Commit 9ec1efbf authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'fuse-update-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse 

Pull fuse updates from Miklos Szeredi:

 - Fix a page locking bug in write (introduced in 2.6.26)

 - Allow sgid bit to be killed in setacl()

 - Miscellaneous fixes and cleanups

* tag 'fuse-update-5.13' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  cuse: simplify refcount
  cuse: prevent clone
  virtiofs: fix userns
  virtiofs: remove useless function
  virtiofs: split requests that exceed virtqueue size
  virtiofs: fix memory leak in virtio_fs_probe()
  fuse: invalidate attrs when page writeback completes
  fuse: add a flag FUSE_SETXATTR_ACL_KILL_SGID to kill SGID
  fuse: extend FUSE_SETXATTR request
  fuse: fix matching of FUSE_DEV_IOC_CLONE command
  fuse: fix a typo
  fuse: don't zero pages twice
  fuse: fix typo for fuse_conn.max_pages comment
  fuse: fix write deadlock
parents d652502e 3c9c1433

fs/fuse/acl.c

+6 −1
Original line number Diff line number Diff line
@@ -71,6 +71,7 @@ int fuse_set_acl(struct user_namespace *mnt_userns, struct inode *inode, 
		return -EINVAL;



	if (acl) {

		unsigned int extra_flags = 0;

		/*

		 * Fuse userspace is responsible for updating access

		 * permissions in the inode, if needed. fuse_setxattr
@@ -94,7 +95,11 @@ int fuse_set_acl(struct user_namespace *mnt_userns, struct inode *inode, 
			return ret;

		}



		ret = fuse_setxattr(inode, name, value, size, 0);

		if (!in_group_p(i_gid_into_mnt(&init_user_ns, inode)) &&

		    !capable_wrt_inode_uidgid(&init_user_ns, inode, CAP_FSETID))

			extra_flags |= FUSE_SETXATTR_ACL_KILL_SGID;



		ret = fuse_setxattr(inode, name, value, size, 0, extra_flags);

		kfree(value);

	} else {

		ret = fuse_removexattr(inode, name);

fs/fuse/cuse.c

+5 −7
Original line number Diff line number Diff line
@@ -511,20 +511,18 @@ static int cuse_channel_open(struct inode *inode, struct file *file) 
	fuse_conn_init(&cc->fc, &cc->fm, file->f_cred->user_ns,

		       &fuse_dev_fiq_ops, NULL);



	cc->fc.release = cuse_fc_release;

	fud = fuse_dev_alloc_install(&cc->fc);

	if (!fud) {

		kfree(cc);

	fuse_conn_put(&cc->fc);

	if (!fud)

		return -ENOMEM;

	}



	INIT_LIST_HEAD(&cc->list);

	cc->fc.release = cuse_fc_release;



	cc->fc.initialized = 1;

	rc = cuse_send_init(cc);

	if (rc) {

		fuse_dev_free(fud);

		fuse_conn_put(&cc->fc);

		return rc;

	}

	file->private_data = fud;
@@ -561,8 +559,6 @@ static int cuse_channel_release(struct inode *inode, struct file *file) 
		unregister_chrdev_region(cc->cdev->dev, 1);

		cdev_del(cc->cdev);

	}

	/* Base reference is now owned by "fud" */

	fuse_conn_put(&cc->fc);



	rc = fuse_dev_release(inode, file);	/* puts the base reference */
@@ -627,6 +623,8 @@ static int __init cuse_init(void) 
	cuse_channel_fops.owner		= THIS_MODULE;

	cuse_channel_fops.open		= cuse_channel_open;

	cuse_channel_fops.release	= cuse_channel_release;

	/* CUSE is not prepared for FUSE_DEV_IOC_CLONE */

	cuse_channel_fops.unlocked_ioctl	= NULL;



	cuse_class = class_create(THIS_MODULE, "cuse");

	if (IS_ERR(cuse_class))

fs/fuse/dev.c

+2 −5
Original line number Diff line number Diff line
@@ -2233,11 +2233,8 @@ static long fuse_dev_ioctl(struct file *file, unsigned int cmd, 
	int oldfd;

	struct fuse_dev *fud = NULL;



	if (_IOC_TYPE(cmd) != FUSE_DEV_IOC_MAGIC)

		return -ENOTTY;



	switch (_IOC_NR(cmd)) {

	case _IOC_NR(FUSE_DEV_IOC_CLONE):

	switch (cmd) {

	case FUSE_DEV_IOC_CLONE:

		res = -EFAULT;

		if (!get_user(oldfd, (__u32 __user *)arg)) {

			struct file *old = fget(oldfd);

fs/fuse/file.c

+44 −27
Original line number Diff line number Diff line
@@ -802,21 +802,12 @@ static void fuse_short_read(struct inode *inode, u64 attr_ver, size_t num_read, 
{

	struct fuse_conn *fc = get_fuse_conn(inode);



	if (fc->writeback_cache) {

	/*

		 * A hole in a file. Some data after the hole are in page cache,

		 * but have not reached the client fs yet. So, the hole is not

		 * present there.

	 * If writeback_cache is enabled, a short read means there's a hole in

	 * the file.  Some data after the hole is in page cache, but has not

	 * reached the client fs yet.  So the hole is not present there.

	 */

		int i;

		int start_idx = num_read >> PAGE_SHIFT;

		size_t off = num_read & (PAGE_SIZE - 1);



		for (i = start_idx; i < ap->num_pages; i++) {

			zero_user_segment(ap->pages[i], off, PAGE_SIZE);

			off = 0;

		}

	} else {

	if (!fc->writeback_cache) {

		loff_t pos = page_offset(ap->pages[0]) + num_read;

		fuse_read_update_size(inode, pos, attr_ver);

	}
@@ -1103,6 +1094,7 @@ static ssize_t fuse_send_write_pages(struct fuse_io_args *ia, 
	struct fuse_file *ff = file->private_data;

	struct fuse_mount *fm = ff->fm;

	unsigned int offset, i;

	bool short_write;

	int err;



	for (i = 0; i < ap->num_pages; i++)
@@ -1117,20 +1109,25 @@ static ssize_t fuse_send_write_pages(struct fuse_io_args *ia, 
	if (!err && ia->write.out.size > count)

		err = -EIO;



	short_write = ia->write.out.size < count;

	offset = ap->descs[0].offset;

	count = ia->write.out.size;

	for (i = 0; i < ap->num_pages; i++) {

		struct page *page = ap->pages[i];



		if (!err && !offset && count >= PAGE_SIZE)

			SetPageUptodate(page);



		if (count > PAGE_SIZE - offset)

		if (err) {

			ClearPageUptodate(page);

		} else {

			if (count >= PAGE_SIZE - offset)

				count -= PAGE_SIZE - offset;

		else

			else {

				if (short_write)

					ClearPageUptodate(page);

				count = 0;

			}

			offset = 0;



		}

		if (ia->write.page_locked && (i == ap->num_pages - 1))

			unlock_page(page);

		put_page(page);

	}
@@ -1138,11 +1135,12 @@ static ssize_t fuse_send_write_pages(struct fuse_io_args *ia, 
	return err;

}



static ssize_t fuse_fill_write_pages(struct fuse_args_pages *ap,

static ssize_t fuse_fill_write_pages(struct fuse_io_args *ia,

				     struct address_space *mapping,

				     struct iov_iter *ii, loff_t pos,

				     unsigned int max_pages)

{

	struct fuse_args_pages *ap = &ia->ap;

	struct fuse_conn *fc = get_fuse_conn(mapping->host);

	unsigned offset = pos & (PAGE_SIZE - 1);

	size_t count = 0;
@@ -1195,6 +1193,16 @@ static ssize_t fuse_fill_write_pages(struct fuse_args_pages *ap, 
		if (offset == PAGE_SIZE)

			offset = 0;



		/* If we copied full page, mark it uptodate */

		if (tmp == PAGE_SIZE)

			SetPageUptodate(page);



		if (PageUptodate(page)) {

			unlock_page(page);

		} else {

			ia->write.page_locked = true;

			break;

		}

		if (!fc->big_writes)

			break;

	} while (iov_iter_count(ii) && count < fc->max_write &&
@@ -1238,7 +1246,7 @@ static ssize_t fuse_perform_write(struct kiocb *iocb, 
			break;

		}



		count = fuse_fill_write_pages(ap, mapping, ii, pos, nr_pages);

		count = fuse_fill_write_pages(&ia, mapping, ii, pos, nr_pages);

		if (count <= 0) {

			err = count;

		} else {
@@ -1753,8 +1761,17 @@ static void fuse_writepage_end(struct fuse_mount *fm, struct fuse_args *args, 
		container_of(args, typeof(*wpa), ia.ap.args);

	struct inode *inode = wpa->inode;

	struct fuse_inode *fi = get_fuse_inode(inode);

	struct fuse_conn *fc = get_fuse_conn(inode);



	mapping_set_error(inode->i_mapping, error);

	/*

	 * A writeback finished and this might have updated mtime/ctime on

	 * server making local mtime/ctime stale.  Hence invalidate attrs.

	 * Do this only if writeback_cache is not enabled.  If writeback_cache

	 * is enabled, we trust local ctime/mtime.

	 */

	if (!fc->writeback_cache)

		fuse_invalidate_attr(inode);

	spin_lock(&fi->lock);

	rb_erase(&wpa->writepages_entry, &fi->writepages);

	while (wpa->next) {

fs/fuse/fuse_i.h

+10 −3
Original line number Diff line number Diff line
@@ -552,9 +552,12 @@ struct fuse_conn { 
	/** Maximum write size */

	unsigned max_write;



	/** Maxmum number of pages that can be used in a single request */

	/** Maximum number of pages that can be used in a single request */

	unsigned int max_pages;



	/** Constrain ->max_pages to this value during feature negotiation */

	unsigned int max_pages_limit;



	/** Input queue */

	struct fuse_iqueue iq;
@@ -668,6 +671,9 @@ struct fuse_conn { 
	/** Is setxattr not implemented by fs? */

	unsigned no_setxattr:1;



	/** Does file server support extended setxattr */

	unsigned setxattr_ext:1;



	/** Is getxattr not implemented by fs? */

	unsigned no_getxattr:1;
@@ -713,7 +719,7 @@ struct fuse_conn { 
	/** Use enhanced/automatic page cache invalidation. */

	unsigned auto_inval_data:1;



	/** Filesystem is fully reponsible for page cache invalidation. */

	/** Filesystem is fully responsible for page cache invalidation. */

	unsigned explicit_inval_data:1;



	/** Does the filesystem support readdirplus? */
@@ -934,6 +940,7 @@ struct fuse_io_args { 
		struct {

			struct fuse_write_in in;

			struct fuse_write_out out;

			bool page_locked;

		} write;

	};

	struct fuse_args_pages ap;
@@ -1193,7 +1200,7 @@ void fuse_unlock_inode(struct inode *inode, bool locked); 
bool fuse_lock_inode(struct inode *inode);



int fuse_setxattr(struct inode *inode, const char *name, const void *value,

		  size_t size, int flags);

		  size_t size, int flags, unsigned int extra_flags);

ssize_t fuse_getxattr(struct inode *inode, const char *name, void *value,

		      size_t size);

ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size);