]> git.ipfire.org Git - thirdparty/kernel/linux.git/blob - fs/fuse/dir.c
projects / thirdparty / kernel / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fuse: prepare for failing open response
[thirdparty/kernel/linux.git] / fs / fuse / dir.c
1 /*
2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu>
4
5 This program can be distributed under the terms of the GNU GPL.
6 See the file COPYING.
7 */
8
9 #include "fuse_i.h"
10
11 #include <linux/pagemap.h>
12 #include <linux/file.h>
13 #include <linux/fs_context.h>
14 #include <linux/moduleparam.h>
15 #include <linux/sched.h>
16 #include <linux/namei.h>
17 #include <linux/slab.h>
18 #include <linux/xattr.h>
19 #include <linux/iversion.h>
20 #include <linux/posix_acl.h>
21 #include <linux/security.h>
22 #include <linux/types.h>
23 #include <linux/kernel.h>
24
25 static bool __read_mostly allow_sys_admin_access;
26 module_param(allow_sys_admin_access, bool, 0644);
27 MODULE_PARM_DESC(allow_sys_admin_access,
28 "Allow users with CAP_SYS_ADMIN in initial userns to bypass allow_other access check");
29
30 static void fuse_advise_use_readdirplus(struct inode *dir)
31 {
32 struct fuse_inode *fi = get_fuse_inode(dir);
33
34 set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state);
35 }
36
37 #if BITS_PER_LONG >= 64
38 static inline void __fuse_dentry_settime(struct dentry *entry, u64 time)
39 {
40 entry->d_fsdata = (void *) time;
41 }
42
43 static inline u64 fuse_dentry_time(const struct dentry *entry)
44 {
45 return (u64)entry->d_fsdata;
46 }
47
48 #else
49 union fuse_dentry {
50 u64 time;
51 struct rcu_head rcu;
52 };
53
54 static inline void __fuse_dentry_settime(struct dentry *dentry, u64 time)
55 {
56 ((union fuse_dentry *) dentry->d_fsdata)->time = time;
57 }
58
59 static inline u64 fuse_dentry_time(const struct dentry *entry)
60 {
61 return ((union fuse_dentry *) entry->d_fsdata)->time;
62 }
63 #endif
64
65 static void fuse_dentry_settime(struct dentry *dentry, u64 time)
66 {
67 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
68 bool delete = !time && fc->delete_stale;
69 /*
70 * Mess with DCACHE_OP_DELETE because dput() will be faster without it.
71 * Don't care about races, either way it's just an optimization
72 */
73 if ((!delete && (dentry->d_flags & DCACHE_OP_DELETE)) ||
74 (delete && !(dentry->d_flags & DCACHE_OP_DELETE))) {
75 spin_lock(&dentry->d_lock);
76 if (!delete)
77 dentry->d_flags &= ~DCACHE_OP_DELETE;
78 else
79 dentry->d_flags |= DCACHE_OP_DELETE;
80 spin_unlock(&dentry->d_lock);
81 }
82
83 __fuse_dentry_settime(dentry, time);
84 }
85
86 /*
87 * FUSE caches dentries and attributes with separate timeout. The
88 * time in jiffies until the dentry/attributes are valid is stored in
89 * dentry->d_fsdata and fuse_inode->i_time respectively.
90 */
91
92 /*
93 * Calculate the time in jiffies until a dentry/attributes are valid
94 */
95 u64 fuse_time_to_jiffies(u64 sec, u32 nsec)
96 {
97 if (sec || nsec) {
98 struct timespec64 ts = {
99 sec,
100 min_t(u32, nsec, NSEC_PER_SEC - 1)
101 };
102
103 return get_jiffies_64() + timespec64_to_jiffies(&ts);
104 } else
105 return 0;
106 }
107
108 /*
109 * Set dentry and possibly attribute timeouts from the lookup/mk*
110 * replies
111 */
112 void fuse_change_entry_timeout(struct dentry *entry, struct fuse_entry_out *o)
113 {
114 fuse_dentry_settime(entry,
115 fuse_time_to_jiffies(o->entry_valid, o->entry_valid_nsec));
116 }
117
118 void fuse_invalidate_attr_mask(struct inode *inode, u32 mask)
119 {
120 set_mask_bits(&get_fuse_inode(inode)->inval_mask, 0, mask);
121 }
122
123 /*
124 * Mark the attributes as stale, so that at the next call to
125 * ->getattr() they will be fetched from userspace
126 */
127 void fuse_invalidate_attr(struct inode *inode)
128 {
129 fuse_invalidate_attr_mask(inode, STATX_BASIC_STATS);
130 }
131
132 static void fuse_dir_changed(struct inode *dir)
133 {
134 fuse_invalidate_attr(dir);
135 inode_maybe_inc_iversion(dir, false);
136 }
137
138 /*
139 * Mark the attributes as stale due to an atime change. Avoid the invalidate if
140 * atime is not used.
141 */
142 void fuse_invalidate_atime(struct inode *inode)
143 {
144 if (!IS_RDONLY(inode))
145 fuse_invalidate_attr_mask(inode, STATX_ATIME);
146 }
147
148 /*
149 * Just mark the entry as stale, so that a next attempt to look it up
150 * will result in a new lookup call to userspace
151 *
152 * This is called when a dentry is about to become negative and the
153 * timeout is unknown (unlink, rmdir, rename and in some cases
154 * lookup)
155 */
156 void fuse_invalidate_entry_cache(struct dentry *entry)
157 {
158 fuse_dentry_settime(entry, 0);
159 }
160
161 /*
162 * Same as fuse_invalidate_entry_cache(), but also try to remove the
163 * dentry from the hash
164 */
165 static void fuse_invalidate_entry(struct dentry *entry)
166 {
167 d_invalidate(entry);
168 fuse_invalidate_entry_cache(entry);
169 }
170
171 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args,
172 u64 nodeid, const struct qstr *name,
173 struct fuse_entry_out *outarg)
174 {
175 memset(outarg, 0, sizeof(struct fuse_entry_out));
176 args->opcode = FUSE_LOOKUP;
177 args->nodeid = nodeid;
178 args->in_numargs = 1;
179 args->in_args[0].size = name->len + 1;
180 args->in_args[0].value = name->name;
181 args->out_numargs = 1;
182 args->out_args[0].size = sizeof(struct fuse_entry_out);
183 args->out_args[0].value = outarg;
184 }
185
186 /*
187 * Check whether the dentry is still valid
188 *
189 * If the entry validity timeout has expired and the dentry is
190 * positive, try to redo the lookup. If the lookup results in a
191 * different inode, then let the VFS invalidate the dentry and redo
192 * the lookup once more. If the lookup results in the same inode,
193 * then refresh the attributes, timeouts and mark the dentry valid.
194 */
195 static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags)
196 {
197 struct inode *inode;
198 struct dentry *parent;
199 struct fuse_mount *fm;
200 struct fuse_inode *fi;
201 int ret;
202
203 inode = d_inode_rcu(entry);
204 if (inode && fuse_is_bad(inode))
205 goto invalid;
206 else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||
207 (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) {
208 struct fuse_entry_out outarg;
209 FUSE_ARGS(args);
210 struct fuse_forget_link *forget;
211 u64 attr_version;
212
213 /* For negative dentries, always do a fresh lookup */
214 if (!inode)
215 goto invalid;
216
217 ret = -ECHILD;
218 if (flags & LOOKUP_RCU)
219 goto out;
220
221 fm = get_fuse_mount(inode);
222
223 forget = fuse_alloc_forget();
224 ret = -ENOMEM;
225 if (!forget)
226 goto out;
227
228 attr_version = fuse_get_attr_version(fm->fc);
229
230 parent = dget_parent(entry);
231 fuse_lookup_init(fm->fc, &args, get_node_id(d_inode(parent)),
232 &entry->d_name, &outarg);
233 ret = fuse_simple_request(fm, &args);
234 dput(parent);
235 /* Zero nodeid is same as -ENOENT */
236 if (!ret && !outarg.nodeid)
237 ret = -ENOENT;
238 if (!ret) {
239 fi = get_fuse_inode(inode);
240 if (outarg.nodeid != get_node_id(inode) ||
241 (bool) IS_AUTOMOUNT(inode) != (bool) (outarg.attr.flags & FUSE_ATTR_SUBMOUNT)) {
242 fuse_queue_forget(fm->fc, forget,
243 outarg.nodeid, 1);
244 goto invalid;
245 }
246 spin_lock(&fi->lock);
247 fi->nlookup++;
248 spin_unlock(&fi->lock);
249 }
250 kfree(forget);
251 if (ret == -ENOMEM || ret == -EINTR)
252 goto out;
253 if (ret || fuse_invalid_attr(&outarg.attr) ||
254 fuse_stale_inode(inode, outarg.generation, &outarg.attr))
255 goto invalid;
256
257 forget_all_cached_acls(inode);
258 fuse_change_attributes(inode, &outarg.attr, NULL,
259 ATTR_TIMEOUT(&outarg),
260 attr_version);
261 fuse_change_entry_timeout(entry, &outarg);
262 } else if (inode) {
263 fi = get_fuse_inode(inode);
264 if (flags & LOOKUP_RCU) {
265 if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state))
266 return -ECHILD;
267 } else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) {
268 parent = dget_parent(entry);
269 fuse_advise_use_readdirplus(d_inode(parent));
270 dput(parent);
271 }
272 }
273 ret = 1;
274 out:
275 return ret;
276
277 invalid:
278 ret = 0;
279 goto out;
280 }
281
282 #if BITS_PER_LONG < 64
283 static int fuse_dentry_init(struct dentry *dentry)
284 {
285 dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry),
286 GFP_KERNEL_ACCOUNT | __GFP_RECLAIMABLE);
287
288 return dentry->d_fsdata ? 0 : -ENOMEM;
289 }
290 static void fuse_dentry_release(struct dentry *dentry)
291 {
292 union fuse_dentry *fd = dentry->d_fsdata;
293
294 kfree_rcu(fd, rcu);
295 }
296 #endif
297
298 static int fuse_dentry_delete(const struct dentry *dentry)
299 {
300 return time_before64(fuse_dentry_time(dentry), get_jiffies_64());
301 }
302
303 /*
304 * Create a fuse_mount object with a new superblock (with path->dentry
305 * as the root), and return that mount so it can be auto-mounted on
306 * @path.
307 */
308 static struct vfsmount *fuse_dentry_automount(struct path *path)
309 {
310 struct fs_context *fsc;
311 struct vfsmount *mnt;
312 struct fuse_inode *mp_fi = get_fuse_inode(d_inode(path->dentry));
313
314 fsc = fs_context_for_submount(path->mnt->mnt_sb->s_type, path->dentry);
315 if (IS_ERR(fsc))
316 return ERR_CAST(fsc);
317
318 /* Pass the FUSE inode of the mount for fuse_get_tree_submount() */
319 fsc->fs_private = mp_fi;
320
321 /* Create the submount */
322 mnt = fc_mount(fsc);
323 if (!IS_ERR(mnt))
324 mntget(mnt);
325
326 put_fs_context(fsc);
327 return mnt;
328 }
329
330 const struct dentry_operations fuse_dentry_operations = {
331 .d_revalidate = fuse_dentry_revalidate,
332 .d_delete = fuse_dentry_delete,
333 #if BITS_PER_LONG < 64
334 .d_init = fuse_dentry_init,
335 .d_release = fuse_dentry_release,
336 #endif
337 .d_automount = fuse_dentry_automount,
338 };
339
340 const struct dentry_operations fuse_root_dentry_operations = {
341 #if BITS_PER_LONG < 64
342 .d_init = fuse_dentry_init,
343 .d_release = fuse_dentry_release,
344 #endif
345 };
346
347 int fuse_valid_type(int m)
348 {
349 return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) ||
350 S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m);
351 }
352
353 static bool fuse_valid_size(u64 size)
354 {
355 return size <= LLONG_MAX;
356 }
357
358 bool fuse_invalid_attr(struct fuse_attr *attr)
359 {
360 return !fuse_valid_type(attr->mode) || !fuse_valid_size(attr->size);
361 }
362
363 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name,
364 struct fuse_entry_out *outarg, struct inode **inode)
365 {
366 struct fuse_mount *fm = get_fuse_mount_super(sb);
367 FUSE_ARGS(args);
368 struct fuse_forget_link *forget;
369 u64 attr_version;
370 int err;
371
372 *inode = NULL;
373 err = -ENAMETOOLONG;
374 if (name->len > FUSE_NAME_MAX)
375 goto out;
376
377
378 forget = fuse_alloc_forget();
379 err = -ENOMEM;
380 if (!forget)
381 goto out;
382
383 attr_version = fuse_get_attr_version(fm->fc);
384
385 fuse_lookup_init(fm->fc, &args, nodeid, name, outarg);
386 err = fuse_simple_request(fm, &args);
387 /* Zero nodeid is same as -ENOENT, but with valid timeout */
388 if (err || !outarg->nodeid)
389 goto out_put_forget;
390
391 err = -EIO;
392 if (fuse_invalid_attr(&outarg->attr))
393 goto out_put_forget;
394
395 *inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
396 &outarg->attr, ATTR_TIMEOUT(outarg),
397 attr_version);
398 err = -ENOMEM;
399 if (!*inode) {
400 fuse_queue_forget(fm->fc, forget, outarg->nodeid, 1);
401 goto out;
402 }
403 err = 0;
404
405 out_put_forget:
406 kfree(forget);
407 out:
408 return err;
409 }
410
411 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
412 unsigned int flags)
413 {
414 int err;
415 struct fuse_entry_out outarg;
416 struct inode *inode;
417 struct dentry *newent;
418 bool outarg_valid = true;
419 bool locked;
420
421 if (fuse_is_bad(dir))
422 return ERR_PTR(-EIO);
423
424 locked = fuse_lock_inode(dir);
425 err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name,
426 &outarg, &inode);
427 fuse_unlock_inode(dir, locked);
428 if (err == -ENOENT) {
429 outarg_valid = false;
430 err = 0;
431 }
432 if (err)
433 goto out_err;
434
435 err = -EIO;
436 if (inode && get_node_id(inode) == FUSE_ROOT_ID)
437 goto out_iput;
438
439 newent = d_splice_alias(inode, entry);
440 err = PTR_ERR(newent);
441 if (IS_ERR(newent))
442 goto out_err;
443
444 entry = newent ? newent : entry;
445 if (outarg_valid)
446 fuse_change_entry_timeout(entry, &outarg);
447 else
448 fuse_invalidate_entry_cache(entry);
449
450 if (inode)
451 fuse_advise_use_readdirplus(dir);
452 return newent;
453
454 out_iput:
455 iput(inode);
456 out_err:
457 return ERR_PTR(err);
458 }
459
460 static int get_security_context(struct dentry *entry, umode_t mode,
461 struct fuse_in_arg *ext)
462 {
463 struct fuse_secctx *fctx;
464 struct fuse_secctx_header *header;
465 void *ctx = NULL, *ptr;
466 u32 ctxlen, total_len = sizeof(*header);
467 int err, nr_ctx = 0;
468 const char *name;
469 size_t namelen;
470
471 err = security_dentry_init_security(entry, mode, &entry->d_name,
472 &name, &ctx, &ctxlen);
473 if (err) {
474 if (err != -EOPNOTSUPP)
475 goto out_err;
476 /* No LSM is supporting this security hook. Ignore error */
477 ctxlen = 0;
478 ctx = NULL;
479 }
480
481 if (ctxlen) {
482 nr_ctx = 1;
483 namelen = strlen(name) + 1;
484 err = -EIO;
485 if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || ctxlen > S32_MAX))
486 goto out_err;
487 total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + ctxlen);
488 }
489
490 err = -ENOMEM;
491 header = ptr = kzalloc(total_len, GFP_KERNEL);
492 if (!ptr)
493 goto out_err;
494
495 header->nr_secctx = nr_ctx;
496 header->size = total_len;
497 ptr += sizeof(*header);
498 if (nr_ctx) {
499 fctx = ptr;
500 fctx->size = ctxlen;
501 ptr += sizeof(*fctx);
502
503 strcpy(ptr, name);
504 ptr += namelen;
505
506 memcpy(ptr, ctx, ctxlen);
507 }
508 ext->size = total_len;
509 ext->value = header;
510 err = 0;
511 out_err:
512 kfree(ctx);
513 return err;
514 }
515
516 static void *extend_arg(struct fuse_in_arg *buf, u32 bytes)
517 {
518 void *p;
519 u32 newlen = buf->size + bytes;
520
521 p = krealloc(buf->value, newlen, GFP_KERNEL);
522 if (!p) {
523 kfree(buf->value);
524 buf->size = 0;
525 buf->value = NULL;
526 return NULL;
527 }
528
529 memset(p + buf->size, 0, bytes);
530 buf->value = p;
531 buf->size = newlen;
532
533 return p + newlen - bytes;
534 }
535
536 static u32 fuse_ext_size(size_t size)
537 {
538 return FUSE_REC_ALIGN(sizeof(struct fuse_ext_header) + size);
539 }
540
541 /*
542 * This adds just a single supplementary group that matches the parent's group.
543 */
544 static int get_create_supp_group(struct inode *dir, struct fuse_in_arg *ext)
545 {
546 struct fuse_conn *fc = get_fuse_conn(dir);
547 struct fuse_ext_header *xh;
548 struct fuse_supp_groups *sg;
549 kgid_t kgid = dir->i_gid;
550 gid_t parent_gid = from_kgid(fc->user_ns, kgid);
551 u32 sg_len = fuse_ext_size(sizeof(*sg) + sizeof(sg->groups[0]));
552
553 if (parent_gid == (gid_t) -1 || gid_eq(kgid, current_fsgid()) ||
554 !in_group_p(kgid))
555 return 0;
556
557 xh = extend_arg(ext, sg_len);
558 if (!xh)
559 return -ENOMEM;
560
561 xh->size = sg_len;
562 xh->type = FUSE_EXT_GROUPS;
563
564 sg = (struct fuse_supp_groups *) &xh[1];
565 sg->nr_groups = 1;
566 sg->groups[0] = parent_gid;
567
568 return 0;
569 }
570
571 static int get_create_ext(struct fuse_args *args,
572 struct inode *dir, struct dentry *dentry,
573 umode_t mode)
574 {
575 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
576 struct fuse_in_arg ext = { .size = 0, .value = NULL };
577 int err = 0;
578
579 if (fc->init_security)
580 err = get_security_context(dentry, mode, &ext);
581 if (!err && fc->create_supp_group)
582 err = get_create_supp_group(dir, &ext);
583
584 if (!err && ext.size) {
585 WARN_ON(args->in_numargs >= ARRAY_SIZE(args->in_args));
586 args->is_ext = true;
587 args->ext_idx = args->in_numargs++;
588 args->in_args[args->ext_idx] = ext;
589 } else {
590 kfree(ext.value);
591 }
592
593 return err;
594 }
595
596 static void free_ext_value(struct fuse_args *args)
597 {
598 if (args->is_ext)
599 kfree(args->in_args[args->ext_idx].value);
600 }
601
602 /*
603 * Atomic create+open operation
604 *
605 * If the filesystem doesn't support this, then fall back to separate
606 * 'mknod' + 'open' requests.
607 */
608 static int fuse_create_open(struct inode *dir, struct dentry *entry,
609 struct file *file, unsigned int flags,
610 umode_t mode, u32 opcode)
611 {
612 int err;
613 struct inode *inode;
614 struct fuse_mount *fm = get_fuse_mount(dir);
615 FUSE_ARGS(args);
616 struct fuse_forget_link *forget;
617 struct fuse_create_in inarg;
618 struct fuse_open_out outopen;
619 struct fuse_entry_out outentry;
620 struct fuse_inode *fi;
621 struct fuse_file *ff;
622 bool trunc = flags & O_TRUNC;
623
624 /* Userspace expects S_IFREG in create mode */
625 BUG_ON((mode & S_IFMT) != S_IFREG);
626
627 forget = fuse_alloc_forget();
628 err = -ENOMEM;
629 if (!forget)
630 goto out_err;
631
632 err = -ENOMEM;
633 ff = fuse_file_alloc(fm, true);
634 if (!ff)
635 goto out_put_forget_req;
636
637 if (!fm->fc->dont_mask)
638 mode &= ~current_umask();
639
640 flags &= ~O_NOCTTY;
641 memset(&inarg, 0, sizeof(inarg));
642 memset(&outentry, 0, sizeof(outentry));
643 inarg.flags = flags;
644 inarg.mode = mode;
645 inarg.umask = current_umask();
646
647 if (fm->fc->handle_killpriv_v2 && trunc &&
648 !(flags & O_EXCL) && !capable(CAP_FSETID)) {
649 inarg.open_flags |= FUSE_OPEN_KILL_SUIDGID;
650 }
651
652 args.opcode = opcode;
653 args.nodeid = get_node_id(dir);
654 args.in_numargs = 2;
655 args.in_args[0].size = sizeof(inarg);
656 args.in_args[0].value = &inarg;
657 args.in_args[1].size = entry->d_name.len + 1;
658 args.in_args[1].value = entry->d_name.name;
659 args.out_numargs = 2;
660 args.out_args[0].size = sizeof(outentry);
661 args.out_args[0].value = &outentry;
662 args.out_args[1].size = sizeof(outopen);
663 args.out_args[1].value = &outopen;
664
665 err = get_create_ext(&args, dir, entry, mode);
666 if (err)
667 goto out_put_forget_req;
668
669 err = fuse_simple_request(fm, &args);
670 free_ext_value(&args);
671 if (err)
672 goto out_free_ff;
673
674 err = -EIO;
675 if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid) ||
676 fuse_invalid_attr(&outentry.attr))
677 goto out_free_ff;
678
679 ff->fh = outopen.fh;
680 ff->nodeid = outentry.nodeid;
681 ff->open_flags = outopen.open_flags;
682 inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation,
683 &outentry.attr, ATTR_TIMEOUT(&outentry), 0);
684 if (!inode) {
685 flags &= ~(O_CREAT | O_EXCL | O_TRUNC);
686 fuse_sync_release(NULL, ff, flags);
687 fuse_queue_forget(fm->fc, forget, outentry.nodeid, 1);
688 err = -ENOMEM;
689 goto out_err;
690 }
691 kfree(forget);
692 d_instantiate(entry, inode);
693 fuse_change_entry_timeout(entry, &outentry);
694 fuse_dir_changed(dir);
695 err = generic_file_open(inode, file);
696 if (!err) {
697 file->private_data = ff;
698 err = finish_open(file, entry, fuse_finish_open);
699 }
700 if (err) {
701 fi = get_fuse_inode(inode);
702 fuse_sync_release(fi, ff, flags);
703 } else {
704 if (fm->fc->atomic_o_trunc && trunc)
705 truncate_pagecache(inode, 0);
706 else if (!(ff->open_flags & FOPEN_KEEP_CACHE))
707 invalidate_inode_pages2(inode->i_mapping);
708 }
709 return err;
710
711 out_free_ff:
712 fuse_file_free(ff);
713 out_put_forget_req:
714 kfree(forget);
715 out_err:
716 return err;
717 }
718
719 static int fuse_mknod(struct mnt_idmap *, struct inode *, struct dentry *,
720 umode_t, dev_t);
721 static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
722 struct file *file, unsigned flags,
723 umode_t mode)
724 {
725 int err;
726 struct fuse_conn *fc = get_fuse_conn(dir);
727 struct dentry *res = NULL;
728
729 if (fuse_is_bad(dir))
730 return -EIO;
731
732 if (d_in_lookup(entry)) {
733 res = fuse_lookup(dir, entry, 0);
734 if (IS_ERR(res))
735 return PTR_ERR(res);
736
737 if (res)
738 entry = res;
739 }
740
741 if (!(flags & O_CREAT) || d_really_is_positive(entry))
742 goto no_open;
743
744 /* Only creates */
745 file->f_mode |= FMODE_CREATED;
746
747 if (fc->no_create)
748 goto mknod;
749
750 err = fuse_create_open(dir, entry, file, flags, mode, FUSE_CREATE);
751 if (err == -ENOSYS) {
752 fc->no_create = 1;
753 goto mknod;
754 } else if (err == -EEXIST)
755 fuse_invalidate_entry(entry);
756 out_dput:
757 dput(res);
758 return err;
759
760 mknod:
761 err = fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0);
762 if (err)
763 goto out_dput;
764 no_open:
765 return finish_no_open(file, res);
766 }
767
768 /*
769 * Code shared between mknod, mkdir, symlink and link
770 */
771 static int create_new_entry(struct fuse_mount *fm, struct fuse_args *args,
772 struct inode *dir, struct dentry *entry,
773 umode_t mode)
774 {
775 struct fuse_entry_out outarg;
776 struct inode *inode;
777 struct dentry *d;
778 int err;
779 struct fuse_forget_link *forget;
780
781 if (fuse_is_bad(dir))
782 return -EIO;
783
784 forget = fuse_alloc_forget();
785 if (!forget)
786 return -ENOMEM;
787
788 memset(&outarg, 0, sizeof(outarg));
789 args->nodeid = get_node_id(dir);
790 args->out_numargs = 1;
791 args->out_args[0].size = sizeof(outarg);
792 args->out_args[0].value = &outarg;
793
794 if (args->opcode != FUSE_LINK) {
795 err = get_create_ext(args, dir, entry, mode);
796 if (err)
797 goto out_put_forget_req;
798 }
799
800 err = fuse_simple_request(fm, args);
801 free_ext_value(args);
802 if (err)
803 goto out_put_forget_req;
804
805 err = -EIO;
806 if (invalid_nodeid(outarg.nodeid) || fuse_invalid_attr(&outarg.attr))
807 goto out_put_forget_req;
808
809 if ((outarg.attr.mode ^ mode) & S_IFMT)
810 goto out_put_forget_req;
811
812 inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation,
813 &outarg.attr, ATTR_TIMEOUT(&outarg), 0);
814 if (!inode) {
815 fuse_queue_forget(fm->fc, forget, outarg.nodeid, 1);
816 return -ENOMEM;
817 }
818 kfree(forget);
819
820 d_drop(entry);
821 d = d_splice_alias(inode, entry);
822 if (IS_ERR(d))
823 return PTR_ERR(d);
824
825 if (d) {
826 fuse_change_entry_timeout(d, &outarg);
827 dput(d);
828 } else {
829 fuse_change_entry_timeout(entry, &outarg);
830 }
831 fuse_dir_changed(dir);
832 return 0;
833
834 out_put_forget_req:
835 if (err == -EEXIST)
836 fuse_invalidate_entry(entry);
837 kfree(forget);
838 return err;
839 }
840
841 static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir,
842 struct dentry *entry, umode_t mode, dev_t rdev)
843 {
844 struct fuse_mknod_in inarg;
845 struct fuse_mount *fm = get_fuse_mount(dir);
846 FUSE_ARGS(args);
847
848 if (!fm->fc->dont_mask)
849 mode &= ~current_umask();
850
851 memset(&inarg, 0, sizeof(inarg));
852 inarg.mode = mode;
853 inarg.rdev = new_encode_dev(rdev);
854 inarg.umask = current_umask();
855 args.opcode = FUSE_MKNOD;
856 args.in_numargs = 2;
857 args.in_args[0].size = sizeof(inarg);
858 args.in_args[0].value = &inarg;
859 args.in_args[1].size = entry->d_name.len + 1;
860 args.in_args[1].value = entry->d_name.name;
861 return create_new_entry(fm, &args, dir, entry, mode);
862 }
863
864 static int fuse_create(struct mnt_idmap *idmap, struct inode *dir,
865 struct dentry *entry, umode_t mode, bool excl)
866 {
867 return fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0);
868 }
869
870 static int fuse_tmpfile(struct mnt_idmap *idmap, struct inode *dir,
871 struct file *file, umode_t mode)
872 {
873 struct fuse_conn *fc = get_fuse_conn(dir);
874 int err;
875
876 if (fc->no_tmpfile)
877 return -EOPNOTSUPP;
878
879 err = fuse_create_open(dir, file->f_path.dentry, file, file->f_flags, mode, FUSE_TMPFILE);
880 if (err == -ENOSYS) {
881 fc->no_tmpfile = 1;
882 err = -EOPNOTSUPP;
883 }
884 return err;
885 }
886
887 static int fuse_mkdir(struct mnt_idmap *idmap, struct inode *dir,
888 struct dentry *entry, umode_t mode)
889 {
890 struct fuse_mkdir_in inarg;
891 struct fuse_mount *fm = get_fuse_mount(dir);
892 FUSE_ARGS(args);
893
894 if (!fm->fc->dont_mask)
895 mode &= ~current_umask();
896
897 memset(&inarg, 0, sizeof(inarg));
898 inarg.mode = mode;
899 inarg.umask = current_umask();
900 args.opcode = FUSE_MKDIR;
901 args.in_numargs = 2;
902 args.in_args[0].size = sizeof(inarg);
903 args.in_args[0].value = &inarg;
904 args.in_args[1].size = entry->d_name.len + 1;
905 args.in_args[1].value = entry->d_name.name;
906 return create_new_entry(fm, &args, dir, entry, S_IFDIR);
907 }
908
909 static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir,
910 struct dentry *entry, const char *link)
911 {
912 struct fuse_mount *fm = get_fuse_mount(dir);
913 unsigned len = strlen(link) + 1;
914 FUSE_ARGS(args);
915
916 args.opcode = FUSE_SYMLINK;
917 args.in_numargs = 2;
918 args.in_args[0].size = entry->d_name.len + 1;
919 args.in_args[0].value = entry->d_name.name;
920 args.in_args[1].size = len;
921 args.in_args[1].value = link;
922 return create_new_entry(fm, &args, dir, entry, S_IFLNK);
923 }
924
925 void fuse_flush_time_update(struct inode *inode)
926 {
927 int err = sync_inode_metadata(inode, 1);
928
929 mapping_set_error(inode->i_mapping, err);
930 }
931
932 static void fuse_update_ctime_in_cache(struct inode *inode)
933 {
934 if (!IS_NOCMTIME(inode)) {
935 inode_set_ctime_current(inode);
936 mark_inode_dirty_sync(inode);
937 fuse_flush_time_update(inode);
938 }
939 }
940
941 void fuse_update_ctime(struct inode *inode)
942 {
943 fuse_invalidate_attr_mask(inode, STATX_CTIME);
944 fuse_update_ctime_in_cache(inode);
945 }
946
947 static void fuse_entry_unlinked(struct dentry *entry)
948 {
949 struct inode *inode = d_inode(entry);
950 struct fuse_conn *fc = get_fuse_conn(inode);
951 struct fuse_inode *fi = get_fuse_inode(inode);
952
953 spin_lock(&fi->lock);
954 fi->attr_version = atomic64_inc_return(&fc->attr_version);
955 /*
956 * If i_nlink == 0 then unlink doesn't make sense, yet this can
957 * happen if userspace filesystem is careless. It would be
958 * difficult to enforce correct nlink usage so just ignore this
959 * condition here
960 */
961 if (S_ISDIR(inode->i_mode))
962 clear_nlink(inode);
963 else if (inode->i_nlink > 0)
964 drop_nlink(inode);
965 spin_unlock(&fi->lock);
966 fuse_invalidate_entry_cache(entry);
967 fuse_update_ctime(inode);
968 }
969
970 static int fuse_unlink(struct inode *dir, struct dentry *entry)
971 {
972 int err;
973 struct fuse_mount *fm = get_fuse_mount(dir);
974 FUSE_ARGS(args);
975
976 if (fuse_is_bad(dir))
977 return -EIO;
978
979 args.opcode = FUSE_UNLINK;
980 args.nodeid = get_node_id(dir);
981 args.in_numargs = 1;
982 args.in_args[0].size = entry->d_name.len + 1;
983 args.in_args[0].value = entry->d_name.name;
984 err = fuse_simple_request(fm, &args);
985 if (!err) {
986 fuse_dir_changed(dir);
987 fuse_entry_unlinked(entry);
988 } else if (err == -EINTR || err == -ENOENT)
989 fuse_invalidate_entry(entry);
990 return err;
991 }
992
993 static int fuse_rmdir(struct inode *dir, struct dentry *entry)
994 {
995 int err;
996 struct fuse_mount *fm = get_fuse_mount(dir);
997 FUSE_ARGS(args);
998
999 if (fuse_is_bad(dir))
1000 return -EIO;
1001
1002 args.opcode = FUSE_RMDIR;
1003 args.nodeid = get_node_id(dir);
1004 args.in_numargs = 1;
1005 args.in_args[0].size = entry->d_name.len + 1;
1006 args.in_args[0].value = entry->d_name.name;
1007 err = fuse_simple_request(fm, &args);
1008 if (!err) {
1009 fuse_dir_changed(dir);
1010 fuse_entry_unlinked(entry);
1011 } else if (err == -EINTR || err == -ENOENT)
1012 fuse_invalidate_entry(entry);
1013 return err;
1014 }
1015
1016 static int fuse_rename_common(struct inode *olddir, struct dentry *oldent,
1017 struct inode *newdir, struct dentry *newent,
1018 unsigned int flags, int opcode, size_t argsize)
1019 {
1020 int err;
1021 struct fuse_rename2_in inarg;
1022 struct fuse_mount *fm = get_fuse_mount(olddir);
1023 FUSE_ARGS(args);
1024
1025 memset(&inarg, 0, argsize);
1026 inarg.newdir = get_node_id(newdir);
1027 inarg.flags = flags;
1028 args.opcode = opcode;
1029 args.nodeid = get_node_id(olddir);
1030 args.in_numargs = 3;
1031 args.in_args[0].size = argsize;
1032 args.in_args[0].value = &inarg;
1033 args.in_args[1].size = oldent->d_name.len + 1;
1034 args.in_args[1].value = oldent->d_name.name;
1035 args.in_args[2].size = newent->d_name.len + 1;
1036 args.in_args[2].value = newent->d_name.name;
1037 err = fuse_simple_request(fm, &args);
1038 if (!err) {
1039 /* ctime changes */
1040 fuse_update_ctime(d_inode(oldent));
1041
1042 if (flags & RENAME_EXCHANGE)
1043 fuse_update_ctime(d_inode(newent));
1044
1045 fuse_dir_changed(olddir);
1046 if (olddir != newdir)
1047 fuse_dir_changed(newdir);
1048
1049 /* newent will end up negative */
1050 if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent))
1051 fuse_entry_unlinked(newent);
1052 } else if (err == -EINTR || err == -ENOENT) {
1053 /* If request was interrupted, DEITY only knows if the
1054 rename actually took place. If the invalidation
1055 fails (e.g. some process has CWD under the renamed
1056 directory), then there can be inconsistency between
1057 the dcache and the real filesystem. Tough luck. */
1058 fuse_invalidate_entry(oldent);
1059 if (d_really_is_positive(newent))
1060 fuse_invalidate_entry(newent);
1061 }
1062
1063 return err;
1064 }
1065
1066 static int fuse_rename2(struct mnt_idmap *idmap, struct inode *olddir,
1067 struct dentry *oldent, struct inode *newdir,
1068 struct dentry *newent, unsigned int flags)
1069 {
1070 struct fuse_conn *fc = get_fuse_conn(olddir);
1071 int err;
1072
1073 if (fuse_is_bad(olddir))
1074 return -EIO;
1075
1076 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
1077 return -EINVAL;
1078
1079 if (flags) {
1080 if (fc->no_rename2 || fc->minor < 23)
1081 return -EINVAL;
1082
1083 err = fuse_rename_common(olddir, oldent, newdir, newent, flags,
1084 FUSE_RENAME2,
1085 sizeof(struct fuse_rename2_in));
1086 if (err == -ENOSYS) {
1087 fc->no_rename2 = 1;
1088 err = -EINVAL;
1089 }
1090 } else {
1091 err = fuse_rename_common(olddir, oldent, newdir, newent, 0,
1092 FUSE_RENAME,
1093 sizeof(struct fuse_rename_in));
1094 }
1095
1096 return err;
1097 }
1098
1099 static int fuse_link(struct dentry *entry, struct inode *newdir,
1100 struct dentry *newent)
1101 {
1102 int err;
1103 struct fuse_link_in inarg;
1104 struct inode *inode = d_inode(entry);
1105 struct fuse_mount *fm = get_fuse_mount(inode);
1106 FUSE_ARGS(args);
1107
1108 memset(&inarg, 0, sizeof(inarg));
1109 inarg.oldnodeid = get_node_id(inode);
1110 args.opcode = FUSE_LINK;
1111 args.in_numargs = 2;
1112 args.in_args[0].size = sizeof(inarg);
1113 args.in_args[0].value = &inarg;
1114 args.in_args[1].size = newent->d_name.len + 1;
1115 args.in_args[1].value = newent->d_name.name;
1116 err = create_new_entry(fm, &args, newdir, newent, inode->i_mode);
1117 if (!err)
1118 fuse_update_ctime_in_cache(inode);
1119 else if (err == -EINTR)
1120 fuse_invalidate_attr(inode);
1121
1122 return err;
1123 }
1124
1125 static void fuse_fillattr(struct inode *inode, struct fuse_attr *attr,
1126 struct kstat *stat)
1127 {
1128 unsigned int blkbits;
1129 struct fuse_conn *fc = get_fuse_conn(inode);
1130
1131 stat->dev = inode->i_sb->s_dev;
1132 stat->ino = attr->ino;
1133 stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777);
1134 stat->nlink = attr->nlink;
1135 stat->uid = make_kuid(fc->user_ns, attr->uid);
1136 stat->gid = make_kgid(fc->user_ns, attr->gid);
1137 stat->rdev = inode->i_rdev;
1138 stat->atime.tv_sec = attr->atime;
1139 stat->atime.tv_nsec = attr->atimensec;
1140 stat->mtime.tv_sec = attr->mtime;
1141 stat->mtime.tv_nsec = attr->mtimensec;
1142 stat->ctime.tv_sec = attr->ctime;
1143 stat->ctime.tv_nsec = attr->ctimensec;
1144 stat->size = attr->size;
1145 stat->blocks = attr->blocks;
1146
1147 if (attr->blksize != 0)
1148 blkbits = ilog2(attr->blksize);
1149 else
1150 blkbits = inode->i_sb->s_blocksize_bits;
1151
1152 stat->blksize = 1 << blkbits;
1153 }
1154
1155 static void fuse_statx_to_attr(struct fuse_statx *sx, struct fuse_attr *attr)
1156 {
1157 memset(attr, 0, sizeof(*attr));
1158 attr->ino = sx->ino;
1159 attr->size = sx->size;
1160 attr->blocks = sx->blocks;
1161 attr->atime = sx->atime.tv_sec;
1162 attr->mtime = sx->mtime.tv_sec;
1163 attr->ctime = sx->ctime.tv_sec;
1164 attr->atimensec = sx->atime.tv_nsec;
1165 attr->mtimensec = sx->mtime.tv_nsec;
1166 attr->ctimensec = sx->ctime.tv_nsec;
1167 attr->mode = sx->mode;
1168 attr->nlink = sx->nlink;
1169 attr->uid = sx->uid;
1170 attr->gid = sx->gid;
1171 attr->rdev = new_encode_dev(MKDEV(sx->rdev_major, sx->rdev_minor));
1172 attr->blksize = sx->blksize;
1173 }
1174
1175 static int fuse_do_statx(struct inode *inode, struct file *file,
1176 struct kstat *stat)
1177 {
1178 int err;
1179 struct fuse_attr attr;
1180 struct fuse_statx *sx;
1181 struct fuse_statx_in inarg;
1182 struct fuse_statx_out outarg;
1183 struct fuse_mount *fm = get_fuse_mount(inode);
1184 u64 attr_version = fuse_get_attr_version(fm->fc);
1185 FUSE_ARGS(args);
1186
1187 memset(&inarg, 0, sizeof(inarg));
1188 memset(&outarg, 0, sizeof(outarg));
1189 /* Directories have separate file-handle space */
1190 if (file && S_ISREG(inode->i_mode)) {
1191 struct fuse_file *ff = file->private_data;
1192
1193 inarg.getattr_flags |= FUSE_GETATTR_FH;
1194 inarg.fh = ff->fh;
1195 }
1196 /* For now leave sync hints as the default, request all stats. */
1197 inarg.sx_flags = 0;
1198 inarg.sx_mask = STATX_BASIC_STATS | STATX_BTIME;
1199 args.opcode = FUSE_STATX;
1200 args.nodeid = get_node_id(inode);
1201 args.in_numargs = 1;
1202 args.in_args[0].size = sizeof(inarg);
1203 args.in_args[0].value = &inarg;
1204 args.out_numargs = 1;
1205 args.out_args[0].size = sizeof(outarg);
1206 args.out_args[0].value = &outarg;
1207 err = fuse_simple_request(fm, &args);
1208 if (err)
1209 return err;
1210
1211 sx = &outarg.stat;
1212 if (((sx->mask & STATX_SIZE) && !fuse_valid_size(sx->size)) ||
1213 ((sx->mask & STATX_TYPE) && (!fuse_valid_type(sx->mode) ||
1214 inode_wrong_type(inode, sx->mode)))) {
1215 make_bad_inode(inode);
1216 return -EIO;
1217 }
1218
1219 fuse_statx_to_attr(&outarg.stat, &attr);
1220 if ((sx->mask & STATX_BASIC_STATS) == STATX_BASIC_STATS) {
1221 fuse_change_attributes(inode, &attr, &outarg.stat,
1222 ATTR_TIMEOUT(&outarg), attr_version);
1223 }
1224
1225 if (stat) {
1226 stat->result_mask = sx->mask & (STATX_BASIC_STATS | STATX_BTIME);
1227 stat->btime.tv_sec = sx->btime.tv_sec;
1228 stat->btime.tv_nsec = min_t(u32, sx->btime.tv_nsec, NSEC_PER_SEC - 1);
1229 fuse_fillattr(inode, &attr, stat);
1230 stat->result_mask |= STATX_TYPE;
1231 }
1232
1233 return 0;
1234 }
1235
1236 static int fuse_do_getattr(struct inode *inode, struct kstat *stat,
1237 struct file *file)
1238 {
1239 int err;
1240 struct fuse_getattr_in inarg;
1241 struct fuse_attr_out outarg;
1242 struct fuse_mount *fm = get_fuse_mount(inode);
1243 FUSE_ARGS(args);
1244 u64 attr_version;
1245
1246 attr_version = fuse_get_attr_version(fm->fc);
1247
1248 memset(&inarg, 0, sizeof(inarg));
1249 memset(&outarg, 0, sizeof(outarg));
1250 /* Directories have separate file-handle space */
1251 if (file && S_ISREG(inode->i_mode)) {
1252 struct fuse_file *ff = file->private_data;
1253
1254 inarg.getattr_flags |= FUSE_GETATTR_FH;
1255 inarg.fh = ff->fh;
1256 }
1257 args.opcode = FUSE_GETATTR;
1258 args.nodeid = get_node_id(inode);
1259 args.in_numargs = 1;
1260 args.in_args[0].size = sizeof(inarg);
1261 args.in_args[0].value = &inarg;
1262 args.out_numargs = 1;
1263 args.out_args[0].size = sizeof(outarg);
1264 args.out_args[0].value = &outarg;
1265 err = fuse_simple_request(fm, &args);
1266 if (!err) {
1267 if (fuse_invalid_attr(&outarg.attr) ||
1268 inode_wrong_type(inode, outarg.attr.mode)) {
1269 fuse_make_bad(inode);
1270 err = -EIO;
1271 } else {
1272 fuse_change_attributes(inode, &outarg.attr, NULL,
1273 ATTR_TIMEOUT(&outarg),
1274 attr_version);
1275 if (stat)
1276 fuse_fillattr(inode, &outarg.attr, stat);
1277 }
1278 }
1279 return err;
1280 }
1281
1282 static int fuse_update_get_attr(struct inode *inode, struct file *file,
1283 struct kstat *stat, u32 request_mask,
1284 unsigned int flags)
1285 {
1286 struct fuse_inode *fi = get_fuse_inode(inode);
1287 struct fuse_conn *fc = get_fuse_conn(inode);
1288 int err = 0;
1289 bool sync;
1290 u32 inval_mask = READ_ONCE(fi->inval_mask);
1291 u32 cache_mask = fuse_get_cache_mask(inode);
1292
1293
1294 /* FUSE only supports basic stats and possibly btime */
1295 request_mask &= STATX_BASIC_STATS | STATX_BTIME;
1296 retry:
1297 if (fc->no_statx)
1298 request_mask &= STATX_BASIC_STATS;
1299
1300 if (!request_mask)
1301 sync = false;
1302 else if (flags & AT_STATX_FORCE_SYNC)
1303 sync = true;
1304 else if (flags & AT_STATX_DONT_SYNC)
1305 sync = false;
1306 else if (request_mask & inval_mask & ~cache_mask)
1307 sync = true;
1308 else
1309 sync = time_before64(fi->i_time, get_jiffies_64());
1310
1311 if (sync) {
1312 forget_all_cached_acls(inode);
1313 /* Try statx if BTIME is requested */
1314 if (!fc->no_statx && (request_mask & ~STATX_BASIC_STATS)) {
1315 err = fuse_do_statx(inode, file, stat);
1316 if (err == -ENOSYS) {
1317 fc->no_statx = 1;
1318 goto retry;
1319 }
1320 } else {
1321 err = fuse_do_getattr(inode, stat, file);
1322 }
1323 } else if (stat) {
1324 generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat);
1325 stat->mode = fi->orig_i_mode;
1326 stat->ino = fi->orig_ino;
1327 if (test_bit(FUSE_I_BTIME, &fi->state)) {
1328 stat->btime = fi->i_btime;
1329 stat->result_mask |= STATX_BTIME;
1330 }
1331 }
1332
1333 return err;
1334 }
1335
1336 int fuse_update_attributes(struct inode *inode, struct file *file, u32 mask)
1337 {
1338 return fuse_update_get_attr(inode, file, NULL, mask, 0);
1339 }
1340
1341 int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid,
1342 u64 child_nodeid, struct qstr *name, u32 flags)
1343 {
1344 int err = -ENOTDIR;
1345 struct inode *parent;
1346 struct dentry *dir;
1347 struct dentry *entry;
1348
1349 parent = fuse_ilookup(fc, parent_nodeid, NULL);
1350 if (!parent)
1351 return -ENOENT;
1352
1353 inode_lock_nested(parent, I_MUTEX_PARENT);
1354 if (!S_ISDIR(parent->i_mode))
1355 goto unlock;
1356
1357 err = -ENOENT;
1358 dir = d_find_alias(parent);
1359 if (!dir)
1360 goto unlock;
1361
1362 name->hash = full_name_hash(dir, name->name, name->len);
1363 entry = d_lookup(dir, name);
1364 dput(dir);
1365 if (!entry)
1366 goto unlock;
1367
1368 fuse_dir_changed(parent);
1369 if (!(flags & FUSE_EXPIRE_ONLY))
1370 d_invalidate(entry);
1371 fuse_invalidate_entry_cache(entry);
1372
1373 if (child_nodeid != 0 && d_really_is_positive(entry)) {
1374 inode_lock(d_inode(entry));
1375 if (get_node_id(d_inode(entry)) != child_nodeid) {
1376 err = -ENOENT;
1377 goto badentry;
1378 }
1379 if (d_mountpoint(entry)) {
1380 err = -EBUSY;
1381 goto badentry;
1382 }
1383 if (d_is_dir(entry)) {
1384 shrink_dcache_parent(entry);
1385 if (!simple_empty(entry)) {
1386 err = -ENOTEMPTY;
1387 goto badentry;
1388 }
1389 d_inode(entry)->i_flags |= S_DEAD;
1390 }
1391 dont_mount(entry);
1392 clear_nlink(d_inode(entry));
1393 err = 0;
1394 badentry:
1395 inode_unlock(d_inode(entry));
1396 if (!err)
1397 d_delete(entry);
1398 } else {
1399 err = 0;
1400 }
1401 dput(entry);
1402
1403 unlock:
1404 inode_unlock(parent);
1405 iput(parent);
1406 return err;
1407 }
1408
1409 static inline bool fuse_permissible_uidgid(struct fuse_conn *fc)
1410 {
1411 const struct cred *cred = current_cred();
1412
1413 return (uid_eq(cred->euid, fc->user_id) &&
1414 uid_eq(cred->suid, fc->user_id) &&
1415 uid_eq(cred->uid, fc->user_id) &&
1416 gid_eq(cred->egid, fc->group_id) &&
1417 gid_eq(cred->sgid, fc->group_id) &&
1418 gid_eq(cred->gid, fc->group_id));
1419 }
1420
1421 /*
1422 * Calling into a user-controlled filesystem gives the filesystem
1423 * daemon ptrace-like capabilities over the current process. This
1424 * means, that the filesystem daemon is able to record the exact
1425 * filesystem operations performed, and can also control the behavior
1426 * of the requester process in otherwise impossible ways. For example
1427 * it can delay the operation for arbitrary length of time allowing
1428 * DoS against the requester.
1429 *
1430 * For this reason only those processes can call into the filesystem,
1431 * for which the owner of the mount has ptrace privilege. This
1432 * excludes processes started by other users, suid or sgid processes.
1433 */
1434 bool fuse_allow_current_process(struct fuse_conn *fc)
1435 {
1436 bool allow;
1437
1438 if (fc->allow_other)
1439 allow = current_in_userns(fc->user_ns);
1440 else
1441 allow = fuse_permissible_uidgid(fc);
1442
1443 if (!allow && allow_sys_admin_access && capable(CAP_SYS_ADMIN))
1444 allow = true;
1445
1446 return allow;
1447 }
1448
1449 static int fuse_access(struct inode *inode, int mask)
1450 {
1451 struct fuse_mount *fm = get_fuse_mount(inode);
1452 FUSE_ARGS(args);
1453 struct fuse_access_in inarg;
1454 int err;
1455
1456 BUG_ON(mask & MAY_NOT_BLOCK);
1457
1458 if (fm->fc->no_access)
1459 return 0;
1460
1461 memset(&inarg, 0, sizeof(inarg));
1462 inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
1463 args.opcode = FUSE_ACCESS;
1464 args.nodeid = get_node_id(inode);
1465 args.in_numargs = 1;
1466 args.in_args[0].size = sizeof(inarg);
1467 args.in_args[0].value = &inarg;
1468 err = fuse_simple_request(fm, &args);
1469 if (err == -ENOSYS) {
1470 fm->fc->no_access = 1;
1471 err = 0;
1472 }
1473 return err;
1474 }
1475
1476 static int fuse_perm_getattr(struct inode *inode, int mask)
1477 {
1478 if (mask & MAY_NOT_BLOCK)
1479 return -ECHILD;
1480
1481 forget_all_cached_acls(inode);
1482 return fuse_do_getattr(inode, NULL, NULL);
1483 }
1484
1485 /*
1486 * Check permission. The two basic access models of FUSE are:
1487 *
1488 * 1) Local access checking ('default_permissions' mount option) based
1489 * on file mode. This is the plain old disk filesystem permission
1490 * modell.
1491 *
1492 * 2) "Remote" access checking, where server is responsible for
1493 * checking permission in each inode operation. An exception to this
1494 * is if ->permission() was invoked from sys_access() in which case an
1495 * access request is sent. Execute permission is still checked
1496 * locally based on file mode.
1497 */
1498 static int fuse_permission(struct mnt_idmap *idmap,
1499 struct inode *inode, int mask)
1500 {
1501 struct fuse_conn *fc = get_fuse_conn(inode);
1502 bool refreshed = false;
1503 int err = 0;
1504
1505 if (fuse_is_bad(inode))
1506 return -EIO;
1507
1508 if (!fuse_allow_current_process(fc))
1509 return -EACCES;
1510
1511 /*
1512 * If attributes are needed, refresh them before proceeding
1513 */
1514 if (fc->default_permissions ||
1515 ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
1516 struct fuse_inode *fi = get_fuse_inode(inode);
1517 u32 perm_mask = STATX_MODE | STATX_UID | STATX_GID;
1518
1519 if (perm_mask & READ_ONCE(fi->inval_mask) ||
1520 time_before64(fi->i_time, get_jiffies_64())) {
1521 refreshed = true;
1522
1523 err = fuse_perm_getattr(inode, mask);
1524 if (err)
1525 return err;
1526 }
1527 }
1528
1529 if (fc->default_permissions) {
1530 err = generic_permission(&nop_mnt_idmap, inode, mask);
1531
1532 /* If permission is denied, try to refresh file
1533 attributes. This is also needed, because the root
1534 node will at first have no permissions */
1535 if (err == -EACCES && !refreshed) {
1536 err = fuse_perm_getattr(inode, mask);
1537 if (!err)
1538 err = generic_permission(&nop_mnt_idmap,
1539 inode, mask);
1540 }
1541
1542 /* Note: the opposite of the above test does not
1543 exist. So if permissions are revoked this won't be
1544 noticed immediately, only after the attribute
1545 timeout has expired */
1546 } else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
1547 err = fuse_access(inode, mask);
1548 } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
1549 if (!(inode->i_mode & S_IXUGO)) {
1550 if (refreshed)
1551 return -EACCES;
1552
1553 err = fuse_perm_getattr(inode, mask);
1554 if (!err && !(inode->i_mode & S_IXUGO))
1555 return -EACCES;
1556 }
1557 }
1558 return err;
1559 }
1560
1561 static int fuse_readlink_page(struct inode *inode, struct page *page)
1562 {
1563 struct fuse_mount *fm = get_fuse_mount(inode);
1564 struct fuse_page_desc desc = { .length = PAGE_SIZE - 1 };
1565 struct fuse_args_pages ap = {
1566 .num_pages = 1,
1567 .pages = &page,
1568 .descs = &desc,
1569 };
1570 char *link;
1571 ssize_t res;
1572
1573 ap.args.opcode = FUSE_READLINK;
1574 ap.args.nodeid = get_node_id(inode);
1575 ap.args.out_pages = true;
1576 ap.args.out_argvar = true;
1577 ap.args.page_zeroing = true;
1578 ap.args.out_numargs = 1;
1579 ap.args.out_args[0].size = desc.length;
1580 res = fuse_simple_request(fm, &ap.args);
1581
1582 fuse_invalidate_atime(inode);
1583
1584 if (res < 0)
1585 return res;
1586
1587 if (WARN_ON(res >= PAGE_SIZE))
1588 return -EIO;
1589
1590 link = page_address(page);
1591 link[res] = '\0';
1592
1593 return 0;
1594 }
1595
1596 static const char *fuse_get_link(struct dentry *dentry, struct inode *inode,
1597 struct delayed_call *callback)
1598 {
1599 struct fuse_conn *fc = get_fuse_conn(inode);
1600 struct page *page;
1601 int err;
1602
1603 err = -EIO;
1604 if (fuse_is_bad(inode))
1605 goto out_err;
1606
1607 if (fc->cache_symlinks)
1608 return page_get_link(dentry, inode, callback);
1609
1610 err = -ECHILD;
1611 if (!dentry)
1612 goto out_err;
1613
1614 page = alloc_page(GFP_KERNEL);
1615 err = -ENOMEM;
1616 if (!page)
1617 goto out_err;
1618
1619 err = fuse_readlink_page(inode, page);
1620 if (err) {
1621 __free_page(page);
1622 goto out_err;
1623 }
1624
1625 set_delayed_call(callback, page_put_link, page);
1626
1627 return page_address(page);
1628
1629 out_err:
1630 return ERR_PTR(err);
1631 }
1632
1633 static int fuse_dir_open(struct inode *inode, struct file *file)
1634 {
1635 struct fuse_mount *fm = get_fuse_mount(inode);
1636 int err;
1637
1638 if (fuse_is_bad(inode))
1639 return -EIO;
1640
1641 err = generic_file_open(inode, file);
1642 if (err)
1643 return err;
1644
1645 err = fuse_do_open(fm, get_node_id(inode), file, true);
1646 if (!err) {
1647 struct fuse_file *ff = file->private_data;
1648
1649 /*
1650 * Keep handling FOPEN_STREAM and FOPEN_NONSEEKABLE for
1651 * directories for backward compatibility, though it's unlikely
1652 * to be useful.
1653 */
1654 if (ff->open_flags & (FOPEN_STREAM | FOPEN_NONSEEKABLE))
1655 nonseekable_open(inode, file);
1656 }
1657
1658 return err;
1659 }
1660
1661 static int fuse_dir_release(struct inode *inode, struct file *file)
1662 {
1663 fuse_release_common(file, true);
1664
1665 return 0;
1666 }
1667
1668 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end,
1669 int datasync)
1670 {
1671 struct inode *inode = file->f_mapping->host;
1672 struct fuse_conn *fc = get_fuse_conn(inode);
1673 int err;
1674
1675 if (fuse_is_bad(inode))
1676 return -EIO;
1677
1678 if (fc->no_fsyncdir)
1679 return 0;
1680
1681 inode_lock(inode);
1682 err = fuse_fsync_common(file, start, end, datasync, FUSE_FSYNCDIR);
1683 if (err == -ENOSYS) {
1684 fc->no_fsyncdir = 1;
1685 err = 0;
1686 }
1687 inode_unlock(inode);
1688
1689 return err;
1690 }
1691
1692 static long fuse_dir_ioctl(struct file *file, unsigned int cmd,
1693 unsigned long arg)
1694 {
1695 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1696
1697 /* FUSE_IOCTL_DIR only supported for API version >= 7.18 */
1698 if (fc->minor < 18)
1699 return -ENOTTY;
1700
1701 return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR);
1702 }
1703
1704 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd,
1705 unsigned long arg)
1706 {
1707 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1708
1709 if (fc->minor < 18)
1710 return -ENOTTY;
1711
1712 return fuse_ioctl_common(file, cmd, arg,
1713 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR);
1714 }
1715
1716 static bool update_mtime(unsigned ivalid, bool trust_local_mtime)
1717 {
1718 /* Always update if mtime is explicitly set */
1719 if (ivalid & ATTR_MTIME_SET)
1720 return true;
1721
1722 /* Or if kernel i_mtime is the official one */
1723 if (trust_local_mtime)
1724 return true;
1725
1726 /* If it's an open(O_TRUNC) or an ftruncate(), don't update */
1727 if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE)))
1728 return false;
1729
1730 /* In all other cases update */
1731 return true;
1732 }
1733
1734 static void iattr_to_fattr(struct fuse_conn *fc, struct iattr *iattr,
1735 struct fuse_setattr_in *arg, bool trust_local_cmtime)
1736 {
1737 unsigned ivalid = iattr->ia_valid;
1738
1739 if (ivalid & ATTR_MODE)
1740 arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode;
1741 if (ivalid & ATTR_UID)
1742 arg->valid |= FATTR_UID, arg->uid = from_kuid(fc->user_ns, iattr->ia_uid);
1743 if (ivalid & ATTR_GID)
1744 arg->valid |= FATTR_GID, arg->gid = from_kgid(fc->user_ns, iattr->ia_gid);
1745 if (ivalid & ATTR_SIZE)
1746 arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size;
1747 if (ivalid & ATTR_ATIME) {
1748 arg->valid |= FATTR_ATIME;
1749 arg->atime = iattr->ia_atime.tv_sec;
1750 arg->atimensec = iattr->ia_atime.tv_nsec;
1751 if (!(ivalid & ATTR_ATIME_SET))
1752 arg->valid |= FATTR_ATIME_NOW;
1753 }
1754 if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) {
1755 arg->valid |= FATTR_MTIME;
1756 arg->mtime = iattr->ia_mtime.tv_sec;
1757 arg->mtimensec = iattr->ia_mtime.tv_nsec;
1758 if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime)
1759 arg->valid |= FATTR_MTIME_NOW;
1760 }
1761 if ((ivalid & ATTR_CTIME) && trust_local_cmtime) {
1762 arg->valid |= FATTR_CTIME;
1763 arg->ctime = iattr->ia_ctime.tv_sec;
1764 arg->ctimensec = iattr->ia_ctime.tv_nsec;
1765 }
1766 }
1767
1768 /*
1769 * Prevent concurrent writepages on inode
1770 *
1771 * This is done by adding a negative bias to the inode write counter
1772 * and waiting for all pending writes to finish.
1773 */
1774 void fuse_set_nowrite(struct inode *inode)
1775 {
1776 struct fuse_inode *fi = get_fuse_inode(inode);
1777
1778 BUG_ON(!inode_is_locked(inode));
1779
1780 spin_lock(&fi->lock);
1781 BUG_ON(fi->writectr < 0);
1782 fi->writectr += FUSE_NOWRITE;
1783 spin_unlock(&fi->lock);
1784 wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE);
1785 }
1786
1787 /*
1788 * Allow writepages on inode
1789 *
1790 * Remove the bias from the writecounter and send any queued
1791 * writepages.
1792 */
1793 static void __fuse_release_nowrite(struct inode *inode)
1794 {
1795 struct fuse_inode *fi = get_fuse_inode(inode);
1796
1797 BUG_ON(fi->writectr != FUSE_NOWRITE);
1798 fi->writectr = 0;
1799 fuse_flush_writepages(inode);
1800 }
1801
1802 void fuse_release_nowrite(struct inode *inode)
1803 {
1804 struct fuse_inode *fi = get_fuse_inode(inode);
1805
1806 spin_lock(&fi->lock);
1807 __fuse_release_nowrite(inode);
1808 spin_unlock(&fi->lock);
1809 }
1810
1811 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args,
1812 struct inode *inode,
1813 struct fuse_setattr_in *inarg_p,
1814 struct fuse_attr_out *outarg_p)
1815 {
1816 args->opcode = FUSE_SETATTR;
1817 args->nodeid = get_node_id(inode);
1818 args->in_numargs = 1;
1819 args->in_args[0].size = sizeof(*inarg_p);
1820 args->in_args[0].value = inarg_p;
1821 args->out_numargs = 1;
1822 args->out_args[0].size = sizeof(*outarg_p);
1823 args->out_args[0].value = outarg_p;
1824 }
1825
1826 /*
1827 * Flush inode->i_mtime to the server
1828 */
1829 int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
1830 {
1831 struct fuse_mount *fm = get_fuse_mount(inode);
1832 FUSE_ARGS(args);
1833 struct fuse_setattr_in inarg;
1834 struct fuse_attr_out outarg;
1835
1836 memset(&inarg, 0, sizeof(inarg));
1837 memset(&outarg, 0, sizeof(outarg));
1838
1839 inarg.valid = FATTR_MTIME;
1840 inarg.mtime = inode_get_mtime_sec(inode);
1841 inarg.mtimensec = inode_get_mtime_nsec(inode);
1842 if (fm->fc->minor >= 23) {
1843 inarg.valid |= FATTR_CTIME;
1844 inarg.ctime = inode_get_ctime_sec(inode);
1845 inarg.ctimensec = inode_get_ctime_nsec(inode);
1846 }
1847 if (ff) {
1848 inarg.valid |= FATTR_FH;
1849 inarg.fh = ff->fh;
1850 }
1851 fuse_setattr_fill(fm->fc, &args, inode, &inarg, &outarg);
1852
1853 return fuse_simple_request(fm, &args);
1854 }
1855
1856 /*
1857 * Set attributes, and at the same time refresh them.
1858 *
1859 * Truncation is slightly complicated, because the 'truncate' request
1860 * may fail, in which case we don't want to touch the mapping.
1861 * vmtruncate() doesn't allow for this case, so do the rlimit checking
1862 * and the actual truncation by hand.
1863 */
1864 int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
1865 struct file *file)
1866 {
1867 struct inode *inode = d_inode(dentry);
1868 struct fuse_mount *fm = get_fuse_mount(inode);
1869 struct fuse_conn *fc = fm->fc;
1870 struct fuse_inode *fi = get_fuse_inode(inode);
1871 struct address_space *mapping = inode->i_mapping;
1872 FUSE_ARGS(args);
1873 struct fuse_setattr_in inarg;
1874 struct fuse_attr_out outarg;
1875 bool is_truncate = false;
1876 bool is_wb = fc->writeback_cache && S_ISREG(inode->i_mode);
1877 loff_t oldsize;
1878 int err;
1879 bool trust_local_cmtime = is_wb;
1880 bool fault_blocked = false;
1881
1882 if (!fc->default_permissions)
1883 attr->ia_valid |= ATTR_FORCE;
1884
1885 err = setattr_prepare(&nop_mnt_idmap, dentry, attr);
1886 if (err)
1887 return err;
1888
1889 if (attr->ia_valid & ATTR_SIZE) {
1890 if (WARN_ON(!S_ISREG(inode->i_mode)))
1891 return -EIO;
1892 is_truncate = true;
1893 }
1894
1895 if (FUSE_IS_DAX(inode) && is_truncate) {
1896 filemap_invalidate_lock(mapping);
1897 fault_blocked = true;
1898 err = fuse_dax_break_layouts(inode, 0, 0);
1899 if (err) {
1900 filemap_invalidate_unlock(mapping);
1901 return err;
1902 }
1903 }
1904
1905 if (attr->ia_valid & ATTR_OPEN) {
1906 /* This is coming from open(..., ... | O_TRUNC); */
1907 WARN_ON(!(attr->ia_valid & ATTR_SIZE));
1908 WARN_ON(attr->ia_size != 0);
1909 if (fc->atomic_o_trunc) {
1910 /*
1911 * No need to send request to userspace, since actual
1912 * truncation has already been done by OPEN. But still
1913 * need to truncate page cache.
1914 */
1915 i_size_write(inode, 0);
1916 truncate_pagecache(inode, 0);
1917 goto out;
1918 }
1919 file = NULL;
1920 }
1921
1922 /* Flush dirty data/metadata before non-truncate SETATTR */
1923 if (is_wb &&
1924 attr->ia_valid &
1925 (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET |
1926 ATTR_TIMES_SET)) {
1927 err = write_inode_now(inode, true);
1928 if (err)
1929 return err;
1930
1931 fuse_set_nowrite(inode);
1932 fuse_release_nowrite(inode);
1933 }
1934
1935 if (is_truncate) {
1936 fuse_set_nowrite(inode);
1937 set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1938 if (trust_local_cmtime && attr->ia_size != inode->i_size)
1939 attr->ia_valid |= ATTR_MTIME | ATTR_CTIME;
1940 }
1941
1942 memset(&inarg, 0, sizeof(inarg));
1943 memset(&outarg, 0, sizeof(outarg));
1944 iattr_to_fattr(fc, attr, &inarg, trust_local_cmtime);
1945 if (file) {
1946 struct fuse_file *ff = file->private_data;
1947 inarg.valid |= FATTR_FH;
1948 inarg.fh = ff->fh;
1949 }
1950
1951 /* Kill suid/sgid for non-directory chown unconditionally */
1952 if (fc->handle_killpriv_v2 && !S_ISDIR(inode->i_mode) &&
1953 attr->ia_valid & (ATTR_UID | ATTR_GID))
1954 inarg.valid |= FATTR_KILL_SUIDGID;
1955
1956 if (attr->ia_valid & ATTR_SIZE) {
1957 /* For mandatory locking in truncate */
1958 inarg.valid |= FATTR_LOCKOWNER;
1959 inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
1960
1961 /* Kill suid/sgid for truncate only if no CAP_FSETID */
1962 if (fc->handle_killpriv_v2 && !capable(CAP_FSETID))
1963 inarg.valid |= FATTR_KILL_SUIDGID;
1964 }
1965 fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
1966 err = fuse_simple_request(fm, &args);
1967 if (err) {
1968 if (err == -EINTR)
1969 fuse_invalidate_attr(inode);
1970 goto error;
1971 }
1972
1973 if (fuse_invalid_attr(&outarg.attr) ||
1974 inode_wrong_type(inode, outarg.attr.mode)) {
1975 fuse_make_bad(inode);
1976 err = -EIO;
1977 goto error;
1978 }
1979
1980 spin_lock(&fi->lock);
1981 /* the kernel maintains i_mtime locally */
1982 if (trust_local_cmtime) {
1983 if (attr->ia_valid & ATTR_MTIME)
1984 inode_set_mtime_to_ts(inode, attr->ia_mtime);
1985 if (attr->ia_valid & ATTR_CTIME)
1986 inode_set_ctime_to_ts(inode, attr->ia_ctime);
1987 /* FIXME: clear I_DIRTY_SYNC? */
1988 }
1989
1990 fuse_change_attributes_common(inode, &outarg.attr, NULL,
1991 ATTR_TIMEOUT(&outarg),
1992 fuse_get_cache_mask(inode));
1993 oldsize = inode->i_size;
1994 /* see the comment in fuse_change_attributes() */
1995 if (!is_wb || is_truncate)
1996 i_size_write(inode, outarg.attr.size);
1997
1998 if (is_truncate) {
1999 /* NOTE: this may release/reacquire fi->lock */
2000 __fuse_release_nowrite(inode);
2001 }
2002 spin_unlock(&fi->lock);
2003
2004 /*
2005 * Only call invalidate_inode_pages2() after removing
2006 * FUSE_NOWRITE, otherwise fuse_launder_folio() would deadlock.
2007 */
2008 if ((is_truncate || !is_wb) &&
2009 S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) {
2010 truncate_pagecache(inode, outarg.attr.size);
2011 invalidate_inode_pages2(mapping);
2012 }
2013
2014 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
2015 out:
2016 if (fault_blocked)
2017 filemap_invalidate_unlock(mapping);
2018
2019 return 0;
2020
2021 error:
2022 if (is_truncate)
2023 fuse_release_nowrite(inode);
2024
2025 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
2026
2027 if (fault_blocked)
2028 filemap_invalidate_unlock(mapping);
2029 return err;
2030 }
2031
2032 static int fuse_setattr(struct mnt_idmap *idmap, struct dentry *entry,
2033 struct iattr *attr)
2034 {
2035 struct inode *inode = d_inode(entry);
2036 struct fuse_conn *fc = get_fuse_conn(inode);
2037 struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
2038 int ret;
2039
2040 if (fuse_is_bad(inode))
2041 return -EIO;
2042
2043 if (!fuse_allow_current_process(get_fuse_conn(inode)))
2044 return -EACCES;
2045
2046 if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
2047 attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
2048 ATTR_MODE);
2049
2050 /*
2051 * The only sane way to reliably kill suid/sgid is to do it in
2052 * the userspace filesystem
2053 *
2054 * This should be done on write(), truncate() and chown().
2055 */
2056 if (!fc->handle_killpriv && !fc->handle_killpriv_v2) {
2057 /*
2058 * ia_mode calculation may have used stale i_mode.
2059 * Refresh and recalculate.
2060 */
2061 ret = fuse_do_getattr(inode, NULL, file);
2062 if (ret)
2063 return ret;
2064
2065 attr->ia_mode = inode->i_mode;
2066 if (inode->i_mode & S_ISUID) {
2067 attr->ia_valid |= ATTR_MODE;
2068 attr->ia_mode &= ~S_ISUID;
2069 }
2070 if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
2071 attr->ia_valid |= ATTR_MODE;
2072 attr->ia_mode &= ~S_ISGID;
2073 }
2074 }
2075 }
2076 if (!attr->ia_valid)
2077 return 0;
2078
2079 ret = fuse_do_setattr(entry, attr, file);
2080 if (!ret) {
2081 /*
2082 * If filesystem supports acls it may have updated acl xattrs in
2083 * the filesystem, so forget cached acls for the inode.
2084 */
2085 if (fc->posix_acl)
2086 forget_all_cached_acls(inode);
2087
2088 /* Directory mode changed, may need to revalidate access */
2089 if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
2090 fuse_invalidate_entry_cache(entry);
2091 }
2092 return ret;
2093 }
2094
2095 static int fuse_getattr(struct mnt_idmap *idmap,
2096 const struct path *path, struct kstat *stat,
2097 u32 request_mask, unsigned int flags)
2098 {
2099 struct inode *inode = d_inode(path->dentry);
2100 struct fuse_conn *fc = get_fuse_conn(inode);
2101
2102 if (fuse_is_bad(inode))
2103 return -EIO;
2104
2105 if (!fuse_allow_current_process(fc)) {
2106 if (!request_mask) {
2107 /*
2108 * If user explicitly requested *nothing* then don't
2109 * error out, but return st_dev only.
2110 */
2111 stat->result_mask = 0;
2112 stat->dev = inode->i_sb->s_dev;
2113 return 0;
2114 }
2115 return -EACCES;
2116 }
2117
2118 return fuse_update_get_attr(inode, NULL, stat, request_mask, flags);
2119 }
2120
2121 static const struct inode_operations fuse_dir_inode_operations = {
2122 .lookup = fuse_lookup,
2123 .mkdir = fuse_mkdir,
2124 .symlink = fuse_symlink,
2125 .unlink = fuse_unlink,
2126 .rmdir = fuse_rmdir,
2127 .rename = fuse_rename2,
2128 .link = fuse_link,
2129 .setattr = fuse_setattr,
2130 .create = fuse_create,
2131 .atomic_open = fuse_atomic_open,
2132 .tmpfile = fuse_tmpfile,
2133 .mknod = fuse_mknod,
2134 .permission = fuse_permission,
2135 .getattr = fuse_getattr,
2136 .listxattr = fuse_listxattr,
2137 .get_inode_acl = fuse_get_inode_acl,
2138 .get_acl = fuse_get_acl,
2139 .set_acl = fuse_set_acl,
2140 .fileattr_get = fuse_fileattr_get,
2141 .fileattr_set = fuse_fileattr_set,
2142 };
2143
2144 static const struct file_operations fuse_dir_operations = {
2145 .llseek = generic_file_llseek,
2146 .read = generic_read_dir,
2147 .iterate_shared = fuse_readdir,
2148 .open = fuse_dir_open,
2149 .release = fuse_dir_release,
2150 .fsync = fuse_dir_fsync,
2151 .unlocked_ioctl = fuse_dir_ioctl,
2152 .compat_ioctl = fuse_dir_compat_ioctl,
2153 };
2154
2155 static const struct inode_operations fuse_common_inode_operations = {
2156 .setattr = fuse_setattr,
2157 .permission = fuse_permission,
2158 .getattr = fuse_getattr,
2159 .listxattr = fuse_listxattr,
2160 .get_inode_acl = fuse_get_inode_acl,
2161 .get_acl = fuse_get_acl,
2162 .set_acl = fuse_set_acl,
2163 .fileattr_get = fuse_fileattr_get,
2164 .fileattr_set = fuse_fileattr_set,
2165 };
2166
2167 static const struct inode_operations fuse_symlink_inode_operations = {
2168 .setattr = fuse_setattr,
2169 .get_link = fuse_get_link,
2170 .getattr = fuse_getattr,
2171 .listxattr = fuse_listxattr,
2172 };
2173
2174 void fuse_init_common(struct inode *inode)
2175 {
2176 inode->i_op = &fuse_common_inode_operations;
2177 }
2178
2179 void fuse_init_dir(struct inode *inode)
2180 {
2181 struct fuse_inode *fi = get_fuse_inode(inode);
2182
2183 inode->i_op = &fuse_dir_inode_operations;
2184 inode->i_fop = &fuse_dir_operations;
2185
2186 spin_lock_init(&fi->rdc.lock);
2187 fi->rdc.cached = false;
2188 fi->rdc.size = 0;
2189 fi->rdc.pos = 0;
2190 fi->rdc.version = 0;
2191 }
2192
2193 static int fuse_symlink_read_folio(struct file *null, struct folio *folio)
2194 {
2195 int err = fuse_readlink_page(folio->mapping->host, &folio->page);
2196
2197 if (!err)
2198 folio_mark_uptodate(folio);
2199
2200 folio_unlock(folio);
2201
2202 return err;
2203 }
2204
2205 static const struct address_space_operations fuse_symlink_aops = {
2206 .read_folio = fuse_symlink_read_folio,
2207 };
2208
2209 void fuse_init_symlink(struct inode *inode)
2210 {
2211 inode->i_op = &fuse_symlink_inode_operations;
2212 inode->i_data.a_ops = &fuse_symlink_aops;
2213 inode_nohighmem(inode);
2214 }
A mirror of Linus' kernel repository