xref: /freebsd/sys/fs/fuse/fuse_node.c (revision 4b15965daa99044daf184221b7c283bf7f2d7e66)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 2007-2009 Google Inc. and Amit Singh
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions are
9  * met:
10  *
11  * * Redistributions of source code must retain the above copyright
12  *   notice, this list of conditions and the following disclaimer.
13  * * Redistributions in binary form must reproduce the above
14  *   copyright notice, this list of conditions and the following disclaimer
15  *   in the documentation and/or other materials provided with the
16  *   distribution.
17  * * Neither the name of Google Inc. nor the names of its
18  *   contributors may be used to endorse or promote products derived from
19  *   this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32  *
33  * Copyright (C) 2005 Csaba Henk.
34  * All rights reserved.
35  *
36  * Copyright (c) 2019 The FreeBSD Foundation
37  *
38  * Portions of this software were developed by BFF Storage Systems, LLC under
39  * sponsorship from the FreeBSD Foundation.
40  *
41  * Redistribution and use in source and binary forms, with or without
42  * modification, are permitted provided that the following conditions
43  * are met:
44  * 1. Redistributions of source code must retain the above copyright
45  *    notice, this list of conditions and the following disclaimer.
46  * 2. Redistributions in binary form must reproduce the above copyright
47  *    notice, this list of conditions and the following disclaimer in the
48  *    documentation and/or other materials provided with the distribution.
49  *
50  * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
51  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53  * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
54  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60  * SUCH DAMAGE.
61  */
62 
63 #include <sys/types.h>
64 #include <sys/systm.h>
65 #include <sys/counter.h>
66 #include <sys/module.h>
67 #include <sys/errno.h>
68 #include <sys/param.h>
69 #include <sys/kernel.h>
70 #include <sys/conf.h>
71 #include <sys/uio.h>
72 #include <sys/malloc.h>
73 #include <sys/queue.h>
74 #include <sys/lock.h>
75 #include <sys/sx.h>
76 #include <sys/mutex.h>
77 #include <sys/proc.h>
78 #include <sys/vnode.h>
79 #include <sys/namei.h>
80 #include <sys/mount.h>
81 #include <sys/sysctl.h>
82 #include <sys/fcntl.h>
83 #include <sys/priv.h>
84 #include <sys/buf.h>
85 #include <security/mac/mac_framework.h>
86 #include <vm/vm.h>
87 #include <vm/vm_extern.h>
88 
89 #include "fuse.h"
90 #include "fuse_node.h"
91 #include "fuse_internal.h"
92 #include "fuse_io.h"
93 #include "fuse_ipc.h"
94 
95 SDT_PROVIDER_DECLARE(fusefs);
96 /*
97  * Fuse trace probe:
98  * arg0: verbosity.  Higher numbers give more verbose messages
99  * arg1: Textual message
100  */
101 SDT_PROBE_DEFINE2(fusefs, , node, trace, "int", "char*");
102 
103 MALLOC_DEFINE(M_FUSEVN, "fuse_vnode", "fuse vnode private data");
104 
105 static int sysctl_fuse_cache_mode(SYSCTL_HANDLER_ARGS);
106 
107 static counter_u64_t fuse_node_count;
108 
109 SYSCTL_COUNTER_U64(_vfs_fusefs_stats, OID_AUTO, node_count, CTLFLAG_RD,
110     &fuse_node_count, "Count of FUSE vnodes");
111 
112 int	fuse_data_cache_mode = FUSE_CACHE_WT;
113 
114 /*
115  * OBSOLETE
116  * This sysctl is no longer needed as of fuse protocol 7.23.  Now, individual
117  * servers can select the cache behavior they need for each mountpoint:
118  * - writethrough: the default
119  * - writeback: set FUSE_WRITEBACK_CACHE in fuse_init_out.flags
120  * - uncached: set FOPEN_DIRECT_IO for every file
121  * The sysctl is retained primarily due to the enduring popularity of libfuse2,
122  * which is frozen at protocol version 7.19.  As of 4-April-2024, 90% of
123  * FreeBSD ports that use libfuse still bind to libfuse2.
124  */
125 SYSCTL_PROC(_vfs_fusefs, OID_AUTO, data_cache_mode,
126     CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RW,
127     &fuse_data_cache_mode, 0, sysctl_fuse_cache_mode, "I",
128     "Zero: disable caching of FUSE file data; One: write-through caching "
129     "(default); Two: write-back caching (generally unsafe)");
130 
131 static int
132 sysctl_fuse_cache_mode(SYSCTL_HANDLER_ARGS)
133 {
134 	int val, error;
135 
136 	val = *(int *)arg1;
137 	error = sysctl_handle_int(oidp, &val, 0, req);
138 	if (error || !req->newptr)
139 		return (error);
140 
141 	switch (val) {
142 	case FUSE_CACHE_UC:
143 	case FUSE_CACHE_WT:
144 	case FUSE_CACHE_WB:
145 		*(int *)arg1 = val;
146 		break;
147 	default:
148 		return (EDOM);
149 	}
150 	return (0);
151 }
152 
153 static void
154 fuse_vnode_init(struct vnode *vp, struct fuse_vnode_data *fvdat,
155     uint64_t nodeid, __enum_uint8(vtype) vtyp)
156 {
157 	fvdat->nid = nodeid;
158 	LIST_INIT(&fvdat->handles);
159 
160 	vattr_null(&fvdat->cached_attrs);
161 	fvdat->cached_attrs.va_birthtime.tv_sec = -1;
162 	fvdat->cached_attrs.va_birthtime.tv_nsec = 0;
163 	fvdat->cached_attrs.va_fsid = VNOVAL;
164 	fvdat->cached_attrs.va_gen = 0;
165 	fvdat->cached_attrs.va_rdev = NODEV;
166 
167 	if (nodeid == FUSE_ROOT_ID) {
168 		vp->v_vflag |= VV_ROOT;
169 	}
170 	vp->v_type = vtyp;
171 	vp->v_data = fvdat;
172 	cluster_init_vn(&fvdat->clusterw);
173 	timespecclear(&fvdat->last_local_modify);
174 
175 	counter_u64_add(fuse_node_count, 1);
176 }
177 
178 void
179 fuse_vnode_destroy(struct vnode *vp)
180 {
181 	struct fuse_vnode_data *fvdat = vp->v_data;
182 
183 	vp->v_data = NULL;
184 	KASSERT(LIST_EMPTY(&fvdat->handles),
185 		("Destroying fuse vnode with open files!"));
186 	free(fvdat, M_FUSEVN);
187 
188 	counter_u64_add(fuse_node_count, -1);
189 }
190 
191 int
192 fuse_vnode_cmp(struct vnode *vp, void *nidp)
193 {
194 	return (VTOI(vp) != *((uint64_t *)nidp));
195 }
196 
197 SDT_PROBE_DEFINE3(fusefs, , node, stale_vnode, "struct vnode*", "uint8_t",
198 		"uint64_t");
199 static int
200 fuse_vnode_alloc(struct mount *mp,
201     struct thread *td,
202     uint64_t nodeid,
203     __enum_uint8(vtype) vtyp,
204     struct vnode **vpp)
205 {
206 	struct fuse_data *data;
207 	struct fuse_vnode_data *fvdat;
208 	struct vnode *vp2;
209 	int err = 0;
210 
211 	data = fuse_get_mpdata(mp);
212 	if (vtyp == VNON) {
213 		return EINVAL;
214 	}
215 	*vpp = NULL;
216 	err = vfs_hash_get(mp, fuse_vnode_hash(nodeid), LK_EXCLUSIVE, td, vpp,
217 	    fuse_vnode_cmp, &nodeid);
218 	if (err)
219 		return (err);
220 
221 	if (*vpp) {
222 		if ((*vpp)->v_type == vtyp) {
223 			/* Reuse a vnode that hasn't yet been reclaimed */
224 			MPASS((*vpp)->v_data != NULL);
225 			MPASS(VTOFUD(*vpp)->nid == nodeid);
226 			SDT_PROBE2(fusefs, , node, trace, 1,
227 				"vnode taken from hash");
228 			return (0);
229 		} else {
230 			/*
231 			 * The inode changed types!  If we get here, we can't
232 			 * tell whether the inode's entry cache had expired
233 			 * yet.  So this could be the result of a buggy server,
234 			 * but more likely the server just reused an inode
235 			 * number following an entry cache expiration.
236 			 */
237 			SDT_PROBE3(fusefs, , node, stale_vnode, *vpp, vtyp,
238 				nodeid);
239 			fuse_internal_vnode_disappear(*vpp);
240 			vgone(*vpp);
241 			lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL);
242 		}
243 	}
244 	fvdat = malloc(sizeof(*fvdat), M_FUSEVN, M_WAITOK | M_ZERO);
245 	switch (vtyp) {
246 	case VFIFO:
247 		err = getnewvnode("fuse", mp, &fuse_fifoops, vpp);
248 		break;
249 	default:
250 		err = getnewvnode("fuse", mp, &fuse_vnops, vpp);
251 		break;
252 	}
253 	if (err) {
254 		free(fvdat, M_FUSEVN);
255 		return (err);
256 	}
257 	lockmgr((*vpp)->v_vnlock, LK_EXCLUSIVE, NULL);
258 	fuse_vnode_init(*vpp, fvdat, nodeid, vtyp);
259 	err = insmntque(*vpp, mp);
260 	ASSERT_VOP_ELOCKED(*vpp, "fuse_vnode_alloc");
261 	if (err) {
262 		lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL);
263 		free(fvdat, M_FUSEVN);
264 		*vpp = NULL;
265 		return (err);
266 	}
267 	/* Disallow async reads for fifos because UFS does.  I don't know why */
268 	if (data->dataflags & FSESS_ASYNC_READ && vtyp != VFIFO)
269 		VN_LOCK_ASHARE(*vpp);
270 
271 	vn_set_state(*vpp, VSTATE_CONSTRUCTED);
272 	err = vfs_hash_insert(*vpp, fuse_vnode_hash(nodeid), LK_EXCLUSIVE,
273 	    td, &vp2, fuse_vnode_cmp, &nodeid);
274 	if (err) {
275 		lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL);
276 		free(fvdat, M_FUSEVN);
277 		*vpp = NULL;
278 		return (err);
279 	}
280 	if (vp2 != NULL) {
281 		*vpp = vp2;
282 		return (0);
283 	}
284 
285 	ASSERT_VOP_ELOCKED(*vpp, "fuse_vnode_alloc");
286 
287 	return (0);
288 }
289 
290 int
291 fuse_vnode_get(struct mount *mp,
292     struct fuse_entry_out *feo,
293     uint64_t nodeid,
294     struct vnode *dvp,
295     struct vnode **vpp,
296     struct componentname *cnp,
297     __enum_uint8(vtype) vtyp)
298 {
299 	struct thread *td = curthread;
300 	bool exportable = fuse_get_mpdata(mp)->dataflags & FSESS_EXPORT_SUPPORT;
301 
302 	/*
303 	 * feo should only be NULL for the root directory, which (when libfuse
304 	 * is used) always has generation 0
305 	 */
306 	uint64_t generation = feo ? feo->generation : 0;
307 	int err = 0;
308 
309 	if (dvp != NULL && VTOFUD(dvp)->nid == nodeid) {
310 		fuse_warn(fuse_get_mpdata(mp), FSESS_WARN_ILLEGAL_INODE,
311 			"Assigned same inode to both parent and child.");
312 		return EIO;
313 	}
314 	if (feo && feo->nodeid != feo->attr.ino && exportable) {
315 		/*
316 		 * NFS servers (both kernelspace and userspace) rely on
317 		 * VFS_VGET to lookup inodes.  But that's only possible if the
318 		 * file's inode number matches its nodeid, which isn't
319 		 * necessarily the case for FUSE.  If they don't match, then we
320 		 * can complete the current operation, but future VFS_VGET
321 		 * operations will almost certainly return spurious results.
322 		 * Warn the operator.
323 		 *
324 		 * But only warn the operator if the file system reports
325 		 * NFS-compatibility, because that's the only time that this
326 		 * matters, and dumb fuse servers abound.
327 		 */
328 		fuse_warn(fuse_get_mpdata(mp), FSESS_WARN_INODE_MISMATCH,
329 		    "file has different inode number and nodeid.");
330 	}
331 
332 	err = fuse_vnode_alloc(mp, td, nodeid, vtyp, vpp);
333 	if (err) {
334 		return err;
335 	}
336 	if (dvp != NULL) {
337 		MPASS(cnp && (cnp->cn_flags & ISDOTDOT) == 0);
338 		MPASS(cnp &&
339 			!(cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.'));
340 		fuse_vnode_setparent(*vpp, dvp);
341 	}
342 	if (dvp != NULL && cnp != NULL && (cnp->cn_flags & MAKEENTRY) != 0 &&
343 	    feo != NULL &&
344 	    (feo->entry_valid != 0 || feo->entry_valid_nsec != 0)) {
345 		struct timespec timeout;
346 
347 		ASSERT_VOP_LOCKED(*vpp, "fuse_vnode_get");
348 		ASSERT_VOP_LOCKED(dvp, "fuse_vnode_get");
349 
350 		fuse_validity_2_timespec(feo, &timeout);
351 		cache_enter_time(dvp, *vpp, cnp, &timeout, NULL);
352 	}
353 
354 	VTOFUD(*vpp)->generation = generation;
355 	/*
356 	 * In userland, libfuse uses cached lookups for dot and dotdot entries,
357 	 * thus it does not really bump the nlookup counter for forget.
358 	 * Follow the same semantic and avoid the bump in order to keep
359 	 * nlookup counters consistent.
360 	 */
361 	if (cnp == NULL || ((cnp->cn_flags & ISDOTDOT) == 0 &&
362 	    (cnp->cn_namelen != 1 || cnp->cn_nameptr[0] != '.')))
363 		VTOFUD(*vpp)->nlookup++;
364 
365 	return 0;
366 }
367 
368 /*
369  * Called for every fusefs vnode open to initialize the vnode (not
370  * fuse_filehandle) for use
371  */
372 void
373 fuse_vnode_open(struct vnode *vp, int32_t fuse_open_flags, struct thread *td)
374 {
375 	if (vnode_vtype(vp) == VREG)
376 		vnode_create_vobject(vp, VNODE_NO_SIZE, td);
377 }
378 
379 int
380 fuse_vnode_savesize(struct vnode *vp, struct ucred *cred, pid_t pid)
381 {
382 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
383 	struct thread *td = curthread;
384 	struct fuse_filehandle *fufh = NULL;
385 	struct fuse_dispatcher fdi;
386 	struct fuse_setattr_in *fsai;
387 	int err = 0;
388 
389 	ASSERT_VOP_ELOCKED(vp, "fuse_io_extend");
390 
391 	if (fuse_isdeadfs(vp)) {
392 		return EBADF;
393 	}
394 	if (vnode_vtype(vp) == VDIR) {
395 		return EISDIR;
396 	}
397 	if (vfs_isrdonly(vnode_mount(vp))) {
398 		return EROFS;
399 	}
400 	if (cred == NULL) {
401 		cred = td->td_ucred;
402 	}
403 	fdisp_init(&fdi, sizeof(*fsai));
404 	fdisp_make_vp(&fdi, FUSE_SETATTR, vp, td, cred);
405 	fsai = fdi.indata;
406 	fsai->valid = 0;
407 
408 	/* Truncate to a new value. */
409 	MPASS((fvdat->flag & FN_SIZECHANGE) != 0);
410 	fsai->size = fvdat->cached_attrs.va_size;
411 	fsai->valid |= FATTR_SIZE;
412 
413 	fuse_filehandle_getrw(vp, FWRITE, &fufh, cred, pid);
414 	if (fufh) {
415 		fsai->fh = fufh->fh_id;
416 		fsai->valid |= FATTR_FH;
417 	}
418 	err = fdisp_wait_answ(&fdi);
419 	fdisp_destroy(&fdi);
420 	if (err == 0) {
421 		getnanouptime(&fvdat->last_local_modify);
422 		fvdat->flag &= ~FN_SIZECHANGE;
423 	}
424 
425 	return err;
426 }
427 
428 /*
429  * Adjust the vnode's size to a new value.
430  *
431  * If the new value came from the server, such as from a FUSE_GETATTR
432  * operation, set `from_server` true.  But if it came from a local operation,
433  * such as write(2) or truncate(2), set `from_server` false.
434  */
435 int
436 fuse_vnode_setsize(struct vnode *vp, off_t newsize, bool from_server)
437 {
438 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
439 	struct vattr *attrs;
440 	off_t oldsize;
441 	size_t iosize;
442 	struct buf *bp = NULL;
443 	int err = 0;
444 
445 	ASSERT_VOP_ELOCKED(vp, "fuse_vnode_setsize");
446 
447 	iosize = fuse_iosize(vp);
448 	oldsize = fvdat->cached_attrs.va_size;
449 	fvdat->cached_attrs.va_size = newsize;
450 	if ((attrs = VTOVA(vp)) != NULL)
451 		attrs->va_size = newsize;
452 
453 	if (newsize < oldsize) {
454 		daddr_t lbn;
455 
456 		err = vtruncbuf(vp, newsize, fuse_iosize(vp));
457 		if (err)
458 			goto out;
459 		if (newsize % iosize == 0)
460 			goto out;
461 		/*
462 		 * Zero the contents of the last partial block.
463 		 * Sure seems like vtruncbuf should do this for us.
464 		 */
465 
466 		lbn = newsize / iosize;
467 		bp = getblk(vp, lbn, iosize, PCATCH, 0, 0);
468 		if (!bp) {
469 			err = EINTR;
470 			goto out;
471 		}
472 		if (!(bp->b_flags & B_CACHE))
473 			goto out;	/* Nothing to do */
474 		MPASS(bp->b_flags & B_VMIO);
475 		vfs_bio_clrbuf(bp);
476 		bp->b_dirtyend = MIN(bp->b_dirtyend, newsize - lbn * iosize);
477 	} else if (from_server && newsize > oldsize && oldsize != VNOVAL) {
478 		/*
479 		 * The FUSE server changed the file size behind our back.  We
480 		 * should invalidate the entire cache.
481 		 */
482 		daddr_t end_lbn;
483 
484 		end_lbn = howmany(newsize, iosize);
485 		v_inval_buf_range(vp, 0, end_lbn, iosize);
486 	}
487 out:
488 	if (bp)
489 		brelse(bp);
490 	vnode_pager_setsize(vp, newsize);
491 	return err;
492 }
493 
494 /* Get the current, possibly dirty, size of the file */
495 int
496 fuse_vnode_size(struct vnode *vp, off_t *filesize, struct ucred *cred,
497 	struct thread *td)
498 {
499 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
500 	int error = 0;
501 
502 	if (!(fvdat->flag & FN_SIZECHANGE) &&
503 		(!fuse_vnode_attr_cache_valid(vp) ||
504 		  fvdat->cached_attrs.va_size == VNOVAL))
505 		error = fuse_internal_do_getattr(vp, NULL, cred, td);
506 
507 	if (!error)
508 		*filesize = fvdat->cached_attrs.va_size;
509 
510 	return error;
511 }
512 
513 void
514 fuse_vnode_undirty_cached_timestamps(struct vnode *vp, bool atime)
515 {
516 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
517 
518 	fvdat->flag &= ~(FN_MTIMECHANGE | FN_CTIMECHANGE);
519 	if (atime)
520 		fvdat->flag &= ~FN_ATIMECHANGE;
521 }
522 
523 /* Update a fuse file's cached timestamps */
524 void
525 fuse_vnode_update(struct vnode *vp, int flags)
526 {
527 	struct fuse_vnode_data *fvdat = VTOFUD(vp);
528 	struct mount *mp = vnode_mount(vp);
529 	struct fuse_data *data = fuse_get_mpdata(mp);
530 	struct timespec ts;
531 
532 	vfs_timestamp(&ts);
533 
534 	if (data->time_gran > 1)
535 		ts.tv_nsec = rounddown(ts.tv_nsec, data->time_gran);
536 
537 	if (mp->mnt_flag & MNT_NOATIME)
538 		flags &= ~FN_ATIMECHANGE;
539 
540 	if (flags & FN_ATIMECHANGE)
541 		fvdat->cached_attrs.va_atime = ts;
542 	if (flags & FN_MTIMECHANGE)
543 		fvdat->cached_attrs.va_mtime = ts;
544 	if (flags & FN_CTIMECHANGE)
545 		fvdat->cached_attrs.va_ctime = ts;
546 
547 	fvdat->flag |= flags;
548 }
549 
550 void
551 fuse_node_init(void)
552 {
553 	fuse_node_count = counter_u64_alloc(M_WAITOK);
554 }
555 
556 void
557 fuse_node_destroy(void)
558 {
559 	counter_u64_free(fuse_node_count);
560 }
561