2020-01-18 08:38:21 +00:00
|
|
|
/*
|
2021-07-10 22:25:24 +00:00
|
|
|
* Copyright (c) 2018-2021, Andreas Kling <kling@serenityos.org>
|
2020-01-18 08:38:21 +00:00
|
|
|
*
|
2021-04-22 08:24:48 +00:00
|
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
2020-01-18 08:38:21 +00:00
|
|
|
*/
|
|
|
|
|
2018-10-10 09:53:07 +00:00
|
|
|
#pragma once
|
|
|
|
|
2019-05-31 13:36:49 +00:00
|
|
|
#include <AK/Badge.h>
|
2021-11-07 23:51:39 +00:00
|
|
|
#include <AK/Error.h>
|
2019-05-28 09:53:16 +00:00
|
|
|
#include <AK/Function.h>
|
2018-10-10 09:53:07 +00:00
|
|
|
#include <AK/HashMap.h>
|
2019-07-24 07:15:33 +00:00
|
|
|
#include <AK/NonnullOwnPtrVector.h>
|
2018-10-10 09:53:07 +00:00
|
|
|
#include <AK/OwnPtr.h>
|
2022-08-19 21:03:24 +00:00
|
|
|
#include <AK/RefPtr.h>
|
|
|
|
#include <Kernel/FileSystem/FileBackedFileSystem.h>
|
2019-05-31 13:36:49 +00:00
|
|
|
#include <Kernel/FileSystem/FileSystem.h>
|
|
|
|
#include <Kernel/FileSystem/InodeIdentifier.h>
|
|
|
|
#include <Kernel/FileSystem/InodeMetadata.h>
|
2021-07-10 22:46:06 +00:00
|
|
|
#include <Kernel/FileSystem/Mount.h>
|
2021-08-06 12:11:45 +00:00
|
|
|
#include <Kernel/FileSystem/UnveilNode.h>
|
2021-07-11 09:49:16 +00:00
|
|
|
#include <Kernel/Forward.h>
|
2022-08-19 18:53:40 +00:00
|
|
|
#include <Kernel/Library/LockRefPtr.h>
|
2022-02-03 00:37:46 +00:00
|
|
|
#include <Kernel/Locking/SpinlockProtected.h>
|
2018-10-10 09:53:07 +00:00
|
|
|
|
2020-02-16 00:27:42 +00:00
|
|
|
namespace Kernel {
|
2020-01-21 12:34:39 +00:00
|
|
|
|
2021-08-14 17:46:18 +00:00
|
|
|
// Kernel internal options.
|
|
|
|
#define O_NOFOLLOW_NOERROR (1 << 29)
|
|
|
|
#define O_UNLINK_INTERNAL (1 << 30)
|
|
|
|
|
2020-01-03 19:13:21 +00:00
|
|
|
struct UidAndGid {
|
2021-08-28 20:11:16 +00:00
|
|
|
UserID uid;
|
|
|
|
GroupID gid;
|
2020-01-03 19:13:21 +00:00
|
|
|
};
|
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
class VirtualFileSystem {
|
2018-10-10 09:53:07 +00:00
|
|
|
public:
|
2021-12-21 15:11:19 +00:00
|
|
|
// Required to be at least 8 by POSIX
|
|
|
|
// https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html
|
|
|
|
static constexpr int symlink_recursion_limit = 8;
|
|
|
|
|
2020-08-25 01:35:19 +00:00
|
|
|
static void initialize();
|
2021-07-10 22:25:24 +00:00
|
|
|
static VirtualFileSystem& the();
|
2018-10-10 09:53:07 +00:00
|
|
|
|
2021-07-10 22:25:24 +00:00
|
|
|
VirtualFileSystem();
|
|
|
|
~VirtualFileSystem();
|
2018-10-10 09:53:07 +00:00
|
|
|
|
2021-11-07 23:51:39 +00:00
|
|
|
ErrorOr<void> mount_root(FileSystem&);
|
|
|
|
ErrorOr<void> mount(FileSystem&, Custody& mount_point, int flags);
|
|
|
|
ErrorOr<void> bind_mount(Custody& source, Custody& mount_point, int flags);
|
|
|
|
ErrorOr<void> remount(Custody& mount_point, int new_flags);
|
2022-08-19 21:03:24 +00:00
|
|
|
ErrorOr<void> unmount(Custody& mount_point);
|
2021-11-07 23:51:39 +00:00
|
|
|
|
2022-08-21 14:02:24 +00:00
|
|
|
ErrorOr<NonnullLockRefPtr<OpenFileDescription>> open(Credentials const&, StringView path, int options, mode_t mode, Custody& base, Optional<UidAndGid> = {});
|
|
|
|
ErrorOr<NonnullLockRefPtr<OpenFileDescription>> create(Credentials const&, StringView path, int options, mode_t mode, Custody& parent_custody, Optional<UidAndGid> = {});
|
|
|
|
ErrorOr<void> mkdir(Credentials const&, StringView path, mode_t mode, Custody& base);
|
|
|
|
ErrorOr<void> link(Credentials const&, StringView old_path, StringView new_path, Custody& base);
|
|
|
|
ErrorOr<void> unlink(Credentials const&, StringView path, Custody& base);
|
|
|
|
ErrorOr<void> symlink(Credentials const&, StringView target, StringView linkpath, Custody& base);
|
|
|
|
ErrorOr<void> rmdir(Credentials const&, StringView path, Custody& base);
|
|
|
|
ErrorOr<void> chmod(Credentials const&, StringView path, mode_t, Custody& base, int options = 0);
|
|
|
|
ErrorOr<void> chmod(Credentials const&, Custody&, mode_t);
|
|
|
|
ErrorOr<void> chown(Credentials const&, StringView path, UserID, GroupID, Custody& base, int options);
|
|
|
|
ErrorOr<void> chown(Credentials const&, Custody&, UserID, GroupID);
|
|
|
|
ErrorOr<void> access(Credentials const&, StringView path, int mode, Custody& base);
|
|
|
|
ErrorOr<InodeMetadata> lookup_metadata(Credentials const&, StringView path, Custody& base, int options = 0);
|
|
|
|
ErrorOr<void> utime(Credentials const&, StringView path, Custody& base, time_t atime, time_t mtime);
|
|
|
|
ErrorOr<void> utimensat(Credentials const&, StringView path, Custody& base, timespec const& atime, timespec const& mtime, int options = 0);
|
|
|
|
ErrorOr<void> rename(Credentials const&, StringView oldpath, StringView newpath, Custody& base);
|
|
|
|
ErrorOr<void> mknod(Credentials const&, StringView path, mode_t, dev_t, Custody& base);
|
|
|
|
ErrorOr<NonnullRefPtr<Custody>> open_directory(Credentials const&, StringView path, Custody& base);
|
2018-10-10 09:53:07 +00:00
|
|
|
|
2022-04-01 17:58:27 +00:00
|
|
|
ErrorOr<void> for_each_mount(Function<ErrorOr<void>(Mount const&)>) const;
|
2018-10-26 16:43:25 +00:00
|
|
|
|
2022-08-19 21:03:24 +00:00
|
|
|
ErrorOr<NonnullLockRefPtr<FileBackedFileSystem>> find_already_existing_or_create_file_backed_file_system(OpenFileDescription& description, Function<ErrorOr<NonnullLockRefPtr<FileSystem>>(OpenFileDescription&)> callback);
|
|
|
|
|
2018-11-18 22:28:43 +00:00
|
|
|
InodeIdentifier root_inode_id() const;
|
|
|
|
|
Kernel/FileSystem: Discard safely filesystems when unmounted last time
This commit reached that goal of "safely discarding" a filesystem by
doing the following:
1. Stop using the s_file_system_map HashMap as it was an unsafe measure
to access pointers of FileSystems. Instead, make sure to register all
FileSystems at the VFS layer, with an IntrusiveList, to avoid problems
related to OOM conditions.
2. Make sure to cleanly remove the DiskCache object from a BlockBased
filesystem, so the destructor of such object will not need to do that in
the destruction point.
3. For ext2 filesystems, don't cache the root inode at m_inode_cache
HashMap. The reason for this is that when unmounting an ext2 filesystem,
we lookup at the cache to see if there's a reference to a cached inode
and if that's the case, we fail with EBUSY. If we keep the m_root_inode
also being referenced at the m_inode_cache map, we have 2 references to
that object, which will lead to fail with EBUSY. Also, it's much simpler
to always ask for a root inode and get it immediately from m_root_inode,
instead of looking up the cache for that inode.
2022-08-20 06:28:02 +00:00
|
|
|
void sync_filesystems();
|
|
|
|
void lock_all_filesystems();
|
|
|
|
|
2021-07-10 22:26:17 +00:00
|
|
|
static void sync();
|
2018-12-19 23:39:29 +00:00
|
|
|
|
2022-08-20 23:04:35 +00:00
|
|
|
NonnullRefPtr<Custody> root_custody();
|
2022-08-21 14:02:24 +00:00
|
|
|
ErrorOr<NonnullRefPtr<Custody>> resolve_path(Credentials const&, StringView path, NonnullRefPtr<Custody> base, RefPtr<Custody>* out_parent = nullptr, int options = 0, int symlink_recursion_level = 0);
|
|
|
|
ErrorOr<NonnullRefPtr<Custody>> resolve_path_without_veil(Credentials const&, StringView path, NonnullRefPtr<Custody> base, RefPtr<Custody>* out_parent = nullptr, int options = 0, int symlink_recursion_level = 0);
|
2019-05-30 15:46:08 +00:00
|
|
|
|
2018-10-10 09:53:07 +00:00
|
|
|
private:
|
2021-09-07 11:39:11 +00:00
|
|
|
friend class OpenFileDescription;
|
2018-10-24 10:43:52 +00:00
|
|
|
|
2021-06-06 21:13:26 +00:00
|
|
|
UnveilNode const& find_matching_unveiled_path(StringView path);
|
2021-11-07 23:51:39 +00:00
|
|
|
ErrorOr<void> validate_path_against_process_veil(Custody const& path, int options);
|
|
|
|
ErrorOr<void> validate_path_against_process_veil(StringView path, int options);
|
Kernel: Add a basic implementation of unveil()
This syscall is a complement to pledge() and adds the same sort of
incremental relinquishing of capabilities for filesystem access.
The first call to unveil() will "drop a veil" on the process, and from
now on, only unveiled parts of the filesystem are visible to it.
Each call to unveil() specifies a path to either a directory or a file
along with permissions for that path. The permissions are a combination
of the following:
- r: Read access (like the "rpath" promise)
- w: Write access (like the "wpath" promise)
- x: Execute access
- c: Create/remove access (like the "cpath" promise)
Attempts to open a path that has not been unveiled with fail with
ENOENT. If the unveiled path lacks sufficient permissions, it will fail
with EACCES.
Like pledge(), subsequent calls to unveil() with the same path can only
remove permissions, not add them.
Once you call unveil(nullptr, nullptr), the veil is locked, and it's no
longer possible to unveil any more paths for the process, ever.
This concept comes from OpenBSD, and their implementation does various
things differently, I'm sure. This is just a first implementation for
SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
|
|
|
|
2018-11-15 13:43:10 +00:00
|
|
|
bool is_vfs_root(InodeIdentifier) const;
|
|
|
|
|
2021-11-10 14:42:39 +00:00
|
|
|
ErrorOr<void> traverse_directory_inode(Inode&, Function<ErrorOr<void>(FileSystem::DirectoryEntryView const&)>);
|
2018-10-10 09:53:07 +00:00
|
|
|
|
2022-08-10 15:50:23 +00:00
|
|
|
bool mount_point_exists_at_inode(InodeIdentifier inode);
|
|
|
|
|
2022-08-20 23:04:35 +00:00
|
|
|
// FIXME: These functions are totally unsafe as someone could unmount the returned Mount underneath us.
|
2018-11-15 14:10:12 +00:00
|
|
|
Mount* find_mount_for_host(InodeIdentifier);
|
|
|
|
Mount* find_mount_for_guest(InodeIdentifier);
|
2018-10-10 09:53:07 +00:00
|
|
|
|
2022-08-19 18:53:40 +00:00
|
|
|
LockRefPtr<Inode> m_root_inode;
|
2021-08-15 23:40:19 +00:00
|
|
|
|
2022-08-20 23:04:35 +00:00
|
|
|
SpinlockProtected<RefPtr<Custody>> m_root_custody;
|
|
|
|
|
2022-11-21 20:10:56 +00:00
|
|
|
SpinlockProtected<IntrusiveList<&Mount::m_vfs_list_node>> m_mounts { LockRank::None };
|
2022-08-19 21:03:24 +00:00
|
|
|
SpinlockProtected<IntrusiveList<&FileBackedFileSystem::m_file_backed_file_system_node>> m_file_backed_file_systems_list { LockRank::None };
|
Kernel/FileSystem: Discard safely filesystems when unmounted last time
This commit reached that goal of "safely discarding" a filesystem by
doing the following:
1. Stop using the s_file_system_map HashMap as it was an unsafe measure
to access pointers of FileSystems. Instead, make sure to register all
FileSystems at the VFS layer, with an IntrusiveList, to avoid problems
related to OOM conditions.
2. Make sure to cleanly remove the DiskCache object from a BlockBased
filesystem, so the destructor of such object will not need to do that in
the destruction point.
3. For ext2 filesystems, don't cache the root inode at m_inode_cache
HashMap. The reason for this is that when unmounting an ext2 filesystem,
we lookup at the cache to see if there's a reference to a cached inode
and if that's the case, we fail with EBUSY. If we keep the m_root_inode
also being referenced at the m_inode_cache map, we have 2 references to
that object, which will lead to fail with EBUSY. Also, it's much simpler
to always ask for a root inode and get it immediately from m_root_inode,
instead of looking up the cache for that inode.
2022-08-20 06:28:02 +00:00
|
|
|
SpinlockProtected<IntrusiveList<&FileSystem::m_file_system_node>> m_file_systems_list { LockRank::FileSystem };
|
2018-10-10 09:53:07 +00:00
|
|
|
};
|
2020-02-16 00:27:42 +00:00
|
|
|
|
|
|
|
}
|