]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - fs/xfs/xfs_inode.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xfs: support idmapped mounts
[mirror_ubuntu-jammy-kernel.git] / fs / xfs / xfs_inode.c
CommitLineData
0b61f8a4 1// SPDX-License-Identifier: GPL-2.0
1da177e4 2/*
3e57ecf6 3 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
7b718769 4 * All Rights Reserved.
1da177e4 5 */
f0e28280 6#include <linux/iversion.h>
40ebd81d 7
1da177e4 8#include "xfs.h"
a844f451 9#include "xfs_fs.h"
70a9883c 10#include "xfs_shared.h"
239880ef
DC		 11#include "xfs_format.h"
12#include "xfs_log_format.h"
13#include "xfs_trans_resv.h"
1da177e4 14#include "xfs_sb.h"
1da177e4 15#include "xfs_mount.h"
3ab78df2 16#include "xfs_defer.h"
a4fbe6ab 17#include "xfs_inode.h"
c24b5dfa 18#include "xfs_dir2.h"
c24b5dfa 19#include "xfs_attr.h"
239880ef
DC		 20#include "xfs_trans_space.h"
21#include "xfs_trans.h"
1da177e4 22#include "xfs_buf_item.h"
a844f451 23#include "xfs_inode_item.h"
a844f451
NS		 24#include "xfs_ialloc.h"
25#include "xfs_bmap.h"
68988114 26#include "xfs_bmap_util.h"
e9e899a2 27#include "xfs_errortag.h"
1da177e4 28#include "xfs_error.h"
1da177e4 29#include "xfs_quota.h"
2a82b8be 30#include "xfs_filestream.h"
0b1b213f 31#include "xfs_trace.h"
33479e05 32#include "xfs_icache.h"
c24b5dfa 33#include "xfs_symlink.h"
239880ef
DC		 34#include "xfs_trans_priv.h"
35#include "xfs_log.h"
a4fbe6ab 36#include "xfs_bmap_btree.h"
aa8968f2 37#include "xfs_reflink.h"
1da177e4 38
1da177e4 39kmem_zone_t *xfs_inode_zone;
1da177e4
LT		 40
41/*
8f04c47a 42 * Used in xfs_itruncate_extents(). This is the maximum number of extents
1da177e4
LT		 43 * freed from a file in a single transaction.
44 */
45#define XFS_ITRUNC_MAX_EXTENTS 2
46
54d7b5c1
DC		 47STATIC int xfs_iunlink(struct xfs_trans *, struct xfs_inode *);
48STATIC int xfs_iunlink_remove(struct xfs_trans *, struct xfs_inode *);
ab297431 49
2a0ec1d9
DC		 50/*
51 * helper function to extract extent size hint from inode
52 */
53xfs_extlen_t
54xfs_get_extsz_hint(
55 struct xfs_inode *ip)
56{
bdb2ed2d
CH		 57 /*
58 * No point in aligning allocations if we need to COW to actually
59 * write to them.
60 */
61 if (xfs_is_always_cow_inode(ip))
62 return 0;
2a0ec1d9
DC		 63 if ((ip->i_d.di_flags & XFS_DIFLAG_EXTSIZE) && ip->i_d.di_extsize)
64 return ip->i_d.di_extsize;
65 if (XFS_IS_REALTIME_INODE(ip))
66 return ip->i_mount->m_sb.sb_rextsize;
67 return 0;
68}
69
f7ca3522
DW		 70/*
71 * Helper function to extract CoW extent size hint from inode.
72 * Between the extent size hint and the CoW extent size hint, we
e153aa79
DW		 73 * return the greater of the two. If the value is zero (automatic),
74 * use the default size.
f7ca3522
DW		 75 */
76xfs_extlen_t
77xfs_get_cowextsz_hint(
78 struct xfs_inode *ip)
79{
80 xfs_extlen_t a, b;
81
82 a = 0;
83 if (ip->i_d.di_flags2 & XFS_DIFLAG2_COWEXTSIZE)
84 a = ip->i_d.di_cowextsize;
85 b = xfs_get_extsz_hint(ip);
86
e153aa79
DW		 87 a = max(a, b);
88 if (a == 0)
89 return XFS_DEFAULT_COWEXTSZ_HINT;
90 return a;
f7ca3522
DW		 91}
92
fa96acad 93/*
efa70be1
CH		 94 * These two are wrapper routines around the xfs_ilock() routine used to
95 * centralize some grungy code. They are used in places that wish to lock the
96 * inode solely for reading the extents. The reason these places can't just
97 * call xfs_ilock(ip, XFS_ILOCK_SHARED) is that the inode lock also guards to
98 * bringing in of the extents from disk for a file in b-tree format. If the
99 * inode is in b-tree format, then we need to lock the inode exclusively until
100 * the extents are read in. Locking it exclusively all the time would limit
101 * our parallelism unnecessarily, though. What we do instead is check to see
102 * if the extents have been read in yet, and only lock the inode exclusively
103 * if they have not.
fa96acad 104 *
efa70be1 105 * The functions return a value which should be given to the corresponding
01f4f327 106 * xfs_iunlock() call.
fa96acad
DC		 107 */
108uint
309ecac8
CH		 109xfs_ilock_data_map_shared(
110 struct xfs_inode *ip)
fa96acad 111{
309ecac8 112 uint lock_mode = XFS_ILOCK_SHARED;
fa96acad 113
f7e67b20 114 if (ip->i_df.if_format == XFS_DINODE_FMT_BTREE &&
309ecac8 115 (ip->i_df.if_flags & XFS_IFEXTENTS) == 0)
fa96acad 116 lock_mode = XFS_ILOCK_EXCL;
fa96acad 117 xfs_ilock(ip, lock_mode);
fa96acad
DC		 118 return lock_mode;
119}
120
efa70be1
CH		 121uint
122xfs_ilock_attr_map_shared(
123 struct xfs_inode *ip)
fa96acad 124{
efa70be1
CH		 125 uint lock_mode = XFS_ILOCK_SHARED;
126
f7e67b20
CH		 127 if (ip->i_afp &&
128 ip->i_afp->if_format == XFS_DINODE_FMT_BTREE &&
efa70be1
CH		 129 (ip->i_afp->if_flags & XFS_IFEXTENTS) == 0)
130 lock_mode = XFS_ILOCK_EXCL;
131 xfs_ilock(ip, lock_mode);
132 return lock_mode;
fa96acad
DC		 133}
134
135/*
65523218
CH		 136 * In addition to i_rwsem in the VFS inode, the xfs inode contains 2
137 * multi-reader locks: i_mmap_lock and the i_lock. This routine allows
138 * various combinations of the locks to be obtained.
fa96acad 139 *
653c60b6
DC		 140 * The 3 locks should always be ordered so that the IO lock is obtained first,
141 * the mmap lock second and the ilock last in order to prevent deadlock.
fa96acad 142 *
653c60b6
DC		 143 * Basic locking order:
144 *
65523218 145 * i_rwsem -> i_mmap_lock -> page_lock -> i_ilock
653c60b6 146 *
c1e8d7c6 147 * mmap_lock locking order:
653c60b6 148 *
c1e8d7c6
ML		 149 * i_rwsem -> page lock -> mmap_lock
150 * mmap_lock -> i_mmap_lock -> page_lock
653c60b6 151 *
c1e8d7c6 152 * The difference in mmap_lock locking order mean that we cannot hold the
653c60b6 153 * i_mmap_lock over syscall based read(2)/write(2) based IO. These IO paths can
c1e8d7c6 154 * fault in pages during copy in/out (for buffered IO) or require the mmap_lock
653c60b6 155 * in get_user_pages() to map the user pages into the kernel address space for
65523218 156 * direct IO. Similarly the i_rwsem cannot be taken inside a page fault because
c1e8d7c6 157 * page faults already hold the mmap_lock.
653c60b6
DC		 158 *
159 * Hence to serialise fully against both syscall and mmap based IO, we need to
65523218 160 * take both the i_rwsem and the i_mmap_lock. These locks should *only* be both
653c60b6
DC		 161 * taken in places where we need to invalidate the page cache in a race
162 * free manner (e.g. truncate, hole punch and other extent manipulation
163 * functions).
fa96acad
DC		 164 */
165void
166xfs_ilock(
167 xfs_inode_t *ip,
168 uint lock_flags)
169{
170 trace_xfs_ilock(ip, lock_flags, _RET_IP_);
171
172 /*
173 * You can't set both SHARED and EXCL for the same lock,
174 * and only XFS_IOLOCK_SHARED, XFS_IOLOCK_EXCL, XFS_ILOCK_SHARED,
175 * and XFS_ILOCK_EXCL are valid values to set in lock_flags.
176 */
177 ASSERT((lock_flags & (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL)) !=
178 (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL));
653c60b6
DC		 179 ASSERT((lock_flags & (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL)) !=
180 (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL));
fa96acad
DC		 181 ASSERT((lock_flags & (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL)) !=
182 (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL));
0952c818 183 ASSERT((lock_flags & ~(XFS_LOCK_MASK | XFS_LOCK_SUBCLASS_MASK)) == 0);
fa96acad 184
65523218
CH		 185 if (lock_flags & XFS_IOLOCK_EXCL) {
186 down_write_nested(&VFS_I(ip)->i_rwsem,
187 XFS_IOLOCK_DEP(lock_flags));
188 } else if (lock_flags & XFS_IOLOCK_SHARED) {
189 down_read_nested(&VFS_I(ip)->i_rwsem,
190 XFS_IOLOCK_DEP(lock_flags));
191 }
fa96acad 192
653c60b6
DC		 193 if (lock_flags & XFS_MMAPLOCK_EXCL)
194 mrupdate_nested(&ip->i_mmaplock, XFS_MMAPLOCK_DEP(lock_flags));
195 else if (lock_flags & XFS_MMAPLOCK_SHARED)
196 mraccess_nested(&ip->i_mmaplock, XFS_MMAPLOCK_DEP(lock_flags));
197
fa96acad
DC		 198 if (lock_flags & XFS_ILOCK_EXCL)
199 mrupdate_nested(&ip->i_lock, XFS_ILOCK_DEP(lock_flags));
200 else if (lock_flags & XFS_ILOCK_SHARED)
201 mraccess_nested(&ip->i_lock, XFS_ILOCK_DEP(lock_flags));
202}
203
204/*
205 * This is just like xfs_ilock(), except that the caller
206 * is guaranteed not to sleep. It returns 1 if it gets
207 * the requested locks and 0 otherwise. If the IO lock is
208 * obtained but the inode lock cannot be, then the IO lock
209 * is dropped before returning.
210 *
211 * ip -- the inode being locked
212 * lock_flags -- this parameter indicates the inode's locks to be
213 * to be locked. See the comment for xfs_ilock() for a list
214 * of valid values.
215 */
216int
217xfs_ilock_nowait(
218 xfs_inode_t *ip,
219 uint lock_flags)
220{
221 trace_xfs_ilock_nowait(ip, lock_flags, _RET_IP_);
222
223 /*
224 * You can't set both SHARED and EXCL for the same lock,
225 * and only XFS_IOLOCK_SHARED, XFS_IOLOCK_EXCL, XFS_ILOCK_SHARED,
226 * and XFS_ILOCK_EXCL are valid values to set in lock_flags.
227 */
228 ASSERT((lock_flags & (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL)) !=
229 (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL));
653c60b6
DC		 230 ASSERT((lock_flags & (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL)) !=
231 (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL));
fa96acad
DC		 232 ASSERT((lock_flags & (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL)) !=
233 (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL));
0952c818 234 ASSERT((lock_flags & ~(XFS_LOCK_MASK | XFS_LOCK_SUBCLASS_MASK)) == 0);
fa96acad
DC		 235
236 if (lock_flags & XFS_IOLOCK_EXCL) {
65523218 237 if (!down_write_trylock(&VFS_I(ip)->i_rwsem))
fa96acad
DC		 238 goto out;
239 } else if (lock_flags & XFS_IOLOCK_SHARED) {
65523218 240 if (!down_read_trylock(&VFS_I(ip)->i_rwsem))
fa96acad
DC		 241 goto out;
242 }
653c60b6
DC		 243
244 if (lock_flags & XFS_MMAPLOCK_EXCL) {
245 if (!mrtryupdate(&ip->i_mmaplock))
246 goto out_undo_iolock;
247 } else if (lock_flags & XFS_MMAPLOCK_SHARED) {
248 if (!mrtryaccess(&ip->i_mmaplock))
249 goto out_undo_iolock;
250 }
251
fa96acad
DC		 252 if (lock_flags & XFS_ILOCK_EXCL) {
253 if (!mrtryupdate(&ip->i_lock))
653c60b6 254 goto out_undo_mmaplock;
fa96acad
DC		 255 } else if (lock_flags & XFS_ILOCK_SHARED) {
256 if (!mrtryaccess(&ip->i_lock))
653c60b6 257 goto out_undo_mmaplock;
fa96acad
DC		 258 }
259 return 1;
260
653c60b6
DC		 261out_undo_mmaplock:
262 if (lock_flags & XFS_MMAPLOCK_EXCL)
263 mrunlock_excl(&ip->i_mmaplock);
264 else if (lock_flags & XFS_MMAPLOCK_SHARED)
265 mrunlock_shared(&ip->i_mmaplock);
266out_undo_iolock:
fa96acad 267 if (lock_flags & XFS_IOLOCK_EXCL)
65523218 268 up_write(&VFS_I(ip)->i_rwsem);
fa96acad 269 else if (lock_flags & XFS_IOLOCK_SHARED)
65523218 270 up_read(&VFS_I(ip)->i_rwsem);
653c60b6 271out:
fa96acad
DC		 272 return 0;
273}
274
275/*
276 * xfs_iunlock() is used to drop the inode locks acquired with
277 * xfs_ilock() and xfs_ilock_nowait(). The caller must pass
278 * in the flags given to xfs_ilock() or xfs_ilock_nowait() so
279 * that we know which locks to drop.
280 *
281 * ip -- the inode being unlocked
282 * lock_flags -- this parameter indicates the inode's locks to be
283 * to be unlocked. See the comment for xfs_ilock() for a list
284 * of valid values for this parameter.
285 *
286 */
287void
288xfs_iunlock(
289 xfs_inode_t *ip,
290 uint lock_flags)
291{
292 /*
293 * You can't set both SHARED and EXCL for the same lock,
294 * and only XFS_IOLOCK_SHARED, XFS_IOLOCK_EXCL, XFS_ILOCK_SHARED,
295 * and XFS_ILOCK_EXCL are valid values to set in lock_flags.
296 */
297 ASSERT((lock_flags & (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL)) !=
298 (XFS_IOLOCK_SHARED | XFS_IOLOCK_EXCL));
653c60b6
DC		 299 ASSERT((lock_flags & (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL)) !=
300 (XFS_MMAPLOCK_SHARED | XFS_MMAPLOCK_EXCL));
fa96acad
DC		 301 ASSERT((lock_flags & (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL)) !=
302 (XFS_ILOCK_SHARED | XFS_ILOCK_EXCL));
0952c818 303 ASSERT((lock_flags & ~(XFS_LOCK_MASK | XFS_LOCK_SUBCLASS_MASK)) == 0);
fa96acad
DC		 304 ASSERT(lock_flags != 0);
305
306 if (lock_flags & XFS_IOLOCK_EXCL)
65523218 307 up_write(&VFS_I(ip)->i_rwsem);
fa96acad 308 else if (lock_flags & XFS_IOLOCK_SHARED)
65523218 309 up_read(&VFS_I(ip)->i_rwsem);
fa96acad 310
653c60b6
DC		 311 if (lock_flags & XFS_MMAPLOCK_EXCL)
312 mrunlock_excl(&ip->i_mmaplock);
313 else if (lock_flags & XFS_MMAPLOCK_SHARED)
314 mrunlock_shared(&ip->i_mmaplock);
315
fa96acad
DC		 316 if (lock_flags & XFS_ILOCK_EXCL)
317 mrunlock_excl(&ip->i_lock);
318 else if (lock_flags & XFS_ILOCK_SHARED)
319 mrunlock_shared(&ip->i_lock);
320
321 trace_xfs_iunlock(ip, lock_flags, _RET_IP_);
322}
323
324/*
325 * give up write locks. the i/o lock cannot be held nested
326 * if it is being demoted.
327 */
328void
329xfs_ilock_demote(
330 xfs_inode_t *ip,
331 uint lock_flags)
332{
653c60b6
DC		 333 ASSERT(lock_flags & (XFS_IOLOCK_EXCL|XFS_MMAPLOCK_EXCL|XFS_ILOCK_EXCL));
334 ASSERT((lock_flags &
335 ~(XFS_IOLOCK_EXCL|XFS_MMAPLOCK_EXCL|XFS_ILOCK_EXCL)) == 0);
fa96acad
DC		 336
337 if (lock_flags & XFS_ILOCK_EXCL)
338 mrdemote(&ip->i_lock);
653c60b6
DC		 339 if (lock_flags & XFS_MMAPLOCK_EXCL)
340 mrdemote(&ip->i_mmaplock);
fa96acad 341 if (lock_flags & XFS_IOLOCK_EXCL)
65523218 342 downgrade_write(&VFS_I(ip)->i_rwsem);
fa96acad
DC		 343
344 trace_xfs_ilock_demote(ip, lock_flags, _RET_IP_);
345}
346
742ae1e3 347#if defined(DEBUG) || defined(XFS_WARN)
fa96acad
DC		 348int
349xfs_isilocked(
350 xfs_inode_t *ip,
351 uint lock_flags)
352{
353 if (lock_flags & (XFS_ILOCK_EXCL|XFS_ILOCK_SHARED)) {
354 if (!(lock_flags & XFS_ILOCK_SHARED))
355 return !!ip->i_lock.mr_writer;
356 return rwsem_is_locked(&ip->i_lock.mr_lock);
357 }
358
653c60b6
DC		 359 if (lock_flags & (XFS_MMAPLOCK_EXCL|XFS_MMAPLOCK_SHARED)) {
360 if (!(lock_flags & XFS_MMAPLOCK_SHARED))
361 return !!ip->i_mmaplock.mr_writer;
362 return rwsem_is_locked(&ip->i_mmaplock.mr_lock);
363 }
364
fa96acad
DC		 365 if (lock_flags & (XFS_IOLOCK_EXCL|XFS_IOLOCK_SHARED)) {
366 if (!(lock_flags & XFS_IOLOCK_SHARED))
65523218
CH		 367 return !debug_locks ||
368 lockdep_is_held_type(&VFS_I(ip)->i_rwsem, 0);
369 return rwsem_is_locked(&VFS_I(ip)->i_rwsem);
fa96acad
DC		 370 }
371
372 ASSERT(0);
373 return 0;
374}
375#endif
376
b6a9947e
DC		 377/*
378 * xfs_lockdep_subclass_ok() is only used in an ASSERT, so is only called when
379 * DEBUG or XFS_WARN is set. And MAX_LOCKDEP_SUBCLASSES is then only defined
380 * when CONFIG_LOCKDEP is set. Hence the complex define below to avoid build
381 * errors and warnings.
382 */
383#if (defined(DEBUG) || defined(XFS_WARN)) && defined(CONFIG_LOCKDEP)
3403ccc0
DC		 384static bool
385xfs_lockdep_subclass_ok(
386 int subclass)
387{
388 return subclass < MAX_LOCKDEP_SUBCLASSES;
389}
390#else
391#define xfs_lockdep_subclass_ok(subclass) (true)
392#endif
393
c24b5dfa 394/*
653c60b6 395 * Bump the subclass so xfs_lock_inodes() acquires each lock with a different
0952c818
DC		 396 * value. This can be called for any type of inode lock combination, including
397 * parent locking. Care must be taken to ensure we don't overrun the subclass
398 * storage fields in the class mask we build.
c24b5dfa
DC		 399 */
400static inline int
401xfs_lock_inumorder(int lock_mode, int subclass)
402{
0952c818
DC		 403 int class = 0;
404
405 ASSERT(!(lock_mode & (XFS_ILOCK_PARENT | XFS_ILOCK_RTBITMAP |
406 XFS_ILOCK_RTSUM)));
3403ccc0 407 ASSERT(xfs_lockdep_subclass_ok(subclass));
0952c818 408
653c60b6 409 if (lock_mode & (XFS_IOLOCK_SHARED|XFS_IOLOCK_EXCL)) {
0952c818 410 ASSERT(subclass <= XFS_IOLOCK_MAX_SUBCLASS);
0952c818 411 class += subclass << XFS_IOLOCK_SHIFT;
653c60b6
DC		 412 }
413
414 if (lock_mode & (XFS_MMAPLOCK_SHARED|XFS_MMAPLOCK_EXCL)) {
0952c818
DC		 415 ASSERT(subclass <= XFS_MMAPLOCK_MAX_SUBCLASS);
416 class += subclass << XFS_MMAPLOCK_SHIFT;
653c60b6
DC		 417 }
418
0952c818
DC		 419 if (lock_mode & (XFS_ILOCK_SHARED|XFS_ILOCK_EXCL)) {
420 ASSERT(subclass <= XFS_ILOCK_MAX_SUBCLASS);
421 class += subclass << XFS_ILOCK_SHIFT;
422 }
c24b5dfa 423
0952c818 424 return (lock_mode & ~XFS_LOCK_SUBCLASS_MASK) | class;
c24b5dfa
DC		 425}
426
427/*
95afcf5c
DC		 428 * The following routine will lock n inodes in exclusive mode. We assume the
429 * caller calls us with the inodes in i_ino order.
c24b5dfa 430 *
95afcf5c
DC		 431 * We need to detect deadlock where an inode that we lock is in the AIL and we
432 * start waiting for another inode that is locked by a thread in a long running
433 * transaction (such as truncate). This can result in deadlock since the long
434 * running trans might need to wait for the inode we just locked in order to
435 * push the tail and free space in the log.
0952c818
DC		 436 *
437 * xfs_lock_inodes() can only be used to lock one type of lock at a time -
438 * the iolock, the mmaplock or the ilock, but not more than one at a time. If we
439 * lock more than one at a time, lockdep will report false positives saying we
440 * have violated locking orders.
c24b5dfa 441 */
0d5a75e9 442static void
c24b5dfa 443xfs_lock_inodes(
efe2330f
CH		 444 struct xfs_inode **ips,
445 int inodes,
446 uint lock_mode)
c24b5dfa 447{
efe2330f
CH		 448 int attempts = 0, i, j, try_lock;
449 struct xfs_log_item *lp;
c24b5dfa 450
0952c818
DC		 451 /*
452 * Currently supports between 2 and 5 inodes with exclusive locking. We
453 * support an arbitrary depth of locking here, but absolute limits on
b63da6c8 454 * inodes depend on the type of locking and the limits placed by
0952c818
DC		 455 * lockdep annotations in xfs_lock_inumorder. These are all checked by
456 * the asserts.
457 */
95afcf5c 458 ASSERT(ips && inodes >= 2 && inodes <= 5);
0952c818
DC		 459 ASSERT(lock_mode & (XFS_IOLOCK_EXCL | XFS_MMAPLOCK_EXCL |
460 XFS_ILOCK_EXCL));
461 ASSERT(!(lock_mode & (XFS_IOLOCK_SHARED | XFS_MMAPLOCK_SHARED |
462 XFS_ILOCK_SHARED)));
0952c818
DC		 463 ASSERT(!(lock_mode & XFS_MMAPLOCK_EXCL) ||
464 inodes <= XFS_MMAPLOCK_MAX_SUBCLASS + 1);
465 ASSERT(!(lock_mode & XFS_ILOCK_EXCL) ||
466 inodes <= XFS_ILOCK_MAX_SUBCLASS + 1);
467
468 if (lock_mode & XFS_IOLOCK_EXCL) {
469 ASSERT(!(lock_mode & (XFS_MMAPLOCK_EXCL | XFS_ILOCK_EXCL)));
470 } else if (lock_mode & XFS_MMAPLOCK_EXCL)
471 ASSERT(!(lock_mode & XFS_ILOCK_EXCL));
c24b5dfa
DC		 472
473 try_lock = 0;
474 i = 0;
c24b5dfa
DC		 475again:
476 for (; i < inodes; i++) {
477 ASSERT(ips[i]);
478
95afcf5c 479 if (i && (ips[i] == ips[i - 1])) /* Already locked */
c24b5dfa
DC		 480 continue;
481
482 /*
95afcf5c
DC		 483 * If try_lock is not set yet, make sure all locked inodes are
484 * not in the AIL. If any are, set try_lock to be used later.
c24b5dfa 485 */
c24b5dfa
DC		 486 if (!try_lock) {
487 for (j = (i - 1); j >= 0 && !try_lock; j--) {
b3b14aac 488 lp = &ips[j]->i_itemp->ili_item;
22525c17 489 if (lp && test_bit(XFS_LI_IN_AIL, &lp->li_flags))
c24b5dfa 490 try_lock++;
c24b5dfa
DC		 491 }
492 }
493
494 /*
495 * If any of the previous locks we have locked is in the AIL,
496 * we must TRY to get the second and subsequent locks. If
497 * we can't get any, we must release all we have
498 * and try again.
499 */
95afcf5c
DC		 500 if (!try_lock) {
501 xfs_ilock(ips[i], xfs_lock_inumorder(lock_mode, i));
502 continue;
503 }
504
505 /* try_lock means we have an inode locked that is in the AIL. */
506 ASSERT(i != 0);
507 if (xfs_ilock_nowait(ips[i], xfs_lock_inumorder(lock_mode, i)))
508 continue;
c24b5dfa 509
95afcf5c
DC		 510 /*
511 * Unlock all previous guys and try again. xfs_iunlock will try
512 * to push the tail if the inode is in the AIL.
513 */
514 attempts++;
515 for (j = i - 1; j >= 0; j--) {
c24b5dfa 516 /*
95afcf5c
DC		 517 * Check to see if we've already unlocked this one. Not
518 * the first one going back, and the inode ptr is the
519 * same.
c24b5dfa 520 */
95afcf5c
DC		 521 if (j != (i - 1) && ips[j] == ips[j + 1])
522 continue;
c24b5dfa 523
95afcf5c
DC		 524 xfs_iunlock(ips[j], lock_mode);
525 }
c24b5dfa 526
95afcf5c
DC		 527 if ((attempts % 5) == 0) {
528 delay(1); /* Don't just spin the CPU */
c24b5dfa 529 }
95afcf5c
DC		 530 i = 0;
531 try_lock = 0;
532 goto again;
c24b5dfa 533 }
c24b5dfa
DC		 534}
535
536/*
653c60b6 537 * xfs_lock_two_inodes() can only be used to lock one type of lock at a time -
7c2d238a
DW		 538 * the mmaplock or the ilock, but not more than one type at a time. If we lock
539 * more than one at a time, lockdep will report false positives saying we have
540 * violated locking orders. The iolock must be double-locked separately since
541 * we use i_rwsem for that. We now support taking one lock EXCL and the other
542 * SHARED.
c24b5dfa
DC		 543 */
544void
545xfs_lock_two_inodes(
7c2d238a
DW		 546 struct xfs_inode *ip0,
547 uint ip0_mode,
548 struct xfs_inode *ip1,
549 uint ip1_mode)
c24b5dfa 550{
7c2d238a
DW		 551 struct xfs_inode *temp;
552 uint mode_temp;
c24b5dfa 553 int attempts = 0;
efe2330f 554 struct xfs_log_item *lp;
c24b5dfa 555
7c2d238a
DW		 556 ASSERT(hweight32(ip0_mode) == 1);
557 ASSERT(hweight32(ip1_mode) == 1);
558 ASSERT(!(ip0_mode & (XFS_IOLOCK_SHARED|XFS_IOLOCK_EXCL)));
559 ASSERT(!(ip1_mode & (XFS_IOLOCK_SHARED|XFS_IOLOCK_EXCL)));
560 ASSERT(!(ip0_mode & (XFS_MMAPLOCK_SHARED|XFS_MMAPLOCK_EXCL)) ||
561 !(ip0_mode & (XFS_ILOCK_SHARED|XFS_ILOCK_EXCL)));
562 ASSERT(!(ip1_mode & (XFS_MMAPLOCK_SHARED|XFS_MMAPLOCK_EXCL)) ||
563 !(ip1_mode & (XFS_ILOCK_SHARED|XFS_ILOCK_EXCL)));
564 ASSERT(!(ip1_mode & (XFS_MMAPLOCK_SHARED|XFS_MMAPLOCK_EXCL)) ||
565 !(ip0_mode & (XFS_ILOCK_SHARED|XFS_ILOCK_EXCL)));
566 ASSERT(!(ip0_mode & (XFS_MMAPLOCK_SHARED|XFS_MMAPLOCK_EXCL)) ||
567 !(ip1_mode & (XFS_ILOCK_SHARED|XFS_ILOCK_EXCL)));
653c60b6 568
c24b5dfa
DC		 569 ASSERT(ip0->i_ino != ip1->i_ino);
570
571 if (ip0->i_ino > ip1->i_ino) {
572 temp = ip0;
573 ip0 = ip1;
574 ip1 = temp;
7c2d238a
DW		 575 mode_temp = ip0_mode;
576 ip0_mode = ip1_mode;
577 ip1_mode = mode_temp;
c24b5dfa
DC		 578 }
579
580 again:
7c2d238a 581 xfs_ilock(ip0, xfs_lock_inumorder(ip0_mode, 0));
c24b5dfa
DC		 582
583 /*
584 * If the first lock we have locked is in the AIL, we must TRY to get
585 * the second lock. If we can't get it, we must release the first one
586 * and try again.
587 */
b3b14aac 588 lp = &ip0->i_itemp->ili_item;
22525c17 589 if (lp && test_bit(XFS_LI_IN_AIL, &lp->li_flags)) {
7c2d238a
DW		 590 if (!xfs_ilock_nowait(ip1, xfs_lock_inumorder(ip1_mode, 1))) {
591 xfs_iunlock(ip0, ip0_mode);
c24b5dfa
DC		 592 if ((++attempts % 5) == 0)
593 delay(1); /* Don't just spin the CPU */
594 goto again;
595 }
596 } else {
7c2d238a 597 xfs_ilock(ip1, xfs_lock_inumorder(ip1_mode, 1));
c24b5dfa
DC		 598 }
599}
600
1da177e4
LT		 601STATIC uint
602_xfs_dic2xflags(
c8ce540d 603 uint16_t di_flags,
58f88ca2
DC		 604 uint64_t di_flags2,
605 bool has_attr)
1da177e4
LT		 606{
607 uint flags = 0;
608
609 if (di_flags & XFS_DIFLAG_ANY) {
610 if (di_flags & XFS_DIFLAG_REALTIME)
e7b89481 611 flags |= FS_XFLAG_REALTIME;
1da177e4 612 if (di_flags & XFS_DIFLAG_PREALLOC)
e7b89481 613 flags |= FS_XFLAG_PREALLOC;
1da177e4 614 if (di_flags & XFS_DIFLAG_IMMUTABLE)
e7b89481 615 flags |= FS_XFLAG_IMMUTABLE;
1da177e4 616 if (di_flags & XFS_DIFLAG_APPEND)
e7b89481 617 flags |= FS_XFLAG_APPEND;
1da177e4 618 if (di_flags & XFS_DIFLAG_SYNC)
e7b89481 619 flags |= FS_XFLAG_SYNC;
1da177e4 620 if (di_flags & XFS_DIFLAG_NOATIME)
e7b89481 621 flags |= FS_XFLAG_NOATIME;
1da177e4 622 if (di_flags & XFS_DIFLAG_NODUMP)
e7b89481 623 flags |= FS_XFLAG_NODUMP;
1da177e4 624 if (di_flags & XFS_DIFLAG_RTINHERIT)
e7b89481 625 flags |= FS_XFLAG_RTINHERIT;
1da177e4 626 if (di_flags & XFS_DIFLAG_PROJINHERIT)
e7b89481 627 flags |= FS_XFLAG_PROJINHERIT;
1da177e4 628 if (di_flags & XFS_DIFLAG_NOSYMLINKS)
e7b89481 629 flags |= FS_XFLAG_NOSYMLINKS;
dd9f438e 630 if (di_flags & XFS_DIFLAG_EXTSIZE)
e7b89481 631 flags |= FS_XFLAG_EXTSIZE;
dd9f438e 632 if (di_flags & XFS_DIFLAG_EXTSZINHERIT)
e7b89481 633 flags |= FS_XFLAG_EXTSZINHERIT;
d3446eac 634 if (di_flags & XFS_DIFLAG_NODEFRAG)
e7b89481 635 flags |= FS_XFLAG_NODEFRAG;
2a82b8be 636 if (di_flags & XFS_DIFLAG_FILESTREAM)
e7b89481 637 flags |= FS_XFLAG_FILESTREAM;
1da177e4
LT		 638 }
639
58f88ca2
DC		 640 if (di_flags2 & XFS_DIFLAG2_ANY) {
641 if (di_flags2 & XFS_DIFLAG2_DAX)
642 flags |= FS_XFLAG_DAX;
f7ca3522
DW		 643 if (di_flags2 & XFS_DIFLAG2_COWEXTSIZE)
644 flags |= FS_XFLAG_COWEXTSIZE;
58f88ca2
DC		 645 }
646
647 if (has_attr)
648 flags |= FS_XFLAG_HASATTR;
649
1da177e4
LT		 650 return flags;
651}
652
653uint
654xfs_ip2xflags(
58f88ca2 655 struct xfs_inode *ip)
1da177e4 656{
58f88ca2 657 struct xfs_icdinode *dic = &ip->i_d;
1da177e4 658
58f88ca2 659 return _xfs_dic2xflags(dic->di_flags, dic->di_flags2, XFS_IFORK_Q(ip));
1da177e4
LT		 660}
661
c24b5dfa
DC		 662/*
663 * Lookups up an inode from "name". If ci_name is not NULL, then a CI match
664 * is allowed, otherwise it has to be an exact match. If a CI match is found,
665 * ci_name->name will point to a the actual name (caller must free) or
666 * will be set to NULL if an exact match is found.
667 */
668int
669xfs_lookup(
670 xfs_inode_t *dp,
671 struct xfs_name *name,
672 xfs_inode_t **ipp,
673 struct xfs_name *ci_name)
674{
675 xfs_ino_t inum;
676 int error;
c24b5dfa
DC		 677
678 trace_xfs_lookup(dp, name);
679
680 if (XFS_FORCED_SHUTDOWN(dp->i_mount))
2451337d 681 return -EIO;
c24b5dfa 682
c24b5dfa 683 error = xfs_dir_lookup(NULL, dp, name, &inum, ci_name);
c24b5dfa 684 if (error)
dbad7c99 685 goto out_unlock;
c24b5dfa
DC		 686
687 error = xfs_iget(dp->i_mount, NULL, inum, 0, 0, ipp);
688 if (error)
689 goto out_free_name;
690
691 return 0;
692
693out_free_name:
694 if (ci_name)
695 kmem_free(ci_name->name);
dbad7c99 696out_unlock:
c24b5dfa
DC		 697 *ipp = NULL;
698 return error;
699}
700
8a569d71
DW		 701/* Propagate di_flags from a parent inode to a child inode. */
702static void
703xfs_inode_inherit_flags(
704 struct xfs_inode *ip,
705 const struct xfs_inode *pip)
706{
707 unsigned int di_flags = 0;
708 umode_t mode = VFS_I(ip)->i_mode;
709
710 if (S_ISDIR(mode)) {
711 if (pip->i_d.di_flags & XFS_DIFLAG_RTINHERIT)
712 di_flags |= XFS_DIFLAG_RTINHERIT;
713 if (pip->i_d.di_flags & XFS_DIFLAG_EXTSZINHERIT) {
714 di_flags |= XFS_DIFLAG_EXTSZINHERIT;
715 ip->i_d.di_extsize = pip->i_d.di_extsize;
716 }
717 if (pip->i_d.di_flags & XFS_DIFLAG_PROJINHERIT)
718 di_flags |= XFS_DIFLAG_PROJINHERIT;
719 } else if (S_ISREG(mode)) {
d4f2c14c
DW		 720 if ((pip->i_d.di_flags & XFS_DIFLAG_RTINHERIT) &&
721 xfs_sb_version_hasrealtime(&ip->i_mount->m_sb))
8a569d71
DW		 722 di_flags |= XFS_DIFLAG_REALTIME;
723 if (pip->i_d.di_flags & XFS_DIFLAG_EXTSZINHERIT) {
724 di_flags |= XFS_DIFLAG_EXTSIZE;
725 ip->i_d.di_extsize = pip->i_d.di_extsize;
726 }
727 }
728 if ((pip->i_d.di_flags & XFS_DIFLAG_NOATIME) &&
729 xfs_inherit_noatime)
730 di_flags |= XFS_DIFLAG_NOATIME;
731 if ((pip->i_d.di_flags & XFS_DIFLAG_NODUMP) &&
732 xfs_inherit_nodump)
733 di_flags |= XFS_DIFLAG_NODUMP;
734 if ((pip->i_d.di_flags & XFS_DIFLAG_SYNC) &&
735 xfs_inherit_sync)
736 di_flags |= XFS_DIFLAG_SYNC;
737 if ((pip->i_d.di_flags & XFS_DIFLAG_NOSYMLINKS) &&
738 xfs_inherit_nosymlinks)
739 di_flags |= XFS_DIFLAG_NOSYMLINKS;
740 if ((pip->i_d.di_flags & XFS_DIFLAG_NODEFRAG) &&
741 xfs_inherit_nodefrag)
742 di_flags |= XFS_DIFLAG_NODEFRAG;
743 if (pip->i_d.di_flags & XFS_DIFLAG_FILESTREAM)
744 di_flags |= XFS_DIFLAG_FILESTREAM;
745
746 ip->i_d.di_flags |= di_flags;
747}
748
749/* Propagate di_flags2 from a parent inode to a child inode. */
750static void
751xfs_inode_inherit_flags2(
752 struct xfs_inode *ip,
753 const struct xfs_inode *pip)
754{
755 if (pip->i_d.di_flags2 & XFS_DIFLAG2_COWEXTSIZE) {
756 ip->i_d.di_flags2 |= XFS_DIFLAG2_COWEXTSIZE;
757 ip->i_d.di_cowextsize = pip->i_d.di_cowextsize;
758 }
759 if (pip->i_d.di_flags2 & XFS_DIFLAG2_DAX)
760 ip->i_d.di_flags2 |= XFS_DIFLAG2_DAX;
761}
762
1da177e4 763/*
1abcf261
DC		 764 * Initialise a newly allocated inode and return the in-core inode to the
765 * caller locked exclusively.
1da177e4 766 */
0d5a75e9 767static int
1abcf261 768xfs_init_new_inode(
f736d93d 769 struct user_namespace *mnt_userns,
1abcf261
DC		 770 struct xfs_trans *tp,
771 struct xfs_inode *pip,
772 xfs_ino_t ino,
773 umode_t mode,
774 xfs_nlink_t nlink,
775 dev_t rdev,
776 prid_t prid,
777 struct xfs_inode **ipp)
1da177e4 778{
1abcf261
DC		 779 struct xfs_mount *mp = tp->t_mountp;
780 struct xfs_inode *ip;
781 unsigned int flags;
782 int error;
783 struct timespec64 tv;
784 struct inode *inode;
1da177e4 785
8b26984d
DC		 786 /*
787 * Protect against obviously corrupt allocation btree records. Later
788 * xfs_iget checks will catch re-allocation of other active in-memory
789 * and on-disk inodes. If we don't catch reallocating the parent inode
790 * here we will deadlock in xfs_iget() so we have to do these checks
791 * first.
792 */
793 if ((pip && ino == pip->i_ino) || !xfs_verify_dir_ino(mp, ino)) {
794 xfs_alert(mp, "Allocated a known in-use inode 0x%llx!", ino);
795 return -EFSCORRUPTED;
796 }
797
1da177e4 798 /*
1abcf261
DC		 799 * Get the in-core inode with the lock held exclusively to prevent
800 * others from looking at until we're done.
1da177e4 801 */
1abcf261 802 error = xfs_iget(mp, tp, ino, XFS_IGET_CREATE, XFS_ILOCK_EXCL, &ip);
bf904248 803 if (error)
1da177e4 804 return error;
1abcf261 805
1da177e4 806 ASSERT(ip != NULL);
3987848c 807 inode = VFS_I(ip);
c19b3b05 808 inode->i_mode = mode;
54d7b5c1 809 set_nlink(inode, nlink);
f736d93d 810 inode->i_uid = fsuid_into_mnt(mnt_userns);
66f36464 811 inode->i_rdev = rdev;
de7a866f 812 ip->i_d.di_projid = prid;
1da177e4 813
bd186aa9 814 if (pip && XFS_INHERIT_GID(pip)) {
3d8f2821 815 inode->i_gid = VFS_I(pip)->i_gid;
c19b3b05
DC		 816 if ((VFS_I(pip)->i_mode & S_ISGID) && S_ISDIR(mode))
817 inode->i_mode |= S_ISGID;
3d8f2821 818 } else {
f736d93d 819 inode->i_gid = fsgid_into_mnt(mnt_userns);
1da177e4
LT		 820 }
821
822 /*
823 * If the group ID of the new file does not match the effective group
824 * ID or one of the supplementary group IDs, the S_ISGID bit is cleared
825 * (and only if the irix_sgid_inherit compatibility variable is set).
826 */
54295159 827 if (irix_sgid_inherit &&
f736d93d
CH		 828 (inode->i_mode & S_ISGID) &&
829 !in_group_p(i_gid_into_mnt(mnt_userns, inode)))
c19b3b05 830 inode->i_mode &= ~S_ISGID;
1da177e4
LT		 831
832 ip->i_d.di_size = 0;
daf83964 833 ip->i_df.if_nextents = 0;
1da177e4 834 ASSERT(ip->i_d.di_nblocks == 0);
dff35fd4 835
c2050a45 836 tv = current_time(inode);
3987848c
DC		 837 inode->i_mtime = tv;
838 inode->i_atime = tv;
839 inode->i_ctime = tv;
dff35fd4 840
1da177e4
LT		 841 ip->i_d.di_extsize = 0;
842 ip->i_d.di_dmevmask = 0;
843 ip->i_d.di_dmstate = 0;
844 ip->i_d.di_flags = 0;
93848a99 845
6471e9c5 846 if (xfs_sb_version_has_v3inode(&mp->m_sb)) {
f0e28280 847 inode_set_iversion(inode, 1);
f93e5436 848 ip->i_d.di_flags2 = mp->m_ino_geo.new_diflags2;
f7ca3522 849 ip->i_d.di_cowextsize = 0;
8d2d878d 850 ip->i_d.di_crtime = tv;
93848a99
CH		 851 }
852
1da177e4
LT		 853 flags = XFS_ILOG_CORE;
854 switch (mode & S_IFMT) {
855 case S_IFIFO:
856 case S_IFCHR:
857 case S_IFBLK:
858 case S_IFSOCK:
f7e67b20 859 ip->i_df.if_format = XFS_DINODE_FMT_DEV;
1da177e4
LT		 860 ip->i_df.if_flags = 0;
861 flags |= XFS_ILOG_DEV;
862 break;
863 case S_IFREG:
864 case S_IFDIR:
8a569d71
DW		 865 if (pip && (pip->i_d.di_flags & XFS_DIFLAG_ANY))
866 xfs_inode_inherit_flags(ip, pip);
867 if (pip && (pip->i_d.di_flags2 & XFS_DIFLAG2_ANY))
868 xfs_inode_inherit_flags2(ip, pip);
1da177e4
LT		 869 /* FALLTHROUGH */
870 case S_IFLNK:
f7e67b20 871 ip->i_df.if_format = XFS_DINODE_FMT_EXTENTS;
1da177e4 872 ip->i_df.if_flags = XFS_IFEXTENTS;
fcacbc3f 873 ip->i_df.if_bytes = 0;
6bdcf26a 874 ip->i_df.if_u1.if_root = NULL;
1da177e4
LT		 875 break;
876 default:
877 ASSERT(0);
878 }
1da177e4
LT		 879
880 /*
881 * Log the new values stuffed into the inode.
882 */
ddc3415a 883 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
1da177e4
LT		 884 xfs_trans_log_inode(tp, ip, flags);
885
58c90473 886 /* now that we have an i_mode we can setup the inode structure */
41be8bed 887 xfs_setup_inode(ip);
1da177e4
LT		 888
889 *ipp = ip;
890 return 0;
891}
892
e546cb79 893/*
1abcf261
DC		 894 * Allocates a new inode from disk and return a pointer to the incore copy. This
895 * routine will internally commit the current transaction and allocate a new one
896 * if we needed to allocate more on-disk free inodes to perform the requested
897 * operation.
e546cb79 898 *
1abcf261
DC		 899 * If we are allocating quota inodes, we do not have a parent inode to attach to
900 * or associate with (i.e. dp == NULL) because they are not linked into the
901 * directory structure - they are attached directly to the superblock - and so
902 * have no parent.
e546cb79
DC		 903 */
904int
905xfs_dir_ialloc(
f736d93d 906 struct user_namespace *mnt_userns,
1abcf261
DC		 907 struct xfs_trans **tpp,
908 struct xfs_inode *dp,
909 umode_t mode,
910 xfs_nlink_t nlink,
911 dev_t rdev,
912 prid_t prid,
913 struct xfs_inode **ipp)
e546cb79 914{
8d822dc3 915 struct xfs_buf *agibp;
1abcf261
DC		 916 xfs_ino_t parent_ino = dp ? dp->i_ino : 0;
917 xfs_ino_t ino;
918 int error;
e546cb79 919
1abcf261 920 ASSERT((*tpp)->t_flags & XFS_TRANS_PERM_LOG_RES);
e546cb79
DC		 921
922 /*
1abcf261 923 * Call the space management code to pick the on-disk inode to be
f3bf6e0f 924 * allocated.
e546cb79 925 */
8d822dc3 926 error = xfs_dialloc_select_ag(tpp, parent_ino, mode, &agibp);
1abcf261
DC		 927 if (error)
928 return error;
e546cb79 929
8d822dc3 930 if (!agibp)
1abcf261 931 return -ENOSPC;
e546cb79 932
8d822dc3
DC		 933 /* Allocate an inode from the selected AG */
934 error = xfs_dialloc_ag(*tpp, agibp, parent_ino, &ino);
935 if (error)
936 return error;
937 ASSERT(ino != NULLFSINO);
938
f736d93d
CH		 939 return xfs_init_new_inode(mnt_userns, *tpp, dp, ino, mode, nlink, rdev,
940 prid, ipp);
e546cb79
DC		 941}
942
943/*
54d7b5c1
DC		 944 * Decrement the link count on an inode & log the change. If this causes the
945 * link count to go to zero, move the inode to AGI unlinked list so that it can
946 * be freed when the last active reference goes away via xfs_inactive().
e546cb79 947 */
0d5a75e9 948static int /* error */
e546cb79
DC		 949xfs_droplink(
950 xfs_trans_t *tp,
951 xfs_inode_t *ip)
952{
e546cb79
DC		 953 xfs_trans_ichgtime(tp, ip, XFS_ICHGTIME_CHG);
954
e546cb79
DC		 955 drop_nlink(VFS_I(ip));
956 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
957
54d7b5c1
DC		 958 if (VFS_I(ip)->i_nlink)
959 return 0;
960
961 return xfs_iunlink(tp, ip);
e546cb79
DC		 962}
963
e546cb79
DC		 964/*
965 * Increment the link count on an inode & log the change.
966 */
91083269 967static void
e546cb79
DC		 968xfs_bumplink(
969 xfs_trans_t *tp,
970 xfs_inode_t *ip)
971{
972 xfs_trans_ichgtime(tp, ip, XFS_ICHGTIME_CHG);
973
e546cb79 974 inc_nlink(VFS_I(ip));
e546cb79 975 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
e546cb79
DC		 976}
977
c24b5dfa
DC		 978int
979xfs_create(
f736d93d 980 struct user_namespace *mnt_userns,
c24b5dfa
DC		 981 xfs_inode_t *dp,
982 struct xfs_name *name,
983 umode_t mode,
66f36464 984 dev_t rdev,
c24b5dfa
DC		 985 xfs_inode_t **ipp)
986{
987 int is_dir = S_ISDIR(mode);
988 struct xfs_mount *mp = dp->i_mount;
989 struct xfs_inode *ip = NULL;
990 struct xfs_trans *tp = NULL;
991 int error;
c24b5dfa 992 bool unlock_dp_on_error = false;
c24b5dfa
DC		 993 prid_t prid;
994 struct xfs_dquot *udqp = NULL;
995 struct xfs_dquot *gdqp = NULL;
996 struct xfs_dquot *pdqp = NULL;
062647a8 997 struct xfs_trans_res *tres;
c24b5dfa 998 uint resblks;
c24b5dfa
DC		 999
1000 trace_xfs_create(dp, name);
1001
1002 if (XFS_FORCED_SHUTDOWN(mp))
2451337d 1003 return -EIO;
c24b5dfa 1004
163467d3 1005 prid = xfs_get_initial_prid(dp);
c24b5dfa
DC		 1006
1007 /*
1008 * Make sure that we have allocated dquot(s) on disk.
1009 */
54295159 1010 error = xfs_qm_vop_dqalloc(dp, current_fsuid(), current_fsgid(), prid,
c24b5dfa
DC		 1011 XFS_QMOPT_QUOTALL | XFS_QMOPT_INHERIT,
1012 &udqp, &gdqp, &pdqp);
1013 if (error)
1014 return error;
1015
1016 if (is_dir) {
c24b5dfa 1017 resblks = XFS_MKDIR_SPACE_RES(mp, name->len);
062647a8 1018 tres = &M_RES(mp)->tr_mkdir;
c24b5dfa
DC		 1019 } else {
1020 resblks = XFS_CREATE_SPACE_RES(mp, name->len);
062647a8 1021 tres = &M_RES(mp)->tr_create;
c24b5dfa
DC		 1022 }
1023
c24b5dfa
DC		 1024 /*
1025 * Initially assume that the file does not exist and
1026 * reserve the resources for that case. If that is not
1027 * the case we'll drop the one we have and get a more
1028 * appropriate transaction later.
1029 */
253f4911 1030 error = xfs_trans_alloc(mp, tres, resblks, 0, 0, &tp);
2451337d 1031 if (error == -ENOSPC) {
c24b5dfa
DC		 1032 /* flush outstanding delalloc blocks and retry */
1033 xfs_flush_inodes(mp);
253f4911 1034 error = xfs_trans_alloc(mp, tres, resblks, 0, 0, &tp);
c24b5dfa 1035 }
4906e215 1036 if (error)
253f4911 1037 goto out_release_inode;
c24b5dfa 1038
65523218 1039 xfs_ilock(dp, XFS_ILOCK_EXCL | XFS_ILOCK_PARENT);
c24b5dfa
DC		 1040 unlock_dp_on_error = true;
1041
c24b5dfa
DC		 1042 /*
1043 * Reserve disk quota and the inode.
1044 */
1045 error = xfs_trans_reserve_quota(tp, mp, udqp, gdqp,
1046 pdqp, resblks, 1, 0);
1047 if (error)
1048 goto out_trans_cancel;
1049
c24b5dfa
DC		 1050 /*
1051 * A newly created regular or special file just has one directory
1052 * entry pointing to them, but a directory also the "." entry
1053 * pointing to itself.
1054 */
f736d93d
CH		 1055 error = xfs_dir_ialloc(mnt_userns, &tp, dp, mode, is_dir ? 2 : 1, rdev,
1056 prid, &ip);
d6077aa3 1057 if (error)
4906e215 1058 goto out_trans_cancel;
c24b5dfa
DC		 1059
1060 /*
1061 * Now we join the directory inode to the transaction. We do not do it
1062 * earlier because xfs_dir_ialloc might commit the previous transaction
1063 * (and release all the locks). An error from here on will result in
1064 * the transaction cancel unlocking dp so don't do it explicitly in the
1065 * error path.
1066 */
65523218 1067 xfs_trans_ijoin(tp, dp, XFS_ILOCK_EXCL);
c24b5dfa
DC		 1068 unlock_dp_on_error = false;
1069
381eee69 1070 error = xfs_dir_createname(tp, dp, name, ip->i_ino,
63337b63 1071 resblks - XFS_IALLOC_SPACE_RES(mp));
c24b5dfa 1072 if (error) {
2451337d 1073 ASSERT(error != -ENOSPC);
4906e215 1074 goto out_trans_cancel;
c24b5dfa
DC		 1075 }
1076 xfs_trans_ichgtime(tp, dp, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
1077 xfs_trans_log_inode(tp, dp, XFS_ILOG_CORE);
1078
1079 if (is_dir) {
1080 error = xfs_dir_init(tp, ip, dp);
1081 if (error)
c8eac49e 1082 goto out_trans_cancel;
c24b5dfa 1083
91083269 1084 xfs_bumplink(tp, dp);
c24b5dfa
DC		 1085 }
1086
1087 /*
1088 * If this is a synchronous mount, make sure that the
1089 * create transaction goes to disk before returning to
1090 * the user.
1091 */
1092 if (mp->m_flags & (XFS_MOUNT_WSYNC|XFS_MOUNT_DIRSYNC))
1093 xfs_trans_set_sync(tp);
1094
1095 /*
1096 * Attach the dquot(s) to the inodes and modify them incore.
1097 * These ids of the inode couldn't have changed since the new
1098 * inode has been locked ever since it was created.
1099 */
1100 xfs_qm_vop_create_dqattach(tp, ip, udqp, gdqp, pdqp);
1101
70393313 1102 error = xfs_trans_commit(tp);
c24b5dfa
DC		 1103 if (error)
1104 goto out_release_inode;
1105
1106 xfs_qm_dqrele(udqp);
1107 xfs_qm_dqrele(gdqp);
1108 xfs_qm_dqrele(pdqp);
1109
1110 *ipp = ip;
1111 return 0;
1112
c24b5dfa 1113 out_trans_cancel:
4906e215 1114 xfs_trans_cancel(tp);
c24b5dfa
DC		 1115 out_release_inode:
1116 /*
58c90473
DC		 1117 * Wait until after the current transaction is aborted to finish the
1118 * setup of the inode and release the inode. This prevents recursive
1119 * transactions and deadlocks from xfs_inactive.
c24b5dfa 1120 */
58c90473
DC		 1121 if (ip) {
1122 xfs_finish_inode_setup(ip);
44a8736b 1123 xfs_irele(ip);
58c90473 1124 }
c24b5dfa
DC		 1125
1126 xfs_qm_dqrele(udqp);
1127 xfs_qm_dqrele(gdqp);
1128 xfs_qm_dqrele(pdqp);
1129
1130 if (unlock_dp_on_error)
65523218 1131 xfs_iunlock(dp, XFS_ILOCK_EXCL);
c24b5dfa
DC		 1132 return error;
1133}
1134
99b6436b
ZYW		 1135int
1136xfs_create_tmpfile(
f736d93d 1137 struct user_namespace *mnt_userns,
99b6436b 1138 struct xfs_inode *dp,
330033d6
BF		 1139 umode_t mode,
1140 struct xfs_inode **ipp)
99b6436b
ZYW		 1141{
1142 struct xfs_mount *mp = dp->i_mount;
1143 struct xfs_inode *ip = NULL;
1144 struct xfs_trans *tp = NULL;
1145 int error;
99b6436b
ZYW		 1146 prid_t prid;
1147 struct xfs_dquot *udqp = NULL;
1148 struct xfs_dquot *gdqp = NULL;
1149 struct xfs_dquot *pdqp = NULL;
1150 struct xfs_trans_res *tres;
1151 uint resblks;
1152
1153 if (XFS_FORCED_SHUTDOWN(mp))
2451337d 1154 return -EIO;
99b6436b
ZYW		 1155
1156 prid = xfs_get_initial_prid(dp);
1157
1158 /*
1159 * Make sure that we have allocated dquot(s) on disk.
1160 */
54295159 1161 error = xfs_qm_vop_dqalloc(dp, current_fsuid(), current_fsgid(), prid,
99b6436b
ZYW		 1162 XFS_QMOPT_QUOTALL | XFS_QMOPT_INHERIT,
1163 &udqp, &gdqp, &pdqp);
1164 if (error)
1165 return error;
1166
1167 resblks = XFS_IALLOC_SPACE_RES(mp);
99b6436b 1168 tres = &M_RES(mp)->tr_create_tmpfile;
253f4911
CH		 1169
1170 error = xfs_trans_alloc(mp, tres, resblks, 0, 0, &tp);
4906e215 1171 if (error)
253f4911 1172 goto out_release_inode;
99b6436b
ZYW		 1173
1174 error = xfs_trans_reserve_quota(tp, mp, udqp, gdqp,
1175 pdqp, resblks, 1, 0);
1176 if (error)
1177 goto out_trans_cancel;
1178
f736d93d 1179 error = xfs_dir_ialloc(mnt_userns, &tp, dp, mode, 0, 0, prid, &ip);
d6077aa3 1180 if (error)
4906e215 1181 goto out_trans_cancel;
99b6436b
ZYW		 1182
1183 if (mp->m_flags & XFS_MOUNT_WSYNC)
1184 xfs_trans_set_sync(tp);
1185
1186 /*
1187 * Attach the dquot(s) to the inodes and modify them incore.
1188 * These ids of the inode couldn't have changed since the new
1189 * inode has been locked ever since it was created.
1190 */
1191 xfs_qm_vop_create_dqattach(tp, ip, udqp, gdqp, pdqp);
1192
99b6436b
ZYW		 1193 error = xfs_iunlink(tp, ip);
1194 if (error)
4906e215 1195 goto out_trans_cancel;
99b6436b 1196
70393313 1197 error = xfs_trans_commit(tp);
99b6436b
ZYW		 1198 if (error)
1199 goto out_release_inode;
1200
1201 xfs_qm_dqrele(udqp);
1202 xfs_qm_dqrele(gdqp);
1203 xfs_qm_dqrele(pdqp);
1204
330033d6 1205 *ipp = ip;
99b6436b
ZYW		 1206 return 0;
1207
99b6436b 1208 out_trans_cancel:
4906e215 1209 xfs_trans_cancel(tp);
99b6436b
ZYW		 1210 out_release_inode:
1211 /*
58c90473
DC		 1212 * Wait until after the current transaction is aborted to finish the
1213 * setup of the inode and release the inode. This prevents recursive
1214 * transactions and deadlocks from xfs_inactive.
99b6436b 1215 */
58c90473
DC		 1216 if (ip) {
1217 xfs_finish_inode_setup(ip);
44a8736b 1218 xfs_irele(ip);
58c90473 1219 }
99b6436b
ZYW		 1220
1221 xfs_qm_dqrele(udqp);
1222 xfs_qm_dqrele(gdqp);
1223 xfs_qm_dqrele(pdqp);
1224
1225 return error;
1226}
1227
c24b5dfa
DC		 1228int
1229xfs_link(
1230 xfs_inode_t *tdp,
1231 xfs_inode_t *sip,
1232 struct xfs_name *target_name)
1233{
1234 xfs_mount_t *mp = tdp->i_mount;
1235 xfs_trans_t *tp;
1236 int error;
c24b5dfa
DC		 1237 int resblks;
1238
1239 trace_xfs_link(tdp, target_name);
1240
c19b3b05 1241 ASSERT(!S_ISDIR(VFS_I(sip)->i_mode));
c24b5dfa
DC		 1242
1243 if (XFS_FORCED_SHUTDOWN(mp))
2451337d 1244 return -EIO;
c24b5dfa 1245
c14cfcca 1246 error = xfs_qm_dqattach(sip);
c24b5dfa
DC		 1247 if (error)
1248 goto std_return;
1249
c14cfcca 1250 error = xfs_qm_dqattach(tdp);
c24b5dfa
DC		 1251 if (error)
1252 goto std_return;
1253
c24b5dfa 1254 resblks = XFS_LINK_SPACE_RES(mp, target_name->len);
253f4911 1255 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_link, resblks, 0, 0, &tp);
2451337d 1256 if (error == -ENOSPC) {
c24b5dfa 1257 resblks = 0;
253f4911 1258 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_link, 0, 0, 0, &tp);
c24b5dfa 1259 }
4906e215 1260 if (error)
253f4911 1261 goto std_return;
c24b5dfa 1262
7c2d238a 1263 xfs_lock_two_inodes(sip, XFS_ILOCK_EXCL, tdp, XFS_ILOCK_EXCL);
c24b5dfa
DC		 1264
1265 xfs_trans_ijoin(tp, sip, XFS_ILOCK_EXCL);
65523218 1266 xfs_trans_ijoin(tp, tdp, XFS_ILOCK_EXCL);
c24b5dfa
DC		 1267
1268 /*
1269 * If we are using project inheritance, we only allow hard link
1270 * creation in our tree when the project IDs are the same; else
1271 * the tree quota mechanism could be circumvented.
1272 */
1273 if (unlikely((tdp->i_d.di_flags & XFS_DIFLAG_PROJINHERIT) &&
de7a866f 1274 tdp->i_d.di_projid != sip->i_d.di_projid)) {
2451337d 1275 error = -EXDEV;
c24b5dfa
DC		 1276 goto error_return;
1277 }
1278
94f3cad5
ES		 1279 if (!resblks) {
1280 error = xfs_dir_canenter(tp, tdp, target_name);
1281 if (error)
1282 goto error_return;
1283 }
c24b5dfa 1284
54d7b5c1
DC		 1285 /*
1286 * Handle initial link state of O_TMPFILE inode
1287 */
1288 if (VFS_I(sip)->i_nlink == 0) {
ab297431
ZYW		 1289 error = xfs_iunlink_remove(tp, sip);
1290 if (error)
4906e215 1291 goto error_return;
ab297431
ZYW		 1292 }
1293
c24b5dfa 1294 error = xfs_dir_createname(tp, tdp, target_name, sip->i_ino,
381eee69 1295 resblks);
c24b5dfa 1296 if (error)
4906e215 1297 goto error_return;
c24b5dfa
DC		 1298 xfs_trans_ichgtime(tp, tdp, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
1299 xfs_trans_log_inode(tp, tdp, XFS_ILOG_CORE);
1300
91083269 1301 xfs_bumplink(tp, sip);
c24b5dfa
DC		 1302
1303 /*
1304 * If this is a synchronous mount, make sure that the
1305 * link transaction goes to disk before returning to
1306 * the user.
1307 */
f6106efa 1308 if (mp->m_flags & (XFS_MOUNT_WSYNC|XFS_MOUNT_DIRSYNC))
c24b5dfa 1309 xfs_trans_set_sync(tp);
c24b5dfa 1310
70393313 1311 return xfs_trans_commit(tp);
c24b5dfa 1312
c24b5dfa 1313 error_return:
4906e215 1314 xfs_trans_cancel(tp);
c24b5dfa
DC		 1315 std_return:
1316 return error;
1317}
1318
363e59ba
DW		 1319/* Clear the reflink flag and the cowblocks tag if possible. */
1320static void
1321xfs_itruncate_clear_reflink_flags(
1322 struct xfs_inode *ip)
1323{
1324 struct xfs_ifork *dfork;
1325 struct xfs_ifork *cfork;
1326
1327 if (!xfs_is_reflink_inode(ip))
1328 return;
1329 dfork = XFS_IFORK_PTR(ip, XFS_DATA_FORK);
1330 cfork = XFS_IFORK_PTR(ip, XFS_COW_FORK);
1331 if (dfork->if_bytes == 0 && cfork->if_bytes == 0)
1332 ip->i_d.di_flags2 &= ~XFS_DIFLAG2_REFLINK;
1333 if (cfork->if_bytes == 0)
1334 xfs_inode_clear_cowblocks_tag(ip);
1335}
1336
1da177e4 1337/*
8f04c47a
CH		 1338 * Free up the underlying blocks past new_size. The new size must be smaller
1339 * than the current size. This routine can be used both for the attribute and
1340 * data fork, and does not modify the inode size, which is left to the caller.
1da177e4 1341 *
f6485057
DC		 1342 * The transaction passed to this routine must have made a permanent log
1343 * reservation of at least XFS_ITRUNCATE_LOG_RES. This routine may commit the
1344 * given transaction and start new ones, so make sure everything involved in
1345 * the transaction is tidy before calling here. Some transaction will be
1346 * returned to the caller to be committed. The incoming transaction must
1347 * already include the inode, and both inode locks must be held exclusively.
1348 * The inode must also be "held" within the transaction. On return the inode
1349 * will be "held" within the returned transaction. This routine does NOT
1350 * require any disk space to be reserved for it within the transaction.
1da177e4 1351 *
f6485057
DC		 1352 * If we get an error, we must return with the inode locked and linked into the
1353 * current transaction. This keeps things simple for the higher level code,
1354 * because it always knows that the inode is locked and held in the transaction
1355 * that returns to it whether errors occur or not. We don't mark the inode
1356 * dirty on error so that transactions can be easily aborted if possible.
1da177e4
LT		 1357 */
1358int
4e529339 1359xfs_itruncate_extents_flags(
8f04c47a
CH		 1360 struct xfs_trans **tpp,
1361 struct xfs_inode *ip,
1362 int whichfork,
13b86fc3 1363 xfs_fsize_t new_size,
4e529339 1364 int flags)
1da177e4 1365{
8f04c47a
CH		 1366 struct xfs_mount *mp = ip->i_mount;
1367 struct xfs_trans *tp = *tpp;
8f04c47a 1368 xfs_fileoff_t first_unmap_block;
8f04c47a 1369 xfs_filblks_t unmap_len;
8f04c47a 1370 int error = 0;
1da177e4 1371
0b56185b
CH		 1372 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
1373 ASSERT(!atomic_read(&VFS_I(ip)->i_count) ||
1374 xfs_isilocked(ip, XFS_IOLOCK_EXCL));
ce7ae151 1375 ASSERT(new_size <= XFS_ISIZE(ip));
8f04c47a 1376 ASSERT(tp->t_flags & XFS_TRANS_PERM_LOG_RES);
1da177e4 1377 ASSERT(ip->i_itemp != NULL);
898621d5 1378 ASSERT(ip->i_itemp->ili_lock_flags == 0);
8f04c47a 1379 ASSERT(!XFS_NOT_DQATTACHED(mp, ip));
1da177e4 1380
673e8e59
CH		 1381 trace_xfs_itruncate_extents_start(ip, new_size);
1382
4e529339 1383 flags |= xfs_bmapi_aflag(whichfork);
13b86fc3 1384
1da177e4
LT		 1385 /*
1386 * Since it is possible for space to become allocated beyond
1387 * the end of the file (in a crash where the space is allocated
1388 * but the inode size is not yet updated), simply remove any
1389 * blocks which show up between the new EOF and the maximum
4bbb04ab
DW		 1390 * possible file size.
1391 *
1392 * We have to free all the blocks to the bmbt maximum offset, even if
1393 * the page cache can't scale that far.
1da177e4 1394 */
8f04c47a 1395 first_unmap_block = XFS_B_TO_FSB(mp, (xfs_ufsize_t)new_size);
33005fd0 1396 if (!xfs_verify_fileoff(mp, first_unmap_block)) {
4bbb04ab 1397 WARN_ON_ONCE(first_unmap_block > XFS_MAX_FILEOFF);
8f04c47a 1398 return 0;
4bbb04ab 1399 }
8f04c47a 1400
4bbb04ab
DW		 1401 unmap_len = XFS_MAX_FILEOFF - first_unmap_block + 1;
1402 while (unmap_len > 0) {
02dff7bf 1403 ASSERT(tp->t_firstblock == NULLFSBLOCK);
4bbb04ab
DW		 1404 error = __xfs_bunmapi(tp, ip, first_unmap_block, &unmap_len,
1405 flags, XFS_ITRUNC_MAX_EXTENTS);
8f04c47a 1406 if (error)
d5a2e289 1407 goto out;
1da177e4 1408
6dd379c7 1409 /* free the just unmapped extents */
9e28a242 1410 error = xfs_defer_finish(&tp);
8f04c47a 1411 if (error)
9b1f4e98 1412 goto out;
1da177e4 1413 }
8f04c47a 1414
4919d42a
DW		 1415 if (whichfork == XFS_DATA_FORK) {
1416 /* Remove all pending CoW reservations. */
1417 error = xfs_reflink_cancel_cow_blocks(ip, &tp,
4bbb04ab 1418 first_unmap_block, XFS_MAX_FILEOFF, true);
4919d42a
DW		 1419 if (error)
1420 goto out;
aa8968f2 1421
4919d42a
DW		 1422 xfs_itruncate_clear_reflink_flags(ip);
1423 }
aa8968f2 1424
673e8e59
CH		 1425 /*
1426 * Always re-log the inode so that our permanent transaction can keep
1427 * on rolling it forward in the log.
1428 */
1429 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
1430
1431 trace_xfs_itruncate_extents_end(ip, new_size);
1432
8f04c47a
CH		 1433out:
1434 *tpp = tp;
1435 return error;
8f04c47a
CH		 1436}
1437
c24b5dfa
DC		 1438int
1439xfs_release(
1440 xfs_inode_t *ip)
1441{
1442 xfs_mount_t *mp = ip->i_mount;
1443 int error;
1444
c19b3b05 1445 if (!S_ISREG(VFS_I(ip)->i_mode) || (VFS_I(ip)->i_mode == 0))
c24b5dfa
DC		 1446 return 0;
1447
1448 /* If this is a read-only mount, don't do this (would generate I/O) */
1449 if (mp->m_flags & XFS_MOUNT_RDONLY)
1450 return 0;
1451
1452 if (!XFS_FORCED_SHUTDOWN(mp)) {
1453 int truncated;
1454
c24b5dfa
DC		 1455 /*
1456 * If we previously truncated this file and removed old data
1457 * in the process, we want to initiate "early" writeout on
1458 * the last close. This is an attempt to combat the notorious
1459 * NULL files problem which is particularly noticeable from a
1460 * truncate down, buffered (re-)write (delalloc), followed by
1461 * a crash. What we are effectively doing here is
1462 * significantly reducing the time window where we'd otherwise
1463 * be exposed to that problem.
1464 */
1465 truncated = xfs_iflags_test_and_clear(ip, XFS_ITRUNCATED);
1466 if (truncated) {
1467 xfs_iflags_clear(ip, XFS_IDIRTY_RELEASE);
eac152b4 1468 if (ip->i_delayed_blks > 0) {
2451337d 1469 error = filemap_flush(VFS_I(ip)->i_mapping);
c24b5dfa
DC		 1470 if (error)
1471 return error;
1472 }
1473 }
1474 }
1475
54d7b5c1 1476 if (VFS_I(ip)->i_nlink == 0)
c24b5dfa
DC		 1477 return 0;
1478
1479 if (xfs_can_free_eofblocks(ip, false)) {
1480
a36b9261
BF		 1481 /*
1482 * Check if the inode is being opened, written and closed
1483 * frequently and we have delayed allocation blocks outstanding
1484 * (e.g. streaming writes from the NFS server), truncating the
1485 * blocks past EOF will cause fragmentation to occur.
1486 *
1487 * In this case don't do the truncation, but we have to be
1488 * careful how we detect this case. Blocks beyond EOF show up as
1489 * i_delayed_blks even when the inode is clean, so we need to
1490 * truncate them away first before checking for a dirty release.
1491 * Hence on the first dirty close we will still remove the
1492 * speculative allocation, but after that we will leave it in
1493 * place.
1494 */
1495 if (xfs_iflags_test(ip, XFS_IDIRTY_RELEASE))
1496 return 0;
c24b5dfa
DC		 1497 /*
1498 * If we can't get the iolock just skip truncating the blocks
c1e8d7c6 1499 * past EOF because we could deadlock with the mmap_lock
a36b9261 1500 * otherwise. We'll get another chance to drop them once the
c24b5dfa
DC		 1501 * last reference to the inode is dropped, so we'll never leak
1502 * blocks permanently.
c24b5dfa 1503 */
a36b9261
BF		 1504 if (xfs_ilock_nowait(ip, XFS_IOLOCK_EXCL)) {
1505 error = xfs_free_eofblocks(ip);
1506 xfs_iunlock(ip, XFS_IOLOCK_EXCL);
1507 if (error)
1508 return error;
1509 }
c24b5dfa
DC		 1510
1511 /* delalloc blocks after truncation means it really is dirty */
1512 if (ip->i_delayed_blks)
1513 xfs_iflags_set(ip, XFS_IDIRTY_RELEASE);
1514 }
1515 return 0;
1516}
1517
f7be2d7f
BF		 1518/*
1519 * xfs_inactive_truncate
1520 *
1521 * Called to perform a truncate when an inode becomes unlinked.
1522 */
1523STATIC int
1524xfs_inactive_truncate(
1525 struct xfs_inode *ip)
1526{
1527 struct xfs_mount *mp = ip->i_mount;
1528 struct xfs_trans *tp;
1529 int error;
1530
253f4911 1531 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp);
f7be2d7f
BF		 1532 if (error) {
1533 ASSERT(XFS_FORCED_SHUTDOWN(mp));
f7be2d7f
BF		 1534 return error;
1535 }
f7be2d7f
BF		 1536 xfs_ilock(ip, XFS_ILOCK_EXCL);
1537 xfs_trans_ijoin(tp, ip, 0);
1538
1539 /*
1540 * Log the inode size first to prevent stale data exposure in the event
1541 * of a system crash before the truncate completes. See the related
69bca807 1542 * comment in xfs_vn_setattr_size() for details.
f7be2d7f
BF		 1543 */
1544 ip->i_d.di_size = 0;
1545 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
1546
1547 error = xfs_itruncate_extents(&tp, ip, XFS_DATA_FORK, 0);
1548 if (error)
1549 goto error_trans_cancel;
1550
daf83964 1551 ASSERT(ip->i_df.if_nextents == 0);
f7be2d7f 1552
70393313 1553 error = xfs_trans_commit(tp);
f7be2d7f
BF		 1554 if (error)
1555 goto error_unlock;
1556
1557 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1558 return 0;
1559
1560error_trans_cancel:
4906e215 1561 xfs_trans_cancel(tp);
f7be2d7f
BF		 1562error_unlock:
1563 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1564 return error;
1565}
1566
88877d2b
BF		 1567/*
1568 * xfs_inactive_ifree()
1569 *
1570 * Perform the inode free when an inode is unlinked.
1571 */
1572STATIC int
1573xfs_inactive_ifree(
1574 struct xfs_inode *ip)
1575{
88877d2b
BF		 1576 struct xfs_mount *mp = ip->i_mount;
1577 struct xfs_trans *tp;
1578 int error;
1579
9d43b180 1580 /*
76d771b4
CH		 1581 * We try to use a per-AG reservation for any block needed by the finobt
1582 * tree, but as the finobt feature predates the per-AG reservation
1583 * support a degraded file system might not have enough space for the
1584 * reservation at mount time. In that case try to dip into the reserved
1585 * pool and pray.
9d43b180
BF		 1586 *
1587 * Send a warning if the reservation does happen to fail, as the inode
1588 * now remains allocated and sits on the unlinked list until the fs is
1589 * repaired.
1590 */
e1f6ca11 1591 if (unlikely(mp->m_finobt_nores)) {
76d771b4
CH		 1592 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ifree,
1593 XFS_IFREE_SPACE_RES(mp), 0, XFS_TRANS_RESERVE,
1594 &tp);
1595 } else {
1596 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_ifree, 0, 0, 0, &tp);
1597 }
88877d2b 1598 if (error) {
2451337d 1599 if (error == -ENOSPC) {
9d43b180
BF		 1600 xfs_warn_ratelimited(mp,
1601 "Failed to remove inode(s) from unlinked list. "
1602 "Please free space, unmount and run xfs_repair.");
1603 } else {
1604 ASSERT(XFS_FORCED_SHUTDOWN(mp));
1605 }
88877d2b
BF		 1606 return error;
1607 }
1608
96355d5a
DC		 1609 /*
1610 * We do not hold the inode locked across the entire rolling transaction
1611 * here. We only need to hold it for the first transaction that
1612 * xfs_ifree() builds, which may mark the inode XFS_ISTALE if the
1613 * underlying cluster buffer is freed. Relogging an XFS_ISTALE inode
1614 * here breaks the relationship between cluster buffer invalidation and
1615 * stale inode invalidation on cluster buffer item journal commit
1616 * completion, and can result in leaving dirty stale inodes hanging
1617 * around in memory.
1618 *
1619 * We have no need for serialising this inode operation against other
1620 * operations - we freed the inode and hence reallocation is required
1621 * and that will serialise on reallocating the space the deferops need
1622 * to free. Hence we can unlock the inode on the first commit of
1623 * the transaction rather than roll it right through the deferops. This
1624 * avoids relogging the XFS_ISTALE inode.
1625 *
1626 * We check that xfs_ifree() hasn't grown an internal transaction roll
1627 * by asserting that the inode is still locked when it returns.
1628 */
88877d2b 1629 xfs_ilock(ip, XFS_ILOCK_EXCL);
96355d5a 1630 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
88877d2b 1631
0e0417f3 1632 error = xfs_ifree(tp, ip);
96355d5a 1633 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
88877d2b
BF		 1634 if (error) {
1635 /*
1636 * If we fail to free the inode, shut down. The cancel
1637 * might do that, we need to make sure. Otherwise the
1638 * inode might be lost for a long time or forever.
1639 */
1640 if (!XFS_FORCED_SHUTDOWN(mp)) {
1641 xfs_notice(mp, "%s: xfs_ifree returned error %d",
1642 __func__, error);
1643 xfs_force_shutdown(mp, SHUTDOWN_META_IO_ERROR);
1644 }
4906e215 1645 xfs_trans_cancel(tp);
88877d2b
BF		 1646 return error;
1647 }
1648
1649 /*
1650 * Credit the quota account(s). The inode is gone.
1651 */
1652 xfs_trans_mod_dquot_byino(tp, ip, XFS_TRANS_DQ_ICOUNT, -1);
1653
1654 /*
d4a97a04
BF		 1655 * Just ignore errors at this point. There is nothing we can do except
1656 * to try to keep going. Make sure it's not a silent error.
88877d2b 1657 */
70393313 1658 error = xfs_trans_commit(tp);
88877d2b
BF		 1659 if (error)
1660 xfs_notice(mp, "%s: xfs_trans_commit returned error %d",
1661 __func__, error);
1662
88877d2b
BF		 1663 return 0;
1664}
1665
c24b5dfa
DC		 1666/*
1667 * xfs_inactive
1668 *
1669 * This is called when the vnode reference count for the vnode
1670 * goes to zero. If the file has been unlinked, then it must
1671 * now be truncated. Also, we clear all of the read-ahead state
1672 * kept for the inode here since the file is now closed.
1673 */
74564fb4 1674void
c24b5dfa
DC		 1675xfs_inactive(
1676 xfs_inode_t *ip)
1677{
3d3c8b52 1678 struct xfs_mount *mp;
3d3c8b52
JL		 1679 int error;
1680 int truncate = 0;
c24b5dfa
DC		 1681
1682 /*
1683 * If the inode is already free, then there can be nothing
1684 * to clean up here.
1685 */
c19b3b05 1686 if (VFS_I(ip)->i_mode == 0) {
c24b5dfa 1687 ASSERT(ip->i_df.if_broot_bytes == 0);
74564fb4 1688 return;
c24b5dfa
DC		 1689 }
1690
1691 mp = ip->i_mount;
17c12bcd 1692 ASSERT(!xfs_iflags_test(ip, XFS_IRECOVERY));
c24b5dfa 1693
c24b5dfa
DC		 1694 /* If this is a read-only mount, don't do this (would generate I/O) */
1695 if (mp->m_flags & XFS_MOUNT_RDONLY)
74564fb4 1696 return;
c24b5dfa 1697
6231848c 1698 /* Try to clean out the cow blocks if there are any. */
51d62690 1699 if (xfs_inode_has_cow_data(ip))
6231848c
DW		 1700 xfs_reflink_cancel_cow_range(ip, 0, NULLFILEOFF, true);
1701
54d7b5c1 1702 if (VFS_I(ip)->i_nlink != 0) {
c24b5dfa
DC		 1703 /*
1704 * force is true because we are evicting an inode from the
1705 * cache. Post-eof blocks must be freed, lest we end up with
1706 * broken free space accounting.
3b4683c2
BF		 1707 *
1708 * Note: don't bother with iolock here since lockdep complains
1709 * about acquiring it in reclaim context. We have the only
1710 * reference to the inode at this point anyways.
c24b5dfa 1711 */
3b4683c2 1712 if (xfs_can_free_eofblocks(ip, true))
a36b9261 1713 xfs_free_eofblocks(ip);
74564fb4
BF		 1714
1715 return;
c24b5dfa
DC		 1716 }
1717
c19b3b05 1718 if (S_ISREG(VFS_I(ip)->i_mode) &&
c24b5dfa 1719 (ip->i_d.di_size != 0 || XFS_ISIZE(ip) != 0 ||
daf83964 1720 ip->i_df.if_nextents > 0 || ip->i_delayed_blks > 0))
c24b5dfa
DC		 1721 truncate = 1;
1722
c14cfcca 1723 error = xfs_qm_dqattach(ip);
c24b5dfa 1724 if (error)
74564fb4 1725 return;
c24b5dfa 1726
c19b3b05 1727 if (S_ISLNK(VFS_I(ip)->i_mode))
36b21dde 1728 error = xfs_inactive_symlink(ip);
f7be2d7f
BF		 1729 else if (truncate)
1730 error = xfs_inactive_truncate(ip);
1731 if (error)
74564fb4 1732 return;
c24b5dfa
DC		 1733
1734 /*
1735 * If there are attributes associated with the file then blow them away
1736 * now. The code calls a routine that recursively deconstructs the
6dfe5a04 1737 * attribute fork. If also blows away the in-core attribute fork.
c24b5dfa 1738 */
6dfe5a04 1739 if (XFS_IFORK_Q(ip)) {
c24b5dfa
DC		 1740 error = xfs_attr_inactive(ip);
1741 if (error)
74564fb4 1742 return;
c24b5dfa
DC		 1743 }
1744
6dfe5a04 1745 ASSERT(!ip->i_afp);
6dfe5a04 1746 ASSERT(ip->i_d.di_forkoff == 0);
c24b5dfa
DC		 1747
1748 /*
1749 * Free the inode.
1750 */
88877d2b
BF		 1751 error = xfs_inactive_ifree(ip);
1752 if (error)
74564fb4 1753 return;
c24b5dfa
DC		 1754
1755 /*
1756 * Release the dquots held by inode, if any.
1757 */
1758 xfs_qm_dqdetach(ip);
c24b5dfa
DC		 1759}
1760
9b247179
DW		 1761/*
1762 * In-Core Unlinked List Lookups
1763 * =============================
1764 *
1765 * Every inode is supposed to be reachable from some other piece of metadata
1766 * with the exception of the root directory. Inodes with a connection to a
1767 * file descriptor but not linked from anywhere in the on-disk directory tree
1768 * are collectively known as unlinked inodes, though the filesystem itself
1769 * maintains links to these inodes so that on-disk metadata are consistent.
1770 *
1771 * XFS implements a per-AG on-disk hash table of unlinked inodes. The AGI
1772 * header contains a number of buckets that point to an inode, and each inode
1773 * record has a pointer to the next inode in the hash chain. This
1774 * singly-linked list causes scaling problems in the iunlink remove function
1775 * because we must walk that list to find the inode that points to the inode
1776 * being removed from the unlinked hash bucket list.
1777 *
1778 * What if we modelled the unlinked list as a collection of records capturing
1779 * "X.next_unlinked = Y" relations? If we indexed those records on Y, we'd
1780 * have a fast way to look up unlinked list predecessors, which avoids the
1781 * slow list walk. That's exactly what we do here (in-core) with a per-AG
1782 * rhashtable.
1783 *
1784 * Because this is a backref cache, we ignore operational failures since the
1785 * iunlink code can fall back to the slow bucket walk. The only errors that
1786 * should bubble out are for obviously incorrect situations.
1787 *
1788 * All users of the backref cache MUST hold the AGI buffer lock to serialize
1789 * access or have otherwise provided for concurrency control.
1790 */
1791
1792/* Capture a "X.next_unlinked = Y" relationship. */
1793struct xfs_iunlink {
1794 struct rhash_head iu_rhash_head;
1795 xfs_agino_t iu_agino; /* X */
1796 xfs_agino_t iu_next_unlinked; /* Y */
1797};
1798
1799/* Unlinked list predecessor lookup hashtable construction */
1800static int
1801xfs_iunlink_obj_cmpfn(
1802 struct rhashtable_compare_arg *arg,
1803 const void *obj)
1804{
1805 const xfs_agino_t *key = arg->key;
1806 const struct xfs_iunlink *iu = obj;
1807
1808 if (iu->iu_next_unlinked != *key)
1809 return 1;
1810 return 0;
1811}
1812
1813static const struct rhashtable_params xfs_iunlink_hash_params = {
1814 .min_size = XFS_AGI_UNLINKED_BUCKETS,
1815 .key_len = sizeof(xfs_agino_t),
1816 .key_offset = offsetof(struct xfs_iunlink,
1817 iu_next_unlinked),
1818 .head_offset = offsetof(struct xfs_iunlink, iu_rhash_head),
1819 .automatic_shrinking = true,
1820 .obj_cmpfn = xfs_iunlink_obj_cmpfn,
1821};
1822
1823/*
1824 * Return X, where X.next_unlinked == @agino. Returns NULLAGINO if no such
1825 * relation is found.
1826 */
1827static xfs_agino_t
1828xfs_iunlink_lookup_backref(
1829 struct xfs_perag *pag,
1830 xfs_agino_t agino)
1831{
1832 struct xfs_iunlink *iu;
1833
1834 iu = rhashtable_lookup_fast(&pag->pagi_unlinked_hash, &agino,
1835 xfs_iunlink_hash_params);
1836 return iu ? iu->iu_agino : NULLAGINO;
1837}
1838
1839/*
1840 * Take ownership of an iunlink cache entry and insert it into the hash table.
1841 * If successful, the entry will be owned by the cache; if not, it is freed.
1842 * Either way, the caller does not own @iu after this call.
1843 */
1844static int
1845xfs_iunlink_insert_backref(
1846 struct xfs_perag *pag,
1847 struct xfs_iunlink *iu)
1848{
1849 int error;
1850
1851 error = rhashtable_insert_fast(&pag->pagi_unlinked_hash,
1852 &iu->iu_rhash_head, xfs_iunlink_hash_params);
1853 /*
1854 * Fail loudly if there already was an entry because that's a sign of
1855 * corruption of in-memory data. Also fail loudly if we see an error
1856 * code we didn't anticipate from the rhashtable code. Currently we
1857 * only anticipate ENOMEM.
1858 */
1859 if (error) {
1860 WARN(error != -ENOMEM, "iunlink cache insert error %d", error);
1861 kmem_free(iu);
1862 }
1863 /*
1864 * Absorb any runtime errors that aren't a result of corruption because
1865 * this is a cache and we can always fall back to bucket list scanning.
1866 */
1867 if (error != 0 && error != -EEXIST)
1868 error = 0;
1869 return error;
1870}
1871
1872/* Remember that @prev_agino.next_unlinked = @this_agino. */
1873static int
1874xfs_iunlink_add_backref(
1875 struct xfs_perag *pag,
1876 xfs_agino_t prev_agino,
1877 xfs_agino_t this_agino)
1878{
1879 struct xfs_iunlink *iu;
1880
1881 if (XFS_TEST_ERROR(false, pag->pag_mount, XFS_ERRTAG_IUNLINK_FALLBACK))
1882 return 0;
1883
707e0dda 1884 iu = kmem_zalloc(sizeof(*iu), KM_NOFS);
9b247179
DW		 1885 iu->iu_agino = prev_agino;
1886 iu->iu_next_unlinked = this_agino;
1887
1888 return xfs_iunlink_insert_backref(pag, iu);
1889}
1890
1891/*
1892 * Replace X.next_unlinked = @agino with X.next_unlinked = @next_unlinked.
1893 * If @next_unlinked is NULLAGINO, we drop the backref and exit. If there
1894 * wasn't any such entry then we don't bother.
1895 */
1896static int
1897xfs_iunlink_change_backref(
1898 struct xfs_perag *pag,
1899 xfs_agino_t agino,
1900 xfs_agino_t next_unlinked)
1901{
1902 struct xfs_iunlink *iu;
1903 int error;
1904
1905 /* Look up the old entry; if there wasn't one then exit. */
1906 iu = rhashtable_lookup_fast(&pag->pagi_unlinked_hash, &agino,
1907 xfs_iunlink_hash_params);
1908 if (!iu)
1909 return 0;
1910
1911 /*
1912 * Remove the entry. This shouldn't ever return an error, but if we
1913 * couldn't remove the old entry we don't want to add it again to the
1914 * hash table, and if the entry disappeared on us then someone's
1915 * violated the locking rules and we need to fail loudly. Either way
1916 * we cannot remove the inode because internal state is or would have
1917 * been corrupt.
1918 */
1919 error = rhashtable_remove_fast(&pag->pagi_unlinked_hash,
1920 &iu->iu_rhash_head, xfs_iunlink_hash_params);
1921 if (error)
1922 return error;
1923
1924 /* If there is no new next entry just free our item and return. */
1925 if (next_unlinked == NULLAGINO) {
1926 kmem_free(iu);
1927 return 0;
1928 }
1929
1930 /* Update the entry and re-add it to the hash table. */
1931 iu->iu_next_unlinked = next_unlinked;
1932 return xfs_iunlink_insert_backref(pag, iu);
1933}
1934
1935/* Set up the in-core predecessor structures. */
1936int
1937xfs_iunlink_init(
1938 struct xfs_perag *pag)
1939{
1940 return rhashtable_init(&pag->pagi_unlinked_hash,
1941 &xfs_iunlink_hash_params);
1942}
1943
1944/* Free the in-core predecessor structures. */
1945static void
1946xfs_iunlink_free_item(
1947 void *ptr,
1948 void *arg)
1949{
1950 struct xfs_iunlink *iu = ptr;
1951 bool *freed_anything = arg;
1952
1953 *freed_anything = true;
1954 kmem_free(iu);
1955}
1956
1957void
1958xfs_iunlink_destroy(
1959 struct xfs_perag *pag)
1960{
1961 bool freed_anything = false;
1962
1963 rhashtable_free_and_destroy(&pag->pagi_unlinked_hash,
1964 xfs_iunlink_free_item, &freed_anything);
1965
1966 ASSERT(freed_anything == false || XFS_FORCED_SHUTDOWN(pag->pag_mount));
1967}
1968
9a4a5118
DW		 1969/*
1970 * Point the AGI unlinked bucket at an inode and log the results. The caller
1971 * is responsible for validating the old value.
1972 */
1973STATIC int
1974xfs_iunlink_update_bucket(
1975 struct xfs_trans *tp,
1976 xfs_agnumber_t agno,
1977 struct xfs_buf *agibp,
1978 unsigned int bucket_index,
1979 xfs_agino_t new_agino)
1980{
370c782b 1981 struct xfs_agi *agi = agibp->b_addr;
9a4a5118
DW		 1982 xfs_agino_t old_value;
1983 int offset;
1984
1985 ASSERT(xfs_verify_agino_or_null(tp->t_mountp, agno, new_agino));
1986
1987 old_value = be32_to_cpu(agi->agi_unlinked[bucket_index]);
1988 trace_xfs_iunlink_update_bucket(tp->t_mountp, agno, bucket_index,
1989 old_value, new_agino);
1990
1991 /*
1992 * We should never find the head of the list already set to the value
1993 * passed in because either we're adding or removing ourselves from the
1994 * head of the list.
1995 */
a5155b87 1996 if (old_value == new_agino) {
8d57c216 1997 xfs_buf_mark_corrupt(agibp);
9a4a5118 1998 return -EFSCORRUPTED;
a5155b87 1999 }
9a4a5118
DW		 2000
2001 agi->agi_unlinked[bucket_index] = cpu_to_be32(new_agino);
2002 offset = offsetof(struct xfs_agi, agi_unlinked) +
2003 (sizeof(xfs_agino_t) * bucket_index);
2004 xfs_trans_log_buf(tp, agibp, offset, offset + sizeof(xfs_agino_t) - 1);
2005 return 0;
2006}
2007
f2fc16a3
DW		 2008/* Set an on-disk inode's next_unlinked pointer. */
2009STATIC void
2010xfs_iunlink_update_dinode(
2011 struct xfs_trans *tp,
2012 xfs_agnumber_t agno,
2013 xfs_agino_t agino,
2014 struct xfs_buf *ibp,
2015 struct xfs_dinode *dip,
2016 struct xfs_imap *imap,
2017 xfs_agino_t next_agino)
2018{
2019 struct xfs_mount *mp = tp->t_mountp;
2020 int offset;
2021
2022 ASSERT(xfs_verify_agino_or_null(mp, agno, next_agino));
2023
2024 trace_xfs_iunlink_update_dinode(mp, agno, agino,
2025 be32_to_cpu(dip->di_next_unlinked), next_agino);
2026
2027 dip->di_next_unlinked = cpu_to_be32(next_agino);
2028 offset = imap->im_boffset +
2029 offsetof(struct xfs_dinode, di_next_unlinked);
2030
2031 /* need to recalc the inode CRC if appropriate */
2032 xfs_dinode_calc_crc(mp, dip);
2033 xfs_trans_inode_buf(tp, ibp);
2034 xfs_trans_log_buf(tp, ibp, offset, offset + sizeof(xfs_agino_t) - 1);
f2fc16a3
DW		 2035}
2036
2037/* Set an in-core inode's unlinked pointer and return the old value. */
2038STATIC int
2039xfs_iunlink_update_inode(
2040 struct xfs_trans *tp,
2041 struct xfs_inode *ip,
2042 xfs_agnumber_t agno,
2043 xfs_agino_t next_agino,
2044 xfs_agino_t *old_next_agino)
2045{
2046 struct xfs_mount *mp = tp->t_mountp;
2047 struct xfs_dinode *dip;
2048 struct xfs_buf *ibp;
2049 xfs_agino_t old_value;
2050 int error;
2051
2052 ASSERT(xfs_verify_agino_or_null(mp, agno, next_agino));
2053
c1995079 2054 error = xfs_imap_to_bp(mp, tp, &ip->i_imap, &dip, &ibp, 0);
f2fc16a3
DW		 2055 if (error)
2056 return error;
2057
2058 /* Make sure the old pointer isn't garbage. */
2059 old_value = be32_to_cpu(dip->di_next_unlinked);
2060 if (!xfs_verify_agino_or_null(mp, agno, old_value)) {
a5155b87
DW		 2061 xfs_inode_verifier_error(ip, -EFSCORRUPTED, __func__, dip,
2062 sizeof(*dip), __this_address);
f2fc16a3
DW		 2063 error = -EFSCORRUPTED;
2064 goto out;
2065 }
2066
2067 /*
2068 * Since we're updating a linked list, we should never find that the
2069 * current pointer is the same as the new value, unless we're
2070 * terminating the list.
2071 */
2072 *old_next_agino = old_value;
2073 if (old_value == next_agino) {
a5155b87
DW		 2074 if (next_agino != NULLAGINO) {
2075 xfs_inode_verifier_error(ip, -EFSCORRUPTED, __func__,
2076 dip, sizeof(*dip), __this_address);
f2fc16a3 2077 error = -EFSCORRUPTED;
a5155b87 2078 }
f2fc16a3
DW		 2079 goto out;
2080 }
2081
2082 /* Ok, update the new pointer. */
2083 xfs_iunlink_update_dinode(tp, agno, XFS_INO_TO_AGINO(mp, ip->i_ino),
2084 ibp, dip, &ip->i_imap, next_agino);
2085 return 0;
2086out:
2087 xfs_trans_brelse(tp, ibp);
2088 return error;
2089}
2090
1da177e4 2091/*
c4a6bf7f
DW		 2092 * This is called when the inode's link count has gone to 0 or we are creating
2093 * a tmpfile via O_TMPFILE. The inode @ip must have nlink == 0.
54d7b5c1
DC		 2094 *
2095 * We place the on-disk inode on a list in the AGI. It will be pulled from this
2096 * list when the inode is freed.
1da177e4 2097 */
54d7b5c1 2098STATIC int
1da177e4 2099xfs_iunlink(
5837f625
DW		 2100 struct xfs_trans *tp,
2101 struct xfs_inode *ip)
1da177e4 2102{
5837f625
DW		 2103 struct xfs_mount *mp = tp->t_mountp;
2104 struct xfs_agi *agi;
5837f625 2105 struct xfs_buf *agibp;
86bfd375 2106 xfs_agino_t next_agino;
5837f625
DW		 2107 xfs_agnumber_t agno = XFS_INO_TO_AGNO(mp, ip->i_ino);
2108 xfs_agino_t agino = XFS_INO_TO_AGINO(mp, ip->i_ino);
2109 short bucket_index = agino % XFS_AGI_UNLINKED_BUCKETS;
5837f625 2110 int error;
1da177e4 2111
c4a6bf7f 2112 ASSERT(VFS_I(ip)->i_nlink == 0);
c19b3b05 2113 ASSERT(VFS_I(ip)->i_mode != 0);
4664c66c 2114 trace_xfs_iunlink(ip);
1da177e4 2115
5837f625
DW		 2116 /* Get the agi buffer first. It ensures lock ordering on the list. */
2117 error = xfs_read_agi(mp, tp, agno, &agibp);
859d7182 2118 if (error)
1da177e4 2119 return error;
370c782b 2120 agi = agibp->b_addr;
5e1be0fb 2121
1da177e4 2122 /*
86bfd375
DW		 2123 * Get the index into the agi hash table for the list this inode will
2124 * go on. Make sure the pointer isn't garbage and that this inode
2125 * isn't already on the list.
1da177e4 2126 */
86bfd375
DW		 2127 next_agino = be32_to_cpu(agi->agi_unlinked[bucket_index]);
2128 if (next_agino == agino ||
a5155b87 2129 !xfs_verify_agino_or_null(mp, agno, next_agino)) {
8d57c216 2130 xfs_buf_mark_corrupt(agibp);
86bfd375 2131 return -EFSCORRUPTED;
a5155b87 2132 }
1da177e4 2133
86bfd375 2134 if (next_agino != NULLAGINO) {
9b247179 2135 xfs_agino_t old_agino;
f2fc16a3 2136
1da177e4 2137 /*
f2fc16a3
DW		 2138 * There is already another inode in the bucket, so point this
2139 * inode to the current head of the list.
1da177e4 2140 */
f2fc16a3
DW		 2141 error = xfs_iunlink_update_inode(tp, ip, agno, next_agino,
2142 &old_agino);
c319b58b
VA		 2143 if (error)
2144 return error;
f2fc16a3 2145 ASSERT(old_agino == NULLAGINO);
9b247179
DW		 2146
2147 /*
2148 * agino has been unlinked, add a backref from the next inode
2149 * back to agino.
2150 */
92a00544 2151 error = xfs_iunlink_add_backref(agibp->b_pag, agino, next_agino);
9b247179
DW		 2152 if (error)
2153 return error;
1da177e4
LT		 2154 }
2155
9a4a5118
DW		 2156 /* Point the head of the list to point to this inode. */
2157 return xfs_iunlink_update_bucket(tp, agno, agibp, bucket_index, agino);
1da177e4
LT		 2158}
2159
23ffa52c
DW		 2160/* Return the imap, dinode pointer, and buffer for an inode. */
2161STATIC int
2162xfs_iunlink_map_ino(
2163 struct xfs_trans *tp,
2164 xfs_agnumber_t agno,
2165 xfs_agino_t agino,
2166 struct xfs_imap *imap,
2167 struct xfs_dinode **dipp,
2168 struct xfs_buf **bpp)
2169{
2170 struct xfs_mount *mp = tp->t_mountp;
2171 int error;
2172
2173 imap->im_blkno = 0;
2174 error = xfs_imap(mp, tp, XFS_AGINO_TO_INO(mp, agno, agino), imap, 0);
2175 if (error) {
2176 xfs_warn(mp, "%s: xfs_imap returned error %d.",
2177 __func__, error);
2178 return error;
2179 }
2180
c1995079 2181 error = xfs_imap_to_bp(mp, tp, imap, dipp, bpp, 0);
23ffa52c
DW		 2182 if (error) {
2183 xfs_warn(mp, "%s: xfs_imap_to_bp returned error %d.",
2184 __func__, error);
2185 return error;
2186 }
2187
2188 return 0;
2189}
2190
2191/*
2192 * Walk the unlinked chain from @head_agino until we find the inode that
2193 * points to @target_agino. Return the inode number, map, dinode pointer,
2194 * and inode cluster buffer of that inode as @agino, @imap, @dipp, and @bpp.
2195 *
2196 * @tp, @pag, @head_agino, and @target_agino are input parameters.
2197 * @agino, @imap, @dipp, and @bpp are all output parameters.
2198 *
2199 * Do not call this function if @target_agino is the head of the list.
2200 */
2201STATIC int
2202xfs_iunlink_map_prev(
2203 struct xfs_trans *tp,
2204 xfs_agnumber_t agno,
2205 xfs_agino_t head_agino,
2206 xfs_agino_t target_agino,
2207 xfs_agino_t *agino,
2208 struct xfs_imap *imap,
2209 struct xfs_dinode **dipp,
9b247179
DW		 2210 struct xfs_buf **bpp,
2211 struct xfs_perag *pag)
23ffa52c
DW		 2212{
2213 struct xfs_mount *mp = tp->t_mountp;
2214 xfs_agino_t next_agino;
2215 int error;
2216
2217 ASSERT(head_agino != target_agino);
2218 *bpp = NULL;
2219
9b247179
DW		 2220 /* See if our backref cache can find it faster. */
2221 *agino = xfs_iunlink_lookup_backref(pag, target_agino);
2222 if (*agino != NULLAGINO) {
2223 error = xfs_iunlink_map_ino(tp, agno, *agino, imap, dipp, bpp);
2224 if (error)
2225 return error;
2226
2227 if (be32_to_cpu((*dipp)->di_next_unlinked) == target_agino)
2228 return 0;
2229
2230 /*
2231 * If we get here the cache contents were corrupt, so drop the
2232 * buffer and fall back to walking the bucket list.
2233 */
2234 xfs_trans_brelse(tp, *bpp);
2235 *bpp = NULL;
2236 WARN_ON_ONCE(1);
2237 }
2238
2239 trace_xfs_iunlink_map_prev_fallback(mp, agno);
2240
2241 /* Otherwise, walk the entire bucket until we find it. */
23ffa52c
DW		 2242 next_agino = head_agino;
2243 while (next_agino != target_agino) {
2244 xfs_agino_t unlinked_agino;
2245
2246 if (*bpp)
2247 xfs_trans_brelse(tp, *bpp);
2248
2249 *agino = next_agino;
2250 error = xfs_iunlink_map_ino(tp, agno, next_agino, imap, dipp,
2251 bpp);
2252 if (error)
2253 return error;
2254
2255 unlinked_agino = be32_to_cpu((*dipp)->di_next_unlinked);
2256 /*
2257 * Make sure this pointer is valid and isn't an obvious
2258 * infinite loop.
2259 */
2260 if (!xfs_verify_agino(mp, agno, unlinked_agino) ||
2261 next_agino == unlinked_agino) {
2262 XFS_CORRUPTION_ERROR(__func__,
2263 XFS_ERRLEVEL_LOW, mp,
2264 *dipp, sizeof(**dipp));
2265 error = -EFSCORRUPTED;
2266 return error;
2267 }
2268 next_agino = unlinked_agino;
2269 }
2270
2271 return 0;
2272}
2273
1da177e4
LT		 2274/*
2275 * Pull the on-disk inode from the AGI unlinked list.
2276 */
2277STATIC int
2278xfs_iunlink_remove(
5837f625
DW		 2279 struct xfs_trans *tp,
2280 struct xfs_inode *ip)
1da177e4 2281{
5837f625
DW		 2282 struct xfs_mount *mp = tp->t_mountp;
2283 struct xfs_agi *agi;
5837f625 2284 struct xfs_buf *agibp;
5837f625
DW		 2285 struct xfs_buf *last_ibp;
2286 struct xfs_dinode *last_dip = NULL;
5837f625
DW		 2287 xfs_agnumber_t agno = XFS_INO_TO_AGNO(mp, ip->i_ino);
2288 xfs_agino_t agino = XFS_INO_TO_AGINO(mp, ip->i_ino);
2289 xfs_agino_t next_agino;
b1d2a068 2290 xfs_agino_t head_agino;
5837f625 2291 short bucket_index = agino % XFS_AGI_UNLINKED_BUCKETS;
5837f625 2292 int error;
1da177e4 2293
4664c66c
DW		 2294 trace_xfs_iunlink_remove(ip);
2295
5837f625 2296 /* Get the agi buffer first. It ensures lock ordering on the list. */
5e1be0fb
CH		 2297 error = xfs_read_agi(mp, tp, agno, &agibp);
2298 if (error)
1da177e4 2299 return error;
370c782b 2300 agi = agibp->b_addr;
5e1be0fb 2301
1da177e4 2302 /*
86bfd375
DW		 2303 * Get the index into the agi hash table for the list this inode will
2304 * go on. Make sure the head pointer isn't garbage.
1da177e4 2305 */
b1d2a068
DW		 2306 head_agino = be32_to_cpu(agi->agi_unlinked[bucket_index]);
2307 if (!xfs_verify_agino(mp, agno, head_agino)) {
d2e73665
DW		 2308 XFS_CORRUPTION_ERROR(__func__, XFS_ERRLEVEL_LOW, mp,
2309 agi, sizeof(*agi));
2310 return -EFSCORRUPTED;
2311 }
1da177e4 2312
b1d2a068
DW		 2313 /*
2314 * Set our inode's next_unlinked pointer to NULL and then return
2315 * the old pointer value so that we can update whatever was previous
2316 * to us in the list to point to whatever was next in the list.
2317 */
2318 error = xfs_iunlink_update_inode(tp, ip, agno, NULLAGINO, &next_agino);
2319 if (error)
2320 return error;
9a4a5118 2321
9b247179
DW		 2322 /*
2323 * If there was a backref pointing from the next inode back to this
2324 * one, remove it because we've removed this inode from the list.
2325 *
2326 * Later, if this inode was in the middle of the list we'll update
2327 * this inode's backref to point from the next inode.
2328 */
2329 if (next_agino != NULLAGINO) {
92a00544 2330 error = xfs_iunlink_change_backref(agibp->b_pag, next_agino,
9b247179
DW		 2331 NULLAGINO);
2332 if (error)
92a00544 2333 return error;
9b247179
DW		 2334 }
2335
92a00544 2336 if (head_agino != agino) {
f2fc16a3
DW		 2337 struct xfs_imap imap;
2338 xfs_agino_t prev_agino;
2339
23ffa52c 2340 /* We need to search the list for the inode being freed. */
b1d2a068 2341 error = xfs_iunlink_map_prev(tp, agno, head_agino, agino,
9b247179 2342 &prev_agino, &imap, &last_dip, &last_ibp,
92a00544 2343 agibp->b_pag);
23ffa52c 2344 if (error)
92a00544 2345 return error;
475ee413 2346
f2fc16a3
DW		 2347 /* Point the previous inode on the list to the next inode. */
2348 xfs_iunlink_update_dinode(tp, agno, prev_agino, last_ibp,
2349 last_dip, &imap, next_agino);
9b247179
DW		 2350
2351 /*
2352 * Now we deal with the backref for this inode. If this inode
2353 * pointed at a real inode, change the backref that pointed to
2354 * us to point to our old next. If this inode was the end of
2355 * the list, delete the backref that pointed to us. Note that
2356 * change_backref takes care of deleting the backref if
2357 * next_agino is NULLAGINO.
2358 */
92a00544
GX		 2359 return xfs_iunlink_change_backref(agibp->b_pag, agino,
2360 next_agino);
1da177e4 2361 }
9b247179 2362
92a00544
GX		 2363 /* Point the head of the list to the next unlinked inode. */
2364 return xfs_iunlink_update_bucket(tp, agno, agibp, bucket_index,
2365 next_agino);
1da177e4
LT		 2366}
2367
5806165a 2368/*
71e3e356
DC		 2369 * Look up the inode number specified and if it is not already marked XFS_ISTALE
2370 * mark it stale. We should only find clean inodes in this lookup that aren't
2371 * already stale.
5806165a 2372 */
71e3e356
DC		 2373static void
2374xfs_ifree_mark_inode_stale(
2375 struct xfs_buf *bp,
5806165a 2376 struct xfs_inode *free_ip,
d9fdd0ad 2377 xfs_ino_t inum)
5806165a 2378{
71e3e356
DC		 2379 struct xfs_mount *mp = bp->b_mount;
2380 struct xfs_perag *pag = bp->b_pag;
2381 struct xfs_inode_log_item *iip;
5806165a
DC		 2382 struct xfs_inode *ip;
2383
2384retry:
2385 rcu_read_lock();
2386 ip = radix_tree_lookup(&pag->pag_ici_root, XFS_INO_TO_AGINO(mp, inum));
2387
2388 /* Inode not in memory, nothing to do */
71e3e356
DC		 2389 if (!ip) {
2390 rcu_read_unlock();
2391 return;
2392 }
5806165a
DC		 2393
2394 /*
2395 * because this is an RCU protected lookup, we could find a recently
2396 * freed or even reallocated inode during the lookup. We need to check
2397 * under the i_flags_lock for a valid inode here. Skip it if it is not
2398 * valid, the wrong inode or stale.
2399 */
2400 spin_lock(&ip->i_flags_lock);
718ecc50
DC		 2401 if (ip->i_ino != inum || __xfs_iflags_test(ip, XFS_ISTALE))
2402 goto out_iflags_unlock;
5806165a
DC		 2403
2404 /*
2405 * Don't try to lock/unlock the current inode, but we _cannot_ skip the
2406 * other inodes that we did not find in the list attached to the buffer
2407 * and are not already marked stale. If we can't lock it, back off and
2408 * retry.
2409 */
2410 if (ip != free_ip) {
2411 if (!xfs_ilock_nowait(ip, XFS_ILOCK_EXCL)) {
71e3e356 2412 spin_unlock(&ip->i_flags_lock);
5806165a
DC		 2413 rcu_read_unlock();
2414 delay(1);
2415 goto retry;
2416 }
5806165a 2417 }
71e3e356 2418 ip->i_flags |= XFS_ISTALE;
5806165a 2419
71e3e356 2420 /*
718ecc50 2421 * If the inode is flushing, it is already attached to the buffer. All
71e3e356
DC		 2422 * we needed to do here is mark the inode stale so buffer IO completion
2423 * will remove it from the AIL.
2424 */
2425 iip = ip->i_itemp;
718ecc50 2426 if (__xfs_iflags_test(ip, XFS_IFLUSHING)) {
71e3e356
DC		 2427 ASSERT(!list_empty(&iip->ili_item.li_bio_list));
2428 ASSERT(iip->ili_last_fields);
2429 goto out_iunlock;
2430 }
5806165a
DC		 2431
2432 /*
48d55e2a
DC		 2433 * Inodes not attached to the buffer can be released immediately.
2434 * Everything else has to go through xfs_iflush_abort() on journal
2435 * commit as the flock synchronises removal of the inode from the
2436 * cluster buffer against inode reclaim.
5806165a 2437 */
718ecc50 2438 if (!iip || list_empty(&iip->ili_item.li_bio_list))
71e3e356 2439 goto out_iunlock;
718ecc50
DC		 2440
2441 __xfs_iflags_set(ip, XFS_IFLUSHING);
2442 spin_unlock(&ip->i_flags_lock);
2443 rcu_read_unlock();
5806165a 2444
71e3e356 2445 /* we have a dirty inode in memory that has not yet been flushed. */
71e3e356
DC		 2446 spin_lock(&iip->ili_lock);
2447 iip->ili_last_fields = iip->ili_fields;
2448 iip->ili_fields = 0;
2449 iip->ili_fsync_fields = 0;
2450 spin_unlock(&iip->ili_lock);
71e3e356
DC		 2451 ASSERT(iip->ili_last_fields);
2452
718ecc50
DC		 2453 if (ip != free_ip)
2454 xfs_iunlock(ip, XFS_ILOCK_EXCL);
2455 return;
2456
71e3e356
DC		 2457out_iunlock:
2458 if (ip != free_ip)
2459 xfs_iunlock(ip, XFS_ILOCK_EXCL);
718ecc50
DC		 2460out_iflags_unlock:
2461 spin_unlock(&ip->i_flags_lock);
2462 rcu_read_unlock();
5806165a
DC		 2463}
2464
5b3eed75 2465/*
0b8182db 2466 * A big issue when freeing the inode cluster is that we _cannot_ skip any
5b3eed75
DC		 2467 * inodes that are in memory - they all must be marked stale and attached to
2468 * the cluster buffer.
2469 */
2a30f36d 2470STATIC int
1da177e4 2471xfs_ifree_cluster(
71e3e356
DC		 2472 struct xfs_inode *free_ip,
2473 struct xfs_trans *tp,
09b56604 2474 struct xfs_icluster *xic)
1da177e4 2475{
71e3e356
DC		 2476 struct xfs_mount *mp = free_ip->i_mount;
2477 struct xfs_ino_geometry *igeo = M_IGEO(mp);
2478 struct xfs_buf *bp;
2479 xfs_daddr_t blkno;
2480 xfs_ino_t inum = xic->first_ino;
1da177e4 2481 int nbufs;
5b257b4a 2482 int i, j;
3cdaa189 2483 int ioffset;
ce92464c 2484 int error;
1da177e4 2485
ef325959 2486 nbufs = igeo->ialloc_blks / igeo->blocks_per_cluster;
1da177e4 2487
ef325959 2488 for (j = 0; j < nbufs; j++, inum += igeo->inodes_per_cluster) {
09b56604
BF		 2489 /*
2490 * The allocation bitmap tells us which inodes of the chunk were
2491 * physically allocated. Skip the cluster if an inode falls into
2492 * a sparse region.
2493 */
3cdaa189
BF		 2494 ioffset = inum - xic->first_ino;
2495 if ((xic->alloc & XFS_INOBT_MASK(ioffset)) == 0) {
ef325959 2496 ASSERT(ioffset % igeo->inodes_per_cluster == 0);
09b56604
BF		 2497 continue;
2498 }
2499
1da177e4
LT		 2500 blkno = XFS_AGB_TO_DADDR(mp, XFS_INO_TO_AGNO(mp, inum),
2501 XFS_INO_TO_AGBNO(mp, inum));
2502
5b257b4a
DC		 2503 /*
2504 * We obtain and lock the backing buffer first in the process
718ecc50
DC		 2505 * here to ensure dirty inodes attached to the buffer remain in
2506 * the flushing state while we mark them stale.
2507 *
5b257b4a
DC		 2508 * If we scan the in-memory inodes first, then buffer IO can
2509 * complete before we get a lock on it, and hence we may fail
2510 * to mark all the active inodes on the buffer stale.
2511 */
ce92464c
DW		 2512 error = xfs_trans_get_buf(tp, mp->m_ddev_targp, blkno,
2513 mp->m_bsize * igeo->blocks_per_cluster,
2514 XBF_UNMAPPED, &bp);
71e3e356 2515 if (error)
ce92464c 2516 return error;
b0f539de
DC		 2517
2518 /*
2519 * This buffer may not have been correctly initialised as we
2520 * didn't read it from disk. That's not important because we are
2521 * only using to mark the buffer as stale in the log, and to
2522 * attach stale cached inodes on it. That means it will never be
2523 * dispatched for IO. If it is, we want to know about it, and we
2524 * want it to fail. We can acheive this by adding a write
2525 * verifier to the buffer.
2526 */
8c4ce794 2527 bp->b_ops = &xfs_inode_buf_ops;
b0f539de 2528
5b257b4a 2529 /*
71e3e356
DC		 2530 * Now we need to set all the cached clean inodes as XFS_ISTALE,
2531 * too. This requires lookups, and will skip inodes that we've
2532 * already marked XFS_ISTALE.
1da177e4 2533 */
71e3e356
DC		 2534 for (i = 0; i < igeo->inodes_per_cluster; i++)
2535 xfs_ifree_mark_inode_stale(bp, free_ip, inum + i);
1da177e4 2536
5b3eed75 2537 xfs_trans_stale_inode_buf(tp, bp);
1da177e4
LT		 2538 xfs_trans_binval(tp, bp);
2539 }
2a30f36d 2540 return 0;
1da177e4
LT		 2541}
2542
2543/*
2544 * This is called to return an inode to the inode free list.
2545 * The inode should already be truncated to 0 length and have
2546 * no pages associated with it. This routine also assumes that
2547 * the inode is already a part of the transaction.
2548 *
2549 * The on-disk copy of the inode will have been added to the list
2550 * of unlinked inodes in the AGI. We need to remove the inode from
2551 * that list atomically with respect to freeing it here.
2552 */
2553int
2554xfs_ifree(
0e0417f3
BF		 2555 struct xfs_trans *tp,
2556 struct xfs_inode *ip)
1da177e4
LT		 2557{
2558 int error;
09b56604 2559 struct xfs_icluster xic = { 0 };
1319ebef 2560 struct xfs_inode_log_item *iip = ip->i_itemp;
1da177e4 2561
579aa9ca 2562 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
54d7b5c1 2563 ASSERT(VFS_I(ip)->i_nlink == 0);
daf83964 2564 ASSERT(ip->i_df.if_nextents == 0);
c19b3b05 2565 ASSERT(ip->i_d.di_size == 0 || !S_ISREG(VFS_I(ip)->i_mode));
1da177e4
LT		 2566 ASSERT(ip->i_d.di_nblocks == 0);
2567
2568 /*
2569 * Pull the on-disk inode from the AGI unlinked list.
2570 */
2571 error = xfs_iunlink_remove(tp, ip);
1baaed8f 2572 if (error)
1da177e4 2573 return error;
1da177e4 2574
0e0417f3 2575 error = xfs_difree(tp, ip->i_ino, &xic);
1baaed8f 2576 if (error)
1da177e4 2577 return error;
1baaed8f 2578
b2c20045
CH		 2579 /*
2580 * Free any local-format data sitting around before we reset the
2581 * data fork to extents format. Note that the attr fork data has
2582 * already been freed by xfs_attr_inactive.
2583 */
f7e67b20 2584 if (ip->i_df.if_format == XFS_DINODE_FMT_LOCAL) {
b2c20045
CH		 2585 kmem_free(ip->i_df.if_u1.if_data);
2586 ip->i_df.if_u1.if_data = NULL;
2587 ip->i_df.if_bytes = 0;
2588 }
98c4f78d 2589
c19b3b05 2590 VFS_I(ip)->i_mode = 0; /* mark incore inode as free */
1da177e4 2591 ip->i_d.di_flags = 0;
f93e5436 2592 ip->i_d.di_flags2 = ip->i_mount->m_ino_geo.new_diflags2;
1da177e4
LT		 2593 ip->i_d.di_dmevmask = 0;
2594 ip->i_d.di_forkoff = 0; /* mark the attr fork not in use */
f7e67b20 2595 ip->i_df.if_format = XFS_DINODE_FMT_EXTENTS;
dc1baa71
ES		 2596
2597 /* Don't attempt to replay owner changes for a deleted inode */
1319ebef
DC		 2598 spin_lock(&iip->ili_lock);
2599 iip->ili_fields &= ~(XFS_ILOG_AOWNER | XFS_ILOG_DOWNER);
2600 spin_unlock(&iip->ili_lock);
dc1baa71 2601
1da177e4
LT		 2602 /*
2603 * Bump the generation count so no one will be confused
2604 * by reincarnations of this inode.
2605 */
9e9a2674 2606 VFS_I(ip)->i_generation++;
1da177e4
LT		 2607 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
2608
09b56604
BF		 2609 if (xic.deleted)
2610 error = xfs_ifree_cluster(ip, tp, &xic);
1da177e4 2611
2a30f36d 2612 return error;
1da177e4
LT		 2613}
2614
1da177e4 2615/*
60ec6783
CH		 2616 * This is called to unpin an inode. The caller must have the inode locked
2617 * in at least shared mode so that the buffer cannot be subsequently pinned
2618 * once someone is waiting for it to be unpinned.
1da177e4 2619 */
60ec6783 2620static void
f392e631 2621xfs_iunpin(
60ec6783 2622 struct xfs_inode *ip)
1da177e4 2623{
579aa9ca 2624 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL|XFS_ILOCK_SHARED));
1da177e4 2625
4aaf15d1
DC		 2626 trace_xfs_inode_unpin_nowait(ip, _RET_IP_);
2627
a3f74ffb 2628 /* Give the log a push to start the unpinning I/O */
656de4ff 2629 xfs_log_force_lsn(ip->i_mount, ip->i_itemp->ili_last_lsn, 0, NULL);
a14a348b 2630
a3f74ffb 2631}
1da177e4 2632
f392e631
CH		 2633static void
2634__xfs_iunpin_wait(
2635 struct xfs_inode *ip)
2636{
2637 wait_queue_head_t *wq = bit_waitqueue(&ip->i_flags, __XFS_IPINNED_BIT);
2638 DEFINE_WAIT_BIT(wait, &ip->i_flags, __XFS_IPINNED_BIT);
2639
2640 xfs_iunpin(ip);
2641
2642 do {
21417136 2643 prepare_to_wait(wq, &wait.wq_entry, TASK_UNINTERRUPTIBLE);
f392e631
CH		 2644 if (xfs_ipincount(ip))
2645 io_schedule();
2646 } while (xfs_ipincount(ip));
21417136 2647 finish_wait(wq, &wait.wq_entry);
f392e631
CH		 2648}
2649
777df5af 2650void
a3f74ffb 2651xfs_iunpin_wait(
60ec6783 2652 struct xfs_inode *ip)
a3f74ffb 2653{
f392e631
CH		 2654 if (xfs_ipincount(ip))
2655 __xfs_iunpin_wait(ip);
1da177e4
LT		 2656}
2657
27320369
DC		 2658/*
2659 * Removing an inode from the namespace involves removing the directory entry
2660 * and dropping the link count on the inode. Removing the directory entry can
2661 * result in locking an AGF (directory blocks were freed) and removing a link
2662 * count can result in placing the inode on an unlinked list which results in
2663 * locking an AGI.
2664 *
2665 * The big problem here is that we have an ordering constraint on AGF and AGI
2666 * locking - inode allocation locks the AGI, then can allocate a new extent for
2667 * new inodes, locking the AGF after the AGI. Similarly, freeing the inode
2668 * removes the inode from the unlinked list, requiring that we lock the AGI
2669 * first, and then freeing the inode can result in an inode chunk being freed
2670 * and hence freeing disk space requiring that we lock an AGF.
2671 *
2672 * Hence the ordering that is imposed by other parts of the code is AGI before
2673 * AGF. This means we cannot remove the directory entry before we drop the inode
2674 * reference count and put it on the unlinked list as this results in a lock
2675 * order of AGF then AGI, and this can deadlock against inode allocation and
2676 * freeing. Therefore we must drop the link counts before we remove the
2677 * directory entry.
2678 *
2679 * This is still safe from a transactional point of view - it is not until we
310a75a3 2680 * get to xfs_defer_finish() that we have the possibility of multiple
27320369
DC		 2681 * transactions in this operation. Hence as long as we remove the directory
2682 * entry and drop the link count in the first transaction of the remove
2683 * operation, there are no transactional constraints on the ordering here.
2684 */
c24b5dfa
DC		 2685int
2686xfs_remove(
2687 xfs_inode_t *dp,
2688 struct xfs_name *name,
2689 xfs_inode_t *ip)
2690{
2691 xfs_mount_t *mp = dp->i_mount;
2692 xfs_trans_t *tp = NULL;
c19b3b05 2693 int is_dir = S_ISDIR(VFS_I(ip)->i_mode);
c24b5dfa 2694 int error = 0;
c24b5dfa 2695 uint resblks;
c24b5dfa
DC		 2696
2697 trace_xfs_remove(dp, name);
2698
2699 if (XFS_FORCED_SHUTDOWN(mp))
2451337d 2700 return -EIO;
c24b5dfa 2701
c14cfcca 2702 error = xfs_qm_dqattach(dp);
c24b5dfa
DC		 2703 if (error)
2704 goto std_return;
2705
c14cfcca 2706 error = xfs_qm_dqattach(ip);
c24b5dfa
DC		 2707 if (error)
2708 goto std_return;
2709
c24b5dfa
DC		 2710 /*
2711 * We try to get the real space reservation first,
2712 * allowing for directory btree deletion(s) implying
2713 * possible bmap insert(s). If we can't get the space
2714 * reservation then we use 0 instead, and avoid the bmap
2715 * btree insert(s) in the directory code by, if the bmap
2716 * insert tries to happen, instead trimming the LAST
2717 * block from the directory.
2718 */
2719 resblks = XFS_REMOVE_SPACE_RES(mp);
253f4911 2720 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_remove, resblks, 0, 0, &tp);
2451337d 2721 if (error == -ENOSPC) {
c24b5dfa 2722 resblks = 0;
253f4911
CH		 2723 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_remove, 0, 0, 0,
2724 &tp);
c24b5dfa
DC		 2725 }
2726 if (error) {
2451337d 2727 ASSERT(error != -ENOSPC);
253f4911 2728 goto std_return;
c24b5dfa
DC		 2729 }
2730
7c2d238a 2731 xfs_lock_two_inodes(dp, XFS_ILOCK_EXCL, ip, XFS_ILOCK_EXCL);
c24b5dfa 2732
65523218 2733 xfs_trans_ijoin(tp, dp, XFS_ILOCK_EXCL);
c24b5dfa
DC		 2734 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL);
2735
2736 /*
2737 * If we're removing a directory perform some additional validation.
2738 */
2739 if (is_dir) {
54d7b5c1
DC		 2740 ASSERT(VFS_I(ip)->i_nlink >= 2);
2741 if (VFS_I(ip)->i_nlink != 2) {
2451337d 2742 error = -ENOTEMPTY;
c24b5dfa
DC		 2743 goto out_trans_cancel;
2744 }
2745 if (!xfs_dir_isempty(ip)) {
2451337d 2746 error = -ENOTEMPTY;
c24b5dfa
DC		 2747 goto out_trans_cancel;
2748 }
c24b5dfa 2749
27320369 2750 /* Drop the link from ip's "..". */
c24b5dfa
DC		 2751 error = xfs_droplink(tp, dp);
2752 if (error)
27320369 2753 goto out_trans_cancel;
c24b5dfa 2754
27320369 2755 /* Drop the "." link from ip to self. */
c24b5dfa
DC		 2756 error = xfs_droplink(tp, ip);
2757 if (error)
27320369 2758 goto out_trans_cancel;
c24b5dfa
DC		 2759 } else {
2760 /*
2761 * When removing a non-directory we need to log the parent
2762 * inode here. For a directory this is done implicitly
2763 * by the xfs_droplink call for the ".." entry.
2764 */
2765 xfs_trans_log_inode(tp, dp, XFS_ILOG_CORE);
2766 }
27320369 2767 xfs_trans_ichgtime(tp, dp, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
c24b5dfa 2768
27320369 2769 /* Drop the link from dp to ip. */
c24b5dfa
DC		 2770 error = xfs_droplink(tp, ip);
2771 if (error)
27320369 2772 goto out_trans_cancel;
c24b5dfa 2773
381eee69 2774 error = xfs_dir_removename(tp, dp, name, ip->i_ino, resblks);
27320369 2775 if (error) {
2451337d 2776 ASSERT(error != -ENOENT);
c8eac49e 2777 goto out_trans_cancel;
27320369
DC		 2778 }
2779
c24b5dfa
DC		 2780 /*
2781 * If this is a synchronous mount, make sure that the
2782 * remove transaction goes to disk before returning to
2783 * the user.
2784 */
2785 if (mp->m_flags & (XFS_MOUNT_WSYNC|XFS_MOUNT_DIRSYNC))
2786 xfs_trans_set_sync(tp);
2787
70393313 2788 error = xfs_trans_commit(tp);
c24b5dfa
DC		 2789 if (error)
2790 goto std_return;
2791
2cd2ef6a 2792 if (is_dir && xfs_inode_is_filestream(ip))
c24b5dfa
DC		 2793 xfs_filestream_deassociate(ip);
2794
2795 return 0;
2796
c24b5dfa 2797 out_trans_cancel:
4906e215 2798 xfs_trans_cancel(tp);
c24b5dfa
DC		 2799 std_return:
2800 return error;
2801}
2802
f6bba201
DC		 2803/*
2804 * Enter all inodes for a rename transaction into a sorted array.
2805 */
95afcf5c 2806#define __XFS_SORT_INODES 5
f6bba201
DC		 2807STATIC void
2808xfs_sort_for_rename(
95afcf5c
DC		 2809 struct xfs_inode *dp1, /* in: old (source) directory inode */
2810 struct xfs_inode *dp2, /* in: new (target) directory inode */
2811 struct xfs_inode *ip1, /* in: inode of old entry */
2812 struct xfs_inode *ip2, /* in: inode of new entry */
2813 struct xfs_inode *wip, /* in: whiteout inode */
2814 struct xfs_inode **i_tab,/* out: sorted array of inodes */
2815 int *num_inodes) /* in/out: inodes in array */
f6bba201 2816{
f6bba201
DC		 2817 int i, j;
2818
95afcf5c
DC		 2819 ASSERT(*num_inodes == __XFS_SORT_INODES);
2820 memset(i_tab, 0, *num_inodes * sizeof(struct xfs_inode *));
2821
f6bba201
DC		 2822 /*
2823 * i_tab contains a list of pointers to inodes. We initialize
2824 * the table here & we'll sort it. We will then use it to
2825 * order the acquisition of the inode locks.
2826 *
2827 * Note that the table may contain duplicates. e.g., dp1 == dp2.
2828 */
95afcf5c
DC		 2829 i = 0;
2830 i_tab[i++] = dp1;
2831 i_tab[i++] = dp2;
2832 i_tab[i++] = ip1;
2833 if (ip2)
2834 i_tab[i++] = ip2;
2835 if (wip)
2836 i_tab[i++] = wip;
2837 *num_inodes = i;
f6bba201
DC		 2838
2839 /*
2840 * Sort the elements via bubble sort. (Remember, there are at
95afcf5c 2841 * most 5 elements to sort, so this is adequate.)
f6bba201
DC		 2842 */
2843 for (i = 0; i < *num_inodes; i++) {
2844 for (j = 1; j < *num_inodes; j++) {
2845 if (i_tab[j]->i_ino < i_tab[j-1]->i_ino) {
95afcf5c 2846 struct xfs_inode *temp = i_tab[j];
f6bba201
DC		 2847 i_tab[j] = i_tab[j-1];
2848 i_tab[j-1] = temp;
2849 }
2850 }
2851 }
2852}
2853
310606b0
DC		 2854static int
2855xfs_finish_rename(
c9cfdb38 2856 struct xfs_trans *tp)
310606b0 2857{
310606b0
DC		 2858 /*
2859 * If this is a synchronous mount, make sure that the rename transaction
2860 * goes to disk before returning to the user.
2861 */
2862 if (tp->t_mountp->m_flags & (XFS_MOUNT_WSYNC|XFS_MOUNT_DIRSYNC))
2863 xfs_trans_set_sync(tp);
2864
70393313 2865 return xfs_trans_commit(tp);
310606b0
DC		 2866}
2867
d31a1825
CM		 2868/*
2869 * xfs_cross_rename()
2870 *
2871 * responsible for handling RENAME_EXCHANGE flag in renameat2() sytemcall
2872 */
2873STATIC int
2874xfs_cross_rename(
2875 struct xfs_trans *tp,
2876 struct xfs_inode *dp1,
2877 struct xfs_name *name1,
2878 struct xfs_inode *ip1,
2879 struct xfs_inode *dp2,
2880 struct xfs_name *name2,
2881 struct xfs_inode *ip2,
d31a1825
CM		 2882 int spaceres)
2883{
2884 int error = 0;
2885 int ip1_flags = 0;
2886 int ip2_flags = 0;
2887 int dp2_flags = 0;
2888
2889 /* Swap inode number for dirent in first parent */
381eee69 2890 error = xfs_dir_replace(tp, dp1, name1, ip2->i_ino, spaceres);
d31a1825 2891 if (error)
eeacd321 2892 goto out_trans_abort;
d31a1825
CM		 2893
2894 /* Swap inode number for dirent in second parent */
381eee69 2895 error = xfs_dir_replace(tp, dp2, name2, ip1->i_ino, spaceres);
d31a1825 2896 if (error)
eeacd321 2897 goto out_trans_abort;
d31a1825
CM		 2898
2899 /*
2900 * If we're renaming one or more directories across different parents,
2901 * update the respective ".." entries (and link counts) to match the new
2902 * parents.
2903 */
2904 if (dp1 != dp2) {
2905 dp2_flags = XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG;
2906
c19b3b05 2907 if (S_ISDIR(VFS_I(ip2)->i_mode)) {
d31a1825 2908 error = xfs_dir_replace(tp, ip2, &xfs_name_dotdot,
381eee69 2909 dp1->i_ino, spaceres);
d31a1825 2910 if (error)
eeacd321 2911 goto out_trans_abort;
d31a1825
CM		 2912
2913 /* transfer ip2 ".." reference to dp1 */
c19b3b05 2914 if (!S_ISDIR(VFS_I(ip1)->i_mode)) {
d31a1825
CM		 2915 error = xfs_droplink(tp, dp2);
2916 if (error)
eeacd321 2917 goto out_trans_abort;
91083269 2918 xfs_bumplink(tp, dp1);
d31a1825
CM		 2919 }
2920
2921 /*
2922 * Although ip1 isn't changed here, userspace needs
2923 * to be warned about the change, so that applications
2924 * relying on it (like backup ones), will properly
2925 * notify the change
2926 */
2927 ip1_flags |= XFS_ICHGTIME_CHG;
2928 ip2_flags |= XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG;
2929 }
2930
c19b3b05 2931 if (S_ISDIR(VFS_I(ip1)->i_mode)) {
d31a1825 2932 error = xfs_dir_replace(tp, ip1, &xfs_name_dotdot,
381eee69 2933 dp2->i_ino, spaceres);
d31a1825 2934 if (error)
eeacd321 2935 goto out_trans_abort;
d31a1825
CM		 2936
2937 /* transfer ip1 ".." reference to dp2 */
c19b3b05 2938 if (!S_ISDIR(VFS_I(ip2)->i_mode)) {
d31a1825
CM		 2939 error = xfs_droplink(tp, dp1);
2940 if (error)
eeacd321 2941 goto out_trans_abort;
91083269 2942 xfs_bumplink(tp, dp2);
d31a1825
CM		 2943 }
2944
2945 /*
2946 * Although ip2 isn't changed here, userspace needs
2947 * to be warned about the change, so that applications
2948 * relying on it (like backup ones), will properly
2949 * notify the change
2950 */
2951 ip1_flags |= XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG;
2952 ip2_flags |= XFS_ICHGTIME_CHG;
2953 }
2954 }
2955
2956 if (ip1_flags) {
2957 xfs_trans_ichgtime(tp, ip1, ip1_flags);
2958 xfs_trans_log_inode(tp, ip1, XFS_ILOG_CORE);
2959 }
2960 if (ip2_flags) {
2961 xfs_trans_ichgtime(tp, ip2, ip2_flags);
2962 xfs_trans_log_inode(tp, ip2, XFS_ILOG_CORE);
2963 }
2964 if (dp2_flags) {
2965 xfs_trans_ichgtime(tp, dp2, dp2_flags);
2966 xfs_trans_log_inode(tp, dp2, XFS_ILOG_CORE);
2967 }
2968 xfs_trans_ichgtime(tp, dp1, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
2969 xfs_trans_log_inode(tp, dp1, XFS_ILOG_CORE);
c9cfdb38 2970 return xfs_finish_rename(tp);
eeacd321
DC		 2971
2972out_trans_abort:
4906e215 2973 xfs_trans_cancel(tp);
d31a1825
CM		 2974 return error;
2975}
2976
7dcf5c3e
DC		 2977/*
2978 * xfs_rename_alloc_whiteout()
2979 *
b63da6c8 2980 * Return a referenced, unlinked, unlocked inode that can be used as a
7dcf5c3e
DC		 2981 * whiteout in a rename transaction. We use a tmpfile inode here so that if we
2982 * crash between allocating the inode and linking it into the rename transaction
2983 * recovery will free the inode and we won't leak it.
2984 */
2985static int
2986xfs_rename_alloc_whiteout(
f736d93d 2987 struct user_namespace *mnt_userns,
7dcf5c3e
DC		 2988 struct xfs_inode *dp,
2989 struct xfs_inode **wip)
2990{
2991 struct xfs_inode *tmpfile;
2992 int error;
2993
f736d93d
CH		 2994 error = xfs_create_tmpfile(mnt_userns, dp, S_IFCHR | WHITEOUT_MODE,
2995 &tmpfile);
7dcf5c3e
DC		 2996 if (error)
2997 return error;
2998
22419ac9
BF		 2999 /*
3000 * Prepare the tmpfile inode as if it were created through the VFS.
c4a6bf7f
DW		 3001 * Complete the inode setup and flag it as linkable. nlink is already
3002 * zero, so we can skip the drop_nlink.
22419ac9 3003 */
2b3d1d41 3004 xfs_setup_iops(tmpfile);
7dcf5c3e
DC		 3005 xfs_finish_inode_setup(tmpfile);
3006 VFS_I(tmpfile)->i_state |= I_LINKABLE;
3007
3008 *wip = tmpfile;
3009 return 0;
3010}
3011
f6bba201
DC		 3012/*
3013 * xfs_rename
3014 */
3015int
3016xfs_rename(
f736d93d 3017 struct user_namespace *mnt_userns,
7dcf5c3e
DC		 3018 struct xfs_inode *src_dp,
3019 struct xfs_name *src_name,
3020 struct xfs_inode *src_ip,
3021 struct xfs_inode *target_dp,
3022 struct xfs_name *target_name,
3023 struct xfs_inode *target_ip,
3024 unsigned int flags)
f6bba201 3025{
7dcf5c3e
DC		 3026 struct xfs_mount *mp = src_dp->i_mount;
3027 struct xfs_trans *tp;
7dcf5c3e
DC		 3028 struct xfs_inode *wip = NULL; /* whiteout inode */
3029 struct xfs_inode *inodes[__XFS_SORT_INODES];
93597ae8 3030 struct xfs_buf *agibp;
7dcf5c3e 3031 int num_inodes = __XFS_SORT_INODES;
2b93681f 3032 bool new_parent = (src_dp != target_dp);
c19b3b05 3033 bool src_is_directory = S_ISDIR(VFS_I(src_ip)->i_mode);
7dcf5c3e
DC		 3034 int spaceres;
3035 int error;
f6bba201
DC		 3036
3037 trace_xfs_rename(src_dp, target_dp, src_name, target_name);
3038
eeacd321
DC		 3039 if ((flags & RENAME_EXCHANGE) && !target_ip)
3040 return -EINVAL;
3041
7dcf5c3e
DC		 3042 /*
3043 * If we are doing a whiteout operation, allocate the whiteout inode
3044 * we will be placing at the target and ensure the type is set
3045 * appropriately.
3046 */
3047 if (flags & RENAME_WHITEOUT) {
3048 ASSERT(!(flags & (RENAME_NOREPLACE | RENAME_EXCHANGE)));
f736d93d 3049 error = xfs_rename_alloc_whiteout(mnt_userns, target_dp, &wip);
7dcf5c3e
DC		 3050 if (error)
3051 return error;
3052
3053 /* setup target dirent info as whiteout */
3054 src_name->type = XFS_DIR3_FT_CHRDEV;
3055 }
f6bba201 3056
7dcf5c3e 3057 xfs_sort_for_rename(src_dp, target_dp, src_ip, target_ip, wip,
f6bba201
DC		 3058 inodes, &num_inodes);
3059
f6bba201 3060 spaceres = XFS_RENAME_SPACE_RES(mp, target_name->len);
253f4911 3061 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_rename, spaceres, 0, 0, &tp);
2451337d 3062 if (error == -ENOSPC) {
f6bba201 3063 spaceres = 0;
253f4911
CH		 3064 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_rename, 0, 0, 0,
3065 &tp);
f6bba201 3066 }
445883e8 3067 if (error)
253f4911 3068 goto out_release_wip;
f6bba201
DC		 3069
3070 /*
3071 * Attach the dquots to the inodes
3072 */
3073 error = xfs_qm_vop_rename_dqattach(inodes);
445883e8
DC		 3074 if (error)
3075 goto out_trans_cancel;
f6bba201
DC		 3076
3077 /*
3078 * Lock all the participating inodes. Depending upon whether
3079 * the target_name exists in the target directory, and
3080 * whether the target directory is the same as the source
3081 * directory, we can lock from 2 to 4 inodes.
3082 */
3083 xfs_lock_inodes(inodes, num_inodes, XFS_ILOCK_EXCL);
3084
3085 /*
3086 * Join all the inodes to the transaction. From this point on,
3087 * we can rely on either trans_commit or trans_cancel to unlock
3088 * them.
3089 */
65523218 3090 xfs_trans_ijoin(tp, src_dp, XFS_ILOCK_EXCL);
f6bba201 3091 if (new_parent)
65523218 3092 xfs_trans_ijoin(tp, target_dp, XFS_ILOCK_EXCL);
f6bba201
DC		 3093 xfs_trans_ijoin(tp, src_ip, XFS_ILOCK_EXCL);
3094 if (target_ip)
3095 xfs_trans_ijoin(tp, target_ip, XFS_ILOCK_EXCL);
7dcf5c3e
DC		 3096 if (wip)
3097 xfs_trans_ijoin(tp, wip, XFS_ILOCK_EXCL);
f6bba201
DC		 3098
3099 /*
3100 * If we are using project inheritance, we only allow renames
3101 * into our tree when the project IDs are the same; else the
3102 * tree quota mechanism would be circumvented.
3103 */
3104 if (unlikely((target_dp->i_d.di_flags & XFS_DIFLAG_PROJINHERIT) &&
de7a866f 3105 target_dp->i_d.di_projid != src_ip->i_d.di_projid)) {
2451337d 3106 error = -EXDEV;
445883e8 3107 goto out_trans_cancel;
f6bba201
DC		 3108 }
3109
eeacd321
DC		 3110 /* RENAME_EXCHANGE is unique from here on. */
3111 if (flags & RENAME_EXCHANGE)
3112 return xfs_cross_rename(tp, src_dp, src_name, src_ip,
3113 target_dp, target_name, target_ip,
f16dea54 3114 spaceres);
d31a1825 3115
f6bba201 3116 /*
bc56ad8c 3117 * Check for expected errors before we dirty the transaction
3118 * so we can return an error without a transaction abort.
f6bba201
DC		 3119 */
3120 if (target_ip == NULL) {
3121 /*
3122 * If there's no space reservation, check the entry will
3123 * fit before actually inserting it.
3124 */
94f3cad5
ES		 3125 if (!spaceres) {
3126 error = xfs_dir_canenter(tp, target_dp, target_name);
3127 if (error)
445883e8 3128 goto out_trans_cancel;
94f3cad5 3129 }
bc56ad8c 3130 } else {
3131 /*
3132 * If target exists and it's a directory, check that whether
3133 * it can be destroyed.
3134 */
3135 if (S_ISDIR(VFS_I(target_ip)->i_mode) &&
3136 (!xfs_dir_isempty(target_ip) ||
3137 (VFS_I(target_ip)->i_nlink > 2))) {
3138 error = -EEXIST;
3139 goto out_trans_cancel;
3140 }
3141 }
3142
3143 /*
3144 * Directory entry creation below may acquire the AGF. Remove
3145 * the whiteout from the unlinked list first to preserve correct
3146 * AGI/AGF locking order. This dirties the transaction so failures
3147 * after this point will abort and log recovery will clean up the
3148 * mess.
3149 *
3150 * For whiteouts, we need to bump the link count on the whiteout
3151 * inode. After this point, we have a real link, clear the tmpfile
3152 * state flag from the inode so it doesn't accidentally get misused
3153 * in future.
3154 */
3155 if (wip) {
3156 ASSERT(VFS_I(wip)->i_nlink == 0);
3157 error = xfs_iunlink_remove(tp, wip);
3158 if (error)
3159 goto out_trans_cancel;
3160
3161 xfs_bumplink(tp, wip);
bc56ad8c 3162 VFS_I(wip)->i_state &= ~I_LINKABLE;
3163 }
3164
3165 /*
3166 * Set up the target.
3167 */
3168 if (target_ip == NULL) {
f6bba201
DC		 3169 /*
3170 * If target does not exist and the rename crosses
3171 * directories, adjust the target directory link count
3172 * to account for the ".." reference from the new entry.
3173 */
3174 error = xfs_dir_createname(tp, target_dp, target_name,
381eee69 3175 src_ip->i_ino, spaceres);
f6bba201 3176 if (error)
c8eac49e 3177 goto out_trans_cancel;
f6bba201
DC		 3178
3179 xfs_trans_ichgtime(tp, target_dp,
3180 XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
3181
3182 if (new_parent && src_is_directory) {
91083269 3183 xfs_bumplink(tp, target_dp);
f6bba201
DC		 3184 }
3185 } else { /* target_ip != NULL */
f6bba201
DC		 3186 /*
3187 * Link the source inode under the target name.
3188 * If the source inode is a directory and we are moving
3189 * it across directories, its ".." entry will be
3190 * inconsistent until we replace that down below.
3191 *
3192 * In case there is already an entry with the same
3193 * name at the destination directory, remove it first.
3194 */
93597ae8 3195
3196 /*
3197 * Check whether the replace operation will need to allocate
3198 * blocks. This happens when the shortform directory lacks
3199 * space and we have to convert it to a block format directory.
3200 * When more blocks are necessary, we must lock the AGI first
3201 * to preserve locking order (AGI -> AGF).
3202 */
3203 if (xfs_dir2_sf_replace_needblock(target_dp, src_ip->i_ino)) {
3204 error = xfs_read_agi(mp, tp,
3205 XFS_INO_TO_AGNO(mp, target_ip->i_ino),
3206 &agibp);
3207 if (error)
3208 goto out_trans_cancel;
3209 }
3210
f6bba201 3211 error = xfs_dir_replace(tp, target_dp, target_name,
381eee69 3212 src_ip->i_ino, spaceres);
f6bba201 3213 if (error)
c8eac49e 3214 goto out_trans_cancel;
f6bba201
DC		 3215
3216 xfs_trans_ichgtime(tp, target_dp,
3217 XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
3218
3219 /*
3220 * Decrement the link count on the target since the target
3221 * dir no longer points to it.
3222 */
3223 error = xfs_droplink(tp, target_ip);
3224 if (error)
c8eac49e 3225 goto out_trans_cancel;
f6bba201
DC		 3226
3227 if (src_is_directory) {
3228 /*
3229 * Drop the link from the old "." entry.
3230 */
3231 error = xfs_droplink(tp, target_ip);
3232 if (error)
c8eac49e 3233 goto out_trans_cancel;
f6bba201
DC		 3234 }
3235 } /* target_ip != NULL */
3236
3237 /*
3238 * Remove the source.
3239 */
3240 if (new_parent && src_is_directory) {
3241 /*
3242 * Rewrite the ".." entry to point to the new
3243 * directory.
3244 */
3245 error = xfs_dir_replace(tp, src_ip, &xfs_name_dotdot,
381eee69 3246 target_dp->i_ino, spaceres);
2451337d 3247 ASSERT(error != -EEXIST);
f6bba201 3248 if (error)
c8eac49e 3249 goto out_trans_cancel;
f6bba201
DC		 3250 }
3251
3252 /*
3253 * We always want to hit the ctime on the source inode.
3254 *
3255 * This isn't strictly required by the standards since the source
3256 * inode isn't really being changed, but old unix file systems did
3257 * it and some incremental backup programs won't work without it.
3258 */
3259 xfs_trans_ichgtime(tp, src_ip, XFS_ICHGTIME_CHG);
3260 xfs_trans_log_inode(tp, src_ip, XFS_ILOG_CORE);
3261
3262 /*
3263 * Adjust the link count on src_dp. This is necessary when
3264 * renaming a directory, either within one parent when
3265 * the target existed, or across two parent directories.
3266 */
3267 if (src_is_directory && (new_parent || target_ip != NULL)) {
3268
3269 /*
3270 * Decrement link count on src_directory since the
3271 * entry that's moved no longer points to it.
3272 */
3273 error = xfs_droplink(tp, src_dp);
3274 if (error)
c8eac49e 3275 goto out_trans_cancel;
f6bba201
DC		 3276 }
3277
7dcf5c3e
DC		 3278 /*
3279 * For whiteouts, we only need to update the source dirent with the
3280 * inode number of the whiteout inode rather than removing it
3281 * altogether.
3282 */
3283 if (wip) {
3284 error = xfs_dir_replace(tp, src_dp, src_name, wip->i_ino,
381eee69 3285 spaceres);
7dcf5c3e
DC		 3286 } else
3287 error = xfs_dir_removename(tp, src_dp, src_name, src_ip->i_ino,
381eee69 3288 spaceres);
f6bba201 3289 if (error)
c8eac49e 3290 goto out_trans_cancel;
f6bba201 3291
f6bba201
DC		 3292 xfs_trans_ichgtime(tp, src_dp, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
3293 xfs_trans_log_inode(tp, src_dp, XFS_ILOG_CORE);
3294 if (new_parent)
3295 xfs_trans_log_inode(tp, target_dp, XFS_ILOG_CORE);
f6bba201 3296
c9cfdb38 3297 error = xfs_finish_rename(tp);
7dcf5c3e 3298 if (wip)
44a8736b 3299 xfs_irele(wip);
7dcf5c3e 3300 return error;
f6bba201 3301
445883e8 3302out_trans_cancel:
4906e215 3303 xfs_trans_cancel(tp);
253f4911 3304out_release_wip:
7dcf5c3e 3305 if (wip)
44a8736b 3306 xfs_irele(wip);
f6bba201
DC		 3307 return error;
3308}
3309
e6187b34
DC		 3310static int
3311xfs_iflush(
93848a99
CH		 3312 struct xfs_inode *ip,
3313 struct xfs_buf *bp)
1da177e4 3314{
93848a99
CH		 3315 struct xfs_inode_log_item *iip = ip->i_itemp;
3316 struct xfs_dinode *dip;
3317 struct xfs_mount *mp = ip->i_mount;
f2019299 3318 int error;
1da177e4 3319
579aa9ca 3320 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL|XFS_ILOCK_SHARED));
718ecc50 3321 ASSERT(xfs_iflags_test(ip, XFS_IFLUSHING));
f7e67b20 3322 ASSERT(ip->i_df.if_format != XFS_DINODE_FMT_BTREE ||
daf83964 3323 ip->i_df.if_nextents > XFS_IFORK_MAXEXT(ip, XFS_DATA_FORK));
90c60e16 3324 ASSERT(iip->ili_item.li_buf == bp);
1da177e4 3325
88ee2df7 3326 dip = xfs_buf_offset(bp, ip->i_imap.im_boffset);
1da177e4 3327
f2019299
BF		 3328 /*
3329 * We don't flush the inode if any of the following checks fail, but we
3330 * do still update the log item and attach to the backing buffer as if
3331 * the flush happened. This is a formality to facilitate predictable
3332 * error handling as the caller will shutdown and fail the buffer.
3333 */
3334 error = -EFSCORRUPTED;
69ef921b 3335 if (XFS_TEST_ERROR(dip->di_magic != cpu_to_be16(XFS_DINODE_MAGIC),
9e24cfd0 3336 mp, XFS_ERRTAG_IFLUSH_1)) {
6a19d939 3337 xfs_alert_tag(mp, XFS_PTAG_IFLUSH,
c9690043 3338 "%s: Bad inode %Lu magic number 0x%x, ptr "PTR_FMT,
6a19d939 3339 __func__, ip->i_ino, be16_to_cpu(dip->di_magic), dip);
f2019299 3340 goto flush_out;
1da177e4 3341 }
c19b3b05 3342 if (S_ISREG(VFS_I(ip)->i_mode)) {
1da177e4 3343 if (XFS_TEST_ERROR(
f7e67b20
CH		 3344 ip->i_df.if_format != XFS_DINODE_FMT_EXTENTS &&
3345 ip->i_df.if_format != XFS_DINODE_FMT_BTREE,
9e24cfd0 3346 mp, XFS_ERRTAG_IFLUSH_3)) {
6a19d939 3347 xfs_alert_tag(mp, XFS_PTAG_IFLUSH,
c9690043 3348 "%s: Bad regular inode %Lu, ptr "PTR_FMT,
6a19d939 3349 __func__, ip->i_ino, ip);
f2019299 3350 goto flush_out;
1da177e4 3351 }
c19b3b05 3352 } else if (S_ISDIR(VFS_I(ip)->i_mode)) {
1da177e4 3353 if (XFS_TEST_ERROR(
f7e67b20
CH		 3354 ip->i_df.if_format != XFS_DINODE_FMT_EXTENTS &&
3355 ip->i_df.if_format != XFS_DINODE_FMT_BTREE &&
3356 ip->i_df.if_format != XFS_DINODE_FMT_LOCAL,
9e24cfd0 3357 mp, XFS_ERRTAG_IFLUSH_4)) {
6a19d939 3358 xfs_alert_tag(mp, XFS_PTAG_IFLUSH,
c9690043 3359 "%s: Bad directory inode %Lu, ptr "PTR_FMT,
6a19d939 3360 __func__, ip->i_ino, ip);
f2019299 3361 goto flush_out;
1da177e4
LT		 3362 }
3363 }
daf83964 3364 if (XFS_TEST_ERROR(ip->i_df.if_nextents + xfs_ifork_nextents(ip->i_afp) >
9e24cfd0 3365 ip->i_d.di_nblocks, mp, XFS_ERRTAG_IFLUSH_5)) {
6a19d939
DC		 3366 xfs_alert_tag(mp, XFS_PTAG_IFLUSH,
3367 "%s: detected corrupt incore inode %Lu, "
c9690043 3368 "total extents = %d, nblocks = %Ld, ptr "PTR_FMT,
6a19d939 3369 __func__, ip->i_ino,
daf83964 3370 ip->i_df.if_nextents + xfs_ifork_nextents(ip->i_afp),
6a19d939 3371 ip->i_d.di_nblocks, ip);
f2019299 3372 goto flush_out;
1da177e4
LT		 3373 }
3374 if (XFS_TEST_ERROR(ip->i_d.di_forkoff > mp->m_sb.sb_inodesize,
9e24cfd0 3375 mp, XFS_ERRTAG_IFLUSH_6)) {
6a19d939 3376 xfs_alert_tag(mp, XFS_PTAG_IFLUSH,
c9690043 3377 "%s: bad inode %Lu, forkoff 0x%x, ptr "PTR_FMT,
6a19d939 3378 __func__, ip->i_ino, ip->i_d.di_forkoff, ip);
f2019299 3379 goto flush_out;
1da177e4 3380 }
e60896d8 3381
1da177e4 3382 /*
263997a6 3383 * Inode item log recovery for v2 inodes are dependent on the
e60896d8
DC		 3384 * di_flushiter count for correct sequencing. We bump the flush
3385 * iteration count so we can detect flushes which postdate a log record
3386 * during recovery. This is redundant as we now log every change and
3387 * hence this can't happen but we need to still do it to ensure
3388 * backwards compatibility with old kernels that predate logging all
3389 * inode changes.
1da177e4 3390 */
6471e9c5 3391 if (!xfs_sb_version_has_v3inode(&mp->m_sb))
e60896d8 3392 ip->i_d.di_flushiter++;
1da177e4 3393
0f45a1b2
CH		 3394 /*
3395 * If there are inline format data / attr forks attached to this inode,
3396 * make sure they are not corrupt.
3397 */
f7e67b20 3398 if (ip->i_df.if_format == XFS_DINODE_FMT_LOCAL &&
0f45a1b2
CH		 3399 xfs_ifork_verify_local_data(ip))
3400 goto flush_out;
f7e67b20 3401 if (ip->i_afp && ip->i_afp->if_format == XFS_DINODE_FMT_LOCAL &&
0f45a1b2 3402 xfs_ifork_verify_local_attr(ip))
f2019299 3403 goto flush_out;
005c5db8 3404
1da177e4 3405 /*
3987848c
DC		 3406 * Copy the dirty parts of the inode into the on-disk inode. We always
3407 * copy out the core of the inode, because if the inode is dirty at all
3408 * the core must be.
1da177e4 3409 */
93f958f9 3410 xfs_inode_to_disk(ip, dip, iip->ili_item.li_lsn);
1da177e4
LT		 3411
3412 /* Wrap, we never let the log put out DI_MAX_FLUSH */
3413 if (ip->i_d.di_flushiter == DI_MAX_FLUSH)
3414 ip->i_d.di_flushiter = 0;
3415
005c5db8
DW		 3416 xfs_iflush_fork(ip, dip, iip, XFS_DATA_FORK);
3417 if (XFS_IFORK_Q(ip))
3418 xfs_iflush_fork(ip, dip, iip, XFS_ATTR_FORK);
1da177e4
LT		 3419
3420 /*
f5d8d5c4
CH		 3421 * We've recorded everything logged in the inode, so we'd like to clear
3422 * the ili_fields bits so we don't log and flush things unnecessarily.
3423 * However, we can't stop logging all this information until the data
3424 * we've copied into the disk buffer is written to disk. If we did we
3425 * might overwrite the copy of the inode in the log with all the data
3426 * after re-logging only part of it, and in the face of a crash we
3427 * wouldn't have all the data we need to recover.
1da177e4 3428 *
f5d8d5c4
CH		 3429 * What we do is move the bits to the ili_last_fields field. When
3430 * logging the inode, these bits are moved back to the ili_fields field.
664ffb8a
CH		 3431 * In the xfs_buf_inode_iodone() routine we clear ili_last_fields, since
3432 * we know that the information those bits represent is permanently on
f5d8d5c4
CH		 3433 * disk. As long as the flush completes before the inode is logged
3434 * again, then both ili_fields and ili_last_fields will be cleared.
1da177e4 3435 */
f2019299
BF		 3436 error = 0;
3437flush_out:
1319ebef 3438 spin_lock(&iip->ili_lock);
93848a99
CH		 3439 iip->ili_last_fields = iip->ili_fields;
3440 iip->ili_fields = 0;
fc0561ce 3441 iip->ili_fsync_fields = 0;
1319ebef 3442 spin_unlock(&iip->ili_lock);
1da177e4 3443
1319ebef
DC		 3444 /*
3445 * Store the current LSN of the inode so that we can tell whether the
664ffb8a 3446 * item has moved in the AIL from xfs_buf_inode_iodone().
1319ebef 3447 */
93848a99
CH		 3448 xfs_trans_ail_copy_lsn(mp->m_ail, &iip->ili_flush_lsn,
3449 &iip->ili_item.li_lsn);
1da177e4 3450
93848a99
CH		 3451 /* generate the checksum. */
3452 xfs_dinode_calc_crc(mp, dip);
f2019299 3453 return error;
1da177e4 3454}
44a8736b 3455
e6187b34
DC		 3456/*
3457 * Non-blocking flush of dirty inode metadata into the backing buffer.
3458 *
3459 * The caller must have a reference to the inode and hold the cluster buffer
3460 * locked. The function will walk across all the inodes on the cluster buffer it
3461 * can find and lock without blocking, and flush them to the cluster buffer.
3462 *
5717ea4d
DC		 3463 * On successful flushing of at least one inode, the caller must write out the
3464 * buffer and release it. If no inodes are flushed, -EAGAIN will be returned and
3465 * the caller needs to release the buffer. On failure, the filesystem will be
3466 * shut down, the buffer will have been unlocked and released, and EFSCORRUPTED
3467 * will be returned.
e6187b34
DC		 3468 */
3469int
3470xfs_iflush_cluster(
e6187b34
DC		 3471 struct xfs_buf *bp)
3472{
5717ea4d
DC		 3473 struct xfs_mount *mp = bp->b_mount;
3474 struct xfs_log_item *lip, *n;
3475 struct xfs_inode *ip;
3476 struct xfs_inode_log_item *iip;
e6187b34 3477 int clcount = 0;
5717ea4d 3478 int error = 0;
e6187b34 3479
5717ea4d
DC		 3480 /*
3481 * We must use the safe variant here as on shutdown xfs_iflush_abort()
3482 * can remove itself from the list.
3483 */
3484 list_for_each_entry_safe(lip, n, &bp->b_li_list, li_bio_list) {
3485 iip = (struct xfs_inode_log_item *)lip;
3486 ip = iip->ili_inode;
e6187b34
DC		 3487
3488 /*
5717ea4d 3489 * Quick and dirty check to avoid locks if possible.
e6187b34 3490 */
718ecc50 3491 if (__xfs_iflags_test(ip, XFS_IRECLAIM | XFS_IFLUSHING))
5717ea4d
DC		 3492 continue;
3493 if (xfs_ipincount(ip))
e6187b34 3494 continue;
e6187b34
DC		 3495
3496 /*
5717ea4d
DC		 3497 * The inode is still attached to the buffer, which means it is
3498 * dirty but reclaim might try to grab it. Check carefully for
3499 * that, and grab the ilock while still holding the i_flags_lock
3500 * to guarantee reclaim will not be able to reclaim this inode
3501 * once we drop the i_flags_lock.
e6187b34 3502 */
5717ea4d
DC		 3503 spin_lock(&ip->i_flags_lock);
3504 ASSERT(!__xfs_iflags_test(ip, XFS_ISTALE));
718ecc50 3505 if (__xfs_iflags_test(ip, XFS_IRECLAIM | XFS_IFLUSHING)) {
5717ea4d
DC		 3506 spin_unlock(&ip->i_flags_lock);
3507 continue;
e6187b34 3508 }
e6187b34
DC		 3509
3510 /*
5717ea4d
DC		 3511 * ILOCK will pin the inode against reclaim and prevent
3512 * concurrent transactions modifying the inode while we are
718ecc50
DC		 3513 * flushing the inode. If we get the lock, set the flushing
3514 * state before we drop the i_flags_lock.
e6187b34 3515 */
5717ea4d
DC		 3516 if (!xfs_ilock_nowait(ip, XFS_ILOCK_SHARED)) {
3517 spin_unlock(&ip->i_flags_lock);
e6187b34 3518 continue;
5717ea4d 3519 }
718ecc50 3520 __xfs_iflags_set(ip, XFS_IFLUSHING);
5717ea4d 3521 spin_unlock(&ip->i_flags_lock);
e6187b34 3522
e6187b34 3523 /*
5717ea4d
DC		 3524 * Abort flushing this inode if we are shut down because the
3525 * inode may not currently be in the AIL. This can occur when
3526 * log I/O failure unpins the inode without inserting into the
3527 * AIL, leaving a dirty/unpinned inode attached to the buffer
3528 * that otherwise looks like it should be flushed.
e6187b34 3529 */
5717ea4d
DC		 3530 if (XFS_FORCED_SHUTDOWN(mp)) {
3531 xfs_iunpin_wait(ip);
5717ea4d
DC		 3532 xfs_iflush_abort(ip);
3533 xfs_iunlock(ip, XFS_ILOCK_SHARED);
3534 error = -EIO;
e6187b34
DC		 3535 continue;
3536 }
3537
5717ea4d
DC		 3538 /* don't block waiting on a log force to unpin dirty inodes */
3539 if (xfs_ipincount(ip)) {
718ecc50 3540 xfs_iflags_clear(ip, XFS_IFLUSHING);
5717ea4d
DC		 3541 xfs_iunlock(ip, XFS_ILOCK_SHARED);
3542 continue;
e6187b34 3543 }
e6187b34 3544
5717ea4d
DC		 3545 if (!xfs_inode_clean(ip))
3546 error = xfs_iflush(ip, bp);
3547 else
718ecc50 3548 xfs_iflags_clear(ip, XFS_IFLUSHING);
5717ea4d
DC		 3549 xfs_iunlock(ip, XFS_ILOCK_SHARED);
3550 if (error)
3551 break;
3552 clcount++;
e6187b34
DC		 3553 }
3554
e6187b34
DC		 3555 if (error) {
3556 bp->b_flags |= XBF_ASYNC;
3557 xfs_buf_ioend_fail(bp);
3558 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
5717ea4d 3559 return error;
e6187b34 3560 }
5717ea4d
DC		 3561
3562 if (!clcount)
3563 return -EAGAIN;
3564
3565 XFS_STATS_INC(mp, xs_icluster_flushcnt);
3566 XFS_STATS_ADD(mp, xs_icluster_flushinode, clcount);
3567 return 0;
3568
e6187b34
DC		 3569}
3570
44a8736b
DW		 3571/* Release an inode. */
3572void
3573xfs_irele(
3574 struct xfs_inode *ip)
3575{
3576 trace_xfs_irele(ip, _RET_IP_);
3577 iput(VFS_I(ip));
3578}
54fbdd10
CH		 3579
3580/*
3581 * Ensure all commited transactions touching the inode are written to the log.
3582 */
3583int
3584xfs_log_force_inode(
3585 struct xfs_inode *ip)
3586{
3587 xfs_lsn_t lsn = 0;
3588
3589 xfs_ilock(ip, XFS_ILOCK_SHARED);
3590 if (xfs_ipincount(ip))
3591 lsn = ip->i_itemp->ili_last_lsn;
3592 xfs_iunlock(ip, XFS_ILOCK_SHARED);
3593
3594 if (!lsn)
3595 return 0;
3596 return xfs_log_force_lsn(ip->i_mount, lsn, XFS_LOG_SYNC, NULL);
3597}
e2aaee9c
DW		 3598
3599/*
3600 * Grab the exclusive iolock for a data copy from src to dest, making sure to
3601 * abide vfs locking order (lowest pointer value goes first) and breaking the
3602 * layout leases before proceeding. The loop is needed because we cannot call
3603 * the blocking break_layout() with the iolocks held, and therefore have to
3604 * back out both locks.
3605 */
3606static int
3607xfs_iolock_two_inodes_and_break_layout(
3608 struct inode *src,
3609 struct inode *dest)
3610{
3611 int error;
3612
3613 if (src > dest)
3614 swap(src, dest);
3615
3616retry:
3617 /* Wait to break both inodes' layouts before we start locking. */
3618 error = break_layout(src, true);
3619 if (error)
3620 return error;
3621 if (src != dest) {
3622 error = break_layout(dest, true);
3623 if (error)
3624 return error;
3625 }
3626
3627 /* Lock one inode and make sure nobody got in and leased it. */
3628 inode_lock(src);
3629 error = break_layout(src, false);
3630 if (error) {
3631 inode_unlock(src);
3632 if (error == -EWOULDBLOCK)
3633 goto retry;
3634 return error;
3635 }
3636
3637 if (src == dest)
3638 return 0;
3639
3640 /* Lock the other inode and make sure nobody got in and leased it. */
3641 inode_lock_nested(dest, I_MUTEX_NONDIR2);
3642 error = break_layout(dest, false);
3643 if (error) {
3644 inode_unlock(src);
3645 inode_unlock(dest);
3646 if (error == -EWOULDBLOCK)
3647 goto retry;
3648 return error;
3649 }
3650
3651 return 0;
3652}
3653
3654/*
3655 * Lock two inodes so that userspace cannot initiate I/O via file syscalls or
3656 * mmap activity.
3657 */
3658int
3659xfs_ilock2_io_mmap(
3660 struct xfs_inode *ip1,
3661 struct xfs_inode *ip2)
3662{
3663 int ret;
3664
3665 ret = xfs_iolock_two_inodes_and_break_layout(VFS_I(ip1), VFS_I(ip2));
3666 if (ret)
3667 return ret;
3668 if (ip1 == ip2)
3669 xfs_ilock(ip1, XFS_MMAPLOCK_EXCL);
3670 else
3671 xfs_lock_two_inodes(ip1, XFS_MMAPLOCK_EXCL,
3672 ip2, XFS_MMAPLOCK_EXCL);
3673 return 0;
3674}
3675
3676/* Unlock both inodes to allow IO and mmap activity. */
3677void
3678xfs_iunlock2_io_mmap(
3679 struct xfs_inode *ip1,
3680 struct xfs_inode *ip2)
3681{
3682 bool same_inode = (ip1 == ip2);
3683
3684 xfs_iunlock(ip2, XFS_MMAPLOCK_EXCL);
3685 if (!same_inode)
3686 xfs_iunlock(ip1, XFS_MMAPLOCK_EXCL);
3687 inode_unlock(VFS_I(ip2));
3688 if (!same_inode)
3689 inode_unlock(VFS_I(ip1));
3690}
Ubuntu Jammy Linux kernel mirror