2 FUSE: Filesystem in Userspace
5 This program can be distributed under the terms of the GNU GPL.
11 #include <linux/pagemap.h>
12 #include <linux/file.h>
13 #include <linux/fs_context.h>
14 #include <linux/moduleparam.h>
15 #include <linux/sched.h>
16 #include <linux/namei.h>
17 #include <linux/slab.h>
18 #include <linux/xattr.h>
19 #include <linux/iversion.h>
20 #include <linux/posix_acl.h>
21 #include <linux/security.h>
22 #include <linux/types.h>
23 #include <linux/kernel.h>
25 static bool __read_mostly allow_sys_admin_access;
26 module_param(allow_sys_admin_access, bool, 0644);
27 MODULE_PARM_DESC(allow_sys_admin_access,
28 "Allow users with CAP_SYS_ADMIN in initial userns to bypass allow_other access check");
30 static void fuse_advise_use_readdirplus(struct inode *dir)
32 struct fuse_inode *fi = get_fuse_inode(dir);
34 set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state);
37 #if BITS_PER_LONG >= 64
38 static inline void __fuse_dentry_settime(struct dentry *entry, u64 time)
40 entry->d_fsdata = (void *) time;
43 static inline u64 fuse_dentry_time(const struct dentry *entry)
45 return (u64)entry->d_fsdata;
54 static inline void __fuse_dentry_settime(struct dentry *dentry, u64 time)
56 ((union fuse_dentry *) dentry->d_fsdata)->time = time;
59 static inline u64 fuse_dentry_time(const struct dentry *entry)
61 return ((union fuse_dentry *) entry->d_fsdata)->time;
65 static void fuse_dentry_settime(struct dentry *dentry, u64 time)
67 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
68 bool delete = !time && fc->delete_stale;
70 * Mess with DCACHE_OP_DELETE because dput() will be faster without it.
71 * Don't care about races, either way it's just an optimization
73 if ((!delete && (dentry->d_flags & DCACHE_OP_DELETE)) ||
74 (delete && !(dentry->d_flags & DCACHE_OP_DELETE))) {
75 spin_lock(&dentry->d_lock);
77 dentry->d_flags &= ~DCACHE_OP_DELETE;
79 dentry->d_flags |= DCACHE_OP_DELETE;
80 spin_unlock(&dentry->d_lock);
83 __fuse_dentry_settime(dentry, time);
87 * FUSE caches dentries and attributes with separate timeout. The
88 * time in jiffies until the dentry/attributes are valid is stored in
89 * dentry->d_fsdata and fuse_inode->i_time respectively.
93 * Calculate the time in jiffies until a dentry/attributes are valid
95 u64 fuse_time_to_jiffies(u64 sec, u32 nsec)
98 struct timespec64 ts = {
100 min_t(u32, nsec, NSEC_PER_SEC - 1)
103 return get_jiffies_64() + timespec64_to_jiffies(&ts);
109 * Set dentry and possibly attribute timeouts from the lookup/mk*
112 void fuse_change_entry_timeout(struct dentry *entry, struct fuse_entry_out *o)
114 fuse_dentry_settime(entry,
115 fuse_time_to_jiffies(o->entry_valid, o->entry_valid_nsec));
118 void fuse_invalidate_attr_mask(struct inode *inode, u32 mask)
120 set_mask_bits(&get_fuse_inode(inode)->inval_mask, 0, mask);
124 * Mark the attributes as stale, so that at the next call to
125 * ->getattr() they will be fetched from userspace
127 void fuse_invalidate_attr(struct inode *inode)
129 fuse_invalidate_attr_mask(inode, STATX_BASIC_STATS);
132 static void fuse_dir_changed(struct inode *dir)
134 fuse_invalidate_attr(dir);
135 inode_maybe_inc_iversion(dir, false);
139 * Mark the attributes as stale due to an atime change. Avoid the invalidate if
142 void fuse_invalidate_atime(struct inode *inode)
144 if (!IS_RDONLY(inode))
145 fuse_invalidate_attr_mask(inode, STATX_ATIME);
149 * Just mark the entry as stale, so that a next attempt to look it up
150 * will result in a new lookup call to userspace
152 * This is called when a dentry is about to become negative and the
153 * timeout is unknown (unlink, rmdir, rename and in some cases
156 void fuse_invalidate_entry_cache(struct dentry *entry)
158 fuse_dentry_settime(entry, 0);
162 * Same as fuse_invalidate_entry_cache(), but also try to remove the
163 * dentry from the hash
165 static void fuse_invalidate_entry(struct dentry *entry)
168 fuse_invalidate_entry_cache(entry);
171 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args,
172 u64 nodeid, const struct qstr *name,
173 struct fuse_entry_out *outarg)
175 memset(outarg, 0, sizeof(struct fuse_entry_out));
176 args->opcode = FUSE_LOOKUP;
177 args->nodeid = nodeid;
178 args->in_numargs = 1;
179 args->in_args[0].size = name->len + 1;
180 args->in_args[0].value = name->name;
181 args->out_numargs = 1;
182 args->out_args[0].size = sizeof(struct fuse_entry_out);
183 args->out_args[0].value = outarg;
187 * Check whether the dentry is still valid
189 * If the entry validity timeout has expired and the dentry is
190 * positive, try to redo the lookup. If the lookup results in a
191 * different inode, then let the VFS invalidate the dentry and redo
192 * the lookup once more. If the lookup results in the same inode,
193 * then refresh the attributes, timeouts and mark the dentry valid.
195 static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags)
198 struct dentry *parent;
199 struct fuse_mount *fm;
200 struct fuse_inode *fi;
203 inode = d_inode_rcu(entry);
204 if (inode && fuse_is_bad(inode))
206 else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||
207 (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) {
208 struct fuse_entry_out outarg;
210 struct fuse_forget_link *forget;
213 /* For negative dentries, always do a fresh lookup */
218 if (flags & LOOKUP_RCU)
221 fm = get_fuse_mount(inode);
223 forget = fuse_alloc_forget();
228 attr_version = fuse_get_attr_version(fm->fc);
230 parent = dget_parent(entry);
231 fuse_lookup_init(fm->fc, &args, get_node_id(d_inode(parent)),
232 &entry->d_name, &outarg);
233 ret = fuse_simple_request(fm, &args);
235 /* Zero nodeid is same as -ENOENT */
236 if (!ret && !outarg.nodeid)
239 fi = get_fuse_inode(inode);
240 if (outarg.nodeid != get_node_id(inode) ||
241 (bool) IS_AUTOMOUNT(inode) != (bool) (outarg.attr.flags & FUSE_ATTR_SUBMOUNT)) {
242 fuse_queue_forget(fm->fc, forget,
246 spin_lock(&fi->lock);
248 spin_unlock(&fi->lock);
251 if (ret == -ENOMEM || ret == -EINTR)
253 if (ret || fuse_invalid_attr(&outarg.attr) ||
254 fuse_stale_inode(inode, outarg.generation, &outarg.attr))
257 forget_all_cached_acls(inode);
258 fuse_change_attributes(inode, &outarg.attr, NULL,
259 ATTR_TIMEOUT(&outarg),
261 fuse_change_entry_timeout(entry, &outarg);
263 fi = get_fuse_inode(inode);
264 if (flags & LOOKUP_RCU) {
265 if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state))
267 } else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) {
268 parent = dget_parent(entry);
269 fuse_advise_use_readdirplus(d_inode(parent));
282 #if BITS_PER_LONG < 64
283 static int fuse_dentry_init(struct dentry *dentry)
285 dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry),
286 GFP_KERNEL_ACCOUNT | __GFP_RECLAIMABLE);
288 return dentry->d_fsdata ? 0 : -ENOMEM;
290 static void fuse_dentry_release(struct dentry *dentry)
292 union fuse_dentry *fd = dentry->d_fsdata;
298 static int fuse_dentry_delete(const struct dentry *dentry)
300 return time_before64(fuse_dentry_time(dentry), get_jiffies_64());
304 * Create a fuse_mount object with a new superblock (with path->dentry
305 * as the root), and return that mount so it can be auto-mounted on
308 static struct vfsmount *fuse_dentry_automount(struct path *path)
310 struct fs_context *fsc;
311 struct vfsmount *mnt;
312 struct fuse_inode *mp_fi = get_fuse_inode(d_inode(path->dentry));
314 fsc = fs_context_for_submount(path->mnt->mnt_sb->s_type, path->dentry);
316 return ERR_CAST(fsc);
318 /* Pass the FUSE inode of the mount for fuse_get_tree_submount() */
319 fsc->fs_private = mp_fi;
321 /* Create the submount */
330 const struct dentry_operations fuse_dentry_operations = {
331 .d_revalidate = fuse_dentry_revalidate,
332 .d_delete = fuse_dentry_delete,
333 #if BITS_PER_LONG < 64
334 .d_init = fuse_dentry_init,
335 .d_release = fuse_dentry_release,
337 .d_automount = fuse_dentry_automount,
340 const struct dentry_operations fuse_root_dentry_operations = {
341 #if BITS_PER_LONG < 64
342 .d_init = fuse_dentry_init,
343 .d_release = fuse_dentry_release,
347 int fuse_valid_type(int m)
349 return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) ||
350 S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m);
353 static bool fuse_valid_size(u64 size)
355 return size <= LLONG_MAX;
358 bool fuse_invalid_attr(struct fuse_attr *attr)
360 return !fuse_valid_type(attr->mode) || !fuse_valid_size(attr->size);
363 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name,
364 struct fuse_entry_out *outarg, struct inode **inode)
366 struct fuse_mount *fm = get_fuse_mount_super(sb);
368 struct fuse_forget_link *forget;
369 u64 attr_version, evict_ctr;
374 if (name->len > FUSE_NAME_MAX)
378 forget = fuse_alloc_forget();
383 attr_version = fuse_get_attr_version(fm->fc);
384 evict_ctr = fuse_get_evict_ctr(fm->fc);
386 fuse_lookup_init(fm->fc, &args, nodeid, name, outarg);
387 err = fuse_simple_request(fm, &args);
388 /* Zero nodeid is same as -ENOENT, but with valid timeout */
389 if (err || !outarg->nodeid)
393 if (fuse_invalid_attr(&outarg->attr))
395 if (outarg->nodeid == FUSE_ROOT_ID && outarg->generation != 0) {
396 pr_warn_once("root generation should be zero\n");
397 outarg->generation = 0;
400 *inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
401 &outarg->attr, ATTR_TIMEOUT(outarg),
402 attr_version, evict_ctr);
405 fuse_queue_forget(fm->fc, forget, outarg->nodeid, 1);
416 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
420 struct fuse_entry_out outarg;
422 struct dentry *newent;
423 bool outarg_valid = true;
426 if (fuse_is_bad(dir))
427 return ERR_PTR(-EIO);
429 locked = fuse_lock_inode(dir);
430 err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name,
432 fuse_unlock_inode(dir, locked);
433 if (err == -ENOENT) {
434 outarg_valid = false;
441 if (inode && get_node_id(inode) == FUSE_ROOT_ID)
444 newent = d_splice_alias(inode, entry);
445 err = PTR_ERR(newent);
449 entry = newent ? newent : entry;
451 fuse_change_entry_timeout(entry, &outarg);
453 fuse_invalidate_entry_cache(entry);
456 fuse_advise_use_readdirplus(dir);
465 static int get_security_context(struct dentry *entry, umode_t mode,
466 struct fuse_in_arg *ext)
468 struct fuse_secctx *fctx;
469 struct fuse_secctx_header *header;
470 void *ctx = NULL, *ptr;
471 u32 ctxlen, total_len = sizeof(*header);
476 err = security_dentry_init_security(entry, mode, &entry->d_name,
477 &name, &ctx, &ctxlen);
479 if (err != -EOPNOTSUPP)
481 /* No LSM is supporting this security hook. Ignore error */
488 namelen = strlen(name) + 1;
490 if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || ctxlen > S32_MAX))
492 total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + ctxlen);
496 header = ptr = kzalloc(total_len, GFP_KERNEL);
500 header->nr_secctx = nr_ctx;
501 header->size = total_len;
502 ptr += sizeof(*header);
506 ptr += sizeof(*fctx);
511 memcpy(ptr, ctx, ctxlen);
513 ext->size = total_len;
521 static void *extend_arg(struct fuse_in_arg *buf, u32 bytes)
524 u32 newlen = buf->size + bytes;
526 p = krealloc(buf->value, newlen, GFP_KERNEL);
534 memset(p + buf->size, 0, bytes);
538 return p + newlen - bytes;
541 static u32 fuse_ext_size(size_t size)
543 return FUSE_REC_ALIGN(sizeof(struct fuse_ext_header) + size);
547 * This adds just a single supplementary group that matches the parent's group.
549 static int get_create_supp_group(struct mnt_idmap *idmap,
551 struct fuse_in_arg *ext)
553 struct fuse_conn *fc = get_fuse_conn(dir);
554 struct fuse_ext_header *xh;
555 struct fuse_supp_groups *sg;
556 kgid_t kgid = dir->i_gid;
557 vfsgid_t vfsgid = make_vfsgid(idmap, fc->user_ns, kgid);
558 gid_t parent_gid = from_kgid(fc->user_ns, kgid);
560 u32 sg_len = fuse_ext_size(sizeof(*sg) + sizeof(sg->groups[0]));
562 if (parent_gid == (gid_t) -1 || vfsgid_eq_kgid(vfsgid, current_fsgid()) ||
563 !vfsgid_in_group_p(vfsgid))
566 xh = extend_arg(ext, sg_len);
571 xh->type = FUSE_EXT_GROUPS;
573 sg = (struct fuse_supp_groups *) &xh[1];
575 sg->groups[0] = parent_gid;
580 static int get_create_ext(struct mnt_idmap *idmap,
581 struct fuse_args *args,
582 struct inode *dir, struct dentry *dentry,
585 struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
586 struct fuse_in_arg ext = { .size = 0, .value = NULL };
589 if (fc->init_security)
590 err = get_security_context(dentry, mode, &ext);
591 if (!err && fc->create_supp_group)
592 err = get_create_supp_group(idmap, dir, &ext);
594 if (!err && ext.size) {
595 WARN_ON(args->in_numargs >= ARRAY_SIZE(args->in_args));
597 args->ext_idx = args->in_numargs++;
598 args->in_args[args->ext_idx] = ext;
606 static void free_ext_value(struct fuse_args *args)
609 kfree(args->in_args[args->ext_idx].value);
613 * Atomic create+open operation
615 * If the filesystem doesn't support this, then fall back to separate
616 * 'mknod' + 'open' requests.
618 static int fuse_create_open(struct mnt_idmap *idmap, struct inode *dir,
619 struct dentry *entry, struct file *file,
620 unsigned int flags, umode_t mode, u32 opcode)
624 struct fuse_mount *fm = get_fuse_mount(dir);
626 struct fuse_forget_link *forget;
627 struct fuse_create_in inarg;
628 struct fuse_open_out *outopenp;
629 struct fuse_entry_out outentry;
630 struct fuse_inode *fi;
631 struct fuse_file *ff;
632 bool trunc = flags & O_TRUNC;
634 /* Userspace expects S_IFREG in create mode */
635 BUG_ON((mode & S_IFMT) != S_IFREG);
637 forget = fuse_alloc_forget();
643 ff = fuse_file_alloc(fm, true);
645 goto out_put_forget_req;
647 if (!fm->fc->dont_mask)
648 mode &= ~current_umask();
651 memset(&inarg, 0, sizeof(inarg));
652 memset(&outentry, 0, sizeof(outentry));
655 inarg.umask = current_umask();
657 if (fm->fc->handle_killpriv_v2 && trunc &&
658 !(flags & O_EXCL) && !capable(CAP_FSETID)) {
659 inarg.open_flags |= FUSE_OPEN_KILL_SUIDGID;
662 args.opcode = opcode;
663 args.nodeid = get_node_id(dir);
665 args.in_args[0].size = sizeof(inarg);
666 args.in_args[0].value = &inarg;
667 args.in_args[1].size = entry->d_name.len + 1;
668 args.in_args[1].value = entry->d_name.name;
669 args.out_numargs = 2;
670 args.out_args[0].size = sizeof(outentry);
671 args.out_args[0].value = &outentry;
672 /* Store outarg for fuse_finish_open() */
673 outopenp = &ff->args->open_outarg;
674 args.out_args[1].size = sizeof(*outopenp);
675 args.out_args[1].value = outopenp;
677 err = get_create_ext(idmap, &args, dir, entry, mode);
681 err = fuse_simple_idmap_request(idmap, fm, &args);
682 free_ext_value(&args);
687 if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid) ||
688 fuse_invalid_attr(&outentry.attr))
691 ff->fh = outopenp->fh;
692 ff->nodeid = outentry.nodeid;
693 ff->open_flags = outopenp->open_flags;
694 inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation,
695 &outentry.attr, ATTR_TIMEOUT(&outentry), 0, 0);
697 flags &= ~(O_CREAT | O_EXCL | O_TRUNC);
698 fuse_sync_release(NULL, ff, flags);
699 fuse_queue_forget(fm->fc, forget, outentry.nodeid, 1);
704 d_instantiate(entry, inode);
705 fuse_change_entry_timeout(entry, &outentry);
706 fuse_dir_changed(dir);
707 err = generic_file_open(inode, file);
709 file->private_data = ff;
710 err = finish_open(file, entry, fuse_finish_open);
713 fi = get_fuse_inode(inode);
714 fuse_sync_release(fi, ff, flags);
716 if (fm->fc->atomic_o_trunc && trunc)
717 truncate_pagecache(inode, 0);
718 else if (!(ff->open_flags & FOPEN_KEEP_CACHE))
719 invalidate_inode_pages2(inode->i_mapping);
731 static int fuse_mknod(struct mnt_idmap *, struct inode *, struct dentry *,
733 static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
734 struct file *file, unsigned flags,
738 struct mnt_idmap *idmap = file_mnt_idmap(file);
739 struct fuse_conn *fc = get_fuse_conn(dir);
740 struct dentry *res = NULL;
742 if (fuse_is_bad(dir))
745 if (d_in_lookup(entry)) {
746 res = fuse_lookup(dir, entry, 0);
754 if (!(flags & O_CREAT) || d_really_is_positive(entry))
758 file->f_mode |= FMODE_CREATED;
763 err = fuse_create_open(idmap, dir, entry, file, flags, mode, FUSE_CREATE);
764 if (err == -ENOSYS) {
767 } else if (err == -EEXIST)
768 fuse_invalidate_entry(entry);
774 err = fuse_mknod(idmap, dir, entry, mode, 0);
778 return finish_no_open(file, res);
782 * Code shared between mknod, mkdir, symlink and link
784 static int create_new_entry(struct mnt_idmap *idmap, struct fuse_mount *fm,
785 struct fuse_args *args, struct inode *dir,
786 struct dentry *entry, umode_t mode)
788 struct fuse_entry_out outarg;
792 struct fuse_forget_link *forget;
794 if (fuse_is_bad(dir))
797 forget = fuse_alloc_forget();
801 memset(&outarg, 0, sizeof(outarg));
802 args->nodeid = get_node_id(dir);
803 args->out_numargs = 1;
804 args->out_args[0].size = sizeof(outarg);
805 args->out_args[0].value = &outarg;
807 if (args->opcode != FUSE_LINK) {
808 err = get_create_ext(idmap, args, dir, entry, mode);
810 goto out_put_forget_req;
813 err = fuse_simple_idmap_request(idmap, fm, args);
814 free_ext_value(args);
816 goto out_put_forget_req;
819 if (invalid_nodeid(outarg.nodeid) || fuse_invalid_attr(&outarg.attr))
820 goto out_put_forget_req;
822 if ((outarg.attr.mode ^ mode) & S_IFMT)
823 goto out_put_forget_req;
825 inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation,
826 &outarg.attr, ATTR_TIMEOUT(&outarg), 0, 0);
828 fuse_queue_forget(fm->fc, forget, outarg.nodeid, 1);
834 d = d_splice_alias(inode, entry);
839 fuse_change_entry_timeout(d, &outarg);
842 fuse_change_entry_timeout(entry, &outarg);
844 fuse_dir_changed(dir);
849 fuse_invalidate_entry(entry);
854 static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir,
855 struct dentry *entry, umode_t mode, dev_t rdev)
857 struct fuse_mknod_in inarg;
858 struct fuse_mount *fm = get_fuse_mount(dir);
861 if (!fm->fc->dont_mask)
862 mode &= ~current_umask();
864 memset(&inarg, 0, sizeof(inarg));
866 inarg.rdev = new_encode_dev(rdev);
867 inarg.umask = current_umask();
868 args.opcode = FUSE_MKNOD;
870 args.in_args[0].size = sizeof(inarg);
871 args.in_args[0].value = &inarg;
872 args.in_args[1].size = entry->d_name.len + 1;
873 args.in_args[1].value = entry->d_name.name;
874 return create_new_entry(idmap, fm, &args, dir, entry, mode);
877 static int fuse_create(struct mnt_idmap *idmap, struct inode *dir,
878 struct dentry *entry, umode_t mode, bool excl)
880 return fuse_mknod(idmap, dir, entry, mode, 0);
883 static int fuse_tmpfile(struct mnt_idmap *idmap, struct inode *dir,
884 struct file *file, umode_t mode)
886 struct fuse_conn *fc = get_fuse_conn(dir);
892 err = fuse_create_open(idmap, dir, file->f_path.dentry, file,
893 file->f_flags, mode, FUSE_TMPFILE);
894 if (err == -ENOSYS) {
901 static int fuse_mkdir(struct mnt_idmap *idmap, struct inode *dir,
902 struct dentry *entry, umode_t mode)
904 struct fuse_mkdir_in inarg;
905 struct fuse_mount *fm = get_fuse_mount(dir);
908 if (!fm->fc->dont_mask)
909 mode &= ~current_umask();
911 memset(&inarg, 0, sizeof(inarg));
913 inarg.umask = current_umask();
914 args.opcode = FUSE_MKDIR;
916 args.in_args[0].size = sizeof(inarg);
917 args.in_args[0].value = &inarg;
918 args.in_args[1].size = entry->d_name.len + 1;
919 args.in_args[1].value = entry->d_name.name;
920 return create_new_entry(idmap, fm, &args, dir, entry, S_IFDIR);
923 static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir,
924 struct dentry *entry, const char *link)
926 struct fuse_mount *fm = get_fuse_mount(dir);
927 unsigned len = strlen(link) + 1;
930 args.opcode = FUSE_SYMLINK;
932 args.in_args[0].size = entry->d_name.len + 1;
933 args.in_args[0].value = entry->d_name.name;
934 args.in_args[1].size = len;
935 args.in_args[1].value = link;
936 return create_new_entry(idmap, fm, &args, dir, entry, S_IFLNK);
939 void fuse_flush_time_update(struct inode *inode)
941 int err = sync_inode_metadata(inode, 1);
943 mapping_set_error(inode->i_mapping, err);
946 static void fuse_update_ctime_in_cache(struct inode *inode)
948 if (!IS_NOCMTIME(inode)) {
949 inode_set_ctime_current(inode);
950 mark_inode_dirty_sync(inode);
951 fuse_flush_time_update(inode);
955 void fuse_update_ctime(struct inode *inode)
957 fuse_invalidate_attr_mask(inode, STATX_CTIME);
958 fuse_update_ctime_in_cache(inode);
961 static void fuse_entry_unlinked(struct dentry *entry)
963 struct inode *inode = d_inode(entry);
964 struct fuse_conn *fc = get_fuse_conn(inode);
965 struct fuse_inode *fi = get_fuse_inode(inode);
967 spin_lock(&fi->lock);
968 fi->attr_version = atomic64_inc_return(&fc->attr_version);
970 * If i_nlink == 0 then unlink doesn't make sense, yet this can
971 * happen if userspace filesystem is careless. It would be
972 * difficult to enforce correct nlink usage so just ignore this
975 if (S_ISDIR(inode->i_mode))
977 else if (inode->i_nlink > 0)
979 spin_unlock(&fi->lock);
980 fuse_invalidate_entry_cache(entry);
981 fuse_update_ctime(inode);
984 static int fuse_unlink(struct inode *dir, struct dentry *entry)
987 struct fuse_mount *fm = get_fuse_mount(dir);
990 if (fuse_is_bad(dir))
993 args.opcode = FUSE_UNLINK;
994 args.nodeid = get_node_id(dir);
996 args.in_args[0].size = entry->d_name.len + 1;
997 args.in_args[0].value = entry->d_name.name;
998 err = fuse_simple_request(fm, &args);
1000 fuse_dir_changed(dir);
1001 fuse_entry_unlinked(entry);
1002 } else if (err == -EINTR || err == -ENOENT)
1003 fuse_invalidate_entry(entry);
1007 static int fuse_rmdir(struct inode *dir, struct dentry *entry)
1010 struct fuse_mount *fm = get_fuse_mount(dir);
1013 if (fuse_is_bad(dir))
1016 args.opcode = FUSE_RMDIR;
1017 args.nodeid = get_node_id(dir);
1018 args.in_numargs = 1;
1019 args.in_args[0].size = entry->d_name.len + 1;
1020 args.in_args[0].value = entry->d_name.name;
1021 err = fuse_simple_request(fm, &args);
1023 fuse_dir_changed(dir);
1024 fuse_entry_unlinked(entry);
1025 } else if (err == -EINTR || err == -ENOENT)
1026 fuse_invalidate_entry(entry);
1030 static int fuse_rename_common(struct mnt_idmap *idmap, struct inode *olddir, struct dentry *oldent,
1031 struct inode *newdir, struct dentry *newent,
1032 unsigned int flags, int opcode, size_t argsize)
1035 struct fuse_rename2_in inarg;
1036 struct fuse_mount *fm = get_fuse_mount(olddir);
1039 memset(&inarg, 0, argsize);
1040 inarg.newdir = get_node_id(newdir);
1041 inarg.flags = flags;
1042 args.opcode = opcode;
1043 args.nodeid = get_node_id(olddir);
1044 args.in_numargs = 3;
1045 args.in_args[0].size = argsize;
1046 args.in_args[0].value = &inarg;
1047 args.in_args[1].size = oldent->d_name.len + 1;
1048 args.in_args[1].value = oldent->d_name.name;
1049 args.in_args[2].size = newent->d_name.len + 1;
1050 args.in_args[2].value = newent->d_name.name;
1051 err = fuse_simple_idmap_request(idmap, fm, &args);
1054 fuse_update_ctime(d_inode(oldent));
1056 if (flags & RENAME_EXCHANGE)
1057 fuse_update_ctime(d_inode(newent));
1059 fuse_dir_changed(olddir);
1060 if (olddir != newdir)
1061 fuse_dir_changed(newdir);
1063 /* newent will end up negative */
1064 if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent))
1065 fuse_entry_unlinked(newent);
1066 } else if (err == -EINTR || err == -ENOENT) {
1067 /* If request was interrupted, DEITY only knows if the
1068 rename actually took place. If the invalidation
1069 fails (e.g. some process has CWD under the renamed
1070 directory), then there can be inconsistency between
1071 the dcache and the real filesystem. Tough luck. */
1072 fuse_invalidate_entry(oldent);
1073 if (d_really_is_positive(newent))
1074 fuse_invalidate_entry(newent);
1080 static int fuse_rename2(struct mnt_idmap *idmap, struct inode *olddir,
1081 struct dentry *oldent, struct inode *newdir,
1082 struct dentry *newent, unsigned int flags)
1084 struct fuse_conn *fc = get_fuse_conn(olddir);
1087 if (fuse_is_bad(olddir))
1090 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
1094 if (fc->no_rename2 || fc->minor < 23)
1097 err = fuse_rename_common((flags & RENAME_WHITEOUT) ? idmap : &invalid_mnt_idmap,
1098 olddir, oldent, newdir, newent, flags,
1100 sizeof(struct fuse_rename2_in));
1101 if (err == -ENOSYS) {
1106 err = fuse_rename_common(&invalid_mnt_idmap, olddir, oldent, newdir, newent, 0,
1108 sizeof(struct fuse_rename_in));
1114 static int fuse_link(struct dentry *entry, struct inode *newdir,
1115 struct dentry *newent)
1118 struct fuse_link_in inarg;
1119 struct inode *inode = d_inode(entry);
1120 struct fuse_mount *fm = get_fuse_mount(inode);
1123 memset(&inarg, 0, sizeof(inarg));
1124 inarg.oldnodeid = get_node_id(inode);
1125 args.opcode = FUSE_LINK;
1126 args.in_numargs = 2;
1127 args.in_args[0].size = sizeof(inarg);
1128 args.in_args[0].value = &inarg;
1129 args.in_args[1].size = newent->d_name.len + 1;
1130 args.in_args[1].value = newent->d_name.name;
1131 err = create_new_entry(&invalid_mnt_idmap, fm, &args, newdir, newent, inode->i_mode);
1133 fuse_update_ctime_in_cache(inode);
1134 else if (err == -EINTR)
1135 fuse_invalidate_attr(inode);
1140 static void fuse_fillattr(struct mnt_idmap *idmap, struct inode *inode,
1141 struct fuse_attr *attr, struct kstat *stat)
1143 unsigned int blkbits;
1144 struct fuse_conn *fc = get_fuse_conn(inode);
1145 vfsuid_t vfsuid = make_vfsuid(idmap, fc->user_ns,
1146 make_kuid(fc->user_ns, attr->uid));
1147 vfsgid_t vfsgid = make_vfsgid(idmap, fc->user_ns,
1148 make_kgid(fc->user_ns, attr->gid));
1150 stat->dev = inode->i_sb->s_dev;
1151 stat->ino = attr->ino;
1152 stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777);
1153 stat->nlink = attr->nlink;
1154 stat->uid = vfsuid_into_kuid(vfsuid);
1155 stat->gid = vfsgid_into_kgid(vfsgid);
1156 stat->rdev = inode->i_rdev;
1157 stat->atime.tv_sec = attr->atime;
1158 stat->atime.tv_nsec = attr->atimensec;
1159 stat->mtime.tv_sec = attr->mtime;
1160 stat->mtime.tv_nsec = attr->mtimensec;
1161 stat->ctime.tv_sec = attr->ctime;
1162 stat->ctime.tv_nsec = attr->ctimensec;
1163 stat->size = attr->size;
1164 stat->blocks = attr->blocks;
1166 if (attr->blksize != 0)
1167 blkbits = ilog2(attr->blksize);
1169 blkbits = inode->i_sb->s_blocksize_bits;
1171 stat->blksize = 1 << blkbits;
1174 static void fuse_statx_to_attr(struct fuse_statx *sx, struct fuse_attr *attr)
1176 memset(attr, 0, sizeof(*attr));
1177 attr->ino = sx->ino;
1178 attr->size = sx->size;
1179 attr->blocks = sx->blocks;
1180 attr->atime = sx->atime.tv_sec;
1181 attr->mtime = sx->mtime.tv_sec;
1182 attr->ctime = sx->ctime.tv_sec;
1183 attr->atimensec = sx->atime.tv_nsec;
1184 attr->mtimensec = sx->mtime.tv_nsec;
1185 attr->ctimensec = sx->ctime.tv_nsec;
1186 attr->mode = sx->mode;
1187 attr->nlink = sx->nlink;
1188 attr->uid = sx->uid;
1189 attr->gid = sx->gid;
1190 attr->rdev = new_encode_dev(MKDEV(sx->rdev_major, sx->rdev_minor));
1191 attr->blksize = sx->blksize;
1194 static int fuse_do_statx(struct mnt_idmap *idmap, struct inode *inode,
1195 struct file *file, struct kstat *stat)
1198 struct fuse_attr attr;
1199 struct fuse_statx *sx;
1200 struct fuse_statx_in inarg;
1201 struct fuse_statx_out outarg;
1202 struct fuse_mount *fm = get_fuse_mount(inode);
1203 u64 attr_version = fuse_get_attr_version(fm->fc);
1206 memset(&inarg, 0, sizeof(inarg));
1207 memset(&outarg, 0, sizeof(outarg));
1208 /* Directories have separate file-handle space */
1209 if (file && S_ISREG(inode->i_mode)) {
1210 struct fuse_file *ff = file->private_data;
1212 inarg.getattr_flags |= FUSE_GETATTR_FH;
1215 /* For now leave sync hints as the default, request all stats. */
1217 inarg.sx_mask = STATX_BASIC_STATS | STATX_BTIME;
1218 args.opcode = FUSE_STATX;
1219 args.nodeid = get_node_id(inode);
1220 args.in_numargs = 1;
1221 args.in_args[0].size = sizeof(inarg);
1222 args.in_args[0].value = &inarg;
1223 args.out_numargs = 1;
1224 args.out_args[0].size = sizeof(outarg);
1225 args.out_args[0].value = &outarg;
1226 err = fuse_simple_request(fm, &args);
1231 if (((sx->mask & STATX_SIZE) && !fuse_valid_size(sx->size)) ||
1232 ((sx->mask & STATX_TYPE) && (!fuse_valid_type(sx->mode) ||
1233 inode_wrong_type(inode, sx->mode)))) {
1234 fuse_make_bad(inode);
1238 fuse_statx_to_attr(&outarg.stat, &attr);
1239 if ((sx->mask & STATX_BASIC_STATS) == STATX_BASIC_STATS) {
1240 fuse_change_attributes(inode, &attr, &outarg.stat,
1241 ATTR_TIMEOUT(&outarg), attr_version);
1245 stat->result_mask = sx->mask & (STATX_BASIC_STATS | STATX_BTIME);
1246 stat->btime.tv_sec = sx->btime.tv_sec;
1247 stat->btime.tv_nsec = min_t(u32, sx->btime.tv_nsec, NSEC_PER_SEC - 1);
1248 fuse_fillattr(idmap, inode, &attr, stat);
1249 stat->result_mask |= STATX_TYPE;
1255 static int fuse_do_getattr(struct mnt_idmap *idmap, struct inode *inode,
1256 struct kstat *stat, struct file *file)
1259 struct fuse_getattr_in inarg;
1260 struct fuse_attr_out outarg;
1261 struct fuse_mount *fm = get_fuse_mount(inode);
1265 attr_version = fuse_get_attr_version(fm->fc);
1267 memset(&inarg, 0, sizeof(inarg));
1268 memset(&outarg, 0, sizeof(outarg));
1269 /* Directories have separate file-handle space */
1270 if (file && S_ISREG(inode->i_mode)) {
1271 struct fuse_file *ff = file->private_data;
1273 inarg.getattr_flags |= FUSE_GETATTR_FH;
1276 args.opcode = FUSE_GETATTR;
1277 args.nodeid = get_node_id(inode);
1278 args.in_numargs = 1;
1279 args.in_args[0].size = sizeof(inarg);
1280 args.in_args[0].value = &inarg;
1281 args.out_numargs = 1;
1282 args.out_args[0].size = sizeof(outarg);
1283 args.out_args[0].value = &outarg;
1284 err = fuse_simple_request(fm, &args);
1286 if (fuse_invalid_attr(&outarg.attr) ||
1287 inode_wrong_type(inode, outarg.attr.mode)) {
1288 fuse_make_bad(inode);
1291 fuse_change_attributes(inode, &outarg.attr, NULL,
1292 ATTR_TIMEOUT(&outarg),
1295 fuse_fillattr(idmap, inode, &outarg.attr, stat);
1301 static int fuse_update_get_attr(struct mnt_idmap *idmap, struct inode *inode,
1302 struct file *file, struct kstat *stat,
1303 u32 request_mask, unsigned int flags)
1305 struct fuse_inode *fi = get_fuse_inode(inode);
1306 struct fuse_conn *fc = get_fuse_conn(inode);
1309 u32 inval_mask = READ_ONCE(fi->inval_mask);
1310 u32 cache_mask = fuse_get_cache_mask(inode);
1313 /* FUSE only supports basic stats and possibly btime */
1314 request_mask &= STATX_BASIC_STATS | STATX_BTIME;
1317 request_mask &= STATX_BASIC_STATS;
1321 else if (flags & AT_STATX_FORCE_SYNC)
1323 else if (flags & AT_STATX_DONT_SYNC)
1325 else if (request_mask & inval_mask & ~cache_mask)
1328 sync = time_before64(fi->i_time, get_jiffies_64());
1331 forget_all_cached_acls(inode);
1332 /* Try statx if BTIME is requested */
1333 if (!fc->no_statx && (request_mask & ~STATX_BASIC_STATS)) {
1334 err = fuse_do_statx(idmap, inode, file, stat);
1335 if (err == -ENOSYS) {
1341 err = fuse_do_getattr(idmap, inode, stat, file);
1344 generic_fillattr(idmap, request_mask, inode, stat);
1345 stat->mode = fi->orig_i_mode;
1346 stat->ino = fi->orig_ino;
1347 if (test_bit(FUSE_I_BTIME, &fi->state)) {
1348 stat->btime = fi->i_btime;
1349 stat->result_mask |= STATX_BTIME;
1356 int fuse_update_attributes(struct inode *inode, struct file *file, u32 mask)
1358 return fuse_update_get_attr(&nop_mnt_idmap, inode, file, NULL, mask, 0);
1361 int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid,
1362 u64 child_nodeid, struct qstr *name, u32 flags)
1365 struct inode *parent;
1367 struct dentry *entry;
1369 parent = fuse_ilookup(fc, parent_nodeid, NULL);
1373 inode_lock_nested(parent, I_MUTEX_PARENT);
1374 if (!S_ISDIR(parent->i_mode))
1378 dir = d_find_alias(parent);
1382 name->hash = full_name_hash(dir, name->name, name->len);
1383 entry = d_lookup(dir, name);
1388 fuse_dir_changed(parent);
1389 if (!(flags & FUSE_EXPIRE_ONLY))
1390 d_invalidate(entry);
1391 fuse_invalidate_entry_cache(entry);
1393 if (child_nodeid != 0 && d_really_is_positive(entry)) {
1394 inode_lock(d_inode(entry));
1395 if (get_node_id(d_inode(entry)) != child_nodeid) {
1399 if (d_mountpoint(entry)) {
1403 if (d_is_dir(entry)) {
1404 shrink_dcache_parent(entry);
1405 if (!simple_empty(entry)) {
1409 d_inode(entry)->i_flags |= S_DEAD;
1412 clear_nlink(d_inode(entry));
1415 inode_unlock(d_inode(entry));
1424 inode_unlock(parent);
1429 static inline bool fuse_permissible_uidgid(struct fuse_conn *fc)
1431 const struct cred *cred = current_cred();
1433 return (uid_eq(cred->euid, fc->user_id) &&
1434 uid_eq(cred->suid, fc->user_id) &&
1435 uid_eq(cred->uid, fc->user_id) &&
1436 gid_eq(cred->egid, fc->group_id) &&
1437 gid_eq(cred->sgid, fc->group_id) &&
1438 gid_eq(cred->gid, fc->group_id));
1442 * Calling into a user-controlled filesystem gives the filesystem
1443 * daemon ptrace-like capabilities over the current process. This
1444 * means, that the filesystem daemon is able to record the exact
1445 * filesystem operations performed, and can also control the behavior
1446 * of the requester process in otherwise impossible ways. For example
1447 * it can delay the operation for arbitrary length of time allowing
1448 * DoS against the requester.
1450 * For this reason only those processes can call into the filesystem,
1451 * for which the owner of the mount has ptrace privilege. This
1452 * excludes processes started by other users, suid or sgid processes.
1454 bool fuse_allow_current_process(struct fuse_conn *fc)
1458 if (fc->allow_other)
1459 allow = current_in_userns(fc->user_ns);
1461 allow = fuse_permissible_uidgid(fc);
1463 if (!allow && allow_sys_admin_access && capable(CAP_SYS_ADMIN))
1469 static int fuse_access(struct inode *inode, int mask)
1471 struct fuse_mount *fm = get_fuse_mount(inode);
1473 struct fuse_access_in inarg;
1476 BUG_ON(mask & MAY_NOT_BLOCK);
1479 * We should not send FUSE_ACCESS to the userspace
1480 * when idmapped mounts are enabled as for this case
1481 * we have fc->default_permissions = 1 and access
1482 * permission checks are done on the kernel side.
1484 WARN_ON_ONCE(!(fm->sb->s_iflags & SB_I_NOIDMAP));
1486 if (fm->fc->no_access)
1489 memset(&inarg, 0, sizeof(inarg));
1490 inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
1491 args.opcode = FUSE_ACCESS;
1492 args.nodeid = get_node_id(inode);
1493 args.in_numargs = 1;
1494 args.in_args[0].size = sizeof(inarg);
1495 args.in_args[0].value = &inarg;
1496 err = fuse_simple_request(fm, &args);
1497 if (err == -ENOSYS) {
1498 fm->fc->no_access = 1;
1504 static int fuse_perm_getattr(struct inode *inode, int mask)
1506 if (mask & MAY_NOT_BLOCK)
1509 forget_all_cached_acls(inode);
1510 return fuse_do_getattr(&nop_mnt_idmap, inode, NULL, NULL);
1514 * Check permission. The two basic access models of FUSE are:
1516 * 1) Local access checking ('default_permissions' mount option) based
1517 * on file mode. This is the plain old disk filesystem permission
1520 * 2) "Remote" access checking, where server is responsible for
1521 * checking permission in each inode operation. An exception to this
1522 * is if ->permission() was invoked from sys_access() in which case an
1523 * access request is sent. Execute permission is still checked
1524 * locally based on file mode.
1526 static int fuse_permission(struct mnt_idmap *idmap,
1527 struct inode *inode, int mask)
1529 struct fuse_conn *fc = get_fuse_conn(inode);
1530 bool refreshed = false;
1533 if (fuse_is_bad(inode))
1536 if (!fuse_allow_current_process(fc))
1540 * If attributes are needed, refresh them before proceeding
1542 if (fc->default_permissions ||
1543 ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
1544 struct fuse_inode *fi = get_fuse_inode(inode);
1545 u32 perm_mask = STATX_MODE | STATX_UID | STATX_GID;
1547 if (perm_mask & READ_ONCE(fi->inval_mask) ||
1548 time_before64(fi->i_time, get_jiffies_64())) {
1551 err = fuse_perm_getattr(inode, mask);
1557 if (fc->default_permissions) {
1558 err = generic_permission(idmap, inode, mask);
1560 /* If permission is denied, try to refresh file
1561 attributes. This is also needed, because the root
1562 node will at first have no permissions */
1563 if (err == -EACCES && !refreshed) {
1564 err = fuse_perm_getattr(inode, mask);
1566 err = generic_permission(idmap,
1570 /* Note: the opposite of the above test does not
1571 exist. So if permissions are revoked this won't be
1572 noticed immediately, only after the attribute
1573 timeout has expired */
1574 } else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
1575 err = fuse_access(inode, mask);
1576 } else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
1577 if (!(inode->i_mode & S_IXUGO)) {
1581 err = fuse_perm_getattr(inode, mask);
1582 if (!err && !(inode->i_mode & S_IXUGO))
1589 static int fuse_readlink_page(struct inode *inode, struct folio *folio)
1591 struct fuse_mount *fm = get_fuse_mount(inode);
1592 struct fuse_folio_desc desc = { .length = PAGE_SIZE - 1 };
1593 struct fuse_args_pages ap = {
1601 ap.args.opcode = FUSE_READLINK;
1602 ap.args.nodeid = get_node_id(inode);
1603 ap.args.out_pages = true;
1604 ap.args.out_argvar = true;
1605 ap.args.page_zeroing = true;
1606 ap.args.out_numargs = 1;
1607 ap.args.out_args[0].size = desc.length;
1608 res = fuse_simple_request(fm, &ap.args);
1610 fuse_invalidate_atime(inode);
1615 if (WARN_ON(res >= PAGE_SIZE))
1618 link = folio_address(folio);
1624 static const char *fuse_get_link(struct dentry *dentry, struct inode *inode,
1625 struct delayed_call *callback)
1627 struct fuse_conn *fc = get_fuse_conn(inode);
1628 struct folio *folio;
1632 if (fuse_is_bad(inode))
1635 if (fc->cache_symlinks)
1636 return page_get_link(dentry, inode, callback);
1642 folio = folio_alloc(GFP_KERNEL, 0);
1647 err = fuse_readlink_page(inode, folio);
1653 set_delayed_call(callback, page_put_link, &folio->page);
1655 return folio_address(folio);
1658 return ERR_PTR(err);
1661 static int fuse_dir_open(struct inode *inode, struct file *file)
1663 struct fuse_mount *fm = get_fuse_mount(inode);
1666 if (fuse_is_bad(inode))
1669 err = generic_file_open(inode, file);
1673 err = fuse_do_open(fm, get_node_id(inode), file, true);
1675 struct fuse_file *ff = file->private_data;
1678 * Keep handling FOPEN_STREAM and FOPEN_NONSEEKABLE for
1679 * directories for backward compatibility, though it's unlikely
1682 if (ff->open_flags & (FOPEN_STREAM | FOPEN_NONSEEKABLE))
1683 nonseekable_open(inode, file);
1684 if (!(ff->open_flags & FOPEN_KEEP_CACHE))
1685 invalidate_inode_pages2(inode->i_mapping);
1691 static int fuse_dir_release(struct inode *inode, struct file *file)
1693 fuse_release_common(file, true);
1698 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end,
1701 struct inode *inode = file->f_mapping->host;
1702 struct fuse_conn *fc = get_fuse_conn(inode);
1705 if (fuse_is_bad(inode))
1708 if (fc->no_fsyncdir)
1712 err = fuse_fsync_common(file, start, end, datasync, FUSE_FSYNCDIR);
1713 if (err == -ENOSYS) {
1714 fc->no_fsyncdir = 1;
1717 inode_unlock(inode);
1722 static long fuse_dir_ioctl(struct file *file, unsigned int cmd,
1725 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1727 /* FUSE_IOCTL_DIR only supported for API version >= 7.18 */
1731 return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR);
1734 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd,
1737 struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1742 return fuse_ioctl_common(file, cmd, arg,
1743 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR);
1746 static bool update_mtime(unsigned ivalid, bool trust_local_mtime)
1748 /* Always update if mtime is explicitly set */
1749 if (ivalid & ATTR_MTIME_SET)
1752 /* Or if kernel i_mtime is the official one */
1753 if (trust_local_mtime)
1756 /* If it's an open(O_TRUNC) or an ftruncate(), don't update */
1757 if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE)))
1760 /* In all other cases update */
1764 static void iattr_to_fattr(struct mnt_idmap *idmap, struct fuse_conn *fc,
1765 struct iattr *iattr, struct fuse_setattr_in *arg,
1766 bool trust_local_cmtime)
1768 unsigned ivalid = iattr->ia_valid;
1770 if (ivalid & ATTR_MODE)
1771 arg->valid |= FATTR_MODE, arg->mode = iattr->ia_mode;
1773 if (ivalid & ATTR_UID) {
1774 kuid_t fsuid = from_vfsuid(idmap, fc->user_ns, iattr->ia_vfsuid);
1776 arg->valid |= FATTR_UID;
1777 arg->uid = from_kuid(fc->user_ns, fsuid);
1780 if (ivalid & ATTR_GID) {
1781 kgid_t fsgid = from_vfsgid(idmap, fc->user_ns, iattr->ia_vfsgid);
1783 arg->valid |= FATTR_GID;
1784 arg->gid = from_kgid(fc->user_ns, fsgid);
1787 if (ivalid & ATTR_SIZE)
1788 arg->valid |= FATTR_SIZE, arg->size = iattr->ia_size;
1789 if (ivalid & ATTR_ATIME) {
1790 arg->valid |= FATTR_ATIME;
1791 arg->atime = iattr->ia_atime.tv_sec;
1792 arg->atimensec = iattr->ia_atime.tv_nsec;
1793 if (!(ivalid & ATTR_ATIME_SET))
1794 arg->valid |= FATTR_ATIME_NOW;
1796 if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) {
1797 arg->valid |= FATTR_MTIME;
1798 arg->mtime = iattr->ia_mtime.tv_sec;
1799 arg->mtimensec = iattr->ia_mtime.tv_nsec;
1800 if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime)
1801 arg->valid |= FATTR_MTIME_NOW;
1803 if ((ivalid & ATTR_CTIME) && trust_local_cmtime) {
1804 arg->valid |= FATTR_CTIME;
1805 arg->ctime = iattr->ia_ctime.tv_sec;
1806 arg->ctimensec = iattr->ia_ctime.tv_nsec;
1811 * Prevent concurrent writepages on inode
1813 * This is done by adding a negative bias to the inode write counter
1814 * and waiting for all pending writes to finish.
1816 void fuse_set_nowrite(struct inode *inode)
1818 struct fuse_inode *fi = get_fuse_inode(inode);
1820 BUG_ON(!inode_is_locked(inode));
1822 spin_lock(&fi->lock);
1823 BUG_ON(fi->writectr < 0);
1824 fi->writectr += FUSE_NOWRITE;
1825 spin_unlock(&fi->lock);
1826 wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE);
1830 * Allow writepages on inode
1832 * Remove the bias from the writecounter and send any queued
1835 static void __fuse_release_nowrite(struct inode *inode)
1837 struct fuse_inode *fi = get_fuse_inode(inode);
1839 BUG_ON(fi->writectr != FUSE_NOWRITE);
1841 fuse_flush_writepages(inode);
1844 void fuse_release_nowrite(struct inode *inode)
1846 struct fuse_inode *fi = get_fuse_inode(inode);
1848 spin_lock(&fi->lock);
1849 __fuse_release_nowrite(inode);
1850 spin_unlock(&fi->lock);
1853 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args,
1854 struct inode *inode,
1855 struct fuse_setattr_in *inarg_p,
1856 struct fuse_attr_out *outarg_p)
1858 args->opcode = FUSE_SETATTR;
1859 args->nodeid = get_node_id(inode);
1860 args->in_numargs = 1;
1861 args->in_args[0].size = sizeof(*inarg_p);
1862 args->in_args[0].value = inarg_p;
1863 args->out_numargs = 1;
1864 args->out_args[0].size = sizeof(*outarg_p);
1865 args->out_args[0].value = outarg_p;
1869 * Flush inode->i_mtime to the server
1871 int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
1873 struct fuse_mount *fm = get_fuse_mount(inode);
1875 struct fuse_setattr_in inarg;
1876 struct fuse_attr_out outarg;
1878 memset(&inarg, 0, sizeof(inarg));
1879 memset(&outarg, 0, sizeof(outarg));
1881 inarg.valid = FATTR_MTIME;
1882 inarg.mtime = inode_get_mtime_sec(inode);
1883 inarg.mtimensec = inode_get_mtime_nsec(inode);
1884 if (fm->fc->minor >= 23) {
1885 inarg.valid |= FATTR_CTIME;
1886 inarg.ctime = inode_get_ctime_sec(inode);
1887 inarg.ctimensec = inode_get_ctime_nsec(inode);
1890 inarg.valid |= FATTR_FH;
1893 fuse_setattr_fill(fm->fc, &args, inode, &inarg, &outarg);
1895 return fuse_simple_request(fm, &args);
1899 * Set attributes, and at the same time refresh them.
1901 * Truncation is slightly complicated, because the 'truncate' request
1902 * may fail, in which case we don't want to touch the mapping.
1903 * vmtruncate() doesn't allow for this case, so do the rlimit checking
1904 * and the actual truncation by hand.
1906 int fuse_do_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
1907 struct iattr *attr, struct file *file)
1909 struct inode *inode = d_inode(dentry);
1910 struct fuse_mount *fm = get_fuse_mount(inode);
1911 struct fuse_conn *fc = fm->fc;
1912 struct fuse_inode *fi = get_fuse_inode(inode);
1913 struct address_space *mapping = inode->i_mapping;
1915 struct fuse_setattr_in inarg;
1916 struct fuse_attr_out outarg;
1917 bool is_truncate = false;
1918 bool is_wb = fc->writeback_cache && S_ISREG(inode->i_mode);
1921 bool trust_local_cmtime = is_wb;
1922 bool fault_blocked = false;
1924 if (!fc->default_permissions)
1925 attr->ia_valid |= ATTR_FORCE;
1927 err = setattr_prepare(idmap, dentry, attr);
1931 if (attr->ia_valid & ATTR_SIZE) {
1932 if (WARN_ON(!S_ISREG(inode->i_mode)))
1937 if (FUSE_IS_DAX(inode) && is_truncate) {
1938 filemap_invalidate_lock(mapping);
1939 fault_blocked = true;
1940 err = fuse_dax_break_layouts(inode, 0, 0);
1942 filemap_invalidate_unlock(mapping);
1947 if (attr->ia_valid & ATTR_OPEN) {
1948 /* This is coming from open(..., ... | O_TRUNC); */
1949 WARN_ON(!(attr->ia_valid & ATTR_SIZE));
1950 WARN_ON(attr->ia_size != 0);
1951 if (fc->atomic_o_trunc) {
1953 * No need to send request to userspace, since actual
1954 * truncation has already been done by OPEN. But still
1955 * need to truncate page cache.
1957 i_size_write(inode, 0);
1958 truncate_pagecache(inode, 0);
1964 /* Flush dirty data/metadata before non-truncate SETATTR */
1967 (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET |
1969 err = write_inode_now(inode, true);
1973 fuse_set_nowrite(inode);
1974 fuse_release_nowrite(inode);
1978 fuse_set_nowrite(inode);
1979 set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1980 if (trust_local_cmtime && attr->ia_size != inode->i_size)
1981 attr->ia_valid |= ATTR_MTIME | ATTR_CTIME;
1984 memset(&inarg, 0, sizeof(inarg));
1985 memset(&outarg, 0, sizeof(outarg));
1986 iattr_to_fattr(idmap, fc, attr, &inarg, trust_local_cmtime);
1988 struct fuse_file *ff = file->private_data;
1989 inarg.valid |= FATTR_FH;
1993 /* Kill suid/sgid for non-directory chown unconditionally */
1994 if (fc->handle_killpriv_v2 && !S_ISDIR(inode->i_mode) &&
1995 attr->ia_valid & (ATTR_UID | ATTR_GID))
1996 inarg.valid |= FATTR_KILL_SUIDGID;
1998 if (attr->ia_valid & ATTR_SIZE) {
1999 /* For mandatory locking in truncate */
2000 inarg.valid |= FATTR_LOCKOWNER;
2001 inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
2003 /* Kill suid/sgid for truncate only if no CAP_FSETID */
2004 if (fc->handle_killpriv_v2 && !capable(CAP_FSETID))
2005 inarg.valid |= FATTR_KILL_SUIDGID;
2007 fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
2008 err = fuse_simple_request(fm, &args);
2011 fuse_invalidate_attr(inode);
2015 if (fuse_invalid_attr(&outarg.attr) ||
2016 inode_wrong_type(inode, outarg.attr.mode)) {
2017 fuse_make_bad(inode);
2022 spin_lock(&fi->lock);
2023 /* the kernel maintains i_mtime locally */
2024 if (trust_local_cmtime) {
2025 if (attr->ia_valid & ATTR_MTIME)
2026 inode_set_mtime_to_ts(inode, attr->ia_mtime);
2027 if (attr->ia_valid & ATTR_CTIME)
2028 inode_set_ctime_to_ts(inode, attr->ia_ctime);
2029 /* FIXME: clear I_DIRTY_SYNC? */
2032 fuse_change_attributes_common(inode, &outarg.attr, NULL,
2033 ATTR_TIMEOUT(&outarg),
2034 fuse_get_cache_mask(inode), 0);
2035 oldsize = inode->i_size;
2036 /* see the comment in fuse_change_attributes() */
2037 if (!is_wb || is_truncate)
2038 i_size_write(inode, outarg.attr.size);
2041 /* NOTE: this may release/reacquire fi->lock */
2042 __fuse_release_nowrite(inode);
2044 spin_unlock(&fi->lock);
2047 * Only call invalidate_inode_pages2() after removing
2048 * FUSE_NOWRITE, otherwise fuse_launder_folio() would deadlock.
2050 if ((is_truncate || !is_wb) &&
2051 S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) {
2052 truncate_pagecache(inode, outarg.attr.size);
2053 invalidate_inode_pages2(mapping);
2056 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
2059 filemap_invalidate_unlock(mapping);
2065 fuse_release_nowrite(inode);
2067 clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
2070 filemap_invalidate_unlock(mapping);
2074 static int fuse_setattr(struct mnt_idmap *idmap, struct dentry *entry,
2077 struct inode *inode = d_inode(entry);
2078 struct fuse_conn *fc = get_fuse_conn(inode);
2079 struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
2082 if (fuse_is_bad(inode))
2085 if (!fuse_allow_current_process(get_fuse_conn(inode)))
2088 if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
2089 attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
2093 * The only sane way to reliably kill suid/sgid is to do it in
2094 * the userspace filesystem
2096 * This should be done on write(), truncate() and chown().
2098 if (!fc->handle_killpriv && !fc->handle_killpriv_v2) {
2100 * ia_mode calculation may have used stale i_mode.
2101 * Refresh and recalculate.
2103 ret = fuse_do_getattr(idmap, inode, NULL, file);
2107 attr->ia_mode = inode->i_mode;
2108 if (inode->i_mode & S_ISUID) {
2109 attr->ia_valid |= ATTR_MODE;
2110 attr->ia_mode &= ~S_ISUID;
2112 if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
2113 attr->ia_valid |= ATTR_MODE;
2114 attr->ia_mode &= ~S_ISGID;
2118 if (!attr->ia_valid)
2121 ret = fuse_do_setattr(idmap, entry, attr, file);
2124 * If filesystem supports acls it may have updated acl xattrs in
2125 * the filesystem, so forget cached acls for the inode.
2128 forget_all_cached_acls(inode);
2130 /* Directory mode changed, may need to revalidate access */
2131 if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
2132 fuse_invalidate_entry_cache(entry);
2137 static int fuse_getattr(struct mnt_idmap *idmap,
2138 const struct path *path, struct kstat *stat,
2139 u32 request_mask, unsigned int flags)
2141 struct inode *inode = d_inode(path->dentry);
2142 struct fuse_conn *fc = get_fuse_conn(inode);
2144 if (fuse_is_bad(inode))
2147 if (!fuse_allow_current_process(fc)) {
2148 if (!request_mask) {
2150 * If user explicitly requested *nothing* then don't
2151 * error out, but return st_dev only.
2153 stat->result_mask = 0;
2154 stat->dev = inode->i_sb->s_dev;
2160 return fuse_update_get_attr(idmap, inode, NULL, stat, request_mask, flags);
2163 static const struct inode_operations fuse_dir_inode_operations = {
2164 .lookup = fuse_lookup,
2165 .mkdir = fuse_mkdir,
2166 .symlink = fuse_symlink,
2167 .unlink = fuse_unlink,
2168 .rmdir = fuse_rmdir,
2169 .rename = fuse_rename2,
2171 .setattr = fuse_setattr,
2172 .create = fuse_create,
2173 .atomic_open = fuse_atomic_open,
2174 .tmpfile = fuse_tmpfile,
2175 .mknod = fuse_mknod,
2176 .permission = fuse_permission,
2177 .getattr = fuse_getattr,
2178 .listxattr = fuse_listxattr,
2179 .get_inode_acl = fuse_get_inode_acl,
2180 .get_acl = fuse_get_acl,
2181 .set_acl = fuse_set_acl,
2182 .fileattr_get = fuse_fileattr_get,
2183 .fileattr_set = fuse_fileattr_set,
2186 static const struct file_operations fuse_dir_operations = {
2187 .llseek = generic_file_llseek,
2188 .read = generic_read_dir,
2189 .iterate_shared = fuse_readdir,
2190 .open = fuse_dir_open,
2191 .release = fuse_dir_release,
2192 .fsync = fuse_dir_fsync,
2193 .unlocked_ioctl = fuse_dir_ioctl,
2194 .compat_ioctl = fuse_dir_compat_ioctl,
2197 static const struct inode_operations fuse_common_inode_operations = {
2198 .setattr = fuse_setattr,
2199 .permission = fuse_permission,
2200 .getattr = fuse_getattr,
2201 .listxattr = fuse_listxattr,
2202 .get_inode_acl = fuse_get_inode_acl,
2203 .get_acl = fuse_get_acl,
2204 .set_acl = fuse_set_acl,
2205 .fileattr_get = fuse_fileattr_get,
2206 .fileattr_set = fuse_fileattr_set,
2209 static const struct inode_operations fuse_symlink_inode_operations = {
2210 .setattr = fuse_setattr,
2211 .get_link = fuse_get_link,
2212 .getattr = fuse_getattr,
2213 .listxattr = fuse_listxattr,
2216 void fuse_init_common(struct inode *inode)
2218 inode->i_op = &fuse_common_inode_operations;
2221 void fuse_init_dir(struct inode *inode)
2223 struct fuse_inode *fi = get_fuse_inode(inode);
2225 inode->i_op = &fuse_dir_inode_operations;
2226 inode->i_fop = &fuse_dir_operations;
2228 spin_lock_init(&fi->rdc.lock);
2229 fi->rdc.cached = false;
2232 fi->rdc.version = 0;
2235 static int fuse_symlink_read_folio(struct file *null, struct folio *folio)
2237 int err = fuse_readlink_page(folio->mapping->host, folio);
2240 folio_mark_uptodate(folio);
2242 folio_unlock(folio);
2247 static const struct address_space_operations fuse_symlink_aops = {
2248 .read_folio = fuse_symlink_read_folio,
2251 void fuse_init_symlink(struct inode *inode)
2253 inode->i_op = &fuse_symlink_inode_operations;
2254 inode->i_data.a_ops = &fuse_symlink_aops;
2255 inode_nohighmem(inode);
projects / J-linux.git / blob