1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_da_format.h" 14 #include "xfs_inode.h" 15 #include "xfs_bmap.h" 16 #include "xfs_bmap_util.h" 17 #include "xfs_acl.h" 18 #include "xfs_quota.h" 19 #include "xfs_error.h" 20 #include "xfs_attr.h" 21 #include "xfs_trans.h" 22 #include "xfs_trace.h" 23 #include "xfs_icache.h" 24 #include "xfs_symlink.h" 25 #include "xfs_da_btree.h" 26 #include "xfs_dir2.h" 27 #include "xfs_trans_space.h" 28 #include "xfs_iomap.h" 29 #include "xfs_defer.h" 30 31 #include <linux/capability.h> 32 #include <linux/xattr.h> 33 #include <linux/posix_acl.h> 34 #include <linux/security.h> 35 #include <linux/iomap.h> 36 #include <linux/slab.h> 37 #include <linux/iversion.h> 38 39 /* 40 * Directories have different lock order w.r.t. mmap_sem compared to regular 41 * files. This is due to readdir potentially triggering page faults on a user 42 * buffer inside filldir(), and this happens with the ilock on the directory 43 * held. For regular files, the lock order is the other way around - the 44 * mmap_sem is taken during the page fault, and then we lock the ilock to do 45 * block mapping. Hence we need a different class for the directory ilock so 46 * that lockdep can tell them apart. 47 */ 48 static struct lock_class_key xfs_nondir_ilock_class; 49 static struct lock_class_key xfs_dir_ilock_class; 50 51 static int 52 xfs_initxattrs( 53 struct inode *inode, 54 const struct xattr *xattr_array, 55 void *fs_info) 56 { 57 const struct xattr *xattr; 58 struct xfs_inode *ip = XFS_I(inode); 59 int error = 0; 60 61 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 62 error = xfs_attr_set(ip, xattr->name, xattr->value, 63 xattr->value_len, ATTR_SECURE); 64 if (error < 0) 65 break; 66 } 67 return error; 68 } 69 70 /* 71 * Hook in SELinux. This is not quite correct yet, what we really need 72 * here (as we do for default ACLs) is a mechanism by which creation of 73 * these attrs can be journalled at inode creation time (along with the 74 * inode, of course, such that log replay can't cause these to be lost). 75 */ 76 77 STATIC int 78 xfs_init_security( 79 struct inode *inode, 80 struct inode *dir, 81 const struct qstr *qstr) 82 { 83 return security_inode_init_security(inode, dir, qstr, 84 &xfs_initxattrs, NULL); 85 } 86 87 static void 88 xfs_dentry_to_name( 89 struct xfs_name *namep, 90 struct dentry *dentry) 91 { 92 namep->name = dentry->d_name.name; 93 namep->len = dentry->d_name.len; 94 namep->type = XFS_DIR3_FT_UNKNOWN; 95 } 96 97 static int 98 xfs_dentry_mode_to_name( 99 struct xfs_name *namep, 100 struct dentry *dentry, 101 int mode) 102 { 103 namep->name = dentry->d_name.name; 104 namep->len = dentry->d_name.len; 105 namep->type = xfs_mode_to_ftype(mode); 106 107 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 108 return -EFSCORRUPTED; 109 110 return 0; 111 } 112 113 STATIC void 114 xfs_cleanup_inode( 115 struct inode *dir, 116 struct inode *inode, 117 struct dentry *dentry) 118 { 119 struct xfs_name teardown; 120 121 /* Oh, the horror. 122 * If we can't add the ACL or we fail in 123 * xfs_init_security we must back out. 124 * ENOSPC can hit here, among other things. 125 */ 126 xfs_dentry_to_name(&teardown, dentry); 127 128 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 129 } 130 131 STATIC int 132 xfs_generic_create( 133 struct inode *dir, 134 struct dentry *dentry, 135 umode_t mode, 136 dev_t rdev, 137 bool tmpfile) /* unnamed file */ 138 { 139 struct inode *inode; 140 struct xfs_inode *ip = NULL; 141 struct posix_acl *default_acl, *acl; 142 struct xfs_name name; 143 int error; 144 145 /* 146 * Irix uses Missed'em'V split, but doesn't want to see 147 * the upper 5 bits of (14bit) major. 148 */ 149 if (S_ISCHR(mode) || S_ISBLK(mode)) { 150 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 151 return -EINVAL; 152 } else { 153 rdev = 0; 154 } 155 156 error = posix_acl_create(dir, &mode, &default_acl, &acl); 157 if (error) 158 return error; 159 160 /* Verify mode is valid also for tmpfile case */ 161 error = xfs_dentry_mode_to_name(&name, dentry, mode); 162 if (unlikely(error)) 163 goto out_free_acl; 164 165 if (!tmpfile) { 166 error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip); 167 } else { 168 error = xfs_create_tmpfile(XFS_I(dir), mode, &ip); 169 } 170 if (unlikely(error)) 171 goto out_free_acl; 172 173 inode = VFS_I(ip); 174 175 error = xfs_init_security(inode, dir, &dentry->d_name); 176 if (unlikely(error)) 177 goto out_cleanup_inode; 178 179 #ifdef CONFIG_XFS_POSIX_ACL 180 if (default_acl) { 181 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 182 if (error) 183 goto out_cleanup_inode; 184 } 185 if (acl) { 186 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 187 if (error) 188 goto out_cleanup_inode; 189 } 190 #endif 191 192 xfs_setup_iops(ip); 193 194 if (tmpfile) { 195 /* 196 * The VFS requires that any inode fed to d_tmpfile must have 197 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 198 * However, we created the temp file with nlink == 0 because 199 * we're not allowed to put an inode with nlink > 0 on the 200 * unlinked list. Therefore we have to set nlink to 1 so that 201 * d_tmpfile can immediately set it back to zero. 202 */ 203 set_nlink(inode, 1); 204 d_tmpfile(dentry, inode); 205 } else 206 d_instantiate(dentry, inode); 207 208 xfs_finish_inode_setup(ip); 209 210 out_free_acl: 211 if (default_acl) 212 posix_acl_release(default_acl); 213 if (acl) 214 posix_acl_release(acl); 215 return error; 216 217 out_cleanup_inode: 218 xfs_finish_inode_setup(ip); 219 if (!tmpfile) 220 xfs_cleanup_inode(dir, inode, dentry); 221 xfs_irele(ip); 222 goto out_free_acl; 223 } 224 225 STATIC int 226 xfs_vn_mknod( 227 struct inode *dir, 228 struct dentry *dentry, 229 umode_t mode, 230 dev_t rdev) 231 { 232 return xfs_generic_create(dir, dentry, mode, rdev, false); 233 } 234 235 STATIC int 236 xfs_vn_create( 237 struct inode *dir, 238 struct dentry *dentry, 239 umode_t mode, 240 bool flags) 241 { 242 return xfs_vn_mknod(dir, dentry, mode, 0); 243 } 244 245 STATIC int 246 xfs_vn_mkdir( 247 struct inode *dir, 248 struct dentry *dentry, 249 umode_t mode) 250 { 251 return xfs_vn_mknod(dir, dentry, mode|S_IFDIR, 0); 252 } 253 254 STATIC struct dentry * 255 xfs_vn_lookup( 256 struct inode *dir, 257 struct dentry *dentry, 258 unsigned int flags) 259 { 260 struct inode *inode; 261 struct xfs_inode *cip; 262 struct xfs_name name; 263 int error; 264 265 if (dentry->d_name.len >= MAXNAMELEN) 266 return ERR_PTR(-ENAMETOOLONG); 267 268 xfs_dentry_to_name(&name, dentry); 269 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 270 if (likely(!error)) 271 inode = VFS_I(cip); 272 else if (likely(error == -ENOENT)) 273 inode = NULL; 274 else 275 inode = ERR_PTR(error); 276 return d_splice_alias(inode, dentry); 277 } 278 279 STATIC struct dentry * 280 xfs_vn_ci_lookup( 281 struct inode *dir, 282 struct dentry *dentry, 283 unsigned int flags) 284 { 285 struct xfs_inode *ip; 286 struct xfs_name xname; 287 struct xfs_name ci_name; 288 struct qstr dname; 289 int error; 290 291 if (dentry->d_name.len >= MAXNAMELEN) 292 return ERR_PTR(-ENAMETOOLONG); 293 294 xfs_dentry_to_name(&xname, dentry); 295 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 296 if (unlikely(error)) { 297 if (unlikely(error != -ENOENT)) 298 return ERR_PTR(error); 299 /* 300 * call d_add(dentry, NULL) here when d_drop_negative_children 301 * is called in xfs_vn_mknod (ie. allow negative dentries 302 * with CI filesystems). 303 */ 304 return NULL; 305 } 306 307 /* if exact match, just splice and exit */ 308 if (!ci_name.name) 309 return d_splice_alias(VFS_I(ip), dentry); 310 311 /* else case-insensitive match... */ 312 dname.name = ci_name.name; 313 dname.len = ci_name.len; 314 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 315 kmem_free(ci_name.name); 316 return dentry; 317 } 318 319 STATIC int 320 xfs_vn_link( 321 struct dentry *old_dentry, 322 struct inode *dir, 323 struct dentry *dentry) 324 { 325 struct inode *inode = d_inode(old_dentry); 326 struct xfs_name name; 327 int error; 328 329 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 330 if (unlikely(error)) 331 return error; 332 333 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 334 if (unlikely(error)) 335 return error; 336 337 ihold(inode); 338 d_instantiate(dentry, inode); 339 return 0; 340 } 341 342 STATIC int 343 xfs_vn_unlink( 344 struct inode *dir, 345 struct dentry *dentry) 346 { 347 struct xfs_name name; 348 int error; 349 350 xfs_dentry_to_name(&name, dentry); 351 352 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 353 if (error) 354 return error; 355 356 /* 357 * With unlink, the VFS makes the dentry "negative": no inode, 358 * but still hashed. This is incompatible with case-insensitive 359 * mode, so invalidate (unhash) the dentry in CI-mode. 360 */ 361 if (xfs_sb_version_hasasciici(&XFS_M(dir->i_sb)->m_sb)) 362 d_invalidate(dentry); 363 return 0; 364 } 365 366 STATIC int 367 xfs_vn_symlink( 368 struct inode *dir, 369 struct dentry *dentry, 370 const char *symname) 371 { 372 struct inode *inode; 373 struct xfs_inode *cip = NULL; 374 struct xfs_name name; 375 int error; 376 umode_t mode; 377 378 mode = S_IFLNK | 379 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 380 error = xfs_dentry_mode_to_name(&name, dentry, mode); 381 if (unlikely(error)) 382 goto out; 383 384 error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip); 385 if (unlikely(error)) 386 goto out; 387 388 inode = VFS_I(cip); 389 390 error = xfs_init_security(inode, dir, &dentry->d_name); 391 if (unlikely(error)) 392 goto out_cleanup_inode; 393 394 xfs_setup_iops(cip); 395 396 d_instantiate(dentry, inode); 397 xfs_finish_inode_setup(cip); 398 return 0; 399 400 out_cleanup_inode: 401 xfs_finish_inode_setup(cip); 402 xfs_cleanup_inode(dir, inode, dentry); 403 xfs_irele(cip); 404 out: 405 return error; 406 } 407 408 STATIC int 409 xfs_vn_rename( 410 struct inode *odir, 411 struct dentry *odentry, 412 struct inode *ndir, 413 struct dentry *ndentry, 414 unsigned int flags) 415 { 416 struct inode *new_inode = d_inode(ndentry); 417 int omode = 0; 418 int error; 419 struct xfs_name oname; 420 struct xfs_name nname; 421 422 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 423 return -EINVAL; 424 425 /* if we are exchanging files, we need to set i_mode of both files */ 426 if (flags & RENAME_EXCHANGE) 427 omode = d_inode(ndentry)->i_mode; 428 429 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 430 if (omode && unlikely(error)) 431 return error; 432 433 error = xfs_dentry_mode_to_name(&nname, ndentry, 434 d_inode(odentry)->i_mode); 435 if (unlikely(error)) 436 return error; 437 438 return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)), 439 XFS_I(ndir), &nname, 440 new_inode ? XFS_I(new_inode) : NULL, flags); 441 } 442 443 /* 444 * careful here - this function can get called recursively, so 445 * we need to be very careful about how much stack we use. 446 * uio is kmalloced for this reason... 447 */ 448 STATIC const char * 449 xfs_vn_get_link( 450 struct dentry *dentry, 451 struct inode *inode, 452 struct delayed_call *done) 453 { 454 char *link; 455 int error = -ENOMEM; 456 457 if (!dentry) 458 return ERR_PTR(-ECHILD); 459 460 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 461 if (!link) 462 goto out_err; 463 464 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 465 if (unlikely(error)) 466 goto out_kfree; 467 468 set_delayed_call(done, kfree_link, link); 469 return link; 470 471 out_kfree: 472 kfree(link); 473 out_err: 474 return ERR_PTR(error); 475 } 476 477 STATIC const char * 478 xfs_vn_get_link_inline( 479 struct dentry *dentry, 480 struct inode *inode, 481 struct delayed_call *done) 482 { 483 char *link; 484 485 ASSERT(XFS_I(inode)->i_df.if_flags & XFS_IFINLINE); 486 487 /* 488 * The VFS crashes on a NULL pointer, so return -EFSCORRUPTED if 489 * if_data is junk. 490 */ 491 link = XFS_I(inode)->i_df.if_u1.if_data; 492 if (!link) 493 return ERR_PTR(-EFSCORRUPTED); 494 return link; 495 } 496 497 STATIC int 498 xfs_vn_getattr( 499 const struct path *path, 500 struct kstat *stat, 501 u32 request_mask, 502 unsigned int query_flags) 503 { 504 struct inode *inode = d_inode(path->dentry); 505 struct xfs_inode *ip = XFS_I(inode); 506 struct xfs_mount *mp = ip->i_mount; 507 508 trace_xfs_getattr(ip); 509 510 if (XFS_FORCED_SHUTDOWN(mp)) 511 return -EIO; 512 513 stat->size = XFS_ISIZE(ip); 514 stat->dev = inode->i_sb->s_dev; 515 stat->mode = inode->i_mode; 516 stat->nlink = inode->i_nlink; 517 stat->uid = inode->i_uid; 518 stat->gid = inode->i_gid; 519 stat->ino = ip->i_ino; 520 stat->atime = inode->i_atime; 521 stat->mtime = inode->i_mtime; 522 stat->ctime = inode->i_ctime; 523 stat->blocks = 524 XFS_FSB_TO_BB(mp, ip->i_d.di_nblocks + ip->i_delayed_blks); 525 526 if (ip->i_d.di_version == 3) { 527 if (request_mask & STATX_BTIME) { 528 stat->result_mask |= STATX_BTIME; 529 stat->btime.tv_sec = ip->i_d.di_crtime.t_sec; 530 stat->btime.tv_nsec = ip->i_d.di_crtime.t_nsec; 531 } 532 } 533 534 /* 535 * Note: If you add another clause to set an attribute flag, please 536 * update attributes_mask below. 537 */ 538 if (ip->i_d.di_flags & XFS_DIFLAG_IMMUTABLE) 539 stat->attributes |= STATX_ATTR_IMMUTABLE; 540 if (ip->i_d.di_flags & XFS_DIFLAG_APPEND) 541 stat->attributes |= STATX_ATTR_APPEND; 542 if (ip->i_d.di_flags & XFS_DIFLAG_NODUMP) 543 stat->attributes |= STATX_ATTR_NODUMP; 544 545 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 546 STATX_ATTR_APPEND | 547 STATX_ATTR_NODUMP); 548 549 switch (inode->i_mode & S_IFMT) { 550 case S_IFBLK: 551 case S_IFCHR: 552 stat->blksize = BLKDEV_IOSIZE; 553 stat->rdev = inode->i_rdev; 554 break; 555 default: 556 if (XFS_IS_REALTIME_INODE(ip)) { 557 /* 558 * If the file blocks are being allocated from a 559 * realtime volume, then return the inode's realtime 560 * extent size or the realtime volume's extent size. 561 */ 562 stat->blksize = 563 xfs_get_extsz_hint(ip) << mp->m_sb.sb_blocklog; 564 } else 565 stat->blksize = xfs_preferred_iosize(mp); 566 stat->rdev = 0; 567 break; 568 } 569 570 return 0; 571 } 572 573 static void 574 xfs_setattr_mode( 575 struct xfs_inode *ip, 576 struct iattr *iattr) 577 { 578 struct inode *inode = VFS_I(ip); 579 umode_t mode = iattr->ia_mode; 580 581 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 582 583 inode->i_mode &= S_IFMT; 584 inode->i_mode |= mode & ~S_IFMT; 585 } 586 587 void 588 xfs_setattr_time( 589 struct xfs_inode *ip, 590 struct iattr *iattr) 591 { 592 struct inode *inode = VFS_I(ip); 593 594 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 595 596 if (iattr->ia_valid & ATTR_ATIME) 597 inode->i_atime = iattr->ia_atime; 598 if (iattr->ia_valid & ATTR_CTIME) 599 inode->i_ctime = iattr->ia_ctime; 600 if (iattr->ia_valid & ATTR_MTIME) 601 inode->i_mtime = iattr->ia_mtime; 602 } 603 604 static int 605 xfs_vn_change_ok( 606 struct dentry *dentry, 607 struct iattr *iattr) 608 { 609 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 610 611 if (mp->m_flags & XFS_MOUNT_RDONLY) 612 return -EROFS; 613 614 if (XFS_FORCED_SHUTDOWN(mp)) 615 return -EIO; 616 617 return setattr_prepare(dentry, iattr); 618 } 619 620 /* 621 * Set non-size attributes of an inode. 622 * 623 * Caution: The caller of this function is responsible for calling 624 * setattr_prepare() or otherwise verifying the change is fine. 625 */ 626 int 627 xfs_setattr_nonsize( 628 struct xfs_inode *ip, 629 struct iattr *iattr, 630 int flags) 631 { 632 xfs_mount_t *mp = ip->i_mount; 633 struct inode *inode = VFS_I(ip); 634 int mask = iattr->ia_valid; 635 xfs_trans_t *tp; 636 int error; 637 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID; 638 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID; 639 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 640 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL; 641 642 ASSERT((mask & ATTR_SIZE) == 0); 643 644 /* 645 * If disk quotas is on, we make sure that the dquots do exist on disk, 646 * before we start any other transactions. Trying to do this later 647 * is messy. We don't care to take a readlock to look at the ids 648 * in inode here, because we can't hold it across the trans_reserve. 649 * If the IDs do change before we take the ilock, we're covered 650 * because the i_*dquot fields will get updated anyway. 651 */ 652 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 653 uint qflags = 0; 654 655 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 656 uid = iattr->ia_uid; 657 qflags |= XFS_QMOPT_UQUOTA; 658 } else { 659 uid = inode->i_uid; 660 } 661 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 662 gid = iattr->ia_gid; 663 qflags |= XFS_QMOPT_GQUOTA; 664 } else { 665 gid = inode->i_gid; 666 } 667 668 /* 669 * We take a reference when we initialize udqp and gdqp, 670 * so it is important that we never blindly double trip on 671 * the same variable. See xfs_create() for an example. 672 */ 673 ASSERT(udqp == NULL); 674 ASSERT(gdqp == NULL); 675 error = xfs_qm_vop_dqalloc(ip, xfs_kuid_to_uid(uid), 676 xfs_kgid_to_gid(gid), 677 xfs_get_projid(ip), 678 qflags, &udqp, &gdqp, NULL); 679 if (error) 680 return error; 681 } 682 683 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp); 684 if (error) 685 goto out_dqrele; 686 687 xfs_ilock(ip, XFS_ILOCK_EXCL); 688 xfs_trans_ijoin(tp, ip, 0); 689 690 /* 691 * Change file ownership. Must be the owner or privileged. 692 */ 693 if (mask & (ATTR_UID|ATTR_GID)) { 694 /* 695 * These IDs could have changed since we last looked at them. 696 * But, we're assured that if the ownership did change 697 * while we didn't have the inode locked, inode's dquot(s) 698 * would have changed also. 699 */ 700 iuid = inode->i_uid; 701 igid = inode->i_gid; 702 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid; 703 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid; 704 705 /* 706 * Do a quota reservation only if uid/gid is actually 707 * going to change. 708 */ 709 if (XFS_IS_QUOTA_RUNNING(mp) && 710 ((XFS_IS_UQUOTA_ON(mp) && !uid_eq(iuid, uid)) || 711 (XFS_IS_GQUOTA_ON(mp) && !gid_eq(igid, gid)))) { 712 ASSERT(tp); 713 error = xfs_qm_vop_chown_reserve(tp, ip, udqp, gdqp, 714 NULL, capable(CAP_FOWNER) ? 715 XFS_QMOPT_FORCE_RES : 0); 716 if (error) /* out of quota */ 717 goto out_cancel; 718 } 719 } 720 721 /* 722 * Change file ownership. Must be the owner or privileged. 723 */ 724 if (mask & (ATTR_UID|ATTR_GID)) { 725 /* 726 * CAP_FSETID overrides the following restrictions: 727 * 728 * The set-user-ID and set-group-ID bits of a file will be 729 * cleared upon successful return from chown() 730 */ 731 if ((inode->i_mode & (S_ISUID|S_ISGID)) && 732 !capable(CAP_FSETID)) 733 inode->i_mode &= ~(S_ISUID|S_ISGID); 734 735 /* 736 * Change the ownerships and register quota modifications 737 * in the transaction. 738 */ 739 if (!uid_eq(iuid, uid)) { 740 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) { 741 ASSERT(mask & ATTR_UID); 742 ASSERT(udqp); 743 olddquot1 = xfs_qm_vop_chown(tp, ip, 744 &ip->i_udquot, udqp); 745 } 746 ip->i_d.di_uid = xfs_kuid_to_uid(uid); 747 inode->i_uid = uid; 748 } 749 if (!gid_eq(igid, gid)) { 750 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_GQUOTA_ON(mp)) { 751 ASSERT(xfs_sb_version_has_pquotino(&mp->m_sb) || 752 !XFS_IS_PQUOTA_ON(mp)); 753 ASSERT(mask & ATTR_GID); 754 ASSERT(gdqp); 755 olddquot2 = xfs_qm_vop_chown(tp, ip, 756 &ip->i_gdquot, gdqp); 757 } 758 ip->i_d.di_gid = xfs_kgid_to_gid(gid); 759 inode->i_gid = gid; 760 } 761 } 762 763 if (mask & ATTR_MODE) 764 xfs_setattr_mode(ip, iattr); 765 if (mask & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 766 xfs_setattr_time(ip, iattr); 767 768 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 769 770 XFS_STATS_INC(mp, xs_ig_attrchg); 771 772 if (mp->m_flags & XFS_MOUNT_WSYNC) 773 xfs_trans_set_sync(tp); 774 error = xfs_trans_commit(tp); 775 776 xfs_iunlock(ip, XFS_ILOCK_EXCL); 777 778 /* 779 * Release any dquot(s) the inode had kept before chown. 780 */ 781 xfs_qm_dqrele(olddquot1); 782 xfs_qm_dqrele(olddquot2); 783 xfs_qm_dqrele(udqp); 784 xfs_qm_dqrele(gdqp); 785 786 if (error) 787 return error; 788 789 /* 790 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 791 * update. We could avoid this with linked transactions 792 * and passing down the transaction pointer all the way 793 * to attr_set. No previous user of the generic 794 * Posix ACL code seems to care about this issue either. 795 */ 796 if ((mask & ATTR_MODE) && !(flags & XFS_ATTR_NOACL)) { 797 error = posix_acl_chmod(inode, inode->i_mode); 798 if (error) 799 return error; 800 } 801 802 return 0; 803 804 out_cancel: 805 xfs_trans_cancel(tp); 806 out_dqrele: 807 xfs_qm_dqrele(udqp); 808 xfs_qm_dqrele(gdqp); 809 return error; 810 } 811 812 int 813 xfs_vn_setattr_nonsize( 814 struct dentry *dentry, 815 struct iattr *iattr) 816 { 817 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 818 int error; 819 820 trace_xfs_setattr(ip); 821 822 error = xfs_vn_change_ok(dentry, iattr); 823 if (error) 824 return error; 825 return xfs_setattr_nonsize(ip, iattr, 0); 826 } 827 828 /* 829 * Truncate file. Must have write permission and not be a directory. 830 * 831 * Caution: The caller of this function is responsible for calling 832 * setattr_prepare() or otherwise verifying the change is fine. 833 */ 834 STATIC int 835 xfs_setattr_size( 836 struct xfs_inode *ip, 837 struct iattr *iattr) 838 { 839 struct xfs_mount *mp = ip->i_mount; 840 struct inode *inode = VFS_I(ip); 841 xfs_off_t oldsize, newsize; 842 struct xfs_trans *tp; 843 int error; 844 uint lock_flags = 0; 845 bool did_zeroing = false; 846 847 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); 848 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL)); 849 ASSERT(S_ISREG(inode->i_mode)); 850 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 851 ATTR_MTIME_SET|ATTR_KILL_PRIV|ATTR_TIMES_SET)) == 0); 852 853 oldsize = inode->i_size; 854 newsize = iattr->ia_size; 855 856 /* 857 * Short circuit the truncate case for zero length files. 858 */ 859 if (newsize == 0 && oldsize == 0 && ip->i_d.di_nextents == 0) { 860 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 861 return 0; 862 863 /* 864 * Use the regular setattr path to update the timestamps. 865 */ 866 iattr->ia_valid &= ~ATTR_SIZE; 867 return xfs_setattr_nonsize(ip, iattr, 0); 868 } 869 870 /* 871 * Make sure that the dquots are attached to the inode. 872 */ 873 error = xfs_qm_dqattach(ip); 874 if (error) 875 return error; 876 877 /* 878 * Wait for all direct I/O to complete. 879 */ 880 inode_dio_wait(inode); 881 882 /* 883 * File data changes must be complete before we start the transaction to 884 * modify the inode. This needs to be done before joining the inode to 885 * the transaction because the inode cannot be unlocked once it is a 886 * part of the transaction. 887 * 888 * Start with zeroing any data beyond EOF that we may expose on file 889 * extension, or zeroing out the rest of the block on a downward 890 * truncate. 891 */ 892 if (newsize > oldsize) { 893 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 894 error = iomap_zero_range(inode, oldsize, newsize - oldsize, 895 &did_zeroing, &xfs_iomap_ops); 896 } else { 897 error = iomap_truncate_page(inode, newsize, &did_zeroing, 898 &xfs_iomap_ops); 899 } 900 901 if (error) 902 return error; 903 904 /* 905 * We've already locked out new page faults, so now we can safely remove 906 * pages from the page cache knowing they won't get refaulted until we 907 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 908 * complete. The truncate_setsize() call also cleans partial EOF page 909 * PTEs on extending truncates and hence ensures sub-page block size 910 * filesystems are correctly handled, too. 911 * 912 * We have to do all the page cache truncate work outside the 913 * transaction context as the "lock" order is page lock->log space 914 * reservation as defined by extent allocation in the writeback path. 915 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 916 * having already truncated the in-memory version of the file (i.e. made 917 * user visible changes). There's not much we can do about this, except 918 * to hope that the caller sees ENOMEM and retries the truncate 919 * operation. 920 * 921 * And we update in-core i_size and truncate page cache beyond newsize 922 * before writeback the [di_size, newsize] range, so we're guaranteed 923 * not to write stale data past the new EOF on truncate down. 924 */ 925 truncate_setsize(inode, newsize); 926 927 /* 928 * We are going to log the inode size change in this transaction so 929 * any previous writes that are beyond the on disk EOF and the new 930 * EOF that have not been written out need to be written here. If we 931 * do not write the data out, we expose ourselves to the null files 932 * problem. Note that this includes any block zeroing we did above; 933 * otherwise those blocks may not be zeroed after a crash. 934 */ 935 if (did_zeroing || 936 (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) { 937 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 938 ip->i_d.di_size, newsize - 1); 939 if (error) 940 return error; 941 } 942 943 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 944 if (error) 945 return error; 946 947 lock_flags |= XFS_ILOCK_EXCL; 948 xfs_ilock(ip, XFS_ILOCK_EXCL); 949 xfs_trans_ijoin(tp, ip, 0); 950 951 /* 952 * Only change the c/mtime if we are changing the size or we are 953 * explicitly asked to change it. This handles the semantic difference 954 * between truncate() and ftruncate() as implemented in the VFS. 955 * 956 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 957 * special case where we need to update the times despite not having 958 * these flags set. For all other operations the VFS set these flags 959 * explicitly if it wants a timestamp update. 960 */ 961 if (newsize != oldsize && 962 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 963 iattr->ia_ctime = iattr->ia_mtime = 964 current_time(inode); 965 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 966 } 967 968 /* 969 * The first thing we do is set the size to new_size permanently on 970 * disk. This way we don't have to worry about anyone ever being able 971 * to look at the data being freed even in the face of a crash. 972 * What we're getting around here is the case where we free a block, it 973 * is allocated to another file, it is written to, and then we crash. 974 * If the new data gets written to the file but the log buffers 975 * containing the free and reallocation don't, then we'd end up with 976 * garbage in the blocks being freed. As long as we make the new size 977 * permanent before actually freeing any blocks it doesn't matter if 978 * they get written to. 979 */ 980 ip->i_d.di_size = newsize; 981 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 982 983 if (newsize <= oldsize) { 984 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 985 if (error) 986 goto out_trans_cancel; 987 988 /* 989 * Truncated "down", so we're removing references to old data 990 * here - if we delay flushing for a long time, we expose 991 * ourselves unduly to the notorious NULL files problem. So, 992 * we mark this inode and flush it when the file is closed, 993 * and do not wait the usual (long) time for writeout. 994 */ 995 xfs_iflags_set(ip, XFS_ITRUNCATED); 996 997 /* A truncate down always removes post-EOF blocks. */ 998 xfs_inode_clear_eofblocks_tag(ip); 999 } 1000 1001 if (iattr->ia_valid & ATTR_MODE) 1002 xfs_setattr_mode(ip, iattr); 1003 if (iattr->ia_valid & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 1004 xfs_setattr_time(ip, iattr); 1005 1006 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 1007 1008 XFS_STATS_INC(mp, xs_ig_attrchg); 1009 1010 if (mp->m_flags & XFS_MOUNT_WSYNC) 1011 xfs_trans_set_sync(tp); 1012 1013 error = xfs_trans_commit(tp); 1014 out_unlock: 1015 if (lock_flags) 1016 xfs_iunlock(ip, lock_flags); 1017 return error; 1018 1019 out_trans_cancel: 1020 xfs_trans_cancel(tp); 1021 goto out_unlock; 1022 } 1023 1024 int 1025 xfs_vn_setattr_size( 1026 struct dentry *dentry, 1027 struct iattr *iattr) 1028 { 1029 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 1030 int error; 1031 1032 trace_xfs_setattr(ip); 1033 1034 error = xfs_vn_change_ok(dentry, iattr); 1035 if (error) 1036 return error; 1037 return xfs_setattr_size(ip, iattr); 1038 } 1039 1040 STATIC int 1041 xfs_vn_setattr( 1042 struct dentry *dentry, 1043 struct iattr *iattr) 1044 { 1045 int error; 1046 1047 if (iattr->ia_valid & ATTR_SIZE) { 1048 struct inode *inode = d_inode(dentry); 1049 struct xfs_inode *ip = XFS_I(inode); 1050 uint iolock; 1051 1052 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1053 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1054 1055 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1056 if (error) { 1057 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1058 return error; 1059 } 1060 1061 error = xfs_vn_setattr_size(dentry, iattr); 1062 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1063 } else { 1064 error = xfs_vn_setattr_nonsize(dentry, iattr); 1065 } 1066 1067 return error; 1068 } 1069 1070 STATIC int 1071 xfs_vn_update_time( 1072 struct inode *inode, 1073 struct timespec64 *now, 1074 int flags) 1075 { 1076 struct xfs_inode *ip = XFS_I(inode); 1077 struct xfs_mount *mp = ip->i_mount; 1078 int log_flags = XFS_ILOG_TIMESTAMP; 1079 struct xfs_trans *tp; 1080 int error; 1081 1082 trace_xfs_update_time(ip); 1083 1084 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1085 if (!((flags & S_VERSION) && 1086 inode_maybe_inc_iversion(inode, false))) 1087 return generic_update_time(inode, now, flags); 1088 1089 /* Capture the iversion update that just occurred */ 1090 log_flags |= XFS_ILOG_CORE; 1091 } 1092 1093 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1094 if (error) 1095 return error; 1096 1097 xfs_ilock(ip, XFS_ILOCK_EXCL); 1098 if (flags & S_CTIME) 1099 inode->i_ctime = *now; 1100 if (flags & S_MTIME) 1101 inode->i_mtime = *now; 1102 if (flags & S_ATIME) 1103 inode->i_atime = *now; 1104 1105 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1106 xfs_trans_log_inode(tp, ip, log_flags); 1107 return xfs_trans_commit(tp); 1108 } 1109 1110 STATIC int 1111 xfs_vn_fiemap( 1112 struct inode *inode, 1113 struct fiemap_extent_info *fieinfo, 1114 u64 start, 1115 u64 length) 1116 { 1117 int error; 1118 1119 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1120 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1121 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1122 error = iomap_fiemap(inode, fieinfo, start, length, 1123 &xfs_xattr_iomap_ops); 1124 } else { 1125 error = iomap_fiemap(inode, fieinfo, start, length, 1126 &xfs_iomap_ops); 1127 } 1128 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1129 1130 return error; 1131 } 1132 1133 STATIC int 1134 xfs_vn_tmpfile( 1135 struct inode *dir, 1136 struct dentry *dentry, 1137 umode_t mode) 1138 { 1139 return xfs_generic_create(dir, dentry, mode, 0, true); 1140 } 1141 1142 static const struct inode_operations xfs_inode_operations = { 1143 .get_acl = xfs_get_acl, 1144 .set_acl = xfs_set_acl, 1145 .getattr = xfs_vn_getattr, 1146 .setattr = xfs_vn_setattr, 1147 .listxattr = xfs_vn_listxattr, 1148 .fiemap = xfs_vn_fiemap, 1149 .update_time = xfs_vn_update_time, 1150 }; 1151 1152 static const struct inode_operations xfs_dir_inode_operations = { 1153 .create = xfs_vn_create, 1154 .lookup = xfs_vn_lookup, 1155 .link = xfs_vn_link, 1156 .unlink = xfs_vn_unlink, 1157 .symlink = xfs_vn_symlink, 1158 .mkdir = xfs_vn_mkdir, 1159 /* 1160 * Yes, XFS uses the same method for rmdir and unlink. 1161 * 1162 * There are some subtile differences deeper in the code, 1163 * but we use S_ISDIR to check for those. 1164 */ 1165 .rmdir = xfs_vn_unlink, 1166 .mknod = xfs_vn_mknod, 1167 .rename = xfs_vn_rename, 1168 .get_acl = xfs_get_acl, 1169 .set_acl = xfs_set_acl, 1170 .getattr = xfs_vn_getattr, 1171 .setattr = xfs_vn_setattr, 1172 .listxattr = xfs_vn_listxattr, 1173 .update_time = xfs_vn_update_time, 1174 .tmpfile = xfs_vn_tmpfile, 1175 }; 1176 1177 static const struct inode_operations xfs_dir_ci_inode_operations = { 1178 .create = xfs_vn_create, 1179 .lookup = xfs_vn_ci_lookup, 1180 .link = xfs_vn_link, 1181 .unlink = xfs_vn_unlink, 1182 .symlink = xfs_vn_symlink, 1183 .mkdir = xfs_vn_mkdir, 1184 /* 1185 * Yes, XFS uses the same method for rmdir and unlink. 1186 * 1187 * There are some subtile differences deeper in the code, 1188 * but we use S_ISDIR to check for those. 1189 */ 1190 .rmdir = xfs_vn_unlink, 1191 .mknod = xfs_vn_mknod, 1192 .rename = xfs_vn_rename, 1193 .get_acl = xfs_get_acl, 1194 .set_acl = xfs_set_acl, 1195 .getattr = xfs_vn_getattr, 1196 .setattr = xfs_vn_setattr, 1197 .listxattr = xfs_vn_listxattr, 1198 .update_time = xfs_vn_update_time, 1199 .tmpfile = xfs_vn_tmpfile, 1200 }; 1201 1202 static const struct inode_operations xfs_symlink_inode_operations = { 1203 .get_link = xfs_vn_get_link, 1204 .getattr = xfs_vn_getattr, 1205 .setattr = xfs_vn_setattr, 1206 .listxattr = xfs_vn_listxattr, 1207 .update_time = xfs_vn_update_time, 1208 }; 1209 1210 static const struct inode_operations xfs_inline_symlink_inode_operations = { 1211 .get_link = xfs_vn_get_link_inline, 1212 .getattr = xfs_vn_getattr, 1213 .setattr = xfs_vn_setattr, 1214 .listxattr = xfs_vn_listxattr, 1215 .update_time = xfs_vn_update_time, 1216 }; 1217 1218 /* Figure out if this file actually supports DAX. */ 1219 static bool 1220 xfs_inode_supports_dax( 1221 struct xfs_inode *ip) 1222 { 1223 struct xfs_mount *mp = ip->i_mount; 1224 1225 /* Only supported on non-reflinked files. */ 1226 if (!S_ISREG(VFS_I(ip)->i_mode) || xfs_is_reflink_inode(ip)) 1227 return false; 1228 1229 /* DAX mount option or DAX iflag must be set. */ 1230 if (!(mp->m_flags & XFS_MOUNT_DAX) && 1231 !(ip->i_d.di_flags2 & XFS_DIFLAG2_DAX)) 1232 return false; 1233 1234 /* Block size must match page size */ 1235 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1236 return false; 1237 1238 /* Device has to support DAX too. */ 1239 return xfs_find_daxdev_for_inode(VFS_I(ip)) != NULL; 1240 } 1241 1242 STATIC void 1243 xfs_diflags_to_iflags( 1244 struct inode *inode, 1245 struct xfs_inode *ip) 1246 { 1247 uint16_t flags = ip->i_d.di_flags; 1248 1249 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | 1250 S_NOATIME | S_DAX); 1251 1252 if (flags & XFS_DIFLAG_IMMUTABLE) 1253 inode->i_flags |= S_IMMUTABLE; 1254 if (flags & XFS_DIFLAG_APPEND) 1255 inode->i_flags |= S_APPEND; 1256 if (flags & XFS_DIFLAG_SYNC) 1257 inode->i_flags |= S_SYNC; 1258 if (flags & XFS_DIFLAG_NOATIME) 1259 inode->i_flags |= S_NOATIME; 1260 if (xfs_inode_supports_dax(ip)) 1261 inode->i_flags |= S_DAX; 1262 } 1263 1264 /* 1265 * Initialize the Linux inode. 1266 * 1267 * When reading existing inodes from disk this is called directly from xfs_iget, 1268 * when creating a new inode it is called from xfs_ialloc after setting up the 1269 * inode. These callers have different criteria for clearing XFS_INEW, so leave 1270 * it up to the caller to deal with unlocking the inode appropriately. 1271 */ 1272 void 1273 xfs_setup_inode( 1274 struct xfs_inode *ip) 1275 { 1276 struct inode *inode = &ip->i_vnode; 1277 gfp_t gfp_mask; 1278 1279 inode->i_ino = ip->i_ino; 1280 inode->i_state = I_NEW; 1281 1282 inode_sb_list_add(inode); 1283 /* make the inode look hashed for the writeback code */ 1284 inode_fake_hash(inode); 1285 1286 inode->i_uid = xfs_uid_to_kuid(ip->i_d.di_uid); 1287 inode->i_gid = xfs_gid_to_kgid(ip->i_d.di_gid); 1288 1289 i_size_write(inode, ip->i_d.di_size); 1290 xfs_diflags_to_iflags(inode, ip); 1291 1292 if (S_ISDIR(inode->i_mode)) { 1293 /* 1294 * We set the i_rwsem class here to avoid potential races with 1295 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1296 * after a filehandle lookup has already found the inode in 1297 * cache before it has been unlocked via unlock_new_inode(). 1298 */ 1299 lockdep_set_class(&inode->i_rwsem, 1300 &inode->i_sb->s_type->i_mutex_dir_key); 1301 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class); 1302 ip->d_ops = ip->i_mount->m_dir_inode_ops; 1303 } else { 1304 ip->d_ops = ip->i_mount->m_nondir_inode_ops; 1305 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class); 1306 } 1307 1308 /* 1309 * Ensure all page cache allocations are done from GFP_NOFS context to 1310 * prevent direct reclaim recursion back into the filesystem and blowing 1311 * stacks or deadlocking. 1312 */ 1313 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1314 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1315 1316 /* 1317 * If there is no attribute fork no ACL can exist on this inode, 1318 * and it can't have any file capabilities attached to it either. 1319 */ 1320 if (!XFS_IFORK_Q(ip)) { 1321 inode_has_no_xattr(inode); 1322 cache_no_acl(inode); 1323 } 1324 } 1325 1326 void 1327 xfs_setup_iops( 1328 struct xfs_inode *ip) 1329 { 1330 struct inode *inode = &ip->i_vnode; 1331 1332 switch (inode->i_mode & S_IFMT) { 1333 case S_IFREG: 1334 inode->i_op = &xfs_inode_operations; 1335 inode->i_fop = &xfs_file_operations; 1336 if (IS_DAX(inode)) 1337 inode->i_mapping->a_ops = &xfs_dax_aops; 1338 else 1339 inode->i_mapping->a_ops = &xfs_address_space_operations; 1340 break; 1341 case S_IFDIR: 1342 if (xfs_sb_version_hasasciici(&XFS_M(inode->i_sb)->m_sb)) 1343 inode->i_op = &xfs_dir_ci_inode_operations; 1344 else 1345 inode->i_op = &xfs_dir_inode_operations; 1346 inode->i_fop = &xfs_dir_file_operations; 1347 break; 1348 case S_IFLNK: 1349 if (ip->i_df.if_flags & XFS_IFINLINE) 1350 inode->i_op = &xfs_inline_symlink_inode_operations; 1351 else 1352 inode->i_op = &xfs_symlink_inode_operations; 1353 break; 1354 default: 1355 inode->i_op = &xfs_inode_operations; 1356 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1357 break; 1358 } 1359 } 1360