• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This file is part of UBIFS.
4  *
5  * Copyright (C) 2006-2008 Nokia Corporation.
6  *
7  * Authors: Adrian Hunter
8  *          Artem Bityutskiy (Битюцкий Артём)
9  */
10 
11 /*
12  * This file implements TNC (Tree Node Cache) which caches indexing nodes of
13  * the UBIFS B-tree.
14  *
15  * At the moment the locking rules of the TNC tree are quite simple and
16  * straightforward. We just have a mutex and lock it when we traverse the
17  * tree. If a znode is not in memory, we read it from flash while still having
18  * the mutex locked.
19  */
20 
21 #include <linux/crc32.h>
22 #include <linux/slab.h>
23 #include "ubifs.h"
24 
25 static int try_read_node(const struct ubifs_info *c, void *buf, int type,
26 			 struct ubifs_zbranch *zbr);
27 static int fallible_read_node(struct ubifs_info *c, const union ubifs_key *key,
28 			      struct ubifs_zbranch *zbr, void *node);
29 
30 /*
31  * Returned codes of 'matches_name()' and 'fallible_matches_name()' functions.
32  * @NAME_LESS: name corresponding to the first argument is less than second
33  * @NAME_MATCHES: names match
34  * @NAME_GREATER: name corresponding to the second argument is greater than
35  *                first
36  * @NOT_ON_MEDIA: node referred by zbranch does not exist on the media
37  *
38  * These constants were introduce to improve readability.
39  */
40 enum {
41 	NAME_LESS    = 0,
42 	NAME_MATCHES = 1,
43 	NAME_GREATER = 2,
44 	NOT_ON_MEDIA = 3,
45 };
46 
do_insert_old_idx(struct ubifs_info * c,struct ubifs_old_idx * old_idx)47 static void do_insert_old_idx(struct ubifs_info *c,
48 			      struct ubifs_old_idx *old_idx)
49 {
50 	struct ubifs_old_idx *o;
51 	struct rb_node **p, *parent = NULL;
52 
53 	p = &c->old_idx.rb_node;
54 	while (*p) {
55 		parent = *p;
56 		o = rb_entry(parent, struct ubifs_old_idx, rb);
57 		if (old_idx->lnum < o->lnum)
58 			p = &(*p)->rb_left;
59 		else if (old_idx->lnum > o->lnum)
60 			p = &(*p)->rb_right;
61 		else if (old_idx->offs < o->offs)
62 			p = &(*p)->rb_left;
63 		else if (old_idx->offs > o->offs)
64 			p = &(*p)->rb_right;
65 		else {
66 			ubifs_err(c, "old idx added twice!");
67 			kfree(old_idx);
68 		}
69 	}
70 	rb_link_node(&old_idx->rb, parent, p);
71 	rb_insert_color(&old_idx->rb, &c->old_idx);
72 }
73 
74 /**
75  * insert_old_idx - record an index node obsoleted since the last commit start.
76  * @c: UBIFS file-system description object
77  * @lnum: LEB number of obsoleted index node
78  * @offs: offset of obsoleted index node
79  *
80  * Returns %0 on success, and a negative error code on failure.
81  *
82  * For recovery, there must always be a complete intact version of the index on
83  * flash at all times. That is called the "old index". It is the index as at the
84  * time of the last successful commit. Many of the index nodes in the old index
85  * may be dirty, but they must not be erased until the next successful commit
86  * (at which point that index becomes the old index).
87  *
88  * That means that the garbage collection and the in-the-gaps method of
89  * committing must be able to determine if an index node is in the old index.
90  * Most of the old index nodes can be found by looking up the TNC using the
91  * 'lookup_znode()' function. However, some of the old index nodes may have
92  * been deleted from the current index or may have been changed so much that
93  * they cannot be easily found. In those cases, an entry is added to an RB-tree.
94  * That is what this function does. The RB-tree is ordered by LEB number and
95  * offset because they uniquely identify the old index node.
96  */
insert_old_idx(struct ubifs_info * c,int lnum,int offs)97 static int insert_old_idx(struct ubifs_info *c, int lnum, int offs)
98 {
99 	struct ubifs_old_idx *old_idx;
100 
101 	old_idx = kmalloc(sizeof(struct ubifs_old_idx), GFP_NOFS);
102 	if (unlikely(!old_idx))
103 		return -ENOMEM;
104 	old_idx->lnum = lnum;
105 	old_idx->offs = offs;
106 	do_insert_old_idx(c, old_idx);
107 
108 	return 0;
109 }
110 
111 /**
112  * insert_old_idx_znode - record a znode obsoleted since last commit start.
113  * @c: UBIFS file-system description object
114  * @znode: znode of obsoleted index node
115  *
116  * Returns %0 on success, and a negative error code on failure.
117  */
insert_old_idx_znode(struct ubifs_info * c,struct ubifs_znode * znode)118 int insert_old_idx_znode(struct ubifs_info *c, struct ubifs_znode *znode)
119 {
120 	if (znode->parent) {
121 		struct ubifs_zbranch *zbr;
122 
123 		zbr = &znode->parent->zbranch[znode->iip];
124 		if (zbr->len)
125 			return insert_old_idx(c, zbr->lnum, zbr->offs);
126 	} else
127 		if (c->zroot.len)
128 			return insert_old_idx(c, c->zroot.lnum,
129 					      c->zroot.offs);
130 	return 0;
131 }
132 
133 /**
134  * ins_clr_old_idx_znode - record a znode obsoleted since last commit start.
135  * @c: UBIFS file-system description object
136  * @znode: znode of obsoleted index node
137  *
138  * Returns %0 on success, and a negative error code on failure.
139  */
ins_clr_old_idx_znode(struct ubifs_info * c,struct ubifs_znode * znode)140 static int ins_clr_old_idx_znode(struct ubifs_info *c,
141 				 struct ubifs_znode *znode)
142 {
143 	int err;
144 
145 	if (znode->parent) {
146 		struct ubifs_zbranch *zbr;
147 
148 		zbr = &znode->parent->zbranch[znode->iip];
149 		if (zbr->len) {
150 			err = insert_old_idx(c, zbr->lnum, zbr->offs);
151 			if (err)
152 				return err;
153 			zbr->lnum = 0;
154 			zbr->offs = 0;
155 			zbr->len = 0;
156 		}
157 	} else
158 		if (c->zroot.len) {
159 			err = insert_old_idx(c, c->zroot.lnum, c->zroot.offs);
160 			if (err)
161 				return err;
162 			c->zroot.lnum = 0;
163 			c->zroot.offs = 0;
164 			c->zroot.len = 0;
165 		}
166 	return 0;
167 }
168 
169 /**
170  * destroy_old_idx - destroy the old_idx RB-tree.
171  * @c: UBIFS file-system description object
172  *
173  * During start commit, the old_idx RB-tree is used to avoid overwriting index
174  * nodes that were in the index last commit but have since been deleted.  This
175  * is necessary for recovery i.e. the old index must be kept intact until the
176  * new index is successfully written.  The old-idx RB-tree is used for the
177  * in-the-gaps method of writing index nodes and is destroyed every commit.
178  */
destroy_old_idx(struct ubifs_info * c)179 void destroy_old_idx(struct ubifs_info *c)
180 {
181 	struct ubifs_old_idx *old_idx, *n;
182 
183 	rbtree_postorder_for_each_entry_safe(old_idx, n, &c->old_idx, rb)
184 		kfree(old_idx);
185 
186 	c->old_idx = RB_ROOT;
187 }
188 
189 /**
190  * copy_znode - copy a dirty znode.
191  * @c: UBIFS file-system description object
192  * @znode: znode to copy
193  *
194  * A dirty znode being committed may not be changed, so it is copied.
195  */
copy_znode(struct ubifs_info * c,struct ubifs_znode * znode)196 static struct ubifs_znode *copy_znode(struct ubifs_info *c,
197 				      struct ubifs_znode *znode)
198 {
199 	struct ubifs_znode *zn;
200 
201 	zn = kmemdup(znode, c->max_znode_sz, GFP_NOFS);
202 	if (unlikely(!zn))
203 		return ERR_PTR(-ENOMEM);
204 
205 	zn->cnext = NULL;
206 	__set_bit(DIRTY_ZNODE, &zn->flags);
207 	__clear_bit(COW_ZNODE, &zn->flags);
208 
209 	return zn;
210 }
211 
212 /**
213  * add_idx_dirt - add dirt due to a dirty znode.
214  * @c: UBIFS file-system description object
215  * @lnum: LEB number of index node
216  * @dirt: size of index node
217  *
218  * This function updates lprops dirty space and the new size of the index.
219  */
add_idx_dirt(struct ubifs_info * c,int lnum,int dirt)220 static int add_idx_dirt(struct ubifs_info *c, int lnum, int dirt)
221 {
222 	c->calc_idx_sz -= ALIGN(dirt, 8);
223 	return ubifs_add_dirt(c, lnum, dirt);
224 }
225 
226 /**
227  * replace_znode - replace old znode with new znode.
228  * @c: UBIFS file-system description object
229  * @new_zn: new znode
230  * @old_zn: old znode
231  * @zbr: the branch of parent znode
232  *
233  * Replace old znode with new znode in TNC.
234  */
replace_znode(struct ubifs_info * c,struct ubifs_znode * new_zn,struct ubifs_znode * old_zn,struct ubifs_zbranch * zbr)235 static void replace_znode(struct ubifs_info *c, struct ubifs_znode *new_zn,
236 			  struct ubifs_znode *old_zn, struct ubifs_zbranch *zbr)
237 {
238 	ubifs_assert(c, !ubifs_zn_obsolete(old_zn));
239 	__set_bit(OBSOLETE_ZNODE, &old_zn->flags);
240 
241 	if (old_zn->level != 0) {
242 		int i;
243 		const int n = new_zn->child_cnt;
244 
245 		/* The children now have new parent */
246 		for (i = 0; i < n; i++) {
247 			struct ubifs_zbranch *child = &new_zn->zbranch[i];
248 
249 			if (child->znode)
250 				child->znode->parent = new_zn;
251 		}
252 	}
253 
254 	zbr->znode = new_zn;
255 	zbr->lnum = 0;
256 	zbr->offs = 0;
257 	zbr->len = 0;
258 
259 	atomic_long_inc(&c->dirty_zn_cnt);
260 }
261 
262 /**
263  * dirty_cow_znode - ensure a znode is not being committed.
264  * @c: UBIFS file-system description object
265  * @zbr: branch of znode to check
266  *
267  * Returns dirtied znode on success or negative error code on failure.
268  */
dirty_cow_znode(struct ubifs_info * c,struct ubifs_zbranch * zbr)269 static struct ubifs_znode *dirty_cow_znode(struct ubifs_info *c,
270 					   struct ubifs_zbranch *zbr)
271 {
272 	struct ubifs_znode *znode = zbr->znode;
273 	struct ubifs_znode *zn;
274 	int err;
275 
276 	if (!ubifs_zn_cow(znode)) {
277 		/* znode is not being committed */
278 		if (!test_and_set_bit(DIRTY_ZNODE, &znode->flags)) {
279 			atomic_long_inc(&c->dirty_zn_cnt);
280 			atomic_long_dec(&c->clean_zn_cnt);
281 			atomic_long_dec(&ubifs_clean_zn_cnt);
282 			err = add_idx_dirt(c, zbr->lnum, zbr->len);
283 			if (unlikely(err))
284 				return ERR_PTR(err);
285 		}
286 		return znode;
287 	}
288 
289 	zn = copy_znode(c, znode);
290 	if (IS_ERR(zn))
291 		return zn;
292 
293 	if (zbr->len) {
294 		struct ubifs_old_idx *old_idx;
295 
296 		old_idx = kmalloc(sizeof(struct ubifs_old_idx), GFP_NOFS);
297 		if (unlikely(!old_idx)) {
298 			err = -ENOMEM;
299 			goto out;
300 		}
301 		old_idx->lnum = zbr->lnum;
302 		old_idx->offs = zbr->offs;
303 
304 		err = add_idx_dirt(c, zbr->lnum, zbr->len);
305 		if (err) {
306 			kfree(old_idx);
307 			goto out;
308 		}
309 
310 		do_insert_old_idx(c, old_idx);
311 	}
312 
313 	replace_znode(c, zn, znode, zbr);
314 
315 	return zn;
316 
317 out:
318 	kfree(zn);
319 	return ERR_PTR(err);
320 }
321 
322 /**
323  * lnc_add - add a leaf node to the leaf node cache.
324  * @c: UBIFS file-system description object
325  * @zbr: zbranch of leaf node
326  * @node: leaf node
327  *
328  * Leaf nodes are non-index nodes directory entry nodes or data nodes. The
329  * purpose of the leaf node cache is to save re-reading the same leaf node over
330  * and over again. Most things are cached by VFS, however the file system must
331  * cache directory entries for readdir and for resolving hash collisions. The
332  * present implementation of the leaf node cache is extremely simple, and
333  * allows for error returns that are not used but that may be needed if a more
334  * complex implementation is created.
335  *
336  * Note, this function does not add the @node object to LNC directly, but
337  * allocates a copy of the object and adds the copy to LNC. The reason for this
338  * is that @node has been allocated outside of the TNC subsystem and will be
339  * used with @c->tnc_mutex unlock upon return from the TNC subsystem. But LNC
340  * may be changed at any time, e.g. freed by the shrinker.
341  */
lnc_add(struct ubifs_info * c,struct ubifs_zbranch * zbr,const void * node)342 static int lnc_add(struct ubifs_info *c, struct ubifs_zbranch *zbr,
343 		   const void *node)
344 {
345 	int err;
346 	void *lnc_node;
347 	const struct ubifs_dent_node *dent = node;
348 
349 	ubifs_assert(c, !zbr->leaf);
350 	ubifs_assert(c, zbr->len != 0);
351 	ubifs_assert(c, is_hash_key(c, &zbr->key));
352 
353 	err = ubifs_validate_entry(c, dent);
354 	if (err) {
355 		dump_stack();
356 		ubifs_dump_node(c, dent, zbr->len);
357 		return err;
358 	}
359 
360 	lnc_node = kmemdup(node, zbr->len, GFP_NOFS);
361 	if (!lnc_node)
362 		/* We don't have to have the cache, so no error */
363 		return 0;
364 
365 	zbr->leaf = lnc_node;
366 	return 0;
367 }
368 
369  /**
370  * lnc_add_directly - add a leaf node to the leaf-node-cache.
371  * @c: UBIFS file-system description object
372  * @zbr: zbranch of leaf node
373  * @node: leaf node
374  *
375  * This function is similar to 'lnc_add()', but it does not create a copy of
376  * @node but inserts @node to TNC directly.
377  */
lnc_add_directly(struct ubifs_info * c,struct ubifs_zbranch * zbr,void * node)378 static int lnc_add_directly(struct ubifs_info *c, struct ubifs_zbranch *zbr,
379 			    void *node)
380 {
381 	int err;
382 
383 	ubifs_assert(c, !zbr->leaf);
384 	ubifs_assert(c, zbr->len != 0);
385 
386 	err = ubifs_validate_entry(c, node);
387 	if (err) {
388 		dump_stack();
389 		ubifs_dump_node(c, node, zbr->len);
390 		return err;
391 	}
392 
393 	zbr->leaf = node;
394 	return 0;
395 }
396 
397 /**
398  * lnc_free - remove a leaf node from the leaf node cache.
399  * @zbr: zbranch of leaf node
400  */
lnc_free(struct ubifs_zbranch * zbr)401 static void lnc_free(struct ubifs_zbranch *zbr)
402 {
403 	if (!zbr->leaf)
404 		return;
405 	kfree(zbr->leaf);
406 	zbr->leaf = NULL;
407 }
408 
409 /**
410  * tnc_read_hashed_node - read a "hashed" leaf node.
411  * @c: UBIFS file-system description object
412  * @zbr: key and position of the node
413  * @node: node is returned here
414  *
415  * This function reads a "hashed" node defined by @zbr from the leaf node cache
416  * (in it is there) or from the hash media, in which case the node is also
417  * added to LNC. Returns zero in case of success or a negative error
418  * code in case of failure.
419  */
tnc_read_hashed_node(struct ubifs_info * c,struct ubifs_zbranch * zbr,void * node)420 static int tnc_read_hashed_node(struct ubifs_info *c, struct ubifs_zbranch *zbr,
421 				void *node)
422 {
423 	int err;
424 
425 	ubifs_assert(c, is_hash_key(c, &zbr->key));
426 
427 	if (zbr->leaf) {
428 		/* Read from the leaf node cache */
429 		ubifs_assert(c, zbr->len != 0);
430 		memcpy(node, zbr->leaf, zbr->len);
431 		return 0;
432 	}
433 
434 	if (c->replaying) {
435 		err = fallible_read_node(c, &zbr->key, zbr, node);
436 		/*
437 		 * When the node was not found, return -ENOENT, 0 otherwise.
438 		 * Negative return codes stay as-is.
439 		 */
440 		if (err == 0)
441 			err = -ENOENT;
442 		else if (err == 1)
443 			err = 0;
444 	} else {
445 		err = ubifs_tnc_read_node(c, zbr, node);
446 	}
447 	if (err)
448 		return err;
449 
450 	/* Add the node to the leaf node cache */
451 	err = lnc_add(c, zbr, node);
452 	return err;
453 }
454 
455 /**
456  * try_read_node - read a node if it is a node.
457  * @c: UBIFS file-system description object
458  * @buf: buffer to read to
459  * @type: node type
460  * @zbr: the zbranch describing the node to read
461  *
462  * This function tries to read a node of known type and length, checks it and
463  * stores it in @buf. This function returns %1 if a node is present and %0 if
464  * a node is not present. A negative error code is returned for I/O errors.
465  * This function performs that same function as ubifs_read_node except that
466  * it does not require that there is actually a node present and instead
467  * the return code indicates if a node was read.
468  *
469  * Note, this function does not check CRC of data nodes if @c->no_chk_data_crc
470  * is true (it is controlled by corresponding mount option). However, if
471  * @c->mounting or @c->remounting_rw is true (we are mounting or re-mounting to
472  * R/W mode), @c->no_chk_data_crc is ignored and CRC is checked. This is
473  * because during mounting or re-mounting from R/O mode to R/W mode we may read
474  * journal nodes (when replying the journal or doing the recovery) and the
475  * journal nodes may potentially be corrupted, so checking is required.
476  */
try_read_node(const struct ubifs_info * c,void * buf,int type,struct ubifs_zbranch * zbr)477 static int try_read_node(const struct ubifs_info *c, void *buf, int type,
478 			 struct ubifs_zbranch *zbr)
479 {
480 	int len = zbr->len;
481 	int lnum = zbr->lnum;
482 	int offs = zbr->offs;
483 	int err, node_len;
484 	struct ubifs_ch *ch = buf;
485 	uint32_t crc, node_crc;
486 
487 	dbg_io("LEB %d:%d, %s, length %d", lnum, offs, dbg_ntype(type), len);
488 
489 	err = ubifs_leb_read(c, lnum, buf, offs, len, 1);
490 	if (err) {
491 		ubifs_err(c, "cannot read node type %d from LEB %d:%d, error %d",
492 			  type, lnum, offs, err);
493 		return err;
494 	}
495 
496 	if (le32_to_cpu(ch->magic) != UBIFS_NODE_MAGIC)
497 		return 0;
498 
499 	if (ch->node_type != type)
500 		return 0;
501 
502 	node_len = le32_to_cpu(ch->len);
503 	if (node_len != len)
504 		return 0;
505 
506 	if (type != UBIFS_DATA_NODE || !c->no_chk_data_crc || c->mounting ||
507 	    c->remounting_rw) {
508 		crc = crc32(UBIFS_CRC32_INIT, buf + 8, node_len - 8);
509 		node_crc = le32_to_cpu(ch->crc);
510 		if (crc != node_crc)
511 			return 0;
512 	}
513 
514 	err = ubifs_node_check_hash(c, buf, zbr->hash);
515 	if (err) {
516 		ubifs_bad_hash(c, buf, zbr->hash, lnum, offs);
517 		return 0;
518 	}
519 
520 	return 1;
521 }
522 
523 /**
524  * fallible_read_node - try to read a leaf node.
525  * @c: UBIFS file-system description object
526  * @key:  key of node to read
527  * @zbr:  position of node
528  * @node: node returned
529  *
530  * This function tries to read a node and returns %1 if the node is read, %0
531  * if the node is not present, and a negative error code in the case of error.
532  */
fallible_read_node(struct ubifs_info * c,const union ubifs_key * key,struct ubifs_zbranch * zbr,void * node)533 static int fallible_read_node(struct ubifs_info *c, const union ubifs_key *key,
534 			      struct ubifs_zbranch *zbr, void *node)
535 {
536 	int ret;
537 
538 	dbg_tnck(key, "LEB %d:%d, key ", zbr->lnum, zbr->offs);
539 
540 	ret = try_read_node(c, node, key_type(c, key), zbr);
541 	if (ret == 1) {
542 		union ubifs_key node_key;
543 		struct ubifs_dent_node *dent = node;
544 
545 		/* All nodes have key in the same place */
546 		key_read(c, &dent->key, &node_key);
547 		if (keys_cmp(c, key, &node_key) != 0)
548 			ret = 0;
549 	}
550 	if (ret == 0 && c->replaying)
551 		dbg_mntk(key, "dangling branch LEB %d:%d len %d, key ",
552 			zbr->lnum, zbr->offs, zbr->len);
553 	return ret;
554 }
555 
556 /**
557  * matches_name - determine if a direntry or xattr entry matches a given name.
558  * @c: UBIFS file-system description object
559  * @zbr: zbranch of dent
560  * @nm: name to match
561  *
562  * This function checks if xentry/direntry referred by zbranch @zbr matches name
563  * @nm. Returns %NAME_MATCHES if it does, %NAME_LESS if the name referred by
564  * @zbr is less than @nm, and %NAME_GREATER if it is greater than @nm. In case
565  * of failure, a negative error code is returned.
566  */
matches_name(struct ubifs_info * c,struct ubifs_zbranch * zbr,const struct fscrypt_name * nm)567 static int matches_name(struct ubifs_info *c, struct ubifs_zbranch *zbr,
568 			const struct fscrypt_name *nm)
569 {
570 	struct ubifs_dent_node *dent;
571 	int nlen, err;
572 
573 	/* If possible, match against the dent in the leaf node cache */
574 	if (!zbr->leaf) {
575 		dent = kmalloc(zbr->len, GFP_NOFS);
576 		if (!dent)
577 			return -ENOMEM;
578 
579 		err = ubifs_tnc_read_node(c, zbr, dent);
580 		if (err)
581 			goto out_free;
582 
583 		/* Add the node to the leaf node cache */
584 		err = lnc_add_directly(c, zbr, dent);
585 		if (err)
586 			goto out_free;
587 	} else
588 		dent = zbr->leaf;
589 
590 	nlen = le16_to_cpu(dent->nlen);
591 	err = memcmp(dent->name, fname_name(nm), min_t(int, nlen, fname_len(nm)));
592 	if (err == 0) {
593 		if (nlen == fname_len(nm))
594 			return NAME_MATCHES;
595 		else if (nlen < fname_len(nm))
596 			return NAME_LESS;
597 		else
598 			return NAME_GREATER;
599 	} else if (err < 0)
600 		return NAME_LESS;
601 	else
602 		return NAME_GREATER;
603 
604 out_free:
605 	kfree(dent);
606 	return err;
607 }
608 
609 /**
610  * get_znode - get a TNC znode that may not be loaded yet.
611  * @c: UBIFS file-system description object
612  * @znode: parent znode
613  * @n: znode branch slot number
614  *
615  * This function returns the znode or a negative error code.
616  */
get_znode(struct ubifs_info * c,struct ubifs_znode * znode,int n)617 static struct ubifs_znode *get_znode(struct ubifs_info *c,
618 				     struct ubifs_znode *znode, int n)
619 {
620 	struct ubifs_zbranch *zbr;
621 
622 	zbr = &znode->zbranch[n];
623 	if (zbr->znode)
624 		znode = zbr->znode;
625 	else
626 		znode = ubifs_load_znode(c, zbr, znode, n);
627 	return znode;
628 }
629 
630 /**
631  * tnc_next - find next TNC entry.
632  * @c: UBIFS file-system description object
633  * @zn: znode is passed and returned here
634  * @n: znode branch slot number is passed and returned here
635  *
636  * This function returns %0 if the next TNC entry is found, %-ENOENT if there is
637  * no next entry, or a negative error code otherwise.
638  */
tnc_next(struct ubifs_info * c,struct ubifs_znode ** zn,int * n)639 static int tnc_next(struct ubifs_info *c, struct ubifs_znode **zn, int *n)
640 {
641 	struct ubifs_znode *znode = *zn;
642 	int nn = *n;
643 
644 	nn += 1;
645 	if (nn < znode->child_cnt) {
646 		*n = nn;
647 		return 0;
648 	}
649 	while (1) {
650 		struct ubifs_znode *zp;
651 
652 		zp = znode->parent;
653 		if (!zp)
654 			return -ENOENT;
655 		nn = znode->iip + 1;
656 		znode = zp;
657 		if (nn < znode->child_cnt) {
658 			znode = get_znode(c, znode, nn);
659 			if (IS_ERR(znode))
660 				return PTR_ERR(znode);
661 			while (znode->level != 0) {
662 				znode = get_znode(c, znode, 0);
663 				if (IS_ERR(znode))
664 					return PTR_ERR(znode);
665 			}
666 			nn = 0;
667 			break;
668 		}
669 	}
670 	*zn = znode;
671 	*n = nn;
672 	return 0;
673 }
674 
675 /**
676  * tnc_prev - find previous TNC entry.
677  * @c: UBIFS file-system description object
678  * @zn: znode is returned here
679  * @n: znode branch slot number is passed and returned here
680  *
681  * This function returns %0 if the previous TNC entry is found, %-ENOENT if
682  * there is no next entry, or a negative error code otherwise.
683  */
tnc_prev(struct ubifs_info * c,struct ubifs_znode ** zn,int * n)684 static int tnc_prev(struct ubifs_info *c, struct ubifs_znode **zn, int *n)
685 {
686 	struct ubifs_znode *znode = *zn;
687 	int nn = *n;
688 
689 	if (nn > 0) {
690 		*n = nn - 1;
691 		return 0;
692 	}
693 	while (1) {
694 		struct ubifs_znode *zp;
695 
696 		zp = znode->parent;
697 		if (!zp)
698 			return -ENOENT;
699 		nn = znode->iip - 1;
700 		znode = zp;
701 		if (nn >= 0) {
702 			znode = get_znode(c, znode, nn);
703 			if (IS_ERR(znode))
704 				return PTR_ERR(znode);
705 			while (znode->level != 0) {
706 				nn = znode->child_cnt - 1;
707 				znode = get_znode(c, znode, nn);
708 				if (IS_ERR(znode))
709 					return PTR_ERR(znode);
710 			}
711 			nn = znode->child_cnt - 1;
712 			break;
713 		}
714 	}
715 	*zn = znode;
716 	*n = nn;
717 	return 0;
718 }
719 
720 /**
721  * resolve_collision - resolve a collision.
722  * @c: UBIFS file-system description object
723  * @key: key of a directory or extended attribute entry
724  * @zn: znode is returned here
725  * @n: zbranch number is passed and returned here
726  * @nm: name of the entry
727  *
728  * This function is called for "hashed" keys to make sure that the found key
729  * really corresponds to the looked up node (directory or extended attribute
730  * entry). It returns %1 and sets @zn and @n if the collision is resolved.
731  * %0 is returned if @nm is not found and @zn and @n are set to the previous
732  * entry, i.e. to the entry after which @nm could follow if it were in TNC.
733  * This means that @n may be set to %-1 if the leftmost key in @zn is the
734  * previous one. A negative error code is returned on failures.
735  */
resolve_collision(struct ubifs_info * c,const union ubifs_key * key,struct ubifs_znode ** zn,int * n,const struct fscrypt_name * nm)736 static int resolve_collision(struct ubifs_info *c, const union ubifs_key *key,
737 			     struct ubifs_znode **zn, int *n,
738 			     const struct fscrypt_name *nm)
739 {
740 	int err;
741 
742 	err = matches_name(c, &(*zn)->zbranch[*n], nm);
743 	if (unlikely(err < 0))
744 		return err;
745 	if (err == NAME_MATCHES)
746 		return 1;
747 
748 	if (err == NAME_GREATER) {
749 		/* Look left */
750 		while (1) {
751 			err = tnc_prev(c, zn, n);
752 			if (err == -ENOENT) {
753 				ubifs_assert(c, *n == 0);
754 				*n = -1;
755 				return 0;
756 			}
757 			if (err < 0)
758 				return err;
759 			if (keys_cmp(c, &(*zn)->zbranch[*n].key, key)) {
760 				/*
761 				 * We have found the branch after which we would
762 				 * like to insert, but inserting in this znode
763 				 * may still be wrong. Consider the following 3
764 				 * znodes, in the case where we are resolving a
765 				 * collision with Key2.
766 				 *
767 				 *                  znode zp
768 				 *            ----------------------
769 				 * level 1     |  Key0  |  Key1  |
770 				 *            -----------------------
771 				 *                 |            |
772 				 *       znode za  |            |  znode zb
773 				 *          ------------      ------------
774 				 * level 0  |  Key0  |        |  Key2  |
775 				 *          ------------      ------------
776 				 *
777 				 * The lookup finds Key2 in znode zb. Lets say
778 				 * there is no match and the name is greater so
779 				 * we look left. When we find Key0, we end up
780 				 * here. If we return now, we will insert into
781 				 * znode za at slot n = 1.  But that is invalid
782 				 * according to the parent's keys.  Key2 must
783 				 * be inserted into znode zb.
784 				 *
785 				 * Note, this problem is not relevant for the
786 				 * case when we go right, because
787 				 * 'tnc_insert()' would correct the parent key.
788 				 */
789 				if (*n == (*zn)->child_cnt - 1) {
790 					err = tnc_next(c, zn, n);
791 					if (err) {
792 						/* Should be impossible */
793 						ubifs_assert(c, 0);
794 						if (err == -ENOENT)
795 							err = -EINVAL;
796 						return err;
797 					}
798 					ubifs_assert(c, *n == 0);
799 					*n = -1;
800 				}
801 				return 0;
802 			}
803 			err = matches_name(c, &(*zn)->zbranch[*n], nm);
804 			if (err < 0)
805 				return err;
806 			if (err == NAME_LESS)
807 				return 0;
808 			if (err == NAME_MATCHES)
809 				return 1;
810 			ubifs_assert(c, err == NAME_GREATER);
811 		}
812 	} else {
813 		int nn = *n;
814 		struct ubifs_znode *znode = *zn;
815 
816 		/* Look right */
817 		while (1) {
818 			err = tnc_next(c, &znode, &nn);
819 			if (err == -ENOENT)
820 				return 0;
821 			if (err < 0)
822 				return err;
823 			if (keys_cmp(c, &znode->zbranch[nn].key, key))
824 				return 0;
825 			err = matches_name(c, &znode->zbranch[nn], nm);
826 			if (err < 0)
827 				return err;
828 			if (err == NAME_GREATER)
829 				return 0;
830 			*zn = znode;
831 			*n = nn;
832 			if (err == NAME_MATCHES)
833 				return 1;
834 			ubifs_assert(c, err == NAME_LESS);
835 		}
836 	}
837 }
838 
839 /**
840  * fallible_matches_name - determine if a dent matches a given name.
841  * @c: UBIFS file-system description object
842  * @zbr: zbranch of dent
843  * @nm: name to match
844  *
845  * This is a "fallible" version of 'matches_name()' function which does not
846  * panic if the direntry/xentry referred by @zbr does not exist on the media.
847  *
848  * This function checks if xentry/direntry referred by zbranch @zbr matches name
849  * @nm. Returns %NAME_MATCHES it does, %NAME_LESS if the name referred by @zbr
850  * is less than @nm, %NAME_GREATER if it is greater than @nm, and @NOT_ON_MEDIA
851  * if xentry/direntry referred by @zbr does not exist on the media. A negative
852  * error code is returned in case of failure.
853  */
fallible_matches_name(struct ubifs_info * c,struct ubifs_zbranch * zbr,const struct fscrypt_name * nm)854 static int fallible_matches_name(struct ubifs_info *c,
855 				 struct ubifs_zbranch *zbr,
856 				 const struct fscrypt_name *nm)
857 {
858 	struct ubifs_dent_node *dent;
859 	int nlen, err;
860 
861 	/* If possible, match against the dent in the leaf node cache */
862 	if (!zbr->leaf) {
863 		dent = kmalloc(zbr->len, GFP_NOFS);
864 		if (!dent)
865 			return -ENOMEM;
866 
867 		err = fallible_read_node(c, &zbr->key, zbr, dent);
868 		if (err < 0)
869 			goto out_free;
870 		if (err == 0) {
871 			/* The node was not present */
872 			err = NOT_ON_MEDIA;
873 			goto out_free;
874 		}
875 		ubifs_assert(c, err == 1);
876 
877 		err = lnc_add_directly(c, zbr, dent);
878 		if (err)
879 			goto out_free;
880 	} else
881 		dent = zbr->leaf;
882 
883 	nlen = le16_to_cpu(dent->nlen);
884 	err = memcmp(dent->name, fname_name(nm), min_t(int, nlen, fname_len(nm)));
885 	if (err == 0) {
886 		if (nlen == fname_len(nm))
887 			return NAME_MATCHES;
888 		else if (nlen < fname_len(nm))
889 			return NAME_LESS;
890 		else
891 			return NAME_GREATER;
892 	} else if (err < 0)
893 		return NAME_LESS;
894 	else
895 		return NAME_GREATER;
896 
897 out_free:
898 	kfree(dent);
899 	return err;
900 }
901 
902 /**
903  * fallible_resolve_collision - resolve a collision even if nodes are missing.
904  * @c: UBIFS file-system description object
905  * @key: key
906  * @zn: znode is returned here
907  * @n: branch number is passed and returned here
908  * @nm: name of directory entry
909  * @adding: indicates caller is adding a key to the TNC
910  *
911  * This is a "fallible" version of the 'resolve_collision()' function which
912  * does not panic if one of the nodes referred to by TNC does not exist on the
913  * media. This may happen when replaying the journal if a deleted node was
914  * Garbage-collected and the commit was not done. A branch that refers to a node
915  * that is not present is called a dangling branch. The following are the return
916  * codes for this function:
917  *  o if @nm was found, %1 is returned and @zn and @n are set to the found
918  *    branch;
919  *  o if we are @adding and @nm was not found, %0 is returned;
920  *  o if we are not @adding and @nm was not found, but a dangling branch was
921  *    found, then %1 is returned and @zn and @n are set to the dangling branch;
922  *  o a negative error code is returned in case of failure.
923  */
fallible_resolve_collision(struct ubifs_info * c,const union ubifs_key * key,struct ubifs_znode ** zn,int * n,const struct fscrypt_name * nm,int adding)924 static int fallible_resolve_collision(struct ubifs_info *c,
925 				      const union ubifs_key *key,
926 				      struct ubifs_znode **zn, int *n,
927 				      const struct fscrypt_name *nm,
928 				      int adding)
929 {
930 	struct ubifs_znode *o_znode = NULL, *znode = *zn;
931 	int o_n, err, cmp, unsure = 0, nn = *n;
932 
933 	cmp = fallible_matches_name(c, &znode->zbranch[nn], nm);
934 	if (unlikely(cmp < 0))
935 		return cmp;
936 	if (cmp == NAME_MATCHES)
937 		return 1;
938 	if (cmp == NOT_ON_MEDIA) {
939 		o_znode = znode;
940 		o_n = nn;
941 		/*
942 		 * We are unlucky and hit a dangling branch straight away.
943 		 * Now we do not really know where to go to find the needed
944 		 * branch - to the left or to the right. Well, let's try left.
945 		 */
946 		unsure = 1;
947 	} else if (!adding)
948 		unsure = 1; /* Remove a dangling branch wherever it is */
949 
950 	if (cmp == NAME_GREATER || unsure) {
951 		/* Look left */
952 		while (1) {
953 			err = tnc_prev(c, zn, n);
954 			if (err == -ENOENT) {
955 				ubifs_assert(c, *n == 0);
956 				*n = -1;
957 				break;
958 			}
959 			if (err < 0)
960 				return err;
961 			if (keys_cmp(c, &(*zn)->zbranch[*n].key, key)) {
962 				/* See comments in 'resolve_collision()' */
963 				if (*n == (*zn)->child_cnt - 1) {
964 					err = tnc_next(c, zn, n);
965 					if (err) {
966 						/* Should be impossible */
967 						ubifs_assert(c, 0);
968 						if (err == -ENOENT)
969 							err = -EINVAL;
970 						return err;
971 					}
972 					ubifs_assert(c, *n == 0);
973 					*n = -1;
974 				}
975 				break;
976 			}
977 			err = fallible_matches_name(c, &(*zn)->zbranch[*n], nm);
978 			if (err < 0)
979 				return err;
980 			if (err == NAME_MATCHES)
981 				return 1;
982 			if (err == NOT_ON_MEDIA) {
983 				o_znode = *zn;
984 				o_n = *n;
985 				continue;
986 			}
987 			if (!adding)
988 				continue;
989 			if (err == NAME_LESS)
990 				break;
991 			else
992 				unsure = 0;
993 		}
994 	}
995 
996 	if (cmp == NAME_LESS || unsure) {
997 		/* Look right */
998 		*zn = znode;
999 		*n = nn;
1000 		while (1) {
1001 			err = tnc_next(c, &znode, &nn);
1002 			if (err == -ENOENT)
1003 				break;
1004 			if (err < 0)
1005 				return err;
1006 			if (keys_cmp(c, &znode->zbranch[nn].key, key))
1007 				break;
1008 			err = fallible_matches_name(c, &znode->zbranch[nn], nm);
1009 			if (err < 0)
1010 				return err;
1011 			if (err == NAME_GREATER)
1012 				break;
1013 			*zn = znode;
1014 			*n = nn;
1015 			if (err == NAME_MATCHES)
1016 				return 1;
1017 			if (err == NOT_ON_MEDIA) {
1018 				o_znode = znode;
1019 				o_n = nn;
1020 			}
1021 		}
1022 	}
1023 
1024 	/* Never match a dangling branch when adding */
1025 	if (adding || !o_znode)
1026 		return 0;
1027 
1028 	dbg_mntk(key, "dangling match LEB %d:%d len %d key ",
1029 		o_znode->zbranch[o_n].lnum, o_znode->zbranch[o_n].offs,
1030 		o_znode->zbranch[o_n].len);
1031 	*zn = o_znode;
1032 	*n = o_n;
1033 	return 1;
1034 }
1035 
1036 /**
1037  * matches_position - determine if a zbranch matches a given position.
1038  * @zbr: zbranch of dent
1039  * @lnum: LEB number of dent to match
1040  * @offs: offset of dent to match
1041  *
1042  * This function returns %1 if @lnum:@offs matches, and %0 otherwise.
1043  */
matches_position(struct ubifs_zbranch * zbr,int lnum,int offs)1044 static int matches_position(struct ubifs_zbranch *zbr, int lnum, int offs)
1045 {
1046 	if (zbr->lnum == lnum && zbr->offs == offs)
1047 		return 1;
1048 	else
1049 		return 0;
1050 }
1051 
1052 /**
1053  * resolve_collision_directly - resolve a collision directly.
1054  * @c: UBIFS file-system description object
1055  * @key: key of directory entry
1056  * @zn: znode is passed and returned here
1057  * @n: zbranch number is passed and returned here
1058  * @lnum: LEB number of dent node to match
1059  * @offs: offset of dent node to match
1060  *
1061  * This function is used for "hashed" keys to make sure the found directory or
1062  * extended attribute entry node is what was looked for. It is used when the
1063  * flash address of the right node is known (@lnum:@offs) which makes it much
1064  * easier to resolve collisions (no need to read entries and match full
1065  * names). This function returns %1 and sets @zn and @n if the collision is
1066  * resolved, %0 if @lnum:@offs is not found and @zn and @n are set to the
1067  * previous directory entry. Otherwise a negative error code is returned.
1068  */
resolve_collision_directly(struct ubifs_info * c,const union ubifs_key * key,struct ubifs_znode ** zn,int * n,int lnum,int offs)1069 static int resolve_collision_directly(struct ubifs_info *c,
1070 				      const union ubifs_key *key,
1071 				      struct ubifs_znode **zn, int *n,
1072 				      int lnum, int offs)
1073 {
1074 	struct ubifs_znode *znode;
1075 	int nn, err;
1076 
1077 	znode = *zn;
1078 	nn = *n;
1079 	if (matches_position(&znode->zbranch[nn], lnum, offs))
1080 		return 1;
1081 
1082 	/* Look left */
1083 	while (1) {
1084 		err = tnc_prev(c, &znode, &nn);
1085 		if (err == -ENOENT)
1086 			break;
1087 		if (err < 0)
1088 			return err;
1089 		if (keys_cmp(c, &znode->zbranch[nn].key, key))
1090 			break;
1091 		if (matches_position(&znode->zbranch[nn], lnum, offs)) {
1092 			*zn = znode;
1093 			*n = nn;
1094 			return 1;
1095 		}
1096 	}
1097 
1098 	/* Look right */
1099 	znode = *zn;
1100 	nn = *n;
1101 	while (1) {
1102 		err = tnc_next(c, &znode, &nn);
1103 		if (err == -ENOENT)
1104 			return 0;
1105 		if (err < 0)
1106 			return err;
1107 		if (keys_cmp(c, &znode->zbranch[nn].key, key))
1108 			return 0;
1109 		*zn = znode;
1110 		*n = nn;
1111 		if (matches_position(&znode->zbranch[nn], lnum, offs))
1112 			return 1;
1113 	}
1114 }
1115 
1116 /**
1117  * dirty_cow_bottom_up - dirty a znode and its ancestors.
1118  * @c: UBIFS file-system description object
1119  * @znode: znode to dirty
1120  *
1121  * If we do not have a unique key that resides in a znode, then we cannot
1122  * dirty that znode from the top down (i.e. by using lookup_level0_dirty)
1123  * This function records the path back to the last dirty ancestor, and then
1124  * dirties the znodes on that path.
1125  */
dirty_cow_bottom_up(struct ubifs_info * c,struct ubifs_znode * znode)1126 static struct ubifs_znode *dirty_cow_bottom_up(struct ubifs_info *c,
1127 					       struct ubifs_znode *znode)
1128 {
1129 	struct ubifs_znode *zp;
1130 	int *path = c->bottom_up_buf, p = 0;
1131 
1132 	ubifs_assert(c, c->zroot.znode);
1133 	ubifs_assert(c, znode);
1134 	if (c->zroot.znode->level > BOTTOM_UP_HEIGHT) {
1135 		kfree(c->bottom_up_buf);
1136 		c->bottom_up_buf = kmalloc_array(c->zroot.znode->level,
1137 						 sizeof(int),
1138 						 GFP_NOFS);
1139 		if (!c->bottom_up_buf)
1140 			return ERR_PTR(-ENOMEM);
1141 		path = c->bottom_up_buf;
1142 	}
1143 	if (c->zroot.znode->level) {
1144 		/* Go up until parent is dirty */
1145 		while (1) {
1146 			int n;
1147 
1148 			zp = znode->parent;
1149 			if (!zp)
1150 				break;
1151 			n = znode->iip;
1152 			ubifs_assert(c, p < c->zroot.znode->level);
1153 			path[p++] = n;
1154 			if (!zp->cnext && ubifs_zn_dirty(znode))
1155 				break;
1156 			znode = zp;
1157 		}
1158 	}
1159 
1160 	/* Come back down, dirtying as we go */
1161 	while (1) {
1162 		struct ubifs_zbranch *zbr;
1163 
1164 		zp = znode->parent;
1165 		if (zp) {
1166 			ubifs_assert(c, path[p - 1] >= 0);
1167 			ubifs_assert(c, path[p - 1] < zp->child_cnt);
1168 			zbr = &zp->zbranch[path[--p]];
1169 			znode = dirty_cow_znode(c, zbr);
1170 		} else {
1171 			ubifs_assert(c, znode == c->zroot.znode);
1172 			znode = dirty_cow_znode(c, &c->zroot);
1173 		}
1174 		if (IS_ERR(znode) || !p)
1175 			break;
1176 		ubifs_assert(c, path[p - 1] >= 0);
1177 		ubifs_assert(c, path[p - 1] < znode->child_cnt);
1178 		znode = znode->zbranch[path[p - 1]].znode;
1179 	}
1180 
1181 	return znode;
1182 }
1183 
1184 /**
1185  * ubifs_lookup_level0 - search for zero-level znode.
1186  * @c: UBIFS file-system description object
1187  * @key:  key to lookup
1188  * @zn: znode is returned here
1189  * @n: znode branch slot number is returned here
1190  *
1191  * This function looks up the TNC tree and search for zero-level znode which
1192  * refers key @key. The found zero-level znode is returned in @zn. There are 3
1193  * cases:
1194  *   o exact match, i.e. the found zero-level znode contains key @key, then %1
1195  *     is returned and slot number of the matched branch is stored in @n;
1196  *   o not exact match, which means that zero-level znode does not contain
1197  *     @key, then %0 is returned and slot number of the closest branch or %-1
1198  *     is stored in @n; In this case calling tnc_next() is mandatory.
1199  *   o @key is so small that it is even less than the lowest key of the
1200  *     leftmost zero-level node, then %0 is returned and %0 is stored in @n.
1201  *
1202  * Note, when the TNC tree is traversed, some znodes may be absent, then this
1203  * function reads corresponding indexing nodes and inserts them to TNC. In
1204  * case of failure, a negative error code is returned.
1205  */
ubifs_lookup_level0(struct ubifs_info * c,const union ubifs_key * key,struct ubifs_znode ** zn,int * n)1206 int ubifs_lookup_level0(struct ubifs_info *c, const union ubifs_key *key,
1207 			struct ubifs_znode **zn, int *n)
1208 {
1209 	int err, exact;
1210 	struct ubifs_znode *znode;
1211 	time64_t time = ktime_get_seconds();
1212 
1213 	dbg_tnck(key, "search key ");
1214 	ubifs_assert(c, key_type(c, key) < UBIFS_INVALID_KEY);
1215 
1216 	znode = c->zroot.znode;
1217 	if (unlikely(!znode)) {
1218 		znode = ubifs_load_znode(c, &c->zroot, NULL, 0);
1219 		if (IS_ERR(znode))
1220 			return PTR_ERR(znode);
1221 	}
1222 
1223 	znode->time = time;
1224 
1225 	while (1) {
1226 		struct ubifs_zbranch *zbr;
1227 
1228 		exact = ubifs_search_zbranch(c, znode, key, n);
1229 
1230 		if (znode->level == 0)
1231 			break;
1232 
1233 		if (*n < 0)
1234 			*n = 0;
1235 		zbr = &znode->zbranch[*n];
1236 
1237 		if (zbr->znode) {
1238 			znode->time = time;
1239 			znode = zbr->znode;
1240 			continue;
1241 		}
1242 
1243 		/* znode is not in TNC cache, load it from the media */
1244 		znode = ubifs_load_znode(c, zbr, znode, *n);
1245 		if (IS_ERR(znode))
1246 			return PTR_ERR(znode);
1247 	}
1248 
1249 	*zn = znode;
1250 	if (exact || !is_hash_key(c, key) || *n != -1) {
1251 		dbg_tnc("found %d, lvl %d, n %d", exact, znode->level, *n);
1252 		return exact;
1253 	}
1254 
1255 	/*
1256 	 * Here is a tricky place. We have not found the key and this is a
1257 	 * "hashed" key, which may collide. The rest of the code deals with
1258 	 * situations like this:
1259 	 *
1260 	 *                  | 3 | 5 |
1261 	 *                  /       \
1262 	 *          | 3 | 5 |      | 6 | 7 | (x)
1263 	 *
1264 	 * Or more a complex example:
1265 	 *
1266 	 *                | 1 | 5 |
1267 	 *                /       \
1268 	 *       | 1 | 3 |         | 5 | 8 |
1269 	 *              \           /
1270 	 *          | 5 | 5 |   | 6 | 7 | (x)
1271 	 *
1272 	 * In the examples, if we are looking for key "5", we may reach nodes
1273 	 * marked with "(x)". In this case what we have do is to look at the
1274 	 * left and see if there is "5" key there. If there is, we have to
1275 	 * return it.
1276 	 *
1277 	 * Note, this whole situation is possible because we allow to have
1278 	 * elements which are equivalent to the next key in the parent in the
1279 	 * children of current znode. For example, this happens if we split a
1280 	 * znode like this: | 3 | 5 | 5 | 6 | 7 |, which results in something
1281 	 * like this:
1282 	 *                      | 3 | 5 |
1283 	 *                       /     \
1284 	 *                | 3 | 5 |   | 5 | 6 | 7 |
1285 	 *                              ^
1286 	 * And this becomes what is at the first "picture" after key "5" marked
1287 	 * with "^" is removed. What could be done is we could prohibit
1288 	 * splitting in the middle of the colliding sequence. Also, when
1289 	 * removing the leftmost key, we would have to correct the key of the
1290 	 * parent node, which would introduce additional complications. Namely,
1291 	 * if we changed the leftmost key of the parent znode, the garbage
1292 	 * collector would be unable to find it (GC is doing this when GC'ing
1293 	 * indexing LEBs). Although we already have an additional RB-tree where
1294 	 * we save such changed znodes (see 'ins_clr_old_idx_znode()') until
1295 	 * after the commit. But anyway, this does not look easy to implement
1296 	 * so we did not try this.
1297 	 */
1298 	err = tnc_prev(c, &znode, n);
1299 	if (err == -ENOENT) {
1300 		dbg_tnc("found 0, lvl %d, n -1", znode->level);
1301 		*n = -1;
1302 		return 0;
1303 	}
1304 	if (unlikely(err < 0))
1305 		return err;
1306 	if (keys_cmp(c, key, &znode->zbranch[*n].key)) {
1307 		dbg_tnc("found 0, lvl %d, n -1", znode->level);
1308 		*n = -1;
1309 		return 0;
1310 	}
1311 
1312 	dbg_tnc("found 1, lvl %d, n %d", znode->level, *n);
1313 	*zn = znode;
1314 	return 1;
1315 }
1316 
1317 /**
1318  * lookup_level0_dirty - search for zero-level znode dirtying.
1319  * @c: UBIFS file-system description object
1320  * @key:  key to lookup
1321  * @zn: znode is returned here
1322  * @n: znode branch slot number is returned here
1323  *
1324  * This function looks up the TNC tree and search for zero-level znode which
1325  * refers key @key. The found zero-level znode is returned in @zn. There are 3
1326  * cases:
1327  *   o exact match, i.e. the found zero-level znode contains key @key, then %1
1328  *     is returned and slot number of the matched branch is stored in @n;
1329  *   o not exact match, which means that zero-level znode does not contain @key
1330  *     then %0 is returned and slot number of the closed branch is stored in
1331  *     @n;
1332  *   o @key is so small that it is even less than the lowest key of the
1333  *     leftmost zero-level node, then %0 is returned and %-1 is stored in @n.
1334  *
1335  * Additionally all znodes in the path from the root to the located zero-level
1336  * znode are marked as dirty.
1337  *
1338  * Note, when the TNC tree is traversed, some znodes may be absent, then this
1339  * function reads corresponding indexing nodes and inserts them to TNC. In
1340  * case of failure, a negative error code is returned.
1341  */
lookup_level0_dirty(struct ubifs_info * c,const union ubifs_key * key,struct ubifs_znode ** zn,int * n)1342 static int lookup_level0_dirty(struct ubifs_info *c, const union ubifs_key *key,
1343 			       struct ubifs_znode **zn, int *n)
1344 {
1345 	int err, exact;
1346 	struct ubifs_znode *znode;
1347 	time64_t time = ktime_get_seconds();
1348 
1349 	dbg_tnck(key, "search and dirty key ");
1350 
1351 	znode = c->zroot.znode;
1352 	if (unlikely(!znode)) {
1353 		znode = ubifs_load_znode(c, &c->zroot, NULL, 0);
1354 		if (IS_ERR(znode))
1355 			return PTR_ERR(znode);
1356 	}
1357 
1358 	znode = dirty_cow_znode(c, &c->zroot);
1359 	if (IS_ERR(znode))
1360 		return PTR_ERR(znode);
1361 
1362 	znode->time = time;
1363 
1364 	while (1) {
1365 		struct ubifs_zbranch *zbr;
1366 
1367 		exact = ubifs_search_zbranch(c, znode, key, n);
1368 
1369 		if (znode->level == 0)
1370 			break;
1371 
1372 		if (*n < 0)
1373 			*n = 0;
1374 		zbr = &znode->zbranch[*n];
1375 
1376 		if (zbr->znode) {
1377 			znode->time = time;
1378 			znode = dirty_cow_znode(c, zbr);
1379 			if (IS_ERR(znode))
1380 				return PTR_ERR(znode);
1381 			continue;
1382 		}
1383 
1384 		/* znode is not in TNC cache, load it from the media */
1385 		znode = ubifs_load_znode(c, zbr, znode, *n);
1386 		if (IS_ERR(znode))
1387 			return PTR_ERR(znode);
1388 		znode = dirty_cow_znode(c, zbr);
1389 		if (IS_ERR(znode))
1390 			return PTR_ERR(znode);
1391 	}
1392 
1393 	*zn = znode;
1394 	if (exact || !is_hash_key(c, key) || *n != -1) {
1395 		dbg_tnc("found %d, lvl %d, n %d", exact, znode->level, *n);
1396 		return exact;
1397 	}
1398 
1399 	/*
1400 	 * See huge comment at 'lookup_level0_dirty()' what is the rest of the
1401 	 * code.
1402 	 */
1403 	err = tnc_prev(c, &znode, n);
1404 	if (err == -ENOENT) {
1405 		*n = -1;
1406 		dbg_tnc("found 0, lvl %d, n -1", znode->level);
1407 		return 0;
1408 	}
1409 	if (unlikely(err < 0))
1410 		return err;
1411 	if (keys_cmp(c, key, &znode->zbranch[*n].key)) {
1412 		*n = -1;
1413 		dbg_tnc("found 0, lvl %d, n -1", znode->level);
1414 		return 0;
1415 	}
1416 
1417 	if (znode->cnext || !ubifs_zn_dirty(znode)) {
1418 		znode = dirty_cow_bottom_up(c, znode);
1419 		if (IS_ERR(znode))
1420 			return PTR_ERR(znode);
1421 	}
1422 
1423 	dbg_tnc("found 1, lvl %d, n %d", znode->level, *n);
1424 	*zn = znode;
1425 	return 1;
1426 }
1427 
1428 /**
1429  * maybe_leb_gced - determine if a LEB may have been garbage collected.
1430  * @c: UBIFS file-system description object
1431  * @lnum: LEB number
1432  * @gc_seq1: garbage collection sequence number
1433  *
1434  * This function determines if @lnum may have been garbage collected since
1435  * sequence number @gc_seq1. If it may have been then %1 is returned, otherwise
1436  * %0 is returned.
1437  */
maybe_leb_gced(struct ubifs_info * c,int lnum,int gc_seq1)1438 static int maybe_leb_gced(struct ubifs_info *c, int lnum, int gc_seq1)
1439 {
1440 	int gc_seq2, gced_lnum;
1441 
1442 	gced_lnum = c->gced_lnum;
1443 	smp_rmb();
1444 	gc_seq2 = c->gc_seq;
1445 	/* Same seq means no GC */
1446 	if (gc_seq1 == gc_seq2)
1447 		return 0;
1448 	/* Different by more than 1 means we don't know */
1449 	if (gc_seq1 + 1 != gc_seq2)
1450 		return 1;
1451 	/*
1452 	 * We have seen the sequence number has increased by 1. Now we need to
1453 	 * be sure we read the right LEB number, so read it again.
1454 	 */
1455 	smp_rmb();
1456 	if (gced_lnum != c->gced_lnum)
1457 		return 1;
1458 	/* Finally we can check lnum */
1459 	if (gced_lnum == lnum)
1460 		return 1;
1461 	return 0;
1462 }
1463 
1464 /**
1465  * ubifs_tnc_locate - look up a file-system node and return it and its location.
1466  * @c: UBIFS file-system description object
1467  * @key: node key to lookup
1468  * @node: the node is returned here
1469  * @lnum: LEB number is returned here
1470  * @offs: offset is returned here
1471  *
1472  * This function looks up and reads node with key @key. The caller has to make
1473  * sure the @node buffer is large enough to fit the node. Returns zero in case
1474  * of success, %-ENOENT if the node was not found, and a negative error code in
1475  * case of failure. The node location can be returned in @lnum and @offs.
1476  */
ubifs_tnc_locate(struct ubifs_info * c,const union ubifs_key * key,void * node,int * lnum,int * offs)1477 int ubifs_tnc_locate(struct ubifs_info *c, const union ubifs_key *key,
1478 		     void *node, int *lnum, int *offs)
1479 {
1480 	int found, n, err, safely = 0, gc_seq1;
1481 	struct ubifs_znode *znode;
1482 	struct ubifs_zbranch zbr, *zt;
1483 
1484 again:
1485 	mutex_lock(&c->tnc_mutex);
1486 	found = ubifs_lookup_level0(c, key, &znode, &n);
1487 	if (!found) {
1488 		err = -ENOENT;
1489 		goto out;
1490 	} else if (found < 0) {
1491 		err = found;
1492 		goto out;
1493 	}
1494 	zt = &znode->zbranch[n];
1495 	if (lnum) {
1496 		*lnum = zt->lnum;
1497 		*offs = zt->offs;
1498 	}
1499 	if (is_hash_key(c, key)) {
1500 		/*
1501 		 * In this case the leaf node cache gets used, so we pass the
1502 		 * address of the zbranch and keep the mutex locked
1503 		 */
1504 		err = tnc_read_hashed_node(c, zt, node);
1505 		goto out;
1506 	}
1507 	if (safely) {
1508 		err = ubifs_tnc_read_node(c, zt, node);
1509 		goto out;
1510 	}
1511 	/* Drop the TNC mutex prematurely and race with garbage collection */
1512 	zbr = znode->zbranch[n];
1513 	gc_seq1 = c->gc_seq;
1514 	mutex_unlock(&c->tnc_mutex);
1515 
1516 	if (ubifs_get_wbuf(c, zbr.lnum)) {
1517 		/* We do not GC journal heads */
1518 		err = ubifs_tnc_read_node(c, &zbr, node);
1519 		return err;
1520 	}
1521 
1522 	err = fallible_read_node(c, key, &zbr, node);
1523 	if (err <= 0 || maybe_leb_gced(c, zbr.lnum, gc_seq1)) {
1524 		/*
1525 		 * The node may have been GC'ed out from under us so try again
1526 		 * while keeping the TNC mutex locked.
1527 		 */
1528 		safely = 1;
1529 		goto again;
1530 	}
1531 	return 0;
1532 
1533 out:
1534 	mutex_unlock(&c->tnc_mutex);
1535 	return err;
1536 }
1537 
1538 /**
1539  * ubifs_tnc_get_bu_keys - lookup keys for bulk-read.
1540  * @c: UBIFS file-system description object
1541  * @bu: bulk-read parameters and results
1542  *
1543  * Lookup consecutive data node keys for the same inode that reside
1544  * consecutively in the same LEB. This function returns zero in case of success
1545  * and a negative error code in case of failure.
1546  *
1547  * Note, if the bulk-read buffer length (@bu->buf_len) is known, this function
1548  * makes sure bulk-read nodes fit the buffer. Otherwise, this function prepares
1549  * maximum possible amount of nodes for bulk-read.
1550  */
ubifs_tnc_get_bu_keys(struct ubifs_info * c,struct bu_info * bu)1551 int ubifs_tnc_get_bu_keys(struct ubifs_info *c, struct bu_info *bu)
1552 {
1553 	int n, err = 0, lnum = -1, offs;
1554 	int len;
1555 	unsigned int block = key_block(c, &bu->key);
1556 	struct ubifs_znode *znode;
1557 
1558 	bu->cnt = 0;
1559 	bu->blk_cnt = 0;
1560 	bu->eof = 0;
1561 
1562 	mutex_lock(&c->tnc_mutex);
1563 	/* Find first key */
1564 	err = ubifs_lookup_level0(c, &bu->key, &znode, &n);
1565 	if (err < 0)
1566 		goto out;
1567 	if (err) {
1568 		/* Key found */
1569 		len = znode->zbranch[n].len;
1570 		/* The buffer must be big enough for at least 1 node */
1571 		if (len > bu->buf_len) {
1572 			err = -EINVAL;
1573 			goto out;
1574 		}
1575 		/* Add this key */
1576 		bu->zbranch[bu->cnt++] = znode->zbranch[n];
1577 		bu->blk_cnt += 1;
1578 		lnum = znode->zbranch[n].lnum;
1579 		offs = ALIGN(znode->zbranch[n].offs + len, 8);
1580 	}
1581 	while (1) {
1582 		struct ubifs_zbranch *zbr;
1583 		union ubifs_key *key;
1584 		unsigned int next_block;
1585 
1586 		/* Find next key */
1587 		err = tnc_next(c, &znode, &n);
1588 		if (err)
1589 			goto out;
1590 		zbr = &znode->zbranch[n];
1591 		key = &zbr->key;
1592 		/* See if there is another data key for this file */
1593 		if (key_inum(c, key) != key_inum(c, &bu->key) ||
1594 		    key_type(c, key) != UBIFS_DATA_KEY) {
1595 			err = -ENOENT;
1596 			goto out;
1597 		}
1598 		if (lnum < 0) {
1599 			/* First key found */
1600 			lnum = zbr->lnum;
1601 			offs = ALIGN(zbr->offs + zbr->len, 8);
1602 			len = zbr->len;
1603 			if (len > bu->buf_len) {
1604 				err = -EINVAL;
1605 				goto out;
1606 			}
1607 		} else {
1608 			/*
1609 			 * The data nodes must be in consecutive positions in
1610 			 * the same LEB.
1611 			 */
1612 			if (zbr->lnum != lnum || zbr->offs != offs)
1613 				goto out;
1614 			offs += ALIGN(zbr->len, 8);
1615 			len = ALIGN(len, 8) + zbr->len;
1616 			/* Must not exceed buffer length */
1617 			if (len > bu->buf_len)
1618 				goto out;
1619 		}
1620 		/* Allow for holes */
1621 		next_block = key_block(c, key);
1622 		bu->blk_cnt += (next_block - block - 1);
1623 		if (bu->blk_cnt >= UBIFS_MAX_BULK_READ)
1624 			goto out;
1625 		block = next_block;
1626 		/* Add this key */
1627 		bu->zbranch[bu->cnt++] = *zbr;
1628 		bu->blk_cnt += 1;
1629 		/* See if we have room for more */
1630 		if (bu->cnt >= UBIFS_MAX_BULK_READ)
1631 			goto out;
1632 		if (bu->blk_cnt >= UBIFS_MAX_BULK_READ)
1633 			goto out;
1634 	}
1635 out:
1636 	if (err == -ENOENT) {
1637 		bu->eof = 1;
1638 		err = 0;
1639 	}
1640 	bu->gc_seq = c->gc_seq;
1641 	mutex_unlock(&c->tnc_mutex);
1642 	if (err)
1643 		return err;
1644 	/*
1645 	 * An enormous hole could cause bulk-read to encompass too many
1646 	 * page cache pages, so limit the number here.
1647 	 */
1648 	if (bu->blk_cnt > UBIFS_MAX_BULK_READ)
1649 		bu->blk_cnt = UBIFS_MAX_BULK_READ;
1650 	/*
1651 	 * Ensure that bulk-read covers a whole number of page cache
1652 	 * pages.
1653 	 */
1654 	if (UBIFS_BLOCKS_PER_PAGE == 1 ||
1655 	    !(bu->blk_cnt & (UBIFS_BLOCKS_PER_PAGE - 1)))
1656 		return 0;
1657 	if (bu->eof) {
1658 		/* At the end of file we can round up */
1659 		bu->blk_cnt += UBIFS_BLOCKS_PER_PAGE - 1;
1660 		return 0;
1661 	}
1662 	/* Exclude data nodes that do not make up a whole page cache page */
1663 	block = key_block(c, &bu->key) + bu->blk_cnt;
1664 	block &= ~(UBIFS_BLOCKS_PER_PAGE - 1);
1665 	while (bu->cnt) {
1666 		if (key_block(c, &bu->zbranch[bu->cnt - 1].key) < block)
1667 			break;
1668 		bu->cnt -= 1;
1669 	}
1670 	return 0;
1671 }
1672 
1673 /**
1674  * read_wbuf - bulk-read from a LEB with a wbuf.
1675  * @wbuf: wbuf that may overlap the read
1676  * @buf: buffer into which to read
1677  * @len: read length
1678  * @lnum: LEB number from which to read
1679  * @offs: offset from which to read
1680  *
1681  * This functions returns %0 on success or a negative error code on failure.
1682  */
read_wbuf(struct ubifs_wbuf * wbuf,void * buf,int len,int lnum,int offs)1683 static int read_wbuf(struct ubifs_wbuf *wbuf, void *buf, int len, int lnum,
1684 		     int offs)
1685 {
1686 	const struct ubifs_info *c = wbuf->c;
1687 	int rlen, overlap;
1688 
1689 	dbg_io("LEB %d:%d, length %d", lnum, offs, len);
1690 	ubifs_assert(c, wbuf && lnum >= 0 && lnum < c->leb_cnt && offs >= 0);
1691 	ubifs_assert(c, !(offs & 7) && offs < c->leb_size);
1692 	ubifs_assert(c, offs + len <= c->leb_size);
1693 
1694 	spin_lock(&wbuf->lock);
1695 	overlap = (lnum == wbuf->lnum && offs + len > wbuf->offs);
1696 	if (!overlap) {
1697 		/* We may safely unlock the write-buffer and read the data */
1698 		spin_unlock(&wbuf->lock);
1699 		return ubifs_leb_read(c, lnum, buf, offs, len, 0);
1700 	}
1701 
1702 	/* Don't read under wbuf */
1703 	rlen = wbuf->offs - offs;
1704 	if (rlen < 0)
1705 		rlen = 0;
1706 
1707 	/* Copy the rest from the write-buffer */
1708 	memcpy(buf + rlen, wbuf->buf + offs + rlen - wbuf->offs, len - rlen);
1709 	spin_unlock(&wbuf->lock);
1710 
1711 	if (rlen > 0)
1712 		/* Read everything that goes before write-buffer */
1713 		return ubifs_leb_read(c, lnum, buf, offs, rlen, 0);
1714 
1715 	return 0;
1716 }
1717 
1718 /**
1719  * validate_data_node - validate data nodes for bulk-read.
1720  * @c: UBIFS file-system description object
1721  * @buf: buffer containing data node to validate
1722  * @zbr: zbranch of data node to validate
1723  *
1724  * This functions returns %0 on success or a negative error code on failure.
1725  */
validate_data_node(struct ubifs_info * c,void * buf,struct ubifs_zbranch * zbr)1726 static int validate_data_node(struct ubifs_info *c, void *buf,
1727 			      struct ubifs_zbranch *zbr)
1728 {
1729 	union ubifs_key key1;
1730 	struct ubifs_ch *ch = buf;
1731 	int err, len;
1732 
1733 	if (ch->node_type != UBIFS_DATA_NODE) {
1734 		ubifs_err(c, "bad node type (%d but expected %d)",
1735 			  ch->node_type, UBIFS_DATA_NODE);
1736 		goto out_err;
1737 	}
1738 
1739 	err = ubifs_check_node(c, buf, zbr->len, zbr->lnum, zbr->offs, 0, 0);
1740 	if (err) {
1741 		ubifs_err(c, "expected node type %d", UBIFS_DATA_NODE);
1742 		goto out;
1743 	}
1744 
1745 	err = ubifs_node_check_hash(c, buf, zbr->hash);
1746 	if (err) {
1747 		ubifs_bad_hash(c, buf, zbr->hash, zbr->lnum, zbr->offs);
1748 		return err;
1749 	}
1750 
1751 	len = le32_to_cpu(ch->len);
1752 	if (len != zbr->len) {
1753 		ubifs_err(c, "bad node length %d, expected %d", len, zbr->len);
1754 		goto out_err;
1755 	}
1756 
1757 	/* Make sure the key of the read node is correct */
1758 	key_read(c, buf + UBIFS_KEY_OFFSET, &key1);
1759 	if (!keys_eq(c, &zbr->key, &key1)) {
1760 		ubifs_err(c, "bad key in node at LEB %d:%d",
1761 			  zbr->lnum, zbr->offs);
1762 		dbg_tnck(&zbr->key, "looked for key ");
1763 		dbg_tnck(&key1, "found node's key ");
1764 		goto out_err;
1765 	}
1766 
1767 	return 0;
1768 
1769 out_err:
1770 	err = -EINVAL;
1771 out:
1772 	ubifs_err(c, "bad node at LEB %d:%d", zbr->lnum, zbr->offs);
1773 	ubifs_dump_node(c, buf, zbr->len);
1774 	dump_stack();
1775 	return err;
1776 }
1777 
1778 /**
1779  * ubifs_tnc_bulk_read - read a number of data nodes in one go.
1780  * @c: UBIFS file-system description object
1781  * @bu: bulk-read parameters and results
1782  *
1783  * This functions reads and validates the data nodes that were identified by the
1784  * 'ubifs_tnc_get_bu_keys()' function. This functions returns %0 on success,
1785  * -EAGAIN to indicate a race with GC, or another negative error code on
1786  * failure.
1787  */
ubifs_tnc_bulk_read(struct ubifs_info * c,struct bu_info * bu)1788 int ubifs_tnc_bulk_read(struct ubifs_info *c, struct bu_info *bu)
1789 {
1790 	int lnum = bu->zbranch[0].lnum, offs = bu->zbranch[0].offs, len, err, i;
1791 	struct ubifs_wbuf *wbuf;
1792 	void *buf;
1793 
1794 	len = bu->zbranch[bu->cnt - 1].offs;
1795 	len += bu->zbranch[bu->cnt - 1].len - offs;
1796 	if (len > bu->buf_len) {
1797 		ubifs_err(c, "buffer too small %d vs %d", bu->buf_len, len);
1798 		return -EINVAL;
1799 	}
1800 
1801 	/* Do the read */
1802 	wbuf = ubifs_get_wbuf(c, lnum);
1803 	if (wbuf)
1804 		err = read_wbuf(wbuf, bu->buf, len, lnum, offs);
1805 	else
1806 		err = ubifs_leb_read(c, lnum, bu->buf, offs, len, 0);
1807 
1808 	/* Check for a race with GC */
1809 	if (maybe_leb_gced(c, lnum, bu->gc_seq))
1810 		return -EAGAIN;
1811 
1812 	if (err && err != -EBADMSG) {
1813 		ubifs_err(c, "failed to read from LEB %d:%d, error %d",
1814 			  lnum, offs, err);
1815 		dump_stack();
1816 		dbg_tnck(&bu->key, "key ");
1817 		return err;
1818 	}
1819 
1820 	/* Validate the nodes read */
1821 	buf = bu->buf;
1822 	for (i = 0; i < bu->cnt; i++) {
1823 		err = validate_data_node(c, buf, &bu->zbranch[i]);
1824 		if (err)
1825 			return err;
1826 		buf = buf + ALIGN(bu->zbranch[i].len, 8);
1827 	}
1828 
1829 	return 0;
1830 }
1831 
1832 /**
1833  * do_lookup_nm- look up a "hashed" node.
1834  * @c: UBIFS file-system description object
1835  * @key: node key to lookup
1836  * @node: the node is returned here
1837  * @nm: node name
1838  *
1839  * This function looks up and reads a node which contains name hash in the key.
1840  * Since the hash may have collisions, there may be many nodes with the same
1841  * key, so we have to sequentially look to all of them until the needed one is
1842  * found. This function returns zero in case of success, %-ENOENT if the node
1843  * was not found, and a negative error code in case of failure.
1844  */
do_lookup_nm(struct ubifs_info * c,const union ubifs_key * key,void * node,const struct fscrypt_name * nm)1845 static int do_lookup_nm(struct ubifs_info *c, const union ubifs_key *key,
1846 			void *node, const struct fscrypt_name *nm)
1847 {
1848 	int found, n, err;
1849 	struct ubifs_znode *znode;
1850 
1851 	dbg_tnck(key, "key ");
1852 	mutex_lock(&c->tnc_mutex);
1853 	found = ubifs_lookup_level0(c, key, &znode, &n);
1854 	if (!found) {
1855 		err = -ENOENT;
1856 		goto out_unlock;
1857 	} else if (found < 0) {
1858 		err = found;
1859 		goto out_unlock;
1860 	}
1861 
1862 	ubifs_assert(c, n >= 0);
1863 
1864 	err = resolve_collision(c, key, &znode, &n, nm);
1865 	dbg_tnc("rc returned %d, znode %p, n %d", err, znode, n);
1866 	if (unlikely(err < 0))
1867 		goto out_unlock;
1868 	if (err == 0) {
1869 		err = -ENOENT;
1870 		goto out_unlock;
1871 	}
1872 
1873 	err = tnc_read_hashed_node(c, &znode->zbranch[n], node);
1874 
1875 out_unlock:
1876 	mutex_unlock(&c->tnc_mutex);
1877 	return err;
1878 }
1879 
1880 /**
1881  * ubifs_tnc_lookup_nm - look up a "hashed" node.
1882  * @c: UBIFS file-system description object
1883  * @key: node key to lookup
1884  * @node: the node is returned here
1885  * @nm: node name
1886  *
1887  * This function looks up and reads a node which contains name hash in the key.
1888  * Since the hash may have collisions, there may be many nodes with the same
1889  * key, so we have to sequentially look to all of them until the needed one is
1890  * found. This function returns zero in case of success, %-ENOENT if the node
1891  * was not found, and a negative error code in case of failure.
1892  */
ubifs_tnc_lookup_nm(struct ubifs_info * c,const union ubifs_key * key,void * node,const struct fscrypt_name * nm)1893 int ubifs_tnc_lookup_nm(struct ubifs_info *c, const union ubifs_key *key,
1894 			void *node, const struct fscrypt_name *nm)
1895 {
1896 	int err, len;
1897 	const struct ubifs_dent_node *dent = node;
1898 
1899 	/*
1900 	 * We assume that in most of the cases there are no name collisions and
1901 	 * 'ubifs_tnc_lookup()' returns us the right direntry.
1902 	 */
1903 	err = ubifs_tnc_lookup(c, key, node);
1904 	if (err)
1905 		return err;
1906 
1907 	len = le16_to_cpu(dent->nlen);
1908 	if (fname_len(nm) == len && !memcmp(dent->name, fname_name(nm), len))
1909 		return 0;
1910 
1911 	/*
1912 	 * Unluckily, there are hash collisions and we have to iterate over
1913 	 * them look at each direntry with colliding name hash sequentially.
1914 	 */
1915 
1916 	return do_lookup_nm(c, key, node, nm);
1917 }
1918 
search_dh_cookie(struct ubifs_info * c,const union ubifs_key * key,struct ubifs_dent_node * dent,uint32_t cookie,struct ubifs_znode ** zn,int * n,int exact)1919 static int search_dh_cookie(struct ubifs_info *c, const union ubifs_key *key,
1920 			    struct ubifs_dent_node *dent, uint32_t cookie,
1921 			    struct ubifs_znode **zn, int *n, int exact)
1922 {
1923 	int err;
1924 	struct ubifs_znode *znode = *zn;
1925 	struct ubifs_zbranch *zbr;
1926 	union ubifs_key *dkey;
1927 
1928 	if (!exact) {
1929 		err = tnc_next(c, &znode, n);
1930 		if (err)
1931 			return err;
1932 	}
1933 
1934 	for (;;) {
1935 		zbr = &znode->zbranch[*n];
1936 		dkey = &zbr->key;
1937 
1938 		if (key_inum(c, dkey) != key_inum(c, key) ||
1939 		    key_type(c, dkey) != key_type(c, key)) {
1940 			return -ENOENT;
1941 		}
1942 
1943 		err = tnc_read_hashed_node(c, zbr, dent);
1944 		if (err)
1945 			return err;
1946 
1947 		if (key_hash(c, key) == key_hash(c, dkey) &&
1948 		    le32_to_cpu(dent->cookie) == cookie) {
1949 			*zn = znode;
1950 			return 0;
1951 		}
1952 
1953 		err = tnc_next(c, &znode, n);
1954 		if (err)
1955 			return err;
1956 	}
1957 }
1958 
do_lookup_dh(struct ubifs_info * c,const union ubifs_key * key,struct ubifs_dent_node * dent,uint32_t cookie)1959 static int do_lookup_dh(struct ubifs_info *c, const union ubifs_key *key,
1960 			struct ubifs_dent_node *dent, uint32_t cookie)
1961 {
1962 	int n, err;
1963 	struct ubifs_znode *znode;
1964 	union ubifs_key start_key;
1965 
1966 	ubifs_assert(c, is_hash_key(c, key));
1967 
1968 	lowest_dent_key(c, &start_key, key_inum(c, key));
1969 
1970 	mutex_lock(&c->tnc_mutex);
1971 	err = ubifs_lookup_level0(c, &start_key, &znode, &n);
1972 	if (unlikely(err < 0))
1973 		goto out_unlock;
1974 
1975 	err = search_dh_cookie(c, key, dent, cookie, &znode, &n, err);
1976 
1977 out_unlock:
1978 	mutex_unlock(&c->tnc_mutex);
1979 	return err;
1980 }
1981 
1982 /**
1983  * ubifs_tnc_lookup_dh - look up a "double hashed" node.
1984  * @c: UBIFS file-system description object
1985  * @key: node key to lookup
1986  * @node: the node is returned here
1987  * @cookie: node cookie for collision resolution
1988  *
1989  * This function looks up and reads a node which contains name hash in the key.
1990  * Since the hash may have collisions, there may be many nodes with the same
1991  * key, so we have to sequentially look to all of them until the needed one
1992  * with the same cookie value is found.
1993  * This function returns zero in case of success, %-ENOENT if the node
1994  * was not found, and a negative error code in case of failure.
1995  */
ubifs_tnc_lookup_dh(struct ubifs_info * c,const union ubifs_key * key,void * node,uint32_t cookie)1996 int ubifs_tnc_lookup_dh(struct ubifs_info *c, const union ubifs_key *key,
1997 			void *node, uint32_t cookie)
1998 {
1999 	int err;
2000 	const struct ubifs_dent_node *dent = node;
2001 
2002 	if (!c->double_hash)
2003 		return -EOPNOTSUPP;
2004 
2005 	/*
2006 	 * We assume that in most of the cases there are no name collisions and
2007 	 * 'ubifs_tnc_lookup()' returns us the right direntry.
2008 	 */
2009 	err = ubifs_tnc_lookup(c, key, node);
2010 	if (err)
2011 		return err;
2012 
2013 	if (le32_to_cpu(dent->cookie) == cookie)
2014 		return 0;
2015 
2016 	/*
2017 	 * Unluckily, there are hash collisions and we have to iterate over
2018 	 * them look at each direntry with colliding name hash sequentially.
2019 	 */
2020 	return do_lookup_dh(c, key, node, cookie);
2021 }
2022 
2023 /**
2024  * correct_parent_keys - correct parent znodes' keys.
2025  * @c: UBIFS file-system description object
2026  * @znode: znode to correct parent znodes for
2027  *
2028  * This is a helper function for 'tnc_insert()'. When the key of the leftmost
2029  * zbranch changes, keys of parent znodes have to be corrected. This helper
2030  * function is called in such situations and corrects the keys if needed.
2031  */
correct_parent_keys(const struct ubifs_info * c,struct ubifs_znode * znode)2032 static void correct_parent_keys(const struct ubifs_info *c,
2033 				struct ubifs_znode *znode)
2034 {
2035 	union ubifs_key *key, *key1;
2036 
2037 	ubifs_assert(c, znode->parent);
2038 	ubifs_assert(c, znode->iip == 0);
2039 
2040 	key = &znode->zbranch[0].key;
2041 	key1 = &znode->parent->zbranch[0].key;
2042 
2043 	while (keys_cmp(c, key, key1) < 0) {
2044 		key_copy(c, key, key1);
2045 		znode = znode->parent;
2046 		znode->alt = 1;
2047 		if (!znode->parent || znode->iip)
2048 			break;
2049 		key1 = &znode->parent->zbranch[0].key;
2050 	}
2051 }
2052 
2053 /**
2054  * insert_zbranch - insert a zbranch into a znode.
2055  * @c: UBIFS file-system description object
2056  * @znode: znode into which to insert
2057  * @zbr: zbranch to insert
2058  * @n: slot number to insert to
2059  *
2060  * This is a helper function for 'tnc_insert()'. UBIFS does not allow "gaps" in
2061  * znode's array of zbranches and keeps zbranches consolidated, so when a new
2062  * zbranch has to be inserted to the @znode->zbranches[]' array at the @n-th
2063  * slot, zbranches starting from @n have to be moved right.
2064  */
insert_zbranch(struct ubifs_info * c,struct ubifs_znode * znode,const struct ubifs_zbranch * zbr,int n)2065 static void insert_zbranch(struct ubifs_info *c, struct ubifs_znode *znode,
2066 			   const struct ubifs_zbranch *zbr, int n)
2067 {
2068 	int i;
2069 
2070 	ubifs_assert(c, ubifs_zn_dirty(znode));
2071 
2072 	if (znode->level) {
2073 		for (i = znode->child_cnt; i > n; i--) {
2074 			znode->zbranch[i] = znode->zbranch[i - 1];
2075 			if (znode->zbranch[i].znode)
2076 				znode->zbranch[i].znode->iip = i;
2077 		}
2078 		if (zbr->znode)
2079 			zbr->znode->iip = n;
2080 	} else
2081 		for (i = znode->child_cnt; i > n; i--)
2082 			znode->zbranch[i] = znode->zbranch[i - 1];
2083 
2084 	znode->zbranch[n] = *zbr;
2085 	znode->child_cnt += 1;
2086 
2087 	/*
2088 	 * After inserting at slot zero, the lower bound of the key range of
2089 	 * this znode may have changed. If this znode is subsequently split
2090 	 * then the upper bound of the key range may change, and furthermore
2091 	 * it could change to be lower than the original lower bound. If that
2092 	 * happens, then it will no longer be possible to find this znode in the
2093 	 * TNC using the key from the index node on flash. That is bad because
2094 	 * if it is not found, we will assume it is obsolete and may overwrite
2095 	 * it. Then if there is an unclean unmount, we will start using the
2096 	 * old index which will be broken.
2097 	 *
2098 	 * So we first mark znodes that have insertions at slot zero, and then
2099 	 * if they are split we add their lnum/offs to the old_idx tree.
2100 	 */
2101 	if (n == 0)
2102 		znode->alt = 1;
2103 }
2104 
2105 /**
2106  * tnc_insert - insert a node into TNC.
2107  * @c: UBIFS file-system description object
2108  * @znode: znode to insert into
2109  * @zbr: branch to insert
2110  * @n: slot number to insert new zbranch to
2111  *
2112  * This function inserts a new node described by @zbr into znode @znode. If
2113  * znode does not have a free slot for new zbranch, it is split. Parent znodes
2114  * are splat as well if needed. Returns zero in case of success or a negative
2115  * error code in case of failure.
2116  */
tnc_insert(struct ubifs_info * c,struct ubifs_znode * znode,struct ubifs_zbranch * zbr,int n)2117 static int tnc_insert(struct ubifs_info *c, struct ubifs_znode *znode,
2118 		      struct ubifs_zbranch *zbr, int n)
2119 {
2120 	struct ubifs_znode *zn, *zi, *zp;
2121 	int i, keep, move, appending = 0;
2122 	union ubifs_key *key = &zbr->key, *key1;
2123 
2124 	ubifs_assert(c, n >= 0 && n <= c->fanout);
2125 
2126 	/* Implement naive insert for now */
2127 again:
2128 	zp = znode->parent;
2129 	if (znode->child_cnt < c->fanout) {
2130 		ubifs_assert(c, n != c->fanout);
2131 		dbg_tnck(key, "inserted at %d level %d, key ", n, znode->level);
2132 
2133 		insert_zbranch(c, znode, zbr, n);
2134 
2135 		/* Ensure parent's key is correct */
2136 		if (n == 0 && zp && znode->iip == 0)
2137 			correct_parent_keys(c, znode);
2138 
2139 		return 0;
2140 	}
2141 
2142 	/*
2143 	 * Unfortunately, @znode does not have more empty slots and we have to
2144 	 * split it.
2145 	 */
2146 	dbg_tnck(key, "splitting level %d, key ", znode->level);
2147 
2148 	if (znode->alt)
2149 		/*
2150 		 * We can no longer be sure of finding this znode by key, so we
2151 		 * record it in the old_idx tree.
2152 		 */
2153 		ins_clr_old_idx_znode(c, znode);
2154 
2155 	zn = kzalloc(c->max_znode_sz, GFP_NOFS);
2156 	if (!zn)
2157 		return -ENOMEM;
2158 	zn->parent = zp;
2159 	zn->level = znode->level;
2160 
2161 	/* Decide where to split */
2162 	if (znode->level == 0 && key_type(c, key) == UBIFS_DATA_KEY) {
2163 		/* Try not to split consecutive data keys */
2164 		if (n == c->fanout) {
2165 			key1 = &znode->zbranch[n - 1].key;
2166 			if (key_inum(c, key1) == key_inum(c, key) &&
2167 			    key_type(c, key1) == UBIFS_DATA_KEY)
2168 				appending = 1;
2169 		} else
2170 			goto check_split;
2171 	} else if (appending && n != c->fanout) {
2172 		/* Try not to split consecutive data keys */
2173 		appending = 0;
2174 check_split:
2175 		if (n >= (c->fanout + 1) / 2) {
2176 			key1 = &znode->zbranch[0].key;
2177 			if (key_inum(c, key1) == key_inum(c, key) &&
2178 			    key_type(c, key1) == UBIFS_DATA_KEY) {
2179 				key1 = &znode->zbranch[n].key;
2180 				if (key_inum(c, key1) != key_inum(c, key) ||
2181 				    key_type(c, key1) != UBIFS_DATA_KEY) {
2182 					keep = n;
2183 					move = c->fanout - keep;
2184 					zi = znode;
2185 					goto do_split;
2186 				}
2187 			}
2188 		}
2189 	}
2190 
2191 	if (appending) {
2192 		keep = c->fanout;
2193 		move = 0;
2194 	} else {
2195 		keep = (c->fanout + 1) / 2;
2196 		move = c->fanout - keep;
2197 	}
2198 
2199 	/*
2200 	 * Although we don't at present, we could look at the neighbors and see
2201 	 * if we can move some zbranches there.
2202 	 */
2203 
2204 	if (n < keep) {
2205 		/* Insert into existing znode */
2206 		zi = znode;
2207 		move += 1;
2208 		keep -= 1;
2209 	} else {
2210 		/* Insert into new znode */
2211 		zi = zn;
2212 		n -= keep;
2213 		/* Re-parent */
2214 		if (zn->level != 0)
2215 			zbr->znode->parent = zn;
2216 	}
2217 
2218 do_split:
2219 
2220 	__set_bit(DIRTY_ZNODE, &zn->flags);
2221 	atomic_long_inc(&c->dirty_zn_cnt);
2222 
2223 	zn->child_cnt = move;
2224 	znode->child_cnt = keep;
2225 
2226 	dbg_tnc("moving %d, keeping %d", move, keep);
2227 
2228 	/* Move zbranch */
2229 	for (i = 0; i < move; i++) {
2230 		zn->zbranch[i] = znode->zbranch[keep + i];
2231 		/* Re-parent */
2232 		if (zn->level != 0)
2233 			if (zn->zbranch[i].znode) {
2234 				zn->zbranch[i].znode->parent = zn;
2235 				zn->zbranch[i].znode->iip = i;
2236 			}
2237 	}
2238 
2239 	/* Insert new key and branch */
2240 	dbg_tnck(key, "inserting at %d level %d, key ", n, zn->level);
2241 
2242 	insert_zbranch(c, zi, zbr, n);
2243 
2244 	/* Insert new znode (produced by spitting) into the parent */
2245 	if (zp) {
2246 		if (n == 0 && zi == znode && znode->iip == 0)
2247 			correct_parent_keys(c, znode);
2248 
2249 		/* Locate insertion point */
2250 		n = znode->iip + 1;
2251 
2252 		/* Tail recursion */
2253 		zbr->key = zn->zbranch[0].key;
2254 		zbr->znode = zn;
2255 		zbr->lnum = 0;
2256 		zbr->offs = 0;
2257 		zbr->len = 0;
2258 		znode = zp;
2259 
2260 		goto again;
2261 	}
2262 
2263 	/* We have to split root znode */
2264 	dbg_tnc("creating new zroot at level %d", znode->level + 1);
2265 
2266 	zi = kzalloc(c->max_znode_sz, GFP_NOFS);
2267 	if (!zi)
2268 		return -ENOMEM;
2269 
2270 	zi->child_cnt = 2;
2271 	zi->level = znode->level + 1;
2272 
2273 	__set_bit(DIRTY_ZNODE, &zi->flags);
2274 	atomic_long_inc(&c->dirty_zn_cnt);
2275 
2276 	zi->zbranch[0].key = znode->zbranch[0].key;
2277 	zi->zbranch[0].znode = znode;
2278 	zi->zbranch[0].lnum = c->zroot.lnum;
2279 	zi->zbranch[0].offs = c->zroot.offs;
2280 	zi->zbranch[0].len = c->zroot.len;
2281 	zi->zbranch[1].key = zn->zbranch[0].key;
2282 	zi->zbranch[1].znode = zn;
2283 
2284 	c->zroot.lnum = 0;
2285 	c->zroot.offs = 0;
2286 	c->zroot.len = 0;
2287 	c->zroot.znode = zi;
2288 
2289 	zn->parent = zi;
2290 	zn->iip = 1;
2291 	znode->parent = zi;
2292 	znode->iip = 0;
2293 
2294 	return 0;
2295 }
2296 
2297 /**
2298  * ubifs_tnc_add - add a node to TNC.
2299  * @c: UBIFS file-system description object
2300  * @key: key to add
2301  * @lnum: LEB number of node
2302  * @offs: node offset
2303  * @len: node length
2304  * @hash: The hash over the node
2305  *
2306  * This function adds a node with key @key to TNC. The node may be new or it may
2307  * obsolete some existing one. Returns %0 on success or negative error code on
2308  * failure.
2309  */
ubifs_tnc_add(struct ubifs_info * c,const union ubifs_key * key,int lnum,int offs,int len,const u8 * hash)2310 int ubifs_tnc_add(struct ubifs_info *c, const union ubifs_key *key, int lnum,
2311 		  int offs, int len, const u8 *hash)
2312 {
2313 	int found, n, err = 0;
2314 	struct ubifs_znode *znode;
2315 
2316 	mutex_lock(&c->tnc_mutex);
2317 	dbg_tnck(key, "%d:%d, len %d, key ", lnum, offs, len);
2318 	found = lookup_level0_dirty(c, key, &znode, &n);
2319 	if (!found) {
2320 		struct ubifs_zbranch zbr;
2321 
2322 		zbr.znode = NULL;
2323 		zbr.lnum = lnum;
2324 		zbr.offs = offs;
2325 		zbr.len = len;
2326 		ubifs_copy_hash(c, hash, zbr.hash);
2327 		key_copy(c, key, &zbr.key);
2328 		err = tnc_insert(c, znode, &zbr, n + 1);
2329 	} else if (found == 1) {
2330 		struct ubifs_zbranch *zbr = &znode->zbranch[n];
2331 
2332 		lnc_free(zbr);
2333 		err = ubifs_add_dirt(c, zbr->lnum, zbr->len);
2334 		zbr->lnum = lnum;
2335 		zbr->offs = offs;
2336 		zbr->len = len;
2337 		ubifs_copy_hash(c, hash, zbr->hash);
2338 	} else
2339 		err = found;
2340 	if (!err)
2341 		err = dbg_check_tnc(c, 0);
2342 	mutex_unlock(&c->tnc_mutex);
2343 
2344 	return err;
2345 }
2346 
2347 /**
2348  * ubifs_tnc_replace - replace a node in the TNC only if the old node is found.
2349  * @c: UBIFS file-system description object
2350  * @key: key to add
2351  * @old_lnum: LEB number of old node
2352  * @old_offs: old node offset
2353  * @lnum: LEB number of node
2354  * @offs: node offset
2355  * @len: node length
2356  *
2357  * This function replaces a node with key @key in the TNC only if the old node
2358  * is found.  This function is called by garbage collection when node are moved.
2359  * Returns %0 on success or negative error code on failure.
2360  */
ubifs_tnc_replace(struct ubifs_info * c,const union ubifs_key * key,int old_lnum,int old_offs,int lnum,int offs,int len)2361 int ubifs_tnc_replace(struct ubifs_info *c, const union ubifs_key *key,
2362 		      int old_lnum, int old_offs, int lnum, int offs, int len)
2363 {
2364 	int found, n, err = 0;
2365 	struct ubifs_znode *znode;
2366 
2367 	mutex_lock(&c->tnc_mutex);
2368 	dbg_tnck(key, "old LEB %d:%d, new LEB %d:%d, len %d, key ", old_lnum,
2369 		 old_offs, lnum, offs, len);
2370 	found = lookup_level0_dirty(c, key, &znode, &n);
2371 	if (found < 0) {
2372 		err = found;
2373 		goto out_unlock;
2374 	}
2375 
2376 	if (found == 1) {
2377 		struct ubifs_zbranch *zbr = &znode->zbranch[n];
2378 
2379 		found = 0;
2380 		if (zbr->lnum == old_lnum && zbr->offs == old_offs) {
2381 			lnc_free(zbr);
2382 			err = ubifs_add_dirt(c, zbr->lnum, zbr->len);
2383 			if (err)
2384 				goto out_unlock;
2385 			zbr->lnum = lnum;
2386 			zbr->offs = offs;
2387 			zbr->len = len;
2388 			found = 1;
2389 		} else if (is_hash_key(c, key)) {
2390 			found = resolve_collision_directly(c, key, &znode, &n,
2391 							   old_lnum, old_offs);
2392 			dbg_tnc("rc returned %d, znode %p, n %d, LEB %d:%d",
2393 				found, znode, n, old_lnum, old_offs);
2394 			if (found < 0) {
2395 				err = found;
2396 				goto out_unlock;
2397 			}
2398 
2399 			if (found) {
2400 				/* Ensure the znode is dirtied */
2401 				if (znode->cnext || !ubifs_zn_dirty(znode)) {
2402 					znode = dirty_cow_bottom_up(c, znode);
2403 					if (IS_ERR(znode)) {
2404 						err = PTR_ERR(znode);
2405 						goto out_unlock;
2406 					}
2407 				}
2408 				zbr = &znode->zbranch[n];
2409 				lnc_free(zbr);
2410 				err = ubifs_add_dirt(c, zbr->lnum,
2411 						     zbr->len);
2412 				if (err)
2413 					goto out_unlock;
2414 				zbr->lnum = lnum;
2415 				zbr->offs = offs;
2416 				zbr->len = len;
2417 			}
2418 		}
2419 	}
2420 
2421 	if (!found)
2422 		err = ubifs_add_dirt(c, lnum, len);
2423 
2424 	if (!err)
2425 		err = dbg_check_tnc(c, 0);
2426 
2427 out_unlock:
2428 	mutex_unlock(&c->tnc_mutex);
2429 	return err;
2430 }
2431 
2432 /**
2433  * ubifs_tnc_add_nm - add a "hashed" node to TNC.
2434  * @c: UBIFS file-system description object
2435  * @key: key to add
2436  * @lnum: LEB number of node
2437  * @offs: node offset
2438  * @len: node length
2439  * @hash: The hash over the node
2440  * @nm: node name
2441  *
2442  * This is the same as 'ubifs_tnc_add()' but it should be used with keys which
2443  * may have collisions, like directory entry keys.
2444  */
ubifs_tnc_add_nm(struct ubifs_info * c,const union ubifs_key * key,int lnum,int offs,int len,const u8 * hash,const struct fscrypt_name * nm)2445 int ubifs_tnc_add_nm(struct ubifs_info *c, const union ubifs_key *key,
2446 		     int lnum, int offs, int len, const u8 *hash,
2447 		     const struct fscrypt_name *nm)
2448 {
2449 	int found, n, err = 0;
2450 	struct ubifs_znode *znode;
2451 
2452 	mutex_lock(&c->tnc_mutex);
2453 	dbg_tnck(key, "LEB %d:%d, key ", lnum, offs);
2454 	found = lookup_level0_dirty(c, key, &znode, &n);
2455 	if (found < 0) {
2456 		err = found;
2457 		goto out_unlock;
2458 	}
2459 
2460 	if (found == 1) {
2461 		if (c->replaying)
2462 			found = fallible_resolve_collision(c, key, &znode, &n,
2463 							   nm, 1);
2464 		else
2465 			found = resolve_collision(c, key, &znode, &n, nm);
2466 		dbg_tnc("rc returned %d, znode %p, n %d", found, znode, n);
2467 		if (found < 0) {
2468 			err = found;
2469 			goto out_unlock;
2470 		}
2471 
2472 		/* Ensure the znode is dirtied */
2473 		if (znode->cnext || !ubifs_zn_dirty(znode)) {
2474 			znode = dirty_cow_bottom_up(c, znode);
2475 			if (IS_ERR(znode)) {
2476 				err = PTR_ERR(znode);
2477 				goto out_unlock;
2478 			}
2479 		}
2480 
2481 		if (found == 1) {
2482 			struct ubifs_zbranch *zbr = &znode->zbranch[n];
2483 
2484 			lnc_free(zbr);
2485 			err = ubifs_add_dirt(c, zbr->lnum, zbr->len);
2486 			zbr->lnum = lnum;
2487 			zbr->offs = offs;
2488 			zbr->len = len;
2489 			ubifs_copy_hash(c, hash, zbr->hash);
2490 			goto out_unlock;
2491 		}
2492 	}
2493 
2494 	if (!found) {
2495 		struct ubifs_zbranch zbr;
2496 
2497 		zbr.znode = NULL;
2498 		zbr.lnum = lnum;
2499 		zbr.offs = offs;
2500 		zbr.len = len;
2501 		ubifs_copy_hash(c, hash, zbr.hash);
2502 		key_copy(c, key, &zbr.key);
2503 		err = tnc_insert(c, znode, &zbr, n + 1);
2504 		if (err)
2505 			goto out_unlock;
2506 		if (c->replaying) {
2507 			/*
2508 			 * We did not find it in the index so there may be a
2509 			 * dangling branch still in the index. So we remove it
2510 			 * by passing 'ubifs_tnc_remove_nm()' the same key but
2511 			 * an unmatchable name.
2512 			 */
2513 			struct fscrypt_name noname = { .disk_name = { .name = "", .len = 1 } };
2514 
2515 			err = dbg_check_tnc(c, 0);
2516 			mutex_unlock(&c->tnc_mutex);
2517 			if (err)
2518 				return err;
2519 			return ubifs_tnc_remove_nm(c, key, &noname);
2520 		}
2521 	}
2522 
2523 out_unlock:
2524 	if (!err)
2525 		err = dbg_check_tnc(c, 0);
2526 	mutex_unlock(&c->tnc_mutex);
2527 	return err;
2528 }
2529 
2530 /**
2531  * tnc_delete - delete a znode form TNC.
2532  * @c: UBIFS file-system description object
2533  * @znode: znode to delete from
2534  * @n: zbranch slot number to delete
2535  *
2536  * This function deletes a leaf node from @n-th slot of @znode. Returns zero in
2537  * case of success and a negative error code in case of failure.
2538  */
tnc_delete(struct ubifs_info * c,struct ubifs_znode * znode,int n)2539 static int tnc_delete(struct ubifs_info *c, struct ubifs_znode *znode, int n)
2540 {
2541 	struct ubifs_zbranch *zbr;
2542 	struct ubifs_znode *zp;
2543 	int i, err;
2544 
2545 	/* Delete without merge for now */
2546 	ubifs_assert(c, znode->level == 0);
2547 	ubifs_assert(c, n >= 0 && n < c->fanout);
2548 	dbg_tnck(&znode->zbranch[n].key, "deleting key ");
2549 
2550 	zbr = &znode->zbranch[n];
2551 	lnc_free(zbr);
2552 
2553 	err = ubifs_add_dirt(c, zbr->lnum, zbr->len);
2554 	if (err) {
2555 		ubifs_dump_znode(c, znode);
2556 		return err;
2557 	}
2558 
2559 	/* We do not "gap" zbranch slots */
2560 	for (i = n; i < znode->child_cnt - 1; i++)
2561 		znode->zbranch[i] = znode->zbranch[i + 1];
2562 	znode->child_cnt -= 1;
2563 
2564 	if (znode->child_cnt > 0)
2565 		return 0;
2566 
2567 	/*
2568 	 * This was the last zbranch, we have to delete this znode from the
2569 	 * parent.
2570 	 */
2571 
2572 	do {
2573 		ubifs_assert(c, !ubifs_zn_obsolete(znode));
2574 		ubifs_assert(c, ubifs_zn_dirty(znode));
2575 
2576 		zp = znode->parent;
2577 		n = znode->iip;
2578 
2579 		atomic_long_dec(&c->dirty_zn_cnt);
2580 
2581 		err = insert_old_idx_znode(c, znode);
2582 		if (err)
2583 			return err;
2584 
2585 		if (znode->cnext) {
2586 			__set_bit(OBSOLETE_ZNODE, &znode->flags);
2587 			atomic_long_inc(&c->clean_zn_cnt);
2588 			atomic_long_inc(&ubifs_clean_zn_cnt);
2589 		} else
2590 			kfree(znode);
2591 		znode = zp;
2592 	} while (znode->child_cnt == 1); /* while removing last child */
2593 
2594 	/* Remove from znode, entry n - 1 */
2595 	znode->child_cnt -= 1;
2596 	ubifs_assert(c, znode->level != 0);
2597 	for (i = n; i < znode->child_cnt; i++) {
2598 		znode->zbranch[i] = znode->zbranch[i + 1];
2599 		if (znode->zbranch[i].znode)
2600 			znode->zbranch[i].znode->iip = i;
2601 	}
2602 
2603 	/*
2604 	 * If this is the root and it has only 1 child then
2605 	 * collapse the tree.
2606 	 */
2607 	if (!znode->parent) {
2608 		while (znode->child_cnt == 1 && znode->level != 0) {
2609 			zp = znode;
2610 			zbr = &znode->zbranch[0];
2611 			znode = get_znode(c, znode, 0);
2612 			if (IS_ERR(znode))
2613 				return PTR_ERR(znode);
2614 			znode = dirty_cow_znode(c, zbr);
2615 			if (IS_ERR(znode))
2616 				return PTR_ERR(znode);
2617 			znode->parent = NULL;
2618 			znode->iip = 0;
2619 			if (c->zroot.len) {
2620 				err = insert_old_idx(c, c->zroot.lnum,
2621 						     c->zroot.offs);
2622 				if (err)
2623 					return err;
2624 			}
2625 			c->zroot.lnum = zbr->lnum;
2626 			c->zroot.offs = zbr->offs;
2627 			c->zroot.len = zbr->len;
2628 			c->zroot.znode = znode;
2629 			ubifs_assert(c, !ubifs_zn_obsolete(zp));
2630 			ubifs_assert(c, ubifs_zn_dirty(zp));
2631 			atomic_long_dec(&c->dirty_zn_cnt);
2632 
2633 			if (zp->cnext) {
2634 				__set_bit(OBSOLETE_ZNODE, &zp->flags);
2635 				atomic_long_inc(&c->clean_zn_cnt);
2636 				atomic_long_inc(&ubifs_clean_zn_cnt);
2637 			} else
2638 				kfree(zp);
2639 		}
2640 	}
2641 
2642 	return 0;
2643 }
2644 
2645 /**
2646  * ubifs_tnc_remove - remove an index entry of a node.
2647  * @c: UBIFS file-system description object
2648  * @key: key of node
2649  *
2650  * Returns %0 on success or negative error code on failure.
2651  */
ubifs_tnc_remove(struct ubifs_info * c,const union ubifs_key * key)2652 int ubifs_tnc_remove(struct ubifs_info *c, const union ubifs_key *key)
2653 {
2654 	int found, n, err = 0;
2655 	struct ubifs_znode *znode;
2656 
2657 	mutex_lock(&c->tnc_mutex);
2658 	dbg_tnck(key, "key ");
2659 	found = lookup_level0_dirty(c, key, &znode, &n);
2660 	if (found < 0) {
2661 		err = found;
2662 		goto out_unlock;
2663 	}
2664 	if (found == 1)
2665 		err = tnc_delete(c, znode, n);
2666 	if (!err)
2667 		err = dbg_check_tnc(c, 0);
2668 
2669 out_unlock:
2670 	mutex_unlock(&c->tnc_mutex);
2671 	return err;
2672 }
2673 
2674 /**
2675  * ubifs_tnc_remove_nm - remove an index entry for a "hashed" node.
2676  * @c: UBIFS file-system description object
2677  * @key: key of node
2678  * @nm: directory entry name
2679  *
2680  * Returns %0 on success or negative error code on failure.
2681  */
ubifs_tnc_remove_nm(struct ubifs_info * c,const union ubifs_key * key,const struct fscrypt_name * nm)2682 int ubifs_tnc_remove_nm(struct ubifs_info *c, const union ubifs_key *key,
2683 			const struct fscrypt_name *nm)
2684 {
2685 	int n, err;
2686 	struct ubifs_znode *znode;
2687 
2688 	mutex_lock(&c->tnc_mutex);
2689 	dbg_tnck(key, "key ");
2690 	err = lookup_level0_dirty(c, key, &znode, &n);
2691 	if (err < 0)
2692 		goto out_unlock;
2693 
2694 	if (err) {
2695 		if (c->replaying)
2696 			err = fallible_resolve_collision(c, key, &znode, &n,
2697 							 nm, 0);
2698 		else
2699 			err = resolve_collision(c, key, &znode, &n, nm);
2700 		dbg_tnc("rc returned %d, znode %p, n %d", err, znode, n);
2701 		if (err < 0)
2702 			goto out_unlock;
2703 		if (err) {
2704 			/* Ensure the znode is dirtied */
2705 			if (znode->cnext || !ubifs_zn_dirty(znode)) {
2706 				znode = dirty_cow_bottom_up(c, znode);
2707 				if (IS_ERR(znode)) {
2708 					err = PTR_ERR(znode);
2709 					goto out_unlock;
2710 				}
2711 			}
2712 			err = tnc_delete(c, znode, n);
2713 		}
2714 	}
2715 
2716 out_unlock:
2717 	if (!err)
2718 		err = dbg_check_tnc(c, 0);
2719 	mutex_unlock(&c->tnc_mutex);
2720 	return err;
2721 }
2722 
2723 /**
2724  * ubifs_tnc_remove_dh - remove an index entry for a "double hashed" node.
2725  * @c: UBIFS file-system description object
2726  * @key: key of node
2727  * @cookie: node cookie for collision resolution
2728  *
2729  * Returns %0 on success or negative error code on failure.
2730  */
ubifs_tnc_remove_dh(struct ubifs_info * c,const union ubifs_key * key,uint32_t cookie)2731 int ubifs_tnc_remove_dh(struct ubifs_info *c, const union ubifs_key *key,
2732 			uint32_t cookie)
2733 {
2734 	int n, err;
2735 	struct ubifs_znode *znode;
2736 	struct ubifs_dent_node *dent;
2737 	struct ubifs_zbranch *zbr;
2738 
2739 	if (!c->double_hash)
2740 		return -EOPNOTSUPP;
2741 
2742 	mutex_lock(&c->tnc_mutex);
2743 	err = lookup_level0_dirty(c, key, &znode, &n);
2744 	if (err <= 0)
2745 		goto out_unlock;
2746 
2747 	zbr = &znode->zbranch[n];
2748 	dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
2749 	if (!dent) {
2750 		err = -ENOMEM;
2751 		goto out_unlock;
2752 	}
2753 
2754 	err = tnc_read_hashed_node(c, zbr, dent);
2755 	if (err)
2756 		goto out_free;
2757 
2758 	/* If the cookie does not match, we're facing a hash collision. */
2759 	if (le32_to_cpu(dent->cookie) != cookie) {
2760 		union ubifs_key start_key;
2761 
2762 		lowest_dent_key(c, &start_key, key_inum(c, key));
2763 
2764 		err = ubifs_lookup_level0(c, &start_key, &znode, &n);
2765 		if (unlikely(err < 0))
2766 			goto out_free;
2767 
2768 		err = search_dh_cookie(c, key, dent, cookie, &znode, &n, err);
2769 		if (err)
2770 			goto out_free;
2771 	}
2772 
2773 	if (znode->cnext || !ubifs_zn_dirty(znode)) {
2774 		znode = dirty_cow_bottom_up(c, znode);
2775 		if (IS_ERR(znode)) {
2776 			err = PTR_ERR(znode);
2777 			goto out_free;
2778 		}
2779 	}
2780 	err = tnc_delete(c, znode, n);
2781 
2782 out_free:
2783 	kfree(dent);
2784 out_unlock:
2785 	if (!err)
2786 		err = dbg_check_tnc(c, 0);
2787 	mutex_unlock(&c->tnc_mutex);
2788 	return err;
2789 }
2790 
2791 /**
2792  * key_in_range - determine if a key falls within a range of keys.
2793  * @c: UBIFS file-system description object
2794  * @key: key to check
2795  * @from_key: lowest key in range
2796  * @to_key: highest key in range
2797  *
2798  * This function returns %1 if the key is in range and %0 otherwise.
2799  */
key_in_range(struct ubifs_info * c,union ubifs_key * key,union ubifs_key * from_key,union ubifs_key * to_key)2800 static int key_in_range(struct ubifs_info *c, union ubifs_key *key,
2801 			union ubifs_key *from_key, union ubifs_key *to_key)
2802 {
2803 	if (keys_cmp(c, key, from_key) < 0)
2804 		return 0;
2805 	if (keys_cmp(c, key, to_key) > 0)
2806 		return 0;
2807 	return 1;
2808 }
2809 
2810 /**
2811  * ubifs_tnc_remove_range - remove index entries in range.
2812  * @c: UBIFS file-system description object
2813  * @from_key: lowest key to remove
2814  * @to_key: highest key to remove
2815  *
2816  * This function removes index entries starting at @from_key and ending at
2817  * @to_key.  This function returns zero in case of success and a negative error
2818  * code in case of failure.
2819  */
ubifs_tnc_remove_range(struct ubifs_info * c,union ubifs_key * from_key,union ubifs_key * to_key)2820 int ubifs_tnc_remove_range(struct ubifs_info *c, union ubifs_key *from_key,
2821 			   union ubifs_key *to_key)
2822 {
2823 	int i, n, k, err = 0;
2824 	struct ubifs_znode *znode;
2825 	union ubifs_key *key;
2826 
2827 	mutex_lock(&c->tnc_mutex);
2828 	while (1) {
2829 		/* Find first level 0 znode that contains keys to remove */
2830 		err = ubifs_lookup_level0(c, from_key, &znode, &n);
2831 		if (err < 0)
2832 			goto out_unlock;
2833 
2834 		if (err)
2835 			key = from_key;
2836 		else {
2837 			err = tnc_next(c, &znode, &n);
2838 			if (err == -ENOENT) {
2839 				err = 0;
2840 				goto out_unlock;
2841 			}
2842 			if (err < 0)
2843 				goto out_unlock;
2844 			key = &znode->zbranch[n].key;
2845 			if (!key_in_range(c, key, from_key, to_key)) {
2846 				err = 0;
2847 				goto out_unlock;
2848 			}
2849 		}
2850 
2851 		/* Ensure the znode is dirtied */
2852 		if (znode->cnext || !ubifs_zn_dirty(znode)) {
2853 			znode = dirty_cow_bottom_up(c, znode);
2854 			if (IS_ERR(znode)) {
2855 				err = PTR_ERR(znode);
2856 				goto out_unlock;
2857 			}
2858 		}
2859 
2860 		/* Remove all keys in range except the first */
2861 		for (i = n + 1, k = 0; i < znode->child_cnt; i++, k++) {
2862 			key = &znode->zbranch[i].key;
2863 			if (!key_in_range(c, key, from_key, to_key))
2864 				break;
2865 			lnc_free(&znode->zbranch[i]);
2866 			err = ubifs_add_dirt(c, znode->zbranch[i].lnum,
2867 					     znode->zbranch[i].len);
2868 			if (err) {
2869 				ubifs_dump_znode(c, znode);
2870 				goto out_unlock;
2871 			}
2872 			dbg_tnck(key, "removing key ");
2873 		}
2874 		if (k) {
2875 			for (i = n + 1 + k; i < znode->child_cnt; i++)
2876 				znode->zbranch[i - k] = znode->zbranch[i];
2877 			znode->child_cnt -= k;
2878 		}
2879 
2880 		/* Now delete the first */
2881 		err = tnc_delete(c, znode, n);
2882 		if (err)
2883 			goto out_unlock;
2884 	}
2885 
2886 out_unlock:
2887 	if (!err)
2888 		err = dbg_check_tnc(c, 0);
2889 	mutex_unlock(&c->tnc_mutex);
2890 	return err;
2891 }
2892 
2893 /**
2894  * ubifs_tnc_remove_ino - remove an inode from TNC.
2895  * @c: UBIFS file-system description object
2896  * @inum: inode number to remove
2897  *
2898  * This function remove inode @inum and all the extended attributes associated
2899  * with the anode from TNC and returns zero in case of success or a negative
2900  * error code in case of failure.
2901  */
ubifs_tnc_remove_ino(struct ubifs_info * c,ino_t inum)2902 int ubifs_tnc_remove_ino(struct ubifs_info *c, ino_t inum)
2903 {
2904 	union ubifs_key key1, key2;
2905 	struct ubifs_dent_node *xent, *pxent = NULL;
2906 	struct fscrypt_name nm = {0};
2907 
2908 	dbg_tnc("ino %lu", (unsigned long)inum);
2909 
2910 	/*
2911 	 * Walk all extended attribute entries and remove them together with
2912 	 * corresponding extended attribute inodes.
2913 	 */
2914 	lowest_xent_key(c, &key1, inum);
2915 	while (1) {
2916 		ino_t xattr_inum;
2917 		int err;
2918 
2919 		xent = ubifs_tnc_next_ent(c, &key1, &nm);
2920 		if (IS_ERR(xent)) {
2921 			err = PTR_ERR(xent);
2922 			if (err == -ENOENT)
2923 				break;
2924 			kfree(pxent);
2925 			return err;
2926 		}
2927 
2928 		xattr_inum = le64_to_cpu(xent->inum);
2929 		dbg_tnc("xent '%s', ino %lu", xent->name,
2930 			(unsigned long)xattr_inum);
2931 
2932 		ubifs_evict_xattr_inode(c, xattr_inum);
2933 
2934 		fname_name(&nm) = xent->name;
2935 		fname_len(&nm) = le16_to_cpu(xent->nlen);
2936 		err = ubifs_tnc_remove_nm(c, &key1, &nm);
2937 		if (err) {
2938 			kfree(pxent);
2939 			kfree(xent);
2940 			return err;
2941 		}
2942 
2943 		lowest_ino_key(c, &key1, xattr_inum);
2944 		highest_ino_key(c, &key2, xattr_inum);
2945 		err = ubifs_tnc_remove_range(c, &key1, &key2);
2946 		if (err) {
2947 			kfree(pxent);
2948 			kfree(xent);
2949 			return err;
2950 		}
2951 
2952 		kfree(pxent);
2953 		pxent = xent;
2954 		key_read(c, &xent->key, &key1);
2955 	}
2956 
2957 	kfree(pxent);
2958 	lowest_ino_key(c, &key1, inum);
2959 	highest_ino_key(c, &key2, inum);
2960 
2961 	return ubifs_tnc_remove_range(c, &key1, &key2);
2962 }
2963 
2964 /**
2965  * ubifs_tnc_next_ent - walk directory or extended attribute entries.
2966  * @c: UBIFS file-system description object
2967  * @key: key of last entry
2968  * @nm: name of last entry found or %NULL
2969  *
2970  * This function finds and reads the next directory or extended attribute entry
2971  * after the given key (@key) if there is one. @nm is used to resolve
2972  * collisions.
2973  *
2974  * If the name of the current entry is not known and only the key is known,
2975  * @nm->name has to be %NULL. In this case the semantics of this function is a
2976  * little bit different and it returns the entry corresponding to this key, not
2977  * the next one. If the key was not found, the closest "right" entry is
2978  * returned.
2979  *
2980  * If the fist entry has to be found, @key has to contain the lowest possible
2981  * key value for this inode and @name has to be %NULL.
2982  *
2983  * This function returns the found directory or extended attribute entry node
2984  * in case of success, %-ENOENT is returned if no entry was found, and a
2985  * negative error code is returned in case of failure.
2986  */
ubifs_tnc_next_ent(struct ubifs_info * c,union ubifs_key * key,const struct fscrypt_name * nm)2987 struct ubifs_dent_node *ubifs_tnc_next_ent(struct ubifs_info *c,
2988 					   union ubifs_key *key,
2989 					   const struct fscrypt_name *nm)
2990 {
2991 	int n, err, type = key_type(c, key);
2992 	struct ubifs_znode *znode;
2993 	struct ubifs_dent_node *dent;
2994 	struct ubifs_zbranch *zbr;
2995 	union ubifs_key *dkey;
2996 
2997 	dbg_tnck(key, "key ");
2998 	ubifs_assert(c, is_hash_key(c, key));
2999 
3000 	mutex_lock(&c->tnc_mutex);
3001 	err = ubifs_lookup_level0(c, key, &znode, &n);
3002 	if (unlikely(err < 0))
3003 		goto out_unlock;
3004 
3005 	if (fname_len(nm) > 0) {
3006 		if (err) {
3007 			/* Handle collisions */
3008 			if (c->replaying)
3009 				err = fallible_resolve_collision(c, key, &znode, &n,
3010 							 nm, 0);
3011 			else
3012 				err = resolve_collision(c, key, &znode, &n, nm);
3013 			dbg_tnc("rc returned %d, znode %p, n %d",
3014 				err, znode, n);
3015 			if (unlikely(err < 0))
3016 				goto out_unlock;
3017 		}
3018 
3019 		/* Now find next entry */
3020 		err = tnc_next(c, &znode, &n);
3021 		if (unlikely(err))
3022 			goto out_unlock;
3023 	} else {
3024 		/*
3025 		 * The full name of the entry was not given, in which case the
3026 		 * behavior of this function is a little different and it
3027 		 * returns current entry, not the next one.
3028 		 */
3029 		if (!err) {
3030 			/*
3031 			 * However, the given key does not exist in the TNC
3032 			 * tree and @znode/@n variables contain the closest
3033 			 * "preceding" element. Switch to the next one.
3034 			 */
3035 			err = tnc_next(c, &znode, &n);
3036 			if (err)
3037 				goto out_unlock;
3038 		}
3039 	}
3040 
3041 	zbr = &znode->zbranch[n];
3042 	dent = kmalloc(zbr->len, GFP_NOFS);
3043 	if (unlikely(!dent)) {
3044 		err = -ENOMEM;
3045 		goto out_unlock;
3046 	}
3047 
3048 	/*
3049 	 * The above 'tnc_next()' call could lead us to the next inode, check
3050 	 * this.
3051 	 */
3052 	dkey = &zbr->key;
3053 	if (key_inum(c, dkey) != key_inum(c, key) ||
3054 	    key_type(c, dkey) != type) {
3055 		err = -ENOENT;
3056 		goto out_free;
3057 	}
3058 
3059 	err = tnc_read_hashed_node(c, zbr, dent);
3060 	if (unlikely(err))
3061 		goto out_free;
3062 
3063 	mutex_unlock(&c->tnc_mutex);
3064 	return dent;
3065 
3066 out_free:
3067 	kfree(dent);
3068 out_unlock:
3069 	mutex_unlock(&c->tnc_mutex);
3070 	return ERR_PTR(err);
3071 }
3072 
3073 /**
3074  * tnc_destroy_cnext - destroy left-over obsolete znodes from a failed commit.
3075  * @c: UBIFS file-system description object
3076  *
3077  * Destroy left-over obsolete znodes from a failed commit.
3078  */
tnc_destroy_cnext(struct ubifs_info * c)3079 static void tnc_destroy_cnext(struct ubifs_info *c)
3080 {
3081 	struct ubifs_znode *cnext;
3082 
3083 	if (!c->cnext)
3084 		return;
3085 	ubifs_assert(c, c->cmt_state == COMMIT_BROKEN);
3086 	cnext = c->cnext;
3087 	do {
3088 		struct ubifs_znode *znode = cnext;
3089 
3090 		cnext = cnext->cnext;
3091 		if (ubifs_zn_obsolete(znode))
3092 			kfree(znode);
3093 		else if (!ubifs_zn_cow(znode)) {
3094 			/*
3095 			 * Don't forget to update clean znode count after
3096 			 * committing failed, because ubifs will check this
3097 			 * count while closing tnc. Non-obsolete znode could
3098 			 * be re-dirtied during committing process, so dirty
3099 			 * flag is untrustable. The flag 'COW_ZNODE' is set
3100 			 * for each dirty znode before committing, and it is
3101 			 * cleared as long as the znode become clean, so we
3102 			 * can statistic clean znode count according to this
3103 			 * flag.
3104 			 */
3105 			atomic_long_inc(&c->clean_zn_cnt);
3106 			atomic_long_inc(&ubifs_clean_zn_cnt);
3107 		}
3108 	} while (cnext && cnext != c->cnext);
3109 }
3110 
3111 /**
3112  * ubifs_tnc_close - close TNC subsystem and free all related resources.
3113  * @c: UBIFS file-system description object
3114  */
ubifs_tnc_close(struct ubifs_info * c)3115 void ubifs_tnc_close(struct ubifs_info *c)
3116 {
3117 	tnc_destroy_cnext(c);
3118 	if (c->zroot.znode) {
3119 		long n, freed;
3120 
3121 		n = atomic_long_read(&c->clean_zn_cnt);
3122 		freed = ubifs_destroy_tnc_subtree(c, c->zroot.znode);
3123 		ubifs_assert(c, freed == n);
3124 		atomic_long_sub(n, &ubifs_clean_zn_cnt);
3125 	}
3126 	kfree(c->gap_lebs);
3127 	kfree(c->ilebs);
3128 	destroy_old_idx(c);
3129 }
3130 
3131 /**
3132  * left_znode - get the znode to the left.
3133  * @c: UBIFS file-system description object
3134  * @znode: znode
3135  *
3136  * This function returns a pointer to the znode to the left of @znode or NULL if
3137  * there is not one. A negative error code is returned on failure.
3138  */
left_znode(struct ubifs_info * c,struct ubifs_znode * znode)3139 static struct ubifs_znode *left_znode(struct ubifs_info *c,
3140 				      struct ubifs_znode *znode)
3141 {
3142 	int level = znode->level;
3143 
3144 	while (1) {
3145 		int n = znode->iip - 1;
3146 
3147 		/* Go up until we can go left */
3148 		znode = znode->parent;
3149 		if (!znode)
3150 			return NULL;
3151 		if (n >= 0) {
3152 			/* Now go down the rightmost branch to 'level' */
3153 			znode = get_znode(c, znode, n);
3154 			if (IS_ERR(znode))
3155 				return znode;
3156 			while (znode->level != level) {
3157 				n = znode->child_cnt - 1;
3158 				znode = get_znode(c, znode, n);
3159 				if (IS_ERR(znode))
3160 					return znode;
3161 			}
3162 			break;
3163 		}
3164 	}
3165 	return znode;
3166 }
3167 
3168 /**
3169  * right_znode - get the znode to the right.
3170  * @c: UBIFS file-system description object
3171  * @znode: znode
3172  *
3173  * This function returns a pointer to the znode to the right of @znode or NULL
3174  * if there is not one. A negative error code is returned on failure.
3175  */
right_znode(struct ubifs_info * c,struct ubifs_znode * znode)3176 static struct ubifs_znode *right_znode(struct ubifs_info *c,
3177 				       struct ubifs_znode *znode)
3178 {
3179 	int level = znode->level;
3180 
3181 	while (1) {
3182 		int n = znode->iip + 1;
3183 
3184 		/* Go up until we can go right */
3185 		znode = znode->parent;
3186 		if (!znode)
3187 			return NULL;
3188 		if (n < znode->child_cnt) {
3189 			/* Now go down the leftmost branch to 'level' */
3190 			znode = get_znode(c, znode, n);
3191 			if (IS_ERR(znode))
3192 				return znode;
3193 			while (znode->level != level) {
3194 				znode = get_znode(c, znode, 0);
3195 				if (IS_ERR(znode))
3196 					return znode;
3197 			}
3198 			break;
3199 		}
3200 	}
3201 	return znode;
3202 }
3203 
3204 /**
3205  * lookup_znode - find a particular indexing node from TNC.
3206  * @c: UBIFS file-system description object
3207  * @key: index node key to lookup
3208  * @level: index node level
3209  * @lnum: index node LEB number
3210  * @offs: index node offset
3211  *
3212  * This function searches an indexing node by its first key @key and its
3213  * address @lnum:@offs. It looks up the indexing tree by pulling all indexing
3214  * nodes it traverses to TNC. This function is called for indexing nodes which
3215  * were found on the media by scanning, for example when garbage-collecting or
3216  * when doing in-the-gaps commit. This means that the indexing node which is
3217  * looked for does not have to have exactly the same leftmost key @key, because
3218  * the leftmost key may have been changed, in which case TNC will contain a
3219  * dirty znode which still refers the same @lnum:@offs. This function is clever
3220  * enough to recognize such indexing nodes.
3221  *
3222  * Note, if a znode was deleted or changed too much, then this function will
3223  * not find it. For situations like this UBIFS has the old index RB-tree
3224  * (indexed by @lnum:@offs).
3225  *
3226  * This function returns a pointer to the znode found or %NULL if it is not
3227  * found. A negative error code is returned on failure.
3228  */
lookup_znode(struct ubifs_info * c,union ubifs_key * key,int level,int lnum,int offs)3229 static struct ubifs_znode *lookup_znode(struct ubifs_info *c,
3230 					union ubifs_key *key, int level,
3231 					int lnum, int offs)
3232 {
3233 	struct ubifs_znode *znode, *zn;
3234 	int n, nn;
3235 
3236 	ubifs_assert(c, key_type(c, key) < UBIFS_INVALID_KEY);
3237 
3238 	/*
3239 	 * The arguments have probably been read off flash, so don't assume
3240 	 * they are valid.
3241 	 */
3242 	if (level < 0)
3243 		return ERR_PTR(-EINVAL);
3244 
3245 	/* Get the root znode */
3246 	znode = c->zroot.znode;
3247 	if (!znode) {
3248 		znode = ubifs_load_znode(c, &c->zroot, NULL, 0);
3249 		if (IS_ERR(znode))
3250 			return znode;
3251 	}
3252 	/* Check if it is the one we are looking for */
3253 	if (c->zroot.lnum == lnum && c->zroot.offs == offs)
3254 		return znode;
3255 	/* Descend to the parent level i.e. (level + 1) */
3256 	if (level >= znode->level)
3257 		return NULL;
3258 	while (1) {
3259 		ubifs_search_zbranch(c, znode, key, &n);
3260 		if (n < 0) {
3261 			/*
3262 			 * We reached a znode where the leftmost key is greater
3263 			 * than the key we are searching for. This is the same
3264 			 * situation as the one described in a huge comment at
3265 			 * the end of the 'ubifs_lookup_level0()' function. And
3266 			 * for exactly the same reasons we have to try to look
3267 			 * left before giving up.
3268 			 */
3269 			znode = left_znode(c, znode);
3270 			if (!znode)
3271 				return NULL;
3272 			if (IS_ERR(znode))
3273 				return znode;
3274 			ubifs_search_zbranch(c, znode, key, &n);
3275 			ubifs_assert(c, n >= 0);
3276 		}
3277 		if (znode->level == level + 1)
3278 			break;
3279 		znode = get_znode(c, znode, n);
3280 		if (IS_ERR(znode))
3281 			return znode;
3282 	}
3283 	/* Check if the child is the one we are looking for */
3284 	if (znode->zbranch[n].lnum == lnum && znode->zbranch[n].offs == offs)
3285 		return get_znode(c, znode, n);
3286 	/* If the key is unique, there is nowhere else to look */
3287 	if (!is_hash_key(c, key))
3288 		return NULL;
3289 	/*
3290 	 * The key is not unique and so may be also in the znodes to either
3291 	 * side.
3292 	 */
3293 	zn = znode;
3294 	nn = n;
3295 	/* Look left */
3296 	while (1) {
3297 		/* Move one branch to the left */
3298 		if (n)
3299 			n -= 1;
3300 		else {
3301 			znode = left_znode(c, znode);
3302 			if (!znode)
3303 				break;
3304 			if (IS_ERR(znode))
3305 				return znode;
3306 			n = znode->child_cnt - 1;
3307 		}
3308 		/* Check it */
3309 		if (znode->zbranch[n].lnum == lnum &&
3310 		    znode->zbranch[n].offs == offs)
3311 			return get_znode(c, znode, n);
3312 		/* Stop if the key is less than the one we are looking for */
3313 		if (keys_cmp(c, &znode->zbranch[n].key, key) < 0)
3314 			break;
3315 	}
3316 	/* Back to the middle */
3317 	znode = zn;
3318 	n = nn;
3319 	/* Look right */
3320 	while (1) {
3321 		/* Move one branch to the right */
3322 		if (++n >= znode->child_cnt) {
3323 			znode = right_znode(c, znode);
3324 			if (!znode)
3325 				break;
3326 			if (IS_ERR(znode))
3327 				return znode;
3328 			n = 0;
3329 		}
3330 		/* Check it */
3331 		if (znode->zbranch[n].lnum == lnum &&
3332 		    znode->zbranch[n].offs == offs)
3333 			return get_znode(c, znode, n);
3334 		/* Stop if the key is greater than the one we are looking for */
3335 		if (keys_cmp(c, &znode->zbranch[n].key, key) > 0)
3336 			break;
3337 	}
3338 	return NULL;
3339 }
3340 
3341 /**
3342  * is_idx_node_in_tnc - determine if an index node is in the TNC.
3343  * @c: UBIFS file-system description object
3344  * @key: key of index node
3345  * @level: index node level
3346  * @lnum: LEB number of index node
3347  * @offs: offset of index node
3348  *
3349  * This function returns %0 if the index node is not referred to in the TNC, %1
3350  * if the index node is referred to in the TNC and the corresponding znode is
3351  * dirty, %2 if an index node is referred to in the TNC and the corresponding
3352  * znode is clean, and a negative error code in case of failure.
3353  *
3354  * Note, the @key argument has to be the key of the first child. Also note,
3355  * this function relies on the fact that 0:0 is never a valid LEB number and
3356  * offset for a main-area node.
3357  */
is_idx_node_in_tnc(struct ubifs_info * c,union ubifs_key * key,int level,int lnum,int offs)3358 int is_idx_node_in_tnc(struct ubifs_info *c, union ubifs_key *key, int level,
3359 		       int lnum, int offs)
3360 {
3361 	struct ubifs_znode *znode;
3362 
3363 	znode = lookup_znode(c, key, level, lnum, offs);
3364 	if (!znode)
3365 		return 0;
3366 	if (IS_ERR(znode))
3367 		return PTR_ERR(znode);
3368 
3369 	return ubifs_zn_dirty(znode) ? 1 : 2;
3370 }
3371 
3372 /**
3373  * is_leaf_node_in_tnc - determine if a non-indexing not is in the TNC.
3374  * @c: UBIFS file-system description object
3375  * @key: node key
3376  * @lnum: node LEB number
3377  * @offs: node offset
3378  *
3379  * This function returns %1 if the node is referred to in the TNC, %0 if it is
3380  * not, and a negative error code in case of failure.
3381  *
3382  * Note, this function relies on the fact that 0:0 is never a valid LEB number
3383  * and offset for a main-area node.
3384  */
is_leaf_node_in_tnc(struct ubifs_info * c,union ubifs_key * key,int lnum,int offs)3385 static int is_leaf_node_in_tnc(struct ubifs_info *c, union ubifs_key *key,
3386 			       int lnum, int offs)
3387 {
3388 	struct ubifs_zbranch *zbr;
3389 	struct ubifs_znode *znode, *zn;
3390 	int n, found, err, nn;
3391 	const int unique = !is_hash_key(c, key);
3392 
3393 	found = ubifs_lookup_level0(c, key, &znode, &n);
3394 	if (found < 0)
3395 		return found; /* Error code */
3396 	if (!found)
3397 		return 0;
3398 	zbr = &znode->zbranch[n];
3399 	if (lnum == zbr->lnum && offs == zbr->offs)
3400 		return 1; /* Found it */
3401 	if (unique)
3402 		return 0;
3403 	/*
3404 	 * Because the key is not unique, we have to look left
3405 	 * and right as well
3406 	 */
3407 	zn = znode;
3408 	nn = n;
3409 	/* Look left */
3410 	while (1) {
3411 		err = tnc_prev(c, &znode, &n);
3412 		if (err == -ENOENT)
3413 			break;
3414 		if (err)
3415 			return err;
3416 		if (keys_cmp(c, key, &znode->zbranch[n].key))
3417 			break;
3418 		zbr = &znode->zbranch[n];
3419 		if (lnum == zbr->lnum && offs == zbr->offs)
3420 			return 1; /* Found it */
3421 	}
3422 	/* Look right */
3423 	znode = zn;
3424 	n = nn;
3425 	while (1) {
3426 		err = tnc_next(c, &znode, &n);
3427 		if (err) {
3428 			if (err == -ENOENT)
3429 				return 0;
3430 			return err;
3431 		}
3432 		if (keys_cmp(c, key, &znode->zbranch[n].key))
3433 			break;
3434 		zbr = &znode->zbranch[n];
3435 		if (lnum == zbr->lnum && offs == zbr->offs)
3436 			return 1; /* Found it */
3437 	}
3438 	return 0;
3439 }
3440 
3441 /**
3442  * ubifs_tnc_has_node - determine whether a node is in the TNC.
3443  * @c: UBIFS file-system description object
3444  * @key: node key
3445  * @level: index node level (if it is an index node)
3446  * @lnum: node LEB number
3447  * @offs: node offset
3448  * @is_idx: non-zero if the node is an index node
3449  *
3450  * This function returns %1 if the node is in the TNC, %0 if it is not, and a
3451  * negative error code in case of failure. For index nodes, @key has to be the
3452  * key of the first child. An index node is considered to be in the TNC only if
3453  * the corresponding znode is clean or has not been loaded.
3454  */
ubifs_tnc_has_node(struct ubifs_info * c,union ubifs_key * key,int level,int lnum,int offs,int is_idx)3455 int ubifs_tnc_has_node(struct ubifs_info *c, union ubifs_key *key, int level,
3456 		       int lnum, int offs, int is_idx)
3457 {
3458 	int err;
3459 
3460 	mutex_lock(&c->tnc_mutex);
3461 	if (is_idx) {
3462 		err = is_idx_node_in_tnc(c, key, level, lnum, offs);
3463 		if (err < 0)
3464 			goto out_unlock;
3465 		if (err == 1)
3466 			/* The index node was found but it was dirty */
3467 			err = 0;
3468 		else if (err == 2)
3469 			/* The index node was found and it was clean */
3470 			err = 1;
3471 		else
3472 			BUG_ON(err != 0);
3473 	} else
3474 		err = is_leaf_node_in_tnc(c, key, lnum, offs);
3475 
3476 out_unlock:
3477 	mutex_unlock(&c->tnc_mutex);
3478 	return err;
3479 }
3480 
3481 /**
3482  * ubifs_dirty_idx_node - dirty an index node.
3483  * @c: UBIFS file-system description object
3484  * @key: index node key
3485  * @level: index node level
3486  * @lnum: index node LEB number
3487  * @offs: index node offset
3488  *
3489  * This function loads and dirties an index node so that it can be garbage
3490  * collected. The @key argument has to be the key of the first child. This
3491  * function relies on the fact that 0:0 is never a valid LEB number and offset
3492  * for a main-area node. Returns %0 on success and a negative error code on
3493  * failure.
3494  */
ubifs_dirty_idx_node(struct ubifs_info * c,union ubifs_key * key,int level,int lnum,int offs)3495 int ubifs_dirty_idx_node(struct ubifs_info *c, union ubifs_key *key, int level,
3496 			 int lnum, int offs)
3497 {
3498 	struct ubifs_znode *znode;
3499 	int err = 0;
3500 
3501 	mutex_lock(&c->tnc_mutex);
3502 	znode = lookup_znode(c, key, level, lnum, offs);
3503 	if (!znode)
3504 		goto out_unlock;
3505 	if (IS_ERR(znode)) {
3506 		err = PTR_ERR(znode);
3507 		goto out_unlock;
3508 	}
3509 	znode = dirty_cow_bottom_up(c, znode);
3510 	if (IS_ERR(znode)) {
3511 		err = PTR_ERR(znode);
3512 		goto out_unlock;
3513 	}
3514 
3515 out_unlock:
3516 	mutex_unlock(&c->tnc_mutex);
3517 	return err;
3518 }
3519 
3520 /**
3521  * dbg_check_inode_size - check if inode size is correct.
3522  * @c: UBIFS file-system description object
3523  * @inode: inode to check
3524  * @size: inode size
3525  *
3526  * This function makes sure that the inode size (@size) is correct and it does
3527  * not have any pages beyond @size. Returns zero if the inode is OK, %-EINVAL
3528  * if it has a data page beyond @size, and other negative error code in case of
3529  * other errors.
3530  */
dbg_check_inode_size(struct ubifs_info * c,const struct inode * inode,loff_t size)3531 int dbg_check_inode_size(struct ubifs_info *c, const struct inode *inode,
3532 			 loff_t size)
3533 {
3534 	int err, n;
3535 	union ubifs_key from_key, to_key, *key;
3536 	struct ubifs_znode *znode;
3537 	unsigned int block;
3538 
3539 	if (!S_ISREG(inode->i_mode))
3540 		return 0;
3541 	if (!dbg_is_chk_gen(c))
3542 		return 0;
3543 
3544 	block = (size + UBIFS_BLOCK_SIZE - 1) >> UBIFS_BLOCK_SHIFT;
3545 	data_key_init(c, &from_key, inode->i_ino, block);
3546 	highest_data_key(c, &to_key, inode->i_ino);
3547 
3548 	mutex_lock(&c->tnc_mutex);
3549 	err = ubifs_lookup_level0(c, &from_key, &znode, &n);
3550 	if (err < 0)
3551 		goto out_unlock;
3552 
3553 	if (err) {
3554 		key = &from_key;
3555 		goto out_dump;
3556 	}
3557 
3558 	err = tnc_next(c, &znode, &n);
3559 	if (err == -ENOENT) {
3560 		err = 0;
3561 		goto out_unlock;
3562 	}
3563 	if (err < 0)
3564 		goto out_unlock;
3565 
3566 	ubifs_assert(c, err == 0);
3567 	key = &znode->zbranch[n].key;
3568 	if (!key_in_range(c, key, &from_key, &to_key))
3569 		goto out_unlock;
3570 
3571 out_dump:
3572 	block = key_block(c, key);
3573 	ubifs_err(c, "inode %lu has size %lld, but there are data at offset %lld",
3574 		  (unsigned long)inode->i_ino, size,
3575 		  ((loff_t)block) << UBIFS_BLOCK_SHIFT);
3576 	mutex_unlock(&c->tnc_mutex);
3577 	ubifs_dump_inode(c, inode);
3578 	dump_stack();
3579 	return -EINVAL;
3580 
3581 out_unlock:
3582 	mutex_unlock(&c->tnc_mutex);
3583 	return err;
3584 }
3585