1 /*
2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
3 * All Rights Reserved.
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18 #include "xfs.h"
19 #include "xfs_fs.h"
20 #include "xfs_types.h"
21 #include "xfs_bit.h"
22 #include "xfs_log.h"
23 #include "xfs_inum.h"
24 #include "xfs_trans.h"
25 #include "xfs_sb.h"
26 #include "xfs_ag.h"
27 #include "xfs_mount.h"
28 #include "xfs_bmap_btree.h"
29 #include "xfs_dinode.h"
30 #include "xfs_inode.h"
31 #include "xfs_inode_item.h"
32 #include "xfs_bmap.h"
33 #include "xfs_itable.h"
34 #include "xfs_dfrag.h"
35 #include "xfs_error.h"
36 #include "xfs_vnodeops.h"
37 #include "xfs_trace.h"
38
39
40 static int xfs_swap_extents(
41 xfs_inode_t *ip, /* target inode */
42 xfs_inode_t *tip, /* tmp inode */
43 xfs_swapext_t *sxp);
44
45 /*
46 * ioctl interface for swapext
47 */
48 int
xfs_swapext(xfs_swapext_t * sxp)49 xfs_swapext(
50 xfs_swapext_t *sxp)
51 {
52 xfs_inode_t *ip, *tip;
53 struct file *file, *tmp_file;
54 int error = 0;
55
56 /* Pull information for the target fd */
57 file = fget((int)sxp->sx_fdtarget);
58 if (!file) {
59 error = XFS_ERROR(EINVAL);
60 goto out;
61 }
62
63 if (!(file->f_mode & FMODE_WRITE) ||
64 !(file->f_mode & FMODE_READ) ||
65 (file->f_flags & O_APPEND)) {
66 error = XFS_ERROR(EBADF);
67 goto out_put_file;
68 }
69
70 tmp_file = fget((int)sxp->sx_fdtmp);
71 if (!tmp_file) {
72 error = XFS_ERROR(EINVAL);
73 goto out_put_file;
74 }
75
76 if (!(tmp_file->f_mode & FMODE_WRITE) ||
77 !(tmp_file->f_mode & FMODE_READ) ||
78 (tmp_file->f_flags & O_APPEND)) {
79 error = XFS_ERROR(EBADF);
80 goto out_put_tmp_file;
81 }
82
83 if (IS_SWAPFILE(file->f_path.dentry->d_inode) ||
84 IS_SWAPFILE(tmp_file->f_path.dentry->d_inode)) {
85 error = XFS_ERROR(EINVAL);
86 goto out_put_tmp_file;
87 }
88
89 ip = XFS_I(file->f_path.dentry->d_inode);
90 tip = XFS_I(tmp_file->f_path.dentry->d_inode);
91
92 if (ip->i_mount != tip->i_mount) {
93 error = XFS_ERROR(EINVAL);
94 goto out_put_tmp_file;
95 }
96
97 if (ip->i_ino == tip->i_ino) {
98 error = XFS_ERROR(EINVAL);
99 goto out_put_tmp_file;
100 }
101
102 if (XFS_FORCED_SHUTDOWN(ip->i_mount)) {
103 error = XFS_ERROR(EIO);
104 goto out_put_tmp_file;
105 }
106
107 error = xfs_swap_extents(ip, tip, sxp);
108
109 out_put_tmp_file:
110 fput(tmp_file);
111 out_put_file:
112 fput(file);
113 out:
114 return error;
115 }
116
117 /*
118 * We need to check that the format of the data fork in the temporary inode is
119 * valid for the target inode before doing the swap. This is not a problem with
120 * attr1 because of the fixed fork offset, but attr2 has a dynamically sized
121 * data fork depending on the space the attribute fork is taking so we can get
122 * invalid formats on the target inode.
123 *
124 * E.g. target has space for 7 extents in extent format, temp inode only has
125 * space for 6. If we defragment down to 7 extents, then the tmp format is a
126 * btree, but when swapped it needs to be in extent format. Hence we can't just
127 * blindly swap data forks on attr2 filesystems.
128 *
129 * Note that we check the swap in both directions so that we don't end up with
130 * a corrupt temporary inode, either.
131 *
132 * Note that fixing the way xfs_fsr sets up the attribute fork in the source
133 * inode will prevent this situation from occurring, so all we do here is
134 * reject and log the attempt. basically we are putting the responsibility on
135 * userspace to get this right.
136 */
137 static int
xfs_swap_extents_check_format(xfs_inode_t * ip,xfs_inode_t * tip)138 xfs_swap_extents_check_format(
139 xfs_inode_t *ip, /* target inode */
140 xfs_inode_t *tip) /* tmp inode */
141 {
142
143 /* Should never get a local format */
144 if (ip->i_d.di_format == XFS_DINODE_FMT_LOCAL ||
145 tip->i_d.di_format == XFS_DINODE_FMT_LOCAL)
146 return EINVAL;
147
148 /*
149 * if the target inode has less extents that then temporary inode then
150 * why did userspace call us?
151 */
152 if (ip->i_d.di_nextents < tip->i_d.di_nextents)
153 return EINVAL;
154
155 /*
156 * if the target inode is in extent form and the temp inode is in btree
157 * form then we will end up with the target inode in the wrong format
158 * as we already know there are less extents in the temp inode.
159 */
160 if (ip->i_d.di_format == XFS_DINODE_FMT_EXTENTS &&
161 tip->i_d.di_format == XFS_DINODE_FMT_BTREE)
162 return EINVAL;
163
164 /* Check temp in extent form to max in target */
165 if (tip->i_d.di_format == XFS_DINODE_FMT_EXTENTS &&
166 XFS_IFORK_NEXTENTS(tip, XFS_DATA_FORK) > ip->i_df.if_ext_max)
167 return EINVAL;
168
169 /* Check target in extent form to max in temp */
170 if (ip->i_d.di_format == XFS_DINODE_FMT_EXTENTS &&
171 XFS_IFORK_NEXTENTS(ip, XFS_DATA_FORK) > tip->i_df.if_ext_max)
172 return EINVAL;
173
174 /*
175 * If we are in a btree format, check that the temp root block will fit
176 * in the target and that it has enough extents to be in btree format
177 * in the target.
178 *
179 * Note that we have to be careful to allow btree->extent conversions
180 * (a common defrag case) which will occur when the temp inode is in
181 * extent format...
182 */
183 if (tip->i_d.di_format == XFS_DINODE_FMT_BTREE &&
184 ((XFS_IFORK_BOFF(ip) &&
185 tip->i_df.if_broot_bytes > XFS_IFORK_BOFF(ip)) ||
186 XFS_IFORK_NEXTENTS(tip, XFS_DATA_FORK) <= ip->i_df.if_ext_max))
187 return EINVAL;
188
189 /* Reciprocal target->temp btree format checks */
190 if (ip->i_d.di_format == XFS_DINODE_FMT_BTREE &&
191 ((XFS_IFORK_BOFF(tip) &&
192 ip->i_df.if_broot_bytes > XFS_IFORK_BOFF(tip)) ||
193 XFS_IFORK_NEXTENTS(ip, XFS_DATA_FORK) <= tip->i_df.if_ext_max))
194 return EINVAL;
195
196 return 0;
197 }
198
199 static int
xfs_swap_extents(xfs_inode_t * ip,xfs_inode_t * tip,xfs_swapext_t * sxp)200 xfs_swap_extents(
201 xfs_inode_t *ip, /* target inode */
202 xfs_inode_t *tip, /* tmp inode */
203 xfs_swapext_t *sxp)
204 {
205 xfs_mount_t *mp;
206 xfs_trans_t *tp;
207 xfs_bstat_t *sbp = &sxp->sx_stat;
208 xfs_ifork_t *tempifp, *ifp, *tifp;
209 int ilf_fields, tilf_fields;
210 int error = 0;
211 int aforkblks = 0;
212 int taforkblks = 0;
213 __uint64_t tmp;
214
215 mp = ip->i_mount;
216
217 tempifp = kmem_alloc(sizeof(xfs_ifork_t), KM_MAYFAIL);
218 if (!tempifp) {
219 error = XFS_ERROR(ENOMEM);
220 goto out;
221 }
222
223 sbp = &sxp->sx_stat;
224
225 /*
226 * we have to do two separate lock calls here to keep lockdep
227 * happy. If we try to get all the locks in one call, lock will
228 * report false positives when we drop the ILOCK and regain them
229 * below.
230 */
231 xfs_lock_two_inodes(ip, tip, XFS_IOLOCK_EXCL);
232 xfs_lock_two_inodes(ip, tip, XFS_ILOCK_EXCL);
233
234 /* Verify that both files have the same format */
235 if ((ip->i_d.di_mode & S_IFMT) != (tip->i_d.di_mode & S_IFMT)) {
236 error = XFS_ERROR(EINVAL);
237 goto out_unlock;
238 }
239
240 /* Verify both files are either real-time or non-realtime */
241 if (XFS_IS_REALTIME_INODE(ip) != XFS_IS_REALTIME_INODE(tip)) {
242 error = XFS_ERROR(EINVAL);
243 goto out_unlock;
244 }
245
246 if (VN_CACHED(VFS_I(tip)) != 0) {
247 error = xfs_flushinval_pages(tip, 0, -1,
248 FI_REMAPF_LOCKED);
249 if (error)
250 goto out_unlock;
251 }
252
253 /* Verify O_DIRECT for ftmp */
254 if (VN_CACHED(VFS_I(tip)) != 0) {
255 error = XFS_ERROR(EINVAL);
256 goto out_unlock;
257 }
258
259 /* Verify all data are being swapped */
260 if (sxp->sx_offset != 0 ||
261 sxp->sx_length != ip->i_d.di_size ||
262 sxp->sx_length != tip->i_d.di_size) {
263 error = XFS_ERROR(EFAULT);
264 goto out_unlock;
265 }
266
267 trace_xfs_swap_extent_before(ip, 0);
268 trace_xfs_swap_extent_before(tip, 1);
269
270 /* check inode formats now that data is flushed */
271 error = xfs_swap_extents_check_format(ip, tip);
272 if (error) {
273 xfs_notice(mp,
274 "%s: inode 0x%llx format is incompatible for exchanging.",
275 __func__, ip->i_ino);
276 goto out_unlock;
277 }
278
279 /*
280 * Compare the current change & modify times with that
281 * passed in. If they differ, we abort this swap.
282 * This is the mechanism used to ensure the calling
283 * process that the file was not changed out from
284 * under it.
285 */
286 if ((sbp->bs_ctime.tv_sec != VFS_I(ip)->i_ctime.tv_sec) ||
287 (sbp->bs_ctime.tv_nsec != VFS_I(ip)->i_ctime.tv_nsec) ||
288 (sbp->bs_mtime.tv_sec != VFS_I(ip)->i_mtime.tv_sec) ||
289 (sbp->bs_mtime.tv_nsec != VFS_I(ip)->i_mtime.tv_nsec)) {
290 error = XFS_ERROR(EBUSY);
291 goto out_unlock;
292 }
293
294 /* We need to fail if the file is memory mapped. Once we have tossed
295 * all existing pages, the page fault will have no option
296 * but to go to the filesystem for pages. By making the page fault call
297 * vop_read (or write in the case of autogrow) they block on the iolock
298 * until we have switched the extents.
299 */
300 if (VN_MAPPED(VFS_I(ip))) {
301 error = XFS_ERROR(EBUSY);
302 goto out_unlock;
303 }
304
305 xfs_iunlock(ip, XFS_ILOCK_EXCL);
306 xfs_iunlock(tip, XFS_ILOCK_EXCL);
307
308 /*
309 * There is a race condition here since we gave up the
310 * ilock. However, the data fork will not change since
311 * we have the iolock (locked for truncation too) so we
312 * are safe. We don't really care if non-io related
313 * fields change.
314 */
315
316 xfs_tosspages(ip, 0, -1, FI_REMAPF);
317
318 tp = xfs_trans_alloc(mp, XFS_TRANS_SWAPEXT);
319 if ((error = xfs_trans_reserve(tp, 0,
320 XFS_ICHANGE_LOG_RES(mp), 0,
321 0, 0))) {
322 xfs_iunlock(ip, XFS_IOLOCK_EXCL);
323 xfs_iunlock(tip, XFS_IOLOCK_EXCL);
324 xfs_trans_cancel(tp, 0);
325 goto out;
326 }
327 xfs_lock_two_inodes(ip, tip, XFS_ILOCK_EXCL);
328
329 /*
330 * Count the number of extended attribute blocks
331 */
332 if ( ((XFS_IFORK_Q(ip) != 0) && (ip->i_d.di_anextents > 0)) &&
333 (ip->i_d.di_aformat != XFS_DINODE_FMT_LOCAL)) {
334 error = xfs_bmap_count_blocks(tp, ip, XFS_ATTR_FORK, &aforkblks);
335 if (error)
336 goto out_trans_cancel;
337 }
338 if ( ((XFS_IFORK_Q(tip) != 0) && (tip->i_d.di_anextents > 0)) &&
339 (tip->i_d.di_aformat != XFS_DINODE_FMT_LOCAL)) {
340 error = xfs_bmap_count_blocks(tp, tip, XFS_ATTR_FORK,
341 &taforkblks);
342 if (error)
343 goto out_trans_cancel;
344 }
345
346 /*
347 * Swap the data forks of the inodes
348 */
349 ifp = &ip->i_df;
350 tifp = &tip->i_df;
351 *tempifp = *ifp; /* struct copy */
352 *ifp = *tifp; /* struct copy */
353 *tifp = *tempifp; /* struct copy */
354
355 /*
356 * Fix the in-memory data fork values that are dependent on the fork
357 * offset in the inode. We can't assume they remain the same as attr2
358 * has dynamic fork offsets.
359 */
360 ifp->if_ext_max = XFS_IFORK_SIZE(ip, XFS_DATA_FORK) /
361 (uint)sizeof(xfs_bmbt_rec_t);
362 tifp->if_ext_max = XFS_IFORK_SIZE(tip, XFS_DATA_FORK) /
363 (uint)sizeof(xfs_bmbt_rec_t);
364
365 /*
366 * Fix the on-disk inode values
367 */
368 tmp = (__uint64_t)ip->i_d.di_nblocks;
369 ip->i_d.di_nblocks = tip->i_d.di_nblocks - taforkblks + aforkblks;
370 tip->i_d.di_nblocks = tmp + taforkblks - aforkblks;
371
372 tmp = (__uint64_t) ip->i_d.di_nextents;
373 ip->i_d.di_nextents = tip->i_d.di_nextents;
374 tip->i_d.di_nextents = tmp;
375
376 tmp = (__uint64_t) ip->i_d.di_format;
377 ip->i_d.di_format = tip->i_d.di_format;
378 tip->i_d.di_format = tmp;
379
380 /*
381 * The extents in the source inode could still contain speculative
382 * preallocation beyond EOF (e.g. the file is open but not modified
383 * while defrag is in progress). In that case, we need to copy over the
384 * number of delalloc blocks the data fork in the source inode is
385 * tracking beyond EOF so that when the fork is truncated away when the
386 * temporary inode is unlinked we don't underrun the i_delayed_blks
387 * counter on that inode.
388 */
389 ASSERT(tip->i_delayed_blks == 0);
390 tip->i_delayed_blks = ip->i_delayed_blks;
391 ip->i_delayed_blks = 0;
392
393 ilf_fields = XFS_ILOG_CORE;
394
395 switch(ip->i_d.di_format) {
396 case XFS_DINODE_FMT_EXTENTS:
397 /* If the extents fit in the inode, fix the
398 * pointer. Otherwise it's already NULL or
399 * pointing to the extent.
400 */
401 if (ip->i_d.di_nextents <= XFS_INLINE_EXTS) {
402 ifp->if_u1.if_extents =
403 ifp->if_u2.if_inline_ext;
404 }
405 ilf_fields |= XFS_ILOG_DEXT;
406 break;
407 case XFS_DINODE_FMT_BTREE:
408 ilf_fields |= XFS_ILOG_DBROOT;
409 break;
410 }
411
412 tilf_fields = XFS_ILOG_CORE;
413
414 switch(tip->i_d.di_format) {
415 case XFS_DINODE_FMT_EXTENTS:
416 /* If the extents fit in the inode, fix the
417 * pointer. Otherwise it's already NULL or
418 * pointing to the extent.
419 */
420 if (tip->i_d.di_nextents <= XFS_INLINE_EXTS) {
421 tifp->if_u1.if_extents =
422 tifp->if_u2.if_inline_ext;
423 }
424 tilf_fields |= XFS_ILOG_DEXT;
425 break;
426 case XFS_DINODE_FMT_BTREE:
427 tilf_fields |= XFS_ILOG_DBROOT;
428 break;
429 }
430
431
432 xfs_trans_ijoin_ref(tp, ip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
433 xfs_trans_ijoin_ref(tp, tip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
434
435 xfs_trans_log_inode(tp, ip, ilf_fields);
436 xfs_trans_log_inode(tp, tip, tilf_fields);
437
438 /*
439 * If this is a synchronous mount, make sure that the
440 * transaction goes to disk before returning to the user.
441 */
442 if (mp->m_flags & XFS_MOUNT_WSYNC)
443 xfs_trans_set_sync(tp);
444
445 error = xfs_trans_commit(tp, XFS_TRANS_SWAPEXT);
446
447 trace_xfs_swap_extent_after(ip, 0);
448 trace_xfs_swap_extent_after(tip, 1);
449 out:
450 kmem_free(tempifp);
451 return error;
452
453 out_unlock:
454 xfs_iunlock(ip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
455 xfs_iunlock(tip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
456 goto out;
457
458 out_trans_cancel:
459 xfs_trans_cancel(tp, 0);
460 goto out_unlock;
461 }
462