Fuse may be built as a module, but verifier components are not. This provides a means for fuse-bpf to handle struct op programs once the module is loaded. Signed-off-by: Daniel Rosenberg <drosen@xxxxxxxxxx> --- fs/fuse/Makefile | 2 +- fs/fuse/backing.c | 2 + fs/fuse/bpf_register.c | 209 +++++++++++++++++++++++++++++++++++++++ fs/fuse/fuse_i.h | 26 +++++ include/linux/bpf_fuse.h | 8 ++ 5 files changed, 246 insertions(+), 1 deletion(-) create mode 100644 fs/fuse/bpf_register.c diff --git a/fs/fuse/Makefile b/fs/fuse/Makefile index a0853c439db2..903253db7285 100644 --- a/fs/fuse/Makefile +++ b/fs/fuse/Makefile @@ -9,6 +9,6 @@ obj-$(CONFIG_VIRTIO_FS) += virtiofs.o fuse-y := dev.o dir.o file.o inode.o control.o xattr.o acl.o readdir.o ioctl.o fuse-$(CONFIG_FUSE_DAX) += dax.o -fuse-$(CONFIG_FUSE_BPF) += backing.o +fuse-$(CONFIG_FUSE_BPF) += backing.o bpf_register.o virtiofs-y := virtio_fs.o diff --git a/fs/fuse/backing.c b/fs/fuse/backing.c index e807ae4f6f53..898ef9e05e9d 100644 --- a/fs/fuse/backing.c +++ b/fs/fuse/backing.c @@ -3360,6 +3360,7 @@ int fuse_bpf_access(int *out, struct inode *inode, int mask) int __init fuse_bpf_init(void) { + init_fuse_bpf(); fuse_bpf_aio_request_cachep = kmem_cache_create("fuse_bpf_aio_req", sizeof(struct fuse_bpf_aio_req), 0, SLAB_HWCACHE_ALIGN, NULL); @@ -3371,5 +3372,6 @@ int __init fuse_bpf_init(void) void __exit fuse_bpf_cleanup(void) { + uninit_fuse_bpf(); kmem_cache_destroy(fuse_bpf_aio_request_cachep); } diff --git a/fs/fuse/bpf_register.c b/fs/fuse/bpf_register.c new file mode 100644 index 000000000000..dfe15dcf3477 --- /dev/null +++ b/fs/fuse/bpf_register.c @@ -0,0 +1,209 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * FUSE-BPF: Filesystem in Userspace with BPF + * Copyright (c) 2021 Google LLC + */ + +#include <linux/bpf_verifier.h> +#include <linux/bpf_fuse.h> +#include <linux/bpf.h> +#include <linux/btf.h> +#include <linux/hashtable.h> + +#include "fuse_i.h" + +struct fuse_ops tmp_f_op_empty = { 0 }; +struct fuse_ops *tmp_f_op = &tmp_f_op_empty; + +struct hashtable_entry { + struct hlist_node hlist; + struct hlist_node dlist; /* for deletion cleanup */ + struct qstr key; + struct fuse_ops *ops; +}; + +static DEFINE_HASHTABLE(name_to_ops, 8); + +static unsigned int full_name_case_hash(const void *salt, const unsigned char *name, unsigned int len) +{ + unsigned long hash = init_name_hash(salt); + + while (len--) + hash = partial_name_hash(tolower(*name++), hash); + return end_name_hash(hash); +} + +static inline void qstr_init(struct qstr *q, const char *name) +{ + q->name = name; + q->len = strlen(q->name); + q->hash = full_name_case_hash(0, q->name, q->len); +} + +static inline int qstr_copy(const struct qstr *src, struct qstr *dest) +{ + dest->name = kstrdup(src->name, GFP_KERNEL); + dest->hash_len = src->hash_len; + return !!dest->name; +} + +static inline int qstr_eq(const struct qstr *s1, const struct qstr *s2) +{ + int res, r1, r2, r3; + + r1 = s1->len == s2->len; + r2 = s1->hash == s2->hash; + r3 = memcmp(s1->name, s2->name, s1->len); + res = (s1->len == s2->len && s1->hash == s2->hash && !memcmp(s1->name, s2->name, s1->len)); + return res; +} + +static struct fuse_ops *__find_fuse_ops(const struct qstr *key) +{ + struct hashtable_entry *hash_cur; + unsigned int hash = key->hash; + struct fuse_ops *ret_ops; + + rcu_read_lock(); + hash_for_each_possible_rcu(name_to_ops, hash_cur, hlist, hash) { + if (qstr_eq(key, &hash_cur->key)) { + ret_ops = hash_cur->ops; + ret_ops = get_fuse_ops(ret_ops); + rcu_read_unlock(); + return ret_ops; + } + } + rcu_read_unlock(); + return NULL; +} + +struct fuse_ops *get_fuse_ops(struct fuse_ops *ops) +{ + if (bpf_try_module_get(ops, BPF_MODULE_OWNER)) + return ops; + else + return NULL; +} + +void put_fuse_ops(struct fuse_ops *ops) +{ + if (ops) + bpf_module_put(ops, BPF_MODULE_OWNER); +} + +struct fuse_ops *find_fuse_ops(const char *key) +{ + struct qstr q; + + qstr_init(&q, key); + return __find_fuse_ops(&q); +} + +static struct hashtable_entry *alloc_hashtable_entry(const struct qstr *key, + struct fuse_ops *value) +{ + struct hashtable_entry *ret = kzalloc(sizeof(*ret), GFP_KERNEL); + if (!ret) + return NULL; + INIT_HLIST_NODE(&ret->dlist); + INIT_HLIST_NODE(&ret->hlist); + + if (!qstr_copy(key, &ret->key)) { + kfree(ret); + return NULL; + } + + ret->ops = value; + return ret; +} + +static int __register_fuse_op(struct fuse_ops *value) +{ + struct hashtable_entry *hash_cur; + struct hashtable_entry *new_entry; + struct qstr key; + unsigned int hash; + + qstr_init(&key, value->name); + hash = key.hash; + hash_for_each_possible_rcu(name_to_ops, hash_cur, hlist, hash) { + if (qstr_eq(&key, &hash_cur->key)) { + return -EEXIST; + } + } + new_entry = alloc_hashtable_entry(&key, value); + if (!new_entry) + return -ENOMEM; + hash_add_rcu(name_to_ops, &new_entry->hlist, hash); + return 0; +} + +static int register_fuse_op(struct fuse_ops *value) +{ + int err; + + if (bpf_try_module_get(value, BPF_MODULE_OWNER)) + err = __register_fuse_op(value); + else + return -EBUSY; + + return err; +} + +static void unregister_fuse_op(struct fuse_ops *value) +{ + struct hashtable_entry *hash_cur; + struct qstr key; + unsigned int hash; + struct hlist_node *h_t; + HLIST_HEAD(free_list); + + qstr_init(&key, value->name); + hash = key.hash; + + hash_for_each_possible_rcu(name_to_ops, hash_cur, hlist, hash) { + if (qstr_eq(&key, &hash_cur->key)) { + hash_del_rcu(&hash_cur->hlist); + hlist_add_head(&hash_cur->dlist, &free_list); + } + } + synchronize_rcu(); + bpf_module_put(value, BPF_MODULE_OWNER); + hlist_for_each_entry_safe(hash_cur, h_t, &free_list, dlist) + kfree(hash_cur); +} + +static void fuse_op_list_destroy(void) +{ + struct hashtable_entry *hash_cur; + struct hlist_node *h_t; + HLIST_HEAD(free_list); + int i; + + //mutex_lock(&sdcardfs_super_list_lock); + hash_for_each_rcu(name_to_ops, i, hash_cur, hlist) { + hash_del_rcu(&hash_cur->hlist); + hlist_add_head(&hash_cur->dlist, &free_list); + } + synchronize_rcu(); + hlist_for_each_entry_safe(hash_cur, h_t, &free_list, dlist) + kfree(hash_cur); + //mutex_unlock(&sdcardfs_super_list_lock); + pr_info("fuse: destroyed fuse_op list\n"); +} + +static struct bpf_fuse_ops_attach bpf_fuse_ops_connect = { + .fuse_register_bpf = ®ister_fuse_op, + .fuse_unregister_bpf = &unregister_fuse_op, +}; + +int init_fuse_bpf(void) +{ + return register_fuse_bpf(&bpf_fuse_ops_connect); +} + +void uninit_fuse_bpf(void) +{ + unregister_fuse_bpf(&bpf_fuse_ops_connect); + fuse_op_list_destroy(); +} diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h index 2bd45c8658e8..84c591d02e43 100644 --- a/fs/fuse/fuse_i.h +++ b/fs/fuse/fuse_i.h @@ -1390,6 +1390,32 @@ void fuse_file_release(struct inode *inode, struct fuse_file *ff, unsigned int open_flags, fl_owner_t id, bool isdir); /* backing.c */ +#ifdef CONFIG_FUSE_BPF +struct fuse_ops *find_fuse_ops(const char *key); +struct fuse_ops *get_fuse_ops(struct fuse_ops *ops); +void put_fuse_ops(struct fuse_ops *ops); +int init_fuse_bpf(void); +void uninit_fuse_bpf(void); +#else +int init_fuse_bpf(void) +{ + return -EOPNOTSUPP; +} +void uninit_fuse_bpf(void) +{ +} +struct fuse_ops *find_fuse_ops(const char *key) +{ + return NULL; +} +struct fuse_ops *get_fuse_ops(struct fuse_ops *ops) +{ + return NULL; +} +void put_fuse_ops(struct fuse_ops *ops) +{ +} +#endif enum fuse_bpf_set { FUSE_BPF_UNCHANGED = 0, diff --git a/include/linux/bpf_fuse.h b/include/linux/bpf_fuse.h index 780a7889aea2..2183a7a45c92 100644 --- a/include/linux/bpf_fuse.h +++ b/include/linux/bpf_fuse.h @@ -270,4 +270,12 @@ struct fuse_ops { char name[BPF_FUSE_NAME_MAX]; }; +struct bpf_fuse_ops_attach { + int (*fuse_register_bpf)(struct fuse_ops *f_ops); + void (*fuse_unregister_bpf)(struct fuse_ops *f_ops); +}; + +int register_fuse_bpf(struct bpf_fuse_ops_attach *reg_ops); +void unregister_fuse_bpf(struct bpf_fuse_ops_attach *reg_ops); + #endif /* _BPF_FUSE_H */ -- 2.40.0.634.g4ca3ef3211-goog