1 /*
2 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
3 * All Rights Reserved.
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 #include "xfs.h"
19 #include "xfs_fs.h"
20 #include "xfs_shared.h"
21 #include "xfs_format.h"
22 #include "xfs_log_format.h"
23 #include "xfs_trans_resv.h"
24 #include "xfs_mount.h"
25 #include "xfs_da_format.h"
26 #include "xfs_inode.h"
27 #include "xfs_bmap.h"
28 #include "xfs_bmap_util.h"
29 #include "xfs_acl.h"
30 #include "xfs_quota.h"
31 #include "xfs_error.h"
32 #include "xfs_attr.h"
33 #include "xfs_trans.h"
34 #include "xfs_trace.h"
35 #include "xfs_icache.h"
36 #include "xfs_symlink.h"
37 #include "xfs_da_btree.h"
38 #include "xfs_dir2.h"
39 #include "xfs_trans_space.h"
40 #include "xfs_pnfs.h"
41 #include "xfs_iomap.h"
42
43 #include <linux/capability.h>
44 #include <linux/xattr.h>
45 #include <linux/posix_acl.h>
46 #include <linux/security.h>
47 #include <linux/iomap.h>
48 #include <linux/slab.h>
49
50 /*
51 * Directories have different lock order w.r.t. mmap_sem compared to regular
52 * files. This is due to readdir potentially triggering page faults on a user
53 * buffer inside filldir(), and this happens with the ilock on the directory
54 * held. For regular files, the lock order is the other way around - the
55 * mmap_sem is taken during the page fault, and then we lock the ilock to do
56 * block mapping. Hence we need a different class for the directory ilock so
57 * that lockdep can tell them apart.
58 */
59 static struct lock_class_key xfs_nondir_ilock_class;
60 static struct lock_class_key xfs_dir_ilock_class;
61
62 static int
xfs_initxattrs(struct inode * inode,const struct xattr * xattr_array,void * fs_info)63 xfs_initxattrs(
64 struct inode *inode,
65 const struct xattr *xattr_array,
66 void *fs_info)
67 {
68 const struct xattr *xattr;
69 struct xfs_inode *ip = XFS_I(inode);
70 int error = 0;
71
72 for (xattr = xattr_array; xattr->name != NULL; xattr++) {
73 error = xfs_attr_set(ip, xattr->name, xattr->value,
74 xattr->value_len, ATTR_SECURE);
75 if (error < 0)
76 break;
77 }
78 return error;
79 }
80
81 /*
82 * Hook in SELinux. This is not quite correct yet, what we really need
83 * here (as we do for default ACLs) is a mechanism by which creation of
84 * these attrs can be journalled at inode creation time (along with the
85 * inode, of course, such that log replay can't cause these to be lost).
86 */
87
88 STATIC int
xfs_init_security(struct inode * inode,struct inode * dir,const struct qstr * qstr)89 xfs_init_security(
90 struct inode *inode,
91 struct inode *dir,
92 const struct qstr *qstr)
93 {
94 return security_inode_init_security(inode, dir, qstr,
95 &xfs_initxattrs, NULL);
96 }
97
98 static void
xfs_dentry_to_name(struct xfs_name * namep,struct dentry * dentry)99 xfs_dentry_to_name(
100 struct xfs_name *namep,
101 struct dentry *dentry)
102 {
103 namep->name = dentry->d_name.name;
104 namep->len = dentry->d_name.len;
105 namep->type = XFS_DIR3_FT_UNKNOWN;
106 }
107
108 static int
xfs_dentry_mode_to_name(struct xfs_name * namep,struct dentry * dentry,int mode)109 xfs_dentry_mode_to_name(
110 struct xfs_name *namep,
111 struct dentry *dentry,
112 int mode)
113 {
114 namep->name = dentry->d_name.name;
115 namep->len = dentry->d_name.len;
116 namep->type = xfs_mode_to_ftype(mode);
117
118 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN))
119 return -EFSCORRUPTED;
120
121 return 0;
122 }
123
124 STATIC void
xfs_cleanup_inode(struct inode * dir,struct inode * inode,struct dentry * dentry)125 xfs_cleanup_inode(
126 struct inode *dir,
127 struct inode *inode,
128 struct dentry *dentry)
129 {
130 struct xfs_name teardown;
131
132 /* Oh, the horror.
133 * If we can't add the ACL or we fail in
134 * xfs_init_security we must back out.
135 * ENOSPC can hit here, among other things.
136 */
137 xfs_dentry_to_name(&teardown, dentry);
138
139 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode));
140 }
141
142 STATIC int
xfs_generic_create(struct inode * dir,struct dentry * dentry,umode_t mode,dev_t rdev,bool tmpfile)143 xfs_generic_create(
144 struct inode *dir,
145 struct dentry *dentry,
146 umode_t mode,
147 dev_t rdev,
148 bool tmpfile) /* unnamed file */
149 {
150 struct inode *inode;
151 struct xfs_inode *ip = NULL;
152 struct posix_acl *default_acl, *acl;
153 struct xfs_name name;
154 int error;
155
156 /*
157 * Irix uses Missed'em'V split, but doesn't want to see
158 * the upper 5 bits of (14bit) major.
159 */
160 if (S_ISCHR(mode) || S_ISBLK(mode)) {
161 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff))
162 return -EINVAL;
163 rdev = sysv_encode_dev(rdev);
164 } else {
165 rdev = 0;
166 }
167
168 error = posix_acl_create(dir, &mode, &default_acl, &acl);
169 if (error)
170 return error;
171
172 /* Verify mode is valid also for tmpfile case */
173 error = xfs_dentry_mode_to_name(&name, dentry, mode);
174 if (unlikely(error))
175 goto out_free_acl;
176
177 if (!tmpfile) {
178 error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip);
179 } else {
180 error = xfs_create_tmpfile(XFS_I(dir), dentry, mode, &ip);
181 }
182 if (unlikely(error))
183 goto out_free_acl;
184
185 inode = VFS_I(ip);
186
187 error = xfs_init_security(inode, dir, &dentry->d_name);
188 if (unlikely(error))
189 goto out_cleanup_inode;
190
191 #ifdef CONFIG_XFS_POSIX_ACL
192 if (default_acl) {
193 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT);
194 if (error)
195 goto out_cleanup_inode;
196 }
197 if (acl) {
198 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS);
199 if (error)
200 goto out_cleanup_inode;
201 }
202 #endif
203
204 xfs_setup_iops(ip);
205
206 if (tmpfile)
207 d_tmpfile(dentry, inode);
208 else
209 d_instantiate(dentry, inode);
210
211 xfs_finish_inode_setup(ip);
212
213 out_free_acl:
214 if (default_acl)
215 posix_acl_release(default_acl);
216 if (acl)
217 posix_acl_release(acl);
218 return error;
219
220 out_cleanup_inode:
221 xfs_finish_inode_setup(ip);
222 if (!tmpfile)
223 xfs_cleanup_inode(dir, inode, dentry);
224 iput(inode);
225 goto out_free_acl;
226 }
227
228 STATIC int
xfs_vn_mknod(struct inode * dir,struct dentry * dentry,umode_t mode,dev_t rdev)229 xfs_vn_mknod(
230 struct inode *dir,
231 struct dentry *dentry,
232 umode_t mode,
233 dev_t rdev)
234 {
235 return xfs_generic_create(dir, dentry, mode, rdev, false);
236 }
237
238 STATIC int
xfs_vn_create(struct inode * dir,struct dentry * dentry,umode_t mode,bool flags)239 xfs_vn_create(
240 struct inode *dir,
241 struct dentry *dentry,
242 umode_t mode,
243 bool flags)
244 {
245 return xfs_vn_mknod(dir, dentry, mode, 0);
246 }
247
248 STATIC int
xfs_vn_mkdir(struct inode * dir,struct dentry * dentry,umode_t mode)249 xfs_vn_mkdir(
250 struct inode *dir,
251 struct dentry *dentry,
252 umode_t mode)
253 {
254 return xfs_vn_mknod(dir, dentry, mode|S_IFDIR, 0);
255 }
256
257 STATIC struct dentry *
xfs_vn_lookup(struct inode * dir,struct dentry * dentry,unsigned int flags)258 xfs_vn_lookup(
259 struct inode *dir,
260 struct dentry *dentry,
261 unsigned int flags)
262 {
263 struct xfs_inode *cip;
264 struct xfs_name name;
265 int error;
266
267 if (dentry->d_name.len >= MAXNAMELEN)
268 return ERR_PTR(-ENAMETOOLONG);
269
270 xfs_dentry_to_name(&name, dentry);
271 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL);
272 if (unlikely(error)) {
273 if (unlikely(error != -ENOENT))
274 return ERR_PTR(error);
275 d_add(dentry, NULL);
276 return NULL;
277 }
278
279 return d_splice_alias(VFS_I(cip), dentry);
280 }
281
282 STATIC struct dentry *
xfs_vn_ci_lookup(struct inode * dir,struct dentry * dentry,unsigned int flags)283 xfs_vn_ci_lookup(
284 struct inode *dir,
285 struct dentry *dentry,
286 unsigned int flags)
287 {
288 struct xfs_inode *ip;
289 struct xfs_name xname;
290 struct xfs_name ci_name;
291 struct qstr dname;
292 int error;
293
294 if (dentry->d_name.len >= MAXNAMELEN)
295 return ERR_PTR(-ENAMETOOLONG);
296
297 xfs_dentry_to_name(&xname, dentry);
298 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name);
299 if (unlikely(error)) {
300 if (unlikely(error != -ENOENT))
301 return ERR_PTR(error);
302 /*
303 * call d_add(dentry, NULL) here when d_drop_negative_children
304 * is called in xfs_vn_mknod (ie. allow negative dentries
305 * with CI filesystems).
306 */
307 return NULL;
308 }
309
310 /* if exact match, just splice and exit */
311 if (!ci_name.name)
312 return d_splice_alias(VFS_I(ip), dentry);
313
314 /* else case-insensitive match... */
315 dname.name = ci_name.name;
316 dname.len = ci_name.len;
317 dentry = d_add_ci(dentry, VFS_I(ip), &dname);
318 kmem_free(ci_name.name);
319 return dentry;
320 }
321
322 STATIC int
xfs_vn_link(struct dentry * old_dentry,struct inode * dir,struct dentry * dentry)323 xfs_vn_link(
324 struct dentry *old_dentry,
325 struct inode *dir,
326 struct dentry *dentry)
327 {
328 struct inode *inode = d_inode(old_dentry);
329 struct xfs_name name;
330 int error;
331
332 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode);
333 if (unlikely(error))
334 return error;
335
336 error = xfs_link(XFS_I(dir), XFS_I(inode), &name);
337 if (unlikely(error))
338 return error;
339
340 ihold(inode);
341 d_instantiate(dentry, inode);
342 return 0;
343 }
344
345 STATIC int
xfs_vn_unlink(struct inode * dir,struct dentry * dentry)346 xfs_vn_unlink(
347 struct inode *dir,
348 struct dentry *dentry)
349 {
350 struct xfs_name name;
351 int error;
352
353 xfs_dentry_to_name(&name, dentry);
354
355 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry)));
356 if (error)
357 return error;
358
359 /*
360 * With unlink, the VFS makes the dentry "negative": no inode,
361 * but still hashed. This is incompatible with case-insensitive
362 * mode, so invalidate (unhash) the dentry in CI-mode.
363 */
364 if (xfs_sb_version_hasasciici(&XFS_M(dir->i_sb)->m_sb))
365 d_invalidate(dentry);
366 return 0;
367 }
368
369 STATIC int
xfs_vn_symlink(struct inode * dir,struct dentry * dentry,const char * symname)370 xfs_vn_symlink(
371 struct inode *dir,
372 struct dentry *dentry,
373 const char *symname)
374 {
375 struct inode *inode;
376 struct xfs_inode *cip = NULL;
377 struct xfs_name name;
378 int error;
379 umode_t mode;
380
381 mode = S_IFLNK |
382 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO);
383 error = xfs_dentry_mode_to_name(&name, dentry, mode);
384 if (unlikely(error))
385 goto out;
386
387 error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip);
388 if (unlikely(error))
389 goto out;
390
391 inode = VFS_I(cip);
392
393 error = xfs_init_security(inode, dir, &dentry->d_name);
394 if (unlikely(error))
395 goto out_cleanup_inode;
396
397 xfs_setup_iops(cip);
398
399 d_instantiate(dentry, inode);
400 xfs_finish_inode_setup(cip);
401 return 0;
402
403 out_cleanup_inode:
404 xfs_finish_inode_setup(cip);
405 xfs_cleanup_inode(dir, inode, dentry);
406 iput(inode);
407 out:
408 return error;
409 }
410
411 STATIC int
xfs_vn_rename(struct inode * odir,struct dentry * odentry,struct inode * ndir,struct dentry * ndentry,unsigned int flags)412 xfs_vn_rename(
413 struct inode *odir,
414 struct dentry *odentry,
415 struct inode *ndir,
416 struct dentry *ndentry,
417 unsigned int flags)
418 {
419 struct inode *new_inode = d_inode(ndentry);
420 int omode = 0;
421 int error;
422 struct xfs_name oname;
423 struct xfs_name nname;
424
425 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
426 return -EINVAL;
427
428 /* if we are exchanging files, we need to set i_mode of both files */
429 if (flags & RENAME_EXCHANGE)
430 omode = d_inode(ndentry)->i_mode;
431
432 error = xfs_dentry_mode_to_name(&oname, odentry, omode);
433 if (omode && unlikely(error))
434 return error;
435
436 error = xfs_dentry_mode_to_name(&nname, ndentry,
437 d_inode(odentry)->i_mode);
438 if (unlikely(error))
439 return error;
440
441 return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)),
442 XFS_I(ndir), &nname,
443 new_inode ? XFS_I(new_inode) : NULL, flags);
444 }
445
446 /*
447 * careful here - this function can get called recursively, so
448 * we need to be very careful about how much stack we use.
449 * uio is kmalloced for this reason...
450 */
451 STATIC const char *
xfs_vn_get_link(struct dentry * dentry,struct inode * inode,struct delayed_call * done)452 xfs_vn_get_link(
453 struct dentry *dentry,
454 struct inode *inode,
455 struct delayed_call *done)
456 {
457 char *link;
458 int error = -ENOMEM;
459
460 if (!dentry)
461 return ERR_PTR(-ECHILD);
462
463 link = kmalloc(MAXPATHLEN+1, GFP_KERNEL);
464 if (!link)
465 goto out_err;
466
467 error = xfs_readlink(XFS_I(d_inode(dentry)), link);
468 if (unlikely(error))
469 goto out_kfree;
470
471 set_delayed_call(done, kfree_link, link);
472 return link;
473
474 out_kfree:
475 kfree(link);
476 out_err:
477 return ERR_PTR(error);
478 }
479
480 STATIC const char *
xfs_vn_get_link_inline(struct dentry * dentry,struct inode * inode,struct delayed_call * done)481 xfs_vn_get_link_inline(
482 struct dentry *dentry,
483 struct inode *inode,
484 struct delayed_call *done)
485 {
486 ASSERT(XFS_I(inode)->i_df.if_flags & XFS_IFINLINE);
487 return XFS_I(inode)->i_df.if_u1.if_data;
488 }
489
490 STATIC int
xfs_vn_getattr(struct vfsmount * mnt,struct dentry * dentry,struct kstat * stat)491 xfs_vn_getattr(
492 struct vfsmount *mnt,
493 struct dentry *dentry,
494 struct kstat *stat)
495 {
496 struct inode *inode = d_inode(dentry);
497 struct xfs_inode *ip = XFS_I(inode);
498 struct xfs_mount *mp = ip->i_mount;
499
500 trace_xfs_getattr(ip);
501
502 if (XFS_FORCED_SHUTDOWN(mp))
503 return -EIO;
504
505 stat->size = XFS_ISIZE(ip);
506 stat->dev = inode->i_sb->s_dev;
507 stat->mode = inode->i_mode;
508 stat->nlink = inode->i_nlink;
509 stat->uid = inode->i_uid;
510 stat->gid = inode->i_gid;
511 stat->ino = ip->i_ino;
512 stat->atime = inode->i_atime;
513 stat->mtime = inode->i_mtime;
514 stat->ctime = inode->i_ctime;
515 stat->blocks =
516 XFS_FSB_TO_BB(mp, ip->i_d.di_nblocks + ip->i_delayed_blks);
517
518
519 switch (inode->i_mode & S_IFMT) {
520 case S_IFBLK:
521 case S_IFCHR:
522 stat->blksize = BLKDEV_IOSIZE;
523 stat->rdev = MKDEV(sysv_major(ip->i_df.if_u2.if_rdev) & 0x1ff,
524 sysv_minor(ip->i_df.if_u2.if_rdev));
525 break;
526 default:
527 if (XFS_IS_REALTIME_INODE(ip)) {
528 /*
529 * If the file blocks are being allocated from a
530 * realtime volume, then return the inode's realtime
531 * extent size or the realtime volume's extent size.
532 */
533 stat->blksize =
534 xfs_get_extsz_hint(ip) << mp->m_sb.sb_blocklog;
535 } else
536 stat->blksize = xfs_preferred_iosize(mp);
537 stat->rdev = 0;
538 break;
539 }
540
541 return 0;
542 }
543
544 static void
xfs_setattr_mode(struct xfs_inode * ip,struct iattr * iattr)545 xfs_setattr_mode(
546 struct xfs_inode *ip,
547 struct iattr *iattr)
548 {
549 struct inode *inode = VFS_I(ip);
550 umode_t mode = iattr->ia_mode;
551
552 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
553
554 inode->i_mode &= S_IFMT;
555 inode->i_mode |= mode & ~S_IFMT;
556 }
557
558 void
xfs_setattr_time(struct xfs_inode * ip,struct iattr * iattr)559 xfs_setattr_time(
560 struct xfs_inode *ip,
561 struct iattr *iattr)
562 {
563 struct inode *inode = VFS_I(ip);
564
565 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
566
567 if (iattr->ia_valid & ATTR_ATIME)
568 inode->i_atime = iattr->ia_atime;
569 if (iattr->ia_valid & ATTR_CTIME)
570 inode->i_ctime = iattr->ia_ctime;
571 if (iattr->ia_valid & ATTR_MTIME)
572 inode->i_mtime = iattr->ia_mtime;
573 }
574
575 static int
xfs_vn_change_ok(struct dentry * dentry,struct iattr * iattr)576 xfs_vn_change_ok(
577 struct dentry *dentry,
578 struct iattr *iattr)
579 {
580 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount;
581
582 if (mp->m_flags & XFS_MOUNT_RDONLY)
583 return -EROFS;
584
585 if (XFS_FORCED_SHUTDOWN(mp))
586 return -EIO;
587
588 return setattr_prepare(dentry, iattr);
589 }
590
591 /*
592 * Set non-size attributes of an inode.
593 *
594 * Caution: The caller of this function is responsible for calling
595 * setattr_prepare() or otherwise verifying the change is fine.
596 */
597 int
xfs_setattr_nonsize(struct xfs_inode * ip,struct iattr * iattr,int flags)598 xfs_setattr_nonsize(
599 struct xfs_inode *ip,
600 struct iattr *iattr,
601 int flags)
602 {
603 xfs_mount_t *mp = ip->i_mount;
604 struct inode *inode = VFS_I(ip);
605 int mask = iattr->ia_valid;
606 xfs_trans_t *tp;
607 int error;
608 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID;
609 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID;
610 struct xfs_dquot *udqp = NULL, *gdqp = NULL;
611 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL;
612
613 ASSERT((mask & ATTR_SIZE) == 0);
614
615 /*
616 * If disk quotas is on, we make sure that the dquots do exist on disk,
617 * before we start any other transactions. Trying to do this later
618 * is messy. We don't care to take a readlock to look at the ids
619 * in inode here, because we can't hold it across the trans_reserve.
620 * If the IDs do change before we take the ilock, we're covered
621 * because the i_*dquot fields will get updated anyway.
622 */
623 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) {
624 uint qflags = 0;
625
626 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) {
627 uid = iattr->ia_uid;
628 qflags |= XFS_QMOPT_UQUOTA;
629 } else {
630 uid = inode->i_uid;
631 }
632 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) {
633 gid = iattr->ia_gid;
634 qflags |= XFS_QMOPT_GQUOTA;
635 } else {
636 gid = inode->i_gid;
637 }
638
639 /*
640 * We take a reference when we initialize udqp and gdqp,
641 * so it is important that we never blindly double trip on
642 * the same variable. See xfs_create() for an example.
643 */
644 ASSERT(udqp == NULL);
645 ASSERT(gdqp == NULL);
646 error = xfs_qm_vop_dqalloc(ip, xfs_kuid_to_uid(uid),
647 xfs_kgid_to_gid(gid),
648 xfs_get_projid(ip),
649 qflags, &udqp, &gdqp, NULL);
650 if (error)
651 return error;
652 }
653
654 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp);
655 if (error)
656 goto out_dqrele;
657
658 xfs_ilock(ip, XFS_ILOCK_EXCL);
659 xfs_trans_ijoin(tp, ip, 0);
660
661 /*
662 * Change file ownership. Must be the owner or privileged.
663 */
664 if (mask & (ATTR_UID|ATTR_GID)) {
665 /*
666 * These IDs could have changed since we last looked at them.
667 * But, we're assured that if the ownership did change
668 * while we didn't have the inode locked, inode's dquot(s)
669 * would have changed also.
670 */
671 iuid = inode->i_uid;
672 igid = inode->i_gid;
673 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid;
674 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid;
675
676 /*
677 * Do a quota reservation only if uid/gid is actually
678 * going to change.
679 */
680 if (XFS_IS_QUOTA_RUNNING(mp) &&
681 ((XFS_IS_UQUOTA_ON(mp) && !uid_eq(iuid, uid)) ||
682 (XFS_IS_GQUOTA_ON(mp) && !gid_eq(igid, gid)))) {
683 ASSERT(tp);
684 error = xfs_qm_vop_chown_reserve(tp, ip, udqp, gdqp,
685 NULL, capable(CAP_FOWNER) ?
686 XFS_QMOPT_FORCE_RES : 0);
687 if (error) /* out of quota */
688 goto out_cancel;
689 }
690 }
691
692 /*
693 * Change file ownership. Must be the owner or privileged.
694 */
695 if (mask & (ATTR_UID|ATTR_GID)) {
696 /*
697 * CAP_FSETID overrides the following restrictions:
698 *
699 * The set-user-ID and set-group-ID bits of a file will be
700 * cleared upon successful return from chown()
701 */
702 if ((inode->i_mode & (S_ISUID|S_ISGID)) &&
703 !capable(CAP_FSETID))
704 inode->i_mode &= ~(S_ISUID|S_ISGID);
705
706 /*
707 * Change the ownerships and register quota modifications
708 * in the transaction.
709 */
710 if (!uid_eq(iuid, uid)) {
711 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) {
712 ASSERT(mask & ATTR_UID);
713 ASSERT(udqp);
714 olddquot1 = xfs_qm_vop_chown(tp, ip,
715 &ip->i_udquot, udqp);
716 }
717 ip->i_d.di_uid = xfs_kuid_to_uid(uid);
718 inode->i_uid = uid;
719 }
720 if (!gid_eq(igid, gid)) {
721 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_GQUOTA_ON(mp)) {
722 ASSERT(xfs_sb_version_has_pquotino(&mp->m_sb) ||
723 !XFS_IS_PQUOTA_ON(mp));
724 ASSERT(mask & ATTR_GID);
725 ASSERT(gdqp);
726 olddquot2 = xfs_qm_vop_chown(tp, ip,
727 &ip->i_gdquot, gdqp);
728 }
729 ip->i_d.di_gid = xfs_kgid_to_gid(gid);
730 inode->i_gid = gid;
731 }
732 }
733
734 if (mask & ATTR_MODE)
735 xfs_setattr_mode(ip, iattr);
736 if (mask & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME))
737 xfs_setattr_time(ip, iattr);
738
739 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
740
741 XFS_STATS_INC(mp, xs_ig_attrchg);
742
743 if (mp->m_flags & XFS_MOUNT_WSYNC)
744 xfs_trans_set_sync(tp);
745 error = xfs_trans_commit(tp);
746
747 xfs_iunlock(ip, XFS_ILOCK_EXCL);
748
749 /*
750 * Release any dquot(s) the inode had kept before chown.
751 */
752 xfs_qm_dqrele(olddquot1);
753 xfs_qm_dqrele(olddquot2);
754 xfs_qm_dqrele(udqp);
755 xfs_qm_dqrele(gdqp);
756
757 if (error)
758 return error;
759
760 /*
761 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode
762 * update. We could avoid this with linked transactions
763 * and passing down the transaction pointer all the way
764 * to attr_set. No previous user of the generic
765 * Posix ACL code seems to care about this issue either.
766 */
767 if ((mask & ATTR_MODE) && !(flags & XFS_ATTR_NOACL)) {
768 error = posix_acl_chmod(inode, inode->i_mode);
769 if (error)
770 return error;
771 }
772
773 return 0;
774
775 out_cancel:
776 xfs_trans_cancel(tp);
777 out_dqrele:
778 xfs_qm_dqrele(udqp);
779 xfs_qm_dqrele(gdqp);
780 return error;
781 }
782
783 int
xfs_vn_setattr_nonsize(struct dentry * dentry,struct iattr * iattr)784 xfs_vn_setattr_nonsize(
785 struct dentry *dentry,
786 struct iattr *iattr)
787 {
788 struct xfs_inode *ip = XFS_I(d_inode(dentry));
789 int error;
790
791 trace_xfs_setattr(ip);
792
793 error = xfs_vn_change_ok(dentry, iattr);
794 if (error)
795 return error;
796 return xfs_setattr_nonsize(ip, iattr, 0);
797 }
798
799 /*
800 * Truncate file. Must have write permission and not be a directory.
801 *
802 * Caution: The caller of this function is responsible for calling
803 * setattr_prepare() or otherwise verifying the change is fine.
804 */
805 STATIC int
xfs_setattr_size(struct xfs_inode * ip,struct iattr * iattr)806 xfs_setattr_size(
807 struct xfs_inode *ip,
808 struct iattr *iattr)
809 {
810 struct xfs_mount *mp = ip->i_mount;
811 struct inode *inode = VFS_I(ip);
812 xfs_off_t oldsize, newsize;
813 struct xfs_trans *tp;
814 int error;
815 uint lock_flags = 0;
816 bool did_zeroing = false;
817
818 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL));
819 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL));
820 ASSERT(S_ISREG(inode->i_mode));
821 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET|
822 ATTR_MTIME_SET|ATTR_KILL_PRIV|ATTR_TIMES_SET)) == 0);
823
824 oldsize = inode->i_size;
825 newsize = iattr->ia_size;
826
827 /*
828 * Short circuit the truncate case for zero length files.
829 */
830 if (newsize == 0 && oldsize == 0 && ip->i_d.di_nextents == 0) {
831 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME)))
832 return 0;
833
834 /*
835 * Use the regular setattr path to update the timestamps.
836 */
837 iattr->ia_valid &= ~ATTR_SIZE;
838 return xfs_setattr_nonsize(ip, iattr, 0);
839 }
840
841 /*
842 * Make sure that the dquots are attached to the inode.
843 */
844 error = xfs_qm_dqattach(ip, 0);
845 if (error)
846 return error;
847
848 /*
849 * Wait for all direct I/O to complete.
850 */
851 inode_dio_wait(inode);
852
853 /*
854 * File data changes must be complete before we start the transaction to
855 * modify the inode. This needs to be done before joining the inode to
856 * the transaction because the inode cannot be unlocked once it is a
857 * part of the transaction.
858 *
859 * Start with zeroing any data beyond EOF that we may expose on file
860 * extension, or zeroing out the rest of the block on a downward
861 * truncate.
862 */
863 if (newsize > oldsize) {
864 error = xfs_zero_eof(ip, newsize, oldsize, &did_zeroing);
865 } else {
866 error = iomap_truncate_page(inode, newsize, &did_zeroing,
867 &xfs_iomap_ops);
868 }
869
870 if (error)
871 return error;
872
873 /*
874 * We've already locked out new page faults, so now we can safely remove
875 * pages from the page cache knowing they won't get refaulted until we
876 * drop the XFS_MMAP_EXCL lock after the extent manipulations are
877 * complete. The truncate_setsize() call also cleans partial EOF page
878 * PTEs on extending truncates and hence ensures sub-page block size
879 * filesystems are correctly handled, too.
880 *
881 * We have to do all the page cache truncate work outside the
882 * transaction context as the "lock" order is page lock->log space
883 * reservation as defined by extent allocation in the writeback path.
884 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but
885 * having already truncated the in-memory version of the file (i.e. made
886 * user visible changes). There's not much we can do about this, except
887 * to hope that the caller sees ENOMEM and retries the truncate
888 * operation.
889 *
890 * And we update in-core i_size and truncate page cache beyond newsize
891 * before writeback the [di_size, newsize] range, so we're guaranteed
892 * not to write stale data past the new EOF on truncate down.
893 */
894 truncate_setsize(inode, newsize);
895
896 /*
897 * We are going to log the inode size change in this transaction so
898 * any previous writes that are beyond the on disk EOF and the new
899 * EOF that have not been written out need to be written here. If we
900 * do not write the data out, we expose ourselves to the null files
901 * problem. Note that this includes any block zeroing we did above;
902 * otherwise those blocks may not be zeroed after a crash.
903 */
904 if (did_zeroing ||
905 (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) {
906 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping,
907 ip->i_d.di_size, newsize - 1);
908 if (error)
909 return error;
910 }
911
912 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp);
913 if (error)
914 return error;
915
916 lock_flags |= XFS_ILOCK_EXCL;
917 xfs_ilock(ip, XFS_ILOCK_EXCL);
918 xfs_trans_ijoin(tp, ip, 0);
919
920 /*
921 * Only change the c/mtime if we are changing the size or we are
922 * explicitly asked to change it. This handles the semantic difference
923 * between truncate() and ftruncate() as implemented in the VFS.
924 *
925 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a
926 * special case where we need to update the times despite not having
927 * these flags set. For all other operations the VFS set these flags
928 * explicitly if it wants a timestamp update.
929 */
930 if (newsize != oldsize &&
931 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) {
932 iattr->ia_ctime = iattr->ia_mtime =
933 current_time(inode);
934 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME;
935 }
936
937 /*
938 * The first thing we do is set the size to new_size permanently on
939 * disk. This way we don't have to worry about anyone ever being able
940 * to look at the data being freed even in the face of a crash.
941 * What we're getting around here is the case where we free a block, it
942 * is allocated to another file, it is written to, and then we crash.
943 * If the new data gets written to the file but the log buffers
944 * containing the free and reallocation don't, then we'd end up with
945 * garbage in the blocks being freed. As long as we make the new size
946 * permanent before actually freeing any blocks it doesn't matter if
947 * they get written to.
948 */
949 ip->i_d.di_size = newsize;
950 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
951
952 if (newsize <= oldsize) {
953 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize);
954 if (error)
955 goto out_trans_cancel;
956
957 /*
958 * Truncated "down", so we're removing references to old data
959 * here - if we delay flushing for a long time, we expose
960 * ourselves unduly to the notorious NULL files problem. So,
961 * we mark this inode and flush it when the file is closed,
962 * and do not wait the usual (long) time for writeout.
963 */
964 xfs_iflags_set(ip, XFS_ITRUNCATED);
965
966 /* A truncate down always removes post-EOF blocks. */
967 xfs_inode_clear_eofblocks_tag(ip);
968 }
969
970 if (iattr->ia_valid & ATTR_MODE)
971 xfs_setattr_mode(ip, iattr);
972 if (iattr->ia_valid & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME))
973 xfs_setattr_time(ip, iattr);
974
975 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
976
977 XFS_STATS_INC(mp, xs_ig_attrchg);
978
979 if (mp->m_flags & XFS_MOUNT_WSYNC)
980 xfs_trans_set_sync(tp);
981
982 error = xfs_trans_commit(tp);
983 out_unlock:
984 if (lock_flags)
985 xfs_iunlock(ip, lock_flags);
986 return error;
987
988 out_trans_cancel:
989 xfs_trans_cancel(tp);
990 goto out_unlock;
991 }
992
993 int
xfs_vn_setattr_size(struct dentry * dentry,struct iattr * iattr)994 xfs_vn_setattr_size(
995 struct dentry *dentry,
996 struct iattr *iattr)
997 {
998 struct xfs_inode *ip = XFS_I(d_inode(dentry));
999 int error;
1000
1001 trace_xfs_setattr(ip);
1002
1003 error = xfs_vn_change_ok(dentry, iattr);
1004 if (error)
1005 return error;
1006 return xfs_setattr_size(ip, iattr);
1007 }
1008
1009 STATIC int
xfs_vn_setattr(struct dentry * dentry,struct iattr * iattr)1010 xfs_vn_setattr(
1011 struct dentry *dentry,
1012 struct iattr *iattr)
1013 {
1014 int error;
1015
1016 if (iattr->ia_valid & ATTR_SIZE) {
1017 struct xfs_inode *ip = XFS_I(d_inode(dentry));
1018 uint iolock = XFS_IOLOCK_EXCL;
1019
1020 xfs_ilock(ip, iolock);
1021 error = xfs_break_layouts(d_inode(dentry), &iolock, true);
1022 if (!error) {
1023 xfs_ilock(ip, XFS_MMAPLOCK_EXCL);
1024 iolock |= XFS_MMAPLOCK_EXCL;
1025
1026 error = xfs_vn_setattr_size(dentry, iattr);
1027 }
1028 xfs_iunlock(ip, iolock);
1029 } else {
1030 error = xfs_vn_setattr_nonsize(dentry, iattr);
1031 }
1032
1033 return error;
1034 }
1035
1036 STATIC int
xfs_vn_update_time(struct inode * inode,struct timespec * now,int flags)1037 xfs_vn_update_time(
1038 struct inode *inode,
1039 struct timespec *now,
1040 int flags)
1041 {
1042 struct xfs_inode *ip = XFS_I(inode);
1043 struct xfs_mount *mp = ip->i_mount;
1044 struct xfs_trans *tp;
1045 int error;
1046
1047 trace_xfs_update_time(ip);
1048
1049 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp);
1050 if (error)
1051 return error;
1052
1053 xfs_ilock(ip, XFS_ILOCK_EXCL);
1054 if (flags & S_CTIME)
1055 inode->i_ctime = *now;
1056 if (flags & S_MTIME)
1057 inode->i_mtime = *now;
1058 if (flags & S_ATIME)
1059 inode->i_atime = *now;
1060
1061 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
1062 xfs_trans_log_inode(tp, ip, XFS_ILOG_TIMESTAMP);
1063 return xfs_trans_commit(tp);
1064 }
1065
1066 STATIC int
xfs_vn_fiemap(struct inode * inode,struct fiemap_extent_info * fieinfo,u64 start,u64 length)1067 xfs_vn_fiemap(
1068 struct inode *inode,
1069 struct fiemap_extent_info *fieinfo,
1070 u64 start,
1071 u64 length)
1072 {
1073 int error;
1074
1075 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED);
1076 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) {
1077 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR;
1078 error = iomap_fiemap(inode, fieinfo, start, length,
1079 &xfs_xattr_iomap_ops);
1080 } else {
1081 error = iomap_fiemap(inode, fieinfo, start, length,
1082 &xfs_iomap_ops);
1083 }
1084 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED);
1085
1086 return error;
1087 }
1088
1089 STATIC int
xfs_vn_tmpfile(struct inode * dir,struct dentry * dentry,umode_t mode)1090 xfs_vn_tmpfile(
1091 struct inode *dir,
1092 struct dentry *dentry,
1093 umode_t mode)
1094 {
1095 return xfs_generic_create(dir, dentry, mode, 0, true);
1096 }
1097
1098 static const struct inode_operations xfs_inode_operations = {
1099 .get_acl = xfs_get_acl,
1100 .set_acl = xfs_set_acl,
1101 .getattr = xfs_vn_getattr,
1102 .setattr = xfs_vn_setattr,
1103 .listxattr = xfs_vn_listxattr,
1104 .fiemap = xfs_vn_fiemap,
1105 .update_time = xfs_vn_update_time,
1106 };
1107
1108 static const struct inode_operations xfs_dir_inode_operations = {
1109 .create = xfs_vn_create,
1110 .lookup = xfs_vn_lookup,
1111 .link = xfs_vn_link,
1112 .unlink = xfs_vn_unlink,
1113 .symlink = xfs_vn_symlink,
1114 .mkdir = xfs_vn_mkdir,
1115 /*
1116 * Yes, XFS uses the same method for rmdir and unlink.
1117 *
1118 * There are some subtile differences deeper in the code,
1119 * but we use S_ISDIR to check for those.
1120 */
1121 .rmdir = xfs_vn_unlink,
1122 .mknod = xfs_vn_mknod,
1123 .rename = xfs_vn_rename,
1124 .get_acl = xfs_get_acl,
1125 .set_acl = xfs_set_acl,
1126 .getattr = xfs_vn_getattr,
1127 .setattr = xfs_vn_setattr,
1128 .listxattr = xfs_vn_listxattr,
1129 .update_time = xfs_vn_update_time,
1130 .tmpfile = xfs_vn_tmpfile,
1131 };
1132
1133 static const struct inode_operations xfs_dir_ci_inode_operations = {
1134 .create = xfs_vn_create,
1135 .lookup = xfs_vn_ci_lookup,
1136 .link = xfs_vn_link,
1137 .unlink = xfs_vn_unlink,
1138 .symlink = xfs_vn_symlink,
1139 .mkdir = xfs_vn_mkdir,
1140 /*
1141 * Yes, XFS uses the same method for rmdir and unlink.
1142 *
1143 * There are some subtile differences deeper in the code,
1144 * but we use S_ISDIR to check for those.
1145 */
1146 .rmdir = xfs_vn_unlink,
1147 .mknod = xfs_vn_mknod,
1148 .rename = xfs_vn_rename,
1149 .get_acl = xfs_get_acl,
1150 .set_acl = xfs_set_acl,
1151 .getattr = xfs_vn_getattr,
1152 .setattr = xfs_vn_setattr,
1153 .listxattr = xfs_vn_listxattr,
1154 .update_time = xfs_vn_update_time,
1155 .tmpfile = xfs_vn_tmpfile,
1156 };
1157
1158 static const struct inode_operations xfs_symlink_inode_operations = {
1159 .readlink = generic_readlink,
1160 .get_link = xfs_vn_get_link,
1161 .getattr = xfs_vn_getattr,
1162 .setattr = xfs_vn_setattr,
1163 .listxattr = xfs_vn_listxattr,
1164 .update_time = xfs_vn_update_time,
1165 };
1166
1167 static const struct inode_operations xfs_inline_symlink_inode_operations = {
1168 .readlink = generic_readlink,
1169 .get_link = xfs_vn_get_link_inline,
1170 .getattr = xfs_vn_getattr,
1171 .setattr = xfs_vn_setattr,
1172 .listxattr = xfs_vn_listxattr,
1173 .update_time = xfs_vn_update_time,
1174 };
1175
1176 STATIC void
xfs_diflags_to_iflags(struct inode * inode,struct xfs_inode * ip)1177 xfs_diflags_to_iflags(
1178 struct inode *inode,
1179 struct xfs_inode *ip)
1180 {
1181 uint16_t flags = ip->i_d.di_flags;
1182
1183 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC |
1184 S_NOATIME | S_DAX);
1185
1186 if (flags & XFS_DIFLAG_IMMUTABLE)
1187 inode->i_flags |= S_IMMUTABLE;
1188 if (flags & XFS_DIFLAG_APPEND)
1189 inode->i_flags |= S_APPEND;
1190 if (flags & XFS_DIFLAG_SYNC)
1191 inode->i_flags |= S_SYNC;
1192 if (flags & XFS_DIFLAG_NOATIME)
1193 inode->i_flags |= S_NOATIME;
1194 if (S_ISREG(inode->i_mode) &&
1195 ip->i_mount->m_sb.sb_blocksize == PAGE_SIZE &&
1196 !xfs_is_reflink_inode(ip) &&
1197 (ip->i_mount->m_flags & XFS_MOUNT_DAX ||
1198 ip->i_d.di_flags2 & XFS_DIFLAG2_DAX))
1199 inode->i_flags |= S_DAX;
1200 }
1201
1202 /*
1203 * Initialize the Linux inode.
1204 *
1205 * When reading existing inodes from disk this is called directly from xfs_iget,
1206 * when creating a new inode it is called from xfs_ialloc after setting up the
1207 * inode. These callers have different criteria for clearing XFS_INEW, so leave
1208 * it up to the caller to deal with unlocking the inode appropriately.
1209 */
1210 void
xfs_setup_inode(struct xfs_inode * ip)1211 xfs_setup_inode(
1212 struct xfs_inode *ip)
1213 {
1214 struct inode *inode = &ip->i_vnode;
1215 gfp_t gfp_mask;
1216
1217 inode->i_ino = ip->i_ino;
1218 inode->i_state = I_NEW;
1219
1220 inode_sb_list_add(inode);
1221 /* make the inode look hashed for the writeback code */
1222 hlist_add_fake(&inode->i_hash);
1223
1224 inode->i_uid = xfs_uid_to_kuid(ip->i_d.di_uid);
1225 inode->i_gid = xfs_gid_to_kgid(ip->i_d.di_gid);
1226
1227 switch (inode->i_mode & S_IFMT) {
1228 case S_IFBLK:
1229 case S_IFCHR:
1230 inode->i_rdev =
1231 MKDEV(sysv_major(ip->i_df.if_u2.if_rdev) & 0x1ff,
1232 sysv_minor(ip->i_df.if_u2.if_rdev));
1233 break;
1234 default:
1235 inode->i_rdev = 0;
1236 break;
1237 }
1238
1239 i_size_write(inode, ip->i_d.di_size);
1240 xfs_diflags_to_iflags(inode, ip);
1241
1242 if (S_ISDIR(inode->i_mode)) {
1243 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class);
1244 ip->d_ops = ip->i_mount->m_dir_inode_ops;
1245 } else {
1246 ip->d_ops = ip->i_mount->m_nondir_inode_ops;
1247 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class);
1248 }
1249
1250 /*
1251 * Ensure all page cache allocations are done from GFP_NOFS context to
1252 * prevent direct reclaim recursion back into the filesystem and blowing
1253 * stacks or deadlocking.
1254 */
1255 gfp_mask = mapping_gfp_mask(inode->i_mapping);
1256 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS)));
1257
1258 /*
1259 * If there is no attribute fork no ACL can exist on this inode,
1260 * and it can't have any file capabilities attached to it either.
1261 */
1262 if (!XFS_IFORK_Q(ip)) {
1263 inode_has_no_xattr(inode);
1264 cache_no_acl(inode);
1265 }
1266 }
1267
1268 void
xfs_setup_iops(struct xfs_inode * ip)1269 xfs_setup_iops(
1270 struct xfs_inode *ip)
1271 {
1272 struct inode *inode = &ip->i_vnode;
1273
1274 switch (inode->i_mode & S_IFMT) {
1275 case S_IFREG:
1276 inode->i_op = &xfs_inode_operations;
1277 inode->i_fop = &xfs_file_operations;
1278 inode->i_mapping->a_ops = &xfs_address_space_operations;
1279 break;
1280 case S_IFDIR:
1281 if (xfs_sb_version_hasasciici(&XFS_M(inode->i_sb)->m_sb))
1282 inode->i_op = &xfs_dir_ci_inode_operations;
1283 else
1284 inode->i_op = &xfs_dir_inode_operations;
1285 inode->i_fop = &xfs_dir_file_operations;
1286 break;
1287 case S_IFLNK:
1288 if (ip->i_df.if_flags & XFS_IFINLINE)
1289 inode->i_op = &xfs_inline_symlink_inode_operations;
1290 else
1291 inode->i_op = &xfs_symlink_inode_operations;
1292 break;
1293 default:
1294 inode->i_op = &xfs_inode_operations;
1295 init_special_inode(inode, inode->i_mode, inode->i_rdev);
1296 break;
1297 }
1298 }
1299