| // SPDX-License-Identifier: GPL-2.0 |
| /* |
| * Copyright 2020 Google LLC |
| */ |
| |
| #include <linux/file.h> |
| #include <linux/fs.h> |
| #include <linux/fsnotify.h> |
| #include <linux/namei.h> |
| #include <linux/poll.h> |
| #include <linux/syscalls.h> |
| #include <linux/fdtable.h> |
| |
| #include <uapi/linux/incrementalfs.h> |
| |
| #include "pseudo_files.h" |
| |
| #include "data_mgmt.h" |
| #include "format.h" |
| #include "integrity.h" |
| #include "vfs.h" |
| |
| #define READ_WRITE_FILE_MODE 0666 |
| |
| static bool is_pseudo_filename(struct mem_range name); |
| |
| /******************************************************************************* |
| * .pending_reads pseudo file definition |
| ******************************************************************************/ |
| #define INCFS_PENDING_READS_INODE 2 |
| static const char pending_reads_file_name[] = INCFS_PENDING_READS_FILENAME; |
| |
| /* State of an open .pending_reads file, unique for each file descriptor. */ |
| struct pending_reads_state { |
| /* A serial number of the last pending read obtained from this file. */ |
| int last_pending_read_sn; |
| }; |
| |
| static ssize_t pending_reads_read(struct file *f, char __user *buf, size_t len, |
| loff_t *ppos) |
| { |
| struct pending_reads_state *pr_state = f->private_data; |
| struct mount_info *mi = get_mount_info(file_superblock(f)); |
| bool report_uid; |
| unsigned long page = 0; |
| struct incfs_pending_read_info *reads_buf = NULL; |
| struct incfs_pending_read_info2 *reads_buf2 = NULL; |
| size_t record_size; |
| size_t reads_to_collect; |
| int last_known_read_sn = READ_ONCE(pr_state->last_pending_read_sn); |
| int new_max_sn = last_known_read_sn; |
| int reads_collected = 0; |
| ssize_t result = 0; |
| |
| if (!mi) |
| return -EFAULT; |
| |
| report_uid = mi->mi_options.report_uid; |
| record_size = report_uid ? sizeof(*reads_buf2) : sizeof(*reads_buf); |
| reads_to_collect = len / record_size; |
| |
| if (!incfs_fresh_pending_reads_exist(mi, last_known_read_sn)) |
| return 0; |
| |
| page = get_zeroed_page(GFP_NOFS); |
| if (!page) |
| return -ENOMEM; |
| |
| if (report_uid) |
| reads_buf2 = (struct incfs_pending_read_info2 *) page; |
| else |
| reads_buf = (struct incfs_pending_read_info *) page; |
| |
| reads_to_collect = |
| min_t(size_t, PAGE_SIZE / record_size, reads_to_collect); |
| |
| reads_collected = incfs_collect_pending_reads(mi, last_known_read_sn, |
| reads_buf, reads_buf2, reads_to_collect, |
| &new_max_sn); |
| |
| if (reads_collected < 0) { |
| result = reads_collected; |
| goto out; |
| } |
| |
| /* |
| * Just to make sure that we don't accidentally copy more data |
| * to reads buffer than userspace can handle. |
| */ |
| reads_collected = min_t(size_t, reads_collected, reads_to_collect); |
| result = reads_collected * record_size; |
| |
| /* Copy reads info to the userspace buffer */ |
| if (copy_to_user(buf, (void *)page, result)) { |
| result = -EFAULT; |
| goto out; |
| } |
| |
| WRITE_ONCE(pr_state->last_pending_read_sn, new_max_sn); |
| *ppos = 0; |
| |
| out: |
| free_page(page); |
| return result; |
| } |
| |
| static __poll_t pending_reads_poll(struct file *file, poll_table *wait) |
| { |
| struct pending_reads_state *state = file->private_data; |
| struct mount_info *mi = get_mount_info(file_superblock(file)); |
| __poll_t ret = 0; |
| |
| poll_wait(file, &mi->mi_pending_reads_notif_wq, wait); |
| if (incfs_fresh_pending_reads_exist(mi, |
| state->last_pending_read_sn)) |
| ret = EPOLLIN | EPOLLRDNORM; |
| |
| return ret; |
| } |
| |
| static int pending_reads_open(struct inode *inode, struct file *file) |
| { |
| struct pending_reads_state *state = NULL; |
| |
| state = kzalloc(sizeof(*state), GFP_NOFS); |
| if (!state) |
| return -ENOMEM; |
| |
| file->private_data = state; |
| return 0; |
| } |
| |
| static int pending_reads_release(struct inode *inode, struct file *file) |
| { |
| kfree(file->private_data); |
| return 0; |
| } |
| |
| static long ioctl_permit_fill(struct file *f, void __user *arg) |
| { |
| struct incfs_permit_fill __user *usr_permit_fill = arg; |
| struct incfs_permit_fill permit_fill; |
| long error = 0; |
| struct file *file = NULL; |
| struct incfs_file_data *fd; |
| |
| if (copy_from_user(&permit_fill, usr_permit_fill, sizeof(permit_fill))) |
| return -EFAULT; |
| |
| file = fget(permit_fill.file_descriptor); |
| if (IS_ERR_OR_NULL(file)) { |
| if (!file) |
| return -ENOENT; |
| |
| return PTR_ERR(file); |
| } |
| |
| if (file->f_op != &incfs_file_ops) { |
| error = -EPERM; |
| goto out; |
| } |
| |
| if (file->f_inode->i_sb != f->f_inode->i_sb) { |
| error = -EPERM; |
| goto out; |
| } |
| |
| fd = file->private_data; |
| |
| switch (fd->fd_fill_permission) { |
| case CANT_FILL: |
| fd->fd_fill_permission = CAN_FILL; |
| break; |
| |
| case CAN_FILL: |
| pr_debug("CAN_FILL already set"); |
| break; |
| |
| default: |
| pr_warn("Invalid file private data"); |
| error = -EFAULT; |
| goto out; |
| } |
| |
| out: |
| fput(file); |
| return error; |
| } |
| |
| static int chmod(struct dentry *dentry, umode_t mode) |
| { |
| struct inode *inode = dentry->d_inode; |
| struct inode *delegated_inode = NULL; |
| struct iattr newattrs; |
| int error; |
| |
| retry_deleg: |
| inode_lock(inode); |
| newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO); |
| newattrs.ia_valid = ATTR_MODE | ATTR_CTIME; |
| error = notify_change(&init_user_ns, dentry, &newattrs, &delegated_inode); |
| inode_unlock(inode); |
| if (delegated_inode) { |
| error = break_deleg_wait(&delegated_inode); |
| if (!error) |
| goto retry_deleg; |
| } |
| return error; |
| } |
| |
| static bool incfs_equal_ranges(struct mem_range lhs, struct mem_range rhs) |
| { |
| if (lhs.len != rhs.len) |
| return false; |
| return memcmp(lhs.data, rhs.data, lhs.len) == 0; |
| } |
| |
| static int validate_name(char *file_name) |
| { |
| struct mem_range name = range(file_name, strlen(file_name)); |
| int i = 0; |
| |
| if (name.len > INCFS_MAX_NAME_LEN) |
| return -ENAMETOOLONG; |
| |
| if (is_pseudo_filename(name)) |
| return -EINVAL; |
| |
| for (i = 0; i < name.len; i++) |
| if (name.data[i] == '/') |
| return -EINVAL; |
| |
| return 0; |
| } |
| |
| static int dir_relative_path_resolve( |
| struct mount_info *mi, |
| const char __user *relative_path, |
| struct path *result_path, |
| struct path *base_path) |
| { |
| int dir_fd = get_unused_fd_flags(0); |
| struct file *dir_f = NULL; |
| int error = 0; |
| |
| if (!base_path) |
| base_path = &mi->mi_backing_dir_path; |
| |
| if (dir_fd < 0) |
| return dir_fd; |
| |
| dir_f = dentry_open(base_path, O_RDONLY | O_NOATIME, current_cred()); |
| |
| if (IS_ERR(dir_f)) { |
| error = PTR_ERR(dir_f); |
| goto out; |
| } |
| fd_install(dir_fd, dir_f); |
| |
| if (!relative_path) { |
| /* No relative path given, just return the base dir. */ |
| *result_path = *base_path; |
| path_get(result_path); |
| goto out; |
| } |
| |
| error = user_path_at_empty(dir_fd, relative_path, |
| LOOKUP_FOLLOW | LOOKUP_DIRECTORY, result_path, NULL); |
| |
| out: |
| close_fd(dir_fd); |
| if (error) |
| pr_debug("Error: %d\n", error); |
| return error; |
| } |
| |
| static struct mem_range incfs_copy_signature_info_from_user(u8 __user *original, |
| u64 size) |
| { |
| u8 *result; |
| |
| if (!original) |
| return range(NULL, 0); |
| |
| if (size > INCFS_MAX_SIGNATURE_SIZE) |
| return range(ERR_PTR(-EFAULT), 0); |
| |
| result = kzalloc(size, GFP_NOFS | __GFP_COMP); |
| if (!result) |
| return range(ERR_PTR(-ENOMEM), 0); |
| |
| if (copy_from_user(result, original, size)) { |
| kfree(result); |
| return range(ERR_PTR(-EFAULT), 0); |
| } |
| |
| return range(result, size); |
| } |
| |
| static int init_new_file(struct mount_info *mi, struct dentry *dentry, |
| incfs_uuid_t *uuid, u64 size, struct mem_range attr, |
| u8 __user *user_signature_info, u64 signature_size) |
| { |
| struct path path = {}; |
| struct file *new_file; |
| int error = 0; |
| struct backing_file_context *bfc = NULL; |
| u32 block_count; |
| struct mem_range raw_signature = { NULL }; |
| struct mtree *hash_tree = NULL; |
| |
| if (!mi || !dentry || !uuid) |
| return -EFAULT; |
| |
| /* Resize newly created file to its true size. */ |
| path = (struct path) { |
| .mnt = mi->mi_backing_dir_path.mnt, |
| .dentry = dentry |
| }; |
| |
| new_file = dentry_open(&path, O_RDWR | O_NOATIME | O_LARGEFILE, |
| current_cred()); |
| |
| if (IS_ERR(new_file)) { |
| error = PTR_ERR(new_file); |
| goto out; |
| } |
| |
| bfc = incfs_alloc_bfc(mi, new_file); |
| fput(new_file); |
| if (IS_ERR(bfc)) { |
| error = PTR_ERR(bfc); |
| bfc = NULL; |
| goto out; |
| } |
| |
| mutex_lock(&bfc->bc_mutex); |
| error = incfs_write_fh_to_backing_file(bfc, uuid, size); |
| if (error) |
| goto out; |
| |
| block_count = (u32)get_blocks_count_for_size(size); |
| |
| if (user_signature_info) { |
| raw_signature = incfs_copy_signature_info_from_user( |
| user_signature_info, signature_size); |
| |
| if (IS_ERR(raw_signature.data)) { |
| error = PTR_ERR(raw_signature.data); |
| raw_signature.data = NULL; |
| goto out; |
| } |
| |
| hash_tree = incfs_alloc_mtree(raw_signature, block_count); |
| if (IS_ERR(hash_tree)) { |
| error = PTR_ERR(hash_tree); |
| hash_tree = NULL; |
| goto out; |
| } |
| |
| error = incfs_write_signature_to_backing_file(bfc, |
| raw_signature, hash_tree->hash_tree_area_size, |
| NULL, NULL); |
| if (error) |
| goto out; |
| |
| block_count += get_blocks_count_for_size( |
| hash_tree->hash_tree_area_size); |
| } |
| |
| if (block_count) |
| error = incfs_write_blockmap_to_backing_file(bfc, block_count); |
| |
| if (error) |
| goto out; |
| |
| out: |
| if (bfc) { |
| mutex_unlock(&bfc->bc_mutex); |
| incfs_free_bfc(bfc); |
| } |
| incfs_free_mtree(hash_tree); |
| kfree(raw_signature.data); |
| |
| if (error) |
| pr_debug("incfs: %s error: %d\n", __func__, error); |
| return error; |
| } |
| |
| static void notify_create(struct file *pending_reads_file, |
| const char __user *dir_name, const char *file_name, |
| const char *file_id_str, bool incomplete_file) |
| { |
| struct mount_info *mi = |
| get_mount_info(file_superblock(pending_reads_file)); |
| struct path base_path = { |
| .mnt = pending_reads_file->f_path.mnt, |
| .dentry = pending_reads_file->f_path.dentry->d_parent, |
| }; |
| struct path dir_path = {}; |
| struct dentry *file = NULL; |
| struct dentry *dir = NULL; |
| int error; |
| |
| error = dir_relative_path_resolve(mi, dir_name, &dir_path, &base_path); |
| if (error) |
| goto out; |
| |
| file = incfs_lookup_dentry(dir_path.dentry, file_name); |
| if (IS_ERR(file)) { |
| error = PTR_ERR(file); |
| file = NULL; |
| goto out; |
| } |
| |
| fsnotify_create(d_inode(dir_path.dentry), file); |
| |
| if (file_id_str) { |
| dir = incfs_lookup_dentry(base_path.dentry, INCFS_INDEX_NAME); |
| if (IS_ERR(dir)) { |
| error = PTR_ERR(dir); |
| dir = NULL; |
| goto out; |
| } |
| |
| dput(file); |
| file = incfs_lookup_dentry(dir, file_id_str); |
| if (IS_ERR(file)) { |
| error = PTR_ERR(file); |
| file = NULL; |
| goto out; |
| } |
| |
| fsnotify_create(d_inode(dir), file); |
| |
| if (incomplete_file) { |
| dput(dir); |
| dir = incfs_lookup_dentry(base_path.dentry, |
| INCFS_INCOMPLETE_NAME); |
| if (IS_ERR(dir)) { |
| error = PTR_ERR(dir); |
| dir = NULL; |
| goto out; |
| } |
| |
| dput(file); |
| file = incfs_lookup_dentry(dir, file_id_str); |
| if (IS_ERR(file)) { |
| error = PTR_ERR(file); |
| file = NULL; |
| goto out; |
| } |
| |
| fsnotify_create(d_inode(dir), file); |
| } |
| } |
| out: |
| if (error) |
| pr_warn("%s failed with error %d\n", __func__, error); |
| |
| dput(dir); |
| dput(file); |
| path_put(&dir_path); |
| } |
| |
| static long ioctl_create_file(struct file *file, |
| struct incfs_new_file_args __user *usr_args) |
| { |
| struct mount_info *mi = get_mount_info(file_superblock(file)); |
| struct incfs_new_file_args args; |
| char *file_id_str = NULL; |
| struct dentry *index_file_dentry = NULL; |
| struct dentry *named_file_dentry = NULL; |
| struct dentry *incomplete_file_dentry = NULL; |
| struct path parent_dir_path = {}; |
| struct inode *index_dir_inode = NULL; |
| __le64 size_attr_value = 0; |
| char *file_name = NULL; |
| char *attr_value = NULL; |
| int error = 0; |
| bool locked = false; |
| bool index_linked = false; |
| bool name_linked = false; |
| bool incomplete_linked = false; |
| |
| if (!mi || !mi->mi_index_dir || !mi->mi_incomplete_dir) { |
| error = -EFAULT; |
| goto out; |
| } |
| |
| if (copy_from_user(&args, usr_args, sizeof(args)) > 0) { |
| error = -EFAULT; |
| goto out; |
| } |
| |
| file_name = strndup_user(u64_to_user_ptr(args.file_name), PATH_MAX); |
| if (IS_ERR(file_name)) { |
| error = PTR_ERR(file_name); |
| file_name = NULL; |
| goto out; |
| } |
| |
| error = validate_name(file_name); |
| if (error) |
| goto out; |
| |
| file_id_str = file_id_to_str(args.file_id); |
| if (!file_id_str) { |
| error = -ENOMEM; |
| goto out; |
| } |
| |
| error = mutex_lock_interruptible(&mi->mi_dir_struct_mutex); |
| if (error) |
| goto out; |
| locked = true; |
| |
| /* Find a directory to put the file into. */ |
| error = dir_relative_path_resolve(mi, |
| u64_to_user_ptr(args.directory_path), |
| &parent_dir_path, NULL); |
| if (error) |
| goto out; |
| |
| if (parent_dir_path.dentry == mi->mi_index_dir) { |
| /* Can't create a file directly inside .index */ |
| error = -EBUSY; |
| goto out; |
| } |
| |
| if (parent_dir_path.dentry == mi->mi_incomplete_dir) { |
| /* Can't create a file directly inside .incomplete */ |
| error = -EBUSY; |
| goto out; |
| } |
| |
| /* Look up a dentry in the parent dir. It should be negative. */ |
| named_file_dentry = incfs_lookup_dentry(parent_dir_path.dentry, |
| file_name); |
| if (!named_file_dentry) { |
| error = -EFAULT; |
| goto out; |
| } |
| if (IS_ERR(named_file_dentry)) { |
| error = PTR_ERR(named_file_dentry); |
| named_file_dentry = NULL; |
| goto out; |
| } |
| if (d_really_is_positive(named_file_dentry)) { |
| /* File with this path already exists. */ |
| error = -EEXIST; |
| goto out; |
| } |
| |
| /* Look up a dentry in the incomplete dir. It should be negative. */ |
| incomplete_file_dentry = incfs_lookup_dentry(mi->mi_incomplete_dir, |
| file_id_str); |
| if (!incomplete_file_dentry) { |
| error = -EFAULT; |
| goto out; |
| } |
| if (IS_ERR(incomplete_file_dentry)) { |
| error = PTR_ERR(incomplete_file_dentry); |
| incomplete_file_dentry = NULL; |
| goto out; |
| } |
| if (d_really_is_positive(incomplete_file_dentry)) { |
| /* File with this path already exists. */ |
| error = -EEXIST; |
| goto out; |
| } |
| |
| /* Look up a dentry in the .index dir. It should be negative. */ |
| index_file_dentry = incfs_lookup_dentry(mi->mi_index_dir, file_id_str); |
| if (!index_file_dentry) { |
| error = -EFAULT; |
| goto out; |
| } |
| if (IS_ERR(index_file_dentry)) { |
| error = PTR_ERR(index_file_dentry); |
| index_file_dentry = NULL; |
| goto out; |
| } |
| if (d_really_is_positive(index_file_dentry)) { |
| /* File with this ID already exists in index. */ |
| error = -EEXIST; |
| goto out; |
| } |
| |
| /* Creating a file in the .index dir. */ |
| index_dir_inode = d_inode(mi->mi_index_dir); |
| inode_lock_nested(index_dir_inode, I_MUTEX_PARENT); |
| error = vfs_create(&init_user_ns, index_dir_inode, index_file_dentry, |
| args.mode | 0222, true); |
| inode_unlock(index_dir_inode); |
| |
| if (error) |
| goto out; |
| if (!d_really_is_positive(index_file_dentry)) { |
| error = -EINVAL; |
| goto out; |
| } |
| |
| error = chmod(index_file_dentry, args.mode | 0222); |
| if (error) { |
| pr_debug("incfs: chmod err: %d\n", error); |
| goto out; |
| } |
| |
| /* Save the file's ID as an xattr for easy fetching in future. */ |
| error = vfs_setxattr(&init_user_ns, index_file_dentry, INCFS_XATTR_ID_NAME, |
| file_id_str, strlen(file_id_str), XATTR_CREATE); |
| if (error) { |
| pr_debug("incfs: vfs_setxattr err:%d\n", error); |
| goto out; |
| } |
| |
| /* Save the file's size as an xattr for easy fetching in future. */ |
| size_attr_value = cpu_to_le64(args.size); |
| error = vfs_setxattr(&init_user_ns, index_file_dentry, INCFS_XATTR_SIZE_NAME, |
| (char *)&size_attr_value, sizeof(size_attr_value), |
| XATTR_CREATE); |
| if (error) { |
| pr_debug("incfs: vfs_setxattr err:%d\n", error); |
| goto out; |
| } |
| |
| /* Save the file's attribute as an xattr */ |
| if (args.file_attr_len && args.file_attr) { |
| if (args.file_attr_len > INCFS_MAX_FILE_ATTR_SIZE) { |
| error = -E2BIG; |
| goto out; |
| } |
| |
| attr_value = kmalloc(args.file_attr_len, GFP_NOFS); |
| if (!attr_value) { |
| error = -ENOMEM; |
| goto out; |
| } |
| |
| if (copy_from_user(attr_value, |
| u64_to_user_ptr(args.file_attr), |
| args.file_attr_len) > 0) { |
| error = -EFAULT; |
| goto out; |
| } |
| |
| error = vfs_setxattr(&init_user_ns, index_file_dentry, |
| INCFS_XATTR_METADATA_NAME, |
| attr_value, args.file_attr_len, |
| XATTR_CREATE); |
| |
| if (error) |
| goto out; |
| } |
| |
| /* Initializing a newly created file. */ |
| error = init_new_file(mi, index_file_dentry, &args.file_id, args.size, |
| range(attr_value, args.file_attr_len), |
| u64_to_user_ptr(args.signature_info), |
| args.signature_size); |
| if (error) |
| goto out; |
| index_linked = true; |
| |
| /* Linking a file with its real name from the requested dir. */ |
| error = incfs_link(index_file_dentry, named_file_dentry); |
| if (error) |
| goto out; |
| name_linked = true; |
| |
| if (args.size) { |
| /* Linking a file with its incomplete entry */ |
| error = incfs_link(index_file_dentry, incomplete_file_dentry); |
| if (error) |
| goto out; |
| incomplete_linked = true; |
| } |
| |
| notify_create(file, u64_to_user_ptr(args.directory_path), file_name, |
| file_id_str, args.size != 0); |
| |
| out: |
| if (error) { |
| pr_debug("incfs: %s err:%d\n", __func__, error); |
| if (index_linked) |
| incfs_unlink(index_file_dentry); |
| if (name_linked) |
| incfs_unlink(named_file_dentry); |
| if (incomplete_linked) |
| incfs_unlink(incomplete_file_dentry); |
| } |
| |
| kfree(file_id_str); |
| kfree(file_name); |
| kfree(attr_value); |
| dput(named_file_dentry); |
| dput(index_file_dentry); |
| dput(incomplete_file_dentry); |
| path_put(&parent_dir_path); |
| if (locked) |
| mutex_unlock(&mi->mi_dir_struct_mutex); |
| |
| return error; |
| } |
| |
| static int init_new_mapped_file(struct mount_info *mi, struct dentry *dentry, |
| incfs_uuid_t *uuid, u64 size, u64 offset) |
| { |
| struct path path = {}; |
| struct file *new_file; |
| int error = 0; |
| struct backing_file_context *bfc = NULL; |
| |
| if (!mi || !dentry || !uuid) |
| return -EFAULT; |
| |
| /* Resize newly created file to its true size. */ |
| path = (struct path) { |
| .mnt = mi->mi_backing_dir_path.mnt, |
| .dentry = dentry |
| }; |
| new_file = dentry_open(&path, O_RDWR | O_NOATIME | O_LARGEFILE, |
| current_cred()); |
| |
| if (IS_ERR(new_file)) { |
| error = PTR_ERR(new_file); |
| goto out; |
| } |
| |
| bfc = incfs_alloc_bfc(mi, new_file); |
| fput(new_file); |
| if (IS_ERR(bfc)) { |
| error = PTR_ERR(bfc); |
| bfc = NULL; |
| goto out; |
| } |
| |
| mutex_lock(&bfc->bc_mutex); |
| error = incfs_write_mapping_fh_to_backing_file(bfc, uuid, size, offset); |
| if (error) |
| goto out; |
| |
| out: |
| if (bfc) { |
| mutex_unlock(&bfc->bc_mutex); |
| incfs_free_bfc(bfc); |
| } |
| |
| if (error) |
| pr_debug("incfs: %s error: %d\n", __func__, error); |
| return error; |
| } |
| |
| static long ioctl_create_mapped_file(struct file *file, void __user *arg) |
| { |
| struct mount_info *mi = get_mount_info(file_superblock(file)); |
| struct incfs_create_mapped_file_args __user *args_usr_ptr = arg; |
| struct incfs_create_mapped_file_args args = {}; |
| char *file_name; |
| int error = 0; |
| struct path parent_dir_path = {}; |
| char *source_file_name = NULL; |
| struct dentry *source_file_dentry = NULL; |
| u64 source_file_size; |
| struct dentry *file_dentry = NULL; |
| struct inode *parent_inode; |
| __le64 size_attr_value; |
| |
| if (copy_from_user(&args, args_usr_ptr, sizeof(args)) > 0) |
| return -EINVAL; |
| |
| file_name = strndup_user(u64_to_user_ptr(args.file_name), PATH_MAX); |
| if (IS_ERR(file_name)) { |
| error = PTR_ERR(file_name); |
| file_name = NULL; |
| goto out; |
| } |
| |
| error = validate_name(file_name); |
| if (error) |
| goto out; |
| |
| if (args.source_offset % INCFS_DATA_FILE_BLOCK_SIZE) { |
| error = -EINVAL; |
| goto out; |
| } |
| |
| /* Validate file mapping is in range */ |
| source_file_name = file_id_to_str(args.source_file_id); |
| if (!source_file_name) { |
| pr_warn("Failed to alloc source_file_name\n"); |
| error = -ENOMEM; |
| goto out; |
| } |
| |
| source_file_dentry = incfs_lookup_dentry(mi->mi_index_dir, |
| source_file_name); |
| if (!source_file_dentry) { |
| pr_warn("Source file does not exist\n"); |
| error = -EINVAL; |
| goto out; |
| } |
| if (IS_ERR(source_file_dentry)) { |
| pr_warn("Error opening source file\n"); |
| error = PTR_ERR(source_file_dentry); |
| source_file_dentry = NULL; |
| goto out; |
| } |
| if (!d_really_is_positive(source_file_dentry)) { |
| pr_warn("Source file dentry negative\n"); |
| error = -EINVAL; |
| goto out; |
| } |
| |
| error = vfs_getxattr(&init_user_ns, source_file_dentry, INCFS_XATTR_SIZE_NAME, |
| (char *)&size_attr_value, sizeof(size_attr_value)); |
| if (error < 0) |
| goto out; |
| |
| if (error != sizeof(size_attr_value)) { |
| pr_warn("Mapped file has no size attr\n"); |
| error = -EINVAL; |
| goto out; |
| } |
| |
| source_file_size = le64_to_cpu(size_attr_value); |
| if (args.source_offset + args.size > source_file_size) { |
| pr_warn("Mapped file out of range\n"); |
| error = -EINVAL; |
| goto out; |
| } |
| |
| /* Find a directory to put the file into. */ |
| error = dir_relative_path_resolve(mi, |
| u64_to_user_ptr(args.directory_path), |
| &parent_dir_path, NULL); |
| if (error) |
| goto out; |
| |
| if (parent_dir_path.dentry == mi->mi_index_dir) { |
| /* Can't create a file directly inside .index */ |
| error = -EBUSY; |
| goto out; |
| } |
| |
| /* Look up a dentry in the parent dir. It should be negative. */ |
| file_dentry = incfs_lookup_dentry(parent_dir_path.dentry, |
| file_name); |
| if (!file_dentry) { |
| error = -EFAULT; |
| goto out; |
| } |
| if (IS_ERR(file_dentry)) { |
| error = PTR_ERR(file_dentry); |
| file_dentry = NULL; |
| goto out; |
| } |
| if (d_really_is_positive(file_dentry)) { |
| error = -EEXIST; |
| goto out; |
| } |
| |
| parent_inode = d_inode(parent_dir_path.dentry); |
| inode_lock_nested(parent_inode, I_MUTEX_PARENT); |
| error = vfs_create(&init_user_ns, parent_inode, file_dentry, |
| args.mode | 0222, true); |
| inode_unlock(parent_inode); |
| if (error) |
| goto out; |
| |
| error = chmod(file_dentry, args.mode | 0222); |
| if (error) { |
| pr_debug("incfs: chmod err: %d\n", error); |
| goto delete_file; |
| } |
| |
| /* Save the file's size as an xattr for easy fetching in future. */ |
| size_attr_value = cpu_to_le64(args.size); |
| error = vfs_setxattr(&init_user_ns, file_dentry, INCFS_XATTR_SIZE_NAME, |
| (char *)&size_attr_value, sizeof(size_attr_value), |
| XATTR_CREATE); |
| if (error) { |
| pr_debug("incfs: vfs_setxattr err:%d\n", error); |
| goto delete_file; |
| } |
| |
| error = init_new_mapped_file(mi, file_dentry, &args.source_file_id, |
| args.size, args.source_offset); |
| if (error) |
| goto delete_file; |
| |
| notify_create(file, u64_to_user_ptr(args.directory_path), file_name, |
| NULL, false); |
| |
| goto out; |
| |
| delete_file: |
| incfs_unlink(file_dentry); |
| |
| out: |
| dput(file_dentry); |
| dput(source_file_dentry); |
| path_put(&parent_dir_path); |
| kfree(file_name); |
| kfree(source_file_name); |
| return error; |
| } |
| |
| static long ioctl_get_read_timeouts(struct mount_info *mi, void __user *arg) |
| { |
| struct incfs_get_read_timeouts_args __user *args_usr_ptr = arg; |
| struct incfs_get_read_timeouts_args args = {}; |
| int error = 0; |
| struct incfs_per_uid_read_timeouts *buffer; |
| int size; |
| |
| if (copy_from_user(&args, args_usr_ptr, sizeof(args))) |
| return -EINVAL; |
| |
| if (args.timeouts_array_size > INCFS_DATA_FILE_BLOCK_SIZE) |
| return -EINVAL; |
| |
| buffer = kzalloc(args.timeouts_array_size, GFP_NOFS); |
| if (!buffer) |
| return -ENOMEM; |
| |
| spin_lock(&mi->mi_per_uid_read_timeouts_lock); |
| size = mi->mi_per_uid_read_timeouts_size; |
| if (args.timeouts_array_size < size) |
| error = -E2BIG; |
| else if (size) |
| memcpy(buffer, mi->mi_per_uid_read_timeouts, size); |
| spin_unlock(&mi->mi_per_uid_read_timeouts_lock); |
| |
| args.timeouts_array_size_out = size; |
| if (!error && size) |
| if (copy_to_user(u64_to_user_ptr(args.timeouts_array), buffer, |
| size)) |
| error = -EFAULT; |
| |
| if (!error || error == -E2BIG) |
| if (copy_to_user(args_usr_ptr, &args, sizeof(args)) > 0) |
| error = -EFAULT; |
| |
| kfree(buffer); |
| return error; |
| } |
| |
| static long ioctl_set_read_timeouts(struct mount_info *mi, void __user *arg) |
| { |
| struct incfs_set_read_timeouts_args __user *args_usr_ptr = arg; |
| struct incfs_set_read_timeouts_args args = {}; |
| int error = 0; |
| int size; |
| struct incfs_per_uid_read_timeouts *buffer = NULL, *tmp; |
| int i; |
| |
| if (copy_from_user(&args, args_usr_ptr, sizeof(args))) |
| return -EINVAL; |
| |
| size = args.timeouts_array_size; |
| if (size) { |
| if (size > INCFS_DATA_FILE_BLOCK_SIZE || |
| size % sizeof(*buffer) != 0) |
| return -EINVAL; |
| |
| buffer = kzalloc(size, GFP_NOFS); |
| if (!buffer) |
| return -ENOMEM; |
| |
| if (copy_from_user(buffer, u64_to_user_ptr(args.timeouts_array), |
| size)) { |
| error = -EINVAL; |
| goto out; |
| } |
| |
| for (i = 0; i < size / sizeof(*buffer); ++i) { |
| struct incfs_per_uid_read_timeouts *t = &buffer[i]; |
| |
| if (t->min_pending_time_us > t->max_pending_time_us) { |
| error = -EINVAL; |
| goto out; |
| } |
| } |
| } |
| |
| spin_lock(&mi->mi_per_uid_read_timeouts_lock); |
| mi->mi_per_uid_read_timeouts_size = size; |
| tmp = mi->mi_per_uid_read_timeouts; |
| mi->mi_per_uid_read_timeouts = buffer; |
| buffer = tmp; |
| spin_unlock(&mi->mi_per_uid_read_timeouts_lock); |
| |
| out: |
| kfree(buffer); |
| return error; |
| } |
| |
| static long ioctl_get_last_read_error(struct mount_info *mi, void __user *arg) |
| { |
| struct incfs_get_last_read_error_args __user *args_usr_ptr = arg; |
| struct incfs_get_last_read_error_args args = {}; |
| int error; |
| |
| error = mutex_lock_interruptible(&mi->mi_le_mutex); |
| if (error) |
| return error; |
| |
| args.file_id_out = mi->mi_le_file_id; |
| args.time_us_out = mi->mi_le_time_us; |
| args.page_out = mi->mi_le_page; |
| args.errno_out = mi->mi_le_errno; |
| args.uid_out = mi->mi_le_uid; |
| |
| mutex_unlock(&mi->mi_le_mutex); |
| if (copy_to_user(args_usr_ptr, &args, sizeof(args)) > 0) |
| error = -EFAULT; |
| |
| return error; |
| } |
| |
| static long pending_reads_dispatch_ioctl(struct file *f, unsigned int req, |
| unsigned long arg) |
| { |
| struct mount_info *mi = get_mount_info(file_superblock(f)); |
| |
| switch (req) { |
| case INCFS_IOC_CREATE_FILE: |
| return ioctl_create_file(f, (void __user *)arg); |
| case INCFS_IOC_PERMIT_FILL: |
| return ioctl_permit_fill(f, (void __user *)arg); |
| case INCFS_IOC_CREATE_MAPPED_FILE: |
| return ioctl_create_mapped_file(f, (void __user *)arg); |
| case INCFS_IOC_GET_READ_TIMEOUTS: |
| return ioctl_get_read_timeouts(mi, (void __user *)arg); |
| case INCFS_IOC_SET_READ_TIMEOUTS: |
| return ioctl_set_read_timeouts(mi, (void __user *)arg); |
| case INCFS_IOC_GET_LAST_READ_ERROR: |
| return ioctl_get_last_read_error(mi, (void __user *)arg); |
| default: |
| return -EINVAL; |
| } |
| } |
| |
| static const struct file_operations incfs_pending_reads_file_ops = { |
| .read = pending_reads_read, |
| .poll = pending_reads_poll, |
| .open = pending_reads_open, |
| .release = pending_reads_release, |
| .llseek = noop_llseek, |
| .unlocked_ioctl = pending_reads_dispatch_ioctl, |
| .compat_ioctl = pending_reads_dispatch_ioctl |
| }; |
| |
| /******************************************************************************* |
| * .log pseudo file definition |
| ******************************************************************************/ |
| #define INCFS_LOG_INODE 3 |
| static const char log_file_name[] = INCFS_LOG_FILENAME; |
| |
| /* State of an open .log file, unique for each file descriptor. */ |
| struct log_file_state { |
| struct read_log_state state; |
| }; |
| |
| static ssize_t log_read(struct file *f, char __user *buf, size_t len, |
| loff_t *ppos) |
| { |
| struct log_file_state *log_state = f->private_data; |
| struct mount_info *mi = get_mount_info(file_superblock(f)); |
| int total_reads_collected = 0; |
| int rl_size; |
| ssize_t result = 0; |
| bool report_uid; |
| unsigned long page = 0; |
| struct incfs_pending_read_info *reads_buf = NULL; |
| struct incfs_pending_read_info2 *reads_buf2 = NULL; |
| size_t record_size; |
| ssize_t reads_to_collect; |
| ssize_t reads_per_page; |
| |
| if (!mi) |
| return -EFAULT; |
| |
| report_uid = mi->mi_options.report_uid; |
| record_size = report_uid ? sizeof(*reads_buf2) : sizeof(*reads_buf); |
| reads_to_collect = len / record_size; |
| reads_per_page = PAGE_SIZE / record_size; |
| |
| rl_size = READ_ONCE(mi->mi_log.rl_size); |
| if (rl_size == 0) |
| return 0; |
| |
| page = __get_free_page(GFP_NOFS); |
| if (!page) |
| return -ENOMEM; |
| |
| if (report_uid) |
| reads_buf2 = (struct incfs_pending_read_info2 *)page; |
| else |
| reads_buf = (struct incfs_pending_read_info *)page; |
| |
| reads_to_collect = min_t(ssize_t, rl_size, reads_to_collect); |
| while (reads_to_collect > 0) { |
| struct read_log_state next_state; |
| int reads_collected; |
| |
| memcpy(&next_state, &log_state->state, sizeof(next_state)); |
| reads_collected = incfs_collect_logged_reads( |
| mi, &next_state, reads_buf, reads_buf2, |
| min_t(ssize_t, reads_to_collect, reads_per_page)); |
| if (reads_collected <= 0) { |
| result = total_reads_collected ? |
| total_reads_collected * record_size : |
| reads_collected; |
| goto out; |
| } |
| if (copy_to_user(buf, (void *)page, |
| reads_collected * record_size)) { |
| result = total_reads_collected ? |
| total_reads_collected * record_size : |
| -EFAULT; |
| goto out; |
| } |
| |
| memcpy(&log_state->state, &next_state, sizeof(next_state)); |
| total_reads_collected += reads_collected; |
| buf += reads_collected * record_size; |
| reads_to_collect -= reads_collected; |
| } |
| |
| result = total_reads_collected * record_size; |
| *ppos = 0; |
| out: |
| free_page(page); |
| return result; |
| } |
| |
| static __poll_t log_poll(struct file *file, poll_table *wait) |
| { |
| struct log_file_state *log_state = file->private_data; |
| struct mount_info *mi = get_mount_info(file_superblock(file)); |
| int count; |
| __poll_t ret = 0; |
| |
| poll_wait(file, &mi->mi_log.ml_notif_wq, wait); |
| count = incfs_get_uncollected_logs_count(mi, &log_state->state); |
| if (count >= mi->mi_options.read_log_wakeup_count) |
| ret = EPOLLIN | EPOLLRDNORM; |
| |
| return ret; |
| } |
| |
| static int log_open(struct inode *inode, struct file *file) |
| { |
| struct log_file_state *log_state = NULL; |
| struct mount_info *mi = get_mount_info(file_superblock(file)); |
| |
| log_state = kzalloc(sizeof(*log_state), GFP_NOFS); |
| if (!log_state) |
| return -ENOMEM; |
| |
| log_state->state = incfs_get_log_state(mi); |
| file->private_data = log_state; |
| return 0; |
| } |
| |
| static int log_release(struct inode *inode, struct file *file) |
| { |
| kfree(file->private_data); |
| return 0; |
| } |
| |
| static const struct file_operations incfs_log_file_ops = { |
| .read = log_read, |
| .poll = log_poll, |
| .open = log_open, |
| .release = log_release, |
| .llseek = noop_llseek, |
| }; |
| |
| /******************************************************************************* |
| * .blocks_written pseudo file definition |
| ******************************************************************************/ |
| #define INCFS_BLOCKS_WRITTEN_INODE 4 |
| static const char blocks_written_file_name[] = INCFS_BLOCKS_WRITTEN_FILENAME; |
| |
| /* State of an open .blocks_written file, unique for each file descriptor. */ |
| struct blocks_written_file_state { |
| unsigned long blocks_written; |
| }; |
| |
| static ssize_t blocks_written_read(struct file *f, char __user *buf, size_t len, |
| loff_t *ppos) |
| { |
| struct mount_info *mi = get_mount_info(file_superblock(f)); |
| struct blocks_written_file_state *state = f->private_data; |
| unsigned long blocks_written; |
| char string[21]; |
| int result = 0; |
| |
| if (!mi) |
| return -EFAULT; |
| |
| blocks_written = atomic_read(&mi->mi_blocks_written); |
| if (state->blocks_written == blocks_written) |
| return 0; |
| |
| result = snprintf(string, sizeof(string), "%lu", blocks_written); |
| if (result > len) |
| result = len; |
| if (copy_to_user(buf, string, result)) |
| return -EFAULT; |
| |
| state->blocks_written = blocks_written; |
| return result; |
| } |
| |
| static __poll_t blocks_written_poll(struct file *f, poll_table *wait) |
| { |
| struct mount_info *mi = get_mount_info(file_superblock(f)); |
| struct blocks_written_file_state *state = f->private_data; |
| unsigned long blocks_written; |
| |
| if (!mi) |
| return 0; |
| |
| poll_wait(f, &mi->mi_blocks_written_notif_wq, wait); |
| blocks_written = atomic_read(&mi->mi_blocks_written); |
| if (state->blocks_written == blocks_written) |
| return 0; |
| |
| return EPOLLIN | EPOLLRDNORM; |
| } |
| |
| static int blocks_written_open(struct inode *inode, struct file *file) |
| { |
| struct blocks_written_file_state *state = |
| kzalloc(sizeof(*state), GFP_NOFS); |
| |
| if (!state) |
| return -ENOMEM; |
| |
| state->blocks_written = -1; |
| file->private_data = state; |
| return 0; |
| } |
| |
| static int blocks_written_release(struct inode *inode, struct file *file) |
| { |
| kfree(file->private_data); |
| return 0; |
| } |
| |
| static const struct file_operations incfs_blocks_written_file_ops = { |
| .read = blocks_written_read, |
| .poll = blocks_written_poll, |
| .open = blocks_written_open, |
| .release = blocks_written_release, |
| .llseek = noop_llseek, |
| }; |
| |
| /******************************************************************************* |
| * Generic inode lookup functionality |
| ******************************************************************************/ |
| |
| const struct mem_range incfs_pseudo_file_names[] = { |
| { .data = (u8 *)pending_reads_file_name, |
| .len = ARRAY_SIZE(pending_reads_file_name) - 1 }, |
| { .data = (u8 *)log_file_name, .len = ARRAY_SIZE(log_file_name) - 1 }, |
| { .data = (u8 *)blocks_written_file_name, |
| .len = ARRAY_SIZE(blocks_written_file_name) - 1 } |
| }; |
| |
| const unsigned long incfs_pseudo_file_inodes[] = { INCFS_PENDING_READS_INODE, |
| INCFS_LOG_INODE, |
| INCFS_BLOCKS_WRITTEN_INODE }; |
| |
| static const struct file_operations *const pseudo_file_operations[] = { |
| &incfs_pending_reads_file_ops, &incfs_log_file_ops, |
| &incfs_blocks_written_file_ops |
| }; |
| |
| static bool is_pseudo_filename(struct mem_range name) |
| { |
| int i = 0; |
| |
| for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i) |
| if (incfs_equal_ranges(incfs_pseudo_file_names[i], name)) |
| return true; |
| return false; |
| } |
| |
| static bool get_pseudo_inode(int ino, struct inode *inode) |
| { |
| int i = 0; |
| |
| for (; i < ARRAY_SIZE(incfs_pseudo_file_inodes); ++i) |
| if (ino == incfs_pseudo_file_inodes[i]) |
| break; |
| if (i == ARRAY_SIZE(incfs_pseudo_file_inodes)) |
| return false; |
| |
| inode->i_ctime = (struct timespec64){}; |
| inode->i_mtime = inode->i_ctime; |
| inode->i_atime = inode->i_ctime; |
| inode->i_size = 0; |
| inode->i_ino = ino; |
| inode->i_private = NULL; |
| inode_init_owner(&init_user_ns, inode, NULL, S_IFREG | READ_WRITE_FILE_MODE); |
| inode->i_op = &incfs_file_inode_ops; |
| inode->i_fop = pseudo_file_operations[i]; |
| return true; |
| } |
| |
| struct inode_search { |
| unsigned long ino; |
| }; |
| |
| static int inode_test(struct inode *inode, void *opaque) |
| { |
| struct inode_search *search = opaque; |
| |
| return inode->i_ino == search->ino; |
| } |
| |
| static int inode_set(struct inode *inode, void *opaque) |
| { |
| struct inode_search *search = opaque; |
| |
| if (get_pseudo_inode(search->ino, inode)) |
| return 0; |
| |
| /* Unknown inode requested. */ |
| return -EINVAL; |
| } |
| |
| static struct inode *fetch_inode(struct super_block *sb, unsigned long ino) |
| { |
| struct inode_search search = { |
| .ino = ino |
| }; |
| struct inode *inode = iget5_locked(sb, search.ino, inode_test, |
| inode_set, &search); |
| |
| if (!inode) |
| return ERR_PTR(-ENOMEM); |
| |
| if (inode->i_state & I_NEW) |
| unlock_new_inode(inode); |
| |
| return inode; |
| } |
| |
| int dir_lookup_pseudo_files(struct super_block *sb, struct dentry *dentry) |
| { |
| struct mem_range name_range = |
| range((u8 *)dentry->d_name.name, dentry->d_name.len); |
| unsigned long ino; |
| struct inode *inode; |
| int i = 0; |
| |
| for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i) |
| if (incfs_equal_ranges(incfs_pseudo_file_names[i], name_range)) |
| break; |
| if (i == ARRAY_SIZE(incfs_pseudo_file_names)) |
| return -ENOENT; |
| |
| ino = incfs_pseudo_file_inodes[i]; |
| |
| inode = fetch_inode(sb, ino); |
| if (IS_ERR(inode)) |
| return PTR_ERR(inode); |
| |
| d_add(dentry, inode); |
| return 0; |
| } |
| |
| int emit_pseudo_files(struct dir_context *ctx) |
| { |
| loff_t i = ctx->pos; |
| |
| for (; i < ARRAY_SIZE(incfs_pseudo_file_names); ++i) { |
| if (!dir_emit(ctx, incfs_pseudo_file_names[i].data, |
| incfs_pseudo_file_names[i].len, |
| incfs_pseudo_file_inodes[i], DT_REG)) |
| return -EINVAL; |
| |
| ctx->pos++; |
| } |
| return 0; |
| } |