1 // SPDX-License-Identifier: GPL-2.0-only
2 /* * This file is part of UBIFS.
3 *
4 * Copyright (C) 2006-2008 Nokia Corporation.
5 * Copyright (C) 2006, 2007 University of Szeged, Hungary
6 *
7 * Authors: Artem Bityutskiy (Битюцкий Артём)
8 * Adrian Hunter
9 * Zoltan Sogor
10 */
11
12 /*
13 * This file implements directory operations.
14 *
15 * All FS operations in this file allocate budget before writing anything to the
16 * media. If they fail to allocate it, the error is returned. The only
17 * exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even
18 * if they unable to allocate the budget, because deletion %-ENOSPC failure is
19 * not what users are usually ready to get. UBIFS budgeting subsystem has some
20 * space reserved for these purposes.
21 *
22 * All operations in this file write all inodes which they change straight
23 * away, instead of marking them dirty. For example, 'ubifs_link()' changes
24 * @i_size of the parent inode and writes the parent inode together with the
25 * target inode. This was done to simplify file-system recovery which would
26 * otherwise be very difficult to do. The only exception is rename which marks
27 * the re-named inode dirty (because its @i_ctime is updated) but does not
28 * write it, but just marks it as dirty.
29 */
30
31 #include "ubifs.h"
32
33 /**
34 * inherit_flags - inherit flags of the parent inode.
35 * @dir: parent inode
36 * @mode: new inode mode flags
37 *
38 * This is a helper function for 'ubifs_new_inode()' which inherits flag of the
39 * parent directory inode @dir. UBIFS inodes inherit the following flags:
40 * o %UBIFS_COMPR_FL, which is useful to switch compression on/of on
41 * sub-directory basis;
42 * o %UBIFS_SYNC_FL - useful for the same reasons;
43 * o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories.
44 *
45 * This function returns the inherited flags.
46 */
inherit_flags(const struct inode * dir,umode_t mode)47 static int inherit_flags(const struct inode *dir, umode_t mode)
48 {
49 int flags;
50 const struct ubifs_inode *ui = ubifs_inode(dir);
51
52 if (!S_ISDIR(dir->i_mode))
53 /*
54 * The parent is not a directory, which means that an extended
55 * attribute inode is being created. No flags.
56 */
57 return 0;
58
59 flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL);
60 if (!S_ISDIR(mode))
61 /* The "DIRSYNC" flag only applies to directories */
62 flags &= ~UBIFS_DIRSYNC_FL;
63 return flags;
64 }
65
66 /**
67 * ubifs_new_inode - allocate new UBIFS inode object.
68 * @c: UBIFS file-system description object
69 * @dir: parent directory inode
70 * @mode: inode mode flags
71 *
72 * This function finds an unused inode number, allocates new inode and
73 * initializes it. Returns new inode in case of success and an error code in
74 * case of failure.
75 */
ubifs_new_inode(struct ubifs_info * c,struct inode * dir,umode_t mode)76 struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
77 umode_t mode)
78 {
79 int err;
80 struct inode *inode;
81 struct ubifs_inode *ui;
82 bool encrypted = false;
83
84 inode = new_inode(c->vfs_sb);
85 ui = ubifs_inode(inode);
86 if (!inode)
87 return ERR_PTR(-ENOMEM);
88
89 /*
90 * Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and
91 * marking them dirty in file write path (see 'file_update_time()').
92 * UBIFS has to fully control "clean <-> dirty" transitions of inodes
93 * to make budgeting work.
94 */
95 inode->i_flags |= S_NOCMTIME;
96
97 inode_init_owner(inode, dir, mode);
98 inode->i_mtime = inode->i_atime = inode->i_ctime =
99 current_time(inode);
100 inode->i_mapping->nrpages = 0;
101
102 err = fscrypt_prepare_new_inode(dir, inode, &encrypted);
103 if (err) {
104 ubifs_err(c, "fscrypt_prepare_new_inode failed: %i", err);
105 goto out_iput;
106 }
107
108 switch (mode & S_IFMT) {
109 case S_IFREG:
110 inode->i_mapping->a_ops = &ubifs_file_address_operations;
111 inode->i_op = &ubifs_file_inode_operations;
112 inode->i_fop = &ubifs_file_operations;
113 break;
114 case S_IFDIR:
115 inode->i_op = &ubifs_dir_inode_operations;
116 inode->i_fop = &ubifs_dir_operations;
117 inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ;
118 break;
119 case S_IFLNK:
120 inode->i_op = &ubifs_symlink_inode_operations;
121 break;
122 case S_IFSOCK:
123 case S_IFIFO:
124 case S_IFBLK:
125 case S_IFCHR:
126 inode->i_op = &ubifs_file_inode_operations;
127 break;
128 default:
129 BUG();
130 }
131
132 ui->flags = inherit_flags(dir, mode);
133 ubifs_set_inode_flags(inode);
134 if (S_ISREG(mode))
135 ui->compr_type = c->default_compr;
136 else
137 ui->compr_type = UBIFS_COMPR_NONE;
138 ui->synced_i_size = 0;
139
140 spin_lock(&c->cnt_lock);
141 /* Inode number overflow is currently not supported */
142 if (c->highest_inum >= INUM_WARN_WATERMARK) {
143 if (c->highest_inum >= INUM_WATERMARK) {
144 spin_unlock(&c->cnt_lock);
145 ubifs_err(c, "out of inode numbers");
146 err = -EINVAL;
147 goto out_iput;
148 }
149 ubifs_warn(c, "running out of inode numbers (current %lu, max %u)",
150 (unsigned long)c->highest_inum, INUM_WATERMARK);
151 }
152
153 inode->i_ino = ++c->highest_inum;
154 /*
155 * The creation sequence number remains with this inode for its
156 * lifetime. All nodes for this inode have a greater sequence number,
157 * and so it is possible to distinguish obsolete nodes belonging to a
158 * previous incarnation of the same inode number - for example, for the
159 * purpose of rebuilding the index.
160 */
161 ui->creat_sqnum = ++c->max_sqnum;
162 spin_unlock(&c->cnt_lock);
163
164 if (encrypted) {
165 err = fscrypt_set_context(inode, NULL);
166 if (err) {
167 ubifs_err(c, "fscrypt_set_context failed: %i", err);
168 goto out_iput;
169 }
170 }
171
172 return inode;
173
174 out_iput:
175 make_bad_inode(inode);
176 iput(inode);
177 return ERR_PTR(err);
178 }
179
dbg_check_name(const struct ubifs_info * c,const struct ubifs_dent_node * dent,const struct fscrypt_name * nm)180 static int dbg_check_name(const struct ubifs_info *c,
181 const struct ubifs_dent_node *dent,
182 const struct fscrypt_name *nm)
183 {
184 if (!dbg_is_chk_gen(c))
185 return 0;
186 if (le16_to_cpu(dent->nlen) != fname_len(nm))
187 return -EINVAL;
188 if (memcmp(dent->name, fname_name(nm), fname_len(nm)))
189 return -EINVAL;
190 return 0;
191 }
192
ubifs_lookup(struct inode * dir,struct dentry * dentry,unsigned int flags)193 static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
194 unsigned int flags)
195 {
196 int err;
197 union ubifs_key key;
198 struct inode *inode = NULL;
199 struct ubifs_dent_node *dent = NULL;
200 struct ubifs_info *c = dir->i_sb->s_fs_info;
201 struct fscrypt_name nm;
202
203 dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino);
204
205 err = fscrypt_prepare_lookup(dir, dentry, &nm);
206 generic_set_encrypted_ci_d_ops(dentry);
207 if (err == -ENOENT)
208 return d_splice_alias(NULL, dentry);
209 if (err)
210 return ERR_PTR(err);
211
212 if (fname_len(&nm) > UBIFS_MAX_NLEN) {
213 inode = ERR_PTR(-ENAMETOOLONG);
214 goto done;
215 }
216
217 dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
218 if (!dent) {
219 inode = ERR_PTR(-ENOMEM);
220 goto done;
221 }
222
223 if (fname_name(&nm) == NULL) {
224 if (nm.hash & ~UBIFS_S_KEY_HASH_MASK)
225 goto done; /* ENOENT */
226 dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
227 err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
228 } else {
229 dent_key_init(c, &key, dir->i_ino, &nm);
230 err = ubifs_tnc_lookup_nm(c, &key, dent, &nm);
231 }
232
233 if (err) {
234 if (err == -ENOENT)
235 dbg_gen("not found");
236 else
237 inode = ERR_PTR(err);
238 goto done;
239 }
240
241 if (dbg_check_name(c, dent, &nm)) {
242 inode = ERR_PTR(-EINVAL);
243 goto done;
244 }
245
246 inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum));
247 if (IS_ERR(inode)) {
248 /*
249 * This should not happen. Probably the file-system needs
250 * checking.
251 */
252 err = PTR_ERR(inode);
253 ubifs_err(c, "dead directory entry '%pd', error %d",
254 dentry, err);
255 ubifs_ro_mode(c, err);
256 goto done;
257 }
258
259 if (IS_ENCRYPTED(dir) &&
260 (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
261 !fscrypt_has_permitted_context(dir, inode)) {
262 ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
263 dir->i_ino, inode->i_ino);
264 iput(inode);
265 inode = ERR_PTR(-EPERM);
266 }
267
268 done:
269 kfree(dent);
270 fscrypt_free_filename(&nm);
271 return d_splice_alias(inode, dentry);
272 }
273
ubifs_prepare_create(struct inode * dir,struct dentry * dentry,struct fscrypt_name * nm)274 static int ubifs_prepare_create(struct inode *dir, struct dentry *dentry,
275 struct fscrypt_name *nm)
276 {
277 if (fscrypt_is_nokey_name(dentry))
278 return -ENOKEY;
279
280 return fscrypt_setup_filename(dir, &dentry->d_name, 0, nm);
281 }
282
ubifs_create(struct inode * dir,struct dentry * dentry,umode_t mode,bool excl)283 static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
284 bool excl)
285 {
286 struct inode *inode;
287 struct ubifs_info *c = dir->i_sb->s_fs_info;
288 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
289 .dirtied_ino = 1 };
290 struct ubifs_inode *dir_ui = ubifs_inode(dir);
291 struct fscrypt_name nm;
292 int err, sz_change;
293
294 /*
295 * Budget request settings: new inode, new direntry, changing the
296 * parent directory inode.
297 */
298
299 dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
300 dentry, mode, dir->i_ino);
301
302 err = ubifs_budget_space(c, &req);
303 if (err)
304 return err;
305
306 err = ubifs_prepare_create(dir, dentry, &nm);
307 if (err)
308 goto out_budg;
309
310 sz_change = CALC_DENT_SIZE(fname_len(&nm));
311
312 inode = ubifs_new_inode(c, dir, mode);
313 if (IS_ERR(inode)) {
314 err = PTR_ERR(inode);
315 goto out_fname;
316 }
317
318 err = ubifs_init_security(dir, inode, &dentry->d_name);
319 if (err)
320 goto out_inode;
321
322 mutex_lock(&dir_ui->ui_mutex);
323 dir->i_size += sz_change;
324 dir_ui->ui_size = dir->i_size;
325 dir->i_mtime = dir->i_ctime = inode->i_ctime;
326 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
327 if (err)
328 goto out_cancel;
329 mutex_unlock(&dir_ui->ui_mutex);
330
331 ubifs_release_budget(c, &req);
332 fscrypt_free_filename(&nm);
333 insert_inode_hash(inode);
334 d_instantiate(dentry, inode);
335 return 0;
336
337 out_cancel:
338 dir->i_size -= sz_change;
339 dir_ui->ui_size = dir->i_size;
340 mutex_unlock(&dir_ui->ui_mutex);
341 out_inode:
342 make_bad_inode(inode);
343 iput(inode);
344 out_fname:
345 fscrypt_free_filename(&nm);
346 out_budg:
347 ubifs_release_budget(c, &req);
348 ubifs_err(c, "cannot create regular file, error %d", err);
349 return err;
350 }
351
do_tmpfile(struct inode * dir,struct dentry * dentry,umode_t mode,struct inode ** whiteout)352 static int do_tmpfile(struct inode *dir, struct dentry *dentry,
353 umode_t mode, struct inode **whiteout)
354 {
355 struct inode *inode;
356 struct ubifs_info *c = dir->i_sb->s_fs_info;
357 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
358 .dirtied_ino = 1};
359 struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
360 struct ubifs_inode *ui, *dir_ui = ubifs_inode(dir);
361 int err, instantiated = 0;
362 struct fscrypt_name nm;
363
364 /*
365 * Budget request settings: new inode, new direntry, changing the
366 * parent directory inode.
367 * Allocate budget separately for new dirtied inode, the budget will
368 * be released via writeback.
369 */
370
371 dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
372 dentry, mode, dir->i_ino);
373
374 err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
375 if (err)
376 return err;
377
378 err = ubifs_budget_space(c, &req);
379 if (err) {
380 fscrypt_free_filename(&nm);
381 return err;
382 }
383
384 err = ubifs_budget_space(c, &ino_req);
385 if (err) {
386 ubifs_release_budget(c, &req);
387 fscrypt_free_filename(&nm);
388 return err;
389 }
390
391 inode = ubifs_new_inode(c, dir, mode);
392 if (IS_ERR(inode)) {
393 err = PTR_ERR(inode);
394 goto out_budg;
395 }
396 ui = ubifs_inode(inode);
397
398 if (whiteout) {
399 init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
400 ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations);
401 }
402
403 err = ubifs_init_security(dir, inode, &dentry->d_name);
404 if (err)
405 goto out_inode;
406
407 mutex_lock(&ui->ui_mutex);
408 insert_inode_hash(inode);
409
410 if (whiteout) {
411 mark_inode_dirty(inode);
412 drop_nlink(inode);
413 *whiteout = inode;
414 } else {
415 d_tmpfile(dentry, inode);
416 }
417 ubifs_assert(c, ui->dirty);
418
419 instantiated = 1;
420 mutex_unlock(&ui->ui_mutex);
421
422 mutex_lock(&dir_ui->ui_mutex);
423 err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
424 if (err)
425 goto out_cancel;
426 mutex_unlock(&dir_ui->ui_mutex);
427
428 ubifs_release_budget(c, &req);
429 fscrypt_free_filename(&nm);
430
431 return 0;
432
433 out_cancel:
434 mutex_unlock(&dir_ui->ui_mutex);
435 out_inode:
436 make_bad_inode(inode);
437 if (!instantiated)
438 iput(inode);
439 else if (whiteout)
440 iput(*whiteout);
441 out_budg:
442 ubifs_release_budget(c, &req);
443 if (!instantiated)
444 ubifs_release_budget(c, &ino_req);
445 fscrypt_free_filename(&nm);
446 ubifs_err(c, "cannot create temporary file, error %d", err);
447 return err;
448 }
449
ubifs_tmpfile(struct inode * dir,struct dentry * dentry,umode_t mode)450 static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry,
451 umode_t mode)
452 {
453 return do_tmpfile(dir, dentry, mode, NULL);
454 }
455
456 /**
457 * vfs_dent_type - get VFS directory entry type.
458 * @type: UBIFS directory entry type
459 *
460 * This function converts UBIFS directory entry type into VFS directory entry
461 * type.
462 */
vfs_dent_type(uint8_t type)463 static unsigned int vfs_dent_type(uint8_t type)
464 {
465 switch (type) {
466 case UBIFS_ITYPE_REG:
467 return DT_REG;
468 case UBIFS_ITYPE_DIR:
469 return DT_DIR;
470 case UBIFS_ITYPE_LNK:
471 return DT_LNK;
472 case UBIFS_ITYPE_BLK:
473 return DT_BLK;
474 case UBIFS_ITYPE_CHR:
475 return DT_CHR;
476 case UBIFS_ITYPE_FIFO:
477 return DT_FIFO;
478 case UBIFS_ITYPE_SOCK:
479 return DT_SOCK;
480 default:
481 BUG();
482 }
483 return 0;
484 }
485
486 /*
487 * The classical Unix view for directory is that it is a linear array of
488 * (name, inode number) entries. Linux/VFS assumes this model as well.
489 * Particularly, 'readdir()' call wants us to return a directory entry offset
490 * which later may be used to continue 'readdir()'ing the directory or to
491 * 'seek()' to that specific direntry. Obviously UBIFS does not really fit this
492 * model because directory entries are identified by keys, which may collide.
493 *
494 * UBIFS uses directory entry hash value for directory offsets, so
495 * 'seekdir()'/'telldir()' may not always work because of possible key
496 * collisions. But UBIFS guarantees that consecutive 'readdir()' calls work
497 * properly by means of saving full directory entry name in the private field
498 * of the file description object.
499 *
500 * This means that UBIFS cannot support NFS which requires full
501 * 'seekdir()'/'telldir()' support.
502 */
ubifs_readdir(struct file * file,struct dir_context * ctx)503 static int ubifs_readdir(struct file *file, struct dir_context *ctx)
504 {
505 int fstr_real_len = 0, err = 0;
506 struct fscrypt_name nm;
507 struct fscrypt_str fstr = {0};
508 union ubifs_key key;
509 struct ubifs_dent_node *dent;
510 struct inode *dir = file_inode(file);
511 struct ubifs_info *c = dir->i_sb->s_fs_info;
512 bool encrypted = IS_ENCRYPTED(dir);
513
514 dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos);
515
516 if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2)
517 /*
518 * The directory was seek'ed to a senseless position or there
519 * are no more entries.
520 */
521 return 0;
522
523 if (encrypted) {
524 err = fscrypt_prepare_readdir(dir);
525 if (err)
526 return err;
527
528 err = fscrypt_fname_alloc_buffer(UBIFS_MAX_NLEN, &fstr);
529 if (err)
530 return err;
531
532 fstr_real_len = fstr.len;
533 }
534
535 if (file->f_version == 0) {
536 /*
537 * The file was seek'ed, which means that @file->private_data
538 * is now invalid. This may also be just the first
539 * 'ubifs_readdir()' invocation, in which case
540 * @file->private_data is NULL, and the below code is
541 * basically a no-op.
542 */
543 kfree(file->private_data);
544 file->private_data = NULL;
545 }
546
547 /*
548 * 'generic_file_llseek()' unconditionally sets @file->f_version to
549 * zero, and we use this for detecting whether the file was seek'ed.
550 */
551 file->f_version = 1;
552
553 /* File positions 0 and 1 correspond to "." and ".." */
554 if (ctx->pos < 2) {
555 ubifs_assert(c, !file->private_data);
556 if (!dir_emit_dots(file, ctx)) {
557 if (encrypted)
558 fscrypt_fname_free_buffer(&fstr);
559 return 0;
560 }
561
562 /* Find the first entry in TNC and save it */
563 lowest_dent_key(c, &key, dir->i_ino);
564 fname_len(&nm) = 0;
565 dent = ubifs_tnc_next_ent(c, &key, &nm);
566 if (IS_ERR(dent)) {
567 err = PTR_ERR(dent);
568 goto out;
569 }
570
571 ctx->pos = key_hash_flash(c, &dent->key);
572 file->private_data = dent;
573 }
574
575 dent = file->private_data;
576 if (!dent) {
577 /*
578 * The directory was seek'ed to and is now readdir'ed.
579 * Find the entry corresponding to @ctx->pos or the closest one.
580 */
581 dent_key_init_hash(c, &key, dir->i_ino, ctx->pos);
582 fname_len(&nm) = 0;
583 dent = ubifs_tnc_next_ent(c, &key, &nm);
584 if (IS_ERR(dent)) {
585 err = PTR_ERR(dent);
586 goto out;
587 }
588 ctx->pos = key_hash_flash(c, &dent->key);
589 file->private_data = dent;
590 }
591
592 while (1) {
593 dbg_gen("ino %llu, new f_pos %#x",
594 (unsigned long long)le64_to_cpu(dent->inum),
595 key_hash_flash(c, &dent->key));
596 ubifs_assert(c, le64_to_cpu(dent->ch.sqnum) >
597 ubifs_inode(dir)->creat_sqnum);
598
599 fname_len(&nm) = le16_to_cpu(dent->nlen);
600 fname_name(&nm) = dent->name;
601
602 if (encrypted) {
603 fstr.len = fstr_real_len;
604
605 err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c,
606 &dent->key),
607 le32_to_cpu(dent->cookie),
608 &nm.disk_name, &fstr);
609 if (err)
610 goto out;
611 } else {
612 fstr.len = fname_len(&nm);
613 fstr.name = fname_name(&nm);
614 }
615
616 if (!dir_emit(ctx, fstr.name, fstr.len,
617 le64_to_cpu(dent->inum),
618 vfs_dent_type(dent->type))) {
619 if (encrypted)
620 fscrypt_fname_free_buffer(&fstr);
621 return 0;
622 }
623
624 /* Switch to the next entry */
625 key_read(c, &dent->key, &key);
626 dent = ubifs_tnc_next_ent(c, &key, &nm);
627 if (IS_ERR(dent)) {
628 err = PTR_ERR(dent);
629 goto out;
630 }
631
632 kfree(file->private_data);
633 ctx->pos = key_hash_flash(c, &dent->key);
634 file->private_data = dent;
635 cond_resched();
636 }
637
638 out:
639 kfree(file->private_data);
640 file->private_data = NULL;
641
642 if (encrypted)
643 fscrypt_fname_free_buffer(&fstr);
644
645 if (err != -ENOENT)
646 ubifs_err(c, "cannot find next direntry, error %d", err);
647 else
648 /*
649 * -ENOENT is a non-fatal error in this context, the TNC uses
650 * it to indicate that the cursor moved past the current directory
651 * and readdir() has to stop.
652 */
653 err = 0;
654
655
656 /* 2 is a special value indicating that there are no more direntries */
657 ctx->pos = 2;
658 return err;
659 }
660
661 /* Free saved readdir() state when the directory is closed */
ubifs_dir_release(struct inode * dir,struct file * file)662 static int ubifs_dir_release(struct inode *dir, struct file *file)
663 {
664 kfree(file->private_data);
665 file->private_data = NULL;
666 return 0;
667 }
668
669 /**
670 * lock_2_inodes - a wrapper for locking two UBIFS inodes.
671 * @inode1: first inode
672 * @inode2: second inode
673 *
674 * We do not implement any tricks to guarantee strict lock ordering, because
675 * VFS has already done it for us on the @i_mutex. So this is just a simple
676 * wrapper function.
677 */
lock_2_inodes(struct inode * inode1,struct inode * inode2)678 static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
679 {
680 mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
681 mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
682 }
683
684 /**
685 * unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
686 * @inode1: first inode
687 * @inode2: second inode
688 */
unlock_2_inodes(struct inode * inode1,struct inode * inode2)689 static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
690 {
691 mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
692 mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
693 }
694
ubifs_link(struct dentry * old_dentry,struct inode * dir,struct dentry * dentry)695 static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
696 struct dentry *dentry)
697 {
698 struct ubifs_info *c = dir->i_sb->s_fs_info;
699 struct inode *inode = d_inode(old_dentry);
700 struct ubifs_inode *ui = ubifs_inode(inode);
701 struct ubifs_inode *dir_ui = ubifs_inode(dir);
702 int err, sz_change = CALC_DENT_SIZE(dentry->d_name.len);
703 struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2,
704 .dirtied_ino_d = ALIGN(ui->data_len, 8) };
705 struct fscrypt_name nm;
706
707 /*
708 * Budget request settings: new direntry, changing the target inode,
709 * changing the parent inode.
710 */
711
712 dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu",
713 dentry, inode->i_ino,
714 inode->i_nlink, dir->i_ino);
715 ubifs_assert(c, inode_is_locked(dir));
716 ubifs_assert(c, inode_is_locked(inode));
717
718 err = fscrypt_prepare_link(old_dentry, dir, dentry);
719 if (err)
720 return err;
721
722 err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
723 if (err)
724 return err;
725
726 err = dbg_check_synced_i_size(c, inode);
727 if (err)
728 goto out_fname;
729
730 err = ubifs_budget_space(c, &req);
731 if (err)
732 goto out_fname;
733
734 lock_2_inodes(dir, inode);
735
736 /* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
737 if (inode->i_nlink == 0)
738 ubifs_delete_orphan(c, inode->i_ino);
739
740 inc_nlink(inode);
741 ihold(inode);
742 inode->i_ctime = current_time(inode);
743 dir->i_size += sz_change;
744 dir_ui->ui_size = dir->i_size;
745 dir->i_mtime = dir->i_ctime = inode->i_ctime;
746 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
747 if (err)
748 goto out_cancel;
749 unlock_2_inodes(dir, inode);
750
751 ubifs_release_budget(c, &req);
752 d_instantiate(dentry, inode);
753 fscrypt_free_filename(&nm);
754 return 0;
755
756 out_cancel:
757 dir->i_size -= sz_change;
758 dir_ui->ui_size = dir->i_size;
759 drop_nlink(inode);
760 if (inode->i_nlink == 0)
761 ubifs_add_orphan(c, inode->i_ino);
762 unlock_2_inodes(dir, inode);
763 ubifs_release_budget(c, &req);
764 iput(inode);
765 out_fname:
766 fscrypt_free_filename(&nm);
767 return err;
768 }
769
ubifs_unlink(struct inode * dir,struct dentry * dentry)770 static int ubifs_unlink(struct inode *dir, struct dentry *dentry)
771 {
772 struct ubifs_info *c = dir->i_sb->s_fs_info;
773 struct inode *inode = d_inode(dentry);
774 struct ubifs_inode *dir_ui = ubifs_inode(dir);
775 int err, sz_change, budgeted = 1;
776 struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
777 unsigned int saved_nlink = inode->i_nlink;
778 struct fscrypt_name nm;
779
780 /*
781 * Budget request settings: deletion direntry, deletion inode (+1 for
782 * @dirtied_ino), changing the parent directory inode. If budgeting
783 * fails, go ahead anyway because we have extra space reserved for
784 * deletions.
785 */
786
787 dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu",
788 dentry, inode->i_ino,
789 inode->i_nlink, dir->i_ino);
790
791 err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
792 if (err)
793 return err;
794
795 err = ubifs_purge_xattrs(inode);
796 if (err)
797 return err;
798
799 sz_change = CALC_DENT_SIZE(fname_len(&nm));
800
801 ubifs_assert(c, inode_is_locked(dir));
802 ubifs_assert(c, inode_is_locked(inode));
803 err = dbg_check_synced_i_size(c, inode);
804 if (err)
805 goto out_fname;
806
807 err = ubifs_budget_space(c, &req);
808 if (err) {
809 if (err != -ENOSPC)
810 goto out_fname;
811 budgeted = 0;
812 }
813
814 lock_2_inodes(dir, inode);
815 inode->i_ctime = current_time(dir);
816 drop_nlink(inode);
817 dir->i_size -= sz_change;
818 dir_ui->ui_size = dir->i_size;
819 dir->i_mtime = dir->i_ctime = inode->i_ctime;
820 err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
821 if (err)
822 goto out_cancel;
823 unlock_2_inodes(dir, inode);
824
825 if (budgeted)
826 ubifs_release_budget(c, &req);
827 else {
828 /* We've deleted something - clean the "no space" flags */
829 c->bi.nospace = c->bi.nospace_rp = 0;
830 smp_wmb();
831 }
832 fscrypt_free_filename(&nm);
833 return 0;
834
835 out_cancel:
836 dir->i_size += sz_change;
837 dir_ui->ui_size = dir->i_size;
838 set_nlink(inode, saved_nlink);
839 unlock_2_inodes(dir, inode);
840 if (budgeted)
841 ubifs_release_budget(c, &req);
842 out_fname:
843 fscrypt_free_filename(&nm);
844 return err;
845 }
846
847 /**
848 * check_dir_empty - check if a directory is empty or not.
849 * @dir: VFS inode object of the directory to check
850 *
851 * This function checks if directory @dir is empty. Returns zero if the
852 * directory is empty, %-ENOTEMPTY if it is not, and other negative error codes
853 * in case of of errors.
854 */
ubifs_check_dir_empty(struct inode * dir)855 int ubifs_check_dir_empty(struct inode *dir)
856 {
857 struct ubifs_info *c = dir->i_sb->s_fs_info;
858 struct fscrypt_name nm = { 0 };
859 struct ubifs_dent_node *dent;
860 union ubifs_key key;
861 int err;
862
863 lowest_dent_key(c, &key, dir->i_ino);
864 dent = ubifs_tnc_next_ent(c, &key, &nm);
865 if (IS_ERR(dent)) {
866 err = PTR_ERR(dent);
867 if (err == -ENOENT)
868 err = 0;
869 } else {
870 kfree(dent);
871 err = -ENOTEMPTY;
872 }
873 return err;
874 }
875
ubifs_rmdir(struct inode * dir,struct dentry * dentry)876 static int ubifs_rmdir(struct inode *dir, struct dentry *dentry)
877 {
878 struct ubifs_info *c = dir->i_sb->s_fs_info;
879 struct inode *inode = d_inode(dentry);
880 int err, sz_change, budgeted = 1;
881 struct ubifs_inode *dir_ui = ubifs_inode(dir);
882 struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
883 struct fscrypt_name nm;
884
885 /*
886 * Budget request settings: deletion direntry, deletion inode and
887 * changing the parent inode. If budgeting fails, go ahead anyway
888 * because we have extra space reserved for deletions.
889 */
890
891 dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry,
892 inode->i_ino, dir->i_ino);
893 ubifs_assert(c, inode_is_locked(dir));
894 ubifs_assert(c, inode_is_locked(inode));
895 err = ubifs_check_dir_empty(d_inode(dentry));
896 if (err)
897 return err;
898
899 err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
900 if (err)
901 return err;
902
903 err = ubifs_purge_xattrs(inode);
904 if (err)
905 return err;
906
907 sz_change = CALC_DENT_SIZE(fname_len(&nm));
908
909 err = ubifs_budget_space(c, &req);
910 if (err) {
911 if (err != -ENOSPC)
912 goto out_fname;
913 budgeted = 0;
914 }
915
916 lock_2_inodes(dir, inode);
917 inode->i_ctime = current_time(dir);
918 clear_nlink(inode);
919 drop_nlink(dir);
920 dir->i_size -= sz_change;
921 dir_ui->ui_size = dir->i_size;
922 dir->i_mtime = dir->i_ctime = inode->i_ctime;
923 err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
924 if (err)
925 goto out_cancel;
926 unlock_2_inodes(dir, inode);
927
928 if (budgeted)
929 ubifs_release_budget(c, &req);
930 else {
931 /* We've deleted something - clean the "no space" flags */
932 c->bi.nospace = c->bi.nospace_rp = 0;
933 smp_wmb();
934 }
935 fscrypt_free_filename(&nm);
936 return 0;
937
938 out_cancel:
939 dir->i_size += sz_change;
940 dir_ui->ui_size = dir->i_size;
941 inc_nlink(dir);
942 set_nlink(inode, 2);
943 unlock_2_inodes(dir, inode);
944 if (budgeted)
945 ubifs_release_budget(c, &req);
946 out_fname:
947 fscrypt_free_filename(&nm);
948 return err;
949 }
950
ubifs_mkdir(struct inode * dir,struct dentry * dentry,umode_t mode)951 static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
952 {
953 struct inode *inode;
954 struct ubifs_inode *dir_ui = ubifs_inode(dir);
955 struct ubifs_info *c = dir->i_sb->s_fs_info;
956 int err, sz_change;
957 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
958 .dirtied_ino = 1};
959 struct fscrypt_name nm;
960
961 /*
962 * Budget request settings: new inode, new direntry and changing parent
963 * directory inode.
964 */
965
966 dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
967 dentry, mode, dir->i_ino);
968
969 err = ubifs_budget_space(c, &req);
970 if (err)
971 return err;
972
973 err = ubifs_prepare_create(dir, dentry, &nm);
974 if (err)
975 goto out_budg;
976
977 sz_change = CALC_DENT_SIZE(fname_len(&nm));
978
979 inode = ubifs_new_inode(c, dir, S_IFDIR | mode);
980 if (IS_ERR(inode)) {
981 err = PTR_ERR(inode);
982 goto out_fname;
983 }
984
985 err = ubifs_init_security(dir, inode, &dentry->d_name);
986 if (err)
987 goto out_inode;
988
989 mutex_lock(&dir_ui->ui_mutex);
990 insert_inode_hash(inode);
991 inc_nlink(inode);
992 inc_nlink(dir);
993 dir->i_size += sz_change;
994 dir_ui->ui_size = dir->i_size;
995 dir->i_mtime = dir->i_ctime = inode->i_ctime;
996 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
997 if (err) {
998 ubifs_err(c, "cannot create directory, error %d", err);
999 goto out_cancel;
1000 }
1001 mutex_unlock(&dir_ui->ui_mutex);
1002
1003 ubifs_release_budget(c, &req);
1004 d_instantiate(dentry, inode);
1005 fscrypt_free_filename(&nm);
1006 return 0;
1007
1008 out_cancel:
1009 dir->i_size -= sz_change;
1010 dir_ui->ui_size = dir->i_size;
1011 drop_nlink(dir);
1012 mutex_unlock(&dir_ui->ui_mutex);
1013 out_inode:
1014 make_bad_inode(inode);
1015 iput(inode);
1016 out_fname:
1017 fscrypt_free_filename(&nm);
1018 out_budg:
1019 ubifs_release_budget(c, &req);
1020 return err;
1021 }
1022
ubifs_mknod(struct inode * dir,struct dentry * dentry,umode_t mode,dev_t rdev)1023 static int ubifs_mknod(struct inode *dir, struct dentry *dentry,
1024 umode_t mode, dev_t rdev)
1025 {
1026 struct inode *inode;
1027 struct ubifs_inode *ui;
1028 struct ubifs_inode *dir_ui = ubifs_inode(dir);
1029 struct ubifs_info *c = dir->i_sb->s_fs_info;
1030 union ubifs_dev_desc *dev = NULL;
1031 int sz_change;
1032 int err, devlen = 0;
1033 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1034 .dirtied_ino = 1 };
1035 struct fscrypt_name nm;
1036
1037 /*
1038 * Budget request settings: new inode, new direntry and changing parent
1039 * directory inode.
1040 */
1041
1042 dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino);
1043
1044 if (S_ISBLK(mode) || S_ISCHR(mode)) {
1045 dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1046 if (!dev)
1047 return -ENOMEM;
1048 devlen = ubifs_encode_dev(dev, rdev);
1049 }
1050
1051 req.new_ino_d = ALIGN(devlen, 8);
1052 err = ubifs_budget_space(c, &req);
1053 if (err) {
1054 kfree(dev);
1055 return err;
1056 }
1057
1058 err = ubifs_prepare_create(dir, dentry, &nm);
1059 if (err) {
1060 kfree(dev);
1061 goto out_budg;
1062 }
1063
1064 sz_change = CALC_DENT_SIZE(fname_len(&nm));
1065
1066 inode = ubifs_new_inode(c, dir, mode);
1067 if (IS_ERR(inode)) {
1068 kfree(dev);
1069 err = PTR_ERR(inode);
1070 goto out_fname;
1071 }
1072
1073 init_special_inode(inode, inode->i_mode, rdev);
1074 inode->i_size = ubifs_inode(inode)->ui_size = devlen;
1075 ui = ubifs_inode(inode);
1076 ui->data = dev;
1077 ui->data_len = devlen;
1078
1079 err = ubifs_init_security(dir, inode, &dentry->d_name);
1080 if (err)
1081 goto out_inode;
1082
1083 mutex_lock(&dir_ui->ui_mutex);
1084 dir->i_size += sz_change;
1085 dir_ui->ui_size = dir->i_size;
1086 dir->i_mtime = dir->i_ctime = inode->i_ctime;
1087 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1088 if (err)
1089 goto out_cancel;
1090 mutex_unlock(&dir_ui->ui_mutex);
1091
1092 ubifs_release_budget(c, &req);
1093 insert_inode_hash(inode);
1094 d_instantiate(dentry, inode);
1095 fscrypt_free_filename(&nm);
1096 return 0;
1097
1098 out_cancel:
1099 dir->i_size -= sz_change;
1100 dir_ui->ui_size = dir->i_size;
1101 mutex_unlock(&dir_ui->ui_mutex);
1102 out_inode:
1103 make_bad_inode(inode);
1104 iput(inode);
1105 out_fname:
1106 fscrypt_free_filename(&nm);
1107 out_budg:
1108 ubifs_release_budget(c, &req);
1109 return err;
1110 }
1111
ubifs_symlink(struct inode * dir,struct dentry * dentry,const char * symname)1112 static int ubifs_symlink(struct inode *dir, struct dentry *dentry,
1113 const char *symname)
1114 {
1115 struct inode *inode;
1116 struct ubifs_inode *ui;
1117 struct ubifs_inode *dir_ui = ubifs_inode(dir);
1118 struct ubifs_info *c = dir->i_sb->s_fs_info;
1119 int err, sz_change, len = strlen(symname);
1120 struct fscrypt_str disk_link;
1121 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1122 .dirtied_ino = 1 };
1123 struct fscrypt_name nm;
1124
1125 dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry,
1126 symname, dir->i_ino);
1127
1128 err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA,
1129 &disk_link);
1130 if (err)
1131 return err;
1132
1133 /*
1134 * Budget request settings: new inode, new direntry and changing parent
1135 * directory inode.
1136 */
1137 req.new_ino_d = ALIGN(disk_link.len - 1, 8);
1138 err = ubifs_budget_space(c, &req);
1139 if (err)
1140 return err;
1141
1142 err = ubifs_prepare_create(dir, dentry, &nm);
1143 if (err)
1144 goto out_budg;
1145
1146 sz_change = CALC_DENT_SIZE(fname_len(&nm));
1147
1148 inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO);
1149 if (IS_ERR(inode)) {
1150 err = PTR_ERR(inode);
1151 goto out_fname;
1152 }
1153
1154 ui = ubifs_inode(inode);
1155 ui->data = kmalloc(disk_link.len, GFP_NOFS);
1156 if (!ui->data) {
1157 err = -ENOMEM;
1158 goto out_inode;
1159 }
1160
1161 if (IS_ENCRYPTED(inode)) {
1162 disk_link.name = ui->data; /* encrypt directly into ui->data */
1163 err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link);
1164 if (err)
1165 goto out_inode;
1166 } else {
1167 memcpy(ui->data, disk_link.name, disk_link.len);
1168 inode->i_link = ui->data;
1169 }
1170
1171 /*
1172 * The terminating zero byte is not written to the flash media and it
1173 * is put just to make later in-memory string processing simpler. Thus,
1174 * data length is @disk_link.len - 1, not @disk_link.len.
1175 */
1176 ui->data_len = disk_link.len - 1;
1177 inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
1178
1179 err = ubifs_init_security(dir, inode, &dentry->d_name);
1180 if (err)
1181 goto out_inode;
1182
1183 mutex_lock(&dir_ui->ui_mutex);
1184 dir->i_size += sz_change;
1185 dir_ui->ui_size = dir->i_size;
1186 dir->i_mtime = dir->i_ctime = inode->i_ctime;
1187 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1188 if (err)
1189 goto out_cancel;
1190 mutex_unlock(&dir_ui->ui_mutex);
1191
1192 insert_inode_hash(inode);
1193 d_instantiate(dentry, inode);
1194 err = 0;
1195 goto out_fname;
1196
1197 out_cancel:
1198 dir->i_size -= sz_change;
1199 dir_ui->ui_size = dir->i_size;
1200 mutex_unlock(&dir_ui->ui_mutex);
1201 out_inode:
1202 /* Free inode->i_link before inode is marked as bad. */
1203 fscrypt_free_inode(inode);
1204 make_bad_inode(inode);
1205 iput(inode);
1206 out_fname:
1207 fscrypt_free_filename(&nm);
1208 out_budg:
1209 ubifs_release_budget(c, &req);
1210 return err;
1211 }
1212
1213 /**
1214 * lock_4_inodes - a wrapper for locking three UBIFS inodes.
1215 * @inode1: first inode
1216 * @inode2: second inode
1217 * @inode3: third inode
1218 * @inode4: fouth inode
1219 *
1220 * This function is used for 'ubifs_rename()' and @inode1 may be the same as
1221 * @inode2 whereas @inode3 and @inode4 may be %NULL.
1222 *
1223 * We do not implement any tricks to guarantee strict lock ordering, because
1224 * VFS has already done it for us on the @i_mutex. So this is just a simple
1225 * wrapper function.
1226 */
lock_4_inodes(struct inode * inode1,struct inode * inode2,struct inode * inode3,struct inode * inode4)1227 static void lock_4_inodes(struct inode *inode1, struct inode *inode2,
1228 struct inode *inode3, struct inode *inode4)
1229 {
1230 mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
1231 if (inode2 != inode1)
1232 mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
1233 if (inode3)
1234 mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3);
1235 if (inode4)
1236 mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4);
1237 }
1238
1239 /**
1240 * unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename.
1241 * @inode1: first inode
1242 * @inode2: second inode
1243 * @inode3: third inode
1244 * @inode4: fouth inode
1245 */
unlock_4_inodes(struct inode * inode1,struct inode * inode2,struct inode * inode3,struct inode * inode4)1246 static void unlock_4_inodes(struct inode *inode1, struct inode *inode2,
1247 struct inode *inode3, struct inode *inode4)
1248 {
1249 if (inode4)
1250 mutex_unlock(&ubifs_inode(inode4)->ui_mutex);
1251 if (inode3)
1252 mutex_unlock(&ubifs_inode(inode3)->ui_mutex);
1253 if (inode1 != inode2)
1254 mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
1255 mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
1256 }
1257
do_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)1258 static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
1259 struct inode *new_dir, struct dentry *new_dentry,
1260 unsigned int flags)
1261 {
1262 struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1263 struct inode *old_inode = d_inode(old_dentry);
1264 struct inode *new_inode = d_inode(new_dentry);
1265 struct inode *whiteout = NULL;
1266 struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode);
1267 struct ubifs_inode *whiteout_ui = NULL;
1268 int err, release, sync = 0, move = (new_dir != old_dir);
1269 int is_dir = S_ISDIR(old_inode->i_mode);
1270 int unlink = !!new_inode, new_sz, old_sz;
1271 struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1272 .dirtied_ino = 3 };
1273 struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
1274 .dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
1275 struct timespec64 time;
1276 unsigned int saved_nlink;
1277 struct fscrypt_name old_nm, new_nm;
1278
1279 /*
1280 * Budget request settings: deletion direntry, new direntry, removing
1281 * the old inode, and changing old and new parent directory inodes.
1282 *
1283 * However, this operation also marks the target inode as dirty and
1284 * does not write it, so we allocate budget for the target inode
1285 * separately.
1286 */
1287
1288 dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
1289 old_dentry, old_inode->i_ino, old_dir->i_ino,
1290 new_dentry, new_dir->i_ino, flags);
1291
1292 if (unlink) {
1293 ubifs_assert(c, inode_is_locked(new_inode));
1294
1295 /* Budget for old inode's data when its nlink > 1. */
1296 req.dirtied_ino_d = ALIGN(ubifs_inode(new_inode)->data_len, 8);
1297 err = ubifs_purge_xattrs(new_inode);
1298 if (err)
1299 return err;
1300 }
1301
1302 if (unlink && is_dir) {
1303 err = ubifs_check_dir_empty(new_inode);
1304 if (err)
1305 return err;
1306 }
1307
1308 err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm);
1309 if (err)
1310 return err;
1311
1312 err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm);
1313 if (err) {
1314 fscrypt_free_filename(&old_nm);
1315 return err;
1316 }
1317
1318 new_sz = CALC_DENT_SIZE(fname_len(&new_nm));
1319 old_sz = CALC_DENT_SIZE(fname_len(&old_nm));
1320
1321 err = ubifs_budget_space(c, &req);
1322 if (err) {
1323 fscrypt_free_filename(&old_nm);
1324 fscrypt_free_filename(&new_nm);
1325 return err;
1326 }
1327 err = ubifs_budget_space(c, &ino_req);
1328 if (err) {
1329 fscrypt_free_filename(&old_nm);
1330 fscrypt_free_filename(&new_nm);
1331 ubifs_release_budget(c, &req);
1332 return err;
1333 }
1334
1335 if (flags & RENAME_WHITEOUT) {
1336 union ubifs_dev_desc *dev = NULL;
1337 struct ubifs_budget_req wht_req;
1338
1339 dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1340 if (!dev) {
1341 err = -ENOMEM;
1342 goto out_release;
1343 }
1344
1345 err = do_tmpfile(old_dir, old_dentry, S_IFCHR | WHITEOUT_MODE, &whiteout);
1346 if (err) {
1347 kfree(dev);
1348 goto out_release;
1349 }
1350
1351 spin_lock(&whiteout->i_lock);
1352 whiteout->i_state |= I_LINKABLE;
1353 spin_unlock(&whiteout->i_lock);
1354
1355 whiteout_ui = ubifs_inode(whiteout);
1356 whiteout_ui->data = dev;
1357 whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
1358 ubifs_assert(c, !whiteout_ui->dirty);
1359
1360 memset(&wht_req, 0, sizeof(struct ubifs_budget_req));
1361 wht_req.dirtied_ino = 1;
1362 wht_req.dirtied_ino_d = ALIGN(whiteout_ui->data_len, 8);
1363 /*
1364 * To avoid deadlock between space budget (holds ui_mutex and
1365 * waits wb work) and writeback work(waits ui_mutex), do space
1366 * budget before ubifs inodes locked.
1367 */
1368 err = ubifs_budget_space(c, &wht_req);
1369 if (err) {
1370 iput(whiteout);
1371 goto out_release;
1372 }
1373
1374 /* Add the old_dentry size to the old_dir size. */
1375 old_sz -= CALC_DENT_SIZE(fname_len(&old_nm));
1376 }
1377
1378 lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1379
1380 /*
1381 * Like most other Unix systems, set the @i_ctime for inodes on a
1382 * rename.
1383 */
1384 time = current_time(old_dir);
1385 old_inode->i_ctime = time;
1386
1387 /* We must adjust parent link count when renaming directories */
1388 if (is_dir) {
1389 if (move) {
1390 /*
1391 * @old_dir loses a link because we are moving
1392 * @old_inode to a different directory.
1393 */
1394 drop_nlink(old_dir);
1395 /*
1396 * @new_dir only gains a link if we are not also
1397 * overwriting an existing directory.
1398 */
1399 if (!unlink)
1400 inc_nlink(new_dir);
1401 } else {
1402 /*
1403 * @old_inode is not moving to a different directory,
1404 * but @old_dir still loses a link if we are
1405 * overwriting an existing directory.
1406 */
1407 if (unlink)
1408 drop_nlink(old_dir);
1409 }
1410 }
1411
1412 old_dir->i_size -= old_sz;
1413 ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1414 old_dir->i_mtime = old_dir->i_ctime = time;
1415 new_dir->i_mtime = new_dir->i_ctime = time;
1416
1417 /*
1418 * And finally, if we unlinked a direntry which happened to have the
1419 * same name as the moved direntry, we have to decrement @i_nlink of
1420 * the unlinked inode and change its ctime.
1421 */
1422 if (unlink) {
1423 /*
1424 * Directories cannot have hard-links, so if this is a
1425 * directory, just clear @i_nlink.
1426 */
1427 saved_nlink = new_inode->i_nlink;
1428 if (is_dir)
1429 clear_nlink(new_inode);
1430 else
1431 drop_nlink(new_inode);
1432 new_inode->i_ctime = time;
1433 } else {
1434 new_dir->i_size += new_sz;
1435 ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1436 }
1437
1438 /*
1439 * Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode
1440 * is dirty, because this will be done later on at the end of
1441 * 'ubifs_rename()'.
1442 */
1443 if (IS_SYNC(old_inode)) {
1444 sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1445 if (unlink && IS_SYNC(new_inode))
1446 sync = 1;
1447 }
1448
1449 if (whiteout) {
1450 inc_nlink(whiteout);
1451 mark_inode_dirty(whiteout);
1452
1453 spin_lock(&whiteout->i_lock);
1454 whiteout->i_state &= ~I_LINKABLE;
1455 spin_unlock(&whiteout->i_lock);
1456
1457 iput(whiteout);
1458 }
1459
1460 err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
1461 new_inode, &new_nm, whiteout, sync);
1462 if (err)
1463 goto out_cancel;
1464
1465 unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1466 ubifs_release_budget(c, &req);
1467
1468 mutex_lock(&old_inode_ui->ui_mutex);
1469 release = old_inode_ui->dirty;
1470 mark_inode_dirty_sync(old_inode);
1471 mutex_unlock(&old_inode_ui->ui_mutex);
1472
1473 if (release)
1474 ubifs_release_budget(c, &ino_req);
1475 if (IS_SYNC(old_inode))
1476 err = old_inode->i_sb->s_op->write_inode(old_inode, NULL);
1477
1478 fscrypt_free_filename(&old_nm);
1479 fscrypt_free_filename(&new_nm);
1480 return err;
1481
1482 out_cancel:
1483 if (unlink) {
1484 set_nlink(new_inode, saved_nlink);
1485 } else {
1486 new_dir->i_size -= new_sz;
1487 ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1488 }
1489 old_dir->i_size += old_sz;
1490 ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1491 if (is_dir) {
1492 if (move) {
1493 inc_nlink(old_dir);
1494 if (!unlink)
1495 drop_nlink(new_dir);
1496 } else {
1497 if (unlink)
1498 inc_nlink(old_dir);
1499 }
1500 }
1501 if (whiteout) {
1502 drop_nlink(whiteout);
1503 iput(whiteout);
1504 }
1505 unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1506 out_release:
1507 ubifs_release_budget(c, &ino_req);
1508 ubifs_release_budget(c, &req);
1509 fscrypt_free_filename(&old_nm);
1510 fscrypt_free_filename(&new_nm);
1511 return err;
1512 }
1513
ubifs_xrename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry)1514 static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry,
1515 struct inode *new_dir, struct dentry *new_dentry)
1516 {
1517 struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1518 struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1519 .dirtied_ino = 2 };
1520 int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1521 struct inode *fst_inode = d_inode(old_dentry);
1522 struct inode *snd_inode = d_inode(new_dentry);
1523 struct timespec64 time;
1524 int err;
1525 struct fscrypt_name fst_nm, snd_nm;
1526
1527 ubifs_assert(c, fst_inode && snd_inode);
1528
1529 err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm);
1530 if (err)
1531 return err;
1532
1533 err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm);
1534 if (err) {
1535 fscrypt_free_filename(&fst_nm);
1536 return err;
1537 }
1538
1539 err = ubifs_budget_space(c, &req);
1540 if (err)
1541 goto out;
1542
1543 lock_4_inodes(old_dir, new_dir, NULL, NULL);
1544
1545 time = current_time(old_dir);
1546 fst_inode->i_ctime = time;
1547 snd_inode->i_ctime = time;
1548 old_dir->i_mtime = old_dir->i_ctime = time;
1549 new_dir->i_mtime = new_dir->i_ctime = time;
1550
1551 if (old_dir != new_dir) {
1552 if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) {
1553 inc_nlink(new_dir);
1554 drop_nlink(old_dir);
1555 }
1556 else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) {
1557 drop_nlink(new_dir);
1558 inc_nlink(old_dir);
1559 }
1560 }
1561
1562 err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir,
1563 snd_inode, &snd_nm, sync);
1564
1565 unlock_4_inodes(old_dir, new_dir, NULL, NULL);
1566 ubifs_release_budget(c, &req);
1567
1568 out:
1569 fscrypt_free_filename(&fst_nm);
1570 fscrypt_free_filename(&snd_nm);
1571 return err;
1572 }
1573
ubifs_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)1574 static int ubifs_rename(struct inode *old_dir, struct dentry *old_dentry,
1575 struct inode *new_dir, struct dentry *new_dentry,
1576 unsigned int flags)
1577 {
1578 int err;
1579 struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1580
1581 if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE))
1582 return -EINVAL;
1583
1584 ubifs_assert(c, inode_is_locked(old_dir));
1585 ubifs_assert(c, inode_is_locked(new_dir));
1586
1587 err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
1588 flags);
1589 if (err)
1590 return err;
1591
1592 if (flags & RENAME_EXCHANGE)
1593 return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry);
1594
1595 return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
1596 }
1597
ubifs_getattr(const struct path * path,struct kstat * stat,u32 request_mask,unsigned int flags)1598 int ubifs_getattr(const struct path *path, struct kstat *stat,
1599 u32 request_mask, unsigned int flags)
1600 {
1601 loff_t size;
1602 struct inode *inode = d_inode(path->dentry);
1603 struct ubifs_inode *ui = ubifs_inode(inode);
1604
1605 mutex_lock(&ui->ui_mutex);
1606
1607 if (ui->flags & UBIFS_APPEND_FL)
1608 stat->attributes |= STATX_ATTR_APPEND;
1609 if (ui->flags & UBIFS_COMPR_FL)
1610 stat->attributes |= STATX_ATTR_COMPRESSED;
1611 if (ui->flags & UBIFS_CRYPT_FL)
1612 stat->attributes |= STATX_ATTR_ENCRYPTED;
1613 if (ui->flags & UBIFS_IMMUTABLE_FL)
1614 stat->attributes |= STATX_ATTR_IMMUTABLE;
1615
1616 stat->attributes_mask |= (STATX_ATTR_APPEND |
1617 STATX_ATTR_COMPRESSED |
1618 STATX_ATTR_ENCRYPTED |
1619 STATX_ATTR_IMMUTABLE);
1620
1621 generic_fillattr(inode, stat);
1622 stat->blksize = UBIFS_BLOCK_SIZE;
1623 stat->size = ui->ui_size;
1624
1625 /*
1626 * Unfortunately, the 'stat()' system call was designed for block
1627 * device based file systems, and it is not appropriate for UBIFS,
1628 * because UBIFS does not have notion of "block". For example, it is
1629 * difficult to tell how many block a directory takes - it actually
1630 * takes less than 300 bytes, but we have to round it to block size,
1631 * which introduces large mistake. This makes utilities like 'du' to
1632 * report completely senseless numbers. This is the reason why UBIFS
1633 * goes the same way as JFFS2 - it reports zero blocks for everything
1634 * but regular files, which makes more sense than reporting completely
1635 * wrong sizes.
1636 */
1637 if (S_ISREG(inode->i_mode)) {
1638 size = ui->xattr_size;
1639 size += stat->size;
1640 size = ALIGN(size, UBIFS_BLOCK_SIZE);
1641 /*
1642 * Note, user-space expects 512-byte blocks count irrespectively
1643 * of what was reported in @stat->size.
1644 */
1645 stat->blocks = size >> 9;
1646 } else
1647 stat->blocks = 0;
1648 mutex_unlock(&ui->ui_mutex);
1649 return 0;
1650 }
1651
1652 const struct inode_operations ubifs_dir_inode_operations = {
1653 .lookup = ubifs_lookup,
1654 .create = ubifs_create,
1655 .link = ubifs_link,
1656 .symlink = ubifs_symlink,
1657 .unlink = ubifs_unlink,
1658 .mkdir = ubifs_mkdir,
1659 .rmdir = ubifs_rmdir,
1660 .mknod = ubifs_mknod,
1661 .rename = ubifs_rename,
1662 .setattr = ubifs_setattr,
1663 .getattr = ubifs_getattr,
1664 #ifdef CONFIG_UBIFS_FS_XATTR
1665 .listxattr = ubifs_listxattr,
1666 #endif
1667 .update_time = ubifs_update_time,
1668 .tmpfile = ubifs_tmpfile,
1669 };
1670
1671 const struct file_operations ubifs_dir_operations = {
1672 .llseek = generic_file_llseek,
1673 .release = ubifs_dir_release,
1674 .read = generic_read_dir,
1675 .iterate_shared = ubifs_readdir,
1676 .fsync = ubifs_fsync,
1677 .unlocked_ioctl = ubifs_ioctl,
1678 #ifdef CONFIG_COMPAT
1679 .compat_ioctl = ubifs_compat_ioctl,
1680 #endif
1681 };
1682