1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_inode.h" 14 #include "xfs_acl.h" 15 #include "xfs_quota.h" 16 #include "xfs_da_format.h" 17 #include "xfs_da_btree.h" 18 #include "xfs_attr.h" 19 #include "xfs_trans.h" 20 #include "xfs_trace.h" 21 #include "xfs_icache.h" 22 #include "xfs_symlink.h" 23 #include "xfs_dir2.h" 24 #include "xfs_iomap.h" 25 #include "xfs_error.h" 26 #include "xfs_ioctl.h" 27 #include "xfs_xattr.h" 28 #include "xfs_file.h" 29 30 #include <linux/posix_acl.h> 31 #include <linux/security.h> 32 #include <linux/iversion.h> 33 #include <linux/fiemap.h> 34 35 /* 36 * Directories have different lock order w.r.t. mmap_lock compared to regular 37 * files. This is due to readdir potentially triggering page faults on a user 38 * buffer inside filldir(), and this happens with the ilock on the directory 39 * held. For regular files, the lock order is the other way around - the 40 * mmap_lock is taken during the page fault, and then we lock the ilock to do 41 * block mapping. Hence we need a different class for the directory ilock so 42 * that lockdep can tell them apart. 43 */ 44 static struct lock_class_key xfs_nondir_ilock_class; 45 static struct lock_class_key xfs_dir_ilock_class; 46 47 static int 48 xfs_initxattrs( 49 struct inode *inode, 50 const struct xattr *xattr_array, 51 void *fs_info) 52 { 53 const struct xattr *xattr; 54 struct xfs_inode *ip = XFS_I(inode); 55 int error = 0; 56 57 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 58 struct xfs_da_args args = { 59 .dp = ip, 60 .attr_filter = XFS_ATTR_SECURE, 61 .name = xattr->name, 62 .namelen = strlen(xattr->name), 63 .value = xattr->value, 64 .valuelen = xattr->value_len, 65 }; 66 error = xfs_attr_change(&args); 67 if (error < 0) 68 break; 69 } 70 return error; 71 } 72 73 /* 74 * Hook in SELinux. This is not quite correct yet, what we really need 75 * here (as we do for default ACLs) is a mechanism by which creation of 76 * these attrs can be journalled at inode creation time (along with the 77 * inode, of course, such that log replay can't cause these to be lost). 78 */ 79 int 80 xfs_inode_init_security( 81 struct inode *inode, 82 struct inode *dir, 83 const struct qstr *qstr) 84 { 85 return security_inode_init_security(inode, dir, qstr, 86 &xfs_initxattrs, NULL); 87 } 88 89 static void 90 xfs_dentry_to_name( 91 struct xfs_name *namep, 92 struct dentry *dentry) 93 { 94 namep->name = dentry->d_name.name; 95 namep->len = dentry->d_name.len; 96 namep->type = XFS_DIR3_FT_UNKNOWN; 97 } 98 99 static int 100 xfs_dentry_mode_to_name( 101 struct xfs_name *namep, 102 struct dentry *dentry, 103 int mode) 104 { 105 namep->name = dentry->d_name.name; 106 namep->len = dentry->d_name.len; 107 namep->type = xfs_mode_to_ftype(mode); 108 109 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 110 return -EFSCORRUPTED; 111 112 return 0; 113 } 114 115 STATIC void 116 xfs_cleanup_inode( 117 struct inode *dir, 118 struct inode *inode, 119 struct dentry *dentry) 120 { 121 struct xfs_name teardown; 122 123 /* Oh, the horror. 124 * If we can't add the ACL or we fail in 125 * xfs_inode_init_security we must back out. 126 * ENOSPC can hit here, among other things. 127 */ 128 xfs_dentry_to_name(&teardown, dentry); 129 130 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 131 } 132 133 /* 134 * Check to see if we are likely to need an extended attribute to be added to 135 * the inode we are about to allocate. This allows the attribute fork to be 136 * created during the inode allocation, reducing the number of transactions we 137 * need to do in this fast path. 138 * 139 * The security checks are optimistic, but not guaranteed. The two LSMs that 140 * require xattrs to be added here (selinux and smack) are also the only two 141 * LSMs that add a sb->s_security structure to the superblock. Hence if security 142 * is enabled and sb->s_security is set, we have a pretty good idea that we are 143 * going to be asked to add a security xattr immediately after allocating the 144 * xfs inode and instantiating the VFS inode. 145 */ 146 static inline bool 147 xfs_create_need_xattr( 148 struct inode *dir, 149 struct posix_acl *default_acl, 150 struct posix_acl *acl) 151 { 152 if (acl) 153 return true; 154 if (default_acl) 155 return true; 156 #if IS_ENABLED(CONFIG_SECURITY) 157 if (dir->i_sb->s_security) 158 return true; 159 #endif 160 return false; 161 } 162 163 164 STATIC int 165 xfs_generic_create( 166 struct mnt_idmap *idmap, 167 struct inode *dir, 168 struct dentry *dentry, 169 umode_t mode, 170 dev_t rdev, 171 struct file *tmpfile) /* unnamed file */ 172 { 173 struct inode *inode; 174 struct xfs_inode *ip = NULL; 175 struct posix_acl *default_acl, *acl; 176 struct xfs_name name; 177 int error; 178 179 /* 180 * Irix uses Missed'em'V split, but doesn't want to see 181 * the upper 5 bits of (14bit) major. 182 */ 183 if (S_ISCHR(mode) || S_ISBLK(mode)) { 184 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 185 return -EINVAL; 186 } else { 187 rdev = 0; 188 } 189 190 error = posix_acl_create(dir, &mode, &default_acl, &acl); 191 if (error) 192 return error; 193 194 /* Verify mode is valid also for tmpfile case */ 195 error = xfs_dentry_mode_to_name(&name, dentry, mode); 196 if (unlikely(error)) 197 goto out_free_acl; 198 199 if (!tmpfile) { 200 error = xfs_create(idmap, XFS_I(dir), &name, mode, rdev, 201 xfs_create_need_xattr(dir, default_acl, acl), 202 &ip); 203 } else { 204 error = xfs_create_tmpfile(idmap, XFS_I(dir), mode, &ip); 205 } 206 if (unlikely(error)) 207 goto out_free_acl; 208 209 inode = VFS_I(ip); 210 211 error = xfs_inode_init_security(inode, dir, &dentry->d_name); 212 if (unlikely(error)) 213 goto out_cleanup_inode; 214 215 if (default_acl) { 216 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 217 if (error) 218 goto out_cleanup_inode; 219 } 220 if (acl) { 221 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 222 if (error) 223 goto out_cleanup_inode; 224 } 225 226 xfs_setup_iops(ip); 227 228 if (tmpfile) { 229 /* 230 * The VFS requires that any inode fed to d_tmpfile must have 231 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 232 * However, we created the temp file with nlink == 0 because 233 * we're not allowed to put an inode with nlink > 0 on the 234 * unlinked list. Therefore we have to set nlink to 1 so that 235 * d_tmpfile can immediately set it back to zero. 236 */ 237 set_nlink(inode, 1); 238 d_tmpfile(tmpfile, inode); 239 } else 240 d_instantiate(dentry, inode); 241 242 xfs_finish_inode_setup(ip); 243 244 out_free_acl: 245 posix_acl_release(default_acl); 246 posix_acl_release(acl); 247 return error; 248 249 out_cleanup_inode: 250 xfs_finish_inode_setup(ip); 251 if (!tmpfile) 252 xfs_cleanup_inode(dir, inode, dentry); 253 xfs_irele(ip); 254 goto out_free_acl; 255 } 256 257 STATIC int 258 xfs_vn_mknod( 259 struct mnt_idmap *idmap, 260 struct inode *dir, 261 struct dentry *dentry, 262 umode_t mode, 263 dev_t rdev) 264 { 265 return xfs_generic_create(idmap, dir, dentry, mode, rdev, NULL); 266 } 267 268 STATIC int 269 xfs_vn_create( 270 struct mnt_idmap *idmap, 271 struct inode *dir, 272 struct dentry *dentry, 273 umode_t mode, 274 bool flags) 275 { 276 return xfs_generic_create(idmap, dir, dentry, mode, 0, NULL); 277 } 278 279 STATIC int 280 xfs_vn_mkdir( 281 struct mnt_idmap *idmap, 282 struct inode *dir, 283 struct dentry *dentry, 284 umode_t mode) 285 { 286 return xfs_generic_create(idmap, dir, dentry, mode | S_IFDIR, 0, NULL); 287 } 288 289 STATIC struct dentry * 290 xfs_vn_lookup( 291 struct inode *dir, 292 struct dentry *dentry, 293 unsigned int flags) 294 { 295 struct inode *inode; 296 struct xfs_inode *cip; 297 struct xfs_name name; 298 int error; 299 300 if (dentry->d_name.len >= MAXNAMELEN) 301 return ERR_PTR(-ENAMETOOLONG); 302 303 xfs_dentry_to_name(&name, dentry); 304 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 305 if (likely(!error)) 306 inode = VFS_I(cip); 307 else if (likely(error == -ENOENT)) 308 inode = NULL; 309 else 310 inode = ERR_PTR(error); 311 return d_splice_alias(inode, dentry); 312 } 313 314 STATIC struct dentry * 315 xfs_vn_ci_lookup( 316 struct inode *dir, 317 struct dentry *dentry, 318 unsigned int flags) 319 { 320 struct xfs_inode *ip; 321 struct xfs_name xname; 322 struct xfs_name ci_name; 323 struct qstr dname; 324 int error; 325 326 if (dentry->d_name.len >= MAXNAMELEN) 327 return ERR_PTR(-ENAMETOOLONG); 328 329 xfs_dentry_to_name(&xname, dentry); 330 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 331 if (unlikely(error)) { 332 if (unlikely(error != -ENOENT)) 333 return ERR_PTR(error); 334 /* 335 * call d_add(dentry, NULL) here when d_drop_negative_children 336 * is called in xfs_vn_mknod (ie. allow negative dentries 337 * with CI filesystems). 338 */ 339 return NULL; 340 } 341 342 /* if exact match, just splice and exit */ 343 if (!ci_name.name) 344 return d_splice_alias(VFS_I(ip), dentry); 345 346 /* else case-insensitive match... */ 347 dname.name = ci_name.name; 348 dname.len = ci_name.len; 349 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 350 kfree(ci_name.name); 351 return dentry; 352 } 353 354 STATIC int 355 xfs_vn_link( 356 struct dentry *old_dentry, 357 struct inode *dir, 358 struct dentry *dentry) 359 { 360 struct inode *inode = d_inode(old_dentry); 361 struct xfs_name name; 362 int error; 363 364 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 365 if (unlikely(error)) 366 return error; 367 368 if (IS_PRIVATE(inode)) 369 return -EPERM; 370 371 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 372 if (unlikely(error)) 373 return error; 374 375 ihold(inode); 376 d_instantiate(dentry, inode); 377 return 0; 378 } 379 380 STATIC int 381 xfs_vn_unlink( 382 struct inode *dir, 383 struct dentry *dentry) 384 { 385 struct xfs_name name; 386 int error; 387 388 xfs_dentry_to_name(&name, dentry); 389 390 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 391 if (error) 392 return error; 393 394 /* 395 * With unlink, the VFS makes the dentry "negative": no inode, 396 * but still hashed. This is incompatible with case-insensitive 397 * mode, so invalidate (unhash) the dentry in CI-mode. 398 */ 399 if (xfs_has_asciici(XFS_M(dir->i_sb))) 400 d_invalidate(dentry); 401 return 0; 402 } 403 404 STATIC int 405 xfs_vn_symlink( 406 struct mnt_idmap *idmap, 407 struct inode *dir, 408 struct dentry *dentry, 409 const char *symname) 410 { 411 struct inode *inode; 412 struct xfs_inode *cip = NULL; 413 struct xfs_name name; 414 int error; 415 umode_t mode; 416 417 mode = S_IFLNK | 418 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 419 error = xfs_dentry_mode_to_name(&name, dentry, mode); 420 if (unlikely(error)) 421 goto out; 422 423 error = xfs_symlink(idmap, XFS_I(dir), &name, symname, mode, &cip); 424 if (unlikely(error)) 425 goto out; 426 427 inode = VFS_I(cip); 428 429 error = xfs_inode_init_security(inode, dir, &dentry->d_name); 430 if (unlikely(error)) 431 goto out_cleanup_inode; 432 433 xfs_setup_iops(cip); 434 435 d_instantiate(dentry, inode); 436 xfs_finish_inode_setup(cip); 437 return 0; 438 439 out_cleanup_inode: 440 xfs_finish_inode_setup(cip); 441 xfs_cleanup_inode(dir, inode, dentry); 442 xfs_irele(cip); 443 out: 444 return error; 445 } 446 447 STATIC int 448 xfs_vn_rename( 449 struct mnt_idmap *idmap, 450 struct inode *odir, 451 struct dentry *odentry, 452 struct inode *ndir, 453 struct dentry *ndentry, 454 unsigned int flags) 455 { 456 struct inode *new_inode = d_inode(ndentry); 457 int omode = 0; 458 int error; 459 struct xfs_name oname; 460 struct xfs_name nname; 461 462 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 463 return -EINVAL; 464 465 /* if we are exchanging files, we need to set i_mode of both files */ 466 if (flags & RENAME_EXCHANGE) 467 omode = d_inode(ndentry)->i_mode; 468 469 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 470 if (omode && unlikely(error)) 471 return error; 472 473 error = xfs_dentry_mode_to_name(&nname, ndentry, 474 d_inode(odentry)->i_mode); 475 if (unlikely(error)) 476 return error; 477 478 return xfs_rename(idmap, XFS_I(odir), &oname, 479 XFS_I(d_inode(odentry)), XFS_I(ndir), &nname, 480 new_inode ? XFS_I(new_inode) : NULL, flags); 481 } 482 483 /* 484 * careful here - this function can get called recursively, so 485 * we need to be very careful about how much stack we use. 486 * uio is kmalloced for this reason... 487 */ 488 STATIC const char * 489 xfs_vn_get_link( 490 struct dentry *dentry, 491 struct inode *inode, 492 struct delayed_call *done) 493 { 494 char *link; 495 int error = -ENOMEM; 496 497 if (!dentry) 498 return ERR_PTR(-ECHILD); 499 500 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 501 if (!link) 502 goto out_err; 503 504 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 505 if (unlikely(error)) 506 goto out_kfree; 507 508 set_delayed_call(done, kfree_link, link); 509 return link; 510 511 out_kfree: 512 kfree(link); 513 out_err: 514 return ERR_PTR(error); 515 } 516 517 static uint32_t 518 xfs_stat_blksize( 519 struct xfs_inode *ip) 520 { 521 struct xfs_mount *mp = ip->i_mount; 522 523 /* 524 * If the file blocks are being allocated from a realtime volume, then 525 * always return the realtime extent size. 526 */ 527 if (XFS_IS_REALTIME_INODE(ip)) 528 return XFS_FSB_TO_B(mp, xfs_get_extsz_hint(ip)); 529 530 /* 531 * Allow large block sizes to be reported to userspace programs if the 532 * "largeio" mount option is used. 533 * 534 * If compatibility mode is specified, simply return the basic unit of 535 * caching so that we don't get inefficient read/modify/write I/O from 536 * user apps. Otherwise.... 537 * 538 * If the underlying volume is a stripe, then return the stripe width in 539 * bytes as the recommended I/O size. It is not a stripe and we've set a 540 * default buffered I/O size, return that, otherwise return the compat 541 * default. 542 */ 543 if (xfs_has_large_iosize(mp)) { 544 if (mp->m_swidth) 545 return XFS_FSB_TO_B(mp, mp->m_swidth); 546 if (xfs_has_allocsize(mp)) 547 return 1U << mp->m_allocsize_log; 548 } 549 550 return PAGE_SIZE; 551 } 552 553 STATIC int 554 xfs_vn_getattr( 555 struct mnt_idmap *idmap, 556 const struct path *path, 557 struct kstat *stat, 558 u32 request_mask, 559 unsigned int query_flags) 560 { 561 struct inode *inode = d_inode(path->dentry); 562 struct xfs_inode *ip = XFS_I(inode); 563 struct xfs_mount *mp = ip->i_mount; 564 vfsuid_t vfsuid = i_uid_into_vfsuid(idmap, inode); 565 vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode); 566 567 trace_xfs_getattr(ip); 568 569 if (xfs_is_shutdown(mp)) 570 return -EIO; 571 572 stat->size = XFS_ISIZE(ip); 573 stat->dev = inode->i_sb->s_dev; 574 stat->mode = inode->i_mode; 575 stat->nlink = inode->i_nlink; 576 stat->uid = vfsuid_into_kuid(vfsuid); 577 stat->gid = vfsgid_into_kgid(vfsgid); 578 stat->ino = ip->i_ino; 579 stat->atime = inode_get_atime(inode); 580 stat->mtime = inode_get_mtime(inode); 581 stat->ctime = inode_get_ctime(inode); 582 stat->blocks = XFS_FSB_TO_BB(mp, ip->i_nblocks + ip->i_delayed_blks); 583 584 if (xfs_has_v3inodes(mp)) { 585 if (request_mask & STATX_BTIME) { 586 stat->result_mask |= STATX_BTIME; 587 stat->btime = ip->i_crtime; 588 } 589 } 590 591 if ((request_mask & STATX_CHANGE_COOKIE) && IS_I_VERSION(inode)) { 592 stat->change_cookie = inode_query_iversion(inode); 593 stat->result_mask |= STATX_CHANGE_COOKIE; 594 } 595 596 /* 597 * Note: If you add another clause to set an attribute flag, please 598 * update attributes_mask below. 599 */ 600 if (ip->i_diflags & XFS_DIFLAG_IMMUTABLE) 601 stat->attributes |= STATX_ATTR_IMMUTABLE; 602 if (ip->i_diflags & XFS_DIFLAG_APPEND) 603 stat->attributes |= STATX_ATTR_APPEND; 604 if (ip->i_diflags & XFS_DIFLAG_NODUMP) 605 stat->attributes |= STATX_ATTR_NODUMP; 606 607 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 608 STATX_ATTR_APPEND | 609 STATX_ATTR_NODUMP); 610 611 switch (inode->i_mode & S_IFMT) { 612 case S_IFBLK: 613 case S_IFCHR: 614 stat->blksize = BLKDEV_IOSIZE; 615 stat->rdev = inode->i_rdev; 616 break; 617 case S_IFREG: 618 if (request_mask & STATX_DIOALIGN) { 619 struct xfs_buftarg *target = xfs_inode_buftarg(ip); 620 struct block_device *bdev = target->bt_bdev; 621 622 stat->result_mask |= STATX_DIOALIGN; 623 stat->dio_mem_align = bdev_dma_alignment(bdev) + 1; 624 stat->dio_offset_align = bdev_logical_block_size(bdev); 625 } 626 fallthrough; 627 default: 628 stat->blksize = xfs_stat_blksize(ip); 629 stat->rdev = 0; 630 break; 631 } 632 633 return 0; 634 } 635 636 static int 637 xfs_vn_change_ok( 638 struct mnt_idmap *idmap, 639 struct dentry *dentry, 640 struct iattr *iattr) 641 { 642 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 643 644 if (xfs_is_readonly(mp)) 645 return -EROFS; 646 647 if (xfs_is_shutdown(mp)) 648 return -EIO; 649 650 return setattr_prepare(idmap, dentry, iattr); 651 } 652 653 /* 654 * Set non-size attributes of an inode. 655 * 656 * Caution: The caller of this function is responsible for calling 657 * setattr_prepare() or otherwise verifying the change is fine. 658 */ 659 static int 660 xfs_setattr_nonsize( 661 struct mnt_idmap *idmap, 662 struct dentry *dentry, 663 struct xfs_inode *ip, 664 struct iattr *iattr) 665 { 666 xfs_mount_t *mp = ip->i_mount; 667 struct inode *inode = VFS_I(ip); 668 int mask = iattr->ia_valid; 669 xfs_trans_t *tp; 670 int error; 671 kuid_t uid = GLOBAL_ROOT_UID; 672 kgid_t gid = GLOBAL_ROOT_GID; 673 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 674 struct xfs_dquot *old_udqp = NULL, *old_gdqp = NULL; 675 676 ASSERT((mask & ATTR_SIZE) == 0); 677 678 /* 679 * If disk quotas is on, we make sure that the dquots do exist on disk, 680 * before we start any other transactions. Trying to do this later 681 * is messy. We don't care to take a readlock to look at the ids 682 * in inode here, because we can't hold it across the trans_reserve. 683 * If the IDs do change before we take the ilock, we're covered 684 * because the i_*dquot fields will get updated anyway. 685 */ 686 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 687 uint qflags = 0; 688 689 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 690 uid = from_vfsuid(idmap, i_user_ns(inode), 691 iattr->ia_vfsuid); 692 qflags |= XFS_QMOPT_UQUOTA; 693 } else { 694 uid = inode->i_uid; 695 } 696 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 697 gid = from_vfsgid(idmap, i_user_ns(inode), 698 iattr->ia_vfsgid); 699 qflags |= XFS_QMOPT_GQUOTA; 700 } else { 701 gid = inode->i_gid; 702 } 703 704 /* 705 * We take a reference when we initialize udqp and gdqp, 706 * so it is important that we never blindly double trip on 707 * the same variable. See xfs_create() for an example. 708 */ 709 ASSERT(udqp == NULL); 710 ASSERT(gdqp == NULL); 711 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_projid, 712 qflags, &udqp, &gdqp, NULL); 713 if (error) 714 return error; 715 } 716 717 error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL, 718 has_capability_noaudit(current, CAP_FOWNER), &tp); 719 if (error) 720 goto out_dqrele; 721 722 /* 723 * Register quota modifications in the transaction. Must be the owner 724 * or privileged. These IDs could have changed since we last looked at 725 * them. But, we're assured that if the ownership did change while we 726 * didn't have the inode locked, inode's dquot(s) would have changed 727 * also. 728 */ 729 if (XFS_IS_UQUOTA_ON(mp) && 730 i_uid_needs_update(idmap, iattr, inode)) { 731 ASSERT(udqp); 732 old_udqp = xfs_qm_vop_chown(tp, ip, &ip->i_udquot, udqp); 733 } 734 if (XFS_IS_GQUOTA_ON(mp) && 735 i_gid_needs_update(idmap, iattr, inode)) { 736 ASSERT(xfs_has_pquotino(mp) || !XFS_IS_PQUOTA_ON(mp)); 737 ASSERT(gdqp); 738 old_gdqp = xfs_qm_vop_chown(tp, ip, &ip->i_gdquot, gdqp); 739 } 740 741 setattr_copy(idmap, inode, iattr); 742 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 743 744 XFS_STATS_INC(mp, xs_ig_attrchg); 745 746 if (xfs_has_wsync(mp)) 747 xfs_trans_set_sync(tp); 748 error = xfs_trans_commit(tp); 749 750 /* 751 * Release any dquot(s) the inode had kept before chown. 752 */ 753 xfs_qm_dqrele(old_udqp); 754 xfs_qm_dqrele(old_gdqp); 755 xfs_qm_dqrele(udqp); 756 xfs_qm_dqrele(gdqp); 757 758 if (error) 759 return error; 760 761 /* 762 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 763 * update. We could avoid this with linked transactions 764 * and passing down the transaction pointer all the way 765 * to attr_set. No previous user of the generic 766 * Posix ACL code seems to care about this issue either. 767 */ 768 if (mask & ATTR_MODE) { 769 error = posix_acl_chmod(idmap, dentry, inode->i_mode); 770 if (error) 771 return error; 772 } 773 774 return 0; 775 776 out_dqrele: 777 xfs_qm_dqrele(udqp); 778 xfs_qm_dqrele(gdqp); 779 return error; 780 } 781 782 /* 783 * Truncate file. Must have write permission and not be a directory. 784 * 785 * Caution: The caller of this function is responsible for calling 786 * setattr_prepare() or otherwise verifying the change is fine. 787 */ 788 STATIC int 789 xfs_setattr_size( 790 struct mnt_idmap *idmap, 791 struct dentry *dentry, 792 struct xfs_inode *ip, 793 struct iattr *iattr) 794 { 795 struct xfs_mount *mp = ip->i_mount; 796 struct inode *inode = VFS_I(ip); 797 xfs_off_t oldsize, newsize; 798 struct xfs_trans *tp; 799 int error; 800 uint lock_flags = 0; 801 bool did_zeroing = false; 802 803 xfs_assert_ilocked(ip, XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL); 804 ASSERT(S_ISREG(inode->i_mode)); 805 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 806 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0); 807 808 oldsize = inode->i_size; 809 newsize = iattr->ia_size; 810 811 /* 812 * Short circuit the truncate case for zero length files. 813 */ 814 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) { 815 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 816 return 0; 817 818 /* 819 * Use the regular setattr path to update the timestamps. 820 */ 821 iattr->ia_valid &= ~ATTR_SIZE; 822 return xfs_setattr_nonsize(idmap, dentry, ip, iattr); 823 } 824 825 /* 826 * Make sure that the dquots are attached to the inode. 827 */ 828 error = xfs_qm_dqattach(ip); 829 if (error) 830 return error; 831 832 /* 833 * Wait for all direct I/O to complete. 834 */ 835 inode_dio_wait(inode); 836 837 /* 838 * File data changes must be complete before we start the transaction to 839 * modify the inode. This needs to be done before joining the inode to 840 * the transaction because the inode cannot be unlocked once it is a 841 * part of the transaction. 842 * 843 * Start with zeroing any data beyond EOF that we may expose on file 844 * extension, or zeroing out the rest of the block on a downward 845 * truncate. 846 */ 847 if (newsize > oldsize) { 848 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 849 error = xfs_zero_range(ip, oldsize, newsize - oldsize, 850 &did_zeroing); 851 } else { 852 /* 853 * iomap won't detect a dirty page over an unwritten block (or a 854 * cow block over a hole) and subsequently skips zeroing the 855 * newly post-EOF portion of the page. Flush the new EOF to 856 * convert the block before the pagecache truncate. 857 */ 858 error = filemap_write_and_wait_range(inode->i_mapping, newsize, 859 newsize); 860 if (error) 861 return error; 862 error = xfs_truncate_page(ip, newsize, &did_zeroing); 863 } 864 865 if (error) 866 return error; 867 868 /* 869 * We've already locked out new page faults, so now we can safely remove 870 * pages from the page cache knowing they won't get refaulted until we 871 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 872 * complete. The truncate_setsize() call also cleans partial EOF page 873 * PTEs on extending truncates and hence ensures sub-page block size 874 * filesystems are correctly handled, too. 875 * 876 * We have to do all the page cache truncate work outside the 877 * transaction context as the "lock" order is page lock->log space 878 * reservation as defined by extent allocation in the writeback path. 879 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 880 * having already truncated the in-memory version of the file (i.e. made 881 * user visible changes). There's not much we can do about this, except 882 * to hope that the caller sees ENOMEM and retries the truncate 883 * operation. 884 * 885 * And we update in-core i_size and truncate page cache beyond newsize 886 * before writeback the [i_disk_size, newsize] range, so we're 887 * guaranteed not to write stale data past the new EOF on truncate down. 888 */ 889 truncate_setsize(inode, newsize); 890 891 /* 892 * We are going to log the inode size change in this transaction so 893 * any previous writes that are beyond the on disk EOF and the new 894 * EOF that have not been written out need to be written here. If we 895 * do not write the data out, we expose ourselves to the null files 896 * problem. Note that this includes any block zeroing we did above; 897 * otherwise those blocks may not be zeroed after a crash. 898 */ 899 if (did_zeroing || 900 (newsize > ip->i_disk_size && oldsize != ip->i_disk_size)) { 901 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 902 ip->i_disk_size, newsize - 1); 903 if (error) 904 return error; 905 } 906 907 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 908 if (error) 909 return error; 910 911 lock_flags |= XFS_ILOCK_EXCL; 912 xfs_ilock(ip, XFS_ILOCK_EXCL); 913 xfs_trans_ijoin(tp, ip, 0); 914 915 /* 916 * Only change the c/mtime if we are changing the size or we are 917 * explicitly asked to change it. This handles the semantic difference 918 * between truncate() and ftruncate() as implemented in the VFS. 919 * 920 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 921 * special case where we need to update the times despite not having 922 * these flags set. For all other operations the VFS set these flags 923 * explicitly if it wants a timestamp update. 924 */ 925 if (newsize != oldsize && 926 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 927 iattr->ia_ctime = iattr->ia_mtime = 928 current_time(inode); 929 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 930 } 931 932 /* 933 * The first thing we do is set the size to new_size permanently on 934 * disk. This way we don't have to worry about anyone ever being able 935 * to look at the data being freed even in the face of a crash. 936 * What we're getting around here is the case where we free a block, it 937 * is allocated to another file, it is written to, and then we crash. 938 * If the new data gets written to the file but the log buffers 939 * containing the free and reallocation don't, then we'd end up with 940 * garbage in the blocks being freed. As long as we make the new size 941 * permanent before actually freeing any blocks it doesn't matter if 942 * they get written to. 943 */ 944 ip->i_disk_size = newsize; 945 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 946 947 if (newsize <= oldsize) { 948 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 949 if (error) 950 goto out_trans_cancel; 951 952 /* 953 * Truncated "down", so we're removing references to old data 954 * here - if we delay flushing for a long time, we expose 955 * ourselves unduly to the notorious NULL files problem. So, 956 * we mark this inode and flush it when the file is closed, 957 * and do not wait the usual (long) time for writeout. 958 */ 959 xfs_iflags_set(ip, XFS_ITRUNCATED); 960 961 /* A truncate down always removes post-EOF blocks. */ 962 xfs_inode_clear_eofblocks_tag(ip); 963 } 964 965 ASSERT(!(iattr->ia_valid & (ATTR_UID | ATTR_GID))); 966 setattr_copy(idmap, inode, iattr); 967 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 968 969 XFS_STATS_INC(mp, xs_ig_attrchg); 970 971 if (xfs_has_wsync(mp)) 972 xfs_trans_set_sync(tp); 973 974 error = xfs_trans_commit(tp); 975 out_unlock: 976 if (lock_flags) 977 xfs_iunlock(ip, lock_flags); 978 return error; 979 980 out_trans_cancel: 981 xfs_trans_cancel(tp); 982 goto out_unlock; 983 } 984 985 int 986 xfs_vn_setattr_size( 987 struct mnt_idmap *idmap, 988 struct dentry *dentry, 989 struct iattr *iattr) 990 { 991 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 992 int error; 993 994 trace_xfs_setattr(ip); 995 996 error = xfs_vn_change_ok(idmap, dentry, iattr); 997 if (error) 998 return error; 999 return xfs_setattr_size(idmap, dentry, ip, iattr); 1000 } 1001 1002 STATIC int 1003 xfs_vn_setattr( 1004 struct mnt_idmap *idmap, 1005 struct dentry *dentry, 1006 struct iattr *iattr) 1007 { 1008 struct inode *inode = d_inode(dentry); 1009 struct xfs_inode *ip = XFS_I(inode); 1010 int error; 1011 1012 if (iattr->ia_valid & ATTR_SIZE) { 1013 uint iolock; 1014 1015 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1016 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1017 1018 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1019 if (error) { 1020 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1021 return error; 1022 } 1023 1024 error = xfs_vn_setattr_size(idmap, dentry, iattr); 1025 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1026 } else { 1027 trace_xfs_setattr(ip); 1028 1029 error = xfs_vn_change_ok(idmap, dentry, iattr); 1030 if (!error) 1031 error = xfs_setattr_nonsize(idmap, dentry, ip, iattr); 1032 } 1033 1034 return error; 1035 } 1036 1037 STATIC int 1038 xfs_vn_update_time( 1039 struct inode *inode, 1040 int flags) 1041 { 1042 struct xfs_inode *ip = XFS_I(inode); 1043 struct xfs_mount *mp = ip->i_mount; 1044 int log_flags = XFS_ILOG_TIMESTAMP; 1045 struct xfs_trans *tp; 1046 int error; 1047 struct timespec64 now; 1048 1049 trace_xfs_update_time(ip); 1050 1051 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1052 if (!((flags & S_VERSION) && 1053 inode_maybe_inc_iversion(inode, false))) { 1054 generic_update_time(inode, flags); 1055 return 0; 1056 } 1057 1058 /* Capture the iversion update that just occurred */ 1059 log_flags |= XFS_ILOG_CORE; 1060 } 1061 1062 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1063 if (error) 1064 return error; 1065 1066 xfs_ilock(ip, XFS_ILOCK_EXCL); 1067 if (flags & (S_CTIME|S_MTIME)) 1068 now = inode_set_ctime_current(inode); 1069 else 1070 now = current_time(inode); 1071 1072 if (flags & S_MTIME) 1073 inode_set_mtime_to_ts(inode, now); 1074 if (flags & S_ATIME) 1075 inode_set_atime_to_ts(inode, now); 1076 1077 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1078 xfs_trans_log_inode(tp, ip, log_flags); 1079 return xfs_trans_commit(tp); 1080 } 1081 1082 STATIC int 1083 xfs_vn_fiemap( 1084 struct inode *inode, 1085 struct fiemap_extent_info *fieinfo, 1086 u64 start, 1087 u64 length) 1088 { 1089 int error; 1090 1091 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1092 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1093 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1094 error = iomap_fiemap(inode, fieinfo, start, length, 1095 &xfs_xattr_iomap_ops); 1096 } else { 1097 error = iomap_fiemap(inode, fieinfo, start, length, 1098 &xfs_read_iomap_ops); 1099 } 1100 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1101 1102 return error; 1103 } 1104 1105 STATIC int 1106 xfs_vn_tmpfile( 1107 struct mnt_idmap *idmap, 1108 struct inode *dir, 1109 struct file *file, 1110 umode_t mode) 1111 { 1112 int err = xfs_generic_create(idmap, dir, file->f_path.dentry, mode, 0, file); 1113 1114 return finish_open_simple(file, err); 1115 } 1116 1117 static const struct inode_operations xfs_inode_operations = { 1118 .get_inode_acl = xfs_get_acl, 1119 .set_acl = xfs_set_acl, 1120 .getattr = xfs_vn_getattr, 1121 .setattr = xfs_vn_setattr, 1122 .listxattr = xfs_vn_listxattr, 1123 .fiemap = xfs_vn_fiemap, 1124 .update_time = xfs_vn_update_time, 1125 .fileattr_get = xfs_fileattr_get, 1126 .fileattr_set = xfs_fileattr_set, 1127 }; 1128 1129 static const struct inode_operations xfs_dir_inode_operations = { 1130 .create = xfs_vn_create, 1131 .lookup = xfs_vn_lookup, 1132 .link = xfs_vn_link, 1133 .unlink = xfs_vn_unlink, 1134 .symlink = xfs_vn_symlink, 1135 .mkdir = xfs_vn_mkdir, 1136 /* 1137 * Yes, XFS uses the same method for rmdir and unlink. 1138 * 1139 * There are some subtile differences deeper in the code, 1140 * but we use S_ISDIR to check for those. 1141 */ 1142 .rmdir = xfs_vn_unlink, 1143 .mknod = xfs_vn_mknod, 1144 .rename = xfs_vn_rename, 1145 .get_inode_acl = xfs_get_acl, 1146 .set_acl = xfs_set_acl, 1147 .getattr = xfs_vn_getattr, 1148 .setattr = xfs_vn_setattr, 1149 .listxattr = xfs_vn_listxattr, 1150 .update_time = xfs_vn_update_time, 1151 .tmpfile = xfs_vn_tmpfile, 1152 .fileattr_get = xfs_fileattr_get, 1153 .fileattr_set = xfs_fileattr_set, 1154 }; 1155 1156 static const struct inode_operations xfs_dir_ci_inode_operations = { 1157 .create = xfs_vn_create, 1158 .lookup = xfs_vn_ci_lookup, 1159 .link = xfs_vn_link, 1160 .unlink = xfs_vn_unlink, 1161 .symlink = xfs_vn_symlink, 1162 .mkdir = xfs_vn_mkdir, 1163 /* 1164 * Yes, XFS uses the same method for rmdir and unlink. 1165 * 1166 * There are some subtile differences deeper in the code, 1167 * but we use S_ISDIR to check for those. 1168 */ 1169 .rmdir = xfs_vn_unlink, 1170 .mknod = xfs_vn_mknod, 1171 .rename = xfs_vn_rename, 1172 .get_inode_acl = xfs_get_acl, 1173 .set_acl = xfs_set_acl, 1174 .getattr = xfs_vn_getattr, 1175 .setattr = xfs_vn_setattr, 1176 .listxattr = xfs_vn_listxattr, 1177 .update_time = xfs_vn_update_time, 1178 .tmpfile = xfs_vn_tmpfile, 1179 .fileattr_get = xfs_fileattr_get, 1180 .fileattr_set = xfs_fileattr_set, 1181 }; 1182 1183 static const struct inode_operations xfs_symlink_inode_operations = { 1184 .get_link = xfs_vn_get_link, 1185 .getattr = xfs_vn_getattr, 1186 .setattr = xfs_vn_setattr, 1187 .listxattr = xfs_vn_listxattr, 1188 .update_time = xfs_vn_update_time, 1189 }; 1190 1191 /* Figure out if this file actually supports DAX. */ 1192 static bool 1193 xfs_inode_supports_dax( 1194 struct xfs_inode *ip) 1195 { 1196 struct xfs_mount *mp = ip->i_mount; 1197 1198 /* Only supported on regular files. */ 1199 if (!S_ISREG(VFS_I(ip)->i_mode)) 1200 return false; 1201 1202 /* Block size must match page size */ 1203 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1204 return false; 1205 1206 /* Device has to support DAX too. */ 1207 return xfs_inode_buftarg(ip)->bt_daxdev != NULL; 1208 } 1209 1210 static bool 1211 xfs_inode_should_enable_dax( 1212 struct xfs_inode *ip) 1213 { 1214 if (!IS_ENABLED(CONFIG_FS_DAX)) 1215 return false; 1216 if (xfs_has_dax_never(ip->i_mount)) 1217 return false; 1218 if (!xfs_inode_supports_dax(ip)) 1219 return false; 1220 if (xfs_has_dax_always(ip->i_mount)) 1221 return true; 1222 if (ip->i_diflags2 & XFS_DIFLAG2_DAX) 1223 return true; 1224 return false; 1225 } 1226 1227 void 1228 xfs_diflags_to_iflags( 1229 struct xfs_inode *ip, 1230 bool init) 1231 { 1232 struct inode *inode = VFS_I(ip); 1233 unsigned int xflags = xfs_ip2xflags(ip); 1234 unsigned int flags = 0; 1235 1236 ASSERT(!(IS_DAX(inode) && init)); 1237 1238 if (xflags & FS_XFLAG_IMMUTABLE) 1239 flags |= S_IMMUTABLE; 1240 if (xflags & FS_XFLAG_APPEND) 1241 flags |= S_APPEND; 1242 if (xflags & FS_XFLAG_SYNC) 1243 flags |= S_SYNC; 1244 if (xflags & FS_XFLAG_NOATIME) 1245 flags |= S_NOATIME; 1246 if (init && xfs_inode_should_enable_dax(ip)) 1247 flags |= S_DAX; 1248 1249 /* 1250 * S_DAX can only be set during inode initialization and is never set by 1251 * the VFS, so we cannot mask off S_DAX in i_flags. 1252 */ 1253 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME); 1254 inode->i_flags |= flags; 1255 } 1256 1257 /* 1258 * Initialize the Linux inode. 1259 * 1260 * When reading existing inodes from disk this is called directly from xfs_iget, 1261 * when creating a new inode it is called from xfs_init_new_inode after setting 1262 * up the inode. These callers have different criteria for clearing XFS_INEW, so 1263 * leave it up to the caller to deal with unlocking the inode appropriately. 1264 */ 1265 void 1266 xfs_setup_inode( 1267 struct xfs_inode *ip) 1268 { 1269 struct inode *inode = &ip->i_vnode; 1270 gfp_t gfp_mask; 1271 1272 inode->i_ino = ip->i_ino; 1273 inode->i_state |= I_NEW; 1274 1275 inode_sb_list_add(inode); 1276 /* make the inode look hashed for the writeback code */ 1277 inode_fake_hash(inode); 1278 1279 i_size_write(inode, ip->i_disk_size); 1280 xfs_diflags_to_iflags(ip, true); 1281 1282 if (S_ISDIR(inode->i_mode)) { 1283 /* 1284 * We set the i_rwsem class here to avoid potential races with 1285 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1286 * after a filehandle lookup has already found the inode in 1287 * cache before it has been unlocked via unlock_new_inode(). 1288 */ 1289 lockdep_set_class(&inode->i_rwsem, 1290 &inode->i_sb->s_type->i_mutex_dir_key); 1291 lockdep_set_class(&ip->i_lock, &xfs_dir_ilock_class); 1292 } else { 1293 lockdep_set_class(&ip->i_lock, &xfs_nondir_ilock_class); 1294 } 1295 1296 /* 1297 * Ensure all page cache allocations are done from GFP_NOFS context to 1298 * prevent direct reclaim recursion back into the filesystem and blowing 1299 * stacks or deadlocking. 1300 */ 1301 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1302 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1303 1304 /* 1305 * For real-time inodes update the stable write flags to that of the RT 1306 * device instead of the data device. 1307 */ 1308 if (S_ISREG(inode->i_mode) && XFS_IS_REALTIME_INODE(ip)) 1309 xfs_update_stable_writes(ip); 1310 1311 /* 1312 * If there is no attribute fork no ACL can exist on this inode, 1313 * and it can't have any file capabilities attached to it either. 1314 */ 1315 if (!xfs_inode_has_attr_fork(ip)) { 1316 inode_has_no_xattr(inode); 1317 cache_no_acl(inode); 1318 } 1319 } 1320 1321 void 1322 xfs_setup_iops( 1323 struct xfs_inode *ip) 1324 { 1325 struct inode *inode = &ip->i_vnode; 1326 1327 switch (inode->i_mode & S_IFMT) { 1328 case S_IFREG: 1329 inode->i_op = &xfs_inode_operations; 1330 inode->i_fop = &xfs_file_operations; 1331 if (IS_DAX(inode)) 1332 inode->i_mapping->a_ops = &xfs_dax_aops; 1333 else 1334 inode->i_mapping->a_ops = &xfs_address_space_operations; 1335 break; 1336 case S_IFDIR: 1337 if (xfs_has_asciici(XFS_M(inode->i_sb))) 1338 inode->i_op = &xfs_dir_ci_inode_operations; 1339 else 1340 inode->i_op = &xfs_dir_inode_operations; 1341 inode->i_fop = &xfs_dir_file_operations; 1342 break; 1343 case S_IFLNK: 1344 inode->i_op = &xfs_symlink_inode_operations; 1345 break; 1346 default: 1347 inode->i_op = &xfs_inode_operations; 1348 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1349 break; 1350 } 1351 } 1352