journal.c source code [linux/fs/ubifs/journal.c]

1	// SPDX-License-Identifier: GPL-2.0-only
2	/*
3	* This file is part of UBIFS.
4	*
5	* Copyright (C) 2006-2008 Nokia Corporation.
6	*
7	* Authors: Artem Bityutskiy (Битюцкий Артём)
8	* Adrian Hunter
9	*/
10
11	/*
12	* This file implements UBIFS journal.
13	*
14	* The journal consists of 2 parts - the log and bud LEBs. The log has fixed
15	* length and position, while a bud logical eraseblock is any LEB in the main
16	* area. Buds contain file system data - data nodes, inode nodes, etc. The log
17	* contains only references to buds and some other stuff like commit
18	* start node. The idea is that when we commit the journal, we do
19	* not copy the data, the buds just become indexed. Since after the commit the
20	* nodes in bud eraseblocks become leaf nodes of the file system index tree, we
21	* use term "bud". Analogy is obvious, bud eraseblocks contain nodes which will
22	* become leafs in the future.
23	*
24	* The journal is multi-headed because we want to write data to the journal as
25	* optimally as possible. It is nice to have nodes belonging to the same inode
26	* in one LEB, so we may write data owned by different inodes to different
27	* journal heads, although at present only one data head is used.
28	*
29	* For recovery reasons, the base head contains all inode nodes, all directory
30	* entry nodes and all truncate nodes. This means that the other heads contain
31	* only data nodes.
32	*
33	* Bud LEBs may be half-indexed. For example, if the bud was not full at the
34	* time of commit, the bud is retained to continue to be used in the journal,
35	* even though the "front" of the LEB is now indexed. In that case, the log
36	* reference contains the offset where the bud starts for the purposes of the
37	* journal.
38	*
39	* The journal size has to be limited, because the larger is the journal, the
40	* longer it takes to mount UBIFS (scanning the journal) and the more memory it
41	* takes (indexing in the TNC).
42	*
43	* All the journal write operations like 'ubifs_jnl_update()' here, which write
44	* multiple UBIFS nodes to the journal at one go, are atomic with respect to
45	* unclean reboots. Should the unclean reboot happen, the recovery code drops
46	* all the nodes.
47	*/
48
49	#include "ubifs.h"
50
51	/**
52	* zero_ino_node_unused - zero out unused fields of an on-flash inode node.
53	* @ino: the inode to zero out
54	*/
55	static inline void zero_ino_node_unused(struct ubifs_ino_node *ino)
56	{
57	memset(ino->padding1, `0`, `4`);
58	memset(ino->padding2, `0`, `26`);
59	}
60
61	/**
62	* zero_dent_node_unused - zero out unused fields of an on-flash directory
63	* entry node.
64	* @dent: the directory entry to zero out
65	*/
66	static inline void zero_dent_node_unused(struct ubifs_dent_node *dent)
67	{
68	dent->padding1 = `0`;
69	}
70
71	/**
72	* zero_trun_node_unused - zero out unused fields of an on-flash truncation
73	* node.
74	* @trun: the truncation node to zero out
75	*/
76	static inline void zero_trun_node_unused(struct ubifs_trun_node *trun)
77	{
78	memset(trun->padding, `0`, `12`);
79	}
80
81	static void ubifs_add_auth_dirt(struct ubifs_info c, int* lnum)
82	{
83	if (ubifs_authenticated(c))
84	ubifs_add_dirt(c, lnum, dirty: ubifs_auth_node_sz(c));
85	}
86
87	/**
88	* reserve_space - reserve space in the journal.
89	* @c: UBIFS file-system description object
90	* @jhead: journal head number
91	* @len: node length
92	*
93	* This function reserves space in journal head @head. If the reservation
94	* succeeded, the journal head stays locked and later has to be unlocked using
95	* 'release_head()'. Returns zero in case of success, %-EAGAIN if commit has to
96	* be done, and other negative error codes in case of other failures.
97	*/
98	static int reserve_space(struct ubifs_info c, int* jhead, int len)
99	{
100	int err = `0`, err1, retries = `0`, avail, lnum, offs, squeeze;
101	struct ubifs_wbuf *wbuf = &c->jheads[jhead].wbuf;
102
103	/*
104	* Typically, the base head has smaller nodes written to it, so it is
105	* better to try to allocate space at the ends of eraseblocks. This is
106	* what the squeeze parameter does.
107	*/
108	ubifs_assert(c, !c->ro_media && !c->ro_mount);
109	squeeze = (jhead == BASEHD);
110	again:
111	mutex_lock_nested(lock: &wbuf->io_mutex, subclass: wbuf->jhead);
112
113	if (c->ro_error) {
114	err = -EROFS;
115	goto out_unlock;
116	}
117
118	avail = c->leb_size - wbuf->offs - wbuf->used;
119	if (wbuf->lnum != -`1` && avail >= len)
120	return `0`;
121
122	/*
123	* Write buffer wasn't seek'ed or there is no enough space - look for an
124	* LEB with some empty space.
125	*/
126	lnum = ubifs_find_free_space(c, min_space: len, offs: &offs, squeeze);
127	if (lnum >= `0`)
128	goto out;
129
130	err = lnum;
131	if (err != -ENOSPC)
132	goto out_unlock;
133
134	/*
135	* No free space, we have to run garbage collector to make
136	* some. But the write-buffer mutex has to be unlocked because
137	* GC also takes it.
138	*/
139	dbg_jnl("no free space in jhead %s, run GC", dbg_jhead(jhead));
140	mutex_unlock(lock: &wbuf->io_mutex);
141
142	lnum = ubifs_garbage_collect(c, anyway: `0`);
143	if (lnum < `0`) {
144	err = lnum;
145	if (err != -ENOSPC)
146	return err;
147
148	/*
149	* GC could not make a free LEB. But someone else may
150	* have allocated new bud for this journal head,
151	* because we dropped @wbuf->io_mutex, so try once
152	* again.
153	*/
154	dbg_jnl("GC couldn't make a free LEB for jhead %s",
155	dbg_jhead(jhead));
156	if (retries++ < `2`) {
157	dbg_jnl("retry (%d)", retries);
158	goto again;
159	}
160
161	dbg_jnl("return -ENOSPC");
162	return err;
163	}
164
165	mutex_lock_nested(lock: &wbuf->io_mutex, subclass: wbuf->jhead);
166	dbg_jnl("got LEB %d for jhead %s", lnum, dbg_jhead(jhead));
167	avail = c->leb_size - wbuf->offs - wbuf->used;
168
169	if (wbuf->lnum != -`1` && avail >= len) {
170	/*
171	* Someone else has switched the journal head and we have
172	* enough space now. This happens when more than one process is
173	* trying to write to the same journal head at the same time.
174	*/
175	dbg_jnl("return LEB %d back, already have LEB %d:%d",
176	lnum, wbuf->lnum, wbuf->offs + wbuf->used);
177	err = ubifs_return_leb(c, lnum);
178	if (err)
179	goto out_unlock;
180	return `0`;
181	}
182
183	offs = `0`;
184
185	out:
186	/*
187	* Make sure we synchronize the write-buffer before we add the new bud
188	* to the log. Otherwise we may have a power cut after the log
189	* reference node for the last bud (@lnum) is written but before the
190	* write-buffer data are written to the next-to-last bud
191	* (@wbuf->lnum). And the effect would be that the recovery would see
192	* that there is corruption in the next-to-last bud.
193	*/
194	err = ubifs_wbuf_sync_nolock(wbuf);
195	if (err)
196	goto out_return;
197	err = ubifs_add_bud_to_log(c, jhead, lnum, offs);
198	if (err)
199	goto out_return;
200	err = ubifs_wbuf_seek_nolock(wbuf, lnum, offs);
201	if (err)
202	goto out_unlock;
203
204	return `0`;
205
206	out_unlock:
207	mutex_unlock(lock: &wbuf->io_mutex);
208	return err;
209
210	out_return:
211	/ An error occurred and the LEB has to be returned to lprops /
212	ubifs_assert(c, err < `0`);
213	err1 = ubifs_return_leb(c, lnum);
214	if (err1 && err == -EAGAIN)
215	/*
216	* Return original error code only if it is not %-EAGAIN,
217	* which is not really an error. Otherwise, return the error
218	* code of 'ubifs_return_leb()'.
219	*/
220	err = err1;
221	mutex_unlock(lock: &wbuf->io_mutex);
222	return err;
223	}
224
225	static int ubifs_hash_nodes(struct ubifs_info c, void* *node,
226	int len, struct shash_desc *hash)
227	{
228	int auth_node_size = ubifs_auth_node_sz(c);
229	int err;
230
231	while (`1`) {
232	const struct ubifs_ch *ch = node;
233	int nodelen = le32_to_cpu(ch->len);
234
235	ubifs_assert(c, len >= auth_node_size);
236
237	if (len == auth_node_size)
238	break;
239
240	ubifs_assert(c, len > nodelen);
241	ubifs_assert(c, ch->magic == cpu_to_le32(UBIFS_NODE_MAGIC));
242
243	err = ubifs_shash_update(c, desc: hash, buf: (void *)node, len: nodelen);
244	if (err)
245	return err;
246
247	node += ALIGN(nodelen, `8`);
248	len -= ALIGN(nodelen, `8`);
249	}
250
251	return ubifs_prepare_auth_node(c, node, inhash: hash);
252	}
253
254	/**
255	* write_head - write data to a journal head.
256	* @c: UBIFS file-system description object
257	* @jhead: journal head
258	* @buf: buffer to write
259	* @len: length to write
260	* @lnum: LEB number written is returned here
261	* @offs: offset written is returned here
262	* @sync: non-zero if the write-buffer has to by synchronized
263	*
264	* This function writes data to the reserved space of journal head @jhead.
265	* Returns zero in case of success and a negative error code in case of
266	* failure.
267	*/
268	static int write_head(struct ubifs_info c, int* jhead, void buf, int* len,
269	int lnum, int* offs, int* sync)
270	{
271	int err;
272	struct ubifs_wbuf *wbuf = &c->jheads[jhead].wbuf;
273
274	ubifs_assert(c, jhead != GCHD);
275
276	*lnum = c->jheads[jhead].wbuf.lnum;
277	*offs = c->jheads[jhead].wbuf.offs + c->jheads[jhead].wbuf.used;
278	dbg_jnl("jhead %s, LEB %d:%d, len %d",
279	dbg_jhead(jhead), lnum, offs, len);
280
281	if (ubifs_authenticated(c)) {
282	err = ubifs_hash_nodes(c, node: buf, len, hash: c->jheads[jhead].log_hash);
283	if (err)
284	return err;
285	}
286
287	err = ubifs_wbuf_write_nolock(wbuf, buf, len);
288	if (err)
289	return err;
290	if (sync)
291	err = ubifs_wbuf_sync_nolock(wbuf);
292	return err;
293	}
294
295	/**
296	* make_reservation - reserve journal space.
297	* @c: UBIFS file-system description object
298	* @jhead: journal head
299	* @len: how many bytes to reserve
300	*
301	* This function makes space reservation in journal head @jhead. The function
302	* takes the commit lock and locks the journal head, and the caller has to
303	* unlock the head and finish the reservation with 'finish_reservation()'.
304	* Returns zero in case of success and a negative error code in case of
305	* failure.
306	*
307	* Note, the journal head may be unlocked as soon as the data is written, while
308	* the commit lock has to be released after the data has been added to the
309	* TNC.
310	*/
311	static int make_reservation(struct ubifs_info c, int* jhead, int len)
312	{
313	int err, cmt_retries = `0`, nospc_retries = `0`;
314
315	again:
316	down_read(sem: &c->commit_sem);
317	err = reserve_space(c, jhead, len);
318	if (!err)
319	/ c->commit_sem will get released via finish_reservation(). /
320	return `0`;
321	up_read(sem: &c->commit_sem);
322
323	if (err == -ENOSPC) {
324	/*
325	* GC could not make any progress. We should try to commit
326	* once because it could make some dirty space and GC would
327	* make progress, so make the error -EAGAIN so that the below
328	* will commit and re-try.
329	*/
330	if (nospc_retries++ < `2`) {
331	dbg_jnl("no space, retry");
332	err = -EAGAIN;
333	}
334
335	/*
336	* This means that the budgeting is incorrect. We always have
337	* to be able to write to the media, because all operations are
338	* budgeted. Deletions are not budgeted, though, but we reserve
339	* an extra LEB for them.
340	*/
341	}
342
343	if (err != -EAGAIN)
344	goto out;
345
346	/*
347	* -EAGAIN means that the journal is full or too large, or the above
348	* code wants to do one commit. Do this and re-try.
349	*/
350	if (cmt_retries > `128`) {
351	/*
352	* This should not happen unless the journal size limitations
353	* are too tough.
354	*/
355	ubifs_err(c, fmt: "stuck in space allocation");
356	err = -ENOSPC;
357	goto out;
358	} else if (cmt_retries > `32`)
359	ubifs_warn(c, fmt: "too many space allocation re-tries (%d)",
360	cmt_retries);
361
362	dbg_jnl("-EAGAIN, commit and retry (retried %d times)",
363	cmt_retries);
364	cmt_retries += `1`;
365
366	err = ubifs_run_commit(c);
367	if (err)
368	return err;
369	goto again;
370
371	out:
372	ubifs_err(c, fmt: "cannot reserve %d bytes in jhead %d, error %d",
373	len, jhead, err);
374	if (err == -ENOSPC) {
375	/ This are some budgeting problems, print useful information /
376	down_write(sem: &c->commit_sem);
377	dump_stack();
378	ubifs_dump_budg(c, bi: &c->bi);
379	ubifs_dump_lprops(c);
380	cmt_retries = dbg_check_lprops(c);
381	up_write(sem: &c->commit_sem);
382	}
383	return err;
384	}
385
386	/**
387	* release_head - release a journal head.
388	* @c: UBIFS file-system description object
389	* @jhead: journal head
390	*
391	* This function releases journal head @jhead which was locked by
392	* the 'make_reservation()' function. It has to be called after each successful
393	* 'make_reservation()' invocation.
394	*/
395	static inline void release_head(struct ubifs_info c, int* jhead)
396	{
397	mutex_unlock(lock: &c->jheads[jhead].wbuf.io_mutex);
398	}
399
400	/**
401	* finish_reservation - finish a reservation.
402	* @c: UBIFS file-system description object
403	*
404	* This function finishes journal space reservation. It must be called after
405	* 'make_reservation()'.
406	*/
407	static void finish_reservation(struct ubifs_info *c)
408	{
409	up_read(sem: &c->commit_sem);
410	}
411
412	/**
413	* get_dent_type - translate VFS inode mode to UBIFS directory entry type.
414	* @mode: inode mode
415	*/
416	static int get_dent_type(int mode)
417	{
418	switch (mode & S_IFMT) {
419	case S_IFREG:
420	return UBIFS_ITYPE_REG;
421	case S_IFDIR:
422	return UBIFS_ITYPE_DIR;
423	case S_IFLNK:
424	return UBIFS_ITYPE_LNK;
425	case S_IFBLK:
426	return UBIFS_ITYPE_BLK;
427	case S_IFCHR:
428	return UBIFS_ITYPE_CHR;
429	case S_IFIFO:
430	return UBIFS_ITYPE_FIFO;
431	case S_IFSOCK:
432	return UBIFS_ITYPE_SOCK;
433	default:
434	BUG();
435	}
436	return `0`;
437	}
438
439	/**
440	* pack_inode - pack an inode node.
441	* @c: UBIFS file-system description object
442	* @ino: buffer in which to pack inode node
443	* @inode: inode to pack
444	* @last: indicates the last node of the group
445	*/
446	static void pack_inode(struct ubifs_info c, struct* ubifs_ino_node *ino,
447	const struct inode inode, int* last)
448	{
449	int data_len = `0`, last_reference = !inode->i_nlink;
450	struct ubifs_inode *ui = ubifs_inode(inode);
451
452	ino->ch.node_type = UBIFS_INO_NODE;
453	ino_key_init_flash(c, k: &ino->key, inum: inode->i_ino);
454	ino->creat_sqnum = cpu_to_le64(ui->creat_sqnum);
455	ino->atime_sec = cpu_to_le64(inode_get_atime_sec(inode));
456	ino->atime_nsec = cpu_to_le32(inode_get_atime_nsec(inode));
457	ino->ctime_sec = cpu_to_le64(inode_get_ctime_sec(inode));
458	ino->ctime_nsec = cpu_to_le32(inode_get_ctime_nsec(inode));
459	ino->mtime_sec = cpu_to_le64(inode_get_mtime_sec(inode));
460	ino->mtime_nsec = cpu_to_le32(inode_get_mtime_nsec(inode));
461	ino->uid = cpu_to_le32(i_uid_read(inode));
462	ino->gid = cpu_to_le32(i_gid_read(inode));
463	ino->mode = cpu_to_le32(inode->i_mode);
464	ino->flags = cpu_to_le32(ui->flags);
465	ino->size = cpu_to_le64(ui->ui_size);
466	ino->nlink = cpu_to_le32(inode->i_nlink);
467	ino->compr_type = cpu_to_le16(ui->compr_type);
468	ino->data_len = cpu_to_le32(ui->data_len);
469	ino->xattr_cnt = cpu_to_le32(ui->xattr_cnt);
470	ino->xattr_size = cpu_to_le32(ui->xattr_size);
471	ino->xattr_names = cpu_to_le32(ui->xattr_names);
472	zero_ino_node_unused(ino);
473
474	/*
475	* Drop the attached data if this is a deletion inode, the data is not
476	* needed anymore.
477	*/
478	if (!last_reference) {
479	memcpy(ino->data, ui->data, ui->data_len);
480	data_len = ui->data_len;
481	}
482
483	ubifs_prep_grp_node(c, node: ino, UBIFS_INO_NODE_SZ + data_len, last);
484	}
485
486	/**
487	* mark_inode_clean - mark UBIFS inode as clean.
488	* @c: UBIFS file-system description object
489	* @ui: UBIFS inode to mark as clean
490	*
491	* This helper function marks UBIFS inode @ui as clean by cleaning the
492	* @ui->dirty flag and releasing its budget. Note, VFS may still treat the
493	* inode as dirty and try to write it back, but 'ubifs_write_inode()' would
494	* just do nothing.
495	*/
496	static void mark_inode_clean(struct ubifs_info c, struct* ubifs_inode *ui)
497	{
498	if (ui->dirty)
499	ubifs_release_dirty_inode_budget(c, ui);
500	ui->dirty = `0`;
501	}
502
503	static void set_dent_cookie(struct ubifs_info c, struct* ubifs_dent_node *dent)
504	{
505	if (c->double_hash)
506	dent->cookie = (__force __le32) get_random_u32();
507	else
508	dent->cookie = `0`;
509	}
510
511	/**
512	* ubifs_jnl_update - update inode.
513	* @c: UBIFS file-system description object
514	* @dir: parent inode or host inode in case of extended attributes
515	* @nm: directory entry name
516	* @inode: inode to update
517	* @deletion: indicates a directory entry deletion i.e unlink or rmdir
518	* @xent: non-zero if the directory entry is an extended attribute entry
519	*
520	* This function updates an inode by writing a directory entry (or extended
521	* attribute entry), the inode itself, and the parent directory inode (or the
522	* host inode) to the journal.
523	*
524	* The function writes the host inode @dir last, which is important in case of
525	* extended attributes. Indeed, then we guarantee that if the host inode gets
526	* synchronized (with 'fsync()'), and the write-buffer it sits in gets flushed,
527	* the extended attribute inode gets flushed too. And this is exactly what the
528	* user expects - synchronizing the host inode synchronizes its extended
529	* attributes. Similarly, this guarantees that if @dir is synchronized, its
530	* directory entry corresponding to @nm gets synchronized too.
531	*
532	* If the inode (@inode) or the parent directory (@dir) are synchronous, this
533	* function synchronizes the write-buffer.
534	*
535	* This function marks the @dir and @inode inodes as clean and returns zero on
536	* success. In case of failure, a negative error code is returned.
537	*/
538	int ubifs_jnl_update(struct ubifs_info c, const* struct inode *dir,
539	const struct fscrypt_name nm, const* struct inode *inode,
540	int deletion, int xent)
541	{
542	int err, dlen, ilen, len, lnum, ino_offs, dent_offs, orphan_added = `0`;
543	int aligned_dlen, aligned_ilen, sync = IS_DIRSYNC(dir);
544	int last_reference = !!(deletion && inode->i_nlink == `0`);
545	struct ubifs_inode *ui = ubifs_inode(inode);
546	struct ubifs_inode *host_ui = ubifs_inode(inode: dir);
547	struct ubifs_dent_node *dent;
548	struct ubifs_ino_node *ino;
549	union ubifs_key dent_key, ino_key;
550	u8 hash_dent[UBIFS_HASH_ARR_SZ];
551	u8 hash_ino[UBIFS_HASH_ARR_SZ];
552	u8 hash_ino_host[UBIFS_HASH_ARR_SZ];
553
554	ubifs_assert(c, mutex_is_locked(&host_ui->ui_mutex));
555
556	dlen = UBIFS_DENT_NODE_SZ + fname_len(nm) + `1`;
557	ilen = UBIFS_INO_NODE_SZ;
558
559	/*
560	* If the last reference to the inode is being deleted, then there is
561	* no need to attach and write inode data, it is being deleted anyway.
562	* And if the inode is being deleted, no need to synchronize
563	* write-buffer even if the inode is synchronous.
564	*/
565	if (!last_reference) {
566	ilen += ui->data_len;
567	sync \|= IS_SYNC(inode);
568	}
569
570	aligned_dlen = ALIGN(dlen, `8`);
571	aligned_ilen = ALIGN(ilen, `8`);
572
573	len = aligned_dlen + aligned_ilen + UBIFS_INO_NODE_SZ;
574	/ Make sure to also account for extended attributes /
575	if (ubifs_authenticated(c))
576	len += ALIGN(host_ui->data_len, `8`) + ubifs_auth_node_sz(c);
577	else
578	len += host_ui->data_len;
579
580	dent = kzalloc(size: len, GFP_NOFS);
581	if (!dent)
582	return -ENOMEM;
583
584	/ Make reservation before allocating sequence numbers /
585	err = make_reservation(c, BASEHD, len);
586	if (err)
587	goto out_free;
588
589	if (!xent) {
590	dent->ch.node_type = UBIFS_DENT_NODE;
591	if (fname_name(nm) == NULL)
592	dent_key_init_hash(c, key: &dent_key, inum: dir->i_ino, hash: nm->hash);
593	else
594	dent_key_init(c, key: &dent_key, inum: dir->i_ino, nm);
595	} else {
596	dent->ch.node_type = UBIFS_XENT_NODE;
597	xent_key_init(c, key: &dent_key, inum: dir->i_ino, nm);
598	}
599
600	key_write(c, from: &dent_key, to: dent->key);
601	dent->inum = deletion ? `0` : cpu_to_le64(inode->i_ino);
602	dent->type = get_dent_type(mode: inode->i_mode);
603	dent->nlen = cpu_to_le16(fname_len(nm));
604	memcpy(dent->name, fname_name(nm), fname_len(nm));
605	dent->name[fname_len(nm)] = `'\0'`;
606	set_dent_cookie(c, dent);
607
608	zero_dent_node_unused(dent);
609	ubifs_prep_grp_node(c, node: dent, len: dlen, last: `0`);
610	err = ubifs_node_calc_hash(c, buf: dent, hash: hash_dent);
611	if (err)
612	goto out_release;
613
614	ino = (void *)dent + aligned_dlen;
615	pack_inode(c, ino, inode, last: `0`);
616	err = ubifs_node_calc_hash(c, buf: ino, hash: hash_ino);
617	if (err)
618	goto out_release;
619
620	ino = (void *)ino + aligned_ilen;
621	pack_inode(c, ino, inode: dir, last: `1`);
622	err = ubifs_node_calc_hash(c, buf: ino, hash: hash_ino_host);
623	if (err)
624	goto out_release;
625
626	if (last_reference) {
627	err = ubifs_add_orphan(c, inum: inode->i_ino);
628	if (err) {
629	release_head(c, BASEHD);
630	goto out_finish;
631	}
632	ui->del_cmtno = c->cmt_no;
633	orphan_added = `1`;
634	}
635
636	err = write_head(c, BASEHD, buf: dent, len, lnum: &lnum, offs: &dent_offs, sync);
637	if (err)
638	goto out_release;
639	if (!sync) {
640	struct ubifs_wbuf *wbuf = &c->jheads[BASEHD].wbuf;
641
642	ubifs_wbuf_add_ino_nolock(wbuf, inum: inode->i_ino);
643	ubifs_wbuf_add_ino_nolock(wbuf, inum: dir->i_ino);
644	}
645	release_head(c, BASEHD);
646	kfree(objp: dent);
647	ubifs_add_auth_dirt(c, lnum);
648
649	if (deletion) {
650	if (fname_name(nm) == NULL)
651	err = ubifs_tnc_remove_dh(c, key: &dent_key, cookie: nm->minor_hash);
652	else
653	err = ubifs_tnc_remove_nm(c, key: &dent_key, nm);
654	if (err)
655	goto out_ro;
656	err = ubifs_add_dirt(c, lnum, dirty: dlen);
657	} else
658	err = ubifs_tnc_add_nm(c, key: &dent_key, lnum, offs: dent_offs, len: dlen,
659	hash: hash_dent, nm);
660	if (err)
661	goto out_ro;
662
663	/*
664	* Note, we do not remove the inode from TNC even if the last reference
665	* to it has just been deleted, because the inode may still be opened.
666	* Instead, the inode has been added to orphan lists and the orphan
667	* subsystem will take further care about it.
668	*/
669	ino_key_init(c, key: &ino_key, inum: inode->i_ino);
670	ino_offs = dent_offs + aligned_dlen;
671	err = ubifs_tnc_add(c, key: &ino_key, lnum, offs: ino_offs, len: ilen, hash: hash_ino);
672	if (err)
673	goto out_ro;
674
675	ino_key_init(c, key: &ino_key, inum: dir->i_ino);
676	ino_offs += aligned_ilen;
677	err = ubifs_tnc_add(c, key: &ino_key, lnum, offs: ino_offs,
678	UBIFS_INO_NODE_SZ + host_ui->data_len, hash: hash_ino_host);
679	if (err)
680	goto out_ro;
681
682	finish_reservation(c);
683	spin_lock(lock: &ui->ui_lock);
684	ui->synced_i_size = ui->ui_size;
685	spin_unlock(lock: &ui->ui_lock);
686	if (xent) {
687	spin_lock(lock: &host_ui->ui_lock);
688	host_ui->synced_i_size = host_ui->ui_size;
689	spin_unlock(lock: &host_ui->ui_lock);
690	}
691	mark_inode_clean(c, ui);
692	mark_inode_clean(c, ui: host_ui);
693	return `0`;
694
695	out_finish:
696	finish_reservation(c);
697	out_free:
698	kfree(objp: dent);
699	return err;
700
701	out_release:
702	release_head(c, BASEHD);
703	kfree(objp: dent);
704	out_ro:
705	ubifs_ro_mode(c, err);
706	if (orphan_added)
707	ubifs_delete_orphan(c, inum: inode->i_ino);
708	finish_reservation(c);
709	return err;
710	}
711
712	/**
713	* ubifs_jnl_write_data - write a data node to the journal.
714	* @c: UBIFS file-system description object
715	* @inode: inode the data node belongs to
716	* @key: node key
717	* @buf: buffer to write
718	* @len: data length (must not exceed %UBIFS_BLOCK_SIZE)
719	*
720	* This function writes a data node to the journal. Returns %0 if the data node
721	* was successfully written, and a negative error code in case of failure.
722	*/
723	int ubifs_jnl_write_data(struct ubifs_info c, const* struct inode *inode,
724	const union ubifs_key key, const* void buf, int* len)
725	{
726	struct ubifs_data_node *data;
727	int err, lnum, offs, compr_type, out_len, compr_len, auth_len;
728	int dlen = COMPRESSED_DATA_NODE_BUF_SZ, allocated = `1`;
729	int write_len;
730	struct ubifs_inode *ui = ubifs_inode(inode);
731	bool encrypted = IS_ENCRYPTED(inode);
732	u8 hash[UBIFS_HASH_ARR_SZ];
733
734	dbg_jnlk(key, "ino %lu, blk %u, len %d, key ",
735	(unsigned long)key_inum(c, key), key_block(c, key), len);
736	ubifs_assert(c, len <= UBIFS_BLOCK_SIZE);
737
738	if (encrypted)
739	dlen += UBIFS_CIPHER_BLOCK_SIZE;
740
741	auth_len = ubifs_auth_node_sz(c);
742
743	data = kmalloc(size: dlen + auth_len, GFP_NOFS \| __GFP_NOWARN);
744	if (!data) {
745	/*
746	* Fall-back to the write reserve buffer. Note, we might be
747	* currently on the memory reclaim path, when the kernel is
748	* trying to free some memory by writing out dirty pages. The
749	* write reserve buffer helps us to guarantee that we are
750	* always able to write the data.
751	*/
752	allocated = `0`;
753	mutex_lock(&c->write_reserve_mutex);
754	data = c->write_reserve_buf;
755	}
756
757	data->ch.node_type = UBIFS_DATA_NODE;
758	key_write(c, from: key, to: &data->key);
759	data->size = cpu_to_le32(len);
760
761	if (!(ui->flags & UBIFS_COMPR_FL))
762	/ Compression is disabled for this inode /
763	compr_type = UBIFS_COMPR_NONE;
764	else
765	compr_type = ui->compr_type;
766
767	out_len = compr_len = dlen - UBIFS_DATA_NODE_SZ;
768	ubifs_compress(c, in_buf: buf, in_len: len, out_buf: &data->data, out_len: &compr_len, compr_type: &compr_type);
769	ubifs_assert(c, compr_len <= UBIFS_BLOCK_SIZE);
770
771	if (encrypted) {
772	err = ubifs_encrypt(inode, dn: data, in_len: compr_len, out_len: &out_len, block: key_block(c, key));
773	if (err)
774	goto out_free;
775
776	} else {
777	data->compr_size = `0`;
778	out_len = compr_len;
779	}
780
781	dlen = UBIFS_DATA_NODE_SZ + out_len;
782	if (ubifs_authenticated(c))
783	write_len = ALIGN(dlen, `8`) + auth_len;
784	else
785	write_len = dlen;
786
787	data->compr_type = cpu_to_le16(compr_type);
788
789	/ Make reservation before allocating sequence numbers /
790	err = make_reservation(c, DATAHD, len: write_len);
791	if (err)
792	goto out_free;
793
794	ubifs_prepare_node(c, buf: data, len: dlen, pad: `0`);
795	err = write_head(c, DATAHD, buf: data, len: write_len, lnum: &lnum, offs: &offs, sync: `0`);
796	if (err)
797	goto out_release;
798
799	err = ubifs_node_calc_hash(c, buf: data, hash);
800	if (err)
801	goto out_release;
802
803	ubifs_wbuf_add_ino_nolock(wbuf: &c->jheads[DATAHD].wbuf, inum: key_inum(c, k: key));
804	release_head(c, DATAHD);
805
806	ubifs_add_auth_dirt(c, lnum);
807
808	err = ubifs_tnc_add(c, key, lnum, offs, len: dlen, hash);
809	if (err)
810	goto out_ro;
811
812	finish_reservation(c);
813	if (!allocated)
814	mutex_unlock(lock: &c->write_reserve_mutex);
815	else
816	kfree(objp: data);
817	return `0`;
818
819	out_release:
820	release_head(c, DATAHD);
821	out_ro:
822	ubifs_ro_mode(c, err);
823	finish_reservation(c);
824	out_free:
825	if (!allocated)
826	mutex_unlock(lock: &c->write_reserve_mutex);
827	else
828	kfree(objp: data);
829	return err;
830	}
831
832	/**
833	* ubifs_jnl_write_inode - flush inode to the journal.
834	* @c: UBIFS file-system description object
835	* @inode: inode to flush
836	*
837	* This function writes inode @inode to the journal. If the inode is
838	* synchronous, it also synchronizes the write-buffer. Returns zero in case of
839	* success and a negative error code in case of failure.
840	*/
841	int ubifs_jnl_write_inode(struct ubifs_info c, const* struct inode *inode)
842	{
843	int err, lnum, offs;
844	struct ubifs_ino_node ino, ino_start;
845	struct ubifs_inode *ui = ubifs_inode(inode);
846	int sync = `0`, write_len = `0`, ilen = UBIFS_INO_NODE_SZ;
847	int last_reference = !inode->i_nlink;
848	int kill_xattrs = ui->xattr_cnt && last_reference;
849	u8 hash[UBIFS_HASH_ARR_SZ];
850
851	dbg_jnl("ino %lu, nlink %u", inode->i_ino, inode->i_nlink);
852
853	/*
854	* If the inode is being deleted, do not write the attached data. No
855	* need to synchronize the write-buffer either.
856	*/
857	if (!last_reference) {
858	ilen += ui->data_len;
859	sync = IS_SYNC(inode);
860	} else if (kill_xattrs) {
861	write_len += UBIFS_INO_NODE_SZ * ui->xattr_cnt;
862	}
863
864	if (ubifs_authenticated(c))
865	write_len += ALIGN(ilen, `8`) + ubifs_auth_node_sz(c);
866	else
867	write_len += ilen;
868
869	ino_start = ino = kmalloc(size: write_len, GFP_NOFS);
870	if (!ino)
871	return -ENOMEM;
872
873	/ Make reservation before allocating sequence numbers /
874	err = make_reservation(c, BASEHD, len: write_len);
875	if (err)
876	goto out_free;
877
878	if (kill_xattrs) {
879	union ubifs_key key;
880	struct fscrypt_name nm = {`0`};
881	struct inode *xino;
882	struct ubifs_dent_node xent, pxent = NULL;
883
884	if (ui->xattr_cnt > ubifs_xattr_max_cnt(c)) {
885	err = -EPERM;
886	ubifs_err(c, fmt: "Cannot delete inode, it has too much xattrs!");
887	goto out_release;
888	}
889
890	lowest_xent_key(c, key: &key, inum: inode->i_ino);
891	while (`1`) {
892	xent = ubifs_tnc_next_ent(c, key: &key, nm: &nm);
893	if (IS_ERR(ptr: xent)) {
894	err = PTR_ERR(ptr: xent);
895	if (err == -ENOENT)
896	break;
897
898	kfree(objp: pxent);
899	goto out_release;
900	}
901
902	fname_name(&nm) = xent->name;
903	fname_len(&nm) = le16_to_cpu(xent->nlen);
904
905	xino = ubifs_iget(sb: c->vfs_sb, le64_to_cpu(xent->inum));
906	if (IS_ERR(ptr: xino)) {
907	err = PTR_ERR(ptr: xino);
908	ubifs_err(c, fmt: "dead directory entry '%s', error %d",
909	xent->name, err);
910	ubifs_ro_mode(c, err);
911	kfree(objp: pxent);
912	kfree(objp: xent);
913	goto out_release;
914	}
915	ubifs_assert(c, ubifs_inode(xino)->xattr);
916
917	clear_nlink(inode: xino);
918	pack_inode(c, ino, inode: xino, last: `0`);
919	ino = (void *)ino + UBIFS_INO_NODE_SZ;
920	iput(xino);
921
922	kfree(objp: pxent);
923	pxent = xent;
924	key_read(c, from: &xent->key, to: &key);
925	}
926	kfree(objp: pxent);
927	}
928
929	pack_inode(c, ino, inode, last: `1`);
930	err = ubifs_node_calc_hash(c, buf: ino, hash);
931	if (err)
932	goto out_release;
933
934	err = write_head(c, BASEHD, buf: ino_start, len: write_len, lnum: &lnum, offs: &offs, sync);
935	if (err)
936	goto out_release;
937	if (!sync)
938	ubifs_wbuf_add_ino_nolock(wbuf: &c->jheads[BASEHD].wbuf,
939	inum: inode->i_ino);
940	release_head(c, BASEHD);
941
942	if (last_reference) {
943	err = ubifs_tnc_remove_ino(c, inum: inode->i_ino);
944	if (err)
945	goto out_ro;
946	ubifs_delete_orphan(c, inum: inode->i_ino);
947	err = ubifs_add_dirt(c, lnum, dirty: write_len);
948	} else {
949	union ubifs_key key;
950
951	ubifs_add_auth_dirt(c, lnum);
952
953	ino_key_init(c, key: &key, inum: inode->i_ino);
954	err = ubifs_tnc_add(c, key: &key, lnum, offs, len: ilen, hash);
955	}
956	if (err)
957	goto out_ro;
958
959	finish_reservation(c);
960	spin_lock(lock: &ui->ui_lock);
961	ui->synced_i_size = ui->ui_size;
962	spin_unlock(lock: &ui->ui_lock);
963	kfree(objp: ino_start);
964	return `0`;
965
966	out_release:
967	release_head(c, BASEHD);
968	out_ro:
969	ubifs_ro_mode(c, err);
970	finish_reservation(c);
971	out_free:
972	kfree(objp: ino_start);
973	return err;
974	}
975
976	/**
977	* ubifs_jnl_delete_inode - delete an inode.
978	* @c: UBIFS file-system description object
979	* @inode: inode to delete
980	*
981	* This function deletes inode @inode which includes removing it from orphans,
982	* deleting it from TNC and, in some cases, writing a deletion inode to the
983	* journal.
984	*
985	* When regular file inodes are unlinked or a directory inode is removed, the
986	* 'ubifs_jnl_update()' function writes a corresponding deletion inode and
987	* direntry to the media, and adds the inode to orphans. After this, when the
988	* last reference to this inode has been dropped, this function is called. In
989	* general, it has to write one more deletion inode to the media, because if
990	* a commit happened between 'ubifs_jnl_update()' and
991	* 'ubifs_jnl_delete_inode()', the deletion inode is not in the journal
992	* anymore, and in fact it might not be on the flash anymore, because it might
993	* have been garbage-collected already. And for optimization reasons UBIFS does
994	* not read the orphan area if it has been unmounted cleanly, so it would have
995	* no indication in the journal that there is a deleted inode which has to be
996	* removed from TNC.
997	*
998	* However, if there was no commit between 'ubifs_jnl_update()' and
999	* 'ubifs_jnl_delete_inode()', then there is no need to write the deletion
1000	* inode to the media for the second time. And this is quite a typical case.
1001	*
1002	* This function returns zero in case of success and a negative error code in
1003	* case of failure.
1004	*/
1005	int ubifs_jnl_delete_inode(struct ubifs_info c, const* struct inode *inode)
1006	{
1007	int err;
1008	struct ubifs_inode *ui = ubifs_inode(inode);
1009
1010	ubifs_assert(c, inode->i_nlink == `0`);
1011
1012	if (ui->xattr_cnt \|\| ui->del_cmtno != c->cmt_no)
1013	/ A commit happened for sure or inode hosts xattrs /
1014	return ubifs_jnl_write_inode(c, inode);
1015
1016	down_read(sem: &c->commit_sem);
1017	/*
1018	* Check commit number again, because the first test has been done
1019	* without @c->commit_sem, so a commit might have happened.
1020	*/
1021	if (ui->del_cmtno != c->cmt_no) {
1022	up_read(sem: &c->commit_sem);
1023	return ubifs_jnl_write_inode(c, inode);
1024	}
1025
1026	err = ubifs_tnc_remove_ino(c, inum: inode->i_ino);
1027	if (err)
1028	ubifs_ro_mode(c, err);
1029	else
1030	ubifs_delete_orphan(c, inum: inode->i_ino);
1031	up_read(sem: &c->commit_sem);
1032	return err;
1033	}
1034
1035	/**
1036	* ubifs_jnl_xrename - cross rename two directory entries.
1037	* @c: UBIFS file-system description object
1038	* @fst_dir: parent inode of 1st directory entry to exchange
1039	* @fst_inode: 1st inode to exchange
1040	* @fst_nm: name of 1st inode to exchange
1041	* @snd_dir: parent inode of 2nd directory entry to exchange
1042	* @snd_inode: 2nd inode to exchange
1043	* @snd_nm: name of 2nd inode to exchange
1044	* @sync: non-zero if the write-buffer has to be synchronized
1045	*
1046	* This function implements the cross rename operation which may involve
1047	* writing 2 inodes and 2 directory entries. It marks the written inodes as clean
1048	* and returns zero on success. In case of failure, a negative error code is
1049	* returned.
1050	*/
1051	int ubifs_jnl_xrename(struct ubifs_info c, const* struct inode *fst_dir,
1052	const struct inode *fst_inode,
1053	const struct fscrypt_name *fst_nm,
1054	const struct inode *snd_dir,
1055	const struct inode *snd_inode,
1056	const struct fscrypt_name snd_nm, int* sync)
1057	{
1058	union ubifs_key key;
1059	struct ubifs_dent_node dent1, dent2;
1060	int err, dlen1, dlen2, lnum, offs, len, plen = UBIFS_INO_NODE_SZ;
1061	int aligned_dlen1, aligned_dlen2;
1062	int twoparents = (fst_dir != snd_dir);
1063	void *p;
1064	u8 hash_dent1[UBIFS_HASH_ARR_SZ];
1065	u8 hash_dent2[UBIFS_HASH_ARR_SZ];
1066	u8 hash_p1[UBIFS_HASH_ARR_SZ];
1067	u8 hash_p2[UBIFS_HASH_ARR_SZ];
1068
1069	ubifs_assert(c, ubifs_inode(fst_dir)->data_len == `0`);
1070	ubifs_assert(c, ubifs_inode(snd_dir)->data_len == `0`);
1071	ubifs_assert(c, mutex_is_locked(&ubifs_inode(fst_dir)->ui_mutex));
1072	ubifs_assert(c, mutex_is_locked(&ubifs_inode(snd_dir)->ui_mutex));
1073
1074	dlen1 = UBIFS_DENT_NODE_SZ + fname_len(snd_nm) + `1`;
1075	dlen2 = UBIFS_DENT_NODE_SZ + fname_len(fst_nm) + `1`;
1076	aligned_dlen1 = ALIGN(dlen1, `8`);
1077	aligned_dlen2 = ALIGN(dlen2, `8`);
1078
1079	len = aligned_dlen1 + aligned_dlen2 + ALIGN(plen, `8`);
1080	if (twoparents)
1081	len += plen;
1082
1083	len += ubifs_auth_node_sz(c);
1084
1085	dent1 = kzalloc(size: len, GFP_NOFS);
1086	if (!dent1)
1087	return -ENOMEM;
1088
1089	/ Make reservation before allocating sequence numbers /
1090	err = make_reservation(c, BASEHD, len);
1091	if (err)
1092	goto out_free;
1093
1094	/ Make new dent for 1st entry /
1095	dent1->ch.node_type = UBIFS_DENT_NODE;
1096	dent_key_init_flash(c, k: &dent1->key, inum: snd_dir->i_ino, nm: snd_nm);
1097	dent1->inum = cpu_to_le64(fst_inode->i_ino);
1098	dent1->type = get_dent_type(mode: fst_inode->i_mode);
1099	dent1->nlen = cpu_to_le16(fname_len(snd_nm));
1100	memcpy(dent1->name, fname_name(snd_nm), fname_len(snd_nm));
1101	dent1->name[fname_len(snd_nm)] = `'\0'`;
1102	set_dent_cookie(c, dent: dent1);
1103	zero_dent_node_unused(dent: dent1);
1104	ubifs_prep_grp_node(c, node: dent1, len: dlen1, last: `0`);
1105	err = ubifs_node_calc_hash(c, buf: dent1, hash: hash_dent1);
1106	if (err)
1107	goto out_release;
1108
1109	/ Make new dent for 2nd entry /
1110	dent2 = (void *)dent1 + aligned_dlen1;
1111	dent2->ch.node_type = UBIFS_DENT_NODE;
1112	dent_key_init_flash(c, k: &dent2->key, inum: fst_dir->i_ino, nm: fst_nm);
1113	dent2->inum = cpu_to_le64(snd_inode->i_ino);
1114	dent2->type = get_dent_type(mode: snd_inode->i_mode);
1115	dent2->nlen = cpu_to_le16(fname_len(fst_nm));
1116	memcpy(dent2->name, fname_name(fst_nm), fname_len(fst_nm));
1117	dent2->name[fname_len(fst_nm)] = `'\0'`;
1118	set_dent_cookie(c, dent: dent2);
1119	zero_dent_node_unused(dent: dent2);
1120	ubifs_prep_grp_node(c, node: dent2, len: dlen2, last: `0`);
1121	err = ubifs_node_calc_hash(c, buf: dent2, hash: hash_dent2);
1122	if (err)
1123	goto out_release;
1124
1125	p = (void *)dent2 + aligned_dlen2;
1126	if (!twoparents) {
1127	pack_inode(c, ino: p, inode: fst_dir, last: `1`);
1128	err = ubifs_node_calc_hash(c, buf: p, hash: hash_p1);
1129	if (err)
1130	goto out_release;
1131	} else {
1132	pack_inode(c, ino: p, inode: fst_dir, last: `0`);
1133	err = ubifs_node_calc_hash(c, buf: p, hash: hash_p1);
1134	if (err)
1135	goto out_release;
1136	p += ALIGN(plen, `8`);
1137	pack_inode(c, ino: p, inode: snd_dir, last: `1`);
1138	err = ubifs_node_calc_hash(c, buf: p, hash: hash_p2);
1139	if (err)
1140	goto out_release;
1141	}
1142
1143	err = write_head(c, BASEHD, buf: dent1, len, lnum: &lnum, offs: &offs, sync);
1144	if (err)
1145	goto out_release;
1146	if (!sync) {
1147	struct ubifs_wbuf *wbuf = &c->jheads[BASEHD].wbuf;
1148
1149	ubifs_wbuf_add_ino_nolock(wbuf, inum: fst_dir->i_ino);
1150	ubifs_wbuf_add_ino_nolock(wbuf, inum: snd_dir->i_ino);
1151	}
1152	release_head(c, BASEHD);
1153
1154	ubifs_add_auth_dirt(c, lnum);
1155
1156	dent_key_init(c, key: &key, inum: snd_dir->i_ino, nm: snd_nm);
1157	err = ubifs_tnc_add_nm(c, key: &key, lnum, offs, len: dlen1, hash: hash_dent1, nm: snd_nm);
1158	if (err)
1159	goto out_ro;
1160
1161	offs += aligned_dlen1;
1162	dent_key_init(c, key: &key, inum: fst_dir->i_ino, nm: fst_nm);
1163	err = ubifs_tnc_add_nm(c, key: &key, lnum, offs, len: dlen2, hash: hash_dent2, nm: fst_nm);
1164	if (err)
1165	goto out_ro;
1166
1167	offs += aligned_dlen2;
1168
1169	ino_key_init(c, key: &key, inum: fst_dir->i_ino);
1170	err = ubifs_tnc_add(c, key: &key, lnum, offs, len: plen, hash: hash_p1);
1171	if (err)
1172	goto out_ro;
1173
1174	if (twoparents) {
1175	offs += ALIGN(plen, `8`);
1176	ino_key_init(c, key: &key, inum: snd_dir->i_ino);
1177	err = ubifs_tnc_add(c, key: &key, lnum, offs, len: plen, hash: hash_p2);
1178	if (err)
1179	goto out_ro;
1180	}
1181
1182	finish_reservation(c);
1183
1184	mark_inode_clean(c, ui: ubifs_inode(inode: fst_dir));
1185	if (twoparents)
1186	mark_inode_clean(c, ui: ubifs_inode(inode: snd_dir));
1187	kfree(objp: dent1);
1188	return `0`;
1189
1190	out_release:
1191	release_head(c, BASEHD);
1192	out_ro:
1193	ubifs_ro_mode(c, err);
1194	finish_reservation(c);
1195	out_free:
1196	kfree(objp: dent1);
1197	return err;
1198	}
1199
1200	/**
1201	* ubifs_jnl_rename - rename a directory entry.
1202	* @c: UBIFS file-system description object
1203	* @old_dir: parent inode of directory entry to rename
1204	* @old_inode: directory entry's inode to rename
1205	* @old_nm: name of the old directory entry to rename
1206	* @new_dir: parent inode of directory entry to rename
1207	* @new_inode: new directory entry's inode (or directory entry's inode to
1208	* replace)
1209	* @new_nm: new name of the new directory entry
1210	* @whiteout: whiteout inode
1211	* @sync: non-zero if the write-buffer has to be synchronized
1212	*
1213	* This function implements the re-name operation which may involve writing up
1214	* to 4 inodes(new inode, whiteout inode, old and new parent directory inodes)
1215	* and 2 directory entries. It marks the written inodes as clean and returns
1216	* zero on success. In case of failure, a negative error code is returned.
1217	*/
1218	int ubifs_jnl_rename(struct ubifs_info c, const* struct inode *old_dir,
1219	const struct inode *old_inode,
1220	const struct fscrypt_name *old_nm,
1221	const struct inode *new_dir,
1222	const struct inode *new_inode,
1223	const struct fscrypt_name *new_nm,
1224	const struct inode whiteout, int* sync)
1225	{
1226	void *p;
1227	union ubifs_key key;
1228	struct ubifs_dent_node dent, dent2;
1229	int err, dlen1, dlen2, ilen, wlen, lnum, offs, len, orphan_added = `0`;
1230	int aligned_dlen1, aligned_dlen2, plen = UBIFS_INO_NODE_SZ;
1231	int last_reference = !!(new_inode && new_inode->i_nlink == `0`);
1232	int move = (old_dir != new_dir);
1233	struct ubifs_inode new_ui, whiteout_ui;
1234	u8 hash_old_dir[UBIFS_HASH_ARR_SZ];
1235	u8 hash_new_dir[UBIFS_HASH_ARR_SZ];
1236	u8 hash_new_inode[UBIFS_HASH_ARR_SZ];
1237	u8 hash_whiteout_inode[UBIFS_HASH_ARR_SZ];
1238	u8 hash_dent1[UBIFS_HASH_ARR_SZ];
1239	u8 hash_dent2[UBIFS_HASH_ARR_SZ];
1240
1241	ubifs_assert(c, ubifs_inode(old_dir)->data_len == `0`);
1242	ubifs_assert(c, ubifs_inode(new_dir)->data_len == `0`);
1243	ubifs_assert(c, mutex_is_locked(&ubifs_inode(old_dir)->ui_mutex));
1244	ubifs_assert(c, mutex_is_locked(&ubifs_inode(new_dir)->ui_mutex));
1245
1246	dlen1 = UBIFS_DENT_NODE_SZ + fname_len(new_nm) + `1`;
1247	dlen2 = UBIFS_DENT_NODE_SZ + fname_len(old_nm) + `1`;
1248	if (new_inode) {
1249	new_ui = ubifs_inode(inode: new_inode);
1250	ubifs_assert(c, mutex_is_locked(&new_ui->ui_mutex));
1251	ilen = UBIFS_INO_NODE_SZ;
1252	if (!last_reference)
1253	ilen += new_ui->data_len;
1254	} else
1255	ilen = `0`;
1256
1257	if (whiteout) {
1258	whiteout_ui = ubifs_inode(inode: whiteout);
1259	ubifs_assert(c, mutex_is_locked(&whiteout_ui->ui_mutex));
1260	ubifs_assert(c, whiteout->i_nlink == `1`);
1261	ubifs_assert(c, !whiteout_ui->dirty);
1262	wlen = UBIFS_INO_NODE_SZ;
1263	wlen += whiteout_ui->data_len;
1264	} else
1265	wlen = `0`;
1266
1267	aligned_dlen1 = ALIGN(dlen1, `8`);
1268	aligned_dlen2 = ALIGN(dlen2, `8`);
1269	len = aligned_dlen1 + aligned_dlen2 + ALIGN(ilen, `8`) +
1270	ALIGN(wlen, `8`) + ALIGN(plen, `8`);
1271	if (move)
1272	len += plen;
1273
1274	len += ubifs_auth_node_sz(c);
1275
1276	dent = kzalloc(size: len, GFP_NOFS);
1277	if (!dent)
1278	return -ENOMEM;
1279
1280	/ Make reservation before allocating sequence numbers /
1281	err = make_reservation(c, BASEHD, len);
1282	if (err)
1283	goto out_free;
1284
1285	/ Make new dent /
1286	dent->ch.node_type = UBIFS_DENT_NODE;
1287	dent_key_init_flash(c, k: &dent->key, inum: new_dir->i_ino, nm: new_nm);
1288	dent->inum = cpu_to_le64(old_inode->i_ino);
1289	dent->type = get_dent_type(mode: old_inode->i_mode);
1290	dent->nlen = cpu_to_le16(fname_len(new_nm));
1291	memcpy(dent->name, fname_name(new_nm), fname_len(new_nm));
1292	dent->name[fname_len(new_nm)] = `'\0'`;
1293	set_dent_cookie(c, dent);
1294	zero_dent_node_unused(dent);
1295	ubifs_prep_grp_node(c, node: dent, len: dlen1, last: `0`);
1296	err = ubifs_node_calc_hash(c, buf: dent, hash: hash_dent1);
1297	if (err)
1298	goto out_release;
1299
1300	dent2 = (void *)dent + aligned_dlen1;
1301	dent2->ch.node_type = UBIFS_DENT_NODE;
1302	dent_key_init_flash(c, k: &dent2->key, inum: old_dir->i_ino, nm: old_nm);
1303
1304	if (whiteout) {
1305	dent2->inum = cpu_to_le64(whiteout->i_ino);
1306	dent2->type = get_dent_type(mode: whiteout->i_mode);
1307	} else {
1308	/ Make deletion dent /
1309	dent2->inum = `0`;
1310	dent2->type = DT_UNKNOWN;
1311	}
1312	dent2->nlen = cpu_to_le16(fname_len(old_nm));
1313	memcpy(dent2->name, fname_name(old_nm), fname_len(old_nm));
1314	dent2->name[fname_len(old_nm)] = `'\0'`;
1315	set_dent_cookie(c, dent: dent2);
1316	zero_dent_node_unused(dent: dent2);
1317	ubifs_prep_grp_node(c, node: dent2, len: dlen2, last: `0`);
1318	err = ubifs_node_calc_hash(c, buf: dent2, hash: hash_dent2);
1319	if (err)
1320	goto out_release;
1321
1322	p = (void *)dent2 + aligned_dlen2;
1323	if (new_inode) {
1324	pack_inode(c, ino: p, inode: new_inode, last: `0`);
1325	err = ubifs_node_calc_hash(c, buf: p, hash: hash_new_inode);
1326	if (err)
1327	goto out_release;
1328
1329	p += ALIGN(ilen, `8`);
1330	}
1331
1332	if (whiteout) {
1333	pack_inode(c, ino: p, inode: whiteout, last: `0`);
1334	err = ubifs_node_calc_hash(c, buf: p, hash: hash_whiteout_inode);
1335	if (err)
1336	goto out_release;
1337
1338	p += ALIGN(wlen, `8`);
1339	}
1340
1341	if (!move) {
1342	pack_inode(c, ino: p, inode: old_dir, last: `1`);
1343	err = ubifs_node_calc_hash(c, buf: p, hash: hash_old_dir);
1344	if (err)
1345	goto out_release;
1346	} else {
1347	pack_inode(c, ino: p, inode: old_dir, last: `0`);
1348	err = ubifs_node_calc_hash(c, buf: p, hash: hash_old_dir);
1349	if (err)
1350	goto out_release;
1351
1352	p += ALIGN(plen, `8`);
1353	pack_inode(c, ino: p, inode: new_dir, last: `1`);
1354	err = ubifs_node_calc_hash(c, buf: p, hash: hash_new_dir);
1355	if (err)
1356	goto out_release;
1357	}
1358
1359	if (last_reference) {
1360	err = ubifs_add_orphan(c, inum: new_inode->i_ino);
1361	if (err) {
1362	release_head(c, BASEHD);
1363	goto out_finish;
1364	}
1365	new_ui->del_cmtno = c->cmt_no;
1366	orphan_added = `1`;
1367	}
1368
1369	err = write_head(c, BASEHD, buf: dent, len, lnum: &lnum, offs: &offs, sync);
1370	if (err)
1371	goto out_release;
1372	if (!sync) {
1373	struct ubifs_wbuf *wbuf = &c->jheads[BASEHD].wbuf;
1374
1375	ubifs_wbuf_add_ino_nolock(wbuf, inum: new_dir->i_ino);
1376	ubifs_wbuf_add_ino_nolock(wbuf, inum: old_dir->i_ino);
1377	if (new_inode)
1378	ubifs_wbuf_add_ino_nolock(wbuf: &c->jheads[BASEHD].wbuf,
1379	inum: new_inode->i_ino);
1380	if (whiteout)
1381	ubifs_wbuf_add_ino_nolock(wbuf: &c->jheads[BASEHD].wbuf,
1382	inum: whiteout->i_ino);
1383	}
1384	release_head(c, BASEHD);
1385
1386	ubifs_add_auth_dirt(c, lnum);
1387
1388	dent_key_init(c, key: &key, inum: new_dir->i_ino, nm: new_nm);
1389	err = ubifs_tnc_add_nm(c, key: &key, lnum, offs, len: dlen1, hash: hash_dent1, nm: new_nm);
1390	if (err)
1391	goto out_ro;
1392
1393	offs += aligned_dlen1;
1394	if (whiteout) {
1395	dent_key_init(c, key: &key, inum: old_dir->i_ino, nm: old_nm);
1396	err = ubifs_tnc_add_nm(c, key: &key, lnum, offs, len: dlen2, hash: hash_dent2, nm: old_nm);
1397	if (err)
1398	goto out_ro;
1399	} else {
1400	err = ubifs_add_dirt(c, lnum, dirty: dlen2);
1401	if (err)
1402	goto out_ro;
1403
1404	dent_key_init(c, key: &key, inum: old_dir->i_ino, nm: old_nm);
1405	err = ubifs_tnc_remove_nm(c, key: &key, nm: old_nm);
1406	if (err)
1407	goto out_ro;
1408	}
1409
1410	offs += aligned_dlen2;
1411	if (new_inode) {
1412	ino_key_init(c, key: &key, inum: new_inode->i_ino);
1413	err = ubifs_tnc_add(c, key: &key, lnum, offs, len: ilen, hash: hash_new_inode);
1414	if (err)
1415	goto out_ro;
1416	offs += ALIGN(ilen, `8`);
1417	}
1418
1419	if (whiteout) {
1420	ino_key_init(c, key: &key, inum: whiteout->i_ino);
1421	err = ubifs_tnc_add(c, key: &key, lnum, offs, len: wlen,
1422	hash: hash_whiteout_inode);
1423	if (err)
1424	goto out_ro;
1425	offs += ALIGN(wlen, `8`);
1426	}
1427
1428	ino_key_init(c, key: &key, inum: old_dir->i_ino);
1429	err = ubifs_tnc_add(c, key: &key, lnum, offs, len: plen, hash: hash_old_dir);
1430	if (err)
1431	goto out_ro;
1432
1433	if (move) {
1434	offs += ALIGN(plen, `8`);
1435	ino_key_init(c, key: &key, inum: new_dir->i_ino);
1436	err = ubifs_tnc_add(c, key: &key, lnum, offs, len: plen, hash: hash_new_dir);
1437	if (err)
1438	goto out_ro;
1439	}
1440
1441	finish_reservation(c);
1442	if (new_inode) {
1443	mark_inode_clean(c, ui: new_ui);
1444	spin_lock(lock: &new_ui->ui_lock);
1445	new_ui->synced_i_size = new_ui->ui_size;
1446	spin_unlock(lock: &new_ui->ui_lock);
1447	}
1448	/*
1449	* No need to mark whiteout inode clean.
1450	* Whiteout doesn't have non-zero size, no need to update
1451	* synced_i_size for whiteout_ui.
1452	*/
1453	mark_inode_clean(c, ui: ubifs_inode(inode: old_dir));
1454	if (move)
1455	mark_inode_clean(c, ui: ubifs_inode(inode: new_dir));
1456	kfree(objp: dent);
1457	return `0`;
1458
1459	out_release:
1460	release_head(c, BASEHD);
1461	out_ro:
1462	ubifs_ro_mode(c, err);
1463	if (orphan_added)
1464	ubifs_delete_orphan(c, inum: new_inode->i_ino);
1465	out_finish:
1466	finish_reservation(c);
1467	out_free:
1468	kfree(objp: dent);
1469	return err;
1470	}
1471
1472	/**
1473	* truncate_data_node - re-compress/encrypt a truncated data node.
1474	* @c: UBIFS file-system description object
1475	* @inode: inode which refers to the data node
1476	* @block: data block number
1477	* @dn: data node to re-compress
1478	* @new_len: new length
1479	* @dn_size: size of the data node @dn in memory
1480	*
1481	* This function is used when an inode is truncated and the last data node of
1482	* the inode has to be re-compressed/encrypted and re-written.
1483	*/
1484	static int truncate_data_node(const struct ubifs_info c, const* struct inode *inode,
1485	unsigned int block, struct ubifs_data_node *dn,
1486	int new_len, int* dn_size)
1487	{
1488	void *buf;
1489	int err, dlen, compr_type, out_len, data_size;
1490
1491	out_len = le32_to_cpu(dn->size);
1492	buf = kmalloc_array(n: out_len, WORST_COMPR_FACTOR, GFP_NOFS);
1493	if (!buf)
1494	return -ENOMEM;
1495
1496	dlen = le32_to_cpu(dn->ch.len) - UBIFS_DATA_NODE_SZ;
1497	data_size = dn_size - UBIFS_DATA_NODE_SZ;
1498	compr_type = le16_to_cpu(dn->compr_type);
1499
1500	if (IS_ENCRYPTED(inode)) {
1501	err = ubifs_decrypt(inode, dn, out_len: &dlen, block);
1502	if (err)
1503	goto out;
1504	}
1505
1506	if (compr_type == UBIFS_COMPR_NONE) {
1507	out_len = *new_len;
1508	} else {
1509	err = ubifs_decompress(c, buf: &dn->data, len: dlen, out: buf, out_len: &out_len, compr_type);
1510	if (err)
1511	goto out;
1512
1513	ubifs_compress(c, in_buf: buf, in_len: *new_len, out_buf: &dn->data, out_len: &out_len, compr_type: &compr_type);
1514	}
1515
1516	if (IS_ENCRYPTED(inode)) {
1517	err = ubifs_encrypt(inode, dn, in_len: out_len, out_len: &data_size, block);
1518	if (err)
1519	goto out;
1520
1521	out_len = data_size;
1522	} else {
1523	dn->compr_size = `0`;
1524	}
1525
1526	ubifs_assert(c, out_len <= UBIFS_BLOCK_SIZE);
1527	dn->compr_type = cpu_to_le16(compr_type);
1528	dn->size = cpu_to_le32(*new_len);
1529	*new_len = UBIFS_DATA_NODE_SZ + out_len;
1530	err = `0`;
1531	out:
1532	kfree(objp: buf);
1533	return err;
1534	}
1535
1536	/**
1537	* ubifs_jnl_truncate - update the journal for a truncation.
1538	* @c: UBIFS file-system description object
1539	* @inode: inode to truncate
1540	* @old_size: old size
1541	* @new_size: new size
1542	*
1543	* When the size of a file decreases due to truncation, a truncation node is
1544	* written, the journal tree is updated, and the last data block is re-written
1545	* if it has been affected. The inode is also updated in order to synchronize
1546	* the new inode size.
1547	*
1548	* This function marks the inode as clean and returns zero on success. In case
1549	* of failure, a negative error code is returned.
1550	*/
1551	int ubifs_jnl_truncate(struct ubifs_info c, const* struct inode *inode,
1552	loff_t old_size, loff_t new_size)
1553	{
1554	union ubifs_key key, to_key;
1555	struct ubifs_ino_node *ino;
1556	struct ubifs_trun_node *trun;
1557	struct ubifs_data_node *dn;
1558	int err, dlen, len, lnum, offs, bit, sz, sync = IS_SYNC(inode);
1559	int dn_size;
1560	struct ubifs_inode *ui = ubifs_inode(inode);
1561	ino_t inum = inode->i_ino;
1562	unsigned int blk;
1563	u8 hash_ino[UBIFS_HASH_ARR_SZ];
1564	u8 hash_dn[UBIFS_HASH_ARR_SZ];
1565
1566	dbg_jnl("ino %lu, size %lld -> %lld",
1567	(unsigned long)inum, old_size, new_size);
1568	ubifs_assert(c, !ui->data_len);
1569	ubifs_assert(c, S_ISREG(inode->i_mode));
1570	ubifs_assert(c, mutex_is_locked(&ui->ui_mutex));
1571
1572	dn_size = COMPRESSED_DATA_NODE_BUF_SZ;
1573
1574	if (IS_ENCRYPTED(inode))
1575	dn_size += UBIFS_CIPHER_BLOCK_SIZE;
1576
1577	sz = UBIFS_TRUN_NODE_SZ + UBIFS_INO_NODE_SZ +
1578	dn_size + ubifs_auth_node_sz(c);
1579
1580	ino = kmalloc(size: sz, GFP_NOFS);
1581	if (!ino)
1582	return -ENOMEM;
1583
1584	trun = (void *)ino + UBIFS_INO_NODE_SZ;
1585	trun->ch.node_type = UBIFS_TRUN_NODE;
1586	trun->inum = cpu_to_le32(inum);
1587	trun->old_size = cpu_to_le64(old_size);
1588	trun->new_size = cpu_to_le64(new_size);
1589	zero_trun_node_unused(trun);
1590
1591	dlen = new_size & (UBIFS_BLOCK_SIZE - `1`);
1592	if (dlen) {
1593	/ Get last data block so it can be truncated /
1594	dn = (void *)trun + UBIFS_TRUN_NODE_SZ;
1595	blk = new_size >> UBIFS_BLOCK_SHIFT;
1596	data_key_init(c, key: &key, inum, block: blk);
1597	dbg_jnlk(&key, "last block key ");
1598	err = ubifs_tnc_lookup(c, key: &key, node: dn);
1599	if (err == -ENOENT)
1600	dlen = `0`; / Not found (so it is a hole) /
1601	else if (err)
1602	goto out_free;
1603	else {
1604	int dn_len = le32_to_cpu(dn->size);
1605
1606	if (dn_len <= `0` \|\| dn_len > UBIFS_BLOCK_SIZE) {
1607	ubifs_err(c, fmt: "bad data node (block %u, inode %lu)",
1608	blk, inode->i_ino);
1609	ubifs_dump_node(c, node: dn, node_len: dn_size);
1610	err = -EUCLEAN;
1611	goto out_free;
1612	}
1613
1614	if (dn_len <= dlen)
1615	dlen = `0`; / Nothing to do /
1616	else {
1617	err = truncate_data_node(c, inode, block: blk, dn,
1618	new_len: &dlen, dn_size);
1619	if (err)
1620	goto out_free;
1621	}
1622	}
1623	}
1624
1625	/ Must make reservation before allocating sequence numbers /
1626	len = UBIFS_TRUN_NODE_SZ + UBIFS_INO_NODE_SZ;
1627
1628	if (ubifs_authenticated(c))
1629	len += ALIGN(dlen, `8`) + ubifs_auth_node_sz(c);
1630	else
1631	len += dlen;
1632
1633	err = make_reservation(c, BASEHD, len);
1634	if (err)
1635	goto out_free;
1636
1637	pack_inode(c, ino, inode, last: `0`);
1638	err = ubifs_node_calc_hash(c, buf: ino, hash: hash_ino);
1639	if (err)
1640	goto out_release;
1641
1642	ubifs_prep_grp_node(c, node: trun, UBIFS_TRUN_NODE_SZ, last: dlen ? `0` : `1`);
1643	if (dlen) {
1644	ubifs_prep_grp_node(c, node: dn, len: dlen, last: `1`);
1645	err = ubifs_node_calc_hash(c, buf: dn, hash: hash_dn);
1646	if (err)
1647	goto out_release;
1648	}
1649
1650	err = write_head(c, BASEHD, buf: ino, len, lnum: &lnum, offs: &offs, sync);
1651	if (err)
1652	goto out_release;
1653	if (!sync)
1654	ubifs_wbuf_add_ino_nolock(wbuf: &c->jheads[BASEHD].wbuf, inum);
1655	release_head(c, BASEHD);
1656
1657	ubifs_add_auth_dirt(c, lnum);
1658
1659	if (dlen) {
1660	sz = offs + UBIFS_INO_NODE_SZ + UBIFS_TRUN_NODE_SZ;
1661	err = ubifs_tnc_add(c, key: &key, lnum, offs: sz, len: dlen, hash: hash_dn);
1662	if (err)
1663	goto out_ro;
1664	}
1665
1666	ino_key_init(c, key: &key, inum);
1667	err = ubifs_tnc_add(c, key: &key, lnum, offs, UBIFS_INO_NODE_SZ, hash: hash_ino);
1668	if (err)
1669	goto out_ro;
1670
1671	err = ubifs_add_dirt(c, lnum, UBIFS_TRUN_NODE_SZ);
1672	if (err)
1673	goto out_ro;
1674
1675	bit = new_size & (UBIFS_BLOCK_SIZE - `1`);
1676	blk = (new_size >> UBIFS_BLOCK_SHIFT) + (bit ? `1` : `0`);
1677	data_key_init(c, key: &key, inum, block: blk);
1678
1679	bit = old_size & (UBIFS_BLOCK_SIZE - `1`);
1680	blk = (old_size >> UBIFS_BLOCK_SHIFT) - (bit ? `0` : `1`);
1681	data_key_init(c, key: &to_key, inum, block: blk);
1682
1683	err = ubifs_tnc_remove_range(c, from_key: &key, to_key: &to_key);
1684	if (err)
1685	goto out_ro;
1686
1687	finish_reservation(c);
1688	spin_lock(lock: &ui->ui_lock);
1689	ui->synced_i_size = ui->ui_size;
1690	spin_unlock(lock: &ui->ui_lock);
1691	mark_inode_clean(c, ui);
1692	kfree(objp: ino);
1693	return `0`;
1694
1695	out_release:
1696	release_head(c, BASEHD);
1697	out_ro:
1698	ubifs_ro_mode(c, err);
1699	finish_reservation(c);
1700	out_free:
1701	kfree(objp: ino);
1702	return err;
1703	}
1704
1705
1706	/**
1707	* ubifs_jnl_delete_xattr - delete an extended attribute.
1708	* @c: UBIFS file-system description object
1709	* @host: host inode
1710	* @inode: extended attribute inode
1711	* @nm: extended attribute entry name
1712	*
1713	* This function delete an extended attribute which is very similar to
1714	* un-linking regular files - it writes a deletion xentry, a deletion inode and
1715	* updates the target inode. Returns zero in case of success and a negative
1716	* error code in case of failure.
1717	*/
1718	int ubifs_jnl_delete_xattr(struct ubifs_info c, const* struct inode *host,
1719	const struct inode *inode,
1720	const struct fscrypt_name *nm)
1721	{
1722	int err, xlen, hlen, len, lnum, xent_offs, aligned_xlen, write_len;
1723	struct ubifs_dent_node *xent;
1724	struct ubifs_ino_node *ino;
1725	union ubifs_key xent_key, key1, key2;
1726	int sync = IS_DIRSYNC(host);
1727	struct ubifs_inode *host_ui = ubifs_inode(inode: host);
1728	u8 hash[UBIFS_HASH_ARR_SZ];
1729
1730	ubifs_assert(c, inode->i_nlink == `0`);
1731	ubifs_assert(c, mutex_is_locked(&host_ui->ui_mutex));
1732
1733	/*
1734	* Since we are deleting the inode, we do not bother to attach any data
1735	* to it and assume its length is %UBIFS_INO_NODE_SZ.
1736	*/
1737	xlen = UBIFS_DENT_NODE_SZ + fname_len(nm) + `1`;
1738	aligned_xlen = ALIGN(xlen, `8`);
1739	hlen = host_ui->data_len + UBIFS_INO_NODE_SZ;
1740	len = aligned_xlen + UBIFS_INO_NODE_SZ + ALIGN(hlen, `8`);
1741
1742	write_len = len + ubifs_auth_node_sz(c);
1743
1744	xent = kzalloc(size: write_len, GFP_NOFS);
1745	if (!xent)
1746	return -ENOMEM;
1747
1748	/ Make reservation before allocating sequence numbers /
1749	err = make_reservation(c, BASEHD, len: write_len);
1750	if (err) {
1751	kfree(objp: xent);
1752	return err;
1753	}
1754
1755	xent->ch.node_type = UBIFS_XENT_NODE;
1756	xent_key_init(c, key: &xent_key, inum: host->i_ino, nm);
1757	key_write(c, from: &xent_key, to: xent->key);
1758	xent->inum = `0`;
1759	xent->type = get_dent_type(mode: inode->i_mode);
1760	xent->nlen = cpu_to_le16(fname_len(nm));
1761	memcpy(xent->name, fname_name(nm), fname_len(nm));
1762	xent->name[fname_len(nm)] = `'\0'`;
1763	zero_dent_node_unused(dent: xent);
1764	ubifs_prep_grp_node(c, node: xent, len: xlen, last: `0`);
1765
1766	ino = (void *)xent + aligned_xlen;
1767	pack_inode(c, ino, inode, last: `0`);
1768	ino = (void *)ino + UBIFS_INO_NODE_SZ;
1769	pack_inode(c, ino, inode: host, last: `1`);
1770	err = ubifs_node_calc_hash(c, buf: ino, hash);
1771	if (err)
1772	goto out_release;
1773
1774	err = write_head(c, BASEHD, buf: xent, len: write_len, lnum: &lnum, offs: &xent_offs, sync);
1775	if (!sync && !err)
1776	ubifs_wbuf_add_ino_nolock(wbuf: &c->jheads[BASEHD].wbuf, inum: host->i_ino);
1777	release_head(c, BASEHD);
1778
1779	ubifs_add_auth_dirt(c, lnum);
1780	kfree(objp: xent);
1781	if (err)
1782	goto out_ro;
1783
1784	/ Remove the extended attribute entry from TNC /
1785	err = ubifs_tnc_remove_nm(c, key: &xent_key, nm);
1786	if (err)
1787	goto out_ro;
1788	err = ubifs_add_dirt(c, lnum, dirty: xlen);
1789	if (err)
1790	goto out_ro;
1791
1792	/*
1793	* Remove all nodes belonging to the extended attribute inode from TNC.
1794	* Well, there actually must be only one node - the inode itself.
1795	*/
1796	lowest_ino_key(c, key: &key1, inum: inode->i_ino);
1797	highest_ino_key(c, key: &key2, inum: inode->i_ino);
1798	err = ubifs_tnc_remove_range(c, from_key: &key1, to_key: &key2);
1799	if (err)
1800	goto out_ro;
1801	err = ubifs_add_dirt(c, lnum, UBIFS_INO_NODE_SZ);
1802	if (err)
1803	goto out_ro;
1804
1805	/ And update TNC with the new host inode position /
1806	ino_key_init(c, key: &key1, inum: host->i_ino);
1807	err = ubifs_tnc_add(c, key: &key1, lnum, offs: xent_offs + len - hlen, len: hlen, hash);
1808	if (err)
1809	goto out_ro;
1810
1811	finish_reservation(c);
1812	spin_lock(lock: &host_ui->ui_lock);
1813	host_ui->synced_i_size = host_ui->ui_size;
1814	spin_unlock(lock: &host_ui->ui_lock);
1815	mark_inode_clean(c, ui: host_ui);
1816	return `0`;
1817
1818	out_release:
1819	kfree(objp: xent);
1820	release_head(c, BASEHD);
1821	out_ro:
1822	ubifs_ro_mode(c, err);
1823	finish_reservation(c);
1824	return err;
1825	}
1826
1827	/**
1828	* ubifs_jnl_change_xattr - change an extended attribute.
1829	* @c: UBIFS file-system description object
1830	* @inode: extended attribute inode
1831	* @host: host inode
1832	*
1833	* This function writes the updated version of an extended attribute inode and
1834	* the host inode to the journal (to the base head). The host inode is written
1835	* after the extended attribute inode in order to guarantee that the extended
1836	* attribute will be flushed when the inode is synchronized by 'fsync()' and
1837	* consequently, the write-buffer is synchronized. This function returns zero
1838	* in case of success and a negative error code in case of failure.
1839	*/
1840	int ubifs_jnl_change_xattr(struct ubifs_info c, const* struct inode *inode,
1841	const struct inode *host)
1842	{
1843	int err, len1, len2, aligned_len, aligned_len1, lnum, offs;
1844	struct ubifs_inode *host_ui = ubifs_inode(inode: host);
1845	struct ubifs_ino_node *ino;
1846	union ubifs_key key;
1847	int sync = IS_DIRSYNC(host);
1848	u8 hash_host[UBIFS_HASH_ARR_SZ];
1849	u8 hash[UBIFS_HASH_ARR_SZ];
1850
1851	dbg_jnl("ino %lu, ino %lu", host->i_ino, inode->i_ino);
1852	ubifs_assert(c, inode->i_nlink > `0`);
1853	ubifs_assert(c, mutex_is_locked(&host_ui->ui_mutex));
1854
1855	len1 = UBIFS_INO_NODE_SZ + host_ui->data_len;
1856	len2 = UBIFS_INO_NODE_SZ + ubifs_inode(inode)->data_len;
1857	aligned_len1 = ALIGN(len1, `8`);
1858	aligned_len = aligned_len1 + ALIGN(len2, `8`);
1859
1860	aligned_len += ubifs_auth_node_sz(c);
1861
1862	ino = kzalloc(size: aligned_len, GFP_NOFS);
1863	if (!ino)
1864	return -ENOMEM;
1865
1866	/ Make reservation before allocating sequence numbers /
1867	err = make_reservation(c, BASEHD, len: aligned_len);
1868	if (err)
1869	goto out_free;
1870
1871	pack_inode(c, ino, inode: host, last: `0`);
1872	err = ubifs_node_calc_hash(c, buf: ino, hash: hash_host);
1873	if (err)
1874	goto out_release;
1875	pack_inode(c, ino: (void *)ino + aligned_len1, inode, last: `1`);
1876	err = ubifs_node_calc_hash(c, buf: (void *)ino + aligned_len1, hash);
1877	if (err)
1878	goto out_release;
1879
1880	err = write_head(c, BASEHD, buf: ino, len: aligned_len, lnum: &lnum, offs: &offs, sync: `0`);
1881	if (!sync && !err) {
1882	struct ubifs_wbuf *wbuf = &c->jheads[BASEHD].wbuf;
1883
1884	ubifs_wbuf_add_ino_nolock(wbuf, inum: host->i_ino);
1885	ubifs_wbuf_add_ino_nolock(wbuf, inum: inode->i_ino);
1886	}
1887	release_head(c, BASEHD);
1888	if (err)
1889	goto out_ro;
1890
1891	ubifs_add_auth_dirt(c, lnum);
1892
1893	ino_key_init(c, key: &key, inum: host->i_ino);
1894	err = ubifs_tnc_add(c, key: &key, lnum, offs, len: len1, hash: hash_host);
1895	if (err)
1896	goto out_ro;
1897
1898	ino_key_init(c, key: &key, inum: inode->i_ino);
1899	err = ubifs_tnc_add(c, key: &key, lnum, offs: offs + aligned_len1, len: len2, hash);
1900	if (err)
1901	goto out_ro;
1902
1903	finish_reservation(c);
1904	spin_lock(lock: &host_ui->ui_lock);
1905	host_ui->synced_i_size = host_ui->ui_size;
1906	spin_unlock(lock: &host_ui->ui_lock);
1907	mark_inode_clean(c, ui: host_ui);
1908	kfree(objp: ino);
1909	return `0`;
1910
1911	out_release:
1912	release_head(c, BASEHD);
1913	out_ro:
1914	ubifs_ro_mode(c, err);
1915	finish_reservation(c);
1916	out_free:
1917	kfree(objp: ino);
1918	return err;
1919	}
1920
1921

source code of linux/fs/ubifs/journal.c