dir.c (44936B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* * This file is part of UBIFS. 3 * 4 * Copyright (C) 2006-2008 Nokia Corporation. 5 * Copyright (C) 2006, 2007 University of Szeged, Hungary 6 * 7 * Authors: Artem Bityutskiy (Битюцкий Артём) 8 * Adrian Hunter 9 * Zoltan Sogor 10 */ 11 12/* 13 * This file implements directory operations. 14 * 15 * All FS operations in this file allocate budget before writing anything to the 16 * media. If they fail to allocate it, the error is returned. The only 17 * exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even 18 * if they unable to allocate the budget, because deletion %-ENOSPC failure is 19 * not what users are usually ready to get. UBIFS budgeting subsystem has some 20 * space reserved for these purposes. 21 * 22 * All operations in this file write all inodes which they change straight 23 * away, instead of marking them dirty. For example, 'ubifs_link()' changes 24 * @i_size of the parent inode and writes the parent inode together with the 25 * target inode. This was done to simplify file-system recovery which would 26 * otherwise be very difficult to do. The only exception is rename which marks 27 * the re-named inode dirty (because its @i_ctime is updated) but does not 28 * write it, but just marks it as dirty. 29 */ 30 31#include "ubifs.h" 32 33/** 34 * inherit_flags - inherit flags of the parent inode. 35 * @dir: parent inode 36 * @mode: new inode mode flags 37 * 38 * This is a helper function for 'ubifs_new_inode()' which inherits flag of the 39 * parent directory inode @dir. UBIFS inodes inherit the following flags: 40 * o %UBIFS_COMPR_FL, which is useful to switch compression on/of on 41 * sub-directory basis; 42 * o %UBIFS_SYNC_FL - useful for the same reasons; 43 * o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories. 44 * 45 * This function returns the inherited flags. 46 */ 47static int inherit_flags(const struct inode *dir, umode_t mode) 48{ 49 int flags; 50 const struct ubifs_inode *ui = ubifs_inode(dir); 51 52 if (!S_ISDIR(dir->i_mode)) 53 /* 54 * The parent is not a directory, which means that an extended 55 * attribute inode is being created. No flags. 56 */ 57 return 0; 58 59 flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL); 60 if (!S_ISDIR(mode)) 61 /* The "DIRSYNC" flag only applies to directories */ 62 flags &= ~UBIFS_DIRSYNC_FL; 63 return flags; 64} 65 66/** 67 * ubifs_new_inode - allocate new UBIFS inode object. 68 * @c: UBIFS file-system description object 69 * @dir: parent directory inode 70 * @mode: inode mode flags 71 * 72 * This function finds an unused inode number, allocates new inode and 73 * initializes it. Returns new inode in case of success and an error code in 74 * case of failure. 75 */ 76struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir, 77 umode_t mode) 78{ 79 int err; 80 struct inode *inode; 81 struct ubifs_inode *ui; 82 bool encrypted = false; 83 84 inode = new_inode(c->vfs_sb); 85 ui = ubifs_inode(inode); 86 if (!inode) 87 return ERR_PTR(-ENOMEM); 88 89 /* 90 * Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and 91 * marking them dirty in file write path (see 'file_update_time()'). 92 * UBIFS has to fully control "clean <-> dirty" transitions of inodes 93 * to make budgeting work. 94 */ 95 inode->i_flags |= S_NOCMTIME; 96 97 inode_init_owner(&init_user_ns, inode, dir, mode); 98 inode->i_mtime = inode->i_atime = inode->i_ctime = 99 current_time(inode); 100 inode->i_mapping->nrpages = 0; 101 102 err = fscrypt_prepare_new_inode(dir, inode, &encrypted); 103 if (err) { 104 ubifs_err(c, "fscrypt_prepare_new_inode failed: %i", err); 105 goto out_iput; 106 } 107 108 switch (mode & S_IFMT) { 109 case S_IFREG: 110 inode->i_mapping->a_ops = &ubifs_file_address_operations; 111 inode->i_op = &ubifs_file_inode_operations; 112 inode->i_fop = &ubifs_file_operations; 113 break; 114 case S_IFDIR: 115 inode->i_op = &ubifs_dir_inode_operations; 116 inode->i_fop = &ubifs_dir_operations; 117 inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ; 118 break; 119 case S_IFLNK: 120 inode->i_op = &ubifs_symlink_inode_operations; 121 break; 122 case S_IFSOCK: 123 case S_IFIFO: 124 case S_IFBLK: 125 case S_IFCHR: 126 inode->i_op = &ubifs_file_inode_operations; 127 break; 128 default: 129 BUG(); 130 } 131 132 ui->flags = inherit_flags(dir, mode); 133 ubifs_set_inode_flags(inode); 134 if (S_ISREG(mode)) 135 ui->compr_type = c->default_compr; 136 else 137 ui->compr_type = UBIFS_COMPR_NONE; 138 ui->synced_i_size = 0; 139 140 spin_lock(&c->cnt_lock); 141 /* Inode number overflow is currently not supported */ 142 if (c->highest_inum >= INUM_WARN_WATERMARK) { 143 if (c->highest_inum >= INUM_WATERMARK) { 144 spin_unlock(&c->cnt_lock); 145 ubifs_err(c, "out of inode numbers"); 146 err = -EINVAL; 147 goto out_iput; 148 } 149 ubifs_warn(c, "running out of inode numbers (current %lu, max %u)", 150 (unsigned long)c->highest_inum, INUM_WATERMARK); 151 } 152 153 inode->i_ino = ++c->highest_inum; 154 /* 155 * The creation sequence number remains with this inode for its 156 * lifetime. All nodes for this inode have a greater sequence number, 157 * and so it is possible to distinguish obsolete nodes belonging to a 158 * previous incarnation of the same inode number - for example, for the 159 * purpose of rebuilding the index. 160 */ 161 ui->creat_sqnum = ++c->max_sqnum; 162 spin_unlock(&c->cnt_lock); 163 164 if (encrypted) { 165 err = fscrypt_set_context(inode, NULL); 166 if (err) { 167 ubifs_err(c, "fscrypt_set_context failed: %i", err); 168 goto out_iput; 169 } 170 } 171 172 return inode; 173 174out_iput: 175 make_bad_inode(inode); 176 iput(inode); 177 return ERR_PTR(err); 178} 179 180static int dbg_check_name(const struct ubifs_info *c, 181 const struct ubifs_dent_node *dent, 182 const struct fscrypt_name *nm) 183{ 184 if (!dbg_is_chk_gen(c)) 185 return 0; 186 if (le16_to_cpu(dent->nlen) != fname_len(nm)) 187 return -EINVAL; 188 if (memcmp(dent->name, fname_name(nm), fname_len(nm))) 189 return -EINVAL; 190 return 0; 191} 192 193static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry, 194 unsigned int flags) 195{ 196 int err; 197 union ubifs_key key; 198 struct inode *inode = NULL; 199 struct ubifs_dent_node *dent = NULL; 200 struct ubifs_info *c = dir->i_sb->s_fs_info; 201 struct fscrypt_name nm; 202 203 dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino); 204 205 err = fscrypt_prepare_lookup(dir, dentry, &nm); 206 generic_set_encrypted_ci_d_ops(dentry); 207 if (err == -ENOENT) 208 return d_splice_alias(NULL, dentry); 209 if (err) 210 return ERR_PTR(err); 211 212 if (fname_len(&nm) > UBIFS_MAX_NLEN) { 213 inode = ERR_PTR(-ENAMETOOLONG); 214 goto done; 215 } 216 217 dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS); 218 if (!dent) { 219 inode = ERR_PTR(-ENOMEM); 220 goto done; 221 } 222 223 if (fname_name(&nm) == NULL) { 224 if (nm.hash & ~UBIFS_S_KEY_HASH_MASK) 225 goto done; /* ENOENT */ 226 dent_key_init_hash(c, &key, dir->i_ino, nm.hash); 227 err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash); 228 } else { 229 dent_key_init(c, &key, dir->i_ino, &nm); 230 err = ubifs_tnc_lookup_nm(c, &key, dent, &nm); 231 } 232 233 if (err) { 234 if (err == -ENOENT) 235 dbg_gen("not found"); 236 else 237 inode = ERR_PTR(err); 238 goto done; 239 } 240 241 if (dbg_check_name(c, dent, &nm)) { 242 inode = ERR_PTR(-EINVAL); 243 goto done; 244 } 245 246 inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum)); 247 if (IS_ERR(inode)) { 248 /* 249 * This should not happen. Probably the file-system needs 250 * checking. 251 */ 252 err = PTR_ERR(inode); 253 ubifs_err(c, "dead directory entry '%pd', error %d", 254 dentry, err); 255 ubifs_ro_mode(c, err); 256 goto done; 257 } 258 259 if (IS_ENCRYPTED(dir) && 260 (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) && 261 !fscrypt_has_permitted_context(dir, inode)) { 262 ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu", 263 dir->i_ino, inode->i_ino); 264 iput(inode); 265 inode = ERR_PTR(-EPERM); 266 } 267 268done: 269 kfree(dent); 270 fscrypt_free_filename(&nm); 271 return d_splice_alias(inode, dentry); 272} 273 274static int ubifs_prepare_create(struct inode *dir, struct dentry *dentry, 275 struct fscrypt_name *nm) 276{ 277 if (fscrypt_is_nokey_name(dentry)) 278 return -ENOKEY; 279 280 return fscrypt_setup_filename(dir, &dentry->d_name, 0, nm); 281} 282 283static int ubifs_create(struct user_namespace *mnt_userns, struct inode *dir, 284 struct dentry *dentry, umode_t mode, bool excl) 285{ 286 struct inode *inode; 287 struct ubifs_info *c = dir->i_sb->s_fs_info; 288 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1, 289 .dirtied_ino = 1 }; 290 struct ubifs_inode *dir_ui = ubifs_inode(dir); 291 struct fscrypt_name nm; 292 int err, sz_change; 293 294 /* 295 * Budget request settings: new inode, new direntry, changing the 296 * parent directory inode. 297 */ 298 299 dbg_gen("dent '%pd', mode %#hx in dir ino %lu", 300 dentry, mode, dir->i_ino); 301 302 err = ubifs_budget_space(c, &req); 303 if (err) 304 return err; 305 306 err = ubifs_prepare_create(dir, dentry, &nm); 307 if (err) 308 goto out_budg; 309 310 sz_change = CALC_DENT_SIZE(fname_len(&nm)); 311 312 inode = ubifs_new_inode(c, dir, mode); 313 if (IS_ERR(inode)) { 314 err = PTR_ERR(inode); 315 goto out_fname; 316 } 317 318 err = ubifs_init_security(dir, inode, &dentry->d_name); 319 if (err) 320 goto out_inode; 321 322 mutex_lock(&dir_ui->ui_mutex); 323 dir->i_size += sz_change; 324 dir_ui->ui_size = dir->i_size; 325 dir->i_mtime = dir->i_ctime = inode->i_ctime; 326 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0); 327 if (err) 328 goto out_cancel; 329 mutex_unlock(&dir_ui->ui_mutex); 330 331 ubifs_release_budget(c, &req); 332 fscrypt_free_filename(&nm); 333 insert_inode_hash(inode); 334 d_instantiate(dentry, inode); 335 return 0; 336 337out_cancel: 338 dir->i_size -= sz_change; 339 dir_ui->ui_size = dir->i_size; 340 mutex_unlock(&dir_ui->ui_mutex); 341out_inode: 342 make_bad_inode(inode); 343 iput(inode); 344out_fname: 345 fscrypt_free_filename(&nm); 346out_budg: 347 ubifs_release_budget(c, &req); 348 ubifs_err(c, "cannot create regular file, error %d", err); 349 return err; 350} 351 352static struct inode *create_whiteout(struct inode *dir, struct dentry *dentry) 353{ 354 int err; 355 umode_t mode = S_IFCHR | WHITEOUT_MODE; 356 struct inode *inode; 357 struct ubifs_info *c = dir->i_sb->s_fs_info; 358 struct fscrypt_name nm; 359 360 /* 361 * Create an inode('nlink = 1') for whiteout without updating journal, 362 * let ubifs_jnl_rename() store it on flash to complete rename whiteout 363 * atomically. 364 */ 365 366 dbg_gen("dent '%pd', mode %#hx in dir ino %lu", 367 dentry, mode, dir->i_ino); 368 369 err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm); 370 if (err) 371 return ERR_PTR(err); 372 373 inode = ubifs_new_inode(c, dir, mode); 374 if (IS_ERR(inode)) { 375 err = PTR_ERR(inode); 376 goto out_free; 377 } 378 379 init_special_inode(inode, inode->i_mode, WHITEOUT_DEV); 380 ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations); 381 382 err = ubifs_init_security(dir, inode, &dentry->d_name); 383 if (err) 384 goto out_inode; 385 386 /* The dir size is updated by do_rename. */ 387 insert_inode_hash(inode); 388 389 return inode; 390 391out_inode: 392 make_bad_inode(inode); 393 iput(inode); 394out_free: 395 fscrypt_free_filename(&nm); 396 ubifs_err(c, "cannot create whiteout file, error %d", err); 397 return ERR_PTR(err); 398} 399 400/** 401 * lock_2_inodes - a wrapper for locking two UBIFS inodes. 402 * @inode1: first inode 403 * @inode2: second inode 404 * 405 * We do not implement any tricks to guarantee strict lock ordering, because 406 * VFS has already done it for us on the @i_mutex. So this is just a simple 407 * wrapper function. 408 */ 409static void lock_2_inodes(struct inode *inode1, struct inode *inode2) 410{ 411 mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1); 412 mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2); 413} 414 415/** 416 * unlock_2_inodes - a wrapper for unlocking two UBIFS inodes. 417 * @inode1: first inode 418 * @inode2: second inode 419 */ 420static void unlock_2_inodes(struct inode *inode1, struct inode *inode2) 421{ 422 mutex_unlock(&ubifs_inode(inode2)->ui_mutex); 423 mutex_unlock(&ubifs_inode(inode1)->ui_mutex); 424} 425 426static int ubifs_tmpfile(struct user_namespace *mnt_userns, struct inode *dir, 427 struct dentry *dentry, umode_t mode) 428{ 429 struct inode *inode; 430 struct ubifs_info *c = dir->i_sb->s_fs_info; 431 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1, 432 .dirtied_ino = 1}; 433 struct ubifs_budget_req ino_req = { .dirtied_ino = 1 }; 434 struct ubifs_inode *ui; 435 int err, instantiated = 0; 436 struct fscrypt_name nm; 437 438 /* 439 * Budget request settings: new inode, new direntry, changing the 440 * parent directory inode. 441 * Allocate budget separately for new dirtied inode, the budget will 442 * be released via writeback. 443 */ 444 445 dbg_gen("dent '%pd', mode %#hx in dir ino %lu", 446 dentry, mode, dir->i_ino); 447 448 err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm); 449 if (err) 450 return err; 451 452 err = ubifs_budget_space(c, &req); 453 if (err) { 454 fscrypt_free_filename(&nm); 455 return err; 456 } 457 458 err = ubifs_budget_space(c, &ino_req); 459 if (err) { 460 ubifs_release_budget(c, &req); 461 fscrypt_free_filename(&nm); 462 return err; 463 } 464 465 inode = ubifs_new_inode(c, dir, mode); 466 if (IS_ERR(inode)) { 467 err = PTR_ERR(inode); 468 goto out_budg; 469 } 470 ui = ubifs_inode(inode); 471 472 err = ubifs_init_security(dir, inode, &dentry->d_name); 473 if (err) 474 goto out_inode; 475 476 mutex_lock(&ui->ui_mutex); 477 insert_inode_hash(inode); 478 d_tmpfile(dentry, inode); 479 ubifs_assert(c, ui->dirty); 480 481 instantiated = 1; 482 mutex_unlock(&ui->ui_mutex); 483 484 lock_2_inodes(dir, inode); 485 err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0); 486 if (err) 487 goto out_cancel; 488 unlock_2_inodes(dir, inode); 489 490 ubifs_release_budget(c, &req); 491 492 return 0; 493 494out_cancel: 495 unlock_2_inodes(dir, inode); 496out_inode: 497 make_bad_inode(inode); 498 if (!instantiated) 499 iput(inode); 500out_budg: 501 ubifs_release_budget(c, &req); 502 if (!instantiated) 503 ubifs_release_budget(c, &ino_req); 504 fscrypt_free_filename(&nm); 505 ubifs_err(c, "cannot create temporary file, error %d", err); 506 return err; 507} 508 509/** 510 * vfs_dent_type - get VFS directory entry type. 511 * @type: UBIFS directory entry type 512 * 513 * This function converts UBIFS directory entry type into VFS directory entry 514 * type. 515 */ 516static unsigned int vfs_dent_type(uint8_t type) 517{ 518 switch (type) { 519 case UBIFS_ITYPE_REG: 520 return DT_REG; 521 case UBIFS_ITYPE_DIR: 522 return DT_DIR; 523 case UBIFS_ITYPE_LNK: 524 return DT_LNK; 525 case UBIFS_ITYPE_BLK: 526 return DT_BLK; 527 case UBIFS_ITYPE_CHR: 528 return DT_CHR; 529 case UBIFS_ITYPE_FIFO: 530 return DT_FIFO; 531 case UBIFS_ITYPE_SOCK: 532 return DT_SOCK; 533 default: 534 BUG(); 535 } 536 return 0; 537} 538 539/* 540 * The classical Unix view for directory is that it is a linear array of 541 * (name, inode number) entries. Linux/VFS assumes this model as well. 542 * Particularly, 'readdir()' call wants us to return a directory entry offset 543 * which later may be used to continue 'readdir()'ing the directory or to 544 * 'seek()' to that specific direntry. Obviously UBIFS does not really fit this 545 * model because directory entries are identified by keys, which may collide. 546 * 547 * UBIFS uses directory entry hash value for directory offsets, so 548 * 'seekdir()'/'telldir()' may not always work because of possible key 549 * collisions. But UBIFS guarantees that consecutive 'readdir()' calls work 550 * properly by means of saving full directory entry name in the private field 551 * of the file description object. 552 * 553 * This means that UBIFS cannot support NFS which requires full 554 * 'seekdir()'/'telldir()' support. 555 */ 556static int ubifs_readdir(struct file *file, struct dir_context *ctx) 557{ 558 int fstr_real_len = 0, err = 0; 559 struct fscrypt_name nm; 560 struct fscrypt_str fstr = {0}; 561 union ubifs_key key; 562 struct ubifs_dent_node *dent; 563 struct inode *dir = file_inode(file); 564 struct ubifs_info *c = dir->i_sb->s_fs_info; 565 bool encrypted = IS_ENCRYPTED(dir); 566 567 dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos); 568 569 if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2) 570 /* 571 * The directory was seek'ed to a senseless position or there 572 * are no more entries. 573 */ 574 return 0; 575 576 if (encrypted) { 577 err = fscrypt_prepare_readdir(dir); 578 if (err) 579 return err; 580 581 err = fscrypt_fname_alloc_buffer(UBIFS_MAX_NLEN, &fstr); 582 if (err) 583 return err; 584 585 fstr_real_len = fstr.len; 586 } 587 588 if (file->f_version == 0) { 589 /* 590 * The file was seek'ed, which means that @file->private_data 591 * is now invalid. This may also be just the first 592 * 'ubifs_readdir()' invocation, in which case 593 * @file->private_data is NULL, and the below code is 594 * basically a no-op. 595 */ 596 kfree(file->private_data); 597 file->private_data = NULL; 598 } 599 600 /* 601 * 'generic_file_llseek()' unconditionally sets @file->f_version to 602 * zero, and we use this for detecting whether the file was seek'ed. 603 */ 604 file->f_version = 1; 605 606 /* File positions 0 and 1 correspond to "." and ".." */ 607 if (ctx->pos < 2) { 608 ubifs_assert(c, !file->private_data); 609 if (!dir_emit_dots(file, ctx)) { 610 if (encrypted) 611 fscrypt_fname_free_buffer(&fstr); 612 return 0; 613 } 614 615 /* Find the first entry in TNC and save it */ 616 lowest_dent_key(c, &key, dir->i_ino); 617 fname_len(&nm) = 0; 618 dent = ubifs_tnc_next_ent(c, &key, &nm); 619 if (IS_ERR(dent)) { 620 err = PTR_ERR(dent); 621 goto out; 622 } 623 624 ctx->pos = key_hash_flash(c, &dent->key); 625 file->private_data = dent; 626 } 627 628 dent = file->private_data; 629 if (!dent) { 630 /* 631 * The directory was seek'ed to and is now readdir'ed. 632 * Find the entry corresponding to @ctx->pos or the closest one. 633 */ 634 dent_key_init_hash(c, &key, dir->i_ino, ctx->pos); 635 fname_len(&nm) = 0; 636 dent = ubifs_tnc_next_ent(c, &key, &nm); 637 if (IS_ERR(dent)) { 638 err = PTR_ERR(dent); 639 goto out; 640 } 641 ctx->pos = key_hash_flash(c, &dent->key); 642 file->private_data = dent; 643 } 644 645 while (1) { 646 dbg_gen("ino %llu, new f_pos %#x", 647 (unsigned long long)le64_to_cpu(dent->inum), 648 key_hash_flash(c, &dent->key)); 649 ubifs_assert(c, le64_to_cpu(dent->ch.sqnum) > 650 ubifs_inode(dir)->creat_sqnum); 651 652 fname_len(&nm) = le16_to_cpu(dent->nlen); 653 fname_name(&nm) = dent->name; 654 655 if (encrypted) { 656 fstr.len = fstr_real_len; 657 658 err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c, 659 &dent->key), 660 le32_to_cpu(dent->cookie), 661 &nm.disk_name, &fstr); 662 if (err) 663 goto out; 664 } else { 665 fstr.len = fname_len(&nm); 666 fstr.name = fname_name(&nm); 667 } 668 669 if (!dir_emit(ctx, fstr.name, fstr.len, 670 le64_to_cpu(dent->inum), 671 vfs_dent_type(dent->type))) { 672 if (encrypted) 673 fscrypt_fname_free_buffer(&fstr); 674 return 0; 675 } 676 677 /* Switch to the next entry */ 678 key_read(c, &dent->key, &key); 679 dent = ubifs_tnc_next_ent(c, &key, &nm); 680 if (IS_ERR(dent)) { 681 err = PTR_ERR(dent); 682 goto out; 683 } 684 685 kfree(file->private_data); 686 ctx->pos = key_hash_flash(c, &dent->key); 687 file->private_data = dent; 688 cond_resched(); 689 } 690 691out: 692 kfree(file->private_data); 693 file->private_data = NULL; 694 695 if (encrypted) 696 fscrypt_fname_free_buffer(&fstr); 697 698 if (err != -ENOENT) 699 ubifs_err(c, "cannot find next direntry, error %d", err); 700 else 701 /* 702 * -ENOENT is a non-fatal error in this context, the TNC uses 703 * it to indicate that the cursor moved past the current directory 704 * and readdir() has to stop. 705 */ 706 err = 0; 707 708 709 /* 2 is a special value indicating that there are no more direntries */ 710 ctx->pos = 2; 711 return err; 712} 713 714/* Free saved readdir() state when the directory is closed */ 715static int ubifs_dir_release(struct inode *dir, struct file *file) 716{ 717 kfree(file->private_data); 718 file->private_data = NULL; 719 return 0; 720} 721 722static int ubifs_link(struct dentry *old_dentry, struct inode *dir, 723 struct dentry *dentry) 724{ 725 struct ubifs_info *c = dir->i_sb->s_fs_info; 726 struct inode *inode = d_inode(old_dentry); 727 struct ubifs_inode *ui = ubifs_inode(inode); 728 struct ubifs_inode *dir_ui = ubifs_inode(dir); 729 int err, sz_change = CALC_DENT_SIZE(dentry->d_name.len); 730 struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2, 731 .dirtied_ino_d = ALIGN(ui->data_len, 8) }; 732 struct fscrypt_name nm; 733 734 /* 735 * Budget request settings: new direntry, changing the target inode, 736 * changing the parent inode. 737 */ 738 739 dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu", 740 dentry, inode->i_ino, 741 inode->i_nlink, dir->i_ino); 742 ubifs_assert(c, inode_is_locked(dir)); 743 ubifs_assert(c, inode_is_locked(inode)); 744 745 err = fscrypt_prepare_link(old_dentry, dir, dentry); 746 if (err) 747 return err; 748 749 err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm); 750 if (err) 751 return err; 752 753 err = dbg_check_synced_i_size(c, inode); 754 if (err) 755 goto out_fname; 756 757 err = ubifs_budget_space(c, &req); 758 if (err) 759 goto out_fname; 760 761 lock_2_inodes(dir, inode); 762 763 /* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */ 764 if (inode->i_nlink == 0) 765 ubifs_delete_orphan(c, inode->i_ino); 766 767 inc_nlink(inode); 768 ihold(inode); 769 inode->i_ctime = current_time(inode); 770 dir->i_size += sz_change; 771 dir_ui->ui_size = dir->i_size; 772 dir->i_mtime = dir->i_ctime = inode->i_ctime; 773 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0); 774 if (err) 775 goto out_cancel; 776 unlock_2_inodes(dir, inode); 777 778 ubifs_release_budget(c, &req); 779 d_instantiate(dentry, inode); 780 fscrypt_free_filename(&nm); 781 return 0; 782 783out_cancel: 784 dir->i_size -= sz_change; 785 dir_ui->ui_size = dir->i_size; 786 drop_nlink(inode); 787 if (inode->i_nlink == 0) 788 ubifs_add_orphan(c, inode->i_ino); 789 unlock_2_inodes(dir, inode); 790 ubifs_release_budget(c, &req); 791 iput(inode); 792out_fname: 793 fscrypt_free_filename(&nm); 794 return err; 795} 796 797static int ubifs_unlink(struct inode *dir, struct dentry *dentry) 798{ 799 struct ubifs_info *c = dir->i_sb->s_fs_info; 800 struct inode *inode = d_inode(dentry); 801 struct ubifs_inode *dir_ui = ubifs_inode(dir); 802 int err, sz_change, budgeted = 1; 803 struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 }; 804 unsigned int saved_nlink = inode->i_nlink; 805 struct fscrypt_name nm; 806 807 /* 808 * Budget request settings: deletion direntry, deletion inode (+1 for 809 * @dirtied_ino), changing the parent directory inode. If budgeting 810 * fails, go ahead anyway because we have extra space reserved for 811 * deletions. 812 */ 813 814 dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu", 815 dentry, inode->i_ino, 816 inode->i_nlink, dir->i_ino); 817 818 err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm); 819 if (err) 820 return err; 821 822 err = ubifs_purge_xattrs(inode); 823 if (err) 824 return err; 825 826 sz_change = CALC_DENT_SIZE(fname_len(&nm)); 827 828 ubifs_assert(c, inode_is_locked(dir)); 829 ubifs_assert(c, inode_is_locked(inode)); 830 err = dbg_check_synced_i_size(c, inode); 831 if (err) 832 goto out_fname; 833 834 err = ubifs_budget_space(c, &req); 835 if (err) { 836 if (err != -ENOSPC) 837 goto out_fname; 838 budgeted = 0; 839 } 840 841 lock_2_inodes(dir, inode); 842 inode->i_ctime = current_time(dir); 843 drop_nlink(inode); 844 dir->i_size -= sz_change; 845 dir_ui->ui_size = dir->i_size; 846 dir->i_mtime = dir->i_ctime = inode->i_ctime; 847 err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0); 848 if (err) 849 goto out_cancel; 850 unlock_2_inodes(dir, inode); 851 852 if (budgeted) 853 ubifs_release_budget(c, &req); 854 else { 855 /* We've deleted something - clean the "no space" flags */ 856 c->bi.nospace = c->bi.nospace_rp = 0; 857 smp_wmb(); 858 } 859 fscrypt_free_filename(&nm); 860 return 0; 861 862out_cancel: 863 dir->i_size += sz_change; 864 dir_ui->ui_size = dir->i_size; 865 set_nlink(inode, saved_nlink); 866 unlock_2_inodes(dir, inode); 867 if (budgeted) 868 ubifs_release_budget(c, &req); 869out_fname: 870 fscrypt_free_filename(&nm); 871 return err; 872} 873 874/** 875 * check_dir_empty - check if a directory is empty or not. 876 * @dir: VFS inode object of the directory to check 877 * 878 * This function checks if directory @dir is empty. Returns zero if the 879 * directory is empty, %-ENOTEMPTY if it is not, and other negative error codes 880 * in case of errors. 881 */ 882int ubifs_check_dir_empty(struct inode *dir) 883{ 884 struct ubifs_info *c = dir->i_sb->s_fs_info; 885 struct fscrypt_name nm = { 0 }; 886 struct ubifs_dent_node *dent; 887 union ubifs_key key; 888 int err; 889 890 lowest_dent_key(c, &key, dir->i_ino); 891 dent = ubifs_tnc_next_ent(c, &key, &nm); 892 if (IS_ERR(dent)) { 893 err = PTR_ERR(dent); 894 if (err == -ENOENT) 895 err = 0; 896 } else { 897 kfree(dent); 898 err = -ENOTEMPTY; 899 } 900 return err; 901} 902 903static int ubifs_rmdir(struct inode *dir, struct dentry *dentry) 904{ 905 struct ubifs_info *c = dir->i_sb->s_fs_info; 906 struct inode *inode = d_inode(dentry); 907 int err, sz_change, budgeted = 1; 908 struct ubifs_inode *dir_ui = ubifs_inode(dir); 909 struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 }; 910 struct fscrypt_name nm; 911 912 /* 913 * Budget request settings: deletion direntry, deletion inode and 914 * changing the parent inode. If budgeting fails, go ahead anyway 915 * because we have extra space reserved for deletions. 916 */ 917 918 dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry, 919 inode->i_ino, dir->i_ino); 920 ubifs_assert(c, inode_is_locked(dir)); 921 ubifs_assert(c, inode_is_locked(inode)); 922 err = ubifs_check_dir_empty(d_inode(dentry)); 923 if (err) 924 return err; 925 926 err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm); 927 if (err) 928 return err; 929 930 err = ubifs_purge_xattrs(inode); 931 if (err) 932 return err; 933 934 sz_change = CALC_DENT_SIZE(fname_len(&nm)); 935 936 err = ubifs_budget_space(c, &req); 937 if (err) { 938 if (err != -ENOSPC) 939 goto out_fname; 940 budgeted = 0; 941 } 942 943 lock_2_inodes(dir, inode); 944 inode->i_ctime = current_time(dir); 945 clear_nlink(inode); 946 drop_nlink(dir); 947 dir->i_size -= sz_change; 948 dir_ui->ui_size = dir->i_size; 949 dir->i_mtime = dir->i_ctime = inode->i_ctime; 950 err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0); 951 if (err) 952 goto out_cancel; 953 unlock_2_inodes(dir, inode); 954 955 if (budgeted) 956 ubifs_release_budget(c, &req); 957 else { 958 /* We've deleted something - clean the "no space" flags */ 959 c->bi.nospace = c->bi.nospace_rp = 0; 960 smp_wmb(); 961 } 962 fscrypt_free_filename(&nm); 963 return 0; 964 965out_cancel: 966 dir->i_size += sz_change; 967 dir_ui->ui_size = dir->i_size; 968 inc_nlink(dir); 969 set_nlink(inode, 2); 970 unlock_2_inodes(dir, inode); 971 if (budgeted) 972 ubifs_release_budget(c, &req); 973out_fname: 974 fscrypt_free_filename(&nm); 975 return err; 976} 977 978static int ubifs_mkdir(struct user_namespace *mnt_userns, struct inode *dir, 979 struct dentry *dentry, umode_t mode) 980{ 981 struct inode *inode; 982 struct ubifs_inode *dir_ui = ubifs_inode(dir); 983 struct ubifs_info *c = dir->i_sb->s_fs_info; 984 int err, sz_change; 985 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1, 986 .dirtied_ino = 1}; 987 struct fscrypt_name nm; 988 989 /* 990 * Budget request settings: new inode, new direntry and changing parent 991 * directory inode. 992 */ 993 994 dbg_gen("dent '%pd', mode %#hx in dir ino %lu", 995 dentry, mode, dir->i_ino); 996 997 err = ubifs_budget_space(c, &req); 998 if (err) 999 return err; 1000 1001 err = ubifs_prepare_create(dir, dentry, &nm); 1002 if (err) 1003 goto out_budg; 1004 1005 sz_change = CALC_DENT_SIZE(fname_len(&nm)); 1006 1007 inode = ubifs_new_inode(c, dir, S_IFDIR | mode); 1008 if (IS_ERR(inode)) { 1009 err = PTR_ERR(inode); 1010 goto out_fname; 1011 } 1012 1013 err = ubifs_init_security(dir, inode, &dentry->d_name); 1014 if (err) 1015 goto out_inode; 1016 1017 mutex_lock(&dir_ui->ui_mutex); 1018 insert_inode_hash(inode); 1019 inc_nlink(inode); 1020 inc_nlink(dir); 1021 dir->i_size += sz_change; 1022 dir_ui->ui_size = dir->i_size; 1023 dir->i_mtime = dir->i_ctime = inode->i_ctime; 1024 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0); 1025 if (err) { 1026 ubifs_err(c, "cannot create directory, error %d", err); 1027 goto out_cancel; 1028 } 1029 mutex_unlock(&dir_ui->ui_mutex); 1030 1031 ubifs_release_budget(c, &req); 1032 d_instantiate(dentry, inode); 1033 fscrypt_free_filename(&nm); 1034 return 0; 1035 1036out_cancel: 1037 dir->i_size -= sz_change; 1038 dir_ui->ui_size = dir->i_size; 1039 drop_nlink(dir); 1040 mutex_unlock(&dir_ui->ui_mutex); 1041out_inode: 1042 make_bad_inode(inode); 1043 iput(inode); 1044out_fname: 1045 fscrypt_free_filename(&nm); 1046out_budg: 1047 ubifs_release_budget(c, &req); 1048 return err; 1049} 1050 1051static int ubifs_mknod(struct user_namespace *mnt_userns, struct inode *dir, 1052 struct dentry *dentry, umode_t mode, dev_t rdev) 1053{ 1054 struct inode *inode; 1055 struct ubifs_inode *ui; 1056 struct ubifs_inode *dir_ui = ubifs_inode(dir); 1057 struct ubifs_info *c = dir->i_sb->s_fs_info; 1058 union ubifs_dev_desc *dev = NULL; 1059 int sz_change; 1060 int err, devlen = 0; 1061 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1, 1062 .dirtied_ino = 1 }; 1063 struct fscrypt_name nm; 1064 1065 /* 1066 * Budget request settings: new inode, new direntry and changing parent 1067 * directory inode. 1068 */ 1069 1070 dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino); 1071 1072 if (S_ISBLK(mode) || S_ISCHR(mode)) { 1073 dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS); 1074 if (!dev) 1075 return -ENOMEM; 1076 devlen = ubifs_encode_dev(dev, rdev); 1077 } 1078 1079 req.new_ino_d = ALIGN(devlen, 8); 1080 err = ubifs_budget_space(c, &req); 1081 if (err) { 1082 kfree(dev); 1083 return err; 1084 } 1085 1086 err = ubifs_prepare_create(dir, dentry, &nm); 1087 if (err) { 1088 kfree(dev); 1089 goto out_budg; 1090 } 1091 1092 sz_change = CALC_DENT_SIZE(fname_len(&nm)); 1093 1094 inode = ubifs_new_inode(c, dir, mode); 1095 if (IS_ERR(inode)) { 1096 kfree(dev); 1097 err = PTR_ERR(inode); 1098 goto out_fname; 1099 } 1100 1101 init_special_inode(inode, inode->i_mode, rdev); 1102 inode->i_size = ubifs_inode(inode)->ui_size = devlen; 1103 ui = ubifs_inode(inode); 1104 ui->data = dev; 1105 ui->data_len = devlen; 1106 1107 err = ubifs_init_security(dir, inode, &dentry->d_name); 1108 if (err) 1109 goto out_inode; 1110 1111 mutex_lock(&dir_ui->ui_mutex); 1112 dir->i_size += sz_change; 1113 dir_ui->ui_size = dir->i_size; 1114 dir->i_mtime = dir->i_ctime = inode->i_ctime; 1115 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0); 1116 if (err) 1117 goto out_cancel; 1118 mutex_unlock(&dir_ui->ui_mutex); 1119 1120 ubifs_release_budget(c, &req); 1121 insert_inode_hash(inode); 1122 d_instantiate(dentry, inode); 1123 fscrypt_free_filename(&nm); 1124 return 0; 1125 1126out_cancel: 1127 dir->i_size -= sz_change; 1128 dir_ui->ui_size = dir->i_size; 1129 mutex_unlock(&dir_ui->ui_mutex); 1130out_inode: 1131 make_bad_inode(inode); 1132 iput(inode); 1133out_fname: 1134 fscrypt_free_filename(&nm); 1135out_budg: 1136 ubifs_release_budget(c, &req); 1137 return err; 1138} 1139 1140static int ubifs_symlink(struct user_namespace *mnt_userns, struct inode *dir, 1141 struct dentry *dentry, const char *symname) 1142{ 1143 struct inode *inode; 1144 struct ubifs_inode *ui; 1145 struct ubifs_inode *dir_ui = ubifs_inode(dir); 1146 struct ubifs_info *c = dir->i_sb->s_fs_info; 1147 int err, sz_change, len = strlen(symname); 1148 struct fscrypt_str disk_link; 1149 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1, 1150 .new_ino_d = ALIGN(len, 8), 1151 .dirtied_ino = 1 }; 1152 struct fscrypt_name nm; 1153 1154 dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry, 1155 symname, dir->i_ino); 1156 1157 err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA, 1158 &disk_link); 1159 if (err) 1160 return err; 1161 1162 /* 1163 * Budget request settings: new inode, new direntry and changing parent 1164 * directory inode. 1165 */ 1166 err = ubifs_budget_space(c, &req); 1167 if (err) 1168 return err; 1169 1170 err = ubifs_prepare_create(dir, dentry, &nm); 1171 if (err) 1172 goto out_budg; 1173 1174 sz_change = CALC_DENT_SIZE(fname_len(&nm)); 1175 1176 inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO); 1177 if (IS_ERR(inode)) { 1178 err = PTR_ERR(inode); 1179 goto out_fname; 1180 } 1181 1182 ui = ubifs_inode(inode); 1183 ui->data = kmalloc(disk_link.len, GFP_NOFS); 1184 if (!ui->data) { 1185 err = -ENOMEM; 1186 goto out_inode; 1187 } 1188 1189 if (IS_ENCRYPTED(inode)) { 1190 disk_link.name = ui->data; /* encrypt directly into ui->data */ 1191 err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link); 1192 if (err) 1193 goto out_inode; 1194 } else { 1195 memcpy(ui->data, disk_link.name, disk_link.len); 1196 inode->i_link = ui->data; 1197 } 1198 1199 /* 1200 * The terminating zero byte is not written to the flash media and it 1201 * is put just to make later in-memory string processing simpler. Thus, 1202 * data length is @disk_link.len - 1, not @disk_link.len. 1203 */ 1204 ui->data_len = disk_link.len - 1; 1205 inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1; 1206 1207 err = ubifs_init_security(dir, inode, &dentry->d_name); 1208 if (err) 1209 goto out_inode; 1210 1211 mutex_lock(&dir_ui->ui_mutex); 1212 dir->i_size += sz_change; 1213 dir_ui->ui_size = dir->i_size; 1214 dir->i_mtime = dir->i_ctime = inode->i_ctime; 1215 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0); 1216 if (err) 1217 goto out_cancel; 1218 mutex_unlock(&dir_ui->ui_mutex); 1219 1220 insert_inode_hash(inode); 1221 d_instantiate(dentry, inode); 1222 err = 0; 1223 goto out_fname; 1224 1225out_cancel: 1226 dir->i_size -= sz_change; 1227 dir_ui->ui_size = dir->i_size; 1228 mutex_unlock(&dir_ui->ui_mutex); 1229out_inode: 1230 make_bad_inode(inode); 1231 iput(inode); 1232out_fname: 1233 fscrypt_free_filename(&nm); 1234out_budg: 1235 ubifs_release_budget(c, &req); 1236 return err; 1237} 1238 1239/** 1240 * lock_4_inodes - a wrapper for locking three UBIFS inodes. 1241 * @inode1: first inode 1242 * @inode2: second inode 1243 * @inode3: third inode 1244 * @inode4: fourth inode 1245 * 1246 * This function is used for 'ubifs_rename()' and @inode1 may be the same as 1247 * @inode2 whereas @inode3 and @inode4 may be %NULL. 1248 * 1249 * We do not implement any tricks to guarantee strict lock ordering, because 1250 * VFS has already done it for us on the @i_mutex. So this is just a simple 1251 * wrapper function. 1252 */ 1253static void lock_4_inodes(struct inode *inode1, struct inode *inode2, 1254 struct inode *inode3, struct inode *inode4) 1255{ 1256 mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1); 1257 if (inode2 != inode1) 1258 mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2); 1259 if (inode3) 1260 mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3); 1261 if (inode4) 1262 mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4); 1263} 1264 1265/** 1266 * unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename. 1267 * @inode1: first inode 1268 * @inode2: second inode 1269 * @inode3: third inode 1270 * @inode4: fourth inode 1271 */ 1272static void unlock_4_inodes(struct inode *inode1, struct inode *inode2, 1273 struct inode *inode3, struct inode *inode4) 1274{ 1275 if (inode4) 1276 mutex_unlock(&ubifs_inode(inode4)->ui_mutex); 1277 if (inode3) 1278 mutex_unlock(&ubifs_inode(inode3)->ui_mutex); 1279 if (inode1 != inode2) 1280 mutex_unlock(&ubifs_inode(inode2)->ui_mutex); 1281 mutex_unlock(&ubifs_inode(inode1)->ui_mutex); 1282} 1283 1284static int do_rename(struct inode *old_dir, struct dentry *old_dentry, 1285 struct inode *new_dir, struct dentry *new_dentry, 1286 unsigned int flags) 1287{ 1288 struct ubifs_info *c = old_dir->i_sb->s_fs_info; 1289 struct inode *old_inode = d_inode(old_dentry); 1290 struct inode *new_inode = d_inode(new_dentry); 1291 struct inode *whiteout = NULL; 1292 struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode); 1293 struct ubifs_inode *whiteout_ui = NULL; 1294 int err, release, sync = 0, move = (new_dir != old_dir); 1295 int is_dir = S_ISDIR(old_inode->i_mode); 1296 int unlink = !!new_inode, new_sz, old_sz; 1297 struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1, 1298 .dirtied_ino = 3 }; 1299 struct ubifs_budget_req ino_req = { .dirtied_ino = 1, 1300 .dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) }; 1301 struct ubifs_budget_req wht_req; 1302 struct timespec64 time; 1303 unsigned int saved_nlink; 1304 struct fscrypt_name old_nm, new_nm; 1305 1306 /* 1307 * Budget request settings: 1308 * req: deletion direntry, new direntry, removing the old inode, 1309 * and changing old and new parent directory inodes. 1310 * 1311 * wht_req: new whiteout inode for RENAME_WHITEOUT. 1312 * 1313 * ino_req: marks the target inode as dirty and does not write it. 1314 */ 1315 1316 dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x", 1317 old_dentry, old_inode->i_ino, old_dir->i_ino, 1318 new_dentry, new_dir->i_ino, flags); 1319 1320 if (unlink) { 1321 ubifs_assert(c, inode_is_locked(new_inode)); 1322 1323 err = ubifs_purge_xattrs(new_inode); 1324 if (err) 1325 return err; 1326 } 1327 1328 if (unlink && is_dir) { 1329 err = ubifs_check_dir_empty(new_inode); 1330 if (err) 1331 return err; 1332 } 1333 1334 err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm); 1335 if (err) 1336 return err; 1337 1338 err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm); 1339 if (err) { 1340 fscrypt_free_filename(&old_nm); 1341 return err; 1342 } 1343 1344 new_sz = CALC_DENT_SIZE(fname_len(&new_nm)); 1345 old_sz = CALC_DENT_SIZE(fname_len(&old_nm)); 1346 1347 err = ubifs_budget_space(c, &req); 1348 if (err) { 1349 fscrypt_free_filename(&old_nm); 1350 fscrypt_free_filename(&new_nm); 1351 return err; 1352 } 1353 err = ubifs_budget_space(c, &ino_req); 1354 if (err) { 1355 fscrypt_free_filename(&old_nm); 1356 fscrypt_free_filename(&new_nm); 1357 ubifs_release_budget(c, &req); 1358 return err; 1359 } 1360 1361 if (flags & RENAME_WHITEOUT) { 1362 union ubifs_dev_desc *dev = NULL; 1363 1364 dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS); 1365 if (!dev) { 1366 err = -ENOMEM; 1367 goto out_release; 1368 } 1369 1370 /* 1371 * The whiteout inode without dentry is pinned in memory, 1372 * umount won't happen during rename process because we 1373 * got parent dentry. 1374 */ 1375 whiteout = create_whiteout(old_dir, old_dentry); 1376 if (IS_ERR(whiteout)) { 1377 err = PTR_ERR(whiteout); 1378 kfree(dev); 1379 goto out_release; 1380 } 1381 1382 whiteout_ui = ubifs_inode(whiteout); 1383 whiteout_ui->data = dev; 1384 whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0)); 1385 ubifs_assert(c, !whiteout_ui->dirty); 1386 1387 memset(&wht_req, 0, sizeof(struct ubifs_budget_req)); 1388 wht_req.new_ino = 1; 1389 wht_req.new_ino_d = ALIGN(whiteout_ui->data_len, 8); 1390 /* 1391 * To avoid deadlock between space budget (holds ui_mutex and 1392 * waits wb work) and writeback work(waits ui_mutex), do space 1393 * budget before ubifs inodes locked. 1394 */ 1395 err = ubifs_budget_space(c, &wht_req); 1396 if (err) { 1397 /* 1398 * Whiteout inode can not be written on flash by 1399 * ubifs_jnl_write_inode(), because it's neither 1400 * dirty nor zero-nlink. 1401 */ 1402 iput(whiteout); 1403 goto out_release; 1404 } 1405 1406 /* Add the old_dentry size to the old_dir size. */ 1407 old_sz -= CALC_DENT_SIZE(fname_len(&old_nm)); 1408 } 1409 1410 lock_4_inodes(old_dir, new_dir, new_inode, whiteout); 1411 1412 /* 1413 * Like most other Unix systems, set the @i_ctime for inodes on a 1414 * rename. 1415 */ 1416 time = current_time(old_dir); 1417 old_inode->i_ctime = time; 1418 1419 /* We must adjust parent link count when renaming directories */ 1420 if (is_dir) { 1421 if (move) { 1422 /* 1423 * @old_dir loses a link because we are moving 1424 * @old_inode to a different directory. 1425 */ 1426 drop_nlink(old_dir); 1427 /* 1428 * @new_dir only gains a link if we are not also 1429 * overwriting an existing directory. 1430 */ 1431 if (!unlink) 1432 inc_nlink(new_dir); 1433 } else { 1434 /* 1435 * @old_inode is not moving to a different directory, 1436 * but @old_dir still loses a link if we are 1437 * overwriting an existing directory. 1438 */ 1439 if (unlink) 1440 drop_nlink(old_dir); 1441 } 1442 } 1443 1444 old_dir->i_size -= old_sz; 1445 ubifs_inode(old_dir)->ui_size = old_dir->i_size; 1446 old_dir->i_mtime = old_dir->i_ctime = time; 1447 new_dir->i_mtime = new_dir->i_ctime = time; 1448 1449 /* 1450 * And finally, if we unlinked a direntry which happened to have the 1451 * same name as the moved direntry, we have to decrement @i_nlink of 1452 * the unlinked inode and change its ctime. 1453 */ 1454 if (unlink) { 1455 /* 1456 * Directories cannot have hard-links, so if this is a 1457 * directory, just clear @i_nlink. 1458 */ 1459 saved_nlink = new_inode->i_nlink; 1460 if (is_dir) 1461 clear_nlink(new_inode); 1462 else 1463 drop_nlink(new_inode); 1464 new_inode->i_ctime = time; 1465 } else { 1466 new_dir->i_size += new_sz; 1467 ubifs_inode(new_dir)->ui_size = new_dir->i_size; 1468 } 1469 1470 /* 1471 * Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode 1472 * is dirty, because this will be done later on at the end of 1473 * 'ubifs_rename()'. 1474 */ 1475 if (IS_SYNC(old_inode)) { 1476 sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir); 1477 if (unlink && IS_SYNC(new_inode)) 1478 sync = 1; 1479 /* 1480 * S_SYNC flag of whiteout inherits from the old_dir, and we 1481 * have already checked the old dir inode. So there is no need 1482 * to check whiteout. 1483 */ 1484 } 1485 1486 err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir, 1487 new_inode, &new_nm, whiteout, sync); 1488 if (err) 1489 goto out_cancel; 1490 1491 unlock_4_inodes(old_dir, new_dir, new_inode, whiteout); 1492 ubifs_release_budget(c, &req); 1493 1494 if (whiteout) { 1495 ubifs_release_budget(c, &wht_req); 1496 iput(whiteout); 1497 } 1498 1499 mutex_lock(&old_inode_ui->ui_mutex); 1500 release = old_inode_ui->dirty; 1501 mark_inode_dirty_sync(old_inode); 1502 mutex_unlock(&old_inode_ui->ui_mutex); 1503 1504 if (release) 1505 ubifs_release_budget(c, &ino_req); 1506 if (IS_SYNC(old_inode)) 1507 /* 1508 * Rename finished here. Although old inode cannot be updated 1509 * on flash, old ctime is not a big problem, don't return err 1510 * code to userspace. 1511 */ 1512 old_inode->i_sb->s_op->write_inode(old_inode, NULL); 1513 1514 fscrypt_free_filename(&old_nm); 1515 fscrypt_free_filename(&new_nm); 1516 return 0; 1517 1518out_cancel: 1519 if (unlink) { 1520 set_nlink(new_inode, saved_nlink); 1521 } else { 1522 new_dir->i_size -= new_sz; 1523 ubifs_inode(new_dir)->ui_size = new_dir->i_size; 1524 } 1525 old_dir->i_size += old_sz; 1526 ubifs_inode(old_dir)->ui_size = old_dir->i_size; 1527 if (is_dir) { 1528 if (move) { 1529 inc_nlink(old_dir); 1530 if (!unlink) 1531 drop_nlink(new_dir); 1532 } else { 1533 if (unlink) 1534 inc_nlink(old_dir); 1535 } 1536 } 1537 unlock_4_inodes(old_dir, new_dir, new_inode, whiteout); 1538 if (whiteout) { 1539 ubifs_release_budget(c, &wht_req); 1540 iput(whiteout); 1541 } 1542out_release: 1543 ubifs_release_budget(c, &ino_req); 1544 ubifs_release_budget(c, &req); 1545 fscrypt_free_filename(&old_nm); 1546 fscrypt_free_filename(&new_nm); 1547 return err; 1548} 1549 1550static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry, 1551 struct inode *new_dir, struct dentry *new_dentry) 1552{ 1553 struct ubifs_info *c = old_dir->i_sb->s_fs_info; 1554 struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1, 1555 .dirtied_ino = 2 }; 1556 int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir); 1557 struct inode *fst_inode = d_inode(old_dentry); 1558 struct inode *snd_inode = d_inode(new_dentry); 1559 struct timespec64 time; 1560 int err; 1561 struct fscrypt_name fst_nm, snd_nm; 1562 1563 ubifs_assert(c, fst_inode && snd_inode); 1564 1565 err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm); 1566 if (err) 1567 return err; 1568 1569 err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm); 1570 if (err) { 1571 fscrypt_free_filename(&fst_nm); 1572 return err; 1573 } 1574 1575 lock_4_inodes(old_dir, new_dir, NULL, NULL); 1576 1577 time = current_time(old_dir); 1578 fst_inode->i_ctime = time; 1579 snd_inode->i_ctime = time; 1580 old_dir->i_mtime = old_dir->i_ctime = time; 1581 new_dir->i_mtime = new_dir->i_ctime = time; 1582 1583 if (old_dir != new_dir) { 1584 if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) { 1585 inc_nlink(new_dir); 1586 drop_nlink(old_dir); 1587 } 1588 else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) { 1589 drop_nlink(new_dir); 1590 inc_nlink(old_dir); 1591 } 1592 } 1593 1594 err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir, 1595 snd_inode, &snd_nm, sync); 1596 1597 unlock_4_inodes(old_dir, new_dir, NULL, NULL); 1598 ubifs_release_budget(c, &req); 1599 1600 fscrypt_free_filename(&fst_nm); 1601 fscrypt_free_filename(&snd_nm); 1602 return err; 1603} 1604 1605static int ubifs_rename(struct user_namespace *mnt_userns, 1606 struct inode *old_dir, struct dentry *old_dentry, 1607 struct inode *new_dir, struct dentry *new_dentry, 1608 unsigned int flags) 1609{ 1610 int err; 1611 struct ubifs_info *c = old_dir->i_sb->s_fs_info; 1612 1613 if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE)) 1614 return -EINVAL; 1615 1616 ubifs_assert(c, inode_is_locked(old_dir)); 1617 ubifs_assert(c, inode_is_locked(new_dir)); 1618 1619 err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry, 1620 flags); 1621 if (err) 1622 return err; 1623 1624 if (flags & RENAME_EXCHANGE) 1625 return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry); 1626 1627 return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags); 1628} 1629 1630int ubifs_getattr(struct user_namespace *mnt_userns, const struct path *path, 1631 struct kstat *stat, u32 request_mask, unsigned int flags) 1632{ 1633 loff_t size; 1634 struct inode *inode = d_inode(path->dentry); 1635 struct ubifs_inode *ui = ubifs_inode(inode); 1636 1637 mutex_lock(&ui->ui_mutex); 1638 1639 if (ui->flags & UBIFS_APPEND_FL) 1640 stat->attributes |= STATX_ATTR_APPEND; 1641 if (ui->flags & UBIFS_COMPR_FL) 1642 stat->attributes |= STATX_ATTR_COMPRESSED; 1643 if (ui->flags & UBIFS_CRYPT_FL) 1644 stat->attributes |= STATX_ATTR_ENCRYPTED; 1645 if (ui->flags & UBIFS_IMMUTABLE_FL) 1646 stat->attributes |= STATX_ATTR_IMMUTABLE; 1647 1648 stat->attributes_mask |= (STATX_ATTR_APPEND | 1649 STATX_ATTR_COMPRESSED | 1650 STATX_ATTR_ENCRYPTED | 1651 STATX_ATTR_IMMUTABLE); 1652 1653 generic_fillattr(&init_user_ns, inode, stat); 1654 stat->blksize = UBIFS_BLOCK_SIZE; 1655 stat->size = ui->ui_size; 1656 1657 /* 1658 * Unfortunately, the 'stat()' system call was designed for block 1659 * device based file systems, and it is not appropriate for UBIFS, 1660 * because UBIFS does not have notion of "block". For example, it is 1661 * difficult to tell how many block a directory takes - it actually 1662 * takes less than 300 bytes, but we have to round it to block size, 1663 * which introduces large mistake. This makes utilities like 'du' to 1664 * report completely senseless numbers. This is the reason why UBIFS 1665 * goes the same way as JFFS2 - it reports zero blocks for everything 1666 * but regular files, which makes more sense than reporting completely 1667 * wrong sizes. 1668 */ 1669 if (S_ISREG(inode->i_mode)) { 1670 size = ui->xattr_size; 1671 size += stat->size; 1672 size = ALIGN(size, UBIFS_BLOCK_SIZE); 1673 /* 1674 * Note, user-space expects 512-byte blocks count irrespectively 1675 * of what was reported in @stat->size. 1676 */ 1677 stat->blocks = size >> 9; 1678 } else 1679 stat->blocks = 0; 1680 mutex_unlock(&ui->ui_mutex); 1681 return 0; 1682} 1683 1684const struct inode_operations ubifs_dir_inode_operations = { 1685 .lookup = ubifs_lookup, 1686 .create = ubifs_create, 1687 .link = ubifs_link, 1688 .symlink = ubifs_symlink, 1689 .unlink = ubifs_unlink, 1690 .mkdir = ubifs_mkdir, 1691 .rmdir = ubifs_rmdir, 1692 .mknod = ubifs_mknod, 1693 .rename = ubifs_rename, 1694 .setattr = ubifs_setattr, 1695 .getattr = ubifs_getattr, 1696 .listxattr = ubifs_listxattr, 1697 .update_time = ubifs_update_time, 1698 .tmpfile = ubifs_tmpfile, 1699 .fileattr_get = ubifs_fileattr_get, 1700 .fileattr_set = ubifs_fileattr_set, 1701}; 1702 1703const struct file_operations ubifs_dir_operations = { 1704 .llseek = generic_file_llseek, 1705 .release = ubifs_dir_release, 1706 .read = generic_read_dir, 1707 .iterate_shared = ubifs_readdir, 1708 .fsync = ubifs_fsync, 1709 .unlocked_ioctl = ubifs_ioctl, 1710#ifdef CONFIG_COMPAT 1711 .compat_ioctl = ubifs_compat_ioctl, 1712#endif 1713};