1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_da_format.h" 14 #include "xfs_inode.h" 15 #include "xfs_bmap.h" 16 #include "xfs_bmap_util.h" 17 #include "xfs_acl.h" 18 #include "xfs_quota.h" 19 #include "xfs_error.h" 20 #include "xfs_attr.h" 21 #include "xfs_trans.h" 22 #include "xfs_trace.h" 23 #include "xfs_icache.h" 24 #include "xfs_symlink.h" 25 #include "xfs_da_btree.h" 26 #include "xfs_dir2.h" 27 #include "xfs_trans_space.h" 28 #include "xfs_iomap.h" 29 #include "xfs_defer.h" 30 31 #include <linux/capability.h> 32 #include <linux/xattr.h> 33 #include <linux/posix_acl.h> 34 #include <linux/security.h> 35 #include <linux/iomap.h> 36 #include <linux/slab.h> 37 #include <linux/iversion.h> 38 39 /* 40 * Directories have different lock order w.r.t. mmap_sem compared to regular 41 * files. This is due to readdir potentially triggering page faults on a user 42 * buffer inside filldir(), and this happens with the ilock on the directory 43 * held. For regular files, the lock order is the other way around - the 44 * mmap_sem is taken during the page fault, and then we lock the ilock to do 45 * block mapping. Hence we need a different class for the directory ilock so 46 * that lockdep can tell them apart. 47 */ 48 static struct lock_class_key xfs_nondir_ilock_class; 49 static struct lock_class_key xfs_dir_ilock_class; 50 51 static int 52 xfs_initxattrs( 53 struct inode *inode, 54 const struct xattr *xattr_array, 55 void *fs_info) 56 { 57 const struct xattr *xattr; 58 struct xfs_inode *ip = XFS_I(inode); 59 int error = 0; 60 61 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 62 error = xfs_attr_set(ip, xattr->name, xattr->value, 63 xattr->value_len, ATTR_SECURE); 64 if (error < 0) 65 break; 66 } 67 return error; 68 } 69 70 /* 71 * Hook in SELinux. This is not quite correct yet, what we really need 72 * here (as we do for default ACLs) is a mechanism by which creation of 73 * these attrs can be journalled at inode creation time (along with the 74 * inode, of course, such that log replay can't cause these to be lost). 75 */ 76 77 STATIC int 78 xfs_init_security( 79 struct inode *inode, 80 struct inode *dir, 81 const struct qstr *qstr) 82 { 83 return security_inode_init_security(inode, dir, qstr, 84 &xfs_initxattrs, NULL); 85 } 86 87 static void 88 xfs_dentry_to_name( 89 struct xfs_name *namep, 90 struct dentry *dentry) 91 { 92 namep->name = dentry->d_name.name; 93 namep->len = dentry->d_name.len; 94 namep->type = XFS_DIR3_FT_UNKNOWN; 95 } 96 97 static int 98 xfs_dentry_mode_to_name( 99 struct xfs_name *namep, 100 struct dentry *dentry, 101 int mode) 102 { 103 namep->name = dentry->d_name.name; 104 namep->len = dentry->d_name.len; 105 namep->type = xfs_mode_to_ftype(mode); 106 107 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 108 return -EFSCORRUPTED; 109 110 return 0; 111 } 112 113 STATIC void 114 xfs_cleanup_inode( 115 struct inode *dir, 116 struct inode *inode, 117 struct dentry *dentry) 118 { 119 struct xfs_name teardown; 120 121 /* Oh, the horror. 122 * If we can't add the ACL or we fail in 123 * xfs_init_security we must back out. 124 * ENOSPC can hit here, among other things. 125 */ 126 xfs_dentry_to_name(&teardown, dentry); 127 128 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 129 } 130 131 STATIC int 132 xfs_generic_create( 133 struct inode *dir, 134 struct dentry *dentry, 135 umode_t mode, 136 dev_t rdev, 137 bool tmpfile) /* unnamed file */ 138 { 139 struct inode *inode; 140 struct xfs_inode *ip = NULL; 141 struct posix_acl *default_acl, *acl; 142 struct xfs_name name; 143 int error; 144 145 /* 146 * Irix uses Missed'em'V split, but doesn't want to see 147 * the upper 5 bits of (14bit) major. 148 */ 149 if (S_ISCHR(mode) || S_ISBLK(mode)) { 150 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 151 return -EINVAL; 152 } else { 153 rdev = 0; 154 } 155 156 error = posix_acl_create(dir, &mode, &default_acl, &acl); 157 if (error) 158 return error; 159 160 /* Verify mode is valid also for tmpfile case */ 161 error = xfs_dentry_mode_to_name(&name, dentry, mode); 162 if (unlikely(error)) 163 goto out_free_acl; 164 165 if (!tmpfile) { 166 error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip); 167 } else { 168 error = xfs_create_tmpfile(XFS_I(dir), mode, &ip); 169 } 170 if (unlikely(error)) 171 goto out_free_acl; 172 173 inode = VFS_I(ip); 174 175 error = xfs_init_security(inode, dir, &dentry->d_name); 176 if (unlikely(error)) 177 goto out_cleanup_inode; 178 179 #ifdef CONFIG_XFS_POSIX_ACL 180 if (default_acl) { 181 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 182 if (error) 183 goto out_cleanup_inode; 184 } 185 if (acl) { 186 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 187 if (error) 188 goto out_cleanup_inode; 189 } 190 #endif 191 192 xfs_setup_iops(ip); 193 194 if (tmpfile) 195 d_tmpfile(dentry, inode); 196 else 197 d_instantiate(dentry, inode); 198 199 xfs_finish_inode_setup(ip); 200 201 out_free_acl: 202 if (default_acl) 203 posix_acl_release(default_acl); 204 if (acl) 205 posix_acl_release(acl); 206 return error; 207 208 out_cleanup_inode: 209 xfs_finish_inode_setup(ip); 210 if (!tmpfile) 211 xfs_cleanup_inode(dir, inode, dentry); 212 xfs_irele(ip); 213 goto out_free_acl; 214 } 215 216 STATIC int 217 xfs_vn_mknod( 218 struct inode *dir, 219 struct dentry *dentry, 220 umode_t mode, 221 dev_t rdev) 222 { 223 return xfs_generic_create(dir, dentry, mode, rdev, false); 224 } 225 226 STATIC int 227 xfs_vn_create( 228 struct inode *dir, 229 struct dentry *dentry, 230 umode_t mode, 231 bool flags) 232 { 233 return xfs_vn_mknod(dir, dentry, mode, 0); 234 } 235 236 STATIC int 237 xfs_vn_mkdir( 238 struct inode *dir, 239 struct dentry *dentry, 240 umode_t mode) 241 { 242 return xfs_vn_mknod(dir, dentry, mode|S_IFDIR, 0); 243 } 244 245 STATIC struct dentry * 246 xfs_vn_lookup( 247 struct inode *dir, 248 struct dentry *dentry, 249 unsigned int flags) 250 { 251 struct inode *inode; 252 struct xfs_inode *cip; 253 struct xfs_name name; 254 int error; 255 256 if (dentry->d_name.len >= MAXNAMELEN) 257 return ERR_PTR(-ENAMETOOLONG); 258 259 xfs_dentry_to_name(&name, dentry); 260 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 261 if (likely(!error)) 262 inode = VFS_I(cip); 263 else if (likely(error == -ENOENT)) 264 inode = NULL; 265 else 266 inode = ERR_PTR(error); 267 return d_splice_alias(inode, dentry); 268 } 269 270 STATIC struct dentry * 271 xfs_vn_ci_lookup( 272 struct inode *dir, 273 struct dentry *dentry, 274 unsigned int flags) 275 { 276 struct xfs_inode *ip; 277 struct xfs_name xname; 278 struct xfs_name ci_name; 279 struct qstr dname; 280 int error; 281 282 if (dentry->d_name.len >= MAXNAMELEN) 283 return ERR_PTR(-ENAMETOOLONG); 284 285 xfs_dentry_to_name(&xname, dentry); 286 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 287 if (unlikely(error)) { 288 if (unlikely(error != -ENOENT)) 289 return ERR_PTR(error); 290 /* 291 * call d_add(dentry, NULL) here when d_drop_negative_children 292 * is called in xfs_vn_mknod (ie. allow negative dentries 293 * with CI filesystems). 294 */ 295 return NULL; 296 } 297 298 /* if exact match, just splice and exit */ 299 if (!ci_name.name) 300 return d_splice_alias(VFS_I(ip), dentry); 301 302 /* else case-insensitive match... */ 303 dname.name = ci_name.name; 304 dname.len = ci_name.len; 305 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 306 kmem_free(ci_name.name); 307 return dentry; 308 } 309 310 STATIC int 311 xfs_vn_link( 312 struct dentry *old_dentry, 313 struct inode *dir, 314 struct dentry *dentry) 315 { 316 struct inode *inode = d_inode(old_dentry); 317 struct xfs_name name; 318 int error; 319 320 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 321 if (unlikely(error)) 322 return error; 323 324 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 325 if (unlikely(error)) 326 return error; 327 328 ihold(inode); 329 d_instantiate(dentry, inode); 330 return 0; 331 } 332 333 STATIC int 334 xfs_vn_unlink( 335 struct inode *dir, 336 struct dentry *dentry) 337 { 338 struct xfs_name name; 339 int error; 340 341 xfs_dentry_to_name(&name, dentry); 342 343 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 344 if (error) 345 return error; 346 347 /* 348 * With unlink, the VFS makes the dentry "negative": no inode, 349 * but still hashed. This is incompatible with case-insensitive 350 * mode, so invalidate (unhash) the dentry in CI-mode. 351 */ 352 if (xfs_sb_version_hasasciici(&XFS_M(dir->i_sb)->m_sb)) 353 d_invalidate(dentry); 354 return 0; 355 } 356 357 STATIC int 358 xfs_vn_symlink( 359 struct inode *dir, 360 struct dentry *dentry, 361 const char *symname) 362 { 363 struct inode *inode; 364 struct xfs_inode *cip = NULL; 365 struct xfs_name name; 366 int error; 367 umode_t mode; 368 369 mode = S_IFLNK | 370 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 371 error = xfs_dentry_mode_to_name(&name, dentry, mode); 372 if (unlikely(error)) 373 goto out; 374 375 error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip); 376 if (unlikely(error)) 377 goto out; 378 379 inode = VFS_I(cip); 380 381 error = xfs_init_security(inode, dir, &dentry->d_name); 382 if (unlikely(error)) 383 goto out_cleanup_inode; 384 385 xfs_setup_iops(cip); 386 387 d_instantiate(dentry, inode); 388 xfs_finish_inode_setup(cip); 389 return 0; 390 391 out_cleanup_inode: 392 xfs_finish_inode_setup(cip); 393 xfs_cleanup_inode(dir, inode, dentry); 394 xfs_irele(cip); 395 out: 396 return error; 397 } 398 399 STATIC int 400 xfs_vn_rename( 401 struct inode *odir, 402 struct dentry *odentry, 403 struct inode *ndir, 404 struct dentry *ndentry, 405 unsigned int flags) 406 { 407 struct inode *new_inode = d_inode(ndentry); 408 int omode = 0; 409 int error; 410 struct xfs_name oname; 411 struct xfs_name nname; 412 413 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 414 return -EINVAL; 415 416 /* if we are exchanging files, we need to set i_mode of both files */ 417 if (flags & RENAME_EXCHANGE) 418 omode = d_inode(ndentry)->i_mode; 419 420 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 421 if (omode && unlikely(error)) 422 return error; 423 424 error = xfs_dentry_mode_to_name(&nname, ndentry, 425 d_inode(odentry)->i_mode); 426 if (unlikely(error)) 427 return error; 428 429 return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)), 430 XFS_I(ndir), &nname, 431 new_inode ? XFS_I(new_inode) : NULL, flags); 432 } 433 434 /* 435 * careful here - this function can get called recursively, so 436 * we need to be very careful about how much stack we use. 437 * uio is kmalloced for this reason... 438 */ 439 STATIC const char * 440 xfs_vn_get_link( 441 struct dentry *dentry, 442 struct inode *inode, 443 struct delayed_call *done) 444 { 445 char *link; 446 int error = -ENOMEM; 447 448 if (!dentry) 449 return ERR_PTR(-ECHILD); 450 451 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 452 if (!link) 453 goto out_err; 454 455 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 456 if (unlikely(error)) 457 goto out_kfree; 458 459 set_delayed_call(done, kfree_link, link); 460 return link; 461 462 out_kfree: 463 kfree(link); 464 out_err: 465 return ERR_PTR(error); 466 } 467 468 STATIC const char * 469 xfs_vn_get_link_inline( 470 struct dentry *dentry, 471 struct inode *inode, 472 struct delayed_call *done) 473 { 474 char *link; 475 476 ASSERT(XFS_I(inode)->i_df.if_flags & XFS_IFINLINE); 477 478 /* 479 * The VFS crashes on a NULL pointer, so return -EFSCORRUPTED if 480 * if_data is junk. 481 */ 482 link = XFS_I(inode)->i_df.if_u1.if_data; 483 if (!link) 484 return ERR_PTR(-EFSCORRUPTED); 485 return link; 486 } 487 488 STATIC int 489 xfs_vn_getattr( 490 const struct path *path, 491 struct kstat *stat, 492 u32 request_mask, 493 unsigned int query_flags) 494 { 495 struct inode *inode = d_inode(path->dentry); 496 struct xfs_inode *ip = XFS_I(inode); 497 struct xfs_mount *mp = ip->i_mount; 498 499 trace_xfs_getattr(ip); 500 501 if (XFS_FORCED_SHUTDOWN(mp)) 502 return -EIO; 503 504 stat->size = XFS_ISIZE(ip); 505 stat->dev = inode->i_sb->s_dev; 506 stat->mode = inode->i_mode; 507 stat->nlink = inode->i_nlink; 508 stat->uid = inode->i_uid; 509 stat->gid = inode->i_gid; 510 stat->ino = ip->i_ino; 511 stat->atime = inode->i_atime; 512 stat->mtime = inode->i_mtime; 513 stat->ctime = inode->i_ctime; 514 stat->blocks = 515 XFS_FSB_TO_BB(mp, ip->i_d.di_nblocks + ip->i_delayed_blks); 516 517 if (ip->i_d.di_version == 3) { 518 if (request_mask & STATX_BTIME) { 519 stat->result_mask |= STATX_BTIME; 520 stat->btime.tv_sec = ip->i_d.di_crtime.t_sec; 521 stat->btime.tv_nsec = ip->i_d.di_crtime.t_nsec; 522 } 523 } 524 525 if (ip->i_d.di_flags & XFS_DIFLAG_IMMUTABLE) 526 stat->attributes |= STATX_ATTR_IMMUTABLE; 527 if (ip->i_d.di_flags & XFS_DIFLAG_APPEND) 528 stat->attributes |= STATX_ATTR_APPEND; 529 if (ip->i_d.di_flags & XFS_DIFLAG_NODUMP) 530 stat->attributes |= STATX_ATTR_NODUMP; 531 532 switch (inode->i_mode & S_IFMT) { 533 case S_IFBLK: 534 case S_IFCHR: 535 stat->blksize = BLKDEV_IOSIZE; 536 stat->rdev = inode->i_rdev; 537 break; 538 default: 539 if (XFS_IS_REALTIME_INODE(ip)) { 540 /* 541 * If the file blocks are being allocated from a 542 * realtime volume, then return the inode's realtime 543 * extent size or the realtime volume's extent size. 544 */ 545 stat->blksize = 546 xfs_get_extsz_hint(ip) << mp->m_sb.sb_blocklog; 547 } else 548 stat->blksize = xfs_preferred_iosize(mp); 549 stat->rdev = 0; 550 break; 551 } 552 553 return 0; 554 } 555 556 static void 557 xfs_setattr_mode( 558 struct xfs_inode *ip, 559 struct iattr *iattr) 560 { 561 struct inode *inode = VFS_I(ip); 562 umode_t mode = iattr->ia_mode; 563 564 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 565 566 inode->i_mode &= S_IFMT; 567 inode->i_mode |= mode & ~S_IFMT; 568 } 569 570 void 571 xfs_setattr_time( 572 struct xfs_inode *ip, 573 struct iattr *iattr) 574 { 575 struct inode *inode = VFS_I(ip); 576 577 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 578 579 if (iattr->ia_valid & ATTR_ATIME) 580 inode->i_atime = iattr->ia_atime; 581 if (iattr->ia_valid & ATTR_CTIME) 582 inode->i_ctime = iattr->ia_ctime; 583 if (iattr->ia_valid & ATTR_MTIME) 584 inode->i_mtime = iattr->ia_mtime; 585 } 586 587 static int 588 xfs_vn_change_ok( 589 struct dentry *dentry, 590 struct iattr *iattr) 591 { 592 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 593 594 if (mp->m_flags & XFS_MOUNT_RDONLY) 595 return -EROFS; 596 597 if (XFS_FORCED_SHUTDOWN(mp)) 598 return -EIO; 599 600 return setattr_prepare(dentry, iattr); 601 } 602 603 /* 604 * Set non-size attributes of an inode. 605 * 606 * Caution: The caller of this function is responsible for calling 607 * setattr_prepare() or otherwise verifying the change is fine. 608 */ 609 int 610 xfs_setattr_nonsize( 611 struct xfs_inode *ip, 612 struct iattr *iattr, 613 int flags) 614 { 615 xfs_mount_t *mp = ip->i_mount; 616 struct inode *inode = VFS_I(ip); 617 int mask = iattr->ia_valid; 618 xfs_trans_t *tp; 619 int error; 620 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID; 621 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID; 622 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 623 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL; 624 625 ASSERT((mask & ATTR_SIZE) == 0); 626 627 /* 628 * If disk quotas is on, we make sure that the dquots do exist on disk, 629 * before we start any other transactions. Trying to do this later 630 * is messy. We don't care to take a readlock to look at the ids 631 * in inode here, because we can't hold it across the trans_reserve. 632 * If the IDs do change before we take the ilock, we're covered 633 * because the i_*dquot fields will get updated anyway. 634 */ 635 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 636 uint qflags = 0; 637 638 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 639 uid = iattr->ia_uid; 640 qflags |= XFS_QMOPT_UQUOTA; 641 } else { 642 uid = inode->i_uid; 643 } 644 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 645 gid = iattr->ia_gid; 646 qflags |= XFS_QMOPT_GQUOTA; 647 } else { 648 gid = inode->i_gid; 649 } 650 651 /* 652 * We take a reference when we initialize udqp and gdqp, 653 * so it is important that we never blindly double trip on 654 * the same variable. See xfs_create() for an example. 655 */ 656 ASSERT(udqp == NULL); 657 ASSERT(gdqp == NULL); 658 error = xfs_qm_vop_dqalloc(ip, xfs_kuid_to_uid(uid), 659 xfs_kgid_to_gid(gid), 660 xfs_get_projid(ip), 661 qflags, &udqp, &gdqp, NULL); 662 if (error) 663 return error; 664 } 665 666 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp); 667 if (error) 668 goto out_dqrele; 669 670 xfs_ilock(ip, XFS_ILOCK_EXCL); 671 xfs_trans_ijoin(tp, ip, 0); 672 673 /* 674 * Change file ownership. Must be the owner or privileged. 675 */ 676 if (mask & (ATTR_UID|ATTR_GID)) { 677 /* 678 * These IDs could have changed since we last looked at them. 679 * But, we're assured that if the ownership did change 680 * while we didn't have the inode locked, inode's dquot(s) 681 * would have changed also. 682 */ 683 iuid = inode->i_uid; 684 igid = inode->i_gid; 685 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid; 686 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid; 687 688 /* 689 * Do a quota reservation only if uid/gid is actually 690 * going to change. 691 */ 692 if (XFS_IS_QUOTA_RUNNING(mp) && 693 ((XFS_IS_UQUOTA_ON(mp) && !uid_eq(iuid, uid)) || 694 (XFS_IS_GQUOTA_ON(mp) && !gid_eq(igid, gid)))) { 695 ASSERT(tp); 696 error = xfs_qm_vop_chown_reserve(tp, ip, udqp, gdqp, 697 NULL, capable(CAP_FOWNER) ? 698 XFS_QMOPT_FORCE_RES : 0); 699 if (error) /* out of quota */ 700 goto out_cancel; 701 } 702 } 703 704 /* 705 * Change file ownership. Must be the owner or privileged. 706 */ 707 if (mask & (ATTR_UID|ATTR_GID)) { 708 /* 709 * CAP_FSETID overrides the following restrictions: 710 * 711 * The set-user-ID and set-group-ID bits of a file will be 712 * cleared upon successful return from chown() 713 */ 714 if ((inode->i_mode & (S_ISUID|S_ISGID)) && 715 !capable(CAP_FSETID)) 716 inode->i_mode &= ~(S_ISUID|S_ISGID); 717 718 /* 719 * Change the ownerships and register quota modifications 720 * in the transaction. 721 */ 722 if (!uid_eq(iuid, uid)) { 723 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) { 724 ASSERT(mask & ATTR_UID); 725 ASSERT(udqp); 726 olddquot1 = xfs_qm_vop_chown(tp, ip, 727 &ip->i_udquot, udqp); 728 } 729 ip->i_d.di_uid = xfs_kuid_to_uid(uid); 730 inode->i_uid = uid; 731 } 732 if (!gid_eq(igid, gid)) { 733 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_GQUOTA_ON(mp)) { 734 ASSERT(xfs_sb_version_has_pquotino(&mp->m_sb) || 735 !XFS_IS_PQUOTA_ON(mp)); 736 ASSERT(mask & ATTR_GID); 737 ASSERT(gdqp); 738 olddquot2 = xfs_qm_vop_chown(tp, ip, 739 &ip->i_gdquot, gdqp); 740 } 741 ip->i_d.di_gid = xfs_kgid_to_gid(gid); 742 inode->i_gid = gid; 743 } 744 } 745 746 if (mask & ATTR_MODE) 747 xfs_setattr_mode(ip, iattr); 748 if (mask & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 749 xfs_setattr_time(ip, iattr); 750 751 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 752 753 XFS_STATS_INC(mp, xs_ig_attrchg); 754 755 if (mp->m_flags & XFS_MOUNT_WSYNC) 756 xfs_trans_set_sync(tp); 757 error = xfs_trans_commit(tp); 758 759 xfs_iunlock(ip, XFS_ILOCK_EXCL); 760 761 /* 762 * Release any dquot(s) the inode had kept before chown. 763 */ 764 xfs_qm_dqrele(olddquot1); 765 xfs_qm_dqrele(olddquot2); 766 xfs_qm_dqrele(udqp); 767 xfs_qm_dqrele(gdqp); 768 769 if (error) 770 return error; 771 772 /* 773 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 774 * update. We could avoid this with linked transactions 775 * and passing down the transaction pointer all the way 776 * to attr_set. No previous user of the generic 777 * Posix ACL code seems to care about this issue either. 778 */ 779 if ((mask & ATTR_MODE) && !(flags & XFS_ATTR_NOACL)) { 780 error = posix_acl_chmod(inode, inode->i_mode); 781 if (error) 782 return error; 783 } 784 785 return 0; 786 787 out_cancel: 788 xfs_trans_cancel(tp); 789 out_dqrele: 790 xfs_qm_dqrele(udqp); 791 xfs_qm_dqrele(gdqp); 792 return error; 793 } 794 795 int 796 xfs_vn_setattr_nonsize( 797 struct dentry *dentry, 798 struct iattr *iattr) 799 { 800 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 801 int error; 802 803 trace_xfs_setattr(ip); 804 805 error = xfs_vn_change_ok(dentry, iattr); 806 if (error) 807 return error; 808 return xfs_setattr_nonsize(ip, iattr, 0); 809 } 810 811 /* 812 * Truncate file. Must have write permission and not be a directory. 813 * 814 * Caution: The caller of this function is responsible for calling 815 * setattr_prepare() or otherwise verifying the change is fine. 816 */ 817 STATIC int 818 xfs_setattr_size( 819 struct xfs_inode *ip, 820 struct iattr *iattr) 821 { 822 struct xfs_mount *mp = ip->i_mount; 823 struct inode *inode = VFS_I(ip); 824 xfs_off_t oldsize, newsize; 825 struct xfs_trans *tp; 826 int error; 827 uint lock_flags = 0; 828 bool did_zeroing = false; 829 830 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); 831 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL)); 832 ASSERT(S_ISREG(inode->i_mode)); 833 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 834 ATTR_MTIME_SET|ATTR_KILL_PRIV|ATTR_TIMES_SET)) == 0); 835 836 oldsize = inode->i_size; 837 newsize = iattr->ia_size; 838 839 /* 840 * Short circuit the truncate case for zero length files. 841 */ 842 if (newsize == 0 && oldsize == 0 && ip->i_d.di_nextents == 0) { 843 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 844 return 0; 845 846 /* 847 * Use the regular setattr path to update the timestamps. 848 */ 849 iattr->ia_valid &= ~ATTR_SIZE; 850 return xfs_setattr_nonsize(ip, iattr, 0); 851 } 852 853 /* 854 * Make sure that the dquots are attached to the inode. 855 */ 856 error = xfs_qm_dqattach(ip); 857 if (error) 858 return error; 859 860 /* 861 * Wait for all direct I/O to complete. 862 */ 863 inode_dio_wait(inode); 864 865 /* 866 * File data changes must be complete before we start the transaction to 867 * modify the inode. This needs to be done before joining the inode to 868 * the transaction because the inode cannot be unlocked once it is a 869 * part of the transaction. 870 * 871 * Start with zeroing any data beyond EOF that we may expose on file 872 * extension, or zeroing out the rest of the block on a downward 873 * truncate. 874 */ 875 if (newsize > oldsize) { 876 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 877 error = iomap_zero_range(inode, oldsize, newsize - oldsize, 878 &did_zeroing, &xfs_iomap_ops); 879 } else { 880 error = iomap_truncate_page(inode, newsize, &did_zeroing, 881 &xfs_iomap_ops); 882 } 883 884 if (error) 885 return error; 886 887 /* 888 * We've already locked out new page faults, so now we can safely remove 889 * pages from the page cache knowing they won't get refaulted until we 890 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 891 * complete. The truncate_setsize() call also cleans partial EOF page 892 * PTEs on extending truncates and hence ensures sub-page block size 893 * filesystems are correctly handled, too. 894 * 895 * We have to do all the page cache truncate work outside the 896 * transaction context as the "lock" order is page lock->log space 897 * reservation as defined by extent allocation in the writeback path. 898 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 899 * having already truncated the in-memory version of the file (i.e. made 900 * user visible changes). There's not much we can do about this, except 901 * to hope that the caller sees ENOMEM and retries the truncate 902 * operation. 903 * 904 * And we update in-core i_size and truncate page cache beyond newsize 905 * before writeback the [di_size, newsize] range, so we're guaranteed 906 * not to write stale data past the new EOF on truncate down. 907 */ 908 truncate_setsize(inode, newsize); 909 910 /* 911 * We are going to log the inode size change in this transaction so 912 * any previous writes that are beyond the on disk EOF and the new 913 * EOF that have not been written out need to be written here. If we 914 * do not write the data out, we expose ourselves to the null files 915 * problem. Note that this includes any block zeroing we did above; 916 * otherwise those blocks may not be zeroed after a crash. 917 */ 918 if (did_zeroing || 919 (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) { 920 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 921 ip->i_d.di_size, newsize - 1); 922 if (error) 923 return error; 924 } 925 926 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 927 if (error) 928 return error; 929 930 lock_flags |= XFS_ILOCK_EXCL; 931 xfs_ilock(ip, XFS_ILOCK_EXCL); 932 xfs_trans_ijoin(tp, ip, 0); 933 934 /* 935 * Only change the c/mtime if we are changing the size or we are 936 * explicitly asked to change it. This handles the semantic difference 937 * between truncate() and ftruncate() as implemented in the VFS. 938 * 939 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 940 * special case where we need to update the times despite not having 941 * these flags set. For all other operations the VFS set these flags 942 * explicitly if it wants a timestamp update. 943 */ 944 if (newsize != oldsize && 945 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 946 iattr->ia_ctime = iattr->ia_mtime = 947 current_time(inode); 948 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 949 } 950 951 /* 952 * The first thing we do is set the size to new_size permanently on 953 * disk. This way we don't have to worry about anyone ever being able 954 * to look at the data being freed even in the face of a crash. 955 * What we're getting around here is the case where we free a block, it 956 * is allocated to another file, it is written to, and then we crash. 957 * If the new data gets written to the file but the log buffers 958 * containing the free and reallocation don't, then we'd end up with 959 * garbage in the blocks being freed. As long as we make the new size 960 * permanent before actually freeing any blocks it doesn't matter if 961 * they get written to. 962 */ 963 ip->i_d.di_size = newsize; 964 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 965 966 if (newsize <= oldsize) { 967 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 968 if (error) 969 goto out_trans_cancel; 970 971 /* 972 * Truncated "down", so we're removing references to old data 973 * here - if we delay flushing for a long time, we expose 974 * ourselves unduly to the notorious NULL files problem. So, 975 * we mark this inode and flush it when the file is closed, 976 * and do not wait the usual (long) time for writeout. 977 */ 978 xfs_iflags_set(ip, XFS_ITRUNCATED); 979 980 /* A truncate down always removes post-EOF blocks. */ 981 xfs_inode_clear_eofblocks_tag(ip); 982 } 983 984 if (iattr->ia_valid & ATTR_MODE) 985 xfs_setattr_mode(ip, iattr); 986 if (iattr->ia_valid & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 987 xfs_setattr_time(ip, iattr); 988 989 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 990 991 XFS_STATS_INC(mp, xs_ig_attrchg); 992 993 if (mp->m_flags & XFS_MOUNT_WSYNC) 994 xfs_trans_set_sync(tp); 995 996 error = xfs_trans_commit(tp); 997 out_unlock: 998 if (lock_flags) 999 xfs_iunlock(ip, lock_flags); 1000 return error; 1001 1002 out_trans_cancel: 1003 xfs_trans_cancel(tp); 1004 goto out_unlock; 1005 } 1006 1007 int 1008 xfs_vn_setattr_size( 1009 struct dentry *dentry, 1010 struct iattr *iattr) 1011 { 1012 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 1013 int error; 1014 1015 trace_xfs_setattr(ip); 1016 1017 error = xfs_vn_change_ok(dentry, iattr); 1018 if (error) 1019 return error; 1020 return xfs_setattr_size(ip, iattr); 1021 } 1022 1023 STATIC int 1024 xfs_vn_setattr( 1025 struct dentry *dentry, 1026 struct iattr *iattr) 1027 { 1028 int error; 1029 1030 if (iattr->ia_valid & ATTR_SIZE) { 1031 struct inode *inode = d_inode(dentry); 1032 struct xfs_inode *ip = XFS_I(inode); 1033 uint iolock; 1034 1035 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1036 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1037 1038 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1039 if (error) { 1040 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1041 return error; 1042 } 1043 1044 error = xfs_vn_setattr_size(dentry, iattr); 1045 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1046 } else { 1047 error = xfs_vn_setattr_nonsize(dentry, iattr); 1048 } 1049 1050 return error; 1051 } 1052 1053 STATIC int 1054 xfs_vn_update_time( 1055 struct inode *inode, 1056 struct timespec64 *now, 1057 int flags) 1058 { 1059 struct xfs_inode *ip = XFS_I(inode); 1060 struct xfs_mount *mp = ip->i_mount; 1061 int log_flags = XFS_ILOG_TIMESTAMP; 1062 struct xfs_trans *tp; 1063 int error; 1064 1065 trace_xfs_update_time(ip); 1066 1067 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1068 if (!((flags & S_VERSION) && 1069 inode_maybe_inc_iversion(inode, false))) 1070 return generic_update_time(inode, now, flags); 1071 1072 /* Capture the iversion update that just occurred */ 1073 log_flags |= XFS_ILOG_CORE; 1074 } 1075 1076 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1077 if (error) 1078 return error; 1079 1080 xfs_ilock(ip, XFS_ILOCK_EXCL); 1081 if (flags & S_CTIME) 1082 inode->i_ctime = *now; 1083 if (flags & S_MTIME) 1084 inode->i_mtime = *now; 1085 if (flags & S_ATIME) 1086 inode->i_atime = *now; 1087 1088 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1089 xfs_trans_log_inode(tp, ip, log_flags); 1090 return xfs_trans_commit(tp); 1091 } 1092 1093 STATIC int 1094 xfs_vn_fiemap( 1095 struct inode *inode, 1096 struct fiemap_extent_info *fieinfo, 1097 u64 start, 1098 u64 length) 1099 { 1100 int error; 1101 1102 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1103 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1104 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1105 error = iomap_fiemap(inode, fieinfo, start, length, 1106 &xfs_xattr_iomap_ops); 1107 } else { 1108 error = iomap_fiemap(inode, fieinfo, start, length, 1109 &xfs_iomap_ops); 1110 } 1111 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1112 1113 return error; 1114 } 1115 1116 STATIC int 1117 xfs_vn_tmpfile( 1118 struct inode *dir, 1119 struct dentry *dentry, 1120 umode_t mode) 1121 { 1122 return xfs_generic_create(dir, dentry, mode, 0, true); 1123 } 1124 1125 static const struct inode_operations xfs_inode_operations = { 1126 .get_acl = xfs_get_acl, 1127 .set_acl = xfs_set_acl, 1128 .getattr = xfs_vn_getattr, 1129 .setattr = xfs_vn_setattr, 1130 .listxattr = xfs_vn_listxattr, 1131 .fiemap = xfs_vn_fiemap, 1132 .update_time = xfs_vn_update_time, 1133 }; 1134 1135 static const struct inode_operations xfs_dir_inode_operations = { 1136 .create = xfs_vn_create, 1137 .lookup = xfs_vn_lookup, 1138 .link = xfs_vn_link, 1139 .unlink = xfs_vn_unlink, 1140 .symlink = xfs_vn_symlink, 1141 .mkdir = xfs_vn_mkdir, 1142 /* 1143 * Yes, XFS uses the same method for rmdir and unlink. 1144 * 1145 * There are some subtile differences deeper in the code, 1146 * but we use S_ISDIR to check for those. 1147 */ 1148 .rmdir = xfs_vn_unlink, 1149 .mknod = xfs_vn_mknod, 1150 .rename = xfs_vn_rename, 1151 .get_acl = xfs_get_acl, 1152 .set_acl = xfs_set_acl, 1153 .getattr = xfs_vn_getattr, 1154 .setattr = xfs_vn_setattr, 1155 .listxattr = xfs_vn_listxattr, 1156 .update_time = xfs_vn_update_time, 1157 .tmpfile = xfs_vn_tmpfile, 1158 }; 1159 1160 static const struct inode_operations xfs_dir_ci_inode_operations = { 1161 .create = xfs_vn_create, 1162 .lookup = xfs_vn_ci_lookup, 1163 .link = xfs_vn_link, 1164 .unlink = xfs_vn_unlink, 1165 .symlink = xfs_vn_symlink, 1166 .mkdir = xfs_vn_mkdir, 1167 /* 1168 * Yes, XFS uses the same method for rmdir and unlink. 1169 * 1170 * There are some subtile differences deeper in the code, 1171 * but we use S_ISDIR to check for those. 1172 */ 1173 .rmdir = xfs_vn_unlink, 1174 .mknod = xfs_vn_mknod, 1175 .rename = xfs_vn_rename, 1176 .get_acl = xfs_get_acl, 1177 .set_acl = xfs_set_acl, 1178 .getattr = xfs_vn_getattr, 1179 .setattr = xfs_vn_setattr, 1180 .listxattr = xfs_vn_listxattr, 1181 .update_time = xfs_vn_update_time, 1182 .tmpfile = xfs_vn_tmpfile, 1183 }; 1184 1185 static const struct inode_operations xfs_symlink_inode_operations = { 1186 .get_link = xfs_vn_get_link, 1187 .getattr = xfs_vn_getattr, 1188 .setattr = xfs_vn_setattr, 1189 .listxattr = xfs_vn_listxattr, 1190 .update_time = xfs_vn_update_time, 1191 }; 1192 1193 static const struct inode_operations xfs_inline_symlink_inode_operations = { 1194 .get_link = xfs_vn_get_link_inline, 1195 .getattr = xfs_vn_getattr, 1196 .setattr = xfs_vn_setattr, 1197 .listxattr = xfs_vn_listxattr, 1198 .update_time = xfs_vn_update_time, 1199 }; 1200 1201 /* Figure out if this file actually supports DAX. */ 1202 static bool 1203 xfs_inode_supports_dax( 1204 struct xfs_inode *ip) 1205 { 1206 struct xfs_mount *mp = ip->i_mount; 1207 1208 /* Only supported on non-reflinked files. */ 1209 if (!S_ISREG(VFS_I(ip)->i_mode) || xfs_is_reflink_inode(ip)) 1210 return false; 1211 1212 /* DAX mount option or DAX iflag must be set. */ 1213 if (!(mp->m_flags & XFS_MOUNT_DAX) && 1214 !(ip->i_d.di_flags2 & XFS_DIFLAG2_DAX)) 1215 return false; 1216 1217 /* Block size must match page size */ 1218 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1219 return false; 1220 1221 /* Device has to support DAX too. */ 1222 return xfs_find_daxdev_for_inode(VFS_I(ip)) != NULL; 1223 } 1224 1225 STATIC void 1226 xfs_diflags_to_iflags( 1227 struct inode *inode, 1228 struct xfs_inode *ip) 1229 { 1230 uint16_t flags = ip->i_d.di_flags; 1231 1232 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | 1233 S_NOATIME | S_DAX); 1234 1235 if (flags & XFS_DIFLAG_IMMUTABLE) 1236 inode->i_flags |= S_IMMUTABLE; 1237 if (flags & XFS_DIFLAG_APPEND) 1238 inode->i_flags |= S_APPEND; 1239 if (flags & XFS_DIFLAG_SYNC) 1240 inode->i_flags |= S_SYNC; 1241 if (flags & XFS_DIFLAG_NOATIME) 1242 inode->i_flags |= S_NOATIME; 1243 if (xfs_inode_supports_dax(ip)) 1244 inode->i_flags |= S_DAX; 1245 } 1246 1247 /* 1248 * Initialize the Linux inode. 1249 * 1250 * When reading existing inodes from disk this is called directly from xfs_iget, 1251 * when creating a new inode it is called from xfs_ialloc after setting up the 1252 * inode. These callers have different criteria for clearing XFS_INEW, so leave 1253 * it up to the caller to deal with unlocking the inode appropriately. 1254 */ 1255 void 1256 xfs_setup_inode( 1257 struct xfs_inode *ip) 1258 { 1259 struct inode *inode = &ip->i_vnode; 1260 gfp_t gfp_mask; 1261 1262 inode->i_ino = ip->i_ino; 1263 inode->i_state = I_NEW; 1264 1265 inode_sb_list_add(inode); 1266 /* make the inode look hashed for the writeback code */ 1267 inode_fake_hash(inode); 1268 1269 inode->i_uid = xfs_uid_to_kuid(ip->i_d.di_uid); 1270 inode->i_gid = xfs_gid_to_kgid(ip->i_d.di_gid); 1271 1272 i_size_write(inode, ip->i_d.di_size); 1273 xfs_diflags_to_iflags(inode, ip); 1274 1275 if (S_ISDIR(inode->i_mode)) { 1276 /* 1277 * We set the i_rwsem class here to avoid potential races with 1278 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1279 * after a filehandle lookup has already found the inode in 1280 * cache before it has been unlocked via unlock_new_inode(). 1281 */ 1282 lockdep_set_class(&inode->i_rwsem, 1283 &inode->i_sb->s_type->i_mutex_dir_key); 1284 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class); 1285 ip->d_ops = ip->i_mount->m_dir_inode_ops; 1286 } else { 1287 ip->d_ops = ip->i_mount->m_nondir_inode_ops; 1288 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class); 1289 } 1290 1291 /* 1292 * Ensure all page cache allocations are done from GFP_NOFS context to 1293 * prevent direct reclaim recursion back into the filesystem and blowing 1294 * stacks or deadlocking. 1295 */ 1296 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1297 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1298 1299 /* 1300 * If there is no attribute fork no ACL can exist on this inode, 1301 * and it can't have any file capabilities attached to it either. 1302 */ 1303 if (!XFS_IFORK_Q(ip)) { 1304 inode_has_no_xattr(inode); 1305 cache_no_acl(inode); 1306 } 1307 } 1308 1309 void 1310 xfs_setup_iops( 1311 struct xfs_inode *ip) 1312 { 1313 struct inode *inode = &ip->i_vnode; 1314 1315 switch (inode->i_mode & S_IFMT) { 1316 case S_IFREG: 1317 inode->i_op = &xfs_inode_operations; 1318 inode->i_fop = &xfs_file_operations; 1319 if (IS_DAX(inode)) 1320 inode->i_mapping->a_ops = &xfs_dax_aops; 1321 else 1322 inode->i_mapping->a_ops = &xfs_address_space_operations; 1323 break; 1324 case S_IFDIR: 1325 if (xfs_sb_version_hasasciici(&XFS_M(inode->i_sb)->m_sb)) 1326 inode->i_op = &xfs_dir_ci_inode_operations; 1327 else 1328 inode->i_op = &xfs_dir_inode_operations; 1329 inode->i_fop = &xfs_dir_file_operations; 1330 break; 1331 case S_IFLNK: 1332 if (ip->i_df.if_flags & XFS_IFINLINE) 1333 inode->i_op = &xfs_inline_symlink_inode_operations; 1334 else 1335 inode->i_op = &xfs_symlink_inode_operations; 1336 break; 1337 default: 1338 inode->i_op = &xfs_inode_operations; 1339 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1340 break; 1341 } 1342 } 1343