fuse: implement ioctls to manage backing files

FUSE server calls the FUSE_DEV_IOC_BACKING_OPEN ioctl with a backing file
descriptor.  If the call succeeds, a backing file identifier is returned.

A later change will be using this backing file id in a reply to OPEN
request with the flag FOPEN_PASSTHROUGH to setup passthrough of file
operations on the open FUSE file to the backing file.

The FUSE server should call FUSE_DEV_IOC_BACKING_CLOSE ioctl to close the
backing file by its id.

This can be done at any time, but if an open reply with FOPEN_PASSTHROUGH
flag is still in progress, the open may fail if the backing file is
closed before the fuse file was opened.

Setting up backing files requires a server with CAP_SYS_ADMIN privileges.
For the backing file to be successfully setup, the backing file must
implement both read_iter and write_iter file operations.

The limitation on the level of filesystem stacking allowed for the
backing file is enforced before setting up the backing file.

Signed-off-by: Alessio Balsini <balsini@android.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index eba68b57bd7c08bfbbfd0bafa1abef0a23fefded..5a5fb56deb92fb19382813b450b9b7b7959bb7b7 100644 (file)
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -2283,6 +2283,41 @@ static long fuse_dev_ioctl_clone(struct file *file, __u32 __user *argp)
        return res;
 }
 
+static long fuse_dev_ioctl_backing_open(struct file *file,
+                                       struct fuse_backing_map __user *argp)
+{
+       struct fuse_dev *fud = fuse_get_dev(file);
+       struct fuse_backing_map map;
+
+       if (!fud)
+               return -EPERM;
+
+       if (!IS_ENABLED(CONFIG_FUSE_PASSTHROUGH))
+               return -EOPNOTSUPP;
+
+       if (copy_from_user(&map, argp, sizeof(map)))
+               return -EFAULT;
+
+       return fuse_backing_open(fud->fc, &map);
+}
+
+static long fuse_dev_ioctl_backing_close(struct file *file, __u32 __user *argp)
+{
+       struct fuse_dev *fud = fuse_get_dev(file);
+       int backing_id;
+
+       if (!fud)
+               return -EPERM;
+
+       if (!IS_ENABLED(CONFIG_FUSE_PASSTHROUGH))
+               return -EOPNOTSUPP;
+
+       if (get_user(backing_id, argp))
+               return -EFAULT;
+
+       return fuse_backing_close(fud->fc, backing_id);
+}
+
 static long fuse_dev_ioctl(struct file *file, unsigned int cmd,
                           unsigned long arg)
 {
@@ -2292,6 +2327,12 @@ static long fuse_dev_ioctl(struct file *file, unsigned int cmd,
        case FUSE_DEV_IOC_CLONE:
                return fuse_dev_ioctl_clone(file, argp);
 
+       case FUSE_DEV_IOC_BACKING_OPEN:
+               return fuse_dev_ioctl_backing_open(file, argp);
+
+       case FUSE_DEV_IOC_BACKING_CLOSE:
+               return fuse_dev_ioctl_backing_close(file, argp);
+
        default:
                return -ENOTTY;
        }

diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 19a86acc9dd03b8a68e395e26bf4d5d7a3114cb6..4f1681650f57d16f7ad8820c8e13c3b085151469 100644 (file)
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -79,6 +79,7 @@ struct fuse_submount_lookup {
 /** Container for data related to mapping to backing file */
 struct fuse_backing {
        struct file *file;
+       struct cred *cred;
 
        /** refcount */
        refcount_t count;
@@ -897,6 +898,11 @@ struct fuse_conn {
 
        /* New writepages go into this bucket */
        struct fuse_sync_bucket __rcu *curr_bucket;
+
+#ifdef CONFIG_FUSE_PASSTHROUGH
+       /** IDR for backing files ids */
+       struct idr backing_files_map;
+#endif
 };
 
 /*
@@ -1409,5 +1415,9 @@ static inline struct fuse_backing *fuse_inode_backing_set(struct fuse_inode *fi,
 
 struct fuse_backing *fuse_backing_get(struct fuse_backing *fb);
 void fuse_backing_put(struct fuse_backing *fb);
+void fuse_backing_files_init(struct fuse_conn *fc);
+void fuse_backing_files_free(struct fuse_conn *fc);
+int fuse_backing_open(struct fuse_conn *fc, struct fuse_backing_map *map);
+int fuse_backing_close(struct fuse_conn *fc, int backing_id);
 
 #endif /* _FS_FUSE_I_H */

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index c771bd3c13361809344bc99c4057c7f31b2c0339..0186df5fc9ea38f7e9a9145519ceef84d713f44a 100644 (file)
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -930,6 +930,9 @@ void fuse_conn_init(struct fuse_conn *fc, struct fuse_mount *fm,
        fc->max_pages = FUSE_DEFAULT_MAX_PAGES_PER_REQ;
        fc->max_pages_limit = FUSE_MAX_MAX_PAGES;
 
+       if (IS_ENABLED(CONFIG_FUSE_PASSTHROUGH))
+               fuse_backing_files_init(fc);
+
        INIT_LIST_HEAD(&fc->mounts);
        list_add(&fm->fc_entry, &fc->mounts);
        fm->fc = fc;
@@ -953,6 +956,8 @@ void fuse_conn_put(struct fuse_conn *fc)
                        WARN_ON(atomic_read(&bucket->count) != 1);
                        kfree(bucket);
                }
+               if (IS_ENABLED(CONFIG_FUSE_PASSTHROUGH))
+                       fuse_backing_files_free(fc);
                fc->release(fc);
        }
 }

diff --git a/fs/fuse/passthrough.c b/fs/fuse/passthrough.c
index e8639c0a9ac6d3b62911fe922413689d5d1b5d4a..7ec92a54c2e0c24b704edf661f296ec9da545c40 100644 (file)
--- a/fs/fuse/passthrough.c
+++ b/fs/fuse/passthrough.c
@@ -18,8 +18,11 @@ struct fuse_backing *fuse_backing_get(struct fuse_backing *fb)
 
 static void fuse_backing_free(struct fuse_backing *fb)
 {
+       pr_debug("%s: fb=0x%p\n", __func__, fb);
+
        if (fb->file)
                fput(fb->file);
+       put_cred(fb->cred);
        kfree_rcu(fb, rcu);
 }
 
@@ -28,3 +31,136 @@ void fuse_backing_put(struct fuse_backing *fb)
        if (fb && refcount_dec_and_test(&fb->count))
                fuse_backing_free(fb);
 }
+
+void fuse_backing_files_init(struct fuse_conn *fc)
+{
+       idr_init(&fc->backing_files_map);
+}
+
+static int fuse_backing_id_alloc(struct fuse_conn *fc, struct fuse_backing *fb)
+{
+       int id;
+
+       idr_preload(GFP_KERNEL);
+       spin_lock(&fc->lock);
+       /* FIXME: xarray might be space inefficient */
+       id = idr_alloc_cyclic(&fc->backing_files_map, fb, 1, 0, GFP_ATOMIC);
+       spin_unlock(&fc->lock);
+       idr_preload_end();
+
+       WARN_ON_ONCE(id == 0);
+       return id;
+}
+
+static struct fuse_backing *fuse_backing_id_remove(struct fuse_conn *fc,
+                                                  int id)
+{
+       struct fuse_backing *fb;
+
+       spin_lock(&fc->lock);
+       fb = idr_remove(&fc->backing_files_map, id);
+       spin_unlock(&fc->lock);
+
+       return fb;
+}
+
+static int fuse_backing_id_free(int id, void *p, void *data)
+{
+       struct fuse_backing *fb = p;
+
+       WARN_ON_ONCE(refcount_read(&fb->count) != 1);
+       fuse_backing_free(fb);
+       return 0;
+}
+
+void fuse_backing_files_free(struct fuse_conn *fc)
+{
+       idr_for_each(&fc->backing_files_map, fuse_backing_id_free, NULL);
+       idr_destroy(&fc->backing_files_map);
+}
+
+int fuse_backing_open(struct fuse_conn *fc, struct fuse_backing_map *map)
+{
+       struct file *file;
+       struct super_block *backing_sb;
+       struct fuse_backing *fb = NULL;
+       int res;
+
+       pr_debug("%s: fd=%d flags=0x%x\n", __func__, map->fd, map->flags);
+
+       /* TODO: relax CAP_SYS_ADMIN once backing files are visible to lsof */
+       res = -EPERM;
+       if (!fc->passthrough || !capable(CAP_SYS_ADMIN))
+               goto out;
+
+       res = -EINVAL;
+       if (map->flags)
+               goto out;
+
+       file = fget(map->fd);
+       res = -EBADF;
+       if (!file)
+               goto out;
+
+       res = -EOPNOTSUPP;
+       if (!file->f_op->read_iter || !file->f_op->write_iter)
+               goto out_fput;
+
+       backing_sb = file_inode(file)->i_sb;
+       res = -ELOOP;
+       if (backing_sb->s_stack_depth >= fc->max_stack_depth)
+               goto out_fput;
+
+       fb = kmalloc(sizeof(struct fuse_backing), GFP_KERNEL);
+       res = -ENOMEM;
+       if (!fb)
+               goto out_fput;
+
+       fb->file = file;
+       fb->cred = prepare_creds();
+       refcount_set(&fb->count, 1);
+
+       res = fuse_backing_id_alloc(fc, fb);
+       if (res < 0) {
+               fuse_backing_free(fb);
+               fb = NULL;
+       }
+
+out:
+       pr_debug("%s: fb=0x%p, ret=%i\n", __func__, fb, res);
+
+       return res;
+
+out_fput:
+       fput(file);
+       goto out;
+}
+
+int fuse_backing_close(struct fuse_conn *fc, int backing_id)
+{
+       struct fuse_backing *fb = NULL;
+       int err;
+
+       pr_debug("%s: backing_id=%d\n", __func__, backing_id);
+
+       /* TODO: relax CAP_SYS_ADMIN once backing files are visible to lsof */
+       err = -EPERM;
+       if (!fc->passthrough || !capable(CAP_SYS_ADMIN))
+               goto out;
+
+       err = -EINVAL;
+       if (backing_id <= 0)
+               goto out;
+
+       err = -ENOENT;
+       fb = fuse_backing_id_remove(fc, backing_id);
+       if (!fb)
+               goto out;
+
+       fuse_backing_put(fb);
+       err = 0;
+out:
+       pr_debug("%s: fb=0x%p, err=%i\n", __func__, fb, err);
+
+       return err;
+}

diff --git a/include/uapi/linux/fuse.h b/include/uapi/linux/fuse.h
index 7bb6219cfda0e1bac803f0e11425d7fbe75d43bd..1162a47b6a42d709ac6f3c9fac01783be29d9eb5 100644 (file)
--- a/include/uapi/linux/fuse.h
+++ b/include/uapi/linux/fuse.h
@@ -1057,9 +1057,18 @@ struct fuse_notify_retrieve_in {
        uint64_t        dummy4;
 };
 
+struct fuse_backing_map {
+       int32_t         fd;
+       uint32_t        flags;
+       uint64_t        padding;
+};
+
 /* Device ioctls: */
 #define FUSE_DEV_IOC_MAGIC             229
 #define FUSE_DEV_IOC_CLONE             _IOR(FUSE_DEV_IOC_MAGIC, 0, uint32_t)
+#define FUSE_DEV_IOC_BACKING_OPEN      _IOW(FUSE_DEV_IOC_MAGIC, 1, \
+                                            struct fuse_backing_map)
+#define FUSE_DEV_IOC_BACKING_CLOSE     _IOW(FUSE_DEV_IOC_MAGIC, 2, uint32_t)
 
 struct fuse_lseek_in {
        uint64_t        fh;