Avoid reading past buffer when calling GETACL
[zen-stable.git] / fs / xfs / xfs_dfrag.c
blobdd974a55c77daee6de56a44c527e871d7cfe7fca
1 /*
2 * Copyright (c) 2000-2006 Silicon Graphics, Inc.
3 * All Rights Reserved.
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18 #include "xfs.h"
19 #include "xfs_fs.h"
20 #include "xfs_types.h"
21 #include "xfs_bit.h"
22 #include "xfs_log.h"
23 #include "xfs_inum.h"
24 #include "xfs_trans.h"
25 #include "xfs_sb.h"
26 #include "xfs_ag.h"
27 #include "xfs_mount.h"
28 #include "xfs_bmap_btree.h"
29 #include "xfs_dinode.h"
30 #include "xfs_inode.h"
31 #include "xfs_inode_item.h"
32 #include "xfs_bmap.h"
33 #include "xfs_itable.h"
34 #include "xfs_dfrag.h"
35 #include "xfs_error.h"
36 #include "xfs_vnodeops.h"
37 #include "xfs_trace.h"
40 static int xfs_swap_extents(
41 xfs_inode_t *ip, /* target inode */
42 xfs_inode_t *tip, /* tmp inode */
43 xfs_swapext_t *sxp);
46 * ioctl interface for swapext
48 int
49 xfs_swapext(
50 xfs_swapext_t *sxp)
52 xfs_inode_t *ip, *tip;
53 struct file *file, *tmp_file;
54 int error = 0;
56 /* Pull information for the target fd */
57 file = fget((int)sxp->sx_fdtarget);
58 if (!file) {
59 error = XFS_ERROR(EINVAL);
60 goto out;
63 if (!(file->f_mode & FMODE_WRITE) ||
64 !(file->f_mode & FMODE_READ) ||
65 (file->f_flags & O_APPEND)) {
66 error = XFS_ERROR(EBADF);
67 goto out_put_file;
70 tmp_file = fget((int)sxp->sx_fdtmp);
71 if (!tmp_file) {
72 error = XFS_ERROR(EINVAL);
73 goto out_put_file;
76 if (!(tmp_file->f_mode & FMODE_WRITE) ||
77 !(tmp_file->f_mode & FMODE_READ) ||
78 (tmp_file->f_flags & O_APPEND)) {
79 error = XFS_ERROR(EBADF);
80 goto out_put_tmp_file;
83 if (IS_SWAPFILE(file->f_path.dentry->d_inode) ||
84 IS_SWAPFILE(tmp_file->f_path.dentry->d_inode)) {
85 error = XFS_ERROR(EINVAL);
86 goto out_put_tmp_file;
89 ip = XFS_I(file->f_path.dentry->d_inode);
90 tip = XFS_I(tmp_file->f_path.dentry->d_inode);
92 if (ip->i_mount != tip->i_mount) {
93 error = XFS_ERROR(EINVAL);
94 goto out_put_tmp_file;
97 if (ip->i_ino == tip->i_ino) {
98 error = XFS_ERROR(EINVAL);
99 goto out_put_tmp_file;
102 if (XFS_FORCED_SHUTDOWN(ip->i_mount)) {
103 error = XFS_ERROR(EIO);
104 goto out_put_tmp_file;
107 error = xfs_swap_extents(ip, tip, sxp);
109 out_put_tmp_file:
110 fput(tmp_file);
111 out_put_file:
112 fput(file);
113 out:
114 return error;
118 * We need to check that the format of the data fork in the temporary inode is
119 * valid for the target inode before doing the swap. This is not a problem with
120 * attr1 because of the fixed fork offset, but attr2 has a dynamically sized
121 * data fork depending on the space the attribute fork is taking so we can get
122 * invalid formats on the target inode.
124 * E.g. target has space for 7 extents in extent format, temp inode only has
125 * space for 6. If we defragment down to 7 extents, then the tmp format is a
126 * btree, but when swapped it needs to be in extent format. Hence we can't just
127 * blindly swap data forks on attr2 filesystems.
129 * Note that we check the swap in both directions so that we don't end up with
130 * a corrupt temporary inode, either.
132 * Note that fixing the way xfs_fsr sets up the attribute fork in the source
133 * inode will prevent this situation from occurring, so all we do here is
134 * reject and log the attempt. basically we are putting the responsibility on
135 * userspace to get this right.
137 static int
138 xfs_swap_extents_check_format(
139 xfs_inode_t *ip, /* target inode */
140 xfs_inode_t *tip) /* tmp inode */
143 /* Should never get a local format */
144 if (ip->i_d.di_format == XFS_DINODE_FMT_LOCAL ||
145 tip->i_d.di_format == XFS_DINODE_FMT_LOCAL)
146 return EINVAL;
149 * if the target inode has less extents that then temporary inode then
150 * why did userspace call us?
152 if (ip->i_d.di_nextents < tip->i_d.di_nextents)
153 return EINVAL;
156 * if the target inode is in extent form and the temp inode is in btree
157 * form then we will end up with the target inode in the wrong format
158 * as we already know there are less extents in the temp inode.
160 if (ip->i_d.di_format == XFS_DINODE_FMT_EXTENTS &&
161 tip->i_d.di_format == XFS_DINODE_FMT_BTREE)
162 return EINVAL;
164 /* Check temp in extent form to max in target */
165 if (tip->i_d.di_format == XFS_DINODE_FMT_EXTENTS &&
166 XFS_IFORK_NEXTENTS(tip, XFS_DATA_FORK) >
167 XFS_IFORK_MAXEXT(ip, XFS_DATA_FORK))
168 return EINVAL;
170 /* Check target in extent form to max in temp */
171 if (ip->i_d.di_format == XFS_DINODE_FMT_EXTENTS &&
172 XFS_IFORK_NEXTENTS(ip, XFS_DATA_FORK) >
173 XFS_IFORK_MAXEXT(tip, XFS_DATA_FORK))
174 return EINVAL;
177 * If we are in a btree format, check that the temp root block will fit
178 * in the target and that it has enough extents to be in btree format
179 * in the target.
181 * Note that we have to be careful to allow btree->extent conversions
182 * (a common defrag case) which will occur when the temp inode is in
183 * extent format...
185 if (tip->i_d.di_format == XFS_DINODE_FMT_BTREE) {
186 if (XFS_IFORK_BOFF(ip) &&
187 tip->i_df.if_broot_bytes > XFS_IFORK_BOFF(ip))
188 return EINVAL;
189 if (XFS_IFORK_NEXTENTS(tip, XFS_DATA_FORK) <=
190 XFS_IFORK_MAXEXT(ip, XFS_DATA_FORK))
191 return EINVAL;
194 /* Reciprocal target->temp btree format checks */
195 if (ip->i_d.di_format == XFS_DINODE_FMT_BTREE) {
196 if (XFS_IFORK_BOFF(tip) &&
197 ip->i_df.if_broot_bytes > XFS_IFORK_BOFF(tip))
198 return EINVAL;
200 if (XFS_IFORK_NEXTENTS(ip, XFS_DATA_FORK) <=
201 XFS_IFORK_MAXEXT(tip, XFS_DATA_FORK))
202 return EINVAL;
205 return 0;
208 static int
209 xfs_swap_extents(
210 xfs_inode_t *ip, /* target inode */
211 xfs_inode_t *tip, /* tmp inode */
212 xfs_swapext_t *sxp)
214 xfs_mount_t *mp = ip->i_mount;
215 xfs_trans_t *tp;
216 xfs_bstat_t *sbp = &sxp->sx_stat;
217 xfs_ifork_t *tempifp, *ifp, *tifp;
218 int ilf_fields, tilf_fields;
219 int error = 0;
220 int aforkblks = 0;
221 int taforkblks = 0;
222 __uint64_t tmp;
224 tempifp = kmem_alloc(sizeof(xfs_ifork_t), KM_MAYFAIL);
225 if (!tempifp) {
226 error = XFS_ERROR(ENOMEM);
227 goto out;
231 * we have to do two separate lock calls here to keep lockdep
232 * happy. If we try to get all the locks in one call, lock will
233 * report false positives when we drop the ILOCK and regain them
234 * below.
236 xfs_lock_two_inodes(ip, tip, XFS_IOLOCK_EXCL);
237 xfs_lock_two_inodes(ip, tip, XFS_ILOCK_EXCL);
239 /* Verify that both files have the same format */
240 if ((ip->i_d.di_mode & S_IFMT) != (tip->i_d.di_mode & S_IFMT)) {
241 error = XFS_ERROR(EINVAL);
242 goto out_unlock;
245 /* Verify both files are either real-time or non-realtime */
246 if (XFS_IS_REALTIME_INODE(ip) != XFS_IS_REALTIME_INODE(tip)) {
247 error = XFS_ERROR(EINVAL);
248 goto out_unlock;
251 if (VN_CACHED(VFS_I(tip)) != 0) {
252 error = xfs_flushinval_pages(tip, 0, -1,
253 FI_REMAPF_LOCKED);
254 if (error)
255 goto out_unlock;
258 /* Verify O_DIRECT for ftmp */
259 if (VN_CACHED(VFS_I(tip)) != 0) {
260 error = XFS_ERROR(EINVAL);
261 goto out_unlock;
264 /* Verify all data are being swapped */
265 if (sxp->sx_offset != 0 ||
266 sxp->sx_length != ip->i_d.di_size ||
267 sxp->sx_length != tip->i_d.di_size) {
268 error = XFS_ERROR(EFAULT);
269 goto out_unlock;
272 trace_xfs_swap_extent_before(ip, 0);
273 trace_xfs_swap_extent_before(tip, 1);
275 /* check inode formats now that data is flushed */
276 error = xfs_swap_extents_check_format(ip, tip);
277 if (error) {
278 xfs_notice(mp,
279 "%s: inode 0x%llx format is incompatible for exchanging.",
280 __func__, ip->i_ino);
281 goto out_unlock;
285 * Compare the current change & modify times with that
286 * passed in. If they differ, we abort this swap.
287 * This is the mechanism used to ensure the calling
288 * process that the file was not changed out from
289 * under it.
291 if ((sbp->bs_ctime.tv_sec != VFS_I(ip)->i_ctime.tv_sec) ||
292 (sbp->bs_ctime.tv_nsec != VFS_I(ip)->i_ctime.tv_nsec) ||
293 (sbp->bs_mtime.tv_sec != VFS_I(ip)->i_mtime.tv_sec) ||
294 (sbp->bs_mtime.tv_nsec != VFS_I(ip)->i_mtime.tv_nsec)) {
295 error = XFS_ERROR(EBUSY);
296 goto out_unlock;
299 /* We need to fail if the file is memory mapped. Once we have tossed
300 * all existing pages, the page fault will have no option
301 * but to go to the filesystem for pages. By making the page fault call
302 * vop_read (or write in the case of autogrow) they block on the iolock
303 * until we have switched the extents.
305 if (VN_MAPPED(VFS_I(ip))) {
306 error = XFS_ERROR(EBUSY);
307 goto out_unlock;
310 xfs_iunlock(ip, XFS_ILOCK_EXCL);
311 xfs_iunlock(tip, XFS_ILOCK_EXCL);
314 * There is a race condition here since we gave up the
315 * ilock. However, the data fork will not change since
316 * we have the iolock (locked for truncation too) so we
317 * are safe. We don't really care if non-io related
318 * fields change.
321 xfs_tosspages(ip, 0, -1, FI_REMAPF);
323 tp = xfs_trans_alloc(mp, XFS_TRANS_SWAPEXT);
324 if ((error = xfs_trans_reserve(tp, 0,
325 XFS_ICHANGE_LOG_RES(mp), 0,
326 0, 0))) {
327 xfs_iunlock(ip, XFS_IOLOCK_EXCL);
328 xfs_iunlock(tip, XFS_IOLOCK_EXCL);
329 xfs_trans_cancel(tp, 0);
330 goto out;
332 xfs_lock_two_inodes(ip, tip, XFS_ILOCK_EXCL);
335 * Count the number of extended attribute blocks
337 if ( ((XFS_IFORK_Q(ip) != 0) && (ip->i_d.di_anextents > 0)) &&
338 (ip->i_d.di_aformat != XFS_DINODE_FMT_LOCAL)) {
339 error = xfs_bmap_count_blocks(tp, ip, XFS_ATTR_FORK, &aforkblks);
340 if (error)
341 goto out_trans_cancel;
343 if ( ((XFS_IFORK_Q(tip) != 0) && (tip->i_d.di_anextents > 0)) &&
344 (tip->i_d.di_aformat != XFS_DINODE_FMT_LOCAL)) {
345 error = xfs_bmap_count_blocks(tp, tip, XFS_ATTR_FORK,
346 &taforkblks);
347 if (error)
348 goto out_trans_cancel;
352 * Swap the data forks of the inodes
354 ifp = &ip->i_df;
355 tifp = &tip->i_df;
356 *tempifp = *ifp; /* struct copy */
357 *ifp = *tifp; /* struct copy */
358 *tifp = *tempifp; /* struct copy */
361 * Fix the on-disk inode values
363 tmp = (__uint64_t)ip->i_d.di_nblocks;
364 ip->i_d.di_nblocks = tip->i_d.di_nblocks - taforkblks + aforkblks;
365 tip->i_d.di_nblocks = tmp + taforkblks - aforkblks;
367 tmp = (__uint64_t) ip->i_d.di_nextents;
368 ip->i_d.di_nextents = tip->i_d.di_nextents;
369 tip->i_d.di_nextents = tmp;
371 tmp = (__uint64_t) ip->i_d.di_format;
372 ip->i_d.di_format = tip->i_d.di_format;
373 tip->i_d.di_format = tmp;
376 * The extents in the source inode could still contain speculative
377 * preallocation beyond EOF (e.g. the file is open but not modified
378 * while defrag is in progress). In that case, we need to copy over the
379 * number of delalloc blocks the data fork in the source inode is
380 * tracking beyond EOF so that when the fork is truncated away when the
381 * temporary inode is unlinked we don't underrun the i_delayed_blks
382 * counter on that inode.
384 ASSERT(tip->i_delayed_blks == 0);
385 tip->i_delayed_blks = ip->i_delayed_blks;
386 ip->i_delayed_blks = 0;
388 ilf_fields = XFS_ILOG_CORE;
390 switch(ip->i_d.di_format) {
391 case XFS_DINODE_FMT_EXTENTS:
392 /* If the extents fit in the inode, fix the
393 * pointer. Otherwise it's already NULL or
394 * pointing to the extent.
396 if (ip->i_d.di_nextents <= XFS_INLINE_EXTS) {
397 ifp->if_u1.if_extents =
398 ifp->if_u2.if_inline_ext;
400 ilf_fields |= XFS_ILOG_DEXT;
401 break;
402 case XFS_DINODE_FMT_BTREE:
403 ilf_fields |= XFS_ILOG_DBROOT;
404 break;
407 tilf_fields = XFS_ILOG_CORE;
409 switch(tip->i_d.di_format) {
410 case XFS_DINODE_FMT_EXTENTS:
411 /* If the extents fit in the inode, fix the
412 * pointer. Otherwise it's already NULL or
413 * pointing to the extent.
415 if (tip->i_d.di_nextents <= XFS_INLINE_EXTS) {
416 tifp->if_u1.if_extents =
417 tifp->if_u2.if_inline_ext;
419 tilf_fields |= XFS_ILOG_DEXT;
420 break;
421 case XFS_DINODE_FMT_BTREE:
422 tilf_fields |= XFS_ILOG_DBROOT;
423 break;
427 xfs_trans_ijoin(tp, ip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
428 xfs_trans_ijoin(tp, tip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
430 xfs_trans_log_inode(tp, ip, ilf_fields);
431 xfs_trans_log_inode(tp, tip, tilf_fields);
434 * If this is a synchronous mount, make sure that the
435 * transaction goes to disk before returning to the user.
437 if (mp->m_flags & XFS_MOUNT_WSYNC)
438 xfs_trans_set_sync(tp);
440 error = xfs_trans_commit(tp, 0);
442 trace_xfs_swap_extent_after(ip, 0);
443 trace_xfs_swap_extent_after(tip, 1);
444 out:
445 kmem_free(tempifp);
446 return error;
448 out_unlock:
449 xfs_iunlock(ip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
450 xfs_iunlock(tip, XFS_ILOCK_EXCL | XFS_IOLOCK_EXCL);
451 goto out;
453 out_trans_cancel:
454 xfs_trans_cancel(tp, 0);
455 goto out_unlock;