xref: /openbmc/linux/fs/ubifs/dir.c (revision 7f2e85840871f199057e65232ebde846192ed989)
1 /* * This file is part of UBIFS.
2  *
3  * Copyright (C) 2006-2008 Nokia Corporation.
4  * Copyright (C) 2006, 2007 University of Szeged, Hungary
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License version 2 as published by
8  * the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
13  * more details.
14  *
15  * You should have received a copy of the GNU General Public License along with
16  * this program; if not, write to the Free Software Foundation, Inc., 51
17  * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18  *
19  * Authors: Artem Bityutskiy (Битюцкий Артём)
20  *          Adrian Hunter
21  *          Zoltan Sogor
22  */
23 
24 /*
25  * This file implements directory operations.
26  *
27  * All FS operations in this file allocate budget before writing anything to the
28  * media. If they fail to allocate it, the error is returned. The only
29  * exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even
30  * if they unable to allocate the budget, because deletion %-ENOSPC failure is
31  * not what users are usually ready to get. UBIFS budgeting subsystem has some
32  * space reserved for these purposes.
33  *
34  * All operations in this file write all inodes which they change straight
35  * away, instead of marking them dirty. For example, 'ubifs_link()' changes
36  * @i_size of the parent inode and writes the parent inode together with the
37  * target inode. This was done to simplify file-system recovery which would
38  * otherwise be very difficult to do. The only exception is rename which marks
39  * the re-named inode dirty (because its @i_ctime is updated) but does not
40  * write it, but just marks it as dirty.
41  */
42 
43 #include "ubifs.h"
44 
45 /**
46  * inherit_flags - inherit flags of the parent inode.
47  * @dir: parent inode
48  * @mode: new inode mode flags
49  *
50  * This is a helper function for 'ubifs_new_inode()' which inherits flag of the
51  * parent directory inode @dir. UBIFS inodes inherit the following flags:
52  * o %UBIFS_COMPR_FL, which is useful to switch compression on/of on
53  *   sub-directory basis;
54  * o %UBIFS_SYNC_FL - useful for the same reasons;
55  * o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories.
56  *
57  * This function returns the inherited flags.
58  */
59 static int inherit_flags(const struct inode *dir, umode_t mode)
60 {
61 	int flags;
62 	const struct ubifs_inode *ui = ubifs_inode(dir);
63 
64 	if (!S_ISDIR(dir->i_mode))
65 		/*
66 		 * The parent is not a directory, which means that an extended
67 		 * attribute inode is being created. No flags.
68 		 */
69 		return 0;
70 
71 	flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL);
72 	if (!S_ISDIR(mode))
73 		/* The "DIRSYNC" flag only applies to directories */
74 		flags &= ~UBIFS_DIRSYNC_FL;
75 	return flags;
76 }
77 
78 /**
79  * ubifs_new_inode - allocate new UBIFS inode object.
80  * @c: UBIFS file-system description object
81  * @dir: parent directory inode
82  * @mode: inode mode flags
83  *
84  * This function finds an unused inode number, allocates new inode and
85  * initializes it. Returns new inode in case of success and an error code in
86  * case of failure.
87  */
88 struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
89 			      umode_t mode)
90 {
91 	int err;
92 	struct inode *inode;
93 	struct ubifs_inode *ui;
94 	bool encrypted = false;
95 
96 	if (ubifs_crypt_is_encrypted(dir)) {
97 		err = fscrypt_get_encryption_info(dir);
98 		if (err) {
99 			ubifs_err(c, "fscrypt_get_encryption_info failed: %i", err);
100 			return ERR_PTR(err);
101 		}
102 
103 		if (!fscrypt_has_encryption_key(dir))
104 			return ERR_PTR(-EPERM);
105 
106 		encrypted = true;
107 	}
108 
109 	inode = new_inode(c->vfs_sb);
110 	ui = ubifs_inode(inode);
111 	if (!inode)
112 		return ERR_PTR(-ENOMEM);
113 
114 	/*
115 	 * Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and
116 	 * marking them dirty in file write path (see 'file_update_time()').
117 	 * UBIFS has to fully control "clean <-> dirty" transitions of inodes
118 	 * to make budgeting work.
119 	 */
120 	inode->i_flags |= S_NOCMTIME;
121 
122 	inode_init_owner(inode, dir, mode);
123 	inode->i_mtime = inode->i_atime = inode->i_ctime =
124 			 current_time(inode);
125 	inode->i_mapping->nrpages = 0;
126 
127 	switch (mode & S_IFMT) {
128 	case S_IFREG:
129 		inode->i_mapping->a_ops = &ubifs_file_address_operations;
130 		inode->i_op = &ubifs_file_inode_operations;
131 		inode->i_fop = &ubifs_file_operations;
132 		break;
133 	case S_IFDIR:
134 		inode->i_op  = &ubifs_dir_inode_operations;
135 		inode->i_fop = &ubifs_dir_operations;
136 		inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ;
137 		break;
138 	case S_IFLNK:
139 		inode->i_op = &ubifs_symlink_inode_operations;
140 		break;
141 	case S_IFSOCK:
142 	case S_IFIFO:
143 	case S_IFBLK:
144 	case S_IFCHR:
145 		inode->i_op  = &ubifs_file_inode_operations;
146 		encrypted = false;
147 		break;
148 	default:
149 		BUG();
150 	}
151 
152 	ui->flags = inherit_flags(dir, mode);
153 	ubifs_set_inode_flags(inode);
154 	if (S_ISREG(mode))
155 		ui->compr_type = c->default_compr;
156 	else
157 		ui->compr_type = UBIFS_COMPR_NONE;
158 	ui->synced_i_size = 0;
159 
160 	spin_lock(&c->cnt_lock);
161 	/* Inode number overflow is currently not supported */
162 	if (c->highest_inum >= INUM_WARN_WATERMARK) {
163 		if (c->highest_inum >= INUM_WATERMARK) {
164 			spin_unlock(&c->cnt_lock);
165 			ubifs_err(c, "out of inode numbers");
166 			make_bad_inode(inode);
167 			iput(inode);
168 			return ERR_PTR(-EINVAL);
169 		}
170 		ubifs_warn(c, "running out of inode numbers (current %lu, max %u)",
171 			   (unsigned long)c->highest_inum, INUM_WATERMARK);
172 	}
173 
174 	inode->i_ino = ++c->highest_inum;
175 	/*
176 	 * The creation sequence number remains with this inode for its
177 	 * lifetime. All nodes for this inode have a greater sequence number,
178 	 * and so it is possible to distinguish obsolete nodes belonging to a
179 	 * previous incarnation of the same inode number - for example, for the
180 	 * purpose of rebuilding the index.
181 	 */
182 	ui->creat_sqnum = ++c->max_sqnum;
183 	spin_unlock(&c->cnt_lock);
184 
185 	if (encrypted) {
186 		err = fscrypt_inherit_context(dir, inode, &encrypted, true);
187 		if (err) {
188 			ubifs_err(c, "fscrypt_inherit_context failed: %i", err);
189 			make_bad_inode(inode);
190 			iput(inode);
191 			return ERR_PTR(err);
192 		}
193 	}
194 
195 	return inode;
196 }
197 
198 static int dbg_check_name(const struct ubifs_info *c,
199 			  const struct ubifs_dent_node *dent,
200 			  const struct fscrypt_name *nm)
201 {
202 	if (!dbg_is_chk_gen(c))
203 		return 0;
204 	if (le16_to_cpu(dent->nlen) != fname_len(nm))
205 		return -EINVAL;
206 	if (memcmp(dent->name, fname_name(nm), fname_len(nm)))
207 		return -EINVAL;
208 	return 0;
209 }
210 
211 static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
212 				   unsigned int flags)
213 {
214 	int err;
215 	union ubifs_key key;
216 	struct inode *inode = NULL;
217 	struct ubifs_dent_node *dent;
218 	struct ubifs_info *c = dir->i_sb->s_fs_info;
219 	struct fscrypt_name nm;
220 
221 	dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino);
222 
223 	err = fscrypt_prepare_lookup(dir, dentry, flags);
224 	if (err)
225 		return ERR_PTR(err);
226 
227 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
228 	if (err)
229 		return ERR_PTR(err);
230 
231 	if (fname_len(&nm) > UBIFS_MAX_NLEN) {
232 		err = -ENAMETOOLONG;
233 		goto out_fname;
234 	}
235 
236 	dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
237 	if (!dent) {
238 		err = -ENOMEM;
239 		goto out_fname;
240 	}
241 
242 	if (nm.hash) {
243 		ubifs_assert(fname_len(&nm) == 0);
244 		ubifs_assert(fname_name(&nm) == NULL);
245 		dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
246 		err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
247 	} else {
248 		dent_key_init(c, &key, dir->i_ino, &nm);
249 		err = ubifs_tnc_lookup_nm(c, &key, dent, &nm);
250 	}
251 
252 	if (err) {
253 		if (err == -ENOENT) {
254 			dbg_gen("not found");
255 			goto done;
256 		}
257 		goto out_dent;
258 	}
259 
260 	if (dbg_check_name(c, dent, &nm)) {
261 		err = -EINVAL;
262 		goto out_dent;
263 	}
264 
265 	inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum));
266 	if (IS_ERR(inode)) {
267 		/*
268 		 * This should not happen. Probably the file-system needs
269 		 * checking.
270 		 */
271 		err = PTR_ERR(inode);
272 		ubifs_err(c, "dead directory entry '%pd', error %d",
273 			  dentry, err);
274 		ubifs_ro_mode(c, err);
275 		goto out_dent;
276 	}
277 
278 	if (ubifs_crypt_is_encrypted(dir) &&
279 	    (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
280 	    !fscrypt_has_permitted_context(dir, inode)) {
281 		ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
282 			   dir->i_ino, inode->i_ino);
283 		err = -EPERM;
284 		goto out_inode;
285 	}
286 
287 done:
288 	kfree(dent);
289 	fscrypt_free_filename(&nm);
290 	/*
291 	 * Note, d_splice_alias() would be required instead if we supported
292 	 * NFS.
293 	 */
294 	d_add(dentry, inode);
295 	return NULL;
296 
297 out_inode:
298 	iput(inode);
299 out_dent:
300 	kfree(dent);
301 out_fname:
302 	fscrypt_free_filename(&nm);
303 	return ERR_PTR(err);
304 }
305 
306 static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
307 			bool excl)
308 {
309 	struct inode *inode;
310 	struct ubifs_info *c = dir->i_sb->s_fs_info;
311 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
312 					.dirtied_ino = 1 };
313 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
314 	struct fscrypt_name nm;
315 	int err, sz_change;
316 
317 	/*
318 	 * Budget request settings: new inode, new direntry, changing the
319 	 * parent directory inode.
320 	 */
321 
322 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
323 		dentry, mode, dir->i_ino);
324 
325 	err = ubifs_budget_space(c, &req);
326 	if (err)
327 		return err;
328 
329 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
330 	if (err)
331 		goto out_budg;
332 
333 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
334 
335 	inode = ubifs_new_inode(c, dir, mode);
336 	if (IS_ERR(inode)) {
337 		err = PTR_ERR(inode);
338 		goto out_fname;
339 	}
340 
341 	err = ubifs_init_security(dir, inode, &dentry->d_name);
342 	if (err)
343 		goto out_inode;
344 
345 	mutex_lock(&dir_ui->ui_mutex);
346 	dir->i_size += sz_change;
347 	dir_ui->ui_size = dir->i_size;
348 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
349 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
350 	if (err)
351 		goto out_cancel;
352 	mutex_unlock(&dir_ui->ui_mutex);
353 
354 	ubifs_release_budget(c, &req);
355 	fscrypt_free_filename(&nm);
356 	insert_inode_hash(inode);
357 	d_instantiate(dentry, inode);
358 	return 0;
359 
360 out_cancel:
361 	dir->i_size -= sz_change;
362 	dir_ui->ui_size = dir->i_size;
363 	mutex_unlock(&dir_ui->ui_mutex);
364 out_inode:
365 	make_bad_inode(inode);
366 	iput(inode);
367 out_fname:
368 	fscrypt_free_filename(&nm);
369 out_budg:
370 	ubifs_release_budget(c, &req);
371 	ubifs_err(c, "cannot create regular file, error %d", err);
372 	return err;
373 }
374 
375 static int do_tmpfile(struct inode *dir, struct dentry *dentry,
376 		      umode_t mode, struct inode **whiteout)
377 {
378 	struct inode *inode;
379 	struct ubifs_info *c = dir->i_sb->s_fs_info;
380 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1};
381 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
382 	struct ubifs_inode *ui, *dir_ui = ubifs_inode(dir);
383 	int err, instantiated = 0;
384 	struct fscrypt_name nm;
385 
386 	/*
387 	 * Budget request settings: new dirty inode, new direntry,
388 	 * budget for dirtied inode will be released via writeback.
389 	 */
390 
391 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
392 		dentry, mode, dir->i_ino);
393 
394 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
395 	if (err)
396 		return err;
397 
398 	err = ubifs_budget_space(c, &req);
399 	if (err) {
400 		fscrypt_free_filename(&nm);
401 		return err;
402 	}
403 
404 	err = ubifs_budget_space(c, &ino_req);
405 	if (err) {
406 		ubifs_release_budget(c, &req);
407 		fscrypt_free_filename(&nm);
408 		return err;
409 	}
410 
411 	inode = ubifs_new_inode(c, dir, mode);
412 	if (IS_ERR(inode)) {
413 		err = PTR_ERR(inode);
414 		goto out_budg;
415 	}
416 	ui = ubifs_inode(inode);
417 
418 	if (whiteout) {
419 		init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
420 		ubifs_assert(inode->i_op == &ubifs_file_inode_operations);
421 	}
422 
423 	err = ubifs_init_security(dir, inode, &dentry->d_name);
424 	if (err)
425 		goto out_inode;
426 
427 	mutex_lock(&ui->ui_mutex);
428 	insert_inode_hash(inode);
429 
430 	if (whiteout) {
431 		mark_inode_dirty(inode);
432 		drop_nlink(inode);
433 		*whiteout = inode;
434 	} else {
435 		d_tmpfile(dentry, inode);
436 	}
437 	ubifs_assert(ui->dirty);
438 
439 	instantiated = 1;
440 	mutex_unlock(&ui->ui_mutex);
441 
442 	mutex_lock(&dir_ui->ui_mutex);
443 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
444 	if (err)
445 		goto out_cancel;
446 	mutex_unlock(&dir_ui->ui_mutex);
447 
448 	ubifs_release_budget(c, &req);
449 
450 	return 0;
451 
452 out_cancel:
453 	mutex_unlock(&dir_ui->ui_mutex);
454 out_inode:
455 	make_bad_inode(inode);
456 	if (!instantiated)
457 		iput(inode);
458 out_budg:
459 	ubifs_release_budget(c, &req);
460 	if (!instantiated)
461 		ubifs_release_budget(c, &ino_req);
462 	fscrypt_free_filename(&nm);
463 	ubifs_err(c, "cannot create temporary file, error %d", err);
464 	return err;
465 }
466 
467 static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry,
468 			 umode_t mode)
469 {
470 	return do_tmpfile(dir, dentry, mode, NULL);
471 }
472 
473 /**
474  * vfs_dent_type - get VFS directory entry type.
475  * @type: UBIFS directory entry type
476  *
477  * This function converts UBIFS directory entry type into VFS directory entry
478  * type.
479  */
480 static unsigned int vfs_dent_type(uint8_t type)
481 {
482 	switch (type) {
483 	case UBIFS_ITYPE_REG:
484 		return DT_REG;
485 	case UBIFS_ITYPE_DIR:
486 		return DT_DIR;
487 	case UBIFS_ITYPE_LNK:
488 		return DT_LNK;
489 	case UBIFS_ITYPE_BLK:
490 		return DT_BLK;
491 	case UBIFS_ITYPE_CHR:
492 		return DT_CHR;
493 	case UBIFS_ITYPE_FIFO:
494 		return DT_FIFO;
495 	case UBIFS_ITYPE_SOCK:
496 		return DT_SOCK;
497 	default:
498 		BUG();
499 	}
500 	return 0;
501 }
502 
503 /*
504  * The classical Unix view for directory is that it is a linear array of
505  * (name, inode number) entries. Linux/VFS assumes this model as well.
506  * Particularly, 'readdir()' call wants us to return a directory entry offset
507  * which later may be used to continue 'readdir()'ing the directory or to
508  * 'seek()' to that specific direntry. Obviously UBIFS does not really fit this
509  * model because directory entries are identified by keys, which may collide.
510  *
511  * UBIFS uses directory entry hash value for directory offsets, so
512  * 'seekdir()'/'telldir()' may not always work because of possible key
513  * collisions. But UBIFS guarantees that consecutive 'readdir()' calls work
514  * properly by means of saving full directory entry name in the private field
515  * of the file description object.
516  *
517  * This means that UBIFS cannot support NFS which requires full
518  * 'seekdir()'/'telldir()' support.
519  */
520 static int ubifs_readdir(struct file *file, struct dir_context *ctx)
521 {
522 	int fstr_real_len = 0, err = 0;
523 	struct fscrypt_name nm;
524 	struct fscrypt_str fstr = {0};
525 	union ubifs_key key;
526 	struct ubifs_dent_node *dent;
527 	struct inode *dir = file_inode(file);
528 	struct ubifs_info *c = dir->i_sb->s_fs_info;
529 	bool encrypted = ubifs_crypt_is_encrypted(dir);
530 
531 	dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos);
532 
533 	if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2)
534 		/*
535 		 * The directory was seek'ed to a senseless position or there
536 		 * are no more entries.
537 		 */
538 		return 0;
539 
540 	if (encrypted) {
541 		err = fscrypt_get_encryption_info(dir);
542 		if (err && err != -ENOKEY)
543 			return err;
544 
545 		err = fscrypt_fname_alloc_buffer(dir, UBIFS_MAX_NLEN, &fstr);
546 		if (err)
547 			return err;
548 
549 		fstr_real_len = fstr.len;
550 	}
551 
552 	if (file->f_version == 0) {
553 		/*
554 		 * The file was seek'ed, which means that @file->private_data
555 		 * is now invalid. This may also be just the first
556 		 * 'ubifs_readdir()' invocation, in which case
557 		 * @file->private_data is NULL, and the below code is
558 		 * basically a no-op.
559 		 */
560 		kfree(file->private_data);
561 		file->private_data = NULL;
562 	}
563 
564 	/*
565 	 * 'generic_file_llseek()' unconditionally sets @file->f_version to
566 	 * zero, and we use this for detecting whether the file was seek'ed.
567 	 */
568 	file->f_version = 1;
569 
570 	/* File positions 0 and 1 correspond to "." and ".." */
571 	if (ctx->pos < 2) {
572 		ubifs_assert(!file->private_data);
573 		if (!dir_emit_dots(file, ctx)) {
574 			if (encrypted)
575 				fscrypt_fname_free_buffer(&fstr);
576 			return 0;
577 		}
578 
579 		/* Find the first entry in TNC and save it */
580 		lowest_dent_key(c, &key, dir->i_ino);
581 		fname_len(&nm) = 0;
582 		dent = ubifs_tnc_next_ent(c, &key, &nm);
583 		if (IS_ERR(dent)) {
584 			err = PTR_ERR(dent);
585 			goto out;
586 		}
587 
588 		ctx->pos = key_hash_flash(c, &dent->key);
589 		file->private_data = dent;
590 	}
591 
592 	dent = file->private_data;
593 	if (!dent) {
594 		/*
595 		 * The directory was seek'ed to and is now readdir'ed.
596 		 * Find the entry corresponding to @ctx->pos or the closest one.
597 		 */
598 		dent_key_init_hash(c, &key, dir->i_ino, ctx->pos);
599 		fname_len(&nm) = 0;
600 		dent = ubifs_tnc_next_ent(c, &key, &nm);
601 		if (IS_ERR(dent)) {
602 			err = PTR_ERR(dent);
603 			goto out;
604 		}
605 		ctx->pos = key_hash_flash(c, &dent->key);
606 		file->private_data = dent;
607 	}
608 
609 	while (1) {
610 		dbg_gen("ino %llu, new f_pos %#x",
611 			(unsigned long long)le64_to_cpu(dent->inum),
612 			key_hash_flash(c, &dent->key));
613 		ubifs_assert(le64_to_cpu(dent->ch.sqnum) >
614 			     ubifs_inode(dir)->creat_sqnum);
615 
616 		fname_len(&nm) = le16_to_cpu(dent->nlen);
617 		fname_name(&nm) = dent->name;
618 
619 		if (encrypted) {
620 			fstr.len = fstr_real_len;
621 
622 			err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c,
623 							&dent->key),
624 							le32_to_cpu(dent->cookie),
625 							&nm.disk_name, &fstr);
626 			if (err)
627 				goto out;
628 		} else {
629 			fstr.len = fname_len(&nm);
630 			fstr.name = fname_name(&nm);
631 		}
632 
633 		if (!dir_emit(ctx, fstr.name, fstr.len,
634 			       le64_to_cpu(dent->inum),
635 			       vfs_dent_type(dent->type))) {
636 			if (encrypted)
637 				fscrypt_fname_free_buffer(&fstr);
638 			return 0;
639 		}
640 
641 		/* Switch to the next entry */
642 		key_read(c, &dent->key, &key);
643 		dent = ubifs_tnc_next_ent(c, &key, &nm);
644 		if (IS_ERR(dent)) {
645 			err = PTR_ERR(dent);
646 			goto out;
647 		}
648 
649 		kfree(file->private_data);
650 		ctx->pos = key_hash_flash(c, &dent->key);
651 		file->private_data = dent;
652 		cond_resched();
653 	}
654 
655 out:
656 	kfree(file->private_data);
657 	file->private_data = NULL;
658 
659 	if (encrypted)
660 		fscrypt_fname_free_buffer(&fstr);
661 
662 	if (err != -ENOENT)
663 		ubifs_err(c, "cannot find next direntry, error %d", err);
664 	else
665 		/*
666 		 * -ENOENT is a non-fatal error in this context, the TNC uses
667 		 * it to indicate that the cursor moved past the current directory
668 		 * and readdir() has to stop.
669 		 */
670 		err = 0;
671 
672 
673 	/* 2 is a special value indicating that there are no more direntries */
674 	ctx->pos = 2;
675 	return err;
676 }
677 
678 /* Free saved readdir() state when the directory is closed */
679 static int ubifs_dir_release(struct inode *dir, struct file *file)
680 {
681 	kfree(file->private_data);
682 	file->private_data = NULL;
683 	return 0;
684 }
685 
686 /**
687  * lock_2_inodes - a wrapper for locking two UBIFS inodes.
688  * @inode1: first inode
689  * @inode2: second inode
690  *
691  * We do not implement any tricks to guarantee strict lock ordering, because
692  * VFS has already done it for us on the @i_mutex. So this is just a simple
693  * wrapper function.
694  */
695 static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
696 {
697 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
698 	mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
699 }
700 
701 /**
702  * unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
703  * @inode1: first inode
704  * @inode2: second inode
705  */
706 static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
707 {
708 	mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
709 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
710 }
711 
712 static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
713 		      struct dentry *dentry)
714 {
715 	struct ubifs_info *c = dir->i_sb->s_fs_info;
716 	struct inode *inode = d_inode(old_dentry);
717 	struct ubifs_inode *ui = ubifs_inode(inode);
718 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
719 	int err, sz_change = CALC_DENT_SIZE(dentry->d_name.len);
720 	struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2,
721 				.dirtied_ino_d = ALIGN(ui->data_len, 8) };
722 	struct fscrypt_name nm;
723 
724 	/*
725 	 * Budget request settings: new direntry, changing the target inode,
726 	 * changing the parent inode.
727 	 */
728 
729 	dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu",
730 		dentry, inode->i_ino,
731 		inode->i_nlink, dir->i_ino);
732 	ubifs_assert(inode_is_locked(dir));
733 	ubifs_assert(inode_is_locked(inode));
734 
735 	err = fscrypt_prepare_link(old_dentry, dir, dentry);
736 	if (err)
737 		return err;
738 
739 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
740 	if (err)
741 		return err;
742 
743 	err = dbg_check_synced_i_size(c, inode);
744 	if (err)
745 		goto out_fname;
746 
747 	err = ubifs_budget_space(c, &req);
748 	if (err)
749 		goto out_fname;
750 
751 	lock_2_inodes(dir, inode);
752 
753 	/* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
754 	if (inode->i_nlink == 0)
755 		ubifs_delete_orphan(c, inode->i_ino);
756 
757 	inc_nlink(inode);
758 	ihold(inode);
759 	inode->i_ctime = current_time(inode);
760 	dir->i_size += sz_change;
761 	dir_ui->ui_size = dir->i_size;
762 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
763 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
764 	if (err)
765 		goto out_cancel;
766 	unlock_2_inodes(dir, inode);
767 
768 	ubifs_release_budget(c, &req);
769 	d_instantiate(dentry, inode);
770 	fscrypt_free_filename(&nm);
771 	return 0;
772 
773 out_cancel:
774 	dir->i_size -= sz_change;
775 	dir_ui->ui_size = dir->i_size;
776 	drop_nlink(inode);
777 	if (inode->i_nlink == 0)
778 		ubifs_add_orphan(c, inode->i_ino);
779 	unlock_2_inodes(dir, inode);
780 	ubifs_release_budget(c, &req);
781 	iput(inode);
782 out_fname:
783 	fscrypt_free_filename(&nm);
784 	return err;
785 }
786 
787 static int ubifs_unlink(struct inode *dir, struct dentry *dentry)
788 {
789 	struct ubifs_info *c = dir->i_sb->s_fs_info;
790 	struct inode *inode = d_inode(dentry);
791 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
792 	int err, sz_change, budgeted = 1;
793 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
794 	unsigned int saved_nlink = inode->i_nlink;
795 	struct fscrypt_name nm;
796 
797 	/*
798 	 * Budget request settings: deletion direntry, deletion inode (+1 for
799 	 * @dirtied_ino), changing the parent directory inode. If budgeting
800 	 * fails, go ahead anyway because we have extra space reserved for
801 	 * deletions.
802 	 */
803 
804 	dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu",
805 		dentry, inode->i_ino,
806 		inode->i_nlink, dir->i_ino);
807 
808 	if (ubifs_crypt_is_encrypted(dir)) {
809 		err = fscrypt_get_encryption_info(dir);
810 		if (err && err != -ENOKEY)
811 			return err;
812 	}
813 
814 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
815 	if (err)
816 		return err;
817 
818 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
819 
820 	ubifs_assert(inode_is_locked(dir));
821 	ubifs_assert(inode_is_locked(inode));
822 	err = dbg_check_synced_i_size(c, inode);
823 	if (err)
824 		goto out_fname;
825 
826 	err = ubifs_budget_space(c, &req);
827 	if (err) {
828 		if (err != -ENOSPC)
829 			goto out_fname;
830 		budgeted = 0;
831 	}
832 
833 	lock_2_inodes(dir, inode);
834 	inode->i_ctime = current_time(dir);
835 	drop_nlink(inode);
836 	dir->i_size -= sz_change;
837 	dir_ui->ui_size = dir->i_size;
838 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
839 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
840 	if (err)
841 		goto out_cancel;
842 	unlock_2_inodes(dir, inode);
843 
844 	if (budgeted)
845 		ubifs_release_budget(c, &req);
846 	else {
847 		/* We've deleted something - clean the "no space" flags */
848 		c->bi.nospace = c->bi.nospace_rp = 0;
849 		smp_wmb();
850 	}
851 	fscrypt_free_filename(&nm);
852 	return 0;
853 
854 out_cancel:
855 	dir->i_size += sz_change;
856 	dir_ui->ui_size = dir->i_size;
857 	set_nlink(inode, saved_nlink);
858 	unlock_2_inodes(dir, inode);
859 	if (budgeted)
860 		ubifs_release_budget(c, &req);
861 out_fname:
862 	fscrypt_free_filename(&nm);
863 	return err;
864 }
865 
866 /**
867  * check_dir_empty - check if a directory is empty or not.
868  * @dir: VFS inode object of the directory to check
869  *
870  * This function checks if directory @dir is empty. Returns zero if the
871  * directory is empty, %-ENOTEMPTY if it is not, and other negative error codes
872  * in case of of errors.
873  */
874 int ubifs_check_dir_empty(struct inode *dir)
875 {
876 	struct ubifs_info *c = dir->i_sb->s_fs_info;
877 	struct fscrypt_name nm = { 0 };
878 	struct ubifs_dent_node *dent;
879 	union ubifs_key key;
880 	int err;
881 
882 	lowest_dent_key(c, &key, dir->i_ino);
883 	dent = ubifs_tnc_next_ent(c, &key, &nm);
884 	if (IS_ERR(dent)) {
885 		err = PTR_ERR(dent);
886 		if (err == -ENOENT)
887 			err = 0;
888 	} else {
889 		kfree(dent);
890 		err = -ENOTEMPTY;
891 	}
892 	return err;
893 }
894 
895 static int ubifs_rmdir(struct inode *dir, struct dentry *dentry)
896 {
897 	struct ubifs_info *c = dir->i_sb->s_fs_info;
898 	struct inode *inode = d_inode(dentry);
899 	int err, sz_change, budgeted = 1;
900 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
901 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
902 	struct fscrypt_name nm;
903 
904 	/*
905 	 * Budget request settings: deletion direntry, deletion inode and
906 	 * changing the parent inode. If budgeting fails, go ahead anyway
907 	 * because we have extra space reserved for deletions.
908 	 */
909 
910 	dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry,
911 		inode->i_ino, dir->i_ino);
912 	ubifs_assert(inode_is_locked(dir));
913 	ubifs_assert(inode_is_locked(inode));
914 	err = ubifs_check_dir_empty(d_inode(dentry));
915 	if (err)
916 		return err;
917 
918 	if (ubifs_crypt_is_encrypted(dir)) {
919 		err = fscrypt_get_encryption_info(dir);
920 		if (err && err != -ENOKEY)
921 			return err;
922 	}
923 
924 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
925 	if (err)
926 		return err;
927 
928 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
929 
930 	err = ubifs_budget_space(c, &req);
931 	if (err) {
932 		if (err != -ENOSPC)
933 			goto out_fname;
934 		budgeted = 0;
935 	}
936 
937 	lock_2_inodes(dir, inode);
938 	inode->i_ctime = current_time(dir);
939 	clear_nlink(inode);
940 	drop_nlink(dir);
941 	dir->i_size -= sz_change;
942 	dir_ui->ui_size = dir->i_size;
943 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
944 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
945 	if (err)
946 		goto out_cancel;
947 	unlock_2_inodes(dir, inode);
948 
949 	if (budgeted)
950 		ubifs_release_budget(c, &req);
951 	else {
952 		/* We've deleted something - clean the "no space" flags */
953 		c->bi.nospace = c->bi.nospace_rp = 0;
954 		smp_wmb();
955 	}
956 	fscrypt_free_filename(&nm);
957 	return 0;
958 
959 out_cancel:
960 	dir->i_size += sz_change;
961 	dir_ui->ui_size = dir->i_size;
962 	inc_nlink(dir);
963 	set_nlink(inode, 2);
964 	unlock_2_inodes(dir, inode);
965 	if (budgeted)
966 		ubifs_release_budget(c, &req);
967 out_fname:
968 	fscrypt_free_filename(&nm);
969 	return err;
970 }
971 
972 static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
973 {
974 	struct inode *inode;
975 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
976 	struct ubifs_info *c = dir->i_sb->s_fs_info;
977 	int err, sz_change;
978 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1 };
979 	struct fscrypt_name nm;
980 
981 	/*
982 	 * Budget request settings: new inode, new direntry and changing parent
983 	 * directory inode.
984 	 */
985 
986 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
987 		dentry, mode, dir->i_ino);
988 
989 	err = ubifs_budget_space(c, &req);
990 	if (err)
991 		return err;
992 
993 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
994 	if (err)
995 		goto out_budg;
996 
997 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
998 
999 	inode = ubifs_new_inode(c, dir, S_IFDIR | mode);
1000 	if (IS_ERR(inode)) {
1001 		err = PTR_ERR(inode);
1002 		goto out_fname;
1003 	}
1004 
1005 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1006 	if (err)
1007 		goto out_inode;
1008 
1009 	mutex_lock(&dir_ui->ui_mutex);
1010 	insert_inode_hash(inode);
1011 	inc_nlink(inode);
1012 	inc_nlink(dir);
1013 	dir->i_size += sz_change;
1014 	dir_ui->ui_size = dir->i_size;
1015 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1016 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1017 	if (err) {
1018 		ubifs_err(c, "cannot create directory, error %d", err);
1019 		goto out_cancel;
1020 	}
1021 	mutex_unlock(&dir_ui->ui_mutex);
1022 
1023 	ubifs_release_budget(c, &req);
1024 	d_instantiate(dentry, inode);
1025 	fscrypt_free_filename(&nm);
1026 	return 0;
1027 
1028 out_cancel:
1029 	dir->i_size -= sz_change;
1030 	dir_ui->ui_size = dir->i_size;
1031 	drop_nlink(dir);
1032 	mutex_unlock(&dir_ui->ui_mutex);
1033 out_inode:
1034 	make_bad_inode(inode);
1035 	iput(inode);
1036 out_fname:
1037 	fscrypt_free_filename(&nm);
1038 out_budg:
1039 	ubifs_release_budget(c, &req);
1040 	return err;
1041 }
1042 
1043 static int ubifs_mknod(struct inode *dir, struct dentry *dentry,
1044 		       umode_t mode, dev_t rdev)
1045 {
1046 	struct inode *inode;
1047 	struct ubifs_inode *ui;
1048 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1049 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1050 	union ubifs_dev_desc *dev = NULL;
1051 	int sz_change;
1052 	int err, devlen = 0;
1053 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1054 					.dirtied_ino = 1 };
1055 	struct fscrypt_name nm;
1056 
1057 	/*
1058 	 * Budget request settings: new inode, new direntry and changing parent
1059 	 * directory inode.
1060 	 */
1061 
1062 	dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino);
1063 
1064 	if (S_ISBLK(mode) || S_ISCHR(mode)) {
1065 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1066 		if (!dev)
1067 			return -ENOMEM;
1068 		devlen = ubifs_encode_dev(dev, rdev);
1069 	}
1070 
1071 	req.new_ino_d = ALIGN(devlen, 8);
1072 	err = ubifs_budget_space(c, &req);
1073 	if (err) {
1074 		kfree(dev);
1075 		return err;
1076 	}
1077 
1078 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
1079 	if (err) {
1080 		kfree(dev);
1081 		goto out_budg;
1082 	}
1083 
1084 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1085 
1086 	inode = ubifs_new_inode(c, dir, mode);
1087 	if (IS_ERR(inode)) {
1088 		kfree(dev);
1089 		err = PTR_ERR(inode);
1090 		goto out_fname;
1091 	}
1092 
1093 	init_special_inode(inode, inode->i_mode, rdev);
1094 	inode->i_size = ubifs_inode(inode)->ui_size = devlen;
1095 	ui = ubifs_inode(inode);
1096 	ui->data = dev;
1097 	ui->data_len = devlen;
1098 
1099 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1100 	if (err)
1101 		goto out_inode;
1102 
1103 	mutex_lock(&dir_ui->ui_mutex);
1104 	dir->i_size += sz_change;
1105 	dir_ui->ui_size = dir->i_size;
1106 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1107 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1108 	if (err)
1109 		goto out_cancel;
1110 	mutex_unlock(&dir_ui->ui_mutex);
1111 
1112 	ubifs_release_budget(c, &req);
1113 	insert_inode_hash(inode);
1114 	d_instantiate(dentry, inode);
1115 	fscrypt_free_filename(&nm);
1116 	return 0;
1117 
1118 out_cancel:
1119 	dir->i_size -= sz_change;
1120 	dir_ui->ui_size = dir->i_size;
1121 	mutex_unlock(&dir_ui->ui_mutex);
1122 out_inode:
1123 	make_bad_inode(inode);
1124 	iput(inode);
1125 out_fname:
1126 	fscrypt_free_filename(&nm);
1127 out_budg:
1128 	ubifs_release_budget(c, &req);
1129 	return err;
1130 }
1131 
1132 static int ubifs_symlink(struct inode *dir, struct dentry *dentry,
1133 			 const char *symname)
1134 {
1135 	struct inode *inode;
1136 	struct ubifs_inode *ui;
1137 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1138 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1139 	int err, len = strlen(symname);
1140 	int sz_change = CALC_DENT_SIZE(len);
1141 	struct fscrypt_str disk_link;
1142 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1143 					.new_ino_d = ALIGN(len, 8),
1144 					.dirtied_ino = 1 };
1145 	struct fscrypt_name nm;
1146 
1147 	dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry,
1148 		symname, dir->i_ino);
1149 
1150 	err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA,
1151 				      &disk_link);
1152 	if (err)
1153 		return err;
1154 
1155 	/*
1156 	 * Budget request settings: new inode, new direntry and changing parent
1157 	 * directory inode.
1158 	 */
1159 	err = ubifs_budget_space(c, &req);
1160 	if (err)
1161 		return err;
1162 
1163 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
1164 	if (err)
1165 		goto out_budg;
1166 
1167 	inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO);
1168 	if (IS_ERR(inode)) {
1169 		err = PTR_ERR(inode);
1170 		goto out_fname;
1171 	}
1172 
1173 	ui = ubifs_inode(inode);
1174 	ui->data = kmalloc(disk_link.len, GFP_NOFS);
1175 	if (!ui->data) {
1176 		err = -ENOMEM;
1177 		goto out_inode;
1178 	}
1179 
1180 	if (IS_ENCRYPTED(inode)) {
1181 		disk_link.name = ui->data; /* encrypt directly into ui->data */
1182 		err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link);
1183 		if (err)
1184 			goto out_inode;
1185 	} else {
1186 		memcpy(ui->data, disk_link.name, disk_link.len);
1187 		inode->i_link = ui->data;
1188 	}
1189 
1190 	/*
1191 	 * The terminating zero byte is not written to the flash media and it
1192 	 * is put just to make later in-memory string processing simpler. Thus,
1193 	 * data length is @disk_link.len - 1, not @disk_link.len.
1194 	 */
1195 	ui->data_len = disk_link.len - 1;
1196 	inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
1197 
1198 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1199 	if (err)
1200 		goto out_inode;
1201 
1202 	mutex_lock(&dir_ui->ui_mutex);
1203 	dir->i_size += sz_change;
1204 	dir_ui->ui_size = dir->i_size;
1205 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1206 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1207 	if (err)
1208 		goto out_cancel;
1209 	mutex_unlock(&dir_ui->ui_mutex);
1210 
1211 	insert_inode_hash(inode);
1212 	d_instantiate(dentry, inode);
1213 	err = 0;
1214 	goto out_fname;
1215 
1216 out_cancel:
1217 	dir->i_size -= sz_change;
1218 	dir_ui->ui_size = dir->i_size;
1219 	mutex_unlock(&dir_ui->ui_mutex);
1220 out_inode:
1221 	make_bad_inode(inode);
1222 	iput(inode);
1223 out_fname:
1224 	fscrypt_free_filename(&nm);
1225 out_budg:
1226 	ubifs_release_budget(c, &req);
1227 	return err;
1228 }
1229 
1230 /**
1231  * lock_4_inodes - a wrapper for locking three UBIFS inodes.
1232  * @inode1: first inode
1233  * @inode2: second inode
1234  * @inode3: third inode
1235  * @inode4: fouth inode
1236  *
1237  * This function is used for 'ubifs_rename()' and @inode1 may be the same as
1238  * @inode2 whereas @inode3 and @inode4 may be %NULL.
1239  *
1240  * We do not implement any tricks to guarantee strict lock ordering, because
1241  * VFS has already done it for us on the @i_mutex. So this is just a simple
1242  * wrapper function.
1243  */
1244 static void lock_4_inodes(struct inode *inode1, struct inode *inode2,
1245 			  struct inode *inode3, struct inode *inode4)
1246 {
1247 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
1248 	if (inode2 != inode1)
1249 		mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
1250 	if (inode3)
1251 		mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3);
1252 	if (inode4)
1253 		mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4);
1254 }
1255 
1256 /**
1257  * unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename.
1258  * @inode1: first inode
1259  * @inode2: second inode
1260  * @inode3: third inode
1261  * @inode4: fouth inode
1262  */
1263 static void unlock_4_inodes(struct inode *inode1, struct inode *inode2,
1264 			    struct inode *inode3, struct inode *inode4)
1265 {
1266 	if (inode4)
1267 		mutex_unlock(&ubifs_inode(inode4)->ui_mutex);
1268 	if (inode3)
1269 		mutex_unlock(&ubifs_inode(inode3)->ui_mutex);
1270 	if (inode1 != inode2)
1271 		mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
1272 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
1273 }
1274 
1275 static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
1276 		     struct inode *new_dir, struct dentry *new_dentry,
1277 		     unsigned int flags)
1278 {
1279 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1280 	struct inode *old_inode = d_inode(old_dentry);
1281 	struct inode *new_inode = d_inode(new_dentry);
1282 	struct inode *whiteout = NULL;
1283 	struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode);
1284 	struct ubifs_inode *whiteout_ui = NULL;
1285 	int err, release, sync = 0, move = (new_dir != old_dir);
1286 	int is_dir = S_ISDIR(old_inode->i_mode);
1287 	int unlink = !!new_inode, new_sz, old_sz;
1288 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1289 					.dirtied_ino = 3 };
1290 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
1291 			.dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
1292 	struct timespec time;
1293 	unsigned int uninitialized_var(saved_nlink);
1294 	struct fscrypt_name old_nm, new_nm;
1295 
1296 	/*
1297 	 * Budget request settings: deletion direntry, new direntry, removing
1298 	 * the old inode, and changing old and new parent directory inodes.
1299 	 *
1300 	 * However, this operation also marks the target inode as dirty and
1301 	 * does not write it, so we allocate budget for the target inode
1302 	 * separately.
1303 	 */
1304 
1305 	dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
1306 		old_dentry, old_inode->i_ino, old_dir->i_ino,
1307 		new_dentry, new_dir->i_ino, flags);
1308 
1309 	if (unlink)
1310 		ubifs_assert(inode_is_locked(new_inode));
1311 
1312 	if (unlink && is_dir) {
1313 		err = ubifs_check_dir_empty(new_inode);
1314 		if (err)
1315 			return err;
1316 	}
1317 
1318 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm);
1319 	if (err)
1320 		return err;
1321 
1322 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm);
1323 	if (err) {
1324 		fscrypt_free_filename(&old_nm);
1325 		return err;
1326 	}
1327 
1328 	new_sz = CALC_DENT_SIZE(fname_len(&new_nm));
1329 	old_sz = CALC_DENT_SIZE(fname_len(&old_nm));
1330 
1331 	err = ubifs_budget_space(c, &req);
1332 	if (err) {
1333 		fscrypt_free_filename(&old_nm);
1334 		fscrypt_free_filename(&new_nm);
1335 		return err;
1336 	}
1337 	err = ubifs_budget_space(c, &ino_req);
1338 	if (err) {
1339 		fscrypt_free_filename(&old_nm);
1340 		fscrypt_free_filename(&new_nm);
1341 		ubifs_release_budget(c, &req);
1342 		return err;
1343 	}
1344 
1345 	if (flags & RENAME_WHITEOUT) {
1346 		union ubifs_dev_desc *dev = NULL;
1347 
1348 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1349 		if (!dev) {
1350 			err = -ENOMEM;
1351 			goto out_release;
1352 		}
1353 
1354 		err = do_tmpfile(old_dir, old_dentry, S_IFCHR | WHITEOUT_MODE, &whiteout);
1355 		if (err) {
1356 			kfree(dev);
1357 			goto out_release;
1358 		}
1359 
1360 		whiteout->i_state |= I_LINKABLE;
1361 		whiteout_ui = ubifs_inode(whiteout);
1362 		whiteout_ui->data = dev;
1363 		whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
1364 		ubifs_assert(!whiteout_ui->dirty);
1365 	}
1366 
1367 	lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1368 
1369 	/*
1370 	 * Like most other Unix systems, set the @i_ctime for inodes on a
1371 	 * rename.
1372 	 */
1373 	time = current_time(old_dir);
1374 	old_inode->i_ctime = time;
1375 
1376 	/* We must adjust parent link count when renaming directories */
1377 	if (is_dir) {
1378 		if (move) {
1379 			/*
1380 			 * @old_dir loses a link because we are moving
1381 			 * @old_inode to a different directory.
1382 			 */
1383 			drop_nlink(old_dir);
1384 			/*
1385 			 * @new_dir only gains a link if we are not also
1386 			 * overwriting an existing directory.
1387 			 */
1388 			if (!unlink)
1389 				inc_nlink(new_dir);
1390 		} else {
1391 			/*
1392 			 * @old_inode is not moving to a different directory,
1393 			 * but @old_dir still loses a link if we are
1394 			 * overwriting an existing directory.
1395 			 */
1396 			if (unlink)
1397 				drop_nlink(old_dir);
1398 		}
1399 	}
1400 
1401 	old_dir->i_size -= old_sz;
1402 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1403 	old_dir->i_mtime = old_dir->i_ctime = time;
1404 	new_dir->i_mtime = new_dir->i_ctime = time;
1405 
1406 	/*
1407 	 * And finally, if we unlinked a direntry which happened to have the
1408 	 * same name as the moved direntry, we have to decrement @i_nlink of
1409 	 * the unlinked inode and change its ctime.
1410 	 */
1411 	if (unlink) {
1412 		/*
1413 		 * Directories cannot have hard-links, so if this is a
1414 		 * directory, just clear @i_nlink.
1415 		 */
1416 		saved_nlink = new_inode->i_nlink;
1417 		if (is_dir)
1418 			clear_nlink(new_inode);
1419 		else
1420 			drop_nlink(new_inode);
1421 		new_inode->i_ctime = time;
1422 	} else {
1423 		new_dir->i_size += new_sz;
1424 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1425 	}
1426 
1427 	/*
1428 	 * Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode
1429 	 * is dirty, because this will be done later on at the end of
1430 	 * 'ubifs_rename()'.
1431 	 */
1432 	if (IS_SYNC(old_inode)) {
1433 		sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1434 		if (unlink && IS_SYNC(new_inode))
1435 			sync = 1;
1436 	}
1437 
1438 	if (whiteout) {
1439 		struct ubifs_budget_req wht_req = { .dirtied_ino = 1,
1440 				.dirtied_ino_d = \
1441 				ALIGN(ubifs_inode(whiteout)->data_len, 8) };
1442 
1443 		err = ubifs_budget_space(c, &wht_req);
1444 		if (err) {
1445 			kfree(whiteout_ui->data);
1446 			whiteout_ui->data_len = 0;
1447 			iput(whiteout);
1448 			goto out_release;
1449 		}
1450 
1451 		inc_nlink(whiteout);
1452 		mark_inode_dirty(whiteout);
1453 		whiteout->i_state &= ~I_LINKABLE;
1454 		iput(whiteout);
1455 	}
1456 
1457 	err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
1458 			       new_inode, &new_nm, whiteout, sync);
1459 	if (err)
1460 		goto out_cancel;
1461 
1462 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1463 	ubifs_release_budget(c, &req);
1464 
1465 	mutex_lock(&old_inode_ui->ui_mutex);
1466 	release = old_inode_ui->dirty;
1467 	mark_inode_dirty_sync(old_inode);
1468 	mutex_unlock(&old_inode_ui->ui_mutex);
1469 
1470 	if (release)
1471 		ubifs_release_budget(c, &ino_req);
1472 	if (IS_SYNC(old_inode))
1473 		err = old_inode->i_sb->s_op->write_inode(old_inode, NULL);
1474 
1475 	fscrypt_free_filename(&old_nm);
1476 	fscrypt_free_filename(&new_nm);
1477 	return err;
1478 
1479 out_cancel:
1480 	if (unlink) {
1481 		set_nlink(new_inode, saved_nlink);
1482 	} else {
1483 		new_dir->i_size -= new_sz;
1484 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1485 	}
1486 	old_dir->i_size += old_sz;
1487 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1488 	if (is_dir) {
1489 		if (move) {
1490 			inc_nlink(old_dir);
1491 			if (!unlink)
1492 				drop_nlink(new_dir);
1493 		} else {
1494 			if (unlink)
1495 				inc_nlink(old_dir);
1496 		}
1497 	}
1498 	if (whiteout) {
1499 		drop_nlink(whiteout);
1500 		iput(whiteout);
1501 	}
1502 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1503 out_release:
1504 	ubifs_release_budget(c, &ino_req);
1505 	ubifs_release_budget(c, &req);
1506 	fscrypt_free_filename(&old_nm);
1507 	fscrypt_free_filename(&new_nm);
1508 	return err;
1509 }
1510 
1511 static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry,
1512 			struct inode *new_dir, struct dentry *new_dentry)
1513 {
1514 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1515 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1516 				.dirtied_ino = 2 };
1517 	int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1518 	struct inode *fst_inode = d_inode(old_dentry);
1519 	struct inode *snd_inode = d_inode(new_dentry);
1520 	struct timespec time;
1521 	int err;
1522 	struct fscrypt_name fst_nm, snd_nm;
1523 
1524 	ubifs_assert(fst_inode && snd_inode);
1525 
1526 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm);
1527 	if (err)
1528 		return err;
1529 
1530 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm);
1531 	if (err) {
1532 		fscrypt_free_filename(&fst_nm);
1533 		return err;
1534 	}
1535 
1536 	lock_4_inodes(old_dir, new_dir, NULL, NULL);
1537 
1538 	time = current_time(old_dir);
1539 	fst_inode->i_ctime = time;
1540 	snd_inode->i_ctime = time;
1541 	old_dir->i_mtime = old_dir->i_ctime = time;
1542 	new_dir->i_mtime = new_dir->i_ctime = time;
1543 
1544 	if (old_dir != new_dir) {
1545 		if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) {
1546 			inc_nlink(new_dir);
1547 			drop_nlink(old_dir);
1548 		}
1549 		else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) {
1550 			drop_nlink(new_dir);
1551 			inc_nlink(old_dir);
1552 		}
1553 	}
1554 
1555 	err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir,
1556 				snd_inode, &snd_nm, sync);
1557 
1558 	unlock_4_inodes(old_dir, new_dir, NULL, NULL);
1559 	ubifs_release_budget(c, &req);
1560 
1561 	fscrypt_free_filename(&fst_nm);
1562 	fscrypt_free_filename(&snd_nm);
1563 	return err;
1564 }
1565 
1566 static int ubifs_rename(struct inode *old_dir, struct dentry *old_dentry,
1567 			struct inode *new_dir, struct dentry *new_dentry,
1568 			unsigned int flags)
1569 {
1570 	int err;
1571 
1572 	if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE))
1573 		return -EINVAL;
1574 
1575 	ubifs_assert(inode_is_locked(old_dir));
1576 	ubifs_assert(inode_is_locked(new_dir));
1577 
1578 	err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
1579 				     flags);
1580 	if (err)
1581 		return err;
1582 
1583 	if (flags & RENAME_EXCHANGE)
1584 		return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry);
1585 
1586 	return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
1587 }
1588 
1589 int ubifs_getattr(const struct path *path, struct kstat *stat,
1590 		  u32 request_mask, unsigned int flags)
1591 {
1592 	loff_t size;
1593 	struct inode *inode = d_inode(path->dentry);
1594 	struct ubifs_inode *ui = ubifs_inode(inode);
1595 
1596 	mutex_lock(&ui->ui_mutex);
1597 
1598 	if (ui->flags & UBIFS_APPEND_FL)
1599 		stat->attributes |= STATX_ATTR_APPEND;
1600 	if (ui->flags & UBIFS_COMPR_FL)
1601 		stat->attributes |= STATX_ATTR_COMPRESSED;
1602 	if (ui->flags & UBIFS_CRYPT_FL)
1603 		stat->attributes |= STATX_ATTR_ENCRYPTED;
1604 	if (ui->flags & UBIFS_IMMUTABLE_FL)
1605 		stat->attributes |= STATX_ATTR_IMMUTABLE;
1606 
1607 	stat->attributes_mask |= (STATX_ATTR_APPEND |
1608 				STATX_ATTR_COMPRESSED |
1609 				STATX_ATTR_ENCRYPTED |
1610 				STATX_ATTR_IMMUTABLE);
1611 
1612 	generic_fillattr(inode, stat);
1613 	stat->blksize = UBIFS_BLOCK_SIZE;
1614 	stat->size = ui->ui_size;
1615 
1616 	/*
1617 	 * Unfortunately, the 'stat()' system call was designed for block
1618 	 * device based file systems, and it is not appropriate for UBIFS,
1619 	 * because UBIFS does not have notion of "block". For example, it is
1620 	 * difficult to tell how many block a directory takes - it actually
1621 	 * takes less than 300 bytes, but we have to round it to block size,
1622 	 * which introduces large mistake. This makes utilities like 'du' to
1623 	 * report completely senseless numbers. This is the reason why UBIFS
1624 	 * goes the same way as JFFS2 - it reports zero blocks for everything
1625 	 * but regular files, which makes more sense than reporting completely
1626 	 * wrong sizes.
1627 	 */
1628 	if (S_ISREG(inode->i_mode)) {
1629 		size = ui->xattr_size;
1630 		size += stat->size;
1631 		size = ALIGN(size, UBIFS_BLOCK_SIZE);
1632 		/*
1633 		 * Note, user-space expects 512-byte blocks count irrespectively
1634 		 * of what was reported in @stat->size.
1635 		 */
1636 		stat->blocks = size >> 9;
1637 	} else
1638 		stat->blocks = 0;
1639 	mutex_unlock(&ui->ui_mutex);
1640 	return 0;
1641 }
1642 
1643 static int ubifs_dir_open(struct inode *dir, struct file *file)
1644 {
1645 	if (ubifs_crypt_is_encrypted(dir))
1646 		return fscrypt_get_encryption_info(dir) ? -EACCES : 0;
1647 
1648 	return 0;
1649 }
1650 
1651 const struct inode_operations ubifs_dir_inode_operations = {
1652 	.lookup      = ubifs_lookup,
1653 	.create      = ubifs_create,
1654 	.link        = ubifs_link,
1655 	.symlink     = ubifs_symlink,
1656 	.unlink      = ubifs_unlink,
1657 	.mkdir       = ubifs_mkdir,
1658 	.rmdir       = ubifs_rmdir,
1659 	.mknod       = ubifs_mknod,
1660 	.rename      = ubifs_rename,
1661 	.setattr     = ubifs_setattr,
1662 	.getattr     = ubifs_getattr,
1663 	.listxattr   = ubifs_listxattr,
1664 #ifdef CONFIG_UBIFS_ATIME_SUPPORT
1665 	.update_time = ubifs_update_time,
1666 #endif
1667 	.tmpfile     = ubifs_tmpfile,
1668 };
1669 
1670 const struct file_operations ubifs_dir_operations = {
1671 	.llseek         = generic_file_llseek,
1672 	.release        = ubifs_dir_release,
1673 	.read           = generic_read_dir,
1674 	.iterate_shared = ubifs_readdir,
1675 	.fsync          = ubifs_fsync,
1676 	.unlocked_ioctl = ubifs_ioctl,
1677 	.open		= ubifs_dir_open,
1678 #ifdef CONFIG_COMPAT
1679 	.compat_ioctl   = ubifs_compat_ioctl,
1680 #endif
1681 };
1682