Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6#include "xfs.h"
7#include "xfs_fs.h"
8#include "xfs_shared.h"
9#include "xfs_format.h"
10#include "xfs_log_format.h"
11#include "xfs_trans_resv.h"
12#include "xfs_mount.h"
13#include "xfs_inode.h"
14#include "xfs_acl.h"
15#include "xfs_quota.h"
16#include "xfs_da_format.h"
17#include "xfs_da_btree.h"
18#include "xfs_attr.h"
19#include "xfs_trans.h"
20#include "xfs_trace.h"
21#include "xfs_icache.h"
22#include "xfs_symlink.h"
23#include "xfs_dir2.h"
24#include "xfs_iomap.h"
25#include "xfs_error.h"
26#include "xfs_ioctl.h"
27#include "xfs_xattr.h"
28
29#include <linux/posix_acl.h>
30#include <linux/security.h>
31#include <linux/iversion.h>
32#include <linux/fiemap.h>
33
34/*
35 * Directories have different lock order w.r.t. mmap_lock compared to regular
36 * files. This is due to readdir potentially triggering page faults on a user
37 * buffer inside filldir(), and this happens with the ilock on the directory
38 * held. For regular files, the lock order is the other way around - the
39 * mmap_lock is taken during the page fault, and then we lock the ilock to do
40 * block mapping. Hence we need a different class for the directory ilock so
41 * that lockdep can tell them apart.
42 */
43static struct lock_class_key xfs_nondir_ilock_class;
44static struct lock_class_key xfs_dir_ilock_class;
45
46static int
47xfs_initxattrs(
48 struct inode *inode,
49 const struct xattr *xattr_array,
50 void *fs_info)
51{
52 const struct xattr *xattr;
53 struct xfs_inode *ip = XFS_I(inode);
54 int error = 0;
55
56 for (xattr = xattr_array; xattr->name != NULL; xattr++) {
57 struct xfs_da_args args = {
58 .dp = ip,
59 .attr_filter = XFS_ATTR_SECURE,
60 .name = xattr->name,
61 .namelen = strlen(xattr->name),
62 .value = xattr->value,
63 .valuelen = xattr->value_len,
64 };
65 error = xfs_attr_change(&args);
66 if (error < 0)
67 break;
68 }
69 return error;
70}
71
72/*
73 * Hook in SELinux. This is not quite correct yet, what we really need
74 * here (as we do for default ACLs) is a mechanism by which creation of
75 * these attrs can be journalled at inode creation time (along with the
76 * inode, of course, such that log replay can't cause these to be lost).
77 */
78int
79xfs_inode_init_security(
80 struct inode *inode,
81 struct inode *dir,
82 const struct qstr *qstr)
83{
84 return security_inode_init_security(inode, dir, qstr,
85 &xfs_initxattrs, NULL);
86}
87
88static void
89xfs_dentry_to_name(
90 struct xfs_name *namep,
91 struct dentry *dentry)
92{
93 namep->name = dentry->d_name.name;
94 namep->len = dentry->d_name.len;
95 namep->type = XFS_DIR3_FT_UNKNOWN;
96}
97
98static int
99xfs_dentry_mode_to_name(
100 struct xfs_name *namep,
101 struct dentry *dentry,
102 int mode)
103{
104 namep->name = dentry->d_name.name;
105 namep->len = dentry->d_name.len;
106 namep->type = xfs_mode_to_ftype(mode);
107
108 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN))
109 return -EFSCORRUPTED;
110
111 return 0;
112}
113
114STATIC void
115xfs_cleanup_inode(
116 struct inode *dir,
117 struct inode *inode,
118 struct dentry *dentry)
119{
120 struct xfs_name teardown;
121
122 /* Oh, the horror.
123 * If we can't add the ACL or we fail in
124 * xfs_inode_init_security we must back out.
125 * ENOSPC can hit here, among other things.
126 */
127 xfs_dentry_to_name(&teardown, dentry);
128
129 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode));
130}
131
132/*
133 * Check to see if we are likely to need an extended attribute to be added to
134 * the inode we are about to allocate. This allows the attribute fork to be
135 * created during the inode allocation, reducing the number of transactions we
136 * need to do in this fast path.
137 *
138 * The security checks are optimistic, but not guaranteed. The two LSMs that
139 * require xattrs to be added here (selinux and smack) are also the only two
140 * LSMs that add a sb->s_security structure to the superblock. Hence if security
141 * is enabled and sb->s_security is set, we have a pretty good idea that we are
142 * going to be asked to add a security xattr immediately after allocating the
143 * xfs inode and instantiating the VFS inode.
144 */
145static inline bool
146xfs_create_need_xattr(
147 struct inode *dir,
148 struct posix_acl *default_acl,
149 struct posix_acl *acl)
150{
151 if (acl)
152 return true;
153 if (default_acl)
154 return true;
155#if IS_ENABLED(CONFIG_SECURITY)
156 if (dir->i_sb->s_security)
157 return true;
158#endif
159 return false;
160}
161
162
163STATIC int
164xfs_generic_create(
165 struct mnt_idmap *idmap,
166 struct inode *dir,
167 struct dentry *dentry,
168 umode_t mode,
169 dev_t rdev,
170 struct file *tmpfile) /* unnamed file */
171{
172 struct inode *inode;
173 struct xfs_inode *ip = NULL;
174 struct posix_acl *default_acl, *acl;
175 struct xfs_name name;
176 int error;
177
178 /*
179 * Irix uses Missed'em'V split, but doesn't want to see
180 * the upper 5 bits of (14bit) major.
181 */
182 if (S_ISCHR(mode) || S_ISBLK(mode)) {
183 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff))
184 return -EINVAL;
185 } else {
186 rdev = 0;
187 }
188
189 error = posix_acl_create(dir, &mode, &default_acl, &acl);
190 if (error)
191 return error;
192
193 /* Verify mode is valid also for tmpfile case */
194 error = xfs_dentry_mode_to_name(&name, dentry, mode);
195 if (unlikely(error))
196 goto out_free_acl;
197
198 if (!tmpfile) {
199 error = xfs_create(idmap, XFS_I(dir), &name, mode, rdev,
200 xfs_create_need_xattr(dir, default_acl, acl),
201 &ip);
202 } else {
203 error = xfs_create_tmpfile(idmap, XFS_I(dir), mode, &ip);
204 }
205 if (unlikely(error))
206 goto out_free_acl;
207
208 inode = VFS_I(ip);
209
210 error = xfs_inode_init_security(inode, dir, &dentry->d_name);
211 if (unlikely(error))
212 goto out_cleanup_inode;
213
214 if (default_acl) {
215 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
216 if (error)
217 goto out_cleanup_inode;
218 }
219 if (acl) {
220 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
221 if (error)
222 goto out_cleanup_inode;
223 }
224
225 xfs_setup_iops(ip);
226
227 if (tmpfile) {
228 /*
229 * The VFS requires that any inode fed to d_tmpfile must have
230 * nlink == 1 so that it can decrement the nlink in d_tmpfile.
231 * However, we created the temp file with nlink == 0 because
232 * we're not allowed to put an inode with nlink > 0 on the
233 * unlinked list. Therefore we have to set nlink to 1 so that
234 * d_tmpfile can immediately set it back to zero.
235 */
236 set_nlink(inode, 1);
237 d_tmpfile(tmpfile, inode);
238 } else
239 d_instantiate(dentry, inode);
240
241 xfs_finish_inode_setup(ip);
242
243 out_free_acl:
244 posix_acl_release(default_acl);
245 posix_acl_release(acl);
246 return error;
247
248 out_cleanup_inode:
249 xfs_finish_inode_setup(ip);
250 if (!tmpfile)
251 xfs_cleanup_inode(dir, inode, dentry);
252 xfs_irele(ip);
253 goto out_free_acl;
254}
255
256STATIC int
257xfs_vn_mknod(
258 struct mnt_idmap *idmap,
259 struct inode *dir,
260 struct dentry *dentry,
261 umode_t mode,
262 dev_t rdev)
263{
264 return xfs_generic_create(idmap, dir, dentry, mode, rdev, NULL);
265}
266
267STATIC int
268xfs_vn_create(
269 struct mnt_idmap *idmap,
270 struct inode *dir,
271 struct dentry *dentry,
272 umode_t mode,
273 bool flags)
274{
275 return xfs_generic_create(idmap, dir, dentry, mode, 0, NULL);
276}
277
278STATIC int
279xfs_vn_mkdir(
280 struct mnt_idmap *idmap,
281 struct inode *dir,
282 struct dentry *dentry,
283 umode_t mode)
284{
285 return xfs_generic_create(idmap, dir, dentry, mode | S_IFDIR, 0, NULL);
286}
287
288STATIC struct dentry *
289xfs_vn_lookup(
290 struct inode *dir,
291 struct dentry *dentry,
292 unsigned int flags)
293{
294 struct inode *inode;
295 struct xfs_inode *cip;
296 struct xfs_name name;
297 int error;
298
299 if (dentry->d_name.len >= MAXNAMELEN)
300 return ERR_PTR(-ENAMETOOLONG);
301
302 xfs_dentry_to_name(&name, dentry);
303 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL);
304 if (likely(!error))
305 inode = VFS_I(cip);
306 else if (likely(error == -ENOENT))
307 inode = NULL;
308 else
309 inode = ERR_PTR(error);
310 return d_splice_alias(inode, dentry);
311}
312
313STATIC struct dentry *
314xfs_vn_ci_lookup(
315 struct inode *dir,
316 struct dentry *dentry,
317 unsigned int flags)
318{
319 struct xfs_inode *ip;
320 struct xfs_name xname;
321 struct xfs_name ci_name;
322 struct qstr dname;
323 int error;
324
325 if (dentry->d_name.len >= MAXNAMELEN)
326 return ERR_PTR(-ENAMETOOLONG);
327
328 xfs_dentry_to_name(&xname, dentry);
329 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name);
330 if (unlikely(error)) {
331 if (unlikely(error != -ENOENT))
332 return ERR_PTR(error);
333 /*
334 * call d_add(dentry, NULL) here when d_drop_negative_children
335 * is called in xfs_vn_mknod (ie. allow negative dentries
336 * with CI filesystems).
337 */
338 return NULL;
339 }
340
341 /* if exact match, just splice and exit */
342 if (!ci_name.name)
343 return d_splice_alias(VFS_I(ip), dentry);
344
345 /* else case-insensitive match... */
346 dname.name = ci_name.name;
347 dname.len = ci_name.len;
348 dentry = d_add_ci(dentry, VFS_I(ip), &dname);
349 kmem_free(ci_name.name);
350 return dentry;
351}
352
353STATIC int
354xfs_vn_link(
355 struct dentry *old_dentry,
356 struct inode *dir,
357 struct dentry *dentry)
358{
359 struct inode *inode = d_inode(old_dentry);
360 struct xfs_name name;
361 int error;
362
363 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode);
364 if (unlikely(error))
365 return error;
366
367 error = xfs_link(XFS_I(dir), XFS_I(inode), &name);
368 if (unlikely(error))
369 return error;
370
371 ihold(inode);
372 d_instantiate(dentry, inode);
373 return 0;
374}
375
376STATIC int
377xfs_vn_unlink(
378 struct inode *dir,
379 struct dentry *dentry)
380{
381 struct xfs_name name;
382 int error;
383
384 xfs_dentry_to_name(&name, dentry);
385
386 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry)));
387 if (error)
388 return error;
389
390 /*
391 * With unlink, the VFS makes the dentry "negative": no inode,
392 * but still hashed. This is incompatible with case-insensitive
393 * mode, so invalidate (unhash) the dentry in CI-mode.
394 */
395 if (xfs_has_asciici(XFS_M(dir->i_sb)))
396 d_invalidate(dentry);
397 return 0;
398}
399
400STATIC int
401xfs_vn_symlink(
402 struct mnt_idmap *idmap,
403 struct inode *dir,
404 struct dentry *dentry,
405 const char *symname)
406{
407 struct inode *inode;
408 struct xfs_inode *cip = NULL;
409 struct xfs_name name;
410 int error;
411 umode_t mode;
412
413 mode = S_IFLNK |
414 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO);
415 error = xfs_dentry_mode_to_name(&name, dentry, mode);
416 if (unlikely(error))
417 goto out;
418
419 error = xfs_symlink(idmap, XFS_I(dir), &name, symname, mode, &cip);
420 if (unlikely(error))
421 goto out;
422
423 inode = VFS_I(cip);
424
425 error = xfs_inode_init_security(inode, dir, &dentry->d_name);
426 if (unlikely(error))
427 goto out_cleanup_inode;
428
429 xfs_setup_iops(cip);
430
431 d_instantiate(dentry, inode);
432 xfs_finish_inode_setup(cip);
433 return 0;
434
435 out_cleanup_inode:
436 xfs_finish_inode_setup(cip);
437 xfs_cleanup_inode(dir, inode, dentry);
438 xfs_irele(cip);
439 out:
440 return error;
441}
442
443STATIC int
444xfs_vn_rename(
445 struct mnt_idmap *idmap,
446 struct inode *odir,
447 struct dentry *odentry,
448 struct inode *ndir,
449 struct dentry *ndentry,
450 unsigned int flags)
451{
452 struct inode *new_inode = d_inode(ndentry);
453 int omode = 0;
454 int error;
455 struct xfs_name oname;
456 struct xfs_name nname;
457
458 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
459 return -EINVAL;
460
461 /* if we are exchanging files, we need to set i_mode of both files */
462 if (flags & RENAME_EXCHANGE)
463 omode = d_inode(ndentry)->i_mode;
464
465 error = xfs_dentry_mode_to_name(&oname, odentry, omode);
466 if (omode && unlikely(error))
467 return error;
468
469 error = xfs_dentry_mode_to_name(&nname, ndentry,
470 d_inode(odentry)->i_mode);
471 if (unlikely(error))
472 return error;
473
474 return xfs_rename(idmap, XFS_I(odir), &oname,
475 XFS_I(d_inode(odentry)), XFS_I(ndir), &nname,
476 new_inode ? XFS_I(new_inode) : NULL, flags);
477}
478
479/*
480 * careful here - this function can get called recursively, so
481 * we need to be very careful about how much stack we use.
482 * uio is kmalloced for this reason...
483 */
484STATIC const char *
485xfs_vn_get_link(
486 struct dentry *dentry,
487 struct inode *inode,
488 struct delayed_call *done)
489{
490 char *link;
491 int error = -ENOMEM;
492
493 if (!dentry)
494 return ERR_PTR(-ECHILD);
495
496 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL);
497 if (!link)
498 goto out_err;
499
500 error = xfs_readlink(XFS_I(d_inode(dentry)), link);
501 if (unlikely(error))
502 goto out_kfree;
503
504 set_delayed_call(done, kfree_link, link);
505 return link;
506
507 out_kfree:
508 kfree(link);
509 out_err:
510 return ERR_PTR(error);
511}
512
513static uint32_t
514xfs_stat_blksize(
515 struct xfs_inode *ip)
516{
517 struct xfs_mount *mp = ip->i_mount;
518
519 /*
520 * If the file blocks are being allocated from a realtime volume, then
521 * always return the realtime extent size.
522 */
523 if (XFS_IS_REALTIME_INODE(ip))
524 return XFS_FSB_TO_B(mp, xfs_get_extsz_hint(ip));
525
526 /*
527 * Allow large block sizes to be reported to userspace programs if the
528 * "largeio" mount option is used.
529 *
530 * If compatibility mode is specified, simply return the basic unit of
531 * caching so that we don't get inefficient read/modify/write I/O from
532 * user apps. Otherwise....
533 *
534 * If the underlying volume is a stripe, then return the stripe width in
535 * bytes as the recommended I/O size. It is not a stripe and we've set a
536 * default buffered I/O size, return that, otherwise return the compat
537 * default.
538 */
539 if (xfs_has_large_iosize(mp)) {
540 if (mp->m_swidth)
541 return XFS_FSB_TO_B(mp, mp->m_swidth);
542 if (xfs_has_allocsize(mp))
543 return 1U << mp->m_allocsize_log;
544 }
545
546 return PAGE_SIZE;
547}
548
549STATIC int
550xfs_vn_getattr(
551 struct mnt_idmap *idmap,
552 const struct path *path,
553 struct kstat *stat,
554 u32 request_mask,
555 unsigned int query_flags)
556{
557 struct inode *inode = d_inode(path->dentry);
558 struct xfs_inode *ip = XFS_I(inode);
559 struct xfs_mount *mp = ip->i_mount;
560 vfsuid_t vfsuid = i_uid_into_vfsuid(idmap, inode);
561 vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode);
562
563 trace_xfs_getattr(ip);
564
565 if (xfs_is_shutdown(mp))
566 return -EIO;
567
568 stat->size = XFS_ISIZE(ip);
569 stat->dev = inode->i_sb->s_dev;
570 stat->mode = inode->i_mode;
571 stat->nlink = inode->i_nlink;
572 stat->uid = vfsuid_into_kuid(vfsuid);
573 stat->gid = vfsgid_into_kgid(vfsgid);
574 stat->ino = ip->i_ino;
575 stat->atime = inode_get_atime(inode);
576 stat->mtime = inode_get_mtime(inode);
577 stat->ctime = inode_get_ctime(inode);
578 stat->blocks = XFS_FSB_TO_BB(mp, ip->i_nblocks + ip->i_delayed_blks);
579
580 if (xfs_has_v3inodes(mp)) {
581 if (request_mask & STATX_BTIME) {
582 stat->result_mask |= STATX_BTIME;
583 stat->btime = ip->i_crtime;
584 }
585 }
586
587 if ((request_mask & STATX_CHANGE_COOKIE) && IS_I_VERSION(inode)) {
588 stat->change_cookie = inode_query_iversion(inode);
589 stat->result_mask |= STATX_CHANGE_COOKIE;
590 }
591
592 /*
593 * Note: If you add another clause to set an attribute flag, please
594 * update attributes_mask below.
595 */
596 if (ip->i_diflags & XFS_DIFLAG_IMMUTABLE)
597 stat->attributes |= STATX_ATTR_IMMUTABLE;
598 if (ip->i_diflags & XFS_DIFLAG_APPEND)
599 stat->attributes |= STATX_ATTR_APPEND;
600 if (ip->i_diflags & XFS_DIFLAG_NODUMP)
601 stat->attributes |= STATX_ATTR_NODUMP;
602
603 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE |
604 STATX_ATTR_APPEND |
605 STATX_ATTR_NODUMP);
606
607 switch (inode->i_mode & S_IFMT) {
608 case S_IFBLK:
609 case S_IFCHR:
610 stat->blksize = BLKDEV_IOSIZE;
611 stat->rdev = inode->i_rdev;
612 break;
613 case S_IFREG:
614 if (request_mask & STATX_DIOALIGN) {
615 struct xfs_buftarg *target = xfs_inode_buftarg(ip);
616 struct block_device *bdev = target->bt_bdev;
617
618 stat->result_mask |= STATX_DIOALIGN;
619 stat->dio_mem_align = bdev_dma_alignment(bdev) + 1;
620 stat->dio_offset_align = bdev_logical_block_size(bdev);
621 }
622 fallthrough;
623 default:
624 stat->blksize = xfs_stat_blksize(ip);
625 stat->rdev = 0;
626 break;
627 }
628
629 return 0;
630}
631
632static int
633xfs_vn_change_ok(
634 struct mnt_idmap *idmap,
635 struct dentry *dentry,
636 struct iattr *iattr)
637{
638 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount;
639
640 if (xfs_is_readonly(mp))
641 return -EROFS;
642
643 if (xfs_is_shutdown(mp))
644 return -EIO;
645
646 return setattr_prepare(idmap, dentry, iattr);
647}
648
649/*
650 * Set non-size attributes of an inode.
651 *
652 * Caution: The caller of this function is responsible for calling
653 * setattr_prepare() or otherwise verifying the change is fine.
654 */
655static int
656xfs_setattr_nonsize(
657 struct mnt_idmap *idmap,
658 struct dentry *dentry,
659 struct xfs_inode *ip,
660 struct iattr *iattr)
661{
662 xfs_mount_t *mp = ip->i_mount;
663 struct inode *inode = VFS_I(ip);
664 int mask = iattr->ia_valid;
665 xfs_trans_t *tp;
666 int error;
667 kuid_t uid = GLOBAL_ROOT_UID;
668 kgid_t gid = GLOBAL_ROOT_GID;
669 struct xfs_dquot *udqp = NULL, *gdqp = NULL;
670 struct xfs_dquot *old_udqp = NULL, *old_gdqp = NULL;
671
672 ASSERT((mask & ATTR_SIZE) == 0);
673
674 /*
675 * If disk quotas is on, we make sure that the dquots do exist on disk,
676 * before we start any other transactions. Trying to do this later
677 * is messy. We don't care to take a readlock to look at the ids
678 * in inode here, because we can't hold it across the trans_reserve.
679 * If the IDs do change before we take the ilock, we're covered
680 * because the i_*dquot fields will get updated anyway.
681 */
682 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) {
683 uint qflags = 0;
684
685 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) {
686 uid = from_vfsuid(idmap, i_user_ns(inode),
687 iattr->ia_vfsuid);
688 qflags |= XFS_QMOPT_UQUOTA;
689 } else {
690 uid = inode->i_uid;
691 }
692 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) {
693 gid = from_vfsgid(idmap, i_user_ns(inode),
694 iattr->ia_vfsgid);
695 qflags |= XFS_QMOPT_GQUOTA;
696 } else {
697 gid = inode->i_gid;
698 }
699
700 /*
701 * We take a reference when we initialize udqp and gdqp,
702 * so it is important that we never blindly double trip on
703 * the same variable. See xfs_create() for an example.
704 */
705 ASSERT(udqp == NULL);
706 ASSERT(gdqp == NULL);
707 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_projid,
708 qflags, &udqp, &gdqp, NULL);
709 if (error)
710 return error;
711 }
712
713 error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL,
714 has_capability_noaudit(current, CAP_FOWNER), &tp);
715 if (error)
716 goto out_dqrele;
717
718 /*
719 * Register quota modifications in the transaction. Must be the owner
720 * or privileged. These IDs could have changed since we last looked at
721 * them. But, we're assured that if the ownership did change while we
722 * didn't have the inode locked, inode's dquot(s) would have changed
723 * also.
724 */
725 if (XFS_IS_UQUOTA_ON(mp) &&
726 i_uid_needs_update(idmap, iattr, inode)) {
727 ASSERT(udqp);
728 old_udqp = xfs_qm_vop_chown(tp, ip, &ip->i_udquot, udqp);
729 }
730 if (XFS_IS_GQUOTA_ON(mp) &&
731 i_gid_needs_update(idmap, iattr, inode)) {
732 ASSERT(xfs_has_pquotino(mp) || !XFS_IS_PQUOTA_ON(mp));
733 ASSERT(gdqp);
734 old_gdqp = xfs_qm_vop_chown(tp, ip, &ip->i_gdquot, gdqp);
735 }
736
737 setattr_copy(idmap, inode, iattr);
738 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
739
740 XFS_STATS_INC(mp, xs_ig_attrchg);
741
742 if (xfs_has_wsync(mp))
743 xfs_trans_set_sync(tp);
744 error = xfs_trans_commit(tp);
745
746 /*
747 * Release any dquot(s) the inode had kept before chown.
748 */
749 xfs_qm_dqrele(old_udqp);
750 xfs_qm_dqrele(old_gdqp);
751 xfs_qm_dqrele(udqp);
752 xfs_qm_dqrele(gdqp);
753
754 if (error)
755 return error;
756
757 /*
758 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode
759 * update. We could avoid this with linked transactions
760 * and passing down the transaction pointer all the way
761 * to attr_set. No previous user of the generic
762 * Posix ACL code seems to care about this issue either.
763 */
764 if (mask & ATTR_MODE) {
765 error = posix_acl_chmod(idmap, dentry, inode->i_mode);
766 if (error)
767 return error;
768 }
769
770 return 0;
771
772out_dqrele:
773 xfs_qm_dqrele(udqp);
774 xfs_qm_dqrele(gdqp);
775 return error;
776}
777
778/*
779 * Truncate file. Must have write permission and not be a directory.
780 *
781 * Caution: The caller of this function is responsible for calling
782 * setattr_prepare() or otherwise verifying the change is fine.
783 */
784STATIC int
785xfs_setattr_size(
786 struct mnt_idmap *idmap,
787 struct dentry *dentry,
788 struct xfs_inode *ip,
789 struct iattr *iattr)
790{
791 struct xfs_mount *mp = ip->i_mount;
792 struct inode *inode = VFS_I(ip);
793 xfs_off_t oldsize, newsize;
794 struct xfs_trans *tp;
795 int error;
796 uint lock_flags = 0;
797 bool did_zeroing = false;
798
799 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL));
800 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL));
801 ASSERT(S_ISREG(inode->i_mode));
802 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET|
803 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0);
804
805 oldsize = inode->i_size;
806 newsize = iattr->ia_size;
807
808 /*
809 * Short circuit the truncate case for zero length files.
810 */
811 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) {
812 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME)))
813 return 0;
814
815 /*
816 * Use the regular setattr path to update the timestamps.
817 */
818 iattr->ia_valid &= ~ATTR_SIZE;
819 return xfs_setattr_nonsize(idmap, dentry, ip, iattr);
820 }
821
822 /*
823 * Make sure that the dquots are attached to the inode.
824 */
825 error = xfs_qm_dqattach(ip);
826 if (error)
827 return error;
828
829 /*
830 * Wait for all direct I/O to complete.
831 */
832 inode_dio_wait(inode);
833
834 /*
835 * File data changes must be complete before we start the transaction to
836 * modify the inode. This needs to be done before joining the inode to
837 * the transaction because the inode cannot be unlocked once it is a
838 * part of the transaction.
839 *
840 * Start with zeroing any data beyond EOF that we may expose on file
841 * extension, or zeroing out the rest of the block on a downward
842 * truncate.
843 */
844 if (newsize > oldsize) {
845 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize);
846 error = xfs_zero_range(ip, oldsize, newsize - oldsize,
847 &did_zeroing);
848 } else {
849 /*
850 * iomap won't detect a dirty page over an unwritten block (or a
851 * cow block over a hole) and subsequently skips zeroing the
852 * newly post-EOF portion of the page. Flush the new EOF to
853 * convert the block before the pagecache truncate.
854 */
855 error = filemap_write_and_wait_range(inode->i_mapping, newsize,
856 newsize);
857 if (error)
858 return error;
859 error = xfs_truncate_page(ip, newsize, &did_zeroing);
860 }
861
862 if (error)
863 return error;
864
865 /*
866 * We've already locked out new page faults, so now we can safely remove
867 * pages from the page cache knowing they won't get refaulted until we
868 * drop the XFS_MMAP_EXCL lock after the extent manipulations are
869 * complete. The truncate_setsize() call also cleans partial EOF page
870 * PTEs on extending truncates and hence ensures sub-page block size
871 * filesystems are correctly handled, too.
872 *
873 * We have to do all the page cache truncate work outside the
874 * transaction context as the "lock" order is page lock->log space
875 * reservation as defined by extent allocation in the writeback path.
876 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but
877 * having already truncated the in-memory version of the file (i.e. made
878 * user visible changes). There's not much we can do about this, except
879 * to hope that the caller sees ENOMEM and retries the truncate
880 * operation.
881 *
882 * And we update in-core i_size and truncate page cache beyond newsize
883 * before writeback the [i_disk_size, newsize] range, so we're
884 * guaranteed not to write stale data past the new EOF on truncate down.
885 */
886 truncate_setsize(inode, newsize);
887
888 /*
889 * We are going to log the inode size change in this transaction so
890 * any previous writes that are beyond the on disk EOF and the new
891 * EOF that have not been written out need to be written here. If we
892 * do not write the data out, we expose ourselves to the null files
893 * problem. Note that this includes any block zeroing we did above;
894 * otherwise those blocks may not be zeroed after a crash.
895 */
896 if (did_zeroing ||
897 (newsize > ip->i_disk_size && oldsize != ip->i_disk_size)) {
898 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping,
899 ip->i_disk_size, newsize - 1);
900 if (error)
901 return error;
902 }
903
904 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp);
905 if (error)
906 return error;
907
908 lock_flags |= XFS_ILOCK_EXCL;
909 xfs_ilock(ip, XFS_ILOCK_EXCL);
910 xfs_trans_ijoin(tp, ip, 0);
911
912 /*
913 * Only change the c/mtime if we are changing the size or we are
914 * explicitly asked to change it. This handles the semantic difference
915 * between truncate() and ftruncate() as implemented in the VFS.
916 *
917 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a
918 * special case where we need to update the times despite not having
919 * these flags set. For all other operations the VFS set these flags
920 * explicitly if it wants a timestamp update.
921 */
922 if (newsize != oldsize &&
923 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) {
924 iattr->ia_ctime = iattr->ia_mtime =
925 current_time(inode);
926 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME;
927 }
928
929 /*
930 * The first thing we do is set the size to new_size permanently on
931 * disk. This way we don't have to worry about anyone ever being able
932 * to look at the data being freed even in the face of a crash.
933 * What we're getting around here is the case where we free a block, it
934 * is allocated to another file, it is written to, and then we crash.
935 * If the new data gets written to the file but the log buffers
936 * containing the free and reallocation don't, then we'd end up with
937 * garbage in the blocks being freed. As long as we make the new size
938 * permanent before actually freeing any blocks it doesn't matter if
939 * they get written to.
940 */
941 ip->i_disk_size = newsize;
942 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
943
944 if (newsize <= oldsize) {
945 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize);
946 if (error)
947 goto out_trans_cancel;
948
949 /*
950 * Truncated "down", so we're removing references to old data
951 * here - if we delay flushing for a long time, we expose
952 * ourselves unduly to the notorious NULL files problem. So,
953 * we mark this inode and flush it when the file is closed,
954 * and do not wait the usual (long) time for writeout.
955 */
956 xfs_iflags_set(ip, XFS_ITRUNCATED);
957
958 /* A truncate down always removes post-EOF blocks. */
959 xfs_inode_clear_eofblocks_tag(ip);
960 }
961
962 ASSERT(!(iattr->ia_valid & (ATTR_UID | ATTR_GID)));
963 setattr_copy(idmap, inode, iattr);
964 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
965
966 XFS_STATS_INC(mp, xs_ig_attrchg);
967
968 if (xfs_has_wsync(mp))
969 xfs_trans_set_sync(tp);
970
971 error = xfs_trans_commit(tp);
972out_unlock:
973 if (lock_flags)
974 xfs_iunlock(ip, lock_flags);
975 return error;
976
977out_trans_cancel:
978 xfs_trans_cancel(tp);
979 goto out_unlock;
980}
981
982int
983xfs_vn_setattr_size(
984 struct mnt_idmap *idmap,
985 struct dentry *dentry,
986 struct iattr *iattr)
987{
988 struct xfs_inode *ip = XFS_I(d_inode(dentry));
989 int error;
990
991 trace_xfs_setattr(ip);
992
993 error = xfs_vn_change_ok(idmap, dentry, iattr);
994 if (error)
995 return error;
996 return xfs_setattr_size(idmap, dentry, ip, iattr);
997}
998
999STATIC int
1000xfs_vn_setattr(
1001 struct mnt_idmap *idmap,
1002 struct dentry *dentry,
1003 struct iattr *iattr)
1004{
1005 struct inode *inode = d_inode(dentry);
1006 struct xfs_inode *ip = XFS_I(inode);
1007 int error;
1008
1009 if (iattr->ia_valid & ATTR_SIZE) {
1010 uint iolock;
1011
1012 xfs_ilock(ip, XFS_MMAPLOCK_EXCL);
1013 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL;
1014
1015 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP);
1016 if (error) {
1017 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1018 return error;
1019 }
1020
1021 error = xfs_vn_setattr_size(idmap, dentry, iattr);
1022 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1023 } else {
1024 trace_xfs_setattr(ip);
1025
1026 error = xfs_vn_change_ok(idmap, dentry, iattr);
1027 if (!error)
1028 error = xfs_setattr_nonsize(idmap, dentry, ip, iattr);
1029 }
1030
1031 return error;
1032}
1033
1034STATIC int
1035xfs_vn_update_time(
1036 struct inode *inode,
1037 int flags)
1038{
1039 struct xfs_inode *ip = XFS_I(inode);
1040 struct xfs_mount *mp = ip->i_mount;
1041 int log_flags = XFS_ILOG_TIMESTAMP;
1042 struct xfs_trans *tp;
1043 int error;
1044 struct timespec64 now;
1045
1046 trace_xfs_update_time(ip);
1047
1048 if (inode->i_sb->s_flags & SB_LAZYTIME) {
1049 if (!((flags & S_VERSION) &&
1050 inode_maybe_inc_iversion(inode, false))) {
1051 generic_update_time(inode, flags);
1052 return 0;
1053 }
1054
1055 /* Capture the iversion update that just occurred */
1056 log_flags |= XFS_ILOG_CORE;
1057 }
1058
1059 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp);
1060 if (error)
1061 return error;
1062
1063 xfs_ilock(ip, XFS_ILOCK_EXCL);
1064 if (flags & (S_CTIME|S_MTIME))
1065 now = inode_set_ctime_current(inode);
1066 else
1067 now = current_time(inode);
1068
1069 if (flags & S_MTIME)
1070 inode_set_mtime_to_ts(inode, now);
1071 if (flags & S_ATIME)
1072 inode_set_atime_to_ts(inode, now);
1073
1074 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
1075 xfs_trans_log_inode(tp, ip, log_flags);
1076 return xfs_trans_commit(tp);
1077}
1078
1079STATIC int
1080xfs_vn_fiemap(
1081 struct inode *inode,
1082 struct fiemap_extent_info *fieinfo,
1083 u64 start,
1084 u64 length)
1085{
1086 int error;
1087
1088 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED);
1089 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) {
1090 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR;
1091 error = iomap_fiemap(inode, fieinfo, start, length,
1092 &xfs_xattr_iomap_ops);
1093 } else {
1094 error = iomap_fiemap(inode, fieinfo, start, length,
1095 &xfs_read_iomap_ops);
1096 }
1097 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED);
1098
1099 return error;
1100}
1101
1102STATIC int
1103xfs_vn_tmpfile(
1104 struct mnt_idmap *idmap,
1105 struct inode *dir,
1106 struct file *file,
1107 umode_t mode)
1108{
1109 int err = xfs_generic_create(idmap, dir, file->f_path.dentry, mode, 0, file);
1110
1111 return finish_open_simple(file, err);
1112}
1113
1114static const struct inode_operations xfs_inode_operations = {
1115 .get_inode_acl = xfs_get_acl,
1116 .set_acl = xfs_set_acl,
1117 .getattr = xfs_vn_getattr,
1118 .setattr = xfs_vn_setattr,
1119 .listxattr = xfs_vn_listxattr,
1120 .fiemap = xfs_vn_fiemap,
1121 .update_time = xfs_vn_update_time,
1122 .fileattr_get = xfs_fileattr_get,
1123 .fileattr_set = xfs_fileattr_set,
1124};
1125
1126static const struct inode_operations xfs_dir_inode_operations = {
1127 .create = xfs_vn_create,
1128 .lookup = xfs_vn_lookup,
1129 .link = xfs_vn_link,
1130 .unlink = xfs_vn_unlink,
1131 .symlink = xfs_vn_symlink,
1132 .mkdir = xfs_vn_mkdir,
1133 /*
1134 * Yes, XFS uses the same method for rmdir and unlink.
1135 *
1136 * There are some subtile differences deeper in the code,
1137 * but we use S_ISDIR to check for those.
1138 */
1139 .rmdir = xfs_vn_unlink,
1140 .mknod = xfs_vn_mknod,
1141 .rename = xfs_vn_rename,
1142 .get_inode_acl = xfs_get_acl,
1143 .set_acl = xfs_set_acl,
1144 .getattr = xfs_vn_getattr,
1145 .setattr = xfs_vn_setattr,
1146 .listxattr = xfs_vn_listxattr,
1147 .update_time = xfs_vn_update_time,
1148 .tmpfile = xfs_vn_tmpfile,
1149 .fileattr_get = xfs_fileattr_get,
1150 .fileattr_set = xfs_fileattr_set,
1151};
1152
1153static const struct inode_operations xfs_dir_ci_inode_operations = {
1154 .create = xfs_vn_create,
1155 .lookup = xfs_vn_ci_lookup,
1156 .link = xfs_vn_link,
1157 .unlink = xfs_vn_unlink,
1158 .symlink = xfs_vn_symlink,
1159 .mkdir = xfs_vn_mkdir,
1160 /*
1161 * Yes, XFS uses the same method for rmdir and unlink.
1162 *
1163 * There are some subtile differences deeper in the code,
1164 * but we use S_ISDIR to check for those.
1165 */
1166 .rmdir = xfs_vn_unlink,
1167 .mknod = xfs_vn_mknod,
1168 .rename = xfs_vn_rename,
1169 .get_inode_acl = xfs_get_acl,
1170 .set_acl = xfs_set_acl,
1171 .getattr = xfs_vn_getattr,
1172 .setattr = xfs_vn_setattr,
1173 .listxattr = xfs_vn_listxattr,
1174 .update_time = xfs_vn_update_time,
1175 .tmpfile = xfs_vn_tmpfile,
1176 .fileattr_get = xfs_fileattr_get,
1177 .fileattr_set = xfs_fileattr_set,
1178};
1179
1180static const struct inode_operations xfs_symlink_inode_operations = {
1181 .get_link = xfs_vn_get_link,
1182 .getattr = xfs_vn_getattr,
1183 .setattr = xfs_vn_setattr,
1184 .listxattr = xfs_vn_listxattr,
1185 .update_time = xfs_vn_update_time,
1186};
1187
1188/* Figure out if this file actually supports DAX. */
1189static bool
1190xfs_inode_supports_dax(
1191 struct xfs_inode *ip)
1192{
1193 struct xfs_mount *mp = ip->i_mount;
1194
1195 /* Only supported on regular files. */
1196 if (!S_ISREG(VFS_I(ip)->i_mode))
1197 return false;
1198
1199 /* Block size must match page size */
1200 if (mp->m_sb.sb_blocksize != PAGE_SIZE)
1201 return false;
1202
1203 /* Device has to support DAX too. */
1204 return xfs_inode_buftarg(ip)->bt_daxdev != NULL;
1205}
1206
1207static bool
1208xfs_inode_should_enable_dax(
1209 struct xfs_inode *ip)
1210{
1211 if (!IS_ENABLED(CONFIG_FS_DAX))
1212 return false;
1213 if (xfs_has_dax_never(ip->i_mount))
1214 return false;
1215 if (!xfs_inode_supports_dax(ip))
1216 return false;
1217 if (xfs_has_dax_always(ip->i_mount))
1218 return true;
1219 if (ip->i_diflags2 & XFS_DIFLAG2_DAX)
1220 return true;
1221 return false;
1222}
1223
1224void
1225xfs_diflags_to_iflags(
1226 struct xfs_inode *ip,
1227 bool init)
1228{
1229 struct inode *inode = VFS_I(ip);
1230 unsigned int xflags = xfs_ip2xflags(ip);
1231 unsigned int flags = 0;
1232
1233 ASSERT(!(IS_DAX(inode) && init));
1234
1235 if (xflags & FS_XFLAG_IMMUTABLE)
1236 flags |= S_IMMUTABLE;
1237 if (xflags & FS_XFLAG_APPEND)
1238 flags |= S_APPEND;
1239 if (xflags & FS_XFLAG_SYNC)
1240 flags |= S_SYNC;
1241 if (xflags & FS_XFLAG_NOATIME)
1242 flags |= S_NOATIME;
1243 if (init && xfs_inode_should_enable_dax(ip))
1244 flags |= S_DAX;
1245
1246 /*
1247 * S_DAX can only be set during inode initialization and is never set by
1248 * the VFS, so we cannot mask off S_DAX in i_flags.
1249 */
1250 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME);
1251 inode->i_flags |= flags;
1252}
1253
1254/*
1255 * Initialize the Linux inode.
1256 *
1257 * When reading existing inodes from disk this is called directly from xfs_iget,
1258 * when creating a new inode it is called from xfs_init_new_inode after setting
1259 * up the inode. These callers have different criteria for clearing XFS_INEW, so
1260 * leave it up to the caller to deal with unlocking the inode appropriately.
1261 */
1262void
1263xfs_setup_inode(
1264 struct xfs_inode *ip)
1265{
1266 struct inode *inode = &ip->i_vnode;
1267 gfp_t gfp_mask;
1268
1269 inode->i_ino = ip->i_ino;
1270 inode->i_state |= I_NEW;
1271
1272 inode_sb_list_add(inode);
1273 /* make the inode look hashed for the writeback code */
1274 inode_fake_hash(inode);
1275
1276 i_size_write(inode, ip->i_disk_size);
1277 xfs_diflags_to_iflags(ip, true);
1278
1279 if (S_ISDIR(inode->i_mode)) {
1280 /*
1281 * We set the i_rwsem class here to avoid potential races with
1282 * lockdep_annotate_inode_mutex_key() reinitialising the lock
1283 * after a filehandle lookup has already found the inode in
1284 * cache before it has been unlocked via unlock_new_inode().
1285 */
1286 lockdep_set_class(&inode->i_rwsem,
1287 &inode->i_sb->s_type->i_mutex_dir_key);
1288 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class);
1289 } else {
1290 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class);
1291 }
1292
1293 /*
1294 * Ensure all page cache allocations are done from GFP_NOFS context to
1295 * prevent direct reclaim recursion back into the filesystem and blowing
1296 * stacks or deadlocking.
1297 */
1298 gfp_mask = mapping_gfp_mask(inode->i_mapping);
1299 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS)));
1300
1301 /*
1302 * For real-time inodes update the stable write flags to that of the RT
1303 * device instead of the data device.
1304 */
1305 if (S_ISREG(inode->i_mode) && XFS_IS_REALTIME_INODE(ip))
1306 xfs_update_stable_writes(ip);
1307
1308 /*
1309 * If there is no attribute fork no ACL can exist on this inode,
1310 * and it can't have any file capabilities attached to it either.
1311 */
1312 if (!xfs_inode_has_attr_fork(ip)) {
1313 inode_has_no_xattr(inode);
1314 cache_no_acl(inode);
1315 }
1316}
1317
1318void
1319xfs_setup_iops(
1320 struct xfs_inode *ip)
1321{
1322 struct inode *inode = &ip->i_vnode;
1323
1324 switch (inode->i_mode & S_IFMT) {
1325 case S_IFREG:
1326 inode->i_op = &xfs_inode_operations;
1327 inode->i_fop = &xfs_file_operations;
1328 if (IS_DAX(inode))
1329 inode->i_mapping->a_ops = &xfs_dax_aops;
1330 else
1331 inode->i_mapping->a_ops = &xfs_address_space_operations;
1332 break;
1333 case S_IFDIR:
1334 if (xfs_has_asciici(XFS_M(inode->i_sb)))
1335 inode->i_op = &xfs_dir_ci_inode_operations;
1336 else
1337 inode->i_op = &xfs_dir_inode_operations;
1338 inode->i_fop = &xfs_dir_file_operations;
1339 break;
1340 case S_IFLNK:
1341 inode->i_op = &xfs_symlink_inode_operations;
1342 break;
1343 default:
1344 inode->i_op = &xfs_inode_operations;
1345 init_special_inode(inode, inode->i_mode, inode->i_rdev);
1346 break;
1347 }
1348}
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6#include "xfs.h"
7#include "xfs_fs.h"
8#include "xfs_shared.h"
9#include "xfs_format.h"
10#include "xfs_log_format.h"
11#include "xfs_trans_resv.h"
12#include "xfs_mount.h"
13#include "xfs_inode.h"
14#include "xfs_acl.h"
15#include "xfs_quota.h"
16#include "xfs_attr.h"
17#include "xfs_trans.h"
18#include "xfs_trace.h"
19#include "xfs_icache.h"
20#include "xfs_symlink.h"
21#include "xfs_dir2.h"
22#include "xfs_iomap.h"
23#include "xfs_error.h"
24
25#include <linux/posix_acl.h>
26#include <linux/security.h>
27#include <linux/iversion.h>
28#include <linux/fiemap.h>
29
30/*
31 * Directories have different lock order w.r.t. mmap_lock compared to regular
32 * files. This is due to readdir potentially triggering page faults on a user
33 * buffer inside filldir(), and this happens with the ilock on the directory
34 * held. For regular files, the lock order is the other way around - the
35 * mmap_lock is taken during the page fault, and then we lock the ilock to do
36 * block mapping. Hence we need a different class for the directory ilock so
37 * that lockdep can tell them apart.
38 */
39static struct lock_class_key xfs_nondir_ilock_class;
40static struct lock_class_key xfs_dir_ilock_class;
41
42static int
43xfs_initxattrs(
44 struct inode *inode,
45 const struct xattr *xattr_array,
46 void *fs_info)
47{
48 const struct xattr *xattr;
49 struct xfs_inode *ip = XFS_I(inode);
50 int error = 0;
51
52 for (xattr = xattr_array; xattr->name != NULL; xattr++) {
53 struct xfs_da_args args = {
54 .dp = ip,
55 .attr_filter = XFS_ATTR_SECURE,
56 .name = xattr->name,
57 .namelen = strlen(xattr->name),
58 .value = xattr->value,
59 .valuelen = xattr->value_len,
60 };
61 error = xfs_attr_set(&args);
62 if (error < 0)
63 break;
64 }
65 return error;
66}
67
68/*
69 * Hook in SELinux. This is not quite correct yet, what we really need
70 * here (as we do for default ACLs) is a mechanism by which creation of
71 * these attrs can be journalled at inode creation time (along with the
72 * inode, of course, such that log replay can't cause these to be lost).
73 */
74
75STATIC int
76xfs_init_security(
77 struct inode *inode,
78 struct inode *dir,
79 const struct qstr *qstr)
80{
81 return security_inode_init_security(inode, dir, qstr,
82 &xfs_initxattrs, NULL);
83}
84
85static void
86xfs_dentry_to_name(
87 struct xfs_name *namep,
88 struct dentry *dentry)
89{
90 namep->name = dentry->d_name.name;
91 namep->len = dentry->d_name.len;
92 namep->type = XFS_DIR3_FT_UNKNOWN;
93}
94
95static int
96xfs_dentry_mode_to_name(
97 struct xfs_name *namep,
98 struct dentry *dentry,
99 int mode)
100{
101 namep->name = dentry->d_name.name;
102 namep->len = dentry->d_name.len;
103 namep->type = xfs_mode_to_ftype(mode);
104
105 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN))
106 return -EFSCORRUPTED;
107
108 return 0;
109}
110
111STATIC void
112xfs_cleanup_inode(
113 struct inode *dir,
114 struct inode *inode,
115 struct dentry *dentry)
116{
117 struct xfs_name teardown;
118
119 /* Oh, the horror.
120 * If we can't add the ACL or we fail in
121 * xfs_init_security we must back out.
122 * ENOSPC can hit here, among other things.
123 */
124 xfs_dentry_to_name(&teardown, dentry);
125
126 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode));
127}
128
129STATIC int
130xfs_generic_create(
131 struct inode *dir,
132 struct dentry *dentry,
133 umode_t mode,
134 dev_t rdev,
135 bool tmpfile) /* unnamed file */
136{
137 struct inode *inode;
138 struct xfs_inode *ip = NULL;
139 struct posix_acl *default_acl, *acl;
140 struct xfs_name name;
141 int error;
142
143 /*
144 * Irix uses Missed'em'V split, but doesn't want to see
145 * the upper 5 bits of (14bit) major.
146 */
147 if (S_ISCHR(mode) || S_ISBLK(mode)) {
148 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff))
149 return -EINVAL;
150 } else {
151 rdev = 0;
152 }
153
154 error = posix_acl_create(dir, &mode, &default_acl, &acl);
155 if (error)
156 return error;
157
158 /* Verify mode is valid also for tmpfile case */
159 error = xfs_dentry_mode_to_name(&name, dentry, mode);
160 if (unlikely(error))
161 goto out_free_acl;
162
163 if (!tmpfile) {
164 error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip);
165 } else {
166 error = xfs_create_tmpfile(XFS_I(dir), mode, &ip);
167 }
168 if (unlikely(error))
169 goto out_free_acl;
170
171 inode = VFS_I(ip);
172
173 error = xfs_init_security(inode, dir, &dentry->d_name);
174 if (unlikely(error))
175 goto out_cleanup_inode;
176
177#ifdef CONFIG_XFS_POSIX_ACL
178 if (default_acl) {
179 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
180 if (error)
181 goto out_cleanup_inode;
182 }
183 if (acl) {
184 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
185 if (error)
186 goto out_cleanup_inode;
187 }
188#endif
189
190 xfs_setup_iops(ip);
191
192 if (tmpfile) {
193 /*
194 * The VFS requires that any inode fed to d_tmpfile must have
195 * nlink == 1 so that it can decrement the nlink in d_tmpfile.
196 * However, we created the temp file with nlink == 0 because
197 * we're not allowed to put an inode with nlink > 0 on the
198 * unlinked list. Therefore we have to set nlink to 1 so that
199 * d_tmpfile can immediately set it back to zero.
200 */
201 set_nlink(inode, 1);
202 d_tmpfile(dentry, inode);
203 } else
204 d_instantiate(dentry, inode);
205
206 xfs_finish_inode_setup(ip);
207
208 out_free_acl:
209 if (default_acl)
210 posix_acl_release(default_acl);
211 if (acl)
212 posix_acl_release(acl);
213 return error;
214
215 out_cleanup_inode:
216 xfs_finish_inode_setup(ip);
217 if (!tmpfile)
218 xfs_cleanup_inode(dir, inode, dentry);
219 xfs_irele(ip);
220 goto out_free_acl;
221}
222
223STATIC int
224xfs_vn_mknod(
225 struct inode *dir,
226 struct dentry *dentry,
227 umode_t mode,
228 dev_t rdev)
229{
230 return xfs_generic_create(dir, dentry, mode, rdev, false);
231}
232
233STATIC int
234xfs_vn_create(
235 struct inode *dir,
236 struct dentry *dentry,
237 umode_t mode,
238 bool flags)
239{
240 return xfs_vn_mknod(dir, dentry, mode, 0);
241}
242
243STATIC int
244xfs_vn_mkdir(
245 struct inode *dir,
246 struct dentry *dentry,
247 umode_t mode)
248{
249 return xfs_vn_mknod(dir, dentry, mode|S_IFDIR, 0);
250}
251
252STATIC struct dentry *
253xfs_vn_lookup(
254 struct inode *dir,
255 struct dentry *dentry,
256 unsigned int flags)
257{
258 struct inode *inode;
259 struct xfs_inode *cip;
260 struct xfs_name name;
261 int error;
262
263 if (dentry->d_name.len >= MAXNAMELEN)
264 return ERR_PTR(-ENAMETOOLONG);
265
266 xfs_dentry_to_name(&name, dentry);
267 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL);
268 if (likely(!error))
269 inode = VFS_I(cip);
270 else if (likely(error == -ENOENT))
271 inode = NULL;
272 else
273 inode = ERR_PTR(error);
274 return d_splice_alias(inode, dentry);
275}
276
277STATIC struct dentry *
278xfs_vn_ci_lookup(
279 struct inode *dir,
280 struct dentry *dentry,
281 unsigned int flags)
282{
283 struct xfs_inode *ip;
284 struct xfs_name xname;
285 struct xfs_name ci_name;
286 struct qstr dname;
287 int error;
288
289 if (dentry->d_name.len >= MAXNAMELEN)
290 return ERR_PTR(-ENAMETOOLONG);
291
292 xfs_dentry_to_name(&xname, dentry);
293 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name);
294 if (unlikely(error)) {
295 if (unlikely(error != -ENOENT))
296 return ERR_PTR(error);
297 /*
298 * call d_add(dentry, NULL) here when d_drop_negative_children
299 * is called in xfs_vn_mknod (ie. allow negative dentries
300 * with CI filesystems).
301 */
302 return NULL;
303 }
304
305 /* if exact match, just splice and exit */
306 if (!ci_name.name)
307 return d_splice_alias(VFS_I(ip), dentry);
308
309 /* else case-insensitive match... */
310 dname.name = ci_name.name;
311 dname.len = ci_name.len;
312 dentry = d_add_ci(dentry, VFS_I(ip), &dname);
313 kmem_free(ci_name.name);
314 return dentry;
315}
316
317STATIC int
318xfs_vn_link(
319 struct dentry *old_dentry,
320 struct inode *dir,
321 struct dentry *dentry)
322{
323 struct inode *inode = d_inode(old_dentry);
324 struct xfs_name name;
325 int error;
326
327 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode);
328 if (unlikely(error))
329 return error;
330
331 error = xfs_link(XFS_I(dir), XFS_I(inode), &name);
332 if (unlikely(error))
333 return error;
334
335 ihold(inode);
336 d_instantiate(dentry, inode);
337 return 0;
338}
339
340STATIC int
341xfs_vn_unlink(
342 struct inode *dir,
343 struct dentry *dentry)
344{
345 struct xfs_name name;
346 int error;
347
348 xfs_dentry_to_name(&name, dentry);
349
350 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry)));
351 if (error)
352 return error;
353
354 /*
355 * With unlink, the VFS makes the dentry "negative": no inode,
356 * but still hashed. This is incompatible with case-insensitive
357 * mode, so invalidate (unhash) the dentry in CI-mode.
358 */
359 if (xfs_sb_version_hasasciici(&XFS_M(dir->i_sb)->m_sb))
360 d_invalidate(dentry);
361 return 0;
362}
363
364STATIC int
365xfs_vn_symlink(
366 struct inode *dir,
367 struct dentry *dentry,
368 const char *symname)
369{
370 struct inode *inode;
371 struct xfs_inode *cip = NULL;
372 struct xfs_name name;
373 int error;
374 umode_t mode;
375
376 mode = S_IFLNK |
377 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO);
378 error = xfs_dentry_mode_to_name(&name, dentry, mode);
379 if (unlikely(error))
380 goto out;
381
382 error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip);
383 if (unlikely(error))
384 goto out;
385
386 inode = VFS_I(cip);
387
388 error = xfs_init_security(inode, dir, &dentry->d_name);
389 if (unlikely(error))
390 goto out_cleanup_inode;
391
392 xfs_setup_iops(cip);
393
394 d_instantiate(dentry, inode);
395 xfs_finish_inode_setup(cip);
396 return 0;
397
398 out_cleanup_inode:
399 xfs_finish_inode_setup(cip);
400 xfs_cleanup_inode(dir, inode, dentry);
401 xfs_irele(cip);
402 out:
403 return error;
404}
405
406STATIC int
407xfs_vn_rename(
408 struct inode *odir,
409 struct dentry *odentry,
410 struct inode *ndir,
411 struct dentry *ndentry,
412 unsigned int flags)
413{
414 struct inode *new_inode = d_inode(ndentry);
415 int omode = 0;
416 int error;
417 struct xfs_name oname;
418 struct xfs_name nname;
419
420 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
421 return -EINVAL;
422
423 /* if we are exchanging files, we need to set i_mode of both files */
424 if (flags & RENAME_EXCHANGE)
425 omode = d_inode(ndentry)->i_mode;
426
427 error = xfs_dentry_mode_to_name(&oname, odentry, omode);
428 if (omode && unlikely(error))
429 return error;
430
431 error = xfs_dentry_mode_to_name(&nname, ndentry,
432 d_inode(odentry)->i_mode);
433 if (unlikely(error))
434 return error;
435
436 return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)),
437 XFS_I(ndir), &nname,
438 new_inode ? XFS_I(new_inode) : NULL, flags);
439}
440
441/*
442 * careful here - this function can get called recursively, so
443 * we need to be very careful about how much stack we use.
444 * uio is kmalloced for this reason...
445 */
446STATIC const char *
447xfs_vn_get_link(
448 struct dentry *dentry,
449 struct inode *inode,
450 struct delayed_call *done)
451{
452 char *link;
453 int error = -ENOMEM;
454
455 if (!dentry)
456 return ERR_PTR(-ECHILD);
457
458 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL);
459 if (!link)
460 goto out_err;
461
462 error = xfs_readlink(XFS_I(d_inode(dentry)), link);
463 if (unlikely(error))
464 goto out_kfree;
465
466 set_delayed_call(done, kfree_link, link);
467 return link;
468
469 out_kfree:
470 kfree(link);
471 out_err:
472 return ERR_PTR(error);
473}
474
475STATIC const char *
476xfs_vn_get_link_inline(
477 struct dentry *dentry,
478 struct inode *inode,
479 struct delayed_call *done)
480{
481 struct xfs_inode *ip = XFS_I(inode);
482 char *link;
483
484 ASSERT(ip->i_df.if_flags & XFS_IFINLINE);
485
486 /*
487 * The VFS crashes on a NULL pointer, so return -EFSCORRUPTED if
488 * if_data is junk.
489 */
490 link = ip->i_df.if_u1.if_data;
491 if (XFS_IS_CORRUPT(ip->i_mount, !link))
492 return ERR_PTR(-EFSCORRUPTED);
493 return link;
494}
495
496static uint32_t
497xfs_stat_blksize(
498 struct xfs_inode *ip)
499{
500 struct xfs_mount *mp = ip->i_mount;
501
502 /*
503 * If the file blocks are being allocated from a realtime volume, then
504 * always return the realtime extent size.
505 */
506 if (XFS_IS_REALTIME_INODE(ip))
507 return xfs_get_extsz_hint(ip) << mp->m_sb.sb_blocklog;
508
509 /*
510 * Allow large block sizes to be reported to userspace programs if the
511 * "largeio" mount option is used.
512 *
513 * If compatibility mode is specified, simply return the basic unit of
514 * caching so that we don't get inefficient read/modify/write I/O from
515 * user apps. Otherwise....
516 *
517 * If the underlying volume is a stripe, then return the stripe width in
518 * bytes as the recommended I/O size. It is not a stripe and we've set a
519 * default buffered I/O size, return that, otherwise return the compat
520 * default.
521 */
522 if (mp->m_flags & XFS_MOUNT_LARGEIO) {
523 if (mp->m_swidth)
524 return mp->m_swidth << mp->m_sb.sb_blocklog;
525 if (mp->m_flags & XFS_MOUNT_ALLOCSIZE)
526 return 1U << mp->m_allocsize_log;
527 }
528
529 return PAGE_SIZE;
530}
531
532STATIC int
533xfs_vn_getattr(
534 const struct path *path,
535 struct kstat *stat,
536 u32 request_mask,
537 unsigned int query_flags)
538{
539 struct inode *inode = d_inode(path->dentry);
540 struct xfs_inode *ip = XFS_I(inode);
541 struct xfs_mount *mp = ip->i_mount;
542
543 trace_xfs_getattr(ip);
544
545 if (XFS_FORCED_SHUTDOWN(mp))
546 return -EIO;
547
548 stat->size = XFS_ISIZE(ip);
549 stat->dev = inode->i_sb->s_dev;
550 stat->mode = inode->i_mode;
551 stat->nlink = inode->i_nlink;
552 stat->uid = inode->i_uid;
553 stat->gid = inode->i_gid;
554 stat->ino = ip->i_ino;
555 stat->atime = inode->i_atime;
556 stat->mtime = inode->i_mtime;
557 stat->ctime = inode->i_ctime;
558 stat->blocks =
559 XFS_FSB_TO_BB(mp, ip->i_d.di_nblocks + ip->i_delayed_blks);
560
561 if (xfs_sb_version_has_v3inode(&mp->m_sb)) {
562 if (request_mask & STATX_BTIME) {
563 stat->result_mask |= STATX_BTIME;
564 stat->btime = ip->i_d.di_crtime;
565 }
566 }
567
568 /*
569 * Note: If you add another clause to set an attribute flag, please
570 * update attributes_mask below.
571 */
572 if (ip->i_d.di_flags & XFS_DIFLAG_IMMUTABLE)
573 stat->attributes |= STATX_ATTR_IMMUTABLE;
574 if (ip->i_d.di_flags & XFS_DIFLAG_APPEND)
575 stat->attributes |= STATX_ATTR_APPEND;
576 if (ip->i_d.di_flags & XFS_DIFLAG_NODUMP)
577 stat->attributes |= STATX_ATTR_NODUMP;
578
579 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE |
580 STATX_ATTR_APPEND |
581 STATX_ATTR_NODUMP);
582
583 switch (inode->i_mode & S_IFMT) {
584 case S_IFBLK:
585 case S_IFCHR:
586 stat->blksize = BLKDEV_IOSIZE;
587 stat->rdev = inode->i_rdev;
588 break;
589 default:
590 stat->blksize = xfs_stat_blksize(ip);
591 stat->rdev = 0;
592 break;
593 }
594
595 return 0;
596}
597
598static void
599xfs_setattr_mode(
600 struct xfs_inode *ip,
601 struct iattr *iattr)
602{
603 struct inode *inode = VFS_I(ip);
604 umode_t mode = iattr->ia_mode;
605
606 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
607
608 inode->i_mode &= S_IFMT;
609 inode->i_mode |= mode & ~S_IFMT;
610}
611
612void
613xfs_setattr_time(
614 struct xfs_inode *ip,
615 struct iattr *iattr)
616{
617 struct inode *inode = VFS_I(ip);
618
619 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
620
621 if (iattr->ia_valid & ATTR_ATIME)
622 inode->i_atime = iattr->ia_atime;
623 if (iattr->ia_valid & ATTR_CTIME)
624 inode->i_ctime = iattr->ia_ctime;
625 if (iattr->ia_valid & ATTR_MTIME)
626 inode->i_mtime = iattr->ia_mtime;
627}
628
629static int
630xfs_vn_change_ok(
631 struct dentry *dentry,
632 struct iattr *iattr)
633{
634 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount;
635
636 if (mp->m_flags & XFS_MOUNT_RDONLY)
637 return -EROFS;
638
639 if (XFS_FORCED_SHUTDOWN(mp))
640 return -EIO;
641
642 return setattr_prepare(dentry, iattr);
643}
644
645/*
646 * Set non-size attributes of an inode.
647 *
648 * Caution: The caller of this function is responsible for calling
649 * setattr_prepare() or otherwise verifying the change is fine.
650 */
651int
652xfs_setattr_nonsize(
653 struct xfs_inode *ip,
654 struct iattr *iattr,
655 int flags)
656{
657 xfs_mount_t *mp = ip->i_mount;
658 struct inode *inode = VFS_I(ip);
659 int mask = iattr->ia_valid;
660 xfs_trans_t *tp;
661 int error;
662 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID;
663 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID;
664 struct xfs_dquot *udqp = NULL, *gdqp = NULL;
665 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL;
666
667 ASSERT((mask & ATTR_SIZE) == 0);
668
669 /*
670 * If disk quotas is on, we make sure that the dquots do exist on disk,
671 * before we start any other transactions. Trying to do this later
672 * is messy. We don't care to take a readlock to look at the ids
673 * in inode here, because we can't hold it across the trans_reserve.
674 * If the IDs do change before we take the ilock, we're covered
675 * because the i_*dquot fields will get updated anyway.
676 */
677 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) {
678 uint qflags = 0;
679
680 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) {
681 uid = iattr->ia_uid;
682 qflags |= XFS_QMOPT_UQUOTA;
683 } else {
684 uid = inode->i_uid;
685 }
686 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) {
687 gid = iattr->ia_gid;
688 qflags |= XFS_QMOPT_GQUOTA;
689 } else {
690 gid = inode->i_gid;
691 }
692
693 /*
694 * We take a reference when we initialize udqp and gdqp,
695 * so it is important that we never blindly double trip on
696 * the same variable. See xfs_create() for an example.
697 */
698 ASSERT(udqp == NULL);
699 ASSERT(gdqp == NULL);
700 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_d.di_projid,
701 qflags, &udqp, &gdqp, NULL);
702 if (error)
703 return error;
704 }
705
706 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp);
707 if (error)
708 goto out_dqrele;
709
710 xfs_ilock(ip, XFS_ILOCK_EXCL);
711 xfs_trans_ijoin(tp, ip, 0);
712
713 /*
714 * Change file ownership. Must be the owner or privileged.
715 */
716 if (mask & (ATTR_UID|ATTR_GID)) {
717 /*
718 * These IDs could have changed since we last looked at them.
719 * But, we're assured that if the ownership did change
720 * while we didn't have the inode locked, inode's dquot(s)
721 * would have changed also.
722 */
723 iuid = inode->i_uid;
724 igid = inode->i_gid;
725 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid;
726 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid;
727
728 /*
729 * Do a quota reservation only if uid/gid is actually
730 * going to change.
731 */
732 if (XFS_IS_QUOTA_RUNNING(mp) &&
733 ((XFS_IS_UQUOTA_ON(mp) && !uid_eq(iuid, uid)) ||
734 (XFS_IS_GQUOTA_ON(mp) && !gid_eq(igid, gid)))) {
735 ASSERT(tp);
736 error = xfs_qm_vop_chown_reserve(tp, ip, udqp, gdqp,
737 NULL, capable(CAP_FOWNER) ?
738 XFS_QMOPT_FORCE_RES : 0);
739 if (error) /* out of quota */
740 goto out_cancel;
741 }
742
743 /*
744 * CAP_FSETID overrides the following restrictions:
745 *
746 * The set-user-ID and set-group-ID bits of a file will be
747 * cleared upon successful return from chown()
748 */
749 if ((inode->i_mode & (S_ISUID|S_ISGID)) &&
750 !capable(CAP_FSETID))
751 inode->i_mode &= ~(S_ISUID|S_ISGID);
752
753 /*
754 * Change the ownerships and register quota modifications
755 * in the transaction.
756 */
757 if (!uid_eq(iuid, uid)) {
758 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) {
759 ASSERT(mask & ATTR_UID);
760 ASSERT(udqp);
761 olddquot1 = xfs_qm_vop_chown(tp, ip,
762 &ip->i_udquot, udqp);
763 }
764 inode->i_uid = uid;
765 }
766 if (!gid_eq(igid, gid)) {
767 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_GQUOTA_ON(mp)) {
768 ASSERT(xfs_sb_version_has_pquotino(&mp->m_sb) ||
769 !XFS_IS_PQUOTA_ON(mp));
770 ASSERT(mask & ATTR_GID);
771 ASSERT(gdqp);
772 olddquot2 = xfs_qm_vop_chown(tp, ip,
773 &ip->i_gdquot, gdqp);
774 }
775 inode->i_gid = gid;
776 }
777 }
778
779 if (mask & ATTR_MODE)
780 xfs_setattr_mode(ip, iattr);
781 if (mask & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME))
782 xfs_setattr_time(ip, iattr);
783
784 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
785
786 XFS_STATS_INC(mp, xs_ig_attrchg);
787
788 if (mp->m_flags & XFS_MOUNT_WSYNC)
789 xfs_trans_set_sync(tp);
790 error = xfs_trans_commit(tp);
791
792 xfs_iunlock(ip, XFS_ILOCK_EXCL);
793
794 /*
795 * Release any dquot(s) the inode had kept before chown.
796 */
797 xfs_qm_dqrele(olddquot1);
798 xfs_qm_dqrele(olddquot2);
799 xfs_qm_dqrele(udqp);
800 xfs_qm_dqrele(gdqp);
801
802 if (error)
803 return error;
804
805 /*
806 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode
807 * update. We could avoid this with linked transactions
808 * and passing down the transaction pointer all the way
809 * to attr_set. No previous user of the generic
810 * Posix ACL code seems to care about this issue either.
811 */
812 if ((mask & ATTR_MODE) && !(flags & XFS_ATTR_NOACL)) {
813 error = posix_acl_chmod(inode, inode->i_mode);
814 if (error)
815 return error;
816 }
817
818 return 0;
819
820out_cancel:
821 xfs_trans_cancel(tp);
822 xfs_iunlock(ip, XFS_ILOCK_EXCL);
823out_dqrele:
824 xfs_qm_dqrele(udqp);
825 xfs_qm_dqrele(gdqp);
826 return error;
827}
828
829int
830xfs_vn_setattr_nonsize(
831 struct dentry *dentry,
832 struct iattr *iattr)
833{
834 struct xfs_inode *ip = XFS_I(d_inode(dentry));
835 int error;
836
837 trace_xfs_setattr(ip);
838
839 error = xfs_vn_change_ok(dentry, iattr);
840 if (error)
841 return error;
842 return xfs_setattr_nonsize(ip, iattr, 0);
843}
844
845/*
846 * Truncate file. Must have write permission and not be a directory.
847 *
848 * Caution: The caller of this function is responsible for calling
849 * setattr_prepare() or otherwise verifying the change is fine.
850 */
851STATIC int
852xfs_setattr_size(
853 struct xfs_inode *ip,
854 struct iattr *iattr)
855{
856 struct xfs_mount *mp = ip->i_mount;
857 struct inode *inode = VFS_I(ip);
858 xfs_off_t oldsize, newsize;
859 struct xfs_trans *tp;
860 int error;
861 uint lock_flags = 0;
862 bool did_zeroing = false;
863
864 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL));
865 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL));
866 ASSERT(S_ISREG(inode->i_mode));
867 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET|
868 ATTR_MTIME_SET|ATTR_KILL_PRIV|ATTR_TIMES_SET)) == 0);
869
870 oldsize = inode->i_size;
871 newsize = iattr->ia_size;
872
873 /*
874 * Short circuit the truncate case for zero length files.
875 */
876 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) {
877 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME)))
878 return 0;
879
880 /*
881 * Use the regular setattr path to update the timestamps.
882 */
883 iattr->ia_valid &= ~ATTR_SIZE;
884 return xfs_setattr_nonsize(ip, iattr, 0);
885 }
886
887 /*
888 * Make sure that the dquots are attached to the inode.
889 */
890 error = xfs_qm_dqattach(ip);
891 if (error)
892 return error;
893
894 /*
895 * Wait for all direct I/O to complete.
896 */
897 inode_dio_wait(inode);
898
899 /*
900 * File data changes must be complete before we start the transaction to
901 * modify the inode. This needs to be done before joining the inode to
902 * the transaction because the inode cannot be unlocked once it is a
903 * part of the transaction.
904 *
905 * Start with zeroing any data beyond EOF that we may expose on file
906 * extension, or zeroing out the rest of the block on a downward
907 * truncate.
908 */
909 if (newsize > oldsize) {
910 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize);
911 error = iomap_zero_range(inode, oldsize, newsize - oldsize,
912 &did_zeroing, &xfs_buffered_write_iomap_ops);
913 } else {
914 error = iomap_truncate_page(inode, newsize, &did_zeroing,
915 &xfs_buffered_write_iomap_ops);
916 }
917
918 if (error)
919 return error;
920
921 /*
922 * We've already locked out new page faults, so now we can safely remove
923 * pages from the page cache knowing they won't get refaulted until we
924 * drop the XFS_MMAP_EXCL lock after the extent manipulations are
925 * complete. The truncate_setsize() call also cleans partial EOF page
926 * PTEs on extending truncates and hence ensures sub-page block size
927 * filesystems are correctly handled, too.
928 *
929 * We have to do all the page cache truncate work outside the
930 * transaction context as the "lock" order is page lock->log space
931 * reservation as defined by extent allocation in the writeback path.
932 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but
933 * having already truncated the in-memory version of the file (i.e. made
934 * user visible changes). There's not much we can do about this, except
935 * to hope that the caller sees ENOMEM and retries the truncate
936 * operation.
937 *
938 * And we update in-core i_size and truncate page cache beyond newsize
939 * before writeback the [di_size, newsize] range, so we're guaranteed
940 * not to write stale data past the new EOF on truncate down.
941 */
942 truncate_setsize(inode, newsize);
943
944 /*
945 * We are going to log the inode size change in this transaction so
946 * any previous writes that are beyond the on disk EOF and the new
947 * EOF that have not been written out need to be written here. If we
948 * do not write the data out, we expose ourselves to the null files
949 * problem. Note that this includes any block zeroing we did above;
950 * otherwise those blocks may not be zeroed after a crash.
951 */
952 if (did_zeroing ||
953 (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) {
954 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping,
955 ip->i_d.di_size, newsize - 1);
956 if (error)
957 return error;
958 }
959
960 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp);
961 if (error)
962 return error;
963
964 lock_flags |= XFS_ILOCK_EXCL;
965 xfs_ilock(ip, XFS_ILOCK_EXCL);
966 xfs_trans_ijoin(tp, ip, 0);
967
968 /*
969 * Only change the c/mtime if we are changing the size or we are
970 * explicitly asked to change it. This handles the semantic difference
971 * between truncate() and ftruncate() as implemented in the VFS.
972 *
973 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a
974 * special case where we need to update the times despite not having
975 * these flags set. For all other operations the VFS set these flags
976 * explicitly if it wants a timestamp update.
977 */
978 if (newsize != oldsize &&
979 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) {
980 iattr->ia_ctime = iattr->ia_mtime =
981 current_time(inode);
982 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME;
983 }
984
985 /*
986 * The first thing we do is set the size to new_size permanently on
987 * disk. This way we don't have to worry about anyone ever being able
988 * to look at the data being freed even in the face of a crash.
989 * What we're getting around here is the case where we free a block, it
990 * is allocated to another file, it is written to, and then we crash.
991 * If the new data gets written to the file but the log buffers
992 * containing the free and reallocation don't, then we'd end up with
993 * garbage in the blocks being freed. As long as we make the new size
994 * permanent before actually freeing any blocks it doesn't matter if
995 * they get written to.
996 */
997 ip->i_d.di_size = newsize;
998 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
999
1000 if (newsize <= oldsize) {
1001 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize);
1002 if (error)
1003 goto out_trans_cancel;
1004
1005 /*
1006 * Truncated "down", so we're removing references to old data
1007 * here - if we delay flushing for a long time, we expose
1008 * ourselves unduly to the notorious NULL files problem. So,
1009 * we mark this inode and flush it when the file is closed,
1010 * and do not wait the usual (long) time for writeout.
1011 */
1012 xfs_iflags_set(ip, XFS_ITRUNCATED);
1013
1014 /* A truncate down always removes post-EOF blocks. */
1015 xfs_inode_clear_eofblocks_tag(ip);
1016 }
1017
1018 if (iattr->ia_valid & ATTR_MODE)
1019 xfs_setattr_mode(ip, iattr);
1020 if (iattr->ia_valid & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME))
1021 xfs_setattr_time(ip, iattr);
1022
1023 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
1024
1025 XFS_STATS_INC(mp, xs_ig_attrchg);
1026
1027 if (mp->m_flags & XFS_MOUNT_WSYNC)
1028 xfs_trans_set_sync(tp);
1029
1030 error = xfs_trans_commit(tp);
1031out_unlock:
1032 if (lock_flags)
1033 xfs_iunlock(ip, lock_flags);
1034 return error;
1035
1036out_trans_cancel:
1037 xfs_trans_cancel(tp);
1038 goto out_unlock;
1039}
1040
1041int
1042xfs_vn_setattr_size(
1043 struct dentry *dentry,
1044 struct iattr *iattr)
1045{
1046 struct xfs_inode *ip = XFS_I(d_inode(dentry));
1047 int error;
1048
1049 trace_xfs_setattr(ip);
1050
1051 error = xfs_vn_change_ok(dentry, iattr);
1052 if (error)
1053 return error;
1054 return xfs_setattr_size(ip, iattr);
1055}
1056
1057STATIC int
1058xfs_vn_setattr(
1059 struct dentry *dentry,
1060 struct iattr *iattr)
1061{
1062 int error;
1063
1064 if (iattr->ia_valid & ATTR_SIZE) {
1065 struct inode *inode = d_inode(dentry);
1066 struct xfs_inode *ip = XFS_I(inode);
1067 uint iolock;
1068
1069 xfs_ilock(ip, XFS_MMAPLOCK_EXCL);
1070 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL;
1071
1072 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP);
1073 if (error) {
1074 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1075 return error;
1076 }
1077
1078 error = xfs_vn_setattr_size(dentry, iattr);
1079 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1080 } else {
1081 error = xfs_vn_setattr_nonsize(dentry, iattr);
1082 }
1083
1084 return error;
1085}
1086
1087STATIC int
1088xfs_vn_update_time(
1089 struct inode *inode,
1090 struct timespec64 *now,
1091 int flags)
1092{
1093 struct xfs_inode *ip = XFS_I(inode);
1094 struct xfs_mount *mp = ip->i_mount;
1095 int log_flags = XFS_ILOG_TIMESTAMP;
1096 struct xfs_trans *tp;
1097 int error;
1098
1099 trace_xfs_update_time(ip);
1100
1101 if (inode->i_sb->s_flags & SB_LAZYTIME) {
1102 if (!((flags & S_VERSION) &&
1103 inode_maybe_inc_iversion(inode, false)))
1104 return generic_update_time(inode, now, flags);
1105
1106 /* Capture the iversion update that just occurred */
1107 log_flags |= XFS_ILOG_CORE;
1108 }
1109
1110 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp);
1111 if (error)
1112 return error;
1113
1114 xfs_ilock(ip, XFS_ILOCK_EXCL);
1115 if (flags & S_CTIME)
1116 inode->i_ctime = *now;
1117 if (flags & S_MTIME)
1118 inode->i_mtime = *now;
1119 if (flags & S_ATIME)
1120 inode->i_atime = *now;
1121
1122 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
1123 xfs_trans_log_inode(tp, ip, log_flags);
1124 return xfs_trans_commit(tp);
1125}
1126
1127STATIC int
1128xfs_vn_fiemap(
1129 struct inode *inode,
1130 struct fiemap_extent_info *fieinfo,
1131 u64 start,
1132 u64 length)
1133{
1134 int error;
1135
1136 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED);
1137 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) {
1138 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR;
1139 error = iomap_fiemap(inode, fieinfo, start, length,
1140 &xfs_xattr_iomap_ops);
1141 } else {
1142 error = iomap_fiemap(inode, fieinfo, start, length,
1143 &xfs_read_iomap_ops);
1144 }
1145 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED);
1146
1147 return error;
1148}
1149
1150STATIC int
1151xfs_vn_tmpfile(
1152 struct inode *dir,
1153 struct dentry *dentry,
1154 umode_t mode)
1155{
1156 return xfs_generic_create(dir, dentry, mode, 0, true);
1157}
1158
1159static const struct inode_operations xfs_inode_operations = {
1160 .get_acl = xfs_get_acl,
1161 .set_acl = xfs_set_acl,
1162 .getattr = xfs_vn_getattr,
1163 .setattr = xfs_vn_setattr,
1164 .listxattr = xfs_vn_listxattr,
1165 .fiemap = xfs_vn_fiemap,
1166 .update_time = xfs_vn_update_time,
1167};
1168
1169static const struct inode_operations xfs_dir_inode_operations = {
1170 .create = xfs_vn_create,
1171 .lookup = xfs_vn_lookup,
1172 .link = xfs_vn_link,
1173 .unlink = xfs_vn_unlink,
1174 .symlink = xfs_vn_symlink,
1175 .mkdir = xfs_vn_mkdir,
1176 /*
1177 * Yes, XFS uses the same method for rmdir and unlink.
1178 *
1179 * There are some subtile differences deeper in the code,
1180 * but we use S_ISDIR to check for those.
1181 */
1182 .rmdir = xfs_vn_unlink,
1183 .mknod = xfs_vn_mknod,
1184 .rename = xfs_vn_rename,
1185 .get_acl = xfs_get_acl,
1186 .set_acl = xfs_set_acl,
1187 .getattr = xfs_vn_getattr,
1188 .setattr = xfs_vn_setattr,
1189 .listxattr = xfs_vn_listxattr,
1190 .update_time = xfs_vn_update_time,
1191 .tmpfile = xfs_vn_tmpfile,
1192};
1193
1194static const struct inode_operations xfs_dir_ci_inode_operations = {
1195 .create = xfs_vn_create,
1196 .lookup = xfs_vn_ci_lookup,
1197 .link = xfs_vn_link,
1198 .unlink = xfs_vn_unlink,
1199 .symlink = xfs_vn_symlink,
1200 .mkdir = xfs_vn_mkdir,
1201 /*
1202 * Yes, XFS uses the same method for rmdir and unlink.
1203 *
1204 * There are some subtile differences deeper in the code,
1205 * but we use S_ISDIR to check for those.
1206 */
1207 .rmdir = xfs_vn_unlink,
1208 .mknod = xfs_vn_mknod,
1209 .rename = xfs_vn_rename,
1210 .get_acl = xfs_get_acl,
1211 .set_acl = xfs_set_acl,
1212 .getattr = xfs_vn_getattr,
1213 .setattr = xfs_vn_setattr,
1214 .listxattr = xfs_vn_listxattr,
1215 .update_time = xfs_vn_update_time,
1216 .tmpfile = xfs_vn_tmpfile,
1217};
1218
1219static const struct inode_operations xfs_symlink_inode_operations = {
1220 .get_link = xfs_vn_get_link,
1221 .getattr = xfs_vn_getattr,
1222 .setattr = xfs_vn_setattr,
1223 .listxattr = xfs_vn_listxattr,
1224 .update_time = xfs_vn_update_time,
1225};
1226
1227static const struct inode_operations xfs_inline_symlink_inode_operations = {
1228 .get_link = xfs_vn_get_link_inline,
1229 .getattr = xfs_vn_getattr,
1230 .setattr = xfs_vn_setattr,
1231 .listxattr = xfs_vn_listxattr,
1232 .update_time = xfs_vn_update_time,
1233};
1234
1235/* Figure out if this file actually supports DAX. */
1236static bool
1237xfs_inode_supports_dax(
1238 struct xfs_inode *ip)
1239{
1240 struct xfs_mount *mp = ip->i_mount;
1241
1242 /* Only supported on regular files. */
1243 if (!S_ISREG(VFS_I(ip)->i_mode))
1244 return false;
1245
1246 /* Only supported on non-reflinked files. */
1247 if (xfs_is_reflink_inode(ip))
1248 return false;
1249
1250 /* Block size must match page size */
1251 if (mp->m_sb.sb_blocksize != PAGE_SIZE)
1252 return false;
1253
1254 /* Device has to support DAX too. */
1255 return xfs_inode_buftarg(ip)->bt_daxdev != NULL;
1256}
1257
1258static bool
1259xfs_inode_should_enable_dax(
1260 struct xfs_inode *ip)
1261{
1262 if (!IS_ENABLED(CONFIG_FS_DAX))
1263 return false;
1264 if (ip->i_mount->m_flags & XFS_MOUNT_DAX_NEVER)
1265 return false;
1266 if (!xfs_inode_supports_dax(ip))
1267 return false;
1268 if (ip->i_mount->m_flags & XFS_MOUNT_DAX_ALWAYS)
1269 return true;
1270 if (ip->i_d.di_flags2 & XFS_DIFLAG2_DAX)
1271 return true;
1272 return false;
1273}
1274
1275void
1276xfs_diflags_to_iflags(
1277 struct xfs_inode *ip,
1278 bool init)
1279{
1280 struct inode *inode = VFS_I(ip);
1281 unsigned int xflags = xfs_ip2xflags(ip);
1282 unsigned int flags = 0;
1283
1284 ASSERT(!(IS_DAX(inode) && init));
1285
1286 if (xflags & FS_XFLAG_IMMUTABLE)
1287 flags |= S_IMMUTABLE;
1288 if (xflags & FS_XFLAG_APPEND)
1289 flags |= S_APPEND;
1290 if (xflags & FS_XFLAG_SYNC)
1291 flags |= S_SYNC;
1292 if (xflags & FS_XFLAG_NOATIME)
1293 flags |= S_NOATIME;
1294 if (init && xfs_inode_should_enable_dax(ip))
1295 flags |= S_DAX;
1296
1297 /*
1298 * S_DAX can only be set during inode initialization and is never set by
1299 * the VFS, so we cannot mask off S_DAX in i_flags.
1300 */
1301 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME);
1302 inode->i_flags |= flags;
1303}
1304
1305/*
1306 * Initialize the Linux inode.
1307 *
1308 * When reading existing inodes from disk this is called directly from xfs_iget,
1309 * when creating a new inode it is called from xfs_ialloc after setting up the
1310 * inode. These callers have different criteria for clearing XFS_INEW, so leave
1311 * it up to the caller to deal with unlocking the inode appropriately.
1312 */
1313void
1314xfs_setup_inode(
1315 struct xfs_inode *ip)
1316{
1317 struct inode *inode = &ip->i_vnode;
1318 gfp_t gfp_mask;
1319
1320 inode->i_ino = ip->i_ino;
1321 inode->i_state = I_NEW;
1322
1323 inode_sb_list_add(inode);
1324 /* make the inode look hashed for the writeback code */
1325 inode_fake_hash(inode);
1326
1327 i_size_write(inode, ip->i_d.di_size);
1328 xfs_diflags_to_iflags(ip, true);
1329
1330 if (S_ISDIR(inode->i_mode)) {
1331 /*
1332 * We set the i_rwsem class here to avoid potential races with
1333 * lockdep_annotate_inode_mutex_key() reinitialising the lock
1334 * after a filehandle lookup has already found the inode in
1335 * cache before it has been unlocked via unlock_new_inode().
1336 */
1337 lockdep_set_class(&inode->i_rwsem,
1338 &inode->i_sb->s_type->i_mutex_dir_key);
1339 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class);
1340 } else {
1341 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class);
1342 }
1343
1344 /*
1345 * Ensure all page cache allocations are done from GFP_NOFS context to
1346 * prevent direct reclaim recursion back into the filesystem and blowing
1347 * stacks or deadlocking.
1348 */
1349 gfp_mask = mapping_gfp_mask(inode->i_mapping);
1350 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS)));
1351
1352 /*
1353 * If there is no attribute fork no ACL can exist on this inode,
1354 * and it can't have any file capabilities attached to it either.
1355 */
1356 if (!XFS_IFORK_Q(ip)) {
1357 inode_has_no_xattr(inode);
1358 cache_no_acl(inode);
1359 }
1360}
1361
1362void
1363xfs_setup_iops(
1364 struct xfs_inode *ip)
1365{
1366 struct inode *inode = &ip->i_vnode;
1367
1368 switch (inode->i_mode & S_IFMT) {
1369 case S_IFREG:
1370 inode->i_op = &xfs_inode_operations;
1371 inode->i_fop = &xfs_file_operations;
1372 if (IS_DAX(inode))
1373 inode->i_mapping->a_ops = &xfs_dax_aops;
1374 else
1375 inode->i_mapping->a_ops = &xfs_address_space_operations;
1376 break;
1377 case S_IFDIR:
1378 if (xfs_sb_version_hasasciici(&XFS_M(inode->i_sb)->m_sb))
1379 inode->i_op = &xfs_dir_ci_inode_operations;
1380 else
1381 inode->i_op = &xfs_dir_inode_operations;
1382 inode->i_fop = &xfs_dir_file_operations;
1383 break;
1384 case S_IFLNK:
1385 if (ip->i_df.if_flags & XFS_IFINLINE)
1386 inode->i_op = &xfs_inline_symlink_inode_operations;
1387 else
1388 inode->i_op = &xfs_symlink_inode_operations;
1389 break;
1390 default:
1391 inode->i_op = &xfs_inode_operations;
1392 init_special_inode(inode, inode->i_mode, inode->i_rdev);
1393 break;
1394 }
1395}