mirror of
https://github.com/torvalds/linux.git
synced 2025-04-09 14:45:27 +00:00
88d5baf690
Some filesystems, such as NFS, cifs, ceph, and fuse, do not have
complete control of sequencing on the actual filesystem (e.g. on a
different server) and may find that the inode created for a mkdir
request already exists in the icache and dcache by the time the mkdir
request returns. For example, if the filesystem is mounted twice the
directory could be visible on the other mount before it is on the
original mount, and a pair of name_to_handle_at(), open_by_handle_at()
calls could instantiate the directory inode with an IS_ROOT() dentry
before the first mkdir returns.
This means that the dentry passed to ->mkdir() may not be the one that
is associated with the inode after the ->mkdir() completes. Some
callers need to interact with the inode after the ->mkdir completes and
they currently need to perform a lookup in the (rare) case that the
dentry is no longer hashed.
This lookup-after-mkdir requires that the directory remains locked to
avoid races. Planned future patches to lock the dentry rather than the
directory will mean that this lookup cannot be performed atomically with
the mkdir.
To remove this barrier, this patch changes ->mkdir to return the
resulting dentry if it is different from the one passed in.
Possible returns are:
NULL - the directory was created and no other dentry was used
ERR_PTR() - an error occurred
non-NULL - this other dentry was spliced in
This patch only changes file-systems to return "ERR_PTR(err)" instead of
"err" or equivalent transformations. Subsequent patches will make
further changes to some file-systems to return a correct dentry.
Not all filesystems reliably result in a positive hashed dentry:
- NFS, cifs, hostfs will sometimes need to perform a lookup of
the name to get inode information. Races could result in this
returning something different. Note that this lookup is
non-atomic which is what we are trying to avoid. Placing the
lookup in filesystem code means it only happens when the filesystem
has no other option.
- kernfs and tracefs leave the dentry negative and the ->revalidate
operation ensures that lookup will be called to correctly populate
the dentry. This could be fixed but I don't think it is important
to any of the users of vfs_mkdir() which look at the dentry.
The recommendation to use
d_drop();d_splice_alias()
is ugly but fits with current practice. A planned future patch will
change this.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: NeilBrown <neilb@suse.de>
Link: https://lore.kernel.org/r/20250227013949.536172-2-neilb@suse.de
Signed-off-by: Christian Brauner <brauner@kernel.org>
591 lines
14 KiB
C
591 lines
14 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
/*
|
|
* Directory operations for Coda filesystem
|
|
* Original version: (C) 1996 P. Braam and M. Callahan
|
|
* Rewritten for Linux 2.1. (C) 1997 Carnegie Mellon University
|
|
*
|
|
* Carnegie Mellon encourages users to contribute improvements to
|
|
* the Coda project. Contact Peter Braam (coda@cs.cmu.edu).
|
|
*/
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/time.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/file.h>
|
|
#include <linux/stat.h>
|
|
#include <linux/errno.h>
|
|
#include <linux/string.h>
|
|
#include <linux/spinlock.h>
|
|
#include <linux/namei.h>
|
|
#include <linux/uaccess.h>
|
|
|
|
#include <linux/coda.h>
|
|
#include "coda_psdev.h"
|
|
#include "coda_linux.h"
|
|
#include "coda_cache.h"
|
|
|
|
#include "coda_int.h"
|
|
|
|
/* same as fs/bad_inode.c */
|
|
static int coda_return_EIO(void)
|
|
{
|
|
return -EIO;
|
|
}
|
|
#define CODA_EIO_ERROR ((void *) (coda_return_EIO))
|
|
|
|
/* inode operations for directories */
|
|
/* access routines: lookup, readlink, permission */
|
|
static struct dentry *coda_lookup(struct inode *dir, struct dentry *entry, unsigned int flags)
|
|
{
|
|
struct super_block *sb = dir->i_sb;
|
|
const char *name = entry->d_name.name;
|
|
size_t length = entry->d_name.len;
|
|
struct inode *inode;
|
|
int type = 0;
|
|
|
|
if (length > CODA_MAXNAMLEN) {
|
|
pr_err("name too long: lookup, %s %zu\n",
|
|
coda_i2s(dir), length);
|
|
return ERR_PTR(-ENAMETOOLONG);
|
|
}
|
|
|
|
/* control object, create inode on the fly */
|
|
if (is_root_inode(dir) && coda_iscontrol(name, length)) {
|
|
inode = coda_cnode_makectl(sb);
|
|
type = CODA_NOCACHE;
|
|
} else {
|
|
struct CodaFid fid = { { 0, } };
|
|
int error = venus_lookup(sb, coda_i2f(dir), name, length,
|
|
&type, &fid);
|
|
inode = !error ? coda_cnode_make(&fid, sb) : ERR_PTR(error);
|
|
}
|
|
|
|
if (!IS_ERR(inode) && (type & CODA_NOCACHE))
|
|
coda_flag_inode(inode, C_VATTR | C_PURGE);
|
|
|
|
if (inode == ERR_PTR(-ENOENT))
|
|
inode = NULL;
|
|
|
|
return d_splice_alias(inode, entry);
|
|
}
|
|
|
|
|
|
int coda_permission(struct mnt_idmap *idmap, struct inode *inode,
|
|
int mask)
|
|
{
|
|
int error;
|
|
|
|
if (mask & MAY_NOT_BLOCK)
|
|
return -ECHILD;
|
|
|
|
mask &= MAY_READ | MAY_WRITE | MAY_EXEC;
|
|
|
|
if (!mask)
|
|
return 0;
|
|
|
|
if ((mask & MAY_EXEC) && !execute_ok(inode))
|
|
return -EACCES;
|
|
|
|
if (coda_cache_check(inode, mask))
|
|
return 0;
|
|
|
|
error = venus_access(inode->i_sb, coda_i2f(inode), mask);
|
|
|
|
if (!error)
|
|
coda_cache_enter(inode, mask);
|
|
|
|
return error;
|
|
}
|
|
|
|
|
|
static inline void coda_dir_update_mtime(struct inode *dir)
|
|
{
|
|
#ifdef REQUERY_VENUS_FOR_MTIME
|
|
/* invalidate the directory cnode's attributes so we refetch the
|
|
* attributes from venus next time the inode is referenced */
|
|
coda_flag_inode(dir, C_VATTR);
|
|
#else
|
|
/* optimistically we can also act as if our nose bleeds. The
|
|
* granularity of the mtime is coarse anyways so we might actually be
|
|
* right most of the time. Note: we only do this for directories. */
|
|
inode_set_mtime_to_ts(dir, inode_set_ctime_current(dir));
|
|
#endif
|
|
}
|
|
|
|
/* we have to wrap inc_nlink/drop_nlink because sometimes userspace uses a
|
|
* trick to fool GNU find's optimizations. If we can't be sure of the link
|
|
* (because of volume mount points) we set i_nlink to 1 which forces find
|
|
* to consider every child as a possible directory. We should also never
|
|
* see an increment or decrement for deleted directories where i_nlink == 0 */
|
|
static inline void coda_dir_inc_nlink(struct inode *dir)
|
|
{
|
|
if (dir->i_nlink >= 2)
|
|
inc_nlink(dir);
|
|
}
|
|
|
|
static inline void coda_dir_drop_nlink(struct inode *dir)
|
|
{
|
|
if (dir->i_nlink > 2)
|
|
drop_nlink(dir);
|
|
}
|
|
|
|
/* creation routines: create, mknod, mkdir, link, symlink */
|
|
static int coda_create(struct mnt_idmap *idmap, struct inode *dir,
|
|
struct dentry *de, umode_t mode, bool excl)
|
|
{
|
|
int error;
|
|
const char *name=de->d_name.name;
|
|
int length=de->d_name.len;
|
|
struct inode *inode;
|
|
struct CodaFid newfid;
|
|
struct coda_vattr attrs;
|
|
|
|
if (is_root_inode(dir) && coda_iscontrol(name, length))
|
|
return -EPERM;
|
|
|
|
error = venus_create(dir->i_sb, coda_i2f(dir), name, length,
|
|
0, mode, &newfid, &attrs);
|
|
if (error)
|
|
goto err_out;
|
|
|
|
inode = coda_iget(dir->i_sb, &newfid, &attrs);
|
|
if (IS_ERR(inode)) {
|
|
error = PTR_ERR(inode);
|
|
goto err_out;
|
|
}
|
|
|
|
/* invalidate the directory cnode's attributes */
|
|
coda_dir_update_mtime(dir);
|
|
d_instantiate(de, inode);
|
|
return 0;
|
|
err_out:
|
|
d_drop(de);
|
|
return error;
|
|
}
|
|
|
|
static struct dentry *coda_mkdir(struct mnt_idmap *idmap, struct inode *dir,
|
|
struct dentry *de, umode_t mode)
|
|
{
|
|
struct inode *inode;
|
|
struct coda_vattr attrs;
|
|
const char *name = de->d_name.name;
|
|
int len = de->d_name.len;
|
|
int error;
|
|
struct CodaFid newfid;
|
|
|
|
if (is_root_inode(dir) && coda_iscontrol(name, len))
|
|
return ERR_PTR(-EPERM);
|
|
|
|
attrs.va_mode = mode;
|
|
error = venus_mkdir(dir->i_sb, coda_i2f(dir),
|
|
name, len, &newfid, &attrs);
|
|
if (error)
|
|
goto err_out;
|
|
|
|
inode = coda_iget(dir->i_sb, &newfid, &attrs);
|
|
if (IS_ERR(inode)) {
|
|
error = PTR_ERR(inode);
|
|
goto err_out;
|
|
}
|
|
|
|
/* invalidate the directory cnode's attributes */
|
|
coda_dir_inc_nlink(dir);
|
|
coda_dir_update_mtime(dir);
|
|
d_instantiate(de, inode);
|
|
return NULL;
|
|
err_out:
|
|
d_drop(de);
|
|
return ERR_PTR(error);
|
|
}
|
|
|
|
/* try to make de an entry in dir_inodde linked to source_de */
|
|
static int coda_link(struct dentry *source_de, struct inode *dir_inode,
|
|
struct dentry *de)
|
|
{
|
|
struct inode *inode = d_inode(source_de);
|
|
const char * name = de->d_name.name;
|
|
int len = de->d_name.len;
|
|
int error;
|
|
|
|
if (is_root_inode(dir_inode) && coda_iscontrol(name, len))
|
|
return -EPERM;
|
|
|
|
error = venus_link(dir_inode->i_sb, coda_i2f(inode),
|
|
coda_i2f(dir_inode), (const char *)name, len);
|
|
if (error) {
|
|
d_drop(de);
|
|
return error;
|
|
}
|
|
|
|
coda_dir_update_mtime(dir_inode);
|
|
ihold(inode);
|
|
d_instantiate(de, inode);
|
|
inc_nlink(inode);
|
|
return 0;
|
|
}
|
|
|
|
|
|
static int coda_symlink(struct mnt_idmap *idmap,
|
|
struct inode *dir_inode, struct dentry *de,
|
|
const char *symname)
|
|
{
|
|
const char *name = de->d_name.name;
|
|
int len = de->d_name.len;
|
|
int symlen;
|
|
int error;
|
|
|
|
if (is_root_inode(dir_inode) && coda_iscontrol(name, len))
|
|
return -EPERM;
|
|
|
|
symlen = strlen(symname);
|
|
if (symlen > CODA_MAXPATHLEN)
|
|
return -ENAMETOOLONG;
|
|
|
|
/*
|
|
* This entry is now negative. Since we do not create
|
|
* an inode for the entry we have to drop it.
|
|
*/
|
|
d_drop(de);
|
|
error = venus_symlink(dir_inode->i_sb, coda_i2f(dir_inode), name, len,
|
|
symname, symlen);
|
|
|
|
/* mtime is no good anymore */
|
|
if (!error)
|
|
coda_dir_update_mtime(dir_inode);
|
|
|
|
return error;
|
|
}
|
|
|
|
/* destruction routines: unlink, rmdir */
|
|
static int coda_unlink(struct inode *dir, struct dentry *de)
|
|
{
|
|
int error;
|
|
const char *name = de->d_name.name;
|
|
int len = de->d_name.len;
|
|
|
|
error = venus_remove(dir->i_sb, coda_i2f(dir), name, len);
|
|
if (error)
|
|
return error;
|
|
|
|
coda_dir_update_mtime(dir);
|
|
drop_nlink(d_inode(de));
|
|
return 0;
|
|
}
|
|
|
|
static int coda_rmdir(struct inode *dir, struct dentry *de)
|
|
{
|
|
const char *name = de->d_name.name;
|
|
int len = de->d_name.len;
|
|
int error;
|
|
|
|
error = venus_rmdir(dir->i_sb, coda_i2f(dir), name, len);
|
|
if (!error) {
|
|
/* VFS may delete the child */
|
|
if (d_really_is_positive(de))
|
|
clear_nlink(d_inode(de));
|
|
|
|
/* fix the link count of the parent */
|
|
coda_dir_drop_nlink(dir);
|
|
coda_dir_update_mtime(dir);
|
|
}
|
|
return error;
|
|
}
|
|
|
|
/* rename */
|
|
static int coda_rename(struct mnt_idmap *idmap, struct inode *old_dir,
|
|
struct dentry *old_dentry, struct inode *new_dir,
|
|
struct dentry *new_dentry, unsigned int flags)
|
|
{
|
|
const char *old_name = old_dentry->d_name.name;
|
|
const char *new_name = new_dentry->d_name.name;
|
|
int old_length = old_dentry->d_name.len;
|
|
int new_length = new_dentry->d_name.len;
|
|
int error;
|
|
|
|
if (flags)
|
|
return -EINVAL;
|
|
|
|
error = venus_rename(old_dir->i_sb, coda_i2f(old_dir),
|
|
coda_i2f(new_dir), old_length, new_length,
|
|
(const char *) old_name, (const char *)new_name);
|
|
if (!error) {
|
|
if (d_really_is_positive(new_dentry)) {
|
|
if (d_is_dir(new_dentry)) {
|
|
coda_dir_drop_nlink(old_dir);
|
|
coda_dir_inc_nlink(new_dir);
|
|
}
|
|
coda_flag_inode(d_inode(new_dentry), C_VATTR);
|
|
}
|
|
coda_dir_update_mtime(old_dir);
|
|
coda_dir_update_mtime(new_dir);
|
|
}
|
|
return error;
|
|
}
|
|
|
|
static inline unsigned int CDT2DT(unsigned char cdt)
|
|
{
|
|
unsigned int dt;
|
|
|
|
switch(cdt) {
|
|
case CDT_UNKNOWN: dt = DT_UNKNOWN; break;
|
|
case CDT_FIFO: dt = DT_FIFO; break;
|
|
case CDT_CHR: dt = DT_CHR; break;
|
|
case CDT_DIR: dt = DT_DIR; break;
|
|
case CDT_BLK: dt = DT_BLK; break;
|
|
case CDT_REG: dt = DT_REG; break;
|
|
case CDT_LNK: dt = DT_LNK; break;
|
|
case CDT_SOCK: dt = DT_SOCK; break;
|
|
case CDT_WHT: dt = DT_WHT; break;
|
|
default: dt = DT_UNKNOWN; break;
|
|
}
|
|
return dt;
|
|
}
|
|
|
|
/* support routines */
|
|
static int coda_venus_readdir(struct file *coda_file, struct dir_context *ctx)
|
|
{
|
|
struct coda_file_info *cfi;
|
|
struct coda_inode_info *cii;
|
|
struct file *host_file;
|
|
struct venus_dirent *vdir;
|
|
unsigned long vdir_size = offsetof(struct venus_dirent, d_name);
|
|
unsigned int type;
|
|
struct qstr name;
|
|
ino_t ino;
|
|
int ret;
|
|
|
|
cfi = coda_ftoc(coda_file);
|
|
host_file = cfi->cfi_container;
|
|
|
|
cii = ITOC(file_inode(coda_file));
|
|
|
|
vdir = kmalloc(sizeof(*vdir), GFP_KERNEL);
|
|
if (!vdir) return -ENOMEM;
|
|
|
|
if (!dir_emit_dots(coda_file, ctx))
|
|
goto out;
|
|
|
|
while (1) {
|
|
loff_t pos = ctx->pos - 2;
|
|
|
|
/* read entries from the directory file */
|
|
ret = kernel_read(host_file, vdir, sizeof(*vdir), &pos);
|
|
if (ret < 0) {
|
|
pr_err("%s: read dir %s failed %d\n",
|
|
__func__, coda_f2s(&cii->c_fid), ret);
|
|
break;
|
|
}
|
|
if (ret == 0) break; /* end of directory file reached */
|
|
|
|
/* catch truncated reads */
|
|
if (ret < vdir_size || ret < vdir_size + vdir->d_namlen) {
|
|
pr_err("%s: short read on %s\n",
|
|
__func__, coda_f2s(&cii->c_fid));
|
|
ret = -EBADF;
|
|
break;
|
|
}
|
|
/* validate whether the directory file actually makes sense */
|
|
if (vdir->d_reclen < vdir_size + vdir->d_namlen) {
|
|
pr_err("%s: invalid dir %s\n",
|
|
__func__, coda_f2s(&cii->c_fid));
|
|
ret = -EBADF;
|
|
break;
|
|
}
|
|
|
|
name.len = vdir->d_namlen;
|
|
name.name = vdir->d_name;
|
|
|
|
/* Make sure we skip '.' and '..', we already got those */
|
|
if (name.name[0] == '.' && (name.len == 1 ||
|
|
(name.name[1] == '.' && name.len == 2)))
|
|
vdir->d_fileno = name.len = 0;
|
|
|
|
/* skip null entries */
|
|
if (vdir->d_fileno && name.len) {
|
|
ino = vdir->d_fileno;
|
|
type = CDT2DT(vdir->d_type);
|
|
if (!dir_emit(ctx, name.name, name.len, ino, type))
|
|
break;
|
|
}
|
|
/* we'll always have progress because d_reclen is unsigned and
|
|
* we've already established it is non-zero. */
|
|
ctx->pos += vdir->d_reclen;
|
|
}
|
|
out:
|
|
kfree(vdir);
|
|
return 0;
|
|
}
|
|
|
|
/* file operations for directories */
|
|
static int coda_readdir(struct file *coda_file, struct dir_context *ctx)
|
|
{
|
|
struct coda_file_info *cfi;
|
|
struct file *host_file;
|
|
int ret;
|
|
|
|
cfi = coda_ftoc(coda_file);
|
|
host_file = cfi->cfi_container;
|
|
|
|
if (host_file->f_op->iterate_shared) {
|
|
struct inode *host_inode = file_inode(host_file);
|
|
ret = -ENOENT;
|
|
if (!IS_DEADDIR(host_inode)) {
|
|
inode_lock_shared(host_inode);
|
|
ret = host_file->f_op->iterate_shared(host_file, ctx);
|
|
file_accessed(host_file);
|
|
inode_unlock_shared(host_inode);
|
|
}
|
|
return ret;
|
|
}
|
|
/* Venus: we must read Venus dirents from a file */
|
|
return coda_venus_readdir(coda_file, ctx);
|
|
}
|
|
|
|
/* called when a cache lookup succeeds */
|
|
static int coda_dentry_revalidate(struct inode *dir, const struct qstr *name,
|
|
struct dentry *de, unsigned int flags)
|
|
{
|
|
struct inode *inode;
|
|
struct coda_inode_info *cii;
|
|
|
|
if (flags & LOOKUP_RCU)
|
|
return -ECHILD;
|
|
|
|
inode = d_inode(de);
|
|
if (!inode || is_root_inode(inode))
|
|
goto out;
|
|
if (is_bad_inode(inode))
|
|
goto bad;
|
|
|
|
cii = ITOC(d_inode(de));
|
|
if (!(cii->c_flags & (C_PURGE | C_FLUSH)))
|
|
goto out;
|
|
|
|
shrink_dcache_parent(de);
|
|
|
|
/* propagate for a flush */
|
|
if (cii->c_flags & C_FLUSH)
|
|
coda_flag_inode_children(inode, C_FLUSH);
|
|
|
|
if (d_count(de) > 1)
|
|
/* pretend it's valid, but don't change the flags */
|
|
goto out;
|
|
|
|
/* clear the flags. */
|
|
spin_lock(&cii->c_lock);
|
|
cii->c_flags &= ~(C_VATTR | C_PURGE | C_FLUSH);
|
|
spin_unlock(&cii->c_lock);
|
|
bad:
|
|
return 0;
|
|
out:
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* This is the callback from dput() when d_count is going to 0.
|
|
* We use this to unhash dentries with bad inodes.
|
|
*/
|
|
static int coda_dentry_delete(const struct dentry * dentry)
|
|
{
|
|
struct inode *inode;
|
|
struct coda_inode_info *cii;
|
|
|
|
if (d_really_is_negative(dentry))
|
|
return 0;
|
|
|
|
inode = d_inode(dentry);
|
|
if (!inode || is_bad_inode(inode))
|
|
return 1;
|
|
|
|
cii = ITOC(inode);
|
|
if (cii->c_flags & C_PURGE)
|
|
return 1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
* This is called when we want to check if the inode has
|
|
* changed on the server. Coda makes this easy since the
|
|
* cache manager Venus issues a downcall to the kernel when this
|
|
* happens
|
|
*/
|
|
int coda_revalidate_inode(struct inode *inode)
|
|
{
|
|
struct coda_vattr attr;
|
|
int error;
|
|
int old_mode;
|
|
ino_t old_ino;
|
|
struct coda_inode_info *cii = ITOC(inode);
|
|
|
|
if (!cii->c_flags)
|
|
return 0;
|
|
|
|
if (cii->c_flags & (C_VATTR | C_PURGE | C_FLUSH)) {
|
|
error = venus_getattr(inode->i_sb, &(cii->c_fid), &attr);
|
|
if (error)
|
|
return -EIO;
|
|
|
|
/* this inode may be lost if:
|
|
- it's ino changed
|
|
- type changes must be permitted for repair and
|
|
missing mount points.
|
|
*/
|
|
old_mode = inode->i_mode;
|
|
old_ino = inode->i_ino;
|
|
coda_vattr_to_iattr(inode, &attr);
|
|
|
|
if ((old_mode & S_IFMT) != (inode->i_mode & S_IFMT)) {
|
|
pr_warn("inode %ld, fid %s changed type!\n",
|
|
inode->i_ino, coda_f2s(&(cii->c_fid)));
|
|
}
|
|
|
|
/* the following can happen when a local fid is replaced
|
|
with a global one, here we lose and declare the inode bad */
|
|
if (inode->i_ino != old_ino)
|
|
return -EIO;
|
|
|
|
coda_flag_inode_children(inode, C_FLUSH);
|
|
|
|
spin_lock(&cii->c_lock);
|
|
cii->c_flags &= ~(C_VATTR | C_PURGE | C_FLUSH);
|
|
spin_unlock(&cii->c_lock);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
const struct dentry_operations coda_dentry_operations = {
|
|
.d_revalidate = coda_dentry_revalidate,
|
|
.d_delete = coda_dentry_delete,
|
|
};
|
|
|
|
const struct inode_operations coda_dir_inode_operations = {
|
|
.create = coda_create,
|
|
.lookup = coda_lookup,
|
|
.link = coda_link,
|
|
.unlink = coda_unlink,
|
|
.symlink = coda_symlink,
|
|
.mkdir = coda_mkdir,
|
|
.rmdir = coda_rmdir,
|
|
.mknod = CODA_EIO_ERROR,
|
|
.rename = coda_rename,
|
|
.permission = coda_permission,
|
|
.getattr = coda_getattr,
|
|
.setattr = coda_setattr,
|
|
};
|
|
|
|
WRAP_DIR_ITER(coda_readdir) // FIXME!
|
|
const struct file_operations coda_dir_operations = {
|
|
.llseek = generic_file_llseek,
|
|
.read = generic_read_dir,
|
|
.iterate_shared = shared_coda_readdir,
|
|
.open = coda_open,
|
|
.release = coda_release,
|
|
.fsync = coda_fsync,
|
|
};
|