1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_inode.h" 14 #include "xfs_acl.h" 15 #include "xfs_quota.h" 16 #include "xfs_attr.h" 17 #include "xfs_trans.h" 18 #include "xfs_trace.h" 19 #include "xfs_icache.h" 20 #include "xfs_symlink.h" 21 #include "xfs_dir2.h" 22 #include "xfs_iomap.h" 23 #include "xfs_error.h" 24 #include "xfs_ioctl.h" 25 26 #include <linux/posix_acl.h> 27 #include <linux/security.h> 28 #include <linux/iversion.h> 29 #include <linux/fiemap.h> 30 31 /* 32 * Directories have different lock order w.r.t. mmap_lock compared to regular 33 * files. This is due to readdir potentially triggering page faults on a user 34 * buffer inside filldir(), and this happens with the ilock on the directory 35 * held. For regular files, the lock order is the other way around - the 36 * mmap_lock is taken during the page fault, and then we lock the ilock to do 37 * block mapping. Hence we need a different class for the directory ilock so 38 * that lockdep can tell them apart. 39 */ 40 static struct lock_class_key xfs_nondir_ilock_class; 41 static struct lock_class_key xfs_dir_ilock_class; 42 43 static int 44 xfs_initxattrs( 45 struct inode *inode, 46 const struct xattr *xattr_array, 47 void *fs_info) 48 { 49 const struct xattr *xattr; 50 struct xfs_inode *ip = XFS_I(inode); 51 int error = 0; 52 53 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 54 struct xfs_da_args args = { 55 .dp = ip, 56 .attr_filter = XFS_ATTR_SECURE, 57 .name = xattr->name, 58 .namelen = strlen(xattr->name), 59 .value = xattr->value, 60 .valuelen = xattr->value_len, 61 }; 62 error = xfs_attr_set(&args); 63 if (error < 0) 64 break; 65 } 66 return error; 67 } 68 69 /* 70 * Hook in SELinux. This is not quite correct yet, what we really need 71 * here (as we do for default ACLs) is a mechanism by which creation of 72 * these attrs can be journalled at inode creation time (along with the 73 * inode, of course, such that log replay can't cause these to be lost). 74 */ 75 76 STATIC int 77 xfs_init_security( 78 struct inode *inode, 79 struct inode *dir, 80 const struct qstr *qstr) 81 { 82 return security_inode_init_security(inode, dir, qstr, 83 &xfs_initxattrs, NULL); 84 } 85 86 static void 87 xfs_dentry_to_name( 88 struct xfs_name *namep, 89 struct dentry *dentry) 90 { 91 namep->name = dentry->d_name.name; 92 namep->len = dentry->d_name.len; 93 namep->type = XFS_DIR3_FT_UNKNOWN; 94 } 95 96 static int 97 xfs_dentry_mode_to_name( 98 struct xfs_name *namep, 99 struct dentry *dentry, 100 int mode) 101 { 102 namep->name = dentry->d_name.name; 103 namep->len = dentry->d_name.len; 104 namep->type = xfs_mode_to_ftype(mode); 105 106 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 107 return -EFSCORRUPTED; 108 109 return 0; 110 } 111 112 STATIC void 113 xfs_cleanup_inode( 114 struct inode *dir, 115 struct inode *inode, 116 struct dentry *dentry) 117 { 118 struct xfs_name teardown; 119 120 /* Oh, the horror. 121 * If we can't add the ACL or we fail in 122 * xfs_init_security we must back out. 123 * ENOSPC can hit here, among other things. 124 */ 125 xfs_dentry_to_name(&teardown, dentry); 126 127 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 128 } 129 130 /* 131 * Check to see if we are likely to need an extended attribute to be added to 132 * the inode we are about to allocate. This allows the attribute fork to be 133 * created during the inode allocation, reducing the number of transactions we 134 * need to do in this fast path. 135 * 136 * The security checks are optimistic, but not guaranteed. The two LSMs that 137 * require xattrs to be added here (selinux and smack) are also the only two 138 * LSMs that add a sb->s_security structure to the superblock. Hence if security 139 * is enabled and sb->s_security is set, we have a pretty good idea that we are 140 * going to be asked to add a security xattr immediately after allocating the 141 * xfs inode and instantiating the VFS inode. 142 */ 143 static inline bool 144 xfs_create_need_xattr( 145 struct inode *dir, 146 struct posix_acl *default_acl, 147 struct posix_acl *acl) 148 { 149 if (acl) 150 return true; 151 if (default_acl) 152 return true; 153 #if IS_ENABLED(CONFIG_SECURITY) 154 if (dir->i_sb->s_security) 155 return true; 156 #endif 157 return false; 158 } 159 160 161 STATIC int 162 xfs_generic_create( 163 struct user_namespace *mnt_userns, 164 struct inode *dir, 165 struct dentry *dentry, 166 umode_t mode, 167 dev_t rdev, 168 bool tmpfile) /* unnamed file */ 169 { 170 struct inode *inode; 171 struct xfs_inode *ip = NULL; 172 struct posix_acl *default_acl, *acl; 173 struct xfs_name name; 174 int error; 175 176 /* 177 * Irix uses Missed'em'V split, but doesn't want to see 178 * the upper 5 bits of (14bit) major. 179 */ 180 if (S_ISCHR(mode) || S_ISBLK(mode)) { 181 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 182 return -EINVAL; 183 } else { 184 rdev = 0; 185 } 186 187 error = posix_acl_create(dir, &mode, &default_acl, &acl); 188 if (error) 189 return error; 190 191 /* Verify mode is valid also for tmpfile case */ 192 error = xfs_dentry_mode_to_name(&name, dentry, mode); 193 if (unlikely(error)) 194 goto out_free_acl; 195 196 if (!tmpfile) { 197 error = xfs_create(mnt_userns, XFS_I(dir), &name, mode, rdev, 198 xfs_create_need_xattr(dir, default_acl, acl), 199 &ip); 200 } else { 201 error = xfs_create_tmpfile(mnt_userns, XFS_I(dir), mode, &ip); 202 } 203 if (unlikely(error)) 204 goto out_free_acl; 205 206 inode = VFS_I(ip); 207 208 error = xfs_init_security(inode, dir, &dentry->d_name); 209 if (unlikely(error)) 210 goto out_cleanup_inode; 211 212 #ifdef CONFIG_XFS_POSIX_ACL 213 if (default_acl) { 214 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 215 if (error) 216 goto out_cleanup_inode; 217 } 218 if (acl) { 219 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 220 if (error) 221 goto out_cleanup_inode; 222 } 223 #endif 224 225 xfs_setup_iops(ip); 226 227 if (tmpfile) { 228 /* 229 * The VFS requires that any inode fed to d_tmpfile must have 230 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 231 * However, we created the temp file with nlink == 0 because 232 * we're not allowed to put an inode with nlink > 0 on the 233 * unlinked list. Therefore we have to set nlink to 1 so that 234 * d_tmpfile can immediately set it back to zero. 235 */ 236 set_nlink(inode, 1); 237 d_tmpfile(dentry, inode); 238 } else 239 d_instantiate(dentry, inode); 240 241 xfs_finish_inode_setup(ip); 242 243 out_free_acl: 244 posix_acl_release(default_acl); 245 posix_acl_release(acl); 246 return error; 247 248 out_cleanup_inode: 249 xfs_finish_inode_setup(ip); 250 if (!tmpfile) 251 xfs_cleanup_inode(dir, inode, dentry); 252 xfs_irele(ip); 253 goto out_free_acl; 254 } 255 256 STATIC int 257 xfs_vn_mknod( 258 struct user_namespace *mnt_userns, 259 struct inode *dir, 260 struct dentry *dentry, 261 umode_t mode, 262 dev_t rdev) 263 { 264 return xfs_generic_create(mnt_userns, dir, dentry, mode, rdev, false); 265 } 266 267 STATIC int 268 xfs_vn_create( 269 struct user_namespace *mnt_userns, 270 struct inode *dir, 271 struct dentry *dentry, 272 umode_t mode, 273 bool flags) 274 { 275 return xfs_generic_create(mnt_userns, dir, dentry, mode, 0, false); 276 } 277 278 STATIC int 279 xfs_vn_mkdir( 280 struct user_namespace *mnt_userns, 281 struct inode *dir, 282 struct dentry *dentry, 283 umode_t mode) 284 { 285 return xfs_generic_create(mnt_userns, dir, dentry, mode | S_IFDIR, 0, 286 false); 287 } 288 289 STATIC struct dentry * 290 xfs_vn_lookup( 291 struct inode *dir, 292 struct dentry *dentry, 293 unsigned int flags) 294 { 295 struct inode *inode; 296 struct xfs_inode *cip; 297 struct xfs_name name; 298 int error; 299 300 if (dentry->d_name.len >= MAXNAMELEN) 301 return ERR_PTR(-ENAMETOOLONG); 302 303 xfs_dentry_to_name(&name, dentry); 304 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 305 if (likely(!error)) 306 inode = VFS_I(cip); 307 else if (likely(error == -ENOENT)) 308 inode = NULL; 309 else 310 inode = ERR_PTR(error); 311 return d_splice_alias(inode, dentry); 312 } 313 314 STATIC struct dentry * 315 xfs_vn_ci_lookup( 316 struct inode *dir, 317 struct dentry *dentry, 318 unsigned int flags) 319 { 320 struct xfs_inode *ip; 321 struct xfs_name xname; 322 struct xfs_name ci_name; 323 struct qstr dname; 324 int error; 325 326 if (dentry->d_name.len >= MAXNAMELEN) 327 return ERR_PTR(-ENAMETOOLONG); 328 329 xfs_dentry_to_name(&xname, dentry); 330 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 331 if (unlikely(error)) { 332 if (unlikely(error != -ENOENT)) 333 return ERR_PTR(error); 334 /* 335 * call d_add(dentry, NULL) here when d_drop_negative_children 336 * is called in xfs_vn_mknod (ie. allow negative dentries 337 * with CI filesystems). 338 */ 339 return NULL; 340 } 341 342 /* if exact match, just splice and exit */ 343 if (!ci_name.name) 344 return d_splice_alias(VFS_I(ip), dentry); 345 346 /* else case-insensitive match... */ 347 dname.name = ci_name.name; 348 dname.len = ci_name.len; 349 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 350 kmem_free(ci_name.name); 351 return dentry; 352 } 353 354 STATIC int 355 xfs_vn_link( 356 struct dentry *old_dentry, 357 struct inode *dir, 358 struct dentry *dentry) 359 { 360 struct inode *inode = d_inode(old_dentry); 361 struct xfs_name name; 362 int error; 363 364 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 365 if (unlikely(error)) 366 return error; 367 368 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 369 if (unlikely(error)) 370 return error; 371 372 ihold(inode); 373 d_instantiate(dentry, inode); 374 return 0; 375 } 376 377 STATIC int 378 xfs_vn_unlink( 379 struct inode *dir, 380 struct dentry *dentry) 381 { 382 struct xfs_name name; 383 int error; 384 385 xfs_dentry_to_name(&name, dentry); 386 387 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 388 if (error) 389 return error; 390 391 /* 392 * With unlink, the VFS makes the dentry "negative": no inode, 393 * but still hashed. This is incompatible with case-insensitive 394 * mode, so invalidate (unhash) the dentry in CI-mode. 395 */ 396 if (xfs_has_asciici(XFS_M(dir->i_sb))) 397 d_invalidate(dentry); 398 return 0; 399 } 400 401 STATIC int 402 xfs_vn_symlink( 403 struct user_namespace *mnt_userns, 404 struct inode *dir, 405 struct dentry *dentry, 406 const char *symname) 407 { 408 struct inode *inode; 409 struct xfs_inode *cip = NULL; 410 struct xfs_name name; 411 int error; 412 umode_t mode; 413 414 mode = S_IFLNK | 415 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 416 error = xfs_dentry_mode_to_name(&name, dentry, mode); 417 if (unlikely(error)) 418 goto out; 419 420 error = xfs_symlink(mnt_userns, XFS_I(dir), &name, symname, mode, &cip); 421 if (unlikely(error)) 422 goto out; 423 424 inode = VFS_I(cip); 425 426 error = xfs_init_security(inode, dir, &dentry->d_name); 427 if (unlikely(error)) 428 goto out_cleanup_inode; 429 430 xfs_setup_iops(cip); 431 432 d_instantiate(dentry, inode); 433 xfs_finish_inode_setup(cip); 434 return 0; 435 436 out_cleanup_inode: 437 xfs_finish_inode_setup(cip); 438 xfs_cleanup_inode(dir, inode, dentry); 439 xfs_irele(cip); 440 out: 441 return error; 442 } 443 444 STATIC int 445 xfs_vn_rename( 446 struct user_namespace *mnt_userns, 447 struct inode *odir, 448 struct dentry *odentry, 449 struct inode *ndir, 450 struct dentry *ndentry, 451 unsigned int flags) 452 { 453 struct inode *new_inode = d_inode(ndentry); 454 int omode = 0; 455 int error; 456 struct xfs_name oname; 457 struct xfs_name nname; 458 459 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 460 return -EINVAL; 461 462 /* if we are exchanging files, we need to set i_mode of both files */ 463 if (flags & RENAME_EXCHANGE) 464 omode = d_inode(ndentry)->i_mode; 465 466 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 467 if (omode && unlikely(error)) 468 return error; 469 470 error = xfs_dentry_mode_to_name(&nname, ndentry, 471 d_inode(odentry)->i_mode); 472 if (unlikely(error)) 473 return error; 474 475 return xfs_rename(mnt_userns, XFS_I(odir), &oname, 476 XFS_I(d_inode(odentry)), XFS_I(ndir), &nname, 477 new_inode ? XFS_I(new_inode) : NULL, flags); 478 } 479 480 /* 481 * careful here - this function can get called recursively, so 482 * we need to be very careful about how much stack we use. 483 * uio is kmalloced for this reason... 484 */ 485 STATIC const char * 486 xfs_vn_get_link( 487 struct dentry *dentry, 488 struct inode *inode, 489 struct delayed_call *done) 490 { 491 char *link; 492 int error = -ENOMEM; 493 494 if (!dentry) 495 return ERR_PTR(-ECHILD); 496 497 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 498 if (!link) 499 goto out_err; 500 501 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 502 if (unlikely(error)) 503 goto out_kfree; 504 505 set_delayed_call(done, kfree_link, link); 506 return link; 507 508 out_kfree: 509 kfree(link); 510 out_err: 511 return ERR_PTR(error); 512 } 513 514 static uint32_t 515 xfs_stat_blksize( 516 struct xfs_inode *ip) 517 { 518 struct xfs_mount *mp = ip->i_mount; 519 520 /* 521 * If the file blocks are being allocated from a realtime volume, then 522 * always return the realtime extent size. 523 */ 524 if (XFS_IS_REALTIME_INODE(ip)) 525 return XFS_FSB_TO_B(mp, xfs_get_extsz_hint(ip)); 526 527 /* 528 * Allow large block sizes to be reported to userspace programs if the 529 * "largeio" mount option is used. 530 * 531 * If compatibility mode is specified, simply return the basic unit of 532 * caching so that we don't get inefficient read/modify/write I/O from 533 * user apps. Otherwise.... 534 * 535 * If the underlying volume is a stripe, then return the stripe width in 536 * bytes as the recommended I/O size. It is not a stripe and we've set a 537 * default buffered I/O size, return that, otherwise return the compat 538 * default. 539 */ 540 if (xfs_has_large_iosize(mp)) { 541 if (mp->m_swidth) 542 return XFS_FSB_TO_B(mp, mp->m_swidth); 543 if (xfs_has_allocsize(mp)) 544 return 1U << mp->m_allocsize_log; 545 } 546 547 return PAGE_SIZE; 548 } 549 550 STATIC int 551 xfs_vn_getattr( 552 struct user_namespace *mnt_userns, 553 const struct path *path, 554 struct kstat *stat, 555 u32 request_mask, 556 unsigned int query_flags) 557 { 558 struct inode *inode = d_inode(path->dentry); 559 struct xfs_inode *ip = XFS_I(inode); 560 struct xfs_mount *mp = ip->i_mount; 561 562 trace_xfs_getattr(ip); 563 564 if (xfs_is_shutdown(mp)) 565 return -EIO; 566 567 stat->size = XFS_ISIZE(ip); 568 stat->dev = inode->i_sb->s_dev; 569 stat->mode = inode->i_mode; 570 stat->nlink = inode->i_nlink; 571 stat->uid = i_uid_into_mnt(mnt_userns, inode); 572 stat->gid = i_gid_into_mnt(mnt_userns, inode); 573 stat->ino = ip->i_ino; 574 stat->atime = inode->i_atime; 575 stat->mtime = inode->i_mtime; 576 stat->ctime = inode->i_ctime; 577 stat->blocks = XFS_FSB_TO_BB(mp, ip->i_nblocks + ip->i_delayed_blks); 578 579 if (xfs_has_v3inodes(mp)) { 580 if (request_mask & STATX_BTIME) { 581 stat->result_mask |= STATX_BTIME; 582 stat->btime = ip->i_crtime; 583 } 584 } 585 586 /* 587 * Note: If you add another clause to set an attribute flag, please 588 * update attributes_mask below. 589 */ 590 if (ip->i_diflags & XFS_DIFLAG_IMMUTABLE) 591 stat->attributes |= STATX_ATTR_IMMUTABLE; 592 if (ip->i_diflags & XFS_DIFLAG_APPEND) 593 stat->attributes |= STATX_ATTR_APPEND; 594 if (ip->i_diflags & XFS_DIFLAG_NODUMP) 595 stat->attributes |= STATX_ATTR_NODUMP; 596 597 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 598 STATX_ATTR_APPEND | 599 STATX_ATTR_NODUMP); 600 601 switch (inode->i_mode & S_IFMT) { 602 case S_IFBLK: 603 case S_IFCHR: 604 stat->blksize = BLKDEV_IOSIZE; 605 stat->rdev = inode->i_rdev; 606 break; 607 default: 608 stat->blksize = xfs_stat_blksize(ip); 609 stat->rdev = 0; 610 break; 611 } 612 613 return 0; 614 } 615 616 static void 617 xfs_setattr_mode( 618 struct xfs_inode *ip, 619 struct iattr *iattr) 620 { 621 struct inode *inode = VFS_I(ip); 622 umode_t mode = iattr->ia_mode; 623 624 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 625 626 inode->i_mode &= S_IFMT; 627 inode->i_mode |= mode & ~S_IFMT; 628 } 629 630 void 631 xfs_setattr_time( 632 struct xfs_inode *ip, 633 struct iattr *iattr) 634 { 635 struct inode *inode = VFS_I(ip); 636 637 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 638 639 if (iattr->ia_valid & ATTR_ATIME) 640 inode->i_atime = iattr->ia_atime; 641 if (iattr->ia_valid & ATTR_CTIME) 642 inode->i_ctime = iattr->ia_ctime; 643 if (iattr->ia_valid & ATTR_MTIME) 644 inode->i_mtime = iattr->ia_mtime; 645 } 646 647 static int 648 xfs_vn_change_ok( 649 struct user_namespace *mnt_userns, 650 struct dentry *dentry, 651 struct iattr *iattr) 652 { 653 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 654 655 if (xfs_is_readonly(mp)) 656 return -EROFS; 657 658 if (xfs_is_shutdown(mp)) 659 return -EIO; 660 661 return setattr_prepare(mnt_userns, dentry, iattr); 662 } 663 664 /* 665 * Set non-size attributes of an inode. 666 * 667 * Caution: The caller of this function is responsible for calling 668 * setattr_prepare() or otherwise verifying the change is fine. 669 */ 670 static int 671 xfs_setattr_nonsize( 672 struct user_namespace *mnt_userns, 673 struct xfs_inode *ip, 674 struct iattr *iattr) 675 { 676 xfs_mount_t *mp = ip->i_mount; 677 struct inode *inode = VFS_I(ip); 678 int mask = iattr->ia_valid; 679 xfs_trans_t *tp; 680 int error; 681 kuid_t uid = GLOBAL_ROOT_UID, iuid = GLOBAL_ROOT_UID; 682 kgid_t gid = GLOBAL_ROOT_GID, igid = GLOBAL_ROOT_GID; 683 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 684 struct xfs_dquot *olddquot1 = NULL, *olddquot2 = NULL; 685 686 ASSERT((mask & ATTR_SIZE) == 0); 687 688 /* 689 * If disk quotas is on, we make sure that the dquots do exist on disk, 690 * before we start any other transactions. Trying to do this later 691 * is messy. We don't care to take a readlock to look at the ids 692 * in inode here, because we can't hold it across the trans_reserve. 693 * If the IDs do change before we take the ilock, we're covered 694 * because the i_*dquot fields will get updated anyway. 695 */ 696 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 697 uint qflags = 0; 698 699 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 700 uid = iattr->ia_uid; 701 qflags |= XFS_QMOPT_UQUOTA; 702 } else { 703 uid = inode->i_uid; 704 } 705 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 706 gid = iattr->ia_gid; 707 qflags |= XFS_QMOPT_GQUOTA; 708 } else { 709 gid = inode->i_gid; 710 } 711 712 /* 713 * We take a reference when we initialize udqp and gdqp, 714 * so it is important that we never blindly double trip on 715 * the same variable. See xfs_create() for an example. 716 */ 717 ASSERT(udqp == NULL); 718 ASSERT(gdqp == NULL); 719 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_projid, 720 qflags, &udqp, &gdqp, NULL); 721 if (error) 722 return error; 723 } 724 725 error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL, 726 capable(CAP_FOWNER), &tp); 727 if (error) 728 goto out_dqrele; 729 730 /* 731 * Change file ownership. Must be the owner or privileged. 732 */ 733 if (mask & (ATTR_UID|ATTR_GID)) { 734 /* 735 * These IDs could have changed since we last looked at them. 736 * But, we're assured that if the ownership did change 737 * while we didn't have the inode locked, inode's dquot(s) 738 * would have changed also. 739 */ 740 iuid = inode->i_uid; 741 igid = inode->i_gid; 742 gid = (mask & ATTR_GID) ? iattr->ia_gid : igid; 743 uid = (mask & ATTR_UID) ? iattr->ia_uid : iuid; 744 745 /* 746 * CAP_FSETID overrides the following restrictions: 747 * 748 * The set-user-ID and set-group-ID bits of a file will be 749 * cleared upon successful return from chown() 750 */ 751 if ((inode->i_mode & (S_ISUID|S_ISGID)) && 752 !capable(CAP_FSETID)) 753 inode->i_mode &= ~(S_ISUID|S_ISGID); 754 755 /* 756 * Change the ownerships and register quota modifications 757 * in the transaction. 758 */ 759 if (!uid_eq(iuid, uid)) { 760 if (XFS_IS_UQUOTA_ON(mp)) { 761 ASSERT(mask & ATTR_UID); 762 ASSERT(udqp); 763 olddquot1 = xfs_qm_vop_chown(tp, ip, 764 &ip->i_udquot, udqp); 765 } 766 inode->i_uid = uid; 767 } 768 if (!gid_eq(igid, gid)) { 769 if (XFS_IS_GQUOTA_ON(mp)) { 770 ASSERT(xfs_has_pquotino(mp) || 771 !XFS_IS_PQUOTA_ON(mp)); 772 ASSERT(mask & ATTR_GID); 773 ASSERT(gdqp); 774 olddquot2 = xfs_qm_vop_chown(tp, ip, 775 &ip->i_gdquot, gdqp); 776 } 777 inode->i_gid = gid; 778 } 779 } 780 781 if (mask & ATTR_MODE) 782 xfs_setattr_mode(ip, iattr); 783 if (mask & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 784 xfs_setattr_time(ip, iattr); 785 786 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 787 788 XFS_STATS_INC(mp, xs_ig_attrchg); 789 790 if (xfs_has_wsync(mp)) 791 xfs_trans_set_sync(tp); 792 error = xfs_trans_commit(tp); 793 794 /* 795 * Release any dquot(s) the inode had kept before chown. 796 */ 797 xfs_qm_dqrele(olddquot1); 798 xfs_qm_dqrele(olddquot2); 799 xfs_qm_dqrele(udqp); 800 xfs_qm_dqrele(gdqp); 801 802 if (error) 803 return error; 804 805 /* 806 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 807 * update. We could avoid this with linked transactions 808 * and passing down the transaction pointer all the way 809 * to attr_set. No previous user of the generic 810 * Posix ACL code seems to care about this issue either. 811 */ 812 if (mask & ATTR_MODE) { 813 error = posix_acl_chmod(mnt_userns, inode, inode->i_mode); 814 if (error) 815 return error; 816 } 817 818 return 0; 819 820 out_dqrele: 821 xfs_qm_dqrele(udqp); 822 xfs_qm_dqrele(gdqp); 823 return error; 824 } 825 826 /* 827 * Truncate file. Must have write permission and not be a directory. 828 * 829 * Caution: The caller of this function is responsible for calling 830 * setattr_prepare() or otherwise verifying the change is fine. 831 */ 832 STATIC int 833 xfs_setattr_size( 834 struct user_namespace *mnt_userns, 835 struct xfs_inode *ip, 836 struct iattr *iattr) 837 { 838 struct xfs_mount *mp = ip->i_mount; 839 struct inode *inode = VFS_I(ip); 840 xfs_off_t oldsize, newsize; 841 struct xfs_trans *tp; 842 int error; 843 uint lock_flags = 0; 844 bool did_zeroing = false; 845 846 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); 847 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL)); 848 ASSERT(S_ISREG(inode->i_mode)); 849 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 850 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0); 851 852 oldsize = inode->i_size; 853 newsize = iattr->ia_size; 854 855 /* 856 * Short circuit the truncate case for zero length files. 857 */ 858 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) { 859 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 860 return 0; 861 862 /* 863 * Use the regular setattr path to update the timestamps. 864 */ 865 iattr->ia_valid &= ~ATTR_SIZE; 866 return xfs_setattr_nonsize(mnt_userns, ip, iattr); 867 } 868 869 /* 870 * Make sure that the dquots are attached to the inode. 871 */ 872 error = xfs_qm_dqattach(ip); 873 if (error) 874 return error; 875 876 /* 877 * Wait for all direct I/O to complete. 878 */ 879 inode_dio_wait(inode); 880 881 /* 882 * File data changes must be complete before we start the transaction to 883 * modify the inode. This needs to be done before joining the inode to 884 * the transaction because the inode cannot be unlocked once it is a 885 * part of the transaction. 886 * 887 * Start with zeroing any data beyond EOF that we may expose on file 888 * extension, or zeroing out the rest of the block on a downward 889 * truncate. 890 */ 891 if (newsize > oldsize) { 892 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 893 error = xfs_zero_range(ip, oldsize, newsize - oldsize, 894 &did_zeroing); 895 } else { 896 /* 897 * iomap won't detect a dirty page over an unwritten block (or a 898 * cow block over a hole) and subsequently skips zeroing the 899 * newly post-EOF portion of the page. Flush the new EOF to 900 * convert the block before the pagecache truncate. 901 */ 902 error = filemap_write_and_wait_range(inode->i_mapping, newsize, 903 newsize); 904 if (error) 905 return error; 906 error = xfs_truncate_page(ip, newsize, &did_zeroing); 907 } 908 909 if (error) 910 return error; 911 912 /* 913 * We've already locked out new page faults, so now we can safely remove 914 * pages from the page cache knowing they won't get refaulted until we 915 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 916 * complete. The truncate_setsize() call also cleans partial EOF page 917 * PTEs on extending truncates and hence ensures sub-page block size 918 * filesystems are correctly handled, too. 919 * 920 * We have to do all the page cache truncate work outside the 921 * transaction context as the "lock" order is page lock->log space 922 * reservation as defined by extent allocation in the writeback path. 923 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 924 * having already truncated the in-memory version of the file (i.e. made 925 * user visible changes). There's not much we can do about this, except 926 * to hope that the caller sees ENOMEM and retries the truncate 927 * operation. 928 * 929 * And we update in-core i_size and truncate page cache beyond newsize 930 * before writeback the [i_disk_size, newsize] range, so we're 931 * guaranteed not to write stale data past the new EOF on truncate down. 932 */ 933 truncate_setsize(inode, newsize); 934 935 /* 936 * We are going to log the inode size change in this transaction so 937 * any previous writes that are beyond the on disk EOF and the new 938 * EOF that have not been written out need to be written here. If we 939 * do not write the data out, we expose ourselves to the null files 940 * problem. Note that this includes any block zeroing we did above; 941 * otherwise those blocks may not be zeroed after a crash. 942 */ 943 if (did_zeroing || 944 (newsize > ip->i_disk_size && oldsize != ip->i_disk_size)) { 945 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 946 ip->i_disk_size, newsize - 1); 947 if (error) 948 return error; 949 } 950 951 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 952 if (error) 953 return error; 954 955 lock_flags |= XFS_ILOCK_EXCL; 956 xfs_ilock(ip, XFS_ILOCK_EXCL); 957 xfs_trans_ijoin(tp, ip, 0); 958 959 /* 960 * Only change the c/mtime if we are changing the size or we are 961 * explicitly asked to change it. This handles the semantic difference 962 * between truncate() and ftruncate() as implemented in the VFS. 963 * 964 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 965 * special case where we need to update the times despite not having 966 * these flags set. For all other operations the VFS set these flags 967 * explicitly if it wants a timestamp update. 968 */ 969 if (newsize != oldsize && 970 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 971 iattr->ia_ctime = iattr->ia_mtime = 972 current_time(inode); 973 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 974 } 975 976 /* 977 * The first thing we do is set the size to new_size permanently on 978 * disk. This way we don't have to worry about anyone ever being able 979 * to look at the data being freed even in the face of a crash. 980 * What we're getting around here is the case where we free a block, it 981 * is allocated to another file, it is written to, and then we crash. 982 * If the new data gets written to the file but the log buffers 983 * containing the free and reallocation don't, then we'd end up with 984 * garbage in the blocks being freed. As long as we make the new size 985 * permanent before actually freeing any blocks it doesn't matter if 986 * they get written to. 987 */ 988 ip->i_disk_size = newsize; 989 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 990 991 if (newsize <= oldsize) { 992 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 993 if (error) 994 goto out_trans_cancel; 995 996 /* 997 * Truncated "down", so we're removing references to old data 998 * here - if we delay flushing for a long time, we expose 999 * ourselves unduly to the notorious NULL files problem. So, 1000 * we mark this inode and flush it when the file is closed, 1001 * and do not wait the usual (long) time for writeout. 1002 */ 1003 xfs_iflags_set(ip, XFS_ITRUNCATED); 1004 1005 /* A truncate down always removes post-EOF blocks. */ 1006 xfs_inode_clear_eofblocks_tag(ip); 1007 } 1008 1009 if (iattr->ia_valid & ATTR_MODE) 1010 xfs_setattr_mode(ip, iattr); 1011 if (iattr->ia_valid & (ATTR_ATIME|ATTR_CTIME|ATTR_MTIME)) 1012 xfs_setattr_time(ip, iattr); 1013 1014 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 1015 1016 XFS_STATS_INC(mp, xs_ig_attrchg); 1017 1018 if (xfs_has_wsync(mp)) 1019 xfs_trans_set_sync(tp); 1020 1021 error = xfs_trans_commit(tp); 1022 out_unlock: 1023 if (lock_flags) 1024 xfs_iunlock(ip, lock_flags); 1025 return error; 1026 1027 out_trans_cancel: 1028 xfs_trans_cancel(tp); 1029 goto out_unlock; 1030 } 1031 1032 int 1033 xfs_vn_setattr_size( 1034 struct user_namespace *mnt_userns, 1035 struct dentry *dentry, 1036 struct iattr *iattr) 1037 { 1038 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 1039 int error; 1040 1041 trace_xfs_setattr(ip); 1042 1043 error = xfs_vn_change_ok(mnt_userns, dentry, iattr); 1044 if (error) 1045 return error; 1046 return xfs_setattr_size(mnt_userns, ip, iattr); 1047 } 1048 1049 STATIC int 1050 xfs_vn_setattr( 1051 struct user_namespace *mnt_userns, 1052 struct dentry *dentry, 1053 struct iattr *iattr) 1054 { 1055 struct inode *inode = d_inode(dentry); 1056 struct xfs_inode *ip = XFS_I(inode); 1057 int error; 1058 1059 if (iattr->ia_valid & ATTR_SIZE) { 1060 uint iolock; 1061 1062 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 1063 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 1064 1065 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 1066 if (error) { 1067 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1068 return error; 1069 } 1070 1071 error = xfs_vn_setattr_size(mnt_userns, dentry, iattr); 1072 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1073 } else { 1074 trace_xfs_setattr(ip); 1075 1076 error = xfs_vn_change_ok(mnt_userns, dentry, iattr); 1077 if (!error) 1078 error = xfs_setattr_nonsize(mnt_userns, ip, iattr); 1079 } 1080 1081 return error; 1082 } 1083 1084 STATIC int 1085 xfs_vn_update_time( 1086 struct inode *inode, 1087 struct timespec64 *now, 1088 int flags) 1089 { 1090 struct xfs_inode *ip = XFS_I(inode); 1091 struct xfs_mount *mp = ip->i_mount; 1092 int log_flags = XFS_ILOG_TIMESTAMP; 1093 struct xfs_trans *tp; 1094 int error; 1095 1096 trace_xfs_update_time(ip); 1097 1098 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1099 if (!((flags & S_VERSION) && 1100 inode_maybe_inc_iversion(inode, false))) 1101 return generic_update_time(inode, now, flags); 1102 1103 /* Capture the iversion update that just occurred */ 1104 log_flags |= XFS_ILOG_CORE; 1105 } 1106 1107 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1108 if (error) 1109 return error; 1110 1111 xfs_ilock(ip, XFS_ILOCK_EXCL); 1112 if (flags & S_CTIME) 1113 inode->i_ctime = *now; 1114 if (flags & S_MTIME) 1115 inode->i_mtime = *now; 1116 if (flags & S_ATIME) 1117 inode->i_atime = *now; 1118 1119 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1120 xfs_trans_log_inode(tp, ip, log_flags); 1121 return xfs_trans_commit(tp); 1122 } 1123 1124 STATIC int 1125 xfs_vn_fiemap( 1126 struct inode *inode, 1127 struct fiemap_extent_info *fieinfo, 1128 u64 start, 1129 u64 length) 1130 { 1131 int error; 1132 1133 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1134 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1135 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1136 error = iomap_fiemap(inode, fieinfo, start, length, 1137 &xfs_xattr_iomap_ops); 1138 } else { 1139 error = iomap_fiemap(inode, fieinfo, start, length, 1140 &xfs_read_iomap_ops); 1141 } 1142 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1143 1144 return error; 1145 } 1146 1147 STATIC int 1148 xfs_vn_tmpfile( 1149 struct user_namespace *mnt_userns, 1150 struct inode *dir, 1151 struct dentry *dentry, 1152 umode_t mode) 1153 { 1154 return xfs_generic_create(mnt_userns, dir, dentry, mode, 0, true); 1155 } 1156 1157 static const struct inode_operations xfs_inode_operations = { 1158 .get_acl = xfs_get_acl, 1159 .set_acl = xfs_set_acl, 1160 .getattr = xfs_vn_getattr, 1161 .setattr = xfs_vn_setattr, 1162 .listxattr = xfs_vn_listxattr, 1163 .fiemap = xfs_vn_fiemap, 1164 .update_time = xfs_vn_update_time, 1165 .fileattr_get = xfs_fileattr_get, 1166 .fileattr_set = xfs_fileattr_set, 1167 }; 1168 1169 static const struct inode_operations xfs_dir_inode_operations = { 1170 .create = xfs_vn_create, 1171 .lookup = xfs_vn_lookup, 1172 .link = xfs_vn_link, 1173 .unlink = xfs_vn_unlink, 1174 .symlink = xfs_vn_symlink, 1175 .mkdir = xfs_vn_mkdir, 1176 /* 1177 * Yes, XFS uses the same method for rmdir and unlink. 1178 * 1179 * There are some subtile differences deeper in the code, 1180 * but we use S_ISDIR to check for those. 1181 */ 1182 .rmdir = xfs_vn_unlink, 1183 .mknod = xfs_vn_mknod, 1184 .rename = xfs_vn_rename, 1185 .get_acl = xfs_get_acl, 1186 .set_acl = xfs_set_acl, 1187 .getattr = xfs_vn_getattr, 1188 .setattr = xfs_vn_setattr, 1189 .listxattr = xfs_vn_listxattr, 1190 .update_time = xfs_vn_update_time, 1191 .tmpfile = xfs_vn_tmpfile, 1192 .fileattr_get = xfs_fileattr_get, 1193 .fileattr_set = xfs_fileattr_set, 1194 }; 1195 1196 static const struct inode_operations xfs_dir_ci_inode_operations = { 1197 .create = xfs_vn_create, 1198 .lookup = xfs_vn_ci_lookup, 1199 .link = xfs_vn_link, 1200 .unlink = xfs_vn_unlink, 1201 .symlink = xfs_vn_symlink, 1202 .mkdir = xfs_vn_mkdir, 1203 /* 1204 * Yes, XFS uses the same method for rmdir and unlink. 1205 * 1206 * There are some subtile differences deeper in the code, 1207 * but we use S_ISDIR to check for those. 1208 */ 1209 .rmdir = xfs_vn_unlink, 1210 .mknod = xfs_vn_mknod, 1211 .rename = xfs_vn_rename, 1212 .get_acl = xfs_get_acl, 1213 .set_acl = xfs_set_acl, 1214 .getattr = xfs_vn_getattr, 1215 .setattr = xfs_vn_setattr, 1216 .listxattr = xfs_vn_listxattr, 1217 .update_time = xfs_vn_update_time, 1218 .tmpfile = xfs_vn_tmpfile, 1219 .fileattr_get = xfs_fileattr_get, 1220 .fileattr_set = xfs_fileattr_set, 1221 }; 1222 1223 static const struct inode_operations xfs_symlink_inode_operations = { 1224 .get_link = xfs_vn_get_link, 1225 .getattr = xfs_vn_getattr, 1226 .setattr = xfs_vn_setattr, 1227 .listxattr = xfs_vn_listxattr, 1228 .update_time = xfs_vn_update_time, 1229 }; 1230 1231 /* Figure out if this file actually supports DAX. */ 1232 static bool 1233 xfs_inode_supports_dax( 1234 struct xfs_inode *ip) 1235 { 1236 struct xfs_mount *mp = ip->i_mount; 1237 1238 /* Only supported on regular files. */ 1239 if (!S_ISREG(VFS_I(ip)->i_mode)) 1240 return false; 1241 1242 /* Only supported on non-reflinked files. */ 1243 if (xfs_is_reflink_inode(ip)) 1244 return false; 1245 1246 /* Block size must match page size */ 1247 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1248 return false; 1249 1250 /* Device has to support DAX too. */ 1251 return xfs_inode_buftarg(ip)->bt_daxdev != NULL; 1252 } 1253 1254 static bool 1255 xfs_inode_should_enable_dax( 1256 struct xfs_inode *ip) 1257 { 1258 if (!IS_ENABLED(CONFIG_FS_DAX)) 1259 return false; 1260 if (xfs_has_dax_never(ip->i_mount)) 1261 return false; 1262 if (!xfs_inode_supports_dax(ip)) 1263 return false; 1264 if (xfs_has_dax_always(ip->i_mount)) 1265 return true; 1266 if (ip->i_diflags2 & XFS_DIFLAG2_DAX) 1267 return true; 1268 return false; 1269 } 1270 1271 void 1272 xfs_diflags_to_iflags( 1273 struct xfs_inode *ip, 1274 bool init) 1275 { 1276 struct inode *inode = VFS_I(ip); 1277 unsigned int xflags = xfs_ip2xflags(ip); 1278 unsigned int flags = 0; 1279 1280 ASSERT(!(IS_DAX(inode) && init)); 1281 1282 if (xflags & FS_XFLAG_IMMUTABLE) 1283 flags |= S_IMMUTABLE; 1284 if (xflags & FS_XFLAG_APPEND) 1285 flags |= S_APPEND; 1286 if (xflags & FS_XFLAG_SYNC) 1287 flags |= S_SYNC; 1288 if (xflags & FS_XFLAG_NOATIME) 1289 flags |= S_NOATIME; 1290 if (init && xfs_inode_should_enable_dax(ip)) 1291 flags |= S_DAX; 1292 1293 /* 1294 * S_DAX can only be set during inode initialization and is never set by 1295 * the VFS, so we cannot mask off S_DAX in i_flags. 1296 */ 1297 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME); 1298 inode->i_flags |= flags; 1299 } 1300 1301 /* 1302 * Initialize the Linux inode. 1303 * 1304 * When reading existing inodes from disk this is called directly from xfs_iget, 1305 * when creating a new inode it is called from xfs_init_new_inode after setting 1306 * up the inode. These callers have different criteria for clearing XFS_INEW, so 1307 * leave it up to the caller to deal with unlocking the inode appropriately. 1308 */ 1309 void 1310 xfs_setup_inode( 1311 struct xfs_inode *ip) 1312 { 1313 struct inode *inode = &ip->i_vnode; 1314 gfp_t gfp_mask; 1315 1316 inode->i_ino = ip->i_ino; 1317 inode->i_state |= I_NEW; 1318 1319 inode_sb_list_add(inode); 1320 /* make the inode look hashed for the writeback code */ 1321 inode_fake_hash(inode); 1322 1323 i_size_write(inode, ip->i_disk_size); 1324 xfs_diflags_to_iflags(ip, true); 1325 1326 if (S_ISDIR(inode->i_mode)) { 1327 /* 1328 * We set the i_rwsem class here to avoid potential races with 1329 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1330 * after a filehandle lookup has already found the inode in 1331 * cache before it has been unlocked via unlock_new_inode(). 1332 */ 1333 lockdep_set_class(&inode->i_rwsem, 1334 &inode->i_sb->s_type->i_mutex_dir_key); 1335 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class); 1336 } else { 1337 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class); 1338 } 1339 1340 /* 1341 * Ensure all page cache allocations are done from GFP_NOFS context to 1342 * prevent direct reclaim recursion back into the filesystem and blowing 1343 * stacks or deadlocking. 1344 */ 1345 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1346 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1347 1348 /* 1349 * If there is no attribute fork no ACL can exist on this inode, 1350 * and it can't have any file capabilities attached to it either. 1351 */ 1352 if (!XFS_IFORK_Q(ip)) { 1353 inode_has_no_xattr(inode); 1354 cache_no_acl(inode); 1355 } 1356 } 1357 1358 void 1359 xfs_setup_iops( 1360 struct xfs_inode *ip) 1361 { 1362 struct inode *inode = &ip->i_vnode; 1363 1364 switch (inode->i_mode & S_IFMT) { 1365 case S_IFREG: 1366 inode->i_op = &xfs_inode_operations; 1367 inode->i_fop = &xfs_file_operations; 1368 if (IS_DAX(inode)) 1369 inode->i_mapping->a_ops = &xfs_dax_aops; 1370 else 1371 inode->i_mapping->a_ops = &xfs_address_space_operations; 1372 break; 1373 case S_IFDIR: 1374 if (xfs_has_asciici(XFS_M(inode->i_sb))) 1375 inode->i_op = &xfs_dir_ci_inode_operations; 1376 else 1377 inode->i_op = &xfs_dir_inode_operations; 1378 inode->i_fop = &xfs_dir_file_operations; 1379 break; 1380 case S_IFLNK: 1381 inode->i_op = &xfs_symlink_inode_operations; 1382 break; 1383 default: 1384 inode->i_op = &xfs_inode_operations; 1385 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1386 break; 1387 } 1388 } 1389