1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  linux/fs/nfs/unlink.c
4  *
5  * nfs sillydelete handling
6  *
7  */
8 
9 #include <linux/slab.h>
10 #include <linux/string.h>
11 #include <linux/dcache.h>
12 #include <linux/sunrpc/sched.h>
13 #include <linux/sunrpc/clnt.h>
14 #include <linux/nfs_fs.h>
15 #include <linux/sched.h>
16 #include <linux/wait.h>
17 #include <linux/namei.h>
18 #include <linux/fsnotify.h>
19 
20 #include "internal.h"
21 #include "nfs4_fs.h"
22 #include "iostat.h"
23 #include "delegation.h"
24 
25 #include "nfstrace.h"
26 
27 /**
28  * nfs_free_unlinkdata - release data from a sillydelete operation.
29  * @data: pointer to unlink structure.
30  */
31 static void
nfs_free_unlinkdata(struct nfs_unlinkdata * data)32 nfs_free_unlinkdata(struct nfs_unlinkdata *data)
33 {
34 	put_cred(data->cred);
35 	kfree(data->args.name.name);
36 	kfree(data);
37 }
38 
39 /**
40  * nfs_async_unlink_done - Sillydelete post-processing
41  * @task: rpc_task of the sillydelete
42  * @calldata: pointer to nfs_unlinkdata
43  *
44  * Do the directory attribute update.
45  */
nfs_async_unlink_done(struct rpc_task * task,void * calldata)46 static void nfs_async_unlink_done(struct rpc_task *task, void *calldata)
47 {
48 	struct nfs_unlinkdata *data = calldata;
49 	struct inode *dir = d_inode(data->dentry->d_parent);
50 
51 	trace_nfs_sillyrename_unlink(data, task->tk_status);
52 	if (!NFS_PROTO(dir)->unlink_done(task, dir))
53 		rpc_restart_call_prepare(task);
54 }
55 
56 /**
57  * nfs_async_unlink_release - Release the sillydelete data.
58  * @calldata: struct nfs_unlinkdata to release
59  *
60  * We need to call nfs_put_unlinkdata as a 'tk_release' task since the
61  * rpc_task would be freed too.
62  */
nfs_async_unlink_release(void * calldata)63 static void nfs_async_unlink_release(void *calldata)
64 {
65 	struct nfs_unlinkdata	*data = calldata;
66 	struct dentry *dentry = data->dentry;
67 	struct super_block *sb = dentry->d_sb;
68 
69 	up_read_non_owner(&NFS_I(d_inode(dentry->d_parent))->rmdir_sem);
70 	d_lookup_done(dentry);
71 	nfs_free_unlinkdata(data);
72 	dput(dentry);
73 	nfs_sb_deactive(sb);
74 }
75 
nfs_unlink_prepare(struct rpc_task * task,void * calldata)76 static void nfs_unlink_prepare(struct rpc_task *task, void *calldata)
77 {
78 	struct nfs_unlinkdata *data = calldata;
79 	struct inode *dir = d_inode(data->dentry->d_parent);
80 	NFS_PROTO(dir)->unlink_rpc_prepare(task, data);
81 }
82 
83 static const struct rpc_call_ops nfs_unlink_ops = {
84 	.rpc_call_done = nfs_async_unlink_done,
85 	.rpc_release = nfs_async_unlink_release,
86 	.rpc_call_prepare = nfs_unlink_prepare,
87 };
88 
nfs_do_call_unlink(struct inode * inode,struct nfs_unlinkdata * data)89 static void nfs_do_call_unlink(struct inode *inode, struct nfs_unlinkdata *data)
90 {
91 	struct rpc_message msg = {
92 		.rpc_argp = &data->args,
93 		.rpc_resp = &data->res,
94 		.rpc_cred = data->cred,
95 	};
96 	struct rpc_task_setup task_setup_data = {
97 		.rpc_message = &msg,
98 		.callback_ops = &nfs_unlink_ops,
99 		.callback_data = data,
100 		.workqueue = nfsiod_workqueue,
101 		.flags = RPC_TASK_ASYNC | RPC_TASK_CRED_NOREF,
102 	};
103 	struct rpc_task *task;
104 	struct inode *dir = d_inode(data->dentry->d_parent);
105 
106 	if (nfs_server_capable(inode, NFS_CAP_MOVEABLE))
107 		task_setup_data.flags |= RPC_TASK_MOVEABLE;
108 
109 	nfs_sb_active(dir->i_sb);
110 	data->args.fh = NFS_FH(dir);
111 	nfs_fattr_init(data->res.dir_attr);
112 
113 	NFS_PROTO(dir)->unlink_setup(&msg, data->dentry, inode);
114 
115 	task_setup_data.rpc_client = NFS_CLIENT(dir);
116 	task = rpc_run_task(&task_setup_data);
117 	if (!IS_ERR(task))
118 		rpc_put_task_async(task);
119 }
120 
nfs_call_unlink(struct dentry * dentry,struct inode * inode,struct nfs_unlinkdata * data)121 static int nfs_call_unlink(struct dentry *dentry, struct inode *inode, struct nfs_unlinkdata *data)
122 {
123 	struct inode *dir = d_inode(dentry->d_parent);
124 	struct dentry *alias;
125 
126 	down_read_non_owner(&NFS_I(dir)->rmdir_sem);
127 	alias = d_alloc_parallel(dentry->d_parent, &data->args.name, &data->wq);
128 	if (IS_ERR(alias)) {
129 		up_read_non_owner(&NFS_I(dir)->rmdir_sem);
130 		return 0;
131 	}
132 	if (!d_in_lookup(alias)) {
133 		int ret;
134 		void *devname_garbage = NULL;
135 
136 		/*
137 		 * Hey, we raced with lookup... See if we need to transfer
138 		 * the sillyrename information to the aliased dentry.
139 		 */
140 		spin_lock(&alias->d_lock);
141 		if (d_really_is_positive(alias) &&
142 		    !nfs_compare_fh(NFS_FH(inode), NFS_FH(d_inode(alias))) &&
143 		    !(alias->d_flags & DCACHE_NFSFS_RENAMED)) {
144 			devname_garbage = alias->d_fsdata;
145 			alias->d_fsdata = data;
146 			alias->d_flags |= DCACHE_NFSFS_RENAMED;
147 			ret = 1;
148 		} else
149 			ret = 0;
150 		spin_unlock(&alias->d_lock);
151 		dput(alias);
152 		up_read_non_owner(&NFS_I(dir)->rmdir_sem);
153 		/*
154 		 * If we'd displaced old cached devname, free it.  At that
155 		 * point dentry is definitely not a root, so we won't need
156 		 * that anymore.
157 		 */
158 		kfree(devname_garbage);
159 		return ret;
160 	}
161 	data->dentry = alias;
162 	nfs_do_call_unlink(inode, data);
163 	return 1;
164 }
165 
166 /**
167  * nfs_async_unlink - asynchronous unlinking of a file
168  * @dentry: parent directory of dentry
169  * @name: name of dentry to unlink
170  */
171 static int
nfs_async_unlink(struct dentry * dentry,const struct qstr * name)172 nfs_async_unlink(struct dentry *dentry, const struct qstr *name)
173 {
174 	struct nfs_unlinkdata *data;
175 	int status = -ENOMEM;
176 	void *devname_garbage = NULL;
177 
178 	data = kzalloc(sizeof(*data), GFP_KERNEL);
179 	if (data == NULL)
180 		goto out;
181 	data->args.name.name = kstrdup(name->name, GFP_KERNEL);
182 	if (!data->args.name.name)
183 		goto out_free;
184 	data->args.name.len = name->len;
185 
186 	data->cred = get_current_cred();
187 	data->res.dir_attr = &data->dir_attr;
188 	init_waitqueue_head(&data->wq);
189 
190 	status = -EBUSY;
191 	spin_lock(&dentry->d_lock);
192 	if (dentry->d_flags & DCACHE_NFSFS_RENAMED)
193 		goto out_unlock;
194 	dentry->d_flags |= DCACHE_NFSFS_RENAMED;
195 	devname_garbage = dentry->d_fsdata;
196 	dentry->d_fsdata = data;
197 	spin_unlock(&dentry->d_lock);
198 	/*
199 	 * If we'd displaced old cached devname, free it.  At that
200 	 * point dentry is definitely not a root, so we won't need
201 	 * that anymore.
202 	 */
203 	kfree(devname_garbage);
204 	return 0;
205 out_unlock:
206 	spin_unlock(&dentry->d_lock);
207 	put_cred(data->cred);
208 	kfree(data->args.name.name);
209 out_free:
210 	kfree(data);
211 out:
212 	return status;
213 }
214 
215 /**
216  * nfs_complete_unlink - Initialize completion of the sillydelete
217  * @dentry: dentry to delete
218  * @inode: inode
219  *
220  * Since we're most likely to be called by dentry_iput(), we
221  * only use the dentry to find the sillydelete. We then copy the name
222  * into the qstr.
223  */
224 void
nfs_complete_unlink(struct dentry * dentry,struct inode * inode)225 nfs_complete_unlink(struct dentry *dentry, struct inode *inode)
226 {
227 	struct nfs_unlinkdata	*data;
228 
229 	spin_lock(&dentry->d_lock);
230 	dentry->d_flags &= ~DCACHE_NFSFS_RENAMED;
231 	data = dentry->d_fsdata;
232 	dentry->d_fsdata = NULL;
233 	spin_unlock(&dentry->d_lock);
234 
235 	NFS_PROTO(inode)->return_delegation(inode);
236 
237 	if (NFS_STALE(inode) || !nfs_call_unlink(dentry, inode, data))
238 		nfs_free_unlinkdata(data);
239 }
240 
241 /* Cancel a queued async unlink. Called when a sillyrename run fails. */
242 static void
nfs_cancel_async_unlink(struct dentry * dentry)243 nfs_cancel_async_unlink(struct dentry *dentry)
244 {
245 	spin_lock(&dentry->d_lock);
246 	if (dentry->d_flags & DCACHE_NFSFS_RENAMED) {
247 		struct nfs_unlinkdata *data = dentry->d_fsdata;
248 
249 		dentry->d_flags &= ~DCACHE_NFSFS_RENAMED;
250 		dentry->d_fsdata = NULL;
251 		spin_unlock(&dentry->d_lock);
252 		nfs_free_unlinkdata(data);
253 		return;
254 	}
255 	spin_unlock(&dentry->d_lock);
256 }
257 
258 /**
259  * nfs_async_rename_done - Sillyrename post-processing
260  * @task: rpc_task of the sillyrename
261  * @calldata: nfs_renamedata for the sillyrename
262  *
263  * Do the directory attribute updates and the d_move
264  */
nfs_async_rename_done(struct rpc_task * task,void * calldata)265 static void nfs_async_rename_done(struct rpc_task *task, void *calldata)
266 {
267 	struct nfs_renamedata *data = calldata;
268 	struct inode *old_dir = data->old_dir;
269 	struct inode *new_dir = data->new_dir;
270 	struct dentry *old_dentry = data->old_dentry;
271 
272 	trace_nfs_async_rename_done(old_dir, old_dentry,
273 			new_dir, data->new_dentry, task->tk_status);
274 	if (!NFS_PROTO(old_dir)->rename_done(task, old_dir, new_dir)) {
275 		rpc_restart_call_prepare(task);
276 		return;
277 	}
278 
279 	if (data->complete)
280 		data->complete(task, data);
281 }
282 
283 /**
284  * nfs_async_rename_release - Release the sillyrename data.
285  * @calldata: the struct nfs_renamedata to be released
286  */
nfs_async_rename_release(void * calldata)287 static void nfs_async_rename_release(void *calldata)
288 {
289 	struct nfs_renamedata	*data = calldata;
290 	struct super_block *sb = data->old_dir->i_sb;
291 
292 	if (d_really_is_positive(data->old_dentry))
293 		nfs_mark_for_revalidate(d_inode(data->old_dentry));
294 
295 	/* The result of the rename is unknown. Play it safe by
296 	 * forcing a new lookup */
297 	if (data->cancelled) {
298 		spin_lock(&data->old_dir->i_lock);
299 		nfs_force_lookup_revalidate(data->old_dir);
300 		spin_unlock(&data->old_dir->i_lock);
301 		if (data->new_dir != data->old_dir) {
302 			spin_lock(&data->new_dir->i_lock);
303 			nfs_force_lookup_revalidate(data->new_dir);
304 			spin_unlock(&data->new_dir->i_lock);
305 		}
306 	}
307 
308 	dput(data->old_dentry);
309 	dput(data->new_dentry);
310 	iput(data->old_dir);
311 	iput(data->new_dir);
312 	nfs_sb_deactive(sb);
313 	put_cred(data->cred);
314 	kfree(data);
315 }
316 
nfs_rename_prepare(struct rpc_task * task,void * calldata)317 static void nfs_rename_prepare(struct rpc_task *task, void *calldata)
318 {
319 	struct nfs_renamedata *data = calldata;
320 	NFS_PROTO(data->old_dir)->rename_rpc_prepare(task, data);
321 }
322 
323 static const struct rpc_call_ops nfs_rename_ops = {
324 	.rpc_call_done = nfs_async_rename_done,
325 	.rpc_release = nfs_async_rename_release,
326 	.rpc_call_prepare = nfs_rename_prepare,
327 };
328 
329 /**
330  * nfs_async_rename - perform an asynchronous rename operation
331  * @old_dir: directory that currently holds the dentry to be renamed
332  * @new_dir: target directory for the rename
333  * @old_dentry: original dentry to be renamed
334  * @new_dentry: dentry to which the old_dentry should be renamed
335  * @complete: Function to run on successful completion
336  *
337  * It's expected that valid references to the dentries and inodes are held
338  */
339 struct rpc_task *
nfs_async_rename(struct inode * old_dir,struct inode * new_dir,struct dentry * old_dentry,struct dentry * new_dentry,void (* complete)(struct rpc_task *,struct nfs_renamedata *))340 nfs_async_rename(struct inode *old_dir, struct inode *new_dir,
341 		 struct dentry *old_dentry, struct dentry *new_dentry,
342 		 void (*complete)(struct rpc_task *, struct nfs_renamedata *))
343 {
344 	struct nfs_renamedata *data;
345 	struct rpc_message msg = { };
346 	struct rpc_task_setup task_setup_data = {
347 		.rpc_message = &msg,
348 		.callback_ops = &nfs_rename_ops,
349 		.workqueue = nfsiod_workqueue,
350 		.rpc_client = NFS_CLIENT(old_dir),
351 		.flags = RPC_TASK_ASYNC | RPC_TASK_CRED_NOREF,
352 	};
353 
354 	if (nfs_server_capable(old_dir, NFS_CAP_MOVEABLE) &&
355 	    nfs_server_capable(new_dir, NFS_CAP_MOVEABLE))
356 		task_setup_data.flags |= RPC_TASK_MOVEABLE;
357 
358 	data = kzalloc(sizeof(*data), GFP_KERNEL);
359 	if (data == NULL)
360 		return ERR_PTR(-ENOMEM);
361 	task_setup_data.task = &data->task;
362 	task_setup_data.callback_data = data;
363 
364 	data->cred = get_current_cred();
365 
366 	msg.rpc_argp = &data->args;
367 	msg.rpc_resp = &data->res;
368 	msg.rpc_cred = data->cred;
369 
370 	/* set up nfs_renamedata */
371 	data->old_dir = old_dir;
372 	ihold(old_dir);
373 	data->new_dir = new_dir;
374 	ihold(new_dir);
375 	data->old_dentry = dget(old_dentry);
376 	data->new_dentry = dget(new_dentry);
377 	nfs_fattr_init(&data->old_fattr);
378 	nfs_fattr_init(&data->new_fattr);
379 	data->complete = complete;
380 
381 	/* set up nfs_renameargs */
382 	data->args.old_dir = NFS_FH(old_dir);
383 	data->args.old_name = &old_dentry->d_name;
384 	data->args.new_dir = NFS_FH(new_dir);
385 	data->args.new_name = &new_dentry->d_name;
386 
387 	/* set up nfs_renameres */
388 	data->res.old_fattr = &data->old_fattr;
389 	data->res.new_fattr = &data->new_fattr;
390 
391 	nfs_sb_active(old_dir->i_sb);
392 
393 	NFS_PROTO(data->old_dir)->rename_setup(&msg, old_dentry, new_dentry);
394 
395 	return rpc_run_task(&task_setup_data);
396 }
397 
398 /*
399  * Perform tasks needed when a sillyrename is done such as cancelling the
400  * queued async unlink if it failed.
401  */
402 static void
nfs_complete_sillyrename(struct rpc_task * task,struct nfs_renamedata * data)403 nfs_complete_sillyrename(struct rpc_task *task, struct nfs_renamedata *data)
404 {
405 	struct dentry *dentry = data->old_dentry;
406 
407 	if (task->tk_status != 0) {
408 		nfs_cancel_async_unlink(dentry);
409 		return;
410 	}
411 }
412 
413 #define SILLYNAME_PREFIX ".nfs"
414 #define SILLYNAME_PREFIX_LEN ((unsigned)sizeof(SILLYNAME_PREFIX) - 1)
415 #define SILLYNAME_FILEID_LEN ((unsigned)sizeof(u64) << 1)
416 #define SILLYNAME_COUNTER_LEN ((unsigned)sizeof(unsigned int) << 1)
417 #define SILLYNAME_LEN (SILLYNAME_PREFIX_LEN + \
418 		SILLYNAME_FILEID_LEN + \
419 		SILLYNAME_COUNTER_LEN)
420 
421 /**
422  * nfs_sillyrename - Perform a silly-rename of a dentry
423  * @dir: inode of directory that contains dentry
424  * @dentry: dentry to be sillyrenamed
425  *
426  * NFSv2/3 is stateless and the server doesn't know when the client is
427  * holding a file open. To prevent application problems when a file is
428  * unlinked while it's still open, the client performs a "silly-rename".
429  * That is, it renames the file to a hidden file in the same directory,
430  * and only performs the unlink once the last reference to it is put.
431  *
432  * The final cleanup is done during dentry_iput.
433  *
434  * (Note: NFSv4 is stateful, and has opens, so in theory an NFSv4 server
435  * could take responsibility for keeping open files referenced.  The server
436  * would also need to ensure that opened-but-deleted files were kept over
437  * reboots.  However, we may not assume a server does so.  (RFC 5661
438  * does provide an OPEN4_RESULT_PRESERVE_UNLINKED flag that a server can
439  * use to advertise that it does this; some day we may take advantage of
440  * it.))
441  */
442 int
nfs_sillyrename(struct inode * dir,struct dentry * dentry)443 nfs_sillyrename(struct inode *dir, struct dentry *dentry)
444 {
445 	static unsigned int sillycounter;
446 	unsigned char silly[SILLYNAME_LEN + 1];
447 	unsigned long long fileid;
448 	struct dentry *sdentry;
449 	struct inode *inode = d_inode(dentry);
450 	struct rpc_task *task;
451 	int            error = -EBUSY;
452 
453 	dfprintk(VFS, "NFS: silly-rename(%pd2, ct=%d)\n",
454 		dentry, d_count(dentry));
455 	nfs_inc_stats(dir, NFSIOS_SILLYRENAME);
456 
457 	/*
458 	 * We don't allow a dentry to be silly-renamed twice.
459 	 */
460 	if (dentry->d_flags & DCACHE_NFSFS_RENAMED)
461 		goto out;
462 
463 	fileid = NFS_FILEID(d_inode(dentry));
464 
465 	sdentry = NULL;
466 	do {
467 		int slen;
468 		dput(sdentry);
469 		sillycounter++;
470 		slen = scnprintf(silly, sizeof(silly),
471 				SILLYNAME_PREFIX "%0*llx%0*x",
472 				SILLYNAME_FILEID_LEN, fileid,
473 				SILLYNAME_COUNTER_LEN, sillycounter);
474 
475 		dfprintk(VFS, "NFS: trying to rename %pd to %s\n",
476 				dentry, silly);
477 
478 		sdentry = lookup_one_len(silly, dentry->d_parent, slen);
479 		/*
480 		 * N.B. Better to return EBUSY here ... it could be
481 		 * dangerous to delete the file while it's in use.
482 		 */
483 		if (IS_ERR(sdentry))
484 			goto out;
485 	} while (d_inode(sdentry) != NULL); /* need negative lookup */
486 
487 	ihold(inode);
488 
489 	/* queue unlink first. Can't do this from rpc_release as it
490 	 * has to allocate memory
491 	 */
492 	error = nfs_async_unlink(dentry, &sdentry->d_name);
493 	if (error)
494 		goto out_dput;
495 
496 	/* run the rename task, undo unlink if it fails */
497 	task = nfs_async_rename(dir, dir, dentry, sdentry,
498 					nfs_complete_sillyrename);
499 	if (IS_ERR(task)) {
500 		error = -EBUSY;
501 		nfs_cancel_async_unlink(dentry);
502 		goto out_dput;
503 	}
504 
505 	/* wait for the RPC task to complete, unless a SIGKILL intervenes */
506 	error = rpc_wait_for_completion_task(task);
507 	if (error == 0)
508 		error = task->tk_status;
509 	switch (error) {
510 	case 0:
511 		/* The rename succeeded */
512 		nfs_set_verifier(dentry, nfs_save_change_attribute(dir));
513 		spin_lock(&inode->i_lock);
514 		NFS_I(inode)->attr_gencount = nfs_inc_attr_generation_counter();
515 		nfs_set_cache_invalid(inode, NFS_INO_INVALID_CHANGE |
516 						     NFS_INO_INVALID_CTIME |
517 						     NFS_INO_REVAL_FORCED);
518 		spin_unlock(&inode->i_lock);
519 		d_move(dentry, sdentry);
520 		break;
521 	case -ERESTARTSYS:
522 		/* The result of the rename is unknown. Play it safe by
523 		 * forcing a new lookup */
524 		d_drop(dentry);
525 		d_drop(sdentry);
526 	}
527 	rpc_put_task(task);
528 out_dput:
529 	iput(inode);
530 	dput(sdentry);
531 out:
532 	return error;
533 }
534