1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 2007-2009 Google Inc. and Amit Singh
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are
9 * met:
10 *
11 * * Redistributions of source code must retain the above copyright
12 *   notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above
14 *   copyright notice, this list of conditions and the following disclaimer
15 *   in the documentation and/or other materials provided with the
16 *   distribution.
17 * * Neither the name of Google Inc. nor the names of its
18 *   contributors may be used to endorse or promote products derived from
19 *   this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 *
33 * Copyright (C) 2005 Csaba Henk.
34 * All rights reserved.
35 *
36 * Copyright (c) 2019 The FreeBSD Foundation
37 *
38 * Portions of this software were developed by BFF Storage Systems, LLC under
39 * sponsorship from the FreeBSD Foundation.
40 *
41 * Redistribution and use in source and binary forms, with or without
42 * modification, are permitted provided that the following conditions
43 * are met:
44 * 1. Redistributions of source code must retain the above copyright
45 *    notice, this list of conditions and the following disclaimer.
46 * 2. Redistributions in binary form must reproduce the above copyright
47 *    notice, this list of conditions and the following disclaimer in the
48 *    documentation and/or other materials provided with the distribution.
49 *
50 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
51 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
52 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
53 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
54 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
55 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
56 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
57 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
58 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
59 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 * SUCH DAMAGE.
61 */
62
63#include <sys/types.h>
64#include <sys/systm.h>
65#include <sys/counter.h>
66#include <sys/module.h>
67#include <sys/errno.h>
68#include <sys/param.h>
69#include <sys/kernel.h>
70#include <sys/conf.h>
71#include <sys/uio.h>
72#include <sys/malloc.h>
73#include <sys/queue.h>
74#include <sys/lock.h>
75#include <sys/sx.h>
76#include <sys/mutex.h>
77#include <sys/proc.h>
78#include <sys/vnode.h>
79#include <sys/namei.h>
80#include <sys/mount.h>
81#include <sys/sysctl.h>
82#include <sys/fcntl.h>
83#include <sys/priv.h>
84#include <sys/buf.h>
85#include <security/mac/mac_framework.h>
86#include <vm/vm.h>
87#include <vm/vm_extern.h>
88
89#include "fuse.h"
90#include "fuse_node.h"
91#include "fuse_internal.h"
92#include "fuse_io.h"
93#include "fuse_ipc.h"
94
95SDT_PROVIDER_DECLARE(fusefs);
96/*
97 * Fuse trace probe:
98 * arg0: verbosity.  Higher numbers give more verbose messages
99 * arg1: Textual message
100 */
101SDT_PROBE_DEFINE2(fusefs, , node, trace, "int", "char*");
102
103MALLOC_DEFINE(M_FUSEVN, "fuse_vnode", "fuse vnode private data");
104
105static int sysctl_fuse_cache_mode(SYSCTL_HANDLER_ARGS);
106
107static counter_u64_t fuse_node_count;
108
109SYSCTL_COUNTER_U64(_vfs_fusefs_stats, OID_AUTO, node_count, CTLFLAG_RD,
110    &fuse_node_count, "Count of FUSE vnodes");
111
112int	fuse_data_cache_mode = FUSE_CACHE_WT;
113
114/*
115 * OBSOLETE
116 * This sysctl is no longer needed as of fuse protocol 7.23.  Now, individual
117 * servers can select the cache behavior they need for each mountpoint:
118 * - writethrough: the default
119 * - writeback: set FUSE_WRITEBACK_CACHE in fuse_init_out.flags
120 * - uncached: set FOPEN_DIRECT_IO for every file
121 * The sysctl is retained primarily due to the enduring popularity of libfuse2,
122 * which is frozen at protocol version 7.19.  As of 4-April-2024, 90% of
123 * FreeBSD ports that use libfuse still bind to libfuse2.
124 */
125SYSCTL_PROC(_vfs_fusefs, OID_AUTO, data_cache_mode,
126    CTLTYPE_INT | CTLFLAG_MPSAFE | CTLFLAG_RW,
127    &fuse_data_cache_mode, 0, sysctl_fuse_cache_mode, "I",
128    "Zero: disable caching of FUSE file data; One: write-through caching "
129    "(default); Two: write-back caching (generally unsafe)");
130
131static int
132sysctl_fuse_cache_mode(SYSCTL_HANDLER_ARGS)
133{
134	int val, error;
135
136	val = *(int *)arg1;
137	error = sysctl_handle_int(oidp, &val, 0, req);
138	if (error || !req->newptr)
139		return (error);
140
141	switch (val) {
142	case FUSE_CACHE_UC:
143	case FUSE_CACHE_WT:
144	case FUSE_CACHE_WB:
145		*(int *)arg1 = val;
146		break;
147	default:
148		return (EDOM);
149	}
150	return (0);
151}
152
153static void
154fuse_vnode_init(struct vnode *vp, struct fuse_vnode_data *fvdat,
155    uint64_t nodeid, __enum_uint8(vtype) vtyp)
156{
157	fvdat->nid = nodeid;
158	LIST_INIT(&fvdat->handles);
159
160	vattr_null(&fvdat->cached_attrs);
161	fvdat->cached_attrs.va_birthtime.tv_sec = -1;
162	fvdat->cached_attrs.va_birthtime.tv_nsec = 0;
163	fvdat->cached_attrs.va_fsid = VNOVAL;
164	fvdat->cached_attrs.va_gen = 0;
165	fvdat->cached_attrs.va_rdev = NODEV;
166
167	if (nodeid == FUSE_ROOT_ID) {
168		vp->v_vflag |= VV_ROOT;
169	}
170	vp->v_type = vtyp;
171	vp->v_data = fvdat;
172	cluster_init_vn(&fvdat->clusterw);
173	timespecclear(&fvdat->last_local_modify);
174
175	counter_u64_add(fuse_node_count, 1);
176}
177
178void
179fuse_vnode_destroy(struct vnode *vp)
180{
181	struct fuse_vnode_data *fvdat = vp->v_data;
182
183	vp->v_data = NULL;
184	KASSERT(LIST_EMPTY(&fvdat->handles),
185		("Destroying fuse vnode with open files!"));
186	free(fvdat, M_FUSEVN);
187
188	counter_u64_add(fuse_node_count, -1);
189}
190
191int
192fuse_vnode_cmp(struct vnode *vp, void *nidp)
193{
194	return (VTOI(vp) != *((uint64_t *)nidp));
195}
196
197SDT_PROBE_DEFINE3(fusefs, , node, stale_vnode, "struct vnode*", "uint8_t",
198		"uint64_t");
199static int
200fuse_vnode_alloc(struct mount *mp,
201    struct thread *td,
202    uint64_t nodeid,
203    __enum_uint8(vtype) vtyp,
204    struct vnode **vpp)
205{
206	struct fuse_data *data;
207	struct fuse_vnode_data *fvdat;
208	struct vnode *vp2;
209	int err = 0;
210
211	data = fuse_get_mpdata(mp);
212	if (vtyp == VNON) {
213		return EINVAL;
214	}
215	*vpp = NULL;
216	err = vfs_hash_get(mp, fuse_vnode_hash(nodeid), LK_EXCLUSIVE, td, vpp,
217	    fuse_vnode_cmp, &nodeid);
218	if (err)
219		return (err);
220
221	if (*vpp) {
222		if ((*vpp)->v_type == vtyp) {
223			/* Reuse a vnode that hasn't yet been reclaimed */
224			MPASS((*vpp)->v_data != NULL);
225			MPASS(VTOFUD(*vpp)->nid == nodeid);
226			SDT_PROBE2(fusefs, , node, trace, 1,
227				"vnode taken from hash");
228			return (0);
229		} else {
230			/*
231			 * The inode changed types!  If we get here, we can't
232			 * tell whether the inode's entry cache had expired
233			 * yet.  So this could be the result of a buggy server,
234			 * but more likely the server just reused an inode
235			 * number following an entry cache expiration.
236			 */
237			SDT_PROBE3(fusefs, , node, stale_vnode, *vpp, vtyp,
238				nodeid);
239			fuse_internal_vnode_disappear(*vpp);
240			vgone(*vpp);
241			lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL);
242		}
243	}
244	fvdat = malloc(sizeof(*fvdat), M_FUSEVN, M_WAITOK | M_ZERO);
245	switch (vtyp) {
246	case VFIFO:
247		err = getnewvnode("fuse", mp, &fuse_fifoops, vpp);
248		break;
249	default:
250		err = getnewvnode("fuse", mp, &fuse_vnops, vpp);
251		break;
252	}
253	if (err) {
254		free(fvdat, M_FUSEVN);
255		return (err);
256	}
257	lockmgr((*vpp)->v_vnlock, LK_EXCLUSIVE, NULL);
258	fuse_vnode_init(*vpp, fvdat, nodeid, vtyp);
259	err = insmntque(*vpp, mp);
260	ASSERT_VOP_ELOCKED(*vpp, "fuse_vnode_alloc");
261	if (err) {
262		lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL);
263		free(fvdat, M_FUSEVN);
264		*vpp = NULL;
265		return (err);
266	}
267	/* Disallow async reads for fifos because UFS does.  I don't know why */
268	if (data->dataflags & FSESS_ASYNC_READ && vtyp != VFIFO)
269		VN_LOCK_ASHARE(*vpp);
270
271	vn_set_state(*vpp, VSTATE_CONSTRUCTED);
272	err = vfs_hash_insert(*vpp, fuse_vnode_hash(nodeid), LK_EXCLUSIVE,
273	    td, &vp2, fuse_vnode_cmp, &nodeid);
274	if (err) {
275		lockmgr((*vpp)->v_vnlock, LK_RELEASE, NULL);
276		free(fvdat, M_FUSEVN);
277		*vpp = NULL;
278		return (err);
279	}
280	if (vp2 != NULL) {
281		*vpp = vp2;
282		return (0);
283	}
284
285	ASSERT_VOP_ELOCKED(*vpp, "fuse_vnode_alloc");
286
287	return (0);
288}
289
290int
291fuse_vnode_get(struct mount *mp,
292    struct fuse_entry_out *feo,
293    uint64_t nodeid,
294    struct vnode *dvp,
295    struct vnode **vpp,
296    struct componentname *cnp,
297    __enum_uint8(vtype) vtyp)
298{
299	struct thread *td = curthread;
300	/*
301	 * feo should only be NULL for the root directory, which (when libfuse
302	 * is used) always has generation 0
303	 */
304	uint64_t generation = feo ? feo->generation : 0;
305	int err = 0;
306
307	if (dvp != NULL && VTOFUD(dvp)->nid == nodeid) {
308		fuse_warn(fuse_get_mpdata(mp), FSESS_WARN_ILLEGAL_INODE,
309			"Assigned same inode to both parent and child.");
310		return EIO;
311	}
312
313	err = fuse_vnode_alloc(mp, td, nodeid, vtyp, vpp);
314	if (err) {
315		return err;
316	}
317	if (dvp != NULL) {
318		MPASS(cnp && (cnp->cn_flags & ISDOTDOT) == 0);
319		MPASS(cnp &&
320			!(cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.'));
321		fuse_vnode_setparent(*vpp, dvp);
322	}
323	if (dvp != NULL && cnp != NULL && (cnp->cn_flags & MAKEENTRY) != 0 &&
324	    feo != NULL &&
325	    (feo->entry_valid != 0 || feo->entry_valid_nsec != 0)) {
326		struct timespec timeout;
327
328		ASSERT_VOP_LOCKED(*vpp, "fuse_vnode_get");
329		ASSERT_VOP_LOCKED(dvp, "fuse_vnode_get");
330
331		fuse_validity_2_timespec(feo, &timeout);
332		cache_enter_time(dvp, *vpp, cnp, &timeout, NULL);
333	}
334
335	VTOFUD(*vpp)->generation = generation;
336	/*
337	 * In userland, libfuse uses cached lookups for dot and dotdot entries,
338	 * thus it does not really bump the nlookup counter for forget.
339	 * Follow the same semantic and avoid the bump in order to keep
340	 * nlookup counters consistent.
341	 */
342	if (cnp == NULL || ((cnp->cn_flags & ISDOTDOT) == 0 &&
343	    (cnp->cn_namelen != 1 || cnp->cn_nameptr[0] != '.')))
344		VTOFUD(*vpp)->nlookup++;
345
346	return 0;
347}
348
349/*
350 * Called for every fusefs vnode open to initialize the vnode (not
351 * fuse_filehandle) for use
352 */
353void
354fuse_vnode_open(struct vnode *vp, int32_t fuse_open_flags, struct thread *td)
355{
356	if (vnode_vtype(vp) == VREG)
357		vnode_create_vobject(vp, VNODE_NO_SIZE, td);
358}
359
360int
361fuse_vnode_savesize(struct vnode *vp, struct ucred *cred, pid_t pid)
362{
363	struct fuse_vnode_data *fvdat = VTOFUD(vp);
364	struct thread *td = curthread;
365	struct fuse_filehandle *fufh = NULL;
366	struct fuse_dispatcher fdi;
367	struct fuse_setattr_in *fsai;
368	int err = 0;
369
370	ASSERT_VOP_ELOCKED(vp, "fuse_io_extend");
371
372	if (fuse_isdeadfs(vp)) {
373		return EBADF;
374	}
375	if (vnode_vtype(vp) == VDIR) {
376		return EISDIR;
377	}
378	if (vfs_isrdonly(vnode_mount(vp))) {
379		return EROFS;
380	}
381	if (cred == NULL) {
382		cred = td->td_ucred;
383	}
384	fdisp_init(&fdi, sizeof(*fsai));
385	fdisp_make_vp(&fdi, FUSE_SETATTR, vp, td, cred);
386	fsai = fdi.indata;
387	fsai->valid = 0;
388
389	/* Truncate to a new value. */
390	MPASS((fvdat->flag & FN_SIZECHANGE) != 0);
391	fsai->size = fvdat->cached_attrs.va_size;
392	fsai->valid |= FATTR_SIZE;
393
394	fuse_filehandle_getrw(vp, FWRITE, &fufh, cred, pid);
395	if (fufh) {
396		fsai->fh = fufh->fh_id;
397		fsai->valid |= FATTR_FH;
398	}
399	err = fdisp_wait_answ(&fdi);
400	fdisp_destroy(&fdi);
401	if (err == 0) {
402		getnanouptime(&fvdat->last_local_modify);
403		fvdat->flag &= ~FN_SIZECHANGE;
404	}
405
406	return err;
407}
408
409/*
410 * Adjust the vnode's size to a new value.
411 *
412 * If the new value came from the server, such as from a FUSE_GETATTR
413 * operation, set `from_server` true.  But if it came from a local operation,
414 * such as write(2) or truncate(2), set `from_server` false.
415 */
416int
417fuse_vnode_setsize(struct vnode *vp, off_t newsize, bool from_server)
418{
419	struct fuse_vnode_data *fvdat = VTOFUD(vp);
420	struct vattr *attrs;
421	off_t oldsize;
422	size_t iosize;
423	struct buf *bp = NULL;
424	int err = 0;
425
426	ASSERT_VOP_ELOCKED(vp, "fuse_vnode_setsize");
427
428	iosize = fuse_iosize(vp);
429	oldsize = fvdat->cached_attrs.va_size;
430	fvdat->cached_attrs.va_size = newsize;
431	if ((attrs = VTOVA(vp)) != NULL)
432		attrs->va_size = newsize;
433
434	if (newsize < oldsize) {
435		daddr_t lbn;
436
437		err = vtruncbuf(vp, newsize, fuse_iosize(vp));
438		if (err)
439			goto out;
440		if (newsize % iosize == 0)
441			goto out;
442		/*
443		 * Zero the contents of the last partial block.
444		 * Sure seems like vtruncbuf should do this for us.
445		 */
446
447		lbn = newsize / iosize;
448		bp = getblk(vp, lbn, iosize, PCATCH, 0, 0);
449		if (!bp) {
450			err = EINTR;
451			goto out;
452		}
453		if (!(bp->b_flags & B_CACHE))
454			goto out;	/* Nothing to do */
455		MPASS(bp->b_flags & B_VMIO);
456		vfs_bio_clrbuf(bp);
457		bp->b_dirtyend = MIN(bp->b_dirtyend, newsize - lbn * iosize);
458	} else if (from_server && newsize > oldsize && oldsize != VNOVAL) {
459		/*
460		 * The FUSE server changed the file size behind our back.  We
461		 * should invalidate the entire cache.
462		 */
463		daddr_t end_lbn;
464
465		end_lbn = howmany(newsize, iosize);
466		v_inval_buf_range(vp, 0, end_lbn, iosize);
467	}
468out:
469	if (bp)
470		brelse(bp);
471	vnode_pager_setsize(vp, newsize);
472	return err;
473}
474
475/* Get the current, possibly dirty, size of the file */
476int
477fuse_vnode_size(struct vnode *vp, off_t *filesize, struct ucred *cred,
478	struct thread *td)
479{
480	struct fuse_vnode_data *fvdat = VTOFUD(vp);
481	int error = 0;
482
483	if (!(fvdat->flag & FN_SIZECHANGE) &&
484		(!fuse_vnode_attr_cache_valid(vp) ||
485		  fvdat->cached_attrs.va_size == VNOVAL))
486		error = fuse_internal_do_getattr(vp, NULL, cred, td);
487
488	if (!error)
489		*filesize = fvdat->cached_attrs.va_size;
490
491	return error;
492}
493
494void
495fuse_vnode_undirty_cached_timestamps(struct vnode *vp, bool atime)
496{
497	struct fuse_vnode_data *fvdat = VTOFUD(vp);
498
499	fvdat->flag &= ~(FN_MTIMECHANGE | FN_CTIMECHANGE);
500	if (atime)
501		fvdat->flag &= ~FN_ATIMECHANGE;
502}
503
504/* Update a fuse file's cached timestamps */
505void
506fuse_vnode_update(struct vnode *vp, int flags)
507{
508	struct fuse_vnode_data *fvdat = VTOFUD(vp);
509	struct mount *mp = vnode_mount(vp);
510	struct fuse_data *data = fuse_get_mpdata(mp);
511	struct timespec ts;
512
513	vfs_timestamp(&ts);
514
515	if (data->time_gran > 1)
516		ts.tv_nsec = rounddown(ts.tv_nsec, data->time_gran);
517
518	if (mp->mnt_flag & MNT_NOATIME)
519		flags &= ~FN_ATIMECHANGE;
520
521	if (flags & FN_ATIMECHANGE)
522		fvdat->cached_attrs.va_atime = ts;
523	if (flags & FN_MTIMECHANGE)
524		fvdat->cached_attrs.va_mtime = ts;
525	if (flags & FN_CTIMECHANGE)
526		fvdat->cached_attrs.va_ctime = ts;
527
528	fvdat->flag |= flags;
529}
530
531void
532fuse_node_init(void)
533{
534	fuse_node_count = counter_u64_alloc(M_WAITOK);
535}
536
537void
538fuse_node_destroy(void)
539{
540	counter_u64_free(fuse_node_count);
541}
542