1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_inode.h" 14 #include "xfs_acl.h" 15 #include "xfs_quota.h" 16 #include "xfs_da_format.h" 17 #include "xfs_da_btree.h" 18 #include "xfs_attr.h" 19 #include "xfs_trans.h" 20 #include "xfs_trace.h" 21 #include "xfs_icache.h" 22 #include "xfs_symlink.h" 23 #include "xfs_dir2.h" 24 #include "xfs_iomap.h" 25 #include "xfs_error.h" 26 #include "xfs_ioctl.h" 27 #include "xfs_xattr.h" 28 #include "xfs_file.h" 29 30 #include <linux/posix_acl.h> 31 #include <linux/security.h> 32 #include <linux/iversion.h> 33 #include <linux/fiemap.h> 34 35 /* 36 * Directories have different lock order w.r.t. mmap_lock compared to regular 37 * files. This is due to readdir potentially triggering page faults on a user 38 * buffer inside filldir(), and this happens with the ilock on the directory 39 * held. For regular files, the lock order is the other way around - the 40 * mmap_lock is taken during the page fault, and then we lock the ilock to do 41 * block mapping. Hence we need a different class for the directory ilock so 42 * that lockdep can tell them apart. 43 */ 44 static struct lock_class_key xfs_nondir_ilock_class; 45 static struct lock_class_key xfs_dir_ilock_class; 46 47 static int 48 xfs_initxattrs( 49 struct inode *inode, 50 const struct xattr *xattr_array, 51 void *fs_info) 52 { 53 const struct xattr *xattr; 54 struct xfs_inode *ip = XFS_I(inode); 55 int error = 0; 56 57 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 58 struct xfs_da_args args = { 59 .dp = ip, 60 .attr_filter = XFS_ATTR_SECURE, 61 .name = xattr->name, 62 .namelen = strlen(xattr->name), 63 .value = xattr->value, 64 .valuelen = xattr->value_len, 65 }; 66 error = xfs_attr_change(&args, XFS_ATTRUPDATE_UPSERT); 67 if (error < 0) 68 break; 69 } 70 return error; 71 } 72 73 /* 74 * Hook in SELinux. This is not quite correct yet, what we really need 75 * here (as we do for default ACLs) is a mechanism by which creation of 76 * these attrs can be journalled at inode creation time (along with the 77 * inode, of course, such that log replay can't cause these to be lost). 78 */ 79 int 80 xfs_inode_init_security( 81 struct inode *inode, 82 struct inode *dir, 83 const struct qstr *qstr) 84 { 85 return security_inode_init_security(inode, dir, qstr, 86 &xfs_initxattrs, NULL); 87 } 88 89 static void 90 xfs_dentry_to_name( 91 struct xfs_name *namep, 92 struct dentry *dentry) 93 { 94 namep->name = dentry->d_name.name; 95 namep->len = dentry->d_name.len; 96 namep->type = XFS_DIR3_FT_UNKNOWN; 97 } 98 99 static int 100 xfs_dentry_mode_to_name( 101 struct xfs_name *namep, 102 struct dentry *dentry, 103 int mode) 104 { 105 namep->name = dentry->d_name.name; 106 namep->len = dentry->d_name.len; 107 namep->type = xfs_mode_to_ftype(mode); 108 109 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 110 return -EFSCORRUPTED; 111 112 return 0; 113 } 114 115 STATIC void 116 xfs_cleanup_inode( 117 struct inode *dir, 118 struct inode *inode, 119 struct dentry *dentry) 120 { 121 struct xfs_name teardown; 122 123 /* Oh, the horror. 124 * If we can't add the ACL or we fail in 125 * xfs_inode_init_security we must back out. 126 * ENOSPC can hit here, among other things. 127 */ 128 xfs_dentry_to_name(&teardown, dentry); 129 130 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 131 } 132 133 /* 134 * Check to see if we are likely to need an extended attribute to be added to 135 * the inode we are about to allocate. This allows the attribute fork to be 136 * created during the inode allocation, reducing the number of transactions we 137 * need to do in this fast path. 138 * 139 * The security checks are optimistic, but not guaranteed. The two LSMs that 140 * require xattrs to be added here (selinux and smack) are also the only two 141 * LSMs that add a sb->s_security structure to the superblock. Hence if security 142 * is enabled and sb->s_security is set, we have a pretty good idea that we are 143 * going to be asked to add a security xattr immediately after allocating the 144 * xfs inode and instantiating the VFS inode. 145 */ 146 static inline bool 147 xfs_create_need_xattr( 148 struct inode *dir, 149 struct posix_acl *default_acl, 150 struct posix_acl *acl) 151 { 152 if (acl) 153 return true; 154 if (default_acl) 155 return true; 156 #if IS_ENABLED(CONFIG_SECURITY) 157 if (dir->i_sb->s_security) 158 return true; 159 #endif 160 if (xfs_has_parent(XFS_I(dir)->i_mount)) 161 return true; 162 return false; 163 } 164 165 166 STATIC int 167 xfs_generic_create( 168 struct mnt_idmap *idmap, 169 struct inode *dir, 170 struct dentry *dentry, 171 umode_t mode, 172 dev_t rdev, 173 struct file *tmpfile) /* unnamed file */ 174 { 175 struct inode *inode; 176 struct xfs_inode *ip = NULL; 177 struct posix_acl *default_acl, *acl; 178 struct xfs_name name; 179 int error; 180 181 /* 182 * Irix uses Missed'em'V split, but doesn't want to see 183 * the upper 5 bits of (14bit) major. 184 */ 185 if (S_ISCHR(mode) || S_ISBLK(mode)) { 186 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 187 return -EINVAL; 188 } else { 189 rdev = 0; 190 } 191 192 error = posix_acl_create(dir, &mode, &default_acl, &acl); 193 if (error) 194 return error; 195 196 /* Verify mode is valid also for tmpfile case */ 197 error = xfs_dentry_mode_to_name(&name, dentry, mode); 198 if (unlikely(error)) 199 goto out_free_acl; 200 201 if (!tmpfile) { 202 error = xfs_create(idmap, XFS_I(dir), &name, mode, rdev, 203 xfs_create_need_xattr(dir, default_acl, acl), 204 &ip); 205 } else { 206 bool init_xattrs = false; 207 208 /* 209 * If this temporary file will be linkable, set up the file 210 * with an attr fork to receive a parent pointer. 211 */ 212 if (!(tmpfile->f_flags & O_EXCL) && 213 xfs_has_parent(XFS_I(dir)->i_mount)) 214 init_xattrs = true; 215 216 error = xfs_create_tmpfile(idmap, XFS_I(dir), mode, 217 init_xattrs, &ip); 218 } 219 if (unlikely(error)) 220 goto out_free_acl; 221 222 inode = VFS_I(ip); 223 224 error = xfs_inode_init_security(inode, dir, &dentry->d_name); 225 if (unlikely(error)) 226 goto out_cleanup_inode; 227 228 if (default_acl) { 229 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 230 if (error) 231 goto out_cleanup_inode; 232 } 233 if (acl) { 234 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 235 if (error) 236 goto out_cleanup_inode; 237 } 238 239 xfs_setup_iops(ip); 240 241 if (tmpfile) { 242 /* 243 * The VFS requires that any inode fed to d_tmpfile must have 244 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 245 * However, we created the temp file with nlink == 0 because 246 * we're not allowed to put an inode with nlink > 0 on the 247 * unlinked list. Therefore we have to set nlink to 1 so that 248 * d_tmpfile can immediately set it back to zero. 249 */ 250 set_nlink(inode, 1); 251 d_tmpfile(tmpfile, inode); 252 } else 253 d_instantiate(dentry, inode); 254 255 xfs_finish_inode_setup(ip); 256 257 out_free_acl: 258 posix_acl_release(default_acl); 259 posix_acl_release(acl); 260 return error; 261 262 out_cleanup_inode: 263 xfs_finish_inode_setup(ip); 264 if (!tmpfile) 265 xfs_cleanup_inode(dir, inode, dentry); 266 xfs_irele(ip); 267 goto out_free_acl; 268 } 269 270 STATIC int 271 xfs_vn_mknod( 272 struct mnt_idmap *idmap, 273 struct inode *dir, 274 struct dentry *dentry, 275 umode_t mode, 276 dev_t rdev) 277 { 278 return xfs_generic_create(idmap, dir, dentry, mode, rdev, NULL); 279 } 280 281 STATIC int 282 xfs_vn_create( 283 struct mnt_idmap *idmap, 284 struct inode *dir, 285 struct dentry *dentry, 286 umode_t mode, 287 bool flags) 288 { 289 return xfs_generic_create(idmap, dir, dentry, mode, 0, NULL); 290 } 291 292 STATIC int 293 xfs_vn_mkdir( 294 struct mnt_idmap *idmap, 295 struct inode *dir, 296 struct dentry *dentry, 297 umode_t mode) 298 { 299 return xfs_generic_create(idmap, dir, dentry, mode | S_IFDIR, 0, NULL); 300 } 301 302 STATIC struct dentry * 303 xfs_vn_lookup( 304 struct inode *dir, 305 struct dentry *dentry, 306 unsigned int flags) 307 { 308 struct inode *inode; 309 struct xfs_inode *cip; 310 struct xfs_name name; 311 int error; 312 313 if (dentry->d_name.len >= MAXNAMELEN) 314 return ERR_PTR(-ENAMETOOLONG); 315 316 xfs_dentry_to_name(&name, dentry); 317 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 318 if (likely(!error)) 319 inode = VFS_I(cip); 320 else if (likely(error == -ENOENT)) 321 inode = NULL; 322 else 323 inode = ERR_PTR(error); 324 return d_splice_alias(inode, dentry); 325 } 326 327 STATIC struct dentry * 328 xfs_vn_ci_lookup( 329 struct inode *dir, 330 struct dentry *dentry, 331 unsigned int flags) 332 { 333 struct xfs_inode *ip; 334 struct xfs_name xname; 335 struct xfs_name ci_name; 336 struct qstr dname; 337 int error; 338 339 if (dentry->d_name.len >= MAXNAMELEN) 340 return ERR_PTR(-ENAMETOOLONG); 341 342 xfs_dentry_to_name(&xname, dentry); 343 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 344 if (unlikely(error)) { 345 if (unlikely(error != -ENOENT)) 346 return ERR_PTR(error); 347 /* 348 * call d_add(dentry, NULL) here when d_drop_negative_children 349 * is called in xfs_vn_mknod (ie. allow negative dentries 350 * with CI filesystems). 351 */ 352 return NULL; 353 } 354 355 /* if exact match, just splice and exit */ 356 if (!ci_name.name) 357 return d_splice_alias(VFS_I(ip), dentry); 358 359 /* else case-insensitive match... */ 360 dname.name = ci_name.name; 361 dname.len = ci_name.len; 362 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 363 kfree(ci_name.name); 364 return dentry; 365 } 366 367 STATIC int 368 xfs_vn_link( 369 struct dentry *old_dentry, 370 struct inode *dir, 371 struct dentry *dentry) 372 { 373 struct inode *inode = d_inode(old_dentry); 374 struct xfs_name name; 375 int error; 376 377 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 378 if (unlikely(error)) 379 return error; 380 381 if (IS_PRIVATE(inode)) 382 return -EPERM; 383 384 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 385 if (unlikely(error)) 386 return error; 387 388 ihold(inode); 389 d_instantiate(dentry, inode); 390 return 0; 391 } 392 393 STATIC int 394 xfs_vn_unlink( 395 struct inode *dir, 396 struct dentry *dentry) 397 { 398 struct xfs_name name; 399 int error; 400 401 xfs_dentry_to_name(&name, dentry); 402 403 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 404 if (error) 405 return error; 406 407 /* 408 * With unlink, the VFS makes the dentry "negative": no inode, 409 * but still hashed. This is incompatible with case-insensitive 410 * mode, so invalidate (unhash) the dentry in CI-mode. 411 */ 412 if (xfs_has_asciici(XFS_M(dir->i_sb))) 413 d_invalidate(dentry); 414 return 0; 415 } 416 417 STATIC int 418 xfs_vn_symlink( 419 struct mnt_idmap *idmap, 420 struct inode *dir, 421 struct dentry *dentry, 422 const char *symname) 423 { 424 struct inode *inode; 425 struct xfs_inode *cip = NULL; 426 struct xfs_name name; 427 int error; 428 umode_t mode; 429 430 mode = S_IFLNK | 431 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 432 error = xfs_dentry_mode_to_name(&name, dentry, mode); 433 if (unlikely(error)) 434 goto out; 435 436 error = xfs_symlink(idmap, XFS_I(dir), &name, symname, mode, &cip); 437 if (unlikely(error)) 438 goto out; 439 440 inode = VFS_I(cip); 441 442 error = xfs_inode_init_security(inode, dir, &dentry->d_name); 443 if (unlikely(error)) 444 goto out_cleanup_inode; 445 446 xfs_setup_iops(cip); 447 448 d_instantiate(dentry, inode); 449 xfs_finish_inode_setup(cip); 450 return 0; 451 452 out_cleanup_inode: 453 xfs_finish_inode_setup(cip); 454 xfs_cleanup_inode(dir, inode, dentry); 455 xfs_irele(cip); 456 out: 457 return error; 458 } 459 460 STATIC int 461 xfs_vn_rename( 462 struct mnt_idmap *idmap, 463 struct inode *odir, 464 struct dentry *odentry, 465 struct inode *ndir, 466 struct dentry *ndentry, 467 unsigned int flags) 468 { 469 struct inode *new_inode = d_inode(ndentry); 470 int omode = 0; 471 int error; 472 struct xfs_name oname; 473 struct xfs_name nname; 474 475 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 476 return -EINVAL; 477 478 /* if we are exchanging files, we need to set i_mode of both files */ 479 if (flags & RENAME_EXCHANGE) 480 omode = d_inode(ndentry)->i_mode; 481 482 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 483 if (omode && unlikely(error)) 484 return error; 485 486 error = xfs_dentry_mode_to_name(&nname, ndentry, 487 d_inode(odentry)->i_mode); 488 if (unlikely(error)) 489 return error; 490 491 return xfs_rename(idmap, XFS_I(odir), &oname, 492 XFS_I(d_inode(odentry)), XFS_I(ndir), &nname, 493 new_inode ? XFS_I(new_inode) : NULL, flags); 494 } 495 496 /* 497 * careful here - this function can get called recursively, so 498 * we need to be very careful about how much stack we use. 499 * uio is kmalloced for this reason... 500 */ 501 STATIC const char * 502 xfs_vn_get_link( 503 struct dentry *dentry, 504 struct inode *inode, 505 struct delayed_call *done) 506 { 507 char *link; 508 int error = -ENOMEM; 509 510 if (!dentry) 511 return ERR_PTR(-ECHILD); 512 513 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 514 if (!link) 515 goto out_err; 516 517 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 518 if (unlikely(error)) 519 goto out_kfree; 520 521 set_delayed_call(done, kfree_link, link); 522 return link; 523 524 out_kfree: 525 kfree(link); 526 out_err: 527 return ERR_PTR(error); 528 } 529 530 static uint32_t 531 xfs_stat_blksize( 532 struct xfs_inode *ip) 533 { 534 struct xfs_mount *mp = ip->i_mount; 535 536 /* 537 * If the file blocks are being allocated from a realtime volume, then 538 * always return the realtime extent size. 539 */ 540 if (XFS_IS_REALTIME_INODE(ip)) 541 return XFS_FSB_TO_B(mp, xfs_get_extsz_hint(ip) ? : 1); 542 543 /* 544 * Allow large block sizes to be reported to userspace programs if the 545 * "largeio" mount option is used. 546 * 547 * If compatibility mode is specified, simply return the basic unit of 548 * caching so that we don't get inefficient read/modify/write I/O from 549 * user apps. Otherwise.... 550 * 551 * If the underlying volume is a stripe, then return the stripe width in 552 * bytes as the recommended I/O size. It is not a stripe and we've set a 553 * default buffered I/O size, return that, otherwise return the compat 554 * default. 555 */ 556 if (xfs_has_large_iosize(mp)) { 557 if (mp->m_swidth) 558 return XFS_FSB_TO_B(mp, mp->m_swidth); 559 if (xfs_has_allocsize(mp)) 560 return 1U << mp->m_allocsize_log; 561 } 562 563 return PAGE_SIZE; 564 } 565 566 STATIC int 567 xfs_vn_getattr( 568 struct mnt_idmap *idmap, 569 const struct path *path, 570 struct kstat *stat, 571 u32 request_mask, 572 unsigned int query_flags) 573 { 574 struct inode *inode = d_inode(path->dentry); 575 struct xfs_inode *ip = XFS_I(inode); 576 struct xfs_mount *mp = ip->i_mount; 577 vfsuid_t vfsuid = i_uid_into_vfsuid(idmap, inode); 578 vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode); 579 580 trace_xfs_getattr(ip); 581 582 if (xfs_is_shutdown(mp)) 583 return -EIO; 584 585 stat->size = XFS_ISIZE(ip); 586 stat->dev = inode->i_sb->s_dev; 587 stat->mode = inode->i_mode; 588 stat->nlink = inode->i_nlink; 589 stat->uid = vfsuid_into_kuid(vfsuid); 590 stat->gid = vfsgid_into_kgid(vfsgid); 591 stat->ino = ip->i_ino; 592 stat->atime = inode_get_atime(inode); 593 stat->mtime = inode_get_mtime(inode); 594 stat->ctime = inode_get_ctime(inode); 595 stat->blocks = XFS_FSB_TO_BB(mp, ip->i_nblocks + ip->i_delayed_blks); 596 597 if (xfs_has_v3inodes(mp)) { 598 if (request_mask & STATX_BTIME) { 599 stat->result_mask |= STATX_BTIME; 600 stat->btime = ip->i_crtime; 601 } 602 } 603 604 if ((request_mask & STATX_CHANGE_COOKIE) && IS_I_VERSION(inode)) { 605 stat->change_cookie = inode_query_iversion(inode); 606 stat->result_mask |= STATX_CHANGE_COOKIE; 607 } 608 609 /* 610 * Note: If you add another clause to set an attribute flag, please 611 * update attributes_mask below. 612 */ 613 if (ip->i_diflags & XFS_DIFLAG_IMMUTABLE) 614 stat->attributes |= STATX_ATTR_IMMUTABLE; 615 if (ip->i_diflags & XFS_DIFLAG_APPEND) 616 stat->attributes |= STATX_ATTR_APPEND; 617 if (ip->i_diflags & XFS_DIFLAG_NODUMP) 618 stat->attributes |= STATX_ATTR_NODUMP; 619 620 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 621 STATX_ATTR_APPEND | 622 STATX_ATTR_NODUMP); 623 624 switch (inode->i_mode & S_IFMT) { 625 case S_IFBLK: 626 case S_IFCHR: 627 stat->blksize = BLKDEV_IOSIZE; 628 stat->rdev = inode->i_rdev; 629 break; 630 case S_IFREG: 631 if (request_mask & STATX_DIOALIGN) { 632 struct xfs_buftarg *target = xfs_inode_buftarg(ip); 633 struct block_device *bdev = target->bt_bdev; 634 635 stat->result_mask |= STATX_DIOALIGN; 636 stat->dio_mem_align = bdev_dma_alignment(bdev) + 1; 637 stat->dio_offset_align = bdev_logical_block_size(bdev); 638 } 639 fallthrough; 640 default: 641 stat->blksize = xfs_stat_blksize(ip); 642 stat->rdev = 0; 643 break; 644 } 645 646 return 0; 647 } 648 649 static int 650 xfs_vn_change_ok( 651 struct mnt_idmap *idmap, 652 struct dentry *dentry, 653 struct iattr *iattr) 654 { 655 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 656 657 if (xfs_is_readonly(mp)) 658 return -EROFS; 659 660 if (xfs_is_shutdown(mp)) 661 return -EIO; 662 663 return setattr_prepare(idmap, dentry, iattr); 664 } 665 666 /* 667 * Set non-size attributes of an inode. 668 * 669 * Caution: The caller of this function is responsible for calling 670 * setattr_prepare() or otherwise verifying the change is fine. 671 */ 672 static int 673 xfs_setattr_nonsize( 674 struct mnt_idmap *idmap, 675 struct dentry *dentry, 676 struct xfs_inode *ip, 677 struct iattr *iattr) 678 { 679 xfs_mount_t *mp = ip->i_mount; 680 struct inode *inode = VFS_I(ip); 681 int mask = iattr->ia_valid; 682 xfs_trans_t *tp; 683 int error; 684 kuid_t uid = GLOBAL_ROOT_UID; 685 kgid_t gid = GLOBAL_ROOT_GID; 686 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 687 struct xfs_dquot *old_udqp = NULL, *old_gdqp = NULL; 688 689 ASSERT((mask & ATTR_SIZE) == 0); 690 691 /* 692 * If disk quotas is on, we make sure that the dquots do exist on disk, 693 * before we start any other transactions. Trying to do this later 694 * is messy. We don't care to take a readlock to look at the ids 695 * in inode here, because we can't hold it across the trans_reserve. 696 * If the IDs do change before we take the ilock, we're covered 697 * because the i_*dquot fields will get updated anyway. 698 */ 699 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 700 uint qflags = 0; 701 702 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 703 uid = from_vfsuid(idmap, i_user_ns(inode), 704 iattr->ia_vfsuid); 705 qflags |= XFS_QMOPT_UQUOTA; 706 } else { 707 uid = inode->i_uid; 708 } 709 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 710 gid = from_vfsgid(idmap, i_user_ns(inode), 711 iattr->ia_vfsgid); 712 qflags |= XFS_QMOPT_GQUOTA; 713 } else { 714 gid = inode->i_gid; 715 } 716 717 /* 718 * We take a reference when we initialize udqp and gdqp, 719 * so it is important that we never blindly double trip on 720 * the same variable. See xfs_create() for an example. 721 */ 722 ASSERT(udqp == NULL); 723 ASSERT(gdqp == NULL); 724 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_projid, 725 qflags, &udqp, &gdqp, NULL); 726 if (error) 727 return error; 728 } 729 730 error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL, 731 has_capability_noaudit(current, CAP_FOWNER), &tp); 732 if (error) 733 goto out_dqrele; 734 735 /* 736 * Register quota modifications in the transaction. Must be the owner 737 * or privileged. These IDs could have changed since we last looked at 738 * them. But, we're assured that if the ownership did change while we 739 * didn't have the inode locked, inode's dquot(s) would have changed 740 * also. 741 */ 742 if (XFS_IS_UQUOTA_ON(mp) && 743 i_uid_needs_update(idmap, iattr, inode)) { 744 ASSERT(udqp); 745 old_udqp = xfs_qm_vop_chown(tp, ip, &ip->i_udquot, udqp); 746 } 747 if (XFS_IS_GQUOTA_ON(mp) && 748 i_gid_needs_update(idmap, iattr, inode)) { 749 ASSERT(xfs_has_pquotino(mp) || !XFS_IS_PQUOTA_ON(mp)); 750 ASSERT(gdqp); 751 old_gdqp = xfs_qm_vop_chown(tp, ip, &ip->i_gdquot, gdqp); 752 } 753 754 setattr_copy(idmap, inode, iattr); 755 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 756 757 XFS_STATS_INC(mp, xs_ig_attrchg); 758 759 if (xfs_has_wsync(mp)) 760 xfs_trans_set_sync(tp); 761 error = xfs_trans_commit(tp); 762 763 /* 764 * Release any dquot(s) the inode had kept before chown. 765 */ 766 xfs_qm_dqrele(old_udqp); 767 xfs_qm_dqrele(old_gdqp); 768 xfs_qm_dqrele(udqp); 769 xfs_qm_dqrele(gdqp); 770 771 if (error) 772 return error; 773 774 /* 775 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 776 * update. We could avoid this with linked transactions 777 * and passing down the transaction pointer all the way 778 * to attr_set. No previous user of the generic 779 * Posix ACL code seems to care about this issue either. 780 */ 781 if (mask & ATTR_MODE) { 782 error = posix_acl_chmod(idmap, dentry, inode->i_mode); 783 if (error) 784 return error; 785 } 786 787 return 0; 788 789 out_dqrele: 790 xfs_qm_dqrele(udqp); 791 xfs_qm_dqrele(gdqp); 792 return error; 793 } 794 795 /* 796 * Truncate file. Must have write permission and not be a directory. 797 * 798 * Caution: The caller of this function is responsible for calling 799 * setattr_prepare() or otherwise verifying the change is fine. 800 */ 801 STATIC int 802 xfs_setattr_size( 803 struct mnt_idmap *idmap, 804 struct dentry *dentry, 805 struct xfs_inode *ip, 806 struct iattr *iattr) 807 { 808 struct xfs_mount *mp = ip->i_mount; 809 struct inode *inode = VFS_I(ip); 810 xfs_off_t oldsize, newsize; 811 struct xfs_trans *tp; 812 int error; 813 uint lock_flags = 0; 814 bool did_zeroing = false; 815 816 xfs_assert_ilocked(ip, XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL); 817 ASSERT(S_ISREG(inode->i_mode)); 818 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 819 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0); 820 821 oldsize = inode->i_size; 822 newsize = iattr->ia_size; 823 824 /* 825 * Short circuit the truncate case for zero length files. 826 */ 827 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) { 828 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 829 return 0; 830 831 /* 832 * Use the regular setattr path to update the timestamps. 833 */ 834 iattr->ia_valid &= ~ATTR_SIZE; 835 return xfs_setattr_nonsize(idmap, dentry, ip, iattr); 836 } 837 838 /* 839 * Make sure that the dquots are attached to the inode. 840 */ 841 error = xfs_qm_dqattach(ip); 842 if (error) 843 return error; 844 845 /* 846 * Wait for all direct I/O to complete. 847 */ 848 inode_dio_wait(inode); 849 850 /* 851 * File data changes must be complete before we start the transaction to 852 * modify the inode. This needs to be done before joining the inode to 853 * the transaction because the inode cannot be unlocked once it is a 854 * part of the transaction. 855 * 856 * Start with zeroing any data beyond EOF that we may expose on file 857 * extension, or zeroing out the rest of the block on a downward 858 * truncate. 859 */ 860 if (newsize > oldsize) { 861 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 862 error = xfs_zero_range(ip, oldsize, newsize - oldsize, 863 &did_zeroing); 864 } else { 865 /* 866 * iomap won't detect a dirty page over an unwritten block (or a 867 * cow block over a hole) and subsequently skips zeroing the 868 * newly post-EOF portion of the page. Flush the new EOF to 869 * convert the block before the pagecache truncate. 870 */ 871 error = filemap_write_and_wait_range(inode->i_mapping, newsize, 872 newsize); 873 if (error) 874 return error; 875 error = xfs_truncate_page(ip, newsize, &did_zeroing); 876 } 877 878 if (error) 879 return error; 880 881 /* 882 * We've already locked out new page faults, so now we can safely remove 883 * pages from the page cache knowing they won't get refaulted until we 884 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 885 * complete. The truncate_setsize() call also cleans partial EOF page 886 * PTEs on extending truncates and hence ensures sub-page block size 887 * filesystems are correctly handled, too. 888 * 889 * We have to do all the page cache truncate work outside the 890 * transaction context as the "lock" order is page lock->log space 891 * reservation as defined by extent allocation in the writeback path. 892 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 893 * having already truncated the in-memory version of the file (i.e. made 894 * user visible changes). There's not much we can do about this, except 895 * to hope that the caller sees ENOMEM and retries the truncate 896 * operation. 897 * 898 * And we update in-core i_size and truncate page cache beyond newsize 899 * before writeback the [i_disk_size, newsize] range, so we're 900 * guaranteed not to write stale data past the new EOF on truncate down. 901 */ 902 truncate_setsize(inode, newsize); 903 904 /* 905 * We are going to log the inode size change in this transaction so 906 * any previous writes that are beyond the on disk EOF and the new 907 * EOF that have not been written out need to be written here. If we 908 * do not write the data out, we expose ourselves to the null files 909 * problem. Note that this includes any block zeroing we did above; 910 * otherwise those blocks may not be zeroed after a crash. 911 */ 912 if (did_zeroing || 913 (newsize > ip->i_disk_size && oldsize != ip->i_disk_size)) { 914 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 915 ip->i_disk_size, newsize - 1); 916 if (error) 917 return error; 918 } 919 920 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 921 if (error) 922 return error; 923 924 lock_flags |= XFS_ILOCK_EXCL; 925 xfs_ilock(ip, XFS_ILOCK_EXCL); 926 xfs_trans_ijoin(tp, ip, 0); 927 928 /* 929 * Only change the c/mtime if we are changing the size or we are 930 * explicitly asked to change it. This handles the semantic difference 931 * between truncate() and ftruncate() as implemented in the VFS. 932 * 933 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 934 * special case where we need to update the times despite not having 935 * these flags set. For all other operations the VFS set these flags 936 * explicitly if it wants a timestamp update. 937 */ 938 if (newsize != oldsize && 939 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 940 iattr->ia_ctime = iattr->ia_mtime = 941 current_time(inode); 942 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 943 } 944 945 /* 946 * The first thing we do is set the size to new_size permanently on 947 * disk. This way we don't have to worry about anyone ever being able 948 * to look at the data being freed even in the face of a crash. 949 * What we're getting around here is the case where we free a block, it 950 * is allocated to another file, it is written to, and then we crash. 951 * If the new data gets written to the file but the log buffers 952 * containing the free and reallocation don't, then we'd end up with 953 * garbage in the blocks being freed. As long as we make the new size 954 * permanent before actually freeing any blocks it doesn't matter if 955 * they get written to. 956 */ 957 ip->i_disk_size = newsize; 958 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 959 960 if (newsize <= oldsize) { 961 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 962 if (error) 963 goto out_trans_cancel; 964 965 /* 966 * Truncated "down", so we're removing references to old data 967 * here - if we delay flushing for a long time, we expose 968 * ourselves unduly to the notorious NULL files problem. So, 969 * we mark this inode and flush it when the file is closed, 970 * and do not wait the usual (long) time for writeout. 971 */ 972 xfs_iflags_set(ip, XFS_ITRUNCATED); 973 974 /* A truncate down always removes post-EOF blocks. */ 975 xfs_inode_clear_eofblocks_tag(ip); 976 } 977 978 ASSERT(!(iattr->ia_valid & (ATTR_UID | ATTR_GID))); 979 setattr_copy(idmap, inode, iattr); 980 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 981 982 XFS_STATS_INC(mp, xs_ig_attrchg); 983 984 if (xfs_has_wsync(mp)) 985 xfs_trans_set_sync(tp); 986 987 error = xfs_trans_commit(tp); 988 out_unlock: 989 if (lock_flags) 990 xfs_iunlock(ip, lock_flags); 991 return error; 992 993 out_trans_cancel: 994 xfs_trans_cancel(tp); 995 goto out_unlock; 996 } 997 998 int 999 xfs_vn_setattr_size( 1000 struct mnt_idmap *idmap, 1001 struct dentry *dentry, 1002 struct iattr *iattr) 1003 { 1004 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 1005 int error; 1006 1007 trace_xfs_setattr(ip); 1008 1009 error = xfs_vn_change_ok(idmap, dentry, iattr); 1010 if (error) 1011 return error; 1012 return xfs_setattr_size(idmap, dentry, ip, iattr); 1013 } 1014 1015 STATIC int 1016 xfs_vn_setattr( 1017 struct mnt_idmap *idmap, 1018 struct dentry *dentry, 1019 struct iattr *iattr) 1020 { 1021 struct inode *inode = d_inode(dentry); 1022 struct xfs_inode *ip = XFS_I(inode); 1023 int error; 1024 1025 if (iattr->ia_valid & ATTR_SIZE) { 1026 uint iolock; 1027 1028 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1029 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1030 1031 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1032 if (error) { 1033 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1034 return error; 1035 } 1036 1037 error = xfs_vn_setattr_size(idmap, dentry, iattr); 1038 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1039 } else { 1040 trace_xfs_setattr(ip); 1041 1042 error = xfs_vn_change_ok(idmap, dentry, iattr); 1043 if (!error) 1044 error = xfs_setattr_nonsize(idmap, dentry, ip, iattr); 1045 } 1046 1047 return error; 1048 } 1049 1050 STATIC int 1051 xfs_vn_update_time( 1052 struct inode *inode, 1053 int flags) 1054 { 1055 struct xfs_inode *ip = XFS_I(inode); 1056 struct xfs_mount *mp = ip->i_mount; 1057 int log_flags = XFS_ILOG_TIMESTAMP; 1058 struct xfs_trans *tp; 1059 int error; 1060 struct timespec64 now; 1061 1062 trace_xfs_update_time(ip); 1063 1064 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1065 if (!((flags & S_VERSION) && 1066 inode_maybe_inc_iversion(inode, false))) { 1067 generic_update_time(inode, flags); 1068 return 0; 1069 } 1070 1071 /* Capture the iversion update that just occurred */ 1072 log_flags |= XFS_ILOG_CORE; 1073 } 1074 1075 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1076 if (error) 1077 return error; 1078 1079 xfs_ilock(ip, XFS_ILOCK_EXCL); 1080 if (flags & (S_CTIME|S_MTIME)) 1081 now = inode_set_ctime_current(inode); 1082 else 1083 now = current_time(inode); 1084 1085 if (flags & S_MTIME) 1086 inode_set_mtime_to_ts(inode, now); 1087 if (flags & S_ATIME) 1088 inode_set_atime_to_ts(inode, now); 1089 1090 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1091 xfs_trans_log_inode(tp, ip, log_flags); 1092 return xfs_trans_commit(tp); 1093 } 1094 1095 STATIC int 1096 xfs_vn_fiemap( 1097 struct inode *inode, 1098 struct fiemap_extent_info *fieinfo, 1099 u64 start, 1100 u64 length) 1101 { 1102 int error; 1103 1104 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1105 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1106 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1107 error = iomap_fiemap(inode, fieinfo, start, length, 1108 &xfs_xattr_iomap_ops); 1109 } else { 1110 error = iomap_fiemap(inode, fieinfo, start, length, 1111 &xfs_read_iomap_ops); 1112 } 1113 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1114 1115 return error; 1116 } 1117 1118 STATIC int 1119 xfs_vn_tmpfile( 1120 struct mnt_idmap *idmap, 1121 struct inode *dir, 1122 struct file *file, 1123 umode_t mode) 1124 { 1125 int err = xfs_generic_create(idmap, dir, file->f_path.dentry, mode, 0, file); 1126 1127 return finish_open_simple(file, err); 1128 } 1129 1130 static const struct inode_operations xfs_inode_operations = { 1131 .get_inode_acl = xfs_get_acl, 1132 .set_acl = xfs_set_acl, 1133 .getattr = xfs_vn_getattr, 1134 .setattr = xfs_vn_setattr, 1135 .listxattr = xfs_vn_listxattr, 1136 .fiemap = xfs_vn_fiemap, 1137 .update_time = xfs_vn_update_time, 1138 .fileattr_get = xfs_fileattr_get, 1139 .fileattr_set = xfs_fileattr_set, 1140 }; 1141 1142 static const struct inode_operations xfs_dir_inode_operations = { 1143 .create = xfs_vn_create, 1144 .lookup = xfs_vn_lookup, 1145 .link = xfs_vn_link, 1146 .unlink = xfs_vn_unlink, 1147 .symlink = xfs_vn_symlink, 1148 .mkdir = xfs_vn_mkdir, 1149 /* 1150 * Yes, XFS uses the same method for rmdir and unlink. 1151 * 1152 * There are some subtile differences deeper in the code, 1153 * but we use S_ISDIR to check for those. 1154 */ 1155 .rmdir = xfs_vn_unlink, 1156 .mknod = xfs_vn_mknod, 1157 .rename = xfs_vn_rename, 1158 .get_inode_acl = xfs_get_acl, 1159 .set_acl = xfs_set_acl, 1160 .getattr = xfs_vn_getattr, 1161 .setattr = xfs_vn_setattr, 1162 .listxattr = xfs_vn_listxattr, 1163 .update_time = xfs_vn_update_time, 1164 .tmpfile = xfs_vn_tmpfile, 1165 .fileattr_get = xfs_fileattr_get, 1166 .fileattr_set = xfs_fileattr_set, 1167 }; 1168 1169 static const struct inode_operations xfs_dir_ci_inode_operations = { 1170 .create = xfs_vn_create, 1171 .lookup = xfs_vn_ci_lookup, 1172 .link = xfs_vn_link, 1173 .unlink = xfs_vn_unlink, 1174 .symlink = xfs_vn_symlink, 1175 .mkdir = xfs_vn_mkdir, 1176 /* 1177 * Yes, XFS uses the same method for rmdir and unlink. 1178 * 1179 * There are some subtile differences deeper in the code, 1180 * but we use S_ISDIR to check for those. 1181 */ 1182 .rmdir = xfs_vn_unlink, 1183 .mknod = xfs_vn_mknod, 1184 .rename = xfs_vn_rename, 1185 .get_inode_acl = xfs_get_acl, 1186 .set_acl = xfs_set_acl, 1187 .getattr = xfs_vn_getattr, 1188 .setattr = xfs_vn_setattr, 1189 .listxattr = xfs_vn_listxattr, 1190 .update_time = xfs_vn_update_time, 1191 .tmpfile = xfs_vn_tmpfile, 1192 .fileattr_get = xfs_fileattr_get, 1193 .fileattr_set = xfs_fileattr_set, 1194 }; 1195 1196 static const struct inode_operations xfs_symlink_inode_operations = { 1197 .get_link = xfs_vn_get_link, 1198 .getattr = xfs_vn_getattr, 1199 .setattr = xfs_vn_setattr, 1200 .listxattr = xfs_vn_listxattr, 1201 .update_time = xfs_vn_update_time, 1202 }; 1203 1204 /* Figure out if this file actually supports DAX. */ 1205 static bool 1206 xfs_inode_supports_dax( 1207 struct xfs_inode *ip) 1208 { 1209 struct xfs_mount *mp = ip->i_mount; 1210 1211 /* Only supported on regular files. */ 1212 if (!S_ISREG(VFS_I(ip)->i_mode)) 1213 return false; 1214 1215 /* Block size must match page size */ 1216 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1217 return false; 1218 1219 /* Device has to support DAX too. */ 1220 return xfs_inode_buftarg(ip)->bt_daxdev != NULL; 1221 } 1222 1223 static bool 1224 xfs_inode_should_enable_dax( 1225 struct xfs_inode *ip) 1226 { 1227 if (!IS_ENABLED(CONFIG_FS_DAX)) 1228 return false; 1229 if (xfs_has_dax_never(ip->i_mount)) 1230 return false; 1231 if (!xfs_inode_supports_dax(ip)) 1232 return false; 1233 if (xfs_has_dax_always(ip->i_mount)) 1234 return true; 1235 if (ip->i_diflags2 & XFS_DIFLAG2_DAX) 1236 return true; 1237 return false; 1238 } 1239 1240 void 1241 xfs_diflags_to_iflags( 1242 struct xfs_inode *ip, 1243 bool init) 1244 { 1245 struct inode *inode = VFS_I(ip); 1246 unsigned int xflags = xfs_ip2xflags(ip); 1247 unsigned int flags = 0; 1248 1249 ASSERT(!(IS_DAX(inode) && init)); 1250 1251 if (xflags & FS_XFLAG_IMMUTABLE) 1252 flags |= S_IMMUTABLE; 1253 if (xflags & FS_XFLAG_APPEND) 1254 flags |= S_APPEND; 1255 if (xflags & FS_XFLAG_SYNC) 1256 flags |= S_SYNC; 1257 if (xflags & FS_XFLAG_NOATIME) 1258 flags |= S_NOATIME; 1259 if (init && xfs_inode_should_enable_dax(ip)) 1260 flags |= S_DAX; 1261 1262 /* 1263 * S_DAX can only be set during inode initialization and is never set by 1264 * the VFS, so we cannot mask off S_DAX in i_flags. 1265 */ 1266 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME); 1267 inode->i_flags |= flags; 1268 } 1269 1270 /* 1271 * Initialize the Linux inode. 1272 * 1273 * When reading existing inodes from disk this is called directly from xfs_iget, 1274 * when creating a new inode it is called from xfs_init_new_inode after setting 1275 * up the inode. These callers have different criteria for clearing XFS_INEW, so 1276 * leave it up to the caller to deal with unlocking the inode appropriately. 1277 */ 1278 void 1279 xfs_setup_inode( 1280 struct xfs_inode *ip) 1281 { 1282 struct inode *inode = &ip->i_vnode; 1283 gfp_t gfp_mask; 1284 1285 inode->i_ino = ip->i_ino; 1286 inode->i_state |= I_NEW; 1287 1288 inode_sb_list_add(inode); 1289 /* make the inode look hashed for the writeback code */ 1290 inode_fake_hash(inode); 1291 1292 i_size_write(inode, ip->i_disk_size); 1293 xfs_diflags_to_iflags(ip, true); 1294 1295 if (S_ISDIR(inode->i_mode)) { 1296 /* 1297 * We set the i_rwsem class here to avoid potential races with 1298 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1299 * after a filehandle lookup has already found the inode in 1300 * cache before it has been unlocked via unlock_new_inode(). 1301 */ 1302 lockdep_set_class(&inode->i_rwsem, 1303 &inode->i_sb->s_type->i_mutex_dir_key); 1304 lockdep_set_class(&ip->i_lock, &xfs_dir_ilock_class); 1305 } else { 1306 lockdep_set_class(&ip->i_lock, &xfs_nondir_ilock_class); 1307 } 1308 1309 /* 1310 * Ensure all page cache allocations are done from GFP_NOFS context to 1311 * prevent direct reclaim recursion back into the filesystem and blowing 1312 * stacks or deadlocking. 1313 */ 1314 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1315 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1316 1317 /* 1318 * For real-time inodes update the stable write flags to that of the RT 1319 * device instead of the data device. 1320 */ 1321 if (S_ISREG(inode->i_mode) && XFS_IS_REALTIME_INODE(ip)) 1322 xfs_update_stable_writes(ip); 1323 1324 /* 1325 * If there is no attribute fork no ACL can exist on this inode, 1326 * and it can't have any file capabilities attached to it either. 1327 */ 1328 if (!xfs_inode_has_attr_fork(ip)) { 1329 inode_has_no_xattr(inode); 1330 cache_no_acl(inode); 1331 } 1332 } 1333 1334 void 1335 xfs_setup_iops( 1336 struct xfs_inode *ip) 1337 { 1338 struct inode *inode = &ip->i_vnode; 1339 1340 switch (inode->i_mode & S_IFMT) { 1341 case S_IFREG: 1342 inode->i_op = &xfs_inode_operations; 1343 inode->i_fop = &xfs_file_operations; 1344 if (IS_DAX(inode)) 1345 inode->i_mapping->a_ops = &xfs_dax_aops; 1346 else 1347 inode->i_mapping->a_ops = &xfs_address_space_operations; 1348 break; 1349 case S_IFDIR: 1350 if (xfs_has_asciici(XFS_M(inode->i_sb))) 1351 inode->i_op = &xfs_dir_ci_inode_operations; 1352 else 1353 inode->i_op = &xfs_dir_inode_operations; 1354 inode->i_fop = &xfs_dir_file_operations; 1355 break; 1356 case S_IFLNK: 1357 inode->i_op = &xfs_symlink_inode_operations; 1358 break; 1359 default: 1360 inode->i_op = &xfs_inode_operations; 1361 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1362 break; 1363 } 1364 } 1365