1 /*
2  *  linux/fs/nfs/unlink.c
3  *
4  * nfs sillydelete handling
5  *
6  */
7 
8 #include <linux/slab.h>
9 #include <linux/string.h>
10 #include <linux/dcache.h>
11 #include <linux/sunrpc/sched.h>
12 #include <linux/sunrpc/clnt.h>
13 #include <linux/nfs_fs.h>
14 #include <linux/sched.h>
15 #include <linux/wait.h>
16 #include <linux/namei.h>
17 
18 #include "internal.h"
19 #include "nfs4_fs.h"
20 #include "iostat.h"
21 #include "delegation.h"
22 
23 struct nfs_unlinkdata {
24 	struct hlist_node list;
25 	struct nfs_removeargs args;
26 	struct nfs_removeres res;
27 	struct inode *dir;
28 	struct rpc_cred	*cred;
29 	struct nfs_fattr dir_attr;
30 };
31 
32 /**
33  * nfs_free_unlinkdata - release data from a sillydelete operation.
34  * @data: pointer to unlink structure.
35  */
36 static void
nfs_free_unlinkdata(struct nfs_unlinkdata * data)37 nfs_free_unlinkdata(struct nfs_unlinkdata *data)
38 {
39 	iput(data->dir);
40 	put_rpccred(data->cred);
41 	kfree(data->args.name.name);
42 	kfree(data);
43 }
44 
45 #define NAME_ALLOC_LEN(len)	((len+16) & ~15)
46 /**
47  * nfs_copy_dname - copy dentry name to data structure
48  * @dentry: pointer to dentry
49  * @data: nfs_unlinkdata
50  */
nfs_copy_dname(struct dentry * dentry,struct nfs_unlinkdata * data)51 static int nfs_copy_dname(struct dentry *dentry, struct nfs_unlinkdata *data)
52 {
53 	char		*str;
54 	int		len = dentry->d_name.len;
55 
56 	str = kmemdup(dentry->d_name.name, NAME_ALLOC_LEN(len), GFP_KERNEL);
57 	if (!str)
58 		return -ENOMEM;
59 	data->args.name.len = len;
60 	data->args.name.name = str;
61 	return 0;
62 }
63 
nfs_free_dname(struct nfs_unlinkdata * data)64 static void nfs_free_dname(struct nfs_unlinkdata *data)
65 {
66 	kfree(data->args.name.name);
67 	data->args.name.name = NULL;
68 	data->args.name.len = 0;
69 }
70 
nfs_dec_sillycount(struct inode * dir)71 static void nfs_dec_sillycount(struct inode *dir)
72 {
73 	struct nfs_inode *nfsi = NFS_I(dir);
74 	if (atomic_dec_return(&nfsi->silly_count) == 1)
75 		wake_up(&nfsi->waitqueue);
76 }
77 
78 /**
79  * nfs_async_unlink_done - Sillydelete post-processing
80  * @task: rpc_task of the sillydelete
81  *
82  * Do the directory attribute update.
83  */
nfs_async_unlink_done(struct rpc_task * task,void * calldata)84 static void nfs_async_unlink_done(struct rpc_task *task, void *calldata)
85 {
86 	struct nfs_unlinkdata *data = calldata;
87 	struct inode *dir = data->dir;
88 
89 	if (!NFS_PROTO(dir)->unlink_done(task, dir))
90 		nfs_restart_rpc(task, NFS_SERVER(dir)->nfs_client);
91 }
92 
93 /**
94  * nfs_async_unlink_release - Release the sillydelete data.
95  * @task: rpc_task of the sillydelete
96  *
97  * We need to call nfs_put_unlinkdata as a 'tk_release' task since the
98  * rpc_task would be freed too.
99  */
nfs_async_unlink_release(void * calldata)100 static void nfs_async_unlink_release(void *calldata)
101 {
102 	struct nfs_unlinkdata	*data = calldata;
103 	struct super_block *sb = data->dir->i_sb;
104 
105 	nfs_dec_sillycount(data->dir);
106 	nfs_free_unlinkdata(data);
107 	nfs_sb_deactive(sb);
108 }
109 
110 #if defined(CONFIG_NFS_V4_1)
nfs_unlink_prepare(struct rpc_task * task,void * calldata)111 void nfs_unlink_prepare(struct rpc_task *task, void *calldata)
112 {
113 	struct nfs_unlinkdata *data = calldata;
114 	struct nfs_server *server = NFS_SERVER(data->dir);
115 
116 	if (nfs4_setup_sequence(server, &data->args.seq_args,
117 				&data->res.seq_res, 1, task))
118 		return;
119 	rpc_call_start(task);
120 }
121 #endif /* CONFIG_NFS_V4_1 */
122 
123 static const struct rpc_call_ops nfs_unlink_ops = {
124 	.rpc_call_done = nfs_async_unlink_done,
125 	.rpc_release = nfs_async_unlink_release,
126 #if defined(CONFIG_NFS_V4_1)
127 	.rpc_call_prepare = nfs_unlink_prepare,
128 #endif /* CONFIG_NFS_V4_1 */
129 };
130 
nfs_do_call_unlink(struct dentry * parent,struct inode * dir,struct nfs_unlinkdata * data)131 static int nfs_do_call_unlink(struct dentry *parent, struct inode *dir, struct nfs_unlinkdata *data)
132 {
133 	struct rpc_message msg = {
134 		.rpc_argp = &data->args,
135 		.rpc_resp = &data->res,
136 		.rpc_cred = data->cred,
137 	};
138 	struct rpc_task_setup task_setup_data = {
139 		.rpc_message = &msg,
140 		.callback_ops = &nfs_unlink_ops,
141 		.callback_data = data,
142 		.workqueue = nfsiod_workqueue,
143 		.flags = RPC_TASK_ASYNC,
144 	};
145 	struct rpc_task *task;
146 	struct dentry *alias;
147 
148 	alias = d_lookup(parent, &data->args.name);
149 	if (alias != NULL) {
150 		int ret = 0;
151 		void *devname_garbage = NULL;
152 
153 		/*
154 		 * Hey, we raced with lookup... See if we need to transfer
155 		 * the sillyrename information to the aliased dentry.
156 		 */
157 		nfs_free_dname(data);
158 		spin_lock(&alias->d_lock);
159 		if (alias->d_inode != NULL &&
160 		    !(alias->d_flags & DCACHE_NFSFS_RENAMED)) {
161 			devname_garbage = alias->d_fsdata;
162 			alias->d_fsdata = data;
163 			alias->d_flags |= DCACHE_NFSFS_RENAMED;
164 			ret = 1;
165 		}
166 		spin_unlock(&alias->d_lock);
167 		nfs_dec_sillycount(dir);
168 		dput(alias);
169 		/*
170 		 * If we'd displaced old cached devname, free it.  At that
171 		 * point dentry is definitely not a root, so we won't need
172 		 * that anymore.
173 		 */
174 		if (devname_garbage)
175 			kfree(devname_garbage);
176 		return ret;
177 	}
178 	data->dir = igrab(dir);
179 	if (!data->dir) {
180 		nfs_dec_sillycount(dir);
181 		return 0;
182 	}
183 	nfs_sb_active(dir->i_sb);
184 	data->args.fh = NFS_FH(dir);
185 	nfs_fattr_init(data->res.dir_attr);
186 
187 	NFS_PROTO(dir)->unlink_setup(&msg, dir);
188 
189 	task_setup_data.rpc_client = NFS_CLIENT(dir);
190 	task = rpc_run_task(&task_setup_data);
191 	if (!IS_ERR(task))
192 		rpc_put_task_async(task);
193 	return 1;
194 }
195 
nfs_call_unlink(struct dentry * dentry,struct nfs_unlinkdata * data)196 static int nfs_call_unlink(struct dentry *dentry, struct nfs_unlinkdata *data)
197 {
198 	struct dentry *parent;
199 	struct inode *dir;
200 	int ret = 0;
201 
202 
203 	parent = dget_parent(dentry);
204 	if (parent == NULL)
205 		goto out_free;
206 	dir = parent->d_inode;
207 	if (nfs_copy_dname(dentry, data) != 0)
208 		goto out_dput;
209 	/* Non-exclusive lock protects against concurrent lookup() calls */
210 	spin_lock(&dir->i_lock);
211 	if (atomic_inc_not_zero(&NFS_I(dir)->silly_count) == 0) {
212 		/* Deferred delete */
213 		hlist_add_head(&data->list, &NFS_I(dir)->silly_list);
214 		spin_unlock(&dir->i_lock);
215 		ret = 1;
216 		goto out_dput;
217 	}
218 	spin_unlock(&dir->i_lock);
219 	ret = nfs_do_call_unlink(parent, dir, data);
220 out_dput:
221 	dput(parent);
222 out_free:
223 	return ret;
224 }
225 
nfs_block_sillyrename(struct dentry * dentry)226 void nfs_block_sillyrename(struct dentry *dentry)
227 {
228 	struct nfs_inode *nfsi = NFS_I(dentry->d_inode);
229 
230 	wait_event(nfsi->waitqueue, atomic_cmpxchg(&nfsi->silly_count, 1, 0) == 1);
231 }
232 
nfs_unblock_sillyrename(struct dentry * dentry)233 void nfs_unblock_sillyrename(struct dentry *dentry)
234 {
235 	struct inode *dir = dentry->d_inode;
236 	struct nfs_inode *nfsi = NFS_I(dir);
237 	struct nfs_unlinkdata *data;
238 
239 	atomic_inc(&nfsi->silly_count);
240 	spin_lock(&dir->i_lock);
241 	while (!hlist_empty(&nfsi->silly_list)) {
242 		if (!atomic_inc_not_zero(&nfsi->silly_count))
243 			break;
244 		data = hlist_entry(nfsi->silly_list.first, struct nfs_unlinkdata, list);
245 		hlist_del(&data->list);
246 		spin_unlock(&dir->i_lock);
247 		if (nfs_do_call_unlink(dentry, dir, data) == 0)
248 			nfs_free_unlinkdata(data);
249 		spin_lock(&dir->i_lock);
250 	}
251 	spin_unlock(&dir->i_lock);
252 }
253 
254 /**
255  * nfs_async_unlink - asynchronous unlinking of a file
256  * @dir: parent directory of dentry
257  * @dentry: dentry to unlink
258  */
259 static int
nfs_async_unlink(struct inode * dir,struct dentry * dentry)260 nfs_async_unlink(struct inode *dir, struct dentry *dentry)
261 {
262 	struct nfs_unlinkdata *data;
263 	int status = -ENOMEM;
264 	void *devname_garbage = NULL;
265 
266 	data = kzalloc(sizeof(*data), GFP_KERNEL);
267 	if (data == NULL)
268 		goto out;
269 
270 	data->cred = rpc_lookup_cred();
271 	if (IS_ERR(data->cred)) {
272 		status = PTR_ERR(data->cred);
273 		goto out_free;
274 	}
275 	data->res.dir_attr = &data->dir_attr;
276 
277 	status = -EBUSY;
278 	spin_lock(&dentry->d_lock);
279 	if (dentry->d_flags & DCACHE_NFSFS_RENAMED)
280 		goto out_unlock;
281 	dentry->d_flags |= DCACHE_NFSFS_RENAMED;
282 	devname_garbage = dentry->d_fsdata;
283 	dentry->d_fsdata = data;
284 	spin_unlock(&dentry->d_lock);
285 	/*
286 	 * If we'd displaced old cached devname, free it.  At that
287 	 * point dentry is definitely not a root, so we won't need
288 	 * that anymore.
289 	 */
290 	if (devname_garbage)
291 		kfree(devname_garbage);
292 	return 0;
293 out_unlock:
294 	spin_unlock(&dentry->d_lock);
295 	put_rpccred(data->cred);
296 out_free:
297 	kfree(data);
298 out:
299 	return status;
300 }
301 
302 /**
303  * nfs_complete_unlink - Initialize completion of the sillydelete
304  * @dentry: dentry to delete
305  * @inode: inode
306  *
307  * Since we're most likely to be called by dentry_iput(), we
308  * only use the dentry to find the sillydelete. We then copy the name
309  * into the qstr.
310  */
311 void
nfs_complete_unlink(struct dentry * dentry,struct inode * inode)312 nfs_complete_unlink(struct dentry *dentry, struct inode *inode)
313 {
314 	struct nfs_unlinkdata	*data = NULL;
315 
316 	spin_lock(&dentry->d_lock);
317 	if (dentry->d_flags & DCACHE_NFSFS_RENAMED) {
318 		dentry->d_flags &= ~DCACHE_NFSFS_RENAMED;
319 		data = dentry->d_fsdata;
320 		dentry->d_fsdata = NULL;
321 	}
322 	spin_unlock(&dentry->d_lock);
323 
324 	if (data != NULL && (NFS_STALE(inode) || !nfs_call_unlink(dentry, data)))
325 		nfs_free_unlinkdata(data);
326 }
327 
328 /* Cancel a queued async unlink. Called when a sillyrename run fails. */
329 static void
nfs_cancel_async_unlink(struct dentry * dentry)330 nfs_cancel_async_unlink(struct dentry *dentry)
331 {
332 	spin_lock(&dentry->d_lock);
333 	if (dentry->d_flags & DCACHE_NFSFS_RENAMED) {
334 		struct nfs_unlinkdata *data = dentry->d_fsdata;
335 
336 		dentry->d_flags &= ~DCACHE_NFSFS_RENAMED;
337 		dentry->d_fsdata = NULL;
338 		spin_unlock(&dentry->d_lock);
339 		nfs_free_unlinkdata(data);
340 		return;
341 	}
342 	spin_unlock(&dentry->d_lock);
343 }
344 
345 struct nfs_renamedata {
346 	struct nfs_renameargs	args;
347 	struct nfs_renameres	res;
348 	struct rpc_cred		*cred;
349 	struct inode		*old_dir;
350 	struct dentry		*old_dentry;
351 	struct nfs_fattr	old_fattr;
352 	struct inode		*new_dir;
353 	struct dentry		*new_dentry;
354 	struct nfs_fattr	new_fattr;
355 };
356 
357 /**
358  * nfs_async_rename_done - Sillyrename post-processing
359  * @task: rpc_task of the sillyrename
360  * @calldata: nfs_renamedata for the sillyrename
361  *
362  * Do the directory attribute updates and the d_move
363  */
nfs_async_rename_done(struct rpc_task * task,void * calldata)364 static void nfs_async_rename_done(struct rpc_task *task, void *calldata)
365 {
366 	struct nfs_renamedata *data = calldata;
367 	struct inode *old_dir = data->old_dir;
368 	struct inode *new_dir = data->new_dir;
369 
370 	if (!NFS_PROTO(old_dir)->rename_done(task, old_dir, new_dir)) {
371 		nfs_restart_rpc(task, NFS_SERVER(old_dir)->nfs_client);
372 		return;
373 	}
374 
375 	if (task->tk_status != 0) {
376 		nfs_cancel_async_unlink(data->old_dentry);
377 		return;
378 	}
379 
380 	nfs_set_verifier(data->old_dentry, nfs_save_change_attribute(old_dir));
381 	d_move(data->old_dentry, data->new_dentry);
382 }
383 
384 /**
385  * nfs_async_rename_release - Release the sillyrename data.
386  * @calldata: the struct nfs_renamedata to be released
387  */
nfs_async_rename_release(void * calldata)388 static void nfs_async_rename_release(void *calldata)
389 {
390 	struct nfs_renamedata	*data = calldata;
391 	struct super_block *sb = data->old_dir->i_sb;
392 
393 	if (data->old_dentry->d_inode)
394 		nfs_mark_for_revalidate(data->old_dentry->d_inode);
395 
396 	dput(data->old_dentry);
397 	dput(data->new_dentry);
398 	iput(data->old_dir);
399 	iput(data->new_dir);
400 	nfs_sb_deactive(sb);
401 	put_rpccred(data->cred);
402 	kfree(data);
403 }
404 
405 #if defined(CONFIG_NFS_V4_1)
nfs_rename_prepare(struct rpc_task * task,void * calldata)406 static void nfs_rename_prepare(struct rpc_task *task, void *calldata)
407 {
408 	struct nfs_renamedata *data = calldata;
409 	struct nfs_server *server = NFS_SERVER(data->old_dir);
410 
411 	if (nfs4_setup_sequence(server, &data->args.seq_args,
412 				&data->res.seq_res, 1, task))
413 		return;
414 	rpc_call_start(task);
415 }
416 #endif /* CONFIG_NFS_V4_1 */
417 
418 static const struct rpc_call_ops nfs_rename_ops = {
419 	.rpc_call_done = nfs_async_rename_done,
420 	.rpc_release = nfs_async_rename_release,
421 #if defined(CONFIG_NFS_V4_1)
422 	.rpc_call_prepare = nfs_rename_prepare,
423 #endif /* CONFIG_NFS_V4_1 */
424 };
425 
426 /**
427  * nfs_async_rename - perform an asynchronous rename operation
428  * @old_dir: directory that currently holds the dentry to be renamed
429  * @new_dir: target directory for the rename
430  * @old_dentry: original dentry to be renamed
431  * @new_dentry: dentry to which the old_dentry should be renamed
432  *
433  * It's expected that valid references to the dentries and inodes are held
434  */
435 static struct rpc_task *
nfs_async_rename(struct inode * old_dir,struct inode * new_dir,struct dentry * old_dentry,struct dentry * new_dentry)436 nfs_async_rename(struct inode *old_dir, struct inode *new_dir,
437 		 struct dentry *old_dentry, struct dentry *new_dentry)
438 {
439 	struct nfs_renamedata *data;
440 	struct rpc_message msg = { };
441 	struct rpc_task_setup task_setup_data = {
442 		.rpc_message = &msg,
443 		.callback_ops = &nfs_rename_ops,
444 		.workqueue = nfsiod_workqueue,
445 		.rpc_client = NFS_CLIENT(old_dir),
446 		.flags = RPC_TASK_ASYNC,
447 	};
448 
449 	data = kzalloc(sizeof(*data), GFP_KERNEL);
450 	if (data == NULL)
451 		return ERR_PTR(-ENOMEM);
452 	task_setup_data.callback_data = data;
453 
454 	data->cred = rpc_lookup_cred();
455 	if (IS_ERR(data->cred)) {
456 		struct rpc_task *task = ERR_CAST(data->cred);
457 		kfree(data);
458 		return task;
459 	}
460 
461 	msg.rpc_argp = &data->args;
462 	msg.rpc_resp = &data->res;
463 	msg.rpc_cred = data->cred;
464 
465 	/* set up nfs_renamedata */
466 	data->old_dir = old_dir;
467 	ihold(old_dir);
468 	data->new_dir = new_dir;
469 	ihold(new_dir);
470 	data->old_dentry = dget(old_dentry);
471 	data->new_dentry = dget(new_dentry);
472 	nfs_fattr_init(&data->old_fattr);
473 	nfs_fattr_init(&data->new_fattr);
474 
475 	/* set up nfs_renameargs */
476 	data->args.old_dir = NFS_FH(old_dir);
477 	data->args.old_name = &old_dentry->d_name;
478 	data->args.new_dir = NFS_FH(new_dir);
479 	data->args.new_name = &new_dentry->d_name;
480 
481 	/* set up nfs_renameres */
482 	data->res.old_fattr = &data->old_fattr;
483 	data->res.new_fattr = &data->new_fattr;
484 
485 	nfs_sb_active(old_dir->i_sb);
486 
487 	NFS_PROTO(data->old_dir)->rename_setup(&msg, old_dir);
488 
489 	return rpc_run_task(&task_setup_data);
490 }
491 
492 /**
493  * nfs_sillyrename - Perform a silly-rename of a dentry
494  * @dir: inode of directory that contains dentry
495  * @dentry: dentry to be sillyrenamed
496  *
497  * NFSv2/3 is stateless and the server doesn't know when the client is
498  * holding a file open. To prevent application problems when a file is
499  * unlinked while it's still open, the client performs a "silly-rename".
500  * That is, it renames the file to a hidden file in the same directory,
501  * and only performs the unlink once the last reference to it is put.
502  *
503  * The final cleanup is done during dentry_iput.
504  */
505 int
nfs_sillyrename(struct inode * dir,struct dentry * dentry)506 nfs_sillyrename(struct inode *dir, struct dentry *dentry)
507 {
508 	static unsigned int sillycounter;
509 	const int      fileidsize  = sizeof(NFS_FILEID(dentry->d_inode))*2;
510 	const int      countersize = sizeof(sillycounter)*2;
511 	const int      slen        = sizeof(".nfs")+fileidsize+countersize-1;
512 	char           silly[slen+1];
513 	struct dentry *sdentry;
514 	struct rpc_task *task;
515 	int            error = -EIO;
516 
517 	dfprintk(VFS, "NFS: silly-rename(%s/%s, ct=%d)\n",
518 		dentry->d_parent->d_name.name, dentry->d_name.name,
519 		dentry->d_count);
520 	nfs_inc_stats(dir, NFSIOS_SILLYRENAME);
521 
522 	/*
523 	 * We don't allow a dentry to be silly-renamed twice.
524 	 */
525 	error = -EBUSY;
526 	if (dentry->d_flags & DCACHE_NFSFS_RENAMED)
527 		goto out;
528 
529 	sprintf(silly, ".nfs%*.*Lx",
530 		fileidsize, fileidsize,
531 		(unsigned long long)NFS_FILEID(dentry->d_inode));
532 
533 	/* Return delegation in anticipation of the rename */
534 	nfs_inode_return_delegation(dentry->d_inode);
535 
536 	sdentry = NULL;
537 	do {
538 		char *suffix = silly + slen - countersize;
539 
540 		dput(sdentry);
541 		sillycounter++;
542 		sprintf(suffix, "%*.*x", countersize, countersize, sillycounter);
543 
544 		dfprintk(VFS, "NFS: trying to rename %s to %s\n",
545 				dentry->d_name.name, silly);
546 
547 		sdentry = lookup_one_len(silly, dentry->d_parent, slen);
548 		/*
549 		 * N.B. Better to return EBUSY here ... it could be
550 		 * dangerous to delete the file while it's in use.
551 		 */
552 		if (IS_ERR(sdentry))
553 			goto out;
554 	} while (sdentry->d_inode != NULL); /* need negative lookup */
555 
556 	/* queue unlink first. Can't do this from rpc_release as it
557 	 * has to allocate memory
558 	 */
559 	error = nfs_async_unlink(dir, dentry);
560 	if (error)
561 		goto out_dput;
562 
563 	/* run the rename task, undo unlink if it fails */
564 	task = nfs_async_rename(dir, dir, dentry, sdentry);
565 	if (IS_ERR(task)) {
566 		error = -EBUSY;
567 		nfs_cancel_async_unlink(dentry);
568 		goto out_dput;
569 	}
570 
571 	/* wait for the RPC task to complete, unless a SIGKILL intervenes */
572 	error = rpc_wait_for_completion_task(task);
573 	if (error == 0)
574 		error = task->tk_status;
575 	rpc_put_task(task);
576 out_dput:
577 	dput(sdentry);
578 out:
579 	return error;
580 }
581