1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Copyright (c) 2000-2006 Silicon Graphics, Inc. 4 * Copyright (c) 2012-2013 Red Hat, Inc. 5 * All rights reserved. 6 */ 7#include "xfs.h" 8#include "xfs_shared.h" 9#include "xfs_fs.h" 10#include "xfs_format.h" 11#include "xfs_log_format.h" 12#include "xfs_trans_resv.h" 13#include "xfs_bit.h" 14#include "xfs_mount.h" 15#include "xfs_dir2.h" 16#include "xfs_inode.h" 17#include "xfs_bmap.h" 18#include "xfs_bmap_btree.h" 19#include "xfs_quota.h" 20#include "xfs_symlink.h" 21#include "xfs_trans_space.h" 22#include "xfs_trace.h" 23#include "xfs_trans.h" 24#include "xfs_ialloc.h" 25#include "xfs_error.h" 26#include "xfs_health.h" 27#include "xfs_symlink_remote.h" 28#include "xfs_parent.h" 29#include "xfs_defer.h" 30 31int 32xfs_readlink( 33 struct xfs_inode *ip, 34 char *link) 35{ 36 struct xfs_mount *mp = ip->i_mount; 37 xfs_fsize_t pathlen; 38 int error; 39 40 trace_xfs_readlink(ip); 41 42 if (xfs_is_shutdown(mp)) 43 return -EIO; 44 if (xfs_ifork_zapped(ip, XFS_DATA_FORK)) 45 return -EIO; 46 47 xfs_ilock(ip, XFS_ILOCK_SHARED); 48 49 pathlen = ip->i_disk_size; 50 if (!pathlen) 51 goto out_corrupt; 52 53 if (pathlen < 0 || pathlen > XFS_SYMLINK_MAXLEN) { 54 xfs_alert(mp, "%s: inode (%llu) bad symlink length (%lld)", 55 __func__, (unsigned long long) ip->i_ino, 56 (long long) pathlen); 57 ASSERT(0); 58 goto out_corrupt; 59 } 60 61 if (ip->i_df.if_format == XFS_DINODE_FMT_LOCAL) { 62 /* 63 * The VFS crashes on a NULL pointer, so return -EFSCORRUPTED 64 * if if_data is junk. 65 */ 66 if (XFS_IS_CORRUPT(ip->i_mount, !ip->i_df.if_data)) 67 goto out_corrupt; 68 69 memcpy(link, ip->i_df.if_data, pathlen + 1); 70 error = 0; 71 } else { 72 error = xfs_symlink_remote_read(ip, link); 73 } 74 75 xfs_iunlock(ip, XFS_ILOCK_SHARED); 76 return error; 77 out_corrupt: 78 xfs_iunlock(ip, XFS_ILOCK_SHARED); 79 xfs_inode_mark_sick(ip, XFS_SICK_INO_SYMLINK); 80 return -EFSCORRUPTED; 81} 82 83int 84xfs_symlink( 85 struct mnt_idmap *idmap, 86 struct xfs_inode *dp, 87 struct xfs_name *link_name, 88 const char *target_path, 89 umode_t mode, 90 struct xfs_inode **ipp) 91{ 92 struct xfs_mount *mp = dp->i_mount; 93 struct xfs_trans *tp = NULL; 94 struct xfs_inode *ip = NULL; 95 int error = 0; 96 int pathlen; 97 bool unlock_dp_on_error = false; 98 xfs_filblks_t fs_blocks; 99 prid_t prid; 100 struct xfs_dquot *udqp = NULL; 101 struct xfs_dquot *gdqp = NULL; 102 struct xfs_dquot *pdqp = NULL; 103 uint resblks; 104 xfs_ino_t ino; 105 struct xfs_parent_args *ppargs; 106 107 *ipp = NULL; 108 109 trace_xfs_symlink(dp, link_name); 110 111 if (xfs_is_shutdown(mp)) 112 return -EIO; 113 114 /* 115 * Check component lengths of the target path name. 116 */ 117 pathlen = strlen(target_path); 118 if (pathlen >= XFS_SYMLINK_MAXLEN) /* total string too long */ 119 return -ENAMETOOLONG; 120 ASSERT(pathlen > 0); 121 122 prid = xfs_get_initial_prid(dp); 123 124 /* 125 * Make sure that we have allocated dquot(s) on disk. 126 */ 127 error = xfs_qm_vop_dqalloc(dp, mapped_fsuid(idmap, &init_user_ns), 128 mapped_fsgid(idmap, &init_user_ns), prid, 129 XFS_QMOPT_QUOTALL | XFS_QMOPT_INHERIT, 130 &udqp, &gdqp, &pdqp); 131 if (error) 132 return error; 133 134 /* 135 * The symlink will fit into the inode data fork? 136 * If there are no parent pointers, then there wont't be any attributes. 137 * So we get the whole variable part, and do not need to reserve extra 138 * blocks. Otherwise, we need to reserve the blocks. 139 */ 140 if (pathlen <= XFS_LITINO(mp) && !xfs_has_parent(mp)) 141 fs_blocks = 0; 142 else 143 fs_blocks = xfs_symlink_blocks(mp, pathlen); 144 resblks = xfs_symlink_space_res(mp, link_name->len, fs_blocks); 145 146 error = xfs_parent_start(mp, &ppargs); 147 if (error) 148 goto out_release_dquots; 149 150 error = xfs_trans_alloc_icreate(mp, &M_RES(mp)->tr_symlink, udqp, gdqp, 151 pdqp, resblks, &tp); 152 if (error) 153 goto out_parent; 154 155 xfs_ilock(dp, XFS_ILOCK_EXCL | XFS_ILOCK_PARENT); 156 unlock_dp_on_error = true; 157 158 /* 159 * Check whether the directory allows new symlinks or not. 160 */ 161 if (dp->i_diflags & XFS_DIFLAG_NOSYMLINKS) { 162 error = -EPERM; 163 goto out_trans_cancel; 164 } 165 166 /* 167 * Allocate an inode for the symlink. 168 */ 169 error = xfs_dialloc(&tp, dp->i_ino, S_IFLNK, &ino); 170 if (!error) 171 error = xfs_init_new_inode(idmap, tp, dp, ino, 172 S_IFLNK | (mode & ~S_IFMT), 1, 0, prid, 173 xfs_has_parent(mp), &ip); 174 if (error) 175 goto out_trans_cancel; 176 177 /* 178 * Now we join the directory inode to the transaction. We do not do it 179 * earlier because xfs_dir_ialloc might commit the previous transaction 180 * (and release all the locks). An error from here on will result in 181 * the transaction cancel unlocking dp so don't do it explicitly in the 182 * error path. 183 */ 184 xfs_trans_ijoin(tp, dp, 0); 185 186 /* 187 * Also attach the dquot(s) to it, if applicable. 188 */ 189 xfs_qm_vop_create_dqattach(tp, ip, udqp, gdqp, pdqp); 190 191 resblks -= XFS_IALLOC_SPACE_RES(mp); 192 error = xfs_symlink_write_target(tp, ip, ip->i_ino, target_path, 193 pathlen, fs_blocks, resblks); 194 if (error) 195 goto out_trans_cancel; 196 resblks -= fs_blocks; 197 i_size_write(VFS_I(ip), ip->i_disk_size); 198 199 /* 200 * Create the directory entry for the symlink. 201 */ 202 error = xfs_dir_createname(tp, dp, link_name, ip->i_ino, resblks); 203 if (error) 204 goto out_trans_cancel; 205 xfs_trans_ichgtime(tp, dp, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG); 206 xfs_trans_log_inode(tp, dp, XFS_ILOG_CORE); 207 208 /* Add parent pointer for the new symlink. */ 209 if (ppargs) { 210 error = xfs_parent_addname(tp, ppargs, dp, link_name, ip); 211 if (error) 212 goto out_trans_cancel; 213 } 214 215 xfs_dir_update_hook(dp, ip, 1, link_name); 216 217 /* 218 * If this is a synchronous mount, make sure that the 219 * symlink transaction goes to disk before returning to 220 * the user. 221 */ 222 if (xfs_has_wsync(mp) || xfs_has_dirsync(mp)) 223 xfs_trans_set_sync(tp); 224 225 error = xfs_trans_commit(tp); 226 if (error) 227 goto out_release_inode; 228 229 xfs_qm_dqrele(udqp); 230 xfs_qm_dqrele(gdqp); 231 xfs_qm_dqrele(pdqp); 232 233 *ipp = ip; 234 xfs_iunlock(ip, XFS_ILOCK_EXCL); 235 xfs_iunlock(dp, XFS_ILOCK_EXCL); 236 xfs_parent_finish(mp, ppargs); 237 return 0; 238 239out_trans_cancel: 240 xfs_trans_cancel(tp); 241out_release_inode: 242 /* 243 * Wait until after the current transaction is aborted to finish the 244 * setup of the inode and release the inode. This prevents recursive 245 * transactions and deadlocks from xfs_inactive. 246 */ 247 if (ip) { 248 xfs_iunlock(ip, XFS_ILOCK_EXCL); 249 xfs_finish_inode_setup(ip); 250 xfs_irele(ip); 251 } 252out_parent: 253 xfs_parent_finish(mp, ppargs); 254out_release_dquots: 255 xfs_qm_dqrele(udqp); 256 xfs_qm_dqrele(gdqp); 257 xfs_qm_dqrele(pdqp); 258 259 if (unlock_dp_on_error) 260 xfs_iunlock(dp, XFS_ILOCK_EXCL); 261 return error; 262} 263 264/* 265 * Free a symlink that has blocks associated with it. 266 * 267 * Note: zero length symlinks are not allowed to exist. When we set the size to 268 * zero, also change it to a regular file so that it does not get written to 269 * disk as a zero length symlink. The inode is on the unlinked list already, so 270 * userspace cannot find this inode anymore, so this change is not user visible 271 * but allows us to catch corrupt zero-length symlinks in the verifiers. 272 */ 273STATIC int 274xfs_inactive_symlink_rmt( 275 struct xfs_inode *ip) 276{ 277 struct xfs_mount *mp = ip->i_mount; 278 struct xfs_trans *tp; 279 int error; 280 281 ASSERT(!xfs_need_iread_extents(&ip->i_df)); 282 /* 283 * We're freeing a symlink that has some 284 * blocks allocated to it. Free the 285 * blocks here. We know that we've got 286 * either 1 or 2 extents and that we can 287 * free them all in one bunmapi call. 288 */ 289 ASSERT(ip->i_df.if_nextents > 0 && ip->i_df.if_nextents <= 2); 290 291 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp); 292 if (error) 293 return error; 294 295 xfs_ilock(ip, XFS_ILOCK_EXCL); 296 xfs_trans_ijoin(tp, ip, 0); 297 298 /* 299 * Lock the inode, fix the size, turn it into a regular file and join it 300 * to the transaction. Hold it so in the normal path, we still have it 301 * locked for the second transaction. In the error paths we need it 302 * held so the cancel won't rele it, see below. 303 */ 304 ip->i_disk_size = 0; 305 VFS_I(ip)->i_mode = (VFS_I(ip)->i_mode & ~S_IFMT) | S_IFREG; 306 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE); 307 308 error = xfs_symlink_remote_truncate(tp, ip); 309 if (error) 310 goto error_trans_cancel; 311 312 error = xfs_trans_commit(tp); 313 if (error) { 314 ASSERT(xfs_is_shutdown(mp)); 315 goto error_unlock; 316 } 317 318 /* 319 * Remove the memory for extent descriptions (just bookkeeping). 320 */ 321 if (ip->i_df.if_bytes) 322 xfs_idata_realloc(ip, -ip->i_df.if_bytes, XFS_DATA_FORK); 323 ASSERT(ip->i_df.if_bytes == 0); 324 325 xfs_iunlock(ip, XFS_ILOCK_EXCL); 326 return 0; 327 328error_trans_cancel: 329 xfs_trans_cancel(tp); 330error_unlock: 331 xfs_iunlock(ip, XFS_ILOCK_EXCL); 332 return error; 333} 334 335/* 336 * xfs_inactive_symlink - free a symlink 337 */ 338int 339xfs_inactive_symlink( 340 struct xfs_inode *ip) 341{ 342 struct xfs_mount *mp = ip->i_mount; 343 int pathlen; 344 345 trace_xfs_inactive_symlink(ip); 346 347 if (xfs_is_shutdown(mp)) 348 return -EIO; 349 350 xfs_ilock(ip, XFS_ILOCK_EXCL); 351 pathlen = (int)ip->i_disk_size; 352 ASSERT(pathlen); 353 354 if (pathlen <= 0 || pathlen > XFS_SYMLINK_MAXLEN) { 355 xfs_alert(mp, "%s: inode (0x%llx) bad symlink length (%d)", 356 __func__, (unsigned long long)ip->i_ino, pathlen); 357 xfs_iunlock(ip, XFS_ILOCK_EXCL); 358 ASSERT(0); 359 xfs_inode_mark_sick(ip, XFS_SICK_INO_SYMLINK); 360 return -EFSCORRUPTED; 361 } 362 363 /* 364 * Inline fork state gets removed by xfs_difree() so we have nothing to 365 * do here in that case. 366 */ 367 if (ip->i_df.if_format == XFS_DINODE_FMT_LOCAL) { 368 xfs_iunlock(ip, XFS_ILOCK_EXCL); 369 return 0; 370 } 371 372 xfs_iunlock(ip, XFS_ILOCK_EXCL); 373 374 /* remove the remote symlink */ 375 return xfs_inactive_symlink_rmt(ip); 376} 377