xref: /linux/fs/fuse/dir.c (revision 60684c2bd35064043360e6f716d1b7c20e967b7d)
1 /*
2   FUSE: Filesystem in Userspace
3   Copyright (C) 2001-2008  Miklos Szeredi <miklos@szeredi.hu>
4 
5   This program can be distributed under the terms of the GNU GPL.
6   See the file COPYING.
7 */
8 
9 #include "fuse_i.h"
10 
11 #include <linux/pagemap.h>
12 #include <linux/file.h>
13 #include <linux/fs_context.h>
14 #include <linux/moduleparam.h>
15 #include <linux/sched.h>
16 #include <linux/namei.h>
17 #include <linux/slab.h>
18 #include <linux/xattr.h>
19 #include <linux/iversion.h>
20 #include <linux/posix_acl.h>
21 #include <linux/security.h>
22 #include <linux/types.h>
23 #include <linux/kernel.h>
24 
25 static bool __read_mostly allow_sys_admin_access;
26 module_param(allow_sys_admin_access, bool, 0644);
27 MODULE_PARM_DESC(allow_sys_admin_access,
28 		 "Allow users with CAP_SYS_ADMIN in initial userns to bypass allow_other access check");
29 
30 static void fuse_advise_use_readdirplus(struct inode *dir)
31 {
32 	struct fuse_inode *fi = get_fuse_inode(dir);
33 
34 	set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state);
35 }
36 
37 #if BITS_PER_LONG >= 64
38 static inline void __fuse_dentry_settime(struct dentry *entry, u64 time)
39 {
40 	entry->d_fsdata = (void *) time;
41 }
42 
43 static inline u64 fuse_dentry_time(const struct dentry *entry)
44 {
45 	return (u64)entry->d_fsdata;
46 }
47 
48 #else
49 union fuse_dentry {
50 	u64 time;
51 	struct rcu_head rcu;
52 };
53 
54 static inline void __fuse_dentry_settime(struct dentry *dentry, u64 time)
55 {
56 	((union fuse_dentry *) dentry->d_fsdata)->time = time;
57 }
58 
59 static inline u64 fuse_dentry_time(const struct dentry *entry)
60 {
61 	return ((union fuse_dentry *) entry->d_fsdata)->time;
62 }
63 #endif
64 
65 static void fuse_dentry_settime(struct dentry *dentry, u64 time)
66 {
67 	struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
68 	bool delete = !time && fc->delete_stale;
69 	/*
70 	 * Mess with DCACHE_OP_DELETE because dput() will be faster without it.
71 	 * Don't care about races, either way it's just an optimization
72 	 */
73 	if ((!delete && (dentry->d_flags & DCACHE_OP_DELETE)) ||
74 	    (delete && !(dentry->d_flags & DCACHE_OP_DELETE))) {
75 		spin_lock(&dentry->d_lock);
76 		if (!delete)
77 			dentry->d_flags &= ~DCACHE_OP_DELETE;
78 		else
79 			dentry->d_flags |= DCACHE_OP_DELETE;
80 		spin_unlock(&dentry->d_lock);
81 	}
82 
83 	__fuse_dentry_settime(dentry, time);
84 }
85 
86 /*
87  * FUSE caches dentries and attributes with separate timeout.  The
88  * time in jiffies until the dentry/attributes are valid is stored in
89  * dentry->d_fsdata and fuse_inode->i_time respectively.
90  */
91 
92 /*
93  * Calculate the time in jiffies until a dentry/attributes are valid
94  */
95 static u64 time_to_jiffies(u64 sec, u32 nsec)
96 {
97 	if (sec || nsec) {
98 		struct timespec64 ts = {
99 			sec,
100 			min_t(u32, nsec, NSEC_PER_SEC - 1)
101 		};
102 
103 		return get_jiffies_64() + timespec64_to_jiffies(&ts);
104 	} else
105 		return 0;
106 }
107 
108 /*
109  * Set dentry and possibly attribute timeouts from the lookup/mk*
110  * replies
111  */
112 void fuse_change_entry_timeout(struct dentry *entry, struct fuse_entry_out *o)
113 {
114 	fuse_dentry_settime(entry,
115 		time_to_jiffies(o->entry_valid, o->entry_valid_nsec));
116 }
117 
118 static u64 attr_timeout(struct fuse_attr_out *o)
119 {
120 	return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
121 }
122 
123 u64 entry_attr_timeout(struct fuse_entry_out *o)
124 {
125 	return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
126 }
127 
128 void fuse_invalidate_attr_mask(struct inode *inode, u32 mask)
129 {
130 	set_mask_bits(&get_fuse_inode(inode)->inval_mask, 0, mask);
131 }
132 
133 /*
134  * Mark the attributes as stale, so that at the next call to
135  * ->getattr() they will be fetched from userspace
136  */
137 void fuse_invalidate_attr(struct inode *inode)
138 {
139 	fuse_invalidate_attr_mask(inode, STATX_BASIC_STATS);
140 }
141 
142 static void fuse_dir_changed(struct inode *dir)
143 {
144 	fuse_invalidate_attr(dir);
145 	inode_maybe_inc_iversion(dir, false);
146 }
147 
148 /*
149  * Mark the attributes as stale due to an atime change.  Avoid the invalidate if
150  * atime is not used.
151  */
152 void fuse_invalidate_atime(struct inode *inode)
153 {
154 	if (!IS_RDONLY(inode))
155 		fuse_invalidate_attr_mask(inode, STATX_ATIME);
156 }
157 
158 /*
159  * Just mark the entry as stale, so that a next attempt to look it up
160  * will result in a new lookup call to userspace
161  *
162  * This is called when a dentry is about to become negative and the
163  * timeout is unknown (unlink, rmdir, rename and in some cases
164  * lookup)
165  */
166 void fuse_invalidate_entry_cache(struct dentry *entry)
167 {
168 	fuse_dentry_settime(entry, 0);
169 }
170 
171 /*
172  * Same as fuse_invalidate_entry_cache(), but also try to remove the
173  * dentry from the hash
174  */
175 static void fuse_invalidate_entry(struct dentry *entry)
176 {
177 	d_invalidate(entry);
178 	fuse_invalidate_entry_cache(entry);
179 }
180 
181 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args,
182 			     u64 nodeid, const struct qstr *name,
183 			     struct fuse_entry_out *outarg)
184 {
185 	memset(outarg, 0, sizeof(struct fuse_entry_out));
186 	args->opcode = FUSE_LOOKUP;
187 	args->nodeid = nodeid;
188 	args->in_numargs = 1;
189 	args->in_args[0].size = name->len + 1;
190 	args->in_args[0].value = name->name;
191 	args->out_numargs = 1;
192 	args->out_args[0].size = sizeof(struct fuse_entry_out);
193 	args->out_args[0].value = outarg;
194 }
195 
196 /*
197  * Check whether the dentry is still valid
198  *
199  * If the entry validity timeout has expired and the dentry is
200  * positive, try to redo the lookup.  If the lookup results in a
201  * different inode, then let the VFS invalidate the dentry and redo
202  * the lookup once more.  If the lookup results in the same inode,
203  * then refresh the attributes, timeouts and mark the dentry valid.
204  */
205 static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags)
206 {
207 	struct inode *inode;
208 	struct dentry *parent;
209 	struct fuse_mount *fm;
210 	struct fuse_inode *fi;
211 	int ret;
212 
213 	inode = d_inode_rcu(entry);
214 	if (inode && fuse_is_bad(inode))
215 		goto invalid;
216 	else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||
217 		 (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) {
218 		struct fuse_entry_out outarg;
219 		FUSE_ARGS(args);
220 		struct fuse_forget_link *forget;
221 		u64 attr_version;
222 
223 		/* For negative dentries, always do a fresh lookup */
224 		if (!inode)
225 			goto invalid;
226 
227 		ret = -ECHILD;
228 		if (flags & LOOKUP_RCU)
229 			goto out;
230 
231 		fm = get_fuse_mount(inode);
232 
233 		forget = fuse_alloc_forget();
234 		ret = -ENOMEM;
235 		if (!forget)
236 			goto out;
237 
238 		attr_version = fuse_get_attr_version(fm->fc);
239 
240 		parent = dget_parent(entry);
241 		fuse_lookup_init(fm->fc, &args, get_node_id(d_inode(parent)),
242 				 &entry->d_name, &outarg);
243 		ret = fuse_simple_request(fm, &args);
244 		dput(parent);
245 		/* Zero nodeid is same as -ENOENT */
246 		if (!ret && !outarg.nodeid)
247 			ret = -ENOENT;
248 		if (!ret) {
249 			fi = get_fuse_inode(inode);
250 			if (outarg.nodeid != get_node_id(inode) ||
251 			    (bool) IS_AUTOMOUNT(inode) != (bool) (outarg.attr.flags & FUSE_ATTR_SUBMOUNT)) {
252 				fuse_queue_forget(fm->fc, forget,
253 						  outarg.nodeid, 1);
254 				goto invalid;
255 			}
256 			spin_lock(&fi->lock);
257 			fi->nlookup++;
258 			spin_unlock(&fi->lock);
259 		}
260 		kfree(forget);
261 		if (ret == -ENOMEM)
262 			goto out;
263 		if (ret || fuse_invalid_attr(&outarg.attr) ||
264 		    fuse_stale_inode(inode, outarg.generation, &outarg.attr))
265 			goto invalid;
266 
267 		forget_all_cached_acls(inode);
268 		fuse_change_attributes(inode, &outarg.attr,
269 				       entry_attr_timeout(&outarg),
270 				       attr_version);
271 		fuse_change_entry_timeout(entry, &outarg);
272 	} else if (inode) {
273 		fi = get_fuse_inode(inode);
274 		if (flags & LOOKUP_RCU) {
275 			if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state))
276 				return -ECHILD;
277 		} else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) {
278 			parent = dget_parent(entry);
279 			fuse_advise_use_readdirplus(d_inode(parent));
280 			dput(parent);
281 		}
282 	}
283 	ret = 1;
284 out:
285 	return ret;
286 
287 invalid:
288 	ret = 0;
289 	goto out;
290 }
291 
292 #if BITS_PER_LONG < 64
293 static int fuse_dentry_init(struct dentry *dentry)
294 {
295 	dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry),
296 				   GFP_KERNEL_ACCOUNT | __GFP_RECLAIMABLE);
297 
298 	return dentry->d_fsdata ? 0 : -ENOMEM;
299 }
300 static void fuse_dentry_release(struct dentry *dentry)
301 {
302 	union fuse_dentry *fd = dentry->d_fsdata;
303 
304 	kfree_rcu(fd, rcu);
305 }
306 #endif
307 
308 static int fuse_dentry_delete(const struct dentry *dentry)
309 {
310 	return time_before64(fuse_dentry_time(dentry), get_jiffies_64());
311 }
312 
313 /*
314  * Create a fuse_mount object with a new superblock (with path->dentry
315  * as the root), and return that mount so it can be auto-mounted on
316  * @path.
317  */
318 static struct vfsmount *fuse_dentry_automount(struct path *path)
319 {
320 	struct fs_context *fsc;
321 	struct vfsmount *mnt;
322 	struct fuse_inode *mp_fi = get_fuse_inode(d_inode(path->dentry));
323 
324 	fsc = fs_context_for_submount(path->mnt->mnt_sb->s_type, path->dentry);
325 	if (IS_ERR(fsc))
326 		return ERR_CAST(fsc);
327 
328 	/* Pass the FUSE inode of the mount for fuse_get_tree_submount() */
329 	fsc->fs_private = mp_fi;
330 
331 	/* Create the submount */
332 	mnt = fc_mount(fsc);
333 	if (!IS_ERR(mnt))
334 		mntget(mnt);
335 
336 	put_fs_context(fsc);
337 	return mnt;
338 }
339 
340 const struct dentry_operations fuse_dentry_operations = {
341 	.d_revalidate	= fuse_dentry_revalidate,
342 	.d_delete	= fuse_dentry_delete,
343 #if BITS_PER_LONG < 64
344 	.d_init		= fuse_dentry_init,
345 	.d_release	= fuse_dentry_release,
346 #endif
347 	.d_automount	= fuse_dentry_automount,
348 };
349 
350 const struct dentry_operations fuse_root_dentry_operations = {
351 #if BITS_PER_LONG < 64
352 	.d_init		= fuse_dentry_init,
353 	.d_release	= fuse_dentry_release,
354 #endif
355 };
356 
357 int fuse_valid_type(int m)
358 {
359 	return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) ||
360 		S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m);
361 }
362 
363 bool fuse_invalid_attr(struct fuse_attr *attr)
364 {
365 	return !fuse_valid_type(attr->mode) ||
366 		attr->size > LLONG_MAX;
367 }
368 
369 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name,
370 		     struct fuse_entry_out *outarg, struct inode **inode)
371 {
372 	struct fuse_mount *fm = get_fuse_mount_super(sb);
373 	FUSE_ARGS(args);
374 	struct fuse_forget_link *forget;
375 	u64 attr_version;
376 	int err;
377 
378 	*inode = NULL;
379 	err = -ENAMETOOLONG;
380 	if (name->len > FUSE_NAME_MAX)
381 		goto out;
382 
383 
384 	forget = fuse_alloc_forget();
385 	err = -ENOMEM;
386 	if (!forget)
387 		goto out;
388 
389 	attr_version = fuse_get_attr_version(fm->fc);
390 
391 	fuse_lookup_init(fm->fc, &args, nodeid, name, outarg);
392 	err = fuse_simple_request(fm, &args);
393 	/* Zero nodeid is same as -ENOENT, but with valid timeout */
394 	if (err || !outarg->nodeid)
395 		goto out_put_forget;
396 
397 	err = -EIO;
398 	if (!outarg->nodeid)
399 		goto out_put_forget;
400 	if (fuse_invalid_attr(&outarg->attr))
401 		goto out_put_forget;
402 
403 	*inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
404 			   &outarg->attr, entry_attr_timeout(outarg),
405 			   attr_version);
406 	err = -ENOMEM;
407 	if (!*inode) {
408 		fuse_queue_forget(fm->fc, forget, outarg->nodeid, 1);
409 		goto out;
410 	}
411 	err = 0;
412 
413  out_put_forget:
414 	kfree(forget);
415  out:
416 	return err;
417 }
418 
419 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
420 				  unsigned int flags)
421 {
422 	int err;
423 	struct fuse_entry_out outarg;
424 	struct inode *inode;
425 	struct dentry *newent;
426 	bool outarg_valid = true;
427 	bool locked;
428 
429 	if (fuse_is_bad(dir))
430 		return ERR_PTR(-EIO);
431 
432 	locked = fuse_lock_inode(dir);
433 	err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name,
434 			       &outarg, &inode);
435 	fuse_unlock_inode(dir, locked);
436 	if (err == -ENOENT) {
437 		outarg_valid = false;
438 		err = 0;
439 	}
440 	if (err)
441 		goto out_err;
442 
443 	err = -EIO;
444 	if (inode && get_node_id(inode) == FUSE_ROOT_ID)
445 		goto out_iput;
446 
447 	newent = d_splice_alias(inode, entry);
448 	err = PTR_ERR(newent);
449 	if (IS_ERR(newent))
450 		goto out_err;
451 
452 	entry = newent ? newent : entry;
453 	if (outarg_valid)
454 		fuse_change_entry_timeout(entry, &outarg);
455 	else
456 		fuse_invalidate_entry_cache(entry);
457 
458 	if (inode)
459 		fuse_advise_use_readdirplus(dir);
460 	return newent;
461 
462  out_iput:
463 	iput(inode);
464  out_err:
465 	return ERR_PTR(err);
466 }
467 
468 static int get_security_context(struct dentry *entry, umode_t mode,
469 				struct fuse_in_arg *ext)
470 {
471 	struct fuse_secctx *fctx;
472 	struct fuse_secctx_header *header;
473 	void *ctx = NULL, *ptr;
474 	u32 ctxlen, total_len = sizeof(*header);
475 	int err, nr_ctx = 0;
476 	const char *name;
477 	size_t namelen;
478 
479 	err = security_dentry_init_security(entry, mode, &entry->d_name,
480 					    &name, &ctx, &ctxlen);
481 	if (err) {
482 		if (err != -EOPNOTSUPP)
483 			goto out_err;
484 		/* No LSM is supporting this security hook. Ignore error */
485 		ctxlen = 0;
486 		ctx = NULL;
487 	}
488 
489 	if (ctxlen) {
490 		nr_ctx = 1;
491 		namelen = strlen(name) + 1;
492 		err = -EIO;
493 		if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || ctxlen > S32_MAX))
494 			goto out_err;
495 		total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + ctxlen);
496 	}
497 
498 	err = -ENOMEM;
499 	header = ptr = kzalloc(total_len, GFP_KERNEL);
500 	if (!ptr)
501 		goto out_err;
502 
503 	header->nr_secctx = nr_ctx;
504 	header->size = total_len;
505 	ptr += sizeof(*header);
506 	if (nr_ctx) {
507 		fctx = ptr;
508 		fctx->size = ctxlen;
509 		ptr += sizeof(*fctx);
510 
511 		strcpy(ptr, name);
512 		ptr += namelen;
513 
514 		memcpy(ptr, ctx, ctxlen);
515 	}
516 	ext->size = total_len;
517 	ext->value = header;
518 	err = 0;
519 out_err:
520 	kfree(ctx);
521 	return err;
522 }
523 
524 static void *extend_arg(struct fuse_in_arg *buf, u32 bytes)
525 {
526 	void *p;
527 	u32 newlen = buf->size + bytes;
528 
529 	p = krealloc(buf->value, newlen, GFP_KERNEL);
530 	if (!p) {
531 		kfree(buf->value);
532 		buf->size = 0;
533 		buf->value = NULL;
534 		return NULL;
535 	}
536 
537 	memset(p + buf->size, 0, bytes);
538 	buf->value = p;
539 	buf->size = newlen;
540 
541 	return p + newlen - bytes;
542 }
543 
544 static u32 fuse_ext_size(size_t size)
545 {
546 	return FUSE_REC_ALIGN(sizeof(struct fuse_ext_header) + size);
547 }
548 
549 /*
550  * This adds just a single supplementary group that matches the parent's group.
551  */
552 static int get_create_supp_group(struct inode *dir, struct fuse_in_arg *ext)
553 {
554 	struct fuse_conn *fc = get_fuse_conn(dir);
555 	struct fuse_ext_header *xh;
556 	struct fuse_supp_groups *sg;
557 	kgid_t kgid = dir->i_gid;
558 	gid_t parent_gid = from_kgid(fc->user_ns, kgid);
559 	u32 sg_len = fuse_ext_size(sizeof(*sg) + sizeof(sg->groups[0]));
560 
561 	if (parent_gid == (gid_t) -1 || gid_eq(kgid, current_fsgid()) ||
562 	    !in_group_p(kgid))
563 		return 0;
564 
565 	xh = extend_arg(ext, sg_len);
566 	if (!xh)
567 		return -ENOMEM;
568 
569 	xh->size = sg_len;
570 	xh->type = FUSE_EXT_GROUPS;
571 
572 	sg = (struct fuse_supp_groups *) &xh[1];
573 	sg->nr_groups = 1;
574 	sg->groups[0] = parent_gid;
575 
576 	return 0;
577 }
578 
579 static int get_create_ext(struct fuse_args *args,
580 			  struct inode *dir, struct dentry *dentry,
581 			  umode_t mode)
582 {
583 	struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
584 	struct fuse_in_arg ext = { .size = 0, .value = NULL };
585 	int err = 0;
586 
587 	if (fc->init_security)
588 		err = get_security_context(dentry, mode, &ext);
589 	if (!err && fc->create_supp_group)
590 		err = get_create_supp_group(dir, &ext);
591 
592 	if (!err && ext.size) {
593 		WARN_ON(args->in_numargs >= ARRAY_SIZE(args->in_args));
594 		args->is_ext = true;
595 		args->ext_idx = args->in_numargs++;
596 		args->in_args[args->ext_idx] = ext;
597 	} else {
598 		kfree(ext.value);
599 	}
600 
601 	return err;
602 }
603 
604 static void free_ext_value(struct fuse_args *args)
605 {
606 	if (args->is_ext)
607 		kfree(args->in_args[args->ext_idx].value);
608 }
609 
610 /*
611  * Atomic create+open operation
612  *
613  * If the filesystem doesn't support this, then fall back to separate
614  * 'mknod' + 'open' requests.
615  */
616 static int fuse_create_open(struct inode *dir, struct dentry *entry,
617 			    struct file *file, unsigned int flags,
618 			    umode_t mode, u32 opcode)
619 {
620 	int err;
621 	struct inode *inode;
622 	struct fuse_mount *fm = get_fuse_mount(dir);
623 	FUSE_ARGS(args);
624 	struct fuse_forget_link *forget;
625 	struct fuse_create_in inarg;
626 	struct fuse_open_out outopen;
627 	struct fuse_entry_out outentry;
628 	struct fuse_inode *fi;
629 	struct fuse_file *ff;
630 	bool trunc = flags & O_TRUNC;
631 
632 	/* Userspace expects S_IFREG in create mode */
633 	BUG_ON((mode & S_IFMT) != S_IFREG);
634 
635 	forget = fuse_alloc_forget();
636 	err = -ENOMEM;
637 	if (!forget)
638 		goto out_err;
639 
640 	err = -ENOMEM;
641 	ff = fuse_file_alloc(fm);
642 	if (!ff)
643 		goto out_put_forget_req;
644 
645 	if (!fm->fc->dont_mask)
646 		mode &= ~current_umask();
647 
648 	flags &= ~O_NOCTTY;
649 	memset(&inarg, 0, sizeof(inarg));
650 	memset(&outentry, 0, sizeof(outentry));
651 	inarg.flags = flags;
652 	inarg.mode = mode;
653 	inarg.umask = current_umask();
654 
655 	if (fm->fc->handle_killpriv_v2 && trunc &&
656 	    !(flags & O_EXCL) && !capable(CAP_FSETID)) {
657 		inarg.open_flags |= FUSE_OPEN_KILL_SUIDGID;
658 	}
659 
660 	args.opcode = opcode;
661 	args.nodeid = get_node_id(dir);
662 	args.in_numargs = 2;
663 	args.in_args[0].size = sizeof(inarg);
664 	args.in_args[0].value = &inarg;
665 	args.in_args[1].size = entry->d_name.len + 1;
666 	args.in_args[1].value = entry->d_name.name;
667 	args.out_numargs = 2;
668 	args.out_args[0].size = sizeof(outentry);
669 	args.out_args[0].value = &outentry;
670 	args.out_args[1].size = sizeof(outopen);
671 	args.out_args[1].value = &outopen;
672 
673 	err = get_create_ext(&args, dir, entry, mode);
674 	if (err)
675 		goto out_put_forget_req;
676 
677 	err = fuse_simple_request(fm, &args);
678 	free_ext_value(&args);
679 	if (err)
680 		goto out_free_ff;
681 
682 	err = -EIO;
683 	if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid) ||
684 	    fuse_invalid_attr(&outentry.attr))
685 		goto out_free_ff;
686 
687 	ff->fh = outopen.fh;
688 	ff->nodeid = outentry.nodeid;
689 	ff->open_flags = outopen.open_flags;
690 	inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation,
691 			  &outentry.attr, entry_attr_timeout(&outentry), 0);
692 	if (!inode) {
693 		flags &= ~(O_CREAT | O_EXCL | O_TRUNC);
694 		fuse_sync_release(NULL, ff, flags);
695 		fuse_queue_forget(fm->fc, forget, outentry.nodeid, 1);
696 		err = -ENOMEM;
697 		goto out_err;
698 	}
699 	kfree(forget);
700 	d_instantiate(entry, inode);
701 	fuse_change_entry_timeout(entry, &outentry);
702 	fuse_dir_changed(dir);
703 	err = finish_open(file, entry, generic_file_open);
704 	if (err) {
705 		fi = get_fuse_inode(inode);
706 		fuse_sync_release(fi, ff, flags);
707 	} else {
708 		file->private_data = ff;
709 		fuse_finish_open(inode, file);
710 		if (fm->fc->atomic_o_trunc && trunc)
711 			truncate_pagecache(inode, 0);
712 		else if (!(ff->open_flags & FOPEN_KEEP_CACHE))
713 			invalidate_inode_pages2(inode->i_mapping);
714 	}
715 	return err;
716 
717 out_free_ff:
718 	fuse_file_free(ff);
719 out_put_forget_req:
720 	kfree(forget);
721 out_err:
722 	return err;
723 }
724 
725 static int fuse_mknod(struct mnt_idmap *, struct inode *, struct dentry *,
726 		      umode_t, dev_t);
727 static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
728 			    struct file *file, unsigned flags,
729 			    umode_t mode)
730 {
731 	int err;
732 	struct fuse_conn *fc = get_fuse_conn(dir);
733 	struct dentry *res = NULL;
734 
735 	if (fuse_is_bad(dir))
736 		return -EIO;
737 
738 	if (d_in_lookup(entry)) {
739 		res = fuse_lookup(dir, entry, 0);
740 		if (IS_ERR(res))
741 			return PTR_ERR(res);
742 
743 		if (res)
744 			entry = res;
745 	}
746 
747 	if (!(flags & O_CREAT) || d_really_is_positive(entry))
748 		goto no_open;
749 
750 	/* Only creates */
751 	file->f_mode |= FMODE_CREATED;
752 
753 	if (fc->no_create)
754 		goto mknod;
755 
756 	err = fuse_create_open(dir, entry, file, flags, mode, FUSE_CREATE);
757 	if (err == -ENOSYS) {
758 		fc->no_create = 1;
759 		goto mknod;
760 	}
761 out_dput:
762 	dput(res);
763 	return err;
764 
765 mknod:
766 	err = fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0);
767 	if (err)
768 		goto out_dput;
769 no_open:
770 	return finish_no_open(file, res);
771 }
772 
773 /*
774  * Code shared between mknod, mkdir, symlink and link
775  */
776 static int create_new_entry(struct fuse_mount *fm, struct fuse_args *args,
777 			    struct inode *dir, struct dentry *entry,
778 			    umode_t mode)
779 {
780 	struct fuse_entry_out outarg;
781 	struct inode *inode;
782 	struct dentry *d;
783 	int err;
784 	struct fuse_forget_link *forget;
785 
786 	if (fuse_is_bad(dir))
787 		return -EIO;
788 
789 	forget = fuse_alloc_forget();
790 	if (!forget)
791 		return -ENOMEM;
792 
793 	memset(&outarg, 0, sizeof(outarg));
794 	args->nodeid = get_node_id(dir);
795 	args->out_numargs = 1;
796 	args->out_args[0].size = sizeof(outarg);
797 	args->out_args[0].value = &outarg;
798 
799 	if (args->opcode != FUSE_LINK) {
800 		err = get_create_ext(args, dir, entry, mode);
801 		if (err)
802 			goto out_put_forget_req;
803 	}
804 
805 	err = fuse_simple_request(fm, args);
806 	free_ext_value(args);
807 	if (err)
808 		goto out_put_forget_req;
809 
810 	err = -EIO;
811 	if (invalid_nodeid(outarg.nodeid) || fuse_invalid_attr(&outarg.attr))
812 		goto out_put_forget_req;
813 
814 	if ((outarg.attr.mode ^ mode) & S_IFMT)
815 		goto out_put_forget_req;
816 
817 	inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation,
818 			  &outarg.attr, entry_attr_timeout(&outarg), 0);
819 	if (!inode) {
820 		fuse_queue_forget(fm->fc, forget, outarg.nodeid, 1);
821 		return -ENOMEM;
822 	}
823 	kfree(forget);
824 
825 	d_drop(entry);
826 	d = d_splice_alias(inode, entry);
827 	if (IS_ERR(d))
828 		return PTR_ERR(d);
829 
830 	if (d) {
831 		fuse_change_entry_timeout(d, &outarg);
832 		dput(d);
833 	} else {
834 		fuse_change_entry_timeout(entry, &outarg);
835 	}
836 	fuse_dir_changed(dir);
837 	return 0;
838 
839  out_put_forget_req:
840 	kfree(forget);
841 	return err;
842 }
843 
844 static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir,
845 		      struct dentry *entry, umode_t mode, dev_t rdev)
846 {
847 	struct fuse_mknod_in inarg;
848 	struct fuse_mount *fm = get_fuse_mount(dir);
849 	FUSE_ARGS(args);
850 
851 	if (!fm->fc->dont_mask)
852 		mode &= ~current_umask();
853 
854 	memset(&inarg, 0, sizeof(inarg));
855 	inarg.mode = mode;
856 	inarg.rdev = new_encode_dev(rdev);
857 	inarg.umask = current_umask();
858 	args.opcode = FUSE_MKNOD;
859 	args.in_numargs = 2;
860 	args.in_args[0].size = sizeof(inarg);
861 	args.in_args[0].value = &inarg;
862 	args.in_args[1].size = entry->d_name.len + 1;
863 	args.in_args[1].value = entry->d_name.name;
864 	return create_new_entry(fm, &args, dir, entry, mode);
865 }
866 
867 static int fuse_create(struct mnt_idmap *idmap, struct inode *dir,
868 		       struct dentry *entry, umode_t mode, bool excl)
869 {
870 	return fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0);
871 }
872 
873 static int fuse_tmpfile(struct mnt_idmap *idmap, struct inode *dir,
874 			struct file *file, umode_t mode)
875 {
876 	struct fuse_conn *fc = get_fuse_conn(dir);
877 	int err;
878 
879 	if (fc->no_tmpfile)
880 		return -EOPNOTSUPP;
881 
882 	err = fuse_create_open(dir, file->f_path.dentry, file, file->f_flags, mode, FUSE_TMPFILE);
883 	if (err == -ENOSYS) {
884 		fc->no_tmpfile = 1;
885 		err = -EOPNOTSUPP;
886 	}
887 	return err;
888 }
889 
890 static int fuse_mkdir(struct mnt_idmap *idmap, struct inode *dir,
891 		      struct dentry *entry, umode_t mode)
892 {
893 	struct fuse_mkdir_in inarg;
894 	struct fuse_mount *fm = get_fuse_mount(dir);
895 	FUSE_ARGS(args);
896 
897 	if (!fm->fc->dont_mask)
898 		mode &= ~current_umask();
899 
900 	memset(&inarg, 0, sizeof(inarg));
901 	inarg.mode = mode;
902 	inarg.umask = current_umask();
903 	args.opcode = FUSE_MKDIR;
904 	args.in_numargs = 2;
905 	args.in_args[0].size = sizeof(inarg);
906 	args.in_args[0].value = &inarg;
907 	args.in_args[1].size = entry->d_name.len + 1;
908 	args.in_args[1].value = entry->d_name.name;
909 	return create_new_entry(fm, &args, dir, entry, S_IFDIR);
910 }
911 
912 static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir,
913 			struct dentry *entry, const char *link)
914 {
915 	struct fuse_mount *fm = get_fuse_mount(dir);
916 	unsigned len = strlen(link) + 1;
917 	FUSE_ARGS(args);
918 
919 	args.opcode = FUSE_SYMLINK;
920 	args.in_numargs = 2;
921 	args.in_args[0].size = entry->d_name.len + 1;
922 	args.in_args[0].value = entry->d_name.name;
923 	args.in_args[1].size = len;
924 	args.in_args[1].value = link;
925 	return create_new_entry(fm, &args, dir, entry, S_IFLNK);
926 }
927 
928 void fuse_flush_time_update(struct inode *inode)
929 {
930 	int err = sync_inode_metadata(inode, 1);
931 
932 	mapping_set_error(inode->i_mapping, err);
933 }
934 
935 static void fuse_update_ctime_in_cache(struct inode *inode)
936 {
937 	if (!IS_NOCMTIME(inode)) {
938 		inode->i_ctime = current_time(inode);
939 		mark_inode_dirty_sync(inode);
940 		fuse_flush_time_update(inode);
941 	}
942 }
943 
944 void fuse_update_ctime(struct inode *inode)
945 {
946 	fuse_invalidate_attr_mask(inode, STATX_CTIME);
947 	fuse_update_ctime_in_cache(inode);
948 }
949 
950 static void fuse_entry_unlinked(struct dentry *entry)
951 {
952 	struct inode *inode = d_inode(entry);
953 	struct fuse_conn *fc = get_fuse_conn(inode);
954 	struct fuse_inode *fi = get_fuse_inode(inode);
955 
956 	spin_lock(&fi->lock);
957 	fi->attr_version = atomic64_inc_return(&fc->attr_version);
958 	/*
959 	 * If i_nlink == 0 then unlink doesn't make sense, yet this can
960 	 * happen if userspace filesystem is careless.  It would be
961 	 * difficult to enforce correct nlink usage so just ignore this
962 	 * condition here
963 	 */
964 	if (S_ISDIR(inode->i_mode))
965 		clear_nlink(inode);
966 	else if (inode->i_nlink > 0)
967 		drop_nlink(inode);
968 	spin_unlock(&fi->lock);
969 	fuse_invalidate_entry_cache(entry);
970 	fuse_update_ctime(inode);
971 }
972 
973 static int fuse_unlink(struct inode *dir, struct dentry *entry)
974 {
975 	int err;
976 	struct fuse_mount *fm = get_fuse_mount(dir);
977 	FUSE_ARGS(args);
978 
979 	if (fuse_is_bad(dir))
980 		return -EIO;
981 
982 	args.opcode = FUSE_UNLINK;
983 	args.nodeid = get_node_id(dir);
984 	args.in_numargs = 1;
985 	args.in_args[0].size = entry->d_name.len + 1;
986 	args.in_args[0].value = entry->d_name.name;
987 	err = fuse_simple_request(fm, &args);
988 	if (!err) {
989 		fuse_dir_changed(dir);
990 		fuse_entry_unlinked(entry);
991 	} else if (err == -EINTR)
992 		fuse_invalidate_entry(entry);
993 	return err;
994 }
995 
996 static int fuse_rmdir(struct inode *dir, struct dentry *entry)
997 {
998 	int err;
999 	struct fuse_mount *fm = get_fuse_mount(dir);
1000 	FUSE_ARGS(args);
1001 
1002 	if (fuse_is_bad(dir))
1003 		return -EIO;
1004 
1005 	args.opcode = FUSE_RMDIR;
1006 	args.nodeid = get_node_id(dir);
1007 	args.in_numargs = 1;
1008 	args.in_args[0].size = entry->d_name.len + 1;
1009 	args.in_args[0].value = entry->d_name.name;
1010 	err = fuse_simple_request(fm, &args);
1011 	if (!err) {
1012 		fuse_dir_changed(dir);
1013 		fuse_entry_unlinked(entry);
1014 	} else if (err == -EINTR)
1015 		fuse_invalidate_entry(entry);
1016 	return err;
1017 }
1018 
1019 static int fuse_rename_common(struct inode *olddir, struct dentry *oldent,
1020 			      struct inode *newdir, struct dentry *newent,
1021 			      unsigned int flags, int opcode, size_t argsize)
1022 {
1023 	int err;
1024 	struct fuse_rename2_in inarg;
1025 	struct fuse_mount *fm = get_fuse_mount(olddir);
1026 	FUSE_ARGS(args);
1027 
1028 	memset(&inarg, 0, argsize);
1029 	inarg.newdir = get_node_id(newdir);
1030 	inarg.flags = flags;
1031 	args.opcode = opcode;
1032 	args.nodeid = get_node_id(olddir);
1033 	args.in_numargs = 3;
1034 	args.in_args[0].size = argsize;
1035 	args.in_args[0].value = &inarg;
1036 	args.in_args[1].size = oldent->d_name.len + 1;
1037 	args.in_args[1].value = oldent->d_name.name;
1038 	args.in_args[2].size = newent->d_name.len + 1;
1039 	args.in_args[2].value = newent->d_name.name;
1040 	err = fuse_simple_request(fm, &args);
1041 	if (!err) {
1042 		/* ctime changes */
1043 		fuse_update_ctime(d_inode(oldent));
1044 
1045 		if (flags & RENAME_EXCHANGE)
1046 			fuse_update_ctime(d_inode(newent));
1047 
1048 		fuse_dir_changed(olddir);
1049 		if (olddir != newdir)
1050 			fuse_dir_changed(newdir);
1051 
1052 		/* newent will end up negative */
1053 		if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent))
1054 			fuse_entry_unlinked(newent);
1055 	} else if (err == -EINTR) {
1056 		/* If request was interrupted, DEITY only knows if the
1057 		   rename actually took place.  If the invalidation
1058 		   fails (e.g. some process has CWD under the renamed
1059 		   directory), then there can be inconsistency between
1060 		   the dcache and the real filesystem.  Tough luck. */
1061 		fuse_invalidate_entry(oldent);
1062 		if (d_really_is_positive(newent))
1063 			fuse_invalidate_entry(newent);
1064 	}
1065 
1066 	return err;
1067 }
1068 
1069 static int fuse_rename2(struct mnt_idmap *idmap, struct inode *olddir,
1070 			struct dentry *oldent, struct inode *newdir,
1071 			struct dentry *newent, unsigned int flags)
1072 {
1073 	struct fuse_conn *fc = get_fuse_conn(olddir);
1074 	int err;
1075 
1076 	if (fuse_is_bad(olddir))
1077 		return -EIO;
1078 
1079 	if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
1080 		return -EINVAL;
1081 
1082 	if (flags) {
1083 		if (fc->no_rename2 || fc->minor < 23)
1084 			return -EINVAL;
1085 
1086 		err = fuse_rename_common(olddir, oldent, newdir, newent, flags,
1087 					 FUSE_RENAME2,
1088 					 sizeof(struct fuse_rename2_in));
1089 		if (err == -ENOSYS) {
1090 			fc->no_rename2 = 1;
1091 			err = -EINVAL;
1092 		}
1093 	} else {
1094 		err = fuse_rename_common(olddir, oldent, newdir, newent, 0,
1095 					 FUSE_RENAME,
1096 					 sizeof(struct fuse_rename_in));
1097 	}
1098 
1099 	return err;
1100 }
1101 
1102 static int fuse_link(struct dentry *entry, struct inode *newdir,
1103 		     struct dentry *newent)
1104 {
1105 	int err;
1106 	struct fuse_link_in inarg;
1107 	struct inode *inode = d_inode(entry);
1108 	struct fuse_mount *fm = get_fuse_mount(inode);
1109 	FUSE_ARGS(args);
1110 
1111 	memset(&inarg, 0, sizeof(inarg));
1112 	inarg.oldnodeid = get_node_id(inode);
1113 	args.opcode = FUSE_LINK;
1114 	args.in_numargs = 2;
1115 	args.in_args[0].size = sizeof(inarg);
1116 	args.in_args[0].value = &inarg;
1117 	args.in_args[1].size = newent->d_name.len + 1;
1118 	args.in_args[1].value = newent->d_name.name;
1119 	err = create_new_entry(fm, &args, newdir, newent, inode->i_mode);
1120 	if (!err)
1121 		fuse_update_ctime_in_cache(inode);
1122 	else if (err == -EINTR)
1123 		fuse_invalidate_attr(inode);
1124 
1125 	return err;
1126 }
1127 
1128 static void fuse_fillattr(struct inode *inode, struct fuse_attr *attr,
1129 			  struct kstat *stat)
1130 {
1131 	unsigned int blkbits;
1132 	struct fuse_conn *fc = get_fuse_conn(inode);
1133 
1134 	stat->dev = inode->i_sb->s_dev;
1135 	stat->ino = attr->ino;
1136 	stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777);
1137 	stat->nlink = attr->nlink;
1138 	stat->uid = make_kuid(fc->user_ns, attr->uid);
1139 	stat->gid = make_kgid(fc->user_ns, attr->gid);
1140 	stat->rdev = inode->i_rdev;
1141 	stat->atime.tv_sec = attr->atime;
1142 	stat->atime.tv_nsec = attr->atimensec;
1143 	stat->mtime.tv_sec = attr->mtime;
1144 	stat->mtime.tv_nsec = attr->mtimensec;
1145 	stat->ctime.tv_sec = attr->ctime;
1146 	stat->ctime.tv_nsec = attr->ctimensec;
1147 	stat->size = attr->size;
1148 	stat->blocks = attr->blocks;
1149 
1150 	if (attr->blksize != 0)
1151 		blkbits = ilog2(attr->blksize);
1152 	else
1153 		blkbits = inode->i_sb->s_blocksize_bits;
1154 
1155 	stat->blksize = 1 << blkbits;
1156 }
1157 
1158 static int fuse_do_getattr(struct inode *inode, struct kstat *stat,
1159 			   struct file *file)
1160 {
1161 	int err;
1162 	struct fuse_getattr_in inarg;
1163 	struct fuse_attr_out outarg;
1164 	struct fuse_mount *fm = get_fuse_mount(inode);
1165 	FUSE_ARGS(args);
1166 	u64 attr_version;
1167 
1168 	attr_version = fuse_get_attr_version(fm->fc);
1169 
1170 	memset(&inarg, 0, sizeof(inarg));
1171 	memset(&outarg, 0, sizeof(outarg));
1172 	/* Directories have separate file-handle space */
1173 	if (file && S_ISREG(inode->i_mode)) {
1174 		struct fuse_file *ff = file->private_data;
1175 
1176 		inarg.getattr_flags |= FUSE_GETATTR_FH;
1177 		inarg.fh = ff->fh;
1178 	}
1179 	args.opcode = FUSE_GETATTR;
1180 	args.nodeid = get_node_id(inode);
1181 	args.in_numargs = 1;
1182 	args.in_args[0].size = sizeof(inarg);
1183 	args.in_args[0].value = &inarg;
1184 	args.out_numargs = 1;
1185 	args.out_args[0].size = sizeof(outarg);
1186 	args.out_args[0].value = &outarg;
1187 	err = fuse_simple_request(fm, &args);
1188 	if (!err) {
1189 		if (fuse_invalid_attr(&outarg.attr) ||
1190 		    inode_wrong_type(inode, outarg.attr.mode)) {
1191 			fuse_make_bad(inode);
1192 			err = -EIO;
1193 		} else {
1194 			fuse_change_attributes(inode, &outarg.attr,
1195 					       attr_timeout(&outarg),
1196 					       attr_version);
1197 			if (stat)
1198 				fuse_fillattr(inode, &outarg.attr, stat);
1199 		}
1200 	}
1201 	return err;
1202 }
1203 
1204 static int fuse_update_get_attr(struct inode *inode, struct file *file,
1205 				struct kstat *stat, u32 request_mask,
1206 				unsigned int flags)
1207 {
1208 	struct fuse_inode *fi = get_fuse_inode(inode);
1209 	int err = 0;
1210 	bool sync;
1211 	u32 inval_mask = READ_ONCE(fi->inval_mask);
1212 	u32 cache_mask = fuse_get_cache_mask(inode);
1213 
1214 	if (flags & AT_STATX_FORCE_SYNC)
1215 		sync = true;
1216 	else if (flags & AT_STATX_DONT_SYNC)
1217 		sync = false;
1218 	else if (request_mask & inval_mask & ~cache_mask)
1219 		sync = true;
1220 	else
1221 		sync = time_before64(fi->i_time, get_jiffies_64());
1222 
1223 	if (sync) {
1224 		forget_all_cached_acls(inode);
1225 		err = fuse_do_getattr(inode, stat, file);
1226 	} else if (stat) {
1227 		generic_fillattr(&nop_mnt_idmap, inode, stat);
1228 		stat->mode = fi->orig_i_mode;
1229 		stat->ino = fi->orig_ino;
1230 	}
1231 
1232 	return err;
1233 }
1234 
1235 int fuse_update_attributes(struct inode *inode, struct file *file, u32 mask)
1236 {
1237 	return fuse_update_get_attr(inode, file, NULL, mask, 0);
1238 }
1239 
1240 int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid,
1241 			     u64 child_nodeid, struct qstr *name, u32 flags)
1242 {
1243 	int err = -ENOTDIR;
1244 	struct inode *parent;
1245 	struct dentry *dir;
1246 	struct dentry *entry;
1247 
1248 	parent = fuse_ilookup(fc, parent_nodeid, NULL);
1249 	if (!parent)
1250 		return -ENOENT;
1251 
1252 	inode_lock_nested(parent, I_MUTEX_PARENT);
1253 	if (!S_ISDIR(parent->i_mode))
1254 		goto unlock;
1255 
1256 	err = -ENOENT;
1257 	dir = d_find_alias(parent);
1258 	if (!dir)
1259 		goto unlock;
1260 
1261 	name->hash = full_name_hash(dir, name->name, name->len);
1262 	entry = d_lookup(dir, name);
1263 	dput(dir);
1264 	if (!entry)
1265 		goto unlock;
1266 
1267 	fuse_dir_changed(parent);
1268 	if (!(flags & FUSE_EXPIRE_ONLY))
1269 		d_invalidate(entry);
1270 	fuse_invalidate_entry_cache(entry);
1271 
1272 	if (child_nodeid != 0 && d_really_is_positive(entry)) {
1273 		inode_lock(d_inode(entry));
1274 		if (get_node_id(d_inode(entry)) != child_nodeid) {
1275 			err = -ENOENT;
1276 			goto badentry;
1277 		}
1278 		if (d_mountpoint(entry)) {
1279 			err = -EBUSY;
1280 			goto badentry;
1281 		}
1282 		if (d_is_dir(entry)) {
1283 			shrink_dcache_parent(entry);
1284 			if (!simple_empty(entry)) {
1285 				err = -ENOTEMPTY;
1286 				goto badentry;
1287 			}
1288 			d_inode(entry)->i_flags |= S_DEAD;
1289 		}
1290 		dont_mount(entry);
1291 		clear_nlink(d_inode(entry));
1292 		err = 0;
1293  badentry:
1294 		inode_unlock(d_inode(entry));
1295 		if (!err)
1296 			d_delete(entry);
1297 	} else {
1298 		err = 0;
1299 	}
1300 	dput(entry);
1301 
1302  unlock:
1303 	inode_unlock(parent);
1304 	iput(parent);
1305 	return err;
1306 }
1307 
1308 static inline bool fuse_permissible_uidgid(struct fuse_conn *fc)
1309 {
1310 	const struct cred *cred = current_cred();
1311 
1312 	return (uid_eq(cred->euid, fc->user_id) &&
1313 		uid_eq(cred->suid, fc->user_id) &&
1314 		uid_eq(cred->uid,  fc->user_id) &&
1315 		gid_eq(cred->egid, fc->group_id) &&
1316 		gid_eq(cred->sgid, fc->group_id) &&
1317 		gid_eq(cred->gid,  fc->group_id));
1318 }
1319 
1320 /*
1321  * Calling into a user-controlled filesystem gives the filesystem
1322  * daemon ptrace-like capabilities over the current process.  This
1323  * means, that the filesystem daemon is able to record the exact
1324  * filesystem operations performed, and can also control the behavior
1325  * of the requester process in otherwise impossible ways.  For example
1326  * it can delay the operation for arbitrary length of time allowing
1327  * DoS against the requester.
1328  *
1329  * For this reason only those processes can call into the filesystem,
1330  * for which the owner of the mount has ptrace privilege.  This
1331  * excludes processes started by other users, suid or sgid processes.
1332  */
1333 bool fuse_allow_current_process(struct fuse_conn *fc)
1334 {
1335 	bool allow;
1336 
1337 	if (fc->allow_other)
1338 		allow = current_in_userns(fc->user_ns);
1339 	else
1340 		allow = fuse_permissible_uidgid(fc);
1341 
1342 	if (!allow && allow_sys_admin_access && capable(CAP_SYS_ADMIN))
1343 		allow = true;
1344 
1345 	return allow;
1346 }
1347 
1348 static int fuse_access(struct inode *inode, int mask)
1349 {
1350 	struct fuse_mount *fm = get_fuse_mount(inode);
1351 	FUSE_ARGS(args);
1352 	struct fuse_access_in inarg;
1353 	int err;
1354 
1355 	BUG_ON(mask & MAY_NOT_BLOCK);
1356 
1357 	if (fm->fc->no_access)
1358 		return 0;
1359 
1360 	memset(&inarg, 0, sizeof(inarg));
1361 	inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
1362 	args.opcode = FUSE_ACCESS;
1363 	args.nodeid = get_node_id(inode);
1364 	args.in_numargs = 1;
1365 	args.in_args[0].size = sizeof(inarg);
1366 	args.in_args[0].value = &inarg;
1367 	err = fuse_simple_request(fm, &args);
1368 	if (err == -ENOSYS) {
1369 		fm->fc->no_access = 1;
1370 		err = 0;
1371 	}
1372 	return err;
1373 }
1374 
1375 static int fuse_perm_getattr(struct inode *inode, int mask)
1376 {
1377 	if (mask & MAY_NOT_BLOCK)
1378 		return -ECHILD;
1379 
1380 	forget_all_cached_acls(inode);
1381 	return fuse_do_getattr(inode, NULL, NULL);
1382 }
1383 
1384 /*
1385  * Check permission.  The two basic access models of FUSE are:
1386  *
1387  * 1) Local access checking ('default_permissions' mount option) based
1388  * on file mode.  This is the plain old disk filesystem permission
1389  * modell.
1390  *
1391  * 2) "Remote" access checking, where server is responsible for
1392  * checking permission in each inode operation.  An exception to this
1393  * is if ->permission() was invoked from sys_access() in which case an
1394  * access request is sent.  Execute permission is still checked
1395  * locally based on file mode.
1396  */
1397 static int fuse_permission(struct mnt_idmap *idmap,
1398 			   struct inode *inode, int mask)
1399 {
1400 	struct fuse_conn *fc = get_fuse_conn(inode);
1401 	bool refreshed = false;
1402 	int err = 0;
1403 
1404 	if (fuse_is_bad(inode))
1405 		return -EIO;
1406 
1407 	if (!fuse_allow_current_process(fc))
1408 		return -EACCES;
1409 
1410 	/*
1411 	 * If attributes are needed, refresh them before proceeding
1412 	 */
1413 	if (fc->default_permissions ||
1414 	    ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
1415 		struct fuse_inode *fi = get_fuse_inode(inode);
1416 		u32 perm_mask = STATX_MODE | STATX_UID | STATX_GID;
1417 
1418 		if (perm_mask & READ_ONCE(fi->inval_mask) ||
1419 		    time_before64(fi->i_time, get_jiffies_64())) {
1420 			refreshed = true;
1421 
1422 			err = fuse_perm_getattr(inode, mask);
1423 			if (err)
1424 				return err;
1425 		}
1426 	}
1427 
1428 	if (fc->default_permissions) {
1429 		err = generic_permission(&nop_mnt_idmap, inode, mask);
1430 
1431 		/* If permission is denied, try to refresh file
1432 		   attributes.  This is also needed, because the root
1433 		   node will at first have no permissions */
1434 		if (err == -EACCES && !refreshed) {
1435 			err = fuse_perm_getattr(inode, mask);
1436 			if (!err)
1437 				err = generic_permission(&nop_mnt_idmap,
1438 							 inode, mask);
1439 		}
1440 
1441 		/* Note: the opposite of the above test does not
1442 		   exist.  So if permissions are revoked this won't be
1443 		   noticed immediately, only after the attribute
1444 		   timeout has expired */
1445 	} else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
1446 		err = fuse_access(inode, mask);
1447 	} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
1448 		if (!(inode->i_mode & S_IXUGO)) {
1449 			if (refreshed)
1450 				return -EACCES;
1451 
1452 			err = fuse_perm_getattr(inode, mask);
1453 			if (!err && !(inode->i_mode & S_IXUGO))
1454 				return -EACCES;
1455 		}
1456 	}
1457 	return err;
1458 }
1459 
1460 static int fuse_readlink_page(struct inode *inode, struct page *page)
1461 {
1462 	struct fuse_mount *fm = get_fuse_mount(inode);
1463 	struct fuse_page_desc desc = { .length = PAGE_SIZE - 1 };
1464 	struct fuse_args_pages ap = {
1465 		.num_pages = 1,
1466 		.pages = &page,
1467 		.descs = &desc,
1468 	};
1469 	char *link;
1470 	ssize_t res;
1471 
1472 	ap.args.opcode = FUSE_READLINK;
1473 	ap.args.nodeid = get_node_id(inode);
1474 	ap.args.out_pages = true;
1475 	ap.args.out_argvar = true;
1476 	ap.args.page_zeroing = true;
1477 	ap.args.out_numargs = 1;
1478 	ap.args.out_args[0].size = desc.length;
1479 	res = fuse_simple_request(fm, &ap.args);
1480 
1481 	fuse_invalidate_atime(inode);
1482 
1483 	if (res < 0)
1484 		return res;
1485 
1486 	if (WARN_ON(res >= PAGE_SIZE))
1487 		return -EIO;
1488 
1489 	link = page_address(page);
1490 	link[res] = '\0';
1491 
1492 	return 0;
1493 }
1494 
1495 static const char *fuse_get_link(struct dentry *dentry, struct inode *inode,
1496 				 struct delayed_call *callback)
1497 {
1498 	struct fuse_conn *fc = get_fuse_conn(inode);
1499 	struct page *page;
1500 	int err;
1501 
1502 	err = -EIO;
1503 	if (fuse_is_bad(inode))
1504 		goto out_err;
1505 
1506 	if (fc->cache_symlinks)
1507 		return page_get_link(dentry, inode, callback);
1508 
1509 	err = -ECHILD;
1510 	if (!dentry)
1511 		goto out_err;
1512 
1513 	page = alloc_page(GFP_KERNEL);
1514 	err = -ENOMEM;
1515 	if (!page)
1516 		goto out_err;
1517 
1518 	err = fuse_readlink_page(inode, page);
1519 	if (err) {
1520 		__free_page(page);
1521 		goto out_err;
1522 	}
1523 
1524 	set_delayed_call(callback, page_put_link, page);
1525 
1526 	return page_address(page);
1527 
1528 out_err:
1529 	return ERR_PTR(err);
1530 }
1531 
1532 static int fuse_dir_open(struct inode *inode, struct file *file)
1533 {
1534 	return fuse_open_common(inode, file, true);
1535 }
1536 
1537 static int fuse_dir_release(struct inode *inode, struct file *file)
1538 {
1539 	fuse_release_common(file, true);
1540 
1541 	return 0;
1542 }
1543 
1544 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end,
1545 			  int datasync)
1546 {
1547 	struct inode *inode = file->f_mapping->host;
1548 	struct fuse_conn *fc = get_fuse_conn(inode);
1549 	int err;
1550 
1551 	if (fuse_is_bad(inode))
1552 		return -EIO;
1553 
1554 	if (fc->no_fsyncdir)
1555 		return 0;
1556 
1557 	inode_lock(inode);
1558 	err = fuse_fsync_common(file, start, end, datasync, FUSE_FSYNCDIR);
1559 	if (err == -ENOSYS) {
1560 		fc->no_fsyncdir = 1;
1561 		err = 0;
1562 	}
1563 	inode_unlock(inode);
1564 
1565 	return err;
1566 }
1567 
1568 static long fuse_dir_ioctl(struct file *file, unsigned int cmd,
1569 			    unsigned long arg)
1570 {
1571 	struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1572 
1573 	/* FUSE_IOCTL_DIR only supported for API version >= 7.18 */
1574 	if (fc->minor < 18)
1575 		return -ENOTTY;
1576 
1577 	return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR);
1578 }
1579 
1580 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd,
1581 				   unsigned long arg)
1582 {
1583 	struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1584 
1585 	if (fc->minor < 18)
1586 		return -ENOTTY;
1587 
1588 	return fuse_ioctl_common(file, cmd, arg,
1589 				 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR);
1590 }
1591 
1592 static bool update_mtime(unsigned ivalid, bool trust_local_mtime)
1593 {
1594 	/* Always update if mtime is explicitly set  */
1595 	if (ivalid & ATTR_MTIME_SET)
1596 		return true;
1597 
1598 	/* Or if kernel i_mtime is the official one */
1599 	if (trust_local_mtime)
1600 		return true;
1601 
1602 	/* If it's an open(O_TRUNC) or an ftruncate(), don't update */
1603 	if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE)))
1604 		return false;
1605 
1606 	/* In all other cases update */
1607 	return true;
1608 }
1609 
1610 static void iattr_to_fattr(struct fuse_conn *fc, struct iattr *iattr,
1611 			   struct fuse_setattr_in *arg, bool trust_local_cmtime)
1612 {
1613 	unsigned ivalid = iattr->ia_valid;
1614 
1615 	if (ivalid & ATTR_MODE)
1616 		arg->valid |= FATTR_MODE,   arg->mode = iattr->ia_mode;
1617 	if (ivalid & ATTR_UID)
1618 		arg->valid |= FATTR_UID,    arg->uid = from_kuid(fc->user_ns, iattr->ia_uid);
1619 	if (ivalid & ATTR_GID)
1620 		arg->valid |= FATTR_GID,    arg->gid = from_kgid(fc->user_ns, iattr->ia_gid);
1621 	if (ivalid & ATTR_SIZE)
1622 		arg->valid |= FATTR_SIZE,   arg->size = iattr->ia_size;
1623 	if (ivalid & ATTR_ATIME) {
1624 		arg->valid |= FATTR_ATIME;
1625 		arg->atime = iattr->ia_atime.tv_sec;
1626 		arg->atimensec = iattr->ia_atime.tv_nsec;
1627 		if (!(ivalid & ATTR_ATIME_SET))
1628 			arg->valid |= FATTR_ATIME_NOW;
1629 	}
1630 	if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) {
1631 		arg->valid |= FATTR_MTIME;
1632 		arg->mtime = iattr->ia_mtime.tv_sec;
1633 		arg->mtimensec = iattr->ia_mtime.tv_nsec;
1634 		if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime)
1635 			arg->valid |= FATTR_MTIME_NOW;
1636 	}
1637 	if ((ivalid & ATTR_CTIME) && trust_local_cmtime) {
1638 		arg->valid |= FATTR_CTIME;
1639 		arg->ctime = iattr->ia_ctime.tv_sec;
1640 		arg->ctimensec = iattr->ia_ctime.tv_nsec;
1641 	}
1642 }
1643 
1644 /*
1645  * Prevent concurrent writepages on inode
1646  *
1647  * This is done by adding a negative bias to the inode write counter
1648  * and waiting for all pending writes to finish.
1649  */
1650 void fuse_set_nowrite(struct inode *inode)
1651 {
1652 	struct fuse_inode *fi = get_fuse_inode(inode);
1653 
1654 	BUG_ON(!inode_is_locked(inode));
1655 
1656 	spin_lock(&fi->lock);
1657 	BUG_ON(fi->writectr < 0);
1658 	fi->writectr += FUSE_NOWRITE;
1659 	spin_unlock(&fi->lock);
1660 	wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE);
1661 }
1662 
1663 /*
1664  * Allow writepages on inode
1665  *
1666  * Remove the bias from the writecounter and send any queued
1667  * writepages.
1668  */
1669 static void __fuse_release_nowrite(struct inode *inode)
1670 {
1671 	struct fuse_inode *fi = get_fuse_inode(inode);
1672 
1673 	BUG_ON(fi->writectr != FUSE_NOWRITE);
1674 	fi->writectr = 0;
1675 	fuse_flush_writepages(inode);
1676 }
1677 
1678 void fuse_release_nowrite(struct inode *inode)
1679 {
1680 	struct fuse_inode *fi = get_fuse_inode(inode);
1681 
1682 	spin_lock(&fi->lock);
1683 	__fuse_release_nowrite(inode);
1684 	spin_unlock(&fi->lock);
1685 }
1686 
1687 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args,
1688 			      struct inode *inode,
1689 			      struct fuse_setattr_in *inarg_p,
1690 			      struct fuse_attr_out *outarg_p)
1691 {
1692 	args->opcode = FUSE_SETATTR;
1693 	args->nodeid = get_node_id(inode);
1694 	args->in_numargs = 1;
1695 	args->in_args[0].size = sizeof(*inarg_p);
1696 	args->in_args[0].value = inarg_p;
1697 	args->out_numargs = 1;
1698 	args->out_args[0].size = sizeof(*outarg_p);
1699 	args->out_args[0].value = outarg_p;
1700 }
1701 
1702 /*
1703  * Flush inode->i_mtime to the server
1704  */
1705 int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
1706 {
1707 	struct fuse_mount *fm = get_fuse_mount(inode);
1708 	FUSE_ARGS(args);
1709 	struct fuse_setattr_in inarg;
1710 	struct fuse_attr_out outarg;
1711 
1712 	memset(&inarg, 0, sizeof(inarg));
1713 	memset(&outarg, 0, sizeof(outarg));
1714 
1715 	inarg.valid = FATTR_MTIME;
1716 	inarg.mtime = inode->i_mtime.tv_sec;
1717 	inarg.mtimensec = inode->i_mtime.tv_nsec;
1718 	if (fm->fc->minor >= 23) {
1719 		inarg.valid |= FATTR_CTIME;
1720 		inarg.ctime = inode->i_ctime.tv_sec;
1721 		inarg.ctimensec = inode->i_ctime.tv_nsec;
1722 	}
1723 	if (ff) {
1724 		inarg.valid |= FATTR_FH;
1725 		inarg.fh = ff->fh;
1726 	}
1727 	fuse_setattr_fill(fm->fc, &args, inode, &inarg, &outarg);
1728 
1729 	return fuse_simple_request(fm, &args);
1730 }
1731 
1732 /*
1733  * Set attributes, and at the same time refresh them.
1734  *
1735  * Truncation is slightly complicated, because the 'truncate' request
1736  * may fail, in which case we don't want to touch the mapping.
1737  * vmtruncate() doesn't allow for this case, so do the rlimit checking
1738  * and the actual truncation by hand.
1739  */
1740 int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
1741 		    struct file *file)
1742 {
1743 	struct inode *inode = d_inode(dentry);
1744 	struct fuse_mount *fm = get_fuse_mount(inode);
1745 	struct fuse_conn *fc = fm->fc;
1746 	struct fuse_inode *fi = get_fuse_inode(inode);
1747 	struct address_space *mapping = inode->i_mapping;
1748 	FUSE_ARGS(args);
1749 	struct fuse_setattr_in inarg;
1750 	struct fuse_attr_out outarg;
1751 	bool is_truncate = false;
1752 	bool is_wb = fc->writeback_cache && S_ISREG(inode->i_mode);
1753 	loff_t oldsize;
1754 	int err;
1755 	bool trust_local_cmtime = is_wb;
1756 	bool fault_blocked = false;
1757 
1758 	if (!fc->default_permissions)
1759 		attr->ia_valid |= ATTR_FORCE;
1760 
1761 	err = setattr_prepare(&nop_mnt_idmap, dentry, attr);
1762 	if (err)
1763 		return err;
1764 
1765 	if (attr->ia_valid & ATTR_SIZE) {
1766 		if (WARN_ON(!S_ISREG(inode->i_mode)))
1767 			return -EIO;
1768 		is_truncate = true;
1769 	}
1770 
1771 	if (FUSE_IS_DAX(inode) && is_truncate) {
1772 		filemap_invalidate_lock(mapping);
1773 		fault_blocked = true;
1774 		err = fuse_dax_break_layouts(inode, 0, 0);
1775 		if (err) {
1776 			filemap_invalidate_unlock(mapping);
1777 			return err;
1778 		}
1779 	}
1780 
1781 	if (attr->ia_valid & ATTR_OPEN) {
1782 		/* This is coming from open(..., ... | O_TRUNC); */
1783 		WARN_ON(!(attr->ia_valid & ATTR_SIZE));
1784 		WARN_ON(attr->ia_size != 0);
1785 		if (fc->atomic_o_trunc) {
1786 			/*
1787 			 * No need to send request to userspace, since actual
1788 			 * truncation has already been done by OPEN.  But still
1789 			 * need to truncate page cache.
1790 			 */
1791 			i_size_write(inode, 0);
1792 			truncate_pagecache(inode, 0);
1793 			goto out;
1794 		}
1795 		file = NULL;
1796 	}
1797 
1798 	/* Flush dirty data/metadata before non-truncate SETATTR */
1799 	if (is_wb &&
1800 	    attr->ia_valid &
1801 			(ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET |
1802 			 ATTR_TIMES_SET)) {
1803 		err = write_inode_now(inode, true);
1804 		if (err)
1805 			return err;
1806 
1807 		fuse_set_nowrite(inode);
1808 		fuse_release_nowrite(inode);
1809 	}
1810 
1811 	if (is_truncate) {
1812 		fuse_set_nowrite(inode);
1813 		set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1814 		if (trust_local_cmtime && attr->ia_size != inode->i_size)
1815 			attr->ia_valid |= ATTR_MTIME | ATTR_CTIME;
1816 	}
1817 
1818 	memset(&inarg, 0, sizeof(inarg));
1819 	memset(&outarg, 0, sizeof(outarg));
1820 	iattr_to_fattr(fc, attr, &inarg, trust_local_cmtime);
1821 	if (file) {
1822 		struct fuse_file *ff = file->private_data;
1823 		inarg.valid |= FATTR_FH;
1824 		inarg.fh = ff->fh;
1825 	}
1826 
1827 	/* Kill suid/sgid for non-directory chown unconditionally */
1828 	if (fc->handle_killpriv_v2 && !S_ISDIR(inode->i_mode) &&
1829 	    attr->ia_valid & (ATTR_UID | ATTR_GID))
1830 		inarg.valid |= FATTR_KILL_SUIDGID;
1831 
1832 	if (attr->ia_valid & ATTR_SIZE) {
1833 		/* For mandatory locking in truncate */
1834 		inarg.valid |= FATTR_LOCKOWNER;
1835 		inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
1836 
1837 		/* Kill suid/sgid for truncate only if no CAP_FSETID */
1838 		if (fc->handle_killpriv_v2 && !capable(CAP_FSETID))
1839 			inarg.valid |= FATTR_KILL_SUIDGID;
1840 	}
1841 	fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
1842 	err = fuse_simple_request(fm, &args);
1843 	if (err) {
1844 		if (err == -EINTR)
1845 			fuse_invalidate_attr(inode);
1846 		goto error;
1847 	}
1848 
1849 	if (fuse_invalid_attr(&outarg.attr) ||
1850 	    inode_wrong_type(inode, outarg.attr.mode)) {
1851 		fuse_make_bad(inode);
1852 		err = -EIO;
1853 		goto error;
1854 	}
1855 
1856 	spin_lock(&fi->lock);
1857 	/* the kernel maintains i_mtime locally */
1858 	if (trust_local_cmtime) {
1859 		if (attr->ia_valid & ATTR_MTIME)
1860 			inode->i_mtime = attr->ia_mtime;
1861 		if (attr->ia_valid & ATTR_CTIME)
1862 			inode->i_ctime = attr->ia_ctime;
1863 		/* FIXME: clear I_DIRTY_SYNC? */
1864 	}
1865 
1866 	fuse_change_attributes_common(inode, &outarg.attr,
1867 				      attr_timeout(&outarg),
1868 				      fuse_get_cache_mask(inode));
1869 	oldsize = inode->i_size;
1870 	/* see the comment in fuse_change_attributes() */
1871 	if (!is_wb || is_truncate)
1872 		i_size_write(inode, outarg.attr.size);
1873 
1874 	if (is_truncate) {
1875 		/* NOTE: this may release/reacquire fi->lock */
1876 		__fuse_release_nowrite(inode);
1877 	}
1878 	spin_unlock(&fi->lock);
1879 
1880 	/*
1881 	 * Only call invalidate_inode_pages2() after removing
1882 	 * FUSE_NOWRITE, otherwise fuse_launder_folio() would deadlock.
1883 	 */
1884 	if ((is_truncate || !is_wb) &&
1885 	    S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) {
1886 		truncate_pagecache(inode, outarg.attr.size);
1887 		invalidate_inode_pages2(mapping);
1888 	}
1889 
1890 	clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1891 out:
1892 	if (fault_blocked)
1893 		filemap_invalidate_unlock(mapping);
1894 
1895 	return 0;
1896 
1897 error:
1898 	if (is_truncate)
1899 		fuse_release_nowrite(inode);
1900 
1901 	clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1902 
1903 	if (fault_blocked)
1904 		filemap_invalidate_unlock(mapping);
1905 	return err;
1906 }
1907 
1908 static int fuse_setattr(struct mnt_idmap *idmap, struct dentry *entry,
1909 			struct iattr *attr)
1910 {
1911 	struct inode *inode = d_inode(entry);
1912 	struct fuse_conn *fc = get_fuse_conn(inode);
1913 	struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
1914 	int ret;
1915 
1916 	if (fuse_is_bad(inode))
1917 		return -EIO;
1918 
1919 	if (!fuse_allow_current_process(get_fuse_conn(inode)))
1920 		return -EACCES;
1921 
1922 	if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
1923 		attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
1924 				    ATTR_MODE);
1925 
1926 		/*
1927 		 * The only sane way to reliably kill suid/sgid is to do it in
1928 		 * the userspace filesystem
1929 		 *
1930 		 * This should be done on write(), truncate() and chown().
1931 		 */
1932 		if (!fc->handle_killpriv && !fc->handle_killpriv_v2) {
1933 			/*
1934 			 * ia_mode calculation may have used stale i_mode.
1935 			 * Refresh and recalculate.
1936 			 */
1937 			ret = fuse_do_getattr(inode, NULL, file);
1938 			if (ret)
1939 				return ret;
1940 
1941 			attr->ia_mode = inode->i_mode;
1942 			if (inode->i_mode & S_ISUID) {
1943 				attr->ia_valid |= ATTR_MODE;
1944 				attr->ia_mode &= ~S_ISUID;
1945 			}
1946 			if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
1947 				attr->ia_valid |= ATTR_MODE;
1948 				attr->ia_mode &= ~S_ISGID;
1949 			}
1950 		}
1951 	}
1952 	if (!attr->ia_valid)
1953 		return 0;
1954 
1955 	ret = fuse_do_setattr(entry, attr, file);
1956 	if (!ret) {
1957 		/*
1958 		 * If filesystem supports acls it may have updated acl xattrs in
1959 		 * the filesystem, so forget cached acls for the inode.
1960 		 */
1961 		if (fc->posix_acl)
1962 			forget_all_cached_acls(inode);
1963 
1964 		/* Directory mode changed, may need to revalidate access */
1965 		if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
1966 			fuse_invalidate_entry_cache(entry);
1967 	}
1968 	return ret;
1969 }
1970 
1971 static int fuse_getattr(struct mnt_idmap *idmap,
1972 			const struct path *path, struct kstat *stat,
1973 			u32 request_mask, unsigned int flags)
1974 {
1975 	struct inode *inode = d_inode(path->dentry);
1976 	struct fuse_conn *fc = get_fuse_conn(inode);
1977 
1978 	if (fuse_is_bad(inode))
1979 		return -EIO;
1980 
1981 	if (!fuse_allow_current_process(fc)) {
1982 		if (!request_mask) {
1983 			/*
1984 			 * If user explicitly requested *nothing* then don't
1985 			 * error out, but return st_dev only.
1986 			 */
1987 			stat->result_mask = 0;
1988 			stat->dev = inode->i_sb->s_dev;
1989 			return 0;
1990 		}
1991 		return -EACCES;
1992 	}
1993 
1994 	return fuse_update_get_attr(inode, NULL, stat, request_mask, flags);
1995 }
1996 
1997 static const struct inode_operations fuse_dir_inode_operations = {
1998 	.lookup		= fuse_lookup,
1999 	.mkdir		= fuse_mkdir,
2000 	.symlink	= fuse_symlink,
2001 	.unlink		= fuse_unlink,
2002 	.rmdir		= fuse_rmdir,
2003 	.rename		= fuse_rename2,
2004 	.link		= fuse_link,
2005 	.setattr	= fuse_setattr,
2006 	.create		= fuse_create,
2007 	.atomic_open	= fuse_atomic_open,
2008 	.tmpfile	= fuse_tmpfile,
2009 	.mknod		= fuse_mknod,
2010 	.permission	= fuse_permission,
2011 	.getattr	= fuse_getattr,
2012 	.listxattr	= fuse_listxattr,
2013 	.get_inode_acl	= fuse_get_inode_acl,
2014 	.get_acl	= fuse_get_acl,
2015 	.set_acl	= fuse_set_acl,
2016 	.fileattr_get	= fuse_fileattr_get,
2017 	.fileattr_set	= fuse_fileattr_set,
2018 };
2019 
2020 static const struct file_operations fuse_dir_operations = {
2021 	.llseek		= generic_file_llseek,
2022 	.read		= generic_read_dir,
2023 	.iterate_shared	= fuse_readdir,
2024 	.open		= fuse_dir_open,
2025 	.release	= fuse_dir_release,
2026 	.fsync		= fuse_dir_fsync,
2027 	.unlocked_ioctl	= fuse_dir_ioctl,
2028 	.compat_ioctl	= fuse_dir_compat_ioctl,
2029 };
2030 
2031 static const struct inode_operations fuse_common_inode_operations = {
2032 	.setattr	= fuse_setattr,
2033 	.permission	= fuse_permission,
2034 	.getattr	= fuse_getattr,
2035 	.listxattr	= fuse_listxattr,
2036 	.get_inode_acl	= fuse_get_inode_acl,
2037 	.get_acl	= fuse_get_acl,
2038 	.set_acl	= fuse_set_acl,
2039 	.fileattr_get	= fuse_fileattr_get,
2040 	.fileattr_set	= fuse_fileattr_set,
2041 };
2042 
2043 static const struct inode_operations fuse_symlink_inode_operations = {
2044 	.setattr	= fuse_setattr,
2045 	.get_link	= fuse_get_link,
2046 	.getattr	= fuse_getattr,
2047 	.listxattr	= fuse_listxattr,
2048 };
2049 
2050 void fuse_init_common(struct inode *inode)
2051 {
2052 	inode->i_op = &fuse_common_inode_operations;
2053 }
2054 
2055 void fuse_init_dir(struct inode *inode)
2056 {
2057 	struct fuse_inode *fi = get_fuse_inode(inode);
2058 
2059 	inode->i_op = &fuse_dir_inode_operations;
2060 	inode->i_fop = &fuse_dir_operations;
2061 
2062 	spin_lock_init(&fi->rdc.lock);
2063 	fi->rdc.cached = false;
2064 	fi->rdc.size = 0;
2065 	fi->rdc.pos = 0;
2066 	fi->rdc.version = 0;
2067 }
2068 
2069 static int fuse_symlink_read_folio(struct file *null, struct folio *folio)
2070 {
2071 	int err = fuse_readlink_page(folio->mapping->host, &folio->page);
2072 
2073 	if (!err)
2074 		folio_mark_uptodate(folio);
2075 
2076 	folio_unlock(folio);
2077 
2078 	return err;
2079 }
2080 
2081 static const struct address_space_operations fuse_symlink_aops = {
2082 	.read_folio	= fuse_symlink_read_folio,
2083 };
2084 
2085 void fuse_init_symlink(struct inode *inode)
2086 {
2087 	inode->i_op = &fuse_symlink_inode_operations;
2088 	inode->i_data.a_ops = &fuse_symlink_aops;
2089 	inode_nohighmem(inode);
2090 }
2091