xref: /openbmc/linux/fs/ubifs/dir.c (revision 752beb5e)
1 /* * This file is part of UBIFS.
2  *
3  * Copyright (C) 2006-2008 Nokia Corporation.
4  * Copyright (C) 2006, 2007 University of Szeged, Hungary
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License version 2 as published by
8  * the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
13  * more details.
14  *
15  * You should have received a copy of the GNU General Public License along with
16  * this program; if not, write to the Free Software Foundation, Inc., 51
17  * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18  *
19  * Authors: Artem Bityutskiy (Битюцкий Артём)
20  *          Adrian Hunter
21  *          Zoltan Sogor
22  */
23 
24 /*
25  * This file implements directory operations.
26  *
27  * All FS operations in this file allocate budget before writing anything to the
28  * media. If they fail to allocate it, the error is returned. The only
29  * exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even
30  * if they unable to allocate the budget, because deletion %-ENOSPC failure is
31  * not what users are usually ready to get. UBIFS budgeting subsystem has some
32  * space reserved for these purposes.
33  *
34  * All operations in this file write all inodes which they change straight
35  * away, instead of marking them dirty. For example, 'ubifs_link()' changes
36  * @i_size of the parent inode and writes the parent inode together with the
37  * target inode. This was done to simplify file-system recovery which would
38  * otherwise be very difficult to do. The only exception is rename which marks
39  * the re-named inode dirty (because its @i_ctime is updated) but does not
40  * write it, but just marks it as dirty.
41  */
42 
43 #include "ubifs.h"
44 
45 /**
46  * inherit_flags - inherit flags of the parent inode.
47  * @dir: parent inode
48  * @mode: new inode mode flags
49  *
50  * This is a helper function for 'ubifs_new_inode()' which inherits flag of the
51  * parent directory inode @dir. UBIFS inodes inherit the following flags:
52  * o %UBIFS_COMPR_FL, which is useful to switch compression on/of on
53  *   sub-directory basis;
54  * o %UBIFS_SYNC_FL - useful for the same reasons;
55  * o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories.
56  *
57  * This function returns the inherited flags.
58  */
59 static int inherit_flags(const struct inode *dir, umode_t mode)
60 {
61 	int flags;
62 	const struct ubifs_inode *ui = ubifs_inode(dir);
63 
64 	if (!S_ISDIR(dir->i_mode))
65 		/*
66 		 * The parent is not a directory, which means that an extended
67 		 * attribute inode is being created. No flags.
68 		 */
69 		return 0;
70 
71 	flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL);
72 	if (!S_ISDIR(mode))
73 		/* The "DIRSYNC" flag only applies to directories */
74 		flags &= ~UBIFS_DIRSYNC_FL;
75 	return flags;
76 }
77 
78 /**
79  * ubifs_new_inode - allocate new UBIFS inode object.
80  * @c: UBIFS file-system description object
81  * @dir: parent directory inode
82  * @mode: inode mode flags
83  *
84  * This function finds an unused inode number, allocates new inode and
85  * initializes it. Returns new inode in case of success and an error code in
86  * case of failure.
87  */
88 struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
89 			      umode_t mode)
90 {
91 	int err;
92 	struct inode *inode;
93 	struct ubifs_inode *ui;
94 	bool encrypted = false;
95 
96 	if (ubifs_crypt_is_encrypted(dir)) {
97 		err = fscrypt_get_encryption_info(dir);
98 		if (err) {
99 			ubifs_err(c, "fscrypt_get_encryption_info failed: %i", err);
100 			return ERR_PTR(err);
101 		}
102 
103 		if (!fscrypt_has_encryption_key(dir))
104 			return ERR_PTR(-EPERM);
105 
106 		encrypted = true;
107 	}
108 
109 	inode = new_inode(c->vfs_sb);
110 	ui = ubifs_inode(inode);
111 	if (!inode)
112 		return ERR_PTR(-ENOMEM);
113 
114 	/*
115 	 * Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and
116 	 * marking them dirty in file write path (see 'file_update_time()').
117 	 * UBIFS has to fully control "clean <-> dirty" transitions of inodes
118 	 * to make budgeting work.
119 	 */
120 	inode->i_flags |= S_NOCMTIME;
121 
122 	inode_init_owner(inode, dir, mode);
123 	inode->i_mtime = inode->i_atime = inode->i_ctime =
124 			 current_time(inode);
125 	inode->i_mapping->nrpages = 0;
126 
127 	switch (mode & S_IFMT) {
128 	case S_IFREG:
129 		inode->i_mapping->a_ops = &ubifs_file_address_operations;
130 		inode->i_op = &ubifs_file_inode_operations;
131 		inode->i_fop = &ubifs_file_operations;
132 		break;
133 	case S_IFDIR:
134 		inode->i_op  = &ubifs_dir_inode_operations;
135 		inode->i_fop = &ubifs_dir_operations;
136 		inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ;
137 		break;
138 	case S_IFLNK:
139 		inode->i_op = &ubifs_symlink_inode_operations;
140 		break;
141 	case S_IFSOCK:
142 	case S_IFIFO:
143 	case S_IFBLK:
144 	case S_IFCHR:
145 		inode->i_op  = &ubifs_file_inode_operations;
146 		encrypted = false;
147 		break;
148 	default:
149 		BUG();
150 	}
151 
152 	ui->flags = inherit_flags(dir, mode);
153 	ubifs_set_inode_flags(inode);
154 	if (S_ISREG(mode))
155 		ui->compr_type = c->default_compr;
156 	else
157 		ui->compr_type = UBIFS_COMPR_NONE;
158 	ui->synced_i_size = 0;
159 
160 	spin_lock(&c->cnt_lock);
161 	/* Inode number overflow is currently not supported */
162 	if (c->highest_inum >= INUM_WARN_WATERMARK) {
163 		if (c->highest_inum >= INUM_WATERMARK) {
164 			spin_unlock(&c->cnt_lock);
165 			ubifs_err(c, "out of inode numbers");
166 			make_bad_inode(inode);
167 			iput(inode);
168 			return ERR_PTR(-EINVAL);
169 		}
170 		ubifs_warn(c, "running out of inode numbers (current %lu, max %u)",
171 			   (unsigned long)c->highest_inum, INUM_WATERMARK);
172 	}
173 
174 	inode->i_ino = ++c->highest_inum;
175 	/*
176 	 * The creation sequence number remains with this inode for its
177 	 * lifetime. All nodes for this inode have a greater sequence number,
178 	 * and so it is possible to distinguish obsolete nodes belonging to a
179 	 * previous incarnation of the same inode number - for example, for the
180 	 * purpose of rebuilding the index.
181 	 */
182 	ui->creat_sqnum = ++c->max_sqnum;
183 	spin_unlock(&c->cnt_lock);
184 
185 	if (encrypted) {
186 		err = fscrypt_inherit_context(dir, inode, &encrypted, true);
187 		if (err) {
188 			ubifs_err(c, "fscrypt_inherit_context failed: %i", err);
189 			make_bad_inode(inode);
190 			iput(inode);
191 			return ERR_PTR(err);
192 		}
193 	}
194 
195 	return inode;
196 }
197 
198 static int dbg_check_name(const struct ubifs_info *c,
199 			  const struct ubifs_dent_node *dent,
200 			  const struct fscrypt_name *nm)
201 {
202 	if (!dbg_is_chk_gen(c))
203 		return 0;
204 	if (le16_to_cpu(dent->nlen) != fname_len(nm))
205 		return -EINVAL;
206 	if (memcmp(dent->name, fname_name(nm), fname_len(nm)))
207 		return -EINVAL;
208 	return 0;
209 }
210 
211 static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
212 				   unsigned int flags)
213 {
214 	int err;
215 	union ubifs_key key;
216 	struct inode *inode = NULL;
217 	struct ubifs_dent_node *dent = NULL;
218 	struct ubifs_info *c = dir->i_sb->s_fs_info;
219 	struct fscrypt_name nm;
220 
221 	dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino);
222 
223 	err = fscrypt_prepare_lookup(dir, dentry, &nm);
224 	if (err == -ENOENT)
225 		return d_splice_alias(NULL, dentry);
226 	if (err)
227 		return ERR_PTR(err);
228 
229 	if (fname_len(&nm) > UBIFS_MAX_NLEN) {
230 		inode = ERR_PTR(-ENAMETOOLONG);
231 		goto done;
232 	}
233 
234 	dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
235 	if (!dent) {
236 		inode = ERR_PTR(-ENOMEM);
237 		goto done;
238 	}
239 
240 	if (nm.hash) {
241 		ubifs_assert(c, fname_len(&nm) == 0);
242 		ubifs_assert(c, fname_name(&nm) == NULL);
243 		dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
244 		err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
245 	} else {
246 		dent_key_init(c, &key, dir->i_ino, &nm);
247 		err = ubifs_tnc_lookup_nm(c, &key, dent, &nm);
248 	}
249 
250 	if (err) {
251 		if (err == -ENOENT)
252 			dbg_gen("not found");
253 		else
254 			inode = ERR_PTR(err);
255 		goto done;
256 	}
257 
258 	if (dbg_check_name(c, dent, &nm)) {
259 		inode = ERR_PTR(-EINVAL);
260 		goto done;
261 	}
262 
263 	inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum));
264 	if (IS_ERR(inode)) {
265 		/*
266 		 * This should not happen. Probably the file-system needs
267 		 * checking.
268 		 */
269 		err = PTR_ERR(inode);
270 		ubifs_err(c, "dead directory entry '%pd', error %d",
271 			  dentry, err);
272 		ubifs_ro_mode(c, err);
273 		goto done;
274 	}
275 
276 	if (ubifs_crypt_is_encrypted(dir) &&
277 	    (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
278 	    !fscrypt_has_permitted_context(dir, inode)) {
279 		ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
280 			   dir->i_ino, inode->i_ino);
281 		iput(inode);
282 		inode = ERR_PTR(-EPERM);
283 	}
284 
285 done:
286 	kfree(dent);
287 	fscrypt_free_filename(&nm);
288 	return d_splice_alias(inode, dentry);
289 }
290 
291 static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
292 			bool excl)
293 {
294 	struct inode *inode;
295 	struct ubifs_info *c = dir->i_sb->s_fs_info;
296 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
297 					.dirtied_ino = 1 };
298 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
299 	struct fscrypt_name nm;
300 	int err, sz_change;
301 
302 	/*
303 	 * Budget request settings: new inode, new direntry, changing the
304 	 * parent directory inode.
305 	 */
306 
307 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
308 		dentry, mode, dir->i_ino);
309 
310 	err = ubifs_budget_space(c, &req);
311 	if (err)
312 		return err;
313 
314 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
315 	if (err)
316 		goto out_budg;
317 
318 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
319 
320 	inode = ubifs_new_inode(c, dir, mode);
321 	if (IS_ERR(inode)) {
322 		err = PTR_ERR(inode);
323 		goto out_fname;
324 	}
325 
326 	err = ubifs_init_security(dir, inode, &dentry->d_name);
327 	if (err)
328 		goto out_inode;
329 
330 	mutex_lock(&dir_ui->ui_mutex);
331 	dir->i_size += sz_change;
332 	dir_ui->ui_size = dir->i_size;
333 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
334 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
335 	if (err)
336 		goto out_cancel;
337 	mutex_unlock(&dir_ui->ui_mutex);
338 
339 	ubifs_release_budget(c, &req);
340 	fscrypt_free_filename(&nm);
341 	insert_inode_hash(inode);
342 	d_instantiate(dentry, inode);
343 	return 0;
344 
345 out_cancel:
346 	dir->i_size -= sz_change;
347 	dir_ui->ui_size = dir->i_size;
348 	mutex_unlock(&dir_ui->ui_mutex);
349 out_inode:
350 	make_bad_inode(inode);
351 	iput(inode);
352 out_fname:
353 	fscrypt_free_filename(&nm);
354 out_budg:
355 	ubifs_release_budget(c, &req);
356 	ubifs_err(c, "cannot create regular file, error %d", err);
357 	return err;
358 }
359 
360 static int do_tmpfile(struct inode *dir, struct dentry *dentry,
361 		      umode_t mode, struct inode **whiteout)
362 {
363 	struct inode *inode;
364 	struct ubifs_info *c = dir->i_sb->s_fs_info;
365 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1};
366 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
367 	struct ubifs_inode *ui, *dir_ui = ubifs_inode(dir);
368 	int err, instantiated = 0;
369 	struct fscrypt_name nm;
370 
371 	/*
372 	 * Budget request settings: new dirty inode, new direntry,
373 	 * budget for dirtied inode will be released via writeback.
374 	 */
375 
376 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
377 		dentry, mode, dir->i_ino);
378 
379 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
380 	if (err)
381 		return err;
382 
383 	err = ubifs_budget_space(c, &req);
384 	if (err) {
385 		fscrypt_free_filename(&nm);
386 		return err;
387 	}
388 
389 	err = ubifs_budget_space(c, &ino_req);
390 	if (err) {
391 		ubifs_release_budget(c, &req);
392 		fscrypt_free_filename(&nm);
393 		return err;
394 	}
395 
396 	inode = ubifs_new_inode(c, dir, mode);
397 	if (IS_ERR(inode)) {
398 		err = PTR_ERR(inode);
399 		goto out_budg;
400 	}
401 	ui = ubifs_inode(inode);
402 
403 	if (whiteout) {
404 		init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
405 		ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations);
406 	}
407 
408 	err = ubifs_init_security(dir, inode, &dentry->d_name);
409 	if (err)
410 		goto out_inode;
411 
412 	mutex_lock(&ui->ui_mutex);
413 	insert_inode_hash(inode);
414 
415 	if (whiteout) {
416 		mark_inode_dirty(inode);
417 		drop_nlink(inode);
418 		*whiteout = inode;
419 	} else {
420 		d_tmpfile(dentry, inode);
421 	}
422 	ubifs_assert(c, ui->dirty);
423 
424 	instantiated = 1;
425 	mutex_unlock(&ui->ui_mutex);
426 
427 	mutex_lock(&dir_ui->ui_mutex);
428 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
429 	if (err)
430 		goto out_cancel;
431 	mutex_unlock(&dir_ui->ui_mutex);
432 
433 	ubifs_release_budget(c, &req);
434 
435 	return 0;
436 
437 out_cancel:
438 	mutex_unlock(&dir_ui->ui_mutex);
439 out_inode:
440 	make_bad_inode(inode);
441 	if (!instantiated)
442 		iput(inode);
443 out_budg:
444 	ubifs_release_budget(c, &req);
445 	if (!instantiated)
446 		ubifs_release_budget(c, &ino_req);
447 	fscrypt_free_filename(&nm);
448 	ubifs_err(c, "cannot create temporary file, error %d", err);
449 	return err;
450 }
451 
452 static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry,
453 			 umode_t mode)
454 {
455 	return do_tmpfile(dir, dentry, mode, NULL);
456 }
457 
458 /**
459  * vfs_dent_type - get VFS directory entry type.
460  * @type: UBIFS directory entry type
461  *
462  * This function converts UBIFS directory entry type into VFS directory entry
463  * type.
464  */
465 static unsigned int vfs_dent_type(uint8_t type)
466 {
467 	switch (type) {
468 	case UBIFS_ITYPE_REG:
469 		return DT_REG;
470 	case UBIFS_ITYPE_DIR:
471 		return DT_DIR;
472 	case UBIFS_ITYPE_LNK:
473 		return DT_LNK;
474 	case UBIFS_ITYPE_BLK:
475 		return DT_BLK;
476 	case UBIFS_ITYPE_CHR:
477 		return DT_CHR;
478 	case UBIFS_ITYPE_FIFO:
479 		return DT_FIFO;
480 	case UBIFS_ITYPE_SOCK:
481 		return DT_SOCK;
482 	default:
483 		BUG();
484 	}
485 	return 0;
486 }
487 
488 /*
489  * The classical Unix view for directory is that it is a linear array of
490  * (name, inode number) entries. Linux/VFS assumes this model as well.
491  * Particularly, 'readdir()' call wants us to return a directory entry offset
492  * which later may be used to continue 'readdir()'ing the directory or to
493  * 'seek()' to that specific direntry. Obviously UBIFS does not really fit this
494  * model because directory entries are identified by keys, which may collide.
495  *
496  * UBIFS uses directory entry hash value for directory offsets, so
497  * 'seekdir()'/'telldir()' may not always work because of possible key
498  * collisions. But UBIFS guarantees that consecutive 'readdir()' calls work
499  * properly by means of saving full directory entry name in the private field
500  * of the file description object.
501  *
502  * This means that UBIFS cannot support NFS which requires full
503  * 'seekdir()'/'telldir()' support.
504  */
505 static int ubifs_readdir(struct file *file, struct dir_context *ctx)
506 {
507 	int fstr_real_len = 0, err = 0;
508 	struct fscrypt_name nm;
509 	struct fscrypt_str fstr = {0};
510 	union ubifs_key key;
511 	struct ubifs_dent_node *dent;
512 	struct inode *dir = file_inode(file);
513 	struct ubifs_info *c = dir->i_sb->s_fs_info;
514 	bool encrypted = ubifs_crypt_is_encrypted(dir);
515 
516 	dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos);
517 
518 	if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2)
519 		/*
520 		 * The directory was seek'ed to a senseless position or there
521 		 * are no more entries.
522 		 */
523 		return 0;
524 
525 	if (encrypted) {
526 		err = fscrypt_get_encryption_info(dir);
527 		if (err && err != -ENOKEY)
528 			return err;
529 
530 		err = fscrypt_fname_alloc_buffer(dir, UBIFS_MAX_NLEN, &fstr);
531 		if (err)
532 			return err;
533 
534 		fstr_real_len = fstr.len;
535 	}
536 
537 	if (file->f_version == 0) {
538 		/*
539 		 * The file was seek'ed, which means that @file->private_data
540 		 * is now invalid. This may also be just the first
541 		 * 'ubifs_readdir()' invocation, in which case
542 		 * @file->private_data is NULL, and the below code is
543 		 * basically a no-op.
544 		 */
545 		kfree(file->private_data);
546 		file->private_data = NULL;
547 	}
548 
549 	/*
550 	 * 'generic_file_llseek()' unconditionally sets @file->f_version to
551 	 * zero, and we use this for detecting whether the file was seek'ed.
552 	 */
553 	file->f_version = 1;
554 
555 	/* File positions 0 and 1 correspond to "." and ".." */
556 	if (ctx->pos < 2) {
557 		ubifs_assert(c, !file->private_data);
558 		if (!dir_emit_dots(file, ctx)) {
559 			if (encrypted)
560 				fscrypt_fname_free_buffer(&fstr);
561 			return 0;
562 		}
563 
564 		/* Find the first entry in TNC and save it */
565 		lowest_dent_key(c, &key, dir->i_ino);
566 		fname_len(&nm) = 0;
567 		dent = ubifs_tnc_next_ent(c, &key, &nm);
568 		if (IS_ERR(dent)) {
569 			err = PTR_ERR(dent);
570 			goto out;
571 		}
572 
573 		ctx->pos = key_hash_flash(c, &dent->key);
574 		file->private_data = dent;
575 	}
576 
577 	dent = file->private_data;
578 	if (!dent) {
579 		/*
580 		 * The directory was seek'ed to and is now readdir'ed.
581 		 * Find the entry corresponding to @ctx->pos or the closest one.
582 		 */
583 		dent_key_init_hash(c, &key, dir->i_ino, ctx->pos);
584 		fname_len(&nm) = 0;
585 		dent = ubifs_tnc_next_ent(c, &key, &nm);
586 		if (IS_ERR(dent)) {
587 			err = PTR_ERR(dent);
588 			goto out;
589 		}
590 		ctx->pos = key_hash_flash(c, &dent->key);
591 		file->private_data = dent;
592 	}
593 
594 	while (1) {
595 		dbg_gen("ino %llu, new f_pos %#x",
596 			(unsigned long long)le64_to_cpu(dent->inum),
597 			key_hash_flash(c, &dent->key));
598 		ubifs_assert(c, le64_to_cpu(dent->ch.sqnum) >
599 			     ubifs_inode(dir)->creat_sqnum);
600 
601 		fname_len(&nm) = le16_to_cpu(dent->nlen);
602 		fname_name(&nm) = dent->name;
603 
604 		if (encrypted) {
605 			fstr.len = fstr_real_len;
606 
607 			err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c,
608 							&dent->key),
609 							le32_to_cpu(dent->cookie),
610 							&nm.disk_name, &fstr);
611 			if (err)
612 				goto out;
613 		} else {
614 			fstr.len = fname_len(&nm);
615 			fstr.name = fname_name(&nm);
616 		}
617 
618 		if (!dir_emit(ctx, fstr.name, fstr.len,
619 			       le64_to_cpu(dent->inum),
620 			       vfs_dent_type(dent->type))) {
621 			if (encrypted)
622 				fscrypt_fname_free_buffer(&fstr);
623 			return 0;
624 		}
625 
626 		/* Switch to the next entry */
627 		key_read(c, &dent->key, &key);
628 		dent = ubifs_tnc_next_ent(c, &key, &nm);
629 		if (IS_ERR(dent)) {
630 			err = PTR_ERR(dent);
631 			goto out;
632 		}
633 
634 		kfree(file->private_data);
635 		ctx->pos = key_hash_flash(c, &dent->key);
636 		file->private_data = dent;
637 		cond_resched();
638 	}
639 
640 out:
641 	kfree(file->private_data);
642 	file->private_data = NULL;
643 
644 	if (encrypted)
645 		fscrypt_fname_free_buffer(&fstr);
646 
647 	if (err != -ENOENT)
648 		ubifs_err(c, "cannot find next direntry, error %d", err);
649 	else
650 		/*
651 		 * -ENOENT is a non-fatal error in this context, the TNC uses
652 		 * it to indicate that the cursor moved past the current directory
653 		 * and readdir() has to stop.
654 		 */
655 		err = 0;
656 
657 
658 	/* 2 is a special value indicating that there are no more direntries */
659 	ctx->pos = 2;
660 	return err;
661 }
662 
663 /* Free saved readdir() state when the directory is closed */
664 static int ubifs_dir_release(struct inode *dir, struct file *file)
665 {
666 	kfree(file->private_data);
667 	file->private_data = NULL;
668 	return 0;
669 }
670 
671 /**
672  * lock_2_inodes - a wrapper for locking two UBIFS inodes.
673  * @inode1: first inode
674  * @inode2: second inode
675  *
676  * We do not implement any tricks to guarantee strict lock ordering, because
677  * VFS has already done it for us on the @i_mutex. So this is just a simple
678  * wrapper function.
679  */
680 static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
681 {
682 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
683 	mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
684 }
685 
686 /**
687  * unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
688  * @inode1: first inode
689  * @inode2: second inode
690  */
691 static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
692 {
693 	mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
694 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
695 }
696 
697 static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
698 		      struct dentry *dentry)
699 {
700 	struct ubifs_info *c = dir->i_sb->s_fs_info;
701 	struct inode *inode = d_inode(old_dentry);
702 	struct ubifs_inode *ui = ubifs_inode(inode);
703 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
704 	int err, sz_change = CALC_DENT_SIZE(dentry->d_name.len);
705 	struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2,
706 				.dirtied_ino_d = ALIGN(ui->data_len, 8) };
707 	struct fscrypt_name nm;
708 
709 	/*
710 	 * Budget request settings: new direntry, changing the target inode,
711 	 * changing the parent inode.
712 	 */
713 
714 	dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu",
715 		dentry, inode->i_ino,
716 		inode->i_nlink, dir->i_ino);
717 	ubifs_assert(c, inode_is_locked(dir));
718 	ubifs_assert(c, inode_is_locked(inode));
719 
720 	err = fscrypt_prepare_link(old_dentry, dir, dentry);
721 	if (err)
722 		return err;
723 
724 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
725 	if (err)
726 		return err;
727 
728 	err = dbg_check_synced_i_size(c, inode);
729 	if (err)
730 		goto out_fname;
731 
732 	err = ubifs_budget_space(c, &req);
733 	if (err)
734 		goto out_fname;
735 
736 	lock_2_inodes(dir, inode);
737 
738 	/* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
739 	if (inode->i_nlink == 0)
740 		ubifs_delete_orphan(c, inode->i_ino);
741 
742 	inc_nlink(inode);
743 	ihold(inode);
744 	inode->i_ctime = current_time(inode);
745 	dir->i_size += sz_change;
746 	dir_ui->ui_size = dir->i_size;
747 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
748 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
749 	if (err)
750 		goto out_cancel;
751 	unlock_2_inodes(dir, inode);
752 
753 	ubifs_release_budget(c, &req);
754 	d_instantiate(dentry, inode);
755 	fscrypt_free_filename(&nm);
756 	return 0;
757 
758 out_cancel:
759 	dir->i_size -= sz_change;
760 	dir_ui->ui_size = dir->i_size;
761 	drop_nlink(inode);
762 	if (inode->i_nlink == 0)
763 		ubifs_add_orphan(c, inode->i_ino);
764 	unlock_2_inodes(dir, inode);
765 	ubifs_release_budget(c, &req);
766 	iput(inode);
767 out_fname:
768 	fscrypt_free_filename(&nm);
769 	return err;
770 }
771 
772 static int ubifs_unlink(struct inode *dir, struct dentry *dentry)
773 {
774 	struct ubifs_info *c = dir->i_sb->s_fs_info;
775 	struct inode *inode = d_inode(dentry);
776 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
777 	int err, sz_change, budgeted = 1;
778 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
779 	unsigned int saved_nlink = inode->i_nlink;
780 	struct fscrypt_name nm;
781 
782 	/*
783 	 * Budget request settings: deletion direntry, deletion inode (+1 for
784 	 * @dirtied_ino), changing the parent directory inode. If budgeting
785 	 * fails, go ahead anyway because we have extra space reserved for
786 	 * deletions.
787 	 */
788 
789 	dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu",
790 		dentry, inode->i_ino,
791 		inode->i_nlink, dir->i_ino);
792 
793 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
794 	if (err)
795 		return err;
796 
797 	err = ubifs_purge_xattrs(inode);
798 	if (err)
799 		return err;
800 
801 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
802 
803 	ubifs_assert(c, inode_is_locked(dir));
804 	ubifs_assert(c, inode_is_locked(inode));
805 	err = dbg_check_synced_i_size(c, inode);
806 	if (err)
807 		goto out_fname;
808 
809 	err = ubifs_budget_space(c, &req);
810 	if (err) {
811 		if (err != -ENOSPC)
812 			goto out_fname;
813 		budgeted = 0;
814 	}
815 
816 	lock_2_inodes(dir, inode);
817 	inode->i_ctime = current_time(dir);
818 	drop_nlink(inode);
819 	dir->i_size -= sz_change;
820 	dir_ui->ui_size = dir->i_size;
821 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
822 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
823 	if (err)
824 		goto out_cancel;
825 	unlock_2_inodes(dir, inode);
826 
827 	if (budgeted)
828 		ubifs_release_budget(c, &req);
829 	else {
830 		/* We've deleted something - clean the "no space" flags */
831 		c->bi.nospace = c->bi.nospace_rp = 0;
832 		smp_wmb();
833 	}
834 	fscrypt_free_filename(&nm);
835 	return 0;
836 
837 out_cancel:
838 	dir->i_size += sz_change;
839 	dir_ui->ui_size = dir->i_size;
840 	set_nlink(inode, saved_nlink);
841 	unlock_2_inodes(dir, inode);
842 	if (budgeted)
843 		ubifs_release_budget(c, &req);
844 out_fname:
845 	fscrypt_free_filename(&nm);
846 	return err;
847 }
848 
849 /**
850  * check_dir_empty - check if a directory is empty or not.
851  * @dir: VFS inode object of the directory to check
852  *
853  * This function checks if directory @dir is empty. Returns zero if the
854  * directory is empty, %-ENOTEMPTY if it is not, and other negative error codes
855  * in case of of errors.
856  */
857 int ubifs_check_dir_empty(struct inode *dir)
858 {
859 	struct ubifs_info *c = dir->i_sb->s_fs_info;
860 	struct fscrypt_name nm = { 0 };
861 	struct ubifs_dent_node *dent;
862 	union ubifs_key key;
863 	int err;
864 
865 	lowest_dent_key(c, &key, dir->i_ino);
866 	dent = ubifs_tnc_next_ent(c, &key, &nm);
867 	if (IS_ERR(dent)) {
868 		err = PTR_ERR(dent);
869 		if (err == -ENOENT)
870 			err = 0;
871 	} else {
872 		kfree(dent);
873 		err = -ENOTEMPTY;
874 	}
875 	return err;
876 }
877 
878 static int ubifs_rmdir(struct inode *dir, struct dentry *dentry)
879 {
880 	struct ubifs_info *c = dir->i_sb->s_fs_info;
881 	struct inode *inode = d_inode(dentry);
882 	int err, sz_change, budgeted = 1;
883 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
884 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
885 	struct fscrypt_name nm;
886 
887 	/*
888 	 * Budget request settings: deletion direntry, deletion inode and
889 	 * changing the parent inode. If budgeting fails, go ahead anyway
890 	 * because we have extra space reserved for deletions.
891 	 */
892 
893 	dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry,
894 		inode->i_ino, dir->i_ino);
895 	ubifs_assert(c, inode_is_locked(dir));
896 	ubifs_assert(c, inode_is_locked(inode));
897 	err = ubifs_check_dir_empty(d_inode(dentry));
898 	if (err)
899 		return err;
900 
901 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
902 	if (err)
903 		return err;
904 
905 	err = ubifs_purge_xattrs(inode);
906 	if (err)
907 		return err;
908 
909 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
910 
911 	err = ubifs_budget_space(c, &req);
912 	if (err) {
913 		if (err != -ENOSPC)
914 			goto out_fname;
915 		budgeted = 0;
916 	}
917 
918 	lock_2_inodes(dir, inode);
919 	inode->i_ctime = current_time(dir);
920 	clear_nlink(inode);
921 	drop_nlink(dir);
922 	dir->i_size -= sz_change;
923 	dir_ui->ui_size = dir->i_size;
924 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
925 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
926 	if (err)
927 		goto out_cancel;
928 	unlock_2_inodes(dir, inode);
929 
930 	if (budgeted)
931 		ubifs_release_budget(c, &req);
932 	else {
933 		/* We've deleted something - clean the "no space" flags */
934 		c->bi.nospace = c->bi.nospace_rp = 0;
935 		smp_wmb();
936 	}
937 	fscrypt_free_filename(&nm);
938 	return 0;
939 
940 out_cancel:
941 	dir->i_size += sz_change;
942 	dir_ui->ui_size = dir->i_size;
943 	inc_nlink(dir);
944 	set_nlink(inode, 2);
945 	unlock_2_inodes(dir, inode);
946 	if (budgeted)
947 		ubifs_release_budget(c, &req);
948 out_fname:
949 	fscrypt_free_filename(&nm);
950 	return err;
951 }
952 
953 static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
954 {
955 	struct inode *inode;
956 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
957 	struct ubifs_info *c = dir->i_sb->s_fs_info;
958 	int err, sz_change;
959 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1 };
960 	struct fscrypt_name nm;
961 
962 	/*
963 	 * Budget request settings: new inode, new direntry and changing parent
964 	 * directory inode.
965 	 */
966 
967 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
968 		dentry, mode, dir->i_ino);
969 
970 	err = ubifs_budget_space(c, &req);
971 	if (err)
972 		return err;
973 
974 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
975 	if (err)
976 		goto out_budg;
977 
978 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
979 
980 	inode = ubifs_new_inode(c, dir, S_IFDIR | mode);
981 	if (IS_ERR(inode)) {
982 		err = PTR_ERR(inode);
983 		goto out_fname;
984 	}
985 
986 	err = ubifs_init_security(dir, inode, &dentry->d_name);
987 	if (err)
988 		goto out_inode;
989 
990 	mutex_lock(&dir_ui->ui_mutex);
991 	insert_inode_hash(inode);
992 	inc_nlink(inode);
993 	inc_nlink(dir);
994 	dir->i_size += sz_change;
995 	dir_ui->ui_size = dir->i_size;
996 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
997 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
998 	if (err) {
999 		ubifs_err(c, "cannot create directory, error %d", err);
1000 		goto out_cancel;
1001 	}
1002 	mutex_unlock(&dir_ui->ui_mutex);
1003 
1004 	ubifs_release_budget(c, &req);
1005 	d_instantiate(dentry, inode);
1006 	fscrypt_free_filename(&nm);
1007 	return 0;
1008 
1009 out_cancel:
1010 	dir->i_size -= sz_change;
1011 	dir_ui->ui_size = dir->i_size;
1012 	drop_nlink(dir);
1013 	mutex_unlock(&dir_ui->ui_mutex);
1014 out_inode:
1015 	make_bad_inode(inode);
1016 	iput(inode);
1017 out_fname:
1018 	fscrypt_free_filename(&nm);
1019 out_budg:
1020 	ubifs_release_budget(c, &req);
1021 	return err;
1022 }
1023 
1024 static int ubifs_mknod(struct inode *dir, struct dentry *dentry,
1025 		       umode_t mode, dev_t rdev)
1026 {
1027 	struct inode *inode;
1028 	struct ubifs_inode *ui;
1029 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1030 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1031 	union ubifs_dev_desc *dev = NULL;
1032 	int sz_change;
1033 	int err, devlen = 0;
1034 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1035 					.dirtied_ino = 1 };
1036 	struct fscrypt_name nm;
1037 
1038 	/*
1039 	 * Budget request settings: new inode, new direntry and changing parent
1040 	 * directory inode.
1041 	 */
1042 
1043 	dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino);
1044 
1045 	if (S_ISBLK(mode) || S_ISCHR(mode)) {
1046 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1047 		if (!dev)
1048 			return -ENOMEM;
1049 		devlen = ubifs_encode_dev(dev, rdev);
1050 	}
1051 
1052 	req.new_ino_d = ALIGN(devlen, 8);
1053 	err = ubifs_budget_space(c, &req);
1054 	if (err) {
1055 		kfree(dev);
1056 		return err;
1057 	}
1058 
1059 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
1060 	if (err) {
1061 		kfree(dev);
1062 		goto out_budg;
1063 	}
1064 
1065 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1066 
1067 	inode = ubifs_new_inode(c, dir, mode);
1068 	if (IS_ERR(inode)) {
1069 		kfree(dev);
1070 		err = PTR_ERR(inode);
1071 		goto out_fname;
1072 	}
1073 
1074 	init_special_inode(inode, inode->i_mode, rdev);
1075 	inode->i_size = ubifs_inode(inode)->ui_size = devlen;
1076 	ui = ubifs_inode(inode);
1077 	ui->data = dev;
1078 	ui->data_len = devlen;
1079 
1080 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1081 	if (err)
1082 		goto out_inode;
1083 
1084 	mutex_lock(&dir_ui->ui_mutex);
1085 	dir->i_size += sz_change;
1086 	dir_ui->ui_size = dir->i_size;
1087 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1088 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1089 	if (err)
1090 		goto out_cancel;
1091 	mutex_unlock(&dir_ui->ui_mutex);
1092 
1093 	ubifs_release_budget(c, &req);
1094 	insert_inode_hash(inode);
1095 	d_instantiate(dentry, inode);
1096 	fscrypt_free_filename(&nm);
1097 	return 0;
1098 
1099 out_cancel:
1100 	dir->i_size -= sz_change;
1101 	dir_ui->ui_size = dir->i_size;
1102 	mutex_unlock(&dir_ui->ui_mutex);
1103 out_inode:
1104 	make_bad_inode(inode);
1105 	iput(inode);
1106 out_fname:
1107 	fscrypt_free_filename(&nm);
1108 out_budg:
1109 	ubifs_release_budget(c, &req);
1110 	return err;
1111 }
1112 
1113 static int ubifs_symlink(struct inode *dir, struct dentry *dentry,
1114 			 const char *symname)
1115 {
1116 	struct inode *inode;
1117 	struct ubifs_inode *ui;
1118 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1119 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1120 	int err, sz_change, len = strlen(symname);
1121 	struct fscrypt_str disk_link;
1122 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1123 					.new_ino_d = ALIGN(len, 8),
1124 					.dirtied_ino = 1 };
1125 	struct fscrypt_name nm;
1126 
1127 	dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry,
1128 		symname, dir->i_ino);
1129 
1130 	err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA,
1131 				      &disk_link);
1132 	if (err)
1133 		return err;
1134 
1135 	/*
1136 	 * Budget request settings: new inode, new direntry and changing parent
1137 	 * directory inode.
1138 	 */
1139 	err = ubifs_budget_space(c, &req);
1140 	if (err)
1141 		return err;
1142 
1143 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
1144 	if (err)
1145 		goto out_budg;
1146 
1147 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1148 
1149 	inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO);
1150 	if (IS_ERR(inode)) {
1151 		err = PTR_ERR(inode);
1152 		goto out_fname;
1153 	}
1154 
1155 	ui = ubifs_inode(inode);
1156 	ui->data = kmalloc(disk_link.len, GFP_NOFS);
1157 	if (!ui->data) {
1158 		err = -ENOMEM;
1159 		goto out_inode;
1160 	}
1161 
1162 	if (IS_ENCRYPTED(inode)) {
1163 		disk_link.name = ui->data; /* encrypt directly into ui->data */
1164 		err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link);
1165 		if (err)
1166 			goto out_inode;
1167 	} else {
1168 		memcpy(ui->data, disk_link.name, disk_link.len);
1169 		inode->i_link = ui->data;
1170 	}
1171 
1172 	/*
1173 	 * The terminating zero byte is not written to the flash media and it
1174 	 * is put just to make later in-memory string processing simpler. Thus,
1175 	 * data length is @disk_link.len - 1, not @disk_link.len.
1176 	 */
1177 	ui->data_len = disk_link.len - 1;
1178 	inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
1179 
1180 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1181 	if (err)
1182 		goto out_inode;
1183 
1184 	mutex_lock(&dir_ui->ui_mutex);
1185 	dir->i_size += sz_change;
1186 	dir_ui->ui_size = dir->i_size;
1187 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1188 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1189 	if (err)
1190 		goto out_cancel;
1191 	mutex_unlock(&dir_ui->ui_mutex);
1192 
1193 	insert_inode_hash(inode);
1194 	d_instantiate(dentry, inode);
1195 	err = 0;
1196 	goto out_fname;
1197 
1198 out_cancel:
1199 	dir->i_size -= sz_change;
1200 	dir_ui->ui_size = dir->i_size;
1201 	mutex_unlock(&dir_ui->ui_mutex);
1202 out_inode:
1203 	make_bad_inode(inode);
1204 	iput(inode);
1205 out_fname:
1206 	fscrypt_free_filename(&nm);
1207 out_budg:
1208 	ubifs_release_budget(c, &req);
1209 	return err;
1210 }
1211 
1212 /**
1213  * lock_4_inodes - a wrapper for locking three UBIFS inodes.
1214  * @inode1: first inode
1215  * @inode2: second inode
1216  * @inode3: third inode
1217  * @inode4: fouth inode
1218  *
1219  * This function is used for 'ubifs_rename()' and @inode1 may be the same as
1220  * @inode2 whereas @inode3 and @inode4 may be %NULL.
1221  *
1222  * We do not implement any tricks to guarantee strict lock ordering, because
1223  * VFS has already done it for us on the @i_mutex. So this is just a simple
1224  * wrapper function.
1225  */
1226 static void lock_4_inodes(struct inode *inode1, struct inode *inode2,
1227 			  struct inode *inode3, struct inode *inode4)
1228 {
1229 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
1230 	if (inode2 != inode1)
1231 		mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
1232 	if (inode3)
1233 		mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3);
1234 	if (inode4)
1235 		mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4);
1236 }
1237 
1238 /**
1239  * unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename.
1240  * @inode1: first inode
1241  * @inode2: second inode
1242  * @inode3: third inode
1243  * @inode4: fouth inode
1244  */
1245 static void unlock_4_inodes(struct inode *inode1, struct inode *inode2,
1246 			    struct inode *inode3, struct inode *inode4)
1247 {
1248 	if (inode4)
1249 		mutex_unlock(&ubifs_inode(inode4)->ui_mutex);
1250 	if (inode3)
1251 		mutex_unlock(&ubifs_inode(inode3)->ui_mutex);
1252 	if (inode1 != inode2)
1253 		mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
1254 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
1255 }
1256 
1257 static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
1258 		     struct inode *new_dir, struct dentry *new_dentry,
1259 		     unsigned int flags)
1260 {
1261 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1262 	struct inode *old_inode = d_inode(old_dentry);
1263 	struct inode *new_inode = d_inode(new_dentry);
1264 	struct inode *whiteout = NULL;
1265 	struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode);
1266 	struct ubifs_inode *whiteout_ui = NULL;
1267 	int err, release, sync = 0, move = (new_dir != old_dir);
1268 	int is_dir = S_ISDIR(old_inode->i_mode);
1269 	int unlink = !!new_inode, new_sz, old_sz;
1270 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1271 					.dirtied_ino = 3 };
1272 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
1273 			.dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
1274 	struct timespec64 time;
1275 	unsigned int uninitialized_var(saved_nlink);
1276 	struct fscrypt_name old_nm, new_nm;
1277 
1278 	/*
1279 	 * Budget request settings: deletion direntry, new direntry, removing
1280 	 * the old inode, and changing old and new parent directory inodes.
1281 	 *
1282 	 * However, this operation also marks the target inode as dirty and
1283 	 * does not write it, so we allocate budget for the target inode
1284 	 * separately.
1285 	 */
1286 
1287 	dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
1288 		old_dentry, old_inode->i_ino, old_dir->i_ino,
1289 		new_dentry, new_dir->i_ino, flags);
1290 
1291 	if (unlink) {
1292 		ubifs_assert(c, inode_is_locked(new_inode));
1293 
1294 		err = ubifs_purge_xattrs(new_inode);
1295 		if (err)
1296 			return err;
1297 	}
1298 
1299 	if (unlink && is_dir) {
1300 		err = ubifs_check_dir_empty(new_inode);
1301 		if (err)
1302 			return err;
1303 	}
1304 
1305 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm);
1306 	if (err)
1307 		return err;
1308 
1309 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm);
1310 	if (err) {
1311 		fscrypt_free_filename(&old_nm);
1312 		return err;
1313 	}
1314 
1315 	new_sz = CALC_DENT_SIZE(fname_len(&new_nm));
1316 	old_sz = CALC_DENT_SIZE(fname_len(&old_nm));
1317 
1318 	err = ubifs_budget_space(c, &req);
1319 	if (err) {
1320 		fscrypt_free_filename(&old_nm);
1321 		fscrypt_free_filename(&new_nm);
1322 		return err;
1323 	}
1324 	err = ubifs_budget_space(c, &ino_req);
1325 	if (err) {
1326 		fscrypt_free_filename(&old_nm);
1327 		fscrypt_free_filename(&new_nm);
1328 		ubifs_release_budget(c, &req);
1329 		return err;
1330 	}
1331 
1332 	if (flags & RENAME_WHITEOUT) {
1333 		union ubifs_dev_desc *dev = NULL;
1334 
1335 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1336 		if (!dev) {
1337 			err = -ENOMEM;
1338 			goto out_release;
1339 		}
1340 
1341 		err = do_tmpfile(old_dir, old_dentry, S_IFCHR | WHITEOUT_MODE, &whiteout);
1342 		if (err) {
1343 			kfree(dev);
1344 			goto out_release;
1345 		}
1346 
1347 		whiteout->i_state |= I_LINKABLE;
1348 		whiteout_ui = ubifs_inode(whiteout);
1349 		whiteout_ui->data = dev;
1350 		whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
1351 		ubifs_assert(c, !whiteout_ui->dirty);
1352 	}
1353 
1354 	lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1355 
1356 	/*
1357 	 * Like most other Unix systems, set the @i_ctime for inodes on a
1358 	 * rename.
1359 	 */
1360 	time = current_time(old_dir);
1361 	old_inode->i_ctime = time;
1362 
1363 	/* We must adjust parent link count when renaming directories */
1364 	if (is_dir) {
1365 		if (move) {
1366 			/*
1367 			 * @old_dir loses a link because we are moving
1368 			 * @old_inode to a different directory.
1369 			 */
1370 			drop_nlink(old_dir);
1371 			/*
1372 			 * @new_dir only gains a link if we are not also
1373 			 * overwriting an existing directory.
1374 			 */
1375 			if (!unlink)
1376 				inc_nlink(new_dir);
1377 		} else {
1378 			/*
1379 			 * @old_inode is not moving to a different directory,
1380 			 * but @old_dir still loses a link if we are
1381 			 * overwriting an existing directory.
1382 			 */
1383 			if (unlink)
1384 				drop_nlink(old_dir);
1385 		}
1386 	}
1387 
1388 	old_dir->i_size -= old_sz;
1389 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1390 	old_dir->i_mtime = old_dir->i_ctime = time;
1391 	new_dir->i_mtime = new_dir->i_ctime = time;
1392 
1393 	/*
1394 	 * And finally, if we unlinked a direntry which happened to have the
1395 	 * same name as the moved direntry, we have to decrement @i_nlink of
1396 	 * the unlinked inode and change its ctime.
1397 	 */
1398 	if (unlink) {
1399 		/*
1400 		 * Directories cannot have hard-links, so if this is a
1401 		 * directory, just clear @i_nlink.
1402 		 */
1403 		saved_nlink = new_inode->i_nlink;
1404 		if (is_dir)
1405 			clear_nlink(new_inode);
1406 		else
1407 			drop_nlink(new_inode);
1408 		new_inode->i_ctime = time;
1409 	} else {
1410 		new_dir->i_size += new_sz;
1411 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1412 	}
1413 
1414 	/*
1415 	 * Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode
1416 	 * is dirty, because this will be done later on at the end of
1417 	 * 'ubifs_rename()'.
1418 	 */
1419 	if (IS_SYNC(old_inode)) {
1420 		sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1421 		if (unlink && IS_SYNC(new_inode))
1422 			sync = 1;
1423 	}
1424 
1425 	if (whiteout) {
1426 		struct ubifs_budget_req wht_req = { .dirtied_ino = 1,
1427 				.dirtied_ino_d = \
1428 				ALIGN(ubifs_inode(whiteout)->data_len, 8) };
1429 
1430 		err = ubifs_budget_space(c, &wht_req);
1431 		if (err) {
1432 			kfree(whiteout_ui->data);
1433 			whiteout_ui->data_len = 0;
1434 			iput(whiteout);
1435 			goto out_release;
1436 		}
1437 
1438 		inc_nlink(whiteout);
1439 		mark_inode_dirty(whiteout);
1440 		whiteout->i_state &= ~I_LINKABLE;
1441 		iput(whiteout);
1442 	}
1443 
1444 	err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
1445 			       new_inode, &new_nm, whiteout, sync);
1446 	if (err)
1447 		goto out_cancel;
1448 
1449 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1450 	ubifs_release_budget(c, &req);
1451 
1452 	mutex_lock(&old_inode_ui->ui_mutex);
1453 	release = old_inode_ui->dirty;
1454 	mark_inode_dirty_sync(old_inode);
1455 	mutex_unlock(&old_inode_ui->ui_mutex);
1456 
1457 	if (release)
1458 		ubifs_release_budget(c, &ino_req);
1459 	if (IS_SYNC(old_inode))
1460 		err = old_inode->i_sb->s_op->write_inode(old_inode, NULL);
1461 
1462 	fscrypt_free_filename(&old_nm);
1463 	fscrypt_free_filename(&new_nm);
1464 	return err;
1465 
1466 out_cancel:
1467 	if (unlink) {
1468 		set_nlink(new_inode, saved_nlink);
1469 	} else {
1470 		new_dir->i_size -= new_sz;
1471 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1472 	}
1473 	old_dir->i_size += old_sz;
1474 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1475 	if (is_dir) {
1476 		if (move) {
1477 			inc_nlink(old_dir);
1478 			if (!unlink)
1479 				drop_nlink(new_dir);
1480 		} else {
1481 			if (unlink)
1482 				inc_nlink(old_dir);
1483 		}
1484 	}
1485 	if (whiteout) {
1486 		drop_nlink(whiteout);
1487 		iput(whiteout);
1488 	}
1489 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1490 out_release:
1491 	ubifs_release_budget(c, &ino_req);
1492 	ubifs_release_budget(c, &req);
1493 	fscrypt_free_filename(&old_nm);
1494 	fscrypt_free_filename(&new_nm);
1495 	return err;
1496 }
1497 
1498 static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry,
1499 			struct inode *new_dir, struct dentry *new_dentry)
1500 {
1501 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1502 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1503 				.dirtied_ino = 2 };
1504 	int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1505 	struct inode *fst_inode = d_inode(old_dentry);
1506 	struct inode *snd_inode = d_inode(new_dentry);
1507 	struct timespec64 time;
1508 	int err;
1509 	struct fscrypt_name fst_nm, snd_nm;
1510 
1511 	ubifs_assert(c, fst_inode && snd_inode);
1512 
1513 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm);
1514 	if (err)
1515 		return err;
1516 
1517 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm);
1518 	if (err) {
1519 		fscrypt_free_filename(&fst_nm);
1520 		return err;
1521 	}
1522 
1523 	lock_4_inodes(old_dir, new_dir, NULL, NULL);
1524 
1525 	time = current_time(old_dir);
1526 	fst_inode->i_ctime = time;
1527 	snd_inode->i_ctime = time;
1528 	old_dir->i_mtime = old_dir->i_ctime = time;
1529 	new_dir->i_mtime = new_dir->i_ctime = time;
1530 
1531 	if (old_dir != new_dir) {
1532 		if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) {
1533 			inc_nlink(new_dir);
1534 			drop_nlink(old_dir);
1535 		}
1536 		else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) {
1537 			drop_nlink(new_dir);
1538 			inc_nlink(old_dir);
1539 		}
1540 	}
1541 
1542 	err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir,
1543 				snd_inode, &snd_nm, sync);
1544 
1545 	unlock_4_inodes(old_dir, new_dir, NULL, NULL);
1546 	ubifs_release_budget(c, &req);
1547 
1548 	fscrypt_free_filename(&fst_nm);
1549 	fscrypt_free_filename(&snd_nm);
1550 	return err;
1551 }
1552 
1553 static int ubifs_rename(struct inode *old_dir, struct dentry *old_dentry,
1554 			struct inode *new_dir, struct dentry *new_dentry,
1555 			unsigned int flags)
1556 {
1557 	int err;
1558 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1559 
1560 	if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE))
1561 		return -EINVAL;
1562 
1563 	ubifs_assert(c, inode_is_locked(old_dir));
1564 	ubifs_assert(c, inode_is_locked(new_dir));
1565 
1566 	err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
1567 				     flags);
1568 	if (err)
1569 		return err;
1570 
1571 	if (flags & RENAME_EXCHANGE)
1572 		return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry);
1573 
1574 	return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
1575 }
1576 
1577 int ubifs_getattr(const struct path *path, struct kstat *stat,
1578 		  u32 request_mask, unsigned int flags)
1579 {
1580 	loff_t size;
1581 	struct inode *inode = d_inode(path->dentry);
1582 	struct ubifs_inode *ui = ubifs_inode(inode);
1583 
1584 	mutex_lock(&ui->ui_mutex);
1585 
1586 	if (ui->flags & UBIFS_APPEND_FL)
1587 		stat->attributes |= STATX_ATTR_APPEND;
1588 	if (ui->flags & UBIFS_COMPR_FL)
1589 		stat->attributes |= STATX_ATTR_COMPRESSED;
1590 	if (ui->flags & UBIFS_CRYPT_FL)
1591 		stat->attributes |= STATX_ATTR_ENCRYPTED;
1592 	if (ui->flags & UBIFS_IMMUTABLE_FL)
1593 		stat->attributes |= STATX_ATTR_IMMUTABLE;
1594 
1595 	stat->attributes_mask |= (STATX_ATTR_APPEND |
1596 				STATX_ATTR_COMPRESSED |
1597 				STATX_ATTR_ENCRYPTED |
1598 				STATX_ATTR_IMMUTABLE);
1599 
1600 	generic_fillattr(inode, stat);
1601 	stat->blksize = UBIFS_BLOCK_SIZE;
1602 	stat->size = ui->ui_size;
1603 
1604 	/*
1605 	 * Unfortunately, the 'stat()' system call was designed for block
1606 	 * device based file systems, and it is not appropriate for UBIFS,
1607 	 * because UBIFS does not have notion of "block". For example, it is
1608 	 * difficult to tell how many block a directory takes - it actually
1609 	 * takes less than 300 bytes, but we have to round it to block size,
1610 	 * which introduces large mistake. This makes utilities like 'du' to
1611 	 * report completely senseless numbers. This is the reason why UBIFS
1612 	 * goes the same way as JFFS2 - it reports zero blocks for everything
1613 	 * but regular files, which makes more sense than reporting completely
1614 	 * wrong sizes.
1615 	 */
1616 	if (S_ISREG(inode->i_mode)) {
1617 		size = ui->xattr_size;
1618 		size += stat->size;
1619 		size = ALIGN(size, UBIFS_BLOCK_SIZE);
1620 		/*
1621 		 * Note, user-space expects 512-byte blocks count irrespectively
1622 		 * of what was reported in @stat->size.
1623 		 */
1624 		stat->blocks = size >> 9;
1625 	} else
1626 		stat->blocks = 0;
1627 	mutex_unlock(&ui->ui_mutex);
1628 	return 0;
1629 }
1630 
1631 static int ubifs_dir_open(struct inode *dir, struct file *file)
1632 {
1633 	if (ubifs_crypt_is_encrypted(dir))
1634 		return fscrypt_get_encryption_info(dir) ? -EACCES : 0;
1635 
1636 	return 0;
1637 }
1638 
1639 const struct inode_operations ubifs_dir_inode_operations = {
1640 	.lookup      = ubifs_lookup,
1641 	.create      = ubifs_create,
1642 	.link        = ubifs_link,
1643 	.symlink     = ubifs_symlink,
1644 	.unlink      = ubifs_unlink,
1645 	.mkdir       = ubifs_mkdir,
1646 	.rmdir       = ubifs_rmdir,
1647 	.mknod       = ubifs_mknod,
1648 	.rename      = ubifs_rename,
1649 	.setattr     = ubifs_setattr,
1650 	.getattr     = ubifs_getattr,
1651 #ifdef CONFIG_UBIFS_FS_XATTR
1652 	.listxattr   = ubifs_listxattr,
1653 #endif
1654 	.update_time = ubifs_update_time,
1655 	.tmpfile     = ubifs_tmpfile,
1656 };
1657 
1658 const struct file_operations ubifs_dir_operations = {
1659 	.llseek         = generic_file_llseek,
1660 	.release        = ubifs_dir_release,
1661 	.read           = generic_read_dir,
1662 	.iterate_shared = ubifs_readdir,
1663 	.fsync          = ubifs_fsync,
1664 	.unlocked_ioctl = ubifs_ioctl,
1665 	.open		= ubifs_dir_open,
1666 #ifdef CONFIG_COMPAT
1667 	.compat_ioctl   = ubifs_compat_ioctl,
1668 #endif
1669 };
1670