1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/fs/nfs/unlink.c
4 *
5 * nfs sillydelete handling
6 *
7 */
8
9 #include <linux/slab.h>
10 #include <linux/string.h>
11 #include <linux/dcache.h>
12 #include <linux/sunrpc/sched.h>
13 #include <linux/sunrpc/clnt.h>
14 #include <linux/nfs_fs.h>
15 #include <linux/sched.h>
16 #include <linux/wait.h>
17 #include <linux/namei.h>
18 #include <linux/fsnotify.h>
19
20 #include "internal.h"
21 #include "nfs4_fs.h"
22 #include "iostat.h"
23 #include "delegation.h"
24
25 #include "nfstrace.h"
26
27 /**
28 * nfs_free_unlinkdata - release data from a sillydelete operation.
29 * @data: pointer to unlink structure.
30 */
31 static void
nfs_free_unlinkdata(struct nfs_unlinkdata * data)32 nfs_free_unlinkdata(struct nfs_unlinkdata *data)
33 {
34 put_rpccred(data->cred);
35 kfree(data->args.name.name);
36 kfree(data);
37 }
38
39 /**
40 * nfs_async_unlink_done - Sillydelete post-processing
41 * @task: rpc_task of the sillydelete
42 *
43 * Do the directory attribute update.
44 */
nfs_async_unlink_done(struct rpc_task * task,void * calldata)45 static void nfs_async_unlink_done(struct rpc_task *task, void *calldata)
46 {
47 struct nfs_unlinkdata *data = calldata;
48 struct inode *dir = d_inode(data->dentry->d_parent);
49
50 trace_nfs_sillyrename_unlink(data, task->tk_status);
51 if (!NFS_PROTO(dir)->unlink_done(task, dir))
52 rpc_restart_call_prepare(task);
53 }
54
55 /**
56 * nfs_async_unlink_release - Release the sillydelete data.
57 * @task: rpc_task of the sillydelete
58 *
59 * We need to call nfs_put_unlinkdata as a 'tk_release' task since the
60 * rpc_task would be freed too.
61 */
nfs_async_unlink_release(void * calldata)62 static void nfs_async_unlink_release(void *calldata)
63 {
64 struct nfs_unlinkdata *data = calldata;
65 struct dentry *dentry = data->dentry;
66 struct super_block *sb = dentry->d_sb;
67
68 up_read_non_owner(&NFS_I(d_inode(dentry->d_parent))->rmdir_sem);
69 d_lookup_done(dentry);
70 nfs_free_unlinkdata(data);
71 dput(dentry);
72 nfs_sb_deactive(sb);
73 }
74
nfs_unlink_prepare(struct rpc_task * task,void * calldata)75 static void nfs_unlink_prepare(struct rpc_task *task, void *calldata)
76 {
77 struct nfs_unlinkdata *data = calldata;
78 struct inode *dir = d_inode(data->dentry->d_parent);
79 NFS_PROTO(dir)->unlink_rpc_prepare(task, data);
80 }
81
82 static const struct rpc_call_ops nfs_unlink_ops = {
83 .rpc_call_done = nfs_async_unlink_done,
84 .rpc_release = nfs_async_unlink_release,
85 .rpc_call_prepare = nfs_unlink_prepare,
86 };
87
nfs_do_call_unlink(struct inode * inode,struct nfs_unlinkdata * data)88 static void nfs_do_call_unlink(struct inode *inode, struct nfs_unlinkdata *data)
89 {
90 struct rpc_message msg = {
91 .rpc_argp = &data->args,
92 .rpc_resp = &data->res,
93 .rpc_cred = data->cred,
94 };
95 struct rpc_task_setup task_setup_data = {
96 .rpc_message = &msg,
97 .callback_ops = &nfs_unlink_ops,
98 .callback_data = data,
99 .workqueue = nfsiod_workqueue,
100 .flags = RPC_TASK_ASYNC,
101 };
102 struct rpc_task *task;
103 struct inode *dir = d_inode(data->dentry->d_parent);
104 nfs_sb_active(dir->i_sb);
105 data->args.fh = NFS_FH(dir);
106 nfs_fattr_init(data->res.dir_attr);
107
108 NFS_PROTO(dir)->unlink_setup(&msg, data->dentry, inode);
109
110 task_setup_data.rpc_client = NFS_CLIENT(dir);
111 task = rpc_run_task(&task_setup_data);
112 if (!IS_ERR(task))
113 rpc_put_task_async(task);
114 }
115
nfs_call_unlink(struct dentry * dentry,struct inode * inode,struct nfs_unlinkdata * data)116 static int nfs_call_unlink(struct dentry *dentry, struct inode *inode, struct nfs_unlinkdata *data)
117 {
118 struct inode *dir = d_inode(dentry->d_parent);
119 struct dentry *alias;
120
121 down_read_non_owner(&NFS_I(dir)->rmdir_sem);
122 alias = d_alloc_parallel(dentry->d_parent, &data->args.name, &data->wq);
123 if (IS_ERR(alias)) {
124 up_read_non_owner(&NFS_I(dir)->rmdir_sem);
125 return 0;
126 }
127 if (!d_in_lookup(alias)) {
128 int ret;
129 void *devname_garbage = NULL;
130
131 /*
132 * Hey, we raced with lookup... See if we need to transfer
133 * the sillyrename information to the aliased dentry.
134 */
135 spin_lock(&alias->d_lock);
136 if (d_really_is_positive(alias) &&
137 !(alias->d_flags & DCACHE_NFSFS_RENAMED)) {
138 devname_garbage = alias->d_fsdata;
139 alias->d_fsdata = data;
140 alias->d_flags |= DCACHE_NFSFS_RENAMED;
141 ret = 1;
142 } else
143 ret = 0;
144 spin_unlock(&alias->d_lock);
145 dput(alias);
146 up_read_non_owner(&NFS_I(dir)->rmdir_sem);
147 /*
148 * If we'd displaced old cached devname, free it. At that
149 * point dentry is definitely not a root, so we won't need
150 * that anymore.
151 */
152 kfree(devname_garbage);
153 return ret;
154 }
155 data->dentry = alias;
156 nfs_do_call_unlink(inode, data);
157 return 1;
158 }
159
160 /**
161 * nfs_async_unlink - asynchronous unlinking of a file
162 * @dir: parent directory of dentry
163 * @dentry: dentry to unlink
164 */
165 static int
nfs_async_unlink(struct dentry * dentry,const struct qstr * name)166 nfs_async_unlink(struct dentry *dentry, const struct qstr *name)
167 {
168 struct nfs_unlinkdata *data;
169 int status = -ENOMEM;
170 void *devname_garbage = NULL;
171
172 data = kzalloc(sizeof(*data), GFP_KERNEL);
173 if (data == NULL)
174 goto out;
175 data->args.name.name = kstrdup(name->name, GFP_KERNEL);
176 if (!data->args.name.name)
177 goto out_free;
178 data->args.name.len = name->len;
179
180 data->cred = rpc_lookup_cred();
181 if (IS_ERR(data->cred)) {
182 status = PTR_ERR(data->cred);
183 goto out_free_name;
184 }
185 data->res.dir_attr = &data->dir_attr;
186 init_waitqueue_head(&data->wq);
187
188 status = -EBUSY;
189 spin_lock(&dentry->d_lock);
190 if (dentry->d_flags & DCACHE_NFSFS_RENAMED)
191 goto out_unlock;
192 dentry->d_flags |= DCACHE_NFSFS_RENAMED;
193 devname_garbage = dentry->d_fsdata;
194 dentry->d_fsdata = data;
195 spin_unlock(&dentry->d_lock);
196 /*
197 * If we'd displaced old cached devname, free it. At that
198 * point dentry is definitely not a root, so we won't need
199 * that anymore.
200 */
201 kfree(devname_garbage);
202 return 0;
203 out_unlock:
204 spin_unlock(&dentry->d_lock);
205 put_rpccred(data->cred);
206 out_free_name:
207 kfree(data->args.name.name);
208 out_free:
209 kfree(data);
210 out:
211 return status;
212 }
213
214 /**
215 * nfs_complete_unlink - Initialize completion of the sillydelete
216 * @dentry: dentry to delete
217 * @inode: inode
218 *
219 * Since we're most likely to be called by dentry_iput(), we
220 * only use the dentry to find the sillydelete. We then copy the name
221 * into the qstr.
222 */
223 void
nfs_complete_unlink(struct dentry * dentry,struct inode * inode)224 nfs_complete_unlink(struct dentry *dentry, struct inode *inode)
225 {
226 struct nfs_unlinkdata *data;
227
228 spin_lock(&dentry->d_lock);
229 dentry->d_flags &= ~DCACHE_NFSFS_RENAMED;
230 data = dentry->d_fsdata;
231 dentry->d_fsdata = NULL;
232 spin_unlock(&dentry->d_lock);
233
234 if (NFS_STALE(inode) || !nfs_call_unlink(dentry, inode, data))
235 nfs_free_unlinkdata(data);
236 }
237
238 /* Cancel a queued async unlink. Called when a sillyrename run fails. */
239 static void
nfs_cancel_async_unlink(struct dentry * dentry)240 nfs_cancel_async_unlink(struct dentry *dentry)
241 {
242 spin_lock(&dentry->d_lock);
243 if (dentry->d_flags & DCACHE_NFSFS_RENAMED) {
244 struct nfs_unlinkdata *data = dentry->d_fsdata;
245
246 dentry->d_flags &= ~DCACHE_NFSFS_RENAMED;
247 dentry->d_fsdata = NULL;
248 spin_unlock(&dentry->d_lock);
249 nfs_free_unlinkdata(data);
250 return;
251 }
252 spin_unlock(&dentry->d_lock);
253 }
254
255 /**
256 * nfs_async_rename_done - Sillyrename post-processing
257 * @task: rpc_task of the sillyrename
258 * @calldata: nfs_renamedata for the sillyrename
259 *
260 * Do the directory attribute updates and the d_move
261 */
nfs_async_rename_done(struct rpc_task * task,void * calldata)262 static void nfs_async_rename_done(struct rpc_task *task, void *calldata)
263 {
264 struct nfs_renamedata *data = calldata;
265 struct inode *old_dir = data->old_dir;
266 struct inode *new_dir = data->new_dir;
267 struct dentry *old_dentry = data->old_dentry;
268
269 trace_nfs_sillyrename_rename(old_dir, old_dentry,
270 new_dir, data->new_dentry, task->tk_status);
271 if (!NFS_PROTO(old_dir)->rename_done(task, old_dir, new_dir)) {
272 rpc_restart_call_prepare(task);
273 return;
274 }
275
276 if (data->complete)
277 data->complete(task, data);
278 }
279
280 /**
281 * nfs_async_rename_release - Release the sillyrename data.
282 * @calldata: the struct nfs_renamedata to be released
283 */
nfs_async_rename_release(void * calldata)284 static void nfs_async_rename_release(void *calldata)
285 {
286 struct nfs_renamedata *data = calldata;
287 struct super_block *sb = data->old_dir->i_sb;
288
289 if (d_really_is_positive(data->old_dentry))
290 nfs_mark_for_revalidate(d_inode(data->old_dentry));
291
292 /* The result of the rename is unknown. Play it safe by
293 * forcing a new lookup */
294 if (data->cancelled) {
295 spin_lock(&data->old_dir->i_lock);
296 nfs_force_lookup_revalidate(data->old_dir);
297 spin_unlock(&data->old_dir->i_lock);
298 if (data->new_dir != data->old_dir) {
299 spin_lock(&data->new_dir->i_lock);
300 nfs_force_lookup_revalidate(data->new_dir);
301 spin_unlock(&data->new_dir->i_lock);
302 }
303 }
304
305 dput(data->old_dentry);
306 dput(data->new_dentry);
307 iput(data->old_dir);
308 iput(data->new_dir);
309 nfs_sb_deactive(sb);
310 put_rpccred(data->cred);
311 kfree(data);
312 }
313
nfs_rename_prepare(struct rpc_task * task,void * calldata)314 static void nfs_rename_prepare(struct rpc_task *task, void *calldata)
315 {
316 struct nfs_renamedata *data = calldata;
317 NFS_PROTO(data->old_dir)->rename_rpc_prepare(task, data);
318 }
319
320 static const struct rpc_call_ops nfs_rename_ops = {
321 .rpc_call_done = nfs_async_rename_done,
322 .rpc_release = nfs_async_rename_release,
323 .rpc_call_prepare = nfs_rename_prepare,
324 };
325
326 /**
327 * nfs_async_rename - perform an asynchronous rename operation
328 * @old_dir: directory that currently holds the dentry to be renamed
329 * @new_dir: target directory for the rename
330 * @old_dentry: original dentry to be renamed
331 * @new_dentry: dentry to which the old_dentry should be renamed
332 *
333 * It's expected that valid references to the dentries and inodes are held
334 */
335 struct rpc_task *
nfs_async_rename(struct inode * old_dir,struct inode * new_dir,struct dentry * old_dentry,struct dentry * new_dentry,void (* complete)(struct rpc_task *,struct nfs_renamedata *))336 nfs_async_rename(struct inode *old_dir, struct inode *new_dir,
337 struct dentry *old_dentry, struct dentry *new_dentry,
338 void (*complete)(struct rpc_task *, struct nfs_renamedata *))
339 {
340 struct nfs_renamedata *data;
341 struct rpc_message msg = { };
342 struct rpc_task_setup task_setup_data = {
343 .rpc_message = &msg,
344 .callback_ops = &nfs_rename_ops,
345 .workqueue = nfsiod_workqueue,
346 .rpc_client = NFS_CLIENT(old_dir),
347 .flags = RPC_TASK_ASYNC,
348 };
349
350 data = kzalloc(sizeof(*data), GFP_KERNEL);
351 if (data == NULL)
352 return ERR_PTR(-ENOMEM);
353 task_setup_data.callback_data = data;
354
355 data->cred = rpc_lookup_cred();
356 if (IS_ERR(data->cred)) {
357 struct rpc_task *task = ERR_CAST(data->cred);
358 kfree(data);
359 return task;
360 }
361
362 msg.rpc_argp = &data->args;
363 msg.rpc_resp = &data->res;
364 msg.rpc_cred = data->cred;
365
366 /* set up nfs_renamedata */
367 data->old_dir = old_dir;
368 ihold(old_dir);
369 data->new_dir = new_dir;
370 ihold(new_dir);
371 data->old_dentry = dget(old_dentry);
372 data->new_dentry = dget(new_dentry);
373 nfs_fattr_init(&data->old_fattr);
374 nfs_fattr_init(&data->new_fattr);
375 data->complete = complete;
376
377 /* set up nfs_renameargs */
378 data->args.old_dir = NFS_FH(old_dir);
379 data->args.old_name = &old_dentry->d_name;
380 data->args.new_dir = NFS_FH(new_dir);
381 data->args.new_name = &new_dentry->d_name;
382
383 /* set up nfs_renameres */
384 data->res.old_fattr = &data->old_fattr;
385 data->res.new_fattr = &data->new_fattr;
386
387 nfs_sb_active(old_dir->i_sb);
388
389 NFS_PROTO(data->old_dir)->rename_setup(&msg, old_dentry, new_dentry);
390
391 return rpc_run_task(&task_setup_data);
392 }
393
394 /*
395 * Perform tasks needed when a sillyrename is done such as cancelling the
396 * queued async unlink if it failed.
397 */
398 static void
nfs_complete_sillyrename(struct rpc_task * task,struct nfs_renamedata * data)399 nfs_complete_sillyrename(struct rpc_task *task, struct nfs_renamedata *data)
400 {
401 struct dentry *dentry = data->old_dentry;
402
403 if (task->tk_status != 0) {
404 nfs_cancel_async_unlink(dentry);
405 return;
406 }
407
408 /*
409 * vfs_unlink and the like do not issue this when a file is
410 * sillyrenamed, so do it here.
411 */
412 fsnotify_nameremove(dentry, 0);
413 }
414
415 #define SILLYNAME_PREFIX ".nfs"
416 #define SILLYNAME_PREFIX_LEN ((unsigned)sizeof(SILLYNAME_PREFIX) - 1)
417 #define SILLYNAME_FILEID_LEN ((unsigned)sizeof(u64) << 1)
418 #define SILLYNAME_COUNTER_LEN ((unsigned)sizeof(unsigned int) << 1)
419 #define SILLYNAME_LEN (SILLYNAME_PREFIX_LEN + \
420 SILLYNAME_FILEID_LEN + \
421 SILLYNAME_COUNTER_LEN)
422
423 /**
424 * nfs_sillyrename - Perform a silly-rename of a dentry
425 * @dir: inode of directory that contains dentry
426 * @dentry: dentry to be sillyrenamed
427 *
428 * NFSv2/3 is stateless and the server doesn't know when the client is
429 * holding a file open. To prevent application problems when a file is
430 * unlinked while it's still open, the client performs a "silly-rename".
431 * That is, it renames the file to a hidden file in the same directory,
432 * and only performs the unlink once the last reference to it is put.
433 *
434 * The final cleanup is done during dentry_iput.
435 *
436 * (Note: NFSv4 is stateful, and has opens, so in theory an NFSv4 server
437 * could take responsibility for keeping open files referenced. The server
438 * would also need to ensure that opened-but-deleted files were kept over
439 * reboots. However, we may not assume a server does so. (RFC 5661
440 * does provide an OPEN4_RESULT_PRESERVE_UNLINKED flag that a server can
441 * use to advertise that it does this; some day we may take advantage of
442 * it.))
443 */
444 int
nfs_sillyrename(struct inode * dir,struct dentry * dentry)445 nfs_sillyrename(struct inode *dir, struct dentry *dentry)
446 {
447 static unsigned int sillycounter;
448 unsigned char silly[SILLYNAME_LEN + 1];
449 unsigned long long fileid;
450 struct dentry *sdentry;
451 struct inode *inode = d_inode(dentry);
452 struct rpc_task *task;
453 int error = -EBUSY;
454
455 dfprintk(VFS, "NFS: silly-rename(%pd2, ct=%d)\n",
456 dentry, d_count(dentry));
457 nfs_inc_stats(dir, NFSIOS_SILLYRENAME);
458
459 /*
460 * We don't allow a dentry to be silly-renamed twice.
461 */
462 if (dentry->d_flags & DCACHE_NFSFS_RENAMED)
463 goto out;
464
465 fileid = NFS_FILEID(d_inode(dentry));
466
467 sdentry = NULL;
468 do {
469 int slen;
470 dput(sdentry);
471 sillycounter++;
472 slen = scnprintf(silly, sizeof(silly),
473 SILLYNAME_PREFIX "%0*llx%0*x",
474 SILLYNAME_FILEID_LEN, fileid,
475 SILLYNAME_COUNTER_LEN, sillycounter);
476
477 dfprintk(VFS, "NFS: trying to rename %pd to %s\n",
478 dentry, silly);
479
480 sdentry = lookup_one_len(silly, dentry->d_parent, slen);
481 /*
482 * N.B. Better to return EBUSY here ... it could be
483 * dangerous to delete the file while it's in use.
484 */
485 if (IS_ERR(sdentry))
486 goto out;
487 } while (d_inode(sdentry) != NULL); /* need negative lookup */
488
489 ihold(inode);
490
491 /* queue unlink first. Can't do this from rpc_release as it
492 * has to allocate memory
493 */
494 error = nfs_async_unlink(dentry, &sdentry->d_name);
495 if (error)
496 goto out_dput;
497
498 /* run the rename task, undo unlink if it fails */
499 task = nfs_async_rename(dir, dir, dentry, sdentry,
500 nfs_complete_sillyrename);
501 if (IS_ERR(task)) {
502 error = -EBUSY;
503 nfs_cancel_async_unlink(dentry);
504 goto out_dput;
505 }
506
507 /* wait for the RPC task to complete, unless a SIGKILL intervenes */
508 error = rpc_wait_for_completion_task(task);
509 if (error == 0)
510 error = task->tk_status;
511 switch (error) {
512 case 0:
513 /* The rename succeeded */
514 nfs_set_verifier(dentry, nfs_save_change_attribute(dir));
515 spin_lock(&inode->i_lock);
516 NFS_I(inode)->attr_gencount = nfs_inc_attr_generation_counter();
517 NFS_I(inode)->cache_validity |= NFS_INO_INVALID_CHANGE
518 | NFS_INO_INVALID_CTIME
519 | NFS_INO_REVAL_FORCED;
520 spin_unlock(&inode->i_lock);
521 d_move(dentry, sdentry);
522 break;
523 case -ERESTARTSYS:
524 /* The result of the rename is unknown. Play it safe by
525 * forcing a new lookup */
526 d_drop(dentry);
527 d_drop(sdentry);
528 }
529 rpc_put_task(task);
530 out_dput:
531 iput(inode);
532 dput(sdentry);
533 out:
534 return error;
535 }
536