1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_inode.h" 14 #include "xfs_acl.h" 15 #include "xfs_quota.h" 16 #include "xfs_da_format.h" 17 #include "xfs_da_btree.h" 18 #include "xfs_attr.h" 19 #include "xfs_trans.h" 20 #include "xfs_trans_space.h" 21 #include "xfs_bmap_btree.h" 22 #include "xfs_trace.h" 23 #include "xfs_icache.h" 24 #include "xfs_symlink.h" 25 #include "xfs_dir2.h" 26 #include "xfs_iomap.h" 27 #include "xfs_error.h" 28 #include "xfs_ioctl.h" 29 #include "xfs_xattr.h" 30 #include "xfs_file.h" 31 32 #include <linux/posix_acl.h> 33 #include <linux/security.h> 34 #include <linux/iversion.h> 35 #include <linux/fiemap.h> 36 37 /* 38 * Directories have different lock order w.r.t. mmap_lock compared to regular 39 * files. This is due to readdir potentially triggering page faults on a user 40 * buffer inside filldir(), and this happens with the ilock on the directory 41 * held. For regular files, the lock order is the other way around - the 42 * mmap_lock is taken during the page fault, and then we lock the ilock to do 43 * block mapping. Hence we need a different class for the directory ilock so 44 * that lockdep can tell them apart. 45 */ 46 static struct lock_class_key xfs_nondir_ilock_class; 47 static struct lock_class_key xfs_dir_ilock_class; 48 49 static int 50 xfs_initxattrs( 51 struct inode *inode, 52 const struct xattr *xattr_array, 53 void *fs_info) 54 { 55 const struct xattr *xattr; 56 struct xfs_inode *ip = XFS_I(inode); 57 int error = 0; 58 59 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 60 struct xfs_da_args args = { 61 .dp = ip, 62 .attr_filter = XFS_ATTR_SECURE, 63 .name = xattr->name, 64 .namelen = strlen(xattr->name), 65 .value = xattr->value, 66 .valuelen = xattr->value_len, 67 }; 68 error = xfs_attr_change(&args, XFS_ATTRUPDATE_UPSERT); 69 if (error < 0) 70 break; 71 } 72 return error; 73 } 74 75 /* 76 * Hook in SELinux. This is not quite correct yet, what we really need 77 * here (as we do for default ACLs) is a mechanism by which creation of 78 * these attrs can be journalled at inode creation time (along with the 79 * inode, of course, such that log replay can't cause these to be lost). 80 */ 81 int 82 xfs_inode_init_security( 83 struct inode *inode, 84 struct inode *dir, 85 const struct qstr *qstr) 86 { 87 return security_inode_init_security(inode, dir, qstr, 88 &xfs_initxattrs, NULL); 89 } 90 91 static void 92 xfs_dentry_to_name( 93 struct xfs_name *namep, 94 struct dentry *dentry) 95 { 96 namep->name = dentry->d_name.name; 97 namep->len = dentry->d_name.len; 98 namep->type = XFS_DIR3_FT_UNKNOWN; 99 } 100 101 static int 102 xfs_dentry_mode_to_name( 103 struct xfs_name *namep, 104 struct dentry *dentry, 105 int mode) 106 { 107 namep->name = dentry->d_name.name; 108 namep->len = dentry->d_name.len; 109 namep->type = xfs_mode_to_ftype(mode); 110 111 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 112 return -EFSCORRUPTED; 113 114 return 0; 115 } 116 117 STATIC void 118 xfs_cleanup_inode( 119 struct inode *dir, 120 struct inode *inode, 121 struct dentry *dentry) 122 { 123 struct xfs_name teardown; 124 125 /* Oh, the horror. 126 * If we can't add the ACL or we fail in 127 * xfs_inode_init_security we must back out. 128 * ENOSPC can hit here, among other things. 129 */ 130 xfs_dentry_to_name(&teardown, dentry); 131 132 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 133 } 134 135 /* 136 * Check to see if we are likely to need an extended attribute to be added to 137 * the inode we are about to allocate. This allows the attribute fork to be 138 * created during the inode allocation, reducing the number of transactions we 139 * need to do in this fast path. 140 * 141 * The security checks are optimistic, but not guaranteed. The two LSMs that 142 * require xattrs to be added here (selinux and smack) are also the only two 143 * LSMs that add a sb->s_security structure to the superblock. Hence if security 144 * is enabled and sb->s_security is set, we have a pretty good idea that we are 145 * going to be asked to add a security xattr immediately after allocating the 146 * xfs inode and instantiating the VFS inode. 147 */ 148 static inline bool 149 xfs_create_need_xattr( 150 struct inode *dir, 151 struct posix_acl *default_acl, 152 struct posix_acl *acl) 153 { 154 if (acl) 155 return true; 156 if (default_acl) 157 return true; 158 #if IS_ENABLED(CONFIG_SECURITY) 159 if (dir->i_sb->s_security) 160 return true; 161 #endif 162 if (xfs_has_parent(XFS_I(dir)->i_mount)) 163 return true; 164 return false; 165 } 166 167 168 STATIC int 169 xfs_generic_create( 170 struct mnt_idmap *idmap, 171 struct inode *dir, 172 struct dentry *dentry, 173 umode_t mode, 174 dev_t rdev, 175 struct file *tmpfile) /* unnamed file */ 176 { 177 struct inode *inode; 178 struct xfs_inode *ip = NULL; 179 struct posix_acl *default_acl, *acl; 180 struct xfs_name name; 181 int error; 182 183 /* 184 * Irix uses Missed'em'V split, but doesn't want to see 185 * the upper 5 bits of (14bit) major. 186 */ 187 if (S_ISCHR(mode) || S_ISBLK(mode)) { 188 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 189 return -EINVAL; 190 } else { 191 rdev = 0; 192 } 193 194 error = posix_acl_create(dir, &mode, &default_acl, &acl); 195 if (error) 196 return error; 197 198 /* Verify mode is valid also for tmpfile case */ 199 error = xfs_dentry_mode_to_name(&name, dentry, mode); 200 if (unlikely(error)) 201 goto out_free_acl; 202 203 if (!tmpfile) { 204 error = xfs_create(idmap, XFS_I(dir), &name, mode, rdev, 205 xfs_create_need_xattr(dir, default_acl, acl), 206 &ip); 207 } else { 208 bool init_xattrs = false; 209 210 /* 211 * If this temporary file will be linkable, set up the file 212 * with an attr fork to receive a parent pointer. 213 */ 214 if (!(tmpfile->f_flags & O_EXCL) && 215 xfs_has_parent(XFS_I(dir)->i_mount)) 216 init_xattrs = true; 217 218 error = xfs_create_tmpfile(idmap, XFS_I(dir), mode, 219 init_xattrs, &ip); 220 } 221 if (unlikely(error)) 222 goto out_free_acl; 223 224 inode = VFS_I(ip); 225 226 error = xfs_inode_init_security(inode, dir, &dentry->d_name); 227 if (unlikely(error)) 228 goto out_cleanup_inode; 229 230 if (default_acl) { 231 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 232 if (error) 233 goto out_cleanup_inode; 234 } 235 if (acl) { 236 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 237 if (error) 238 goto out_cleanup_inode; 239 } 240 241 xfs_setup_iops(ip); 242 243 if (tmpfile) { 244 /* 245 * The VFS requires that any inode fed to d_tmpfile must have 246 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 247 * However, we created the temp file with nlink == 0 because 248 * we're not allowed to put an inode with nlink > 0 on the 249 * unlinked list. Therefore we have to set nlink to 1 so that 250 * d_tmpfile can immediately set it back to zero. 251 */ 252 set_nlink(inode, 1); 253 d_tmpfile(tmpfile, inode); 254 } else 255 d_instantiate(dentry, inode); 256 257 xfs_finish_inode_setup(ip); 258 259 out_free_acl: 260 posix_acl_release(default_acl); 261 posix_acl_release(acl); 262 return error; 263 264 out_cleanup_inode: 265 xfs_finish_inode_setup(ip); 266 if (!tmpfile) 267 xfs_cleanup_inode(dir, inode, dentry); 268 xfs_irele(ip); 269 goto out_free_acl; 270 } 271 272 STATIC int 273 xfs_vn_mknod( 274 struct mnt_idmap *idmap, 275 struct inode *dir, 276 struct dentry *dentry, 277 umode_t mode, 278 dev_t rdev) 279 { 280 return xfs_generic_create(idmap, dir, dentry, mode, rdev, NULL); 281 } 282 283 STATIC int 284 xfs_vn_create( 285 struct mnt_idmap *idmap, 286 struct inode *dir, 287 struct dentry *dentry, 288 umode_t mode, 289 bool flags) 290 { 291 return xfs_generic_create(idmap, dir, dentry, mode, 0, NULL); 292 } 293 294 STATIC int 295 xfs_vn_mkdir( 296 struct mnt_idmap *idmap, 297 struct inode *dir, 298 struct dentry *dentry, 299 umode_t mode) 300 { 301 return xfs_generic_create(idmap, dir, dentry, mode | S_IFDIR, 0, NULL); 302 } 303 304 STATIC struct dentry * 305 xfs_vn_lookup( 306 struct inode *dir, 307 struct dentry *dentry, 308 unsigned int flags) 309 { 310 struct inode *inode; 311 struct xfs_inode *cip; 312 struct xfs_name name; 313 int error; 314 315 if (dentry->d_name.len >= MAXNAMELEN) 316 return ERR_PTR(-ENAMETOOLONG); 317 318 xfs_dentry_to_name(&name, dentry); 319 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 320 if (likely(!error)) 321 inode = VFS_I(cip); 322 else if (likely(error == -ENOENT)) 323 inode = NULL; 324 else 325 inode = ERR_PTR(error); 326 return d_splice_alias(inode, dentry); 327 } 328 329 STATIC struct dentry * 330 xfs_vn_ci_lookup( 331 struct inode *dir, 332 struct dentry *dentry, 333 unsigned int flags) 334 { 335 struct xfs_inode *ip; 336 struct xfs_name xname; 337 struct xfs_name ci_name; 338 struct qstr dname; 339 int error; 340 341 if (dentry->d_name.len >= MAXNAMELEN) 342 return ERR_PTR(-ENAMETOOLONG); 343 344 xfs_dentry_to_name(&xname, dentry); 345 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 346 if (unlikely(error)) { 347 if (unlikely(error != -ENOENT)) 348 return ERR_PTR(error); 349 /* 350 * call d_add(dentry, NULL) here when d_drop_negative_children 351 * is called in xfs_vn_mknod (ie. allow negative dentries 352 * with CI filesystems). 353 */ 354 return NULL; 355 } 356 357 /* if exact match, just splice and exit */ 358 if (!ci_name.name) 359 return d_splice_alias(VFS_I(ip), dentry); 360 361 /* else case-insensitive match... */ 362 dname.name = ci_name.name; 363 dname.len = ci_name.len; 364 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 365 kfree(ci_name.name); 366 return dentry; 367 } 368 369 STATIC int 370 xfs_vn_link( 371 struct dentry *old_dentry, 372 struct inode *dir, 373 struct dentry *dentry) 374 { 375 struct inode *inode = d_inode(old_dentry); 376 struct xfs_name name; 377 int error; 378 379 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 380 if (unlikely(error)) 381 return error; 382 383 if (IS_PRIVATE(inode)) 384 return -EPERM; 385 386 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 387 if (unlikely(error)) 388 return error; 389 390 ihold(inode); 391 d_instantiate(dentry, inode); 392 return 0; 393 } 394 395 STATIC int 396 xfs_vn_unlink( 397 struct inode *dir, 398 struct dentry *dentry) 399 { 400 struct xfs_name name; 401 int error; 402 403 xfs_dentry_to_name(&name, dentry); 404 405 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 406 if (error) 407 return error; 408 409 /* 410 * With unlink, the VFS makes the dentry "negative": no inode, 411 * but still hashed. This is incompatible with case-insensitive 412 * mode, so invalidate (unhash) the dentry in CI-mode. 413 */ 414 if (xfs_has_asciici(XFS_M(dir->i_sb))) 415 d_invalidate(dentry); 416 return 0; 417 } 418 419 STATIC int 420 xfs_vn_symlink( 421 struct mnt_idmap *idmap, 422 struct inode *dir, 423 struct dentry *dentry, 424 const char *symname) 425 { 426 struct inode *inode; 427 struct xfs_inode *cip = NULL; 428 struct xfs_name name; 429 int error; 430 umode_t mode; 431 432 mode = S_IFLNK | 433 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 434 error = xfs_dentry_mode_to_name(&name, dentry, mode); 435 if (unlikely(error)) 436 goto out; 437 438 error = xfs_symlink(idmap, XFS_I(dir), &name, symname, mode, &cip); 439 if (unlikely(error)) 440 goto out; 441 442 inode = VFS_I(cip); 443 444 error = xfs_inode_init_security(inode, dir, &dentry->d_name); 445 if (unlikely(error)) 446 goto out_cleanup_inode; 447 448 xfs_setup_iops(cip); 449 450 d_instantiate(dentry, inode); 451 xfs_finish_inode_setup(cip); 452 return 0; 453 454 out_cleanup_inode: 455 xfs_finish_inode_setup(cip); 456 xfs_cleanup_inode(dir, inode, dentry); 457 xfs_irele(cip); 458 out: 459 return error; 460 } 461 462 STATIC int 463 xfs_vn_rename( 464 struct mnt_idmap *idmap, 465 struct inode *odir, 466 struct dentry *odentry, 467 struct inode *ndir, 468 struct dentry *ndentry, 469 unsigned int flags) 470 { 471 struct inode *new_inode = d_inode(ndentry); 472 int omode = 0; 473 int error; 474 struct xfs_name oname; 475 struct xfs_name nname; 476 477 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 478 return -EINVAL; 479 480 /* if we are exchanging files, we need to set i_mode of both files */ 481 if (flags & RENAME_EXCHANGE) 482 omode = d_inode(ndentry)->i_mode; 483 484 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 485 if (omode && unlikely(error)) 486 return error; 487 488 error = xfs_dentry_mode_to_name(&nname, ndentry, 489 d_inode(odentry)->i_mode); 490 if (unlikely(error)) 491 return error; 492 493 return xfs_rename(idmap, XFS_I(odir), &oname, 494 XFS_I(d_inode(odentry)), XFS_I(ndir), &nname, 495 new_inode ? XFS_I(new_inode) : NULL, flags); 496 } 497 498 /* 499 * careful here - this function can get called recursively, so 500 * we need to be very careful about how much stack we use. 501 * uio is kmalloced for this reason... 502 */ 503 STATIC const char * 504 xfs_vn_get_link( 505 struct dentry *dentry, 506 struct inode *inode, 507 struct delayed_call *done) 508 { 509 char *link; 510 int error = -ENOMEM; 511 512 if (!dentry) 513 return ERR_PTR(-ECHILD); 514 515 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 516 if (!link) 517 goto out_err; 518 519 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 520 if (unlikely(error)) 521 goto out_kfree; 522 523 set_delayed_call(done, kfree_link, link); 524 return link; 525 526 out_kfree: 527 kfree(link); 528 out_err: 529 return ERR_PTR(error); 530 } 531 532 static uint32_t 533 xfs_stat_blksize( 534 struct xfs_inode *ip) 535 { 536 struct xfs_mount *mp = ip->i_mount; 537 538 /* 539 * If the file blocks are being allocated from a realtime volume, then 540 * always return the realtime extent size. 541 */ 542 if (XFS_IS_REALTIME_INODE(ip)) 543 return XFS_FSB_TO_B(mp, xfs_get_extsz_hint(ip) ? : 1); 544 545 /* 546 * Allow large block sizes to be reported to userspace programs if the 547 * "largeio" mount option is used. 548 * 549 * If compatibility mode is specified, simply return the basic unit of 550 * caching so that we don't get inefficient read/modify/write I/O from 551 * user apps. Otherwise.... 552 * 553 * If the underlying volume is a stripe, then return the stripe width in 554 * bytes as the recommended I/O size. It is not a stripe and we've set a 555 * default buffered I/O size, return that, otherwise return the compat 556 * default. 557 */ 558 if (xfs_has_large_iosize(mp)) { 559 if (mp->m_swidth) 560 return XFS_FSB_TO_B(mp, mp->m_swidth); 561 if (xfs_has_allocsize(mp)) 562 return 1U << mp->m_allocsize_log; 563 } 564 565 return PAGE_SIZE; 566 } 567 568 STATIC int 569 xfs_vn_getattr( 570 struct mnt_idmap *idmap, 571 const struct path *path, 572 struct kstat *stat, 573 u32 request_mask, 574 unsigned int query_flags) 575 { 576 struct inode *inode = d_inode(path->dentry); 577 struct xfs_inode *ip = XFS_I(inode); 578 struct xfs_mount *mp = ip->i_mount; 579 vfsuid_t vfsuid = i_uid_into_vfsuid(idmap, inode); 580 vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode); 581 582 trace_xfs_getattr(ip); 583 584 if (xfs_is_shutdown(mp)) 585 return -EIO; 586 587 stat->size = XFS_ISIZE(ip); 588 stat->dev = inode->i_sb->s_dev; 589 stat->mode = inode->i_mode; 590 stat->nlink = inode->i_nlink; 591 stat->uid = vfsuid_into_kuid(vfsuid); 592 stat->gid = vfsgid_into_kgid(vfsgid); 593 stat->ino = ip->i_ino; 594 stat->atime = inode_get_atime(inode); 595 stat->mtime = inode_get_mtime(inode); 596 stat->ctime = inode_get_ctime(inode); 597 stat->blocks = XFS_FSB_TO_BB(mp, ip->i_nblocks + ip->i_delayed_blks); 598 599 if (xfs_has_v3inodes(mp)) { 600 if (request_mask & STATX_BTIME) { 601 stat->result_mask |= STATX_BTIME; 602 stat->btime = ip->i_crtime; 603 } 604 } 605 606 if ((request_mask & STATX_CHANGE_COOKIE) && IS_I_VERSION(inode)) { 607 stat->change_cookie = inode_query_iversion(inode); 608 stat->result_mask |= STATX_CHANGE_COOKIE; 609 } 610 611 /* 612 * Note: If you add another clause to set an attribute flag, please 613 * update attributes_mask below. 614 */ 615 if (ip->i_diflags & XFS_DIFLAG_IMMUTABLE) 616 stat->attributes |= STATX_ATTR_IMMUTABLE; 617 if (ip->i_diflags & XFS_DIFLAG_APPEND) 618 stat->attributes |= STATX_ATTR_APPEND; 619 if (ip->i_diflags & XFS_DIFLAG_NODUMP) 620 stat->attributes |= STATX_ATTR_NODUMP; 621 622 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 623 STATX_ATTR_APPEND | 624 STATX_ATTR_NODUMP); 625 626 switch (inode->i_mode & S_IFMT) { 627 case S_IFBLK: 628 case S_IFCHR: 629 stat->blksize = BLKDEV_IOSIZE; 630 stat->rdev = inode->i_rdev; 631 break; 632 case S_IFREG: 633 if (request_mask & STATX_DIOALIGN) { 634 struct xfs_buftarg *target = xfs_inode_buftarg(ip); 635 struct block_device *bdev = target->bt_bdev; 636 637 stat->result_mask |= STATX_DIOALIGN; 638 stat->dio_mem_align = bdev_dma_alignment(bdev) + 1; 639 stat->dio_offset_align = bdev_logical_block_size(bdev); 640 } 641 fallthrough; 642 default: 643 stat->blksize = xfs_stat_blksize(ip); 644 stat->rdev = 0; 645 break; 646 } 647 648 return 0; 649 } 650 651 static int 652 xfs_vn_change_ok( 653 struct mnt_idmap *idmap, 654 struct dentry *dentry, 655 struct iattr *iattr) 656 { 657 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 658 659 if (xfs_is_readonly(mp)) 660 return -EROFS; 661 662 if (xfs_is_shutdown(mp)) 663 return -EIO; 664 665 return setattr_prepare(idmap, dentry, iattr); 666 } 667 668 /* 669 * Set non-size attributes of an inode. 670 * 671 * Caution: The caller of this function is responsible for calling 672 * setattr_prepare() or otherwise verifying the change is fine. 673 */ 674 static int 675 xfs_setattr_nonsize( 676 struct mnt_idmap *idmap, 677 struct dentry *dentry, 678 struct xfs_inode *ip, 679 struct iattr *iattr) 680 { 681 xfs_mount_t *mp = ip->i_mount; 682 struct inode *inode = VFS_I(ip); 683 int mask = iattr->ia_valid; 684 xfs_trans_t *tp; 685 int error; 686 kuid_t uid = GLOBAL_ROOT_UID; 687 kgid_t gid = GLOBAL_ROOT_GID; 688 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 689 struct xfs_dquot *old_udqp = NULL, *old_gdqp = NULL; 690 691 ASSERT((mask & ATTR_SIZE) == 0); 692 693 /* 694 * If disk quotas is on, we make sure that the dquots do exist on disk, 695 * before we start any other transactions. Trying to do this later 696 * is messy. We don't care to take a readlock to look at the ids 697 * in inode here, because we can't hold it across the trans_reserve. 698 * If the IDs do change before we take the ilock, we're covered 699 * because the i_*dquot fields will get updated anyway. 700 */ 701 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 702 uint qflags = 0; 703 704 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 705 uid = from_vfsuid(idmap, i_user_ns(inode), 706 iattr->ia_vfsuid); 707 qflags |= XFS_QMOPT_UQUOTA; 708 } else { 709 uid = inode->i_uid; 710 } 711 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 712 gid = from_vfsgid(idmap, i_user_ns(inode), 713 iattr->ia_vfsgid); 714 qflags |= XFS_QMOPT_GQUOTA; 715 } else { 716 gid = inode->i_gid; 717 } 718 719 /* 720 * We take a reference when we initialize udqp and gdqp, 721 * so it is important that we never blindly double trip on 722 * the same variable. See xfs_create() for an example. 723 */ 724 ASSERT(udqp == NULL); 725 ASSERT(gdqp == NULL); 726 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_projid, 727 qflags, &udqp, &gdqp, NULL); 728 if (error) 729 return error; 730 } 731 732 error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL, 733 has_capability_noaudit(current, CAP_FOWNER), &tp); 734 if (error) 735 goto out_dqrele; 736 737 /* 738 * Register quota modifications in the transaction. Must be the owner 739 * or privileged. These IDs could have changed since we last looked at 740 * them. But, we're assured that if the ownership did change while we 741 * didn't have the inode locked, inode's dquot(s) would have changed 742 * also. 743 */ 744 if (XFS_IS_UQUOTA_ON(mp) && 745 i_uid_needs_update(idmap, iattr, inode)) { 746 ASSERT(udqp); 747 old_udqp = xfs_qm_vop_chown(tp, ip, &ip->i_udquot, udqp); 748 } 749 if (XFS_IS_GQUOTA_ON(mp) && 750 i_gid_needs_update(idmap, iattr, inode)) { 751 ASSERT(xfs_has_pquotino(mp) || !XFS_IS_PQUOTA_ON(mp)); 752 ASSERT(gdqp); 753 old_gdqp = xfs_qm_vop_chown(tp, ip, &ip->i_gdquot, gdqp); 754 } 755 756 setattr_copy(idmap, inode, iattr); 757 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 758 759 XFS_STATS_INC(mp, xs_ig_attrchg); 760 761 if (xfs_has_wsync(mp)) 762 xfs_trans_set_sync(tp); 763 error = xfs_trans_commit(tp); 764 765 /* 766 * Release any dquot(s) the inode had kept before chown. 767 */ 768 xfs_qm_dqrele(old_udqp); 769 xfs_qm_dqrele(old_gdqp); 770 xfs_qm_dqrele(udqp); 771 xfs_qm_dqrele(gdqp); 772 773 if (error) 774 return error; 775 776 /* 777 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 778 * update. We could avoid this with linked transactions 779 * and passing down the transaction pointer all the way 780 * to attr_set. No previous user of the generic 781 * Posix ACL code seems to care about this issue either. 782 */ 783 if (mask & ATTR_MODE) { 784 error = posix_acl_chmod(idmap, dentry, inode->i_mode); 785 if (error) 786 return error; 787 } 788 789 return 0; 790 791 out_dqrele: 792 xfs_qm_dqrele(udqp); 793 xfs_qm_dqrele(gdqp); 794 return error; 795 } 796 797 /* 798 * Truncate file. Must have write permission and not be a directory. 799 * 800 * Caution: The caller of this function is responsible for calling 801 * setattr_prepare() or otherwise verifying the change is fine. 802 */ 803 STATIC int 804 xfs_setattr_size( 805 struct mnt_idmap *idmap, 806 struct dentry *dentry, 807 struct xfs_inode *ip, 808 struct iattr *iattr) 809 { 810 struct xfs_mount *mp = ip->i_mount; 811 struct inode *inode = VFS_I(ip); 812 xfs_off_t oldsize, newsize; 813 struct xfs_trans *tp; 814 int error; 815 uint lock_flags = 0; 816 uint resblks = 0; 817 bool did_zeroing = false; 818 819 xfs_assert_ilocked(ip, XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL); 820 ASSERT(S_ISREG(inode->i_mode)); 821 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 822 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0); 823 824 oldsize = inode->i_size; 825 newsize = iattr->ia_size; 826 827 /* 828 * Short circuit the truncate case for zero length files. 829 */ 830 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) { 831 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 832 return 0; 833 834 /* 835 * Use the regular setattr path to update the timestamps. 836 */ 837 iattr->ia_valid &= ~ATTR_SIZE; 838 return xfs_setattr_nonsize(idmap, dentry, ip, iattr); 839 } 840 841 /* 842 * Make sure that the dquots are attached to the inode. 843 */ 844 error = xfs_qm_dqattach(ip); 845 if (error) 846 return error; 847 848 /* 849 * Wait for all direct I/O to complete. 850 */ 851 inode_dio_wait(inode); 852 853 /* 854 * File data changes must be complete before we start the transaction to 855 * modify the inode. This needs to be done before joining the inode to 856 * the transaction because the inode cannot be unlocked once it is a 857 * part of the transaction. 858 * 859 * Start with zeroing any data beyond EOF that we may expose on file 860 * extension, or zeroing out the rest of the block on a downward 861 * truncate. 862 */ 863 if (newsize > oldsize) { 864 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 865 error = xfs_zero_range(ip, oldsize, newsize - oldsize, 866 &did_zeroing); 867 } else { 868 /* 869 * iomap won't detect a dirty page over an unwritten block (or a 870 * cow block over a hole) and subsequently skips zeroing the 871 * newly post-EOF portion of the page. Flush the new EOF to 872 * convert the block before the pagecache truncate. 873 */ 874 error = filemap_write_and_wait_range(inode->i_mapping, newsize, 875 newsize); 876 if (error) 877 return error; 878 error = xfs_truncate_page(ip, newsize, &did_zeroing); 879 } 880 881 if (error) 882 return error; 883 884 /* 885 * We've already locked out new page faults, so now we can safely remove 886 * pages from the page cache knowing they won't get refaulted until we 887 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 888 * complete. The truncate_setsize() call also cleans partial EOF page 889 * PTEs on extending truncates and hence ensures sub-page block size 890 * filesystems are correctly handled, too. 891 * 892 * We have to do all the page cache truncate work outside the 893 * transaction context as the "lock" order is page lock->log space 894 * reservation as defined by extent allocation in the writeback path. 895 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 896 * having already truncated the in-memory version of the file (i.e. made 897 * user visible changes). There's not much we can do about this, except 898 * to hope that the caller sees ENOMEM and retries the truncate 899 * operation. 900 * 901 * And we update in-core i_size and truncate page cache beyond newsize 902 * before writeback the [i_disk_size, newsize] range, so we're 903 * guaranteed not to write stale data past the new EOF on truncate down. 904 */ 905 truncate_setsize(inode, newsize); 906 907 /* 908 * We are going to log the inode size change in this transaction so 909 * any previous writes that are beyond the on disk EOF and the new 910 * EOF that have not been written out need to be written here. If we 911 * do not write the data out, we expose ourselves to the null files 912 * problem. Note that this includes any block zeroing we did above; 913 * otherwise those blocks may not be zeroed after a crash. 914 */ 915 if (did_zeroing || 916 (newsize > ip->i_disk_size && oldsize != ip->i_disk_size)) { 917 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 918 ip->i_disk_size, newsize - 1); 919 if (error) 920 return error; 921 } 922 923 /* 924 * For realtime inode with more than one block rtextsize, we need the 925 * block reservation for bmap btree block allocations/splits that can 926 * happen since it could split the tail written extent and convert the 927 * right beyond EOF one to unwritten. 928 */ 929 if (xfs_inode_has_bigrtalloc(ip)) 930 resblks = XFS_DIOSTRAT_SPACE_RES(mp, 0); 931 932 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, resblks, 933 0, 0, &tp); 934 if (error) 935 return error; 936 937 lock_flags |= XFS_ILOCK_EXCL; 938 xfs_ilock(ip, XFS_ILOCK_EXCL); 939 xfs_trans_ijoin(tp, ip, 0); 940 941 /* 942 * Only change the c/mtime if we are changing the size or we are 943 * explicitly asked to change it. This handles the semantic difference 944 * between truncate() and ftruncate() as implemented in the VFS. 945 * 946 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 947 * special case where we need to update the times despite not having 948 * these flags set. For all other operations the VFS set these flags 949 * explicitly if it wants a timestamp update. 950 */ 951 if (newsize != oldsize && 952 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 953 iattr->ia_ctime = iattr->ia_mtime = 954 current_time(inode); 955 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 956 } 957 958 /* 959 * The first thing we do is set the size to new_size permanently on 960 * disk. This way we don't have to worry about anyone ever being able 961 * to look at the data being freed even in the face of a crash. 962 * What we're getting around here is the case where we free a block, it 963 * is allocated to another file, it is written to, and then we crash. 964 * If the new data gets written to the file but the log buffers 965 * containing the free and reallocation don't, then we'd end up with 966 * garbage in the blocks being freed. As long as we make the new size 967 * permanent before actually freeing any blocks it doesn't matter if 968 * they get written to. 969 */ 970 ip->i_disk_size = newsize; 971 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 972 973 if (newsize <= oldsize) { 974 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 975 if (error) 976 goto out_trans_cancel; 977 978 /* 979 * Truncated "down", so we're removing references to old data 980 * here - if we delay flushing for a long time, we expose 981 * ourselves unduly to the notorious NULL files problem. So, 982 * we mark this inode and flush it when the file is closed, 983 * and do not wait the usual (long) time for writeout. 984 */ 985 xfs_iflags_set(ip, XFS_ITRUNCATED); 986 987 /* A truncate down always removes post-EOF blocks. */ 988 xfs_inode_clear_eofblocks_tag(ip); 989 } 990 991 ASSERT(!(iattr->ia_valid & (ATTR_UID | ATTR_GID))); 992 setattr_copy(idmap, inode, iattr); 993 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 994 995 XFS_STATS_INC(mp, xs_ig_attrchg); 996 997 if (xfs_has_wsync(mp)) 998 xfs_trans_set_sync(tp); 999 1000 error = xfs_trans_commit(tp); 1001 out_unlock: 1002 if (lock_flags) 1003 xfs_iunlock(ip, lock_flags); 1004 return error; 1005 1006 out_trans_cancel: 1007 xfs_trans_cancel(tp); 1008 goto out_unlock; 1009 } 1010 1011 int 1012 xfs_vn_setattr_size( 1013 struct mnt_idmap *idmap, 1014 struct dentry *dentry, 1015 struct iattr *iattr) 1016 { 1017 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 1018 int error; 1019 1020 trace_xfs_setattr(ip); 1021 1022 error = xfs_vn_change_ok(idmap, dentry, iattr); 1023 if (error) 1024 return error; 1025 return xfs_setattr_size(idmap, dentry, ip, iattr); 1026 } 1027 1028 STATIC int 1029 xfs_vn_setattr( 1030 struct mnt_idmap *idmap, 1031 struct dentry *dentry, 1032 struct iattr *iattr) 1033 { 1034 struct inode *inode = d_inode(dentry); 1035 struct xfs_inode *ip = XFS_I(inode); 1036 int error; 1037 1038 if (iattr->ia_valid & ATTR_SIZE) { 1039 uint iolock; 1040 1041 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1042 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1043 1044 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1045 if (error) { 1046 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1047 return error; 1048 } 1049 1050 error = xfs_vn_setattr_size(idmap, dentry, iattr); 1051 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1052 } else { 1053 trace_xfs_setattr(ip); 1054 1055 error = xfs_vn_change_ok(idmap, dentry, iattr); 1056 if (!error) 1057 error = xfs_setattr_nonsize(idmap, dentry, ip, iattr); 1058 } 1059 1060 return error; 1061 } 1062 1063 STATIC int 1064 xfs_vn_update_time( 1065 struct inode *inode, 1066 int flags) 1067 { 1068 struct xfs_inode *ip = XFS_I(inode); 1069 struct xfs_mount *mp = ip->i_mount; 1070 int log_flags = XFS_ILOG_TIMESTAMP; 1071 struct xfs_trans *tp; 1072 int error; 1073 struct timespec64 now; 1074 1075 trace_xfs_update_time(ip); 1076 1077 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1078 if (!((flags & S_VERSION) && 1079 inode_maybe_inc_iversion(inode, false))) { 1080 generic_update_time(inode, flags); 1081 return 0; 1082 } 1083 1084 /* Capture the iversion update that just occurred */ 1085 log_flags |= XFS_ILOG_CORE; 1086 } 1087 1088 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1089 if (error) 1090 return error; 1091 1092 xfs_ilock(ip, XFS_ILOCK_EXCL); 1093 if (flags & (S_CTIME|S_MTIME)) 1094 now = inode_set_ctime_current(inode); 1095 else 1096 now = current_time(inode); 1097 1098 if (flags & S_MTIME) 1099 inode_set_mtime_to_ts(inode, now); 1100 if (flags & S_ATIME) 1101 inode_set_atime_to_ts(inode, now); 1102 1103 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1104 xfs_trans_log_inode(tp, ip, log_flags); 1105 return xfs_trans_commit(tp); 1106 } 1107 1108 STATIC int 1109 xfs_vn_fiemap( 1110 struct inode *inode, 1111 struct fiemap_extent_info *fieinfo, 1112 u64 start, 1113 u64 length) 1114 { 1115 int error; 1116 1117 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1118 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1119 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1120 error = iomap_fiemap(inode, fieinfo, start, length, 1121 &xfs_xattr_iomap_ops); 1122 } else { 1123 error = iomap_fiemap(inode, fieinfo, start, length, 1124 &xfs_read_iomap_ops); 1125 } 1126 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1127 1128 return error; 1129 } 1130 1131 STATIC int 1132 xfs_vn_tmpfile( 1133 struct mnt_idmap *idmap, 1134 struct inode *dir, 1135 struct file *file, 1136 umode_t mode) 1137 { 1138 int err = xfs_generic_create(idmap, dir, file->f_path.dentry, mode, 0, file); 1139 1140 return finish_open_simple(file, err); 1141 } 1142 1143 static const struct inode_operations xfs_inode_operations = { 1144 .get_inode_acl = xfs_get_acl, 1145 .set_acl = xfs_set_acl, 1146 .getattr = xfs_vn_getattr, 1147 .setattr = xfs_vn_setattr, 1148 .listxattr = xfs_vn_listxattr, 1149 .fiemap = xfs_vn_fiemap, 1150 .update_time = xfs_vn_update_time, 1151 .fileattr_get = xfs_fileattr_get, 1152 .fileattr_set = xfs_fileattr_set, 1153 }; 1154 1155 static const struct inode_operations xfs_dir_inode_operations = { 1156 .create = xfs_vn_create, 1157 .lookup = xfs_vn_lookup, 1158 .link = xfs_vn_link, 1159 .unlink = xfs_vn_unlink, 1160 .symlink = xfs_vn_symlink, 1161 .mkdir = xfs_vn_mkdir, 1162 /* 1163 * Yes, XFS uses the same method for rmdir and unlink. 1164 * 1165 * There are some subtile differences deeper in the code, 1166 * but we use S_ISDIR to check for those. 1167 */ 1168 .rmdir = xfs_vn_unlink, 1169 .mknod = xfs_vn_mknod, 1170 .rename = xfs_vn_rename, 1171 .get_inode_acl = xfs_get_acl, 1172 .set_acl = xfs_set_acl, 1173 .getattr = xfs_vn_getattr, 1174 .setattr = xfs_vn_setattr, 1175 .listxattr = xfs_vn_listxattr, 1176 .update_time = xfs_vn_update_time, 1177 .tmpfile = xfs_vn_tmpfile, 1178 .fileattr_get = xfs_fileattr_get, 1179 .fileattr_set = xfs_fileattr_set, 1180 }; 1181 1182 static const struct inode_operations xfs_dir_ci_inode_operations = { 1183 .create = xfs_vn_create, 1184 .lookup = xfs_vn_ci_lookup, 1185 .link = xfs_vn_link, 1186 .unlink = xfs_vn_unlink, 1187 .symlink = xfs_vn_symlink, 1188 .mkdir = xfs_vn_mkdir, 1189 /* 1190 * Yes, XFS uses the same method for rmdir and unlink. 1191 * 1192 * There are some subtile differences deeper in the code, 1193 * but we use S_ISDIR to check for those. 1194 */ 1195 .rmdir = xfs_vn_unlink, 1196 .mknod = xfs_vn_mknod, 1197 .rename = xfs_vn_rename, 1198 .get_inode_acl = xfs_get_acl, 1199 .set_acl = xfs_set_acl, 1200 .getattr = xfs_vn_getattr, 1201 .setattr = xfs_vn_setattr, 1202 .listxattr = xfs_vn_listxattr, 1203 .update_time = xfs_vn_update_time, 1204 .tmpfile = xfs_vn_tmpfile, 1205 .fileattr_get = xfs_fileattr_get, 1206 .fileattr_set = xfs_fileattr_set, 1207 }; 1208 1209 static const struct inode_operations xfs_symlink_inode_operations = { 1210 .get_link = xfs_vn_get_link, 1211 .getattr = xfs_vn_getattr, 1212 .setattr = xfs_vn_setattr, 1213 .listxattr = xfs_vn_listxattr, 1214 .update_time = xfs_vn_update_time, 1215 }; 1216 1217 /* Figure out if this file actually supports DAX. */ 1218 static bool 1219 xfs_inode_supports_dax( 1220 struct xfs_inode *ip) 1221 { 1222 struct xfs_mount *mp = ip->i_mount; 1223 1224 /* Only supported on regular files. */ 1225 if (!S_ISREG(VFS_I(ip)->i_mode)) 1226 return false; 1227 1228 /* Block size must match page size */ 1229 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1230 return false; 1231 1232 /* Device has to support DAX too. */ 1233 return xfs_inode_buftarg(ip)->bt_daxdev != NULL; 1234 } 1235 1236 static bool 1237 xfs_inode_should_enable_dax( 1238 struct xfs_inode *ip) 1239 { 1240 if (!IS_ENABLED(CONFIG_FS_DAX)) 1241 return false; 1242 if (xfs_has_dax_never(ip->i_mount)) 1243 return false; 1244 if (!xfs_inode_supports_dax(ip)) 1245 return false; 1246 if (xfs_has_dax_always(ip->i_mount)) 1247 return true; 1248 if (ip->i_diflags2 & XFS_DIFLAG2_DAX) 1249 return true; 1250 return false; 1251 } 1252 1253 void 1254 xfs_diflags_to_iflags( 1255 struct xfs_inode *ip, 1256 bool init) 1257 { 1258 struct inode *inode = VFS_I(ip); 1259 unsigned int xflags = xfs_ip2xflags(ip); 1260 unsigned int flags = 0; 1261 1262 ASSERT(!(IS_DAX(inode) && init)); 1263 1264 if (xflags & FS_XFLAG_IMMUTABLE) 1265 flags |= S_IMMUTABLE; 1266 if (xflags & FS_XFLAG_APPEND) 1267 flags |= S_APPEND; 1268 if (xflags & FS_XFLAG_SYNC) 1269 flags |= S_SYNC; 1270 if (xflags & FS_XFLAG_NOATIME) 1271 flags |= S_NOATIME; 1272 if (init && xfs_inode_should_enable_dax(ip)) 1273 flags |= S_DAX; 1274 1275 /* 1276 * S_DAX can only be set during inode initialization and is never set by 1277 * the VFS, so we cannot mask off S_DAX in i_flags. 1278 */ 1279 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME); 1280 inode->i_flags |= flags; 1281 } 1282 1283 /* 1284 * Initialize the Linux inode. 1285 * 1286 * When reading existing inodes from disk this is called directly from xfs_iget, 1287 * when creating a new inode it is called from xfs_init_new_inode after setting 1288 * up the inode. These callers have different criteria for clearing XFS_INEW, so 1289 * leave it up to the caller to deal with unlocking the inode appropriately. 1290 */ 1291 void 1292 xfs_setup_inode( 1293 struct xfs_inode *ip) 1294 { 1295 struct inode *inode = &ip->i_vnode; 1296 gfp_t gfp_mask; 1297 1298 inode->i_ino = ip->i_ino; 1299 inode->i_state |= I_NEW; 1300 1301 inode_sb_list_add(inode); 1302 /* make the inode look hashed for the writeback code */ 1303 inode_fake_hash(inode); 1304 1305 i_size_write(inode, ip->i_disk_size); 1306 xfs_diflags_to_iflags(ip, true); 1307 1308 if (S_ISDIR(inode->i_mode)) { 1309 /* 1310 * We set the i_rwsem class here to avoid potential races with 1311 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1312 * after a filehandle lookup has already found the inode in 1313 * cache before it has been unlocked via unlock_new_inode(). 1314 */ 1315 lockdep_set_class(&inode->i_rwsem, 1316 &inode->i_sb->s_type->i_mutex_dir_key); 1317 lockdep_set_class(&ip->i_lock, &xfs_dir_ilock_class); 1318 } else { 1319 lockdep_set_class(&ip->i_lock, &xfs_nondir_ilock_class); 1320 } 1321 1322 /* 1323 * Ensure all page cache allocations are done from GFP_NOFS context to 1324 * prevent direct reclaim recursion back into the filesystem and blowing 1325 * stacks or deadlocking. 1326 */ 1327 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1328 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1329 1330 /* 1331 * For real-time inodes update the stable write flags to that of the RT 1332 * device instead of the data device. 1333 */ 1334 if (S_ISREG(inode->i_mode) && XFS_IS_REALTIME_INODE(ip)) 1335 xfs_update_stable_writes(ip); 1336 1337 /* 1338 * If there is no attribute fork no ACL can exist on this inode, 1339 * and it can't have any file capabilities attached to it either. 1340 */ 1341 if (!xfs_inode_has_attr_fork(ip)) { 1342 inode_has_no_xattr(inode); 1343 cache_no_acl(inode); 1344 } 1345 } 1346 1347 void 1348 xfs_setup_iops( 1349 struct xfs_inode *ip) 1350 { 1351 struct inode *inode = &ip->i_vnode; 1352 1353 switch (inode->i_mode & S_IFMT) { 1354 case S_IFREG: 1355 inode->i_op = &xfs_inode_operations; 1356 inode->i_fop = &xfs_file_operations; 1357 if (IS_DAX(inode)) 1358 inode->i_mapping->a_ops = &xfs_dax_aops; 1359 else 1360 inode->i_mapping->a_ops = &xfs_address_space_operations; 1361 break; 1362 case S_IFDIR: 1363 if (xfs_has_asciici(XFS_M(inode->i_sb))) 1364 inode->i_op = &xfs_dir_ci_inode_operations; 1365 else 1366 inode->i_op = &xfs_dir_inode_operations; 1367 inode->i_fop = &xfs_dir_file_operations; 1368 break; 1369 case S_IFLNK: 1370 inode->i_op = &xfs_symlink_inode_operations; 1371 break; 1372 default: 1373 inode->i_op = &xfs_inode_operations; 1374 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1375 break; 1376 } 1377 } 1378