tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
fuse: move ioctl to separate source file
Next patch will expand ioctl code and fuse/file.c is large enough as it is.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+394
-381
+1
-1
fs/fuse/Makefile
+1
-1
fs/fuse/Makefile
···
7
7
obj-$(CONFIG_CUSE) += cuse.o
8
8
obj-$(CONFIG_VIRTIO_FS) += virtiofs.o
9
9
10
-
fuse-y := dev.o dir.o file.o inode.o control.o xattr.o acl.o readdir.o
10
+
fuse-y := dev.o dir.o file.o inode.o control.o xattr.o acl.o readdir.o ioctl.o
11
11
fuse-$(CONFIG_FUSE_DAX) += dax.o
12
12
13
13
virtiofs-y := virtio_fs.o
-380
fs/fuse/file.c
-380
fs/fuse/file.c
···
14
14
#include <linux/sched.h>
15
15
#include <linux/sched/signal.h>
16
16
#include <linux/module.h>
17
-
#include <linux/compat.h>
18
17
#include <linux/swap.h>
19
18
#include <linux/falloc.h>
20
19
#include <linux/uio.h>
21
20
#include <linux/fs.h>
22
-
23
-
static struct page **fuse_pages_alloc(unsigned int npages, gfp_t flags,
24
-
struct fuse_page_desc **desc)
25
-
{
26
-
struct page **pages;
27
-
28
-
pages = kzalloc(npages * (sizeof(struct page *) +
29
-
sizeof(struct fuse_page_desc)), flags);
30
-
*desc = (void *) (pages + npages);
31
-
32
-
return pages;
33
-
}
34
21
35
22
static int fuse_send_open(struct fuse_mount *fm, u64 nodeid, struct file *file,
36
23
int opcode, struct fuse_open_out *outargp)
···
1333
1346
return written ? written : err;
1334
1347
}
1335
1348
1336
-
static inline void fuse_page_descs_length_init(struct fuse_page_desc *descs,
1337
-
unsigned int index,
1338
-
unsigned int nr_pages)
1339
-
{
1340
-
int i;
1341
-
1342
-
for (i = index; i < index + nr_pages; i++)
1343
-
descs[i].length = PAGE_SIZE - descs[i].offset;
1344
-
}
1345
-
1346
1349
static inline unsigned long fuse_get_user_addr(const struct iov_iter *ii)
1347
1350
{
1348
1351
return (unsigned long)ii->iov->iov_base + ii->iov_offset;
···
2611
2634
}
2612
2635
2613
2636
return retval;
2614
-
}
2615
-
2616
-
/*
2617
-
* CUSE servers compiled on 32bit broke on 64bit kernels because the
2618
-
* ABI was defined to be 'struct iovec' which is different on 32bit
2619
-
* and 64bit. Fortunately we can determine which structure the server
2620
-
* used from the size of the reply.
2621
-
*/
2622
-
static int fuse_copy_ioctl_iovec_old(struct iovec *dst, void *src,
2623
-
size_t transferred, unsigned count,
2624
-
bool is_compat)
2625
-
{
2626
-
#ifdef CONFIG_COMPAT
2627
-
if (count * sizeof(struct compat_iovec) == transferred) {
2628
-
struct compat_iovec *ciov = src;
2629
-
unsigned i;
2630
-
2631
-
/*
2632
-
* With this interface a 32bit server cannot support
2633
-
* non-compat (i.e. ones coming from 64bit apps) ioctl
2634
-
* requests
2635
-
*/
2636
-
if (!is_compat)
2637
-
return -EINVAL;
2638
-
2639
-
for (i = 0; i < count; i++) {
2640
-
dst[i].iov_base = compat_ptr(ciov[i].iov_base);
2641
-
dst[i].iov_len = ciov[i].iov_len;
2642
-
}
2643
-
return 0;
2644
-
}
2645
-
#endif
2646
-
2647
-
if (count * sizeof(struct iovec) != transferred)
2648
-
return -EIO;
2649
-
2650
-
memcpy(dst, src, transferred);
2651
-
return 0;
2652
-
}
2653
-
2654
-
/* Make sure iov_length() won't overflow */
2655
-
static int fuse_verify_ioctl_iov(struct fuse_conn *fc, struct iovec *iov,
2656
-
size_t count)
2657
-
{
2658
-
size_t n;
2659
-
u32 max = fc->max_pages << PAGE_SHIFT;
2660
-
2661
-
for (n = 0; n < count; n++, iov++) {
2662
-
if (iov->iov_len > (size_t) max)
2663
-
return -ENOMEM;
2664
-
max -= iov->iov_len;
2665
-
}
2666
-
return 0;
2667
-
}
2668
-
2669
-
static int fuse_copy_ioctl_iovec(struct fuse_conn *fc, struct iovec *dst,
2670
-
void *src, size_t transferred, unsigned count,
2671
-
bool is_compat)
2672
-
{
2673
-
unsigned i;
2674
-
struct fuse_ioctl_iovec *fiov = src;
2675
-
2676
-
if (fc->minor < 16) {
2677
-
return fuse_copy_ioctl_iovec_old(dst, src, transferred,
2678
-
count, is_compat);
2679
-
}
2680
-
2681
-
if (count * sizeof(struct fuse_ioctl_iovec) != transferred)
2682
-
return -EIO;
2683
-
2684
-
for (i = 0; i < count; i++) {
2685
-
/* Did the server supply an inappropriate value? */
2686
-
if (fiov[i].base != (unsigned long) fiov[i].base ||
2687
-
fiov[i].len != (unsigned long) fiov[i].len)
2688
-
return -EIO;
2689
-
2690
-
dst[i].iov_base = (void __user *) (unsigned long) fiov[i].base;
2691
-
dst[i].iov_len = (size_t) fiov[i].len;
2692
-
2693
-
#ifdef CONFIG_COMPAT
2694
-
if (is_compat &&
2695
-
(ptr_to_compat(dst[i].iov_base) != fiov[i].base ||
2696
-
(compat_size_t) dst[i].iov_len != fiov[i].len))
2697
-
return -EIO;
2698
-
#endif
2699
-
}
2700
-
2701
-
return 0;
2702
-
}
2703
-
2704
-
2705
-
/*
2706
-
* For ioctls, there is no generic way to determine how much memory
2707
-
* needs to be read and/or written. Furthermore, ioctls are allowed
2708
-
* to dereference the passed pointer, so the parameter requires deep
2709
-
* copying but FUSE has no idea whatsoever about what to copy in or
2710
-
* out.
2711
-
*
2712
-
* This is solved by allowing FUSE server to retry ioctl with
2713
-
* necessary in/out iovecs. Let's assume the ioctl implementation
2714
-
* needs to read in the following structure.
2715
-
*
2716
-
* struct a {
2717
-
* char *buf;
2718
-
* size_t buflen;
2719
-
* }
2720
-
*
2721
-
* On the first callout to FUSE server, inarg->in_size and
2722
-
* inarg->out_size will be NULL; then, the server completes the ioctl
2723
-
* with FUSE_IOCTL_RETRY set in out->flags, out->in_iovs set to 1 and
2724
-
* the actual iov array to
2725
-
*
2726
-
* { { .iov_base = inarg.arg, .iov_len = sizeof(struct a) } }
2727
-
*
2728
-
* which tells FUSE to copy in the requested area and retry the ioctl.
2729
-
* On the second round, the server has access to the structure and
2730
-
* from that it can tell what to look for next, so on the invocation,
2731
-
* it sets FUSE_IOCTL_RETRY, out->in_iovs to 2 and iov array to
2732
-
*
2733
-
* { { .iov_base = inarg.arg, .iov_len = sizeof(struct a) },
2734
-
* { .iov_base = a.buf, .iov_len = a.buflen } }
2735
-
*
2736
-
* FUSE will copy both struct a and the pointed buffer from the
2737
-
* process doing the ioctl and retry ioctl with both struct a and the
2738
-
* buffer.
2739
-
*
2740
-
* This time, FUSE server has everything it needs and completes ioctl
2741
-
* without FUSE_IOCTL_RETRY which finishes the ioctl call.
2742
-
*
2743
-
* Copying data out works the same way.
2744
-
*
2745
-
* Note that if FUSE_IOCTL_UNRESTRICTED is clear, the kernel
2746
-
* automatically initializes in and out iovs by decoding @cmd with
2747
-
* _IOC_* macros and the server is not allowed to request RETRY. This
2748
-
* limits ioctl data transfers to well-formed ioctls and is the forced
2749
-
* behavior for all FUSE servers.
2750
-
*/
2751
-
long fuse_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg,
2752
-
unsigned int flags)
2753
-
{
2754
-
struct fuse_file *ff = file->private_data;
2755
-
struct fuse_mount *fm = ff->fm;
2756
-
struct fuse_ioctl_in inarg = {
2757
-
.fh = ff->fh,
2758
-
.cmd = cmd,
2759
-
.arg = arg,
2760
-
.flags = flags
2761
-
};
2762
-
struct fuse_ioctl_out outarg;
2763
-
struct iovec *iov_page = NULL;
2764
-
struct iovec *in_iov = NULL, *out_iov = NULL;
2765
-
unsigned int in_iovs = 0, out_iovs = 0, max_pages;
2766
-
size_t in_size, out_size, c;
2767
-
ssize_t transferred;
2768
-
int err, i;
2769
-
struct iov_iter ii;
2770
-
struct fuse_args_pages ap = {};
2771
-
2772
-
#if BITS_PER_LONG == 32
2773
-
inarg.flags |= FUSE_IOCTL_32BIT;
2774
-
#else
2775
-
if (flags & FUSE_IOCTL_COMPAT) {
2776
-
inarg.flags |= FUSE_IOCTL_32BIT;
2777
-
#ifdef CONFIG_X86_X32
2778
-
if (in_x32_syscall())
2779
-
inarg.flags |= FUSE_IOCTL_COMPAT_X32;
2780
-
#endif
2781
-
}
2782
-
#endif
2783
-
2784
-
/* assume all the iovs returned by client always fits in a page */
2785
-
BUILD_BUG_ON(sizeof(struct fuse_ioctl_iovec) * FUSE_IOCTL_MAX_IOV > PAGE_SIZE);
2786
-
2787
-
err = -ENOMEM;
2788
-
ap.pages = fuse_pages_alloc(fm->fc->max_pages, GFP_KERNEL, &ap.descs);
2789
-
iov_page = (struct iovec *) __get_free_page(GFP_KERNEL);
2790
-
if (!ap.pages || !iov_page)
2791
-
goto out;
2792
-
2793
-
fuse_page_descs_length_init(ap.descs, 0, fm->fc->max_pages);
2794
-
2795
-
/*
2796
-
* If restricted, initialize IO parameters as encoded in @cmd.
2797
-
* RETRY from server is not allowed.
2798
-
*/
2799
-
if (!(flags & FUSE_IOCTL_UNRESTRICTED)) {
2800
-
struct iovec *iov = iov_page;
2801
-
2802
-
iov->iov_base = (void __user *)arg;
2803
-
2804
-
switch (cmd) {
2805
-
case FS_IOC_GETFLAGS:
2806
-
case FS_IOC_SETFLAGS:
2807
-
iov->iov_len = sizeof(int);
2808
-
break;
2809
-
default:
2810
-
iov->iov_len = _IOC_SIZE(cmd);
2811
-
break;
2812
-
}
2813
-
2814
-
if (_IOC_DIR(cmd) & _IOC_WRITE) {
2815
-
in_iov = iov;
2816
-
in_iovs = 1;
2817
-
}
2818
-
2819
-
if (_IOC_DIR(cmd) & _IOC_READ) {
2820
-
out_iov = iov;
2821
-
out_iovs = 1;
2822
-
}
2823
-
}
2824
-
2825
-
retry:
2826
-
inarg.in_size = in_size = iov_length(in_iov, in_iovs);
2827
-
inarg.out_size = out_size = iov_length(out_iov, out_iovs);
2828
-
2829
-
/*
2830
-
* Out data can be used either for actual out data or iovs,
2831
-
* make sure there always is at least one page.
2832
-
*/
2833
-
out_size = max_t(size_t, out_size, PAGE_SIZE);
2834
-
max_pages = DIV_ROUND_UP(max(in_size, out_size), PAGE_SIZE);
2835
-
2836
-
/* make sure there are enough buffer pages and init request with them */
2837
-
err = -ENOMEM;
2838
-
if (max_pages > fm->fc->max_pages)
2839
-
goto out;
2840
-
while (ap.num_pages < max_pages) {
2841
-
ap.pages[ap.num_pages] = alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
2842
-
if (!ap.pages[ap.num_pages])
2843
-
goto out;
2844
-
ap.num_pages++;
2845
-
}
2846
-
2847
-
2848
-
/* okay, let's send it to the client */
2849
-
ap.args.opcode = FUSE_IOCTL;
2850
-
ap.args.nodeid = ff->nodeid;
2851
-
ap.args.in_numargs = 1;
2852
-
ap.args.in_args[0].size = sizeof(inarg);
2853
-
ap.args.in_args[0].value = &inarg;
2854
-
if (in_size) {
2855
-
ap.args.in_numargs++;
2856
-
ap.args.in_args[1].size = in_size;
2857
-
ap.args.in_pages = true;
2858
-
2859
-
err = -EFAULT;
2860
-
iov_iter_init(&ii, WRITE, in_iov, in_iovs, in_size);
2861
-
for (i = 0; iov_iter_count(&ii) && !WARN_ON(i >= ap.num_pages); i++) {
2862
-
c = copy_page_from_iter(ap.pages[i], 0, PAGE_SIZE, &ii);
2863
-
if (c != PAGE_SIZE && iov_iter_count(&ii))
2864
-
goto out;
2865
-
}
2866
-
}
2867
-
2868
-
ap.args.out_numargs = 2;
2869
-
ap.args.out_args[0].size = sizeof(outarg);
2870
-
ap.args.out_args[0].value = &outarg;
2871
-
ap.args.out_args[1].size = out_size;
2872
-
ap.args.out_pages = true;
2873
-
ap.args.out_argvar = true;
2874
-
2875
-
transferred = fuse_simple_request(fm, &ap.args);
2876
-
err = transferred;
2877
-
if (transferred < 0)
2878
-
goto out;
2879
-
2880
-
/* did it ask for retry? */
2881
-
if (outarg.flags & FUSE_IOCTL_RETRY) {
2882
-
void *vaddr;
2883
-
2884
-
/* no retry if in restricted mode */
2885
-
err = -EIO;
2886
-
if (!(flags & FUSE_IOCTL_UNRESTRICTED))
2887
-
goto out;
2888
-
2889
-
in_iovs = outarg.in_iovs;
2890
-
out_iovs = outarg.out_iovs;
2891
-
2892
-
/*
2893
-
* Make sure things are in boundary, separate checks
2894
-
* are to protect against overflow.
2895
-
*/
2896
-
err = -ENOMEM;
2897
-
if (in_iovs > FUSE_IOCTL_MAX_IOV ||
2898
-
out_iovs > FUSE_IOCTL_MAX_IOV ||
2899
-
in_iovs + out_iovs > FUSE_IOCTL_MAX_IOV)
2900
-
goto out;
2901
-
2902
-
vaddr = kmap_atomic(ap.pages[0]);
2903
-
err = fuse_copy_ioctl_iovec(fm->fc, iov_page, vaddr,
2904
-
transferred, in_iovs + out_iovs,
2905
-
(flags & FUSE_IOCTL_COMPAT) != 0);
2906
-
kunmap_atomic(vaddr);
2907
-
if (err)
2908
-
goto out;
2909
-
2910
-
in_iov = iov_page;
2911
-
out_iov = in_iov + in_iovs;
2912
-
2913
-
err = fuse_verify_ioctl_iov(fm->fc, in_iov, in_iovs);
2914
-
if (err)
2915
-
goto out;
2916
-
2917
-
err = fuse_verify_ioctl_iov(fm->fc, out_iov, out_iovs);
2918
-
if (err)
2919
-
goto out;
2920
-
2921
-
goto retry;
2922
-
}
2923
-
2924
-
err = -EIO;
2925
-
if (transferred > inarg.out_size)
2926
-
goto out;
2927
-
2928
-
err = -EFAULT;
2929
-
iov_iter_init(&ii, READ, out_iov, out_iovs, transferred);
2930
-
for (i = 0; iov_iter_count(&ii) && !WARN_ON(i >= ap.num_pages); i++) {
2931
-
c = copy_page_to_iter(ap.pages[i], 0, PAGE_SIZE, &ii);
2932
-
if (c != PAGE_SIZE && iov_iter_count(&ii))
2933
-
goto out;
2934
-
}
2935
-
err = 0;
2936
-
out:
2937
-
free_page((unsigned long) iov_page);
2938
-
while (ap.num_pages)
2939
-
__free_page(ap.pages[--ap.num_pages]);
2940
-
kfree(ap.pages);
2941
-
2942
-
return err ? err : outarg.result;
2943
-
}
2944
-
EXPORT_SYMBOL_GPL(fuse_do_ioctl);
2945
-
2946
-
long fuse_ioctl_common(struct file *file, unsigned int cmd,
2947
-
unsigned long arg, unsigned int flags)
2948
-
{
2949
-
struct inode *inode = file_inode(file);
2950
-
struct fuse_conn *fc = get_fuse_conn(inode);
2951
-
2952
-
if (!fuse_allow_current_process(fc))
2953
-
return -EACCES;
2954
-
2955
-
if (fuse_is_bad(inode))
2956
-
return -EIO;
2957
-
2958
-
return fuse_do_ioctl(file, cmd, arg, flags);
2959
-
}
2960
-
2961
-
static long fuse_file_ioctl(struct file *file, unsigned int cmd,
2962
-
unsigned long arg)
2963
-
{
2964
-
return fuse_ioctl_common(file, cmd, arg, 0);
2965
-
}
2966
-
2967
-
static long fuse_file_compat_ioctl(struct file *file, unsigned int cmd,
2968
-
unsigned long arg)
2969
-
{
2970
-
return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_COMPAT);
2971
2637
}
2972
2638
2973
2639
/*
+27
fs/fuse/fuse_i.h
+27
fs/fuse/fuse_i.h
···
872
872
return unlikely(test_bit(FUSE_I_BAD, &get_fuse_inode(inode)->state));
873
873
}
874
874
875
+
static inline struct page **fuse_pages_alloc(unsigned int npages, gfp_t flags,
876
+
struct fuse_page_desc **desc)
877
+
{
878
+
struct page **pages;
879
+
880
+
pages = kzalloc(npages * (sizeof(struct page *) +
881
+
sizeof(struct fuse_page_desc)), flags);
882
+
*desc = (void *) (pages + npages);
883
+
884
+
return pages;
885
+
}
886
+
887
+
static inline void fuse_page_descs_length_init(struct fuse_page_desc *descs,
888
+
unsigned int index,
889
+
unsigned int nr_pages)
890
+
{
891
+
int i;
892
+
893
+
for (i = index; i < index + nr_pages; i++)
894
+
descs[i].length = PAGE_SIZE - descs[i].offset;
895
+
}
896
+
875
897
/** Device operations */
876
898
extern const struct file_operations fuse_dev_operations;
877
899
···
1235
1213
void fuse_dax_inode_cleanup(struct inode *inode);
1236
1214
bool fuse_dax_check_alignment(struct fuse_conn *fc, unsigned int map_alignment);
1237
1215
void fuse_dax_cancel_work(struct fuse_conn *fc);
1216
+
1217
+
/* ioctl.c */
1218
+
long fuse_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
1219
+
long fuse_file_compat_ioctl(struct file *file, unsigned int cmd,
1220
+
unsigned long arg);
1238
1221
1239
1222
#endif /* _FS_FUSE_I_H */
+366
fs/fuse/ioctl.c
+366
fs/fuse/ioctl.c
···
1
+
// SPDX-License-Identifier: GPL-2.0-only
2
+
/*
3
+
* Copyright (C) 2017 Red Hat, Inc.
4
+
*/
5
+
6
+
#include "fuse_i.h"
7
+
8
+
#include <linux/uio.h>
9
+
#include <linux/compat.h>
10
+
#include <linux/fileattr.h>
11
+
12
+
/*
13
+
* CUSE servers compiled on 32bit broke on 64bit kernels because the
14
+
* ABI was defined to be 'struct iovec' which is different on 32bit
15
+
* and 64bit. Fortunately we can determine which structure the server
16
+
* used from the size of the reply.
17
+
*/
18
+
static int fuse_copy_ioctl_iovec_old(struct iovec *dst, void *src,
19
+
size_t transferred, unsigned count,
20
+
bool is_compat)
21
+
{
22
+
#ifdef CONFIG_COMPAT
23
+
if (count * sizeof(struct compat_iovec) == transferred) {
24
+
struct compat_iovec *ciov = src;
25
+
unsigned i;
26
+
27
+
/*
28
+
* With this interface a 32bit server cannot support
29
+
* non-compat (i.e. ones coming from 64bit apps) ioctl
30
+
* requests
31
+
*/
32
+
if (!is_compat)
33
+
return -EINVAL;
34
+
35
+
for (i = 0; i < count; i++) {
36
+
dst[i].iov_base = compat_ptr(ciov[i].iov_base);
37
+
dst[i].iov_len = ciov[i].iov_len;
38
+
}
39
+
return 0;
40
+
}
41
+
#endif
42
+
43
+
if (count * sizeof(struct iovec) != transferred)
44
+
return -EIO;
45
+
46
+
memcpy(dst, src, transferred);
47
+
return 0;
48
+
}
49
+
50
+
/* Make sure iov_length() won't overflow */
51
+
static int fuse_verify_ioctl_iov(struct fuse_conn *fc, struct iovec *iov,
52
+
size_t count)
53
+
{
54
+
size_t n;
55
+
u32 max = fc->max_pages << PAGE_SHIFT;
56
+
57
+
for (n = 0; n < count; n++, iov++) {
58
+
if (iov->iov_len > (size_t) max)
59
+
return -ENOMEM;
60
+
max -= iov->iov_len;
61
+
}
62
+
return 0;
63
+
}
64
+
65
+
static int fuse_copy_ioctl_iovec(struct fuse_conn *fc, struct iovec *dst,
66
+
void *src, size_t transferred, unsigned count,
67
+
bool is_compat)
68
+
{
69
+
unsigned i;
70
+
struct fuse_ioctl_iovec *fiov = src;
71
+
72
+
if (fc->minor < 16) {
73
+
return fuse_copy_ioctl_iovec_old(dst, src, transferred,
74
+
count, is_compat);
75
+
}
76
+
77
+
if (count * sizeof(struct fuse_ioctl_iovec) != transferred)
78
+
return -EIO;
79
+
80
+
for (i = 0; i < count; i++) {
81
+
/* Did the server supply an inappropriate value? */
82
+
if (fiov[i].base != (unsigned long) fiov[i].base ||
83
+
fiov[i].len != (unsigned long) fiov[i].len)
84
+
return -EIO;
85
+
86
+
dst[i].iov_base = (void __user *) (unsigned long) fiov[i].base;
87
+
dst[i].iov_len = (size_t) fiov[i].len;
88
+
89
+
#ifdef CONFIG_COMPAT
90
+
if (is_compat &&
91
+
(ptr_to_compat(dst[i].iov_base) != fiov[i].base ||
92
+
(compat_size_t) dst[i].iov_len != fiov[i].len))
93
+
return -EIO;
94
+
#endif
95
+
}
96
+
97
+
return 0;
98
+
}
99
+
100
+
101
+
/*
102
+
* For ioctls, there is no generic way to determine how much memory
103
+
* needs to be read and/or written. Furthermore, ioctls are allowed
104
+
* to dereference the passed pointer, so the parameter requires deep
105
+
* copying but FUSE has no idea whatsoever about what to copy in or
106
+
* out.
107
+
*
108
+
* This is solved by allowing FUSE server to retry ioctl with
109
+
* necessary in/out iovecs. Let's assume the ioctl implementation
110
+
* needs to read in the following structure.
111
+
*
112
+
* struct a {
113
+
* char *buf;
114
+
* size_t buflen;
115
+
* }
116
+
*
117
+
* On the first callout to FUSE server, inarg->in_size and
118
+
* inarg->out_size will be NULL; then, the server completes the ioctl
119
+
* with FUSE_IOCTL_RETRY set in out->flags, out->in_iovs set to 1 and
120
+
* the actual iov array to
121
+
*
122
+
* { { .iov_base = inarg.arg, .iov_len = sizeof(struct a) } }
123
+
*
124
+
* which tells FUSE to copy in the requested area and retry the ioctl.
125
+
* On the second round, the server has access to the structure and
126
+
* from that it can tell what to look for next, so on the invocation,
127
+
* it sets FUSE_IOCTL_RETRY, out->in_iovs to 2 and iov array to
128
+
*
129
+
* { { .iov_base = inarg.arg, .iov_len = sizeof(struct a) },
130
+
* { .iov_base = a.buf, .iov_len = a.buflen } }
131
+
*
132
+
* FUSE will copy both struct a and the pointed buffer from the
133
+
* process doing the ioctl and retry ioctl with both struct a and the
134
+
* buffer.
135
+
*
136
+
* This time, FUSE server has everything it needs and completes ioctl
137
+
* without FUSE_IOCTL_RETRY which finishes the ioctl call.
138
+
*
139
+
* Copying data out works the same way.
140
+
*
141
+
* Note that if FUSE_IOCTL_UNRESTRICTED is clear, the kernel
142
+
* automatically initializes in and out iovs by decoding @cmd with
143
+
* _IOC_* macros and the server is not allowed to request RETRY. This
144
+
* limits ioctl data transfers to well-formed ioctls and is the forced
145
+
* behavior for all FUSE servers.
146
+
*/
147
+
long fuse_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg,
148
+
unsigned int flags)
149
+
{
150
+
struct fuse_file *ff = file->private_data;
151
+
struct fuse_mount *fm = ff->fm;
152
+
struct fuse_ioctl_in inarg = {
153
+
.fh = ff->fh,
154
+
.cmd = cmd,
155
+
.arg = arg,
156
+
.flags = flags
157
+
};
158
+
struct fuse_ioctl_out outarg;
159
+
struct iovec *iov_page = NULL;
160
+
struct iovec *in_iov = NULL, *out_iov = NULL;
161
+
unsigned int in_iovs = 0, out_iovs = 0, max_pages;
162
+
size_t in_size, out_size, c;
163
+
ssize_t transferred;
164
+
int err, i;
165
+
struct iov_iter ii;
166
+
struct fuse_args_pages ap = {};
167
+
168
+
#if BITS_PER_LONG == 32
169
+
inarg.flags |= FUSE_IOCTL_32BIT;
170
+
#else
171
+
if (flags & FUSE_IOCTL_COMPAT) {
172
+
inarg.flags |= FUSE_IOCTL_32BIT;
173
+
#ifdef CONFIG_X86_X32
174
+
if (in_x32_syscall())
175
+
inarg.flags |= FUSE_IOCTL_COMPAT_X32;
176
+
#endif
177
+
}
178
+
#endif
179
+
180
+
/* assume all the iovs returned by client always fits in a page */
181
+
BUILD_BUG_ON(sizeof(struct fuse_ioctl_iovec) * FUSE_IOCTL_MAX_IOV > PAGE_SIZE);
182
+
183
+
err = -ENOMEM;
184
+
ap.pages = fuse_pages_alloc(fm->fc->max_pages, GFP_KERNEL, &ap.descs);
185
+
iov_page = (struct iovec *) __get_free_page(GFP_KERNEL);
186
+
if (!ap.pages || !iov_page)
187
+
goto out;
188
+
189
+
fuse_page_descs_length_init(ap.descs, 0, fm->fc->max_pages);
190
+
191
+
/*
192
+
* If restricted, initialize IO parameters as encoded in @cmd.
193
+
* RETRY from server is not allowed.
194
+
*/
195
+
if (!(flags & FUSE_IOCTL_UNRESTRICTED)) {
196
+
struct iovec *iov = iov_page;
197
+
198
+
iov->iov_base = (void __user *)arg;
199
+
200
+
switch (cmd) {
201
+
case FS_IOC_GETFLAGS:
202
+
case FS_IOC_SETFLAGS:
203
+
iov->iov_len = sizeof(int);
204
+
break;
205
+
default:
206
+
iov->iov_len = _IOC_SIZE(cmd);
207
+
break;
208
+
}
209
+
210
+
if (_IOC_DIR(cmd) & _IOC_WRITE) {
211
+
in_iov = iov;
212
+
in_iovs = 1;
213
+
}
214
+
215
+
if (_IOC_DIR(cmd) & _IOC_READ) {
216
+
out_iov = iov;
217
+
out_iovs = 1;
218
+
}
219
+
}
220
+
221
+
retry:
222
+
inarg.in_size = in_size = iov_length(in_iov, in_iovs);
223
+
inarg.out_size = out_size = iov_length(out_iov, out_iovs);
224
+
225
+
/*
226
+
* Out data can be used either for actual out data or iovs,
227
+
* make sure there always is at least one page.
228
+
*/
229
+
out_size = max_t(size_t, out_size, PAGE_SIZE);
230
+
max_pages = DIV_ROUND_UP(max(in_size, out_size), PAGE_SIZE);
231
+
232
+
/* make sure there are enough buffer pages and init request with them */
233
+
err = -ENOMEM;
234
+
if (max_pages > fm->fc->max_pages)
235
+
goto out;
236
+
while (ap.num_pages < max_pages) {
237
+
ap.pages[ap.num_pages] = alloc_page(GFP_KERNEL | __GFP_HIGHMEM);
238
+
if (!ap.pages[ap.num_pages])
239
+
goto out;
240
+
ap.num_pages++;
241
+
}
242
+
243
+
244
+
/* okay, let's send it to the client */
245
+
ap.args.opcode = FUSE_IOCTL;
246
+
ap.args.nodeid = ff->nodeid;
247
+
ap.args.in_numargs = 1;
248
+
ap.args.in_args[0].size = sizeof(inarg);
249
+
ap.args.in_args[0].value = &inarg;
250
+
if (in_size) {
251
+
ap.args.in_numargs++;
252
+
ap.args.in_args[1].size = in_size;
253
+
ap.args.in_pages = true;
254
+
255
+
err = -EFAULT;
256
+
iov_iter_init(&ii, WRITE, in_iov, in_iovs, in_size);
257
+
for (i = 0; iov_iter_count(&ii) && !WARN_ON(i >= ap.num_pages); i++) {
258
+
c = copy_page_from_iter(ap.pages[i], 0, PAGE_SIZE, &ii);
259
+
if (c != PAGE_SIZE && iov_iter_count(&ii))
260
+
goto out;
261
+
}
262
+
}
263
+
264
+
ap.args.out_numargs = 2;
265
+
ap.args.out_args[0].size = sizeof(outarg);
266
+
ap.args.out_args[0].value = &outarg;
267
+
ap.args.out_args[1].size = out_size;
268
+
ap.args.out_pages = true;
269
+
ap.args.out_argvar = true;
270
+
271
+
transferred = fuse_simple_request(fm, &ap.args);
272
+
err = transferred;
273
+
if (transferred < 0)
274
+
goto out;
275
+
276
+
/* did it ask for retry? */
277
+
if (outarg.flags & FUSE_IOCTL_RETRY) {
278
+
void *vaddr;
279
+
280
+
/* no retry if in restricted mode */
281
+
err = -EIO;
282
+
if (!(flags & FUSE_IOCTL_UNRESTRICTED))
283
+
goto out;
284
+
285
+
in_iovs = outarg.in_iovs;
286
+
out_iovs = outarg.out_iovs;
287
+
288
+
/*
289
+
* Make sure things are in boundary, separate checks
290
+
* are to protect against overflow.
291
+
*/
292
+
err = -ENOMEM;
293
+
if (in_iovs > FUSE_IOCTL_MAX_IOV ||
294
+
out_iovs > FUSE_IOCTL_MAX_IOV ||
295
+
in_iovs + out_iovs > FUSE_IOCTL_MAX_IOV)
296
+
goto out;
297
+
298
+
vaddr = kmap_atomic(ap.pages[0]);
299
+
err = fuse_copy_ioctl_iovec(fm->fc, iov_page, vaddr,
300
+
transferred, in_iovs + out_iovs,
301
+
(flags & FUSE_IOCTL_COMPAT) != 0);
302
+
kunmap_atomic(vaddr);
303
+
if (err)
304
+
goto out;
305
+
306
+
in_iov = iov_page;
307
+
out_iov = in_iov + in_iovs;
308
+
309
+
err = fuse_verify_ioctl_iov(fm->fc, in_iov, in_iovs);
310
+
if (err)
311
+
goto out;
312
+
313
+
err = fuse_verify_ioctl_iov(fm->fc, out_iov, out_iovs);
314
+
if (err)
315
+
goto out;
316
+
317
+
goto retry;
318
+
}
319
+
320
+
err = -EIO;
321
+
if (transferred > inarg.out_size)
322
+
goto out;
323
+
324
+
err = -EFAULT;
325
+
iov_iter_init(&ii, READ, out_iov, out_iovs, transferred);
326
+
for (i = 0; iov_iter_count(&ii) && !WARN_ON(i >= ap.num_pages); i++) {
327
+
c = copy_page_to_iter(ap.pages[i], 0, PAGE_SIZE, &ii);
328
+
if (c != PAGE_SIZE && iov_iter_count(&ii))
329
+
goto out;
330
+
}
331
+
err = 0;
332
+
out:
333
+
free_page((unsigned long) iov_page);
334
+
while (ap.num_pages)
335
+
__free_page(ap.pages[--ap.num_pages]);
336
+
kfree(ap.pages);
337
+
338
+
return err ? err : outarg.result;
339
+
}
340
+
EXPORT_SYMBOL_GPL(fuse_do_ioctl);
341
+
342
+
long fuse_ioctl_common(struct file *file, unsigned int cmd,
343
+
unsigned long arg, unsigned int flags)
344
+
{
345
+
struct inode *inode = file_inode(file);
346
+
struct fuse_conn *fc = get_fuse_conn(inode);
347
+
348
+
if (!fuse_allow_current_process(fc))
349
+
return -EACCES;
350
+
351
+
if (fuse_is_bad(inode))
352
+
return -EIO;
353
+
354
+
return fuse_do_ioctl(file, cmd, arg, flags);
355
+
}
356
+
357
+
long fuse_file_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
358
+
{
359
+
return fuse_ioctl_common(file, cmd, arg, 0);
360
+
}
361
+
362
+
long fuse_file_compat_ioctl(struct file *file, unsigned int cmd,
363
+
unsigned long arg)
364
+
{
365
+
return fuse_ioctl_common(file, cmd, arg, FUSE_IOCTL_COMPAT);
366
+
}