1 /* * This file is part of UBIFS.
2  *
3  * Copyright (C) 2006-2008 Nokia Corporation.
4  * Copyright (C) 2006, 2007 University of Szeged, Hungary
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License version 2 as published by
8  * the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
13  * more details.
14  *
15  * You should have received a copy of the GNU General Public License along with
16  * this program; if not, write to the Free Software Foundation, Inc., 51
17  * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18  *
19  * Authors: Artem Bityutskiy (Битюцкий Артём)
20  *          Adrian Hunter
21  *          Zoltan Sogor
22  */
23 
24 /*
25  * This file implements directory operations.
26  *
27  * All FS operations in this file allocate budget before writing anything to the
28  * media. If they fail to allocate it, the error is returned. The only
29  * exceptions are 'ubifs_unlink()' and 'ubifs_rmdir()' which keep working even
30  * if they unable to allocate the budget, because deletion %-ENOSPC failure is
31  * not what users are usually ready to get. UBIFS budgeting subsystem has some
32  * space reserved for these purposes.
33  *
34  * All operations in this file write all inodes which they change straight
35  * away, instead of marking them dirty. For example, 'ubifs_link()' changes
36  * @i_size of the parent inode and writes the parent inode together with the
37  * target inode. This was done to simplify file-system recovery which would
38  * otherwise be very difficult to do. The only exception is rename which marks
39  * the re-named inode dirty (because its @i_ctime is updated) but does not
40  * write it, but just marks it as dirty.
41  */
42 
43 #include "ubifs.h"
44 
45 /**
46  * inherit_flags - inherit flags of the parent inode.
47  * @dir: parent inode
48  * @mode: new inode mode flags
49  *
50  * This is a helper function for 'ubifs_new_inode()' which inherits flag of the
51  * parent directory inode @dir. UBIFS inodes inherit the following flags:
52  * o %UBIFS_COMPR_FL, which is useful to switch compression on/of on
53  *   sub-directory basis;
54  * o %UBIFS_SYNC_FL - useful for the same reasons;
55  * o %UBIFS_DIRSYNC_FL - similar, but relevant only to directories.
56  *
57  * This function returns the inherited flags.
58  */
inherit_flags(const struct inode * dir,umode_t mode)59 static int inherit_flags(const struct inode *dir, umode_t mode)
60 {
61 	int flags;
62 	const struct ubifs_inode *ui = ubifs_inode(dir);
63 
64 	if (!S_ISDIR(dir->i_mode))
65 		/*
66 		 * The parent is not a directory, which means that an extended
67 		 * attribute inode is being created. No flags.
68 		 */
69 		return 0;
70 
71 	flags = ui->flags & (UBIFS_COMPR_FL | UBIFS_SYNC_FL | UBIFS_DIRSYNC_FL);
72 	if (!S_ISDIR(mode))
73 		/* The "DIRSYNC" flag only applies to directories */
74 		flags &= ~UBIFS_DIRSYNC_FL;
75 	return flags;
76 }
77 
78 /**
79  * ubifs_new_inode - allocate new UBIFS inode object.
80  * @c: UBIFS file-system description object
81  * @dir: parent directory inode
82  * @mode: inode mode flags
83  *
84  * This function finds an unused inode number, allocates new inode and
85  * initializes it. Returns new inode in case of success and an error code in
86  * case of failure.
87  */
ubifs_new_inode(struct ubifs_info * c,struct inode * dir,umode_t mode)88 struct inode *ubifs_new_inode(struct ubifs_info *c, struct inode *dir,
89 			      umode_t mode)
90 {
91 	int err;
92 	struct inode *inode;
93 	struct ubifs_inode *ui;
94 	bool encrypted = false;
95 
96 	if (ubifs_crypt_is_encrypted(dir)) {
97 		err = fscrypt_get_encryption_info(dir);
98 		if (err) {
99 			ubifs_err(c, "fscrypt_get_encryption_info failed: %i", err);
100 			return ERR_PTR(err);
101 		}
102 
103 		if (!fscrypt_has_encryption_key(dir))
104 			return ERR_PTR(-EPERM);
105 
106 		encrypted = true;
107 	}
108 
109 	inode = new_inode(c->vfs_sb);
110 	ui = ubifs_inode(inode);
111 	if (!inode)
112 		return ERR_PTR(-ENOMEM);
113 
114 	/*
115 	 * Set 'S_NOCMTIME' to prevent VFS form updating [mc]time of inodes and
116 	 * marking them dirty in file write path (see 'file_update_time()').
117 	 * UBIFS has to fully control "clean <-> dirty" transitions of inodes
118 	 * to make budgeting work.
119 	 */
120 	inode->i_flags |= S_NOCMTIME;
121 
122 	inode_init_owner(inode, dir, mode);
123 	inode->i_mtime = inode->i_atime = inode->i_ctime =
124 			 current_time(inode);
125 	inode->i_mapping->nrpages = 0;
126 
127 	switch (mode & S_IFMT) {
128 	case S_IFREG:
129 		inode->i_mapping->a_ops = &ubifs_file_address_operations;
130 		inode->i_op = &ubifs_file_inode_operations;
131 		inode->i_fop = &ubifs_file_operations;
132 		break;
133 	case S_IFDIR:
134 		inode->i_op  = &ubifs_dir_inode_operations;
135 		inode->i_fop = &ubifs_dir_operations;
136 		inode->i_size = ui->ui_size = UBIFS_INO_NODE_SZ;
137 		break;
138 	case S_IFLNK:
139 		inode->i_op = &ubifs_symlink_inode_operations;
140 		break;
141 	case S_IFSOCK:
142 	case S_IFIFO:
143 	case S_IFBLK:
144 	case S_IFCHR:
145 		inode->i_op  = &ubifs_file_inode_operations;
146 		encrypted = false;
147 		break;
148 	default:
149 		BUG();
150 	}
151 
152 	ui->flags = inherit_flags(dir, mode);
153 	ubifs_set_inode_flags(inode);
154 	if (S_ISREG(mode))
155 		ui->compr_type = c->default_compr;
156 	else
157 		ui->compr_type = UBIFS_COMPR_NONE;
158 	ui->synced_i_size = 0;
159 
160 	spin_lock(&c->cnt_lock);
161 	/* Inode number overflow is currently not supported */
162 	if (c->highest_inum >= INUM_WARN_WATERMARK) {
163 		if (c->highest_inum >= INUM_WATERMARK) {
164 			spin_unlock(&c->cnt_lock);
165 			ubifs_err(c, "out of inode numbers");
166 			make_bad_inode(inode);
167 			iput(inode);
168 			return ERR_PTR(-EINVAL);
169 		}
170 		ubifs_warn(c, "running out of inode numbers (current %lu, max %u)",
171 			   (unsigned long)c->highest_inum, INUM_WATERMARK);
172 	}
173 
174 	inode->i_ino = ++c->highest_inum;
175 	/*
176 	 * The creation sequence number remains with this inode for its
177 	 * lifetime. All nodes for this inode have a greater sequence number,
178 	 * and so it is possible to distinguish obsolete nodes belonging to a
179 	 * previous incarnation of the same inode number - for example, for the
180 	 * purpose of rebuilding the index.
181 	 */
182 	ui->creat_sqnum = ++c->max_sqnum;
183 	spin_unlock(&c->cnt_lock);
184 
185 	if (encrypted) {
186 		err = fscrypt_inherit_context(dir, inode, &encrypted, true);
187 		if (err) {
188 			ubifs_err(c, "fscrypt_inherit_context failed: %i", err);
189 			make_bad_inode(inode);
190 			iput(inode);
191 			return ERR_PTR(err);
192 		}
193 	}
194 
195 	return inode;
196 }
197 
dbg_check_name(const struct ubifs_info * c,const struct ubifs_dent_node * dent,const struct fscrypt_name * nm)198 static int dbg_check_name(const struct ubifs_info *c,
199 			  const struct ubifs_dent_node *dent,
200 			  const struct fscrypt_name *nm)
201 {
202 	if (!dbg_is_chk_gen(c))
203 		return 0;
204 	if (le16_to_cpu(dent->nlen) != fname_len(nm))
205 		return -EINVAL;
206 	if (memcmp(dent->name, fname_name(nm), fname_len(nm)))
207 		return -EINVAL;
208 	return 0;
209 }
210 
ubifs_lookup(struct inode * dir,struct dentry * dentry,unsigned int flags)211 static struct dentry *ubifs_lookup(struct inode *dir, struct dentry *dentry,
212 				   unsigned int flags)
213 {
214 	int err;
215 	union ubifs_key key;
216 	struct inode *inode = NULL;
217 	struct ubifs_dent_node *dent = NULL;
218 	struct ubifs_info *c = dir->i_sb->s_fs_info;
219 	struct fscrypt_name nm;
220 
221 	dbg_gen("'%pd' in dir ino %lu", dentry, dir->i_ino);
222 
223 	err = fscrypt_prepare_lookup(dir, dentry, flags);
224 	if (err)
225 		return ERR_PTR(err);
226 
227 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
228 	if (err)
229 		return ERR_PTR(err);
230 
231 	if (fname_len(&nm) > UBIFS_MAX_NLEN) {
232 		inode = ERR_PTR(-ENAMETOOLONG);
233 		goto done;
234 	}
235 
236 	dent = kmalloc(UBIFS_MAX_DENT_NODE_SZ, GFP_NOFS);
237 	if (!dent) {
238 		inode = ERR_PTR(-ENOMEM);
239 		goto done;
240 	}
241 
242 	if (nm.hash) {
243 		ubifs_assert(c, fname_len(&nm) == 0);
244 		ubifs_assert(c, fname_name(&nm) == NULL);
245 		dent_key_init_hash(c, &key, dir->i_ino, nm.hash);
246 		err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash);
247 	} else {
248 		dent_key_init(c, &key, dir->i_ino, &nm);
249 		err = ubifs_tnc_lookup_nm(c, &key, dent, &nm);
250 	}
251 
252 	if (err) {
253 		if (err == -ENOENT)
254 			dbg_gen("not found");
255 		else
256 			inode = ERR_PTR(err);
257 		goto done;
258 	}
259 
260 	if (dbg_check_name(c, dent, &nm)) {
261 		inode = ERR_PTR(-EINVAL);
262 		goto done;
263 	}
264 
265 	inode = ubifs_iget(dir->i_sb, le64_to_cpu(dent->inum));
266 	if (IS_ERR(inode)) {
267 		/*
268 		 * This should not happen. Probably the file-system needs
269 		 * checking.
270 		 */
271 		err = PTR_ERR(inode);
272 		ubifs_err(c, "dead directory entry '%pd', error %d",
273 			  dentry, err);
274 		ubifs_ro_mode(c, err);
275 		goto done;
276 	}
277 
278 	if (ubifs_crypt_is_encrypted(dir) &&
279 	    (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
280 	    !fscrypt_has_permitted_context(dir, inode)) {
281 		ubifs_warn(c, "Inconsistent encryption contexts: %lu/%lu",
282 			   dir->i_ino, inode->i_ino);
283 		iput(inode);
284 		inode = ERR_PTR(-EPERM);
285 	}
286 
287 done:
288 	kfree(dent);
289 	fscrypt_free_filename(&nm);
290 	return d_splice_alias(inode, dentry);
291 }
292 
ubifs_create(struct inode * dir,struct dentry * dentry,umode_t mode,bool excl)293 static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode,
294 			bool excl)
295 {
296 	struct inode *inode;
297 	struct ubifs_info *c = dir->i_sb->s_fs_info;
298 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
299 					.dirtied_ino = 1 };
300 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
301 	struct fscrypt_name nm;
302 	int err, sz_change;
303 
304 	/*
305 	 * Budget request settings: new inode, new direntry, changing the
306 	 * parent directory inode.
307 	 */
308 
309 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
310 		dentry, mode, dir->i_ino);
311 
312 	err = ubifs_budget_space(c, &req);
313 	if (err)
314 		return err;
315 
316 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
317 	if (err)
318 		goto out_budg;
319 
320 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
321 
322 	inode = ubifs_new_inode(c, dir, mode);
323 	if (IS_ERR(inode)) {
324 		err = PTR_ERR(inode);
325 		goto out_fname;
326 	}
327 
328 	err = ubifs_init_security(dir, inode, &dentry->d_name);
329 	if (err)
330 		goto out_inode;
331 
332 	mutex_lock(&dir_ui->ui_mutex);
333 	dir->i_size += sz_change;
334 	dir_ui->ui_size = dir->i_size;
335 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
336 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
337 	if (err)
338 		goto out_cancel;
339 	mutex_unlock(&dir_ui->ui_mutex);
340 
341 	ubifs_release_budget(c, &req);
342 	fscrypt_free_filename(&nm);
343 	insert_inode_hash(inode);
344 	d_instantiate(dentry, inode);
345 	return 0;
346 
347 out_cancel:
348 	dir->i_size -= sz_change;
349 	dir_ui->ui_size = dir->i_size;
350 	mutex_unlock(&dir_ui->ui_mutex);
351 out_inode:
352 	make_bad_inode(inode);
353 	iput(inode);
354 out_fname:
355 	fscrypt_free_filename(&nm);
356 out_budg:
357 	ubifs_release_budget(c, &req);
358 	ubifs_err(c, "cannot create regular file, error %d", err);
359 	return err;
360 }
361 
do_tmpfile(struct inode * dir,struct dentry * dentry,umode_t mode,struct inode ** whiteout)362 static int do_tmpfile(struct inode *dir, struct dentry *dentry,
363 		      umode_t mode, struct inode **whiteout)
364 {
365 	struct inode *inode;
366 	struct ubifs_info *c = dir->i_sb->s_fs_info;
367 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1};
368 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1 };
369 	struct ubifs_inode *ui, *dir_ui = ubifs_inode(dir);
370 	int err, instantiated = 0;
371 	struct fscrypt_name nm;
372 
373 	/*
374 	 * Budget request settings: new dirty inode, new direntry,
375 	 * budget for dirtied inode will be released via writeback.
376 	 */
377 
378 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
379 		dentry, mode, dir->i_ino);
380 
381 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
382 	if (err)
383 		return err;
384 
385 	err = ubifs_budget_space(c, &req);
386 	if (err) {
387 		fscrypt_free_filename(&nm);
388 		return err;
389 	}
390 
391 	err = ubifs_budget_space(c, &ino_req);
392 	if (err) {
393 		ubifs_release_budget(c, &req);
394 		fscrypt_free_filename(&nm);
395 		return err;
396 	}
397 
398 	inode = ubifs_new_inode(c, dir, mode);
399 	if (IS_ERR(inode)) {
400 		err = PTR_ERR(inode);
401 		goto out_budg;
402 	}
403 	ui = ubifs_inode(inode);
404 
405 	if (whiteout) {
406 		init_special_inode(inode, inode->i_mode, WHITEOUT_DEV);
407 		ubifs_assert(c, inode->i_op == &ubifs_file_inode_operations);
408 	}
409 
410 	err = ubifs_init_security(dir, inode, &dentry->d_name);
411 	if (err)
412 		goto out_inode;
413 
414 	mutex_lock(&ui->ui_mutex);
415 	insert_inode_hash(inode);
416 
417 	if (whiteout) {
418 		mark_inode_dirty(inode);
419 		drop_nlink(inode);
420 		*whiteout = inode;
421 	} else {
422 		d_tmpfile(dentry, inode);
423 	}
424 	ubifs_assert(c, ui->dirty);
425 
426 	instantiated = 1;
427 	mutex_unlock(&ui->ui_mutex);
428 
429 	mutex_lock(&dir_ui->ui_mutex);
430 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
431 	if (err)
432 		goto out_cancel;
433 	mutex_unlock(&dir_ui->ui_mutex);
434 
435 	ubifs_release_budget(c, &req);
436 
437 	return 0;
438 
439 out_cancel:
440 	mutex_unlock(&dir_ui->ui_mutex);
441 out_inode:
442 	make_bad_inode(inode);
443 	if (!instantiated)
444 		iput(inode);
445 out_budg:
446 	ubifs_release_budget(c, &req);
447 	if (!instantiated)
448 		ubifs_release_budget(c, &ino_req);
449 	fscrypt_free_filename(&nm);
450 	ubifs_err(c, "cannot create temporary file, error %d", err);
451 	return err;
452 }
453 
ubifs_tmpfile(struct inode * dir,struct dentry * dentry,umode_t mode)454 static int ubifs_tmpfile(struct inode *dir, struct dentry *dentry,
455 			 umode_t mode)
456 {
457 	return do_tmpfile(dir, dentry, mode, NULL);
458 }
459 
460 /**
461  * vfs_dent_type - get VFS directory entry type.
462  * @type: UBIFS directory entry type
463  *
464  * This function converts UBIFS directory entry type into VFS directory entry
465  * type.
466  */
vfs_dent_type(uint8_t type)467 static unsigned int vfs_dent_type(uint8_t type)
468 {
469 	switch (type) {
470 	case UBIFS_ITYPE_REG:
471 		return DT_REG;
472 	case UBIFS_ITYPE_DIR:
473 		return DT_DIR;
474 	case UBIFS_ITYPE_LNK:
475 		return DT_LNK;
476 	case UBIFS_ITYPE_BLK:
477 		return DT_BLK;
478 	case UBIFS_ITYPE_CHR:
479 		return DT_CHR;
480 	case UBIFS_ITYPE_FIFO:
481 		return DT_FIFO;
482 	case UBIFS_ITYPE_SOCK:
483 		return DT_SOCK;
484 	default:
485 		BUG();
486 	}
487 	return 0;
488 }
489 
490 /*
491  * The classical Unix view for directory is that it is a linear array of
492  * (name, inode number) entries. Linux/VFS assumes this model as well.
493  * Particularly, 'readdir()' call wants us to return a directory entry offset
494  * which later may be used to continue 'readdir()'ing the directory or to
495  * 'seek()' to that specific direntry. Obviously UBIFS does not really fit this
496  * model because directory entries are identified by keys, which may collide.
497  *
498  * UBIFS uses directory entry hash value for directory offsets, so
499  * 'seekdir()'/'telldir()' may not always work because of possible key
500  * collisions. But UBIFS guarantees that consecutive 'readdir()' calls work
501  * properly by means of saving full directory entry name in the private field
502  * of the file description object.
503  *
504  * This means that UBIFS cannot support NFS which requires full
505  * 'seekdir()'/'telldir()' support.
506  */
ubifs_readdir(struct file * file,struct dir_context * ctx)507 static int ubifs_readdir(struct file *file, struct dir_context *ctx)
508 {
509 	int fstr_real_len = 0, err = 0;
510 	struct fscrypt_name nm;
511 	struct fscrypt_str fstr = {0};
512 	union ubifs_key key;
513 	struct ubifs_dent_node *dent;
514 	struct inode *dir = file_inode(file);
515 	struct ubifs_info *c = dir->i_sb->s_fs_info;
516 	bool encrypted = ubifs_crypt_is_encrypted(dir);
517 
518 	dbg_gen("dir ino %lu, f_pos %#llx", dir->i_ino, ctx->pos);
519 
520 	if (ctx->pos > UBIFS_S_KEY_HASH_MASK || ctx->pos == 2)
521 		/*
522 		 * The directory was seek'ed to a senseless position or there
523 		 * are no more entries.
524 		 */
525 		return 0;
526 
527 	if (encrypted) {
528 		err = fscrypt_get_encryption_info(dir);
529 		if (err && err != -ENOKEY)
530 			return err;
531 
532 		err = fscrypt_fname_alloc_buffer(dir, UBIFS_MAX_NLEN, &fstr);
533 		if (err)
534 			return err;
535 
536 		fstr_real_len = fstr.len;
537 	}
538 
539 	if (file->f_version == 0) {
540 		/*
541 		 * The file was seek'ed, which means that @file->private_data
542 		 * is now invalid. This may also be just the first
543 		 * 'ubifs_readdir()' invocation, in which case
544 		 * @file->private_data is NULL, and the below code is
545 		 * basically a no-op.
546 		 */
547 		kfree(file->private_data);
548 		file->private_data = NULL;
549 	}
550 
551 	/*
552 	 * 'generic_file_llseek()' unconditionally sets @file->f_version to
553 	 * zero, and we use this for detecting whether the file was seek'ed.
554 	 */
555 	file->f_version = 1;
556 
557 	/* File positions 0 and 1 correspond to "." and ".." */
558 	if (ctx->pos < 2) {
559 		ubifs_assert(c, !file->private_data);
560 		if (!dir_emit_dots(file, ctx)) {
561 			if (encrypted)
562 				fscrypt_fname_free_buffer(&fstr);
563 			return 0;
564 		}
565 
566 		/* Find the first entry in TNC and save it */
567 		lowest_dent_key(c, &key, dir->i_ino);
568 		fname_len(&nm) = 0;
569 		dent = ubifs_tnc_next_ent(c, &key, &nm);
570 		if (IS_ERR(dent)) {
571 			err = PTR_ERR(dent);
572 			goto out;
573 		}
574 
575 		ctx->pos = key_hash_flash(c, &dent->key);
576 		file->private_data = dent;
577 	}
578 
579 	dent = file->private_data;
580 	if (!dent) {
581 		/*
582 		 * The directory was seek'ed to and is now readdir'ed.
583 		 * Find the entry corresponding to @ctx->pos or the closest one.
584 		 */
585 		dent_key_init_hash(c, &key, dir->i_ino, ctx->pos);
586 		fname_len(&nm) = 0;
587 		dent = ubifs_tnc_next_ent(c, &key, &nm);
588 		if (IS_ERR(dent)) {
589 			err = PTR_ERR(dent);
590 			goto out;
591 		}
592 		ctx->pos = key_hash_flash(c, &dent->key);
593 		file->private_data = dent;
594 	}
595 
596 	while (1) {
597 		dbg_gen("ino %llu, new f_pos %#x",
598 			(unsigned long long)le64_to_cpu(dent->inum),
599 			key_hash_flash(c, &dent->key));
600 		ubifs_assert(c, le64_to_cpu(dent->ch.sqnum) >
601 			     ubifs_inode(dir)->creat_sqnum);
602 
603 		fname_len(&nm) = le16_to_cpu(dent->nlen);
604 		fname_name(&nm) = dent->name;
605 
606 		if (encrypted) {
607 			fstr.len = fstr_real_len;
608 
609 			err = fscrypt_fname_disk_to_usr(dir, key_hash_flash(c,
610 							&dent->key),
611 							le32_to_cpu(dent->cookie),
612 							&nm.disk_name, &fstr);
613 			if (err)
614 				goto out;
615 		} else {
616 			fstr.len = fname_len(&nm);
617 			fstr.name = fname_name(&nm);
618 		}
619 
620 		if (!dir_emit(ctx, fstr.name, fstr.len,
621 			       le64_to_cpu(dent->inum),
622 			       vfs_dent_type(dent->type))) {
623 			if (encrypted)
624 				fscrypt_fname_free_buffer(&fstr);
625 			return 0;
626 		}
627 
628 		/* Switch to the next entry */
629 		key_read(c, &dent->key, &key);
630 		dent = ubifs_tnc_next_ent(c, &key, &nm);
631 		if (IS_ERR(dent)) {
632 			err = PTR_ERR(dent);
633 			goto out;
634 		}
635 
636 		kfree(file->private_data);
637 		ctx->pos = key_hash_flash(c, &dent->key);
638 		file->private_data = dent;
639 		cond_resched();
640 	}
641 
642 out:
643 	kfree(file->private_data);
644 	file->private_data = NULL;
645 
646 	if (encrypted)
647 		fscrypt_fname_free_buffer(&fstr);
648 
649 	if (err != -ENOENT)
650 		ubifs_err(c, "cannot find next direntry, error %d", err);
651 	else
652 		/*
653 		 * -ENOENT is a non-fatal error in this context, the TNC uses
654 		 * it to indicate that the cursor moved past the current directory
655 		 * and readdir() has to stop.
656 		 */
657 		err = 0;
658 
659 
660 	/* 2 is a special value indicating that there are no more direntries */
661 	ctx->pos = 2;
662 	return err;
663 }
664 
665 /* Free saved readdir() state when the directory is closed */
ubifs_dir_release(struct inode * dir,struct file * file)666 static int ubifs_dir_release(struct inode *dir, struct file *file)
667 {
668 	kfree(file->private_data);
669 	file->private_data = NULL;
670 	return 0;
671 }
672 
673 /**
674  * lock_2_inodes - a wrapper for locking two UBIFS inodes.
675  * @inode1: first inode
676  * @inode2: second inode
677  *
678  * We do not implement any tricks to guarantee strict lock ordering, because
679  * VFS has already done it for us on the @i_mutex. So this is just a simple
680  * wrapper function.
681  */
lock_2_inodes(struct inode * inode1,struct inode * inode2)682 static void lock_2_inodes(struct inode *inode1, struct inode *inode2)
683 {
684 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
685 	mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
686 }
687 
688 /**
689  * unlock_2_inodes - a wrapper for unlocking two UBIFS inodes.
690  * @inode1: first inode
691  * @inode2: second inode
692  */
unlock_2_inodes(struct inode * inode1,struct inode * inode2)693 static void unlock_2_inodes(struct inode *inode1, struct inode *inode2)
694 {
695 	mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
696 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
697 }
698 
ubifs_link(struct dentry * old_dentry,struct inode * dir,struct dentry * dentry)699 static int ubifs_link(struct dentry *old_dentry, struct inode *dir,
700 		      struct dentry *dentry)
701 {
702 	struct ubifs_info *c = dir->i_sb->s_fs_info;
703 	struct inode *inode = d_inode(old_dentry);
704 	struct ubifs_inode *ui = ubifs_inode(inode);
705 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
706 	int err, sz_change = CALC_DENT_SIZE(dentry->d_name.len);
707 	struct ubifs_budget_req req = { .new_dent = 1, .dirtied_ino = 2,
708 				.dirtied_ino_d = ALIGN(ui->data_len, 8) };
709 	struct fscrypt_name nm;
710 
711 	/*
712 	 * Budget request settings: new direntry, changing the target inode,
713 	 * changing the parent inode.
714 	 */
715 
716 	dbg_gen("dent '%pd' to ino %lu (nlink %d) in dir ino %lu",
717 		dentry, inode->i_ino,
718 		inode->i_nlink, dir->i_ino);
719 	ubifs_assert(c, inode_is_locked(dir));
720 	ubifs_assert(c, inode_is_locked(inode));
721 
722 	err = fscrypt_prepare_link(old_dentry, dir, dentry);
723 	if (err)
724 		return err;
725 
726 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
727 	if (err)
728 		return err;
729 
730 	err = dbg_check_synced_i_size(c, inode);
731 	if (err)
732 		goto out_fname;
733 
734 	err = ubifs_budget_space(c, &req);
735 	if (err)
736 		goto out_fname;
737 
738 	lock_2_inodes(dir, inode);
739 
740 	/* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
741 	if (inode->i_nlink == 0)
742 		ubifs_delete_orphan(c, inode->i_ino);
743 
744 	inc_nlink(inode);
745 	ihold(inode);
746 	inode->i_ctime = current_time(inode);
747 	dir->i_size += sz_change;
748 	dir_ui->ui_size = dir->i_size;
749 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
750 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
751 	if (err)
752 		goto out_cancel;
753 	unlock_2_inodes(dir, inode);
754 
755 	ubifs_release_budget(c, &req);
756 	d_instantiate(dentry, inode);
757 	fscrypt_free_filename(&nm);
758 	return 0;
759 
760 out_cancel:
761 	dir->i_size -= sz_change;
762 	dir_ui->ui_size = dir->i_size;
763 	drop_nlink(inode);
764 	if (inode->i_nlink == 0)
765 		ubifs_add_orphan(c, inode->i_ino);
766 	unlock_2_inodes(dir, inode);
767 	ubifs_release_budget(c, &req);
768 	iput(inode);
769 out_fname:
770 	fscrypt_free_filename(&nm);
771 	return err;
772 }
773 
ubifs_unlink(struct inode * dir,struct dentry * dentry)774 static int ubifs_unlink(struct inode *dir, struct dentry *dentry)
775 {
776 	struct ubifs_info *c = dir->i_sb->s_fs_info;
777 	struct inode *inode = d_inode(dentry);
778 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
779 	int err, sz_change, budgeted = 1;
780 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
781 	unsigned int saved_nlink = inode->i_nlink;
782 	struct fscrypt_name nm;
783 
784 	/*
785 	 * Budget request settings: deletion direntry, deletion inode (+1 for
786 	 * @dirtied_ino), changing the parent directory inode. If budgeting
787 	 * fails, go ahead anyway because we have extra space reserved for
788 	 * deletions.
789 	 */
790 
791 	dbg_gen("dent '%pd' from ino %lu (nlink %d) in dir ino %lu",
792 		dentry, inode->i_ino,
793 		inode->i_nlink, dir->i_ino);
794 
795 	if (ubifs_crypt_is_encrypted(dir)) {
796 		err = fscrypt_get_encryption_info(dir);
797 		if (err && err != -ENOKEY)
798 			return err;
799 	}
800 
801 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
802 	if (err)
803 		return err;
804 
805 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
806 
807 	ubifs_assert(c, inode_is_locked(dir));
808 	ubifs_assert(c, inode_is_locked(inode));
809 	err = dbg_check_synced_i_size(c, inode);
810 	if (err)
811 		goto out_fname;
812 
813 	err = ubifs_budget_space(c, &req);
814 	if (err) {
815 		if (err != -ENOSPC)
816 			goto out_fname;
817 		budgeted = 0;
818 	}
819 
820 	lock_2_inodes(dir, inode);
821 	inode->i_ctime = current_time(dir);
822 	drop_nlink(inode);
823 	dir->i_size -= sz_change;
824 	dir_ui->ui_size = dir->i_size;
825 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
826 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
827 	if (err)
828 		goto out_cancel;
829 	unlock_2_inodes(dir, inode);
830 
831 	if (budgeted)
832 		ubifs_release_budget(c, &req);
833 	else {
834 		/* We've deleted something - clean the "no space" flags */
835 		c->bi.nospace = c->bi.nospace_rp = 0;
836 		smp_wmb();
837 	}
838 	fscrypt_free_filename(&nm);
839 	return 0;
840 
841 out_cancel:
842 	dir->i_size += sz_change;
843 	dir_ui->ui_size = dir->i_size;
844 	set_nlink(inode, saved_nlink);
845 	unlock_2_inodes(dir, inode);
846 	if (budgeted)
847 		ubifs_release_budget(c, &req);
848 out_fname:
849 	fscrypt_free_filename(&nm);
850 	return err;
851 }
852 
853 /**
854  * check_dir_empty - check if a directory is empty or not.
855  * @dir: VFS inode object of the directory to check
856  *
857  * This function checks if directory @dir is empty. Returns zero if the
858  * directory is empty, %-ENOTEMPTY if it is not, and other negative error codes
859  * in case of of errors.
860  */
ubifs_check_dir_empty(struct inode * dir)861 int ubifs_check_dir_empty(struct inode *dir)
862 {
863 	struct ubifs_info *c = dir->i_sb->s_fs_info;
864 	struct fscrypt_name nm = { 0 };
865 	struct ubifs_dent_node *dent;
866 	union ubifs_key key;
867 	int err;
868 
869 	lowest_dent_key(c, &key, dir->i_ino);
870 	dent = ubifs_tnc_next_ent(c, &key, &nm);
871 	if (IS_ERR(dent)) {
872 		err = PTR_ERR(dent);
873 		if (err == -ENOENT)
874 			err = 0;
875 	} else {
876 		kfree(dent);
877 		err = -ENOTEMPTY;
878 	}
879 	return err;
880 }
881 
ubifs_rmdir(struct inode * dir,struct dentry * dentry)882 static int ubifs_rmdir(struct inode *dir, struct dentry *dentry)
883 {
884 	struct ubifs_info *c = dir->i_sb->s_fs_info;
885 	struct inode *inode = d_inode(dentry);
886 	int err, sz_change, budgeted = 1;
887 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
888 	struct ubifs_budget_req req = { .mod_dent = 1, .dirtied_ino = 2 };
889 	struct fscrypt_name nm;
890 
891 	/*
892 	 * Budget request settings: deletion direntry, deletion inode and
893 	 * changing the parent inode. If budgeting fails, go ahead anyway
894 	 * because we have extra space reserved for deletions.
895 	 */
896 
897 	dbg_gen("directory '%pd', ino %lu in dir ino %lu", dentry,
898 		inode->i_ino, dir->i_ino);
899 	ubifs_assert(c, inode_is_locked(dir));
900 	ubifs_assert(c, inode_is_locked(inode));
901 	err = ubifs_check_dir_empty(d_inode(dentry));
902 	if (err)
903 		return err;
904 
905 	if (ubifs_crypt_is_encrypted(dir)) {
906 		err = fscrypt_get_encryption_info(dir);
907 		if (err && err != -ENOKEY)
908 			return err;
909 	}
910 
911 	err = fscrypt_setup_filename(dir, &dentry->d_name, 1, &nm);
912 	if (err)
913 		return err;
914 
915 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
916 
917 	err = ubifs_budget_space(c, &req);
918 	if (err) {
919 		if (err != -ENOSPC)
920 			goto out_fname;
921 		budgeted = 0;
922 	}
923 
924 	lock_2_inodes(dir, inode);
925 	inode->i_ctime = current_time(dir);
926 	clear_nlink(inode);
927 	drop_nlink(dir);
928 	dir->i_size -= sz_change;
929 	dir_ui->ui_size = dir->i_size;
930 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
931 	err = ubifs_jnl_update(c, dir, &nm, inode, 1, 0);
932 	if (err)
933 		goto out_cancel;
934 	unlock_2_inodes(dir, inode);
935 
936 	if (budgeted)
937 		ubifs_release_budget(c, &req);
938 	else {
939 		/* We've deleted something - clean the "no space" flags */
940 		c->bi.nospace = c->bi.nospace_rp = 0;
941 		smp_wmb();
942 	}
943 	fscrypt_free_filename(&nm);
944 	return 0;
945 
946 out_cancel:
947 	dir->i_size += sz_change;
948 	dir_ui->ui_size = dir->i_size;
949 	inc_nlink(dir);
950 	set_nlink(inode, 2);
951 	unlock_2_inodes(dir, inode);
952 	if (budgeted)
953 		ubifs_release_budget(c, &req);
954 out_fname:
955 	fscrypt_free_filename(&nm);
956 	return err;
957 }
958 
ubifs_mkdir(struct inode * dir,struct dentry * dentry,umode_t mode)959 static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
960 {
961 	struct inode *inode;
962 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
963 	struct ubifs_info *c = dir->i_sb->s_fs_info;
964 	int err, sz_change;
965 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1 };
966 	struct fscrypt_name nm;
967 
968 	/*
969 	 * Budget request settings: new inode, new direntry and changing parent
970 	 * directory inode.
971 	 */
972 
973 	dbg_gen("dent '%pd', mode %#hx in dir ino %lu",
974 		dentry, mode, dir->i_ino);
975 
976 	err = ubifs_budget_space(c, &req);
977 	if (err)
978 		return err;
979 
980 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
981 	if (err)
982 		goto out_budg;
983 
984 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
985 
986 	inode = ubifs_new_inode(c, dir, S_IFDIR | mode);
987 	if (IS_ERR(inode)) {
988 		err = PTR_ERR(inode);
989 		goto out_fname;
990 	}
991 
992 	err = ubifs_init_security(dir, inode, &dentry->d_name);
993 	if (err)
994 		goto out_inode;
995 
996 	mutex_lock(&dir_ui->ui_mutex);
997 	insert_inode_hash(inode);
998 	inc_nlink(inode);
999 	inc_nlink(dir);
1000 	dir->i_size += sz_change;
1001 	dir_ui->ui_size = dir->i_size;
1002 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1003 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1004 	if (err) {
1005 		ubifs_err(c, "cannot create directory, error %d", err);
1006 		goto out_cancel;
1007 	}
1008 	mutex_unlock(&dir_ui->ui_mutex);
1009 
1010 	ubifs_release_budget(c, &req);
1011 	d_instantiate(dentry, inode);
1012 	fscrypt_free_filename(&nm);
1013 	return 0;
1014 
1015 out_cancel:
1016 	dir->i_size -= sz_change;
1017 	dir_ui->ui_size = dir->i_size;
1018 	drop_nlink(dir);
1019 	mutex_unlock(&dir_ui->ui_mutex);
1020 out_inode:
1021 	make_bad_inode(inode);
1022 	iput(inode);
1023 out_fname:
1024 	fscrypt_free_filename(&nm);
1025 out_budg:
1026 	ubifs_release_budget(c, &req);
1027 	return err;
1028 }
1029 
ubifs_mknod(struct inode * dir,struct dentry * dentry,umode_t mode,dev_t rdev)1030 static int ubifs_mknod(struct inode *dir, struct dentry *dentry,
1031 		       umode_t mode, dev_t rdev)
1032 {
1033 	struct inode *inode;
1034 	struct ubifs_inode *ui;
1035 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1036 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1037 	union ubifs_dev_desc *dev = NULL;
1038 	int sz_change;
1039 	int err, devlen = 0;
1040 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1041 					.dirtied_ino = 1 };
1042 	struct fscrypt_name nm;
1043 
1044 	/*
1045 	 * Budget request settings: new inode, new direntry and changing parent
1046 	 * directory inode.
1047 	 */
1048 
1049 	dbg_gen("dent '%pd' in dir ino %lu", dentry, dir->i_ino);
1050 
1051 	if (S_ISBLK(mode) || S_ISCHR(mode)) {
1052 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1053 		if (!dev)
1054 			return -ENOMEM;
1055 		devlen = ubifs_encode_dev(dev, rdev);
1056 	}
1057 
1058 	req.new_ino_d = ALIGN(devlen, 8);
1059 	err = ubifs_budget_space(c, &req);
1060 	if (err) {
1061 		kfree(dev);
1062 		return err;
1063 	}
1064 
1065 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
1066 	if (err) {
1067 		kfree(dev);
1068 		goto out_budg;
1069 	}
1070 
1071 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1072 
1073 	inode = ubifs_new_inode(c, dir, mode);
1074 	if (IS_ERR(inode)) {
1075 		kfree(dev);
1076 		err = PTR_ERR(inode);
1077 		goto out_fname;
1078 	}
1079 
1080 	init_special_inode(inode, inode->i_mode, rdev);
1081 	inode->i_size = ubifs_inode(inode)->ui_size = devlen;
1082 	ui = ubifs_inode(inode);
1083 	ui->data = dev;
1084 	ui->data_len = devlen;
1085 
1086 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1087 	if (err)
1088 		goto out_inode;
1089 
1090 	mutex_lock(&dir_ui->ui_mutex);
1091 	dir->i_size += sz_change;
1092 	dir_ui->ui_size = dir->i_size;
1093 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1094 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1095 	if (err)
1096 		goto out_cancel;
1097 	mutex_unlock(&dir_ui->ui_mutex);
1098 
1099 	ubifs_release_budget(c, &req);
1100 	insert_inode_hash(inode);
1101 	d_instantiate(dentry, inode);
1102 	fscrypt_free_filename(&nm);
1103 	return 0;
1104 
1105 out_cancel:
1106 	dir->i_size -= sz_change;
1107 	dir_ui->ui_size = dir->i_size;
1108 	mutex_unlock(&dir_ui->ui_mutex);
1109 out_inode:
1110 	make_bad_inode(inode);
1111 	iput(inode);
1112 out_fname:
1113 	fscrypt_free_filename(&nm);
1114 out_budg:
1115 	ubifs_release_budget(c, &req);
1116 	return err;
1117 }
1118 
ubifs_symlink(struct inode * dir,struct dentry * dentry,const char * symname)1119 static int ubifs_symlink(struct inode *dir, struct dentry *dentry,
1120 			 const char *symname)
1121 {
1122 	struct inode *inode;
1123 	struct ubifs_inode *ui;
1124 	struct ubifs_inode *dir_ui = ubifs_inode(dir);
1125 	struct ubifs_info *c = dir->i_sb->s_fs_info;
1126 	int err, sz_change, len = strlen(symname);
1127 	struct fscrypt_str disk_link;
1128 	struct ubifs_budget_req req = { .new_ino = 1, .new_dent = 1,
1129 					.new_ino_d = ALIGN(len, 8),
1130 					.dirtied_ino = 1 };
1131 	struct fscrypt_name nm;
1132 
1133 	dbg_gen("dent '%pd', target '%s' in dir ino %lu", dentry,
1134 		symname, dir->i_ino);
1135 
1136 	err = fscrypt_prepare_symlink(dir, symname, len, UBIFS_MAX_INO_DATA,
1137 				      &disk_link);
1138 	if (err)
1139 		return err;
1140 
1141 	/*
1142 	 * Budget request settings: new inode, new direntry and changing parent
1143 	 * directory inode.
1144 	 */
1145 	err = ubifs_budget_space(c, &req);
1146 	if (err)
1147 		return err;
1148 
1149 	err = fscrypt_setup_filename(dir, &dentry->d_name, 0, &nm);
1150 	if (err)
1151 		goto out_budg;
1152 
1153 	sz_change = CALC_DENT_SIZE(fname_len(&nm));
1154 
1155 	inode = ubifs_new_inode(c, dir, S_IFLNK | S_IRWXUGO);
1156 	if (IS_ERR(inode)) {
1157 		err = PTR_ERR(inode);
1158 		goto out_fname;
1159 	}
1160 
1161 	ui = ubifs_inode(inode);
1162 	ui->data = kmalloc(disk_link.len, GFP_NOFS);
1163 	if (!ui->data) {
1164 		err = -ENOMEM;
1165 		goto out_inode;
1166 	}
1167 
1168 	if (IS_ENCRYPTED(inode)) {
1169 		disk_link.name = ui->data; /* encrypt directly into ui->data */
1170 		err = fscrypt_encrypt_symlink(inode, symname, len, &disk_link);
1171 		if (err)
1172 			goto out_inode;
1173 	} else {
1174 		memcpy(ui->data, disk_link.name, disk_link.len);
1175 		inode->i_link = ui->data;
1176 	}
1177 
1178 	/*
1179 	 * The terminating zero byte is not written to the flash media and it
1180 	 * is put just to make later in-memory string processing simpler. Thus,
1181 	 * data length is @disk_link.len - 1, not @disk_link.len.
1182 	 */
1183 	ui->data_len = disk_link.len - 1;
1184 	inode->i_size = ubifs_inode(inode)->ui_size = disk_link.len - 1;
1185 
1186 	err = ubifs_init_security(dir, inode, &dentry->d_name);
1187 	if (err)
1188 		goto out_inode;
1189 
1190 	mutex_lock(&dir_ui->ui_mutex);
1191 	dir->i_size += sz_change;
1192 	dir_ui->ui_size = dir->i_size;
1193 	dir->i_mtime = dir->i_ctime = inode->i_ctime;
1194 	err = ubifs_jnl_update(c, dir, &nm, inode, 0, 0);
1195 	if (err)
1196 		goto out_cancel;
1197 	mutex_unlock(&dir_ui->ui_mutex);
1198 
1199 	insert_inode_hash(inode);
1200 	d_instantiate(dentry, inode);
1201 	err = 0;
1202 	goto out_fname;
1203 
1204 out_cancel:
1205 	dir->i_size -= sz_change;
1206 	dir_ui->ui_size = dir->i_size;
1207 	mutex_unlock(&dir_ui->ui_mutex);
1208 out_inode:
1209 	make_bad_inode(inode);
1210 	iput(inode);
1211 out_fname:
1212 	fscrypt_free_filename(&nm);
1213 out_budg:
1214 	ubifs_release_budget(c, &req);
1215 	return err;
1216 }
1217 
1218 /**
1219  * lock_4_inodes - a wrapper for locking three UBIFS inodes.
1220  * @inode1: first inode
1221  * @inode2: second inode
1222  * @inode3: third inode
1223  * @inode4: fouth inode
1224  *
1225  * This function is used for 'ubifs_rename()' and @inode1 may be the same as
1226  * @inode2 whereas @inode3 and @inode4 may be %NULL.
1227  *
1228  * We do not implement any tricks to guarantee strict lock ordering, because
1229  * VFS has already done it for us on the @i_mutex. So this is just a simple
1230  * wrapper function.
1231  */
lock_4_inodes(struct inode * inode1,struct inode * inode2,struct inode * inode3,struct inode * inode4)1232 static void lock_4_inodes(struct inode *inode1, struct inode *inode2,
1233 			  struct inode *inode3, struct inode *inode4)
1234 {
1235 	mutex_lock_nested(&ubifs_inode(inode1)->ui_mutex, WB_MUTEX_1);
1236 	if (inode2 != inode1)
1237 		mutex_lock_nested(&ubifs_inode(inode2)->ui_mutex, WB_MUTEX_2);
1238 	if (inode3)
1239 		mutex_lock_nested(&ubifs_inode(inode3)->ui_mutex, WB_MUTEX_3);
1240 	if (inode4)
1241 		mutex_lock_nested(&ubifs_inode(inode4)->ui_mutex, WB_MUTEX_4);
1242 }
1243 
1244 /**
1245  * unlock_4_inodes - a wrapper for unlocking three UBIFS inodes for rename.
1246  * @inode1: first inode
1247  * @inode2: second inode
1248  * @inode3: third inode
1249  * @inode4: fouth inode
1250  */
unlock_4_inodes(struct inode * inode1,struct inode * inode2,struct inode * inode3,struct inode * inode4)1251 static void unlock_4_inodes(struct inode *inode1, struct inode *inode2,
1252 			    struct inode *inode3, struct inode *inode4)
1253 {
1254 	if (inode4)
1255 		mutex_unlock(&ubifs_inode(inode4)->ui_mutex);
1256 	if (inode3)
1257 		mutex_unlock(&ubifs_inode(inode3)->ui_mutex);
1258 	if (inode1 != inode2)
1259 		mutex_unlock(&ubifs_inode(inode2)->ui_mutex);
1260 	mutex_unlock(&ubifs_inode(inode1)->ui_mutex);
1261 }
1262 
do_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)1263 static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
1264 		     struct inode *new_dir, struct dentry *new_dentry,
1265 		     unsigned int flags)
1266 {
1267 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1268 	struct inode *old_inode = d_inode(old_dentry);
1269 	struct inode *new_inode = d_inode(new_dentry);
1270 	struct inode *whiteout = NULL;
1271 	struct ubifs_inode *old_inode_ui = ubifs_inode(old_inode);
1272 	struct ubifs_inode *whiteout_ui = NULL;
1273 	int err, release, sync = 0, move = (new_dir != old_dir);
1274 	int is_dir = S_ISDIR(old_inode->i_mode);
1275 	int unlink = !!new_inode, new_sz, old_sz;
1276 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1277 					.dirtied_ino = 3 };
1278 	struct ubifs_budget_req ino_req = { .dirtied_ino = 1,
1279 			.dirtied_ino_d = ALIGN(old_inode_ui->data_len, 8) };
1280 	struct timespec64 time;
1281 	unsigned int uninitialized_var(saved_nlink);
1282 	struct fscrypt_name old_nm, new_nm;
1283 
1284 	/*
1285 	 * Budget request settings: deletion direntry, new direntry, removing
1286 	 * the old inode, and changing old and new parent directory inodes.
1287 	 *
1288 	 * However, this operation also marks the target inode as dirty and
1289 	 * does not write it, so we allocate budget for the target inode
1290 	 * separately.
1291 	 */
1292 
1293 	dbg_gen("dent '%pd' ino %lu in dir ino %lu to dent '%pd' in dir ino %lu flags 0x%x",
1294 		old_dentry, old_inode->i_ino, old_dir->i_ino,
1295 		new_dentry, new_dir->i_ino, flags);
1296 
1297 	if (unlink)
1298 		ubifs_assert(c, inode_is_locked(new_inode));
1299 
1300 	if (unlink && is_dir) {
1301 		err = ubifs_check_dir_empty(new_inode);
1302 		if (err)
1303 			return err;
1304 	}
1305 
1306 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &old_nm);
1307 	if (err)
1308 		return err;
1309 
1310 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &new_nm);
1311 	if (err) {
1312 		fscrypt_free_filename(&old_nm);
1313 		return err;
1314 	}
1315 
1316 	new_sz = CALC_DENT_SIZE(fname_len(&new_nm));
1317 	old_sz = CALC_DENT_SIZE(fname_len(&old_nm));
1318 
1319 	err = ubifs_budget_space(c, &req);
1320 	if (err) {
1321 		fscrypt_free_filename(&old_nm);
1322 		fscrypt_free_filename(&new_nm);
1323 		return err;
1324 	}
1325 	err = ubifs_budget_space(c, &ino_req);
1326 	if (err) {
1327 		fscrypt_free_filename(&old_nm);
1328 		fscrypt_free_filename(&new_nm);
1329 		ubifs_release_budget(c, &req);
1330 		return err;
1331 	}
1332 
1333 	if (flags & RENAME_WHITEOUT) {
1334 		union ubifs_dev_desc *dev = NULL;
1335 
1336 		dev = kmalloc(sizeof(union ubifs_dev_desc), GFP_NOFS);
1337 		if (!dev) {
1338 			err = -ENOMEM;
1339 			goto out_release;
1340 		}
1341 
1342 		err = do_tmpfile(old_dir, old_dentry, S_IFCHR | WHITEOUT_MODE, &whiteout);
1343 		if (err) {
1344 			kfree(dev);
1345 			goto out_release;
1346 		}
1347 
1348 		whiteout->i_state |= I_LINKABLE;
1349 		whiteout_ui = ubifs_inode(whiteout);
1350 		whiteout_ui->data = dev;
1351 		whiteout_ui->data_len = ubifs_encode_dev(dev, MKDEV(0, 0));
1352 		ubifs_assert(c, !whiteout_ui->dirty);
1353 	}
1354 
1355 	lock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1356 
1357 	/*
1358 	 * Like most other Unix systems, set the @i_ctime for inodes on a
1359 	 * rename.
1360 	 */
1361 	time = current_time(old_dir);
1362 	old_inode->i_ctime = time;
1363 
1364 	/* We must adjust parent link count when renaming directories */
1365 	if (is_dir) {
1366 		if (move) {
1367 			/*
1368 			 * @old_dir loses a link because we are moving
1369 			 * @old_inode to a different directory.
1370 			 */
1371 			drop_nlink(old_dir);
1372 			/*
1373 			 * @new_dir only gains a link if we are not also
1374 			 * overwriting an existing directory.
1375 			 */
1376 			if (!unlink)
1377 				inc_nlink(new_dir);
1378 		} else {
1379 			/*
1380 			 * @old_inode is not moving to a different directory,
1381 			 * but @old_dir still loses a link if we are
1382 			 * overwriting an existing directory.
1383 			 */
1384 			if (unlink)
1385 				drop_nlink(old_dir);
1386 		}
1387 	}
1388 
1389 	old_dir->i_size -= old_sz;
1390 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1391 	old_dir->i_mtime = old_dir->i_ctime = time;
1392 	new_dir->i_mtime = new_dir->i_ctime = time;
1393 
1394 	/*
1395 	 * And finally, if we unlinked a direntry which happened to have the
1396 	 * same name as the moved direntry, we have to decrement @i_nlink of
1397 	 * the unlinked inode and change its ctime.
1398 	 */
1399 	if (unlink) {
1400 		/*
1401 		 * Directories cannot have hard-links, so if this is a
1402 		 * directory, just clear @i_nlink.
1403 		 */
1404 		saved_nlink = new_inode->i_nlink;
1405 		if (is_dir)
1406 			clear_nlink(new_inode);
1407 		else
1408 			drop_nlink(new_inode);
1409 		new_inode->i_ctime = time;
1410 	} else {
1411 		new_dir->i_size += new_sz;
1412 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1413 	}
1414 
1415 	/*
1416 	 * Do not ask 'ubifs_jnl_rename()' to flush write-buffer if @old_inode
1417 	 * is dirty, because this will be done later on at the end of
1418 	 * 'ubifs_rename()'.
1419 	 */
1420 	if (IS_SYNC(old_inode)) {
1421 		sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1422 		if (unlink && IS_SYNC(new_inode))
1423 			sync = 1;
1424 	}
1425 
1426 	if (whiteout) {
1427 		struct ubifs_budget_req wht_req = { .dirtied_ino = 1,
1428 				.dirtied_ino_d = \
1429 				ALIGN(ubifs_inode(whiteout)->data_len, 8) };
1430 
1431 		err = ubifs_budget_space(c, &wht_req);
1432 		if (err) {
1433 			kfree(whiteout_ui->data);
1434 			whiteout_ui->data_len = 0;
1435 			iput(whiteout);
1436 			goto out_release;
1437 		}
1438 
1439 		inc_nlink(whiteout);
1440 		mark_inode_dirty(whiteout);
1441 		whiteout->i_state &= ~I_LINKABLE;
1442 		iput(whiteout);
1443 	}
1444 
1445 	err = ubifs_jnl_rename(c, old_dir, old_inode, &old_nm, new_dir,
1446 			       new_inode, &new_nm, whiteout, sync);
1447 	if (err)
1448 		goto out_cancel;
1449 
1450 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1451 	ubifs_release_budget(c, &req);
1452 
1453 	mutex_lock(&old_inode_ui->ui_mutex);
1454 	release = old_inode_ui->dirty;
1455 	mark_inode_dirty_sync(old_inode);
1456 	mutex_unlock(&old_inode_ui->ui_mutex);
1457 
1458 	if (release)
1459 		ubifs_release_budget(c, &ino_req);
1460 	if (IS_SYNC(old_inode))
1461 		err = old_inode->i_sb->s_op->write_inode(old_inode, NULL);
1462 
1463 	fscrypt_free_filename(&old_nm);
1464 	fscrypt_free_filename(&new_nm);
1465 	return err;
1466 
1467 out_cancel:
1468 	if (unlink) {
1469 		set_nlink(new_inode, saved_nlink);
1470 	} else {
1471 		new_dir->i_size -= new_sz;
1472 		ubifs_inode(new_dir)->ui_size = new_dir->i_size;
1473 	}
1474 	old_dir->i_size += old_sz;
1475 	ubifs_inode(old_dir)->ui_size = old_dir->i_size;
1476 	if (is_dir) {
1477 		if (move) {
1478 			inc_nlink(old_dir);
1479 			if (!unlink)
1480 				drop_nlink(new_dir);
1481 		} else {
1482 			if (unlink)
1483 				inc_nlink(old_dir);
1484 		}
1485 	}
1486 	if (whiteout) {
1487 		drop_nlink(whiteout);
1488 		iput(whiteout);
1489 	}
1490 	unlock_4_inodes(old_dir, new_dir, new_inode, whiteout);
1491 out_release:
1492 	ubifs_release_budget(c, &ino_req);
1493 	ubifs_release_budget(c, &req);
1494 	fscrypt_free_filename(&old_nm);
1495 	fscrypt_free_filename(&new_nm);
1496 	return err;
1497 }
1498 
ubifs_xrename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry)1499 static int ubifs_xrename(struct inode *old_dir, struct dentry *old_dentry,
1500 			struct inode *new_dir, struct dentry *new_dentry)
1501 {
1502 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1503 	struct ubifs_budget_req req = { .new_dent = 1, .mod_dent = 1,
1504 				.dirtied_ino = 2 };
1505 	int sync = IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir);
1506 	struct inode *fst_inode = d_inode(old_dentry);
1507 	struct inode *snd_inode = d_inode(new_dentry);
1508 	struct timespec64 time;
1509 	int err;
1510 	struct fscrypt_name fst_nm, snd_nm;
1511 
1512 	ubifs_assert(c, fst_inode && snd_inode);
1513 
1514 	err = fscrypt_setup_filename(old_dir, &old_dentry->d_name, 0, &fst_nm);
1515 	if (err)
1516 		return err;
1517 
1518 	err = fscrypt_setup_filename(new_dir, &new_dentry->d_name, 0, &snd_nm);
1519 	if (err) {
1520 		fscrypt_free_filename(&fst_nm);
1521 		return err;
1522 	}
1523 
1524 	lock_4_inodes(old_dir, new_dir, NULL, NULL);
1525 
1526 	time = current_time(old_dir);
1527 	fst_inode->i_ctime = time;
1528 	snd_inode->i_ctime = time;
1529 	old_dir->i_mtime = old_dir->i_ctime = time;
1530 	new_dir->i_mtime = new_dir->i_ctime = time;
1531 
1532 	if (old_dir != new_dir) {
1533 		if (S_ISDIR(fst_inode->i_mode) && !S_ISDIR(snd_inode->i_mode)) {
1534 			inc_nlink(new_dir);
1535 			drop_nlink(old_dir);
1536 		}
1537 		else if (!S_ISDIR(fst_inode->i_mode) && S_ISDIR(snd_inode->i_mode)) {
1538 			drop_nlink(new_dir);
1539 			inc_nlink(old_dir);
1540 		}
1541 	}
1542 
1543 	err = ubifs_jnl_xrename(c, old_dir, fst_inode, &fst_nm, new_dir,
1544 				snd_inode, &snd_nm, sync);
1545 
1546 	unlock_4_inodes(old_dir, new_dir, NULL, NULL);
1547 	ubifs_release_budget(c, &req);
1548 
1549 	fscrypt_free_filename(&fst_nm);
1550 	fscrypt_free_filename(&snd_nm);
1551 	return err;
1552 }
1553 
ubifs_rename(struct inode * old_dir,struct dentry * old_dentry,struct inode * new_dir,struct dentry * new_dentry,unsigned int flags)1554 static int ubifs_rename(struct inode *old_dir, struct dentry *old_dentry,
1555 			struct inode *new_dir, struct dentry *new_dentry,
1556 			unsigned int flags)
1557 {
1558 	int err;
1559 	struct ubifs_info *c = old_dir->i_sb->s_fs_info;
1560 
1561 	if (flags & ~(RENAME_NOREPLACE | RENAME_WHITEOUT | RENAME_EXCHANGE))
1562 		return -EINVAL;
1563 
1564 	ubifs_assert(c, inode_is_locked(old_dir));
1565 	ubifs_assert(c, inode_is_locked(new_dir));
1566 
1567 	err = fscrypt_prepare_rename(old_dir, old_dentry, new_dir, new_dentry,
1568 				     flags);
1569 	if (err)
1570 		return err;
1571 
1572 	if (flags & RENAME_EXCHANGE)
1573 		return ubifs_xrename(old_dir, old_dentry, new_dir, new_dentry);
1574 
1575 	return do_rename(old_dir, old_dentry, new_dir, new_dentry, flags);
1576 }
1577 
ubifs_getattr(const struct path * path,struct kstat * stat,u32 request_mask,unsigned int flags)1578 int ubifs_getattr(const struct path *path, struct kstat *stat,
1579 		  u32 request_mask, unsigned int flags)
1580 {
1581 	loff_t size;
1582 	struct inode *inode = d_inode(path->dentry);
1583 	struct ubifs_inode *ui = ubifs_inode(inode);
1584 
1585 	mutex_lock(&ui->ui_mutex);
1586 
1587 	if (ui->flags & UBIFS_APPEND_FL)
1588 		stat->attributes |= STATX_ATTR_APPEND;
1589 	if (ui->flags & UBIFS_COMPR_FL)
1590 		stat->attributes |= STATX_ATTR_COMPRESSED;
1591 	if (ui->flags & UBIFS_CRYPT_FL)
1592 		stat->attributes |= STATX_ATTR_ENCRYPTED;
1593 	if (ui->flags & UBIFS_IMMUTABLE_FL)
1594 		stat->attributes |= STATX_ATTR_IMMUTABLE;
1595 
1596 	stat->attributes_mask |= (STATX_ATTR_APPEND |
1597 				STATX_ATTR_COMPRESSED |
1598 				STATX_ATTR_ENCRYPTED |
1599 				STATX_ATTR_IMMUTABLE);
1600 
1601 	generic_fillattr(inode, stat);
1602 	stat->blksize = UBIFS_BLOCK_SIZE;
1603 	stat->size = ui->ui_size;
1604 
1605 	/*
1606 	 * Unfortunately, the 'stat()' system call was designed for block
1607 	 * device based file systems, and it is not appropriate for UBIFS,
1608 	 * because UBIFS does not have notion of "block". For example, it is
1609 	 * difficult to tell how many block a directory takes - it actually
1610 	 * takes less than 300 bytes, but we have to round it to block size,
1611 	 * which introduces large mistake. This makes utilities like 'du' to
1612 	 * report completely senseless numbers. This is the reason why UBIFS
1613 	 * goes the same way as JFFS2 - it reports zero blocks for everything
1614 	 * but regular files, which makes more sense than reporting completely
1615 	 * wrong sizes.
1616 	 */
1617 	if (S_ISREG(inode->i_mode)) {
1618 		size = ui->xattr_size;
1619 		size += stat->size;
1620 		size = ALIGN(size, UBIFS_BLOCK_SIZE);
1621 		/*
1622 		 * Note, user-space expects 512-byte blocks count irrespectively
1623 		 * of what was reported in @stat->size.
1624 		 */
1625 		stat->blocks = size >> 9;
1626 	} else
1627 		stat->blocks = 0;
1628 	mutex_unlock(&ui->ui_mutex);
1629 	return 0;
1630 }
1631 
ubifs_dir_open(struct inode * dir,struct file * file)1632 static int ubifs_dir_open(struct inode *dir, struct file *file)
1633 {
1634 	if (ubifs_crypt_is_encrypted(dir))
1635 		return fscrypt_get_encryption_info(dir) ? -EACCES : 0;
1636 
1637 	return 0;
1638 }
1639 
1640 const struct inode_operations ubifs_dir_inode_operations = {
1641 	.lookup      = ubifs_lookup,
1642 	.create      = ubifs_create,
1643 	.link        = ubifs_link,
1644 	.symlink     = ubifs_symlink,
1645 	.unlink      = ubifs_unlink,
1646 	.mkdir       = ubifs_mkdir,
1647 	.rmdir       = ubifs_rmdir,
1648 	.mknod       = ubifs_mknod,
1649 	.rename      = ubifs_rename,
1650 	.setattr     = ubifs_setattr,
1651 	.getattr     = ubifs_getattr,
1652 #ifdef CONFIG_UBIFS_FS_XATTR
1653 	.listxattr   = ubifs_listxattr,
1654 #endif
1655 #ifdef CONFIG_UBIFS_ATIME_SUPPORT
1656 	.update_time = ubifs_update_time,
1657 #endif
1658 	.tmpfile     = ubifs_tmpfile,
1659 };
1660 
1661 const struct file_operations ubifs_dir_operations = {
1662 	.llseek         = generic_file_llseek,
1663 	.release        = ubifs_dir_release,
1664 	.read           = generic_read_dir,
1665 	.iterate_shared = ubifs_readdir,
1666 	.fsync          = ubifs_fsync,
1667 	.unlocked_ioctl = ubifs_ioctl,
1668 	.open		= ubifs_dir_open,
1669 #ifdef CONFIG_COMPAT
1670 	.compat_ioctl   = ubifs_compat_ioctl,
1671 #endif
1672 };
1673