xref: /openbmc/linux/fs/xfs/xfs_attr_item.c (revision 6548d543)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Copyright (C) 2022 Oracle.  All Rights Reserved.
4  * Author: Allison Henderson <allison.henderson@oracle.com>
5  */
6 
7 #include "xfs.h"
8 #include "xfs_fs.h"
9 #include "xfs_format.h"
10 #include "xfs_trans_resv.h"
11 #include "xfs_shared.h"
12 #include "xfs_mount.h"
13 #include "xfs_defer.h"
14 #include "xfs_log_format.h"
15 #include "xfs_trans.h"
16 #include "xfs_bmap_btree.h"
17 #include "xfs_trans_priv.h"
18 #include "xfs_log.h"
19 #include "xfs_inode.h"
20 #include "xfs_da_format.h"
21 #include "xfs_da_btree.h"
22 #include "xfs_attr.h"
23 #include "xfs_attr_item.h"
24 #include "xfs_trace.h"
25 #include "xfs_trans_space.h"
26 #include "xfs_errortag.h"
27 #include "xfs_error.h"
28 #include "xfs_log_priv.h"
29 #include "xfs_log_recover.h"
30 
31 struct kmem_cache		*xfs_attri_cache;
32 struct kmem_cache		*xfs_attrd_cache;
33 
34 static const struct xfs_item_ops xfs_attri_item_ops;
35 static const struct xfs_item_ops xfs_attrd_item_ops;
36 static struct xfs_attrd_log_item *xfs_trans_get_attrd(struct xfs_trans *tp,
37 					struct xfs_attri_log_item *attrip);
38 
39 static inline struct xfs_attri_log_item *ATTRI_ITEM(struct xfs_log_item *lip)
40 {
41 	return container_of(lip, struct xfs_attri_log_item, attri_item);
42 }
43 
44 /*
45  * Shared xattr name/value buffers for logged extended attribute operations
46  *
47  * When logging updates to extended attributes, we can create quite a few
48  * attribute log intent items for a single xattr update.  To avoid cycling the
49  * memory allocator and memcpy overhead, the name (and value, for setxattr)
50  * are kept in a refcounted object that is shared across all related log items
51  * and the upper-level deferred work state structure.  The shared buffer has
52  * a control structure, followed by the name, and then the value.
53  */
54 
55 static inline struct xfs_attri_log_nameval *
56 xfs_attri_log_nameval_get(
57 	struct xfs_attri_log_nameval	*nv)
58 {
59 	if (!refcount_inc_not_zero(&nv->refcount))
60 		return NULL;
61 	return nv;
62 }
63 
64 static inline void
65 xfs_attri_log_nameval_put(
66 	struct xfs_attri_log_nameval	*nv)
67 {
68 	if (!nv)
69 		return;
70 	if (refcount_dec_and_test(&nv->refcount))
71 		kvfree(nv);
72 }
73 
74 static inline struct xfs_attri_log_nameval *
75 xfs_attri_log_nameval_alloc(
76 	const void			*name,
77 	unsigned int			name_len,
78 	const void			*value,
79 	unsigned int			value_len)
80 {
81 	struct xfs_attri_log_nameval	*nv;
82 
83 	/*
84 	 * This could be over 64kB in length, so we have to use kvmalloc() for
85 	 * this. But kvmalloc() utterly sucks, so we use our own version.
86 	 */
87 	nv = xlog_kvmalloc(sizeof(struct xfs_attri_log_nameval) +
88 					name_len + value_len);
89 
90 	nv->name.i_addr = nv + 1;
91 	nv->name.i_len = name_len;
92 	nv->name.i_type = XLOG_REG_TYPE_ATTR_NAME;
93 	memcpy(nv->name.i_addr, name, name_len);
94 
95 	if (value_len) {
96 		nv->value.i_addr = nv->name.i_addr + name_len;
97 		nv->value.i_len = value_len;
98 		memcpy(nv->value.i_addr, value, value_len);
99 	} else {
100 		nv->value.i_addr = NULL;
101 		nv->value.i_len = 0;
102 	}
103 	nv->value.i_type = XLOG_REG_TYPE_ATTR_VALUE;
104 
105 	refcount_set(&nv->refcount, 1);
106 	return nv;
107 }
108 
109 STATIC void
110 xfs_attri_item_free(
111 	struct xfs_attri_log_item	*attrip)
112 {
113 	kmem_free(attrip->attri_item.li_lv_shadow);
114 	xfs_attri_log_nameval_put(attrip->attri_nameval);
115 	kmem_cache_free(xfs_attri_cache, attrip);
116 }
117 
118 /*
119  * Freeing the attrip requires that we remove it from the AIL if it has already
120  * been placed there. However, the ATTRI may not yet have been placed in the
121  * AIL when called by xfs_attri_release() from ATTRD processing due to the
122  * ordering of committed vs unpin operations in bulk insert operations. Hence
123  * the reference count to ensure only the last caller frees the ATTRI.
124  */
125 STATIC void
126 xfs_attri_release(
127 	struct xfs_attri_log_item	*attrip)
128 {
129 	ASSERT(atomic_read(&attrip->attri_refcount) > 0);
130 	if (!atomic_dec_and_test(&attrip->attri_refcount))
131 		return;
132 
133 	xfs_trans_ail_delete(&attrip->attri_item, 0);
134 	xfs_attri_item_free(attrip);
135 }
136 
137 STATIC void
138 xfs_attri_item_size(
139 	struct xfs_log_item		*lip,
140 	int				*nvecs,
141 	int				*nbytes)
142 {
143 	struct xfs_attri_log_item       *attrip = ATTRI_ITEM(lip);
144 	struct xfs_attri_log_nameval	*nv = attrip->attri_nameval;
145 
146 	*nvecs += 2;
147 	*nbytes += sizeof(struct xfs_attri_log_format) +
148 			xlog_calc_iovec_len(nv->name.i_len);
149 
150 	if (!nv->value.i_len)
151 		return;
152 
153 	*nvecs += 1;
154 	*nbytes += xlog_calc_iovec_len(nv->value.i_len);
155 }
156 
157 /*
158  * This is called to fill in the log iovecs for the given attri log
159  * item. We use  1 iovec for the attri_format_item, 1 for the name, and
160  * another for the value if it is present
161  */
162 STATIC void
163 xfs_attri_item_format(
164 	struct xfs_log_item		*lip,
165 	struct xfs_log_vec		*lv)
166 {
167 	struct xfs_attri_log_item	*attrip = ATTRI_ITEM(lip);
168 	struct xfs_log_iovec		*vecp = NULL;
169 	struct xfs_attri_log_nameval	*nv = attrip->attri_nameval;
170 
171 	attrip->attri_format.alfi_type = XFS_LI_ATTRI;
172 	attrip->attri_format.alfi_size = 1;
173 
174 	/*
175 	 * This size accounting must be done before copying the attrip into the
176 	 * iovec.  If we do it after, the wrong size will be recorded to the log
177 	 * and we trip across assertion checks for bad region sizes later during
178 	 * the log recovery.
179 	 */
180 
181 	ASSERT(nv->name.i_len > 0);
182 	attrip->attri_format.alfi_size++;
183 
184 	if (nv->value.i_len > 0)
185 		attrip->attri_format.alfi_size++;
186 
187 	xlog_copy_iovec(lv, &vecp, XLOG_REG_TYPE_ATTRI_FORMAT,
188 			&attrip->attri_format,
189 			sizeof(struct xfs_attri_log_format));
190 	xlog_copy_from_iovec(lv, &vecp, &nv->name);
191 	if (nv->value.i_len > 0)
192 		xlog_copy_from_iovec(lv, &vecp, &nv->value);
193 }
194 
195 /*
196  * The unpin operation is the last place an ATTRI is manipulated in the log. It
197  * is either inserted in the AIL or aborted in the event of a log I/O error. In
198  * either case, the ATTRI transaction has been successfully committed to make
199  * it this far. Therefore, we expect whoever committed the ATTRI to either
200  * construct and commit the ATTRD or drop the ATTRD's reference in the event of
201  * error. Simply drop the log's ATTRI reference now that the log is done with
202  * it.
203  */
204 STATIC void
205 xfs_attri_item_unpin(
206 	struct xfs_log_item	*lip,
207 	int			remove)
208 {
209 	xfs_attri_release(ATTRI_ITEM(lip));
210 }
211 
212 
213 STATIC void
214 xfs_attri_item_release(
215 	struct xfs_log_item	*lip)
216 {
217 	xfs_attri_release(ATTRI_ITEM(lip));
218 }
219 
220 /*
221  * Allocate and initialize an attri item.  Caller may allocate an additional
222  * trailing buffer for name and value
223  */
224 STATIC struct xfs_attri_log_item *
225 xfs_attri_init(
226 	struct xfs_mount		*mp,
227 	struct xfs_attri_log_nameval	*nv)
228 {
229 	struct xfs_attri_log_item	*attrip;
230 
231 	attrip = kmem_cache_zalloc(xfs_attri_cache, GFP_NOFS | __GFP_NOFAIL);
232 
233 	/*
234 	 * Grab an extra reference to the name/value buffer for this log item.
235 	 * The caller retains its own reference!
236 	 */
237 	attrip->attri_nameval = xfs_attri_log_nameval_get(nv);
238 	ASSERT(attrip->attri_nameval);
239 
240 	xfs_log_item_init(mp, &attrip->attri_item, XFS_LI_ATTRI,
241 			  &xfs_attri_item_ops);
242 	attrip->attri_format.alfi_id = (uintptr_t)(void *)attrip;
243 	atomic_set(&attrip->attri_refcount, 2);
244 
245 	return attrip;
246 }
247 
248 static inline struct xfs_attrd_log_item *ATTRD_ITEM(struct xfs_log_item *lip)
249 {
250 	return container_of(lip, struct xfs_attrd_log_item, attrd_item);
251 }
252 
253 STATIC void
254 xfs_attrd_item_free(struct xfs_attrd_log_item *attrdp)
255 {
256 	kmem_free(attrdp->attrd_item.li_lv_shadow);
257 	kmem_cache_free(xfs_attrd_cache, attrdp);
258 }
259 
260 STATIC void
261 xfs_attrd_item_size(
262 	struct xfs_log_item		*lip,
263 	int				*nvecs,
264 	int				*nbytes)
265 {
266 	*nvecs += 1;
267 	*nbytes += sizeof(struct xfs_attrd_log_format);
268 }
269 
270 /*
271  * This is called to fill in the log iovecs for the given attrd log item. We use
272  * only 1 iovec for the attrd_format, and we point that at the attr_log_format
273  * structure embedded in the attrd item.
274  */
275 STATIC void
276 xfs_attrd_item_format(
277 	struct xfs_log_item	*lip,
278 	struct xfs_log_vec	*lv)
279 {
280 	struct xfs_attrd_log_item	*attrdp = ATTRD_ITEM(lip);
281 	struct xfs_log_iovec		*vecp = NULL;
282 
283 	attrdp->attrd_format.alfd_type = XFS_LI_ATTRD;
284 	attrdp->attrd_format.alfd_size = 1;
285 
286 	xlog_copy_iovec(lv, &vecp, XLOG_REG_TYPE_ATTRD_FORMAT,
287 			&attrdp->attrd_format,
288 			sizeof(struct xfs_attrd_log_format));
289 }
290 
291 /*
292  * The ATTRD is either committed or aborted if the transaction is canceled. If
293  * the transaction is canceled, drop our reference to the ATTRI and free the
294  * ATTRD.
295  */
296 STATIC void
297 xfs_attrd_item_release(
298 	struct xfs_log_item		*lip)
299 {
300 	struct xfs_attrd_log_item	*attrdp = ATTRD_ITEM(lip);
301 
302 	xfs_attri_release(attrdp->attrd_attrip);
303 	xfs_attrd_item_free(attrdp);
304 }
305 
306 static struct xfs_log_item *
307 xfs_attrd_item_intent(
308 	struct xfs_log_item	*lip)
309 {
310 	return &ATTRD_ITEM(lip)->attrd_attrip->attri_item;
311 }
312 
313 /*
314  * Performs one step of an attribute update intent and marks the attrd item
315  * dirty..  An attr operation may be a set or a remove.  Note that the
316  * transaction is marked dirty regardless of whether the operation succeeds or
317  * fails to support the ATTRI/ATTRD lifecycle rules.
318  */
319 STATIC int
320 xfs_xattri_finish_update(
321 	struct xfs_attr_intent		*attr,
322 	struct xfs_attrd_log_item	*attrdp)
323 {
324 	struct xfs_da_args		*args = attr->xattri_da_args;
325 	int				error;
326 
327 	if (XFS_TEST_ERROR(false, args->dp->i_mount, XFS_ERRTAG_LARP)) {
328 		error = -EIO;
329 		goto out;
330 	}
331 
332 	/* If an attr removal is trivially complete, we're done. */
333 	if (attr->xattri_op_flags == XFS_ATTRI_OP_FLAGS_REMOVE &&
334 	    !xfs_inode_hasattr(args->dp)) {
335 		error = 0;
336 		goto out;
337 	}
338 
339 	error = xfs_attr_set_iter(attr);
340 	if (!error && attr->xattri_dela_state != XFS_DAS_DONE)
341 		error = -EAGAIN;
342 out:
343 	/*
344 	 * Mark the transaction dirty, even on error. This ensures the
345 	 * transaction is aborted, which:
346 	 *
347 	 * 1.) releases the ATTRI and frees the ATTRD
348 	 * 2.) shuts down the filesystem
349 	 */
350 	args->trans->t_flags |= XFS_TRANS_DIRTY | XFS_TRANS_HAS_INTENT_DONE;
351 
352 	/*
353 	 * attr intent/done items are null when logged attributes are disabled
354 	 */
355 	if (attrdp)
356 		set_bit(XFS_LI_DIRTY, &attrdp->attrd_item.li_flags);
357 
358 	return error;
359 }
360 
361 /* Log an attr to the intent item. */
362 STATIC void
363 xfs_attr_log_item(
364 	struct xfs_trans		*tp,
365 	struct xfs_attri_log_item	*attrip,
366 	const struct xfs_attr_intent	*attr)
367 {
368 	struct xfs_attri_log_format	*attrp;
369 
370 	tp->t_flags |= XFS_TRANS_DIRTY;
371 	set_bit(XFS_LI_DIRTY, &attrip->attri_item.li_flags);
372 
373 	/*
374 	 * At this point the xfs_attr_intent has been constructed, and we've
375 	 * created the log intent. Fill in the attri log item and log format
376 	 * structure with fields from this xfs_attr_intent
377 	 */
378 	attrp = &attrip->attri_format;
379 	attrp->alfi_ino = attr->xattri_da_args->dp->i_ino;
380 	ASSERT(!(attr->xattri_op_flags & ~XFS_ATTRI_OP_FLAGS_TYPE_MASK));
381 	attrp->alfi_op_flags = attr->xattri_op_flags;
382 	attrp->alfi_value_len = attr->xattri_nameval->value.i_len;
383 	attrp->alfi_name_len = attr->xattri_nameval->name.i_len;
384 	ASSERT(!(attr->xattri_da_args->attr_filter & ~XFS_ATTRI_FILTER_MASK));
385 	attrp->alfi_attr_filter = attr->xattri_da_args->attr_filter;
386 }
387 
388 /* Get an ATTRI. */
389 static struct xfs_log_item *
390 xfs_attr_create_intent(
391 	struct xfs_trans		*tp,
392 	struct list_head		*items,
393 	unsigned int			count,
394 	bool				sort)
395 {
396 	struct xfs_mount		*mp = tp->t_mountp;
397 	struct xfs_attri_log_item	*attrip;
398 	struct xfs_attr_intent		*attr;
399 	struct xfs_da_args		*args;
400 
401 	ASSERT(count == 1);
402 
403 	/*
404 	 * Each attr item only performs one attribute operation at a time, so
405 	 * this is a list of one
406 	 */
407 	attr = list_first_entry_or_null(items, struct xfs_attr_intent,
408 			xattri_list);
409 	args = attr->xattri_da_args;
410 
411 	if (!(args->op_flags & XFS_DA_OP_LOGGED))
412 		return NULL;
413 
414 	/*
415 	 * Create a buffer to store the attribute name and value.  This buffer
416 	 * will be shared between the higher level deferred xattr work state
417 	 * and the lower level xattr log items.
418 	 */
419 	if (!attr->xattri_nameval) {
420 		/*
421 		 * Transfer our reference to the name/value buffer to the
422 		 * deferred work state structure.
423 		 */
424 		attr->xattri_nameval = xfs_attri_log_nameval_alloc(args->name,
425 				args->namelen, args->value, args->valuelen);
426 	}
427 
428 	attrip = xfs_attri_init(mp, attr->xattri_nameval);
429 	xfs_trans_add_item(tp, &attrip->attri_item);
430 	xfs_attr_log_item(tp, attrip, attr);
431 
432 	return &attrip->attri_item;
433 }
434 
435 static inline void
436 xfs_attr_free_item(
437 	struct xfs_attr_intent		*attr)
438 {
439 	if (attr->xattri_da_state)
440 		xfs_da_state_free(attr->xattri_da_state);
441 	xfs_attri_log_nameval_put(attr->xattri_nameval);
442 	if (attr->xattri_da_args->op_flags & XFS_DA_OP_RECOVERY)
443 		kmem_free(attr);
444 	else
445 		kmem_cache_free(xfs_attr_intent_cache, attr);
446 }
447 
448 /* Process an attr. */
449 STATIC int
450 xfs_attr_finish_item(
451 	struct xfs_trans		*tp,
452 	struct xfs_log_item		*done,
453 	struct list_head		*item,
454 	struct xfs_btree_cur		**state)
455 {
456 	struct xfs_attr_intent		*attr;
457 	struct xfs_attrd_log_item	*done_item = NULL;
458 	int				error;
459 
460 	attr = container_of(item, struct xfs_attr_intent, xattri_list);
461 	if (done)
462 		done_item = ATTRD_ITEM(done);
463 
464 	/*
465 	 * Always reset trans after EAGAIN cycle
466 	 * since the transaction is new
467 	 */
468 	attr->xattri_da_args->trans = tp;
469 
470 	error = xfs_xattri_finish_update(attr, done_item);
471 	if (error != -EAGAIN)
472 		xfs_attr_free_item(attr);
473 
474 	return error;
475 }
476 
477 /* Abort all pending ATTRs. */
478 STATIC void
479 xfs_attr_abort_intent(
480 	struct xfs_log_item		*intent)
481 {
482 	xfs_attri_release(ATTRI_ITEM(intent));
483 }
484 
485 /* Cancel an attr */
486 STATIC void
487 xfs_attr_cancel_item(
488 	struct list_head		*item)
489 {
490 	struct xfs_attr_intent		*attr;
491 
492 	attr = container_of(item, struct xfs_attr_intent, xattri_list);
493 	xfs_attr_free_item(attr);
494 }
495 
496 STATIC bool
497 xfs_attri_item_match(
498 	struct xfs_log_item	*lip,
499 	uint64_t		intent_id)
500 {
501 	return ATTRI_ITEM(lip)->attri_format.alfi_id == intent_id;
502 }
503 
504 /* Is this recovered ATTRI format ok? */
505 static inline bool
506 xfs_attri_validate(
507 	struct xfs_mount		*mp,
508 	struct xfs_attri_log_format	*attrp)
509 {
510 	unsigned int			op = attrp->alfi_op_flags &
511 					     XFS_ATTRI_OP_FLAGS_TYPE_MASK;
512 
513 	if (attrp->__pad != 0)
514 		return false;
515 
516 	if (attrp->alfi_op_flags & ~XFS_ATTRI_OP_FLAGS_TYPE_MASK)
517 		return false;
518 
519 	if (attrp->alfi_attr_filter & ~XFS_ATTRI_FILTER_MASK)
520 		return false;
521 
522 	/* alfi_op_flags should be either a set or remove */
523 	switch (op) {
524 	case XFS_ATTRI_OP_FLAGS_SET:
525 	case XFS_ATTRI_OP_FLAGS_REPLACE:
526 	case XFS_ATTRI_OP_FLAGS_REMOVE:
527 		break;
528 	default:
529 		return false;
530 	}
531 
532 	if (attrp->alfi_value_len > XATTR_SIZE_MAX)
533 		return false;
534 
535 	if ((attrp->alfi_name_len > XATTR_NAME_MAX) ||
536 	    (attrp->alfi_name_len == 0))
537 		return false;
538 
539 	return xfs_verify_ino(mp, attrp->alfi_ino);
540 }
541 
542 /*
543  * Process an attr intent item that was recovered from the log.  We need to
544  * delete the attr that it describes.
545  */
546 STATIC int
547 xfs_attri_item_recover(
548 	struct xfs_defer_pending	*dfp,
549 	struct list_head		*capture_list)
550 {
551 	struct xfs_log_item		*lip = dfp->dfp_intent;
552 	struct xfs_attri_log_item	*attrip = ATTRI_ITEM(lip);
553 	struct xfs_attr_intent		*attr;
554 	struct xfs_mount		*mp = lip->li_log->l_mp;
555 	struct xfs_inode		*ip;
556 	struct xfs_da_args		*args;
557 	struct xfs_trans		*tp;
558 	struct xfs_trans_res		resv;
559 	struct xfs_attri_log_format	*attrp;
560 	struct xfs_attri_log_nameval	*nv = attrip->attri_nameval;
561 	int				error;
562 	int				total;
563 	int				local;
564 	struct xfs_attrd_log_item	*done_item = NULL;
565 
566 	/*
567 	 * First check the validity of the attr described by the ATTRI.  If any
568 	 * are bad, then assume that all are bad and just toss the ATTRI.
569 	 */
570 	attrp = &attrip->attri_format;
571 	if (!xfs_attri_validate(mp, attrp) ||
572 	    !xfs_attr_namecheck(nv->name.i_addr, nv->name.i_len))
573 		return -EFSCORRUPTED;
574 
575 	error = xlog_recover_iget(mp,  attrp->alfi_ino, &ip);
576 	if (error)
577 		return error;
578 
579 	attr = kmem_zalloc(sizeof(struct xfs_attr_intent) +
580 			   sizeof(struct xfs_da_args), KM_NOFS);
581 	args = (struct xfs_da_args *)(attr + 1);
582 
583 	attr->xattri_da_args = args;
584 	attr->xattri_op_flags = attrp->alfi_op_flags &
585 						XFS_ATTRI_OP_FLAGS_TYPE_MASK;
586 
587 	/*
588 	 * We're reconstructing the deferred work state structure from the
589 	 * recovered log item.  Grab a reference to the name/value buffer and
590 	 * attach it to the new work state.
591 	 */
592 	attr->xattri_nameval = xfs_attri_log_nameval_get(nv);
593 	ASSERT(attr->xattri_nameval);
594 
595 	args->dp = ip;
596 	args->geo = mp->m_attr_geo;
597 	args->whichfork = XFS_ATTR_FORK;
598 	args->name = nv->name.i_addr;
599 	args->namelen = nv->name.i_len;
600 	args->hashval = xfs_da_hashname(args->name, args->namelen);
601 	args->attr_filter = attrp->alfi_attr_filter & XFS_ATTRI_FILTER_MASK;
602 	args->op_flags = XFS_DA_OP_RECOVERY | XFS_DA_OP_OKNOENT |
603 			 XFS_DA_OP_LOGGED;
604 
605 	ASSERT(xfs_sb_version_haslogxattrs(&mp->m_sb));
606 
607 	switch (attr->xattri_op_flags) {
608 	case XFS_ATTRI_OP_FLAGS_SET:
609 	case XFS_ATTRI_OP_FLAGS_REPLACE:
610 		args->value = nv->value.i_addr;
611 		args->valuelen = nv->value.i_len;
612 		args->total = xfs_attr_calc_size(args, &local);
613 		if (xfs_inode_hasattr(args->dp))
614 			attr->xattri_dela_state = xfs_attr_init_replace_state(args);
615 		else
616 			attr->xattri_dela_state = xfs_attr_init_add_state(args);
617 		break;
618 	case XFS_ATTRI_OP_FLAGS_REMOVE:
619 		attr->xattri_dela_state = xfs_attr_init_remove_state(args);
620 		break;
621 	default:
622 		ASSERT(0);
623 		error = -EFSCORRUPTED;
624 		goto out;
625 	}
626 
627 	xfs_init_attr_trans(args, &resv, &total);
628 	resv = xlog_recover_resv(&resv);
629 	error = xfs_trans_alloc(mp, &resv, total, 0, XFS_TRANS_RESERVE, &tp);
630 	if (error)
631 		goto out;
632 
633 	args->trans = tp;
634 	done_item = xfs_trans_get_attrd(tp, attrip);
635 	xlog_recover_transfer_intent(tp, dfp);
636 
637 	xfs_ilock(ip, XFS_ILOCK_EXCL);
638 	xfs_trans_ijoin(tp, ip, 0);
639 
640 	error = xfs_xattri_finish_update(attr, done_item);
641 	if (error == -EAGAIN) {
642 		/*
643 		 * There's more work to do, so add the intent item to this
644 		 * transaction so that we can continue it later.
645 		 */
646 		xfs_defer_add(tp, XFS_DEFER_OPS_TYPE_ATTR, &attr->xattri_list);
647 		error = xfs_defer_ops_capture_and_commit(tp, capture_list);
648 		if (error)
649 			goto out_unlock;
650 
651 		xfs_iunlock(ip, XFS_ILOCK_EXCL);
652 		xfs_irele(ip);
653 		return 0;
654 	}
655 	if (error) {
656 		xfs_trans_cancel(tp);
657 		goto out_unlock;
658 	}
659 
660 	error = xfs_defer_ops_capture_and_commit(tp, capture_list);
661 out_unlock:
662 	xfs_iunlock(ip, XFS_ILOCK_EXCL);
663 	xfs_irele(ip);
664 out:
665 	xfs_attr_free_item(attr);
666 	return error;
667 }
668 
669 /* Re-log an intent item to push the log tail forward. */
670 static struct xfs_log_item *
671 xfs_attri_item_relog(
672 	struct xfs_log_item		*intent,
673 	struct xfs_trans		*tp)
674 {
675 	struct xfs_attrd_log_item	*attrdp;
676 	struct xfs_attri_log_item	*old_attrip;
677 	struct xfs_attri_log_item	*new_attrip;
678 	struct xfs_attri_log_format	*new_attrp;
679 	struct xfs_attri_log_format	*old_attrp;
680 
681 	old_attrip = ATTRI_ITEM(intent);
682 	old_attrp = &old_attrip->attri_format;
683 
684 	tp->t_flags |= XFS_TRANS_DIRTY;
685 	attrdp = xfs_trans_get_attrd(tp, old_attrip);
686 	set_bit(XFS_LI_DIRTY, &attrdp->attrd_item.li_flags);
687 
688 	/*
689 	 * Create a new log item that shares the same name/value buffer as the
690 	 * old log item.
691 	 */
692 	new_attrip = xfs_attri_init(tp->t_mountp, old_attrip->attri_nameval);
693 	new_attrp = &new_attrip->attri_format;
694 
695 	new_attrp->alfi_ino = old_attrp->alfi_ino;
696 	new_attrp->alfi_op_flags = old_attrp->alfi_op_flags;
697 	new_attrp->alfi_value_len = old_attrp->alfi_value_len;
698 	new_attrp->alfi_name_len = old_attrp->alfi_name_len;
699 	new_attrp->alfi_attr_filter = old_attrp->alfi_attr_filter;
700 
701 	xfs_trans_add_item(tp, &new_attrip->attri_item);
702 	set_bit(XFS_LI_DIRTY, &new_attrip->attri_item.li_flags);
703 
704 	return &new_attrip->attri_item;
705 }
706 
707 STATIC int
708 xlog_recover_attri_commit_pass2(
709 	struct xlog                     *log,
710 	struct list_head		*buffer_list,
711 	struct xlog_recover_item        *item,
712 	xfs_lsn_t                       lsn)
713 {
714 	struct xfs_mount                *mp = log->l_mp;
715 	struct xfs_attri_log_item       *attrip;
716 	struct xfs_attri_log_format     *attri_formatp;
717 	struct xfs_attri_log_nameval	*nv;
718 	const void			*attr_value = NULL;
719 	const void			*attr_name;
720 	size_t				len;
721 
722 	attri_formatp = item->ri_buf[0].i_addr;
723 	attr_name = item->ri_buf[1].i_addr;
724 
725 	/* Validate xfs_attri_log_format before the large memory allocation */
726 	len = sizeof(struct xfs_attri_log_format);
727 	if (item->ri_buf[0].i_len != len) {
728 		XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
729 				item->ri_buf[0].i_addr, item->ri_buf[0].i_len);
730 		return -EFSCORRUPTED;
731 	}
732 
733 	if (!xfs_attri_validate(mp, attri_formatp)) {
734 		XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
735 				item->ri_buf[0].i_addr, item->ri_buf[0].i_len);
736 		return -EFSCORRUPTED;
737 	}
738 
739 	/* Validate the attr name */
740 	if (item->ri_buf[1].i_len !=
741 			xlog_calc_iovec_len(attri_formatp->alfi_name_len)) {
742 		XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
743 				item->ri_buf[0].i_addr, item->ri_buf[0].i_len);
744 		return -EFSCORRUPTED;
745 	}
746 
747 	if (!xfs_attr_namecheck(attr_name, attri_formatp->alfi_name_len)) {
748 		XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
749 				item->ri_buf[1].i_addr, item->ri_buf[1].i_len);
750 		return -EFSCORRUPTED;
751 	}
752 
753 	/* Validate the attr value, if present */
754 	if (attri_formatp->alfi_value_len != 0) {
755 		if (item->ri_buf[2].i_len != xlog_calc_iovec_len(attri_formatp->alfi_value_len)) {
756 			XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
757 					item->ri_buf[0].i_addr,
758 					item->ri_buf[0].i_len);
759 			return -EFSCORRUPTED;
760 		}
761 
762 		attr_value = item->ri_buf[2].i_addr;
763 	}
764 
765 	/*
766 	 * Memory alloc failure will cause replay to abort.  We attach the
767 	 * name/value buffer to the recovered incore log item and drop our
768 	 * reference.
769 	 */
770 	nv = xfs_attri_log_nameval_alloc(attr_name,
771 			attri_formatp->alfi_name_len, attr_value,
772 			attri_formatp->alfi_value_len);
773 
774 	attrip = xfs_attri_init(mp, nv);
775 	memcpy(&attrip->attri_format, attri_formatp, len);
776 
777 	xlog_recover_intent_item(log, &attrip->attri_item, lsn,
778 			XFS_DEFER_OPS_TYPE_ATTR);
779 	xfs_attri_log_nameval_put(nv);
780 	return 0;
781 }
782 
783 /*
784  * This routine is called to allocate an "attr free done" log item.
785  */
786 static struct xfs_attrd_log_item *
787 xfs_trans_get_attrd(struct xfs_trans		*tp,
788 		  struct xfs_attri_log_item	*attrip)
789 {
790 	struct xfs_attrd_log_item		*attrdp;
791 
792 	ASSERT(tp != NULL);
793 
794 	attrdp = kmem_cache_zalloc(xfs_attrd_cache, GFP_NOFS | __GFP_NOFAIL);
795 
796 	xfs_log_item_init(tp->t_mountp, &attrdp->attrd_item, XFS_LI_ATTRD,
797 			  &xfs_attrd_item_ops);
798 	attrdp->attrd_attrip = attrip;
799 	attrdp->attrd_format.alfd_alf_id = attrip->attri_format.alfi_id;
800 
801 	xfs_trans_add_item(tp, &attrdp->attrd_item);
802 	return attrdp;
803 }
804 
805 /* Get an ATTRD so we can process all the attrs. */
806 static struct xfs_log_item *
807 xfs_attr_create_done(
808 	struct xfs_trans		*tp,
809 	struct xfs_log_item		*intent,
810 	unsigned int			count)
811 {
812 	if (!intent)
813 		return NULL;
814 
815 	return &xfs_trans_get_attrd(tp, ATTRI_ITEM(intent))->attrd_item;
816 }
817 
818 const struct xfs_defer_op_type xfs_attr_defer_type = {
819 	.max_items	= 1,
820 	.create_intent	= xfs_attr_create_intent,
821 	.abort_intent	= xfs_attr_abort_intent,
822 	.create_done	= xfs_attr_create_done,
823 	.finish_item	= xfs_attr_finish_item,
824 	.cancel_item	= xfs_attr_cancel_item,
825 };
826 
827 /*
828  * This routine is called when an ATTRD format structure is found in a committed
829  * transaction in the log. Its purpose is to cancel the corresponding ATTRI if
830  * it was still in the log. To do this it searches the AIL for the ATTRI with
831  * an id equal to that in the ATTRD format structure. If we find it we drop
832  * the ATTRD reference, which removes the ATTRI from the AIL and frees it.
833  */
834 STATIC int
835 xlog_recover_attrd_commit_pass2(
836 	struct xlog			*log,
837 	struct list_head		*buffer_list,
838 	struct xlog_recover_item	*item,
839 	xfs_lsn_t			lsn)
840 {
841 	struct xfs_attrd_log_format	*attrd_formatp;
842 
843 	attrd_formatp = item->ri_buf[0].i_addr;
844 	if (item->ri_buf[0].i_len != sizeof(struct xfs_attrd_log_format)) {
845 		XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, log->l_mp,
846 				item->ri_buf[0].i_addr, item->ri_buf[0].i_len);
847 		return -EFSCORRUPTED;
848 	}
849 
850 	xlog_recover_release_intent(log, XFS_LI_ATTRI,
851 				    attrd_formatp->alfd_alf_id);
852 	return 0;
853 }
854 
855 static const struct xfs_item_ops xfs_attri_item_ops = {
856 	.flags		= XFS_ITEM_INTENT,
857 	.iop_size	= xfs_attri_item_size,
858 	.iop_format	= xfs_attri_item_format,
859 	.iop_unpin	= xfs_attri_item_unpin,
860 	.iop_release    = xfs_attri_item_release,
861 	.iop_recover	= xfs_attri_item_recover,
862 	.iop_match	= xfs_attri_item_match,
863 	.iop_relog	= xfs_attri_item_relog,
864 };
865 
866 const struct xlog_recover_item_ops xlog_attri_item_ops = {
867 	.item_type	= XFS_LI_ATTRI,
868 	.commit_pass2	= xlog_recover_attri_commit_pass2,
869 };
870 
871 static const struct xfs_item_ops xfs_attrd_item_ops = {
872 	.flags		= XFS_ITEM_RELEASE_WHEN_COMMITTED |
873 			  XFS_ITEM_INTENT_DONE,
874 	.iop_size	= xfs_attrd_item_size,
875 	.iop_format	= xfs_attrd_item_format,
876 	.iop_release    = xfs_attrd_item_release,
877 	.iop_intent	= xfs_attrd_item_intent,
878 };
879 
880 const struct xlog_recover_item_ops xlog_attrd_item_ops = {
881 	.item_type	= XFS_LI_ATTRD,
882 	.commit_pass2	= xlog_recover_attrd_commit_pass2,
883 };
884