1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_mount.h" 13 #include "xfs_inode.h" 14 #include "xfs_acl.h" 15 #include "xfs_quota.h" 16 #include "xfs_da_format.h" 17 #include "xfs_da_btree.h" 18 #include "xfs_attr.h" 19 #include "xfs_trans.h" 20 #include "xfs_trace.h" 21 #include "xfs_icache.h" 22 #include "xfs_symlink.h" 23 #include "xfs_dir2.h" 24 #include "xfs_iomap.h" 25 #include "xfs_error.h" 26 #include "xfs_ioctl.h" 27 #include "xfs_xattr.h" 28 29 #include <linux/posix_acl.h> 30 #include <linux/security.h> 31 #include <linux/iversion.h> 32 #include <linux/fiemap.h> 33 34 /* 35 * Directories have different lock order w.r.t. mmap_lock compared to regular 36 * files. This is due to readdir potentially triggering page faults on a user 37 * buffer inside filldir(), and this happens with the ilock on the directory 38 * held. For regular files, the lock order is the other way around - the 39 * mmap_lock is taken during the page fault, and then we lock the ilock to do 40 * block mapping. Hence we need a different class for the directory ilock so 41 * that lockdep can tell them apart. 42 */ 43 static struct lock_class_key xfs_nondir_ilock_class; 44 static struct lock_class_key xfs_dir_ilock_class; 45 46 static int 47 xfs_initxattrs( 48 struct inode *inode, 49 const struct xattr *xattr_array, 50 void *fs_info) 51 { 52 const struct xattr *xattr; 53 struct xfs_inode *ip = XFS_I(inode); 54 int error = 0; 55 56 for (xattr = xattr_array; xattr->name != NULL; xattr++) { 57 struct xfs_da_args args = { 58 .dp = ip, 59 .attr_filter = XFS_ATTR_SECURE, 60 .name = xattr->name, 61 .namelen = strlen(xattr->name), 62 .value = xattr->value, 63 .valuelen = xattr->value_len, 64 }; 65 error = xfs_attr_change(&args); 66 if (error < 0) 67 break; 68 } 69 return error; 70 } 71 72 /* 73 * Hook in SELinux. This is not quite correct yet, what we really need 74 * here (as we do for default ACLs) is a mechanism by which creation of 75 * these attrs can be journalled at inode creation time (along with the 76 * inode, of course, such that log replay can't cause these to be lost). 77 */ 78 79 STATIC int 80 xfs_init_security( 81 struct inode *inode, 82 struct inode *dir, 83 const struct qstr *qstr) 84 { 85 return security_inode_init_security(inode, dir, qstr, 86 &xfs_initxattrs, NULL); 87 } 88 89 static void 90 xfs_dentry_to_name( 91 struct xfs_name *namep, 92 struct dentry *dentry) 93 { 94 namep->name = dentry->d_name.name; 95 namep->len = dentry->d_name.len; 96 namep->type = XFS_DIR3_FT_UNKNOWN; 97 } 98 99 static int 100 xfs_dentry_mode_to_name( 101 struct xfs_name *namep, 102 struct dentry *dentry, 103 int mode) 104 { 105 namep->name = dentry->d_name.name; 106 namep->len = dentry->d_name.len; 107 namep->type = xfs_mode_to_ftype(mode); 108 109 if (unlikely(namep->type == XFS_DIR3_FT_UNKNOWN)) 110 return -EFSCORRUPTED; 111 112 return 0; 113 } 114 115 STATIC void 116 xfs_cleanup_inode( 117 struct inode *dir, 118 struct inode *inode, 119 struct dentry *dentry) 120 { 121 struct xfs_name teardown; 122 123 /* Oh, the horror. 124 * If we can't add the ACL or we fail in 125 * xfs_init_security we must back out. 126 * ENOSPC can hit here, among other things. 127 */ 128 xfs_dentry_to_name(&teardown, dentry); 129 130 xfs_remove(XFS_I(dir), &teardown, XFS_I(inode)); 131 } 132 133 /* 134 * Check to see if we are likely to need an extended attribute to be added to 135 * the inode we are about to allocate. This allows the attribute fork to be 136 * created during the inode allocation, reducing the number of transactions we 137 * need to do in this fast path. 138 * 139 * The security checks are optimistic, but not guaranteed. The two LSMs that 140 * require xattrs to be added here (selinux and smack) are also the only two 141 * LSMs that add a sb->s_security structure to the superblock. Hence if security 142 * is enabled and sb->s_security is set, we have a pretty good idea that we are 143 * going to be asked to add a security xattr immediately after allocating the 144 * xfs inode and instantiating the VFS inode. 145 */ 146 static inline bool 147 xfs_create_need_xattr( 148 struct inode *dir, 149 struct posix_acl *default_acl, 150 struct posix_acl *acl) 151 { 152 if (acl) 153 return true; 154 if (default_acl) 155 return true; 156 #if IS_ENABLED(CONFIG_SECURITY) 157 if (dir->i_sb->s_security) 158 return true; 159 #endif 160 return false; 161 } 162 163 164 STATIC int 165 xfs_generic_create( 166 struct user_namespace *mnt_userns, 167 struct inode *dir, 168 struct dentry *dentry, 169 umode_t mode, 170 dev_t rdev, 171 bool tmpfile) /* unnamed file */ 172 { 173 struct inode *inode; 174 struct xfs_inode *ip = NULL; 175 struct posix_acl *default_acl, *acl; 176 struct xfs_name name; 177 int error; 178 179 /* 180 * Irix uses Missed'em'V split, but doesn't want to see 181 * the upper 5 bits of (14bit) major. 182 */ 183 if (S_ISCHR(mode) || S_ISBLK(mode)) { 184 if (unlikely(!sysv_valid_dev(rdev) || MAJOR(rdev) & ~0x1ff)) 185 return -EINVAL; 186 } else { 187 rdev = 0; 188 } 189 190 error = posix_acl_create(dir, &mode, &default_acl, &acl); 191 if (error) 192 return error; 193 194 /* Verify mode is valid also for tmpfile case */ 195 error = xfs_dentry_mode_to_name(&name, dentry, mode); 196 if (unlikely(error)) 197 goto out_free_acl; 198 199 if (!tmpfile) { 200 error = xfs_create(mnt_userns, XFS_I(dir), &name, mode, rdev, 201 xfs_create_need_xattr(dir, default_acl, acl), 202 &ip); 203 } else { 204 error = xfs_create_tmpfile(mnt_userns, XFS_I(dir), mode, &ip); 205 } 206 if (unlikely(error)) 207 goto out_free_acl; 208 209 inode = VFS_I(ip); 210 211 error = xfs_init_security(inode, dir, &dentry->d_name); 212 if (unlikely(error)) 213 goto out_cleanup_inode; 214 215 if (default_acl) { 216 error = __xfs_set_acl(inode, default_acl, ACL_TYPE_DEFAULT); 217 if (error) 218 goto out_cleanup_inode; 219 } 220 if (acl) { 221 error = __xfs_set_acl(inode, acl, ACL_TYPE_ACCESS); 222 if (error) 223 goto out_cleanup_inode; 224 } 225 226 xfs_setup_iops(ip); 227 228 if (tmpfile) { 229 /* 230 * The VFS requires that any inode fed to d_tmpfile must have 231 * nlink == 1 so that it can decrement the nlink in d_tmpfile. 232 * However, we created the temp file with nlink == 0 because 233 * we're not allowed to put an inode with nlink > 0 on the 234 * unlinked list. Therefore we have to set nlink to 1 so that 235 * d_tmpfile can immediately set it back to zero. 236 */ 237 set_nlink(inode, 1); 238 d_tmpfile(dentry, inode); 239 } else 240 d_instantiate(dentry, inode); 241 242 xfs_finish_inode_setup(ip); 243 244 out_free_acl: 245 posix_acl_release(default_acl); 246 posix_acl_release(acl); 247 return error; 248 249 out_cleanup_inode: 250 xfs_finish_inode_setup(ip); 251 if (!tmpfile) 252 xfs_cleanup_inode(dir, inode, dentry); 253 xfs_irele(ip); 254 goto out_free_acl; 255 } 256 257 STATIC int 258 xfs_vn_mknod( 259 struct user_namespace *mnt_userns, 260 struct inode *dir, 261 struct dentry *dentry, 262 umode_t mode, 263 dev_t rdev) 264 { 265 return xfs_generic_create(mnt_userns, dir, dentry, mode, rdev, false); 266 } 267 268 STATIC int 269 xfs_vn_create( 270 struct user_namespace *mnt_userns, 271 struct inode *dir, 272 struct dentry *dentry, 273 umode_t mode, 274 bool flags) 275 { 276 return xfs_generic_create(mnt_userns, dir, dentry, mode, 0, false); 277 } 278 279 STATIC int 280 xfs_vn_mkdir( 281 struct user_namespace *mnt_userns, 282 struct inode *dir, 283 struct dentry *dentry, 284 umode_t mode) 285 { 286 return xfs_generic_create(mnt_userns, dir, dentry, mode | S_IFDIR, 0, 287 false); 288 } 289 290 STATIC struct dentry * 291 xfs_vn_lookup( 292 struct inode *dir, 293 struct dentry *dentry, 294 unsigned int flags) 295 { 296 struct inode *inode; 297 struct xfs_inode *cip; 298 struct xfs_name name; 299 int error; 300 301 if (dentry->d_name.len >= MAXNAMELEN) 302 return ERR_PTR(-ENAMETOOLONG); 303 304 xfs_dentry_to_name(&name, dentry); 305 error = xfs_lookup(XFS_I(dir), &name, &cip, NULL); 306 if (likely(!error)) 307 inode = VFS_I(cip); 308 else if (likely(error == -ENOENT)) 309 inode = NULL; 310 else 311 inode = ERR_PTR(error); 312 return d_splice_alias(inode, dentry); 313 } 314 315 STATIC struct dentry * 316 xfs_vn_ci_lookup( 317 struct inode *dir, 318 struct dentry *dentry, 319 unsigned int flags) 320 { 321 struct xfs_inode *ip; 322 struct xfs_name xname; 323 struct xfs_name ci_name; 324 struct qstr dname; 325 int error; 326 327 if (dentry->d_name.len >= MAXNAMELEN) 328 return ERR_PTR(-ENAMETOOLONG); 329 330 xfs_dentry_to_name(&xname, dentry); 331 error = xfs_lookup(XFS_I(dir), &xname, &ip, &ci_name); 332 if (unlikely(error)) { 333 if (unlikely(error != -ENOENT)) 334 return ERR_PTR(error); 335 /* 336 * call d_add(dentry, NULL) here when d_drop_negative_children 337 * is called in xfs_vn_mknod (ie. allow negative dentries 338 * with CI filesystems). 339 */ 340 return NULL; 341 } 342 343 /* if exact match, just splice and exit */ 344 if (!ci_name.name) 345 return d_splice_alias(VFS_I(ip), dentry); 346 347 /* else case-insensitive match... */ 348 dname.name = ci_name.name; 349 dname.len = ci_name.len; 350 dentry = d_add_ci(dentry, VFS_I(ip), &dname); 351 kmem_free(ci_name.name); 352 return dentry; 353 } 354 355 STATIC int 356 xfs_vn_link( 357 struct dentry *old_dentry, 358 struct inode *dir, 359 struct dentry *dentry) 360 { 361 struct inode *inode = d_inode(old_dentry); 362 struct xfs_name name; 363 int error; 364 365 error = xfs_dentry_mode_to_name(&name, dentry, inode->i_mode); 366 if (unlikely(error)) 367 return error; 368 369 error = xfs_link(XFS_I(dir), XFS_I(inode), &name); 370 if (unlikely(error)) 371 return error; 372 373 ihold(inode); 374 d_instantiate(dentry, inode); 375 return 0; 376 } 377 378 STATIC int 379 xfs_vn_unlink( 380 struct inode *dir, 381 struct dentry *dentry) 382 { 383 struct xfs_name name; 384 int error; 385 386 xfs_dentry_to_name(&name, dentry); 387 388 error = xfs_remove(XFS_I(dir), &name, XFS_I(d_inode(dentry))); 389 if (error) 390 return error; 391 392 /* 393 * With unlink, the VFS makes the dentry "negative": no inode, 394 * but still hashed. This is incompatible with case-insensitive 395 * mode, so invalidate (unhash) the dentry in CI-mode. 396 */ 397 if (xfs_has_asciici(XFS_M(dir->i_sb))) 398 d_invalidate(dentry); 399 return 0; 400 } 401 402 STATIC int 403 xfs_vn_symlink( 404 struct user_namespace *mnt_userns, 405 struct inode *dir, 406 struct dentry *dentry, 407 const char *symname) 408 { 409 struct inode *inode; 410 struct xfs_inode *cip = NULL; 411 struct xfs_name name; 412 int error; 413 umode_t mode; 414 415 mode = S_IFLNK | 416 (irix_symlink_mode ? 0777 & ~current_umask() : S_IRWXUGO); 417 error = xfs_dentry_mode_to_name(&name, dentry, mode); 418 if (unlikely(error)) 419 goto out; 420 421 error = xfs_symlink(mnt_userns, XFS_I(dir), &name, symname, mode, &cip); 422 if (unlikely(error)) 423 goto out; 424 425 inode = VFS_I(cip); 426 427 error = xfs_init_security(inode, dir, &dentry->d_name); 428 if (unlikely(error)) 429 goto out_cleanup_inode; 430 431 xfs_setup_iops(cip); 432 433 d_instantiate(dentry, inode); 434 xfs_finish_inode_setup(cip); 435 return 0; 436 437 out_cleanup_inode: 438 xfs_finish_inode_setup(cip); 439 xfs_cleanup_inode(dir, inode, dentry); 440 xfs_irele(cip); 441 out: 442 return error; 443 } 444 445 STATIC int 446 xfs_vn_rename( 447 struct user_namespace *mnt_userns, 448 struct inode *odir, 449 struct dentry *odentry, 450 struct inode *ndir, 451 struct dentry *ndentry, 452 unsigned int flags) 453 { 454 struct inode *new_inode = d_inode(ndentry); 455 int omode = 0; 456 int error; 457 struct xfs_name oname; 458 struct xfs_name nname; 459 460 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT)) 461 return -EINVAL; 462 463 /* if we are exchanging files, we need to set i_mode of both files */ 464 if (flags & RENAME_EXCHANGE) 465 omode = d_inode(ndentry)->i_mode; 466 467 error = xfs_dentry_mode_to_name(&oname, odentry, omode); 468 if (omode && unlikely(error)) 469 return error; 470 471 error = xfs_dentry_mode_to_name(&nname, ndentry, 472 d_inode(odentry)->i_mode); 473 if (unlikely(error)) 474 return error; 475 476 return xfs_rename(mnt_userns, XFS_I(odir), &oname, 477 XFS_I(d_inode(odentry)), XFS_I(ndir), &nname, 478 new_inode ? XFS_I(new_inode) : NULL, flags); 479 } 480 481 /* 482 * careful here - this function can get called recursively, so 483 * we need to be very careful about how much stack we use. 484 * uio is kmalloced for this reason... 485 */ 486 STATIC const char * 487 xfs_vn_get_link( 488 struct dentry *dentry, 489 struct inode *inode, 490 struct delayed_call *done) 491 { 492 char *link; 493 int error = -ENOMEM; 494 495 if (!dentry) 496 return ERR_PTR(-ECHILD); 497 498 link = kmalloc(XFS_SYMLINK_MAXLEN+1, GFP_KERNEL); 499 if (!link) 500 goto out_err; 501 502 error = xfs_readlink(XFS_I(d_inode(dentry)), link); 503 if (unlikely(error)) 504 goto out_kfree; 505 506 set_delayed_call(done, kfree_link, link); 507 return link; 508 509 out_kfree: 510 kfree(link); 511 out_err: 512 return ERR_PTR(error); 513 } 514 515 static uint32_t 516 xfs_stat_blksize( 517 struct xfs_inode *ip) 518 { 519 struct xfs_mount *mp = ip->i_mount; 520 521 /* 522 * If the file blocks are being allocated from a realtime volume, then 523 * always return the realtime extent size. 524 */ 525 if (XFS_IS_REALTIME_INODE(ip)) 526 return XFS_FSB_TO_B(mp, xfs_get_extsz_hint(ip)); 527 528 /* 529 * Allow large block sizes to be reported to userspace programs if the 530 * "largeio" mount option is used. 531 * 532 * If compatibility mode is specified, simply return the basic unit of 533 * caching so that we don't get inefficient read/modify/write I/O from 534 * user apps. Otherwise.... 535 * 536 * If the underlying volume is a stripe, then return the stripe width in 537 * bytes as the recommended I/O size. It is not a stripe and we've set a 538 * default buffered I/O size, return that, otherwise return the compat 539 * default. 540 */ 541 if (xfs_has_large_iosize(mp)) { 542 if (mp->m_swidth) 543 return XFS_FSB_TO_B(mp, mp->m_swidth); 544 if (xfs_has_allocsize(mp)) 545 return 1U << mp->m_allocsize_log; 546 } 547 548 return PAGE_SIZE; 549 } 550 551 STATIC int 552 xfs_vn_getattr( 553 struct user_namespace *mnt_userns, 554 const struct path *path, 555 struct kstat *stat, 556 u32 request_mask, 557 unsigned int query_flags) 558 { 559 struct inode *inode = d_inode(path->dentry); 560 struct xfs_inode *ip = XFS_I(inode); 561 struct xfs_mount *mp = ip->i_mount; 562 563 trace_xfs_getattr(ip); 564 565 if (xfs_is_shutdown(mp)) 566 return -EIO; 567 568 stat->size = XFS_ISIZE(ip); 569 stat->dev = inode->i_sb->s_dev; 570 stat->mode = inode->i_mode; 571 stat->nlink = inode->i_nlink; 572 stat->uid = i_uid_into_mnt(mnt_userns, inode); 573 stat->gid = i_gid_into_mnt(mnt_userns, inode); 574 stat->ino = ip->i_ino; 575 stat->atime = inode->i_atime; 576 stat->mtime = inode->i_mtime; 577 stat->ctime = inode->i_ctime; 578 stat->blocks = XFS_FSB_TO_BB(mp, ip->i_nblocks + ip->i_delayed_blks); 579 580 if (xfs_has_v3inodes(mp)) { 581 if (request_mask & STATX_BTIME) { 582 stat->result_mask |= STATX_BTIME; 583 stat->btime = ip->i_crtime; 584 } 585 } 586 587 /* 588 * Note: If you add another clause to set an attribute flag, please 589 * update attributes_mask below. 590 */ 591 if (ip->i_diflags & XFS_DIFLAG_IMMUTABLE) 592 stat->attributes |= STATX_ATTR_IMMUTABLE; 593 if (ip->i_diflags & XFS_DIFLAG_APPEND) 594 stat->attributes |= STATX_ATTR_APPEND; 595 if (ip->i_diflags & XFS_DIFLAG_NODUMP) 596 stat->attributes |= STATX_ATTR_NODUMP; 597 598 stat->attributes_mask |= (STATX_ATTR_IMMUTABLE | 599 STATX_ATTR_APPEND | 600 STATX_ATTR_NODUMP); 601 602 switch (inode->i_mode & S_IFMT) { 603 case S_IFBLK: 604 case S_IFCHR: 605 stat->blksize = BLKDEV_IOSIZE; 606 stat->rdev = inode->i_rdev; 607 break; 608 default: 609 stat->blksize = xfs_stat_blksize(ip); 610 stat->rdev = 0; 611 break; 612 } 613 614 return 0; 615 } 616 617 static int 618 xfs_vn_change_ok( 619 struct user_namespace *mnt_userns, 620 struct dentry *dentry, 621 struct iattr *iattr) 622 { 623 struct xfs_mount *mp = XFS_I(d_inode(dentry))->i_mount; 624 625 if (xfs_is_readonly(mp)) 626 return -EROFS; 627 628 if (xfs_is_shutdown(mp)) 629 return -EIO; 630 631 return setattr_prepare(mnt_userns, dentry, iattr); 632 } 633 634 /* 635 * Set non-size attributes of an inode. 636 * 637 * Caution: The caller of this function is responsible for calling 638 * setattr_prepare() or otherwise verifying the change is fine. 639 */ 640 static int 641 xfs_setattr_nonsize( 642 struct user_namespace *mnt_userns, 643 struct xfs_inode *ip, 644 struct iattr *iattr) 645 { 646 xfs_mount_t *mp = ip->i_mount; 647 struct inode *inode = VFS_I(ip); 648 int mask = iattr->ia_valid; 649 xfs_trans_t *tp; 650 int error; 651 kuid_t uid = GLOBAL_ROOT_UID; 652 kgid_t gid = GLOBAL_ROOT_GID; 653 struct xfs_dquot *udqp = NULL, *gdqp = NULL; 654 struct xfs_dquot *old_udqp = NULL, *old_gdqp = NULL; 655 656 ASSERT((mask & ATTR_SIZE) == 0); 657 658 /* 659 * If disk quotas is on, we make sure that the dquots do exist on disk, 660 * before we start any other transactions. Trying to do this later 661 * is messy. We don't care to take a readlock to look at the ids 662 * in inode here, because we can't hold it across the trans_reserve. 663 * If the IDs do change before we take the ilock, we're covered 664 * because the i_*dquot fields will get updated anyway. 665 */ 666 if (XFS_IS_QUOTA_ON(mp) && (mask & (ATTR_UID|ATTR_GID))) { 667 uint qflags = 0; 668 669 if ((mask & ATTR_UID) && XFS_IS_UQUOTA_ON(mp)) { 670 uid = from_vfsuid(mnt_userns, i_user_ns(inode), 671 iattr->ia_vfsuid); 672 qflags |= XFS_QMOPT_UQUOTA; 673 } else { 674 uid = inode->i_uid; 675 } 676 if ((mask & ATTR_GID) && XFS_IS_GQUOTA_ON(mp)) { 677 gid = from_vfsgid(mnt_userns, i_user_ns(inode), 678 iattr->ia_vfsgid); 679 qflags |= XFS_QMOPT_GQUOTA; 680 } else { 681 gid = inode->i_gid; 682 } 683 684 /* 685 * We take a reference when we initialize udqp and gdqp, 686 * so it is important that we never blindly double trip on 687 * the same variable. See xfs_create() for an example. 688 */ 689 ASSERT(udqp == NULL); 690 ASSERT(gdqp == NULL); 691 error = xfs_qm_vop_dqalloc(ip, uid, gid, ip->i_projid, 692 qflags, &udqp, &gdqp, NULL); 693 if (error) 694 return error; 695 } 696 697 error = xfs_trans_alloc_ichange(ip, udqp, gdqp, NULL, 698 has_capability_noaudit(current, CAP_FOWNER), &tp); 699 if (error) 700 goto out_dqrele; 701 702 /* 703 * Register quota modifications in the transaction. Must be the owner 704 * or privileged. These IDs could have changed since we last looked at 705 * them. But, we're assured that if the ownership did change while we 706 * didn't have the inode locked, inode's dquot(s) would have changed 707 * also. 708 */ 709 if (XFS_IS_UQUOTA_ON(mp) && 710 i_uid_needs_update(mnt_userns, iattr, inode)) { 711 ASSERT(udqp); 712 old_udqp = xfs_qm_vop_chown(tp, ip, &ip->i_udquot, udqp); 713 } 714 if (XFS_IS_GQUOTA_ON(mp) && 715 i_gid_needs_update(mnt_userns, iattr, inode)) { 716 ASSERT(xfs_has_pquotino(mp) || !XFS_IS_PQUOTA_ON(mp)); 717 ASSERT(gdqp); 718 old_gdqp = xfs_qm_vop_chown(tp, ip, &ip->i_gdquot, gdqp); 719 } 720 721 setattr_copy(mnt_userns, inode, iattr); 722 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 723 724 XFS_STATS_INC(mp, xs_ig_attrchg); 725 726 if (xfs_has_wsync(mp)) 727 xfs_trans_set_sync(tp); 728 error = xfs_trans_commit(tp); 729 730 /* 731 * Release any dquot(s) the inode had kept before chown. 732 */ 733 xfs_qm_dqrele(old_udqp); 734 xfs_qm_dqrele(old_gdqp); 735 xfs_qm_dqrele(udqp); 736 xfs_qm_dqrele(gdqp); 737 738 if (error) 739 return error; 740 741 /* 742 * XXX(hch): Updating the ACL entries is not atomic vs the i_mode 743 * update. We could avoid this with linked transactions 744 * and passing down the transaction pointer all the way 745 * to attr_set. No previous user of the generic 746 * Posix ACL code seems to care about this issue either. 747 */ 748 if (mask & ATTR_MODE) { 749 error = posix_acl_chmod(mnt_userns, inode, inode->i_mode); 750 if (error) 751 return error; 752 } 753 754 return 0; 755 756 out_dqrele: 757 xfs_qm_dqrele(udqp); 758 xfs_qm_dqrele(gdqp); 759 return error; 760 } 761 762 /* 763 * Truncate file. Must have write permission and not be a directory. 764 * 765 * Caution: The caller of this function is responsible for calling 766 * setattr_prepare() or otherwise verifying the change is fine. 767 */ 768 STATIC int 769 xfs_setattr_size( 770 struct user_namespace *mnt_userns, 771 struct xfs_inode *ip, 772 struct iattr *iattr) 773 { 774 struct xfs_mount *mp = ip->i_mount; 775 struct inode *inode = VFS_I(ip); 776 xfs_off_t oldsize, newsize; 777 struct xfs_trans *tp; 778 int error; 779 uint lock_flags = 0; 780 bool did_zeroing = false; 781 782 ASSERT(xfs_isilocked(ip, XFS_IOLOCK_EXCL)); 783 ASSERT(xfs_isilocked(ip, XFS_MMAPLOCK_EXCL)); 784 ASSERT(S_ISREG(inode->i_mode)); 785 ASSERT((iattr->ia_valid & (ATTR_UID|ATTR_GID|ATTR_ATIME|ATTR_ATIME_SET| 786 ATTR_MTIME_SET|ATTR_TIMES_SET)) == 0); 787 788 oldsize = inode->i_size; 789 newsize = iattr->ia_size; 790 791 /* 792 * Short circuit the truncate case for zero length files. 793 */ 794 if (newsize == 0 && oldsize == 0 && ip->i_df.if_nextents == 0) { 795 if (!(iattr->ia_valid & (ATTR_CTIME|ATTR_MTIME))) 796 return 0; 797 798 /* 799 * Use the regular setattr path to update the timestamps. 800 */ 801 iattr->ia_valid &= ~ATTR_SIZE; 802 return xfs_setattr_nonsize(mnt_userns, ip, iattr); 803 } 804 805 /* 806 * Make sure that the dquots are attached to the inode. 807 */ 808 error = xfs_qm_dqattach(ip); 809 if (error) 810 return error; 811 812 /* 813 * Wait for all direct I/O to complete. 814 */ 815 inode_dio_wait(inode); 816 817 /* 818 * File data changes must be complete before we start the transaction to 819 * modify the inode. This needs to be done before joining the inode to 820 * the transaction because the inode cannot be unlocked once it is a 821 * part of the transaction. 822 * 823 * Start with zeroing any data beyond EOF that we may expose on file 824 * extension, or zeroing out the rest of the block on a downward 825 * truncate. 826 */ 827 if (newsize > oldsize) { 828 trace_xfs_zero_eof(ip, oldsize, newsize - oldsize); 829 error = xfs_zero_range(ip, oldsize, newsize - oldsize, 830 &did_zeroing); 831 } else { 832 /* 833 * iomap won't detect a dirty page over an unwritten block (or a 834 * cow block over a hole) and subsequently skips zeroing the 835 * newly post-EOF portion of the page. Flush the new EOF to 836 * convert the block before the pagecache truncate. 837 */ 838 error = filemap_write_and_wait_range(inode->i_mapping, newsize, 839 newsize); 840 if (error) 841 return error; 842 error = xfs_truncate_page(ip, newsize, &did_zeroing); 843 } 844 845 if (error) 846 return error; 847 848 /* 849 * We've already locked out new page faults, so now we can safely remove 850 * pages from the page cache knowing they won't get refaulted until we 851 * drop the XFS_MMAP_EXCL lock after the extent manipulations are 852 * complete. The truncate_setsize() call also cleans partial EOF page 853 * PTEs on extending truncates and hence ensures sub-page block size 854 * filesystems are correctly handled, too. 855 * 856 * We have to do all the page cache truncate work outside the 857 * transaction context as the "lock" order is page lock->log space 858 * reservation as defined by extent allocation in the writeback path. 859 * Hence a truncate can fail with ENOMEM from xfs_trans_alloc(), but 860 * having already truncated the in-memory version of the file (i.e. made 861 * user visible changes). There's not much we can do about this, except 862 * to hope that the caller sees ENOMEM and retries the truncate 863 * operation. 864 * 865 * And we update in-core i_size and truncate page cache beyond newsize 866 * before writeback the [i_disk_size, newsize] range, so we're 867 * guaranteed not to write stale data past the new EOF on truncate down. 868 */ 869 truncate_setsize(inode, newsize); 870 871 /* 872 * We are going to log the inode size change in this transaction so 873 * any previous writes that are beyond the on disk EOF and the new 874 * EOF that have not been written out need to be written here. If we 875 * do not write the data out, we expose ourselves to the null files 876 * problem. Note that this includes any block zeroing we did above; 877 * otherwise those blocks may not be zeroed after a crash. 878 */ 879 if (did_zeroing || 880 (newsize > ip->i_disk_size && oldsize != ip->i_disk_size)) { 881 error = filemap_write_and_wait_range(VFS_I(ip)->i_mapping, 882 ip->i_disk_size, newsize - 1); 883 if (error) 884 return error; 885 } 886 887 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 888 if (error) 889 return error; 890 891 lock_flags |= XFS_ILOCK_EXCL; 892 xfs_ilock(ip, XFS_ILOCK_EXCL); 893 xfs_trans_ijoin(tp, ip, 0); 894 895 /* 896 * Only change the c/mtime if we are changing the size or we are 897 * explicitly asked to change it. This handles the semantic difference 898 * between truncate() and ftruncate() as implemented in the VFS. 899 * 900 * The regular truncate() case without ATTR_CTIME and ATTR_MTIME is a 901 * special case where we need to update the times despite not having 902 * these flags set. For all other operations the VFS set these flags 903 * explicitly if it wants a timestamp update. 904 */ 905 if (newsize != oldsize && 906 !(iattr->ia_valid & (ATTR_CTIME | ATTR_MTIME))) { 907 iattr->ia_ctime = iattr->ia_mtime = 908 current_time(inode); 909 iattr->ia_valid |= ATTR_CTIME | ATTR_MTIME; 910 } 911 912 /* 913 * The first thing we do is set the size to new_size permanently on 914 * disk. This way we don't have to worry about anyone ever being able 915 * to look at the data being freed even in the face of a crash. 916 * What we're getting around here is the case where we free a block, it 917 * is allocated to another file, it is written to, and then we crash. 918 * If the new data gets written to the file but the log buffers 919 * containing the free and reallocation don't, then we'd end up with 920 * garbage in the blocks being freed. As long as we make the new size 921 * permanent before actually freeing any blocks it doesn't matter if 922 * they get written to. 923 */ 924 ip->i_disk_size = newsize; 925 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 926 927 if (newsize <= oldsize) { 928 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, newsize); 929 if (error) 930 goto out_trans_cancel; 931 932 /* 933 * Truncated "down", so we're removing references to old data 934 * here - if we delay flushing for a long time, we expose 935 * ourselves unduly to the notorious NULL files problem. So, 936 * we mark this inode and flush it when the file is closed, 937 * and do not wait the usual (long) time for writeout. 938 */ 939 xfs_iflags_set(ip, XFS_ITRUNCATED); 940 941 /* A truncate down always removes post-EOF blocks. */ 942 xfs_inode_clear_eofblocks_tag(ip); 943 } 944 945 ASSERT(!(iattr->ia_valid & (ATTR_UID | ATTR_GID))); 946 setattr_copy(mnt_userns, inode, iattr); 947 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 948 949 XFS_STATS_INC(mp, xs_ig_attrchg); 950 951 if (xfs_has_wsync(mp)) 952 xfs_trans_set_sync(tp); 953 954 error = xfs_trans_commit(tp); 955 out_unlock: 956 if (lock_flags) 957 xfs_iunlock(ip, lock_flags); 958 return error; 959 960 out_trans_cancel: 961 xfs_trans_cancel(tp); 962 goto out_unlock; 963 } 964 965 int 966 xfs_vn_setattr_size( 967 struct user_namespace *mnt_userns, 968 struct dentry *dentry, 969 struct iattr *iattr) 970 { 971 struct xfs_inode *ip = XFS_I(d_inode(dentry)); 972 int error; 973 974 trace_xfs_setattr(ip); 975 976 error = xfs_vn_change_ok(mnt_userns, dentry, iattr); 977 if (error) 978 return error; 979 return xfs_setattr_size(mnt_userns, ip, iattr); 980 } 981 982 STATIC int 983 xfs_vn_setattr( 984 struct user_namespace *mnt_userns, 985 struct dentry *dentry, 986 struct iattr *iattr) 987 { 988 struct inode *inode = d_inode(dentry); 989 struct xfs_inode *ip = XFS_I(inode); 990 int error; 991 992 if (iattr->ia_valid & ATTR_SIZE) { 993 uint iolock; 994 995 xfs_ilock(ip, XFS_MMAPLOCK_EXCL); 996 iolock = XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL; 997 998 error = xfs_break_layouts(inode, &iolock, BREAK_UNMAP); 999 if (error) { 1000 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1001 return error; 1002 } 1003 1004 error = xfs_vn_setattr_size(mnt_userns, dentry, iattr); 1005 xfs_iunlock(ip, XFS_MMAPLOCK_EXCL); 1006 } else { 1007 trace_xfs_setattr(ip); 1008 1009 error = xfs_vn_change_ok(mnt_userns, dentry, iattr); 1010 if (!error) 1011 error = xfs_setattr_nonsize(mnt_userns, ip, iattr); 1012 } 1013 1014 return error; 1015 } 1016 1017 STATIC int 1018 xfs_vn_update_time( 1019 struct inode *inode, 1020 struct timespec64 *now, 1021 int flags) 1022 { 1023 struct xfs_inode *ip = XFS_I(inode); 1024 struct xfs_mount *mp = ip->i_mount; 1025 int log_flags = XFS_ILOG_TIMESTAMP; 1026 struct xfs_trans *tp; 1027 int error; 1028 1029 trace_xfs_update_time(ip); 1030 1031 if (inode->i_sb->s_flags & SB_LAZYTIME) { 1032 if (!((flags & S_VERSION) && 1033 inode_maybe_inc_iversion(inode, false))) 1034 return generic_update_time(inode, now, flags); 1035 1036 /* Capture the iversion update that just occurred */ 1037 log_flags |= XFS_ILOG_CORE; 1038 } 1039 1040 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_fsyncts, 0, 0, 0, &tp); 1041 if (error) 1042 return error; 1043 1044 xfs_ilock(ip, XFS_ILOCK_EXCL); 1045 if (flags & S_CTIME) 1046 inode->i_ctime = *now; 1047 if (flags & S_MTIME) 1048 inode->i_mtime = *now; 1049 if (flags & S_ATIME) 1050 inode->i_atime = *now; 1051 1052 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL); 1053 xfs_trans_log_inode(tp, ip, log_flags); 1054 return xfs_trans_commit(tp); 1055 } 1056 1057 STATIC int 1058 xfs_vn_fiemap( 1059 struct inode *inode, 1060 struct fiemap_extent_info *fieinfo, 1061 u64 start, 1062 u64 length) 1063 { 1064 int error; 1065 1066 xfs_ilock(XFS_I(inode), XFS_IOLOCK_SHARED); 1067 if (fieinfo->fi_flags & FIEMAP_FLAG_XATTR) { 1068 fieinfo->fi_flags &= ~FIEMAP_FLAG_XATTR; 1069 error = iomap_fiemap(inode, fieinfo, start, length, 1070 &xfs_xattr_iomap_ops); 1071 } else { 1072 error = iomap_fiemap(inode, fieinfo, start, length, 1073 &xfs_read_iomap_ops); 1074 } 1075 xfs_iunlock(XFS_I(inode), XFS_IOLOCK_SHARED); 1076 1077 return error; 1078 } 1079 1080 STATIC int 1081 xfs_vn_tmpfile( 1082 struct user_namespace *mnt_userns, 1083 struct inode *dir, 1084 struct dentry *dentry, 1085 umode_t mode) 1086 { 1087 return xfs_generic_create(mnt_userns, dir, dentry, mode, 0, true); 1088 } 1089 1090 static const struct inode_operations xfs_inode_operations = { 1091 .get_acl = xfs_get_acl, 1092 .set_acl = xfs_set_acl, 1093 .getattr = xfs_vn_getattr, 1094 .setattr = xfs_vn_setattr, 1095 .listxattr = xfs_vn_listxattr, 1096 .fiemap = xfs_vn_fiemap, 1097 .update_time = xfs_vn_update_time, 1098 .fileattr_get = xfs_fileattr_get, 1099 .fileattr_set = xfs_fileattr_set, 1100 }; 1101 1102 static const struct inode_operations xfs_dir_inode_operations = { 1103 .create = xfs_vn_create, 1104 .lookup = xfs_vn_lookup, 1105 .link = xfs_vn_link, 1106 .unlink = xfs_vn_unlink, 1107 .symlink = xfs_vn_symlink, 1108 .mkdir = xfs_vn_mkdir, 1109 /* 1110 * Yes, XFS uses the same method for rmdir and unlink. 1111 * 1112 * There are some subtile differences deeper in the code, 1113 * but we use S_ISDIR to check for those. 1114 */ 1115 .rmdir = xfs_vn_unlink, 1116 .mknod = xfs_vn_mknod, 1117 .rename = xfs_vn_rename, 1118 .get_acl = xfs_get_acl, 1119 .set_acl = xfs_set_acl, 1120 .getattr = xfs_vn_getattr, 1121 .setattr = xfs_vn_setattr, 1122 .listxattr = xfs_vn_listxattr, 1123 .update_time = xfs_vn_update_time, 1124 .tmpfile = xfs_vn_tmpfile, 1125 .fileattr_get = xfs_fileattr_get, 1126 .fileattr_set = xfs_fileattr_set, 1127 }; 1128 1129 static const struct inode_operations xfs_dir_ci_inode_operations = { 1130 .create = xfs_vn_create, 1131 .lookup = xfs_vn_ci_lookup, 1132 .link = xfs_vn_link, 1133 .unlink = xfs_vn_unlink, 1134 .symlink = xfs_vn_symlink, 1135 .mkdir = xfs_vn_mkdir, 1136 /* 1137 * Yes, XFS uses the same method for rmdir and unlink. 1138 * 1139 * There are some subtile differences deeper in the code, 1140 * but we use S_ISDIR to check for those. 1141 */ 1142 .rmdir = xfs_vn_unlink, 1143 .mknod = xfs_vn_mknod, 1144 .rename = xfs_vn_rename, 1145 .get_acl = xfs_get_acl, 1146 .set_acl = xfs_set_acl, 1147 .getattr = xfs_vn_getattr, 1148 .setattr = xfs_vn_setattr, 1149 .listxattr = xfs_vn_listxattr, 1150 .update_time = xfs_vn_update_time, 1151 .tmpfile = xfs_vn_tmpfile, 1152 .fileattr_get = xfs_fileattr_get, 1153 .fileattr_set = xfs_fileattr_set, 1154 }; 1155 1156 static const struct inode_operations xfs_symlink_inode_operations = { 1157 .get_link = xfs_vn_get_link, 1158 .getattr = xfs_vn_getattr, 1159 .setattr = xfs_vn_setattr, 1160 .listxattr = xfs_vn_listxattr, 1161 .update_time = xfs_vn_update_time, 1162 }; 1163 1164 /* Figure out if this file actually supports DAX. */ 1165 static bool 1166 xfs_inode_supports_dax( 1167 struct xfs_inode *ip) 1168 { 1169 struct xfs_mount *mp = ip->i_mount; 1170 1171 /* Only supported on regular files. */ 1172 if (!S_ISREG(VFS_I(ip)->i_mode)) 1173 return false; 1174 1175 /* Only supported on non-reflinked files. */ 1176 if (xfs_is_reflink_inode(ip)) 1177 return false; 1178 1179 /* Block size must match page size */ 1180 if (mp->m_sb.sb_blocksize != PAGE_SIZE) 1181 return false; 1182 1183 /* Device has to support DAX too. */ 1184 return xfs_inode_buftarg(ip)->bt_daxdev != NULL; 1185 } 1186 1187 static bool 1188 xfs_inode_should_enable_dax( 1189 struct xfs_inode *ip) 1190 { 1191 if (!IS_ENABLED(CONFIG_FS_DAX)) 1192 return false; 1193 if (xfs_has_dax_never(ip->i_mount)) 1194 return false; 1195 if (!xfs_inode_supports_dax(ip)) 1196 return false; 1197 if (xfs_has_dax_always(ip->i_mount)) 1198 return true; 1199 if (ip->i_diflags2 & XFS_DIFLAG2_DAX) 1200 return true; 1201 return false; 1202 } 1203 1204 void 1205 xfs_diflags_to_iflags( 1206 struct xfs_inode *ip, 1207 bool init) 1208 { 1209 struct inode *inode = VFS_I(ip); 1210 unsigned int xflags = xfs_ip2xflags(ip); 1211 unsigned int flags = 0; 1212 1213 ASSERT(!(IS_DAX(inode) && init)); 1214 1215 if (xflags & FS_XFLAG_IMMUTABLE) 1216 flags |= S_IMMUTABLE; 1217 if (xflags & FS_XFLAG_APPEND) 1218 flags |= S_APPEND; 1219 if (xflags & FS_XFLAG_SYNC) 1220 flags |= S_SYNC; 1221 if (xflags & FS_XFLAG_NOATIME) 1222 flags |= S_NOATIME; 1223 if (init && xfs_inode_should_enable_dax(ip)) 1224 flags |= S_DAX; 1225 1226 /* 1227 * S_DAX can only be set during inode initialization and is never set by 1228 * the VFS, so we cannot mask off S_DAX in i_flags. 1229 */ 1230 inode->i_flags &= ~(S_IMMUTABLE | S_APPEND | S_SYNC | S_NOATIME); 1231 inode->i_flags |= flags; 1232 } 1233 1234 /* 1235 * Initialize the Linux inode. 1236 * 1237 * When reading existing inodes from disk this is called directly from xfs_iget, 1238 * when creating a new inode it is called from xfs_init_new_inode after setting 1239 * up the inode. These callers have different criteria for clearing XFS_INEW, so 1240 * leave it up to the caller to deal with unlocking the inode appropriately. 1241 */ 1242 void 1243 xfs_setup_inode( 1244 struct xfs_inode *ip) 1245 { 1246 struct inode *inode = &ip->i_vnode; 1247 gfp_t gfp_mask; 1248 1249 inode->i_ino = ip->i_ino; 1250 inode->i_state |= I_NEW; 1251 1252 inode_sb_list_add(inode); 1253 /* make the inode look hashed for the writeback code */ 1254 inode_fake_hash(inode); 1255 1256 i_size_write(inode, ip->i_disk_size); 1257 xfs_diflags_to_iflags(ip, true); 1258 1259 if (S_ISDIR(inode->i_mode)) { 1260 /* 1261 * We set the i_rwsem class here to avoid potential races with 1262 * lockdep_annotate_inode_mutex_key() reinitialising the lock 1263 * after a filehandle lookup has already found the inode in 1264 * cache before it has been unlocked via unlock_new_inode(). 1265 */ 1266 lockdep_set_class(&inode->i_rwsem, 1267 &inode->i_sb->s_type->i_mutex_dir_key); 1268 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_dir_ilock_class); 1269 } else { 1270 lockdep_set_class(&ip->i_lock.mr_lock, &xfs_nondir_ilock_class); 1271 } 1272 1273 /* 1274 * Ensure all page cache allocations are done from GFP_NOFS context to 1275 * prevent direct reclaim recursion back into the filesystem and blowing 1276 * stacks or deadlocking. 1277 */ 1278 gfp_mask = mapping_gfp_mask(inode->i_mapping); 1279 mapping_set_gfp_mask(inode->i_mapping, (gfp_mask & ~(__GFP_FS))); 1280 1281 /* 1282 * If there is no attribute fork no ACL can exist on this inode, 1283 * and it can't have any file capabilities attached to it either. 1284 */ 1285 if (!XFS_IFORK_Q(ip)) { 1286 inode_has_no_xattr(inode); 1287 cache_no_acl(inode); 1288 } 1289 } 1290 1291 void 1292 xfs_setup_iops( 1293 struct xfs_inode *ip) 1294 { 1295 struct inode *inode = &ip->i_vnode; 1296 1297 switch (inode->i_mode & S_IFMT) { 1298 case S_IFREG: 1299 inode->i_op = &xfs_inode_operations; 1300 inode->i_fop = &xfs_file_operations; 1301 if (IS_DAX(inode)) 1302 inode->i_mapping->a_ops = &xfs_dax_aops; 1303 else 1304 inode->i_mapping->a_ops = &xfs_address_space_operations; 1305 break; 1306 case S_IFDIR: 1307 if (xfs_has_asciici(XFS_M(inode->i_sb))) 1308 inode->i_op = &xfs_dir_ci_inode_operations; 1309 else 1310 inode->i_op = &xfs_dir_inode_operations; 1311 inode->i_fop = &xfs_dir_file_operations; 1312 break; 1313 case S_IFLNK: 1314 inode->i_op = &xfs_symlink_inode_operations; 1315 break; 1316 default: 1317 inode->i_op = &xfs_inode_operations; 1318 init_special_inode(inode, inode->i_mode, inode->i_rdev); 1319 break; 1320 } 1321 } 1322