xref: /linux/fs/ubifs/dir.c (revision 791d3ef2e11100449837dc0b6fe884e60ca3a484)
1 /* * This file is part of UBIFS.
2  *
3  * Copyright (C) 2006-2008 Nokia Corporation.
4  * Copyright (C) 2006, 2007 University of Szeged, Hungary
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License version 2 as published by
8  * the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
13  * more details.
14  *
15  * You should have received a copy of the GNU General Public License along with
16  * this program; if not, write to the Free Software Foundation, Inc., 51
17  * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18  *
19  * Authors: Artem Bityutskiy (Битюцкий Артём)
20  *          Adrian Hunter
21  *          Zoltan Sogor
22  */
23 
24 /*
25  * This file implements directory operations.
26  *
27  * All FS operations in this file allocate budget before writing anything to the
28  * media. If they fail to allocate it, the error is returned. The only
29  * exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even
30  * if they unable to allocate the budget, because deletion %-ENOSPC failure is
31  * not what users are usually ready to get. UBIFS budgeting subsystem has some
32  * space reserved for these purposes.
33  *
34  * All operations in this file write all inodes which they change straight
35  * away, instead of marking them dirty. For example, 'ubifs_link()' changes
36  * @i_size of the parent inode and writes the parent inode together with the
37  * target inode. This was done to simplify file-system recovery which would
38  * otherwise be very difficult to do. The only exception is rename which marks
39  * the re-named inode dirty (because its @i_ctime is updated) but does not
40  * write it, but just marks it as dirty.
41  */
42 
43 #include "ubifs.h"
44 
45 /**
46  * inherit_flags - inherit flags of the parent inode.
47  * @dir: parent inode
48  * @mode: new inode mode flags
49  *
50  * This is a helper function for 'ubifs_new_inode()' which inherits flag of the
51  * parent directory inode @dir. UBIFS inodes inherit the following flags:
52  * o %UBIFS_COMPR_FL, which is useful to switch compression on/of on
53  *   sub-directory basis;
54  * o %UBIFS_SYNC_FL - useful for the same reasons;
55  * o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories.
56  *
57  * This function returns the inherited flags.
58  */
59 static int inherit_flags(const struct inode *dir, umode_t mode)
60 {
61 	int flags;
62 	const struct ubifs_inode *ui = ubifs_inode(dir);
63 
64 	if (!S_ISDIR(dir->i_mode))
65 		/*
66 		 * The parent is not a directory, which means that an extended
67 		 * attribute inode is being created. No flags.
68 		 */
69 		return 0;
70 
71 	flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL);
72 	if (!S_ISDIR(mode))
73 		/* The "DIRSYNC" flag only applies to directories */
74 		flags &= ~UBIFS_DIRSYNC_FL;
75 	return flags;
76 }
77 
78 /**
79  * ubifs_new_inode - allocate new UBIFS inode object.
80  * @c: UBIFS file-system description object
81  * @dir: parent directory inode
82  * @mode: inode mode flags
83  *
84  * This function finds an unused inode number, allocates new inode and
85  * initializes it. Returns new inode in case of success and an error code in
86  * case of failure.
87  */
88 struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
89 			      umode_t mode)
90 {
91 	int err;
92 	struct inode *inode;
93 	struct ubifs_inode *ui;
94 	bool encrypted = false;
95 
96 	if (ubifs_crypt_is_encrypted(dir)) {
97 		err = fscrypt_get_encryption_info(dir);
98 		if (err) {
99 			ubifs_err(c, "fscrypt_get_encryption_info failed: %i", err);
100 			return ERR_PTR(err);
101 		}
102 
103 		if (!fscrypt_has_encryption_key(dir))
104 			return ERR_PTR(-EPERM);
105 
106 		encrypted = true;
107 	}
108 
109 	inode = new_inode(c->vfs_sb);
110 	ui = ubifs_inode(inode);
111 	if (!inode)
112 		return ERR_PTR(-ENOMEM);
113 
114 	/*
115 	 * Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and
116 	 * marking them dirty in file write path (see 'file_update_time()').
117 	 * UBIFS has to fully control "clean <-> dirty" transitions of inodes
118 	 * to make budgeting work.
119 	 */
120 	inode->i_flags |= S_NOCMTIME;
121 
122 	inode_init_owner(inode, dir, mode);
123 	inode->i_mtime = inode->i_atime = inode->i_ctime =
124 			 current_time(inode);
125 	inode->i_mapping->nrpages = 0;
126 
127 	switch (mode & S_IFMT) {
128 	case S_IFREG:
129 		inode->i_mapping->a_ops = &ubifs_file_address_operations;
130 		inode->i_op = &ubifs_file_inode_operations;
131 		inode->i_fop = &ubifs_file_operations;
132 		break;
133 	case S_IFDIR:
134 		inode->i_op  = &ubifs_dir_inode_operations;
135 		inode->i_fop = &ubifs_dir_operations;
136 		inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ;
137 		break;
138 	case S_IFLNK:
139 		inode->i_op = &ubifs_symlink_inode_operations;
140 		break;
141 	case S_IFSOCK:
142 	case S_IFIFO:
143 	case S_IFBLK:
144 	case S_IFCHR:
145 		inode->i_op  = &ubifs_file_inode_operations;
146 		encrypted = false;
147 		break;
148 	default:
149 		BUG();
150 	}
151 
152 	ui->flags = inherit_flags(dir, mode);
153 	ubifs_set_inode_flags(inode);
154 	if (S_ISREG(mode))
155 		ui->compr_type = c->default_compr;
156 	else
157 		ui->compr_type = UBIFS_COMPR_NONE;
158 	ui->synced_i_size = 0;
159 
160 	spin_lock(&c->cnt_lock);
161 	/* Inode number overflow is currently not supported */
162 	if (c->highest_inum >= INUM_WARN_WATERMARK) {
163 		if (c->highest_inum >= INUM_WATERMARK) {
164 			spin_unlock(&c->cnt_lock);
165 			ubifs_err(c, "out of inode numbers");
166 			make_bad_inode(inode);
167 			iput(inode);
168 			return ERR_PTR(-EINVAL);
169 		}
170 		ubifs_warn(c, "running out of inode numbers (current %lu, max %u)",
171 			   (unsigned long)c->highest_inum, INUM_WATERMARK);
172 	}
173 
174 	inode->i_ino = ++c->highest_inum;
175 	/*
176 	 * The creation sequence number remains with this inode for its
177 	 * lifetime. All nodes for this inode have a greater sequence number,
178 	 * and so it is possible to distinguish obsolete nodes belonging to a
179 	 * previous incarnation of the same inode number - for example, for the
180 	 * purpose of rebuilding the index.
181 	 */
182 	ui->creat_sqnum = ++c->max_sqnum;
183 	spin_unlock(&c->cnt_lock);
184 
185 	if (encrypted) {
186 		err = fscrypt_inherit_context(dir, inode, &encrypted, true);
187 		if (err) {
188 			ubifs_err(c, "fscrypt_inherit_context failed: %i", err);
189 			make_bad_inode(inode);
190 			iput(inode);
191 			return ERR_PTR(err);
192 		}
193 	}
194 
195 	return inode;
196 }
197 
198 static int dbg_check_name(const struct ubifs_info *c,
199 			  const struct ubifs_dent_node *dent,
200 			  const struct fscrypt_name *nm)
201 {
202 	if (!dbg_is_chk_gen(c))
203 		return 0;
204 	if (le16_to_cpu(dent->nlen) != fname_len(nm))
205 		return -EINVAL;
206 	if (memcmp(dent->name, fname_name(nm), fname_len(nm)))
207 		return -EINVAL;
208 	return 0;
209 }
210 
211 static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
212 				   unsigned int flags)
213 {
214 	int err;
215 	union ubifs_key key;
216 	struct inode *inode = NULL;
217 	struct ubifs_dent_node *dent = NULL;
218 	struct ubifs_info *c = dir->i_sb->s_fs_info;
219 	struct fscrypt_name nm;
220 
221 	dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino);
222 
223 	err = fscrypt_prepare_lookup(dir, dentry, flags);
224 	if (err)
225 		return ERR_PTR(err);
226 
227 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
228 	if (err)
229 		return ERR_PTR(err);
230 
231 	if (fname_len(&nm) > UBIFS_MAX_NLEN) {
232 		inode = ERR_PTR(-ENAMETOOLONG);
233 		goto done;
234 	}
235 
236 	dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
237 	if (!dent) {
238 		inode = ERR_PTR(-ENOMEM);
239 		goto done;
240 	}
241 
242 	if (nm.hash) {
243 		ubifs_assert(fname_len(&nm) == 0);
244 		ubifs_assert(fname_name(&nm) == NULL);
245 		dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
246 		err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
247 	} else {
248 		dent_key_init(c, &key, dir->i_ino, &nm);
249 		err = ubifs_tnc_lookup_nm(c, &key, dent, &nm);
250 	}
251 
252 	if (err) {
253 		if (err == -ENOENT)
254 			dbg_gen("not found");
255 		else
256 			inode = ERR_PTR(err);
257 		goto done;
258 	}
259 
260 	if (dbg_check_name(c, dent, &nm)) {
261 		inode = ERR_PTR(-EINVAL);
262 		goto done;
263 	}
264 
265 	inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum));
266 	if (IS_ERR(inode)) {
267 		/*
268 		 * This should not happen. Probably the file-system needs
269 		 * checking.
270 		 */
271 		err = PTR_ERR(inode);
272 		ubifs_err(c, "dead directory entry '%pd', error %d",
273 			  dentry, err);
274 		ubifs_ro_mode(c, err);
275 		goto done;
276 	}
277 
278 	if (ubifs_crypt_is_encrypted(dir) &&
279 	    (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
280 	    !fscrypt_has_permitted_context(dir, inode)) {
281 		ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
282 			   dir->i_ino, inode->i_ino);
283 		iput(inode);
284 		inode = ERR_PTR(-EPERM);
285 	}
286 
287 done:
288 	kfree(dent);
289 	fscrypt_free_filename(&nm);
290 	return d_splice_alias(inode, dentry);
291 }
292 
293 static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
294 			bool excl)
295 {
296 	struct inode *inode;
297 	struct ubifs_info *c = dir->i_sb->s_fs_info;
298 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
299 					.dirtied_ino = 1 };
300 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
301 	struct fscrypt_name nm;
302 	int err, sz_change;
303 
304 	/*
305 	 * Budget request settings: new inode, new direntry, changing the
306 	 * parent directory inode.
307 	 */
308 
309 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
310 		dentry, mode, dir->i_ino);
311 
312 	err = ubifs_budget_space(c, &req);
313 	if (err)
314 		return err;
315 
316 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
317 	if (err)
318 		goto out_budg;
319 
320 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
321 
322 	inode = ubifs_new_inode(c, dir, mode);
323 	if (IS_ERR(inode)) {
324 		err = PTR_ERR(inode);
325 		goto out_fname;
326 	}
327 
328 	err = ubifs_init_security(dir, inode, &dentry->d_name);
329 	if (err)
330 		goto out_inode;
331 
332 	mutex_lock(&dir_ui->ui_mutex);
333 	dir->i_size += sz_change;
334 	dir_ui->ui_size = dir->i_size;
335 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
336 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
337 	if (err)
338 		goto out_cancel;
339 	mutex_unlock(&dir_ui->ui_mutex);
340 
341 	ubifs_release_budget(c, &req);
342 	fscrypt_free_filename(&nm);
343 	insert_inode_hash(inode);
344 	d_instantiate(dentry, inode);
345 	return 0;
346 
347 out_cancel:
348 	dir->i_size -= sz_change;
349 	dir_ui->ui_size = dir->i_size;
350 	mutex_unlock(&dir_ui->ui_mutex);
351 out_inode:
352 	make_bad_inode(inode);
353 	iput(inode);
354 out_fname:
355 	fscrypt_free_filename(&nm);
356 out_budg:
357 	ubifs_release_budget(c, &req);
358 	ubifs_err(c, "cannot create regular file, error %d", err);
359 	return err;
360 }
361 
362 static int do_tmpfile(struct inode *dir, struct dentry *dentry,
363 		      umode_t mode, struct inode **whiteout)
364 {
365 	struct inode *inode;
366 	struct ubifs_info *c = dir->i_sb->s_fs_info;
367 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1};
368 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
369 	struct ubifs_inode *ui, *dir_ui = ubifs_inode(dir);
370 	int err, instantiated = 0;
371 	struct fscrypt_name nm;
372 
373 	/*
374 	 * Budget request settings: new dirty inode, new direntry,
375 	 * budget for dirtied inode will be released via writeback.
376 	 */
377 
378 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
379 		dentry, mode, dir->i_ino);
380 
381 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
382 	if (err)
383 		return err;
384 
385 	err = ubifs_budget_space(c, &req);
386 	if (err) {
387 		fscrypt_free_filename(&nm);
388 		return err;
389 	}
390 
391 	err = ubifs_budget_space(c, &ino_req);
392 	if (err) {
393 		ubifs_release_budget(c, &req);
394 		fscrypt_free_filename(&nm);
395 		return err;
396 	}
397 
398 	inode = ubifs_new_inode(c, dir, mode);
399 	if (IS_ERR(inode)) {
400 		err = PTR_ERR(inode);
401 		goto out_budg;
402 	}
403 	ui = ubifs_inode(inode);
404 
405 	if (whiteout) {
406 		init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
407 		ubifs_assert(inode->i_op == &ubifs_file_inode_operations);
408 	}
409 
410 	err = ubifs_init_security(dir, inode, &dentry->d_name);
411 	if (err)
412 		goto out_inode;
413 
414 	mutex_lock(&ui->ui_mutex);
415 	insert_inode_hash(inode);
416 
417 	if (whiteout) {
418 		mark_inode_dirty(inode);
419 		drop_nlink(inode);
420 		*whiteout = inode;
421 	} else {
422 		d_tmpfile(dentry, inode);
423 	}
424 	ubifs_assert(ui->dirty);
425 
426 	instantiated = 1;
427 	mutex_unlock(&ui->ui_mutex);
428 
429 	mutex_lock(&dir_ui->ui_mutex);
430 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
431 	if (err)
432 		goto out_cancel;
433 	mutex_unlock(&dir_ui->ui_mutex);
434 
435 	ubifs_release_budget(c, &req);
436 
437 	return 0;
438 
439 out_cancel:
440 	mutex_unlock(&dir_ui->ui_mutex);
441 out_inode:
442 	make_bad_inode(inode);
443 	if (!instantiated)
444 		iput(inode);
445 out_budg:
446 	ubifs_release_budget(c, &req);
447 	if (!instantiated)
448 		ubifs_release_budget(c, &ino_req);
449 	fscrypt_free_filename(&nm);
450 	ubifs_err(c, "cannot create temporary file, error %d", err);
451 	return err;
452 }
453 
454 static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry,
455 			 umode_t mode)
456 {
457 	return do_tmpfile(dir, dentry, mode, NULL);
458 }
459 
460 /**
461  * vfs_dent_type - get VFS directory entry type.
462  * @type: UBIFS directory entry type
463  *
464  * This function converts UBIFS directory entry type into VFS directory entry
465  * type.
466  */
467 static unsigned int vfs_dent_type(uint8_t type)
468 {
469 	switch (type) {
470 	case UBIFS_ITYPE_REG:
471 		return DT_REG;
472 	case UBIFS_ITYPE_DIR:
473 		return DT_DIR;
474 	case UBIFS_ITYPE_LNK:
475 		return DT_LNK;
476 	case UBIFS_ITYPE_BLK:
477 		return DT_BLK;
478 	case UBIFS_ITYPE_CHR:
479 		return DT_CHR;
480 	case UBIFS_ITYPE_FIFO:
481 		return DT_FIFO;
482 	case UBIFS_ITYPE_SOCK:
483 		return DT_SOCK;
484 	default:
485 		BUG();
486 	}
487 	return 0;
488 }
489 
490 /*
491  * The classical Unix view for directory is that it is a linear array of
492  * (name, inode number) entries. Linux/VFS assumes this model as well.
493  * Particularly, 'readdir()' call wants us to return a directory entry offset
494  * which later may be used to continue 'readdir()'ing the directory or to
495  * 'seek()' to that specific direntry. Obviously UBIFS does not really fit this
496  * model because directory entries are identified by keys, which may collide.
497  *
498  * UBIFS uses directory entry hash value for directory offsets, so
499  * 'seekdir()'/'telldir()' may not always work because of possible key
500  * collisions. But UBIFS guarantees that consecutive 'readdir()' calls work
501  * properly by means of saving full directory entry name in the private field
502  * of the file description object.
503  *
504  * This means that UBIFS cannot support NFS which requires full
505  * 'seekdir()'/'telldir()' support.
506  */
507 static int ubifs_readdir(struct file *file, struct dir_context *ctx)
508 {
509 	int fstr_real_len = 0, err = 0;
510 	struct fscrypt_name nm;
511 	struct fscrypt_str fstr = {0};
512 	union ubifs_key key;
513 	struct ubifs_dent_node *dent;
514 	struct inode *dir = file_inode(file);
515 	struct ubifs_info *c = dir->i_sb->s_fs_info;
516 	bool encrypted = ubifs_crypt_is_encrypted(dir);
517 
518 	dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos);
519 
520 	if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2)
521 		/*
522 		 * The directory was seek'ed to a senseless position or there
523 		 * are no more entries.
524 		 */
525 		return 0;
526 
527 	if (encrypted) {
528 		err = fscrypt_get_encryption_info(dir);
529 		if (err && err != -ENOKEY)
530 			return err;
531 
532 		err = fscrypt_fname_alloc_buffer(dir, UBIFS_MAX_NLEN, &fstr);
533 		if (err)
534 			return err;
535 
536 		fstr_real_len = fstr.len;
537 	}
538 
539 	if (file->f_version == 0) {
540 		/*
541 		 * The file was seek'ed, which means that @file->private_data
542 		 * is now invalid. This may also be just the first
543 		 * 'ubifs_readdir()' invocation, in which case
544 		 * @file->private_data is NULL, and the below code is
545 		 * basically a no-op.
546 		 */
547 		kfree(file->private_data);
548 		file->private_data = NULL;
549 	}
550 
551 	/*
552 	 * 'generic_file_llseek()' unconditionally sets @file->f_version to
553 	 * zero, and we use this for detecting whether the file was seek'ed.
554 	 */
555 	file->f_version = 1;
556 
557 	/* File positions 0 and 1 correspond to "." and ".." */
558 	if (ctx->pos < 2) {
559 		ubifs_assert(!file->private_data);
560 		if (!dir_emit_dots(file, ctx)) {
561 			if (encrypted)
562 				fscrypt_fname_free_buffer(&fstr);
563 			return 0;
564 		}
565 
566 		/* Find the first entry in TNC and save it */
567 		lowest_dent_key(c, &key, dir->i_ino);
568 		fname_len(&nm) = 0;
569 		dent = ubifs_tnc_next_ent(c, &key, &nm);
570 		if (IS_ERR(dent)) {
571 			err = PTR_ERR(dent);
572 			goto out;
573 		}
574 
575 		ctx->pos = key_hash_flash(c, &dent->key);
576 		file->private_data = dent;
577 	}
578 
579 	dent = file->private_data;
580 	if (!dent) {
581 		/*
582 		 * The directory was seek'ed to and is now readdir'ed.
583 		 * Find the entry corresponding to @ctx->pos or the closest one.
584 		 */
585 		dent_key_init_hash(c, &key, dir->i_ino, ctx->pos);
586 		fname_len(&nm) = 0;
587 		dent = ubifs_tnc_next_ent(c, &key, &nm);
588 		if (IS_ERR(dent)) {
589 			err = PTR_ERR(dent);
590 			goto out;
591 		}
592 		ctx->pos = key_hash_flash(c, &dent->key);
593 		file->private_data = dent;
594 	}
595 
596 	while (1) {
597 		dbg_gen("ino %llu, new f_pos %#x",
598 			(unsigned long long)le64_to_cpu(dent->inum),
599 			key_hash_flash(c, &dent->key));
600 		ubifs_assert(le64_to_cpu(dent->ch.sqnum) >
601 			     ubifs_inode(dir)->creat_sqnum);
602 
603 		fname_len(&nm) = le16_to_cpu(dent->nlen);
604 		fname_name(&nm) = dent->name;
605 
606 		if (encrypted) {
607 			fstr.len = fstr_real_len;
608 
609 			err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c,
610 							&dent->key),
611 							le32_to_cpu(dent->cookie),
612 							&nm.disk_name, &fstr);
613 			if (err)
614 				goto out;
615 		} else {
616 			fstr.len = fname_len(&nm);
617 			fstr.name = fname_name(&nm);
618 		}
619 
620 		if (!dir_emit(ctx, fstr.name, fstr.len,
621 			       le64_to_cpu(dent->inum),
622 			       vfs_dent_type(dent->type))) {
623 			if (encrypted)
624 				fscrypt_fname_free_buffer(&fstr);
625 			return 0;
626 		}
627 
628 		/* Switch to the next entry */
629 		key_read(c, &dent->key, &key);
630 		dent = ubifs_tnc_next_ent(c, &key, &nm);
631 		if (IS_ERR(dent)) {
632 			err = PTR_ERR(dent);
633 			goto out;
634 		}
635 
636 		kfree(file->private_data);
637 		ctx->pos = key_hash_flash(c, &dent->key);
638 		file->private_data = dent;
639 		cond_resched();
640 	}
641 
642 out:
643 	kfree(file->private_data);
644 	file->private_data = NULL;
645 
646 	if (encrypted)
647 		fscrypt_fname_free_buffer(&fstr);
648 
649 	if (err != -ENOENT)
650 		ubifs_err(c, "cannot find next direntry, error %d", err);
651 	else
652 		/*
653 		 * -ENOENT is a non-fatal error in this context, the TNC uses
654 		 * it to indicate that the cursor moved past the current directory
655 		 * and readdir() has to stop.
656 		 */
657 		err = 0;
658 
659 
660 	/* 2 is a special value indicating that there are no more direntries */
661 	ctx->pos = 2;
662 	return err;
663 }
664 
665 /* Free saved readdir() state when the directory is closed */
666 static int ubifs_dir_release(struct inode *dir, struct file *file)
667 {
668 	kfree(file->private_data);
669 	file->private_data = NULL;
670 	return 0;
671 }
672 
673 /**
674  * lock_2_inodes - a wrapper for locking two UBIFS inodes.
675  * @inode1: first inode
676  * @inode2: second inode
677  *
678  * We do not implement any tricks to guarantee strict lock ordering, because
679  * VFS has already done it for us on the @i_mutex. So this is just a simple
680  * wrapper function.
681  */
682 static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
683 {
684 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
685 	mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
686 }
687 
688 /**
689  * unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
690  * @inode1: first inode
691  * @inode2: second inode
692  */
693 static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
694 {
695 	mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
696 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
697 }
698 
699 static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
700 		      struct dentry *dentry)
701 {
702 	struct ubifs_info *c = dir->i_sb->s_fs_info;
703 	struct inode *inode = d_inode(old_dentry);
704 	struct ubifs_inode *ui = ubifs_inode(inode);
705 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
706 	int err, sz_change = CALC_DENT_SIZE(dentry->d_name.len);
707 	struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2,
708 				.dirtied_ino_d = ALIGN(ui->data_len, 8) };
709 	struct fscrypt_name nm;
710 
711 	/*
712 	 * Budget request settings: new direntry, changing the target inode,
713 	 * changing the parent inode.
714 	 */
715 
716 	dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu",
717 		dentry, inode->i_ino,
718 		inode->i_nlink, dir->i_ino);
719 	ubifs_assert(inode_is_locked(dir));
720 	ubifs_assert(inode_is_locked(inode));
721 
722 	err = fscrypt_prepare_link(old_dentry, dir, dentry);
723 	if (err)
724 		return err;
725 
726 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
727 	if (err)
728 		return err;
729 
730 	err = dbg_check_synced_i_size(c, inode);
731 	if (err)
732 		goto out_fname;
733 
734 	err = ubifs_budget_space(c, &req);
735 	if (err)
736 		goto out_fname;
737 
738 	lock_2_inodes(dir, inode);
739 
740 	/* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
741 	if (inode->i_nlink == 0)
742 		ubifs_delete_orphan(c, inode->i_ino);
743 
744 	inc_nlink(inode);
745 	ihold(inode);
746 	inode->i_ctime = current_time(inode);
747 	dir->i_size += sz_change;
748 	dir_ui->ui_size = dir->i_size;
749 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
750 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
751 	if (err)
752 		goto out_cancel;
753 	unlock_2_inodes(dir, inode);
754 
755 	ubifs_release_budget(c, &req);
756 	d_instantiate(dentry, inode);
757 	fscrypt_free_filename(&nm);
758 	return 0;
759 
760 out_cancel:
761 	dir->i_size -= sz_change;
762 	dir_ui->ui_size = dir->i_size;
763 	drop_nlink(inode);
764 	if (inode->i_nlink == 0)
765 		ubifs_add_orphan(c, inode->i_ino);
766 	unlock_2_inodes(dir, inode);
767 	ubifs_release_budget(c, &req);
768 	iput(inode);
769 out_fname:
770 	fscrypt_free_filename(&nm);
771 	return err;
772 }
773 
774 static int ubifs_unlink(struct inode *dir, struct dentry *dentry)
775 {
776 	struct ubifs_info *c = dir->i_sb->s_fs_info;
777 	struct inode *inode = d_inode(dentry);
778 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
779 	int err, sz_change, budgeted = 1;
780 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
781 	unsigned int saved_nlink = inode->i_nlink;
782 	struct fscrypt_name nm;
783 
784 	/*
785 	 * Budget request settings: deletion direntry, deletion inode (+1 for
786 	 * @dirtied_ino), changing the parent directory inode. If budgeting
787 	 * fails, go ahead anyway because we have extra space reserved for
788 	 * deletions.
789 	 */
790 
791 	dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu",
792 		dentry, inode->i_ino,
793 		inode->i_nlink, dir->i_ino);
794 
795 	if (ubifs_crypt_is_encrypted(dir)) {
796 		err = fscrypt_get_encryption_info(dir);
797 		if (err && err != -ENOKEY)
798 			return err;
799 	}
800 
801 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
802 	if (err)
803 		return err;
804 
805 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
806 
807 	ubifs_assert(inode_is_locked(dir));
808 	ubifs_assert(inode_is_locked(inode));
809 	err = dbg_check_synced_i_size(c, inode);
810 	if (err)
811 		goto out_fname;
812 
813 	err = ubifs_budget_space(c, &req);
814 	if (err) {
815 		if (err != -ENOSPC)
816 			goto out_fname;
817 		budgeted = 0;
818 	}
819 
820 	lock_2_inodes(dir, inode);
821 	inode->i_ctime = current_time(dir);
822 	drop_nlink(inode);
823 	dir->i_size -= sz_change;
824 	dir_ui->ui_size = dir->i_size;
825 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
826 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
827 	if (err)
828 		goto out_cancel;
829 	unlock_2_inodes(dir, inode);
830 
831 	if (budgeted)
832 		ubifs_release_budget(c, &req);
833 	else {
834 		/* We've deleted something - clean the "no space" flags */
835 		c->bi.nospace = c->bi.nospace_rp = 0;
836 		smp_wmb();
837 	}
838 	fscrypt_free_filename(&nm);
839 	return 0;
840 
841 out_cancel:
842 	dir->i_size += sz_change;
843 	dir_ui->ui_size = dir->i_size;
844 	set_nlink(inode, saved_nlink);
845 	unlock_2_inodes(dir, inode);
846 	if (budgeted)
847 		ubifs_release_budget(c, &req);
848 out_fname:
849 	fscrypt_free_filename(&nm);
850 	return err;
851 }
852 
853 /**
854  * check_dir_empty - check if a directory is empty or not.
855  * @dir: VFS inode object of the directory to check
856  *
857  * This function checks if directory @dir is empty. Returns zero if the
858  * directory is empty, %-ENOTEMPTY if it is not, and other negative error codes
859  * in case of of errors.
860  */
861 int ubifs_check_dir_empty(struct inode *dir)
862 {
863 	struct ubifs_info *c = dir->i_sb->s_fs_info;
864 	struct fscrypt_name nm = { 0 };
865 	struct ubifs_dent_node *dent;
866 	union ubifs_key key;
867 	int err;
868 
869 	lowest_dent_key(c, &key, dir->i_ino);
870 	dent = ubifs_tnc_next_ent(c, &key, &nm);
871 	if (IS_ERR(dent)) {
872 		err = PTR_ERR(dent);
873 		if (err == -ENOENT)
874 			err = 0;
875 	} else {
876 		kfree(dent);
877 		err = -ENOTEMPTY;
878 	}
879 	return err;
880 }
881 
882 static int ubifs_rmdir(struct inode *dir, struct dentry *dentry)
883 {
884 	struct ubifs_info *c = dir->i_sb->s_fs_info;
885 	struct inode *inode = d_inode(dentry);
886 	int err, sz_change, budgeted = 1;
887 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
888 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
889 	struct fscrypt_name nm;
890 
891 	/*
892 	 * Budget request settings: deletion direntry, deletion inode and
893 	 * changing the parent inode. If budgeting fails, go ahead anyway
894 	 * because we have extra space reserved for deletions.
895 	 */
896 
897 	dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry,
898 		inode->i_ino, dir->i_ino);
899 	ubifs_assert(inode_is_locked(dir));
900 	ubifs_assert(inode_is_locked(inode));
901 	err = ubifs_check_dir_empty(d_inode(dentry));
902 	if (err)
903 		return err;
904 
905 	if (ubifs_crypt_is_encrypted(dir)) {
906 		err = fscrypt_get_encryption_info(dir);
907 		if (err && err != -ENOKEY)
908 			return err;
909 	}
910 
911 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
912 	if (err)
913 		return err;
914 
915 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
916 
917 	err = ubifs_budget_space(c, &req);
918 	if (err) {
919 		if (err != -ENOSPC)
920 			goto out_fname;
921 		budgeted = 0;
922 	}
923 
924 	lock_2_inodes(dir, inode);
925 	inode->i_ctime = current_time(dir);
926 	clear_nlink(inode);
927 	drop_nlink(dir);
928 	dir->i_size -= sz_change;
929 	dir_ui->ui_size = dir->i_size;
930 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
931 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
932 	if (err)
933 		goto out_cancel;
934 	unlock_2_inodes(dir, inode);
935 
936 	if (budgeted)
937 		ubifs_release_budget(c, &req);
938 	else {
939 		/* We've deleted something - clean the "no space" flags */
940 		c->bi.nospace = c->bi.nospace_rp = 0;
941 		smp_wmb();
942 	}
943 	fscrypt_free_filename(&nm);
944 	return 0;
945 
946 out_cancel:
947 	dir->i_size += sz_change;
948 	dir_ui->ui_size = dir->i_size;
949 	inc_nlink(dir);
950 	set_nlink(inode, 2);
951 	unlock_2_inodes(dir, inode);
952 	if (budgeted)
953 		ubifs_release_budget(c, &req);
954 out_fname:
955 	fscrypt_free_filename(&nm);
956 	return err;
957 }
958 
959 static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
960 {
961 	struct inode *inode;
962 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
963 	struct ubifs_info *c = dir->i_sb->s_fs_info;
964 	int err, sz_change;
965 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1 };
966 	struct fscrypt_name nm;
967 
968 	/*
969 	 * Budget request settings: new inode, new direntry and changing parent
970 	 * directory inode.
971 	 */
972 
973 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
974 		dentry, mode, dir->i_ino);
975 
976 	err = ubifs_budget_space(c, &req);
977 	if (err)
978 		return err;
979 
980 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
981 	if (err)
982 		goto out_budg;
983 
984 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
985 
986 	inode = ubifs_new_inode(c, dir, S_IFDIR | mode);
987 	if (IS_ERR(inode)) {
988 		err = PTR_ERR(inode);
989 		goto out_fname;
990 	}
991 
992 	err = ubifs_init_security(dir, inode, &dentry->d_name);
993 	if (err)
994 		goto out_inode;
995 
996 	mutex_lock(&dir_ui->ui_mutex);
997 	insert_inode_hash(inode);
998 	inc_nlink(inode);
999 	inc_nlink(dir);
1000 	dir->i_size += sz_change;
1001 	dir_ui->ui_size = dir->i_size;
1002 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1003 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1004 	if (err) {
1005 		ubifs_err(c, "cannot create directory, error %d", err);
1006 		goto out_cancel;
1007 	}
1008 	mutex_unlock(&dir_ui->ui_mutex);
1009 
1010 	ubifs_release_budget(c, &req);
1011 	d_instantiate(dentry, inode);
1012 	fscrypt_free_filename(&nm);
1013 	return 0;
1014 
1015 out_cancel:
1016 	dir->i_size -= sz_change;
1017 	dir_ui->ui_size = dir->i_size;
1018 	drop_nlink(dir);
1019 	mutex_unlock(&dir_ui->ui_mutex);
1020 out_inode:
1021 	make_bad_inode(inode);
1022 	iput(inode);
1023 out_fname:
1024 	fscrypt_free_filename(&nm);
1025 out_budg:
1026 	ubifs_release_budget(c, &req);
1027 	return err;
1028 }
1029 
1030 static int ubifs_mknod(struct inode *dir, struct dentry *dentry,
1031 		       umode_t mode, dev_t rdev)
1032 {
1033 	struct inode *inode;
1034 	struct ubifs_inode *ui;
1035 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1036 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1037 	union ubifs_dev_desc *dev = NULL;
1038 	int sz_change;
1039 	int err, devlen = 0;
1040 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1041 					.dirtied_ino = 1 };
1042 	struct fscrypt_name nm;
1043 
1044 	/*
1045 	 * Budget request settings: new inode, new direntry and changing parent
1046 	 * directory inode.
1047 	 */
1048 
1049 	dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino);
1050 
1051 	if (S_ISBLK(mode) || S_ISCHR(mode)) {
1052 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1053 		if (!dev)
1054 			return -ENOMEM;
1055 		devlen = ubifs_encode_dev(dev, rdev);
1056 	}
1057 
1058 	req.new_ino_d = ALIGN(devlen, 8);
1059 	err = ubifs_budget_space(c, &req);
1060 	if (err) {
1061 		kfree(dev);
1062 		return err;
1063 	}
1064 
1065 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
1066 	if (err) {
1067 		kfree(dev);
1068 		goto out_budg;
1069 	}
1070 
1071 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1072 
1073 	inode = ubifs_new_inode(c, dir, mode);
1074 	if (IS_ERR(inode)) {
1075 		kfree(dev);
1076 		err = PTR_ERR(inode);
1077 		goto out_fname;
1078 	}
1079 
1080 	init_special_inode(inode, inode->i_mode, rdev);
1081 	inode->i_size = ubifs_inode(inode)->ui_size = devlen;
1082 	ui = ubifs_inode(inode);
1083 	ui->data = dev;
1084 	ui->data_len = devlen;
1085 
1086 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1087 	if (err)
1088 		goto out_inode;
1089 
1090 	mutex_lock(&dir_ui->ui_mutex);
1091 	dir->i_size += sz_change;
1092 	dir_ui->ui_size = dir->i_size;
1093 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1094 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1095 	if (err)
1096 		goto out_cancel;
1097 	mutex_unlock(&dir_ui->ui_mutex);
1098 
1099 	ubifs_release_budget(c, &req);
1100 	insert_inode_hash(inode);
1101 	d_instantiate(dentry, inode);
1102 	fscrypt_free_filename(&nm);
1103 	return 0;
1104 
1105 out_cancel:
1106 	dir->i_size -= sz_change;
1107 	dir_ui->ui_size = dir->i_size;
1108 	mutex_unlock(&dir_ui->ui_mutex);
1109 out_inode:
1110 	make_bad_inode(inode);
1111 	iput(inode);
1112 out_fname:
1113 	fscrypt_free_filename(&nm);
1114 out_budg:
1115 	ubifs_release_budget(c, &req);
1116 	return err;
1117 }
1118 
1119 static int ubifs_symlink(struct inode *dir, struct dentry *dentry,
1120 			 const char *symname)
1121 {
1122 	struct inode *inode;
1123 	struct ubifs_inode *ui;
1124 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1125 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1126 	int err, len = strlen(symname);
1127 	int sz_change = CALC_DENT_SIZE(len);
1128 	struct fscrypt_str disk_link;
1129 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1130 					.new_ino_d = ALIGN(len, 8),
1131 					.dirtied_ino = 1 };
1132 	struct fscrypt_name nm;
1133 
1134 	dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry,
1135 		symname, dir->i_ino);
1136 
1137 	err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA,
1138 				      &disk_link);
1139 	if (err)
1140 		return err;
1141 
1142 	/*
1143 	 * Budget request settings: new inode, new direntry and changing parent
1144 	 * directory inode.
1145 	 */
1146 	err = ubifs_budget_space(c, &req);
1147 	if (err)
1148 		return err;
1149 
1150 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
1151 	if (err)
1152 		goto out_budg;
1153 
1154 	inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO);
1155 	if (IS_ERR(inode)) {
1156 		err = PTR_ERR(inode);
1157 		goto out_fname;
1158 	}
1159 
1160 	ui = ubifs_inode(inode);
1161 	ui->data = kmalloc(disk_link.len, GFP_NOFS);
1162 	if (!ui->data) {
1163 		err = -ENOMEM;
1164 		goto out_inode;
1165 	}
1166 
1167 	if (IS_ENCRYPTED(inode)) {
1168 		disk_link.name = ui->data; /* encrypt directly into ui->data */
1169 		err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link);
1170 		if (err)
1171 			goto out_inode;
1172 	} else {
1173 		memcpy(ui->data, disk_link.name, disk_link.len);
1174 		inode->i_link = ui->data;
1175 	}
1176 
1177 	/*
1178 	 * The terminating zero byte is not written to the flash media and it
1179 	 * is put just to make later in-memory string processing simpler. Thus,
1180 	 * data length is @disk_link.len - 1, not @disk_link.len.
1181 	 */
1182 	ui->data_len = disk_link.len - 1;
1183 	inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
1184 
1185 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1186 	if (err)
1187 		goto out_inode;
1188 
1189 	mutex_lock(&dir_ui->ui_mutex);
1190 	dir->i_size += sz_change;
1191 	dir_ui->ui_size = dir->i_size;
1192 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1193 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1194 	if (err)
1195 		goto out_cancel;
1196 	mutex_unlock(&dir_ui->ui_mutex);
1197 
1198 	insert_inode_hash(inode);
1199 	d_instantiate(dentry, inode);
1200 	err = 0;
1201 	goto out_fname;
1202 
1203 out_cancel:
1204 	dir->i_size -= sz_change;
1205 	dir_ui->ui_size = dir->i_size;
1206 	mutex_unlock(&dir_ui->ui_mutex);
1207 out_inode:
1208 	make_bad_inode(inode);
1209 	iput(inode);
1210 out_fname:
1211 	fscrypt_free_filename(&nm);
1212 out_budg:
1213 	ubifs_release_budget(c, &req);
1214 	return err;
1215 }
1216 
1217 /**
1218  * lock_4_inodes - a wrapper for locking three UBIFS inodes.
1219  * @inode1: first inode
1220  * @inode2: second inode
1221  * @inode3: third inode
1222  * @inode4: fouth inode
1223  *
1224  * This function is used for 'ubifs_rename()' and @inode1 may be the same as
1225  * @inode2 whereas @inode3 and @inode4 may be %NULL.
1226  *
1227  * We do not implement any tricks to guarantee strict lock ordering, because
1228  * VFS has already done it for us on the @i_mutex. So this is just a simple
1229  * wrapper function.
1230  */
1231 static void lock_4_inodes(struct inode *inode1, struct inode *inode2,
1232 			  struct inode *inode3, struct inode *inode4)
1233 {
1234 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
1235 	if (inode2 != inode1)
1236 		mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
1237 	if (inode3)
1238 		mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3);
1239 	if (inode4)
1240 		mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4);
1241 }
1242 
1243 /**
1244  * unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename.
1245  * @inode1: first inode
1246  * @inode2: second inode
1247  * @inode3: third inode
1248  * @inode4: fouth inode
1249  */
1250 static void unlock_4_inodes(struct inode *inode1, struct inode *inode2,
1251 			    struct inode *inode3, struct inode *inode4)
1252 {
1253 	if (inode4)
1254 		mutex_unlock(&ubifs_inode(inode4)->ui_mutex);
1255 	if (inode3)
1256 		mutex_unlock(&ubifs_inode(inode3)->ui_mutex);
1257 	if (inode1 != inode2)
1258 		mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
1259 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
1260 }
1261 
1262 static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
1263 		     struct inode *new_dir, struct dentry *new_dentry,
1264 		     unsigned int flags)
1265 {
1266 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1267 	struct inode *old_inode = d_inode(old_dentry);
1268 	struct inode *new_inode = d_inode(new_dentry);
1269 	struct inode *whiteout = NULL;
1270 	struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode);
1271 	struct ubifs_inode *whiteout_ui = NULL;
1272 	int err, release, sync = 0, move = (new_dir != old_dir);
1273 	int is_dir = S_ISDIR(old_inode->i_mode);
1274 	int unlink = !!new_inode, new_sz, old_sz;
1275 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1276 					.dirtied_ino = 3 };
1277 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
1278 			.dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
1279 	struct timespec64 time;
1280 	unsigned int uninitialized_var(saved_nlink);
1281 	struct fscrypt_name old_nm, new_nm;
1282 
1283 	/*
1284 	 * Budget request settings: deletion direntry, new direntry, removing
1285 	 * the old inode, and changing old and new parent directory inodes.
1286 	 *
1287 	 * However, this operation also marks the target inode as dirty and
1288 	 * does not write it, so we allocate budget for the target inode
1289 	 * separately.
1290 	 */
1291 
1292 	dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
1293 		old_dentry, old_inode->i_ino, old_dir->i_ino,
1294 		new_dentry, new_dir->i_ino, flags);
1295 
1296 	if (unlink)
1297 		ubifs_assert(inode_is_locked(new_inode));
1298 
1299 	if (unlink && is_dir) {
1300 		err = ubifs_check_dir_empty(new_inode);
1301 		if (err)
1302 			return err;
1303 	}
1304 
1305 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm);
1306 	if (err)
1307 		return err;
1308 
1309 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm);
1310 	if (err) {
1311 		fscrypt_free_filename(&old_nm);
1312 		return err;
1313 	}
1314 
1315 	new_sz = CALC_DENT_SIZE(fname_len(&new_nm));
1316 	old_sz = CALC_DENT_SIZE(fname_len(&old_nm));
1317 
1318 	err = ubifs_budget_space(c, &req);
1319 	if (err) {
1320 		fscrypt_free_filename(&old_nm);
1321 		fscrypt_free_filename(&new_nm);
1322 		return err;
1323 	}
1324 	err = ubifs_budget_space(c, &ino_req);
1325 	if (err) {
1326 		fscrypt_free_filename(&old_nm);
1327 		fscrypt_free_filename(&new_nm);
1328 		ubifs_release_budget(c, &req);
1329 		return err;
1330 	}
1331 
1332 	if (flags & RENAME_WHITEOUT) {
1333 		union ubifs_dev_desc *dev = NULL;
1334 
1335 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1336 		if (!dev) {
1337 			err = -ENOMEM;
1338 			goto out_release;
1339 		}
1340 
1341 		err = do_tmpfile(old_dir, old_dentry, S_IFCHR | WHITEOUT_MODE, &whiteout);
1342 		if (err) {
1343 			kfree(dev);
1344 			goto out_release;
1345 		}
1346 
1347 		whiteout->i_state |= I_LINKABLE;
1348 		whiteout_ui = ubifs_inode(whiteout);
1349 		whiteout_ui->data = dev;
1350 		whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
1351 		ubifs_assert(!whiteout_ui->dirty);
1352 	}
1353 
1354 	lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1355 
1356 	/*
1357 	 * Like most other Unix systems, set the @i_ctime for inodes on a
1358 	 * rename.
1359 	 */
1360 	time = current_time(old_dir);
1361 	old_inode->i_ctime = time;
1362 
1363 	/* We must adjust parent link count when renaming directories */
1364 	if (is_dir) {
1365 		if (move) {
1366 			/*
1367 			 * @old_dir loses a link because we are moving
1368 			 * @old_inode to a different directory.
1369 			 */
1370 			drop_nlink(old_dir);
1371 			/*
1372 			 * @new_dir only gains a link if we are not also
1373 			 * overwriting an existing directory.
1374 			 */
1375 			if (!unlink)
1376 				inc_nlink(new_dir);
1377 		} else {
1378 			/*
1379 			 * @old_inode is not moving to a different directory,
1380 			 * but @old_dir still loses a link if we are
1381 			 * overwriting an existing directory.
1382 			 */
1383 			if (unlink)
1384 				drop_nlink(old_dir);
1385 		}
1386 	}
1387 
1388 	old_dir->i_size -= old_sz;
1389 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1390 	old_dir->i_mtime = old_dir->i_ctime = time;
1391 	new_dir->i_mtime = new_dir->i_ctime = time;
1392 
1393 	/*
1394 	 * And finally, if we unlinked a direntry which happened to have the
1395 	 * same name as the moved direntry, we have to decrement @i_nlink of
1396 	 * the unlinked inode and change its ctime.
1397 	 */
1398 	if (unlink) {
1399 		/*
1400 		 * Directories cannot have hard-links, so if this is a
1401 		 * directory, just clear @i_nlink.
1402 		 */
1403 		saved_nlink = new_inode->i_nlink;
1404 		if (is_dir)
1405 			clear_nlink(new_inode);
1406 		else
1407 			drop_nlink(new_inode);
1408 		new_inode->i_ctime = time;
1409 	} else {
1410 		new_dir->i_size += new_sz;
1411 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1412 	}
1413 
1414 	/*
1415 	 * Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode
1416 	 * is dirty, because this will be done later on at the end of
1417 	 * 'ubifs_rename()'.
1418 	 */
1419 	if (IS_SYNC(old_inode)) {
1420 		sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1421 		if (unlink && IS_SYNC(new_inode))
1422 			sync = 1;
1423 	}
1424 
1425 	if (whiteout) {
1426 		struct ubifs_budget_req wht_req = { .dirtied_ino = 1,
1427 				.dirtied_ino_d = \
1428 				ALIGN(ubifs_inode(whiteout)->data_len, 8) };
1429 
1430 		err = ubifs_budget_space(c, &wht_req);
1431 		if (err) {
1432 			kfree(whiteout_ui->data);
1433 			whiteout_ui->data_len = 0;
1434 			iput(whiteout);
1435 			goto out_release;
1436 		}
1437 
1438 		inc_nlink(whiteout);
1439 		mark_inode_dirty(whiteout);
1440 		whiteout->i_state &= ~I_LINKABLE;
1441 		iput(whiteout);
1442 	}
1443 
1444 	err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
1445 			       new_inode, &new_nm, whiteout, sync);
1446 	if (err)
1447 		goto out_cancel;
1448 
1449 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1450 	ubifs_release_budget(c, &req);
1451 
1452 	mutex_lock(&old_inode_ui->ui_mutex);
1453 	release = old_inode_ui->dirty;
1454 	mark_inode_dirty_sync(old_inode);
1455 	mutex_unlock(&old_inode_ui->ui_mutex);
1456 
1457 	if (release)
1458 		ubifs_release_budget(c, &ino_req);
1459 	if (IS_SYNC(old_inode))
1460 		err = old_inode->i_sb->s_op->write_inode(old_inode, NULL);
1461 
1462 	fscrypt_free_filename(&old_nm);
1463 	fscrypt_free_filename(&new_nm);
1464 	return err;
1465 
1466 out_cancel:
1467 	if (unlink) {
1468 		set_nlink(new_inode, saved_nlink);
1469 	} else {
1470 		new_dir->i_size -= new_sz;
1471 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1472 	}
1473 	old_dir->i_size += old_sz;
1474 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1475 	if (is_dir) {
1476 		if (move) {
1477 			inc_nlink(old_dir);
1478 			if (!unlink)
1479 				drop_nlink(new_dir);
1480 		} else {
1481 			if (unlink)
1482 				inc_nlink(old_dir);
1483 		}
1484 	}
1485 	if (whiteout) {
1486 		drop_nlink(whiteout);
1487 		iput(whiteout);
1488 	}
1489 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1490 out_release:
1491 	ubifs_release_budget(c, &ino_req);
1492 	ubifs_release_budget(c, &req);
1493 	fscrypt_free_filename(&old_nm);
1494 	fscrypt_free_filename(&new_nm);
1495 	return err;
1496 }
1497 
1498 static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry,
1499 			struct inode *new_dir, struct dentry *new_dentry)
1500 {
1501 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1502 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1503 				.dirtied_ino = 2 };
1504 	int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1505 	struct inode *fst_inode = d_inode(old_dentry);
1506 	struct inode *snd_inode = d_inode(new_dentry);
1507 	struct timespec64 time;
1508 	int err;
1509 	struct fscrypt_name fst_nm, snd_nm;
1510 
1511 	ubifs_assert(fst_inode && snd_inode);
1512 
1513 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm);
1514 	if (err)
1515 		return err;
1516 
1517 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm);
1518 	if (err) {
1519 		fscrypt_free_filename(&fst_nm);
1520 		return err;
1521 	}
1522 
1523 	lock_4_inodes(old_dir, new_dir, NULL, NULL);
1524 
1525 	time = current_time(old_dir);
1526 	fst_inode->i_ctime = time;
1527 	snd_inode->i_ctime = time;
1528 	old_dir->i_mtime = old_dir->i_ctime = time;
1529 	new_dir->i_mtime = new_dir->i_ctime = time;
1530 
1531 	if (old_dir != new_dir) {
1532 		if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) {
1533 			inc_nlink(new_dir);
1534 			drop_nlink(old_dir);
1535 		}
1536 		else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) {
1537 			drop_nlink(new_dir);
1538 			inc_nlink(old_dir);
1539 		}
1540 	}
1541 
1542 	err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir,
1543 				snd_inode, &snd_nm, sync);
1544 
1545 	unlock_4_inodes(old_dir, new_dir, NULL, NULL);
1546 	ubifs_release_budget(c, &req);
1547 
1548 	fscrypt_free_filename(&fst_nm);
1549 	fscrypt_free_filename(&snd_nm);
1550 	return err;
1551 }
1552 
1553 static int ubifs_rename(struct inode *old_dir, struct dentry *old_dentry,
1554 			struct inode *new_dir, struct dentry *new_dentry,
1555 			unsigned int flags)
1556 {
1557 	int err;
1558 
1559 	if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE))
1560 		return -EINVAL;
1561 
1562 	ubifs_assert(inode_is_locked(old_dir));
1563 	ubifs_assert(inode_is_locked(new_dir));
1564 
1565 	err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
1566 				     flags);
1567 	if (err)
1568 		return err;
1569 
1570 	if (flags & RENAME_EXCHANGE)
1571 		return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry);
1572 
1573 	return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
1574 }
1575 
1576 int ubifs_getattr(const struct path *path, struct kstat *stat,
1577 		  u32 request_mask, unsigned int flags)
1578 {
1579 	loff_t size;
1580 	struct inode *inode = d_inode(path->dentry);
1581 	struct ubifs_inode *ui = ubifs_inode(inode);
1582 
1583 	mutex_lock(&ui->ui_mutex);
1584 
1585 	if (ui->flags & UBIFS_APPEND_FL)
1586 		stat->attributes |= STATX_ATTR_APPEND;
1587 	if (ui->flags & UBIFS_COMPR_FL)
1588 		stat->attributes |= STATX_ATTR_COMPRESSED;
1589 	if (ui->flags & UBIFS_CRYPT_FL)
1590 		stat->attributes |= STATX_ATTR_ENCRYPTED;
1591 	if (ui->flags & UBIFS_IMMUTABLE_FL)
1592 		stat->attributes |= STATX_ATTR_IMMUTABLE;
1593 
1594 	stat->attributes_mask |= (STATX_ATTR_APPEND |
1595 				STATX_ATTR_COMPRESSED |
1596 				STATX_ATTR_ENCRYPTED |
1597 				STATX_ATTR_IMMUTABLE);
1598 
1599 	generic_fillattr(inode, stat);
1600 	stat->blksize = UBIFS_BLOCK_SIZE;
1601 	stat->size = ui->ui_size;
1602 
1603 	/*
1604 	 * Unfortunately, the 'stat()' system call was designed for block
1605 	 * device based file systems, and it is not appropriate for UBIFS,
1606 	 * because UBIFS does not have notion of "block". For example, it is
1607 	 * difficult to tell how many block a directory takes - it actually
1608 	 * takes less than 300 bytes, but we have to round it to block size,
1609 	 * which introduces large mistake. This makes utilities like 'du' to
1610 	 * report completely senseless numbers. This is the reason why UBIFS
1611 	 * goes the same way as JFFS2 - it reports zero blocks for everything
1612 	 * but regular files, which makes more sense than reporting completely
1613 	 * wrong sizes.
1614 	 */
1615 	if (S_ISREG(inode->i_mode)) {
1616 		size = ui->xattr_size;
1617 		size += stat->size;
1618 		size = ALIGN(size, UBIFS_BLOCK_SIZE);
1619 		/*
1620 		 * Note, user-space expects 512-byte blocks count irrespectively
1621 		 * of what was reported in @stat->size.
1622 		 */
1623 		stat->blocks = size >> 9;
1624 	} else
1625 		stat->blocks = 0;
1626 	mutex_unlock(&ui->ui_mutex);
1627 	return 0;
1628 }
1629 
1630 static int ubifs_dir_open(struct inode *dir, struct file *file)
1631 {
1632 	if (ubifs_crypt_is_encrypted(dir))
1633 		return fscrypt_get_encryption_info(dir) ? -EACCES : 0;
1634 
1635 	return 0;
1636 }
1637 
1638 const struct inode_operations ubifs_dir_inode_operations = {
1639 	.lookup      = ubifs_lookup,
1640 	.create      = ubifs_create,
1641 	.link        = ubifs_link,
1642 	.symlink     = ubifs_symlink,
1643 	.unlink      = ubifs_unlink,
1644 	.mkdir       = ubifs_mkdir,
1645 	.rmdir       = ubifs_rmdir,
1646 	.mknod       = ubifs_mknod,
1647 	.rename      = ubifs_rename,
1648 	.setattr     = ubifs_setattr,
1649 	.getattr     = ubifs_getattr,
1650 	.listxattr   = ubifs_listxattr,
1651 #ifdef CONFIG_UBIFS_ATIME_SUPPORT
1652 	.update_time = ubifs_update_time,
1653 #endif
1654 	.tmpfile     = ubifs_tmpfile,
1655 };
1656 
1657 const struct file_operations ubifs_dir_operations = {
1658 	.llseek         = generic_file_llseek,
1659 	.release        = ubifs_dir_release,
1660 	.read           = generic_read_dir,
1661 	.iterate_shared = ubifs_readdir,
1662 	.fsync          = ubifs_fsync,
1663 	.unlocked_ioctl = ubifs_ioctl,
1664 	.open		= ubifs_dir_open,
1665 #ifdef CONFIG_COMPAT
1666 	.compat_ioctl   = ubifs_compat_ioctl,
1667 #endif
1668 };
1669