Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6#include "xfs.h"
7#include "xfs_fs.h"
8#include "xfs_shared.h"
9#include "xfs_format.h"
10#include "xfs_log_format.h"
11#include "xfs_trans_resv.h"
12#include "xfs_mount.h"
13#include "xfs_inode.h"
14#include "xfs_acl.h"
15#include "xfs_quota.h"
16#include "xfs_da_format.h"
17#include "xfs_da_btree.h"
18#include "xfs_attr.h"
19#include "xfs_trans.h"
20#include "xfs_trace.h"
21#include "xfs_icache.h"
22#include "xfs_symlink.h"
23#include "xfs_dir2.h"
24#include "xfs_iomap.h"
25#include "xfs_error.h"
26#include "xfs_ioctl.h"
27#include "xfs_xattr.h"
28
29#include <linux/posix_acl.h>
30#include <linux/security.h>
31#include <linux/iversion.h>
32#include <linux/fiemap.h>
33
34/*
35 * Directories have different lock order w.r.t. mmap_lock compared to regular
36 * files. This is due to readdir potentially triggering page faults on a user
37 * buffer inside filldir(), and this happens with the ilock on the directory
38 * held. For regular files, the lock order is the other way around - the
39 * mmap_lock is taken during the page fault, and then we lock the ilock to do
40 * block mapping. Hence we need a different class for the directory ilock so
41 * that lockdep can tell them apart.
42 */
43static struct lock_class_key xfs_nondir_ilock_class;
44static struct lock_class_key xfs_dir_ilock_class;
45
46static int
47xfs_initxattrs(
48 struct inode *inode,
49 const struct xattr *xattr_array,
50 void *fs_info)
51{
52 const struct xattr *xattr;
53 struct xfs_inode *ip = XFS_I(inode);
54 int error = 0;
55
56 for (xattr = xattr_array; xattr->name != NULL; xattr++) {
57 struct xfs_da_args args = {
58 .dp = ip,
59 .attr_filter = XFS_ATTR_SECURE,
60 .name = xattr->name,
61 .namelen = strlen(xattr->name),
62 .value = xattr->value,
63 .valuelen = xattr->value_len,
64 };
65 error = xfs_attr_change(&args);
66 if (error < 0)
67 break;
68 }
69 return error;
70}
71
72/*
73 * Hook in SELinux. This is not quite correct yet, what we really need
74 * here (as we do for default ACLs) is a mechanism by which creation of
75 * these attrs can be journalled at inode creation time (along with the
76 * inode, of course, such that log replay can't cause these to be lost).
77 */
78int
79xfs_inode_init_security(
80 struct inode *inode,
81 struct inode *dir,
82 const struct qstr *qstr)
83{
84 return security_inode_init_security(inode, dir, qstr,
85 &xfs_initxattrs, NULL);
86}
87
88static void
89xfs_dentry_to_name(
90 struct xfs_name *namep,
91 struct dentry *dentry)
92{
93 namep->name = dentry->d_name.name;
94 namep->len = dentry->d_name.len;
95 namep->type = XFS_DIR3_FT_UNKNOWN;
96}
97
98static int
99xfs_dentry_mode_to_name(
100 struct xfs_name *namep,
101 struct dentry *dentry,
102 int mode)
103{
104 namep->name = dentry->d_name.name;
105 namep->len = dentry->d_name.len;
106 namep->type = xfs_mode_to_ftype(mode);
107
108 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN))
109 return -EFSCORRUPTED;
110
111 return 0;
112}
113
114STATIC void
115xfs_cleanup_inode(
116 struct inode *dir,
117 struct inode *inode,
118 struct dentry *dentry)
119{
120 struct xfs_name teardown;
121
122 /* Oh, the horror.
123 * If we can't add the ACL or we fail in
124 * xfs_inode_init_security we must back out.
125 * ENOSPC can hit here, among other things.
126 */
127 xfs_dentry_to_name(&teardown, dentry);
128
129 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode));
130}
131
132/*
133 * Check to see if we are likely to need an extended attribute to be added to
134 * the inode we are about to allocate. This allows the attribute fork to be
135 * created during the inode allocation, reducing the number of transactions we
136 * need to do in this fast path.
137 *
138 * The security checks are optimistic, but not guaranteed. The two LSMs that
139 * require xattrs to be added here (selinux and smack) are also the only two
140 * LSMs that add a sb->s_security structure to the superblock. Hence if security
141 * is enabled and sb->s_security is set, we have a pretty good idea that we are
142 * going to be asked to add a security xattr immediately after allocating the
143 * xfs inode and instantiating the VFS inode.
144 */
145static inline bool
146xfs_create_need_xattr(
147 struct inode *dir,
148 struct posix_acl *default_acl,
149 struct posix_acl *acl)
150{
151 if (acl)
152 return true;
153 if (default_acl)
154 return true;
155#if IS_ENABLED(CONFIG_SECURITY)
156 if (dir->i_sb->s_security)
157 return true;
158#endif
159 return false;
160}
161
162
163STATIC int
164xfs_generic_create(
165 struct mnt_idmap *idmap,
166 struct inode *dir,
167 struct dentry *dentry,
168 umode_t mode,
169 dev_t rdev,
170 struct file *tmpfile) /* unnamed file */
171{
172 struct inode *inode;
173 struct xfs_inode *ip = NULL;
174 struct posix_acl *default_acl, *acl;
175 struct xfs_name name;
176 int error;
177
178 /*
179 * Irix uses Missed'em'V split, but doesn't want to see
180 * the upper 5 bits of (14bit) major.
181 */
182 if (S_ISCHR(mode) || S_ISBLK(mode)) {
183 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff))
184 return -EINVAL;
185 } else {
186 rdev = 0;
187 }
188
189 error = posix_acl_create(dir, &mode, &default_acl, &acl);
190 if (error)
191 return error;
192
193 /* Verify mode is valid also for tmpfile case */
194 error = xfs_dentry_mode_to_name(&name, dentry, mode);
195 if (unlikely(error))
196 goto out_free_acl;
197
198 if (!tmpfile) {
199 error = xfs_create(idmap, XFS_I(dir), &name, mode, rdev,
200 xfs_create_need_xattr(dir, default_acl, acl),
201 &ip);
202 } else {
203 error = xfs_create_tmpfile(idmap, XFS_I(dir), mode, &ip);
204 }
205 if (unlikely(error))
206 goto out_free_acl;
207
208 inode = VFS_I(ip);
209
210 error = xfs_inode_init_security(inode, dir, &dentry->d_name);
211 if (unlikely(error))
212 goto out_cleanup_inode;
213
214 if (default_acl) {
215 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
216 if (error)
217 goto out_cleanup_inode;
218 }
219 if (acl) {
220 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
221 if (error)
222 goto out_cleanup_inode;
223 }
224
225 xfs_setup_iops(ip);
226
227 if (tmpfile) {
228 /*
229 * The VFS requires that any inode fed to d_tmpfile must have
230 * nlink == 1 so that it can decrement the nlink in d_tmpfile.
231 * However, we created the temp file with nlink == 0 because
232 * we're not allowed to put an inode with nlink > 0 on the
233 * unlinked list. Therefore we have to set nlink to 1 so that
234 * d_tmpfile can immediately set it back to zero.
235 */
236 set_nlink(inode, 1);
237 d_tmpfile(tmpfile, inode);
238 } else
239 d_instantiate(dentry, inode);
240
241 xfs_finish_inode_setup(ip);
242
243 out_free_acl:
244 posix_acl_release(default_acl);
245 posix_acl_release(acl);
246 return error;
247
248 out_cleanup_inode:
249 xfs_finish_inode_setup(ip);
250 if (!tmpfile)
251 xfs_cleanup_inode(dir, inode, dentry);
252 xfs_irele(ip);
253 goto out_free_acl;
254}
255
256STATIC int
257xfs_vn_mknod(
258 struct mnt_idmap *idmap,
259 struct inode *dir,
260 struct dentry *dentry,
261 umode_t mode,
262 dev_t rdev)
263{
264 return xfs_generic_create(idmap, dir, dentry, mode, rdev, NULL);
265}
266
267STATIC int
268xfs_vn_create(
269 struct mnt_idmap *idmap,
270 struct inode *dir,
271 struct dentry *dentry,
272 umode_t mode,
273 bool flags)
274{
275 return xfs_generic_create(idmap, dir, dentry, mode, 0, NULL);
276}
277
278STATIC int
279xfs_vn_mkdir(
280 struct mnt_idmap *idmap,
281 struct inode *dir,
282 struct dentry *dentry,
283 umode_t mode)
284{
285 return xfs_generic_create(idmap, dir, dentry, mode | S_IFDIR, 0, NULL);
286}
287
288STATIC struct dentry *
289xfs_vn_lookup(
290 struct inode *dir,
291 struct dentry *dentry,
292 unsigned int flags)
293{
294 struct inode *inode;
295 struct xfs_inode *cip;
296 struct xfs_name name;
297 int error;
298
299 if (dentry->d_name.len >= MAXNAMELEN)
300 return ERR_PTR(-ENAMETOOLONG);
301
302 xfs_dentry_to_name(&name, dentry);
303 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL);
304 if (likely(!error))
305 inode = VFS_I(cip);
306 else if (likely(error == -ENOENT))
307 inode = NULL;
308 else
309 inode = ERR_PTR(error);
310 return d_splice_alias(inode, dentry);
311}
312
313STATIC struct dentry *
314xfs_vn_ci_lookup(
315 struct inode *dir,
316 struct dentry *dentry,
317 unsigned int flags)
318{
319 struct xfs_inode *ip;
320 struct xfs_name xname;
321 struct xfs_name ci_name;
322 struct qstr dname;
323 int error;
324
325 if (dentry->d_name.len >= MAXNAMELEN)
326 return ERR_PTR(-ENAMETOOLONG);
327
328 xfs_dentry_to_name(&xname, dentry);
329 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name);
330 if (unlikely(error)) {
331 if (unlikely(error != -ENOENT))
332 return ERR_PTR(error);
333 /*
334 * call d_add(dentry, NULL) here when d_drop_negative_children
335 * is called in xfs_vn_mknod (ie. allow negative dentries
336 * with CI filesystems).
337 */
338 return NULL;
339 }
340
341 /* if exact match, just splice and exit */
342 if (!ci_name.name)
343 return d_splice_alias(VFS_I(ip), dentry);
344
345 /* else case-insensitive match... */
346 dname.name = ci_name.name;
347 dname.len = ci_name.len;
348 dentry = d_add_ci(dentry, VFS_I(ip), &dname);
349 kfree(ci_name.name);
350 return dentry;
351}
352
353STATIC int
354xfs_vn_link(
355 struct dentry *old_dentry,
356 struct inode *dir,
357 struct dentry *dentry)
358{
359 struct inode *inode = d_inode(old_dentry);
360 struct xfs_name name;
361 int error;
362
363 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode);
364 if (unlikely(error))
365 return error;
366
367 error = xfs_link(XFS_I(dir), XFS_I(inode), &name);
368 if (unlikely(error))
369 return error;
370
371 ihold(inode);
372 d_instantiate(dentry, inode);
373 return 0;
374}
375
376STATIC int
377xfs_vn_unlink(
378 struct inode *dir,
379 struct dentry *dentry)
380{
381 struct xfs_name name;
382 int error;
383
384 xfs_dentry_to_name(&name, dentry);
385
386 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry)));
387 if (error)
388 return error;
389
390 /*
391 * With unlink, the VFS makes the dentry "negative": no inode,
392 * but still hashed. This is incompatible with case-insensitive
393 * mode, so invalidate (unhash) the dentry in CI-mode.
394 */
395 if (xfs_has_asciici(XFS_M(dir->i_sb)))
396 d_invalidate(dentry);
397 return 0;
398}
399
400STATIC int
401xfs_vn_symlink(
402 struct mnt_idmap *idmap,
403 struct inode *dir,
404 struct dentry *dentry,
405 const char *symname)
406{
407 struct inode *inode;
408 struct xfs_inode *cip = NULL;
409 struct xfs_name name;
410 int error;
411 umode_t mode;
412
413 mode = S_IFLNK |
414 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO);
415 error = xfs_dentry_mode_to_name(&name, dentry, mode);
416 if (unlikely(error))
417 goto out;
418
419 error = xfs_symlink(idmap, XFS_I(dir), &name, symname, mode, &cip);
420 if (unlikely(error))
421 goto out;
422
423 inode = VFS_I(cip);
424
425 error = xfs_inode_init_security(inode, dir, &dentry->d_name);
426 if (unlikely(error))
427 goto out_cleanup_inode;
428
429 xfs_setup_iops(cip);
430
431 d_instantiate(dentry, inode);
432 xfs_finish_inode_setup(cip);
433 return 0;
434
435 out_cleanup_inode:
436 xfs_finish_inode_setup(cip);
437 xfs_cleanup_inode(dir, inode, dentry);
438 xfs_irele(cip);
439 out:
440 return error;
441}
442
443STATIC int
444xfs_vn_rename(
445 struct mnt_idmap *idmap,
446 struct inode *odir,
447 struct dentry *odentry,
448 struct inode *ndir,
449 struct dentry *ndentry,
450 unsigned int flags)
451{
452 struct inode *new_inode = d_inode(ndentry);
453 int omode = 0;
454 int error;
455 struct xfs_name oname;
456 struct xfs_name nname;
457
458 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
459 return -EINVAL;
460
461 /* if we are exchanging files, we need to set i_mode of both files */
462 if (flags & RENAME_EXCHANGE)
463 omode = d_inode(ndentry)->i_mode;
464
465 error = xfs_dentry_mode_to_name(&oname, odentry, omode);
466 if (omode && unlikely(error))
467 return error;
468
469 error = xfs_dentry_mode_to_name(&nname, ndentry,
470 d_inode(odentry)->i_mode);
471 if (unlikely(error))
472 return error;
473
474 return xfs_rename(idmap, XFS_I(odir), &oname,
475 XFS_I(d_inode(odentry)), XFS_I(ndir), &nname,
476 new_inode ? XFS_I(new_inode) : NULL, flags);
477}
478
479/*
480 * careful here - this function can get called recursively, so
481 * we need to be very careful about how much stack we use.
482 * uio is kmalloced for this reason...
483 */
484STATIC const char *
485xfs_vn_get_link(
486 struct dentry *dentry,
487 struct inode *inode,
488 struct delayed_call *done)
489{
490 char *link;
491 int error = -ENOMEM;
492
493 if (!dentry)
494 return ERR_PTR(-ECHILD);
495
496 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL);
497 if (!link)
498 goto out_err;
499
500 error = xfs_readlink(XFS_I(d_inode(dentry)), link);
501 if (unlikely(error))
502 goto out_kfree;
503
504 set_delayed_call(done, kfree_link, link);
505 return link;
506
507 out_kfree:
508 kfree(link);
509 out_err:
510 return ERR_PTR(error);
511}
512
513static uint32_t
514xfs_stat_blksize(
515 struct xfs_inode *ip)
516{
517 struct xfs_mount *mp = ip->i_mount;
518
519 /*
520 * If the file blocks are being allocated from a realtime volume, then
521 * always return the realtime extent size.
522 */
523 if (XFS_IS_REALTIME_INODE(ip))
524 return XFS_FSB_TO_B(mp, xfs_get_extsz_hint(ip));
525
526 /*
527 * Allow large block sizes to be reported to userspace programs if the
528 * "largeio" mount option is used.
529 *
530 * If compatibility mode is specified, simply return the basic unit of
531 * caching so that we don't get inefficient read/modify/write I/O from
532 * user apps. Otherwise....
533 *
534 * If the underlying volume is a stripe, then return the stripe width in
535 * bytes as the recommended I/O size. It is not a stripe and we've set a
536 * default buffered I/O size, return that, otherwise return the compat
537 * default.
538 */
539 if (xfs_has_large_iosize(mp)) {
540 if (mp->m_swidth)
541 return XFS_FSB_TO_B(mp, mp->m_swidth);
542 if (xfs_has_allocsize(mp))
543 return 1U << mp->m_allocsize_log;
544 }
545
546 return PAGE_SIZE;
547}
548
549STATIC int
550xfs_vn_getattr(
551 struct mnt_idmap *idmap,
552 const struct path *path,
553 struct kstat *stat,
554 u32 request_mask,
555 unsigned int query_flags)
556{
557 struct inode *inode = d_inode(path->dentry);
558 struct xfs_inode *ip = XFS_I(inode);
559 struct xfs_mount *mp = ip->i_mount;
560 vfsuid_t vfsuid = i_uid_into_vfsuid(idmap, inode);
561 vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode);
562
563 trace_xfs_getattr(ip);
564
565 if (xfs_is_shutdown(mp))
566 return -EIO;
567
568 stat->size = XFS_ISIZE(ip);
569 stat->dev = inode->i_sb->s_dev;
570 stat->mode = inode->i_mode;
571 stat->nlink = inode->i_nlink;
572 stat->uid = vfsuid_into_kuid(vfsuid);
573 stat->gid = vfsgid_into_kgid(vfsgid);
574 stat->ino = ip->i_ino;
575 stat->atime = inode_get_atime(inode);
576 stat->mtime = inode_get_mtime(inode);
577 stat->ctime = inode_get_ctime(inode);
578 stat->blocks = XFS_FSB_TO_BB(mp, ip->i_nblocks + ip->i_delayed_blks);
579
580 if (xfs_has_v3inodes(mp)) {
581 if (request_mask & STATX_BTIME) {
582 stat->result_mask |= STATX_BTIME;
583 stat->btime = ip->i_crtime;
584 }
585 }
586
587 if ((request_mask & STATX_CHANGE_COOKIE) && IS_I_VERSION(inode)) {
588 stat->change_cookie = inode_query_iversion(inode);
589 stat->result_mask |= STATX_CHANGE_COOKIE;
590 }
591
592 /*
593 * Note: If you add another clause to set an attribute flag, please
594 * update attributes_mask below.
595 */
596 if (ip->i_diflags & XFS_DIFLAG_IMMUTABLE)
597 stat->attributes |= STATX_ATTR_IMMUTABLE;
598 if (ip->i_diflags & XFS_DIFLAG_APPEND)
599 stat->attributes |= STATX_ATTR_APPEND;
600 if (ip->i_diflags & XFS_DIFLAG_NODUMP)
601 stat->attributes |= STATX_ATTR_NODUMP;
602
603 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE |
604 STATX_ATTR_APPEND |
605 STATX_ATTR_NODUMP);
606
607 switch (inode->i_mode & S_IFMT) {
608 case S_IFBLK:
609 case S_IFCHR:
610 stat->blksize = BLKDEV_IOSIZE;
611 stat->rdev = inode->i_rdev;
612 break;
613 case S_IFREG:
614 if (request_mask & STATX_DIOALIGN) {
615 struct xfs_buftarg *target = xfs_inode_buftarg(ip);
616 struct block_device *bdev = target->bt_bdev;
617
618 stat->result_mask |= STATX_DIOALIGN;
619 stat->dio_mem_align = bdev_dma_alignment(bdev) + 1;
620 stat->dio_offset_align = bdev_logical_block_size(bdev);
621 }
622 fallthrough;
623 default:
624 stat->blksize = xfs_stat_blksize(ip);
625 stat->rdev = 0;
626 break;
627 }
628
629 return 0;
630}
631
632static int
633xfs_vn_change_ok(
634 struct mnt_idmap *idmap,
635 struct dentry *dentry,
636 struct iattr *iattr)
637{
638 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount;
639
640 if (xfs_is_readonly(mp))
641 return -EROFS;
642
643 if (xfs_is_shutdown(mp))
644 return -EIO;
645
646 return setattr_prepare(idmap, dentry, iattr);
647}
648
649/*
650 * Set non-size attributes of an inode.
651 *
652 * Caution: The caller of this function is responsible for calling
653 * setattr_prepare() or otherwise verifying the change is fine.
654 */
655static int
656xfs_setattr_nonsize(
657 struct mnt_idmap *idmap,
658 struct dentry *dentry,
659 struct xfs_inode *ip,
660 struct iattr *iattr)
661{
662 xfs_mount_t *mp = ip->i_mount;
663 struct inode *inode = VFS_I(ip);
664 int mask = iattr->ia_valid;
665 xfs_trans_t *tp;
666 int error;
667 kuid_t uid = GLOBAL_ROOT_UID;
668 kgid_t gid = GLOBAL_ROOT_GID;
669 struct xfs_dquot *udqp = NULL, *gdqp = NULL;
670 struct xfs_dquot *old_udqp = NULL, *old_gdqp = NULL;
671
672 ASSERT((mask & ATTR_SIZE) == 0);
673
674 /*
675 * If disk quotas is on, we make sure that the dquots do exist on disk,
676 * before we start any other transactions. Trying to do this later
677 * is messy. We don't care to take a readlock to look at the ids
678 * in inode here, because we can't hold it across the trans_reserve.
679 * If the IDs do change before we take the ilock, we're covered
680 * because the i_*dquot fields will get updated anyway.
681 */
682 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) {
683 uint qflags = 0;
684
685 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) {
686 uid = from_vfsuid(idmap, i_user_ns(inode),
687 iattr->ia_vfsuid);
688 qflags |= XFS_QMOPT_UQUOTA;
689 } else {
690 uid = inode->i_uid;
691 }
692 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) {
693 gid = from_vfsgid(idmap, i_user_ns(inode),
694 iattr->ia_vfsgid);
695 qflags |= XFS_QMOPT_GQUOTA;
696 } else {
697 gid = inode->i_gid;
698 }
699
700 /*
701 * We take a reference when we initialize udqp and gdqp,
702 * so it is important that we never blindly double trip on
703 * the same variable. See xfs_create() for an example.
704 */
705 ASSERT(udqp == NULL);
706 ASSERT(gdqp == NULL);
707 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_projid,
708 qflags, &udqp, &gdqp, NULL);
709 if (error)
710 return error;
711 }
712
713 error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL,
714 has_capability_noaudit(current, CAP_FOWNER), &tp);
715 if (error)
716 goto out_dqrele;
717
718 /*
719 * Register quota modifications in the transaction. Must be the owner
720 * or privileged. These IDs could have changed since we last looked at
721 * them. But, we're assured that if the ownership did change while we
722 * didn't have the inode locked, inode's dquot(s) would have changed
723 * also.
724 */
725 if (XFS_IS_UQUOTA_ON(mp) &&
726 i_uid_needs_update(idmap, iattr, inode)) {
727 ASSERT(udqp);
728 old_udqp = xfs_qm_vop_chown(tp, ip, &ip->i_udquot, udqp);
729 }
730 if (XFS_IS_GQUOTA_ON(mp) &&
731 i_gid_needs_update(idmap, iattr, inode)) {
732 ASSERT(xfs_has_pquotino(mp) || !XFS_IS_PQUOTA_ON(mp));
733 ASSERT(gdqp);
734 old_gdqp = xfs_qm_vop_chown(tp, ip, &ip->i_gdquot, gdqp);
735 }
736
737 setattr_copy(idmap, inode, iattr);
738 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
739
740 XFS_STATS_INC(mp, xs_ig_attrchg);
741
742 if (xfs_has_wsync(mp))
743 xfs_trans_set_sync(tp);
744 error = xfs_trans_commit(tp);
745
746 /*
747 * Release any dquot(s) the inode had kept before chown.
748 */
749 xfs_qm_dqrele(old_udqp);
750 xfs_qm_dqrele(old_gdqp);
751 xfs_qm_dqrele(udqp);
752 xfs_qm_dqrele(gdqp);
753
754 if (error)
755 return error;
756
757 /*
758 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode
759 * update. We could avoid this with linked transactions
760 * and passing down the transaction pointer all the way
761 * to attr_set. No previous user of the generic
762 * Posix ACL code seems to care about this issue either.
763 */
764 if (mask & ATTR_MODE) {
765 error = posix_acl_chmod(idmap, dentry, inode->i_mode);
766 if (error)
767 return error;
768 }
769
770 return 0;
771
772out_dqrele:
773 xfs_qm_dqrele(udqp);
774 xfs_qm_dqrele(gdqp);
775 return error;
776}
777
778/*
779 * Truncate file. Must have write permission and not be a directory.
780 *
781 * Caution: The caller of this function is responsible for calling
782 * setattr_prepare() or otherwise verifying the change is fine.
783 */
784STATIC int
785xfs_setattr_size(
786 struct mnt_idmap *idmap,
787 struct dentry *dentry,
788 struct xfs_inode *ip,
789 struct iattr *iattr)
790{
791 struct xfs_mount *mp = ip->i_mount;
792 struct inode *inode = VFS_I(ip);
793 xfs_off_t oldsize, newsize;
794 struct xfs_trans *tp;
795 int error;
796 uint lock_flags = 0;
797 bool did_zeroing = false;
798
799 xfs_assert_ilocked(ip, XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL);
800 ASSERT(S_ISREG(inode->i_mode));
801 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET|
802 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0);
803
804 oldsize = inode->i_size;
805 newsize = iattr->ia_size;
806
807 /*
808 * Short circuit the truncate case for zero length files.
809 */
810 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) {
811 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME)))
812 return 0;
813
814 /*
815 * Use the regular setattr path to update the timestamps.
816 */
817 iattr->ia_valid &= ~ATTR_SIZE;
818 return xfs_setattr_nonsize(idmap, dentry, ip, iattr);
819 }
820
821 /*
822 * Make sure that the dquots are attached to the inode.
823 */
824 error = xfs_qm_dqattach(ip);
825 if (error)
826 return error;
827
828 /*
829 * Wait for all direct I/O to complete.
830 */
831 inode_dio_wait(inode);
832
833 /*
834 * File data changes must be complete before we start the transaction to
835 * modify the inode. This needs to be done before joining the inode to
836 * the transaction because the inode cannot be unlocked once it is a
837 * part of the transaction.
838 *
839 * Start with zeroing any data beyond EOF that we may expose on file
840 * extension, or zeroing out the rest of the block on a downward
841 * truncate.
842 */
843 if (newsize > oldsize) {
844 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize);
845 error = xfs_zero_range(ip, oldsize, newsize - oldsize,
846 &did_zeroing);
847 } else {
848 /*
849 * iomap won't detect a dirty page over an unwritten block (or a
850 * cow block over a hole) and subsequently skips zeroing the
851 * newly post-EOF portion of the page. Flush the new EOF to
852 * convert the block before the pagecache truncate.
853 */
854 error = filemap_write_and_wait_range(inode->i_mapping, newsize,
855 newsize);
856 if (error)
857 return error;
858 error = xfs_truncate_page(ip, newsize, &did_zeroing);
859 }
860
861 if (error)
862 return error;
863
864 /*
865 * We've already locked out new page faults, so now we can safely remove
866 * pages from the page cache knowing they won't get refaulted until we
867 * drop the XFS_MMAP_EXCL lock after the extent manipulations are
868 * complete. The truncate_setsize() call also cleans partial EOF page
869 * PTEs on extending truncates and hence ensures sub-page block size
870 * filesystems are correctly handled, too.
871 *
872 * We have to do all the page cache truncate work outside the
873 * transaction context as the "lock" order is page lock->log space
874 * reservation as defined by extent allocation in the writeback path.
875 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but
876 * having already truncated the in-memory version of the file (i.e. made
877 * user visible changes). There's not much we can do about this, except
878 * to hope that the caller sees ENOMEM and retries the truncate
879 * operation.
880 *
881 * And we update in-core i_size and truncate page cache beyond newsize
882 * before writeback the [i_disk_size, newsize] range, so we're
883 * guaranteed not to write stale data past the new EOF on truncate down.
884 */
885 truncate_setsize(inode, newsize);
886
887 /*
888 * We are going to log the inode size change in this transaction so
889 * any previous writes that are beyond the on disk EOF and the new
890 * EOF that have not been written out need to be written here. If we
891 * do not write the data out, we expose ourselves to the null files
892 * problem. Note that this includes any block zeroing we did above;
893 * otherwise those blocks may not be zeroed after a crash.
894 */
895 if (did_zeroing ||
896 (newsize > ip->i_disk_size && oldsize != ip->i_disk_size)) {
897 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping,
898 ip->i_disk_size, newsize - 1);
899 if (error)
900 return error;
901 }
902
903 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp);
904 if (error)
905 return error;
906
907 lock_flags |= XFS_ILOCK_EXCL;
908 xfs_ilock(ip, XFS_ILOCK_EXCL);
909 xfs_trans_ijoin(tp, ip, 0);
910
911 /*
912 * Only change the c/mtime if we are changing the size or we are
913 * explicitly asked to change it. This handles the semantic difference
914 * between truncate() and ftruncate() as implemented in the VFS.
915 *
916 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a
917 * special case where we need to update the times despite not having
918 * these flags set. For all other operations the VFS set these flags
919 * explicitly if it wants a timestamp update.
920 */
921 if (newsize != oldsize &&
922 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) {
923 iattr->ia_ctime = iattr->ia_mtime =
924 current_time(inode);
925 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME;
926 }
927
928 /*
929 * The first thing we do is set the size to new_size permanently on
930 * disk. This way we don't have to worry about anyone ever being able
931 * to look at the data being freed even in the face of a crash.
932 * What we're getting around here is the case where we free a block, it
933 * is allocated to another file, it is written to, and then we crash.
934 * If the new data gets written to the file but the log buffers
935 * containing the free and reallocation don't, then we'd end up with
936 * garbage in the blocks being freed. As long as we make the new size
937 * permanent before actually freeing any blocks it doesn't matter if
938 * they get written to.
939 */
940 ip->i_disk_size = newsize;
941 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
942
943 if (newsize <= oldsize) {
944 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize);
945 if (error)
946 goto out_trans_cancel;
947
948 /*
949 * Truncated "down", so we're removing references to old data
950 * here - if we delay flushing for a long time, we expose
951 * ourselves unduly to the notorious NULL files problem. So,
952 * we mark this inode and flush it when the file is closed,
953 * and do not wait the usual (long) time for writeout.
954 */
955 xfs_iflags_set(ip, XFS_ITRUNCATED);
956
957 /* A truncate down always removes post-EOF blocks. */
958 xfs_inode_clear_eofblocks_tag(ip);
959 }
960
961 ASSERT(!(iattr->ia_valid & (ATTR_UID | ATTR_GID)));
962 setattr_copy(idmap, inode, iattr);
963 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
964
965 XFS_STATS_INC(mp, xs_ig_attrchg);
966
967 if (xfs_has_wsync(mp))
968 xfs_trans_set_sync(tp);
969
970 error = xfs_trans_commit(tp);
971out_unlock:
972 if (lock_flags)
973 xfs_iunlock(ip, lock_flags);
974 return error;
975
976out_trans_cancel:
977 xfs_trans_cancel(tp);
978 goto out_unlock;
979}
980
981int
982xfs_vn_setattr_size(
983 struct mnt_idmap *idmap,
984 struct dentry *dentry,
985 struct iattr *iattr)
986{
987 struct xfs_inode *ip = XFS_I(d_inode(dentry));
988 int error;
989
990 trace_xfs_setattr(ip);
991
992 error = xfs_vn_change_ok(idmap, dentry, iattr);
993 if (error)
994 return error;
995 return xfs_setattr_size(idmap, dentry, ip, iattr);
996}
997
998STATIC int
999xfs_vn_setattr(
1000 struct mnt_idmap *idmap,
1001 struct dentry *dentry,
1002 struct iattr *iattr)
1003{
1004 struct inode *inode = d_inode(dentry);
1005 struct xfs_inode *ip = XFS_I(inode);
1006 int error;
1007
1008 if (iattr->ia_valid & ATTR_SIZE) {
1009 uint iolock;
1010
1011 xfs_ilock(ip, XFS_MMAPLOCK_EXCL);
1012 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL;
1013
1014 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP);
1015 if (error) {
1016 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1017 return error;
1018 }
1019
1020 error = xfs_vn_setattr_size(idmap, dentry, iattr);
1021 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1022 } else {
1023 trace_xfs_setattr(ip);
1024
1025 error = xfs_vn_change_ok(idmap, dentry, iattr);
1026 if (!error)
1027 error = xfs_setattr_nonsize(idmap, dentry, ip, iattr);
1028 }
1029
1030 return error;
1031}
1032
1033STATIC int
1034xfs_vn_update_time(
1035 struct inode *inode,
1036 int flags)
1037{
1038 struct xfs_inode *ip = XFS_I(inode);
1039 struct xfs_mount *mp = ip->i_mount;
1040 int log_flags = XFS_ILOG_TIMESTAMP;
1041 struct xfs_trans *tp;
1042 int error;
1043 struct timespec64 now;
1044
1045 trace_xfs_update_time(ip);
1046
1047 if (inode->i_sb->s_flags & SB_LAZYTIME) {
1048 if (!((flags & S_VERSION) &&
1049 inode_maybe_inc_iversion(inode, false))) {
1050 generic_update_time(inode, flags);
1051 return 0;
1052 }
1053
1054 /* Capture the iversion update that just occurred */
1055 log_flags |= XFS_ILOG_CORE;
1056 }
1057
1058 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp);
1059 if (error)
1060 return error;
1061
1062 xfs_ilock(ip, XFS_ILOCK_EXCL);
1063 if (flags & (S_CTIME|S_MTIME))
1064 now = inode_set_ctime_current(inode);
1065 else
1066 now = current_time(inode);
1067
1068 if (flags & S_MTIME)
1069 inode_set_mtime_to_ts(inode, now);
1070 if (flags & S_ATIME)
1071 inode_set_atime_to_ts(inode, now);
1072
1073 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
1074 xfs_trans_log_inode(tp, ip, log_flags);
1075 return xfs_trans_commit(tp);
1076}
1077
1078STATIC int
1079xfs_vn_fiemap(
1080 struct inode *inode,
1081 struct fiemap_extent_info *fieinfo,
1082 u64 start,
1083 u64 length)
1084{
1085 int error;
1086
1087 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED);
1088 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) {
1089 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR;
1090 error = iomap_fiemap(inode, fieinfo, start, length,
1091 &xfs_xattr_iomap_ops);
1092 } else {
1093 error = iomap_fiemap(inode, fieinfo, start, length,
1094 &xfs_read_iomap_ops);
1095 }
1096 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED);
1097
1098 return error;
1099}
1100
1101STATIC int
1102xfs_vn_tmpfile(
1103 struct mnt_idmap *idmap,
1104 struct inode *dir,
1105 struct file *file,
1106 umode_t mode)
1107{
1108 int err = xfs_generic_create(idmap, dir, file->f_path.dentry, mode, 0, file);
1109
1110 return finish_open_simple(file, err);
1111}
1112
1113static const struct inode_operations xfs_inode_operations = {
1114 .get_inode_acl = xfs_get_acl,
1115 .set_acl = xfs_set_acl,
1116 .getattr = xfs_vn_getattr,
1117 .setattr = xfs_vn_setattr,
1118 .listxattr = xfs_vn_listxattr,
1119 .fiemap = xfs_vn_fiemap,
1120 .update_time = xfs_vn_update_time,
1121 .fileattr_get = xfs_fileattr_get,
1122 .fileattr_set = xfs_fileattr_set,
1123};
1124
1125static const struct inode_operations xfs_dir_inode_operations = {
1126 .create = xfs_vn_create,
1127 .lookup = xfs_vn_lookup,
1128 .link = xfs_vn_link,
1129 .unlink = xfs_vn_unlink,
1130 .symlink = xfs_vn_symlink,
1131 .mkdir = xfs_vn_mkdir,
1132 /*
1133 * Yes, XFS uses the same method for rmdir and unlink.
1134 *
1135 * There are some subtile differences deeper in the code,
1136 * but we use S_ISDIR to check for those.
1137 */
1138 .rmdir = xfs_vn_unlink,
1139 .mknod = xfs_vn_mknod,
1140 .rename = xfs_vn_rename,
1141 .get_inode_acl = xfs_get_acl,
1142 .set_acl = xfs_set_acl,
1143 .getattr = xfs_vn_getattr,
1144 .setattr = xfs_vn_setattr,
1145 .listxattr = xfs_vn_listxattr,
1146 .update_time = xfs_vn_update_time,
1147 .tmpfile = xfs_vn_tmpfile,
1148 .fileattr_get = xfs_fileattr_get,
1149 .fileattr_set = xfs_fileattr_set,
1150};
1151
1152static const struct inode_operations xfs_dir_ci_inode_operations = {
1153 .create = xfs_vn_create,
1154 .lookup = xfs_vn_ci_lookup,
1155 .link = xfs_vn_link,
1156 .unlink = xfs_vn_unlink,
1157 .symlink = xfs_vn_symlink,
1158 .mkdir = xfs_vn_mkdir,
1159 /*
1160 * Yes, XFS uses the same method for rmdir and unlink.
1161 *
1162 * There are some subtile differences deeper in the code,
1163 * but we use S_ISDIR to check for those.
1164 */
1165 .rmdir = xfs_vn_unlink,
1166 .mknod = xfs_vn_mknod,
1167 .rename = xfs_vn_rename,
1168 .get_inode_acl = xfs_get_acl,
1169 .set_acl = xfs_set_acl,
1170 .getattr = xfs_vn_getattr,
1171 .setattr = xfs_vn_setattr,
1172 .listxattr = xfs_vn_listxattr,
1173 .update_time = xfs_vn_update_time,
1174 .tmpfile = xfs_vn_tmpfile,
1175 .fileattr_get = xfs_fileattr_get,
1176 .fileattr_set = xfs_fileattr_set,
1177};
1178
1179static const struct inode_operations xfs_symlink_inode_operations = {
1180 .get_link = xfs_vn_get_link,
1181 .getattr = xfs_vn_getattr,
1182 .setattr = xfs_vn_setattr,
1183 .listxattr = xfs_vn_listxattr,
1184 .update_time = xfs_vn_update_time,
1185};
1186
1187/* Figure out if this file actually supports DAX. */
1188static bool
1189xfs_inode_supports_dax(
1190 struct xfs_inode *ip)
1191{
1192 struct xfs_mount *mp = ip->i_mount;
1193
1194 /* Only supported on regular files. */
1195 if (!S_ISREG(VFS_I(ip)->i_mode))
1196 return false;
1197
1198 /* Block size must match page size */
1199 if (mp->m_sb.sb_blocksize != PAGE_SIZE)
1200 return false;
1201
1202 /* Device has to support DAX too. */
1203 return xfs_inode_buftarg(ip)->bt_daxdev != NULL;
1204}
1205
1206static bool
1207xfs_inode_should_enable_dax(
1208 struct xfs_inode *ip)
1209{
1210 if (!IS_ENABLED(CONFIG_FS_DAX))
1211 return false;
1212 if (xfs_has_dax_never(ip->i_mount))
1213 return false;
1214 if (!xfs_inode_supports_dax(ip))
1215 return false;
1216 if (xfs_has_dax_always(ip->i_mount))
1217 return true;
1218 if (ip->i_diflags2 & XFS_DIFLAG2_DAX)
1219 return true;
1220 return false;
1221}
1222
1223void
1224xfs_diflags_to_iflags(
1225 struct xfs_inode *ip,
1226 bool init)
1227{
1228 struct inode *inode = VFS_I(ip);
1229 unsigned int xflags = xfs_ip2xflags(ip);
1230 unsigned int flags = 0;
1231
1232 ASSERT(!(IS_DAX(inode) && init));
1233
1234 if (xflags & FS_XFLAG_IMMUTABLE)
1235 flags |= S_IMMUTABLE;
1236 if (xflags & FS_XFLAG_APPEND)
1237 flags |= S_APPEND;
1238 if (xflags & FS_XFLAG_SYNC)
1239 flags |= S_SYNC;
1240 if (xflags & FS_XFLAG_NOATIME)
1241 flags |= S_NOATIME;
1242 if (init && xfs_inode_should_enable_dax(ip))
1243 flags |= S_DAX;
1244
1245 /*
1246 * S_DAX can only be set during inode initialization and is never set by
1247 * the VFS, so we cannot mask off S_DAX in i_flags.
1248 */
1249 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME);
1250 inode->i_flags |= flags;
1251}
1252
1253/*
1254 * Initialize the Linux inode.
1255 *
1256 * When reading existing inodes from disk this is called directly from xfs_iget,
1257 * when creating a new inode it is called from xfs_init_new_inode after setting
1258 * up the inode. These callers have different criteria for clearing XFS_INEW, so
1259 * leave it up to the caller to deal with unlocking the inode appropriately.
1260 */
1261void
1262xfs_setup_inode(
1263 struct xfs_inode *ip)
1264{
1265 struct inode *inode = &ip->i_vnode;
1266 gfp_t gfp_mask;
1267
1268 inode->i_ino = ip->i_ino;
1269 inode->i_state |= I_NEW;
1270
1271 inode_sb_list_add(inode);
1272 /* make the inode look hashed for the writeback code */
1273 inode_fake_hash(inode);
1274
1275 i_size_write(inode, ip->i_disk_size);
1276 xfs_diflags_to_iflags(ip, true);
1277
1278 if (S_ISDIR(inode->i_mode)) {
1279 /*
1280 * We set the i_rwsem class here to avoid potential races with
1281 * lockdep_annotate_inode_mutex_key() reinitialising the lock
1282 * after a filehandle lookup has already found the inode in
1283 * cache before it has been unlocked via unlock_new_inode().
1284 */
1285 lockdep_set_class(&inode->i_rwsem,
1286 &inode->i_sb->s_type->i_mutex_dir_key);
1287 lockdep_set_class(&ip->i_lock, &xfs_dir_ilock_class);
1288 } else {
1289 lockdep_set_class(&ip->i_lock, &xfs_nondir_ilock_class);
1290 }
1291
1292 /*
1293 * Ensure all page cache allocations are done from GFP_NOFS context to
1294 * prevent direct reclaim recursion back into the filesystem and blowing
1295 * stacks or deadlocking.
1296 */
1297 gfp_mask = mapping_gfp_mask(inode->i_mapping);
1298 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS)));
1299
1300 /*
1301 * For real-time inodes update the stable write flags to that of the RT
1302 * device instead of the data device.
1303 */
1304 if (S_ISREG(inode->i_mode) && XFS_IS_REALTIME_INODE(ip))
1305 xfs_update_stable_writes(ip);
1306
1307 /*
1308 * If there is no attribute fork no ACL can exist on this inode,
1309 * and it can't have any file capabilities attached to it either.
1310 */
1311 if (!xfs_inode_has_attr_fork(ip)) {
1312 inode_has_no_xattr(inode);
1313 cache_no_acl(inode);
1314 }
1315}
1316
1317void
1318xfs_setup_iops(
1319 struct xfs_inode *ip)
1320{
1321 struct inode *inode = &ip->i_vnode;
1322
1323 switch (inode->i_mode & S_IFMT) {
1324 case S_IFREG:
1325 inode->i_op = &xfs_inode_operations;
1326 inode->i_fop = &xfs_file_operations;
1327 if (IS_DAX(inode))
1328 inode->i_mapping->a_ops = &xfs_dax_aops;
1329 else
1330 inode->i_mapping->a_ops = &xfs_address_space_operations;
1331 break;
1332 case S_IFDIR:
1333 if (xfs_has_asciici(XFS_M(inode->i_sb)))
1334 inode->i_op = &xfs_dir_ci_inode_operations;
1335 else
1336 inode->i_op = &xfs_dir_inode_operations;
1337 inode->i_fop = &xfs_dir_file_operations;
1338 break;
1339 case S_IFLNK:
1340 inode->i_op = &xfs_symlink_inode_operations;
1341 break;
1342 default:
1343 inode->i_op = &xfs_inode_operations;
1344 init_special_inode(inode, inode->i_mode, inode->i_rdev);
1345 break;
1346 }
1347}
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6#include "xfs.h"
7#include "xfs_fs.h"
8#include "xfs_shared.h"
9#include "xfs_format.h"
10#include "xfs_log_format.h"
11#include "xfs_trans_resv.h"
12#include "xfs_mount.h"
13#include "xfs_inode.h"
14#include "xfs_acl.h"
15#include "xfs_quota.h"
16#include "xfs_da_format.h"
17#include "xfs_da_btree.h"
18#include "xfs_attr.h"
19#include "xfs_trans.h"
20#include "xfs_trans_space.h"
21#include "xfs_bmap_btree.h"
22#include "xfs_trace.h"
23#include "xfs_icache.h"
24#include "xfs_symlink.h"
25#include "xfs_dir2.h"
26#include "xfs_iomap.h"
27#include "xfs_error.h"
28#include "xfs_ioctl.h"
29#include "xfs_xattr.h"
30#include "xfs_file.h"
31#include "xfs_bmap.h"
32
33#include <linux/posix_acl.h>
34#include <linux/security.h>
35#include <linux/iversion.h>
36#include <linux/fiemap.h>
37
38/*
39 * Directories have different lock order w.r.t. mmap_lock compared to regular
40 * files. This is due to readdir potentially triggering page faults on a user
41 * buffer inside filldir(), and this happens with the ilock on the directory
42 * held. For regular files, the lock order is the other way around - the
43 * mmap_lock is taken during the page fault, and then we lock the ilock to do
44 * block mapping. Hence we need a different class for the directory ilock so
45 * that lockdep can tell them apart. Directories in the metadata directory
46 * tree get a separate class so that lockdep reports will warn us if someone
47 * ever tries to lock regular directories after locking metadata directories.
48 */
49static struct lock_class_key xfs_nondir_ilock_class;
50static struct lock_class_key xfs_dir_ilock_class;
51
52static int
53xfs_initxattrs(
54 struct inode *inode,
55 const struct xattr *xattr_array,
56 void *fs_info)
57{
58 const struct xattr *xattr;
59 struct xfs_inode *ip = XFS_I(inode);
60 int error = 0;
61
62 for (xattr = xattr_array; xattr->name != NULL; xattr++) {
63 struct xfs_da_args args = {
64 .dp = ip,
65 .attr_filter = XFS_ATTR_SECURE,
66 .name = xattr->name,
67 .namelen = strlen(xattr->name),
68 .value = xattr->value,
69 .valuelen = xattr->value_len,
70 };
71 error = xfs_attr_change(&args, XFS_ATTRUPDATE_UPSERT);
72 if (error < 0)
73 break;
74 }
75 return error;
76}
77
78/*
79 * Hook in SELinux. This is not quite correct yet, what we really need
80 * here (as we do for default ACLs) is a mechanism by which creation of
81 * these attrs can be journalled at inode creation time (along with the
82 * inode, of course, such that log replay can't cause these to be lost).
83 */
84int
85xfs_inode_init_security(
86 struct inode *inode,
87 struct inode *dir,
88 const struct qstr *qstr)
89{
90 return security_inode_init_security(inode, dir, qstr,
91 &xfs_initxattrs, NULL);
92}
93
94static void
95xfs_dentry_to_name(
96 struct xfs_name *namep,
97 struct dentry *dentry)
98{
99 namep->name = dentry->d_name.name;
100 namep->len = dentry->d_name.len;
101 namep->type = XFS_DIR3_FT_UNKNOWN;
102}
103
104static int
105xfs_dentry_mode_to_name(
106 struct xfs_name *namep,
107 struct dentry *dentry,
108 int mode)
109{
110 namep->name = dentry->d_name.name;
111 namep->len = dentry->d_name.len;
112 namep->type = xfs_mode_to_ftype(mode);
113
114 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN))
115 return -EFSCORRUPTED;
116
117 return 0;
118}
119
120STATIC void
121xfs_cleanup_inode(
122 struct inode *dir,
123 struct inode *inode,
124 struct dentry *dentry)
125{
126 struct xfs_name teardown;
127
128 /* Oh, the horror.
129 * If we can't add the ACL or we fail in
130 * xfs_inode_init_security we must back out.
131 * ENOSPC can hit here, among other things.
132 */
133 xfs_dentry_to_name(&teardown, dentry);
134
135 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode));
136}
137
138/*
139 * Check to see if we are likely to need an extended attribute to be added to
140 * the inode we are about to allocate. This allows the attribute fork to be
141 * created during the inode allocation, reducing the number of transactions we
142 * need to do in this fast path.
143 *
144 * The security checks are optimistic, but not guaranteed. The two LSMs that
145 * require xattrs to be added here (selinux and smack) are also the only two
146 * LSMs that add a sb->s_security structure to the superblock. Hence if security
147 * is enabled and sb->s_security is set, we have a pretty good idea that we are
148 * going to be asked to add a security xattr immediately after allocating the
149 * xfs inode and instantiating the VFS inode.
150 */
151static inline bool
152xfs_create_need_xattr(
153 struct inode *dir,
154 struct posix_acl *default_acl,
155 struct posix_acl *acl)
156{
157 if (acl)
158 return true;
159 if (default_acl)
160 return true;
161#if IS_ENABLED(CONFIG_SECURITY)
162 if (dir->i_sb->s_security)
163 return true;
164#endif
165 return false;
166}
167
168
169STATIC int
170xfs_generic_create(
171 struct mnt_idmap *idmap,
172 struct inode *dir,
173 struct dentry *dentry,
174 umode_t mode,
175 dev_t rdev,
176 struct file *tmpfile) /* unnamed file */
177{
178 struct xfs_icreate_args args = {
179 .idmap = idmap,
180 .pip = XFS_I(dir),
181 .rdev = rdev,
182 .mode = mode,
183 };
184 struct inode *inode;
185 struct xfs_inode *ip = NULL;
186 struct posix_acl *default_acl, *acl;
187 struct xfs_name name;
188 int error;
189
190 /*
191 * Irix uses Missed'em'V split, but doesn't want to see
192 * the upper 5 bits of (14bit) major.
193 */
194 if (S_ISCHR(args.mode) || S_ISBLK(args.mode)) {
195 if (unlikely(!sysv_valid_dev(args.rdev) ||
196 MAJOR(args.rdev) & ~0x1ff))
197 return -EINVAL;
198 } else {
199 args.rdev = 0;
200 }
201
202 error = posix_acl_create(dir, &args.mode, &default_acl, &acl);
203 if (error)
204 return error;
205
206 /* Verify mode is valid also for tmpfile case */
207 error = xfs_dentry_mode_to_name(&name, dentry, args.mode);
208 if (unlikely(error))
209 goto out_free_acl;
210
211 if (!tmpfile) {
212 if (xfs_create_need_xattr(dir, default_acl, acl))
213 args.flags |= XFS_ICREATE_INIT_XATTRS;
214
215 error = xfs_create(&args, &name, &ip);
216 } else {
217 args.flags |= XFS_ICREATE_TMPFILE;
218
219 /*
220 * If this temporary file will not be linkable, don't bother
221 * creating an attr fork to receive a parent pointer.
222 */
223 if (tmpfile->f_flags & O_EXCL)
224 args.flags |= XFS_ICREATE_UNLINKABLE;
225
226 error = xfs_create_tmpfile(&args, &ip);
227 }
228 if (unlikely(error))
229 goto out_free_acl;
230
231 inode = VFS_I(ip);
232
233 error = xfs_inode_init_security(inode, dir, &dentry->d_name);
234 if (unlikely(error))
235 goto out_cleanup_inode;
236
237 if (default_acl) {
238 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
239 if (error)
240 goto out_cleanup_inode;
241 }
242 if (acl) {
243 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
244 if (error)
245 goto out_cleanup_inode;
246 }
247
248 xfs_setup_iops(ip);
249
250 if (tmpfile) {
251 /*
252 * The VFS requires that any inode fed to d_tmpfile must have
253 * nlink == 1 so that it can decrement the nlink in d_tmpfile.
254 * However, we created the temp file with nlink == 0 because
255 * we're not allowed to put an inode with nlink > 0 on the
256 * unlinked list. Therefore we have to set nlink to 1 so that
257 * d_tmpfile can immediately set it back to zero.
258 */
259 set_nlink(inode, 1);
260 d_tmpfile(tmpfile, inode);
261 } else
262 d_instantiate(dentry, inode);
263
264 xfs_finish_inode_setup(ip);
265
266 out_free_acl:
267 posix_acl_release(default_acl);
268 posix_acl_release(acl);
269 return error;
270
271 out_cleanup_inode:
272 xfs_finish_inode_setup(ip);
273 if (!tmpfile)
274 xfs_cleanup_inode(dir, inode, dentry);
275 xfs_irele(ip);
276 goto out_free_acl;
277}
278
279STATIC int
280xfs_vn_mknod(
281 struct mnt_idmap *idmap,
282 struct inode *dir,
283 struct dentry *dentry,
284 umode_t mode,
285 dev_t rdev)
286{
287 return xfs_generic_create(idmap, dir, dentry, mode, rdev, NULL);
288}
289
290STATIC int
291xfs_vn_create(
292 struct mnt_idmap *idmap,
293 struct inode *dir,
294 struct dentry *dentry,
295 umode_t mode,
296 bool flags)
297{
298 return xfs_generic_create(idmap, dir, dentry, mode, 0, NULL);
299}
300
301STATIC int
302xfs_vn_mkdir(
303 struct mnt_idmap *idmap,
304 struct inode *dir,
305 struct dentry *dentry,
306 umode_t mode)
307{
308 return xfs_generic_create(idmap, dir, dentry, mode | S_IFDIR, 0, NULL);
309}
310
311STATIC struct dentry *
312xfs_vn_lookup(
313 struct inode *dir,
314 struct dentry *dentry,
315 unsigned int flags)
316{
317 struct inode *inode;
318 struct xfs_inode *cip;
319 struct xfs_name name;
320 int error;
321
322 if (dentry->d_name.len >= MAXNAMELEN)
323 return ERR_PTR(-ENAMETOOLONG);
324
325 xfs_dentry_to_name(&name, dentry);
326 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL);
327 if (likely(!error))
328 inode = VFS_I(cip);
329 else if (likely(error == -ENOENT))
330 inode = NULL;
331 else
332 inode = ERR_PTR(error);
333 return d_splice_alias(inode, dentry);
334}
335
336STATIC struct dentry *
337xfs_vn_ci_lookup(
338 struct inode *dir,
339 struct dentry *dentry,
340 unsigned int flags)
341{
342 struct xfs_inode *ip;
343 struct xfs_name xname;
344 struct xfs_name ci_name;
345 struct qstr dname;
346 int error;
347
348 if (dentry->d_name.len >= MAXNAMELEN)
349 return ERR_PTR(-ENAMETOOLONG);
350
351 xfs_dentry_to_name(&xname, dentry);
352 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name);
353 if (unlikely(error)) {
354 if (unlikely(error != -ENOENT))
355 return ERR_PTR(error);
356 /*
357 * call d_add(dentry, NULL) here when d_drop_negative_children
358 * is called in xfs_vn_mknod (ie. allow negative dentries
359 * with CI filesystems).
360 */
361 return NULL;
362 }
363
364 /* if exact match, just splice and exit */
365 if (!ci_name.name)
366 return d_splice_alias(VFS_I(ip), dentry);
367
368 /* else case-insensitive match... */
369 dname.name = ci_name.name;
370 dname.len = ci_name.len;
371 dentry = d_add_ci(dentry, VFS_I(ip), &dname);
372 kfree(ci_name.name);
373 return dentry;
374}
375
376STATIC int
377xfs_vn_link(
378 struct dentry *old_dentry,
379 struct inode *dir,
380 struct dentry *dentry)
381{
382 struct inode *inode = d_inode(old_dentry);
383 struct xfs_name name;
384 int error;
385
386 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode);
387 if (unlikely(error))
388 return error;
389
390 if (IS_PRIVATE(inode))
391 return -EPERM;
392
393 error = xfs_link(XFS_I(dir), XFS_I(inode), &name);
394 if (unlikely(error))
395 return error;
396
397 ihold(inode);
398 d_instantiate(dentry, inode);
399 return 0;
400}
401
402STATIC int
403xfs_vn_unlink(
404 struct inode *dir,
405 struct dentry *dentry)
406{
407 struct xfs_name name;
408 int error;
409
410 xfs_dentry_to_name(&name, dentry);
411
412 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry)));
413 if (error)
414 return error;
415
416 /*
417 * With unlink, the VFS makes the dentry "negative": no inode,
418 * but still hashed. This is incompatible with case-insensitive
419 * mode, so invalidate (unhash) the dentry in CI-mode.
420 */
421 if (xfs_has_asciici(XFS_M(dir->i_sb)))
422 d_invalidate(dentry);
423 return 0;
424}
425
426STATIC int
427xfs_vn_symlink(
428 struct mnt_idmap *idmap,
429 struct inode *dir,
430 struct dentry *dentry,
431 const char *symname)
432{
433 struct inode *inode;
434 struct xfs_inode *cip = NULL;
435 struct xfs_name name;
436 int error;
437 umode_t mode;
438
439 mode = S_IFLNK |
440 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO);
441 error = xfs_dentry_mode_to_name(&name, dentry, mode);
442 if (unlikely(error))
443 goto out;
444
445 error = xfs_symlink(idmap, XFS_I(dir), &name, symname, mode, &cip);
446 if (unlikely(error))
447 goto out;
448
449 inode = VFS_I(cip);
450
451 error = xfs_inode_init_security(inode, dir, &dentry->d_name);
452 if (unlikely(error))
453 goto out_cleanup_inode;
454
455 xfs_setup_iops(cip);
456
457 d_instantiate(dentry, inode);
458 xfs_finish_inode_setup(cip);
459 return 0;
460
461 out_cleanup_inode:
462 xfs_finish_inode_setup(cip);
463 xfs_cleanup_inode(dir, inode, dentry);
464 xfs_irele(cip);
465 out:
466 return error;
467}
468
469STATIC int
470xfs_vn_rename(
471 struct mnt_idmap *idmap,
472 struct inode *odir,
473 struct dentry *odentry,
474 struct inode *ndir,
475 struct dentry *ndentry,
476 unsigned int flags)
477{
478 struct inode *new_inode = d_inode(ndentry);
479 int omode = 0;
480 int error;
481 struct xfs_name oname;
482 struct xfs_name nname;
483
484 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
485 return -EINVAL;
486
487 /* if we are exchanging files, we need to set i_mode of both files */
488 if (flags & RENAME_EXCHANGE)
489 omode = d_inode(ndentry)->i_mode;
490
491 error = xfs_dentry_mode_to_name(&oname, odentry, omode);
492 if (omode && unlikely(error))
493 return error;
494
495 error = xfs_dentry_mode_to_name(&nname, ndentry,
496 d_inode(odentry)->i_mode);
497 if (unlikely(error))
498 return error;
499
500 return xfs_rename(idmap, XFS_I(odir), &oname,
501 XFS_I(d_inode(odentry)), XFS_I(ndir), &nname,
502 new_inode ? XFS_I(new_inode) : NULL, flags);
503}
504
505/*
506 * careful here - this function can get called recursively, so
507 * we need to be very careful about how much stack we use.
508 * uio is kmalloced for this reason...
509 */
510STATIC const char *
511xfs_vn_get_link(
512 struct dentry *dentry,
513 struct inode *inode,
514 struct delayed_call *done)
515{
516 char *link;
517 int error = -ENOMEM;
518
519 if (!dentry)
520 return ERR_PTR(-ECHILD);
521
522 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL);
523 if (!link)
524 goto out_err;
525
526 error = xfs_readlink(XFS_I(d_inode(dentry)), link);
527 if (unlikely(error))
528 goto out_kfree;
529
530 set_delayed_call(done, kfree_link, link);
531 return link;
532
533 out_kfree:
534 kfree(link);
535 out_err:
536 return ERR_PTR(error);
537}
538
539static uint32_t
540xfs_stat_blksize(
541 struct xfs_inode *ip)
542{
543 struct xfs_mount *mp = ip->i_mount;
544
545 /*
546 * If the file blocks are being allocated from a realtime volume, then
547 * always return the realtime extent size.
548 */
549 if (XFS_IS_REALTIME_INODE(ip))
550 return XFS_FSB_TO_B(mp, xfs_get_extsz_hint(ip) ? : 1);
551
552 /*
553 * Allow large block sizes to be reported to userspace programs if the
554 * "largeio" mount option is used.
555 *
556 * If compatibility mode is specified, simply return the basic unit of
557 * caching so that we don't get inefficient read/modify/write I/O from
558 * user apps. Otherwise....
559 *
560 * If the underlying volume is a stripe, then return the stripe width in
561 * bytes as the recommended I/O size. It is not a stripe and we've set a
562 * default buffered I/O size, return that, otherwise return the compat
563 * default.
564 */
565 if (xfs_has_large_iosize(mp)) {
566 if (mp->m_swidth)
567 return XFS_FSB_TO_B(mp, mp->m_swidth);
568 if (xfs_has_allocsize(mp))
569 return 1U << mp->m_allocsize_log;
570 }
571
572 return max_t(uint32_t, PAGE_SIZE, mp->m_sb.sb_blocksize);
573}
574
575static void
576xfs_get_atomic_write_attr(
577 struct xfs_inode *ip,
578 unsigned int *unit_min,
579 unsigned int *unit_max)
580{
581 if (!xfs_inode_can_atomicwrite(ip)) {
582 *unit_min = *unit_max = 0;
583 return;
584 }
585
586 *unit_min = *unit_max = ip->i_mount->m_sb.sb_blocksize;
587}
588
589STATIC int
590xfs_vn_getattr(
591 struct mnt_idmap *idmap,
592 const struct path *path,
593 struct kstat *stat,
594 u32 request_mask,
595 unsigned int query_flags)
596{
597 struct inode *inode = d_inode(path->dentry);
598 struct xfs_inode *ip = XFS_I(inode);
599 struct xfs_mount *mp = ip->i_mount;
600 vfsuid_t vfsuid = i_uid_into_vfsuid(idmap, inode);
601 vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode);
602
603 trace_xfs_getattr(ip);
604
605 if (xfs_is_shutdown(mp))
606 return -EIO;
607
608 stat->size = XFS_ISIZE(ip);
609 stat->dev = inode->i_sb->s_dev;
610 stat->mode = inode->i_mode;
611 stat->nlink = inode->i_nlink;
612 stat->uid = vfsuid_into_kuid(vfsuid);
613 stat->gid = vfsgid_into_kgid(vfsgid);
614 stat->ino = ip->i_ino;
615 stat->atime = inode_get_atime(inode);
616
617 fill_mg_cmtime(stat, request_mask, inode);
618
619 stat->blocks = XFS_FSB_TO_BB(mp, ip->i_nblocks + ip->i_delayed_blks);
620
621 if (xfs_has_v3inodes(mp)) {
622 if (request_mask & STATX_BTIME) {
623 stat->result_mask |= STATX_BTIME;
624 stat->btime = ip->i_crtime;
625 }
626 }
627
628 /*
629 * Note: If you add another clause to set an attribute flag, please
630 * update attributes_mask below.
631 */
632 if (ip->i_diflags & XFS_DIFLAG_IMMUTABLE)
633 stat->attributes |= STATX_ATTR_IMMUTABLE;
634 if (ip->i_diflags & XFS_DIFLAG_APPEND)
635 stat->attributes |= STATX_ATTR_APPEND;
636 if (ip->i_diflags & XFS_DIFLAG_NODUMP)
637 stat->attributes |= STATX_ATTR_NODUMP;
638
639 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE |
640 STATX_ATTR_APPEND |
641 STATX_ATTR_NODUMP);
642
643 switch (inode->i_mode & S_IFMT) {
644 case S_IFBLK:
645 case S_IFCHR:
646 stat->blksize = BLKDEV_IOSIZE;
647 stat->rdev = inode->i_rdev;
648 break;
649 case S_IFREG:
650 if (request_mask & STATX_DIOALIGN) {
651 struct xfs_buftarg *target = xfs_inode_buftarg(ip);
652 struct block_device *bdev = target->bt_bdev;
653
654 stat->result_mask |= STATX_DIOALIGN;
655 stat->dio_mem_align = bdev_dma_alignment(bdev) + 1;
656 stat->dio_offset_align = bdev_logical_block_size(bdev);
657 }
658 if (request_mask & STATX_WRITE_ATOMIC) {
659 unsigned int unit_min, unit_max;
660
661 xfs_get_atomic_write_attr(ip, &unit_min,
662 &unit_max);
663 generic_fill_statx_atomic_writes(stat,
664 unit_min, unit_max);
665 }
666 fallthrough;
667 default:
668 stat->blksize = xfs_stat_blksize(ip);
669 stat->rdev = 0;
670 break;
671 }
672
673 return 0;
674}
675
676static int
677xfs_vn_change_ok(
678 struct mnt_idmap *idmap,
679 struct dentry *dentry,
680 struct iattr *iattr)
681{
682 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount;
683
684 if (xfs_is_readonly(mp))
685 return -EROFS;
686
687 if (xfs_is_shutdown(mp))
688 return -EIO;
689
690 return setattr_prepare(idmap, dentry, iattr);
691}
692
693/*
694 * Set non-size attributes of an inode.
695 *
696 * Caution: The caller of this function is responsible for calling
697 * setattr_prepare() or otherwise verifying the change is fine.
698 */
699static int
700xfs_setattr_nonsize(
701 struct mnt_idmap *idmap,
702 struct dentry *dentry,
703 struct xfs_inode *ip,
704 struct iattr *iattr)
705{
706 xfs_mount_t *mp = ip->i_mount;
707 struct inode *inode = VFS_I(ip);
708 int mask = iattr->ia_valid;
709 xfs_trans_t *tp;
710 int error;
711 kuid_t uid = GLOBAL_ROOT_UID;
712 kgid_t gid = GLOBAL_ROOT_GID;
713 struct xfs_dquot *udqp = NULL, *gdqp = NULL;
714 struct xfs_dquot *old_udqp = NULL, *old_gdqp = NULL;
715
716 ASSERT((mask & ATTR_SIZE) == 0);
717
718 /*
719 * If disk quotas is on, we make sure that the dquots do exist on disk,
720 * before we start any other transactions. Trying to do this later
721 * is messy. We don't care to take a readlock to look at the ids
722 * in inode here, because we can't hold it across the trans_reserve.
723 * If the IDs do change before we take the ilock, we're covered
724 * because the i_*dquot fields will get updated anyway.
725 */
726 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) {
727 uint qflags = 0;
728
729 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) {
730 uid = from_vfsuid(idmap, i_user_ns(inode),
731 iattr->ia_vfsuid);
732 qflags |= XFS_QMOPT_UQUOTA;
733 } else {
734 uid = inode->i_uid;
735 }
736 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) {
737 gid = from_vfsgid(idmap, i_user_ns(inode),
738 iattr->ia_vfsgid);
739 qflags |= XFS_QMOPT_GQUOTA;
740 } else {
741 gid = inode->i_gid;
742 }
743
744 /*
745 * We take a reference when we initialize udqp and gdqp,
746 * so it is important that we never blindly double trip on
747 * the same variable. See xfs_create() for an example.
748 */
749 ASSERT(udqp == NULL);
750 ASSERT(gdqp == NULL);
751 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_projid,
752 qflags, &udqp, &gdqp, NULL);
753 if (error)
754 return error;
755 }
756
757 error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL,
758 has_capability_noaudit(current, CAP_FOWNER), &tp);
759 if (error)
760 goto out_dqrele;
761
762 /*
763 * Register quota modifications in the transaction. Must be the owner
764 * or privileged. These IDs could have changed since we last looked at
765 * them. But, we're assured that if the ownership did change while we
766 * didn't have the inode locked, inode's dquot(s) would have changed
767 * also.
768 */
769 if (XFS_IS_UQUOTA_ON(mp) &&
770 i_uid_needs_update(idmap, iattr, inode)) {
771 ASSERT(udqp);
772 old_udqp = xfs_qm_vop_chown(tp, ip, &ip->i_udquot, udqp);
773 }
774 if (XFS_IS_GQUOTA_ON(mp) &&
775 i_gid_needs_update(idmap, iattr, inode)) {
776 ASSERT(xfs_has_pquotino(mp) || !XFS_IS_PQUOTA_ON(mp));
777 ASSERT(gdqp);
778 old_gdqp = xfs_qm_vop_chown(tp, ip, &ip->i_gdquot, gdqp);
779 }
780
781 setattr_copy(idmap, inode, iattr);
782 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
783
784 XFS_STATS_INC(mp, xs_ig_attrchg);
785
786 if (xfs_has_wsync(mp))
787 xfs_trans_set_sync(tp);
788 error = xfs_trans_commit(tp);
789
790 /*
791 * Release any dquot(s) the inode had kept before chown.
792 */
793 xfs_qm_dqrele(old_udqp);
794 xfs_qm_dqrele(old_gdqp);
795 xfs_qm_dqrele(udqp);
796 xfs_qm_dqrele(gdqp);
797
798 if (error)
799 return error;
800
801 /*
802 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode
803 * update. We could avoid this with linked transactions
804 * and passing down the transaction pointer all the way
805 * to attr_set. No previous user of the generic
806 * Posix ACL code seems to care about this issue either.
807 */
808 if (mask & ATTR_MODE) {
809 error = posix_acl_chmod(idmap, dentry, inode->i_mode);
810 if (error)
811 return error;
812 }
813
814 return 0;
815
816out_dqrele:
817 xfs_qm_dqrele(udqp);
818 xfs_qm_dqrele(gdqp);
819 return error;
820}
821
822/*
823 * Truncate file. Must have write permission and not be a directory.
824 *
825 * Caution: The caller of this function is responsible for calling
826 * setattr_prepare() or otherwise verifying the change is fine.
827 */
828STATIC int
829xfs_setattr_size(
830 struct mnt_idmap *idmap,
831 struct dentry *dentry,
832 struct xfs_inode *ip,
833 struct iattr *iattr)
834{
835 struct xfs_mount *mp = ip->i_mount;
836 struct inode *inode = VFS_I(ip);
837 xfs_off_t oldsize, newsize;
838 struct xfs_trans *tp;
839 int error;
840 uint lock_flags = 0;
841 uint resblks = 0;
842 bool did_zeroing = false;
843
844 xfs_assert_ilocked(ip, XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL);
845 ASSERT(S_ISREG(inode->i_mode));
846 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET|
847 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0);
848
849 oldsize = inode->i_size;
850 newsize = iattr->ia_size;
851
852 /*
853 * Short circuit the truncate case for zero length files.
854 */
855 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) {
856 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME)))
857 return 0;
858
859 /*
860 * Use the regular setattr path to update the timestamps.
861 */
862 iattr->ia_valid &= ~ATTR_SIZE;
863 return xfs_setattr_nonsize(idmap, dentry, ip, iattr);
864 }
865
866 /*
867 * Make sure that the dquots are attached to the inode.
868 */
869 error = xfs_qm_dqattach(ip);
870 if (error)
871 return error;
872
873 /*
874 * Wait for all direct I/O to complete.
875 */
876 inode_dio_wait(inode);
877
878 /*
879 * File data changes must be complete before we start the transaction to
880 * modify the inode. This needs to be done before joining the inode to
881 * the transaction because the inode cannot be unlocked once it is a
882 * part of the transaction.
883 *
884 * Start with zeroing any data beyond EOF that we may expose on file
885 * extension, or zeroing out the rest of the block on a downward
886 * truncate.
887 */
888 if (newsize > oldsize) {
889 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize);
890 error = xfs_zero_range(ip, oldsize, newsize - oldsize,
891 &did_zeroing);
892 } else {
893 error = xfs_truncate_page(ip, newsize, &did_zeroing);
894 }
895
896 if (error)
897 return error;
898
899 /*
900 * We've already locked out new page faults, so now we can safely remove
901 * pages from the page cache knowing they won't get refaulted until we
902 * drop the XFS_MMAP_EXCL lock after the extent manipulations are
903 * complete. The truncate_setsize() call also cleans partial EOF page
904 * PTEs on extending truncates and hence ensures sub-page block size
905 * filesystems are correctly handled, too.
906 *
907 * We have to do all the page cache truncate work outside the
908 * transaction context as the "lock" order is page lock->log space
909 * reservation as defined by extent allocation in the writeback path.
910 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but
911 * having already truncated the in-memory version of the file (i.e. made
912 * user visible changes). There's not much we can do about this, except
913 * to hope that the caller sees ENOMEM and retries the truncate
914 * operation.
915 *
916 * And we update in-core i_size and truncate page cache beyond newsize
917 * before writeback the [i_disk_size, newsize] range, so we're
918 * guaranteed not to write stale data past the new EOF on truncate down.
919 */
920 truncate_setsize(inode, newsize);
921
922 /*
923 * We are going to log the inode size change in this transaction so
924 * any previous writes that are beyond the on disk EOF and the new
925 * EOF that have not been written out need to be written here. If we
926 * do not write the data out, we expose ourselves to the null files
927 * problem. Note that this includes any block zeroing we did above;
928 * otherwise those blocks may not be zeroed after a crash.
929 */
930 if (did_zeroing ||
931 (newsize > ip->i_disk_size && oldsize != ip->i_disk_size)) {
932 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping,
933 ip->i_disk_size, newsize - 1);
934 if (error)
935 return error;
936 }
937
938 /*
939 * For realtime inode with more than one block rtextsize, we need the
940 * block reservation for bmap btree block allocations/splits that can
941 * happen since it could split the tail written extent and convert the
942 * right beyond EOF one to unwritten.
943 */
944 if (xfs_inode_has_bigrtalloc(ip))
945 resblks = XFS_DIOSTRAT_SPACE_RES(mp, 0);
946
947 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, resblks,
948 0, 0, &tp);
949 if (error)
950 return error;
951
952 lock_flags |= XFS_ILOCK_EXCL;
953 xfs_ilock(ip, XFS_ILOCK_EXCL);
954 xfs_trans_ijoin(tp, ip, 0);
955
956 /*
957 * Only change the c/mtime if we are changing the size or we are
958 * explicitly asked to change it. This handles the semantic difference
959 * between truncate() and ftruncate() as implemented in the VFS.
960 *
961 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a
962 * special case where we need to update the times despite not having
963 * these flags set. For all other operations the VFS set these flags
964 * explicitly if it wants a timestamp update.
965 */
966 if (newsize != oldsize &&
967 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) {
968 iattr->ia_ctime = iattr->ia_mtime =
969 current_time(inode);
970 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME;
971 }
972
973 /*
974 * The first thing we do is set the size to new_size permanently on
975 * disk. This way we don't have to worry about anyone ever being able
976 * to look at the data being freed even in the face of a crash.
977 * What we're getting around here is the case where we free a block, it
978 * is allocated to another file, it is written to, and then we crash.
979 * If the new data gets written to the file but the log buffers
980 * containing the free and reallocation don't, then we'd end up with
981 * garbage in the blocks being freed. As long as we make the new size
982 * permanent before actually freeing any blocks it doesn't matter if
983 * they get written to.
984 */
985 ip->i_disk_size = newsize;
986 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
987
988 if (newsize <= oldsize) {
989 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize);
990 if (error)
991 goto out_trans_cancel;
992
993 /*
994 * Truncated "down", so we're removing references to old data
995 * here - if we delay flushing for a long time, we expose
996 * ourselves unduly to the notorious NULL files problem. So,
997 * we mark this inode and flush it when the file is closed,
998 * and do not wait the usual (long) time for writeout.
999 */
1000 xfs_iflags_set(ip, XFS_ITRUNCATED);
1001
1002 /* A truncate down always removes post-EOF blocks. */
1003 xfs_inode_clear_eofblocks_tag(ip);
1004 }
1005
1006 ASSERT(!(iattr->ia_valid & (ATTR_UID | ATTR_GID)));
1007 setattr_copy(idmap, inode, iattr);
1008 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
1009
1010 XFS_STATS_INC(mp, xs_ig_attrchg);
1011
1012 if (xfs_has_wsync(mp))
1013 xfs_trans_set_sync(tp);
1014
1015 error = xfs_trans_commit(tp);
1016out_unlock:
1017 if (lock_flags)
1018 xfs_iunlock(ip, lock_flags);
1019 return error;
1020
1021out_trans_cancel:
1022 xfs_trans_cancel(tp);
1023 goto out_unlock;
1024}
1025
1026int
1027xfs_vn_setattr_size(
1028 struct mnt_idmap *idmap,
1029 struct dentry *dentry,
1030 struct iattr *iattr)
1031{
1032 struct xfs_inode *ip = XFS_I(d_inode(dentry));
1033 int error;
1034
1035 trace_xfs_setattr(ip);
1036
1037 error = xfs_vn_change_ok(idmap, dentry, iattr);
1038 if (error)
1039 return error;
1040 return xfs_setattr_size(idmap, dentry, ip, iattr);
1041}
1042
1043STATIC int
1044xfs_vn_setattr(
1045 struct mnt_idmap *idmap,
1046 struct dentry *dentry,
1047 struct iattr *iattr)
1048{
1049 struct inode *inode = d_inode(dentry);
1050 struct xfs_inode *ip = XFS_I(inode);
1051 int error;
1052
1053 if (iattr->ia_valid & ATTR_SIZE) {
1054 uint iolock;
1055
1056 xfs_ilock(ip, XFS_MMAPLOCK_EXCL);
1057 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL;
1058
1059 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP);
1060 if (error) {
1061 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1062 return error;
1063 }
1064
1065 error = xfs_vn_setattr_size(idmap, dentry, iattr);
1066 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL);
1067 } else {
1068 trace_xfs_setattr(ip);
1069
1070 error = xfs_vn_change_ok(idmap, dentry, iattr);
1071 if (!error)
1072 error = xfs_setattr_nonsize(idmap, dentry, ip, iattr);
1073 }
1074
1075 return error;
1076}
1077
1078STATIC int
1079xfs_vn_update_time(
1080 struct inode *inode,
1081 int flags)
1082{
1083 struct xfs_inode *ip = XFS_I(inode);
1084 struct xfs_mount *mp = ip->i_mount;
1085 int log_flags = XFS_ILOG_TIMESTAMP;
1086 struct xfs_trans *tp;
1087 int error;
1088 struct timespec64 now;
1089
1090 trace_xfs_update_time(ip);
1091
1092 if (inode->i_sb->s_flags & SB_LAZYTIME) {
1093 if (!((flags & S_VERSION) &&
1094 inode_maybe_inc_iversion(inode, false))) {
1095 generic_update_time(inode, flags);
1096 return 0;
1097 }
1098
1099 /* Capture the iversion update that just occurred */
1100 log_flags |= XFS_ILOG_CORE;
1101 }
1102
1103 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp);
1104 if (error)
1105 return error;
1106
1107 xfs_ilock(ip, XFS_ILOCK_EXCL);
1108 if (flags & (S_CTIME|S_MTIME))
1109 now = inode_set_ctime_current(inode);
1110 else
1111 now = current_time(inode);
1112
1113 if (flags & S_MTIME)
1114 inode_set_mtime_to_ts(inode, now);
1115 if (flags & S_ATIME)
1116 inode_set_atime_to_ts(inode, now);
1117
1118 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
1119 xfs_trans_log_inode(tp, ip, log_flags);
1120 return xfs_trans_commit(tp);
1121}
1122
1123STATIC int
1124xfs_vn_fiemap(
1125 struct inode *inode,
1126 struct fiemap_extent_info *fieinfo,
1127 u64 start,
1128 u64 length)
1129{
1130 int error;
1131
1132 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED);
1133 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) {
1134 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR;
1135 error = iomap_fiemap(inode, fieinfo, start, length,
1136 &xfs_xattr_iomap_ops);
1137 } else {
1138 error = iomap_fiemap(inode, fieinfo, start, length,
1139 &xfs_read_iomap_ops);
1140 }
1141 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED);
1142
1143 return error;
1144}
1145
1146STATIC int
1147xfs_vn_tmpfile(
1148 struct mnt_idmap *idmap,
1149 struct inode *dir,
1150 struct file *file,
1151 umode_t mode)
1152{
1153 int err = xfs_generic_create(idmap, dir, file->f_path.dentry, mode, 0, file);
1154
1155 return finish_open_simple(file, err);
1156}
1157
1158static const struct inode_operations xfs_inode_operations = {
1159 .get_inode_acl = xfs_get_acl,
1160 .set_acl = xfs_set_acl,
1161 .getattr = xfs_vn_getattr,
1162 .setattr = xfs_vn_setattr,
1163 .listxattr = xfs_vn_listxattr,
1164 .fiemap = xfs_vn_fiemap,
1165 .update_time = xfs_vn_update_time,
1166 .fileattr_get = xfs_fileattr_get,
1167 .fileattr_set = xfs_fileattr_set,
1168};
1169
1170static const struct inode_operations xfs_dir_inode_operations = {
1171 .create = xfs_vn_create,
1172 .lookup = xfs_vn_lookup,
1173 .link = xfs_vn_link,
1174 .unlink = xfs_vn_unlink,
1175 .symlink = xfs_vn_symlink,
1176 .mkdir = xfs_vn_mkdir,
1177 /*
1178 * Yes, XFS uses the same method for rmdir and unlink.
1179 *
1180 * There are some subtile differences deeper in the code,
1181 * but we use S_ISDIR to check for those.
1182 */
1183 .rmdir = xfs_vn_unlink,
1184 .mknod = xfs_vn_mknod,
1185 .rename = xfs_vn_rename,
1186 .get_inode_acl = xfs_get_acl,
1187 .set_acl = xfs_set_acl,
1188 .getattr = xfs_vn_getattr,
1189 .setattr = xfs_vn_setattr,
1190 .listxattr = xfs_vn_listxattr,
1191 .update_time = xfs_vn_update_time,
1192 .tmpfile = xfs_vn_tmpfile,
1193 .fileattr_get = xfs_fileattr_get,
1194 .fileattr_set = xfs_fileattr_set,
1195};
1196
1197static const struct inode_operations xfs_dir_ci_inode_operations = {
1198 .create = xfs_vn_create,
1199 .lookup = xfs_vn_ci_lookup,
1200 .link = xfs_vn_link,
1201 .unlink = xfs_vn_unlink,
1202 .symlink = xfs_vn_symlink,
1203 .mkdir = xfs_vn_mkdir,
1204 /*
1205 * Yes, XFS uses the same method for rmdir and unlink.
1206 *
1207 * There are some subtile differences deeper in the code,
1208 * but we use S_ISDIR to check for those.
1209 */
1210 .rmdir = xfs_vn_unlink,
1211 .mknod = xfs_vn_mknod,
1212 .rename = xfs_vn_rename,
1213 .get_inode_acl = xfs_get_acl,
1214 .set_acl = xfs_set_acl,
1215 .getattr = xfs_vn_getattr,
1216 .setattr = xfs_vn_setattr,
1217 .listxattr = xfs_vn_listxattr,
1218 .update_time = xfs_vn_update_time,
1219 .tmpfile = xfs_vn_tmpfile,
1220 .fileattr_get = xfs_fileattr_get,
1221 .fileattr_set = xfs_fileattr_set,
1222};
1223
1224static const struct inode_operations xfs_symlink_inode_operations = {
1225 .get_link = xfs_vn_get_link,
1226 .getattr = xfs_vn_getattr,
1227 .setattr = xfs_vn_setattr,
1228 .listxattr = xfs_vn_listxattr,
1229 .update_time = xfs_vn_update_time,
1230};
1231
1232/* Figure out if this file actually supports DAX. */
1233static bool
1234xfs_inode_supports_dax(
1235 struct xfs_inode *ip)
1236{
1237 struct xfs_mount *mp = ip->i_mount;
1238
1239 /* Only supported on regular files. */
1240 if (!S_ISREG(VFS_I(ip)->i_mode))
1241 return false;
1242
1243 /* Block size must match page size */
1244 if (mp->m_sb.sb_blocksize != PAGE_SIZE)
1245 return false;
1246
1247 /* Device has to support DAX too. */
1248 return xfs_inode_buftarg(ip)->bt_daxdev != NULL;
1249}
1250
1251static bool
1252xfs_inode_should_enable_dax(
1253 struct xfs_inode *ip)
1254{
1255 if (!IS_ENABLED(CONFIG_FS_DAX))
1256 return false;
1257 if (xfs_has_dax_never(ip->i_mount))
1258 return false;
1259 if (!xfs_inode_supports_dax(ip))
1260 return false;
1261 if (xfs_has_dax_always(ip->i_mount))
1262 return true;
1263 if (ip->i_diflags2 & XFS_DIFLAG2_DAX)
1264 return true;
1265 return false;
1266}
1267
1268void
1269xfs_diflags_to_iflags(
1270 struct xfs_inode *ip,
1271 bool init)
1272{
1273 struct inode *inode = VFS_I(ip);
1274 unsigned int xflags = xfs_ip2xflags(ip);
1275 unsigned int flags = 0;
1276
1277 ASSERT(!(IS_DAX(inode) && init));
1278
1279 if (xflags & FS_XFLAG_IMMUTABLE)
1280 flags |= S_IMMUTABLE;
1281 if (xflags & FS_XFLAG_APPEND)
1282 flags |= S_APPEND;
1283 if (xflags & FS_XFLAG_SYNC)
1284 flags |= S_SYNC;
1285 if (xflags & FS_XFLAG_NOATIME)
1286 flags |= S_NOATIME;
1287 if (init && xfs_inode_should_enable_dax(ip))
1288 flags |= S_DAX;
1289
1290 /*
1291 * S_DAX can only be set during inode initialization and is never set by
1292 * the VFS, so we cannot mask off S_DAX in i_flags.
1293 */
1294 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME);
1295 inode->i_flags |= flags;
1296}
1297
1298/*
1299 * Initialize the Linux inode.
1300 *
1301 * When reading existing inodes from disk this is called directly from xfs_iget,
1302 * when creating a new inode it is called from xfs_init_new_inode after setting
1303 * up the inode. These callers have different criteria for clearing XFS_INEW, so
1304 * leave it up to the caller to deal with unlocking the inode appropriately.
1305 */
1306void
1307xfs_setup_inode(
1308 struct xfs_inode *ip)
1309{
1310 struct inode *inode = &ip->i_vnode;
1311 gfp_t gfp_mask;
1312 bool is_meta = xfs_is_internal_inode(ip);
1313
1314 inode->i_ino = ip->i_ino;
1315 inode->i_state |= I_NEW;
1316
1317 inode_sb_list_add(inode);
1318 /* make the inode look hashed for the writeback code */
1319 inode_fake_hash(inode);
1320
1321 i_size_write(inode, ip->i_disk_size);
1322 xfs_diflags_to_iflags(ip, true);
1323
1324 /*
1325 * Mark our metadata files as private so that LSMs and the ACL code
1326 * don't try to add their own metadata or reason about these files,
1327 * and users cannot ever obtain file handles to them.
1328 */
1329 if (is_meta) {
1330 inode->i_flags |= S_PRIVATE;
1331 inode->i_opflags &= ~IOP_XATTR;
1332 }
1333
1334 if (S_ISDIR(inode->i_mode)) {
1335 /*
1336 * We set the i_rwsem class here to avoid potential races with
1337 * lockdep_annotate_inode_mutex_key() reinitialising the lock
1338 * after a filehandle lookup has already found the inode in
1339 * cache before it has been unlocked via unlock_new_inode().
1340 */
1341 lockdep_set_class(&inode->i_rwsem,
1342 &inode->i_sb->s_type->i_mutex_dir_key);
1343 lockdep_set_class(&ip->i_lock, &xfs_dir_ilock_class);
1344 } else {
1345 lockdep_set_class(&ip->i_lock, &xfs_nondir_ilock_class);
1346 }
1347
1348 /*
1349 * Ensure all page cache allocations are done from GFP_NOFS context to
1350 * prevent direct reclaim recursion back into the filesystem and blowing
1351 * stacks or deadlocking.
1352 */
1353 gfp_mask = mapping_gfp_mask(inode->i_mapping);
1354 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS)));
1355
1356 /*
1357 * For real-time inodes update the stable write flags to that of the RT
1358 * device instead of the data device.
1359 */
1360 if (S_ISREG(inode->i_mode) && XFS_IS_REALTIME_INODE(ip))
1361 xfs_update_stable_writes(ip);
1362
1363 /*
1364 * If there is no attribute fork no ACL can exist on this inode,
1365 * and it can't have any file capabilities attached to it either.
1366 */
1367 if (!xfs_inode_has_attr_fork(ip)) {
1368 inode_has_no_xattr(inode);
1369 cache_no_acl(inode);
1370 }
1371}
1372
1373void
1374xfs_setup_iops(
1375 struct xfs_inode *ip)
1376{
1377 struct inode *inode = &ip->i_vnode;
1378
1379 switch (inode->i_mode & S_IFMT) {
1380 case S_IFREG:
1381 inode->i_op = &xfs_inode_operations;
1382 inode->i_fop = &xfs_file_operations;
1383 if (IS_DAX(inode))
1384 inode->i_mapping->a_ops = &xfs_dax_aops;
1385 else
1386 inode->i_mapping->a_ops = &xfs_address_space_operations;
1387 break;
1388 case S_IFDIR:
1389 if (xfs_has_asciici(XFS_M(inode->i_sb)))
1390 inode->i_op = &xfs_dir_ci_inode_operations;
1391 else
1392 inode->i_op = &xfs_dir_inode_operations;
1393 inode->i_fop = &xfs_dir_file_operations;
1394 break;
1395 case S_IFLNK:
1396 inode->i_op = &xfs_symlink_inode_operations;
1397 break;
1398 default:
1399 inode->i_op = &xfs_inode_operations;
1400 init_special_inode(inode, inode->i_mode, inode->i_rdev);
1401 break;
1402 }
1403}