search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / fs / fuse / control.c
blobbb56c6a58fa7658b61e95ac69b5931759d1bcc00
1 /*
2 FUSE: Filesystem in Userspace
3 Copyright (C) 2001-2008 Miklos Szeredi <miklos@szeredi.hu>
4
5 This program can be distributed under the terms of the GNU GPL.
6 See the file COPYING.
7 */
8
9 #include "fuse_i.h"
10
11 #include <linux/init.h>
12 #include <linux/module.h>
13
14 #define FUSE_CTL_SUPER_MAGIC 0x65735543
15
16 /*
17 * This is non-NULL when the single instance of the control filesystem
18 * exists. Protected by fuse_mutex
19 */
20 static struct super_block *fuse_control_sb;
21
22 static struct fuse_conn *fuse_ctl_file_conn_get(struct file *file)
23 {
24 struct fuse_conn *fc;
25 mutex_lock(&fuse_mutex);
26 fc = file_inode(file)->i_private;
27 if (fc)
28 fc = fuse_conn_get(fc);
29 mutex_unlock(&fuse_mutex);
30 return fc;
31 }
32
33 static ssize_t fuse_conn_abort_write(struct file *file, const char __user *buf,
34 size_t count, loff_t *ppos)
35 {
36 struct fuse_conn *fc = fuse_ctl_file_conn_get(file);
37 if (fc) {
38 fuse_abort_conn(fc);
39 fuse_conn_put(fc);
40 }
41 return count;
42 }
43
44 static ssize_t fuse_conn_waiting_read(struct file *file, char __user *buf,
45 size_t len, loff_t *ppos)
46 {
47 char tmp[32];
48 size_t size;
49
50 if (!*ppos) {
51 long value;
52 struct fuse_conn *fc = fuse_ctl_file_conn_get(file);
53 if (!fc)
54 return 0;
55
56 value = atomic_read(&fc->num_waiting);
57 file->private_data = (void *)value;
58 fuse_conn_put(fc);
59 }
60 size = sprintf(tmp, "%ld\n", (long)file->private_data);
61 return simple_read_from_buffer(buf, len, ppos, tmp, size);
62 }
63
64 static ssize_t fuse_conn_limit_read(struct file *file, char __user *buf,
65 size_t len, loff_t *ppos, unsigned val)
66 {
67 char tmp[32];
68 size_t size = sprintf(tmp, "%u\n", val);
69
70 return simple_read_from_buffer(buf, len, ppos, tmp, size);
71 }
72
73 static ssize_t fuse_conn_limit_write(struct file *file, const char __user *buf,
74 size_t count, loff_t *ppos, unsigned *val,
75 unsigned global_limit)
76 {
77 unsigned long t;
78 unsigned limit = (1 << 16) - 1;
79 int err;
80
81 if (*ppos)
82 return -EINVAL;
83
84 err = kstrtoul_from_user(buf, count, 0, &t);
85 if (err)
86 return err;
87
88 if (!capable(CAP_SYS_ADMIN))
89 limit = min(limit, global_limit);
90
91 if (t > limit)
92 return -EINVAL;
93
94 *val = t;
95
96 return count;
97 }
98
99 static ssize_t fuse_conn_max_background_read(struct file *file,
100 char __user *buf, size_t len,
101 loff_t *ppos)
102 {
103 struct fuse_conn *fc;
104 unsigned val;
105
106 fc = fuse_ctl_file_conn_get(file);
107 if (!fc)
108 return 0;
109
110 val = READ_ONCE(fc->max_background);
111 fuse_conn_put(fc);
112
113 return fuse_conn_limit_read(file, buf, len, ppos, val);
114 }
115
116 static ssize_t fuse_conn_max_background_write(struct file *file,
117 const char __user *buf,
118 size_t count, loff_t *ppos)
119 {
120 unsigned uninitialized_var(val);
121 ssize_t ret;
122
123 ret = fuse_conn_limit_write(file, buf, count, ppos, &val,
124 max_user_bgreq);
125 if (ret > 0) {
126 struct fuse_conn *fc = fuse_ctl_file_conn_get(file);
127 if (fc) {
128 fc->max_background = val;
129 fuse_conn_put(fc);
130 }
131 }
132
133 return ret;
134 }
135
136 static ssize_t fuse_conn_congestion_threshold_read(struct file *file,
137 char __user *buf, size_t len,
138 loff_t *ppos)
139 {
140 struct fuse_conn *fc;
141 unsigned val;
142
143 fc = fuse_ctl_file_conn_get(file);
144 if (!fc)
145 return 0;
146
147 val = READ_ONCE(fc->congestion_threshold);
148 fuse_conn_put(fc);
149
150 return fuse_conn_limit_read(file, buf, len, ppos, val);
151 }
152
153 static ssize_t fuse_conn_congestion_threshold_write(struct file *file,
154 const char __user *buf,
155 size_t count, loff_t *ppos)
156 {
157 unsigned uninitialized_var(val);
158 ssize_t ret;
159
160 ret = fuse_conn_limit_write(file, buf, count, ppos, &val,
161 max_user_congthresh);
162 if (ret > 0) {
163 struct fuse_conn *fc = fuse_ctl_file_conn_get(file);
164 if (fc) {
165 fc->congestion_threshold = val;
166 fuse_conn_put(fc);
167 }
168 }
169
170 return ret;
171 }
172
173 static const struct file_operations fuse_ctl_abort_ops = {
174 .open = nonseekable_open,
175 .write = fuse_conn_abort_write,
176 .llseek = no_llseek,
177 };
178
179 static const struct file_operations fuse_ctl_waiting_ops = {
180 .open = nonseekable_open,
181 .read = fuse_conn_waiting_read,
182 .llseek = no_llseek,
183 };
184
185 static const struct file_operations fuse_conn_max_background_ops = {
186 .open = nonseekable_open,
187 .read = fuse_conn_max_background_read,
188 .write = fuse_conn_max_background_write,
189 .llseek = no_llseek,
190 };
191
192 static const struct file_operations fuse_conn_congestion_threshold_ops = {
193 .open = nonseekable_open,
194 .read = fuse_conn_congestion_threshold_read,
195 .write = fuse_conn_congestion_threshold_write,
196 .llseek = no_llseek,
197 };
198
199 static struct dentry *fuse_ctl_add_dentry(struct dentry *parent,
200 struct fuse_conn *fc,
201 const char *name,
202 int mode, int nlink,
203 const struct inode_operations *iop,
204 const struct file_operations *fop)
205 {
206 struct dentry *dentry;
207 struct inode *inode;
208
209 BUG_ON(fc->ctl_ndents >= FUSE_CTL_NUM_DENTRIES);
210 dentry = d_alloc_name(parent, name);
211 if (!dentry)
212 return NULL;
213
214 inode = new_inode(fuse_control_sb);
215 if (!inode) {
216 dput(dentry);
217 return NULL;
218 }
219
220 inode->i_ino = get_next_ino();
221 inode->i_mode = mode;
222 inode->i_uid = fc->user_id;
223 inode->i_gid = fc->group_id;
224 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
225 /* setting ->i_op to NULL is not allowed */
226 if (iop)
227 inode->i_op = iop;
228 inode->i_fop = fop;
229 set_nlink(inode, nlink);
230 inode->i_private = fc;
231 d_add(dentry, inode);
232
233 fc->ctl_dentry[fc->ctl_ndents++] = dentry;
234
235 return dentry;
236 }
237
238 /*
239 * Add a connection to the control filesystem (if it exists). Caller
240 * must hold fuse_mutex
241 */
242 int fuse_ctl_add_conn(struct fuse_conn *fc)
243 {
244 struct dentry *parent;
245 char name[32];
246
247 if (!fuse_control_sb)
248 return 0;
249
250 parent = fuse_control_sb->s_root;
251 inc_nlink(d_inode(parent));
252 sprintf(name, "%u", fc->dev);
253 parent = fuse_ctl_add_dentry(parent, fc, name, S_IFDIR | 0500, 2,
254 &simple_dir_inode_operations,
255 &simple_dir_operations);
256 if (!parent)
257 goto err;
258
259 if (!fuse_ctl_add_dentry(parent, fc, "waiting", S_IFREG | 0400, 1,
260 NULL, &fuse_ctl_waiting_ops) ||
261 !fuse_ctl_add_dentry(parent, fc, "abort", S_IFREG | 0200, 1,
262 NULL, &fuse_ctl_abort_ops) ||
263 !fuse_ctl_add_dentry(parent, fc, "max_background", S_IFREG | 0600,
264 1, NULL, &fuse_conn_max_background_ops) ||
265 !fuse_ctl_add_dentry(parent, fc, "congestion_threshold",
266 S_IFREG | 0600, 1, NULL,
267 &fuse_conn_congestion_threshold_ops))
268 goto err;
269
270 return 0;
271
272 err:
273 fuse_ctl_remove_conn(fc);
274 return -ENOMEM;
275 }
276
277 /*
278 * Remove a connection from the control filesystem (if it exists).
279 * Caller must hold fuse_mutex
280 */
281 void fuse_ctl_remove_conn(struct fuse_conn *fc)
282 {
283 int i;
284
285 if (!fuse_control_sb)
286 return;
287
288 for (i = fc->ctl_ndents - 1; i >= 0; i--) {
289 struct dentry *dentry = fc->ctl_dentry[i];
290 d_inode(dentry)->i_private = NULL;
291 if (!i) {
292 /* Get rid of submounts: */
293 d_invalidate(dentry);
294 }
295 dput(dentry);
296 }
297 drop_nlink(d_inode(fuse_control_sb->s_root));
298 }
299
300 static int fuse_ctl_fill_super(struct super_block *sb, void *data, int silent)
301 {
302 struct tree_descr empty_descr = {""};
303 struct fuse_conn *fc;
304 int err;
305
306 err = simple_fill_super(sb, FUSE_CTL_SUPER_MAGIC, &empty_descr);
307 if (err)
308 return err;
309
310 mutex_lock(&fuse_mutex);
311 BUG_ON(fuse_control_sb);
312 fuse_control_sb = sb;
313 list_for_each_entry(fc, &fuse_conn_list, entry) {
314 err = fuse_ctl_add_conn(fc);
315 if (err) {
316 fuse_control_sb = NULL;
317 mutex_unlock(&fuse_mutex);
318 return err;
319 }
320 }
321 mutex_unlock(&fuse_mutex);
322
323 return 0;
324 }
325
326 static struct dentry *fuse_ctl_mount(struct file_system_type *fs_type,
327 int flags, const char *dev_name, void *raw_data)
328 {
329 return mount_single(fs_type, flags, raw_data, fuse_ctl_fill_super);
330 }
331
332 static void fuse_ctl_kill_sb(struct super_block *sb)
333 {
334 struct fuse_conn *fc;
335
336 mutex_lock(&fuse_mutex);
337 fuse_control_sb = NULL;
338 list_for_each_entry(fc, &fuse_conn_list, entry)
339 fc->ctl_ndents = 0;
340 mutex_unlock(&fuse_mutex);
341
342 kill_litter_super(sb);
343 }
344
345 static struct file_system_type fuse_ctl_fs_type = {
346 .owner = THIS_MODULE,
347 .name = "fusectl",
348 .mount = fuse_ctl_mount,
349 .kill_sb = fuse_ctl_kill_sb,
350 };
351 MODULE_ALIAS_FS("fusectl");
352
353 int __init fuse_ctl_init(void)
354 {
355 return register_filesystem(&fuse_ctl_fs_type);
356 }
357
358 void __exit fuse_ctl_cleanup(void)
359 {
360 unregister_filesystem(&fuse_ctl_fs_type);
361 }
Linux with added FPC-III support