xref: /openbmc/linux/fs/ubifs/dir.c (revision e0d07278)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* * This file is part of UBIFS.
3  *
4  * Copyright (C) 2006-2008 Nokia Corporation.
5  * Copyright (C) 2006, 2007 University of Szeged, Hungary
6  *
7  * Authors: Artem Bityutskiy (Битюцкий Артём)
8  *          Adrian Hunter
9  *          Zoltan Sogor
10  */
11 
12 /*
13  * This file implements directory operations.
14  *
15  * All FS operations in this file allocate budget before writing anything to the
16  * media. If they fail to allocate it, the error is returned. The only
17  * exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even
18  * if they unable to allocate the budget, because deletion %-ENOSPC failure is
19  * not what users are usually ready to get. UBIFS budgeting subsystem has some
20  * space reserved for these purposes.
21  *
22  * All operations in this file write all inodes which they change straight
23  * away, instead of marking them dirty. For example, 'ubifs_link()' changes
24  * @i_size of the parent inode and writes the parent inode together with the
25  * target inode. This was done to simplify file-system recovery which would
26  * otherwise be very difficult to do. The only exception is rename which marks
27  * the re-named inode dirty (because its @i_ctime is updated) but does not
28  * write it, but just marks it as dirty.
29  */
30 
31 #include "ubifs.h"
32 
33 /**
34  * inherit_flags - inherit flags of the parent inode.
35  * @dir: parent inode
36  * @mode: new inode mode flags
37  *
38  * This is a helper function for 'ubifs_new_inode()' which inherits flag of the
39  * parent directory inode @dir. UBIFS inodes inherit the following flags:
40  * o %UBIFS_COMPR_FL, which is useful to switch compression on/of on
41  *   sub-directory basis;
42  * o %UBIFS_SYNC_FL - useful for the same reasons;
43  * o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories.
44  *
45  * This function returns the inherited flags.
46  */
47 static int inherit_flags(const struct inode *dir, umode_t mode)
48 {
49 	int flags;
50 	const struct ubifs_inode *ui = ubifs_inode(dir);
51 
52 	if (!S_ISDIR(dir->i_mode))
53 		/*
54 		 * The parent is not a directory, which means that an extended
55 		 * attribute inode is being created. No flags.
56 		 */
57 		return 0;
58 
59 	flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL);
60 	if (!S_ISDIR(mode))
61 		/* The "DIRSYNC" flag only applies to directories */
62 		flags &= ~UBIFS_DIRSYNC_FL;
63 	return flags;
64 }
65 
66 /**
67  * ubifs_new_inode - allocate new UBIFS inode object.
68  * @c: UBIFS file-system description object
69  * @dir: parent directory inode
70  * @mode: inode mode flags
71  *
72  * This function finds an unused inode number, allocates new inode and
73  * initializes it. Returns new inode in case of success and an error code in
74  * case of failure.
75  */
76 struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
77 			      umode_t mode)
78 {
79 	int err;
80 	struct inode *inode;
81 	struct ubifs_inode *ui;
82 	bool encrypted = false;
83 
84 	if (IS_ENCRYPTED(dir)) {
85 		err = fscrypt_get_encryption_info(dir);
86 		if (err) {
87 			ubifs_err(c, "fscrypt_get_encryption_info failed: %i", err);
88 			return ERR_PTR(err);
89 		}
90 
91 		if (!fscrypt_has_encryption_key(dir))
92 			return ERR_PTR(-EPERM);
93 
94 		encrypted = true;
95 	}
96 
97 	inode = new_inode(c->vfs_sb);
98 	ui = ubifs_inode(inode);
99 	if (!inode)
100 		return ERR_PTR(-ENOMEM);
101 
102 	/*
103 	 * Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and
104 	 * marking them dirty in file write path (see 'file_update_time()').
105 	 * UBIFS has to fully control "clean <-> dirty" transitions of inodes
106 	 * to make budgeting work.
107 	 */
108 	inode->i_flags |= S_NOCMTIME;
109 
110 	inode_init_owner(inode, dir, mode);
111 	inode->i_mtime = inode->i_atime = inode->i_ctime =
112 			 current_time(inode);
113 	inode->i_mapping->nrpages = 0;
114 
115 	switch (mode & S_IFMT) {
116 	case S_IFREG:
117 		inode->i_mapping->a_ops = &ubifs_file_address_operations;
118 		inode->i_op = &ubifs_file_inode_operations;
119 		inode->i_fop = &ubifs_file_operations;
120 		break;
121 	case S_IFDIR:
122 		inode->i_op  = &ubifs_dir_inode_operations;
123 		inode->i_fop = &ubifs_dir_operations;
124 		inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ;
125 		break;
126 	case S_IFLNK:
127 		inode->i_op = &ubifs_symlink_inode_operations;
128 		break;
129 	case S_IFSOCK:
130 	case S_IFIFO:
131 	case S_IFBLK:
132 	case S_IFCHR:
133 		inode->i_op  = &ubifs_file_inode_operations;
134 		encrypted = false;
135 		break;
136 	default:
137 		BUG();
138 	}
139 
140 	ui->flags = inherit_flags(dir, mode);
141 	ubifs_set_inode_flags(inode);
142 	if (S_ISREG(mode))
143 		ui->compr_type = c->default_compr;
144 	else
145 		ui->compr_type = UBIFS_COMPR_NONE;
146 	ui->synced_i_size = 0;
147 
148 	spin_lock(&c->cnt_lock);
149 	/* Inode number overflow is currently not supported */
150 	if (c->highest_inum >= INUM_WARN_WATERMARK) {
151 		if (c->highest_inum >= INUM_WATERMARK) {
152 			spin_unlock(&c->cnt_lock);
153 			ubifs_err(c, "out of inode numbers");
154 			make_bad_inode(inode);
155 			iput(inode);
156 			return ERR_PTR(-EINVAL);
157 		}
158 		ubifs_warn(c, "running out of inode numbers (current %lu, max %u)",
159 			   (unsigned long)c->highest_inum, INUM_WATERMARK);
160 	}
161 
162 	inode->i_ino = ++c->highest_inum;
163 	/*
164 	 * The creation sequence number remains with this inode for its
165 	 * lifetime. All nodes for this inode have a greater sequence number,
166 	 * and so it is possible to distinguish obsolete nodes belonging to a
167 	 * previous incarnation of the same inode number - for example, for the
168 	 * purpose of rebuilding the index.
169 	 */
170 	ui->creat_sqnum = ++c->max_sqnum;
171 	spin_unlock(&c->cnt_lock);
172 
173 	if (encrypted) {
174 		err = fscrypt_inherit_context(dir, inode, &encrypted, true);
175 		if (err) {
176 			ubifs_err(c, "fscrypt_inherit_context failed: %i", err);
177 			make_bad_inode(inode);
178 			iput(inode);
179 			return ERR_PTR(err);
180 		}
181 	}
182 
183 	return inode;
184 }
185 
186 static int dbg_check_name(const struct ubifs_info *c,
187 			  const struct ubifs_dent_node *dent,
188 			  const struct fscrypt_name *nm)
189 {
190 	if (!dbg_is_chk_gen(c))
191 		return 0;
192 	if (le16_to_cpu(dent->nlen) != fname_len(nm))
193 		return -EINVAL;
194 	if (memcmp(dent->name, fname_name(nm), fname_len(nm)))
195 		return -EINVAL;
196 	return 0;
197 }
198 
199 static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
200 				   unsigned int flags)
201 {
202 	int err;
203 	union ubifs_key key;
204 	struct inode *inode = NULL;
205 	struct ubifs_dent_node *dent = NULL;
206 	struct ubifs_info *c = dir->i_sb->s_fs_info;
207 	struct fscrypt_name nm;
208 
209 	dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino);
210 
211 	err = fscrypt_prepare_lookup(dir, dentry, &nm);
212 	if (err == -ENOENT)
213 		return d_splice_alias(NULL, dentry);
214 	if (err)
215 		return ERR_PTR(err);
216 
217 	if (fname_len(&nm) > UBIFS_MAX_NLEN) {
218 		inode = ERR_PTR(-ENAMETOOLONG);
219 		goto done;
220 	}
221 
222 	dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
223 	if (!dent) {
224 		inode = ERR_PTR(-ENOMEM);
225 		goto done;
226 	}
227 
228 	if (fname_name(&nm) == NULL) {
229 		if (nm.hash & ~UBIFS_S_KEY_HASH_MASK)
230 			goto done; /* ENOENT */
231 		dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
232 		err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
233 	} else {
234 		dent_key_init(c, &key, dir->i_ino, &nm);
235 		err = ubifs_tnc_lookup_nm(c, &key, dent, &nm);
236 	}
237 
238 	if (err) {
239 		if (err == -ENOENT)
240 			dbg_gen("not found");
241 		else
242 			inode = ERR_PTR(err);
243 		goto done;
244 	}
245 
246 	if (dbg_check_name(c, dent, &nm)) {
247 		inode = ERR_PTR(-EINVAL);
248 		goto done;
249 	}
250 
251 	inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum));
252 	if (IS_ERR(inode)) {
253 		/*
254 		 * This should not happen. Probably the file-system needs
255 		 * checking.
256 		 */
257 		err = PTR_ERR(inode);
258 		ubifs_err(c, "dead directory entry '%pd', error %d",
259 			  dentry, err);
260 		ubifs_ro_mode(c, err);
261 		goto done;
262 	}
263 
264 	if (IS_ENCRYPTED(dir) &&
265 	    (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
266 	    !fscrypt_has_permitted_context(dir, inode)) {
267 		ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
268 			   dir->i_ino, inode->i_ino);
269 		iput(inode);
270 		inode = ERR_PTR(-EPERM);
271 	}
272 
273 done:
274 	kfree(dent);
275 	fscrypt_free_filename(&nm);
276 	return d_splice_alias(inode, dentry);
277 }
278 
279 static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
280 			bool excl)
281 {
282 	struct inode *inode;
283 	struct ubifs_info *c = dir->i_sb->s_fs_info;
284 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
285 					.dirtied_ino = 1 };
286 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
287 	struct fscrypt_name nm;
288 	int err, sz_change;
289 
290 	/*
291 	 * Budget request settings: new inode, new direntry, changing the
292 	 * parent directory inode.
293 	 */
294 
295 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
296 		dentry, mode, dir->i_ino);
297 
298 	err = ubifs_budget_space(c, &req);
299 	if (err)
300 		return err;
301 
302 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
303 	if (err)
304 		goto out_budg;
305 
306 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
307 
308 	inode = ubifs_new_inode(c, dir, mode);
309 	if (IS_ERR(inode)) {
310 		err = PTR_ERR(inode);
311 		goto out_fname;
312 	}
313 
314 	err = ubifs_init_security(dir, inode, &dentry->d_name);
315 	if (err)
316 		goto out_inode;
317 
318 	mutex_lock(&dir_ui->ui_mutex);
319 	dir->i_size += sz_change;
320 	dir_ui->ui_size = dir->i_size;
321 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
322 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
323 	if (err)
324 		goto out_cancel;
325 	mutex_unlock(&dir_ui->ui_mutex);
326 
327 	ubifs_release_budget(c, &req);
328 	fscrypt_free_filename(&nm);
329 	insert_inode_hash(inode);
330 	d_instantiate(dentry, inode);
331 	return 0;
332 
333 out_cancel:
334 	dir->i_size -= sz_change;
335 	dir_ui->ui_size = dir->i_size;
336 	mutex_unlock(&dir_ui->ui_mutex);
337 out_inode:
338 	make_bad_inode(inode);
339 	iput(inode);
340 out_fname:
341 	fscrypt_free_filename(&nm);
342 out_budg:
343 	ubifs_release_budget(c, &req);
344 	ubifs_err(c, "cannot create regular file, error %d", err);
345 	return err;
346 }
347 
348 static int do_tmpfile(struct inode *dir, struct dentry *dentry,
349 		      umode_t mode, struct inode **whiteout)
350 {
351 	struct inode *inode;
352 	struct ubifs_info *c = dir->i_sb->s_fs_info;
353 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1};
354 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
355 	struct ubifs_inode *ui, *dir_ui = ubifs_inode(dir);
356 	int err, instantiated = 0;
357 	struct fscrypt_name nm;
358 
359 	/*
360 	 * Budget request settings: new dirty inode, new direntry,
361 	 * budget for dirtied inode will be released via writeback.
362 	 */
363 
364 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
365 		dentry, mode, dir->i_ino);
366 
367 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
368 	if (err)
369 		return err;
370 
371 	err = ubifs_budget_space(c, &req);
372 	if (err) {
373 		fscrypt_free_filename(&nm);
374 		return err;
375 	}
376 
377 	err = ubifs_budget_space(c, &ino_req);
378 	if (err) {
379 		ubifs_release_budget(c, &req);
380 		fscrypt_free_filename(&nm);
381 		return err;
382 	}
383 
384 	inode = ubifs_new_inode(c, dir, mode);
385 	if (IS_ERR(inode)) {
386 		err = PTR_ERR(inode);
387 		goto out_budg;
388 	}
389 	ui = ubifs_inode(inode);
390 
391 	if (whiteout) {
392 		init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
393 		ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations);
394 	}
395 
396 	err = ubifs_init_security(dir, inode, &dentry->d_name);
397 	if (err)
398 		goto out_inode;
399 
400 	mutex_lock(&ui->ui_mutex);
401 	insert_inode_hash(inode);
402 
403 	if (whiteout) {
404 		mark_inode_dirty(inode);
405 		drop_nlink(inode);
406 		*whiteout = inode;
407 	} else {
408 		d_tmpfile(dentry, inode);
409 	}
410 	ubifs_assert(c, ui->dirty);
411 
412 	instantiated = 1;
413 	mutex_unlock(&ui->ui_mutex);
414 
415 	mutex_lock(&dir_ui->ui_mutex);
416 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
417 	if (err)
418 		goto out_cancel;
419 	mutex_unlock(&dir_ui->ui_mutex);
420 
421 	ubifs_release_budget(c, &req);
422 
423 	return 0;
424 
425 out_cancel:
426 	mutex_unlock(&dir_ui->ui_mutex);
427 out_inode:
428 	make_bad_inode(inode);
429 	if (!instantiated)
430 		iput(inode);
431 out_budg:
432 	ubifs_release_budget(c, &req);
433 	if (!instantiated)
434 		ubifs_release_budget(c, &ino_req);
435 	fscrypt_free_filename(&nm);
436 	ubifs_err(c, "cannot create temporary file, error %d", err);
437 	return err;
438 }
439 
440 static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry,
441 			 umode_t mode)
442 {
443 	return do_tmpfile(dir, dentry, mode, NULL);
444 }
445 
446 /**
447  * vfs_dent_type - get VFS directory entry type.
448  * @type: UBIFS directory entry type
449  *
450  * This function converts UBIFS directory entry type into VFS directory entry
451  * type.
452  */
453 static unsigned int vfs_dent_type(uint8_t type)
454 {
455 	switch (type) {
456 	case UBIFS_ITYPE_REG:
457 		return DT_REG;
458 	case UBIFS_ITYPE_DIR:
459 		return DT_DIR;
460 	case UBIFS_ITYPE_LNK:
461 		return DT_LNK;
462 	case UBIFS_ITYPE_BLK:
463 		return DT_BLK;
464 	case UBIFS_ITYPE_CHR:
465 		return DT_CHR;
466 	case UBIFS_ITYPE_FIFO:
467 		return DT_FIFO;
468 	case UBIFS_ITYPE_SOCK:
469 		return DT_SOCK;
470 	default:
471 		BUG();
472 	}
473 	return 0;
474 }
475 
476 /*
477  * The classical Unix view for directory is that it is a linear array of
478  * (name, inode number) entries. Linux/VFS assumes this model as well.
479  * Particularly, 'readdir()' call wants us to return a directory entry offset
480  * which later may be used to continue 'readdir()'ing the directory or to
481  * 'seek()' to that specific direntry. Obviously UBIFS does not really fit this
482  * model because directory entries are identified by keys, which may collide.
483  *
484  * UBIFS uses directory entry hash value for directory offsets, so
485  * 'seekdir()'/'telldir()' may not always work because of possible key
486  * collisions. But UBIFS guarantees that consecutive 'readdir()' calls work
487  * properly by means of saving full directory entry name in the private field
488  * of the file description object.
489  *
490  * This means that UBIFS cannot support NFS which requires full
491  * 'seekdir()'/'telldir()' support.
492  */
493 static int ubifs_readdir(struct file *file, struct dir_context *ctx)
494 {
495 	int fstr_real_len = 0, err = 0;
496 	struct fscrypt_name nm;
497 	struct fscrypt_str fstr = {0};
498 	union ubifs_key key;
499 	struct ubifs_dent_node *dent;
500 	struct inode *dir = file_inode(file);
501 	struct ubifs_info *c = dir->i_sb->s_fs_info;
502 	bool encrypted = IS_ENCRYPTED(dir);
503 
504 	dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos);
505 
506 	if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2)
507 		/*
508 		 * The directory was seek'ed to a senseless position or there
509 		 * are no more entries.
510 		 */
511 		return 0;
512 
513 	if (encrypted) {
514 		err = fscrypt_get_encryption_info(dir);
515 		if (err)
516 			return err;
517 
518 		err = fscrypt_fname_alloc_buffer(dir, UBIFS_MAX_NLEN, &fstr);
519 		if (err)
520 			return err;
521 
522 		fstr_real_len = fstr.len;
523 	}
524 
525 	if (file->f_version == 0) {
526 		/*
527 		 * The file was seek'ed, which means that @file->private_data
528 		 * is now invalid. This may also be just the first
529 		 * 'ubifs_readdir()' invocation, in which case
530 		 * @file->private_data is NULL, and the below code is
531 		 * basically a no-op.
532 		 */
533 		kfree(file->private_data);
534 		file->private_data = NULL;
535 	}
536 
537 	/*
538 	 * 'generic_file_llseek()' unconditionally sets @file->f_version to
539 	 * zero, and we use this for detecting whether the file was seek'ed.
540 	 */
541 	file->f_version = 1;
542 
543 	/* File positions 0 and 1 correspond to "." and ".." */
544 	if (ctx->pos < 2) {
545 		ubifs_assert(c, !file->private_data);
546 		if (!dir_emit_dots(file, ctx)) {
547 			if (encrypted)
548 				fscrypt_fname_free_buffer(&fstr);
549 			return 0;
550 		}
551 
552 		/* Find the first entry in TNC and save it */
553 		lowest_dent_key(c, &key, dir->i_ino);
554 		fname_len(&nm) = 0;
555 		dent = ubifs_tnc_next_ent(c, &key, &nm);
556 		if (IS_ERR(dent)) {
557 			err = PTR_ERR(dent);
558 			goto out;
559 		}
560 
561 		ctx->pos = key_hash_flash(c, &dent->key);
562 		file->private_data = dent;
563 	}
564 
565 	dent = file->private_data;
566 	if (!dent) {
567 		/*
568 		 * The directory was seek'ed to and is now readdir'ed.
569 		 * Find the entry corresponding to @ctx->pos or the closest one.
570 		 */
571 		dent_key_init_hash(c, &key, dir->i_ino, ctx->pos);
572 		fname_len(&nm) = 0;
573 		dent = ubifs_tnc_next_ent(c, &key, &nm);
574 		if (IS_ERR(dent)) {
575 			err = PTR_ERR(dent);
576 			goto out;
577 		}
578 		ctx->pos = key_hash_flash(c, &dent->key);
579 		file->private_data = dent;
580 	}
581 
582 	while (1) {
583 		dbg_gen("ino %llu, new f_pos %#x",
584 			(unsigned long long)le64_to_cpu(dent->inum),
585 			key_hash_flash(c, &dent->key));
586 		ubifs_assert(c, le64_to_cpu(dent->ch.sqnum) >
587 			     ubifs_inode(dir)->creat_sqnum);
588 
589 		fname_len(&nm) = le16_to_cpu(dent->nlen);
590 		fname_name(&nm) = dent->name;
591 
592 		if (encrypted) {
593 			fstr.len = fstr_real_len;
594 
595 			err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c,
596 							&dent->key),
597 							le32_to_cpu(dent->cookie),
598 							&nm.disk_name, &fstr);
599 			if (err)
600 				goto out;
601 		} else {
602 			fstr.len = fname_len(&nm);
603 			fstr.name = fname_name(&nm);
604 		}
605 
606 		if (!dir_emit(ctx, fstr.name, fstr.len,
607 			       le64_to_cpu(dent->inum),
608 			       vfs_dent_type(dent->type))) {
609 			if (encrypted)
610 				fscrypt_fname_free_buffer(&fstr);
611 			return 0;
612 		}
613 
614 		/* Switch to the next entry */
615 		key_read(c, &dent->key, &key);
616 		dent = ubifs_tnc_next_ent(c, &key, &nm);
617 		if (IS_ERR(dent)) {
618 			err = PTR_ERR(dent);
619 			goto out;
620 		}
621 
622 		kfree(file->private_data);
623 		ctx->pos = key_hash_flash(c, &dent->key);
624 		file->private_data = dent;
625 		cond_resched();
626 	}
627 
628 out:
629 	kfree(file->private_data);
630 	file->private_data = NULL;
631 
632 	if (encrypted)
633 		fscrypt_fname_free_buffer(&fstr);
634 
635 	if (err != -ENOENT)
636 		ubifs_err(c, "cannot find next direntry, error %d", err);
637 	else
638 		/*
639 		 * -ENOENT is a non-fatal error in this context, the TNC uses
640 		 * it to indicate that the cursor moved past the current directory
641 		 * and readdir() has to stop.
642 		 */
643 		err = 0;
644 
645 
646 	/* 2 is a special value indicating that there are no more direntries */
647 	ctx->pos = 2;
648 	return err;
649 }
650 
651 /* Free saved readdir() state when the directory is closed */
652 static int ubifs_dir_release(struct inode *dir, struct file *file)
653 {
654 	kfree(file->private_data);
655 	file->private_data = NULL;
656 	return 0;
657 }
658 
659 /**
660  * lock_2_inodes - a wrapper for locking two UBIFS inodes.
661  * @inode1: first inode
662  * @inode2: second inode
663  *
664  * We do not implement any tricks to guarantee strict lock ordering, because
665  * VFS has already done it for us on the @i_mutex. So this is just a simple
666  * wrapper function.
667  */
668 static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
669 {
670 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
671 	mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
672 }
673 
674 /**
675  * unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
676  * @inode1: first inode
677  * @inode2: second inode
678  */
679 static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
680 {
681 	mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
682 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
683 }
684 
685 static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
686 		      struct dentry *dentry)
687 {
688 	struct ubifs_info *c = dir->i_sb->s_fs_info;
689 	struct inode *inode = d_inode(old_dentry);
690 	struct ubifs_inode *ui = ubifs_inode(inode);
691 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
692 	int err, sz_change = CALC_DENT_SIZE(dentry->d_name.len);
693 	struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2,
694 				.dirtied_ino_d = ALIGN(ui->data_len, 8) };
695 	struct fscrypt_name nm;
696 
697 	/*
698 	 * Budget request settings: new direntry, changing the target inode,
699 	 * changing the parent inode.
700 	 */
701 
702 	dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu",
703 		dentry, inode->i_ino,
704 		inode->i_nlink, dir->i_ino);
705 	ubifs_assert(c, inode_is_locked(dir));
706 	ubifs_assert(c, inode_is_locked(inode));
707 
708 	err = fscrypt_prepare_link(old_dentry, dir, dentry);
709 	if (err)
710 		return err;
711 
712 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
713 	if (err)
714 		return err;
715 
716 	err = dbg_check_synced_i_size(c, inode);
717 	if (err)
718 		goto out_fname;
719 
720 	err = ubifs_budget_space(c, &req);
721 	if (err)
722 		goto out_fname;
723 
724 	lock_2_inodes(dir, inode);
725 
726 	/* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
727 	if (inode->i_nlink == 0)
728 		ubifs_delete_orphan(c, inode->i_ino);
729 
730 	inc_nlink(inode);
731 	ihold(inode);
732 	inode->i_ctime = current_time(inode);
733 	dir->i_size += sz_change;
734 	dir_ui->ui_size = dir->i_size;
735 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
736 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
737 	if (err)
738 		goto out_cancel;
739 	unlock_2_inodes(dir, inode);
740 
741 	ubifs_release_budget(c, &req);
742 	d_instantiate(dentry, inode);
743 	fscrypt_free_filename(&nm);
744 	return 0;
745 
746 out_cancel:
747 	dir->i_size -= sz_change;
748 	dir_ui->ui_size = dir->i_size;
749 	drop_nlink(inode);
750 	if (inode->i_nlink == 0)
751 		ubifs_add_orphan(c, inode->i_ino);
752 	unlock_2_inodes(dir, inode);
753 	ubifs_release_budget(c, &req);
754 	iput(inode);
755 out_fname:
756 	fscrypt_free_filename(&nm);
757 	return err;
758 }
759 
760 static int ubifs_unlink(struct inode *dir, struct dentry *dentry)
761 {
762 	struct ubifs_info *c = dir->i_sb->s_fs_info;
763 	struct inode *inode = d_inode(dentry);
764 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
765 	int err, sz_change, budgeted = 1;
766 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
767 	unsigned int saved_nlink = inode->i_nlink;
768 	struct fscrypt_name nm;
769 
770 	/*
771 	 * Budget request settings: deletion direntry, deletion inode (+1 for
772 	 * @dirtied_ino), changing the parent directory inode. If budgeting
773 	 * fails, go ahead anyway because we have extra space reserved for
774 	 * deletions.
775 	 */
776 
777 	dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu",
778 		dentry, inode->i_ino,
779 		inode->i_nlink, dir->i_ino);
780 
781 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
782 	if (err)
783 		return err;
784 
785 	err = ubifs_purge_xattrs(inode);
786 	if (err)
787 		return err;
788 
789 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
790 
791 	ubifs_assert(c, inode_is_locked(dir));
792 	ubifs_assert(c, inode_is_locked(inode));
793 	err = dbg_check_synced_i_size(c, inode);
794 	if (err)
795 		goto out_fname;
796 
797 	err = ubifs_budget_space(c, &req);
798 	if (err) {
799 		if (err != -ENOSPC)
800 			goto out_fname;
801 		budgeted = 0;
802 	}
803 
804 	lock_2_inodes(dir, inode);
805 	inode->i_ctime = current_time(dir);
806 	drop_nlink(inode);
807 	dir->i_size -= sz_change;
808 	dir_ui->ui_size = dir->i_size;
809 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
810 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
811 	if (err)
812 		goto out_cancel;
813 	unlock_2_inodes(dir, inode);
814 
815 	if (budgeted)
816 		ubifs_release_budget(c, &req);
817 	else {
818 		/* We've deleted something - clean the "no space" flags */
819 		c->bi.nospace = c->bi.nospace_rp = 0;
820 		smp_wmb();
821 	}
822 	fscrypt_free_filename(&nm);
823 	return 0;
824 
825 out_cancel:
826 	dir->i_size += sz_change;
827 	dir_ui->ui_size = dir->i_size;
828 	set_nlink(inode, saved_nlink);
829 	unlock_2_inodes(dir, inode);
830 	if (budgeted)
831 		ubifs_release_budget(c, &req);
832 out_fname:
833 	fscrypt_free_filename(&nm);
834 	return err;
835 }
836 
837 /**
838  * check_dir_empty - check if a directory is empty or not.
839  * @dir: VFS inode object of the directory to check
840  *
841  * This function checks if directory @dir is empty. Returns zero if the
842  * directory is empty, %-ENOTEMPTY if it is not, and other negative error codes
843  * in case of of errors.
844  */
845 int ubifs_check_dir_empty(struct inode *dir)
846 {
847 	struct ubifs_info *c = dir->i_sb->s_fs_info;
848 	struct fscrypt_name nm = { 0 };
849 	struct ubifs_dent_node *dent;
850 	union ubifs_key key;
851 	int err;
852 
853 	lowest_dent_key(c, &key, dir->i_ino);
854 	dent = ubifs_tnc_next_ent(c, &key, &nm);
855 	if (IS_ERR(dent)) {
856 		err = PTR_ERR(dent);
857 		if (err == -ENOENT)
858 			err = 0;
859 	} else {
860 		kfree(dent);
861 		err = -ENOTEMPTY;
862 	}
863 	return err;
864 }
865 
866 static int ubifs_rmdir(struct inode *dir, struct dentry *dentry)
867 {
868 	struct ubifs_info *c = dir->i_sb->s_fs_info;
869 	struct inode *inode = d_inode(dentry);
870 	int err, sz_change, budgeted = 1;
871 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
872 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
873 	struct fscrypt_name nm;
874 
875 	/*
876 	 * Budget request settings: deletion direntry, deletion inode and
877 	 * changing the parent inode. If budgeting fails, go ahead anyway
878 	 * because we have extra space reserved for deletions.
879 	 */
880 
881 	dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry,
882 		inode->i_ino, dir->i_ino);
883 	ubifs_assert(c, inode_is_locked(dir));
884 	ubifs_assert(c, inode_is_locked(inode));
885 	err = ubifs_check_dir_empty(d_inode(dentry));
886 	if (err)
887 		return err;
888 
889 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
890 	if (err)
891 		return err;
892 
893 	err = ubifs_purge_xattrs(inode);
894 	if (err)
895 		return err;
896 
897 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
898 
899 	err = ubifs_budget_space(c, &req);
900 	if (err) {
901 		if (err != -ENOSPC)
902 			goto out_fname;
903 		budgeted = 0;
904 	}
905 
906 	lock_2_inodes(dir, inode);
907 	inode->i_ctime = current_time(dir);
908 	clear_nlink(inode);
909 	drop_nlink(dir);
910 	dir->i_size -= sz_change;
911 	dir_ui->ui_size = dir->i_size;
912 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
913 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
914 	if (err)
915 		goto out_cancel;
916 	unlock_2_inodes(dir, inode);
917 
918 	if (budgeted)
919 		ubifs_release_budget(c, &req);
920 	else {
921 		/* We've deleted something - clean the "no space" flags */
922 		c->bi.nospace = c->bi.nospace_rp = 0;
923 		smp_wmb();
924 	}
925 	fscrypt_free_filename(&nm);
926 	return 0;
927 
928 out_cancel:
929 	dir->i_size += sz_change;
930 	dir_ui->ui_size = dir->i_size;
931 	inc_nlink(dir);
932 	set_nlink(inode, 2);
933 	unlock_2_inodes(dir, inode);
934 	if (budgeted)
935 		ubifs_release_budget(c, &req);
936 out_fname:
937 	fscrypt_free_filename(&nm);
938 	return err;
939 }
940 
941 static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
942 {
943 	struct inode *inode;
944 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
945 	struct ubifs_info *c = dir->i_sb->s_fs_info;
946 	int err, sz_change;
947 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1 };
948 	struct fscrypt_name nm;
949 
950 	/*
951 	 * Budget request settings: new inode, new direntry and changing parent
952 	 * directory inode.
953 	 */
954 
955 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
956 		dentry, mode, dir->i_ino);
957 
958 	err = ubifs_budget_space(c, &req);
959 	if (err)
960 		return err;
961 
962 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
963 	if (err)
964 		goto out_budg;
965 
966 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
967 
968 	inode = ubifs_new_inode(c, dir, S_IFDIR | mode);
969 	if (IS_ERR(inode)) {
970 		err = PTR_ERR(inode);
971 		goto out_fname;
972 	}
973 
974 	err = ubifs_init_security(dir, inode, &dentry->d_name);
975 	if (err)
976 		goto out_inode;
977 
978 	mutex_lock(&dir_ui->ui_mutex);
979 	insert_inode_hash(inode);
980 	inc_nlink(inode);
981 	inc_nlink(dir);
982 	dir->i_size += sz_change;
983 	dir_ui->ui_size = dir->i_size;
984 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
985 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
986 	if (err) {
987 		ubifs_err(c, "cannot create directory, error %d", err);
988 		goto out_cancel;
989 	}
990 	mutex_unlock(&dir_ui->ui_mutex);
991 
992 	ubifs_release_budget(c, &req);
993 	d_instantiate(dentry, inode);
994 	fscrypt_free_filename(&nm);
995 	return 0;
996 
997 out_cancel:
998 	dir->i_size -= sz_change;
999 	dir_ui->ui_size = dir->i_size;
1000 	drop_nlink(dir);
1001 	mutex_unlock(&dir_ui->ui_mutex);
1002 out_inode:
1003 	make_bad_inode(inode);
1004 	iput(inode);
1005 out_fname:
1006 	fscrypt_free_filename(&nm);
1007 out_budg:
1008 	ubifs_release_budget(c, &req);
1009 	return err;
1010 }
1011 
1012 static int ubifs_mknod(struct inode *dir, struct dentry *dentry,
1013 		       umode_t mode, dev_t rdev)
1014 {
1015 	struct inode *inode;
1016 	struct ubifs_inode *ui;
1017 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1018 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1019 	union ubifs_dev_desc *dev = NULL;
1020 	int sz_change;
1021 	int err, devlen = 0;
1022 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1023 					.dirtied_ino = 1 };
1024 	struct fscrypt_name nm;
1025 
1026 	/*
1027 	 * Budget request settings: new inode, new direntry and changing parent
1028 	 * directory inode.
1029 	 */
1030 
1031 	dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino);
1032 
1033 	if (S_ISBLK(mode) || S_ISCHR(mode)) {
1034 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1035 		if (!dev)
1036 			return -ENOMEM;
1037 		devlen = ubifs_encode_dev(dev, rdev);
1038 	}
1039 
1040 	req.new_ino_d = ALIGN(devlen, 8);
1041 	err = ubifs_budget_space(c, &req);
1042 	if (err) {
1043 		kfree(dev);
1044 		return err;
1045 	}
1046 
1047 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
1048 	if (err) {
1049 		kfree(dev);
1050 		goto out_budg;
1051 	}
1052 
1053 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1054 
1055 	inode = ubifs_new_inode(c, dir, mode);
1056 	if (IS_ERR(inode)) {
1057 		kfree(dev);
1058 		err = PTR_ERR(inode);
1059 		goto out_fname;
1060 	}
1061 
1062 	init_special_inode(inode, inode->i_mode, rdev);
1063 	inode->i_size = ubifs_inode(inode)->ui_size = devlen;
1064 	ui = ubifs_inode(inode);
1065 	ui->data = dev;
1066 	ui->data_len = devlen;
1067 
1068 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1069 	if (err)
1070 		goto out_inode;
1071 
1072 	mutex_lock(&dir_ui->ui_mutex);
1073 	dir->i_size += sz_change;
1074 	dir_ui->ui_size = dir->i_size;
1075 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1076 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1077 	if (err)
1078 		goto out_cancel;
1079 	mutex_unlock(&dir_ui->ui_mutex);
1080 
1081 	ubifs_release_budget(c, &req);
1082 	insert_inode_hash(inode);
1083 	d_instantiate(dentry, inode);
1084 	fscrypt_free_filename(&nm);
1085 	return 0;
1086 
1087 out_cancel:
1088 	dir->i_size -= sz_change;
1089 	dir_ui->ui_size = dir->i_size;
1090 	mutex_unlock(&dir_ui->ui_mutex);
1091 out_inode:
1092 	make_bad_inode(inode);
1093 	iput(inode);
1094 out_fname:
1095 	fscrypt_free_filename(&nm);
1096 out_budg:
1097 	ubifs_release_budget(c, &req);
1098 	return err;
1099 }
1100 
1101 static int ubifs_symlink(struct inode *dir, struct dentry *dentry,
1102 			 const char *symname)
1103 {
1104 	struct inode *inode;
1105 	struct ubifs_inode *ui;
1106 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1107 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1108 	int err, sz_change, len = strlen(symname);
1109 	struct fscrypt_str disk_link;
1110 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1111 					.new_ino_d = ALIGN(len, 8),
1112 					.dirtied_ino = 1 };
1113 	struct fscrypt_name nm;
1114 
1115 	dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry,
1116 		symname, dir->i_ino);
1117 
1118 	err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA,
1119 				      &disk_link);
1120 	if (err)
1121 		return err;
1122 
1123 	/*
1124 	 * Budget request settings: new inode, new direntry and changing parent
1125 	 * directory inode.
1126 	 */
1127 	err = ubifs_budget_space(c, &req);
1128 	if (err)
1129 		return err;
1130 
1131 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
1132 	if (err)
1133 		goto out_budg;
1134 
1135 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1136 
1137 	inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO);
1138 	if (IS_ERR(inode)) {
1139 		err = PTR_ERR(inode);
1140 		goto out_fname;
1141 	}
1142 
1143 	ui = ubifs_inode(inode);
1144 	ui->data = kmalloc(disk_link.len, GFP_NOFS);
1145 	if (!ui->data) {
1146 		err = -ENOMEM;
1147 		goto out_inode;
1148 	}
1149 
1150 	if (IS_ENCRYPTED(inode)) {
1151 		disk_link.name = ui->data; /* encrypt directly into ui->data */
1152 		err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link);
1153 		if (err)
1154 			goto out_inode;
1155 	} else {
1156 		memcpy(ui->data, disk_link.name, disk_link.len);
1157 		inode->i_link = ui->data;
1158 	}
1159 
1160 	/*
1161 	 * The terminating zero byte is not written to the flash media and it
1162 	 * is put just to make later in-memory string processing simpler. Thus,
1163 	 * data length is @disk_link.len - 1, not @disk_link.len.
1164 	 */
1165 	ui->data_len = disk_link.len - 1;
1166 	inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
1167 
1168 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1169 	if (err)
1170 		goto out_inode;
1171 
1172 	mutex_lock(&dir_ui->ui_mutex);
1173 	dir->i_size += sz_change;
1174 	dir_ui->ui_size = dir->i_size;
1175 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1176 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1177 	if (err)
1178 		goto out_cancel;
1179 	mutex_unlock(&dir_ui->ui_mutex);
1180 
1181 	insert_inode_hash(inode);
1182 	d_instantiate(dentry, inode);
1183 	err = 0;
1184 	goto out_fname;
1185 
1186 out_cancel:
1187 	dir->i_size -= sz_change;
1188 	dir_ui->ui_size = dir->i_size;
1189 	mutex_unlock(&dir_ui->ui_mutex);
1190 out_inode:
1191 	make_bad_inode(inode);
1192 	iput(inode);
1193 out_fname:
1194 	fscrypt_free_filename(&nm);
1195 out_budg:
1196 	ubifs_release_budget(c, &req);
1197 	return err;
1198 }
1199 
1200 /**
1201  * lock_4_inodes - a wrapper for locking three UBIFS inodes.
1202  * @inode1: first inode
1203  * @inode2: second inode
1204  * @inode3: third inode
1205  * @inode4: fouth inode
1206  *
1207  * This function is used for 'ubifs_rename()' and @inode1 may be the same as
1208  * @inode2 whereas @inode3 and @inode4 may be %NULL.
1209  *
1210  * We do not implement any tricks to guarantee strict lock ordering, because
1211  * VFS has already done it for us on the @i_mutex. So this is just a simple
1212  * wrapper function.
1213  */
1214 static void lock_4_inodes(struct inode *inode1, struct inode *inode2,
1215 			  struct inode *inode3, struct inode *inode4)
1216 {
1217 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
1218 	if (inode2 != inode1)
1219 		mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
1220 	if (inode3)
1221 		mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3);
1222 	if (inode4)
1223 		mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4);
1224 }
1225 
1226 /**
1227  * unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename.
1228  * @inode1: first inode
1229  * @inode2: second inode
1230  * @inode3: third inode
1231  * @inode4: fouth inode
1232  */
1233 static void unlock_4_inodes(struct inode *inode1, struct inode *inode2,
1234 			    struct inode *inode3, struct inode *inode4)
1235 {
1236 	if (inode4)
1237 		mutex_unlock(&ubifs_inode(inode4)->ui_mutex);
1238 	if (inode3)
1239 		mutex_unlock(&ubifs_inode(inode3)->ui_mutex);
1240 	if (inode1 != inode2)
1241 		mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
1242 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
1243 }
1244 
1245 static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
1246 		     struct inode *new_dir, struct dentry *new_dentry,
1247 		     unsigned int flags)
1248 {
1249 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1250 	struct inode *old_inode = d_inode(old_dentry);
1251 	struct inode *new_inode = d_inode(new_dentry);
1252 	struct inode *whiteout = NULL;
1253 	struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode);
1254 	struct ubifs_inode *whiteout_ui = NULL;
1255 	int err, release, sync = 0, move = (new_dir != old_dir);
1256 	int is_dir = S_ISDIR(old_inode->i_mode);
1257 	int unlink = !!new_inode, new_sz, old_sz;
1258 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1259 					.dirtied_ino = 3 };
1260 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
1261 			.dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
1262 	struct timespec64 time;
1263 	unsigned int saved_nlink;
1264 	struct fscrypt_name old_nm, new_nm;
1265 
1266 	/*
1267 	 * Budget request settings: deletion direntry, new direntry, removing
1268 	 * the old inode, and changing old and new parent directory inodes.
1269 	 *
1270 	 * However, this operation also marks the target inode as dirty and
1271 	 * does not write it, so we allocate budget for the target inode
1272 	 * separately.
1273 	 */
1274 
1275 	dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
1276 		old_dentry, old_inode->i_ino, old_dir->i_ino,
1277 		new_dentry, new_dir->i_ino, flags);
1278 
1279 	if (unlink) {
1280 		ubifs_assert(c, inode_is_locked(new_inode));
1281 
1282 		err = ubifs_purge_xattrs(new_inode);
1283 		if (err)
1284 			return err;
1285 	}
1286 
1287 	if (unlink && is_dir) {
1288 		err = ubifs_check_dir_empty(new_inode);
1289 		if (err)
1290 			return err;
1291 	}
1292 
1293 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm);
1294 	if (err)
1295 		return err;
1296 
1297 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm);
1298 	if (err) {
1299 		fscrypt_free_filename(&old_nm);
1300 		return err;
1301 	}
1302 
1303 	new_sz = CALC_DENT_SIZE(fname_len(&new_nm));
1304 	old_sz = CALC_DENT_SIZE(fname_len(&old_nm));
1305 
1306 	err = ubifs_budget_space(c, &req);
1307 	if (err) {
1308 		fscrypt_free_filename(&old_nm);
1309 		fscrypt_free_filename(&new_nm);
1310 		return err;
1311 	}
1312 	err = ubifs_budget_space(c, &ino_req);
1313 	if (err) {
1314 		fscrypt_free_filename(&old_nm);
1315 		fscrypt_free_filename(&new_nm);
1316 		ubifs_release_budget(c, &req);
1317 		return err;
1318 	}
1319 
1320 	if (flags & RENAME_WHITEOUT) {
1321 		union ubifs_dev_desc *dev = NULL;
1322 
1323 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1324 		if (!dev) {
1325 			err = -ENOMEM;
1326 			goto out_release;
1327 		}
1328 
1329 		err = do_tmpfile(old_dir, old_dentry, S_IFCHR | WHITEOUT_MODE, &whiteout);
1330 		if (err) {
1331 			kfree(dev);
1332 			goto out_release;
1333 		}
1334 
1335 		whiteout->i_state |= I_LINKABLE;
1336 		whiteout_ui = ubifs_inode(whiteout);
1337 		whiteout_ui->data = dev;
1338 		whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
1339 		ubifs_assert(c, !whiteout_ui->dirty);
1340 	}
1341 
1342 	lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1343 
1344 	/*
1345 	 * Like most other Unix systems, set the @i_ctime for inodes on a
1346 	 * rename.
1347 	 */
1348 	time = current_time(old_dir);
1349 	old_inode->i_ctime = time;
1350 
1351 	/* We must adjust parent link count when renaming directories */
1352 	if (is_dir) {
1353 		if (move) {
1354 			/*
1355 			 * @old_dir loses a link because we are moving
1356 			 * @old_inode to a different directory.
1357 			 */
1358 			drop_nlink(old_dir);
1359 			/*
1360 			 * @new_dir only gains a link if we are not also
1361 			 * overwriting an existing directory.
1362 			 */
1363 			if (!unlink)
1364 				inc_nlink(new_dir);
1365 		} else {
1366 			/*
1367 			 * @old_inode is not moving to a different directory,
1368 			 * but @old_dir still loses a link if we are
1369 			 * overwriting an existing directory.
1370 			 */
1371 			if (unlink)
1372 				drop_nlink(old_dir);
1373 		}
1374 	}
1375 
1376 	old_dir->i_size -= old_sz;
1377 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1378 	old_dir->i_mtime = old_dir->i_ctime = time;
1379 	new_dir->i_mtime = new_dir->i_ctime = time;
1380 
1381 	/*
1382 	 * And finally, if we unlinked a direntry which happened to have the
1383 	 * same name as the moved direntry, we have to decrement @i_nlink of
1384 	 * the unlinked inode and change its ctime.
1385 	 */
1386 	if (unlink) {
1387 		/*
1388 		 * Directories cannot have hard-links, so if this is a
1389 		 * directory, just clear @i_nlink.
1390 		 */
1391 		saved_nlink = new_inode->i_nlink;
1392 		if (is_dir)
1393 			clear_nlink(new_inode);
1394 		else
1395 			drop_nlink(new_inode);
1396 		new_inode->i_ctime = time;
1397 	} else {
1398 		new_dir->i_size += new_sz;
1399 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1400 	}
1401 
1402 	/*
1403 	 * Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode
1404 	 * is dirty, because this will be done later on at the end of
1405 	 * 'ubifs_rename()'.
1406 	 */
1407 	if (IS_SYNC(old_inode)) {
1408 		sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1409 		if (unlink && IS_SYNC(new_inode))
1410 			sync = 1;
1411 	}
1412 
1413 	if (whiteout) {
1414 		struct ubifs_budget_req wht_req = { .dirtied_ino = 1,
1415 				.dirtied_ino_d = \
1416 				ALIGN(ubifs_inode(whiteout)->data_len, 8) };
1417 
1418 		err = ubifs_budget_space(c, &wht_req);
1419 		if (err) {
1420 			kfree(whiteout_ui->data);
1421 			whiteout_ui->data_len = 0;
1422 			iput(whiteout);
1423 			goto out_release;
1424 		}
1425 
1426 		inc_nlink(whiteout);
1427 		mark_inode_dirty(whiteout);
1428 		whiteout->i_state &= ~I_LINKABLE;
1429 		iput(whiteout);
1430 	}
1431 
1432 	err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
1433 			       new_inode, &new_nm, whiteout, sync);
1434 	if (err)
1435 		goto out_cancel;
1436 
1437 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1438 	ubifs_release_budget(c, &req);
1439 
1440 	mutex_lock(&old_inode_ui->ui_mutex);
1441 	release = old_inode_ui->dirty;
1442 	mark_inode_dirty_sync(old_inode);
1443 	mutex_unlock(&old_inode_ui->ui_mutex);
1444 
1445 	if (release)
1446 		ubifs_release_budget(c, &ino_req);
1447 	if (IS_SYNC(old_inode))
1448 		err = old_inode->i_sb->s_op->write_inode(old_inode, NULL);
1449 
1450 	fscrypt_free_filename(&old_nm);
1451 	fscrypt_free_filename(&new_nm);
1452 	return err;
1453 
1454 out_cancel:
1455 	if (unlink) {
1456 		set_nlink(new_inode, saved_nlink);
1457 	} else {
1458 		new_dir->i_size -= new_sz;
1459 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1460 	}
1461 	old_dir->i_size += old_sz;
1462 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1463 	if (is_dir) {
1464 		if (move) {
1465 			inc_nlink(old_dir);
1466 			if (!unlink)
1467 				drop_nlink(new_dir);
1468 		} else {
1469 			if (unlink)
1470 				inc_nlink(old_dir);
1471 		}
1472 	}
1473 	if (whiteout) {
1474 		drop_nlink(whiteout);
1475 		iput(whiteout);
1476 	}
1477 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1478 out_release:
1479 	ubifs_release_budget(c, &ino_req);
1480 	ubifs_release_budget(c, &req);
1481 	fscrypt_free_filename(&old_nm);
1482 	fscrypt_free_filename(&new_nm);
1483 	return err;
1484 }
1485 
1486 static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry,
1487 			struct inode *new_dir, struct dentry *new_dentry)
1488 {
1489 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1490 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1491 				.dirtied_ino = 2 };
1492 	int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1493 	struct inode *fst_inode = d_inode(old_dentry);
1494 	struct inode *snd_inode = d_inode(new_dentry);
1495 	struct timespec64 time;
1496 	int err;
1497 	struct fscrypt_name fst_nm, snd_nm;
1498 
1499 	ubifs_assert(c, fst_inode && snd_inode);
1500 
1501 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm);
1502 	if (err)
1503 		return err;
1504 
1505 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm);
1506 	if (err) {
1507 		fscrypt_free_filename(&fst_nm);
1508 		return err;
1509 	}
1510 
1511 	lock_4_inodes(old_dir, new_dir, NULL, NULL);
1512 
1513 	time = current_time(old_dir);
1514 	fst_inode->i_ctime = time;
1515 	snd_inode->i_ctime = time;
1516 	old_dir->i_mtime = old_dir->i_ctime = time;
1517 	new_dir->i_mtime = new_dir->i_ctime = time;
1518 
1519 	if (old_dir != new_dir) {
1520 		if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) {
1521 			inc_nlink(new_dir);
1522 			drop_nlink(old_dir);
1523 		}
1524 		else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) {
1525 			drop_nlink(new_dir);
1526 			inc_nlink(old_dir);
1527 		}
1528 	}
1529 
1530 	err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir,
1531 				snd_inode, &snd_nm, sync);
1532 
1533 	unlock_4_inodes(old_dir, new_dir, NULL, NULL);
1534 	ubifs_release_budget(c, &req);
1535 
1536 	fscrypt_free_filename(&fst_nm);
1537 	fscrypt_free_filename(&snd_nm);
1538 	return err;
1539 }
1540 
1541 static int ubifs_rename(struct inode *old_dir, struct dentry *old_dentry,
1542 			struct inode *new_dir, struct dentry *new_dentry,
1543 			unsigned int flags)
1544 {
1545 	int err;
1546 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1547 
1548 	if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE))
1549 		return -EINVAL;
1550 
1551 	ubifs_assert(c, inode_is_locked(old_dir));
1552 	ubifs_assert(c, inode_is_locked(new_dir));
1553 
1554 	err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
1555 				     flags);
1556 	if (err)
1557 		return err;
1558 
1559 	if (flags & RENAME_EXCHANGE)
1560 		return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry);
1561 
1562 	return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
1563 }
1564 
1565 int ubifs_getattr(const struct path *path, struct kstat *stat,
1566 		  u32 request_mask, unsigned int flags)
1567 {
1568 	loff_t size;
1569 	struct inode *inode = d_inode(path->dentry);
1570 	struct ubifs_inode *ui = ubifs_inode(inode);
1571 
1572 	mutex_lock(&ui->ui_mutex);
1573 
1574 	if (ui->flags & UBIFS_APPEND_FL)
1575 		stat->attributes |= STATX_ATTR_APPEND;
1576 	if (ui->flags & UBIFS_COMPR_FL)
1577 		stat->attributes |= STATX_ATTR_COMPRESSED;
1578 	if (ui->flags & UBIFS_CRYPT_FL)
1579 		stat->attributes |= STATX_ATTR_ENCRYPTED;
1580 	if (ui->flags & UBIFS_IMMUTABLE_FL)
1581 		stat->attributes |= STATX_ATTR_IMMUTABLE;
1582 
1583 	stat->attributes_mask |= (STATX_ATTR_APPEND |
1584 				STATX_ATTR_COMPRESSED |
1585 				STATX_ATTR_ENCRYPTED |
1586 				STATX_ATTR_IMMUTABLE);
1587 
1588 	generic_fillattr(inode, stat);
1589 	stat->blksize = UBIFS_BLOCK_SIZE;
1590 	stat->size = ui->ui_size;
1591 
1592 	/*
1593 	 * Unfortunately, the 'stat()' system call was designed for block
1594 	 * device based file systems, and it is not appropriate for UBIFS,
1595 	 * because UBIFS does not have notion of "block". For example, it is
1596 	 * difficult to tell how many block a directory takes - it actually
1597 	 * takes less than 300 bytes, but we have to round it to block size,
1598 	 * which introduces large mistake. This makes utilities like 'du' to
1599 	 * report completely senseless numbers. This is the reason why UBIFS
1600 	 * goes the same way as JFFS2 - it reports zero blocks for everything
1601 	 * but regular files, which makes more sense than reporting completely
1602 	 * wrong sizes.
1603 	 */
1604 	if (S_ISREG(inode->i_mode)) {
1605 		size = ui->xattr_size;
1606 		size += stat->size;
1607 		size = ALIGN(size, UBIFS_BLOCK_SIZE);
1608 		/*
1609 		 * Note, user-space expects 512-byte blocks count irrespectively
1610 		 * of what was reported in @stat->size.
1611 		 */
1612 		stat->blocks = size >> 9;
1613 	} else
1614 		stat->blocks = 0;
1615 	mutex_unlock(&ui->ui_mutex);
1616 	return 0;
1617 }
1618 
1619 static int ubifs_dir_open(struct inode *dir, struct file *file)
1620 {
1621 	if (IS_ENCRYPTED(dir))
1622 		return fscrypt_get_encryption_info(dir) ? -EACCES : 0;
1623 
1624 	return 0;
1625 }
1626 
1627 const struct inode_operations ubifs_dir_inode_operations = {
1628 	.lookup      = ubifs_lookup,
1629 	.create      = ubifs_create,
1630 	.link        = ubifs_link,
1631 	.symlink     = ubifs_symlink,
1632 	.unlink      = ubifs_unlink,
1633 	.mkdir       = ubifs_mkdir,
1634 	.rmdir       = ubifs_rmdir,
1635 	.mknod       = ubifs_mknod,
1636 	.rename      = ubifs_rename,
1637 	.setattr     = ubifs_setattr,
1638 	.getattr     = ubifs_getattr,
1639 #ifdef CONFIG_UBIFS_FS_XATTR
1640 	.listxattr   = ubifs_listxattr,
1641 #endif
1642 	.update_time = ubifs_update_time,
1643 	.tmpfile     = ubifs_tmpfile,
1644 };
1645 
1646 const struct file_operations ubifs_dir_operations = {
1647 	.llseek         = generic_file_llseek,
1648 	.release        = ubifs_dir_release,
1649 	.read           = generic_read_dir,
1650 	.iterate_shared = ubifs_readdir,
1651 	.fsync          = ubifs_fsync,
1652 	.unlocked_ioctl = ubifs_ioctl,
1653 	.open		= ubifs_dir_open,
1654 #ifdef CONFIG_COMPAT
1655 	.compat_ioctl   = ubifs_compat_ioctl,
1656 #endif
1657 };
1658