xref: /openbmc/linux/fs/fuse/dir.c (revision 68f436a80fc89faa474134edfe442d95528be17a)
1 /*
2   FUSE: Filesystem in Userspace
3   Copyright (C) 2001-2008  Miklos Szeredi <miklos@szeredi.hu>
4 
5   This program can be distributed under the terms of the GNU GPL.
6   See the file COPYING.
7 */
8 
9 #include "fuse_i.h"
10 
11 #include <linux/pagemap.h>
12 #include <linux/file.h>
13 #include <linux/fs_context.h>
14 #include <linux/moduleparam.h>
15 #include <linux/sched.h>
16 #include <linux/namei.h>
17 #include <linux/slab.h>
18 #include <linux/xattr.h>
19 #include <linux/iversion.h>
20 #include <linux/posix_acl.h>
21 #include <linux/security.h>
22 #include <linux/types.h>
23 #include <linux/kernel.h>
24 
25 static bool __read_mostly allow_sys_admin_access;
26 module_param(allow_sys_admin_access, bool, 0644);
27 MODULE_PARM_DESC(allow_sys_admin_access,
28 		 "Allow users with CAP_SYS_ADMIN in initial userns to bypass allow_other access check");
29 
30 static void fuse_advise_use_readdirplus(struct inode *dir)
31 {
32 	struct fuse_inode *fi = get_fuse_inode(dir);
33 
34 	set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state);
35 }
36 
37 #if BITS_PER_LONG >= 64
38 static inline void __fuse_dentry_settime(struct dentry *entry, u64 time)
39 {
40 	entry->d_fsdata = (void *) time;
41 }
42 
43 static inline u64 fuse_dentry_time(const struct dentry *entry)
44 {
45 	return (u64)entry->d_fsdata;
46 }
47 
48 #else
49 union fuse_dentry {
50 	u64 time;
51 	struct rcu_head rcu;
52 };
53 
54 static inline void __fuse_dentry_settime(struct dentry *dentry, u64 time)
55 {
56 	((union fuse_dentry *) dentry->d_fsdata)->time = time;
57 }
58 
59 static inline u64 fuse_dentry_time(const struct dentry *entry)
60 {
61 	return ((union fuse_dentry *) entry->d_fsdata)->time;
62 }
63 #endif
64 
65 static void fuse_dentry_settime(struct dentry *dentry, u64 time)
66 {
67 	struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
68 	bool delete = !time && fc->delete_stale;
69 	/*
70 	 * Mess with DCACHE_OP_DELETE because dput() will be faster without it.
71 	 * Don't care about races, either way it's just an optimization
72 	 */
73 	if ((!delete && (dentry->d_flags & DCACHE_OP_DELETE)) ||
74 	    (delete && !(dentry->d_flags & DCACHE_OP_DELETE))) {
75 		spin_lock(&dentry->d_lock);
76 		if (!delete)
77 			dentry->d_flags &= ~DCACHE_OP_DELETE;
78 		else
79 			dentry->d_flags |= DCACHE_OP_DELETE;
80 		spin_unlock(&dentry->d_lock);
81 	}
82 
83 	__fuse_dentry_settime(dentry, time);
84 }
85 
86 /*
87  * FUSE caches dentries and attributes with separate timeout.  The
88  * time in jiffies until the dentry/attributes are valid is stored in
89  * dentry->d_fsdata and fuse_inode->i_time respectively.
90  */
91 
92 /*
93  * Calculate the time in jiffies until a dentry/attributes are valid
94  */
95 static u64 time_to_jiffies(u64 sec, u32 nsec)
96 {
97 	if (sec || nsec) {
98 		struct timespec64 ts = {
99 			sec,
100 			min_t(u32, nsec, NSEC_PER_SEC - 1)
101 		};
102 
103 		return get_jiffies_64() + timespec64_to_jiffies(&ts);
104 	} else
105 		return 0;
106 }
107 
108 /*
109  * Set dentry and possibly attribute timeouts from the lookup/mk*
110  * replies
111  */
112 void fuse_change_entry_timeout(struct dentry *entry, struct fuse_entry_out *o)
113 {
114 	fuse_dentry_settime(entry,
115 		time_to_jiffies(o->entry_valid, o->entry_valid_nsec));
116 }
117 
118 static u64 attr_timeout(struct fuse_attr_out *o)
119 {
120 	return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
121 }
122 
123 u64 entry_attr_timeout(struct fuse_entry_out *o)
124 {
125 	return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
126 }
127 
128 void fuse_invalidate_attr_mask(struct inode *inode, u32 mask)
129 {
130 	set_mask_bits(&get_fuse_inode(inode)->inval_mask, 0, mask);
131 }
132 
133 /*
134  * Mark the attributes as stale, so that at the next call to
135  * ->getattr() they will be fetched from userspace
136  */
137 void fuse_invalidate_attr(struct inode *inode)
138 {
139 	fuse_invalidate_attr_mask(inode, STATX_BASIC_STATS);
140 }
141 
142 static void fuse_dir_changed(struct inode *dir)
143 {
144 	fuse_invalidate_attr(dir);
145 	inode_maybe_inc_iversion(dir, false);
146 }
147 
148 /*
149  * Mark the attributes as stale due to an atime change.  Avoid the invalidate if
150  * atime is not used.
151  */
152 void fuse_invalidate_atime(struct inode *inode)
153 {
154 	if (!IS_RDONLY(inode))
155 		fuse_invalidate_attr_mask(inode, STATX_ATIME);
156 }
157 
158 /*
159  * Just mark the entry as stale, so that a next attempt to look it up
160  * will result in a new lookup call to userspace
161  *
162  * This is called when a dentry is about to become negative and the
163  * timeout is unknown (unlink, rmdir, rename and in some cases
164  * lookup)
165  */
166 void fuse_invalidate_entry_cache(struct dentry *entry)
167 {
168 	fuse_dentry_settime(entry, 0);
169 }
170 
171 /*
172  * Same as fuse_invalidate_entry_cache(), but also try to remove the
173  * dentry from the hash
174  */
175 static void fuse_invalidate_entry(struct dentry *entry)
176 {
177 	d_invalidate(entry);
178 	fuse_invalidate_entry_cache(entry);
179 }
180 
181 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args,
182 			     u64 nodeid, const struct qstr *name,
183 			     struct fuse_entry_out *outarg)
184 {
185 	memset(outarg, 0, sizeof(struct fuse_entry_out));
186 	args->opcode = FUSE_LOOKUP;
187 	args->nodeid = nodeid;
188 	args->in_numargs = 1;
189 	args->in_args[0].size = name->len + 1;
190 	args->in_args[0].value = name->name;
191 	args->out_numargs = 1;
192 	args->out_args[0].size = sizeof(struct fuse_entry_out);
193 	args->out_args[0].value = outarg;
194 }
195 
196 /*
197  * Check whether the dentry is still valid
198  *
199  * If the entry validity timeout has expired and the dentry is
200  * positive, try to redo the lookup.  If the lookup results in a
201  * different inode, then let the VFS invalidate the dentry and redo
202  * the lookup once more.  If the lookup results in the same inode,
203  * then refresh the attributes, timeouts and mark the dentry valid.
204  */
205 static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags)
206 {
207 	struct inode *inode;
208 	struct dentry *parent;
209 	struct fuse_mount *fm;
210 	struct fuse_inode *fi;
211 	int ret;
212 
213 	inode = d_inode_rcu(entry);
214 	if (inode && fuse_is_bad(inode))
215 		goto invalid;
216 	else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||
217 		 (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) {
218 		struct fuse_entry_out outarg;
219 		FUSE_ARGS(args);
220 		struct fuse_forget_link *forget;
221 		u64 attr_version;
222 
223 		/* For negative dentries, always do a fresh lookup */
224 		if (!inode)
225 			goto invalid;
226 
227 		ret = -ECHILD;
228 		if (flags & LOOKUP_RCU)
229 			goto out;
230 
231 		fm = get_fuse_mount(inode);
232 
233 		forget = fuse_alloc_forget();
234 		ret = -ENOMEM;
235 		if (!forget)
236 			goto out;
237 
238 		attr_version = fuse_get_attr_version(fm->fc);
239 
240 		parent = dget_parent(entry);
241 		fuse_lookup_init(fm->fc, &args, get_node_id(d_inode(parent)),
242 				 &entry->d_name, &outarg);
243 		ret = fuse_simple_request(fm, &args);
244 		dput(parent);
245 		/* Zero nodeid is same as -ENOENT */
246 		if (!ret && !outarg.nodeid)
247 			ret = -ENOENT;
248 		if (!ret) {
249 			fi = get_fuse_inode(inode);
250 			if (outarg.nodeid != get_node_id(inode) ||
251 			    (bool) IS_AUTOMOUNT(inode) != (bool) (outarg.attr.flags & FUSE_ATTR_SUBMOUNT)) {
252 				fuse_queue_forget(fm->fc, forget,
253 						  outarg.nodeid, 1);
254 				goto invalid;
255 			}
256 			spin_lock(&fi->lock);
257 			fi->nlookup++;
258 			spin_unlock(&fi->lock);
259 		}
260 		kfree(forget);
261 		if (ret == -ENOMEM || ret == -EINTR)
262 			goto out;
263 		if (ret || fuse_invalid_attr(&outarg.attr) ||
264 		    fuse_stale_inode(inode, outarg.generation, &outarg.attr))
265 			goto invalid;
266 
267 		forget_all_cached_acls(inode);
268 		fuse_change_attributes(inode, &outarg.attr,
269 				       entry_attr_timeout(&outarg),
270 				       attr_version);
271 		fuse_change_entry_timeout(entry, &outarg);
272 	} else if (inode) {
273 		fi = get_fuse_inode(inode);
274 		if (flags & LOOKUP_RCU) {
275 			if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state))
276 				return -ECHILD;
277 		} else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) {
278 			parent = dget_parent(entry);
279 			fuse_advise_use_readdirplus(d_inode(parent));
280 			dput(parent);
281 		}
282 	}
283 	ret = 1;
284 out:
285 	return ret;
286 
287 invalid:
288 	ret = 0;
289 	goto out;
290 }
291 
292 #if BITS_PER_LONG < 64
293 static int fuse_dentry_init(struct dentry *dentry)
294 {
295 	dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry),
296 				   GFP_KERNEL_ACCOUNT | __GFP_RECLAIMABLE);
297 
298 	return dentry->d_fsdata ? 0 : -ENOMEM;
299 }
300 static void fuse_dentry_release(struct dentry *dentry)
301 {
302 	union fuse_dentry *fd = dentry->d_fsdata;
303 
304 	kfree_rcu(fd, rcu);
305 }
306 #endif
307 
308 static int fuse_dentry_delete(const struct dentry *dentry)
309 {
310 	return time_before64(fuse_dentry_time(dentry), get_jiffies_64());
311 }
312 
313 /*
314  * Create a fuse_mount object with a new superblock (with path->dentry
315  * as the root), and return that mount so it can be auto-mounted on
316  * @path.
317  */
318 static struct vfsmount *fuse_dentry_automount(struct path *path)
319 {
320 	struct fs_context *fsc;
321 	struct vfsmount *mnt;
322 	struct fuse_inode *mp_fi = get_fuse_inode(d_inode(path->dentry));
323 
324 	fsc = fs_context_for_submount(path->mnt->mnt_sb->s_type, path->dentry);
325 	if (IS_ERR(fsc))
326 		return ERR_CAST(fsc);
327 
328 	/* Pass the FUSE inode of the mount for fuse_get_tree_submount() */
329 	fsc->fs_private = mp_fi;
330 
331 	/* Create the submount */
332 	mnt = fc_mount(fsc);
333 	if (!IS_ERR(mnt))
334 		mntget(mnt);
335 
336 	put_fs_context(fsc);
337 	return mnt;
338 }
339 
340 const struct dentry_operations fuse_dentry_operations = {
341 	.d_revalidate	= fuse_dentry_revalidate,
342 	.d_delete	= fuse_dentry_delete,
343 #if BITS_PER_LONG < 64
344 	.d_init		= fuse_dentry_init,
345 	.d_release	= fuse_dentry_release,
346 #endif
347 	.d_automount	= fuse_dentry_automount,
348 };
349 
350 const struct dentry_operations fuse_root_dentry_operations = {
351 #if BITS_PER_LONG < 64
352 	.d_init		= fuse_dentry_init,
353 	.d_release	= fuse_dentry_release,
354 #endif
355 };
356 
357 int fuse_valid_type(int m)
358 {
359 	return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) ||
360 		S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m);
361 }
362 
363 bool fuse_invalid_attr(struct fuse_attr *attr)
364 {
365 	return !fuse_valid_type(attr->mode) ||
366 		attr->size > LLONG_MAX;
367 }
368 
369 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name,
370 		     struct fuse_entry_out *outarg, struct inode **inode)
371 {
372 	struct fuse_mount *fm = get_fuse_mount_super(sb);
373 	FUSE_ARGS(args);
374 	struct fuse_forget_link *forget;
375 	u64 attr_version;
376 	int err;
377 
378 	*inode = NULL;
379 	err = -ENAMETOOLONG;
380 	if (name->len > FUSE_NAME_MAX)
381 		goto out;
382 
383 
384 	forget = fuse_alloc_forget();
385 	err = -ENOMEM;
386 	if (!forget)
387 		goto out;
388 
389 	attr_version = fuse_get_attr_version(fm->fc);
390 
391 	fuse_lookup_init(fm->fc, &args, nodeid, name, outarg);
392 	err = fuse_simple_request(fm, &args);
393 	/* Zero nodeid is same as -ENOENT, but with valid timeout */
394 	if (err || !outarg->nodeid)
395 		goto out_put_forget;
396 
397 	err = -EIO;
398 	if (fuse_invalid_attr(&outarg->attr))
399 		goto out_put_forget;
400 
401 	*inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
402 			   &outarg->attr, entry_attr_timeout(outarg),
403 			   attr_version);
404 	err = -ENOMEM;
405 	if (!*inode) {
406 		fuse_queue_forget(fm->fc, forget, outarg->nodeid, 1);
407 		goto out;
408 	}
409 	err = 0;
410 
411  out_put_forget:
412 	kfree(forget);
413  out:
414 	return err;
415 }
416 
417 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
418 				  unsigned int flags)
419 {
420 	int err;
421 	struct fuse_entry_out outarg;
422 	struct inode *inode;
423 	struct dentry *newent;
424 	bool outarg_valid = true;
425 	bool locked;
426 
427 	if (fuse_is_bad(dir))
428 		return ERR_PTR(-EIO);
429 
430 	locked = fuse_lock_inode(dir);
431 	err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name,
432 			       &outarg, &inode);
433 	fuse_unlock_inode(dir, locked);
434 	if (err == -ENOENT) {
435 		outarg_valid = false;
436 		err = 0;
437 	}
438 	if (err)
439 		goto out_err;
440 
441 	err = -EIO;
442 	if (inode && get_node_id(inode) == FUSE_ROOT_ID)
443 		goto out_iput;
444 
445 	newent = d_splice_alias(inode, entry);
446 	err = PTR_ERR(newent);
447 	if (IS_ERR(newent))
448 		goto out_err;
449 
450 	entry = newent ? newent : entry;
451 	if (outarg_valid)
452 		fuse_change_entry_timeout(entry, &outarg);
453 	else
454 		fuse_invalidate_entry_cache(entry);
455 
456 	if (inode)
457 		fuse_advise_use_readdirplus(dir);
458 	return newent;
459 
460  out_iput:
461 	iput(inode);
462  out_err:
463 	return ERR_PTR(err);
464 }
465 
466 static int get_security_context(struct dentry *entry, umode_t mode,
467 				struct fuse_in_arg *ext)
468 {
469 	struct fuse_secctx *fctx;
470 	struct fuse_secctx_header *header;
471 	void *ctx = NULL, *ptr;
472 	u32 ctxlen, total_len = sizeof(*header);
473 	int err, nr_ctx = 0;
474 	const char *name;
475 	size_t namelen;
476 
477 	err = security_dentry_init_security(entry, mode, &entry->d_name,
478 					    &name, &ctx, &ctxlen);
479 	if (err) {
480 		if (err != -EOPNOTSUPP)
481 			goto out_err;
482 		/* No LSM is supporting this security hook. Ignore error */
483 		ctxlen = 0;
484 		ctx = NULL;
485 	}
486 
487 	if (ctxlen) {
488 		nr_ctx = 1;
489 		namelen = strlen(name) + 1;
490 		err = -EIO;
491 		if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || ctxlen > S32_MAX))
492 			goto out_err;
493 		total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + ctxlen);
494 	}
495 
496 	err = -ENOMEM;
497 	header = ptr = kzalloc(total_len, GFP_KERNEL);
498 	if (!ptr)
499 		goto out_err;
500 
501 	header->nr_secctx = nr_ctx;
502 	header->size = total_len;
503 	ptr += sizeof(*header);
504 	if (nr_ctx) {
505 		fctx = ptr;
506 		fctx->size = ctxlen;
507 		ptr += sizeof(*fctx);
508 
509 		strcpy(ptr, name);
510 		ptr += namelen;
511 
512 		memcpy(ptr, ctx, ctxlen);
513 	}
514 	ext->size = total_len;
515 	ext->value = header;
516 	err = 0;
517 out_err:
518 	kfree(ctx);
519 	return err;
520 }
521 
522 static void *extend_arg(struct fuse_in_arg *buf, u32 bytes)
523 {
524 	void *p;
525 	u32 newlen = buf->size + bytes;
526 
527 	p = krealloc(buf->value, newlen, GFP_KERNEL);
528 	if (!p) {
529 		kfree(buf->value);
530 		buf->size = 0;
531 		buf->value = NULL;
532 		return NULL;
533 	}
534 
535 	memset(p + buf->size, 0, bytes);
536 	buf->value = p;
537 	buf->size = newlen;
538 
539 	return p + newlen - bytes;
540 }
541 
542 static u32 fuse_ext_size(size_t size)
543 {
544 	return FUSE_REC_ALIGN(sizeof(struct fuse_ext_header) + size);
545 }
546 
547 /*
548  * This adds just a single supplementary group that matches the parent's group.
549  */
550 static int get_create_supp_group(struct inode *dir, struct fuse_in_arg *ext)
551 {
552 	struct fuse_conn *fc = get_fuse_conn(dir);
553 	struct fuse_ext_header *xh;
554 	struct fuse_supp_groups *sg;
555 	kgid_t kgid = dir->i_gid;
556 	gid_t parent_gid = from_kgid(fc->user_ns, kgid);
557 	u32 sg_len = fuse_ext_size(sizeof(*sg) + sizeof(sg->groups[0]));
558 
559 	if (parent_gid == (gid_t) -1 || gid_eq(kgid, current_fsgid()) ||
560 	    !in_group_p(kgid))
561 		return 0;
562 
563 	xh = extend_arg(ext, sg_len);
564 	if (!xh)
565 		return -ENOMEM;
566 
567 	xh->size = sg_len;
568 	xh->type = FUSE_EXT_GROUPS;
569 
570 	sg = (struct fuse_supp_groups *) &xh[1];
571 	sg->nr_groups = 1;
572 	sg->groups[0] = parent_gid;
573 
574 	return 0;
575 }
576 
577 static int get_create_ext(struct fuse_args *args,
578 			  struct inode *dir, struct dentry *dentry,
579 			  umode_t mode)
580 {
581 	struct fuse_conn *fc = get_fuse_conn_super(dentry->d_sb);
582 	struct fuse_in_arg ext = { .size = 0, .value = NULL };
583 	int err = 0;
584 
585 	if (fc->init_security)
586 		err = get_security_context(dentry, mode, &ext);
587 	if (!err && fc->create_supp_group)
588 		err = get_create_supp_group(dir, &ext);
589 
590 	if (!err && ext.size) {
591 		WARN_ON(args->in_numargs >= ARRAY_SIZE(args->in_args));
592 		args->is_ext = true;
593 		args->ext_idx = args->in_numargs++;
594 		args->in_args[args->ext_idx] = ext;
595 	} else {
596 		kfree(ext.value);
597 	}
598 
599 	return err;
600 }
601 
602 static void free_ext_value(struct fuse_args *args)
603 {
604 	if (args->is_ext)
605 		kfree(args->in_args[args->ext_idx].value);
606 }
607 
608 /*
609  * Atomic create+open operation
610  *
611  * If the filesystem doesn't support this, then fall back to separate
612  * 'mknod' + 'open' requests.
613  */
614 static int fuse_create_open(struct inode *dir, struct dentry *entry,
615 			    struct file *file, unsigned int flags,
616 			    umode_t mode, u32 opcode)
617 {
618 	int err;
619 	struct inode *inode;
620 	struct fuse_mount *fm = get_fuse_mount(dir);
621 	FUSE_ARGS(args);
622 	struct fuse_forget_link *forget;
623 	struct fuse_create_in inarg;
624 	struct fuse_open_out outopen;
625 	struct fuse_entry_out outentry;
626 	struct fuse_inode *fi;
627 	struct fuse_file *ff;
628 	bool trunc = flags & O_TRUNC;
629 
630 	/* Userspace expects S_IFREG in create mode */
631 	BUG_ON((mode & S_IFMT) != S_IFREG);
632 
633 	forget = fuse_alloc_forget();
634 	err = -ENOMEM;
635 	if (!forget)
636 		goto out_err;
637 
638 	err = -ENOMEM;
639 	ff = fuse_file_alloc(fm);
640 	if (!ff)
641 		goto out_put_forget_req;
642 
643 	if (!fm->fc->dont_mask)
644 		mode &= ~current_umask();
645 
646 	flags &= ~O_NOCTTY;
647 	memset(&inarg, 0, sizeof(inarg));
648 	memset(&outentry, 0, sizeof(outentry));
649 	inarg.flags = flags;
650 	inarg.mode = mode;
651 	inarg.umask = current_umask();
652 
653 	if (fm->fc->handle_killpriv_v2 && trunc &&
654 	    !(flags & O_EXCL) && !capable(CAP_FSETID)) {
655 		inarg.open_flags |= FUSE_OPEN_KILL_SUIDGID;
656 	}
657 
658 	args.opcode = opcode;
659 	args.nodeid = get_node_id(dir);
660 	args.in_numargs = 2;
661 	args.in_args[0].size = sizeof(inarg);
662 	args.in_args[0].value = &inarg;
663 	args.in_args[1].size = entry->d_name.len + 1;
664 	args.in_args[1].value = entry->d_name.name;
665 	args.out_numargs = 2;
666 	args.out_args[0].size = sizeof(outentry);
667 	args.out_args[0].value = &outentry;
668 	args.out_args[1].size = sizeof(outopen);
669 	args.out_args[1].value = &outopen;
670 
671 	err = get_create_ext(&args, dir, entry, mode);
672 	if (err)
673 		goto out_put_forget_req;
674 
675 	err = fuse_simple_request(fm, &args);
676 	free_ext_value(&args);
677 	if (err)
678 		goto out_free_ff;
679 
680 	err = -EIO;
681 	if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid) ||
682 	    fuse_invalid_attr(&outentry.attr))
683 		goto out_free_ff;
684 
685 	ff->fh = outopen.fh;
686 	ff->nodeid = outentry.nodeid;
687 	ff->open_flags = outopen.open_flags;
688 	inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation,
689 			  &outentry.attr, entry_attr_timeout(&outentry), 0);
690 	if (!inode) {
691 		flags &= ~(O_CREAT | O_EXCL | O_TRUNC);
692 		fuse_sync_release(NULL, ff, flags);
693 		fuse_queue_forget(fm->fc, forget, outentry.nodeid, 1);
694 		err = -ENOMEM;
695 		goto out_err;
696 	}
697 	kfree(forget);
698 	d_instantiate(entry, inode);
699 	fuse_change_entry_timeout(entry, &outentry);
700 	fuse_dir_changed(dir);
701 	err = finish_open(file, entry, generic_file_open);
702 	if (err) {
703 		fi = get_fuse_inode(inode);
704 		fuse_sync_release(fi, ff, flags);
705 	} else {
706 		file->private_data = ff;
707 		fuse_finish_open(inode, file);
708 		if (fm->fc->atomic_o_trunc && trunc)
709 			truncate_pagecache(inode, 0);
710 		else if (!(ff->open_flags & FOPEN_KEEP_CACHE))
711 			invalidate_inode_pages2(inode->i_mapping);
712 	}
713 	return err;
714 
715 out_free_ff:
716 	fuse_file_free(ff);
717 out_put_forget_req:
718 	kfree(forget);
719 out_err:
720 	return err;
721 }
722 
723 static int fuse_mknod(struct mnt_idmap *, struct inode *, struct dentry *,
724 		      umode_t, dev_t);
725 static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
726 			    struct file *file, unsigned flags,
727 			    umode_t mode)
728 {
729 	int err;
730 	struct fuse_conn *fc = get_fuse_conn(dir);
731 	struct dentry *res = NULL;
732 
733 	if (fuse_is_bad(dir))
734 		return -EIO;
735 
736 	if (d_in_lookup(entry)) {
737 		res = fuse_lookup(dir, entry, 0);
738 		if (IS_ERR(res))
739 			return PTR_ERR(res);
740 
741 		if (res)
742 			entry = res;
743 	}
744 
745 	if (!(flags & O_CREAT) || d_really_is_positive(entry))
746 		goto no_open;
747 
748 	/* Only creates */
749 	file->f_mode |= FMODE_CREATED;
750 
751 	if (fc->no_create)
752 		goto mknod;
753 
754 	err = fuse_create_open(dir, entry, file, flags, mode, FUSE_CREATE);
755 	if (err == -ENOSYS) {
756 		fc->no_create = 1;
757 		goto mknod;
758 	}
759 out_dput:
760 	dput(res);
761 	return err;
762 
763 mknod:
764 	err = fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0);
765 	if (err)
766 		goto out_dput;
767 no_open:
768 	return finish_no_open(file, res);
769 }
770 
771 /*
772  * Code shared between mknod, mkdir, symlink and link
773  */
774 static int create_new_entry(struct fuse_mount *fm, struct fuse_args *args,
775 			    struct inode *dir, struct dentry *entry,
776 			    umode_t mode)
777 {
778 	struct fuse_entry_out outarg;
779 	struct inode *inode;
780 	struct dentry *d;
781 	int err;
782 	struct fuse_forget_link *forget;
783 
784 	if (fuse_is_bad(dir))
785 		return -EIO;
786 
787 	forget = fuse_alloc_forget();
788 	if (!forget)
789 		return -ENOMEM;
790 
791 	memset(&outarg, 0, sizeof(outarg));
792 	args->nodeid = get_node_id(dir);
793 	args->out_numargs = 1;
794 	args->out_args[0].size = sizeof(outarg);
795 	args->out_args[0].value = &outarg;
796 
797 	if (args->opcode != FUSE_LINK) {
798 		err = get_create_ext(args, dir, entry, mode);
799 		if (err)
800 			goto out_put_forget_req;
801 	}
802 
803 	err = fuse_simple_request(fm, args);
804 	free_ext_value(args);
805 	if (err)
806 		goto out_put_forget_req;
807 
808 	err = -EIO;
809 	if (invalid_nodeid(outarg.nodeid) || fuse_invalid_attr(&outarg.attr))
810 		goto out_put_forget_req;
811 
812 	if ((outarg.attr.mode ^ mode) & S_IFMT)
813 		goto out_put_forget_req;
814 
815 	inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation,
816 			  &outarg.attr, entry_attr_timeout(&outarg), 0);
817 	if (!inode) {
818 		fuse_queue_forget(fm->fc, forget, outarg.nodeid, 1);
819 		return -ENOMEM;
820 	}
821 	kfree(forget);
822 
823 	d_drop(entry);
824 	d = d_splice_alias(inode, entry);
825 	if (IS_ERR(d))
826 		return PTR_ERR(d);
827 
828 	if (d) {
829 		fuse_change_entry_timeout(d, &outarg);
830 		dput(d);
831 	} else {
832 		fuse_change_entry_timeout(entry, &outarg);
833 	}
834 	fuse_dir_changed(dir);
835 	return 0;
836 
837  out_put_forget_req:
838 	kfree(forget);
839 	return err;
840 }
841 
842 static int fuse_mknod(struct mnt_idmap *idmap, struct inode *dir,
843 		      struct dentry *entry, umode_t mode, dev_t rdev)
844 {
845 	struct fuse_mknod_in inarg;
846 	struct fuse_mount *fm = get_fuse_mount(dir);
847 	FUSE_ARGS(args);
848 
849 	if (!fm->fc->dont_mask)
850 		mode &= ~current_umask();
851 
852 	memset(&inarg, 0, sizeof(inarg));
853 	inarg.mode = mode;
854 	inarg.rdev = new_encode_dev(rdev);
855 	inarg.umask = current_umask();
856 	args.opcode = FUSE_MKNOD;
857 	args.in_numargs = 2;
858 	args.in_args[0].size = sizeof(inarg);
859 	args.in_args[0].value = &inarg;
860 	args.in_args[1].size = entry->d_name.len + 1;
861 	args.in_args[1].value = entry->d_name.name;
862 	return create_new_entry(fm, &args, dir, entry, mode);
863 }
864 
865 static int fuse_create(struct mnt_idmap *idmap, struct inode *dir,
866 		       struct dentry *entry, umode_t mode, bool excl)
867 {
868 	return fuse_mknod(&nop_mnt_idmap, dir, entry, mode, 0);
869 }
870 
871 static int fuse_tmpfile(struct mnt_idmap *idmap, struct inode *dir,
872 			struct file *file, umode_t mode)
873 {
874 	struct fuse_conn *fc = get_fuse_conn(dir);
875 	int err;
876 
877 	if (fc->no_tmpfile)
878 		return -EOPNOTSUPP;
879 
880 	err = fuse_create_open(dir, file->f_path.dentry, file, file->f_flags, mode, FUSE_TMPFILE);
881 	if (err == -ENOSYS) {
882 		fc->no_tmpfile = 1;
883 		err = -EOPNOTSUPP;
884 	}
885 	return err;
886 }
887 
888 static int fuse_mkdir(struct mnt_idmap *idmap, struct inode *dir,
889 		      struct dentry *entry, umode_t mode)
890 {
891 	struct fuse_mkdir_in inarg;
892 	struct fuse_mount *fm = get_fuse_mount(dir);
893 	FUSE_ARGS(args);
894 
895 	if (!fm->fc->dont_mask)
896 		mode &= ~current_umask();
897 
898 	memset(&inarg, 0, sizeof(inarg));
899 	inarg.mode = mode;
900 	inarg.umask = current_umask();
901 	args.opcode = FUSE_MKDIR;
902 	args.in_numargs = 2;
903 	args.in_args[0].size = sizeof(inarg);
904 	args.in_args[0].value = &inarg;
905 	args.in_args[1].size = entry->d_name.len + 1;
906 	args.in_args[1].value = entry->d_name.name;
907 	return create_new_entry(fm, &args, dir, entry, S_IFDIR);
908 }
909 
910 static int fuse_symlink(struct mnt_idmap *idmap, struct inode *dir,
911 			struct dentry *entry, const char *link)
912 {
913 	struct fuse_mount *fm = get_fuse_mount(dir);
914 	unsigned len = strlen(link) + 1;
915 	FUSE_ARGS(args);
916 
917 	args.opcode = FUSE_SYMLINK;
918 	args.in_numargs = 2;
919 	args.in_args[0].size = entry->d_name.len + 1;
920 	args.in_args[0].value = entry->d_name.name;
921 	args.in_args[1].size = len;
922 	args.in_args[1].value = link;
923 	return create_new_entry(fm, &args, dir, entry, S_IFLNK);
924 }
925 
926 void fuse_flush_time_update(struct inode *inode)
927 {
928 	int err = sync_inode_metadata(inode, 1);
929 
930 	mapping_set_error(inode->i_mapping, err);
931 }
932 
933 static void fuse_update_ctime_in_cache(struct inode *inode)
934 {
935 	if (!IS_NOCMTIME(inode)) {
936 		inode->i_ctime = current_time(inode);
937 		mark_inode_dirty_sync(inode);
938 		fuse_flush_time_update(inode);
939 	}
940 }
941 
942 void fuse_update_ctime(struct inode *inode)
943 {
944 	fuse_invalidate_attr_mask(inode, STATX_CTIME);
945 	fuse_update_ctime_in_cache(inode);
946 }
947 
948 static void fuse_entry_unlinked(struct dentry *entry)
949 {
950 	struct inode *inode = d_inode(entry);
951 	struct fuse_conn *fc = get_fuse_conn(inode);
952 	struct fuse_inode *fi = get_fuse_inode(inode);
953 
954 	spin_lock(&fi->lock);
955 	fi->attr_version = atomic64_inc_return(&fc->attr_version);
956 	/*
957 	 * If i_nlink == 0 then unlink doesn't make sense, yet this can
958 	 * happen if userspace filesystem is careless.  It would be
959 	 * difficult to enforce correct nlink usage so just ignore this
960 	 * condition here
961 	 */
962 	if (S_ISDIR(inode->i_mode))
963 		clear_nlink(inode);
964 	else if (inode->i_nlink > 0)
965 		drop_nlink(inode);
966 	spin_unlock(&fi->lock);
967 	fuse_invalidate_entry_cache(entry);
968 	fuse_update_ctime(inode);
969 }
970 
971 static int fuse_unlink(struct inode *dir, struct dentry *entry)
972 {
973 	int err;
974 	struct fuse_mount *fm = get_fuse_mount(dir);
975 	FUSE_ARGS(args);
976 
977 	if (fuse_is_bad(dir))
978 		return -EIO;
979 
980 	args.opcode = FUSE_UNLINK;
981 	args.nodeid = get_node_id(dir);
982 	args.in_numargs = 1;
983 	args.in_args[0].size = entry->d_name.len + 1;
984 	args.in_args[0].value = entry->d_name.name;
985 	err = fuse_simple_request(fm, &args);
986 	if (!err) {
987 		fuse_dir_changed(dir);
988 		fuse_entry_unlinked(entry);
989 	} else if (err == -EINTR)
990 		fuse_invalidate_entry(entry);
991 	return err;
992 }
993 
994 static int fuse_rmdir(struct inode *dir, struct dentry *entry)
995 {
996 	int err;
997 	struct fuse_mount *fm = get_fuse_mount(dir);
998 	FUSE_ARGS(args);
999 
1000 	if (fuse_is_bad(dir))
1001 		return -EIO;
1002 
1003 	args.opcode = FUSE_RMDIR;
1004 	args.nodeid = get_node_id(dir);
1005 	args.in_numargs = 1;
1006 	args.in_args[0].size = entry->d_name.len + 1;
1007 	args.in_args[0].value = entry->d_name.name;
1008 	err = fuse_simple_request(fm, &args);
1009 	if (!err) {
1010 		fuse_dir_changed(dir);
1011 		fuse_entry_unlinked(entry);
1012 	} else if (err == -EINTR)
1013 		fuse_invalidate_entry(entry);
1014 	return err;
1015 }
1016 
1017 static int fuse_rename_common(struct inode *olddir, struct dentry *oldent,
1018 			      struct inode *newdir, struct dentry *newent,
1019 			      unsigned int flags, int opcode, size_t argsize)
1020 {
1021 	int err;
1022 	struct fuse_rename2_in inarg;
1023 	struct fuse_mount *fm = get_fuse_mount(olddir);
1024 	FUSE_ARGS(args);
1025 
1026 	memset(&inarg, 0, argsize);
1027 	inarg.newdir = get_node_id(newdir);
1028 	inarg.flags = flags;
1029 	args.opcode = opcode;
1030 	args.nodeid = get_node_id(olddir);
1031 	args.in_numargs = 3;
1032 	args.in_args[0].size = argsize;
1033 	args.in_args[0].value = &inarg;
1034 	args.in_args[1].size = oldent->d_name.len + 1;
1035 	args.in_args[1].value = oldent->d_name.name;
1036 	args.in_args[2].size = newent->d_name.len + 1;
1037 	args.in_args[2].value = newent->d_name.name;
1038 	err = fuse_simple_request(fm, &args);
1039 	if (!err) {
1040 		/* ctime changes */
1041 		fuse_update_ctime(d_inode(oldent));
1042 
1043 		if (flags & RENAME_EXCHANGE)
1044 			fuse_update_ctime(d_inode(newent));
1045 
1046 		fuse_dir_changed(olddir);
1047 		if (olddir != newdir)
1048 			fuse_dir_changed(newdir);
1049 
1050 		/* newent will end up negative */
1051 		if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent))
1052 			fuse_entry_unlinked(newent);
1053 	} else if (err == -EINTR) {
1054 		/* If request was interrupted, DEITY only knows if the
1055 		   rename actually took place.  If the invalidation
1056 		   fails (e.g. some process has CWD under the renamed
1057 		   directory), then there can be inconsistency between
1058 		   the dcache and the real filesystem.  Tough luck. */
1059 		fuse_invalidate_entry(oldent);
1060 		if (d_really_is_positive(newent))
1061 			fuse_invalidate_entry(newent);
1062 	}
1063 
1064 	return err;
1065 }
1066 
1067 static int fuse_rename2(struct mnt_idmap *idmap, struct inode *olddir,
1068 			struct dentry *oldent, struct inode *newdir,
1069 			struct dentry *newent, unsigned int flags)
1070 {
1071 	struct fuse_conn *fc = get_fuse_conn(olddir);
1072 	int err;
1073 
1074 	if (fuse_is_bad(olddir))
1075 		return -EIO;
1076 
1077 	if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
1078 		return -EINVAL;
1079 
1080 	if (flags) {
1081 		if (fc->no_rename2 || fc->minor < 23)
1082 			return -EINVAL;
1083 
1084 		err = fuse_rename_common(olddir, oldent, newdir, newent, flags,
1085 					 FUSE_RENAME2,
1086 					 sizeof(struct fuse_rename2_in));
1087 		if (err == -ENOSYS) {
1088 			fc->no_rename2 = 1;
1089 			err = -EINVAL;
1090 		}
1091 	} else {
1092 		err = fuse_rename_common(olddir, oldent, newdir, newent, 0,
1093 					 FUSE_RENAME,
1094 					 sizeof(struct fuse_rename_in));
1095 	}
1096 
1097 	return err;
1098 }
1099 
1100 static int fuse_link(struct dentry *entry, struct inode *newdir,
1101 		     struct dentry *newent)
1102 {
1103 	int err;
1104 	struct fuse_link_in inarg;
1105 	struct inode *inode = d_inode(entry);
1106 	struct fuse_mount *fm = get_fuse_mount(inode);
1107 	FUSE_ARGS(args);
1108 
1109 	memset(&inarg, 0, sizeof(inarg));
1110 	inarg.oldnodeid = get_node_id(inode);
1111 	args.opcode = FUSE_LINK;
1112 	args.in_numargs = 2;
1113 	args.in_args[0].size = sizeof(inarg);
1114 	args.in_args[0].value = &inarg;
1115 	args.in_args[1].size = newent->d_name.len + 1;
1116 	args.in_args[1].value = newent->d_name.name;
1117 	err = create_new_entry(fm, &args, newdir, newent, inode->i_mode);
1118 	if (!err)
1119 		fuse_update_ctime_in_cache(inode);
1120 	else if (err == -EINTR)
1121 		fuse_invalidate_attr(inode);
1122 
1123 	return err;
1124 }
1125 
1126 static void fuse_fillattr(struct inode *inode, struct fuse_attr *attr,
1127 			  struct kstat *stat)
1128 {
1129 	unsigned int blkbits;
1130 	struct fuse_conn *fc = get_fuse_conn(inode);
1131 
1132 	stat->dev = inode->i_sb->s_dev;
1133 	stat->ino = attr->ino;
1134 	stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777);
1135 	stat->nlink = attr->nlink;
1136 	stat->uid = make_kuid(fc->user_ns, attr->uid);
1137 	stat->gid = make_kgid(fc->user_ns, attr->gid);
1138 	stat->rdev = inode->i_rdev;
1139 	stat->atime.tv_sec = attr->atime;
1140 	stat->atime.tv_nsec = attr->atimensec;
1141 	stat->mtime.tv_sec = attr->mtime;
1142 	stat->mtime.tv_nsec = attr->mtimensec;
1143 	stat->ctime.tv_sec = attr->ctime;
1144 	stat->ctime.tv_nsec = attr->ctimensec;
1145 	stat->size = attr->size;
1146 	stat->blocks = attr->blocks;
1147 
1148 	if (attr->blksize != 0)
1149 		blkbits = ilog2(attr->blksize);
1150 	else
1151 		blkbits = inode->i_sb->s_blocksize_bits;
1152 
1153 	stat->blksize = 1 << blkbits;
1154 }
1155 
1156 static int fuse_do_getattr(struct inode *inode, struct kstat *stat,
1157 			   struct file *file)
1158 {
1159 	int err;
1160 	struct fuse_getattr_in inarg;
1161 	struct fuse_attr_out outarg;
1162 	struct fuse_mount *fm = get_fuse_mount(inode);
1163 	FUSE_ARGS(args);
1164 	u64 attr_version;
1165 
1166 	attr_version = fuse_get_attr_version(fm->fc);
1167 
1168 	memset(&inarg, 0, sizeof(inarg));
1169 	memset(&outarg, 0, sizeof(outarg));
1170 	/* Directories have separate file-handle space */
1171 	if (file && S_ISREG(inode->i_mode)) {
1172 		struct fuse_file *ff = file->private_data;
1173 
1174 		inarg.getattr_flags |= FUSE_GETATTR_FH;
1175 		inarg.fh = ff->fh;
1176 	}
1177 	args.opcode = FUSE_GETATTR;
1178 	args.nodeid = get_node_id(inode);
1179 	args.in_numargs = 1;
1180 	args.in_args[0].size = sizeof(inarg);
1181 	args.in_args[0].value = &inarg;
1182 	args.out_numargs = 1;
1183 	args.out_args[0].size = sizeof(outarg);
1184 	args.out_args[0].value = &outarg;
1185 	err = fuse_simple_request(fm, &args);
1186 	if (!err) {
1187 		if (fuse_invalid_attr(&outarg.attr) ||
1188 		    inode_wrong_type(inode, outarg.attr.mode)) {
1189 			fuse_make_bad(inode);
1190 			err = -EIO;
1191 		} else {
1192 			fuse_change_attributes(inode, &outarg.attr,
1193 					       attr_timeout(&outarg),
1194 					       attr_version);
1195 			if (stat)
1196 				fuse_fillattr(inode, &outarg.attr, stat);
1197 		}
1198 	}
1199 	return err;
1200 }
1201 
1202 static int fuse_update_get_attr(struct inode *inode, struct file *file,
1203 				struct kstat *stat, u32 request_mask,
1204 				unsigned int flags)
1205 {
1206 	struct fuse_inode *fi = get_fuse_inode(inode);
1207 	int err = 0;
1208 	bool sync;
1209 	u32 inval_mask = READ_ONCE(fi->inval_mask);
1210 	u32 cache_mask = fuse_get_cache_mask(inode);
1211 
1212 	if (flags & AT_STATX_FORCE_SYNC)
1213 		sync = true;
1214 	else if (flags & AT_STATX_DONT_SYNC)
1215 		sync = false;
1216 	else if (request_mask & inval_mask & ~cache_mask)
1217 		sync = true;
1218 	else
1219 		sync = time_before64(fi->i_time, get_jiffies_64());
1220 
1221 	if (sync) {
1222 		forget_all_cached_acls(inode);
1223 		err = fuse_do_getattr(inode, stat, file);
1224 	} else if (stat) {
1225 		generic_fillattr(&nop_mnt_idmap, inode, stat);
1226 		stat->mode = fi->orig_i_mode;
1227 		stat->ino = fi->orig_ino;
1228 	}
1229 
1230 	return err;
1231 }
1232 
1233 int fuse_update_attributes(struct inode *inode, struct file *file, u32 mask)
1234 {
1235 	return fuse_update_get_attr(inode, file, NULL, mask, 0);
1236 }
1237 
1238 int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid,
1239 			     u64 child_nodeid, struct qstr *name, u32 flags)
1240 {
1241 	int err = -ENOTDIR;
1242 	struct inode *parent;
1243 	struct dentry *dir;
1244 	struct dentry *entry;
1245 
1246 	parent = fuse_ilookup(fc, parent_nodeid, NULL);
1247 	if (!parent)
1248 		return -ENOENT;
1249 
1250 	inode_lock_nested(parent, I_MUTEX_PARENT);
1251 	if (!S_ISDIR(parent->i_mode))
1252 		goto unlock;
1253 
1254 	err = -ENOENT;
1255 	dir = d_find_alias(parent);
1256 	if (!dir)
1257 		goto unlock;
1258 
1259 	name->hash = full_name_hash(dir, name->name, name->len);
1260 	entry = d_lookup(dir, name);
1261 	dput(dir);
1262 	if (!entry)
1263 		goto unlock;
1264 
1265 	fuse_dir_changed(parent);
1266 	if (!(flags & FUSE_EXPIRE_ONLY))
1267 		d_invalidate(entry);
1268 	fuse_invalidate_entry_cache(entry);
1269 
1270 	if (child_nodeid != 0 && d_really_is_positive(entry)) {
1271 		inode_lock(d_inode(entry));
1272 		if (get_node_id(d_inode(entry)) != child_nodeid) {
1273 			err = -ENOENT;
1274 			goto badentry;
1275 		}
1276 		if (d_mountpoint(entry)) {
1277 			err = -EBUSY;
1278 			goto badentry;
1279 		}
1280 		if (d_is_dir(entry)) {
1281 			shrink_dcache_parent(entry);
1282 			if (!simple_empty(entry)) {
1283 				err = -ENOTEMPTY;
1284 				goto badentry;
1285 			}
1286 			d_inode(entry)->i_flags |= S_DEAD;
1287 		}
1288 		dont_mount(entry);
1289 		clear_nlink(d_inode(entry));
1290 		err = 0;
1291  badentry:
1292 		inode_unlock(d_inode(entry));
1293 		if (!err)
1294 			d_delete(entry);
1295 	} else {
1296 		err = 0;
1297 	}
1298 	dput(entry);
1299 
1300  unlock:
1301 	inode_unlock(parent);
1302 	iput(parent);
1303 	return err;
1304 }
1305 
1306 static inline bool fuse_permissible_uidgid(struct fuse_conn *fc)
1307 {
1308 	const struct cred *cred = current_cred();
1309 
1310 	return (uid_eq(cred->euid, fc->user_id) &&
1311 		uid_eq(cred->suid, fc->user_id) &&
1312 		uid_eq(cred->uid,  fc->user_id) &&
1313 		gid_eq(cred->egid, fc->group_id) &&
1314 		gid_eq(cred->sgid, fc->group_id) &&
1315 		gid_eq(cred->gid,  fc->group_id));
1316 }
1317 
1318 /*
1319  * Calling into a user-controlled filesystem gives the filesystem
1320  * daemon ptrace-like capabilities over the current process.  This
1321  * means, that the filesystem daemon is able to record the exact
1322  * filesystem operations performed, and can also control the behavior
1323  * of the requester process in otherwise impossible ways.  For example
1324  * it can delay the operation for arbitrary length of time allowing
1325  * DoS against the requester.
1326  *
1327  * For this reason only those processes can call into the filesystem,
1328  * for which the owner of the mount has ptrace privilege.  This
1329  * excludes processes started by other users, suid or sgid processes.
1330  */
1331 bool fuse_allow_current_process(struct fuse_conn *fc)
1332 {
1333 	bool allow;
1334 
1335 	if (fc->allow_other)
1336 		allow = current_in_userns(fc->user_ns);
1337 	else
1338 		allow = fuse_permissible_uidgid(fc);
1339 
1340 	if (!allow && allow_sys_admin_access && capable(CAP_SYS_ADMIN))
1341 		allow = true;
1342 
1343 	return allow;
1344 }
1345 
1346 static int fuse_access(struct inode *inode, int mask)
1347 {
1348 	struct fuse_mount *fm = get_fuse_mount(inode);
1349 	FUSE_ARGS(args);
1350 	struct fuse_access_in inarg;
1351 	int err;
1352 
1353 	BUG_ON(mask & MAY_NOT_BLOCK);
1354 
1355 	if (fm->fc->no_access)
1356 		return 0;
1357 
1358 	memset(&inarg, 0, sizeof(inarg));
1359 	inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
1360 	args.opcode = FUSE_ACCESS;
1361 	args.nodeid = get_node_id(inode);
1362 	args.in_numargs = 1;
1363 	args.in_args[0].size = sizeof(inarg);
1364 	args.in_args[0].value = &inarg;
1365 	err = fuse_simple_request(fm, &args);
1366 	if (err == -ENOSYS) {
1367 		fm->fc->no_access = 1;
1368 		err = 0;
1369 	}
1370 	return err;
1371 }
1372 
1373 static int fuse_perm_getattr(struct inode *inode, int mask)
1374 {
1375 	if (mask & MAY_NOT_BLOCK)
1376 		return -ECHILD;
1377 
1378 	forget_all_cached_acls(inode);
1379 	return fuse_do_getattr(inode, NULL, NULL);
1380 }
1381 
1382 /*
1383  * Check permission.  The two basic access models of FUSE are:
1384  *
1385  * 1) Local access checking ('default_permissions' mount option) based
1386  * on file mode.  This is the plain old disk filesystem permission
1387  * modell.
1388  *
1389  * 2) "Remote" access checking, where server is responsible for
1390  * checking permission in each inode operation.  An exception to this
1391  * is if ->permission() was invoked from sys_access() in which case an
1392  * access request is sent.  Execute permission is still checked
1393  * locally based on file mode.
1394  */
1395 static int fuse_permission(struct mnt_idmap *idmap,
1396 			   struct inode *inode, int mask)
1397 {
1398 	struct fuse_conn *fc = get_fuse_conn(inode);
1399 	bool refreshed = false;
1400 	int err = 0;
1401 
1402 	if (fuse_is_bad(inode))
1403 		return -EIO;
1404 
1405 	if (!fuse_allow_current_process(fc))
1406 		return -EACCES;
1407 
1408 	/*
1409 	 * If attributes are needed, refresh them before proceeding
1410 	 */
1411 	if (fc->default_permissions ||
1412 	    ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
1413 		struct fuse_inode *fi = get_fuse_inode(inode);
1414 		u32 perm_mask = STATX_MODE | STATX_UID | STATX_GID;
1415 
1416 		if (perm_mask & READ_ONCE(fi->inval_mask) ||
1417 		    time_before64(fi->i_time, get_jiffies_64())) {
1418 			refreshed = true;
1419 
1420 			err = fuse_perm_getattr(inode, mask);
1421 			if (err)
1422 				return err;
1423 		}
1424 	}
1425 
1426 	if (fc->default_permissions) {
1427 		err = generic_permission(&nop_mnt_idmap, inode, mask);
1428 
1429 		/* If permission is denied, try to refresh file
1430 		   attributes.  This is also needed, because the root
1431 		   node will at first have no permissions */
1432 		if (err == -EACCES && !refreshed) {
1433 			err = fuse_perm_getattr(inode, mask);
1434 			if (!err)
1435 				err = generic_permission(&nop_mnt_idmap,
1436 							 inode, mask);
1437 		}
1438 
1439 		/* Note: the opposite of the above test does not
1440 		   exist.  So if permissions are revoked this won't be
1441 		   noticed immediately, only after the attribute
1442 		   timeout has expired */
1443 	} else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
1444 		err = fuse_access(inode, mask);
1445 	} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
1446 		if (!(inode->i_mode & S_IXUGO)) {
1447 			if (refreshed)
1448 				return -EACCES;
1449 
1450 			err = fuse_perm_getattr(inode, mask);
1451 			if (!err && !(inode->i_mode & S_IXUGO))
1452 				return -EACCES;
1453 		}
1454 	}
1455 	return err;
1456 }
1457 
1458 static int fuse_readlink_page(struct inode *inode, struct page *page)
1459 {
1460 	struct fuse_mount *fm = get_fuse_mount(inode);
1461 	struct fuse_page_desc desc = { .length = PAGE_SIZE - 1 };
1462 	struct fuse_args_pages ap = {
1463 		.num_pages = 1,
1464 		.pages = &page,
1465 		.descs = &desc,
1466 	};
1467 	char *link;
1468 	ssize_t res;
1469 
1470 	ap.args.opcode = FUSE_READLINK;
1471 	ap.args.nodeid = get_node_id(inode);
1472 	ap.args.out_pages = true;
1473 	ap.args.out_argvar = true;
1474 	ap.args.page_zeroing = true;
1475 	ap.args.out_numargs = 1;
1476 	ap.args.out_args[0].size = desc.length;
1477 	res = fuse_simple_request(fm, &ap.args);
1478 
1479 	fuse_invalidate_atime(inode);
1480 
1481 	if (res < 0)
1482 		return res;
1483 
1484 	if (WARN_ON(res >= PAGE_SIZE))
1485 		return -EIO;
1486 
1487 	link = page_address(page);
1488 	link[res] = '\0';
1489 
1490 	return 0;
1491 }
1492 
1493 static const char *fuse_get_link(struct dentry *dentry, struct inode *inode,
1494 				 struct delayed_call *callback)
1495 {
1496 	struct fuse_conn *fc = get_fuse_conn(inode);
1497 	struct page *page;
1498 	int err;
1499 
1500 	err = -EIO;
1501 	if (fuse_is_bad(inode))
1502 		goto out_err;
1503 
1504 	if (fc->cache_symlinks)
1505 		return page_get_link(dentry, inode, callback);
1506 
1507 	err = -ECHILD;
1508 	if (!dentry)
1509 		goto out_err;
1510 
1511 	page = alloc_page(GFP_KERNEL);
1512 	err = -ENOMEM;
1513 	if (!page)
1514 		goto out_err;
1515 
1516 	err = fuse_readlink_page(inode, page);
1517 	if (err) {
1518 		__free_page(page);
1519 		goto out_err;
1520 	}
1521 
1522 	set_delayed_call(callback, page_put_link, page);
1523 
1524 	return page_address(page);
1525 
1526 out_err:
1527 	return ERR_PTR(err);
1528 }
1529 
1530 static int fuse_dir_open(struct inode *inode, struct file *file)
1531 {
1532 	return fuse_open_common(inode, file, true);
1533 }
1534 
1535 static int fuse_dir_release(struct inode *inode, struct file *file)
1536 {
1537 	fuse_release_common(file, true);
1538 
1539 	return 0;
1540 }
1541 
1542 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end,
1543 			  int datasync)
1544 {
1545 	struct inode *inode = file->f_mapping->host;
1546 	struct fuse_conn *fc = get_fuse_conn(inode);
1547 	int err;
1548 
1549 	if (fuse_is_bad(inode))
1550 		return -EIO;
1551 
1552 	if (fc->no_fsyncdir)
1553 		return 0;
1554 
1555 	inode_lock(inode);
1556 	err = fuse_fsync_common(file, start, end, datasync, FUSE_FSYNCDIR);
1557 	if (err == -ENOSYS) {
1558 		fc->no_fsyncdir = 1;
1559 		err = 0;
1560 	}
1561 	inode_unlock(inode);
1562 
1563 	return err;
1564 }
1565 
1566 static long fuse_dir_ioctl(struct file *file, unsigned int cmd,
1567 			    unsigned long arg)
1568 {
1569 	struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1570 
1571 	/* FUSE_IOCTL_DIR only supported for API version >= 7.18 */
1572 	if (fc->minor < 18)
1573 		return -ENOTTY;
1574 
1575 	return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR);
1576 }
1577 
1578 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd,
1579 				   unsigned long arg)
1580 {
1581 	struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1582 
1583 	if (fc->minor < 18)
1584 		return -ENOTTY;
1585 
1586 	return fuse_ioctl_common(file, cmd, arg,
1587 				 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR);
1588 }
1589 
1590 static bool update_mtime(unsigned ivalid, bool trust_local_mtime)
1591 {
1592 	/* Always update if mtime is explicitly set  */
1593 	if (ivalid & ATTR_MTIME_SET)
1594 		return true;
1595 
1596 	/* Or if kernel i_mtime is the official one */
1597 	if (trust_local_mtime)
1598 		return true;
1599 
1600 	/* If it's an open(O_TRUNC) or an ftruncate(), don't update */
1601 	if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE)))
1602 		return false;
1603 
1604 	/* In all other cases update */
1605 	return true;
1606 }
1607 
1608 static void iattr_to_fattr(struct fuse_conn *fc, struct iattr *iattr,
1609 			   struct fuse_setattr_in *arg, bool trust_local_cmtime)
1610 {
1611 	unsigned ivalid = iattr->ia_valid;
1612 
1613 	if (ivalid & ATTR_MODE)
1614 		arg->valid |= FATTR_MODE,   arg->mode = iattr->ia_mode;
1615 	if (ivalid & ATTR_UID)
1616 		arg->valid |= FATTR_UID,    arg->uid = from_kuid(fc->user_ns, iattr->ia_uid);
1617 	if (ivalid & ATTR_GID)
1618 		arg->valid |= FATTR_GID,    arg->gid = from_kgid(fc->user_ns, iattr->ia_gid);
1619 	if (ivalid & ATTR_SIZE)
1620 		arg->valid |= FATTR_SIZE,   arg->size = iattr->ia_size;
1621 	if (ivalid & ATTR_ATIME) {
1622 		arg->valid |= FATTR_ATIME;
1623 		arg->atime = iattr->ia_atime.tv_sec;
1624 		arg->atimensec = iattr->ia_atime.tv_nsec;
1625 		if (!(ivalid & ATTR_ATIME_SET))
1626 			arg->valid |= FATTR_ATIME_NOW;
1627 	}
1628 	if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) {
1629 		arg->valid |= FATTR_MTIME;
1630 		arg->mtime = iattr->ia_mtime.tv_sec;
1631 		arg->mtimensec = iattr->ia_mtime.tv_nsec;
1632 		if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime)
1633 			arg->valid |= FATTR_MTIME_NOW;
1634 	}
1635 	if ((ivalid & ATTR_CTIME) && trust_local_cmtime) {
1636 		arg->valid |= FATTR_CTIME;
1637 		arg->ctime = iattr->ia_ctime.tv_sec;
1638 		arg->ctimensec = iattr->ia_ctime.tv_nsec;
1639 	}
1640 }
1641 
1642 /*
1643  * Prevent concurrent writepages on inode
1644  *
1645  * This is done by adding a negative bias to the inode write counter
1646  * and waiting for all pending writes to finish.
1647  */
1648 void fuse_set_nowrite(struct inode *inode)
1649 {
1650 	struct fuse_inode *fi = get_fuse_inode(inode);
1651 
1652 	BUG_ON(!inode_is_locked(inode));
1653 
1654 	spin_lock(&fi->lock);
1655 	BUG_ON(fi->writectr < 0);
1656 	fi->writectr += FUSE_NOWRITE;
1657 	spin_unlock(&fi->lock);
1658 	wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE);
1659 }
1660 
1661 /*
1662  * Allow writepages on inode
1663  *
1664  * Remove the bias from the writecounter and send any queued
1665  * writepages.
1666  */
1667 static void __fuse_release_nowrite(struct inode *inode)
1668 {
1669 	struct fuse_inode *fi = get_fuse_inode(inode);
1670 
1671 	BUG_ON(fi->writectr != FUSE_NOWRITE);
1672 	fi->writectr = 0;
1673 	fuse_flush_writepages(inode);
1674 }
1675 
1676 void fuse_release_nowrite(struct inode *inode)
1677 {
1678 	struct fuse_inode *fi = get_fuse_inode(inode);
1679 
1680 	spin_lock(&fi->lock);
1681 	__fuse_release_nowrite(inode);
1682 	spin_unlock(&fi->lock);
1683 }
1684 
1685 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args,
1686 			      struct inode *inode,
1687 			      struct fuse_setattr_in *inarg_p,
1688 			      struct fuse_attr_out *outarg_p)
1689 {
1690 	args->opcode = FUSE_SETATTR;
1691 	args->nodeid = get_node_id(inode);
1692 	args->in_numargs = 1;
1693 	args->in_args[0].size = sizeof(*inarg_p);
1694 	args->in_args[0].value = inarg_p;
1695 	args->out_numargs = 1;
1696 	args->out_args[0].size = sizeof(*outarg_p);
1697 	args->out_args[0].value = outarg_p;
1698 }
1699 
1700 /*
1701  * Flush inode->i_mtime to the server
1702  */
1703 int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
1704 {
1705 	struct fuse_mount *fm = get_fuse_mount(inode);
1706 	FUSE_ARGS(args);
1707 	struct fuse_setattr_in inarg;
1708 	struct fuse_attr_out outarg;
1709 
1710 	memset(&inarg, 0, sizeof(inarg));
1711 	memset(&outarg, 0, sizeof(outarg));
1712 
1713 	inarg.valid = FATTR_MTIME;
1714 	inarg.mtime = inode->i_mtime.tv_sec;
1715 	inarg.mtimensec = inode->i_mtime.tv_nsec;
1716 	if (fm->fc->minor >= 23) {
1717 		inarg.valid |= FATTR_CTIME;
1718 		inarg.ctime = inode->i_ctime.tv_sec;
1719 		inarg.ctimensec = inode->i_ctime.tv_nsec;
1720 	}
1721 	if (ff) {
1722 		inarg.valid |= FATTR_FH;
1723 		inarg.fh = ff->fh;
1724 	}
1725 	fuse_setattr_fill(fm->fc, &args, inode, &inarg, &outarg);
1726 
1727 	return fuse_simple_request(fm, &args);
1728 }
1729 
1730 /*
1731  * Set attributes, and at the same time refresh them.
1732  *
1733  * Truncation is slightly complicated, because the 'truncate' request
1734  * may fail, in which case we don't want to touch the mapping.
1735  * vmtruncate() doesn't allow for this case, so do the rlimit checking
1736  * and the actual truncation by hand.
1737  */
1738 int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
1739 		    struct file *file)
1740 {
1741 	struct inode *inode = d_inode(dentry);
1742 	struct fuse_mount *fm = get_fuse_mount(inode);
1743 	struct fuse_conn *fc = fm->fc;
1744 	struct fuse_inode *fi = get_fuse_inode(inode);
1745 	struct address_space *mapping = inode->i_mapping;
1746 	FUSE_ARGS(args);
1747 	struct fuse_setattr_in inarg;
1748 	struct fuse_attr_out outarg;
1749 	bool is_truncate = false;
1750 	bool is_wb = fc->writeback_cache && S_ISREG(inode->i_mode);
1751 	loff_t oldsize;
1752 	int err;
1753 	bool trust_local_cmtime = is_wb;
1754 	bool fault_blocked = false;
1755 
1756 	if (!fc->default_permissions)
1757 		attr->ia_valid |= ATTR_FORCE;
1758 
1759 	err = setattr_prepare(&nop_mnt_idmap, dentry, attr);
1760 	if (err)
1761 		return err;
1762 
1763 	if (attr->ia_valid & ATTR_SIZE) {
1764 		if (WARN_ON(!S_ISREG(inode->i_mode)))
1765 			return -EIO;
1766 		is_truncate = true;
1767 	}
1768 
1769 	if (FUSE_IS_DAX(inode) && is_truncate) {
1770 		filemap_invalidate_lock(mapping);
1771 		fault_blocked = true;
1772 		err = fuse_dax_break_layouts(inode, 0, 0);
1773 		if (err) {
1774 			filemap_invalidate_unlock(mapping);
1775 			return err;
1776 		}
1777 	}
1778 
1779 	if (attr->ia_valid & ATTR_OPEN) {
1780 		/* This is coming from open(..., ... | O_TRUNC); */
1781 		WARN_ON(!(attr->ia_valid & ATTR_SIZE));
1782 		WARN_ON(attr->ia_size != 0);
1783 		if (fc->atomic_o_trunc) {
1784 			/*
1785 			 * No need to send request to userspace, since actual
1786 			 * truncation has already been done by OPEN.  But still
1787 			 * need to truncate page cache.
1788 			 */
1789 			i_size_write(inode, 0);
1790 			truncate_pagecache(inode, 0);
1791 			goto out;
1792 		}
1793 		file = NULL;
1794 	}
1795 
1796 	/* Flush dirty data/metadata before non-truncate SETATTR */
1797 	if (is_wb &&
1798 	    attr->ia_valid &
1799 			(ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_MTIME_SET |
1800 			 ATTR_TIMES_SET)) {
1801 		err = write_inode_now(inode, true);
1802 		if (err)
1803 			return err;
1804 
1805 		fuse_set_nowrite(inode);
1806 		fuse_release_nowrite(inode);
1807 	}
1808 
1809 	if (is_truncate) {
1810 		fuse_set_nowrite(inode);
1811 		set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1812 		if (trust_local_cmtime && attr->ia_size != inode->i_size)
1813 			attr->ia_valid |= ATTR_MTIME | ATTR_CTIME;
1814 	}
1815 
1816 	memset(&inarg, 0, sizeof(inarg));
1817 	memset(&outarg, 0, sizeof(outarg));
1818 	iattr_to_fattr(fc, attr, &inarg, trust_local_cmtime);
1819 	if (file) {
1820 		struct fuse_file *ff = file->private_data;
1821 		inarg.valid |= FATTR_FH;
1822 		inarg.fh = ff->fh;
1823 	}
1824 
1825 	/* Kill suid/sgid for non-directory chown unconditionally */
1826 	if (fc->handle_killpriv_v2 && !S_ISDIR(inode->i_mode) &&
1827 	    attr->ia_valid & (ATTR_UID | ATTR_GID))
1828 		inarg.valid |= FATTR_KILL_SUIDGID;
1829 
1830 	if (attr->ia_valid & ATTR_SIZE) {
1831 		/* For mandatory locking in truncate */
1832 		inarg.valid |= FATTR_LOCKOWNER;
1833 		inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
1834 
1835 		/* Kill suid/sgid for truncate only if no CAP_FSETID */
1836 		if (fc->handle_killpriv_v2 && !capable(CAP_FSETID))
1837 			inarg.valid |= FATTR_KILL_SUIDGID;
1838 	}
1839 	fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
1840 	err = fuse_simple_request(fm, &args);
1841 	if (err) {
1842 		if (err == -EINTR)
1843 			fuse_invalidate_attr(inode);
1844 		goto error;
1845 	}
1846 
1847 	if (fuse_invalid_attr(&outarg.attr) ||
1848 	    inode_wrong_type(inode, outarg.attr.mode)) {
1849 		fuse_make_bad(inode);
1850 		err = -EIO;
1851 		goto error;
1852 	}
1853 
1854 	spin_lock(&fi->lock);
1855 	/* the kernel maintains i_mtime locally */
1856 	if (trust_local_cmtime) {
1857 		if (attr->ia_valid & ATTR_MTIME)
1858 			inode->i_mtime = attr->ia_mtime;
1859 		if (attr->ia_valid & ATTR_CTIME)
1860 			inode->i_ctime = attr->ia_ctime;
1861 		/* FIXME: clear I_DIRTY_SYNC? */
1862 	}
1863 
1864 	fuse_change_attributes_common(inode, &outarg.attr,
1865 				      attr_timeout(&outarg),
1866 				      fuse_get_cache_mask(inode));
1867 	oldsize = inode->i_size;
1868 	/* see the comment in fuse_change_attributes() */
1869 	if (!is_wb || is_truncate)
1870 		i_size_write(inode, outarg.attr.size);
1871 
1872 	if (is_truncate) {
1873 		/* NOTE: this may release/reacquire fi->lock */
1874 		__fuse_release_nowrite(inode);
1875 	}
1876 	spin_unlock(&fi->lock);
1877 
1878 	/*
1879 	 * Only call invalidate_inode_pages2() after removing
1880 	 * FUSE_NOWRITE, otherwise fuse_launder_folio() would deadlock.
1881 	 */
1882 	if ((is_truncate || !is_wb) &&
1883 	    S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) {
1884 		truncate_pagecache(inode, outarg.attr.size);
1885 		invalidate_inode_pages2(mapping);
1886 	}
1887 
1888 	clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1889 out:
1890 	if (fault_blocked)
1891 		filemap_invalidate_unlock(mapping);
1892 
1893 	return 0;
1894 
1895 error:
1896 	if (is_truncate)
1897 		fuse_release_nowrite(inode);
1898 
1899 	clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1900 
1901 	if (fault_blocked)
1902 		filemap_invalidate_unlock(mapping);
1903 	return err;
1904 }
1905 
1906 static int fuse_setattr(struct mnt_idmap *idmap, struct dentry *entry,
1907 			struct iattr *attr)
1908 {
1909 	struct inode *inode = d_inode(entry);
1910 	struct fuse_conn *fc = get_fuse_conn(inode);
1911 	struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
1912 	int ret;
1913 
1914 	if (fuse_is_bad(inode))
1915 		return -EIO;
1916 
1917 	if (!fuse_allow_current_process(get_fuse_conn(inode)))
1918 		return -EACCES;
1919 
1920 	if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
1921 		attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
1922 				    ATTR_MODE);
1923 
1924 		/*
1925 		 * The only sane way to reliably kill suid/sgid is to do it in
1926 		 * the userspace filesystem
1927 		 *
1928 		 * This should be done on write(), truncate() and chown().
1929 		 */
1930 		if (!fc->handle_killpriv && !fc->handle_killpriv_v2) {
1931 			/*
1932 			 * ia_mode calculation may have used stale i_mode.
1933 			 * Refresh and recalculate.
1934 			 */
1935 			ret = fuse_do_getattr(inode, NULL, file);
1936 			if (ret)
1937 				return ret;
1938 
1939 			attr->ia_mode = inode->i_mode;
1940 			if (inode->i_mode & S_ISUID) {
1941 				attr->ia_valid |= ATTR_MODE;
1942 				attr->ia_mode &= ~S_ISUID;
1943 			}
1944 			if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
1945 				attr->ia_valid |= ATTR_MODE;
1946 				attr->ia_mode &= ~S_ISGID;
1947 			}
1948 		}
1949 	}
1950 	if (!attr->ia_valid)
1951 		return 0;
1952 
1953 	ret = fuse_do_setattr(entry, attr, file);
1954 	if (!ret) {
1955 		/*
1956 		 * If filesystem supports acls it may have updated acl xattrs in
1957 		 * the filesystem, so forget cached acls for the inode.
1958 		 */
1959 		if (fc->posix_acl)
1960 			forget_all_cached_acls(inode);
1961 
1962 		/* Directory mode changed, may need to revalidate access */
1963 		if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
1964 			fuse_invalidate_entry_cache(entry);
1965 	}
1966 	return ret;
1967 }
1968 
1969 static int fuse_getattr(struct mnt_idmap *idmap,
1970 			const struct path *path, struct kstat *stat,
1971 			u32 request_mask, unsigned int flags)
1972 {
1973 	struct inode *inode = d_inode(path->dentry);
1974 	struct fuse_conn *fc = get_fuse_conn(inode);
1975 
1976 	if (fuse_is_bad(inode))
1977 		return -EIO;
1978 
1979 	if (!fuse_allow_current_process(fc)) {
1980 		if (!request_mask) {
1981 			/*
1982 			 * If user explicitly requested *nothing* then don't
1983 			 * error out, but return st_dev only.
1984 			 */
1985 			stat->result_mask = 0;
1986 			stat->dev = inode->i_sb->s_dev;
1987 			return 0;
1988 		}
1989 		return -EACCES;
1990 	}
1991 
1992 	return fuse_update_get_attr(inode, NULL, stat, request_mask, flags);
1993 }
1994 
1995 static const struct inode_operations fuse_dir_inode_operations = {
1996 	.lookup		= fuse_lookup,
1997 	.mkdir		= fuse_mkdir,
1998 	.symlink	= fuse_symlink,
1999 	.unlink		= fuse_unlink,
2000 	.rmdir		= fuse_rmdir,
2001 	.rename		= fuse_rename2,
2002 	.link		= fuse_link,
2003 	.setattr	= fuse_setattr,
2004 	.create		= fuse_create,
2005 	.atomic_open	= fuse_atomic_open,
2006 	.tmpfile	= fuse_tmpfile,
2007 	.mknod		= fuse_mknod,
2008 	.permission	= fuse_permission,
2009 	.getattr	= fuse_getattr,
2010 	.listxattr	= fuse_listxattr,
2011 	.get_inode_acl	= fuse_get_inode_acl,
2012 	.get_acl	= fuse_get_acl,
2013 	.set_acl	= fuse_set_acl,
2014 	.fileattr_get	= fuse_fileattr_get,
2015 	.fileattr_set	= fuse_fileattr_set,
2016 };
2017 
2018 static const struct file_operations fuse_dir_operations = {
2019 	.llseek		= generic_file_llseek,
2020 	.read		= generic_read_dir,
2021 	.iterate_shared	= fuse_readdir,
2022 	.open		= fuse_dir_open,
2023 	.release	= fuse_dir_release,
2024 	.fsync		= fuse_dir_fsync,
2025 	.unlocked_ioctl	= fuse_dir_ioctl,
2026 	.compat_ioctl	= fuse_dir_compat_ioctl,
2027 };
2028 
2029 static const struct inode_operations fuse_common_inode_operations = {
2030 	.setattr	= fuse_setattr,
2031 	.permission	= fuse_permission,
2032 	.getattr	= fuse_getattr,
2033 	.listxattr	= fuse_listxattr,
2034 	.get_inode_acl	= fuse_get_inode_acl,
2035 	.get_acl	= fuse_get_acl,
2036 	.set_acl	= fuse_set_acl,
2037 	.fileattr_get	= fuse_fileattr_get,
2038 	.fileattr_set	= fuse_fileattr_set,
2039 };
2040 
2041 static const struct inode_operations fuse_symlink_inode_operations = {
2042 	.setattr	= fuse_setattr,
2043 	.get_link	= fuse_get_link,
2044 	.getattr	= fuse_getattr,
2045 	.listxattr	= fuse_listxattr,
2046 };
2047 
2048 void fuse_init_common(struct inode *inode)
2049 {
2050 	inode->i_op = &fuse_common_inode_operations;
2051 }
2052 
2053 void fuse_init_dir(struct inode *inode)
2054 {
2055 	struct fuse_inode *fi = get_fuse_inode(inode);
2056 
2057 	inode->i_op = &fuse_dir_inode_operations;
2058 	inode->i_fop = &fuse_dir_operations;
2059 
2060 	spin_lock_init(&fi->rdc.lock);
2061 	fi->rdc.cached = false;
2062 	fi->rdc.size = 0;
2063 	fi->rdc.pos = 0;
2064 	fi->rdc.version = 0;
2065 }
2066 
2067 static int fuse_symlink_read_folio(struct file *null, struct folio *folio)
2068 {
2069 	int err = fuse_readlink_page(folio->mapping->host, &folio->page);
2070 
2071 	if (!err)
2072 		folio_mark_uptodate(folio);
2073 
2074 	folio_unlock(folio);
2075 
2076 	return err;
2077 }
2078 
2079 static const struct address_space_operations fuse_symlink_aops = {
2080 	.read_folio	= fuse_symlink_read_folio,
2081 };
2082 
2083 void fuse_init_symlink(struct inode *inode)
2084 {
2085 	inode->i_op = &fuse_symlink_inode_operations;
2086 	inode->i_data.a_ops = &fuse_symlink_aops;
2087 	inode_nohighmem(inode);
2088 }
2089