1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_inode.h" 14 #include "xfs_acl.h" 15 #include "xfs_quota.h" 16 #include "xfs_attr.h" 17 #include "xfs_trans.h" 18 #include "xfs_trace.h" 19 #include "xfs_icache.h" 20 #include "xfs_symlink.h" 21 #include "xfs_dir2.h" 22 #include "xfs_iomap.h" 23 24 #include <linux/xattr.h> 25 #include <linux/posix_acl.h> 26 #include <linux/security.h> 27 #include <linux/iversion.h> 28 29 /* 30 * Directories have different lock order w.r.t. mmap_sem compared to regular 31 * files. This is due to readdir potentially triggering page faults on a user 32 * buffer inside filldir(), and this happens with the ilock on the directory 33 * held. For regular files, the lock order is the other way around - the 34 * mmap_sem is taken during the page fault, and then we lock the ilock to do 35 * block mapping. Hence we need a different class for the directory ilock so 36 * that lockdep can tell them apart. 37 */ 38 static struct lock_class_key xfs_nondir_ilock_class; 39 static struct lock_class_key xfs_dir_ilock_class; 40 41 static int 42 xfs_initxattrs( 43 struct inode *inode, 44 const struct xattr *xattr_array, 45 void *fs_info) 46 { 47 const struct xattr *xattr; 48 struct xfs_inode *ip = XFS_I(inode); 49 int error = 0; 50 51 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 52 error = xfs_attr_set(ip, xattr->name, xattr->value, 53 xattr->value_len, ATTR_SECURE); 54 if (error < 0) 55 break; 56 } 57 return error; 58 } 59 60 /* 61 * Hook in SELinux. This is not quite correct yet, what we really need 62 * here (as we do for default ACLs) is a mechanism by which creation of 63 * these attrs can be journalled at inode creation time (along with the 64 * inode, of course, such that log replay can't cause these to be lost). 65 */ 66 67 STATIC int 68 xfs_init_security( 69 struct inode *inode, 70 struct inode *dir, 71 const struct qstr *qstr) 72 { 73 return security_inode_init_security(inode, dir, qstr, 74 &xfs_initxattrs, NULL); 75 } 76 77 static void 78 xfs_dentry_to_name( 79 struct xfs_name *namep, 80 struct dentry *dentry) 81 { 82 namep->name = dentry->d_name.name; 83 namep->len = dentry->d_name.len; 84 namep->type = XFS_DIR3_FT_UNKNOWN; 85 } 86 87 static int 88 xfs_dentry_mode_to_name( 89 struct xfs_name *namep, 90 struct dentry *dentry, 91 int mode) 92 { 93 namep->name = dentry->d_name.name; 94 namep->len = dentry->d_name.len; 95 namep->type = xfs_mode_to_ftype(mode); 96 97 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 98 return -EFSCORRUPTED; 99 100 return 0; 101 } 102 103 STATIC void 104 xfs_cleanup_inode( 105 struct inode *dir, 106 struct inode *inode, 107 struct dentry *dentry) 108 { 109 struct xfs_name teardown; 110 111 /* Oh, the horror. 112 * If we can't add the ACL or we fail in 113 * xfs_init_security we must back out. 114 * ENOSPC can hit here, among other things. 115 */ 116 xfs_dentry_to_name(&teardown, dentry); 117 118 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 119 } 120 121 STATIC int 122 xfs_generic_create( 123 struct inode *dir, 124 struct dentry *dentry, 125 umode_t mode, 126 dev_t rdev, 127 bool tmpfile) /* unnamed file */ 128 { 129 struct inode *inode; 130 struct xfs_inode *ip = NULL; 131 struct posix_acl *default_acl, *acl; 132 struct xfs_name name; 133 int error; 134 135 /* 136 * Irix uses Missed'em'V split, but doesn't want to see 137 * the upper 5 bits of (14bit) major. 138 */ 139 if (S_ISCHR(mode) || S_ISBLK(mode)) { 140 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 141 return -EINVAL; 142 } else { 143 rdev = 0; 144 } 145 146 error = posix_acl_create(dir, &mode, &default_acl, &acl); 147 if (error) 148 return error; 149 150 /* Verify mode is valid also for tmpfile case */ 151 error = xfs_dentry_mode_to_name(&name, dentry, mode); 152 if (unlikely(error)) 153 goto out_free_acl; 154 155 if (!tmpfile) { 156 error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip); 157 } else { 158 error = xfs_create_tmpfile(XFS_I(dir), mode, &ip); 159 } 160 if (unlikely(error)) 161 goto out_free_acl; 162 163 inode = VFS_I(ip); 164 165 error = xfs_init_security(inode, dir, &dentry->d_name); 166 if (unlikely(error)) 167 goto out_cleanup_inode; 168 169 #ifdef CONFIG_XFS_POSIX_ACL 170 if (default_acl) { 171 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 172 if (error) 173 goto out_cleanup_inode; 174 } 175 if (acl) { 176 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 177 if (error) 178 goto out_cleanup_inode; 179 } 180 #endif 181 182 xfs_setup_iops(ip); 183 184 if (tmpfile) { 185 /* 186 * The VFS requires that any inode fed to d_tmpfile must have 187 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 188 * However, we created the temp file with nlink == 0 because 189 * we're not allowed to put an inode with nlink > 0 on the 190 * unlinked list. Therefore we have to set nlink to 1 so that 191 * d_tmpfile can immediately set it back to zero. 192 */ 193 set_nlink(inode, 1); 194 d_tmpfile(dentry, inode); 195 } else 196 d_instantiate(dentry, inode); 197 198 xfs_finish_inode_setup(ip); 199 200 out_free_acl: 201 if (default_acl) 202 posix_acl_release(default_acl); 203 if (acl) 204 posix_acl_release(acl); 205 return error; 206 207 out_cleanup_inode: 208 xfs_finish_inode_setup(ip); 209 if (!tmpfile) 210 xfs_cleanup_inode(dir, inode, dentry); 211 xfs_irele(ip); 212 goto out_free_acl; 213 } 214 215 STATIC int 216 xfs_vn_mknod( 217 struct inode *dir, 218 struct dentry *dentry, 219 umode_t mode, 220 dev_t rdev) 221 { 222 return xfs_generic_create(dir, dentry, mode, rdev, false); 223 } 224 225 STATIC int 226 xfs_vn_create( 227 struct inode *dir, 228 struct dentry *dentry, 229 umode_t mode, 230 bool flags) 231 { 232 return xfs_vn_mknod(dir, dentry, mode, 0); 233 } 234 235 STATIC int 236 xfs_vn_mkdir( 237 struct inode *dir, 238 struct dentry *dentry, 239 umode_t mode) 240 { 241 return xfs_vn_mknod(dir, dentry, mode|S_IFDIR, 0); 242 } 243 244 STATIC struct dentry * 245 xfs_vn_lookup( 246 struct inode *dir, 247 struct dentry *dentry, 248 unsigned int flags) 249 { 250 struct inode *inode; 251 struct xfs_inode *cip; 252 struct xfs_name name; 253 int error; 254 255 if (dentry->d_name.len >= MAXNAMELEN) 256 return ERR_PTR(-ENAMETOOLONG); 257 258 xfs_dentry_to_name(&name, dentry); 259 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 260 if (likely(!error)) 261 inode = VFS_I(cip); 262 else if (likely(error == -ENOENT)) 263 inode = NULL; 264 else 265 inode = ERR_PTR(error); 266 return d_splice_alias(inode, dentry); 267 } 268 269 STATIC struct dentry * 270 xfs_vn_ci_lookup( 271 struct inode *dir, 272 struct dentry *dentry, 273 unsigned int flags) 274 { 275 struct xfs_inode *ip; 276 struct xfs_name xname; 277 struct xfs_name ci_name; 278 struct qstr dname; 279 int error; 280 281 if (dentry->d_name.len >= MAXNAMELEN) 282 return ERR_PTR(-ENAMETOOLONG); 283 284 xfs_dentry_to_name(&xname, dentry); 285 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 286 if (unlikely(error)) { 287 if (unlikely(error != -ENOENT)) 288 return ERR_PTR(error); 289 /* 290 * call d_add(dentry, NULL) here when d_drop_negative_children 291 * is called in xfs_vn_mknod (ie. allow negative dentries 292 * with CI filesystems). 293 */ 294 return NULL; 295 } 296 297 /* if exact match, just splice and exit */ 298 if (!ci_name.name) 299 return d_splice_alias(VFS_I(ip), dentry); 300 301 /* else case-insensitive match... */ 302 dname.name = ci_name.name; 303 dname.len = ci_name.len; 304 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 305 kmem_free(ci_name.name); 306 return dentry; 307 } 308 309 STATIC int 310 xfs_vn_link( 311 struct dentry *old_dentry, 312 struct inode *dir, 313 struct dentry *dentry) 314 { 315 struct inode *inode = d_inode(old_dentry); 316 struct xfs_name name; 317 int error; 318 319 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 320 if (unlikely(error)) 321 return error; 322 323 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 324 if (unlikely(error)) 325 return error; 326 327 ihold(inode); 328 d_instantiate(dentry, inode); 329 return 0; 330 } 331 332 STATIC int 333 xfs_vn_unlink( 334 struct inode *dir, 335 struct dentry *dentry) 336 { 337 struct xfs_name name; 338 int error; 339 340 xfs_dentry_to_name(&name, dentry); 341 342 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 343 if (error) 344 return error; 345 346 /* 347 * With unlink, the VFS makes the dentry "negative": no inode, 348 * but still hashed. This is incompatible with case-insensitive 349 * mode, so invalidate (unhash) the dentry in CI-mode. 350 */ 351 if (xfs_sb_version_hasasciici(&XFS_M(dir->i_sb)->m_sb)) 352 d_invalidate(dentry); 353 return 0; 354 } 355 356 STATIC int 357 xfs_vn_symlink( 358 struct inode *dir, 359 struct dentry *dentry, 360 const char *symname) 361 { 362 struct inode *inode; 363 struct xfs_inode *cip = NULL; 364 struct xfs_name name; 365 int error; 366 umode_t mode; 367 368 mode = S_IFLNK | 369 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 370 error = xfs_dentry_mode_to_name(&name, dentry, mode); 371 if (unlikely(error)) 372 goto out; 373 374 error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip); 375 if (unlikely(error)) 376 goto out; 377 378 inode = VFS_I(cip); 379 380 error = xfs_init_security(inode, dir, &dentry->d_name); 381 if (unlikely(error)) 382 goto out_cleanup_inode; 383 384 xfs_setup_iops(cip); 385 386 d_instantiate(dentry, inode); 387 xfs_finish_inode_setup(cip); 388 return 0; 389 390 out_cleanup_inode: 391 xfs_finish_inode_setup(cip); 392 xfs_cleanup_inode(dir, inode, dentry); 393 xfs_irele(cip); 394 out: 395 return error; 396 } 397 398 STATIC int 399 xfs_vn_rename( 400 struct inode *odir, 401 struct dentry *odentry, 402 struct inode *ndir, 403 struct dentry *ndentry, 404 unsigned int flags) 405 { 406 struct inode *new_inode = d_inode(ndentry); 407 int omode = 0; 408 int error; 409 struct xfs_name oname; 410 struct xfs_name nname; 411 412 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 413 return -EINVAL; 414 415 /* if we are exchanging files, we need to set i_mode of both files */ 416 if (flags & RENAME_EXCHANGE) 417 omode = d_inode(ndentry)->i_mode; 418 419 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 420 if (omode && unlikely(error)) 421 return error; 422 423 error = xfs_dentry_mode_to_name(&nname, ndentry, 424 d_inode(odentry)->i_mode); 425 if (unlikely(error)) 426 return error; 427 428 return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)), 429 XFS_I(ndir), &nname, 430 new_inode ? XFS_I(new_inode) : NULL, flags); 431 } 432 433 /* 434 * careful here - this function can get called recursively, so 435 * we need to be very careful about how much stack we use. 436 * uio is kmalloced for this reason... 437 */ 438 STATIC const char * 439 xfs_vn_get_link( 440 struct dentry *dentry, 441 struct inode *inode, 442 struct delayed_call *done) 443 { 444 char *link; 445 int error = -ENOMEM; 446 447 if (!dentry) 448 return ERR_PTR(-ECHILD); 449 450 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 451 if (!link) 452 goto out_err; 453 454 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 455 if (unlikely(error)) 456 goto out_kfree; 457 458 set_delayed_call(done, kfree_link, link); 459 return link; 460 461 out_kfree: 462 kfree(link); 463 out_err: 464 return ERR_PTR(error); 465 } 466 467 STATIC const char * 468 xfs_vn_get_link_inline( 469 struct dentry *dentry, 470 struct inode *inode, 471 struct delayed_call *done) 472 { 473 char *link; 474 475 ASSERT(XFS_I(inode)->i_df.if_flags & XFS_IFINLINE); 476 477 /* 478 * The VFS crashes on a NULL pointer, so return -EFSCORRUPTED if 479 * if_data is junk. 480 */ 481 link = XFS_I(inode)->i_df.if_u1.if_data; 482 if (!link) 483 return ERR_PTR(-EFSCORRUPTED); 484 return link; 485 } 486 487 STATIC int 488 xfs_vn_getattr( 489 const struct path *path, 490 struct kstat *stat, 491 u32 request_mask, 492 unsigned int query_flags) 493 { 494 struct inode *inode = d_inode(path->dentry); 495 struct xfs_inode *ip = XFS_I(inode); 496 struct xfs_mount *mp = ip->i_mount; 497 498 trace_xfs_getattr(ip); 499 500 if (XFS_FORCED_SHUTDOWN(mp)) 501 return -EIO; 502 503 stat->size = XFS_ISIZE(ip); 504 stat->dev = inode->i_sb->s_dev; 505 stat->mode = inode->i_mode; 506 stat->nlink = inode->i_nlink; 507 stat->uid = inode->i_uid; 508 stat->gid = inode->i_gid; 509 stat->ino = ip->i_ino; 510 stat->atime = inode->i_atime; 511 stat->mtime = inode->i_mtime; 512 stat->ctime = inode->i_ctime; 513 stat->blocks = 514 XFS_FSB_TO_BB(mp, ip->i_d.di_nblocks + ip->i_delayed_blks); 515 516 if (ip->i_d.di_version == 3) { 517 if (request_mask & STATX_BTIME) { 518 stat->result_mask |= STATX_BTIME; 519 stat->btime.tv_sec = ip->i_d.di_crtime.t_sec; 520 stat->btime.tv_nsec = ip->i_d.di_crtime.t_nsec; 521 } 522 } 523 524 /* 525 * Note: If you add another clause to set an attribute flag, please 526 * update attributes_mask below. 527 */ 528 if (ip->i_d.di_flags & XFS_DIFLAG_IMMUTABLE) 529 stat->attributes |= STATX_ATTR_IMMUTABLE; 530 if (ip->i_d.di_flags & XFS_DIFLAG_APPEND) 531 stat->attributes |= STATX_ATTR_APPEND; 532 if (ip->i_d.di_flags & XFS_DIFLAG_NODUMP) 533 stat->attributes |= STATX_ATTR_NODUMP; 534 535 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 536 STATX_ATTR_APPEND | 537 STATX_ATTR_NODUMP); 538 539 switch (inode->i_mode & S_IFMT) { 540 case S_IFBLK: 541 case S_IFCHR: 542 stat->blksize = BLKDEV_IOSIZE; 543 stat->rdev = inode->i_rdev; 544 break; 545 default: 546 if (XFS_IS_REALTIME_INODE(ip)) { 547 /* 548 * If the file blocks are being allocated from a 549 * realtime volume, then return the inode's realtime 550 * extent size or the realtime volume's extent size. 551 */ 552 stat->blksize = 553 xfs_get_extsz_hint(ip) << mp->m_sb.sb_blocklog; 554 } else 555 stat->blksize = xfs_preferred_iosize(mp); 556 stat->rdev = 0; 557 break; 558 } 559 560 return 0; 561 } 562 563 static void 564 xfs_setattr_mode( 565 struct xfs_inode *ip, 566 struct iattr *iattr) 567 { 568 struct inode *inode = VFS_I(ip); 569 umode_t mode = iattr->ia_mode; 570 571 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 572 573 inode->i_mode &= S_IFMT; 574 inode->i_mode |= mode & ~S_IFMT; 575 } 576 577 void 578 xfs_setattr_time( 579 struct xfs_inode *ip, 580 struct iattr *iattr) 581 { 582 struct inode *inode = VFS_I(ip); 583 584 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 585 586 if (iattr->ia_valid & ATTR_ATIME) 587 inode->i_atime = iattr->ia_atime; 588 if (iattr->ia_valid & ATTR_CTIME) 589 inode->i_ctime = iattr->ia_ctime; 590 if (iattr->ia_valid & ATTR_MTIME) 591 inode->i_mtime = iattr->ia_mtime; 592 } 593 594 static int 595 xfs_vn_change_ok( 596 struct dentry *dentry, 597 struct iattr *iattr) 598 { 599 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 600 601 if (mp->m_flags & XFS_MOUNT_RDONLY) 602 return -EROFS; 603 604 if (XFS_FORCED_SHUTDOWN(mp)) 605 return -EIO; 606 607 return setattr_prepare(dentry, iattr); 608 } 609 610 /* 611 * Set non-size attributes of an inode. 612 * 613 * Caution: The caller of this function is responsible for calling 614 * setattr_prepare() or otherwise verifying the change is fine. 615 */ 616 int 617 xfs_setattr_nonsize( 618 struct xfs_inode *ip, 619 struct iattr *iattr, 620 int flags) 621 { 622 xfs_mount_t *mp = ip->i_mount; 623 struct inode *inode = VFS_I(ip); 624 int mask = iattr->ia_valid; 625 xfs_trans_t *tp; 626 int error; 627 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID; 628 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID; 629 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 630 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL; 631 632 ASSERT((mask & ATTR_SIZE) == 0); 633 634 /* 635 * If disk quotas is on, we make sure that the dquots do exist on disk, 636 * before we start any other transactions. Trying to do this later 637 * is messy. We don't care to take a readlock to look at the ids 638 * in inode here, because we can't hold it across the trans_reserve. 639 * If the IDs do change before we take the ilock, we're covered 640 * because the i_*dquot fields will get updated anyway. 641 */ 642 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 643 uint qflags = 0; 644 645 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 646 uid = iattr->ia_uid; 647 qflags |= XFS_QMOPT_UQUOTA; 648 } else { 649 uid = inode->i_uid; 650 } 651 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 652 gid = iattr->ia_gid; 653 qflags |= XFS_QMOPT_GQUOTA; 654 } else { 655 gid = inode->i_gid; 656 } 657 658 /* 659 * We take a reference when we initialize udqp and gdqp, 660 * so it is important that we never blindly double trip on 661 * the same variable. See xfs_create() for an example. 662 */ 663 ASSERT(udqp == NULL); 664 ASSERT(gdqp == NULL); 665 error = xfs_qm_vop_dqalloc(ip, xfs_kuid_to_uid(uid), 666 xfs_kgid_to_gid(gid), 667 xfs_get_projid(ip), 668 qflags, &udqp, &gdqp, NULL); 669 if (error) 670 return error; 671 } 672 673 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp); 674 if (error) 675 goto out_dqrele; 676 677 xfs_ilock(ip, XFS_ILOCK_EXCL); 678 xfs_trans_ijoin(tp, ip, 0); 679 680 /* 681 * Change file ownership. Must be the owner or privileged. 682 */ 683 if (mask & (ATTR_UID|ATTR_GID)) { 684 /* 685 * These IDs could have changed since we last looked at them. 686 * But, we're assured that if the ownership did change 687 * while we didn't have the inode locked, inode's dquot(s) 688 * would have changed also. 689 */ 690 iuid = inode->i_uid; 691 igid = inode->i_gid; 692 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid; 693 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid; 694 695 /* 696 * Do a quota reservation only if uid/gid is actually 697 * going to change. 698 */ 699 if (XFS_IS_QUOTA_RUNNING(mp) && 700 ((XFS_IS_UQUOTA_ON(mp) && !uid_eq(iuid, uid)) || 701 (XFS_IS_GQUOTA_ON(mp) && !gid_eq(igid, gid)))) { 702 ASSERT(tp); 703 error = xfs_qm_vop_chown_reserve(tp, ip, udqp, gdqp, 704 NULL, capable(CAP_FOWNER) ? 705 XFS_QMOPT_FORCE_RES : 0); 706 if (error) /* out of quota */ 707 goto out_cancel; 708 } 709 } 710 711 /* 712 * Change file ownership. Must be the owner or privileged. 713 */ 714 if (mask & (ATTR_UID|ATTR_GID)) { 715 /* 716 * CAP_FSETID overrides the following restrictions: 717 * 718 * The set-user-ID and set-group-ID bits of a file will be 719 * cleared upon successful return from chown() 720 */ 721 if ((inode->i_mode & (S_ISUID|S_ISGID)) && 722 !capable(CAP_FSETID)) 723 inode->i_mode &= ~(S_ISUID|S_ISGID); 724 725 /* 726 * Change the ownerships and register quota modifications 727 * in the transaction. 728 */ 729 if (!uid_eq(iuid, uid)) { 730 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) { 731 ASSERT(mask & ATTR_UID); 732 ASSERT(udqp); 733 olddquot1 = xfs_qm_vop_chown(tp, ip, 734 &ip->i_udquot, udqp); 735 } 736 ip->i_d.di_uid = xfs_kuid_to_uid(uid); 737 inode->i_uid = uid; 738 } 739 if (!gid_eq(igid, gid)) { 740 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_GQUOTA_ON(mp)) { 741 ASSERT(xfs_sb_version_has_pquotino(&mp->m_sb) || 742 !XFS_IS_PQUOTA_ON(mp)); 743 ASSERT(mask & ATTR_GID); 744 ASSERT(gdqp); 745 olddquot2 = xfs_qm_vop_chown(tp, ip, 746 &ip->i_gdquot, gdqp); 747 } 748 ip->i_d.di_gid = xfs_kgid_to_gid(gid); 749 inode->i_gid = gid; 750 } 751 } 752 753 if (mask & ATTR_MODE) 754 xfs_setattr_mode(ip, iattr); 755 if (mask & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 756 xfs_setattr_time(ip, iattr); 757 758 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 759 760 XFS_STATS_INC(mp, xs_ig_attrchg); 761 762 if (mp->m_flags & XFS_MOUNT_WSYNC) 763 xfs_trans_set_sync(tp); 764 error = xfs_trans_commit(tp); 765 766 xfs_iunlock(ip, XFS_ILOCK_EXCL); 767 768 /* 769 * Release any dquot(s) the inode had kept before chown. 770 */ 771 xfs_qm_dqrele(olddquot1); 772 xfs_qm_dqrele(olddquot2); 773 xfs_qm_dqrele(udqp); 774 xfs_qm_dqrele(gdqp); 775 776 if (error) 777 return error; 778 779 /* 780 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 781 * update. We could avoid this with linked transactions 782 * and passing down the transaction pointer all the way 783 * to attr_set. No previous user of the generic 784 * Posix ACL code seems to care about this issue either. 785 */ 786 if ((mask & ATTR_MODE) && !(flags & XFS_ATTR_NOACL)) { 787 error = posix_acl_chmod(inode, inode->i_mode); 788 if (error) 789 return error; 790 } 791 792 return 0; 793 794 out_cancel: 795 xfs_trans_cancel(tp); 796 xfs_iunlock(ip, XFS_ILOCK_EXCL); 797 out_dqrele: 798 xfs_qm_dqrele(udqp); 799 xfs_qm_dqrele(gdqp); 800 return error; 801 } 802 803 int 804 xfs_vn_setattr_nonsize( 805 struct dentry *dentry, 806 struct iattr *iattr) 807 { 808 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 809 int error; 810 811 trace_xfs_setattr(ip); 812 813 error = xfs_vn_change_ok(dentry, iattr); 814 if (error) 815 return error; 816 return xfs_setattr_nonsize(ip, iattr, 0); 817 } 818 819 /* 820 * Truncate file. Must have write permission and not be a directory. 821 * 822 * Caution: The caller of this function is responsible for calling 823 * setattr_prepare() or otherwise verifying the change is fine. 824 */ 825 STATIC int 826 xfs_setattr_size( 827 struct xfs_inode *ip, 828 struct iattr *iattr) 829 { 830 struct xfs_mount *mp = ip->i_mount; 831 struct inode *inode = VFS_I(ip); 832 xfs_off_t oldsize, newsize; 833 struct xfs_trans *tp; 834 int error; 835 uint lock_flags = 0; 836 bool did_zeroing = false; 837 838 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); 839 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL)); 840 ASSERT(S_ISREG(inode->i_mode)); 841 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 842 ATTR_MTIME_SET|ATTR_KILL_PRIV|ATTR_TIMES_SET)) == 0); 843 844 oldsize = inode->i_size; 845 newsize = iattr->ia_size; 846 847 /* 848 * Short circuit the truncate case for zero length files. 849 */ 850 if (newsize == 0 && oldsize == 0 && ip->i_d.di_nextents == 0) { 851 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 852 return 0; 853 854 /* 855 * Use the regular setattr path to update the timestamps. 856 */ 857 iattr->ia_valid &= ~ATTR_SIZE; 858 return xfs_setattr_nonsize(ip, iattr, 0); 859 } 860 861 /* 862 * Make sure that the dquots are attached to the inode. 863 */ 864 error = xfs_qm_dqattach(ip); 865 if (error) 866 return error; 867 868 /* 869 * Wait for all direct I/O to complete. 870 */ 871 inode_dio_wait(inode); 872 873 /* 874 * File data changes must be complete before we start the transaction to 875 * modify the inode. This needs to be done before joining the inode to 876 * the transaction because the inode cannot be unlocked once it is a 877 * part of the transaction. 878 * 879 * Start with zeroing any data beyond EOF that we may expose on file 880 * extension, or zeroing out the rest of the block on a downward 881 * truncate. 882 */ 883 if (newsize > oldsize) { 884 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 885 error = iomap_zero_range(inode, oldsize, newsize - oldsize, 886 &did_zeroing, &xfs_iomap_ops); 887 } else { 888 error = iomap_truncate_page(inode, newsize, &did_zeroing, 889 &xfs_iomap_ops); 890 } 891 892 if (error) 893 return error; 894 895 /* 896 * We've already locked out new page faults, so now we can safely remove 897 * pages from the page cache knowing they won't get refaulted until we 898 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 899 * complete. The truncate_setsize() call also cleans partial EOF page 900 * PTEs on extending truncates and hence ensures sub-page block size 901 * filesystems are correctly handled, too. 902 * 903 * We have to do all the page cache truncate work outside the 904 * transaction context as the "lock" order is page lock->log space 905 * reservation as defined by extent allocation in the writeback path. 906 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 907 * having already truncated the in-memory version of the file (i.e. made 908 * user visible changes). There's not much we can do about this, except 909 * to hope that the caller sees ENOMEM and retries the truncate 910 * operation. 911 * 912 * And we update in-core i_size and truncate page cache beyond newsize 913 * before writeback the [di_size, newsize] range, so we're guaranteed 914 * not to write stale data past the new EOF on truncate down. 915 */ 916 truncate_setsize(inode, newsize); 917 918 /* 919 * We are going to log the inode size change in this transaction so 920 * any previous writes that are beyond the on disk EOF and the new 921 * EOF that have not been written out need to be written here. If we 922 * do not write the data out, we expose ourselves to the null files 923 * problem. Note that this includes any block zeroing we did above; 924 * otherwise those blocks may not be zeroed after a crash. 925 */ 926 if (did_zeroing || 927 (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) { 928 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 929 ip->i_d.di_size, newsize - 1); 930 if (error) 931 return error; 932 } 933 934 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 935 if (error) 936 return error; 937 938 lock_flags |= XFS_ILOCK_EXCL; 939 xfs_ilock(ip, XFS_ILOCK_EXCL); 940 xfs_trans_ijoin(tp, ip, 0); 941 942 /* 943 * Only change the c/mtime if we are changing the size or we are 944 * explicitly asked to change it. This handles the semantic difference 945 * between truncate() and ftruncate() as implemented in the VFS. 946 * 947 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 948 * special case where we need to update the times despite not having 949 * these flags set. For all other operations the VFS set these flags 950 * explicitly if it wants a timestamp update. 951 */ 952 if (newsize != oldsize && 953 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 954 iattr->ia_ctime = iattr->ia_mtime = 955 current_time(inode); 956 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 957 } 958 959 /* 960 * The first thing we do is set the size to new_size permanently on 961 * disk. This way we don't have to worry about anyone ever being able 962 * to look at the data being freed even in the face of a crash. 963 * What we're getting around here is the case where we free a block, it 964 * is allocated to another file, it is written to, and then we crash. 965 * If the new data gets written to the file but the log buffers 966 * containing the free and reallocation don't, then we'd end up with 967 * garbage in the blocks being freed. As long as we make the new size 968 * permanent before actually freeing any blocks it doesn't matter if 969 * they get written to. 970 */ 971 ip->i_d.di_size = newsize; 972 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 973 974 if (newsize <= oldsize) { 975 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 976 if (error) 977 goto out_trans_cancel; 978 979 /* 980 * Truncated "down", so we're removing references to old data 981 * here - if we delay flushing for a long time, we expose 982 * ourselves unduly to the notorious NULL files problem. So, 983 * we mark this inode and flush it when the file is closed, 984 * and do not wait the usual (long) time for writeout. 985 */ 986 xfs_iflags_set(ip, XFS_ITRUNCATED); 987 988 /* A truncate down always removes post-EOF blocks. */ 989 xfs_inode_clear_eofblocks_tag(ip); 990 } 991 992 if (iattr->ia_valid & ATTR_MODE) 993 xfs_setattr_mode(ip, iattr); 994 if (iattr->ia_valid & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 995 xfs_setattr_time(ip, iattr); 996 997 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 998 999 XFS_STATS_INC(mp, xs_ig_attrchg); 1000 1001 if (mp->m_flags & XFS_MOUNT_WSYNC) 1002 xfs_trans_set_sync(tp); 1003 1004 error = xfs_trans_commit(tp); 1005 out_unlock: 1006 if (lock_flags) 1007 xfs_iunlock(ip, lock_flags); 1008 return error; 1009 1010 out_trans_cancel: 1011 xfs_trans_cancel(tp); 1012 goto out_unlock; 1013 } 1014 1015 int 1016 xfs_vn_setattr_size( 1017 struct dentry *dentry, 1018 struct iattr *iattr) 1019 { 1020 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 1021 int error; 1022 1023 trace_xfs_setattr(ip); 1024 1025 error = xfs_vn_change_ok(dentry, iattr); 1026 if (error) 1027 return error; 1028 return xfs_setattr_size(ip, iattr); 1029 } 1030 1031 STATIC int 1032 xfs_vn_setattr( 1033 struct dentry *dentry, 1034 struct iattr *iattr) 1035 { 1036 int error; 1037 1038 if (iattr->ia_valid & ATTR_SIZE) { 1039 struct inode *inode = d_inode(dentry); 1040 struct xfs_inode *ip = XFS_I(inode); 1041 uint iolock; 1042 1043 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1044 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1045 1046 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1047 if (error) { 1048 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1049 return error; 1050 } 1051 1052 error = xfs_vn_setattr_size(dentry, iattr); 1053 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1054 } else { 1055 error = xfs_vn_setattr_nonsize(dentry, iattr); 1056 } 1057 1058 return error; 1059 } 1060 1061 STATIC int 1062 xfs_vn_update_time( 1063 struct inode *inode, 1064 struct timespec64 *now, 1065 int flags) 1066 { 1067 struct xfs_inode *ip = XFS_I(inode); 1068 struct xfs_mount *mp = ip->i_mount; 1069 int log_flags = XFS_ILOG_TIMESTAMP; 1070 struct xfs_trans *tp; 1071 int error; 1072 1073 trace_xfs_update_time(ip); 1074 1075 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1076 if (!((flags & S_VERSION) && 1077 inode_maybe_inc_iversion(inode, false))) 1078 return generic_update_time(inode, now, flags); 1079 1080 /* Capture the iversion update that just occurred */ 1081 log_flags |= XFS_ILOG_CORE; 1082 } 1083 1084 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1085 if (error) 1086 return error; 1087 1088 xfs_ilock(ip, XFS_ILOCK_EXCL); 1089 if (flags & S_CTIME) 1090 inode->i_ctime = *now; 1091 if (flags & S_MTIME) 1092 inode->i_mtime = *now; 1093 if (flags & S_ATIME) 1094 inode->i_atime = *now; 1095 1096 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1097 xfs_trans_log_inode(tp, ip, log_flags); 1098 return xfs_trans_commit(tp); 1099 } 1100 1101 STATIC int 1102 xfs_vn_fiemap( 1103 struct inode *inode, 1104 struct fiemap_extent_info *fieinfo, 1105 u64 start, 1106 u64 length) 1107 { 1108 int error; 1109 1110 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1111 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1112 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1113 error = iomap_fiemap(inode, fieinfo, start, length, 1114 &xfs_xattr_iomap_ops); 1115 } else { 1116 error = iomap_fiemap(inode, fieinfo, start, length, 1117 &xfs_iomap_ops); 1118 } 1119 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1120 1121 return error; 1122 } 1123 1124 STATIC int 1125 xfs_vn_tmpfile( 1126 struct inode *dir, 1127 struct dentry *dentry, 1128 umode_t mode) 1129 { 1130 return xfs_generic_create(dir, dentry, mode, 0, true); 1131 } 1132 1133 static const struct inode_operations xfs_inode_operations = { 1134 .get_acl = xfs_get_acl, 1135 .set_acl = xfs_set_acl, 1136 .getattr = xfs_vn_getattr, 1137 .setattr = xfs_vn_setattr, 1138 .listxattr = xfs_vn_listxattr, 1139 .fiemap = xfs_vn_fiemap, 1140 .update_time = xfs_vn_update_time, 1141 }; 1142 1143 static const struct inode_operations xfs_dir_inode_operations = { 1144 .create = xfs_vn_create, 1145 .lookup = xfs_vn_lookup, 1146 .link = xfs_vn_link, 1147 .unlink = xfs_vn_unlink, 1148 .symlink = xfs_vn_symlink, 1149 .mkdir = xfs_vn_mkdir, 1150 /* 1151 * Yes, XFS uses the same method for rmdir and unlink. 1152 * 1153 * There are some subtile differences deeper in the code, 1154 * but we use S_ISDIR to check for those. 1155 */ 1156 .rmdir = xfs_vn_unlink, 1157 .mknod = xfs_vn_mknod, 1158 .rename = xfs_vn_rename, 1159 .get_acl = xfs_get_acl, 1160 .set_acl = xfs_set_acl, 1161 .getattr = xfs_vn_getattr, 1162 .setattr = xfs_vn_setattr, 1163 .listxattr = xfs_vn_listxattr, 1164 .update_time = xfs_vn_update_time, 1165 .tmpfile = xfs_vn_tmpfile, 1166 }; 1167 1168 static const struct inode_operations xfs_dir_ci_inode_operations = { 1169 .create = xfs_vn_create, 1170 .lookup = xfs_vn_ci_lookup, 1171 .link = xfs_vn_link, 1172 .unlink = xfs_vn_unlink, 1173 .symlink = xfs_vn_symlink, 1174 .mkdir = xfs_vn_mkdir, 1175 /* 1176 * Yes, XFS uses the same method for rmdir and unlink. 1177 * 1178 * There are some subtile differences deeper in the code, 1179 * but we use S_ISDIR to check for those. 1180 */ 1181 .rmdir = xfs_vn_unlink, 1182 .mknod = xfs_vn_mknod, 1183 .rename = xfs_vn_rename, 1184 .get_acl = xfs_get_acl, 1185 .set_acl = xfs_set_acl, 1186 .getattr = xfs_vn_getattr, 1187 .setattr = xfs_vn_setattr, 1188 .listxattr = xfs_vn_listxattr, 1189 .update_time = xfs_vn_update_time, 1190 .tmpfile = xfs_vn_tmpfile, 1191 }; 1192 1193 static const struct inode_operations xfs_symlink_inode_operations = { 1194 .get_link = xfs_vn_get_link, 1195 .getattr = xfs_vn_getattr, 1196 .setattr = xfs_vn_setattr, 1197 .listxattr = xfs_vn_listxattr, 1198 .update_time = xfs_vn_update_time, 1199 }; 1200 1201 static const struct inode_operations xfs_inline_symlink_inode_operations = { 1202 .get_link = xfs_vn_get_link_inline, 1203 .getattr = xfs_vn_getattr, 1204 .setattr = xfs_vn_setattr, 1205 .listxattr = xfs_vn_listxattr, 1206 .update_time = xfs_vn_update_time, 1207 }; 1208 1209 /* Figure out if this file actually supports DAX. */ 1210 static bool 1211 xfs_inode_supports_dax( 1212 struct xfs_inode *ip) 1213 { 1214 struct xfs_mount *mp = ip->i_mount; 1215 1216 /* Only supported on non-reflinked files. */ 1217 if (!S_ISREG(VFS_I(ip)->i_mode) || xfs_is_reflink_inode(ip)) 1218 return false; 1219 1220 /* DAX mount option or DAX iflag must be set. */ 1221 if (!(mp->m_flags & XFS_MOUNT_DAX) && 1222 !(ip->i_d.di_flags2 & XFS_DIFLAG2_DAX)) 1223 return false; 1224 1225 /* Block size must match page size */ 1226 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1227 return false; 1228 1229 /* Device has to support DAX too. */ 1230 return xfs_find_daxdev_for_inode(VFS_I(ip)) != NULL; 1231 } 1232 1233 STATIC void 1234 xfs_diflags_to_iflags( 1235 struct inode *inode, 1236 struct xfs_inode *ip) 1237 { 1238 uint16_t flags = ip->i_d.di_flags; 1239 1240 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | 1241 S_NOATIME | S_DAX); 1242 1243 if (flags & XFS_DIFLAG_IMMUTABLE) 1244 inode->i_flags |= S_IMMUTABLE; 1245 if (flags & XFS_DIFLAG_APPEND) 1246 inode->i_flags |= S_APPEND; 1247 if (flags & XFS_DIFLAG_SYNC) 1248 inode->i_flags |= S_SYNC; 1249 if (flags & XFS_DIFLAG_NOATIME) 1250 inode->i_flags |= S_NOATIME; 1251 if (xfs_inode_supports_dax(ip)) 1252 inode->i_flags |= S_DAX; 1253 } 1254 1255 /* 1256 * Initialize the Linux inode. 1257 * 1258 * When reading existing inodes from disk this is called directly from xfs_iget, 1259 * when creating a new inode it is called from xfs_ialloc after setting up the 1260 * inode. These callers have different criteria for clearing XFS_INEW, so leave 1261 * it up to the caller to deal with unlocking the inode appropriately. 1262 */ 1263 void 1264 xfs_setup_inode( 1265 struct xfs_inode *ip) 1266 { 1267 struct inode *inode = &ip->i_vnode; 1268 gfp_t gfp_mask; 1269 1270 inode->i_ino = ip->i_ino; 1271 inode->i_state = I_NEW; 1272 1273 inode_sb_list_add(inode); 1274 /* make the inode look hashed for the writeback code */ 1275 inode_fake_hash(inode); 1276 1277 inode->i_uid = xfs_uid_to_kuid(ip->i_d.di_uid); 1278 inode->i_gid = xfs_gid_to_kgid(ip->i_d.di_gid); 1279 1280 i_size_write(inode, ip->i_d.di_size); 1281 xfs_diflags_to_iflags(inode, ip); 1282 1283 if (S_ISDIR(inode->i_mode)) { 1284 /* 1285 * We set the i_rwsem class here to avoid potential races with 1286 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1287 * after a filehandle lookup has already found the inode in 1288 * cache before it has been unlocked via unlock_new_inode(). 1289 */ 1290 lockdep_set_class(&inode->i_rwsem, 1291 &inode->i_sb->s_type->i_mutex_dir_key); 1292 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class); 1293 ip->d_ops = ip->i_mount->m_dir_inode_ops; 1294 } else { 1295 ip->d_ops = ip->i_mount->m_nondir_inode_ops; 1296 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class); 1297 } 1298 1299 /* 1300 * Ensure all page cache allocations are done from GFP_NOFS context to 1301 * prevent direct reclaim recursion back into the filesystem and blowing 1302 * stacks or deadlocking. 1303 */ 1304 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1305 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1306 1307 /* 1308 * If there is no attribute fork no ACL can exist on this inode, 1309 * and it can't have any file capabilities attached to it either. 1310 */ 1311 if (!XFS_IFORK_Q(ip)) { 1312 inode_has_no_xattr(inode); 1313 cache_no_acl(inode); 1314 } 1315 } 1316 1317 void 1318 xfs_setup_iops( 1319 struct xfs_inode *ip) 1320 { 1321 struct inode *inode = &ip->i_vnode; 1322 1323 switch (inode->i_mode & S_IFMT) { 1324 case S_IFREG: 1325 inode->i_op = &xfs_inode_operations; 1326 inode->i_fop = &xfs_file_operations; 1327 if (IS_DAX(inode)) 1328 inode->i_mapping->a_ops = &xfs_dax_aops; 1329 else 1330 inode->i_mapping->a_ops = &xfs_address_space_operations; 1331 break; 1332 case S_IFDIR: 1333 if (xfs_sb_version_hasasciici(&XFS_M(inode->i_sb)->m_sb)) 1334 inode->i_op = &xfs_dir_ci_inode_operations; 1335 else 1336 inode->i_op = &xfs_dir_inode_operations; 1337 inode->i_fop = &xfs_dir_file_operations; 1338 break; 1339 case S_IFLNK: 1340 if (ip->i_df.if_flags & XFS_IFINLINE) 1341 inode->i_op = &xfs_inline_symlink_inode_operations; 1342 else 1343 inode->i_op = &xfs_symlink_inode_operations; 1344 break; 1345 default: 1346 inode->i_op = &xfs_inode_operations; 1347 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1348 break; 1349 } 1350 } 1351