1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/fs/nfs/unlink.c
4 *
5 * nfs sillydelete handling
6 *
7 */
8
9 #include <linux/slab.h>
10 #include <linux/string.h>
11 #include <linux/dcache.h>
12 #include <linux/sunrpc/sched.h>
13 #include <linux/sunrpc/clnt.h>
14 #include <linux/nfs_fs.h>
15 #include <linux/sched.h>
16 #include <linux/wait.h>
17 #include <linux/namei.h>
18 #include <linux/fsnotify.h>
19
20 #include "internal.h"
21 #include "nfs4_fs.h"
22 #include "iostat.h"
23 #include "delegation.h"
24
25 #include "nfstrace.h"
26
27 /**
28 * nfs_free_unlinkdata - release data from a sillydelete operation.
29 * @data: pointer to unlink structure.
30 */
31 static void
nfs_free_unlinkdata(struct nfs_unlinkdata * data)32 nfs_free_unlinkdata(struct nfs_unlinkdata *data)
33 {
34 put_cred(data->cred);
35 kfree(data->args.name.name);
36 kfree(data);
37 }
38
39 /**
40 * nfs_async_unlink_done - Sillydelete post-processing
41 * @task: rpc_task of the sillydelete
42 * @calldata: pointer to nfs_unlinkdata
43 *
44 * Do the directory attribute update.
45 */
nfs_async_unlink_done(struct rpc_task * task,void * calldata)46 static void nfs_async_unlink_done(struct rpc_task *task, void *calldata)
47 {
48 struct nfs_unlinkdata *data = calldata;
49 struct inode *dir = d_inode(data->dentry->d_parent);
50
51 trace_nfs_sillyrename_unlink(data, task->tk_status);
52 if (!NFS_PROTO(dir)->unlink_done(task, dir))
53 rpc_restart_call_prepare(task);
54 }
55
56 /**
57 * nfs_async_unlink_release - Release the sillydelete data.
58 * @calldata: struct nfs_unlinkdata to release
59 *
60 * We need to call nfs_put_unlinkdata as a 'tk_release' task since the
61 * rpc_task would be freed too.
62 */
nfs_async_unlink_release(void * calldata)63 static void nfs_async_unlink_release(void *calldata)
64 {
65 struct nfs_unlinkdata *data = calldata;
66 struct dentry *dentry = data->dentry;
67 struct super_block *sb = dentry->d_sb;
68
69 up_read_non_owner(&NFS_I(d_inode(dentry->d_parent))->rmdir_sem);
70 d_lookup_done(dentry);
71 nfs_free_unlinkdata(data);
72 dput(dentry);
73 nfs_sb_deactive(sb);
74 }
75
nfs_unlink_prepare(struct rpc_task * task,void * calldata)76 static void nfs_unlink_prepare(struct rpc_task *task, void *calldata)
77 {
78 struct nfs_unlinkdata *data = calldata;
79 struct inode *dir = d_inode(data->dentry->d_parent);
80 NFS_PROTO(dir)->unlink_rpc_prepare(task, data);
81 }
82
83 static const struct rpc_call_ops nfs_unlink_ops = {
84 .rpc_call_done = nfs_async_unlink_done,
85 .rpc_release = nfs_async_unlink_release,
86 .rpc_call_prepare = nfs_unlink_prepare,
87 };
88
nfs_do_call_unlink(struct inode * inode,struct nfs_unlinkdata * data)89 static void nfs_do_call_unlink(struct inode *inode, struct nfs_unlinkdata *data)
90 {
91 struct rpc_message msg = {
92 .rpc_argp = &data->args,
93 .rpc_resp = &data->res,
94 .rpc_cred = data->cred,
95 };
96 struct rpc_task_setup task_setup_data = {
97 .rpc_message = &msg,
98 .callback_ops = &nfs_unlink_ops,
99 .callback_data = data,
100 .workqueue = nfsiod_workqueue,
101 .flags = RPC_TASK_ASYNC | RPC_TASK_CRED_NOREF,
102 };
103 struct rpc_task *task;
104 struct inode *dir = d_inode(data->dentry->d_parent);
105 nfs_sb_active(dir->i_sb);
106 data->args.fh = NFS_FH(dir);
107 nfs_fattr_init(data->res.dir_attr);
108
109 NFS_PROTO(dir)->unlink_setup(&msg, data->dentry, inode);
110
111 task_setup_data.rpc_client = NFS_CLIENT(dir);
112 task = rpc_run_task(&task_setup_data);
113 if (!IS_ERR(task))
114 rpc_put_task_async(task);
115 }
116
nfs_call_unlink(struct dentry * dentry,struct inode * inode,struct nfs_unlinkdata * data)117 static int nfs_call_unlink(struct dentry *dentry, struct inode *inode, struct nfs_unlinkdata *data)
118 {
119 struct inode *dir = d_inode(dentry->d_parent);
120 struct dentry *alias;
121
122 down_read_non_owner(&NFS_I(dir)->rmdir_sem);
123 alias = d_alloc_parallel(dentry->d_parent, &data->args.name, &data->wq);
124 if (IS_ERR(alias)) {
125 up_read_non_owner(&NFS_I(dir)->rmdir_sem);
126 return 0;
127 }
128 if (!d_in_lookup(alias)) {
129 int ret;
130 void *devname_garbage = NULL;
131
132 /*
133 * Hey, we raced with lookup... See if we need to transfer
134 * the sillyrename information to the aliased dentry.
135 */
136 spin_lock(&alias->d_lock);
137 if (d_really_is_positive(alias) &&
138 !(alias->d_flags & DCACHE_NFSFS_RENAMED)) {
139 devname_garbage = alias->d_fsdata;
140 alias->d_fsdata = data;
141 alias->d_flags |= DCACHE_NFSFS_RENAMED;
142 ret = 1;
143 } else
144 ret = 0;
145 spin_unlock(&alias->d_lock);
146 dput(alias);
147 up_read_non_owner(&NFS_I(dir)->rmdir_sem);
148 /*
149 * If we'd displaced old cached devname, free it. At that
150 * point dentry is definitely not a root, so we won't need
151 * that anymore.
152 */
153 kfree(devname_garbage);
154 return ret;
155 }
156 data->dentry = alias;
157 nfs_do_call_unlink(inode, data);
158 return 1;
159 }
160
161 /**
162 * nfs_async_unlink - asynchronous unlinking of a file
163 * @dentry: parent directory of dentry
164 * @name: name of dentry to unlink
165 */
166 static int
nfs_async_unlink(struct dentry * dentry,const struct qstr * name)167 nfs_async_unlink(struct dentry *dentry, const struct qstr *name)
168 {
169 struct nfs_unlinkdata *data;
170 int status = -ENOMEM;
171 void *devname_garbage = NULL;
172
173 data = kzalloc(sizeof(*data), GFP_KERNEL);
174 if (data == NULL)
175 goto out;
176 data->args.name.name = kstrdup(name->name, GFP_KERNEL);
177 if (!data->args.name.name)
178 goto out_free;
179 data->args.name.len = name->len;
180
181 data->cred = get_current_cred();
182 data->res.dir_attr = &data->dir_attr;
183 init_waitqueue_head(&data->wq);
184
185 status = -EBUSY;
186 spin_lock(&dentry->d_lock);
187 if (dentry->d_flags & DCACHE_NFSFS_RENAMED)
188 goto out_unlock;
189 dentry->d_flags |= DCACHE_NFSFS_RENAMED;
190 devname_garbage = dentry->d_fsdata;
191 dentry->d_fsdata = data;
192 spin_unlock(&dentry->d_lock);
193 /*
194 * If we'd displaced old cached devname, free it. At that
195 * point dentry is definitely not a root, so we won't need
196 * that anymore.
197 */
198 kfree(devname_garbage);
199 return 0;
200 out_unlock:
201 spin_unlock(&dentry->d_lock);
202 put_cred(data->cred);
203 kfree(data->args.name.name);
204 out_free:
205 kfree(data);
206 out:
207 return status;
208 }
209
210 /**
211 * nfs_complete_unlink - Initialize completion of the sillydelete
212 * @dentry: dentry to delete
213 * @inode: inode
214 *
215 * Since we're most likely to be called by dentry_iput(), we
216 * only use the dentry to find the sillydelete. We then copy the name
217 * into the qstr.
218 */
219 void
nfs_complete_unlink(struct dentry * dentry,struct inode * inode)220 nfs_complete_unlink(struct dentry *dentry, struct inode *inode)
221 {
222 struct nfs_unlinkdata *data;
223
224 spin_lock(&dentry->d_lock);
225 dentry->d_flags &= ~DCACHE_NFSFS_RENAMED;
226 data = dentry->d_fsdata;
227 dentry->d_fsdata = NULL;
228 spin_unlock(&dentry->d_lock);
229
230 if (NFS_STALE(inode) || !nfs_call_unlink(dentry, inode, data))
231 nfs_free_unlinkdata(data);
232 }
233
234 /* Cancel a queued async unlink. Called when a sillyrename run fails. */
235 static void
nfs_cancel_async_unlink(struct dentry * dentry)236 nfs_cancel_async_unlink(struct dentry *dentry)
237 {
238 spin_lock(&dentry->d_lock);
239 if (dentry->d_flags & DCACHE_NFSFS_RENAMED) {
240 struct nfs_unlinkdata *data = dentry->d_fsdata;
241
242 dentry->d_flags &= ~DCACHE_NFSFS_RENAMED;
243 dentry->d_fsdata = NULL;
244 spin_unlock(&dentry->d_lock);
245 nfs_free_unlinkdata(data);
246 return;
247 }
248 spin_unlock(&dentry->d_lock);
249 }
250
251 /**
252 * nfs_async_rename_done - Sillyrename post-processing
253 * @task: rpc_task of the sillyrename
254 * @calldata: nfs_renamedata for the sillyrename
255 *
256 * Do the directory attribute updates and the d_move
257 */
nfs_async_rename_done(struct rpc_task * task,void * calldata)258 static void nfs_async_rename_done(struct rpc_task *task, void *calldata)
259 {
260 struct nfs_renamedata *data = calldata;
261 struct inode *old_dir = data->old_dir;
262 struct inode *new_dir = data->new_dir;
263 struct dentry *old_dentry = data->old_dentry;
264
265 trace_nfs_sillyrename_rename(old_dir, old_dentry,
266 new_dir, data->new_dentry, task->tk_status);
267 if (!NFS_PROTO(old_dir)->rename_done(task, old_dir, new_dir)) {
268 rpc_restart_call_prepare(task);
269 return;
270 }
271
272 if (data->complete)
273 data->complete(task, data);
274 }
275
276 /**
277 * nfs_async_rename_release - Release the sillyrename data.
278 * @calldata: the struct nfs_renamedata to be released
279 */
nfs_async_rename_release(void * calldata)280 static void nfs_async_rename_release(void *calldata)
281 {
282 struct nfs_renamedata *data = calldata;
283 struct super_block *sb = data->old_dir->i_sb;
284
285 if (d_really_is_positive(data->old_dentry))
286 nfs_mark_for_revalidate(d_inode(data->old_dentry));
287
288 /* The result of the rename is unknown. Play it safe by
289 * forcing a new lookup */
290 if (data->cancelled) {
291 spin_lock(&data->old_dir->i_lock);
292 nfs_force_lookup_revalidate(data->old_dir);
293 spin_unlock(&data->old_dir->i_lock);
294 if (data->new_dir != data->old_dir) {
295 spin_lock(&data->new_dir->i_lock);
296 nfs_force_lookup_revalidate(data->new_dir);
297 spin_unlock(&data->new_dir->i_lock);
298 }
299 }
300
301 dput(data->old_dentry);
302 dput(data->new_dentry);
303 iput(data->old_dir);
304 iput(data->new_dir);
305 nfs_sb_deactive(sb);
306 put_cred(data->cred);
307 kfree(data);
308 }
309
nfs_rename_prepare(struct rpc_task * task,void * calldata)310 static void nfs_rename_prepare(struct rpc_task *task, void *calldata)
311 {
312 struct nfs_renamedata *data = calldata;
313 NFS_PROTO(data->old_dir)->rename_rpc_prepare(task, data);
314 }
315
316 static const struct rpc_call_ops nfs_rename_ops = {
317 .rpc_call_done = nfs_async_rename_done,
318 .rpc_release = nfs_async_rename_release,
319 .rpc_call_prepare = nfs_rename_prepare,
320 };
321
322 /**
323 * nfs_async_rename - perform an asynchronous rename operation
324 * @old_dir: directory that currently holds the dentry to be renamed
325 * @new_dir: target directory for the rename
326 * @old_dentry: original dentry to be renamed
327 * @new_dentry: dentry to which the old_dentry should be renamed
328 * @complete: Function to run on successful completion
329 *
330 * It's expected that valid references to the dentries and inodes are held
331 */
332 struct rpc_task *
nfs_async_rename(struct inode * old_dir,struct inode * new_dir,struct dentry * old_dentry,struct dentry * new_dentry,void (* complete)(struct rpc_task *,struct nfs_renamedata *))333 nfs_async_rename(struct inode *old_dir, struct inode *new_dir,
334 struct dentry *old_dentry, struct dentry *new_dentry,
335 void (*complete)(struct rpc_task *, struct nfs_renamedata *))
336 {
337 struct nfs_renamedata *data;
338 struct rpc_message msg = { };
339 struct rpc_task_setup task_setup_data = {
340 .rpc_message = &msg,
341 .callback_ops = &nfs_rename_ops,
342 .workqueue = nfsiod_workqueue,
343 .rpc_client = NFS_CLIENT(old_dir),
344 .flags = RPC_TASK_ASYNC | RPC_TASK_CRED_NOREF,
345 };
346
347 data = kzalloc(sizeof(*data), GFP_KERNEL);
348 if (data == NULL)
349 return ERR_PTR(-ENOMEM);
350 task_setup_data.callback_data = data;
351
352 data->cred = get_current_cred();
353
354 msg.rpc_argp = &data->args;
355 msg.rpc_resp = &data->res;
356 msg.rpc_cred = data->cred;
357
358 /* set up nfs_renamedata */
359 data->old_dir = old_dir;
360 ihold(old_dir);
361 data->new_dir = new_dir;
362 ihold(new_dir);
363 data->old_dentry = dget(old_dentry);
364 data->new_dentry = dget(new_dentry);
365 nfs_fattr_init(&data->old_fattr);
366 nfs_fattr_init(&data->new_fattr);
367 data->complete = complete;
368
369 /* set up nfs_renameargs */
370 data->args.old_dir = NFS_FH(old_dir);
371 data->args.old_name = &old_dentry->d_name;
372 data->args.new_dir = NFS_FH(new_dir);
373 data->args.new_name = &new_dentry->d_name;
374
375 /* set up nfs_renameres */
376 data->res.old_fattr = &data->old_fattr;
377 data->res.new_fattr = &data->new_fattr;
378
379 nfs_sb_active(old_dir->i_sb);
380
381 NFS_PROTO(data->old_dir)->rename_setup(&msg, old_dentry, new_dentry);
382
383 return rpc_run_task(&task_setup_data);
384 }
385
386 /*
387 * Perform tasks needed when a sillyrename is done such as cancelling the
388 * queued async unlink if it failed.
389 */
390 static void
nfs_complete_sillyrename(struct rpc_task * task,struct nfs_renamedata * data)391 nfs_complete_sillyrename(struct rpc_task *task, struct nfs_renamedata *data)
392 {
393 struct dentry *dentry = data->old_dentry;
394
395 if (task->tk_status != 0) {
396 nfs_cancel_async_unlink(dentry);
397 return;
398 }
399 }
400
401 #define SILLYNAME_PREFIX ".nfs"
402 #define SILLYNAME_PREFIX_LEN ((unsigned)sizeof(SILLYNAME_PREFIX) - 1)
403 #define SILLYNAME_FILEID_LEN ((unsigned)sizeof(u64) << 1)
404 #define SILLYNAME_COUNTER_LEN ((unsigned)sizeof(unsigned int) << 1)
405 #define SILLYNAME_LEN (SILLYNAME_PREFIX_LEN + \
406 SILLYNAME_FILEID_LEN + \
407 SILLYNAME_COUNTER_LEN)
408
409 /**
410 * nfs_sillyrename - Perform a silly-rename of a dentry
411 * @dir: inode of directory that contains dentry
412 * @dentry: dentry to be sillyrenamed
413 *
414 * NFSv2/3 is stateless and the server doesn't know when the client is
415 * holding a file open. To prevent application problems when a file is
416 * unlinked while it's still open, the client performs a "silly-rename".
417 * That is, it renames the file to a hidden file in the same directory,
418 * and only performs the unlink once the last reference to it is put.
419 *
420 * The final cleanup is done during dentry_iput.
421 *
422 * (Note: NFSv4 is stateful, and has opens, so in theory an NFSv4 server
423 * could take responsibility for keeping open files referenced. The server
424 * would also need to ensure that opened-but-deleted files were kept over
425 * reboots. However, we may not assume a server does so. (RFC 5661
426 * does provide an OPEN4_RESULT_PRESERVE_UNLINKED flag that a server can
427 * use to advertise that it does this; some day we may take advantage of
428 * it.))
429 */
430 int
nfs_sillyrename(struct inode * dir,struct dentry * dentry)431 nfs_sillyrename(struct inode *dir, struct dentry *dentry)
432 {
433 static unsigned int sillycounter;
434 unsigned char silly[SILLYNAME_LEN + 1];
435 unsigned long long fileid;
436 struct dentry *sdentry;
437 struct inode *inode = d_inode(dentry);
438 struct rpc_task *task;
439 int error = -EBUSY;
440
441 dfprintk(VFS, "NFS: silly-rename(%pd2, ct=%d)\n",
442 dentry, d_count(dentry));
443 nfs_inc_stats(dir, NFSIOS_SILLYRENAME);
444
445 /*
446 * We don't allow a dentry to be silly-renamed twice.
447 */
448 if (dentry->d_flags & DCACHE_NFSFS_RENAMED)
449 goto out;
450
451 fileid = NFS_FILEID(d_inode(dentry));
452
453 sdentry = NULL;
454 do {
455 int slen;
456 dput(sdentry);
457 sillycounter++;
458 slen = scnprintf(silly, sizeof(silly),
459 SILLYNAME_PREFIX "%0*llx%0*x",
460 SILLYNAME_FILEID_LEN, fileid,
461 SILLYNAME_COUNTER_LEN, sillycounter);
462
463 dfprintk(VFS, "NFS: trying to rename %pd to %s\n",
464 dentry, silly);
465
466 sdentry = lookup_one_len(silly, dentry->d_parent, slen);
467 /*
468 * N.B. Better to return EBUSY here ... it could be
469 * dangerous to delete the file while it's in use.
470 */
471 if (IS_ERR(sdentry))
472 goto out;
473 } while (d_inode(sdentry) != NULL); /* need negative lookup */
474
475 ihold(inode);
476
477 /* queue unlink first. Can't do this from rpc_release as it
478 * has to allocate memory
479 */
480 error = nfs_async_unlink(dentry, &sdentry->d_name);
481 if (error)
482 goto out_dput;
483
484 /* run the rename task, undo unlink if it fails */
485 task = nfs_async_rename(dir, dir, dentry, sdentry,
486 nfs_complete_sillyrename);
487 if (IS_ERR(task)) {
488 error = -EBUSY;
489 nfs_cancel_async_unlink(dentry);
490 goto out_dput;
491 }
492
493 /* wait for the RPC task to complete, unless a SIGKILL intervenes */
494 error = rpc_wait_for_completion_task(task);
495 if (error == 0)
496 error = task->tk_status;
497 switch (error) {
498 case 0:
499 /* The rename succeeded */
500 nfs_set_verifier(dentry, nfs_save_change_attribute(dir));
501 spin_lock(&inode->i_lock);
502 NFS_I(inode)->attr_gencount = nfs_inc_attr_generation_counter();
503 nfs_set_cache_invalid(inode, NFS_INO_INVALID_CHANGE |
504 NFS_INO_INVALID_CTIME |
505 NFS_INO_REVAL_FORCED);
506 spin_unlock(&inode->i_lock);
507 d_move(dentry, sdentry);
508 break;
509 case -ERESTARTSYS:
510 /* The result of the rename is unknown. Play it safe by
511 * forcing a new lookup */
512 d_drop(dentry);
513 d_drop(sdentry);
514 }
515 rpc_put_task(task);
516 out_dput:
517 iput(inode);
518 dput(sdentry);
519 out:
520 return error;
521 }
522