1 // SPDX-License-Identifier: GPL-2.0-only
2 /* * This file is part of UBIFS.
3 *
4 * Copyright (C) 2006-2008 Nokia Corporation.
5 * Copyright (C) 2006, 2007 University of Szeged, Hungary
6 *
7 * Authors: Artem Bityutskiy (Битюцкий Артём)
8 * Adrian Hunter
9 * Zoltan Sogor
10 */
11
12 /*
13 * This file implements directory operations.
14 *
15 * All FS operations in this file allocate budget before writing anything to the
16 * media. If they fail to allocate it, the error is returned. The only
17 * exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even
18 * if they unable to allocate the budget, because deletion %-ENOSPC failure is
19 * not what users are usually ready to get. UBIFS budgeting subsystem has some
20 * space reserved for these purposes.
21 *
22 * All operations in this file write all inodes which they change straight
23 * away, instead of marking them dirty. For example, 'ubifs_link()' changes
24 * @i_size of the parent inode and writes the parent inode together with the
25 * target inode. This was done to simplify file-system recovery which would
26 * otherwise be very difficult to do. The only exception is rename which marks
27 * the re-named inode dirty (because its @i_ctime is updated) but does not
28 * write it, but just marks it as dirty.
29 */
30
31 #include "ubifs.h"
32
33 /**
34 * inherit_flags - inherit flags of the parent inode.
35 * @dir: parent inode
36 * @mode: new inode mode flags
37 *
38 * This is a helper function for 'ubifs_new_inode()' which inherits flag of the
39 * parent directory inode @dir. UBIFS inodes inherit the following flags:
40 * o %UBIFS_COMPR_FL, which is useful to switch compression on/of on
41 * sub-directory basis;
42 * o %UBIFS_SYNC_FL - useful for the same reasons;
43 * o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories.
44 *
45 * This function returns the inherited flags.
46 */
inherit_flags(const struct inode * dir,umode_t mode)47 static int inherit_flags(const struct inode *dir, umode_t mode)
48 {
49 int flags;
50 const struct ubifs_inode *ui = ubifs_inode(dir);
51
52 if (!S_ISDIR(dir->i_mode))
53 /*
54 * The parent is not a directory, which means that an extended
55 * attribute inode is being created. No flags.
56 */
57 return 0;
58
59 flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL);
60 if (!S_ISDIR(mode))
61 /* The "DIRSYNC" flag only applies to directories */
62 flags &= ~UBIFS_DIRSYNC_FL;
63 return flags;
64 }
65
66 /**
67 * ubifs_new_inode - allocate new UBIFS inode object.
68 * @c: UBIFS file-system description object
69 * @dir: parent directory inode
70 * @mode: inode mode flags
71 *
72 * This function finds an unused inode number, allocates new inode and
73 * initializes it. Returns new inode in case of success and an error code in
74 * case of failure.
75 */
ubifs_new_inode(struct ubifs_info * c,struct inode * dir,umode_t mode)76 struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
77 umode_t mode)
78 {
79 int err;
80 struct inode *inode;
81 struct ubifs_inode *ui;
82 bool encrypted = false;
83
84 inode = new_inode(c->vfs_sb);
85 ui = ubifs_inode(inode);
86 if (!inode)
87 return ERR_PTR(-ENOMEM);
88
89 /*
90 * Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and
91 * marking them dirty in file write path (see 'file_update_time()').
92 * UBIFS has to fully control "clean <-> dirty" transitions of inodes
93 * to make budgeting work.
94 */
95 inode->i_flags |= S_NOCMTIME;
96
97 inode_init_owner(inode, dir, mode);
98 inode->i_mtime = inode->i_atime = inode->i_ctime =
99 current_time(inode);
100 inode->i_mapping->nrpages = 0;
101
102 err = fscrypt_prepare_new_inode(dir, inode, &encrypted);
103 if (err) {
104 ubifs_err(c, "fscrypt_prepare_new_inode failed: %i", err);
105 goto out_iput;
106 }
107
108 switch (mode & S_IFMT) {
109 case S_IFREG:
110 inode->i_mapping->a_ops = &ubifs_file_address_operations;
111 inode->i_op = &ubifs_file_inode_operations;
112 inode->i_fop = &ubifs_file_operations;
113 break;
114 case S_IFDIR:
115 inode->i_op = &ubifs_dir_inode_operations;
116 inode->i_fop = &ubifs_dir_operations;
117 inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ;
118 break;
119 case S_IFLNK:
120 inode->i_op = &ubifs_symlink_inode_operations;
121 break;
122 case S_IFSOCK:
123 case S_IFIFO:
124 case S_IFBLK:
125 case S_IFCHR:
126 inode->i_op = &ubifs_file_inode_operations;
127 break;
128 default:
129 BUG();
130 }
131
132 ui->flags = inherit_flags(dir, mode);
133 ubifs_set_inode_flags(inode);
134 if (S_ISREG(mode))
135 ui->compr_type = c->default_compr;
136 else
137 ui->compr_type = UBIFS_COMPR_NONE;
138 ui->synced_i_size = 0;
139
140 spin_lock(&c->cnt_lock);
141 /* Inode number overflow is currently not supported */
142 if (c->highest_inum >= INUM_WARN_WATERMARK) {
143 if (c->highest_inum >= INUM_WATERMARK) {
144 spin_unlock(&c->cnt_lock);
145 ubifs_err(c, "out of inode numbers");
146 err = -EINVAL;
147 goto out_iput;
148 }
149 ubifs_warn(c, "running out of inode numbers (current %lu, max %u)",
150 (unsigned long)c->highest_inum, INUM_WATERMARK);
151 }
152
153 inode->i_ino = ++c->highest_inum;
154 /*
155 * The creation sequence number remains with this inode for its
156 * lifetime. All nodes for this inode have a greater sequence number,
157 * and so it is possible to distinguish obsolete nodes belonging to a
158 * previous incarnation of the same inode number - for example, for the
159 * purpose of rebuilding the index.
160 */
161 ui->creat_sqnum = ++c->max_sqnum;
162 spin_unlock(&c->cnt_lock);
163
164 if (encrypted) {
165 err = fscrypt_set_context(inode, NULL);
166 if (err) {
167 ubifs_err(c, "fscrypt_set_context failed: %i", err);
168 goto out_iput;
169 }
170 }
171
172 return inode;
173
174 out_iput:
175 make_bad_inode(inode);
176 iput(inode);
177 return ERR_PTR(err);
178 }
179
dbg_check_name(const struct ubifs_info * c,const struct ubifs_dent_node * dent,const struct fscrypt_name * nm)180 static int dbg_check_name(const struct ubifs_info *c,
181 const struct ubifs_dent_node *dent,
182 const struct fscrypt_name *nm)
183 {
184 if (!dbg_is_chk_gen(c))
185 return 0;
186 if (le16_to_cpu(dent->nlen) != fname_len(nm))
187 return -EINVAL;
188 if (memcmp(dent->name, fname_name(nm), fname_len(nm)))
189 return -EINVAL;
190 return 0;
191 }
192
ubifs_lookup(struct inode * dir,struct dentry * dentry,unsigned int flags)193 static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
194 unsigned int flags)
195 {
196 int err;
197 union ubifs_key key;
198 struct inode *inode = NULL;
199 struct ubifs_dent_node *dent = NULL;
200 struct ubifs_info *c = dir->i_sb->s_fs_info;
201 struct fscrypt_name nm;
202
203 dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino);
204
205 err = fscrypt_prepare_lookup(dir, dentry, &nm);
206 generic_set_encrypted_ci_d_ops(dentry);
207 if (err == -ENOENT)
208 return d_splice_alias(NULL, dentry);
209 if (err)
210 return ERR_PTR(err);
211
212 if (fname_len(&nm) > UBIFS_MAX_NLEN) {
213 inode = ERR_PTR(-ENAMETOOLONG);
214 goto done;
215 }
216
217 dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
218 if (!dent) {
219 inode = ERR_PTR(-ENOMEM);
220 goto done;
221 }
222
223 if (fname_name(&nm) == NULL) {
224 if (nm.hash & ~UBIFS_S_KEY_HASH_MASK)
225 goto done; /* ENOENT */
226 dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
227 err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
228 } else {
229 dent_key_init(c, &key, dir->i_ino, &nm);
230 err = ubifs_tnc_lookup_nm(c, &key, dent, &nm);
231 }
232
233 if (err) {
234 if (err == -ENOENT)
235 dbg_gen("not found");
236 else
237 inode = ERR_PTR(err);
238 goto done;
239 }
240
241 if (dbg_check_name(c, dent, &nm)) {
242 inode = ERR_PTR(-EINVAL);
243 goto done;
244 }
245
246 inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum));
247 if (IS_ERR(inode)) {
248 /*
249 * This should not happen. Probably the file-system needs
250 * checking.
251 */
252 err = PTR_ERR(inode);
253 ubifs_err(c, "dead directory entry '%pd', error %d",
254 dentry, err);
255 ubifs_ro_mode(c, err);
256 goto done;
257 }
258
259 if (IS_ENCRYPTED(dir) &&
260 (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
261 !fscrypt_has_permitted_context(dir, inode)) {
262 ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
263 dir->i_ino, inode->i_ino);
264 iput(inode);
265 inode = ERR_PTR(-EPERM);
266 }
267
268 done:
269 kfree(dent);
270 fscrypt_free_filename(&nm);
271 return d_splice_alias(inode, dentry);
272 }
273
ubifs_prepare_create(struct inode * dir,struct dentry * dentry,struct fscrypt_name * nm)274 static int ubifs_prepare_create(struct inode *dir, struct dentry *dentry,
275 struct fscrypt_name *nm)
276 {
277 if (fscrypt_is_nokey_name(dentry))
278 return -ENOKEY;
279
280 return fscrypt_setup_filename(dir, &dentry->d_name, 0, nm);
281 }
282
ubifs_create(struct inode * dir,struct dentry * dentry,umode_t mode,bool excl)283 static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
284 bool excl)
285 {
286 struct inode *inode;
287 struct ubifs_info *c = dir->i_sb->s_fs_info;
288 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
289 .dirtied_ino = 1 };
290 struct ubifs_inode *dir_ui = ubifs_inode(dir);
291 struct fscrypt_name nm;
292 int err, sz_change;
293
294 /*
295 * Budget request settings: new inode, new direntry, changing the
296 * parent directory inode.
297 */
298
299 dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
300 dentry, mode, dir->i_ino);
301
302 err = ubifs_budget_space(c, &req);
303 if (err)
304 return err;
305
306 err = ubifs_prepare_create(dir, dentry, &nm);
307 if (err)
308 goto out_budg;
309
310 sz_change = CALC_DENT_SIZE(fname_len(&nm));
311
312 inode = ubifs_new_inode(c, dir, mode);
313 if (IS_ERR(inode)) {
314 err = PTR_ERR(inode);
315 goto out_fname;
316 }
317
318 err = ubifs_init_security(dir, inode, &dentry->d_name);
319 if (err)
320 goto out_inode;
321
322 mutex_lock(&dir_ui->ui_mutex);
323 dir->i_size += sz_change;
324 dir_ui->ui_size = dir->i_size;
325 dir->i_mtime = dir->i_ctime = inode->i_ctime;
326 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
327 if (err)
328 goto out_cancel;
329 mutex_unlock(&dir_ui->ui_mutex);
330
331 ubifs_release_budget(c, &req);
332 fscrypt_free_filename(&nm);
333 insert_inode_hash(inode);
334 d_instantiate(dentry, inode);
335 return 0;
336
337 out_cancel:
338 dir->i_size -= sz_change;
339 dir_ui->ui_size = dir->i_size;
340 mutex_unlock(&dir_ui->ui_mutex);
341 out_inode:
342 make_bad_inode(inode);
343 iput(inode);
344 out_fname:
345 fscrypt_free_filename(&nm);
346 out_budg:
347 ubifs_release_budget(c, &req);
348 ubifs_err(c, "cannot create regular file, error %d", err);
349 return err;
350 }
351
do_tmpfile(struct inode * dir,struct dentry * dentry,umode_t mode,struct inode ** whiteout)352 static int do_tmpfile(struct inode *dir, struct dentry *dentry,
353 umode_t mode, struct inode **whiteout)
354 {
355 struct inode *inode;
356 struct ubifs_info *c = dir->i_sb->s_fs_info;
357 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
358 .dirtied_ino = 1};
359 struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
360 struct ubifs_inode *ui, *dir_ui = ubifs_inode(dir);
361 int err, instantiated = 0;
362 struct fscrypt_name nm;
363
364 /*
365 * Budget request settings: new inode, new direntry, changing the
366 * parent directory inode.
367 * Allocate budget separately for new dirtied inode, the budget will
368 * be released via writeback.
369 */
370
371 dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
372 dentry, mode, dir->i_ino);
373
374 err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
375 if (err)
376 return err;
377
378 err = ubifs_budget_space(c, &req);
379 if (err) {
380 fscrypt_free_filename(&nm);
381 return err;
382 }
383
384 err = ubifs_budget_space(c, &ino_req);
385 if (err) {
386 ubifs_release_budget(c, &req);
387 fscrypt_free_filename(&nm);
388 return err;
389 }
390
391 inode = ubifs_new_inode(c, dir, mode);
392 if (IS_ERR(inode)) {
393 err = PTR_ERR(inode);
394 goto out_budg;
395 }
396 ui = ubifs_inode(inode);
397
398 if (whiteout) {
399 init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
400 ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations);
401 }
402
403 err = ubifs_init_security(dir, inode, &dentry->d_name);
404 if (err)
405 goto out_inode;
406
407 mutex_lock(&ui->ui_mutex);
408 insert_inode_hash(inode);
409
410 if (whiteout) {
411 mark_inode_dirty(inode);
412 drop_nlink(inode);
413 *whiteout = inode;
414 } else {
415 d_tmpfile(dentry, inode);
416 }
417 ubifs_assert(c, ui->dirty);
418
419 instantiated = 1;
420 mutex_unlock(&ui->ui_mutex);
421
422 mutex_lock(&dir_ui->ui_mutex);
423 err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
424 if (err)
425 goto out_cancel;
426 mutex_unlock(&dir_ui->ui_mutex);
427
428 ubifs_release_budget(c, &req);
429
430 return 0;
431
432 out_cancel:
433 mutex_unlock(&dir_ui->ui_mutex);
434 out_inode:
435 make_bad_inode(inode);
436 if (!instantiated)
437 iput(inode);
438 else if (whiteout)
439 iput(*whiteout);
440 out_budg:
441 ubifs_release_budget(c, &req);
442 if (!instantiated)
443 ubifs_release_budget(c, &ino_req);
444 fscrypt_free_filename(&nm);
445 ubifs_err(c, "cannot create temporary file, error %d", err);
446 return err;
447 }
448
ubifs_tmpfile(struct inode * dir,struct dentry * dentry,umode_t mode)449 static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry,
450 umode_t mode)
451 {
452 return do_tmpfile(dir, dentry, mode, NULL);
453 }
454
455 /**
456 * vfs_dent_type - get VFS directory entry type.
457 * @type: UBIFS directory entry type
458 *
459 * This function converts UBIFS directory entry type into VFS directory entry
460 * type.
461 */
vfs_dent_type(uint8_t type)462 static unsigned int vfs_dent_type(uint8_t type)
463 {
464 switch (type) {
465 case UBIFS_ITYPE_REG:
466 return DT_REG;
467 case UBIFS_ITYPE_DIR:
468 return DT_DIR;
469 case UBIFS_ITYPE_LNK:
470 return DT_LNK;
471 case UBIFS_ITYPE_BLK:
472 return DT_BLK;
473 case UBIFS_ITYPE_CHR:
474 return DT_CHR;
475 case UBIFS_ITYPE_FIFO:
476 return DT_FIFO;
477 case UBIFS_ITYPE_SOCK:
478 return DT_SOCK;
479 default:
480 BUG();
481 }
482 return 0;
483 }
484
485 /*
486 * The classical Unix view for directory is that it is a linear array of
487 * (name, inode number) entries. Linux/VFS assumes this model as well.
488 * Particularly, 'readdir()' call wants us to return a directory entry offset
489 * which later may be used to continue 'readdir()'ing the directory or to
490 * 'seek()' to that specific direntry. Obviously UBIFS does not really fit this
491 * model because directory entries are identified by keys, which may collide.
492 *
493 * UBIFS uses directory entry hash value for directory offsets, so
494 * 'seekdir()'/'telldir()' may not always work because of possible key
495 * collisions. But UBIFS guarantees that consecutive 'readdir()' calls work
496 * properly by means of saving full directory entry name in the private field
497 * of the file description object.
498 *
499 * This means that UBIFS cannot support NFS which requires full
500 * 'seekdir()'/'telldir()' support.
501 */
ubifs_readdir(struct file * file,struct dir_context * ctx)502 static int ubifs_readdir(struct file *file, struct dir_context *ctx)
503 {
504 int fstr_real_len = 0, err = 0;
505 struct fscrypt_name nm;
506 struct fscrypt_str fstr = {0};
507 union ubifs_key key;
508 struct ubifs_dent_node *dent;
509 struct inode *dir = file_inode(file);
510 struct ubifs_info *c = dir->i_sb->s_fs_info;
511 bool encrypted = IS_ENCRYPTED(dir);
512
513 dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos);
514
515 if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2)
516 /*
517 * The directory was seek'ed to a senseless position or there
518 * are no more entries.
519 */
520 return 0;
521
522 if (encrypted) {
523 err = fscrypt_prepare_readdir(dir);
524 if (err)
525 return err;
526
527 err = fscrypt_fname_alloc_buffer(UBIFS_MAX_NLEN, &fstr);
528 if (err)
529 return err;
530
531 fstr_real_len = fstr.len;
532 }
533
534 if (file->f_version == 0) {
535 /*
536 * The file was seek'ed, which means that @file->private_data
537 * is now invalid. This may also be just the first
538 * 'ubifs_readdir()' invocation, in which case
539 * @file->private_data is NULL, and the below code is
540 * basically a no-op.
541 */
542 kfree(file->private_data);
543 file->private_data = NULL;
544 }
545
546 /*
547 * 'generic_file_llseek()' unconditionally sets @file->f_version to
548 * zero, and we use this for detecting whether the file was seek'ed.
549 */
550 file->f_version = 1;
551
552 /* File positions 0 and 1 correspond to "." and ".." */
553 if (ctx->pos < 2) {
554 ubifs_assert(c, !file->private_data);
555 if (!dir_emit_dots(file, ctx)) {
556 if (encrypted)
557 fscrypt_fname_free_buffer(&fstr);
558 return 0;
559 }
560
561 /* Find the first entry in TNC and save it */
562 lowest_dent_key(c, &key, dir->i_ino);
563 fname_len(&nm) = 0;
564 dent = ubifs_tnc_next_ent(c, &key, &nm);
565 if (IS_ERR(dent)) {
566 err = PTR_ERR(dent);
567 goto out;
568 }
569
570 ctx->pos = key_hash_flash(c, &dent->key);
571 file->private_data = dent;
572 }
573
574 dent = file->private_data;
575 if (!dent) {
576 /*
577 * The directory was seek'ed to and is now readdir'ed.
578 * Find the entry corresponding to @ctx->pos or the closest one.
579 */
580 dent_key_init_hash(c, &key, dir->i_ino, ctx->pos);
581 fname_len(&nm) = 0;
582 dent = ubifs_tnc_next_ent(c, &key, &nm);
583 if (IS_ERR(dent)) {
584 err = PTR_ERR(dent);
585 goto out;
586 }
587 ctx->pos = key_hash_flash(c, &dent->key);
588 file->private_data = dent;
589 }
590
591 while (1) {
592 dbg_gen("ino %llu, new f_pos %#x",
593 (unsigned long long)le64_to_cpu(dent->inum),
594 key_hash_flash(c, &dent->key));
595 ubifs_assert(c, le64_to_cpu(dent->ch.sqnum) >
596 ubifs_inode(dir)->creat_sqnum);
597
598 fname_len(&nm) = le16_to_cpu(dent->nlen);
599 fname_name(&nm) = dent->name;
600
601 if (encrypted) {
602 fstr.len = fstr_real_len;
603
604 err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c,
605 &dent->key),
606 le32_to_cpu(dent->cookie),
607 &nm.disk_name, &fstr);
608 if (err)
609 goto out;
610 } else {
611 fstr.len = fname_len(&nm);
612 fstr.name = fname_name(&nm);
613 }
614
615 if (!dir_emit(ctx, fstr.name, fstr.len,
616 le64_to_cpu(dent->inum),
617 vfs_dent_type(dent->type))) {
618 if (encrypted)
619 fscrypt_fname_free_buffer(&fstr);
620 return 0;
621 }
622
623 /* Switch to the next entry */
624 key_read(c, &dent->key, &key);
625 dent = ubifs_tnc_next_ent(c, &key, &nm);
626 if (IS_ERR(dent)) {
627 err = PTR_ERR(dent);
628 goto out;
629 }
630
631 kfree(file->private_data);
632 ctx->pos = key_hash_flash(c, &dent->key);
633 file->private_data = dent;
634 cond_resched();
635 }
636
637 out:
638 kfree(file->private_data);
639 file->private_data = NULL;
640
641 if (encrypted)
642 fscrypt_fname_free_buffer(&fstr);
643
644 if (err != -ENOENT)
645 ubifs_err(c, "cannot find next direntry, error %d", err);
646 else
647 /*
648 * -ENOENT is a non-fatal error in this context, the TNC uses
649 * it to indicate that the cursor moved past the current directory
650 * and readdir() has to stop.
651 */
652 err = 0;
653
654
655 /* 2 is a special value indicating that there are no more direntries */
656 ctx->pos = 2;
657 return err;
658 }
659
660 /* Free saved readdir() state when the directory is closed */
ubifs_dir_release(struct inode * dir,struct file * file)661 static int ubifs_dir_release(struct inode *dir, struct file *file)
662 {
663 kfree(file->private_data);
664 file->private_data = NULL;
665 return 0;
666 }
667
668 /**
669 * lock_2_inodes - a wrapper for locking two UBIFS inodes.
670 * @inode1: first inode
671 * @inode2: second inode
672 *
673 * We do not implement any tricks to guarantee strict lock ordering, because
674 * VFS has already done it for us on the @i_mutex. So this is just a simple
675 * wrapper function.
676 */
lock_2_inodes(struct inode * inode1,struct inode * inode2)677 static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
678 {
679 mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
680 mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
681 }
682
683 /**
684 * unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
685 * @inode1: first inode
686 * @inode2: second inode
687 */
unlock_2_inodes(struct inode * inode1,struct inode * inode2)688 static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
689 {
690 mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
691 mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
692 }
693
ubifs_link(struct dentry * old_dentry,struct inode * dir,struct dentry * dentry)694 static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
695 struct dentry *dentry)
696 {
697 struct ubifs_info *c = dir->i_sb->s_fs_info;
698 struct inode *inode = d_inode(old_dentry);
699 struct ubifs_inode *ui = ubifs_inode(inode);
700 struct ubifs_inode *dir_ui = ubifs_inode(dir);
701 int err, sz_change = CALC_DENT_SIZE(dentry->d_name.len);
702 struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2,
703 .dirtied_ino_d = ALIGN(ui->data_len, 8) };
704 struct fscrypt_name nm;
705
706 /*
707 * Budget request settings: new direntry, changing the target inode,
708 * changing the parent inode.
709 */
710
711 dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu",
712 dentry, inode->i_ino,
713 inode->i_nlink, dir->i_ino);
714 ubifs_assert(c, inode_is_locked(dir));
715 ubifs_assert(c, inode_is_locked(inode));
716
717 err = fscrypt_prepare_link(old_dentry, dir, dentry);
718 if (err)
719 return err;
720
721 err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
722 if (err)
723 return err;
724
725 err = dbg_check_synced_i_size(c, inode);
726 if (err)
727 goto out_fname;
728
729 err = ubifs_budget_space(c, &req);
730 if (err)
731 goto out_fname;
732
733 lock_2_inodes(dir, inode);
734
735 /* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
736 if (inode->i_nlink == 0)
737 ubifs_delete_orphan(c, inode->i_ino);
738
739 inc_nlink(inode);
740 ihold(inode);
741 inode->i_ctime = current_time(inode);
742 dir->i_size += sz_change;
743 dir_ui->ui_size = dir->i_size;
744 dir->i_mtime = dir->i_ctime = inode->i_ctime;
745 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
746 if (err)
747 goto out_cancel;
748 unlock_2_inodes(dir, inode);
749
750 ubifs_release_budget(c, &req);
751 d_instantiate(dentry, inode);
752 fscrypt_free_filename(&nm);
753 return 0;
754
755 out_cancel:
756 dir->i_size -= sz_change;
757 dir_ui->ui_size = dir->i_size;
758 drop_nlink(inode);
759 if (inode->i_nlink == 0)
760 ubifs_add_orphan(c, inode->i_ino);
761 unlock_2_inodes(dir, inode);
762 ubifs_release_budget(c, &req);
763 iput(inode);
764 out_fname:
765 fscrypt_free_filename(&nm);
766 return err;
767 }
768
ubifs_unlink(struct inode * dir,struct dentry * dentry)769 static int ubifs_unlink(struct inode *dir, struct dentry *dentry)
770 {
771 struct ubifs_info *c = dir->i_sb->s_fs_info;
772 struct inode *inode = d_inode(dentry);
773 struct ubifs_inode *dir_ui = ubifs_inode(dir);
774 int err, sz_change, budgeted = 1;
775 struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
776 unsigned int saved_nlink = inode->i_nlink;
777 struct fscrypt_name nm;
778
779 /*
780 * Budget request settings: deletion direntry, deletion inode (+1 for
781 * @dirtied_ino), changing the parent directory inode. If budgeting
782 * fails, go ahead anyway because we have extra space reserved for
783 * deletions.
784 */
785
786 dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu",
787 dentry, inode->i_ino,
788 inode->i_nlink, dir->i_ino);
789
790 err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
791 if (err)
792 return err;
793
794 err = ubifs_purge_xattrs(inode);
795 if (err)
796 return err;
797
798 sz_change = CALC_DENT_SIZE(fname_len(&nm));
799
800 ubifs_assert(c, inode_is_locked(dir));
801 ubifs_assert(c, inode_is_locked(inode));
802 err = dbg_check_synced_i_size(c, inode);
803 if (err)
804 goto out_fname;
805
806 err = ubifs_budget_space(c, &req);
807 if (err) {
808 if (err != -ENOSPC)
809 goto out_fname;
810 budgeted = 0;
811 }
812
813 lock_2_inodes(dir, inode);
814 inode->i_ctime = current_time(dir);
815 drop_nlink(inode);
816 dir->i_size -= sz_change;
817 dir_ui->ui_size = dir->i_size;
818 dir->i_mtime = dir->i_ctime = inode->i_ctime;
819 err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
820 if (err)
821 goto out_cancel;
822 unlock_2_inodes(dir, inode);
823
824 if (budgeted)
825 ubifs_release_budget(c, &req);
826 else {
827 /* We've deleted something - clean the "no space" flags */
828 c->bi.nospace = c->bi.nospace_rp = 0;
829 smp_wmb();
830 }
831 fscrypt_free_filename(&nm);
832 return 0;
833
834 out_cancel:
835 dir->i_size += sz_change;
836 dir_ui->ui_size = dir->i_size;
837 set_nlink(inode, saved_nlink);
838 unlock_2_inodes(dir, inode);
839 if (budgeted)
840 ubifs_release_budget(c, &req);
841 out_fname:
842 fscrypt_free_filename(&nm);
843 return err;
844 }
845
846 /**
847 * check_dir_empty - check if a directory is empty or not.
848 * @dir: VFS inode object of the directory to check
849 *
850 * This function checks if directory @dir is empty. Returns zero if the
851 * directory is empty, %-ENOTEMPTY if it is not, and other negative error codes
852 * in case of of errors.
853 */
ubifs_check_dir_empty(struct inode * dir)854 int ubifs_check_dir_empty(struct inode *dir)
855 {
856 struct ubifs_info *c = dir->i_sb->s_fs_info;
857 struct fscrypt_name nm = { 0 };
858 struct ubifs_dent_node *dent;
859 union ubifs_key key;
860 int err;
861
862 lowest_dent_key(c, &key, dir->i_ino);
863 dent = ubifs_tnc_next_ent(c, &key, &nm);
864 if (IS_ERR(dent)) {
865 err = PTR_ERR(dent);
866 if (err == -ENOENT)
867 err = 0;
868 } else {
869 kfree(dent);
870 err = -ENOTEMPTY;
871 }
872 return err;
873 }
874
ubifs_rmdir(struct inode * dir,struct dentry * dentry)875 static int ubifs_rmdir(struct inode *dir, struct dentry *dentry)
876 {
877 struct ubifs_info *c = dir->i_sb->s_fs_info;
878 struct inode *inode = d_inode(dentry);
879 int err, sz_change, budgeted = 1;
880 struct ubifs_inode *dir_ui = ubifs_inode(dir);
881 struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
882 struct fscrypt_name nm;
883
884 /*
885 * Budget request settings: deletion direntry, deletion inode and
886 * changing the parent inode. If budgeting fails, go ahead anyway
887 * because we have extra space reserved for deletions.
888 */
889
890 dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry,
891 inode->i_ino, dir->i_ino);
892 ubifs_assert(c, inode_is_locked(dir));
893 ubifs_assert(c, inode_is_locked(inode));
894 err = ubifs_check_dir_empty(d_inode(dentry));
895 if (err)
896 return err;
897
898 err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
899 if (err)
900 return err;
901
902 err = ubifs_purge_xattrs(inode);
903 if (err)
904 return err;
905
906 sz_change = CALC_DENT_SIZE(fname_len(&nm));
907
908 err = ubifs_budget_space(c, &req);
909 if (err) {
910 if (err != -ENOSPC)
911 goto out_fname;
912 budgeted = 0;
913 }
914
915 lock_2_inodes(dir, inode);
916 inode->i_ctime = current_time(dir);
917 clear_nlink(inode);
918 drop_nlink(dir);
919 dir->i_size -= sz_change;
920 dir_ui->ui_size = dir->i_size;
921 dir->i_mtime = dir->i_ctime = inode->i_ctime;
922 err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
923 if (err)
924 goto out_cancel;
925 unlock_2_inodes(dir, inode);
926
927 if (budgeted)
928 ubifs_release_budget(c, &req);
929 else {
930 /* We've deleted something - clean the "no space" flags */
931 c->bi.nospace = c->bi.nospace_rp = 0;
932 smp_wmb();
933 }
934 fscrypt_free_filename(&nm);
935 return 0;
936
937 out_cancel:
938 dir->i_size += sz_change;
939 dir_ui->ui_size = dir->i_size;
940 inc_nlink(dir);
941 set_nlink(inode, 2);
942 unlock_2_inodes(dir, inode);
943 if (budgeted)
944 ubifs_release_budget(c, &req);
945 out_fname:
946 fscrypt_free_filename(&nm);
947 return err;
948 }
949
ubifs_mkdir(struct inode * dir,struct dentry * dentry,umode_t mode)950 static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
951 {
952 struct inode *inode;
953 struct ubifs_inode *dir_ui = ubifs_inode(dir);
954 struct ubifs_info *c = dir->i_sb->s_fs_info;
955 int err, sz_change;
956 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
957 .dirtied_ino = 1};
958 struct fscrypt_name nm;
959
960 /*
961 * Budget request settings: new inode, new direntry and changing parent
962 * directory inode.
963 */
964
965 dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
966 dentry, mode, dir->i_ino);
967
968 err = ubifs_budget_space(c, &req);
969 if (err)
970 return err;
971
972 err = ubifs_prepare_create(dir, dentry, &nm);
973 if (err)
974 goto out_budg;
975
976 sz_change = CALC_DENT_SIZE(fname_len(&nm));
977
978 inode = ubifs_new_inode(c, dir, S_IFDIR | mode);
979 if (IS_ERR(inode)) {
980 err = PTR_ERR(inode);
981 goto out_fname;
982 }
983
984 err = ubifs_init_security(dir, inode, &dentry->d_name);
985 if (err)
986 goto out_inode;
987
988 mutex_lock(&dir_ui->ui_mutex);
989 insert_inode_hash(inode);
990 inc_nlink(inode);
991 inc_nlink(dir);
992 dir->i_size += sz_change;
993 dir_ui->ui_size = dir->i_size;
994 dir->i_mtime = dir->i_ctime = inode->i_ctime;
995 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
996 if (err) {
997 ubifs_err(c, "cannot create directory, error %d", err);
998 goto out_cancel;
999 }
1000 mutex_unlock(&dir_ui->ui_mutex);
1001
1002 ubifs_release_budget(c, &req);
1003 d_instantiate(dentry, inode);
1004 fscrypt_free_filename(&nm);
1005 return 0;
1006
1007 out_cancel:
1008 dir->i_size -= sz_change;
1009 dir_ui->ui_size = dir->i_size;
1010 drop_nlink(dir);
1011 mutex_unlock(&dir_ui->ui_mutex);
1012 out_inode:
1013 make_bad_inode(inode);
1014 iput(inode);
1015 out_fname:
1016 fscrypt_free_filename(&nm);
1017 out_budg:
1018 ubifs_release_budget(c, &req);
1019 return err;
1020 }
1021
ubifs_mknod(struct inode * dir,struct dentry * dentry,umode_t mode,dev_t rdev)1022 static int ubifs_mknod(struct inode *dir, struct dentry *dentry,
1023 umode_t mode, dev_t rdev)
1024 {
1025 struct inode *inode;
1026 struct ubifs_inode *ui;
1027 struct ubifs_inode *dir_ui = ubifs_inode(dir);
1028 struct ubifs_info *c = dir->i_sb->s_fs_info;
1029 union ubifs_dev_desc *dev = NULL;
1030 int sz_change;
1031 int err, devlen = 0;
1032 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1033 .dirtied_ino = 1 };
1034 struct fscrypt_name nm;
1035
1036 /*
1037 * Budget request settings: new inode, new direntry and changing parent
1038 * directory inode.
1039 */
1040
1041 dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino);
1042
1043 if (S_ISBLK(mode) || S_ISCHR(mode)) {
1044 dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1045 if (!dev)
1046 return -ENOMEM;
1047 devlen = ubifs_encode_dev(dev, rdev);
1048 }
1049
1050 req.new_ino_d = ALIGN(devlen, 8);
1051 err = ubifs_budget_space(c, &req);
1052 if (err) {
1053 kfree(dev);
1054 return err;
1055 }
1056
1057 err = ubifs_prepare_create(dir, dentry, &nm);
1058 if (err) {
1059 kfree(dev);
1060 goto out_budg;
1061 }
1062
1063 sz_change = CALC_DENT_SIZE(fname_len(&nm));
1064
1065 inode = ubifs_new_inode(c, dir, mode);
1066 if (IS_ERR(inode)) {
1067 kfree(dev);
1068 err = PTR_ERR(inode);
1069 goto out_fname;
1070 }
1071
1072 init_special_inode(inode, inode->i_mode, rdev);
1073 inode->i_size = ubifs_inode(inode)->ui_size = devlen;
1074 ui = ubifs_inode(inode);
1075 ui->data = dev;
1076 ui->data_len = devlen;
1077
1078 err = ubifs_init_security(dir, inode, &dentry->d_name);
1079 if (err)
1080 goto out_inode;
1081
1082 mutex_lock(&dir_ui->ui_mutex);
1083 dir->i_size += sz_change;
1084 dir_ui->ui_size = dir->i_size;
1085 dir->i_mtime = dir->i_ctime = inode->i_ctime;
1086 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1087 if (err)
1088 goto out_cancel;
1089 mutex_unlock(&dir_ui->ui_mutex);
1090
1091 ubifs_release_budget(c, &req);
1092 insert_inode_hash(inode);
1093 d_instantiate(dentry, inode);
1094 fscrypt_free_filename(&nm);
1095 return 0;
1096
1097 out_cancel:
1098 dir->i_size -= sz_change;
1099 dir_ui->ui_size = dir->i_size;
1100 mutex_unlock(&dir_ui->ui_mutex);
1101 out_inode:
1102 make_bad_inode(inode);
1103 iput(inode);
1104 out_fname:
1105 fscrypt_free_filename(&nm);
1106 out_budg:
1107 ubifs_release_budget(c, &req);
1108 return err;
1109 }
1110
ubifs_symlink(struct inode * dir,struct dentry * dentry,const char * symname)1111 static int ubifs_symlink(struct inode *dir, struct dentry *dentry,
1112 const char *symname)
1113 {
1114 struct inode *inode;
1115 struct ubifs_inode *ui;
1116 struct ubifs_inode *dir_ui = ubifs_inode(dir);
1117 struct ubifs_info *c = dir->i_sb->s_fs_info;
1118 int err, sz_change, len = strlen(symname);
1119 struct fscrypt_str disk_link;
1120 struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1121 .new_ino_d = ALIGN(len, 8),
1122 .dirtied_ino = 1 };
1123 struct fscrypt_name nm;
1124
1125 dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry,
1126 symname, dir->i_ino);
1127
1128 err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA,
1129 &disk_link);
1130 if (err)
1131 return err;
1132
1133 /*
1134 * Budget request settings: new inode, new direntry and changing parent
1135 * directory inode.
1136 */
1137 err = ubifs_budget_space(c, &req);
1138 if (err)
1139 return err;
1140
1141 err = ubifs_prepare_create(dir, dentry, &nm);
1142 if (err)
1143 goto out_budg;
1144
1145 sz_change = CALC_DENT_SIZE(fname_len(&nm));
1146
1147 inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO);
1148 if (IS_ERR(inode)) {
1149 err = PTR_ERR(inode);
1150 goto out_fname;
1151 }
1152
1153 ui = ubifs_inode(inode);
1154 ui->data = kmalloc(disk_link.len, GFP_NOFS);
1155 if (!ui->data) {
1156 err = -ENOMEM;
1157 goto out_inode;
1158 }
1159
1160 if (IS_ENCRYPTED(inode)) {
1161 disk_link.name = ui->data; /* encrypt directly into ui->data */
1162 err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link);
1163 if (err)
1164 goto out_inode;
1165 } else {
1166 memcpy(ui->data, disk_link.name, disk_link.len);
1167 inode->i_link = ui->data;
1168 }
1169
1170 /*
1171 * The terminating zero byte is not written to the flash media and it
1172 * is put just to make later in-memory string processing simpler. Thus,
1173 * data length is @disk_link.len - 1, not @disk_link.len.
1174 */
1175 ui->data_len = disk_link.len - 1;
1176 inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
1177
1178 err = ubifs_init_security(dir, inode, &dentry->d_name);
1179 if (err)
1180 goto out_inode;
1181
1182 mutex_lock(&dir_ui->ui_mutex);
1183 dir->i_size += sz_change;
1184 dir_ui->ui_size = dir->i_size;
1185 dir->i_mtime = dir->i_ctime = inode->i_ctime;
1186 err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1187 if (err)
1188 goto out_cancel;
1189 mutex_unlock(&dir_ui->ui_mutex);
1190
1191 insert_inode_hash(inode);
1192 d_instantiate(dentry, inode);
1193 err = 0;
1194 goto out_fname;
1195
1196 out_cancel:
1197 dir->i_size -= sz_change;
1198 dir_ui->ui_size = dir->i_size;
1199 mutex_unlock(&dir_ui->ui_mutex);
1200 out_inode:
1201 make_bad_inode(inode);
1202 iput(inode);
1203 out_fname:
1204 fscrypt_free_filename(&nm);
1205 out_budg:
1206 ubifs_release_budget(c, &req);
1207 return err;
1208 }
1209
1210 /**
1211 * lock_4_inodes - a wrapper for locking three UBIFS inodes.
1212 * @inode1: first inode
1213 * @inode2: second inode
1214 * @inode3: third inode
1215 * @inode4: fouth inode
1216 *
1217 * This function is used for 'ubifs_rename()' and @inode1 may be the same as
1218 * @inode2 whereas @inode3 and @inode4 may be %NULL.
1219 *
1220 * We do not implement any tricks to guarantee strict lock ordering, because
1221 * VFS has already done it for us on the @i_mutex. So this is just a simple
1222 * wrapper function.
1223 */
lock_4_inodes(struct inode * inode1,struct inode * inode2,struct inode * inode3,struct inode * inode4)1224 static void lock_4_inodes(struct inode *inode1, struct inode *inode2,
1225 struct inode *inode3, struct inode *inode4)
1226 {
1227 mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
1228 if (inode2 != inode1)
1229 mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
1230 if (inode3)
1231 mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3);
1232 if (inode4)
1233 mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4);
1234 }
1235
1236 /**
1237 * unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename.
1238 * @inode1: first inode
1239 * @inode2: second inode
1240 * @inode3: third inode
1241 * @inode4: fouth inode
1242 */
unlock_4_inodes(struct inode * inode1,struct inode * inode2,struct inode * inode3,struct inode * inode4)1243 static void unlock_4_inodes(struct inode *inode1, struct inode *inode2,
1244 struct inode *inode3, struct inode *inode4)
1245 {
1246 if (inode4)
1247 mutex_unlock(&ubifs_inode(inode4)->ui_mutex);
1248 if (inode3)
1249 mutex_unlock(&ubifs_inode(inode3)->ui_mutex);
1250 if (inode1 != inode2)
1251 mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
1252 mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
1253 }
1254
do_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)1255 static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
1256 struct inode *new_dir, struct dentry *new_dentry,
1257 unsigned int flags)
1258 {
1259 struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1260 struct inode *old_inode = d_inode(old_dentry);
1261 struct inode *new_inode = d_inode(new_dentry);
1262 struct inode *whiteout = NULL;
1263 struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode);
1264 struct ubifs_inode *whiteout_ui = NULL;
1265 int err, release, sync = 0, move = (new_dir != old_dir);
1266 int is_dir = S_ISDIR(old_inode->i_mode);
1267 int unlink = !!new_inode, new_sz, old_sz;
1268 struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1269 .dirtied_ino = 3 };
1270 struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
1271 .dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
1272 struct timespec64 time;
1273 unsigned int saved_nlink;
1274 struct fscrypt_name old_nm, new_nm;
1275
1276 /*
1277 * Budget request settings: deletion direntry, new direntry, removing
1278 * the old inode, and changing old and new parent directory inodes.
1279 *
1280 * However, this operation also marks the target inode as dirty and
1281 * does not write it, so we allocate budget for the target inode
1282 * separately.
1283 */
1284
1285 dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
1286 old_dentry, old_inode->i_ino, old_dir->i_ino,
1287 new_dentry, new_dir->i_ino, flags);
1288
1289 if (unlink) {
1290 ubifs_assert(c, inode_is_locked(new_inode));
1291
1292 err = ubifs_purge_xattrs(new_inode);
1293 if (err)
1294 return err;
1295 }
1296
1297 if (unlink && is_dir) {
1298 err = ubifs_check_dir_empty(new_inode);
1299 if (err)
1300 return err;
1301 }
1302
1303 err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm);
1304 if (err)
1305 return err;
1306
1307 err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm);
1308 if (err) {
1309 fscrypt_free_filename(&old_nm);
1310 return err;
1311 }
1312
1313 new_sz = CALC_DENT_SIZE(fname_len(&new_nm));
1314 old_sz = CALC_DENT_SIZE(fname_len(&old_nm));
1315
1316 err = ubifs_budget_space(c, &req);
1317 if (err) {
1318 fscrypt_free_filename(&old_nm);
1319 fscrypt_free_filename(&new_nm);
1320 return err;
1321 }
1322 err = ubifs_budget_space(c, &ino_req);
1323 if (err) {
1324 fscrypt_free_filename(&old_nm);
1325 fscrypt_free_filename(&new_nm);
1326 ubifs_release_budget(c, &req);
1327 return err;
1328 }
1329
1330 if (flags & RENAME_WHITEOUT) {
1331 union ubifs_dev_desc *dev = NULL;
1332 struct ubifs_budget_req wht_req;
1333
1334 dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1335 if (!dev) {
1336 err = -ENOMEM;
1337 goto out_release;
1338 }
1339
1340 err = do_tmpfile(old_dir, old_dentry, S_IFCHR | WHITEOUT_MODE, &whiteout);
1341 if (err) {
1342 kfree(dev);
1343 goto out_release;
1344 }
1345
1346 spin_lock(&whiteout->i_lock);
1347 whiteout->i_state |= I_LINKABLE;
1348 spin_unlock(&whiteout->i_lock);
1349
1350 whiteout_ui = ubifs_inode(whiteout);
1351 whiteout_ui->data = dev;
1352 whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
1353 ubifs_assert(c, !whiteout_ui->dirty);
1354
1355 memset(&wht_req, 0, sizeof(struct ubifs_budget_req));
1356 wht_req.dirtied_ino = 1;
1357 wht_req.dirtied_ino_d = ALIGN(whiteout_ui->data_len, 8);
1358 /*
1359 * To avoid deadlock between space budget (holds ui_mutex and
1360 * waits wb work) and writeback work(waits ui_mutex), do space
1361 * budget before ubifs inodes locked.
1362 */
1363 err = ubifs_budget_space(c, &wht_req);
1364 if (err) {
1365 iput(whiteout);
1366 goto out_release;
1367 }
1368
1369 /* Add the old_dentry size to the old_dir size. */
1370 old_sz -= CALC_DENT_SIZE(fname_len(&old_nm));
1371 }
1372
1373 lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1374
1375 /*
1376 * Like most other Unix systems, set the @i_ctime for inodes on a
1377 * rename.
1378 */
1379 time = current_time(old_dir);
1380 old_inode->i_ctime = time;
1381
1382 /* We must adjust parent link count when renaming directories */
1383 if (is_dir) {
1384 if (move) {
1385 /*
1386 * @old_dir loses a link because we are moving
1387 * @old_inode to a different directory.
1388 */
1389 drop_nlink(old_dir);
1390 /*
1391 * @new_dir only gains a link if we are not also
1392 * overwriting an existing directory.
1393 */
1394 if (!unlink)
1395 inc_nlink(new_dir);
1396 } else {
1397 /*
1398 * @old_inode is not moving to a different directory,
1399 * but @old_dir still loses a link if we are
1400 * overwriting an existing directory.
1401 */
1402 if (unlink)
1403 drop_nlink(old_dir);
1404 }
1405 }
1406
1407 old_dir->i_size -= old_sz;
1408 ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1409 old_dir->i_mtime = old_dir->i_ctime = time;
1410 new_dir->i_mtime = new_dir->i_ctime = time;
1411
1412 /*
1413 * And finally, if we unlinked a direntry which happened to have the
1414 * same name as the moved direntry, we have to decrement @i_nlink of
1415 * the unlinked inode and change its ctime.
1416 */
1417 if (unlink) {
1418 /*
1419 * Directories cannot have hard-links, so if this is a
1420 * directory, just clear @i_nlink.
1421 */
1422 saved_nlink = new_inode->i_nlink;
1423 if (is_dir)
1424 clear_nlink(new_inode);
1425 else
1426 drop_nlink(new_inode);
1427 new_inode->i_ctime = time;
1428 } else {
1429 new_dir->i_size += new_sz;
1430 ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1431 }
1432
1433 /*
1434 * Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode
1435 * is dirty, because this will be done later on at the end of
1436 * 'ubifs_rename()'.
1437 */
1438 if (IS_SYNC(old_inode)) {
1439 sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1440 if (unlink && IS_SYNC(new_inode))
1441 sync = 1;
1442 }
1443
1444 if (whiteout) {
1445 inc_nlink(whiteout);
1446 mark_inode_dirty(whiteout);
1447
1448 spin_lock(&whiteout->i_lock);
1449 whiteout->i_state &= ~I_LINKABLE;
1450 spin_unlock(&whiteout->i_lock);
1451
1452 iput(whiteout);
1453 }
1454
1455 err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
1456 new_inode, &new_nm, whiteout, sync);
1457 if (err)
1458 goto out_cancel;
1459
1460 unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1461 ubifs_release_budget(c, &req);
1462
1463 mutex_lock(&old_inode_ui->ui_mutex);
1464 release = old_inode_ui->dirty;
1465 mark_inode_dirty_sync(old_inode);
1466 mutex_unlock(&old_inode_ui->ui_mutex);
1467
1468 if (release)
1469 ubifs_release_budget(c, &ino_req);
1470 if (IS_SYNC(old_inode))
1471 err = old_inode->i_sb->s_op->write_inode(old_inode, NULL);
1472
1473 fscrypt_free_filename(&old_nm);
1474 fscrypt_free_filename(&new_nm);
1475 return err;
1476
1477 out_cancel:
1478 if (unlink) {
1479 set_nlink(new_inode, saved_nlink);
1480 } else {
1481 new_dir->i_size -= new_sz;
1482 ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1483 }
1484 old_dir->i_size += old_sz;
1485 ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1486 if (is_dir) {
1487 if (move) {
1488 inc_nlink(old_dir);
1489 if (!unlink)
1490 drop_nlink(new_dir);
1491 } else {
1492 if (unlink)
1493 inc_nlink(old_dir);
1494 }
1495 }
1496 if (whiteout) {
1497 drop_nlink(whiteout);
1498 iput(whiteout);
1499 }
1500 unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1501 out_release:
1502 ubifs_release_budget(c, &ino_req);
1503 ubifs_release_budget(c, &req);
1504 fscrypt_free_filename(&old_nm);
1505 fscrypt_free_filename(&new_nm);
1506 return err;
1507 }
1508
ubifs_xrename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry)1509 static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry,
1510 struct inode *new_dir, struct dentry *new_dentry)
1511 {
1512 struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1513 struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1514 .dirtied_ino = 2 };
1515 int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1516 struct inode *fst_inode = d_inode(old_dentry);
1517 struct inode *snd_inode = d_inode(new_dentry);
1518 struct timespec64 time;
1519 int err;
1520 struct fscrypt_name fst_nm, snd_nm;
1521
1522 ubifs_assert(c, fst_inode && snd_inode);
1523
1524 err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm);
1525 if (err)
1526 return err;
1527
1528 err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm);
1529 if (err) {
1530 fscrypt_free_filename(&fst_nm);
1531 return err;
1532 }
1533
1534 lock_4_inodes(old_dir, new_dir, NULL, NULL);
1535
1536 time = current_time(old_dir);
1537 fst_inode->i_ctime = time;
1538 snd_inode->i_ctime = time;
1539 old_dir->i_mtime = old_dir->i_ctime = time;
1540 new_dir->i_mtime = new_dir->i_ctime = time;
1541
1542 if (old_dir != new_dir) {
1543 if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) {
1544 inc_nlink(new_dir);
1545 drop_nlink(old_dir);
1546 }
1547 else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) {
1548 drop_nlink(new_dir);
1549 inc_nlink(old_dir);
1550 }
1551 }
1552
1553 err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir,
1554 snd_inode, &snd_nm, sync);
1555
1556 unlock_4_inodes(old_dir, new_dir, NULL, NULL);
1557 ubifs_release_budget(c, &req);
1558
1559 fscrypt_free_filename(&fst_nm);
1560 fscrypt_free_filename(&snd_nm);
1561 return err;
1562 }
1563
ubifs_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)1564 static int ubifs_rename(struct inode *old_dir, struct dentry *old_dentry,
1565 struct inode *new_dir, struct dentry *new_dentry,
1566 unsigned int flags)
1567 {
1568 int err;
1569 struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1570
1571 if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE))
1572 return -EINVAL;
1573
1574 ubifs_assert(c, inode_is_locked(old_dir));
1575 ubifs_assert(c, inode_is_locked(new_dir));
1576
1577 err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
1578 flags);
1579 if (err)
1580 return err;
1581
1582 if (flags & RENAME_EXCHANGE)
1583 return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry);
1584
1585 return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
1586 }
1587
ubifs_getattr(const struct path * path,struct kstat * stat,u32 request_mask,unsigned int flags)1588 int ubifs_getattr(const struct path *path, struct kstat *stat,
1589 u32 request_mask, unsigned int flags)
1590 {
1591 loff_t size;
1592 struct inode *inode = d_inode(path->dentry);
1593 struct ubifs_inode *ui = ubifs_inode(inode);
1594
1595 mutex_lock(&ui->ui_mutex);
1596
1597 if (ui->flags & UBIFS_APPEND_FL)
1598 stat->attributes |= STATX_ATTR_APPEND;
1599 if (ui->flags & UBIFS_COMPR_FL)
1600 stat->attributes |= STATX_ATTR_COMPRESSED;
1601 if (ui->flags & UBIFS_CRYPT_FL)
1602 stat->attributes |= STATX_ATTR_ENCRYPTED;
1603 if (ui->flags & UBIFS_IMMUTABLE_FL)
1604 stat->attributes |= STATX_ATTR_IMMUTABLE;
1605
1606 stat->attributes_mask |= (STATX_ATTR_APPEND |
1607 STATX_ATTR_COMPRESSED |
1608 STATX_ATTR_ENCRYPTED |
1609 STATX_ATTR_IMMUTABLE);
1610
1611 generic_fillattr(inode, stat);
1612 stat->blksize = UBIFS_BLOCK_SIZE;
1613 stat->size = ui->ui_size;
1614
1615 /*
1616 * Unfortunately, the 'stat()' system call was designed for block
1617 * device based file systems, and it is not appropriate for UBIFS,
1618 * because UBIFS does not have notion of "block". For example, it is
1619 * difficult to tell how many block a directory takes - it actually
1620 * takes less than 300 bytes, but we have to round it to block size,
1621 * which introduces large mistake. This makes utilities like 'du' to
1622 * report completely senseless numbers. This is the reason why UBIFS
1623 * goes the same way as JFFS2 - it reports zero blocks for everything
1624 * but regular files, which makes more sense than reporting completely
1625 * wrong sizes.
1626 */
1627 if (S_ISREG(inode->i_mode)) {
1628 size = ui->xattr_size;
1629 size += stat->size;
1630 size = ALIGN(size, UBIFS_BLOCK_SIZE);
1631 /*
1632 * Note, user-space expects 512-byte blocks count irrespectively
1633 * of what was reported in @stat->size.
1634 */
1635 stat->blocks = size >> 9;
1636 } else
1637 stat->blocks = 0;
1638 mutex_unlock(&ui->ui_mutex);
1639 return 0;
1640 }
1641
1642 const struct inode_operations ubifs_dir_inode_operations = {
1643 .lookup = ubifs_lookup,
1644 .create = ubifs_create,
1645 .link = ubifs_link,
1646 .symlink = ubifs_symlink,
1647 .unlink = ubifs_unlink,
1648 .mkdir = ubifs_mkdir,
1649 .rmdir = ubifs_rmdir,
1650 .mknod = ubifs_mknod,
1651 .rename = ubifs_rename,
1652 .setattr = ubifs_setattr,
1653 .getattr = ubifs_getattr,
1654 #ifdef CONFIG_UBIFS_FS_XATTR
1655 .listxattr = ubifs_listxattr,
1656 #endif
1657 .update_time = ubifs_update_time,
1658 .tmpfile = ubifs_tmpfile,
1659 };
1660
1661 const struct file_operations ubifs_dir_operations = {
1662 .llseek = generic_file_llseek,
1663 .release = ubifs_dir_release,
1664 .read = generic_read_dir,
1665 .iterate_shared = ubifs_readdir,
1666 .fsync = ubifs_fsync,
1667 .unlocked_ioctl = ubifs_ioctl,
1668 #ifdef CONFIG_COMPAT
1669 .compat_ioctl = ubifs_compat_ioctl,
1670 #endif
1671 };
1672