1 /*
2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu>
4
5 This program can be distributed under the terms of the GNU GPL.
6 See the file COPYING.
7 */
8
9 #include "fuse_i.h"
10
11 #include <linux/pagemap.h>
12 #include <linux/file.h>
13 #include <linux/fs_context.h>
14 #include <linux/moduleparam.h>
15 #include <linux/sched.h>
16 #include <linux/namei.h>
17 #include <linux/slab.h>
18 #include <linux/xattr.h>
19 #include <linux/iversion.h>
20 #include <linux/posix_acl.h>
21 #include <linux/security.h>
22 #include <linux/types.h>
23 #include <linux/kernel.h>
24
25 static bool __read_mostly allow_sys_admin_access;
26 module_param(allow_sys_admin_access, bool, 0644);
27 MODULE_PARM_DESC(allow_sys_admin_access,
28 "Allow users with CAP_SYS_ADMIN in initial userns to bypass allow_other access check");
29
fuse_advise_use_readdirplus(struct inode * dir)30 static void fuse_advise_use_readdirplus(struct inode *dir)
31 {
32 struct fuse_inode *fi = get_fuse_inode(dir);
33
34 set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state);
35 }
36
37 #if BITS_PER_LONG >= 64
__fuse_dentry_settime(struct dentry * entry,u64 time)38 static inline void __fuse_dentry_settime(struct dentry *entry, u64 time)
39 {
40 entry->d_fsdata = (void *) time;
41 }
42
fuse_dentry_time(const struct dentry * entry)43 static inline u64 fuse_dentry_time(const struct dentry *entry)
44 {
45 return (u64)entry->d_fsdata;
46 }
47
48 #else
49 union fuse_dentry {
50 u64 time;
51 struct rcu_head rcu;
52 };
53
__fuse_dentry_settime(struct dentry * dentry,u64 time)54 static inline void __fuse_dentry_settime(struct dentry *dentry, u64 time)
55 {
56 ((union fuse_dentry *) dentry->d_fsdata)->time = time;
57 }
58
fuse_dentry_time(const struct dentry * entry)59 static inline u64 fuse_dentry_time(const struct dentry *entry)
60 {
61 return ((union fuse_dentry *) entry->d_fsdata)->time;
62 }
63 #endif
64
fuse_dentry_settime(struct dentry * dentry,u64 time)65 static void fuse_dentry_settime(struct dentry *dentry, u64 time)
66 {
67 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
68 bool delete = !time && fc->delete_stale;
69 /*
70 * Mess with DCACHE_OP_DELETE because dput() will be faster without it.
71 * Don't care about races, either way it's just an optimization
72 */
73 if ((!delete && (dentry->d_flags & DCACHE_OP_DELETE)) ||
74 (delete && !(dentry->d_flags & DCACHE_OP_DELETE))) {
75 spin_lock(&dentry->d_lock);
76 if (!delete)
77 dentry->d_flags &= ~DCACHE_OP_DELETE;
78 else
79 dentry->d_flags |= DCACHE_OP_DELETE;
80 spin_unlock(&dentry->d_lock);
81 }
82
83 __fuse_dentry_settime(dentry, time);
84 }
85
86 /*
87 * FUSE caches dentries and attributes with separate timeout. The
88 * time in jiffies until the dentry/attributes are valid is stored in
89 * dentry->d_fsdata and fuse_inode->i_time respectively.
90 */
91
92 /*
93 * Calculate the time in jiffies until a dentry/attributes are valid
94 */
fuse_time_to_jiffies(u64 sec,u32 nsec)95 u64 fuse_time_to_jiffies(u64 sec, u32 nsec)
96 {
97 if (sec || nsec) {
98 struct timespec64 ts = {
99 sec,
100 min_t(u32, nsec, NSEC_PER_SEC - 1)
101 };
102
103 return get_jiffies_64() + timespec64_to_jiffies(&ts);
104 } else
105 return 0;
106 }
107
108 /*
109 * Set dentry and possibly attribute timeouts from the lookup/mk*
110 * replies
111 */
fuse_change_entry_timeout(struct dentry * entry,struct fuse_entry_out * o)112 void fuse_change_entry_timeout(struct dentry *entry, struct fuse_entry_out *o)
113 {
114 fuse_dentry_settime(entry,
115 fuse_time_to_jiffies(o->entry_valid, o->entry_valid_nsec));
116 }
117
fuse_invalidate_attr_mask(struct inode * inode,u32 mask)118 void fuse_invalidate_attr_mask(struct inode *inode, u32 mask)
119 {
120 set_mask_bits(&get_fuse_inode(inode)->inval_mask, 0, mask);
121 }
122
123 /*
124 * Mark the attributes as stale, so that at the next call to
125 * ->getattr() they will be fetched from userspace
126 */
fuse_invalidate_attr(struct inode * inode)127 void fuse_invalidate_attr(struct inode *inode)
128 {
129 fuse_invalidate_attr_mask(inode, STATX_BASIC_STATS);
130 }
131
fuse_dir_changed(struct inode * dir)132 static void fuse_dir_changed(struct inode *dir)
133 {
134 fuse_invalidate_attr(dir);
135 inode_maybe_inc_iversion(dir, false);
136 }
137
138 /*
139 * Mark the attributes as stale due to an atime change. Avoid the invalidate if
140 * atime is not used.
141 */
fuse_invalidate_atime(struct inode * inode)142 void fuse_invalidate_atime(struct inode *inode)
143 {
144 if (!IS_RDONLY(inode))
145 fuse_invalidate_attr_mask(inode, STATX_ATIME);
146 }
147
148 /*
149 * Just mark the entry as stale, so that a next attempt to look it up
150 * will result in a new lookup call to userspace
151 *
152 * This is called when a dentry is about to become negative and the
153 * timeout is unknown (unlink, rmdir, rename and in some cases
154 * lookup)
155 */
fuse_invalidate_entry_cache(struct dentry * entry)156 void fuse_invalidate_entry_cache(struct dentry *entry)
157 {
158 fuse_dentry_settime(entry, 0);
159 }
160
161 /*
162 * Same as fuse_invalidate_entry_cache(), but also try to remove the
163 * dentry from the hash
164 */
fuse_invalidate_entry(struct dentry * entry)165 static void fuse_invalidate_entry(struct dentry *entry)
166 {
167 d_invalidate(entry);
168 fuse_invalidate_entry_cache(entry);
169 }
170
fuse_lookup_init(struct fuse_conn * fc,struct fuse_args * args,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg)171 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args,
172 u64 nodeid, const struct qstr *name,
173 struct fuse_entry_out *outarg)
174 {
175 memset(outarg, 0, sizeof(struct fuse_entry_out));
176 args->opcode = FUSE_LOOKUP;
177 args->nodeid = nodeid;
178 args->in_numargs = 1;
179 args->in_args[0].size = name->len + 1;
180 args->in_args[0].value = name->name;
181 args->out_numargs = 1;
182 args->out_args[0].size = sizeof(struct fuse_entry_out);
183 args->out_args[0].value = outarg;
184 }
185
186 /*
187 * Check whether the dentry is still valid
188 *
189 * If the entry validity timeout has expired and the dentry is
190 * positive, try to redo the lookup. If the lookup results in a
191 * different inode, then let the VFS invalidate the dentry and redo
192 * the lookup once more. If the lookup results in the same inode,
193 * then refresh the attributes, timeouts and mark the dentry valid.
194 */
fuse_dentry_revalidate(struct dentry * entry,unsigned int flags)195 static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags)
196 {
197 struct inode *inode;
198 struct dentry *parent;
199 struct fuse_mount *fm;
200 struct fuse_inode *fi;
201 int ret;
202
203 inode = d_inode_rcu(entry);
204 if (inode && fuse_is_bad(inode))
205 goto invalid;
206 else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||
207 (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) {
208 struct fuse_entry_out outarg;
209 FUSE_ARGS(args);
210 struct fuse_forget_link *forget;
211 u64 attr_version;
212
213 /* For negative dentries, always do a fresh lookup */
214 if (!inode)
215 goto invalid;
216
217 ret = -ECHILD;
218 if (flags & LOOKUP_RCU)
219 goto out;
220
221 fm = get_fuse_mount(inode);
222
223 forget = fuse_alloc_forget();
224 ret = -ENOMEM;
225 if (!forget)
226 goto out;
227
228 attr_version = fuse_get_attr_version(fm->fc);
229
230 parent = dget_parent(entry);
231 fuse_lookup_init(fm->fc, &args, get_node_id(d_inode(parent)),
232 &entry->d_name, &outarg);
233 ret = fuse_simple_request(fm, &args);
234 dput(parent);
235 /* Zero nodeid is same as -ENOENT */
236 if (!ret && !outarg.nodeid)
237 ret = -ENOENT;
238 if (!ret) {
239 fi = get_fuse_inode(inode);
240 if (outarg.nodeid != get_node_id(inode) ||
241 (bool) IS_AUTOMOUNT(inode) != (bool) (outarg.attr.flags & FUSE_ATTR_SUBMOUNT)) {
242 fuse_queue_forget(fm->fc, forget,
243 outarg.nodeid, 1);
244 goto invalid;
245 }
246 spin_lock(&fi->lock);
247 fi->nlookup++;
248 spin_unlock(&fi->lock);
249 }
250 kfree(forget);
251 if (ret == -ENOMEM || ret == -EINTR)
252 goto out;
253 if (ret || fuse_invalid_attr(&outarg.attr) ||
254 fuse_stale_inode(inode, outarg.generation, &outarg.attr))
255 goto invalid;
256
257 forget_all_cached_acls(inode);
258 fuse_change_attributes(inode, &outarg.attr, NULL,
259 ATTR_TIMEOUT(&outarg),
260 attr_version);
261 fuse_change_entry_timeout(entry, &outarg);
262 } else if (inode) {
263 fi = get_fuse_inode(inode);
264 if (flags & LOOKUP_RCU) {
265 if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state))
266 return -ECHILD;
267 } else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) {
268 parent = dget_parent(entry);
269 fuse_advise_use_readdirplus(d_inode(parent));
270 dput(parent);
271 }
272 }
273 ret = 1;
274 out:
275 return ret;
276
277 invalid:
278 ret = 0;
279 goto out;
280 }
281
282 #if BITS_PER_LONG < 64
fuse_dentry_init(struct dentry * dentry)283 static int fuse_dentry_init(struct dentry *dentry)
284 {
285 dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry),
286 GFP_KERNEL_ACCOUNT | __GFP_RECLAIMABLE);
287
288 return dentry->d_fsdata ? 0 : -ENOMEM;
289 }
fuse_dentry_release(struct dentry * dentry)290 static void fuse_dentry_release(struct dentry *dentry)
291 {
292 union fuse_dentry *fd = dentry->d_fsdata;
293
294 kfree_rcu(fd, rcu);
295 }
296 #endif
297
fuse_dentry_delete(const struct dentry * dentry)298 static int fuse_dentry_delete(const struct dentry *dentry)
299 {
300 return time_before64(fuse_dentry_time(dentry), get_jiffies_64());
301 }
302
303 /*
304 * Create a fuse_mount object with a new superblock (with path->dentry
305 * as the root), and return that mount so it can be auto-mounted on
306 * @path.
307 */
fuse_dentry_automount(struct path * path)308 static struct vfsmount *fuse_dentry_automount(struct path *path)
309 {
310 struct fs_context *fsc;
311 struct vfsmount *mnt;
312 struct fuse_inode *mp_fi = get_fuse_inode(d_inode(path->dentry));
313
314 fsc = fs_context_for_submount(path->mnt->mnt_sb->s_type, path->dentry);
315 if (IS_ERR(fsc))
316 return ERR_CAST(fsc);
317
318 /* Pass the FUSE inode of the mount for fuse_get_tree_submount() */
319 fsc->fs_private = mp_fi;
320
321 /* Create the submount */
322 mnt = fc_mount(fsc);
323 if (!IS_ERR(mnt))
324 mntget(mnt);
325
326 put_fs_context(fsc);
327 return mnt;
328 }
329
330 const struct dentry_operations fuse_dentry_operations = {
331 .d_revalidate = fuse_dentry_revalidate,
332 .d_delete = fuse_dentry_delete,
333 #if BITS_PER_LONG < 64
334 .d_init = fuse_dentry_init,
335 .d_release = fuse_dentry_release,
336 #endif
337 .d_automount = fuse_dentry_automount,
338 };
339
340 const struct dentry_operations fuse_root_dentry_operations = {
341 #if BITS_PER_LONG < 64
342 .d_init = fuse_dentry_init,
343 .d_release = fuse_dentry_release,
344 #endif
345 };
346
fuse_valid_type(int m)347 int fuse_valid_type(int m)
348 {
349 return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) ||
350 S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m);
351 }
352
fuse_valid_size(u64 size)353 static bool fuse_valid_size(u64 size)
354 {
355 return size <= LLONG_MAX;
356 }
357
fuse_invalid_attr(struct fuse_attr * attr)358 bool fuse_invalid_attr(struct fuse_attr *attr)
359 {
360 return !fuse_valid_type(attr->mode) || !fuse_valid_size(attr->size);
361 }
362
fuse_lookup_name(struct super_block * sb,u64 nodeid,const struct qstr * name,struct fuse_entry_out * outarg,struct inode ** inode)363 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name,
364 struct fuse_entry_out *outarg, struct inode **inode)
365 {
366 struct fuse_mount *fm = get_fuse_mount_super(sb);
367 FUSE_ARGS(args);
368 struct fuse_forget_link *forget;
369 u64 attr_version;
370 int err;
371
372 *inode = NULL;
373 err = -ENAMETOOLONG;
374 if (name->len > FUSE_NAME_MAX)
375 goto out;
376
377
378 forget = fuse_alloc_forget();
379 err = -ENOMEM;
380 if (!forget)
381 goto out;
382
383 attr_version = fuse_get_attr_version(fm->fc);
384
385 fuse_lookup_init(fm->fc, &args, nodeid, name, outarg);
386 err = fuse_simple_request(fm, &args);
387 /* Zero nodeid is same as -ENOENT, but with valid timeout */
388 if (err || !outarg->nodeid)
389 goto out_put_forget;
390
391 err = -EIO;
392 if (fuse_invalid_attr(&outarg->attr))
393 goto out_put_forget;
394
395 *inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
396 &outarg->attr, ATTR_TIMEOUT(outarg),
397 attr_version);
398 err = -ENOMEM;
399 if (!*inode) {
400 fuse_queue_forget(fm->fc, forget, outarg->nodeid, 1);
401 goto out;
402 }
403 err = 0;
404
405 out_put_forget:
406 kfree(forget);
407 out:
408 return err;
409 }
410
fuse_lookup(struct inode * dir,struct dentry * entry,unsigned int flags)411 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
412 unsigned int flags)
413 {
414 int err;
415 struct fuse_entry_out outarg;
416 struct inode *inode;
417 struct dentry *newent;
418 bool outarg_valid = true;
419 bool locked;
420
421 if (fuse_is_bad(dir))
422 return ERR_PTR(-EIO);
423
424 locked = fuse_lock_inode(dir);
425 err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name,
426 &outarg, &inode);
427 fuse_unlock_inode(dir, locked);
428 if (err == -ENOENT) {
429 outarg_valid = false;
430 err = 0;
431 }
432 if (err)
433 goto out_err;
434
435 err = -EIO;
436 if (inode && get_node_id(inode) == FUSE_ROOT_ID)
437 goto out_iput;
438
439 newent = d_splice_alias(inode, entry);
440 err = PTR_ERR(newent);
441 if (IS_ERR(newent))
442 goto out_err;
443
444 entry = newent ? newent : entry;
445 if (outarg_valid)
446 fuse_change_entry_timeout(entry, &outarg);
447 else
448 fuse_invalidate_entry_cache(entry);
449
450 if (inode)
451 fuse_advise_use_readdirplus(dir);
452 return newent;
453
454 out_iput:
455 iput(inode);
456 out_err:
457 return ERR_PTR(err);
458 }
459
get_security_context(struct dentry * entry,umode_t mode,struct fuse_in_arg * ext)460 static int get_security_context(struct dentry *entry, umode_t mode,
461 struct fuse_in_arg *ext)
462 {
463 struct fuse_secctx *fctx;
464 struct fuse_secctx_header *header;
465 void *ctx = NULL, *ptr;
466 u32 ctxlen, total_len = sizeof(*header);
467 int err, nr_ctx = 0;
468 const char *name;
469 size_t namelen;
470
471 err = security_dentry_init_security(entry, mode, &entry->d_name,
472 &name, &ctx, &ctxlen);
473 if (err) {
474 if (err != -EOPNOTSUPP)
475 goto out_err;
476 /* No LSM is supporting this security hook. Ignore error */
477 ctxlen = 0;
478 ctx = NULL;
479 }
480
481 if (ctxlen) {
482 nr_ctx = 1;
483 namelen = strlen(name) + 1;
484 err = -EIO;
485 if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || ctxlen > S32_MAX))
486 goto out_err;
487 total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + ctxlen);
488 }
489
490 err = -ENOMEM;
491 header = ptr = kzalloc(total_len, GFP_KERNEL);
492 if (!ptr)
493 goto out_err;
494
495 header->nr_secctx = nr_ctx;
496 header->size = total_len;
497 ptr += sizeof(*header);
498 if (nr_ctx) {
499 fctx = ptr;
500 fctx->size = ctxlen;
501 ptr += sizeof(*fctx);
502
503 strcpy(ptr, name);
504 ptr += namelen;
505
506 memcpy(ptr, ctx, ctxlen);
507 }
508 ext->size = total_len;
509 ext->value = header;
510 err = 0;
511 out_err:
512 kfree(ctx);
513 return err;
514 }
515
extend_arg(struct fuse_in_arg * buf,u32 bytes)516 static void *extend_arg(struct fuse_in_arg *buf, u32 bytes)
517 {
518 void *p;
519 u32 newlen = buf->size + bytes;
520
521 p = krealloc(buf->value, newlen, GFP_KERNEL);
522 if (!p) {
523 kfree(buf->value);
524 buf->size = 0;
525 buf->value = NULL;
526 return NULL;
527 }
528
529 memset(p + buf->size, 0, bytes);
530 buf->value = p;
531 buf->size = newlen;
532
533 return p + newlen - bytes;
534 }
535
fuse_ext_size(size_t size)536 static u32 fuse_ext_size(size_t size)
537 {
538 return FUSE_REC_ALIGN(sizeof(struct fuse_ext_header) + size);
539 }
540
541 /*
542 * This adds just a single supplementary group that matches the parent's group.
543 */
get_create_supp_group(struct inode * dir,struct fuse_in_arg * ext)544 static int get_create_supp_group(struct inode *dir, struct fuse_in_arg *ext)
545 {
546 struct fuse_conn *fc = get_fuse_conn(dir);
547 struct fuse_ext_header *xh;
548 struct fuse_supp_groups *sg;
549 kgid_t kgid = dir->i_gid;
550 gid_t parent_gid = from_kgid(fc->user_ns, kgid);
551 u32 sg_len = fuse_ext_size(sizeof(*sg) + sizeof(sg->groups[0]));
552
553 if (parent_gid == (gid_t) -1 || gid_eq(kgid, current_fsgid()) ||
554 !in_group_p(kgid))
555 return 0;
556
557 xh = extend_arg(ext, sg_len);
558 if (!xh)
559 return -ENOMEM;
560
561 xh->size = sg_len;
562 xh->type = FUSE_EXT_GROUPS;
563
564 sg = (struct fuse_supp_groups *) &xh[1];
565 sg->nr_groups = 1;
566 sg->groups[0] = parent_gid;
567
568 return 0;
569 }
570
get_create_ext(struct fuse_args * args,struct inode * dir,struct dentry * dentry,umode_t mode)571 static int get_create_ext(struct fuse_args *args,
572 struct inode *dir, struct dentry *dentry,
573 umode_t mode)
574 {
575 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
576 struct fuse_in_arg ext = { .size = 0, .value = NULL };
577 int err = 0;
578
579 if (fc->init_security)
580 err = get_security_context(dentry, mode, &ext);
581 if (!err && fc->create_supp_group)
582 err = get_create_supp_group(dir, &ext);
583
584 if (!err && ext.size) {
585 WARN_ON(args->in_numargs >= ARRAY_SIZE(args->in_args));
586 args->is_ext = true;
587 args->ext_idx = args->in_numargs++;
588 args->in_args[args->ext_idx] = ext;
589 } else {
590 kfree(ext.value);
591 }
592
593 return err;
594 }
595
free_ext_value(struct fuse_args * args)596 static void free_ext_value(struct fuse_args *args)
597 {
598 if (args->is_ext)
599 kfree(args->in_args[args->ext_idx].value);
600 }
601
602 /*
603 * Atomic create+open operation
604 *
605 * If the filesystem doesn't support this, then fall back to separate
606 * 'mknod' + 'open' requests.
607 */
fuse_create_open(struct inode * dir,struct dentry * entry,struct file * file,unsigned int flags,umode_t mode,u32 opcode)608 static int fuse_create_open(struct inode *dir, struct dentry *entry,
609 struct file *file, unsigned int flags,
610 umode_t mode, u32 opcode)
611 {
612 int err;
613 struct inode *inode;
614 struct fuse_mount *fm = get_fuse_mount(dir);
615 FUSE_ARGS(args);
616 struct fuse_forget_link *forget;
617 struct fuse_create_in inarg;
618 struct fuse_open_out outopen;
619 struct fuse_entry_out outentry;
620 struct fuse_inode *fi;
621 struct fuse_file *ff;
622 bool trunc = flags & O_TRUNC;
623
624 /* Userspace expects S_IFREG in create mode */
625 BUG_ON((mode & S_IFMT) != S_IFREG);
626
627 forget = fuse_alloc_forget();
628 err = -ENOMEM;
629 if (!forget)
630 goto out_err;
631
632 err = -ENOMEM;
633 ff = fuse_file_alloc(fm);
634 if (!ff)
635 goto out_put_forget_req;
636
637 if (!fm->fc->dont_mask)
638 mode &= ~current_umask();
639
640 flags &= ~O_NOCTTY;
641 memset(&inarg, 0, sizeof(inarg));
642 memset(&outentry, 0, sizeof(outentry));
643 inarg.flags = flags;
644 inarg.mode = mode;
645 inarg.umask = current_umask();
646
647 if (fm->fc->handle_killpriv_v2 && trunc &&
648 !(flags & O_EXCL) && !capable(CAP_FSETID)) {
649 inarg.open_flags |= FUSE_OPEN_KILL_SUIDGID;
650 }
651
652 args.opcode = opcode;
653 args.nodeid = get_node_id(dir);
654 args.in_numargs = 2;
655 args.in_args[0].size = sizeof(inarg);
656 args.in_args[0].value = &inarg;
657 args.in_args[1].size = entry->d_name.len + 1;
658 args.in_args[1].value = entry->d_name.name;
659 args.out_numargs = 2;
660 args.out_args[0].size = sizeof(outentry);
661 args.out_args[0].value = &outentry;
662 args.out_args[1].size = sizeof(outopen);
663 args.out_args[1].value = &outopen;
664
665 err = get_create_ext(&args, dir, entry, mode);
666 if (err)
667 goto out_put_forget_req;
668
669 err = fuse_simple_request(fm, &args);
670 free_ext_value(&args);
671 if (err)
672 goto out_free_ff;
673
674 err = -EIO;
675 if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid) ||
676 fuse_invalid_attr(&outentry.attr))
677 goto out_free_ff;
678
679 ff->fh = outopen.fh;
680 ff->nodeid = outentry.nodeid;
681 ff->open_flags = outopen.open_flags;
682 inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation,
683 &outentry.attr, ATTR_TIMEOUT(&outentry), 0);
684 if (!inode) {
685 flags &= ~(O_CREAT | O_EXCL | O_TRUNC);
686 fuse_sync_release(NULL, ff, flags);
687 fuse_queue_forget(fm->fc, forget, outentry.nodeid, 1);
688 err = -ENOMEM;
689 goto out_err;
690 }
691 kfree(forget);
692 d_instantiate(entry, inode);
693 fuse_change_entry_timeout(entry, &outentry);
694 fuse_dir_changed(dir);
695 err = finish_open(file, entry, generic_file_open);
696 if (err) {
697 fi = get_fuse_inode(inode);
698 fuse_sync_release(fi, ff, flags);
699 } else {
700 file->private_data = ff;
701 fuse_finish_open(inode, file);
702 if (fm->fc->atomic_o_trunc && trunc)
703 truncate_pagecache(inode, 0);
704 else if (!(ff->open_flags & FOPEN_KEEP_CACHE))
705 invalidate_inode_pages2(inode->i_mapping);
706 }
707 return err;
708
709 out_free_ff:
710 fuse_file_free(ff);
711 out_put_forget_req:
712 kfree(forget);
713 out_err:
714 return err;
715 }
716
717 static int fuse_mknod(struct mnt_idmap *, struct inode *, struct dentry *,
718 umode_t, dev_t);
fuse_atomic_open(struct inode * dir,struct dentry * entry,struct file * file,unsigned flags,umode_t mode)719 static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
720 struct file *file, unsigned flags,
721 umode_t mode)
722 {
723 int err;
724 struct fuse_conn *fc = get_fuse_conn(dir);
725 struct dentry *res = NULL;
726
727 if (fuse_is_bad(dir))
728 return -EIO;
729
730 if (d_in_lookup(entry)) {
731 res = fuse_lookup(dir, entry, 0);
732 if (IS_ERR(res))
733 return PTR_ERR(res);
734
735 if (res)
736 entry = res;
737 }
738
739 if (!(flags & O_CREAT) || d_really_is_positive(entry))
740 goto no_open;
741
742 /* Only creates */
743 file->f_mode |= FMODE_CREATED;
744
745 if (fc->no_create)
746 goto mknod;
747
748 err = fuse_create_open(dir, entry, file, flags, mode, FUSE_CREATE);
749 if (err == -ENOSYS) {
750 fc->no_create = 1;
751 goto mknod;
752 } else if (err == -EEXIST)
753 fuse_invalidate_entry(entry);
754 out_dput:
755 dput(res);
756 return err;
757
758 mknod:
759 err = fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0);
760 if (err)
761 goto out_dput;
762 no_open:
763 return finish_no_open(file, res);
764 }
765
766 /*
767 * Code shared between mknod, mkdir, symlink and link
768 */
create_new_entry(struct fuse_mount * fm,struct fuse_args * args,struct inode * dir,struct dentry * entry,umode_t mode)769 static int create_new_entry(struct fuse_mount *fm, struct fuse_args *args,
770 struct inode *dir, struct dentry *entry,
771 umode_t mode)
772 {
773 struct fuse_entry_out outarg;
774 struct inode *inode;
775 struct dentry *d;
776 int err;
777 struct fuse_forget_link *forget;
778
779 if (fuse_is_bad(dir))
780 return -EIO;
781
782 forget = fuse_alloc_forget();
783 if (!forget)
784 return -ENOMEM;
785
786 memset(&outarg, 0, sizeof(outarg));
787 args->nodeid = get_node_id(dir);
788 args->out_numargs = 1;
789 args->out_args[0].size = sizeof(outarg);
790 args->out_args[0].value = &outarg;
791
792 if (args->opcode != FUSE_LINK) {
793 err = get_create_ext(args, dir, entry, mode);
794 if (err)
795 goto out_put_forget_req;
796 }
797
798 err = fuse_simple_request(fm, args);
799 free_ext_value(args);
800 if (err)
801 goto out_put_forget_req;
802
803 err = -EIO;
804 if (invalid_nodeid(outarg.nodeid) || fuse_invalid_attr(&outarg.attr))
805 goto out_put_forget_req;
806
807 if ((outarg.attr.mode ^ mode) & S_IFMT)
808 goto out_put_forget_req;
809
810 inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation,
811 &outarg.attr, ATTR_TIMEOUT(&outarg), 0);
812 if (!inode) {
813 fuse_queue_forget(fm->fc, forget, outarg.nodeid, 1);
814 return -ENOMEM;
815 }
816 kfree(forget);
817
818 d_drop(entry);
819 d = d_splice_alias(inode, entry);
820 if (IS_ERR(d))
821 return PTR_ERR(d);
822
823 if (d) {
824 fuse_change_entry_timeout(d, &outarg);
825 dput(d);
826 } else {
827 fuse_change_entry_timeout(entry, &outarg);
828 }
829 fuse_dir_changed(dir);
830 return 0;
831
832 out_put_forget_req:
833 if (err == -EEXIST)
834 fuse_invalidate_entry(entry);
835 kfree(forget);
836 return err;
837 }
838
fuse_mknod(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,umode_t mode,dev_t rdev)839 static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir,
840 struct dentry *entry, umode_t mode, dev_t rdev)
841 {
842 struct fuse_mknod_in inarg;
843 struct fuse_mount *fm = get_fuse_mount(dir);
844 FUSE_ARGS(args);
845
846 if (!fm->fc->dont_mask)
847 mode &= ~current_umask();
848
849 memset(&inarg, 0, sizeof(inarg));
850 inarg.mode = mode;
851 inarg.rdev = new_encode_dev(rdev);
852 inarg.umask = current_umask();
853 args.opcode = FUSE_MKNOD;
854 args.in_numargs = 2;
855 args.in_args[0].size = sizeof(inarg);
856 args.in_args[0].value = &inarg;
857 args.in_args[1].size = entry->d_name.len + 1;
858 args.in_args[1].value = entry->d_name.name;
859 return create_new_entry(fm, &args, dir, entry, mode);
860 }
861
fuse_create(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,umode_t mode,bool excl)862 static int fuse_create(struct mnt_idmap *idmap, struct inode *dir,
863 struct dentry *entry, umode_t mode, bool excl)
864 {
865 return fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0);
866 }
867
fuse_tmpfile(struct mnt_idmap * idmap,struct inode * dir,struct file * file,umode_t mode)868 static int fuse_tmpfile(struct mnt_idmap *idmap, struct inode *dir,
869 struct file *file, umode_t mode)
870 {
871 struct fuse_conn *fc = get_fuse_conn(dir);
872 int err;
873
874 if (fc->no_tmpfile)
875 return -EOPNOTSUPP;
876
877 err = fuse_create_open(dir, file->f_path.dentry, file, file->f_flags, mode, FUSE_TMPFILE);
878 if (err == -ENOSYS) {
879 fc->no_tmpfile = 1;
880 err = -EOPNOTSUPP;
881 }
882 return err;
883 }
884
fuse_mkdir(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,umode_t mode)885 static int fuse_mkdir(struct mnt_idmap *idmap, struct inode *dir,
886 struct dentry *entry, umode_t mode)
887 {
888 struct fuse_mkdir_in inarg;
889 struct fuse_mount *fm = get_fuse_mount(dir);
890 FUSE_ARGS(args);
891
892 if (!fm->fc->dont_mask)
893 mode &= ~current_umask();
894
895 memset(&inarg, 0, sizeof(inarg));
896 inarg.mode = mode;
897 inarg.umask = current_umask();
898 args.opcode = FUSE_MKDIR;
899 args.in_numargs = 2;
900 args.in_args[0].size = sizeof(inarg);
901 args.in_args[0].value = &inarg;
902 args.in_args[1].size = entry->d_name.len + 1;
903 args.in_args[1].value = entry->d_name.name;
904 return create_new_entry(fm, &args, dir, entry, S_IFDIR);
905 }
906
fuse_symlink(struct mnt_idmap * idmap,struct inode * dir,struct dentry * entry,const char * link)907 static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir,
908 struct dentry *entry, const char *link)
909 {
910 struct fuse_mount *fm = get_fuse_mount(dir);
911 unsigned len = strlen(link) + 1;
912 FUSE_ARGS(args);
913
914 args.opcode = FUSE_SYMLINK;
915 args.in_numargs = 2;
916 args.in_args[0].size = entry->d_name.len + 1;
917 args.in_args[0].value = entry->d_name.name;
918 args.in_args[1].size = len;
919 args.in_args[1].value = link;
920 return create_new_entry(fm, &args, dir, entry, S_IFLNK);
921 }
922
fuse_flush_time_update(struct inode * inode)923 void fuse_flush_time_update(struct inode *inode)
924 {
925 int err = sync_inode_metadata(inode, 1);
926
927 mapping_set_error(inode->i_mapping, err);
928 }
929
fuse_update_ctime_in_cache(struct inode * inode)930 static void fuse_update_ctime_in_cache(struct inode *inode)
931 {
932 if (!IS_NOCMTIME(inode)) {
933 inode_set_ctime_current(inode);
934 mark_inode_dirty_sync(inode);
935 fuse_flush_time_update(inode);
936 }
937 }
938
fuse_update_ctime(struct inode * inode)939 void fuse_update_ctime(struct inode *inode)
940 {
941 fuse_invalidate_attr_mask(inode, STATX_CTIME);
942 fuse_update_ctime_in_cache(inode);
943 }
944
fuse_entry_unlinked(struct dentry * entry)945 static void fuse_entry_unlinked(struct dentry *entry)
946 {
947 struct inode *inode = d_inode(entry);
948 struct fuse_conn *fc = get_fuse_conn(inode);
949 struct fuse_inode *fi = get_fuse_inode(inode);
950
951 spin_lock(&fi->lock);
952 fi->attr_version = atomic64_inc_return(&fc->attr_version);
953 /*
954 * If i_nlink == 0 then unlink doesn't make sense, yet this can
955 * happen if userspace filesystem is careless. It would be
956 * difficult to enforce correct nlink usage so just ignore this
957 * condition here
958 */
959 if (S_ISDIR(inode->i_mode))
960 clear_nlink(inode);
961 else if (inode->i_nlink > 0)
962 drop_nlink(inode);
963 spin_unlock(&fi->lock);
964 fuse_invalidate_entry_cache(entry);
965 fuse_update_ctime(inode);
966 }
967
fuse_unlink(struct inode * dir,struct dentry * entry)968 static int fuse_unlink(struct inode *dir, struct dentry *entry)
969 {
970 int err;
971 struct fuse_mount *fm = get_fuse_mount(dir);
972 FUSE_ARGS(args);
973
974 if (fuse_is_bad(dir))
975 return -EIO;
976
977 args.opcode = FUSE_UNLINK;
978 args.nodeid = get_node_id(dir);
979 args.in_numargs = 1;
980 args.in_args[0].size = entry->d_name.len + 1;
981 args.in_args[0].value = entry->d_name.name;
982 err = fuse_simple_request(fm, &args);
983 if (!err) {
984 fuse_dir_changed(dir);
985 fuse_entry_unlinked(entry);
986 } else if (err == -EINTR || err == -ENOENT)
987 fuse_invalidate_entry(entry);
988 return err;
989 }
990
fuse_rmdir(struct inode * dir,struct dentry * entry)991 static int fuse_rmdir(struct inode *dir, struct dentry *entry)
992 {
993 int err;
994 struct fuse_mount *fm = get_fuse_mount(dir);
995 FUSE_ARGS(args);
996
997 if (fuse_is_bad(dir))
998 return -EIO;
999
1000 args.opcode = FUSE_RMDIR;
1001 args.nodeid = get_node_id(dir);
1002 args.in_numargs = 1;
1003 args.in_args[0].size = entry->d_name.len + 1;
1004 args.in_args[0].value = entry->d_name.name;
1005 err = fuse_simple_request(fm, &args);
1006 if (!err) {
1007 fuse_dir_changed(dir);
1008 fuse_entry_unlinked(entry);
1009 } else if (err == -EINTR || err == -ENOENT)
1010 fuse_invalidate_entry(entry);
1011 return err;
1012 }
1013
fuse_rename_common(struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags,int opcode,size_t argsize)1014 static int fuse_rename_common(struct inode *olddir, struct dentry *oldent,
1015 struct inode *newdir, struct dentry *newent,
1016 unsigned int flags, int opcode, size_t argsize)
1017 {
1018 int err;
1019 struct fuse_rename2_in inarg;
1020 struct fuse_mount *fm = get_fuse_mount(olddir);
1021 FUSE_ARGS(args);
1022
1023 memset(&inarg, 0, argsize);
1024 inarg.newdir = get_node_id(newdir);
1025 inarg.flags = flags;
1026 args.opcode = opcode;
1027 args.nodeid = get_node_id(olddir);
1028 args.in_numargs = 3;
1029 args.in_args[0].size = argsize;
1030 args.in_args[0].value = &inarg;
1031 args.in_args[1].size = oldent->d_name.len + 1;
1032 args.in_args[1].value = oldent->d_name.name;
1033 args.in_args[2].size = newent->d_name.len + 1;
1034 args.in_args[2].value = newent->d_name.name;
1035 err = fuse_simple_request(fm, &args);
1036 if (!err) {
1037 /* ctime changes */
1038 fuse_update_ctime(d_inode(oldent));
1039
1040 if (flags & RENAME_EXCHANGE)
1041 fuse_update_ctime(d_inode(newent));
1042
1043 fuse_dir_changed(olddir);
1044 if (olddir != newdir)
1045 fuse_dir_changed(newdir);
1046
1047 /* newent will end up negative */
1048 if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent))
1049 fuse_entry_unlinked(newent);
1050 } else if (err == -EINTR || err == -ENOENT) {
1051 /* If request was interrupted, DEITY only knows if the
1052 rename actually took place. If the invalidation
1053 fails (e.g. some process has CWD under the renamed
1054 directory), then there can be inconsistency between
1055 the dcache and the real filesystem. Tough luck. */
1056 fuse_invalidate_entry(oldent);
1057 if (d_really_is_positive(newent))
1058 fuse_invalidate_entry(newent);
1059 }
1060
1061 return err;
1062 }
1063
fuse_rename2(struct mnt_idmap * idmap,struct inode * olddir,struct dentry * oldent,struct inode * newdir,struct dentry * newent,unsigned int flags)1064 static int fuse_rename2(struct mnt_idmap *idmap, struct inode *olddir,
1065 struct dentry *oldent, struct inode *newdir,
1066 struct dentry *newent, unsigned int flags)
1067 {
1068 struct fuse_conn *fc = get_fuse_conn(olddir);
1069 int err;
1070
1071 if (fuse_is_bad(olddir))
1072 return -EIO;
1073
1074 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
1075 return -EINVAL;
1076
1077 if (flags) {
1078 if (fc->no_rename2 || fc->minor < 23)
1079 return -EINVAL;
1080
1081 err = fuse_rename_common(olddir, oldent, newdir, newent, flags,
1082 FUSE_RENAME2,
1083 sizeof(struct fuse_rename2_in));
1084 if (err == -ENOSYS) {
1085 fc->no_rename2 = 1;
1086 err = -EINVAL;
1087 }
1088 } else {
1089 err = fuse_rename_common(olddir, oldent, newdir, newent, 0,
1090 FUSE_RENAME,
1091 sizeof(struct fuse_rename_in));
1092 }
1093
1094 return err;
1095 }
1096
fuse_link(struct dentry * entry,struct inode * newdir,struct dentry * newent)1097 static int fuse_link(struct dentry *entry, struct inode *newdir,
1098 struct dentry *newent)
1099 {
1100 int err;
1101 struct fuse_link_in inarg;
1102 struct inode *inode = d_inode(entry);
1103 struct fuse_mount *fm = get_fuse_mount(inode);
1104 FUSE_ARGS(args);
1105
1106 memset(&inarg, 0, sizeof(inarg));
1107 inarg.oldnodeid = get_node_id(inode);
1108 args.opcode = FUSE_LINK;
1109 args.in_numargs = 2;
1110 args.in_args[0].size = sizeof(inarg);
1111 args.in_args[0].value = &inarg;
1112 args.in_args[1].size = newent->d_name.len + 1;
1113 args.in_args[1].value = newent->d_name.name;
1114 err = create_new_entry(fm, &args, newdir, newent, inode->i_mode);
1115 if (!err)
1116 fuse_update_ctime_in_cache(inode);
1117 else if (err == -EINTR)
1118 fuse_invalidate_attr(inode);
1119
1120 return err;
1121 }
1122
fuse_fillattr(struct inode * inode,struct fuse_attr * attr,struct kstat * stat)1123 static void fuse_fillattr(struct inode *inode, struct fuse_attr *attr,
1124 struct kstat *stat)
1125 {
1126 unsigned int blkbits;
1127 struct fuse_conn *fc = get_fuse_conn(inode);
1128
1129 stat->dev = inode->i_sb->s_dev;
1130 stat->ino = attr->ino;
1131 stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777);
1132 stat->nlink = attr->nlink;
1133 stat->uid = make_kuid(fc->user_ns, attr->uid);
1134 stat->gid = make_kgid(fc->user_ns, attr->gid);
1135 stat->rdev = inode->i_rdev;
1136 stat->atime.tv_sec = attr->atime;
1137 stat->atime.tv_nsec = attr->atimensec;
1138 stat->mtime.tv_sec = attr->mtime;
1139 stat->mtime.tv_nsec = attr->mtimensec;
1140 stat->ctime.tv_sec = attr->ctime;
1141 stat->ctime.tv_nsec = attr->ctimensec;
1142 stat->size = attr->size;
1143 stat->blocks = attr->blocks;
1144
1145 if (attr->blksize != 0)
1146 blkbits = ilog2(attr->blksize);
1147 else
1148 blkbits = inode->i_sb->s_blocksize_bits;
1149
1150 stat->blksize = 1 << blkbits;
1151 }
1152
fuse_statx_to_attr(struct fuse_statx * sx,struct fuse_attr * attr)1153 static void fuse_statx_to_attr(struct fuse_statx *sx, struct fuse_attr *attr)
1154 {
1155 memset(attr, 0, sizeof(*attr));
1156 attr->ino = sx->ino;
1157 attr->size = sx->size;
1158 attr->blocks = sx->blocks;
1159 attr->atime = sx->atime.tv_sec;
1160 attr->mtime = sx->mtime.tv_sec;
1161 attr->ctime = sx->ctime.tv_sec;
1162 attr->atimensec = sx->atime.tv_nsec;
1163 attr->mtimensec = sx->mtime.tv_nsec;
1164 attr->ctimensec = sx->ctime.tv_nsec;
1165 attr->mode = sx->mode;
1166 attr->nlink = sx->nlink;
1167 attr->uid = sx->uid;
1168 attr->gid = sx->gid;
1169 attr->rdev = new_encode_dev(MKDEV(sx->rdev_major, sx->rdev_minor));
1170 attr->blksize = sx->blksize;
1171 }
1172
fuse_do_statx(struct inode * inode,struct file * file,struct kstat * stat)1173 static int fuse_do_statx(struct inode *inode, struct file *file,
1174 struct kstat *stat)
1175 {
1176 int err;
1177 struct fuse_attr attr;
1178 struct fuse_statx *sx;
1179 struct fuse_statx_in inarg;
1180 struct fuse_statx_out outarg;
1181 struct fuse_mount *fm = get_fuse_mount(inode);
1182 u64 attr_version = fuse_get_attr_version(fm->fc);
1183 FUSE_ARGS(args);
1184
1185 memset(&inarg, 0, sizeof(inarg));
1186 memset(&outarg, 0, sizeof(outarg));
1187 /* Directories have separate file-handle space */
1188 if (file && S_ISREG(inode->i_mode)) {
1189 struct fuse_file *ff = file->private_data;
1190
1191 inarg.getattr_flags |= FUSE_GETATTR_FH;
1192 inarg.fh = ff->fh;
1193 }
1194 /* For now leave sync hints as the default, request all stats. */
1195 inarg.sx_flags = 0;
1196 inarg.sx_mask = STATX_BASIC_STATS | STATX_BTIME;
1197 args.opcode = FUSE_STATX;
1198 args.nodeid = get_node_id(inode);
1199 args.in_numargs = 1;
1200 args.in_args[0].size = sizeof(inarg);
1201 args.in_args[0].value = &inarg;
1202 args.out_numargs = 1;
1203 args.out_args[0].size = sizeof(outarg);
1204 args.out_args[0].value = &outarg;
1205 err = fuse_simple_request(fm, &args);
1206 if (err)
1207 return err;
1208
1209 sx = &outarg.stat;
1210 if (((sx->mask & STATX_SIZE) && !fuse_valid_size(sx->size)) ||
1211 ((sx->mask & STATX_TYPE) && (!fuse_valid_type(sx->mode) ||
1212 inode_wrong_type(inode, sx->mode)))) {
1213 make_bad_inode(inode);
1214 return -EIO;
1215 }
1216
1217 fuse_statx_to_attr(&outarg.stat, &attr);
1218 if ((sx->mask & STATX_BASIC_STATS) == STATX_BASIC_STATS) {
1219 fuse_change_attributes(inode, &attr, &outarg.stat,
1220 ATTR_TIMEOUT(&outarg), attr_version);
1221 }
1222
1223 if (stat) {
1224 stat->result_mask = sx->mask & (STATX_BASIC_STATS | STATX_BTIME);
1225 stat->btime.tv_sec = sx->btime.tv_sec;
1226 stat->btime.tv_nsec = min_t(u32, sx->btime.tv_nsec, NSEC_PER_SEC - 1);
1227 fuse_fillattr(inode, &attr, stat);
1228 stat->result_mask |= STATX_TYPE;
1229 }
1230
1231 return 0;
1232 }
1233
fuse_do_getattr(struct inode * inode,struct kstat * stat,struct file * file)1234 static int fuse_do_getattr(struct inode *inode, struct kstat *stat,
1235 struct file *file)
1236 {
1237 int err;
1238 struct fuse_getattr_in inarg;
1239 struct fuse_attr_out outarg;
1240 struct fuse_mount *fm = get_fuse_mount(inode);
1241 FUSE_ARGS(args);
1242 u64 attr_version;
1243
1244 attr_version = fuse_get_attr_version(fm->fc);
1245
1246 memset(&inarg, 0, sizeof(inarg));
1247 memset(&outarg, 0, sizeof(outarg));
1248 /* Directories have separate file-handle space */
1249 if (file && S_ISREG(inode->i_mode)) {
1250 struct fuse_file *ff = file->private_data;
1251
1252 inarg.getattr_flags |= FUSE_GETATTR_FH;
1253 inarg.fh = ff->fh;
1254 }
1255 args.opcode = FUSE_GETATTR;
1256 args.nodeid = get_node_id(inode);
1257 args.in_numargs = 1;
1258 args.in_args[0].size = sizeof(inarg);
1259 args.in_args[0].value = &inarg;
1260 args.out_numargs = 1;
1261 args.out_args[0].size = sizeof(outarg);
1262 args.out_args[0].value = &outarg;
1263 err = fuse_simple_request(fm, &args);
1264 if (!err) {
1265 if (fuse_invalid_attr(&outarg.attr) ||
1266 inode_wrong_type(inode, outarg.attr.mode)) {
1267 fuse_make_bad(inode);
1268 err = -EIO;
1269 } else {
1270 fuse_change_attributes(inode, &outarg.attr, NULL,
1271 ATTR_TIMEOUT(&outarg),
1272 attr_version);
1273 if (stat)
1274 fuse_fillattr(inode, &outarg.attr, stat);
1275 }
1276 }
1277 return err;
1278 }
1279
fuse_update_get_attr(struct inode * inode,struct file * file,struct kstat * stat,u32 request_mask,unsigned int flags)1280 static int fuse_update_get_attr(struct inode *inode, struct file *file,
1281 struct kstat *stat, u32 request_mask,
1282 unsigned int flags)
1283 {
1284 struct fuse_inode *fi = get_fuse_inode(inode);
1285 struct fuse_conn *fc = get_fuse_conn(inode);
1286 int err = 0;
1287 bool sync;
1288 u32 inval_mask = READ_ONCE(fi->inval_mask);
1289 u32 cache_mask = fuse_get_cache_mask(inode);
1290
1291
1292 /* FUSE only supports basic stats and possibly btime */
1293 request_mask &= STATX_BASIC_STATS | STATX_BTIME;
1294 retry:
1295 if (fc->no_statx)
1296 request_mask &= STATX_BASIC_STATS;
1297
1298 if (!request_mask)
1299 sync = false;
1300 else if (flags & AT_STATX_FORCE_SYNC)
1301 sync = true;
1302 else if (flags & AT_STATX_DONT_SYNC)
1303 sync = false;
1304 else if (request_mask & inval_mask & ~cache_mask)
1305 sync = true;
1306 else
1307 sync = time_before64(fi->i_time, get_jiffies_64());
1308
1309 if (sync) {
1310 forget_all_cached_acls(inode);
1311 /* Try statx if BTIME is requested */
1312 if (!fc->no_statx && (request_mask & ~STATX_BASIC_STATS)) {
1313 err = fuse_do_statx(inode, file, stat);
1314 if (err == -ENOSYS) {
1315 fc->no_statx = 1;
1316 goto retry;
1317 }
1318 } else {
1319 err = fuse_do_getattr(inode, stat, file);
1320 }
1321 } else if (stat) {
1322 generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat);
1323 stat->mode = fi->orig_i_mode;
1324 stat->ino = fi->orig_ino;
1325 if (test_bit(FUSE_I_BTIME, &fi->state)) {
1326 stat->btime = fi->i_btime;
1327 stat->result_mask |= STATX_BTIME;
1328 }
1329 }
1330
1331 return err;
1332 }
1333
fuse_update_attributes(struct inode * inode,struct file * file,u32 mask)1334 int fuse_update_attributes(struct inode *inode, struct file *file, u32 mask)
1335 {
1336 return fuse_update_get_attr(inode, file, NULL, mask, 0);
1337 }
1338
fuse_reverse_inval_entry(struct fuse_conn * fc,u64 parent_nodeid,u64 child_nodeid,struct qstr * name,u32 flags)1339 int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid,
1340 u64 child_nodeid, struct qstr *name, u32 flags)
1341 {
1342 int err = -ENOTDIR;
1343 struct inode *parent;
1344 struct dentry *dir;
1345 struct dentry *entry;
1346
1347 parent = fuse_ilookup(fc, parent_nodeid, NULL);
1348 if (!parent)
1349 return -ENOENT;
1350
1351 inode_lock_nested(parent, I_MUTEX_PARENT);
1352 if (!S_ISDIR(parent->i_mode))
1353 goto unlock;
1354
1355 err = -ENOENT;
1356 dir = d_find_alias(parent);
1357 if (!dir)
1358 goto unlock;
1359
1360 name->hash = full_name_hash(dir, name->name, name->len);
1361 entry = d_lookup(dir, name);
1362 dput(dir);
1363 if (!entry)
1364 goto unlock;
1365
1366 fuse_dir_changed(parent);
1367 if (!(flags & FUSE_EXPIRE_ONLY))
1368 d_invalidate(entry);
1369 fuse_invalidate_entry_cache(entry);
1370
1371 if (child_nodeid != 0 && d_really_is_positive(entry)) {
1372 inode_lock(d_inode(entry));
1373 if (get_node_id(d_inode(entry)) != child_nodeid) {
1374 err = -ENOENT;
1375 goto badentry;
1376 }
1377 if (d_mountpoint(entry)) {
1378 err = -EBUSY;
1379 goto badentry;
1380 }
1381 if (d_is_dir(entry)) {
1382 shrink_dcache_parent(entry);
1383 if (!simple_empty(entry)) {
1384 err = -ENOTEMPTY;
1385 goto badentry;
1386 }
1387 d_inode(entry)->i_flags |= S_DEAD;
1388 }
1389 dont_mount(entry);
1390 clear_nlink(d_inode(entry));
1391 err = 0;
1392 badentry:
1393 inode_unlock(d_inode(entry));
1394 if (!err)
1395 d_delete(entry);
1396 } else {
1397 err = 0;
1398 }
1399 dput(entry);
1400
1401 unlock:
1402 inode_unlock(parent);
1403 iput(parent);
1404 return err;
1405 }
1406
fuse_permissible_uidgid(struct fuse_conn * fc)1407 static inline bool fuse_permissible_uidgid(struct fuse_conn *fc)
1408 {
1409 const struct cred *cred = current_cred();
1410
1411 return (uid_eq(cred->euid, fc->user_id) &&
1412 uid_eq(cred->suid, fc->user_id) &&
1413 uid_eq(cred->uid, fc->user_id) &&
1414 gid_eq(cred->egid, fc->group_id) &&
1415 gid_eq(cred->sgid, fc->group_id) &&
1416 gid_eq(cred->gid, fc->group_id));
1417 }
1418
1419 /*
1420 * Calling into a user-controlled filesystem gives the filesystem
1421 * daemon ptrace-like capabilities over the current process. This
1422 * means, that the filesystem daemon is able to record the exact
1423 * filesystem operations performed, and can also control the behavior
1424 * of the requester process in otherwise impossible ways. For example
1425 * it can delay the operation for arbitrary length of time allowing
1426 * DoS against the requester.
1427 *
1428 * For this reason only those processes can call into the filesystem,
1429 * for which the owner of the mount has ptrace privilege. This
1430 * excludes processes started by other users, suid or sgid processes.
1431 */
fuse_allow_current_process(struct fuse_conn * fc)1432 bool fuse_allow_current_process(struct fuse_conn *fc)
1433 {
1434 bool allow;
1435
1436 if (fc->allow_other)
1437 allow = current_in_userns(fc->user_ns);
1438 else
1439 allow = fuse_permissible_uidgid(fc);
1440
1441 if (!allow && allow_sys_admin_access && capable(CAP_SYS_ADMIN))
1442 allow = true;
1443
1444 return allow;
1445 }
1446
fuse_access(struct inode * inode,int mask)1447 static int fuse_access(struct inode *inode, int mask)
1448 {
1449 struct fuse_mount *fm = get_fuse_mount(inode);
1450 FUSE_ARGS(args);
1451 struct fuse_access_in inarg;
1452 int err;
1453
1454 BUG_ON(mask & MAY_NOT_BLOCK);
1455
1456 if (fm->fc->no_access)
1457 return 0;
1458
1459 memset(&inarg, 0, sizeof(inarg));
1460 inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
1461 args.opcode = FUSE_ACCESS;
1462 args.nodeid = get_node_id(inode);
1463 args.in_numargs = 1;
1464 args.in_args[0].size = sizeof(inarg);
1465 args.in_args[0].value = &inarg;
1466 err = fuse_simple_request(fm, &args);
1467 if (err == -ENOSYS) {
1468 fm->fc->no_access = 1;
1469 err = 0;
1470 }
1471 return err;
1472 }
1473
fuse_perm_getattr(struct inode * inode,int mask)1474 static int fuse_perm_getattr(struct inode *inode, int mask)
1475 {
1476 if (mask & MAY_NOT_BLOCK)
1477 return -ECHILD;
1478
1479 forget_all_cached_acls(inode);
1480 return fuse_do_getattr(inode, NULL, NULL);
1481 }
1482
1483 /*
1484 * Check permission. The two basic access models of FUSE are:
1485 *
1486 * 1) Local access checking ('default_permissions' mount option) based
1487 * on file mode. This is the plain old disk filesystem permission
1488 * modell.
1489 *
1490 * 2) "Remote" access checking, where server is responsible for
1491 * checking permission in each inode operation. An exception to this
1492 * is if ->permission() was invoked from sys_access() in which case an
1493 * access request is sent. Execute permission is still checked
1494 * locally based on file mode.
1495 */
fuse_permission(struct mnt_idmap * idmap,struct inode * inode,int mask)1496 static int fuse_permission(struct mnt_idmap *idmap,
1497 struct inode *inode, int mask)
1498 {
1499 struct fuse_conn *fc = get_fuse_conn(inode);
1500 bool refreshed = false;
1501 int err = 0;
1502
1503 if (fuse_is_bad(inode))
1504 return -EIO;
1505
1506 if (!fuse_allow_current_process(fc))
1507 return -EACCES;
1508
1509 /*
1510 * If attributes are needed, refresh them before proceeding
1511 */
1512 if (fc->default_permissions ||
1513 ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
1514 struct fuse_inode *fi = get_fuse_inode(inode);
1515 u32 perm_mask = STATX_MODE | STATX_UID | STATX_GID;
1516
1517 if (perm_mask & READ_ONCE(fi->inval_mask) ||
1518 time_before64(fi->i_time, get_jiffies_64())) {
1519 refreshed = true;
1520
1521 err = fuse_perm_getattr(inode, mask);
1522 if (err)
1523 return err;
1524 }
1525 }
1526
1527 if (fc->default_permissions) {
1528 err = generic_permission(&nop_mnt_idmap, inode, mask);
1529
1530 /* If permission is denied, try to refresh file
1531 attributes. This is also needed, because the root
1532 node will at first have no permissions */
1533 if (err == -EACCES && !refreshed) {
1534 err = fuse_perm_getattr(inode, mask);
1535 if (!err)
1536 err = generic_permission(&nop_mnt_idmap,
1537 inode, mask);
1538 }
1539
1540 /* Note: the opposite of the above test does not
1541 exist. So if permissions are revoked this won't be
1542 noticed immediately, only after the attribute
1543 timeout has expired */
1544 } else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
1545 err = fuse_access(inode, mask);
1546 } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
1547 if (!(inode->i_mode & S_IXUGO)) {
1548 if (refreshed)
1549 return -EACCES;
1550
1551 err = fuse_perm_getattr(inode, mask);
1552 if (!err && !(inode->i_mode & S_IXUGO))
1553 return -EACCES;
1554 }
1555 }
1556 return err;
1557 }
1558
fuse_readlink_page(struct inode * inode,struct page * page)1559 static int fuse_readlink_page(struct inode *inode, struct page *page)
1560 {
1561 struct fuse_mount *fm = get_fuse_mount(inode);
1562 struct fuse_page_desc desc = { .length = PAGE_SIZE - 1 };
1563 struct fuse_args_pages ap = {
1564 .num_pages = 1,
1565 .pages = &page,
1566 .descs = &desc,
1567 };
1568 char *link;
1569 ssize_t res;
1570
1571 ap.args.opcode = FUSE_READLINK;
1572 ap.args.nodeid = get_node_id(inode);
1573 ap.args.out_pages = true;
1574 ap.args.out_argvar = true;
1575 ap.args.page_zeroing = true;
1576 ap.args.out_numargs = 1;
1577 ap.args.out_args[0].size = desc.length;
1578 res = fuse_simple_request(fm, &ap.args);
1579
1580 fuse_invalidate_atime(inode);
1581
1582 if (res < 0)
1583 return res;
1584
1585 if (WARN_ON(res >= PAGE_SIZE))
1586 return -EIO;
1587
1588 link = page_address(page);
1589 link[res] = '\0';
1590
1591 return 0;
1592 }
1593
fuse_get_link(struct dentry * dentry,struct inode * inode,struct delayed_call * callback)1594 static const char *fuse_get_link(struct dentry *dentry, struct inode *inode,
1595 struct delayed_call *callback)
1596 {
1597 struct fuse_conn *fc = get_fuse_conn(inode);
1598 struct page *page;
1599 int err;
1600
1601 err = -EIO;
1602 if (fuse_is_bad(inode))
1603 goto out_err;
1604
1605 if (fc->cache_symlinks)
1606 return page_get_link(dentry, inode, callback);
1607
1608 err = -ECHILD;
1609 if (!dentry)
1610 goto out_err;
1611
1612 page = alloc_page(GFP_KERNEL);
1613 err = -ENOMEM;
1614 if (!page)
1615 goto out_err;
1616
1617 err = fuse_readlink_page(inode, page);
1618 if (err) {
1619 __free_page(page);
1620 goto out_err;
1621 }
1622
1623 set_delayed_call(callback, page_put_link, page);
1624
1625 return page_address(page);
1626
1627 out_err:
1628 return ERR_PTR(err);
1629 }
1630
fuse_dir_open(struct inode * inode,struct file * file)1631 static int fuse_dir_open(struct inode *inode, struct file *file)
1632 {
1633 return fuse_open_common(inode, file, true);
1634 }
1635
fuse_dir_release(struct inode * inode,struct file * file)1636 static int fuse_dir_release(struct inode *inode, struct file *file)
1637 {
1638 fuse_release_common(file, true);
1639
1640 return 0;
1641 }
1642
fuse_dir_fsync(struct file * file,loff_t start,loff_t end,int datasync)1643 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end,
1644 int datasync)
1645 {
1646 struct inode *inode = file->f_mapping->host;
1647 struct fuse_conn *fc = get_fuse_conn(inode);
1648 int err;
1649
1650 if (fuse_is_bad(inode))
1651 return -EIO;
1652
1653 if (fc->no_fsyncdir)
1654 return 0;
1655
1656 inode_lock(inode);
1657 err = fuse_fsync_common(file, start, end, datasync, FUSE_FSYNCDIR);
1658 if (err == -ENOSYS) {
1659 fc->no_fsyncdir = 1;
1660 err = 0;
1661 }
1662 inode_unlock(inode);
1663
1664 return err;
1665 }
1666
fuse_dir_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1667 static long fuse_dir_ioctl(struct file *file, unsigned int cmd,
1668 unsigned long arg)
1669 {
1670 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1671
1672 /* FUSE_IOCTL_DIR only supported for API version >= 7.18 */
1673 if (fc->minor < 18)
1674 return -ENOTTY;
1675
1676 return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR);
1677 }
1678
fuse_dir_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1679 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd,
1680 unsigned long arg)
1681 {
1682 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1683
1684 if (fc->minor < 18)
1685 return -ENOTTY;
1686
1687 return fuse_ioctl_common(file, cmd, arg,
1688 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR);
1689 }
1690
update_mtime(unsigned ivalid,bool trust_local_mtime)1691 static bool update_mtime(unsigned ivalid, bool trust_local_mtime)
1692 {
1693 /* Always update if mtime is explicitly set */
1694 if (ivalid & ATTR_MTIME_SET)
1695 return true;
1696
1697 /* Or if kernel i_mtime is the official one */
1698 if (trust_local_mtime)
1699 return true;
1700
1701 /* If it's an open(O_TRUNC) or an ftruncate(), don't update */
1702 if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE)))
1703 return false;
1704
1705 /* In all other cases update */
1706 return true;
1707 }
1708
iattr_to_fattr(struct fuse_conn * fc,struct iattr * iattr,struct fuse_setattr_in * arg,bool trust_local_cmtime)1709 static void iattr_to_fattr(struct fuse_conn *fc, struct iattr *iattr,
1710 struct fuse_setattr_in *arg, bool trust_local_cmtime)
1711 {
1712 unsigned ivalid = iattr->ia_valid;
1713
1714 if (ivalid & ATTR_MODE)
1715 arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode;
1716 if (ivalid & ATTR_UID)
1717 arg->valid |= FATTR_UID, arg->uid = from_kuid(fc->user_ns, iattr->ia_uid);
1718 if (ivalid & ATTR_GID)
1719 arg->valid |= FATTR_GID, arg->gid = from_kgid(fc->user_ns, iattr->ia_gid);
1720 if (ivalid & ATTR_SIZE)
1721 arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size;
1722 if (ivalid & ATTR_ATIME) {
1723 arg->valid |= FATTR_ATIME;
1724 arg->atime = iattr->ia_atime.tv_sec;
1725 arg->atimensec = iattr->ia_atime.tv_nsec;
1726 if (!(ivalid & ATTR_ATIME_SET))
1727 arg->valid |= FATTR_ATIME_NOW;
1728 }
1729 if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) {
1730 arg->valid |= FATTR_MTIME;
1731 arg->mtime = iattr->ia_mtime.tv_sec;
1732 arg->mtimensec = iattr->ia_mtime.tv_nsec;
1733 if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime)
1734 arg->valid |= FATTR_MTIME_NOW;
1735 }
1736 if ((ivalid & ATTR_CTIME) && trust_local_cmtime) {
1737 arg->valid |= FATTR_CTIME;
1738 arg->ctime = iattr->ia_ctime.tv_sec;
1739 arg->ctimensec = iattr->ia_ctime.tv_nsec;
1740 }
1741 }
1742
1743 /*
1744 * Prevent concurrent writepages on inode
1745 *
1746 * This is done by adding a negative bias to the inode write counter
1747 * and waiting for all pending writes to finish.
1748 */
fuse_set_nowrite(struct inode * inode)1749 void fuse_set_nowrite(struct inode *inode)
1750 {
1751 struct fuse_inode *fi = get_fuse_inode(inode);
1752
1753 BUG_ON(!inode_is_locked(inode));
1754
1755 spin_lock(&fi->lock);
1756 BUG_ON(fi->writectr < 0);
1757 fi->writectr += FUSE_NOWRITE;
1758 spin_unlock(&fi->lock);
1759 wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE);
1760 }
1761
1762 /*
1763 * Allow writepages on inode
1764 *
1765 * Remove the bias from the writecounter and send any queued
1766 * writepages.
1767 */
__fuse_release_nowrite(struct inode * inode)1768 static void __fuse_release_nowrite(struct inode *inode)
1769 {
1770 struct fuse_inode *fi = get_fuse_inode(inode);
1771
1772 BUG_ON(fi->writectr != FUSE_NOWRITE);
1773 fi->writectr = 0;
1774 fuse_flush_writepages(inode);
1775 }
1776
fuse_release_nowrite(struct inode * inode)1777 void fuse_release_nowrite(struct inode *inode)
1778 {
1779 struct fuse_inode *fi = get_fuse_inode(inode);
1780
1781 spin_lock(&fi->lock);
1782 __fuse_release_nowrite(inode);
1783 spin_unlock(&fi->lock);
1784 }
1785
fuse_setattr_fill(struct fuse_conn * fc,struct fuse_args * args,struct inode * inode,struct fuse_setattr_in * inarg_p,struct fuse_attr_out * outarg_p)1786 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args,
1787 struct inode *inode,
1788 struct fuse_setattr_in *inarg_p,
1789 struct fuse_attr_out *outarg_p)
1790 {
1791 args->opcode = FUSE_SETATTR;
1792 args->nodeid = get_node_id(inode);
1793 args->in_numargs = 1;
1794 args->in_args[0].size = sizeof(*inarg_p);
1795 args->in_args[0].value = inarg_p;
1796 args->out_numargs = 1;
1797 args->out_args[0].size = sizeof(*outarg_p);
1798 args->out_args[0].value = outarg_p;
1799 }
1800
1801 /*
1802 * Flush inode->i_mtime to the server
1803 */
fuse_flush_times(struct inode * inode,struct fuse_file * ff)1804 int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
1805 {
1806 struct fuse_mount *fm = get_fuse_mount(inode);
1807 FUSE_ARGS(args);
1808 struct fuse_setattr_in inarg;
1809 struct fuse_attr_out outarg;
1810
1811 memset(&inarg, 0, sizeof(inarg));
1812 memset(&outarg, 0, sizeof(outarg));
1813
1814 inarg.valid = FATTR_MTIME;
1815 inarg.mtime = inode->i_mtime.tv_sec;
1816 inarg.mtimensec = inode->i_mtime.tv_nsec;
1817 if (fm->fc->minor >= 23) {
1818 inarg.valid |= FATTR_CTIME;
1819 inarg.ctime = inode_get_ctime(inode).tv_sec;
1820 inarg.ctimensec = inode_get_ctime(inode).tv_nsec;
1821 }
1822 if (ff) {
1823 inarg.valid |= FATTR_FH;
1824 inarg.fh = ff->fh;
1825 }
1826 fuse_setattr_fill(fm->fc, &args, inode, &inarg, &outarg);
1827
1828 return fuse_simple_request(fm, &args);
1829 }
1830
1831 /*
1832 * Set attributes, and at the same time refresh them.
1833 *
1834 * Truncation is slightly complicated, because the 'truncate' request
1835 * may fail, in which case we don't want to touch the mapping.
1836 * vmtruncate() doesn't allow for this case, so do the rlimit checking
1837 * and the actual truncation by hand.
1838 */
fuse_do_setattr(struct dentry * dentry,struct iattr * attr,struct file * file)1839 int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
1840 struct file *file)
1841 {
1842 struct inode *inode = d_inode(dentry);
1843 struct fuse_mount *fm = get_fuse_mount(inode);
1844 struct fuse_conn *fc = fm->fc;
1845 struct fuse_inode *fi = get_fuse_inode(inode);
1846 struct address_space *mapping = inode->i_mapping;
1847 FUSE_ARGS(args);
1848 struct fuse_setattr_in inarg;
1849 struct fuse_attr_out outarg;
1850 bool is_truncate = false;
1851 bool is_wb = fc->writeback_cache && S_ISREG(inode->i_mode);
1852 loff_t oldsize;
1853 int err;
1854 bool trust_local_cmtime = is_wb;
1855 bool fault_blocked = false;
1856
1857 if (!fc->default_permissions)
1858 attr->ia_valid |= ATTR_FORCE;
1859
1860 err = setattr_prepare(&nop_mnt_idmap, dentry, attr);
1861 if (err)
1862 return err;
1863
1864 if (attr->ia_valid & ATTR_SIZE) {
1865 if (WARN_ON(!S_ISREG(inode->i_mode)))
1866 return -EIO;
1867 is_truncate = true;
1868 }
1869
1870 if (FUSE_IS_DAX(inode) && is_truncate) {
1871 filemap_invalidate_lock(mapping);
1872 fault_blocked = true;
1873 err = fuse_dax_break_layouts(inode, 0, 0);
1874 if (err) {
1875 filemap_invalidate_unlock(mapping);
1876 return err;
1877 }
1878 }
1879
1880 if (attr->ia_valid & ATTR_OPEN) {
1881 /* This is coming from open(..., ... | O_TRUNC); */
1882 WARN_ON(!(attr->ia_valid & ATTR_SIZE));
1883 WARN_ON(attr->ia_size != 0);
1884 if (fc->atomic_o_trunc) {
1885 /*
1886 * No need to send request to userspace, since actual
1887 * truncation has already been done by OPEN. But still
1888 * need to truncate page cache.
1889 */
1890 i_size_write(inode, 0);
1891 truncate_pagecache(inode, 0);
1892 goto out;
1893 }
1894 file = NULL;
1895 }
1896
1897 /* Flush dirty data/metadata before non-truncate SETATTR */
1898 if (is_wb &&
1899 attr->ia_valid &
1900 (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET |
1901 ATTR_TIMES_SET)) {
1902 err = write_inode_now(inode, true);
1903 if (err)
1904 return err;
1905
1906 fuse_set_nowrite(inode);
1907 fuse_release_nowrite(inode);
1908 }
1909
1910 if (is_truncate) {
1911 fuse_set_nowrite(inode);
1912 set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1913 if (trust_local_cmtime && attr->ia_size != inode->i_size)
1914 attr->ia_valid |= ATTR_MTIME | ATTR_CTIME;
1915 }
1916
1917 memset(&inarg, 0, sizeof(inarg));
1918 memset(&outarg, 0, sizeof(outarg));
1919 iattr_to_fattr(fc, attr, &inarg, trust_local_cmtime);
1920 if (file) {
1921 struct fuse_file *ff = file->private_data;
1922 inarg.valid |= FATTR_FH;
1923 inarg.fh = ff->fh;
1924 }
1925
1926 /* Kill suid/sgid for non-directory chown unconditionally */
1927 if (fc->handle_killpriv_v2 && !S_ISDIR(inode->i_mode) &&
1928 attr->ia_valid & (ATTR_UID | ATTR_GID))
1929 inarg.valid |= FATTR_KILL_SUIDGID;
1930
1931 if (attr->ia_valid & ATTR_SIZE) {
1932 /* For mandatory locking in truncate */
1933 inarg.valid |= FATTR_LOCKOWNER;
1934 inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
1935
1936 /* Kill suid/sgid for truncate only if no CAP_FSETID */
1937 if (fc->handle_killpriv_v2 && !capable(CAP_FSETID))
1938 inarg.valid |= FATTR_KILL_SUIDGID;
1939 }
1940 fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
1941 err = fuse_simple_request(fm, &args);
1942 if (err) {
1943 if (err == -EINTR)
1944 fuse_invalidate_attr(inode);
1945 goto error;
1946 }
1947
1948 if (fuse_invalid_attr(&outarg.attr) ||
1949 inode_wrong_type(inode, outarg.attr.mode)) {
1950 fuse_make_bad(inode);
1951 err = -EIO;
1952 goto error;
1953 }
1954
1955 spin_lock(&fi->lock);
1956 /* the kernel maintains i_mtime locally */
1957 if (trust_local_cmtime) {
1958 if (attr->ia_valid & ATTR_MTIME)
1959 inode->i_mtime = attr->ia_mtime;
1960 if (attr->ia_valid & ATTR_CTIME)
1961 inode_set_ctime_to_ts(inode, attr->ia_ctime);
1962 /* FIXME: clear I_DIRTY_SYNC? */
1963 }
1964
1965 fuse_change_attributes_common(inode, &outarg.attr, NULL,
1966 ATTR_TIMEOUT(&outarg),
1967 fuse_get_cache_mask(inode));
1968 oldsize = inode->i_size;
1969 /* see the comment in fuse_change_attributes() */
1970 if (!is_wb || is_truncate)
1971 i_size_write(inode, outarg.attr.size);
1972
1973 if (is_truncate) {
1974 /* NOTE: this may release/reacquire fi->lock */
1975 __fuse_release_nowrite(inode);
1976 }
1977 spin_unlock(&fi->lock);
1978
1979 /*
1980 * Only call invalidate_inode_pages2() after removing
1981 * FUSE_NOWRITE, otherwise fuse_launder_folio() would deadlock.
1982 */
1983 if ((is_truncate || !is_wb) &&
1984 S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) {
1985 truncate_pagecache(inode, outarg.attr.size);
1986 invalidate_inode_pages2(mapping);
1987 }
1988
1989 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1990 out:
1991 if (fault_blocked)
1992 filemap_invalidate_unlock(mapping);
1993
1994 return 0;
1995
1996 error:
1997 if (is_truncate)
1998 fuse_release_nowrite(inode);
1999
2000 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
2001
2002 if (fault_blocked)
2003 filemap_invalidate_unlock(mapping);
2004 return err;
2005 }
2006
fuse_setattr(struct mnt_idmap * idmap,struct dentry * entry,struct iattr * attr)2007 static int fuse_setattr(struct mnt_idmap *idmap, struct dentry *entry,
2008 struct iattr *attr)
2009 {
2010 struct inode *inode = d_inode(entry);
2011 struct fuse_conn *fc = get_fuse_conn(inode);
2012 struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
2013 int ret;
2014
2015 if (fuse_is_bad(inode))
2016 return -EIO;
2017
2018 if (!fuse_allow_current_process(get_fuse_conn(inode)))
2019 return -EACCES;
2020
2021 if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
2022 attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
2023 ATTR_MODE);
2024
2025 /*
2026 * The only sane way to reliably kill suid/sgid is to do it in
2027 * the userspace filesystem
2028 *
2029 * This should be done on write(), truncate() and chown().
2030 */
2031 if (!fc->handle_killpriv && !fc->handle_killpriv_v2) {
2032 /*
2033 * ia_mode calculation may have used stale i_mode.
2034 * Refresh and recalculate.
2035 */
2036 ret = fuse_do_getattr(inode, NULL, file);
2037 if (ret)
2038 return ret;
2039
2040 attr->ia_mode = inode->i_mode;
2041 if (inode->i_mode & S_ISUID) {
2042 attr->ia_valid |= ATTR_MODE;
2043 attr->ia_mode &= ~S_ISUID;
2044 }
2045 if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
2046 attr->ia_valid |= ATTR_MODE;
2047 attr->ia_mode &= ~S_ISGID;
2048 }
2049 }
2050 }
2051 if (!attr->ia_valid)
2052 return 0;
2053
2054 ret = fuse_do_setattr(entry, attr, file);
2055 if (!ret) {
2056 /*
2057 * If filesystem supports acls it may have updated acl xattrs in
2058 * the filesystem, so forget cached acls for the inode.
2059 */
2060 if (fc->posix_acl)
2061 forget_all_cached_acls(inode);
2062
2063 /* Directory mode changed, may need to revalidate access */
2064 if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
2065 fuse_invalidate_entry_cache(entry);
2066 }
2067 return ret;
2068 }
2069
fuse_getattr(struct mnt_idmap * idmap,const struct path * path,struct kstat * stat,u32 request_mask,unsigned int flags)2070 static int fuse_getattr(struct mnt_idmap *idmap,
2071 const struct path *path, struct kstat *stat,
2072 u32 request_mask, unsigned int flags)
2073 {
2074 struct inode *inode = d_inode(path->dentry);
2075 struct fuse_conn *fc = get_fuse_conn(inode);
2076
2077 if (fuse_is_bad(inode))
2078 return -EIO;
2079
2080 if (!fuse_allow_current_process(fc)) {
2081 if (!request_mask) {
2082 /*
2083 * If user explicitly requested *nothing* then don't
2084 * error out, but return st_dev only.
2085 */
2086 stat->result_mask = 0;
2087 stat->dev = inode->i_sb->s_dev;
2088 return 0;
2089 }
2090 return -EACCES;
2091 }
2092
2093 return fuse_update_get_attr(inode, NULL, stat, request_mask, flags);
2094 }
2095
2096 static const struct inode_operations fuse_dir_inode_operations = {
2097 .lookup = fuse_lookup,
2098 .mkdir = fuse_mkdir,
2099 .symlink = fuse_symlink,
2100 .unlink = fuse_unlink,
2101 .rmdir = fuse_rmdir,
2102 .rename = fuse_rename2,
2103 .link = fuse_link,
2104 .setattr = fuse_setattr,
2105 .create = fuse_create,
2106 .atomic_open = fuse_atomic_open,
2107 .tmpfile = fuse_tmpfile,
2108 .mknod = fuse_mknod,
2109 .permission = fuse_permission,
2110 .getattr = fuse_getattr,
2111 .listxattr = fuse_listxattr,
2112 .get_inode_acl = fuse_get_inode_acl,
2113 .get_acl = fuse_get_acl,
2114 .set_acl = fuse_set_acl,
2115 .fileattr_get = fuse_fileattr_get,
2116 .fileattr_set = fuse_fileattr_set,
2117 };
2118
2119 static const struct file_operations fuse_dir_operations = {
2120 .llseek = generic_file_llseek,
2121 .read = generic_read_dir,
2122 .iterate_shared = fuse_readdir,
2123 .open = fuse_dir_open,
2124 .release = fuse_dir_release,
2125 .fsync = fuse_dir_fsync,
2126 .unlocked_ioctl = fuse_dir_ioctl,
2127 .compat_ioctl = fuse_dir_compat_ioctl,
2128 };
2129
2130 static const struct inode_operations fuse_common_inode_operations = {
2131 .setattr = fuse_setattr,
2132 .permission = fuse_permission,
2133 .getattr = fuse_getattr,
2134 .listxattr = fuse_listxattr,
2135 .get_inode_acl = fuse_get_inode_acl,
2136 .get_acl = fuse_get_acl,
2137 .set_acl = fuse_set_acl,
2138 .fileattr_get = fuse_fileattr_get,
2139 .fileattr_set = fuse_fileattr_set,
2140 };
2141
2142 static const struct inode_operations fuse_symlink_inode_operations = {
2143 .setattr = fuse_setattr,
2144 .get_link = fuse_get_link,
2145 .getattr = fuse_getattr,
2146 .listxattr = fuse_listxattr,
2147 };
2148
fuse_init_common(struct inode * inode)2149 void fuse_init_common(struct inode *inode)
2150 {
2151 inode->i_op = &fuse_common_inode_operations;
2152 }
2153
fuse_init_dir(struct inode * inode)2154 void fuse_init_dir(struct inode *inode)
2155 {
2156 struct fuse_inode *fi = get_fuse_inode(inode);
2157
2158 inode->i_op = &fuse_dir_inode_operations;
2159 inode->i_fop = &fuse_dir_operations;
2160
2161 spin_lock_init(&fi->rdc.lock);
2162 fi->rdc.cached = false;
2163 fi->rdc.size = 0;
2164 fi->rdc.pos = 0;
2165 fi->rdc.version = 0;
2166 }
2167
fuse_symlink_read_folio(struct file * null,struct folio * folio)2168 static int fuse_symlink_read_folio(struct file *null, struct folio *folio)
2169 {
2170 int err = fuse_readlink_page(folio->mapping->host, &folio->page);
2171
2172 if (!err)
2173 folio_mark_uptodate(folio);
2174
2175 folio_unlock(folio);
2176
2177 return err;
2178 }
2179
2180 static const struct address_space_operations fuse_symlink_aops = {
2181 .read_folio = fuse_symlink_read_folio,
2182 };
2183
fuse_init_symlink(struct inode * inode)2184 void fuse_init_symlink(struct inode *inode)
2185 {
2186 inode->i_op = &fuse_symlink_inode_operations;
2187 inode->i_data.a_ops = &fuse_symlink_aops;
2188 inode_nohighmem(inode);
2189 }
2190