1 /*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2007-2009 Google Inc. and Amit Singh 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions are 9 * met: 10 * 11 * * Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * * Redistributions in binary form must reproduce the above 14 * copyright notice, this list of conditions and the following disclaimer 15 * in the documentation and/or other materials provided with the 16 * distribution. 17 * * Neither the name of Google Inc. nor the names of its 18 * contributors may be used to endorse or promote products derived from 19 * this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * 33 * Copyright (C) 2005 Csaba Henk. 34 * All rights reserved. 35 * 36 * Copyright (c) 2019 The FreeBSD Foundation 37 * 38 * Portions of this software were developed by BFF Storage Systems, LLC under 39 * sponsorship from the FreeBSD Foundation. 40 * 41 * Redistribution and use in source and binary forms, with or without 42 * modification, are permitted provided that the following conditions 43 * are met: 44 * 1. Redistributions of source code must retain the above copyright 45 * notice, this list of conditions and the following disclaimer. 46 * 2. Redistributions in binary form must reproduce the above copyright 47 * notice, this list of conditions and the following disclaimer in the 48 * documentation and/or other materials provided with the distribution. 49 * 50 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND 51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60 * SUCH DAMAGE. 61 */ 62 63 #include <sys/types.h> 64 #include <sys/systm.h> 65 #include <sys/counter.h> 66 #include <sys/module.h> 67 #include <sys/errno.h> 68 #include <sys/param.h> 69 #include <sys/kernel.h> 70 #include <sys/conf.h> 71 #include <sys/uio.h> 72 #include <sys/malloc.h> 73 #include <sys/queue.h> 74 #include <sys/lock.h> 75 #include <sys/sx.h> 76 #include <sys/mutex.h> 77 #include <sys/proc.h> 78 #include <sys/vnode.h> 79 #include <sys/namei.h> 80 #include <sys/mount.h> 81 #include <sys/sysctl.h> 82 #include <sys/fcntl.h> 83 #include <sys/priv.h> 84 #include <sys/buf.h> 85 #include <security/mac/mac_framework.h> 86 #include <vm/vm.h> 87 #include <vm/vm_extern.h> 88 89 #include "fuse.h" 90 #include "fuse_node.h" 91 #include "fuse_internal.h" 92 #include "fuse_io.h" 93 #include "fuse_ipc.h" 94 95 SDT_PROVIDER_DECLARE(fusefs); 96 /* 97 * Fuse trace probe: 98 * arg0: verbosity. Higher numbers give more verbose messages 99 * arg1: Textual message 100 */ 101 SDT_PROBE_DEFINE2(fusefs, , node, trace, "int", "char*"); 102 103 MALLOC_DEFINE(M_FUSEVN, "fuse_vnode", "fuse vnode private data"); 104 105 static int sysctl_fuse_cache_mode(SYSCTL_HANDLER_ARGS); 106 107 static counter_u64_t fuse_node_count; 108 109 SYSCTL_COUNTER_U64(_vfs_fusefs_stats, OID_AUTO, node_count, CTLFLAG_RD, 110 &fuse_node_count, "Count of FUSE vnodes"); 111 112 int fuse_data_cache_mode = FUSE_CACHE_WT; 113 114 /* 115 * OBSOLETE 116 * This sysctl is no longer needed as of fuse protocol 7.23. Now, individual 117 * servers can select the cache behavior they need for each mountpoint: 118 * - writethrough: the default 119 * - writeback: set FUSE_WRITEBACK_CACHE in fuse_init_out.flags 120 * - uncached: set FOPEN_DIRECT_IO for every file 121 * The sysctl is retained primarily due to the enduring popularity of libfuse2, 122 * which is frozen at protocol version 7.19. As of 4-April-2024, 90% of 123 * FreeBSD ports that use libfuse still bind to libfuse2. 124 */ 125 SYSCTL_PROC(_vfs_fusefs, OID_AUTO, data_cache_mode, 126 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RW, 127 &fuse_data_cache_mode, 0, sysctl_fuse_cache_mode, "I", 128 "Zero: disable caching of FUSE file data; One: write-through caching " 129 "(default); Two: write-back caching (generally unsafe)"); 130 131 static int 132 sysctl_fuse_cache_mode(SYSCTL_HANDLER_ARGS) 133 { 134 int val, error; 135 136 val = *(int *)arg1; 137 error = sysctl_handle_int(oidp, &val, 0, req); 138 if (error || !req->newptr) 139 return (error); 140 141 switch (val) { 142 case FUSE_CACHE_UC: 143 case FUSE_CACHE_WT: 144 case FUSE_CACHE_WB: 145 *(int *)arg1 = val; 146 break; 147 default: 148 return (EDOM); 149 } 150 return (0); 151 } 152 153 static void 154 fuse_vnode_init(struct vnode *vp, struct fuse_vnode_data *fvdat, 155 uint64_t nodeid, __enum_uint8(vtype) vtyp) 156 { 157 fvdat->nid = nodeid; 158 LIST_INIT(&fvdat->handles); 159 160 vattr_null(&fvdat->cached_attrs); 161 fvdat->cached_attrs.va_birthtime.tv_sec = -1; 162 fvdat->cached_attrs.va_birthtime.tv_nsec = 0; 163 fvdat->cached_attrs.va_fsid = VNOVAL; 164 fvdat->cached_attrs.va_gen = 0; 165 fvdat->cached_attrs.va_rdev = NODEV; 166 167 if (nodeid == FUSE_ROOT_ID) { 168 vp->v_vflag |= VV_ROOT; 169 } 170 vp->v_type = vtyp; 171 vp->v_data = fvdat; 172 cluster_init_vn(&fvdat->clusterw); 173 timespecclear(&fvdat->last_local_modify); 174 175 counter_u64_add(fuse_node_count, 1); 176 } 177 178 void 179 fuse_vnode_destroy(struct vnode *vp) 180 { 181 struct fuse_vnode_data *fvdat = vp->v_data; 182 183 vp->v_data = NULL; 184 KASSERT(LIST_EMPTY(&fvdat->handles), 185 ("Destroying fuse vnode with open files!")); 186 free(fvdat, M_FUSEVN); 187 188 counter_u64_add(fuse_node_count, -1); 189 } 190 191 int 192 fuse_vnode_cmp(struct vnode *vp, void *nidp) 193 { 194 return (VTOI(vp) != *((uint64_t *)nidp)); 195 } 196 197 SDT_PROBE_DEFINE3(fusefs, , node, stale_vnode, "struct vnode*", "uint8_t", 198 "uint64_t"); 199 static int 200 fuse_vnode_alloc(struct mount *mp, 201 struct thread *td, 202 uint64_t nodeid, 203 __enum_uint8(vtype) vtyp, 204 struct vnode **vpp) 205 { 206 struct fuse_data *data; 207 struct fuse_vnode_data *fvdat; 208 struct vnode *vp2; 209 int err = 0; 210 211 data = fuse_get_mpdata(mp); 212 if (vtyp == VNON) { 213 return EINVAL; 214 } 215 *vpp = NULL; 216 err = vfs_hash_get(mp, fuse_vnode_hash(nodeid), LK_EXCLUSIVE, td, vpp, 217 fuse_vnode_cmp, &nodeid); 218 if (err) 219 return (err); 220 221 if (*vpp) { 222 if ((*vpp)->v_type == vtyp) { 223 /* Reuse a vnode that hasn't yet been reclaimed */ 224 MPASS((*vpp)->v_data != NULL); 225 MPASS(VTOFUD(*vpp)->nid == nodeid); 226 SDT_PROBE2(fusefs, , node, trace, 1, 227 "vnode taken from hash"); 228 return (0); 229 } else { 230 /* 231 * The inode changed types! If we get here, we can't 232 * tell whether the inode's entry cache had expired 233 * yet. So this could be the result of a buggy server, 234 * but more likely the server just reused an inode 235 * number following an entry cache expiration. 236 */ 237 SDT_PROBE3(fusefs, , node, stale_vnode, *vpp, vtyp, 238 nodeid); 239 fuse_internal_vnode_disappear(*vpp); 240 vgone(*vpp); 241 lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL); 242 } 243 } 244 fvdat = malloc(sizeof(*fvdat), M_FUSEVN, M_WAITOK | M_ZERO); 245 switch (vtyp) { 246 case VFIFO: 247 err = getnewvnode("fuse", mp, &fuse_fifoops, vpp); 248 break; 249 default: 250 err = getnewvnode("fuse", mp, &fuse_vnops, vpp); 251 break; 252 } 253 if (err) { 254 free(fvdat, M_FUSEVN); 255 return (err); 256 } 257 lockmgr((*vpp)->v_vnlock, LK_EXCLUSIVE, NULL); 258 fuse_vnode_init(*vpp, fvdat, nodeid, vtyp); 259 err = insmntque(*vpp, mp); 260 ASSERT_VOP_ELOCKED(*vpp, "fuse_vnode_alloc"); 261 if (err) { 262 lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL); 263 free(fvdat, M_FUSEVN); 264 *vpp = NULL; 265 return (err); 266 } 267 /* Disallow async reads for fifos because UFS does. I don't know why */ 268 if (data->dataflags & FSESS_ASYNC_READ && vtyp != VFIFO) 269 VN_LOCK_ASHARE(*vpp); 270 271 vn_set_state(*vpp, VSTATE_CONSTRUCTED); 272 err = vfs_hash_insert(*vpp, fuse_vnode_hash(nodeid), LK_EXCLUSIVE, 273 td, &vp2, fuse_vnode_cmp, &nodeid); 274 if (err) { 275 lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL); 276 free(fvdat, M_FUSEVN); 277 *vpp = NULL; 278 return (err); 279 } 280 if (vp2 != NULL) { 281 *vpp = vp2; 282 return (0); 283 } 284 285 ASSERT_VOP_ELOCKED(*vpp, "fuse_vnode_alloc"); 286 287 return (0); 288 } 289 290 int 291 fuse_vnode_get(struct mount *mp, 292 struct fuse_entry_out *feo, 293 uint64_t nodeid, 294 struct vnode *dvp, 295 struct vnode **vpp, 296 struct componentname *cnp, 297 __enum_uint8(vtype) vtyp) 298 { 299 struct thread *td = curthread; 300 bool exportable = fuse_get_mpdata(mp)->dataflags & FSESS_EXPORT_SUPPORT; 301 302 /* 303 * feo should only be NULL for the root directory, which (when libfuse 304 * is used) always has generation 0 305 */ 306 uint64_t generation = feo ? feo->generation : 0; 307 int err = 0; 308 309 if (dvp != NULL && VTOFUD(dvp)->nid == nodeid) { 310 fuse_warn(fuse_get_mpdata(mp), FSESS_WARN_ILLEGAL_INODE, 311 "Assigned same inode to both parent and child."); 312 return EIO; 313 } 314 if (feo && feo->nodeid != feo->attr.ino && exportable) { 315 /* 316 * NFS servers (both kernelspace and userspace) rely on 317 * VFS_VGET to lookup inodes. But that's only possible if the 318 * file's inode number matches its nodeid, which isn't 319 * necessarily the case for FUSE. If they don't match, then we 320 * can complete the current operation, but future VFS_VGET 321 * operations will almost certainly return spurious results. 322 * Warn the operator. 323 * 324 * But only warn the operator if the file system reports 325 * NFS-compatibility, because that's the only time that this 326 * matters, and dumb fuse servers abound. 327 */ 328 fuse_warn(fuse_get_mpdata(mp), FSESS_WARN_INODE_MISMATCH, 329 "file has different inode number and nodeid."); 330 } 331 332 err = fuse_vnode_alloc(mp, td, nodeid, vtyp, vpp); 333 if (err) { 334 return err; 335 } 336 if (dvp != NULL) { 337 MPASS(cnp && (cnp->cn_flags & ISDOTDOT) == 0); 338 MPASS(cnp && 339 !(cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.')); 340 fuse_vnode_setparent(*vpp, dvp); 341 } 342 if (dvp != NULL && cnp != NULL && (cnp->cn_flags & MAKEENTRY) != 0 && 343 feo != NULL && 344 (feo->entry_valid != 0 || feo->entry_valid_nsec != 0)) { 345 struct timespec timeout; 346 347 ASSERT_VOP_LOCKED(*vpp, "fuse_vnode_get"); 348 ASSERT_VOP_LOCKED(dvp, "fuse_vnode_get"); 349 350 fuse_validity_2_timespec(feo, &timeout); 351 cache_enter_time(dvp, *vpp, cnp, &timeout, NULL); 352 } 353 354 VTOFUD(*vpp)->generation = generation; 355 /* 356 * In userland, libfuse uses cached lookups for dot and dotdot entries, 357 * thus it does not really bump the nlookup counter for forget. 358 * Follow the same semantic and avoid the bump in order to keep 359 * nlookup counters consistent. 360 */ 361 if (cnp == NULL || ((cnp->cn_flags & ISDOTDOT) == 0 && 362 (cnp->cn_namelen != 1 || cnp->cn_nameptr[0] != '.'))) 363 VTOFUD(*vpp)->nlookup++; 364 365 return 0; 366 } 367 368 /* 369 * Called for every fusefs vnode open to initialize the vnode (not 370 * fuse_filehandle) for use 371 */ 372 void 373 fuse_vnode_open(struct vnode *vp, int32_t fuse_open_flags, struct thread *td) 374 { 375 if (vnode_vtype(vp) == VREG) 376 vnode_create_vobject(vp, VNODE_NO_SIZE, td); 377 } 378 379 int 380 fuse_vnode_savesize(struct vnode *vp, struct ucred *cred, pid_t pid) 381 { 382 struct fuse_vnode_data *fvdat = VTOFUD(vp); 383 struct thread *td = curthread; 384 struct fuse_filehandle *fufh = NULL; 385 struct fuse_dispatcher fdi; 386 struct fuse_setattr_in *fsai; 387 int err = 0; 388 389 ASSERT_VOP_ELOCKED(vp, "fuse_io_extend"); 390 391 if (fuse_isdeadfs(vp)) { 392 return EBADF; 393 } 394 if (vnode_vtype(vp) == VDIR) { 395 return EISDIR; 396 } 397 if (vfs_isrdonly(vnode_mount(vp))) { 398 return EROFS; 399 } 400 if (cred == NULL) { 401 cred = td->td_ucred; 402 } 403 fdisp_init(&fdi, sizeof(*fsai)); 404 fdisp_make_vp(&fdi, FUSE_SETATTR, vp, td, cred); 405 fsai = fdi.indata; 406 fsai->valid = 0; 407 408 /* Truncate to a new value. */ 409 MPASS((fvdat->flag & FN_SIZECHANGE) != 0); 410 fsai->size = fvdat->cached_attrs.va_size; 411 fsai->valid |= FATTR_SIZE; 412 413 fuse_filehandle_getrw(vp, FWRITE, &fufh, cred, pid); 414 if (fufh) { 415 fsai->fh = fufh->fh_id; 416 fsai->valid |= FATTR_FH; 417 } 418 err = fdisp_wait_answ(&fdi); 419 fdisp_destroy(&fdi); 420 if (err == 0) { 421 getnanouptime(&fvdat->last_local_modify); 422 fvdat->flag &= ~FN_SIZECHANGE; 423 } 424 425 return err; 426 } 427 428 /* 429 * Adjust the vnode's size to a new value. 430 * 431 * If the new value came from the server, such as from a FUSE_GETATTR 432 * operation, set `from_server` true. But if it came from a local operation, 433 * such as write(2) or truncate(2), set `from_server` false. 434 */ 435 int 436 fuse_vnode_setsize(struct vnode *vp, off_t newsize, bool from_server) 437 { 438 struct fuse_vnode_data *fvdat = VTOFUD(vp); 439 struct vattr *attrs; 440 off_t oldsize; 441 size_t iosize; 442 struct buf *bp = NULL; 443 int err = 0; 444 445 ASSERT_VOP_ELOCKED(vp, "fuse_vnode_setsize"); 446 447 iosize = fuse_iosize(vp); 448 oldsize = fvdat->cached_attrs.va_size; 449 fvdat->cached_attrs.va_size = newsize; 450 if ((attrs = VTOVA(vp)) != NULL) 451 attrs->va_size = newsize; 452 453 if (newsize < oldsize) { 454 daddr_t lbn; 455 456 err = vtruncbuf(vp, newsize, fuse_iosize(vp)); 457 if (err) 458 goto out; 459 if (newsize % iosize == 0) 460 goto out; 461 /* 462 * Zero the contents of the last partial block. 463 * Sure seems like vtruncbuf should do this for us. 464 */ 465 466 lbn = newsize / iosize; 467 bp = getblk(vp, lbn, iosize, PCATCH, 0, 0); 468 if (!bp) { 469 err = EINTR; 470 goto out; 471 } 472 if (!(bp->b_flags & B_CACHE)) 473 goto out; /* Nothing to do */ 474 MPASS(bp->b_flags & B_VMIO); 475 vfs_bio_clrbuf(bp); 476 bp->b_dirtyend = MIN(bp->b_dirtyend, newsize - lbn * iosize); 477 } else if (from_server && newsize > oldsize && oldsize != VNOVAL) { 478 /* 479 * The FUSE server changed the file size behind our back. We 480 * should invalidate the entire cache. 481 */ 482 daddr_t end_lbn; 483 484 end_lbn = howmany(newsize, iosize); 485 v_inval_buf_range(vp, 0, end_lbn, iosize); 486 } 487 out: 488 if (bp) 489 brelse(bp); 490 vnode_pager_setsize(vp, newsize); 491 return err; 492 } 493 494 /* Get the current, possibly dirty, size of the file */ 495 int 496 fuse_vnode_size(struct vnode *vp, off_t *filesize, struct ucred *cred, 497 struct thread *td) 498 { 499 struct fuse_vnode_data *fvdat = VTOFUD(vp); 500 int error = 0; 501 502 if (!(fvdat->flag & FN_SIZECHANGE) && 503 (!fuse_vnode_attr_cache_valid(vp) || 504 fvdat->cached_attrs.va_size == VNOVAL)) 505 error = fuse_internal_do_getattr(vp, NULL, cred, td); 506 507 if (!error) 508 *filesize = fvdat->cached_attrs.va_size; 509 510 return error; 511 } 512 513 void 514 fuse_vnode_undirty_cached_timestamps(struct vnode *vp, bool atime) 515 { 516 struct fuse_vnode_data *fvdat = VTOFUD(vp); 517 518 fvdat->flag &= ~(FN_MTIMECHANGE | FN_CTIMECHANGE); 519 if (atime) 520 fvdat->flag &= ~FN_ATIMECHANGE; 521 } 522 523 /* Update a fuse file's cached timestamps */ 524 void 525 fuse_vnode_update(struct vnode *vp, int flags) 526 { 527 struct fuse_vnode_data *fvdat = VTOFUD(vp); 528 struct mount *mp = vnode_mount(vp); 529 struct fuse_data *data = fuse_get_mpdata(mp); 530 struct timespec ts; 531 532 vfs_timestamp(&ts); 533 534 if (data->time_gran > 1) 535 ts.tv_nsec = rounddown(ts.tv_nsec, data->time_gran); 536 537 if (mp->mnt_flag & MNT_NOATIME) 538 flags &= ~FN_ATIMECHANGE; 539 540 if (flags & FN_ATIMECHANGE) 541 fvdat->cached_attrs.va_atime = ts; 542 if (flags & FN_MTIMECHANGE) 543 fvdat->cached_attrs.va_mtime = ts; 544 if (flags & FN_CTIMECHANGE) 545 fvdat->cached_attrs.va_ctime = ts; 546 547 fvdat->flag |= flags; 548 } 549 550 void 551 fuse_node_init(void) 552 { 553 fuse_node_count = counter_u64_alloc(M_WAITOK); 554 } 555 556 void 557 fuse_node_destroy(void) 558 { 559 counter_u64_free(fuse_node_count); 560 } 561