1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_inode.h" 14 #include "xfs_acl.h" 15 #include "xfs_quota.h" 16 #include "xfs_attr.h" 17 #include "xfs_trans.h" 18 #include "xfs_trace.h" 19 #include "xfs_icache.h" 20 #include "xfs_symlink.h" 21 #include "xfs_dir2.h" 22 #include "xfs_iomap.h" 23 #include "xfs_error.h" 24 25 #include <linux/posix_acl.h> 26 #include <linux/security.h> 27 #include <linux/iversion.h> 28 29 /* 30 * Directories have different lock order w.r.t. mmap_sem compared to regular 31 * files. This is due to readdir potentially triggering page faults on a user 32 * buffer inside filldir(), and this happens with the ilock on the directory 33 * held. For regular files, the lock order is the other way around - the 34 * mmap_sem is taken during the page fault, and then we lock the ilock to do 35 * block mapping. Hence we need a different class for the directory ilock so 36 * that lockdep can tell them apart. 37 */ 38 static struct lock_class_key xfs_nondir_ilock_class; 39 static struct lock_class_key xfs_dir_ilock_class; 40 41 static int 42 xfs_initxattrs( 43 struct inode *inode, 44 const struct xattr *xattr_array, 45 void *fs_info) 46 { 47 const struct xattr *xattr; 48 struct xfs_inode *ip = XFS_I(inode); 49 int error = 0; 50 51 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 52 struct xfs_da_args args = { 53 .dp = ip, 54 .attr_filter = XFS_ATTR_SECURE, 55 .name = xattr->name, 56 .namelen = strlen(xattr->name), 57 .value = xattr->value, 58 .valuelen = xattr->value_len, 59 }; 60 error = xfs_attr_set(&args); 61 if (error < 0) 62 break; 63 } 64 return error; 65 } 66 67 /* 68 * Hook in SELinux. This is not quite correct yet, what we really need 69 * here (as we do for default ACLs) is a mechanism by which creation of 70 * these attrs can be journalled at inode creation time (along with the 71 * inode, of course, such that log replay can't cause these to be lost). 72 */ 73 74 STATIC int 75 xfs_init_security( 76 struct inode *inode, 77 struct inode *dir, 78 const struct qstr *qstr) 79 { 80 return security_inode_init_security(inode, dir, qstr, 81 &xfs_initxattrs, NULL); 82 } 83 84 static void 85 xfs_dentry_to_name( 86 struct xfs_name *namep, 87 struct dentry *dentry) 88 { 89 namep->name = dentry->d_name.name; 90 namep->len = dentry->d_name.len; 91 namep->type = XFS_DIR3_FT_UNKNOWN; 92 } 93 94 static int 95 xfs_dentry_mode_to_name( 96 struct xfs_name *namep, 97 struct dentry *dentry, 98 int mode) 99 { 100 namep->name = dentry->d_name.name; 101 namep->len = dentry->d_name.len; 102 namep->type = xfs_mode_to_ftype(mode); 103 104 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 105 return -EFSCORRUPTED; 106 107 return 0; 108 } 109 110 STATIC void 111 xfs_cleanup_inode( 112 struct inode *dir, 113 struct inode *inode, 114 struct dentry *dentry) 115 { 116 struct xfs_name teardown; 117 118 /* Oh, the horror. 119 * If we can't add the ACL or we fail in 120 * xfs_init_security we must back out. 121 * ENOSPC can hit here, among other things. 122 */ 123 xfs_dentry_to_name(&teardown, dentry); 124 125 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 126 } 127 128 STATIC int 129 xfs_generic_create( 130 struct inode *dir, 131 struct dentry *dentry, 132 umode_t mode, 133 dev_t rdev, 134 bool tmpfile) /* unnamed file */ 135 { 136 struct inode *inode; 137 struct xfs_inode *ip = NULL; 138 struct posix_acl *default_acl, *acl; 139 struct xfs_name name; 140 int error; 141 142 /* 143 * Irix uses Missed'em'V split, but doesn't want to see 144 * the upper 5 bits of (14bit) major. 145 */ 146 if (S_ISCHR(mode) || S_ISBLK(mode)) { 147 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 148 return -EINVAL; 149 } else { 150 rdev = 0; 151 } 152 153 error = posix_acl_create(dir, &mode, &default_acl, &acl); 154 if (error) 155 return error; 156 157 /* Verify mode is valid also for tmpfile case */ 158 error = xfs_dentry_mode_to_name(&name, dentry, mode); 159 if (unlikely(error)) 160 goto out_free_acl; 161 162 if (!tmpfile) { 163 error = xfs_create(XFS_I(dir), &name, mode, rdev, &ip); 164 } else { 165 error = xfs_create_tmpfile(XFS_I(dir), mode, &ip); 166 } 167 if (unlikely(error)) 168 goto out_free_acl; 169 170 inode = VFS_I(ip); 171 172 error = xfs_init_security(inode, dir, &dentry->d_name); 173 if (unlikely(error)) 174 goto out_cleanup_inode; 175 176 #ifdef CONFIG_XFS_POSIX_ACL 177 if (default_acl) { 178 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 179 if (error) 180 goto out_cleanup_inode; 181 } 182 if (acl) { 183 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 184 if (error) 185 goto out_cleanup_inode; 186 } 187 #endif 188 189 xfs_setup_iops(ip); 190 191 if (tmpfile) { 192 /* 193 * The VFS requires that any inode fed to d_tmpfile must have 194 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 195 * However, we created the temp file with nlink == 0 because 196 * we're not allowed to put an inode with nlink > 0 on the 197 * unlinked list. Therefore we have to set nlink to 1 so that 198 * d_tmpfile can immediately set it back to zero. 199 */ 200 set_nlink(inode, 1); 201 d_tmpfile(dentry, inode); 202 } else 203 d_instantiate(dentry, inode); 204 205 xfs_finish_inode_setup(ip); 206 207 out_free_acl: 208 if (default_acl) 209 posix_acl_release(default_acl); 210 if (acl) 211 posix_acl_release(acl); 212 return error; 213 214 out_cleanup_inode: 215 xfs_finish_inode_setup(ip); 216 if (!tmpfile) 217 xfs_cleanup_inode(dir, inode, dentry); 218 xfs_irele(ip); 219 goto out_free_acl; 220 } 221 222 STATIC int 223 xfs_vn_mknod( 224 struct inode *dir, 225 struct dentry *dentry, 226 umode_t mode, 227 dev_t rdev) 228 { 229 return xfs_generic_create(dir, dentry, mode, rdev, false); 230 } 231 232 STATIC int 233 xfs_vn_create( 234 struct inode *dir, 235 struct dentry *dentry, 236 umode_t mode, 237 bool flags) 238 { 239 return xfs_vn_mknod(dir, dentry, mode, 0); 240 } 241 242 STATIC int 243 xfs_vn_mkdir( 244 struct inode *dir, 245 struct dentry *dentry, 246 umode_t mode) 247 { 248 return xfs_vn_mknod(dir, dentry, mode|S_IFDIR, 0); 249 } 250 251 STATIC struct dentry * 252 xfs_vn_lookup( 253 struct inode *dir, 254 struct dentry *dentry, 255 unsigned int flags) 256 { 257 struct inode *inode; 258 struct xfs_inode *cip; 259 struct xfs_name name; 260 int error; 261 262 if (dentry->d_name.len >= MAXNAMELEN) 263 return ERR_PTR(-ENAMETOOLONG); 264 265 xfs_dentry_to_name(&name, dentry); 266 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 267 if (likely(!error)) 268 inode = VFS_I(cip); 269 else if (likely(error == -ENOENT)) 270 inode = NULL; 271 else 272 inode = ERR_PTR(error); 273 return d_splice_alias(inode, dentry); 274 } 275 276 STATIC struct dentry * 277 xfs_vn_ci_lookup( 278 struct inode *dir, 279 struct dentry *dentry, 280 unsigned int flags) 281 { 282 struct xfs_inode *ip; 283 struct xfs_name xname; 284 struct xfs_name ci_name; 285 struct qstr dname; 286 int error; 287 288 if (dentry->d_name.len >= MAXNAMELEN) 289 return ERR_PTR(-ENAMETOOLONG); 290 291 xfs_dentry_to_name(&xname, dentry); 292 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 293 if (unlikely(error)) { 294 if (unlikely(error != -ENOENT)) 295 return ERR_PTR(error); 296 /* 297 * call d_add(dentry, NULL) here when d_drop_negative_children 298 * is called in xfs_vn_mknod (ie. allow negative dentries 299 * with CI filesystems). 300 */ 301 return NULL; 302 } 303 304 /* if exact match, just splice and exit */ 305 if (!ci_name.name) 306 return d_splice_alias(VFS_I(ip), dentry); 307 308 /* else case-insensitive match... */ 309 dname.name = ci_name.name; 310 dname.len = ci_name.len; 311 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 312 kmem_free(ci_name.name); 313 return dentry; 314 } 315 316 STATIC int 317 xfs_vn_link( 318 struct dentry *old_dentry, 319 struct inode *dir, 320 struct dentry *dentry) 321 { 322 struct inode *inode = d_inode(old_dentry); 323 struct xfs_name name; 324 int error; 325 326 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 327 if (unlikely(error)) 328 return error; 329 330 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 331 if (unlikely(error)) 332 return error; 333 334 ihold(inode); 335 d_instantiate(dentry, inode); 336 return 0; 337 } 338 339 STATIC int 340 xfs_vn_unlink( 341 struct inode *dir, 342 struct dentry *dentry) 343 { 344 struct xfs_name name; 345 int error; 346 347 xfs_dentry_to_name(&name, dentry); 348 349 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 350 if (error) 351 return error; 352 353 /* 354 * With unlink, the VFS makes the dentry "negative": no inode, 355 * but still hashed. This is incompatible with case-insensitive 356 * mode, so invalidate (unhash) the dentry in CI-mode. 357 */ 358 if (xfs_sb_version_hasasciici(&XFS_M(dir->i_sb)->m_sb)) 359 d_invalidate(dentry); 360 return 0; 361 } 362 363 STATIC int 364 xfs_vn_symlink( 365 struct inode *dir, 366 struct dentry *dentry, 367 const char *symname) 368 { 369 struct inode *inode; 370 struct xfs_inode *cip = NULL; 371 struct xfs_name name; 372 int error; 373 umode_t mode; 374 375 mode = S_IFLNK | 376 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 377 error = xfs_dentry_mode_to_name(&name, dentry, mode); 378 if (unlikely(error)) 379 goto out; 380 381 error = xfs_symlink(XFS_I(dir), &name, symname, mode, &cip); 382 if (unlikely(error)) 383 goto out; 384 385 inode = VFS_I(cip); 386 387 error = xfs_init_security(inode, dir, &dentry->d_name); 388 if (unlikely(error)) 389 goto out_cleanup_inode; 390 391 xfs_setup_iops(cip); 392 393 d_instantiate(dentry, inode); 394 xfs_finish_inode_setup(cip); 395 return 0; 396 397 out_cleanup_inode: 398 xfs_finish_inode_setup(cip); 399 xfs_cleanup_inode(dir, inode, dentry); 400 xfs_irele(cip); 401 out: 402 return error; 403 } 404 405 STATIC int 406 xfs_vn_rename( 407 struct inode *odir, 408 struct dentry *odentry, 409 struct inode *ndir, 410 struct dentry *ndentry, 411 unsigned int flags) 412 { 413 struct inode *new_inode = d_inode(ndentry); 414 int omode = 0; 415 int error; 416 struct xfs_name oname; 417 struct xfs_name nname; 418 419 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 420 return -EINVAL; 421 422 /* if we are exchanging files, we need to set i_mode of both files */ 423 if (flags & RENAME_EXCHANGE) 424 omode = d_inode(ndentry)->i_mode; 425 426 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 427 if (omode && unlikely(error)) 428 return error; 429 430 error = xfs_dentry_mode_to_name(&nname, ndentry, 431 d_inode(odentry)->i_mode); 432 if (unlikely(error)) 433 return error; 434 435 return xfs_rename(XFS_I(odir), &oname, XFS_I(d_inode(odentry)), 436 XFS_I(ndir), &nname, 437 new_inode ? XFS_I(new_inode) : NULL, flags); 438 } 439 440 /* 441 * careful here - this function can get called recursively, so 442 * we need to be very careful about how much stack we use. 443 * uio is kmalloced for this reason... 444 */ 445 STATIC const char * 446 xfs_vn_get_link( 447 struct dentry *dentry, 448 struct inode *inode, 449 struct delayed_call *done) 450 { 451 char *link; 452 int error = -ENOMEM; 453 454 if (!dentry) 455 return ERR_PTR(-ECHILD); 456 457 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 458 if (!link) 459 goto out_err; 460 461 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 462 if (unlikely(error)) 463 goto out_kfree; 464 465 set_delayed_call(done, kfree_link, link); 466 return link; 467 468 out_kfree: 469 kfree(link); 470 out_err: 471 return ERR_PTR(error); 472 } 473 474 STATIC const char * 475 xfs_vn_get_link_inline( 476 struct dentry *dentry, 477 struct inode *inode, 478 struct delayed_call *done) 479 { 480 struct xfs_inode *ip = XFS_I(inode); 481 char *link; 482 483 ASSERT(ip->i_df.if_flags & XFS_IFINLINE); 484 485 /* 486 * The VFS crashes on a NULL pointer, so return -EFSCORRUPTED if 487 * if_data is junk. 488 */ 489 link = ip->i_df.if_u1.if_data; 490 if (XFS_IS_CORRUPT(ip->i_mount, !link)) 491 return ERR_PTR(-EFSCORRUPTED); 492 return link; 493 } 494 495 static uint32_t 496 xfs_stat_blksize( 497 struct xfs_inode *ip) 498 { 499 struct xfs_mount *mp = ip->i_mount; 500 501 /* 502 * If the file blocks are being allocated from a realtime volume, then 503 * always return the realtime extent size. 504 */ 505 if (XFS_IS_REALTIME_INODE(ip)) 506 return xfs_get_extsz_hint(ip) << mp->m_sb.sb_blocklog; 507 508 /* 509 * Allow large block sizes to be reported to userspace programs if the 510 * "largeio" mount option is used. 511 * 512 * If compatibility mode is specified, simply return the basic unit of 513 * caching so that we don't get inefficient read/modify/write I/O from 514 * user apps. Otherwise.... 515 * 516 * If the underlying volume is a stripe, then return the stripe width in 517 * bytes as the recommended I/O size. It is not a stripe and we've set a 518 * default buffered I/O size, return that, otherwise return the compat 519 * default. 520 */ 521 if (mp->m_flags & XFS_MOUNT_LARGEIO) { 522 if (mp->m_swidth) 523 return mp->m_swidth << mp->m_sb.sb_blocklog; 524 if (mp->m_flags & XFS_MOUNT_ALLOCSIZE) 525 return 1U << mp->m_allocsize_log; 526 } 527 528 return PAGE_SIZE; 529 } 530 531 STATIC int 532 xfs_vn_getattr( 533 const struct path *path, 534 struct kstat *stat, 535 u32 request_mask, 536 unsigned int query_flags) 537 { 538 struct inode *inode = d_inode(path->dentry); 539 struct xfs_inode *ip = XFS_I(inode); 540 struct xfs_mount *mp = ip->i_mount; 541 542 trace_xfs_getattr(ip); 543 544 if (XFS_FORCED_SHUTDOWN(mp)) 545 return -EIO; 546 547 stat->size = XFS_ISIZE(ip); 548 stat->dev = inode->i_sb->s_dev; 549 stat->mode = inode->i_mode; 550 stat->nlink = inode->i_nlink; 551 stat->uid = inode->i_uid; 552 stat->gid = inode->i_gid; 553 stat->ino = ip->i_ino; 554 stat->atime = inode->i_atime; 555 stat->mtime = inode->i_mtime; 556 stat->ctime = inode->i_ctime; 557 stat->blocks = 558 XFS_FSB_TO_BB(mp, ip->i_d.di_nblocks + ip->i_delayed_blks); 559 560 if (xfs_sb_version_has_v3inode(&mp->m_sb)) { 561 if (request_mask & STATX_BTIME) { 562 stat->result_mask |= STATX_BTIME; 563 stat->btime = ip->i_d.di_crtime; 564 } 565 } 566 567 /* 568 * Note: If you add another clause to set an attribute flag, please 569 * update attributes_mask below. 570 */ 571 if (ip->i_d.di_flags & XFS_DIFLAG_IMMUTABLE) 572 stat->attributes |= STATX_ATTR_IMMUTABLE; 573 if (ip->i_d.di_flags & XFS_DIFLAG_APPEND) 574 stat->attributes |= STATX_ATTR_APPEND; 575 if (ip->i_d.di_flags & XFS_DIFLAG_NODUMP) 576 stat->attributes |= STATX_ATTR_NODUMP; 577 578 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 579 STATX_ATTR_APPEND | 580 STATX_ATTR_NODUMP); 581 582 switch (inode->i_mode & S_IFMT) { 583 case S_IFBLK: 584 case S_IFCHR: 585 stat->blksize = BLKDEV_IOSIZE; 586 stat->rdev = inode->i_rdev; 587 break; 588 default: 589 stat->blksize = xfs_stat_blksize(ip); 590 stat->rdev = 0; 591 break; 592 } 593 594 return 0; 595 } 596 597 static void 598 xfs_setattr_mode( 599 struct xfs_inode *ip, 600 struct iattr *iattr) 601 { 602 struct inode *inode = VFS_I(ip); 603 umode_t mode = iattr->ia_mode; 604 605 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 606 607 inode->i_mode &= S_IFMT; 608 inode->i_mode |= mode & ~S_IFMT; 609 } 610 611 void 612 xfs_setattr_time( 613 struct xfs_inode *ip, 614 struct iattr *iattr) 615 { 616 struct inode *inode = VFS_I(ip); 617 618 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 619 620 if (iattr->ia_valid & ATTR_ATIME) 621 inode->i_atime = iattr->ia_atime; 622 if (iattr->ia_valid & ATTR_CTIME) 623 inode->i_ctime = iattr->ia_ctime; 624 if (iattr->ia_valid & ATTR_MTIME) 625 inode->i_mtime = iattr->ia_mtime; 626 } 627 628 static int 629 xfs_vn_change_ok( 630 struct dentry *dentry, 631 struct iattr *iattr) 632 { 633 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 634 635 if (mp->m_flags & XFS_MOUNT_RDONLY) 636 return -EROFS; 637 638 if (XFS_FORCED_SHUTDOWN(mp)) 639 return -EIO; 640 641 return setattr_prepare(dentry, iattr); 642 } 643 644 /* 645 * Set non-size attributes of an inode. 646 * 647 * Caution: The caller of this function is responsible for calling 648 * setattr_prepare() or otherwise verifying the change is fine. 649 */ 650 int 651 xfs_setattr_nonsize( 652 struct xfs_inode *ip, 653 struct iattr *iattr, 654 int flags) 655 { 656 xfs_mount_t *mp = ip->i_mount; 657 struct inode *inode = VFS_I(ip); 658 int mask = iattr->ia_valid; 659 xfs_trans_t *tp; 660 int error; 661 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID; 662 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID; 663 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 664 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL; 665 666 ASSERT((mask & ATTR_SIZE) == 0); 667 668 /* 669 * If disk quotas is on, we make sure that the dquots do exist on disk, 670 * before we start any other transactions. Trying to do this later 671 * is messy. We don't care to take a readlock to look at the ids 672 * in inode here, because we can't hold it across the trans_reserve. 673 * If the IDs do change before we take the ilock, we're covered 674 * because the i_*dquot fields will get updated anyway. 675 */ 676 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 677 uint qflags = 0; 678 679 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 680 uid = iattr->ia_uid; 681 qflags |= XFS_QMOPT_UQUOTA; 682 } else { 683 uid = inode->i_uid; 684 } 685 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 686 gid = iattr->ia_gid; 687 qflags |= XFS_QMOPT_GQUOTA; 688 } else { 689 gid = inode->i_gid; 690 } 691 692 /* 693 * We take a reference when we initialize udqp and gdqp, 694 * so it is important that we never blindly double trip on 695 * the same variable. See xfs_create() for an example. 696 */ 697 ASSERT(udqp == NULL); 698 ASSERT(gdqp == NULL); 699 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_d.di_projid, 700 qflags, &udqp, &gdqp, NULL); 701 if (error) 702 return error; 703 } 704 705 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ichange, 0, 0, 0, &tp); 706 if (error) 707 goto out_dqrele; 708 709 xfs_ilock(ip, XFS_ILOCK_EXCL); 710 xfs_trans_ijoin(tp, ip, 0); 711 712 /* 713 * Change file ownership. Must be the owner or privileged. 714 */ 715 if (mask & (ATTR_UID|ATTR_GID)) { 716 /* 717 * These IDs could have changed since we last looked at them. 718 * But, we're assured that if the ownership did change 719 * while we didn't have the inode locked, inode's dquot(s) 720 * would have changed also. 721 */ 722 iuid = inode->i_uid; 723 igid = inode->i_gid; 724 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid; 725 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid; 726 727 /* 728 * Do a quota reservation only if uid/gid is actually 729 * going to change. 730 */ 731 if (XFS_IS_QUOTA_RUNNING(mp) && 732 ((XFS_IS_UQUOTA_ON(mp) && !uid_eq(iuid, uid)) || 733 (XFS_IS_GQUOTA_ON(mp) && !gid_eq(igid, gid)))) { 734 ASSERT(tp); 735 error = xfs_qm_vop_chown_reserve(tp, ip, udqp, gdqp, 736 NULL, capable(CAP_FOWNER) ? 737 XFS_QMOPT_FORCE_RES : 0); 738 if (error) /* out of quota */ 739 goto out_cancel; 740 } 741 } 742 743 /* 744 * Change file ownership. Must be the owner or privileged. 745 */ 746 if (mask & (ATTR_UID|ATTR_GID)) { 747 /* 748 * CAP_FSETID overrides the following restrictions: 749 * 750 * The set-user-ID and set-group-ID bits of a file will be 751 * cleared upon successful return from chown() 752 */ 753 if ((inode->i_mode & (S_ISUID|S_ISGID)) && 754 !capable(CAP_FSETID)) 755 inode->i_mode &= ~(S_ISUID|S_ISGID); 756 757 /* 758 * Change the ownerships and register quota modifications 759 * in the transaction. 760 */ 761 if (!uid_eq(iuid, uid)) { 762 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_UQUOTA_ON(mp)) { 763 ASSERT(mask & ATTR_UID); 764 ASSERT(udqp); 765 olddquot1 = xfs_qm_vop_chown(tp, ip, 766 &ip->i_udquot, udqp); 767 } 768 inode->i_uid = uid; 769 } 770 if (!gid_eq(igid, gid)) { 771 if (XFS_IS_QUOTA_RUNNING(mp) && XFS_IS_GQUOTA_ON(mp)) { 772 ASSERT(xfs_sb_version_has_pquotino(&mp->m_sb) || 773 !XFS_IS_PQUOTA_ON(mp)); 774 ASSERT(mask & ATTR_GID); 775 ASSERT(gdqp); 776 olddquot2 = xfs_qm_vop_chown(tp, ip, 777 &ip->i_gdquot, gdqp); 778 } 779 inode->i_gid = gid; 780 } 781 } 782 783 if (mask & ATTR_MODE) 784 xfs_setattr_mode(ip, iattr); 785 if (mask & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 786 xfs_setattr_time(ip, iattr); 787 788 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 789 790 XFS_STATS_INC(mp, xs_ig_attrchg); 791 792 if (mp->m_flags & XFS_MOUNT_WSYNC) 793 xfs_trans_set_sync(tp); 794 error = xfs_trans_commit(tp); 795 796 xfs_iunlock(ip, XFS_ILOCK_EXCL); 797 798 /* 799 * Release any dquot(s) the inode had kept before chown. 800 */ 801 xfs_qm_dqrele(olddquot1); 802 xfs_qm_dqrele(olddquot2); 803 xfs_qm_dqrele(udqp); 804 xfs_qm_dqrele(gdqp); 805 806 if (error) 807 return error; 808 809 /* 810 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 811 * update. We could avoid this with linked transactions 812 * and passing down the transaction pointer all the way 813 * to attr_set. No previous user of the generic 814 * Posix ACL code seems to care about this issue either. 815 */ 816 if ((mask & ATTR_MODE) && !(flags & XFS_ATTR_NOACL)) { 817 error = posix_acl_chmod(inode, inode->i_mode); 818 if (error) 819 return error; 820 } 821 822 return 0; 823 824 out_cancel: 825 xfs_trans_cancel(tp); 826 xfs_iunlock(ip, XFS_ILOCK_EXCL); 827 out_dqrele: 828 xfs_qm_dqrele(udqp); 829 xfs_qm_dqrele(gdqp); 830 return error; 831 } 832 833 int 834 xfs_vn_setattr_nonsize( 835 struct dentry *dentry, 836 struct iattr *iattr) 837 { 838 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 839 int error; 840 841 trace_xfs_setattr(ip); 842 843 error = xfs_vn_change_ok(dentry, iattr); 844 if (error) 845 return error; 846 return xfs_setattr_nonsize(ip, iattr, 0); 847 } 848 849 /* 850 * Truncate file. Must have write permission and not be a directory. 851 * 852 * Caution: The caller of this function is responsible for calling 853 * setattr_prepare() or otherwise verifying the change is fine. 854 */ 855 STATIC int 856 xfs_setattr_size( 857 struct xfs_inode *ip, 858 struct iattr *iattr) 859 { 860 struct xfs_mount *mp = ip->i_mount; 861 struct inode *inode = VFS_I(ip); 862 xfs_off_t oldsize, newsize; 863 struct xfs_trans *tp; 864 int error; 865 uint lock_flags = 0; 866 bool did_zeroing = false; 867 868 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); 869 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL)); 870 ASSERT(S_ISREG(inode->i_mode)); 871 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 872 ATTR_MTIME_SET|ATTR_KILL_PRIV|ATTR_TIMES_SET)) == 0); 873 874 oldsize = inode->i_size; 875 newsize = iattr->ia_size; 876 877 /* 878 * Short circuit the truncate case for zero length files. 879 */ 880 if (newsize == 0 && oldsize == 0 && ip->i_d.di_nextents == 0) { 881 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 882 return 0; 883 884 /* 885 * Use the regular setattr path to update the timestamps. 886 */ 887 iattr->ia_valid &= ~ATTR_SIZE; 888 return xfs_setattr_nonsize(ip, iattr, 0); 889 } 890 891 /* 892 * Make sure that the dquots are attached to the inode. 893 */ 894 error = xfs_qm_dqattach(ip); 895 if (error) 896 return error; 897 898 /* 899 * Wait for all direct I/O to complete. 900 */ 901 inode_dio_wait(inode); 902 903 /* 904 * File data changes must be complete before we start the transaction to 905 * modify the inode. This needs to be done before joining the inode to 906 * the transaction because the inode cannot be unlocked once it is a 907 * part of the transaction. 908 * 909 * Start with zeroing any data beyond EOF that we may expose on file 910 * extension, or zeroing out the rest of the block on a downward 911 * truncate. 912 */ 913 if (newsize > oldsize) { 914 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 915 error = iomap_zero_range(inode, oldsize, newsize - oldsize, 916 &did_zeroing, &xfs_buffered_write_iomap_ops); 917 } else { 918 error = iomap_truncate_page(inode, newsize, &did_zeroing, 919 &xfs_buffered_write_iomap_ops); 920 } 921 922 if (error) 923 return error; 924 925 /* 926 * We've already locked out new page faults, so now we can safely remove 927 * pages from the page cache knowing they won't get refaulted until we 928 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 929 * complete. The truncate_setsize() call also cleans partial EOF page 930 * PTEs on extending truncates and hence ensures sub-page block size 931 * filesystems are correctly handled, too. 932 * 933 * We have to do all the page cache truncate work outside the 934 * transaction context as the "lock" order is page lock->log space 935 * reservation as defined by extent allocation in the writeback path. 936 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 937 * having already truncated the in-memory version of the file (i.e. made 938 * user visible changes). There's not much we can do about this, except 939 * to hope that the caller sees ENOMEM and retries the truncate 940 * operation. 941 * 942 * And we update in-core i_size and truncate page cache beyond newsize 943 * before writeback the [di_size, newsize] range, so we're guaranteed 944 * not to write stale data past the new EOF on truncate down. 945 */ 946 truncate_setsize(inode, newsize); 947 948 /* 949 * We are going to log the inode size change in this transaction so 950 * any previous writes that are beyond the on disk EOF and the new 951 * EOF that have not been written out need to be written here. If we 952 * do not write the data out, we expose ourselves to the null files 953 * problem. Note that this includes any block zeroing we did above; 954 * otherwise those blocks may not be zeroed after a crash. 955 */ 956 if (did_zeroing || 957 (newsize > ip->i_d.di_size && oldsize != ip->i_d.di_size)) { 958 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 959 ip->i_d.di_size, newsize - 1); 960 if (error) 961 return error; 962 } 963 964 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 965 if (error) 966 return error; 967 968 lock_flags |= XFS_ILOCK_EXCL; 969 xfs_ilock(ip, XFS_ILOCK_EXCL); 970 xfs_trans_ijoin(tp, ip, 0); 971 972 /* 973 * Only change the c/mtime if we are changing the size or we are 974 * explicitly asked to change it. This handles the semantic difference 975 * between truncate() and ftruncate() as implemented in the VFS. 976 * 977 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 978 * special case where we need to update the times despite not having 979 * these flags set. For all other operations the VFS set these flags 980 * explicitly if it wants a timestamp update. 981 */ 982 if (newsize != oldsize && 983 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 984 iattr->ia_ctime = iattr->ia_mtime = 985 current_time(inode); 986 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 987 } 988 989 /* 990 * The first thing we do is set the size to new_size permanently on 991 * disk. This way we don't have to worry about anyone ever being able 992 * to look at the data being freed even in the face of a crash. 993 * What we're getting around here is the case where we free a block, it 994 * is allocated to another file, it is written to, and then we crash. 995 * If the new data gets written to the file but the log buffers 996 * containing the free and reallocation don't, then we'd end up with 997 * garbage in the blocks being freed. As long as we make the new size 998 * permanent before actually freeing any blocks it doesn't matter if 999 * they get written to. 1000 */ 1001 ip->i_d.di_size = newsize; 1002 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 1003 1004 if (newsize <= oldsize) { 1005 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 1006 if (error) 1007 goto out_trans_cancel; 1008 1009 /* 1010 * Truncated "down", so we're removing references to old data 1011 * here - if we delay flushing for a long time, we expose 1012 * ourselves unduly to the notorious NULL files problem. So, 1013 * we mark this inode and flush it when the file is closed, 1014 * and do not wait the usual (long) time for writeout. 1015 */ 1016 xfs_iflags_set(ip, XFS_ITRUNCATED); 1017 1018 /* A truncate down always removes post-EOF blocks. */ 1019 xfs_inode_clear_eofblocks_tag(ip); 1020 } 1021 1022 if (iattr->ia_valid & ATTR_MODE) 1023 xfs_setattr_mode(ip, iattr); 1024 if (iattr->ia_valid & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 1025 xfs_setattr_time(ip, iattr); 1026 1027 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 1028 1029 XFS_STATS_INC(mp, xs_ig_attrchg); 1030 1031 if (mp->m_flags & XFS_MOUNT_WSYNC) 1032 xfs_trans_set_sync(tp); 1033 1034 error = xfs_trans_commit(tp); 1035 out_unlock: 1036 if (lock_flags) 1037 xfs_iunlock(ip, lock_flags); 1038 return error; 1039 1040 out_trans_cancel: 1041 xfs_trans_cancel(tp); 1042 goto out_unlock; 1043 } 1044 1045 int 1046 xfs_vn_setattr_size( 1047 struct dentry *dentry, 1048 struct iattr *iattr) 1049 { 1050 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 1051 int error; 1052 1053 trace_xfs_setattr(ip); 1054 1055 error = xfs_vn_change_ok(dentry, iattr); 1056 if (error) 1057 return error; 1058 return xfs_setattr_size(ip, iattr); 1059 } 1060 1061 STATIC int 1062 xfs_vn_setattr( 1063 struct dentry *dentry, 1064 struct iattr *iattr) 1065 { 1066 int error; 1067 1068 if (iattr->ia_valid & ATTR_SIZE) { 1069 struct inode *inode = d_inode(dentry); 1070 struct xfs_inode *ip = XFS_I(inode); 1071 uint iolock; 1072 1073 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1074 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1075 1076 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1077 if (error) { 1078 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1079 return error; 1080 } 1081 1082 error = xfs_vn_setattr_size(dentry, iattr); 1083 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1084 } else { 1085 error = xfs_vn_setattr_nonsize(dentry, iattr); 1086 } 1087 1088 return error; 1089 } 1090 1091 STATIC int 1092 xfs_vn_update_time( 1093 struct inode *inode, 1094 struct timespec64 *now, 1095 int flags) 1096 { 1097 struct xfs_inode *ip = XFS_I(inode); 1098 struct xfs_mount *mp = ip->i_mount; 1099 int log_flags = XFS_ILOG_TIMESTAMP; 1100 struct xfs_trans *tp; 1101 int error; 1102 1103 trace_xfs_update_time(ip); 1104 1105 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1106 if (!((flags & S_VERSION) && 1107 inode_maybe_inc_iversion(inode, false))) 1108 return generic_update_time(inode, now, flags); 1109 1110 /* Capture the iversion update that just occurred */ 1111 log_flags |= XFS_ILOG_CORE; 1112 } 1113 1114 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1115 if (error) 1116 return error; 1117 1118 xfs_ilock(ip, XFS_ILOCK_EXCL); 1119 if (flags & S_CTIME) 1120 inode->i_ctime = *now; 1121 if (flags & S_MTIME) 1122 inode->i_mtime = *now; 1123 if (flags & S_ATIME) 1124 inode->i_atime = *now; 1125 1126 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1127 xfs_trans_log_inode(tp, ip, log_flags); 1128 return xfs_trans_commit(tp); 1129 } 1130 1131 STATIC int 1132 xfs_vn_fiemap( 1133 struct inode *inode, 1134 struct fiemap_extent_info *fieinfo, 1135 u64 start, 1136 u64 length) 1137 { 1138 int error; 1139 1140 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1141 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1142 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1143 error = iomap_fiemap(inode, fieinfo, start, length, 1144 &xfs_xattr_iomap_ops); 1145 } else { 1146 error = iomap_fiemap(inode, fieinfo, start, length, 1147 &xfs_read_iomap_ops); 1148 } 1149 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1150 1151 return error; 1152 } 1153 1154 STATIC int 1155 xfs_vn_tmpfile( 1156 struct inode *dir, 1157 struct dentry *dentry, 1158 umode_t mode) 1159 { 1160 return xfs_generic_create(dir, dentry, mode, 0, true); 1161 } 1162 1163 static const struct inode_operations xfs_inode_operations = { 1164 .get_acl = xfs_get_acl, 1165 .set_acl = xfs_set_acl, 1166 .getattr = xfs_vn_getattr, 1167 .setattr = xfs_vn_setattr, 1168 .listxattr = xfs_vn_listxattr, 1169 .fiemap = xfs_vn_fiemap, 1170 .update_time = xfs_vn_update_time, 1171 }; 1172 1173 static const struct inode_operations xfs_dir_inode_operations = { 1174 .create = xfs_vn_create, 1175 .lookup = xfs_vn_lookup, 1176 .link = xfs_vn_link, 1177 .unlink = xfs_vn_unlink, 1178 .symlink = xfs_vn_symlink, 1179 .mkdir = xfs_vn_mkdir, 1180 /* 1181 * Yes, XFS uses the same method for rmdir and unlink. 1182 * 1183 * There are some subtile differences deeper in the code, 1184 * but we use S_ISDIR to check for those. 1185 */ 1186 .rmdir = xfs_vn_unlink, 1187 .mknod = xfs_vn_mknod, 1188 .rename = xfs_vn_rename, 1189 .get_acl = xfs_get_acl, 1190 .set_acl = xfs_set_acl, 1191 .getattr = xfs_vn_getattr, 1192 .setattr = xfs_vn_setattr, 1193 .listxattr = xfs_vn_listxattr, 1194 .update_time = xfs_vn_update_time, 1195 .tmpfile = xfs_vn_tmpfile, 1196 }; 1197 1198 static const struct inode_operations xfs_dir_ci_inode_operations = { 1199 .create = xfs_vn_create, 1200 .lookup = xfs_vn_ci_lookup, 1201 .link = xfs_vn_link, 1202 .unlink = xfs_vn_unlink, 1203 .symlink = xfs_vn_symlink, 1204 .mkdir = xfs_vn_mkdir, 1205 /* 1206 * Yes, XFS uses the same method for rmdir and unlink. 1207 * 1208 * There are some subtile differences deeper in the code, 1209 * but we use S_ISDIR to check for those. 1210 */ 1211 .rmdir = xfs_vn_unlink, 1212 .mknod = xfs_vn_mknod, 1213 .rename = xfs_vn_rename, 1214 .get_acl = xfs_get_acl, 1215 .set_acl = xfs_set_acl, 1216 .getattr = xfs_vn_getattr, 1217 .setattr = xfs_vn_setattr, 1218 .listxattr = xfs_vn_listxattr, 1219 .update_time = xfs_vn_update_time, 1220 .tmpfile = xfs_vn_tmpfile, 1221 }; 1222 1223 static const struct inode_operations xfs_symlink_inode_operations = { 1224 .get_link = xfs_vn_get_link, 1225 .getattr = xfs_vn_getattr, 1226 .setattr = xfs_vn_setattr, 1227 .listxattr = xfs_vn_listxattr, 1228 .update_time = xfs_vn_update_time, 1229 }; 1230 1231 static const struct inode_operations xfs_inline_symlink_inode_operations = { 1232 .get_link = xfs_vn_get_link_inline, 1233 .getattr = xfs_vn_getattr, 1234 .setattr = xfs_vn_setattr, 1235 .listxattr = xfs_vn_listxattr, 1236 .update_time = xfs_vn_update_time, 1237 }; 1238 1239 /* Figure out if this file actually supports DAX. */ 1240 static bool 1241 xfs_inode_supports_dax( 1242 struct xfs_inode *ip) 1243 { 1244 struct xfs_mount *mp = ip->i_mount; 1245 1246 /* Only supported on non-reflinked files. */ 1247 if (!S_ISREG(VFS_I(ip)->i_mode) || xfs_is_reflink_inode(ip)) 1248 return false; 1249 1250 /* DAX mount option or DAX iflag must be set. */ 1251 if (!(mp->m_flags & XFS_MOUNT_DAX) && 1252 !(ip->i_d.di_flags2 & XFS_DIFLAG2_DAX)) 1253 return false; 1254 1255 /* Block size must match page size */ 1256 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1257 return false; 1258 1259 /* Device has to support DAX too. */ 1260 return xfs_inode_buftarg(ip)->bt_daxdev != NULL; 1261 } 1262 1263 STATIC void 1264 xfs_diflags_to_iflags( 1265 struct inode *inode, 1266 struct xfs_inode *ip) 1267 { 1268 uint16_t flags = ip->i_d.di_flags; 1269 1270 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | 1271 S_NOATIME | S_DAX); 1272 1273 if (flags & XFS_DIFLAG_IMMUTABLE) 1274 inode->i_flags |= S_IMMUTABLE; 1275 if (flags & XFS_DIFLAG_APPEND) 1276 inode->i_flags |= S_APPEND; 1277 if (flags & XFS_DIFLAG_SYNC) 1278 inode->i_flags |= S_SYNC; 1279 if (flags & XFS_DIFLAG_NOATIME) 1280 inode->i_flags |= S_NOATIME; 1281 if (xfs_inode_supports_dax(ip)) 1282 inode->i_flags |= S_DAX; 1283 } 1284 1285 /* 1286 * Initialize the Linux inode. 1287 * 1288 * When reading existing inodes from disk this is called directly from xfs_iget, 1289 * when creating a new inode it is called from xfs_ialloc after setting up the 1290 * inode. These callers have different criteria for clearing XFS_INEW, so leave 1291 * it up to the caller to deal with unlocking the inode appropriately. 1292 */ 1293 void 1294 xfs_setup_inode( 1295 struct xfs_inode *ip) 1296 { 1297 struct inode *inode = &ip->i_vnode; 1298 gfp_t gfp_mask; 1299 1300 inode->i_ino = ip->i_ino; 1301 inode->i_state = I_NEW; 1302 1303 inode_sb_list_add(inode); 1304 /* make the inode look hashed for the writeback code */ 1305 inode_fake_hash(inode); 1306 1307 i_size_write(inode, ip->i_d.di_size); 1308 xfs_diflags_to_iflags(inode, ip); 1309 1310 if (S_ISDIR(inode->i_mode)) { 1311 /* 1312 * We set the i_rwsem class here to avoid potential races with 1313 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1314 * after a filehandle lookup has already found the inode in 1315 * cache before it has been unlocked via unlock_new_inode(). 1316 */ 1317 lockdep_set_class(&inode->i_rwsem, 1318 &inode->i_sb->s_type->i_mutex_dir_key); 1319 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class); 1320 } else { 1321 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class); 1322 } 1323 1324 /* 1325 * Ensure all page cache allocations are done from GFP_NOFS context to 1326 * prevent direct reclaim recursion back into the filesystem and blowing 1327 * stacks or deadlocking. 1328 */ 1329 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1330 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1331 1332 /* 1333 * If there is no attribute fork no ACL can exist on this inode, 1334 * and it can't have any file capabilities attached to it either. 1335 */ 1336 if (!XFS_IFORK_Q(ip)) { 1337 inode_has_no_xattr(inode); 1338 cache_no_acl(inode); 1339 } 1340 } 1341 1342 void 1343 xfs_setup_iops( 1344 struct xfs_inode *ip) 1345 { 1346 struct inode *inode = &ip->i_vnode; 1347 1348 switch (inode->i_mode & S_IFMT) { 1349 case S_IFREG: 1350 inode->i_op = &xfs_inode_operations; 1351 inode->i_fop = &xfs_file_operations; 1352 if (IS_DAX(inode)) 1353 inode->i_mapping->a_ops = &xfs_dax_aops; 1354 else 1355 inode->i_mapping->a_ops = &xfs_address_space_operations; 1356 break; 1357 case S_IFDIR: 1358 if (xfs_sb_version_hasasciici(&XFS_M(inode->i_sb)->m_sb)) 1359 inode->i_op = &xfs_dir_ci_inode_operations; 1360 else 1361 inode->i_op = &xfs_dir_inode_operations; 1362 inode->i_fop = &xfs_dir_file_operations; 1363 break; 1364 case S_IFLNK: 1365 if (ip->i_df.if_flags & XFS_IFINLINE) 1366 inode->i_op = &xfs_inline_symlink_inode_operations; 1367 else 1368 inode->i_op = &xfs_symlink_inode_operations; 1369 break; 1370 default: 1371 inode->i_op = &xfs_inode_operations; 1372 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1373 break; 1374 } 1375 } 1376