xref: /openbmc/linux/fs/ubifs/dir.c (revision 89b15863)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* * This file is part of UBIFS.
3  *
4  * Copyright (C) 2006-2008 Nokia Corporation.
5  * Copyright (C) 2006, 2007 University of Szeged, Hungary
6  *
7  * Authors: Artem Bityutskiy (Битюцкий Артём)
8  *          Adrian Hunter
9  *          Zoltan Sogor
10  */
11 
12 /*
13  * This file implements directory operations.
14  *
15  * All FS operations in this file allocate budget before writing anything to the
16  * media. If they fail to allocate it, the error is returned. The only
17  * exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even
18  * if they unable to allocate the budget, because deletion %-ENOSPC failure is
19  * not what users are usually ready to get. UBIFS budgeting subsystem has some
20  * space reserved for these purposes.
21  *
22  * All operations in this file write all inodes which they change straight
23  * away, instead of marking them dirty. For example, 'ubifs_link()' changes
24  * @i_size of the parent inode and writes the parent inode together with the
25  * target inode. This was done to simplify file-system recovery which would
26  * otherwise be very difficult to do. The only exception is rename which marks
27  * the re-named inode dirty (because its @i_ctime is updated) but does not
28  * write it, but just marks it as dirty.
29  */
30 
31 #include "ubifs.h"
32 
33 /**
34  * inherit_flags - inherit flags of the parent inode.
35  * @dir: parent inode
36  * @mode: new inode mode flags
37  *
38  * This is a helper function for 'ubifs_new_inode()' which inherits flag of the
39  * parent directory inode @dir. UBIFS inodes inherit the following flags:
40  * o %UBIFS_COMPR_FL, which is useful to switch compression on/of on
41  *   sub-directory basis;
42  * o %UBIFS_SYNC_FL - useful for the same reasons;
43  * o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories.
44  *
45  * This function returns the inherited flags.
46  */
47 static int inherit_flags(const struct inode *dir, umode_t mode)
48 {
49 	int flags;
50 	const struct ubifs_inode *ui = ubifs_inode(dir);
51 
52 	if (!S_ISDIR(dir->i_mode))
53 		/*
54 		 * The parent is not a directory, which means that an extended
55 		 * attribute inode is being created. No flags.
56 		 */
57 		return 0;
58 
59 	flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL);
60 	if (!S_ISDIR(mode))
61 		/* The "DIRSYNC" flag only applies to directories */
62 		flags &= ~UBIFS_DIRSYNC_FL;
63 	return flags;
64 }
65 
66 /**
67  * ubifs_new_inode - allocate new UBIFS inode object.
68  * @c: UBIFS file-system description object
69  * @dir: parent directory inode
70  * @mode: inode mode flags
71  *
72  * This function finds an unused inode number, allocates new inode and
73  * initializes it. Returns new inode in case of success and an error code in
74  * case of failure.
75  */
76 struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
77 			      umode_t mode)
78 {
79 	int err;
80 	struct inode *inode;
81 	struct ubifs_inode *ui;
82 	bool encrypted = false;
83 
84 	inode = new_inode(c->vfs_sb);
85 	ui = ubifs_inode(inode);
86 	if (!inode)
87 		return ERR_PTR(-ENOMEM);
88 
89 	/*
90 	 * Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and
91 	 * marking them dirty in file write path (see 'file_update_time()').
92 	 * UBIFS has to fully control "clean <-> dirty" transitions of inodes
93 	 * to make budgeting work.
94 	 */
95 	inode->i_flags |= S_NOCMTIME;
96 
97 	inode_init_owner(inode, dir, mode);
98 	inode->i_mtime = inode->i_atime = inode->i_ctime =
99 			 current_time(inode);
100 	inode->i_mapping->nrpages = 0;
101 
102 	err = fscrypt_prepare_new_inode(dir, inode, &encrypted);
103 	if (err) {
104 		ubifs_err(c, "fscrypt_prepare_new_inode failed: %i", err);
105 		goto out_iput;
106 	}
107 
108 	switch (mode & S_IFMT) {
109 	case S_IFREG:
110 		inode->i_mapping->a_ops = &ubifs_file_address_operations;
111 		inode->i_op = &ubifs_file_inode_operations;
112 		inode->i_fop = &ubifs_file_operations;
113 		break;
114 	case S_IFDIR:
115 		inode->i_op  = &ubifs_dir_inode_operations;
116 		inode->i_fop = &ubifs_dir_operations;
117 		inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ;
118 		break;
119 	case S_IFLNK:
120 		inode->i_op = &ubifs_symlink_inode_operations;
121 		break;
122 	case S_IFSOCK:
123 	case S_IFIFO:
124 	case S_IFBLK:
125 	case S_IFCHR:
126 		inode->i_op  = &ubifs_file_inode_operations;
127 		break;
128 	default:
129 		BUG();
130 	}
131 
132 	ui->flags = inherit_flags(dir, mode);
133 	ubifs_set_inode_flags(inode);
134 	if (S_ISREG(mode))
135 		ui->compr_type = c->default_compr;
136 	else
137 		ui->compr_type = UBIFS_COMPR_NONE;
138 	ui->synced_i_size = 0;
139 
140 	spin_lock(&c->cnt_lock);
141 	/* Inode number overflow is currently not supported */
142 	if (c->highest_inum >= INUM_WARN_WATERMARK) {
143 		if (c->highest_inum >= INUM_WATERMARK) {
144 			spin_unlock(&c->cnt_lock);
145 			ubifs_err(c, "out of inode numbers");
146 			err = -EINVAL;
147 			goto out_iput;
148 		}
149 		ubifs_warn(c, "running out of inode numbers (current %lu, max %u)",
150 			   (unsigned long)c->highest_inum, INUM_WATERMARK);
151 	}
152 
153 	inode->i_ino = ++c->highest_inum;
154 	/*
155 	 * The creation sequence number remains with this inode for its
156 	 * lifetime. All nodes for this inode have a greater sequence number,
157 	 * and so it is possible to distinguish obsolete nodes belonging to a
158 	 * previous incarnation of the same inode number - for example, for the
159 	 * purpose of rebuilding the index.
160 	 */
161 	ui->creat_sqnum = ++c->max_sqnum;
162 	spin_unlock(&c->cnt_lock);
163 
164 	if (encrypted) {
165 		err = fscrypt_set_context(inode, NULL);
166 		if (err) {
167 			ubifs_err(c, "fscrypt_set_context failed: %i", err);
168 			goto out_iput;
169 		}
170 	}
171 
172 	return inode;
173 
174 out_iput:
175 	make_bad_inode(inode);
176 	iput(inode);
177 	return ERR_PTR(err);
178 }
179 
180 static int dbg_check_name(const struct ubifs_info *c,
181 			  const struct ubifs_dent_node *dent,
182 			  const struct fscrypt_name *nm)
183 {
184 	if (!dbg_is_chk_gen(c))
185 		return 0;
186 	if (le16_to_cpu(dent->nlen) != fname_len(nm))
187 		return -EINVAL;
188 	if (memcmp(dent->name, fname_name(nm), fname_len(nm)))
189 		return -EINVAL;
190 	return 0;
191 }
192 
193 static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
194 				   unsigned int flags)
195 {
196 	int err;
197 	union ubifs_key key;
198 	struct inode *inode = NULL;
199 	struct ubifs_dent_node *dent = NULL;
200 	struct ubifs_info *c = dir->i_sb->s_fs_info;
201 	struct fscrypt_name nm;
202 
203 	dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino);
204 
205 	err = fscrypt_prepare_lookup(dir, dentry, &nm);
206 	if (err == -ENOENT)
207 		return d_splice_alias(NULL, dentry);
208 	if (err)
209 		return ERR_PTR(err);
210 
211 	if (fname_len(&nm) > UBIFS_MAX_NLEN) {
212 		inode = ERR_PTR(-ENAMETOOLONG);
213 		goto done;
214 	}
215 
216 	dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
217 	if (!dent) {
218 		inode = ERR_PTR(-ENOMEM);
219 		goto done;
220 	}
221 
222 	if (fname_name(&nm) == NULL) {
223 		if (nm.hash & ~UBIFS_S_KEY_HASH_MASK)
224 			goto done; /* ENOENT */
225 		dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
226 		err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
227 	} else {
228 		dent_key_init(c, &key, dir->i_ino, &nm);
229 		err = ubifs_tnc_lookup_nm(c, &key, dent, &nm);
230 	}
231 
232 	if (err) {
233 		if (err == -ENOENT)
234 			dbg_gen("not found");
235 		else
236 			inode = ERR_PTR(err);
237 		goto done;
238 	}
239 
240 	if (dbg_check_name(c, dent, &nm)) {
241 		inode = ERR_PTR(-EINVAL);
242 		goto done;
243 	}
244 
245 	inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum));
246 	if (IS_ERR(inode)) {
247 		/*
248 		 * This should not happen. Probably the file-system needs
249 		 * checking.
250 		 */
251 		err = PTR_ERR(inode);
252 		ubifs_err(c, "dead directory entry '%pd', error %d",
253 			  dentry, err);
254 		ubifs_ro_mode(c, err);
255 		goto done;
256 	}
257 
258 	if (IS_ENCRYPTED(dir) &&
259 	    (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
260 	    !fscrypt_has_permitted_context(dir, inode)) {
261 		ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
262 			   dir->i_ino, inode->i_ino);
263 		iput(inode);
264 		inode = ERR_PTR(-EPERM);
265 	}
266 
267 done:
268 	kfree(dent);
269 	fscrypt_free_filename(&nm);
270 	return d_splice_alias(inode, dentry);
271 }
272 
273 static int ubifs_prepare_create(struct inode *dir, struct dentry *dentry,
274 				struct fscrypt_name *nm)
275 {
276 	if (fscrypt_is_nokey_name(dentry))
277 		return -ENOKEY;
278 
279 	return fscrypt_setup_filename(dir, &dentry->d_name, 0, nm);
280 }
281 
282 static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
283 			bool excl)
284 {
285 	struct inode *inode;
286 	struct ubifs_info *c = dir->i_sb->s_fs_info;
287 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
288 					.dirtied_ino = 1 };
289 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
290 	struct fscrypt_name nm;
291 	int err, sz_change;
292 
293 	/*
294 	 * Budget request settings: new inode, new direntry, changing the
295 	 * parent directory inode.
296 	 */
297 
298 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
299 		dentry, mode, dir->i_ino);
300 
301 	err = ubifs_budget_space(c, &req);
302 	if (err)
303 		return err;
304 
305 	err = ubifs_prepare_create(dir, dentry, &nm);
306 	if (err)
307 		goto out_budg;
308 
309 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
310 
311 	inode = ubifs_new_inode(c, dir, mode);
312 	if (IS_ERR(inode)) {
313 		err = PTR_ERR(inode);
314 		goto out_fname;
315 	}
316 
317 	err = ubifs_init_security(dir, inode, &dentry->d_name);
318 	if (err)
319 		goto out_inode;
320 
321 	mutex_lock(&dir_ui->ui_mutex);
322 	dir->i_size += sz_change;
323 	dir_ui->ui_size = dir->i_size;
324 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
325 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
326 	if (err)
327 		goto out_cancel;
328 	mutex_unlock(&dir_ui->ui_mutex);
329 
330 	ubifs_release_budget(c, &req);
331 	fscrypt_free_filename(&nm);
332 	insert_inode_hash(inode);
333 	d_instantiate(dentry, inode);
334 	return 0;
335 
336 out_cancel:
337 	dir->i_size -= sz_change;
338 	dir_ui->ui_size = dir->i_size;
339 	mutex_unlock(&dir_ui->ui_mutex);
340 out_inode:
341 	make_bad_inode(inode);
342 	iput(inode);
343 out_fname:
344 	fscrypt_free_filename(&nm);
345 out_budg:
346 	ubifs_release_budget(c, &req);
347 	ubifs_err(c, "cannot create regular file, error %d", err);
348 	return err;
349 }
350 
351 static int do_tmpfile(struct inode *dir, struct dentry *dentry,
352 		      umode_t mode, struct inode **whiteout)
353 {
354 	struct inode *inode;
355 	struct ubifs_info *c = dir->i_sb->s_fs_info;
356 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1};
357 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
358 	struct ubifs_inode *ui, *dir_ui = ubifs_inode(dir);
359 	int err, instantiated = 0;
360 	struct fscrypt_name nm;
361 
362 	/*
363 	 * Budget request settings: new dirty inode, new direntry,
364 	 * budget for dirtied inode will be released via writeback.
365 	 */
366 
367 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
368 		dentry, mode, dir->i_ino);
369 
370 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
371 	if (err)
372 		return err;
373 
374 	err = ubifs_budget_space(c, &req);
375 	if (err) {
376 		fscrypt_free_filename(&nm);
377 		return err;
378 	}
379 
380 	err = ubifs_budget_space(c, &ino_req);
381 	if (err) {
382 		ubifs_release_budget(c, &req);
383 		fscrypt_free_filename(&nm);
384 		return err;
385 	}
386 
387 	inode = ubifs_new_inode(c, dir, mode);
388 	if (IS_ERR(inode)) {
389 		err = PTR_ERR(inode);
390 		goto out_budg;
391 	}
392 	ui = ubifs_inode(inode);
393 
394 	if (whiteout) {
395 		init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
396 		ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations);
397 	}
398 
399 	err = ubifs_init_security(dir, inode, &dentry->d_name);
400 	if (err)
401 		goto out_inode;
402 
403 	mutex_lock(&ui->ui_mutex);
404 	insert_inode_hash(inode);
405 
406 	if (whiteout) {
407 		mark_inode_dirty(inode);
408 		drop_nlink(inode);
409 		*whiteout = inode;
410 	} else {
411 		d_tmpfile(dentry, inode);
412 	}
413 	ubifs_assert(c, ui->dirty);
414 
415 	instantiated = 1;
416 	mutex_unlock(&ui->ui_mutex);
417 
418 	mutex_lock(&dir_ui->ui_mutex);
419 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
420 	if (err)
421 		goto out_cancel;
422 	mutex_unlock(&dir_ui->ui_mutex);
423 
424 	ubifs_release_budget(c, &req);
425 
426 	return 0;
427 
428 out_cancel:
429 	mutex_unlock(&dir_ui->ui_mutex);
430 out_inode:
431 	make_bad_inode(inode);
432 	if (!instantiated)
433 		iput(inode);
434 out_budg:
435 	ubifs_release_budget(c, &req);
436 	if (!instantiated)
437 		ubifs_release_budget(c, &ino_req);
438 	fscrypt_free_filename(&nm);
439 	ubifs_err(c, "cannot create temporary file, error %d", err);
440 	return err;
441 }
442 
443 static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry,
444 			 umode_t mode)
445 {
446 	return do_tmpfile(dir, dentry, mode, NULL);
447 }
448 
449 /**
450  * vfs_dent_type - get VFS directory entry type.
451  * @type: UBIFS directory entry type
452  *
453  * This function converts UBIFS directory entry type into VFS directory entry
454  * type.
455  */
456 static unsigned int vfs_dent_type(uint8_t type)
457 {
458 	switch (type) {
459 	case UBIFS_ITYPE_REG:
460 		return DT_REG;
461 	case UBIFS_ITYPE_DIR:
462 		return DT_DIR;
463 	case UBIFS_ITYPE_LNK:
464 		return DT_LNK;
465 	case UBIFS_ITYPE_BLK:
466 		return DT_BLK;
467 	case UBIFS_ITYPE_CHR:
468 		return DT_CHR;
469 	case UBIFS_ITYPE_FIFO:
470 		return DT_FIFO;
471 	case UBIFS_ITYPE_SOCK:
472 		return DT_SOCK;
473 	default:
474 		BUG();
475 	}
476 	return 0;
477 }
478 
479 /*
480  * The classical Unix view for directory is that it is a linear array of
481  * (name, inode number) entries. Linux/VFS assumes this model as well.
482  * Particularly, 'readdir()' call wants us to return a directory entry offset
483  * which later may be used to continue 'readdir()'ing the directory or to
484  * 'seek()' to that specific direntry. Obviously UBIFS does not really fit this
485  * model because directory entries are identified by keys, which may collide.
486  *
487  * UBIFS uses directory entry hash value for directory offsets, so
488  * 'seekdir()'/'telldir()' may not always work because of possible key
489  * collisions. But UBIFS guarantees that consecutive 'readdir()' calls work
490  * properly by means of saving full directory entry name in the private field
491  * of the file description object.
492  *
493  * This means that UBIFS cannot support NFS which requires full
494  * 'seekdir()'/'telldir()' support.
495  */
496 static int ubifs_readdir(struct file *file, struct dir_context *ctx)
497 {
498 	int fstr_real_len = 0, err = 0;
499 	struct fscrypt_name nm;
500 	struct fscrypt_str fstr = {0};
501 	union ubifs_key key;
502 	struct ubifs_dent_node *dent;
503 	struct inode *dir = file_inode(file);
504 	struct ubifs_info *c = dir->i_sb->s_fs_info;
505 	bool encrypted = IS_ENCRYPTED(dir);
506 
507 	dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos);
508 
509 	if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2)
510 		/*
511 		 * The directory was seek'ed to a senseless position or there
512 		 * are no more entries.
513 		 */
514 		return 0;
515 
516 	if (encrypted) {
517 		err = fscrypt_prepare_readdir(dir);
518 		if (err)
519 			return err;
520 
521 		err = fscrypt_fname_alloc_buffer(UBIFS_MAX_NLEN, &fstr);
522 		if (err)
523 			return err;
524 
525 		fstr_real_len = fstr.len;
526 	}
527 
528 	if (file->f_version == 0) {
529 		/*
530 		 * The file was seek'ed, which means that @file->private_data
531 		 * is now invalid. This may also be just the first
532 		 * 'ubifs_readdir()' invocation, in which case
533 		 * @file->private_data is NULL, and the below code is
534 		 * basically a no-op.
535 		 */
536 		kfree(file->private_data);
537 		file->private_data = NULL;
538 	}
539 
540 	/*
541 	 * 'generic_file_llseek()' unconditionally sets @file->f_version to
542 	 * zero, and we use this for detecting whether the file was seek'ed.
543 	 */
544 	file->f_version = 1;
545 
546 	/* File positions 0 and 1 correspond to "." and ".." */
547 	if (ctx->pos < 2) {
548 		ubifs_assert(c, !file->private_data);
549 		if (!dir_emit_dots(file, ctx)) {
550 			if (encrypted)
551 				fscrypt_fname_free_buffer(&fstr);
552 			return 0;
553 		}
554 
555 		/* Find the first entry in TNC and save it */
556 		lowest_dent_key(c, &key, dir->i_ino);
557 		fname_len(&nm) = 0;
558 		dent = ubifs_tnc_next_ent(c, &key, &nm);
559 		if (IS_ERR(dent)) {
560 			err = PTR_ERR(dent);
561 			goto out;
562 		}
563 
564 		ctx->pos = key_hash_flash(c, &dent->key);
565 		file->private_data = dent;
566 	}
567 
568 	dent = file->private_data;
569 	if (!dent) {
570 		/*
571 		 * The directory was seek'ed to and is now readdir'ed.
572 		 * Find the entry corresponding to @ctx->pos or the closest one.
573 		 */
574 		dent_key_init_hash(c, &key, dir->i_ino, ctx->pos);
575 		fname_len(&nm) = 0;
576 		dent = ubifs_tnc_next_ent(c, &key, &nm);
577 		if (IS_ERR(dent)) {
578 			err = PTR_ERR(dent);
579 			goto out;
580 		}
581 		ctx->pos = key_hash_flash(c, &dent->key);
582 		file->private_data = dent;
583 	}
584 
585 	while (1) {
586 		dbg_gen("ino %llu, new f_pos %#x",
587 			(unsigned long long)le64_to_cpu(dent->inum),
588 			key_hash_flash(c, &dent->key));
589 		ubifs_assert(c, le64_to_cpu(dent->ch.sqnum) >
590 			     ubifs_inode(dir)->creat_sqnum);
591 
592 		fname_len(&nm) = le16_to_cpu(dent->nlen);
593 		fname_name(&nm) = dent->name;
594 
595 		if (encrypted) {
596 			fstr.len = fstr_real_len;
597 
598 			err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c,
599 							&dent->key),
600 							le32_to_cpu(dent->cookie),
601 							&nm.disk_name, &fstr);
602 			if (err)
603 				goto out;
604 		} else {
605 			fstr.len = fname_len(&nm);
606 			fstr.name = fname_name(&nm);
607 		}
608 
609 		if (!dir_emit(ctx, fstr.name, fstr.len,
610 			       le64_to_cpu(dent->inum),
611 			       vfs_dent_type(dent->type))) {
612 			if (encrypted)
613 				fscrypt_fname_free_buffer(&fstr);
614 			return 0;
615 		}
616 
617 		/* Switch to the next entry */
618 		key_read(c, &dent->key, &key);
619 		dent = ubifs_tnc_next_ent(c, &key, &nm);
620 		if (IS_ERR(dent)) {
621 			err = PTR_ERR(dent);
622 			goto out;
623 		}
624 
625 		kfree(file->private_data);
626 		ctx->pos = key_hash_flash(c, &dent->key);
627 		file->private_data = dent;
628 		cond_resched();
629 	}
630 
631 out:
632 	kfree(file->private_data);
633 	file->private_data = NULL;
634 
635 	if (encrypted)
636 		fscrypt_fname_free_buffer(&fstr);
637 
638 	if (err != -ENOENT)
639 		ubifs_err(c, "cannot find next direntry, error %d", err);
640 	else
641 		/*
642 		 * -ENOENT is a non-fatal error in this context, the TNC uses
643 		 * it to indicate that the cursor moved past the current directory
644 		 * and readdir() has to stop.
645 		 */
646 		err = 0;
647 
648 
649 	/* 2 is a special value indicating that there are no more direntries */
650 	ctx->pos = 2;
651 	return err;
652 }
653 
654 /* Free saved readdir() state when the directory is closed */
655 static int ubifs_dir_release(struct inode *dir, struct file *file)
656 {
657 	kfree(file->private_data);
658 	file->private_data = NULL;
659 	return 0;
660 }
661 
662 /**
663  * lock_2_inodes - a wrapper for locking two UBIFS inodes.
664  * @inode1: first inode
665  * @inode2: second inode
666  *
667  * We do not implement any tricks to guarantee strict lock ordering, because
668  * VFS has already done it for us on the @i_mutex. So this is just a simple
669  * wrapper function.
670  */
671 static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
672 {
673 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
674 	mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
675 }
676 
677 /**
678  * unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
679  * @inode1: first inode
680  * @inode2: second inode
681  */
682 static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
683 {
684 	mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
685 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
686 }
687 
688 static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
689 		      struct dentry *dentry)
690 {
691 	struct ubifs_info *c = dir->i_sb->s_fs_info;
692 	struct inode *inode = d_inode(old_dentry);
693 	struct ubifs_inode *ui = ubifs_inode(inode);
694 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
695 	int err, sz_change = CALC_DENT_SIZE(dentry->d_name.len);
696 	struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2,
697 				.dirtied_ino_d = ALIGN(ui->data_len, 8) };
698 	struct fscrypt_name nm;
699 
700 	/*
701 	 * Budget request settings: new direntry, changing the target inode,
702 	 * changing the parent inode.
703 	 */
704 
705 	dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu",
706 		dentry, inode->i_ino,
707 		inode->i_nlink, dir->i_ino);
708 	ubifs_assert(c, inode_is_locked(dir));
709 	ubifs_assert(c, inode_is_locked(inode));
710 
711 	err = fscrypt_prepare_link(old_dentry, dir, dentry);
712 	if (err)
713 		return err;
714 
715 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
716 	if (err)
717 		return err;
718 
719 	err = dbg_check_synced_i_size(c, inode);
720 	if (err)
721 		goto out_fname;
722 
723 	err = ubifs_budget_space(c, &req);
724 	if (err)
725 		goto out_fname;
726 
727 	lock_2_inodes(dir, inode);
728 
729 	/* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
730 	if (inode->i_nlink == 0)
731 		ubifs_delete_orphan(c, inode->i_ino);
732 
733 	inc_nlink(inode);
734 	ihold(inode);
735 	inode->i_ctime = current_time(inode);
736 	dir->i_size += sz_change;
737 	dir_ui->ui_size = dir->i_size;
738 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
739 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
740 	if (err)
741 		goto out_cancel;
742 	unlock_2_inodes(dir, inode);
743 
744 	ubifs_release_budget(c, &req);
745 	d_instantiate(dentry, inode);
746 	fscrypt_free_filename(&nm);
747 	return 0;
748 
749 out_cancel:
750 	dir->i_size -= sz_change;
751 	dir_ui->ui_size = dir->i_size;
752 	drop_nlink(inode);
753 	if (inode->i_nlink == 0)
754 		ubifs_add_orphan(c, inode->i_ino);
755 	unlock_2_inodes(dir, inode);
756 	ubifs_release_budget(c, &req);
757 	iput(inode);
758 out_fname:
759 	fscrypt_free_filename(&nm);
760 	return err;
761 }
762 
763 static int ubifs_unlink(struct inode *dir, struct dentry *dentry)
764 {
765 	struct ubifs_info *c = dir->i_sb->s_fs_info;
766 	struct inode *inode = d_inode(dentry);
767 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
768 	int err, sz_change, budgeted = 1;
769 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
770 	unsigned int saved_nlink = inode->i_nlink;
771 	struct fscrypt_name nm;
772 
773 	/*
774 	 * Budget request settings: deletion direntry, deletion inode (+1 for
775 	 * @dirtied_ino), changing the parent directory inode. If budgeting
776 	 * fails, go ahead anyway because we have extra space reserved for
777 	 * deletions.
778 	 */
779 
780 	dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu",
781 		dentry, inode->i_ino,
782 		inode->i_nlink, dir->i_ino);
783 
784 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
785 	if (err)
786 		return err;
787 
788 	err = ubifs_purge_xattrs(inode);
789 	if (err)
790 		return err;
791 
792 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
793 
794 	ubifs_assert(c, inode_is_locked(dir));
795 	ubifs_assert(c, inode_is_locked(inode));
796 	err = dbg_check_synced_i_size(c, inode);
797 	if (err)
798 		goto out_fname;
799 
800 	err = ubifs_budget_space(c, &req);
801 	if (err) {
802 		if (err != -ENOSPC)
803 			goto out_fname;
804 		budgeted = 0;
805 	}
806 
807 	lock_2_inodes(dir, inode);
808 	inode->i_ctime = current_time(dir);
809 	drop_nlink(inode);
810 	dir->i_size -= sz_change;
811 	dir_ui->ui_size = dir->i_size;
812 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
813 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
814 	if (err)
815 		goto out_cancel;
816 	unlock_2_inodes(dir, inode);
817 
818 	if (budgeted)
819 		ubifs_release_budget(c, &req);
820 	else {
821 		/* We've deleted something - clean the "no space" flags */
822 		c->bi.nospace = c->bi.nospace_rp = 0;
823 		smp_wmb();
824 	}
825 	fscrypt_free_filename(&nm);
826 	return 0;
827 
828 out_cancel:
829 	dir->i_size += sz_change;
830 	dir_ui->ui_size = dir->i_size;
831 	set_nlink(inode, saved_nlink);
832 	unlock_2_inodes(dir, inode);
833 	if (budgeted)
834 		ubifs_release_budget(c, &req);
835 out_fname:
836 	fscrypt_free_filename(&nm);
837 	return err;
838 }
839 
840 /**
841  * check_dir_empty - check if a directory is empty or not.
842  * @dir: VFS inode object of the directory to check
843  *
844  * This function checks if directory @dir is empty. Returns zero if the
845  * directory is empty, %-ENOTEMPTY if it is not, and other negative error codes
846  * in case of of errors.
847  */
848 int ubifs_check_dir_empty(struct inode *dir)
849 {
850 	struct ubifs_info *c = dir->i_sb->s_fs_info;
851 	struct fscrypt_name nm = { 0 };
852 	struct ubifs_dent_node *dent;
853 	union ubifs_key key;
854 	int err;
855 
856 	lowest_dent_key(c, &key, dir->i_ino);
857 	dent = ubifs_tnc_next_ent(c, &key, &nm);
858 	if (IS_ERR(dent)) {
859 		err = PTR_ERR(dent);
860 		if (err == -ENOENT)
861 			err = 0;
862 	} else {
863 		kfree(dent);
864 		err = -ENOTEMPTY;
865 	}
866 	return err;
867 }
868 
869 static int ubifs_rmdir(struct inode *dir, struct dentry *dentry)
870 {
871 	struct ubifs_info *c = dir->i_sb->s_fs_info;
872 	struct inode *inode = d_inode(dentry);
873 	int err, sz_change, budgeted = 1;
874 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
875 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
876 	struct fscrypt_name nm;
877 
878 	/*
879 	 * Budget request settings: deletion direntry, deletion inode and
880 	 * changing the parent inode. If budgeting fails, go ahead anyway
881 	 * because we have extra space reserved for deletions.
882 	 */
883 
884 	dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry,
885 		inode->i_ino, dir->i_ino);
886 	ubifs_assert(c, inode_is_locked(dir));
887 	ubifs_assert(c, inode_is_locked(inode));
888 	err = ubifs_check_dir_empty(d_inode(dentry));
889 	if (err)
890 		return err;
891 
892 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
893 	if (err)
894 		return err;
895 
896 	err = ubifs_purge_xattrs(inode);
897 	if (err)
898 		return err;
899 
900 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
901 
902 	err = ubifs_budget_space(c, &req);
903 	if (err) {
904 		if (err != -ENOSPC)
905 			goto out_fname;
906 		budgeted = 0;
907 	}
908 
909 	lock_2_inodes(dir, inode);
910 	inode->i_ctime = current_time(dir);
911 	clear_nlink(inode);
912 	drop_nlink(dir);
913 	dir->i_size -= sz_change;
914 	dir_ui->ui_size = dir->i_size;
915 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
916 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
917 	if (err)
918 		goto out_cancel;
919 	unlock_2_inodes(dir, inode);
920 
921 	if (budgeted)
922 		ubifs_release_budget(c, &req);
923 	else {
924 		/* We've deleted something - clean the "no space" flags */
925 		c->bi.nospace = c->bi.nospace_rp = 0;
926 		smp_wmb();
927 	}
928 	fscrypt_free_filename(&nm);
929 	return 0;
930 
931 out_cancel:
932 	dir->i_size += sz_change;
933 	dir_ui->ui_size = dir->i_size;
934 	inc_nlink(dir);
935 	set_nlink(inode, 2);
936 	unlock_2_inodes(dir, inode);
937 	if (budgeted)
938 		ubifs_release_budget(c, &req);
939 out_fname:
940 	fscrypt_free_filename(&nm);
941 	return err;
942 }
943 
944 static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
945 {
946 	struct inode *inode;
947 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
948 	struct ubifs_info *c = dir->i_sb->s_fs_info;
949 	int err, sz_change;
950 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1 };
951 	struct fscrypt_name nm;
952 
953 	/*
954 	 * Budget request settings: new inode, new direntry and changing parent
955 	 * directory inode.
956 	 */
957 
958 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
959 		dentry, mode, dir->i_ino);
960 
961 	err = ubifs_budget_space(c, &req);
962 	if (err)
963 		return err;
964 
965 	err = ubifs_prepare_create(dir, dentry, &nm);
966 	if (err)
967 		goto out_budg;
968 
969 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
970 
971 	inode = ubifs_new_inode(c, dir, S_IFDIR | mode);
972 	if (IS_ERR(inode)) {
973 		err = PTR_ERR(inode);
974 		goto out_fname;
975 	}
976 
977 	err = ubifs_init_security(dir, inode, &dentry->d_name);
978 	if (err)
979 		goto out_inode;
980 
981 	mutex_lock(&dir_ui->ui_mutex);
982 	insert_inode_hash(inode);
983 	inc_nlink(inode);
984 	inc_nlink(dir);
985 	dir->i_size += sz_change;
986 	dir_ui->ui_size = dir->i_size;
987 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
988 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
989 	if (err) {
990 		ubifs_err(c, "cannot create directory, error %d", err);
991 		goto out_cancel;
992 	}
993 	mutex_unlock(&dir_ui->ui_mutex);
994 
995 	ubifs_release_budget(c, &req);
996 	d_instantiate(dentry, inode);
997 	fscrypt_free_filename(&nm);
998 	return 0;
999 
1000 out_cancel:
1001 	dir->i_size -= sz_change;
1002 	dir_ui->ui_size = dir->i_size;
1003 	drop_nlink(dir);
1004 	mutex_unlock(&dir_ui->ui_mutex);
1005 out_inode:
1006 	make_bad_inode(inode);
1007 	iput(inode);
1008 out_fname:
1009 	fscrypt_free_filename(&nm);
1010 out_budg:
1011 	ubifs_release_budget(c, &req);
1012 	return err;
1013 }
1014 
1015 static int ubifs_mknod(struct inode *dir, struct dentry *dentry,
1016 		       umode_t mode, dev_t rdev)
1017 {
1018 	struct inode *inode;
1019 	struct ubifs_inode *ui;
1020 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1021 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1022 	union ubifs_dev_desc *dev = NULL;
1023 	int sz_change;
1024 	int err, devlen = 0;
1025 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1026 					.dirtied_ino = 1 };
1027 	struct fscrypt_name nm;
1028 
1029 	/*
1030 	 * Budget request settings: new inode, new direntry and changing parent
1031 	 * directory inode.
1032 	 */
1033 
1034 	dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino);
1035 
1036 	if (S_ISBLK(mode) || S_ISCHR(mode)) {
1037 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1038 		if (!dev)
1039 			return -ENOMEM;
1040 		devlen = ubifs_encode_dev(dev, rdev);
1041 	}
1042 
1043 	req.new_ino_d = ALIGN(devlen, 8);
1044 	err = ubifs_budget_space(c, &req);
1045 	if (err) {
1046 		kfree(dev);
1047 		return err;
1048 	}
1049 
1050 	err = ubifs_prepare_create(dir, dentry, &nm);
1051 	if (err) {
1052 		kfree(dev);
1053 		goto out_budg;
1054 	}
1055 
1056 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1057 
1058 	inode = ubifs_new_inode(c, dir, mode);
1059 	if (IS_ERR(inode)) {
1060 		kfree(dev);
1061 		err = PTR_ERR(inode);
1062 		goto out_fname;
1063 	}
1064 
1065 	init_special_inode(inode, inode->i_mode, rdev);
1066 	inode->i_size = ubifs_inode(inode)->ui_size = devlen;
1067 	ui = ubifs_inode(inode);
1068 	ui->data = dev;
1069 	ui->data_len = devlen;
1070 
1071 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1072 	if (err)
1073 		goto out_inode;
1074 
1075 	mutex_lock(&dir_ui->ui_mutex);
1076 	dir->i_size += sz_change;
1077 	dir_ui->ui_size = dir->i_size;
1078 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1079 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1080 	if (err)
1081 		goto out_cancel;
1082 	mutex_unlock(&dir_ui->ui_mutex);
1083 
1084 	ubifs_release_budget(c, &req);
1085 	insert_inode_hash(inode);
1086 	d_instantiate(dentry, inode);
1087 	fscrypt_free_filename(&nm);
1088 	return 0;
1089 
1090 out_cancel:
1091 	dir->i_size -= sz_change;
1092 	dir_ui->ui_size = dir->i_size;
1093 	mutex_unlock(&dir_ui->ui_mutex);
1094 out_inode:
1095 	make_bad_inode(inode);
1096 	iput(inode);
1097 out_fname:
1098 	fscrypt_free_filename(&nm);
1099 out_budg:
1100 	ubifs_release_budget(c, &req);
1101 	return err;
1102 }
1103 
1104 static int ubifs_symlink(struct inode *dir, struct dentry *dentry,
1105 			 const char *symname)
1106 {
1107 	struct inode *inode;
1108 	struct ubifs_inode *ui;
1109 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1110 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1111 	int err, sz_change, len = strlen(symname);
1112 	struct fscrypt_str disk_link;
1113 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1114 					.new_ino_d = ALIGN(len, 8),
1115 					.dirtied_ino = 1 };
1116 	struct fscrypt_name nm;
1117 
1118 	dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry,
1119 		symname, dir->i_ino);
1120 
1121 	err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA,
1122 				      &disk_link);
1123 	if (err)
1124 		return err;
1125 
1126 	/*
1127 	 * Budget request settings: new inode, new direntry and changing parent
1128 	 * directory inode.
1129 	 */
1130 	err = ubifs_budget_space(c, &req);
1131 	if (err)
1132 		return err;
1133 
1134 	err = ubifs_prepare_create(dir, dentry, &nm);
1135 	if (err)
1136 		goto out_budg;
1137 
1138 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1139 
1140 	inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO);
1141 	if (IS_ERR(inode)) {
1142 		err = PTR_ERR(inode);
1143 		goto out_fname;
1144 	}
1145 
1146 	ui = ubifs_inode(inode);
1147 	ui->data = kmalloc(disk_link.len, GFP_NOFS);
1148 	if (!ui->data) {
1149 		err = -ENOMEM;
1150 		goto out_inode;
1151 	}
1152 
1153 	if (IS_ENCRYPTED(inode)) {
1154 		disk_link.name = ui->data; /* encrypt directly into ui->data */
1155 		err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link);
1156 		if (err)
1157 			goto out_inode;
1158 	} else {
1159 		memcpy(ui->data, disk_link.name, disk_link.len);
1160 		inode->i_link = ui->data;
1161 	}
1162 
1163 	/*
1164 	 * The terminating zero byte is not written to the flash media and it
1165 	 * is put just to make later in-memory string processing simpler. Thus,
1166 	 * data length is @disk_link.len - 1, not @disk_link.len.
1167 	 */
1168 	ui->data_len = disk_link.len - 1;
1169 	inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
1170 
1171 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1172 	if (err)
1173 		goto out_inode;
1174 
1175 	mutex_lock(&dir_ui->ui_mutex);
1176 	dir->i_size += sz_change;
1177 	dir_ui->ui_size = dir->i_size;
1178 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1179 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1180 	if (err)
1181 		goto out_cancel;
1182 	mutex_unlock(&dir_ui->ui_mutex);
1183 
1184 	insert_inode_hash(inode);
1185 	d_instantiate(dentry, inode);
1186 	err = 0;
1187 	goto out_fname;
1188 
1189 out_cancel:
1190 	dir->i_size -= sz_change;
1191 	dir_ui->ui_size = dir->i_size;
1192 	mutex_unlock(&dir_ui->ui_mutex);
1193 out_inode:
1194 	make_bad_inode(inode);
1195 	iput(inode);
1196 out_fname:
1197 	fscrypt_free_filename(&nm);
1198 out_budg:
1199 	ubifs_release_budget(c, &req);
1200 	return err;
1201 }
1202 
1203 /**
1204  * lock_4_inodes - a wrapper for locking three UBIFS inodes.
1205  * @inode1: first inode
1206  * @inode2: second inode
1207  * @inode3: third inode
1208  * @inode4: fouth inode
1209  *
1210  * This function is used for 'ubifs_rename()' and @inode1 may be the same as
1211  * @inode2 whereas @inode3 and @inode4 may be %NULL.
1212  *
1213  * We do not implement any tricks to guarantee strict lock ordering, because
1214  * VFS has already done it for us on the @i_mutex. So this is just a simple
1215  * wrapper function.
1216  */
1217 static void lock_4_inodes(struct inode *inode1, struct inode *inode2,
1218 			  struct inode *inode3, struct inode *inode4)
1219 {
1220 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
1221 	if (inode2 != inode1)
1222 		mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
1223 	if (inode3)
1224 		mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3);
1225 	if (inode4)
1226 		mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4);
1227 }
1228 
1229 /**
1230  * unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename.
1231  * @inode1: first inode
1232  * @inode2: second inode
1233  * @inode3: third inode
1234  * @inode4: fouth inode
1235  */
1236 static void unlock_4_inodes(struct inode *inode1, struct inode *inode2,
1237 			    struct inode *inode3, struct inode *inode4)
1238 {
1239 	if (inode4)
1240 		mutex_unlock(&ubifs_inode(inode4)->ui_mutex);
1241 	if (inode3)
1242 		mutex_unlock(&ubifs_inode(inode3)->ui_mutex);
1243 	if (inode1 != inode2)
1244 		mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
1245 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
1246 }
1247 
1248 static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
1249 		     struct inode *new_dir, struct dentry *new_dentry,
1250 		     unsigned int flags)
1251 {
1252 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1253 	struct inode *old_inode = d_inode(old_dentry);
1254 	struct inode *new_inode = d_inode(new_dentry);
1255 	struct inode *whiteout = NULL;
1256 	struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode);
1257 	struct ubifs_inode *whiteout_ui = NULL;
1258 	int err, release, sync = 0, move = (new_dir != old_dir);
1259 	int is_dir = S_ISDIR(old_inode->i_mode);
1260 	int unlink = !!new_inode, new_sz, old_sz;
1261 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1262 					.dirtied_ino = 3 };
1263 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
1264 			.dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
1265 	struct timespec64 time;
1266 	unsigned int saved_nlink;
1267 	struct fscrypt_name old_nm, new_nm;
1268 
1269 	/*
1270 	 * Budget request settings: deletion direntry, new direntry, removing
1271 	 * the old inode, and changing old and new parent directory inodes.
1272 	 *
1273 	 * However, this operation also marks the target inode as dirty and
1274 	 * does not write it, so we allocate budget for the target inode
1275 	 * separately.
1276 	 */
1277 
1278 	dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
1279 		old_dentry, old_inode->i_ino, old_dir->i_ino,
1280 		new_dentry, new_dir->i_ino, flags);
1281 
1282 	if (unlink) {
1283 		ubifs_assert(c, inode_is_locked(new_inode));
1284 
1285 		err = ubifs_purge_xattrs(new_inode);
1286 		if (err)
1287 			return err;
1288 	}
1289 
1290 	if (unlink && is_dir) {
1291 		err = ubifs_check_dir_empty(new_inode);
1292 		if (err)
1293 			return err;
1294 	}
1295 
1296 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm);
1297 	if (err)
1298 		return err;
1299 
1300 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm);
1301 	if (err) {
1302 		fscrypt_free_filename(&old_nm);
1303 		return err;
1304 	}
1305 
1306 	new_sz = CALC_DENT_SIZE(fname_len(&new_nm));
1307 	old_sz = CALC_DENT_SIZE(fname_len(&old_nm));
1308 
1309 	err = ubifs_budget_space(c, &req);
1310 	if (err) {
1311 		fscrypt_free_filename(&old_nm);
1312 		fscrypt_free_filename(&new_nm);
1313 		return err;
1314 	}
1315 	err = ubifs_budget_space(c, &ino_req);
1316 	if (err) {
1317 		fscrypt_free_filename(&old_nm);
1318 		fscrypt_free_filename(&new_nm);
1319 		ubifs_release_budget(c, &req);
1320 		return err;
1321 	}
1322 
1323 	if (flags & RENAME_WHITEOUT) {
1324 		union ubifs_dev_desc *dev = NULL;
1325 
1326 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1327 		if (!dev) {
1328 			err = -ENOMEM;
1329 			goto out_release;
1330 		}
1331 
1332 		err = do_tmpfile(old_dir, old_dentry, S_IFCHR | WHITEOUT_MODE, &whiteout);
1333 		if (err) {
1334 			kfree(dev);
1335 			goto out_release;
1336 		}
1337 
1338 		whiteout->i_state |= I_LINKABLE;
1339 		whiteout_ui = ubifs_inode(whiteout);
1340 		whiteout_ui->data = dev;
1341 		whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
1342 		ubifs_assert(c, !whiteout_ui->dirty);
1343 	}
1344 
1345 	lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1346 
1347 	/*
1348 	 * Like most other Unix systems, set the @i_ctime for inodes on a
1349 	 * rename.
1350 	 */
1351 	time = current_time(old_dir);
1352 	old_inode->i_ctime = time;
1353 
1354 	/* We must adjust parent link count when renaming directories */
1355 	if (is_dir) {
1356 		if (move) {
1357 			/*
1358 			 * @old_dir loses a link because we are moving
1359 			 * @old_inode to a different directory.
1360 			 */
1361 			drop_nlink(old_dir);
1362 			/*
1363 			 * @new_dir only gains a link if we are not also
1364 			 * overwriting an existing directory.
1365 			 */
1366 			if (!unlink)
1367 				inc_nlink(new_dir);
1368 		} else {
1369 			/*
1370 			 * @old_inode is not moving to a different directory,
1371 			 * but @old_dir still loses a link if we are
1372 			 * overwriting an existing directory.
1373 			 */
1374 			if (unlink)
1375 				drop_nlink(old_dir);
1376 		}
1377 	}
1378 
1379 	old_dir->i_size -= old_sz;
1380 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1381 	old_dir->i_mtime = old_dir->i_ctime = time;
1382 	new_dir->i_mtime = new_dir->i_ctime = time;
1383 
1384 	/*
1385 	 * And finally, if we unlinked a direntry which happened to have the
1386 	 * same name as the moved direntry, we have to decrement @i_nlink of
1387 	 * the unlinked inode and change its ctime.
1388 	 */
1389 	if (unlink) {
1390 		/*
1391 		 * Directories cannot have hard-links, so if this is a
1392 		 * directory, just clear @i_nlink.
1393 		 */
1394 		saved_nlink = new_inode->i_nlink;
1395 		if (is_dir)
1396 			clear_nlink(new_inode);
1397 		else
1398 			drop_nlink(new_inode);
1399 		new_inode->i_ctime = time;
1400 	} else {
1401 		new_dir->i_size += new_sz;
1402 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1403 	}
1404 
1405 	/*
1406 	 * Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode
1407 	 * is dirty, because this will be done later on at the end of
1408 	 * 'ubifs_rename()'.
1409 	 */
1410 	if (IS_SYNC(old_inode)) {
1411 		sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1412 		if (unlink && IS_SYNC(new_inode))
1413 			sync = 1;
1414 	}
1415 
1416 	if (whiteout) {
1417 		struct ubifs_budget_req wht_req = { .dirtied_ino = 1,
1418 				.dirtied_ino_d = \
1419 				ALIGN(ubifs_inode(whiteout)->data_len, 8) };
1420 
1421 		err = ubifs_budget_space(c, &wht_req);
1422 		if (err) {
1423 			kfree(whiteout_ui->data);
1424 			whiteout_ui->data_len = 0;
1425 			iput(whiteout);
1426 			goto out_release;
1427 		}
1428 
1429 		inc_nlink(whiteout);
1430 		mark_inode_dirty(whiteout);
1431 		whiteout->i_state &= ~I_LINKABLE;
1432 		iput(whiteout);
1433 	}
1434 
1435 	err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
1436 			       new_inode, &new_nm, whiteout, sync);
1437 	if (err)
1438 		goto out_cancel;
1439 
1440 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1441 	ubifs_release_budget(c, &req);
1442 
1443 	mutex_lock(&old_inode_ui->ui_mutex);
1444 	release = old_inode_ui->dirty;
1445 	mark_inode_dirty_sync(old_inode);
1446 	mutex_unlock(&old_inode_ui->ui_mutex);
1447 
1448 	if (release)
1449 		ubifs_release_budget(c, &ino_req);
1450 	if (IS_SYNC(old_inode))
1451 		err = old_inode->i_sb->s_op->write_inode(old_inode, NULL);
1452 
1453 	fscrypt_free_filename(&old_nm);
1454 	fscrypt_free_filename(&new_nm);
1455 	return err;
1456 
1457 out_cancel:
1458 	if (unlink) {
1459 		set_nlink(new_inode, saved_nlink);
1460 	} else {
1461 		new_dir->i_size -= new_sz;
1462 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1463 	}
1464 	old_dir->i_size += old_sz;
1465 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1466 	if (is_dir) {
1467 		if (move) {
1468 			inc_nlink(old_dir);
1469 			if (!unlink)
1470 				drop_nlink(new_dir);
1471 		} else {
1472 			if (unlink)
1473 				inc_nlink(old_dir);
1474 		}
1475 	}
1476 	if (whiteout) {
1477 		drop_nlink(whiteout);
1478 		iput(whiteout);
1479 	}
1480 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1481 out_release:
1482 	ubifs_release_budget(c, &ino_req);
1483 	ubifs_release_budget(c, &req);
1484 	fscrypt_free_filename(&old_nm);
1485 	fscrypt_free_filename(&new_nm);
1486 	return err;
1487 }
1488 
1489 static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry,
1490 			struct inode *new_dir, struct dentry *new_dentry)
1491 {
1492 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1493 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1494 				.dirtied_ino = 2 };
1495 	int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1496 	struct inode *fst_inode = d_inode(old_dentry);
1497 	struct inode *snd_inode = d_inode(new_dentry);
1498 	struct timespec64 time;
1499 	int err;
1500 	struct fscrypt_name fst_nm, snd_nm;
1501 
1502 	ubifs_assert(c, fst_inode && snd_inode);
1503 
1504 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm);
1505 	if (err)
1506 		return err;
1507 
1508 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm);
1509 	if (err) {
1510 		fscrypt_free_filename(&fst_nm);
1511 		return err;
1512 	}
1513 
1514 	lock_4_inodes(old_dir, new_dir, NULL, NULL);
1515 
1516 	time = current_time(old_dir);
1517 	fst_inode->i_ctime = time;
1518 	snd_inode->i_ctime = time;
1519 	old_dir->i_mtime = old_dir->i_ctime = time;
1520 	new_dir->i_mtime = new_dir->i_ctime = time;
1521 
1522 	if (old_dir != new_dir) {
1523 		if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) {
1524 			inc_nlink(new_dir);
1525 			drop_nlink(old_dir);
1526 		}
1527 		else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) {
1528 			drop_nlink(new_dir);
1529 			inc_nlink(old_dir);
1530 		}
1531 	}
1532 
1533 	err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir,
1534 				snd_inode, &snd_nm, sync);
1535 
1536 	unlock_4_inodes(old_dir, new_dir, NULL, NULL);
1537 	ubifs_release_budget(c, &req);
1538 
1539 	fscrypt_free_filename(&fst_nm);
1540 	fscrypt_free_filename(&snd_nm);
1541 	return err;
1542 }
1543 
1544 static int ubifs_rename(struct inode *old_dir, struct dentry *old_dentry,
1545 			struct inode *new_dir, struct dentry *new_dentry,
1546 			unsigned int flags)
1547 {
1548 	int err;
1549 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1550 
1551 	if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE))
1552 		return -EINVAL;
1553 
1554 	ubifs_assert(c, inode_is_locked(old_dir));
1555 	ubifs_assert(c, inode_is_locked(new_dir));
1556 
1557 	err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
1558 				     flags);
1559 	if (err)
1560 		return err;
1561 
1562 	if (flags & RENAME_EXCHANGE)
1563 		return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry);
1564 
1565 	return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
1566 }
1567 
1568 int ubifs_getattr(const struct path *path, struct kstat *stat,
1569 		  u32 request_mask, unsigned int flags)
1570 {
1571 	loff_t size;
1572 	struct inode *inode = d_inode(path->dentry);
1573 	struct ubifs_inode *ui = ubifs_inode(inode);
1574 
1575 	mutex_lock(&ui->ui_mutex);
1576 
1577 	if (ui->flags & UBIFS_APPEND_FL)
1578 		stat->attributes |= STATX_ATTR_APPEND;
1579 	if (ui->flags & UBIFS_COMPR_FL)
1580 		stat->attributes |= STATX_ATTR_COMPRESSED;
1581 	if (ui->flags & UBIFS_CRYPT_FL)
1582 		stat->attributes |= STATX_ATTR_ENCRYPTED;
1583 	if (ui->flags & UBIFS_IMMUTABLE_FL)
1584 		stat->attributes |= STATX_ATTR_IMMUTABLE;
1585 
1586 	stat->attributes_mask |= (STATX_ATTR_APPEND |
1587 				STATX_ATTR_COMPRESSED |
1588 				STATX_ATTR_ENCRYPTED |
1589 				STATX_ATTR_IMMUTABLE);
1590 
1591 	generic_fillattr(inode, stat);
1592 	stat->blksize = UBIFS_BLOCK_SIZE;
1593 	stat->size = ui->ui_size;
1594 
1595 	/*
1596 	 * Unfortunately, the 'stat()' system call was designed for block
1597 	 * device based file systems, and it is not appropriate for UBIFS,
1598 	 * because UBIFS does not have notion of "block". For example, it is
1599 	 * difficult to tell how many block a directory takes - it actually
1600 	 * takes less than 300 bytes, but we have to round it to block size,
1601 	 * which introduces large mistake. This makes utilities like 'du' to
1602 	 * report completely senseless numbers. This is the reason why UBIFS
1603 	 * goes the same way as JFFS2 - it reports zero blocks for everything
1604 	 * but regular files, which makes more sense than reporting completely
1605 	 * wrong sizes.
1606 	 */
1607 	if (S_ISREG(inode->i_mode)) {
1608 		size = ui->xattr_size;
1609 		size += stat->size;
1610 		size = ALIGN(size, UBIFS_BLOCK_SIZE);
1611 		/*
1612 		 * Note, user-space expects 512-byte blocks count irrespectively
1613 		 * of what was reported in @stat->size.
1614 		 */
1615 		stat->blocks = size >> 9;
1616 	} else
1617 		stat->blocks = 0;
1618 	mutex_unlock(&ui->ui_mutex);
1619 	return 0;
1620 }
1621 
1622 const struct inode_operations ubifs_dir_inode_operations = {
1623 	.lookup      = ubifs_lookup,
1624 	.create      = ubifs_create,
1625 	.link        = ubifs_link,
1626 	.symlink     = ubifs_symlink,
1627 	.unlink      = ubifs_unlink,
1628 	.mkdir       = ubifs_mkdir,
1629 	.rmdir       = ubifs_rmdir,
1630 	.mknod       = ubifs_mknod,
1631 	.rename      = ubifs_rename,
1632 	.setattr     = ubifs_setattr,
1633 	.getattr     = ubifs_getattr,
1634 #ifdef CONFIG_UBIFS_FS_XATTR
1635 	.listxattr   = ubifs_listxattr,
1636 #endif
1637 	.update_time = ubifs_update_time,
1638 	.tmpfile     = ubifs_tmpfile,
1639 };
1640 
1641 const struct file_operations ubifs_dir_operations = {
1642 	.llseek         = generic_file_llseek,
1643 	.release        = ubifs_dir_release,
1644 	.read           = generic_read_dir,
1645 	.iterate_shared = ubifs_readdir,
1646 	.fsync          = ubifs_fsync,
1647 	.unlocked_ioctl = ubifs_ioctl,
1648 #ifdef CONFIG_COMPAT
1649 	.compat_ioctl   = ubifs_compat_ioctl,
1650 #endif
1651 };
1652