1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_inode.h" 14 #include "xfs_acl.h" 15 #include "xfs_quota.h" 16 #include "xfs_attr.h" 17 #include "xfs_trans.h" 18 #include "xfs_trace.h" 19 #include "xfs_icache.h" 20 #include "xfs_symlink.h" 21 #include "xfs_dir2.h" 22 #include "xfs_iomap.h" 23 #include "xfs_error.h" 24 25 #include <linux/posix_acl.h> 26 #include <linux/security.h> 27 #include <linux/iversion.h> 28 #include <linux/fiemap.h> 29 30 /* 31 * Directories have different lock order w.r.t. mmap_lock compared to regular 32 * files. This is due to readdir potentially triggering page faults on a user 33 * buffer inside filldir(), and this happens with the ilock on the directory 34 * held. For regular files, the lock order is the other way around - the 35 * mmap_lock is taken during the page fault, and then we lock the ilock to do 36 * block mapping. Hence we need a different class for the directory ilock so 37 * that lockdep can tell them apart. 38 */ 39 static struct lock_class_key xfs_nondir_ilock_class; 40 static struct lock_class_key xfs_dir_ilock_class; 41 42 static int 43 xfs_initxattrs( 44 struct inode *inode, 45 const struct xattr *xattr_array, 46 void *fs_info) 47 { 48 const struct xattr *xattr; 49 struct xfs_inode *ip = XFS_I(inode); 50 int error = 0; 51 52 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 53 struct xfs_da_args args = { 54 .dp = ip, 55 .attr_filter = XFS_ATTR_SECURE, 56 .name = xattr->name, 57 .namelen = strlen(xattr->name), 58 .value = xattr->value, 59 .valuelen = xattr->value_len, 60 }; 61 error = xfs_attr_set(&args); 62 if (error < 0) 63 break; 64 } 65 return error; 66 } 67 68 /* 69 * Hook in SELinux. This is not quite correct yet, what we really need 70 * here (as we do for default ACLs) is a mechanism by which creation of 71 * these attrs can be journalled at inode creation time (along with the 72 * inode, of course, such that log replay can't cause these to be lost). 73 */ 74 75 STATIC int 76 xfs_init_security( 77 struct inode *inode, 78 struct inode *dir, 79 const struct qstr *qstr) 80 { 81 return security_inode_init_security(inode, dir, qstr, 82 &xfs_initxattrs, NULL); 83 } 84 85 static void 86 xfs_dentry_to_name( 87 struct xfs_name *namep, 88 struct dentry *dentry) 89 { 90 namep->name = dentry->d_name.name; 91 namep->len = dentry->d_name.len; 92 namep->type = XFS_DIR3_FT_UNKNOWN; 93 } 94 95 static int 96 xfs_dentry_mode_to_name( 97 struct xfs_name *namep, 98 struct dentry *dentry, 99 int mode) 100 { 101 namep->name = dentry->d_name.name; 102 namep->len = dentry->d_name.len; 103 namep->type = xfs_mode_to_ftype(mode); 104 105 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 106 return -EFSCORRUPTED; 107 108 return 0; 109 } 110 111 STATIC void 112 xfs_cleanup_inode( 113 struct inode *dir, 114 struct inode *inode, 115 struct dentry *dentry) 116 { 117 struct xfs_name teardown; 118 119 /* Oh, the horror. 120 * If we can't add the ACL or we fail in 121 * xfs_init_security we must back out. 122 * ENOSPC can hit here, among other things. 123 */ 124 xfs_dentry_to_name(&teardown, dentry); 125 126 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 127 } 128 129 STATIC int 130 xfs_generic_create( 131 struct inode *dir, 132 struct dentry *dentry, 133 umode_t mode, 134 dev_t rdev, 135 bool tmpfile) /* unnamed file */ 136 { 137 struct inode *inode; 138 struct xfs_inode *ip = NULL; 139 struct posix_acl *default_acl, *acl; 140 struct xfs_name name; 141 int error; 142 143 /* 144 * Irix uses Missed'em'V split, but doesn't want to see 145 * the upper 5 bits of (14bit) major. 146 */ 147 if (S_ISCHR(mode) || S_ISBLK(mode)) { 148 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 149 return -EINVAL; 150 } else { 151 rdev = 0; 152 } 153 154 error = posix_acl_create(dir, &mode, &default_acl, &acl); 155 if (error) 156 return error; 157 158 /* Verify mode is valid also for tmpfile case */ 159 error = xfs_dentry_mode_to_name(&name, dentry, mode); 160 if (unlikely(error)) 161 goto out_free_acl; 162 163 if (!tmpfile) { 164 error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip); 165 } else { 166 error = xfs_create_tmpfile(XFS_I(dir), mode, &ip); 167 } 168 if (unlikely(error)) 169 goto out_free_acl; 170 171 inode = VFS_I(ip); 172 173 error = xfs_init_security(inode, dir, &dentry->d_name); 174 if (unlikely(error)) 175 goto out_cleanup_inode; 176 177 #ifdef CONFIG_XFS_POSIX_ACL 178 if (default_acl) { 179 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 180 if (error) 181 goto out_cleanup_inode; 182 } 183 if (acl) { 184 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 185 if (error) 186 goto out_cleanup_inode; 187 } 188 #endif 189 190 xfs_setup_iops(ip); 191 192 if (tmpfile) { 193 /* 194 * The VFS requires that any inode fed to d_tmpfile must have 195 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 196 * However, we created the temp file with nlink == 0 because 197 * we're not allowed to put an inode with nlink > 0 on the 198 * unlinked list. Therefore we have to set nlink to 1 so that 199 * d_tmpfile can immediately set it back to zero. 200 */ 201 set_nlink(inode, 1); 202 d_tmpfile(dentry, inode); 203 } else 204 d_instantiate(dentry, inode); 205 206 xfs_finish_inode_setup(ip); 207 208 out_free_acl: 209 posix_acl_release(default_acl); 210 posix_acl_release(acl); 211 return error; 212 213 out_cleanup_inode: 214 xfs_finish_inode_setup(ip); 215 if (!tmpfile) 216 xfs_cleanup_inode(dir, inode, dentry); 217 xfs_irele(ip); 218 goto out_free_acl; 219 } 220 221 STATIC int 222 xfs_vn_mknod( 223 struct inode *dir, 224 struct dentry *dentry, 225 umode_t mode, 226 dev_t rdev) 227 { 228 return xfs_generic_create(dir, dentry, mode, rdev, false); 229 } 230 231 STATIC int 232 xfs_vn_create( 233 struct inode *dir, 234 struct dentry *dentry, 235 umode_t mode, 236 bool flags) 237 { 238 return xfs_generic_create(dir, dentry, mode, 0, false); 239 } 240 241 STATIC int 242 xfs_vn_mkdir( 243 struct inode *dir, 244 struct dentry *dentry, 245 umode_t mode) 246 { 247 return xfs_generic_create(dir, dentry, mode | S_IFDIR, 0, false); 248 } 249 250 STATIC struct dentry * 251 xfs_vn_lookup( 252 struct inode *dir, 253 struct dentry *dentry, 254 unsigned int flags) 255 { 256 struct inode *inode; 257 struct xfs_inode *cip; 258 struct xfs_name name; 259 int error; 260 261 if (dentry->d_name.len >= MAXNAMELEN) 262 return ERR_PTR(-ENAMETOOLONG); 263 264 xfs_dentry_to_name(&name, dentry); 265 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 266 if (likely(!error)) 267 inode = VFS_I(cip); 268 else if (likely(error == -ENOENT)) 269 inode = NULL; 270 else 271 inode = ERR_PTR(error); 272 return d_splice_alias(inode, dentry); 273 } 274 275 STATIC struct dentry * 276 xfs_vn_ci_lookup( 277 struct inode *dir, 278 struct dentry *dentry, 279 unsigned int flags) 280 { 281 struct xfs_inode *ip; 282 struct xfs_name xname; 283 struct xfs_name ci_name; 284 struct qstr dname; 285 int error; 286 287 if (dentry->d_name.len >= MAXNAMELEN) 288 return ERR_PTR(-ENAMETOOLONG); 289 290 xfs_dentry_to_name(&xname, dentry); 291 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 292 if (unlikely(error)) { 293 if (unlikely(error != -ENOENT)) 294 return ERR_PTR(error); 295 /* 296 * call d_add(dentry, NULL) here when d_drop_negative_children 297 * is called in xfs_vn_mknod (ie. allow negative dentries 298 * with CI filesystems). 299 */ 300 return NULL; 301 } 302 303 /* if exact match, just splice and exit */ 304 if (!ci_name.name) 305 return d_splice_alias(VFS_I(ip), dentry); 306 307 /* else case-insensitive match... */ 308 dname.name = ci_name.name; 309 dname.len = ci_name.len; 310 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 311 kmem_free(ci_name.name); 312 return dentry; 313 } 314 315 STATIC int 316 xfs_vn_link( 317 struct dentry *old_dentry, 318 struct inode *dir, 319 struct dentry *dentry) 320 { 321 struct inode *inode = d_inode(old_dentry); 322 struct xfs_name name; 323 int error; 324 325 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 326 if (unlikely(error)) 327 return error; 328 329 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 330 if (unlikely(error)) 331 return error; 332 333 ihold(inode); 334 d_instantiate(dentry, inode); 335 return 0; 336 } 337 338 STATIC int 339 xfs_vn_unlink( 340 struct inode *dir, 341 struct dentry *dentry) 342 { 343 struct xfs_name name; 344 int error; 345 346 xfs_dentry_to_name(&name, dentry); 347 348 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 349 if (error) 350 return error; 351 352 /* 353 * With unlink, the VFS makes the dentry "negative": no inode, 354 * but still hashed. This is incompatible with case-insensitive 355 * mode, so invalidate (unhash) the dentry in CI-mode. 356 */ 357 if (xfs_sb_version_hasasciici(&XFS_M(dir->i_sb)->m_sb)) 358 d_invalidate(dentry); 359 return 0; 360 } 361 362 STATIC int 363 xfs_vn_symlink( 364 struct inode *dir, 365 struct dentry *dentry, 366 const char *symname) 367 { 368 struct inode *inode; 369 struct xfs_inode *cip = NULL; 370 struct xfs_name name; 371 int error; 372 umode_t mode; 373 374 mode = S_IFLNK | 375 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 376 error = xfs_dentry_mode_to_name(&name, dentry, mode); 377 if (unlikely(error)) 378 goto out; 379 380 error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip); 381 if (unlikely(error)) 382 goto out; 383 384 inode = VFS_I(cip); 385 386 error = xfs_init_security(inode, dir, &dentry->d_name); 387 if (unlikely(error)) 388 goto out_cleanup_inode; 389 390 xfs_setup_iops(cip); 391 392 d_instantiate(dentry, inode); 393 xfs_finish_inode_setup(cip); 394 return 0; 395 396 out_cleanup_inode: 397 xfs_finish_inode_setup(cip); 398 xfs_cleanup_inode(dir, inode, dentry); 399 xfs_irele(cip); 400 out: 401 return error; 402 } 403 404 STATIC int 405 xfs_vn_rename( 406 struct inode *odir, 407 struct dentry *odentry, 408 struct inode *ndir, 409 struct dentry *ndentry, 410 unsigned int flags) 411 { 412 struct inode *new_inode = d_inode(ndentry); 413 int omode = 0; 414 int error; 415 struct xfs_name oname; 416 struct xfs_name nname; 417 418 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 419 return -EINVAL; 420 421 /* if we are exchanging files, we need to set i_mode of both files */ 422 if (flags & RENAME_EXCHANGE) 423 omode = d_inode(ndentry)->i_mode; 424 425 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 426 if (omode && unlikely(error)) 427 return error; 428 429 error = xfs_dentry_mode_to_name(&nname, ndentry, 430 d_inode(odentry)->i_mode); 431 if (unlikely(error)) 432 return error; 433 434 return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)), 435 XFS_I(ndir), &nname, 436 new_inode ? XFS_I(new_inode) : NULL, flags); 437 } 438 439 /* 440 * careful here - this function can get called recursively, so 441 * we need to be very careful about how much stack we use. 442 * uio is kmalloced for this reason... 443 */ 444 STATIC const char * 445 xfs_vn_get_link( 446 struct dentry *dentry, 447 struct inode *inode, 448 struct delayed_call *done) 449 { 450 char *link; 451 int error = -ENOMEM; 452 453 if (!dentry) 454 return ERR_PTR(-ECHILD); 455 456 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 457 if (!link) 458 goto out_err; 459 460 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 461 if (unlikely(error)) 462 goto out_kfree; 463 464 set_delayed_call(done, kfree_link, link); 465 return link; 466 467 out_kfree: 468 kfree(link); 469 out_err: 470 return ERR_PTR(error); 471 } 472 473 STATIC const char * 474 xfs_vn_get_link_inline( 475 struct dentry *dentry, 476 struct inode *inode, 477 struct delayed_call *done) 478 { 479 struct xfs_inode *ip = XFS_I(inode); 480 char *link; 481 482 ASSERT(ip->i_df.if_flags & XFS_IFINLINE); 483 484 /* 485 * The VFS crashes on a NULL pointer, so return -EFSCORRUPTED if 486 * if_data is junk. 487 */ 488 link = ip->i_df.if_u1.if_data; 489 if (XFS_IS_CORRUPT(ip->i_mount, !link)) 490 return ERR_PTR(-EFSCORRUPTED); 491 return link; 492 } 493 494 static uint32_t 495 xfs_stat_blksize( 496 struct xfs_inode *ip) 497 { 498 struct xfs_mount *mp = ip->i_mount; 499 500 /* 501 * If the file blocks are being allocated from a realtime volume, then 502 * always return the realtime extent size. 503 */ 504 if (XFS_IS_REALTIME_INODE(ip)) 505 return xfs_get_extsz_hint(ip) << mp->m_sb.sb_blocklog; 506 507 /* 508 * Allow large block sizes to be reported to userspace programs if the 509 * "largeio" mount option is used. 510 * 511 * If compatibility mode is specified, simply return the basic unit of 512 * caching so that we don't get inefficient read/modify/write I/O from 513 * user apps. Otherwise.... 514 * 515 * If the underlying volume is a stripe, then return the stripe width in 516 * bytes as the recommended I/O size. It is not a stripe and we've set a 517 * default buffered I/O size, return that, otherwise return the compat 518 * default. 519 */ 520 if (mp->m_flags & XFS_MOUNT_LARGEIO) { 521 if (mp->m_swidth) 522 return mp->m_swidth << mp->m_sb.sb_blocklog; 523 if (mp->m_flags & XFS_MOUNT_ALLOCSIZE) 524 return 1U << mp->m_allocsize_log; 525 } 526 527 return PAGE_SIZE; 528 } 529 530 STATIC int 531 xfs_vn_getattr( 532 const struct path *path, 533 struct kstat *stat, 534 u32 request_mask, 535 unsigned int query_flags) 536 { 537 struct inode *inode = d_inode(path->dentry); 538 struct xfs_inode *ip = XFS_I(inode); 539 struct xfs_mount *mp = ip->i_mount; 540 541 trace_xfs_getattr(ip); 542 543 if (XFS_FORCED_SHUTDOWN(mp)) 544 return -EIO; 545 546 stat->size = XFS_ISIZE(ip); 547 stat->dev = inode->i_sb->s_dev; 548 stat->mode = inode->i_mode; 549 stat->nlink = inode->i_nlink; 550 stat->uid = inode->i_uid; 551 stat->gid = inode->i_gid; 552 stat->ino = ip->i_ino; 553 stat->atime = inode->i_atime; 554 stat->mtime = inode->i_mtime; 555 stat->ctime = inode->i_ctime; 556 stat->blocks = 557 XFS_FSB_TO_BB(mp, ip->i_d.di_nblocks + ip->i_delayed_blks); 558 559 if (xfs_sb_version_has_v3inode(&mp->m_sb)) { 560 if (request_mask & STATX_BTIME) { 561 stat->result_mask |= STATX_BTIME; 562 stat->btime = ip->i_d.di_crtime; 563 } 564 } 565 566 /* 567 * Note: If you add another clause to set an attribute flag, please 568 * update attributes_mask below. 569 */ 570 if (ip->i_d.di_flags & XFS_DIFLAG_IMMUTABLE) 571 stat->attributes |= STATX_ATTR_IMMUTABLE; 572 if (ip->i_d.di_flags & XFS_DIFLAG_APPEND) 573 stat->attributes |= STATX_ATTR_APPEND; 574 if (ip->i_d.di_flags & XFS_DIFLAG_NODUMP) 575 stat->attributes |= STATX_ATTR_NODUMP; 576 577 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 578 STATX_ATTR_APPEND | 579 STATX_ATTR_NODUMP); 580 581 switch (inode->i_mode & S_IFMT) { 582 case S_IFBLK: 583 case S_IFCHR: 584 stat->blksize = BLKDEV_IOSIZE; 585 stat->rdev = inode->i_rdev; 586 break; 587 default: 588 stat->blksize = xfs_stat_blksize(ip); 589 stat->rdev = 0; 590 break; 591 } 592 593 return 0; 594 } 595 596 static void 597 xfs_setattr_mode( 598 struct xfs_inode *ip, 599 struct iattr *iattr) 600 { 601 struct inode *inode = VFS_I(ip); 602 umode_t mode = iattr->ia_mode; 603 604 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 605 606 inode->i_mode &= S_IFMT; 607 inode->i_mode |= mode & ~S_IFMT; 608 } 609 610 void 611 xfs_setattr_time( 612 struct xfs_inode *ip, 613 struct iattr *iattr) 614 { 615 struct inode *inode = VFS_I(ip); 616 617 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 618 619 if (iattr->ia_valid & ATTR_ATIME) 620 inode->i_atime = iattr->ia_atime; 621 if (iattr->ia_valid & ATTR_CTIME) 622 inode->i_ctime = iattr->ia_ctime; 623 if (iattr->ia_valid & ATTR_MTIME) 624 inode->i_mtime = iattr->ia_mtime; 625 } 626 627 static int 628 xfs_vn_change_ok( 629 struct dentry *dentry, 630 struct iattr *iattr) 631 { 632 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 633 634 if (mp->m_flags & XFS_MOUNT_RDONLY) 635 return -EROFS; 636 637 if (XFS_FORCED_SHUTDOWN(mp)) 638 return -EIO; 639 640 return setattr_prepare(dentry, iattr); 641 } 642 643 /* 644 * Set non-size attributes of an inode. 645 * 646 * Caution: The caller of this function is responsible for calling 647 * setattr_prepare() or otherwise verifying the change is fine. 648 */ 649 static int 650 xfs_setattr_nonsize( 651 struct xfs_inode *ip, 652 struct iattr *iattr) 653 { 654 xfs_mount_t *mp = ip->i_mount; 655 struct inode *inode = VFS_I(ip); 656 int mask = iattr->ia_valid; 657 xfs_trans_t *tp; 658 int error; 659 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID; 660 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID; 661 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 662 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL; 663 664 ASSERT((mask & ATTR_SIZE) == 0); 665 666 /* 667 * If disk quotas is on, we make sure that the dquots do exist on disk, 668 * before we start any other transactions. Trying to do this later 669 * is messy. We don't care to take a readlock to look at the ids 670 * in inode here, because we can't hold it across the trans_reserve. 671 * If the IDs do change before we take the ilock, we're covered 672 * because the i_*dquot fields will get updated anyway. 673 */ 674 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 675 uint qflags = 0; 676 677 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 678 uid = iattr->ia_uid; 679 qflags |= XFS_QMOPT_UQUOTA; 680 } else { 681 uid = inode->i_uid; 682 } 683 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 684 gid = iattr->ia_gid; 685 qflags |= XFS_QMOPT_GQUOTA; 686 } else { 687 gid = inode->i_gid; 688 } 689 690 /* 691 * We take a reference when we initialize udqp and gdqp, 692 * so it is important that we never blindly double trip on 693 * the same variable. See xfs_create() for an example. 694 */ 695 ASSERT(udqp == NULL); 696 ASSERT(gdqp == NULL); 697 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_d.di_projid, 698 qflags, &udqp, &gdqp, NULL); 699 if (error) 700 return error; 701 } 702 703 error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL, 704 capable(CAP_FOWNER), &tp); 705 if (error) 706 goto out_dqrele; 707 708 /* 709 * Change file ownership. Must be the owner or privileged. 710 */ 711 if (mask & (ATTR_UID|ATTR_GID)) { 712 /* 713 * These IDs could have changed since we last looked at them. 714 * But, we're assured that if the ownership did change 715 * while we didn't have the inode locked, inode's dquot(s) 716 * would have changed also. 717 */ 718 iuid = inode->i_uid; 719 igid = inode->i_gid; 720 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid; 721 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid; 722 723 /* 724 * CAP_FSETID overrides the following restrictions: 725 * 726 * The set-user-ID and set-group-ID bits of a file will be 727 * cleared upon successful return from chown() 728 */ 729 if ((inode->i_mode & (S_ISUID|S_ISGID)) && 730 !capable(CAP_FSETID)) 731 inode->i_mode &= ~(S_ISUID|S_ISGID); 732 733 /* 734 * Change the ownerships and register quota modifications 735 * in the transaction. 736 */ 737 if (!uid_eq(iuid, uid)) { 738 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) { 739 ASSERT(mask & ATTR_UID); 740 ASSERT(udqp); 741 olddquot1 = xfs_qm_vop_chown(tp, ip, 742 &ip->i_udquot, udqp); 743 } 744 inode->i_uid = uid; 745 } 746 if (!gid_eq(igid, gid)) { 747 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_GQUOTA_ON(mp)) { 748 ASSERT(xfs_sb_version_has_pquotino(&mp->m_sb) || 749 !XFS_IS_PQUOTA_ON(mp)); 750 ASSERT(mask & ATTR_GID); 751 ASSERT(gdqp); 752 olddquot2 = xfs_qm_vop_chown(tp, ip, 753 &ip->i_gdquot, gdqp); 754 } 755 inode->i_gid = gid; 756 } 757 } 758 759 if (mask & ATTR_MODE) 760 xfs_setattr_mode(ip, iattr); 761 if (mask & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 762 xfs_setattr_time(ip, iattr); 763 764 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 765 766 XFS_STATS_INC(mp, xs_ig_attrchg); 767 768 if (mp->m_flags & XFS_MOUNT_WSYNC) 769 xfs_trans_set_sync(tp); 770 error = xfs_trans_commit(tp); 771 772 /* 773 * Release any dquot(s) the inode had kept before chown. 774 */ 775 xfs_qm_dqrele(olddquot1); 776 xfs_qm_dqrele(olddquot2); 777 xfs_qm_dqrele(udqp); 778 xfs_qm_dqrele(gdqp); 779 780 if (error) 781 return error; 782 783 /* 784 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 785 * update. We could avoid this with linked transactions 786 * and passing down the transaction pointer all the way 787 * to attr_set. No previous user of the generic 788 * Posix ACL code seems to care about this issue either. 789 */ 790 if (mask & ATTR_MODE) { 791 error = posix_acl_chmod(inode, inode->i_mode); 792 if (error) 793 return error; 794 } 795 796 return 0; 797 798 out_dqrele: 799 xfs_qm_dqrele(udqp); 800 xfs_qm_dqrele(gdqp); 801 return error; 802 } 803 804 /* 805 * Truncate file. Must have write permission and not be a directory. 806 * 807 * Caution: The caller of this function is responsible for calling 808 * setattr_prepare() or otherwise verifying the change is fine. 809 */ 810 STATIC int 811 xfs_setattr_size( 812 struct xfs_inode *ip, 813 struct iattr *iattr) 814 { 815 struct xfs_mount *mp = ip->i_mount; 816 struct inode *inode = VFS_I(ip); 817 xfs_off_t oldsize, newsize; 818 struct xfs_trans *tp; 819 int error; 820 uint lock_flags = 0; 821 bool did_zeroing = false; 822 823 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); 824 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL)); 825 ASSERT(S_ISREG(inode->i_mode)); 826 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 827 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0); 828 829 oldsize = inode->i_size; 830 newsize = iattr->ia_size; 831 832 /* 833 * Short circuit the truncate case for zero length files. 834 */ 835 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) { 836 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 837 return 0; 838 839 /* 840 * Use the regular setattr path to update the timestamps. 841 */ 842 iattr->ia_valid &= ~ATTR_SIZE; 843 return xfs_setattr_nonsize(ip, iattr); 844 } 845 846 /* 847 * Make sure that the dquots are attached to the inode. 848 */ 849 error = xfs_qm_dqattach(ip); 850 if (error) 851 return error; 852 853 /* 854 * Wait for all direct I/O to complete. 855 */ 856 inode_dio_wait(inode); 857 858 /* 859 * File data changes must be complete before we start the transaction to 860 * modify the inode. This needs to be done before joining the inode to 861 * the transaction because the inode cannot be unlocked once it is a 862 * part of the transaction. 863 * 864 * Start with zeroing any data beyond EOF that we may expose on file 865 * extension, or zeroing out the rest of the block on a downward 866 * truncate. 867 */ 868 if (newsize > oldsize) { 869 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 870 error = iomap_zero_range(inode, oldsize, newsize - oldsize, 871 &did_zeroing, &xfs_buffered_write_iomap_ops); 872 } else { 873 /* 874 * iomap won't detect a dirty page over an unwritten block (or a 875 * cow block over a hole) and subsequently skips zeroing the 876 * newly post-EOF portion of the page. Flush the new EOF to 877 * convert the block before the pagecache truncate. 878 */ 879 error = filemap_write_and_wait_range(inode->i_mapping, newsize, 880 newsize); 881 if (error) 882 return error; 883 error = iomap_truncate_page(inode, newsize, &did_zeroing, 884 &xfs_buffered_write_iomap_ops); 885 } 886 887 if (error) 888 return error; 889 890 /* 891 * We've already locked out new page faults, so now we can safely remove 892 * pages from the page cache knowing they won't get refaulted until we 893 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 894 * complete. The truncate_setsize() call also cleans partial EOF page 895 * PTEs on extending truncates and hence ensures sub-page block size 896 * filesystems are correctly handled, too. 897 * 898 * We have to do all the page cache truncate work outside the 899 * transaction context as the "lock" order is page lock->log space 900 * reservation as defined by extent allocation in the writeback path. 901 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 902 * having already truncated the in-memory version of the file (i.e. made 903 * user visible changes). There's not much we can do about this, except 904 * to hope that the caller sees ENOMEM and retries the truncate 905 * operation. 906 * 907 * And we update in-core i_size and truncate page cache beyond newsize 908 * before writeback the [di_size, newsize] range, so we're guaranteed 909 * not to write stale data past the new EOF on truncate down. 910 */ 911 truncate_setsize(inode, newsize); 912 913 /* 914 * We are going to log the inode size change in this transaction so 915 * any previous writes that are beyond the on disk EOF and the new 916 * EOF that have not been written out need to be written here. If we 917 * do not write the data out, we expose ourselves to the null files 918 * problem. Note that this includes any block zeroing we did above; 919 * otherwise those blocks may not be zeroed after a crash. 920 */ 921 if (did_zeroing || 922 (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) { 923 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 924 ip->i_d.di_size, newsize - 1); 925 if (error) 926 return error; 927 } 928 929 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 930 if (error) 931 return error; 932 933 lock_flags |= XFS_ILOCK_EXCL; 934 xfs_ilock(ip, XFS_ILOCK_EXCL); 935 xfs_trans_ijoin(tp, ip, 0); 936 937 /* 938 * Only change the c/mtime if we are changing the size or we are 939 * explicitly asked to change it. This handles the semantic difference 940 * between truncate() and ftruncate() as implemented in the VFS. 941 * 942 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 943 * special case where we need to update the times despite not having 944 * these flags set. For all other operations the VFS set these flags 945 * explicitly if it wants a timestamp update. 946 */ 947 if (newsize != oldsize && 948 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 949 iattr->ia_ctime = iattr->ia_mtime = 950 current_time(inode); 951 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 952 } 953 954 /* 955 * The first thing we do is set the size to new_size permanently on 956 * disk. This way we don't have to worry about anyone ever being able 957 * to look at the data being freed even in the face of a crash. 958 * What we're getting around here is the case where we free a block, it 959 * is allocated to another file, it is written to, and then we crash. 960 * If the new data gets written to the file but the log buffers 961 * containing the free and reallocation don't, then we'd end up with 962 * garbage in the blocks being freed. As long as we make the new size 963 * permanent before actually freeing any blocks it doesn't matter if 964 * they get written to. 965 */ 966 ip->i_d.di_size = newsize; 967 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 968 969 if (newsize <= oldsize) { 970 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 971 if (error) 972 goto out_trans_cancel; 973 974 /* 975 * Truncated "down", so we're removing references to old data 976 * here - if we delay flushing for a long time, we expose 977 * ourselves unduly to the notorious NULL files problem. So, 978 * we mark this inode and flush it when the file is closed, 979 * and do not wait the usual (long) time for writeout. 980 */ 981 xfs_iflags_set(ip, XFS_ITRUNCATED); 982 983 /* A truncate down always removes post-EOF blocks. */ 984 xfs_inode_clear_eofblocks_tag(ip); 985 } 986 987 if (iattr->ia_valid & ATTR_MODE) 988 xfs_setattr_mode(ip, iattr); 989 if (iattr->ia_valid & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 990 xfs_setattr_time(ip, iattr); 991 992 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 993 994 XFS_STATS_INC(mp, xs_ig_attrchg); 995 996 if (mp->m_flags & XFS_MOUNT_WSYNC) 997 xfs_trans_set_sync(tp); 998 999 error = xfs_trans_commit(tp); 1000 out_unlock: 1001 if (lock_flags) 1002 xfs_iunlock(ip, lock_flags); 1003 return error; 1004 1005 out_trans_cancel: 1006 xfs_trans_cancel(tp); 1007 goto out_unlock; 1008 } 1009 1010 int 1011 xfs_vn_setattr_size( 1012 struct dentry *dentry, 1013 struct iattr *iattr) 1014 { 1015 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 1016 int error; 1017 1018 trace_xfs_setattr(ip); 1019 1020 error = xfs_vn_change_ok(dentry, iattr); 1021 if (error) 1022 return error; 1023 return xfs_setattr_size(ip, iattr); 1024 } 1025 1026 STATIC int 1027 xfs_vn_setattr( 1028 struct dentry *dentry, 1029 struct iattr *iattr) 1030 { 1031 struct inode *inode = d_inode(dentry); 1032 struct xfs_inode *ip = XFS_I(inode); 1033 int error; 1034 1035 if (iattr->ia_valid & ATTR_SIZE) { 1036 uint iolock; 1037 1038 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1039 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1040 1041 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1042 if (error) { 1043 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1044 return error; 1045 } 1046 1047 error = xfs_vn_setattr_size(dentry, iattr); 1048 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1049 } else { 1050 trace_xfs_setattr(ip); 1051 1052 error = xfs_vn_change_ok(dentry, iattr); 1053 if (!error) 1054 error = xfs_setattr_nonsize(ip, iattr); 1055 } 1056 1057 return error; 1058 } 1059 1060 STATIC int 1061 xfs_vn_update_time( 1062 struct inode *inode, 1063 struct timespec64 *now, 1064 int flags) 1065 { 1066 struct xfs_inode *ip = XFS_I(inode); 1067 struct xfs_mount *mp = ip->i_mount; 1068 int log_flags = XFS_ILOG_TIMESTAMP; 1069 struct xfs_trans *tp; 1070 int error; 1071 1072 trace_xfs_update_time(ip); 1073 1074 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1075 if (!((flags & S_VERSION) && 1076 inode_maybe_inc_iversion(inode, false))) 1077 return generic_update_time(inode, now, flags); 1078 1079 /* Capture the iversion update that just occurred */ 1080 log_flags |= XFS_ILOG_CORE; 1081 } 1082 1083 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1084 if (error) 1085 return error; 1086 1087 xfs_ilock(ip, XFS_ILOCK_EXCL); 1088 if (flags & S_CTIME) 1089 inode->i_ctime = *now; 1090 if (flags & S_MTIME) 1091 inode->i_mtime = *now; 1092 if (flags & S_ATIME) 1093 inode->i_atime = *now; 1094 1095 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1096 xfs_trans_log_inode(tp, ip, log_flags); 1097 return xfs_trans_commit(tp); 1098 } 1099 1100 STATIC int 1101 xfs_vn_fiemap( 1102 struct inode *inode, 1103 struct fiemap_extent_info *fieinfo, 1104 u64 start, 1105 u64 length) 1106 { 1107 int error; 1108 1109 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1110 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1111 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1112 error = iomap_fiemap(inode, fieinfo, start, length, 1113 &xfs_xattr_iomap_ops); 1114 } else { 1115 error = iomap_fiemap(inode, fieinfo, start, length, 1116 &xfs_read_iomap_ops); 1117 } 1118 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1119 1120 return error; 1121 } 1122 1123 STATIC int 1124 xfs_vn_tmpfile( 1125 struct inode *dir, 1126 struct dentry *dentry, 1127 umode_t mode) 1128 { 1129 return xfs_generic_create(dir, dentry, mode, 0, true); 1130 } 1131 1132 static const struct inode_operations xfs_inode_operations = { 1133 .get_acl = xfs_get_acl, 1134 .set_acl = xfs_set_acl, 1135 .getattr = xfs_vn_getattr, 1136 .setattr = xfs_vn_setattr, 1137 .listxattr = xfs_vn_listxattr, 1138 .fiemap = xfs_vn_fiemap, 1139 .update_time = xfs_vn_update_time, 1140 }; 1141 1142 static const struct inode_operations xfs_dir_inode_operations = { 1143 .create = xfs_vn_create, 1144 .lookup = xfs_vn_lookup, 1145 .link = xfs_vn_link, 1146 .unlink = xfs_vn_unlink, 1147 .symlink = xfs_vn_symlink, 1148 .mkdir = xfs_vn_mkdir, 1149 /* 1150 * Yes, XFS uses the same method for rmdir and unlink. 1151 * 1152 * There are some subtile differences deeper in the code, 1153 * but we use S_ISDIR to check for those. 1154 */ 1155 .rmdir = xfs_vn_unlink, 1156 .mknod = xfs_vn_mknod, 1157 .rename = xfs_vn_rename, 1158 .get_acl = xfs_get_acl, 1159 .set_acl = xfs_set_acl, 1160 .getattr = xfs_vn_getattr, 1161 .setattr = xfs_vn_setattr, 1162 .listxattr = xfs_vn_listxattr, 1163 .update_time = xfs_vn_update_time, 1164 .tmpfile = xfs_vn_tmpfile, 1165 }; 1166 1167 static const struct inode_operations xfs_dir_ci_inode_operations = { 1168 .create = xfs_vn_create, 1169 .lookup = xfs_vn_ci_lookup, 1170 .link = xfs_vn_link, 1171 .unlink = xfs_vn_unlink, 1172 .symlink = xfs_vn_symlink, 1173 .mkdir = xfs_vn_mkdir, 1174 /* 1175 * Yes, XFS uses the same method for rmdir and unlink. 1176 * 1177 * There are some subtile differences deeper in the code, 1178 * but we use S_ISDIR to check for those. 1179 */ 1180 .rmdir = xfs_vn_unlink, 1181 .mknod = xfs_vn_mknod, 1182 .rename = xfs_vn_rename, 1183 .get_acl = xfs_get_acl, 1184 .set_acl = xfs_set_acl, 1185 .getattr = xfs_vn_getattr, 1186 .setattr = xfs_vn_setattr, 1187 .listxattr = xfs_vn_listxattr, 1188 .update_time = xfs_vn_update_time, 1189 .tmpfile = xfs_vn_tmpfile, 1190 }; 1191 1192 static const struct inode_operations xfs_symlink_inode_operations = { 1193 .get_link = xfs_vn_get_link, 1194 .getattr = xfs_vn_getattr, 1195 .setattr = xfs_vn_setattr, 1196 .listxattr = xfs_vn_listxattr, 1197 .update_time = xfs_vn_update_time, 1198 }; 1199 1200 static const struct inode_operations xfs_inline_symlink_inode_operations = { 1201 .get_link = xfs_vn_get_link_inline, 1202 .getattr = xfs_vn_getattr, 1203 .setattr = xfs_vn_setattr, 1204 .listxattr = xfs_vn_listxattr, 1205 .update_time = xfs_vn_update_time, 1206 }; 1207 1208 /* Figure out if this file actually supports DAX. */ 1209 static bool 1210 xfs_inode_supports_dax( 1211 struct xfs_inode *ip) 1212 { 1213 struct xfs_mount *mp = ip->i_mount; 1214 1215 /* Only supported on regular files. */ 1216 if (!S_ISREG(VFS_I(ip)->i_mode)) 1217 return false; 1218 1219 /* Only supported on non-reflinked files. */ 1220 if (xfs_is_reflink_inode(ip)) 1221 return false; 1222 1223 /* Block size must match page size */ 1224 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1225 return false; 1226 1227 /* Device has to support DAX too. */ 1228 return xfs_inode_buftarg(ip)->bt_daxdev != NULL; 1229 } 1230 1231 static bool 1232 xfs_inode_should_enable_dax( 1233 struct xfs_inode *ip) 1234 { 1235 if (!IS_ENABLED(CONFIG_FS_DAX)) 1236 return false; 1237 if (ip->i_mount->m_flags & XFS_MOUNT_DAX_NEVER) 1238 return false; 1239 if (!xfs_inode_supports_dax(ip)) 1240 return false; 1241 if (ip->i_mount->m_flags & XFS_MOUNT_DAX_ALWAYS) 1242 return true; 1243 if (ip->i_d.di_flags2 & XFS_DIFLAG2_DAX) 1244 return true; 1245 return false; 1246 } 1247 1248 void 1249 xfs_diflags_to_iflags( 1250 struct xfs_inode *ip, 1251 bool init) 1252 { 1253 struct inode *inode = VFS_I(ip); 1254 unsigned int xflags = xfs_ip2xflags(ip); 1255 unsigned int flags = 0; 1256 1257 ASSERT(!(IS_DAX(inode) && init)); 1258 1259 if (xflags & FS_XFLAG_IMMUTABLE) 1260 flags |= S_IMMUTABLE; 1261 if (xflags & FS_XFLAG_APPEND) 1262 flags |= S_APPEND; 1263 if (xflags & FS_XFLAG_SYNC) 1264 flags |= S_SYNC; 1265 if (xflags & FS_XFLAG_NOATIME) 1266 flags |= S_NOATIME; 1267 if (init && xfs_inode_should_enable_dax(ip)) 1268 flags |= S_DAX; 1269 1270 /* 1271 * S_DAX can only be set during inode initialization and is never set by 1272 * the VFS, so we cannot mask off S_DAX in i_flags. 1273 */ 1274 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME); 1275 inode->i_flags |= flags; 1276 } 1277 1278 /* 1279 * Initialize the Linux inode. 1280 * 1281 * When reading existing inodes from disk this is called directly from xfs_iget, 1282 * when creating a new inode it is called from xfs_ialloc after setting up the 1283 * inode. These callers have different criteria for clearing XFS_INEW, so leave 1284 * it up to the caller to deal with unlocking the inode appropriately. 1285 */ 1286 void 1287 xfs_setup_inode( 1288 struct xfs_inode *ip) 1289 { 1290 struct inode *inode = &ip->i_vnode; 1291 gfp_t gfp_mask; 1292 1293 inode->i_ino = ip->i_ino; 1294 inode->i_state = I_NEW; 1295 1296 inode_sb_list_add(inode); 1297 /* make the inode look hashed for the writeback code */ 1298 inode_fake_hash(inode); 1299 1300 i_size_write(inode, ip->i_d.di_size); 1301 xfs_diflags_to_iflags(ip, true); 1302 1303 if (S_ISDIR(inode->i_mode)) { 1304 /* 1305 * We set the i_rwsem class here to avoid potential races with 1306 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1307 * after a filehandle lookup has already found the inode in 1308 * cache before it has been unlocked via unlock_new_inode(). 1309 */ 1310 lockdep_set_class(&inode->i_rwsem, 1311 &inode->i_sb->s_type->i_mutex_dir_key); 1312 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class); 1313 } else { 1314 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class); 1315 } 1316 1317 /* 1318 * Ensure all page cache allocations are done from GFP_NOFS context to 1319 * prevent direct reclaim recursion back into the filesystem and blowing 1320 * stacks or deadlocking. 1321 */ 1322 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1323 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1324 1325 /* 1326 * If there is no attribute fork no ACL can exist on this inode, 1327 * and it can't have any file capabilities attached to it either. 1328 */ 1329 if (!XFS_IFORK_Q(ip)) { 1330 inode_has_no_xattr(inode); 1331 cache_no_acl(inode); 1332 } 1333 } 1334 1335 void 1336 xfs_setup_iops( 1337 struct xfs_inode *ip) 1338 { 1339 struct inode *inode = &ip->i_vnode; 1340 1341 switch (inode->i_mode & S_IFMT) { 1342 case S_IFREG: 1343 inode->i_op = &xfs_inode_operations; 1344 inode->i_fop = &xfs_file_operations; 1345 if (IS_DAX(inode)) 1346 inode->i_mapping->a_ops = &xfs_dax_aops; 1347 else 1348 inode->i_mapping->a_ops = &xfs_address_space_operations; 1349 break; 1350 case S_IFDIR: 1351 if (xfs_sb_version_hasasciici(&XFS_M(inode->i_sb)->m_sb)) 1352 inode->i_op = &xfs_dir_ci_inode_operations; 1353 else 1354 inode->i_op = &xfs_dir_inode_operations; 1355 inode->i_fop = &xfs_dir_file_operations; 1356 break; 1357 case S_IFLNK: 1358 if (ip->i_df.if_flags & XFS_IFINLINE) 1359 inode->i_op = &xfs_inline_symlink_inode_operations; 1360 else 1361 inode->i_op = &xfs_symlink_inode_operations; 1362 break; 1363 default: 1364 inode->i_op = &xfs_inode_operations; 1365 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1366 break; 1367 } 1368 } 1369