1/*- 2 * SPDX-License-Identifier: BSD-3-Clause 3 * 4 * Copyright (c) 2007-2009 Google Inc. and Amit Singh 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions are 9 * met: 10 * 11 * * Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * * Redistributions in binary form must reproduce the above 14 * copyright notice, this list of conditions and the following disclaimer 15 * in the documentation and/or other materials provided with the 16 * distribution. 17 * * Neither the name of Google Inc. nor the names of its 18 * contributors may be used to endorse or promote products derived from 19 * this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * 33 * Copyright (C) 2005 Csaba Henk. 34 * All rights reserved. 35 * 36 * Copyright (c) 2019 The FreeBSD Foundation 37 * 38 * Portions of this software were developed by BFF Storage Systems, LLC under 39 * sponsorship from the FreeBSD Foundation. 40 * 41 * Redistribution and use in source and binary forms, with or without 42 * modification, are permitted provided that the following conditions 43 * are met: 44 * 1. Redistributions of source code must retain the above copyright 45 * notice, this list of conditions and the following disclaimer. 46 * 2. Redistributions in binary form must reproduce the above copyright 47 * notice, this list of conditions and the following disclaimer in the 48 * documentation and/or other materials provided with the distribution. 49 * 50 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND 51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 53 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 60 * SUCH DAMAGE. 61 */ 62 63#include <sys/types.h> 64#include <sys/systm.h> 65#include <sys/counter.h> 66#include <sys/module.h> 67#include <sys/errno.h> 68#include <sys/param.h> 69#include <sys/kernel.h> 70#include <sys/conf.h> 71#include <sys/uio.h> 72#include <sys/malloc.h> 73#include <sys/queue.h> 74#include <sys/lock.h> 75#include <sys/sx.h> 76#include <sys/mutex.h> 77#include <sys/proc.h> 78#include <sys/vnode.h> 79#include <sys/namei.h> 80#include <sys/mount.h> 81#include <sys/sysctl.h> 82#include <sys/fcntl.h> 83#include <sys/priv.h> 84#include <sys/buf.h> 85#include <security/mac/mac_framework.h> 86#include <vm/vm.h> 87#include <vm/vm_extern.h> 88 89#include "fuse.h" 90#include "fuse_node.h" 91#include "fuse_internal.h" 92#include "fuse_io.h" 93#include "fuse_ipc.h" 94 95SDT_PROVIDER_DECLARE(fusefs); 96/* 97 * Fuse trace probe: 98 * arg0: verbosity. Higher numbers give more verbose messages 99 * arg1: Textual message 100 */ 101SDT_PROBE_DEFINE2(fusefs, , node, trace, "int", "char*"); 102 103MALLOC_DEFINE(M_FUSEVN, "fuse_vnode", "fuse vnode private data"); 104 105static int sysctl_fuse_cache_mode(SYSCTL_HANDLER_ARGS); 106 107static counter_u64_t fuse_node_count; 108 109SYSCTL_COUNTER_U64(_vfs_fusefs_stats, OID_AUTO, node_count, CTLFLAG_RD, 110 &fuse_node_count, "Count of FUSE vnodes"); 111 112int fuse_data_cache_mode = FUSE_CACHE_WT; 113 114/* 115 * OBSOLETE 116 * This sysctl is no longer needed as of fuse protocol 7.23. Now, individual 117 * servers can select the cache behavior they need for each mountpoint: 118 * - writethrough: the default 119 * - writeback: set FUSE_WRITEBACK_CACHE in fuse_init_out.flags 120 * - uncached: set FOPEN_DIRECT_IO for every file 121 * The sysctl is retained primarily due to the enduring popularity of libfuse2, 122 * which is frozen at protocol version 7.19. As of 4-April-2024, 90% of 123 * FreeBSD ports that use libfuse still bind to libfuse2. 124 */ 125SYSCTL_PROC(_vfs_fusefs, OID_AUTO, data_cache_mode, 126 CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RW, 127 &fuse_data_cache_mode, 0, sysctl_fuse_cache_mode, "I", 128 "Zero: disable caching of FUSE file data; One: write-through caching " 129 "(default); Two: write-back caching (generally unsafe)"); 130 131static int 132sysctl_fuse_cache_mode(SYSCTL_HANDLER_ARGS) 133{ 134 int val, error; 135 136 val = *(int *)arg1; 137 error = sysctl_handle_int(oidp, &val, 0, req); 138 if (error || !req->newptr) 139 return (error); 140 141 switch (val) { 142 case FUSE_CACHE_UC: 143 case FUSE_CACHE_WT: 144 case FUSE_CACHE_WB: 145 *(int *)arg1 = val; 146 break; 147 default: 148 return (EDOM); 149 } 150 return (0); 151} 152 153static void 154fuse_vnode_init(struct vnode *vp, struct fuse_vnode_data *fvdat, 155 uint64_t nodeid, __enum_uint8(vtype) vtyp) 156{ 157 fvdat->nid = nodeid; 158 LIST_INIT(&fvdat->handles); 159 160 vattr_null(&fvdat->cached_attrs); 161 fvdat->cached_attrs.va_birthtime.tv_sec = -1; 162 fvdat->cached_attrs.va_birthtime.tv_nsec = 0; 163 fvdat->cached_attrs.va_fsid = VNOVAL; 164 fvdat->cached_attrs.va_gen = 0; 165 fvdat->cached_attrs.va_rdev = NODEV; 166 167 if (nodeid == FUSE_ROOT_ID) { 168 vp->v_vflag |= VV_ROOT; 169 } 170 vp->v_type = vtyp; 171 vp->v_data = fvdat; 172 cluster_init_vn(&fvdat->clusterw); 173 timespecclear(&fvdat->last_local_modify); 174 175 counter_u64_add(fuse_node_count, 1); 176} 177 178void 179fuse_vnode_destroy(struct vnode *vp) 180{ 181 struct fuse_vnode_data *fvdat = vp->v_data; 182 183 vp->v_data = NULL; 184 KASSERT(LIST_EMPTY(&fvdat->handles), 185 ("Destroying fuse vnode with open files!")); 186 free(fvdat, M_FUSEVN); 187 188 counter_u64_add(fuse_node_count, -1); 189} 190 191int 192fuse_vnode_cmp(struct vnode *vp, void *nidp) 193{ 194 return (VTOI(vp) != *((uint64_t *)nidp)); 195} 196 197SDT_PROBE_DEFINE3(fusefs, , node, stale_vnode, "struct vnode*", "uint8_t", 198 "uint64_t"); 199static int 200fuse_vnode_alloc(struct mount *mp, 201 struct thread *td, 202 uint64_t nodeid, 203 __enum_uint8(vtype) vtyp, 204 struct vnode **vpp) 205{ 206 struct fuse_data *data; 207 struct fuse_vnode_data *fvdat; 208 struct vnode *vp2; 209 int err = 0; 210 211 data = fuse_get_mpdata(mp); 212 if (vtyp == VNON) { 213 return EINVAL; 214 } 215 *vpp = NULL; 216 err = vfs_hash_get(mp, fuse_vnode_hash(nodeid), LK_EXCLUSIVE, td, vpp, 217 fuse_vnode_cmp, &nodeid); 218 if (err) 219 return (err); 220 221 if (*vpp) { 222 if ((*vpp)->v_type == vtyp) { 223 /* Reuse a vnode that hasn't yet been reclaimed */ 224 MPASS((*vpp)->v_data != NULL); 225 MPASS(VTOFUD(*vpp)->nid == nodeid); 226 SDT_PROBE2(fusefs, , node, trace, 1, 227 "vnode taken from hash"); 228 return (0); 229 } else { 230 /* 231 * The inode changed types! If we get here, we can't 232 * tell whether the inode's entry cache had expired 233 * yet. So this could be the result of a buggy server, 234 * but more likely the server just reused an inode 235 * number following an entry cache expiration. 236 */ 237 SDT_PROBE3(fusefs, , node, stale_vnode, *vpp, vtyp, 238 nodeid); 239 fuse_internal_vnode_disappear(*vpp); 240 vgone(*vpp); 241 lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL); 242 } 243 } 244 fvdat = malloc(sizeof(*fvdat), M_FUSEVN, M_WAITOK | M_ZERO); 245 switch (vtyp) { 246 case VFIFO: 247 err = getnewvnode("fuse", mp, &fuse_fifoops, vpp); 248 break; 249 default: 250 err = getnewvnode("fuse", mp, &fuse_vnops, vpp); 251 break; 252 } 253 if (err) { 254 free(fvdat, M_FUSEVN); 255 return (err); 256 } 257 lockmgr((*vpp)->v_vnlock, LK_EXCLUSIVE, NULL); 258 fuse_vnode_init(*vpp, fvdat, nodeid, vtyp); 259 err = insmntque(*vpp, mp); 260 ASSERT_VOP_ELOCKED(*vpp, "fuse_vnode_alloc"); 261 if (err) { 262 lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL); 263 free(fvdat, M_FUSEVN); 264 *vpp = NULL; 265 return (err); 266 } 267 /* Disallow async reads for fifos because UFS does. I don't know why */ 268 if (data->dataflags & FSESS_ASYNC_READ && vtyp != VFIFO) 269 VN_LOCK_ASHARE(*vpp); 270 271 vn_set_state(*vpp, VSTATE_CONSTRUCTED); 272 err = vfs_hash_insert(*vpp, fuse_vnode_hash(nodeid), LK_EXCLUSIVE, 273 td, &vp2, fuse_vnode_cmp, &nodeid); 274 if (err) { 275 lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL); 276 free(fvdat, M_FUSEVN); 277 *vpp = NULL; 278 return (err); 279 } 280 if (vp2 != NULL) { 281 *vpp = vp2; 282 return (0); 283 } 284 285 ASSERT_VOP_ELOCKED(*vpp, "fuse_vnode_alloc"); 286 287 return (0); 288} 289 290int 291fuse_vnode_get(struct mount *mp, 292 struct fuse_entry_out *feo, 293 uint64_t nodeid, 294 struct vnode *dvp, 295 struct vnode **vpp, 296 struct componentname *cnp, 297 __enum_uint8(vtype) vtyp) 298{ 299 struct thread *td = curthread; 300 /* 301 * feo should only be NULL for the root directory, which (when libfuse 302 * is used) always has generation 0 303 */ 304 uint64_t generation = feo ? feo->generation : 0; 305 int err = 0; 306 307 if (dvp != NULL && VTOFUD(dvp)->nid == nodeid) { 308 fuse_warn(fuse_get_mpdata(mp), FSESS_WARN_ILLEGAL_INODE, 309 "Assigned same inode to both parent and child."); 310 return EIO; 311 } 312 313 err = fuse_vnode_alloc(mp, td, nodeid, vtyp, vpp); 314 if (err) { 315 return err; 316 } 317 if (dvp != NULL) { 318 MPASS(cnp && (cnp->cn_flags & ISDOTDOT) == 0); 319 MPASS(cnp && 320 !(cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.')); 321 fuse_vnode_setparent(*vpp, dvp); 322 } 323 if (dvp != NULL && cnp != NULL && (cnp->cn_flags & MAKEENTRY) != 0 && 324 feo != NULL && 325 (feo->entry_valid != 0 || feo->entry_valid_nsec != 0)) { 326 struct timespec timeout; 327 328 ASSERT_VOP_LOCKED(*vpp, "fuse_vnode_get"); 329 ASSERT_VOP_LOCKED(dvp, "fuse_vnode_get"); 330 331 fuse_validity_2_timespec(feo, &timeout); 332 cache_enter_time(dvp, *vpp, cnp, &timeout, NULL); 333 } 334 335 VTOFUD(*vpp)->generation = generation; 336 /* 337 * In userland, libfuse uses cached lookups for dot and dotdot entries, 338 * thus it does not really bump the nlookup counter for forget. 339 * Follow the same semantic and avoid the bump in order to keep 340 * nlookup counters consistent. 341 */ 342 if (cnp == NULL || ((cnp->cn_flags & ISDOTDOT) == 0 && 343 (cnp->cn_namelen != 1 || cnp->cn_nameptr[0] != '.'))) 344 VTOFUD(*vpp)->nlookup++; 345 346 return 0; 347} 348 349/* 350 * Called for every fusefs vnode open to initialize the vnode (not 351 * fuse_filehandle) for use 352 */ 353void 354fuse_vnode_open(struct vnode *vp, int32_t fuse_open_flags, struct thread *td) 355{ 356 if (vnode_vtype(vp) == VREG) 357 vnode_create_vobject(vp, VNODE_NO_SIZE, td); 358} 359 360int 361fuse_vnode_savesize(struct vnode *vp, struct ucred *cred, pid_t pid) 362{ 363 struct fuse_vnode_data *fvdat = VTOFUD(vp); 364 struct thread *td = curthread; 365 struct fuse_filehandle *fufh = NULL; 366 struct fuse_dispatcher fdi; 367 struct fuse_setattr_in *fsai; 368 int err = 0; 369 370 ASSERT_VOP_ELOCKED(vp, "fuse_io_extend"); 371 372 if (fuse_isdeadfs(vp)) { 373 return EBADF; 374 } 375 if (vnode_vtype(vp) == VDIR) { 376 return EISDIR; 377 } 378 if (vfs_isrdonly(vnode_mount(vp))) { 379 return EROFS; 380 } 381 if (cred == NULL) { 382 cred = td->td_ucred; 383 } 384 fdisp_init(&fdi, sizeof(*fsai)); 385 fdisp_make_vp(&fdi, FUSE_SETATTR, vp, td, cred); 386 fsai = fdi.indata; 387 fsai->valid = 0; 388 389 /* Truncate to a new value. */ 390 MPASS((fvdat->flag & FN_SIZECHANGE) != 0); 391 fsai->size = fvdat->cached_attrs.va_size; 392 fsai->valid |= FATTR_SIZE; 393 394 fuse_filehandle_getrw(vp, FWRITE, &fufh, cred, pid); 395 if (fufh) { 396 fsai->fh = fufh->fh_id; 397 fsai->valid |= FATTR_FH; 398 } 399 err = fdisp_wait_answ(&fdi); 400 fdisp_destroy(&fdi); 401 if (err == 0) { 402 getnanouptime(&fvdat->last_local_modify); 403 fvdat->flag &= ~FN_SIZECHANGE; 404 } 405 406 return err; 407} 408 409/* 410 * Adjust the vnode's size to a new value. 411 * 412 * If the new value came from the server, such as from a FUSE_GETATTR 413 * operation, set `from_server` true. But if it came from a local operation, 414 * such as write(2) or truncate(2), set `from_server` false. 415 */ 416int 417fuse_vnode_setsize(struct vnode *vp, off_t newsize, bool from_server) 418{ 419 struct fuse_vnode_data *fvdat = VTOFUD(vp); 420 struct vattr *attrs; 421 off_t oldsize; 422 size_t iosize; 423 struct buf *bp = NULL; 424 int err = 0; 425 426 ASSERT_VOP_ELOCKED(vp, "fuse_vnode_setsize"); 427 428 iosize = fuse_iosize(vp); 429 oldsize = fvdat->cached_attrs.va_size; 430 fvdat->cached_attrs.va_size = newsize; 431 if ((attrs = VTOVA(vp)) != NULL) 432 attrs->va_size = newsize; 433 434 if (newsize < oldsize) { 435 daddr_t lbn; 436 437 err = vtruncbuf(vp, newsize, fuse_iosize(vp)); 438 if (err) 439 goto out; 440 if (newsize % iosize == 0) 441 goto out; 442 /* 443 * Zero the contents of the last partial block. 444 * Sure seems like vtruncbuf should do this for us. 445 */ 446 447 lbn = newsize / iosize; 448 bp = getblk(vp, lbn, iosize, PCATCH, 0, 0); 449 if (!bp) { 450 err = EINTR; 451 goto out; 452 } 453 if (!(bp->b_flags & B_CACHE)) 454 goto out; /* Nothing to do */ 455 MPASS(bp->b_flags & B_VMIO); 456 vfs_bio_clrbuf(bp); 457 bp->b_dirtyend = MIN(bp->b_dirtyend, newsize - lbn * iosize); 458 } else if (from_server && newsize > oldsize && oldsize != VNOVAL) { 459 /* 460 * The FUSE server changed the file size behind our back. We 461 * should invalidate the entire cache. 462 */ 463 daddr_t end_lbn; 464 465 end_lbn = howmany(newsize, iosize); 466 v_inval_buf_range(vp, 0, end_lbn, iosize); 467 } 468out: 469 if (bp) 470 brelse(bp); 471 vnode_pager_setsize(vp, newsize); 472 return err; 473} 474 475/* Get the current, possibly dirty, size of the file */ 476int 477fuse_vnode_size(struct vnode *vp, off_t *filesize, struct ucred *cred, 478 struct thread *td) 479{ 480 struct fuse_vnode_data *fvdat = VTOFUD(vp); 481 int error = 0; 482 483 if (!(fvdat->flag & FN_SIZECHANGE) && 484 (!fuse_vnode_attr_cache_valid(vp) || 485 fvdat->cached_attrs.va_size == VNOVAL)) 486 error = fuse_internal_do_getattr(vp, NULL, cred, td); 487 488 if (!error) 489 *filesize = fvdat->cached_attrs.va_size; 490 491 return error; 492} 493 494void 495fuse_vnode_undirty_cached_timestamps(struct vnode *vp, bool atime) 496{ 497 struct fuse_vnode_data *fvdat = VTOFUD(vp); 498 499 fvdat->flag &= ~(FN_MTIMECHANGE | FN_CTIMECHANGE); 500 if (atime) 501 fvdat->flag &= ~FN_ATIMECHANGE; 502} 503 504/* Update a fuse file's cached timestamps */ 505void 506fuse_vnode_update(struct vnode *vp, int flags) 507{ 508 struct fuse_vnode_data *fvdat = VTOFUD(vp); 509 struct mount *mp = vnode_mount(vp); 510 struct fuse_data *data = fuse_get_mpdata(mp); 511 struct timespec ts; 512 513 vfs_timestamp(&ts); 514 515 if (data->time_gran > 1) 516 ts.tv_nsec = rounddown(ts.tv_nsec, data->time_gran); 517 518 if (mp->mnt_flag & MNT_NOATIME) 519 flags &= ~FN_ATIMECHANGE; 520 521 if (flags & FN_ATIMECHANGE) 522 fvdat->cached_attrs.va_atime = ts; 523 if (flags & FN_MTIMECHANGE) 524 fvdat->cached_attrs.va_mtime = ts; 525 if (flags & FN_CTIMECHANGE) 526 fvdat->cached_attrs.va_ctime = ts; 527 528 fvdat->flag |= flags; 529} 530 531void 532fuse_node_init(void) 533{ 534 fuse_node_count = counter_u64_alloc(M_WAITOK); 535} 536 537void 538fuse_node_destroy(void) 539{ 540 counter_u64_free(fuse_node_count); 541} 542