cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

dir.c (44936B)


      1// SPDX-License-Identifier: GPL-2.0-only
      2/* * This file is part of UBIFS.
      3 *
      4 * Copyright (C) 2006-2008 Nokia Corporation.
      5 * Copyright (C) 2006, 2007 University of Szeged, Hungary
      6 *
      7 * Authors: Artem Bityutskiy (Битюцкий Артём)
      8 *          Adrian Hunter
      9 *          Zoltan Sogor
     10 */
     11
     12/*
     13 * This file implements directory operations.
     14 *
     15 * All FS operations in this file allocate budget before writing anything to the
     16 * media. If they fail to allocate it, the error is returned. The only
     17 * exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even
     18 * if they unable to allocate the budget, because deletion %-ENOSPC failure is
     19 * not what users are usually ready to get. UBIFS budgeting subsystem has some
     20 * space reserved for these purposes.
     21 *
     22 * All operations in this file write all inodes which they change straight
     23 * away, instead of marking them dirty. For example, 'ubifs_link()' changes
     24 * @i_size of the parent inode and writes the parent inode together with the
     25 * target inode. This was done to simplify file-system recovery which would
     26 * otherwise be very difficult to do. The only exception is rename which marks
     27 * the re-named inode dirty (because its @i_ctime is updated) but does not
     28 * write it, but just marks it as dirty.
     29 */
     30
     31#include "ubifs.h"
     32
     33/**
     34 * inherit_flags - inherit flags of the parent inode.
     35 * @dir: parent inode
     36 * @mode: new inode mode flags
     37 *
     38 * This is a helper function for 'ubifs_new_inode()' which inherits flag of the
     39 * parent directory inode @dir. UBIFS inodes inherit the following flags:
     40 * o %UBIFS_COMPR_FL, which is useful to switch compression on/of on
     41 *   sub-directory basis;
     42 * o %UBIFS_SYNC_FL - useful for the same reasons;
     43 * o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories.
     44 *
     45 * This function returns the inherited flags.
     46 */
     47static int inherit_flags(const struct inode *dir, umode_t mode)
     48{
     49	int flags;
     50	const struct ubifs_inode *ui = ubifs_inode(dir);
     51
     52	if (!S_ISDIR(dir->i_mode))
     53		/*
     54		 * The parent is not a directory, which means that an extended
     55		 * attribute inode is being created. No flags.
     56		 */
     57		return 0;
     58
     59	flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL);
     60	if (!S_ISDIR(mode))
     61		/* The "DIRSYNC" flag only applies to directories */
     62		flags &= ~UBIFS_DIRSYNC_FL;
     63	return flags;
     64}
     65
     66/**
     67 * ubifs_new_inode - allocate new UBIFS inode object.
     68 * @c: UBIFS file-system description object
     69 * @dir: parent directory inode
     70 * @mode: inode mode flags
     71 *
     72 * This function finds an unused inode number, allocates new inode and
     73 * initializes it. Returns new inode in case of success and an error code in
     74 * case of failure.
     75 */
     76struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
     77			      umode_t mode)
     78{
     79	int err;
     80	struct inode *inode;
     81	struct ubifs_inode *ui;
     82	bool encrypted = false;
     83
     84	inode = new_inode(c->vfs_sb);
     85	ui = ubifs_inode(inode);
     86	if (!inode)
     87		return ERR_PTR(-ENOMEM);
     88
     89	/*
     90	 * Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and
     91	 * marking them dirty in file write path (see 'file_update_time()').
     92	 * UBIFS has to fully control "clean <-> dirty" transitions of inodes
     93	 * to make budgeting work.
     94	 */
     95	inode->i_flags |= S_NOCMTIME;
     96
     97	inode_init_owner(&init_user_ns, inode, dir, mode);
     98	inode->i_mtime = inode->i_atime = inode->i_ctime =
     99			 current_time(inode);
    100	inode->i_mapping->nrpages = 0;
    101
    102	err = fscrypt_prepare_new_inode(dir, inode, &encrypted);
    103	if (err) {
    104		ubifs_err(c, "fscrypt_prepare_new_inode failed: %i", err);
    105		goto out_iput;
    106	}
    107
    108	switch (mode & S_IFMT) {
    109	case S_IFREG:
    110		inode->i_mapping->a_ops = &ubifs_file_address_operations;
    111		inode->i_op = &ubifs_file_inode_operations;
    112		inode->i_fop = &ubifs_file_operations;
    113		break;
    114	case S_IFDIR:
    115		inode->i_op  = &ubifs_dir_inode_operations;
    116		inode->i_fop = &ubifs_dir_operations;
    117		inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ;
    118		break;
    119	case S_IFLNK:
    120		inode->i_op = &ubifs_symlink_inode_operations;
    121		break;
    122	case S_IFSOCK:
    123	case S_IFIFO:
    124	case S_IFBLK:
    125	case S_IFCHR:
    126		inode->i_op  = &ubifs_file_inode_operations;
    127		break;
    128	default:
    129		BUG();
    130	}
    131
    132	ui->flags = inherit_flags(dir, mode);
    133	ubifs_set_inode_flags(inode);
    134	if (S_ISREG(mode))
    135		ui->compr_type = c->default_compr;
    136	else
    137		ui->compr_type = UBIFS_COMPR_NONE;
    138	ui->synced_i_size = 0;
    139
    140	spin_lock(&c->cnt_lock);
    141	/* Inode number overflow is currently not supported */
    142	if (c->highest_inum >= INUM_WARN_WATERMARK) {
    143		if (c->highest_inum >= INUM_WATERMARK) {
    144			spin_unlock(&c->cnt_lock);
    145			ubifs_err(c, "out of inode numbers");
    146			err = -EINVAL;
    147			goto out_iput;
    148		}
    149		ubifs_warn(c, "running out of inode numbers (current %lu, max %u)",
    150			   (unsigned long)c->highest_inum, INUM_WATERMARK);
    151	}
    152
    153	inode->i_ino = ++c->highest_inum;
    154	/*
    155	 * The creation sequence number remains with this inode for its
    156	 * lifetime. All nodes for this inode have a greater sequence number,
    157	 * and so it is possible to distinguish obsolete nodes belonging to a
    158	 * previous incarnation of the same inode number - for example, for the
    159	 * purpose of rebuilding the index.
    160	 */
    161	ui->creat_sqnum = ++c->max_sqnum;
    162	spin_unlock(&c->cnt_lock);
    163
    164	if (encrypted) {
    165		err = fscrypt_set_context(inode, NULL);
    166		if (err) {
    167			ubifs_err(c, "fscrypt_set_context failed: %i", err);
    168			goto out_iput;
    169		}
    170	}
    171
    172	return inode;
    173
    174out_iput:
    175	make_bad_inode(inode);
    176	iput(inode);
    177	return ERR_PTR(err);
    178}
    179
    180static int dbg_check_name(const struct ubifs_info *c,
    181			  const struct ubifs_dent_node *dent,
    182			  const struct fscrypt_name *nm)
    183{
    184	if (!dbg_is_chk_gen(c))
    185		return 0;
    186	if (le16_to_cpu(dent->nlen) != fname_len(nm))
    187		return -EINVAL;
    188	if (memcmp(dent->name, fname_name(nm), fname_len(nm)))
    189		return -EINVAL;
    190	return 0;
    191}
    192
    193static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
    194				   unsigned int flags)
    195{
    196	int err;
    197	union ubifs_key key;
    198	struct inode *inode = NULL;
    199	struct ubifs_dent_node *dent = NULL;
    200	struct ubifs_info *c = dir->i_sb->s_fs_info;
    201	struct fscrypt_name nm;
    202
    203	dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino);
    204
    205	err = fscrypt_prepare_lookup(dir, dentry, &nm);
    206	generic_set_encrypted_ci_d_ops(dentry);
    207	if (err == -ENOENT)
    208		return d_splice_alias(NULL, dentry);
    209	if (err)
    210		return ERR_PTR(err);
    211
    212	if (fname_len(&nm) > UBIFS_MAX_NLEN) {
    213		inode = ERR_PTR(-ENAMETOOLONG);
    214		goto done;
    215	}
    216
    217	dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
    218	if (!dent) {
    219		inode = ERR_PTR(-ENOMEM);
    220		goto done;
    221	}
    222
    223	if (fname_name(&nm) == NULL) {
    224		if (nm.hash & ~UBIFS_S_KEY_HASH_MASK)
    225			goto done; /* ENOENT */
    226		dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
    227		err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
    228	} else {
    229		dent_key_init(c, &key, dir->i_ino, &nm);
    230		err = ubifs_tnc_lookup_nm(c, &key, dent, &nm);
    231	}
    232
    233	if (err) {
    234		if (err == -ENOENT)
    235			dbg_gen("not found");
    236		else
    237			inode = ERR_PTR(err);
    238		goto done;
    239	}
    240
    241	if (dbg_check_name(c, dent, &nm)) {
    242		inode = ERR_PTR(-EINVAL);
    243		goto done;
    244	}
    245
    246	inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum));
    247	if (IS_ERR(inode)) {
    248		/*
    249		 * This should not happen. Probably the file-system needs
    250		 * checking.
    251		 */
    252		err = PTR_ERR(inode);
    253		ubifs_err(c, "dead directory entry '%pd', error %d",
    254			  dentry, err);
    255		ubifs_ro_mode(c, err);
    256		goto done;
    257	}
    258
    259	if (IS_ENCRYPTED(dir) &&
    260	    (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
    261	    !fscrypt_has_permitted_context(dir, inode)) {
    262		ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
    263			   dir->i_ino, inode->i_ino);
    264		iput(inode);
    265		inode = ERR_PTR(-EPERM);
    266	}
    267
    268done:
    269	kfree(dent);
    270	fscrypt_free_filename(&nm);
    271	return d_splice_alias(inode, dentry);
    272}
    273
    274static int ubifs_prepare_create(struct inode *dir, struct dentry *dentry,
    275				struct fscrypt_name *nm)
    276{
    277	if (fscrypt_is_nokey_name(dentry))
    278		return -ENOKEY;
    279
    280	return fscrypt_setup_filename(dir, &dentry->d_name, 0, nm);
    281}
    282
    283static int ubifs_create(struct user_namespace *mnt_userns, struct inode *dir,
    284			struct dentry *dentry, umode_t mode, bool excl)
    285{
    286	struct inode *inode;
    287	struct ubifs_info *c = dir->i_sb->s_fs_info;
    288	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
    289					.dirtied_ino = 1 };
    290	struct ubifs_inode *dir_ui = ubifs_inode(dir);
    291	struct fscrypt_name nm;
    292	int err, sz_change;
    293
    294	/*
    295	 * Budget request settings: new inode, new direntry, changing the
    296	 * parent directory inode.
    297	 */
    298
    299	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
    300		dentry, mode, dir->i_ino);
    301
    302	err = ubifs_budget_space(c, &req);
    303	if (err)
    304		return err;
    305
    306	err = ubifs_prepare_create(dir, dentry, &nm);
    307	if (err)
    308		goto out_budg;
    309
    310	sz_change = CALC_DENT_SIZE(fname_len(&nm));
    311
    312	inode = ubifs_new_inode(c, dir, mode);
    313	if (IS_ERR(inode)) {
    314		err = PTR_ERR(inode);
    315		goto out_fname;
    316	}
    317
    318	err = ubifs_init_security(dir, inode, &dentry->d_name);
    319	if (err)
    320		goto out_inode;
    321
    322	mutex_lock(&dir_ui->ui_mutex);
    323	dir->i_size += sz_change;
    324	dir_ui->ui_size = dir->i_size;
    325	dir->i_mtime = dir->i_ctime = inode->i_ctime;
    326	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
    327	if (err)
    328		goto out_cancel;
    329	mutex_unlock(&dir_ui->ui_mutex);
    330
    331	ubifs_release_budget(c, &req);
    332	fscrypt_free_filename(&nm);
    333	insert_inode_hash(inode);
    334	d_instantiate(dentry, inode);
    335	return 0;
    336
    337out_cancel:
    338	dir->i_size -= sz_change;
    339	dir_ui->ui_size = dir->i_size;
    340	mutex_unlock(&dir_ui->ui_mutex);
    341out_inode:
    342	make_bad_inode(inode);
    343	iput(inode);
    344out_fname:
    345	fscrypt_free_filename(&nm);
    346out_budg:
    347	ubifs_release_budget(c, &req);
    348	ubifs_err(c, "cannot create regular file, error %d", err);
    349	return err;
    350}
    351
    352static struct inode *create_whiteout(struct inode *dir, struct dentry *dentry)
    353{
    354	int err;
    355	umode_t mode = S_IFCHR | WHITEOUT_MODE;
    356	struct inode *inode;
    357	struct ubifs_info *c = dir->i_sb->s_fs_info;
    358	struct fscrypt_name nm;
    359
    360	/*
    361	 * Create an inode('nlink = 1') for whiteout without updating journal,
    362	 * let ubifs_jnl_rename() store it on flash to complete rename whiteout
    363	 * atomically.
    364	 */
    365
    366	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
    367		dentry, mode, dir->i_ino);
    368
    369	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
    370	if (err)
    371		return ERR_PTR(err);
    372
    373	inode = ubifs_new_inode(c, dir, mode);
    374	if (IS_ERR(inode)) {
    375		err = PTR_ERR(inode);
    376		goto out_free;
    377	}
    378
    379	init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
    380	ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations);
    381
    382	err = ubifs_init_security(dir, inode, &dentry->d_name);
    383	if (err)
    384		goto out_inode;
    385
    386	/* The dir size is updated by do_rename. */
    387	insert_inode_hash(inode);
    388
    389	return inode;
    390
    391out_inode:
    392	make_bad_inode(inode);
    393	iput(inode);
    394out_free:
    395	fscrypt_free_filename(&nm);
    396	ubifs_err(c, "cannot create whiteout file, error %d", err);
    397	return ERR_PTR(err);
    398}
    399
    400/**
    401 * lock_2_inodes - a wrapper for locking two UBIFS inodes.
    402 * @inode1: first inode
    403 * @inode2: second inode
    404 *
    405 * We do not implement any tricks to guarantee strict lock ordering, because
    406 * VFS has already done it for us on the @i_mutex. So this is just a simple
    407 * wrapper function.
    408 */
    409static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
    410{
    411	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
    412	mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
    413}
    414
    415/**
    416 * unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
    417 * @inode1: first inode
    418 * @inode2: second inode
    419 */
    420static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
    421{
    422	mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
    423	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
    424}
    425
    426static int ubifs_tmpfile(struct user_namespace *mnt_userns, struct inode *dir,
    427			 struct dentry *dentry, umode_t mode)
    428{
    429	struct inode *inode;
    430	struct ubifs_info *c = dir->i_sb->s_fs_info;
    431	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
    432					.dirtied_ino = 1};
    433	struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
    434	struct ubifs_inode *ui;
    435	int err, instantiated = 0;
    436	struct fscrypt_name nm;
    437
    438	/*
    439	 * Budget request settings: new inode, new direntry, changing the
    440	 * parent directory inode.
    441	 * Allocate budget separately for new dirtied inode, the budget will
    442	 * be released via writeback.
    443	 */
    444
    445	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
    446		dentry, mode, dir->i_ino);
    447
    448	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
    449	if (err)
    450		return err;
    451
    452	err = ubifs_budget_space(c, &req);
    453	if (err) {
    454		fscrypt_free_filename(&nm);
    455		return err;
    456	}
    457
    458	err = ubifs_budget_space(c, &ino_req);
    459	if (err) {
    460		ubifs_release_budget(c, &req);
    461		fscrypt_free_filename(&nm);
    462		return err;
    463	}
    464
    465	inode = ubifs_new_inode(c, dir, mode);
    466	if (IS_ERR(inode)) {
    467		err = PTR_ERR(inode);
    468		goto out_budg;
    469	}
    470	ui = ubifs_inode(inode);
    471
    472	err = ubifs_init_security(dir, inode, &dentry->d_name);
    473	if (err)
    474		goto out_inode;
    475
    476	mutex_lock(&ui->ui_mutex);
    477	insert_inode_hash(inode);
    478	d_tmpfile(dentry, inode);
    479	ubifs_assert(c, ui->dirty);
    480
    481	instantiated = 1;
    482	mutex_unlock(&ui->ui_mutex);
    483
    484	lock_2_inodes(dir, inode);
    485	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
    486	if (err)
    487		goto out_cancel;
    488	unlock_2_inodes(dir, inode);
    489
    490	ubifs_release_budget(c, &req);
    491
    492	return 0;
    493
    494out_cancel:
    495	unlock_2_inodes(dir, inode);
    496out_inode:
    497	make_bad_inode(inode);
    498	if (!instantiated)
    499		iput(inode);
    500out_budg:
    501	ubifs_release_budget(c, &req);
    502	if (!instantiated)
    503		ubifs_release_budget(c, &ino_req);
    504	fscrypt_free_filename(&nm);
    505	ubifs_err(c, "cannot create temporary file, error %d", err);
    506	return err;
    507}
    508
    509/**
    510 * vfs_dent_type - get VFS directory entry type.
    511 * @type: UBIFS directory entry type
    512 *
    513 * This function converts UBIFS directory entry type into VFS directory entry
    514 * type.
    515 */
    516static unsigned int vfs_dent_type(uint8_t type)
    517{
    518	switch (type) {
    519	case UBIFS_ITYPE_REG:
    520		return DT_REG;
    521	case UBIFS_ITYPE_DIR:
    522		return DT_DIR;
    523	case UBIFS_ITYPE_LNK:
    524		return DT_LNK;
    525	case UBIFS_ITYPE_BLK:
    526		return DT_BLK;
    527	case UBIFS_ITYPE_CHR:
    528		return DT_CHR;
    529	case UBIFS_ITYPE_FIFO:
    530		return DT_FIFO;
    531	case UBIFS_ITYPE_SOCK:
    532		return DT_SOCK;
    533	default:
    534		BUG();
    535	}
    536	return 0;
    537}
    538
    539/*
    540 * The classical Unix view for directory is that it is a linear array of
    541 * (name, inode number) entries. Linux/VFS assumes this model as well.
    542 * Particularly, 'readdir()' call wants us to return a directory entry offset
    543 * which later may be used to continue 'readdir()'ing the directory or to
    544 * 'seek()' to that specific direntry. Obviously UBIFS does not really fit this
    545 * model because directory entries are identified by keys, which may collide.
    546 *
    547 * UBIFS uses directory entry hash value for directory offsets, so
    548 * 'seekdir()'/'telldir()' may not always work because of possible key
    549 * collisions. But UBIFS guarantees that consecutive 'readdir()' calls work
    550 * properly by means of saving full directory entry name in the private field
    551 * of the file description object.
    552 *
    553 * This means that UBIFS cannot support NFS which requires full
    554 * 'seekdir()'/'telldir()' support.
    555 */
    556static int ubifs_readdir(struct file *file, struct dir_context *ctx)
    557{
    558	int fstr_real_len = 0, err = 0;
    559	struct fscrypt_name nm;
    560	struct fscrypt_str fstr = {0};
    561	union ubifs_key key;
    562	struct ubifs_dent_node *dent;
    563	struct inode *dir = file_inode(file);
    564	struct ubifs_info *c = dir->i_sb->s_fs_info;
    565	bool encrypted = IS_ENCRYPTED(dir);
    566
    567	dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos);
    568
    569	if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2)
    570		/*
    571		 * The directory was seek'ed to a senseless position or there
    572		 * are no more entries.
    573		 */
    574		return 0;
    575
    576	if (encrypted) {
    577		err = fscrypt_prepare_readdir(dir);
    578		if (err)
    579			return err;
    580
    581		err = fscrypt_fname_alloc_buffer(UBIFS_MAX_NLEN, &fstr);
    582		if (err)
    583			return err;
    584
    585		fstr_real_len = fstr.len;
    586	}
    587
    588	if (file->f_version == 0) {
    589		/*
    590		 * The file was seek'ed, which means that @file->private_data
    591		 * is now invalid. This may also be just the first
    592		 * 'ubifs_readdir()' invocation, in which case
    593		 * @file->private_data is NULL, and the below code is
    594		 * basically a no-op.
    595		 */
    596		kfree(file->private_data);
    597		file->private_data = NULL;
    598	}
    599
    600	/*
    601	 * 'generic_file_llseek()' unconditionally sets @file->f_version to
    602	 * zero, and we use this for detecting whether the file was seek'ed.
    603	 */
    604	file->f_version = 1;
    605
    606	/* File positions 0 and 1 correspond to "." and ".." */
    607	if (ctx->pos < 2) {
    608		ubifs_assert(c, !file->private_data);
    609		if (!dir_emit_dots(file, ctx)) {
    610			if (encrypted)
    611				fscrypt_fname_free_buffer(&fstr);
    612			return 0;
    613		}
    614
    615		/* Find the first entry in TNC and save it */
    616		lowest_dent_key(c, &key, dir->i_ino);
    617		fname_len(&nm) = 0;
    618		dent = ubifs_tnc_next_ent(c, &key, &nm);
    619		if (IS_ERR(dent)) {
    620			err = PTR_ERR(dent);
    621			goto out;
    622		}
    623
    624		ctx->pos = key_hash_flash(c, &dent->key);
    625		file->private_data = dent;
    626	}
    627
    628	dent = file->private_data;
    629	if (!dent) {
    630		/*
    631		 * The directory was seek'ed to and is now readdir'ed.
    632		 * Find the entry corresponding to @ctx->pos or the closest one.
    633		 */
    634		dent_key_init_hash(c, &key, dir->i_ino, ctx->pos);
    635		fname_len(&nm) = 0;
    636		dent = ubifs_tnc_next_ent(c, &key, &nm);
    637		if (IS_ERR(dent)) {
    638			err = PTR_ERR(dent);
    639			goto out;
    640		}
    641		ctx->pos = key_hash_flash(c, &dent->key);
    642		file->private_data = dent;
    643	}
    644
    645	while (1) {
    646		dbg_gen("ino %llu, new f_pos %#x",
    647			(unsigned long long)le64_to_cpu(dent->inum),
    648			key_hash_flash(c, &dent->key));
    649		ubifs_assert(c, le64_to_cpu(dent->ch.sqnum) >
    650			     ubifs_inode(dir)->creat_sqnum);
    651
    652		fname_len(&nm) = le16_to_cpu(dent->nlen);
    653		fname_name(&nm) = dent->name;
    654
    655		if (encrypted) {
    656			fstr.len = fstr_real_len;
    657
    658			err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c,
    659							&dent->key),
    660							le32_to_cpu(dent->cookie),
    661							&nm.disk_name, &fstr);
    662			if (err)
    663				goto out;
    664		} else {
    665			fstr.len = fname_len(&nm);
    666			fstr.name = fname_name(&nm);
    667		}
    668
    669		if (!dir_emit(ctx, fstr.name, fstr.len,
    670			       le64_to_cpu(dent->inum),
    671			       vfs_dent_type(dent->type))) {
    672			if (encrypted)
    673				fscrypt_fname_free_buffer(&fstr);
    674			return 0;
    675		}
    676
    677		/* Switch to the next entry */
    678		key_read(c, &dent->key, &key);
    679		dent = ubifs_tnc_next_ent(c, &key, &nm);
    680		if (IS_ERR(dent)) {
    681			err = PTR_ERR(dent);
    682			goto out;
    683		}
    684
    685		kfree(file->private_data);
    686		ctx->pos = key_hash_flash(c, &dent->key);
    687		file->private_data = dent;
    688		cond_resched();
    689	}
    690
    691out:
    692	kfree(file->private_data);
    693	file->private_data = NULL;
    694
    695	if (encrypted)
    696		fscrypt_fname_free_buffer(&fstr);
    697
    698	if (err != -ENOENT)
    699		ubifs_err(c, "cannot find next direntry, error %d", err);
    700	else
    701		/*
    702		 * -ENOENT is a non-fatal error in this context, the TNC uses
    703		 * it to indicate that the cursor moved past the current directory
    704		 * and readdir() has to stop.
    705		 */
    706		err = 0;
    707
    708
    709	/* 2 is a special value indicating that there are no more direntries */
    710	ctx->pos = 2;
    711	return err;
    712}
    713
    714/* Free saved readdir() state when the directory is closed */
    715static int ubifs_dir_release(struct inode *dir, struct file *file)
    716{
    717	kfree(file->private_data);
    718	file->private_data = NULL;
    719	return 0;
    720}
    721
    722static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
    723		      struct dentry *dentry)
    724{
    725	struct ubifs_info *c = dir->i_sb->s_fs_info;
    726	struct inode *inode = d_inode(old_dentry);
    727	struct ubifs_inode *ui = ubifs_inode(inode);
    728	struct ubifs_inode *dir_ui = ubifs_inode(dir);
    729	int err, sz_change = CALC_DENT_SIZE(dentry->d_name.len);
    730	struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2,
    731				.dirtied_ino_d = ALIGN(ui->data_len, 8) };
    732	struct fscrypt_name nm;
    733
    734	/*
    735	 * Budget request settings: new direntry, changing the target inode,
    736	 * changing the parent inode.
    737	 */
    738
    739	dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu",
    740		dentry, inode->i_ino,
    741		inode->i_nlink, dir->i_ino);
    742	ubifs_assert(c, inode_is_locked(dir));
    743	ubifs_assert(c, inode_is_locked(inode));
    744
    745	err = fscrypt_prepare_link(old_dentry, dir, dentry);
    746	if (err)
    747		return err;
    748
    749	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
    750	if (err)
    751		return err;
    752
    753	err = dbg_check_synced_i_size(c, inode);
    754	if (err)
    755		goto out_fname;
    756
    757	err = ubifs_budget_space(c, &req);
    758	if (err)
    759		goto out_fname;
    760
    761	lock_2_inodes(dir, inode);
    762
    763	/* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
    764	if (inode->i_nlink == 0)
    765		ubifs_delete_orphan(c, inode->i_ino);
    766
    767	inc_nlink(inode);
    768	ihold(inode);
    769	inode->i_ctime = current_time(inode);
    770	dir->i_size += sz_change;
    771	dir_ui->ui_size = dir->i_size;
    772	dir->i_mtime = dir->i_ctime = inode->i_ctime;
    773	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
    774	if (err)
    775		goto out_cancel;
    776	unlock_2_inodes(dir, inode);
    777
    778	ubifs_release_budget(c, &req);
    779	d_instantiate(dentry, inode);
    780	fscrypt_free_filename(&nm);
    781	return 0;
    782
    783out_cancel:
    784	dir->i_size -= sz_change;
    785	dir_ui->ui_size = dir->i_size;
    786	drop_nlink(inode);
    787	if (inode->i_nlink == 0)
    788		ubifs_add_orphan(c, inode->i_ino);
    789	unlock_2_inodes(dir, inode);
    790	ubifs_release_budget(c, &req);
    791	iput(inode);
    792out_fname:
    793	fscrypt_free_filename(&nm);
    794	return err;
    795}
    796
    797static int ubifs_unlink(struct inode *dir, struct dentry *dentry)
    798{
    799	struct ubifs_info *c = dir->i_sb->s_fs_info;
    800	struct inode *inode = d_inode(dentry);
    801	struct ubifs_inode *dir_ui = ubifs_inode(dir);
    802	int err, sz_change, budgeted = 1;
    803	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
    804	unsigned int saved_nlink = inode->i_nlink;
    805	struct fscrypt_name nm;
    806
    807	/*
    808	 * Budget request settings: deletion direntry, deletion inode (+1 for
    809	 * @dirtied_ino), changing the parent directory inode. If budgeting
    810	 * fails, go ahead anyway because we have extra space reserved for
    811	 * deletions.
    812	 */
    813
    814	dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu",
    815		dentry, inode->i_ino,
    816		inode->i_nlink, dir->i_ino);
    817
    818	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
    819	if (err)
    820		return err;
    821
    822	err = ubifs_purge_xattrs(inode);
    823	if (err)
    824		return err;
    825
    826	sz_change = CALC_DENT_SIZE(fname_len(&nm));
    827
    828	ubifs_assert(c, inode_is_locked(dir));
    829	ubifs_assert(c, inode_is_locked(inode));
    830	err = dbg_check_synced_i_size(c, inode);
    831	if (err)
    832		goto out_fname;
    833
    834	err = ubifs_budget_space(c, &req);
    835	if (err) {
    836		if (err != -ENOSPC)
    837			goto out_fname;
    838		budgeted = 0;
    839	}
    840
    841	lock_2_inodes(dir, inode);
    842	inode->i_ctime = current_time(dir);
    843	drop_nlink(inode);
    844	dir->i_size -= sz_change;
    845	dir_ui->ui_size = dir->i_size;
    846	dir->i_mtime = dir->i_ctime = inode->i_ctime;
    847	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
    848	if (err)
    849		goto out_cancel;
    850	unlock_2_inodes(dir, inode);
    851
    852	if (budgeted)
    853		ubifs_release_budget(c, &req);
    854	else {
    855		/* We've deleted something - clean the "no space" flags */
    856		c->bi.nospace = c->bi.nospace_rp = 0;
    857		smp_wmb();
    858	}
    859	fscrypt_free_filename(&nm);
    860	return 0;
    861
    862out_cancel:
    863	dir->i_size += sz_change;
    864	dir_ui->ui_size = dir->i_size;
    865	set_nlink(inode, saved_nlink);
    866	unlock_2_inodes(dir, inode);
    867	if (budgeted)
    868		ubifs_release_budget(c, &req);
    869out_fname:
    870	fscrypt_free_filename(&nm);
    871	return err;
    872}
    873
    874/**
    875 * check_dir_empty - check if a directory is empty or not.
    876 * @dir: VFS inode object of the directory to check
    877 *
    878 * This function checks if directory @dir is empty. Returns zero if the
    879 * directory is empty, %-ENOTEMPTY if it is not, and other negative error codes
    880 * in case of errors.
    881 */
    882int ubifs_check_dir_empty(struct inode *dir)
    883{
    884	struct ubifs_info *c = dir->i_sb->s_fs_info;
    885	struct fscrypt_name nm = { 0 };
    886	struct ubifs_dent_node *dent;
    887	union ubifs_key key;
    888	int err;
    889
    890	lowest_dent_key(c, &key, dir->i_ino);
    891	dent = ubifs_tnc_next_ent(c, &key, &nm);
    892	if (IS_ERR(dent)) {
    893		err = PTR_ERR(dent);
    894		if (err == -ENOENT)
    895			err = 0;
    896	} else {
    897		kfree(dent);
    898		err = -ENOTEMPTY;
    899	}
    900	return err;
    901}
    902
    903static int ubifs_rmdir(struct inode *dir, struct dentry *dentry)
    904{
    905	struct ubifs_info *c = dir->i_sb->s_fs_info;
    906	struct inode *inode = d_inode(dentry);
    907	int err, sz_change, budgeted = 1;
    908	struct ubifs_inode *dir_ui = ubifs_inode(dir);
    909	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
    910	struct fscrypt_name nm;
    911
    912	/*
    913	 * Budget request settings: deletion direntry, deletion inode and
    914	 * changing the parent inode. If budgeting fails, go ahead anyway
    915	 * because we have extra space reserved for deletions.
    916	 */
    917
    918	dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry,
    919		inode->i_ino, dir->i_ino);
    920	ubifs_assert(c, inode_is_locked(dir));
    921	ubifs_assert(c, inode_is_locked(inode));
    922	err = ubifs_check_dir_empty(d_inode(dentry));
    923	if (err)
    924		return err;
    925
    926	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
    927	if (err)
    928		return err;
    929
    930	err = ubifs_purge_xattrs(inode);
    931	if (err)
    932		return err;
    933
    934	sz_change = CALC_DENT_SIZE(fname_len(&nm));
    935
    936	err = ubifs_budget_space(c, &req);
    937	if (err) {
    938		if (err != -ENOSPC)
    939			goto out_fname;
    940		budgeted = 0;
    941	}
    942
    943	lock_2_inodes(dir, inode);
    944	inode->i_ctime = current_time(dir);
    945	clear_nlink(inode);
    946	drop_nlink(dir);
    947	dir->i_size -= sz_change;
    948	dir_ui->ui_size = dir->i_size;
    949	dir->i_mtime = dir->i_ctime = inode->i_ctime;
    950	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
    951	if (err)
    952		goto out_cancel;
    953	unlock_2_inodes(dir, inode);
    954
    955	if (budgeted)
    956		ubifs_release_budget(c, &req);
    957	else {
    958		/* We've deleted something - clean the "no space" flags */
    959		c->bi.nospace = c->bi.nospace_rp = 0;
    960		smp_wmb();
    961	}
    962	fscrypt_free_filename(&nm);
    963	return 0;
    964
    965out_cancel:
    966	dir->i_size += sz_change;
    967	dir_ui->ui_size = dir->i_size;
    968	inc_nlink(dir);
    969	set_nlink(inode, 2);
    970	unlock_2_inodes(dir, inode);
    971	if (budgeted)
    972		ubifs_release_budget(c, &req);
    973out_fname:
    974	fscrypt_free_filename(&nm);
    975	return err;
    976}
    977
    978static int ubifs_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
    979		       struct dentry *dentry, umode_t mode)
    980{
    981	struct inode *inode;
    982	struct ubifs_inode *dir_ui = ubifs_inode(dir);
    983	struct ubifs_info *c = dir->i_sb->s_fs_info;
    984	int err, sz_change;
    985	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
    986					.dirtied_ino = 1};
    987	struct fscrypt_name nm;
    988
    989	/*
    990	 * Budget request settings: new inode, new direntry and changing parent
    991	 * directory inode.
    992	 */
    993
    994	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
    995		dentry, mode, dir->i_ino);
    996
    997	err = ubifs_budget_space(c, &req);
    998	if (err)
    999		return err;
   1000
   1001	err = ubifs_prepare_create(dir, dentry, &nm);
   1002	if (err)
   1003		goto out_budg;
   1004
   1005	sz_change = CALC_DENT_SIZE(fname_len(&nm));
   1006
   1007	inode = ubifs_new_inode(c, dir, S_IFDIR | mode);
   1008	if (IS_ERR(inode)) {
   1009		err = PTR_ERR(inode);
   1010		goto out_fname;
   1011	}
   1012
   1013	err = ubifs_init_security(dir, inode, &dentry->d_name);
   1014	if (err)
   1015		goto out_inode;
   1016
   1017	mutex_lock(&dir_ui->ui_mutex);
   1018	insert_inode_hash(inode);
   1019	inc_nlink(inode);
   1020	inc_nlink(dir);
   1021	dir->i_size += sz_change;
   1022	dir_ui->ui_size = dir->i_size;
   1023	dir->i_mtime = dir->i_ctime = inode->i_ctime;
   1024	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
   1025	if (err) {
   1026		ubifs_err(c, "cannot create directory, error %d", err);
   1027		goto out_cancel;
   1028	}
   1029	mutex_unlock(&dir_ui->ui_mutex);
   1030
   1031	ubifs_release_budget(c, &req);
   1032	d_instantiate(dentry, inode);
   1033	fscrypt_free_filename(&nm);
   1034	return 0;
   1035
   1036out_cancel:
   1037	dir->i_size -= sz_change;
   1038	dir_ui->ui_size = dir->i_size;
   1039	drop_nlink(dir);
   1040	mutex_unlock(&dir_ui->ui_mutex);
   1041out_inode:
   1042	make_bad_inode(inode);
   1043	iput(inode);
   1044out_fname:
   1045	fscrypt_free_filename(&nm);
   1046out_budg:
   1047	ubifs_release_budget(c, &req);
   1048	return err;
   1049}
   1050
   1051static int ubifs_mknod(struct user_namespace *mnt_userns, struct inode *dir,
   1052		       struct dentry *dentry, umode_t mode, dev_t rdev)
   1053{
   1054	struct inode *inode;
   1055	struct ubifs_inode *ui;
   1056	struct ubifs_inode *dir_ui = ubifs_inode(dir);
   1057	struct ubifs_info *c = dir->i_sb->s_fs_info;
   1058	union ubifs_dev_desc *dev = NULL;
   1059	int sz_change;
   1060	int err, devlen = 0;
   1061	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
   1062					.dirtied_ino = 1 };
   1063	struct fscrypt_name nm;
   1064
   1065	/*
   1066	 * Budget request settings: new inode, new direntry and changing parent
   1067	 * directory inode.
   1068	 */
   1069
   1070	dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino);
   1071
   1072	if (S_ISBLK(mode) || S_ISCHR(mode)) {
   1073		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
   1074		if (!dev)
   1075			return -ENOMEM;
   1076		devlen = ubifs_encode_dev(dev, rdev);
   1077	}
   1078
   1079	req.new_ino_d = ALIGN(devlen, 8);
   1080	err = ubifs_budget_space(c, &req);
   1081	if (err) {
   1082		kfree(dev);
   1083		return err;
   1084	}
   1085
   1086	err = ubifs_prepare_create(dir, dentry, &nm);
   1087	if (err) {
   1088		kfree(dev);
   1089		goto out_budg;
   1090	}
   1091
   1092	sz_change = CALC_DENT_SIZE(fname_len(&nm));
   1093
   1094	inode = ubifs_new_inode(c, dir, mode);
   1095	if (IS_ERR(inode)) {
   1096		kfree(dev);
   1097		err = PTR_ERR(inode);
   1098		goto out_fname;
   1099	}
   1100
   1101	init_special_inode(inode, inode->i_mode, rdev);
   1102	inode->i_size = ubifs_inode(inode)->ui_size = devlen;
   1103	ui = ubifs_inode(inode);
   1104	ui->data = dev;
   1105	ui->data_len = devlen;
   1106
   1107	err = ubifs_init_security(dir, inode, &dentry->d_name);
   1108	if (err)
   1109		goto out_inode;
   1110
   1111	mutex_lock(&dir_ui->ui_mutex);
   1112	dir->i_size += sz_change;
   1113	dir_ui->ui_size = dir->i_size;
   1114	dir->i_mtime = dir->i_ctime = inode->i_ctime;
   1115	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
   1116	if (err)
   1117		goto out_cancel;
   1118	mutex_unlock(&dir_ui->ui_mutex);
   1119
   1120	ubifs_release_budget(c, &req);
   1121	insert_inode_hash(inode);
   1122	d_instantiate(dentry, inode);
   1123	fscrypt_free_filename(&nm);
   1124	return 0;
   1125
   1126out_cancel:
   1127	dir->i_size -= sz_change;
   1128	dir_ui->ui_size = dir->i_size;
   1129	mutex_unlock(&dir_ui->ui_mutex);
   1130out_inode:
   1131	make_bad_inode(inode);
   1132	iput(inode);
   1133out_fname:
   1134	fscrypt_free_filename(&nm);
   1135out_budg:
   1136	ubifs_release_budget(c, &req);
   1137	return err;
   1138}
   1139
   1140static int ubifs_symlink(struct user_namespace *mnt_userns, struct inode *dir,
   1141			 struct dentry *dentry, const char *symname)
   1142{
   1143	struct inode *inode;
   1144	struct ubifs_inode *ui;
   1145	struct ubifs_inode *dir_ui = ubifs_inode(dir);
   1146	struct ubifs_info *c = dir->i_sb->s_fs_info;
   1147	int err, sz_change, len = strlen(symname);
   1148	struct fscrypt_str disk_link;
   1149	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
   1150					.new_ino_d = ALIGN(len, 8),
   1151					.dirtied_ino = 1 };
   1152	struct fscrypt_name nm;
   1153
   1154	dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry,
   1155		symname, dir->i_ino);
   1156
   1157	err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA,
   1158				      &disk_link);
   1159	if (err)
   1160		return err;
   1161
   1162	/*
   1163	 * Budget request settings: new inode, new direntry and changing parent
   1164	 * directory inode.
   1165	 */
   1166	err = ubifs_budget_space(c, &req);
   1167	if (err)
   1168		return err;
   1169
   1170	err = ubifs_prepare_create(dir, dentry, &nm);
   1171	if (err)
   1172		goto out_budg;
   1173
   1174	sz_change = CALC_DENT_SIZE(fname_len(&nm));
   1175
   1176	inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO);
   1177	if (IS_ERR(inode)) {
   1178		err = PTR_ERR(inode);
   1179		goto out_fname;
   1180	}
   1181
   1182	ui = ubifs_inode(inode);
   1183	ui->data = kmalloc(disk_link.len, GFP_NOFS);
   1184	if (!ui->data) {
   1185		err = -ENOMEM;
   1186		goto out_inode;
   1187	}
   1188
   1189	if (IS_ENCRYPTED(inode)) {
   1190		disk_link.name = ui->data; /* encrypt directly into ui->data */
   1191		err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link);
   1192		if (err)
   1193			goto out_inode;
   1194	} else {
   1195		memcpy(ui->data, disk_link.name, disk_link.len);
   1196		inode->i_link = ui->data;
   1197	}
   1198
   1199	/*
   1200	 * The terminating zero byte is not written to the flash media and it
   1201	 * is put just to make later in-memory string processing simpler. Thus,
   1202	 * data length is @disk_link.len - 1, not @disk_link.len.
   1203	 */
   1204	ui->data_len = disk_link.len - 1;
   1205	inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
   1206
   1207	err = ubifs_init_security(dir, inode, &dentry->d_name);
   1208	if (err)
   1209		goto out_inode;
   1210
   1211	mutex_lock(&dir_ui->ui_mutex);
   1212	dir->i_size += sz_change;
   1213	dir_ui->ui_size = dir->i_size;
   1214	dir->i_mtime = dir->i_ctime = inode->i_ctime;
   1215	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
   1216	if (err)
   1217		goto out_cancel;
   1218	mutex_unlock(&dir_ui->ui_mutex);
   1219
   1220	insert_inode_hash(inode);
   1221	d_instantiate(dentry, inode);
   1222	err = 0;
   1223	goto out_fname;
   1224
   1225out_cancel:
   1226	dir->i_size -= sz_change;
   1227	dir_ui->ui_size = dir->i_size;
   1228	mutex_unlock(&dir_ui->ui_mutex);
   1229out_inode:
   1230	make_bad_inode(inode);
   1231	iput(inode);
   1232out_fname:
   1233	fscrypt_free_filename(&nm);
   1234out_budg:
   1235	ubifs_release_budget(c, &req);
   1236	return err;
   1237}
   1238
   1239/**
   1240 * lock_4_inodes - a wrapper for locking three UBIFS inodes.
   1241 * @inode1: first inode
   1242 * @inode2: second inode
   1243 * @inode3: third inode
   1244 * @inode4: fourth inode
   1245 *
   1246 * This function is used for 'ubifs_rename()' and @inode1 may be the same as
   1247 * @inode2 whereas @inode3 and @inode4 may be %NULL.
   1248 *
   1249 * We do not implement any tricks to guarantee strict lock ordering, because
   1250 * VFS has already done it for us on the @i_mutex. So this is just a simple
   1251 * wrapper function.
   1252 */
   1253static void lock_4_inodes(struct inode *inode1, struct inode *inode2,
   1254			  struct inode *inode3, struct inode *inode4)
   1255{
   1256	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
   1257	if (inode2 != inode1)
   1258		mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
   1259	if (inode3)
   1260		mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3);
   1261	if (inode4)
   1262		mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4);
   1263}
   1264
   1265/**
   1266 * unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename.
   1267 * @inode1: first inode
   1268 * @inode2: second inode
   1269 * @inode3: third inode
   1270 * @inode4: fourth inode
   1271 */
   1272static void unlock_4_inodes(struct inode *inode1, struct inode *inode2,
   1273			    struct inode *inode3, struct inode *inode4)
   1274{
   1275	if (inode4)
   1276		mutex_unlock(&ubifs_inode(inode4)->ui_mutex);
   1277	if (inode3)
   1278		mutex_unlock(&ubifs_inode(inode3)->ui_mutex);
   1279	if (inode1 != inode2)
   1280		mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
   1281	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
   1282}
   1283
   1284static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
   1285		     struct inode *new_dir, struct dentry *new_dentry,
   1286		     unsigned int flags)
   1287{
   1288	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
   1289	struct inode *old_inode = d_inode(old_dentry);
   1290	struct inode *new_inode = d_inode(new_dentry);
   1291	struct inode *whiteout = NULL;
   1292	struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode);
   1293	struct ubifs_inode *whiteout_ui = NULL;
   1294	int err, release, sync = 0, move = (new_dir != old_dir);
   1295	int is_dir = S_ISDIR(old_inode->i_mode);
   1296	int unlink = !!new_inode, new_sz, old_sz;
   1297	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
   1298					.dirtied_ino = 3 };
   1299	struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
   1300			.dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
   1301	struct ubifs_budget_req wht_req;
   1302	struct timespec64 time;
   1303	unsigned int saved_nlink;
   1304	struct fscrypt_name old_nm, new_nm;
   1305
   1306	/*
   1307	 * Budget request settings:
   1308	 *   req: deletion direntry, new direntry, removing the old inode,
   1309	 *   and changing old and new parent directory inodes.
   1310	 *
   1311	 *   wht_req: new whiteout inode for RENAME_WHITEOUT.
   1312	 *
   1313	 *   ino_req: marks the target inode as dirty and does not write it.
   1314	 */
   1315
   1316	dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
   1317		old_dentry, old_inode->i_ino, old_dir->i_ino,
   1318		new_dentry, new_dir->i_ino, flags);
   1319
   1320	if (unlink) {
   1321		ubifs_assert(c, inode_is_locked(new_inode));
   1322
   1323		err = ubifs_purge_xattrs(new_inode);
   1324		if (err)
   1325			return err;
   1326	}
   1327
   1328	if (unlink && is_dir) {
   1329		err = ubifs_check_dir_empty(new_inode);
   1330		if (err)
   1331			return err;
   1332	}
   1333
   1334	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm);
   1335	if (err)
   1336		return err;
   1337
   1338	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm);
   1339	if (err) {
   1340		fscrypt_free_filename(&old_nm);
   1341		return err;
   1342	}
   1343
   1344	new_sz = CALC_DENT_SIZE(fname_len(&new_nm));
   1345	old_sz = CALC_DENT_SIZE(fname_len(&old_nm));
   1346
   1347	err = ubifs_budget_space(c, &req);
   1348	if (err) {
   1349		fscrypt_free_filename(&old_nm);
   1350		fscrypt_free_filename(&new_nm);
   1351		return err;
   1352	}
   1353	err = ubifs_budget_space(c, &ino_req);
   1354	if (err) {
   1355		fscrypt_free_filename(&old_nm);
   1356		fscrypt_free_filename(&new_nm);
   1357		ubifs_release_budget(c, &req);
   1358		return err;
   1359	}
   1360
   1361	if (flags & RENAME_WHITEOUT) {
   1362		union ubifs_dev_desc *dev = NULL;
   1363
   1364		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
   1365		if (!dev) {
   1366			err = -ENOMEM;
   1367			goto out_release;
   1368		}
   1369
   1370		/*
   1371		 * The whiteout inode without dentry is pinned in memory,
   1372		 * umount won't happen during rename process because we
   1373		 * got parent dentry.
   1374		 */
   1375		whiteout = create_whiteout(old_dir, old_dentry);
   1376		if (IS_ERR(whiteout)) {
   1377			err = PTR_ERR(whiteout);
   1378			kfree(dev);
   1379			goto out_release;
   1380		}
   1381
   1382		whiteout_ui = ubifs_inode(whiteout);
   1383		whiteout_ui->data = dev;
   1384		whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
   1385		ubifs_assert(c, !whiteout_ui->dirty);
   1386
   1387		memset(&wht_req, 0, sizeof(struct ubifs_budget_req));
   1388		wht_req.new_ino = 1;
   1389		wht_req.new_ino_d = ALIGN(whiteout_ui->data_len, 8);
   1390		/*
   1391		 * To avoid deadlock between space budget (holds ui_mutex and
   1392		 * waits wb work) and writeback work(waits ui_mutex), do space
   1393		 * budget before ubifs inodes locked.
   1394		 */
   1395		err = ubifs_budget_space(c, &wht_req);
   1396		if (err) {
   1397			/*
   1398			 * Whiteout inode can not be written on flash by
   1399			 * ubifs_jnl_write_inode(), because it's neither
   1400			 * dirty nor zero-nlink.
   1401			 */
   1402			iput(whiteout);
   1403			goto out_release;
   1404		}
   1405
   1406		/* Add the old_dentry size to the old_dir size. */
   1407		old_sz -= CALC_DENT_SIZE(fname_len(&old_nm));
   1408	}
   1409
   1410	lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
   1411
   1412	/*
   1413	 * Like most other Unix systems, set the @i_ctime for inodes on a
   1414	 * rename.
   1415	 */
   1416	time = current_time(old_dir);
   1417	old_inode->i_ctime = time;
   1418
   1419	/* We must adjust parent link count when renaming directories */
   1420	if (is_dir) {
   1421		if (move) {
   1422			/*
   1423			 * @old_dir loses a link because we are moving
   1424			 * @old_inode to a different directory.
   1425			 */
   1426			drop_nlink(old_dir);
   1427			/*
   1428			 * @new_dir only gains a link if we are not also
   1429			 * overwriting an existing directory.
   1430			 */
   1431			if (!unlink)
   1432				inc_nlink(new_dir);
   1433		} else {
   1434			/*
   1435			 * @old_inode is not moving to a different directory,
   1436			 * but @old_dir still loses a link if we are
   1437			 * overwriting an existing directory.
   1438			 */
   1439			if (unlink)
   1440				drop_nlink(old_dir);
   1441		}
   1442	}
   1443
   1444	old_dir->i_size -= old_sz;
   1445	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
   1446	old_dir->i_mtime = old_dir->i_ctime = time;
   1447	new_dir->i_mtime = new_dir->i_ctime = time;
   1448
   1449	/*
   1450	 * And finally, if we unlinked a direntry which happened to have the
   1451	 * same name as the moved direntry, we have to decrement @i_nlink of
   1452	 * the unlinked inode and change its ctime.
   1453	 */
   1454	if (unlink) {
   1455		/*
   1456		 * Directories cannot have hard-links, so if this is a
   1457		 * directory, just clear @i_nlink.
   1458		 */
   1459		saved_nlink = new_inode->i_nlink;
   1460		if (is_dir)
   1461			clear_nlink(new_inode);
   1462		else
   1463			drop_nlink(new_inode);
   1464		new_inode->i_ctime = time;
   1465	} else {
   1466		new_dir->i_size += new_sz;
   1467		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
   1468	}
   1469
   1470	/*
   1471	 * Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode
   1472	 * is dirty, because this will be done later on at the end of
   1473	 * 'ubifs_rename()'.
   1474	 */
   1475	if (IS_SYNC(old_inode)) {
   1476		sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
   1477		if (unlink && IS_SYNC(new_inode))
   1478			sync = 1;
   1479		/*
   1480		 * S_SYNC flag of whiteout inherits from the old_dir, and we
   1481		 * have already checked the old dir inode. So there is no need
   1482		 * to check whiteout.
   1483		 */
   1484	}
   1485
   1486	err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
   1487			       new_inode, &new_nm, whiteout, sync);
   1488	if (err)
   1489		goto out_cancel;
   1490
   1491	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
   1492	ubifs_release_budget(c, &req);
   1493
   1494	if (whiteout) {
   1495		ubifs_release_budget(c, &wht_req);
   1496		iput(whiteout);
   1497	}
   1498
   1499	mutex_lock(&old_inode_ui->ui_mutex);
   1500	release = old_inode_ui->dirty;
   1501	mark_inode_dirty_sync(old_inode);
   1502	mutex_unlock(&old_inode_ui->ui_mutex);
   1503
   1504	if (release)
   1505		ubifs_release_budget(c, &ino_req);
   1506	if (IS_SYNC(old_inode))
   1507		/*
   1508		 * Rename finished here. Although old inode cannot be updated
   1509		 * on flash, old ctime is not a big problem, don't return err
   1510		 * code to userspace.
   1511		 */
   1512		old_inode->i_sb->s_op->write_inode(old_inode, NULL);
   1513
   1514	fscrypt_free_filename(&old_nm);
   1515	fscrypt_free_filename(&new_nm);
   1516	return 0;
   1517
   1518out_cancel:
   1519	if (unlink) {
   1520		set_nlink(new_inode, saved_nlink);
   1521	} else {
   1522		new_dir->i_size -= new_sz;
   1523		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
   1524	}
   1525	old_dir->i_size += old_sz;
   1526	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
   1527	if (is_dir) {
   1528		if (move) {
   1529			inc_nlink(old_dir);
   1530			if (!unlink)
   1531				drop_nlink(new_dir);
   1532		} else {
   1533			if (unlink)
   1534				inc_nlink(old_dir);
   1535		}
   1536	}
   1537	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
   1538	if (whiteout) {
   1539		ubifs_release_budget(c, &wht_req);
   1540		iput(whiteout);
   1541	}
   1542out_release:
   1543	ubifs_release_budget(c, &ino_req);
   1544	ubifs_release_budget(c, &req);
   1545	fscrypt_free_filename(&old_nm);
   1546	fscrypt_free_filename(&new_nm);
   1547	return err;
   1548}
   1549
   1550static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry,
   1551			struct inode *new_dir, struct dentry *new_dentry)
   1552{
   1553	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
   1554	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
   1555				.dirtied_ino = 2 };
   1556	int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
   1557	struct inode *fst_inode = d_inode(old_dentry);
   1558	struct inode *snd_inode = d_inode(new_dentry);
   1559	struct timespec64 time;
   1560	int err;
   1561	struct fscrypt_name fst_nm, snd_nm;
   1562
   1563	ubifs_assert(c, fst_inode && snd_inode);
   1564
   1565	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm);
   1566	if (err)
   1567		return err;
   1568
   1569	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm);
   1570	if (err) {
   1571		fscrypt_free_filename(&fst_nm);
   1572		return err;
   1573	}
   1574
   1575	lock_4_inodes(old_dir, new_dir, NULL, NULL);
   1576
   1577	time = current_time(old_dir);
   1578	fst_inode->i_ctime = time;
   1579	snd_inode->i_ctime = time;
   1580	old_dir->i_mtime = old_dir->i_ctime = time;
   1581	new_dir->i_mtime = new_dir->i_ctime = time;
   1582
   1583	if (old_dir != new_dir) {
   1584		if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) {
   1585			inc_nlink(new_dir);
   1586			drop_nlink(old_dir);
   1587		}
   1588		else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) {
   1589			drop_nlink(new_dir);
   1590			inc_nlink(old_dir);
   1591		}
   1592	}
   1593
   1594	err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir,
   1595				snd_inode, &snd_nm, sync);
   1596
   1597	unlock_4_inodes(old_dir, new_dir, NULL, NULL);
   1598	ubifs_release_budget(c, &req);
   1599
   1600	fscrypt_free_filename(&fst_nm);
   1601	fscrypt_free_filename(&snd_nm);
   1602	return err;
   1603}
   1604
   1605static int ubifs_rename(struct user_namespace *mnt_userns,
   1606			struct inode *old_dir, struct dentry *old_dentry,
   1607			struct inode *new_dir, struct dentry *new_dentry,
   1608			unsigned int flags)
   1609{
   1610	int err;
   1611	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
   1612
   1613	if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE))
   1614		return -EINVAL;
   1615
   1616	ubifs_assert(c, inode_is_locked(old_dir));
   1617	ubifs_assert(c, inode_is_locked(new_dir));
   1618
   1619	err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
   1620				     flags);
   1621	if (err)
   1622		return err;
   1623
   1624	if (flags & RENAME_EXCHANGE)
   1625		return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry);
   1626
   1627	return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
   1628}
   1629
   1630int ubifs_getattr(struct user_namespace *mnt_userns, const struct path *path,
   1631		  struct kstat *stat, u32 request_mask, unsigned int flags)
   1632{
   1633	loff_t size;
   1634	struct inode *inode = d_inode(path->dentry);
   1635	struct ubifs_inode *ui = ubifs_inode(inode);
   1636
   1637	mutex_lock(&ui->ui_mutex);
   1638
   1639	if (ui->flags & UBIFS_APPEND_FL)
   1640		stat->attributes |= STATX_ATTR_APPEND;
   1641	if (ui->flags & UBIFS_COMPR_FL)
   1642		stat->attributes |= STATX_ATTR_COMPRESSED;
   1643	if (ui->flags & UBIFS_CRYPT_FL)
   1644		stat->attributes |= STATX_ATTR_ENCRYPTED;
   1645	if (ui->flags & UBIFS_IMMUTABLE_FL)
   1646		stat->attributes |= STATX_ATTR_IMMUTABLE;
   1647
   1648	stat->attributes_mask |= (STATX_ATTR_APPEND |
   1649				STATX_ATTR_COMPRESSED |
   1650				STATX_ATTR_ENCRYPTED |
   1651				STATX_ATTR_IMMUTABLE);
   1652
   1653	generic_fillattr(&init_user_ns, inode, stat);
   1654	stat->blksize = UBIFS_BLOCK_SIZE;
   1655	stat->size = ui->ui_size;
   1656
   1657	/*
   1658	 * Unfortunately, the 'stat()' system call was designed for block
   1659	 * device based file systems, and it is not appropriate for UBIFS,
   1660	 * because UBIFS does not have notion of "block". For example, it is
   1661	 * difficult to tell how many block a directory takes - it actually
   1662	 * takes less than 300 bytes, but we have to round it to block size,
   1663	 * which introduces large mistake. This makes utilities like 'du' to
   1664	 * report completely senseless numbers. This is the reason why UBIFS
   1665	 * goes the same way as JFFS2 - it reports zero blocks for everything
   1666	 * but regular files, which makes more sense than reporting completely
   1667	 * wrong sizes.
   1668	 */
   1669	if (S_ISREG(inode->i_mode)) {
   1670		size = ui->xattr_size;
   1671		size += stat->size;
   1672		size = ALIGN(size, UBIFS_BLOCK_SIZE);
   1673		/*
   1674		 * Note, user-space expects 512-byte blocks count irrespectively
   1675		 * of what was reported in @stat->size.
   1676		 */
   1677		stat->blocks = size >> 9;
   1678	} else
   1679		stat->blocks = 0;
   1680	mutex_unlock(&ui->ui_mutex);
   1681	return 0;
   1682}
   1683
   1684const struct inode_operations ubifs_dir_inode_operations = {
   1685	.lookup      = ubifs_lookup,
   1686	.create      = ubifs_create,
   1687	.link        = ubifs_link,
   1688	.symlink     = ubifs_symlink,
   1689	.unlink      = ubifs_unlink,
   1690	.mkdir       = ubifs_mkdir,
   1691	.rmdir       = ubifs_rmdir,
   1692	.mknod       = ubifs_mknod,
   1693	.rename      = ubifs_rename,
   1694	.setattr     = ubifs_setattr,
   1695	.getattr     = ubifs_getattr,
   1696	.listxattr   = ubifs_listxattr,
   1697	.update_time = ubifs_update_time,
   1698	.tmpfile     = ubifs_tmpfile,
   1699	.fileattr_get = ubifs_fileattr_get,
   1700	.fileattr_set = ubifs_fileattr_set,
   1701};
   1702
   1703const struct file_operations ubifs_dir_operations = {
   1704	.llseek         = generic_file_llseek,
   1705	.release        = ubifs_dir_release,
   1706	.read           = generic_read_dir,
   1707	.iterate_shared = ubifs_readdir,
   1708	.fsync          = ubifs_fsync,
   1709	.unlocked_ioctl = ubifs_ioctl,
   1710#ifdef CONFIG_COMPAT
   1711	.compat_ioctl   = ubifs_compat_ioctl,
   1712#endif
   1713};