Merge tag 'fuse-update-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse

{

	struct fuse_dev *fud = file->private_data;

	struct cuse_conn *cc = fc_to_cc(fud->fc);

	int rc;

	/* remove from the conntbl, no more access from this point on */

	mutex_lock(&cuse_lock);

		cdev_del(cc->cdev);

	}

	rc = fuse_dev_release(inode, file);	/* puts the base reference */

	return rc;

	return fuse_dev_release(inode, file);

}

static struct file_operations cuse_channel_fops; /* initialized during init */

	buf[outarg.namelen] = 0;

	down_read(&fc->killsb);

	err = fuse_reverse_inval_entry(fc, outarg.parent, 0, &name);

	err = fuse_reverse_inval_entry(fc, outarg.parent, 0, &name, outarg.flags);

	up_read(&fc->killsb);

	kfree(buf);

	return err;

	buf[outarg.namelen] = 0;

	down_read(&fc->killsb);

	err = fuse_reverse_inval_entry(fc, outarg.parent, outarg.child, &name);

	err = fuse_reverse_inval_entry(fc, outarg.parent, outarg.child, &name, 0);

	up_read(&fc->killsb);

	kfree(buf);

	return err;

				 * Check against file->f_op because CUSE

				 * uses the same ioctl handler.

				 */

				if (old->f_op == file->f_op &&

				    old->f_cred->user_ns == file->f_cred->user_ns)

				if (old->f_op == file->f_op)

					fud = fuse_get_dev(old);

				if (fud) {

	if (inode && fuse_is_bad(inode))

		goto invalid;

	else if (time_before64(fuse_dentry_time(entry), get_jiffies_64()) ||

		 (flags & (LOOKUP_EXCL | LOOKUP_REVAL))) {

		 (flags & (LOOKUP_EXCL | LOOKUP_REVAL | LOOKUP_RENAME_TARGET))) {

		struct fuse_entry_out outarg;

		FUSE_ARGS(args);

		struct fuse_forget_link *forget;

}

int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid,

			     u64 child_nodeid, struct qstr *name)

			     u64 child_nodeid, struct qstr *name, u32 flags)

{

	int err = -ENOTDIR;

	struct inode *parent;

		goto unlock;

	fuse_dir_changed(parent);

	fuse_invalidate_entry(entry);

	if (!(flags & FUSE_EXPIRE_ONLY))

		d_invalidate(entry);

	fuse_invalidate_entry_cache(entry);

	if (child_nodeid != 0 && d_really_is_positive(entry)) {

		inode_lock(d_inode(entry));

	return err;

}

static inline bool fuse_permissible_uidgid(struct fuse_conn *fc)

{

	const struct cred *cred = current_cred();

	return (uid_eq(cred->euid, fc->user_id) &&

		uid_eq(cred->suid, fc->user_id) &&

		uid_eq(cred->uid,  fc->user_id) &&

		gid_eq(cred->egid, fc->group_id) &&

		gid_eq(cred->sgid, fc->group_id) &&

		gid_eq(cred->gid,  fc->group_id));

}

/*

 * Calling into a user-controlled filesystem gives the filesystem

 * daemon ptrace-like capabilities over the current process.  This

 * for which the owner of the mount has ptrace privilege.  This

 * excludes processes started by other users, suid or sgid processes.

 */

int fuse_allow_current_process(struct fuse_conn *fc)

bool fuse_allow_current_process(struct fuse_conn *fc)

{

	const struct cred *cred;

	if (allow_sys_admin_access && capable(CAP_SYS_ADMIN))

		return 1;

	bool allow;

	if (fc->allow_other)

		return current_in_userns(fc->user_ns);

		allow = current_in_userns(fc->user_ns);

	else

		allow = fuse_permissible_uidgid(fc);

	cred = current_cred();

	if (uid_eq(cred->euid, fc->user_id) &&

	    uid_eq(cred->suid, fc->user_id) &&

	    uid_eq(cred->uid,  fc->user_id) &&

	    gid_eq(cred->egid, fc->group_id) &&

	    gid_eq(cred->sgid, fc->group_id) &&

	    gid_eq(cred->gid,  fc->group_id))

		return 1;

	if (!allow && allow_sys_admin_access && capable(CAP_SYS_ADMIN))

		allow = true;

	return 0;

	return allow;

}

static int fuse_access(struct inode *inode, int mask)

	return res;

}

static bool fuse_direct_write_extending_i_size(struct kiocb *iocb,

					       struct iov_iter *iter)

{

	struct inode *inode = file_inode(iocb->ki_filp);

	return iocb->ki_pos + iov_iter_count(iter) > i_size_read(inode);

}

static ssize_t fuse_direct_write_iter(struct kiocb *iocb, struct iov_iter *from)

{

	struct inode *inode = file_inode(iocb->ki_filp);

	struct file *file = iocb->ki_filp;

	struct fuse_file *ff = file->private_data;

	struct fuse_io_priv io = FUSE_IO_PRIV_SYNC(iocb);

	ssize_t res;

	bool exclusive_lock =

		!(ff->open_flags & FOPEN_PARALLEL_DIRECT_WRITES) ||

		iocb->ki_flags & IOCB_APPEND ||

		fuse_direct_write_extending_i_size(iocb, from);

	/* Don't allow parallel writes to the same file */

	/*

	 * Take exclusive lock if

	 * - Parallel direct writes are disabled - a user space decision

	 * - Parallel direct writes are enabled and i_size is being extended.

	 *   This might not be needed at all, but needs further investigation.

	 */

	if (exclusive_lock)

		inode_lock(inode);

	else {

		inode_lock_shared(inode);

		/* A race with truncate might have come up as the decision for

		 * the lock type was done without holding the lock, check again.

		 */

		if (fuse_direct_write_extending_i_size(iocb, from)) {

			inode_unlock_shared(inode);

			inode_lock(inode);

			exclusive_lock = true;

		}

	}

	res = generic_write_checks(iocb, from);

	if (res > 0) {

		if (!is_sync_kiocb(iocb) && iocb->ki_flags & IOCB_DIRECT) {

			fuse_write_update_attr(inode, iocb->ki_pos, res);

		}

	}

	if (exclusive_lock)

		inode_unlock(inode);

	else

		inode_unlock_shared(inode);

	return res;

}

	if (iov_iter_rw(iter) == WRITE) {

		fuse_write_update_attr(inode, pos, ret);

		/* For extending writes we already hold exclusive lock */

		if (ret < 0 && offset + count > i_size)

			fuse_do_truncate(file);

	}

/**

 * Is current process allowed to perform filesystem operation?

 */

int fuse_allow_current_process(struct fuse_conn *fc);

bool fuse_allow_current_process(struct fuse_conn *fc);

u64 fuse_lock_owner_id(struct fuse_conn *fc, fl_owner_t id);

 * then the dentry is unhashed (d_delete()).

 */

int fuse_reverse_inval_entry(struct fuse_conn *fc, u64 parent_nodeid,

			     u64 child_nodeid, struct qstr *name);

			     u64 child_nodeid, struct qstr *name, u32 flags);

int fuse_do_open(struct fuse_mount *fm, u64 nodeid, struct file *file,

		 bool isdir);