xref: /openbmc/linux/fs/fuse/dir.c (revision 59bd9ded)
1 /*
2   FUSE: Filesystem in Userspace
3   Copyright (C) 2001-2008  Miklos Szeredi <miklos@szeredi.hu>
4 
5   This program can be distributed under the terms of the GNU GPL.
6   See the file COPYING.
7 */
8 
9 #include "fuse_i.h"
10 
11 #include <linux/pagemap.h>
12 #include <linux/file.h>
13 #include <linux/sched.h>
14 #include <linux/namei.h>
15 #include <linux/slab.h>
16 #include <linux/xattr.h>
17 #include <linux/iversion.h>
18 #include <linux/posix_acl.h>
19 
20 static void fuse_advise_use_readdirplus(struct inode *dir)
21 {
22 	struct fuse_inode *fi = get_fuse_inode(dir);
23 
24 	set_bit(FUSE_I_ADVISE_RDPLUS, &fi->state);
25 }
26 
27 union fuse_dentry {
28 	u64 time;
29 	struct rcu_head rcu;
30 };
31 
32 static inline void fuse_dentry_settime(struct dentry *entry, u64 time)
33 {
34 	((union fuse_dentry *) entry->d_fsdata)->time = time;
35 }
36 
37 static inline u64 fuse_dentry_time(struct dentry *entry)
38 {
39 	return ((union fuse_dentry *) entry->d_fsdata)->time;
40 }
41 
42 /*
43  * FUSE caches dentries and attributes with separate timeout.  The
44  * time in jiffies until the dentry/attributes are valid is stored in
45  * dentry->d_fsdata and fuse_inode->i_time respectively.
46  */
47 
48 /*
49  * Calculate the time in jiffies until a dentry/attributes are valid
50  */
51 static u64 time_to_jiffies(u64 sec, u32 nsec)
52 {
53 	if (sec || nsec) {
54 		struct timespec64 ts = {
55 			sec,
56 			min_t(u32, nsec, NSEC_PER_SEC - 1)
57 		};
58 
59 		return get_jiffies_64() + timespec64_to_jiffies(&ts);
60 	} else
61 		return 0;
62 }
63 
64 /*
65  * Set dentry and possibly attribute timeouts from the lookup/mk*
66  * replies
67  */
68 void fuse_change_entry_timeout(struct dentry *entry, struct fuse_entry_out *o)
69 {
70 	fuse_dentry_settime(entry,
71 		time_to_jiffies(o->entry_valid, o->entry_valid_nsec));
72 }
73 
74 static u64 attr_timeout(struct fuse_attr_out *o)
75 {
76 	return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
77 }
78 
79 u64 entry_attr_timeout(struct fuse_entry_out *o)
80 {
81 	return time_to_jiffies(o->attr_valid, o->attr_valid_nsec);
82 }
83 
84 static void fuse_invalidate_attr_mask(struct inode *inode, u32 mask)
85 {
86 	set_mask_bits(&get_fuse_inode(inode)->inval_mask, 0, mask);
87 }
88 
89 /*
90  * Mark the attributes as stale, so that at the next call to
91  * ->getattr() they will be fetched from userspace
92  */
93 void fuse_invalidate_attr(struct inode *inode)
94 {
95 	fuse_invalidate_attr_mask(inode, STATX_BASIC_STATS);
96 }
97 
98 static void fuse_dir_changed(struct inode *dir)
99 {
100 	fuse_invalidate_attr(dir);
101 	inode_maybe_inc_iversion(dir, false);
102 }
103 
104 /**
105  * Mark the attributes as stale due to an atime change.  Avoid the invalidate if
106  * atime is not used.
107  */
108 void fuse_invalidate_atime(struct inode *inode)
109 {
110 	if (!IS_RDONLY(inode))
111 		fuse_invalidate_attr_mask(inode, STATX_ATIME);
112 }
113 
114 /*
115  * Just mark the entry as stale, so that a next attempt to look it up
116  * will result in a new lookup call to userspace
117  *
118  * This is called when a dentry is about to become negative and the
119  * timeout is unknown (unlink, rmdir, rename and in some cases
120  * lookup)
121  */
122 void fuse_invalidate_entry_cache(struct dentry *entry)
123 {
124 	fuse_dentry_settime(entry, 0);
125 }
126 
127 /*
128  * Same as fuse_invalidate_entry_cache(), but also try to remove the
129  * dentry from the hash
130  */
131 static void fuse_invalidate_entry(struct dentry *entry)
132 {
133 	d_invalidate(entry);
134 	fuse_invalidate_entry_cache(entry);
135 }
136 
137 static void fuse_lookup_init(struct fuse_conn *fc, struct fuse_args *args,
138 			     u64 nodeid, const struct qstr *name,
139 			     struct fuse_entry_out *outarg)
140 {
141 	memset(outarg, 0, sizeof(struct fuse_entry_out));
142 	args->in.h.opcode = FUSE_LOOKUP;
143 	args->in.h.nodeid = nodeid;
144 	args->in.numargs = 1;
145 	args->in.args[0].size = name->len + 1;
146 	args->in.args[0].value = name->name;
147 	args->out.numargs = 1;
148 	args->out.args[0].size = sizeof(struct fuse_entry_out);
149 	args->out.args[0].value = outarg;
150 }
151 
152 /*
153  * Check whether the dentry is still valid
154  *
155  * If the entry validity timeout has expired and the dentry is
156  * positive, try to redo the lookup.  If the lookup results in a
157  * different inode, then let the VFS invalidate the dentry and redo
158  * the lookup once more.  If the lookup results in the same inode,
159  * then refresh the attributes, timeouts and mark the dentry valid.
160  */
161 static int fuse_dentry_revalidate(struct dentry *entry, unsigned int flags)
162 {
163 	struct inode *inode;
164 	struct dentry *parent;
165 	struct fuse_conn *fc;
166 	struct fuse_inode *fi;
167 	int ret;
168 
169 	inode = d_inode_rcu(entry);
170 	if (inode && is_bad_inode(inode))
171 		goto invalid;
172 	else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||
173 		 (flags & LOOKUP_REVAL)) {
174 		struct fuse_entry_out outarg;
175 		FUSE_ARGS(args);
176 		struct fuse_forget_link *forget;
177 		u64 attr_version;
178 
179 		/* For negative dentries, always do a fresh lookup */
180 		if (!inode)
181 			goto invalid;
182 
183 		ret = -ECHILD;
184 		if (flags & LOOKUP_RCU)
185 			goto out;
186 
187 		fc = get_fuse_conn(inode);
188 
189 		forget = fuse_alloc_forget();
190 		ret = -ENOMEM;
191 		if (!forget)
192 			goto out;
193 
194 		attr_version = fuse_get_attr_version(fc);
195 
196 		parent = dget_parent(entry);
197 		fuse_lookup_init(fc, &args, get_node_id(d_inode(parent)),
198 				 &entry->d_name, &outarg);
199 		ret = fuse_simple_request(fc, &args);
200 		dput(parent);
201 		/* Zero nodeid is same as -ENOENT */
202 		if (!ret && !outarg.nodeid)
203 			ret = -ENOENT;
204 		if (!ret) {
205 			fi = get_fuse_inode(inode);
206 			if (outarg.nodeid != get_node_id(inode)) {
207 				fuse_queue_forget(fc, forget, outarg.nodeid, 1);
208 				goto invalid;
209 			}
210 			spin_lock(&fi->lock);
211 			fi->nlookup++;
212 			spin_unlock(&fi->lock);
213 		}
214 		kfree(forget);
215 		if (ret == -ENOMEM)
216 			goto out;
217 		if (ret || (outarg.attr.mode ^ inode->i_mode) & S_IFMT)
218 			goto invalid;
219 
220 		forget_all_cached_acls(inode);
221 		fuse_change_attributes(inode, &outarg.attr,
222 				       entry_attr_timeout(&outarg),
223 				       attr_version);
224 		fuse_change_entry_timeout(entry, &outarg);
225 	} else if (inode) {
226 		fi = get_fuse_inode(inode);
227 		if (flags & LOOKUP_RCU) {
228 			if (test_bit(FUSE_I_INIT_RDPLUS, &fi->state))
229 				return -ECHILD;
230 		} else if (test_and_clear_bit(FUSE_I_INIT_RDPLUS, &fi->state)) {
231 			parent = dget_parent(entry);
232 			fuse_advise_use_readdirplus(d_inode(parent));
233 			dput(parent);
234 		}
235 	}
236 	ret = 1;
237 out:
238 	return ret;
239 
240 invalid:
241 	ret = 0;
242 	goto out;
243 }
244 
245 static int fuse_dentry_init(struct dentry *dentry)
246 {
247 	dentry->d_fsdata = kzalloc(sizeof(union fuse_dentry), GFP_KERNEL);
248 
249 	return dentry->d_fsdata ? 0 : -ENOMEM;
250 }
251 static void fuse_dentry_release(struct dentry *dentry)
252 {
253 	union fuse_dentry *fd = dentry->d_fsdata;
254 
255 	kfree_rcu(fd, rcu);
256 }
257 
258 const struct dentry_operations fuse_dentry_operations = {
259 	.d_revalidate	= fuse_dentry_revalidate,
260 	.d_init		= fuse_dentry_init,
261 	.d_release	= fuse_dentry_release,
262 };
263 
264 const struct dentry_operations fuse_root_dentry_operations = {
265 	.d_init		= fuse_dentry_init,
266 	.d_release	= fuse_dentry_release,
267 };
268 
269 int fuse_valid_type(int m)
270 {
271 	return S_ISREG(m) || S_ISDIR(m) || S_ISLNK(m) || S_ISCHR(m) ||
272 		S_ISBLK(m) || S_ISFIFO(m) || S_ISSOCK(m);
273 }
274 
275 int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name,
276 		     struct fuse_entry_out *outarg, struct inode **inode)
277 {
278 	struct fuse_conn *fc = get_fuse_conn_super(sb);
279 	FUSE_ARGS(args);
280 	struct fuse_forget_link *forget;
281 	u64 attr_version;
282 	int err;
283 
284 	*inode = NULL;
285 	err = -ENAMETOOLONG;
286 	if (name->len > FUSE_NAME_MAX)
287 		goto out;
288 
289 
290 	forget = fuse_alloc_forget();
291 	err = -ENOMEM;
292 	if (!forget)
293 		goto out;
294 
295 	attr_version = fuse_get_attr_version(fc);
296 
297 	fuse_lookup_init(fc, &args, nodeid, name, outarg);
298 	err = fuse_simple_request(fc, &args);
299 	/* Zero nodeid is same as -ENOENT, but with valid timeout */
300 	if (err || !outarg->nodeid)
301 		goto out_put_forget;
302 
303 	err = -EIO;
304 	if (!outarg->nodeid)
305 		goto out_put_forget;
306 	if (!fuse_valid_type(outarg->attr.mode))
307 		goto out_put_forget;
308 
309 	*inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
310 			   &outarg->attr, entry_attr_timeout(outarg),
311 			   attr_version);
312 	err = -ENOMEM;
313 	if (!*inode) {
314 		fuse_queue_forget(fc, forget, outarg->nodeid, 1);
315 		goto out;
316 	}
317 	err = 0;
318 
319  out_put_forget:
320 	kfree(forget);
321  out:
322 	return err;
323 }
324 
325 static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry,
326 				  unsigned int flags)
327 {
328 	int err;
329 	struct fuse_entry_out outarg;
330 	struct inode *inode;
331 	struct dentry *newent;
332 	bool outarg_valid = true;
333 	bool locked;
334 
335 	locked = fuse_lock_inode(dir);
336 	err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name,
337 			       &outarg, &inode);
338 	fuse_unlock_inode(dir, locked);
339 	if (err == -ENOENT) {
340 		outarg_valid = false;
341 		err = 0;
342 	}
343 	if (err)
344 		goto out_err;
345 
346 	err = -EIO;
347 	if (inode && get_node_id(inode) == FUSE_ROOT_ID)
348 		goto out_iput;
349 
350 	newent = d_splice_alias(inode, entry);
351 	err = PTR_ERR(newent);
352 	if (IS_ERR(newent))
353 		goto out_err;
354 
355 	entry = newent ? newent : entry;
356 	if (outarg_valid)
357 		fuse_change_entry_timeout(entry, &outarg);
358 	else
359 		fuse_invalidate_entry_cache(entry);
360 
361 	fuse_advise_use_readdirplus(dir);
362 	return newent;
363 
364  out_iput:
365 	iput(inode);
366  out_err:
367 	return ERR_PTR(err);
368 }
369 
370 /*
371  * Atomic create+open operation
372  *
373  * If the filesystem doesn't support this, then fall back to separate
374  * 'mknod' + 'open' requests.
375  */
376 static int fuse_create_open(struct inode *dir, struct dentry *entry,
377 			    struct file *file, unsigned flags,
378 			    umode_t mode)
379 {
380 	int err;
381 	struct inode *inode;
382 	struct fuse_conn *fc = get_fuse_conn(dir);
383 	FUSE_ARGS(args);
384 	struct fuse_forget_link *forget;
385 	struct fuse_create_in inarg;
386 	struct fuse_open_out outopen;
387 	struct fuse_entry_out outentry;
388 	struct fuse_inode *fi;
389 	struct fuse_file *ff;
390 
391 	/* Userspace expects S_IFREG in create mode */
392 	BUG_ON((mode & S_IFMT) != S_IFREG);
393 
394 	forget = fuse_alloc_forget();
395 	err = -ENOMEM;
396 	if (!forget)
397 		goto out_err;
398 
399 	err = -ENOMEM;
400 	ff = fuse_file_alloc(fc);
401 	if (!ff)
402 		goto out_put_forget_req;
403 
404 	if (!fc->dont_mask)
405 		mode &= ~current_umask();
406 
407 	flags &= ~O_NOCTTY;
408 	memset(&inarg, 0, sizeof(inarg));
409 	memset(&outentry, 0, sizeof(outentry));
410 	inarg.flags = flags;
411 	inarg.mode = mode;
412 	inarg.umask = current_umask();
413 	args.in.h.opcode = FUSE_CREATE;
414 	args.in.h.nodeid = get_node_id(dir);
415 	args.in.numargs = 2;
416 	args.in.args[0].size = sizeof(inarg);
417 	args.in.args[0].value = &inarg;
418 	args.in.args[1].size = entry->d_name.len + 1;
419 	args.in.args[1].value = entry->d_name.name;
420 	args.out.numargs = 2;
421 	args.out.args[0].size = sizeof(outentry);
422 	args.out.args[0].value = &outentry;
423 	args.out.args[1].size = sizeof(outopen);
424 	args.out.args[1].value = &outopen;
425 	err = fuse_simple_request(fc, &args);
426 	if (err)
427 		goto out_free_ff;
428 
429 	err = -EIO;
430 	if (!S_ISREG(outentry.attr.mode) || invalid_nodeid(outentry.nodeid))
431 		goto out_free_ff;
432 
433 	ff->fh = outopen.fh;
434 	ff->nodeid = outentry.nodeid;
435 	ff->open_flags = outopen.open_flags;
436 	inode = fuse_iget(dir->i_sb, outentry.nodeid, outentry.generation,
437 			  &outentry.attr, entry_attr_timeout(&outentry), 0);
438 	if (!inode) {
439 		flags &= ~(O_CREAT | O_EXCL | O_TRUNC);
440 		fuse_sync_release(NULL, ff, flags);
441 		fuse_queue_forget(fc, forget, outentry.nodeid, 1);
442 		err = -ENOMEM;
443 		goto out_err;
444 	}
445 	kfree(forget);
446 	d_instantiate(entry, inode);
447 	fuse_change_entry_timeout(entry, &outentry);
448 	fuse_dir_changed(dir);
449 	err = finish_open(file, entry, generic_file_open);
450 	if (err) {
451 		fi = get_fuse_inode(inode);
452 		fuse_sync_release(fi, ff, flags);
453 	} else {
454 		file->private_data = ff;
455 		fuse_finish_open(inode, file);
456 	}
457 	return err;
458 
459 out_free_ff:
460 	fuse_file_free(ff);
461 out_put_forget_req:
462 	kfree(forget);
463 out_err:
464 	return err;
465 }
466 
467 static int fuse_mknod(struct inode *, struct dentry *, umode_t, dev_t);
468 static int fuse_atomic_open(struct inode *dir, struct dentry *entry,
469 			    struct file *file, unsigned flags,
470 			    umode_t mode)
471 {
472 	int err;
473 	struct fuse_conn *fc = get_fuse_conn(dir);
474 	struct dentry *res = NULL;
475 
476 	if (d_in_lookup(entry)) {
477 		res = fuse_lookup(dir, entry, 0);
478 		if (IS_ERR(res))
479 			return PTR_ERR(res);
480 
481 		if (res)
482 			entry = res;
483 	}
484 
485 	if (!(flags & O_CREAT) || d_really_is_positive(entry))
486 		goto no_open;
487 
488 	/* Only creates */
489 	file->f_mode |= FMODE_CREATED;
490 
491 	if (fc->no_create)
492 		goto mknod;
493 
494 	err = fuse_create_open(dir, entry, file, flags, mode);
495 	if (err == -ENOSYS) {
496 		fc->no_create = 1;
497 		goto mknod;
498 	}
499 out_dput:
500 	dput(res);
501 	return err;
502 
503 mknod:
504 	err = fuse_mknod(dir, entry, mode, 0);
505 	if (err)
506 		goto out_dput;
507 no_open:
508 	return finish_no_open(file, res);
509 }
510 
511 /*
512  * Code shared between mknod, mkdir, symlink and link
513  */
514 static int create_new_entry(struct fuse_conn *fc, struct fuse_args *args,
515 			    struct inode *dir, struct dentry *entry,
516 			    umode_t mode)
517 {
518 	struct fuse_entry_out outarg;
519 	struct inode *inode;
520 	struct dentry *d;
521 	int err;
522 	struct fuse_forget_link *forget;
523 
524 	forget = fuse_alloc_forget();
525 	if (!forget)
526 		return -ENOMEM;
527 
528 	memset(&outarg, 0, sizeof(outarg));
529 	args->in.h.nodeid = get_node_id(dir);
530 	args->out.numargs = 1;
531 	args->out.args[0].size = sizeof(outarg);
532 	args->out.args[0].value = &outarg;
533 	err = fuse_simple_request(fc, args);
534 	if (err)
535 		goto out_put_forget_req;
536 
537 	err = -EIO;
538 	if (invalid_nodeid(outarg.nodeid))
539 		goto out_put_forget_req;
540 
541 	if ((outarg.attr.mode ^ mode) & S_IFMT)
542 		goto out_put_forget_req;
543 
544 	inode = fuse_iget(dir->i_sb, outarg.nodeid, outarg.generation,
545 			  &outarg.attr, entry_attr_timeout(&outarg), 0);
546 	if (!inode) {
547 		fuse_queue_forget(fc, forget, outarg.nodeid, 1);
548 		return -ENOMEM;
549 	}
550 	kfree(forget);
551 
552 	d_drop(entry);
553 	d = d_splice_alias(inode, entry);
554 	if (IS_ERR(d))
555 		return PTR_ERR(d);
556 
557 	if (d) {
558 		fuse_change_entry_timeout(d, &outarg);
559 		dput(d);
560 	} else {
561 		fuse_change_entry_timeout(entry, &outarg);
562 	}
563 	fuse_dir_changed(dir);
564 	return 0;
565 
566  out_put_forget_req:
567 	kfree(forget);
568 	return err;
569 }
570 
571 static int fuse_mknod(struct inode *dir, struct dentry *entry, umode_t mode,
572 		      dev_t rdev)
573 {
574 	struct fuse_mknod_in inarg;
575 	struct fuse_conn *fc = get_fuse_conn(dir);
576 	FUSE_ARGS(args);
577 
578 	if (!fc->dont_mask)
579 		mode &= ~current_umask();
580 
581 	memset(&inarg, 0, sizeof(inarg));
582 	inarg.mode = mode;
583 	inarg.rdev = new_encode_dev(rdev);
584 	inarg.umask = current_umask();
585 	args.in.h.opcode = FUSE_MKNOD;
586 	args.in.numargs = 2;
587 	args.in.args[0].size = sizeof(inarg);
588 	args.in.args[0].value = &inarg;
589 	args.in.args[1].size = entry->d_name.len + 1;
590 	args.in.args[1].value = entry->d_name.name;
591 	return create_new_entry(fc, &args, dir, entry, mode);
592 }
593 
594 static int fuse_create(struct inode *dir, struct dentry *entry, umode_t mode,
595 		       bool excl)
596 {
597 	return fuse_mknod(dir, entry, mode, 0);
598 }
599 
600 static int fuse_mkdir(struct inode *dir, struct dentry *entry, umode_t mode)
601 {
602 	struct fuse_mkdir_in inarg;
603 	struct fuse_conn *fc = get_fuse_conn(dir);
604 	FUSE_ARGS(args);
605 
606 	if (!fc->dont_mask)
607 		mode &= ~current_umask();
608 
609 	memset(&inarg, 0, sizeof(inarg));
610 	inarg.mode = mode;
611 	inarg.umask = current_umask();
612 	args.in.h.opcode = FUSE_MKDIR;
613 	args.in.numargs = 2;
614 	args.in.args[0].size = sizeof(inarg);
615 	args.in.args[0].value = &inarg;
616 	args.in.args[1].size = entry->d_name.len + 1;
617 	args.in.args[1].value = entry->d_name.name;
618 	return create_new_entry(fc, &args, dir, entry, S_IFDIR);
619 }
620 
621 static int fuse_symlink(struct inode *dir, struct dentry *entry,
622 			const char *link)
623 {
624 	struct fuse_conn *fc = get_fuse_conn(dir);
625 	unsigned len = strlen(link) + 1;
626 	FUSE_ARGS(args);
627 
628 	args.in.h.opcode = FUSE_SYMLINK;
629 	args.in.numargs = 2;
630 	args.in.args[0].size = entry->d_name.len + 1;
631 	args.in.args[0].value = entry->d_name.name;
632 	args.in.args[1].size = len;
633 	args.in.args[1].value = link;
634 	return create_new_entry(fc, &args, dir, entry, S_IFLNK);
635 }
636 
637 void fuse_update_ctime(struct inode *inode)
638 {
639 	if (!IS_NOCMTIME(inode)) {
640 		inode->i_ctime = current_time(inode);
641 		mark_inode_dirty_sync(inode);
642 	}
643 }
644 
645 static int fuse_unlink(struct inode *dir, struct dentry *entry)
646 {
647 	int err;
648 	struct fuse_conn *fc = get_fuse_conn(dir);
649 	FUSE_ARGS(args);
650 
651 	args.in.h.opcode = FUSE_UNLINK;
652 	args.in.h.nodeid = get_node_id(dir);
653 	args.in.numargs = 1;
654 	args.in.args[0].size = entry->d_name.len + 1;
655 	args.in.args[0].value = entry->d_name.name;
656 	err = fuse_simple_request(fc, &args);
657 	if (!err) {
658 		struct inode *inode = d_inode(entry);
659 		struct fuse_inode *fi = get_fuse_inode(inode);
660 
661 		spin_lock(&fi->lock);
662 		fi->attr_version = atomic64_inc_return(&fc->attr_version);
663 		/*
664 		 * If i_nlink == 0 then unlink doesn't make sense, yet this can
665 		 * happen if userspace filesystem is careless.  It would be
666 		 * difficult to enforce correct nlink usage so just ignore this
667 		 * condition here
668 		 */
669 		if (inode->i_nlink > 0)
670 			drop_nlink(inode);
671 		spin_unlock(&fi->lock);
672 		fuse_invalidate_attr(inode);
673 		fuse_dir_changed(dir);
674 		fuse_invalidate_entry_cache(entry);
675 		fuse_update_ctime(inode);
676 	} else if (err == -EINTR)
677 		fuse_invalidate_entry(entry);
678 	return err;
679 }
680 
681 static int fuse_rmdir(struct inode *dir, struct dentry *entry)
682 {
683 	int err;
684 	struct fuse_conn *fc = get_fuse_conn(dir);
685 	FUSE_ARGS(args);
686 
687 	args.in.h.opcode = FUSE_RMDIR;
688 	args.in.h.nodeid = get_node_id(dir);
689 	args.in.numargs = 1;
690 	args.in.args[0].size = entry->d_name.len + 1;
691 	args.in.args[0].value = entry->d_name.name;
692 	err = fuse_simple_request(fc, &args);
693 	if (!err) {
694 		clear_nlink(d_inode(entry));
695 		fuse_dir_changed(dir);
696 		fuse_invalidate_entry_cache(entry);
697 	} else if (err == -EINTR)
698 		fuse_invalidate_entry(entry);
699 	return err;
700 }
701 
702 static int fuse_rename_common(struct inode *olddir, struct dentry *oldent,
703 			      struct inode *newdir, struct dentry *newent,
704 			      unsigned int flags, int opcode, size_t argsize)
705 {
706 	int err;
707 	struct fuse_rename2_in inarg;
708 	struct fuse_conn *fc = get_fuse_conn(olddir);
709 	FUSE_ARGS(args);
710 
711 	memset(&inarg, 0, argsize);
712 	inarg.newdir = get_node_id(newdir);
713 	inarg.flags = flags;
714 	args.in.h.opcode = opcode;
715 	args.in.h.nodeid = get_node_id(olddir);
716 	args.in.numargs = 3;
717 	args.in.args[0].size = argsize;
718 	args.in.args[0].value = &inarg;
719 	args.in.args[1].size = oldent->d_name.len + 1;
720 	args.in.args[1].value = oldent->d_name.name;
721 	args.in.args[2].size = newent->d_name.len + 1;
722 	args.in.args[2].value = newent->d_name.name;
723 	err = fuse_simple_request(fc, &args);
724 	if (!err) {
725 		/* ctime changes */
726 		fuse_invalidate_attr(d_inode(oldent));
727 		fuse_update_ctime(d_inode(oldent));
728 
729 		if (flags & RENAME_EXCHANGE) {
730 			fuse_invalidate_attr(d_inode(newent));
731 			fuse_update_ctime(d_inode(newent));
732 		}
733 
734 		fuse_dir_changed(olddir);
735 		if (olddir != newdir)
736 			fuse_dir_changed(newdir);
737 
738 		/* newent will end up negative */
739 		if (!(flags & RENAME_EXCHANGE) && d_really_is_positive(newent)) {
740 			fuse_invalidate_attr(d_inode(newent));
741 			fuse_invalidate_entry_cache(newent);
742 			fuse_update_ctime(d_inode(newent));
743 		}
744 	} else if (err == -EINTR) {
745 		/* If request was interrupted, DEITY only knows if the
746 		   rename actually took place.  If the invalidation
747 		   fails (e.g. some process has CWD under the renamed
748 		   directory), then there can be inconsistency between
749 		   the dcache and the real filesystem.  Tough luck. */
750 		fuse_invalidate_entry(oldent);
751 		if (d_really_is_positive(newent))
752 			fuse_invalidate_entry(newent);
753 	}
754 
755 	return err;
756 }
757 
758 static int fuse_rename2(struct inode *olddir, struct dentry *oldent,
759 			struct inode *newdir, struct dentry *newent,
760 			unsigned int flags)
761 {
762 	struct fuse_conn *fc = get_fuse_conn(olddir);
763 	int err;
764 
765 	if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE))
766 		return -EINVAL;
767 
768 	if (flags) {
769 		if (fc->no_rename2 || fc->minor < 23)
770 			return -EINVAL;
771 
772 		err = fuse_rename_common(olddir, oldent, newdir, newent, flags,
773 					 FUSE_RENAME2,
774 					 sizeof(struct fuse_rename2_in));
775 		if (err == -ENOSYS) {
776 			fc->no_rename2 = 1;
777 			err = -EINVAL;
778 		}
779 	} else {
780 		err = fuse_rename_common(olddir, oldent, newdir, newent, 0,
781 					 FUSE_RENAME,
782 					 sizeof(struct fuse_rename_in));
783 	}
784 
785 	return err;
786 }
787 
788 static int fuse_link(struct dentry *entry, struct inode *newdir,
789 		     struct dentry *newent)
790 {
791 	int err;
792 	struct fuse_link_in inarg;
793 	struct inode *inode = d_inode(entry);
794 	struct fuse_conn *fc = get_fuse_conn(inode);
795 	FUSE_ARGS(args);
796 
797 	memset(&inarg, 0, sizeof(inarg));
798 	inarg.oldnodeid = get_node_id(inode);
799 	args.in.h.opcode = FUSE_LINK;
800 	args.in.numargs = 2;
801 	args.in.args[0].size = sizeof(inarg);
802 	args.in.args[0].value = &inarg;
803 	args.in.args[1].size = newent->d_name.len + 1;
804 	args.in.args[1].value = newent->d_name.name;
805 	err = create_new_entry(fc, &args, newdir, newent, inode->i_mode);
806 	/* Contrary to "normal" filesystems it can happen that link
807 	   makes two "logical" inodes point to the same "physical"
808 	   inode.  We invalidate the attributes of the old one, so it
809 	   will reflect changes in the backing inode (link count,
810 	   etc.)
811 	*/
812 	if (!err) {
813 		struct fuse_inode *fi = get_fuse_inode(inode);
814 
815 		spin_lock(&fi->lock);
816 		fi->attr_version = atomic64_inc_return(&fc->attr_version);
817 		inc_nlink(inode);
818 		spin_unlock(&fi->lock);
819 		fuse_invalidate_attr(inode);
820 		fuse_update_ctime(inode);
821 	} else if (err == -EINTR) {
822 		fuse_invalidate_attr(inode);
823 	}
824 	return err;
825 }
826 
827 static void fuse_fillattr(struct inode *inode, struct fuse_attr *attr,
828 			  struct kstat *stat)
829 {
830 	unsigned int blkbits;
831 	struct fuse_conn *fc = get_fuse_conn(inode);
832 
833 	/* see the comment in fuse_change_attributes() */
834 	if (fc->writeback_cache && S_ISREG(inode->i_mode)) {
835 		attr->size = i_size_read(inode);
836 		attr->mtime = inode->i_mtime.tv_sec;
837 		attr->mtimensec = inode->i_mtime.tv_nsec;
838 		attr->ctime = inode->i_ctime.tv_sec;
839 		attr->ctimensec = inode->i_ctime.tv_nsec;
840 	}
841 
842 	stat->dev = inode->i_sb->s_dev;
843 	stat->ino = attr->ino;
844 	stat->mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777);
845 	stat->nlink = attr->nlink;
846 	stat->uid = make_kuid(fc->user_ns, attr->uid);
847 	stat->gid = make_kgid(fc->user_ns, attr->gid);
848 	stat->rdev = inode->i_rdev;
849 	stat->atime.tv_sec = attr->atime;
850 	stat->atime.tv_nsec = attr->atimensec;
851 	stat->mtime.tv_sec = attr->mtime;
852 	stat->mtime.tv_nsec = attr->mtimensec;
853 	stat->ctime.tv_sec = attr->ctime;
854 	stat->ctime.tv_nsec = attr->ctimensec;
855 	stat->size = attr->size;
856 	stat->blocks = attr->blocks;
857 
858 	if (attr->blksize != 0)
859 		blkbits = ilog2(attr->blksize);
860 	else
861 		blkbits = inode->i_sb->s_blocksize_bits;
862 
863 	stat->blksize = 1 << blkbits;
864 }
865 
866 static int fuse_do_getattr(struct inode *inode, struct kstat *stat,
867 			   struct file *file)
868 {
869 	int err;
870 	struct fuse_getattr_in inarg;
871 	struct fuse_attr_out outarg;
872 	struct fuse_conn *fc = get_fuse_conn(inode);
873 	FUSE_ARGS(args);
874 	u64 attr_version;
875 
876 	attr_version = fuse_get_attr_version(fc);
877 
878 	memset(&inarg, 0, sizeof(inarg));
879 	memset(&outarg, 0, sizeof(outarg));
880 	/* Directories have separate file-handle space */
881 	if (file && S_ISREG(inode->i_mode)) {
882 		struct fuse_file *ff = file->private_data;
883 
884 		inarg.getattr_flags |= FUSE_GETATTR_FH;
885 		inarg.fh = ff->fh;
886 	}
887 	args.in.h.opcode = FUSE_GETATTR;
888 	args.in.h.nodeid = get_node_id(inode);
889 	args.in.numargs = 1;
890 	args.in.args[0].size = sizeof(inarg);
891 	args.in.args[0].value = &inarg;
892 	args.out.numargs = 1;
893 	args.out.args[0].size = sizeof(outarg);
894 	args.out.args[0].value = &outarg;
895 	err = fuse_simple_request(fc, &args);
896 	if (!err) {
897 		if ((inode->i_mode ^ outarg.attr.mode) & S_IFMT) {
898 			make_bad_inode(inode);
899 			err = -EIO;
900 		} else {
901 			fuse_change_attributes(inode, &outarg.attr,
902 					       attr_timeout(&outarg),
903 					       attr_version);
904 			if (stat)
905 				fuse_fillattr(inode, &outarg.attr, stat);
906 		}
907 	}
908 	return err;
909 }
910 
911 static int fuse_update_get_attr(struct inode *inode, struct file *file,
912 				struct kstat *stat, u32 request_mask,
913 				unsigned int flags)
914 {
915 	struct fuse_inode *fi = get_fuse_inode(inode);
916 	int err = 0;
917 	bool sync;
918 
919 	if (flags & AT_STATX_FORCE_SYNC)
920 		sync = true;
921 	else if (flags & AT_STATX_DONT_SYNC)
922 		sync = false;
923 	else if (request_mask & READ_ONCE(fi->inval_mask))
924 		sync = true;
925 	else
926 		sync = time_before64(fi->i_time, get_jiffies_64());
927 
928 	if (sync) {
929 		forget_all_cached_acls(inode);
930 		err = fuse_do_getattr(inode, stat, file);
931 	} else if (stat) {
932 		generic_fillattr(inode, stat);
933 		stat->mode = fi->orig_i_mode;
934 		stat->ino = fi->orig_ino;
935 	}
936 
937 	return err;
938 }
939 
940 int fuse_update_attributes(struct inode *inode, struct file *file)
941 {
942 	/* Do *not* need to get atime for internal purposes */
943 	return fuse_update_get_attr(inode, file, NULL,
944 				    STATX_BASIC_STATS & ~STATX_ATIME, 0);
945 }
946 
947 int fuse_reverse_inval_entry(struct super_block *sb, u64 parent_nodeid,
948 			     u64 child_nodeid, struct qstr *name)
949 {
950 	int err = -ENOTDIR;
951 	struct inode *parent;
952 	struct dentry *dir;
953 	struct dentry *entry;
954 
955 	parent = ilookup5(sb, parent_nodeid, fuse_inode_eq, &parent_nodeid);
956 	if (!parent)
957 		return -ENOENT;
958 
959 	inode_lock(parent);
960 	if (!S_ISDIR(parent->i_mode))
961 		goto unlock;
962 
963 	err = -ENOENT;
964 	dir = d_find_alias(parent);
965 	if (!dir)
966 		goto unlock;
967 
968 	name->hash = full_name_hash(dir, name->name, name->len);
969 	entry = d_lookup(dir, name);
970 	dput(dir);
971 	if (!entry)
972 		goto unlock;
973 
974 	fuse_dir_changed(parent);
975 	fuse_invalidate_entry(entry);
976 
977 	if (child_nodeid != 0 && d_really_is_positive(entry)) {
978 		inode_lock(d_inode(entry));
979 		if (get_node_id(d_inode(entry)) != child_nodeid) {
980 			err = -ENOENT;
981 			goto badentry;
982 		}
983 		if (d_mountpoint(entry)) {
984 			err = -EBUSY;
985 			goto badentry;
986 		}
987 		if (d_is_dir(entry)) {
988 			shrink_dcache_parent(entry);
989 			if (!simple_empty(entry)) {
990 				err = -ENOTEMPTY;
991 				goto badentry;
992 			}
993 			d_inode(entry)->i_flags |= S_DEAD;
994 		}
995 		dont_mount(entry);
996 		clear_nlink(d_inode(entry));
997 		err = 0;
998  badentry:
999 		inode_unlock(d_inode(entry));
1000 		if (!err)
1001 			d_delete(entry);
1002 	} else {
1003 		err = 0;
1004 	}
1005 	dput(entry);
1006 
1007  unlock:
1008 	inode_unlock(parent);
1009 	iput(parent);
1010 	return err;
1011 }
1012 
1013 /*
1014  * Calling into a user-controlled filesystem gives the filesystem
1015  * daemon ptrace-like capabilities over the current process.  This
1016  * means, that the filesystem daemon is able to record the exact
1017  * filesystem operations performed, and can also control the behavior
1018  * of the requester process in otherwise impossible ways.  For example
1019  * it can delay the operation for arbitrary length of time allowing
1020  * DoS against the requester.
1021  *
1022  * For this reason only those processes can call into the filesystem,
1023  * for which the owner of the mount has ptrace privilege.  This
1024  * excludes processes started by other users, suid or sgid processes.
1025  */
1026 int fuse_allow_current_process(struct fuse_conn *fc)
1027 {
1028 	const struct cred *cred;
1029 
1030 	if (fc->allow_other)
1031 		return current_in_userns(fc->user_ns);
1032 
1033 	cred = current_cred();
1034 	if (uid_eq(cred->euid, fc->user_id) &&
1035 	    uid_eq(cred->suid, fc->user_id) &&
1036 	    uid_eq(cred->uid,  fc->user_id) &&
1037 	    gid_eq(cred->egid, fc->group_id) &&
1038 	    gid_eq(cred->sgid, fc->group_id) &&
1039 	    gid_eq(cred->gid,  fc->group_id))
1040 		return 1;
1041 
1042 	return 0;
1043 }
1044 
1045 static int fuse_access(struct inode *inode, int mask)
1046 {
1047 	struct fuse_conn *fc = get_fuse_conn(inode);
1048 	FUSE_ARGS(args);
1049 	struct fuse_access_in inarg;
1050 	int err;
1051 
1052 	BUG_ON(mask & MAY_NOT_BLOCK);
1053 
1054 	if (fc->no_access)
1055 		return 0;
1056 
1057 	memset(&inarg, 0, sizeof(inarg));
1058 	inarg.mask = mask & (MAY_READ | MAY_WRITE | MAY_EXEC);
1059 	args.in.h.opcode = FUSE_ACCESS;
1060 	args.in.h.nodeid = get_node_id(inode);
1061 	args.in.numargs = 1;
1062 	args.in.args[0].size = sizeof(inarg);
1063 	args.in.args[0].value = &inarg;
1064 	err = fuse_simple_request(fc, &args);
1065 	if (err == -ENOSYS) {
1066 		fc->no_access = 1;
1067 		err = 0;
1068 	}
1069 	return err;
1070 }
1071 
1072 static int fuse_perm_getattr(struct inode *inode, int mask)
1073 {
1074 	if (mask & MAY_NOT_BLOCK)
1075 		return -ECHILD;
1076 
1077 	forget_all_cached_acls(inode);
1078 	return fuse_do_getattr(inode, NULL, NULL);
1079 }
1080 
1081 /*
1082  * Check permission.  The two basic access models of FUSE are:
1083  *
1084  * 1) Local access checking ('default_permissions' mount option) based
1085  * on file mode.  This is the plain old disk filesystem permission
1086  * modell.
1087  *
1088  * 2) "Remote" access checking, where server is responsible for
1089  * checking permission in each inode operation.  An exception to this
1090  * is if ->permission() was invoked from sys_access() in which case an
1091  * access request is sent.  Execute permission is still checked
1092  * locally based on file mode.
1093  */
1094 static int fuse_permission(struct inode *inode, int mask)
1095 {
1096 	struct fuse_conn *fc = get_fuse_conn(inode);
1097 	bool refreshed = false;
1098 	int err = 0;
1099 
1100 	if (!fuse_allow_current_process(fc))
1101 		return -EACCES;
1102 
1103 	/*
1104 	 * If attributes are needed, refresh them before proceeding
1105 	 */
1106 	if (fc->default_permissions ||
1107 	    ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
1108 		struct fuse_inode *fi = get_fuse_inode(inode);
1109 		u32 perm_mask = STATX_MODE | STATX_UID | STATX_GID;
1110 
1111 		if (perm_mask & READ_ONCE(fi->inval_mask) ||
1112 		    time_before64(fi->i_time, get_jiffies_64())) {
1113 			refreshed = true;
1114 
1115 			err = fuse_perm_getattr(inode, mask);
1116 			if (err)
1117 				return err;
1118 		}
1119 	}
1120 
1121 	if (fc->default_permissions) {
1122 		err = generic_permission(inode, mask);
1123 
1124 		/* If permission is denied, try to refresh file
1125 		   attributes.  This is also needed, because the root
1126 		   node will at first have no permissions */
1127 		if (err == -EACCES && !refreshed) {
1128 			err = fuse_perm_getattr(inode, mask);
1129 			if (!err)
1130 				err = generic_permission(inode, mask);
1131 		}
1132 
1133 		/* Note: the opposite of the above test does not
1134 		   exist.  So if permissions are revoked this won't be
1135 		   noticed immediately, only after the attribute
1136 		   timeout has expired */
1137 	} else if (mask & (MAY_ACCESS | MAY_CHDIR)) {
1138 		err = fuse_access(inode, mask);
1139 	} else if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode)) {
1140 		if (!(inode->i_mode & S_IXUGO)) {
1141 			if (refreshed)
1142 				return -EACCES;
1143 
1144 			err = fuse_perm_getattr(inode, mask);
1145 			if (!err && !(inode->i_mode & S_IXUGO))
1146 				return -EACCES;
1147 		}
1148 	}
1149 	return err;
1150 }
1151 
1152 static int fuse_readlink_page(struct inode *inode, struct page *page)
1153 {
1154 	struct fuse_conn *fc = get_fuse_conn(inode);
1155 	struct fuse_req *req;
1156 	int err;
1157 
1158 	req = fuse_get_req(fc, 1);
1159 	if (IS_ERR(req))
1160 		return PTR_ERR(req);
1161 
1162 	req->out.page_zeroing = 1;
1163 	req->out.argpages = 1;
1164 	req->num_pages = 1;
1165 	req->pages[0] = page;
1166 	req->page_descs[0].length = PAGE_SIZE - 1;
1167 	req->in.h.opcode = FUSE_READLINK;
1168 	req->in.h.nodeid = get_node_id(inode);
1169 	req->out.argvar = 1;
1170 	req->out.numargs = 1;
1171 	req->out.args[0].size = PAGE_SIZE - 1;
1172 	fuse_request_send(fc, req);
1173 	err = req->out.h.error;
1174 
1175 	if (!err) {
1176 		char *link = page_address(page);
1177 		size_t len = req->out.args[0].size;
1178 
1179 		BUG_ON(len >= PAGE_SIZE);
1180 		link[len] = '\0';
1181 	}
1182 
1183 	fuse_put_request(fc, req);
1184 	fuse_invalidate_atime(inode);
1185 
1186 	return err;
1187 }
1188 
1189 static const char *fuse_get_link(struct dentry *dentry, struct inode *inode,
1190 				 struct delayed_call *callback)
1191 {
1192 	struct fuse_conn *fc = get_fuse_conn(inode);
1193 	struct page *page;
1194 	int err;
1195 
1196 	err = -EIO;
1197 	if (is_bad_inode(inode))
1198 		goto out_err;
1199 
1200 	if (fc->cache_symlinks)
1201 		return page_get_link(dentry, inode, callback);
1202 
1203 	err = -ECHILD;
1204 	if (!dentry)
1205 		goto out_err;
1206 
1207 	page = alloc_page(GFP_KERNEL);
1208 	err = -ENOMEM;
1209 	if (!page)
1210 		goto out_err;
1211 
1212 	err = fuse_readlink_page(inode, page);
1213 	if (err) {
1214 		__free_page(page);
1215 		goto out_err;
1216 	}
1217 
1218 	set_delayed_call(callback, page_put_link, page);
1219 
1220 	return page_address(page);
1221 
1222 out_err:
1223 	return ERR_PTR(err);
1224 }
1225 
1226 static int fuse_dir_open(struct inode *inode, struct file *file)
1227 {
1228 	return fuse_open_common(inode, file, true);
1229 }
1230 
1231 static int fuse_dir_release(struct inode *inode, struct file *file)
1232 {
1233 	fuse_release_common(file, true);
1234 
1235 	return 0;
1236 }
1237 
1238 static int fuse_dir_fsync(struct file *file, loff_t start, loff_t end,
1239 			  int datasync)
1240 {
1241 	struct inode *inode = file->f_mapping->host;
1242 	struct fuse_conn *fc = get_fuse_conn(inode);
1243 	int err;
1244 
1245 	if (is_bad_inode(inode))
1246 		return -EIO;
1247 
1248 	if (fc->no_fsyncdir)
1249 		return 0;
1250 
1251 	inode_lock(inode);
1252 	err = fuse_fsync_common(file, start, end, datasync, FUSE_FSYNCDIR);
1253 	if (err == -ENOSYS) {
1254 		fc->no_fsyncdir = 1;
1255 		err = 0;
1256 	}
1257 	inode_unlock(inode);
1258 
1259 	return err;
1260 }
1261 
1262 static long fuse_dir_ioctl(struct file *file, unsigned int cmd,
1263 			    unsigned long arg)
1264 {
1265 	struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1266 
1267 	/* FUSE_IOCTL_DIR only supported for API version >= 7.18 */
1268 	if (fc->minor < 18)
1269 		return -ENOTTY;
1270 
1271 	return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_DIR);
1272 }
1273 
1274 static long fuse_dir_compat_ioctl(struct file *file, unsigned int cmd,
1275 				   unsigned long arg)
1276 {
1277 	struct fuse_conn *fc = get_fuse_conn(file->f_mapping->host);
1278 
1279 	if (fc->minor < 18)
1280 		return -ENOTTY;
1281 
1282 	return fuse_ioctl_common(file, cmd, arg,
1283 				 FUSE_IOCTL_COMPAT | FUSE_IOCTL_DIR);
1284 }
1285 
1286 static bool update_mtime(unsigned ivalid, bool trust_local_mtime)
1287 {
1288 	/* Always update if mtime is explicitly set  */
1289 	if (ivalid & ATTR_MTIME_SET)
1290 		return true;
1291 
1292 	/* Or if kernel i_mtime is the official one */
1293 	if (trust_local_mtime)
1294 		return true;
1295 
1296 	/* If it's an open(O_TRUNC) or an ftruncate(), don't update */
1297 	if ((ivalid & ATTR_SIZE) && (ivalid & (ATTR_OPEN | ATTR_FILE)))
1298 		return false;
1299 
1300 	/* In all other cases update */
1301 	return true;
1302 }
1303 
1304 static void iattr_to_fattr(struct fuse_conn *fc, struct iattr *iattr,
1305 			   struct fuse_setattr_in *arg, bool trust_local_cmtime)
1306 {
1307 	unsigned ivalid = iattr->ia_valid;
1308 
1309 	if (ivalid & ATTR_MODE)
1310 		arg->valid |= FATTR_MODE,   arg->mode = iattr->ia_mode;
1311 	if (ivalid & ATTR_UID)
1312 		arg->valid |= FATTR_UID,    arg->uid = from_kuid(fc->user_ns, iattr->ia_uid);
1313 	if (ivalid & ATTR_GID)
1314 		arg->valid |= FATTR_GID,    arg->gid = from_kgid(fc->user_ns, iattr->ia_gid);
1315 	if (ivalid & ATTR_SIZE)
1316 		arg->valid |= FATTR_SIZE,   arg->size = iattr->ia_size;
1317 	if (ivalid & ATTR_ATIME) {
1318 		arg->valid |= FATTR_ATIME;
1319 		arg->atime = iattr->ia_atime.tv_sec;
1320 		arg->atimensec = iattr->ia_atime.tv_nsec;
1321 		if (!(ivalid & ATTR_ATIME_SET))
1322 			arg->valid |= FATTR_ATIME_NOW;
1323 	}
1324 	if ((ivalid & ATTR_MTIME) && update_mtime(ivalid, trust_local_cmtime)) {
1325 		arg->valid |= FATTR_MTIME;
1326 		arg->mtime = iattr->ia_mtime.tv_sec;
1327 		arg->mtimensec = iattr->ia_mtime.tv_nsec;
1328 		if (!(ivalid & ATTR_MTIME_SET) && !trust_local_cmtime)
1329 			arg->valid |= FATTR_MTIME_NOW;
1330 	}
1331 	if ((ivalid & ATTR_CTIME) && trust_local_cmtime) {
1332 		arg->valid |= FATTR_CTIME;
1333 		arg->ctime = iattr->ia_ctime.tv_sec;
1334 		arg->ctimensec = iattr->ia_ctime.tv_nsec;
1335 	}
1336 }
1337 
1338 /*
1339  * Prevent concurrent writepages on inode
1340  *
1341  * This is done by adding a negative bias to the inode write counter
1342  * and waiting for all pending writes to finish.
1343  */
1344 void fuse_set_nowrite(struct inode *inode)
1345 {
1346 	struct fuse_inode *fi = get_fuse_inode(inode);
1347 
1348 	BUG_ON(!inode_is_locked(inode));
1349 
1350 	spin_lock(&fi->lock);
1351 	BUG_ON(fi->writectr < 0);
1352 	fi->writectr += FUSE_NOWRITE;
1353 	spin_unlock(&fi->lock);
1354 	wait_event(fi->page_waitq, fi->writectr == FUSE_NOWRITE);
1355 }
1356 
1357 /*
1358  * Allow writepages on inode
1359  *
1360  * Remove the bias from the writecounter and send any queued
1361  * writepages.
1362  */
1363 static void __fuse_release_nowrite(struct inode *inode)
1364 {
1365 	struct fuse_inode *fi = get_fuse_inode(inode);
1366 
1367 	BUG_ON(fi->writectr != FUSE_NOWRITE);
1368 	fi->writectr = 0;
1369 	fuse_flush_writepages(inode);
1370 }
1371 
1372 void fuse_release_nowrite(struct inode *inode)
1373 {
1374 	struct fuse_inode *fi = get_fuse_inode(inode);
1375 
1376 	spin_lock(&fi->lock);
1377 	__fuse_release_nowrite(inode);
1378 	spin_unlock(&fi->lock);
1379 }
1380 
1381 static void fuse_setattr_fill(struct fuse_conn *fc, struct fuse_args *args,
1382 			      struct inode *inode,
1383 			      struct fuse_setattr_in *inarg_p,
1384 			      struct fuse_attr_out *outarg_p)
1385 {
1386 	args->in.h.opcode = FUSE_SETATTR;
1387 	args->in.h.nodeid = get_node_id(inode);
1388 	args->in.numargs = 1;
1389 	args->in.args[0].size = sizeof(*inarg_p);
1390 	args->in.args[0].value = inarg_p;
1391 	args->out.numargs = 1;
1392 	args->out.args[0].size = sizeof(*outarg_p);
1393 	args->out.args[0].value = outarg_p;
1394 }
1395 
1396 /*
1397  * Flush inode->i_mtime to the server
1398  */
1399 int fuse_flush_times(struct inode *inode, struct fuse_file *ff)
1400 {
1401 	struct fuse_conn *fc = get_fuse_conn(inode);
1402 	FUSE_ARGS(args);
1403 	struct fuse_setattr_in inarg;
1404 	struct fuse_attr_out outarg;
1405 
1406 	memset(&inarg, 0, sizeof(inarg));
1407 	memset(&outarg, 0, sizeof(outarg));
1408 
1409 	inarg.valid = FATTR_MTIME;
1410 	inarg.mtime = inode->i_mtime.tv_sec;
1411 	inarg.mtimensec = inode->i_mtime.tv_nsec;
1412 	if (fc->minor >= 23) {
1413 		inarg.valid |= FATTR_CTIME;
1414 		inarg.ctime = inode->i_ctime.tv_sec;
1415 		inarg.ctimensec = inode->i_ctime.tv_nsec;
1416 	}
1417 	if (ff) {
1418 		inarg.valid |= FATTR_FH;
1419 		inarg.fh = ff->fh;
1420 	}
1421 	fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
1422 
1423 	return fuse_simple_request(fc, &args);
1424 }
1425 
1426 /*
1427  * Set attributes, and at the same time refresh them.
1428  *
1429  * Truncation is slightly complicated, because the 'truncate' request
1430  * may fail, in which case we don't want to touch the mapping.
1431  * vmtruncate() doesn't allow for this case, so do the rlimit checking
1432  * and the actual truncation by hand.
1433  */
1434 int fuse_do_setattr(struct dentry *dentry, struct iattr *attr,
1435 		    struct file *file)
1436 {
1437 	struct inode *inode = d_inode(dentry);
1438 	struct fuse_conn *fc = get_fuse_conn(inode);
1439 	struct fuse_inode *fi = get_fuse_inode(inode);
1440 	FUSE_ARGS(args);
1441 	struct fuse_setattr_in inarg;
1442 	struct fuse_attr_out outarg;
1443 	bool is_truncate = false;
1444 	bool is_wb = fc->writeback_cache;
1445 	loff_t oldsize;
1446 	int err;
1447 	bool trust_local_cmtime = is_wb && S_ISREG(inode->i_mode);
1448 
1449 	if (!fc->default_permissions)
1450 		attr->ia_valid |= ATTR_FORCE;
1451 
1452 	err = setattr_prepare(dentry, attr);
1453 	if (err)
1454 		return err;
1455 
1456 	if (attr->ia_valid & ATTR_OPEN) {
1457 		/* This is coming from open(..., ... | O_TRUNC); */
1458 		WARN_ON(!(attr->ia_valid & ATTR_SIZE));
1459 		WARN_ON(attr->ia_size != 0);
1460 		if (fc->atomic_o_trunc) {
1461 			/*
1462 			 * No need to send request to userspace, since actual
1463 			 * truncation has already been done by OPEN.  But still
1464 			 * need to truncate page cache.
1465 			 */
1466 			i_size_write(inode, 0);
1467 			truncate_pagecache(inode, 0);
1468 			return 0;
1469 		}
1470 		file = NULL;
1471 	}
1472 
1473 	if (attr->ia_valid & ATTR_SIZE) {
1474 		if (WARN_ON(!S_ISREG(inode->i_mode)))
1475 			return -EIO;
1476 		is_truncate = true;
1477 	}
1478 
1479 	if (is_truncate) {
1480 		fuse_set_nowrite(inode);
1481 		set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1482 		if (trust_local_cmtime && attr->ia_size != inode->i_size)
1483 			attr->ia_valid |= ATTR_MTIME | ATTR_CTIME;
1484 	}
1485 
1486 	memset(&inarg, 0, sizeof(inarg));
1487 	memset(&outarg, 0, sizeof(outarg));
1488 	iattr_to_fattr(fc, attr, &inarg, trust_local_cmtime);
1489 	if (file) {
1490 		struct fuse_file *ff = file->private_data;
1491 		inarg.valid |= FATTR_FH;
1492 		inarg.fh = ff->fh;
1493 	}
1494 	if (attr->ia_valid & ATTR_SIZE) {
1495 		/* For mandatory locking in truncate */
1496 		inarg.valid |= FATTR_LOCKOWNER;
1497 		inarg.lock_owner = fuse_lock_owner_id(fc, current->files);
1498 	}
1499 	fuse_setattr_fill(fc, &args, inode, &inarg, &outarg);
1500 	err = fuse_simple_request(fc, &args);
1501 	if (err) {
1502 		if (err == -EINTR)
1503 			fuse_invalidate_attr(inode);
1504 		goto error;
1505 	}
1506 
1507 	if ((inode->i_mode ^ outarg.attr.mode) & S_IFMT) {
1508 		make_bad_inode(inode);
1509 		err = -EIO;
1510 		goto error;
1511 	}
1512 
1513 	spin_lock(&fi->lock);
1514 	/* the kernel maintains i_mtime locally */
1515 	if (trust_local_cmtime) {
1516 		if (attr->ia_valid & ATTR_MTIME)
1517 			inode->i_mtime = attr->ia_mtime;
1518 		if (attr->ia_valid & ATTR_CTIME)
1519 			inode->i_ctime = attr->ia_ctime;
1520 		/* FIXME: clear I_DIRTY_SYNC? */
1521 	}
1522 
1523 	fuse_change_attributes_common(inode, &outarg.attr,
1524 				      attr_timeout(&outarg));
1525 	oldsize = inode->i_size;
1526 	/* see the comment in fuse_change_attributes() */
1527 	if (!is_wb || is_truncate || !S_ISREG(inode->i_mode))
1528 		i_size_write(inode, outarg.attr.size);
1529 
1530 	if (is_truncate) {
1531 		/* NOTE: this may release/reacquire fi->lock */
1532 		__fuse_release_nowrite(inode);
1533 	}
1534 	spin_unlock(&fi->lock);
1535 
1536 	/*
1537 	 * Only call invalidate_inode_pages2() after removing
1538 	 * FUSE_NOWRITE, otherwise fuse_launder_page() would deadlock.
1539 	 */
1540 	if ((is_truncate || !is_wb) &&
1541 	    S_ISREG(inode->i_mode) && oldsize != outarg.attr.size) {
1542 		truncate_pagecache(inode, outarg.attr.size);
1543 		invalidate_inode_pages2(inode->i_mapping);
1544 	}
1545 
1546 	clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1547 	return 0;
1548 
1549 error:
1550 	if (is_truncate)
1551 		fuse_release_nowrite(inode);
1552 
1553 	clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
1554 	return err;
1555 }
1556 
1557 static int fuse_setattr(struct dentry *entry, struct iattr *attr)
1558 {
1559 	struct inode *inode = d_inode(entry);
1560 	struct fuse_conn *fc = get_fuse_conn(inode);
1561 	struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL;
1562 	int ret;
1563 
1564 	if (!fuse_allow_current_process(get_fuse_conn(inode)))
1565 		return -EACCES;
1566 
1567 	if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) {
1568 		attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID |
1569 				    ATTR_MODE);
1570 
1571 		/*
1572 		 * The only sane way to reliably kill suid/sgid is to do it in
1573 		 * the userspace filesystem
1574 		 *
1575 		 * This should be done on write(), truncate() and chown().
1576 		 */
1577 		if (!fc->handle_killpriv) {
1578 			/*
1579 			 * ia_mode calculation may have used stale i_mode.
1580 			 * Refresh and recalculate.
1581 			 */
1582 			ret = fuse_do_getattr(inode, NULL, file);
1583 			if (ret)
1584 				return ret;
1585 
1586 			attr->ia_mode = inode->i_mode;
1587 			if (inode->i_mode & S_ISUID) {
1588 				attr->ia_valid |= ATTR_MODE;
1589 				attr->ia_mode &= ~S_ISUID;
1590 			}
1591 			if ((inode->i_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
1592 				attr->ia_valid |= ATTR_MODE;
1593 				attr->ia_mode &= ~S_ISGID;
1594 			}
1595 		}
1596 	}
1597 	if (!attr->ia_valid)
1598 		return 0;
1599 
1600 	ret = fuse_do_setattr(entry, attr, file);
1601 	if (!ret) {
1602 		/*
1603 		 * If filesystem supports acls it may have updated acl xattrs in
1604 		 * the filesystem, so forget cached acls for the inode.
1605 		 */
1606 		if (fc->posix_acl)
1607 			forget_all_cached_acls(inode);
1608 
1609 		/* Directory mode changed, may need to revalidate access */
1610 		if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE))
1611 			fuse_invalidate_entry_cache(entry);
1612 	}
1613 	return ret;
1614 }
1615 
1616 static int fuse_getattr(const struct path *path, struct kstat *stat,
1617 			u32 request_mask, unsigned int flags)
1618 {
1619 	struct inode *inode = d_inode(path->dentry);
1620 	struct fuse_conn *fc = get_fuse_conn(inode);
1621 
1622 	if (!fuse_allow_current_process(fc))
1623 		return -EACCES;
1624 
1625 	return fuse_update_get_attr(inode, NULL, stat, request_mask, flags);
1626 }
1627 
1628 static const struct inode_operations fuse_dir_inode_operations = {
1629 	.lookup		= fuse_lookup,
1630 	.mkdir		= fuse_mkdir,
1631 	.symlink	= fuse_symlink,
1632 	.unlink		= fuse_unlink,
1633 	.rmdir		= fuse_rmdir,
1634 	.rename		= fuse_rename2,
1635 	.link		= fuse_link,
1636 	.setattr	= fuse_setattr,
1637 	.create		= fuse_create,
1638 	.atomic_open	= fuse_atomic_open,
1639 	.mknod		= fuse_mknod,
1640 	.permission	= fuse_permission,
1641 	.getattr	= fuse_getattr,
1642 	.listxattr	= fuse_listxattr,
1643 	.get_acl	= fuse_get_acl,
1644 	.set_acl	= fuse_set_acl,
1645 };
1646 
1647 static const struct file_operations fuse_dir_operations = {
1648 	.llseek		= generic_file_llseek,
1649 	.read		= generic_read_dir,
1650 	.iterate_shared	= fuse_readdir,
1651 	.open		= fuse_dir_open,
1652 	.release	= fuse_dir_release,
1653 	.fsync		= fuse_dir_fsync,
1654 	.unlocked_ioctl	= fuse_dir_ioctl,
1655 	.compat_ioctl	= fuse_dir_compat_ioctl,
1656 };
1657 
1658 static const struct inode_operations fuse_common_inode_operations = {
1659 	.setattr	= fuse_setattr,
1660 	.permission	= fuse_permission,
1661 	.getattr	= fuse_getattr,
1662 	.listxattr	= fuse_listxattr,
1663 	.get_acl	= fuse_get_acl,
1664 	.set_acl	= fuse_set_acl,
1665 };
1666 
1667 static const struct inode_operations fuse_symlink_inode_operations = {
1668 	.setattr	= fuse_setattr,
1669 	.get_link	= fuse_get_link,
1670 	.getattr	= fuse_getattr,
1671 	.listxattr	= fuse_listxattr,
1672 };
1673 
1674 void fuse_init_common(struct inode *inode)
1675 {
1676 	inode->i_op = &fuse_common_inode_operations;
1677 }
1678 
1679 void fuse_init_dir(struct inode *inode)
1680 {
1681 	struct fuse_inode *fi = get_fuse_inode(inode);
1682 
1683 	inode->i_op = &fuse_dir_inode_operations;
1684 	inode->i_fop = &fuse_dir_operations;
1685 
1686 	spin_lock_init(&fi->rdc.lock);
1687 	fi->rdc.cached = false;
1688 	fi->rdc.size = 0;
1689 	fi->rdc.pos = 0;
1690 	fi->rdc.version = 0;
1691 }
1692 
1693 static int fuse_symlink_readpage(struct file *null, struct page *page)
1694 {
1695 	int err = fuse_readlink_page(page->mapping->host, page);
1696 
1697 	if (!err)
1698 		SetPageUptodate(page);
1699 
1700 	unlock_page(page);
1701 
1702 	return err;
1703 }
1704 
1705 static const struct address_space_operations fuse_symlink_aops = {
1706 	.readpage	= fuse_symlink_readpage,
1707 };
1708 
1709 void fuse_init_symlink(struct inode *inode)
1710 {
1711 	inode->i_op = &fuse_symlink_inode_operations;
1712 	inode->i_data.a_ops = &fuse_symlink_aops;
1713 	inode_nohighmem(inode);
1714 }
1715