1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
4 * Copyright (c) 2012-2013 Red Hat, Inc.
8 #include "xfs_shared.h"
10 #include "xfs_format.h"
11 #include "xfs_log_format.h"
12 #include "xfs_trans_resv.h"
14 #include "xfs_mount.h"
16 #include "xfs_inode.h"
18 #include "xfs_bmap_btree.h"
19 #include "xfs_quota.h"
20 #include "xfs_symlink.h"
21 #include "xfs_trans_space.h"
22 #include "xfs_trace.h"
23 #include "xfs_trans.h"
24 #include "xfs_ialloc.h"
25 #include "xfs_error.h"
26 #include "xfs_health.h"
27 #include "xfs_symlink_remote.h"
34 struct xfs_mount *mp = ip->i_mount;
38 trace_xfs_readlink(ip);
40 if (xfs_is_shutdown(mp))
42 if (xfs_ifork_zapped(ip, XFS_DATA_FORK))
45 xfs_ilock(ip, XFS_ILOCK_SHARED);
47 pathlen = ip->i_disk_size;
51 if (pathlen < 0 || pathlen > XFS_SYMLINK_MAXLEN) {
52 xfs_alert(mp, "%s: inode (%llu) bad symlink length (%lld)",
53 __func__, (unsigned long long) ip->i_ino,
59 if (ip->i_df.if_format == XFS_DINODE_FMT_LOCAL) {
61 * The VFS crashes on a NULL pointer, so return -EFSCORRUPTED
64 if (XFS_IS_CORRUPT(ip->i_mount, !ip->i_df.if_data))
67 memcpy(link, ip->i_df.if_data, pathlen + 1);
70 error = xfs_symlink_remote_read(ip, link);
73 xfs_iunlock(ip, XFS_ILOCK_SHARED);
76 xfs_iunlock(ip, XFS_ILOCK_SHARED);
77 xfs_inode_mark_sick(ip, XFS_SICK_INO_SYMLINK);
83 struct mnt_idmap *idmap,
85 struct xfs_name *link_name,
86 const char *target_path,
88 struct xfs_inode **ipp)
90 struct xfs_mount *mp = dp->i_mount;
91 struct xfs_trans *tp = NULL;
92 struct xfs_inode *ip = NULL;
95 bool unlock_dp_on_error = false;
96 xfs_filblks_t fs_blocks;
98 struct xfs_dquot *udqp = NULL;
99 struct xfs_dquot *gdqp = NULL;
100 struct xfs_dquot *pdqp = NULL;
106 trace_xfs_symlink(dp, link_name);
108 if (xfs_is_shutdown(mp))
112 * Check component lengths of the target path name.
114 pathlen = strlen(target_path);
115 if (pathlen >= XFS_SYMLINK_MAXLEN) /* total string too long */
116 return -ENAMETOOLONG;
119 prid = xfs_get_initial_prid(dp);
122 * Make sure that we have allocated dquot(s) on disk.
124 error = xfs_qm_vop_dqalloc(dp, mapped_fsuid(idmap, &init_user_ns),
125 mapped_fsgid(idmap, &init_user_ns), prid,
126 XFS_QMOPT_QUOTALL | XFS_QMOPT_INHERIT,
127 &udqp, &gdqp, &pdqp);
132 * The symlink will fit into the inode data fork?
133 * There can't be any attributes so we get the whole variable part.
135 if (pathlen <= XFS_LITINO(mp))
138 fs_blocks = xfs_symlink_blocks(mp, pathlen);
139 resblks = XFS_SYMLINK_SPACE_RES(mp, link_name->len, fs_blocks);
141 error = xfs_trans_alloc_icreate(mp, &M_RES(mp)->tr_symlink, udqp, gdqp,
144 goto out_release_dquots;
146 xfs_ilock(dp, XFS_ILOCK_EXCL | XFS_ILOCK_PARENT);
147 unlock_dp_on_error = true;
150 * Check whether the directory allows new symlinks or not.
152 if (dp->i_diflags & XFS_DIFLAG_NOSYMLINKS) {
154 goto out_trans_cancel;
158 * Allocate an inode for the symlink.
160 error = xfs_dialloc(&tp, dp->i_ino, S_IFLNK, &ino);
162 error = xfs_init_new_inode(idmap, tp, dp, ino,
163 S_IFLNK | (mode & ~S_IFMT), 1, 0, prid,
166 goto out_trans_cancel;
169 * Now we join the directory inode to the transaction. We do not do it
170 * earlier because xfs_dir_ialloc might commit the previous transaction
171 * (and release all the locks). An error from here on will result in
172 * the transaction cancel unlocking dp so don't do it explicitly in the
175 xfs_trans_ijoin(tp, dp, XFS_ILOCK_EXCL);
176 unlock_dp_on_error = false;
179 * Also attach the dquot(s) to it, if applicable.
181 xfs_qm_vop_create_dqattach(tp, ip, udqp, gdqp, pdqp);
183 resblks -= XFS_IALLOC_SPACE_RES(mp);
184 error = xfs_symlink_write_target(tp, ip, target_path, pathlen,
187 goto out_trans_cancel;
188 resblks -= fs_blocks;
189 i_size_write(VFS_I(ip), ip->i_disk_size);
192 * Create the directory entry for the symlink.
194 error = xfs_dir_createname(tp, dp, link_name, ip->i_ino, resblks);
196 goto out_trans_cancel;
197 xfs_trans_ichgtime(tp, dp, XFS_ICHGTIME_MOD | XFS_ICHGTIME_CHG);
198 xfs_trans_log_inode(tp, dp, XFS_ILOG_CORE);
199 xfs_dir_update_hook(dp, ip, 1, link_name);
202 * If this is a synchronous mount, make sure that the
203 * symlink transaction goes to disk before returning to
206 if (xfs_has_wsync(mp) || xfs_has_dirsync(mp))
207 xfs_trans_set_sync(tp);
209 error = xfs_trans_commit(tp);
211 goto out_release_inode;
221 xfs_trans_cancel(tp);
224 * Wait until after the current transaction is aborted to finish the
225 * setup of the inode and release the inode. This prevents recursive
226 * transactions and deadlocks from xfs_inactive.
229 xfs_finish_inode_setup(ip);
237 if (unlock_dp_on_error)
238 xfs_iunlock(dp, XFS_ILOCK_EXCL);
243 * Free a symlink that has blocks associated with it.
245 * Note: zero length symlinks are not allowed to exist. When we set the size to
246 * zero, also change it to a regular file so that it does not get written to
247 * disk as a zero length symlink. The inode is on the unlinked list already, so
248 * userspace cannot find this inode anymore, so this change is not user visible
249 * but allows us to catch corrupt zero-length symlinks in the verifiers.
252 xfs_inactive_symlink_rmt(
253 struct xfs_inode *ip)
260 xfs_bmbt_irec_t mval[XFS_SYMLINK_MAPS];
266 ASSERT(!xfs_need_iread_extents(&ip->i_df));
268 * We're freeing a symlink that has some
269 * blocks allocated to it. Free the
270 * blocks here. We know that we've got
271 * either 1 or 2 extents and that we can
272 * free them all in one bunmapi call.
274 ASSERT(ip->i_df.if_nextents > 0 && ip->i_df.if_nextents <= 2);
276 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_itruncate, 0, 0, 0, &tp);
280 xfs_ilock(ip, XFS_ILOCK_EXCL);
281 xfs_trans_ijoin(tp, ip, 0);
284 * Lock the inode, fix the size, turn it into a regular file and join it
285 * to the transaction. Hold it so in the normal path, we still have it
286 * locked for the second transaction. In the error paths we need it
287 * held so the cancel won't rele it, see below.
289 size = (int)ip->i_disk_size;
291 VFS_I(ip)->i_mode = (VFS_I(ip)->i_mode & ~S_IFMT) | S_IFREG;
292 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
294 * Find the block(s) so we can inval and unmap them.
297 nmaps = ARRAY_SIZE(mval);
298 error = xfs_bmapi_read(ip, 0, xfs_symlink_blocks(mp, size),
301 goto error_trans_cancel;
303 * Invalidate the block(s). No validation is done.
305 for (i = 0; i < nmaps; i++) {
306 error = xfs_trans_get_buf(tp, mp->m_ddev_targp,
307 XFS_FSB_TO_DADDR(mp, mval[i].br_startblock),
308 XFS_FSB_TO_BB(mp, mval[i].br_blockcount), 0,
311 goto error_trans_cancel;
312 xfs_trans_binval(tp, bp);
315 * Unmap the dead block(s) to the dfops.
317 error = xfs_bunmapi(tp, ip, 0, size, 0, nmaps, &done);
319 goto error_trans_cancel;
323 * Commit the transaction. This first logs the EFI and the inode, then
324 * rolls and commits the transaction that frees the extents.
326 xfs_trans_log_inode(tp, ip, XFS_ILOG_CORE);
327 error = xfs_trans_commit(tp);
329 ASSERT(xfs_is_shutdown(mp));
334 * Remove the memory for extent descriptions (just bookkeeping).
336 if (ip->i_df.if_bytes)
337 xfs_idata_realloc(ip, -ip->i_df.if_bytes, XFS_DATA_FORK);
338 ASSERT(ip->i_df.if_bytes == 0);
340 xfs_iunlock(ip, XFS_ILOCK_EXCL);
344 xfs_trans_cancel(tp);
346 xfs_iunlock(ip, XFS_ILOCK_EXCL);
351 * xfs_inactive_symlink - free a symlink
354 xfs_inactive_symlink(
355 struct xfs_inode *ip)
357 struct xfs_mount *mp = ip->i_mount;
360 trace_xfs_inactive_symlink(ip);
362 if (xfs_is_shutdown(mp))
365 xfs_ilock(ip, XFS_ILOCK_EXCL);
366 pathlen = (int)ip->i_disk_size;
369 if (pathlen <= 0 || pathlen > XFS_SYMLINK_MAXLEN) {
370 xfs_alert(mp, "%s: inode (0x%llx) bad symlink length (%d)",
371 __func__, (unsigned long long)ip->i_ino, pathlen);
372 xfs_iunlock(ip, XFS_ILOCK_EXCL);
374 xfs_inode_mark_sick(ip, XFS_SICK_INO_SYMLINK);
375 return -EFSCORRUPTED;
379 * Inline fork state gets removed by xfs_difree() so we have nothing to
380 * do here in that case.
382 if (ip->i_df.if_format == XFS_DINODE_FMT_LOCAL) {
383 xfs_iunlock(ip, XFS_ILOCK_EXCL);
387 xfs_iunlock(ip, XFS_ILOCK_EXCL);
389 /* remove the remote symlink */
390 return xfs_inactive_symlink_rmt(ip);