1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_inode.h" 14 #include "xfs_acl.h" 15 #include "xfs_quota.h" 16 #include "xfs_da_format.h" 17 #include "xfs_da_btree.h" 18 #include "xfs_attr.h" 19 #include "xfs_trans.h" 20 #include "xfs_trace.h" 21 #include "xfs_icache.h" 22 #include "xfs_symlink.h" 23 #include "xfs_dir2.h" 24 #include "xfs_iomap.h" 25 #include "xfs_error.h" 26 #include "xfs_ioctl.h" 27 #include "xfs_xattr.h" 28 29 #include <linux/posix_acl.h> 30 #include <linux/security.h> 31 #include <linux/iversion.h> 32 #include <linux/fiemap.h> 33 34 /* 35 * Directories have different lock order w.r.t. mmap_lock compared to regular 36 * files. This is due to readdir potentially triggering page faults on a user 37 * buffer inside filldir(), and this happens with the ilock on the directory 38 * held. For regular files, the lock order is the other way around - the 39 * mmap_lock is taken during the page fault, and then we lock the ilock to do 40 * block mapping. Hence we need a different class for the directory ilock so 41 * that lockdep can tell them apart. 42 */ 43 static struct lock_class_key xfs_nondir_ilock_class; 44 static struct lock_class_key xfs_dir_ilock_class; 45 46 static int 47 xfs_initxattrs( 48 struct inode *inode, 49 const struct xattr *xattr_array, 50 void *fs_info) 51 { 52 const struct xattr *xattr; 53 struct xfs_inode *ip = XFS_I(inode); 54 int error = 0; 55 56 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 57 struct xfs_da_args args = { 58 .dp = ip, 59 .attr_filter = XFS_ATTR_SECURE, 60 .name = xattr->name, 61 .namelen = strlen(xattr->name), 62 .value = xattr->value, 63 .valuelen = xattr->value_len, 64 }; 65 error = xfs_attr_change(&args); 66 if (error < 0) 67 break; 68 } 69 return error; 70 } 71 72 /* 73 * Hook in SELinux. This is not quite correct yet, what we really need 74 * here (as we do for default ACLs) is a mechanism by which creation of 75 * these attrs can be journalled at inode creation time (along with the 76 * inode, of course, such that log replay can't cause these to be lost). 77 */ 78 int 79 xfs_inode_init_security( 80 struct inode *inode, 81 struct inode *dir, 82 const struct qstr *qstr) 83 { 84 return security_inode_init_security(inode, dir, qstr, 85 &xfs_initxattrs, NULL); 86 } 87 88 static void 89 xfs_dentry_to_name( 90 struct xfs_name *namep, 91 struct dentry *dentry) 92 { 93 namep->name = dentry->d_name.name; 94 namep->len = dentry->d_name.len; 95 namep->type = XFS_DIR3_FT_UNKNOWN; 96 } 97 98 static int 99 xfs_dentry_mode_to_name( 100 struct xfs_name *namep, 101 struct dentry *dentry, 102 int mode) 103 { 104 namep->name = dentry->d_name.name; 105 namep->len = dentry->d_name.len; 106 namep->type = xfs_mode_to_ftype(mode); 107 108 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 109 return -EFSCORRUPTED; 110 111 return 0; 112 } 113 114 STATIC void 115 xfs_cleanup_inode( 116 struct inode *dir, 117 struct inode *inode, 118 struct dentry *dentry) 119 { 120 struct xfs_name teardown; 121 122 /* Oh, the horror. 123 * If we can't add the ACL or we fail in 124 * xfs_inode_init_security we must back out. 125 * ENOSPC can hit here, among other things. 126 */ 127 xfs_dentry_to_name(&teardown, dentry); 128 129 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 130 } 131 132 /* 133 * Check to see if we are likely to need an extended attribute to be added to 134 * the inode we are about to allocate. This allows the attribute fork to be 135 * created during the inode allocation, reducing the number of transactions we 136 * need to do in this fast path. 137 * 138 * The security checks are optimistic, but not guaranteed. The two LSMs that 139 * require xattrs to be added here (selinux and smack) are also the only two 140 * LSMs that add a sb->s_security structure to the superblock. Hence if security 141 * is enabled and sb->s_security is set, we have a pretty good idea that we are 142 * going to be asked to add a security xattr immediately after allocating the 143 * xfs inode and instantiating the VFS inode. 144 */ 145 static inline bool 146 xfs_create_need_xattr( 147 struct inode *dir, 148 struct posix_acl *default_acl, 149 struct posix_acl *acl) 150 { 151 if (acl) 152 return true; 153 if (default_acl) 154 return true; 155 #if IS_ENABLED(CONFIG_SECURITY) 156 if (dir->i_sb->s_security) 157 return true; 158 #endif 159 return false; 160 } 161 162 163 STATIC int 164 xfs_generic_create( 165 struct mnt_idmap *idmap, 166 struct inode *dir, 167 struct dentry *dentry, 168 umode_t mode, 169 dev_t rdev, 170 struct file *tmpfile) /* unnamed file */ 171 { 172 struct inode *inode; 173 struct xfs_inode *ip = NULL; 174 struct posix_acl *default_acl, *acl; 175 struct xfs_name name; 176 int error; 177 178 /* 179 * Irix uses Missed'em'V split, but doesn't want to see 180 * the upper 5 bits of (14bit) major. 181 */ 182 if (S_ISCHR(mode) || S_ISBLK(mode)) { 183 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 184 return -EINVAL; 185 } else { 186 rdev = 0; 187 } 188 189 error = posix_acl_create(dir, &mode, &default_acl, &acl); 190 if (error) 191 return error; 192 193 /* Verify mode is valid also for tmpfile case */ 194 error = xfs_dentry_mode_to_name(&name, dentry, mode); 195 if (unlikely(error)) 196 goto out_free_acl; 197 198 if (!tmpfile) { 199 error = xfs_create(idmap, XFS_I(dir), &name, mode, rdev, 200 xfs_create_need_xattr(dir, default_acl, acl), 201 &ip); 202 } else { 203 error = xfs_create_tmpfile(idmap, XFS_I(dir), mode, &ip); 204 } 205 if (unlikely(error)) 206 goto out_free_acl; 207 208 inode = VFS_I(ip); 209 210 error = xfs_inode_init_security(inode, dir, &dentry->d_name); 211 if (unlikely(error)) 212 goto out_cleanup_inode; 213 214 if (default_acl) { 215 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 216 if (error) 217 goto out_cleanup_inode; 218 } 219 if (acl) { 220 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 221 if (error) 222 goto out_cleanup_inode; 223 } 224 225 xfs_setup_iops(ip); 226 227 if (tmpfile) { 228 /* 229 * The VFS requires that any inode fed to d_tmpfile must have 230 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 231 * However, we created the temp file with nlink == 0 because 232 * we're not allowed to put an inode with nlink > 0 on the 233 * unlinked list. Therefore we have to set nlink to 1 so that 234 * d_tmpfile can immediately set it back to zero. 235 */ 236 set_nlink(inode, 1); 237 d_tmpfile(tmpfile, inode); 238 } else 239 d_instantiate(dentry, inode); 240 241 xfs_finish_inode_setup(ip); 242 243 out_free_acl: 244 posix_acl_release(default_acl); 245 posix_acl_release(acl); 246 return error; 247 248 out_cleanup_inode: 249 xfs_finish_inode_setup(ip); 250 if (!tmpfile) 251 xfs_cleanup_inode(dir, inode, dentry); 252 xfs_irele(ip); 253 goto out_free_acl; 254 } 255 256 STATIC int 257 xfs_vn_mknod( 258 struct mnt_idmap *idmap, 259 struct inode *dir, 260 struct dentry *dentry, 261 umode_t mode, 262 dev_t rdev) 263 { 264 return xfs_generic_create(idmap, dir, dentry, mode, rdev, NULL); 265 } 266 267 STATIC int 268 xfs_vn_create( 269 struct mnt_idmap *idmap, 270 struct inode *dir, 271 struct dentry *dentry, 272 umode_t mode, 273 bool flags) 274 { 275 return xfs_generic_create(idmap, dir, dentry, mode, 0, NULL); 276 } 277 278 STATIC int 279 xfs_vn_mkdir( 280 struct mnt_idmap *idmap, 281 struct inode *dir, 282 struct dentry *dentry, 283 umode_t mode) 284 { 285 return xfs_generic_create(idmap, dir, dentry, mode | S_IFDIR, 0, NULL); 286 } 287 288 STATIC struct dentry * 289 xfs_vn_lookup( 290 struct inode *dir, 291 struct dentry *dentry, 292 unsigned int flags) 293 { 294 struct inode *inode; 295 struct xfs_inode *cip; 296 struct xfs_name name; 297 int error; 298 299 if (dentry->d_name.len >= MAXNAMELEN) 300 return ERR_PTR(-ENAMETOOLONG); 301 302 xfs_dentry_to_name(&name, dentry); 303 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 304 if (likely(!error)) 305 inode = VFS_I(cip); 306 else if (likely(error == -ENOENT)) 307 inode = NULL; 308 else 309 inode = ERR_PTR(error); 310 return d_splice_alias(inode, dentry); 311 } 312 313 STATIC struct dentry * 314 xfs_vn_ci_lookup( 315 struct inode *dir, 316 struct dentry *dentry, 317 unsigned int flags) 318 { 319 struct xfs_inode *ip; 320 struct xfs_name xname; 321 struct xfs_name ci_name; 322 struct qstr dname; 323 int error; 324 325 if (dentry->d_name.len >= MAXNAMELEN) 326 return ERR_PTR(-ENAMETOOLONG); 327 328 xfs_dentry_to_name(&xname, dentry); 329 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 330 if (unlikely(error)) { 331 if (unlikely(error != -ENOENT)) 332 return ERR_PTR(error); 333 /* 334 * call d_add(dentry, NULL) here when d_drop_negative_children 335 * is called in xfs_vn_mknod (ie. allow negative dentries 336 * with CI filesystems). 337 */ 338 return NULL; 339 } 340 341 /* if exact match, just splice and exit */ 342 if (!ci_name.name) 343 return d_splice_alias(VFS_I(ip), dentry); 344 345 /* else case-insensitive match... */ 346 dname.name = ci_name.name; 347 dname.len = ci_name.len; 348 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 349 kmem_free(ci_name.name); 350 return dentry; 351 } 352 353 STATIC int 354 xfs_vn_link( 355 struct dentry *old_dentry, 356 struct inode *dir, 357 struct dentry *dentry) 358 { 359 struct inode *inode = d_inode(old_dentry); 360 struct xfs_name name; 361 int error; 362 363 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 364 if (unlikely(error)) 365 return error; 366 367 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 368 if (unlikely(error)) 369 return error; 370 371 ihold(inode); 372 d_instantiate(dentry, inode); 373 return 0; 374 } 375 376 STATIC int 377 xfs_vn_unlink( 378 struct inode *dir, 379 struct dentry *dentry) 380 { 381 struct xfs_name name; 382 int error; 383 384 xfs_dentry_to_name(&name, dentry); 385 386 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 387 if (error) 388 return error; 389 390 /* 391 * With unlink, the VFS makes the dentry "negative": no inode, 392 * but still hashed. This is incompatible with case-insensitive 393 * mode, so invalidate (unhash) the dentry in CI-mode. 394 */ 395 if (xfs_has_asciici(XFS_M(dir->i_sb))) 396 d_invalidate(dentry); 397 return 0; 398 } 399 400 STATIC int 401 xfs_vn_symlink( 402 struct mnt_idmap *idmap, 403 struct inode *dir, 404 struct dentry *dentry, 405 const char *symname) 406 { 407 struct inode *inode; 408 struct xfs_inode *cip = NULL; 409 struct xfs_name name; 410 int error; 411 umode_t mode; 412 413 mode = S_IFLNK | 414 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 415 error = xfs_dentry_mode_to_name(&name, dentry, mode); 416 if (unlikely(error)) 417 goto out; 418 419 error = xfs_symlink(idmap, XFS_I(dir), &name, symname, mode, &cip); 420 if (unlikely(error)) 421 goto out; 422 423 inode = VFS_I(cip); 424 425 error = xfs_inode_init_security(inode, dir, &dentry->d_name); 426 if (unlikely(error)) 427 goto out_cleanup_inode; 428 429 xfs_setup_iops(cip); 430 431 d_instantiate(dentry, inode); 432 xfs_finish_inode_setup(cip); 433 return 0; 434 435 out_cleanup_inode: 436 xfs_finish_inode_setup(cip); 437 xfs_cleanup_inode(dir, inode, dentry); 438 xfs_irele(cip); 439 out: 440 return error; 441 } 442 443 STATIC int 444 xfs_vn_rename( 445 struct mnt_idmap *idmap, 446 struct inode *odir, 447 struct dentry *odentry, 448 struct inode *ndir, 449 struct dentry *ndentry, 450 unsigned int flags) 451 { 452 struct inode *new_inode = d_inode(ndentry); 453 int omode = 0; 454 int error; 455 struct xfs_name oname; 456 struct xfs_name nname; 457 458 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 459 return -EINVAL; 460 461 /* if we are exchanging files, we need to set i_mode of both files */ 462 if (flags & RENAME_EXCHANGE) 463 omode = d_inode(ndentry)->i_mode; 464 465 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 466 if (omode && unlikely(error)) 467 return error; 468 469 error = xfs_dentry_mode_to_name(&nname, ndentry, 470 d_inode(odentry)->i_mode); 471 if (unlikely(error)) 472 return error; 473 474 return xfs_rename(idmap, XFS_I(odir), &oname, 475 XFS_I(d_inode(odentry)), XFS_I(ndir), &nname, 476 new_inode ? XFS_I(new_inode) : NULL, flags); 477 } 478 479 /* 480 * careful here - this function can get called recursively, so 481 * we need to be very careful about how much stack we use. 482 * uio is kmalloced for this reason... 483 */ 484 STATIC const char * 485 xfs_vn_get_link( 486 struct dentry *dentry, 487 struct inode *inode, 488 struct delayed_call *done) 489 { 490 char *link; 491 int error = -ENOMEM; 492 493 if (!dentry) 494 return ERR_PTR(-ECHILD); 495 496 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 497 if (!link) 498 goto out_err; 499 500 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 501 if (unlikely(error)) 502 goto out_kfree; 503 504 set_delayed_call(done, kfree_link, link); 505 return link; 506 507 out_kfree: 508 kfree(link); 509 out_err: 510 return ERR_PTR(error); 511 } 512 513 static uint32_t 514 xfs_stat_blksize( 515 struct xfs_inode *ip) 516 { 517 struct xfs_mount *mp = ip->i_mount; 518 519 /* 520 * If the file blocks are being allocated from a realtime volume, then 521 * always return the realtime extent size. 522 */ 523 if (XFS_IS_REALTIME_INODE(ip)) 524 return XFS_FSB_TO_B(mp, xfs_get_extsz_hint(ip)); 525 526 /* 527 * Allow large block sizes to be reported to userspace programs if the 528 * "largeio" mount option is used. 529 * 530 * If compatibility mode is specified, simply return the basic unit of 531 * caching so that we don't get inefficient read/modify/write I/O from 532 * user apps. Otherwise.... 533 * 534 * If the underlying volume is a stripe, then return the stripe width in 535 * bytes as the recommended I/O size. It is not a stripe and we've set a 536 * default buffered I/O size, return that, otherwise return the compat 537 * default. 538 */ 539 if (xfs_has_large_iosize(mp)) { 540 if (mp->m_swidth) 541 return XFS_FSB_TO_B(mp, mp->m_swidth); 542 if (xfs_has_allocsize(mp)) 543 return 1U << mp->m_allocsize_log; 544 } 545 546 return PAGE_SIZE; 547 } 548 549 STATIC int 550 xfs_vn_getattr( 551 struct mnt_idmap *idmap, 552 const struct path *path, 553 struct kstat *stat, 554 u32 request_mask, 555 unsigned int query_flags) 556 { 557 struct inode *inode = d_inode(path->dentry); 558 struct xfs_inode *ip = XFS_I(inode); 559 struct xfs_mount *mp = ip->i_mount; 560 vfsuid_t vfsuid = i_uid_into_vfsuid(idmap, inode); 561 vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode); 562 563 trace_xfs_getattr(ip); 564 565 if (xfs_is_shutdown(mp)) 566 return -EIO; 567 568 stat->size = XFS_ISIZE(ip); 569 stat->dev = inode->i_sb->s_dev; 570 stat->mode = inode->i_mode; 571 stat->nlink = inode->i_nlink; 572 stat->uid = vfsuid_into_kuid(vfsuid); 573 stat->gid = vfsgid_into_kgid(vfsgid); 574 stat->ino = ip->i_ino; 575 stat->atime = inode->i_atime; 576 stat->mtime = inode->i_mtime; 577 stat->ctime = inode_get_ctime(inode); 578 stat->blocks = XFS_FSB_TO_BB(mp, ip->i_nblocks + ip->i_delayed_blks); 579 580 if (xfs_has_v3inodes(mp)) { 581 if (request_mask & STATX_BTIME) { 582 stat->result_mask |= STATX_BTIME; 583 stat->btime = ip->i_crtime; 584 } 585 } 586 587 /* 588 * Note: If you add another clause to set an attribute flag, please 589 * update attributes_mask below. 590 */ 591 if (ip->i_diflags & XFS_DIFLAG_IMMUTABLE) 592 stat->attributes |= STATX_ATTR_IMMUTABLE; 593 if (ip->i_diflags & XFS_DIFLAG_APPEND) 594 stat->attributes |= STATX_ATTR_APPEND; 595 if (ip->i_diflags & XFS_DIFLAG_NODUMP) 596 stat->attributes |= STATX_ATTR_NODUMP; 597 598 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 599 STATX_ATTR_APPEND | 600 STATX_ATTR_NODUMP); 601 602 switch (inode->i_mode & S_IFMT) { 603 case S_IFBLK: 604 case S_IFCHR: 605 stat->blksize = BLKDEV_IOSIZE; 606 stat->rdev = inode->i_rdev; 607 break; 608 case S_IFREG: 609 if (request_mask & STATX_DIOALIGN) { 610 struct xfs_buftarg *target = xfs_inode_buftarg(ip); 611 struct block_device *bdev = target->bt_bdev; 612 613 stat->result_mask |= STATX_DIOALIGN; 614 stat->dio_mem_align = bdev_dma_alignment(bdev) + 1; 615 stat->dio_offset_align = bdev_logical_block_size(bdev); 616 } 617 fallthrough; 618 default: 619 stat->blksize = xfs_stat_blksize(ip); 620 stat->rdev = 0; 621 break; 622 } 623 624 return 0; 625 } 626 627 static int 628 xfs_vn_change_ok( 629 struct mnt_idmap *idmap, 630 struct dentry *dentry, 631 struct iattr *iattr) 632 { 633 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 634 635 if (xfs_is_readonly(mp)) 636 return -EROFS; 637 638 if (xfs_is_shutdown(mp)) 639 return -EIO; 640 641 return setattr_prepare(idmap, dentry, iattr); 642 } 643 644 /* 645 * Set non-size attributes of an inode. 646 * 647 * Caution: The caller of this function is responsible for calling 648 * setattr_prepare() or otherwise verifying the change is fine. 649 */ 650 static int 651 xfs_setattr_nonsize( 652 struct mnt_idmap *idmap, 653 struct dentry *dentry, 654 struct xfs_inode *ip, 655 struct iattr *iattr) 656 { 657 xfs_mount_t *mp = ip->i_mount; 658 struct inode *inode = VFS_I(ip); 659 int mask = iattr->ia_valid; 660 xfs_trans_t *tp; 661 int error; 662 kuid_t uid = GLOBAL_ROOT_UID; 663 kgid_t gid = GLOBAL_ROOT_GID; 664 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 665 struct xfs_dquot *old_udqp = NULL, *old_gdqp = NULL; 666 667 ASSERT((mask & ATTR_SIZE) == 0); 668 669 /* 670 * If disk quotas is on, we make sure that the dquots do exist on disk, 671 * before we start any other transactions. Trying to do this later 672 * is messy. We don't care to take a readlock to look at the ids 673 * in inode here, because we can't hold it across the trans_reserve. 674 * If the IDs do change before we take the ilock, we're covered 675 * because the i_*dquot fields will get updated anyway. 676 */ 677 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 678 uint qflags = 0; 679 680 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 681 uid = from_vfsuid(idmap, i_user_ns(inode), 682 iattr->ia_vfsuid); 683 qflags |= XFS_QMOPT_UQUOTA; 684 } else { 685 uid = inode->i_uid; 686 } 687 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 688 gid = from_vfsgid(idmap, i_user_ns(inode), 689 iattr->ia_vfsgid); 690 qflags |= XFS_QMOPT_GQUOTA; 691 } else { 692 gid = inode->i_gid; 693 } 694 695 /* 696 * We take a reference when we initialize udqp and gdqp, 697 * so it is important that we never blindly double trip on 698 * the same variable. See xfs_create() for an example. 699 */ 700 ASSERT(udqp == NULL); 701 ASSERT(gdqp == NULL); 702 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_projid, 703 qflags, &udqp, &gdqp, NULL); 704 if (error) 705 return error; 706 } 707 708 error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL, 709 has_capability_noaudit(current, CAP_FOWNER), &tp); 710 if (error) 711 goto out_dqrele; 712 713 /* 714 * Register quota modifications in the transaction. Must be the owner 715 * or privileged. These IDs could have changed since we last looked at 716 * them. But, we're assured that if the ownership did change while we 717 * didn't have the inode locked, inode's dquot(s) would have changed 718 * also. 719 */ 720 if (XFS_IS_UQUOTA_ON(mp) && 721 i_uid_needs_update(idmap, iattr, inode)) { 722 ASSERT(udqp); 723 old_udqp = xfs_qm_vop_chown(tp, ip, &ip->i_udquot, udqp); 724 } 725 if (XFS_IS_GQUOTA_ON(mp) && 726 i_gid_needs_update(idmap, iattr, inode)) { 727 ASSERT(xfs_has_pquotino(mp) || !XFS_IS_PQUOTA_ON(mp)); 728 ASSERT(gdqp); 729 old_gdqp = xfs_qm_vop_chown(tp, ip, &ip->i_gdquot, gdqp); 730 } 731 732 setattr_copy(idmap, inode, iattr); 733 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 734 735 XFS_STATS_INC(mp, xs_ig_attrchg); 736 737 if (xfs_has_wsync(mp)) 738 xfs_trans_set_sync(tp); 739 error = xfs_trans_commit(tp); 740 741 /* 742 * Release any dquot(s) the inode had kept before chown. 743 */ 744 xfs_qm_dqrele(old_udqp); 745 xfs_qm_dqrele(old_gdqp); 746 xfs_qm_dqrele(udqp); 747 xfs_qm_dqrele(gdqp); 748 749 if (error) 750 return error; 751 752 /* 753 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 754 * update. We could avoid this with linked transactions 755 * and passing down the transaction pointer all the way 756 * to attr_set. No previous user of the generic 757 * Posix ACL code seems to care about this issue either. 758 */ 759 if (mask & ATTR_MODE) { 760 error = posix_acl_chmod(idmap, dentry, inode->i_mode); 761 if (error) 762 return error; 763 } 764 765 return 0; 766 767 out_dqrele: 768 xfs_qm_dqrele(udqp); 769 xfs_qm_dqrele(gdqp); 770 return error; 771 } 772 773 /* 774 * Truncate file. Must have write permission and not be a directory. 775 * 776 * Caution: The caller of this function is responsible for calling 777 * setattr_prepare() or otherwise verifying the change is fine. 778 */ 779 STATIC int 780 xfs_setattr_size( 781 struct mnt_idmap *idmap, 782 struct dentry *dentry, 783 struct xfs_inode *ip, 784 struct iattr *iattr) 785 { 786 struct xfs_mount *mp = ip->i_mount; 787 struct inode *inode = VFS_I(ip); 788 xfs_off_t oldsize, newsize; 789 struct xfs_trans *tp; 790 int error; 791 uint lock_flags = 0; 792 bool did_zeroing = false; 793 794 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); 795 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL)); 796 ASSERT(S_ISREG(inode->i_mode)); 797 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 798 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0); 799 800 oldsize = inode->i_size; 801 newsize = iattr->ia_size; 802 803 /* 804 * Short circuit the truncate case for zero length files. 805 */ 806 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) { 807 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 808 return 0; 809 810 /* 811 * Use the regular setattr path to update the timestamps. 812 */ 813 iattr->ia_valid &= ~ATTR_SIZE; 814 return xfs_setattr_nonsize(idmap, dentry, ip, iattr); 815 } 816 817 /* 818 * Make sure that the dquots are attached to the inode. 819 */ 820 error = xfs_qm_dqattach(ip); 821 if (error) 822 return error; 823 824 /* 825 * Wait for all direct I/O to complete. 826 */ 827 inode_dio_wait(inode); 828 829 /* 830 * File data changes must be complete before we start the transaction to 831 * modify the inode. This needs to be done before joining the inode to 832 * the transaction because the inode cannot be unlocked once it is a 833 * part of the transaction. 834 * 835 * Start with zeroing any data beyond EOF that we may expose on file 836 * extension, or zeroing out the rest of the block on a downward 837 * truncate. 838 */ 839 if (newsize > oldsize) { 840 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 841 error = xfs_zero_range(ip, oldsize, newsize - oldsize, 842 &did_zeroing); 843 } else { 844 /* 845 * iomap won't detect a dirty page over an unwritten block (or a 846 * cow block over a hole) and subsequently skips zeroing the 847 * newly post-EOF portion of the page. Flush the new EOF to 848 * convert the block before the pagecache truncate. 849 */ 850 error = filemap_write_and_wait_range(inode->i_mapping, newsize, 851 newsize); 852 if (error) 853 return error; 854 error = xfs_truncate_page(ip, newsize, &did_zeroing); 855 } 856 857 if (error) 858 return error; 859 860 /* 861 * We've already locked out new page faults, so now we can safely remove 862 * pages from the page cache knowing they won't get refaulted until we 863 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 864 * complete. The truncate_setsize() call also cleans partial EOF page 865 * PTEs on extending truncates and hence ensures sub-page block size 866 * filesystems are correctly handled, too. 867 * 868 * We have to do all the page cache truncate work outside the 869 * transaction context as the "lock" order is page lock->log space 870 * reservation as defined by extent allocation in the writeback path. 871 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 872 * having already truncated the in-memory version of the file (i.e. made 873 * user visible changes). There's not much we can do about this, except 874 * to hope that the caller sees ENOMEM and retries the truncate 875 * operation. 876 * 877 * And we update in-core i_size and truncate page cache beyond newsize 878 * before writeback the [i_disk_size, newsize] range, so we're 879 * guaranteed not to write stale data past the new EOF on truncate down. 880 */ 881 truncate_setsize(inode, newsize); 882 883 /* 884 * We are going to log the inode size change in this transaction so 885 * any previous writes that are beyond the on disk EOF and the new 886 * EOF that have not been written out need to be written here. If we 887 * do not write the data out, we expose ourselves to the null files 888 * problem. Note that this includes any block zeroing we did above; 889 * otherwise those blocks may not be zeroed after a crash. 890 */ 891 if (did_zeroing || 892 (newsize > ip->i_disk_size && oldsize != ip->i_disk_size)) { 893 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 894 ip->i_disk_size, newsize - 1); 895 if (error) 896 return error; 897 } 898 899 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 900 if (error) 901 return error; 902 903 lock_flags |= XFS_ILOCK_EXCL; 904 xfs_ilock(ip, XFS_ILOCK_EXCL); 905 xfs_trans_ijoin(tp, ip, 0); 906 907 /* 908 * Only change the c/mtime if we are changing the size or we are 909 * explicitly asked to change it. This handles the semantic difference 910 * between truncate() and ftruncate() as implemented in the VFS. 911 * 912 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 913 * special case where we need to update the times despite not having 914 * these flags set. For all other operations the VFS set these flags 915 * explicitly if it wants a timestamp update. 916 */ 917 if (newsize != oldsize && 918 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 919 iattr->ia_ctime = iattr->ia_mtime = 920 current_time(inode); 921 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 922 } 923 924 /* 925 * The first thing we do is set the size to new_size permanently on 926 * disk. This way we don't have to worry about anyone ever being able 927 * to look at the data being freed even in the face of a crash. 928 * What we're getting around here is the case where we free a block, it 929 * is allocated to another file, it is written to, and then we crash. 930 * If the new data gets written to the file but the log buffers 931 * containing the free and reallocation don't, then we'd end up with 932 * garbage in the blocks being freed. As long as we make the new size 933 * permanent before actually freeing any blocks it doesn't matter if 934 * they get written to. 935 */ 936 ip->i_disk_size = newsize; 937 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 938 939 if (newsize <= oldsize) { 940 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 941 if (error) 942 goto out_trans_cancel; 943 944 /* 945 * Truncated "down", so we're removing references to old data 946 * here - if we delay flushing for a long time, we expose 947 * ourselves unduly to the notorious NULL files problem. So, 948 * we mark this inode and flush it when the file is closed, 949 * and do not wait the usual (long) time for writeout. 950 */ 951 xfs_iflags_set(ip, XFS_ITRUNCATED); 952 953 /* A truncate down always removes post-EOF blocks. */ 954 xfs_inode_clear_eofblocks_tag(ip); 955 } 956 957 ASSERT(!(iattr->ia_valid & (ATTR_UID | ATTR_GID))); 958 setattr_copy(idmap, inode, iattr); 959 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 960 961 XFS_STATS_INC(mp, xs_ig_attrchg); 962 963 if (xfs_has_wsync(mp)) 964 xfs_trans_set_sync(tp); 965 966 error = xfs_trans_commit(tp); 967 out_unlock: 968 if (lock_flags) 969 xfs_iunlock(ip, lock_flags); 970 return error; 971 972 out_trans_cancel: 973 xfs_trans_cancel(tp); 974 goto out_unlock; 975 } 976 977 int 978 xfs_vn_setattr_size( 979 struct mnt_idmap *idmap, 980 struct dentry *dentry, 981 struct iattr *iattr) 982 { 983 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 984 int error; 985 986 trace_xfs_setattr(ip); 987 988 error = xfs_vn_change_ok(idmap, dentry, iattr); 989 if (error) 990 return error; 991 return xfs_setattr_size(idmap, dentry, ip, iattr); 992 } 993 994 STATIC int 995 xfs_vn_setattr( 996 struct mnt_idmap *idmap, 997 struct dentry *dentry, 998 struct iattr *iattr) 999 { 1000 struct inode *inode = d_inode(dentry); 1001 struct xfs_inode *ip = XFS_I(inode); 1002 int error; 1003 1004 if (iattr->ia_valid & ATTR_SIZE) { 1005 uint iolock; 1006 1007 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1008 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1009 1010 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1011 if (error) { 1012 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1013 return error; 1014 } 1015 1016 error = xfs_vn_setattr_size(idmap, dentry, iattr); 1017 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1018 } else { 1019 trace_xfs_setattr(ip); 1020 1021 error = xfs_vn_change_ok(idmap, dentry, iattr); 1022 if (!error) 1023 error = xfs_setattr_nonsize(idmap, dentry, ip, iattr); 1024 } 1025 1026 return error; 1027 } 1028 1029 STATIC int 1030 xfs_vn_update_time( 1031 struct inode *inode, 1032 int flags) 1033 { 1034 struct xfs_inode *ip = XFS_I(inode); 1035 struct xfs_mount *mp = ip->i_mount; 1036 int log_flags = XFS_ILOG_TIMESTAMP; 1037 struct xfs_trans *tp; 1038 int error; 1039 struct timespec64 now; 1040 1041 trace_xfs_update_time(ip); 1042 1043 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1044 if (!((flags & S_VERSION) && 1045 inode_maybe_inc_iversion(inode, false))) { 1046 generic_update_time(inode, flags); 1047 return 0; 1048 } 1049 1050 /* Capture the iversion update that just occurred */ 1051 log_flags |= XFS_ILOG_CORE; 1052 } 1053 1054 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1055 if (error) 1056 return error; 1057 1058 xfs_ilock(ip, XFS_ILOCK_EXCL); 1059 if (flags & (S_CTIME|S_MTIME)) 1060 now = inode_set_ctime_current(inode); 1061 else 1062 now = current_time(inode); 1063 1064 if (flags & S_MTIME) 1065 inode->i_mtime = now; 1066 if (flags & S_ATIME) 1067 inode->i_atime = now; 1068 1069 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1070 xfs_trans_log_inode(tp, ip, log_flags); 1071 return xfs_trans_commit(tp); 1072 } 1073 1074 STATIC int 1075 xfs_vn_fiemap( 1076 struct inode *inode, 1077 struct fiemap_extent_info *fieinfo, 1078 u64 start, 1079 u64 length) 1080 { 1081 int error; 1082 1083 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1084 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1085 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1086 error = iomap_fiemap(inode, fieinfo, start, length, 1087 &xfs_xattr_iomap_ops); 1088 } else { 1089 error = iomap_fiemap(inode, fieinfo, start, length, 1090 &xfs_read_iomap_ops); 1091 } 1092 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1093 1094 return error; 1095 } 1096 1097 STATIC int 1098 xfs_vn_tmpfile( 1099 struct mnt_idmap *idmap, 1100 struct inode *dir, 1101 struct file *file, 1102 umode_t mode) 1103 { 1104 int err = xfs_generic_create(idmap, dir, file->f_path.dentry, mode, 0, file); 1105 1106 return finish_open_simple(file, err); 1107 } 1108 1109 static const struct inode_operations xfs_inode_operations = { 1110 .get_inode_acl = xfs_get_acl, 1111 .set_acl = xfs_set_acl, 1112 .getattr = xfs_vn_getattr, 1113 .setattr = xfs_vn_setattr, 1114 .listxattr = xfs_vn_listxattr, 1115 .fiemap = xfs_vn_fiemap, 1116 .update_time = xfs_vn_update_time, 1117 .fileattr_get = xfs_fileattr_get, 1118 .fileattr_set = xfs_fileattr_set, 1119 }; 1120 1121 static const struct inode_operations xfs_dir_inode_operations = { 1122 .create = xfs_vn_create, 1123 .lookup = xfs_vn_lookup, 1124 .link = xfs_vn_link, 1125 .unlink = xfs_vn_unlink, 1126 .symlink = xfs_vn_symlink, 1127 .mkdir = xfs_vn_mkdir, 1128 /* 1129 * Yes, XFS uses the same method for rmdir and unlink. 1130 * 1131 * There are some subtile differences deeper in the code, 1132 * but we use S_ISDIR to check for those. 1133 */ 1134 .rmdir = xfs_vn_unlink, 1135 .mknod = xfs_vn_mknod, 1136 .rename = xfs_vn_rename, 1137 .get_inode_acl = xfs_get_acl, 1138 .set_acl = xfs_set_acl, 1139 .getattr = xfs_vn_getattr, 1140 .setattr = xfs_vn_setattr, 1141 .listxattr = xfs_vn_listxattr, 1142 .update_time = xfs_vn_update_time, 1143 .tmpfile = xfs_vn_tmpfile, 1144 .fileattr_get = xfs_fileattr_get, 1145 .fileattr_set = xfs_fileattr_set, 1146 }; 1147 1148 static const struct inode_operations xfs_dir_ci_inode_operations = { 1149 .create = xfs_vn_create, 1150 .lookup = xfs_vn_ci_lookup, 1151 .link = xfs_vn_link, 1152 .unlink = xfs_vn_unlink, 1153 .symlink = xfs_vn_symlink, 1154 .mkdir = xfs_vn_mkdir, 1155 /* 1156 * Yes, XFS uses the same method for rmdir and unlink. 1157 * 1158 * There are some subtile differences deeper in the code, 1159 * but we use S_ISDIR to check for those. 1160 */ 1161 .rmdir = xfs_vn_unlink, 1162 .mknod = xfs_vn_mknod, 1163 .rename = xfs_vn_rename, 1164 .get_inode_acl = xfs_get_acl, 1165 .set_acl = xfs_set_acl, 1166 .getattr = xfs_vn_getattr, 1167 .setattr = xfs_vn_setattr, 1168 .listxattr = xfs_vn_listxattr, 1169 .update_time = xfs_vn_update_time, 1170 .tmpfile = xfs_vn_tmpfile, 1171 .fileattr_get = xfs_fileattr_get, 1172 .fileattr_set = xfs_fileattr_set, 1173 }; 1174 1175 static const struct inode_operations xfs_symlink_inode_operations = { 1176 .get_link = xfs_vn_get_link, 1177 .getattr = xfs_vn_getattr, 1178 .setattr = xfs_vn_setattr, 1179 .listxattr = xfs_vn_listxattr, 1180 .update_time = xfs_vn_update_time, 1181 }; 1182 1183 /* Figure out if this file actually supports DAX. */ 1184 static bool 1185 xfs_inode_supports_dax( 1186 struct xfs_inode *ip) 1187 { 1188 struct xfs_mount *mp = ip->i_mount; 1189 1190 /* Only supported on regular files. */ 1191 if (!S_ISREG(VFS_I(ip)->i_mode)) 1192 return false; 1193 1194 /* Block size must match page size */ 1195 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1196 return false; 1197 1198 /* Device has to support DAX too. */ 1199 return xfs_inode_buftarg(ip)->bt_daxdev != NULL; 1200 } 1201 1202 static bool 1203 xfs_inode_should_enable_dax( 1204 struct xfs_inode *ip) 1205 { 1206 if (!IS_ENABLED(CONFIG_FS_DAX)) 1207 return false; 1208 if (xfs_has_dax_never(ip->i_mount)) 1209 return false; 1210 if (!xfs_inode_supports_dax(ip)) 1211 return false; 1212 if (xfs_has_dax_always(ip->i_mount)) 1213 return true; 1214 if (ip->i_diflags2 & XFS_DIFLAG2_DAX) 1215 return true; 1216 return false; 1217 } 1218 1219 void 1220 xfs_diflags_to_iflags( 1221 struct xfs_inode *ip, 1222 bool init) 1223 { 1224 struct inode *inode = VFS_I(ip); 1225 unsigned int xflags = xfs_ip2xflags(ip); 1226 unsigned int flags = 0; 1227 1228 ASSERT(!(IS_DAX(inode) && init)); 1229 1230 if (xflags & FS_XFLAG_IMMUTABLE) 1231 flags |= S_IMMUTABLE; 1232 if (xflags & FS_XFLAG_APPEND) 1233 flags |= S_APPEND; 1234 if (xflags & FS_XFLAG_SYNC) 1235 flags |= S_SYNC; 1236 if (xflags & FS_XFLAG_NOATIME) 1237 flags |= S_NOATIME; 1238 if (init && xfs_inode_should_enable_dax(ip)) 1239 flags |= S_DAX; 1240 1241 /* 1242 * S_DAX can only be set during inode initialization and is never set by 1243 * the VFS, so we cannot mask off S_DAX in i_flags. 1244 */ 1245 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME); 1246 inode->i_flags |= flags; 1247 } 1248 1249 /* 1250 * Initialize the Linux inode. 1251 * 1252 * When reading existing inodes from disk this is called directly from xfs_iget, 1253 * when creating a new inode it is called from xfs_init_new_inode after setting 1254 * up the inode. These callers have different criteria for clearing XFS_INEW, so 1255 * leave it up to the caller to deal with unlocking the inode appropriately. 1256 */ 1257 void 1258 xfs_setup_inode( 1259 struct xfs_inode *ip) 1260 { 1261 struct inode *inode = &ip->i_vnode; 1262 gfp_t gfp_mask; 1263 1264 inode->i_ino = ip->i_ino; 1265 inode->i_state |= I_NEW; 1266 1267 inode_sb_list_add(inode); 1268 /* make the inode look hashed for the writeback code */ 1269 inode_fake_hash(inode); 1270 1271 i_size_write(inode, ip->i_disk_size); 1272 xfs_diflags_to_iflags(ip, true); 1273 1274 if (S_ISDIR(inode->i_mode)) { 1275 /* 1276 * We set the i_rwsem class here to avoid potential races with 1277 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1278 * after a filehandle lookup has already found the inode in 1279 * cache before it has been unlocked via unlock_new_inode(). 1280 */ 1281 lockdep_set_class(&inode->i_rwsem, 1282 &inode->i_sb->s_type->i_mutex_dir_key); 1283 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class); 1284 } else { 1285 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class); 1286 } 1287 1288 /* 1289 * Ensure all page cache allocations are done from GFP_NOFS context to 1290 * prevent direct reclaim recursion back into the filesystem and blowing 1291 * stacks or deadlocking. 1292 */ 1293 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1294 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1295 1296 /* 1297 * If there is no attribute fork no ACL can exist on this inode, 1298 * and it can't have any file capabilities attached to it either. 1299 */ 1300 if (!xfs_inode_has_attr_fork(ip)) { 1301 inode_has_no_xattr(inode); 1302 cache_no_acl(inode); 1303 } 1304 } 1305 1306 void 1307 xfs_setup_iops( 1308 struct xfs_inode *ip) 1309 { 1310 struct inode *inode = &ip->i_vnode; 1311 1312 switch (inode->i_mode & S_IFMT) { 1313 case S_IFREG: 1314 inode->i_op = &xfs_inode_operations; 1315 inode->i_fop = &xfs_file_operations; 1316 if (IS_DAX(inode)) 1317 inode->i_mapping->a_ops = &xfs_dax_aops; 1318 else 1319 inode->i_mapping->a_ops = &xfs_address_space_operations; 1320 break; 1321 case S_IFDIR: 1322 if (xfs_has_asciici(XFS_M(inode->i_sb))) 1323 inode->i_op = &xfs_dir_ci_inode_operations; 1324 else 1325 inode->i_op = &xfs_dir_inode_operations; 1326 inode->i_fop = &xfs_dir_file_operations; 1327 break; 1328 case S_IFLNK: 1329 inode->i_op = &xfs_symlink_inode_operations; 1330 break; 1331 default: 1332 inode->i_op = &xfs_inode_operations; 1333 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1334 break; 1335 } 1336 } 1337