Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6#include "xfs.h"
7#include "xfs_fs.h"
8#include "xfs_shared.h"
9#include "xfs_format.h"
10#include "xfs_log_format.h"
11#include "xfs_trans_resv.h"
12#include "xfs_mount.h"
13#include "xfs_inode.h"
14#include "xfs_acl.h"
15#include "xfs_quota.h"
16#include "xfs_attr.h"
17#include "xfs_trans.h"
18#include "xfs_trace.h"
19#include "xfs_icache.h"
20#include "xfs_symlink.h"
21#include "xfs_dir2.h"
22#include "xfs_iomap.h"
23#include "xfs_error.h"
24#include "xfs_ioctl.h"
25
26#include <linux/posix_acl.h>
27#include <linux/security.h>
28#include <linux/iversion.h>
29#include <linux/fiemap.h>
30
31/*
32 * Directories have different lock order w.r.t. mmap_lock compared to regular
33 * files. This is due to readdir potentially triggering page faults on a user
34 * buffer inside filldir(), and this happens with the ilock on the directory
35 * held. For regular files, the lock order is the other way around - the
36 * mmap_lock is taken during the page fault, and then we lock the ilock to do
37 * block mapping. Hence we need a different class for the directory ilock so
38 * that lockdep can tell them apart.
39 */
40static struct lock_class_key xfs_nondir_ilock_class;
41static struct lock_class_key xfs_dir_ilock_class;
42
43static int
44xfs_initxattrs(
45 struct inode *inode,
46 const struct xattr *xattr_array,
47 void *fs_info)
48{
49 const struct xattr *xattr;
50 struct xfs_inode *ip = XFS_I(inode);
51 int error = 0;
52
53 for (xattr = xattr_array; xattr->name != NULL; xattr++) {
54 struct xfs_da_args args = {
55 .dp = ip,
56 .attr_filter = XFS_ATTR_SECURE,
57 .name = xattr->name,
58 .namelen = strlen(xattr->name),
59 .value = xattr->value,
60 .valuelen = xattr->value_len,
61 };
62 error = xfs_attr_set(&args);
63 if (error < 0)
64 break;
65 }
66 return error;
67}
68
69/*
70 * Hook in SELinux. This is not quite correct yet, what we really need
71 * here (as we do for default ACLs) is a mechanism by which creation of
72 * these attrs can be journalled at inode creation time (along with the
73 * inode, of course, such that log replay can't cause these to be lost).
74 */
75
76STATIC int
77xfs_init_security(
78 struct inode *inode,
79 struct inode *dir,
80 const struct qstr *qstr)
81{
82 return security_inode_init_security(inode, dir, qstr,
83 &xfs_initxattrs, NULL);
84}
85
86static void
87xfs_dentry_to_name(
88 struct xfs_name *namep,
89 struct dentry *dentry)
90{
91 namep->name = dentry->d_name.name;
92 namep->len = dentry->d_name.len;
93 namep->type = XFS_DIR3_FT_UNKNOWN;
94}
95
96static int
97xfs_dentry_mode_to_name(
98 struct xfs_name *namep,
99 struct dentry *dentry,
100 int mode)
101{
102 namep->name = dentry->d_name.name;
103 namep->len = dentry->d_name.len;
104 namep->type = xfs_mode_to_ftype(mode);
105
106 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN))
107 return -EFSCORRUPTED;
108
109 return 0;
110}
111
112STATIC void
113xfs_cleanup_inode(
114 struct inode *dir,
115 struct inode *inode,
116 struct dentry *dentry)
117{
118 struct xfs_name teardown;
119
120 /* Oh, the horror.
121 * If we can't add the ACL or we fail in
122 * xfs_init_security we must back out.
123 * ENOSPC can hit here, among other things.
124 */
125 xfs_dentry_to_name(&teardown, dentry);
126
127 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode));
128}
129
130/*
131 * Check to see if we are likely to need an extended attribute to be added to
132 * the inode we are about to allocate. This allows the attribute fork to be
133 * created during the inode allocation, reducing the number of transactions we
134 * need to do in this fast path.
135 *
136 * The security checks are optimistic, but not guaranteed. The two LSMs that
137 * require xattrs to be added here (selinux and smack) are also the only two
138 * LSMs that add a sb->s_security structure to the superblock. Hence if security
139 * is enabled and sb->s_security is set, we have a pretty good idea that we are
140 * going to be asked to add a security xattr immediately after allocating the
141 * xfs inode and instantiating the VFS inode.
142 */
143static inline bool
144xfs_create_need_xattr(
145 struct inode *dir,
146 struct posix_acl *default_acl,
147 struct posix_acl *acl)
148{
149 if (acl)
150 return true;
151 if (default_acl)
152 return true;
153#if IS_ENABLED(CONFIG_SECURITY)
154 if (dir->i_sb->s_security)
155 return true;
156#endif
157 return false;
158}
159
160
161STATIC int
162xfs_generic_create(
163 struct user_namespace *mnt_userns,
164 struct inode *dir,
165 struct dentry *dentry,
166 umode_t mode,
167 dev_t rdev,
168 bool tmpfile) /* unnamed file */
169{
170 struct inode *inode;
171 struct xfs_inode *ip = NULL;
172 struct posix_acl *default_acl, *acl;
173 struct xfs_name name;
174 int error;
175
176 /*
177 * Irix uses Missed'em'V split, but doesn't want to see
178 * the upper 5 bits of (14bit) major.
179 */
180 if (S_ISCHR(mode) || S_ISBLK(mode)) {
181 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff))
182 return -EINVAL;
183 } else {
184 rdev = 0;
185 }
186
187 error = posix_acl_create(dir, &mode, &default_acl, &acl);
188 if (error)
189 return error;
190
191 /* Verify mode is valid also for tmpfile case */
192 error = xfs_dentry_mode_to_name(&name, dentry, mode);
193 if (unlikely(error))
194 goto out_free_acl;
195
196 if (!tmpfile) {
197 error = xfs_create(mnt_userns, XFS_I(dir), &name, mode, rdev,
198 xfs_create_need_xattr(dir, default_acl, acl),
199 &ip);
200 } else {
201 error = xfs_create_tmpfile(mnt_userns, XFS_I(dir), mode, &ip);
202 }
203 if (unlikely(error))
204 goto out_free_acl;
205
206 inode = VFS_I(ip);
207
208 error = xfs_init_security(inode, dir, &dentry->d_name);
209 if (unlikely(error))
210 goto out_cleanup_inode;
211
212#ifdef CONFIG_XFS_POSIX_ACL
213 if (default_acl) {
214 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
215 if (error)
216 goto out_cleanup_inode;
217 }
218 if (acl) {
219 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
220 if (error)
221 goto out_cleanup_inode;
222 }
223#endif
224
225 xfs_setup_iops(ip);
226
227 if (tmpfile) {
228 /*
229 * The VFS requires that any inode fed to d_tmpfile must have
230 * nlink == 1 so that it can decrement the nlink in d_tmpfile.
231 * However, we created the temp file with nlink == 0 because
232 * we're not allowed to put an inode with nlink > 0 on the
233 * unlinked list. Therefore we have to set nlink to 1 so that
234 * d_tmpfile can immediately set it back to zero.
235 */
236 set_nlink(inode, 1);
237 d_tmpfile(dentry, inode);
238 } else
239 d_instantiate(dentry, inode);
240
241 xfs_finish_inode_setup(ip);
242
243 out_free_acl:
244 posix_acl_release(default_acl);
245 posix_acl_release(acl);
246 return error;
247
248 out_cleanup_inode:
249 xfs_finish_inode_setup(ip);
250 if (!tmpfile)
251 xfs_cleanup_inode(dir, inode, dentry);
252 xfs_irele(ip);
253 goto out_free_acl;
254}
255
256STATIC int
257xfs_vn_mknod(
258 struct user_namespace *mnt_userns,
259 struct inode *dir,
260 struct dentry *dentry,
261 umode_t mode,
262 dev_t rdev)
263{
264 return xfs_generic_create(mnt_userns, dir, dentry, mode, rdev, false);
265}
266
267STATIC int
268xfs_vn_create(
269 struct user_namespace *mnt_userns,
270 struct inode *dir,
271 struct dentry *dentry,
272 umode_t mode,
273 bool flags)
274{
275 return xfs_generic_create(mnt_userns, dir, dentry, mode, 0, false);
276}
277
278STATIC int
279xfs_vn_mkdir(
280 struct user_namespace *mnt_userns,
281 struct inode *dir,
282 struct dentry *dentry,
283 umode_t mode)
284{
285 return xfs_generic_create(mnt_userns, dir, dentry, mode | S_IFDIR, 0,
286 false);
287}
288
289STATIC struct dentry *
290xfs_vn_lookup(
291 struct inode *dir,
292 struct dentry *dentry,
293 unsigned int flags)
294{
295 struct inode *inode;
296 struct xfs_inode *cip;
297 struct xfs_name name;
298 int error;
299
300 if (dentry->d_name.len >= MAXNAMELEN)
301 return ERR_PTR(-ENAMETOOLONG);
302
303 xfs_dentry_to_name(&name, dentry);
304 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL);
305 if (likely(!error))
306 inode = VFS_I(cip);
307 else if (likely(error == -ENOENT))
308 inode = NULL;
309 else
310 inode = ERR_PTR(error);
311 return d_splice_alias(inode, dentry);
312}
313
314STATIC struct dentry *
315xfs_vn_ci_lookup(
316 struct inode *dir,
317 struct dentry *dentry,
318 unsigned int flags)
319{
320 struct xfs_inode *ip;
321 struct xfs_name xname;
322 struct xfs_name ci_name;
323 struct qstr dname;
324 int error;
325
326 if (dentry->d_name.len >= MAXNAMELEN)
327 return ERR_PTR(-ENAMETOOLONG);
328
329 xfs_dentry_to_name(&xname, dentry);
330 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name);
331 if (unlikely(error)) {
332 if (unlikely(error != -ENOENT))
333 return ERR_PTR(error);
334 /*
335 * call d_add(dentry, NULL) here when d_drop_negative_children
336 * is called in xfs_vn_mknod (ie. allow negative dentries
337 * with CI filesystems).
338 */
339 return NULL;
340 }
341
342 /* if exact match, just splice and exit */
343 if (!ci_name.name)
344 return d_splice_alias(VFS_I(ip), dentry);
345
346 /* else case-insensitive match... */
347 dname.name = ci_name.name;
348 dname.len = ci_name.len;
349 dentry = d_add_ci(dentry, VFS_I(ip), &dname);
350 kmem_free(ci_name.name);
351 return dentry;
352}
353
354STATIC int
355xfs_vn_link(
356 struct dentry *old_dentry,
357 struct inode *dir,
358 struct dentry *dentry)
359{
360 struct inode *inode = d_inode(old_dentry);
361 struct xfs_name name;
362 int error;
363
364 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode);
365 if (unlikely(error))
366 return error;
367
368 error = xfs_link(XFS_I(dir), XFS_I(inode), &name);
369 if (unlikely(error))
370 return error;
371
372 ihold(inode);
373 d_instantiate(dentry, inode);
374 return 0;
375}
376
377STATIC int
378xfs_vn_unlink(
379 struct inode *dir,
380 struct dentry *dentry)
381{
382 struct xfs_name name;
383 int error;
384
385 xfs_dentry_to_name(&name, dentry);
386
387 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry)));
388 if (error)
389 return error;
390
391 /*
392 * With unlink, the VFS makes the dentry "negative": no inode,
393 * but still hashed. This is incompatible with case-insensitive
394 * mode, so invalidate (unhash) the dentry in CI-mode.
395 */
396 if (xfs_sb_version_hasasciici(&XFS_M(dir->i_sb)->m_sb))
397 d_invalidate(dentry);
398 return 0;
399}
400
401STATIC int
402xfs_vn_symlink(
403 struct user_namespace *mnt_userns,
404 struct inode *dir,
405 struct dentry *dentry,
406 const char *symname)
407{
408 struct inode *inode;
409 struct xfs_inode *cip = NULL;
410 struct xfs_name name;
411 int error;
412 umode_t mode;
413
414 mode = S_IFLNK |
415 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO);
416 error = xfs_dentry_mode_to_name(&name, dentry, mode);
417 if (unlikely(error))
418 goto out;
419
420 error = xfs_symlink(mnt_userns, XFS_I(dir), &name, symname, mode, &cip);
421 if (unlikely(error))
422 goto out;
423
424 inode = VFS_I(cip);
425
426 error = xfs_init_security(inode, dir, &dentry->d_name);
427 if (unlikely(error))
428 goto out_cleanup_inode;
429
430 xfs_setup_iops(cip);
431
432 d_instantiate(dentry, inode);
433 xfs_finish_inode_setup(cip);
434 return 0;
435
436 out_cleanup_inode:
437 xfs_finish_inode_setup(cip);
438 xfs_cleanup_inode(dir, inode, dentry);
439 xfs_irele(cip);
440 out:
441 return error;
442}
443
444STATIC int
445xfs_vn_rename(
446 struct user_namespace *mnt_userns,
447 struct inode *odir,
448 struct dentry *odentry,
449 struct inode *ndir,
450 struct dentry *ndentry,
451 unsigned int flags)
452{
453 struct inode *new_inode = d_inode(ndentry);
454 int omode = 0;
455 int error;
456 struct xfs_name oname;
457 struct xfs_name nname;
458
459 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
460 return -EINVAL;
461
462 /* if we are exchanging files, we need to set i_mode of both files */
463 if (flags & RENAME_EXCHANGE)
464 omode = d_inode(ndentry)->i_mode;
465
466 error = xfs_dentry_mode_to_name(&oname, odentry, omode);
467 if (omode && unlikely(error))
468 return error;
469
470 error = xfs_dentry_mode_to_name(&nname, ndentry,
471 d_inode(odentry)->i_mode);
472 if (unlikely(error))
473 return error;
474
475 return xfs_rename(mnt_userns, XFS_I(odir), &oname,
476 XFS_I(d_inode(odentry)), XFS_I(ndir), &nname,
477 new_inode ? XFS_I(new_inode) : NULL, flags);
478}
479
480/*
481 * careful here - this function can get called recursively, so
482 * we need to be very careful about how much stack we use.
483 * uio is kmalloced for this reason...
484 */
485STATIC const char *
486xfs_vn_get_link(
487 struct dentry *dentry,
488 struct inode *inode,
489 struct delayed_call *done)
490{
491 char *link;
492 int error = -ENOMEM;
493
494 if (!dentry)
495 return ERR_PTR(-ECHILD);
496
497 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL);
498 if (!link)
499 goto out_err;
500
501 error = xfs_readlink(XFS_I(d_inode(dentry)), link);
502 if (unlikely(error))
503 goto out_kfree;
504
505 set_delayed_call(done, kfree_link, link);
506 return link;
507
508 out_kfree:
509 kfree(link);
510 out_err:
511 return ERR_PTR(error);
512}
513
514STATIC const char *
515xfs_vn_get_link_inline(
516 struct dentry *dentry,
517 struct inode *inode,
518 struct delayed_call *done)
519{
520 struct xfs_inode *ip = XFS_I(inode);
521 char *link;
522
523 ASSERT(ip->i_df.if_format == XFS_DINODE_FMT_LOCAL);
524
525 /*
526 * The VFS crashes on a NULL pointer, so return -EFSCORRUPTED if
527 * if_data is junk.
528 */
529 link = ip->i_df.if_u1.if_data;
530 if (XFS_IS_CORRUPT(ip->i_mount, !link))
531 return ERR_PTR(-EFSCORRUPTED);
532 return link;
533}
534
535static uint32_t
536xfs_stat_blksize(
537 struct xfs_inode *ip)
538{
539 struct xfs_mount *mp = ip->i_mount;
540
541 /*
542 * If the file blocks are being allocated from a realtime volume, then
543 * always return the realtime extent size.
544 */
545 if (XFS_IS_REALTIME_INODE(ip))
546 return XFS_FSB_TO_B(mp, xfs_get_extsz_hint(ip));
547
548 /*
549 * Allow large block sizes to be reported to userspace programs if the
550 * "largeio" mount option is used.
551 *
552 * If compatibility mode is specified, simply return the basic unit of
553 * caching so that we don't get inefficient read/modify/write I/O from
554 * user apps. Otherwise....
555 *
556 * If the underlying volume is a stripe, then return the stripe width in
557 * bytes as the recommended I/O size. It is not a stripe and we've set a
558 * default buffered I/O size, return that, otherwise return the compat
559 * default.
560 */
561 if (mp->m_flags & XFS_MOUNT_LARGEIO) {
562 if (mp->m_swidth)
563 return XFS_FSB_TO_B(mp, mp->m_swidth);
564 if (mp->m_flags & XFS_MOUNT_ALLOCSIZE)
565 return 1U << mp->m_allocsize_log;
566 }
567
568 return PAGE_SIZE;
569}
570
571STATIC int
572xfs_vn_getattr(
573 struct user_namespace *mnt_userns,
574 const struct path *path,
575 struct kstat *stat,
576 u32 request_mask,
577 unsigned int query_flags)
578{
579 struct inode *inode = d_inode(path->dentry);
580 struct xfs_inode *ip = XFS_I(inode);
581 struct xfs_mount *mp = ip->i_mount;
582
583 trace_xfs_getattr(ip);
584
585 if (XFS_FORCED_SHUTDOWN(mp))
586 return -EIO;
587
588 stat->size = XFS_ISIZE(ip);
589 stat->dev = inode->i_sb->s_dev;
590 stat->mode = inode->i_mode;
591 stat->nlink = inode->i_nlink;
592 stat->uid = i_uid_into_mnt(mnt_userns, inode);
593 stat->gid = i_gid_into_mnt(mnt_userns, inode);
594 stat->ino = ip->i_ino;
595 stat->atime = inode->i_atime;
596 stat->mtime = inode->i_mtime;
597 stat->ctime = inode->i_ctime;
598 stat->blocks = XFS_FSB_TO_BB(mp, ip->i_nblocks + ip->i_delayed_blks);
599
600 if (xfs_sb_version_has_v3inode(&mp->m_sb)) {
601 if (request_mask & STATX_BTIME) {
602 stat->result_mask |= STATX_BTIME;
603 stat->btime = ip->i_crtime;
604 }
605 }
606
607 /*
608 * Note: If you add another clause to set an attribute flag, please
609 * update attributes_mask below.
610 */
611 if (ip->i_diflags & XFS_DIFLAG_IMMUTABLE)
612 stat->attributes |= STATX_ATTR_IMMUTABLE;
613 if (ip->i_diflags & XFS_DIFLAG_APPEND)
614 stat->attributes |= STATX_ATTR_APPEND;
615 if (ip->i_diflags & XFS_DIFLAG_NODUMP)
616 stat->attributes |= STATX_ATTR_NODUMP;
617
618 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE |
619 STATX_ATTR_APPEND |
620 STATX_ATTR_NODUMP);
621
622 switch (inode->i_mode & S_IFMT) {
623 case S_IFBLK:
624 case S_IFCHR:
625 stat->blksize = BLKDEV_IOSIZE;
626 stat->rdev = inode->i_rdev;
627 break;
628 default:
629 stat->blksize = xfs_stat_blksize(ip);
630 stat->rdev = 0;
631 break;
632 }
633
634 return 0;
635}
636
637static void
638xfs_setattr_mode(
639 struct xfs_inode *ip,
640 struct iattr *iattr)
641{
642 struct inode *inode = VFS_I(ip);
643 umode_t mode = iattr->ia_mode;
644
645 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
646
647 inode->i_mode &= S_IFMT;
648 inode->i_mode |= mode & ~S_IFMT;
649}
650
651void
652xfs_setattr_time(
653 struct xfs_inode *ip,
654 struct iattr *iattr)
655{
656 struct inode *inode = VFS_I(ip);
657
658 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
659
660 if (iattr->ia_valid & ATTR_ATIME)
661 inode->i_atime = iattr->ia_atime;
662 if (iattr->ia_valid & ATTR_CTIME)
663 inode->i_ctime = iattr->ia_ctime;
664 if (iattr->ia_valid & ATTR_MTIME)
665 inode->i_mtime = iattr->ia_mtime;
666}
667
668static int
669xfs_vn_change_ok(
670 struct user_namespace *mnt_userns,
671 struct dentry *dentry,
672 struct iattr *iattr)
673{
674 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount;
675
676 if (mp->m_flags & XFS_MOUNT_RDONLY)
677 return -EROFS;
678
679 if (XFS_FORCED_SHUTDOWN(mp))
680 return -EIO;
681
682 return setattr_prepare(mnt_userns, dentry, iattr);
683}
684
685/*
686 * Set non-size attributes of an inode.
687 *
688 * Caution: The caller of this function is responsible for calling
689 * setattr_prepare() or otherwise verifying the change is fine.
690 */
691static int
692xfs_setattr_nonsize(
693 struct user_namespace *mnt_userns,
694 struct xfs_inode *ip,
695 struct iattr *iattr)
696{
697 xfs_mount_t *mp = ip->i_mount;
698 struct inode *inode = VFS_I(ip);
699 int mask = iattr->ia_valid;
700 xfs_trans_t *tp;
701 int error;
702 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID;
703 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID;
704 struct xfs_dquot *udqp = NULL, *gdqp = NULL;
705 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL;
706
707 ASSERT((mask & ATTR_SIZE) == 0);
708
709 /*
710 * If disk quotas is on, we make sure that the dquots do exist on disk,
711 * before we start any other transactions. Trying to do this later
712 * is messy. We don't care to take a readlock to look at the ids
713 * in inode here, because we can't hold it across the trans_reserve.
714 * If the IDs do change before we take the ilock, we're covered
715 * because the i_*dquot fields will get updated anyway.
716 */
717 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) {
718 uint qflags = 0;
719
720 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) {
721 uid = iattr->ia_uid;
722 qflags |= XFS_QMOPT_UQUOTA;
723 } else {
724 uid = inode->i_uid;
725 }
726 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) {
727 gid = iattr->ia_gid;
728 qflags |= XFS_QMOPT_GQUOTA;
729 } else {
730 gid = inode->i_gid;
731 }
732
733 /*
734 * We take a reference when we initialize udqp and gdqp,
735 * so it is important that we never blindly double trip on
736 * the same variable. See xfs_create() for an example.
737 */
738 ASSERT(udqp == NULL);
739 ASSERT(gdqp == NULL);
740 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_projid,
741 qflags, &udqp, &gdqp, NULL);
742 if (error)
743 return error;
744 }
745
746 error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL,
747 capable(CAP_FOWNER), &tp);
748 if (error)
749 goto out_dqrele;
750
751 /*
752 * Change file ownership. Must be the owner or privileged.
753 */
754 if (mask & (ATTR_UID|ATTR_GID)) {
755 /*
756 * These IDs could have changed since we last looked at them.
757 * But, we're assured that if the ownership did change
758 * while we didn't have the inode locked, inode's dquot(s)
759 * would have changed also.
760 */
761 iuid = inode->i_uid;
762 igid = inode->i_gid;
763 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid;
764 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid;
765
766 /*
767 * CAP_FSETID overrides the following restrictions:
768 *
769 * The set-user-ID and set-group-ID bits of a file will be
770 * cleared upon successful return from chown()
771 */
772 if ((inode->i_mode & (S_ISUID|S_ISGID)) &&
773 !capable(CAP_FSETID))
774 inode->i_mode &= ~(S_ISUID|S_ISGID);
775
776 /*
777 * Change the ownerships and register quota modifications
778 * in the transaction.
779 */
780 if (!uid_eq(iuid, uid)) {
781 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) {
782 ASSERT(mask & ATTR_UID);
783 ASSERT(udqp);
784 olddquot1 = xfs_qm_vop_chown(tp, ip,
785 &ip->i_udquot, udqp);
786 }
787 inode->i_uid = uid;
788 }
789 if (!gid_eq(igid, gid)) {
790 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_GQUOTA_ON(mp)) {
791 ASSERT(xfs_sb_version_has_pquotino(&mp->m_sb) ||
792 !XFS_IS_PQUOTA_ON(mp));
793 ASSERT(mask & ATTR_GID);
794 ASSERT(gdqp);
795 olddquot2 = xfs_qm_vop_chown(tp, ip,
796 &ip->i_gdquot, gdqp);
797 }
798 inode->i_gid = gid;
799 }
800 }
801
802 if (mask & ATTR_MODE)
803 xfs_setattr_mode(ip, iattr);
804 if (mask & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME))
805 xfs_setattr_time(ip, iattr);
806
807 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
808
809 XFS_STATS_INC(mp, xs_ig_attrchg);
810
811 if (mp->m_flags & XFS_MOUNT_WSYNC)
812 xfs_trans_set_sync(tp);
813 error = xfs_trans_commit(tp);
814
815 /*
816 * Release any dquot(s) the inode had kept before chown.
817 */
818 xfs_qm_dqrele(olddquot1);
819 xfs_qm_dqrele(olddquot2);
820 xfs_qm_dqrele(udqp);
821 xfs_qm_dqrele(gdqp);
822
823 if (error)
824 return error;
825
826 /*
827 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode
828 * update. We could avoid this with linked transactions
829 * and passing down the transaction pointer all the way
830 * to attr_set. No previous user of the generic
831 * Posix ACL code seems to care about this issue either.
832 */
833 if (mask & ATTR_MODE) {
834 error = posix_acl_chmod(mnt_userns, inode, inode->i_mode);
835 if (error)
836 return error;
837 }
838
839 return 0;
840
841out_dqrele:
842 xfs_qm_dqrele(udqp);
843 xfs_qm_dqrele(gdqp);
844 return error;
845}
846
847/*
848 * Truncate file. Must have write permission and not be a directory.
849 *
850 * Caution: The caller of this function is responsible for calling
851 * setattr_prepare() or otherwise verifying the change is fine.
852 */
853STATIC int
854xfs_setattr_size(
855 struct user_namespace *mnt_userns,
856 struct xfs_inode *ip,
857 struct iattr *iattr)
858{
859 struct xfs_mount *mp = ip->i_mount;
860 struct inode *inode = VFS_I(ip);
861 xfs_off_t oldsize, newsize;
862 struct xfs_trans *tp;
863 int error;
864 uint lock_flags = 0;
865 bool did_zeroing = false;
866
867 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL));
868 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL));
869 ASSERT(S_ISREG(inode->i_mode));
870 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET|
871 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0);
872
873 oldsize = inode->i_size;
874 newsize = iattr->ia_size;
875
876 /*
877 * Short circuit the truncate case for zero length files.
878 */
879 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) {
880 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME)))
881 return 0;
882
883 /*
884 * Use the regular setattr path to update the timestamps.
885 */
886 iattr->ia_valid &= ~ATTR_SIZE;
887 return xfs_setattr_nonsize(mnt_userns, ip, iattr);
888 }
889
890 /*
891 * Make sure that the dquots are attached to the inode.
892 */
893 error = xfs_qm_dqattach(ip);
894 if (error)
895 return error;
896
897 /*
898 * Wait for all direct I/O to complete.
899 */
900 inode_dio_wait(inode);
901
902 /*
903 * File data changes must be complete before we start the transaction to
904 * modify the inode. This needs to be done before joining the inode to
905 * the transaction because the inode cannot be unlocked once it is a
906 * part of the transaction.
907 *
908 * Start with zeroing any data beyond EOF that we may expose on file
909 * extension, or zeroing out the rest of the block on a downward
910 * truncate.
911 */
912 if (newsize > oldsize) {
913 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize);
914 error = iomap_zero_range(inode, oldsize, newsize - oldsize,
915 &did_zeroing, &xfs_buffered_write_iomap_ops);
916 } else {
917 /*
918 * iomap won't detect a dirty page over an unwritten block (or a
919 * cow block over a hole) and subsequently skips zeroing the
920 * newly post-EOF portion of the page. Flush the new EOF to
921 * convert the block before the pagecache truncate.
922 */
923 error = filemap_write_and_wait_range(inode->i_mapping, newsize,
924 newsize);
925 if (error)
926 return error;
927 error = iomap_truncate_page(inode, newsize, &did_zeroing,
928 &xfs_buffered_write_iomap_ops);
929 }
930
931 if (error)
932 return error;
933
934 /*
935 * We've already locked out new page faults, so now we can safely remove
936 * pages from the page cache knowing they won't get refaulted until we
937 * drop the XFS_MMAP_EXCL lock after the extent manipulations are
938 * complete. The truncate_setsize() call also cleans partial EOF page
939 * PTEs on extending truncates and hence ensures sub-page block size
940 * filesystems are correctly handled, too.
941 *
942 * We have to do all the page cache truncate work outside the
943 * transaction context as the "lock" order is page lock->log space
944 * reservation as defined by extent allocation in the writeback path.
945 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but
946 * having already truncated the in-memory version of the file (i.e. made
947 * user visible changes). There's not much we can do about this, except
948 * to hope that the caller sees ENOMEM and retries the truncate
949 * operation.
950 *
951 * And we update in-core i_size and truncate page cache beyond newsize
952 * before writeback the [i_disk_size, newsize] range, so we're
953 * guaranteed not to write stale data past the new EOF on truncate down.
954 */
955 truncate_setsize(inode, newsize);
956
957 /*
958 * We are going to log the inode size change in this transaction so
959 * any previous writes that are beyond the on disk EOF and the new
960 * EOF that have not been written out need to be written here. If we
961 * do not write the data out, we expose ourselves to the null files
962 * problem. Note that this includes any block zeroing we did above;
963 * otherwise those blocks may not be zeroed after a crash.
964 */
965 if (did_zeroing ||
966 (newsize > ip->i_disk_size && oldsize != ip->i_disk_size)) {
967 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping,
968 ip->i_disk_size, newsize - 1);
969 if (error)
970 return error;
971 }
972
973 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp);
974 if (error)
975 return error;
976
977 lock_flags |= XFS_ILOCK_EXCL;
978 xfs_ilock(ip, XFS_ILOCK_EXCL);
979 xfs_trans_ijoin(tp, ip, 0);
980
981 /*
982 * Only change the c/mtime if we are changing the size or we are
983 * explicitly asked to change it. This handles the semantic difference
984 * between truncate() and ftruncate() as implemented in the VFS.
985 *
986 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a
987 * special case where we need to update the times despite not having
988 * these flags set. For all other operations the VFS set these flags
989 * explicitly if it wants a timestamp update.
990 */
991 if (newsize != oldsize &&
992 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) {
993 iattr->ia_ctime = iattr->ia_mtime =
994 current_time(inode);
995 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME;
996 }
997
998 /*
999 * The first thing we do is set the size to new_size permanently on
1000 * disk. This way we don't have to worry about anyone ever being able
1001 * to look at the data being freed even in the face of a crash.
1002 * What we're getting around here is the case where we free a block, it
1003 * is allocated to another file, it is written to, and then we crash.
1004 * If the new data gets written to the file but the log buffers
1005 * containing the free and reallocation don't, then we'd end up with
1006 * garbage in the blocks being freed. As long as we make the new size
1007 * permanent before actually freeing any blocks it doesn't matter if
1008 * they get written to.
1009 */
1010 ip->i_disk_size = newsize;
1011 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
1012
1013 if (newsize <= oldsize) {
1014 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize);
1015 if (error)
1016 goto out_trans_cancel;
1017
1018 /*
1019 * Truncated "down", so we're removing references to old data
1020 * here - if we delay flushing for a long time, we expose
1021 * ourselves unduly to the notorious NULL files problem. So,
1022 * we mark this inode and flush it when the file is closed,
1023 * and do not wait the usual (long) time for writeout.
1024 */
1025 xfs_iflags_set(ip, XFS_ITRUNCATED);
1026
1027 /* A truncate down always removes post-EOF blocks. */
1028 xfs_inode_clear_eofblocks_tag(ip);
1029 }
1030
1031 if (iattr->ia_valid & ATTR_MODE)
1032 xfs_setattr_mode(ip, iattr);
1033 if (iattr->ia_valid & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME))
1034 xfs_setattr_time(ip, iattr);
1035
1036 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
1037
1038 XFS_STATS_INC(mp, xs_ig_attrchg);
1039
1040 if (mp->m_flags & XFS_MOUNT_WSYNC)
1041 xfs_trans_set_sync(tp);
1042
1043 error = xfs_trans_commit(tp);
1044out_unlock:
1045 if (lock_flags)
1046 xfs_iunlock(ip, lock_flags);
1047 return error;
1048
1049out_trans_cancel:
1050 xfs_trans_cancel(tp);
1051 goto out_unlock;
1052}
1053
1054int
1055xfs_vn_setattr_size(
1056 struct user_namespace *mnt_userns,
1057 struct dentry *dentry,
1058 struct iattr *iattr)
1059{
1060 struct xfs_inode *ip = XFS_I(d_inode(dentry));
1061 int error;
1062
1063 trace_xfs_setattr(ip);
1064
1065 error = xfs_vn_change_ok(mnt_userns, dentry, iattr);
1066 if (error)
1067 return error;
1068 return xfs_setattr_size(mnt_userns, ip, iattr);
1069}
1070
1071STATIC int
1072xfs_vn_setattr(
1073 struct user_namespace *mnt_userns,
1074 struct dentry *dentry,
1075 struct iattr *iattr)
1076{
1077 struct inode *inode = d_inode(dentry);
1078 struct xfs_inode *ip = XFS_I(inode);
1079 int error;
1080
1081 if (iattr->ia_valid & ATTR_SIZE) {
1082 uint iolock;
1083
1084 xfs_ilock(ip, XFS_MMAPLOCK_EXCL);
1085 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL;
1086
1087 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP);
1088 if (error) {
1089 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1090 return error;
1091 }
1092
1093 error = xfs_vn_setattr_size(mnt_userns, dentry, iattr);
1094 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1095 } else {
1096 trace_xfs_setattr(ip);
1097
1098 error = xfs_vn_change_ok(mnt_userns, dentry, iattr);
1099 if (!error)
1100 error = xfs_setattr_nonsize(mnt_userns, ip, iattr);
1101 }
1102
1103 return error;
1104}
1105
1106STATIC int
1107xfs_vn_update_time(
1108 struct inode *inode,
1109 struct timespec64 *now,
1110 int flags)
1111{
1112 struct xfs_inode *ip = XFS_I(inode);
1113 struct xfs_mount *mp = ip->i_mount;
1114 int log_flags = XFS_ILOG_TIMESTAMP;
1115 struct xfs_trans *tp;
1116 int error;
1117
1118 trace_xfs_update_time(ip);
1119
1120 if (inode->i_sb->s_flags & SB_LAZYTIME) {
1121 if (!((flags & S_VERSION) &&
1122 inode_maybe_inc_iversion(inode, false)))
1123 return generic_update_time(inode, now, flags);
1124
1125 /* Capture the iversion update that just occurred */
1126 log_flags |= XFS_ILOG_CORE;
1127 }
1128
1129 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp);
1130 if (error)
1131 return error;
1132
1133 xfs_ilock(ip, XFS_ILOCK_EXCL);
1134 if (flags & S_CTIME)
1135 inode->i_ctime = *now;
1136 if (flags & S_MTIME)
1137 inode->i_mtime = *now;
1138 if (flags & S_ATIME)
1139 inode->i_atime = *now;
1140
1141 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
1142 xfs_trans_log_inode(tp, ip, log_flags);
1143 return xfs_trans_commit(tp);
1144}
1145
1146STATIC int
1147xfs_vn_fiemap(
1148 struct inode *inode,
1149 struct fiemap_extent_info *fieinfo,
1150 u64 start,
1151 u64 length)
1152{
1153 int error;
1154
1155 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED);
1156 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) {
1157 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR;
1158 error = iomap_fiemap(inode, fieinfo, start, length,
1159 &xfs_xattr_iomap_ops);
1160 } else {
1161 error = iomap_fiemap(inode, fieinfo, start, length,
1162 &xfs_read_iomap_ops);
1163 }
1164 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED);
1165
1166 return error;
1167}
1168
1169STATIC int
1170xfs_vn_tmpfile(
1171 struct user_namespace *mnt_userns,
1172 struct inode *dir,
1173 struct dentry *dentry,
1174 umode_t mode)
1175{
1176 return xfs_generic_create(mnt_userns, dir, dentry, mode, 0, true);
1177}
1178
1179static const struct inode_operations xfs_inode_operations = {
1180 .get_acl = xfs_get_acl,
1181 .set_acl = xfs_set_acl,
1182 .getattr = xfs_vn_getattr,
1183 .setattr = xfs_vn_setattr,
1184 .listxattr = xfs_vn_listxattr,
1185 .fiemap = xfs_vn_fiemap,
1186 .update_time = xfs_vn_update_time,
1187 .fileattr_get = xfs_fileattr_get,
1188 .fileattr_set = xfs_fileattr_set,
1189};
1190
1191static const struct inode_operations xfs_dir_inode_operations = {
1192 .create = xfs_vn_create,
1193 .lookup = xfs_vn_lookup,
1194 .link = xfs_vn_link,
1195 .unlink = xfs_vn_unlink,
1196 .symlink = xfs_vn_symlink,
1197 .mkdir = xfs_vn_mkdir,
1198 /*
1199 * Yes, XFS uses the same method for rmdir and unlink.
1200 *
1201 * There are some subtile differences deeper in the code,
1202 * but we use S_ISDIR to check for those.
1203 */
1204 .rmdir = xfs_vn_unlink,
1205 .mknod = xfs_vn_mknod,
1206 .rename = xfs_vn_rename,
1207 .get_acl = xfs_get_acl,
1208 .set_acl = xfs_set_acl,
1209 .getattr = xfs_vn_getattr,
1210 .setattr = xfs_vn_setattr,
1211 .listxattr = xfs_vn_listxattr,
1212 .update_time = xfs_vn_update_time,
1213 .tmpfile = xfs_vn_tmpfile,
1214 .fileattr_get = xfs_fileattr_get,
1215 .fileattr_set = xfs_fileattr_set,
1216};
1217
1218static const struct inode_operations xfs_dir_ci_inode_operations = {
1219 .create = xfs_vn_create,
1220 .lookup = xfs_vn_ci_lookup,
1221 .link = xfs_vn_link,
1222 .unlink = xfs_vn_unlink,
1223 .symlink = xfs_vn_symlink,
1224 .mkdir = xfs_vn_mkdir,
1225 /*
1226 * Yes, XFS uses the same method for rmdir and unlink.
1227 *
1228 * There are some subtile differences deeper in the code,
1229 * but we use S_ISDIR to check for those.
1230 */
1231 .rmdir = xfs_vn_unlink,
1232 .mknod = xfs_vn_mknod,
1233 .rename = xfs_vn_rename,
1234 .get_acl = xfs_get_acl,
1235 .set_acl = xfs_set_acl,
1236 .getattr = xfs_vn_getattr,
1237 .setattr = xfs_vn_setattr,
1238 .listxattr = xfs_vn_listxattr,
1239 .update_time = xfs_vn_update_time,
1240 .tmpfile = xfs_vn_tmpfile,
1241 .fileattr_get = xfs_fileattr_get,
1242 .fileattr_set = xfs_fileattr_set,
1243};
1244
1245static const struct inode_operations xfs_symlink_inode_operations = {
1246 .get_link = xfs_vn_get_link,
1247 .getattr = xfs_vn_getattr,
1248 .setattr = xfs_vn_setattr,
1249 .listxattr = xfs_vn_listxattr,
1250 .update_time = xfs_vn_update_time,
1251};
1252
1253static const struct inode_operations xfs_inline_symlink_inode_operations = {
1254 .get_link = xfs_vn_get_link_inline,
1255 .getattr = xfs_vn_getattr,
1256 .setattr = xfs_vn_setattr,
1257 .listxattr = xfs_vn_listxattr,
1258 .update_time = xfs_vn_update_time,
1259};
1260
1261/* Figure out if this file actually supports DAX. */
1262static bool
1263xfs_inode_supports_dax(
1264 struct xfs_inode *ip)
1265{
1266 struct xfs_mount *mp = ip->i_mount;
1267
1268 /* Only supported on regular files. */
1269 if (!S_ISREG(VFS_I(ip)->i_mode))
1270 return false;
1271
1272 /* Only supported on non-reflinked files. */
1273 if (xfs_is_reflink_inode(ip))
1274 return false;
1275
1276 /* Block size must match page size */
1277 if (mp->m_sb.sb_blocksize != PAGE_SIZE)
1278 return false;
1279
1280 /* Device has to support DAX too. */
1281 return xfs_inode_buftarg(ip)->bt_daxdev != NULL;
1282}
1283
1284static bool
1285xfs_inode_should_enable_dax(
1286 struct xfs_inode *ip)
1287{
1288 if (!IS_ENABLED(CONFIG_FS_DAX))
1289 return false;
1290 if (ip->i_mount->m_flags & XFS_MOUNT_DAX_NEVER)
1291 return false;
1292 if (!xfs_inode_supports_dax(ip))
1293 return false;
1294 if (ip->i_mount->m_flags & XFS_MOUNT_DAX_ALWAYS)
1295 return true;
1296 if (ip->i_diflags2 & XFS_DIFLAG2_DAX)
1297 return true;
1298 return false;
1299}
1300
1301void
1302xfs_diflags_to_iflags(
1303 struct xfs_inode *ip,
1304 bool init)
1305{
1306 struct inode *inode = VFS_I(ip);
1307 unsigned int xflags = xfs_ip2xflags(ip);
1308 unsigned int flags = 0;
1309
1310 ASSERT(!(IS_DAX(inode) && init));
1311
1312 if (xflags & FS_XFLAG_IMMUTABLE)
1313 flags |= S_IMMUTABLE;
1314 if (xflags & FS_XFLAG_APPEND)
1315 flags |= S_APPEND;
1316 if (xflags & FS_XFLAG_SYNC)
1317 flags |= S_SYNC;
1318 if (xflags & FS_XFLAG_NOATIME)
1319 flags |= S_NOATIME;
1320 if (init && xfs_inode_should_enable_dax(ip))
1321 flags |= S_DAX;
1322
1323 /*
1324 * S_DAX can only be set during inode initialization and is never set by
1325 * the VFS, so we cannot mask off S_DAX in i_flags.
1326 */
1327 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME);
1328 inode->i_flags |= flags;
1329}
1330
1331/*
1332 * Initialize the Linux inode.
1333 *
1334 * When reading existing inodes from disk this is called directly from xfs_iget,
1335 * when creating a new inode it is called from xfs_ialloc after setting up the
1336 * inode. These callers have different criteria for clearing XFS_INEW, so leave
1337 * it up to the caller to deal with unlocking the inode appropriately.
1338 */
1339void
1340xfs_setup_inode(
1341 struct xfs_inode *ip)
1342{
1343 struct inode *inode = &ip->i_vnode;
1344 gfp_t gfp_mask;
1345
1346 inode->i_ino = ip->i_ino;
1347 inode->i_state = I_NEW;
1348
1349 inode_sb_list_add(inode);
1350 /* make the inode look hashed for the writeback code */
1351 inode_fake_hash(inode);
1352
1353 i_size_write(inode, ip->i_disk_size);
1354 xfs_diflags_to_iflags(ip, true);
1355
1356 if (S_ISDIR(inode->i_mode)) {
1357 /*
1358 * We set the i_rwsem class here to avoid potential races with
1359 * lockdep_annotate_inode_mutex_key() reinitialising the lock
1360 * after a filehandle lookup has already found the inode in
1361 * cache before it has been unlocked via unlock_new_inode().
1362 */
1363 lockdep_set_class(&inode->i_rwsem,
1364 &inode->i_sb->s_type->i_mutex_dir_key);
1365 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class);
1366 } else {
1367 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class);
1368 }
1369
1370 /*
1371 * Ensure all page cache allocations are done from GFP_NOFS context to
1372 * prevent direct reclaim recursion back into the filesystem and blowing
1373 * stacks or deadlocking.
1374 */
1375 gfp_mask = mapping_gfp_mask(inode->i_mapping);
1376 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS)));
1377
1378 /*
1379 * If there is no attribute fork no ACL can exist on this inode,
1380 * and it can't have any file capabilities attached to it either.
1381 */
1382 if (!XFS_IFORK_Q(ip)) {
1383 inode_has_no_xattr(inode);
1384 cache_no_acl(inode);
1385 }
1386}
1387
1388void
1389xfs_setup_iops(
1390 struct xfs_inode *ip)
1391{
1392 struct inode *inode = &ip->i_vnode;
1393
1394 switch (inode->i_mode & S_IFMT) {
1395 case S_IFREG:
1396 inode->i_op = &xfs_inode_operations;
1397 inode->i_fop = &xfs_file_operations;
1398 if (IS_DAX(inode))
1399 inode->i_mapping->a_ops = &xfs_dax_aops;
1400 else
1401 inode->i_mapping->a_ops = &xfs_address_space_operations;
1402 break;
1403 case S_IFDIR:
1404 if (xfs_sb_version_hasasciici(&XFS_M(inode->i_sb)->m_sb))
1405 inode->i_op = &xfs_dir_ci_inode_operations;
1406 else
1407 inode->i_op = &xfs_dir_inode_operations;
1408 inode->i_fop = &xfs_dir_file_operations;
1409 break;
1410 case S_IFLNK:
1411 if (ip->i_df.if_format == XFS_DINODE_FMT_LOCAL)
1412 inode->i_op = &xfs_inline_symlink_inode_operations;
1413 else
1414 inode->i_op = &xfs_symlink_inode_operations;
1415 break;
1416 default:
1417 inode->i_op = &xfs_inode_operations;
1418 init_special_inode(inode, inode->i_mode, inode->i_rdev);
1419 break;
1420 }
1421}
1/*
2 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
3 * All Rights Reserved.
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18#include "xfs.h"
19#include "xfs_fs.h"
20#include "xfs_shared.h"
21#include "xfs_format.h"
22#include "xfs_log_format.h"
23#include "xfs_trans_resv.h"
24#include "xfs_mount.h"
25#include "xfs_da_format.h"
26#include "xfs_inode.h"
27#include "xfs_bmap.h"
28#include "xfs_bmap_util.h"
29#include "xfs_acl.h"
30#include "xfs_quota.h"
31#include "xfs_error.h"
32#include "xfs_attr.h"
33#include "xfs_trans.h"
34#include "xfs_trace.h"
35#include "xfs_icache.h"
36#include "xfs_symlink.h"
37#include "xfs_da_btree.h"
38#include "xfs_dir2.h"
39#include "xfs_trans_space.h"
40#include "xfs_pnfs.h"
41#include "xfs_iomap.h"
42
43#include <linux/capability.h>
44#include <linux/xattr.h>
45#include <linux/posix_acl.h>
46#include <linux/security.h>
47#include <linux/iomap.h>
48#include <linux/slab.h>
49#include <linux/iversion.h>
50
51/*
52 * Directories have different lock order w.r.t. mmap_sem compared to regular
53 * files. This is due to readdir potentially triggering page faults on a user
54 * buffer inside filldir(), and this happens with the ilock on the directory
55 * held. For regular files, the lock order is the other way around - the
56 * mmap_sem is taken during the page fault, and then we lock the ilock to do
57 * block mapping. Hence we need a different class for the directory ilock so
58 * that lockdep can tell them apart.
59 */
60static struct lock_class_key xfs_nondir_ilock_class;
61static struct lock_class_key xfs_dir_ilock_class;
62
63static int
64xfs_initxattrs(
65 struct inode *inode,
66 const struct xattr *xattr_array,
67 void *fs_info)
68{
69 const struct xattr *xattr;
70 struct xfs_inode *ip = XFS_I(inode);
71 int error = 0;
72
73 for (xattr = xattr_array; xattr->name != NULL; xattr++) {
74 error = xfs_attr_set(ip, xattr->name, xattr->value,
75 xattr->value_len, ATTR_SECURE);
76 if (error < 0)
77 break;
78 }
79 return error;
80}
81
82/*
83 * Hook in SELinux. This is not quite correct yet, what we really need
84 * here (as we do for default ACLs) is a mechanism by which creation of
85 * these attrs can be journalled at inode creation time (along with the
86 * inode, of course, such that log replay can't cause these to be lost).
87 */
88
89STATIC int
90xfs_init_security(
91 struct inode *inode,
92 struct inode *dir,
93 const struct qstr *qstr)
94{
95 return security_inode_init_security(inode, dir, qstr,
96 &xfs_initxattrs, NULL);
97}
98
99static void
100xfs_dentry_to_name(
101 struct xfs_name *namep,
102 struct dentry *dentry)
103{
104 namep->name = dentry->d_name.name;
105 namep->len = dentry->d_name.len;
106 namep->type = XFS_DIR3_FT_UNKNOWN;
107}
108
109static int
110xfs_dentry_mode_to_name(
111 struct xfs_name *namep,
112 struct dentry *dentry,
113 int mode)
114{
115 namep->name = dentry->d_name.name;
116 namep->len = dentry->d_name.len;
117 namep->type = xfs_mode_to_ftype(mode);
118
119 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN))
120 return -EFSCORRUPTED;
121
122 return 0;
123}
124
125STATIC void
126xfs_cleanup_inode(
127 struct inode *dir,
128 struct inode *inode,
129 struct dentry *dentry)
130{
131 struct xfs_name teardown;
132
133 /* Oh, the horror.
134 * If we can't add the ACL or we fail in
135 * xfs_init_security we must back out.
136 * ENOSPC can hit here, among other things.
137 */
138 xfs_dentry_to_name(&teardown, dentry);
139
140 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode));
141}
142
143STATIC int
144xfs_generic_create(
145 struct inode *dir,
146 struct dentry *dentry,
147 umode_t mode,
148 dev_t rdev,
149 bool tmpfile) /* unnamed file */
150{
151 struct inode *inode;
152 struct xfs_inode *ip = NULL;
153 struct posix_acl *default_acl, *acl;
154 struct xfs_name name;
155 int error;
156
157 /*
158 * Irix uses Missed'em'V split, but doesn't want to see
159 * the upper 5 bits of (14bit) major.
160 */
161 if (S_ISCHR(mode) || S_ISBLK(mode)) {
162 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff))
163 return -EINVAL;
164 } else {
165 rdev = 0;
166 }
167
168 error = posix_acl_create(dir, &mode, &default_acl, &acl);
169 if (error)
170 return error;
171
172 /* Verify mode is valid also for tmpfile case */
173 error = xfs_dentry_mode_to_name(&name, dentry, mode);
174 if (unlikely(error))
175 goto out_free_acl;
176
177 if (!tmpfile) {
178 error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip);
179 } else {
180 error = xfs_create_tmpfile(XFS_I(dir), mode, &ip);
181 }
182 if (unlikely(error))
183 goto out_free_acl;
184
185 inode = VFS_I(ip);
186
187 error = xfs_init_security(inode, dir, &dentry->d_name);
188 if (unlikely(error))
189 goto out_cleanup_inode;
190
191#ifdef CONFIG_XFS_POSIX_ACL
192 if (default_acl) {
193 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
194 if (error)
195 goto out_cleanup_inode;
196 }
197 if (acl) {
198 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
199 if (error)
200 goto out_cleanup_inode;
201 }
202#endif
203
204 xfs_setup_iops(ip);
205
206 if (tmpfile)
207 d_tmpfile(dentry, inode);
208 else
209 d_instantiate(dentry, inode);
210
211 xfs_finish_inode_setup(ip);
212
213 out_free_acl:
214 if (default_acl)
215 posix_acl_release(default_acl);
216 if (acl)
217 posix_acl_release(acl);
218 return error;
219
220 out_cleanup_inode:
221 xfs_finish_inode_setup(ip);
222 if (!tmpfile)
223 xfs_cleanup_inode(dir, inode, dentry);
224 iput(inode);
225 goto out_free_acl;
226}
227
228STATIC int
229xfs_vn_mknod(
230 struct inode *dir,
231 struct dentry *dentry,
232 umode_t mode,
233 dev_t rdev)
234{
235 return xfs_generic_create(dir, dentry, mode, rdev, false);
236}
237
238STATIC int
239xfs_vn_create(
240 struct inode *dir,
241 struct dentry *dentry,
242 umode_t mode,
243 bool flags)
244{
245 return xfs_vn_mknod(dir, dentry, mode, 0);
246}
247
248STATIC int
249xfs_vn_mkdir(
250 struct inode *dir,
251 struct dentry *dentry,
252 umode_t mode)
253{
254 return xfs_vn_mknod(dir, dentry, mode|S_IFDIR, 0);
255}
256
257STATIC struct dentry *
258xfs_vn_lookup(
259 struct inode *dir,
260 struct dentry *dentry,
261 unsigned int flags)
262{
263 struct xfs_inode *cip;
264 struct xfs_name name;
265 int error;
266
267 if (dentry->d_name.len >= MAXNAMELEN)
268 return ERR_PTR(-ENAMETOOLONG);
269
270 xfs_dentry_to_name(&name, dentry);
271 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL);
272 if (unlikely(error)) {
273 if (unlikely(error != -ENOENT))
274 return ERR_PTR(error);
275 d_add(dentry, NULL);
276 return NULL;
277 }
278
279 return d_splice_alias(VFS_I(cip), dentry);
280}
281
282STATIC struct dentry *
283xfs_vn_ci_lookup(
284 struct inode *dir,
285 struct dentry *dentry,
286 unsigned int flags)
287{
288 struct xfs_inode *ip;
289 struct xfs_name xname;
290 struct xfs_name ci_name;
291 struct qstr dname;
292 int error;
293
294 if (dentry->d_name.len >= MAXNAMELEN)
295 return ERR_PTR(-ENAMETOOLONG);
296
297 xfs_dentry_to_name(&xname, dentry);
298 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name);
299 if (unlikely(error)) {
300 if (unlikely(error != -ENOENT))
301 return ERR_PTR(error);
302 /*
303 * call d_add(dentry, NULL) here when d_drop_negative_children
304 * is called in xfs_vn_mknod (ie. allow negative dentries
305 * with CI filesystems).
306 */
307 return NULL;
308 }
309
310 /* if exact match, just splice and exit */
311 if (!ci_name.name)
312 return d_splice_alias(VFS_I(ip), dentry);
313
314 /* else case-insensitive match... */
315 dname.name = ci_name.name;
316 dname.len = ci_name.len;
317 dentry = d_add_ci(dentry, VFS_I(ip), &dname);
318 kmem_free(ci_name.name);
319 return dentry;
320}
321
322STATIC int
323xfs_vn_link(
324 struct dentry *old_dentry,
325 struct inode *dir,
326 struct dentry *dentry)
327{
328 struct inode *inode = d_inode(old_dentry);
329 struct xfs_name name;
330 int error;
331
332 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode);
333 if (unlikely(error))
334 return error;
335
336 error = xfs_link(XFS_I(dir), XFS_I(inode), &name);
337 if (unlikely(error))
338 return error;
339
340 ihold(inode);
341 d_instantiate(dentry, inode);
342 return 0;
343}
344
345STATIC int
346xfs_vn_unlink(
347 struct inode *dir,
348 struct dentry *dentry)
349{
350 struct xfs_name name;
351 int error;
352
353 xfs_dentry_to_name(&name, dentry);
354
355 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry)));
356 if (error)
357 return error;
358
359 /*
360 * With unlink, the VFS makes the dentry "negative": no inode,
361 * but still hashed. This is incompatible with case-insensitive
362 * mode, so invalidate (unhash) the dentry in CI-mode.
363 */
364 if (xfs_sb_version_hasasciici(&XFS_M(dir->i_sb)->m_sb))
365 d_invalidate(dentry);
366 return 0;
367}
368
369STATIC int
370xfs_vn_symlink(
371 struct inode *dir,
372 struct dentry *dentry,
373 const char *symname)
374{
375 struct inode *inode;
376 struct xfs_inode *cip = NULL;
377 struct xfs_name name;
378 int error;
379 umode_t mode;
380
381 mode = S_IFLNK |
382 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO);
383 error = xfs_dentry_mode_to_name(&name, dentry, mode);
384 if (unlikely(error))
385 goto out;
386
387 error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip);
388 if (unlikely(error))
389 goto out;
390
391 inode = VFS_I(cip);
392
393 error = xfs_init_security(inode, dir, &dentry->d_name);
394 if (unlikely(error))
395 goto out_cleanup_inode;
396
397 xfs_setup_iops(cip);
398
399 d_instantiate(dentry, inode);
400 xfs_finish_inode_setup(cip);
401 return 0;
402
403 out_cleanup_inode:
404 xfs_finish_inode_setup(cip);
405 xfs_cleanup_inode(dir, inode, dentry);
406 iput(inode);
407 out:
408 return error;
409}
410
411STATIC int
412xfs_vn_rename(
413 struct inode *odir,
414 struct dentry *odentry,
415 struct inode *ndir,
416 struct dentry *ndentry,
417 unsigned int flags)
418{
419 struct inode *new_inode = d_inode(ndentry);
420 int omode = 0;
421 int error;
422 struct xfs_name oname;
423 struct xfs_name nname;
424
425 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
426 return -EINVAL;
427
428 /* if we are exchanging files, we need to set i_mode of both files */
429 if (flags & RENAME_EXCHANGE)
430 omode = d_inode(ndentry)->i_mode;
431
432 error = xfs_dentry_mode_to_name(&oname, odentry, omode);
433 if (omode && unlikely(error))
434 return error;
435
436 error = xfs_dentry_mode_to_name(&nname, ndentry,
437 d_inode(odentry)->i_mode);
438 if (unlikely(error))
439 return error;
440
441 return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)),
442 XFS_I(ndir), &nname,
443 new_inode ? XFS_I(new_inode) : NULL, flags);
444}
445
446/*
447 * careful here - this function can get called recursively, so
448 * we need to be very careful about how much stack we use.
449 * uio is kmalloced for this reason...
450 */
451STATIC const char *
452xfs_vn_get_link(
453 struct dentry *dentry,
454 struct inode *inode,
455 struct delayed_call *done)
456{
457 char *link;
458 int error = -ENOMEM;
459
460 if (!dentry)
461 return ERR_PTR(-ECHILD);
462
463 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL);
464 if (!link)
465 goto out_err;
466
467 error = xfs_readlink(XFS_I(d_inode(dentry)), link);
468 if (unlikely(error))
469 goto out_kfree;
470
471 set_delayed_call(done, kfree_link, link);
472 return link;
473
474 out_kfree:
475 kfree(link);
476 out_err:
477 return ERR_PTR(error);
478}
479
480STATIC const char *
481xfs_vn_get_link_inline(
482 struct dentry *dentry,
483 struct inode *inode,
484 struct delayed_call *done)
485{
486 ASSERT(XFS_I(inode)->i_df.if_flags & XFS_IFINLINE);
487 return XFS_I(inode)->i_df.if_u1.if_data;
488}
489
490STATIC int
491xfs_vn_getattr(
492 const struct path *path,
493 struct kstat *stat,
494 u32 request_mask,
495 unsigned int query_flags)
496{
497 struct inode *inode = d_inode(path->dentry);
498 struct xfs_inode *ip = XFS_I(inode);
499 struct xfs_mount *mp = ip->i_mount;
500
501 trace_xfs_getattr(ip);
502
503 if (XFS_FORCED_SHUTDOWN(mp))
504 return -EIO;
505
506 stat->size = XFS_ISIZE(ip);
507 stat->dev = inode->i_sb->s_dev;
508 stat->mode = inode->i_mode;
509 stat->nlink = inode->i_nlink;
510 stat->uid = inode->i_uid;
511 stat->gid = inode->i_gid;
512 stat->ino = ip->i_ino;
513 stat->atime = inode->i_atime;
514 stat->mtime = inode->i_mtime;
515 stat->ctime = inode->i_ctime;
516 stat->blocks =
517 XFS_FSB_TO_BB(mp, ip->i_d.di_nblocks + ip->i_delayed_blks);
518
519 if (ip->i_d.di_version == 3) {
520 if (request_mask & STATX_BTIME) {
521 stat->result_mask |= STATX_BTIME;
522 stat->btime.tv_sec = ip->i_d.di_crtime.t_sec;
523 stat->btime.tv_nsec = ip->i_d.di_crtime.t_nsec;
524 }
525 }
526
527 if (ip->i_d.di_flags & XFS_DIFLAG_IMMUTABLE)
528 stat->attributes |= STATX_ATTR_IMMUTABLE;
529 if (ip->i_d.di_flags & XFS_DIFLAG_APPEND)
530 stat->attributes |= STATX_ATTR_APPEND;
531 if (ip->i_d.di_flags & XFS_DIFLAG_NODUMP)
532 stat->attributes |= STATX_ATTR_NODUMP;
533
534 switch (inode->i_mode & S_IFMT) {
535 case S_IFBLK:
536 case S_IFCHR:
537 stat->blksize = BLKDEV_IOSIZE;
538 stat->rdev = inode->i_rdev;
539 break;
540 default:
541 if (XFS_IS_REALTIME_INODE(ip)) {
542 /*
543 * If the file blocks are being allocated from a
544 * realtime volume, then return the inode's realtime
545 * extent size or the realtime volume's extent size.
546 */
547 stat->blksize =
548 xfs_get_extsz_hint(ip) << mp->m_sb.sb_blocklog;
549 } else
550 stat->blksize = xfs_preferred_iosize(mp);
551 stat->rdev = 0;
552 break;
553 }
554
555 return 0;
556}
557
558static void
559xfs_setattr_mode(
560 struct xfs_inode *ip,
561 struct iattr *iattr)
562{
563 struct inode *inode = VFS_I(ip);
564 umode_t mode = iattr->ia_mode;
565
566 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
567
568 inode->i_mode &= S_IFMT;
569 inode->i_mode |= mode & ~S_IFMT;
570}
571
572void
573xfs_setattr_time(
574 struct xfs_inode *ip,
575 struct iattr *iattr)
576{
577 struct inode *inode = VFS_I(ip);
578
579 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
580
581 if (iattr->ia_valid & ATTR_ATIME)
582 inode->i_atime = iattr->ia_atime;
583 if (iattr->ia_valid & ATTR_CTIME)
584 inode->i_ctime = iattr->ia_ctime;
585 if (iattr->ia_valid & ATTR_MTIME)
586 inode->i_mtime = iattr->ia_mtime;
587}
588
589static int
590xfs_vn_change_ok(
591 struct dentry *dentry,
592 struct iattr *iattr)
593{
594 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount;
595
596 if (mp->m_flags & XFS_MOUNT_RDONLY)
597 return -EROFS;
598
599 if (XFS_FORCED_SHUTDOWN(mp))
600 return -EIO;
601
602 return setattr_prepare(dentry, iattr);
603}
604
605/*
606 * Set non-size attributes of an inode.
607 *
608 * Caution: The caller of this function is responsible for calling
609 * setattr_prepare() or otherwise verifying the change is fine.
610 */
611int
612xfs_setattr_nonsize(
613 struct xfs_inode *ip,
614 struct iattr *iattr,
615 int flags)
616{
617 xfs_mount_t *mp = ip->i_mount;
618 struct inode *inode = VFS_I(ip);
619 int mask = iattr->ia_valid;
620 xfs_trans_t *tp;
621 int error;
622 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID;
623 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID;
624 struct xfs_dquot *udqp = NULL, *gdqp = NULL;
625 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL;
626
627 ASSERT((mask & ATTR_SIZE) == 0);
628
629 /*
630 * If disk quotas is on, we make sure that the dquots do exist on disk,
631 * before we start any other transactions. Trying to do this later
632 * is messy. We don't care to take a readlock to look at the ids
633 * in inode here, because we can't hold it across the trans_reserve.
634 * If the IDs do change before we take the ilock, we're covered
635 * because the i_*dquot fields will get updated anyway.
636 */
637 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) {
638 uint qflags = 0;
639
640 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) {
641 uid = iattr->ia_uid;
642 qflags |= XFS_QMOPT_UQUOTA;
643 } else {
644 uid = inode->i_uid;
645 }
646 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) {
647 gid = iattr->ia_gid;
648 qflags |= XFS_QMOPT_GQUOTA;
649 } else {
650 gid = inode->i_gid;
651 }
652
653 /*
654 * We take a reference when we initialize udqp and gdqp,
655 * so it is important that we never blindly double trip on
656 * the same variable. See xfs_create() for an example.
657 */
658 ASSERT(udqp == NULL);
659 ASSERT(gdqp == NULL);
660 error = xfs_qm_vop_dqalloc(ip, xfs_kuid_to_uid(uid),
661 xfs_kgid_to_gid(gid),
662 xfs_get_projid(ip),
663 qflags, &udqp, &gdqp, NULL);
664 if (error)
665 return error;
666 }
667
668 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp);
669 if (error)
670 goto out_dqrele;
671
672 xfs_ilock(ip, XFS_ILOCK_EXCL);
673 xfs_trans_ijoin(tp, ip, 0);
674
675 /*
676 * Change file ownership. Must be the owner or privileged.
677 */
678 if (mask & (ATTR_UID|ATTR_GID)) {
679 /*
680 * These IDs could have changed since we last looked at them.
681 * But, we're assured that if the ownership did change
682 * while we didn't have the inode locked, inode's dquot(s)
683 * would have changed also.
684 */
685 iuid = inode->i_uid;
686 igid = inode->i_gid;
687 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid;
688 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid;
689
690 /*
691 * Do a quota reservation only if uid/gid is actually
692 * going to change.
693 */
694 if (XFS_IS_QUOTA_RUNNING(mp) &&
695 ((XFS_IS_UQUOTA_ON(mp) && !uid_eq(iuid, uid)) ||
696 (XFS_IS_GQUOTA_ON(mp) && !gid_eq(igid, gid)))) {
697 ASSERT(tp);
698 error = xfs_qm_vop_chown_reserve(tp, ip, udqp, gdqp,
699 NULL, capable(CAP_FOWNER) ?
700 XFS_QMOPT_FORCE_RES : 0);
701 if (error) /* out of quota */
702 goto out_cancel;
703 }
704 }
705
706 /*
707 * Change file ownership. Must be the owner or privileged.
708 */
709 if (mask & (ATTR_UID|ATTR_GID)) {
710 /*
711 * CAP_FSETID overrides the following restrictions:
712 *
713 * The set-user-ID and set-group-ID bits of a file will be
714 * cleared upon successful return from chown()
715 */
716 if ((inode->i_mode & (S_ISUID|S_ISGID)) &&
717 !capable(CAP_FSETID))
718 inode->i_mode &= ~(S_ISUID|S_ISGID);
719
720 /*
721 * Change the ownerships and register quota modifications
722 * in the transaction.
723 */
724 if (!uid_eq(iuid, uid)) {
725 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) {
726 ASSERT(mask & ATTR_UID);
727 ASSERT(udqp);
728 olddquot1 = xfs_qm_vop_chown(tp, ip,
729 &ip->i_udquot, udqp);
730 }
731 ip->i_d.di_uid = xfs_kuid_to_uid(uid);
732 inode->i_uid = uid;
733 }
734 if (!gid_eq(igid, gid)) {
735 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_GQUOTA_ON(mp)) {
736 ASSERT(xfs_sb_version_has_pquotino(&mp->m_sb) ||
737 !XFS_IS_PQUOTA_ON(mp));
738 ASSERT(mask & ATTR_GID);
739 ASSERT(gdqp);
740 olddquot2 = xfs_qm_vop_chown(tp, ip,
741 &ip->i_gdquot, gdqp);
742 }
743 ip->i_d.di_gid = xfs_kgid_to_gid(gid);
744 inode->i_gid = gid;
745 }
746 }
747
748 if (mask & ATTR_MODE)
749 xfs_setattr_mode(ip, iattr);
750 if (mask & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME))
751 xfs_setattr_time(ip, iattr);
752
753 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
754
755 XFS_STATS_INC(mp, xs_ig_attrchg);
756
757 if (mp->m_flags & XFS_MOUNT_WSYNC)
758 xfs_trans_set_sync(tp);
759 error = xfs_trans_commit(tp);
760
761 xfs_iunlock(ip, XFS_ILOCK_EXCL);
762
763 /*
764 * Release any dquot(s) the inode had kept before chown.
765 */
766 xfs_qm_dqrele(olddquot1);
767 xfs_qm_dqrele(olddquot2);
768 xfs_qm_dqrele(udqp);
769 xfs_qm_dqrele(gdqp);
770
771 if (error)
772 return error;
773
774 /*
775 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode
776 * update. We could avoid this with linked transactions
777 * and passing down the transaction pointer all the way
778 * to attr_set. No previous user of the generic
779 * Posix ACL code seems to care about this issue either.
780 */
781 if ((mask & ATTR_MODE) && !(flags & XFS_ATTR_NOACL)) {
782 error = posix_acl_chmod(inode, inode->i_mode);
783 if (error)
784 return error;
785 }
786
787 return 0;
788
789out_cancel:
790 xfs_trans_cancel(tp);
791out_dqrele:
792 xfs_qm_dqrele(udqp);
793 xfs_qm_dqrele(gdqp);
794 return error;
795}
796
797int
798xfs_vn_setattr_nonsize(
799 struct dentry *dentry,
800 struct iattr *iattr)
801{
802 struct xfs_inode *ip = XFS_I(d_inode(dentry));
803 int error;
804
805 trace_xfs_setattr(ip);
806
807 error = xfs_vn_change_ok(dentry, iattr);
808 if (error)
809 return error;
810 return xfs_setattr_nonsize(ip, iattr, 0);
811}
812
813/*
814 * Truncate file. Must have write permission and not be a directory.
815 *
816 * Caution: The caller of this function is responsible for calling
817 * setattr_prepare() or otherwise verifying the change is fine.
818 */
819STATIC int
820xfs_setattr_size(
821 struct xfs_inode *ip,
822 struct iattr *iattr)
823{
824 struct xfs_mount *mp = ip->i_mount;
825 struct inode *inode = VFS_I(ip);
826 xfs_off_t oldsize, newsize;
827 struct xfs_trans *tp;
828 int error;
829 uint lock_flags = 0;
830 bool did_zeroing = false;
831
832 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL));
833 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL));
834 ASSERT(S_ISREG(inode->i_mode));
835 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET|
836 ATTR_MTIME_SET|ATTR_KILL_PRIV|ATTR_TIMES_SET)) == 0);
837
838 oldsize = inode->i_size;
839 newsize = iattr->ia_size;
840
841 /*
842 * Short circuit the truncate case for zero length files.
843 */
844 if (newsize == 0 && oldsize == 0 && ip->i_d.di_nextents == 0) {
845 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME)))
846 return 0;
847
848 /*
849 * Use the regular setattr path to update the timestamps.
850 */
851 iattr->ia_valid &= ~ATTR_SIZE;
852 return xfs_setattr_nonsize(ip, iattr, 0);
853 }
854
855 /*
856 * Make sure that the dquots are attached to the inode.
857 */
858 error = xfs_qm_dqattach(ip, 0);
859 if (error)
860 return error;
861
862 /*
863 * Wait for all direct I/O to complete.
864 */
865 inode_dio_wait(inode);
866
867 /*
868 * File data changes must be complete before we start the transaction to
869 * modify the inode. This needs to be done before joining the inode to
870 * the transaction because the inode cannot be unlocked once it is a
871 * part of the transaction.
872 *
873 * Start with zeroing any data beyond EOF that we may expose on file
874 * extension, or zeroing out the rest of the block on a downward
875 * truncate.
876 */
877 if (newsize > oldsize) {
878 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize);
879 error = iomap_zero_range(inode, oldsize, newsize - oldsize,
880 &did_zeroing, &xfs_iomap_ops);
881 } else {
882 error = iomap_truncate_page(inode, newsize, &did_zeroing,
883 &xfs_iomap_ops);
884 }
885
886 if (error)
887 return error;
888
889 /*
890 * We've already locked out new page faults, so now we can safely remove
891 * pages from the page cache knowing they won't get refaulted until we
892 * drop the XFS_MMAP_EXCL lock after the extent manipulations are
893 * complete. The truncate_setsize() call also cleans partial EOF page
894 * PTEs on extending truncates and hence ensures sub-page block size
895 * filesystems are correctly handled, too.
896 *
897 * We have to do all the page cache truncate work outside the
898 * transaction context as the "lock" order is page lock->log space
899 * reservation as defined by extent allocation in the writeback path.
900 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but
901 * having already truncated the in-memory version of the file (i.e. made
902 * user visible changes). There's not much we can do about this, except
903 * to hope that the caller sees ENOMEM and retries the truncate
904 * operation.
905 *
906 * And we update in-core i_size and truncate page cache beyond newsize
907 * before writeback the [di_size, newsize] range, so we're guaranteed
908 * not to write stale data past the new EOF on truncate down.
909 */
910 truncate_setsize(inode, newsize);
911
912 /*
913 * We are going to log the inode size change in this transaction so
914 * any previous writes that are beyond the on disk EOF and the new
915 * EOF that have not been written out need to be written here. If we
916 * do not write the data out, we expose ourselves to the null files
917 * problem. Note that this includes any block zeroing we did above;
918 * otherwise those blocks may not be zeroed after a crash.
919 */
920 if (did_zeroing ||
921 (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) {
922 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping,
923 ip->i_d.di_size, newsize - 1);
924 if (error)
925 return error;
926 }
927
928 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp);
929 if (error)
930 return error;
931
932 lock_flags |= XFS_ILOCK_EXCL;
933 xfs_ilock(ip, XFS_ILOCK_EXCL);
934 xfs_trans_ijoin(tp, ip, 0);
935
936 /*
937 * Only change the c/mtime if we are changing the size or we are
938 * explicitly asked to change it. This handles the semantic difference
939 * between truncate() and ftruncate() as implemented in the VFS.
940 *
941 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a
942 * special case where we need to update the times despite not having
943 * these flags set. For all other operations the VFS set these flags
944 * explicitly if it wants a timestamp update.
945 */
946 if (newsize != oldsize &&
947 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) {
948 iattr->ia_ctime = iattr->ia_mtime =
949 current_time(inode);
950 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME;
951 }
952
953 /*
954 * The first thing we do is set the size to new_size permanently on
955 * disk. This way we don't have to worry about anyone ever being able
956 * to look at the data being freed even in the face of a crash.
957 * What we're getting around here is the case where we free a block, it
958 * is allocated to another file, it is written to, and then we crash.
959 * If the new data gets written to the file but the log buffers
960 * containing the free and reallocation don't, then we'd end up with
961 * garbage in the blocks being freed. As long as we make the new size
962 * permanent before actually freeing any blocks it doesn't matter if
963 * they get written to.
964 */
965 ip->i_d.di_size = newsize;
966 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
967
968 if (newsize <= oldsize) {
969 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize);
970 if (error)
971 goto out_trans_cancel;
972
973 /*
974 * Truncated "down", so we're removing references to old data
975 * here - if we delay flushing for a long time, we expose
976 * ourselves unduly to the notorious NULL files problem. So,
977 * we mark this inode and flush it when the file is closed,
978 * and do not wait the usual (long) time for writeout.
979 */
980 xfs_iflags_set(ip, XFS_ITRUNCATED);
981
982 /* A truncate down always removes post-EOF blocks. */
983 xfs_inode_clear_eofblocks_tag(ip);
984 }
985
986 if (iattr->ia_valid & ATTR_MODE)
987 xfs_setattr_mode(ip, iattr);
988 if (iattr->ia_valid & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME))
989 xfs_setattr_time(ip, iattr);
990
991 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
992
993 XFS_STATS_INC(mp, xs_ig_attrchg);
994
995 if (mp->m_flags & XFS_MOUNT_WSYNC)
996 xfs_trans_set_sync(tp);
997
998 error = xfs_trans_commit(tp);
999out_unlock:
1000 if (lock_flags)
1001 xfs_iunlock(ip, lock_flags);
1002 return error;
1003
1004out_trans_cancel:
1005 xfs_trans_cancel(tp);
1006 goto out_unlock;
1007}
1008
1009int
1010xfs_vn_setattr_size(
1011 struct dentry *dentry,
1012 struct iattr *iattr)
1013{
1014 struct xfs_inode *ip = XFS_I(d_inode(dentry));
1015 int error;
1016
1017 trace_xfs_setattr(ip);
1018
1019 error = xfs_vn_change_ok(dentry, iattr);
1020 if (error)
1021 return error;
1022 return xfs_setattr_size(ip, iattr);
1023}
1024
1025STATIC int
1026xfs_vn_setattr(
1027 struct dentry *dentry,
1028 struct iattr *iattr)
1029{
1030 int error;
1031
1032 if (iattr->ia_valid & ATTR_SIZE) {
1033 struct xfs_inode *ip = XFS_I(d_inode(dentry));
1034 uint iolock = XFS_IOLOCK_EXCL;
1035
1036 error = xfs_break_layouts(d_inode(dentry), &iolock);
1037 if (error)
1038 return error;
1039
1040 xfs_ilock(ip, XFS_MMAPLOCK_EXCL);
1041 error = xfs_vn_setattr_size(dentry, iattr);
1042 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1043 } else {
1044 error = xfs_vn_setattr_nonsize(dentry, iattr);
1045 }
1046
1047 return error;
1048}
1049
1050STATIC int
1051xfs_vn_update_time(
1052 struct inode *inode,
1053 struct timespec *now,
1054 int flags)
1055{
1056 struct xfs_inode *ip = XFS_I(inode);
1057 struct xfs_mount *mp = ip->i_mount;
1058 int log_flags = XFS_ILOG_TIMESTAMP;
1059 struct xfs_trans *tp;
1060 int error;
1061
1062 trace_xfs_update_time(ip);
1063
1064 if (inode->i_sb->s_flags & SB_LAZYTIME) {
1065 if (!((flags & S_VERSION) &&
1066 inode_maybe_inc_iversion(inode, false)))
1067 return generic_update_time(inode, now, flags);
1068
1069 /* Capture the iversion update that just occurred */
1070 log_flags |= XFS_ILOG_CORE;
1071 }
1072
1073 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp);
1074 if (error)
1075 return error;
1076
1077 xfs_ilock(ip, XFS_ILOCK_EXCL);
1078 if (flags & S_CTIME)
1079 inode->i_ctime = *now;
1080 if (flags & S_MTIME)
1081 inode->i_mtime = *now;
1082 if (flags & S_ATIME)
1083 inode->i_atime = *now;
1084
1085 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
1086 xfs_trans_log_inode(tp, ip, log_flags);
1087 return xfs_trans_commit(tp);
1088}
1089
1090STATIC int
1091xfs_vn_fiemap(
1092 struct inode *inode,
1093 struct fiemap_extent_info *fieinfo,
1094 u64 start,
1095 u64 length)
1096{
1097 int error;
1098
1099 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED);
1100 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) {
1101 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR;
1102 error = iomap_fiemap(inode, fieinfo, start, length,
1103 &xfs_xattr_iomap_ops);
1104 } else {
1105 error = iomap_fiemap(inode, fieinfo, start, length,
1106 &xfs_iomap_ops);
1107 }
1108 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED);
1109
1110 return error;
1111}
1112
1113STATIC int
1114xfs_vn_tmpfile(
1115 struct inode *dir,
1116 struct dentry *dentry,
1117 umode_t mode)
1118{
1119 return xfs_generic_create(dir, dentry, mode, 0, true);
1120}
1121
1122static const struct inode_operations xfs_inode_operations = {
1123 .get_acl = xfs_get_acl,
1124 .set_acl = xfs_set_acl,
1125 .getattr = xfs_vn_getattr,
1126 .setattr = xfs_vn_setattr,
1127 .listxattr = xfs_vn_listxattr,
1128 .fiemap = xfs_vn_fiemap,
1129 .update_time = xfs_vn_update_time,
1130};
1131
1132static const struct inode_operations xfs_dir_inode_operations = {
1133 .create = xfs_vn_create,
1134 .lookup = xfs_vn_lookup,
1135 .link = xfs_vn_link,
1136 .unlink = xfs_vn_unlink,
1137 .symlink = xfs_vn_symlink,
1138 .mkdir = xfs_vn_mkdir,
1139 /*
1140 * Yes, XFS uses the same method for rmdir and unlink.
1141 *
1142 * There are some subtile differences deeper in the code,
1143 * but we use S_ISDIR to check for those.
1144 */
1145 .rmdir = xfs_vn_unlink,
1146 .mknod = xfs_vn_mknod,
1147 .rename = xfs_vn_rename,
1148 .get_acl = xfs_get_acl,
1149 .set_acl = xfs_set_acl,
1150 .getattr = xfs_vn_getattr,
1151 .setattr = xfs_vn_setattr,
1152 .listxattr = xfs_vn_listxattr,
1153 .update_time = xfs_vn_update_time,
1154 .tmpfile = xfs_vn_tmpfile,
1155};
1156
1157static const struct inode_operations xfs_dir_ci_inode_operations = {
1158 .create = xfs_vn_create,
1159 .lookup = xfs_vn_ci_lookup,
1160 .link = xfs_vn_link,
1161 .unlink = xfs_vn_unlink,
1162 .symlink = xfs_vn_symlink,
1163 .mkdir = xfs_vn_mkdir,
1164 /*
1165 * Yes, XFS uses the same method for rmdir and unlink.
1166 *
1167 * There are some subtile differences deeper in the code,
1168 * but we use S_ISDIR to check for those.
1169 */
1170 .rmdir = xfs_vn_unlink,
1171 .mknod = xfs_vn_mknod,
1172 .rename = xfs_vn_rename,
1173 .get_acl = xfs_get_acl,
1174 .set_acl = xfs_set_acl,
1175 .getattr = xfs_vn_getattr,
1176 .setattr = xfs_vn_setattr,
1177 .listxattr = xfs_vn_listxattr,
1178 .update_time = xfs_vn_update_time,
1179 .tmpfile = xfs_vn_tmpfile,
1180};
1181
1182static const struct inode_operations xfs_symlink_inode_operations = {
1183 .get_link = xfs_vn_get_link,
1184 .getattr = xfs_vn_getattr,
1185 .setattr = xfs_vn_setattr,
1186 .listxattr = xfs_vn_listxattr,
1187 .update_time = xfs_vn_update_time,
1188};
1189
1190static const struct inode_operations xfs_inline_symlink_inode_operations = {
1191 .get_link = xfs_vn_get_link_inline,
1192 .getattr = xfs_vn_getattr,
1193 .setattr = xfs_vn_setattr,
1194 .listxattr = xfs_vn_listxattr,
1195 .update_time = xfs_vn_update_time,
1196};
1197
1198STATIC void
1199xfs_diflags_to_iflags(
1200 struct inode *inode,
1201 struct xfs_inode *ip)
1202{
1203 uint16_t flags = ip->i_d.di_flags;
1204
1205 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC |
1206 S_NOATIME | S_DAX);
1207
1208 if (flags & XFS_DIFLAG_IMMUTABLE)
1209 inode->i_flags |= S_IMMUTABLE;
1210 if (flags & XFS_DIFLAG_APPEND)
1211 inode->i_flags |= S_APPEND;
1212 if (flags & XFS_DIFLAG_SYNC)
1213 inode->i_flags |= S_SYNC;
1214 if (flags & XFS_DIFLAG_NOATIME)
1215 inode->i_flags |= S_NOATIME;
1216 if (S_ISREG(inode->i_mode) &&
1217 ip->i_mount->m_sb.sb_blocksize == PAGE_SIZE &&
1218 !xfs_is_reflink_inode(ip) &&
1219 (ip->i_mount->m_flags & XFS_MOUNT_DAX ||
1220 ip->i_d.di_flags2 & XFS_DIFLAG2_DAX))
1221 inode->i_flags |= S_DAX;
1222}
1223
1224/*
1225 * Initialize the Linux inode.
1226 *
1227 * When reading existing inodes from disk this is called directly from xfs_iget,
1228 * when creating a new inode it is called from xfs_ialloc after setting up the
1229 * inode. These callers have different criteria for clearing XFS_INEW, so leave
1230 * it up to the caller to deal with unlocking the inode appropriately.
1231 */
1232void
1233xfs_setup_inode(
1234 struct xfs_inode *ip)
1235{
1236 struct inode *inode = &ip->i_vnode;
1237 gfp_t gfp_mask;
1238
1239 inode->i_ino = ip->i_ino;
1240 inode->i_state = I_NEW;
1241
1242 inode_sb_list_add(inode);
1243 /* make the inode look hashed for the writeback code */
1244 hlist_add_fake(&inode->i_hash);
1245
1246 inode->i_uid = xfs_uid_to_kuid(ip->i_d.di_uid);
1247 inode->i_gid = xfs_gid_to_kgid(ip->i_d.di_gid);
1248
1249 i_size_write(inode, ip->i_d.di_size);
1250 xfs_diflags_to_iflags(inode, ip);
1251
1252 if (S_ISDIR(inode->i_mode)) {
1253 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class);
1254 ip->d_ops = ip->i_mount->m_dir_inode_ops;
1255 } else {
1256 ip->d_ops = ip->i_mount->m_nondir_inode_ops;
1257 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class);
1258 }
1259
1260 /*
1261 * Ensure all page cache allocations are done from GFP_NOFS context to
1262 * prevent direct reclaim recursion back into the filesystem and blowing
1263 * stacks or deadlocking.
1264 */
1265 gfp_mask = mapping_gfp_mask(inode->i_mapping);
1266 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS)));
1267
1268 /*
1269 * If there is no attribute fork no ACL can exist on this inode,
1270 * and it can't have any file capabilities attached to it either.
1271 */
1272 if (!XFS_IFORK_Q(ip)) {
1273 inode_has_no_xattr(inode);
1274 cache_no_acl(inode);
1275 }
1276}
1277
1278void
1279xfs_setup_iops(
1280 struct xfs_inode *ip)
1281{
1282 struct inode *inode = &ip->i_vnode;
1283
1284 switch (inode->i_mode & S_IFMT) {
1285 case S_IFREG:
1286 inode->i_op = &xfs_inode_operations;
1287 inode->i_fop = &xfs_file_operations;
1288 if (IS_DAX(inode))
1289 inode->i_mapping->a_ops = &xfs_dax_aops;
1290 else
1291 inode->i_mapping->a_ops = &xfs_address_space_operations;
1292 break;
1293 case S_IFDIR:
1294 if (xfs_sb_version_hasasciici(&XFS_M(inode->i_sb)->m_sb))
1295 inode->i_op = &xfs_dir_ci_inode_operations;
1296 else
1297 inode->i_op = &xfs_dir_inode_operations;
1298 inode->i_fop = &xfs_dir_file_operations;
1299 break;
1300 case S_IFLNK:
1301 if (ip->i_df.if_flags & XFS_IFINLINE)
1302 inode->i_op = &xfs_inline_symlink_inode_operations;
1303 else
1304 inode->i_op = &xfs_symlink_inode_operations;
1305 break;
1306 default:
1307 inode->i_op = &xfs_inode_operations;
1308 init_special_inode(inode, inode->i_mode, inode->i_rdev);
1309 break;
1310 }
1311}