License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 15:07:57 +01:00
// SPDX-License-Identifier: GPL-2.0
2006-10-11 01:20:50 -07:00
/*
2006-10-11 01:20:53 -07:00
* linux / fs / ext4 / namei . c
2006-10-11 01:20:50 -07:00
*
* Copyright ( C ) 1992 , 1993 , 1994 , 1995
* Remy Card ( card @ masi . ibp . fr )
* Laboratoire MASI - Institut Blaise Pascal
* Universite Pierre et Marie Curie ( Paris VI )
*
* from
*
* linux / fs / minix / namei . c
*
* Copyright ( C ) 1991 , 1992 Linus Torvalds
*
* Big - endian to little - endian byte - swapping / bitmaps by
* David S . Miller ( davem @ caip . rutgers . edu ) , 1995
* Directory entry file type support and forward compatibility hooks
* for B - tree directories by Theodore Ts ' o ( tytso @ mit . edu ) , 1998
* Hash Tree Directory indexing ( c )
* Daniel Phillips , 2001
* Hash Tree Directory indexing porting
* Christopher Li , 2002
* Hash Tree Directory indexing cleanup
* Theodore Ts ' o , 2002
*/
# include <linux/fs.h>
# include <linux/pagemap.h>
# include <linux/time.h>
# include <linux/fcntl.h>
# include <linux/stat.h>
# include <linux/string.h>
# include <linux/quotaops.h>
# include <linux/buffer_head.h>
# include <linux/bio.h>
2018-01-29 06:41:30 -05:00
# include <linux/iversion.h>
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
# include <linux/unicode.h>
2008-04-29 18:13:32 -04:00
# include "ext4.h"
# include "ext4_jbd2.h"
2006-10-11 01:20:50 -07:00
# include "xattr.h"
# include "acl.h"
2011-03-21 21:38:05 -04:00
# include <trace/events/ext4.h>
2006-10-11 01:20:50 -07:00
/*
* define how far ahead to read directories while searching them .
*/
# define NAMEI_RA_CHUNKS 2
# define NAMEI_RA_BLOCKS 4
2007-05-24 13:04:54 -04:00
# define NAMEI_RA_SIZE (NAMEI_RA_CHUNKS * NAMEI_RA_BLOCKS)
2006-10-11 01:20:50 -07:00
2006-10-11 01:20:53 -07:00
static struct buffer_head * ext4_append ( handle_t * handle ,
2006-10-11 01:20:50 -07:00
struct inode * inode ,
2013-02-15 03:35:57 -05:00
ext4_lblk_t * block )
2006-10-11 01:20:50 -07:00
{
2022-07-04 16:27:21 +02:00
struct ext4_map_blocks map ;
2006-10-11 01:20:50 -07:00
struct buffer_head * bh ;
2014-08-29 20:52:15 -04:00
int err ;
2006-10-11 01:20:50 -07:00
2012-08-17 09:48:17 -04:00
if ( unlikely ( EXT4_SB ( inode - > i_sb ) - > s_max_dir_size_kb & &
( ( inode - > i_size > > 10 ) > =
2013-02-15 03:35:57 -05:00
EXT4_SB ( inode - > i_sb ) - > s_max_dir_size_kb ) ) )
return ERR_PTR ( - ENOSPC ) ;
2012-08-17 09:48:17 -04:00
2006-10-11 01:20:50 -07:00
* block = inode - > i_size > > inode - > i_sb - > s_blocksize_bits ;
2022-07-04 16:27:21 +02:00
map . m_lblk = * block ;
map . m_len = 1 ;
/*
* We ' re appending new directory block . Make sure the block is not
* allocated yet , otherwise we will end up corrupting the
* directory .
*/
err = ext4_map_blocks ( NULL , inode , & map , 0 ) ;
if ( err < 0 )
return ERR_PTR ( err ) ;
if ( err ) {
EXT4_ERROR_INODE ( inode , " Logical block already allocated " ) ;
return ERR_PTR ( - EFSCORRUPTED ) ;
}
2006-10-11 01:20:50 -07:00
2015-06-21 01:25:29 -04:00
bh = ext4_bread ( handle , inode , * block , EXT4_GET_BLOCKS_CREATE ) ;
2014-08-29 20:52:15 -04:00
if ( IS_ERR ( bh ) )
return bh ;
2013-02-15 03:35:57 -05:00
inode - > i_size + = inode - > i_sb - > s_blocksize ;
EXT4_I ( inode ) - > i_disksize = inode - > i_size ;
2022-09-11 12:52:04 +08:00
err = ext4_mark_inode_dirty ( handle , inode ) ;
if ( err )
goto out ;
2014-05-12 22:06:43 -04:00
BUFFER_TRACE ( bh , " get_write_access " ) ;
2021-08-16 11:57:04 +02:00
err = ext4_journal_get_write_access ( handle , inode - > i_sb , bh ,
EXT4_JTR_NONE ) ;
2022-09-11 12:52:04 +08:00
if ( err )
goto out ;
2006-10-11 01:20:50 -07:00
return bh ;
2022-09-11 12:52:04 +08:00
out :
brelse ( bh ) ;
ext4_std_error ( inode - > i_sb , err ) ;
return ERR_PTR ( err ) ;
2006-10-11 01:20:50 -07:00
}
2013-02-14 23:59:26 -05:00
static int ext4_dx_csum_verify ( struct inode * inode ,
struct ext4_dir_entry * dirent ) ;
2019-06-20 21:19:02 -04:00
/*
* Hints to ext4_read_dirblock regarding whether we expect a directory
* block being read to be an index block , or a block containing
* directory entries ( and if the latter , whether it was found via a
* logical block in an htree index block ) . This is used to control
* what sort of sanity checkinig ext4_read_dirblock ( ) will do on the
* directory block read from the storage device . EITHER will means
* the caller doesn ' t know what kind of directory block will be read ,
* so no specific verification will be done .
*/
2013-02-14 23:59:26 -05:00
typedef enum {
2019-06-20 21:19:02 -04:00
EITHER , INDEX , DIRENT , DIRENT_HTREE
2013-02-14 23:59:26 -05:00
} dirblock_type_t ;
# define ext4_read_dirblock(inode, block, type) \
2015-06-15 14:50:26 -04:00
__ext4_read_dirblock ( ( inode ) , ( block ) , ( type ) , __func__ , __LINE__ )
2013-02-14 23:59:26 -05:00
static struct buffer_head * __ext4_read_dirblock ( struct inode * inode ,
2015-06-15 14:50:26 -04:00
ext4_lblk_t block ,
dirblock_type_t type ,
const char * func ,
unsigned int line )
2013-02-14 23:59:26 -05:00
{
struct buffer_head * bh ;
struct ext4_dir_entry * dirent ;
2014-08-29 20:52:15 -04:00
int is_dx_block = 0 ;
2013-02-14 23:59:26 -05:00
2022-08-22 13:48:32 +02:00
if ( block > = inode - > i_size > > inode - > i_blkbits ) {
2022-07-04 16:27:20 +02:00
ext4_error_inode ( inode , func , line , block ,
" Attempting to read directory block (%u) that is past i_size (%llu) " ,
block , inode - > i_size ) ;
return ERR_PTR ( - EFSCORRUPTED ) ;
}
2019-11-21 13:09:43 -05:00
if ( ext4_simulate_fail ( inode - > i_sb , EXT4_SIM_DIRBLOCK_EIO ) )
bh = ERR_PTR ( - EIO ) ;
else
bh = ext4_bread ( NULL , inode , block , 0 ) ;
2014-08-29 20:52:15 -04:00
if ( IS_ERR ( bh ) ) {
2015-06-15 14:50:26 -04:00
__ext4_warning ( inode - > i_sb , func , line ,
" inode #%lu: lblock %lu: comm %s: "
" error %ld reading directory block " ,
inode - > i_ino , ( unsigned long ) block ,
current - > comm , PTR_ERR ( bh ) ) ;
2014-08-29 20:52:15 -04:00
return bh ;
}
2019-06-20 21:19:02 -04:00
if ( ! bh & & ( type = = INDEX | | type = = DIRENT_HTREE ) ) {
2015-06-15 14:50:26 -04:00
ext4_error_inode ( inode , func , line , block ,
2019-06-20 21:19:02 -04:00
" Directory hole found for htree %s block " ,
( type = = INDEX ) ? " index " : " leaf " ) ;
2015-10-17 16:16:04 -04:00
return ERR_PTR ( - EFSCORRUPTED ) ;
2013-02-14 23:59:26 -05:00
}
2019-06-20 21:19:02 -04:00
if ( ! bh )
return NULL ;
2013-02-14 23:59:26 -05:00
dirent = ( struct ext4_dir_entry * ) bh - > b_data ;
/* Determine whether or not we have an index block */
if ( is_dx ( inode ) ) {
if ( block = = 0 )
is_dx_block = 1 ;
else if ( ext4_rec_len_from_disk ( dirent - > rec_len ,
inode - > i_sb - > s_blocksize ) = =
inode - > i_sb - > s_blocksize )
is_dx_block = 1 ;
}
if ( ! is_dx_block & & type = = INDEX ) {
2015-06-15 14:50:26 -04:00
ext4_error_inode ( inode , func , line , block ,
2013-02-14 23:59:26 -05:00
" directory leaf block found instead of index block " ) ;
2018-11-07 22:36:23 -05:00
brelse ( bh ) ;
2015-10-17 16:16:04 -04:00
return ERR_PTR ( - EFSCORRUPTED ) ;
2013-02-14 23:59:26 -05:00
}
2014-10-13 03:36:16 -04:00
if ( ! ext4_has_metadata_csum ( inode - > i_sb ) | |
2013-02-14 23:59:26 -05:00
buffer_verified ( bh ) )
return bh ;
/*
* An empty leaf block can get mistaken for a index block ; for
* this reason , we can only check the index checksum when the
* caller is sure it should be an index block .
*/
if ( is_dx_block & & type = = INDEX ) {
2019-11-21 13:09:43 -05:00
if ( ext4_dx_csum_verify ( inode , dirent ) & &
! ext4_simulate_fail ( inode - > i_sb , EXT4_SIM_DIRBLOCK_CRC ) )
2013-02-14 23:59:26 -05:00
set_buffer_verified ( bh ) ;
else {
2020-03-28 19:33:43 -04:00
ext4_error_inode_err ( inode , func , line , block ,
EFSBADCRC ,
" Directory index failed checksum " ) ;
2008-04-17 10:38:59 -04:00
brelse ( bh ) ;
2015-10-17 16:16:04 -04:00
return ERR_PTR ( - EFSBADCRC ) ;
2008-04-17 10:38:59 -04:00
}
2006-10-11 01:20:50 -07:00
}
2013-02-14 23:59:26 -05:00
if ( ! is_dx_block ) {
2019-11-21 13:09:43 -05:00
if ( ext4_dirblock_csum_verify ( inode , bh ) & &
! ext4_simulate_fail ( inode - > i_sb , EXT4_SIM_DIRBLOCK_CRC ) )
2013-02-14 23:59:26 -05:00
set_buffer_verified ( bh ) ;
else {
2020-03-28 19:33:43 -04:00
ext4_error_inode_err ( inode , func , line , block ,
EFSBADCRC ,
" Directory block failed checksum " ) ;
2013-02-14 23:59:26 -05:00
brelse ( bh ) ;
2015-10-17 16:16:04 -04:00
return ERR_PTR ( - EFSBADCRC ) ;
2013-02-14 23:59:26 -05:00
}
2012-09-27 09:31:33 -04:00
}
2006-10-11 01:20:50 -07:00
return bh ;
}
# ifdef DX_DEBUG
# define dxtrace(command) command
# else
# define dxtrace(command)
# endif
struct fake_dirent
{
__le32 inode ;
__le16 rec_len ;
u8 name_len ;
u8 file_type ;
} ;
struct dx_countlimit
{
__le16 limit ;
__le16 count ;
} ;
struct dx_entry
{
__le32 hash ;
__le32 block ;
} ;
/*
* dx_root_info is laid out so that if it should somehow get overlaid by a
* dirent the two low bits of the hash version will be zero . Therefore , the
* hash version mod 4 should never be 0. Sincerely , the paranoia department .
*/
struct dx_root
{
struct fake_dirent dot ;
char dot_name [ 4 ] ;
struct fake_dirent dotdot ;
char dotdot_name [ 4 ] ;
struct dx_root_info
{
__le32 reserved_zero ;
u8 hash_version ;
u8 info_length ; /* 8 */
u8 indirect_levels ;
u8 unused_flags ;
}
info ;
2020-02-13 10:06:48 -06:00
struct dx_entry entries [ ] ;
2006-10-11 01:20:50 -07:00
} ;
struct dx_node
{
struct fake_dirent fake ;
2020-02-13 10:06:48 -06:00
struct dx_entry entries [ ] ;
2006-10-11 01:20:50 -07:00
} ;
struct dx_frame
{
struct buffer_head * bh ;
struct dx_entry * entries ;
struct dx_entry * at ;
} ;
struct dx_map_entry
{
u32 hash ;
ext34: ensure do_split leaves enough free space in both blocks
The do_split() function for htree dir blocks is intended to split a leaf
block to make room for a new entry. It sorts the entries in the original
block by hash value, then moves the last half of the entries to the new
block - without accounting for how much space this actually moves. (IOW,
it moves half of the entry *count* not half of the entry *space*). If by
chance we have both large & small entries, and we move only the smallest
entries, and we have a large new entry to insert, we may not have created
enough space for it.
The patch below stores each record size when calculating the dx_map, and
then walks the hash-sorted dx_map, calculating how many entries must be
moved to more evenly split the existing entries between the old block and
the new block, guaranteeing enough space for the new entry.
The dx_map "offs" member is reduced to u16 so that the overall map size
does not change - it is temporarily stored at the end of the new block, and
if it grows too large it may be overwritten. By making offs and size both
u16, we won't grow the map size.
Also add a few comments to the functions involved.
This fixes the testcase reported by hooanon05@yahoo.co.jp on the
linux-ext4 list, "ext3 dir_index causes an error"
Thanks to Andreas Dilger for discussing the problem & solution with me.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Tested-by: Junjiro Okajima <hooanon05@yahoo.co.jp>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: <linux-ext4@vger.kernel.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-18 22:46:42 -07:00
u16 offs ;
u16 size ;
2006-10-11 01:20:50 -07:00
} ;
2012-04-29 18:23:10 -04:00
/*
* This goes at the end of each htree block .
*/
struct dx_tail {
u32 dt_reserved ;
__le32 dt_checksum ; /* crc32c(uuid+inum+dirblock) */
} ;
2008-01-28 23:58:27 -05:00
static inline ext4_lblk_t dx_get_block ( struct dx_entry * entry ) ;
static void dx_set_block ( struct dx_entry * entry , ext4_lblk_t value ) ;
2008-09-08 22:25:24 -04:00
static inline unsigned dx_get_hash ( struct dx_entry * entry ) ;
static void dx_set_hash ( struct dx_entry * entry , unsigned value ) ;
static unsigned dx_get_count ( struct dx_entry * entries ) ;
static unsigned dx_get_limit ( struct dx_entry * entries ) ;
static void dx_set_count ( struct dx_entry * entries , unsigned value ) ;
static void dx_set_limit ( struct dx_entry * entries , unsigned value ) ;
static unsigned dx_root_limit ( struct inode * dir , unsigned infosize ) ;
static unsigned dx_node_limit ( struct inode * dir ) ;
2015-05-18 13:14:47 -04:00
static struct dx_frame * dx_probe ( struct ext4_filename * fname ,
2006-10-11 01:20:50 -07:00
struct inode * dir ,
struct dx_hash_info * hinfo ,
2014-08-29 20:52:17 -04:00
struct dx_frame * frame ) ;
2008-09-08 22:25:24 -04:00
static void dx_release ( struct dx_frame * frames ) ;
2022-05-18 11:33:28 +02:00
static int dx_make_map ( struct inode * dir , struct buffer_head * bh ,
struct dx_hash_info * hinfo ,
struct dx_map_entry * map_tail ) ;
2006-10-11 01:20:50 -07:00
static void dx_sort_map ( struct dx_map_entry * map , unsigned count ) ;
2021-03-19 07:34:13 +00:00
static struct ext4_dir_entry_2 * dx_move_dirents ( struct inode * dir , char * from ,
char * to , struct dx_map_entry * offsets ,
int count , unsigned int blocksize ) ;
static struct ext4_dir_entry_2 * dx_pack_dirents ( struct inode * dir , char * base ,
unsigned int blocksize ) ;
2008-01-28 23:58:27 -05:00
static void dx_insert_block ( struct dx_frame * frame ,
u32 hash , ext4_lblk_t block ) ;
2006-10-11 01:20:53 -07:00
static int ext4_htree_next_block ( struct inode * dir , __u32 hash ,
2006-10-11 01:20:50 -07:00
struct dx_frame * frame ,
struct dx_frame * frames ,
__u32 * start_hash ) ;
2008-09-22 15:21:01 -04:00
static struct buffer_head * ext4_dx_find_entry ( struct inode * dir ,
2015-05-18 13:14:47 -04:00
struct ext4_filename * fname ,
2014-08-29 20:49:51 -04:00
struct ext4_dir_entry_2 * * res_dir ) ;
2015-05-18 13:14:47 -04:00
static int ext4_dx_add_entry ( handle_t * handle , struct ext4_filename * fname ,
2016-01-08 16:00:31 -05:00
struct inode * dir , struct inode * inode ) ;
2006-10-11 01:20:50 -07:00
2012-04-29 18:39:10 -04:00
/* checksumming functions */
2019-06-21 16:31:47 -04:00
void ext4_initialize_dirent_tail ( struct buffer_head * bh ,
unsigned int blocksize )
2012-04-29 18:41:10 -04:00
{
2019-06-21 16:31:47 -04:00
struct ext4_dir_entry_tail * t = EXT4_DIRENT_TAIL ( bh - > b_data , blocksize ) ;
2012-04-29 18:41:10 -04:00
memset ( t , 0 , sizeof ( struct ext4_dir_entry_tail ) ) ;
t - > det_rec_len = ext4_rec_len_to_disk (
sizeof ( struct ext4_dir_entry_tail ) , blocksize ) ;
t - > det_reserved_ft = EXT4_FT_DIR_CSUM ;
}
/* Walk through a dirent block to find a checksum "dirent" at the tail */
static struct ext4_dir_entry_tail * get_dirent_tail ( struct inode * inode ,
2019-06-21 15:49:26 -04:00
struct buffer_head * bh )
2012-04-29 18:41:10 -04:00
{
struct ext4_dir_entry_tail * t ;
# ifdef PARANOID
struct ext4_dir_entry * d , * top ;
2019-06-21 15:49:26 -04:00
d = ( struct ext4_dir_entry * ) bh - > b_data ;
top = ( struct ext4_dir_entry * ) ( bh - > b_data +
2012-04-29 18:41:10 -04:00
( EXT4_BLOCK_SIZE ( inode - > i_sb ) -
2019-06-21 15:49:26 -04:00
sizeof ( struct ext4_dir_entry_tail ) ) ) ;
2012-04-29 18:41:10 -04:00
while ( d < top & & d - > rec_len )
d = ( struct ext4_dir_entry * ) ( ( ( void * ) d ) +
le16_to_cpu ( d - > rec_len ) ) ;
if ( d ! = top )
return NULL ;
t = ( struct ext4_dir_entry_tail * ) d ;
# else
2019-06-21 15:49:26 -04:00
t = EXT4_DIRENT_TAIL ( bh - > b_data , EXT4_BLOCK_SIZE ( inode - > i_sb ) ) ;
2012-04-29 18:41:10 -04:00
# endif
if ( t - > det_reserved_zero1 | |
le16_to_cpu ( t - > det_rec_len ) ! = sizeof ( struct ext4_dir_entry_tail ) | |
t - > det_reserved_zero2 | |
t - > det_reserved_ft ! = EXT4_FT_DIR_CSUM )
return NULL ;
return t ;
}
2019-06-21 15:49:26 -04:00
static __le32 ext4_dirblock_csum ( struct inode * inode , void * dirent , int size )
2012-04-29 18:41:10 -04:00
{
struct ext4_sb_info * sbi = EXT4_SB ( inode - > i_sb ) ;
struct ext4_inode_info * ei = EXT4_I ( inode ) ;
__u32 csum ;
csum = ext4_chksum ( sbi , ei - > i_csum_seed , ( __u8 * ) dirent , size ) ;
return cpu_to_le32 ( csum ) ;
}
2015-06-15 14:50:26 -04:00
# define warn_no_space_for_csum(inode) \
__warn_no_space_for_csum ( ( inode ) , __func__ , __LINE__ )
static void __warn_no_space_for_csum ( struct inode * inode , const char * func ,
unsigned int line )
2012-11-10 22:20:05 -05:00
{
2015-06-15 14:50:26 -04:00
__ext4_warning_inode ( inode , func , line ,
" No space for directory leaf checksum. Please run e2fsck -D. " ) ;
2012-11-10 22:20:05 -05:00
}
2019-06-21 15:49:26 -04:00
int ext4_dirblock_csum_verify ( struct inode * inode , struct buffer_head * bh )
2012-04-29 18:41:10 -04:00
{
struct ext4_dir_entry_tail * t ;
2014-10-13 03:36:16 -04:00
if ( ! ext4_has_metadata_csum ( inode - > i_sb ) )
2012-04-29 18:41:10 -04:00
return 1 ;
2019-06-21 15:49:26 -04:00
t = get_dirent_tail ( inode , bh ) ;
2012-04-29 18:41:10 -04:00
if ( ! t ) {
2012-11-10 22:20:05 -05:00
warn_no_space_for_csum ( inode ) ;
2012-04-29 18:41:10 -04:00
return 0 ;
}
2019-06-21 15:49:26 -04:00
if ( t - > det_checksum ! = ext4_dirblock_csum ( inode , bh - > b_data ,
2019-06-21 16:31:47 -04:00
( char * ) t - bh - > b_data ) )
2012-04-29 18:41:10 -04:00
return 0 ;
return 1 ;
}
2019-06-21 15:49:26 -04:00
static void ext4_dirblock_csum_set ( struct inode * inode ,
struct buffer_head * bh )
2012-04-29 18:41:10 -04:00
{
struct ext4_dir_entry_tail * t ;
2014-10-13 03:36:16 -04:00
if ( ! ext4_has_metadata_csum ( inode - > i_sb ) )
2012-04-29 18:41:10 -04:00
return ;
2019-06-21 15:49:26 -04:00
t = get_dirent_tail ( inode , bh ) ;
2012-04-29 18:41:10 -04:00
if ( ! t ) {
2012-11-10 22:20:05 -05:00
warn_no_space_for_csum ( inode ) ;
2012-04-29 18:41:10 -04:00
return ;
}
2019-06-21 15:49:26 -04:00
t - > det_checksum = ext4_dirblock_csum ( inode , bh - > b_data ,
2019-06-21 16:31:47 -04:00
( char * ) t - bh - > b_data ) ;
2012-04-29 18:41:10 -04:00
}
2019-06-21 15:49:26 -04:00
int ext4_handle_dirty_dirblock ( handle_t * handle ,
struct inode * inode ,
struct buffer_head * bh )
2012-04-29 18:41:10 -04:00
{
2019-06-21 15:49:26 -04:00
ext4_dirblock_csum_set ( inode , bh ) ;
2012-04-29 18:41:10 -04:00
return ext4_handle_dirty_metadata ( handle , inode , bh ) ;
}
2012-04-29 18:39:10 -04:00
static struct dx_countlimit * get_dx_countlimit ( struct inode * inode ,
struct ext4_dir_entry * dirent ,
int * offset )
{
struct ext4_dir_entry * dp ;
struct dx_root_info * root ;
int count_offset ;
if ( le16_to_cpu ( dirent - > rec_len ) = = EXT4_BLOCK_SIZE ( inode - > i_sb ) )
count_offset = 8 ;
else if ( le16_to_cpu ( dirent - > rec_len ) = = 12 ) {
dp = ( struct ext4_dir_entry * ) ( ( ( void * ) dirent ) + 12 ) ;
if ( le16_to_cpu ( dp - > rec_len ) ! =
EXT4_BLOCK_SIZE ( inode - > i_sb ) - 12 )
return NULL ;
root = ( struct dx_root_info * ) ( ( ( void * ) dp + 12 ) ) ;
if ( root - > reserved_zero | |
root - > info_length ! = sizeof ( struct dx_root_info ) )
return NULL ;
count_offset = 32 ;
} else
return NULL ;
if ( offset )
* offset = count_offset ;
return ( struct dx_countlimit * ) ( ( ( void * ) dirent ) + count_offset ) ;
}
static __le32 ext4_dx_csum ( struct inode * inode , struct ext4_dir_entry * dirent ,
int count_offset , int count , struct dx_tail * t )
{
struct ext4_sb_info * sbi = EXT4_SB ( inode - > i_sb ) ;
struct ext4_inode_info * ei = EXT4_I ( inode ) ;
2013-04-09 23:59:55 -04:00
__u32 csum ;
2012-04-29 18:39:10 -04:00
int size ;
2016-07-03 17:51:39 -04:00
__u32 dummy_csum = 0 ;
int offset = offsetof ( struct dx_tail , dt_checksum ) ;
2012-04-29 18:39:10 -04:00
size = count_offset + ( count * sizeof ( struct dx_entry ) ) ;
csum = ext4_chksum ( sbi , ei - > i_csum_seed , ( __u8 * ) dirent , size ) ;
2016-07-03 17:51:39 -04:00
csum = ext4_chksum ( sbi , csum , ( __u8 * ) t , offset ) ;
csum = ext4_chksum ( sbi , csum , ( __u8 * ) & dummy_csum , sizeof ( dummy_csum ) ) ;
2012-04-29 18:39:10 -04:00
return cpu_to_le32 ( csum ) ;
}
static int ext4_dx_csum_verify ( struct inode * inode ,
struct ext4_dir_entry * dirent )
{
struct dx_countlimit * c ;
struct dx_tail * t ;
int count_offset , limit , count ;
2014-10-13 03:36:16 -04:00
if ( ! ext4_has_metadata_csum ( inode - > i_sb ) )
2012-04-29 18:39:10 -04:00
return 1 ;
c = get_dx_countlimit ( inode , dirent , & count_offset ) ;
if ( ! c ) {
EXT4_ERROR_INODE ( inode , " dir seems corrupt? Run e2fsck -D. " ) ;
2016-07-03 21:11:08 -04:00
return 0 ;
2012-04-29 18:39:10 -04:00
}
limit = le16_to_cpu ( c - > limit ) ;
count = le16_to_cpu ( c - > count ) ;
if ( count_offset + ( limit * sizeof ( struct dx_entry ) ) >
EXT4_BLOCK_SIZE ( inode - > i_sb ) - sizeof ( struct dx_tail ) ) {
2012-11-10 22:20:05 -05:00
warn_no_space_for_csum ( inode ) ;
2016-07-03 21:11:08 -04:00
return 0 ;
2012-04-29 18:39:10 -04:00
}
t = ( struct dx_tail * ) ( ( ( struct dx_entry * ) c ) + limit ) ;
if ( t - > dt_checksum ! = ext4_dx_csum ( inode , dirent , count_offset ,
count , t ) )
return 0 ;
return 1 ;
}
static void ext4_dx_csum_set ( struct inode * inode , struct ext4_dir_entry * dirent )
{
struct dx_countlimit * c ;
struct dx_tail * t ;
int count_offset , limit , count ;
2014-10-13 03:36:16 -04:00
if ( ! ext4_has_metadata_csum ( inode - > i_sb ) )
2012-04-29 18:39:10 -04:00
return ;
c = get_dx_countlimit ( inode , dirent , & count_offset ) ;
if ( ! c ) {
EXT4_ERROR_INODE ( inode , " dir seems corrupt? Run e2fsck -D. " ) ;
return ;
}
limit = le16_to_cpu ( c - > limit ) ;
count = le16_to_cpu ( c - > count ) ;
if ( count_offset + ( limit * sizeof ( struct dx_entry ) ) >
EXT4_BLOCK_SIZE ( inode - > i_sb ) - sizeof ( struct dx_tail ) ) {
2012-11-10 22:20:05 -05:00
warn_no_space_for_csum ( inode ) ;
2012-04-29 18:39:10 -04:00
return ;
}
t = ( struct dx_tail * ) ( ( ( struct dx_entry * ) c ) + limit ) ;
t - > dt_checksum = ext4_dx_csum ( inode , dirent , count_offset , count , t ) ;
}
static inline int ext4_handle_dirty_dx_node ( handle_t * handle ,
struct inode * inode ,
struct buffer_head * bh )
{
ext4_dx_csum_set ( inode , ( struct ext4_dir_entry * ) bh - > b_data ) ;
return ext4_handle_dirty_metadata ( handle , inode , bh ) ;
}
2008-07-11 19:27:31 -04:00
/*
* p is at least 6 bytes before the end of page
*/
static inline struct ext4_dir_entry_2 *
2009-02-14 23:01:36 -05:00
ext4_next_entry ( struct ext4_dir_entry_2 * p , unsigned long blocksize )
2008-07-11 19:27:31 -04:00
{
return ( struct ext4_dir_entry_2 * ) ( ( char * ) p +
2009-02-14 23:01:36 -05:00
ext4_rec_len_from_disk ( p - > rec_len , blocksize ) ) ;
2008-07-11 19:27:31 -04:00
}
2006-10-11 01:20:50 -07:00
/*
* Future : use high four bits of block for coalesce - on - delete flags
* Mask them off for now .
*/
2008-01-28 23:58:27 -05:00
static inline ext4_lblk_t dx_get_block ( struct dx_entry * entry )
2006-10-11 01:20:50 -07:00
{
2017-06-21 21:09:57 -04:00
return le32_to_cpu ( entry - > block ) & 0x0fffffff ;
2006-10-11 01:20:50 -07:00
}
2008-01-28 23:58:27 -05:00
static inline void dx_set_block ( struct dx_entry * entry , ext4_lblk_t value )
2006-10-11 01:20:50 -07:00
{
entry - > block = cpu_to_le32 ( value ) ;
}
2008-09-08 22:25:24 -04:00
static inline unsigned dx_get_hash ( struct dx_entry * entry )
2006-10-11 01:20:50 -07:00
{
return le32_to_cpu ( entry - > hash ) ;
}
2008-09-08 22:25:24 -04:00
static inline void dx_set_hash ( struct dx_entry * entry , unsigned value )
2006-10-11 01:20:50 -07:00
{
entry - > hash = cpu_to_le32 ( value ) ;
}
2008-09-08 22:25:24 -04:00
static inline unsigned dx_get_count ( struct dx_entry * entries )
2006-10-11 01:20:50 -07:00
{
return le16_to_cpu ( ( ( struct dx_countlimit * ) entries ) - > count ) ;
}
2008-09-08 22:25:24 -04:00
static inline unsigned dx_get_limit ( struct dx_entry * entries )
2006-10-11 01:20:50 -07:00
{
return le16_to_cpu ( ( ( struct dx_countlimit * ) entries ) - > limit ) ;
}
2008-09-08 22:25:24 -04:00
static inline void dx_set_count ( struct dx_entry * entries , unsigned value )
2006-10-11 01:20:50 -07:00
{
( ( struct dx_countlimit * ) entries ) - > count = cpu_to_le16 ( value ) ;
}
2008-09-08 22:25:24 -04:00
static inline void dx_set_limit ( struct dx_entry * entries , unsigned value )
2006-10-11 01:20:50 -07:00
{
( ( struct dx_countlimit * ) entries ) - > limit = cpu_to_le16 ( value ) ;
}
2008-09-08 22:25:24 -04:00
static inline unsigned dx_root_limit ( struct inode * dir , unsigned infosize )
2006-10-11 01:20:50 -07:00
{
2021-03-19 07:34:13 +00:00
unsigned int entry_space = dir - > i_sb - > s_blocksize -
ext4_dir_rec_len ( 1 , NULL ) -
ext4_dir_rec_len ( 2 , NULL ) - infosize ;
2012-04-29 18:39:10 -04:00
2014-10-13 03:36:16 -04:00
if ( ext4_has_metadata_csum ( dir - > i_sb ) )
2012-04-29 18:39:10 -04:00
entry_space - = sizeof ( struct dx_tail ) ;
2008-07-11 19:27:31 -04:00
return entry_space / sizeof ( struct dx_entry ) ;
2006-10-11 01:20:50 -07:00
}
2008-09-08 22:25:24 -04:00
static inline unsigned dx_node_limit ( struct inode * dir )
2006-10-11 01:20:50 -07:00
{
2021-03-19 07:34:13 +00:00
unsigned int entry_space = dir - > i_sb - > s_blocksize -
ext4_dir_rec_len ( 0 , dir ) ;
2012-04-29 18:39:10 -04:00
2014-10-13 03:36:16 -04:00
if ( ext4_has_metadata_csum ( dir - > i_sb ) )
2012-04-29 18:39:10 -04:00
entry_space - = sizeof ( struct dx_tail ) ;
2008-07-11 19:27:31 -04:00
return entry_space / sizeof ( struct dx_entry ) ;
2006-10-11 01:20:50 -07:00
}
/*
* Debug
*/
# ifdef DX_DEBUG
2008-09-08 23:00:52 -04:00
static void dx_show_index ( char * label , struct dx_entry * entries )
2006-10-11 01:20:50 -07:00
{
2006-10-11 01:21:24 -07:00
int i , n = dx_get_count ( entries ) ;
2016-10-15 09:57:31 -04:00
printk ( KERN_DEBUG " %s index " , label ) ;
2006-10-11 01:21:24 -07:00
for ( i = 0 ; i < n ; i + + ) {
2016-10-15 09:57:31 -04:00
printk ( KERN_CONT " %x->%lu " ,
i ? dx_get_hash ( entries + i ) : 0 ,
( unsigned long ) dx_get_block ( entries + i ) ) ;
2006-10-11 01:21:24 -07:00
}
2016-10-15 09:57:31 -04:00
printk ( KERN_CONT " \n " ) ;
2006-10-11 01:20:50 -07:00
}
struct stats
{
unsigned names ;
unsigned space ;
unsigned bcount ;
} ;
2015-04-12 01:07:01 -04:00
static struct stats dx_show_leaf ( struct inode * dir ,
struct dx_hash_info * hinfo ,
struct ext4_dir_entry_2 * de ,
int size , int show_names )
2006-10-11 01:20:50 -07:00
{
unsigned names = 0 , space = 0 ;
char * base = ( char * ) de ;
struct dx_hash_info h = * hinfo ;
printk ( " names: " ) ;
while ( ( char * ) de < base + size )
{
if ( de - > inode )
{
if ( show_names )
{
2018-12-12 15:20:12 +05:30
# ifdef CONFIG_FS_ENCRYPTION
2015-04-12 01:07:01 -04:00
int len ;
char * name ;
2016-07-10 14:01:03 -04:00
struct fscrypt_str fname_crypto_str =
FSTR_INIT ( NULL , 0 ) ;
2015-05-31 13:34:22 -04:00
int res = 0 ;
2015-04-12 01:07:01 -04:00
name = de - > name ;
len = de - > name_len ;
2020-12-02 18:20:36 -08:00
if ( ! IS_ENCRYPTED ( dir ) ) {
2015-04-12 01:07:01 -04:00
/* Directory is not encrypted */
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
ext4fs_dirhash ( dir , de - > name ,
2015-04-12 01:07:01 -04:00
de - > name_len , & h ) ;
printk ( " %*.s:(U)%x.%u " , len ,
name , h . hash ,
( unsigned ) ( ( char * ) de
- base ) ) ;
} else {
2016-07-10 14:01:03 -04:00
struct fscrypt_str de_name =
FSTR_INIT ( name , len ) ;
2015-04-12 01:07:01 -04:00
/* Directory is encrypted */
2016-07-10 14:01:03 -04:00
res = fscrypt_fname_alloc_buffer (
2020-08-10 10:21:39 -04:00
len , & fname_crypto_str ) ;
2016-09-15 17:25:55 -04:00
if ( res )
2015-04-12 01:07:01 -04:00
printk ( KERN_WARNING " Error "
" allocating crypto "
" buffer--skipping "
" crypto \n " ) ;
2016-07-10 14:01:03 -04:00
res = fscrypt_fname_disk_to_usr ( dir ,
0 , 0 , & de_name ,
& fname_crypto_str ) ;
2016-09-15 17:25:55 -04:00
if ( res ) {
2015-04-12 01:07:01 -04:00
printk ( KERN_WARNING " Error "
" converting filename "
" from disk to usr "
" \n " ) ;
name = " ?? " ;
len = 2 ;
} else {
name = fname_crypto_str . name ;
len = fname_crypto_str . len ;
}
2021-03-19 07:34:13 +00:00
if ( IS_CASEFOLDED ( dir ) )
h . hash = EXT4_DIRENT_HASH ( de ) ;
else
ext4fs_dirhash ( dir , de - > name ,
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
de - > name_len , & h ) ;
2015-04-12 01:07:01 -04:00
printk ( " %*.s:(E)%x.%u " , len , name ,
h . hash , ( unsigned ) ( ( char * ) de
- base ) ) ;
2016-07-10 14:01:03 -04:00
fscrypt_fname_free_buffer (
& fname_crypto_str ) ;
2015-04-12 01:07:01 -04:00
}
# else
2006-10-11 01:20:50 -07:00
int len = de - > name_len ;
char * name = de - > name ;
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
ext4fs_dirhash ( dir , de - > name , de - > name_len , & h ) ;
2015-04-12 01:07:01 -04:00
printk ( " %*.s:%x.%u " , len , name , h . hash ,
2011-07-16 19:41:23 -04:00
( unsigned ) ( ( char * ) de - base ) ) ;
2015-04-12 01:07:01 -04:00
# endif
2006-10-11 01:20:50 -07:00
}
2021-03-19 07:34:13 +00:00
space + = ext4_dir_rec_len ( de - > name_len , dir ) ;
2006-10-11 01:20:50 -07:00
names + + ;
}
2009-02-14 23:01:36 -05:00
de = ext4_next_entry ( de , size ) ;
2006-10-11 01:20:50 -07:00
}
2016-10-15 09:57:31 -04:00
printk ( KERN_CONT " (%i) \n " , names ) ;
2006-10-11 01:20:50 -07:00
return ( struct stats ) { names , space , 1 } ;
}
struct stats dx_show_entries ( struct dx_hash_info * hinfo , struct inode * dir ,
struct dx_entry * entries , int levels )
{
unsigned blocksize = dir - > i_sb - > s_blocksize ;
2008-09-08 22:25:24 -04:00
unsigned count = dx_get_count ( entries ) , names = 0 , space = 0 , i ;
2006-10-11 01:20:50 -07:00
unsigned bcount = 0 ;
struct buffer_head * bh ;
printk ( " %i indexed blocks... \n " , count ) ;
for ( i = 0 ; i < count ; i + + , entries + + )
{
2008-01-28 23:58:27 -05:00
ext4_lblk_t block = dx_get_block ( entries ) ;
ext4_lblk_t hash = i ? dx_get_hash ( entries ) : 0 ;
2006-10-11 01:20:50 -07:00
u32 range = i < count - 1 ? ( dx_get_hash ( entries + 1 ) - hash ) : ~ hash ;
struct stats stats ;
printk ( " %s%3u:%03u hash %8x/%8x " , levels ? " " : " " , i , block , hash , range ) ;
2014-08-29 20:52:15 -04:00
bh = ext4_bread ( NULL , dir , block , 0 ) ;
if ( ! bh | | IS_ERR ( bh ) )
continue ;
2006-10-11 01:20:50 -07:00
stats = levels ?
dx_show_entries ( hinfo , dir , ( ( struct dx_node * ) bh - > b_data ) - > entries , levels - 1 ) :
2015-04-12 01:07:01 -04:00
dx_show_leaf ( dir , hinfo , ( struct ext4_dir_entry_2 * )
bh - > b_data , blocksize , 0 ) ;
2006-10-11 01:20:50 -07:00
names + = stats . names ;
space + = stats . space ;
bcount + = stats . bcount ;
2008-09-08 22:25:24 -04:00
brelse ( bh ) ;
2006-10-11 01:20:50 -07:00
}
if ( bcount )
2010-05-17 07:00:00 -04:00
printk ( KERN_DEBUG " %snames %u, fullness %u (%u%%) \n " ,
2008-09-08 23:00:52 -04:00
levels ? " " : " " , names , space / bcount ,
( space / bcount ) * 100 / blocksize ) ;
2006-10-11 01:20:50 -07:00
return ( struct stats ) { names , space , bcount } ;
}
2021-02-02 16:28:37 +00:00
/*
* Linear search cross check
*/
static inline void htree_rep_invariant_check ( struct dx_entry * at ,
struct dx_entry * target ,
u32 hash , unsigned int n )
{
while ( n - - ) {
dxtrace ( printk ( KERN_CONT " , " ) ) ;
if ( dx_get_hash ( + + at ) > hash ) {
at - - ;
break ;
}
}
ASSERT ( at = = target - 1 ) ;
}
# else /* DX_DEBUG */
static inline void htree_rep_invariant_check ( struct dx_entry * at ,
struct dx_entry * target ,
u32 hash , unsigned int n )
{
}
2006-10-11 01:20:50 -07:00
# endif /* DX_DEBUG */
/*
* Probe for a directory leaf block to search .
*
* dx_probe can return ERR_BAD_DX_DIR , which means there was a format
* error in the directory index , and the caller should fall back to
* searching the directory normally . The callers of dx_probe * * MUST * *
* check for this error code , and make sure it never gets reflected
* back to userspace .
*/
static struct dx_frame *
2015-05-18 13:14:47 -04:00
dx_probe ( struct ext4_filename * fname , struct inode * dir ,
2014-08-29 20:52:17 -04:00
struct dx_hash_info * hinfo , struct dx_frame * frame_in )
2006-10-11 01:20:50 -07:00
{
2022-05-18 11:33:29 +02:00
unsigned count , indirect , level , i ;
2006-10-11 01:20:50 -07:00
struct dx_entry * at , * entries , * p , * q , * m ;
struct dx_root * root ;
struct dx_frame * frame = frame_in ;
2014-08-29 20:52:17 -04:00
struct dx_frame * ret_err = ERR_PTR ( ERR_BAD_DX_DIR ) ;
2006-10-11 01:20:50 -07:00
u32 hash ;
2022-05-18 11:33:29 +02:00
ext4_lblk_t block ;
ext4_lblk_t blocks [ EXT4_HTREE_LEVEL ] ;
2006-10-11 01:20:50 -07:00
2017-06-21 21:09:57 -04:00
memset ( frame_in , 0 , EXT4_HTREE_LEVEL * sizeof ( frame_in [ 0 ] ) ) ;
2014-08-29 20:52:17 -04:00
frame - > bh = ext4_read_dirblock ( dir , 0 , INDEX ) ;
if ( IS_ERR ( frame - > bh ) )
return ( struct dx_frame * ) frame - > bh ;
root = ( struct dx_root * ) frame - > bh - > b_data ;
2006-10-11 01:20:50 -07:00
if ( root - > info . hash_version ! = DX_HASH_TEA & &
root - > info . hash_version ! = DX_HASH_HALF_MD4 & &
2021-03-19 07:34:13 +00:00
root - > info . hash_version ! = DX_HASH_LEGACY & &
root - > info . hash_version ! = DX_HASH_SIPHASH ) {
2015-06-15 14:50:26 -04:00
ext4_warning_inode ( dir , " Unrecognised inode hash code %u " ,
root - > info . hash_version ) ;
2006-10-11 01:20:50 -07:00
goto fail ;
}
2021-03-19 07:34:13 +00:00
if ( ext4_hash_in_dirent ( dir ) ) {
if ( root - > info . hash_version ! = DX_HASH_SIPHASH ) {
ext4_warning_inode ( dir ,
" Hash in dirent, but hash is not SIPHASH " ) ;
goto fail ;
}
} else {
if ( root - > info . hash_version = = DX_HASH_SIPHASH ) {
ext4_warning_inode ( dir ,
" Hash code is SIPHASH, but hash not in dirent " ) ;
goto fail ;
}
}
2015-05-18 13:14:47 -04:00
if ( fname )
hinfo = & fname - > hinfo ;
2006-10-11 01:20:50 -07:00
hinfo - > hash_version = root - > info . hash_version ;
2008-10-28 13:21:44 -04:00
if ( hinfo - > hash_version < = DX_HASH_TEA )
hinfo - > hash_version + = EXT4_SB ( dir - > i_sb ) - > s_hash_unsigned ;
2006-10-11 01:20:53 -07:00
hinfo - > seed = EXT4_SB ( dir - > i_sb ) - > s_hash_seed ;
2021-03-19 07:34:14 +00:00
/* hash is already computed for encrypted casefolded directory */
if ( fname & & fname_name ( fname ) & &
! ( IS_ENCRYPTED ( dir ) & & IS_CASEFOLDED ( dir ) ) )
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
ext4fs_dirhash ( dir , fname_name ( fname ) , fname_len ( fname ) , hinfo ) ;
2006-10-11 01:20:50 -07:00
hash = hinfo - > hash ;
if ( root - > info . unused_flags & 1 ) {
2015-06-15 14:50:26 -04:00
ext4_warning_inode ( dir , " Unimplemented hash flags: %#06x " ,
root - > info . unused_flags ) ;
2006-10-11 01:20:50 -07:00
goto fail ;
}
2015-06-15 14:50:26 -04:00
indirect = root - > info . indirect_levels ;
2017-06-21 21:09:57 -04:00
if ( indirect > = ext4_dir_htree_level ( dir - > i_sb ) ) {
ext4_warning ( dir - > i_sb ,
" Directory (ino: %lu) htree depth %#06x exceed "
" supported value " , dir - > i_ino ,
ext4_dir_htree_level ( dir - > i_sb ) ) ;
if ( ext4_dir_htree_level ( dir - > i_sb ) < EXT4_HTREE_LEVEL ) {
ext4_warning ( dir - > i_sb , " Enable large directory "
" feature to access it " ) ;
}
2006-10-11 01:20:50 -07:00
goto fail ;
}
2015-06-15 14:50:26 -04:00
entries = ( struct dx_entry * ) ( ( ( char * ) & root - > info ) +
root - > info . info_length ) ;
2007-09-18 22:46:38 -07:00
if ( dx_get_limit ( entries ) ! = dx_root_limit ( dir ,
root - > info . info_length ) ) {
2015-06-15 14:50:26 -04:00
ext4_warning_inode ( dir , " dx entry: limit %u != root limit %u " ,
dx_get_limit ( entries ) ,
dx_root_limit ( dir , root - > info . info_length ) ) ;
2007-09-18 22:46:38 -07:00
goto fail ;
}
2008-09-08 22:25:24 -04:00
dxtrace ( printk ( " Look up %x " , hash ) ) ;
2022-05-18 11:33:29 +02:00
level = 0 ;
blocks [ 0 ] = 0 ;
2014-08-29 20:52:17 -04:00
while ( 1 ) {
2006-10-11 01:20:50 -07:00
count = dx_get_count ( entries ) ;
2007-09-18 22:46:38 -07:00
if ( ! count | | count > dx_get_limit ( entries ) ) {
2015-06-15 14:50:26 -04:00
ext4_warning_inode ( dir ,
" dx entry: count %u beyond limit %u " ,
count , dx_get_limit ( entries ) ) ;
2014-08-29 20:52:17 -04:00
goto fail ;
2007-09-18 22:46:38 -07:00
}
2006-10-11 01:20:50 -07:00
p = entries + 1 ;
q = entries + count - 1 ;
2014-08-29 20:52:17 -04:00
while ( p < = q ) {
2015-06-15 14:50:26 -04:00
m = p + ( q - p ) / 2 ;
2016-10-15 09:57:31 -04:00
dxtrace ( printk ( KERN_CONT " . " ) ) ;
2006-10-11 01:20:50 -07:00
if ( dx_get_hash ( m ) > hash )
q = m - 1 ;
else
p = m + 1 ;
}
2021-02-02 16:28:37 +00:00
htree_rep_invariant_check ( entries , p , hash , count - 1 ) ;
2006-10-11 01:20:50 -07:00
at = p - 1 ;
2016-10-15 09:57:31 -04:00
dxtrace ( printk ( KERN_CONT " %x->%u \n " ,
at = = entries ? 0 : dx_get_hash ( at ) ,
2015-06-15 14:50:26 -04:00
dx_get_block ( at ) ) ) ;
2006-10-11 01:20:50 -07:00
frame - > entries = entries ;
frame - > at = at ;
2022-05-18 11:33:29 +02:00
block = dx_get_block ( at ) ;
for ( i = 0 ; i < = level ; i + + ) {
if ( blocks [ i ] = = block ) {
ext4_warning_inode ( dir ,
" dx entry: tree cycle block %u points back to block %u " ,
blocks [ level ] , block ) ;
goto fail ;
}
}
if ( + + level > indirect )
2014-08-29 20:52:17 -04:00
return frame ;
2022-05-18 11:33:29 +02:00
blocks [ level ] = block ;
2014-08-29 20:52:17 -04:00
frame + + ;
2022-05-18 11:33:29 +02:00
frame - > bh = ext4_read_dirblock ( dir , block , INDEX ) ;
2014-08-29 20:52:17 -04:00
if ( IS_ERR ( frame - > bh ) ) {
ret_err = ( struct dx_frame * ) frame - > bh ;
frame - > bh = NULL ;
goto fail ;
2012-04-29 18:39:10 -04:00
}
2022-05-18 11:33:29 +02:00
2014-08-29 20:52:17 -04:00
entries = ( ( struct dx_node * ) frame - > bh - > b_data ) - > entries ;
2012-04-29 18:39:10 -04:00
2015-06-15 14:50:26 -04:00
if ( dx_get_limit ( entries ) ! = dx_node_limit ( dir ) ) {
ext4_warning_inode ( dir ,
" dx entry: limit %u != node limit %u " ,
dx_get_limit ( entries ) , dx_node_limit ( dir ) ) ;
2014-08-29 20:52:17 -04:00
goto fail ;
2007-09-18 22:46:38 -07:00
}
2006-10-11 01:20:50 -07:00
}
2014-08-29 20:52:17 -04:00
fail :
2006-10-11 01:20:50 -07:00
while ( frame > = frame_in ) {
brelse ( frame - > bh ) ;
frame - - ;
}
2015-04-12 01:07:01 -04:00
2014-08-29 20:52:17 -04:00
if ( ret_err = = ERR_PTR ( ERR_BAD_DX_DIR ) )
2015-06-15 14:50:26 -04:00
ext4_warning_inode ( dir ,
" Corrupt directory, running e2fsck is recommended " ) ;
2014-08-29 20:52:17 -04:00
return ret_err ;
2006-10-11 01:20:50 -07:00
}
2015-06-15 14:50:26 -04:00
static void dx_release ( struct dx_frame * frames )
2006-10-11 01:20:50 -07:00
{
2017-06-21 21:09:57 -04:00
struct dx_root_info * info ;
int i ;
2019-05-10 22:00:33 -04:00
unsigned int indirect_levels ;
2017-06-21 21:09:57 -04:00
2006-10-11 01:20:50 -07:00
if ( frames [ 0 ] . bh = = NULL )
return ;
2017-06-21 21:09:57 -04:00
info = & ( ( struct dx_root * ) frames [ 0 ] . bh - > b_data ) - > info ;
2019-05-10 22:00:33 -04:00
/* save local copy, "info" may be freed after brelse() */
indirect_levels = info - > indirect_levels ;
for ( i = 0 ; i < = indirect_levels ; i + + ) {
2017-06-21 21:09:57 -04:00
if ( frames [ i ] . bh = = NULL )
break ;
brelse ( frames [ i ] . bh ) ;
frames [ i ] . bh = NULL ;
}
2006-10-11 01:20:50 -07:00
}
/*
* This function increments the frame pointer to search the next leaf
* block , and reads in the necessary intervening nodes if the search
* should be necessary . Whether or not the search is necessary is
* controlled by the hash parameter . If the hash value is even , then
* the search is only continued if the next block starts with that
* hash value . This is used if we are searching for a specific file .
*
* If the hash value is HASH_NB_ALWAYS , then always go to the next block .
*
* This function returns 1 if the caller should continue to search ,
* or 0 if it should not . If there is an error reading one of the
* index blocks , it will a negative error code .
*
* If start_hash is non - null , it will be filled in with the starting
* hash of the next page .
*/
2006-10-11 01:20:53 -07:00
static int ext4_htree_next_block ( struct inode * dir , __u32 hash ,
2006-10-11 01:20:50 -07:00
struct dx_frame * frame ,
struct dx_frame * frames ,
__u32 * start_hash )
{
struct dx_frame * p ;
struct buffer_head * bh ;
2013-02-14 23:59:26 -05:00
int num_frames = 0 ;
2006-10-11 01:20:50 -07:00
__u32 bhash ;
p = frame ;
/*
* Find the next leaf page by incrementing the frame pointer .
* If we run out of entries in the interior node , loop around and
* increment pointer in the parent node . When we break out of
* this loop , num_frames indicates the number of interior
* nodes need to be read .
*/
while ( 1 ) {
if ( + + ( p - > at ) < p - > entries + dx_get_count ( p - > entries ) )
break ;
if ( p = = frames )
return 0 ;
num_frames + + ;
p - - ;
}
/*
* If the hash is 1 , then continue only if the next page has a
* continuation hash of any value . This is used for readdir
* handling . Otherwise , check to see if the hash matches the
2021-03-27 16:00:05 +05:30
* desired continuation hash . If it doesn ' t , return since
2006-10-11 01:20:50 -07:00
* there ' s no point to read in the successive index pages .
*/
bhash = dx_get_hash ( p - > at ) ;
if ( start_hash )
* start_hash = bhash ;
if ( ( hash & 1 ) = = 0 ) {
if ( ( bhash & ~ 1 ) ! = hash )
return 0 ;
}
/*
* If the hash is HASH_NB_ALWAYS , we always go to the next
* block so no check is necessary
*/
while ( num_frames - - ) {
2013-02-14 23:59:26 -05:00
bh = ext4_read_dirblock ( dir , dx_get_block ( p - > at ) , INDEX ) ;
if ( IS_ERR ( bh ) )
return PTR_ERR ( bh ) ;
2006-10-11 01:20:50 -07:00
p + + ;
2008-09-08 22:25:24 -04:00
brelse ( p - > bh ) ;
2006-10-11 01:20:50 -07:00
p - > bh = bh ;
p - > at = p - > entries = ( ( struct dx_node * ) bh - > b_data ) - > entries ;
}
return 1 ;
}
/*
* This function fills a red - black tree with information from a
* directory block . It returns the number directory entries loaded
* into the tree . If there is an error it is returned in err .
*/
static int htree_dirblock_to_tree ( struct file * dir_file ,
2008-01-28 23:58:27 -05:00
struct inode * dir , ext4_lblk_t block ,
2006-10-11 01:20:50 -07:00
struct dx_hash_info * hinfo ,
__u32 start_hash , __u32 start_minor_hash )
{
struct buffer_head * bh ;
2006-10-11 01:20:53 -07:00
struct ext4_dir_entry_2 * de , * top ;
ext4: fix possible non-initialized variable in htree_dirblock_to_tree()
htree_dirblock_to_tree() declares a non-initialized 'err' variable,
which is passed as a reference to another functions expecting them to
set this variable with their error codes.
It's passed to ext4_bread(), which then passes it to ext4_getblk(). If
ext4_map_blocks() returns 0 due to a lookup failure, leaving the
ext4_getblk() buffer_head uninitialized, it will make ext4_getblk()
return to ext4_bread() without initialize the 'err' variable, and
ext4_bread() will return to htree_dirblock_to_tree() with this variable
still uninitialized. htree_dirblock_to_tree() will pass this variable
with garbage back to ext4_htree_fill_tree(), which expects a number of
directory entries added to the rb-tree. which, in case, might return a
fake non-zero value due the garbage left in the 'err' variable, leading
the kernel to an Oops in ext4_dx_readdir(), once this is expecting a
filled rb-tree node, when in turn it will have a NULL-ed one, causing an
invalid page request when trying to get a fname struct from this NULL-ed
rb-tree node in this line:
fname = rb_entry(info->curr_node, struct fname, rb_hash);
The patch itself initializes the err variable in
htree_dirblock_to_tree() to avoid usage mistakes by the called
functions, and also fix ext4_getblk() to return a initialized 'err'
variable when ext4_map_blocks() fails a lookup.
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2012-09-17 23:39:12 -04:00
int err = 0 , count = 0 ;
2016-07-10 14:01:03 -04:00
struct fscrypt_str fname_crypto_str = FSTR_INIT ( NULL , 0 ) , tmp_str ;
2021-03-19 07:34:13 +00:00
int csum = ext4_has_metadata_csum ( dir - > i_sb ) ;
2006-10-11 01:20:50 -07:00
2008-01-28 23:58:27 -05:00
dxtrace ( printk ( KERN_INFO " In htree dirblock_to_tree: block %lu \n " ,
( unsigned long ) block ) ) ;
2019-06-20 21:19:02 -04:00
bh = ext4_read_dirblock ( dir , block , DIRENT_HTREE ) ;
2013-02-14 23:59:26 -05:00
if ( IS_ERR ( bh ) )
return PTR_ERR ( bh ) ;
2012-04-29 18:41:10 -04:00
2006-10-11 01:20:53 -07:00
de = ( struct ext4_dir_entry_2 * ) bh - > b_data ;
2021-03-19 07:34:13 +00:00
/* csum entries are not larger in the casefolded encrypted case */
2006-10-11 01:20:53 -07:00
top = ( struct ext4_dir_entry_2 * ) ( ( char * ) de +
2006-10-11 01:20:50 -07:00
dir - > i_sb - > s_blocksize -
2021-03-19 07:34:13 +00:00
ext4_dir_rec_len ( 0 ,
csum ? NULL : dir ) ) ;
2015-04-12 01:09:03 -04:00
/* Check if the directory is encrypted */
2018-12-12 15:20:10 +05:30
if ( IS_ENCRYPTED ( dir ) ) {
2020-12-02 18:20:37 -08:00
err = fscrypt_prepare_readdir ( dir ) ;
2015-05-31 13:34:22 -04:00
if ( err < 0 ) {
brelse ( bh ) ;
return err ;
}
2020-08-10 10:21:39 -04:00
err = fscrypt_fname_alloc_buffer ( EXT4_NAME_LEN ,
& fname_crypto_str ) ;
2015-04-12 01:09:03 -04:00
if ( err < 0 ) {
brelse ( bh ) ;
return err ;
}
}
2019-12-09 13:32:25 -08:00
2009-02-14 23:01:36 -05:00
for ( ; de < top ; de = ext4_next_entry ( de , dir - > i_sb - > s_blocksize ) ) {
2011-01-10 12:10:55 -05:00
if ( ext4_check_dir_entry ( dir , NULL , de , bh ,
2012-12-10 14:05:58 -05:00
bh - > b_data , bh - > b_size ,
2010-12-19 22:07:02 -05:00
( block < < EXT4_BLOCK_SIZE_BITS ( dir - > i_sb ) )
+ ( ( char * ) de - bh - > b_data ) ) ) {
2013-07-01 08:12:38 -04:00
/* silently ignore the rest of the block */
break ;
[PATCH] handle ext4 directory corruption better
I've been using Steve Grubb's purely evil "fsfuzzer" tool, at
http://people.redhat.com/sgrubb/files/fsfuzzer-0.4.tar.gz
Basically it makes a filesystem, splats some random bits over it, then
tries to mount it and do some simple filesystem actions.
At best, the filesystem catches the corruption gracefully. At worst,
things spin out of control.
As you might guess, we found a couple places in ext4 where things spin out
of control :)
First, we had a corrupted directory that was never checked for
consistency... it was corrupt, and pointed to another bad "entry" of
length 0. The for() loop looped forever, since the length of
ext4_next_entry(de) was 0, and we kept looking at the same pointer over and
over and over and over... I modeled this check and subsequent action on
what is done for other directory types in ext4_readdir...
(adding this check adds some computational expense; I am testing a followup
patch to reduce the number of times we check and re-check these directory
entries, in all cases. Thanks for the idea, Andreas).
Next we had a root directory inode which had a corrupted size, claimed to
be > 200M on a 4M filesystem. There was only really 1 block in the
directory, but because the size was so large, readdir kept coming back for
more, spewing thousands of printk's along the way.
Per Andreas' suggestion, if we're in this read error condition and we're
trying to read an offset which is greater than i_blocks worth of bytes,
stop trying, and break out of the loop.
With these two changes fsfuzz test survives quite well on ext4.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Cc: <linux-ext4@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-06 20:36:28 -08:00
}
2021-03-19 07:34:13 +00:00
if ( ext4_hash_in_dirent ( dir ) ) {
if ( de - > name_len & & de - > inode ) {
hinfo - > hash = EXT4_DIRENT_HASH ( de ) ;
hinfo - > minor_hash = EXT4_DIRENT_MINOR_HASH ( de ) ;
} else {
hinfo - > hash = 0 ;
hinfo - > minor_hash = 0 ;
}
} else {
ext4fs_dirhash ( dir , de - > name , de - > name_len , hinfo ) ;
}
2006-10-11 01:20:50 -07:00
if ( ( hinfo - > hash < start_hash ) | |
( ( hinfo - > hash = = start_hash ) & &
( hinfo - > minor_hash < start_minor_hash ) ) )
continue ;
if ( de - > inode = = 0 )
continue ;
2018-12-12 15:20:10 +05:30
if ( ! IS_ENCRYPTED ( dir ) ) {
2015-04-12 01:09:03 -04:00
tmp_str . name = de - > name ;
tmp_str . len = de - > name_len ;
err = ext4_htree_store_dirent ( dir_file ,
hinfo - > hash , hinfo - > minor_hash , de ,
& tmp_str ) ;
} else {
2015-05-18 13:15:47 -04:00
int save_len = fname_crypto_str . len ;
2016-07-10 14:01:03 -04:00
struct fscrypt_str de_name = FSTR_INIT ( de - > name ,
de - > name_len ) ;
2015-05-18 13:15:47 -04:00
2015-04-12 01:09:03 -04:00
/* Directory is encrypted */
2016-07-10 14:01:03 -04:00
err = fscrypt_fname_disk_to_usr ( dir , hinfo - > hash ,
hinfo - > minor_hash , & de_name ,
& fname_crypto_str ) ;
2016-09-15 17:25:55 -04:00
if ( err ) {
2015-04-12 01:09:03 -04:00
count = err ;
goto errout ;
}
err = ext4_htree_store_dirent ( dir_file ,
hinfo - > hash , hinfo - > minor_hash , de ,
& fname_crypto_str ) ;
2015-05-18 13:15:47 -04:00
fname_crypto_str . len = save_len ;
2015-04-12 01:09:03 -04:00
}
2015-04-12 00:56:26 -04:00
if ( err ! = 0 ) {
2015-04-12 01:09:03 -04:00
count = err ;
goto errout ;
2006-10-11 01:20:50 -07:00
}
count + + ;
}
2015-04-12 01:09:03 -04:00
errout :
2006-10-11 01:20:50 -07:00
brelse ( bh ) ;
2016-07-10 14:01:03 -04:00
fscrypt_fname_free_buffer ( & fname_crypto_str ) ;
2006-10-11 01:20:50 -07:00
return count ;
}
/*
* This function fills a red - black tree with information from a
* directory . We start scanning the directory in hash order , starting
* at start_hash and start_minor_hash .
*
* This function returns the number of entries inserted into the tree ,
* or a negative error code .
*/
2006-10-11 01:20:53 -07:00
int ext4_htree_fill_tree ( struct file * dir_file , __u32 start_hash ,
2006-10-11 01:20:50 -07:00
__u32 start_minor_hash , __u32 * next_hash )
{
struct dx_hash_info hinfo ;
2006-10-11 01:20:53 -07:00
struct ext4_dir_entry_2 * de ;
2017-06-21 21:09:57 -04:00
struct dx_frame frames [ EXT4_HTREE_LEVEL ] , * frame ;
2006-10-11 01:20:50 -07:00
struct inode * dir ;
2008-01-28 23:58:27 -05:00
ext4_lblk_t block ;
2006-10-11 01:20:50 -07:00
int count = 0 ;
2008-01-28 23:58:27 -05:00
int ret , err ;
2006-10-11 01:20:50 -07:00
__u32 hashval ;
2016-07-10 14:01:03 -04:00
struct fscrypt_str tmp_str ;
2006-10-11 01:20:50 -07:00
2010-05-17 07:00:00 -04:00
dxtrace ( printk ( KERN_DEBUG " In htree_fill_tree, start hash: %x:%x \n " ,
2008-09-08 23:00:52 -04:00
start_hash , start_minor_hash ) ) ;
2013-01-23 17:07:38 -05:00
dir = file_inode ( dir_file ) ;
2010-05-16 22:00:00 -04:00
if ( ! ( ext4_test_inode_flag ( dir , EXT4_INODE_INDEX ) ) ) {
2021-03-19 07:34:13 +00:00
if ( ext4_hash_in_dirent ( dir ) )
hinfo . hash_version = DX_HASH_SIPHASH ;
else
hinfo . hash_version =
EXT4_SB ( dir - > i_sb ) - > s_def_hash_version ;
2008-10-28 13:21:44 -04:00
if ( hinfo . hash_version < = DX_HASH_TEA )
hinfo . hash_version + =
EXT4_SB ( dir - > i_sb ) - > s_hash_unsigned ;
2006-10-11 01:20:53 -07:00
hinfo . seed = EXT4_SB ( dir - > i_sb ) - > s_hash_seed ;
2013-04-19 17:53:09 -04:00
if ( ext4_has_inline_data ( dir ) ) {
int has_inline_data = 1 ;
2019-06-21 21:57:00 -04:00
count = ext4_inlinedir_to_tree ( dir_file , dir , 0 ,
& hinfo , start_hash ,
start_minor_hash ,
& has_inline_data ) ;
2013-04-19 17:53:09 -04:00
if ( has_inline_data ) {
* next_hash = ~ 0 ;
return count ;
}
}
2006-10-11 01:20:50 -07:00
count = htree_dirblock_to_tree ( dir_file , dir , 0 , & hinfo ,
start_hash , start_minor_hash ) ;
* next_hash = ~ 0 ;
return count ;
}
hinfo . hash = start_hash ;
hinfo . minor_hash = 0 ;
2014-08-29 20:52:17 -04:00
frame = dx_probe ( NULL , dir , & hinfo , frames ) ;
if ( IS_ERR ( frame ) )
return PTR_ERR ( frame ) ;
2006-10-11 01:20:50 -07:00
/* Add '.' and '..' from the htree header */
if ( ! start_hash & & ! start_minor_hash ) {
2006-10-11 01:20:53 -07:00
de = ( struct ext4_dir_entry_2 * ) frames [ 0 ] . bh - > b_data ;
2015-04-12 00:56:26 -04:00
tmp_str . name = de - > name ;
tmp_str . len = de - > name_len ;
err = ext4_htree_store_dirent ( dir_file , 0 , 0 ,
de , & tmp_str ) ;
if ( err ! = 0 )
2006-10-11 01:20:50 -07:00
goto errout ;
count + + ;
}
if ( start_hash < 2 | | ( start_hash = = 2 & & start_minor_hash = = 0 ) ) {
2006-10-11 01:20:53 -07:00
de = ( struct ext4_dir_entry_2 * ) frames [ 0 ] . bh - > b_data ;
2009-02-14 23:01:36 -05:00
de = ext4_next_entry ( de , dir - > i_sb - > s_blocksize ) ;
2015-04-12 00:56:26 -04:00
tmp_str . name = de - > name ;
tmp_str . len = de - > name_len ;
err = ext4_htree_store_dirent ( dir_file , 2 , 0 ,
de , & tmp_str ) ;
if ( err ! = 0 )
2006-10-11 01:20:50 -07:00
goto errout ;
count + + ;
}
while ( 1 ) {
2016-04-23 22:50:07 -04:00
if ( fatal_signal_pending ( current ) ) {
err = - ERESTARTSYS ;
goto errout ;
}
cond_resched ( ) ;
2006-10-11 01:20:50 -07:00
block = dx_get_block ( frame - > at ) ;
ret = htree_dirblock_to_tree ( dir_file , dir , block , & hinfo ,
start_hash , start_minor_hash ) ;
if ( ret < 0 ) {
err = ret ;
goto errout ;
}
count + = ret ;
hashval = ~ 0 ;
2006-10-11 01:20:53 -07:00
ret = ext4_htree_next_block ( dir , HASH_NB_ALWAYS ,
2006-10-11 01:20:50 -07:00
frame , frames , & hashval ) ;
* next_hash = hashval ;
if ( ret < 0 ) {
err = ret ;
goto errout ;
}
/*
* Stop if : ( a ) there are no more entries , or
* ( b ) we have inserted at least one entry and the
* next hash value is not a continuation
*/
if ( ( ret = = 0 ) | |
( count & & ( ( hashval & 1 ) = = 0 ) ) )
break ;
}
dx_release ( frames ) ;
2008-09-08 23:00:52 -04:00
dxtrace ( printk ( KERN_DEBUG " Fill tree: returned %d entries, "
" next hash: %x \n " , count , * next_hash ) ) ;
2006-10-11 01:20:50 -07:00
return count ;
errout :
dx_release ( frames ) ;
return ( err ) ;
}
2012-12-10 14:05:59 -05:00
static inline int search_dirblock ( struct buffer_head * bh ,
struct inode * dir ,
2015-05-18 13:14:47 -04:00
struct ext4_filename * fname ,
2012-12-10 14:05:59 -05:00
unsigned int offset ,
struct ext4_dir_entry_2 * * res_dir )
{
2015-05-18 13:14:47 -04:00
return ext4_search_dir ( bh , bh - > b_data , dir - > i_sb - > s_blocksize , dir ,
2017-05-24 18:10:49 -04:00
fname , offset , res_dir ) ;
2012-12-10 14:05:59 -05:00
}
2006-10-11 01:20:50 -07:00
/*
* Directory block splitting , compacting
*/
ext34: ensure do_split leaves enough free space in both blocks
The do_split() function for htree dir blocks is intended to split a leaf
block to make room for a new entry. It sorts the entries in the original
block by hash value, then moves the last half of the entries to the new
block - without accounting for how much space this actually moves. (IOW,
it moves half of the entry *count* not half of the entry *space*). If by
chance we have both large & small entries, and we move only the smallest
entries, and we have a large new entry to insert, we may not have created
enough space for it.
The patch below stores each record size when calculating the dx_map, and
then walks the hash-sorted dx_map, calculating how many entries must be
moved to more evenly split the existing entries between the old block and
the new block, guaranteeing enough space for the new entry.
The dx_map "offs" member is reduced to u16 so that the overall map size
does not change - it is temporarily stored at the end of the new block, and
if it grows too large it may be overwritten. By making offs and size both
u16, we won't grow the map size.
Also add a few comments to the functions involved.
This fixes the testcase reported by hooanon05@yahoo.co.jp on the
linux-ext4 list, "ext3 dir_index causes an error"
Thanks to Andreas Dilger for discussing the problem & solution with me.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Tested-by: Junjiro Okajima <hooanon05@yahoo.co.jp>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: <linux-ext4@vger.kernel.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-18 22:46:42 -07:00
/*
* Create map of hash values , offsets , and sizes , stored at end of block .
* Returns number of entries mapped .
*/
2022-05-18 11:33:28 +02:00
static int dx_make_map ( struct inode * dir , struct buffer_head * bh ,
struct dx_hash_info * hinfo ,
2009-02-14 21:46:54 -05:00
struct dx_map_entry * map_tail )
2006-10-11 01:20:50 -07:00
{
int count = 0 ;
2022-05-18 11:33:28 +02:00
struct ext4_dir_entry_2 * de = ( struct ext4_dir_entry_2 * ) bh - > b_data ;
unsigned int buflen = bh - > b_size ;
char * base = bh - > b_data ;
2006-10-11 01:20:50 -07:00
struct dx_hash_info h = * hinfo ;
2022-05-18 11:33:28 +02:00
if ( ext4_has_metadata_csum ( dir - > i_sb ) )
buflen - = sizeof ( struct ext4_dir_entry_tail ) ;
while ( ( char * ) de < base + buflen ) {
if ( ext4_check_dir_entry ( dir , NULL , de , bh , base , buflen ,
( ( char * ) de ) - base ) )
return - EFSCORRUPTED ;
2006-10-11 01:20:50 -07:00
if ( de - > name_len & & de - > inode ) {
2021-03-19 07:34:13 +00:00
if ( ext4_hash_in_dirent ( dir ) )
h . hash = EXT4_DIRENT_HASH ( de ) ;
else
ext4fs_dirhash ( dir , de - > name , de - > name_len , & h ) ;
2006-10-11 01:20:50 -07:00
map_tail - - ;
map_tail - > hash = h . hash ;
2009-06-08 12:41:35 -04:00
map_tail - > offs = ( ( char * ) de - base ) > > 2 ;
ext34: ensure do_split leaves enough free space in both blocks
The do_split() function for htree dir blocks is intended to split a leaf
block to make room for a new entry. It sorts the entries in the original
block by hash value, then moves the last half of the entries to the new
block - without accounting for how much space this actually moves. (IOW,
it moves half of the entry *count* not half of the entry *space*). If by
chance we have both large & small entries, and we move only the smallest
entries, and we have a large new entry to insert, we may not have created
enough space for it.
The patch below stores each record size when calculating the dx_map, and
then walks the hash-sorted dx_map, calculating how many entries must be
moved to more evenly split the existing entries between the old block and
the new block, guaranteeing enough space for the new entry.
The dx_map "offs" member is reduced to u16 so that the overall map size
does not change - it is temporarily stored at the end of the new block, and
if it grows too large it may be overwritten. By making offs and size both
u16, we won't grow the map size.
Also add a few comments to the functions involved.
This fixes the testcase reported by hooanon05@yahoo.co.jp on the
linux-ext4 list, "ext3 dir_index causes an error"
Thanks to Andreas Dilger for discussing the problem & solution with me.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Tested-by: Junjiro Okajima <hooanon05@yahoo.co.jp>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: <linux-ext4@vger.kernel.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-18 22:46:42 -07:00
map_tail - > size = le16_to_cpu ( de - > rec_len ) ;
2006-10-11 01:20:50 -07:00
count + + ;
cond_resched ( ) ;
}
2022-05-18 11:33:28 +02:00
de = ext4_next_entry ( de , dir - > i_sb - > s_blocksize ) ;
2006-10-11 01:20:50 -07:00
}
return count ;
}
ext34: ensure do_split leaves enough free space in both blocks
The do_split() function for htree dir blocks is intended to split a leaf
block to make room for a new entry. It sorts the entries in the original
block by hash value, then moves the last half of the entries to the new
block - without accounting for how much space this actually moves. (IOW,
it moves half of the entry *count* not half of the entry *space*). If by
chance we have both large & small entries, and we move only the smallest
entries, and we have a large new entry to insert, we may not have created
enough space for it.
The patch below stores each record size when calculating the dx_map, and
then walks the hash-sorted dx_map, calculating how many entries must be
moved to more evenly split the existing entries between the old block and
the new block, guaranteeing enough space for the new entry.
The dx_map "offs" member is reduced to u16 so that the overall map size
does not change - it is temporarily stored at the end of the new block, and
if it grows too large it may be overwritten. By making offs and size both
u16, we won't grow the map size.
Also add a few comments to the functions involved.
This fixes the testcase reported by hooanon05@yahoo.co.jp on the
linux-ext4 list, "ext3 dir_index causes an error"
Thanks to Andreas Dilger for discussing the problem & solution with me.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Tested-by: Junjiro Okajima <hooanon05@yahoo.co.jp>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: <linux-ext4@vger.kernel.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-18 22:46:42 -07:00
/* Sort map by hash value */
2006-10-11 01:20:50 -07:00
static void dx_sort_map ( struct dx_map_entry * map , unsigned count )
{
2006-10-11 01:21:24 -07:00
struct dx_map_entry * p , * q , * top = map + count - 1 ;
int more ;
/* Combsort until bubble sort doesn't suck */
while ( count > 2 ) {
count = count * 10 / 13 ;
if ( count - 9 < 2 ) /* 9, 10 -> 11 */
count = 11 ;
for ( p = top , q = p - count ; q > = map ; p - - , q - - )
if ( p - > hash < q - > hash )
swap ( * p , * q ) ;
}
/* Garden variety bubble sort */
do {
more = 0 ;
q = top ;
while ( q - - > map ) {
if ( q [ 1 ] . hash > = q [ 0 ] . hash )
2006-10-11 01:20:50 -07:00
continue ;
2006-10-11 01:21:24 -07:00
swap ( * ( q + 1 ) , * q ) ;
more = 1 ;
2006-10-11 01:20:50 -07:00
}
} while ( more ) ;
}
2008-01-28 23:58:27 -05:00
static void dx_insert_block ( struct dx_frame * frame , u32 hash , ext4_lblk_t block )
2006-10-11 01:20:50 -07:00
{
struct dx_entry * entries = frame - > entries ;
struct dx_entry * old = frame - > at , * new = old + 1 ;
int count = dx_get_count ( entries ) ;
2020-11-07 23:58:11 +08:00
ASSERT ( count < dx_get_limit ( entries ) ) ;
ASSERT ( old < entries + count ) ;
2006-10-11 01:20:50 -07:00
memmove ( new + 1 , new , ( char * ) ( entries + count ) - ( char * ) ( new ) ) ;
dx_set_hash ( new , hash ) ;
dx_set_block ( new , block ) ;
dx_set_count ( entries , count + 1 ) ;
}
2022-01-18 07:56:14 +01:00
# if IS_ENABLED(CONFIG_UNICODE)
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
/*
* Test whether a case - insensitive directory entry matches the filename
2019-06-19 23:45:09 -04:00
* being searched for . If quick is set , assume the name being looked up
* is already in the casefolded form .
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
*
* Returns : 0 if the directory entry matches , more than 0 if it
* doesn ' t match or less than zero on error .
*/
2021-03-19 07:34:13 +00:00
static int ext4_ci_compare ( const struct inode * parent , const struct qstr * name ,
u8 * de_name , size_t de_name_len , bool quick )
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
{
2020-10-28 05:08:20 +00:00
const struct super_block * sb = parent - > i_sb ;
const struct unicode_map * um = sb - > s_encoding ;
2021-03-19 07:34:13 +00:00
struct fscrypt_str decrypted_name = FSTR_INIT ( NULL , de_name_len ) ;
struct qstr entry = QSTR_INIT ( de_name , de_name_len ) ;
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
int ret ;
2021-03-19 07:34:13 +00:00
if ( IS_ENCRYPTED ( parent ) ) {
const struct fscrypt_str encrypted_name =
FSTR_INIT ( de_name , de_name_len ) ;
decrypted_name . name = kmalloc ( de_name_len , GFP_KERNEL ) ;
if ( ! decrypted_name . name )
return - ENOMEM ;
ret = fscrypt_fname_disk_to_usr ( parent , 0 , 0 , & encrypted_name ,
& decrypted_name ) ;
if ( ret < 0 )
goto out ;
entry . name = decrypted_name . name ;
entry . len = decrypted_name . len ;
}
2019-06-19 23:45:09 -04:00
if ( quick )
2021-03-19 07:34:13 +00:00
ret = utf8_strncasecmp_folded ( um , name , & entry ) ;
2019-06-19 23:45:09 -04:00
else
2021-03-19 07:34:13 +00:00
ret = utf8_strncasecmp ( um , name , & entry ) ;
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
if ( ret < 0 ) {
/* Handle invalid character sequence as either an error
* or as an opaque byte sequence .
*/
2020-10-28 05:08:20 +00:00
if ( sb_has_strict_encoding ( sb ) )
2021-03-19 07:34:13 +00:00
ret = - EINVAL ;
else if ( name - > len ! = entry . len )
ret = 1 ;
else
ret = ! ! memcmp ( name - > name , entry . name , entry . len ) ;
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
}
2021-03-19 07:34:13 +00:00
out :
kfree ( decrypted_name . name ) ;
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
return ret ;
}
2019-06-19 23:45:09 -04:00
2021-03-19 07:34:14 +00:00
int ext4_fname_setup_ci_filename ( struct inode * dir , const struct qstr * iname ,
struct ext4_filename * name )
2019-06-19 23:45:09 -04:00
{
2021-03-19 07:34:14 +00:00
struct fscrypt_str * cf_name = & name - > cf_name ;
struct dx_hash_info * hinfo = & name - > hinfo ;
2019-07-02 17:53:22 -04:00
int len ;
2021-05-22 00:41:32 +00:00
if ( ! IS_CASEFOLDED ( dir ) | | ! dir - > i_sb - > s_encoding | |
( IS_ENCRYPTED ( dir ) & & ! fscrypt_has_encryption_key ( dir ) ) ) {
2019-06-19 23:45:09 -04:00
cf_name - > name = NULL ;
2021-03-19 07:34:14 +00:00
return 0 ;
2019-06-19 23:45:09 -04:00
}
cf_name - > name = kmalloc ( EXT4_NAME_LEN , GFP_NOFS ) ;
if ( ! cf_name - > name )
2021-03-19 07:34:14 +00:00
return - ENOMEM ;
2019-06-19 23:45:09 -04:00
2020-10-28 05:08:20 +00:00
len = utf8_casefold ( dir - > i_sb - > s_encoding ,
2019-07-02 17:53:22 -04:00
iname , cf_name - > name ,
EXT4_NAME_LEN ) ;
if ( len < = 0 ) {
2019-06-19 23:45:09 -04:00
kfree ( cf_name - > name ) ;
cf_name - > name = NULL ;
}
2019-07-02 17:53:22 -04:00
cf_name - > len = ( unsigned ) len ;
2021-03-19 07:34:14 +00:00
if ( ! IS_ENCRYPTED ( dir ) )
return 0 ;
2019-07-02 17:53:22 -04:00
2021-03-19 07:34:14 +00:00
hinfo - > hash_version = DX_HASH_SIPHASH ;
hinfo - > seed = NULL ;
if ( cf_name - > name )
ext4fs_dirhash ( dir , cf_name - > name , cf_name - > len , hinfo ) ;
else
ext4fs_dirhash ( dir , iname - > name , iname - > len , hinfo ) ;
return 0 ;
2019-06-19 23:45:09 -04:00
}
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
# endif
2006-10-11 01:20:50 -07:00
/*
2017-04-24 10:00:13 -07:00
* Test whether a directory entry matches the filename being searched for .
2006-10-11 01:20:50 -07:00
*
2017-04-24 10:00:13 -07:00
* Return : % true if the directory entry matches , otherwise % false .
2006-10-11 01:20:50 -07:00
*/
2021-03-19 07:34:13 +00:00
static bool ext4_match ( struct inode * parent ,
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
const struct ext4_filename * fname ,
2021-03-19 07:34:13 +00:00
struct ext4_dir_entry_2 * de )
2006-10-11 01:20:50 -07:00
{
2017-04-24 10:00:11 -07:00
struct fscrypt_name f ;
2015-04-12 01:09:03 -04:00
2006-10-11 01:20:50 -07:00
if ( ! de - > inode )
2017-04-24 10:00:13 -07:00
return false ;
2015-04-12 01:09:03 -04:00
2017-04-24 10:00:11 -07:00
f . usr_fname = fname - > usr_fname ;
f . disk_name = fname - > disk_name ;
2018-12-12 15:20:12 +05:30
# ifdef CONFIG_FS_ENCRYPTION
2017-04-24 10:00:11 -07:00
f . crypto_buf = fname - > crypto_buf ;
2015-04-12 01:09:03 -04:00
# endif
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
2022-01-18 07:56:14 +01:00
# if IS_ENABLED(CONFIG_UNICODE)
2021-05-22 00:41:32 +00:00
if ( parent - > i_sb - > s_encoding & & IS_CASEFOLDED ( parent ) & &
( ! IS_ENCRYPTED ( parent ) | | fscrypt_has_encryption_key ( parent ) ) ) {
2019-06-19 23:45:09 -04:00
if ( fname - > cf_name . name ) {
struct qstr cf = { . name = fname - > cf_name . name ,
. len = fname - > cf_name . len } ;
2021-03-19 07:34:13 +00:00
if ( IS_ENCRYPTED ( parent ) ) {
2021-03-19 07:34:14 +00:00
if ( fname - > hinfo . hash ! = EXT4_DIRENT_HASH ( de ) | |
fname - > hinfo . minor_hash ! =
EXT4_DIRENT_MINOR_HASH ( de ) ) {
2021-08-23 22:55:43 -07:00
return false ;
2021-03-19 07:34:14 +00:00
}
2021-03-19 07:34:13 +00:00
}
return ! ext4_ci_compare ( parent , & cf , de - > name ,
de - > name_len , true ) ;
2019-06-19 23:45:09 -04:00
}
2021-03-19 07:34:13 +00:00
return ! ext4_ci_compare ( parent , fname - > usr_fname , de - > name ,
de - > name_len , false ) ;
2019-06-19 23:45:09 -04:00
}
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
# endif
2017-04-24 10:00:11 -07:00
return fscrypt_match_name ( & f , de - > name , de - > name_len ) ;
2006-10-11 01:20:50 -07:00
}
/*
* Returns 0 if not found , - 1 on failure , and 1 on success
*/
2015-05-18 13:14:47 -04:00
int ext4_search_dir ( struct buffer_head * bh , char * search_buf , int buf_size ,
struct inode * dir , struct ext4_filename * fname ,
unsigned int offset , struct ext4_dir_entry_2 * * res_dir )
2006-10-11 01:20:50 -07:00
{
2006-10-11 01:20:53 -07:00
struct ext4_dir_entry_2 * de ;
2006-10-11 01:20:50 -07:00
char * dlimit ;
int de_len ;
2015-04-12 01:09:03 -04:00
2012-12-10 14:05:59 -05:00
de = ( struct ext4_dir_entry_2 * ) search_buf ;
dlimit = search_buf + buf_size ;
ext4: fix use-after-free in ext4_search_dir
We got issue as follows:
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
==================================================================
BUG: KASAN: use-after-free in ext4_search_dir fs/ext4/namei.c:1394 [inline]
BUG: KASAN: use-after-free in search_dirblock fs/ext4/namei.c:1199 [inline]
BUG: KASAN: use-after-free in __ext4_find_entry+0xdca/0x1210 fs/ext4/namei.c:1553
Read of size 1 at addr ffff8881317c3005 by task syz-executor117/2331
CPU: 1 PID: 2331 Comm: syz-executor117 Not tainted 5.10.0+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:83 [inline]
dump_stack+0x144/0x187 lib/dump_stack.c:124
print_address_description+0x7d/0x630 mm/kasan/report.c:387
__kasan_report+0x132/0x190 mm/kasan/report.c:547
kasan_report+0x47/0x60 mm/kasan/report.c:564
ext4_search_dir fs/ext4/namei.c:1394 [inline]
search_dirblock fs/ext4/namei.c:1199 [inline]
__ext4_find_entry+0xdca/0x1210 fs/ext4/namei.c:1553
ext4_lookup_entry fs/ext4/namei.c:1622 [inline]
ext4_lookup+0xb8/0x3a0 fs/ext4/namei.c:1690
__lookup_hash+0xc5/0x190 fs/namei.c:1451
do_rmdir+0x19e/0x310 fs/namei.c:3760
do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x445e59
Code: 4d c7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b c7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff2277fac8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
RAX: ffffffffffffffda RBX: 0000000000400280 RCX: 0000000000445e59
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000002
R10: 00007fff2277f990 R11: 0000000000000246 R12: 0000000000000000
R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
The buggy address belongs to the page:
page:0000000048cd3304 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1317c3
flags: 0x200000000000000()
raw: 0200000000000000 ffffea0004526588 ffffea0004528088 0000000000000000
raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881317c2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8881317c2f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8881317c3000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff8881317c3080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff8881317c3100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
ext4_search_dir:
...
de = (struct ext4_dir_entry_2 *)search_buf;
dlimit = search_buf + buf_size;
while ((char *) de < dlimit) {
...
if ((char *) de + de->name_len <= dlimit &&
ext4_match(dir, fname, de)) {
...
}
...
de_len = ext4_rec_len_from_disk(de->rec_len, dir->i_sb->s_blocksize);
if (de_len <= 0)
return -1;
offset += de_len;
de = (struct ext4_dir_entry_2 *) ((char *) de + de_len);
}
Assume:
de=0xffff8881317c2fff
dlimit=0x0xffff8881317c3000
If read 'de->name_len' which address is 0xffff8881317c3005, obviously is
out of range, then will trigger use-after-free.
To solve this issue, 'dlimit' must reserve 8 bytes, as we will read
'de->name_len' to judge if '(char *) de + de->name_len' out of range.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220324064816.1209985-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
2022-03-24 14:48:16 +08:00
while ( ( char * ) de < dlimit - EXT4_BASE_DIR_LEN ) {
2006-10-11 01:20:50 -07:00
/* this code is executed quadratically often */
/* do minimal checking `by hand' */
ext4: fix use-after-free in ext4_search_dir
We got issue as follows:
EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
==================================================================
BUG: KASAN: use-after-free in ext4_search_dir fs/ext4/namei.c:1394 [inline]
BUG: KASAN: use-after-free in search_dirblock fs/ext4/namei.c:1199 [inline]
BUG: KASAN: use-after-free in __ext4_find_entry+0xdca/0x1210 fs/ext4/namei.c:1553
Read of size 1 at addr ffff8881317c3005 by task syz-executor117/2331
CPU: 1 PID: 2331 Comm: syz-executor117 Not tainted 5.10.0+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:83 [inline]
dump_stack+0x144/0x187 lib/dump_stack.c:124
print_address_description+0x7d/0x630 mm/kasan/report.c:387
__kasan_report+0x132/0x190 mm/kasan/report.c:547
kasan_report+0x47/0x60 mm/kasan/report.c:564
ext4_search_dir fs/ext4/namei.c:1394 [inline]
search_dirblock fs/ext4/namei.c:1199 [inline]
__ext4_find_entry+0xdca/0x1210 fs/ext4/namei.c:1553
ext4_lookup_entry fs/ext4/namei.c:1622 [inline]
ext4_lookup+0xb8/0x3a0 fs/ext4/namei.c:1690
__lookup_hash+0xc5/0x190 fs/namei.c:1451
do_rmdir+0x19e/0x310 fs/namei.c:3760
do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x445e59
Code: 4d c7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 1b c7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff2277fac8 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
RAX: ffffffffffffffda RBX: 0000000000400280 RCX: 0000000000445e59
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200000c0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000002
R10: 00007fff2277f990 R11: 0000000000000246 R12: 0000000000000000
R13: 431bde82d7b634db R14: 0000000000000000 R15: 0000000000000000
The buggy address belongs to the page:
page:0000000048cd3304 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1317c3
flags: 0x200000000000000()
raw: 0200000000000000 ffffea0004526588 ffffea0004528088 0000000000000000
raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881317c2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8881317c2f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff8881317c3000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
^
ffff8881317c3080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ffff8881317c3100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
==================================================================
ext4_search_dir:
...
de = (struct ext4_dir_entry_2 *)search_buf;
dlimit = search_buf + buf_size;
while ((char *) de < dlimit) {
...
if ((char *) de + de->name_len <= dlimit &&
ext4_match(dir, fname, de)) {
...
}
...
de_len = ext4_rec_len_from_disk(de->rec_len, dir->i_sb->s_blocksize);
if (de_len <= 0)
return -1;
offset += de_len;
de = (struct ext4_dir_entry_2 *) ((char *) de + de_len);
}
Assume:
de=0xffff8881317c2fff
dlimit=0x0xffff8881317c3000
If read 'de->name_len' which address is 0xffff8881317c3005, obviously is
out of range, then will trigger use-after-free.
To solve this issue, 'dlimit' must reserve 8 bytes, as we will read
'de->name_len' to judge if '(char *) de + de->name_len' out of range.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20220324064816.1209985-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
2022-03-24 14:48:16 +08:00
if ( de - > name + de - > name_len < = dlimit & &
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
ext4_match ( dir , fname , de ) ) {
2017-04-24 10:00:13 -07:00
/* found a match - just to be sure, do
* a full check */
2020-07-31 18:21:35 +02:00
if ( ext4_check_dir_entry ( dir , NULL , de , bh , search_buf ,
buf_size , offset ) )
2017-04-24 10:00:13 -07:00
return - 1 ;
* res_dir = de ;
return 1 ;
2006-10-11 01:20:50 -07:00
}
/* prevent looping on a bad block */
2009-02-14 23:01:36 -05:00
de_len = ext4_rec_len_from_disk ( de - > rec_len ,
dir - > i_sb - > s_blocksize ) ;
2017-04-24 10:00:13 -07:00
if ( de_len < = 0 )
return - 1 ;
2006-10-11 01:20:50 -07:00
offset + = de_len ;
2006-10-11 01:20:53 -07:00
de = ( struct ext4_dir_entry_2 * ) ( ( char * ) de + de_len ) ;
2006-10-11 01:20:50 -07:00
}
2017-04-24 10:00:13 -07:00
return 0 ;
2006-10-11 01:20:50 -07:00
}
2012-11-12 23:51:02 -05:00
static int is_dx_internal_node ( struct inode * dir , ext4_lblk_t block ,
struct ext4_dir_entry * de )
{
struct super_block * sb = dir - > i_sb ;
if ( ! is_dx ( dir ) )
return 0 ;
if ( block = = 0 )
return 1 ;
if ( de - > inode = = 0 & &
ext4_rec_len_from_disk ( de - > rec_len , sb - > s_blocksize ) = =
sb - > s_blocksize )
return 1 ;
return 0 ;
}
2006-10-11 01:20:50 -07:00
/*
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
->lookup() in an encrypted directory begins as follows:
1. fscrypt_prepare_lookup():
a. Try to load the directory's encryption key.
b. If the key is unavailable, mark the dentry as a ciphertext name
via d_flags.
2. fscrypt_setup_filename():
a. Try to load the directory's encryption key.
b. If the key is available, encrypt the name (treated as a plaintext
name) to get the on-disk name. Otherwise decode the name
(treated as a ciphertext name) to get the on-disk name.
But if the key is concurrently added, it may be found at (2a) but not at
(1a). In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.
This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems. For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it. This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.
Of course, this is only possible if there's a userspace race. Still,
the additional kernel-side race is confusing and unexpected.
Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-03-20 11:39:13 -07:00
* __ext4_find_entry ( )
2006-10-11 01:20:50 -07:00
*
* finds an entry in the specified directory with the wanted name . It
* returns the cache buffer in which the entry was found , and the entry
* itself ( as a parameter - res_dir ) . It does NOT read the inode of the
* entry - you ' ll have to do that yourself if you want to .
*
* The returned buffer_head has - > b_count elevated . The caller is expected
* to brelse ( ) it when appropriate .
*/
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
->lookup() in an encrypted directory begins as follows:
1. fscrypt_prepare_lookup():
a. Try to load the directory's encryption key.
b. If the key is unavailable, mark the dentry as a ciphertext name
via d_flags.
2. fscrypt_setup_filename():
a. Try to load the directory's encryption key.
b. If the key is available, encrypt the name (treated as a plaintext
name) to get the on-disk name. Otherwise decode the name
(treated as a ciphertext name) to get the on-disk name.
But if the key is concurrently added, it may be found at (2a) but not at
(1a). In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.
This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems. For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it. This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.
Of course, this is only possible if there's a userspace race. Still,
the additional kernel-side race is confusing and unexpected.
Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-03-20 11:39:13 -07:00
static struct buffer_head * __ext4_find_entry ( struct inode * dir ,
struct ext4_filename * fname ,
struct ext4_dir_entry_2 * * res_dir ,
int * inlined )
2006-10-11 01:20:50 -07:00
{
2008-09-08 22:25:24 -04:00
struct super_block * sb ;
struct buffer_head * bh_use [ NAMEI_RA_SIZE ] ;
struct buffer_head * bh , * ret = NULL ;
2017-08-06 00:07:01 -04:00
ext4_lblk_t start , block ;
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
->lookup() in an encrypted directory begins as follows:
1. fscrypt_prepare_lookup():
a. Try to load the directory's encryption key.
b. If the key is unavailable, mark the dentry as a ciphertext name
via d_flags.
2. fscrypt_setup_filename():
a. Try to load the directory's encryption key.
b. If the key is available, encrypt the name (treated as a plaintext
name) to get the on-disk name. Otherwise decode the name
(treated as a ciphertext name) to get the on-disk name.
But if the key is concurrently added, it may be found at (2a) but not at
(1a). In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.
This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems. For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it. This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.
Of course, this is only possible if there's a userspace race. Still,
the additional kernel-side race is confusing and unexpected.
Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-03-20 11:39:13 -07:00
const u8 * name = fname - > usr_fname - > name ;
2017-08-06 00:07:01 -04:00
size_t ra_max = 0 ; /* Number of bh's in the readahead
2006-10-11 01:20:50 -07:00
buffer , bh_use [ ] */
2017-08-06 00:07:01 -04:00
size_t ra_ptr = 0 ; /* Current index into readahead
2006-10-11 01:20:50 -07:00
buffer */
2008-01-28 23:58:27 -05:00
ext4_lblk_t nblocks ;
2015-05-18 13:14:47 -04:00
int i , namelen , retval ;
2006-10-11 01:20:50 -07:00
* res_dir = NULL ;
sb = dir - > i_sb ;
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
->lookup() in an encrypted directory begins as follows:
1. fscrypt_prepare_lookup():
a. Try to load the directory's encryption key.
b. If the key is unavailable, mark the dentry as a ciphertext name
via d_flags.
2. fscrypt_setup_filename():
a. Try to load the directory's encryption key.
b. If the key is available, encrypt the name (treated as a plaintext
name) to get the on-disk name. Otherwise decode the name
(treated as a ciphertext name) to get the on-disk name.
But if the key is concurrently added, it may be found at (2a) but not at
(1a). In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.
This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems. For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it. This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.
Of course, this is only possible if there's a userspace race. Still,
the additional kernel-side race is confusing and unexpected.
Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-03-20 11:39:13 -07:00
namelen = fname - > usr_fname - > len ;
2006-10-11 01:20:53 -07:00
if ( namelen > EXT4_NAME_LEN )
2006-10-11 01:20:50 -07:00
return NULL ;
2012-12-10 14:06:00 -05:00
if ( ext4_has_inline_data ( dir ) ) {
int has_inline_data = 1 ;
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
->lookup() in an encrypted directory begins as follows:
1. fscrypt_prepare_lookup():
a. Try to load the directory's encryption key.
b. If the key is unavailable, mark the dentry as a ciphertext name
via d_flags.
2. fscrypt_setup_filename():
a. Try to load the directory's encryption key.
b. If the key is available, encrypt the name (treated as a plaintext
name) to get the on-disk name. Otherwise decode the name
(treated as a ciphertext name) to get the on-disk name.
But if the key is concurrently added, it may be found at (2a) but not at
(1a). In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.
This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems. For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it. This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.
Of course, this is only possible if there's a userspace race. Still,
the additional kernel-side race is confusing and unexpected.
Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-03-20 11:39:13 -07:00
ret = ext4_find_inline_entry ( dir , fname , res_dir ,
2012-12-10 14:06:00 -05:00
& has_inline_data ) ;
ext4: fix RENAME_WHITEOUT handling for inline directories
A significant number of xfstests can cause ext4 to log one or more
warning messages when they are run on a test file system where the
inline_data feature has been enabled. An example:
"EXT4-fs warning (device vdc): ext4_dirblock_csum_set:425: inode
#16385: comm fsstress: No space for directory leaf checksum. Please
run e2fsck -D."
The xfstests include: ext4/057, 058, and 307; generic/013, 051, 068,
070, 076, 078, 083, 232, 269, 270, 390, 461, 475, 476, 482, 579, 585,
589, 626, 631, and 650.
In this situation, the warning message indicates a bug in the code that
performs the RENAME_WHITEOUT operation on a directory entry that has
been stored inline. It doesn't detect that the directory is stored
inline, and incorrectly attempts to compute a dirent block checksum on
the whiteout inode when creating it. This attempt fails as a result
of the integrity checking in get_dirent_tail (usually due to a failure
to match the EXT4_FT_DIR_CSUM magic cookie), and the warning message
is then emitted.
Fix this by simply collecting the inlined data state at the time the
search for the source directory entry is performed. Existing code
handles the rest, and this is sufficient to eliminate all spurious
warning messages produced by the tests above. Go one step further
and do the same in the code that resets the source directory entry in
the event of failure. The inlined state should be present in the
"old" struct, but given the possibility of a race there's no harm
in taking a conservative approach and getting that information again
since the directory entry is being reread anyway.
Fixes: b7ff91fd030d ("ext4: find old entry again if failed to rename whiteout")
Cc: stable@kernel.org
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230210173244.679890-1-enwlinux@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2023-02-10 12:32:44 -05:00
if ( inlined )
* inlined = has_inline_data ;
if ( has_inline_data )
2015-05-18 13:14:47 -04:00
goto cleanup_and_exit ;
2012-12-10 14:06:00 -05:00
}
2010-10-27 21:30:08 -04:00
if ( ( namelen < = 2 ) & & ( name [ 0 ] = = ' . ' ) & &
2010-12-14 21:45:31 -05:00
( name [ 1 ] = = ' . ' | | name [ 1 ] = = ' \0 ' ) ) {
2010-10-27 21:30:08 -04:00
/*
* " . " or " .. " will only be in the first block
* NFS may look up " .. " ; " . " should be handled by the VFS
*/
block = start = 0 ;
nblocks = 1 ;
goto restart ;
}
2006-10-11 01:20:50 -07:00
if ( is_dx ( dir ) ) {
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
->lookup() in an encrypted directory begins as follows:
1. fscrypt_prepare_lookup():
a. Try to load the directory's encryption key.
b. If the key is unavailable, mark the dentry as a ciphertext name
via d_flags.
2. fscrypt_setup_filename():
a. Try to load the directory's encryption key.
b. If the key is available, encrypt the name (treated as a plaintext
name) to get the on-disk name. Otherwise decode the name
(treated as a ciphertext name) to get the on-disk name.
But if the key is concurrently added, it may be found at (2a) but not at
(1a). In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.
This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems. For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it. This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.
Of course, this is only possible if there's a userspace race. Still,
the additional kernel-side race is confusing and unexpected.
Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-03-20 11:39:13 -07:00
ret = ext4_dx_find_entry ( dir , fname , res_dir ) ;
2006-10-11 01:20:50 -07:00
/*
* On success , or if the error was file not found ,
* return . Otherwise , fall back to doing a search the
* old fashioned way .
*/
2015-05-18 13:14:47 -04:00
if ( ! IS_ERR ( ret ) | | PTR_ERR ( ret ) ! = ERR_BAD_DX_DIR )
goto cleanup_and_exit ;
2008-09-08 23:00:52 -04:00
dxtrace ( printk ( KERN_DEBUG " ext4_find_entry: dx failed, "
" falling back \n " ) ) ;
2018-07-29 17:13:42 -04:00
ret = NULL ;
2006-10-11 01:20:50 -07:00
}
2006-10-11 01:20:53 -07:00
nblocks = dir - > i_size > > EXT4_BLOCK_SIZE_BITS ( sb ) ;
2017-12-11 15:00:57 -05:00
if ( ! nblocks ) {
ret = NULL ;
goto cleanup_and_exit ;
}
2006-10-11 01:20:53 -07:00
start = EXT4_I ( dir ) - > i_dir_start_lookup ;
2006-10-11 01:20:50 -07:00
if ( start > = nblocks )
start = 0 ;
block = start ;
restart :
do {
/*
* We deal with the read - ahead logic here .
*/
2020-02-15 03:02:06 -05:00
cond_resched ( ) ;
2006-10-11 01:20:50 -07:00
if ( ra_ptr > = ra_max ) {
/* Refill the readahead buffer */
ra_ptr = 0 ;
2017-08-06 00:07:01 -04:00
if ( block < start )
ra_max = start - block ;
else
ra_max = nblocks - block ;
ra_max = min ( ra_max , ARRAY_SIZE ( bh_use ) ) ;
retval = ext4_bread_batch ( dir , block , ra_max ,
false /* wait */ , bh_use ) ;
if ( retval ) {
ret = ERR_PTR ( retval ) ;
ra_max = 0 ;
goto cleanup_and_exit ;
2006-10-11 01:20:50 -07:00
}
}
if ( ( bh = bh_use [ ra_ptr + + ] ) = = NULL )
goto next ;
wait_on_buffer ( bh ) ;
if ( ! buffer_uptodate ( bh ) ) {
2020-03-28 19:33:43 -04:00
EXT4_ERROR_INODE_ERR ( dir , EIO ,
" reading directory lblock %lu " ,
( unsigned long ) block ) ;
2006-10-11 01:20:50 -07:00
brelse ( bh ) ;
2017-06-23 00:29:05 -04:00
ret = ERR_PTR ( - EIO ) ;
goto cleanup_and_exit ;
2006-10-11 01:20:50 -07:00
}
2012-04-29 18:41:10 -04:00
if ( ! buffer_verified ( bh ) & &
2012-11-12 23:51:02 -05:00
! is_dx_internal_node ( dir , block ,
( struct ext4_dir_entry * ) bh - > b_data ) & &
2019-06-21 15:49:26 -04:00
! ext4_dirblock_csum_verify ( dir , bh ) ) {
2020-03-28 19:33:43 -04:00
EXT4_ERROR_INODE_ERR ( dir , EFSBADCRC ,
" checksumming directory "
" block %lu " , ( unsigned long ) block ) ;
2012-04-29 18:41:10 -04:00
brelse ( bh ) ;
2017-06-23 00:47:05 -04:00
ret = ERR_PTR ( - EFSBADCRC ) ;
goto cleanup_and_exit ;
2012-04-29 18:41:10 -04:00
}
set_buffer_verified ( bh ) ;
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
->lookup() in an encrypted directory begins as follows:
1. fscrypt_prepare_lookup():
a. Try to load the directory's encryption key.
b. If the key is unavailable, mark the dentry as a ciphertext name
via d_flags.
2. fscrypt_setup_filename():
a. Try to load the directory's encryption key.
b. If the key is available, encrypt the name (treated as a plaintext
name) to get the on-disk name. Otherwise decode the name
(treated as a ciphertext name) to get the on-disk name.
But if the key is concurrently added, it may be found at (2a) but not at
(1a). In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.
This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems. For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it. This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.
Of course, this is only possible if there's a userspace race. Still,
the additional kernel-side race is confusing and unexpected.
Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-03-20 11:39:13 -07:00
i = search_dirblock ( bh , dir , fname ,
2006-10-11 01:20:53 -07:00
block < < EXT4_BLOCK_SIZE_BITS ( sb ) , res_dir ) ;
2006-10-11 01:20:50 -07:00
if ( i = = 1 ) {
2006-10-11 01:20:53 -07:00
EXT4_I ( dir ) - > i_dir_start_lookup = block ;
2006-10-11 01:20:50 -07:00
ret = bh ;
goto cleanup_and_exit ;
} else {
brelse ( bh ) ;
if ( i < 0 )
goto cleanup_and_exit ;
}
next :
if ( + + block > = nblocks )
block = 0 ;
} while ( block ! = start ) ;
/*
* If the directory has grown while we were searching , then
* search the last part of the directory before giving up .
*/
block = nblocks ;
2006-10-11 01:20:53 -07:00
nblocks = dir - > i_size > > EXT4_BLOCK_SIZE_BITS ( sb ) ;
2006-10-11 01:20:50 -07:00
if ( block < nblocks ) {
start = 0 ;
goto restart ;
}
cleanup_and_exit :
/* Clean up the read-ahead blocks */
for ( ; ra_ptr < ra_max ; ra_ptr + + )
2008-09-08 22:25:24 -04:00
brelse ( bh_use [ ra_ptr ] ) ;
2006-10-11 01:20:50 -07:00
return ret ;
}
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
->lookup() in an encrypted directory begins as follows:
1. fscrypt_prepare_lookup():
a. Try to load the directory's encryption key.
b. If the key is unavailable, mark the dentry as a ciphertext name
via d_flags.
2. fscrypt_setup_filename():
a. Try to load the directory's encryption key.
b. If the key is available, encrypt the name (treated as a plaintext
name) to get the on-disk name. Otherwise decode the name
(treated as a ciphertext name) to get the on-disk name.
But if the key is concurrently added, it may be found at (2a) but not at
(1a). In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.
This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems. For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it. This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.
Of course, this is only possible if there's a userspace race. Still,
the additional kernel-side race is confusing and unexpected.
Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-03-20 11:39:13 -07:00
static struct buffer_head * ext4_find_entry ( struct inode * dir ,
const struct qstr * d_name ,
struct ext4_dir_entry_2 * * res_dir ,
int * inlined )
{
int err ;
struct ext4_filename fname ;
struct buffer_head * bh ;
err = ext4_fname_setup_filename ( dir , d_name , 1 , & fname ) ;
if ( err = = - ENOENT )
return NULL ;
if ( err )
return ERR_PTR ( err ) ;
bh = __ext4_find_entry ( dir , & fname , res_dir , inlined ) ;
ext4_fname_free_filename ( & fname ) ;
return bh ;
}
static struct buffer_head * ext4_lookup_entry ( struct inode * dir ,
struct dentry * dentry ,
struct ext4_dir_entry_2 * * res_dir )
{
int err ;
struct ext4_filename fname ;
struct buffer_head * bh ;
err = ext4_fname_prepare_lookup ( dir , dentry , & fname ) ;
2020-11-19 06:09:03 +00:00
generic_set_encrypted_ci_d_ops ( dentry ) ;
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
->lookup() in an encrypted directory begins as follows:
1. fscrypt_prepare_lookup():
a. Try to load the directory's encryption key.
b. If the key is unavailable, mark the dentry as a ciphertext name
via d_flags.
2. fscrypt_setup_filename():
a. Try to load the directory's encryption key.
b. If the key is available, encrypt the name (treated as a plaintext
name) to get the on-disk name. Otherwise decode the name
(treated as a ciphertext name) to get the on-disk name.
But if the key is concurrently added, it may be found at (2a) but not at
(1a). In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.
This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems. For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it. This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.
Of course, this is only possible if there's a userspace race. Still,
the additional kernel-side race is confusing and unexpected.
Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-03-20 11:39:13 -07:00
if ( err = = - ENOENT )
return NULL ;
if ( err )
return ERR_PTR ( err ) ;
bh = __ext4_find_entry ( dir , & fname , res_dir , NULL ) ;
ext4_fname_free_filename ( & fname ) ;
return bh ;
}
2015-05-18 13:14:47 -04:00
static struct buffer_head * ext4_dx_find_entry ( struct inode * dir ,
struct ext4_filename * fname ,
struct ext4_dir_entry_2 * * res_dir )
2006-10-11 01:20:50 -07:00
{
2010-10-27 21:30:08 -04:00
struct super_block * sb = dir - > i_sb ;
2017-06-21 21:09:57 -04:00
struct dx_frame frames [ EXT4_HTREE_LEVEL ] , * frame ;
2006-10-11 01:20:50 -07:00
struct buffer_head * bh ;
2008-01-28 23:58:27 -05:00
ext4_lblk_t block ;
2006-10-11 01:20:50 -07:00
int retval ;
2018-12-12 15:20:12 +05:30
# ifdef CONFIG_FS_ENCRYPTION
2015-04-12 01:09:03 -04:00
* res_dir = NULL ;
# endif
2015-05-18 13:14:47 -04:00
frame = dx_probe ( fname , dir , NULL , frames ) ;
2014-08-29 20:52:17 -04:00
if ( IS_ERR ( frame ) )
return ( struct buffer_head * ) frame ;
2006-10-11 01:20:50 -07:00
do {
block = dx_get_block ( frame - > at ) ;
2019-06-20 21:19:02 -04:00
bh = ext4_read_dirblock ( dir , block , DIRENT_HTREE ) ;
2014-08-29 20:49:51 -04:00
if ( IS_ERR ( bh ) )
2012-04-29 18:41:10 -04:00
goto errout ;
2014-08-29 20:49:51 -04:00
2017-05-24 18:10:49 -04:00
retval = search_dirblock ( bh , dir , fname ,
2010-10-27 21:30:08 -04:00
block < < EXT4_BLOCK_SIZE_BITS ( sb ) ,
res_dir ) ;
2014-08-29 20:49:51 -04:00
if ( retval = = 1 )
goto success ;
2008-09-08 22:25:24 -04:00
brelse ( bh ) ;
2010-10-27 21:30:08 -04:00
if ( retval = = - 1 ) {
2014-08-29 20:49:51 -04:00
bh = ERR_PTR ( ERR_BAD_DX_DIR ) ;
2010-10-27 21:30:08 -04:00
goto errout ;
}
2006-10-11 01:20:50 -07:00
/* Check to see if we should continue to search */
2015-05-18 13:14:47 -04:00
retval = ext4_htree_next_block ( dir , fname - > hinfo . hash , frame ,
2006-10-11 01:20:50 -07:00
frames , NULL ) ;
if ( retval < 0 ) {
2015-06-15 14:50:26 -04:00
ext4_warning_inode ( dir ,
" error %d reading directory index block " ,
retval ) ;
2014-08-29 20:49:51 -04:00
bh = ERR_PTR ( retval ) ;
2006-10-11 01:20:50 -07:00
goto errout ;
}
} while ( retval = = 1 ) ;
2014-08-29 20:49:51 -04:00
bh = NULL ;
2006-10-11 01:20:50 -07:00
errout :
2017-05-24 18:10:49 -04:00
dxtrace ( printk ( KERN_DEBUG " %s not found \n " , fname - > usr_fname - > name ) ) ;
2014-08-29 20:49:51 -04:00
success :
dx_release ( frames ) ;
return bh ;
2006-10-11 01:20:50 -07:00
}
2012-06-10 17:13:09 -04:00
static struct dentry * ext4_lookup ( struct inode * dir , struct dentry * dentry , unsigned int flags )
2006-10-11 01:20:50 -07:00
{
2008-09-08 22:25:24 -04:00
struct inode * inode ;
struct ext4_dir_entry_2 * de ;
struct buffer_head * bh ;
2016-02-07 19:35:05 -05:00
2017-10-18 20:21:58 -04:00
if ( dentry - > d_name . len > EXT4_NAME_LEN )
return ERR_PTR ( - ENAMETOOLONG ) ;
2006-10-11 01:20:50 -07:00
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
->lookup() in an encrypted directory begins as follows:
1. fscrypt_prepare_lookup():
a. Try to load the directory's encryption key.
b. If the key is unavailable, mark the dentry as a ciphertext name
via d_flags.
2. fscrypt_setup_filename():
a. Try to load the directory's encryption key.
b. If the key is available, encrypt the name (treated as a plaintext
name) to get the on-disk name. Otherwise decode the name
(treated as a ciphertext name) to get the on-disk name.
But if the key is concurrently added, it may be found at (2a) but not at
(1a). In this case, the dentry will be wrongly marked as a ciphertext
name even though it was actually treated as plaintext.
This will cause the dentry to be wrongly invalidated on the next lookup,
potentially causing problems. For example, if the racy ->lookup() was
part of sys_mount(), then the new mount will be detached when anything
tries to access it. This is despite the mountpoint having a plaintext
path, which should remain valid now that the key was added.
Of course, this is only possible if there's a userspace race. Still,
the additional kernel-side race is confusing and unexpected.
Close the kernel-side race by changing fscrypt_prepare_lookup() to also
set the on-disk filename (step 2b), consistent with the d_flags update.
Fixes: 28b4c263961c ("ext4 crypto: revalidate dentry after adding or removing the key")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-03-20 11:39:13 -07:00
bh = ext4_lookup_entry ( dir , dentry , & de ) ;
2014-08-23 17:47:19 -04:00
if ( IS_ERR ( bh ) )
2018-10-10 16:41:40 -04:00
return ERR_CAST ( bh ) ;
2006-10-11 01:20:50 -07:00
inode = NULL ;
if ( bh ) {
2008-11-05 00:14:04 -05:00
__u32 ino = le32_to_cpu ( de - > inode ) ;
2008-09-08 22:25:24 -04:00
brelse ( bh ) ;
2006-10-11 01:20:53 -07:00
if ( ! ext4_valid_inum ( dir - > i_sb , ino ) ) {
2010-05-16 21:00:00 -04:00
EXT4_ERROR_INODE ( dir , " bad inode number: %u " , ino ) ;
2015-10-17 16:16:04 -04:00
return ERR_PTR ( - EFSCORRUPTED ) ;
2007-07-15 23:40:46 -07:00
}
2012-05-28 17:02:25 -04:00
if ( unlikely ( ino = = dir - > i_ino ) ) {
2014-01-06 14:04:23 -05:00
EXT4_ERROR_INODE ( dir , " '%pd' linked to parent dir " ,
dentry ) ;
2015-10-17 16:16:04 -04:00
return ERR_PTR ( - EFSCORRUPTED ) ;
2012-05-28 17:02:25 -04:00
}
ext4: avoid declaring fs inconsistent due to invalid file handles
If we receive a file handle, either from NFS or open_by_handle_at(2),
and it points at an inode which has not been initialized, and the file
system has metadata checksums enabled, we shouldn't try to get the
inode, discover the checksum is invalid, and then declare the file
system as being inconsistent.
This can be reproduced by creating a test file system via "mke2fs -t
ext4 -O metadata_csum /tmp/foo.img 8M", mounting it, cd'ing into that
directory, and then running the following program.
#define _GNU_SOURCE
#include <fcntl.h>
struct handle {
struct file_handle fh;
unsigned char fid[MAX_HANDLE_SZ];
};
int main(int argc, char **argv)
{
struct handle h = {{8, 1 }, { 12, }};
open_by_handle_at(AT_FDCWD, &h.fh, O_RDONLY);
return 0;
}
Google-Bug-Id: 120690101
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
2018-12-19 12:29:13 -05:00
inode = ext4_iget ( dir - > i_sb , ino , EXT4_IGET_NORMAL ) ;
2011-07-08 21:20:11 -04:00
if ( inode = = ERR_PTR ( - ESTALE ) ) {
EXT4_ERROR_INODE ( dir ,
" deleted inode referenced: %u " ,
ino ) ;
2015-10-17 16:16:04 -04:00
return ERR_PTR ( - EFSCORRUPTED ) ;
2009-02-22 21:20:25 -05:00
}
2018-12-12 15:20:10 +05:30
if ( ! IS_ERR ( inode ) & & IS_ENCRYPTED ( dir ) & &
2016-02-08 00:54:26 -05:00
( S_ISDIR ( inode - > i_mode ) | | S_ISLNK ( inode - > i_mode ) ) & &
2016-07-10 14:01:03 -04:00
! fscrypt_has_permitted_context ( dir , inode ) ) {
2015-04-12 00:55:08 -04:00
ext4_warning ( inode - > i_sb ,
2016-04-27 01:11:21 -04:00
" Inconsistent encryption contexts: %lu/%lu " ,
2017-04-07 10:58:38 -07:00
dir - > i_ino , inode - > i_ino ) ;
2017-02-01 21:07:11 -05:00
iput ( inode ) ;
2015-04-12 00:55:08 -04:00
return ERR_PTR ( - EPERM ) ;
}
2006-10-11 01:20:50 -07:00
}
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
2022-01-18 07:56:14 +01:00
# if IS_ENABLED(CONFIG_UNICODE)
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
if ( ! inode & & IS_CASEFOLDED ( dir ) ) {
/* Eventually we want to call d_add_ci(dentry, NULL)
* for negative dentries in the encoding case as
* well . For now , prevent the negative dentry
* from being cached .
*/
return NULL ;
}
# endif
2006-10-11 01:20:50 -07:00
return d_splice_alias ( inode , dentry ) ;
}
2006-10-11 01:20:53 -07:00
struct dentry * ext4_get_parent ( struct dentry * child )
2006-10-11 01:20:50 -07:00
{
2008-11-05 00:14:04 -05:00
__u32 ino ;
2006-10-11 01:20:53 -07:00
struct ext4_dir_entry_2 * de ;
2006-10-11 01:20:50 -07:00
struct buffer_head * bh ;
2021-04-15 19:46:50 -04:00
bh = ext4_find_entry ( d_inode ( child ) , & dotdot_name , & de , NULL ) ;
2014-08-23 17:47:19 -04:00
if ( IS_ERR ( bh ) )
2018-10-10 16:41:40 -04:00
return ERR_CAST ( bh ) ;
2006-10-11 01:20:50 -07:00
if ( ! bh )
return ERR_PTR ( - ENOENT ) ;
ino = le32_to_cpu ( de - > inode ) ;
brelse ( bh ) ;
2016-04-10 01:33:30 -04:00
if ( ! ext4_valid_inum ( child - > d_sb , ino ) ) {
2015-03-17 22:25:59 +00:00
EXT4_ERROR_INODE ( d_inode ( child ) ,
2010-05-16 21:00:00 -04:00
" bad parent inode number: %u " , ino ) ;
2015-10-17 16:16:04 -04:00
return ERR_PTR ( - EFSCORRUPTED ) ;
2007-07-15 23:40:46 -07:00
}
ext4: avoid declaring fs inconsistent due to invalid file handles
If we receive a file handle, either from NFS or open_by_handle_at(2),
and it points at an inode which has not been initialized, and the file
system has metadata checksums enabled, we shouldn't try to get the
inode, discover the checksum is invalid, and then declare the file
system as being inconsistent.
This can be reproduced by creating a test file system via "mke2fs -t
ext4 -O metadata_csum /tmp/foo.img 8M", mounting it, cd'ing into that
directory, and then running the following program.
#define _GNU_SOURCE
#include <fcntl.h>
struct handle {
struct file_handle fh;
unsigned char fid[MAX_HANDLE_SZ];
};
int main(int argc, char **argv)
{
struct handle h = {{8, 1 }, { 12, }};
open_by_handle_at(AT_FDCWD, &h.fh, O_RDONLY);
return 0;
}
Google-Bug-Id: 120690101
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
2018-12-19 12:29:13 -05:00
return d_obtain_alias ( ext4_iget ( child - > d_sb , ino , EXT4_IGET_NORMAL ) ) ;
2006-10-11 01:20:50 -07:00
}
ext34: ensure do_split leaves enough free space in both blocks
The do_split() function for htree dir blocks is intended to split a leaf
block to make room for a new entry. It sorts the entries in the original
block by hash value, then moves the last half of the entries to the new
block - without accounting for how much space this actually moves. (IOW,
it moves half of the entry *count* not half of the entry *space*). If by
chance we have both large & small entries, and we move only the smallest
entries, and we have a large new entry to insert, we may not have created
enough space for it.
The patch below stores each record size when calculating the dx_map, and
then walks the hash-sorted dx_map, calculating how many entries must be
moved to more evenly split the existing entries between the old block and
the new block, guaranteeing enough space for the new entry.
The dx_map "offs" member is reduced to u16 so that the overall map size
does not change - it is temporarily stored at the end of the new block, and
if it grows too large it may be overwritten. By making offs and size both
u16, we won't grow the map size.
Also add a few comments to the functions involved.
This fixes the testcase reported by hooanon05@yahoo.co.jp on the
linux-ext4 list, "ext3 dir_index causes an error"
Thanks to Andreas Dilger for discussing the problem & solution with me.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Tested-by: Junjiro Okajima <hooanon05@yahoo.co.jp>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: <linux-ext4@vger.kernel.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-18 22:46:42 -07:00
/*
* Move count entries from end of map between two memory locations .
* Returns pointer to last entry moved .
*/
2006-10-11 01:20:53 -07:00
static struct ext4_dir_entry_2 *
2021-03-19 07:34:13 +00:00
dx_move_dirents ( struct inode * dir , char * from , char * to ,
struct dx_map_entry * map , int count ,
2009-02-14 23:01:36 -05:00
unsigned blocksize )
2006-10-11 01:20:50 -07:00
{
unsigned rec_len = 0 ;
while ( count - - ) {
2010-05-17 07:00:00 -04:00
struct ext4_dir_entry_2 * de = ( struct ext4_dir_entry_2 * )
2009-06-08 12:41:35 -04:00
( from + ( map - > offs < < 2 ) ) ;
2021-03-19 07:34:13 +00:00
rec_len = ext4_dir_rec_len ( de - > name_len , dir ) ;
2006-10-11 01:20:50 -07:00
memcpy ( to , de , rec_len ) ;
2006-10-11 01:20:53 -07:00
( ( struct ext4_dir_entry_2 * ) to ) - > rec_len =
2009-02-14 23:01:36 -05:00
ext4_rec_len_to_disk ( rec_len , blocksize ) ;
2021-04-22 18:08:34 +00:00
/* wipe dir_entry excluding the rec_len field */
2006-10-11 01:20:50 -07:00
de - > inode = 0 ;
2021-04-22 18:08:34 +00:00
memset ( & de - > name_len , 0 , ext4_rec_len_from_disk ( de - > rec_len ,
blocksize ) -
offsetof ( struct ext4_dir_entry_2 ,
name_len ) ) ;
2006-10-11 01:20:50 -07:00
map + + ;
to + = rec_len ;
}
2006-10-11 01:20:53 -07:00
return ( struct ext4_dir_entry_2 * ) ( to - rec_len ) ;
2006-10-11 01:20:50 -07:00
}
ext34: ensure do_split leaves enough free space in both blocks
The do_split() function for htree dir blocks is intended to split a leaf
block to make room for a new entry. It sorts the entries in the original
block by hash value, then moves the last half of the entries to the new
block - without accounting for how much space this actually moves. (IOW,
it moves half of the entry *count* not half of the entry *space*). If by
chance we have both large & small entries, and we move only the smallest
entries, and we have a large new entry to insert, we may not have created
enough space for it.
The patch below stores each record size when calculating the dx_map, and
then walks the hash-sorted dx_map, calculating how many entries must be
moved to more evenly split the existing entries between the old block and
the new block, guaranteeing enough space for the new entry.
The dx_map "offs" member is reduced to u16 so that the overall map size
does not change - it is temporarily stored at the end of the new block, and
if it grows too large it may be overwritten. By making offs and size both
u16, we won't grow the map size.
Also add a few comments to the functions involved.
This fixes the testcase reported by hooanon05@yahoo.co.jp on the
linux-ext4 list, "ext3 dir_index causes an error"
Thanks to Andreas Dilger for discussing the problem & solution with me.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Tested-by: Junjiro Okajima <hooanon05@yahoo.co.jp>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: <linux-ext4@vger.kernel.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-18 22:46:42 -07:00
/*
* Compact each dir entry in the range to the minimal rec_len .
* Returns pointer to last entry in range .
*/
2021-03-19 07:34:13 +00:00
static struct ext4_dir_entry_2 * dx_pack_dirents ( struct inode * dir , char * base ,
unsigned int blocksize )
2006-10-11 01:20:50 -07:00
{
2006-10-11 01:20:53 -07:00
struct ext4_dir_entry_2 * next , * to , * prev , * de = ( struct ext4_dir_entry_2 * ) base ;
2006-10-11 01:20:50 -07:00
unsigned rec_len = 0 ;
prev = to = de ;
2009-02-14 21:46:54 -05:00
while ( ( char * ) de < base + blocksize ) {
2009-02-14 23:01:36 -05:00
next = ext4_next_entry ( de , blocksize ) ;
2006-10-11 01:20:50 -07:00
if ( de - > inode & & de - > name_len ) {
2021-03-19 07:34:13 +00:00
rec_len = ext4_dir_rec_len ( de - > name_len , dir ) ;
2006-10-11 01:20:50 -07:00
if ( de > to )
memmove ( to , de , rec_len ) ;
2009-02-14 23:01:36 -05:00
to - > rec_len = ext4_rec_len_to_disk ( rec_len , blocksize ) ;
2006-10-11 01:20:50 -07:00
prev = to ;
2006-10-11 01:20:53 -07:00
to = ( struct ext4_dir_entry_2 * ) ( ( ( char * ) to ) + rec_len ) ;
2006-10-11 01:20:50 -07:00
}
de = next ;
}
return prev ;
}
ext34: ensure do_split leaves enough free space in both blocks
The do_split() function for htree dir blocks is intended to split a leaf
block to make room for a new entry. It sorts the entries in the original
block by hash value, then moves the last half of the entries to the new
block - without accounting for how much space this actually moves. (IOW,
it moves half of the entry *count* not half of the entry *space*). If by
chance we have both large & small entries, and we move only the smallest
entries, and we have a large new entry to insert, we may not have created
enough space for it.
The patch below stores each record size when calculating the dx_map, and
then walks the hash-sorted dx_map, calculating how many entries must be
moved to more evenly split the existing entries between the old block and
the new block, guaranteeing enough space for the new entry.
The dx_map "offs" member is reduced to u16 so that the overall map size
does not change - it is temporarily stored at the end of the new block, and
if it grows too large it may be overwritten. By making offs and size both
u16, we won't grow the map size.
Also add a few comments to the functions involved.
This fixes the testcase reported by hooanon05@yahoo.co.jp on the
linux-ext4 list, "ext3 dir_index causes an error"
Thanks to Andreas Dilger for discussing the problem & solution with me.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Tested-by: Junjiro Okajima <hooanon05@yahoo.co.jp>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: <linux-ext4@vger.kernel.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-18 22:46:42 -07:00
/*
* Split a full leaf block to make room for a new dir entry .
* Allocate a new block , and move entries so that they are approx . equally full .
* Returns pointer to de in block into which the new entry will be inserted .
*/
2006-10-11 01:20:53 -07:00
static struct ext4_dir_entry_2 * do_split ( handle_t * handle , struct inode * dir ,
2006-10-11 01:20:50 -07:00
struct buffer_head * * bh , struct dx_frame * frame ,
2014-08-29 20:52:18 -04:00
struct dx_hash_info * hinfo )
2006-10-11 01:20:50 -07:00
{
unsigned blocksize = dir - > i_sb - > s_blocksize ;
2022-05-30 18:00:47 +08:00
unsigned continued ;
int count ;
2006-10-11 01:20:50 -07:00
struct buffer_head * bh2 ;
2008-01-28 23:58:27 -05:00
ext4_lblk_t newblock ;
2006-10-11 01:20:50 -07:00
u32 hash2 ;
struct dx_map_entry * map ;
char * data1 = ( * bh ) - > b_data , * data2 ;
2008-12-06 16:58:39 -05:00
unsigned split , move , size ;
2006-10-11 01:20:53 -07:00
struct ext4_dir_entry_2 * de = NULL , * de2 ;
2012-04-29 18:41:10 -04:00
int csum_size = 0 ;
2008-12-06 16:58:39 -05:00
int err = 0 , i ;
2006-10-11 01:20:50 -07:00
2014-10-13 03:36:16 -04:00
if ( ext4_has_metadata_csum ( dir - > i_sb ) )
2012-04-29 18:41:10 -04:00
csum_size = sizeof ( struct ext4_dir_entry_tail ) ;
2013-02-15 03:35:57 -05:00
bh2 = ext4_append ( handle , dir , & newblock ) ;
if ( IS_ERR ( bh2 ) ) {
2006-10-11 01:20:50 -07:00
brelse ( * bh ) ;
* bh = NULL ;
2014-08-29 20:52:18 -04:00
return ( struct ext4_dir_entry_2 * ) bh2 ;
2006-10-11 01:20:50 -07:00
}
BUFFER_TRACE ( * bh , " get_write_access " ) ;
2021-08-16 11:57:04 +02:00
err = ext4_journal_get_write_access ( handle , dir - > i_sb , * bh ,
EXT4_JTR_NONE ) ;
2007-05-08 00:25:34 -07:00
if ( err )
goto journal_error ;
2006-10-11 01:20:50 -07:00
BUFFER_TRACE ( frame - > bh , " get_write_access " ) ;
2021-08-16 11:57:04 +02:00
err = ext4_journal_get_write_access ( handle , dir - > i_sb , frame - > bh ,
EXT4_JTR_NONE ) ;
2006-10-11 01:20:50 -07:00
if ( err )
goto journal_error ;
data2 = bh2 - > b_data ;
/* create map in the end of data2 block */
map = ( struct dx_map_entry * ) ( data2 + blocksize ) ;
2022-05-18 11:33:28 +02:00
count = dx_make_map ( dir , * bh , hinfo , map ) ;
if ( count < 0 ) {
err = count ;
goto journal_error ;
}
2006-10-11 01:20:50 -07:00
map - = count ;
2008-09-08 22:25:24 -04:00
dx_sort_map ( map , count ) ;
2020-06-17 14:19:04 -05:00
/* Ensure that neither split block is over half full */
ext34: ensure do_split leaves enough free space in both blocks
The do_split() function for htree dir blocks is intended to split a leaf
block to make room for a new entry. It sorts the entries in the original
block by hash value, then moves the last half of the entries to the new
block - without accounting for how much space this actually moves. (IOW,
it moves half of the entry *count* not half of the entry *space*). If by
chance we have both large & small entries, and we move only the smallest
entries, and we have a large new entry to insert, we may not have created
enough space for it.
The patch below stores each record size when calculating the dx_map, and
then walks the hash-sorted dx_map, calculating how many entries must be
moved to more evenly split the existing entries between the old block and
the new block, guaranteeing enough space for the new entry.
The dx_map "offs" member is reduced to u16 so that the overall map size
does not change - it is temporarily stored at the end of the new block, and
if it grows too large it may be overwritten. By making offs and size both
u16, we won't grow the map size.
Also add a few comments to the functions involved.
This fixes the testcase reported by hooanon05@yahoo.co.jp on the
linux-ext4 list, "ext3 dir_index causes an error"
Thanks to Andreas Dilger for discussing the problem & solution with me.
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Andreas Dilger <adilger@clusterfs.com>
Tested-by: Junjiro Okajima <hooanon05@yahoo.co.jp>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: <linux-ext4@vger.kernel.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-18 22:46:42 -07:00
size = 0 ;
move = 0 ;
for ( i = count - 1 ; i > = 0 ; i - - ) {
/* is more than half of this entry in 2nd half of the block? */
if ( size + map [ i ] . size / 2 > blocksize / 2 )
break ;
size + = map [ i ] . size ;
move + + ;
}
2020-06-17 14:19:04 -05:00
/*
* map index at which we will split
*
* If the sum of active entries didn ' t exceed half the block size , just
* split it in half by count ; each resulting block will have at least
* half the space free .
*/
if ( i > 0 )
split = count - move ;
else
split = count / 2 ;
2006-10-11 01:20:50 -07:00
hash2 = map [ split ] . hash ;
continued = hash2 = = map [ split - 1 ] . hash ;
2008-01-28 23:58:27 -05:00
dxtrace ( printk ( KERN_INFO " Split block %lu at %x, %i/%i \n " ,
( unsigned long ) dx_get_block ( frame - > at ) ,
hash2 , split , count - split ) ) ;
2006-10-11 01:20:50 -07:00
/* Fancy dance to stay within two buffers */
2021-03-19 07:34:13 +00:00
de2 = dx_move_dirents ( dir , data1 , data2 , map + split , count - split ,
2015-04-12 01:09:03 -04:00
blocksize ) ;
2021-03-19 07:34:13 +00:00
de = dx_pack_dirents ( dir , data1 , blocksize ) ;
2012-04-29 18:41:10 -04:00
de - > rec_len = ext4_rec_len_to_disk ( data1 + ( blocksize - csum_size ) -
( char * ) de ,
2009-02-14 23:01:36 -05:00
blocksize ) ;
2012-04-29 18:41:10 -04:00
de2 - > rec_len = ext4_rec_len_to_disk ( data2 + ( blocksize - csum_size ) -
( char * ) de2 ,
2009-02-14 23:01:36 -05:00
blocksize ) ;
2012-04-29 18:41:10 -04:00
if ( csum_size ) {
2019-06-21 16:31:47 -04:00
ext4_initialize_dirent_tail ( * bh , blocksize ) ;
ext4_initialize_dirent_tail ( bh2 , blocksize ) ;
2012-04-29 18:41:10 -04:00
}
2015-04-12 01:07:01 -04:00
dxtrace ( dx_show_leaf ( dir , hinfo , ( struct ext4_dir_entry_2 * ) data1 ,
blocksize , 1 ) ) ;
dxtrace ( dx_show_leaf ( dir , hinfo , ( struct ext4_dir_entry_2 * ) data2 ,
blocksize , 1 ) ) ;
2006-10-11 01:20:50 -07:00
/* Which block gets the new entry? */
2014-08-29 20:52:18 -04:00
if ( hinfo - > hash > = hash2 ) {
2006-10-11 01:20:50 -07:00
swap ( * bh , bh2 ) ;
de = de2 ;
}
2008-09-08 22:25:24 -04:00
dx_insert_block ( frame , hash2 + continued , newblock ) ;
2019-06-21 15:49:26 -04:00
err = ext4_handle_dirty_dirblock ( handle , dir , bh2 ) ;
2006-10-11 01:20:50 -07:00
if ( err )
goto journal_error ;
2012-04-29 18:39:10 -04:00
err = ext4_handle_dirty_dx_node ( handle , dir , frame - > bh ) ;
2006-10-11 01:20:50 -07:00
if ( err )
goto journal_error ;
2008-09-08 22:25:24 -04:00
brelse ( bh2 ) ;
dxtrace ( dx_show_index ( " frame " , frame - > entries ) ) ;
2006-10-11 01:20:50 -07:00
return de ;
2007-05-08 00:25:34 -07:00
journal_error :
brelse ( * bh ) ;
brelse ( bh2 ) ;
* bh = NULL ;
ext4_std_error ( dir - > i_sb , err ) ;
2014-08-29 20:52:18 -04:00
return ERR_PTR ( err ) ;
2006-10-11 01:20:50 -07:00
}
2012-12-10 14:05:58 -05:00
int ext4_find_dest_de ( struct inode * dir , struct inode * inode ,
struct buffer_head * bh ,
void * buf , int buf_size ,
2015-05-18 13:14:47 -04:00
struct ext4_filename * fname ,
2012-12-10 14:05:58 -05:00
struct ext4_dir_entry_2 * * dest_de )
{
struct ext4_dir_entry_2 * de ;
2021-03-19 07:34:13 +00:00
unsigned short reclen = ext4_dir_rec_len ( fname_len ( fname ) , dir ) ;
2012-12-10 14:05:58 -05:00
int nlen , rlen ;
unsigned int offset = 0 ;
char * top ;
2015-04-12 01:09:03 -04:00
2022-04-01 01:13:21 -07:00
de = buf ;
2012-12-10 14:05:58 -05:00
top = buf + buf_size - reclen ;
while ( ( char * ) de < = top ) {
if ( ext4_check_dir_entry ( dir , NULL , de , bh ,
2017-04-24 10:00:13 -07:00
buf , buf_size , offset ) )
return - EFSCORRUPTED ;
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
if ( ext4_match ( dir , fname , de ) )
2017-04-24 10:00:13 -07:00
return - EEXIST ;
2021-03-19 07:34:13 +00:00
nlen = ext4_dir_rec_len ( de - > name_len , dir ) ;
2012-12-10 14:05:58 -05:00
rlen = ext4_rec_len_from_disk ( de - > rec_len , buf_size ) ;
if ( ( de - > inode ? rlen - nlen : rlen ) > = reclen )
break ;
de = ( struct ext4_dir_entry_2 * ) ( ( char * ) de + rlen ) ;
offset + = rlen ;
}
2015-04-12 01:09:03 -04:00
if ( ( char * ) de > top )
2017-04-24 10:00:13 -07:00
return - ENOSPC ;
* dest_de = de ;
return 0 ;
2012-12-10 14:05:58 -05:00
}
2021-03-19 07:34:13 +00:00
void ext4_insert_dentry ( struct inode * dir ,
struct inode * inode ,
2017-04-29 23:27:26 -04:00
struct ext4_dir_entry_2 * de ,
int buf_size ,
struct ext4_filename * fname )
2012-12-10 14:05:58 -05:00
{
int nlen , rlen ;
2021-03-19 07:34:13 +00:00
nlen = ext4_dir_rec_len ( de - > name_len , dir ) ;
2012-12-10 14:05:58 -05:00
rlen = ext4_rec_len_from_disk ( de - > rec_len , buf_size ) ;
if ( de - > inode ) {
struct ext4_dir_entry_2 * de1 =
2015-04-12 00:56:28 -04:00
( struct ext4_dir_entry_2 * ) ( ( char * ) de + nlen ) ;
2012-12-10 14:05:58 -05:00
de1 - > rec_len = ext4_rec_len_to_disk ( rlen - nlen , buf_size ) ;
de - > rec_len = ext4_rec_len_to_disk ( nlen , buf_size ) ;
de = de1 ;
}
de - > file_type = EXT4_FT_UNKNOWN ;
de - > inode = cpu_to_le32 ( inode - > i_ino ) ;
ext4_set_de_type ( inode - > i_sb , de , inode - > i_mode ) ;
2015-05-18 13:14:47 -04:00
de - > name_len = fname_len ( fname ) ;
memcpy ( de - > name , fname_name ( fname ) , fname_len ( fname ) ) ;
2021-03-19 07:34:13 +00:00
if ( ext4_hash_in_dirent ( dir ) ) {
2021-03-19 07:34:14 +00:00
struct dx_hash_info * hinfo = & fname - > hinfo ;
2021-03-19 07:34:13 +00:00
2021-03-19 07:34:14 +00:00
EXT4_DIRENT_HASHES ( de ) - > hash = cpu_to_le32 ( hinfo - > hash ) ;
2021-03-19 07:34:13 +00:00
EXT4_DIRENT_HASHES ( de ) - > minor_hash =
2021-03-19 07:34:14 +00:00
cpu_to_le32 ( hinfo - > minor_hash ) ;
2021-03-19 07:34:13 +00:00
}
2012-12-10 14:05:58 -05:00
}
2015-04-12 00:56:28 -04:00
2006-10-11 01:20:50 -07:00
/*
* Add a new entry into a directory ( leaf ) block . If de is non - NULL ,
* it points to a directory entry which is guaranteed to be large
* enough for new directory entry . If de is NULL , then
* add_dirent_to_buf will attempt search the directory block for
* space . It will return - ENOSPC if no space is available , and - EIO
* and - EEXIST if directory entry already exists .
*/
2015-05-18 13:14:47 -04:00
static int add_dirent_to_buf ( handle_t * handle , struct ext4_filename * fname ,
struct inode * dir ,
2006-10-11 01:20:53 -07:00
struct inode * inode , struct ext4_dir_entry_2 * de ,
2008-09-08 22:25:24 -04:00
struct buffer_head * bh )
2006-10-11 01:20:50 -07:00
{
2009-02-14 23:01:36 -05:00
unsigned int blocksize = dir - > i_sb - > s_blocksize ;
2012-04-29 18:41:10 -04:00
int csum_size = 0 ;
2020-04-26 18:34:37 -07:00
int err , err2 ;
2012-04-29 18:41:10 -04:00
2014-10-13 03:36:16 -04:00
if ( ext4_has_metadata_csum ( inode - > i_sb ) )
2012-04-29 18:41:10 -04:00
csum_size = sizeof ( struct ext4_dir_entry_tail ) ;
2006-10-11 01:20:50 -07:00
if ( ! de ) {
2015-05-18 13:14:47 -04:00
err = ext4_find_dest_de ( dir , inode , bh , bh - > b_data ,
blocksize - csum_size , fname , & de ) ;
2012-12-10 14:05:58 -05:00
if ( err )
return err ;
2006-10-11 01:20:50 -07:00
}
BUFFER_TRACE ( bh , " get_write_access " ) ;
2021-08-16 11:57:04 +02:00
err = ext4_journal_get_write_access ( handle , dir - > i_sb , bh ,
EXT4_JTR_NONE ) ;
2006-10-11 01:20:50 -07:00
if ( err ) {
2006-10-11 01:20:53 -07:00
ext4_std_error ( dir - > i_sb , err ) ;
2006-10-11 01:20:50 -07:00
return err ;
}
2017-04-29 23:27:26 -04:00
/* By now the buffer is marked for journaling */
2021-03-19 07:34:13 +00:00
ext4_insert_dentry ( dir , inode , de , blocksize , fname ) ;
2012-12-10 14:05:58 -05:00
2006-10-11 01:20:50 -07:00
/*
* XXX shouldn ' t update any times until successful
* completion of syscall , but too many callers depend
* on this .
*
* XXX similarly , too many callers depend on
2006-10-11 01:20:53 -07:00
* ext4_new_inode ( ) setting the times , but error
2006-10-11 01:20:50 -07:00
* recovery deletes the inode , so the worst that can
* happen is that the times are slightly out of date
* and / or different from the directory change time .
*/
2016-11-14 21:40:10 -05:00
dir - > i_mtime = dir - > i_ctime = current_time ( dir ) ;
2006-10-11 01:20:53 -07:00
ext4_update_dx_flag ( dir ) ;
2017-06-21 21:09:57 -04:00
inode_inc_iversion ( dir ) ;
2020-04-26 18:34:37 -07:00
err2 = ext4_mark_inode_dirty ( handle , dir ) ;
2009-01-07 00:06:22 -05:00
BUFFER_TRACE ( bh , " call ext4_handle_dirty_metadata " ) ;
2019-06-21 15:49:26 -04:00
err = ext4_handle_dirty_dirblock ( handle , dir , bh ) ;
2006-10-11 01:20:50 -07:00
if ( err )
2006-10-11 01:20:53 -07:00
ext4_std_error ( dir - > i_sb , err ) ;
2020-04-26 18:34:37 -07:00
return err ? err : err2 ;
2006-10-11 01:20:50 -07:00
}
/*
* This converts a one block unindexed directory to a 3 block indexed
* directory , and adds the dentry to the indexed directory .
*/
2015-05-18 13:14:47 -04:00
static int make_indexed_dir ( handle_t * handle , struct ext4_filename * fname ,
2016-01-08 16:00:31 -05:00
struct inode * dir ,
2006-10-11 01:20:50 -07:00
struct inode * inode , struct buffer_head * bh )
{
struct buffer_head * bh2 ;
struct dx_root * root ;
2017-06-21 21:09:57 -04:00
struct dx_frame frames [ EXT4_HTREE_LEVEL ] , * frame ;
2006-10-11 01:20:50 -07:00
struct dx_entry * entries ;
2006-10-11 01:20:53 -07:00
struct ext4_dir_entry_2 * de , * de2 ;
2019-06-21 16:31:47 -04:00
char * data2 , * top ;
2006-10-11 01:20:50 -07:00
unsigned len ;
int retval ;
unsigned blocksize ;
2008-01-28 23:58:27 -05:00
ext4_lblk_t block ;
2006-10-11 01:20:50 -07:00
struct fake_dirent * fde ;
2015-04-12 00:56:28 -04:00
int csum_size = 0 ;
2014-10-13 03:36:16 -04:00
if ( ext4_has_metadata_csum ( inode - > i_sb ) )
2012-04-29 18:41:10 -04:00
csum_size = sizeof ( struct ext4_dir_entry_tail ) ;
2006-10-11 01:20:50 -07:00
blocksize = dir - > i_sb - > s_blocksize ;
2009-01-16 11:13:40 -05:00
dxtrace ( printk ( KERN_DEBUG " Creating index: inode %lu \n " , dir - > i_ino ) ) ;
2014-05-12 22:06:43 -04:00
BUFFER_TRACE ( bh , " get_write_access " ) ;
2021-08-16 11:57:04 +02:00
retval = ext4_journal_get_write_access ( handle , dir - > i_sb , bh ,
EXT4_JTR_NONE ) ;
2006-10-11 01:20:50 -07:00
if ( retval ) {
2006-10-11 01:20:53 -07:00
ext4_std_error ( dir - > i_sb , retval ) ;
2006-10-11 01:20:50 -07:00
brelse ( bh ) ;
return retval ;
}
root = ( struct dx_root * ) bh - > b_data ;
2009-01-16 11:13:40 -05:00
/* The 0th block becomes the root, move the dirents out */
fde = & root - > dotdot ;
de = ( struct ext4_dir_entry_2 * ) ( ( char * ) fde +
2009-02-14 23:01:36 -05:00
ext4_rec_len_from_disk ( fde - > rec_len , blocksize ) ) ;
2009-01-16 11:13:40 -05:00
if ( ( char * ) de > = ( ( ( char * ) root ) + blocksize ) ) {
2010-05-16 21:00:00 -04:00
EXT4_ERROR_INODE ( dir , " invalid rec_len for '..' " ) ;
2009-01-16 11:13:40 -05:00
brelse ( bh ) ;
2015-10-17 16:16:04 -04:00
return - EFSCORRUPTED ;
2009-01-16 11:13:40 -05:00
}
2012-04-29 18:41:10 -04:00
len = ( ( char * ) root ) + ( blocksize - csum_size ) - ( char * ) de ;
2009-01-16 11:13:40 -05:00
/* Allocate new block for the 0th block's dirents */
2013-02-15 03:35:57 -05:00
bh2 = ext4_append ( handle , dir , & block ) ;
if ( IS_ERR ( bh2 ) ) {
2006-10-11 01:20:50 -07:00
brelse ( bh ) ;
2013-02-15 03:35:57 -05:00
return PTR_ERR ( bh2 ) ;
2006-10-11 01:20:50 -07:00
}
2010-05-16 22:00:00 -04:00
ext4_set_inode_flag ( dir , EXT4_INODE_INDEX ) ;
2019-06-21 16:31:47 -04:00
data2 = bh2 - > b_data ;
2006-10-11 01:20:50 -07:00
2019-06-21 16:31:47 -04:00
memcpy ( data2 , de , len ) ;
2021-04-22 18:08:34 +00:00
memset ( de , 0 , len ) ; /* wipe old data */
2019-06-21 16:31:47 -04:00
de = ( struct ext4_dir_entry_2 * ) data2 ;
top = data2 + len ;
2022-10-12 14:13:30 +01:00
while ( ( char * ) ( de2 = ext4_next_entry ( de , blocksize ) ) < top ) {
if ( ext4_check_dir_entry ( dir , NULL , de , bh2 , data2 , len ,
( data2 + ( blocksize - csum_size ) -
( char * ) de ) ) ) {
brelse ( bh2 ) ;
brelse ( bh ) ;
return - EFSCORRUPTED ;
}
2006-10-11 01:20:50 -07:00
de = de2 ;
2022-10-12 14:13:30 +01:00
}
2019-06-21 16:31:47 -04:00
de - > rec_len = ext4_rec_len_to_disk ( data2 + ( blocksize - csum_size ) -
( char * ) de , blocksize ) ;
2012-04-29 18:41:10 -04:00
2019-06-21 16:31:47 -04:00
if ( csum_size )
ext4_initialize_dirent_tail ( bh2 , blocksize ) ;
2012-04-29 18:41:10 -04:00
2006-10-11 01:20:50 -07:00
/* Initialize the root; the dot dirents already exist */
2006-10-11 01:20:53 -07:00
de = ( struct ext4_dir_entry_2 * ) ( & root - > dotdot ) ;
2021-03-19 07:34:13 +00:00
de - > rec_len = ext4_rec_len_to_disk (
blocksize - ext4_dir_rec_len ( 2 , NULL ) , blocksize ) ;
2006-10-11 01:20:50 -07:00
memset ( & root - > info , 0 , sizeof ( root - > info ) ) ;
root - > info . info_length = sizeof ( root - > info ) ;
2021-03-19 07:34:13 +00:00
if ( ext4_hash_in_dirent ( dir ) )
root - > info . hash_version = DX_HASH_SIPHASH ;
else
root - > info . hash_version =
EXT4_SB ( dir - > i_sb ) - > s_def_hash_version ;
2006-10-11 01:20:50 -07:00
entries = root - > entries ;
2008-09-08 22:25:24 -04:00
dx_set_block ( entries , 1 ) ;
dx_set_count ( entries , 1 ) ;
dx_set_limit ( entries , dx_root_limit ( dir , sizeof ( root - > info ) ) ) ;
2006-10-11 01:20:50 -07:00
/* Initialize as for dx_probe */
2015-05-18 13:14:47 -04:00
fname - > hinfo . hash_version = root - > info . hash_version ;
if ( fname - > hinfo . hash_version < = DX_HASH_TEA )
fname - > hinfo . hash_version + = EXT4_SB ( dir - > i_sb ) - > s_hash_unsigned ;
fname - > hinfo . seed = EXT4_SB ( dir - > i_sb ) - > s_hash_seed ;
2021-03-19 07:34:14 +00:00
/* casefolded encrypted hashes are computed on fname setup */
if ( ! ext4_hash_in_dirent ( dir ) )
2021-03-19 07:34:13 +00:00
ext4fs_dirhash ( dir , fname_name ( fname ) ,
fname_len ( fname ) , & fname - > hinfo ) ;
2015-05-18 13:14:47 -04:00
2014-10-30 10:53:17 -04:00
memset ( frames , 0 , sizeof ( frames ) ) ;
2006-10-11 01:20:50 -07:00
frame = frames ;
frame - > entries = entries ;
frame - > at = entries ;
frame - > bh = bh ;
2011-05-15 00:19:41 -04:00
2014-10-30 10:53:17 -04:00
retval = ext4_handle_dirty_dx_node ( handle , dir , frame - > bh ) ;
if ( retval )
2021-04-09 12:20:35 +08:00
goto out_frames ;
2019-06-21 15:49:26 -04:00
retval = ext4_handle_dirty_dirblock ( handle , dir , bh2 ) ;
2014-10-30 10:53:17 -04:00
if ( retval )
2021-04-09 12:20:35 +08:00
goto out_frames ;
2011-05-15 00:19:41 -04:00
2016-09-30 01:33:37 -04:00
de = do_split ( handle , dir , & bh2 , frame , & fname - > hinfo ) ;
2014-08-29 20:52:18 -04:00
if ( IS_ERR ( de ) ) {
2014-10-30 10:53:17 -04:00
retval = PTR_ERR ( de ) ;
goto out_frames ;
2011-05-03 11:05:55 -04:00
}
2006-10-11 01:20:50 -07:00
2016-09-30 01:33:37 -04:00
retval = add_dirent_to_buf ( handle , fname , dir , inode , de , bh2 ) ;
2014-10-30 10:53:17 -04:00
out_frames :
/*
* Even if the block split failed , we have to properly write
* out all the changes we did so far . Otherwise we can end up
* with corrupted filesystem .
*/
2016-09-30 01:33:37 -04:00
if ( retval )
ext4_mark_inode_dirty ( handle , dir ) ;
2014-10-30 10:53:17 -04:00
dx_release ( frames ) ;
2016-09-30 01:33:37 -04:00
brelse ( bh2 ) ;
2014-10-30 10:53:17 -04:00
return retval ;
2006-10-11 01:20:50 -07:00
}
/*
2006-10-11 01:20:53 -07:00
* ext4_add_entry ( )
2006-10-11 01:20:50 -07:00
*
* adds a file entry to the specified directory , using the same
2006-10-11 01:20:53 -07:00
* semantics as ext4_find_entry ( ) . It returns NULL if it failed .
2006-10-11 01:20:50 -07:00
*
* NOTE ! ! The inode part of ' de ' is left at 0 - which means you
* may not sleep between calling this and putting something into
* the entry , as someone else might have used it while you slept .
*/
2008-09-08 22:25:24 -04:00
static int ext4_add_entry ( handle_t * handle , struct dentry * dentry ,
struct inode * inode )
2006-10-11 01:20:50 -07:00
{
2015-03-17 22:25:59 +00:00
struct inode * dir = d_inode ( dentry - > d_parent ) ;
2015-04-03 10:46:58 -04:00
struct buffer_head * bh = NULL ;
2006-10-11 01:20:53 -07:00
struct ext4_dir_entry_2 * de ;
2008-09-08 22:25:24 -04:00
struct super_block * sb ;
2015-05-18 13:14:47 -04:00
struct ext4_filename fname ;
2006-10-11 01:20:50 -07:00
int retval ;
int dx_fallback = 0 ;
unsigned blocksize ;
2008-01-28 23:58:27 -05:00
ext4_lblk_t block , blocks ;
2012-04-29 18:41:10 -04:00
int csum_size = 0 ;
2014-10-13 03:36:16 -04:00
if ( ext4_has_metadata_csum ( inode - > i_sb ) )
2012-04-29 18:41:10 -04:00
csum_size = sizeof ( struct ext4_dir_entry_tail ) ;
2006-10-11 01:20:50 -07:00
sb = dir - > i_sb ;
blocksize = sb - > s_blocksize ;
if ( ! dentry - > d_name . len )
return - EINVAL ;
2012-12-10 14:05:59 -05:00
2020-11-17 23:56:06 -08:00
if ( fscrypt_is_nokey_name ( dentry ) )
return - ENOKEY ;
2022-01-18 07:56:14 +01:00
# if IS_ENABLED(CONFIG_UNICODE)
2020-10-28 05:08:20 +00:00
if ( sb_has_strict_encoding ( sb ) & & IS_CASEFOLDED ( dir ) & &
sb - > s_encoding & & utf8_validate ( sb - > s_encoding , & dentry - > d_name ) )
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
return - EINVAL ;
# endif
2015-05-18 13:14:47 -04:00
retval = ext4_fname_setup_filename ( dir , & dentry - > d_name , 0 , & fname ) ;
if ( retval )
return retval ;
2012-12-10 14:05:59 -05:00
if ( ext4_has_inline_data ( dir ) ) {
2016-01-08 16:00:31 -05:00
retval = ext4_try_add_inline_entry ( handle , & fname , dir , inode ) ;
2012-12-10 14:05:59 -05:00
if ( retval < 0 )
2015-05-18 13:14:47 -04:00
goto out ;
2012-12-10 14:05:59 -05:00
if ( retval = = 1 ) {
retval = 0 ;
2015-04-03 10:46:58 -04:00
goto out ;
2012-12-10 14:05:59 -05:00
}
}
2006-10-11 01:20:50 -07:00
if ( is_dx ( dir ) ) {
2016-01-08 16:00:31 -05:00
retval = ext4_dx_add_entry ( handle , & fname , dir , inode ) ;
2006-10-11 01:20:50 -07:00
if ( ! retval | | ( retval ! = ERR_BAD_DX_DIR ) )
2015-04-03 10:46:58 -04:00
goto out ;
2020-02-10 15:43:16 +01:00
/* Can we just ignore htree data? */
if ( ext4_has_metadata_csum ( sb ) ) {
EXT4_ERROR_INODE ( dir ,
" Directory has corrupted htree index. " ) ;
retval = - EFSCORRUPTED ;
goto out ;
}
2010-05-16 22:00:00 -04:00
ext4_clear_inode_flag ( dir , EXT4_INODE_INDEX ) ;
2006-10-11 01:20:50 -07:00
dx_fallback + + ;
2020-04-26 18:34:37 -07:00
retval = ext4_mark_inode_dirty ( handle , dir ) ;
if ( unlikely ( retval ) )
goto out ;
2006-10-11 01:20:50 -07:00
}
blocks = dir - > i_size > > sb - > s_blocksize_bits ;
2008-11-05 00:14:04 -05:00
for ( block = 0 ; block < blocks ; block + + ) {
2013-02-14 23:59:26 -05:00
bh = ext4_read_dirblock ( dir , block , DIRENT ) ;
2019-06-20 21:19:02 -04:00
if ( bh = = NULL ) {
bh = ext4_bread ( handle , dir , block ,
EXT4_GET_BLOCKS_CREATE ) ;
goto add_to_new_block ;
}
2015-05-18 13:14:47 -04:00
if ( IS_ERR ( bh ) ) {
retval = PTR_ERR ( bh ) ;
bh = NULL ;
goto out ;
}
retval = add_dirent_to_buf ( handle , & fname , dir , inode ,
NULL , bh ) ;
2015-04-03 10:46:58 -04:00
if ( retval ! = - ENOSPC )
goto out ;
2006-10-11 01:20:50 -07:00
if ( blocks = = 1 & & ! dx_fallback & &
2015-10-17 16:18:43 -04:00
ext4_has_feature_dir_index ( sb ) ) {
2016-01-08 16:00:31 -05:00
retval = make_indexed_dir ( handle , & fname , dir ,
2015-05-18 13:14:47 -04:00
inode , bh ) ;
2015-04-03 10:46:58 -04:00
bh = NULL ; /* make_indexed_dir releases bh */
goto out ;
}
2006-10-11 01:20:50 -07:00
brelse ( bh ) ;
}
2013-02-15 03:35:57 -05:00
bh = ext4_append ( handle , dir , & block ) ;
2019-06-20 21:19:02 -04:00
add_to_new_block :
2015-05-18 13:14:47 -04:00
if ( IS_ERR ( bh ) ) {
retval = PTR_ERR ( bh ) ;
bh = NULL ;
goto out ;
}
2006-10-11 01:20:53 -07:00
de = ( struct ext4_dir_entry_2 * ) bh - > b_data ;
2006-10-11 01:20:50 -07:00
de - > inode = 0 ;
2012-04-29 18:41:10 -04:00
de - > rec_len = ext4_rec_len_to_disk ( blocksize - csum_size , blocksize ) ;
2019-06-21 16:31:47 -04:00
if ( csum_size )
ext4_initialize_dirent_tail ( bh , blocksize ) ;
2012-04-29 18:41:10 -04:00
2015-05-18 13:14:47 -04:00
retval = add_dirent_to_buf ( handle , & fname , dir , inode , de , bh ) ;
2015-04-03 10:46:58 -04:00
out :
2015-05-18 13:14:47 -04:00
ext4_fname_free_filename ( & fname ) ;
2009-11-23 07:25:49 -05:00
brelse ( bh ) ;
2010-05-17 08:00:00 -04:00
if ( retval = = 0 )
ext4_set_inode_state ( inode , EXT4_STATE_NEWENTRY ) ;
2009-11-23 07:25:49 -05:00
return retval ;
2006-10-11 01:20:50 -07:00
}
/*
* Returns 0 for success , or a negative error value
*/
2015-05-18 13:14:47 -04:00
static int ext4_dx_add_entry ( handle_t * handle , struct ext4_filename * fname ,
2016-01-08 16:00:31 -05:00
struct inode * dir , struct inode * inode )
2006-10-11 01:20:50 -07:00
{
2017-06-21 21:09:57 -04:00
struct dx_frame frames [ EXT4_HTREE_LEVEL ] , * frame ;
2006-10-11 01:20:50 -07:00
struct dx_entry * entries , * at ;
2008-09-08 22:25:24 -04:00
struct buffer_head * bh ;
struct super_block * sb = dir - > i_sb ;
2006-10-11 01:20:53 -07:00
struct ext4_dir_entry_2 * de ;
2017-06-21 21:09:57 -04:00
int restart ;
2006-10-11 01:20:50 -07:00
int err ;
2017-06-21 21:09:57 -04:00
again :
restart = 0 ;
2015-05-18 13:14:47 -04:00
frame = dx_probe ( fname , dir , NULL , frames ) ;
2014-08-29 20:52:17 -04:00
if ( IS_ERR ( frame ) )
return PTR_ERR ( frame ) ;
2006-10-11 01:20:50 -07:00
entries = frame - > entries ;
at = frame - > at ;
2019-06-20 21:19:02 -04:00
bh = ext4_read_dirblock ( dir , dx_get_block ( frame - > at ) , DIRENT_HTREE ) ;
2013-02-14 23:59:26 -05:00
if ( IS_ERR ( bh ) ) {
err = PTR_ERR ( bh ) ;
bh = NULL ;
2006-10-11 01:20:50 -07:00
goto cleanup ;
2012-09-27 09:31:33 -04:00
}
2006-10-11 01:20:50 -07:00
BUFFER_TRACE ( bh , " get_write_access " ) ;
2021-08-16 11:57:04 +02:00
err = ext4_journal_get_write_access ( handle , sb , bh , EXT4_JTR_NONE ) ;
2006-10-11 01:20:50 -07:00
if ( err )
goto journal_error ;
2015-05-18 13:14:47 -04:00
err = add_dirent_to_buf ( handle , fname , dir , inode , NULL , bh ) ;
2009-11-23 07:25:49 -05:00
if ( err ! = - ENOSPC )
2006-10-11 01:20:50 -07:00
goto cleanup ;
2017-06-21 21:09:57 -04:00
err = 0 ;
2006-10-11 01:20:50 -07:00
/* Block full, should compress but for now just split */
2008-09-08 23:00:52 -04:00
dxtrace ( printk ( KERN_DEBUG " using %u of %u node entries \n " ,
2006-10-11 01:20:50 -07:00
dx_get_count ( entries ) , dx_get_limit ( entries ) ) ) ;
/* Need to split index? */
if ( dx_get_count ( entries ) = = dx_get_limit ( entries ) ) {
2008-01-28 23:58:27 -05:00
ext4_lblk_t newblock ;
2017-06-21 21:09:57 -04:00
int levels = frame - frames + 1 ;
unsigned int icount ;
int add_level = 1 ;
2006-10-11 01:20:50 -07:00
struct dx_entry * entries2 ;
struct dx_node * node2 ;
struct buffer_head * bh2 ;
2017-06-21 21:09:57 -04:00
while ( frame > frames ) {
if ( dx_get_count ( ( frame - 1 ) - > entries ) <
dx_get_limit ( ( frame - 1 ) - > entries ) ) {
add_level = 0 ;
break ;
}
frame - - ; /* split higher index block */
at = frame - > at ;
entries = frame - > entries ;
restart = 1 ;
}
if ( add_level & & levels = = ext4_dir_htree_level ( sb ) ) {
ext4_warning ( sb , " Directory (ino: %lu) index full, "
" reach max htree level :%d " ,
dir - > i_ino , levels ) ;
if ( ext4_dir_htree_level ( sb ) < EXT4_HTREE_LEVEL ) {
ext4_warning ( sb , " Large directory feature is "
" not enabled on this "
" filesystem " ) ;
}
2006-10-11 01:20:50 -07:00
err = - ENOSPC ;
goto cleanup ;
}
2017-06-21 21:09:57 -04:00
icount = dx_get_count ( entries ) ;
2013-02-15 03:35:57 -05:00
bh2 = ext4_append ( handle , dir , & newblock ) ;
if ( IS_ERR ( bh2 ) ) {
err = PTR_ERR ( bh2 ) ;
2006-10-11 01:20:50 -07:00
goto cleanup ;
2013-02-15 03:35:57 -05:00
}
2006-10-11 01:20:50 -07:00
node2 = ( struct dx_node * ) ( bh2 - > b_data ) ;
entries2 = node2 - > entries ;
2009-09-10 23:16:07 -04:00
memset ( & node2 - > fake , 0 , sizeof ( struct fake_dirent ) ) ;
2009-02-14 23:01:36 -05:00
node2 - > fake . rec_len = ext4_rec_len_to_disk ( sb - > s_blocksize ,
sb - > s_blocksize ) ;
2006-10-11 01:20:50 -07:00
BUFFER_TRACE ( frame - > bh , " get_write_access " ) ;
2021-08-16 11:57:04 +02:00
err = ext4_journal_get_write_access ( handle , sb , frame - > bh ,
EXT4_JTR_NONE ) ;
2006-10-11 01:20:50 -07:00
if ( err )
goto journal_error ;
2017-06-21 21:09:57 -04:00
if ( ! add_level ) {
2006-10-11 01:20:50 -07:00
unsigned icount1 = icount / 2 , icount2 = icount - icount1 ;
unsigned hash2 = dx_get_hash ( entries + icount1 ) ;
2008-09-08 23:00:52 -04:00
dxtrace ( printk ( KERN_DEBUG " Split index %i/%i \n " ,
icount1 , icount2 ) ) ;
2006-10-11 01:20:50 -07:00
BUFFER_TRACE ( frame - > bh , " get_write_access " ) ; /* index root */
2021-08-16 11:57:04 +02:00
err = ext4_journal_get_write_access ( handle , sb ,
( frame - 1 ) - > bh ,
EXT4_JTR_NONE ) ;
2006-10-11 01:20:50 -07:00
if ( err )
goto journal_error ;
2008-09-08 22:25:24 -04:00
memcpy ( ( char * ) entries2 , ( char * ) ( entries + icount1 ) ,
icount2 * sizeof ( struct dx_entry ) ) ;
dx_set_count ( entries , icount1 ) ;
dx_set_count ( entries2 , icount2 ) ;
dx_set_limit ( entries2 , dx_node_limit ( dir ) ) ;
2006-10-11 01:20:50 -07:00
/* Which index block gets the new entry? */
if ( at - entries > = icount1 ) {
2021-05-20 14:55:52 +08:00
frame - > at = at - entries - icount1 + entries2 ;
2006-10-11 01:20:50 -07:00
frame - > entries = entries = entries2 ;
swap ( frame - > bh , bh2 ) ;
}
2017-06-21 21:09:57 -04:00
dx_insert_block ( ( frame - 1 ) , hash2 , newblock ) ;
dxtrace ( dx_show_index ( " node " , frame - > entries ) ) ;
2008-09-08 22:25:24 -04:00
dxtrace ( dx_show_index ( " node " ,
2006-10-11 01:20:50 -07:00
( ( struct dx_node * ) bh2 - > b_data ) - > entries ) ) ;
2012-04-29 18:39:10 -04:00
err = ext4_handle_dirty_dx_node ( handle , dir , bh2 ) ;
2006-10-11 01:20:50 -07:00
if ( err )
goto journal_error ;
brelse ( bh2 ) ;
2017-06-21 21:09:57 -04:00
err = ext4_handle_dirty_dx_node ( handle , dir ,
( frame - 1 ) - > bh ) ;
if ( err )
goto journal_error ;
2021-02-04 00:05:20 -05:00
err = ext4_handle_dirty_dx_node ( handle , dir ,
frame - > bh ) ;
2021-08-04 14:23:55 -04:00
if ( restart | | err )
2017-06-21 21:09:57 -04:00
goto journal_error ;
2006-10-11 01:20:50 -07:00
} else {
2017-06-21 21:09:57 -04:00
struct dx_root * dxroot ;
2006-10-11 01:20:50 -07:00
memcpy ( ( char * ) entries2 , ( char * ) entries ,
icount * sizeof ( struct dx_entry ) ) ;
dx_set_limit ( entries2 , dx_node_limit ( dir ) ) ;
/* Set up root */
dx_set_count ( entries , 1 ) ;
dx_set_block ( entries + 0 , newblock ) ;
2017-06-21 21:09:57 -04:00
dxroot = ( struct dx_root * ) frames [ 0 ] . bh - > b_data ;
dxroot - > info . indirect_levels + = 1 ;
dxtrace ( printk ( KERN_DEBUG
" Creating %d level index... \n " ,
2018-10-02 12:43:51 -04:00
dxroot - > info . indirect_levels ) ) ;
2017-06-21 21:09:57 -04:00
err = ext4_handle_dirty_dx_node ( handle , dir , frame - > bh ) ;
2006-10-11 01:20:50 -07:00
if ( err )
goto journal_error ;
2017-06-21 21:09:57 -04:00
err = ext4_handle_dirty_dx_node ( handle , dir , bh2 ) ;
brelse ( bh2 ) ;
restart = 1 ;
goto journal_error ;
2011-01-10 12:46:59 -05:00
}
2006-10-11 01:20:50 -07:00
}
2015-05-18 13:14:47 -04:00
de = do_split ( handle , dir , & bh , frame , & fname - > hinfo ) ;
2014-08-29 20:52:18 -04:00
if ( IS_ERR ( de ) ) {
err = PTR_ERR ( de ) ;
2006-10-11 01:20:50 -07:00
goto cleanup ;
2014-08-29 20:52:18 -04:00
}
2015-05-18 13:14:47 -04:00
err = add_dirent_to_buf ( handle , fname , dir , inode , de , bh ) ;
2006-10-11 01:20:50 -07:00
goto cleanup ;
journal_error :
2017-06-21 21:09:57 -04:00
ext4_std_error ( dir - > i_sb , err ) ; /* this is a no-op if err == 0 */
2006-10-11 01:20:50 -07:00
cleanup :
2013-01-28 21:41:02 -05:00
brelse ( bh ) ;
2006-10-11 01:20:50 -07:00
dx_release ( frames ) ;
2017-06-21 21:09:57 -04:00
/* @restart is true means htree-path has been changed, we need to
* repeat dx_probe ( ) to find out valid htree - path
*/
if ( restart & & err = = 0 )
goto again ;
2006-10-11 01:20:50 -07:00
return err ;
}
/*
2012-12-10 14:06:00 -05:00
* ext4_generic_delete_entry deletes a directory entry by merging it
* with the previous entry
2006-10-11 01:20:50 -07:00
*/
2020-08-10 17:07:05 +09:00
int ext4_generic_delete_entry ( struct inode * dir ,
2012-12-10 14:06:00 -05:00
struct ext4_dir_entry_2 * de_del ,
struct buffer_head * bh ,
void * entry_buf ,
int buf_size ,
int csum_size )
2006-10-11 01:20:50 -07:00
{
2008-09-08 22:25:24 -04:00
struct ext4_dir_entry_2 * de , * pde ;
2009-02-14 23:01:36 -05:00
unsigned int blocksize = dir - > i_sb - > s_blocksize ;
2012-12-10 14:06:00 -05:00
int i ;
2012-04-29 18:41:10 -04:00
2006-10-11 01:20:50 -07:00
i = 0 ;
pde = NULL ;
2022-04-01 01:13:21 -07:00
de = entry_buf ;
2012-12-10 14:06:00 -05:00
while ( i < buf_size - csum_size ) {
2012-12-10 14:05:58 -05:00
if ( ext4_check_dir_entry ( dir , NULL , de , bh ,
2020-07-31 18:21:35 +02:00
entry_buf , buf_size , i ) )
2015-10-17 16:16:04 -04:00
return - EFSCORRUPTED ;
2006-10-11 01:20:50 -07:00
if ( de = = de_del ) {
2021-04-22 18:08:34 +00:00
if ( pde ) {
2008-01-28 23:58:27 -05:00
pde - > rec_len = ext4_rec_len_to_disk (
2009-02-14 23:01:36 -05:00
ext4_rec_len_from_disk ( pde - > rec_len ,
blocksize ) +
ext4_rec_len_from_disk ( de - > rec_len ,
blocksize ) ,
blocksize ) ;
2021-04-22 18:08:34 +00:00
/* wipe entire dir_entry */
memset ( de , 0 , ext4_rec_len_from_disk ( de - > rec_len ,
blocksize ) ) ;
} else {
/* wipe dir_entry excluding the rec_len field */
2006-10-11 01:20:50 -07:00
de - > inode = 0 ;
2021-04-22 18:08:34 +00:00
memset ( & de - > name_len , 0 ,
ext4_rec_len_from_disk ( de - > rec_len ,
blocksize ) -
offsetof ( struct ext4_dir_entry_2 ,
name_len ) ) ;
}
2017-06-21 21:09:57 -04:00
inode_inc_iversion ( dir ) ;
2006-10-11 01:20:50 -07:00
return 0 ;
}
2009-02-14 23:01:36 -05:00
i + = ext4_rec_len_from_disk ( de - > rec_len , blocksize ) ;
2006-10-11 01:20:50 -07:00
pde = de ;
2009-02-14 23:01:36 -05:00
de = ext4_next_entry ( de , blocksize ) ;
2006-10-11 01:20:50 -07:00
}
return - ENOENT ;
}
2012-12-10 14:06:00 -05:00
static int ext4_delete_entry ( handle_t * handle ,
struct inode * dir ,
struct ext4_dir_entry_2 * de_del ,
struct buffer_head * bh )
{
int err , csum_size = 0 ;
2012-12-10 14:06:00 -05:00
if ( ext4_has_inline_data ( dir ) ) {
int has_inline_data = 1 ;
err = ext4_delete_inline_entry ( handle , dir , de_del , bh ,
& has_inline_data ) ;
if ( has_inline_data )
return err ;
}
2014-10-13 03:36:16 -04:00
if ( ext4_has_metadata_csum ( dir - > i_sb ) )
2012-12-10 14:06:00 -05:00
csum_size = sizeof ( struct ext4_dir_entry_tail ) ;
BUFFER_TRACE ( bh , " get_write_access " ) ;
2021-08-16 11:57:04 +02:00
err = ext4_journal_get_write_access ( handle , dir - > i_sb , bh ,
EXT4_JTR_NONE ) ;
2012-12-10 14:06:00 -05:00
if ( unlikely ( err ) )
goto out ;
2020-08-10 17:07:05 +09:00
err = ext4_generic_delete_entry ( dir , de_del , bh , bh - > b_data ,
2012-12-10 14:06:00 -05:00
dir - > i_sb - > s_blocksize , csum_size ) ;
if ( err )
goto out ;
BUFFER_TRACE ( bh , " call ext4_handle_dirty_metadata " ) ;
2019-06-21 15:49:26 -04:00
err = ext4_handle_dirty_dirblock ( handle , dir , bh ) ;
2012-12-10 14:06:00 -05:00
if ( unlikely ( err ) )
goto out ;
return 0 ;
out :
if ( err ! = - ENOENT )
ext4_std_error ( dir - > i_sb , err ) ;
return err ;
}
2007-07-18 08:38:01 -04:00
/*
2017-08-05 19:47:34 -04:00
* Set directory link count to 1 if nlinks > EXT4_LINK_MAX , or if nlinks = = 2
* since this indicates that nlinks count was previously 1 to avoid overflowing
* the 16 - bit i_links_count field on disk . Directories with i_nlink = = 1 mean
* that subdirectory link counts are not being maintained accurately .
*
* The caller has already checked for i_nlink overflow in case the DIR_LINK
* feature is not enabled and returned - EMLINK . The is_dx ( ) check is a proxy
* for checking S_ISDIR ( inode ) ( since the INODE_INDEX feature will not be set
* on regular files ) and to avoid creating huge / slow non - HTREE directories .
2007-07-18 08:38:01 -04:00
*/
2020-08-26 16:31:16 +03:00
static void ext4_inc_count ( struct inode * inode )
2007-07-18 08:38:01 -04:00
{
inc_nlink ( inode ) ;
2017-08-05 19:47:34 -04:00
if ( is_dx ( inode ) & &
( inode - > i_nlink > EXT4_LINK_MAX | | inode - > i_nlink = = 2 ) )
set_nlink ( inode , 1 ) ;
2007-07-18 08:38:01 -04:00
}
/*
* If a directory had nlink = = 1 , then we should let it be 1. This indicates
* directory has > EXT4_LINK_MAX subdirs .
*/
2020-08-26 16:31:16 +03:00
static void ext4_dec_count ( struct inode * inode )
2007-07-18 08:38:01 -04:00
{
2011-10-26 03:22:31 -04:00
if ( ! S_ISDIR ( inode - > i_mode ) | | inode - > i_nlink > 2 )
drop_nlink ( inode ) ;
2007-07-18 08:38:01 -04:00
}
2019-11-05 17:44:11 +01:00
/*
* Add non - directory inode to a directory . On success , the inode reference is
* consumed by dentry is instantiation . This is also indicated by clearing of
* * inodep pointer . On failure , the caller is responsible for dropping the
* inode reference in the safe context .
*/
2006-10-11 01:20:53 -07:00
static int ext4_add_nondir ( handle_t * handle ,
2019-11-05 17:44:11 +01:00
struct dentry * dentry , struct inode * * inodep )
2006-10-11 01:20:50 -07:00
{
2019-11-05 17:44:10 +01:00
struct inode * dir = d_inode ( dentry - > d_parent ) ;
2019-11-05 17:44:11 +01:00
struct inode * inode = * inodep ;
2006-10-11 01:20:53 -07:00
int err = ext4_add_entry ( handle , dentry , inode ) ;
2006-10-11 01:20:50 -07:00
if ( ! err ) {
2020-04-26 18:34:37 -07:00
err = ext4_mark_inode_dirty ( handle , inode ) ;
2019-11-05 17:44:10 +01:00
if ( IS_DIRSYNC ( dir ) )
ext4_handle_sync ( handle ) ;
2018-05-04 08:23:01 -04:00
d_instantiate_new ( dentry , inode ) ;
2019-11-05 17:44:11 +01:00
* inodep = NULL ;
2020-04-26 18:34:37 -07:00
return err ;
2006-10-11 01:20:50 -07:00
}
2007-02-10 01:46:16 -08:00
drop_nlink ( inode ) ;
2019-11-05 17:44:11 +01:00
ext4_orphan_add ( handle , inode ) ;
2008-12-30 02:03:31 -05:00
unlock_new_inode ( inode ) ;
2006-10-11 01:20:50 -07:00
return err ;
}
/*
* By the time this is called , we already have created
* the directory cache entry for the new file , but it
* is so far negative - it has no inode .
*
* If the create succeeds , we fill in the inode information
* with d_instantiate ( ) .
*/
2023-01-13 12:49:13 +01:00
static int ext4_create ( struct mnt_idmap * idmap , struct inode * dir ,
2021-01-21 14:19:43 +01:00
struct dentry * dentry , umode_t mode , bool excl )
2006-10-11 01:20:50 -07:00
{
handle_t * handle ;
2020-11-05 19:58:53 -08:00
struct inode * inode ;
2013-02-09 16:27:09 -05:00
int err , credits , retries = 0 ;
2006-10-11 01:20:50 -07:00
2015-06-29 16:22:54 +02:00
err = dquot_initialize ( dir ) ;
if ( err )
return err ;
2010-03-03 09:05:06 -05:00
2013-02-09 16:27:09 -05:00
credits = ( EXT4_DATA_TRANS_BLOCKS ( dir - > i_sb ) +
2013-04-19 13:38:14 -04:00
EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3 ) ;
2006-10-11 01:20:50 -07:00
retry :
2023-01-13 12:49:25 +01:00
inode = ext4_new_inode_start_handle ( idmap , dir , mode , & dentry - > d_name ,
2021-01-21 14:19:57 +01:00
0 , NULL , EXT4_HT_DIR , credits ) ;
2013-02-09 16:27:09 -05:00
handle = ext4_journal_current_handle ( ) ;
2006-10-11 01:20:50 -07:00
err = PTR_ERR ( inode ) ;
if ( ! IS_ERR ( inode ) ) {
2006-10-11 01:20:53 -07:00
inode - > i_op = & ext4_file_inode_operations ;
2015-04-15 16:15:17 -07:00
inode - > i_fop = & ext4_file_operations ;
2006-10-11 01:20:53 -07:00
ext4_set_aops ( inode ) ;
2019-11-05 17:44:11 +01:00
err = ext4_add_nondir ( handle , dentry , & inode ) ;
2020-11-05 19:58:53 -08:00
if ( ! err )
ext4_fc_track_create ( handle , dentry ) ;
2006-10-11 01:20:50 -07:00
}
2013-02-09 16:27:09 -05:00
if ( handle )
ext4_journal_stop ( handle ) ;
2019-11-05 17:44:11 +01:00
if ( ! IS_ERR_OR_NULL ( inode ) )
iput ( inode ) ;
2006-10-11 01:20:53 -07:00
if ( err = = - ENOSPC & & ext4_should_retry_alloc ( dir - > i_sb , & retries ) )
2006-10-11 01:20:50 -07:00
goto retry ;
return err ;
}
2023-01-13 12:49:16 +01:00
static int ext4_mknod ( struct mnt_idmap * idmap , struct inode * dir ,
2021-01-21 14:19:43 +01:00
struct dentry * dentry , umode_t mode , dev_t rdev )
2006-10-11 01:20:50 -07:00
{
handle_t * handle ;
2020-11-05 19:58:53 -08:00
struct inode * inode ;
2013-02-09 16:27:09 -05:00
int err , credits , retries = 0 ;
2006-10-11 01:20:50 -07:00
2015-06-29 16:22:54 +02:00
err = dquot_initialize ( dir ) ;
if ( err )
return err ;
2010-03-03 09:05:06 -05:00
2013-02-09 16:27:09 -05:00
credits = ( EXT4_DATA_TRANS_BLOCKS ( dir - > i_sb ) +
2013-04-19 13:38:14 -04:00
EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3 ) ;
2006-10-11 01:20:50 -07:00
retry :
2023-01-13 12:49:25 +01:00
inode = ext4_new_inode_start_handle ( idmap , dir , mode , & dentry - > d_name ,
2021-01-21 14:19:57 +01:00
0 , NULL , EXT4_HT_DIR , credits ) ;
2013-02-09 16:27:09 -05:00
handle = ext4_journal_current_handle ( ) ;
2006-10-11 01:20:50 -07:00
err = PTR_ERR ( inode ) ;
if ( ! IS_ERR ( inode ) ) {
init_special_inode ( inode , inode - > i_mode , rdev ) ;
2006-10-11 01:20:53 -07:00
inode - > i_op = & ext4_special_inode_operations ;
2019-11-05 17:44:11 +01:00
err = ext4_add_nondir ( handle , dentry , & inode ) ;
2020-10-15 13:37:57 -07:00
if ( ! err )
2020-11-05 19:58:53 -08:00
ext4_fc_track_create ( handle , dentry ) ;
2006-10-11 01:20:50 -07:00
}
2013-02-09 16:27:09 -05:00
if ( handle )
ext4_journal_stop ( handle ) ;
2019-11-05 17:44:11 +01:00
if ( ! IS_ERR_OR_NULL ( inode ) )
iput ( inode ) ;
2006-10-11 01:20:53 -07:00
if ( err = = - ENOSPC & & ext4_should_retry_alloc ( dir - > i_sb , & retries ) )
2006-10-11 01:20:50 -07:00
goto retry ;
return err ;
}
2023-01-13 12:49:18 +01:00
static int ext4_tmpfile ( struct mnt_idmap * idmap , struct inode * dir ,
2022-09-24 07:00:00 +02:00
struct file * file , umode_t mode )
2013-06-29 13:23:08 +04:00
{
handle_t * handle ;
struct inode * inode ;
int err , retries = 0 ;
2015-06-29 16:22:54 +02:00
err = dquot_initialize ( dir ) ;
if ( err )
return err ;
2013-06-29 13:23:08 +04:00
retry :
2023-01-13 12:49:25 +01:00
inode = ext4_new_inode_start_handle ( idmap , dir , mode ,
2013-06-29 13:23:08 +04:00
NULL , 0 , NULL ,
EXT4_HT_DIR ,
EXT4_MAXQUOTAS_INIT_BLOCKS ( dir - > i_sb ) +
4 + EXT4_XATTR_TRANS_BLOCKS ) ;
handle = ext4_journal_current_handle ( ) ;
err = PTR_ERR ( inode ) ;
if ( ! IS_ERR ( inode ) ) {
inode - > i_op = & ext4_file_inode_operations ;
2015-04-15 16:15:17 -07:00
inode - > i_fop = & ext4_file_operations ;
2013-06-29 13:23:08 +04:00
ext4_set_aops ( inode ) ;
2022-09-24 07:00:00 +02:00
d_tmpfile ( file , inode ) ;
2013-06-29 13:23:08 +04:00
err = ext4_orphan_add ( handle , inode ) ;
if ( err )
2013-10-10 16:48:19 +02:00
goto err_unlock_inode ;
2013-06-29 13:23:08 +04:00
mark_inode_dirty ( inode ) ;
unlock_new_inode ( inode ) ;
}
if ( handle )
ext4_journal_stop ( handle ) ;
if ( err = = - ENOSPC & & ext4_should_retry_alloc ( dir - > i_sb , & retries ) )
goto retry ;
2022-09-24 07:00:00 +02:00
return finish_open_simple ( file , err ) ;
2013-10-10 16:48:19 +02:00
err_unlock_inode :
2013-06-29 13:23:08 +04:00
ext4_journal_stop ( handle ) ;
unlock_new_inode ( inode ) ;
return err ;
}
2012-12-10 14:05:57 -05:00
struct ext4_dir_entry_2 * ext4_init_dot_dotdot ( struct inode * inode ,
struct ext4_dir_entry_2 * de ,
int blocksize , int csum_size ,
unsigned int parent_ino , int dotdot_real_len )
{
de - > inode = cpu_to_le32 ( inode - > i_ino ) ;
de - > name_len = 1 ;
2021-03-19 07:34:13 +00:00
de - > rec_len = ext4_rec_len_to_disk ( ext4_dir_rec_len ( de - > name_len , NULL ) ,
2012-12-10 14:05:57 -05:00
blocksize ) ;
strcpy ( de - > name , " . " ) ;
ext4_set_de_type ( inode - > i_sb , de , S_IFDIR ) ;
de = ext4_next_entry ( de , blocksize ) ;
de - > inode = cpu_to_le32 ( parent_ino ) ;
de - > name_len = 2 ;
if ( ! dotdot_real_len )
de - > rec_len = ext4_rec_len_to_disk ( blocksize -
2021-03-19 07:34:13 +00:00
( csum_size + ext4_dir_rec_len ( 1 , NULL ) ) ,
2012-12-10 14:05:57 -05:00
blocksize ) ;
else
de - > rec_len = ext4_rec_len_to_disk (
2021-03-19 07:34:13 +00:00
ext4_dir_rec_len ( de - > name_len , NULL ) ,
blocksize ) ;
2012-12-10 14:05:57 -05:00
strcpy ( de - > name , " .. " ) ;
ext4_set_de_type ( inode - > i_sb , de , S_IFDIR ) ;
return ext4_next_entry ( de , blocksize ) ;
}
2020-10-15 13:37:59 -07:00
int ext4_init_new_dir ( handle_t * handle , struct inode * dir ,
2012-12-10 14:05:57 -05:00
struct inode * inode )
2006-10-11 01:20:50 -07:00
{
2011-01-10 12:11:16 -05:00
struct buffer_head * dir_block = NULL ;
2008-09-08 22:25:24 -04:00
struct ext4_dir_entry_2 * de ;
2013-02-14 23:59:26 -05:00
ext4_lblk_t block = 0 ;
2009-02-14 23:01:36 -05:00
unsigned int blocksize = dir - > i_sb - > s_blocksize ;
2012-04-29 18:41:10 -04:00
int csum_size = 0 ;
2012-12-10 14:05:57 -05:00
int err ;
2006-10-11 01:20:50 -07:00
2014-10-13 03:36:16 -04:00
if ( ext4_has_metadata_csum ( dir - > i_sb ) )
2012-04-29 18:41:10 -04:00
csum_size = sizeof ( struct ext4_dir_entry_tail ) ;
2012-12-10 14:05:59 -05:00
if ( ext4_test_inode_state ( inode , EXT4_STATE_MAY_INLINE_DATA ) ) {
err = ext4_try_create_inline_dir ( handle , dir , inode ) ;
if ( err < 0 & & err ! = - ENOSPC )
goto out ;
if ( ! err )
goto out ;
}
2013-02-14 23:59:26 -05:00
inode - > i_size = 0 ;
2013-02-15 03:35:57 -05:00
dir_block = ext4_append ( handle , inode , & block ) ;
if ( IS_ERR ( dir_block ) )
return PTR_ERR ( dir_block ) ;
2012-12-10 14:05:57 -05:00
de = ( struct ext4_dir_entry_2 * ) dir_block - > b_data ;
ext4_init_dot_dotdot ( inode , de , blocksize , csum_size , dir - > i_ino , 0 ) ;
set_nlink ( inode , 2 ) ;
2019-06-21 16:31:47 -04:00
if ( csum_size )
ext4_initialize_dirent_tail ( dir_block , blocksize ) ;
2012-12-10 14:05:57 -05:00
BUFFER_TRACE ( dir_block , " call ext4_handle_dirty_metadata " ) ;
2019-06-21 15:49:26 -04:00
err = ext4_handle_dirty_dirblock ( handle , inode , dir_block ) ;
2012-12-10 14:05:57 -05:00
if ( err )
goto out ;
set_buffer_verified ( dir_block ) ;
out :
brelse ( dir_block ) ;
return err ;
}
2023-01-13 12:49:15 +01:00
static int ext4_mkdir ( struct mnt_idmap * idmap , struct inode * dir ,
2021-01-21 14:19:43 +01:00
struct dentry * dentry , umode_t mode )
2012-12-10 14:05:57 -05:00
{
handle_t * handle ;
struct inode * inode ;
2020-04-26 18:34:37 -07:00
int err , err2 = 0 , credits , retries = 0 ;
2012-12-10 14:05:57 -05:00
2007-07-18 08:38:01 -04:00
if ( EXT4_DIR_LINK_MAX ( dir ) )
2006-10-11 01:20:50 -07:00
return - EMLINK ;
2015-06-29 16:22:54 +02:00
err = dquot_initialize ( dir ) ;
if ( err )
return err ;
2010-03-03 09:05:06 -05:00
2013-02-09 16:27:09 -05:00
credits = ( EXT4_DATA_TRANS_BLOCKS ( dir - > i_sb ) +
2013-04-19 13:38:14 -04:00
EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3 ) ;
2006-10-11 01:20:50 -07:00
retry :
2023-01-13 12:49:25 +01:00
inode = ext4_new_inode_start_handle ( idmap , dir , S_IFDIR | mode ,
2013-02-09 16:27:09 -05:00
& dentry - > d_name ,
0 , NULL , EXT4_HT_DIR , credits ) ;
handle = ext4_journal_current_handle ( ) ;
2006-10-11 01:20:50 -07:00
err = PTR_ERR ( inode ) ;
if ( IS_ERR ( inode ) )
goto out_stop ;
2006-10-11 01:20:53 -07:00
inode - > i_op = & ext4_dir_inode_operations ;
inode - > i_fop = & ext4_dir_operations ;
2012-12-10 14:05:57 -05:00
err = ext4_init_new_dir ( handle , dir , inode ) ;
2011-01-10 12:11:16 -05:00
if ( err )
goto out_clear_inode ;
err = ext4_mark_inode_dirty ( handle , inode ) ;
if ( ! err )
err = ext4_add_entry ( handle , dentry , inode ) ;
2006-10-11 01:20:50 -07:00
if ( err ) {
2008-02-22 06:17:31 -05:00
out_clear_inode :
clear_nlink ( inode ) ;
2019-11-05 17:44:11 +01:00
ext4_orphan_add ( handle , inode ) ;
2008-12-30 02:03:31 -05:00
unlock_new_inode ( inode ) ;
2020-04-26 18:34:37 -07:00
err2 = ext4_mark_inode_dirty ( handle , inode ) ;
if ( unlikely ( err2 ) )
err = err2 ;
2019-11-05 17:44:11 +01:00
ext4_journal_stop ( handle ) ;
2008-09-08 22:25:24 -04:00
iput ( inode ) ;
2019-11-05 17:44:11 +01:00
goto out_retry ;
2006-10-11 01:20:50 -07:00
}
2020-08-26 16:31:16 +03:00
ext4_inc_count ( dir ) ;
2020-10-15 13:37:57 -07:00
2006-10-11 01:20:53 -07:00
ext4_update_dx_flag ( dir ) ;
2011-01-10 12:11:16 -05:00
err = ext4_mark_inode_dirty ( handle , dir ) ;
if ( err )
goto out_clear_inode ;
2018-05-04 08:23:01 -04:00
d_instantiate_new ( dentry , inode ) ;
2020-11-05 19:58:53 -08:00
ext4_fc_track_create ( handle , dentry ) ;
2013-02-09 16:27:09 -05:00
if ( IS_DIRSYNC ( dir ) )
ext4_handle_sync ( handle ) ;
2006-10-11 01:20:50 -07:00
out_stop :
2013-02-09 16:27:09 -05:00
if ( handle )
ext4_journal_stop ( handle ) ;
2019-11-05 17:44:11 +01:00
out_retry :
2006-10-11 01:20:53 -07:00
if ( err = = - ENOSPC & & ext4_should_retry_alloc ( dir - > i_sb , & retries ) )
2006-10-11 01:20:50 -07:00
goto retry ;
return err ;
}
/*
* routine to check that the specified directory is empty ( for rmdir )
*/
2016-07-10 14:01:03 -04:00
bool ext4_empty_dir ( struct inode * inode )
2006-10-11 01:20:50 -07:00
{
2008-11-05 00:14:04 -05:00
unsigned int offset ;
2008-09-08 22:25:24 -04:00
struct buffer_head * bh ;
2019-12-02 18:02:12 +01:00
struct ext4_dir_entry_2 * de ;
2008-09-08 22:25:24 -04:00
struct super_block * sb ;
2006-10-11 01:20:50 -07:00
2012-12-10 14:06:01 -05:00
if ( ext4_has_inline_data ( inode ) ) {
int has_inline_data = 1 ;
2016-07-10 14:01:03 -04:00
int ret ;
2012-12-10 14:06:01 -05:00
2016-07-10 14:01:03 -04:00
ret = empty_inline_dir ( inode , & has_inline_data ) ;
2012-12-10 14:06:01 -05:00
if ( has_inline_data )
2016-07-10 14:01:03 -04:00
return ret ;
2012-12-10 14:06:01 -05:00
}
2006-10-11 01:20:50 -07:00
sb = inode - > i_sb ;
2021-03-19 07:34:13 +00:00
if ( inode - > i_size < ext4_dir_rec_len ( 1 , NULL ) +
ext4_dir_rec_len ( 2 , NULL ) ) {
2013-02-14 23:59:26 -05:00
EXT4_ERROR_INODE ( inode , " invalid size " ) ;
ext4: fix fs corruption when tring to remove a non-empty directory with IO error
We inject IO error when rmdir non empty direcory, then got issue as follows:
step1: mkfs.ext4 -F /dev/sda
step2: mount /dev/sda test
step3: cd test
step4: mkdir -p 1/2
step5: rmdir 1
[ 110.920551] ext4_empty_dir: inject fault
[ 110.921926] EXT4-fs warning (device sda): ext4_rmdir:3113: inode #12:
comm rmdir: empty directory '1' has too many links (3)
step6: cd ..
step7: umount test
step8: fsck.ext4 -f /dev/sda
e2fsck 1.42.9 (28-Dec-2013)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Entry '..' in .../??? (13) has deleted/unused inode 12. Clear<y>? yes
Pass 3: Checking directory connectivity
Unconnected directory inode 13 (...)
Connect to /lost+found<y>? yes
Pass 4: Checking reference counts
Inode 13 ref count is 3, should be 2. Fix<y>? yes
Pass 5: Checking group summary information
/dev/sda: ***** FILE SYSTEM WAS MODIFIED *****
/dev/sda: 12/131072 files (0.0% non-contiguous), 26157/524288 blocks
ext4_rmdir
if (!ext4_empty_dir(inode))
goto end_rmdir;
ext4_empty_dir
bh = ext4_read_dirblock(inode, 0, DIRENT_HTREE);
if (IS_ERR(bh))
return true;
Now if read directory block failed, 'ext4_empty_dir' will return true, assume
directory is empty. Obviously, it will lead to above issue.
To solve this issue, if read directory block failed 'ext4_empty_dir' just
return false. To avoid making things worse when file system is already
corrupted, 'ext4_empty_dir' also return false.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20220228024815.3952506-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2022-02-28 10:48:15 +08:00
return false ;
2006-10-11 01:20:50 -07:00
}
2019-06-20 21:19:02 -04:00
/* The first directory block must not be a hole,
* so treat it as DIRENT_HTREE
*/
bh = ext4_read_dirblock ( inode , 0 , DIRENT_HTREE ) ;
2013-02-14 23:59:26 -05:00
if ( IS_ERR ( bh ) )
ext4: fix fs corruption when tring to remove a non-empty directory with IO error
We inject IO error when rmdir non empty direcory, then got issue as follows:
step1: mkfs.ext4 -F /dev/sda
step2: mount /dev/sda test
step3: cd test
step4: mkdir -p 1/2
step5: rmdir 1
[ 110.920551] ext4_empty_dir: inject fault
[ 110.921926] EXT4-fs warning (device sda): ext4_rmdir:3113: inode #12:
comm rmdir: empty directory '1' has too many links (3)
step6: cd ..
step7: umount test
step8: fsck.ext4 -f /dev/sda
e2fsck 1.42.9 (28-Dec-2013)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Entry '..' in .../??? (13) has deleted/unused inode 12. Clear<y>? yes
Pass 3: Checking directory connectivity
Unconnected directory inode 13 (...)
Connect to /lost+found<y>? yes
Pass 4: Checking reference counts
Inode 13 ref count is 3, should be 2. Fix<y>? yes
Pass 5: Checking group summary information
/dev/sda: ***** FILE SYSTEM WAS MODIFIED *****
/dev/sda: 12/131072 files (0.0% non-contiguous), 26157/524288 blocks
ext4_rmdir
if (!ext4_empty_dir(inode))
goto end_rmdir;
ext4_empty_dir
bh = ext4_read_dirblock(inode, 0, DIRENT_HTREE);
if (IS_ERR(bh))
return true;
Now if read directory block failed, 'ext4_empty_dir' will return true, assume
directory is empty. Obviously, it will lead to above issue.
To solve this issue, if read directory block failed 'ext4_empty_dir' just
return false. To avoid making things worse when file system is already
corrupted, 'ext4_empty_dir' also return false.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20220228024815.3952506-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2022-02-28 10:48:15 +08:00
return false ;
2013-02-14 23:59:26 -05:00
2006-10-11 01:20:53 -07:00
de = ( struct ext4_dir_entry_2 * ) bh - > b_data ;
2019-12-02 18:02:12 +01:00
if ( ext4_check_dir_entry ( inode , NULL , de , bh , bh - > b_data , bh - > b_size ,
0 ) | |
le32_to_cpu ( de - > inode ) ! = inode - > i_ino | | strcmp ( " . " , de - > name ) ) {
ext4_warning_inode ( inode , " directory missing '.' " ) ;
brelse ( bh ) ;
ext4: fix fs corruption when tring to remove a non-empty directory with IO error
We inject IO error when rmdir non empty direcory, then got issue as follows:
step1: mkfs.ext4 -F /dev/sda
step2: mount /dev/sda test
step3: cd test
step4: mkdir -p 1/2
step5: rmdir 1
[ 110.920551] ext4_empty_dir: inject fault
[ 110.921926] EXT4-fs warning (device sda): ext4_rmdir:3113: inode #12:
comm rmdir: empty directory '1' has too many links (3)
step6: cd ..
step7: umount test
step8: fsck.ext4 -f /dev/sda
e2fsck 1.42.9 (28-Dec-2013)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Entry '..' in .../??? (13) has deleted/unused inode 12. Clear<y>? yes
Pass 3: Checking directory connectivity
Unconnected directory inode 13 (...)
Connect to /lost+found<y>? yes
Pass 4: Checking reference counts
Inode 13 ref count is 3, should be 2. Fix<y>? yes
Pass 5: Checking group summary information
/dev/sda: ***** FILE SYSTEM WAS MODIFIED *****
/dev/sda: 12/131072 files (0.0% non-contiguous), 26157/524288 blocks
ext4_rmdir
if (!ext4_empty_dir(inode))
goto end_rmdir;
ext4_empty_dir
bh = ext4_read_dirblock(inode, 0, DIRENT_HTREE);
if (IS_ERR(bh))
return true;
Now if read directory block failed, 'ext4_empty_dir' will return true, assume
directory is empty. Obviously, it will lead to above issue.
To solve this issue, if read directory block failed 'ext4_empty_dir' just
return false. To avoid making things worse when file system is already
corrupted, 'ext4_empty_dir' also return false.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20220228024815.3952506-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2022-02-28 10:48:15 +08:00
return false ;
2019-12-02 18:02:12 +01:00
}
offset = ext4_rec_len_from_disk ( de - > rec_len , sb - > s_blocksize ) ;
de = ext4_next_entry ( de , sb - > s_blocksize ) ;
if ( ext4_check_dir_entry ( inode , NULL , de , bh , bh - > b_data , bh - > b_size ,
offset ) | |
le32_to_cpu ( de - > inode ) = = 0 | | strcmp ( " .. " , de - > name ) ) {
ext4_warning_inode ( inode , " directory missing '..' " ) ;
2008-09-08 22:25:24 -04:00
brelse ( bh ) ;
ext4: fix fs corruption when tring to remove a non-empty directory with IO error
We inject IO error when rmdir non empty direcory, then got issue as follows:
step1: mkfs.ext4 -F /dev/sda
step2: mount /dev/sda test
step3: cd test
step4: mkdir -p 1/2
step5: rmdir 1
[ 110.920551] ext4_empty_dir: inject fault
[ 110.921926] EXT4-fs warning (device sda): ext4_rmdir:3113: inode #12:
comm rmdir: empty directory '1' has too many links (3)
step6: cd ..
step7: umount test
step8: fsck.ext4 -f /dev/sda
e2fsck 1.42.9 (28-Dec-2013)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Entry '..' in .../??? (13) has deleted/unused inode 12. Clear<y>? yes
Pass 3: Checking directory connectivity
Unconnected directory inode 13 (...)
Connect to /lost+found<y>? yes
Pass 4: Checking reference counts
Inode 13 ref count is 3, should be 2. Fix<y>? yes
Pass 5: Checking group summary information
/dev/sda: ***** FILE SYSTEM WAS MODIFIED *****
/dev/sda: 12/131072 files (0.0% non-contiguous), 26157/524288 blocks
ext4_rmdir
if (!ext4_empty_dir(inode))
goto end_rmdir;
ext4_empty_dir
bh = ext4_read_dirblock(inode, 0, DIRENT_HTREE);
if (IS_ERR(bh))
return true;
Now if read directory block failed, 'ext4_empty_dir' will return true, assume
directory is empty. Obviously, it will lead to above issue.
To solve this issue, if read directory block failed 'ext4_empty_dir' just
return false. To avoid making things worse when file system is already
corrupted, 'ext4_empty_dir' also return false.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20220228024815.3952506-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2022-02-28 10:48:15 +08:00
return false ;
2006-10-11 01:20:50 -07:00
}
2019-12-02 18:02:12 +01:00
offset + = ext4_rec_len_from_disk ( de - > rec_len , sb - > s_blocksize ) ;
2008-09-08 22:25:24 -04:00
while ( offset < inode - > i_size ) {
2019-12-02 18:02:12 +01:00
if ( ! ( offset & ( sb - > s_blocksize - 1 ) ) ) {
2010-05-16 21:00:00 -04:00
unsigned int lblock ;
2008-09-08 22:25:24 -04:00
brelse ( bh ) ;
2010-05-16 21:00:00 -04:00
lblock = offset > > EXT4_BLOCK_SIZE_BITS ( sb ) ;
2013-02-14 23:59:26 -05:00
bh = ext4_read_dirblock ( inode , lblock , EITHER ) ;
2019-06-20 21:19:02 -04:00
if ( bh = = NULL ) {
offset + = sb - > s_blocksize ;
continue ;
}
2013-02-14 23:59:26 -05:00
if ( IS_ERR ( bh ) )
ext4: fix fs corruption when tring to remove a non-empty directory with IO error
We inject IO error when rmdir non empty direcory, then got issue as follows:
step1: mkfs.ext4 -F /dev/sda
step2: mount /dev/sda test
step3: cd test
step4: mkdir -p 1/2
step5: rmdir 1
[ 110.920551] ext4_empty_dir: inject fault
[ 110.921926] EXT4-fs warning (device sda): ext4_rmdir:3113: inode #12:
comm rmdir: empty directory '1' has too many links (3)
step6: cd ..
step7: umount test
step8: fsck.ext4 -f /dev/sda
e2fsck 1.42.9 (28-Dec-2013)
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Entry '..' in .../??? (13) has deleted/unused inode 12. Clear<y>? yes
Pass 3: Checking directory connectivity
Unconnected directory inode 13 (...)
Connect to /lost+found<y>? yes
Pass 4: Checking reference counts
Inode 13 ref count is 3, should be 2. Fix<y>? yes
Pass 5: Checking group summary information
/dev/sda: ***** FILE SYSTEM WAS MODIFIED *****
/dev/sda: 12/131072 files (0.0% non-contiguous), 26157/524288 blocks
ext4_rmdir
if (!ext4_empty_dir(inode))
goto end_rmdir;
ext4_empty_dir
bh = ext4_read_dirblock(inode, 0, DIRENT_HTREE);
if (IS_ERR(bh))
return true;
Now if read directory block failed, 'ext4_empty_dir' will return true, assume
directory is empty. Obviously, it will lead to above issue.
To solve this issue, if read directory block failed 'ext4_empty_dir' just
return false. To avoid making things worse when file system is already
corrupted, 'ext4_empty_dir' also return false.
Signed-off-by: Ye Bin <yebin10@huawei.com>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20220228024815.3952506-1-yebin10@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2022-02-28 10:48:15 +08:00
return false ;
2006-10-11 01:20:50 -07:00
}
2019-12-02 18:02:12 +01:00
de = ( struct ext4_dir_entry_2 * ) ( bh - > b_data +
( offset & ( sb - > s_blocksize - 1 ) ) ) ;
2012-12-10 14:05:58 -05:00
if ( ext4_check_dir_entry ( inode , NULL , de , bh ,
2022-06-22 17:02:23 +08:00
bh - > b_data , bh - > b_size , offset ) | |
le32_to_cpu ( de - > inode ) ) {
2008-09-08 22:25:24 -04:00
brelse ( bh ) ;
2016-07-10 14:01:03 -04:00
return false ;
2006-10-11 01:20:50 -07:00
}
2009-02-14 23:01:36 -05:00
offset + = ext4_rec_len_from_disk ( de - > rec_len , sb - > s_blocksize ) ;
2006-10-11 01:20:50 -07:00
}
2008-09-08 22:25:24 -04:00
brelse ( bh ) ;
2016-07-10 14:01:03 -04:00
return true ;
2006-10-11 01:20:50 -07:00
}
2008-09-08 22:25:24 -04:00
static int ext4_rmdir ( struct inode * dir , struct dentry * dentry )
2006-10-11 01:20:50 -07:00
{
int retval ;
2008-09-08 22:25:24 -04:00
struct inode * inode ;
struct buffer_head * bh ;
struct ext4_dir_entry_2 * de ;
2013-02-09 09:45:11 -05:00
handle_t * handle = NULL ;
2006-10-11 01:20:50 -07:00
2017-02-05 01:28:48 -05:00
if ( unlikely ( ext4_forced_shutdown ( EXT4_SB ( dir - > i_sb ) ) ) )
return - EIO ;
2006-10-11 01:20:50 -07:00
/* Initialize quotas before so that eventual writes go in
* separate transaction */
2015-06-29 16:22:54 +02:00
retval = dquot_initialize ( dir ) ;
if ( retval )
return retval ;
retval = dquot_initialize ( d_inode ( dentry ) ) ;
if ( retval )
return retval ;
2010-03-03 09:05:06 -05:00
2006-10-11 01:20:50 -07:00
retval = - ENOENT ;
2012-12-10 14:06:01 -05:00
bh = ext4_find_entry ( dir , & dentry - > d_name , & de , NULL ) ;
2014-08-23 17:47:19 -04:00
if ( IS_ERR ( bh ) )
return PTR_ERR ( bh ) ;
2006-10-11 01:20:50 -07:00
if ( ! bh )
goto end_rmdir ;
2015-03-17 22:25:59 +00:00
inode = d_inode ( dentry ) ;
2006-10-11 01:20:50 -07:00
2015-10-17 16:16:04 -04:00
retval = - EFSCORRUPTED ;
2006-10-11 01:20:50 -07:00
if ( le32_to_cpu ( de - > inode ) ! = inode - > i_ino )
goto end_rmdir ;
retval = - ENOTEMPTY ;
2015-04-11 07:46:49 -04:00
if ( ! ext4_empty_dir ( inode ) )
2006-10-11 01:20:50 -07:00
goto end_rmdir ;
2013-02-09 09:45:11 -05:00
handle = ext4_journal_start ( dir , EXT4_HT_DIR ,
2013-02-09 15:06:24 -05:00
EXT4_DATA_TRANS_BLOCKS ( dir - > i_sb ) ) ;
2013-02-09 09:45:11 -05:00
if ( IS_ERR ( handle ) ) {
retval = PTR_ERR ( handle ) ;
handle = NULL ;
goto end_rmdir ;
}
if ( IS_DIRSYNC ( dir ) )
ext4_handle_sync ( handle ) ;
2006-10-11 01:20:53 -07:00
retval = ext4_delete_entry ( handle , dir , de , bh ) ;
2006-10-11 01:20:50 -07:00
if ( retval )
goto end_rmdir ;
2007-07-18 08:38:01 -04:00
if ( ! EXT4_DIR_LINK_EMPTY ( inode ) )
2015-06-15 14:50:26 -04:00
ext4_warning_inode ( inode ,
" empty directory '%.*s' has too many links (%u) " ,
dentry - > d_name . len , dentry - > d_name . name ,
2008-09-08 22:25:24 -04:00
inode - > i_nlink ) ;
2018-01-09 08:21:39 -05:00
inode_inc_iversion ( inode ) ;
2006-10-11 01:20:50 -07:00
clear_nlink ( inode ) ;
/* There's no need to set i_disksize: the fact that i_nlink is
* zero will ensure that the right thing happens during any
* recovery . */
inode - > i_size = 0 ;
2006-10-11 01:20:53 -07:00
ext4_orphan_add ( handle , inode ) ;
2016-11-14 21:40:10 -05:00
inode - > i_ctime = dir - > i_ctime = dir - > i_mtime = current_time ( inode ) ;
2020-04-26 18:34:37 -07:00
retval = ext4_mark_inode_dirty ( handle , inode ) ;
if ( retval )
goto end_rmdir ;
2020-08-26 16:31:16 +03:00
ext4_dec_count ( dir ) ;
2006-10-11 01:20:53 -07:00
ext4_update_dx_flag ( dir ) ;
2020-11-05 19:58:53 -08:00
ext4_fc_track_unlink ( handle , dentry ) ;
2020-04-26 18:34:37 -07:00
retval = ext4_mark_inode_dirty ( handle , dir ) ;
2006-10-11 01:20:50 -07:00
2022-01-18 07:56:14 +01:00
# if IS_ENABLED(CONFIG_UNICODE)
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
/* VFS negative dentries are incompatible with Encoding and
* Case - insensitiveness . Eventually we ' ll want avoid
* invalidating the dentries here , alongside with returning the
* negative dentries at ext4_lookup ( ) , when it is better
* supported by the VFS for the CI case .
*/
if ( IS_CASEFOLDED ( dir ) )
d_invalidate ( dentry ) ;
# endif
2006-10-11 01:20:50 -07:00
end_rmdir :
2008-09-08 22:25:24 -04:00
brelse ( bh ) ;
2013-02-09 09:45:11 -05:00
if ( handle )
ext4_journal_stop ( handle ) ;
2006-10-11 01:20:50 -07:00
return retval ;
}
2022-11-06 14:48:36 -08:00
int __ext4_unlink ( struct inode * dir , const struct qstr * d_name ,
struct inode * inode ,
struct dentry * dentry /* NULL during fast_commit recovery */ )
2006-10-11 01:20:50 -07:00
{
2020-10-15 13:37:59 -07:00
int retval = - ENOENT ;
2008-09-08 22:25:24 -04:00
struct buffer_head * bh ;
struct ext4_dir_entry_2 * de ;
2022-11-06 14:48:36 -08:00
handle_t * handle ;
2020-10-15 13:37:59 -07:00
int skip_remove_dentry = 0 ;
2006-10-11 01:20:50 -07:00
2022-11-06 14:48:36 -08:00
/*
* Keep this outside the transaction ; it may have to set up the
* directory ' s encryption key , which isn ' t GFP_NOFS - safe .
*/
2020-10-15 13:37:59 -07:00
bh = ext4_find_entry ( dir , d_name , & de , NULL ) ;
if ( IS_ERR ( bh ) )
return PTR_ERR ( bh ) ;
2006-10-11 01:20:50 -07:00
2020-10-15 13:37:59 -07:00
if ( ! bh )
return - ENOENT ;
2006-10-11 01:20:50 -07:00
2020-06-29 20:26:21 +08:00
if ( le32_to_cpu ( de - > inode ) ! = inode - > i_ino ) {
2020-10-15 13:37:59 -07:00
/*
* It ' s okay if we find dont find dentry which matches
* the inode . That ' s because it might have gotten
* renamed to a different inode number
*/
if ( EXT4_SB ( inode - > i_sb ) - > s_mount_state & EXT4_FC_REPLAY )
skip_remove_dentry = 1 ;
else
2022-11-06 14:48:36 -08:00
goto out_bh ;
}
handle = ext4_journal_start ( dir , EXT4_HT_DIR ,
EXT4_DATA_TRANS_BLOCKS ( dir - > i_sb ) ) ;
if ( IS_ERR ( handle ) ) {
retval = PTR_ERR ( handle ) ;
goto out_bh ;
2013-02-09 09:43:39 -05:00
}
if ( IS_DIRSYNC ( dir ) )
ext4_handle_sync ( handle ) ;
2020-10-15 13:37:59 -07:00
if ( ! skip_remove_dentry ) {
retval = ext4_delete_entry ( handle , dir , de , bh ) ;
if ( retval )
2022-11-06 14:48:36 -08:00
goto out_handle ;
2020-10-15 13:37:59 -07:00
dir - > i_ctime = dir - > i_mtime = current_time ( dir ) ;
ext4_update_dx_flag ( dir ) ;
retval = ext4_mark_inode_dirty ( handle , dir ) ;
if ( retval )
2022-11-06 14:48:36 -08:00
goto out_handle ;
2020-10-15 13:37:59 -07:00
} else {
retval = 0 ;
}
2019-11-11 22:18:13 -05:00
if ( inode - > i_nlink = = 0 )
ext4_warning_inode ( inode , " Deleting file '%.*s' with no links " ,
2020-10-15 13:37:59 -07:00
d_name - > len , d_name - > name ) ;
2019-11-11 22:18:13 -05:00
else
drop_nlink ( inode ) ;
2006-10-11 01:20:50 -07:00
if ( ! inode - > i_nlink )
2006-10-11 01:20:53 -07:00
ext4_orphan_add ( handle , inode ) ;
2016-11-14 21:40:10 -05:00
inode - > i_ctime = current_time ( inode ) ;
2020-04-26 18:34:37 -07:00
retval = ext4_mark_inode_dirty ( handle , inode ) ;
2022-11-06 14:48:36 -08:00
if ( dentry & & ! retval )
ext4_fc_track_unlink ( handle , dentry ) ;
out_handle :
ext4_journal_stop ( handle ) ;
out_bh :
2020-10-15 13:37:59 -07:00
brelse ( bh ) ;
return retval ;
}
static int ext4_unlink ( struct inode * dir , struct dentry * dentry )
{
int retval ;
if ( unlikely ( ext4_forced_shutdown ( EXT4_SB ( dir - > i_sb ) ) ) )
return - EIO ;
trace_ext4_unlink_enter ( dir , dentry ) ;
/*
* Initialize quotas before so that eventual writes go
* in separate transaction
*/
retval = dquot_initialize ( dir ) ;
if ( retval )
goto out_trace ;
retval = dquot_initialize ( d_inode ( dentry ) ) ;
if ( retval )
goto out_trace ;
2022-11-06 14:48:36 -08:00
retval = __ext4_unlink ( dir , & dentry - > d_name , d_inode ( dentry ) , dentry ) ;
2022-01-18 07:56:14 +01:00
# if IS_ENABLED(CONFIG_UNICODE)
ext4: Support case-insensitive file name lookups
This patch implements the actual support for case-insensitive file name
lookups in ext4, based on the feature bit and the encoding stored in the
superblock.
A filesystem that has the casefold feature set is able to configure
directories with the +F (EXT4_CASEFOLD_FL) attribute, enabling lookups
to succeed in that directory in a case-insensitive fashion, i.e: match
a directory entry even if the name used by userspace is not a byte per
byte match with the disk name, but is an equivalent case-insensitive
version of the Unicode string. This operation is called a
case-insensitive file name lookup.
The feature is configured as an inode attribute applied to directories
and inherited by its children. This attribute can only be enabled on
empty directories for filesystems that support the encoding feature,
thus preventing collision of file names that only differ by case.
* dcache handling:
For a +F directory, Ext4 only stores the first equivalent name dentry
used in the dcache. This is done to prevent unintentional duplication of
dentries in the dcache, while also allowing the VFS code to quickly find
the right entry in the cache despite which equivalent string was used in
a previous lookup, without having to resort to ->lookup().
d_hash() of casefolded directories is implemented as the hash of the
casefolded string, such that we always have a well-known bucket for all
the equivalencies of the same string. d_compare() uses the
utf8_strncasecmp() infrastructure, which handles the comparison of
equivalent, same case, names as well.
For now, negative lookups are not inserted in the dcache, since they
would need to be invalidated anyway, because we can't trust missing file
dentries. This is bad for performance but requires some leveraging of
the vfs layer to fix. We can live without that for now, and so does
everyone else.
* on-disk data:
Despite using a specific version of the name as the internal
representation within the dcache, the name stored and fetched from the
disk is a byte-per-byte match with what the user requested, making this
implementation 'name-preserving'. i.e. no actual information is lost
when writing to storage.
DX is supported by modifying the hashes used in +F directories to make
them case/encoding-aware. The new disk hashes are calculated as the
hash of the full casefolded string, instead of the string directly.
This allows us to efficiently search for file names in the htree without
requiring the user to provide an exact name.
* Dealing with invalid sequences:
By default, when a invalid UTF-8 sequence is identified, ext4 will treat
it as an opaque byte sequence, ignoring the encoding and reverting to
the old behavior for that unique file. This means that case-insensitive
file name lookup will not work only for that file. An optional bit can
be set in the superblock telling the filesystem code and userspace tools
to enforce the encoding. When that optional bit is set, any attempt to
create a file name using an invalid UTF-8 sequence will fail and return
an error to userspace.
* Normalization algorithm:
The UTF-8 algorithms used to compare strings in ext4 is implemented
lives in fs/unicode, and is based on a previous version developed by
SGI. It implements the Canonical decomposition (NFD) algorithm
described by the Unicode specification 12.1, or higher, combined with
the elimination of ignorable code points (NFDi) and full
case-folding (CF) as documented in fs/unicode/utf8_norm.c.
NFD seems to be the best normalization method for EXT4 because:
- It has a lower cost than NFC/NFKC (which requires
decomposing to NFD as an intermediary step)
- It doesn't eliminate important semantic meaning like
compatibility decompositions.
Although:
- This implementation is not completely linguistic accurate, because
different languages have conflicting rules, which would require the
specialization of the filesystem to a given locale, which brings all
sorts of problems for removable media and for users who use more than
one language.
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.co.uk>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2019-04-25 14:12:08 -04:00
/* VFS negative dentries are incompatible with Encoding and
* Case - insensitiveness . Eventually we ' ll want avoid
* invalidating the dentries here , alongside with returning the
* negative dentries at ext4_lookup ( ) , when it is better
* supported by the VFS for the CI case .
*/
if ( IS_CASEFOLDED ( dir ) )
d_invalidate ( dentry ) ;
# endif
2020-06-29 20:26:21 +08:00
out_trace :
2011-03-21 21:38:05 -04:00
trace_ext4_unlink_exit ( dentry , retval ) ;
2006-10-11 01:20:50 -07:00
return retval ;
}
2022-04-24 22:09:36 +08:00
static int ext4_init_symlink_block ( handle_t * handle , struct inode * inode ,
struct fscrypt_str * disk_link )
{
struct buffer_head * bh ;
char * kaddr ;
int err = 0 ;
bh = ext4_bread ( handle , inode , 0 , EXT4_GET_BLOCKS_CREATE ) ;
if ( IS_ERR ( bh ) )
return PTR_ERR ( bh ) ;
BUFFER_TRACE ( bh , " get_write_access " ) ;
err = ext4_journal_get_write_access ( handle , inode - > i_sb , bh , EXT4_JTR_NONE ) ;
if ( err )
goto out ;
kaddr = ( char * ) bh - > b_data ;
memcpy ( kaddr , disk_link - > name , disk_link - > len ) ;
inode - > i_size = disk_link - > len - 1 ;
EXT4_I ( inode ) - > i_disksize = inode - > i_size ;
err = ext4_handle_dirty_metadata ( handle , inode , bh ) ;
out :
brelse ( bh ) ;
return err ;
}
2023-01-13 12:49:14 +01:00
static int ext4_symlink ( struct mnt_idmap * idmap , struct inode * dir ,
2008-09-08 22:25:24 -04:00
struct dentry * dentry , const char * symname )
2006-10-11 01:20:50 -07:00
{
handle_t * handle ;
2008-09-08 22:25:24 -04:00
struct inode * inode ;
2015-04-16 01:55:00 -04:00
int err , len = strlen ( symname ) ;
2011-05-03 11:12:58 -04:00
int credits ;
2016-07-10 14:01:03 -04:00
struct fscrypt_str disk_link ;
2022-04-24 22:09:36 +08:00
int retries = 0 ;
2006-10-11 01:20:50 -07:00
2017-02-05 01:28:48 -05:00
if ( unlikely ( ext4_forced_shutdown ( EXT4_SB ( dir - > i_sb ) ) ) )
return - EIO ;
2018-01-11 22:10:40 -05:00
err = fscrypt_prepare_symlink ( dir , symname , len , dir - > i_sb - > s_blocksize ,
& disk_link ) ;
if ( err )
return err ;
2006-10-11 01:20:50 -07:00
2015-06-29 16:22:54 +02:00
err = dquot_initialize ( dir ) ;
if ( err )
2018-01-11 22:10:40 -05:00
return err ;
2010-03-03 09:05:06 -05:00
2022-04-24 22:09:36 +08:00
/*
* EXT4_INDEX_EXTRA_TRANS_BLOCKS for addition of entry into the
* directory . + 3 for inode , inode bitmap , group descriptor allocation .
* EXT4_DATA_TRANS_BLOCKS for the data block allocation and
* modification .
*/
credits = EXT4_DATA_TRANS_BLOCKS ( dir - > i_sb ) +
EXT4_INDEX_EXTRA_TRANS_BLOCKS + 3 ;
retry :
2023-01-13 12:49:25 +01:00
inode = ext4_new_inode_start_handle ( idmap , dir , S_IFLNK | S_IRWXUGO ,
2013-02-09 16:27:09 -05:00
& dentry - > d_name , 0 , NULL ,
EXT4_HT_DIR , credits ) ;
handle = ext4_journal_current_handle ( ) ;
2015-04-16 01:55:00 -04:00
if ( IS_ERR ( inode ) ) {
if ( handle )
ext4_journal_stop ( handle ) ;
2022-04-24 22:09:36 +08:00
err = PTR_ERR ( inode ) ;
goto out_retry ;
2015-04-16 01:55:00 -04:00
}
2018-01-11 22:10:40 -05:00
if ( IS_ENCRYPTED ( inode ) ) {
err = fscrypt_encrypt_symlink ( inode , symname , len , & disk_link ) ;
2016-09-15 17:25:55 -04:00
if ( err )
2015-04-16 01:55:00 -04:00
goto err_drop_inode ;
2015-04-27 17:51:30 -04:00
inode - > i_op = & ext4_encrypted_symlink_inode_operations ;
2022-04-24 22:09:36 +08:00
} else {
if ( ( disk_link . len > EXT4_N_BLOCKS * 4 ) ) {
inode - > i_op = & ext4_symlink_inode_operations ;
} else {
inode - > i_op = & ext4_fast_symlink_inode_operations ;
inode - > i_link = ( char * ) & EXT4_I ( inode ) - > i_data ;
}
2015-04-16 01:55:00 -04:00
}
2006-10-11 01:20:50 -07:00
2015-04-16 01:55:00 -04:00
if ( ( disk_link . len > EXT4_N_BLOCKS * 4 ) ) {
2022-04-24 22:09:36 +08:00
/* alloc symlink block and fill it */
err = ext4_init_symlink_block ( handle , inode , & disk_link ) ;
2015-04-16 01:55:00 -04:00
if ( err )
2011-05-03 11:12:58 -04:00
goto err_drop_inode ;
2006-10-11 01:20:50 -07:00
} else {
2008-04-29 08:11:12 -04:00
/* clear the extent format for fast symlink */
2010-05-16 22:00:00 -04:00
ext4_clear_inode_flag ( inode , EXT4_INODE_EXTENTS ) ;
2015-04-16 01:55:00 -04:00
memcpy ( ( char * ) & EXT4_I ( inode ) - > i_data , disk_link . name ,
disk_link . len ) ;
inode - > i_size = disk_link . len - 1 ;
2022-04-24 22:09:36 +08:00
EXT4_I ( inode ) - > i_disksize = inode - > i_size ;
2006-10-11 01:20:50 -07:00
}
2019-11-05 17:44:11 +01:00
err = ext4_add_nondir ( handle , dentry , & inode ) ;
2013-02-09 16:27:09 -05:00
if ( handle )
ext4_journal_stop ( handle ) ;
2022-04-11 03:23:37 +00:00
iput ( inode ) ;
2022-04-24 22:09:36 +08:00
goto out_retry ;
2018-01-11 22:10:40 -05:00
2011-05-03 11:12:58 -04:00
err_drop_inode :
2015-04-16 01:55:00 -04:00
clear_nlink ( inode ) ;
2022-04-24 22:09:36 +08:00
ext4_orphan_add ( handle , inode ) ;
2011-05-03 11:12:58 -04:00
unlock_new_inode ( inode ) ;
2022-04-24 22:09:36 +08:00
if ( handle )
ext4_journal_stop ( handle ) ;
2011-05-03 11:12:58 -04:00
iput ( inode ) ;
2022-04-24 22:09:36 +08:00
out_retry :
if ( err = = - ENOSPC & & ext4_should_retry_alloc ( dir - > i_sb , & retries ) )
goto retry ;
2018-01-11 22:10:40 -05:00
if ( disk_link . name ! = ( unsigned char * ) symname )
kfree ( disk_link . name ) ;
2011-05-03 11:12:58 -04:00
return err ;
2006-10-11 01:20:50 -07:00
}
2020-10-15 13:37:59 -07:00
int __ext4_link ( struct inode * dir , struct inode * inode , struct dentry * dentry )
2006-10-11 01:20:50 -07:00
{
handle_t * handle ;
int err , retries = 0 ;
retry :
2013-02-08 21:59:22 -05:00
handle = ext4_journal_start ( dir , EXT4_HT_DIR ,
( EXT4_DATA_TRANS_BLOCKS ( dir - > i_sb ) +
2013-06-29 13:23:08 +04:00
EXT4_INDEX_EXTRA_TRANS_BLOCKS ) + 1 ) ;
2006-10-11 01:20:50 -07:00
if ( IS_ERR ( handle ) )
return PTR_ERR ( handle ) ;
if ( IS_DIRSYNC ( dir ) )
2009-01-07 00:06:22 -05:00
ext4_handle_sync ( handle ) ;
2006-10-11 01:20:50 -07:00
2016-11-14 21:40:10 -05:00
inode - > i_ctime = current_time ( inode ) ;
2020-08-26 16:31:16 +03:00
ext4_inc_count ( inode ) ;
2010-10-23 11:11:40 -04:00
ihold ( inode ) ;
2006-10-11 01:20:50 -07:00
2008-12-30 02:03:31 -05:00
err = ext4_add_entry ( handle , dentry , inode ) ;
if ( ! err ) {
2020-04-26 18:34:37 -07:00
err = ext4_mark_inode_dirty ( handle , inode ) ;
2013-06-29 13:23:08 +04:00
/* this can happen only for tmpfile being
* linked the first time
*/
if ( inode - > i_nlink = = 1 )
ext4_orphan_del ( handle , inode ) ;
2008-12-30 02:03:31 -05:00
d_instantiate ( dentry , inode ) ;
2020-11-05 19:58:53 -08:00
ext4_fc_track_link ( handle , dentry ) ;
2008-12-30 02:03:31 -05:00
} else {
drop_nlink ( inode ) ;
iput ( inode ) ;
}
2006-10-11 01:20:53 -07:00
ext4_journal_stop ( handle ) ;
if ( err = = - ENOSPC & & ext4_should_retry_alloc ( dir - > i_sb , & retries ) )
2006-10-11 01:20:50 -07:00
goto retry ;
return err ;
}
2020-10-15 13:37:59 -07:00
static int ext4_link ( struct dentry * old_dentry ,
struct inode * dir , struct dentry * dentry )
{
struct inode * inode = d_inode ( old_dentry ) ;
int err ;
if ( inode - > i_nlink > = EXT4_LINK_MAX )
return - EMLINK ;
err = fscrypt_prepare_link ( old_dentry , dir , dentry ) ;
if ( err )
return err ;
if ( ( ext4_test_inode_flag ( dir , EXT4_INODE_PROJINHERIT ) ) & &
( ! projid_eq ( EXT4_I ( dir ) - > i_projid ,
EXT4_I ( old_dentry - > d_inode ) - > i_projid ) ) )
return - EXDEV ;
err = dquot_initialize ( dir ) ;
if ( err )
return err ;
return __ext4_link ( dir , inode , dentry ) ;
}
2012-12-10 14:06:01 -05:00
/*
* Try to find buffer head where contains the parent block .
* It should be the inode block if it is inlined or the 1 st block
* if it is a normal dir .
*/
static struct buffer_head * ext4_get_first_dir_block ( handle_t * handle ,
struct inode * inode ,
int * retval ,
struct ext4_dir_entry_2 * * parent_de ,
int * inlined )
{
struct buffer_head * bh ;
if ( ! ext4_has_inline_data ( inode ) ) {
2022-04-14 10:52:23 +08:00
struct ext4_dir_entry_2 * de ;
unsigned int offset ;
2019-06-20 21:19:02 -04:00
/* The first directory block must not be a hole, so
* treat it as DIRENT_HTREE
*/
bh = ext4_read_dirblock ( inode , 0 , DIRENT_HTREE ) ;
2013-02-14 23:59:26 -05:00
if ( IS_ERR ( bh ) ) {
* retval = PTR_ERR ( bh ) ;
2012-12-10 14:06:01 -05:00
return NULL ;
}
2022-04-14 10:52:23 +08:00
de = ( struct ext4_dir_entry_2 * ) bh - > b_data ;
if ( ext4_check_dir_entry ( inode , NULL , de , bh , bh - > b_data ,
bh - > b_size , 0 ) | |
le32_to_cpu ( de - > inode ) ! = inode - > i_ino | |
strcmp ( " . " , de - > name ) ) {
EXT4_ERROR_INODE ( inode , " directory missing '.' " ) ;
brelse ( bh ) ;
* retval = - EFSCORRUPTED ;
return NULL ;
}
offset = ext4_rec_len_from_disk ( de - > rec_len ,
inode - > i_sb - > s_blocksize ) ;
de = ext4_next_entry ( de , inode - > i_sb - > s_blocksize ) ;
if ( ext4_check_dir_entry ( inode , NULL , de , bh , bh - > b_data ,
bh - > b_size , offset ) | |
le32_to_cpu ( de - > inode ) = = 0 | | strcmp ( " .. " , de - > name ) ) {
EXT4_ERROR_INODE ( inode , " directory missing '..' " ) ;
brelse ( bh ) ;
* retval = - EFSCORRUPTED ;
return NULL ;
}
* parent_de = de ;
2012-12-10 14:06:01 -05:00
return bh ;
}
* inlined = 1 ;
return ext4_get_first_inline_block ( inode , parent_de , retval ) ;
}
2006-10-11 01:20:50 -07:00
2014-04-01 17:08:43 +02:00
struct ext4_renament {
struct inode * dir ;
struct dentry * dentry ;
struct inode * inode ;
2014-04-01 17:08:44 +02:00
bool is_dir ;
int dir_nlink_delta ;
2014-04-01 17:08:43 +02:00
/* entry for "dentry" */
struct buffer_head * bh ;
struct ext4_dir_entry_2 * de ;
int inlined ;
/* entry for ".." in inode if it's a directory */
struct buffer_head * dir_bh ;
struct ext4_dir_entry_2 * parent_de ;
int dir_inlined ;
} ;
2014-04-01 17:08:44 +02:00
static int ext4_rename_dir_prepare ( handle_t * handle , struct ext4_renament * ent )
{
int retval ;
ent - > dir_bh = ext4_get_first_dir_block ( handle , ent - > inode ,
& retval , & ent - > parent_de ,
& ent - > dir_inlined ) ;
if ( ! ent - > dir_bh )
return retval ;
if ( le32_to_cpu ( ent - > parent_de - > inode ) ! = ent - > dir - > i_ino )
2015-10-17 16:16:04 -04:00
return - EFSCORRUPTED ;
2014-04-01 17:08:44 +02:00
BUFFER_TRACE ( ent - > dir_bh , " get_write_access " ) ;
2021-08-16 11:57:04 +02:00
return ext4_journal_get_write_access ( handle , ent - > dir - > i_sb ,
ent - > dir_bh , EXT4_JTR_NONE ) ;
2014-04-01 17:08:44 +02:00
}
static int ext4_rename_dir_finish ( handle_t * handle , struct ext4_renament * ent ,
unsigned dir_ino )
{
int retval ;
ent - > parent_de - > inode = cpu_to_le32 ( dir_ino ) ;
BUFFER_TRACE ( ent - > dir_bh , " call ext4_handle_dirty_metadata " ) ;
if ( ! ent - > dir_inlined ) {
if ( is_dx ( ent - > inode ) ) {
retval = ext4_handle_dirty_dx_node ( handle ,
ent - > inode ,
ent - > dir_bh ) ;
} else {
2019-06-21 15:49:26 -04:00
retval = ext4_handle_dirty_dirblock ( handle , ent - > inode ,
ent - > dir_bh ) ;
2014-04-01 17:08:44 +02:00
}
} else {
retval = ext4_mark_inode_dirty ( handle , ent - > inode ) ;
}
if ( retval ) {
ext4_std_error ( ent - > dir - > i_sb , retval ) ;
return retval ;
}
return 0 ;
}
static int ext4_setent ( handle_t * handle , struct ext4_renament * ent ,
unsigned ino , unsigned file_type )
{
2020-04-26 18:34:37 -07:00
int retval , retval2 ;
2014-04-01 17:08:44 +02:00
BUFFER_TRACE ( ent - > bh , " get write access " ) ;
2021-08-16 11:57:04 +02:00
retval = ext4_journal_get_write_access ( handle , ent - > dir - > i_sb , ent - > bh ,
EXT4_JTR_NONE ) ;
2014-04-01 17:08:44 +02:00
if ( retval )
return retval ;
ent - > de - > inode = cpu_to_le32 ( ino ) ;
2015-10-17 16:18:43 -04:00
if ( ext4_has_feature_filetype ( ent - > dir - > i_sb ) )
2014-04-01 17:08:44 +02:00
ent - > de - > file_type = file_type ;
2018-01-09 08:21:39 -05:00
inode_inc_iversion ( ent - > dir ) ;
2014-04-01 17:08:44 +02:00
ent - > dir - > i_ctime = ent - > dir - > i_mtime =
2016-11-14 21:40:10 -05:00
current_time ( ent - > dir ) ;
2020-04-26 18:34:37 -07:00
retval = ext4_mark_inode_dirty ( handle , ent - > dir ) ;
2014-04-01 17:08:44 +02:00
BUFFER_TRACE ( ent - > bh , " call ext4_handle_dirty_metadata " ) ;
if ( ! ent - > inlined ) {
2020-04-26 18:34:37 -07:00
retval2 = ext4_handle_dirty_dirblock ( handle , ent - > dir , ent - > bh ) ;
if ( unlikely ( retval2 ) ) {
ext4_std_error ( ent - > dir - > i_sb , retval2 ) ;
return retval2 ;
2014-04-01 17:08:44 +02:00
}
}
2020-04-26 18:34:37 -07:00
return retval ;
2014-04-01 17:08:44 +02:00
}
2021-03-03 21:17:02 +08:00
static void ext4_resetent ( handle_t * handle , struct ext4_renament * ent ,
unsigned ino , unsigned file_type )
{
struct ext4_renament old = * ent ;
int retval = 0 ;
/*
* old - > de could have moved from under us during make indexed dir ,
* so the old - > de may no longer valid and need to find it again
* before reset old inode info .
*/
ext4: fix RENAME_WHITEOUT handling for inline directories
A significant number of xfstests can cause ext4 to log one or more
warning messages when they are run on a test file system where the
inline_data feature has been enabled. An example:
"EXT4-fs warning (device vdc): ext4_dirblock_csum_set:425: inode
#16385: comm fsstress: No space for directory leaf checksum. Please
run e2fsck -D."
The xfstests include: ext4/057, 058, and 307; generic/013, 051, 068,
070, 076, 078, 083, 232, 269, 270, 390, 461, 475, 476, 482, 579, 585,
589, 626, 631, and 650.
In this situation, the warning message indicates a bug in the code that
performs the RENAME_WHITEOUT operation on a directory entry that has
been stored inline. It doesn't detect that the directory is stored
inline, and incorrectly attempts to compute a dirent block checksum on
the whiteout inode when creating it. This attempt fails as a result
of the integrity checking in get_dirent_tail (usually due to a failure
to match the EXT4_FT_DIR_CSUM magic cookie), and the warning message
is then emitted.
Fix this by simply collecting the inlined data state at the time the
search for the source directory entry is performed. Existing code
handles the rest, and this is sufficient to eliminate all spurious
warning messages produced by the tests above. Go one step further
and do the same in the code that resets the source directory entry in
the event of failure. The inlined state should be present in the
"old" struct, but given the possibility of a race there's no harm
in taking a conservative approach and getting that information again
since the directory entry is being reread anyway.
Fixes: b7ff91fd030d ("ext4: find old entry again if failed to rename whiteout")
Cc: stable@kernel.org
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230210173244.679890-1-enwlinux@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2023-02-10 12:32:44 -05:00
old . bh = ext4_find_entry ( old . dir , & old . dentry - > d_name , & old . de ,
& old . inlined ) ;
2021-03-03 21:17:02 +08:00
if ( IS_ERR ( old . bh ) )
retval = PTR_ERR ( old . bh ) ;
if ( ! old . bh )
retval = - ENOENT ;
if ( retval ) {
ext4_std_error ( old . dir - > i_sb , retval ) ;
return ;
}
ext4_setent ( handle , & old , ino , file_type ) ;
brelse ( old . bh ) ;
}
2014-04-01 17:08:44 +02:00
static int ext4_find_delete_entry ( handle_t * handle , struct inode * dir ,
const struct qstr * d_name )
{
int retval = - ENOENT ;
struct buffer_head * bh ;
struct ext4_dir_entry_2 * de ;
bh = ext4_find_entry ( dir , d_name , & de , NULL ) ;
2014-08-23 17:47:19 -04:00
if ( IS_ERR ( bh ) )
return PTR_ERR ( bh ) ;
2014-04-01 17:08:44 +02:00
if ( bh ) {
retval = ext4_delete_entry ( handle , dir , de , bh ) ;
brelse ( bh ) ;
}
return retval ;
}
2014-08-27 18:40:09 -04:00
static void ext4_rename_delete ( handle_t * handle , struct ext4_renament * ent ,
int force_reread )
2014-04-01 17:08:44 +02:00
{
int retval ;
/*
* ent - > de could have moved from under us during htree split , so make
* sure that we are deleting the right entry . We might also be pointing
* to a stale entry in the unused part of ent - > bh so just checking inum
* and the name isn ' t enough .
*/
if ( le32_to_cpu ( ent - > de - > inode ) ! = ent - > inode - > i_ino | |
ent - > de - > name_len ! = ent - > dentry - > d_name . len | |
strncmp ( ent - > de - > name , ent - > dentry - > d_name . name ,
2014-08-27 18:40:09 -04:00
ent - > de - > name_len ) | |
force_reread ) {
2014-04-01 17:08:44 +02:00
retval = ext4_find_delete_entry ( handle , ent - > dir ,
& ent - > dentry - > d_name ) ;
} else {
retval = ext4_delete_entry ( handle , ent - > dir , ent - > de , ent - > bh ) ;
if ( retval = = - ENOENT ) {
retval = ext4_find_delete_entry ( handle , ent - > dir ,
& ent - > dentry - > d_name ) ;
}
}
if ( retval ) {
2015-06-15 14:50:26 -04:00
ext4_warning_inode ( ent - > dir ,
" Deleting old file: nlink %d, error=%d " ,
ent - > dir - > i_nlink , retval ) ;
2014-04-01 17:08:44 +02:00
}
}
2014-04-01 17:08:44 +02:00
static void ext4_update_dir_count ( handle_t * handle , struct ext4_renament * ent )
{
if ( ent - > dir_nlink_delta ) {
if ( ent - > dir_nlink_delta = = - 1 )
2020-08-26 16:31:16 +03:00
ext4_dec_count ( ent - > dir ) ;
2014-04-01 17:08:44 +02:00
else
2020-08-26 16:31:16 +03:00
ext4_inc_count ( ent - > dir ) ;
2014-04-01 17:08:44 +02:00
ext4_mark_inode_dirty ( handle , ent - > dir ) ;
}
}
2023-01-13 12:49:25 +01:00
static struct inode * ext4_whiteout_for_rename ( struct mnt_idmap * idmap ,
2021-01-21 14:19:57 +01:00
struct ext4_renament * ent ,
2014-10-24 00:14:37 +02:00
int credits , handle_t * * h )
{
struct inode * wh ;
handle_t * handle ;
int retries = 0 ;
/*
* for inode block , sb block , group summaries ,
* and inode bitmap
*/
credits + = ( EXT4_MAXQUOTAS_TRANS_BLOCKS ( ent - > dir - > i_sb ) +
EXT4_XATTR_TRANS_BLOCKS + 4 ) ;
retry :
2023-01-13 12:49:25 +01:00
wh = ext4_new_inode_start_handle ( idmap , ent - > dir ,
2021-01-21 14:19:57 +01:00
S_IFCHR | WHITEOUT_MODE ,
2014-10-24 00:14:37 +02:00
& ent - > dentry - > d_name , 0 , NULL ,
EXT4_HT_DIR , credits ) ;
handle = ext4_journal_current_handle ( ) ;
if ( IS_ERR ( wh ) ) {
if ( handle )
ext4_journal_stop ( handle ) ;
if ( PTR_ERR ( wh ) = = - ENOSPC & &
ext4_should_retry_alloc ( ent - > dir - > i_sb , & retries ) )
goto retry ;
} else {
* h = handle ;
init_special_inode ( wh , wh - > i_mode , WHITEOUT_DEV ) ;
wh - > i_op = & ext4_special_inode_operations ;
}
return wh ;
}
2006-10-11 01:20:50 -07:00
/*
* Anybody can rename anything with this : the permission checks are left to the
* higher - level routines .
2013-08-16 22:06:53 -04:00
*
* n . b . old_ { dentry , inode ) refers to the source dentry / inode
* while new_ { dentry , inode ) refers to the destination dentry / inode
* This comes from rename ( const char * oldpath , const char * newpath )
2006-10-11 01:20:50 -07:00
*/
2023-01-13 12:49:25 +01:00
static int ext4_rename ( struct mnt_idmap * idmap , struct inode * old_dir ,
2021-01-21 14:19:57 +01:00
struct dentry * old_dentry , struct inode * new_dir ,
struct dentry * new_dentry , unsigned int flags )
2006-10-11 01:20:50 -07:00
{
2013-08-16 22:06:14 -04:00
handle_t * handle = NULL ;
2014-04-01 17:08:43 +02:00
struct ext4_renament old = {
. dir = old_dir ,
. dentry = old_dentry ,
2015-03-17 22:25:59 +00:00
. inode = d_inode ( old_dentry ) ,
2014-04-01 17:08:43 +02:00
} ;
struct ext4_renament new = {
. dir = new_dir ,
. dentry = new_dentry ,
2015-03-17 22:25:59 +00:00
. inode = d_inode ( new_dentry ) ,
2014-04-01 17:08:43 +02:00
} ;
2014-08-27 18:40:09 -04:00
int force_reread ;
2013-08-16 22:06:53 -04:00
int retval ;
2014-10-24 00:14:37 +02:00
struct inode * whiteout = NULL ;
int credits ;
u8 old_file_type ;
2010-03-03 09:05:06 -05:00
2018-08-27 01:47:09 -04:00
if ( new . inode & & new . inode - > i_nlink = = 0 ) {
EXT4_ERROR_INODE ( new . inode ,
" target of rename is already freed " ) ;
return - EFSCORRUPTED ;
}
2016-01-08 16:01:21 -05:00
if ( ( ext4_test_inode_flag ( new_dir , EXT4_INODE_PROJINHERIT ) ) & &
( ! projid_eq ( EXT4_I ( new_dir ) - > i_projid ,
EXT4_I ( old_dentry - > d_inode ) - > i_projid ) ) )
return - EXDEV ;
2015-06-29 16:22:54 +02:00
retval = dquot_initialize ( old . dir ) ;
2022-11-07 09:53:35 +08:00
if ( retval )
return retval ;
retval = dquot_initialize ( old . inode ) ;
2015-06-29 16:22:54 +02:00
if ( retval )
return retval ;
retval = dquot_initialize ( new . dir ) ;
if ( retval )
return retval ;
2006-10-11 01:20:50 -07:00
/* Initialize quotas before so that eventual writes go
* in separate transaction */
2015-06-29 16:22:54 +02:00
if ( new . inode ) {
retval = dquot_initialize ( new . inode ) ;
if ( retval )
return retval ;
}
2006-10-11 01:20:50 -07:00
2023-03-01 15:10:04 +01:00
/*
* We need to protect against old . inode directory getting converted
* from inline directory format into a normal one .
*/
if ( S_ISDIR ( old . inode - > i_mode ) )
inode_lock_nested ( old . inode , I_MUTEX_NONDIR2 ) ;
ext4: fix RENAME_WHITEOUT handling for inline directories
A significant number of xfstests can cause ext4 to log one or more
warning messages when they are run on a test file system where the
inline_data feature has been enabled. An example:
"EXT4-fs warning (device vdc): ext4_dirblock_csum_set:425: inode
#16385: comm fsstress: No space for directory leaf checksum. Please
run e2fsck -D."
The xfstests include: ext4/057, 058, and 307; generic/013, 051, 068,
070, 076, 078, 083, 232, 269, 270, 390, 461, 475, 476, 482, 579, 585,
589, 626, 631, and 650.
In this situation, the warning message indicates a bug in the code that
performs the RENAME_WHITEOUT operation on a directory entry that has
been stored inline. It doesn't detect that the directory is stored
inline, and incorrectly attempts to compute a dirent block checksum on
the whiteout inode when creating it. This attempt fails as a result
of the integrity checking in get_dirent_tail (usually due to a failure
to match the EXT4_FT_DIR_CSUM magic cookie), and the warning message
is then emitted.
Fix this by simply collecting the inlined data state at the time the
search for the source directory entry is performed. Existing code
handles the rest, and this is sufficient to eliminate all spurious
warning messages produced by the tests above. Go one step further
and do the same in the code that resets the source directory entry in
the event of failure. The inlined state should be present in the
"old" struct, but given the possibility of a race there's no harm
in taking a conservative approach and getting that information again
since the directory entry is being reread anyway.
Fixes: b7ff91fd030d ("ext4: find old entry again if failed to rename whiteout")
Cc: stable@kernel.org
Signed-off-by: Eric Whitney <enwlinux@gmail.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20230210173244.679890-1-enwlinux@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2023-02-10 12:32:44 -05:00
old . bh = ext4_find_entry ( old . dir , & old . dentry - > d_name , & old . de ,
& old . inlined ) ;
2023-03-01 15:10:04 +01:00
if ( IS_ERR ( old . bh ) ) {
retval = PTR_ERR ( old . bh ) ;
goto unlock_moved_dir ;
}
2006-10-11 01:20:50 -07:00
/*
* Check for inode number is _not_ due to possible IO errors .
* We might rmdir the source , keep it as pwd of some process
* and merrily kill the link to whatever was created under the
* same name . Goodbye sticky bit ; - <
*/
retval = - ENOENT ;
2014-04-01 17:08:43 +02:00
if ( ! old . bh | | le32_to_cpu ( old . de - > inode ) ! = old . inode - > i_ino )
2021-03-03 21:17:03 +08:00
goto release_bh ;
2006-10-11 01:20:50 -07:00
2014-04-01 17:08:43 +02:00
new . bh = ext4_find_entry ( new . dir , & new . dentry - > d_name ,
& new . de , & new . inlined ) ;
2014-08-23 17:47:19 -04:00
if ( IS_ERR ( new . bh ) ) {
retval = PTR_ERR ( new . bh ) ;
2014-09-03 09:33:00 -04:00
new . bh = NULL ;
2021-03-03 21:17:03 +08:00
goto release_bh ;
2014-08-23 17:47:19 -04:00
}
2014-04-01 17:08:43 +02:00
if ( new . bh ) {
if ( ! new . inode ) {
brelse ( new . bh ) ;
new . bh = NULL ;
2006-10-11 01:20:50 -07:00
}
}
2014-04-01 17:08:43 +02:00
if ( new . inode & & ! test_opt ( new . dir - > i_sb , NO_AUTO_DA_ALLOC ) )
ext4_alloc_da_blocks ( old . inode ) ;
2013-08-16 22:06:14 -04:00
2014-10-24 00:14:37 +02:00
credits = ( 2 * EXT4_DATA_TRANS_BLOCKS ( old . dir - > i_sb ) +
EXT4_INDEX_EXTRA_TRANS_BLOCKS + 2 ) ;
if ( ! ( flags & RENAME_WHITEOUT ) ) {
handle = ext4_journal_start ( old . dir , EXT4_HT_DIR , credits ) ;
2015-04-02 16:32:15 -04:00
if ( IS_ERR ( handle ) ) {
retval = PTR_ERR ( handle ) ;
2021-03-03 21:17:03 +08:00
goto release_bh ;
2015-04-02 16:32:15 -04:00
}
2014-10-24 00:14:37 +02:00
} else {
2023-01-13 12:49:25 +01:00
whiteout = ext4_whiteout_for_rename ( idmap , & old , credits , & handle ) ;
2015-04-02 16:32:15 -04:00
if ( IS_ERR ( whiteout ) ) {
retval = PTR_ERR ( whiteout ) ;
2021-03-03 21:17:03 +08:00
goto release_bh ;
2015-04-02 16:32:15 -04:00
}
2014-10-24 00:14:37 +02:00
}
2013-08-16 22:06:14 -04:00
2021-01-05 14:28:57 +08:00
old_file_type = old . de - > file_type ;
2014-04-01 17:08:43 +02:00
if ( IS_DIRSYNC ( old . dir ) | | IS_DIRSYNC ( new . dir ) )
2013-08-16 22:06:14 -04:00
ext4_handle_sync ( handle ) ;
2014-04-01 17:08:43 +02:00
if ( S_ISDIR ( old . inode - > i_mode ) ) {
if ( new . inode ) {
2006-10-11 01:20:50 -07:00
retval = - ENOTEMPTY ;
2015-04-11 07:46:49 -04:00
if ( ! ext4_empty_dir ( new . inode ) )
2006-10-11 01:20:50 -07:00
goto end_rename ;
2014-04-01 17:08:44 +02:00
} else {
retval = - EMLINK ;
if ( new . dir ! = old . dir & & EXT4_DIR_LINK_MAX ( new . dir ) )
goto end_rename ;
2006-10-11 01:20:50 -07:00
}
2014-04-01 17:08:44 +02:00
retval = ext4_rename_dir_prepare ( handle , & old ) ;
2023-03-17 21:53:52 -04:00
if ( retval )
2011-03-20 21:18:44 -04:00
goto end_rename ;
2006-10-11 01:20:50 -07:00
}
2014-08-27 18:40:09 -04:00
/*
* If we ' re renaming a file within an inline_data dir and adding or
* setting the new dirent causes a conversion from inline_data to
* extents / blockmap , we need to force the dirent delete code to
* re - read the directory , or else we end up trying to delete a dirent
* from what is now the extent tree root ( or a block map ) .
*/
force_reread = ( new . dir - > i_ino = = old . dir - > i_ino & &
ext4_test_inode_flag ( new . dir , EXT4_INODE_INLINE_DATA ) ) ;
2014-10-24 00:14:37 +02:00
if ( whiteout ) {
/*
* Do this before adding a new entry , so the old entry is sure
* to be still pointing to the valid old entry .
*/
retval = ext4_setent ( handle , & old , whiteout - > i_ino ,
EXT4_FT_CHRDEV ) ;
if ( retval )
goto end_rename ;
2020-04-26 18:34:37 -07:00
retval = ext4_mark_inode_dirty ( handle , whiteout ) ;
if ( unlikely ( retval ) )
goto end_rename ;
ext4: fix rename whiteout with fast commit
This patch adds rename whiteout support in fast commits. Note that the
whiteout object that gets created is actually char device. Which
imples, the function ext4_inode_journal_mode(struct inode *inode)
would return "JOURNAL_DATA" for this inode. This has a consequence in
fast commit code that it will make creation of the whiteout object a
fast-commit ineligible behavior and thus will fall back to full
commits. With this patch, this can be observed by running fast commits
with rename whiteout and seeing the stats generated by ext4_fc_stats
tracepoint as follows:
ext4_fc_stats: dev 254:32 fc ineligible reasons:
XATTR:0, CROSS_RENAME:0, JOURNAL_FLAG_CHANGE:0, NO_MEM:0, SWAP_BOOT:0,
RESIZE:0, RENAME_DIR:0, FALLOC_RANGE:0, INODE_JOURNAL_DATA:16;
num_commits:6, ineligible: 6, numblks: 3
So in short, this patch guarantees that in case of rename whiteout, we
fall back to full commits.
Amir mentioned that instead of creating a new whiteout object for
every rename, we can create a static whiteout object with irrelevant
nlink. That will make fast commits to not fall back to full
commit. But until this happens, this patch will ensure correctness by
falling back to full commits.
Fixes: 8016e29f4362 ("ext4: fast commit recovery path")
Cc: stable@kernel.org
Signed-off-by: Harshad Shirwadkar <harshadshirwadkar@gmail.com>
Link: https://lore.kernel.org/r/20210316221921.1124955-1-harshadshirwadkar@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2021-03-16 15:19:21 -07:00
2014-10-24 00:14:37 +02:00
}
2014-04-01 17:08:43 +02:00
if ( ! new . bh ) {
retval = ext4_add_entry ( handle , new . dentry , old . inode ) ;
2006-10-11 01:20:50 -07:00
if ( retval )
goto end_rename ;
} else {
2014-04-01 17:08:44 +02:00
retval = ext4_setent ( handle , & new ,
2014-10-24 00:14:37 +02:00
old . inode - > i_ino , old_file_type ) ;
2011-03-20 21:18:44 -04:00
if ( retval )
goto end_rename ;
2006-10-11 01:20:50 -07:00
}
2014-08-27 18:40:09 -04:00
if ( force_reread )
force_reread = ! ext4_test_inode_flag ( new . dir ,
EXT4_INODE_INLINE_DATA ) ;
2006-10-11 01:20:50 -07:00
/*
* Like most other Unix systems , set the ctime for inodes on a
* rename .
*/
2016-11-14 21:40:10 -05:00
old . inode - > i_ctime = current_time ( old . inode ) ;
2020-04-26 18:34:37 -07:00
retval = ext4_mark_inode_dirty ( handle , old . inode ) ;
if ( unlikely ( retval ) )
goto end_rename ;
2006-10-11 01:20:50 -07:00
2014-10-24 00:14:37 +02:00
if ( ! whiteout ) {
/*
* ok , that ' s it
*/
ext4_rename_delete ( handle , & old , force_reread ) ;
}
2006-10-11 01:20:50 -07:00
2014-04-01 17:08:43 +02:00
if ( new . inode ) {
2020-08-26 16:31:16 +03:00
ext4_dec_count ( new . inode ) ;
2016-11-14 21:40:10 -05:00
new . inode - > i_ctime = current_time ( new . inode ) ;
2006-10-11 01:20:50 -07:00
}
2016-11-14 21:40:10 -05:00
old . dir - > i_ctime = old . dir - > i_mtime = current_time ( old . dir ) ;
2014-04-01 17:08:43 +02:00
ext4_update_dx_flag ( old . dir ) ;
if ( old . dir_bh ) {
2014-04-01 17:08:44 +02:00
retval = ext4_rename_dir_finish ( handle , & old , new . dir - > i_ino ) ;
if ( retval )
2011-01-10 12:46:59 -05:00
goto end_rename ;
2014-04-01 17:08:44 +02:00
2020-08-26 16:31:16 +03:00
ext4_dec_count ( old . dir ) ;
2014-04-01 17:08:43 +02:00
if ( new . inode ) {
2015-04-11 07:46:49 -04:00
/* checked ext4_empty_dir above, can't have another
* parent , ext4_dec_count ( ) won ' t work for many - linked
* dirs */
2014-04-01 17:08:43 +02:00
clear_nlink ( new . inode ) ;
2006-10-11 01:20:50 -07:00
} else {
2020-08-26 16:31:16 +03:00
ext4_inc_count ( new . dir ) ;
2014-04-01 17:08:43 +02:00
ext4_update_dx_flag ( new . dir ) ;
2020-04-26 18:34:37 -07:00
retval = ext4_mark_inode_dirty ( handle , new . dir ) ;
if ( unlikely ( retval ) )
goto end_rename ;
2006-10-11 01:20:50 -07:00
}
}
2020-04-26 18:34:37 -07:00
retval = ext4_mark_inode_dirty ( handle , old . dir ) ;
if ( unlikely ( retval ) )
goto end_rename ;
2020-10-15 13:37:57 -07:00
if ( S_ISDIR ( old . inode - > i_mode ) ) {
/*
* We disable fast commits here that ' s because the
* replay code is not yet capable of changing dot dot
* dirents in directories .
*/
ext4_fc_mark_ineligible ( old . inode - > i_sb ,
2022-01-17 17:36:54 +08:00
EXT4_FC_REASON_RENAME_DIR , handle ) ;
2020-10-15 13:37:57 -07:00
} else {
2022-03-12 11:09:50 +05:30
struct super_block * sb = old . inode - > i_sb ;
2020-10-15 13:37:57 -07:00
if ( new . inode )
2020-11-05 19:58:53 -08:00
ext4_fc_track_unlink ( handle , new . dentry ) ;
2022-03-12 11:09:50 +05:30
if ( test_opt2 ( sb , JOURNAL_FAST_COMMIT ) & &
! ( EXT4_SB ( sb ) - > s_mount_state & EXT4_FC_REPLAY ) & &
! ( ext4_test_mount_flag ( sb , EXT4_MF_FC_INELIGIBLE ) ) ) {
__ext4_fc_track_link ( handle , old . inode , new . dentry ) ;
__ext4_fc_track_unlink ( handle , old . inode , old . dentry ) ;
if ( whiteout )
__ext4_fc_track_create ( handle , whiteout ,
old . dentry ) ;
}
2020-10-15 13:37:57 -07:00
}
2014-04-01 17:08:43 +02:00
if ( new . inode ) {
2020-04-26 18:34:37 -07:00
retval = ext4_mark_inode_dirty ( handle , new . inode ) ;
if ( unlikely ( retval ) )
goto end_rename ;
2014-04-01 17:08:43 +02:00
if ( ! new . inode - > i_nlink )
ext4_orphan_add ( handle , new . inode ) ;
2006-10-11 01:20:50 -07:00
}
retval = 0 ;
end_rename :
2014-10-24 00:14:37 +02:00
if ( whiteout ) {
2021-01-05 14:28:57 +08:00
if ( retval ) {
2021-03-03 21:17:02 +08:00
ext4_resetent ( handle , & old ,
old . inode - > i_ino , old_file_type ) ;
2014-10-24 00:14:37 +02:00
drop_nlink ( whiteout ) ;
2021-03-03 21:17:03 +08:00
ext4_orphan_add ( handle , whiteout ) ;
2021-01-05 14:28:57 +08:00
}
2014-10-24 00:14:37 +02:00
unlock_new_inode ( whiteout ) ;
2021-03-03 21:17:03 +08:00
ext4_journal_stop ( handle ) ;
2014-10-24 00:14:37 +02:00
iput ( whiteout ) ;
2021-03-03 21:17:03 +08:00
} else {
ext4_journal_stop ( handle ) ;
2014-10-24 00:14:37 +02:00
}
2021-03-03 21:17:03 +08:00
release_bh :
2021-01-05 14:28:57 +08:00
brelse ( old . dir_bh ) ;
brelse ( old . bh ) ;
brelse ( new . bh ) ;
2023-03-01 15:10:04 +01:00
unlock_moved_dir :
if ( S_ISDIR ( old . inode - > i_mode ) )
inode_unlock ( old . inode ) ;
2006-10-11 01:20:50 -07:00
return retval ;
}
2014-04-01 17:08:44 +02:00
static int ext4_cross_rename ( struct inode * old_dir , struct dentry * old_dentry ,
struct inode * new_dir , struct dentry * new_dentry )
{
handle_t * handle = NULL ;
struct ext4_renament old = {
. dir = old_dir ,
. dentry = old_dentry ,
2015-03-17 22:25:59 +00:00
. inode = d_inode ( old_dentry ) ,
2014-04-01 17:08:44 +02:00
} ;
struct ext4_renament new = {
. dir = new_dir ,
. dentry = new_dentry ,
2015-03-17 22:25:59 +00:00
. inode = d_inode ( new_dentry ) ,
2014-04-01 17:08:44 +02:00
} ;
u8 new_file_type ;
int retval ;
vfs: change inode times to use struct timespec64
struct timespec is not y2038 safe. Transition vfs to use
y2038 safe struct timespec64 instead.
The change was made with the help of the following cocinelle
script. This catches about 80% of the changes.
All the header file and logic changes are included in the
first 5 rules. The rest are trivial substitutions.
I avoid changing any of the function signatures or any other
filesystem specific data structures to keep the patch simple
for review.
The script can be a little shorter by combining different cases.
But, this version was sufficient for my usecase.
virtual patch
@ depends on patch @
identifier now;
@@
- struct timespec
+ struct timespec64
current_time ( ... )
{
- struct timespec now = current_kernel_time();
+ struct timespec64 now = current_kernel_time64();
...
- return timespec_trunc(
+ return timespec64_trunc(
... );
}
@ depends on patch @
identifier xtime;
@@
struct \( iattr \| inode \| kstat \) {
...
- struct timespec xtime;
+ struct timespec64 xtime;
...
}
@ depends on patch @
identifier t;
@@
struct inode_operations {
...
int (*update_time) (...,
- struct timespec t,
+ struct timespec64 t,
...);
...
}
@ depends on patch @
identifier t;
identifier fn_update_time =~ "update_time$";
@@
fn_update_time (...,
- struct timespec *t,
+ struct timespec64 *t,
...) { ... }
@ depends on patch @
identifier t;
@@
lease_get_mtime( ... ,
- struct timespec *t
+ struct timespec64 *t
) { ... }
@te depends on patch forall@
identifier ts;
local idexpression struct inode *inode_node;
identifier i_xtime =~ "^i_[acm]time$";
identifier ia_xtime =~ "^ia_[acm]time$";
identifier fn_update_time =~ "update_time$";
identifier fn;
expression e, E3;
local idexpression struct inode *node1;
local idexpression struct inode *node2;
local idexpression struct iattr *attr1;
local idexpression struct iattr *attr2;
local idexpression struct iattr attr;
identifier i_xtime1 =~ "^i_[acm]time$";
identifier i_xtime2 =~ "^i_[acm]time$";
identifier ia_xtime1 =~ "^ia_[acm]time$";
identifier ia_xtime2 =~ "^ia_[acm]time$";
@@
(
(
- struct timespec ts;
+ struct timespec64 ts;
|
- struct timespec ts = current_time(inode_node);
+ struct timespec64 ts = current_time(inode_node);
)
<+... when != ts
(
- timespec_equal(&inode_node->i_xtime, &ts)
+ timespec64_equal(&inode_node->i_xtime, &ts)
|
- timespec_equal(&ts, &inode_node->i_xtime)
+ timespec64_equal(&ts, &inode_node->i_xtime)
|
- timespec_compare(&inode_node->i_xtime, &ts)
+ timespec64_compare(&inode_node->i_xtime, &ts)
|
- timespec_compare(&ts, &inode_node->i_xtime)
+ timespec64_compare(&ts, &inode_node->i_xtime)
|
ts = current_time(e)
|
fn_update_time(..., &ts,...)
|
inode_node->i_xtime = ts
|
node1->i_xtime = ts
|
ts = inode_node->i_xtime
|
<+... attr1->ia_xtime ...+> = ts
|
ts = attr1->ia_xtime
|
ts.tv_sec
|
ts.tv_nsec
|
btrfs_set_stack_timespec_sec(..., ts.tv_sec)
|
btrfs_set_stack_timespec_nsec(..., ts.tv_nsec)
|
- ts = timespec64_to_timespec(
+ ts =
...
-)
|
- ts = ktime_to_timespec(
+ ts = ktime_to_timespec64(
...)
|
- ts = E3
+ ts = timespec_to_timespec64(E3)
|
- ktime_get_real_ts(&ts)
+ ktime_get_real_ts64(&ts)
|
fn(...,
- ts
+ timespec64_to_timespec(ts)
,...)
)
...+>
(
<... when != ts
- return ts;
+ return timespec64_to_timespec(ts);
...>
)
|
- timespec_equal(&node1->i_xtime1, &node2->i_xtime2)
+ timespec64_equal(&node1->i_xtime2, &node2->i_xtime2)
|
- timespec_equal(&node1->i_xtime1, &attr2->ia_xtime2)
+ timespec64_equal(&node1->i_xtime2, &attr2->ia_xtime2)
|
- timespec_compare(&node1->i_xtime1, &node2->i_xtime2)
+ timespec64_compare(&node1->i_xtime1, &node2->i_xtime2)
|
node1->i_xtime1 =
- timespec_trunc(attr1->ia_xtime1,
+ timespec64_trunc(attr1->ia_xtime1,
...)
|
- attr1->ia_xtime1 = timespec_trunc(attr2->ia_xtime2,
+ attr1->ia_xtime1 = timespec64_trunc(attr2->ia_xtime2,
...)
|
- ktime_get_real_ts(&attr1->ia_xtime1)
+ ktime_get_real_ts64(&attr1->ia_xtime1)
|
- ktime_get_real_ts(&attr.ia_xtime1)
+ ktime_get_real_ts64(&attr.ia_xtime1)
)
@ depends on patch @
struct inode *node;
struct iattr *attr;
identifier fn;
identifier i_xtime =~ "^i_[acm]time$";
identifier ia_xtime =~ "^ia_[acm]time$";
expression e;
@@
(
- fn(node->i_xtime);
+ fn(timespec64_to_timespec(node->i_xtime));
|
fn(...,
- node->i_xtime);
+ timespec64_to_timespec(node->i_xtime));
|
- e = fn(attr->ia_xtime);
+ e = fn(timespec64_to_timespec(attr->ia_xtime));
)
@ depends on patch forall @
struct inode *node;
struct iattr *attr;
identifier i_xtime =~ "^i_[acm]time$";
identifier ia_xtime =~ "^ia_[acm]time$";
identifier fn;
@@
{
+ struct timespec ts;
<+...
(
+ ts = timespec64_to_timespec(node->i_xtime);
fn (...,
- &node->i_xtime,
+ &ts,
...);
|
+ ts = timespec64_to_timespec(attr->ia_xtime);
fn (...,
- &attr->ia_xtime,
+ &ts,
...);
)
...+>
}
@ depends on patch forall @
struct inode *node;
struct iattr *attr;
struct kstat *stat;
identifier ia_xtime =~ "^ia_[acm]time$";
identifier i_xtime =~ "^i_[acm]time$";
identifier xtime =~ "^[acm]time$";
identifier fn, ret;
@@
{
+ struct timespec ts;
<+...
(
+ ts = timespec64_to_timespec(node->i_xtime);
ret = fn (...,
- &node->i_xtime,
+ &ts,
...);
|
+ ts = timespec64_to_timespec(node->i_xtime);
ret = fn (...,
- &node->i_xtime);
+ &ts);
|
+ ts = timespec64_to_timespec(attr->ia_xtime);
ret = fn (...,
- &attr->ia_xtime,
+ &ts,
...);
|
+ ts = timespec64_to_timespec(attr->ia_xtime);
ret = fn (...,
- &attr->ia_xtime);
+ &ts);
|
+ ts = timespec64_to_timespec(stat->xtime);
ret = fn (...,
- &stat->xtime);
+ &ts);
)
...+>
}
@ depends on patch @
struct inode *node;
struct inode *node2;
identifier i_xtime1 =~ "^i_[acm]time$";
identifier i_xtime2 =~ "^i_[acm]time$";
identifier i_xtime3 =~ "^i_[acm]time$";
struct iattr *attrp;
struct iattr *attrp2;
struct iattr attr ;
identifier ia_xtime1 =~ "^ia_[acm]time$";
identifier ia_xtime2 =~ "^ia_[acm]time$";
struct kstat *stat;
struct kstat stat1;
struct timespec64 ts;
identifier xtime =~ "^[acmb]time$";
expression e;
@@
(
( node->i_xtime2 \| attrp->ia_xtime2 \| attr.ia_xtime2 \) = node->i_xtime1 ;
|
node->i_xtime2 = \( node2->i_xtime1 \| timespec64_trunc(...) \);
|
node->i_xtime2 = node->i_xtime1 = node->i_xtime3 = \(ts \| current_time(...) \);
|
node->i_xtime1 = node->i_xtime3 = \(ts \| current_time(...) \);
|
stat->xtime = node2->i_xtime1;
|
stat1.xtime = node2->i_xtime1;
|
( node->i_xtime2 \| attrp->ia_xtime2 \) = attrp->ia_xtime1 ;
|
( attrp->ia_xtime1 \| attr.ia_xtime1 \) = attrp2->ia_xtime2;
|
- e = node->i_xtime1;
+ e = timespec64_to_timespec( node->i_xtime1 );
|
- e = attrp->ia_xtime1;
+ e = timespec64_to_timespec( attrp->ia_xtime1 );
|
node->i_xtime1 = current_time(...);
|
node->i_xtime2 = node->i_xtime1 = node->i_xtime3 =
- e;
+ timespec_to_timespec64(e);
|
node->i_xtime1 = node->i_xtime3 =
- e;
+ timespec_to_timespec64(e);
|
- node->i_xtime1 = e;
+ node->i_xtime1 = timespec_to_timespec64(e);
)
Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com>
Cc: <anton@tuxera.com>
Cc: <balbi@kernel.org>
Cc: <bfields@fieldses.org>
Cc: <darrick.wong@oracle.com>
Cc: <dhowells@redhat.com>
Cc: <dsterba@suse.com>
Cc: <dwmw2@infradead.org>
Cc: <hch@lst.de>
Cc: <hirofumi@mail.parknet.co.jp>
Cc: <hubcap@omnibond.com>
Cc: <jack@suse.com>
Cc: <jaegeuk@kernel.org>
Cc: <jaharkes@cs.cmu.edu>
Cc: <jslaby@suse.com>
Cc: <keescook@chromium.org>
Cc: <mark@fasheh.com>
Cc: <miklos@szeredi.hu>
Cc: <nico@linaro.org>
Cc: <reiserfs-devel@vger.kernel.org>
Cc: <richard@nod.at>
Cc: <sage@redhat.com>
Cc: <sfrench@samba.org>
Cc: <swhiteho@redhat.com>
Cc: <tj@kernel.org>
Cc: <trond.myklebust@primarydata.com>
Cc: <tytso@mit.edu>
Cc: <viro@zeniv.linux.org.uk>
2018-05-08 19:36:02 -07:00
struct timespec64 ctime ;
2014-04-01 17:08:44 +02:00
2016-01-08 16:01:21 -05:00
if ( ( ext4_test_inode_flag ( new_dir , EXT4_INODE_PROJINHERIT ) & &
! projid_eq ( EXT4_I ( new_dir ) - > i_projid ,
EXT4_I ( old_dentry - > d_inode ) - > i_projid ) ) | |
( ext4_test_inode_flag ( old_dir , EXT4_INODE_PROJINHERIT ) & &
! projid_eq ( EXT4_I ( old_dir ) - > i_projid ,
EXT4_I ( new_dentry - > d_inode ) - > i_projid ) ) )
return - EXDEV ;
2015-06-29 16:22:54 +02:00
retval = dquot_initialize ( old . dir ) ;
if ( retval )
return retval ;
retval = dquot_initialize ( new . dir ) ;
if ( retval )
return retval ;
2014-04-01 17:08:44 +02:00
old . bh = ext4_find_entry ( old . dir , & old . dentry - > d_name ,
& old . de , & old . inlined ) ;
2014-08-23 17:47:19 -04:00
if ( IS_ERR ( old . bh ) )
return PTR_ERR ( old . bh ) ;
2014-04-01 17:08:44 +02:00
/*
* Check for inode number is _not_ due to possible IO errors .
* We might rmdir the source , keep it as pwd of some process
* and merrily kill the link to whatever was created under the
* same name . Goodbye sticky bit ; - <
*/
retval = - ENOENT ;
if ( ! old . bh | | le32_to_cpu ( old . de - > inode ) ! = old . inode - > i_ino )
goto end_rename ;
new . bh = ext4_find_entry ( new . dir , & new . dentry - > d_name ,
& new . de , & new . inlined ) ;
2014-08-23 17:47:19 -04:00
if ( IS_ERR ( new . bh ) ) {
retval = PTR_ERR ( new . bh ) ;
2014-09-03 09:33:00 -04:00
new . bh = NULL ;
2014-08-23 17:47:19 -04:00
goto end_rename ;
}
2014-04-01 17:08:44 +02:00
/* RENAME_EXCHANGE case: old *and* new must both exist */
if ( ! new . bh | | le32_to_cpu ( new . de - > inode ) ! = new . inode - > i_ino )
goto end_rename ;
handle = ext4_journal_start ( old . dir , EXT4_HT_DIR ,
( 2 * EXT4_DATA_TRANS_BLOCKS ( old . dir - > i_sb ) +
2 * EXT4_INDEX_EXTRA_TRANS_BLOCKS + 2 ) ) ;
2015-04-02 16:32:15 -04:00
if ( IS_ERR ( handle ) ) {
retval = PTR_ERR ( handle ) ;
handle = NULL ;
goto end_rename ;
}
2014-04-01 17:08:44 +02:00
if ( IS_DIRSYNC ( old . dir ) | | IS_DIRSYNC ( new . dir ) )
ext4_handle_sync ( handle ) ;
if ( S_ISDIR ( old . inode - > i_mode ) ) {
old . is_dir = true ;
retval = ext4_rename_dir_prepare ( handle , & old ) ;
if ( retval )
goto end_rename ;
}
if ( S_ISDIR ( new . inode - > i_mode ) ) {
new . is_dir = true ;
retval = ext4_rename_dir_prepare ( handle , & new ) ;
if ( retval )
goto end_rename ;
}
/*
* Other than the special case of overwriting a directory , parents '
* nlink only needs to be modified if this is a cross directory rename .
*/
if ( old . dir ! = new . dir & & old . is_dir ! = new . is_dir ) {
old . dir_nlink_delta = old . is_dir ? - 1 : 1 ;
new . dir_nlink_delta = - old . dir_nlink_delta ;
retval = - EMLINK ;
if ( ( old . dir_nlink_delta > 0 & & EXT4_DIR_LINK_MAX ( old . dir ) ) | |
( new . dir_nlink_delta > 0 & & EXT4_DIR_LINK_MAX ( new . dir ) ) )
goto end_rename ;
}
new_file_type = new . de - > file_type ;
retval = ext4_setent ( handle , & new , old . inode - > i_ino , old . de - > file_type ) ;
if ( retval )
goto end_rename ;
retval = ext4_setent ( handle , & old , new . inode - > i_ino , new_file_type ) ;
if ( retval )
goto end_rename ;
/*
* Like most other Unix systems , set the ctime for inodes on a
* rename .
*/
2016-11-14 21:40:10 -05:00
ctime = current_time ( old . inode ) ;
old . inode - > i_ctime = ctime ;
new . inode - > i_ctime = ctime ;
2020-04-26 18:34:37 -07:00
retval = ext4_mark_inode_dirty ( handle , old . inode ) ;
if ( unlikely ( retval ) )
goto end_rename ;
retval = ext4_mark_inode_dirty ( handle , new . inode ) ;
if ( unlikely ( retval ) )
goto end_rename ;
2020-10-15 13:37:57 -07:00
ext4_fc_mark_ineligible ( new . inode - > i_sb ,
2022-01-17 17:36:54 +08:00
EXT4_FC_REASON_CROSS_RENAME , handle ) ;
2014-04-01 17:08:44 +02:00
if ( old . dir_bh ) {
retval = ext4_rename_dir_finish ( handle , & old , new . dir - > i_ino ) ;
if ( retval )
goto end_rename ;
}
if ( new . dir_bh ) {
retval = ext4_rename_dir_finish ( handle , & new , old . dir - > i_ino ) ;
if ( retval )
goto end_rename ;
}
ext4_update_dir_count ( handle , & old ) ;
ext4_update_dir_count ( handle , & new ) ;
retval = 0 ;
end_rename :
brelse ( old . dir_bh ) ;
brelse ( new . dir_bh ) ;
brelse ( old . bh ) ;
brelse ( new . bh ) ;
if ( handle )
ext4_journal_stop ( handle ) ;
return retval ;
}
2023-01-13 12:49:17 +01:00
static int ext4_rename2 ( struct mnt_idmap * idmap ,
2021-01-21 14:19:43 +01:00
struct inode * old_dir , struct dentry * old_dentry ,
2014-04-01 17:08:43 +02:00
struct inode * new_dir , struct dentry * new_dentry ,
unsigned int flags )
{
2017-10-18 20:21:57 -04:00
int err ;
2017-02-05 01:28:48 -05:00
if ( unlikely ( ext4_forced_shutdown ( EXT4_SB ( old_dir - > i_sb ) ) ) )
return - EIO ;
2014-10-24 00:14:37 +02:00
if ( flags & ~ ( RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT ) )
2014-04-01 17:08:43 +02:00
return - EINVAL ;
2017-10-18 20:21:57 -04:00
err = fscrypt_prepare_rename ( old_dir , old_dentry , new_dir , new_dentry ,
flags ) ;
if ( err )
return err ;
2014-04-01 17:08:44 +02:00
if ( flags & RENAME_EXCHANGE ) {
return ext4_cross_rename ( old_dir , old_dentry ,
new_dir , new_dentry ) ;
}
2014-10-24 00:14:37 +02:00
2023-01-13 12:49:25 +01:00
return ext4_rename ( idmap , old_dir , old_dentry , new_dir , new_dentry , flags ) ;
2014-04-01 17:08:43 +02:00
}
2006-10-11 01:20:50 -07:00
/*
* directories can handle most operations . . .
*/
2007-02-12 00:55:38 -08:00
const struct inode_operations ext4_dir_inode_operations = {
2006-10-11 01:20:53 -07:00
. create = ext4_create ,
. lookup = ext4_lookup ,
. link = ext4_link ,
. unlink = ext4_unlink ,
. symlink = ext4_symlink ,
. mkdir = ext4_mkdir ,
. rmdir = ext4_rmdir ,
. mknod = ext4_mknod ,
2013-06-29 13:23:08 +04:00
. tmpfile = ext4_tmpfile ,
2016-09-27 11:03:58 +02:00
. rename = ext4_rename2 ,
2006-10-11 01:20:53 -07:00
. setattr = ext4_setattr ,
2017-03-31 18:31:56 +01:00
. getattr = ext4_getattr ,
2006-10-11 01:20:53 -07:00
. listxattr = ext4_listxattr ,
2022-09-22 17:17:00 +02:00
. get_inode_acl = ext4_get_acl ,
2013-12-20 05:16:44 -08:00
. set_acl = ext4_set_acl ,
2009-05-02 22:54:32 -04:00
. fiemap = ext4_fiemap ,
2021-04-07 14:36:43 +02:00
. fileattr_get = ext4_fileattr_get ,
. fileattr_set = ext4_fileattr_set ,
2006-10-11 01:20:50 -07:00
} ;
2007-02-12 00:55:38 -08:00
const struct inode_operations ext4_special_inode_operations = {
2006-10-11 01:20:53 -07:00
. setattr = ext4_setattr ,
2017-03-31 18:31:56 +01:00
. getattr = ext4_getattr ,
2006-10-11 01:20:53 -07:00
. listxattr = ext4_listxattr ,
2022-09-22 17:17:00 +02:00
. get_inode_acl = ext4_get_acl ,
2013-12-20 05:16:44 -08:00
. set_acl = ext4_set_acl ,
2006-10-11 01:20:50 -07:00
} ;