1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_inode.h" 14 #include "xfs_acl.h" 15 #include "xfs_quota.h" 16 #include "xfs_attr.h" 17 #include "xfs_trans.h" 18 #include "xfs_trace.h" 19 #include "xfs_icache.h" 20 #include "xfs_symlink.h" 21 #include "xfs_dir2.h" 22 #include "xfs_iomap.h" 23 #include "xfs_error.h" 24 25 #include <linux/xattr.h> 26 #include <linux/posix_acl.h> 27 #include <linux/security.h> 28 #include <linux/iversion.h> 29 30 /* 31 * Directories have different lock order w.r.t. mmap_sem compared to regular 32 * files. This is due to readdir potentially triggering page faults on a user 33 * buffer inside filldir(), and this happens with the ilock on the directory 34 * held. For regular files, the lock order is the other way around - the 35 * mmap_sem is taken during the page fault, and then we lock the ilock to do 36 * block mapping. Hence we need a different class for the directory ilock so 37 * that lockdep can tell them apart. 38 */ 39 static struct lock_class_key xfs_nondir_ilock_class; 40 static struct lock_class_key xfs_dir_ilock_class; 41 42 static int 43 xfs_initxattrs( 44 struct inode *inode, 45 const struct xattr *xattr_array, 46 void *fs_info) 47 { 48 const struct xattr *xattr; 49 struct xfs_inode *ip = XFS_I(inode); 50 int error = 0; 51 52 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 53 error = xfs_attr_set(ip, xattr->name, xattr->value, 54 xattr->value_len, ATTR_SECURE); 55 if (error < 0) 56 break; 57 } 58 return error; 59 } 60 61 /* 62 * Hook in SELinux. This is not quite correct yet, what we really need 63 * here (as we do for default ACLs) is a mechanism by which creation of 64 * these attrs can be journalled at inode creation time (along with the 65 * inode, of course, such that log replay can't cause these to be lost). 66 */ 67 68 STATIC int 69 xfs_init_security( 70 struct inode *inode, 71 struct inode *dir, 72 const struct qstr *qstr) 73 { 74 return security_inode_init_security(inode, dir, qstr, 75 &xfs_initxattrs, NULL); 76 } 77 78 static void 79 xfs_dentry_to_name( 80 struct xfs_name *namep, 81 struct dentry *dentry) 82 { 83 namep->name = dentry->d_name.name; 84 namep->len = dentry->d_name.len; 85 namep->type = XFS_DIR3_FT_UNKNOWN; 86 } 87 88 static int 89 xfs_dentry_mode_to_name( 90 struct xfs_name *namep, 91 struct dentry *dentry, 92 int mode) 93 { 94 namep->name = dentry->d_name.name; 95 namep->len = dentry->d_name.len; 96 namep->type = xfs_mode_to_ftype(mode); 97 98 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 99 return -EFSCORRUPTED; 100 101 return 0; 102 } 103 104 STATIC void 105 xfs_cleanup_inode( 106 struct inode *dir, 107 struct inode *inode, 108 struct dentry *dentry) 109 { 110 struct xfs_name teardown; 111 112 /* Oh, the horror. 113 * If we can't add the ACL or we fail in 114 * xfs_init_security we must back out. 115 * ENOSPC can hit here, among other things. 116 */ 117 xfs_dentry_to_name(&teardown, dentry); 118 119 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 120 } 121 122 STATIC int 123 xfs_generic_create( 124 struct inode *dir, 125 struct dentry *dentry, 126 umode_t mode, 127 dev_t rdev, 128 bool tmpfile) /* unnamed file */ 129 { 130 struct inode *inode; 131 struct xfs_inode *ip = NULL; 132 struct posix_acl *default_acl, *acl; 133 struct xfs_name name; 134 int error; 135 136 /* 137 * Irix uses Missed'em'V split, but doesn't want to see 138 * the upper 5 bits of (14bit) major. 139 */ 140 if (S_ISCHR(mode) || S_ISBLK(mode)) { 141 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 142 return -EINVAL; 143 } else { 144 rdev = 0; 145 } 146 147 error = posix_acl_create(dir, &mode, &default_acl, &acl); 148 if (error) 149 return error; 150 151 /* Verify mode is valid also for tmpfile case */ 152 error = xfs_dentry_mode_to_name(&name, dentry, mode); 153 if (unlikely(error)) 154 goto out_free_acl; 155 156 if (!tmpfile) { 157 error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip); 158 } else { 159 error = xfs_create_tmpfile(XFS_I(dir), mode, &ip); 160 } 161 if (unlikely(error)) 162 goto out_free_acl; 163 164 inode = VFS_I(ip); 165 166 error = xfs_init_security(inode, dir, &dentry->d_name); 167 if (unlikely(error)) 168 goto out_cleanup_inode; 169 170 #ifdef CONFIG_XFS_POSIX_ACL 171 if (default_acl) { 172 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 173 if (error) 174 goto out_cleanup_inode; 175 } 176 if (acl) { 177 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 178 if (error) 179 goto out_cleanup_inode; 180 } 181 #endif 182 183 xfs_setup_iops(ip); 184 185 if (tmpfile) { 186 /* 187 * The VFS requires that any inode fed to d_tmpfile must have 188 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 189 * However, we created the temp file with nlink == 0 because 190 * we're not allowed to put an inode with nlink > 0 on the 191 * unlinked list. Therefore we have to set nlink to 1 so that 192 * d_tmpfile can immediately set it back to zero. 193 */ 194 set_nlink(inode, 1); 195 d_tmpfile(dentry, inode); 196 } else 197 d_instantiate(dentry, inode); 198 199 xfs_finish_inode_setup(ip); 200 201 out_free_acl: 202 if (default_acl) 203 posix_acl_release(default_acl); 204 if (acl) 205 posix_acl_release(acl); 206 return error; 207 208 out_cleanup_inode: 209 xfs_finish_inode_setup(ip); 210 if (!tmpfile) 211 xfs_cleanup_inode(dir, inode, dentry); 212 xfs_irele(ip); 213 goto out_free_acl; 214 } 215 216 STATIC int 217 xfs_vn_mknod( 218 struct inode *dir, 219 struct dentry *dentry, 220 umode_t mode, 221 dev_t rdev) 222 { 223 return xfs_generic_create(dir, dentry, mode, rdev, false); 224 } 225 226 STATIC int 227 xfs_vn_create( 228 struct inode *dir, 229 struct dentry *dentry, 230 umode_t mode, 231 bool flags) 232 { 233 return xfs_vn_mknod(dir, dentry, mode, 0); 234 } 235 236 STATIC int 237 xfs_vn_mkdir( 238 struct inode *dir, 239 struct dentry *dentry, 240 umode_t mode) 241 { 242 return xfs_vn_mknod(dir, dentry, mode|S_IFDIR, 0); 243 } 244 245 STATIC struct dentry * 246 xfs_vn_lookup( 247 struct inode *dir, 248 struct dentry *dentry, 249 unsigned int flags) 250 { 251 struct inode *inode; 252 struct xfs_inode *cip; 253 struct xfs_name name; 254 int error; 255 256 if (dentry->d_name.len >= MAXNAMELEN) 257 return ERR_PTR(-ENAMETOOLONG); 258 259 xfs_dentry_to_name(&name, dentry); 260 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 261 if (likely(!error)) 262 inode = VFS_I(cip); 263 else if (likely(error == -ENOENT)) 264 inode = NULL; 265 else 266 inode = ERR_PTR(error); 267 return d_splice_alias(inode, dentry); 268 } 269 270 STATIC struct dentry * 271 xfs_vn_ci_lookup( 272 struct inode *dir, 273 struct dentry *dentry, 274 unsigned int flags) 275 { 276 struct xfs_inode *ip; 277 struct xfs_name xname; 278 struct xfs_name ci_name; 279 struct qstr dname; 280 int error; 281 282 if (dentry->d_name.len >= MAXNAMELEN) 283 return ERR_PTR(-ENAMETOOLONG); 284 285 xfs_dentry_to_name(&xname, dentry); 286 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 287 if (unlikely(error)) { 288 if (unlikely(error != -ENOENT)) 289 return ERR_PTR(error); 290 /* 291 * call d_add(dentry, NULL) here when d_drop_negative_children 292 * is called in xfs_vn_mknod (ie. allow negative dentries 293 * with CI filesystems). 294 */ 295 return NULL; 296 } 297 298 /* if exact match, just splice and exit */ 299 if (!ci_name.name) 300 return d_splice_alias(VFS_I(ip), dentry); 301 302 /* else case-insensitive match... */ 303 dname.name = ci_name.name; 304 dname.len = ci_name.len; 305 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 306 kmem_free(ci_name.name); 307 return dentry; 308 } 309 310 STATIC int 311 xfs_vn_link( 312 struct dentry *old_dentry, 313 struct inode *dir, 314 struct dentry *dentry) 315 { 316 struct inode *inode = d_inode(old_dentry); 317 struct xfs_name name; 318 int error; 319 320 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 321 if (unlikely(error)) 322 return error; 323 324 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 325 if (unlikely(error)) 326 return error; 327 328 ihold(inode); 329 d_instantiate(dentry, inode); 330 return 0; 331 } 332 333 STATIC int 334 xfs_vn_unlink( 335 struct inode *dir, 336 struct dentry *dentry) 337 { 338 struct xfs_name name; 339 int error; 340 341 xfs_dentry_to_name(&name, dentry); 342 343 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 344 if (error) 345 return error; 346 347 /* 348 * With unlink, the VFS makes the dentry "negative": no inode, 349 * but still hashed. This is incompatible with case-insensitive 350 * mode, so invalidate (unhash) the dentry in CI-mode. 351 */ 352 if (xfs_sb_version_hasasciici(&XFS_M(dir->i_sb)->m_sb)) 353 d_invalidate(dentry); 354 return 0; 355 } 356 357 STATIC int 358 xfs_vn_symlink( 359 struct inode *dir, 360 struct dentry *dentry, 361 const char *symname) 362 { 363 struct inode *inode; 364 struct xfs_inode *cip = NULL; 365 struct xfs_name name; 366 int error; 367 umode_t mode; 368 369 mode = S_IFLNK | 370 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 371 error = xfs_dentry_mode_to_name(&name, dentry, mode); 372 if (unlikely(error)) 373 goto out; 374 375 error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip); 376 if (unlikely(error)) 377 goto out; 378 379 inode = VFS_I(cip); 380 381 error = xfs_init_security(inode, dir, &dentry->d_name); 382 if (unlikely(error)) 383 goto out_cleanup_inode; 384 385 xfs_setup_iops(cip); 386 387 d_instantiate(dentry, inode); 388 xfs_finish_inode_setup(cip); 389 return 0; 390 391 out_cleanup_inode: 392 xfs_finish_inode_setup(cip); 393 xfs_cleanup_inode(dir, inode, dentry); 394 xfs_irele(cip); 395 out: 396 return error; 397 } 398 399 STATIC int 400 xfs_vn_rename( 401 struct inode *odir, 402 struct dentry *odentry, 403 struct inode *ndir, 404 struct dentry *ndentry, 405 unsigned int flags) 406 { 407 struct inode *new_inode = d_inode(ndentry); 408 int omode = 0; 409 int error; 410 struct xfs_name oname; 411 struct xfs_name nname; 412 413 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 414 return -EINVAL; 415 416 /* if we are exchanging files, we need to set i_mode of both files */ 417 if (flags & RENAME_EXCHANGE) 418 omode = d_inode(ndentry)->i_mode; 419 420 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 421 if (omode && unlikely(error)) 422 return error; 423 424 error = xfs_dentry_mode_to_name(&nname, ndentry, 425 d_inode(odentry)->i_mode); 426 if (unlikely(error)) 427 return error; 428 429 return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)), 430 XFS_I(ndir), &nname, 431 new_inode ? XFS_I(new_inode) : NULL, flags); 432 } 433 434 /* 435 * careful here - this function can get called recursively, so 436 * we need to be very careful about how much stack we use. 437 * uio is kmalloced for this reason... 438 */ 439 STATIC const char * 440 xfs_vn_get_link( 441 struct dentry *dentry, 442 struct inode *inode, 443 struct delayed_call *done) 444 { 445 char *link; 446 int error = -ENOMEM; 447 448 if (!dentry) 449 return ERR_PTR(-ECHILD); 450 451 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 452 if (!link) 453 goto out_err; 454 455 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 456 if (unlikely(error)) 457 goto out_kfree; 458 459 set_delayed_call(done, kfree_link, link); 460 return link; 461 462 out_kfree: 463 kfree(link); 464 out_err: 465 return ERR_PTR(error); 466 } 467 468 STATIC const char * 469 xfs_vn_get_link_inline( 470 struct dentry *dentry, 471 struct inode *inode, 472 struct delayed_call *done) 473 { 474 struct xfs_inode *ip = XFS_I(inode); 475 char *link; 476 477 ASSERT(ip->i_df.if_flags & XFS_IFINLINE); 478 479 /* 480 * The VFS crashes on a NULL pointer, so return -EFSCORRUPTED if 481 * if_data is junk. 482 */ 483 link = ip->i_df.if_u1.if_data; 484 if (XFS_IS_CORRUPT(ip->i_mount, !link)) 485 return ERR_PTR(-EFSCORRUPTED); 486 return link; 487 } 488 489 static uint32_t 490 xfs_stat_blksize( 491 struct xfs_inode *ip) 492 { 493 struct xfs_mount *mp = ip->i_mount; 494 495 /* 496 * If the file blocks are being allocated from a realtime volume, then 497 * always return the realtime extent size. 498 */ 499 if (XFS_IS_REALTIME_INODE(ip)) 500 return xfs_get_extsz_hint(ip) << mp->m_sb.sb_blocklog; 501 502 /* 503 * Allow large block sizes to be reported to userspace programs if the 504 * "largeio" mount option is used. 505 * 506 * If compatibility mode is specified, simply return the basic unit of 507 * caching so that we don't get inefficient read/modify/write I/O from 508 * user apps. Otherwise.... 509 * 510 * If the underlying volume is a stripe, then return the stripe width in 511 * bytes as the recommended I/O size. It is not a stripe and we've set a 512 * default buffered I/O size, return that, otherwise return the compat 513 * default. 514 */ 515 if (mp->m_flags & XFS_MOUNT_LARGEIO) { 516 if (mp->m_swidth) 517 return mp->m_swidth << mp->m_sb.sb_blocklog; 518 if (mp->m_flags & XFS_MOUNT_ALLOCSIZE) 519 return 1U << mp->m_allocsize_log; 520 } 521 522 return PAGE_SIZE; 523 } 524 525 STATIC int 526 xfs_vn_getattr( 527 const struct path *path, 528 struct kstat *stat, 529 u32 request_mask, 530 unsigned int query_flags) 531 { 532 struct inode *inode = d_inode(path->dentry); 533 struct xfs_inode *ip = XFS_I(inode); 534 struct xfs_mount *mp = ip->i_mount; 535 536 trace_xfs_getattr(ip); 537 538 if (XFS_FORCED_SHUTDOWN(mp)) 539 return -EIO; 540 541 stat->size = XFS_ISIZE(ip); 542 stat->dev = inode->i_sb->s_dev; 543 stat->mode = inode->i_mode; 544 stat->nlink = inode->i_nlink; 545 stat->uid = inode->i_uid; 546 stat->gid = inode->i_gid; 547 stat->ino = ip->i_ino; 548 stat->atime = inode->i_atime; 549 stat->mtime = inode->i_mtime; 550 stat->ctime = inode->i_ctime; 551 stat->blocks = 552 XFS_FSB_TO_BB(mp, ip->i_d.di_nblocks + ip->i_delayed_blks); 553 554 if (ip->i_d.di_version == 3) { 555 if (request_mask & STATX_BTIME) { 556 stat->result_mask |= STATX_BTIME; 557 stat->btime = ip->i_d.di_crtime; 558 } 559 } 560 561 /* 562 * Note: If you add another clause to set an attribute flag, please 563 * update attributes_mask below. 564 */ 565 if (ip->i_d.di_flags & XFS_DIFLAG_IMMUTABLE) 566 stat->attributes |= STATX_ATTR_IMMUTABLE; 567 if (ip->i_d.di_flags & XFS_DIFLAG_APPEND) 568 stat->attributes |= STATX_ATTR_APPEND; 569 if (ip->i_d.di_flags & XFS_DIFLAG_NODUMP) 570 stat->attributes |= STATX_ATTR_NODUMP; 571 572 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 573 STATX_ATTR_APPEND | 574 STATX_ATTR_NODUMP); 575 576 switch (inode->i_mode & S_IFMT) { 577 case S_IFBLK: 578 case S_IFCHR: 579 stat->blksize = BLKDEV_IOSIZE; 580 stat->rdev = inode->i_rdev; 581 break; 582 default: 583 stat->blksize = xfs_stat_blksize(ip); 584 stat->rdev = 0; 585 break; 586 } 587 588 return 0; 589 } 590 591 static void 592 xfs_setattr_mode( 593 struct xfs_inode *ip, 594 struct iattr *iattr) 595 { 596 struct inode *inode = VFS_I(ip); 597 umode_t mode = iattr->ia_mode; 598 599 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 600 601 inode->i_mode &= S_IFMT; 602 inode->i_mode |= mode & ~S_IFMT; 603 } 604 605 void 606 xfs_setattr_time( 607 struct xfs_inode *ip, 608 struct iattr *iattr) 609 { 610 struct inode *inode = VFS_I(ip); 611 612 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 613 614 if (iattr->ia_valid & ATTR_ATIME) 615 inode->i_atime = iattr->ia_atime; 616 if (iattr->ia_valid & ATTR_CTIME) 617 inode->i_ctime = iattr->ia_ctime; 618 if (iattr->ia_valid & ATTR_MTIME) 619 inode->i_mtime = iattr->ia_mtime; 620 } 621 622 static int 623 xfs_vn_change_ok( 624 struct dentry *dentry, 625 struct iattr *iattr) 626 { 627 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 628 629 if (mp->m_flags & XFS_MOUNT_RDONLY) 630 return -EROFS; 631 632 if (XFS_FORCED_SHUTDOWN(mp)) 633 return -EIO; 634 635 return setattr_prepare(dentry, iattr); 636 } 637 638 /* 639 * Set non-size attributes of an inode. 640 * 641 * Caution: The caller of this function is responsible for calling 642 * setattr_prepare() or otherwise verifying the change is fine. 643 */ 644 int 645 xfs_setattr_nonsize( 646 struct xfs_inode *ip, 647 struct iattr *iattr, 648 int flags) 649 { 650 xfs_mount_t *mp = ip->i_mount; 651 struct inode *inode = VFS_I(ip); 652 int mask = iattr->ia_valid; 653 xfs_trans_t *tp; 654 int error; 655 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID; 656 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID; 657 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 658 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL; 659 660 ASSERT((mask & ATTR_SIZE) == 0); 661 662 /* 663 * If disk quotas is on, we make sure that the dquots do exist on disk, 664 * before we start any other transactions. Trying to do this later 665 * is messy. We don't care to take a readlock to look at the ids 666 * in inode here, because we can't hold it across the trans_reserve. 667 * If the IDs do change before we take the ilock, we're covered 668 * because the i_*dquot fields will get updated anyway. 669 */ 670 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 671 uint qflags = 0; 672 673 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 674 uid = iattr->ia_uid; 675 qflags |= XFS_QMOPT_UQUOTA; 676 } else { 677 uid = inode->i_uid; 678 } 679 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 680 gid = iattr->ia_gid; 681 qflags |= XFS_QMOPT_GQUOTA; 682 } else { 683 gid = inode->i_gid; 684 } 685 686 /* 687 * We take a reference when we initialize udqp and gdqp, 688 * so it is important that we never blindly double trip on 689 * the same variable. See xfs_create() for an example. 690 */ 691 ASSERT(udqp == NULL); 692 ASSERT(gdqp == NULL); 693 error = xfs_qm_vop_dqalloc(ip, xfs_kuid_to_uid(uid), 694 xfs_kgid_to_gid(gid), 695 ip->i_d.di_projid, 696 qflags, &udqp, &gdqp, NULL); 697 if (error) 698 return error; 699 } 700 701 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp); 702 if (error) 703 goto out_dqrele; 704 705 xfs_ilock(ip, XFS_ILOCK_EXCL); 706 xfs_trans_ijoin(tp, ip, 0); 707 708 /* 709 * Change file ownership. Must be the owner or privileged. 710 */ 711 if (mask & (ATTR_UID|ATTR_GID)) { 712 /* 713 * These IDs could have changed since we last looked at them. 714 * But, we're assured that if the ownership did change 715 * while we didn't have the inode locked, inode's dquot(s) 716 * would have changed also. 717 */ 718 iuid = inode->i_uid; 719 igid = inode->i_gid; 720 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid; 721 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid; 722 723 /* 724 * Do a quota reservation only if uid/gid is actually 725 * going to change. 726 */ 727 if (XFS_IS_QUOTA_RUNNING(mp) && 728 ((XFS_IS_UQUOTA_ON(mp) && !uid_eq(iuid, uid)) || 729 (XFS_IS_GQUOTA_ON(mp) && !gid_eq(igid, gid)))) { 730 ASSERT(tp); 731 error = xfs_qm_vop_chown_reserve(tp, ip, udqp, gdqp, 732 NULL, capable(CAP_FOWNER) ? 733 XFS_QMOPT_FORCE_RES : 0); 734 if (error) /* out of quota */ 735 goto out_cancel; 736 } 737 } 738 739 /* 740 * Change file ownership. Must be the owner or privileged. 741 */ 742 if (mask & (ATTR_UID|ATTR_GID)) { 743 /* 744 * CAP_FSETID overrides the following restrictions: 745 * 746 * The set-user-ID and set-group-ID bits of a file will be 747 * cleared upon successful return from chown() 748 */ 749 if ((inode->i_mode & (S_ISUID|S_ISGID)) && 750 !capable(CAP_FSETID)) 751 inode->i_mode &= ~(S_ISUID|S_ISGID); 752 753 /* 754 * Change the ownerships and register quota modifications 755 * in the transaction. 756 */ 757 if (!uid_eq(iuid, uid)) { 758 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) { 759 ASSERT(mask & ATTR_UID); 760 ASSERT(udqp); 761 olddquot1 = xfs_qm_vop_chown(tp, ip, 762 &ip->i_udquot, udqp); 763 } 764 ip->i_d.di_uid = xfs_kuid_to_uid(uid); 765 inode->i_uid = uid; 766 } 767 if (!gid_eq(igid, gid)) { 768 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_GQUOTA_ON(mp)) { 769 ASSERT(xfs_sb_version_has_pquotino(&mp->m_sb) || 770 !XFS_IS_PQUOTA_ON(mp)); 771 ASSERT(mask & ATTR_GID); 772 ASSERT(gdqp); 773 olddquot2 = xfs_qm_vop_chown(tp, ip, 774 &ip->i_gdquot, gdqp); 775 } 776 ip->i_d.di_gid = xfs_kgid_to_gid(gid); 777 inode->i_gid = gid; 778 } 779 } 780 781 if (mask & ATTR_MODE) 782 xfs_setattr_mode(ip, iattr); 783 if (mask & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 784 xfs_setattr_time(ip, iattr); 785 786 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 787 788 XFS_STATS_INC(mp, xs_ig_attrchg); 789 790 if (mp->m_flags & XFS_MOUNT_WSYNC) 791 xfs_trans_set_sync(tp); 792 error = xfs_trans_commit(tp); 793 794 xfs_iunlock(ip, XFS_ILOCK_EXCL); 795 796 /* 797 * Release any dquot(s) the inode had kept before chown. 798 */ 799 xfs_qm_dqrele(olddquot1); 800 xfs_qm_dqrele(olddquot2); 801 xfs_qm_dqrele(udqp); 802 xfs_qm_dqrele(gdqp); 803 804 if (error) 805 return error; 806 807 /* 808 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 809 * update. We could avoid this with linked transactions 810 * and passing down the transaction pointer all the way 811 * to attr_set. No previous user of the generic 812 * Posix ACL code seems to care about this issue either. 813 */ 814 if ((mask & ATTR_MODE) && !(flags & XFS_ATTR_NOACL)) { 815 error = posix_acl_chmod(inode, inode->i_mode); 816 if (error) 817 return error; 818 } 819 820 return 0; 821 822 out_cancel: 823 xfs_trans_cancel(tp); 824 xfs_iunlock(ip, XFS_ILOCK_EXCL); 825 out_dqrele: 826 xfs_qm_dqrele(udqp); 827 xfs_qm_dqrele(gdqp); 828 return error; 829 } 830 831 int 832 xfs_vn_setattr_nonsize( 833 struct dentry *dentry, 834 struct iattr *iattr) 835 { 836 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 837 int error; 838 839 trace_xfs_setattr(ip); 840 841 error = xfs_vn_change_ok(dentry, iattr); 842 if (error) 843 return error; 844 return xfs_setattr_nonsize(ip, iattr, 0); 845 } 846 847 /* 848 * Truncate file. Must have write permission and not be a directory. 849 * 850 * Caution: The caller of this function is responsible for calling 851 * setattr_prepare() or otherwise verifying the change is fine. 852 */ 853 STATIC int 854 xfs_setattr_size( 855 struct xfs_inode *ip, 856 struct iattr *iattr) 857 { 858 struct xfs_mount *mp = ip->i_mount; 859 struct inode *inode = VFS_I(ip); 860 xfs_off_t oldsize, newsize; 861 struct xfs_trans *tp; 862 int error; 863 uint lock_flags = 0; 864 bool did_zeroing = false; 865 866 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); 867 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL)); 868 ASSERT(S_ISREG(inode->i_mode)); 869 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 870 ATTR_MTIME_SET|ATTR_KILL_PRIV|ATTR_TIMES_SET)) == 0); 871 872 oldsize = inode->i_size; 873 newsize = iattr->ia_size; 874 875 /* 876 * Short circuit the truncate case for zero length files. 877 */ 878 if (newsize == 0 && oldsize == 0 && ip->i_d.di_nextents == 0) { 879 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 880 return 0; 881 882 /* 883 * Use the regular setattr path to update the timestamps. 884 */ 885 iattr->ia_valid &= ~ATTR_SIZE; 886 return xfs_setattr_nonsize(ip, iattr, 0); 887 } 888 889 /* 890 * Make sure that the dquots are attached to the inode. 891 */ 892 error = xfs_qm_dqattach(ip); 893 if (error) 894 return error; 895 896 /* 897 * Wait for all direct I/O to complete. 898 */ 899 inode_dio_wait(inode); 900 901 /* 902 * File data changes must be complete before we start the transaction to 903 * modify the inode. This needs to be done before joining the inode to 904 * the transaction because the inode cannot be unlocked once it is a 905 * part of the transaction. 906 * 907 * Start with zeroing any data beyond EOF that we may expose on file 908 * extension, or zeroing out the rest of the block on a downward 909 * truncate. 910 */ 911 if (newsize > oldsize) { 912 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 913 error = iomap_zero_range(inode, oldsize, newsize - oldsize, 914 &did_zeroing, &xfs_buffered_write_iomap_ops); 915 } else { 916 error = iomap_truncate_page(inode, newsize, &did_zeroing, 917 &xfs_buffered_write_iomap_ops); 918 } 919 920 if (error) 921 return error; 922 923 /* 924 * We've already locked out new page faults, so now we can safely remove 925 * pages from the page cache knowing they won't get refaulted until we 926 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 927 * complete. The truncate_setsize() call also cleans partial EOF page 928 * PTEs on extending truncates and hence ensures sub-page block size 929 * filesystems are correctly handled, too. 930 * 931 * We have to do all the page cache truncate work outside the 932 * transaction context as the "lock" order is page lock->log space 933 * reservation as defined by extent allocation in the writeback path. 934 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 935 * having already truncated the in-memory version of the file (i.e. made 936 * user visible changes). There's not much we can do about this, except 937 * to hope that the caller sees ENOMEM and retries the truncate 938 * operation. 939 * 940 * And we update in-core i_size and truncate page cache beyond newsize 941 * before writeback the [di_size, newsize] range, so we're guaranteed 942 * not to write stale data past the new EOF on truncate down. 943 */ 944 truncate_setsize(inode, newsize); 945 946 /* 947 * We are going to log the inode size change in this transaction so 948 * any previous writes that are beyond the on disk EOF and the new 949 * EOF that have not been written out need to be written here. If we 950 * do not write the data out, we expose ourselves to the null files 951 * problem. Note that this includes any block zeroing we did above; 952 * otherwise those blocks may not be zeroed after a crash. 953 */ 954 if (did_zeroing || 955 (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) { 956 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 957 ip->i_d.di_size, newsize - 1); 958 if (error) 959 return error; 960 } 961 962 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 963 if (error) 964 return error; 965 966 lock_flags |= XFS_ILOCK_EXCL; 967 xfs_ilock(ip, XFS_ILOCK_EXCL); 968 xfs_trans_ijoin(tp, ip, 0); 969 970 /* 971 * Only change the c/mtime if we are changing the size or we are 972 * explicitly asked to change it. This handles the semantic difference 973 * between truncate() and ftruncate() as implemented in the VFS. 974 * 975 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 976 * special case where we need to update the times despite not having 977 * these flags set. For all other operations the VFS set these flags 978 * explicitly if it wants a timestamp update. 979 */ 980 if (newsize != oldsize && 981 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 982 iattr->ia_ctime = iattr->ia_mtime = 983 current_time(inode); 984 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 985 } 986 987 /* 988 * The first thing we do is set the size to new_size permanently on 989 * disk. This way we don't have to worry about anyone ever being able 990 * to look at the data being freed even in the face of a crash. 991 * What we're getting around here is the case where we free a block, it 992 * is allocated to another file, it is written to, and then we crash. 993 * If the new data gets written to the file but the log buffers 994 * containing the free and reallocation don't, then we'd end up with 995 * garbage in the blocks being freed. As long as we make the new size 996 * permanent before actually freeing any blocks it doesn't matter if 997 * they get written to. 998 */ 999 ip->i_d.di_size = newsize; 1000 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 1001 1002 if (newsize <= oldsize) { 1003 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 1004 if (error) 1005 goto out_trans_cancel; 1006 1007 /* 1008 * Truncated "down", so we're removing references to old data 1009 * here - if we delay flushing for a long time, we expose 1010 * ourselves unduly to the notorious NULL files problem. So, 1011 * we mark this inode and flush it when the file is closed, 1012 * and do not wait the usual (long) time for writeout. 1013 */ 1014 xfs_iflags_set(ip, XFS_ITRUNCATED); 1015 1016 /* A truncate down always removes post-EOF blocks. */ 1017 xfs_inode_clear_eofblocks_tag(ip); 1018 } 1019 1020 if (iattr->ia_valid & ATTR_MODE) 1021 xfs_setattr_mode(ip, iattr); 1022 if (iattr->ia_valid & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 1023 xfs_setattr_time(ip, iattr); 1024 1025 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 1026 1027 XFS_STATS_INC(mp, xs_ig_attrchg); 1028 1029 if (mp->m_flags & XFS_MOUNT_WSYNC) 1030 xfs_trans_set_sync(tp); 1031 1032 error = xfs_trans_commit(tp); 1033 out_unlock: 1034 if (lock_flags) 1035 xfs_iunlock(ip, lock_flags); 1036 return error; 1037 1038 out_trans_cancel: 1039 xfs_trans_cancel(tp); 1040 goto out_unlock; 1041 } 1042 1043 int 1044 xfs_vn_setattr_size( 1045 struct dentry *dentry, 1046 struct iattr *iattr) 1047 { 1048 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 1049 int error; 1050 1051 trace_xfs_setattr(ip); 1052 1053 error = xfs_vn_change_ok(dentry, iattr); 1054 if (error) 1055 return error; 1056 return xfs_setattr_size(ip, iattr); 1057 } 1058 1059 STATIC int 1060 xfs_vn_setattr( 1061 struct dentry *dentry, 1062 struct iattr *iattr) 1063 { 1064 int error; 1065 1066 if (iattr->ia_valid & ATTR_SIZE) { 1067 struct inode *inode = d_inode(dentry); 1068 struct xfs_inode *ip = XFS_I(inode); 1069 uint iolock; 1070 1071 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1072 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1073 1074 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1075 if (error) { 1076 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1077 return error; 1078 } 1079 1080 error = xfs_vn_setattr_size(dentry, iattr); 1081 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1082 } else { 1083 error = xfs_vn_setattr_nonsize(dentry, iattr); 1084 } 1085 1086 return error; 1087 } 1088 1089 STATIC int 1090 xfs_vn_update_time( 1091 struct inode *inode, 1092 struct timespec64 *now, 1093 int flags) 1094 { 1095 struct xfs_inode *ip = XFS_I(inode); 1096 struct xfs_mount *mp = ip->i_mount; 1097 int log_flags = XFS_ILOG_TIMESTAMP; 1098 struct xfs_trans *tp; 1099 int error; 1100 1101 trace_xfs_update_time(ip); 1102 1103 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1104 if (!((flags & S_VERSION) && 1105 inode_maybe_inc_iversion(inode, false))) 1106 return generic_update_time(inode, now, flags); 1107 1108 /* Capture the iversion update that just occurred */ 1109 log_flags |= XFS_ILOG_CORE; 1110 } 1111 1112 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1113 if (error) 1114 return error; 1115 1116 xfs_ilock(ip, XFS_ILOCK_EXCL); 1117 if (flags & S_CTIME) 1118 inode->i_ctime = *now; 1119 if (flags & S_MTIME) 1120 inode->i_mtime = *now; 1121 if (flags & S_ATIME) 1122 inode->i_atime = *now; 1123 1124 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1125 xfs_trans_log_inode(tp, ip, log_flags); 1126 return xfs_trans_commit(tp); 1127 } 1128 1129 STATIC int 1130 xfs_vn_fiemap( 1131 struct inode *inode, 1132 struct fiemap_extent_info *fieinfo, 1133 u64 start, 1134 u64 length) 1135 { 1136 int error; 1137 1138 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1139 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1140 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1141 error = iomap_fiemap(inode, fieinfo, start, length, 1142 &xfs_xattr_iomap_ops); 1143 } else { 1144 error = iomap_fiemap(inode, fieinfo, start, length, 1145 &xfs_read_iomap_ops); 1146 } 1147 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1148 1149 return error; 1150 } 1151 1152 STATIC int 1153 xfs_vn_tmpfile( 1154 struct inode *dir, 1155 struct dentry *dentry, 1156 umode_t mode) 1157 { 1158 return xfs_generic_create(dir, dentry, mode, 0, true); 1159 } 1160 1161 static const struct inode_operations xfs_inode_operations = { 1162 .get_acl = xfs_get_acl, 1163 .set_acl = xfs_set_acl, 1164 .getattr = xfs_vn_getattr, 1165 .setattr = xfs_vn_setattr, 1166 .listxattr = xfs_vn_listxattr, 1167 .fiemap = xfs_vn_fiemap, 1168 .update_time = xfs_vn_update_time, 1169 }; 1170 1171 static const struct inode_operations xfs_dir_inode_operations = { 1172 .create = xfs_vn_create, 1173 .lookup = xfs_vn_lookup, 1174 .link = xfs_vn_link, 1175 .unlink = xfs_vn_unlink, 1176 .symlink = xfs_vn_symlink, 1177 .mkdir = xfs_vn_mkdir, 1178 /* 1179 * Yes, XFS uses the same method for rmdir and unlink. 1180 * 1181 * There are some subtile differences deeper in the code, 1182 * but we use S_ISDIR to check for those. 1183 */ 1184 .rmdir = xfs_vn_unlink, 1185 .mknod = xfs_vn_mknod, 1186 .rename = xfs_vn_rename, 1187 .get_acl = xfs_get_acl, 1188 .set_acl = xfs_set_acl, 1189 .getattr = xfs_vn_getattr, 1190 .setattr = xfs_vn_setattr, 1191 .listxattr = xfs_vn_listxattr, 1192 .update_time = xfs_vn_update_time, 1193 .tmpfile = xfs_vn_tmpfile, 1194 }; 1195 1196 static const struct inode_operations xfs_dir_ci_inode_operations = { 1197 .create = xfs_vn_create, 1198 .lookup = xfs_vn_ci_lookup, 1199 .link = xfs_vn_link, 1200 .unlink = xfs_vn_unlink, 1201 .symlink = xfs_vn_symlink, 1202 .mkdir = xfs_vn_mkdir, 1203 /* 1204 * Yes, XFS uses the same method for rmdir and unlink. 1205 * 1206 * There are some subtile differences deeper in the code, 1207 * but we use S_ISDIR to check for those. 1208 */ 1209 .rmdir = xfs_vn_unlink, 1210 .mknod = xfs_vn_mknod, 1211 .rename = xfs_vn_rename, 1212 .get_acl = xfs_get_acl, 1213 .set_acl = xfs_set_acl, 1214 .getattr = xfs_vn_getattr, 1215 .setattr = xfs_vn_setattr, 1216 .listxattr = xfs_vn_listxattr, 1217 .update_time = xfs_vn_update_time, 1218 .tmpfile = xfs_vn_tmpfile, 1219 }; 1220 1221 static const struct inode_operations xfs_symlink_inode_operations = { 1222 .get_link = xfs_vn_get_link, 1223 .getattr = xfs_vn_getattr, 1224 .setattr = xfs_vn_setattr, 1225 .listxattr = xfs_vn_listxattr, 1226 .update_time = xfs_vn_update_time, 1227 }; 1228 1229 static const struct inode_operations xfs_inline_symlink_inode_operations = { 1230 .get_link = xfs_vn_get_link_inline, 1231 .getattr = xfs_vn_getattr, 1232 .setattr = xfs_vn_setattr, 1233 .listxattr = xfs_vn_listxattr, 1234 .update_time = xfs_vn_update_time, 1235 }; 1236 1237 /* Figure out if this file actually supports DAX. */ 1238 static bool 1239 xfs_inode_supports_dax( 1240 struct xfs_inode *ip) 1241 { 1242 struct xfs_mount *mp = ip->i_mount; 1243 1244 /* Only supported on non-reflinked files. */ 1245 if (!S_ISREG(VFS_I(ip)->i_mode) || xfs_is_reflink_inode(ip)) 1246 return false; 1247 1248 /* DAX mount option or DAX iflag must be set. */ 1249 if (!(mp->m_flags & XFS_MOUNT_DAX) && 1250 !(ip->i_d.di_flags2 & XFS_DIFLAG2_DAX)) 1251 return false; 1252 1253 /* Block size must match page size */ 1254 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1255 return false; 1256 1257 /* Device has to support DAX too. */ 1258 return xfs_inode_buftarg(ip)->bt_daxdev != NULL; 1259 } 1260 1261 STATIC void 1262 xfs_diflags_to_iflags( 1263 struct inode *inode, 1264 struct xfs_inode *ip) 1265 { 1266 uint16_t flags = ip->i_d.di_flags; 1267 1268 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | 1269 S_NOATIME | S_DAX); 1270 1271 if (flags & XFS_DIFLAG_IMMUTABLE) 1272 inode->i_flags |= S_IMMUTABLE; 1273 if (flags & XFS_DIFLAG_APPEND) 1274 inode->i_flags |= S_APPEND; 1275 if (flags & XFS_DIFLAG_SYNC) 1276 inode->i_flags |= S_SYNC; 1277 if (flags & XFS_DIFLAG_NOATIME) 1278 inode->i_flags |= S_NOATIME; 1279 if (xfs_inode_supports_dax(ip)) 1280 inode->i_flags |= S_DAX; 1281 } 1282 1283 /* 1284 * Initialize the Linux inode. 1285 * 1286 * When reading existing inodes from disk this is called directly from xfs_iget, 1287 * when creating a new inode it is called from xfs_ialloc after setting up the 1288 * inode. These callers have different criteria for clearing XFS_INEW, so leave 1289 * it up to the caller to deal with unlocking the inode appropriately. 1290 */ 1291 void 1292 xfs_setup_inode( 1293 struct xfs_inode *ip) 1294 { 1295 struct inode *inode = &ip->i_vnode; 1296 gfp_t gfp_mask; 1297 1298 inode->i_ino = ip->i_ino; 1299 inode->i_state = I_NEW; 1300 1301 inode_sb_list_add(inode); 1302 /* make the inode look hashed for the writeback code */ 1303 inode_fake_hash(inode); 1304 1305 inode->i_uid = xfs_uid_to_kuid(ip->i_d.di_uid); 1306 inode->i_gid = xfs_gid_to_kgid(ip->i_d.di_gid); 1307 1308 i_size_write(inode, ip->i_d.di_size); 1309 xfs_diflags_to_iflags(inode, ip); 1310 1311 if (S_ISDIR(inode->i_mode)) { 1312 /* 1313 * We set the i_rwsem class here to avoid potential races with 1314 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1315 * after a filehandle lookup has already found the inode in 1316 * cache before it has been unlocked via unlock_new_inode(). 1317 */ 1318 lockdep_set_class(&inode->i_rwsem, 1319 &inode->i_sb->s_type->i_mutex_dir_key); 1320 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class); 1321 } else { 1322 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class); 1323 } 1324 1325 /* 1326 * Ensure all page cache allocations are done from GFP_NOFS context to 1327 * prevent direct reclaim recursion back into the filesystem and blowing 1328 * stacks or deadlocking. 1329 */ 1330 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1331 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1332 1333 /* 1334 * If there is no attribute fork no ACL can exist on this inode, 1335 * and it can't have any file capabilities attached to it either. 1336 */ 1337 if (!XFS_IFORK_Q(ip)) { 1338 inode_has_no_xattr(inode); 1339 cache_no_acl(inode); 1340 } 1341 } 1342 1343 void 1344 xfs_setup_iops( 1345 struct xfs_inode *ip) 1346 { 1347 struct inode *inode = &ip->i_vnode; 1348 1349 switch (inode->i_mode & S_IFMT) { 1350 case S_IFREG: 1351 inode->i_op = &xfs_inode_operations; 1352 inode->i_fop = &xfs_file_operations; 1353 if (IS_DAX(inode)) 1354 inode->i_mapping->a_ops = &xfs_dax_aops; 1355 else 1356 inode->i_mapping->a_ops = &xfs_address_space_operations; 1357 break; 1358 case S_IFDIR: 1359 if (xfs_sb_version_hasasciici(&XFS_M(inode->i_sb)->m_sb)) 1360 inode->i_op = &xfs_dir_ci_inode_operations; 1361 else 1362 inode->i_op = &xfs_dir_inode_operations; 1363 inode->i_fop = &xfs_dir_file_operations; 1364 break; 1365 case S_IFLNK: 1366 if (ip->i_df.if_flags & XFS_IFINLINE) 1367 inode->i_op = &xfs_inline_symlink_inode_operations; 1368 else 1369 inode->i_op = &xfs_symlink_inode_operations; 1370 break; 1371 default: 1372 inode->i_op = &xfs_inode_operations; 1373 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1374 break; 1375 } 1376 } 1377