1 /* 2 FUSE: Filesystem in Userspace 3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu> 4 5 This program can be distributed under the terms of the GNU GPL. 6 See the file COPYING. 7 */ 8 9 #include "fuse_i.h" 10 11 #include <linux/pagemap.h> 12 #include <linux/file.h> 13 #include <linux/fs_context.h> 14 #include <linux/moduleparam.h> 15 #include <linux/sched.h> 16 #include <linux/namei.h> 17 #include <linux/slab.h> 18 #include <linux/xattr.h> 19 #include <linux/iversion.h> 20 #include <linux/posix_acl.h> 21 #include <linux/security.h> 22 #include <linux/types.h> 23 #include <linux/kernel.h> 24 25 static bool __read_mostly allow_sys_admin_access; 26 module_param(allow_sys_admin_access, bool, 0644); 27 MODULE_PARM_DESC(allow_sys_admin_access, 28 "Allow users with CAP_SYS_ADMIN in initial userns to bypass allow_other access check"); 29 30 static void fuse_advise_use_readdirplus(struct inode *dir) 31 { 32 struct fuse_inode *fi = get_fuse_inode(dir); 33 34 set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state); 35 } 36 37 #if BITS_PER_LONG >= 64 38 static inline void __fuse_dentry_settime(struct dentry *entry, u64 time) 39 { 40 entry->d_fsdata = (void *) time; 41 } 42 43 static inline u64 fuse_dentry_time(const struct dentry *entry) 44 { 45 return (u64)entry->d_fsdata; 46 } 47 48 #else 49 union fuse_dentry { 50 u64 time; 51 struct rcu_head rcu; 52 }; 53 54 static inline void __fuse_dentry_settime(struct dentry *dentry, u64 time) 55 { 56 ((union fuse_dentry *) dentry->d_fsdata)->time = time; 57 } 58 59 static inline u64 fuse_dentry_time(const struct dentry *entry) 60 { 61 return ((union fuse_dentry *) entry->d_fsdata)->time; 62 } 63 #endif 64 65 static void fuse_dentry_settime(struct dentry *dentry, u64 time) 66 { 67 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb); 68 bool delete = !time && fc->delete_stale; 69 /* 70 * Mess with DCACHE_OP_DELETE because dput() will be faster without it. 71 * Don't care about races, either way it's just an optimization 72 */ 73 if ((!delete && (dentry->d_flags & DCACHE_OP_DELETE)) || 74 (delete && !(dentry->d_flags & DCACHE_OP_DELETE))) { 75 spin_lock(&dentry->d_lock); 76 if (!delete) 77 dentry->d_flags &= ~DCACHE_OP_DELETE; 78 else 79 dentry->d_flags |= DCACHE_OP_DELETE; 80 spin_unlock(&dentry->d_lock); 81 } 82 83 __fuse_dentry_settime(dentry, time); 84 } 85 86 /* 87 * FUSE caches dentries and attributes with separate timeout. The 88 * time in jiffies until the dentry/attributes are valid is stored in 89 * dentry->d_fsdata and fuse_inode->i_time respectively. 90 */ 91 92 /* 93 * Calculate the time in jiffies until a dentry/attributes are valid 94 */ 95 u64 fuse_time_to_jiffies(u64 sec, u32 nsec) 96 { 97 if (sec || nsec) { 98 struct timespec64 ts = { 99 sec, 100 min_t(u32, nsec, NSEC_PER_SEC - 1) 101 }; 102 103 return get_jiffies_64() + timespec64_to_jiffies(&ts); 104 } else 105 return 0; 106 } 107 108 /* 109 * Set dentry and possibly attribute timeouts from the lookup/mk* 110 * replies 111 */ 112 void fuse_change_entry_timeout(struct dentry *entry, struct fuse_entry_out *o) 113 { 114 fuse_dentry_settime(entry, 115 fuse_time_to_jiffies(o->entry_valid, o->entry_valid_nsec)); 116 } 117 118 void fuse_invalidate_attr_mask(struct inode *inode, u32 mask) 119 { 120 set_mask_bits(&get_fuse_inode(inode)->inval_mask, 0, mask); 121 } 122 123 /* 124 * Mark the attributes as stale, so that at the next call to 125 * ->getattr() they will be fetched from userspace 126 */ 127 void fuse_invalidate_attr(struct inode *inode) 128 { 129 fuse_invalidate_attr_mask(inode, STATX_BASIC_STATS); 130 } 131 132 static void fuse_dir_changed(struct inode *dir) 133 { 134 fuse_invalidate_attr(dir); 135 inode_maybe_inc_iversion(dir, false); 136 } 137 138 /* 139 * Mark the attributes as stale due to an atime change. Avoid the invalidate if 140 * atime is not used. 141 */ 142 void fuse_invalidate_atime(struct inode *inode) 143 { 144 if (!IS_RDONLY(inode)) 145 fuse_invalidate_attr_mask(inode, STATX_ATIME); 146 } 147 148 /* 149 * Just mark the entry as stale, so that a next attempt to look it up 150 * will result in a new lookup call to userspace 151 * 152 * This is called when a dentry is about to become negative and the 153 * timeout is unknown (unlink, rmdir, rename and in some cases 154 * lookup) 155 */ 156 void fuse_invalidate_entry_cache(struct dentry *entry) 157 { 158 fuse_dentry_settime(entry, 0); 159 } 160 161 /* 162 * Same as fuse_invalidate_entry_cache(), but also try to remove the 163 * dentry from the hash 164 */ 165 static void fuse_invalidate_entry(struct dentry *entry) 166 { 167 d_invalidate(entry); 168 fuse_invalidate_entry_cache(entry); 169 } 170 171 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args, 172 u64 nodeid, const struct qstr *name, 173 struct fuse_entry_out *outarg) 174 { 175 memset(outarg, 0, sizeof(struct fuse_entry_out)); 176 args->opcode = FUSE_LOOKUP; 177 args->nodeid = nodeid; 178 args->in_numargs = 3; 179 fuse_set_zero_arg0(args); 180 args->in_args[1].size = name->len; 181 args->in_args[1].value = name->name; 182 args->in_args[2].size = 1; 183 args->in_args[2].value = ""; 184 args->out_numargs = 1; 185 args->out_args[0].size = sizeof(struct fuse_entry_out); 186 args->out_args[0].value = outarg; 187 } 188 189 /* 190 * Check whether the dentry is still valid 191 * 192 * If the entry validity timeout has expired and the dentry is 193 * positive, try to redo the lookup. If the lookup results in a 194 * different inode, then let the VFS invalidate the dentry and redo 195 * the lookup once more. If the lookup results in the same inode, 196 * then refresh the attributes, timeouts and mark the dentry valid. 197 */ 198 static int fuse_dentry_revalidate(struct inode *dir, const struct qstr *name, 199 struct dentry *entry, unsigned int flags) 200 { 201 struct inode *inode; 202 struct fuse_mount *fm; 203 struct fuse_conn *fc; 204 struct fuse_inode *fi; 205 int ret; 206 207 fc = get_fuse_conn_super(dir->i_sb); 208 if (entry->d_time < atomic_read(&fc->epoch)) 209 goto invalid; 210 211 inode = d_inode_rcu(entry); 212 if (inode && fuse_is_bad(inode)) 213 goto invalid; 214 else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) || 215 (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) { 216 struct fuse_entry_out outarg; 217 FUSE_ARGS(args); 218 struct fuse_forget_link *forget; 219 u64 attr_version; 220 221 /* For negative dentries, always do a fresh lookup */ 222 if (!inode) 223 goto invalid; 224 225 ret = -ECHILD; 226 if (flags & LOOKUP_RCU) 227 goto out; 228 229 fm = get_fuse_mount(inode); 230 231 forget = fuse_alloc_forget(); 232 ret = -ENOMEM; 233 if (!forget) 234 goto out; 235 236 attr_version = fuse_get_attr_version(fm->fc); 237 238 fuse_lookup_init(fm->fc, &args, get_node_id(dir), 239 name, &outarg); 240 ret = fuse_simple_request(fm, &args); 241 /* Zero nodeid is same as -ENOENT */ 242 if (!ret && !outarg.nodeid) 243 ret = -ENOENT; 244 if (!ret) { 245 fi = get_fuse_inode(inode); 246 if (outarg.nodeid != get_node_id(inode) || 247 (bool) IS_AUTOMOUNT(inode) != (bool) (outarg.attr.flags & FUSE_ATTR_SUBMOUNT)) { 248 fuse_queue_forget(fm->fc, forget, 249 outarg.nodeid, 1); 250 goto invalid; 251 } 252 spin_lock(&fi->lock); 253 fi->nlookup++; 254 spin_unlock(&fi->lock); 255 } 256 kfree(forget); 257 if (ret == -ENOMEM || ret == -EINTR) 258 goto out; 259 if (ret || fuse_invalid_attr(&outarg.attr) || 260 fuse_stale_inode(inode, outarg.generation, &outarg.attr)) 261 goto invalid; 262 263 forget_all_cached_acls(inode); 264 fuse_change_attributes(inode, &outarg.attr, NULL, 265 ATTR_TIMEOUT(&outarg), 266 attr_version); 267 fuse_change_entry_timeout(entry, &outarg); 268 } else if (inode) { 269 fi = get_fuse_inode(inode); 270 if (flags & LOOKUP_RCU) { 271 if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state)) 272 return -ECHILD; 273 } else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) { 274 fuse_advise_use_readdirplus(dir); 275 } 276 } 277 ret = 1; 278 out: 279 return ret; 280 281 invalid: 282 ret = 0; 283 goto out; 284 } 285 286 #if BITS_PER_LONG < 64 287 static int fuse_dentry_init(struct dentry *dentry) 288 { 289 dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry), 290 GFP_KERNEL_ACCOUNT | __GFP_RECLAIMABLE); 291 292 return dentry->d_fsdata ? 0 : -ENOMEM; 293 } 294 static void fuse_dentry_release(struct dentry *dentry) 295 { 296 union fuse_dentry *fd = dentry->d_fsdata; 297 298 kfree_rcu(fd, rcu); 299 } 300 #endif 301 302 static int fuse_dentry_delete(const struct dentry *dentry) 303 { 304 return time_before64(fuse_dentry_time(dentry), get_jiffies_64()); 305 } 306 307 /* 308 * Create a fuse_mount object with a new superblock (with path->dentry 309 * as the root), and return that mount so it can be auto-mounted on 310 * @path. 311 */ 312 static struct vfsmount *fuse_dentry_automount(struct path *path) 313 { 314 struct fs_context *fsc; 315 struct vfsmount *mnt; 316 struct fuse_inode *mp_fi = get_fuse_inode(d_inode(path->dentry)); 317 318 fsc = fs_context_for_submount(path->mnt->mnt_sb->s_type, path->dentry); 319 if (IS_ERR(fsc)) 320 return ERR_CAST(fsc); 321 322 /* Pass the FUSE inode of the mount for fuse_get_tree_submount() */ 323 fsc->fs_private = mp_fi; 324 325 /* Create the submount */ 326 mnt = fc_mount(fsc); 327 put_fs_context(fsc); 328 return mnt; 329 } 330 331 const struct dentry_operations fuse_dentry_operations = { 332 .d_revalidate = fuse_dentry_revalidate, 333 .d_delete = fuse_dentry_delete, 334 #if BITS_PER_LONG < 64 335 .d_init = fuse_dentry_init, 336 .d_release = fuse_dentry_release, 337 #endif 338 .d_automount = fuse_dentry_automount, 339 }; 340 341 const struct dentry_operations fuse_root_dentry_operations = { 342 #if BITS_PER_LONG < 64 343 .d_init = fuse_dentry_init, 344 .d_release = fuse_dentry_release, 345 #endif 346 }; 347 348 int fuse_valid_type(int m) 349 { 350 return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) || 351 S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m); 352 } 353 354 static bool fuse_valid_size(u64 size) 355 { 356 return size <= LLONG_MAX; 357 } 358 359 bool fuse_invalid_attr(struct fuse_attr *attr) 360 { 361 return !fuse_valid_type(attr->mode) || !fuse_valid_size(attr->size); 362 } 363 364 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name, 365 struct fuse_entry_out *outarg, struct inode **inode) 366 { 367 struct fuse_mount *fm = get_fuse_mount_super(sb); 368 FUSE_ARGS(args); 369 struct fuse_forget_link *forget; 370 u64 attr_version, evict_ctr; 371 int err; 372 373 *inode = NULL; 374 err = -ENAMETOOLONG; 375 if (name->len > fm->fc->name_max) 376 goto out; 377 378 379 forget = fuse_alloc_forget(); 380 err = -ENOMEM; 381 if (!forget) 382 goto out; 383 384 attr_version = fuse_get_attr_version(fm->fc); 385 evict_ctr = fuse_get_evict_ctr(fm->fc); 386 387 fuse_lookup_init(fm->fc, &args, nodeid, name, outarg); 388 err = fuse_simple_request(fm, &args); 389 /* Zero nodeid is same as -ENOENT, but with valid timeout */ 390 if (err || !outarg->nodeid) 391 goto out_put_forget; 392 393 err = -EIO; 394 if (fuse_invalid_attr(&outarg->attr)) 395 goto out_put_forget; 396 if (outarg->nodeid == FUSE_ROOT_ID && outarg->generation != 0) { 397 pr_warn_once("root generation should be zero\n"); 398 outarg->generation = 0; 399 } 400 401 *inode = fuse_iget(sb, outarg->nodeid, outarg->generation, 402 &outarg->attr, ATTR_TIMEOUT(outarg), 403 attr_version, evict_ctr); 404 err = -ENOMEM; 405 if (!*inode) { 406 fuse_queue_forget(fm->fc, forget, outarg->nodeid, 1); 407 goto out; 408 } 409 err = 0; 410 411 out_put_forget: 412 kfree(forget); 413 out: 414 return err; 415 } 416 417 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry, 418 unsigned int flags) 419 { 420 struct fuse_entry_out outarg; 421 struct fuse_conn *fc; 422 struct inode *inode; 423 struct dentry *newent; 424 int err, epoch; 425 bool outarg_valid = true; 426 bool locked; 427 428 if (fuse_is_bad(dir)) 429 return ERR_PTR(-EIO); 430 431 fc = get_fuse_conn_super(dir->i_sb); 432 epoch = atomic_read(&fc->epoch); 433 434 locked = fuse_lock_inode(dir); 435 err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name, 436 &outarg, &inode); 437 fuse_unlock_inode(dir, locked); 438 if (err == -ENOENT) { 439 outarg_valid = false; 440 err = 0; 441 } 442 if (err) 443 goto out_err; 444 445 err = -EIO; 446 if (inode && get_node_id(inode) == FUSE_ROOT_ID) 447 goto out_iput; 448 449 newent = d_splice_alias(inode, entry); 450 err = PTR_ERR(newent); 451 if (IS_ERR(newent)) 452 goto out_err; 453 454 entry = newent ? newent : entry; 455 entry->d_time = epoch; 456 if (outarg_valid) 457 fuse_change_entry_timeout(entry, &outarg); 458 else 459 fuse_invalidate_entry_cache(entry); 460 461 if (inode) 462 fuse_advise_use_readdirplus(dir); 463 return newent; 464 465 out_iput: 466 iput(inode); 467 out_err: 468 return ERR_PTR(err); 469 } 470 471 static int get_security_context(struct dentry *entry, umode_t mode, 472 struct fuse_in_arg *ext) 473 { 474 struct fuse_secctx *fctx; 475 struct fuse_secctx_header *header; 476 struct lsm_context lsmctx = { }; 477 void *ptr; 478 u32 total_len = sizeof(*header); 479 int err, nr_ctx = 0; 480 const char *name = NULL; 481 size_t namelen; 482 483 err = security_dentry_init_security(entry, mode, &entry->d_name, 484 &name, &lsmctx); 485 486 /* If no LSM is supporting this security hook ignore error */ 487 if (err && err != -EOPNOTSUPP) 488 goto out_err; 489 490 if (lsmctx.len) { 491 nr_ctx = 1; 492 namelen = strlen(name) + 1; 493 err = -EIO; 494 if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || 495 lsmctx.len > S32_MAX)) 496 goto out_err; 497 total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + 498 lsmctx.len); 499 } 500 501 err = -ENOMEM; 502 header = ptr = kzalloc(total_len, GFP_KERNEL); 503 if (!ptr) 504 goto out_err; 505 506 header->nr_secctx = nr_ctx; 507 header->size = total_len; 508 ptr += sizeof(*header); 509 if (nr_ctx) { 510 fctx = ptr; 511 fctx->size = lsmctx.len; 512 ptr += sizeof(*fctx); 513 514 strcpy(ptr, name); 515 ptr += namelen; 516 517 memcpy(ptr, lsmctx.context, lsmctx.len); 518 } 519 ext->size = total_len; 520 ext->value = header; 521 err = 0; 522 out_err: 523 if (nr_ctx) 524 security_release_secctx(&lsmctx); 525 return err; 526 } 527 528 static void *extend_arg(struct fuse_in_arg *buf, u32 bytes) 529 { 530 void *p; 531 u32 newlen = buf->size + bytes; 532 533 p = krealloc(buf->value, newlen, GFP_KERNEL); 534 if (!p) { 535 kfree(buf->value); 536 buf->size = 0; 537 buf->value = NULL; 538 return NULL; 539 } 540 541 memset(p + buf->size, 0, bytes); 542 buf->value = p; 543 buf->size = newlen; 544 545 return p + newlen - bytes; 546 } 547 548 static u32 fuse_ext_size(size_t size) 549 { 550 return FUSE_REC_ALIGN(sizeof(struct fuse_ext_header) + size); 551 } 552 553 /* 554 * This adds just a single supplementary group that matches the parent's group. 555 */ 556 static int get_create_supp_group(struct mnt_idmap *idmap, 557 struct inode *dir, 558 struct fuse_in_arg *ext) 559 { 560 struct fuse_conn *fc = get_fuse_conn(dir); 561 struct fuse_ext_header *xh; 562 struct fuse_supp_groups *sg; 563 kgid_t kgid = dir->i_gid; 564 vfsgid_t vfsgid = make_vfsgid(idmap, fc->user_ns, kgid); 565 gid_t parent_gid = from_kgid(fc->user_ns, kgid); 566 567 u32 sg_len = fuse_ext_size(sizeof(*sg) + sizeof(sg->groups[0])); 568 569 if (parent_gid == (gid_t) -1 || vfsgid_eq_kgid(vfsgid, current_fsgid()) || 570 !vfsgid_in_group_p(vfsgid)) 571 return 0; 572 573 xh = extend_arg(ext, sg_len); 574 if (!xh) 575 return -ENOMEM; 576 577 xh->size = sg_len; 578 xh->type = FUSE_EXT_GROUPS; 579 580 sg = (struct fuse_supp_groups *) &xh[1]; 581 sg->nr_groups = 1; 582 sg->groups[0] = parent_gid; 583 584 return 0; 585 } 586 587 static int get_create_ext(struct mnt_idmap *idmap, 588 struct fuse_args *args, 589 struct inode *dir, struct dentry *dentry, 590 umode_t mode) 591 { 592 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb); 593 struct fuse_in_arg ext = { .size = 0, .value = NULL }; 594 int err = 0; 595 596 if (fc->init_security) 597 err = get_security_context(dentry, mode, &ext); 598 if (!err && fc->create_supp_group) 599 err = get_create_supp_group(idmap, dir, &ext); 600 601 if (!err && ext.size) { 602 WARN_ON(args->in_numargs >= ARRAY_SIZE(args->in_args)); 603 args->is_ext = true; 604 args->ext_idx = args->in_numargs++; 605 args->in_args[args->ext_idx] = ext; 606 } else { 607 kfree(ext.value); 608 } 609 610 return err; 611 } 612 613 static void free_ext_value(struct fuse_args *args) 614 { 615 if (args->is_ext) 616 kfree(args->in_args[args->ext_idx].value); 617 } 618 619 /* 620 * Atomic create+open operation 621 * 622 * If the filesystem doesn't support this, then fall back to separate 623 * 'mknod' + 'open' requests. 624 */ 625 static int fuse_create_open(struct mnt_idmap *idmap, struct inode *dir, 626 struct dentry *entry, struct file *file, 627 unsigned int flags, umode_t mode, u32 opcode) 628 { 629 struct inode *inode; 630 struct fuse_mount *fm = get_fuse_mount(dir); 631 FUSE_ARGS(args); 632 struct fuse_forget_link *forget; 633 struct fuse_create_in inarg; 634 struct fuse_open_out *outopenp; 635 struct fuse_entry_out outentry; 636 struct fuse_inode *fi; 637 struct fuse_file *ff; 638 int epoch, err; 639 bool trunc = flags & O_TRUNC; 640 641 /* Userspace expects S_IFREG in create mode */ 642 BUG_ON((mode & S_IFMT) != S_IFREG); 643 644 epoch = atomic_read(&fm->fc->epoch); 645 forget = fuse_alloc_forget(); 646 err = -ENOMEM; 647 if (!forget) 648 goto out_err; 649 650 err = -ENOMEM; 651 ff = fuse_file_alloc(fm, true); 652 if (!ff) 653 goto out_put_forget_req; 654 655 if (!fm->fc->dont_mask) 656 mode &= ~current_umask(); 657 658 flags &= ~O_NOCTTY; 659 memset(&inarg, 0, sizeof(inarg)); 660 memset(&outentry, 0, sizeof(outentry)); 661 inarg.flags = flags; 662 inarg.mode = mode; 663 inarg.umask = current_umask(); 664 665 if (fm->fc->handle_killpriv_v2 && trunc && 666 !(flags & O_EXCL) && !capable(CAP_FSETID)) { 667 inarg.open_flags |= FUSE_OPEN_KILL_SUIDGID; 668 } 669 670 args.opcode = opcode; 671 args.nodeid = get_node_id(dir); 672 args.in_numargs = 2; 673 args.in_args[0].size = sizeof(inarg); 674 args.in_args[0].value = &inarg; 675 args.in_args[1].size = entry->d_name.len + 1; 676 args.in_args[1].value = entry->d_name.name; 677 args.out_numargs = 2; 678 args.out_args[0].size = sizeof(outentry); 679 args.out_args[0].value = &outentry; 680 /* Store outarg for fuse_finish_open() */ 681 outopenp = &ff->args->open_outarg; 682 args.out_args[1].size = sizeof(*outopenp); 683 args.out_args[1].value = outopenp; 684 685 err = get_create_ext(idmap, &args, dir, entry, mode); 686 if (err) 687 goto out_free_ff; 688 689 err = fuse_simple_idmap_request(idmap, fm, &args); 690 free_ext_value(&args); 691 if (err) 692 goto out_free_ff; 693 694 err = -EIO; 695 if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid) || 696 fuse_invalid_attr(&outentry.attr)) 697 goto out_free_ff; 698 699 ff->fh = outopenp->fh; 700 ff->nodeid = outentry.nodeid; 701 ff->open_flags = outopenp->open_flags; 702 inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation, 703 &outentry.attr, ATTR_TIMEOUT(&outentry), 0, 0); 704 if (!inode) { 705 flags &= ~(O_CREAT | O_EXCL | O_TRUNC); 706 fuse_sync_release(NULL, ff, flags); 707 fuse_queue_forget(fm->fc, forget, outentry.nodeid, 1); 708 err = -ENOMEM; 709 goto out_err; 710 } 711 kfree(forget); 712 d_instantiate(entry, inode); 713 entry->d_time = epoch; 714 fuse_change_entry_timeout(entry, &outentry); 715 fuse_dir_changed(dir); 716 err = generic_file_open(inode, file); 717 if (!err) { 718 file->private_data = ff; 719 err = finish_open(file, entry, fuse_finish_open); 720 } 721 if (err) { 722 fi = get_fuse_inode(inode); 723 fuse_sync_release(fi, ff, flags); 724 } else { 725 if (fm->fc->atomic_o_trunc && trunc) 726 truncate_pagecache(inode, 0); 727 else if (!(ff->open_flags & FOPEN_KEEP_CACHE)) 728 invalidate_inode_pages2(inode->i_mapping); 729 } 730 return err; 731 732 out_free_ff: 733 fuse_file_free(ff); 734 out_put_forget_req: 735 kfree(forget); 736 out_err: 737 return err; 738 } 739 740 static int fuse_mknod(struct mnt_idmap *, struct inode *, struct dentry *, 741 umode_t, dev_t); 742 static int fuse_atomic_open(struct inode *dir, struct dentry *entry, 743 struct file *file, unsigned flags, 744 umode_t mode) 745 { 746 int err; 747 struct mnt_idmap *idmap = file_mnt_idmap(file); 748 struct fuse_conn *fc = get_fuse_conn(dir); 749 struct dentry *res = NULL; 750 751 if (fuse_is_bad(dir)) 752 return -EIO; 753 754 if (d_in_lookup(entry)) { 755 res = fuse_lookup(dir, entry, 0); 756 if (IS_ERR(res)) 757 return PTR_ERR(res); 758 759 if (res) 760 entry = res; 761 } 762 763 if (!(flags & O_CREAT) || d_really_is_positive(entry)) 764 goto no_open; 765 766 /* Only creates */ 767 file->f_mode |= FMODE_CREATED; 768 769 if (fc->no_create) 770 goto mknod; 771 772 err = fuse_create_open(idmap, dir, entry, file, flags, mode, FUSE_CREATE); 773 if (err == -ENOSYS) { 774 fc->no_create = 1; 775 goto mknod; 776 } else if (err == -EEXIST) 777 fuse_invalidate_entry(entry); 778 out_dput: 779 dput(res); 780 return err; 781 782 mknod: 783 err = fuse_mknod(idmap, dir, entry, mode, 0); 784 if (err) 785 goto out_dput; 786 no_open: 787 return finish_no_open(file, res); 788 } 789 790 /* 791 * Code shared between mknod, mkdir, symlink and link 792 */ 793 static struct dentry *create_new_entry(struct mnt_idmap *idmap, struct fuse_mount *fm, 794 struct fuse_args *args, struct inode *dir, 795 struct dentry *entry, umode_t mode) 796 { 797 struct fuse_entry_out outarg; 798 struct inode *inode; 799 struct dentry *d; 800 struct fuse_forget_link *forget; 801 int epoch, err; 802 803 if (fuse_is_bad(dir)) 804 return ERR_PTR(-EIO); 805 806 epoch = atomic_read(&fm->fc->epoch); 807 808 forget = fuse_alloc_forget(); 809 if (!forget) 810 return ERR_PTR(-ENOMEM); 811 812 memset(&outarg, 0, sizeof(outarg)); 813 args->nodeid = get_node_id(dir); 814 args->out_numargs = 1; 815 args->out_args[0].size = sizeof(outarg); 816 args->out_args[0].value = &outarg; 817 818 if (args->opcode != FUSE_LINK) { 819 err = get_create_ext(idmap, args, dir, entry, mode); 820 if (err) 821 goto out_put_forget_req; 822 } 823 824 err = fuse_simple_idmap_request(idmap, fm, args); 825 free_ext_value(args); 826 if (err) 827 goto out_put_forget_req; 828 829 err = -EIO; 830 if (invalid_nodeid(outarg.nodeid) || fuse_invalid_attr(&outarg.attr)) 831 goto out_put_forget_req; 832 833 if ((outarg.attr.mode ^ mode) & S_IFMT) 834 goto out_put_forget_req; 835 836 inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation, 837 &outarg.attr, ATTR_TIMEOUT(&outarg), 0, 0); 838 if (!inode) { 839 fuse_queue_forget(fm->fc, forget, outarg.nodeid, 1); 840 return ERR_PTR(-ENOMEM); 841 } 842 kfree(forget); 843 844 d_drop(entry); 845 d = d_splice_alias(inode, entry); 846 if (IS_ERR(d)) 847 return d; 848 849 if (d) { 850 d->d_time = epoch; 851 fuse_change_entry_timeout(d, &outarg); 852 } else { 853 entry->d_time = epoch; 854 fuse_change_entry_timeout(entry, &outarg); 855 } 856 fuse_dir_changed(dir); 857 return d; 858 859 out_put_forget_req: 860 if (err == -EEXIST) 861 fuse_invalidate_entry(entry); 862 kfree(forget); 863 return ERR_PTR(err); 864 } 865 866 static int create_new_nondir(struct mnt_idmap *idmap, struct fuse_mount *fm, 867 struct fuse_args *args, struct inode *dir, 868 struct dentry *entry, umode_t mode) 869 { 870 /* 871 * Note that when creating anything other than a directory we 872 * can be sure create_new_entry() will NOT return an alternate 873 * dentry as d_splice_alias() only returns an alternate dentry 874 * for directories. So we don't need to check for that case 875 * when passing back the result. 876 */ 877 WARN_ON_ONCE(S_ISDIR(mode)); 878 879 return PTR_ERR(create_new_entry(idmap, fm, args, dir, entry, mode)); 880 } 881 882 static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir, 883 struct dentry *entry, umode_t mode, dev_t rdev) 884 { 885 struct fuse_mknod_in inarg; 886 struct fuse_mount *fm = get_fuse_mount(dir); 887 FUSE_ARGS(args); 888 889 if (!fm->fc->dont_mask) 890 mode &= ~current_umask(); 891 892 memset(&inarg, 0, sizeof(inarg)); 893 inarg.mode = mode; 894 inarg.rdev = new_encode_dev(rdev); 895 inarg.umask = current_umask(); 896 args.opcode = FUSE_MKNOD; 897 args.in_numargs = 2; 898 args.in_args[0].size = sizeof(inarg); 899 args.in_args[0].value = &inarg; 900 args.in_args[1].size = entry->d_name.len + 1; 901 args.in_args[1].value = entry->d_name.name; 902 return create_new_nondir(idmap, fm, &args, dir, entry, mode); 903 } 904 905 static int fuse_create(struct mnt_idmap *idmap, struct inode *dir, 906 struct dentry *entry, umode_t mode, bool excl) 907 { 908 return fuse_mknod(idmap, dir, entry, mode, 0); 909 } 910 911 static int fuse_tmpfile(struct mnt_idmap *idmap, struct inode *dir, 912 struct file *file, umode_t mode) 913 { 914 struct fuse_conn *fc = get_fuse_conn(dir); 915 int err; 916 917 if (fc->no_tmpfile) 918 return -EOPNOTSUPP; 919 920 err = fuse_create_open(idmap, dir, file->f_path.dentry, file, 921 file->f_flags, mode, FUSE_TMPFILE); 922 if (err == -ENOSYS) { 923 fc->no_tmpfile = 1; 924 err = -EOPNOTSUPP; 925 } 926 return err; 927 } 928 929 static struct dentry *fuse_mkdir(struct mnt_idmap *idmap, struct inode *dir, 930 struct dentry *entry, umode_t mode) 931 { 932 struct fuse_mkdir_in inarg; 933 struct fuse_mount *fm = get_fuse_mount(dir); 934 FUSE_ARGS(args); 935 936 if (!fm->fc->dont_mask) 937 mode &= ~current_umask(); 938 939 memset(&inarg, 0, sizeof(inarg)); 940 inarg.mode = mode; 941 inarg.umask = current_umask(); 942 args.opcode = FUSE_MKDIR; 943 args.in_numargs = 2; 944 args.in_args[0].size = sizeof(inarg); 945 args.in_args[0].value = &inarg; 946 args.in_args[1].size = entry->d_name.len + 1; 947 args.in_args[1].value = entry->d_name.name; 948 return create_new_entry(idmap, fm, &args, dir, entry, S_IFDIR); 949 } 950 951 static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir, 952 struct dentry *entry, const char *link) 953 { 954 struct fuse_mount *fm = get_fuse_mount(dir); 955 unsigned len = strlen(link) + 1; 956 FUSE_ARGS(args); 957 958 args.opcode = FUSE_SYMLINK; 959 args.in_numargs = 3; 960 fuse_set_zero_arg0(&args); 961 args.in_args[1].size = entry->d_name.len + 1; 962 args.in_args[1].value = entry->d_name.name; 963 args.in_args[2].size = len; 964 args.in_args[2].value = link; 965 return create_new_nondir(idmap, fm, &args, dir, entry, S_IFLNK); 966 } 967 968 void fuse_flush_time_update(struct inode *inode) 969 { 970 int err = sync_inode_metadata(inode, 1); 971 972 mapping_set_error(inode->i_mapping, err); 973 } 974 975 static void fuse_update_ctime_in_cache(struct inode *inode) 976 { 977 if (!IS_NOCMTIME(inode)) { 978 inode_set_ctime_current(inode); 979 mark_inode_dirty_sync(inode); 980 fuse_flush_time_update(inode); 981 } 982 } 983 984 void fuse_update_ctime(struct inode *inode) 985 { 986 fuse_invalidate_attr_mask(inode, STATX_CTIME); 987 fuse_update_ctime_in_cache(inode); 988 } 989 990 static void fuse_entry_unlinked(struct dentry *entry) 991 { 992 struct inode *inode = d_inode(entry); 993 struct fuse_conn *fc = get_fuse_conn(inode); 994 struct fuse_inode *fi = get_fuse_inode(inode); 995 996 spin_lock(&fi->lock); 997 fi->attr_version = atomic64_inc_return(&fc->attr_version); 998 /* 999 * If i_nlink == 0 then unlink doesn't make sense, yet this can 1000 * happen if userspace filesystem is careless. It would be 1001 * difficult to enforce correct nlink usage so just ignore this 1002 * condition here 1003 */ 1004 if (S_ISDIR(inode->i_mode)) 1005 clear_nlink(inode); 1006 else if (inode->i_nlink > 0) 1007 drop_nlink(inode); 1008 spin_unlock(&fi->lock); 1009 fuse_invalidate_entry_cache(entry); 1010 fuse_update_ctime(inode); 1011 } 1012 1013 static int fuse_unlink(struct inode *dir, struct dentry *entry) 1014 { 1015 int err; 1016 struct fuse_mount *fm = get_fuse_mount(dir); 1017 FUSE_ARGS(args); 1018 1019 if (fuse_is_bad(dir)) 1020 return -EIO; 1021 1022 args.opcode = FUSE_UNLINK; 1023 args.nodeid = get_node_id(dir); 1024 args.in_numargs = 2; 1025 fuse_set_zero_arg0(&args); 1026 args.in_args[1].size = entry->d_name.len + 1; 1027 args.in_args[1].value = entry->d_name.name; 1028 err = fuse_simple_request(fm, &args); 1029 if (!err) { 1030 fuse_dir_changed(dir); 1031 fuse_entry_unlinked(entry); 1032 } else if (err == -EINTR || err == -ENOENT) 1033 fuse_invalidate_entry(entry); 1034 return err; 1035 } 1036 1037 static int fuse_rmdir(struct inode *dir, struct dentry *entry) 1038 { 1039 int err; 1040 struct fuse_mount *fm = get_fuse_mount(dir); 1041 FUSE_ARGS(args); 1042 1043 if (fuse_is_bad(dir)) 1044 return -EIO; 1045 1046 args.opcode = FUSE_RMDIR; 1047 args.nodeid = get_node_id(dir); 1048 args.in_numargs = 2; 1049 fuse_set_zero_arg0(&args); 1050 args.in_args[1].size = entry->d_name.len + 1; 1051 args.in_args[1].value = entry->d_name.name; 1052 err = fuse_simple_request(fm, &args); 1053 if (!err) { 1054 fuse_dir_changed(dir); 1055 fuse_entry_unlinked(entry); 1056 } else if (err == -EINTR || err == -ENOENT) 1057 fuse_invalidate_entry(entry); 1058 return err; 1059 } 1060 1061 static int fuse_rename_common(struct mnt_idmap *idmap, struct inode *olddir, struct dentry *oldent, 1062 struct inode *newdir, struct dentry *newent, 1063 unsigned int flags, int opcode, size_t argsize) 1064 { 1065 int err; 1066 struct fuse_rename2_in inarg; 1067 struct fuse_mount *fm = get_fuse_mount(olddir); 1068 FUSE_ARGS(args); 1069 1070 memset(&inarg, 0, argsize); 1071 inarg.newdir = get_node_id(newdir); 1072 inarg.flags = flags; 1073 args.opcode = opcode; 1074 args.nodeid = get_node_id(olddir); 1075 args.in_numargs = 3; 1076 args.in_args[0].size = argsize; 1077 args.in_args[0].value = &inarg; 1078 args.in_args[1].size = oldent->d_name.len + 1; 1079 args.in_args[1].value = oldent->d_name.name; 1080 args.in_args[2].size = newent->d_name.len + 1; 1081 args.in_args[2].value = newent->d_name.name; 1082 err = fuse_simple_idmap_request(idmap, fm, &args); 1083 if (!err) { 1084 /* ctime changes */ 1085 fuse_update_ctime(d_inode(oldent)); 1086 1087 if (flags & RENAME_EXCHANGE) 1088 fuse_update_ctime(d_inode(newent)); 1089 1090 fuse_dir_changed(olddir); 1091 if (olddir != newdir) 1092 fuse_dir_changed(newdir); 1093 1094 /* newent will end up negative */ 1095 if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent)) 1096 fuse_entry_unlinked(newent); 1097 } else if (err == -EINTR || err == -ENOENT) { 1098 /* If request was interrupted, DEITY only knows if the 1099 rename actually took place. If the invalidation 1100 fails (e.g. some process has CWD under the renamed 1101 directory), then there can be inconsistency between 1102 the dcache and the real filesystem. Tough luck. */ 1103 fuse_invalidate_entry(oldent); 1104 if (d_really_is_positive(newent)) 1105 fuse_invalidate_entry(newent); 1106 } 1107 1108 return err; 1109 } 1110 1111 static int fuse_rename2(struct mnt_idmap *idmap, struct inode *olddir, 1112 struct dentry *oldent, struct inode *newdir, 1113 struct dentry *newent, unsigned int flags) 1114 { 1115 struct fuse_conn *fc = get_fuse_conn(olddir); 1116 int err; 1117 1118 if (fuse_is_bad(olddir)) 1119 return -EIO; 1120 1121 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 1122 return -EINVAL; 1123 1124 if (flags) { 1125 if (fc->no_rename2 || fc->minor < 23) 1126 return -EINVAL; 1127 1128 err = fuse_rename_common((flags & RENAME_WHITEOUT) ? idmap : &invalid_mnt_idmap, 1129 olddir, oldent, newdir, newent, flags, 1130 FUSE_RENAME2, 1131 sizeof(struct fuse_rename2_in)); 1132 if (err == -ENOSYS) { 1133 fc->no_rename2 = 1; 1134 err = -EINVAL; 1135 } 1136 } else { 1137 err = fuse_rename_common(&invalid_mnt_idmap, olddir, oldent, newdir, newent, 0, 1138 FUSE_RENAME, 1139 sizeof(struct fuse_rename_in)); 1140 } 1141 1142 return err; 1143 } 1144 1145 static int fuse_link(struct dentry *entry, struct inode *newdir, 1146 struct dentry *newent) 1147 { 1148 int err; 1149 struct fuse_link_in inarg; 1150 struct inode *inode = d_inode(entry); 1151 struct fuse_mount *fm = get_fuse_mount(inode); 1152 FUSE_ARGS(args); 1153 1154 if (fm->fc->no_link) 1155 goto out; 1156 1157 memset(&inarg, 0, sizeof(inarg)); 1158 inarg.oldnodeid = get_node_id(inode); 1159 args.opcode = FUSE_LINK; 1160 args.in_numargs = 2; 1161 args.in_args[0].size = sizeof(inarg); 1162 args.in_args[0].value = &inarg; 1163 args.in_args[1].size = newent->d_name.len + 1; 1164 args.in_args[1].value = newent->d_name.name; 1165 err = create_new_nondir(&invalid_mnt_idmap, fm, &args, newdir, newent, inode->i_mode); 1166 if (!err) 1167 fuse_update_ctime_in_cache(inode); 1168 else if (err == -EINTR) 1169 fuse_invalidate_attr(inode); 1170 1171 if (err == -ENOSYS) 1172 fm->fc->no_link = 1; 1173 out: 1174 if (fm->fc->no_link) 1175 return -EPERM; 1176 1177 return err; 1178 } 1179 1180 static void fuse_fillattr(struct mnt_idmap *idmap, struct inode *inode, 1181 struct fuse_attr *attr, struct kstat *stat) 1182 { 1183 unsigned int blkbits; 1184 struct fuse_conn *fc = get_fuse_conn(inode); 1185 vfsuid_t vfsuid = make_vfsuid(idmap, fc->user_ns, 1186 make_kuid(fc->user_ns, attr->uid)); 1187 vfsgid_t vfsgid = make_vfsgid(idmap, fc->user_ns, 1188 make_kgid(fc->user_ns, attr->gid)); 1189 1190 stat->dev = inode->i_sb->s_dev; 1191 stat->ino = attr->ino; 1192 stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777); 1193 stat->nlink = attr->nlink; 1194 stat->uid = vfsuid_into_kuid(vfsuid); 1195 stat->gid = vfsgid_into_kgid(vfsgid); 1196 stat->rdev = inode->i_rdev; 1197 stat->atime.tv_sec = attr->atime; 1198 stat->atime.tv_nsec = attr->atimensec; 1199 stat->mtime.tv_sec = attr->mtime; 1200 stat->mtime.tv_nsec = attr->mtimensec; 1201 stat->ctime.tv_sec = attr->ctime; 1202 stat->ctime.tv_nsec = attr->ctimensec; 1203 stat->size = attr->size; 1204 stat->blocks = attr->blocks; 1205 1206 if (attr->blksize != 0) 1207 blkbits = ilog2(attr->blksize); 1208 else 1209 blkbits = inode->i_sb->s_blocksize_bits; 1210 1211 stat->blksize = 1 << blkbits; 1212 } 1213 1214 static void fuse_statx_to_attr(struct fuse_statx *sx, struct fuse_attr *attr) 1215 { 1216 memset(attr, 0, sizeof(*attr)); 1217 attr->ino = sx->ino; 1218 attr->size = sx->size; 1219 attr->blocks = sx->blocks; 1220 attr->atime = sx->atime.tv_sec; 1221 attr->mtime = sx->mtime.tv_sec; 1222 attr->ctime = sx->ctime.tv_sec; 1223 attr->atimensec = sx->atime.tv_nsec; 1224 attr->mtimensec = sx->mtime.tv_nsec; 1225 attr->ctimensec = sx->ctime.tv_nsec; 1226 attr->mode = sx->mode; 1227 attr->nlink = sx->nlink; 1228 attr->uid = sx->uid; 1229 attr->gid = sx->gid; 1230 attr->rdev = new_encode_dev(MKDEV(sx->rdev_major, sx->rdev_minor)); 1231 attr->blksize = sx->blksize; 1232 } 1233 1234 static int fuse_do_statx(struct mnt_idmap *idmap, struct inode *inode, 1235 struct file *file, struct kstat *stat) 1236 { 1237 int err; 1238 struct fuse_attr attr; 1239 struct fuse_statx *sx; 1240 struct fuse_statx_in inarg; 1241 struct fuse_statx_out outarg; 1242 struct fuse_mount *fm = get_fuse_mount(inode); 1243 u64 attr_version = fuse_get_attr_version(fm->fc); 1244 FUSE_ARGS(args); 1245 1246 memset(&inarg, 0, sizeof(inarg)); 1247 memset(&outarg, 0, sizeof(outarg)); 1248 /* Directories have separate file-handle space */ 1249 if (file && S_ISREG(inode->i_mode)) { 1250 struct fuse_file *ff = file->private_data; 1251 1252 inarg.getattr_flags |= FUSE_GETATTR_FH; 1253 inarg.fh = ff->fh; 1254 } 1255 /* For now leave sync hints as the default, request all stats. */ 1256 inarg.sx_flags = 0; 1257 inarg.sx_mask = STATX_BASIC_STATS | STATX_BTIME; 1258 args.opcode = FUSE_STATX; 1259 args.nodeid = get_node_id(inode); 1260 args.in_numargs = 1; 1261 args.in_args[0].size = sizeof(inarg); 1262 args.in_args[0].value = &inarg; 1263 args.out_numargs = 1; 1264 args.out_args[0].size = sizeof(outarg); 1265 args.out_args[0].value = &outarg; 1266 err = fuse_simple_request(fm, &args); 1267 if (err) 1268 return err; 1269 1270 sx = &outarg.stat; 1271 if (((sx->mask & STATX_SIZE) && !fuse_valid_size(sx->size)) || 1272 ((sx->mask & STATX_TYPE) && (!fuse_valid_type(sx->mode) || 1273 inode_wrong_type(inode, sx->mode)))) { 1274 fuse_make_bad(inode); 1275 return -EIO; 1276 } 1277 1278 fuse_statx_to_attr(&outarg.stat, &attr); 1279 if ((sx->mask & STATX_BASIC_STATS) == STATX_BASIC_STATS) { 1280 fuse_change_attributes(inode, &attr, &outarg.stat, 1281 ATTR_TIMEOUT(&outarg), attr_version); 1282 } 1283 1284 if (stat) { 1285 stat->result_mask = sx->mask & (STATX_BASIC_STATS | STATX_BTIME); 1286 stat->btime.tv_sec = sx->btime.tv_sec; 1287 stat->btime.tv_nsec = min_t(u32, sx->btime.tv_nsec, NSEC_PER_SEC - 1); 1288 fuse_fillattr(idmap, inode, &attr, stat); 1289 stat->result_mask |= STATX_TYPE; 1290 } 1291 1292 return 0; 1293 } 1294 1295 static int fuse_do_getattr(struct mnt_idmap *idmap, struct inode *inode, 1296 struct kstat *stat, struct file *file) 1297 { 1298 int err; 1299 struct fuse_getattr_in inarg; 1300 struct fuse_attr_out outarg; 1301 struct fuse_mount *fm = get_fuse_mount(inode); 1302 FUSE_ARGS(args); 1303 u64 attr_version; 1304 1305 attr_version = fuse_get_attr_version(fm->fc); 1306 1307 memset(&inarg, 0, sizeof(inarg)); 1308 memset(&outarg, 0, sizeof(outarg)); 1309 /* Directories have separate file-handle space */ 1310 if (file && S_ISREG(inode->i_mode)) { 1311 struct fuse_file *ff = file->private_data; 1312 1313 inarg.getattr_flags |= FUSE_GETATTR_FH; 1314 inarg.fh = ff->fh; 1315 } 1316 args.opcode = FUSE_GETATTR; 1317 args.nodeid = get_node_id(inode); 1318 args.in_numargs = 1; 1319 args.in_args[0].size = sizeof(inarg); 1320 args.in_args[0].value = &inarg; 1321 args.out_numargs = 1; 1322 args.out_args[0].size = sizeof(outarg); 1323 args.out_args[0].value = &outarg; 1324 err = fuse_simple_request(fm, &args); 1325 if (!err) { 1326 if (fuse_invalid_attr(&outarg.attr) || 1327 inode_wrong_type(inode, outarg.attr.mode)) { 1328 fuse_make_bad(inode); 1329 err = -EIO; 1330 } else { 1331 fuse_change_attributes(inode, &outarg.attr, NULL, 1332 ATTR_TIMEOUT(&outarg), 1333 attr_version); 1334 if (stat) 1335 fuse_fillattr(idmap, inode, &outarg.attr, stat); 1336 } 1337 } 1338 return err; 1339 } 1340 1341 static int fuse_update_get_attr(struct mnt_idmap *idmap, struct inode *inode, 1342 struct file *file, struct kstat *stat, 1343 u32 request_mask, unsigned int flags) 1344 { 1345 struct fuse_inode *fi = get_fuse_inode(inode); 1346 struct fuse_conn *fc = get_fuse_conn(inode); 1347 int err = 0; 1348 bool sync; 1349 u32 inval_mask = READ_ONCE(fi->inval_mask); 1350 u32 cache_mask = fuse_get_cache_mask(inode); 1351 1352 1353 /* FUSE only supports basic stats and possibly btime */ 1354 request_mask &= STATX_BASIC_STATS | STATX_BTIME; 1355 retry: 1356 if (fc->no_statx) 1357 request_mask &= STATX_BASIC_STATS; 1358 1359 if (!request_mask) 1360 sync = false; 1361 else if (flags & AT_STATX_FORCE_SYNC) 1362 sync = true; 1363 else if (flags & AT_STATX_DONT_SYNC) 1364 sync = false; 1365 else if (request_mask & inval_mask & ~cache_mask) 1366 sync = true; 1367 else 1368 sync = time_before64(fi->i_time, get_jiffies_64()); 1369 1370 if (sync) { 1371 forget_all_cached_acls(inode); 1372 /* Try statx if BTIME is requested */ 1373 if (!fc->no_statx && (request_mask & ~STATX_BASIC_STATS)) { 1374 err = fuse_do_statx(idmap, inode, file, stat); 1375 if (err == -ENOSYS) { 1376 fc->no_statx = 1; 1377 err = 0; 1378 goto retry; 1379 } 1380 } else { 1381 err = fuse_do_getattr(idmap, inode, stat, file); 1382 } 1383 } else if (stat) { 1384 generic_fillattr(idmap, request_mask, inode, stat); 1385 stat->mode = fi->orig_i_mode; 1386 stat->ino = fi->orig_ino; 1387 if (test_bit(FUSE_I_BTIME, &fi->state)) { 1388 stat->btime = fi->i_btime; 1389 stat->result_mask |= STATX_BTIME; 1390 } 1391 } 1392 1393 return err; 1394 } 1395 1396 int fuse_update_attributes(struct inode *inode, struct file *file, u32 mask) 1397 { 1398 return fuse_update_get_attr(&nop_mnt_idmap, inode, file, NULL, mask, 0); 1399 } 1400 1401 int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid, 1402 u64 child_nodeid, struct qstr *name, u32 flags) 1403 { 1404 int err = -ENOTDIR; 1405 struct inode *parent; 1406 struct dentry *dir; 1407 struct dentry *entry; 1408 1409 parent = fuse_ilookup(fc, parent_nodeid, NULL); 1410 if (!parent) 1411 return -ENOENT; 1412 1413 inode_lock_nested(parent, I_MUTEX_PARENT); 1414 if (!S_ISDIR(parent->i_mode)) 1415 goto unlock; 1416 1417 err = -ENOENT; 1418 dir = d_find_alias(parent); 1419 if (!dir) 1420 goto unlock; 1421 1422 name->hash = full_name_hash(dir, name->name, name->len); 1423 entry = d_lookup(dir, name); 1424 dput(dir); 1425 if (!entry) 1426 goto unlock; 1427 1428 fuse_dir_changed(parent); 1429 if (!(flags & FUSE_EXPIRE_ONLY)) 1430 d_invalidate(entry); 1431 fuse_invalidate_entry_cache(entry); 1432 1433 if (child_nodeid != 0 && d_really_is_positive(entry)) { 1434 inode_lock(d_inode(entry)); 1435 if (get_node_id(d_inode(entry)) != child_nodeid) { 1436 err = -ENOENT; 1437 goto badentry; 1438 } 1439 if (d_mountpoint(entry)) { 1440 err = -EBUSY; 1441 goto badentry; 1442 } 1443 if (d_is_dir(entry)) { 1444 shrink_dcache_parent(entry); 1445 if (!simple_empty(entry)) { 1446 err = -ENOTEMPTY; 1447 goto badentry; 1448 } 1449 d_inode(entry)->i_flags |= S_DEAD; 1450 } 1451 dont_mount(entry); 1452 clear_nlink(d_inode(entry)); 1453 err = 0; 1454 badentry: 1455 inode_unlock(d_inode(entry)); 1456 if (!err) 1457 d_delete(entry); 1458 } else { 1459 err = 0; 1460 } 1461 dput(entry); 1462 1463 unlock: 1464 inode_unlock(parent); 1465 iput(parent); 1466 return err; 1467 } 1468 1469 static inline bool fuse_permissible_uidgid(struct fuse_conn *fc) 1470 { 1471 const struct cred *cred = current_cred(); 1472 1473 return (uid_eq(cred->euid, fc->user_id) && 1474 uid_eq(cred->suid, fc->user_id) && 1475 uid_eq(cred->uid, fc->user_id) && 1476 gid_eq(cred->egid, fc->group_id) && 1477 gid_eq(cred->sgid, fc->group_id) && 1478 gid_eq(cred->gid, fc->group_id)); 1479 } 1480 1481 /* 1482 * Calling into a user-controlled filesystem gives the filesystem 1483 * daemon ptrace-like capabilities over the current process. This 1484 * means, that the filesystem daemon is able to record the exact 1485 * filesystem operations performed, and can also control the behavior 1486 * of the requester process in otherwise impossible ways. For example 1487 * it can delay the operation for arbitrary length of time allowing 1488 * DoS against the requester. 1489 * 1490 * For this reason only those processes can call into the filesystem, 1491 * for which the owner of the mount has ptrace privilege. This 1492 * excludes processes started by other users, suid or sgid processes. 1493 */ 1494 bool fuse_allow_current_process(struct fuse_conn *fc) 1495 { 1496 bool allow; 1497 1498 if (fc->allow_other) 1499 allow = current_in_userns(fc->user_ns); 1500 else 1501 allow = fuse_permissible_uidgid(fc); 1502 1503 if (!allow && allow_sys_admin_access && capable(CAP_SYS_ADMIN)) 1504 allow = true; 1505 1506 return allow; 1507 } 1508 1509 static int fuse_access(struct inode *inode, int mask) 1510 { 1511 struct fuse_mount *fm = get_fuse_mount(inode); 1512 FUSE_ARGS(args); 1513 struct fuse_access_in inarg; 1514 int err; 1515 1516 BUG_ON(mask & MAY_NOT_BLOCK); 1517 1518 /* 1519 * We should not send FUSE_ACCESS to the userspace 1520 * when idmapped mounts are enabled as for this case 1521 * we have fc->default_permissions = 1 and access 1522 * permission checks are done on the kernel side. 1523 */ 1524 WARN_ON_ONCE(!(fm->sb->s_iflags & SB_I_NOIDMAP)); 1525 1526 if (fm->fc->no_access) 1527 return 0; 1528 1529 memset(&inarg, 0, sizeof(inarg)); 1530 inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC); 1531 args.opcode = FUSE_ACCESS; 1532 args.nodeid = get_node_id(inode); 1533 args.in_numargs = 1; 1534 args.in_args[0].size = sizeof(inarg); 1535 args.in_args[0].value = &inarg; 1536 err = fuse_simple_request(fm, &args); 1537 if (err == -ENOSYS) { 1538 fm->fc->no_access = 1; 1539 err = 0; 1540 } 1541 return err; 1542 } 1543 1544 static int fuse_perm_getattr(struct inode *inode, int mask) 1545 { 1546 if (mask & MAY_NOT_BLOCK) 1547 return -ECHILD; 1548 1549 forget_all_cached_acls(inode); 1550 return fuse_do_getattr(&nop_mnt_idmap, inode, NULL, NULL); 1551 } 1552 1553 /* 1554 * Check permission. The two basic access models of FUSE are: 1555 * 1556 * 1) Local access checking ('default_permissions' mount option) based 1557 * on file mode. This is the plain old disk filesystem permission 1558 * model. 1559 * 1560 * 2) "Remote" access checking, where server is responsible for 1561 * checking permission in each inode operation. An exception to this 1562 * is if ->permission() was invoked from sys_access() in which case an 1563 * access request is sent. Execute permission is still checked 1564 * locally based on file mode. 1565 */ 1566 static int fuse_permission(struct mnt_idmap *idmap, 1567 struct inode *inode, int mask) 1568 { 1569 struct fuse_conn *fc = get_fuse_conn(inode); 1570 bool refreshed = false; 1571 int err = 0; 1572 1573 if (fuse_is_bad(inode)) 1574 return -EIO; 1575 1576 if (!fuse_allow_current_process(fc)) 1577 return -EACCES; 1578 1579 /* 1580 * If attributes are needed, refresh them before proceeding 1581 */ 1582 if (fc->default_permissions || 1583 ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) { 1584 struct fuse_inode *fi = get_fuse_inode(inode); 1585 u32 perm_mask = STATX_MODE | STATX_UID | STATX_GID; 1586 1587 if (perm_mask & READ_ONCE(fi->inval_mask) || 1588 time_before64(fi->i_time, get_jiffies_64())) { 1589 refreshed = true; 1590 1591 err = fuse_perm_getattr(inode, mask); 1592 if (err) 1593 return err; 1594 } 1595 } 1596 1597 if (fc->default_permissions) { 1598 err = generic_permission(idmap, inode, mask); 1599 1600 /* If permission is denied, try to refresh file 1601 attributes. This is also needed, because the root 1602 node will at first have no permissions */ 1603 if (err == -EACCES && !refreshed) { 1604 err = fuse_perm_getattr(inode, mask); 1605 if (!err) 1606 err = generic_permission(idmap, 1607 inode, mask); 1608 } 1609 1610 /* Note: the opposite of the above test does not 1611 exist. So if permissions are revoked this won't be 1612 noticed immediately, only after the attribute 1613 timeout has expired */ 1614 } else if (mask & (MAY_ACCESS | MAY_CHDIR)) { 1615 err = fuse_access(inode, mask); 1616 } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) { 1617 if (!(inode->i_mode & S_IXUGO)) { 1618 if (refreshed) 1619 return -EACCES; 1620 1621 err = fuse_perm_getattr(inode, mask); 1622 if (!err && !(inode->i_mode & S_IXUGO)) 1623 return -EACCES; 1624 } 1625 } 1626 return err; 1627 } 1628 1629 static int fuse_readlink_folio(struct inode *inode, struct folio *folio) 1630 { 1631 struct fuse_mount *fm = get_fuse_mount(inode); 1632 struct fuse_folio_desc desc = { .length = folio_size(folio) - 1 }; 1633 struct fuse_args_pages ap = { 1634 .num_folios = 1, 1635 .folios = &folio, 1636 .descs = &desc, 1637 }; 1638 char *link; 1639 ssize_t res; 1640 1641 ap.args.opcode = FUSE_READLINK; 1642 ap.args.nodeid = get_node_id(inode); 1643 ap.args.out_pages = true; 1644 ap.args.out_argvar = true; 1645 ap.args.page_zeroing = true; 1646 ap.args.out_numargs = 1; 1647 ap.args.out_args[0].size = desc.length; 1648 res = fuse_simple_request(fm, &ap.args); 1649 1650 fuse_invalidate_atime(inode); 1651 1652 if (res < 0) 1653 return res; 1654 1655 if (WARN_ON(res >= PAGE_SIZE)) 1656 return -EIO; 1657 1658 link = folio_address(folio); 1659 link[res] = '\0'; 1660 1661 return 0; 1662 } 1663 1664 static const char *fuse_get_link(struct dentry *dentry, struct inode *inode, 1665 struct delayed_call *callback) 1666 { 1667 struct fuse_conn *fc = get_fuse_conn(inode); 1668 struct folio *folio; 1669 int err; 1670 1671 err = -EIO; 1672 if (fuse_is_bad(inode)) 1673 goto out_err; 1674 1675 if (fc->cache_symlinks) 1676 return page_get_link_raw(dentry, inode, callback); 1677 1678 err = -ECHILD; 1679 if (!dentry) 1680 goto out_err; 1681 1682 folio = folio_alloc(GFP_KERNEL, 0); 1683 err = -ENOMEM; 1684 if (!folio) 1685 goto out_err; 1686 1687 err = fuse_readlink_folio(inode, folio); 1688 if (err) { 1689 folio_put(folio); 1690 goto out_err; 1691 } 1692 1693 set_delayed_call(callback, page_put_link, folio); 1694 1695 return folio_address(folio); 1696 1697 out_err: 1698 return ERR_PTR(err); 1699 } 1700 1701 static int fuse_dir_open(struct inode *inode, struct file *file) 1702 { 1703 struct fuse_mount *fm = get_fuse_mount(inode); 1704 int err; 1705 1706 if (fuse_is_bad(inode)) 1707 return -EIO; 1708 1709 err = generic_file_open(inode, file); 1710 if (err) 1711 return err; 1712 1713 err = fuse_do_open(fm, get_node_id(inode), file, true); 1714 if (!err) { 1715 struct fuse_file *ff = file->private_data; 1716 1717 /* 1718 * Keep handling FOPEN_STREAM and FOPEN_NONSEEKABLE for 1719 * directories for backward compatibility, though it's unlikely 1720 * to be useful. 1721 */ 1722 if (ff->open_flags & (FOPEN_STREAM | FOPEN_NONSEEKABLE)) 1723 nonseekable_open(inode, file); 1724 if (!(ff->open_flags & FOPEN_KEEP_CACHE)) 1725 invalidate_inode_pages2(inode->i_mapping); 1726 } 1727 1728 return err; 1729 } 1730 1731 static int fuse_dir_release(struct inode *inode, struct file *file) 1732 { 1733 fuse_release_common(file, true); 1734 1735 return 0; 1736 } 1737 1738 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end, 1739 int datasync) 1740 { 1741 struct inode *inode = file->f_mapping->host; 1742 struct fuse_conn *fc = get_fuse_conn(inode); 1743 int err; 1744 1745 if (fuse_is_bad(inode)) 1746 return -EIO; 1747 1748 if (fc->no_fsyncdir) 1749 return 0; 1750 1751 inode_lock(inode); 1752 err = fuse_fsync_common(file, start, end, datasync, FUSE_FSYNCDIR); 1753 if (err == -ENOSYS) { 1754 fc->no_fsyncdir = 1; 1755 err = 0; 1756 } 1757 inode_unlock(inode); 1758 1759 return err; 1760 } 1761 1762 static long fuse_dir_ioctl(struct file *file, unsigned int cmd, 1763 unsigned long arg) 1764 { 1765 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host); 1766 1767 /* FUSE_IOCTL_DIR only supported for API version >= 7.18 */ 1768 if (fc->minor < 18) 1769 return -ENOTTY; 1770 1771 return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR); 1772 } 1773 1774 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd, 1775 unsigned long arg) 1776 { 1777 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host); 1778 1779 if (fc->minor < 18) 1780 return -ENOTTY; 1781 1782 return fuse_ioctl_common(file, cmd, arg, 1783 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR); 1784 } 1785 1786 static bool update_mtime(unsigned ivalid, bool trust_local_mtime) 1787 { 1788 /* Always update if mtime is explicitly set */ 1789 if (ivalid & ATTR_MTIME_SET) 1790 return true; 1791 1792 /* Or if kernel i_mtime is the official one */ 1793 if (trust_local_mtime) 1794 return true; 1795 1796 /* If it's an open(O_TRUNC) or an ftruncate(), don't update */ 1797 if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE))) 1798 return false; 1799 1800 /* In all other cases update */ 1801 return true; 1802 } 1803 1804 static void iattr_to_fattr(struct mnt_idmap *idmap, struct fuse_conn *fc, 1805 struct iattr *iattr, struct fuse_setattr_in *arg, 1806 bool trust_local_cmtime) 1807 { 1808 unsigned ivalid = iattr->ia_valid; 1809 1810 if (ivalid & ATTR_MODE) 1811 arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode; 1812 1813 if (ivalid & ATTR_UID) { 1814 kuid_t fsuid = from_vfsuid(idmap, fc->user_ns, iattr->ia_vfsuid); 1815 1816 arg->valid |= FATTR_UID; 1817 arg->uid = from_kuid(fc->user_ns, fsuid); 1818 } 1819 1820 if (ivalid & ATTR_GID) { 1821 kgid_t fsgid = from_vfsgid(idmap, fc->user_ns, iattr->ia_vfsgid); 1822 1823 arg->valid |= FATTR_GID; 1824 arg->gid = from_kgid(fc->user_ns, fsgid); 1825 } 1826 1827 if (ivalid & ATTR_SIZE) 1828 arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size; 1829 if (ivalid & ATTR_ATIME) { 1830 arg->valid |= FATTR_ATIME; 1831 arg->atime = iattr->ia_atime.tv_sec; 1832 arg->atimensec = iattr->ia_atime.tv_nsec; 1833 if (!(ivalid & ATTR_ATIME_SET)) 1834 arg->valid |= FATTR_ATIME_NOW; 1835 } 1836 if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) { 1837 arg->valid |= FATTR_MTIME; 1838 arg->mtime = iattr->ia_mtime.tv_sec; 1839 arg->mtimensec = iattr->ia_mtime.tv_nsec; 1840 if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime) 1841 arg->valid |= FATTR_MTIME_NOW; 1842 } 1843 if ((ivalid & ATTR_CTIME) && trust_local_cmtime) { 1844 arg->valid |= FATTR_CTIME; 1845 arg->ctime = iattr->ia_ctime.tv_sec; 1846 arg->ctimensec = iattr->ia_ctime.tv_nsec; 1847 } 1848 } 1849 1850 /* 1851 * Prevent concurrent writepages on inode 1852 * 1853 * This is done by adding a negative bias to the inode write counter 1854 * and waiting for all pending writes to finish. 1855 */ 1856 void fuse_set_nowrite(struct inode *inode) 1857 { 1858 struct fuse_inode *fi = get_fuse_inode(inode); 1859 1860 BUG_ON(!inode_is_locked(inode)); 1861 1862 spin_lock(&fi->lock); 1863 BUG_ON(fi->writectr < 0); 1864 fi->writectr += FUSE_NOWRITE; 1865 spin_unlock(&fi->lock); 1866 wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE); 1867 } 1868 1869 /* 1870 * Allow writepages on inode 1871 * 1872 * Remove the bias from the writecounter and send any queued 1873 * writepages. 1874 */ 1875 static void __fuse_release_nowrite(struct inode *inode) 1876 { 1877 struct fuse_inode *fi = get_fuse_inode(inode); 1878 1879 BUG_ON(fi->writectr != FUSE_NOWRITE); 1880 fi->writectr = 0; 1881 fuse_flush_writepages(inode); 1882 } 1883 1884 void fuse_release_nowrite(struct inode *inode) 1885 { 1886 struct fuse_inode *fi = get_fuse_inode(inode); 1887 1888 spin_lock(&fi->lock); 1889 __fuse_release_nowrite(inode); 1890 spin_unlock(&fi->lock); 1891 } 1892 1893 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args, 1894 struct inode *inode, 1895 struct fuse_setattr_in *inarg_p, 1896 struct fuse_attr_out *outarg_p) 1897 { 1898 args->opcode = FUSE_SETATTR; 1899 args->nodeid = get_node_id(inode); 1900 args->in_numargs = 1; 1901 args->in_args[0].size = sizeof(*inarg_p); 1902 args->in_args[0].value = inarg_p; 1903 args->out_numargs = 1; 1904 args->out_args[0].size = sizeof(*outarg_p); 1905 args->out_args[0].value = outarg_p; 1906 } 1907 1908 /* 1909 * Flush inode->i_mtime to the server 1910 */ 1911 int fuse_flush_times(struct inode *inode, struct fuse_file *ff) 1912 { 1913 struct fuse_mount *fm = get_fuse_mount(inode); 1914 FUSE_ARGS(args); 1915 struct fuse_setattr_in inarg; 1916 struct fuse_attr_out outarg; 1917 1918 memset(&inarg, 0, sizeof(inarg)); 1919 memset(&outarg, 0, sizeof(outarg)); 1920 1921 inarg.valid = FATTR_MTIME; 1922 inarg.mtime = inode_get_mtime_sec(inode); 1923 inarg.mtimensec = inode_get_mtime_nsec(inode); 1924 if (fm->fc->minor >= 23) { 1925 inarg.valid |= FATTR_CTIME; 1926 inarg.ctime = inode_get_ctime_sec(inode); 1927 inarg.ctimensec = inode_get_ctime_nsec(inode); 1928 } 1929 if (ff) { 1930 inarg.valid |= FATTR_FH; 1931 inarg.fh = ff->fh; 1932 } 1933 fuse_setattr_fill(fm->fc, &args, inode, &inarg, &outarg); 1934 1935 return fuse_simple_request(fm, &args); 1936 } 1937 1938 /* 1939 * Set attributes, and at the same time refresh them. 1940 * 1941 * Truncation is slightly complicated, because the 'truncate' request 1942 * may fail, in which case we don't want to touch the mapping. 1943 * vmtruncate() doesn't allow for this case, so do the rlimit checking 1944 * and the actual truncation by hand. 1945 */ 1946 int fuse_do_setattr(struct mnt_idmap *idmap, struct dentry *dentry, 1947 struct iattr *attr, struct file *file) 1948 { 1949 struct inode *inode = d_inode(dentry); 1950 struct fuse_mount *fm = get_fuse_mount(inode); 1951 struct fuse_conn *fc = fm->fc; 1952 struct fuse_inode *fi = get_fuse_inode(inode); 1953 struct address_space *mapping = inode->i_mapping; 1954 FUSE_ARGS(args); 1955 struct fuse_setattr_in inarg; 1956 struct fuse_attr_out outarg; 1957 bool is_truncate = false; 1958 bool is_wb = fc->writeback_cache && S_ISREG(inode->i_mode); 1959 loff_t oldsize; 1960 int err; 1961 bool trust_local_cmtime = is_wb; 1962 bool fault_blocked = false; 1963 u64 attr_version; 1964 1965 if (!fc->default_permissions) 1966 attr->ia_valid |= ATTR_FORCE; 1967 1968 err = setattr_prepare(idmap, dentry, attr); 1969 if (err) 1970 return err; 1971 1972 if (attr->ia_valid & ATTR_SIZE) { 1973 if (WARN_ON(!S_ISREG(inode->i_mode))) 1974 return -EIO; 1975 is_truncate = true; 1976 } 1977 1978 if (FUSE_IS_DAX(inode) && is_truncate) { 1979 filemap_invalidate_lock(mapping); 1980 fault_blocked = true; 1981 err = fuse_dax_break_layouts(inode, 0, -1); 1982 if (err) { 1983 filemap_invalidate_unlock(mapping); 1984 return err; 1985 } 1986 } 1987 1988 if (attr->ia_valid & ATTR_OPEN) { 1989 /* This is coming from open(..., ... | O_TRUNC); */ 1990 WARN_ON(!(attr->ia_valid & ATTR_SIZE)); 1991 WARN_ON(attr->ia_size != 0); 1992 if (fc->atomic_o_trunc) { 1993 /* 1994 * No need to send request to userspace, since actual 1995 * truncation has already been done by OPEN. But still 1996 * need to truncate page cache. 1997 */ 1998 i_size_write(inode, 0); 1999 truncate_pagecache(inode, 0); 2000 goto out; 2001 } 2002 file = NULL; 2003 } 2004 2005 /* Flush dirty data/metadata before non-truncate SETATTR */ 2006 if (is_wb && 2007 attr->ia_valid & 2008 (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET | 2009 ATTR_TIMES_SET)) { 2010 err = write_inode_now(inode, true); 2011 if (err) 2012 return err; 2013 2014 fuse_set_nowrite(inode); 2015 fuse_release_nowrite(inode); 2016 } 2017 2018 if (is_truncate) { 2019 fuse_set_nowrite(inode); 2020 set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); 2021 if (trust_local_cmtime && attr->ia_size != inode->i_size) 2022 attr->ia_valid |= ATTR_MTIME | ATTR_CTIME; 2023 } 2024 2025 memset(&inarg, 0, sizeof(inarg)); 2026 memset(&outarg, 0, sizeof(outarg)); 2027 iattr_to_fattr(idmap, fc, attr, &inarg, trust_local_cmtime); 2028 if (file) { 2029 struct fuse_file *ff = file->private_data; 2030 inarg.valid |= FATTR_FH; 2031 inarg.fh = ff->fh; 2032 } 2033 2034 /* Kill suid/sgid for non-directory chown unconditionally */ 2035 if (fc->handle_killpriv_v2 && !S_ISDIR(inode->i_mode) && 2036 attr->ia_valid & (ATTR_UID | ATTR_GID)) 2037 inarg.valid |= FATTR_KILL_SUIDGID; 2038 2039 if (attr->ia_valid & ATTR_SIZE) { 2040 /* For mandatory locking in truncate */ 2041 inarg.valid |= FATTR_LOCKOWNER; 2042 inarg.lock_owner = fuse_lock_owner_id(fc, current->files); 2043 2044 /* Kill suid/sgid for truncate only if no CAP_FSETID */ 2045 if (fc->handle_killpriv_v2 && !capable(CAP_FSETID)) 2046 inarg.valid |= FATTR_KILL_SUIDGID; 2047 } 2048 2049 attr_version = fuse_get_attr_version(fm->fc); 2050 fuse_setattr_fill(fc, &args, inode, &inarg, &outarg); 2051 err = fuse_simple_request(fm, &args); 2052 if (err) { 2053 if (err == -EINTR) 2054 fuse_invalidate_attr(inode); 2055 goto error; 2056 } 2057 2058 if (fuse_invalid_attr(&outarg.attr) || 2059 inode_wrong_type(inode, outarg.attr.mode)) { 2060 fuse_make_bad(inode); 2061 err = -EIO; 2062 goto error; 2063 } 2064 2065 spin_lock(&fi->lock); 2066 /* the kernel maintains i_mtime locally */ 2067 if (trust_local_cmtime) { 2068 if (attr->ia_valid & ATTR_MTIME) 2069 inode_set_mtime_to_ts(inode, attr->ia_mtime); 2070 if (attr->ia_valid & ATTR_CTIME) 2071 inode_set_ctime_to_ts(inode, attr->ia_ctime); 2072 /* FIXME: clear I_DIRTY_SYNC? */ 2073 } 2074 2075 if (fi->attr_version > attr_version) { 2076 /* 2077 * Apply attributes, for example for fsnotify_change(), but set 2078 * attribute timeout to zero. 2079 */ 2080 outarg.attr_valid = outarg.attr_valid_nsec = 0; 2081 } 2082 2083 fuse_change_attributes_common(inode, &outarg.attr, NULL, 2084 ATTR_TIMEOUT(&outarg), 2085 fuse_get_cache_mask(inode), 0); 2086 oldsize = inode->i_size; 2087 /* see the comment in fuse_change_attributes() */ 2088 if (!is_wb || is_truncate) 2089 i_size_write(inode, outarg.attr.size); 2090 2091 if (is_truncate) { 2092 /* NOTE: this may release/reacquire fi->lock */ 2093 __fuse_release_nowrite(inode); 2094 } 2095 spin_unlock(&fi->lock); 2096 2097 /* 2098 * Only call invalidate_inode_pages2() after removing 2099 * FUSE_NOWRITE, otherwise fuse_launder_folio() would deadlock. 2100 */ 2101 if ((is_truncate || !is_wb) && 2102 S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) { 2103 truncate_pagecache(inode, outarg.attr.size); 2104 invalidate_inode_pages2(mapping); 2105 } 2106 2107 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); 2108 out: 2109 if (fault_blocked) 2110 filemap_invalidate_unlock(mapping); 2111 2112 return 0; 2113 2114 error: 2115 if (is_truncate) 2116 fuse_release_nowrite(inode); 2117 2118 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); 2119 2120 if (fault_blocked) 2121 filemap_invalidate_unlock(mapping); 2122 return err; 2123 } 2124 2125 static int fuse_setattr(struct mnt_idmap *idmap, struct dentry *entry, 2126 struct iattr *attr) 2127 { 2128 struct inode *inode = d_inode(entry); 2129 struct fuse_conn *fc = get_fuse_conn(inode); 2130 struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL; 2131 int ret; 2132 2133 if (fuse_is_bad(inode)) 2134 return -EIO; 2135 2136 if (!fuse_allow_current_process(get_fuse_conn(inode))) 2137 return -EACCES; 2138 2139 if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) { 2140 attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | 2141 ATTR_MODE); 2142 2143 /* 2144 * The only sane way to reliably kill suid/sgid is to do it in 2145 * the userspace filesystem 2146 * 2147 * This should be done on write(), truncate() and chown(). 2148 */ 2149 if (!fc->handle_killpriv && !fc->handle_killpriv_v2) { 2150 /* 2151 * ia_mode calculation may have used stale i_mode. 2152 * Refresh and recalculate. 2153 */ 2154 ret = fuse_do_getattr(idmap, inode, NULL, file); 2155 if (ret) 2156 return ret; 2157 2158 attr->ia_mode = inode->i_mode; 2159 if (inode->i_mode & S_ISUID) { 2160 attr->ia_valid |= ATTR_MODE; 2161 attr->ia_mode &= ~S_ISUID; 2162 } 2163 if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { 2164 attr->ia_valid |= ATTR_MODE; 2165 attr->ia_mode &= ~S_ISGID; 2166 } 2167 } 2168 } 2169 if (!attr->ia_valid) 2170 return 0; 2171 2172 ret = fuse_do_setattr(idmap, entry, attr, file); 2173 if (!ret) { 2174 /* 2175 * If filesystem supports acls it may have updated acl xattrs in 2176 * the filesystem, so forget cached acls for the inode. 2177 */ 2178 if (fc->posix_acl) 2179 forget_all_cached_acls(inode); 2180 2181 /* Directory mode changed, may need to revalidate access */ 2182 if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE)) 2183 fuse_invalidate_entry_cache(entry); 2184 } 2185 return ret; 2186 } 2187 2188 static int fuse_getattr(struct mnt_idmap *idmap, 2189 const struct path *path, struct kstat *stat, 2190 u32 request_mask, unsigned int flags) 2191 { 2192 struct inode *inode = d_inode(path->dentry); 2193 struct fuse_conn *fc = get_fuse_conn(inode); 2194 2195 if (fuse_is_bad(inode)) 2196 return -EIO; 2197 2198 if (!fuse_allow_current_process(fc)) { 2199 if (!request_mask) { 2200 /* 2201 * If user explicitly requested *nothing* then don't 2202 * error out, but return st_dev only. 2203 */ 2204 stat->result_mask = 0; 2205 stat->dev = inode->i_sb->s_dev; 2206 return 0; 2207 } 2208 return -EACCES; 2209 } 2210 2211 return fuse_update_get_attr(idmap, inode, NULL, stat, request_mask, flags); 2212 } 2213 2214 static const struct inode_operations fuse_dir_inode_operations = { 2215 .lookup = fuse_lookup, 2216 .mkdir = fuse_mkdir, 2217 .symlink = fuse_symlink, 2218 .unlink = fuse_unlink, 2219 .rmdir = fuse_rmdir, 2220 .rename = fuse_rename2, 2221 .link = fuse_link, 2222 .setattr = fuse_setattr, 2223 .create = fuse_create, 2224 .atomic_open = fuse_atomic_open, 2225 .tmpfile = fuse_tmpfile, 2226 .mknod = fuse_mknod, 2227 .permission = fuse_permission, 2228 .getattr = fuse_getattr, 2229 .listxattr = fuse_listxattr, 2230 .get_inode_acl = fuse_get_inode_acl, 2231 .get_acl = fuse_get_acl, 2232 .set_acl = fuse_set_acl, 2233 .fileattr_get = fuse_fileattr_get, 2234 .fileattr_set = fuse_fileattr_set, 2235 }; 2236 2237 static const struct file_operations fuse_dir_operations = { 2238 .llseek = generic_file_llseek, 2239 .read = generic_read_dir, 2240 .iterate_shared = fuse_readdir, 2241 .open = fuse_dir_open, 2242 .release = fuse_dir_release, 2243 .fsync = fuse_dir_fsync, 2244 .unlocked_ioctl = fuse_dir_ioctl, 2245 .compat_ioctl = fuse_dir_compat_ioctl, 2246 }; 2247 2248 static const struct inode_operations fuse_common_inode_operations = { 2249 .setattr = fuse_setattr, 2250 .permission = fuse_permission, 2251 .getattr = fuse_getattr, 2252 .listxattr = fuse_listxattr, 2253 .get_inode_acl = fuse_get_inode_acl, 2254 .get_acl = fuse_get_acl, 2255 .set_acl = fuse_set_acl, 2256 .fileattr_get = fuse_fileattr_get, 2257 .fileattr_set = fuse_fileattr_set, 2258 }; 2259 2260 static const struct inode_operations fuse_symlink_inode_operations = { 2261 .setattr = fuse_setattr, 2262 .get_link = fuse_get_link, 2263 .getattr = fuse_getattr, 2264 .listxattr = fuse_listxattr, 2265 }; 2266 2267 void fuse_init_common(struct inode *inode) 2268 { 2269 inode->i_op = &fuse_common_inode_operations; 2270 } 2271 2272 void fuse_init_dir(struct inode *inode) 2273 { 2274 struct fuse_inode *fi = get_fuse_inode(inode); 2275 2276 inode->i_op = &fuse_dir_inode_operations; 2277 inode->i_fop = &fuse_dir_operations; 2278 2279 spin_lock_init(&fi->rdc.lock); 2280 fi->rdc.cached = false; 2281 fi->rdc.size = 0; 2282 fi->rdc.pos = 0; 2283 fi->rdc.version = 0; 2284 } 2285 2286 static int fuse_symlink_read_folio(struct file *null, struct folio *folio) 2287 { 2288 int err = fuse_readlink_folio(folio->mapping->host, folio); 2289 2290 if (!err) 2291 folio_mark_uptodate(folio); 2292 2293 folio_unlock(folio); 2294 2295 return err; 2296 } 2297 2298 static const struct address_space_operations fuse_symlink_aops = { 2299 .read_folio = fuse_symlink_read_folio, 2300 }; 2301 2302 void fuse_init_symlink(struct inode *inode) 2303 { 2304 inode->i_op = &fuse_symlink_inode_operations; 2305 inode->i_data.a_ops = &fuse_symlink_aops; 2306 inode_nohighmem(inode); 2307 } 2308