xref: /linux/fs/ubifs/dir.c (revision ab52c59103002b49f2455371e4b9c56ba3ef1781)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* * This file is part of UBIFS.
3  *
4  * Copyright (C) 2006-2008 Nokia Corporation.
5  * Copyright (C) 2006, 2007 University of Szeged, Hungary
6  *
7  * Authors: Artem Bityutskiy (Битюцкий Артём)
8  *          Adrian Hunter
9  *          Zoltan Sogor
10  */
11 
12 /*
13  * This file implements directory operations.
14  *
15  * All FS operations in this file allocate budget before writing anything to the
16  * media. If they fail to allocate it, the error is returned. The only
17  * exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even
18  * if they unable to allocate the budget, because deletion %-ENOSPC failure is
19  * not what users are usually ready to get. UBIFS budgeting subsystem has some
20  * space reserved for these purposes.
21  *
22  * All operations in this file write all inodes which they change straight
23  * away, instead of marking them dirty. For example, 'ubifs_link()' changes
24  * @i_size of the parent inode and writes the parent inode together with the
25  * target inode. This was done to simplify file-system recovery which would
26  * otherwise be very difficult to do. The only exception is rename which marks
27  * the re-named inode dirty (because its @i_ctime is updated) but does not
28  * write it, but just marks it as dirty.
29  */
30 
31 #include "ubifs.h"
32 
33 /**
34  * inherit_flags - inherit flags of the parent inode.
35  * @dir: parent inode
36  * @mode: new inode mode flags
37  *
38  * This is a helper function for 'ubifs_new_inode()' which inherits flag of the
39  * parent directory inode @dir. UBIFS inodes inherit the following flags:
40  * o %UBIFS_COMPR_FL, which is useful to switch compression on/of on
41  *   sub-directory basis;
42  * o %UBIFS_SYNC_FL - useful for the same reasons;
43  * o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories.
44  *
45  * This function returns the inherited flags.
46  */
47 static int inherit_flags(const struct inode *dir, umode_t mode)
48 {
49 	int flags;
50 	const struct ubifs_inode *ui = ubifs_inode(dir);
51 
52 	if (!S_ISDIR(dir->i_mode))
53 		/*
54 		 * The parent is not a directory, which means that an extended
55 		 * attribute inode is being created. No flags.
56 		 */
57 		return 0;
58 
59 	flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL);
60 	if (!S_ISDIR(mode))
61 		/* The "DIRSYNC" flag only applies to directories */
62 		flags &= ~UBIFS_DIRSYNC_FL;
63 	return flags;
64 }
65 
66 /**
67  * ubifs_new_inode - allocate new UBIFS inode object.
68  * @c: UBIFS file-system description object
69  * @dir: parent directory inode
70  * @mode: inode mode flags
71  * @is_xattr: whether the inode is xattr inode
72  *
73  * This function finds an unused inode number, allocates new inode and
74  * initializes it. Returns new inode in case of success and an error code in
75  * case of failure.
76  */
77 struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
78 			      umode_t mode, bool is_xattr)
79 {
80 	int err;
81 	struct inode *inode;
82 	struct ubifs_inode *ui;
83 	bool encrypted = false;
84 
85 	inode = new_inode(c->vfs_sb);
86 	ui = ubifs_inode(inode);
87 	if (!inode)
88 		return ERR_PTR(-ENOMEM);
89 
90 	/*
91 	 * Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and
92 	 * marking them dirty in file write path (see 'file_update_time()').
93 	 * UBIFS has to fully control "clean <-> dirty" transitions of inodes
94 	 * to make budgeting work.
95 	 */
96 	inode->i_flags |= S_NOCMTIME;
97 
98 	inode_init_owner(&nop_mnt_idmap, inode, dir, mode);
99 	simple_inode_init_ts(inode);
100 	inode->i_mapping->nrpages = 0;
101 
102 	if (!is_xattr) {
103 		err = fscrypt_prepare_new_inode(dir, inode, &encrypted);
104 		if (err) {
105 			ubifs_err(c, "fscrypt_prepare_new_inode failed: %i", err);
106 			goto out_iput;
107 		}
108 	}
109 
110 	switch (mode & S_IFMT) {
111 	case S_IFREG:
112 		inode->i_mapping->a_ops = &ubifs_file_address_operations;
113 		inode->i_op = &ubifs_file_inode_operations;
114 		inode->i_fop = &ubifs_file_operations;
115 		break;
116 	case S_IFDIR:
117 		inode->i_op  = &ubifs_dir_inode_operations;
118 		inode->i_fop = &ubifs_dir_operations;
119 		inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ;
120 		break;
121 	case S_IFLNK:
122 		inode->i_op = &ubifs_symlink_inode_operations;
123 		break;
124 	case S_IFSOCK:
125 	case S_IFIFO:
126 	case S_IFBLK:
127 	case S_IFCHR:
128 		inode->i_op  = &ubifs_file_inode_operations;
129 		break;
130 	default:
131 		BUG();
132 	}
133 
134 	ui->flags = inherit_flags(dir, mode);
135 	ubifs_set_inode_flags(inode);
136 	if (S_ISREG(mode))
137 		ui->compr_type = c->default_compr;
138 	else
139 		ui->compr_type = UBIFS_COMPR_NONE;
140 	ui->synced_i_size = 0;
141 
142 	spin_lock(&c->cnt_lock);
143 	/* Inode number overflow is currently not supported */
144 	if (c->highest_inum >= INUM_WARN_WATERMARK) {
145 		if (c->highest_inum >= INUM_WATERMARK) {
146 			spin_unlock(&c->cnt_lock);
147 			ubifs_err(c, "out of inode numbers");
148 			err = -EINVAL;
149 			goto out_iput;
150 		}
151 		ubifs_warn(c, "running out of inode numbers (current %lu, max %u)",
152 			   (unsigned long)c->highest_inum, INUM_WATERMARK);
153 	}
154 
155 	inode->i_ino = ++c->highest_inum;
156 	/*
157 	 * The creation sequence number remains with this inode for its
158 	 * lifetime. All nodes for this inode have a greater sequence number,
159 	 * and so it is possible to distinguish obsolete nodes belonging to a
160 	 * previous incarnation of the same inode number - for example, for the
161 	 * purpose of rebuilding the index.
162 	 */
163 	ui->creat_sqnum = ++c->max_sqnum;
164 	spin_unlock(&c->cnt_lock);
165 
166 	if (encrypted) {
167 		err = fscrypt_set_context(inode, NULL);
168 		if (err) {
169 			ubifs_err(c, "fscrypt_set_context failed: %i", err);
170 			goto out_iput;
171 		}
172 	}
173 
174 	return inode;
175 
176 out_iput:
177 	make_bad_inode(inode);
178 	iput(inode);
179 	return ERR_PTR(err);
180 }
181 
182 static int dbg_check_name(const struct ubifs_info *c,
183 			  const struct ubifs_dent_node *dent,
184 			  const struct fscrypt_name *nm)
185 {
186 	if (!dbg_is_chk_gen(c))
187 		return 0;
188 	if (le16_to_cpu(dent->nlen) != fname_len(nm))
189 		return -EINVAL;
190 	if (memcmp(dent->name, fname_name(nm), fname_len(nm)))
191 		return -EINVAL;
192 	return 0;
193 }
194 
195 static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
196 				   unsigned int flags)
197 {
198 	int err;
199 	union ubifs_key key;
200 	struct inode *inode = NULL;
201 	struct ubifs_dent_node *dent = NULL;
202 	struct ubifs_info *c = dir->i_sb->s_fs_info;
203 	struct fscrypt_name nm;
204 
205 	dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino);
206 
207 	err = fscrypt_prepare_lookup(dir, dentry, &nm);
208 	if (err == -ENOENT)
209 		return d_splice_alias(NULL, dentry);
210 	if (err)
211 		return ERR_PTR(err);
212 
213 	if (fname_len(&nm) > UBIFS_MAX_NLEN) {
214 		inode = ERR_PTR(-ENAMETOOLONG);
215 		goto done;
216 	}
217 
218 	dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
219 	if (!dent) {
220 		inode = ERR_PTR(-ENOMEM);
221 		goto done;
222 	}
223 
224 	if (fname_name(&nm) == NULL) {
225 		if (nm.hash & ~UBIFS_S_KEY_HASH_MASK)
226 			goto done; /* ENOENT */
227 		dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
228 		err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
229 	} else {
230 		dent_key_init(c, &key, dir->i_ino, &nm);
231 		err = ubifs_tnc_lookup_nm(c, &key, dent, &nm);
232 	}
233 
234 	if (err) {
235 		if (err == -ENOENT)
236 			dbg_gen("not found");
237 		else
238 			inode = ERR_PTR(err);
239 		goto done;
240 	}
241 
242 	if (dbg_check_name(c, dent, &nm)) {
243 		inode = ERR_PTR(-EINVAL);
244 		goto done;
245 	}
246 
247 	inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum));
248 	if (IS_ERR(inode)) {
249 		/*
250 		 * This should not happen. Probably the file-system needs
251 		 * checking.
252 		 */
253 		err = PTR_ERR(inode);
254 		ubifs_err(c, "dead directory entry '%pd', error %d",
255 			  dentry, err);
256 		ubifs_ro_mode(c, err);
257 		goto done;
258 	}
259 
260 	if (IS_ENCRYPTED(dir) &&
261 	    (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
262 	    !fscrypt_has_permitted_context(dir, inode)) {
263 		ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
264 			   dir->i_ino, inode->i_ino);
265 		iput(inode);
266 		inode = ERR_PTR(-EPERM);
267 	}
268 
269 done:
270 	kfree(dent);
271 	fscrypt_free_filename(&nm);
272 	return d_splice_alias(inode, dentry);
273 }
274 
275 static int ubifs_prepare_create(struct inode *dir, struct dentry *dentry,
276 				struct fscrypt_name *nm)
277 {
278 	if (fscrypt_is_nokey_name(dentry))
279 		return -ENOKEY;
280 
281 	return fscrypt_setup_filename(dir, &dentry->d_name, 0, nm);
282 }
283 
284 static int ubifs_create(struct mnt_idmap *idmap, struct inode *dir,
285 			struct dentry *dentry, umode_t mode, bool excl)
286 {
287 	struct inode *inode;
288 	struct ubifs_info *c = dir->i_sb->s_fs_info;
289 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
290 					.dirtied_ino = 1 };
291 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
292 	struct fscrypt_name nm;
293 	int err, sz_change;
294 
295 	/*
296 	 * Budget request settings: new inode, new direntry, changing the
297 	 * parent directory inode.
298 	 */
299 
300 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
301 		dentry, mode, dir->i_ino);
302 
303 	err = ubifs_budget_space(c, &req);
304 	if (err)
305 		return err;
306 
307 	err = ubifs_prepare_create(dir, dentry, &nm);
308 	if (err)
309 		goto out_budg;
310 
311 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
312 
313 	inode = ubifs_new_inode(c, dir, mode, false);
314 	if (IS_ERR(inode)) {
315 		err = PTR_ERR(inode);
316 		goto out_fname;
317 	}
318 
319 	err = ubifs_init_security(dir, inode, &dentry->d_name);
320 	if (err)
321 		goto out_inode;
322 
323 	mutex_lock(&dir_ui->ui_mutex);
324 	dir->i_size += sz_change;
325 	dir_ui->ui_size = dir->i_size;
326 	inode_set_mtime_to_ts(dir,
327 			      inode_set_ctime_to_ts(dir, inode_get_ctime(inode)));
328 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
329 	if (err)
330 		goto out_cancel;
331 	mutex_unlock(&dir_ui->ui_mutex);
332 
333 	ubifs_release_budget(c, &req);
334 	fscrypt_free_filename(&nm);
335 	insert_inode_hash(inode);
336 	d_instantiate(dentry, inode);
337 	return 0;
338 
339 out_cancel:
340 	dir->i_size -= sz_change;
341 	dir_ui->ui_size = dir->i_size;
342 	mutex_unlock(&dir_ui->ui_mutex);
343 out_inode:
344 	make_bad_inode(inode);
345 	iput(inode);
346 out_fname:
347 	fscrypt_free_filename(&nm);
348 out_budg:
349 	ubifs_release_budget(c, &req);
350 	ubifs_err(c, "cannot create regular file, error %d", err);
351 	return err;
352 }
353 
354 static struct inode *create_whiteout(struct inode *dir, struct dentry *dentry)
355 {
356 	int err;
357 	umode_t mode = S_IFCHR | WHITEOUT_MODE;
358 	struct inode *inode;
359 	struct ubifs_info *c = dir->i_sb->s_fs_info;
360 
361 	/*
362 	 * Create an inode('nlink = 1') for whiteout without updating journal,
363 	 * let ubifs_jnl_rename() store it on flash to complete rename whiteout
364 	 * atomically.
365 	 */
366 
367 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
368 		dentry, mode, dir->i_ino);
369 
370 	inode = ubifs_new_inode(c, dir, mode, false);
371 	if (IS_ERR(inode)) {
372 		err = PTR_ERR(inode);
373 		goto out_free;
374 	}
375 
376 	init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
377 	ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations);
378 
379 	err = ubifs_init_security(dir, inode, &dentry->d_name);
380 	if (err)
381 		goto out_inode;
382 
383 	/* The dir size is updated by do_rename. */
384 	insert_inode_hash(inode);
385 
386 	return inode;
387 
388 out_inode:
389 	make_bad_inode(inode);
390 	iput(inode);
391 out_free:
392 	ubifs_err(c, "cannot create whiteout file, error %d", err);
393 	return ERR_PTR(err);
394 }
395 
396 /**
397  * lock_2_inodes - a wrapper for locking two UBIFS inodes.
398  * @inode1: first inode
399  * @inode2: second inode
400  *
401  * We do not implement any tricks to guarantee strict lock ordering, because
402  * VFS has already done it for us on the @i_mutex. So this is just a simple
403  * wrapper function.
404  */
405 static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
406 {
407 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
408 	mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
409 }
410 
411 /**
412  * unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
413  * @inode1: first inode
414  * @inode2: second inode
415  */
416 static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
417 {
418 	mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
419 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
420 }
421 
422 static int ubifs_tmpfile(struct mnt_idmap *idmap, struct inode *dir,
423 			 struct file *file, umode_t mode)
424 {
425 	struct dentry *dentry = file->f_path.dentry;
426 	struct inode *inode;
427 	struct ubifs_info *c = dir->i_sb->s_fs_info;
428 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
429 					.dirtied_ino = 1};
430 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
431 	struct ubifs_inode *ui;
432 	int err, instantiated = 0;
433 	struct fscrypt_name nm;
434 
435 	/*
436 	 * Budget request settings: new inode, new direntry, changing the
437 	 * parent directory inode.
438 	 * Allocate budget separately for new dirtied inode, the budget will
439 	 * be released via writeback.
440 	 */
441 
442 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
443 		dentry, mode, dir->i_ino);
444 
445 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
446 	if (err)
447 		return err;
448 
449 	err = ubifs_budget_space(c, &req);
450 	if (err) {
451 		fscrypt_free_filename(&nm);
452 		return err;
453 	}
454 
455 	err = ubifs_budget_space(c, &ino_req);
456 	if (err) {
457 		ubifs_release_budget(c, &req);
458 		fscrypt_free_filename(&nm);
459 		return err;
460 	}
461 
462 	inode = ubifs_new_inode(c, dir, mode, false);
463 	if (IS_ERR(inode)) {
464 		err = PTR_ERR(inode);
465 		goto out_budg;
466 	}
467 	ui = ubifs_inode(inode);
468 
469 	err = ubifs_init_security(dir, inode, &dentry->d_name);
470 	if (err)
471 		goto out_inode;
472 
473 	mutex_lock(&ui->ui_mutex);
474 	insert_inode_hash(inode);
475 	d_tmpfile(file, inode);
476 	ubifs_assert(c, ui->dirty);
477 
478 	instantiated = 1;
479 	mutex_unlock(&ui->ui_mutex);
480 
481 	lock_2_inodes(dir, inode);
482 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
483 	if (err)
484 		goto out_cancel;
485 	unlock_2_inodes(dir, inode);
486 
487 	ubifs_release_budget(c, &req);
488 	fscrypt_free_filename(&nm);
489 
490 	return finish_open_simple(file, 0);
491 
492 out_cancel:
493 	unlock_2_inodes(dir, inode);
494 out_inode:
495 	make_bad_inode(inode);
496 	if (!instantiated)
497 		iput(inode);
498 out_budg:
499 	ubifs_release_budget(c, &req);
500 	if (!instantiated)
501 		ubifs_release_budget(c, &ino_req);
502 	fscrypt_free_filename(&nm);
503 	ubifs_err(c, "cannot create temporary file, error %d", err);
504 	return err;
505 }
506 
507 /**
508  * vfs_dent_type - get VFS directory entry type.
509  * @type: UBIFS directory entry type
510  *
511  * This function converts UBIFS directory entry type into VFS directory entry
512  * type.
513  */
514 static unsigned int vfs_dent_type(uint8_t type)
515 {
516 	switch (type) {
517 	case UBIFS_ITYPE_REG:
518 		return DT_REG;
519 	case UBIFS_ITYPE_DIR:
520 		return DT_DIR;
521 	case UBIFS_ITYPE_LNK:
522 		return DT_LNK;
523 	case UBIFS_ITYPE_BLK:
524 		return DT_BLK;
525 	case UBIFS_ITYPE_CHR:
526 		return DT_CHR;
527 	case UBIFS_ITYPE_FIFO:
528 		return DT_FIFO;
529 	case UBIFS_ITYPE_SOCK:
530 		return DT_SOCK;
531 	default:
532 		BUG();
533 	}
534 	return 0;
535 }
536 
537 /*
538  * The classical Unix view for directory is that it is a linear array of
539  * (name, inode number) entries. Linux/VFS assumes this model as well.
540  * Particularly, 'readdir()' call wants us to return a directory entry offset
541  * which later may be used to continue 'readdir()'ing the directory or to
542  * 'seek()' to that specific direntry. Obviously UBIFS does not really fit this
543  * model because directory entries are identified by keys, which may collide.
544  *
545  * UBIFS uses directory entry hash value for directory offsets, so
546  * 'seekdir()'/'telldir()' may not always work because of possible key
547  * collisions. But UBIFS guarantees that consecutive 'readdir()' calls work
548  * properly by means of saving full directory entry name in the private field
549  * of the file description object.
550  *
551  * This means that UBIFS cannot support NFS which requires full
552  * 'seekdir()'/'telldir()' support.
553  */
554 static int ubifs_readdir(struct file *file, struct dir_context *ctx)
555 {
556 	int fstr_real_len = 0, err = 0;
557 	struct fscrypt_name nm;
558 	struct fscrypt_str fstr = {0};
559 	union ubifs_key key;
560 	struct ubifs_dent_node *dent;
561 	struct inode *dir = file_inode(file);
562 	struct ubifs_info *c = dir->i_sb->s_fs_info;
563 	bool encrypted = IS_ENCRYPTED(dir);
564 
565 	dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos);
566 
567 	if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2)
568 		/*
569 		 * The directory was seek'ed to a senseless position or there
570 		 * are no more entries.
571 		 */
572 		return 0;
573 
574 	if (encrypted) {
575 		err = fscrypt_prepare_readdir(dir);
576 		if (err)
577 			return err;
578 
579 		err = fscrypt_fname_alloc_buffer(UBIFS_MAX_NLEN, &fstr);
580 		if (err)
581 			return err;
582 
583 		fstr_real_len = fstr.len;
584 	}
585 
586 	if (file->f_version == 0) {
587 		/*
588 		 * The file was seek'ed, which means that @file->private_data
589 		 * is now invalid. This may also be just the first
590 		 * 'ubifs_readdir()' invocation, in which case
591 		 * @file->private_data is NULL, and the below code is
592 		 * basically a no-op.
593 		 */
594 		kfree(file->private_data);
595 		file->private_data = NULL;
596 	}
597 
598 	/*
599 	 * 'generic_file_llseek()' unconditionally sets @file->f_version to
600 	 * zero, and we use this for detecting whether the file was seek'ed.
601 	 */
602 	file->f_version = 1;
603 
604 	/* File positions 0 and 1 correspond to "." and ".." */
605 	if (ctx->pos < 2) {
606 		ubifs_assert(c, !file->private_data);
607 		if (!dir_emit_dots(file, ctx)) {
608 			if (encrypted)
609 				fscrypt_fname_free_buffer(&fstr);
610 			return 0;
611 		}
612 
613 		/* Find the first entry in TNC and save it */
614 		lowest_dent_key(c, &key, dir->i_ino);
615 		fname_len(&nm) = 0;
616 		dent = ubifs_tnc_next_ent(c, &key, &nm);
617 		if (IS_ERR(dent)) {
618 			err = PTR_ERR(dent);
619 			goto out;
620 		}
621 
622 		ctx->pos = key_hash_flash(c, &dent->key);
623 		file->private_data = dent;
624 	}
625 
626 	dent = file->private_data;
627 	if (!dent) {
628 		/*
629 		 * The directory was seek'ed to and is now readdir'ed.
630 		 * Find the entry corresponding to @ctx->pos or the closest one.
631 		 */
632 		dent_key_init_hash(c, &key, dir->i_ino, ctx->pos);
633 		fname_len(&nm) = 0;
634 		dent = ubifs_tnc_next_ent(c, &key, &nm);
635 		if (IS_ERR(dent)) {
636 			err = PTR_ERR(dent);
637 			goto out;
638 		}
639 		ctx->pos = key_hash_flash(c, &dent->key);
640 		file->private_data = dent;
641 	}
642 
643 	while (1) {
644 		dbg_gen("ino %llu, new f_pos %#x",
645 			(unsigned long long)le64_to_cpu(dent->inum),
646 			key_hash_flash(c, &dent->key));
647 		ubifs_assert(c, le64_to_cpu(dent->ch.sqnum) >
648 			     ubifs_inode(dir)->creat_sqnum);
649 
650 		fname_len(&nm) = le16_to_cpu(dent->nlen);
651 		fname_name(&nm) = dent->name;
652 
653 		if (encrypted) {
654 			fstr.len = fstr_real_len;
655 
656 			err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c,
657 							&dent->key),
658 							le32_to_cpu(dent->cookie),
659 							&nm.disk_name, &fstr);
660 			if (err)
661 				goto out;
662 		} else {
663 			fstr.len = fname_len(&nm);
664 			fstr.name = fname_name(&nm);
665 		}
666 
667 		if (!dir_emit(ctx, fstr.name, fstr.len,
668 			       le64_to_cpu(dent->inum),
669 			       vfs_dent_type(dent->type))) {
670 			if (encrypted)
671 				fscrypt_fname_free_buffer(&fstr);
672 			return 0;
673 		}
674 
675 		/* Switch to the next entry */
676 		key_read(c, &dent->key, &key);
677 		dent = ubifs_tnc_next_ent(c, &key, &nm);
678 		if (IS_ERR(dent)) {
679 			err = PTR_ERR(dent);
680 			goto out;
681 		}
682 
683 		kfree(file->private_data);
684 		ctx->pos = key_hash_flash(c, &dent->key);
685 		file->private_data = dent;
686 		cond_resched();
687 	}
688 
689 out:
690 	kfree(file->private_data);
691 	file->private_data = NULL;
692 
693 	if (encrypted)
694 		fscrypt_fname_free_buffer(&fstr);
695 
696 	if (err != -ENOENT)
697 		ubifs_err(c, "cannot find next direntry, error %d", err);
698 	else
699 		/*
700 		 * -ENOENT is a non-fatal error in this context, the TNC uses
701 		 * it to indicate that the cursor moved past the current directory
702 		 * and readdir() has to stop.
703 		 */
704 		err = 0;
705 
706 
707 	/* 2 is a special value indicating that there are no more direntries */
708 	ctx->pos = 2;
709 	return err;
710 }
711 
712 /* Free saved readdir() state when the directory is closed */
713 static int ubifs_dir_release(struct inode *dir, struct file *file)
714 {
715 	kfree(file->private_data);
716 	file->private_data = NULL;
717 	return 0;
718 }
719 
720 static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
721 		      struct dentry *dentry)
722 {
723 	struct ubifs_info *c = dir->i_sb->s_fs_info;
724 	struct inode *inode = d_inode(old_dentry);
725 	struct ubifs_inode *ui = ubifs_inode(inode);
726 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
727 	int err, sz_change;
728 	struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2,
729 				.dirtied_ino_d = ALIGN(ui->data_len, 8) };
730 	struct fscrypt_name nm;
731 
732 	/*
733 	 * Budget request settings: new direntry, changing the target inode,
734 	 * changing the parent inode.
735 	 */
736 
737 	dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu",
738 		dentry, inode->i_ino,
739 		inode->i_nlink, dir->i_ino);
740 	ubifs_assert(c, inode_is_locked(dir));
741 	ubifs_assert(c, inode_is_locked(inode));
742 
743 	err = fscrypt_prepare_link(old_dentry, dir, dentry);
744 	if (err)
745 		return err;
746 
747 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
748 	if (err)
749 		return err;
750 
751 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
752 
753 	err = dbg_check_synced_i_size(c, inode);
754 	if (err)
755 		goto out_fname;
756 
757 	err = ubifs_budget_space(c, &req);
758 	if (err)
759 		goto out_fname;
760 
761 	lock_2_inodes(dir, inode);
762 
763 	/* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
764 	if (inode->i_nlink == 0)
765 		ubifs_delete_orphan(c, inode->i_ino);
766 
767 	inc_nlink(inode);
768 	ihold(inode);
769 	inode_set_ctime_current(inode);
770 	dir->i_size += sz_change;
771 	dir_ui->ui_size = dir->i_size;
772 	inode_set_mtime_to_ts(dir,
773 			      inode_set_ctime_to_ts(dir, inode_get_ctime(inode)));
774 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
775 	if (err)
776 		goto out_cancel;
777 	unlock_2_inodes(dir, inode);
778 
779 	ubifs_release_budget(c, &req);
780 	d_instantiate(dentry, inode);
781 	fscrypt_free_filename(&nm);
782 	return 0;
783 
784 out_cancel:
785 	dir->i_size -= sz_change;
786 	dir_ui->ui_size = dir->i_size;
787 	drop_nlink(inode);
788 	if (inode->i_nlink == 0)
789 		ubifs_add_orphan(c, inode->i_ino);
790 	unlock_2_inodes(dir, inode);
791 	ubifs_release_budget(c, &req);
792 	iput(inode);
793 out_fname:
794 	fscrypt_free_filename(&nm);
795 	return err;
796 }
797 
798 static int ubifs_unlink(struct inode *dir, struct dentry *dentry)
799 {
800 	struct ubifs_info *c = dir->i_sb->s_fs_info;
801 	struct inode *inode = d_inode(dentry);
802 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
803 	int err, sz_change, budgeted = 1;
804 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
805 	unsigned int saved_nlink = inode->i_nlink;
806 	struct fscrypt_name nm;
807 
808 	/*
809 	 * Budget request settings: deletion direntry, deletion inode (+1 for
810 	 * @dirtied_ino), changing the parent directory inode. If budgeting
811 	 * fails, go ahead anyway because we have extra space reserved for
812 	 * deletions.
813 	 */
814 
815 	dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu",
816 		dentry, inode->i_ino,
817 		inode->i_nlink, dir->i_ino);
818 
819 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
820 	if (err)
821 		return err;
822 
823 	err = ubifs_purge_xattrs(inode);
824 	if (err)
825 		return err;
826 
827 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
828 
829 	ubifs_assert(c, inode_is_locked(dir));
830 	ubifs_assert(c, inode_is_locked(inode));
831 	err = dbg_check_synced_i_size(c, inode);
832 	if (err)
833 		goto out_fname;
834 
835 	err = ubifs_budget_space(c, &req);
836 	if (err) {
837 		if (err != -ENOSPC)
838 			goto out_fname;
839 		budgeted = 0;
840 	}
841 
842 	lock_2_inodes(dir, inode);
843 	inode_set_ctime_current(inode);
844 	drop_nlink(inode);
845 	dir->i_size -= sz_change;
846 	dir_ui->ui_size = dir->i_size;
847 	inode_set_mtime_to_ts(dir,
848 			      inode_set_ctime_to_ts(dir, inode_get_ctime(inode)));
849 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
850 	if (err)
851 		goto out_cancel;
852 	unlock_2_inodes(dir, inode);
853 
854 	if (budgeted)
855 		ubifs_release_budget(c, &req);
856 	else {
857 		/* We've deleted something - clean the "no space" flags */
858 		c->bi.nospace = c->bi.nospace_rp = 0;
859 		smp_wmb();
860 	}
861 	fscrypt_free_filename(&nm);
862 	return 0;
863 
864 out_cancel:
865 	dir->i_size += sz_change;
866 	dir_ui->ui_size = dir->i_size;
867 	set_nlink(inode, saved_nlink);
868 	unlock_2_inodes(dir, inode);
869 	if (budgeted)
870 		ubifs_release_budget(c, &req);
871 out_fname:
872 	fscrypt_free_filename(&nm);
873 	return err;
874 }
875 
876 /**
877  * ubifs_check_dir_empty - check if a directory is empty or not.
878  * @dir: VFS inode object of the directory to check
879  *
880  * This function checks if directory @dir is empty. Returns zero if the
881  * directory is empty, %-ENOTEMPTY if it is not, and other negative error codes
882  * in case of errors.
883  */
884 int ubifs_check_dir_empty(struct inode *dir)
885 {
886 	struct ubifs_info *c = dir->i_sb->s_fs_info;
887 	struct fscrypt_name nm = { 0 };
888 	struct ubifs_dent_node *dent;
889 	union ubifs_key key;
890 	int err;
891 
892 	lowest_dent_key(c, &key, dir->i_ino);
893 	dent = ubifs_tnc_next_ent(c, &key, &nm);
894 	if (IS_ERR(dent)) {
895 		err = PTR_ERR(dent);
896 		if (err == -ENOENT)
897 			err = 0;
898 	} else {
899 		kfree(dent);
900 		err = -ENOTEMPTY;
901 	}
902 	return err;
903 }
904 
905 static int ubifs_rmdir(struct inode *dir, struct dentry *dentry)
906 {
907 	struct ubifs_info *c = dir->i_sb->s_fs_info;
908 	struct inode *inode = d_inode(dentry);
909 	int err, sz_change, budgeted = 1;
910 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
911 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
912 	struct fscrypt_name nm;
913 
914 	/*
915 	 * Budget request settings: deletion direntry, deletion inode and
916 	 * changing the parent inode. If budgeting fails, go ahead anyway
917 	 * because we have extra space reserved for deletions.
918 	 */
919 
920 	dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry,
921 		inode->i_ino, dir->i_ino);
922 	ubifs_assert(c, inode_is_locked(dir));
923 	ubifs_assert(c, inode_is_locked(inode));
924 	err = ubifs_check_dir_empty(d_inode(dentry));
925 	if (err)
926 		return err;
927 
928 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
929 	if (err)
930 		return err;
931 
932 	err = ubifs_purge_xattrs(inode);
933 	if (err)
934 		return err;
935 
936 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
937 
938 	err = ubifs_budget_space(c, &req);
939 	if (err) {
940 		if (err != -ENOSPC)
941 			goto out_fname;
942 		budgeted = 0;
943 	}
944 
945 	lock_2_inodes(dir, inode);
946 	inode_set_ctime_current(inode);
947 	clear_nlink(inode);
948 	drop_nlink(dir);
949 	dir->i_size -= sz_change;
950 	dir_ui->ui_size = dir->i_size;
951 	inode_set_mtime_to_ts(dir,
952 			      inode_set_ctime_to_ts(dir, inode_get_ctime(inode)));
953 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
954 	if (err)
955 		goto out_cancel;
956 	unlock_2_inodes(dir, inode);
957 
958 	if (budgeted)
959 		ubifs_release_budget(c, &req);
960 	else {
961 		/* We've deleted something - clean the "no space" flags */
962 		c->bi.nospace = c->bi.nospace_rp = 0;
963 		smp_wmb();
964 	}
965 	fscrypt_free_filename(&nm);
966 	return 0;
967 
968 out_cancel:
969 	dir->i_size += sz_change;
970 	dir_ui->ui_size = dir->i_size;
971 	inc_nlink(dir);
972 	set_nlink(inode, 2);
973 	unlock_2_inodes(dir, inode);
974 	if (budgeted)
975 		ubifs_release_budget(c, &req);
976 out_fname:
977 	fscrypt_free_filename(&nm);
978 	return err;
979 }
980 
981 static int ubifs_mkdir(struct mnt_idmap *idmap, struct inode *dir,
982 		       struct dentry *dentry, umode_t mode)
983 {
984 	struct inode *inode;
985 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
986 	struct ubifs_info *c = dir->i_sb->s_fs_info;
987 	int err, sz_change;
988 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
989 					.dirtied_ino = 1};
990 	struct fscrypt_name nm;
991 
992 	/*
993 	 * Budget request settings: new inode, new direntry and changing parent
994 	 * directory inode.
995 	 */
996 
997 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
998 		dentry, mode, dir->i_ino);
999 
1000 	err = ubifs_budget_space(c, &req);
1001 	if (err)
1002 		return err;
1003 
1004 	err = ubifs_prepare_create(dir, dentry, &nm);
1005 	if (err)
1006 		goto out_budg;
1007 
1008 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1009 
1010 	inode = ubifs_new_inode(c, dir, S_IFDIR | mode, false);
1011 	if (IS_ERR(inode)) {
1012 		err = PTR_ERR(inode);
1013 		goto out_fname;
1014 	}
1015 
1016 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1017 	if (err)
1018 		goto out_inode;
1019 
1020 	mutex_lock(&dir_ui->ui_mutex);
1021 	insert_inode_hash(inode);
1022 	inc_nlink(inode);
1023 	inc_nlink(dir);
1024 	dir->i_size += sz_change;
1025 	dir_ui->ui_size = dir->i_size;
1026 	inode_set_mtime_to_ts(dir,
1027 			      inode_set_ctime_to_ts(dir, inode_get_ctime(inode)));
1028 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1029 	if (err) {
1030 		ubifs_err(c, "cannot create directory, error %d", err);
1031 		goto out_cancel;
1032 	}
1033 	mutex_unlock(&dir_ui->ui_mutex);
1034 
1035 	ubifs_release_budget(c, &req);
1036 	d_instantiate(dentry, inode);
1037 	fscrypt_free_filename(&nm);
1038 	return 0;
1039 
1040 out_cancel:
1041 	dir->i_size -= sz_change;
1042 	dir_ui->ui_size = dir->i_size;
1043 	drop_nlink(dir);
1044 	mutex_unlock(&dir_ui->ui_mutex);
1045 out_inode:
1046 	make_bad_inode(inode);
1047 	iput(inode);
1048 out_fname:
1049 	fscrypt_free_filename(&nm);
1050 out_budg:
1051 	ubifs_release_budget(c, &req);
1052 	return err;
1053 }
1054 
1055 static int ubifs_mknod(struct mnt_idmap *idmap, struct inode *dir,
1056 		       struct dentry *dentry, umode_t mode, dev_t rdev)
1057 {
1058 	struct inode *inode;
1059 	struct ubifs_inode *ui;
1060 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1061 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1062 	union ubifs_dev_desc *dev = NULL;
1063 	int sz_change;
1064 	int err, devlen = 0;
1065 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1066 					.dirtied_ino = 1 };
1067 	struct fscrypt_name nm;
1068 
1069 	/*
1070 	 * Budget request settings: new inode, new direntry and changing parent
1071 	 * directory inode.
1072 	 */
1073 
1074 	dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino);
1075 
1076 	if (S_ISBLK(mode) || S_ISCHR(mode)) {
1077 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1078 		if (!dev)
1079 			return -ENOMEM;
1080 		devlen = ubifs_encode_dev(dev, rdev);
1081 	}
1082 
1083 	req.new_ino_d = ALIGN(devlen, 8);
1084 	err = ubifs_budget_space(c, &req);
1085 	if (err) {
1086 		kfree(dev);
1087 		return err;
1088 	}
1089 
1090 	err = ubifs_prepare_create(dir, dentry, &nm);
1091 	if (err) {
1092 		kfree(dev);
1093 		goto out_budg;
1094 	}
1095 
1096 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1097 
1098 	inode = ubifs_new_inode(c, dir, mode, false);
1099 	if (IS_ERR(inode)) {
1100 		kfree(dev);
1101 		err = PTR_ERR(inode);
1102 		goto out_fname;
1103 	}
1104 
1105 	init_special_inode(inode, inode->i_mode, rdev);
1106 	inode->i_size = ubifs_inode(inode)->ui_size = devlen;
1107 	ui = ubifs_inode(inode);
1108 	ui->data = dev;
1109 	ui->data_len = devlen;
1110 
1111 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1112 	if (err)
1113 		goto out_inode;
1114 
1115 	mutex_lock(&dir_ui->ui_mutex);
1116 	dir->i_size += sz_change;
1117 	dir_ui->ui_size = dir->i_size;
1118 	inode_set_mtime_to_ts(dir,
1119 			      inode_set_ctime_to_ts(dir, inode_get_ctime(inode)));
1120 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1121 	if (err)
1122 		goto out_cancel;
1123 	mutex_unlock(&dir_ui->ui_mutex);
1124 
1125 	ubifs_release_budget(c, &req);
1126 	insert_inode_hash(inode);
1127 	d_instantiate(dentry, inode);
1128 	fscrypt_free_filename(&nm);
1129 	return 0;
1130 
1131 out_cancel:
1132 	dir->i_size -= sz_change;
1133 	dir_ui->ui_size = dir->i_size;
1134 	mutex_unlock(&dir_ui->ui_mutex);
1135 out_inode:
1136 	/* Free inode->i_link before inode is marked as bad. */
1137 	fscrypt_free_inode(inode);
1138 	make_bad_inode(inode);
1139 	iput(inode);
1140 out_fname:
1141 	fscrypt_free_filename(&nm);
1142 out_budg:
1143 	ubifs_release_budget(c, &req);
1144 	return err;
1145 }
1146 
1147 static int ubifs_symlink(struct mnt_idmap *idmap, struct inode *dir,
1148 			 struct dentry *dentry, const char *symname)
1149 {
1150 	struct inode *inode;
1151 	struct ubifs_inode *ui;
1152 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1153 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1154 	int err, sz_change, len = strlen(symname);
1155 	struct fscrypt_str disk_link;
1156 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1157 					.dirtied_ino = 1 };
1158 	struct fscrypt_name nm;
1159 
1160 	dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry,
1161 		symname, dir->i_ino);
1162 
1163 	err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA,
1164 				      &disk_link);
1165 	if (err)
1166 		return err;
1167 
1168 	/*
1169 	 * Budget request settings: new inode, new direntry and changing parent
1170 	 * directory inode.
1171 	 */
1172 	req.new_ino_d = ALIGN(disk_link.len - 1, 8);
1173 	err = ubifs_budget_space(c, &req);
1174 	if (err)
1175 		return err;
1176 
1177 	err = ubifs_prepare_create(dir, dentry, &nm);
1178 	if (err)
1179 		goto out_budg;
1180 
1181 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1182 
1183 	inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO, false);
1184 	if (IS_ERR(inode)) {
1185 		err = PTR_ERR(inode);
1186 		goto out_fname;
1187 	}
1188 
1189 	ui = ubifs_inode(inode);
1190 	ui->data = kmalloc(disk_link.len, GFP_NOFS);
1191 	if (!ui->data) {
1192 		err = -ENOMEM;
1193 		goto out_inode;
1194 	}
1195 
1196 	if (IS_ENCRYPTED(inode)) {
1197 		disk_link.name = ui->data; /* encrypt directly into ui->data */
1198 		err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link);
1199 		if (err)
1200 			goto out_inode;
1201 	} else {
1202 		memcpy(ui->data, disk_link.name, disk_link.len);
1203 		inode->i_link = ui->data;
1204 	}
1205 
1206 	/*
1207 	 * The terminating zero byte is not written to the flash media and it
1208 	 * is put just to make later in-memory string processing simpler. Thus,
1209 	 * data length is @disk_link.len - 1, not @disk_link.len.
1210 	 */
1211 	ui->data_len = disk_link.len - 1;
1212 	inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
1213 
1214 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1215 	if (err)
1216 		goto out_inode;
1217 
1218 	mutex_lock(&dir_ui->ui_mutex);
1219 	dir->i_size += sz_change;
1220 	dir_ui->ui_size = dir->i_size;
1221 	inode_set_mtime_to_ts(dir,
1222 			      inode_set_ctime_to_ts(dir, inode_get_ctime(inode)));
1223 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1224 	if (err)
1225 		goto out_cancel;
1226 	mutex_unlock(&dir_ui->ui_mutex);
1227 
1228 	insert_inode_hash(inode);
1229 	d_instantiate(dentry, inode);
1230 	err = 0;
1231 	goto out_fname;
1232 
1233 out_cancel:
1234 	dir->i_size -= sz_change;
1235 	dir_ui->ui_size = dir->i_size;
1236 	mutex_unlock(&dir_ui->ui_mutex);
1237 out_inode:
1238 	/* Free inode->i_link before inode is marked as bad. */
1239 	fscrypt_free_inode(inode);
1240 	make_bad_inode(inode);
1241 	iput(inode);
1242 out_fname:
1243 	fscrypt_free_filename(&nm);
1244 out_budg:
1245 	ubifs_release_budget(c, &req);
1246 	return err;
1247 }
1248 
1249 /**
1250  * lock_4_inodes - a wrapper for locking three UBIFS inodes.
1251  * @inode1: first inode
1252  * @inode2: second inode
1253  * @inode3: third inode
1254  * @inode4: fourth inode
1255  *
1256  * This function is used for 'ubifs_rename()' and @inode1 may be the same as
1257  * @inode2 whereas @inode3 and @inode4 may be %NULL.
1258  *
1259  * We do not implement any tricks to guarantee strict lock ordering, because
1260  * VFS has already done it for us on the @i_mutex. So this is just a simple
1261  * wrapper function.
1262  */
1263 static void lock_4_inodes(struct inode *inode1, struct inode *inode2,
1264 			  struct inode *inode3, struct inode *inode4)
1265 {
1266 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
1267 	if (inode2 != inode1)
1268 		mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
1269 	if (inode3)
1270 		mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3);
1271 	if (inode4)
1272 		mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4);
1273 }
1274 
1275 /**
1276  * unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename.
1277  * @inode1: first inode
1278  * @inode2: second inode
1279  * @inode3: third inode
1280  * @inode4: fourth inode
1281  */
1282 static void unlock_4_inodes(struct inode *inode1, struct inode *inode2,
1283 			    struct inode *inode3, struct inode *inode4)
1284 {
1285 	if (inode4)
1286 		mutex_unlock(&ubifs_inode(inode4)->ui_mutex);
1287 	if (inode3)
1288 		mutex_unlock(&ubifs_inode(inode3)->ui_mutex);
1289 	if (inode1 != inode2)
1290 		mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
1291 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
1292 }
1293 
1294 static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
1295 		     struct inode *new_dir, struct dentry *new_dentry,
1296 		     unsigned int flags)
1297 {
1298 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1299 	struct inode *old_inode = d_inode(old_dentry);
1300 	struct inode *new_inode = d_inode(new_dentry);
1301 	struct inode *whiteout = NULL;
1302 	struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode);
1303 	struct ubifs_inode *whiteout_ui = NULL;
1304 	int err, release, sync = 0, move = (new_dir != old_dir);
1305 	int is_dir = S_ISDIR(old_inode->i_mode);
1306 	int unlink = !!new_inode, new_sz, old_sz;
1307 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1308 					.dirtied_ino = 3 };
1309 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
1310 			.dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
1311 	struct ubifs_budget_req wht_req;
1312 	unsigned int saved_nlink;
1313 	struct fscrypt_name old_nm, new_nm;
1314 
1315 	/*
1316 	 * Budget request settings:
1317 	 *   req: deletion direntry, new direntry, removing the old inode,
1318 	 *   and changing old and new parent directory inodes.
1319 	 *
1320 	 *   wht_req: new whiteout inode for RENAME_WHITEOUT.
1321 	 *
1322 	 *   ino_req: marks the target inode as dirty and does not write it.
1323 	 */
1324 
1325 	dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
1326 		old_dentry, old_inode->i_ino, old_dir->i_ino,
1327 		new_dentry, new_dir->i_ino, flags);
1328 
1329 	if (unlink) {
1330 		ubifs_assert(c, inode_is_locked(new_inode));
1331 
1332 		/* Budget for old inode's data when its nlink > 1. */
1333 		req.dirtied_ino_d = ALIGN(ubifs_inode(new_inode)->data_len, 8);
1334 		err = ubifs_purge_xattrs(new_inode);
1335 		if (err)
1336 			return err;
1337 	}
1338 
1339 	if (unlink && is_dir) {
1340 		err = ubifs_check_dir_empty(new_inode);
1341 		if (err)
1342 			return err;
1343 	}
1344 
1345 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm);
1346 	if (err)
1347 		return err;
1348 
1349 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm);
1350 	if (err) {
1351 		fscrypt_free_filename(&old_nm);
1352 		return err;
1353 	}
1354 
1355 	new_sz = CALC_DENT_SIZE(fname_len(&new_nm));
1356 	old_sz = CALC_DENT_SIZE(fname_len(&old_nm));
1357 
1358 	err = ubifs_budget_space(c, &req);
1359 	if (err) {
1360 		fscrypt_free_filename(&old_nm);
1361 		fscrypt_free_filename(&new_nm);
1362 		return err;
1363 	}
1364 	err = ubifs_budget_space(c, &ino_req);
1365 	if (err) {
1366 		fscrypt_free_filename(&old_nm);
1367 		fscrypt_free_filename(&new_nm);
1368 		ubifs_release_budget(c, &req);
1369 		return err;
1370 	}
1371 
1372 	if (flags & RENAME_WHITEOUT) {
1373 		union ubifs_dev_desc *dev = NULL;
1374 
1375 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1376 		if (!dev) {
1377 			err = -ENOMEM;
1378 			goto out_release;
1379 		}
1380 
1381 		/*
1382 		 * The whiteout inode without dentry is pinned in memory,
1383 		 * umount won't happen during rename process because we
1384 		 * got parent dentry.
1385 		 */
1386 		whiteout = create_whiteout(old_dir, old_dentry);
1387 		if (IS_ERR(whiteout)) {
1388 			err = PTR_ERR(whiteout);
1389 			kfree(dev);
1390 			goto out_release;
1391 		}
1392 
1393 		whiteout_ui = ubifs_inode(whiteout);
1394 		whiteout_ui->data = dev;
1395 		whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
1396 		ubifs_assert(c, !whiteout_ui->dirty);
1397 
1398 		memset(&wht_req, 0, sizeof(struct ubifs_budget_req));
1399 		wht_req.new_ino = 1;
1400 		wht_req.new_ino_d = ALIGN(whiteout_ui->data_len, 8);
1401 		/*
1402 		 * To avoid deadlock between space budget (holds ui_mutex and
1403 		 * waits wb work) and writeback work(waits ui_mutex), do space
1404 		 * budget before ubifs inodes locked.
1405 		 */
1406 		err = ubifs_budget_space(c, &wht_req);
1407 		if (err) {
1408 			/*
1409 			 * Whiteout inode can not be written on flash by
1410 			 * ubifs_jnl_write_inode(), because it's neither
1411 			 * dirty nor zero-nlink.
1412 			 */
1413 			iput(whiteout);
1414 			goto out_release;
1415 		}
1416 
1417 		/* Add the old_dentry size to the old_dir size. */
1418 		old_sz -= CALC_DENT_SIZE(fname_len(&old_nm));
1419 	}
1420 
1421 	lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1422 
1423 	/*
1424 	 * Like most other Unix systems, set the @i_ctime for inodes on a
1425 	 * rename.
1426 	 */
1427 	simple_rename_timestamp(old_dir, old_dentry, new_dir, new_dentry);
1428 
1429 	/* We must adjust parent link count when renaming directories */
1430 	if (is_dir) {
1431 		if (move) {
1432 			/*
1433 			 * @old_dir loses a link because we are moving
1434 			 * @old_inode to a different directory.
1435 			 */
1436 			drop_nlink(old_dir);
1437 			/*
1438 			 * @new_dir only gains a link if we are not also
1439 			 * overwriting an existing directory.
1440 			 */
1441 			if (!unlink)
1442 				inc_nlink(new_dir);
1443 		} else {
1444 			/*
1445 			 * @old_inode is not moving to a different directory,
1446 			 * but @old_dir still loses a link if we are
1447 			 * overwriting an existing directory.
1448 			 */
1449 			if (unlink)
1450 				drop_nlink(old_dir);
1451 		}
1452 	}
1453 
1454 	old_dir->i_size -= old_sz;
1455 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1456 
1457 	/*
1458 	 * And finally, if we unlinked a direntry which happened to have the
1459 	 * same name as the moved direntry, we have to decrement @i_nlink of
1460 	 * the unlinked inode.
1461 	 */
1462 	if (unlink) {
1463 		/*
1464 		 * Directories cannot have hard-links, so if this is a
1465 		 * directory, just clear @i_nlink.
1466 		 */
1467 		saved_nlink = new_inode->i_nlink;
1468 		if (is_dir)
1469 			clear_nlink(new_inode);
1470 		else
1471 			drop_nlink(new_inode);
1472 	} else {
1473 		new_dir->i_size += new_sz;
1474 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1475 	}
1476 
1477 	/*
1478 	 * Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode
1479 	 * is dirty, because this will be done later on at the end of
1480 	 * 'ubifs_rename()'.
1481 	 */
1482 	if (IS_SYNC(old_inode)) {
1483 		sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1484 		if (unlink && IS_SYNC(new_inode))
1485 			sync = 1;
1486 		/*
1487 		 * S_SYNC flag of whiteout inherits from the old_dir, and we
1488 		 * have already checked the old dir inode. So there is no need
1489 		 * to check whiteout.
1490 		 */
1491 	}
1492 
1493 	err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
1494 			       new_inode, &new_nm, whiteout, sync);
1495 	if (err)
1496 		goto out_cancel;
1497 
1498 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1499 	ubifs_release_budget(c, &req);
1500 
1501 	if (whiteout) {
1502 		ubifs_release_budget(c, &wht_req);
1503 		iput(whiteout);
1504 	}
1505 
1506 	mutex_lock(&old_inode_ui->ui_mutex);
1507 	release = old_inode_ui->dirty;
1508 	mark_inode_dirty_sync(old_inode);
1509 	mutex_unlock(&old_inode_ui->ui_mutex);
1510 
1511 	if (release)
1512 		ubifs_release_budget(c, &ino_req);
1513 	if (IS_SYNC(old_inode))
1514 		/*
1515 		 * Rename finished here. Although old inode cannot be updated
1516 		 * on flash, old ctime is not a big problem, don't return err
1517 		 * code to userspace.
1518 		 */
1519 		old_inode->i_sb->s_op->write_inode(old_inode, NULL);
1520 
1521 	fscrypt_free_filename(&old_nm);
1522 	fscrypt_free_filename(&new_nm);
1523 	return 0;
1524 
1525 out_cancel:
1526 	if (unlink) {
1527 		set_nlink(new_inode, saved_nlink);
1528 	} else {
1529 		new_dir->i_size -= new_sz;
1530 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1531 	}
1532 	old_dir->i_size += old_sz;
1533 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1534 	if (is_dir) {
1535 		if (move) {
1536 			inc_nlink(old_dir);
1537 			if (!unlink)
1538 				drop_nlink(new_dir);
1539 		} else {
1540 			if (unlink)
1541 				inc_nlink(old_dir);
1542 		}
1543 	}
1544 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1545 	if (whiteout) {
1546 		ubifs_release_budget(c, &wht_req);
1547 		iput(whiteout);
1548 	}
1549 out_release:
1550 	ubifs_release_budget(c, &ino_req);
1551 	ubifs_release_budget(c, &req);
1552 	fscrypt_free_filename(&old_nm);
1553 	fscrypt_free_filename(&new_nm);
1554 	return err;
1555 }
1556 
1557 static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry,
1558 			struct inode *new_dir, struct dentry *new_dentry)
1559 {
1560 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1561 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1562 				.dirtied_ino = 2 };
1563 	int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1564 	struct inode *fst_inode = d_inode(old_dentry);
1565 	struct inode *snd_inode = d_inode(new_dentry);
1566 	int err;
1567 	struct fscrypt_name fst_nm, snd_nm;
1568 
1569 	ubifs_assert(c, fst_inode && snd_inode);
1570 
1571 	/*
1572 	 * Budget request settings: changing two direntries, changing the two
1573 	 * parent directory inodes.
1574 	 */
1575 
1576 	dbg_gen("dent '%pd' ino %lu in dir ino %lu exchange dent '%pd' ino %lu in dir ino %lu",
1577 		old_dentry, fst_inode->i_ino, old_dir->i_ino,
1578 		new_dentry, snd_inode->i_ino, new_dir->i_ino);
1579 
1580 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm);
1581 	if (err)
1582 		return err;
1583 
1584 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm);
1585 	if (err) {
1586 		fscrypt_free_filename(&fst_nm);
1587 		return err;
1588 	}
1589 
1590 	err = ubifs_budget_space(c, &req);
1591 	if (err)
1592 		goto out;
1593 
1594 	lock_4_inodes(old_dir, new_dir, NULL, NULL);
1595 
1596 	simple_rename_timestamp(old_dir, old_dentry, new_dir, new_dentry);
1597 
1598 	if (old_dir != new_dir) {
1599 		if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) {
1600 			inc_nlink(new_dir);
1601 			drop_nlink(old_dir);
1602 		}
1603 		else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) {
1604 			drop_nlink(new_dir);
1605 			inc_nlink(old_dir);
1606 		}
1607 	}
1608 
1609 	err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir,
1610 				snd_inode, &snd_nm, sync);
1611 
1612 	unlock_4_inodes(old_dir, new_dir, NULL, NULL);
1613 	ubifs_release_budget(c, &req);
1614 
1615 out:
1616 	fscrypt_free_filename(&fst_nm);
1617 	fscrypt_free_filename(&snd_nm);
1618 	return err;
1619 }
1620 
1621 static int ubifs_rename(struct mnt_idmap *idmap,
1622 			struct inode *old_dir, struct dentry *old_dentry,
1623 			struct inode *new_dir, struct dentry *new_dentry,
1624 			unsigned int flags)
1625 {
1626 	int err;
1627 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1628 
1629 	if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE))
1630 		return -EINVAL;
1631 
1632 	ubifs_assert(c, inode_is_locked(old_dir));
1633 	ubifs_assert(c, inode_is_locked(new_dir));
1634 
1635 	err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
1636 				     flags);
1637 	if (err)
1638 		return err;
1639 
1640 	if (flags & RENAME_EXCHANGE)
1641 		return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry);
1642 
1643 	return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
1644 }
1645 
1646 int ubifs_getattr(struct mnt_idmap *idmap, const struct path *path,
1647 		  struct kstat *stat, u32 request_mask, unsigned int flags)
1648 {
1649 	loff_t size;
1650 	struct inode *inode = d_inode(path->dentry);
1651 	struct ubifs_inode *ui = ubifs_inode(inode);
1652 
1653 	mutex_lock(&ui->ui_mutex);
1654 
1655 	if (ui->flags & UBIFS_APPEND_FL)
1656 		stat->attributes |= STATX_ATTR_APPEND;
1657 	if (ui->flags & UBIFS_COMPR_FL)
1658 		stat->attributes |= STATX_ATTR_COMPRESSED;
1659 	if (ui->flags & UBIFS_CRYPT_FL)
1660 		stat->attributes |= STATX_ATTR_ENCRYPTED;
1661 	if (ui->flags & UBIFS_IMMUTABLE_FL)
1662 		stat->attributes |= STATX_ATTR_IMMUTABLE;
1663 
1664 	stat->attributes_mask |= (STATX_ATTR_APPEND |
1665 				STATX_ATTR_COMPRESSED |
1666 				STATX_ATTR_ENCRYPTED |
1667 				STATX_ATTR_IMMUTABLE);
1668 
1669 	generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat);
1670 	stat->blksize = UBIFS_BLOCK_SIZE;
1671 	stat->size = ui->ui_size;
1672 
1673 	/*
1674 	 * Unfortunately, the 'stat()' system call was designed for block
1675 	 * device based file systems, and it is not appropriate for UBIFS,
1676 	 * because UBIFS does not have notion of "block". For example, it is
1677 	 * difficult to tell how many block a directory takes - it actually
1678 	 * takes less than 300 bytes, but we have to round it to block size,
1679 	 * which introduces large mistake. This makes utilities like 'du' to
1680 	 * report completely senseless numbers. This is the reason why UBIFS
1681 	 * goes the same way as JFFS2 - it reports zero blocks for everything
1682 	 * but regular files, which makes more sense than reporting completely
1683 	 * wrong sizes.
1684 	 */
1685 	if (S_ISREG(inode->i_mode)) {
1686 		size = ui->xattr_size;
1687 		size += stat->size;
1688 		size = ALIGN(size, UBIFS_BLOCK_SIZE);
1689 		/*
1690 		 * Note, user-space expects 512-byte blocks count irrespectively
1691 		 * of what was reported in @stat->size.
1692 		 */
1693 		stat->blocks = size >> 9;
1694 	} else
1695 		stat->blocks = 0;
1696 	mutex_unlock(&ui->ui_mutex);
1697 	return 0;
1698 }
1699 
1700 const struct inode_operations ubifs_dir_inode_operations = {
1701 	.lookup      = ubifs_lookup,
1702 	.create      = ubifs_create,
1703 	.link        = ubifs_link,
1704 	.symlink     = ubifs_symlink,
1705 	.unlink      = ubifs_unlink,
1706 	.mkdir       = ubifs_mkdir,
1707 	.rmdir       = ubifs_rmdir,
1708 	.mknod       = ubifs_mknod,
1709 	.rename      = ubifs_rename,
1710 	.setattr     = ubifs_setattr,
1711 	.getattr     = ubifs_getattr,
1712 	.listxattr   = ubifs_listxattr,
1713 	.update_time = ubifs_update_time,
1714 	.tmpfile     = ubifs_tmpfile,
1715 	.fileattr_get = ubifs_fileattr_get,
1716 	.fileattr_set = ubifs_fileattr_set,
1717 };
1718 
1719 const struct file_operations ubifs_dir_operations = {
1720 	.llseek         = generic_file_llseek,
1721 	.release        = ubifs_dir_release,
1722 	.read           = generic_read_dir,
1723 	.iterate_shared = ubifs_readdir,
1724 	.fsync          = ubifs_fsync,
1725 	.unlocked_ioctl = ubifs_ioctl,
1726 #ifdef CONFIG_COMPAT
1727 	.compat_ioctl   = ubifs_compat_ioctl,
1728 #endif
1729 };
1730