xref: /openbmc/linux/fs/btrfs/send.c (revision cb3908c133f1285069673f11ad651d14ae0406cf)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (C) 2012 Alexander Block.  All rights reserved.
4  */
5 
6 #include <linux/bsearch.h>
7 #include <linux/fs.h>
8 #include <linux/file.h>
9 #include <linux/sort.h>
10 #include <linux/mount.h>
11 #include <linux/xattr.h>
12 #include <linux/posix_acl_xattr.h>
13 #include <linux/radix-tree.h>
14 #include <linux/vmalloc.h>
15 #include <linux/string.h>
16 #include <linux/compat.h>
17 #include <linux/crc32c.h>
18 
19 #include "send.h"
20 #include "backref.h"
21 #include "locking.h"
22 #include "disk-io.h"
23 #include "btrfs_inode.h"
24 #include "transaction.h"
25 #include "compression.h"
26 
27 /*
28  * A fs_path is a helper to dynamically build path names with unknown size.
29  * It reallocates the internal buffer on demand.
30  * It allows fast adding of path elements on the right side (normal path) and
31  * fast adding to the left side (reversed path). A reversed path can also be
32  * unreversed if needed.
33  */
34 struct fs_path {
35 	union {
36 		struct {
37 			char *start;
38 			char *end;
39 
40 			char *buf;
41 			unsigned short buf_len:15;
42 			unsigned short reversed:1;
43 			char inline_buf[];
44 		};
45 		/*
46 		 * Average path length does not exceed 200 bytes, we'll have
47 		 * better packing in the slab and higher chance to satisfy
48 		 * a allocation later during send.
49 		 */
50 		char pad[256];
51 	};
52 };
53 #define FS_PATH_INLINE_SIZE \
54 	(sizeof(struct fs_path) - offsetof(struct fs_path, inline_buf))
55 
56 
57 /* reused for each extent */
58 struct clone_root {
59 	struct btrfs_root *root;
60 	u64 ino;
61 	u64 offset;
62 
63 	u64 found_refs;
64 };
65 
66 #define SEND_CTX_MAX_NAME_CACHE_SIZE 128
67 #define SEND_CTX_NAME_CACHE_CLEAN_SIZE (SEND_CTX_MAX_NAME_CACHE_SIZE * 2)
68 
69 struct send_ctx {
70 	struct file *send_filp;
71 	loff_t send_off;
72 	char *send_buf;
73 	u32 send_size;
74 	u32 send_max_size;
75 	u64 total_send_size;
76 	u64 cmd_send_size[BTRFS_SEND_C_MAX + 1];
77 	u64 flags;	/* 'flags' member of btrfs_ioctl_send_args is u64 */
78 
79 	struct btrfs_root *send_root;
80 	struct btrfs_root *parent_root;
81 	struct clone_root *clone_roots;
82 	int clone_roots_cnt;
83 
84 	/* current state of the compare_tree call */
85 	struct btrfs_path *left_path;
86 	struct btrfs_path *right_path;
87 	struct btrfs_key *cmp_key;
88 
89 	/*
90 	 * infos of the currently processed inode. In case of deleted inodes,
91 	 * these are the values from the deleted inode.
92 	 */
93 	u64 cur_ino;
94 	u64 cur_inode_gen;
95 	int cur_inode_new;
96 	int cur_inode_new_gen;
97 	int cur_inode_deleted;
98 	u64 cur_inode_size;
99 	u64 cur_inode_mode;
100 	u64 cur_inode_rdev;
101 	u64 cur_inode_last_extent;
102 	u64 cur_inode_next_write_offset;
103 	bool ignore_cur_inode;
104 
105 	u64 send_progress;
106 
107 	struct list_head new_refs;
108 	struct list_head deleted_refs;
109 
110 	struct radix_tree_root name_cache;
111 	struct list_head name_cache_list;
112 	int name_cache_size;
113 
114 	struct file_ra_state ra;
115 
116 	char *read_buf;
117 
118 	/*
119 	 * We process inodes by their increasing order, so if before an
120 	 * incremental send we reverse the parent/child relationship of
121 	 * directories such that a directory with a lower inode number was
122 	 * the parent of a directory with a higher inode number, and the one
123 	 * becoming the new parent got renamed too, we can't rename/move the
124 	 * directory with lower inode number when we finish processing it - we
125 	 * must process the directory with higher inode number first, then
126 	 * rename/move it and then rename/move the directory with lower inode
127 	 * number. Example follows.
128 	 *
129 	 * Tree state when the first send was performed:
130 	 *
131 	 * .
132 	 * |-- a                   (ino 257)
133 	 *     |-- b               (ino 258)
134 	 *         |
135 	 *         |
136 	 *         |-- c           (ino 259)
137 	 *         |   |-- d       (ino 260)
138 	 *         |
139 	 *         |-- c2          (ino 261)
140 	 *
141 	 * Tree state when the second (incremental) send is performed:
142 	 *
143 	 * .
144 	 * |-- a                   (ino 257)
145 	 *     |-- b               (ino 258)
146 	 *         |-- c2          (ino 261)
147 	 *             |-- d2      (ino 260)
148 	 *                 |-- cc  (ino 259)
149 	 *
150 	 * The sequence of steps that lead to the second state was:
151 	 *
152 	 * mv /a/b/c/d /a/b/c2/d2
153 	 * mv /a/b/c /a/b/c2/d2/cc
154 	 *
155 	 * "c" has lower inode number, but we can't move it (2nd mv operation)
156 	 * before we move "d", which has higher inode number.
157 	 *
158 	 * So we just memorize which move/rename operations must be performed
159 	 * later when their respective parent is processed and moved/renamed.
160 	 */
161 
162 	/* Indexed by parent directory inode number. */
163 	struct rb_root pending_dir_moves;
164 
165 	/*
166 	 * Reverse index, indexed by the inode number of a directory that
167 	 * is waiting for the move/rename of its immediate parent before its
168 	 * own move/rename can be performed.
169 	 */
170 	struct rb_root waiting_dir_moves;
171 
172 	/*
173 	 * A directory that is going to be rm'ed might have a child directory
174 	 * which is in the pending directory moves index above. In this case,
175 	 * the directory can only be removed after the move/rename of its child
176 	 * is performed. Example:
177 	 *
178 	 * Parent snapshot:
179 	 *
180 	 * .                        (ino 256)
181 	 * |-- a/                   (ino 257)
182 	 *     |-- b/               (ino 258)
183 	 *         |-- c/           (ino 259)
184 	 *         |   |-- x/       (ino 260)
185 	 *         |
186 	 *         |-- y/           (ino 261)
187 	 *
188 	 * Send snapshot:
189 	 *
190 	 * .                        (ino 256)
191 	 * |-- a/                   (ino 257)
192 	 *     |-- b/               (ino 258)
193 	 *         |-- YY/          (ino 261)
194 	 *              |-- x/      (ino 260)
195 	 *
196 	 * Sequence of steps that lead to the send snapshot:
197 	 * rm -f /a/b/c/foo.txt
198 	 * mv /a/b/y /a/b/YY
199 	 * mv /a/b/c/x /a/b/YY
200 	 * rmdir /a/b/c
201 	 *
202 	 * When the child is processed, its move/rename is delayed until its
203 	 * parent is processed (as explained above), but all other operations
204 	 * like update utimes, chown, chgrp, etc, are performed and the paths
205 	 * that it uses for those operations must use the orphanized name of
206 	 * its parent (the directory we're going to rm later), so we need to
207 	 * memorize that name.
208 	 *
209 	 * Indexed by the inode number of the directory to be deleted.
210 	 */
211 	struct rb_root orphan_dirs;
212 };
213 
214 struct pending_dir_move {
215 	struct rb_node node;
216 	struct list_head list;
217 	u64 parent_ino;
218 	u64 ino;
219 	u64 gen;
220 	struct list_head update_refs;
221 };
222 
223 struct waiting_dir_move {
224 	struct rb_node node;
225 	u64 ino;
226 	/*
227 	 * There might be some directory that could not be removed because it
228 	 * was waiting for this directory inode to be moved first. Therefore
229 	 * after this directory is moved, we can try to rmdir the ino rmdir_ino.
230 	 */
231 	u64 rmdir_ino;
232 	bool orphanized;
233 };
234 
235 struct orphan_dir_info {
236 	struct rb_node node;
237 	u64 ino;
238 	u64 gen;
239 	u64 last_dir_index_offset;
240 };
241 
242 struct name_cache_entry {
243 	struct list_head list;
244 	/*
245 	 * radix_tree has only 32bit entries but we need to handle 64bit inums.
246 	 * We use the lower 32bit of the 64bit inum to store it in the tree. If
247 	 * more then one inum would fall into the same entry, we use radix_list
248 	 * to store the additional entries. radix_list is also used to store
249 	 * entries where two entries have the same inum but different
250 	 * generations.
251 	 */
252 	struct list_head radix_list;
253 	u64 ino;
254 	u64 gen;
255 	u64 parent_ino;
256 	u64 parent_gen;
257 	int ret;
258 	int need_later_update;
259 	int name_len;
260 	char name[];
261 };
262 
263 __cold
264 static void inconsistent_snapshot_error(struct send_ctx *sctx,
265 					enum btrfs_compare_tree_result result,
266 					const char *what)
267 {
268 	const char *result_string;
269 
270 	switch (result) {
271 	case BTRFS_COMPARE_TREE_NEW:
272 		result_string = "new";
273 		break;
274 	case BTRFS_COMPARE_TREE_DELETED:
275 		result_string = "deleted";
276 		break;
277 	case BTRFS_COMPARE_TREE_CHANGED:
278 		result_string = "updated";
279 		break;
280 	case BTRFS_COMPARE_TREE_SAME:
281 		ASSERT(0);
282 		result_string = "unchanged";
283 		break;
284 	default:
285 		ASSERT(0);
286 		result_string = "unexpected";
287 	}
288 
289 	btrfs_err(sctx->send_root->fs_info,
290 		  "Send: inconsistent snapshot, found %s %s for inode %llu without updated inode item, send root is %llu, parent root is %llu",
291 		  result_string, what, sctx->cmp_key->objectid,
292 		  sctx->send_root->root_key.objectid,
293 		  (sctx->parent_root ?
294 		   sctx->parent_root->root_key.objectid : 0));
295 }
296 
297 static int is_waiting_for_move(struct send_ctx *sctx, u64 ino);
298 
299 static struct waiting_dir_move *
300 get_waiting_dir_move(struct send_ctx *sctx, u64 ino);
301 
302 static int is_waiting_for_rm(struct send_ctx *sctx, u64 dir_ino);
303 
304 static int need_send_hole(struct send_ctx *sctx)
305 {
306 	return (sctx->parent_root && !sctx->cur_inode_new &&
307 		!sctx->cur_inode_new_gen && !sctx->cur_inode_deleted &&
308 		S_ISREG(sctx->cur_inode_mode));
309 }
310 
311 static void fs_path_reset(struct fs_path *p)
312 {
313 	if (p->reversed) {
314 		p->start = p->buf + p->buf_len - 1;
315 		p->end = p->start;
316 		*p->start = 0;
317 	} else {
318 		p->start = p->buf;
319 		p->end = p->start;
320 		*p->start = 0;
321 	}
322 }
323 
324 static struct fs_path *fs_path_alloc(void)
325 {
326 	struct fs_path *p;
327 
328 	p = kmalloc(sizeof(*p), GFP_KERNEL);
329 	if (!p)
330 		return NULL;
331 	p->reversed = 0;
332 	p->buf = p->inline_buf;
333 	p->buf_len = FS_PATH_INLINE_SIZE;
334 	fs_path_reset(p);
335 	return p;
336 }
337 
338 static struct fs_path *fs_path_alloc_reversed(void)
339 {
340 	struct fs_path *p;
341 
342 	p = fs_path_alloc();
343 	if (!p)
344 		return NULL;
345 	p->reversed = 1;
346 	fs_path_reset(p);
347 	return p;
348 }
349 
350 static void fs_path_free(struct fs_path *p)
351 {
352 	if (!p)
353 		return;
354 	if (p->buf != p->inline_buf)
355 		kfree(p->buf);
356 	kfree(p);
357 }
358 
359 static int fs_path_len(struct fs_path *p)
360 {
361 	return p->end - p->start;
362 }
363 
364 static int fs_path_ensure_buf(struct fs_path *p, int len)
365 {
366 	char *tmp_buf;
367 	int path_len;
368 	int old_buf_len;
369 
370 	len++;
371 
372 	if (p->buf_len >= len)
373 		return 0;
374 
375 	if (len > PATH_MAX) {
376 		WARN_ON(1);
377 		return -ENOMEM;
378 	}
379 
380 	path_len = p->end - p->start;
381 	old_buf_len = p->buf_len;
382 
383 	/*
384 	 * First time the inline_buf does not suffice
385 	 */
386 	if (p->buf == p->inline_buf) {
387 		tmp_buf = kmalloc(len, GFP_KERNEL);
388 		if (tmp_buf)
389 			memcpy(tmp_buf, p->buf, old_buf_len);
390 	} else {
391 		tmp_buf = krealloc(p->buf, len, GFP_KERNEL);
392 	}
393 	if (!tmp_buf)
394 		return -ENOMEM;
395 	p->buf = tmp_buf;
396 	/*
397 	 * The real size of the buffer is bigger, this will let the fast path
398 	 * happen most of the time
399 	 */
400 	p->buf_len = ksize(p->buf);
401 
402 	if (p->reversed) {
403 		tmp_buf = p->buf + old_buf_len - path_len - 1;
404 		p->end = p->buf + p->buf_len - 1;
405 		p->start = p->end - path_len;
406 		memmove(p->start, tmp_buf, path_len + 1);
407 	} else {
408 		p->start = p->buf;
409 		p->end = p->start + path_len;
410 	}
411 	return 0;
412 }
413 
414 static int fs_path_prepare_for_add(struct fs_path *p, int name_len,
415 				   char **prepared)
416 {
417 	int ret;
418 	int new_len;
419 
420 	new_len = p->end - p->start + name_len;
421 	if (p->start != p->end)
422 		new_len++;
423 	ret = fs_path_ensure_buf(p, new_len);
424 	if (ret < 0)
425 		goto out;
426 
427 	if (p->reversed) {
428 		if (p->start != p->end)
429 			*--p->start = '/';
430 		p->start -= name_len;
431 		*prepared = p->start;
432 	} else {
433 		if (p->start != p->end)
434 			*p->end++ = '/';
435 		*prepared = p->end;
436 		p->end += name_len;
437 		*p->end = 0;
438 	}
439 
440 out:
441 	return ret;
442 }
443 
444 static int fs_path_add(struct fs_path *p, const char *name, int name_len)
445 {
446 	int ret;
447 	char *prepared;
448 
449 	ret = fs_path_prepare_for_add(p, name_len, &prepared);
450 	if (ret < 0)
451 		goto out;
452 	memcpy(prepared, name, name_len);
453 
454 out:
455 	return ret;
456 }
457 
458 static int fs_path_add_path(struct fs_path *p, struct fs_path *p2)
459 {
460 	int ret;
461 	char *prepared;
462 
463 	ret = fs_path_prepare_for_add(p, p2->end - p2->start, &prepared);
464 	if (ret < 0)
465 		goto out;
466 	memcpy(prepared, p2->start, p2->end - p2->start);
467 
468 out:
469 	return ret;
470 }
471 
472 static int fs_path_add_from_extent_buffer(struct fs_path *p,
473 					  struct extent_buffer *eb,
474 					  unsigned long off, int len)
475 {
476 	int ret;
477 	char *prepared;
478 
479 	ret = fs_path_prepare_for_add(p, len, &prepared);
480 	if (ret < 0)
481 		goto out;
482 
483 	read_extent_buffer(eb, prepared, off, len);
484 
485 out:
486 	return ret;
487 }
488 
489 static int fs_path_copy(struct fs_path *p, struct fs_path *from)
490 {
491 	int ret;
492 
493 	p->reversed = from->reversed;
494 	fs_path_reset(p);
495 
496 	ret = fs_path_add_path(p, from);
497 
498 	return ret;
499 }
500 
501 
502 static void fs_path_unreverse(struct fs_path *p)
503 {
504 	char *tmp;
505 	int len;
506 
507 	if (!p->reversed)
508 		return;
509 
510 	tmp = p->start;
511 	len = p->end - p->start;
512 	p->start = p->buf;
513 	p->end = p->start + len;
514 	memmove(p->start, tmp, len + 1);
515 	p->reversed = 0;
516 }
517 
518 static struct btrfs_path *alloc_path_for_send(void)
519 {
520 	struct btrfs_path *path;
521 
522 	path = btrfs_alloc_path();
523 	if (!path)
524 		return NULL;
525 	path->search_commit_root = 1;
526 	path->skip_locking = 1;
527 	path->need_commit_sem = 1;
528 	return path;
529 }
530 
531 static int write_buf(struct file *filp, const void *buf, u32 len, loff_t *off)
532 {
533 	int ret;
534 	u32 pos = 0;
535 
536 	while (pos < len) {
537 		ret = kernel_write(filp, buf + pos, len - pos, off);
538 		/* TODO handle that correctly */
539 		/*if (ret == -ERESTARTSYS) {
540 			continue;
541 		}*/
542 		if (ret < 0)
543 			return ret;
544 		if (ret == 0) {
545 			return -EIO;
546 		}
547 		pos += ret;
548 	}
549 
550 	return 0;
551 }
552 
553 static int tlv_put(struct send_ctx *sctx, u16 attr, const void *data, int len)
554 {
555 	struct btrfs_tlv_header *hdr;
556 	int total_len = sizeof(*hdr) + len;
557 	int left = sctx->send_max_size - sctx->send_size;
558 
559 	if (unlikely(left < total_len))
560 		return -EOVERFLOW;
561 
562 	hdr = (struct btrfs_tlv_header *) (sctx->send_buf + sctx->send_size);
563 	hdr->tlv_type = cpu_to_le16(attr);
564 	hdr->tlv_len = cpu_to_le16(len);
565 	memcpy(hdr + 1, data, len);
566 	sctx->send_size += total_len;
567 
568 	return 0;
569 }
570 
571 #define TLV_PUT_DEFINE_INT(bits) \
572 	static int tlv_put_u##bits(struct send_ctx *sctx,	 	\
573 			u##bits attr, u##bits value)			\
574 	{								\
575 		__le##bits __tmp = cpu_to_le##bits(value);		\
576 		return tlv_put(sctx, attr, &__tmp, sizeof(__tmp));	\
577 	}
578 
579 TLV_PUT_DEFINE_INT(64)
580 
581 static int tlv_put_string(struct send_ctx *sctx, u16 attr,
582 			  const char *str, int len)
583 {
584 	if (len == -1)
585 		len = strlen(str);
586 	return tlv_put(sctx, attr, str, len);
587 }
588 
589 static int tlv_put_uuid(struct send_ctx *sctx, u16 attr,
590 			const u8 *uuid)
591 {
592 	return tlv_put(sctx, attr, uuid, BTRFS_UUID_SIZE);
593 }
594 
595 static int tlv_put_btrfs_timespec(struct send_ctx *sctx, u16 attr,
596 				  struct extent_buffer *eb,
597 				  struct btrfs_timespec *ts)
598 {
599 	struct btrfs_timespec bts;
600 	read_extent_buffer(eb, &bts, (unsigned long)ts, sizeof(bts));
601 	return tlv_put(sctx, attr, &bts, sizeof(bts));
602 }
603 
604 
605 #define TLV_PUT(sctx, attrtype, data, attrlen) \
606 	do { \
607 		ret = tlv_put(sctx, attrtype, data, attrlen); \
608 		if (ret < 0) \
609 			goto tlv_put_failure; \
610 	} while (0)
611 
612 #define TLV_PUT_INT(sctx, attrtype, bits, value) \
613 	do { \
614 		ret = tlv_put_u##bits(sctx, attrtype, value); \
615 		if (ret < 0) \
616 			goto tlv_put_failure; \
617 	} while (0)
618 
619 #define TLV_PUT_U8(sctx, attrtype, data) TLV_PUT_INT(sctx, attrtype, 8, data)
620 #define TLV_PUT_U16(sctx, attrtype, data) TLV_PUT_INT(sctx, attrtype, 16, data)
621 #define TLV_PUT_U32(sctx, attrtype, data) TLV_PUT_INT(sctx, attrtype, 32, data)
622 #define TLV_PUT_U64(sctx, attrtype, data) TLV_PUT_INT(sctx, attrtype, 64, data)
623 #define TLV_PUT_STRING(sctx, attrtype, str, len) \
624 	do { \
625 		ret = tlv_put_string(sctx, attrtype, str, len); \
626 		if (ret < 0) \
627 			goto tlv_put_failure; \
628 	} while (0)
629 #define TLV_PUT_PATH(sctx, attrtype, p) \
630 	do { \
631 		ret = tlv_put_string(sctx, attrtype, p->start, \
632 			p->end - p->start); \
633 		if (ret < 0) \
634 			goto tlv_put_failure; \
635 	} while(0)
636 #define TLV_PUT_UUID(sctx, attrtype, uuid) \
637 	do { \
638 		ret = tlv_put_uuid(sctx, attrtype, uuid); \
639 		if (ret < 0) \
640 			goto tlv_put_failure; \
641 	} while (0)
642 #define TLV_PUT_BTRFS_TIMESPEC(sctx, attrtype, eb, ts) \
643 	do { \
644 		ret = tlv_put_btrfs_timespec(sctx, attrtype, eb, ts); \
645 		if (ret < 0) \
646 			goto tlv_put_failure; \
647 	} while (0)
648 
649 static int send_header(struct send_ctx *sctx)
650 {
651 	struct btrfs_stream_header hdr;
652 
653 	strcpy(hdr.magic, BTRFS_SEND_STREAM_MAGIC);
654 	hdr.version = cpu_to_le32(BTRFS_SEND_STREAM_VERSION);
655 
656 	return write_buf(sctx->send_filp, &hdr, sizeof(hdr),
657 					&sctx->send_off);
658 }
659 
660 /*
661  * For each command/item we want to send to userspace, we call this function.
662  */
663 static int begin_cmd(struct send_ctx *sctx, int cmd)
664 {
665 	struct btrfs_cmd_header *hdr;
666 
667 	if (WARN_ON(!sctx->send_buf))
668 		return -EINVAL;
669 
670 	BUG_ON(sctx->send_size);
671 
672 	sctx->send_size += sizeof(*hdr);
673 	hdr = (struct btrfs_cmd_header *)sctx->send_buf;
674 	hdr->cmd = cpu_to_le16(cmd);
675 
676 	return 0;
677 }
678 
679 static int send_cmd(struct send_ctx *sctx)
680 {
681 	int ret;
682 	struct btrfs_cmd_header *hdr;
683 	u32 crc;
684 
685 	hdr = (struct btrfs_cmd_header *)sctx->send_buf;
686 	hdr->len = cpu_to_le32(sctx->send_size - sizeof(*hdr));
687 	hdr->crc = 0;
688 
689 	crc = crc32c(0, (unsigned char *)sctx->send_buf, sctx->send_size);
690 	hdr->crc = cpu_to_le32(crc);
691 
692 	ret = write_buf(sctx->send_filp, sctx->send_buf, sctx->send_size,
693 					&sctx->send_off);
694 
695 	sctx->total_send_size += sctx->send_size;
696 	sctx->cmd_send_size[le16_to_cpu(hdr->cmd)] += sctx->send_size;
697 	sctx->send_size = 0;
698 
699 	return ret;
700 }
701 
702 /*
703  * Sends a move instruction to user space
704  */
705 static int send_rename(struct send_ctx *sctx,
706 		     struct fs_path *from, struct fs_path *to)
707 {
708 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
709 	int ret;
710 
711 	btrfs_debug(fs_info, "send_rename %s -> %s", from->start, to->start);
712 
713 	ret = begin_cmd(sctx, BTRFS_SEND_C_RENAME);
714 	if (ret < 0)
715 		goto out;
716 
717 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, from);
718 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH_TO, to);
719 
720 	ret = send_cmd(sctx);
721 
722 tlv_put_failure:
723 out:
724 	return ret;
725 }
726 
727 /*
728  * Sends a link instruction to user space
729  */
730 static int send_link(struct send_ctx *sctx,
731 		     struct fs_path *path, struct fs_path *lnk)
732 {
733 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
734 	int ret;
735 
736 	btrfs_debug(fs_info, "send_link %s -> %s", path->start, lnk->start);
737 
738 	ret = begin_cmd(sctx, BTRFS_SEND_C_LINK);
739 	if (ret < 0)
740 		goto out;
741 
742 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, path);
743 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH_LINK, lnk);
744 
745 	ret = send_cmd(sctx);
746 
747 tlv_put_failure:
748 out:
749 	return ret;
750 }
751 
752 /*
753  * Sends an unlink instruction to user space
754  */
755 static int send_unlink(struct send_ctx *sctx, struct fs_path *path)
756 {
757 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
758 	int ret;
759 
760 	btrfs_debug(fs_info, "send_unlink %s", path->start);
761 
762 	ret = begin_cmd(sctx, BTRFS_SEND_C_UNLINK);
763 	if (ret < 0)
764 		goto out;
765 
766 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, path);
767 
768 	ret = send_cmd(sctx);
769 
770 tlv_put_failure:
771 out:
772 	return ret;
773 }
774 
775 /*
776  * Sends a rmdir instruction to user space
777  */
778 static int send_rmdir(struct send_ctx *sctx, struct fs_path *path)
779 {
780 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
781 	int ret;
782 
783 	btrfs_debug(fs_info, "send_rmdir %s", path->start);
784 
785 	ret = begin_cmd(sctx, BTRFS_SEND_C_RMDIR);
786 	if (ret < 0)
787 		goto out;
788 
789 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, path);
790 
791 	ret = send_cmd(sctx);
792 
793 tlv_put_failure:
794 out:
795 	return ret;
796 }
797 
798 /*
799  * Helper function to retrieve some fields from an inode item.
800  */
801 static int __get_inode_info(struct btrfs_root *root, struct btrfs_path *path,
802 			  u64 ino, u64 *size, u64 *gen, u64 *mode, u64 *uid,
803 			  u64 *gid, u64 *rdev)
804 {
805 	int ret;
806 	struct btrfs_inode_item *ii;
807 	struct btrfs_key key;
808 
809 	key.objectid = ino;
810 	key.type = BTRFS_INODE_ITEM_KEY;
811 	key.offset = 0;
812 	ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
813 	if (ret) {
814 		if (ret > 0)
815 			ret = -ENOENT;
816 		return ret;
817 	}
818 
819 	ii = btrfs_item_ptr(path->nodes[0], path->slots[0],
820 			struct btrfs_inode_item);
821 	if (size)
822 		*size = btrfs_inode_size(path->nodes[0], ii);
823 	if (gen)
824 		*gen = btrfs_inode_generation(path->nodes[0], ii);
825 	if (mode)
826 		*mode = btrfs_inode_mode(path->nodes[0], ii);
827 	if (uid)
828 		*uid = btrfs_inode_uid(path->nodes[0], ii);
829 	if (gid)
830 		*gid = btrfs_inode_gid(path->nodes[0], ii);
831 	if (rdev)
832 		*rdev = btrfs_inode_rdev(path->nodes[0], ii);
833 
834 	return ret;
835 }
836 
837 static int get_inode_info(struct btrfs_root *root,
838 			  u64 ino, u64 *size, u64 *gen,
839 			  u64 *mode, u64 *uid, u64 *gid,
840 			  u64 *rdev)
841 {
842 	struct btrfs_path *path;
843 	int ret;
844 
845 	path = alloc_path_for_send();
846 	if (!path)
847 		return -ENOMEM;
848 	ret = __get_inode_info(root, path, ino, size, gen, mode, uid, gid,
849 			       rdev);
850 	btrfs_free_path(path);
851 	return ret;
852 }
853 
854 typedef int (*iterate_inode_ref_t)(int num, u64 dir, int index,
855 				   struct fs_path *p,
856 				   void *ctx);
857 
858 /*
859  * Helper function to iterate the entries in ONE btrfs_inode_ref or
860  * btrfs_inode_extref.
861  * The iterate callback may return a non zero value to stop iteration. This can
862  * be a negative value for error codes or 1 to simply stop it.
863  *
864  * path must point to the INODE_REF or INODE_EXTREF when called.
865  */
866 static int iterate_inode_ref(struct btrfs_root *root, struct btrfs_path *path,
867 			     struct btrfs_key *found_key, int resolve,
868 			     iterate_inode_ref_t iterate, void *ctx)
869 {
870 	struct extent_buffer *eb = path->nodes[0];
871 	struct btrfs_item *item;
872 	struct btrfs_inode_ref *iref;
873 	struct btrfs_inode_extref *extref;
874 	struct btrfs_path *tmp_path;
875 	struct fs_path *p;
876 	u32 cur = 0;
877 	u32 total;
878 	int slot = path->slots[0];
879 	u32 name_len;
880 	char *start;
881 	int ret = 0;
882 	int num = 0;
883 	int index;
884 	u64 dir;
885 	unsigned long name_off;
886 	unsigned long elem_size;
887 	unsigned long ptr;
888 
889 	p = fs_path_alloc_reversed();
890 	if (!p)
891 		return -ENOMEM;
892 
893 	tmp_path = alloc_path_for_send();
894 	if (!tmp_path) {
895 		fs_path_free(p);
896 		return -ENOMEM;
897 	}
898 
899 
900 	if (found_key->type == BTRFS_INODE_REF_KEY) {
901 		ptr = (unsigned long)btrfs_item_ptr(eb, slot,
902 						    struct btrfs_inode_ref);
903 		item = btrfs_item_nr(slot);
904 		total = btrfs_item_size(eb, item);
905 		elem_size = sizeof(*iref);
906 	} else {
907 		ptr = btrfs_item_ptr_offset(eb, slot);
908 		total = btrfs_item_size_nr(eb, slot);
909 		elem_size = sizeof(*extref);
910 	}
911 
912 	while (cur < total) {
913 		fs_path_reset(p);
914 
915 		if (found_key->type == BTRFS_INODE_REF_KEY) {
916 			iref = (struct btrfs_inode_ref *)(ptr + cur);
917 			name_len = btrfs_inode_ref_name_len(eb, iref);
918 			name_off = (unsigned long)(iref + 1);
919 			index = btrfs_inode_ref_index(eb, iref);
920 			dir = found_key->offset;
921 		} else {
922 			extref = (struct btrfs_inode_extref *)(ptr + cur);
923 			name_len = btrfs_inode_extref_name_len(eb, extref);
924 			name_off = (unsigned long)&extref->name;
925 			index = btrfs_inode_extref_index(eb, extref);
926 			dir = btrfs_inode_extref_parent(eb, extref);
927 		}
928 
929 		if (resolve) {
930 			start = btrfs_ref_to_path(root, tmp_path, name_len,
931 						  name_off, eb, dir,
932 						  p->buf, p->buf_len);
933 			if (IS_ERR(start)) {
934 				ret = PTR_ERR(start);
935 				goto out;
936 			}
937 			if (start < p->buf) {
938 				/* overflow , try again with larger buffer */
939 				ret = fs_path_ensure_buf(p,
940 						p->buf_len + p->buf - start);
941 				if (ret < 0)
942 					goto out;
943 				start = btrfs_ref_to_path(root, tmp_path,
944 							  name_len, name_off,
945 							  eb, dir,
946 							  p->buf, p->buf_len);
947 				if (IS_ERR(start)) {
948 					ret = PTR_ERR(start);
949 					goto out;
950 				}
951 				BUG_ON(start < p->buf);
952 			}
953 			p->start = start;
954 		} else {
955 			ret = fs_path_add_from_extent_buffer(p, eb, name_off,
956 							     name_len);
957 			if (ret < 0)
958 				goto out;
959 		}
960 
961 		cur += elem_size + name_len;
962 		ret = iterate(num, dir, index, p, ctx);
963 		if (ret)
964 			goto out;
965 		num++;
966 	}
967 
968 out:
969 	btrfs_free_path(tmp_path);
970 	fs_path_free(p);
971 	return ret;
972 }
973 
974 typedef int (*iterate_dir_item_t)(int num, struct btrfs_key *di_key,
975 				  const char *name, int name_len,
976 				  const char *data, int data_len,
977 				  u8 type, void *ctx);
978 
979 /*
980  * Helper function to iterate the entries in ONE btrfs_dir_item.
981  * The iterate callback may return a non zero value to stop iteration. This can
982  * be a negative value for error codes or 1 to simply stop it.
983  *
984  * path must point to the dir item when called.
985  */
986 static int iterate_dir_item(struct btrfs_root *root, struct btrfs_path *path,
987 			    iterate_dir_item_t iterate, void *ctx)
988 {
989 	int ret = 0;
990 	struct extent_buffer *eb;
991 	struct btrfs_item *item;
992 	struct btrfs_dir_item *di;
993 	struct btrfs_key di_key;
994 	char *buf = NULL;
995 	int buf_len;
996 	u32 name_len;
997 	u32 data_len;
998 	u32 cur;
999 	u32 len;
1000 	u32 total;
1001 	int slot;
1002 	int num;
1003 	u8 type;
1004 
1005 	/*
1006 	 * Start with a small buffer (1 page). If later we end up needing more
1007 	 * space, which can happen for xattrs on a fs with a leaf size greater
1008 	 * then the page size, attempt to increase the buffer. Typically xattr
1009 	 * values are small.
1010 	 */
1011 	buf_len = PATH_MAX;
1012 	buf = kmalloc(buf_len, GFP_KERNEL);
1013 	if (!buf) {
1014 		ret = -ENOMEM;
1015 		goto out;
1016 	}
1017 
1018 	eb = path->nodes[0];
1019 	slot = path->slots[0];
1020 	item = btrfs_item_nr(slot);
1021 	di = btrfs_item_ptr(eb, slot, struct btrfs_dir_item);
1022 	cur = 0;
1023 	len = 0;
1024 	total = btrfs_item_size(eb, item);
1025 
1026 	num = 0;
1027 	while (cur < total) {
1028 		name_len = btrfs_dir_name_len(eb, di);
1029 		data_len = btrfs_dir_data_len(eb, di);
1030 		type = btrfs_dir_type(eb, di);
1031 		btrfs_dir_item_key_to_cpu(eb, di, &di_key);
1032 
1033 		if (type == BTRFS_FT_XATTR) {
1034 			if (name_len > XATTR_NAME_MAX) {
1035 				ret = -ENAMETOOLONG;
1036 				goto out;
1037 			}
1038 			if (name_len + data_len >
1039 					BTRFS_MAX_XATTR_SIZE(root->fs_info)) {
1040 				ret = -E2BIG;
1041 				goto out;
1042 			}
1043 		} else {
1044 			/*
1045 			 * Path too long
1046 			 */
1047 			if (name_len + data_len > PATH_MAX) {
1048 				ret = -ENAMETOOLONG;
1049 				goto out;
1050 			}
1051 		}
1052 
1053 		if (name_len + data_len > buf_len) {
1054 			buf_len = name_len + data_len;
1055 			if (is_vmalloc_addr(buf)) {
1056 				vfree(buf);
1057 				buf = NULL;
1058 			} else {
1059 				char *tmp = krealloc(buf, buf_len,
1060 						GFP_KERNEL | __GFP_NOWARN);
1061 
1062 				if (!tmp)
1063 					kfree(buf);
1064 				buf = tmp;
1065 			}
1066 			if (!buf) {
1067 				buf = kvmalloc(buf_len, GFP_KERNEL);
1068 				if (!buf) {
1069 					ret = -ENOMEM;
1070 					goto out;
1071 				}
1072 			}
1073 		}
1074 
1075 		read_extent_buffer(eb, buf, (unsigned long)(di + 1),
1076 				name_len + data_len);
1077 
1078 		len = sizeof(*di) + name_len + data_len;
1079 		di = (struct btrfs_dir_item *)((char *)di + len);
1080 		cur += len;
1081 
1082 		ret = iterate(num, &di_key, buf, name_len, buf + name_len,
1083 				data_len, type, ctx);
1084 		if (ret < 0)
1085 			goto out;
1086 		if (ret) {
1087 			ret = 0;
1088 			goto out;
1089 		}
1090 
1091 		num++;
1092 	}
1093 
1094 out:
1095 	kvfree(buf);
1096 	return ret;
1097 }
1098 
1099 static int __copy_first_ref(int num, u64 dir, int index,
1100 			    struct fs_path *p, void *ctx)
1101 {
1102 	int ret;
1103 	struct fs_path *pt = ctx;
1104 
1105 	ret = fs_path_copy(pt, p);
1106 	if (ret < 0)
1107 		return ret;
1108 
1109 	/* we want the first only */
1110 	return 1;
1111 }
1112 
1113 /*
1114  * Retrieve the first path of an inode. If an inode has more then one
1115  * ref/hardlink, this is ignored.
1116  */
1117 static int get_inode_path(struct btrfs_root *root,
1118 			  u64 ino, struct fs_path *path)
1119 {
1120 	int ret;
1121 	struct btrfs_key key, found_key;
1122 	struct btrfs_path *p;
1123 
1124 	p = alloc_path_for_send();
1125 	if (!p)
1126 		return -ENOMEM;
1127 
1128 	fs_path_reset(path);
1129 
1130 	key.objectid = ino;
1131 	key.type = BTRFS_INODE_REF_KEY;
1132 	key.offset = 0;
1133 
1134 	ret = btrfs_search_slot_for_read(root, &key, p, 1, 0);
1135 	if (ret < 0)
1136 		goto out;
1137 	if (ret) {
1138 		ret = 1;
1139 		goto out;
1140 	}
1141 	btrfs_item_key_to_cpu(p->nodes[0], &found_key, p->slots[0]);
1142 	if (found_key.objectid != ino ||
1143 	    (found_key.type != BTRFS_INODE_REF_KEY &&
1144 	     found_key.type != BTRFS_INODE_EXTREF_KEY)) {
1145 		ret = -ENOENT;
1146 		goto out;
1147 	}
1148 
1149 	ret = iterate_inode_ref(root, p, &found_key, 1,
1150 				__copy_first_ref, path);
1151 	if (ret < 0)
1152 		goto out;
1153 	ret = 0;
1154 
1155 out:
1156 	btrfs_free_path(p);
1157 	return ret;
1158 }
1159 
1160 struct backref_ctx {
1161 	struct send_ctx *sctx;
1162 
1163 	/* number of total found references */
1164 	u64 found;
1165 
1166 	/*
1167 	 * used for clones found in send_root. clones found behind cur_objectid
1168 	 * and cur_offset are not considered as allowed clones.
1169 	 */
1170 	u64 cur_objectid;
1171 	u64 cur_offset;
1172 
1173 	/* may be truncated in case it's the last extent in a file */
1174 	u64 extent_len;
1175 
1176 	/* data offset in the file extent item */
1177 	u64 data_offset;
1178 
1179 	/* Just to check for bugs in backref resolving */
1180 	int found_itself;
1181 };
1182 
1183 static int __clone_root_cmp_bsearch(const void *key, const void *elt)
1184 {
1185 	u64 root = (u64)(uintptr_t)key;
1186 	struct clone_root *cr = (struct clone_root *)elt;
1187 
1188 	if (root < cr->root->root_key.objectid)
1189 		return -1;
1190 	if (root > cr->root->root_key.objectid)
1191 		return 1;
1192 	return 0;
1193 }
1194 
1195 static int __clone_root_cmp_sort(const void *e1, const void *e2)
1196 {
1197 	struct clone_root *cr1 = (struct clone_root *)e1;
1198 	struct clone_root *cr2 = (struct clone_root *)e2;
1199 
1200 	if (cr1->root->root_key.objectid < cr2->root->root_key.objectid)
1201 		return -1;
1202 	if (cr1->root->root_key.objectid > cr2->root->root_key.objectid)
1203 		return 1;
1204 	return 0;
1205 }
1206 
1207 /*
1208  * Called for every backref that is found for the current extent.
1209  * Results are collected in sctx->clone_roots->ino/offset/found_refs
1210  */
1211 static int __iterate_backrefs(u64 ino, u64 offset, u64 root, void *ctx_)
1212 {
1213 	struct backref_ctx *bctx = ctx_;
1214 	struct clone_root *found;
1215 
1216 	/* First check if the root is in the list of accepted clone sources */
1217 	found = bsearch((void *)(uintptr_t)root, bctx->sctx->clone_roots,
1218 			bctx->sctx->clone_roots_cnt,
1219 			sizeof(struct clone_root),
1220 			__clone_root_cmp_bsearch);
1221 	if (!found)
1222 		return 0;
1223 
1224 	if (found->root == bctx->sctx->send_root &&
1225 	    ino == bctx->cur_objectid &&
1226 	    offset == bctx->cur_offset) {
1227 		bctx->found_itself = 1;
1228 	}
1229 
1230 	/*
1231 	 * Make sure we don't consider clones from send_root that are
1232 	 * behind the current inode/offset.
1233 	 */
1234 	if (found->root == bctx->sctx->send_root) {
1235 		/*
1236 		 * TODO for the moment we don't accept clones from the inode
1237 		 * that is currently send. We may change this when
1238 		 * BTRFS_IOC_CLONE_RANGE supports cloning from and to the same
1239 		 * file.
1240 		 */
1241 		if (ino >= bctx->cur_objectid)
1242 			return 0;
1243 	}
1244 
1245 	bctx->found++;
1246 	found->found_refs++;
1247 	if (ino < found->ino) {
1248 		found->ino = ino;
1249 		found->offset = offset;
1250 	} else if (found->ino == ino) {
1251 		/*
1252 		 * same extent found more then once in the same file.
1253 		 */
1254 		if (found->offset > offset + bctx->extent_len)
1255 			found->offset = offset;
1256 	}
1257 
1258 	return 0;
1259 }
1260 
1261 /*
1262  * Given an inode, offset and extent item, it finds a good clone for a clone
1263  * instruction. Returns -ENOENT when none could be found. The function makes
1264  * sure that the returned clone is usable at the point where sending is at the
1265  * moment. This means, that no clones are accepted which lie behind the current
1266  * inode+offset.
1267  *
1268  * path must point to the extent item when called.
1269  */
1270 static int find_extent_clone(struct send_ctx *sctx,
1271 			     struct btrfs_path *path,
1272 			     u64 ino, u64 data_offset,
1273 			     u64 ino_size,
1274 			     struct clone_root **found)
1275 {
1276 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
1277 	int ret;
1278 	int extent_type;
1279 	u64 logical;
1280 	u64 disk_byte;
1281 	u64 num_bytes;
1282 	u64 extent_item_pos;
1283 	u64 flags = 0;
1284 	struct btrfs_file_extent_item *fi;
1285 	struct extent_buffer *eb = path->nodes[0];
1286 	struct backref_ctx *backref_ctx = NULL;
1287 	struct clone_root *cur_clone_root;
1288 	struct btrfs_key found_key;
1289 	struct btrfs_path *tmp_path;
1290 	int compressed;
1291 	u32 i;
1292 
1293 	tmp_path = alloc_path_for_send();
1294 	if (!tmp_path)
1295 		return -ENOMEM;
1296 
1297 	/* We only use this path under the commit sem */
1298 	tmp_path->need_commit_sem = 0;
1299 
1300 	backref_ctx = kmalloc(sizeof(*backref_ctx), GFP_KERNEL);
1301 	if (!backref_ctx) {
1302 		ret = -ENOMEM;
1303 		goto out;
1304 	}
1305 
1306 	if (data_offset >= ino_size) {
1307 		/*
1308 		 * There may be extents that lie behind the file's size.
1309 		 * I at least had this in combination with snapshotting while
1310 		 * writing large files.
1311 		 */
1312 		ret = 0;
1313 		goto out;
1314 	}
1315 
1316 	fi = btrfs_item_ptr(eb, path->slots[0],
1317 			struct btrfs_file_extent_item);
1318 	extent_type = btrfs_file_extent_type(eb, fi);
1319 	if (extent_type == BTRFS_FILE_EXTENT_INLINE) {
1320 		ret = -ENOENT;
1321 		goto out;
1322 	}
1323 	compressed = btrfs_file_extent_compression(eb, fi);
1324 
1325 	num_bytes = btrfs_file_extent_num_bytes(eb, fi);
1326 	disk_byte = btrfs_file_extent_disk_bytenr(eb, fi);
1327 	if (disk_byte == 0) {
1328 		ret = -ENOENT;
1329 		goto out;
1330 	}
1331 	logical = disk_byte + btrfs_file_extent_offset(eb, fi);
1332 
1333 	down_read(&fs_info->commit_root_sem);
1334 	ret = extent_from_logical(fs_info, disk_byte, tmp_path,
1335 				  &found_key, &flags);
1336 	up_read(&fs_info->commit_root_sem);
1337 	btrfs_release_path(tmp_path);
1338 
1339 	if (ret < 0)
1340 		goto out;
1341 	if (flags & BTRFS_EXTENT_FLAG_TREE_BLOCK) {
1342 		ret = -EIO;
1343 		goto out;
1344 	}
1345 
1346 	/*
1347 	 * Setup the clone roots.
1348 	 */
1349 	for (i = 0; i < sctx->clone_roots_cnt; i++) {
1350 		cur_clone_root = sctx->clone_roots + i;
1351 		cur_clone_root->ino = (u64)-1;
1352 		cur_clone_root->offset = 0;
1353 		cur_clone_root->found_refs = 0;
1354 	}
1355 
1356 	backref_ctx->sctx = sctx;
1357 	backref_ctx->found = 0;
1358 	backref_ctx->cur_objectid = ino;
1359 	backref_ctx->cur_offset = data_offset;
1360 	backref_ctx->found_itself = 0;
1361 	backref_ctx->extent_len = num_bytes;
1362 	/*
1363 	 * For non-compressed extents iterate_extent_inodes() gives us extent
1364 	 * offsets that already take into account the data offset, but not for
1365 	 * compressed extents, since the offset is logical and not relative to
1366 	 * the physical extent locations. We must take this into account to
1367 	 * avoid sending clone offsets that go beyond the source file's size,
1368 	 * which would result in the clone ioctl failing with -EINVAL on the
1369 	 * receiving end.
1370 	 */
1371 	if (compressed == BTRFS_COMPRESS_NONE)
1372 		backref_ctx->data_offset = 0;
1373 	else
1374 		backref_ctx->data_offset = btrfs_file_extent_offset(eb, fi);
1375 
1376 	/*
1377 	 * The last extent of a file may be too large due to page alignment.
1378 	 * We need to adjust extent_len in this case so that the checks in
1379 	 * __iterate_backrefs work.
1380 	 */
1381 	if (data_offset + num_bytes >= ino_size)
1382 		backref_ctx->extent_len = ino_size - data_offset;
1383 
1384 	/*
1385 	 * Now collect all backrefs.
1386 	 */
1387 	if (compressed == BTRFS_COMPRESS_NONE)
1388 		extent_item_pos = logical - found_key.objectid;
1389 	else
1390 		extent_item_pos = 0;
1391 	ret = iterate_extent_inodes(fs_info, found_key.objectid,
1392 				    extent_item_pos, 1, __iterate_backrefs,
1393 				    backref_ctx, false);
1394 
1395 	if (ret < 0)
1396 		goto out;
1397 
1398 	if (!backref_ctx->found_itself) {
1399 		/* found a bug in backref code? */
1400 		ret = -EIO;
1401 		btrfs_err(fs_info,
1402 			  "did not find backref in send_root. inode=%llu, offset=%llu, disk_byte=%llu found extent=%llu",
1403 			  ino, data_offset, disk_byte, found_key.objectid);
1404 		goto out;
1405 	}
1406 
1407 	btrfs_debug(fs_info,
1408 		    "find_extent_clone: data_offset=%llu, ino=%llu, num_bytes=%llu, logical=%llu",
1409 		    data_offset, ino, num_bytes, logical);
1410 
1411 	if (!backref_ctx->found)
1412 		btrfs_debug(fs_info, "no clones found");
1413 
1414 	cur_clone_root = NULL;
1415 	for (i = 0; i < sctx->clone_roots_cnt; i++) {
1416 		if (sctx->clone_roots[i].found_refs) {
1417 			if (!cur_clone_root)
1418 				cur_clone_root = sctx->clone_roots + i;
1419 			else if (sctx->clone_roots[i].root == sctx->send_root)
1420 				/* prefer clones from send_root over others */
1421 				cur_clone_root = sctx->clone_roots + i;
1422 		}
1423 
1424 	}
1425 
1426 	if (cur_clone_root) {
1427 		*found = cur_clone_root;
1428 		ret = 0;
1429 	} else {
1430 		ret = -ENOENT;
1431 	}
1432 
1433 out:
1434 	btrfs_free_path(tmp_path);
1435 	kfree(backref_ctx);
1436 	return ret;
1437 }
1438 
1439 static int read_symlink(struct btrfs_root *root,
1440 			u64 ino,
1441 			struct fs_path *dest)
1442 {
1443 	int ret;
1444 	struct btrfs_path *path;
1445 	struct btrfs_key key;
1446 	struct btrfs_file_extent_item *ei;
1447 	u8 type;
1448 	u8 compression;
1449 	unsigned long off;
1450 	int len;
1451 
1452 	path = alloc_path_for_send();
1453 	if (!path)
1454 		return -ENOMEM;
1455 
1456 	key.objectid = ino;
1457 	key.type = BTRFS_EXTENT_DATA_KEY;
1458 	key.offset = 0;
1459 	ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
1460 	if (ret < 0)
1461 		goto out;
1462 	if (ret) {
1463 		/*
1464 		 * An empty symlink inode. Can happen in rare error paths when
1465 		 * creating a symlink (transaction committed before the inode
1466 		 * eviction handler removed the symlink inode items and a crash
1467 		 * happened in between or the subvol was snapshoted in between).
1468 		 * Print an informative message to dmesg/syslog so that the user
1469 		 * can delete the symlink.
1470 		 */
1471 		btrfs_err(root->fs_info,
1472 			  "Found empty symlink inode %llu at root %llu",
1473 			  ino, root->root_key.objectid);
1474 		ret = -EIO;
1475 		goto out;
1476 	}
1477 
1478 	ei = btrfs_item_ptr(path->nodes[0], path->slots[0],
1479 			struct btrfs_file_extent_item);
1480 	type = btrfs_file_extent_type(path->nodes[0], ei);
1481 	compression = btrfs_file_extent_compression(path->nodes[0], ei);
1482 	BUG_ON(type != BTRFS_FILE_EXTENT_INLINE);
1483 	BUG_ON(compression);
1484 
1485 	off = btrfs_file_extent_inline_start(ei);
1486 	len = btrfs_file_extent_ram_bytes(path->nodes[0], ei);
1487 
1488 	ret = fs_path_add_from_extent_buffer(dest, path->nodes[0], off, len);
1489 
1490 out:
1491 	btrfs_free_path(path);
1492 	return ret;
1493 }
1494 
1495 /*
1496  * Helper function to generate a file name that is unique in the root of
1497  * send_root and parent_root. This is used to generate names for orphan inodes.
1498  */
1499 static int gen_unique_name(struct send_ctx *sctx,
1500 			   u64 ino, u64 gen,
1501 			   struct fs_path *dest)
1502 {
1503 	int ret = 0;
1504 	struct btrfs_path *path;
1505 	struct btrfs_dir_item *di;
1506 	char tmp[64];
1507 	int len;
1508 	u64 idx = 0;
1509 
1510 	path = alloc_path_for_send();
1511 	if (!path)
1512 		return -ENOMEM;
1513 
1514 	while (1) {
1515 		len = snprintf(tmp, sizeof(tmp), "o%llu-%llu-%llu",
1516 				ino, gen, idx);
1517 		ASSERT(len < sizeof(tmp));
1518 
1519 		di = btrfs_lookup_dir_item(NULL, sctx->send_root,
1520 				path, BTRFS_FIRST_FREE_OBJECTID,
1521 				tmp, strlen(tmp), 0);
1522 		btrfs_release_path(path);
1523 		if (IS_ERR(di)) {
1524 			ret = PTR_ERR(di);
1525 			goto out;
1526 		}
1527 		if (di) {
1528 			/* not unique, try again */
1529 			idx++;
1530 			continue;
1531 		}
1532 
1533 		if (!sctx->parent_root) {
1534 			/* unique */
1535 			ret = 0;
1536 			break;
1537 		}
1538 
1539 		di = btrfs_lookup_dir_item(NULL, sctx->parent_root,
1540 				path, BTRFS_FIRST_FREE_OBJECTID,
1541 				tmp, strlen(tmp), 0);
1542 		btrfs_release_path(path);
1543 		if (IS_ERR(di)) {
1544 			ret = PTR_ERR(di);
1545 			goto out;
1546 		}
1547 		if (di) {
1548 			/* not unique, try again */
1549 			idx++;
1550 			continue;
1551 		}
1552 		/* unique */
1553 		break;
1554 	}
1555 
1556 	ret = fs_path_add(dest, tmp, strlen(tmp));
1557 
1558 out:
1559 	btrfs_free_path(path);
1560 	return ret;
1561 }
1562 
1563 enum inode_state {
1564 	inode_state_no_change,
1565 	inode_state_will_create,
1566 	inode_state_did_create,
1567 	inode_state_will_delete,
1568 	inode_state_did_delete,
1569 };
1570 
1571 static int get_cur_inode_state(struct send_ctx *sctx, u64 ino, u64 gen)
1572 {
1573 	int ret;
1574 	int left_ret;
1575 	int right_ret;
1576 	u64 left_gen;
1577 	u64 right_gen;
1578 
1579 	ret = get_inode_info(sctx->send_root, ino, NULL, &left_gen, NULL, NULL,
1580 			NULL, NULL);
1581 	if (ret < 0 && ret != -ENOENT)
1582 		goto out;
1583 	left_ret = ret;
1584 
1585 	if (!sctx->parent_root) {
1586 		right_ret = -ENOENT;
1587 	} else {
1588 		ret = get_inode_info(sctx->parent_root, ino, NULL, &right_gen,
1589 				NULL, NULL, NULL, NULL);
1590 		if (ret < 0 && ret != -ENOENT)
1591 			goto out;
1592 		right_ret = ret;
1593 	}
1594 
1595 	if (!left_ret && !right_ret) {
1596 		if (left_gen == gen && right_gen == gen) {
1597 			ret = inode_state_no_change;
1598 		} else if (left_gen == gen) {
1599 			if (ino < sctx->send_progress)
1600 				ret = inode_state_did_create;
1601 			else
1602 				ret = inode_state_will_create;
1603 		} else if (right_gen == gen) {
1604 			if (ino < sctx->send_progress)
1605 				ret = inode_state_did_delete;
1606 			else
1607 				ret = inode_state_will_delete;
1608 		} else  {
1609 			ret = -ENOENT;
1610 		}
1611 	} else if (!left_ret) {
1612 		if (left_gen == gen) {
1613 			if (ino < sctx->send_progress)
1614 				ret = inode_state_did_create;
1615 			else
1616 				ret = inode_state_will_create;
1617 		} else {
1618 			ret = -ENOENT;
1619 		}
1620 	} else if (!right_ret) {
1621 		if (right_gen == gen) {
1622 			if (ino < sctx->send_progress)
1623 				ret = inode_state_did_delete;
1624 			else
1625 				ret = inode_state_will_delete;
1626 		} else {
1627 			ret = -ENOENT;
1628 		}
1629 	} else {
1630 		ret = -ENOENT;
1631 	}
1632 
1633 out:
1634 	return ret;
1635 }
1636 
1637 static int is_inode_existent(struct send_ctx *sctx, u64 ino, u64 gen)
1638 {
1639 	int ret;
1640 
1641 	if (ino == BTRFS_FIRST_FREE_OBJECTID)
1642 		return 1;
1643 
1644 	ret = get_cur_inode_state(sctx, ino, gen);
1645 	if (ret < 0)
1646 		goto out;
1647 
1648 	if (ret == inode_state_no_change ||
1649 	    ret == inode_state_did_create ||
1650 	    ret == inode_state_will_delete)
1651 		ret = 1;
1652 	else
1653 		ret = 0;
1654 
1655 out:
1656 	return ret;
1657 }
1658 
1659 /*
1660  * Helper function to lookup a dir item in a dir.
1661  */
1662 static int lookup_dir_item_inode(struct btrfs_root *root,
1663 				 u64 dir, const char *name, int name_len,
1664 				 u64 *found_inode,
1665 				 u8 *found_type)
1666 {
1667 	int ret = 0;
1668 	struct btrfs_dir_item *di;
1669 	struct btrfs_key key;
1670 	struct btrfs_path *path;
1671 
1672 	path = alloc_path_for_send();
1673 	if (!path)
1674 		return -ENOMEM;
1675 
1676 	di = btrfs_lookup_dir_item(NULL, root, path,
1677 			dir, name, name_len, 0);
1678 	if (IS_ERR_OR_NULL(di)) {
1679 		ret = di ? PTR_ERR(di) : -ENOENT;
1680 		goto out;
1681 	}
1682 	btrfs_dir_item_key_to_cpu(path->nodes[0], di, &key);
1683 	if (key.type == BTRFS_ROOT_ITEM_KEY) {
1684 		ret = -ENOENT;
1685 		goto out;
1686 	}
1687 	*found_inode = key.objectid;
1688 	*found_type = btrfs_dir_type(path->nodes[0], di);
1689 
1690 out:
1691 	btrfs_free_path(path);
1692 	return ret;
1693 }
1694 
1695 /*
1696  * Looks up the first btrfs_inode_ref of a given ino. It returns the parent dir,
1697  * generation of the parent dir and the name of the dir entry.
1698  */
1699 static int get_first_ref(struct btrfs_root *root, u64 ino,
1700 			 u64 *dir, u64 *dir_gen, struct fs_path *name)
1701 {
1702 	int ret;
1703 	struct btrfs_key key;
1704 	struct btrfs_key found_key;
1705 	struct btrfs_path *path;
1706 	int len;
1707 	u64 parent_dir;
1708 
1709 	path = alloc_path_for_send();
1710 	if (!path)
1711 		return -ENOMEM;
1712 
1713 	key.objectid = ino;
1714 	key.type = BTRFS_INODE_REF_KEY;
1715 	key.offset = 0;
1716 
1717 	ret = btrfs_search_slot_for_read(root, &key, path, 1, 0);
1718 	if (ret < 0)
1719 		goto out;
1720 	if (!ret)
1721 		btrfs_item_key_to_cpu(path->nodes[0], &found_key,
1722 				path->slots[0]);
1723 	if (ret || found_key.objectid != ino ||
1724 	    (found_key.type != BTRFS_INODE_REF_KEY &&
1725 	     found_key.type != BTRFS_INODE_EXTREF_KEY)) {
1726 		ret = -ENOENT;
1727 		goto out;
1728 	}
1729 
1730 	if (found_key.type == BTRFS_INODE_REF_KEY) {
1731 		struct btrfs_inode_ref *iref;
1732 		iref = btrfs_item_ptr(path->nodes[0], path->slots[0],
1733 				      struct btrfs_inode_ref);
1734 		len = btrfs_inode_ref_name_len(path->nodes[0], iref);
1735 		ret = fs_path_add_from_extent_buffer(name, path->nodes[0],
1736 						     (unsigned long)(iref + 1),
1737 						     len);
1738 		parent_dir = found_key.offset;
1739 	} else {
1740 		struct btrfs_inode_extref *extref;
1741 		extref = btrfs_item_ptr(path->nodes[0], path->slots[0],
1742 					struct btrfs_inode_extref);
1743 		len = btrfs_inode_extref_name_len(path->nodes[0], extref);
1744 		ret = fs_path_add_from_extent_buffer(name, path->nodes[0],
1745 					(unsigned long)&extref->name, len);
1746 		parent_dir = btrfs_inode_extref_parent(path->nodes[0], extref);
1747 	}
1748 	if (ret < 0)
1749 		goto out;
1750 	btrfs_release_path(path);
1751 
1752 	if (dir_gen) {
1753 		ret = get_inode_info(root, parent_dir, NULL, dir_gen, NULL,
1754 				     NULL, NULL, NULL);
1755 		if (ret < 0)
1756 			goto out;
1757 	}
1758 
1759 	*dir = parent_dir;
1760 
1761 out:
1762 	btrfs_free_path(path);
1763 	return ret;
1764 }
1765 
1766 static int is_first_ref(struct btrfs_root *root,
1767 			u64 ino, u64 dir,
1768 			const char *name, int name_len)
1769 {
1770 	int ret;
1771 	struct fs_path *tmp_name;
1772 	u64 tmp_dir;
1773 
1774 	tmp_name = fs_path_alloc();
1775 	if (!tmp_name)
1776 		return -ENOMEM;
1777 
1778 	ret = get_first_ref(root, ino, &tmp_dir, NULL, tmp_name);
1779 	if (ret < 0)
1780 		goto out;
1781 
1782 	if (dir != tmp_dir || name_len != fs_path_len(tmp_name)) {
1783 		ret = 0;
1784 		goto out;
1785 	}
1786 
1787 	ret = !memcmp(tmp_name->start, name, name_len);
1788 
1789 out:
1790 	fs_path_free(tmp_name);
1791 	return ret;
1792 }
1793 
1794 /*
1795  * Used by process_recorded_refs to determine if a new ref would overwrite an
1796  * already existing ref. In case it detects an overwrite, it returns the
1797  * inode/gen in who_ino/who_gen.
1798  * When an overwrite is detected, process_recorded_refs does proper orphanizing
1799  * to make sure later references to the overwritten inode are possible.
1800  * Orphanizing is however only required for the first ref of an inode.
1801  * process_recorded_refs does an additional is_first_ref check to see if
1802  * orphanizing is really required.
1803  */
1804 static int will_overwrite_ref(struct send_ctx *sctx, u64 dir, u64 dir_gen,
1805 			      const char *name, int name_len,
1806 			      u64 *who_ino, u64 *who_gen, u64 *who_mode)
1807 {
1808 	int ret = 0;
1809 	u64 gen;
1810 	u64 other_inode = 0;
1811 	u8 other_type = 0;
1812 
1813 	if (!sctx->parent_root)
1814 		goto out;
1815 
1816 	ret = is_inode_existent(sctx, dir, dir_gen);
1817 	if (ret <= 0)
1818 		goto out;
1819 
1820 	/*
1821 	 * If we have a parent root we need to verify that the parent dir was
1822 	 * not deleted and then re-created, if it was then we have no overwrite
1823 	 * and we can just unlink this entry.
1824 	 */
1825 	if (sctx->parent_root && dir != BTRFS_FIRST_FREE_OBJECTID) {
1826 		ret = get_inode_info(sctx->parent_root, dir, NULL, &gen, NULL,
1827 				     NULL, NULL, NULL);
1828 		if (ret < 0 && ret != -ENOENT)
1829 			goto out;
1830 		if (ret) {
1831 			ret = 0;
1832 			goto out;
1833 		}
1834 		if (gen != dir_gen)
1835 			goto out;
1836 	}
1837 
1838 	ret = lookup_dir_item_inode(sctx->parent_root, dir, name, name_len,
1839 			&other_inode, &other_type);
1840 	if (ret < 0 && ret != -ENOENT)
1841 		goto out;
1842 	if (ret) {
1843 		ret = 0;
1844 		goto out;
1845 	}
1846 
1847 	/*
1848 	 * Check if the overwritten ref was already processed. If yes, the ref
1849 	 * was already unlinked/moved, so we can safely assume that we will not
1850 	 * overwrite anything at this point in time.
1851 	 */
1852 	if (other_inode > sctx->send_progress ||
1853 	    is_waiting_for_move(sctx, other_inode)) {
1854 		ret = get_inode_info(sctx->parent_root, other_inode, NULL,
1855 				who_gen, who_mode, NULL, NULL, NULL);
1856 		if (ret < 0)
1857 			goto out;
1858 
1859 		ret = 1;
1860 		*who_ino = other_inode;
1861 	} else {
1862 		ret = 0;
1863 	}
1864 
1865 out:
1866 	return ret;
1867 }
1868 
1869 /*
1870  * Checks if the ref was overwritten by an already processed inode. This is
1871  * used by __get_cur_name_and_parent to find out if the ref was orphanized and
1872  * thus the orphan name needs be used.
1873  * process_recorded_refs also uses it to avoid unlinking of refs that were
1874  * overwritten.
1875  */
1876 static int did_overwrite_ref(struct send_ctx *sctx,
1877 			    u64 dir, u64 dir_gen,
1878 			    u64 ino, u64 ino_gen,
1879 			    const char *name, int name_len)
1880 {
1881 	int ret = 0;
1882 	u64 gen;
1883 	u64 ow_inode;
1884 	u8 other_type;
1885 
1886 	if (!sctx->parent_root)
1887 		goto out;
1888 
1889 	ret = is_inode_existent(sctx, dir, dir_gen);
1890 	if (ret <= 0)
1891 		goto out;
1892 
1893 	if (dir != BTRFS_FIRST_FREE_OBJECTID) {
1894 		ret = get_inode_info(sctx->send_root, dir, NULL, &gen, NULL,
1895 				     NULL, NULL, NULL);
1896 		if (ret < 0 && ret != -ENOENT)
1897 			goto out;
1898 		if (ret) {
1899 			ret = 0;
1900 			goto out;
1901 		}
1902 		if (gen != dir_gen)
1903 			goto out;
1904 	}
1905 
1906 	/* check if the ref was overwritten by another ref */
1907 	ret = lookup_dir_item_inode(sctx->send_root, dir, name, name_len,
1908 			&ow_inode, &other_type);
1909 	if (ret < 0 && ret != -ENOENT)
1910 		goto out;
1911 	if (ret) {
1912 		/* was never and will never be overwritten */
1913 		ret = 0;
1914 		goto out;
1915 	}
1916 
1917 	ret = get_inode_info(sctx->send_root, ow_inode, NULL, &gen, NULL, NULL,
1918 			NULL, NULL);
1919 	if (ret < 0)
1920 		goto out;
1921 
1922 	if (ow_inode == ino && gen == ino_gen) {
1923 		ret = 0;
1924 		goto out;
1925 	}
1926 
1927 	/*
1928 	 * We know that it is or will be overwritten. Check this now.
1929 	 * The current inode being processed might have been the one that caused
1930 	 * inode 'ino' to be orphanized, therefore check if ow_inode matches
1931 	 * the current inode being processed.
1932 	 */
1933 	if ((ow_inode < sctx->send_progress) ||
1934 	    (ino != sctx->cur_ino && ow_inode == sctx->cur_ino &&
1935 	     gen == sctx->cur_inode_gen))
1936 		ret = 1;
1937 	else
1938 		ret = 0;
1939 
1940 out:
1941 	return ret;
1942 }
1943 
1944 /*
1945  * Same as did_overwrite_ref, but also checks if it is the first ref of an inode
1946  * that got overwritten. This is used by process_recorded_refs to determine
1947  * if it has to use the path as returned by get_cur_path or the orphan name.
1948  */
1949 static int did_overwrite_first_ref(struct send_ctx *sctx, u64 ino, u64 gen)
1950 {
1951 	int ret = 0;
1952 	struct fs_path *name = NULL;
1953 	u64 dir;
1954 	u64 dir_gen;
1955 
1956 	if (!sctx->parent_root)
1957 		goto out;
1958 
1959 	name = fs_path_alloc();
1960 	if (!name)
1961 		return -ENOMEM;
1962 
1963 	ret = get_first_ref(sctx->parent_root, ino, &dir, &dir_gen, name);
1964 	if (ret < 0)
1965 		goto out;
1966 
1967 	ret = did_overwrite_ref(sctx, dir, dir_gen, ino, gen,
1968 			name->start, fs_path_len(name));
1969 
1970 out:
1971 	fs_path_free(name);
1972 	return ret;
1973 }
1974 
1975 /*
1976  * Insert a name cache entry. On 32bit kernels the radix tree index is 32bit,
1977  * so we need to do some special handling in case we have clashes. This function
1978  * takes care of this with the help of name_cache_entry::radix_list.
1979  * In case of error, nce is kfreed.
1980  */
1981 static int name_cache_insert(struct send_ctx *sctx,
1982 			     struct name_cache_entry *nce)
1983 {
1984 	int ret = 0;
1985 	struct list_head *nce_head;
1986 
1987 	nce_head = radix_tree_lookup(&sctx->name_cache,
1988 			(unsigned long)nce->ino);
1989 	if (!nce_head) {
1990 		nce_head = kmalloc(sizeof(*nce_head), GFP_KERNEL);
1991 		if (!nce_head) {
1992 			kfree(nce);
1993 			return -ENOMEM;
1994 		}
1995 		INIT_LIST_HEAD(nce_head);
1996 
1997 		ret = radix_tree_insert(&sctx->name_cache, nce->ino, nce_head);
1998 		if (ret < 0) {
1999 			kfree(nce_head);
2000 			kfree(nce);
2001 			return ret;
2002 		}
2003 	}
2004 	list_add_tail(&nce->radix_list, nce_head);
2005 	list_add_tail(&nce->list, &sctx->name_cache_list);
2006 	sctx->name_cache_size++;
2007 
2008 	return ret;
2009 }
2010 
2011 static void name_cache_delete(struct send_ctx *sctx,
2012 			      struct name_cache_entry *nce)
2013 {
2014 	struct list_head *nce_head;
2015 
2016 	nce_head = radix_tree_lookup(&sctx->name_cache,
2017 			(unsigned long)nce->ino);
2018 	if (!nce_head) {
2019 		btrfs_err(sctx->send_root->fs_info,
2020 	      "name_cache_delete lookup failed ino %llu cache size %d, leaking memory",
2021 			nce->ino, sctx->name_cache_size);
2022 	}
2023 
2024 	list_del(&nce->radix_list);
2025 	list_del(&nce->list);
2026 	sctx->name_cache_size--;
2027 
2028 	/*
2029 	 * We may not get to the final release of nce_head if the lookup fails
2030 	 */
2031 	if (nce_head && list_empty(nce_head)) {
2032 		radix_tree_delete(&sctx->name_cache, (unsigned long)nce->ino);
2033 		kfree(nce_head);
2034 	}
2035 }
2036 
2037 static struct name_cache_entry *name_cache_search(struct send_ctx *sctx,
2038 						    u64 ino, u64 gen)
2039 {
2040 	struct list_head *nce_head;
2041 	struct name_cache_entry *cur;
2042 
2043 	nce_head = radix_tree_lookup(&sctx->name_cache, (unsigned long)ino);
2044 	if (!nce_head)
2045 		return NULL;
2046 
2047 	list_for_each_entry(cur, nce_head, radix_list) {
2048 		if (cur->ino == ino && cur->gen == gen)
2049 			return cur;
2050 	}
2051 	return NULL;
2052 }
2053 
2054 /*
2055  * Removes the entry from the list and adds it back to the end. This marks the
2056  * entry as recently used so that name_cache_clean_unused does not remove it.
2057  */
2058 static void name_cache_used(struct send_ctx *sctx, struct name_cache_entry *nce)
2059 {
2060 	list_del(&nce->list);
2061 	list_add_tail(&nce->list, &sctx->name_cache_list);
2062 }
2063 
2064 /*
2065  * Remove some entries from the beginning of name_cache_list.
2066  */
2067 static void name_cache_clean_unused(struct send_ctx *sctx)
2068 {
2069 	struct name_cache_entry *nce;
2070 
2071 	if (sctx->name_cache_size < SEND_CTX_NAME_CACHE_CLEAN_SIZE)
2072 		return;
2073 
2074 	while (sctx->name_cache_size > SEND_CTX_MAX_NAME_CACHE_SIZE) {
2075 		nce = list_entry(sctx->name_cache_list.next,
2076 				struct name_cache_entry, list);
2077 		name_cache_delete(sctx, nce);
2078 		kfree(nce);
2079 	}
2080 }
2081 
2082 static void name_cache_free(struct send_ctx *sctx)
2083 {
2084 	struct name_cache_entry *nce;
2085 
2086 	while (!list_empty(&sctx->name_cache_list)) {
2087 		nce = list_entry(sctx->name_cache_list.next,
2088 				struct name_cache_entry, list);
2089 		name_cache_delete(sctx, nce);
2090 		kfree(nce);
2091 	}
2092 }
2093 
2094 /*
2095  * Used by get_cur_path for each ref up to the root.
2096  * Returns 0 if it succeeded.
2097  * Returns 1 if the inode is not existent or got overwritten. In that case, the
2098  * name is an orphan name. This instructs get_cur_path to stop iterating. If 1
2099  * is returned, parent_ino/parent_gen are not guaranteed to be valid.
2100  * Returns <0 in case of error.
2101  */
2102 static int __get_cur_name_and_parent(struct send_ctx *sctx,
2103 				     u64 ino, u64 gen,
2104 				     u64 *parent_ino,
2105 				     u64 *parent_gen,
2106 				     struct fs_path *dest)
2107 {
2108 	int ret;
2109 	int nce_ret;
2110 	struct name_cache_entry *nce = NULL;
2111 
2112 	/*
2113 	 * First check if we already did a call to this function with the same
2114 	 * ino/gen. If yes, check if the cache entry is still up-to-date. If yes
2115 	 * return the cached result.
2116 	 */
2117 	nce = name_cache_search(sctx, ino, gen);
2118 	if (nce) {
2119 		if (ino < sctx->send_progress && nce->need_later_update) {
2120 			name_cache_delete(sctx, nce);
2121 			kfree(nce);
2122 			nce = NULL;
2123 		} else {
2124 			name_cache_used(sctx, nce);
2125 			*parent_ino = nce->parent_ino;
2126 			*parent_gen = nce->parent_gen;
2127 			ret = fs_path_add(dest, nce->name, nce->name_len);
2128 			if (ret < 0)
2129 				goto out;
2130 			ret = nce->ret;
2131 			goto out;
2132 		}
2133 	}
2134 
2135 	/*
2136 	 * If the inode is not existent yet, add the orphan name and return 1.
2137 	 * This should only happen for the parent dir that we determine in
2138 	 * __record_new_ref
2139 	 */
2140 	ret = is_inode_existent(sctx, ino, gen);
2141 	if (ret < 0)
2142 		goto out;
2143 
2144 	if (!ret) {
2145 		ret = gen_unique_name(sctx, ino, gen, dest);
2146 		if (ret < 0)
2147 			goto out;
2148 		ret = 1;
2149 		goto out_cache;
2150 	}
2151 
2152 	/*
2153 	 * Depending on whether the inode was already processed or not, use
2154 	 * send_root or parent_root for ref lookup.
2155 	 */
2156 	if (ino < sctx->send_progress)
2157 		ret = get_first_ref(sctx->send_root, ino,
2158 				    parent_ino, parent_gen, dest);
2159 	else
2160 		ret = get_first_ref(sctx->parent_root, ino,
2161 				    parent_ino, parent_gen, dest);
2162 	if (ret < 0)
2163 		goto out;
2164 
2165 	/*
2166 	 * Check if the ref was overwritten by an inode's ref that was processed
2167 	 * earlier. If yes, treat as orphan and return 1.
2168 	 */
2169 	ret = did_overwrite_ref(sctx, *parent_ino, *parent_gen, ino, gen,
2170 			dest->start, dest->end - dest->start);
2171 	if (ret < 0)
2172 		goto out;
2173 	if (ret) {
2174 		fs_path_reset(dest);
2175 		ret = gen_unique_name(sctx, ino, gen, dest);
2176 		if (ret < 0)
2177 			goto out;
2178 		ret = 1;
2179 	}
2180 
2181 out_cache:
2182 	/*
2183 	 * Store the result of the lookup in the name cache.
2184 	 */
2185 	nce = kmalloc(sizeof(*nce) + fs_path_len(dest) + 1, GFP_KERNEL);
2186 	if (!nce) {
2187 		ret = -ENOMEM;
2188 		goto out;
2189 	}
2190 
2191 	nce->ino = ino;
2192 	nce->gen = gen;
2193 	nce->parent_ino = *parent_ino;
2194 	nce->parent_gen = *parent_gen;
2195 	nce->name_len = fs_path_len(dest);
2196 	nce->ret = ret;
2197 	strcpy(nce->name, dest->start);
2198 
2199 	if (ino < sctx->send_progress)
2200 		nce->need_later_update = 0;
2201 	else
2202 		nce->need_later_update = 1;
2203 
2204 	nce_ret = name_cache_insert(sctx, nce);
2205 	if (nce_ret < 0)
2206 		ret = nce_ret;
2207 	name_cache_clean_unused(sctx);
2208 
2209 out:
2210 	return ret;
2211 }
2212 
2213 /*
2214  * Magic happens here. This function returns the first ref to an inode as it
2215  * would look like while receiving the stream at this point in time.
2216  * We walk the path up to the root. For every inode in between, we check if it
2217  * was already processed/sent. If yes, we continue with the parent as found
2218  * in send_root. If not, we continue with the parent as found in parent_root.
2219  * If we encounter an inode that was deleted at this point in time, we use the
2220  * inodes "orphan" name instead of the real name and stop. Same with new inodes
2221  * that were not created yet and overwritten inodes/refs.
2222  *
2223  * When do we have orphan inodes:
2224  * 1. When an inode is freshly created and thus no valid refs are available yet
2225  * 2. When a directory lost all it's refs (deleted) but still has dir items
2226  *    inside which were not processed yet (pending for move/delete). If anyone
2227  *    tried to get the path to the dir items, it would get a path inside that
2228  *    orphan directory.
2229  * 3. When an inode is moved around or gets new links, it may overwrite the ref
2230  *    of an unprocessed inode. If in that case the first ref would be
2231  *    overwritten, the overwritten inode gets "orphanized". Later when we
2232  *    process this overwritten inode, it is restored at a new place by moving
2233  *    the orphan inode.
2234  *
2235  * sctx->send_progress tells this function at which point in time receiving
2236  * would be.
2237  */
2238 static int get_cur_path(struct send_ctx *sctx, u64 ino, u64 gen,
2239 			struct fs_path *dest)
2240 {
2241 	int ret = 0;
2242 	struct fs_path *name = NULL;
2243 	u64 parent_inode = 0;
2244 	u64 parent_gen = 0;
2245 	int stop = 0;
2246 
2247 	name = fs_path_alloc();
2248 	if (!name) {
2249 		ret = -ENOMEM;
2250 		goto out;
2251 	}
2252 
2253 	dest->reversed = 1;
2254 	fs_path_reset(dest);
2255 
2256 	while (!stop && ino != BTRFS_FIRST_FREE_OBJECTID) {
2257 		struct waiting_dir_move *wdm;
2258 
2259 		fs_path_reset(name);
2260 
2261 		if (is_waiting_for_rm(sctx, ino)) {
2262 			ret = gen_unique_name(sctx, ino, gen, name);
2263 			if (ret < 0)
2264 				goto out;
2265 			ret = fs_path_add_path(dest, name);
2266 			break;
2267 		}
2268 
2269 		wdm = get_waiting_dir_move(sctx, ino);
2270 		if (wdm && wdm->orphanized) {
2271 			ret = gen_unique_name(sctx, ino, gen, name);
2272 			stop = 1;
2273 		} else if (wdm) {
2274 			ret = get_first_ref(sctx->parent_root, ino,
2275 					    &parent_inode, &parent_gen, name);
2276 		} else {
2277 			ret = __get_cur_name_and_parent(sctx, ino, gen,
2278 							&parent_inode,
2279 							&parent_gen, name);
2280 			if (ret)
2281 				stop = 1;
2282 		}
2283 
2284 		if (ret < 0)
2285 			goto out;
2286 
2287 		ret = fs_path_add_path(dest, name);
2288 		if (ret < 0)
2289 			goto out;
2290 
2291 		ino = parent_inode;
2292 		gen = parent_gen;
2293 	}
2294 
2295 out:
2296 	fs_path_free(name);
2297 	if (!ret)
2298 		fs_path_unreverse(dest);
2299 	return ret;
2300 }
2301 
2302 /*
2303  * Sends a BTRFS_SEND_C_SUBVOL command/item to userspace
2304  */
2305 static int send_subvol_begin(struct send_ctx *sctx)
2306 {
2307 	int ret;
2308 	struct btrfs_root *send_root = sctx->send_root;
2309 	struct btrfs_root *parent_root = sctx->parent_root;
2310 	struct btrfs_path *path;
2311 	struct btrfs_key key;
2312 	struct btrfs_root_ref *ref;
2313 	struct extent_buffer *leaf;
2314 	char *name = NULL;
2315 	int namelen;
2316 
2317 	path = btrfs_alloc_path();
2318 	if (!path)
2319 		return -ENOMEM;
2320 
2321 	name = kmalloc(BTRFS_PATH_NAME_MAX, GFP_KERNEL);
2322 	if (!name) {
2323 		btrfs_free_path(path);
2324 		return -ENOMEM;
2325 	}
2326 
2327 	key.objectid = send_root->root_key.objectid;
2328 	key.type = BTRFS_ROOT_BACKREF_KEY;
2329 	key.offset = 0;
2330 
2331 	ret = btrfs_search_slot_for_read(send_root->fs_info->tree_root,
2332 				&key, path, 1, 0);
2333 	if (ret < 0)
2334 		goto out;
2335 	if (ret) {
2336 		ret = -ENOENT;
2337 		goto out;
2338 	}
2339 
2340 	leaf = path->nodes[0];
2341 	btrfs_item_key_to_cpu(leaf, &key, path->slots[0]);
2342 	if (key.type != BTRFS_ROOT_BACKREF_KEY ||
2343 	    key.objectid != send_root->root_key.objectid) {
2344 		ret = -ENOENT;
2345 		goto out;
2346 	}
2347 	ref = btrfs_item_ptr(leaf, path->slots[0], struct btrfs_root_ref);
2348 	namelen = btrfs_root_ref_name_len(leaf, ref);
2349 	read_extent_buffer(leaf, name, (unsigned long)(ref + 1), namelen);
2350 	btrfs_release_path(path);
2351 
2352 	if (parent_root) {
2353 		ret = begin_cmd(sctx, BTRFS_SEND_C_SNAPSHOT);
2354 		if (ret < 0)
2355 			goto out;
2356 	} else {
2357 		ret = begin_cmd(sctx, BTRFS_SEND_C_SUBVOL);
2358 		if (ret < 0)
2359 			goto out;
2360 	}
2361 
2362 	TLV_PUT_STRING(sctx, BTRFS_SEND_A_PATH, name, namelen);
2363 
2364 	if (!btrfs_is_empty_uuid(sctx->send_root->root_item.received_uuid))
2365 		TLV_PUT_UUID(sctx, BTRFS_SEND_A_UUID,
2366 			    sctx->send_root->root_item.received_uuid);
2367 	else
2368 		TLV_PUT_UUID(sctx, BTRFS_SEND_A_UUID,
2369 			    sctx->send_root->root_item.uuid);
2370 
2371 	TLV_PUT_U64(sctx, BTRFS_SEND_A_CTRANSID,
2372 		    le64_to_cpu(sctx->send_root->root_item.ctransid));
2373 	if (parent_root) {
2374 		if (!btrfs_is_empty_uuid(parent_root->root_item.received_uuid))
2375 			TLV_PUT_UUID(sctx, BTRFS_SEND_A_CLONE_UUID,
2376 				     parent_root->root_item.received_uuid);
2377 		else
2378 			TLV_PUT_UUID(sctx, BTRFS_SEND_A_CLONE_UUID,
2379 				     parent_root->root_item.uuid);
2380 		TLV_PUT_U64(sctx, BTRFS_SEND_A_CLONE_CTRANSID,
2381 			    le64_to_cpu(sctx->parent_root->root_item.ctransid));
2382 	}
2383 
2384 	ret = send_cmd(sctx);
2385 
2386 tlv_put_failure:
2387 out:
2388 	btrfs_free_path(path);
2389 	kfree(name);
2390 	return ret;
2391 }
2392 
2393 static int send_truncate(struct send_ctx *sctx, u64 ino, u64 gen, u64 size)
2394 {
2395 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
2396 	int ret = 0;
2397 	struct fs_path *p;
2398 
2399 	btrfs_debug(fs_info, "send_truncate %llu size=%llu", ino, size);
2400 
2401 	p = fs_path_alloc();
2402 	if (!p)
2403 		return -ENOMEM;
2404 
2405 	ret = begin_cmd(sctx, BTRFS_SEND_C_TRUNCATE);
2406 	if (ret < 0)
2407 		goto out;
2408 
2409 	ret = get_cur_path(sctx, ino, gen, p);
2410 	if (ret < 0)
2411 		goto out;
2412 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, p);
2413 	TLV_PUT_U64(sctx, BTRFS_SEND_A_SIZE, size);
2414 
2415 	ret = send_cmd(sctx);
2416 
2417 tlv_put_failure:
2418 out:
2419 	fs_path_free(p);
2420 	return ret;
2421 }
2422 
2423 static int send_chmod(struct send_ctx *sctx, u64 ino, u64 gen, u64 mode)
2424 {
2425 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
2426 	int ret = 0;
2427 	struct fs_path *p;
2428 
2429 	btrfs_debug(fs_info, "send_chmod %llu mode=%llu", ino, mode);
2430 
2431 	p = fs_path_alloc();
2432 	if (!p)
2433 		return -ENOMEM;
2434 
2435 	ret = begin_cmd(sctx, BTRFS_SEND_C_CHMOD);
2436 	if (ret < 0)
2437 		goto out;
2438 
2439 	ret = get_cur_path(sctx, ino, gen, p);
2440 	if (ret < 0)
2441 		goto out;
2442 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, p);
2443 	TLV_PUT_U64(sctx, BTRFS_SEND_A_MODE, mode & 07777);
2444 
2445 	ret = send_cmd(sctx);
2446 
2447 tlv_put_failure:
2448 out:
2449 	fs_path_free(p);
2450 	return ret;
2451 }
2452 
2453 static int send_chown(struct send_ctx *sctx, u64 ino, u64 gen, u64 uid, u64 gid)
2454 {
2455 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
2456 	int ret = 0;
2457 	struct fs_path *p;
2458 
2459 	btrfs_debug(fs_info, "send_chown %llu uid=%llu, gid=%llu",
2460 		    ino, uid, gid);
2461 
2462 	p = fs_path_alloc();
2463 	if (!p)
2464 		return -ENOMEM;
2465 
2466 	ret = begin_cmd(sctx, BTRFS_SEND_C_CHOWN);
2467 	if (ret < 0)
2468 		goto out;
2469 
2470 	ret = get_cur_path(sctx, ino, gen, p);
2471 	if (ret < 0)
2472 		goto out;
2473 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, p);
2474 	TLV_PUT_U64(sctx, BTRFS_SEND_A_UID, uid);
2475 	TLV_PUT_U64(sctx, BTRFS_SEND_A_GID, gid);
2476 
2477 	ret = send_cmd(sctx);
2478 
2479 tlv_put_failure:
2480 out:
2481 	fs_path_free(p);
2482 	return ret;
2483 }
2484 
2485 static int send_utimes(struct send_ctx *sctx, u64 ino, u64 gen)
2486 {
2487 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
2488 	int ret = 0;
2489 	struct fs_path *p = NULL;
2490 	struct btrfs_inode_item *ii;
2491 	struct btrfs_path *path = NULL;
2492 	struct extent_buffer *eb;
2493 	struct btrfs_key key;
2494 	int slot;
2495 
2496 	btrfs_debug(fs_info, "send_utimes %llu", ino);
2497 
2498 	p = fs_path_alloc();
2499 	if (!p)
2500 		return -ENOMEM;
2501 
2502 	path = alloc_path_for_send();
2503 	if (!path) {
2504 		ret = -ENOMEM;
2505 		goto out;
2506 	}
2507 
2508 	key.objectid = ino;
2509 	key.type = BTRFS_INODE_ITEM_KEY;
2510 	key.offset = 0;
2511 	ret = btrfs_search_slot(NULL, sctx->send_root, &key, path, 0, 0);
2512 	if (ret > 0)
2513 		ret = -ENOENT;
2514 	if (ret < 0)
2515 		goto out;
2516 
2517 	eb = path->nodes[0];
2518 	slot = path->slots[0];
2519 	ii = btrfs_item_ptr(eb, slot, struct btrfs_inode_item);
2520 
2521 	ret = begin_cmd(sctx, BTRFS_SEND_C_UTIMES);
2522 	if (ret < 0)
2523 		goto out;
2524 
2525 	ret = get_cur_path(sctx, ino, gen, p);
2526 	if (ret < 0)
2527 		goto out;
2528 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, p);
2529 	TLV_PUT_BTRFS_TIMESPEC(sctx, BTRFS_SEND_A_ATIME, eb, &ii->atime);
2530 	TLV_PUT_BTRFS_TIMESPEC(sctx, BTRFS_SEND_A_MTIME, eb, &ii->mtime);
2531 	TLV_PUT_BTRFS_TIMESPEC(sctx, BTRFS_SEND_A_CTIME, eb, &ii->ctime);
2532 	/* TODO Add otime support when the otime patches get into upstream */
2533 
2534 	ret = send_cmd(sctx);
2535 
2536 tlv_put_failure:
2537 out:
2538 	fs_path_free(p);
2539 	btrfs_free_path(path);
2540 	return ret;
2541 }
2542 
2543 /*
2544  * Sends a BTRFS_SEND_C_MKXXX or SYMLINK command to user space. We don't have
2545  * a valid path yet because we did not process the refs yet. So, the inode
2546  * is created as orphan.
2547  */
2548 static int send_create_inode(struct send_ctx *sctx, u64 ino)
2549 {
2550 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
2551 	int ret = 0;
2552 	struct fs_path *p;
2553 	int cmd;
2554 	u64 gen;
2555 	u64 mode;
2556 	u64 rdev;
2557 
2558 	btrfs_debug(fs_info, "send_create_inode %llu", ino);
2559 
2560 	p = fs_path_alloc();
2561 	if (!p)
2562 		return -ENOMEM;
2563 
2564 	if (ino != sctx->cur_ino) {
2565 		ret = get_inode_info(sctx->send_root, ino, NULL, &gen, &mode,
2566 				     NULL, NULL, &rdev);
2567 		if (ret < 0)
2568 			goto out;
2569 	} else {
2570 		gen = sctx->cur_inode_gen;
2571 		mode = sctx->cur_inode_mode;
2572 		rdev = sctx->cur_inode_rdev;
2573 	}
2574 
2575 	if (S_ISREG(mode)) {
2576 		cmd = BTRFS_SEND_C_MKFILE;
2577 	} else if (S_ISDIR(mode)) {
2578 		cmd = BTRFS_SEND_C_MKDIR;
2579 	} else if (S_ISLNK(mode)) {
2580 		cmd = BTRFS_SEND_C_SYMLINK;
2581 	} else if (S_ISCHR(mode) || S_ISBLK(mode)) {
2582 		cmd = BTRFS_SEND_C_MKNOD;
2583 	} else if (S_ISFIFO(mode)) {
2584 		cmd = BTRFS_SEND_C_MKFIFO;
2585 	} else if (S_ISSOCK(mode)) {
2586 		cmd = BTRFS_SEND_C_MKSOCK;
2587 	} else {
2588 		btrfs_warn(sctx->send_root->fs_info, "unexpected inode type %o",
2589 				(int)(mode & S_IFMT));
2590 		ret = -EOPNOTSUPP;
2591 		goto out;
2592 	}
2593 
2594 	ret = begin_cmd(sctx, cmd);
2595 	if (ret < 0)
2596 		goto out;
2597 
2598 	ret = gen_unique_name(sctx, ino, gen, p);
2599 	if (ret < 0)
2600 		goto out;
2601 
2602 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, p);
2603 	TLV_PUT_U64(sctx, BTRFS_SEND_A_INO, ino);
2604 
2605 	if (S_ISLNK(mode)) {
2606 		fs_path_reset(p);
2607 		ret = read_symlink(sctx->send_root, ino, p);
2608 		if (ret < 0)
2609 			goto out;
2610 		TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH_LINK, p);
2611 	} else if (S_ISCHR(mode) || S_ISBLK(mode) ||
2612 		   S_ISFIFO(mode) || S_ISSOCK(mode)) {
2613 		TLV_PUT_U64(sctx, BTRFS_SEND_A_RDEV, new_encode_dev(rdev));
2614 		TLV_PUT_U64(sctx, BTRFS_SEND_A_MODE, mode);
2615 	}
2616 
2617 	ret = send_cmd(sctx);
2618 	if (ret < 0)
2619 		goto out;
2620 
2621 
2622 tlv_put_failure:
2623 out:
2624 	fs_path_free(p);
2625 	return ret;
2626 }
2627 
2628 /*
2629  * We need some special handling for inodes that get processed before the parent
2630  * directory got created. See process_recorded_refs for details.
2631  * This function does the check if we already created the dir out of order.
2632  */
2633 static int did_create_dir(struct send_ctx *sctx, u64 dir)
2634 {
2635 	int ret = 0;
2636 	struct btrfs_path *path = NULL;
2637 	struct btrfs_key key;
2638 	struct btrfs_key found_key;
2639 	struct btrfs_key di_key;
2640 	struct extent_buffer *eb;
2641 	struct btrfs_dir_item *di;
2642 	int slot;
2643 
2644 	path = alloc_path_for_send();
2645 	if (!path) {
2646 		ret = -ENOMEM;
2647 		goto out;
2648 	}
2649 
2650 	key.objectid = dir;
2651 	key.type = BTRFS_DIR_INDEX_KEY;
2652 	key.offset = 0;
2653 	ret = btrfs_search_slot(NULL, sctx->send_root, &key, path, 0, 0);
2654 	if (ret < 0)
2655 		goto out;
2656 
2657 	while (1) {
2658 		eb = path->nodes[0];
2659 		slot = path->slots[0];
2660 		if (slot >= btrfs_header_nritems(eb)) {
2661 			ret = btrfs_next_leaf(sctx->send_root, path);
2662 			if (ret < 0) {
2663 				goto out;
2664 			} else if (ret > 0) {
2665 				ret = 0;
2666 				break;
2667 			}
2668 			continue;
2669 		}
2670 
2671 		btrfs_item_key_to_cpu(eb, &found_key, slot);
2672 		if (found_key.objectid != key.objectid ||
2673 		    found_key.type != key.type) {
2674 			ret = 0;
2675 			goto out;
2676 		}
2677 
2678 		di = btrfs_item_ptr(eb, slot, struct btrfs_dir_item);
2679 		btrfs_dir_item_key_to_cpu(eb, di, &di_key);
2680 
2681 		if (di_key.type != BTRFS_ROOT_ITEM_KEY &&
2682 		    di_key.objectid < sctx->send_progress) {
2683 			ret = 1;
2684 			goto out;
2685 		}
2686 
2687 		path->slots[0]++;
2688 	}
2689 
2690 out:
2691 	btrfs_free_path(path);
2692 	return ret;
2693 }
2694 
2695 /*
2696  * Only creates the inode if it is:
2697  * 1. Not a directory
2698  * 2. Or a directory which was not created already due to out of order
2699  *    directories. See did_create_dir and process_recorded_refs for details.
2700  */
2701 static int send_create_inode_if_needed(struct send_ctx *sctx)
2702 {
2703 	int ret;
2704 
2705 	if (S_ISDIR(sctx->cur_inode_mode)) {
2706 		ret = did_create_dir(sctx, sctx->cur_ino);
2707 		if (ret < 0)
2708 			goto out;
2709 		if (ret) {
2710 			ret = 0;
2711 			goto out;
2712 		}
2713 	}
2714 
2715 	ret = send_create_inode(sctx, sctx->cur_ino);
2716 	if (ret < 0)
2717 		goto out;
2718 
2719 out:
2720 	return ret;
2721 }
2722 
2723 struct recorded_ref {
2724 	struct list_head list;
2725 	char *name;
2726 	struct fs_path *full_path;
2727 	u64 dir;
2728 	u64 dir_gen;
2729 	int name_len;
2730 };
2731 
2732 static void set_ref_path(struct recorded_ref *ref, struct fs_path *path)
2733 {
2734 	ref->full_path = path;
2735 	ref->name = (char *)kbasename(ref->full_path->start);
2736 	ref->name_len = ref->full_path->end - ref->name;
2737 }
2738 
2739 /*
2740  * We need to process new refs before deleted refs, but compare_tree gives us
2741  * everything mixed. So we first record all refs and later process them.
2742  * This function is a helper to record one ref.
2743  */
2744 static int __record_ref(struct list_head *head, u64 dir,
2745 		      u64 dir_gen, struct fs_path *path)
2746 {
2747 	struct recorded_ref *ref;
2748 
2749 	ref = kmalloc(sizeof(*ref), GFP_KERNEL);
2750 	if (!ref)
2751 		return -ENOMEM;
2752 
2753 	ref->dir = dir;
2754 	ref->dir_gen = dir_gen;
2755 	set_ref_path(ref, path);
2756 	list_add_tail(&ref->list, head);
2757 	return 0;
2758 }
2759 
2760 static int dup_ref(struct recorded_ref *ref, struct list_head *list)
2761 {
2762 	struct recorded_ref *new;
2763 
2764 	new = kmalloc(sizeof(*ref), GFP_KERNEL);
2765 	if (!new)
2766 		return -ENOMEM;
2767 
2768 	new->dir = ref->dir;
2769 	new->dir_gen = ref->dir_gen;
2770 	new->full_path = NULL;
2771 	INIT_LIST_HEAD(&new->list);
2772 	list_add_tail(&new->list, list);
2773 	return 0;
2774 }
2775 
2776 static void __free_recorded_refs(struct list_head *head)
2777 {
2778 	struct recorded_ref *cur;
2779 
2780 	while (!list_empty(head)) {
2781 		cur = list_entry(head->next, struct recorded_ref, list);
2782 		fs_path_free(cur->full_path);
2783 		list_del(&cur->list);
2784 		kfree(cur);
2785 	}
2786 }
2787 
2788 static void free_recorded_refs(struct send_ctx *sctx)
2789 {
2790 	__free_recorded_refs(&sctx->new_refs);
2791 	__free_recorded_refs(&sctx->deleted_refs);
2792 }
2793 
2794 /*
2795  * Renames/moves a file/dir to its orphan name. Used when the first
2796  * ref of an unprocessed inode gets overwritten and for all non empty
2797  * directories.
2798  */
2799 static int orphanize_inode(struct send_ctx *sctx, u64 ino, u64 gen,
2800 			  struct fs_path *path)
2801 {
2802 	int ret;
2803 	struct fs_path *orphan;
2804 
2805 	orphan = fs_path_alloc();
2806 	if (!orphan)
2807 		return -ENOMEM;
2808 
2809 	ret = gen_unique_name(sctx, ino, gen, orphan);
2810 	if (ret < 0)
2811 		goto out;
2812 
2813 	ret = send_rename(sctx, path, orphan);
2814 
2815 out:
2816 	fs_path_free(orphan);
2817 	return ret;
2818 }
2819 
2820 static struct orphan_dir_info *
2821 add_orphan_dir_info(struct send_ctx *sctx, u64 dir_ino)
2822 {
2823 	struct rb_node **p = &sctx->orphan_dirs.rb_node;
2824 	struct rb_node *parent = NULL;
2825 	struct orphan_dir_info *entry, *odi;
2826 
2827 	while (*p) {
2828 		parent = *p;
2829 		entry = rb_entry(parent, struct orphan_dir_info, node);
2830 		if (dir_ino < entry->ino) {
2831 			p = &(*p)->rb_left;
2832 		} else if (dir_ino > entry->ino) {
2833 			p = &(*p)->rb_right;
2834 		} else {
2835 			return entry;
2836 		}
2837 	}
2838 
2839 	odi = kmalloc(sizeof(*odi), GFP_KERNEL);
2840 	if (!odi)
2841 		return ERR_PTR(-ENOMEM);
2842 	odi->ino = dir_ino;
2843 	odi->gen = 0;
2844 	odi->last_dir_index_offset = 0;
2845 
2846 	rb_link_node(&odi->node, parent, p);
2847 	rb_insert_color(&odi->node, &sctx->orphan_dirs);
2848 	return odi;
2849 }
2850 
2851 static struct orphan_dir_info *
2852 get_orphan_dir_info(struct send_ctx *sctx, u64 dir_ino)
2853 {
2854 	struct rb_node *n = sctx->orphan_dirs.rb_node;
2855 	struct orphan_dir_info *entry;
2856 
2857 	while (n) {
2858 		entry = rb_entry(n, struct orphan_dir_info, node);
2859 		if (dir_ino < entry->ino)
2860 			n = n->rb_left;
2861 		else if (dir_ino > entry->ino)
2862 			n = n->rb_right;
2863 		else
2864 			return entry;
2865 	}
2866 	return NULL;
2867 }
2868 
2869 static int is_waiting_for_rm(struct send_ctx *sctx, u64 dir_ino)
2870 {
2871 	struct orphan_dir_info *odi = get_orphan_dir_info(sctx, dir_ino);
2872 
2873 	return odi != NULL;
2874 }
2875 
2876 static void free_orphan_dir_info(struct send_ctx *sctx,
2877 				 struct orphan_dir_info *odi)
2878 {
2879 	if (!odi)
2880 		return;
2881 	rb_erase(&odi->node, &sctx->orphan_dirs);
2882 	kfree(odi);
2883 }
2884 
2885 /*
2886  * Returns 1 if a directory can be removed at this point in time.
2887  * We check this by iterating all dir items and checking if the inode behind
2888  * the dir item was already processed.
2889  */
2890 static int can_rmdir(struct send_ctx *sctx, u64 dir, u64 dir_gen,
2891 		     u64 send_progress)
2892 {
2893 	int ret = 0;
2894 	struct btrfs_root *root = sctx->parent_root;
2895 	struct btrfs_path *path;
2896 	struct btrfs_key key;
2897 	struct btrfs_key found_key;
2898 	struct btrfs_key loc;
2899 	struct btrfs_dir_item *di;
2900 	struct orphan_dir_info *odi = NULL;
2901 
2902 	/*
2903 	 * Don't try to rmdir the top/root subvolume dir.
2904 	 */
2905 	if (dir == BTRFS_FIRST_FREE_OBJECTID)
2906 		return 0;
2907 
2908 	path = alloc_path_for_send();
2909 	if (!path)
2910 		return -ENOMEM;
2911 
2912 	key.objectid = dir;
2913 	key.type = BTRFS_DIR_INDEX_KEY;
2914 	key.offset = 0;
2915 
2916 	odi = get_orphan_dir_info(sctx, dir);
2917 	if (odi)
2918 		key.offset = odi->last_dir_index_offset;
2919 
2920 	ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
2921 	if (ret < 0)
2922 		goto out;
2923 
2924 	while (1) {
2925 		struct waiting_dir_move *dm;
2926 
2927 		if (path->slots[0] >= btrfs_header_nritems(path->nodes[0])) {
2928 			ret = btrfs_next_leaf(root, path);
2929 			if (ret < 0)
2930 				goto out;
2931 			else if (ret > 0)
2932 				break;
2933 			continue;
2934 		}
2935 		btrfs_item_key_to_cpu(path->nodes[0], &found_key,
2936 				      path->slots[0]);
2937 		if (found_key.objectid != key.objectid ||
2938 		    found_key.type != key.type)
2939 			break;
2940 
2941 		di = btrfs_item_ptr(path->nodes[0], path->slots[0],
2942 				struct btrfs_dir_item);
2943 		btrfs_dir_item_key_to_cpu(path->nodes[0], di, &loc);
2944 
2945 		dm = get_waiting_dir_move(sctx, loc.objectid);
2946 		if (dm) {
2947 			odi = add_orphan_dir_info(sctx, dir);
2948 			if (IS_ERR(odi)) {
2949 				ret = PTR_ERR(odi);
2950 				goto out;
2951 			}
2952 			odi->gen = dir_gen;
2953 			odi->last_dir_index_offset = found_key.offset;
2954 			dm->rmdir_ino = dir;
2955 			ret = 0;
2956 			goto out;
2957 		}
2958 
2959 		if (loc.objectid > send_progress) {
2960 			odi = add_orphan_dir_info(sctx, dir);
2961 			if (IS_ERR(odi)) {
2962 				ret = PTR_ERR(odi);
2963 				goto out;
2964 			}
2965 			odi->gen = dir_gen;
2966 			odi->last_dir_index_offset = found_key.offset;
2967 			ret = 0;
2968 			goto out;
2969 		}
2970 
2971 		path->slots[0]++;
2972 	}
2973 	free_orphan_dir_info(sctx, odi);
2974 
2975 	ret = 1;
2976 
2977 out:
2978 	btrfs_free_path(path);
2979 	return ret;
2980 }
2981 
2982 static int is_waiting_for_move(struct send_ctx *sctx, u64 ino)
2983 {
2984 	struct waiting_dir_move *entry = get_waiting_dir_move(sctx, ino);
2985 
2986 	return entry != NULL;
2987 }
2988 
2989 static int add_waiting_dir_move(struct send_ctx *sctx, u64 ino, bool orphanized)
2990 {
2991 	struct rb_node **p = &sctx->waiting_dir_moves.rb_node;
2992 	struct rb_node *parent = NULL;
2993 	struct waiting_dir_move *entry, *dm;
2994 
2995 	dm = kmalloc(sizeof(*dm), GFP_KERNEL);
2996 	if (!dm)
2997 		return -ENOMEM;
2998 	dm->ino = ino;
2999 	dm->rmdir_ino = 0;
3000 	dm->orphanized = orphanized;
3001 
3002 	while (*p) {
3003 		parent = *p;
3004 		entry = rb_entry(parent, struct waiting_dir_move, node);
3005 		if (ino < entry->ino) {
3006 			p = &(*p)->rb_left;
3007 		} else if (ino > entry->ino) {
3008 			p = &(*p)->rb_right;
3009 		} else {
3010 			kfree(dm);
3011 			return -EEXIST;
3012 		}
3013 	}
3014 
3015 	rb_link_node(&dm->node, parent, p);
3016 	rb_insert_color(&dm->node, &sctx->waiting_dir_moves);
3017 	return 0;
3018 }
3019 
3020 static struct waiting_dir_move *
3021 get_waiting_dir_move(struct send_ctx *sctx, u64 ino)
3022 {
3023 	struct rb_node *n = sctx->waiting_dir_moves.rb_node;
3024 	struct waiting_dir_move *entry;
3025 
3026 	while (n) {
3027 		entry = rb_entry(n, struct waiting_dir_move, node);
3028 		if (ino < entry->ino)
3029 			n = n->rb_left;
3030 		else if (ino > entry->ino)
3031 			n = n->rb_right;
3032 		else
3033 			return entry;
3034 	}
3035 	return NULL;
3036 }
3037 
3038 static void free_waiting_dir_move(struct send_ctx *sctx,
3039 				  struct waiting_dir_move *dm)
3040 {
3041 	if (!dm)
3042 		return;
3043 	rb_erase(&dm->node, &sctx->waiting_dir_moves);
3044 	kfree(dm);
3045 }
3046 
3047 static int add_pending_dir_move(struct send_ctx *sctx,
3048 				u64 ino,
3049 				u64 ino_gen,
3050 				u64 parent_ino,
3051 				struct list_head *new_refs,
3052 				struct list_head *deleted_refs,
3053 				const bool is_orphan)
3054 {
3055 	struct rb_node **p = &sctx->pending_dir_moves.rb_node;
3056 	struct rb_node *parent = NULL;
3057 	struct pending_dir_move *entry = NULL, *pm;
3058 	struct recorded_ref *cur;
3059 	int exists = 0;
3060 	int ret;
3061 
3062 	pm = kmalloc(sizeof(*pm), GFP_KERNEL);
3063 	if (!pm)
3064 		return -ENOMEM;
3065 	pm->parent_ino = parent_ino;
3066 	pm->ino = ino;
3067 	pm->gen = ino_gen;
3068 	INIT_LIST_HEAD(&pm->list);
3069 	INIT_LIST_HEAD(&pm->update_refs);
3070 	RB_CLEAR_NODE(&pm->node);
3071 
3072 	while (*p) {
3073 		parent = *p;
3074 		entry = rb_entry(parent, struct pending_dir_move, node);
3075 		if (parent_ino < entry->parent_ino) {
3076 			p = &(*p)->rb_left;
3077 		} else if (parent_ino > entry->parent_ino) {
3078 			p = &(*p)->rb_right;
3079 		} else {
3080 			exists = 1;
3081 			break;
3082 		}
3083 	}
3084 
3085 	list_for_each_entry(cur, deleted_refs, list) {
3086 		ret = dup_ref(cur, &pm->update_refs);
3087 		if (ret < 0)
3088 			goto out;
3089 	}
3090 	list_for_each_entry(cur, new_refs, list) {
3091 		ret = dup_ref(cur, &pm->update_refs);
3092 		if (ret < 0)
3093 			goto out;
3094 	}
3095 
3096 	ret = add_waiting_dir_move(sctx, pm->ino, is_orphan);
3097 	if (ret)
3098 		goto out;
3099 
3100 	if (exists) {
3101 		list_add_tail(&pm->list, &entry->list);
3102 	} else {
3103 		rb_link_node(&pm->node, parent, p);
3104 		rb_insert_color(&pm->node, &sctx->pending_dir_moves);
3105 	}
3106 	ret = 0;
3107 out:
3108 	if (ret) {
3109 		__free_recorded_refs(&pm->update_refs);
3110 		kfree(pm);
3111 	}
3112 	return ret;
3113 }
3114 
3115 static struct pending_dir_move *get_pending_dir_moves(struct send_ctx *sctx,
3116 						      u64 parent_ino)
3117 {
3118 	struct rb_node *n = sctx->pending_dir_moves.rb_node;
3119 	struct pending_dir_move *entry;
3120 
3121 	while (n) {
3122 		entry = rb_entry(n, struct pending_dir_move, node);
3123 		if (parent_ino < entry->parent_ino)
3124 			n = n->rb_left;
3125 		else if (parent_ino > entry->parent_ino)
3126 			n = n->rb_right;
3127 		else
3128 			return entry;
3129 	}
3130 	return NULL;
3131 }
3132 
3133 static int path_loop(struct send_ctx *sctx, struct fs_path *name,
3134 		     u64 ino, u64 gen, u64 *ancestor_ino)
3135 {
3136 	int ret = 0;
3137 	u64 parent_inode = 0;
3138 	u64 parent_gen = 0;
3139 	u64 start_ino = ino;
3140 
3141 	*ancestor_ino = 0;
3142 	while (ino != BTRFS_FIRST_FREE_OBJECTID) {
3143 		fs_path_reset(name);
3144 
3145 		if (is_waiting_for_rm(sctx, ino))
3146 			break;
3147 		if (is_waiting_for_move(sctx, ino)) {
3148 			if (*ancestor_ino == 0)
3149 				*ancestor_ino = ino;
3150 			ret = get_first_ref(sctx->parent_root, ino,
3151 					    &parent_inode, &parent_gen, name);
3152 		} else {
3153 			ret = __get_cur_name_and_parent(sctx, ino, gen,
3154 							&parent_inode,
3155 							&parent_gen, name);
3156 			if (ret > 0) {
3157 				ret = 0;
3158 				break;
3159 			}
3160 		}
3161 		if (ret < 0)
3162 			break;
3163 		if (parent_inode == start_ino) {
3164 			ret = 1;
3165 			if (*ancestor_ino == 0)
3166 				*ancestor_ino = ino;
3167 			break;
3168 		}
3169 		ino = parent_inode;
3170 		gen = parent_gen;
3171 	}
3172 	return ret;
3173 }
3174 
3175 static int apply_dir_move(struct send_ctx *sctx, struct pending_dir_move *pm)
3176 {
3177 	struct fs_path *from_path = NULL;
3178 	struct fs_path *to_path = NULL;
3179 	struct fs_path *name = NULL;
3180 	u64 orig_progress = sctx->send_progress;
3181 	struct recorded_ref *cur;
3182 	u64 parent_ino, parent_gen;
3183 	struct waiting_dir_move *dm = NULL;
3184 	u64 rmdir_ino = 0;
3185 	u64 ancestor;
3186 	bool is_orphan;
3187 	int ret;
3188 
3189 	name = fs_path_alloc();
3190 	from_path = fs_path_alloc();
3191 	if (!name || !from_path) {
3192 		ret = -ENOMEM;
3193 		goto out;
3194 	}
3195 
3196 	dm = get_waiting_dir_move(sctx, pm->ino);
3197 	ASSERT(dm);
3198 	rmdir_ino = dm->rmdir_ino;
3199 	is_orphan = dm->orphanized;
3200 	free_waiting_dir_move(sctx, dm);
3201 
3202 	if (is_orphan) {
3203 		ret = gen_unique_name(sctx, pm->ino,
3204 				      pm->gen, from_path);
3205 	} else {
3206 		ret = get_first_ref(sctx->parent_root, pm->ino,
3207 				    &parent_ino, &parent_gen, name);
3208 		if (ret < 0)
3209 			goto out;
3210 		ret = get_cur_path(sctx, parent_ino, parent_gen,
3211 				   from_path);
3212 		if (ret < 0)
3213 			goto out;
3214 		ret = fs_path_add_path(from_path, name);
3215 	}
3216 	if (ret < 0)
3217 		goto out;
3218 
3219 	sctx->send_progress = sctx->cur_ino + 1;
3220 	ret = path_loop(sctx, name, pm->ino, pm->gen, &ancestor);
3221 	if (ret < 0)
3222 		goto out;
3223 	if (ret) {
3224 		LIST_HEAD(deleted_refs);
3225 		ASSERT(ancestor > BTRFS_FIRST_FREE_OBJECTID);
3226 		ret = add_pending_dir_move(sctx, pm->ino, pm->gen, ancestor,
3227 					   &pm->update_refs, &deleted_refs,
3228 					   is_orphan);
3229 		if (ret < 0)
3230 			goto out;
3231 		if (rmdir_ino) {
3232 			dm = get_waiting_dir_move(sctx, pm->ino);
3233 			ASSERT(dm);
3234 			dm->rmdir_ino = rmdir_ino;
3235 		}
3236 		goto out;
3237 	}
3238 	fs_path_reset(name);
3239 	to_path = name;
3240 	name = NULL;
3241 	ret = get_cur_path(sctx, pm->ino, pm->gen, to_path);
3242 	if (ret < 0)
3243 		goto out;
3244 
3245 	ret = send_rename(sctx, from_path, to_path);
3246 	if (ret < 0)
3247 		goto out;
3248 
3249 	if (rmdir_ino) {
3250 		struct orphan_dir_info *odi;
3251 		u64 gen;
3252 
3253 		odi = get_orphan_dir_info(sctx, rmdir_ino);
3254 		if (!odi) {
3255 			/* already deleted */
3256 			goto finish;
3257 		}
3258 		gen = odi->gen;
3259 
3260 		ret = can_rmdir(sctx, rmdir_ino, gen, sctx->cur_ino);
3261 		if (ret < 0)
3262 			goto out;
3263 		if (!ret)
3264 			goto finish;
3265 
3266 		name = fs_path_alloc();
3267 		if (!name) {
3268 			ret = -ENOMEM;
3269 			goto out;
3270 		}
3271 		ret = get_cur_path(sctx, rmdir_ino, gen, name);
3272 		if (ret < 0)
3273 			goto out;
3274 		ret = send_rmdir(sctx, name);
3275 		if (ret < 0)
3276 			goto out;
3277 	}
3278 
3279 finish:
3280 	ret = send_utimes(sctx, pm->ino, pm->gen);
3281 	if (ret < 0)
3282 		goto out;
3283 
3284 	/*
3285 	 * After rename/move, need to update the utimes of both new parent(s)
3286 	 * and old parent(s).
3287 	 */
3288 	list_for_each_entry(cur, &pm->update_refs, list) {
3289 		/*
3290 		 * The parent inode might have been deleted in the send snapshot
3291 		 */
3292 		ret = get_inode_info(sctx->send_root, cur->dir, NULL,
3293 				     NULL, NULL, NULL, NULL, NULL);
3294 		if (ret == -ENOENT) {
3295 			ret = 0;
3296 			continue;
3297 		}
3298 		if (ret < 0)
3299 			goto out;
3300 
3301 		ret = send_utimes(sctx, cur->dir, cur->dir_gen);
3302 		if (ret < 0)
3303 			goto out;
3304 	}
3305 
3306 out:
3307 	fs_path_free(name);
3308 	fs_path_free(from_path);
3309 	fs_path_free(to_path);
3310 	sctx->send_progress = orig_progress;
3311 
3312 	return ret;
3313 }
3314 
3315 static void free_pending_move(struct send_ctx *sctx, struct pending_dir_move *m)
3316 {
3317 	if (!list_empty(&m->list))
3318 		list_del(&m->list);
3319 	if (!RB_EMPTY_NODE(&m->node))
3320 		rb_erase(&m->node, &sctx->pending_dir_moves);
3321 	__free_recorded_refs(&m->update_refs);
3322 	kfree(m);
3323 }
3324 
3325 static void tail_append_pending_moves(struct send_ctx *sctx,
3326 				      struct pending_dir_move *moves,
3327 				      struct list_head *stack)
3328 {
3329 	if (list_empty(&moves->list)) {
3330 		list_add_tail(&moves->list, stack);
3331 	} else {
3332 		LIST_HEAD(list);
3333 		list_splice_init(&moves->list, &list);
3334 		list_add_tail(&moves->list, stack);
3335 		list_splice_tail(&list, stack);
3336 	}
3337 	if (!RB_EMPTY_NODE(&moves->node)) {
3338 		rb_erase(&moves->node, &sctx->pending_dir_moves);
3339 		RB_CLEAR_NODE(&moves->node);
3340 	}
3341 }
3342 
3343 static int apply_children_dir_moves(struct send_ctx *sctx)
3344 {
3345 	struct pending_dir_move *pm;
3346 	struct list_head stack;
3347 	u64 parent_ino = sctx->cur_ino;
3348 	int ret = 0;
3349 
3350 	pm = get_pending_dir_moves(sctx, parent_ino);
3351 	if (!pm)
3352 		return 0;
3353 
3354 	INIT_LIST_HEAD(&stack);
3355 	tail_append_pending_moves(sctx, pm, &stack);
3356 
3357 	while (!list_empty(&stack)) {
3358 		pm = list_first_entry(&stack, struct pending_dir_move, list);
3359 		parent_ino = pm->ino;
3360 		ret = apply_dir_move(sctx, pm);
3361 		free_pending_move(sctx, pm);
3362 		if (ret)
3363 			goto out;
3364 		pm = get_pending_dir_moves(sctx, parent_ino);
3365 		if (pm)
3366 			tail_append_pending_moves(sctx, pm, &stack);
3367 	}
3368 	return 0;
3369 
3370 out:
3371 	while (!list_empty(&stack)) {
3372 		pm = list_first_entry(&stack, struct pending_dir_move, list);
3373 		free_pending_move(sctx, pm);
3374 	}
3375 	return ret;
3376 }
3377 
3378 /*
3379  * We might need to delay a directory rename even when no ancestor directory
3380  * (in the send root) with a higher inode number than ours (sctx->cur_ino) was
3381  * renamed. This happens when we rename a directory to the old name (the name
3382  * in the parent root) of some other unrelated directory that got its rename
3383  * delayed due to some ancestor with higher number that got renamed.
3384  *
3385  * Example:
3386  *
3387  * Parent snapshot:
3388  * .                                       (ino 256)
3389  * |---- a/                                (ino 257)
3390  * |     |---- file                        (ino 260)
3391  * |
3392  * |---- b/                                (ino 258)
3393  * |---- c/                                (ino 259)
3394  *
3395  * Send snapshot:
3396  * .                                       (ino 256)
3397  * |---- a/                                (ino 258)
3398  * |---- x/                                (ino 259)
3399  *       |---- y/                          (ino 257)
3400  *             |----- file                 (ino 260)
3401  *
3402  * Here we can not rename 258 from 'b' to 'a' without the rename of inode 257
3403  * from 'a' to 'x/y' happening first, which in turn depends on the rename of
3404  * inode 259 from 'c' to 'x'. So the order of rename commands the send stream
3405  * must issue is:
3406  *
3407  * 1 - rename 259 from 'c' to 'x'
3408  * 2 - rename 257 from 'a' to 'x/y'
3409  * 3 - rename 258 from 'b' to 'a'
3410  *
3411  * Returns 1 if the rename of sctx->cur_ino needs to be delayed, 0 if it can
3412  * be done right away and < 0 on error.
3413  */
3414 static int wait_for_dest_dir_move(struct send_ctx *sctx,
3415 				  struct recorded_ref *parent_ref,
3416 				  const bool is_orphan)
3417 {
3418 	struct btrfs_fs_info *fs_info = sctx->parent_root->fs_info;
3419 	struct btrfs_path *path;
3420 	struct btrfs_key key;
3421 	struct btrfs_key di_key;
3422 	struct btrfs_dir_item *di;
3423 	u64 left_gen;
3424 	u64 right_gen;
3425 	int ret = 0;
3426 	struct waiting_dir_move *wdm;
3427 
3428 	if (RB_EMPTY_ROOT(&sctx->waiting_dir_moves))
3429 		return 0;
3430 
3431 	path = alloc_path_for_send();
3432 	if (!path)
3433 		return -ENOMEM;
3434 
3435 	key.objectid = parent_ref->dir;
3436 	key.type = BTRFS_DIR_ITEM_KEY;
3437 	key.offset = btrfs_name_hash(parent_ref->name, parent_ref->name_len);
3438 
3439 	ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0);
3440 	if (ret < 0) {
3441 		goto out;
3442 	} else if (ret > 0) {
3443 		ret = 0;
3444 		goto out;
3445 	}
3446 
3447 	di = btrfs_match_dir_item_name(fs_info, path, parent_ref->name,
3448 				       parent_ref->name_len);
3449 	if (!di) {
3450 		ret = 0;
3451 		goto out;
3452 	}
3453 	/*
3454 	 * di_key.objectid has the number of the inode that has a dentry in the
3455 	 * parent directory with the same name that sctx->cur_ino is being
3456 	 * renamed to. We need to check if that inode is in the send root as
3457 	 * well and if it is currently marked as an inode with a pending rename,
3458 	 * if it is, we need to delay the rename of sctx->cur_ino as well, so
3459 	 * that it happens after that other inode is renamed.
3460 	 */
3461 	btrfs_dir_item_key_to_cpu(path->nodes[0], di, &di_key);
3462 	if (di_key.type != BTRFS_INODE_ITEM_KEY) {
3463 		ret = 0;
3464 		goto out;
3465 	}
3466 
3467 	ret = get_inode_info(sctx->parent_root, di_key.objectid, NULL,
3468 			     &left_gen, NULL, NULL, NULL, NULL);
3469 	if (ret < 0)
3470 		goto out;
3471 	ret = get_inode_info(sctx->send_root, di_key.objectid, NULL,
3472 			     &right_gen, NULL, NULL, NULL, NULL);
3473 	if (ret < 0) {
3474 		if (ret == -ENOENT)
3475 			ret = 0;
3476 		goto out;
3477 	}
3478 
3479 	/* Different inode, no need to delay the rename of sctx->cur_ino */
3480 	if (right_gen != left_gen) {
3481 		ret = 0;
3482 		goto out;
3483 	}
3484 
3485 	wdm = get_waiting_dir_move(sctx, di_key.objectid);
3486 	if (wdm && !wdm->orphanized) {
3487 		ret = add_pending_dir_move(sctx,
3488 					   sctx->cur_ino,
3489 					   sctx->cur_inode_gen,
3490 					   di_key.objectid,
3491 					   &sctx->new_refs,
3492 					   &sctx->deleted_refs,
3493 					   is_orphan);
3494 		if (!ret)
3495 			ret = 1;
3496 	}
3497 out:
3498 	btrfs_free_path(path);
3499 	return ret;
3500 }
3501 
3502 /*
3503  * Check if inode ino2, or any of its ancestors, is inode ino1.
3504  * Return 1 if true, 0 if false and < 0 on error.
3505  */
3506 static int check_ino_in_path(struct btrfs_root *root,
3507 			     const u64 ino1,
3508 			     const u64 ino1_gen,
3509 			     const u64 ino2,
3510 			     const u64 ino2_gen,
3511 			     struct fs_path *fs_path)
3512 {
3513 	u64 ino = ino2;
3514 
3515 	if (ino1 == ino2)
3516 		return ino1_gen == ino2_gen;
3517 
3518 	while (ino > BTRFS_FIRST_FREE_OBJECTID) {
3519 		u64 parent;
3520 		u64 parent_gen;
3521 		int ret;
3522 
3523 		fs_path_reset(fs_path);
3524 		ret = get_first_ref(root, ino, &parent, &parent_gen, fs_path);
3525 		if (ret < 0)
3526 			return ret;
3527 		if (parent == ino1)
3528 			return parent_gen == ino1_gen;
3529 		ino = parent;
3530 	}
3531 	return 0;
3532 }
3533 
3534 /*
3535  * Check if ino ino1 is an ancestor of inode ino2 in the given root for any
3536  * possible path (in case ino2 is not a directory and has multiple hard links).
3537  * Return 1 if true, 0 if false and < 0 on error.
3538  */
3539 static int is_ancestor(struct btrfs_root *root,
3540 		       const u64 ino1,
3541 		       const u64 ino1_gen,
3542 		       const u64 ino2,
3543 		       struct fs_path *fs_path)
3544 {
3545 	bool free_fs_path = false;
3546 	int ret = 0;
3547 	struct btrfs_path *path = NULL;
3548 	struct btrfs_key key;
3549 
3550 	if (!fs_path) {
3551 		fs_path = fs_path_alloc();
3552 		if (!fs_path)
3553 			return -ENOMEM;
3554 		free_fs_path = true;
3555 	}
3556 
3557 	path = alloc_path_for_send();
3558 	if (!path) {
3559 		ret = -ENOMEM;
3560 		goto out;
3561 	}
3562 
3563 	key.objectid = ino2;
3564 	key.type = BTRFS_INODE_REF_KEY;
3565 	key.offset = 0;
3566 
3567 	ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
3568 	if (ret < 0)
3569 		goto out;
3570 
3571 	while (true) {
3572 		struct extent_buffer *leaf = path->nodes[0];
3573 		int slot = path->slots[0];
3574 		u32 cur_offset = 0;
3575 		u32 item_size;
3576 
3577 		if (slot >= btrfs_header_nritems(leaf)) {
3578 			ret = btrfs_next_leaf(root, path);
3579 			if (ret < 0)
3580 				goto out;
3581 			if (ret > 0)
3582 				break;
3583 			continue;
3584 		}
3585 
3586 		btrfs_item_key_to_cpu(leaf, &key, slot);
3587 		if (key.objectid != ino2)
3588 			break;
3589 		if (key.type != BTRFS_INODE_REF_KEY &&
3590 		    key.type != BTRFS_INODE_EXTREF_KEY)
3591 			break;
3592 
3593 		item_size = btrfs_item_size_nr(leaf, slot);
3594 		while (cur_offset < item_size) {
3595 			u64 parent;
3596 			u64 parent_gen;
3597 
3598 			if (key.type == BTRFS_INODE_EXTREF_KEY) {
3599 				unsigned long ptr;
3600 				struct btrfs_inode_extref *extref;
3601 
3602 				ptr = btrfs_item_ptr_offset(leaf, slot);
3603 				extref = (struct btrfs_inode_extref *)
3604 					(ptr + cur_offset);
3605 				parent = btrfs_inode_extref_parent(leaf,
3606 								   extref);
3607 				cur_offset += sizeof(*extref);
3608 				cur_offset += btrfs_inode_extref_name_len(leaf,
3609 								  extref);
3610 			} else {
3611 				parent = key.offset;
3612 				cur_offset = item_size;
3613 			}
3614 
3615 			ret = get_inode_info(root, parent, NULL, &parent_gen,
3616 					     NULL, NULL, NULL, NULL);
3617 			if (ret < 0)
3618 				goto out;
3619 			ret = check_ino_in_path(root, ino1, ino1_gen,
3620 						parent, parent_gen, fs_path);
3621 			if (ret)
3622 				goto out;
3623 		}
3624 		path->slots[0]++;
3625 	}
3626 	ret = 0;
3627  out:
3628 	btrfs_free_path(path);
3629 	if (free_fs_path)
3630 		fs_path_free(fs_path);
3631 	return ret;
3632 }
3633 
3634 static int wait_for_parent_move(struct send_ctx *sctx,
3635 				struct recorded_ref *parent_ref,
3636 				const bool is_orphan)
3637 {
3638 	int ret = 0;
3639 	u64 ino = parent_ref->dir;
3640 	u64 ino_gen = parent_ref->dir_gen;
3641 	u64 parent_ino_before, parent_ino_after;
3642 	struct fs_path *path_before = NULL;
3643 	struct fs_path *path_after = NULL;
3644 	int len1, len2;
3645 
3646 	path_after = fs_path_alloc();
3647 	path_before = fs_path_alloc();
3648 	if (!path_after || !path_before) {
3649 		ret = -ENOMEM;
3650 		goto out;
3651 	}
3652 
3653 	/*
3654 	 * Our current directory inode may not yet be renamed/moved because some
3655 	 * ancestor (immediate or not) has to be renamed/moved first. So find if
3656 	 * such ancestor exists and make sure our own rename/move happens after
3657 	 * that ancestor is processed to avoid path build infinite loops (done
3658 	 * at get_cur_path()).
3659 	 */
3660 	while (ino > BTRFS_FIRST_FREE_OBJECTID) {
3661 		u64 parent_ino_after_gen;
3662 
3663 		if (is_waiting_for_move(sctx, ino)) {
3664 			/*
3665 			 * If the current inode is an ancestor of ino in the
3666 			 * parent root, we need to delay the rename of the
3667 			 * current inode, otherwise don't delayed the rename
3668 			 * because we can end up with a circular dependency
3669 			 * of renames, resulting in some directories never
3670 			 * getting the respective rename operations issued in
3671 			 * the send stream or getting into infinite path build
3672 			 * loops.
3673 			 */
3674 			ret = is_ancestor(sctx->parent_root,
3675 					  sctx->cur_ino, sctx->cur_inode_gen,
3676 					  ino, path_before);
3677 			if (ret)
3678 				break;
3679 		}
3680 
3681 		fs_path_reset(path_before);
3682 		fs_path_reset(path_after);
3683 
3684 		ret = get_first_ref(sctx->send_root, ino, &parent_ino_after,
3685 				    &parent_ino_after_gen, path_after);
3686 		if (ret < 0)
3687 			goto out;
3688 		ret = get_first_ref(sctx->parent_root, ino, &parent_ino_before,
3689 				    NULL, path_before);
3690 		if (ret < 0 && ret != -ENOENT) {
3691 			goto out;
3692 		} else if (ret == -ENOENT) {
3693 			ret = 0;
3694 			break;
3695 		}
3696 
3697 		len1 = fs_path_len(path_before);
3698 		len2 = fs_path_len(path_after);
3699 		if (ino > sctx->cur_ino &&
3700 		    (parent_ino_before != parent_ino_after || len1 != len2 ||
3701 		     memcmp(path_before->start, path_after->start, len1))) {
3702 			u64 parent_ino_gen;
3703 
3704 			ret = get_inode_info(sctx->parent_root, ino, NULL,
3705 					     &parent_ino_gen, NULL, NULL, NULL,
3706 					     NULL);
3707 			if (ret < 0)
3708 				goto out;
3709 			if (ino_gen == parent_ino_gen) {
3710 				ret = 1;
3711 				break;
3712 			}
3713 		}
3714 		ino = parent_ino_after;
3715 		ino_gen = parent_ino_after_gen;
3716 	}
3717 
3718 out:
3719 	fs_path_free(path_before);
3720 	fs_path_free(path_after);
3721 
3722 	if (ret == 1) {
3723 		ret = add_pending_dir_move(sctx,
3724 					   sctx->cur_ino,
3725 					   sctx->cur_inode_gen,
3726 					   ino,
3727 					   &sctx->new_refs,
3728 					   &sctx->deleted_refs,
3729 					   is_orphan);
3730 		if (!ret)
3731 			ret = 1;
3732 	}
3733 
3734 	return ret;
3735 }
3736 
3737 static int update_ref_path(struct send_ctx *sctx, struct recorded_ref *ref)
3738 {
3739 	int ret;
3740 	struct fs_path *new_path;
3741 
3742 	/*
3743 	 * Our reference's name member points to its full_path member string, so
3744 	 * we use here a new path.
3745 	 */
3746 	new_path = fs_path_alloc();
3747 	if (!new_path)
3748 		return -ENOMEM;
3749 
3750 	ret = get_cur_path(sctx, ref->dir, ref->dir_gen, new_path);
3751 	if (ret < 0) {
3752 		fs_path_free(new_path);
3753 		return ret;
3754 	}
3755 	ret = fs_path_add(new_path, ref->name, ref->name_len);
3756 	if (ret < 0) {
3757 		fs_path_free(new_path);
3758 		return ret;
3759 	}
3760 
3761 	fs_path_free(ref->full_path);
3762 	set_ref_path(ref, new_path);
3763 
3764 	return 0;
3765 }
3766 
3767 /*
3768  * This does all the move/link/unlink/rmdir magic.
3769  */
3770 static int process_recorded_refs(struct send_ctx *sctx, int *pending_move)
3771 {
3772 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
3773 	int ret = 0;
3774 	struct recorded_ref *cur;
3775 	struct recorded_ref *cur2;
3776 	struct list_head check_dirs;
3777 	struct fs_path *valid_path = NULL;
3778 	u64 ow_inode = 0;
3779 	u64 ow_gen;
3780 	u64 ow_mode;
3781 	int did_overwrite = 0;
3782 	int is_orphan = 0;
3783 	u64 last_dir_ino_rm = 0;
3784 	bool can_rename = true;
3785 	bool orphanized_dir = false;
3786 	bool orphanized_ancestor = false;
3787 
3788 	btrfs_debug(fs_info, "process_recorded_refs %llu", sctx->cur_ino);
3789 
3790 	/*
3791 	 * This should never happen as the root dir always has the same ref
3792 	 * which is always '..'
3793 	 */
3794 	BUG_ON(sctx->cur_ino <= BTRFS_FIRST_FREE_OBJECTID);
3795 	INIT_LIST_HEAD(&check_dirs);
3796 
3797 	valid_path = fs_path_alloc();
3798 	if (!valid_path) {
3799 		ret = -ENOMEM;
3800 		goto out;
3801 	}
3802 
3803 	/*
3804 	 * First, check if the first ref of the current inode was overwritten
3805 	 * before. If yes, we know that the current inode was already orphanized
3806 	 * and thus use the orphan name. If not, we can use get_cur_path to
3807 	 * get the path of the first ref as it would like while receiving at
3808 	 * this point in time.
3809 	 * New inodes are always orphan at the beginning, so force to use the
3810 	 * orphan name in this case.
3811 	 * The first ref is stored in valid_path and will be updated if it
3812 	 * gets moved around.
3813 	 */
3814 	if (!sctx->cur_inode_new) {
3815 		ret = did_overwrite_first_ref(sctx, sctx->cur_ino,
3816 				sctx->cur_inode_gen);
3817 		if (ret < 0)
3818 			goto out;
3819 		if (ret)
3820 			did_overwrite = 1;
3821 	}
3822 	if (sctx->cur_inode_new || did_overwrite) {
3823 		ret = gen_unique_name(sctx, sctx->cur_ino,
3824 				sctx->cur_inode_gen, valid_path);
3825 		if (ret < 0)
3826 			goto out;
3827 		is_orphan = 1;
3828 	} else {
3829 		ret = get_cur_path(sctx, sctx->cur_ino, sctx->cur_inode_gen,
3830 				valid_path);
3831 		if (ret < 0)
3832 			goto out;
3833 	}
3834 
3835 	list_for_each_entry(cur, &sctx->new_refs, list) {
3836 		/*
3837 		 * We may have refs where the parent directory does not exist
3838 		 * yet. This happens if the parent directories inum is higher
3839 		 * than the current inum. To handle this case, we create the
3840 		 * parent directory out of order. But we need to check if this
3841 		 * did already happen before due to other refs in the same dir.
3842 		 */
3843 		ret = get_cur_inode_state(sctx, cur->dir, cur->dir_gen);
3844 		if (ret < 0)
3845 			goto out;
3846 		if (ret == inode_state_will_create) {
3847 			ret = 0;
3848 			/*
3849 			 * First check if any of the current inodes refs did
3850 			 * already create the dir.
3851 			 */
3852 			list_for_each_entry(cur2, &sctx->new_refs, list) {
3853 				if (cur == cur2)
3854 					break;
3855 				if (cur2->dir == cur->dir) {
3856 					ret = 1;
3857 					break;
3858 				}
3859 			}
3860 
3861 			/*
3862 			 * If that did not happen, check if a previous inode
3863 			 * did already create the dir.
3864 			 */
3865 			if (!ret)
3866 				ret = did_create_dir(sctx, cur->dir);
3867 			if (ret < 0)
3868 				goto out;
3869 			if (!ret) {
3870 				ret = send_create_inode(sctx, cur->dir);
3871 				if (ret < 0)
3872 					goto out;
3873 			}
3874 		}
3875 
3876 		/*
3877 		 * Check if this new ref would overwrite the first ref of
3878 		 * another unprocessed inode. If yes, orphanize the
3879 		 * overwritten inode. If we find an overwritten ref that is
3880 		 * not the first ref, simply unlink it.
3881 		 */
3882 		ret = will_overwrite_ref(sctx, cur->dir, cur->dir_gen,
3883 				cur->name, cur->name_len,
3884 				&ow_inode, &ow_gen, &ow_mode);
3885 		if (ret < 0)
3886 			goto out;
3887 		if (ret) {
3888 			ret = is_first_ref(sctx->parent_root,
3889 					   ow_inode, cur->dir, cur->name,
3890 					   cur->name_len);
3891 			if (ret < 0)
3892 				goto out;
3893 			if (ret) {
3894 				struct name_cache_entry *nce;
3895 				struct waiting_dir_move *wdm;
3896 
3897 				ret = orphanize_inode(sctx, ow_inode, ow_gen,
3898 						cur->full_path);
3899 				if (ret < 0)
3900 					goto out;
3901 				if (S_ISDIR(ow_mode))
3902 					orphanized_dir = true;
3903 
3904 				/*
3905 				 * If ow_inode has its rename operation delayed
3906 				 * make sure that its orphanized name is used in
3907 				 * the source path when performing its rename
3908 				 * operation.
3909 				 */
3910 				if (is_waiting_for_move(sctx, ow_inode)) {
3911 					wdm = get_waiting_dir_move(sctx,
3912 								   ow_inode);
3913 					ASSERT(wdm);
3914 					wdm->orphanized = true;
3915 				}
3916 
3917 				/*
3918 				 * Make sure we clear our orphanized inode's
3919 				 * name from the name cache. This is because the
3920 				 * inode ow_inode might be an ancestor of some
3921 				 * other inode that will be orphanized as well
3922 				 * later and has an inode number greater than
3923 				 * sctx->send_progress. We need to prevent
3924 				 * future name lookups from using the old name
3925 				 * and get instead the orphan name.
3926 				 */
3927 				nce = name_cache_search(sctx, ow_inode, ow_gen);
3928 				if (nce) {
3929 					name_cache_delete(sctx, nce);
3930 					kfree(nce);
3931 				}
3932 
3933 				/*
3934 				 * ow_inode might currently be an ancestor of
3935 				 * cur_ino, therefore compute valid_path (the
3936 				 * current path of cur_ino) again because it
3937 				 * might contain the pre-orphanization name of
3938 				 * ow_inode, which is no longer valid.
3939 				 */
3940 				ret = is_ancestor(sctx->parent_root,
3941 						  ow_inode, ow_gen,
3942 						  sctx->cur_ino, NULL);
3943 				if (ret > 0) {
3944 					orphanized_ancestor = true;
3945 					fs_path_reset(valid_path);
3946 					ret = get_cur_path(sctx, sctx->cur_ino,
3947 							   sctx->cur_inode_gen,
3948 							   valid_path);
3949 				}
3950 				if (ret < 0)
3951 					goto out;
3952 			} else {
3953 				ret = send_unlink(sctx, cur->full_path);
3954 				if (ret < 0)
3955 					goto out;
3956 			}
3957 		}
3958 
3959 		if (S_ISDIR(sctx->cur_inode_mode) && sctx->parent_root) {
3960 			ret = wait_for_dest_dir_move(sctx, cur, is_orphan);
3961 			if (ret < 0)
3962 				goto out;
3963 			if (ret == 1) {
3964 				can_rename = false;
3965 				*pending_move = 1;
3966 			}
3967 		}
3968 
3969 		if (S_ISDIR(sctx->cur_inode_mode) && sctx->parent_root &&
3970 		    can_rename) {
3971 			ret = wait_for_parent_move(sctx, cur, is_orphan);
3972 			if (ret < 0)
3973 				goto out;
3974 			if (ret == 1) {
3975 				can_rename = false;
3976 				*pending_move = 1;
3977 			}
3978 		}
3979 
3980 		/*
3981 		 * link/move the ref to the new place. If we have an orphan
3982 		 * inode, move it and update valid_path. If not, link or move
3983 		 * it depending on the inode mode.
3984 		 */
3985 		if (is_orphan && can_rename) {
3986 			ret = send_rename(sctx, valid_path, cur->full_path);
3987 			if (ret < 0)
3988 				goto out;
3989 			is_orphan = 0;
3990 			ret = fs_path_copy(valid_path, cur->full_path);
3991 			if (ret < 0)
3992 				goto out;
3993 		} else if (can_rename) {
3994 			if (S_ISDIR(sctx->cur_inode_mode)) {
3995 				/*
3996 				 * Dirs can't be linked, so move it. For moved
3997 				 * dirs, we always have one new and one deleted
3998 				 * ref. The deleted ref is ignored later.
3999 				 */
4000 				ret = send_rename(sctx, valid_path,
4001 						  cur->full_path);
4002 				if (!ret)
4003 					ret = fs_path_copy(valid_path,
4004 							   cur->full_path);
4005 				if (ret < 0)
4006 					goto out;
4007 			} else {
4008 				/*
4009 				 * We might have previously orphanized an inode
4010 				 * which is an ancestor of our current inode,
4011 				 * so our reference's full path, which was
4012 				 * computed before any such orphanizations, must
4013 				 * be updated.
4014 				 */
4015 				if (orphanized_dir) {
4016 					ret = update_ref_path(sctx, cur);
4017 					if (ret < 0)
4018 						goto out;
4019 				}
4020 				ret = send_link(sctx, cur->full_path,
4021 						valid_path);
4022 				if (ret < 0)
4023 					goto out;
4024 			}
4025 		}
4026 		ret = dup_ref(cur, &check_dirs);
4027 		if (ret < 0)
4028 			goto out;
4029 	}
4030 
4031 	if (S_ISDIR(sctx->cur_inode_mode) && sctx->cur_inode_deleted) {
4032 		/*
4033 		 * Check if we can already rmdir the directory. If not,
4034 		 * orphanize it. For every dir item inside that gets deleted
4035 		 * later, we do this check again and rmdir it then if possible.
4036 		 * See the use of check_dirs for more details.
4037 		 */
4038 		ret = can_rmdir(sctx, sctx->cur_ino, sctx->cur_inode_gen,
4039 				sctx->cur_ino);
4040 		if (ret < 0)
4041 			goto out;
4042 		if (ret) {
4043 			ret = send_rmdir(sctx, valid_path);
4044 			if (ret < 0)
4045 				goto out;
4046 		} else if (!is_orphan) {
4047 			ret = orphanize_inode(sctx, sctx->cur_ino,
4048 					sctx->cur_inode_gen, valid_path);
4049 			if (ret < 0)
4050 				goto out;
4051 			is_orphan = 1;
4052 		}
4053 
4054 		list_for_each_entry(cur, &sctx->deleted_refs, list) {
4055 			ret = dup_ref(cur, &check_dirs);
4056 			if (ret < 0)
4057 				goto out;
4058 		}
4059 	} else if (S_ISDIR(sctx->cur_inode_mode) &&
4060 		   !list_empty(&sctx->deleted_refs)) {
4061 		/*
4062 		 * We have a moved dir. Add the old parent to check_dirs
4063 		 */
4064 		cur = list_entry(sctx->deleted_refs.next, struct recorded_ref,
4065 				list);
4066 		ret = dup_ref(cur, &check_dirs);
4067 		if (ret < 0)
4068 			goto out;
4069 	} else if (!S_ISDIR(sctx->cur_inode_mode)) {
4070 		/*
4071 		 * We have a non dir inode. Go through all deleted refs and
4072 		 * unlink them if they were not already overwritten by other
4073 		 * inodes.
4074 		 */
4075 		list_for_each_entry(cur, &sctx->deleted_refs, list) {
4076 			ret = did_overwrite_ref(sctx, cur->dir, cur->dir_gen,
4077 					sctx->cur_ino, sctx->cur_inode_gen,
4078 					cur->name, cur->name_len);
4079 			if (ret < 0)
4080 				goto out;
4081 			if (!ret) {
4082 				/*
4083 				 * If we orphanized any ancestor before, we need
4084 				 * to recompute the full path for deleted names,
4085 				 * since any such path was computed before we
4086 				 * processed any references and orphanized any
4087 				 * ancestor inode.
4088 				 */
4089 				if (orphanized_ancestor) {
4090 					ret = update_ref_path(sctx, cur);
4091 					if (ret < 0)
4092 						goto out;
4093 				}
4094 				ret = send_unlink(sctx, cur->full_path);
4095 				if (ret < 0)
4096 					goto out;
4097 			}
4098 			ret = dup_ref(cur, &check_dirs);
4099 			if (ret < 0)
4100 				goto out;
4101 		}
4102 		/*
4103 		 * If the inode is still orphan, unlink the orphan. This may
4104 		 * happen when a previous inode did overwrite the first ref
4105 		 * of this inode and no new refs were added for the current
4106 		 * inode. Unlinking does not mean that the inode is deleted in
4107 		 * all cases. There may still be links to this inode in other
4108 		 * places.
4109 		 */
4110 		if (is_orphan) {
4111 			ret = send_unlink(sctx, valid_path);
4112 			if (ret < 0)
4113 				goto out;
4114 		}
4115 	}
4116 
4117 	/*
4118 	 * We did collect all parent dirs where cur_inode was once located. We
4119 	 * now go through all these dirs and check if they are pending for
4120 	 * deletion and if it's finally possible to perform the rmdir now.
4121 	 * We also update the inode stats of the parent dirs here.
4122 	 */
4123 	list_for_each_entry(cur, &check_dirs, list) {
4124 		/*
4125 		 * In case we had refs into dirs that were not processed yet,
4126 		 * we don't need to do the utime and rmdir logic for these dirs.
4127 		 * The dir will be processed later.
4128 		 */
4129 		if (cur->dir > sctx->cur_ino)
4130 			continue;
4131 
4132 		ret = get_cur_inode_state(sctx, cur->dir, cur->dir_gen);
4133 		if (ret < 0)
4134 			goto out;
4135 
4136 		if (ret == inode_state_did_create ||
4137 		    ret == inode_state_no_change) {
4138 			/* TODO delayed utimes */
4139 			ret = send_utimes(sctx, cur->dir, cur->dir_gen);
4140 			if (ret < 0)
4141 				goto out;
4142 		} else if (ret == inode_state_did_delete &&
4143 			   cur->dir != last_dir_ino_rm) {
4144 			ret = can_rmdir(sctx, cur->dir, cur->dir_gen,
4145 					sctx->cur_ino);
4146 			if (ret < 0)
4147 				goto out;
4148 			if (ret) {
4149 				ret = get_cur_path(sctx, cur->dir,
4150 						   cur->dir_gen, valid_path);
4151 				if (ret < 0)
4152 					goto out;
4153 				ret = send_rmdir(sctx, valid_path);
4154 				if (ret < 0)
4155 					goto out;
4156 				last_dir_ino_rm = cur->dir;
4157 			}
4158 		}
4159 	}
4160 
4161 	ret = 0;
4162 
4163 out:
4164 	__free_recorded_refs(&check_dirs);
4165 	free_recorded_refs(sctx);
4166 	fs_path_free(valid_path);
4167 	return ret;
4168 }
4169 
4170 static int record_ref(struct btrfs_root *root, u64 dir, struct fs_path *name,
4171 		      void *ctx, struct list_head *refs)
4172 {
4173 	int ret = 0;
4174 	struct send_ctx *sctx = ctx;
4175 	struct fs_path *p;
4176 	u64 gen;
4177 
4178 	p = fs_path_alloc();
4179 	if (!p)
4180 		return -ENOMEM;
4181 
4182 	ret = get_inode_info(root, dir, NULL, &gen, NULL, NULL,
4183 			NULL, NULL);
4184 	if (ret < 0)
4185 		goto out;
4186 
4187 	ret = get_cur_path(sctx, dir, gen, p);
4188 	if (ret < 0)
4189 		goto out;
4190 	ret = fs_path_add_path(p, name);
4191 	if (ret < 0)
4192 		goto out;
4193 
4194 	ret = __record_ref(refs, dir, gen, p);
4195 
4196 out:
4197 	if (ret)
4198 		fs_path_free(p);
4199 	return ret;
4200 }
4201 
4202 static int __record_new_ref(int num, u64 dir, int index,
4203 			    struct fs_path *name,
4204 			    void *ctx)
4205 {
4206 	struct send_ctx *sctx = ctx;
4207 	return record_ref(sctx->send_root, dir, name, ctx, &sctx->new_refs);
4208 }
4209 
4210 
4211 static int __record_deleted_ref(int num, u64 dir, int index,
4212 				struct fs_path *name,
4213 				void *ctx)
4214 {
4215 	struct send_ctx *sctx = ctx;
4216 	return record_ref(sctx->parent_root, dir, name, ctx,
4217 			  &sctx->deleted_refs);
4218 }
4219 
4220 static int record_new_ref(struct send_ctx *sctx)
4221 {
4222 	int ret;
4223 
4224 	ret = iterate_inode_ref(sctx->send_root, sctx->left_path,
4225 				sctx->cmp_key, 0, __record_new_ref, sctx);
4226 	if (ret < 0)
4227 		goto out;
4228 	ret = 0;
4229 
4230 out:
4231 	return ret;
4232 }
4233 
4234 static int record_deleted_ref(struct send_ctx *sctx)
4235 {
4236 	int ret;
4237 
4238 	ret = iterate_inode_ref(sctx->parent_root, sctx->right_path,
4239 				sctx->cmp_key, 0, __record_deleted_ref, sctx);
4240 	if (ret < 0)
4241 		goto out;
4242 	ret = 0;
4243 
4244 out:
4245 	return ret;
4246 }
4247 
4248 struct find_ref_ctx {
4249 	u64 dir;
4250 	u64 dir_gen;
4251 	struct btrfs_root *root;
4252 	struct fs_path *name;
4253 	int found_idx;
4254 };
4255 
4256 static int __find_iref(int num, u64 dir, int index,
4257 		       struct fs_path *name,
4258 		       void *ctx_)
4259 {
4260 	struct find_ref_ctx *ctx = ctx_;
4261 	u64 dir_gen;
4262 	int ret;
4263 
4264 	if (dir == ctx->dir && fs_path_len(name) == fs_path_len(ctx->name) &&
4265 	    strncmp(name->start, ctx->name->start, fs_path_len(name)) == 0) {
4266 		/*
4267 		 * To avoid doing extra lookups we'll only do this if everything
4268 		 * else matches.
4269 		 */
4270 		ret = get_inode_info(ctx->root, dir, NULL, &dir_gen, NULL,
4271 				     NULL, NULL, NULL);
4272 		if (ret)
4273 			return ret;
4274 		if (dir_gen != ctx->dir_gen)
4275 			return 0;
4276 		ctx->found_idx = num;
4277 		return 1;
4278 	}
4279 	return 0;
4280 }
4281 
4282 static int find_iref(struct btrfs_root *root,
4283 		     struct btrfs_path *path,
4284 		     struct btrfs_key *key,
4285 		     u64 dir, u64 dir_gen, struct fs_path *name)
4286 {
4287 	int ret;
4288 	struct find_ref_ctx ctx;
4289 
4290 	ctx.dir = dir;
4291 	ctx.name = name;
4292 	ctx.dir_gen = dir_gen;
4293 	ctx.found_idx = -1;
4294 	ctx.root = root;
4295 
4296 	ret = iterate_inode_ref(root, path, key, 0, __find_iref, &ctx);
4297 	if (ret < 0)
4298 		return ret;
4299 
4300 	if (ctx.found_idx == -1)
4301 		return -ENOENT;
4302 
4303 	return ctx.found_idx;
4304 }
4305 
4306 static int __record_changed_new_ref(int num, u64 dir, int index,
4307 				    struct fs_path *name,
4308 				    void *ctx)
4309 {
4310 	u64 dir_gen;
4311 	int ret;
4312 	struct send_ctx *sctx = ctx;
4313 
4314 	ret = get_inode_info(sctx->send_root, dir, NULL, &dir_gen, NULL,
4315 			     NULL, NULL, NULL);
4316 	if (ret)
4317 		return ret;
4318 
4319 	ret = find_iref(sctx->parent_root, sctx->right_path,
4320 			sctx->cmp_key, dir, dir_gen, name);
4321 	if (ret == -ENOENT)
4322 		ret = __record_new_ref(num, dir, index, name, sctx);
4323 	else if (ret > 0)
4324 		ret = 0;
4325 
4326 	return ret;
4327 }
4328 
4329 static int __record_changed_deleted_ref(int num, u64 dir, int index,
4330 					struct fs_path *name,
4331 					void *ctx)
4332 {
4333 	u64 dir_gen;
4334 	int ret;
4335 	struct send_ctx *sctx = ctx;
4336 
4337 	ret = get_inode_info(sctx->parent_root, dir, NULL, &dir_gen, NULL,
4338 			     NULL, NULL, NULL);
4339 	if (ret)
4340 		return ret;
4341 
4342 	ret = find_iref(sctx->send_root, sctx->left_path, sctx->cmp_key,
4343 			dir, dir_gen, name);
4344 	if (ret == -ENOENT)
4345 		ret = __record_deleted_ref(num, dir, index, name, sctx);
4346 	else if (ret > 0)
4347 		ret = 0;
4348 
4349 	return ret;
4350 }
4351 
4352 static int record_changed_ref(struct send_ctx *sctx)
4353 {
4354 	int ret = 0;
4355 
4356 	ret = iterate_inode_ref(sctx->send_root, sctx->left_path,
4357 			sctx->cmp_key, 0, __record_changed_new_ref, sctx);
4358 	if (ret < 0)
4359 		goto out;
4360 	ret = iterate_inode_ref(sctx->parent_root, sctx->right_path,
4361 			sctx->cmp_key, 0, __record_changed_deleted_ref, sctx);
4362 	if (ret < 0)
4363 		goto out;
4364 	ret = 0;
4365 
4366 out:
4367 	return ret;
4368 }
4369 
4370 /*
4371  * Record and process all refs at once. Needed when an inode changes the
4372  * generation number, which means that it was deleted and recreated.
4373  */
4374 static int process_all_refs(struct send_ctx *sctx,
4375 			    enum btrfs_compare_tree_result cmd)
4376 {
4377 	int ret;
4378 	struct btrfs_root *root;
4379 	struct btrfs_path *path;
4380 	struct btrfs_key key;
4381 	struct btrfs_key found_key;
4382 	struct extent_buffer *eb;
4383 	int slot;
4384 	iterate_inode_ref_t cb;
4385 	int pending_move = 0;
4386 
4387 	path = alloc_path_for_send();
4388 	if (!path)
4389 		return -ENOMEM;
4390 
4391 	if (cmd == BTRFS_COMPARE_TREE_NEW) {
4392 		root = sctx->send_root;
4393 		cb = __record_new_ref;
4394 	} else if (cmd == BTRFS_COMPARE_TREE_DELETED) {
4395 		root = sctx->parent_root;
4396 		cb = __record_deleted_ref;
4397 	} else {
4398 		btrfs_err(sctx->send_root->fs_info,
4399 				"Wrong command %d in process_all_refs", cmd);
4400 		ret = -EINVAL;
4401 		goto out;
4402 	}
4403 
4404 	key.objectid = sctx->cmp_key->objectid;
4405 	key.type = BTRFS_INODE_REF_KEY;
4406 	key.offset = 0;
4407 	ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
4408 	if (ret < 0)
4409 		goto out;
4410 
4411 	while (1) {
4412 		eb = path->nodes[0];
4413 		slot = path->slots[0];
4414 		if (slot >= btrfs_header_nritems(eb)) {
4415 			ret = btrfs_next_leaf(root, path);
4416 			if (ret < 0)
4417 				goto out;
4418 			else if (ret > 0)
4419 				break;
4420 			continue;
4421 		}
4422 
4423 		btrfs_item_key_to_cpu(eb, &found_key, slot);
4424 
4425 		if (found_key.objectid != key.objectid ||
4426 		    (found_key.type != BTRFS_INODE_REF_KEY &&
4427 		     found_key.type != BTRFS_INODE_EXTREF_KEY))
4428 			break;
4429 
4430 		ret = iterate_inode_ref(root, path, &found_key, 0, cb, sctx);
4431 		if (ret < 0)
4432 			goto out;
4433 
4434 		path->slots[0]++;
4435 	}
4436 	btrfs_release_path(path);
4437 
4438 	/*
4439 	 * We don't actually care about pending_move as we are simply
4440 	 * re-creating this inode and will be rename'ing it into place once we
4441 	 * rename the parent directory.
4442 	 */
4443 	ret = process_recorded_refs(sctx, &pending_move);
4444 out:
4445 	btrfs_free_path(path);
4446 	return ret;
4447 }
4448 
4449 static int send_set_xattr(struct send_ctx *sctx,
4450 			  struct fs_path *path,
4451 			  const char *name, int name_len,
4452 			  const char *data, int data_len)
4453 {
4454 	int ret = 0;
4455 
4456 	ret = begin_cmd(sctx, BTRFS_SEND_C_SET_XATTR);
4457 	if (ret < 0)
4458 		goto out;
4459 
4460 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, path);
4461 	TLV_PUT_STRING(sctx, BTRFS_SEND_A_XATTR_NAME, name, name_len);
4462 	TLV_PUT(sctx, BTRFS_SEND_A_XATTR_DATA, data, data_len);
4463 
4464 	ret = send_cmd(sctx);
4465 
4466 tlv_put_failure:
4467 out:
4468 	return ret;
4469 }
4470 
4471 static int send_remove_xattr(struct send_ctx *sctx,
4472 			  struct fs_path *path,
4473 			  const char *name, int name_len)
4474 {
4475 	int ret = 0;
4476 
4477 	ret = begin_cmd(sctx, BTRFS_SEND_C_REMOVE_XATTR);
4478 	if (ret < 0)
4479 		goto out;
4480 
4481 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, path);
4482 	TLV_PUT_STRING(sctx, BTRFS_SEND_A_XATTR_NAME, name, name_len);
4483 
4484 	ret = send_cmd(sctx);
4485 
4486 tlv_put_failure:
4487 out:
4488 	return ret;
4489 }
4490 
4491 static int __process_new_xattr(int num, struct btrfs_key *di_key,
4492 			       const char *name, int name_len,
4493 			       const char *data, int data_len,
4494 			       u8 type, void *ctx)
4495 {
4496 	int ret;
4497 	struct send_ctx *sctx = ctx;
4498 	struct fs_path *p;
4499 	struct posix_acl_xattr_header dummy_acl;
4500 
4501 	p = fs_path_alloc();
4502 	if (!p)
4503 		return -ENOMEM;
4504 
4505 	/*
4506 	 * This hack is needed because empty acls are stored as zero byte
4507 	 * data in xattrs. Problem with that is, that receiving these zero byte
4508 	 * acls will fail later. To fix this, we send a dummy acl list that
4509 	 * only contains the version number and no entries.
4510 	 */
4511 	if (!strncmp(name, XATTR_NAME_POSIX_ACL_ACCESS, name_len) ||
4512 	    !strncmp(name, XATTR_NAME_POSIX_ACL_DEFAULT, name_len)) {
4513 		if (data_len == 0) {
4514 			dummy_acl.a_version =
4515 					cpu_to_le32(POSIX_ACL_XATTR_VERSION);
4516 			data = (char *)&dummy_acl;
4517 			data_len = sizeof(dummy_acl);
4518 		}
4519 	}
4520 
4521 	ret = get_cur_path(sctx, sctx->cur_ino, sctx->cur_inode_gen, p);
4522 	if (ret < 0)
4523 		goto out;
4524 
4525 	ret = send_set_xattr(sctx, p, name, name_len, data, data_len);
4526 
4527 out:
4528 	fs_path_free(p);
4529 	return ret;
4530 }
4531 
4532 static int __process_deleted_xattr(int num, struct btrfs_key *di_key,
4533 				   const char *name, int name_len,
4534 				   const char *data, int data_len,
4535 				   u8 type, void *ctx)
4536 {
4537 	int ret;
4538 	struct send_ctx *sctx = ctx;
4539 	struct fs_path *p;
4540 
4541 	p = fs_path_alloc();
4542 	if (!p)
4543 		return -ENOMEM;
4544 
4545 	ret = get_cur_path(sctx, sctx->cur_ino, sctx->cur_inode_gen, p);
4546 	if (ret < 0)
4547 		goto out;
4548 
4549 	ret = send_remove_xattr(sctx, p, name, name_len);
4550 
4551 out:
4552 	fs_path_free(p);
4553 	return ret;
4554 }
4555 
4556 static int process_new_xattr(struct send_ctx *sctx)
4557 {
4558 	int ret = 0;
4559 
4560 	ret = iterate_dir_item(sctx->send_root, sctx->left_path,
4561 			       __process_new_xattr, sctx);
4562 
4563 	return ret;
4564 }
4565 
4566 static int process_deleted_xattr(struct send_ctx *sctx)
4567 {
4568 	return iterate_dir_item(sctx->parent_root, sctx->right_path,
4569 				__process_deleted_xattr, sctx);
4570 }
4571 
4572 struct find_xattr_ctx {
4573 	const char *name;
4574 	int name_len;
4575 	int found_idx;
4576 	char *found_data;
4577 	int found_data_len;
4578 };
4579 
4580 static int __find_xattr(int num, struct btrfs_key *di_key,
4581 			const char *name, int name_len,
4582 			const char *data, int data_len,
4583 			u8 type, void *vctx)
4584 {
4585 	struct find_xattr_ctx *ctx = vctx;
4586 
4587 	if (name_len == ctx->name_len &&
4588 	    strncmp(name, ctx->name, name_len) == 0) {
4589 		ctx->found_idx = num;
4590 		ctx->found_data_len = data_len;
4591 		ctx->found_data = kmemdup(data, data_len, GFP_KERNEL);
4592 		if (!ctx->found_data)
4593 			return -ENOMEM;
4594 		return 1;
4595 	}
4596 	return 0;
4597 }
4598 
4599 static int find_xattr(struct btrfs_root *root,
4600 		      struct btrfs_path *path,
4601 		      struct btrfs_key *key,
4602 		      const char *name, int name_len,
4603 		      char **data, int *data_len)
4604 {
4605 	int ret;
4606 	struct find_xattr_ctx ctx;
4607 
4608 	ctx.name = name;
4609 	ctx.name_len = name_len;
4610 	ctx.found_idx = -1;
4611 	ctx.found_data = NULL;
4612 	ctx.found_data_len = 0;
4613 
4614 	ret = iterate_dir_item(root, path, __find_xattr, &ctx);
4615 	if (ret < 0)
4616 		return ret;
4617 
4618 	if (ctx.found_idx == -1)
4619 		return -ENOENT;
4620 	if (data) {
4621 		*data = ctx.found_data;
4622 		*data_len = ctx.found_data_len;
4623 	} else {
4624 		kfree(ctx.found_data);
4625 	}
4626 	return ctx.found_idx;
4627 }
4628 
4629 
4630 static int __process_changed_new_xattr(int num, struct btrfs_key *di_key,
4631 				       const char *name, int name_len,
4632 				       const char *data, int data_len,
4633 				       u8 type, void *ctx)
4634 {
4635 	int ret;
4636 	struct send_ctx *sctx = ctx;
4637 	char *found_data = NULL;
4638 	int found_data_len  = 0;
4639 
4640 	ret = find_xattr(sctx->parent_root, sctx->right_path,
4641 			 sctx->cmp_key, name, name_len, &found_data,
4642 			 &found_data_len);
4643 	if (ret == -ENOENT) {
4644 		ret = __process_new_xattr(num, di_key, name, name_len, data,
4645 				data_len, type, ctx);
4646 	} else if (ret >= 0) {
4647 		if (data_len != found_data_len ||
4648 		    memcmp(data, found_data, data_len)) {
4649 			ret = __process_new_xattr(num, di_key, name, name_len,
4650 					data, data_len, type, ctx);
4651 		} else {
4652 			ret = 0;
4653 		}
4654 	}
4655 
4656 	kfree(found_data);
4657 	return ret;
4658 }
4659 
4660 static int __process_changed_deleted_xattr(int num, struct btrfs_key *di_key,
4661 					   const char *name, int name_len,
4662 					   const char *data, int data_len,
4663 					   u8 type, void *ctx)
4664 {
4665 	int ret;
4666 	struct send_ctx *sctx = ctx;
4667 
4668 	ret = find_xattr(sctx->send_root, sctx->left_path, sctx->cmp_key,
4669 			 name, name_len, NULL, NULL);
4670 	if (ret == -ENOENT)
4671 		ret = __process_deleted_xattr(num, di_key, name, name_len, data,
4672 				data_len, type, ctx);
4673 	else if (ret >= 0)
4674 		ret = 0;
4675 
4676 	return ret;
4677 }
4678 
4679 static int process_changed_xattr(struct send_ctx *sctx)
4680 {
4681 	int ret = 0;
4682 
4683 	ret = iterate_dir_item(sctx->send_root, sctx->left_path,
4684 			__process_changed_new_xattr, sctx);
4685 	if (ret < 0)
4686 		goto out;
4687 	ret = iterate_dir_item(sctx->parent_root, sctx->right_path,
4688 			__process_changed_deleted_xattr, sctx);
4689 
4690 out:
4691 	return ret;
4692 }
4693 
4694 static int process_all_new_xattrs(struct send_ctx *sctx)
4695 {
4696 	int ret;
4697 	struct btrfs_root *root;
4698 	struct btrfs_path *path;
4699 	struct btrfs_key key;
4700 	struct btrfs_key found_key;
4701 	struct extent_buffer *eb;
4702 	int slot;
4703 
4704 	path = alloc_path_for_send();
4705 	if (!path)
4706 		return -ENOMEM;
4707 
4708 	root = sctx->send_root;
4709 
4710 	key.objectid = sctx->cmp_key->objectid;
4711 	key.type = BTRFS_XATTR_ITEM_KEY;
4712 	key.offset = 0;
4713 	ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
4714 	if (ret < 0)
4715 		goto out;
4716 
4717 	while (1) {
4718 		eb = path->nodes[0];
4719 		slot = path->slots[0];
4720 		if (slot >= btrfs_header_nritems(eb)) {
4721 			ret = btrfs_next_leaf(root, path);
4722 			if (ret < 0) {
4723 				goto out;
4724 			} else if (ret > 0) {
4725 				ret = 0;
4726 				break;
4727 			}
4728 			continue;
4729 		}
4730 
4731 		btrfs_item_key_to_cpu(eb, &found_key, slot);
4732 		if (found_key.objectid != key.objectid ||
4733 		    found_key.type != key.type) {
4734 			ret = 0;
4735 			goto out;
4736 		}
4737 
4738 		ret = iterate_dir_item(root, path, __process_new_xattr, sctx);
4739 		if (ret < 0)
4740 			goto out;
4741 
4742 		path->slots[0]++;
4743 	}
4744 
4745 out:
4746 	btrfs_free_path(path);
4747 	return ret;
4748 }
4749 
4750 static ssize_t fill_read_buf(struct send_ctx *sctx, u64 offset, u32 len)
4751 {
4752 	struct btrfs_root *root = sctx->send_root;
4753 	struct btrfs_fs_info *fs_info = root->fs_info;
4754 	struct inode *inode;
4755 	struct page *page;
4756 	char *addr;
4757 	struct btrfs_key key;
4758 	pgoff_t index = offset >> PAGE_SHIFT;
4759 	pgoff_t last_index;
4760 	unsigned pg_offset = offset_in_page(offset);
4761 	ssize_t ret = 0;
4762 
4763 	key.objectid = sctx->cur_ino;
4764 	key.type = BTRFS_INODE_ITEM_KEY;
4765 	key.offset = 0;
4766 
4767 	inode = btrfs_iget(fs_info->sb, &key, root, NULL);
4768 	if (IS_ERR(inode))
4769 		return PTR_ERR(inode);
4770 
4771 	if (offset + len > i_size_read(inode)) {
4772 		if (offset > i_size_read(inode))
4773 			len = 0;
4774 		else
4775 			len = offset - i_size_read(inode);
4776 	}
4777 	if (len == 0)
4778 		goto out;
4779 
4780 	last_index = (offset + len - 1) >> PAGE_SHIFT;
4781 
4782 	/* initial readahead */
4783 	memset(&sctx->ra, 0, sizeof(struct file_ra_state));
4784 	file_ra_state_init(&sctx->ra, inode->i_mapping);
4785 
4786 	while (index <= last_index) {
4787 		unsigned cur_len = min_t(unsigned, len,
4788 					 PAGE_SIZE - pg_offset);
4789 
4790 		page = find_lock_page(inode->i_mapping, index);
4791 		if (!page) {
4792 			page_cache_sync_readahead(inode->i_mapping, &sctx->ra,
4793 				NULL, index, last_index + 1 - index);
4794 
4795 			page = find_or_create_page(inode->i_mapping, index,
4796 					GFP_KERNEL);
4797 			if (!page) {
4798 				ret = -ENOMEM;
4799 				break;
4800 			}
4801 		}
4802 
4803 		if (PageReadahead(page)) {
4804 			page_cache_async_readahead(inode->i_mapping, &sctx->ra,
4805 				NULL, page, index, last_index + 1 - index);
4806 		}
4807 
4808 		if (!PageUptodate(page)) {
4809 			btrfs_readpage(NULL, page);
4810 			lock_page(page);
4811 			if (!PageUptodate(page)) {
4812 				unlock_page(page);
4813 				put_page(page);
4814 				ret = -EIO;
4815 				break;
4816 			}
4817 		}
4818 
4819 		addr = kmap(page);
4820 		memcpy(sctx->read_buf + ret, addr + pg_offset, cur_len);
4821 		kunmap(page);
4822 		unlock_page(page);
4823 		put_page(page);
4824 		index++;
4825 		pg_offset = 0;
4826 		len -= cur_len;
4827 		ret += cur_len;
4828 	}
4829 out:
4830 	iput(inode);
4831 	return ret;
4832 }
4833 
4834 /*
4835  * Read some bytes from the current inode/file and send a write command to
4836  * user space.
4837  */
4838 static int send_write(struct send_ctx *sctx, u64 offset, u32 len)
4839 {
4840 	struct btrfs_fs_info *fs_info = sctx->send_root->fs_info;
4841 	int ret = 0;
4842 	struct fs_path *p;
4843 	ssize_t num_read = 0;
4844 
4845 	p = fs_path_alloc();
4846 	if (!p)
4847 		return -ENOMEM;
4848 
4849 	btrfs_debug(fs_info, "send_write offset=%llu, len=%d", offset, len);
4850 
4851 	num_read = fill_read_buf(sctx, offset, len);
4852 	if (num_read <= 0) {
4853 		if (num_read < 0)
4854 			ret = num_read;
4855 		goto out;
4856 	}
4857 
4858 	ret = begin_cmd(sctx, BTRFS_SEND_C_WRITE);
4859 	if (ret < 0)
4860 		goto out;
4861 
4862 	ret = get_cur_path(sctx, sctx->cur_ino, sctx->cur_inode_gen, p);
4863 	if (ret < 0)
4864 		goto out;
4865 
4866 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, p);
4867 	TLV_PUT_U64(sctx, BTRFS_SEND_A_FILE_OFFSET, offset);
4868 	TLV_PUT(sctx, BTRFS_SEND_A_DATA, sctx->read_buf, num_read);
4869 
4870 	ret = send_cmd(sctx);
4871 
4872 tlv_put_failure:
4873 out:
4874 	fs_path_free(p);
4875 	if (ret < 0)
4876 		return ret;
4877 	return num_read;
4878 }
4879 
4880 /*
4881  * Send a clone command to user space.
4882  */
4883 static int send_clone(struct send_ctx *sctx,
4884 		      u64 offset, u32 len,
4885 		      struct clone_root *clone_root)
4886 {
4887 	int ret = 0;
4888 	struct fs_path *p;
4889 	u64 gen;
4890 
4891 	btrfs_debug(sctx->send_root->fs_info,
4892 		    "send_clone offset=%llu, len=%d, clone_root=%llu, clone_inode=%llu, clone_offset=%llu",
4893 		    offset, len, clone_root->root->root_key.objectid,
4894 		    clone_root->ino, clone_root->offset);
4895 
4896 	p = fs_path_alloc();
4897 	if (!p)
4898 		return -ENOMEM;
4899 
4900 	ret = begin_cmd(sctx, BTRFS_SEND_C_CLONE);
4901 	if (ret < 0)
4902 		goto out;
4903 
4904 	ret = get_cur_path(sctx, sctx->cur_ino, sctx->cur_inode_gen, p);
4905 	if (ret < 0)
4906 		goto out;
4907 
4908 	TLV_PUT_U64(sctx, BTRFS_SEND_A_FILE_OFFSET, offset);
4909 	TLV_PUT_U64(sctx, BTRFS_SEND_A_CLONE_LEN, len);
4910 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, p);
4911 
4912 	if (clone_root->root == sctx->send_root) {
4913 		ret = get_inode_info(sctx->send_root, clone_root->ino, NULL,
4914 				&gen, NULL, NULL, NULL, NULL);
4915 		if (ret < 0)
4916 			goto out;
4917 		ret = get_cur_path(sctx, clone_root->ino, gen, p);
4918 	} else {
4919 		ret = get_inode_path(clone_root->root, clone_root->ino, p);
4920 	}
4921 	if (ret < 0)
4922 		goto out;
4923 
4924 	/*
4925 	 * If the parent we're using has a received_uuid set then use that as
4926 	 * our clone source as that is what we will look for when doing a
4927 	 * receive.
4928 	 *
4929 	 * This covers the case that we create a snapshot off of a received
4930 	 * subvolume and then use that as the parent and try to receive on a
4931 	 * different host.
4932 	 */
4933 	if (!btrfs_is_empty_uuid(clone_root->root->root_item.received_uuid))
4934 		TLV_PUT_UUID(sctx, BTRFS_SEND_A_CLONE_UUID,
4935 			     clone_root->root->root_item.received_uuid);
4936 	else
4937 		TLV_PUT_UUID(sctx, BTRFS_SEND_A_CLONE_UUID,
4938 			     clone_root->root->root_item.uuid);
4939 	TLV_PUT_U64(sctx, BTRFS_SEND_A_CLONE_CTRANSID,
4940 		    le64_to_cpu(clone_root->root->root_item.ctransid));
4941 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_CLONE_PATH, p);
4942 	TLV_PUT_U64(sctx, BTRFS_SEND_A_CLONE_OFFSET,
4943 			clone_root->offset);
4944 
4945 	ret = send_cmd(sctx);
4946 
4947 tlv_put_failure:
4948 out:
4949 	fs_path_free(p);
4950 	return ret;
4951 }
4952 
4953 /*
4954  * Send an update extent command to user space.
4955  */
4956 static int send_update_extent(struct send_ctx *sctx,
4957 			      u64 offset, u32 len)
4958 {
4959 	int ret = 0;
4960 	struct fs_path *p;
4961 
4962 	p = fs_path_alloc();
4963 	if (!p)
4964 		return -ENOMEM;
4965 
4966 	ret = begin_cmd(sctx, BTRFS_SEND_C_UPDATE_EXTENT);
4967 	if (ret < 0)
4968 		goto out;
4969 
4970 	ret = get_cur_path(sctx, sctx->cur_ino, sctx->cur_inode_gen, p);
4971 	if (ret < 0)
4972 		goto out;
4973 
4974 	TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, p);
4975 	TLV_PUT_U64(sctx, BTRFS_SEND_A_FILE_OFFSET, offset);
4976 	TLV_PUT_U64(sctx, BTRFS_SEND_A_SIZE, len);
4977 
4978 	ret = send_cmd(sctx);
4979 
4980 tlv_put_failure:
4981 out:
4982 	fs_path_free(p);
4983 	return ret;
4984 }
4985 
4986 static int send_hole(struct send_ctx *sctx, u64 end)
4987 {
4988 	struct fs_path *p = NULL;
4989 	u64 offset = sctx->cur_inode_last_extent;
4990 	u64 len;
4991 	int ret = 0;
4992 
4993 	/*
4994 	 * A hole that starts at EOF or beyond it. Since we do not yet support
4995 	 * fallocate (for extent preallocation and hole punching), sending a
4996 	 * write of zeroes starting at EOF or beyond would later require issuing
4997 	 * a truncate operation which would undo the write and achieve nothing.
4998 	 */
4999 	if (offset >= sctx->cur_inode_size)
5000 		return 0;
5001 
5002 	if (sctx->flags & BTRFS_SEND_FLAG_NO_FILE_DATA)
5003 		return send_update_extent(sctx, offset, end - offset);
5004 
5005 	p = fs_path_alloc();
5006 	if (!p)
5007 		return -ENOMEM;
5008 	ret = get_cur_path(sctx, sctx->cur_ino, sctx->cur_inode_gen, p);
5009 	if (ret < 0)
5010 		goto tlv_put_failure;
5011 	memset(sctx->read_buf, 0, BTRFS_SEND_READ_SIZE);
5012 	while (offset < end) {
5013 		len = min_t(u64, end - offset, BTRFS_SEND_READ_SIZE);
5014 
5015 		ret = begin_cmd(sctx, BTRFS_SEND_C_WRITE);
5016 		if (ret < 0)
5017 			break;
5018 		TLV_PUT_PATH(sctx, BTRFS_SEND_A_PATH, p);
5019 		TLV_PUT_U64(sctx, BTRFS_SEND_A_FILE_OFFSET, offset);
5020 		TLV_PUT(sctx, BTRFS_SEND_A_DATA, sctx->read_buf, len);
5021 		ret = send_cmd(sctx);
5022 		if (ret < 0)
5023 			break;
5024 		offset += len;
5025 	}
5026 	sctx->cur_inode_next_write_offset = offset;
5027 tlv_put_failure:
5028 	fs_path_free(p);
5029 	return ret;
5030 }
5031 
5032 static int send_extent_data(struct send_ctx *sctx,
5033 			    const u64 offset,
5034 			    const u64 len)
5035 {
5036 	u64 sent = 0;
5037 
5038 	if (sctx->flags & BTRFS_SEND_FLAG_NO_FILE_DATA)
5039 		return send_update_extent(sctx, offset, len);
5040 
5041 	while (sent < len) {
5042 		u64 size = len - sent;
5043 		int ret;
5044 
5045 		if (size > BTRFS_SEND_READ_SIZE)
5046 			size = BTRFS_SEND_READ_SIZE;
5047 		ret = send_write(sctx, offset + sent, size);
5048 		if (ret < 0)
5049 			return ret;
5050 		if (!ret)
5051 			break;
5052 		sent += ret;
5053 	}
5054 	return 0;
5055 }
5056 
5057 static int clone_range(struct send_ctx *sctx,
5058 		       struct clone_root *clone_root,
5059 		       const u64 disk_byte,
5060 		       u64 data_offset,
5061 		       u64 offset,
5062 		       u64 len)
5063 {
5064 	struct btrfs_path *path;
5065 	struct btrfs_key key;
5066 	int ret;
5067 	u64 clone_src_i_size;
5068 
5069 	/*
5070 	 * Prevent cloning from a zero offset with a length matching the sector
5071 	 * size because in some scenarios this will make the receiver fail.
5072 	 *
5073 	 * For example, if in the source filesystem the extent at offset 0
5074 	 * has a length of sectorsize and it was written using direct IO, then
5075 	 * it can never be an inline extent (even if compression is enabled).
5076 	 * Then this extent can be cloned in the original filesystem to a non
5077 	 * zero file offset, but it may not be possible to clone in the
5078 	 * destination filesystem because it can be inlined due to compression
5079 	 * on the destination filesystem (as the receiver's write operations are
5080 	 * always done using buffered IO). The same happens when the original
5081 	 * filesystem does not have compression enabled but the destination
5082 	 * filesystem has.
5083 	 */
5084 	if (clone_root->offset == 0 &&
5085 	    len == sctx->send_root->fs_info->sectorsize)
5086 		return send_extent_data(sctx, offset, len);
5087 
5088 	path = alloc_path_for_send();
5089 	if (!path)
5090 		return -ENOMEM;
5091 
5092 	/*
5093 	 * There are inodes that have extents that lie behind its i_size. Don't
5094 	 * accept clones from these extents.
5095 	 */
5096 	ret = __get_inode_info(clone_root->root, path, clone_root->ino,
5097 			       &clone_src_i_size, NULL, NULL, NULL, NULL, NULL);
5098 	btrfs_release_path(path);
5099 	if (ret < 0)
5100 		goto out;
5101 
5102 	/*
5103 	 * We can't send a clone operation for the entire range if we find
5104 	 * extent items in the respective range in the source file that
5105 	 * refer to different extents or if we find holes.
5106 	 * So check for that and do a mix of clone and regular write/copy
5107 	 * operations if needed.
5108 	 *
5109 	 * Example:
5110 	 *
5111 	 * mkfs.btrfs -f /dev/sda
5112 	 * mount /dev/sda /mnt
5113 	 * xfs_io -f -c "pwrite -S 0xaa 0K 100K" /mnt/foo
5114 	 * cp --reflink=always /mnt/foo /mnt/bar
5115 	 * xfs_io -c "pwrite -S 0xbb 50K 50K" /mnt/foo
5116 	 * btrfs subvolume snapshot -r /mnt /mnt/snap
5117 	 *
5118 	 * If when we send the snapshot and we are processing file bar (which
5119 	 * has a higher inode number than foo) we blindly send a clone operation
5120 	 * for the [0, 100K[ range from foo to bar, the receiver ends up getting
5121 	 * a file bar that matches the content of file foo - iow, doesn't match
5122 	 * the content from bar in the original filesystem.
5123 	 */
5124 	key.objectid = clone_root->ino;
5125 	key.type = BTRFS_EXTENT_DATA_KEY;
5126 	key.offset = clone_root->offset;
5127 	ret = btrfs_search_slot(NULL, clone_root->root, &key, path, 0, 0);
5128 	if (ret < 0)
5129 		goto out;
5130 	if (ret > 0 && path->slots[0] > 0) {
5131 		btrfs_item_key_to_cpu(path->nodes[0], &key, path->slots[0] - 1);
5132 		if (key.objectid == clone_root->ino &&
5133 		    key.type == BTRFS_EXTENT_DATA_KEY)
5134 			path->slots[0]--;
5135 	}
5136 
5137 	while (true) {
5138 		struct extent_buffer *leaf = path->nodes[0];
5139 		int slot = path->slots[0];
5140 		struct btrfs_file_extent_item *ei;
5141 		u8 type;
5142 		u64 ext_len;
5143 		u64 clone_len;
5144 		u64 clone_data_offset;
5145 
5146 		if (slot >= btrfs_header_nritems(leaf)) {
5147 			ret = btrfs_next_leaf(clone_root->root, path);
5148 			if (ret < 0)
5149 				goto out;
5150 			else if (ret > 0)
5151 				break;
5152 			continue;
5153 		}
5154 
5155 		btrfs_item_key_to_cpu(leaf, &key, slot);
5156 
5157 		/*
5158 		 * We might have an implicit trailing hole (NO_HOLES feature
5159 		 * enabled). We deal with it after leaving this loop.
5160 		 */
5161 		if (key.objectid != clone_root->ino ||
5162 		    key.type != BTRFS_EXTENT_DATA_KEY)
5163 			break;
5164 
5165 		ei = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item);
5166 		type = btrfs_file_extent_type(leaf, ei);
5167 		if (type == BTRFS_FILE_EXTENT_INLINE) {
5168 			ext_len = btrfs_file_extent_ram_bytes(leaf, ei);
5169 			ext_len = PAGE_ALIGN(ext_len);
5170 		} else {
5171 			ext_len = btrfs_file_extent_num_bytes(leaf, ei);
5172 		}
5173 
5174 		if (key.offset + ext_len <= clone_root->offset)
5175 			goto next;
5176 
5177 		if (key.offset > clone_root->offset) {
5178 			/* Implicit hole, NO_HOLES feature enabled. */
5179 			u64 hole_len = key.offset - clone_root->offset;
5180 
5181 			if (hole_len > len)
5182 				hole_len = len;
5183 			ret = send_extent_data(sctx, offset, hole_len);
5184 			if (ret < 0)
5185 				goto out;
5186 
5187 			len -= hole_len;
5188 			if (len == 0)
5189 				break;
5190 			offset += hole_len;
5191 			clone_root->offset += hole_len;
5192 			data_offset += hole_len;
5193 		}
5194 
5195 		if (key.offset >= clone_root->offset + len)
5196 			break;
5197 
5198 		if (key.offset >= clone_src_i_size)
5199 			break;
5200 
5201 		if (key.offset + ext_len > clone_src_i_size)
5202 			ext_len = clone_src_i_size - key.offset;
5203 
5204 		clone_data_offset = btrfs_file_extent_offset(leaf, ei);
5205 		if (btrfs_file_extent_disk_bytenr(leaf, ei) == disk_byte) {
5206 			clone_root->offset = key.offset;
5207 			if (clone_data_offset < data_offset &&
5208 				clone_data_offset + ext_len > data_offset) {
5209 				u64 extent_offset;
5210 
5211 				extent_offset = data_offset - clone_data_offset;
5212 				ext_len -= extent_offset;
5213 				clone_data_offset += extent_offset;
5214 				clone_root->offset += extent_offset;
5215 			}
5216 		}
5217 
5218 		clone_len = min_t(u64, ext_len, len);
5219 
5220 		if (btrfs_file_extent_disk_bytenr(leaf, ei) == disk_byte &&
5221 		    clone_data_offset == data_offset)
5222 			ret = send_clone(sctx, offset, clone_len, clone_root);
5223 		else
5224 			ret = send_extent_data(sctx, offset, clone_len);
5225 
5226 		if (ret < 0)
5227 			goto out;
5228 
5229 		len -= clone_len;
5230 		if (len == 0)
5231 			break;
5232 		offset += clone_len;
5233 		clone_root->offset += clone_len;
5234 		data_offset += clone_len;
5235 next:
5236 		path->slots[0]++;
5237 	}
5238 
5239 	if (len > 0)
5240 		ret = send_extent_data(sctx, offset, len);
5241 	else
5242 		ret = 0;
5243 out:
5244 	btrfs_free_path(path);
5245 	return ret;
5246 }
5247 
5248 static int send_write_or_clone(struct send_ctx *sctx,
5249 			       struct btrfs_path *path,
5250 			       struct btrfs_key *key,
5251 			       struct clone_root *clone_root)
5252 {
5253 	int ret = 0;
5254 	struct btrfs_file_extent_item *ei;
5255 	u64 offset = key->offset;
5256 	u64 len;
5257 	u8 type;
5258 	u64 bs = sctx->send_root->fs_info->sb->s_blocksize;
5259 
5260 	ei = btrfs_item_ptr(path->nodes[0], path->slots[0],
5261 			struct btrfs_file_extent_item);
5262 	type = btrfs_file_extent_type(path->nodes[0], ei);
5263 	if (type == BTRFS_FILE_EXTENT_INLINE) {
5264 		len = btrfs_file_extent_ram_bytes(path->nodes[0], ei);
5265 		/*
5266 		 * it is possible the inline item won't cover the whole page,
5267 		 * but there may be items after this page.  Make
5268 		 * sure to send the whole thing
5269 		 */
5270 		len = PAGE_ALIGN(len);
5271 	} else {
5272 		len = btrfs_file_extent_num_bytes(path->nodes[0], ei);
5273 	}
5274 
5275 	if (offset >= sctx->cur_inode_size) {
5276 		ret = 0;
5277 		goto out;
5278 	}
5279 	if (offset + len > sctx->cur_inode_size)
5280 		len = sctx->cur_inode_size - offset;
5281 	if (len == 0) {
5282 		ret = 0;
5283 		goto out;
5284 	}
5285 
5286 	if (clone_root && IS_ALIGNED(offset + len, bs)) {
5287 		u64 disk_byte;
5288 		u64 data_offset;
5289 
5290 		disk_byte = btrfs_file_extent_disk_bytenr(path->nodes[0], ei);
5291 		data_offset = btrfs_file_extent_offset(path->nodes[0], ei);
5292 		ret = clone_range(sctx, clone_root, disk_byte, data_offset,
5293 				  offset, len);
5294 	} else {
5295 		ret = send_extent_data(sctx, offset, len);
5296 	}
5297 	sctx->cur_inode_next_write_offset = offset + len;
5298 out:
5299 	return ret;
5300 }
5301 
5302 static int is_extent_unchanged(struct send_ctx *sctx,
5303 			       struct btrfs_path *left_path,
5304 			       struct btrfs_key *ekey)
5305 {
5306 	int ret = 0;
5307 	struct btrfs_key key;
5308 	struct btrfs_path *path = NULL;
5309 	struct extent_buffer *eb;
5310 	int slot;
5311 	struct btrfs_key found_key;
5312 	struct btrfs_file_extent_item *ei;
5313 	u64 left_disknr;
5314 	u64 right_disknr;
5315 	u64 left_offset;
5316 	u64 right_offset;
5317 	u64 left_offset_fixed;
5318 	u64 left_len;
5319 	u64 right_len;
5320 	u64 left_gen;
5321 	u64 right_gen;
5322 	u8 left_type;
5323 	u8 right_type;
5324 
5325 	path = alloc_path_for_send();
5326 	if (!path)
5327 		return -ENOMEM;
5328 
5329 	eb = left_path->nodes[0];
5330 	slot = left_path->slots[0];
5331 	ei = btrfs_item_ptr(eb, slot, struct btrfs_file_extent_item);
5332 	left_type = btrfs_file_extent_type(eb, ei);
5333 
5334 	if (left_type != BTRFS_FILE_EXTENT_REG) {
5335 		ret = 0;
5336 		goto out;
5337 	}
5338 	left_disknr = btrfs_file_extent_disk_bytenr(eb, ei);
5339 	left_len = btrfs_file_extent_num_bytes(eb, ei);
5340 	left_offset = btrfs_file_extent_offset(eb, ei);
5341 	left_gen = btrfs_file_extent_generation(eb, ei);
5342 
5343 	/*
5344 	 * Following comments will refer to these graphics. L is the left
5345 	 * extents which we are checking at the moment. 1-8 are the right
5346 	 * extents that we iterate.
5347 	 *
5348 	 *       |-----L-----|
5349 	 * |-1-|-2a-|-3-|-4-|-5-|-6-|
5350 	 *
5351 	 *       |-----L-----|
5352 	 * |--1--|-2b-|...(same as above)
5353 	 *
5354 	 * Alternative situation. Happens on files where extents got split.
5355 	 *       |-----L-----|
5356 	 * |-----------7-----------|-6-|
5357 	 *
5358 	 * Alternative situation. Happens on files which got larger.
5359 	 *       |-----L-----|
5360 	 * |-8-|
5361 	 * Nothing follows after 8.
5362 	 */
5363 
5364 	key.objectid = ekey->objectid;
5365 	key.type = BTRFS_EXTENT_DATA_KEY;
5366 	key.offset = ekey->offset;
5367 	ret = btrfs_search_slot_for_read(sctx->parent_root, &key, path, 0, 0);
5368 	if (ret < 0)
5369 		goto out;
5370 	if (ret) {
5371 		ret = 0;
5372 		goto out;
5373 	}
5374 
5375 	/*
5376 	 * Handle special case where the right side has no extents at all.
5377 	 */
5378 	eb = path->nodes[0];
5379 	slot = path->slots[0];
5380 	btrfs_item_key_to_cpu(eb, &found_key, slot);
5381 	if (found_key.objectid != key.objectid ||
5382 	    found_key.type != key.type) {
5383 		/* If we're a hole then just pretend nothing changed */
5384 		ret = (left_disknr) ? 0 : 1;
5385 		goto out;
5386 	}
5387 
5388 	/*
5389 	 * We're now on 2a, 2b or 7.
5390 	 */
5391 	key = found_key;
5392 	while (key.offset < ekey->offset + left_len) {
5393 		ei = btrfs_item_ptr(eb, slot, struct btrfs_file_extent_item);
5394 		right_type = btrfs_file_extent_type(eb, ei);
5395 		if (right_type != BTRFS_FILE_EXTENT_REG &&
5396 		    right_type != BTRFS_FILE_EXTENT_INLINE) {
5397 			ret = 0;
5398 			goto out;
5399 		}
5400 
5401 		if (right_type == BTRFS_FILE_EXTENT_INLINE) {
5402 			right_len = btrfs_file_extent_ram_bytes(eb, ei);
5403 			right_len = PAGE_ALIGN(right_len);
5404 		} else {
5405 			right_len = btrfs_file_extent_num_bytes(eb, ei);
5406 		}
5407 
5408 		/*
5409 		 * Are we at extent 8? If yes, we know the extent is changed.
5410 		 * This may only happen on the first iteration.
5411 		 */
5412 		if (found_key.offset + right_len <= ekey->offset) {
5413 			/* If we're a hole just pretend nothing changed */
5414 			ret = (left_disknr) ? 0 : 1;
5415 			goto out;
5416 		}
5417 
5418 		/*
5419 		 * We just wanted to see if when we have an inline extent, what
5420 		 * follows it is a regular extent (wanted to check the above
5421 		 * condition for inline extents too). This should normally not
5422 		 * happen but it's possible for example when we have an inline
5423 		 * compressed extent representing data with a size matching
5424 		 * the page size (currently the same as sector size).
5425 		 */
5426 		if (right_type == BTRFS_FILE_EXTENT_INLINE) {
5427 			ret = 0;
5428 			goto out;
5429 		}
5430 
5431 		right_disknr = btrfs_file_extent_disk_bytenr(eb, ei);
5432 		right_offset = btrfs_file_extent_offset(eb, ei);
5433 		right_gen = btrfs_file_extent_generation(eb, ei);
5434 
5435 		left_offset_fixed = left_offset;
5436 		if (key.offset < ekey->offset) {
5437 			/* Fix the right offset for 2a and 7. */
5438 			right_offset += ekey->offset - key.offset;
5439 		} else {
5440 			/* Fix the left offset for all behind 2a and 2b */
5441 			left_offset_fixed += key.offset - ekey->offset;
5442 		}
5443 
5444 		/*
5445 		 * Check if we have the same extent.
5446 		 */
5447 		if (left_disknr != right_disknr ||
5448 		    left_offset_fixed != right_offset ||
5449 		    left_gen != right_gen) {
5450 			ret = 0;
5451 			goto out;
5452 		}
5453 
5454 		/*
5455 		 * Go to the next extent.
5456 		 */
5457 		ret = btrfs_next_item(sctx->parent_root, path);
5458 		if (ret < 0)
5459 			goto out;
5460 		if (!ret) {
5461 			eb = path->nodes[0];
5462 			slot = path->slots[0];
5463 			btrfs_item_key_to_cpu(eb, &found_key, slot);
5464 		}
5465 		if (ret || found_key.objectid != key.objectid ||
5466 		    found_key.type != key.type) {
5467 			key.offset += right_len;
5468 			break;
5469 		}
5470 		if (found_key.offset != key.offset + right_len) {
5471 			ret = 0;
5472 			goto out;
5473 		}
5474 		key = found_key;
5475 	}
5476 
5477 	/*
5478 	 * We're now behind the left extent (treat as unchanged) or at the end
5479 	 * of the right side (treat as changed).
5480 	 */
5481 	if (key.offset >= ekey->offset + left_len)
5482 		ret = 1;
5483 	else
5484 		ret = 0;
5485 
5486 
5487 out:
5488 	btrfs_free_path(path);
5489 	return ret;
5490 }
5491 
5492 static int get_last_extent(struct send_ctx *sctx, u64 offset)
5493 {
5494 	struct btrfs_path *path;
5495 	struct btrfs_root *root = sctx->send_root;
5496 	struct btrfs_file_extent_item *fi;
5497 	struct btrfs_key key;
5498 	u64 extent_end;
5499 	u8 type;
5500 	int ret;
5501 
5502 	path = alloc_path_for_send();
5503 	if (!path)
5504 		return -ENOMEM;
5505 
5506 	sctx->cur_inode_last_extent = 0;
5507 
5508 	key.objectid = sctx->cur_ino;
5509 	key.type = BTRFS_EXTENT_DATA_KEY;
5510 	key.offset = offset;
5511 	ret = btrfs_search_slot_for_read(root, &key, path, 0, 1);
5512 	if (ret < 0)
5513 		goto out;
5514 	ret = 0;
5515 	btrfs_item_key_to_cpu(path->nodes[0], &key, path->slots[0]);
5516 	if (key.objectid != sctx->cur_ino || key.type != BTRFS_EXTENT_DATA_KEY)
5517 		goto out;
5518 
5519 	fi = btrfs_item_ptr(path->nodes[0], path->slots[0],
5520 			    struct btrfs_file_extent_item);
5521 	type = btrfs_file_extent_type(path->nodes[0], fi);
5522 	if (type == BTRFS_FILE_EXTENT_INLINE) {
5523 		u64 size = btrfs_file_extent_ram_bytes(path->nodes[0], fi);
5524 		extent_end = ALIGN(key.offset + size,
5525 				   sctx->send_root->fs_info->sectorsize);
5526 	} else {
5527 		extent_end = key.offset +
5528 			btrfs_file_extent_num_bytes(path->nodes[0], fi);
5529 	}
5530 	sctx->cur_inode_last_extent = extent_end;
5531 out:
5532 	btrfs_free_path(path);
5533 	return ret;
5534 }
5535 
5536 static int range_is_hole_in_parent(struct send_ctx *sctx,
5537 				   const u64 start,
5538 				   const u64 end)
5539 {
5540 	struct btrfs_path *path;
5541 	struct btrfs_key key;
5542 	struct btrfs_root *root = sctx->parent_root;
5543 	u64 search_start = start;
5544 	int ret;
5545 
5546 	path = alloc_path_for_send();
5547 	if (!path)
5548 		return -ENOMEM;
5549 
5550 	key.objectid = sctx->cur_ino;
5551 	key.type = BTRFS_EXTENT_DATA_KEY;
5552 	key.offset = search_start;
5553 	ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
5554 	if (ret < 0)
5555 		goto out;
5556 	if (ret > 0 && path->slots[0] > 0)
5557 		path->slots[0]--;
5558 
5559 	while (search_start < end) {
5560 		struct extent_buffer *leaf = path->nodes[0];
5561 		int slot = path->slots[0];
5562 		struct btrfs_file_extent_item *fi;
5563 		u64 extent_end;
5564 
5565 		if (slot >= btrfs_header_nritems(leaf)) {
5566 			ret = btrfs_next_leaf(root, path);
5567 			if (ret < 0)
5568 				goto out;
5569 			else if (ret > 0)
5570 				break;
5571 			continue;
5572 		}
5573 
5574 		btrfs_item_key_to_cpu(leaf, &key, slot);
5575 		if (key.objectid < sctx->cur_ino ||
5576 		    key.type < BTRFS_EXTENT_DATA_KEY)
5577 			goto next;
5578 		if (key.objectid > sctx->cur_ino ||
5579 		    key.type > BTRFS_EXTENT_DATA_KEY ||
5580 		    key.offset >= end)
5581 			break;
5582 
5583 		fi = btrfs_item_ptr(leaf, slot, struct btrfs_file_extent_item);
5584 		if (btrfs_file_extent_type(leaf, fi) ==
5585 		    BTRFS_FILE_EXTENT_INLINE) {
5586 			u64 size = btrfs_file_extent_ram_bytes(leaf, fi);
5587 
5588 			extent_end = ALIGN(key.offset + size,
5589 					   root->fs_info->sectorsize);
5590 		} else {
5591 			extent_end = key.offset +
5592 				btrfs_file_extent_num_bytes(leaf, fi);
5593 		}
5594 		if (extent_end <= start)
5595 			goto next;
5596 		if (btrfs_file_extent_disk_bytenr(leaf, fi) == 0) {
5597 			search_start = extent_end;
5598 			goto next;
5599 		}
5600 		ret = 0;
5601 		goto out;
5602 next:
5603 		path->slots[0]++;
5604 	}
5605 	ret = 1;
5606 out:
5607 	btrfs_free_path(path);
5608 	return ret;
5609 }
5610 
5611 static int maybe_send_hole(struct send_ctx *sctx, struct btrfs_path *path,
5612 			   struct btrfs_key *key)
5613 {
5614 	struct btrfs_file_extent_item *fi;
5615 	u64 extent_end;
5616 	u8 type;
5617 	int ret = 0;
5618 
5619 	if (sctx->cur_ino != key->objectid || !need_send_hole(sctx))
5620 		return 0;
5621 
5622 	if (sctx->cur_inode_last_extent == (u64)-1) {
5623 		ret = get_last_extent(sctx, key->offset - 1);
5624 		if (ret)
5625 			return ret;
5626 	}
5627 
5628 	fi = btrfs_item_ptr(path->nodes[0], path->slots[0],
5629 			    struct btrfs_file_extent_item);
5630 	type = btrfs_file_extent_type(path->nodes[0], fi);
5631 	if (type == BTRFS_FILE_EXTENT_INLINE) {
5632 		u64 size = btrfs_file_extent_ram_bytes(path->nodes[0], fi);
5633 		extent_end = ALIGN(key->offset + size,
5634 				   sctx->send_root->fs_info->sectorsize);
5635 	} else {
5636 		extent_end = key->offset +
5637 			btrfs_file_extent_num_bytes(path->nodes[0], fi);
5638 	}
5639 
5640 	if (path->slots[0] == 0 &&
5641 	    sctx->cur_inode_last_extent < key->offset) {
5642 		/*
5643 		 * We might have skipped entire leafs that contained only
5644 		 * file extent items for our current inode. These leafs have
5645 		 * a generation number smaller (older) than the one in the
5646 		 * current leaf and the leaf our last extent came from, and
5647 		 * are located between these 2 leafs.
5648 		 */
5649 		ret = get_last_extent(sctx, key->offset - 1);
5650 		if (ret)
5651 			return ret;
5652 	}
5653 
5654 	if (sctx->cur_inode_last_extent < key->offset) {
5655 		ret = range_is_hole_in_parent(sctx,
5656 					      sctx->cur_inode_last_extent,
5657 					      key->offset);
5658 		if (ret < 0)
5659 			return ret;
5660 		else if (ret == 0)
5661 			ret = send_hole(sctx, key->offset);
5662 		else
5663 			ret = 0;
5664 	}
5665 	sctx->cur_inode_last_extent = extent_end;
5666 	return ret;
5667 }
5668 
5669 static int process_extent(struct send_ctx *sctx,
5670 			  struct btrfs_path *path,
5671 			  struct btrfs_key *key)
5672 {
5673 	struct clone_root *found_clone = NULL;
5674 	int ret = 0;
5675 
5676 	if (S_ISLNK(sctx->cur_inode_mode))
5677 		return 0;
5678 
5679 	if (sctx->parent_root && !sctx->cur_inode_new) {
5680 		ret = is_extent_unchanged(sctx, path, key);
5681 		if (ret < 0)
5682 			goto out;
5683 		if (ret) {
5684 			ret = 0;
5685 			goto out_hole;
5686 		}
5687 	} else {
5688 		struct btrfs_file_extent_item *ei;
5689 		u8 type;
5690 
5691 		ei = btrfs_item_ptr(path->nodes[0], path->slots[0],
5692 				    struct btrfs_file_extent_item);
5693 		type = btrfs_file_extent_type(path->nodes[0], ei);
5694 		if (type == BTRFS_FILE_EXTENT_PREALLOC ||
5695 		    type == BTRFS_FILE_EXTENT_REG) {
5696 			/*
5697 			 * The send spec does not have a prealloc command yet,
5698 			 * so just leave a hole for prealloc'ed extents until
5699 			 * we have enough commands queued up to justify rev'ing
5700 			 * the send spec.
5701 			 */
5702 			if (type == BTRFS_FILE_EXTENT_PREALLOC) {
5703 				ret = 0;
5704 				goto out;
5705 			}
5706 
5707 			/* Have a hole, just skip it. */
5708 			if (btrfs_file_extent_disk_bytenr(path->nodes[0], ei) == 0) {
5709 				ret = 0;
5710 				goto out;
5711 			}
5712 		}
5713 	}
5714 
5715 	ret = find_extent_clone(sctx, path, key->objectid, key->offset,
5716 			sctx->cur_inode_size, &found_clone);
5717 	if (ret != -ENOENT && ret < 0)
5718 		goto out;
5719 
5720 	ret = send_write_or_clone(sctx, path, key, found_clone);
5721 	if (ret)
5722 		goto out;
5723 out_hole:
5724 	ret = maybe_send_hole(sctx, path, key);
5725 out:
5726 	return ret;
5727 }
5728 
5729 static int process_all_extents(struct send_ctx *sctx)
5730 {
5731 	int ret;
5732 	struct btrfs_root *root;
5733 	struct btrfs_path *path;
5734 	struct btrfs_key key;
5735 	struct btrfs_key found_key;
5736 	struct extent_buffer *eb;
5737 	int slot;
5738 
5739 	root = sctx->send_root;
5740 	path = alloc_path_for_send();
5741 	if (!path)
5742 		return -ENOMEM;
5743 
5744 	key.objectid = sctx->cmp_key->objectid;
5745 	key.type = BTRFS_EXTENT_DATA_KEY;
5746 	key.offset = 0;
5747 	ret = btrfs_search_slot(NULL, root, &key, path, 0, 0);
5748 	if (ret < 0)
5749 		goto out;
5750 
5751 	while (1) {
5752 		eb = path->nodes[0];
5753 		slot = path->slots[0];
5754 
5755 		if (slot >= btrfs_header_nritems(eb)) {
5756 			ret = btrfs_next_leaf(root, path);
5757 			if (ret < 0) {
5758 				goto out;
5759 			} else if (ret > 0) {
5760 				ret = 0;
5761 				break;
5762 			}
5763 			continue;
5764 		}
5765 
5766 		btrfs_item_key_to_cpu(eb, &found_key, slot);
5767 
5768 		if (found_key.objectid != key.objectid ||
5769 		    found_key.type != key.type) {
5770 			ret = 0;
5771 			goto out;
5772 		}
5773 
5774 		ret = process_extent(sctx, path, &found_key);
5775 		if (ret < 0)
5776 			goto out;
5777 
5778 		path->slots[0]++;
5779 	}
5780 
5781 out:
5782 	btrfs_free_path(path);
5783 	return ret;
5784 }
5785 
5786 static int process_recorded_refs_if_needed(struct send_ctx *sctx, int at_end,
5787 					   int *pending_move,
5788 					   int *refs_processed)
5789 {
5790 	int ret = 0;
5791 
5792 	if (sctx->cur_ino == 0)
5793 		goto out;
5794 	if (!at_end && sctx->cur_ino == sctx->cmp_key->objectid &&
5795 	    sctx->cmp_key->type <= BTRFS_INODE_EXTREF_KEY)
5796 		goto out;
5797 	if (list_empty(&sctx->new_refs) && list_empty(&sctx->deleted_refs))
5798 		goto out;
5799 
5800 	ret = process_recorded_refs(sctx, pending_move);
5801 	if (ret < 0)
5802 		goto out;
5803 
5804 	*refs_processed = 1;
5805 out:
5806 	return ret;
5807 }
5808 
5809 static int finish_inode_if_needed(struct send_ctx *sctx, int at_end)
5810 {
5811 	int ret = 0;
5812 	u64 left_mode;
5813 	u64 left_uid;
5814 	u64 left_gid;
5815 	u64 right_mode;
5816 	u64 right_uid;
5817 	u64 right_gid;
5818 	int need_chmod = 0;
5819 	int need_chown = 0;
5820 	int need_truncate = 1;
5821 	int pending_move = 0;
5822 	int refs_processed = 0;
5823 
5824 	if (sctx->ignore_cur_inode)
5825 		return 0;
5826 
5827 	ret = process_recorded_refs_if_needed(sctx, at_end, &pending_move,
5828 					      &refs_processed);
5829 	if (ret < 0)
5830 		goto out;
5831 
5832 	/*
5833 	 * We have processed the refs and thus need to advance send_progress.
5834 	 * Now, calls to get_cur_xxx will take the updated refs of the current
5835 	 * inode into account.
5836 	 *
5837 	 * On the other hand, if our current inode is a directory and couldn't
5838 	 * be moved/renamed because its parent was renamed/moved too and it has
5839 	 * a higher inode number, we can only move/rename our current inode
5840 	 * after we moved/renamed its parent. Therefore in this case operate on
5841 	 * the old path (pre move/rename) of our current inode, and the
5842 	 * move/rename will be performed later.
5843 	 */
5844 	if (refs_processed && !pending_move)
5845 		sctx->send_progress = sctx->cur_ino + 1;
5846 
5847 	if (sctx->cur_ino == 0 || sctx->cur_inode_deleted)
5848 		goto out;
5849 	if (!at_end && sctx->cmp_key->objectid == sctx->cur_ino)
5850 		goto out;
5851 
5852 	ret = get_inode_info(sctx->send_root, sctx->cur_ino, NULL, NULL,
5853 			&left_mode, &left_uid, &left_gid, NULL);
5854 	if (ret < 0)
5855 		goto out;
5856 
5857 	if (!sctx->parent_root || sctx->cur_inode_new) {
5858 		need_chown = 1;
5859 		if (!S_ISLNK(sctx->cur_inode_mode))
5860 			need_chmod = 1;
5861 		if (sctx->cur_inode_next_write_offset == sctx->cur_inode_size)
5862 			need_truncate = 0;
5863 	} else {
5864 		u64 old_size;
5865 
5866 		ret = get_inode_info(sctx->parent_root, sctx->cur_ino,
5867 				&old_size, NULL, &right_mode, &right_uid,
5868 				&right_gid, NULL);
5869 		if (ret < 0)
5870 			goto out;
5871 
5872 		if (left_uid != right_uid || left_gid != right_gid)
5873 			need_chown = 1;
5874 		if (!S_ISLNK(sctx->cur_inode_mode) && left_mode != right_mode)
5875 			need_chmod = 1;
5876 		if ((old_size == sctx->cur_inode_size) ||
5877 		    (sctx->cur_inode_size > old_size &&
5878 		     sctx->cur_inode_next_write_offset == sctx->cur_inode_size))
5879 			need_truncate = 0;
5880 	}
5881 
5882 	if (S_ISREG(sctx->cur_inode_mode)) {
5883 		if (need_send_hole(sctx)) {
5884 			if (sctx->cur_inode_last_extent == (u64)-1 ||
5885 			    sctx->cur_inode_last_extent <
5886 			    sctx->cur_inode_size) {
5887 				ret = get_last_extent(sctx, (u64)-1);
5888 				if (ret)
5889 					goto out;
5890 			}
5891 			if (sctx->cur_inode_last_extent <
5892 			    sctx->cur_inode_size) {
5893 				ret = send_hole(sctx, sctx->cur_inode_size);
5894 				if (ret)
5895 					goto out;
5896 			}
5897 		}
5898 		if (need_truncate) {
5899 			ret = send_truncate(sctx, sctx->cur_ino,
5900 					    sctx->cur_inode_gen,
5901 					    sctx->cur_inode_size);
5902 			if (ret < 0)
5903 				goto out;
5904 		}
5905 	}
5906 
5907 	if (need_chown) {
5908 		ret = send_chown(sctx, sctx->cur_ino, sctx->cur_inode_gen,
5909 				left_uid, left_gid);
5910 		if (ret < 0)
5911 			goto out;
5912 	}
5913 	if (need_chmod) {
5914 		ret = send_chmod(sctx, sctx->cur_ino, sctx->cur_inode_gen,
5915 				left_mode);
5916 		if (ret < 0)
5917 			goto out;
5918 	}
5919 
5920 	/*
5921 	 * If other directory inodes depended on our current directory
5922 	 * inode's move/rename, now do their move/rename operations.
5923 	 */
5924 	if (!is_waiting_for_move(sctx, sctx->cur_ino)) {
5925 		ret = apply_children_dir_moves(sctx);
5926 		if (ret)
5927 			goto out;
5928 		/*
5929 		 * Need to send that every time, no matter if it actually
5930 		 * changed between the two trees as we have done changes to
5931 		 * the inode before. If our inode is a directory and it's
5932 		 * waiting to be moved/renamed, we will send its utimes when
5933 		 * it's moved/renamed, therefore we don't need to do it here.
5934 		 */
5935 		sctx->send_progress = sctx->cur_ino + 1;
5936 		ret = send_utimes(sctx, sctx->cur_ino, sctx->cur_inode_gen);
5937 		if (ret < 0)
5938 			goto out;
5939 	}
5940 
5941 out:
5942 	return ret;
5943 }
5944 
5945 struct parent_paths_ctx {
5946 	struct list_head *refs;
5947 	struct send_ctx *sctx;
5948 };
5949 
5950 static int record_parent_ref(int num, u64 dir, int index, struct fs_path *name,
5951 			     void *ctx)
5952 {
5953 	struct parent_paths_ctx *ppctx = ctx;
5954 
5955 	return record_ref(ppctx->sctx->parent_root, dir, name, ppctx->sctx,
5956 			  ppctx->refs);
5957 }
5958 
5959 /*
5960  * Issue unlink operations for all paths of the current inode found in the
5961  * parent snapshot.
5962  */
5963 static int btrfs_unlink_all_paths(struct send_ctx *sctx)
5964 {
5965 	LIST_HEAD(deleted_refs);
5966 	struct btrfs_path *path;
5967 	struct btrfs_key key;
5968 	struct parent_paths_ctx ctx;
5969 	int ret;
5970 
5971 	path = alloc_path_for_send();
5972 	if (!path)
5973 		return -ENOMEM;
5974 
5975 	key.objectid = sctx->cur_ino;
5976 	key.type = BTRFS_INODE_REF_KEY;
5977 	key.offset = 0;
5978 	ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0);
5979 	if (ret < 0)
5980 		goto out;
5981 
5982 	ctx.refs = &deleted_refs;
5983 	ctx.sctx = sctx;
5984 
5985 	while (true) {
5986 		struct extent_buffer *eb = path->nodes[0];
5987 		int slot = path->slots[0];
5988 
5989 		if (slot >= btrfs_header_nritems(eb)) {
5990 			ret = btrfs_next_leaf(sctx->parent_root, path);
5991 			if (ret < 0)
5992 				goto out;
5993 			else if (ret > 0)
5994 				break;
5995 			continue;
5996 		}
5997 
5998 		btrfs_item_key_to_cpu(eb, &key, slot);
5999 		if (key.objectid != sctx->cur_ino)
6000 			break;
6001 		if (key.type != BTRFS_INODE_REF_KEY &&
6002 		    key.type != BTRFS_INODE_EXTREF_KEY)
6003 			break;
6004 
6005 		ret = iterate_inode_ref(sctx->parent_root, path, &key, 1,
6006 					record_parent_ref, &ctx);
6007 		if (ret < 0)
6008 			goto out;
6009 
6010 		path->slots[0]++;
6011 	}
6012 
6013 	while (!list_empty(&deleted_refs)) {
6014 		struct recorded_ref *ref;
6015 
6016 		ref = list_first_entry(&deleted_refs, struct recorded_ref, list);
6017 		ret = send_unlink(sctx, ref->full_path);
6018 		if (ret < 0)
6019 			goto out;
6020 		fs_path_free(ref->full_path);
6021 		list_del(&ref->list);
6022 		kfree(ref);
6023 	}
6024 	ret = 0;
6025 out:
6026 	btrfs_free_path(path);
6027 	if (ret)
6028 		__free_recorded_refs(&deleted_refs);
6029 	return ret;
6030 }
6031 
6032 static int changed_inode(struct send_ctx *sctx,
6033 			 enum btrfs_compare_tree_result result)
6034 {
6035 	int ret = 0;
6036 	struct btrfs_key *key = sctx->cmp_key;
6037 	struct btrfs_inode_item *left_ii = NULL;
6038 	struct btrfs_inode_item *right_ii = NULL;
6039 	u64 left_gen = 0;
6040 	u64 right_gen = 0;
6041 
6042 	sctx->cur_ino = key->objectid;
6043 	sctx->cur_inode_new_gen = 0;
6044 	sctx->cur_inode_last_extent = (u64)-1;
6045 	sctx->cur_inode_next_write_offset = 0;
6046 	sctx->ignore_cur_inode = false;
6047 
6048 	/*
6049 	 * Set send_progress to current inode. This will tell all get_cur_xxx
6050 	 * functions that the current inode's refs are not updated yet. Later,
6051 	 * when process_recorded_refs is finished, it is set to cur_ino + 1.
6052 	 */
6053 	sctx->send_progress = sctx->cur_ino;
6054 
6055 	if (result == BTRFS_COMPARE_TREE_NEW ||
6056 	    result == BTRFS_COMPARE_TREE_CHANGED) {
6057 		left_ii = btrfs_item_ptr(sctx->left_path->nodes[0],
6058 				sctx->left_path->slots[0],
6059 				struct btrfs_inode_item);
6060 		left_gen = btrfs_inode_generation(sctx->left_path->nodes[0],
6061 				left_ii);
6062 	} else {
6063 		right_ii = btrfs_item_ptr(sctx->right_path->nodes[0],
6064 				sctx->right_path->slots[0],
6065 				struct btrfs_inode_item);
6066 		right_gen = btrfs_inode_generation(sctx->right_path->nodes[0],
6067 				right_ii);
6068 	}
6069 	if (result == BTRFS_COMPARE_TREE_CHANGED) {
6070 		right_ii = btrfs_item_ptr(sctx->right_path->nodes[0],
6071 				sctx->right_path->slots[0],
6072 				struct btrfs_inode_item);
6073 
6074 		right_gen = btrfs_inode_generation(sctx->right_path->nodes[0],
6075 				right_ii);
6076 
6077 		/*
6078 		 * The cur_ino = root dir case is special here. We can't treat
6079 		 * the inode as deleted+reused because it would generate a
6080 		 * stream that tries to delete/mkdir the root dir.
6081 		 */
6082 		if (left_gen != right_gen &&
6083 		    sctx->cur_ino != BTRFS_FIRST_FREE_OBJECTID)
6084 			sctx->cur_inode_new_gen = 1;
6085 	}
6086 
6087 	/*
6088 	 * Normally we do not find inodes with a link count of zero (orphans)
6089 	 * because the most common case is to create a snapshot and use it
6090 	 * for a send operation. However other less common use cases involve
6091 	 * using a subvolume and send it after turning it to RO mode just
6092 	 * after deleting all hard links of a file while holding an open
6093 	 * file descriptor against it or turning a RO snapshot into RW mode,
6094 	 * keep an open file descriptor against a file, delete it and then
6095 	 * turn the snapshot back to RO mode before using it for a send
6096 	 * operation. So if we find such cases, ignore the inode and all its
6097 	 * items completely if it's a new inode, or if it's a changed inode
6098 	 * make sure all its previous paths (from the parent snapshot) are all
6099 	 * unlinked and all other the inode items are ignored.
6100 	 */
6101 	if (result == BTRFS_COMPARE_TREE_NEW ||
6102 	    result == BTRFS_COMPARE_TREE_CHANGED) {
6103 		u32 nlinks;
6104 
6105 		nlinks = btrfs_inode_nlink(sctx->left_path->nodes[0], left_ii);
6106 		if (nlinks == 0) {
6107 			sctx->ignore_cur_inode = true;
6108 			if (result == BTRFS_COMPARE_TREE_CHANGED)
6109 				ret = btrfs_unlink_all_paths(sctx);
6110 			goto out;
6111 		}
6112 	}
6113 
6114 	if (result == BTRFS_COMPARE_TREE_NEW) {
6115 		sctx->cur_inode_gen = left_gen;
6116 		sctx->cur_inode_new = 1;
6117 		sctx->cur_inode_deleted = 0;
6118 		sctx->cur_inode_size = btrfs_inode_size(
6119 				sctx->left_path->nodes[0], left_ii);
6120 		sctx->cur_inode_mode = btrfs_inode_mode(
6121 				sctx->left_path->nodes[0], left_ii);
6122 		sctx->cur_inode_rdev = btrfs_inode_rdev(
6123 				sctx->left_path->nodes[0], left_ii);
6124 		if (sctx->cur_ino != BTRFS_FIRST_FREE_OBJECTID)
6125 			ret = send_create_inode_if_needed(sctx);
6126 	} else if (result == BTRFS_COMPARE_TREE_DELETED) {
6127 		sctx->cur_inode_gen = right_gen;
6128 		sctx->cur_inode_new = 0;
6129 		sctx->cur_inode_deleted = 1;
6130 		sctx->cur_inode_size = btrfs_inode_size(
6131 				sctx->right_path->nodes[0], right_ii);
6132 		sctx->cur_inode_mode = btrfs_inode_mode(
6133 				sctx->right_path->nodes[0], right_ii);
6134 	} else if (result == BTRFS_COMPARE_TREE_CHANGED) {
6135 		/*
6136 		 * We need to do some special handling in case the inode was
6137 		 * reported as changed with a changed generation number. This
6138 		 * means that the original inode was deleted and new inode
6139 		 * reused the same inum. So we have to treat the old inode as
6140 		 * deleted and the new one as new.
6141 		 */
6142 		if (sctx->cur_inode_new_gen) {
6143 			/*
6144 			 * First, process the inode as if it was deleted.
6145 			 */
6146 			sctx->cur_inode_gen = right_gen;
6147 			sctx->cur_inode_new = 0;
6148 			sctx->cur_inode_deleted = 1;
6149 			sctx->cur_inode_size = btrfs_inode_size(
6150 					sctx->right_path->nodes[0], right_ii);
6151 			sctx->cur_inode_mode = btrfs_inode_mode(
6152 					sctx->right_path->nodes[0], right_ii);
6153 			ret = process_all_refs(sctx,
6154 					BTRFS_COMPARE_TREE_DELETED);
6155 			if (ret < 0)
6156 				goto out;
6157 
6158 			/*
6159 			 * Now process the inode as if it was new.
6160 			 */
6161 			sctx->cur_inode_gen = left_gen;
6162 			sctx->cur_inode_new = 1;
6163 			sctx->cur_inode_deleted = 0;
6164 			sctx->cur_inode_size = btrfs_inode_size(
6165 					sctx->left_path->nodes[0], left_ii);
6166 			sctx->cur_inode_mode = btrfs_inode_mode(
6167 					sctx->left_path->nodes[0], left_ii);
6168 			sctx->cur_inode_rdev = btrfs_inode_rdev(
6169 					sctx->left_path->nodes[0], left_ii);
6170 			ret = send_create_inode_if_needed(sctx);
6171 			if (ret < 0)
6172 				goto out;
6173 
6174 			ret = process_all_refs(sctx, BTRFS_COMPARE_TREE_NEW);
6175 			if (ret < 0)
6176 				goto out;
6177 			/*
6178 			 * Advance send_progress now as we did not get into
6179 			 * process_recorded_refs_if_needed in the new_gen case.
6180 			 */
6181 			sctx->send_progress = sctx->cur_ino + 1;
6182 
6183 			/*
6184 			 * Now process all extents and xattrs of the inode as if
6185 			 * they were all new.
6186 			 */
6187 			ret = process_all_extents(sctx);
6188 			if (ret < 0)
6189 				goto out;
6190 			ret = process_all_new_xattrs(sctx);
6191 			if (ret < 0)
6192 				goto out;
6193 		} else {
6194 			sctx->cur_inode_gen = left_gen;
6195 			sctx->cur_inode_new = 0;
6196 			sctx->cur_inode_new_gen = 0;
6197 			sctx->cur_inode_deleted = 0;
6198 			sctx->cur_inode_size = btrfs_inode_size(
6199 					sctx->left_path->nodes[0], left_ii);
6200 			sctx->cur_inode_mode = btrfs_inode_mode(
6201 					sctx->left_path->nodes[0], left_ii);
6202 		}
6203 	}
6204 
6205 out:
6206 	return ret;
6207 }
6208 
6209 /*
6210  * We have to process new refs before deleted refs, but compare_trees gives us
6211  * the new and deleted refs mixed. To fix this, we record the new/deleted refs
6212  * first and later process them in process_recorded_refs.
6213  * For the cur_inode_new_gen case, we skip recording completely because
6214  * changed_inode did already initiate processing of refs. The reason for this is
6215  * that in this case, compare_tree actually compares the refs of 2 different
6216  * inodes. To fix this, process_all_refs is used in changed_inode to handle all
6217  * refs of the right tree as deleted and all refs of the left tree as new.
6218  */
6219 static int changed_ref(struct send_ctx *sctx,
6220 		       enum btrfs_compare_tree_result result)
6221 {
6222 	int ret = 0;
6223 
6224 	if (sctx->cur_ino != sctx->cmp_key->objectid) {
6225 		inconsistent_snapshot_error(sctx, result, "reference");
6226 		return -EIO;
6227 	}
6228 
6229 	if (!sctx->cur_inode_new_gen &&
6230 	    sctx->cur_ino != BTRFS_FIRST_FREE_OBJECTID) {
6231 		if (result == BTRFS_COMPARE_TREE_NEW)
6232 			ret = record_new_ref(sctx);
6233 		else if (result == BTRFS_COMPARE_TREE_DELETED)
6234 			ret = record_deleted_ref(sctx);
6235 		else if (result == BTRFS_COMPARE_TREE_CHANGED)
6236 			ret = record_changed_ref(sctx);
6237 	}
6238 
6239 	return ret;
6240 }
6241 
6242 /*
6243  * Process new/deleted/changed xattrs. We skip processing in the
6244  * cur_inode_new_gen case because changed_inode did already initiate processing
6245  * of xattrs. The reason is the same as in changed_ref
6246  */
6247 static int changed_xattr(struct send_ctx *sctx,
6248 			 enum btrfs_compare_tree_result result)
6249 {
6250 	int ret = 0;
6251 
6252 	if (sctx->cur_ino != sctx->cmp_key->objectid) {
6253 		inconsistent_snapshot_error(sctx, result, "xattr");
6254 		return -EIO;
6255 	}
6256 
6257 	if (!sctx->cur_inode_new_gen && !sctx->cur_inode_deleted) {
6258 		if (result == BTRFS_COMPARE_TREE_NEW)
6259 			ret = process_new_xattr(sctx);
6260 		else if (result == BTRFS_COMPARE_TREE_DELETED)
6261 			ret = process_deleted_xattr(sctx);
6262 		else if (result == BTRFS_COMPARE_TREE_CHANGED)
6263 			ret = process_changed_xattr(sctx);
6264 	}
6265 
6266 	return ret;
6267 }
6268 
6269 /*
6270  * Process new/deleted/changed extents. We skip processing in the
6271  * cur_inode_new_gen case because changed_inode did already initiate processing
6272  * of extents. The reason is the same as in changed_ref
6273  */
6274 static int changed_extent(struct send_ctx *sctx,
6275 			  enum btrfs_compare_tree_result result)
6276 {
6277 	int ret = 0;
6278 
6279 	if (sctx->cur_ino != sctx->cmp_key->objectid) {
6280 
6281 		if (result == BTRFS_COMPARE_TREE_CHANGED) {
6282 			struct extent_buffer *leaf_l;
6283 			struct extent_buffer *leaf_r;
6284 			struct btrfs_file_extent_item *ei_l;
6285 			struct btrfs_file_extent_item *ei_r;
6286 
6287 			leaf_l = sctx->left_path->nodes[0];
6288 			leaf_r = sctx->right_path->nodes[0];
6289 			ei_l = btrfs_item_ptr(leaf_l,
6290 					      sctx->left_path->slots[0],
6291 					      struct btrfs_file_extent_item);
6292 			ei_r = btrfs_item_ptr(leaf_r,
6293 					      sctx->right_path->slots[0],
6294 					      struct btrfs_file_extent_item);
6295 
6296 			/*
6297 			 * We may have found an extent item that has changed
6298 			 * only its disk_bytenr field and the corresponding
6299 			 * inode item was not updated. This case happens due to
6300 			 * very specific timings during relocation when a leaf
6301 			 * that contains file extent items is COWed while
6302 			 * relocation is ongoing and its in the stage where it
6303 			 * updates data pointers. So when this happens we can
6304 			 * safely ignore it since we know it's the same extent,
6305 			 * but just at different logical and physical locations
6306 			 * (when an extent is fully replaced with a new one, we
6307 			 * know the generation number must have changed too,
6308 			 * since snapshot creation implies committing the current
6309 			 * transaction, and the inode item must have been updated
6310 			 * as well).
6311 			 * This replacement of the disk_bytenr happens at
6312 			 * relocation.c:replace_file_extents() through
6313 			 * relocation.c:btrfs_reloc_cow_block().
6314 			 */
6315 			if (btrfs_file_extent_generation(leaf_l, ei_l) ==
6316 			    btrfs_file_extent_generation(leaf_r, ei_r) &&
6317 			    btrfs_file_extent_ram_bytes(leaf_l, ei_l) ==
6318 			    btrfs_file_extent_ram_bytes(leaf_r, ei_r) &&
6319 			    btrfs_file_extent_compression(leaf_l, ei_l) ==
6320 			    btrfs_file_extent_compression(leaf_r, ei_r) &&
6321 			    btrfs_file_extent_encryption(leaf_l, ei_l) ==
6322 			    btrfs_file_extent_encryption(leaf_r, ei_r) &&
6323 			    btrfs_file_extent_other_encoding(leaf_l, ei_l) ==
6324 			    btrfs_file_extent_other_encoding(leaf_r, ei_r) &&
6325 			    btrfs_file_extent_type(leaf_l, ei_l) ==
6326 			    btrfs_file_extent_type(leaf_r, ei_r) &&
6327 			    btrfs_file_extent_disk_bytenr(leaf_l, ei_l) !=
6328 			    btrfs_file_extent_disk_bytenr(leaf_r, ei_r) &&
6329 			    btrfs_file_extent_disk_num_bytes(leaf_l, ei_l) ==
6330 			    btrfs_file_extent_disk_num_bytes(leaf_r, ei_r) &&
6331 			    btrfs_file_extent_offset(leaf_l, ei_l) ==
6332 			    btrfs_file_extent_offset(leaf_r, ei_r) &&
6333 			    btrfs_file_extent_num_bytes(leaf_l, ei_l) ==
6334 			    btrfs_file_extent_num_bytes(leaf_r, ei_r))
6335 				return 0;
6336 		}
6337 
6338 		inconsistent_snapshot_error(sctx, result, "extent");
6339 		return -EIO;
6340 	}
6341 
6342 	if (!sctx->cur_inode_new_gen && !sctx->cur_inode_deleted) {
6343 		if (result != BTRFS_COMPARE_TREE_DELETED)
6344 			ret = process_extent(sctx, sctx->left_path,
6345 					sctx->cmp_key);
6346 	}
6347 
6348 	return ret;
6349 }
6350 
6351 static int dir_changed(struct send_ctx *sctx, u64 dir)
6352 {
6353 	u64 orig_gen, new_gen;
6354 	int ret;
6355 
6356 	ret = get_inode_info(sctx->send_root, dir, NULL, &new_gen, NULL, NULL,
6357 			     NULL, NULL);
6358 	if (ret)
6359 		return ret;
6360 
6361 	ret = get_inode_info(sctx->parent_root, dir, NULL, &orig_gen, NULL,
6362 			     NULL, NULL, NULL);
6363 	if (ret)
6364 		return ret;
6365 
6366 	return (orig_gen != new_gen) ? 1 : 0;
6367 }
6368 
6369 static int compare_refs(struct send_ctx *sctx, struct btrfs_path *path,
6370 			struct btrfs_key *key)
6371 {
6372 	struct btrfs_inode_extref *extref;
6373 	struct extent_buffer *leaf;
6374 	u64 dirid = 0, last_dirid = 0;
6375 	unsigned long ptr;
6376 	u32 item_size;
6377 	u32 cur_offset = 0;
6378 	int ref_name_len;
6379 	int ret = 0;
6380 
6381 	/* Easy case, just check this one dirid */
6382 	if (key->type == BTRFS_INODE_REF_KEY) {
6383 		dirid = key->offset;
6384 
6385 		ret = dir_changed(sctx, dirid);
6386 		goto out;
6387 	}
6388 
6389 	leaf = path->nodes[0];
6390 	item_size = btrfs_item_size_nr(leaf, path->slots[0]);
6391 	ptr = btrfs_item_ptr_offset(leaf, path->slots[0]);
6392 	while (cur_offset < item_size) {
6393 		extref = (struct btrfs_inode_extref *)(ptr +
6394 						       cur_offset);
6395 		dirid = btrfs_inode_extref_parent(leaf, extref);
6396 		ref_name_len = btrfs_inode_extref_name_len(leaf, extref);
6397 		cur_offset += ref_name_len + sizeof(*extref);
6398 		if (dirid == last_dirid)
6399 			continue;
6400 		ret = dir_changed(sctx, dirid);
6401 		if (ret)
6402 			break;
6403 		last_dirid = dirid;
6404 	}
6405 out:
6406 	return ret;
6407 }
6408 
6409 /*
6410  * Updates compare related fields in sctx and simply forwards to the actual
6411  * changed_xxx functions.
6412  */
6413 static int changed_cb(struct btrfs_path *left_path,
6414 		      struct btrfs_path *right_path,
6415 		      struct btrfs_key *key,
6416 		      enum btrfs_compare_tree_result result,
6417 		      void *ctx)
6418 {
6419 	int ret = 0;
6420 	struct send_ctx *sctx = ctx;
6421 
6422 	if (result == BTRFS_COMPARE_TREE_SAME) {
6423 		if (key->type == BTRFS_INODE_REF_KEY ||
6424 		    key->type == BTRFS_INODE_EXTREF_KEY) {
6425 			ret = compare_refs(sctx, left_path, key);
6426 			if (!ret)
6427 				return 0;
6428 			if (ret < 0)
6429 				return ret;
6430 		} else if (key->type == BTRFS_EXTENT_DATA_KEY) {
6431 			return maybe_send_hole(sctx, left_path, key);
6432 		} else {
6433 			return 0;
6434 		}
6435 		result = BTRFS_COMPARE_TREE_CHANGED;
6436 		ret = 0;
6437 	}
6438 
6439 	sctx->left_path = left_path;
6440 	sctx->right_path = right_path;
6441 	sctx->cmp_key = key;
6442 
6443 	ret = finish_inode_if_needed(sctx, 0);
6444 	if (ret < 0)
6445 		goto out;
6446 
6447 	/* Ignore non-FS objects */
6448 	if (key->objectid == BTRFS_FREE_INO_OBJECTID ||
6449 	    key->objectid == BTRFS_FREE_SPACE_OBJECTID)
6450 		goto out;
6451 
6452 	if (key->type == BTRFS_INODE_ITEM_KEY) {
6453 		ret = changed_inode(sctx, result);
6454 	} else if (!sctx->ignore_cur_inode) {
6455 		if (key->type == BTRFS_INODE_REF_KEY ||
6456 		    key->type == BTRFS_INODE_EXTREF_KEY)
6457 			ret = changed_ref(sctx, result);
6458 		else if (key->type == BTRFS_XATTR_ITEM_KEY)
6459 			ret = changed_xattr(sctx, result);
6460 		else if (key->type == BTRFS_EXTENT_DATA_KEY)
6461 			ret = changed_extent(sctx, result);
6462 	}
6463 
6464 out:
6465 	return ret;
6466 }
6467 
6468 static int full_send_tree(struct send_ctx *sctx)
6469 {
6470 	int ret;
6471 	struct btrfs_root *send_root = sctx->send_root;
6472 	struct btrfs_key key;
6473 	struct btrfs_path *path;
6474 	struct extent_buffer *eb;
6475 	int slot;
6476 
6477 	path = alloc_path_for_send();
6478 	if (!path)
6479 		return -ENOMEM;
6480 
6481 	key.objectid = BTRFS_FIRST_FREE_OBJECTID;
6482 	key.type = BTRFS_INODE_ITEM_KEY;
6483 	key.offset = 0;
6484 
6485 	ret = btrfs_search_slot_for_read(send_root, &key, path, 1, 0);
6486 	if (ret < 0)
6487 		goto out;
6488 	if (ret)
6489 		goto out_finish;
6490 
6491 	while (1) {
6492 		eb = path->nodes[0];
6493 		slot = path->slots[0];
6494 		btrfs_item_key_to_cpu(eb, &key, slot);
6495 
6496 		ret = changed_cb(path, NULL, &key,
6497 				 BTRFS_COMPARE_TREE_NEW, sctx);
6498 		if (ret < 0)
6499 			goto out;
6500 
6501 		ret = btrfs_next_item(send_root, path);
6502 		if (ret < 0)
6503 			goto out;
6504 		if (ret) {
6505 			ret  = 0;
6506 			break;
6507 		}
6508 	}
6509 
6510 out_finish:
6511 	ret = finish_inode_if_needed(sctx, 1);
6512 
6513 out:
6514 	btrfs_free_path(path);
6515 	return ret;
6516 }
6517 
6518 static int send_subvol(struct send_ctx *sctx)
6519 {
6520 	int ret;
6521 
6522 	if (!(sctx->flags & BTRFS_SEND_FLAG_OMIT_STREAM_HEADER)) {
6523 		ret = send_header(sctx);
6524 		if (ret < 0)
6525 			goto out;
6526 	}
6527 
6528 	ret = send_subvol_begin(sctx);
6529 	if (ret < 0)
6530 		goto out;
6531 
6532 	if (sctx->parent_root) {
6533 		ret = btrfs_compare_trees(sctx->send_root, sctx->parent_root,
6534 				changed_cb, sctx);
6535 		if (ret < 0)
6536 			goto out;
6537 		ret = finish_inode_if_needed(sctx, 1);
6538 		if (ret < 0)
6539 			goto out;
6540 	} else {
6541 		ret = full_send_tree(sctx);
6542 		if (ret < 0)
6543 			goto out;
6544 	}
6545 
6546 out:
6547 	free_recorded_refs(sctx);
6548 	return ret;
6549 }
6550 
6551 /*
6552  * If orphan cleanup did remove any orphans from a root, it means the tree
6553  * was modified and therefore the commit root is not the same as the current
6554  * root anymore. This is a problem, because send uses the commit root and
6555  * therefore can see inode items that don't exist in the current root anymore,
6556  * and for example make calls to btrfs_iget, which will do tree lookups based
6557  * on the current root and not on the commit root. Those lookups will fail,
6558  * returning a -ESTALE error, and making send fail with that error. So make
6559  * sure a send does not see any orphans we have just removed, and that it will
6560  * see the same inodes regardless of whether a transaction commit happened
6561  * before it started (meaning that the commit root will be the same as the
6562  * current root) or not.
6563  */
6564 static int ensure_commit_roots_uptodate(struct send_ctx *sctx)
6565 {
6566 	int i;
6567 	struct btrfs_trans_handle *trans = NULL;
6568 
6569 again:
6570 	if (sctx->parent_root &&
6571 	    sctx->parent_root->node != sctx->parent_root->commit_root)
6572 		goto commit_trans;
6573 
6574 	for (i = 0; i < sctx->clone_roots_cnt; i++)
6575 		if (sctx->clone_roots[i].root->node !=
6576 		    sctx->clone_roots[i].root->commit_root)
6577 			goto commit_trans;
6578 
6579 	if (trans)
6580 		return btrfs_end_transaction(trans);
6581 
6582 	return 0;
6583 
6584 commit_trans:
6585 	/* Use any root, all fs roots will get their commit roots updated. */
6586 	if (!trans) {
6587 		trans = btrfs_join_transaction(sctx->send_root);
6588 		if (IS_ERR(trans))
6589 			return PTR_ERR(trans);
6590 		goto again;
6591 	}
6592 
6593 	return btrfs_commit_transaction(trans);
6594 }
6595 
6596 /*
6597  * Make sure any existing dellaloc is flushed for any root used by a send
6598  * operation so that we do not miss any data and we do not race with writeback
6599  * finishing and changing a tree while send is using the tree. This could
6600  * happen if a subvolume is in RW mode, has delalloc, is turned to RO mode and
6601  * a send operation then uses the subvolume.
6602  * After flushing delalloc ensure_commit_roots_uptodate() must be called.
6603  */
6604 static int flush_delalloc_roots(struct send_ctx *sctx)
6605 {
6606 	struct btrfs_root *root = sctx->parent_root;
6607 	int ret;
6608 	int i;
6609 
6610 	if (root) {
6611 		ret = btrfs_start_delalloc_snapshot(root);
6612 		if (ret)
6613 			return ret;
6614 		btrfs_wait_ordered_extents(root, U64_MAX, 0, U64_MAX);
6615 	}
6616 
6617 	for (i = 0; i < sctx->clone_roots_cnt; i++) {
6618 		root = sctx->clone_roots[i].root;
6619 		ret = btrfs_start_delalloc_snapshot(root);
6620 		if (ret)
6621 			return ret;
6622 		btrfs_wait_ordered_extents(root, U64_MAX, 0, U64_MAX);
6623 	}
6624 
6625 	return 0;
6626 }
6627 
6628 static void btrfs_root_dec_send_in_progress(struct btrfs_root* root)
6629 {
6630 	spin_lock(&root->root_item_lock);
6631 	root->send_in_progress--;
6632 	/*
6633 	 * Not much left to do, we don't know why it's unbalanced and
6634 	 * can't blindly reset it to 0.
6635 	 */
6636 	if (root->send_in_progress < 0)
6637 		btrfs_err(root->fs_info,
6638 			  "send_in_progress unbalanced %d root %llu",
6639 			  root->send_in_progress, root->root_key.objectid);
6640 	spin_unlock(&root->root_item_lock);
6641 }
6642 
6643 static void dedupe_in_progress_warn(const struct btrfs_root *root)
6644 {
6645 	btrfs_warn_rl(root->fs_info,
6646 "cannot use root %llu for send while deduplications on it are in progress (%d in progress)",
6647 		      root->root_key.objectid, root->dedupe_in_progress);
6648 }
6649 
6650 long btrfs_ioctl_send(struct file *mnt_file, struct btrfs_ioctl_send_args *arg)
6651 {
6652 	int ret = 0;
6653 	struct btrfs_root *send_root = BTRFS_I(file_inode(mnt_file))->root;
6654 	struct btrfs_fs_info *fs_info = send_root->fs_info;
6655 	struct btrfs_root *clone_root;
6656 	struct btrfs_key key;
6657 	struct send_ctx *sctx = NULL;
6658 	u32 i;
6659 	u64 *clone_sources_tmp = NULL;
6660 	int clone_sources_to_rollback = 0;
6661 	unsigned alloc_size;
6662 	int sort_clone_roots = 0;
6663 	int index;
6664 
6665 	if (!capable(CAP_SYS_ADMIN))
6666 		return -EPERM;
6667 
6668 	/*
6669 	 * The subvolume must remain read-only during send, protect against
6670 	 * making it RW. This also protects against deletion.
6671 	 */
6672 	spin_lock(&send_root->root_item_lock);
6673 	if (btrfs_root_readonly(send_root) && send_root->dedupe_in_progress) {
6674 		dedupe_in_progress_warn(send_root);
6675 		spin_unlock(&send_root->root_item_lock);
6676 		return -EAGAIN;
6677 	}
6678 	send_root->send_in_progress++;
6679 	spin_unlock(&send_root->root_item_lock);
6680 
6681 	/*
6682 	 * This is done when we lookup the root, it should already be complete
6683 	 * by the time we get here.
6684 	 */
6685 	WARN_ON(send_root->orphan_cleanup_state != ORPHAN_CLEANUP_DONE);
6686 
6687 	/*
6688 	 * Userspace tools do the checks and warn the user if it's
6689 	 * not RO.
6690 	 */
6691 	if (!btrfs_root_readonly(send_root)) {
6692 		ret = -EPERM;
6693 		goto out;
6694 	}
6695 
6696 	/*
6697 	 * Check that we don't overflow at later allocations, we request
6698 	 * clone_sources_count + 1 items, and compare to unsigned long inside
6699 	 * access_ok.
6700 	 */
6701 	if (arg->clone_sources_count >
6702 	    ULONG_MAX / sizeof(struct clone_root) - 1) {
6703 		ret = -EINVAL;
6704 		goto out;
6705 	}
6706 
6707 	if (!access_ok(arg->clone_sources,
6708 			sizeof(*arg->clone_sources) *
6709 			arg->clone_sources_count)) {
6710 		ret = -EFAULT;
6711 		goto out;
6712 	}
6713 
6714 	if (arg->flags & ~BTRFS_SEND_FLAG_MASK) {
6715 		ret = -EINVAL;
6716 		goto out;
6717 	}
6718 
6719 	sctx = kzalloc(sizeof(struct send_ctx), GFP_KERNEL);
6720 	if (!sctx) {
6721 		ret = -ENOMEM;
6722 		goto out;
6723 	}
6724 
6725 	INIT_LIST_HEAD(&sctx->new_refs);
6726 	INIT_LIST_HEAD(&sctx->deleted_refs);
6727 	INIT_RADIX_TREE(&sctx->name_cache, GFP_KERNEL);
6728 	INIT_LIST_HEAD(&sctx->name_cache_list);
6729 
6730 	sctx->flags = arg->flags;
6731 
6732 	sctx->send_filp = fget(arg->send_fd);
6733 	if (!sctx->send_filp) {
6734 		ret = -EBADF;
6735 		goto out;
6736 	}
6737 
6738 	sctx->send_root = send_root;
6739 	/*
6740 	 * Unlikely but possible, if the subvolume is marked for deletion but
6741 	 * is slow to remove the directory entry, send can still be started
6742 	 */
6743 	if (btrfs_root_dead(sctx->send_root)) {
6744 		ret = -EPERM;
6745 		goto out;
6746 	}
6747 
6748 	sctx->clone_roots_cnt = arg->clone_sources_count;
6749 
6750 	sctx->send_max_size = BTRFS_SEND_BUF_SIZE;
6751 	sctx->send_buf = kvmalloc(sctx->send_max_size, GFP_KERNEL);
6752 	if (!sctx->send_buf) {
6753 		ret = -ENOMEM;
6754 		goto out;
6755 	}
6756 
6757 	sctx->read_buf = kvmalloc(BTRFS_SEND_READ_SIZE, GFP_KERNEL);
6758 	if (!sctx->read_buf) {
6759 		ret = -ENOMEM;
6760 		goto out;
6761 	}
6762 
6763 	sctx->pending_dir_moves = RB_ROOT;
6764 	sctx->waiting_dir_moves = RB_ROOT;
6765 	sctx->orphan_dirs = RB_ROOT;
6766 
6767 	alloc_size = sizeof(struct clone_root) * (arg->clone_sources_count + 1);
6768 
6769 	sctx->clone_roots = kzalloc(alloc_size, GFP_KERNEL);
6770 	if (!sctx->clone_roots) {
6771 		ret = -ENOMEM;
6772 		goto out;
6773 	}
6774 
6775 	alloc_size = arg->clone_sources_count * sizeof(*arg->clone_sources);
6776 
6777 	if (arg->clone_sources_count) {
6778 		clone_sources_tmp = kvmalloc(alloc_size, GFP_KERNEL);
6779 		if (!clone_sources_tmp) {
6780 			ret = -ENOMEM;
6781 			goto out;
6782 		}
6783 
6784 		ret = copy_from_user(clone_sources_tmp, arg->clone_sources,
6785 				alloc_size);
6786 		if (ret) {
6787 			ret = -EFAULT;
6788 			goto out;
6789 		}
6790 
6791 		for (i = 0; i < arg->clone_sources_count; i++) {
6792 			key.objectid = clone_sources_tmp[i];
6793 			key.type = BTRFS_ROOT_ITEM_KEY;
6794 			key.offset = (u64)-1;
6795 
6796 			index = srcu_read_lock(&fs_info->subvol_srcu);
6797 
6798 			clone_root = btrfs_read_fs_root_no_name(fs_info, &key);
6799 			if (IS_ERR(clone_root)) {
6800 				srcu_read_unlock(&fs_info->subvol_srcu, index);
6801 				ret = PTR_ERR(clone_root);
6802 				goto out;
6803 			}
6804 			spin_lock(&clone_root->root_item_lock);
6805 			if (!btrfs_root_readonly(clone_root) ||
6806 			    btrfs_root_dead(clone_root)) {
6807 				spin_unlock(&clone_root->root_item_lock);
6808 				srcu_read_unlock(&fs_info->subvol_srcu, index);
6809 				ret = -EPERM;
6810 				goto out;
6811 			}
6812 			if (clone_root->dedupe_in_progress) {
6813 				dedupe_in_progress_warn(clone_root);
6814 				spin_unlock(&clone_root->root_item_lock);
6815 				srcu_read_unlock(&fs_info->subvol_srcu, index);
6816 				ret = -EAGAIN;
6817 				goto out;
6818 			}
6819 			clone_root->send_in_progress++;
6820 			spin_unlock(&clone_root->root_item_lock);
6821 			srcu_read_unlock(&fs_info->subvol_srcu, index);
6822 
6823 			sctx->clone_roots[i].root = clone_root;
6824 			clone_sources_to_rollback = i + 1;
6825 		}
6826 		kvfree(clone_sources_tmp);
6827 		clone_sources_tmp = NULL;
6828 	}
6829 
6830 	if (arg->parent_root) {
6831 		key.objectid = arg->parent_root;
6832 		key.type = BTRFS_ROOT_ITEM_KEY;
6833 		key.offset = (u64)-1;
6834 
6835 		index = srcu_read_lock(&fs_info->subvol_srcu);
6836 
6837 		sctx->parent_root = btrfs_read_fs_root_no_name(fs_info, &key);
6838 		if (IS_ERR(sctx->parent_root)) {
6839 			srcu_read_unlock(&fs_info->subvol_srcu, index);
6840 			ret = PTR_ERR(sctx->parent_root);
6841 			goto out;
6842 		}
6843 
6844 		spin_lock(&sctx->parent_root->root_item_lock);
6845 		sctx->parent_root->send_in_progress++;
6846 		if (!btrfs_root_readonly(sctx->parent_root) ||
6847 				btrfs_root_dead(sctx->parent_root)) {
6848 			spin_unlock(&sctx->parent_root->root_item_lock);
6849 			srcu_read_unlock(&fs_info->subvol_srcu, index);
6850 			ret = -EPERM;
6851 			goto out;
6852 		}
6853 		if (sctx->parent_root->dedupe_in_progress) {
6854 			dedupe_in_progress_warn(sctx->parent_root);
6855 			spin_unlock(&sctx->parent_root->root_item_lock);
6856 			srcu_read_unlock(&fs_info->subvol_srcu, index);
6857 			ret = -EAGAIN;
6858 			goto out;
6859 		}
6860 		spin_unlock(&sctx->parent_root->root_item_lock);
6861 
6862 		srcu_read_unlock(&fs_info->subvol_srcu, index);
6863 	}
6864 
6865 	/*
6866 	 * Clones from send_root are allowed, but only if the clone source
6867 	 * is behind the current send position. This is checked while searching
6868 	 * for possible clone sources.
6869 	 */
6870 	sctx->clone_roots[sctx->clone_roots_cnt++].root = sctx->send_root;
6871 
6872 	/* We do a bsearch later */
6873 	sort(sctx->clone_roots, sctx->clone_roots_cnt,
6874 			sizeof(*sctx->clone_roots), __clone_root_cmp_sort,
6875 			NULL);
6876 	sort_clone_roots = 1;
6877 
6878 	ret = flush_delalloc_roots(sctx);
6879 	if (ret)
6880 		goto out;
6881 
6882 	ret = ensure_commit_roots_uptodate(sctx);
6883 	if (ret)
6884 		goto out;
6885 
6886 	current->journal_info = BTRFS_SEND_TRANS_STUB;
6887 	ret = send_subvol(sctx);
6888 	current->journal_info = NULL;
6889 	if (ret < 0)
6890 		goto out;
6891 
6892 	if (!(sctx->flags & BTRFS_SEND_FLAG_OMIT_END_CMD)) {
6893 		ret = begin_cmd(sctx, BTRFS_SEND_C_END);
6894 		if (ret < 0)
6895 			goto out;
6896 		ret = send_cmd(sctx);
6897 		if (ret < 0)
6898 			goto out;
6899 	}
6900 
6901 out:
6902 	WARN_ON(sctx && !ret && !RB_EMPTY_ROOT(&sctx->pending_dir_moves));
6903 	while (sctx && !RB_EMPTY_ROOT(&sctx->pending_dir_moves)) {
6904 		struct rb_node *n;
6905 		struct pending_dir_move *pm;
6906 
6907 		n = rb_first(&sctx->pending_dir_moves);
6908 		pm = rb_entry(n, struct pending_dir_move, node);
6909 		while (!list_empty(&pm->list)) {
6910 			struct pending_dir_move *pm2;
6911 
6912 			pm2 = list_first_entry(&pm->list,
6913 					       struct pending_dir_move, list);
6914 			free_pending_move(sctx, pm2);
6915 		}
6916 		free_pending_move(sctx, pm);
6917 	}
6918 
6919 	WARN_ON(sctx && !ret && !RB_EMPTY_ROOT(&sctx->waiting_dir_moves));
6920 	while (sctx && !RB_EMPTY_ROOT(&sctx->waiting_dir_moves)) {
6921 		struct rb_node *n;
6922 		struct waiting_dir_move *dm;
6923 
6924 		n = rb_first(&sctx->waiting_dir_moves);
6925 		dm = rb_entry(n, struct waiting_dir_move, node);
6926 		rb_erase(&dm->node, &sctx->waiting_dir_moves);
6927 		kfree(dm);
6928 	}
6929 
6930 	WARN_ON(sctx && !ret && !RB_EMPTY_ROOT(&sctx->orphan_dirs));
6931 	while (sctx && !RB_EMPTY_ROOT(&sctx->orphan_dirs)) {
6932 		struct rb_node *n;
6933 		struct orphan_dir_info *odi;
6934 
6935 		n = rb_first(&sctx->orphan_dirs);
6936 		odi = rb_entry(n, struct orphan_dir_info, node);
6937 		free_orphan_dir_info(sctx, odi);
6938 	}
6939 
6940 	if (sort_clone_roots) {
6941 		for (i = 0; i < sctx->clone_roots_cnt; i++)
6942 			btrfs_root_dec_send_in_progress(
6943 					sctx->clone_roots[i].root);
6944 	} else {
6945 		for (i = 0; sctx && i < clone_sources_to_rollback; i++)
6946 			btrfs_root_dec_send_in_progress(
6947 					sctx->clone_roots[i].root);
6948 
6949 		btrfs_root_dec_send_in_progress(send_root);
6950 	}
6951 	if (sctx && !IS_ERR_OR_NULL(sctx->parent_root))
6952 		btrfs_root_dec_send_in_progress(sctx->parent_root);
6953 
6954 	kvfree(clone_sources_tmp);
6955 
6956 	if (sctx) {
6957 		if (sctx->send_filp)
6958 			fput(sctx->send_filp);
6959 
6960 		kvfree(sctx->clone_roots);
6961 		kvfree(sctx->send_buf);
6962 		kvfree(sctx->read_buf);
6963 
6964 		name_cache_free(sctx);
6965 
6966 		kfree(sctx);
6967 	}
6968 
6969 	return ret;
6970 }
6971