]> git.proxmox.com Git - mirror_zfs.git/blob - module/zfs/zfs_vnops.c
projects / mirror_zfs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix a potential use-after-free in zfs_setsecattr()
[mirror_zfs.git] / module / zfs / zfs_vnops.c
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or https://opensource.org/licenses/CDDL-1.0.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright (c) 2012, 2018 by Delphix. All rights reserved.
25 * Copyright (c) 2015 by Chunwei Chen. All rights reserved.
26 * Copyright 2017 Nexenta Systems, Inc.
27 * Copyright (c) 2021, 2022 by Pawel Jakub Dawidek
28 */
29
30 /* Portions Copyright 2007 Jeremy Teo */
31 /* Portions Copyright 2010 Robert Milkowski */
32
33 #include <sys/types.h>
34 #include <sys/param.h>
35 #include <sys/time.h>
36 #include <sys/sysmacros.h>
37 #include <sys/vfs.h>
38 #include <sys/uio_impl.h>
39 #include <sys/file.h>
40 #include <sys/stat.h>
41 #include <sys/kmem.h>
42 #include <sys/cmn_err.h>
43 #include <sys/errno.h>
44 #include <sys/zfs_dir.h>
45 #include <sys/zfs_acl.h>
46 #include <sys/zfs_ioctl.h>
47 #include <sys/fs/zfs.h>
48 #include <sys/dmu.h>
49 #include <sys/dmu_objset.h>
50 #include <sys/dsl_crypt.h>
51 #include <sys/spa.h>
52 #include <sys/txg.h>
53 #include <sys/dbuf.h>
54 #include <sys/policy.h>
55 #include <sys/zfeature.h>
56 #include <sys/zfs_vnops.h>
57 #include <sys/zfs_quota.h>
58 #include <sys/zfs_vfsops.h>
59 #include <sys/zfs_znode.h>
60
61
62 static ulong_t zfs_fsync_sync_cnt = 4;
63
64 int
65 zfs_fsync(znode_t *zp, int syncflag, cred_t *cr)
66 {
67 int error = 0;
68 zfsvfs_t *zfsvfs = ZTOZSB(zp);
69
70 (void) tsd_set(zfs_fsyncer_key, (void *)(uintptr_t)zfs_fsync_sync_cnt);
71
72 if (zfsvfs->z_os->os_sync != ZFS_SYNC_DISABLED) {
73 if ((error = zfs_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
74 goto out;
75 atomic_inc_32(&zp->z_sync_writes_cnt);
76 zil_commit(zfsvfs->z_log, zp->z_id);
77 atomic_dec_32(&zp->z_sync_writes_cnt);
78 zfs_exit(zfsvfs, FTAG);
79 }
80 out:
81 tsd_set(zfs_fsyncer_key, NULL);
82
83 return (error);
84 }
85
86
87 #if defined(SEEK_HOLE) && defined(SEEK_DATA)
88 /*
89 * Lseek support for finding holes (cmd == SEEK_HOLE) and
90 * data (cmd == SEEK_DATA). "off" is an in/out parameter.
91 */
92 static int
93 zfs_holey_common(znode_t *zp, ulong_t cmd, loff_t *off)
94 {
95 zfs_locked_range_t *lr;
96 uint64_t noff = (uint64_t)*off; /* new offset */
97 uint64_t file_sz;
98 int error;
99 boolean_t hole;
100
101 file_sz = zp->z_size;
102 if (noff >= file_sz) {
103 return (SET_ERROR(ENXIO));
104 }
105
106 if (cmd == F_SEEK_HOLE)
107 hole = B_TRUE;
108 else
109 hole = B_FALSE;
110
111 /* Flush any mmap()'d data to disk */
112 if (zn_has_cached_data(zp, 0, file_sz - 1))
113 zn_flush_cached_data(zp, B_FALSE);
114
115 lr = zfs_rangelock_enter(&zp->z_rangelock, 0, UINT64_MAX, RL_READER);
116 error = dmu_offset_next(ZTOZSB(zp)->z_os, zp->z_id, hole, &noff);
117 zfs_rangelock_exit(lr);
118
119 if (error == ESRCH)
120 return (SET_ERROR(ENXIO));
121
122 /* File was dirty, so fall back to using generic logic */
123 if (error == EBUSY) {
124 if (hole)
125 *off = file_sz;
126
127 return (0);
128 }
129
130 /*
131 * We could find a hole that begins after the logical end-of-file,
132 * because dmu_offset_next() only works on whole blocks. If the
133 * EOF falls mid-block, then indicate that the "virtual hole"
134 * at the end of the file begins at the logical EOF, rather than
135 * at the end of the last block.
136 */
137 if (noff > file_sz) {
138 ASSERT(hole);
139 noff = file_sz;
140 }
141
142 if (noff < *off)
143 return (error);
144 *off = noff;
145 return (error);
146 }
147
148 int
149 zfs_holey(znode_t *zp, ulong_t cmd, loff_t *off)
150 {
151 zfsvfs_t *zfsvfs = ZTOZSB(zp);
152 int error;
153
154 if ((error = zfs_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
155 return (error);
156
157 error = zfs_holey_common(zp, cmd, off);
158
159 zfs_exit(zfsvfs, FTAG);
160 return (error);
161 }
162 #endif /* SEEK_HOLE && SEEK_DATA */
163
164 int
165 zfs_access(znode_t *zp, int mode, int flag, cred_t *cr)
166 {
167 zfsvfs_t *zfsvfs = ZTOZSB(zp);
168 int error;
169
170 if ((error = zfs_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
171 return (error);
172
173 if (flag & V_ACE_MASK)
174 #if defined(__linux__)
175 error = zfs_zaccess(zp, mode, flag, B_FALSE, cr,
176 zfs_init_idmap);
177 #else
178 error = zfs_zaccess(zp, mode, flag, B_FALSE, cr,
179 NULL);
180 #endif
181 else
182 #if defined(__linux__)
183 error = zfs_zaccess_rwx(zp, mode, flag, cr, zfs_init_idmap);
184 #else
185 error = zfs_zaccess_rwx(zp, mode, flag, cr, NULL);
186 #endif
187
188 zfs_exit(zfsvfs, FTAG);
189 return (error);
190 }
191
192 static uint64_t zfs_vnops_read_chunk_size = 1024 * 1024; /* Tunable */
193
194 /*
195 * Read bytes from specified file into supplied buffer.
196 *
197 * IN: zp - inode of file to be read from.
198 * uio - structure supplying read location, range info,
199 * and return buffer.
200 * ioflag - O_SYNC flags; used to provide FRSYNC semantics.
201 * O_DIRECT flag; used to bypass page cache.
202 * cr - credentials of caller.
203 *
204 * OUT: uio - updated offset and range, buffer filled.
205 *
206 * RETURN: 0 on success, error code on failure.
207 *
208 * Side Effects:
209 * inode - atime updated if byte count > 0
210 */
211 int
212 zfs_read(struct znode *zp, zfs_uio_t *uio, int ioflag, cred_t *cr)
213 {
214 (void) cr;
215 int error = 0;
216 boolean_t frsync = B_FALSE;
217
218 zfsvfs_t *zfsvfs = ZTOZSB(zp);
219 if ((error = zfs_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
220 return (error);
221
222 if (zp->z_pflags & ZFS_AV_QUARANTINED) {
223 zfs_exit(zfsvfs, FTAG);
224 return (SET_ERROR(EACCES));
225 }
226
227 /* We don't copy out anything useful for directories. */
228 if (Z_ISDIR(ZTOTYPE(zp))) {
229 zfs_exit(zfsvfs, FTAG);
230 return (SET_ERROR(EISDIR));
231 }
232
233 /*
234 * Validate file offset
235 */
236 if (zfs_uio_offset(uio) < (offset_t)0) {
237 zfs_exit(zfsvfs, FTAG);
238 return (SET_ERROR(EINVAL));
239 }
240
241 /*
242 * Fasttrack empty reads
243 */
244 if (zfs_uio_resid(uio) == 0) {
245 zfs_exit(zfsvfs, FTAG);
246 return (0);
247 }
248
249 #ifdef FRSYNC
250 /*
251 * If we're in FRSYNC mode, sync out this znode before reading it.
252 * Only do this for non-snapshots.
253 *
254 * Some platforms do not support FRSYNC and instead map it
255 * to O_SYNC, which results in unnecessary calls to zil_commit. We
256 * only honor FRSYNC requests on platforms which support it.
257 */
258 frsync = !!(ioflag & FRSYNC);
259 #endif
260 if (zfsvfs->z_log &&
261 (frsync || zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS))
262 zil_commit(zfsvfs->z_log, zp->z_id);
263
264 /*
265 * Lock the range against changes.
266 */
267 zfs_locked_range_t *lr = zfs_rangelock_enter(&zp->z_rangelock,
268 zfs_uio_offset(uio), zfs_uio_resid(uio), RL_READER);
269
270 /*
271 * If we are reading past end-of-file we can skip
272 * to the end; but we might still need to set atime.
273 */
274 if (zfs_uio_offset(uio) >= zp->z_size) {
275 error = 0;
276 goto out;
277 }
278
279 ASSERT(zfs_uio_offset(uio) < zp->z_size);
280 #if defined(__linux__)
281 ssize_t start_offset = zfs_uio_offset(uio);
282 #endif
283 ssize_t n = MIN(zfs_uio_resid(uio), zp->z_size - zfs_uio_offset(uio));
284 ssize_t start_resid = n;
285
286 while (n > 0) {
287 ssize_t nbytes = MIN(n, zfs_vnops_read_chunk_size -
288 P2PHASE(zfs_uio_offset(uio), zfs_vnops_read_chunk_size));
289 #ifdef UIO_NOCOPY
290 if (zfs_uio_segflg(uio) == UIO_NOCOPY)
291 error = mappedread_sf(zp, nbytes, uio);
292 else
293 #endif
294 if (zn_has_cached_data(zp, zfs_uio_offset(uio),
295 zfs_uio_offset(uio) + nbytes - 1) && !(ioflag & O_DIRECT)) {
296 error = mappedread(zp, nbytes, uio);
297 } else {
298 error = dmu_read_uio_dbuf(sa_get_db(zp->z_sa_hdl),
299 uio, nbytes);
300 }
301
302 if (error) {
303 /* convert checksum errors into IO errors */
304 if (error == ECKSUM)
305 error = SET_ERROR(EIO);
306
307 #if defined(__linux__)
308 /*
309 * if we actually read some bytes, bubbling EFAULT
310 * up to become EAGAIN isn't what we want here...
311 *
312 * ...on Linux, at least. On FBSD, doing this breaks.
313 */
314 if (error == EFAULT &&
315 (zfs_uio_offset(uio) - start_offset) != 0)
316 error = 0;
317 #endif
318 break;
319 }
320
321 n -= nbytes;
322 }
323
324 int64_t nread = start_resid - n;
325 dataset_kstats_update_read_kstats(&zfsvfs->z_kstat, nread);
326 task_io_account_read(nread);
327 out:
328 zfs_rangelock_exit(lr);
329
330 ZFS_ACCESSTIME_STAMP(zfsvfs, zp);
331 zfs_exit(zfsvfs, FTAG);
332 return (error);
333 }
334
335 static void
336 zfs_clear_setid_bits_if_necessary(zfsvfs_t *zfsvfs, znode_t *zp, cred_t *cr,
337 uint64_t *clear_setid_bits_txgp, dmu_tx_t *tx)
338 {
339 zilog_t *zilog = zfsvfs->z_log;
340 const uint64_t uid = KUID_TO_SUID(ZTOUID(zp));
341
342 ASSERT(clear_setid_bits_txgp != NULL);
343 ASSERT(tx != NULL);
344
345 /*
346 * Clear Set-UID/Set-GID bits on successful write if not
347 * privileged and at least one of the execute bits is set.
348 *
349 * It would be nice to do this after all writes have
350 * been done, but that would still expose the ISUID/ISGID
351 * to another app after the partial write is committed.
352 *
353 * Note: we don't call zfs_fuid_map_id() here because
354 * user 0 is not an ephemeral uid.
355 */
356 mutex_enter(&zp->z_acl_lock);
357 if ((zp->z_mode & (S_IXUSR | (S_IXUSR >> 3) | (S_IXUSR >> 6))) != 0 &&
358 (zp->z_mode & (S_ISUID | S_ISGID)) != 0 &&
359 secpolicy_vnode_setid_retain(zp, cr,
360 ((zp->z_mode & S_ISUID) != 0 && uid == 0)) != 0) {
361 uint64_t newmode;
362
363 zp->z_mode &= ~(S_ISUID | S_ISGID);
364 newmode = zp->z_mode;
365 (void) sa_update(zp->z_sa_hdl, SA_ZPL_MODE(zfsvfs),
366 (void *)&newmode, sizeof (uint64_t), tx);
367
368 mutex_exit(&zp->z_acl_lock);
369
370 /*
371 * Make sure SUID/SGID bits will be removed when we replay the
372 * log. If the setid bits are keep coming back, don't log more
373 * than one TX_SETATTR per transaction group.
374 */
375 if (*clear_setid_bits_txgp != dmu_tx_get_txg(tx)) {
376 vattr_t va = {0};
377
378 va.va_mask = ATTR_MODE;
379 va.va_nodeid = zp->z_id;
380 va.va_mode = newmode;
381 zfs_log_setattr(zilog, tx, TX_SETATTR, zp, &va,
382 ATTR_MODE, NULL);
383 *clear_setid_bits_txgp = dmu_tx_get_txg(tx);
384 }
385 } else {
386 mutex_exit(&zp->z_acl_lock);
387 }
388 }
389
390 /*
391 * Write the bytes to a file.
392 *
393 * IN: zp - znode of file to be written to.
394 * uio - structure supplying write location, range info,
395 * and data buffer.
396 * ioflag - O_APPEND flag set if in append mode.
397 * O_DIRECT flag; used to bypass page cache.
398 * cr - credentials of caller.
399 *
400 * OUT: uio - updated offset and range.
401 *
402 * RETURN: 0 if success
403 * error code if failure
404 *
405 * Timestamps:
406 * ip - ctime|mtime updated if byte count > 0
407 */
408 int
409 zfs_write(znode_t *zp, zfs_uio_t *uio, int ioflag, cred_t *cr)
410 {
411 int error = 0, error1;
412 ssize_t start_resid = zfs_uio_resid(uio);
413 uint64_t clear_setid_bits_txg = 0;
414
415 /*
416 * Fasttrack empty write
417 */
418 ssize_t n = start_resid;
419 if (n == 0)
420 return (0);
421
422 zfsvfs_t *zfsvfs = ZTOZSB(zp);
423 if ((error = zfs_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
424 return (error);
425
426 sa_bulk_attr_t bulk[4];
427 int count = 0;
428 uint64_t mtime[2], ctime[2];
429 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
430 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
431 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs), NULL,
432 &zp->z_size, 8);
433 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_FLAGS(zfsvfs), NULL,
434 &zp->z_pflags, 8);
435
436 /*
437 * Callers might not be able to detect properly that we are read-only,
438 * so check it explicitly here.
439 */
440 if (zfs_is_readonly(zfsvfs)) {
441 zfs_exit(zfsvfs, FTAG);
442 return (SET_ERROR(EROFS));
443 }
444
445 /*
446 * If immutable or not appending then return EPERM.
447 * Intentionally allow ZFS_READONLY through here.
448 * See zfs_zaccess_common()
449 */
450 if ((zp->z_pflags & ZFS_IMMUTABLE) ||
451 ((zp->z_pflags & ZFS_APPENDONLY) && !(ioflag & O_APPEND) &&
452 (zfs_uio_offset(uio) < zp->z_size))) {
453 zfs_exit(zfsvfs, FTAG);
454 return (SET_ERROR(EPERM));
455 }
456
457 /*
458 * Validate file offset
459 */
460 offset_t woff = ioflag & O_APPEND ? zp->z_size : zfs_uio_offset(uio);
461 if (woff < 0) {
462 zfs_exit(zfsvfs, FTAG);
463 return (SET_ERROR(EINVAL));
464 }
465
466 /*
467 * Pre-fault the pages to ensure slow (eg NFS) pages
468 * don't hold up txg.
469 */
470 ssize_t pfbytes = MIN(n, DMU_MAX_ACCESS >> 1);
471 if (zfs_uio_prefaultpages(pfbytes, uio)) {
472 zfs_exit(zfsvfs, FTAG);
473 return (SET_ERROR(EFAULT));
474 }
475
476 /*
477 * If in append mode, set the io offset pointer to eof.
478 */
479 zfs_locked_range_t *lr;
480 if (ioflag & O_APPEND) {
481 /*
482 * Obtain an appending range lock to guarantee file append
483 * semantics. We reset the write offset once we have the lock.
484 */
485 lr = zfs_rangelock_enter(&zp->z_rangelock, 0, n, RL_APPEND);
486 woff = lr->lr_offset;
487 if (lr->lr_length == UINT64_MAX) {
488 /*
489 * We overlocked the file because this write will cause
490 * the file block size to increase.
491 * Note that zp_size cannot change with this lock held.
492 */
493 woff = zp->z_size;
494 }
495 zfs_uio_setoffset(uio, woff);
496 } else {
497 /*
498 * Note that if the file block size will change as a result of
499 * this write, then this range lock will lock the entire file
500 * so that we can re-write the block safely.
501 */
502 lr = zfs_rangelock_enter(&zp->z_rangelock, woff, n, RL_WRITER);
503 }
504
505 if (zn_rlimit_fsize_uio(zp, uio)) {
506 zfs_rangelock_exit(lr);
507 zfs_exit(zfsvfs, FTAG);
508 return (SET_ERROR(EFBIG));
509 }
510
511 const rlim64_t limit = MAXOFFSET_T;
512
513 if (woff >= limit) {
514 zfs_rangelock_exit(lr);
515 zfs_exit(zfsvfs, FTAG);
516 return (SET_ERROR(EFBIG));
517 }
518
519 if (n > limit - woff)
520 n = limit - woff;
521
522 uint64_t end_size = MAX(zp->z_size, woff + n);
523 zilog_t *zilog = zfsvfs->z_log;
524
525 const uint64_t uid = KUID_TO_SUID(ZTOUID(zp));
526 const uint64_t gid = KGID_TO_SGID(ZTOGID(zp));
527 const uint64_t projid = zp->z_projid;
528
529 /*
530 * Write the file in reasonable size chunks. Each chunk is written
531 * in a separate transaction; this keeps the intent log records small
532 * and allows us to do more fine-grained space accounting.
533 */
534 while (n > 0) {
535 woff = zfs_uio_offset(uio);
536
537 if (zfs_id_overblockquota(zfsvfs, DMU_USERUSED_OBJECT, uid) ||
538 zfs_id_overblockquota(zfsvfs, DMU_GROUPUSED_OBJECT, gid) ||
539 (projid != ZFS_DEFAULT_PROJID &&
540 zfs_id_overblockquota(zfsvfs, DMU_PROJECTUSED_OBJECT,
541 projid))) {
542 error = SET_ERROR(EDQUOT);
543 break;
544 }
545
546 uint64_t blksz;
547 if (lr->lr_length == UINT64_MAX && zp->z_size <= zp->z_blksz) {
548 if (zp->z_blksz > zfsvfs->z_max_blksz &&
549 !ISP2(zp->z_blksz)) {
550 /*
551 * File's blocksize is already larger than the
552 * "recordsize" property. Only let it grow to
553 * the next power of 2.
554 */
555 blksz = 1 << highbit64(zp->z_blksz);
556 } else {
557 blksz = zfsvfs->z_max_blksz;
558 }
559 blksz = MIN(blksz, P2ROUNDUP(end_size,
560 SPA_MINBLOCKSIZE));
561 blksz = MAX(blksz, zp->z_blksz);
562 } else {
563 blksz = zp->z_blksz;
564 }
565
566 arc_buf_t *abuf = NULL;
567 ssize_t nbytes = n;
568 if (n >= blksz && woff >= zp->z_size &&
569 P2PHASE(woff, blksz) == 0 &&
570 (blksz >= SPA_OLD_MAXBLOCKSIZE || n < 4 * blksz)) {
571 /*
572 * This write covers a full block. "Borrow" a buffer
573 * from the dmu so that we can fill it before we enter
574 * a transaction. This avoids the possibility of
575 * holding up the transaction if the data copy hangs
576 * up on a pagefault (e.g., from an NFS server mapping).
577 */
578 abuf = dmu_request_arcbuf(sa_get_db(zp->z_sa_hdl),
579 blksz);
580 ASSERT(abuf != NULL);
581 ASSERT(arc_buf_size(abuf) == blksz);
582 if ((error = zfs_uiocopy(abuf->b_data, blksz,
583 UIO_WRITE, uio, &nbytes))) {
584 dmu_return_arcbuf(abuf);
585 break;
586 }
587 ASSERT3S(nbytes, ==, blksz);
588 } else {
589 nbytes = MIN(n, (DMU_MAX_ACCESS >> 1) -
590 P2PHASE(woff, blksz));
591 if (pfbytes < nbytes) {
592 if (zfs_uio_prefaultpages(nbytes, uio)) {
593 error = SET_ERROR(EFAULT);
594 break;
595 }
596 pfbytes = nbytes;
597 }
598 }
599
600 /*
601 * Start a transaction.
602 */
603 dmu_tx_t *tx = dmu_tx_create(zfsvfs->z_os);
604 dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
605 dmu_buf_impl_t *db = (dmu_buf_impl_t *)sa_get_db(zp->z_sa_hdl);
606 DB_DNODE_ENTER(db);
607 dmu_tx_hold_write_by_dnode(tx, DB_DNODE(db), woff, nbytes);
608 DB_DNODE_EXIT(db);
609 zfs_sa_upgrade_txholds(tx, zp);
610 error = dmu_tx_assign(tx, TXG_WAIT);
611 if (error) {
612 dmu_tx_abort(tx);
613 if (abuf != NULL)
614 dmu_return_arcbuf(abuf);
615 break;
616 }
617
618 /*
619 * NB: We must call zfs_clear_setid_bits_if_necessary before
620 * committing the transaction!
621 */
622
623 /*
624 * If rangelock_enter() over-locked we grow the blocksize
625 * and then reduce the lock range. This will only happen
626 * on the first iteration since rangelock_reduce() will
627 * shrink down lr_length to the appropriate size.
628 */
629 if (lr->lr_length == UINT64_MAX) {
630 zfs_grow_blocksize(zp, blksz, tx);
631 zfs_rangelock_reduce(lr, woff, n);
632 }
633
634 ssize_t tx_bytes;
635 if (abuf == NULL) {
636 tx_bytes = zfs_uio_resid(uio);
637 zfs_uio_fault_disable(uio, B_TRUE);
638 error = dmu_write_uio_dbuf(sa_get_db(zp->z_sa_hdl),
639 uio, nbytes, tx);
640 zfs_uio_fault_disable(uio, B_FALSE);
641 #ifdef __linux__
642 if (error == EFAULT) {
643 zfs_clear_setid_bits_if_necessary(zfsvfs, zp,
644 cr, &clear_setid_bits_txg, tx);
645 dmu_tx_commit(tx);
646 /*
647 * Account for partial writes before
648 * continuing the loop.
649 * Update needs to occur before the next
650 * zfs_uio_prefaultpages, or prefaultpages may
651 * error, and we may break the loop early.
652 */
653 n -= tx_bytes - zfs_uio_resid(uio);
654 pfbytes -= tx_bytes - zfs_uio_resid(uio);
655 continue;
656 }
657 #endif
658 /*
659 * On FreeBSD, EFAULT should be propagated back to the
660 * VFS, which will handle faulting and will retry.
661 */
662 if (error != 0 && error != EFAULT) {
663 zfs_clear_setid_bits_if_necessary(zfsvfs, zp,
664 cr, &clear_setid_bits_txg, tx);
665 dmu_tx_commit(tx);
666 break;
667 }
668 tx_bytes -= zfs_uio_resid(uio);
669 } else {
670 /*
671 * Thus, we're writing a full block at a block-aligned
672 * offset and extending the file past EOF.
673 *
674 * dmu_assign_arcbuf_by_dbuf() will directly assign the
675 * arc buffer to a dbuf.
676 */
677 error = dmu_assign_arcbuf_by_dbuf(
678 sa_get_db(zp->z_sa_hdl), woff, abuf, tx);
679 if (error != 0) {
680 /*
681 * XXX This might not be necessary if
682 * dmu_assign_arcbuf_by_dbuf is guaranteed
683 * to be atomic.
684 */
685 zfs_clear_setid_bits_if_necessary(zfsvfs, zp,
686 cr, &clear_setid_bits_txg, tx);
687 dmu_return_arcbuf(abuf);
688 dmu_tx_commit(tx);
689 break;
690 }
691 ASSERT3S(nbytes, <=, zfs_uio_resid(uio));
692 zfs_uioskip(uio, nbytes);
693 tx_bytes = nbytes;
694 }
695 if (tx_bytes &&
696 zn_has_cached_data(zp, woff, woff + tx_bytes - 1) &&
697 !(ioflag & O_DIRECT)) {
698 update_pages(zp, woff, tx_bytes, zfsvfs->z_os);
699 }
700
701 /*
702 * If we made no progress, we're done. If we made even
703 * partial progress, update the znode and ZIL accordingly.
704 */
705 if (tx_bytes == 0) {
706 (void) sa_update(zp->z_sa_hdl, SA_ZPL_SIZE(zfsvfs),
707 (void *)&zp->z_size, sizeof (uint64_t), tx);
708 dmu_tx_commit(tx);
709 ASSERT(error != 0);
710 break;
711 }
712
713 zfs_clear_setid_bits_if_necessary(zfsvfs, zp, cr,
714 &clear_setid_bits_txg, tx);
715
716 zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime);
717
718 /*
719 * Update the file size (zp_size) if it has changed;
720 * account for possible concurrent updates.
721 */
722 while ((end_size = zp->z_size) < zfs_uio_offset(uio)) {
723 (void) atomic_cas_64(&zp->z_size, end_size,
724 zfs_uio_offset(uio));
725 ASSERT(error == 0 || error == EFAULT);
726 }
727 /*
728 * If we are replaying and eof is non zero then force
729 * the file size to the specified eof. Note, there's no
730 * concurrency during replay.
731 */
732 if (zfsvfs->z_replay && zfsvfs->z_replay_eof != 0)
733 zp->z_size = zfsvfs->z_replay_eof;
734
735 error1 = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
736 if (error1 != 0)
737 /* Avoid clobbering EFAULT. */
738 error = error1;
739
740 /*
741 * NB: During replay, the TX_SETATTR record logged by
742 * zfs_clear_setid_bits_if_necessary must precede any of
743 * the TX_WRITE records logged here.
744 */
745 zfs_log_write(zilog, tx, TX_WRITE, zp, woff, tx_bytes, ioflag,
746 NULL, NULL);
747
748 dmu_tx_commit(tx);
749
750 if (error != 0)
751 break;
752 ASSERT3S(tx_bytes, ==, nbytes);
753 n -= nbytes;
754 pfbytes -= nbytes;
755 }
756
757 zfs_znode_update_vfs(zp);
758 zfs_rangelock_exit(lr);
759
760 /*
761 * If we're in replay mode, or we made no progress, or the
762 * uio data is inaccessible return an error. Otherwise, it's
763 * at least a partial write, so it's successful.
764 */
765 if (zfsvfs->z_replay || zfs_uio_resid(uio) == start_resid ||
766 error == EFAULT) {
767 zfs_exit(zfsvfs, FTAG);
768 return (error);
769 }
770
771 if (ioflag & (O_SYNC | O_DSYNC) ||
772 zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
773 zil_commit(zilog, zp->z_id);
774
775 const int64_t nwritten = start_resid - zfs_uio_resid(uio);
776 dataset_kstats_update_write_kstats(&zfsvfs->z_kstat, nwritten);
777 task_io_account_write(nwritten);
778
779 zfs_exit(zfsvfs, FTAG);
780 return (0);
781 }
782
783 int
784 zfs_getsecattr(znode_t *zp, vsecattr_t *vsecp, int flag, cred_t *cr)
785 {
786 zfsvfs_t *zfsvfs = ZTOZSB(zp);
787 int error;
788 boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
789
790 if ((error = zfs_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
791 return (error);
792 error = zfs_getacl(zp, vsecp, skipaclchk, cr);
793 zfs_exit(zfsvfs, FTAG);
794
795 return (error);
796 }
797
798 int
799 zfs_setsecattr(znode_t *zp, vsecattr_t *vsecp, int flag, cred_t *cr)
800 {
801 zfsvfs_t *zfsvfs = ZTOZSB(zp);
802 int error;
803 boolean_t skipaclchk = (flag & ATTR_NOACLCHECK) ? B_TRUE : B_FALSE;
804 zilog_t *zilog;
805
806 if ((error = zfs_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
807 return (error);
808 zilog = zfsvfs->z_log;
809 error = zfs_setacl(zp, vsecp, skipaclchk, cr);
810
811 if (zfsvfs->z_os->os_sync == ZFS_SYNC_ALWAYS)
812 zil_commit(zilog, 0);
813
814 zfs_exit(zfsvfs, FTAG);
815 return (error);
816 }
817
818 #ifdef ZFS_DEBUG
819 static int zil_fault_io = 0;
820 #endif
821
822 static void zfs_get_done(zgd_t *zgd, int error);
823
824 /*
825 * Get data to generate a TX_WRITE intent log record.
826 */
827 int
828 zfs_get_data(void *arg, uint64_t gen, lr_write_t *lr, char *buf,
829 struct lwb *lwb, zio_t *zio)
830 {
831 zfsvfs_t *zfsvfs = arg;
832 objset_t *os = zfsvfs->z_os;
833 znode_t *zp;
834 uint64_t object = lr->lr_foid;
835 uint64_t offset = lr->lr_offset;
836 uint64_t size = lr->lr_length;
837 dmu_buf_t *db;
838 zgd_t *zgd;
839 int error = 0;
840 uint64_t zp_gen;
841
842 ASSERT3P(lwb, !=, NULL);
843 ASSERT3U(size, !=, 0);
844
845 /*
846 * Nothing to do if the file has been removed
847 */
848 if (zfs_zget(zfsvfs, object, &zp) != 0)
849 return (SET_ERROR(ENOENT));
850 if (zp->z_unlinked) {
851 /*
852 * Release the vnode asynchronously as we currently have the
853 * txg stopped from syncing.
854 */
855 zfs_zrele_async(zp);
856 return (SET_ERROR(ENOENT));
857 }
858 /* check if generation number matches */
859 if (sa_lookup(zp->z_sa_hdl, SA_ZPL_GEN(zfsvfs), &zp_gen,
860 sizeof (zp_gen)) != 0) {
861 zfs_zrele_async(zp);
862 return (SET_ERROR(EIO));
863 }
864 if (zp_gen != gen) {
865 zfs_zrele_async(zp);
866 return (SET_ERROR(ENOENT));
867 }
868
869 zgd = kmem_zalloc(sizeof (zgd_t), KM_SLEEP);
870 zgd->zgd_lwb = lwb;
871 zgd->zgd_private = zp;
872
873 /*
874 * Write records come in two flavors: immediate and indirect.
875 * For small writes it's cheaper to store the data with the
876 * log record (immediate); for large writes it's cheaper to
877 * sync the data and get a pointer to it (indirect) so that
878 * we don't have to write the data twice.
879 */
880 if (buf != NULL) { /* immediate write */
881 zgd->zgd_lr = zfs_rangelock_enter(&zp->z_rangelock,
882 offset, size, RL_READER);
883 /* test for truncation needs to be done while range locked */
884 if (offset >= zp->z_size) {
885 error = SET_ERROR(ENOENT);
886 } else {
887 error = dmu_read(os, object, offset, size, buf,
888 DMU_READ_NO_PREFETCH);
889 }
890 ASSERT(error == 0 || error == ENOENT);
891 } else { /* indirect write */
892 ASSERT3P(zio, !=, NULL);
893 /*
894 * Have to lock the whole block to ensure when it's
895 * written out and its checksum is being calculated
896 * that no one can change the data. We need to re-check
897 * blocksize after we get the lock in case it's changed!
898 */
899 for (;;) {
900 uint64_t blkoff;
901 size = zp->z_blksz;
902 blkoff = ISP2(size) ? P2PHASE(offset, size) : offset;
903 offset -= blkoff;
904 zgd->zgd_lr = zfs_rangelock_enter(&zp->z_rangelock,
905 offset, size, RL_READER);
906 if (zp->z_blksz == size)
907 break;
908 offset += blkoff;
909 zfs_rangelock_exit(zgd->zgd_lr);
910 }
911 /* test for truncation needs to be done while range locked */
912 if (lr->lr_offset >= zp->z_size)
913 error = SET_ERROR(ENOENT);
914 #ifdef ZFS_DEBUG
915 if (zil_fault_io) {
916 error = SET_ERROR(EIO);
917 zil_fault_io = 0;
918 }
919 #endif
920 if (error == 0)
921 error = dmu_buf_hold_noread(os, object, offset, zgd,
922 &db);
923
924 if (error == 0) {
925 blkptr_t *bp = &lr->lr_blkptr;
926
927 zgd->zgd_db = db;
928 zgd->zgd_bp = bp;
929
930 ASSERT(db->db_offset == offset);
931 ASSERT(db->db_size == size);
932
933 error = dmu_sync(zio, lr->lr_common.lrc_txg,
934 zfs_get_done, zgd);
935 ASSERT(error || lr->lr_length <= size);
936
937 /*
938 * On success, we need to wait for the write I/O
939 * initiated by dmu_sync() to complete before we can
940 * release this dbuf. We will finish everything up
941 * in the zfs_get_done() callback.
942 */
943 if (error == 0)
944 return (0);
945
946 if (error == EALREADY) {
947 lr->lr_common.lrc_txtype = TX_WRITE2;
948 /*
949 * TX_WRITE2 relies on the data previously
950 * written by the TX_WRITE that caused
951 * EALREADY. We zero out the BP because
952 * it is the old, currently-on-disk BP.
953 */
954 zgd->zgd_bp = NULL;
955 BP_ZERO(bp);
956 error = 0;
957 }
958 }
959 }
960
961 zfs_get_done(zgd, error);
962
963 return (error);
964 }
965
966
967 static void
968 zfs_get_done(zgd_t *zgd, int error)
969 {
970 (void) error;
971 znode_t *zp = zgd->zgd_private;
972
973 if (zgd->zgd_db)
974 dmu_buf_rele(zgd->zgd_db, zgd);
975
976 zfs_rangelock_exit(zgd->zgd_lr);
977
978 /*
979 * Release the vnode asynchronously as we currently have the
980 * txg stopped from syncing.
981 */
982 zfs_zrele_async(zp);
983
984 kmem_free(zgd, sizeof (zgd_t));
985 }
986
987 static int
988 zfs_enter_two(zfsvfs_t *zfsvfs1, zfsvfs_t *zfsvfs2, const char *tag)
989 {
990 int error;
991
992 /* Swap. Not sure if the order of zfs_enter()s is important. */
993 if (zfsvfs1 > zfsvfs2) {
994 zfsvfs_t *tmpzfsvfs;
995
996 tmpzfsvfs = zfsvfs2;
997 zfsvfs2 = zfsvfs1;
998 zfsvfs1 = tmpzfsvfs;
999 }
1000
1001 error = zfs_enter(zfsvfs1, tag);
1002 if (error != 0)
1003 return (error);
1004 if (zfsvfs1 != zfsvfs2) {
1005 error = zfs_enter(zfsvfs2, tag);
1006 if (error != 0) {
1007 zfs_exit(zfsvfs1, tag);
1008 return (error);
1009 }
1010 }
1011
1012 return (0);
1013 }
1014
1015 static void
1016 zfs_exit_two(zfsvfs_t *zfsvfs1, zfsvfs_t *zfsvfs2, const char *tag)
1017 {
1018
1019 zfs_exit(zfsvfs1, tag);
1020 if (zfsvfs1 != zfsvfs2)
1021 zfs_exit(zfsvfs2, tag);
1022 }
1023
1024 /*
1025 * We split each clone request in chunks that can fit into a single ZIL
1026 * log entry. Each ZIL log entry can fit 130816 bytes for a block cloning
1027 * operation (see zil_max_log_data() and zfs_log_clone_range()). This gives
1028 * us room for storing 1022 block pointers.
1029 *
1030 * On success, the function return the number of bytes copied in *lenp.
1031 * Note, it doesn't return how much bytes are left to be copied.
1032 * On errors which are caused by any file system limitations or
1033 * brt limitations `EINVAL` is returned. In the most cases a user
1034 * requested bad parameters, it could be possible to clone the file but
1035 * some parameters don't match the requirements.
1036 */
1037 int
1038 zfs_clone_range(znode_t *inzp, uint64_t *inoffp, znode_t *outzp,
1039 uint64_t *outoffp, uint64_t *lenp, cred_t *cr)
1040 {
1041 zfsvfs_t *inzfsvfs, *outzfsvfs;
1042 objset_t *inos, *outos;
1043 zfs_locked_range_t *inlr, *outlr;
1044 dmu_buf_impl_t *db;
1045 dmu_tx_t *tx;
1046 zilog_t *zilog;
1047 uint64_t inoff, outoff, len, done;
1048 uint64_t outsize, size;
1049 int error;
1050 int count = 0;
1051 sa_bulk_attr_t bulk[3];
1052 uint64_t mtime[2], ctime[2];
1053 uint64_t uid, gid, projid;
1054 blkptr_t *bps;
1055 size_t maxblocks, nbps;
1056 uint_t inblksz;
1057 uint64_t clear_setid_bits_txg = 0;
1058
1059 inoff = *inoffp;
1060 outoff = *outoffp;
1061 len = *lenp;
1062 done = 0;
1063
1064 inzfsvfs = ZTOZSB(inzp);
1065 outzfsvfs = ZTOZSB(outzp);
1066
1067 /*
1068 * We need to call zfs_enter() potentially on two different datasets,
1069 * so we need a dedicated function for that.
1070 */
1071 error = zfs_enter_two(inzfsvfs, outzfsvfs, FTAG);
1072 if (error != 0)
1073 return (error);
1074
1075 inos = inzfsvfs->z_os;
1076 outos = outzfsvfs->z_os;
1077
1078 /*
1079 * Both source and destination have to belong to the same storage pool.
1080 */
1081 if (dmu_objset_spa(inos) != dmu_objset_spa(outos)) {
1082 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1083 return (SET_ERROR(EXDEV));
1084 }
1085
1086 /*
1087 * outos and inos belongs to the same storage pool.
1088 * see a few lines above, only one check.
1089 */
1090 if (!spa_feature_is_enabled(dmu_objset_spa(outos),
1091 SPA_FEATURE_BLOCK_CLONING)) {
1092 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1093 return (SET_ERROR(EOPNOTSUPP));
1094 }
1095
1096 ASSERT(!outzfsvfs->z_replay);
1097
1098 /*
1099 * Block cloning from an unencrypted dataset into an encrypted
1100 * dataset and vice versa is not supported.
1101 */
1102 if (inos->os_encrypted != outos->os_encrypted) {
1103 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1104 return (SET_ERROR(EXDEV));
1105 }
1106
1107 /*
1108 * Cloning across encrypted datasets is possible only if they
1109 * share the same master key.
1110 */
1111 if (inos != outos && inos->os_encrypted &&
1112 !dmu_objset_crypto_key_equal(inos, outos)) {
1113 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1114 return (SET_ERROR(EXDEV));
1115 }
1116
1117 error = zfs_verify_zp(inzp);
1118 if (error == 0)
1119 error = zfs_verify_zp(outzp);
1120 if (error != 0) {
1121 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1122 return (error);
1123 }
1124
1125 /*
1126 * We don't copy source file's flags that's why we don't allow to clone
1127 * files that are in quarantine.
1128 */
1129 if (inzp->z_pflags & ZFS_AV_QUARANTINED) {
1130 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1131 return (SET_ERROR(EACCES));
1132 }
1133
1134 if (inoff >= inzp->z_size) {
1135 *lenp = 0;
1136 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1137 return (0);
1138 }
1139 if (len > inzp->z_size - inoff) {
1140 len = inzp->z_size - inoff;
1141 }
1142 if (len == 0) {
1143 *lenp = 0;
1144 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1145 return (0);
1146 }
1147
1148 /*
1149 * Callers might not be able to detect properly that we are read-only,
1150 * so check it explicitly here.
1151 */
1152 if (zfs_is_readonly(outzfsvfs)) {
1153 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1154 return (SET_ERROR(EROFS));
1155 }
1156
1157 /*
1158 * If immutable or not appending then return EPERM.
1159 * Intentionally allow ZFS_READONLY through here.
1160 * See zfs_zaccess_common()
1161 */
1162 if ((outzp->z_pflags & ZFS_IMMUTABLE) != 0) {
1163 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1164 return (SET_ERROR(EPERM));
1165 }
1166
1167 /*
1168 * No overlapping if we are cloning within the same file.
1169 */
1170 if (inzp == outzp) {
1171 if (inoff < outoff + len && outoff < inoff + len) {
1172 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1173 return (SET_ERROR(EINVAL));
1174 }
1175 }
1176
1177 /*
1178 * Maintain predictable lock order.
1179 */
1180 if (inzp < outzp || (inzp == outzp && inoff < outoff)) {
1181 inlr = zfs_rangelock_enter(&inzp->z_rangelock, inoff, len,
1182 RL_READER);
1183 outlr = zfs_rangelock_enter(&outzp->z_rangelock, outoff, len,
1184 RL_WRITER);
1185 } else {
1186 outlr = zfs_rangelock_enter(&outzp->z_rangelock, outoff, len,
1187 RL_WRITER);
1188 inlr = zfs_rangelock_enter(&inzp->z_rangelock, inoff, len,
1189 RL_READER);
1190 }
1191
1192 inblksz = inzp->z_blksz;
1193
1194 /*
1195 * We cannot clone into a file with different block size if we can't
1196 * grow it (block size is already bigger, has more than one block, or
1197 * not locked for growth). There are other possible reasons for the
1198 * grow to fail, but we cover what we can before opening transaction
1199 * and the rest detect after we try to do it.
1200 */
1201 if (inblksz < outzp->z_blksz) {
1202 error = SET_ERROR(EINVAL);
1203 goto unlock;
1204 }
1205 if (inblksz != outzp->z_blksz && (outzp->z_size > outzp->z_blksz ||
1206 outlr->lr_length != UINT64_MAX)) {
1207 error = SET_ERROR(EINVAL);
1208 goto unlock;
1209 }
1210
1211 /*
1212 * Block size must be power-of-2 if destination offset != 0.
1213 * There can be no multiple blocks of non-power-of-2 size.
1214 */
1215 if (outoff != 0 && !ISP2(inblksz)) {
1216 error = SET_ERROR(EINVAL);
1217 goto unlock;
1218 }
1219
1220 /*
1221 * Offsets and len must be at block boundries.
1222 */
1223 if ((inoff % inblksz) != 0 || (outoff % inblksz) != 0) {
1224 error = SET_ERROR(EINVAL);
1225 goto unlock;
1226 }
1227 /*
1228 * Length must be multipe of blksz, except for the end of the file.
1229 */
1230 if ((len % inblksz) != 0 &&
1231 (len < inzp->z_size - inoff || len < outzp->z_size - outoff)) {
1232 error = SET_ERROR(EINVAL);
1233 goto unlock;
1234 }
1235
1236 /*
1237 * If we are copying only one block and it is smaller than recordsize
1238 * property, do not allow destination to grow beyond one block if it
1239 * is not there yet. Otherwise the destination will get stuck with
1240 * that block size forever, that can be as small as 512 bytes, no
1241 * matter how big the destination grow later.
1242 */
1243 if (len <= inblksz && inblksz < outzfsvfs->z_max_blksz &&
1244 outzp->z_size <= inblksz && outoff + len > inblksz) {
1245 error = SET_ERROR(EINVAL);
1246 goto unlock;
1247 }
1248
1249 error = zn_rlimit_fsize(outoff + len);
1250 if (error != 0) {
1251 goto unlock;
1252 }
1253
1254 if (inoff >= MAXOFFSET_T || outoff >= MAXOFFSET_T) {
1255 error = SET_ERROR(EFBIG);
1256 goto unlock;
1257 }
1258
1259 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(outzfsvfs), NULL,
1260 &mtime, 16);
1261 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(outzfsvfs), NULL,
1262 &ctime, 16);
1263 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(outzfsvfs), NULL,
1264 &outzp->z_size, 8);
1265
1266 zilog = outzfsvfs->z_log;
1267 maxblocks = zil_max_log_data(zilog, sizeof (lr_clone_range_t)) /
1268 sizeof (bps[0]);
1269
1270 uid = KUID_TO_SUID(ZTOUID(outzp));
1271 gid = KGID_TO_SGID(ZTOGID(outzp));
1272 projid = outzp->z_projid;
1273
1274 bps = vmem_alloc(sizeof (bps[0]) * maxblocks, KM_SLEEP);
1275
1276 /*
1277 * Clone the file in reasonable size chunks. Each chunk is cloned
1278 * in a separate transaction; this keeps the intent log records small
1279 * and allows us to do more fine-grained space accounting.
1280 */
1281 while (len > 0) {
1282 size = MIN(inblksz * maxblocks, len);
1283
1284 if (zfs_id_overblockquota(outzfsvfs, DMU_USERUSED_OBJECT,
1285 uid) ||
1286 zfs_id_overblockquota(outzfsvfs, DMU_GROUPUSED_OBJECT,
1287 gid) ||
1288 (projid != ZFS_DEFAULT_PROJID &&
1289 zfs_id_overblockquota(outzfsvfs, DMU_PROJECTUSED_OBJECT,
1290 projid))) {
1291 error = SET_ERROR(EDQUOT);
1292 break;
1293 }
1294
1295 nbps = maxblocks;
1296 error = dmu_read_l0_bps(inos, inzp->z_id, inoff, size, bps,
1297 &nbps);
1298 if (error != 0) {
1299 /*
1300 * If we are trying to clone a block that was created
1301 * in the current transaction group, error will be
1302 * EAGAIN here, which we can just return to the caller
1303 * so it can fallback if it likes.
1304 */
1305 break;
1306 }
1307
1308 /*
1309 * Start a transaction.
1310 */
1311 tx = dmu_tx_create(outos);
1312 dmu_tx_hold_sa(tx, outzp->z_sa_hdl, B_FALSE);
1313 db = (dmu_buf_impl_t *)sa_get_db(outzp->z_sa_hdl);
1314 DB_DNODE_ENTER(db);
1315 dmu_tx_hold_clone_by_dnode(tx, DB_DNODE(db), outoff, size);
1316 DB_DNODE_EXIT(db);
1317 zfs_sa_upgrade_txholds(tx, outzp);
1318 error = dmu_tx_assign(tx, TXG_WAIT);
1319 if (error != 0) {
1320 dmu_tx_abort(tx);
1321 break;
1322 }
1323
1324 /*
1325 * Copy source znode's block size. This is done only if the
1326 * whole znode is locked (see zfs_rangelock_cb()) and only
1327 * on the first iteration since zfs_rangelock_reduce() will
1328 * shrink down lr_length to the appropriate size.
1329 */
1330 if (outlr->lr_length == UINT64_MAX) {
1331 zfs_grow_blocksize(outzp, inblksz, tx);
1332
1333 /*
1334 * Block growth may fail for many reasons we can not
1335 * predict here. If it happen the cloning is doomed.
1336 */
1337 if (inblksz != outzp->z_blksz) {
1338 error = SET_ERROR(EINVAL);
1339 dmu_tx_abort(tx);
1340 break;
1341 }
1342
1343 /*
1344 * Round range lock up to the block boundary, so we
1345 * prevent appends until we are done.
1346 */
1347 zfs_rangelock_reduce(outlr, outoff,
1348 ((len - 1) / inblksz + 1) * inblksz);
1349 }
1350
1351 error = dmu_brt_clone(outos, outzp->z_id, outoff, size, tx,
1352 bps, nbps);
1353 if (error != 0) {
1354 dmu_tx_commit(tx);
1355 break;
1356 }
1357
1358 if (zn_has_cached_data(outzp, outoff, outoff + size - 1)) {
1359 update_pages(outzp, outoff, size, outos);
1360 }
1361
1362 zfs_clear_setid_bits_if_necessary(outzfsvfs, outzp, cr,
1363 &clear_setid_bits_txg, tx);
1364
1365 zfs_tstamp_update_setup(outzp, CONTENT_MODIFIED, mtime, ctime);
1366
1367 /*
1368 * Update the file size (zp_size) if it has changed;
1369 * account for possible concurrent updates.
1370 */
1371 while ((outsize = outzp->z_size) < outoff + size) {
1372 (void) atomic_cas_64(&outzp->z_size, outsize,
1373 outoff + size);
1374 }
1375
1376 error = sa_bulk_update(outzp->z_sa_hdl, bulk, count, tx);
1377
1378 zfs_log_clone_range(zilog, tx, TX_CLONE_RANGE, outzp, outoff,
1379 size, inblksz, bps, nbps);
1380
1381 dmu_tx_commit(tx);
1382
1383 if (error != 0)
1384 break;
1385
1386 inoff += size;
1387 outoff += size;
1388 len -= size;
1389 done += size;
1390 }
1391
1392 vmem_free(bps, sizeof (bps[0]) * maxblocks);
1393 zfs_znode_update_vfs(outzp);
1394
1395 unlock:
1396 zfs_rangelock_exit(outlr);
1397 zfs_rangelock_exit(inlr);
1398
1399 if (done > 0) {
1400 /*
1401 * If we have made at least partial progress, reset the error.
1402 */
1403 error = 0;
1404
1405 ZFS_ACCESSTIME_STAMP(inzfsvfs, inzp);
1406
1407 if (outos->os_sync == ZFS_SYNC_ALWAYS) {
1408 zil_commit(zilog, outzp->z_id);
1409 }
1410
1411 *inoffp += done;
1412 *outoffp += done;
1413 *lenp = done;
1414 } else {
1415 /*
1416 * If we made no progress, there must be a good reason.
1417 * EOF is handled explicitly above, before the loop.
1418 */
1419 ASSERT3S(error, !=, 0);
1420 }
1421
1422 zfs_exit_two(inzfsvfs, outzfsvfs, FTAG);
1423
1424 return (error);
1425 }
1426
1427 /*
1428 * Usual pattern would be to call zfs_clone_range() from zfs_replay_clone(),
1429 * but we cannot do that, because when replaying we don't have source znode
1430 * available. This is why we need a dedicated replay function.
1431 */
1432 int
1433 zfs_clone_range_replay(znode_t *zp, uint64_t off, uint64_t len, uint64_t blksz,
1434 const blkptr_t *bps, size_t nbps)
1435 {
1436 zfsvfs_t *zfsvfs;
1437 dmu_buf_impl_t *db;
1438 dmu_tx_t *tx;
1439 int error;
1440 int count = 0;
1441 sa_bulk_attr_t bulk[3];
1442 uint64_t mtime[2], ctime[2];
1443
1444 ASSERT3U(off, <, MAXOFFSET_T);
1445 ASSERT3U(len, >, 0);
1446 ASSERT3U(nbps, >, 0);
1447
1448 zfsvfs = ZTOZSB(zp);
1449
1450 ASSERT(spa_feature_is_enabled(dmu_objset_spa(zfsvfs->z_os),
1451 SPA_FEATURE_BLOCK_CLONING));
1452
1453 if ((error = zfs_enter_verify_zp(zfsvfs, zp, FTAG)) != 0)
1454 return (error);
1455
1456 ASSERT(zfsvfs->z_replay);
1457 ASSERT(!zfs_is_readonly(zfsvfs));
1458
1459 if ((off % blksz) != 0) {
1460 zfs_exit(zfsvfs, FTAG);
1461 return (SET_ERROR(EINVAL));
1462 }
1463
1464 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_MTIME(zfsvfs), NULL, &mtime, 16);
1465 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_CTIME(zfsvfs), NULL, &ctime, 16);
1466 SA_ADD_BULK_ATTR(bulk, count, SA_ZPL_SIZE(zfsvfs), NULL,
1467 &zp->z_size, 8);
1468
1469 /*
1470 * Start a transaction.
1471 */
1472 tx = dmu_tx_create(zfsvfs->z_os);
1473
1474 dmu_tx_hold_sa(tx, zp->z_sa_hdl, B_FALSE);
1475 db = (dmu_buf_impl_t *)sa_get_db(zp->z_sa_hdl);
1476 DB_DNODE_ENTER(db);
1477 dmu_tx_hold_clone_by_dnode(tx, DB_DNODE(db), off, len);
1478 DB_DNODE_EXIT(db);
1479 zfs_sa_upgrade_txholds(tx, zp);
1480 error = dmu_tx_assign(tx, TXG_WAIT);
1481 if (error != 0) {
1482 dmu_tx_abort(tx);
1483 zfs_exit(zfsvfs, FTAG);
1484 return (error);
1485 }
1486
1487 if (zp->z_blksz < blksz)
1488 zfs_grow_blocksize(zp, blksz, tx);
1489
1490 dmu_brt_clone(zfsvfs->z_os, zp->z_id, off, len, tx, bps, nbps);
1491
1492 zfs_tstamp_update_setup(zp, CONTENT_MODIFIED, mtime, ctime);
1493
1494 if (zp->z_size < off + len)
1495 zp->z_size = off + len;
1496
1497 error = sa_bulk_update(zp->z_sa_hdl, bulk, count, tx);
1498
1499 /*
1500 * zil_replaying() not only check if we are replaying ZIL, but also
1501 * updates the ZIL header to record replay progress.
1502 */
1503 VERIFY(zil_replaying(zfsvfs->z_log, tx));
1504
1505 dmu_tx_commit(tx);
1506
1507 zfs_znode_update_vfs(zp);
1508
1509 zfs_exit(zfsvfs, FTAG);
1510
1511 return (error);
1512 }
1513
1514 EXPORT_SYMBOL(zfs_access);
1515 EXPORT_SYMBOL(zfs_fsync);
1516 EXPORT_SYMBOL(zfs_holey);
1517 EXPORT_SYMBOL(zfs_read);
1518 EXPORT_SYMBOL(zfs_write);
1519 EXPORT_SYMBOL(zfs_getsecattr);
1520 EXPORT_SYMBOL(zfs_setsecattr);
1521 EXPORT_SYMBOL(zfs_clone_range);
1522 EXPORT_SYMBOL(zfs_clone_range_replay);
1523
1524 ZFS_MODULE_PARAM(zfs_vnops, zfs_vnops_, read_chunk_size, U64, ZMOD_RW,
1525 "Bytes to read per chunk");
ZFS On Linux mirror for PVE