1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6#include "xfs.h" 7#include "xfs_fs.h" 8#include "xfs_shared.h" 9#include "xfs_format.h" 10#include "xfs_log_format.h" 11#include "xfs_trans_resv.h" 12#include "xfs_mount.h" 13#include "xfs_inode.h" 14#include "xfs_acl.h" 15#include "xfs_quota.h" 16#include "xfs_attr.h" 17#include "xfs_trans.h" 18#include "xfs_trace.h" 19#include "xfs_icache.h" 20#include "xfs_symlink.h" 21#include "xfs_dir2.h" 22#include "xfs_iomap.h" 23#include "xfs_error.h" 24 25#include <linux/posix_acl.h> 26#include <linux/security.h> 27#include <linux/iversion.h> 28#include <linux/fiemap.h> 29 30/* 31 * Directories have different lock order w.r.t. mmap_lock compared to regular 32 * files. This is due to readdir potentially triggering page faults on a user 33 * buffer inside filldir(), and this happens with the ilock on the directory 34 * held. For regular files, the lock order is the other way around - the 35 * mmap_lock is taken during the page fault, and then we lock the ilock to do 36 * block mapping. Hence we need a different class for the directory ilock so 37 * that lockdep can tell them apart. 38 */ 39static struct lock_class_key xfs_nondir_ilock_class; 40static struct lock_class_key xfs_dir_ilock_class; 41 42static int 43xfs_initxattrs( 44 struct inode *inode, 45 const struct xattr *xattr_array, 46 void *fs_info) 47{ 48 const struct xattr *xattr; 49 struct xfs_inode *ip = XFS_I(inode); 50 int error = 0; 51 52 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 53 struct xfs_da_args args = { 54 .dp = ip, 55 .attr_filter = XFS_ATTR_SECURE, 56 .name = xattr->name, 57 .namelen = strlen(xattr->name), 58 .value = xattr->value, 59 .valuelen = xattr->value_len, 60 }; 61 error = xfs_attr_set(&args); 62 if (error < 0) 63 break; 64 } 65 return error; 66} 67 68/* 69 * Hook in SELinux. This is not quite correct yet, what we really need 70 * here (as we do for default ACLs) is a mechanism by which creation of 71 * these attrs can be journalled at inode creation time (along with the 72 * inode, of course, such that log replay can't cause these to be lost). 73 */ 74 75STATIC int 76xfs_init_security( 77 struct inode *inode, 78 struct inode *dir, 79 const struct qstr *qstr) 80{ 81 return security_inode_init_security(inode, dir, qstr, 82 &xfs_initxattrs, NULL); 83} 84 85static void 86xfs_dentry_to_name( 87 struct xfs_name *namep, 88 struct dentry *dentry) 89{ 90 namep->name = dentry->d_name.name; 91 namep->len = dentry->d_name.len; 92 namep->type = XFS_DIR3_FT_UNKNOWN; 93} 94 95static int 96xfs_dentry_mode_to_name( 97 struct xfs_name *namep, 98 struct dentry *dentry, 99 int mode) 100{ 101 namep->name = dentry->d_name.name; 102 namep->len = dentry->d_name.len; 103 namep->type = xfs_mode_to_ftype(mode); 104 105 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 106 return -EFSCORRUPTED; 107 108 return 0; 109} 110 111STATIC void 112xfs_cleanup_inode( 113 struct inode *dir, 114 struct inode *inode, 115 struct dentry *dentry) 116{ 117 struct xfs_name teardown; 118 119 /* Oh, the horror. 120 * If we can't add the ACL or we fail in 121 * xfs_init_security we must back out. 122 * ENOSPC can hit here, among other things. 123 */ 124 xfs_dentry_to_name(&teardown, dentry); 125 126 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 127} 128 129STATIC int 130xfs_generic_create( 131 struct inode *dir, 132 struct dentry *dentry, 133 umode_t mode, 134 dev_t rdev, 135 bool tmpfile) /* unnamed file */ 136{ 137 struct inode *inode; 138 struct xfs_inode *ip = NULL; 139 struct posix_acl *default_acl, *acl; 140 struct xfs_name name; 141 int error; 142 143 /* 144 * Irix uses Missed'em'V split, but doesn't want to see 145 * the upper 5 bits of (14bit) major. 146 */ 147 if (S_ISCHR(mode) || S_ISBLK(mode)) { 148 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 149 return -EINVAL; 150 } else { 151 rdev = 0; 152 } 153 154 error = posix_acl_create(dir, &mode, &default_acl, &acl); 155 if (error) 156 return error; 157 158 /* Verify mode is valid also for tmpfile case */ 159 error = xfs_dentry_mode_to_name(&name, dentry, mode); 160 if (unlikely(error)) 161 goto out_free_acl; 162 163 if (!tmpfile) { 164 error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip); 165 } else { 166 error = xfs_create_tmpfile(XFS_I(dir), mode, &ip); 167 } 168 if (unlikely(error)) 169 goto out_free_acl; 170 171 inode = VFS_I(ip); 172 173 error = xfs_init_security(inode, dir, &dentry->d_name); 174 if (unlikely(error)) 175 goto out_cleanup_inode; 176 177#ifdef CONFIG_XFS_POSIX_ACL 178 if (default_acl) { 179 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 180 if (error) 181 goto out_cleanup_inode; 182 } 183 if (acl) { 184 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 185 if (error) 186 goto out_cleanup_inode; 187 } 188#endif 189 190 xfs_setup_iops(ip); 191 192 if (tmpfile) { 193 /* 194 * The VFS requires that any inode fed to d_tmpfile must have 195 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 196 * However, we created the temp file with nlink == 0 because 197 * we're not allowed to put an inode with nlink > 0 on the 198 * unlinked list. Therefore we have to set nlink to 1 so that 199 * d_tmpfile can immediately set it back to zero. 200 */ 201 set_nlink(inode, 1); 202 d_tmpfile(dentry, inode); 203 } else 204 d_instantiate(dentry, inode); 205 206 xfs_finish_inode_setup(ip); 207 208 out_free_acl: 209 if (default_acl) 210 posix_acl_release(default_acl); 211 if (acl) 212 posix_acl_release(acl); 213 return error; 214 215 out_cleanup_inode: 216 xfs_finish_inode_setup(ip); 217 if (!tmpfile) 218 xfs_cleanup_inode(dir, inode, dentry); 219 xfs_irele(ip); 220 goto out_free_acl; 221} 222 223STATIC int 224xfs_vn_mknod( 225 struct inode *dir, 226 struct dentry *dentry, 227 umode_t mode, 228 dev_t rdev) 229{ 230 return xfs_generic_create(dir, dentry, mode, rdev, false); 231} 232 233STATIC int 234xfs_vn_create( 235 struct inode *dir, 236 struct dentry *dentry, 237 umode_t mode, 238 bool flags) 239{ 240 return xfs_generic_create(dir, dentry, mode, 0, false); 241} 242 243STATIC int 244xfs_vn_mkdir( 245 struct inode *dir, 246 struct dentry *dentry, 247 umode_t mode) 248{ 249 return xfs_generic_create(dir, dentry, mode | S_IFDIR, 0, false); 250} 251 252STATIC struct dentry * 253xfs_vn_lookup( 254 struct inode *dir, 255 struct dentry *dentry, 256 unsigned int flags) 257{ 258 struct inode *inode; 259 struct xfs_inode *cip; 260 struct xfs_name name; 261 int error; 262 263 if (dentry->d_name.len >= MAXNAMELEN) 264 return ERR_PTR(-ENAMETOOLONG); 265 266 xfs_dentry_to_name(&name, dentry); 267 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 268 if (likely(!error)) 269 inode = VFS_I(cip); 270 else if (likely(error == -ENOENT)) 271 inode = NULL; 272 else 273 inode = ERR_PTR(error); 274 return d_splice_alias(inode, dentry); 275} 276 277STATIC struct dentry * 278xfs_vn_ci_lookup( 279 struct inode *dir, 280 struct dentry *dentry, 281 unsigned int flags) 282{ 283 struct xfs_inode *ip; 284 struct xfs_name xname; 285 struct xfs_name ci_name; 286 struct qstr dname; 287 int error; 288 289 if (dentry->d_name.len >= MAXNAMELEN) 290 return ERR_PTR(-ENAMETOOLONG); 291 292 xfs_dentry_to_name(&xname, dentry); 293 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 294 if (unlikely(error)) { 295 if (unlikely(error != -ENOENT)) 296 return ERR_PTR(error); 297 /* 298 * call d_add(dentry, NULL) here when d_drop_negative_children 299 * is called in xfs_vn_mknod (ie. allow negative dentries 300 * with CI filesystems). 301 */ 302 return NULL; 303 } 304 305 /* if exact match, just splice and exit */ 306 if (!ci_name.name) 307 return d_splice_alias(VFS_I(ip), dentry); 308 309 /* else case-insensitive match... */ 310 dname.name = ci_name.name; 311 dname.len = ci_name.len; 312 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 313 kmem_free(ci_name.name); 314 return dentry; 315} 316 317STATIC int 318xfs_vn_link( 319 struct dentry *old_dentry, 320 struct inode *dir, 321 struct dentry *dentry) 322{ 323 struct inode *inode = d_inode(old_dentry); 324 struct xfs_name name; 325 int error; 326 327 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 328 if (unlikely(error)) 329 return error; 330 331 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 332 if (unlikely(error)) 333 return error; 334 335 ihold(inode); 336 d_instantiate(dentry, inode); 337 return 0; 338} 339 340STATIC int 341xfs_vn_unlink( 342 struct inode *dir, 343 struct dentry *dentry) 344{ 345 struct xfs_name name; 346 int error; 347 348 xfs_dentry_to_name(&name, dentry); 349 350 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 351 if (error) 352 return error; 353 354 /* 355 * With unlink, the VFS makes the dentry "negative": no inode, 356 * but still hashed. This is incompatible with case-insensitive 357 * mode, so invalidate (unhash) the dentry in CI-mode. 358 */ 359 if (xfs_sb_version_hasasciici(&XFS_M(dir->i_sb)->m_sb)) 360 d_invalidate(dentry); 361 return 0; 362} 363 364STATIC int 365xfs_vn_symlink( 366 struct inode *dir, 367 struct dentry *dentry, 368 const char *symname) 369{ 370 struct inode *inode; 371 struct xfs_inode *cip = NULL; 372 struct xfs_name name; 373 int error; 374 umode_t mode; 375 376 mode = S_IFLNK | 377 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 378 error = xfs_dentry_mode_to_name(&name, dentry, mode); 379 if (unlikely(error)) 380 goto out; 381 382 error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip); 383 if (unlikely(error)) 384 goto out; 385 386 inode = VFS_I(cip); 387 388 error = xfs_init_security(inode, dir, &dentry->d_name); 389 if (unlikely(error)) 390 goto out_cleanup_inode; 391 392 xfs_setup_iops(cip); 393 394 d_instantiate(dentry, inode); 395 xfs_finish_inode_setup(cip); 396 return 0; 397 398 out_cleanup_inode: 399 xfs_finish_inode_setup(cip); 400 xfs_cleanup_inode(dir, inode, dentry); 401 xfs_irele(cip); 402 out: 403 return error; 404} 405 406STATIC int 407xfs_vn_rename( 408 struct inode *odir, 409 struct dentry *odentry, 410 struct inode *ndir, 411 struct dentry *ndentry, 412 unsigned int flags) 413{ 414 struct inode *new_inode = d_inode(ndentry); 415 int omode = 0; 416 int error; 417 struct xfs_name oname; 418 struct xfs_name nname; 419 420 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 421 return -EINVAL; 422 423 /* if we are exchanging files, we need to set i_mode of both files */ 424 if (flags & RENAME_EXCHANGE) 425 omode = d_inode(ndentry)->i_mode; 426 427 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 428 if (omode && unlikely(error)) 429 return error; 430 431 error = xfs_dentry_mode_to_name(&nname, ndentry, 432 d_inode(odentry)->i_mode); 433 if (unlikely(error)) 434 return error; 435 436 return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)), 437 XFS_I(ndir), &nname, 438 new_inode ? XFS_I(new_inode) : NULL, flags); 439} 440 441/* 442 * careful here - this function can get called recursively, so 443 * we need to be very careful about how much stack we use. 444 * uio is kmalloced for this reason... 445 */ 446STATIC const char * 447xfs_vn_get_link( 448 struct dentry *dentry, 449 struct inode *inode, 450 struct delayed_call *done) 451{ 452 char *link; 453 int error = -ENOMEM; 454 455 if (!dentry) 456 return ERR_PTR(-ECHILD); 457 458 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 459 if (!link) 460 goto out_err; 461 462 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 463 if (unlikely(error)) 464 goto out_kfree; 465 466 set_delayed_call(done, kfree_link, link); 467 return link; 468 469 out_kfree: 470 kfree(link); 471 out_err: 472 return ERR_PTR(error); 473} 474 475STATIC const char * 476xfs_vn_get_link_inline( 477 struct dentry *dentry, 478 struct inode *inode, 479 struct delayed_call *done) 480{ 481 struct xfs_inode *ip = XFS_I(inode); 482 char *link; 483 484 ASSERT(ip->i_df.if_flags & XFS_IFINLINE); 485 486 /* 487 * The VFS crashes on a NULL pointer, so return -EFSCORRUPTED if 488 * if_data is junk. 489 */ 490 link = ip->i_df.if_u1.if_data; 491 if (XFS_IS_CORRUPT(ip->i_mount, !link)) 492 return ERR_PTR(-EFSCORRUPTED); 493 return link; 494} 495 496static uint32_t 497xfs_stat_blksize( 498 struct xfs_inode *ip) 499{ 500 struct xfs_mount *mp = ip->i_mount; 501 502 /* 503 * If the file blocks are being allocated from a realtime volume, then 504 * always return the realtime extent size. 505 */ 506 if (XFS_IS_REALTIME_INODE(ip)) 507 return xfs_get_extsz_hint(ip) << mp->m_sb.sb_blocklog; 508 509 /* 510 * Allow large block sizes to be reported to userspace programs if the 511 * "largeio" mount option is used. 512 * 513 * If compatibility mode is specified, simply return the basic unit of 514 * caching so that we don't get inefficient read/modify/write I/O from 515 * user apps. Otherwise.... 516 * 517 * If the underlying volume is a stripe, then return the stripe width in 518 * bytes as the recommended I/O size. It is not a stripe and we've set a 519 * default buffered I/O size, return that, otherwise return the compat 520 * default. 521 */ 522 if (mp->m_flags & XFS_MOUNT_LARGEIO) { 523 if (mp->m_swidth) 524 return mp->m_swidth << mp->m_sb.sb_blocklog; 525 if (mp->m_flags & XFS_MOUNT_ALLOCSIZE) 526 return 1U << mp->m_allocsize_log; 527 } 528 529 return PAGE_SIZE; 530} 531 532STATIC int 533xfs_vn_getattr( 534 const struct path *path, 535 struct kstat *stat, 536 u32 request_mask, 537 unsigned int query_flags) 538{ 539 struct inode *inode = d_inode(path->dentry); 540 struct xfs_inode *ip = XFS_I(inode); 541 struct xfs_mount *mp = ip->i_mount; 542 543 trace_xfs_getattr(ip); 544 545 if (XFS_FORCED_SHUTDOWN(mp)) 546 return -EIO; 547 548 stat->size = XFS_ISIZE(ip); 549 stat->dev = inode->i_sb->s_dev; 550 stat->mode = inode->i_mode; 551 stat->nlink = inode->i_nlink; 552 stat->uid = inode->i_uid; 553 stat->gid = inode->i_gid; 554 stat->ino = ip->i_ino; 555 stat->atime = inode->i_atime; 556 stat->mtime = inode->i_mtime; 557 stat->ctime = inode->i_ctime; 558 stat->blocks = 559 XFS_FSB_TO_BB(mp, ip->i_d.di_nblocks + ip->i_delayed_blks); 560 561 if (xfs_sb_version_has_v3inode(&mp->m_sb)) { 562 if (request_mask & STATX_BTIME) { 563 stat->result_mask |= STATX_BTIME; 564 stat->btime = ip->i_d.di_crtime; 565 } 566 } 567 568 /* 569 * Note: If you add another clause to set an attribute flag, please 570 * update attributes_mask below. 571 */ 572 if (ip->i_d.di_flags & XFS_DIFLAG_IMMUTABLE) 573 stat->attributes |= STATX_ATTR_IMMUTABLE; 574 if (ip->i_d.di_flags & XFS_DIFLAG_APPEND) 575 stat->attributes |= STATX_ATTR_APPEND; 576 if (ip->i_d.di_flags & XFS_DIFLAG_NODUMP) 577 stat->attributes |= STATX_ATTR_NODUMP; 578 579 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 580 STATX_ATTR_APPEND | 581 STATX_ATTR_NODUMP); 582 583 switch (inode->i_mode & S_IFMT) { 584 case S_IFBLK: 585 case S_IFCHR: 586 stat->blksize = BLKDEV_IOSIZE; 587 stat->rdev = inode->i_rdev; 588 break; 589 default: 590 stat->blksize = xfs_stat_blksize(ip); 591 stat->rdev = 0; 592 break; 593 } 594 595 return 0; 596} 597 598static int 599xfs_vn_change_ok( 600 struct dentry *dentry, 601 struct iattr *iattr) 602{ 603 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 604 605 if (mp->m_flags & XFS_MOUNT_RDONLY) 606 return -EROFS; 607 608 if (XFS_FORCED_SHUTDOWN(mp)) 609 return -EIO; 610 611 return setattr_prepare(dentry, iattr); 612} 613 614/* 615 * Set non-size attributes of an inode. 616 * 617 * Caution: The caller of this function is responsible for calling 618 * setattr_prepare() or otherwise verifying the change is fine. 619 */ 620int 621xfs_setattr_nonsize( 622 struct xfs_inode *ip, 623 struct iattr *iattr, 624 int flags) 625{ 626 xfs_mount_t *mp = ip->i_mount; 627 struct inode *inode = VFS_I(ip); 628 int mask = iattr->ia_valid; 629 xfs_trans_t *tp; 630 int error; 631 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID; 632 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID; 633 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 634 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL; 635 636 ASSERT((mask & ATTR_SIZE) == 0); 637 638 /* 639 * If disk quotas is on, we make sure that the dquots do exist on disk, 640 * before we start any other transactions. Trying to do this later 641 * is messy. We don't care to take a readlock to look at the ids 642 * in inode here, because we can't hold it across the trans_reserve. 643 * If the IDs do change before we take the ilock, we're covered 644 * because the i_*dquot fields will get updated anyway. 645 */ 646 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 647 uint qflags = 0; 648 649 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 650 uid = iattr->ia_uid; 651 qflags |= XFS_QMOPT_UQUOTA; 652 } else { 653 uid = inode->i_uid; 654 } 655 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 656 gid = iattr->ia_gid; 657 qflags |= XFS_QMOPT_GQUOTA; 658 } else { 659 gid = inode->i_gid; 660 } 661 662 /* 663 * We take a reference when we initialize udqp and gdqp, 664 * so it is important that we never blindly double trip on 665 * the same variable. See xfs_create() for an example. 666 */ 667 ASSERT(udqp == NULL); 668 ASSERT(gdqp == NULL); 669 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_d.di_projid, 670 qflags, &udqp, &gdqp, NULL); 671 if (error) 672 return error; 673 } 674 675 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp); 676 if (error) 677 goto out_dqrele; 678 679 xfs_ilock(ip, XFS_ILOCK_EXCL); 680 xfs_trans_ijoin(tp, ip, 0); 681 682 /* 683 * Change file ownership. Must be the owner or privileged. 684 */ 685 if (mask & (ATTR_UID|ATTR_GID)) { 686 /* 687 * These IDs could have changed since we last looked at them. 688 * But, we're assured that if the ownership did change 689 * while we didn't have the inode locked, inode's dquot(s) 690 * would have changed also. 691 */ 692 iuid = inode->i_uid; 693 igid = inode->i_gid; 694 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid; 695 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid; 696 697 /* 698 * Do a quota reservation only if uid/gid is actually 699 * going to change. 700 */ 701 if (XFS_IS_QUOTA_RUNNING(mp) && 702 ((XFS_IS_UQUOTA_ON(mp) && !uid_eq(iuid, uid)) || 703 (XFS_IS_GQUOTA_ON(mp) && !gid_eq(igid, gid)))) { 704 ASSERT(tp); 705 error = xfs_qm_vop_chown_reserve(tp, ip, udqp, gdqp, 706 NULL, capable(CAP_FOWNER) ? 707 XFS_QMOPT_FORCE_RES : 0); 708 if (error) /* out of quota */ 709 goto out_cancel; 710 } 711 712 /* 713 * Change the ownerships and register quota modifications 714 * in the transaction. 715 */ 716 if (!uid_eq(iuid, uid)) { 717 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) { 718 ASSERT(mask & ATTR_UID); 719 ASSERT(udqp); 720 olddquot1 = xfs_qm_vop_chown(tp, ip, 721 &ip->i_udquot, udqp); 722 } 723 } 724 if (!gid_eq(igid, gid)) { 725 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_GQUOTA_ON(mp)) { 726 ASSERT(xfs_sb_version_has_pquotino(&mp->m_sb) || 727 !XFS_IS_PQUOTA_ON(mp)); 728 ASSERT(mask & ATTR_GID); 729 ASSERT(gdqp); 730 olddquot2 = xfs_qm_vop_chown(tp, ip, 731 &ip->i_gdquot, gdqp); 732 } 733 } 734 } 735 736 setattr_copy(inode, iattr); 737 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 738 739 XFS_STATS_INC(mp, xs_ig_attrchg); 740 741 if (mp->m_flags & XFS_MOUNT_WSYNC) 742 xfs_trans_set_sync(tp); 743 error = xfs_trans_commit(tp); 744 745 xfs_iunlock(ip, XFS_ILOCK_EXCL); 746 747 /* 748 * Release any dquot(s) the inode had kept before chown. 749 */ 750 xfs_qm_dqrele(olddquot1); 751 xfs_qm_dqrele(olddquot2); 752 xfs_qm_dqrele(udqp); 753 xfs_qm_dqrele(gdqp); 754 755 if (error) 756 return error; 757 758 /* 759 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 760 * update. We could avoid this with linked transactions 761 * and passing down the transaction pointer all the way 762 * to attr_set. No previous user of the generic 763 * Posix ACL code seems to care about this issue either. 764 */ 765 if ((mask & ATTR_MODE) && !(flags & XFS_ATTR_NOACL)) { 766 error = posix_acl_chmod(inode, inode->i_mode); 767 if (error) 768 return error; 769 } 770 771 return 0; 772 773out_cancel: 774 xfs_trans_cancel(tp); 775 xfs_iunlock(ip, XFS_ILOCK_EXCL); 776out_dqrele: 777 xfs_qm_dqrele(udqp); 778 xfs_qm_dqrele(gdqp); 779 return error; 780} 781 782int 783xfs_vn_setattr_nonsize( 784 struct dentry *dentry, 785 struct iattr *iattr) 786{ 787 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 788 int error; 789 790 trace_xfs_setattr(ip); 791 792 error = xfs_vn_change_ok(dentry, iattr); 793 if (error) 794 return error; 795 return xfs_setattr_nonsize(ip, iattr, 0); 796} 797 798/* 799 * Truncate file. Must have write permission and not be a directory. 800 * 801 * Caution: The caller of this function is responsible for calling 802 * setattr_prepare() or otherwise verifying the change is fine. 803 */ 804STATIC int 805xfs_setattr_size( 806 struct xfs_inode *ip, 807 struct iattr *iattr) 808{ 809 struct xfs_mount *mp = ip->i_mount; 810 struct inode *inode = VFS_I(ip); 811 xfs_off_t oldsize, newsize; 812 struct xfs_trans *tp; 813 int error; 814 uint lock_flags = 0; 815 bool did_zeroing = false; 816 817 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); 818 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL)); 819 ASSERT(S_ISREG(inode->i_mode)); 820 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 821 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0); 822 823 oldsize = inode->i_size; 824 newsize = iattr->ia_size; 825 826 /* 827 * Short circuit the truncate case for zero length files. 828 */ 829 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) { 830 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 831 return 0; 832 833 /* 834 * Use the regular setattr path to update the timestamps. 835 */ 836 iattr->ia_valid &= ~ATTR_SIZE; 837 return xfs_setattr_nonsize(ip, iattr, 0); 838 } 839 840 /* 841 * Make sure that the dquots are attached to the inode. 842 */ 843 error = xfs_qm_dqattach(ip); 844 if (error) 845 return error; 846 847 /* 848 * Wait for all direct I/O to complete. 849 */ 850 inode_dio_wait(inode); 851 852 /* 853 * File data changes must be complete before we start the transaction to 854 * modify the inode. This needs to be done before joining the inode to 855 * the transaction because the inode cannot be unlocked once it is a 856 * part of the transaction. 857 * 858 * Start with zeroing any data beyond EOF that we may expose on file 859 * extension, or zeroing out the rest of the block on a downward 860 * truncate. 861 */ 862 if (newsize > oldsize) { 863 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 864 error = iomap_zero_range(inode, oldsize, newsize - oldsize, 865 &did_zeroing, &xfs_buffered_write_iomap_ops); 866 } else { 867 /* 868 * iomap won't detect a dirty page over an unwritten block (or a 869 * cow block over a hole) and subsequently skips zeroing the 870 * newly post-EOF portion of the page. Flush the new EOF to 871 * convert the block before the pagecache truncate. 872 */ 873 error = filemap_write_and_wait_range(inode->i_mapping, newsize, 874 newsize); 875 if (error) 876 return error; 877 error = iomap_truncate_page(inode, newsize, &did_zeroing, 878 &xfs_buffered_write_iomap_ops); 879 } 880 881 if (error) 882 return error; 883 884 /* 885 * We've already locked out new page faults, so now we can safely remove 886 * pages from the page cache knowing they won't get refaulted until we 887 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 888 * complete. The truncate_setsize() call also cleans partial EOF page 889 * PTEs on extending truncates and hence ensures sub-page block size 890 * filesystems are correctly handled, too. 891 * 892 * We have to do all the page cache truncate work outside the 893 * transaction context as the "lock" order is page lock->log space 894 * reservation as defined by extent allocation in the writeback path. 895 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 896 * having already truncated the in-memory version of the file (i.e. made 897 * user visible changes). There's not much we can do about this, except 898 * to hope that the caller sees ENOMEM and retries the truncate 899 * operation. 900 * 901 * And we update in-core i_size and truncate page cache beyond newsize 902 * before writeback the [di_size, newsize] range, so we're guaranteed 903 * not to write stale data past the new EOF on truncate down. 904 */ 905 truncate_setsize(inode, newsize); 906 907 /* 908 * We are going to log the inode size change in this transaction so 909 * any previous writes that are beyond the on disk EOF and the new 910 * EOF that have not been written out need to be written here. If we 911 * do not write the data out, we expose ourselves to the null files 912 * problem. Note that this includes any block zeroing we did above; 913 * otherwise those blocks may not be zeroed after a crash. 914 */ 915 if (did_zeroing || 916 (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) { 917 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 918 ip->i_d.di_size, newsize - 1); 919 if (error) 920 return error; 921 } 922 923 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 924 if (error) 925 return error; 926 927 lock_flags |= XFS_ILOCK_EXCL; 928 xfs_ilock(ip, XFS_ILOCK_EXCL); 929 xfs_trans_ijoin(tp, ip, 0); 930 931 /* 932 * Only change the c/mtime if we are changing the size or we are 933 * explicitly asked to change it. This handles the semantic difference 934 * between truncate() and ftruncate() as implemented in the VFS. 935 * 936 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 937 * special case where we need to update the times despite not having 938 * these flags set. For all other operations the VFS set these flags 939 * explicitly if it wants a timestamp update. 940 */ 941 if (newsize != oldsize && 942 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 943 iattr->ia_ctime = iattr->ia_mtime = 944 current_time(inode); 945 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 946 } 947 948 /* 949 * The first thing we do is set the size to new_size permanently on 950 * disk. This way we don't have to worry about anyone ever being able 951 * to look at the data being freed even in the face of a crash. 952 * What we're getting around here is the case where we free a block, it 953 * is allocated to another file, it is written to, and then we crash. 954 * If the new data gets written to the file but the log buffers 955 * containing the free and reallocation don't, then we'd end up with 956 * garbage in the blocks being freed. As long as we make the new size 957 * permanent before actually freeing any blocks it doesn't matter if 958 * they get written to. 959 */ 960 ip->i_d.di_size = newsize; 961 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 962 963 if (newsize <= oldsize) { 964 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 965 if (error) 966 goto out_trans_cancel; 967 968 /* 969 * Truncated "down", so we're removing references to old data 970 * here - if we delay flushing for a long time, we expose 971 * ourselves unduly to the notorious NULL files problem. So, 972 * we mark this inode and flush it when the file is closed, 973 * and do not wait the usual (long) time for writeout. 974 */ 975 xfs_iflags_set(ip, XFS_ITRUNCATED); 976 977 /* A truncate down always removes post-EOF blocks. */ 978 xfs_inode_clear_eofblocks_tag(ip); 979 } 980 981 ASSERT(!(iattr->ia_valid & (ATTR_UID | ATTR_GID))); 982 setattr_copy(inode, iattr); 983 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 984 985 XFS_STATS_INC(mp, xs_ig_attrchg); 986 987 if (mp->m_flags & XFS_MOUNT_WSYNC) 988 xfs_trans_set_sync(tp); 989 990 error = xfs_trans_commit(tp); 991out_unlock: 992 if (lock_flags) 993 xfs_iunlock(ip, lock_flags); 994 return error; 995 996out_trans_cancel: 997 xfs_trans_cancel(tp); 998 goto out_unlock; 999} 1000 1001int 1002xfs_vn_setattr_size( 1003 struct dentry *dentry, 1004 struct iattr *iattr) 1005{ 1006 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 1007 int error; 1008 1009 trace_xfs_setattr(ip); 1010 1011 error = xfs_vn_change_ok(dentry, iattr); 1012 if (error) 1013 return error; 1014 return xfs_setattr_size(ip, iattr); 1015} 1016 1017STATIC int 1018xfs_vn_setattr( 1019 struct dentry *dentry, 1020 struct iattr *iattr) 1021{ 1022 int error; 1023 1024 if (iattr->ia_valid & ATTR_SIZE) { 1025 struct inode *inode = d_inode(dentry); 1026 struct xfs_inode *ip = XFS_I(inode); 1027 uint iolock; 1028 1029 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1030 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1031 1032 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1033 if (error) { 1034 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1035 return error; 1036 } 1037 1038 error = xfs_vn_setattr_size(dentry, iattr); 1039 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1040 } else { 1041 error = xfs_vn_setattr_nonsize(dentry, iattr); 1042 } 1043 1044 return error; 1045} 1046 1047STATIC int 1048xfs_vn_update_time( 1049 struct inode *inode, 1050 struct timespec64 *now, 1051 int flags) 1052{ 1053 struct xfs_inode *ip = XFS_I(inode); 1054 struct xfs_mount *mp = ip->i_mount; 1055 int log_flags = XFS_ILOG_TIMESTAMP; 1056 struct xfs_trans *tp; 1057 int error; 1058 1059 trace_xfs_update_time(ip); 1060 1061 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1062 if (!((flags & S_VERSION) && 1063 inode_maybe_inc_iversion(inode, false))) 1064 return generic_update_time(inode, now, flags); 1065 1066 /* Capture the iversion update that just occurred */ 1067 log_flags |= XFS_ILOG_CORE; 1068 } 1069 1070 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1071 if (error) 1072 return error; 1073 1074 xfs_ilock(ip, XFS_ILOCK_EXCL); 1075 if (flags & S_CTIME) 1076 inode->i_ctime = *now; 1077 if (flags & S_MTIME) 1078 inode->i_mtime = *now; 1079 if (flags & S_ATIME) 1080 inode->i_atime = *now; 1081 1082 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1083 xfs_trans_log_inode(tp, ip, log_flags); 1084 return xfs_trans_commit(tp); 1085} 1086 1087STATIC int 1088xfs_vn_fiemap( 1089 struct inode *inode, 1090 struct fiemap_extent_info *fieinfo, 1091 u64 start, 1092 u64 length) 1093{ 1094 int error; 1095 1096 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1097 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1098 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1099 error = iomap_fiemap(inode, fieinfo, start, length, 1100 &xfs_xattr_iomap_ops); 1101 } else { 1102 error = iomap_fiemap(inode, fieinfo, start, length, 1103 &xfs_read_iomap_ops); 1104 } 1105 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1106 1107 return error; 1108} 1109 1110STATIC int 1111xfs_vn_tmpfile( 1112 struct inode *dir, 1113 struct dentry *dentry, 1114 umode_t mode) 1115{ 1116 return xfs_generic_create(dir, dentry, mode, 0, true); 1117} 1118 1119static const struct inode_operations xfs_inode_operations = { 1120 .get_acl = xfs_get_acl, 1121 .set_acl = xfs_set_acl, 1122 .getattr = xfs_vn_getattr, 1123 .setattr = xfs_vn_setattr, 1124 .listxattr = xfs_vn_listxattr, 1125 .fiemap = xfs_vn_fiemap, 1126 .update_time = xfs_vn_update_time, 1127}; 1128 1129static const struct inode_operations xfs_dir_inode_operations = { 1130 .create = xfs_vn_create, 1131 .lookup = xfs_vn_lookup, 1132 .link = xfs_vn_link, 1133 .unlink = xfs_vn_unlink, 1134 .symlink = xfs_vn_symlink, 1135 .mkdir = xfs_vn_mkdir, 1136 /* 1137 * Yes, XFS uses the same method for rmdir and unlink. 1138 * 1139 * There are some subtile differences deeper in the code, 1140 * but we use S_ISDIR to check for those. 1141 */ 1142 .rmdir = xfs_vn_unlink, 1143 .mknod = xfs_vn_mknod, 1144 .rename = xfs_vn_rename, 1145 .get_acl = xfs_get_acl, 1146 .set_acl = xfs_set_acl, 1147 .getattr = xfs_vn_getattr, 1148 .setattr = xfs_vn_setattr, 1149 .listxattr = xfs_vn_listxattr, 1150 .update_time = xfs_vn_update_time, 1151 .tmpfile = xfs_vn_tmpfile, 1152}; 1153 1154static const struct inode_operations xfs_dir_ci_inode_operations = { 1155 .create = xfs_vn_create, 1156 .lookup = xfs_vn_ci_lookup, 1157 .link = xfs_vn_link, 1158 .unlink = xfs_vn_unlink, 1159 .symlink = xfs_vn_symlink, 1160 .mkdir = xfs_vn_mkdir, 1161 /* 1162 * Yes, XFS uses the same method for rmdir and unlink. 1163 * 1164 * There are some subtile differences deeper in the code, 1165 * but we use S_ISDIR to check for those. 1166 */ 1167 .rmdir = xfs_vn_unlink, 1168 .mknod = xfs_vn_mknod, 1169 .rename = xfs_vn_rename, 1170 .get_acl = xfs_get_acl, 1171 .set_acl = xfs_set_acl, 1172 .getattr = xfs_vn_getattr, 1173 .setattr = xfs_vn_setattr, 1174 .listxattr = xfs_vn_listxattr, 1175 .update_time = xfs_vn_update_time, 1176 .tmpfile = xfs_vn_tmpfile, 1177}; 1178 1179static const struct inode_operations xfs_symlink_inode_operations = { 1180 .get_link = xfs_vn_get_link, 1181 .getattr = xfs_vn_getattr, 1182 .setattr = xfs_vn_setattr, 1183 .listxattr = xfs_vn_listxattr, 1184 .update_time = xfs_vn_update_time, 1185}; 1186 1187static const struct inode_operations xfs_inline_symlink_inode_operations = { 1188 .get_link = xfs_vn_get_link_inline, 1189 .getattr = xfs_vn_getattr, 1190 .setattr = xfs_vn_setattr, 1191 .listxattr = xfs_vn_listxattr, 1192 .update_time = xfs_vn_update_time, 1193}; 1194 1195/* Figure out if this file actually supports DAX. */ 1196static bool 1197xfs_inode_supports_dax( 1198 struct xfs_inode *ip) 1199{ 1200 struct xfs_mount *mp = ip->i_mount; 1201 1202 /* Only supported on regular files. */ 1203 if (!S_ISREG(VFS_I(ip)->i_mode)) 1204 return false; 1205 1206 /* Only supported on non-reflinked files. */ 1207 if (xfs_is_reflink_inode(ip)) 1208 return false; 1209 1210 /* Block size must match page size */ 1211 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1212 return false; 1213 1214 /* Device has to support DAX too. */ 1215 return xfs_inode_buftarg(ip)->bt_daxdev != NULL; 1216} 1217 1218static bool 1219xfs_inode_should_enable_dax( 1220 struct xfs_inode *ip) 1221{ 1222 if (!IS_ENABLED(CONFIG_FS_DAX)) 1223 return false; 1224 if (ip->i_mount->m_flags & XFS_MOUNT_DAX_NEVER) 1225 return false; 1226 if (!xfs_inode_supports_dax(ip)) 1227 return false; 1228 if (ip->i_mount->m_flags & XFS_MOUNT_DAX_ALWAYS) 1229 return true; 1230 if (ip->i_d.di_flags2 & XFS_DIFLAG2_DAX) 1231 return true; 1232 return false; 1233} 1234 1235void 1236xfs_diflags_to_iflags( 1237 struct xfs_inode *ip, 1238 bool init) 1239{ 1240 struct inode *inode = VFS_I(ip); 1241 unsigned int xflags = xfs_ip2xflags(ip); 1242 unsigned int flags = 0; 1243 1244 ASSERT(!(IS_DAX(inode) && init)); 1245 1246 if (xflags & FS_XFLAG_IMMUTABLE) 1247 flags |= S_IMMUTABLE; 1248 if (xflags & FS_XFLAG_APPEND) 1249 flags |= S_APPEND; 1250 if (xflags & FS_XFLAG_SYNC) 1251 flags |= S_SYNC; 1252 if (xflags & FS_XFLAG_NOATIME) 1253 flags |= S_NOATIME; 1254 if (init && xfs_inode_should_enable_dax(ip)) 1255 flags |= S_DAX; 1256 1257 /* 1258 * S_DAX can only be set during inode initialization and is never set by 1259 * the VFS, so we cannot mask off S_DAX in i_flags. 1260 */ 1261 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME); 1262 inode->i_flags |= flags; 1263} 1264 1265/* 1266 * Initialize the Linux inode. 1267 * 1268 * When reading existing inodes from disk this is called directly from xfs_iget, 1269 * when creating a new inode it is called from xfs_ialloc after setting up the 1270 * inode. These callers have different criteria for clearing XFS_INEW, so leave 1271 * it up to the caller to deal with unlocking the inode appropriately. 1272 */ 1273void 1274xfs_setup_inode( 1275 struct xfs_inode *ip) 1276{ 1277 struct inode *inode = &ip->i_vnode; 1278 gfp_t gfp_mask; 1279 1280 inode->i_ino = ip->i_ino; 1281 inode->i_state |= I_NEW; 1282 1283 inode_sb_list_add(inode); 1284 /* make the inode look hashed for the writeback code */ 1285 inode_fake_hash(inode); 1286 1287 i_size_write(inode, ip->i_d.di_size); 1288 xfs_diflags_to_iflags(ip, true); 1289 1290 if (S_ISDIR(inode->i_mode)) { 1291 /* 1292 * We set the i_rwsem class here to avoid potential races with 1293 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1294 * after a filehandle lookup has already found the inode in 1295 * cache before it has been unlocked via unlock_new_inode(). 1296 */ 1297 lockdep_set_class(&inode->i_rwsem, 1298 &inode->i_sb->s_type->i_mutex_dir_key); 1299 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class); 1300 } else { 1301 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class); 1302 } 1303 1304 /* 1305 * Ensure all page cache allocations are done from GFP_NOFS context to 1306 * prevent direct reclaim recursion back into the filesystem and blowing 1307 * stacks or deadlocking. 1308 */ 1309 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1310 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1311 1312 /* 1313 * If there is no attribute fork no ACL can exist on this inode, 1314 * and it can't have any file capabilities attached to it either. 1315 */ 1316 if (!XFS_IFORK_Q(ip)) { 1317 inode_has_no_xattr(inode); 1318 cache_no_acl(inode); 1319 } 1320} 1321 1322void 1323xfs_setup_iops( 1324 struct xfs_inode *ip) 1325{ 1326 struct inode *inode = &ip->i_vnode; 1327 1328 switch (inode->i_mode & S_IFMT) { 1329 case S_IFREG: 1330 inode->i_op = &xfs_inode_operations; 1331 inode->i_fop = &xfs_file_operations; 1332 if (IS_DAX(inode)) 1333 inode->i_mapping->a_ops = &xfs_dax_aops; 1334 else 1335 inode->i_mapping->a_ops = &xfs_address_space_operations; 1336 break; 1337 case S_IFDIR: 1338 if (xfs_sb_version_hasasciici(&XFS_M(inode->i_sb)->m_sb)) 1339 inode->i_op = &xfs_dir_ci_inode_operations; 1340 else 1341 inode->i_op = &xfs_dir_inode_operations; 1342 inode->i_fop = &xfs_dir_file_operations; 1343 break; 1344 case S_IFLNK: 1345 if (ip->i_df.if_flags & XFS_IFINLINE) 1346 inode->i_op = &xfs_inline_symlink_inode_operations; 1347 else 1348 inode->i_op = &xfs_symlink_inode_operations; 1349 break; 1350 default: 1351 inode->i_op = &xfs_inode_operations; 1352 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1353 break; 1354 } 1355} 1356