if (fiio->flags & FUSE_POSIX_LOCKS)
975 				data->dataflags |= FSESS_POSIX_LOCKS;
976 			if (fiio->flags & FUSE_EXPORT_SUPPORT)
977 				data->dataflags |= FSESS_EXPORT_SUPPORT;
978 			/*
979 			 * Don't bother to check FUSE_BIG_WRITES, because it's
980 			 * redundant with max_write
981 			 */
982 			/*
983 			 * max_background and congestion_threshold are not
984 			 * implemented
985 			 */
986 		} else {
987 			err = EINVAL;
988 		}
989 	} else {
990 		/* Old fixed values */
991 		data->max_write = 4096;
992 	}
993 
994 	if (fuse_libabi_geq(data, 7, 6))
995 		data->max_readahead_blocks = fiio->max_readahead / maxbcachebuf;
996 
997 	if (!fuse_libabi_geq(data, 7, 7))
998 		fsess_set_notimpl(data->mp, FUSE_INTERRUPT);
999 
1000 	if (!fuse_libabi_geq(data, 7, 8)) {
1001 		fsess_set_notimpl(data->mp, FUSE_BMAP);
1002 		fsess_set_notimpl(data->mp, FUSE_DESTROY);
1003 	}
1004 
1005 	if (fuse_libabi_geq(data, 7, 23) && fiio->time_gran >= 1 &&
1006 	    fiio->time_gran <= 1000000000)
1007 		data->time_gran = fiio->time_gran;
1008 	else
1009 		data->time_gran = 1;
1010 
1011 	if (!fuse_libabi_geq(data, 7, 23))
1012 		data->cache_mode = fuse_data_cache_mode;
1013 	else if (fiio->flags & FUSE_WRITEBACK_CACHE)
1014 		data->cache_mode = FUSE_CACHE_WB;
1015 	else
1016 		data->cache_mode = FUSE_CACHE_WT;
1017 
1018 out:
1019 	if (err) {
1020 		fdata_set_dead(data);
1021 	}
1022 	FUSE_LOCK();
1023 	data->dataflags |= FSESS_INITED;
1024 	wakeup(&data->ticketer);
1025 	FUSE_UNLOCK();
1026 
1027 	return 0;
1028 }
1029 
1030 void
1031 fuse_internal_send_init(struct fuse_data *data, struct thread *td)
1032 {
1033 	struct fuse_init_in *fiii;
1034 	struct fuse_dispatcher fdi;
1035 
1036 	fdisp_init(&fdi, sizeof(*fiii));
1037 	fdisp_make(&fdi, FUSE_INIT, data->mp, 0, td, NULL);
1038 	fiii = fdi.indata;
1039 	fiii->major = FUSE_KERNEL_VERSION;
1040 	fiii->minor = FUSE_KERNEL_MINOR_VERSION;
1041 	/*
1042 	 * fusefs currently reads ahead no more than one cache block at a time.
1043 	 * See fuse_read_biobackend
1044 	 */
1045 	fiii->max_readahead = maxbcachebuf;
1046 	/*
1047 	 * Unsupported features:
1048 	 * FUSE_FILE_OPS: No known FUSE server or client supports it
1049 	 * FUSE_ATOMIC_O_TRUNC: our VFS cannot support it
1050 	 * FUSE_DONT_MASK: unlike Linux, FreeBSD always applies the umask, even
1051 	 *	when default ACLs are in use.
1052 	 * FUSE_SPLICE_WRITE, FUSE_SPLICE_MOVE, FUSE_SPLICE_READ: FreeBSD
1053 	 *	doesn't have splice(2).
1054 	 * FUSE_FLOCK_LOCKS: not yet implemented
1055 	 * FUSE_HAS_IOCTL_DIR: not yet implemented
1056 	 * FUSE_AUTO_INVAL_DATA: not yet implemented
1057 	 * FUSE_DO_READDIRPLUS: not yet implemented
1058 	 * FUSE_READDIRPLUS_AUTO: not yet implemented
1059 	 * FUSE_ASYNC_DIO: not yet implemented
1060 	 * FUSE_NO_OPEN_SUPPORT: not yet implemented
1061 	 */
1062 	fiii->flags = FUSE_ASYNC_READ | FUSE_POSIX_LOCKS | FUSE_EXPORT_SUPPORT
1063 		| FUSE_BIG_WRITES | FUSE_WRITEBACK_CACHE;
1064 
1065 	fuse_insert_callback(fdi.tick, fuse_internal_init_callback);
1066 	fuse_insert_message(fdi.tick, false);
1067 	fdisp_destroy(&fdi);
1068 }
1069 
1070 /*
1071  * Send a FUSE_SETATTR operation with no permissions checks.  If cred is NULL,
1072  * send the request with root credentials
1073  */
1074 int fuse_internal_setattr(struct vnode *vp, struct vattr *vap,
1075 	struct thread *td, struct ucred *cred)
1076 {
1077 	struct fuse_vnode_data *fvdat;
1078 	struct fuse_dispatcher fdi;
1079 	struct fuse_setattr_in *fsai;
1080 	struct mount *mp;
1081 	pid_t pid = td->td_proc->p_pid;
1082 	struct fuse_data *data;
1083 	int dataflags;
1084 	int err = 0;
1085 	enum vtype vtyp;
1086 	int sizechanged = -1;
1087 	uint64_t newsize = 0;
1088 
1089 	mp = vnode_mount(vp);
1090 	fvdat = VTOFUD(vp);
1091 	data = fuse_get_mpdata(mp);
1092 	dataflags = data->dataflags;
1093 
1094 	fdisp_init(&fdi, sizeof(*fsai));
1095 	fdisp_make_vp(&fdi, FUSE_SETATTR, vp, td, cred);
1096 	if (!cred) {
1097 		fdi.finh->uid = 0;
1098 		fdi.finh->gid = 0;
1099 	}
1100 	fsai = fdi.indata;
1101 	fsai->valid = 0;
1102 
1103 	if (vap->va_uid != (uid_t)VNOVAL) {
1104 		fsai->uid = vap->va_uid;
1105 		fsai->valid |= FATTR_UID;
1106 	}
1107 	if (vap->va_gid != (gid_t)VNOVAL) {
1108 		fsai->gid = vap->va_gid;
1109 		fsai->valid |= FATTR_GID;
1110 	}
1111 	if (vap->va_size != VNOVAL) {
1112 		struct fuse_filehandle *fufh = NULL;
1113 
1114 		/*Truncate to a new value. */
1115 		fsai->size = vap->va_size;
1116 		sizechanged = 1;
1117 		newsize = vap->va_size;
1118 		fsai->valid |= FATTR_SIZE;
1119 
1120 		fuse_filehandle_getrw(vp, FWRITE, &fufh, cred, pid);
1121 		if (fufh) {
1122 			fsai->fh = fufh->fh_id;
1123 			fsai->valid |= FATTR_FH;
1124 		}
1125 		VTOFUD(vp)->flag &= ~FN_SIZECHANGE;
1126 	}
1127 	if (vap->va_atime.tv_sec != VNOVAL) {
1128 		fsai->atime = vap->va_atime.tv_sec;
1129 		fsai->atimensec = vap->va_atime.tv_nsec;
1130 		fsai->valid |= FATTR_ATIME;
1131 		if (vap->va_vaflags & VA_UTIMES_NULL)
1132 			fsai->valid |= FATTR_ATIME_NOW;
1133 	}
1134 	if (vap->va_mtime.tv_sec != VNOVAL) {
1135 		fsai->mtime = vap->va_mtime.tv_sec;
1136 		fsai->mtimensec = vap->va_mtime.tv_nsec;
1137 		fsai->valid |= FATTR_MTIME;
1138 		if (vap->va_vaflags & VA_UTIMES_NULL)
1139 			fsai->valid |= FATTR_MTIME_NOW;
1140 	} else if (fvdat->flag & FN_MTIMECHANGE) {
1141 		fsai->mtime = fvdat->cached_attrs.va_mtime.tv_sec;
1142 		fsai->mtimensec = fvdat->cached_attrs.va_mtime.tv_nsec;
1143 		fsai->valid |= FATTR_MTIME;
1144 	}
1145 	if (fuse_libabi_geq(data, 7, 23) && fvdat->flag & FN_CTIMECHANGE) {
1146 		fsai->ctime = fvdat->cached_attrs.va_ctime.tv_sec;
1147 		fsai->ctimensec = fvdat->cached_attrs.va_ctime.tv_nsec;
1148 		fsai->valid |= FATTR_CTIME;
1149 	}
1150 	if (vap->va_mode != (mode_t)VNOVAL) {
1151 		fsai->mode = vap->va_mode & ALLPERMS;
1152 		fsai->valid |= FATTR_MODE;
1153 	}
1154 	if (!fsai->valid) {
1155 		goto out;
1156 	}
1157 
1158 	if ((err = fdisp_wait_answ(&fdi)))
1159 		goto out;
1160 	vtyp = IFTOVT(((struct fuse_attr_out *)fdi.answ)->attr.mode);
1161 
1162 	if (vnode_vtype(vp) != vtyp) {
1163 		if (vnode_vtype(vp) == VNON && vtyp != VNON) {
1164 			SDT_PROBE2(fusefs, , internal, trace, 1, "FUSE: Dang! "
1165 				"vnode_vtype is VNON and vtype isn't.");
1166 		} else {
1167 			/*
1168 	                 * STALE vnode, ditch
1169 	                 *
1170 			 * The vnode has changed its type "behind our back".
1171 			 * There's nothing really we can do, so let us just
1172 			 * force an internal revocation and tell the caller to
1173 			 * try again, if interested.
1174 	                 */
1175 			fuse_internal_vnode_disappear(vp);
1176 			err = EAGAIN;
1177 		}
1178 	}
1179 	if (err == 0) {
1180 		struct fuse_attr_out *fao = (struct fuse_attr_out*)fdi.answ;
1181 		fuse_vnode_undirty_cached_timestamps(vp);
1182 		fuse_internal_cache_attrs(vp, &fao->attr, fao->attr_valid,
1183 			fao->attr_valid_nsec, NULL);
1184 	}
1185 
1186 out:
1187 	fdisp_destroy(&fdi);
1188 	return err;
1189 }
1190 
1191 #ifdef ZERO_PAD_INCOMPLETE_BUFS
1192 static int
1193 isbzero(void *buf, size_t len)
1194 {
1195 	int i;
1196 
1197 	for (i = 0; i < len; i++) {
1198 		if (((char *)buf)[i])
1199 			return (0);
1200 	}
1201 
1202 	return (1);
1203 }
1204 
1205 #endif
1206 
1207 void
1208 fuse_internal_init(void)
1209 {
1210 	fuse_lookup_cache_misses = counter_u64_alloc(M_WAITOK);
1211 	fuse_lookup_cache_hits = counter_u64_alloc(M_WAITOK);
1212 }
1213 
1214 void
1215 fuse_internal_destroy(void)
1216 {
1217 	counter_u64_free(fuse_lookup_cache_hits);
1218 	counter_u64_free(fuse_lookup_cache_misses);
1219 }
1220