b699b0067c
commit b01531db6cec2aa330dbc91bfbfaaef4a0d387a4 upstream.
->lookup() in an encrypted directory begins as follows:
1. fscrypt_prepare_lookup():
a. Try to load the directory's encryption key.
b. If the key is unavailable, mark the dentry as a ciphertext name
via d_flags.
2. fscrypt_setup_filename():
a. Try to load the directory's encryption key.
b. If the key is available, encrypt the name (treated as a plaintext
name) to get the on-disk name. Otherwise decode the name
(treated as a ciphertext name) to get the on-disk name.
But if the key is concurrently added, it may be found at (2a) but not at
(1a). In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.
This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems. For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it. This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.
Of course, this is only possible if there's a userspace race. Still,
the additional kernel-side race is confusing and unexpected.
Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.
Fixes: 28b4c26396
("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1688 lines
43 KiB
C
1688 lines
43 KiB
C
/* * This file is part of UBIFS.
|
|
*
|
|
* Copyright (C) 2006-2008 Nokia Corporation.
|
|
* Copyright (C) 2006, 2007 University of Szeged, Hungary
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 as published by
|
|
* the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
|
* more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along with
|
|
* this program; if not, write to the Free Software Foundation, Inc., 51
|
|
* Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*
|
|
* Authors: Artem Bityutskiy (Битюцкий Артём)
|
|
* Adrian Hunter
|
|
* Zoltan Sogor
|
|
*/
|
|
|
|
/*
|
|
* This file implements directory operations.
|
|
*
|
|
* All FS operations in this file allocate budget before writing anything to the
|
|
* media. If they fail to allocate it, the error is returned. The only
|
|
* exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even
|
|
* if they unable to allocate the budget, because deletion %-ENOSPC failure is
|
|
* not what users are usually ready to get. UBIFS budgeting subsystem has some
|
|
* space reserved for these purposes.
|
|
*
|
|
* All operations in this file write all inodes which they change straight
|
|
* away, instead of marking them dirty. For example, 'ubifs_link()' changes
|
|
* @i_size of the parent inode and writes the parent inode together with the
|
|
* target inode. This was done to simplify file-system recovery which would
|
|
* otherwise be very difficult to do. The only exception is rename which marks
|
|
* the re-named inode dirty (because its @i_ctime is updated) but does not
|
|
* write it, but just marks it as dirty.
|
|
*/
|
|
|
|
#include "ubifs.h"
|
|
|
|
/**
|
|
* inherit_flags - inherit flags of the parent inode.
|
|
* @dir: parent inode
|
|
* @mode: new inode mode flags
|
|
*
|
|
* This is a helper function for 'ubifs_new_inode()' which inherits flag of the
|
|
* parent directory inode @dir. UBIFS inodes inherit the following flags:
|
|
* o %UBIFS_COMPR_FL, which is useful to switch compression on/of on
|
|
* sub-directory basis;
|
|
* o %UBIFS_SYNC_FL - useful for the same reasons;
|
|
* o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories.
|
|
*
|
|
* This function returns the inherited flags.
|
|
*/
|
|
static int inherit_flags(const struct inode *dir, umode_t mode)
|
|
{
|
|
int flags;
|
|
const struct ubifs_inode *ui = ubifs_inode(dir);
|
|
|
|
if (!S_ISDIR(dir->i_mode))
|
|
/*
|
|
* The parent is not a directory, which means that an extended
|
|
* attribute inode is being created. No flags.
|
|
*/
|
|
return 0;
|
|
|
|
flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL);
|
|
if (!S_ISDIR(mode))
|
|
/* The "DIRSYNC" flag only applies to directories */
|
|
flags &= ~UBIFS_DIRSYNC_FL;
|
|
return flags;
|
|
}
|
|
|
|
/**
|
|
* ubifs_new_inode - allocate new UBIFS inode object.
|
|
* @c: UBIFS file-system description object
|
|
* @dir: parent directory inode
|
|
* @mode: inode mode flags
|
|
*
|
|
* This function finds an unused inode number, allocates new inode and
|
|
* initializes it. Returns new inode in case of success and an error code in
|
|
* case of failure.
|
|
*/
|
|
struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
|
|
umode_t mode)
|
|
{
|
|
int err;
|
|
struct inode *inode;
|
|
struct ubifs_inode *ui;
|
|
bool encrypted = false;
|
|
|
|
if (ubifs_crypt_is_encrypted(dir)) {
|
|
err = fscrypt_get_encryption_info(dir);
|
|
if (err) {
|
|
ubifs_err(c, "fscrypt_get_encryption_info failed: %i", err);
|
|
return ERR_PTR(err);
|
|
}
|
|
|
|
if (!fscrypt_has_encryption_key(dir))
|
|
return ERR_PTR(-EPERM);
|
|
|
|
encrypted = true;
|
|
}
|
|
|
|
inode = new_inode(c->vfs_sb);
|
|
ui = ubifs_inode(inode);
|
|
if (!inode)
|
|
return ERR_PTR(-ENOMEM);
|
|
|
|
/*
|
|
* Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and
|
|
* marking them dirty in file write path (see 'file_update_time()').
|
|
* UBIFS has to fully control "clean <-> dirty" transitions of inodes
|
|
* to make budgeting work.
|
|
*/
|
|
inode->i_flags |= S_NOCMTIME;
|
|
|
|
inode_init_owner(inode, dir, mode);
|
|
inode->i_mtime = inode->i_atime = inode->i_ctime =
|
|
current_time(inode);
|
|
inode->i_mapping->nrpages = 0;
|
|
|
|
switch (mode & S_IFMT) {
|
|
case S_IFREG:
|
|
inode->i_mapping->a_ops = &ubifs_file_address_operations;
|
|
inode->i_op = &ubifs_file_inode_operations;
|
|
inode->i_fop = &ubifs_file_operations;
|
|
break;
|
|
case S_IFDIR:
|
|
inode->i_op = &ubifs_dir_inode_operations;
|
|
inode->i_fop = &ubifs_dir_operations;
|
|
inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ;
|
|
break;
|
|
case S_IFLNK:
|
|
inode->i_op = &ubifs_symlink_inode_operations;
|
|
break;
|
|
case S_IFSOCK:
|
|
case S_IFIFO:
|
|
case S_IFBLK:
|
|
case S_IFCHR:
|
|
inode->i_op = &ubifs_file_inode_operations;
|
|
encrypted = false;
|
|
break;
|
|
default:
|
|
BUG();
|
|
}
|
|
|
|
ui->flags = inherit_flags(dir, mode);
|
|
ubifs_set_inode_flags(inode);
|
|
if (S_ISREG(mode))
|
|
ui->compr_type = c->default_compr;
|
|
else
|
|
ui->compr_type = UBIFS_COMPR_NONE;
|
|
ui->synced_i_size = 0;
|
|
|
|
spin_lock(&c->cnt_lock);
|
|
/* Inode number overflow is currently not supported */
|
|
if (c->highest_inum >= INUM_WARN_WATERMARK) {
|
|
if (c->highest_inum >= INUM_WATERMARK) {
|
|
spin_unlock(&c->cnt_lock);
|
|
ubifs_err(c, "out of inode numbers");
|
|
make_bad_inode(inode);
|
|
iput(inode);
|
|
return ERR_PTR(-EINVAL);
|
|
}
|
|
ubifs_warn(c, "running out of inode numbers (current %lu, max %u)",
|
|
(unsigned long)c->highest_inum, INUM_WATERMARK);
|
|
}
|
|
|
|
inode->i_ino = ++c->highest_inum;
|
|
/*
|
|
* The creation sequence number remains with this inode for its
|
|
* lifetime. All nodes for this inode have a greater sequence number,
|
|
* and so it is possible to distinguish obsolete nodes belonging to a
|
|
* previous incarnation of the same inode number - for example, for the
|
|
* purpose of rebuilding the index.
|
|
*/
|
|
ui->creat_sqnum = ++c->max_sqnum;
|
|
spin_unlock(&c->cnt_lock);
|
|
|
|
if (encrypted) {
|
|
err = fscrypt_inherit_context(dir, inode, &encrypted, true);
|
|
if (err) {
|
|
ubifs_err(c, "fscrypt_inherit_context failed: %i", err);
|
|
make_bad_inode(inode);
|
|
iput(inode);
|
|
return ERR_PTR(err);
|
|
}
|
|
}
|
|
|
|
return inode;
|
|
}
|
|
|
|
static int dbg_check_name(const struct ubifs_info *c,
|
|
const struct ubifs_dent_node *dent,
|
|
const struct fscrypt_name *nm)
|
|
{
|
|
if (!dbg_is_chk_gen(c))
|
|
return 0;
|
|
if (le16_to_cpu(dent->nlen) != fname_len(nm))
|
|
return -EINVAL;
|
|
if (memcmp(dent->name, fname_name(nm), fname_len(nm)))
|
|
return -EINVAL;
|
|
return 0;
|
|
}
|
|
|
|
static void ubifs_set_d_ops(struct inode *dir, struct dentry *dentry);
|
|
static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
|
|
unsigned int flags)
|
|
{
|
|
int err;
|
|
union ubifs_key key;
|
|
struct inode *inode = NULL;
|
|
struct ubifs_dent_node *dent = NULL;
|
|
struct ubifs_info *c = dir->i_sb->s_fs_info;
|
|
struct fscrypt_name nm;
|
|
|
|
dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino);
|
|
|
|
err = fscrypt_prepare_lookup(dir, dentry, &nm);
|
|
ubifs_set_d_ops(dir, dentry);
|
|
if (err == -ENOENT)
|
|
return d_splice_alias(NULL, dentry);
|
|
if (err)
|
|
return ERR_PTR(err);
|
|
|
|
if (fname_len(&nm) > UBIFS_MAX_NLEN) {
|
|
inode = ERR_PTR(-ENAMETOOLONG);
|
|
goto done;
|
|
}
|
|
|
|
dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
|
|
if (!dent) {
|
|
inode = ERR_PTR(-ENOMEM);
|
|
goto done;
|
|
}
|
|
|
|
if (fname_name(&nm) == NULL) {
|
|
if (nm.hash & ~UBIFS_S_KEY_HASH_MASK)
|
|
goto done; /* ENOENT */
|
|
dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
|
|
err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
|
|
} else {
|
|
dent_key_init(c, &key, dir->i_ino, &nm);
|
|
err = ubifs_tnc_lookup_nm(c, &key, dent, &nm);
|
|
}
|
|
|
|
if (err) {
|
|
if (err == -ENOENT)
|
|
dbg_gen("not found");
|
|
else
|
|
inode = ERR_PTR(err);
|
|
goto done;
|
|
}
|
|
|
|
if (dbg_check_name(c, dent, &nm)) {
|
|
inode = ERR_PTR(-EINVAL);
|
|
goto done;
|
|
}
|
|
|
|
inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum));
|
|
if (IS_ERR(inode)) {
|
|
/*
|
|
* This should not happen. Probably the file-system needs
|
|
* checking.
|
|
*/
|
|
err = PTR_ERR(inode);
|
|
ubifs_err(c, "dead directory entry '%pd', error %d",
|
|
dentry, err);
|
|
ubifs_ro_mode(c, err);
|
|
goto done;
|
|
}
|
|
|
|
if (ubifs_crypt_is_encrypted(dir) &&
|
|
(S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
|
|
!fscrypt_has_permitted_context(dir, inode)) {
|
|
ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
|
|
dir->i_ino, inode->i_ino);
|
|
iput(inode);
|
|
inode = ERR_PTR(-EPERM);
|
|
}
|
|
|
|
done:
|
|
kfree(dent);
|
|
fscrypt_free_filename(&nm);
|
|
return d_splice_alias(inode, dentry);
|
|
}
|
|
|
|
static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
|
|
bool excl)
|
|
{
|
|
struct inode *inode;
|
|
struct ubifs_info *c = dir->i_sb->s_fs_info;
|
|
struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
|
|
.dirtied_ino = 1 };
|
|
struct ubifs_inode *dir_ui = ubifs_inode(dir);
|
|
struct fscrypt_name nm;
|
|
int err, sz_change;
|
|
|
|
/*
|
|
* Budget request settings: new inode, new direntry, changing the
|
|
* parent directory inode.
|
|
*/
|
|
|
|
dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
|
|
dentry, mode, dir->i_ino);
|
|
|
|
err = ubifs_budget_space(c, &req);
|
|
if (err)
|
|
return err;
|
|
|
|
err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
|
|
if (err)
|
|
goto out_budg;
|
|
|
|
sz_change = CALC_DENT_SIZE(fname_len(&nm));
|
|
|
|
inode = ubifs_new_inode(c, dir, mode);
|
|
if (IS_ERR(inode)) {
|
|
err = PTR_ERR(inode);
|
|
goto out_fname;
|
|
}
|
|
|
|
err = ubifs_init_security(dir, inode, &dentry->d_name);
|
|
if (err)
|
|
goto out_inode;
|
|
|
|
mutex_lock(&dir_ui->ui_mutex);
|
|
dir->i_size += sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
dir->i_mtime = dir->i_ctime = inode->i_ctime;
|
|
err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
|
|
if (err)
|
|
goto out_cancel;
|
|
mutex_unlock(&dir_ui->ui_mutex);
|
|
|
|
ubifs_release_budget(c, &req);
|
|
fscrypt_free_filename(&nm);
|
|
insert_inode_hash(inode);
|
|
d_instantiate(dentry, inode);
|
|
return 0;
|
|
|
|
out_cancel:
|
|
dir->i_size -= sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
mutex_unlock(&dir_ui->ui_mutex);
|
|
out_inode:
|
|
make_bad_inode(inode);
|
|
iput(inode);
|
|
out_fname:
|
|
fscrypt_free_filename(&nm);
|
|
out_budg:
|
|
ubifs_release_budget(c, &req);
|
|
ubifs_err(c, "cannot create regular file, error %d", err);
|
|
return err;
|
|
}
|
|
|
|
static int do_tmpfile(struct inode *dir, struct dentry *dentry,
|
|
umode_t mode, struct inode **whiteout)
|
|
{
|
|
struct inode *inode;
|
|
struct ubifs_info *c = dir->i_sb->s_fs_info;
|
|
struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1};
|
|
struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
|
|
struct ubifs_inode *ui, *dir_ui = ubifs_inode(dir);
|
|
int err, instantiated = 0;
|
|
struct fscrypt_name nm;
|
|
|
|
/*
|
|
* Budget request settings: new dirty inode, new direntry,
|
|
* budget for dirtied inode will be released via writeback.
|
|
*/
|
|
|
|
dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
|
|
dentry, mode, dir->i_ino);
|
|
|
|
err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
|
|
if (err)
|
|
return err;
|
|
|
|
err = ubifs_budget_space(c, &req);
|
|
if (err) {
|
|
fscrypt_free_filename(&nm);
|
|
return err;
|
|
}
|
|
|
|
err = ubifs_budget_space(c, &ino_req);
|
|
if (err) {
|
|
ubifs_release_budget(c, &req);
|
|
fscrypt_free_filename(&nm);
|
|
return err;
|
|
}
|
|
|
|
inode = ubifs_new_inode(c, dir, mode);
|
|
if (IS_ERR(inode)) {
|
|
err = PTR_ERR(inode);
|
|
goto out_budg;
|
|
}
|
|
ui = ubifs_inode(inode);
|
|
|
|
if (whiteout) {
|
|
init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
|
|
ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations);
|
|
}
|
|
|
|
err = ubifs_init_security(dir, inode, &dentry->d_name);
|
|
if (err)
|
|
goto out_inode;
|
|
|
|
mutex_lock(&ui->ui_mutex);
|
|
insert_inode_hash(inode);
|
|
|
|
if (whiteout) {
|
|
mark_inode_dirty(inode);
|
|
drop_nlink(inode);
|
|
*whiteout = inode;
|
|
} else {
|
|
d_tmpfile(dentry, inode);
|
|
}
|
|
ubifs_assert(c, ui->dirty);
|
|
|
|
instantiated = 1;
|
|
mutex_unlock(&ui->ui_mutex);
|
|
|
|
mutex_lock(&dir_ui->ui_mutex);
|
|
err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
|
|
if (err)
|
|
goto out_cancel;
|
|
mutex_unlock(&dir_ui->ui_mutex);
|
|
|
|
ubifs_release_budget(c, &req);
|
|
|
|
return 0;
|
|
|
|
out_cancel:
|
|
mutex_unlock(&dir_ui->ui_mutex);
|
|
out_inode:
|
|
make_bad_inode(inode);
|
|
if (!instantiated)
|
|
iput(inode);
|
|
out_budg:
|
|
ubifs_release_budget(c, &req);
|
|
if (!instantiated)
|
|
ubifs_release_budget(c, &ino_req);
|
|
fscrypt_free_filename(&nm);
|
|
ubifs_err(c, "cannot create temporary file, error %d", err);
|
|
return err;
|
|
}
|
|
|
|
static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry,
|
|
umode_t mode)
|
|
{
|
|
return do_tmpfile(dir, dentry, mode, NULL);
|
|
}
|
|
|
|
/**
|
|
* vfs_dent_type - get VFS directory entry type.
|
|
* @type: UBIFS directory entry type
|
|
*
|
|
* This function converts UBIFS directory entry type into VFS directory entry
|
|
* type.
|
|
*/
|
|
static unsigned int vfs_dent_type(uint8_t type)
|
|
{
|
|
switch (type) {
|
|
case UBIFS_ITYPE_REG:
|
|
return DT_REG;
|
|
case UBIFS_ITYPE_DIR:
|
|
return DT_DIR;
|
|
case UBIFS_ITYPE_LNK:
|
|
return DT_LNK;
|
|
case UBIFS_ITYPE_BLK:
|
|
return DT_BLK;
|
|
case UBIFS_ITYPE_CHR:
|
|
return DT_CHR;
|
|
case UBIFS_ITYPE_FIFO:
|
|
return DT_FIFO;
|
|
case UBIFS_ITYPE_SOCK:
|
|
return DT_SOCK;
|
|
default:
|
|
BUG();
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* The classical Unix view for directory is that it is a linear array of
|
|
* (name, inode number) entries. Linux/VFS assumes this model as well.
|
|
* Particularly, 'readdir()' call wants us to return a directory entry offset
|
|
* which later may be used to continue 'readdir()'ing the directory or to
|
|
* 'seek()' to that specific direntry. Obviously UBIFS does not really fit this
|
|
* model because directory entries are identified by keys, which may collide.
|
|
*
|
|
* UBIFS uses directory entry hash value for directory offsets, so
|
|
* 'seekdir()'/'telldir()' may not always work because of possible key
|
|
* collisions. But UBIFS guarantees that consecutive 'readdir()' calls work
|
|
* properly by means of saving full directory entry name in the private field
|
|
* of the file description object.
|
|
*
|
|
* This means that UBIFS cannot support NFS which requires full
|
|
* 'seekdir()'/'telldir()' support.
|
|
*/
|
|
static int ubifs_readdir(struct file *file, struct dir_context *ctx)
|
|
{
|
|
int fstr_real_len = 0, err = 0;
|
|
struct fscrypt_name nm;
|
|
struct fscrypt_str fstr = {0};
|
|
union ubifs_key key;
|
|
struct ubifs_dent_node *dent;
|
|
struct inode *dir = file_inode(file);
|
|
struct ubifs_info *c = dir->i_sb->s_fs_info;
|
|
bool encrypted = ubifs_crypt_is_encrypted(dir);
|
|
|
|
dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos);
|
|
|
|
if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2)
|
|
/*
|
|
* The directory was seek'ed to a senseless position or there
|
|
* are no more entries.
|
|
*/
|
|
return 0;
|
|
|
|
if (encrypted) {
|
|
err = fscrypt_get_encryption_info(dir);
|
|
if (err)
|
|
return err;
|
|
|
|
err = fscrypt_fname_alloc_buffer(dir, UBIFS_MAX_NLEN, &fstr);
|
|
if (err)
|
|
return err;
|
|
|
|
fstr_real_len = fstr.len;
|
|
}
|
|
|
|
if (file->f_version == 0) {
|
|
/*
|
|
* The file was seek'ed, which means that @file->private_data
|
|
* is now invalid. This may also be just the first
|
|
* 'ubifs_readdir()' invocation, in which case
|
|
* @file->private_data is NULL, and the below code is
|
|
* basically a no-op.
|
|
*/
|
|
kfree(file->private_data);
|
|
file->private_data = NULL;
|
|
}
|
|
|
|
/*
|
|
* 'generic_file_llseek()' unconditionally sets @file->f_version to
|
|
* zero, and we use this for detecting whether the file was seek'ed.
|
|
*/
|
|
file->f_version = 1;
|
|
|
|
/* File positions 0 and 1 correspond to "." and ".." */
|
|
if (ctx->pos < 2) {
|
|
ubifs_assert(c, !file->private_data);
|
|
if (!dir_emit_dots(file, ctx)) {
|
|
if (encrypted)
|
|
fscrypt_fname_free_buffer(&fstr);
|
|
return 0;
|
|
}
|
|
|
|
/* Find the first entry in TNC and save it */
|
|
lowest_dent_key(c, &key, dir->i_ino);
|
|
fname_len(&nm) = 0;
|
|
dent = ubifs_tnc_next_ent(c, &key, &nm);
|
|
if (IS_ERR(dent)) {
|
|
err = PTR_ERR(dent);
|
|
goto out;
|
|
}
|
|
|
|
ctx->pos = key_hash_flash(c, &dent->key);
|
|
file->private_data = dent;
|
|
}
|
|
|
|
dent = file->private_data;
|
|
if (!dent) {
|
|
/*
|
|
* The directory was seek'ed to and is now readdir'ed.
|
|
* Find the entry corresponding to @ctx->pos or the closest one.
|
|
*/
|
|
dent_key_init_hash(c, &key, dir->i_ino, ctx->pos);
|
|
fname_len(&nm) = 0;
|
|
dent = ubifs_tnc_next_ent(c, &key, &nm);
|
|
if (IS_ERR(dent)) {
|
|
err = PTR_ERR(dent);
|
|
goto out;
|
|
}
|
|
ctx->pos = key_hash_flash(c, &dent->key);
|
|
file->private_data = dent;
|
|
}
|
|
|
|
while (1) {
|
|
dbg_gen("ino %llu, new f_pos %#x",
|
|
(unsigned long long)le64_to_cpu(dent->inum),
|
|
key_hash_flash(c, &dent->key));
|
|
ubifs_assert(c, le64_to_cpu(dent->ch.sqnum) >
|
|
ubifs_inode(dir)->creat_sqnum);
|
|
|
|
fname_len(&nm) = le16_to_cpu(dent->nlen);
|
|
fname_name(&nm) = dent->name;
|
|
|
|
if (encrypted) {
|
|
fstr.len = fstr_real_len;
|
|
|
|
err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c,
|
|
&dent->key),
|
|
le32_to_cpu(dent->cookie),
|
|
&nm.disk_name, &fstr);
|
|
if (err)
|
|
goto out;
|
|
} else {
|
|
fstr.len = fname_len(&nm);
|
|
fstr.name = fname_name(&nm);
|
|
}
|
|
|
|
if (!dir_emit(ctx, fstr.name, fstr.len,
|
|
le64_to_cpu(dent->inum),
|
|
vfs_dent_type(dent->type))) {
|
|
if (encrypted)
|
|
fscrypt_fname_free_buffer(&fstr);
|
|
return 0;
|
|
}
|
|
|
|
/* Switch to the next entry */
|
|
key_read(c, &dent->key, &key);
|
|
dent = ubifs_tnc_next_ent(c, &key, &nm);
|
|
if (IS_ERR(dent)) {
|
|
err = PTR_ERR(dent);
|
|
goto out;
|
|
}
|
|
|
|
kfree(file->private_data);
|
|
ctx->pos = key_hash_flash(c, &dent->key);
|
|
file->private_data = dent;
|
|
cond_resched();
|
|
}
|
|
|
|
out:
|
|
kfree(file->private_data);
|
|
file->private_data = NULL;
|
|
|
|
if (encrypted)
|
|
fscrypt_fname_free_buffer(&fstr);
|
|
|
|
if (err != -ENOENT)
|
|
ubifs_err(c, "cannot find next direntry, error %d", err);
|
|
else
|
|
/*
|
|
* -ENOENT is a non-fatal error in this context, the TNC uses
|
|
* it to indicate that the cursor moved past the current directory
|
|
* and readdir() has to stop.
|
|
*/
|
|
err = 0;
|
|
|
|
|
|
/* 2 is a special value indicating that there are no more direntries */
|
|
ctx->pos = 2;
|
|
return err;
|
|
}
|
|
|
|
/* Free saved readdir() state when the directory is closed */
|
|
static int ubifs_dir_release(struct inode *dir, struct file *file)
|
|
{
|
|
kfree(file->private_data);
|
|
file->private_data = NULL;
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* lock_2_inodes - a wrapper for locking two UBIFS inodes.
|
|
* @inode1: first inode
|
|
* @inode2: second inode
|
|
*
|
|
* We do not implement any tricks to guarantee strict lock ordering, because
|
|
* VFS has already done it for us on the @i_mutex. So this is just a simple
|
|
* wrapper function.
|
|
*/
|
|
static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
|
|
{
|
|
mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
|
|
mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
|
|
}
|
|
|
|
/**
|
|
* unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
|
|
* @inode1: first inode
|
|
* @inode2: second inode
|
|
*/
|
|
static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
|
|
{
|
|
mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
|
|
mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
|
|
}
|
|
|
|
static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
|
|
struct dentry *dentry)
|
|
{
|
|
struct ubifs_info *c = dir->i_sb->s_fs_info;
|
|
struct inode *inode = d_inode(old_dentry);
|
|
struct ubifs_inode *ui = ubifs_inode(inode);
|
|
struct ubifs_inode *dir_ui = ubifs_inode(dir);
|
|
int err, sz_change = CALC_DENT_SIZE(dentry->d_name.len);
|
|
struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2,
|
|
.dirtied_ino_d = ALIGN(ui->data_len, 8) };
|
|
struct fscrypt_name nm;
|
|
|
|
/*
|
|
* Budget request settings: new direntry, changing the target inode,
|
|
* changing the parent inode.
|
|
*/
|
|
|
|
dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu",
|
|
dentry, inode->i_ino,
|
|
inode->i_nlink, dir->i_ino);
|
|
ubifs_assert(c, inode_is_locked(dir));
|
|
ubifs_assert(c, inode_is_locked(inode));
|
|
|
|
err = fscrypt_prepare_link(old_dentry, dir, dentry);
|
|
if (err)
|
|
return err;
|
|
|
|
err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
|
|
if (err)
|
|
return err;
|
|
|
|
err = dbg_check_synced_i_size(c, inode);
|
|
if (err)
|
|
goto out_fname;
|
|
|
|
err = ubifs_budget_space(c, &req);
|
|
if (err)
|
|
goto out_fname;
|
|
|
|
lock_2_inodes(dir, inode);
|
|
|
|
/* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
|
|
if (inode->i_nlink == 0)
|
|
ubifs_delete_orphan(c, inode->i_ino);
|
|
|
|
inc_nlink(inode);
|
|
ihold(inode);
|
|
inode->i_ctime = current_time(inode);
|
|
dir->i_size += sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
dir->i_mtime = dir->i_ctime = inode->i_ctime;
|
|
err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
|
|
if (err)
|
|
goto out_cancel;
|
|
unlock_2_inodes(dir, inode);
|
|
|
|
ubifs_release_budget(c, &req);
|
|
d_instantiate(dentry, inode);
|
|
fscrypt_free_filename(&nm);
|
|
return 0;
|
|
|
|
out_cancel:
|
|
dir->i_size -= sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
drop_nlink(inode);
|
|
if (inode->i_nlink == 0)
|
|
ubifs_add_orphan(c, inode->i_ino);
|
|
unlock_2_inodes(dir, inode);
|
|
ubifs_release_budget(c, &req);
|
|
iput(inode);
|
|
out_fname:
|
|
fscrypt_free_filename(&nm);
|
|
return err;
|
|
}
|
|
|
|
static int ubifs_unlink(struct inode *dir, struct dentry *dentry)
|
|
{
|
|
struct ubifs_info *c = dir->i_sb->s_fs_info;
|
|
struct inode *inode = d_inode(dentry);
|
|
struct ubifs_inode *dir_ui = ubifs_inode(dir);
|
|
int err, sz_change, budgeted = 1;
|
|
struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
|
|
unsigned int saved_nlink = inode->i_nlink;
|
|
struct fscrypt_name nm;
|
|
|
|
/*
|
|
* Budget request settings: deletion direntry, deletion inode (+1 for
|
|
* @dirtied_ino), changing the parent directory inode. If budgeting
|
|
* fails, go ahead anyway because we have extra space reserved for
|
|
* deletions.
|
|
*/
|
|
|
|
dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu",
|
|
dentry, inode->i_ino,
|
|
inode->i_nlink, dir->i_ino);
|
|
|
|
if (ubifs_crypt_is_encrypted(dir)) {
|
|
err = fscrypt_get_encryption_info(dir);
|
|
if (err && err != -ENOKEY)
|
|
return err;
|
|
}
|
|
|
|
err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
|
|
if (err)
|
|
return err;
|
|
|
|
sz_change = CALC_DENT_SIZE(fname_len(&nm));
|
|
|
|
ubifs_assert(c, inode_is_locked(dir));
|
|
ubifs_assert(c, inode_is_locked(inode));
|
|
err = dbg_check_synced_i_size(c, inode);
|
|
if (err)
|
|
goto out_fname;
|
|
|
|
err = ubifs_budget_space(c, &req);
|
|
if (err) {
|
|
if (err != -ENOSPC)
|
|
goto out_fname;
|
|
budgeted = 0;
|
|
}
|
|
|
|
lock_2_inodes(dir, inode);
|
|
inode->i_ctime = current_time(dir);
|
|
drop_nlink(inode);
|
|
dir->i_size -= sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
dir->i_mtime = dir->i_ctime = inode->i_ctime;
|
|
err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
|
|
if (err)
|
|
goto out_cancel;
|
|
unlock_2_inodes(dir, inode);
|
|
|
|
if (budgeted)
|
|
ubifs_release_budget(c, &req);
|
|
else {
|
|
/* We've deleted something - clean the "no space" flags */
|
|
c->bi.nospace = c->bi.nospace_rp = 0;
|
|
smp_wmb();
|
|
}
|
|
fscrypt_free_filename(&nm);
|
|
return 0;
|
|
|
|
out_cancel:
|
|
dir->i_size += sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
set_nlink(inode, saved_nlink);
|
|
unlock_2_inodes(dir, inode);
|
|
if (budgeted)
|
|
ubifs_release_budget(c, &req);
|
|
out_fname:
|
|
fscrypt_free_filename(&nm);
|
|
return err;
|
|
}
|
|
|
|
/**
|
|
* check_dir_empty - check if a directory is empty or not.
|
|
* @dir: VFS inode object of the directory to check
|
|
*
|
|
* This function checks if directory @dir is empty. Returns zero if the
|
|
* directory is empty, %-ENOTEMPTY if it is not, and other negative error codes
|
|
* in case of of errors.
|
|
*/
|
|
int ubifs_check_dir_empty(struct inode *dir)
|
|
{
|
|
struct ubifs_info *c = dir->i_sb->s_fs_info;
|
|
struct fscrypt_name nm = { 0 };
|
|
struct ubifs_dent_node *dent;
|
|
union ubifs_key key;
|
|
int err;
|
|
|
|
lowest_dent_key(c, &key, dir->i_ino);
|
|
dent = ubifs_tnc_next_ent(c, &key, &nm);
|
|
if (IS_ERR(dent)) {
|
|
err = PTR_ERR(dent);
|
|
if (err == -ENOENT)
|
|
err = 0;
|
|
} else {
|
|
kfree(dent);
|
|
err = -ENOTEMPTY;
|
|
}
|
|
return err;
|
|
}
|
|
|
|
static int ubifs_rmdir(struct inode *dir, struct dentry *dentry)
|
|
{
|
|
struct ubifs_info *c = dir->i_sb->s_fs_info;
|
|
struct inode *inode = d_inode(dentry);
|
|
int err, sz_change, budgeted = 1;
|
|
struct ubifs_inode *dir_ui = ubifs_inode(dir);
|
|
struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
|
|
struct fscrypt_name nm;
|
|
|
|
/*
|
|
* Budget request settings: deletion direntry, deletion inode and
|
|
* changing the parent inode. If budgeting fails, go ahead anyway
|
|
* because we have extra space reserved for deletions.
|
|
*/
|
|
|
|
dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry,
|
|
inode->i_ino, dir->i_ino);
|
|
ubifs_assert(c, inode_is_locked(dir));
|
|
ubifs_assert(c, inode_is_locked(inode));
|
|
err = ubifs_check_dir_empty(d_inode(dentry));
|
|
if (err)
|
|
return err;
|
|
|
|
if (ubifs_crypt_is_encrypted(dir)) {
|
|
err = fscrypt_get_encryption_info(dir);
|
|
if (err && err != -ENOKEY)
|
|
return err;
|
|
}
|
|
|
|
err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
|
|
if (err)
|
|
return err;
|
|
|
|
sz_change = CALC_DENT_SIZE(fname_len(&nm));
|
|
|
|
err = ubifs_budget_space(c, &req);
|
|
if (err) {
|
|
if (err != -ENOSPC)
|
|
goto out_fname;
|
|
budgeted = 0;
|
|
}
|
|
|
|
lock_2_inodes(dir, inode);
|
|
inode->i_ctime = current_time(dir);
|
|
clear_nlink(inode);
|
|
drop_nlink(dir);
|
|
dir->i_size -= sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
dir->i_mtime = dir->i_ctime = inode->i_ctime;
|
|
err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
|
|
if (err)
|
|
goto out_cancel;
|
|
unlock_2_inodes(dir, inode);
|
|
|
|
if (budgeted)
|
|
ubifs_release_budget(c, &req);
|
|
else {
|
|
/* We've deleted something - clean the "no space" flags */
|
|
c->bi.nospace = c->bi.nospace_rp = 0;
|
|
smp_wmb();
|
|
}
|
|
fscrypt_free_filename(&nm);
|
|
return 0;
|
|
|
|
out_cancel:
|
|
dir->i_size += sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
inc_nlink(dir);
|
|
set_nlink(inode, 2);
|
|
unlock_2_inodes(dir, inode);
|
|
if (budgeted)
|
|
ubifs_release_budget(c, &req);
|
|
out_fname:
|
|
fscrypt_free_filename(&nm);
|
|
return err;
|
|
}
|
|
|
|
static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
|
|
{
|
|
struct inode *inode;
|
|
struct ubifs_inode *dir_ui = ubifs_inode(dir);
|
|
struct ubifs_info *c = dir->i_sb->s_fs_info;
|
|
int err, sz_change;
|
|
struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1 };
|
|
struct fscrypt_name nm;
|
|
|
|
/*
|
|
* Budget request settings: new inode, new direntry and changing parent
|
|
* directory inode.
|
|
*/
|
|
|
|
dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
|
|
dentry, mode, dir->i_ino);
|
|
|
|
err = ubifs_budget_space(c, &req);
|
|
if (err)
|
|
return err;
|
|
|
|
err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
|
|
if (err)
|
|
goto out_budg;
|
|
|
|
sz_change = CALC_DENT_SIZE(fname_len(&nm));
|
|
|
|
inode = ubifs_new_inode(c, dir, S_IFDIR | mode);
|
|
if (IS_ERR(inode)) {
|
|
err = PTR_ERR(inode);
|
|
goto out_fname;
|
|
}
|
|
|
|
err = ubifs_init_security(dir, inode, &dentry->d_name);
|
|
if (err)
|
|
goto out_inode;
|
|
|
|
mutex_lock(&dir_ui->ui_mutex);
|
|
insert_inode_hash(inode);
|
|
inc_nlink(inode);
|
|
inc_nlink(dir);
|
|
dir->i_size += sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
dir->i_mtime = dir->i_ctime = inode->i_ctime;
|
|
err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
|
|
if (err) {
|
|
ubifs_err(c, "cannot create directory, error %d", err);
|
|
goto out_cancel;
|
|
}
|
|
mutex_unlock(&dir_ui->ui_mutex);
|
|
|
|
ubifs_release_budget(c, &req);
|
|
d_instantiate(dentry, inode);
|
|
fscrypt_free_filename(&nm);
|
|
return 0;
|
|
|
|
out_cancel:
|
|
dir->i_size -= sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
drop_nlink(dir);
|
|
mutex_unlock(&dir_ui->ui_mutex);
|
|
out_inode:
|
|
make_bad_inode(inode);
|
|
iput(inode);
|
|
out_fname:
|
|
fscrypt_free_filename(&nm);
|
|
out_budg:
|
|
ubifs_release_budget(c, &req);
|
|
return err;
|
|
}
|
|
|
|
static int ubifs_mknod(struct inode *dir, struct dentry *dentry,
|
|
umode_t mode, dev_t rdev)
|
|
{
|
|
struct inode *inode;
|
|
struct ubifs_inode *ui;
|
|
struct ubifs_inode *dir_ui = ubifs_inode(dir);
|
|
struct ubifs_info *c = dir->i_sb->s_fs_info;
|
|
union ubifs_dev_desc *dev = NULL;
|
|
int sz_change;
|
|
int err, devlen = 0;
|
|
struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
|
|
.dirtied_ino = 1 };
|
|
struct fscrypt_name nm;
|
|
|
|
/*
|
|
* Budget request settings: new inode, new direntry and changing parent
|
|
* directory inode.
|
|
*/
|
|
|
|
dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino);
|
|
|
|
if (S_ISBLK(mode) || S_ISCHR(mode)) {
|
|
dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
|
|
if (!dev)
|
|
return -ENOMEM;
|
|
devlen = ubifs_encode_dev(dev, rdev);
|
|
}
|
|
|
|
req.new_ino_d = ALIGN(devlen, 8);
|
|
err = ubifs_budget_space(c, &req);
|
|
if (err) {
|
|
kfree(dev);
|
|
return err;
|
|
}
|
|
|
|
err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
|
|
if (err) {
|
|
kfree(dev);
|
|
goto out_budg;
|
|
}
|
|
|
|
sz_change = CALC_DENT_SIZE(fname_len(&nm));
|
|
|
|
inode = ubifs_new_inode(c, dir, mode);
|
|
if (IS_ERR(inode)) {
|
|
kfree(dev);
|
|
err = PTR_ERR(inode);
|
|
goto out_fname;
|
|
}
|
|
|
|
init_special_inode(inode, inode->i_mode, rdev);
|
|
inode->i_size = ubifs_inode(inode)->ui_size = devlen;
|
|
ui = ubifs_inode(inode);
|
|
ui->data = dev;
|
|
ui->data_len = devlen;
|
|
|
|
err = ubifs_init_security(dir, inode, &dentry->d_name);
|
|
if (err)
|
|
goto out_inode;
|
|
|
|
mutex_lock(&dir_ui->ui_mutex);
|
|
dir->i_size += sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
dir->i_mtime = dir->i_ctime = inode->i_ctime;
|
|
err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
|
|
if (err)
|
|
goto out_cancel;
|
|
mutex_unlock(&dir_ui->ui_mutex);
|
|
|
|
ubifs_release_budget(c, &req);
|
|
insert_inode_hash(inode);
|
|
d_instantiate(dentry, inode);
|
|
fscrypt_free_filename(&nm);
|
|
return 0;
|
|
|
|
out_cancel:
|
|
dir->i_size -= sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
mutex_unlock(&dir_ui->ui_mutex);
|
|
out_inode:
|
|
make_bad_inode(inode);
|
|
iput(inode);
|
|
out_fname:
|
|
fscrypt_free_filename(&nm);
|
|
out_budg:
|
|
ubifs_release_budget(c, &req);
|
|
return err;
|
|
}
|
|
|
|
static int ubifs_symlink(struct inode *dir, struct dentry *dentry,
|
|
const char *symname)
|
|
{
|
|
struct inode *inode;
|
|
struct ubifs_inode *ui;
|
|
struct ubifs_inode *dir_ui = ubifs_inode(dir);
|
|
struct ubifs_info *c = dir->i_sb->s_fs_info;
|
|
int err, sz_change, len = strlen(symname);
|
|
struct fscrypt_str disk_link;
|
|
struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
|
|
.new_ino_d = ALIGN(len, 8),
|
|
.dirtied_ino = 1 };
|
|
struct fscrypt_name nm;
|
|
|
|
dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry,
|
|
symname, dir->i_ino);
|
|
|
|
err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA,
|
|
&disk_link);
|
|
if (err)
|
|
return err;
|
|
|
|
/*
|
|
* Budget request settings: new inode, new direntry and changing parent
|
|
* directory inode.
|
|
*/
|
|
err = ubifs_budget_space(c, &req);
|
|
if (err)
|
|
return err;
|
|
|
|
err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
|
|
if (err)
|
|
goto out_budg;
|
|
|
|
sz_change = CALC_DENT_SIZE(fname_len(&nm));
|
|
|
|
inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO);
|
|
if (IS_ERR(inode)) {
|
|
err = PTR_ERR(inode);
|
|
goto out_fname;
|
|
}
|
|
|
|
ui = ubifs_inode(inode);
|
|
ui->data = kmalloc(disk_link.len, GFP_NOFS);
|
|
if (!ui->data) {
|
|
err = -ENOMEM;
|
|
goto out_inode;
|
|
}
|
|
|
|
if (IS_ENCRYPTED(inode)) {
|
|
disk_link.name = ui->data; /* encrypt directly into ui->data */
|
|
err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link);
|
|
if (err)
|
|
goto out_inode;
|
|
} else {
|
|
memcpy(ui->data, disk_link.name, disk_link.len);
|
|
inode->i_link = ui->data;
|
|
}
|
|
|
|
/*
|
|
* The terminating zero byte is not written to the flash media and it
|
|
* is put just to make later in-memory string processing simpler. Thus,
|
|
* data length is @disk_link.len - 1, not @disk_link.len.
|
|
*/
|
|
ui->data_len = disk_link.len - 1;
|
|
inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
|
|
|
|
err = ubifs_init_security(dir, inode, &dentry->d_name);
|
|
if (err)
|
|
goto out_inode;
|
|
|
|
mutex_lock(&dir_ui->ui_mutex);
|
|
dir->i_size += sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
dir->i_mtime = dir->i_ctime = inode->i_ctime;
|
|
err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
|
|
if (err)
|
|
goto out_cancel;
|
|
mutex_unlock(&dir_ui->ui_mutex);
|
|
|
|
insert_inode_hash(inode);
|
|
d_instantiate(dentry, inode);
|
|
err = 0;
|
|
goto out_fname;
|
|
|
|
out_cancel:
|
|
dir->i_size -= sz_change;
|
|
dir_ui->ui_size = dir->i_size;
|
|
mutex_unlock(&dir_ui->ui_mutex);
|
|
out_inode:
|
|
make_bad_inode(inode);
|
|
iput(inode);
|
|
out_fname:
|
|
fscrypt_free_filename(&nm);
|
|
out_budg:
|
|
ubifs_release_budget(c, &req);
|
|
return err;
|
|
}
|
|
|
|
/**
|
|
* lock_4_inodes - a wrapper for locking three UBIFS inodes.
|
|
* @inode1: first inode
|
|
* @inode2: second inode
|
|
* @inode3: third inode
|
|
* @inode4: fouth inode
|
|
*
|
|
* This function is used for 'ubifs_rename()' and @inode1 may be the same as
|
|
* @inode2 whereas @inode3 and @inode4 may be %NULL.
|
|
*
|
|
* We do not implement any tricks to guarantee strict lock ordering, because
|
|
* VFS has already done it for us on the @i_mutex. So this is just a simple
|
|
* wrapper function.
|
|
*/
|
|
static void lock_4_inodes(struct inode *inode1, struct inode *inode2,
|
|
struct inode *inode3, struct inode *inode4)
|
|
{
|
|
mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
|
|
if (inode2 != inode1)
|
|
mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
|
|
if (inode3)
|
|
mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3);
|
|
if (inode4)
|
|
mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4);
|
|
}
|
|
|
|
/**
|
|
* unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename.
|
|
* @inode1: first inode
|
|
* @inode2: second inode
|
|
* @inode3: third inode
|
|
* @inode4: fouth inode
|
|
*/
|
|
static void unlock_4_inodes(struct inode *inode1, struct inode *inode2,
|
|
struct inode *inode3, struct inode *inode4)
|
|
{
|
|
if (inode4)
|
|
mutex_unlock(&ubifs_inode(inode4)->ui_mutex);
|
|
if (inode3)
|
|
mutex_unlock(&ubifs_inode(inode3)->ui_mutex);
|
|
if (inode1 != inode2)
|
|
mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
|
|
mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
|
|
}
|
|
|
|
static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
|
|
struct inode *new_dir, struct dentry *new_dentry,
|
|
unsigned int flags)
|
|
{
|
|
struct ubifs_info *c = old_dir->i_sb->s_fs_info;
|
|
struct inode *old_inode = d_inode(old_dentry);
|
|
struct inode *new_inode = d_inode(new_dentry);
|
|
struct inode *whiteout = NULL;
|
|
struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode);
|
|
struct ubifs_inode *whiteout_ui = NULL;
|
|
int err, release, sync = 0, move = (new_dir != old_dir);
|
|
int is_dir = S_ISDIR(old_inode->i_mode);
|
|
int unlink = !!new_inode, new_sz, old_sz;
|
|
struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
|
|
.dirtied_ino = 3 };
|
|
struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
|
|
.dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
|
|
struct timespec64 time;
|
|
unsigned int uninitialized_var(saved_nlink);
|
|
struct fscrypt_name old_nm, new_nm;
|
|
|
|
/*
|
|
* Budget request settings: deletion direntry, new direntry, removing
|
|
* the old inode, and changing old and new parent directory inodes.
|
|
*
|
|
* However, this operation also marks the target inode as dirty and
|
|
* does not write it, so we allocate budget for the target inode
|
|
* separately.
|
|
*/
|
|
|
|
dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
|
|
old_dentry, old_inode->i_ino, old_dir->i_ino,
|
|
new_dentry, new_dir->i_ino, flags);
|
|
|
|
if (unlink)
|
|
ubifs_assert(c, inode_is_locked(new_inode));
|
|
|
|
if (unlink && is_dir) {
|
|
err = ubifs_check_dir_empty(new_inode);
|
|
if (err)
|
|
return err;
|
|
}
|
|
|
|
err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm);
|
|
if (err)
|
|
return err;
|
|
|
|
err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm);
|
|
if (err) {
|
|
fscrypt_free_filename(&old_nm);
|
|
return err;
|
|
}
|
|
|
|
new_sz = CALC_DENT_SIZE(fname_len(&new_nm));
|
|
old_sz = CALC_DENT_SIZE(fname_len(&old_nm));
|
|
|
|
err = ubifs_budget_space(c, &req);
|
|
if (err) {
|
|
fscrypt_free_filename(&old_nm);
|
|
fscrypt_free_filename(&new_nm);
|
|
return err;
|
|
}
|
|
err = ubifs_budget_space(c, &ino_req);
|
|
if (err) {
|
|
fscrypt_free_filename(&old_nm);
|
|
fscrypt_free_filename(&new_nm);
|
|
ubifs_release_budget(c, &req);
|
|
return err;
|
|
}
|
|
|
|
if (flags & RENAME_WHITEOUT) {
|
|
union ubifs_dev_desc *dev = NULL;
|
|
|
|
dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
|
|
if (!dev) {
|
|
err = -ENOMEM;
|
|
goto out_release;
|
|
}
|
|
|
|
err = do_tmpfile(old_dir, old_dentry, S_IFCHR | WHITEOUT_MODE, &whiteout);
|
|
if (err) {
|
|
kfree(dev);
|
|
goto out_release;
|
|
}
|
|
|
|
whiteout->i_state |= I_LINKABLE;
|
|
whiteout_ui = ubifs_inode(whiteout);
|
|
whiteout_ui->data = dev;
|
|
whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
|
|
ubifs_assert(c, !whiteout_ui->dirty);
|
|
}
|
|
|
|
lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
|
|
|
|
/*
|
|
* Like most other Unix systems, set the @i_ctime for inodes on a
|
|
* rename.
|
|
*/
|
|
time = current_time(old_dir);
|
|
old_inode->i_ctime = time;
|
|
|
|
/* We must adjust parent link count when renaming directories */
|
|
if (is_dir) {
|
|
if (move) {
|
|
/*
|
|
* @old_dir loses a link because we are moving
|
|
* @old_inode to a different directory.
|
|
*/
|
|
drop_nlink(old_dir);
|
|
/*
|
|
* @new_dir only gains a link if we are not also
|
|
* overwriting an existing directory.
|
|
*/
|
|
if (!unlink)
|
|
inc_nlink(new_dir);
|
|
} else {
|
|
/*
|
|
* @old_inode is not moving to a different directory,
|
|
* but @old_dir still loses a link if we are
|
|
* overwriting an existing directory.
|
|
*/
|
|
if (unlink)
|
|
drop_nlink(old_dir);
|
|
}
|
|
}
|
|
|
|
old_dir->i_size -= old_sz;
|
|
ubifs_inode(old_dir)->ui_size = old_dir->i_size;
|
|
old_dir->i_mtime = old_dir->i_ctime = time;
|
|
new_dir->i_mtime = new_dir->i_ctime = time;
|
|
|
|
/*
|
|
* And finally, if we unlinked a direntry which happened to have the
|
|
* same name as the moved direntry, we have to decrement @i_nlink of
|
|
* the unlinked inode and change its ctime.
|
|
*/
|
|
if (unlink) {
|
|
/*
|
|
* Directories cannot have hard-links, so if this is a
|
|
* directory, just clear @i_nlink.
|
|
*/
|
|
saved_nlink = new_inode->i_nlink;
|
|
if (is_dir)
|
|
clear_nlink(new_inode);
|
|
else
|
|
drop_nlink(new_inode);
|
|
new_inode->i_ctime = time;
|
|
} else {
|
|
new_dir->i_size += new_sz;
|
|
ubifs_inode(new_dir)->ui_size = new_dir->i_size;
|
|
}
|
|
|
|
/*
|
|
* Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode
|
|
* is dirty, because this will be done later on at the end of
|
|
* 'ubifs_rename()'.
|
|
*/
|
|
if (IS_SYNC(old_inode)) {
|
|
sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
|
|
if (unlink && IS_SYNC(new_inode))
|
|
sync = 1;
|
|
}
|
|
|
|
if (whiteout) {
|
|
struct ubifs_budget_req wht_req = { .dirtied_ino = 1,
|
|
.dirtied_ino_d = \
|
|
ALIGN(ubifs_inode(whiteout)->data_len, 8) };
|
|
|
|
err = ubifs_budget_space(c, &wht_req);
|
|
if (err) {
|
|
kfree(whiteout_ui->data);
|
|
whiteout_ui->data_len = 0;
|
|
iput(whiteout);
|
|
goto out_release;
|
|
}
|
|
|
|
inc_nlink(whiteout);
|
|
mark_inode_dirty(whiteout);
|
|
whiteout->i_state &= ~I_LINKABLE;
|
|
iput(whiteout);
|
|
}
|
|
|
|
err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
|
|
new_inode, &new_nm, whiteout, sync);
|
|
if (err)
|
|
goto out_cancel;
|
|
|
|
unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
|
|
ubifs_release_budget(c, &req);
|
|
|
|
mutex_lock(&old_inode_ui->ui_mutex);
|
|
release = old_inode_ui->dirty;
|
|
mark_inode_dirty_sync(old_inode);
|
|
mutex_unlock(&old_inode_ui->ui_mutex);
|
|
|
|
if (release)
|
|
ubifs_release_budget(c, &ino_req);
|
|
if (IS_SYNC(old_inode))
|
|
err = old_inode->i_sb->s_op->write_inode(old_inode, NULL);
|
|
|
|
fscrypt_free_filename(&old_nm);
|
|
fscrypt_free_filename(&new_nm);
|
|
return err;
|
|
|
|
out_cancel:
|
|
if (unlink) {
|
|
set_nlink(new_inode, saved_nlink);
|
|
} else {
|
|
new_dir->i_size -= new_sz;
|
|
ubifs_inode(new_dir)->ui_size = new_dir->i_size;
|
|
}
|
|
old_dir->i_size += old_sz;
|
|
ubifs_inode(old_dir)->ui_size = old_dir->i_size;
|
|
if (is_dir) {
|
|
if (move) {
|
|
inc_nlink(old_dir);
|
|
if (!unlink)
|
|
drop_nlink(new_dir);
|
|
} else {
|
|
if (unlink)
|
|
inc_nlink(old_dir);
|
|
}
|
|
}
|
|
if (whiteout) {
|
|
drop_nlink(whiteout);
|
|
iput(whiteout);
|
|
}
|
|
unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
|
|
out_release:
|
|
ubifs_release_budget(c, &ino_req);
|
|
ubifs_release_budget(c, &req);
|
|
fscrypt_free_filename(&old_nm);
|
|
fscrypt_free_filename(&new_nm);
|
|
return err;
|
|
}
|
|
|
|
static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry,
|
|
struct inode *new_dir, struct dentry *new_dentry)
|
|
{
|
|
struct ubifs_info *c = old_dir->i_sb->s_fs_info;
|
|
struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
|
|
.dirtied_ino = 2 };
|
|
int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
|
|
struct inode *fst_inode = d_inode(old_dentry);
|
|
struct inode *snd_inode = d_inode(new_dentry);
|
|
struct timespec64 time;
|
|
int err;
|
|
struct fscrypt_name fst_nm, snd_nm;
|
|
|
|
ubifs_assert(c, fst_inode && snd_inode);
|
|
|
|
err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm);
|
|
if (err)
|
|
return err;
|
|
|
|
err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm);
|
|
if (err) {
|
|
fscrypt_free_filename(&fst_nm);
|
|
return err;
|
|
}
|
|
|
|
lock_4_inodes(old_dir, new_dir, NULL, NULL);
|
|
|
|
time = current_time(old_dir);
|
|
fst_inode->i_ctime = time;
|
|
snd_inode->i_ctime = time;
|
|
old_dir->i_mtime = old_dir->i_ctime = time;
|
|
new_dir->i_mtime = new_dir->i_ctime = time;
|
|
|
|
if (old_dir != new_dir) {
|
|
if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) {
|
|
inc_nlink(new_dir);
|
|
drop_nlink(old_dir);
|
|
}
|
|
else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) {
|
|
drop_nlink(new_dir);
|
|
inc_nlink(old_dir);
|
|
}
|
|
}
|
|
|
|
err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir,
|
|
snd_inode, &snd_nm, sync);
|
|
|
|
unlock_4_inodes(old_dir, new_dir, NULL, NULL);
|
|
ubifs_release_budget(c, &req);
|
|
|
|
fscrypt_free_filename(&fst_nm);
|
|
fscrypt_free_filename(&snd_nm);
|
|
return err;
|
|
}
|
|
|
|
static int ubifs_rename(struct inode *old_dir, struct dentry *old_dentry,
|
|
struct inode *new_dir, struct dentry *new_dentry,
|
|
unsigned int flags)
|
|
{
|
|
int err;
|
|
struct ubifs_info *c = old_dir->i_sb->s_fs_info;
|
|
|
|
if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE))
|
|
return -EINVAL;
|
|
|
|
ubifs_assert(c, inode_is_locked(old_dir));
|
|
ubifs_assert(c, inode_is_locked(new_dir));
|
|
|
|
err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
|
|
flags);
|
|
if (err)
|
|
return err;
|
|
|
|
if (flags & RENAME_EXCHANGE)
|
|
return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry);
|
|
|
|
return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
|
|
}
|
|
|
|
int ubifs_getattr(const struct path *path, struct kstat *stat,
|
|
u32 request_mask, unsigned int flags)
|
|
{
|
|
loff_t size;
|
|
struct inode *inode = d_inode(path->dentry);
|
|
struct ubifs_inode *ui = ubifs_inode(inode);
|
|
|
|
mutex_lock(&ui->ui_mutex);
|
|
|
|
if (ui->flags & UBIFS_APPEND_FL)
|
|
stat->attributes |= STATX_ATTR_APPEND;
|
|
if (ui->flags & UBIFS_COMPR_FL)
|
|
stat->attributes |= STATX_ATTR_COMPRESSED;
|
|
if (ui->flags & UBIFS_CRYPT_FL)
|
|
stat->attributes |= STATX_ATTR_ENCRYPTED;
|
|
if (ui->flags & UBIFS_IMMUTABLE_FL)
|
|
stat->attributes |= STATX_ATTR_IMMUTABLE;
|
|
|
|
stat->attributes_mask |= (STATX_ATTR_APPEND |
|
|
STATX_ATTR_COMPRESSED |
|
|
STATX_ATTR_ENCRYPTED |
|
|
STATX_ATTR_IMMUTABLE);
|
|
|
|
generic_fillattr(inode, stat);
|
|
stat->blksize = UBIFS_BLOCK_SIZE;
|
|
stat->size = ui->ui_size;
|
|
|
|
/*
|
|
* Unfortunately, the 'stat()' system call was designed for block
|
|
* device based file systems, and it is not appropriate for UBIFS,
|
|
* because UBIFS does not have notion of "block". For example, it is
|
|
* difficult to tell how many block a directory takes - it actually
|
|
* takes less than 300 bytes, but we have to round it to block size,
|
|
* which introduces large mistake. This makes utilities like 'du' to
|
|
* report completely senseless numbers. This is the reason why UBIFS
|
|
* goes the same way as JFFS2 - it reports zero blocks for everything
|
|
* but regular files, which makes more sense than reporting completely
|
|
* wrong sizes.
|
|
*/
|
|
if (S_ISREG(inode->i_mode)) {
|
|
size = ui->xattr_size;
|
|
size += stat->size;
|
|
size = ALIGN(size, UBIFS_BLOCK_SIZE);
|
|
/*
|
|
* Note, user-space expects 512-byte blocks count irrespectively
|
|
* of what was reported in @stat->size.
|
|
*/
|
|
stat->blocks = size >> 9;
|
|
} else
|
|
stat->blocks = 0;
|
|
mutex_unlock(&ui->ui_mutex);
|
|
return 0;
|
|
}
|
|
|
|
static int ubifs_dir_open(struct inode *dir, struct file *file)
|
|
{
|
|
if (ubifs_crypt_is_encrypted(dir))
|
|
return fscrypt_get_encryption_info(dir) ? -EACCES : 0;
|
|
|
|
return 0;
|
|
}
|
|
|
|
const struct inode_operations ubifs_dir_inode_operations = {
|
|
.lookup = ubifs_lookup,
|
|
.create = ubifs_create,
|
|
.link = ubifs_link,
|
|
.symlink = ubifs_symlink,
|
|
.unlink = ubifs_unlink,
|
|
.mkdir = ubifs_mkdir,
|
|
.rmdir = ubifs_rmdir,
|
|
.mknod = ubifs_mknod,
|
|
.rename = ubifs_rename,
|
|
.setattr = ubifs_setattr,
|
|
.getattr = ubifs_getattr,
|
|
#ifdef CONFIG_UBIFS_FS_XATTR
|
|
.listxattr = ubifs_listxattr,
|
|
#endif
|
|
#ifdef CONFIG_UBIFS_ATIME_SUPPORT
|
|
.update_time = ubifs_update_time,
|
|
#endif
|
|
.tmpfile = ubifs_tmpfile,
|
|
};
|
|
|
|
const struct file_operations ubifs_dir_operations = {
|
|
.llseek = generic_file_llseek,
|
|
.release = ubifs_dir_release,
|
|
.read = generic_read_dir,
|
|
.iterate_shared = ubifs_readdir,
|
|
.fsync = ubifs_fsync,
|
|
.unlocked_ioctl = ubifs_ioctl,
|
|
.open = ubifs_dir_open,
|
|
#ifdef CONFIG_COMPAT
|
|
.compat_ioctl = ubifs_compat_ioctl,
|
|
#endif
|
|
};
|
|
|
|
#ifdef CONFIG_FS_ENCRYPTION
|
|
static const struct dentry_operations ubifs_encrypted_dentry_ops = {
|
|
.d_revalidate = fscrypt_d_revalidate,
|
|
};
|
|
#endif
|
|
|
|
static void ubifs_set_d_ops(struct inode *dir, struct dentry *dentry)
|
|
{
|
|
#ifdef CONFIG_FS_ENCRYPTION
|
|
if (dentry->d_flags & DCACHE_ENCRYPTED_NAME) {
|
|
d_set_d_op(dentry, &ubifs_encrypted_dentry_ops);
|
|
return;
|
|
}
|
|
#endif
|
|
}
|