1 /*
2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
3 * All Rights Reserved.
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 #include "xfs.h"
19 #include "xfs_fs.h"
20 #include "xfs_types.h"
21 #include "xfs_bit.h"
22 #include "xfs_log.h"
23 #include "xfs_inum.h"
24 #include "xfs_trans.h"
25 #include "xfs_sb.h"
26 #include "xfs_ag.h"
27 #include "xfs_mount.h"
28 #include "xfs_bmap_btree.h"
29 #include "xfs_dinode.h"
30 #include "xfs_inode.h"
31 #include "xfs_inode_item.h"
32 #include "xfs_bmap.h"
33 #include "xfs_itable.h"
34 #include "xfs_dfrag.h"
35 #include "xfs_error.h"
36 #include "xfs_vnodeops.h"
37 #include "xfs_trace.h"
38
39
40 static int xfs_swap_extents(
41 xfs_inode_t *ip, /* target inode */
42 xfs_inode_t *tip, /* tmp inode */
43 xfs_swapext_t *sxp);
44
45 /*
46 * ioctl interface for swapext
47 */
48 int
xfs_swapext(xfs_swapext_t * sxp)49 xfs_swapext(
50 xfs_swapext_t *sxp)
51 {
52 xfs_inode_t *ip, *tip;
53 struct file *file, *tmp_file;
54 int error = 0;
55
56 /* Pull information for the target fd */
57 file = fget((int)sxp->sx_fdtarget);
58 if (!file) {
59 error = XFS_ERROR(EINVAL);
60 goto out;
61 }
62
63 if (!(file->f_mode & FMODE_WRITE) ||
64 !(file->f_mode & FMODE_READ) ||
65 (file->f_flags & O_APPEND)) {
66 error = XFS_ERROR(EBADF);
67 goto out_put_file;
68 }
69
70 tmp_file = fget((int)sxp->sx_fdtmp);
71 if (!tmp_file) {
72 error = XFS_ERROR(EINVAL);
73 goto out_put_file;
74 }
75
76 if (!(tmp_file->f_mode & FMODE_WRITE) ||
77 !(tmp_file->f_mode & FMODE_READ) ||
78 (tmp_file->f_flags & O_APPEND)) {
79 error = XFS_ERROR(EBADF);
80 goto out_put_tmp_file;
81 }
82
83 if (IS_SWAPFILE(file->f_path.dentry->d_inode) ||
84 IS_SWAPFILE(tmp_file->f_path.dentry->d_inode)) {
85 error = XFS_ERROR(EINVAL);
86 goto out_put_tmp_file;
87 }
88
89 ip = XFS_I(file->f_path.dentry->d_inode);
90 tip = XFS_I(tmp_file->f_path.dentry->d_inode);
91
92 if (ip->i_mount != tip->i_mount) {
93 error = XFS_ERROR(EINVAL);
94 goto out_put_tmp_file;
95 }
96
97 if (ip->i_ino == tip->i_ino) {
98 error = XFS_ERROR(EINVAL);
99 goto out_put_tmp_file;
100 }
101
102 if (XFS_FORCED_SHUTDOWN(ip->i_mount)) {
103 error = XFS_ERROR(EIO);
104 goto out_put_tmp_file;
105 }
106
107 error = xfs_swap_extents(ip, tip, sxp);
108
109 out_put_tmp_file:
110 fput(tmp_file);
111 out_put_file:
112 fput(file);
113 out:
114 return error;
115 }
116
117 /*
118 * We need to check that the format of the data fork in the temporary inode is
119 * valid for the target inode before doing the swap. This is not a problem with
120 * attr1 because of the fixed fork offset, but attr2 has a dynamically sized
121 * data fork depending on the space the attribute fork is taking so we can get
122 * invalid formats on the target inode.
123 *
124 * E.g. target has space for 7 extents in extent format, temp inode only has
125 * space for 6. If we defragment down to 7 extents, then the tmp format is a
126 * btree, but when swapped it needs to be in extent format. Hence we can't just
127 * blindly swap data forks on attr2 filesystems.
128 *
129 * Note that we check the swap in both directions so that we don't end up with
130 * a corrupt temporary inode, either.
131 *
132 * Note that fixing the way xfs_fsr sets up the attribute fork in the source
133 * inode will prevent this situation from occurring, so all we do here is
134 * reject and log the attempt. basically we are putting the responsibility on
135 * userspace to get this right.
136 */
137 static int
xfs_swap_extents_check_format(xfs_inode_t * ip,xfs_inode_t * tip)138 xfs_swap_extents_check_format(
139 xfs_inode_t *ip, /* target inode */
140 xfs_inode_t *tip) /* tmp inode */
141 {
142
143 /* Should never get a local format */
144 if (ip->i_d.di_format == XFS_DINODE_FMT_LOCAL ||
145 tip->i_d.di_format == XFS_DINODE_FMT_LOCAL)
146 return EINVAL;
147
148 /*
149 * if the target inode has less extents that then temporary inode then
150 * why did userspace call us?
151 */
152 if (ip->i_d.di_nextents < tip->i_d.di_nextents)
153 return EINVAL;
154
155 /*
156 * if the target inode is in extent form and the temp inode is in btree
157 * form then we will end up with the target inode in the wrong format
158 * as we already know there are less extents in the temp inode.
159 */
160 if (ip->i_d.di_format == XFS_DINODE_FMT_EXTENTS &&
161 tip->i_d.di_format == XFS_DINODE_FMT_BTREE)
162 return EINVAL;
163
164 /* Check temp in extent form to max in target */
165 if (tip->i_d.di_format == XFS_DINODE_FMT_EXTENTS &&
166 XFS_IFORK_NEXTENTS(tip, XFS_DATA_FORK) >
167 XFS_IFORK_MAXEXT(ip, XFS_DATA_FORK))
168 return EINVAL;
169
170 /* Check target in extent form to max in temp */
171 if (ip->i_d.di_format == XFS_DINODE_FMT_EXTENTS &&
172 XFS_IFORK_NEXTENTS(ip, XFS_DATA_FORK) >
173 XFS_IFORK_MAXEXT(tip, XFS_DATA_FORK))
174 return EINVAL;
175
176 /*
177 * If we are in a btree format, check that the temp root block will fit
178 * in the target and that it has enough extents to be in btree format
179 * in the target.
180 *
181 * Note that we have to be careful to allow btree->extent conversions
182 * (a common defrag case) which will occur when the temp inode is in
183 * extent format...
184 */
185 if (tip->i_d.di_format == XFS_DINODE_FMT_BTREE) {
186 if (XFS_IFORK_BOFF(ip) &&
187 tip->i_df.if_broot_bytes > XFS_IFORK_BOFF(ip))
188 return EINVAL;
189 if (XFS_IFORK_NEXTENTS(tip, XFS_DATA_FORK) <=
190 XFS_IFORK_MAXEXT(ip, XFS_DATA_FORK))
191 return EINVAL;
192 }
193
194 /* Reciprocal target->temp btree format checks */
195 if (ip->i_d.di_format == XFS_DINODE_FMT_BTREE) {
196 if (XFS_IFORK_BOFF(tip) &&
197 ip->i_df.if_broot_bytes > XFS_IFORK_BOFF(tip))
198 return EINVAL;
199
200 if (XFS_IFORK_NEXTENTS(ip, XFS_DATA_FORK) <=
201 XFS_IFORK_MAXEXT(tip, XFS_DATA_FORK))
202 return EINVAL;
203 }
204
205 return 0;
206 }
207
208 static int
xfs_swap_extents(xfs_inode_t * ip,xfs_inode_t * tip,xfs_swapext_t * sxp)209 xfs_swap_extents(
210 xfs_inode_t *ip, /* target inode */
211 xfs_inode_t *tip, /* tmp inode */
212 xfs_swapext_t *sxp)
213 {
214 xfs_mount_t *mp = ip->i_mount;
215 xfs_trans_t *tp;
216 xfs_bstat_t *sbp = &sxp->sx_stat;
217 xfs_ifork_t *tempifp, *ifp, *tifp;
218 int src_log_flags, target_log_flags;
219 int error = 0;
220 int aforkblks = 0;
221 int taforkblks = 0;
222 __uint64_t tmp;
223
224 tempifp = kmem_alloc(sizeof(xfs_ifork_t), KM_MAYFAIL);
225 if (!tempifp) {
226 error = XFS_ERROR(ENOMEM);
227 goto out;
228 }
229
230 /*
231 * we have to do two separate lock calls here to keep lockdep
232 * happy. If we try to get all the locks in one call, lock will
233 * report false positives when we drop the ILOCK and regain them
234 * below.
235 */
236 xfs_lock_two_inodes(ip, tip, XFS_IOLOCK_EXCL);
237 xfs_lock_two_inodes(ip, tip, XFS_ILOCK_EXCL);
238
239 /* Verify that both files have the same format */
240 if ((ip->i_d.di_mode & S_IFMT) != (tip->i_d.di_mode & S_IFMT)) {
241 error = XFS_ERROR(EINVAL);
242 goto out_unlock;
243 }
244
245 /* Verify both files are either real-time or non-realtime */
246 if (XFS_IS_REALTIME_INODE(ip) != XFS_IS_REALTIME_INODE(tip)) {
247 error = XFS_ERROR(EINVAL);
248 goto out_unlock;
249 }
250
251 if (VN_CACHED(VFS_I(tip)) != 0) {
252 error = xfs_flushinval_pages(tip, 0, -1,
253 FI_REMAPF_LOCKED);
254 if (error)
255 goto out_unlock;
256 }
257
258 /* Verify O_DIRECT for ftmp */
259 if (VN_CACHED(VFS_I(tip)) != 0) {
260 error = XFS_ERROR(EINVAL);
261 goto out_unlock;
262 }
263
264 /* Verify all data are being swapped */
265 if (sxp->sx_offset != 0 ||
266 sxp->sx_length != ip->i_d.di_size ||
267 sxp->sx_length != tip->i_d.di_size) {
268 error = XFS_ERROR(EFAULT);
269 goto out_unlock;
270 }
271
272 trace_xfs_swap_extent_before(ip, 0);
273 trace_xfs_swap_extent_before(tip, 1);
274
275 /* check inode formats now that data is flushed */
276 error = xfs_swap_extents_check_format(ip, tip);
277 if (error) {
278 xfs_notice(mp,
279 "%s: inode 0x%llx format is incompatible for exchanging.",
280 __func__, ip->i_ino);
281 goto out_unlock;
282 }
283
284 /*
285 * Compare the current change & modify times with that
286 * passed in. If they differ, we abort this swap.
287 * This is the mechanism used to ensure the calling
288 * process that the file was not changed out from
289 * under it.
290 */
291 if ((sbp->bs_ctime.tv_sec != VFS_I(ip)->i_ctime.tv_sec) ||
292 (sbp->bs_ctime.tv_nsec != VFS_I(ip)->i_ctime.tv_nsec) ||
293 (sbp->bs_mtime.tv_sec != VFS_I(ip)->i_mtime.tv_sec) ||
294 (sbp->bs_mtime.tv_nsec != VFS_I(ip)->i_mtime.tv_nsec)) {
295 error = XFS_ERROR(EBUSY);
296 goto out_unlock;
297 }
298
299 /* We need to fail if the file is memory mapped. Once we have tossed
300 * all existing pages, the page fault will have no option
301 * but to go to the filesystem for pages. By making the page fault call
302 * vop_read (or write in the case of autogrow) they block on the iolock
303 * until we have switched the extents.
304 */
305 if (VN_MAPPED(VFS_I(ip))) {
306 error = XFS_ERROR(EBUSY);
307 goto out_unlock;
308 }
309
310 xfs_iunlock(ip, XFS_ILOCK_EXCL);
311 xfs_iunlock(tip, XFS_ILOCK_EXCL);
312
313 /*
314 * There is a race condition here since we gave up the
315 * ilock. However, the data fork will not change since
316 * we have the iolock (locked for truncation too) so we
317 * are safe. We don't really care if non-io related
318 * fields change.
319 */
320
321 xfs_tosspages(ip, 0, -1, FI_REMAPF);
322
323 tp = xfs_trans_alloc(mp, XFS_TRANS_SWAPEXT);
324 if ((error = xfs_trans_reserve(tp, 0,
325 XFS_ICHANGE_LOG_RES(mp), 0,
326 0, 0))) {
327 xfs_iunlock(ip, XFS_IOLOCK_EXCL);
328 xfs_iunlock(tip, XFS_IOLOCK_EXCL);
329 xfs_trans_cancel(tp, 0);
330 goto out;
331 }
332 xfs_lock_two_inodes(ip, tip, XFS_ILOCK_EXCL);
333
334 /*
335 * Count the number of extended attribute blocks
336 */
337 if ( ((XFS_IFORK_Q(ip) != 0) && (ip->i_d.di_anextents > 0)) &&
338 (ip->i_d.di_aformat != XFS_DINODE_FMT_LOCAL)) {
339 error = xfs_bmap_count_blocks(tp, ip, XFS_ATTR_FORK, &aforkblks);
340 if (error)
341 goto out_trans_cancel;
342 }
343 if ( ((XFS_IFORK_Q(tip) != 0) && (tip->i_d.di_anextents > 0)) &&
344 (tip->i_d.di_aformat != XFS_DINODE_FMT_LOCAL)) {
345 error = xfs_bmap_count_blocks(tp, tip, XFS_ATTR_FORK,
346 &taforkblks);
347 if (error)
348 goto out_trans_cancel;
349 }
350
351 /*
352 * Swap the data forks of the inodes
353 */
354 ifp = &ip->i_df;
355 tifp = &tip->i_df;
356 *tempifp = *ifp; /* struct copy */
357 *ifp = *tifp; /* struct copy */
358 *tifp = *tempifp; /* struct copy */
359
360 /*
361 * Fix the on-disk inode values
362 */
363 tmp = (__uint64_t)ip->i_d.di_nblocks;
364 ip->i_d.di_nblocks = tip->i_d.di_nblocks - taforkblks + aforkblks;
365 tip->i_d.di_nblocks = tmp + taforkblks - aforkblks;
366
367 tmp = (__uint64_t) ip->i_d.di_nextents;
368 ip->i_d.di_nextents = tip->i_d.di_nextents;
369 tip->i_d.di_nextents = tmp;
370
371 tmp = (__uint64_t) ip->i_d.di_format;
372 ip->i_d.di_format = tip->i_d.di_format;
373 tip->i_d.di_format = tmp;
374
375 /*
376 * The extents in the source inode could still contain speculative
377 * preallocation beyond EOF (e.g. the file is open but not modified
378 * while defrag is in progress). In that case, we need to copy over the
379 * number of delalloc blocks the data fork in the source inode is
380 * tracking beyond EOF so that when the fork is truncated away when the
381 * temporary inode is unlinked we don't underrun the i_delayed_blks
382 * counter on that inode.
383 */
384 ASSERT(tip->i_delayed_blks == 0);
385 tip->i_delayed_blks = ip->i_delayed_blks;
386 ip->i_delayed_blks = 0;
387
388 src_log_flags = XFS_ILOG_CORE;
389 switch (ip->i_d.di_format) {
390 case XFS_DINODE_FMT_EXTENTS:
391 /* If the extents fit in the inode, fix the
392 * pointer. Otherwise it's already NULL or
393 * pointing to the extent.
394 */
395 if (ip->i_d.di_nextents <= XFS_INLINE_EXTS) {
396 ifp->if_u1.if_extents =
397 ifp->if_u2.if_inline_ext;
398 }
399 src_log_flags |= XFS_ILOG_DEXT;
400 break;
401 case XFS_DINODE_FMT_BTREE:
402 src_log_flags |= XFS_ILOG_DBROOT;
403 break;
404 }
405
406 target_log_flags = XFS_ILOG_CORE;
407 switch (tip->i_d.di_format) {
408 case XFS_DINODE_FMT_EXTENTS:
409 /* If the extents fit in the inode, fix the
410 * pointer. Otherwise it's already NULL or
411 * pointing to the extent.
412 */
413 if (tip->i_d.di_nextents <= XFS_INLINE_EXTS) {
414 tifp->if_u1.if_extents =
415 tifp->if_u2.if_inline_ext;
416 }
417 target_log_flags |= XFS_ILOG_DEXT;
418 break;
419 case XFS_DINODE_FMT_BTREE:
420 target_log_flags |= XFS_ILOG_DBROOT;
421 break;
422 }
423
424
425 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
426 xfs_trans_ijoin(tp, tip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
427
428 xfs_trans_log_inode(tp, ip, src_log_flags);
429 xfs_trans_log_inode(tp, tip, target_log_flags);
430
431 /*
432 * If this is a synchronous mount, make sure that the
433 * transaction goes to disk before returning to the user.
434 */
435 if (mp->m_flags & XFS_MOUNT_WSYNC)
436 xfs_trans_set_sync(tp);
437
438 error = xfs_trans_commit(tp, 0);
439
440 trace_xfs_swap_extent_after(ip, 0);
441 trace_xfs_swap_extent_after(tip, 1);
442 out:
443 kmem_free(tempifp);
444 return error;
445
446 out_unlock:
447 xfs_iunlock(ip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
448 xfs_iunlock(tip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
449 goto out;
450
451 out_trans_cancel:
452 xfs_trans_cancel(tp, 0);
453 goto out_unlock;
454 }
455