LU-14651 llite: extend inode methods with user namespace arg

[fs/lustre-release.git] / lustre / llite / namei.c

diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c
index 9b7241a..3b0267e 100644 (file)
--- a/lustre/llite/namei.c
+++ b/lustre/llite/namei.c
@@ -27,16 +27,15 @@
  */
 /*
  * This file is part of Lustre, http://www.lustre.org/
- * Lustre is a trademark of Sun Microsystems, Inc.
  */
 
 #include <linux/fs.h>
 #include <linux/sched.h>
 #include <linux/mm.h>
+#include <linux/file.h>
 #include <linux/quotaops.h>
 #include <linux/highmem.h>
 #include <linux/pagemap.h>
-#include <linux/security.h>
 #include <linux/user_namespace.h>
 #include <linux/uidgid.h>
 
@@ -47,10 +46,22 @@
 #include <lustre_dlm.h>
 #include "llite_internal.h"
 
+#ifndef HAVE_USER_NAMESPACE_ARG
+#define ll_create_nd(ns, dir, de, mode, ex)    ll_create_nd(dir, de, mode, ex)
+#define ll_mkdir(ns, dir, dch, mode)           ll_mkdir(dir, dch, mode)
+#define ll_mknod(ns, dir, dch, mode, rd)       ll_mknod(dir, dch, mode, rd)
+#ifdef HAVE_IOPS_RENAME_WITH_FLAGS
+#define ll_rename(ns, src, sdc, tgt, tdc, fl)  ll_rename(src, sdc, tgt, tdc, fl)
+#else
+#define ll_rename(ns, src, sdc, tgt, tdc)      ll_rename(src, sdc, tgt, tdc)
+#endif /* HAVE_IOPS_RENAME_WITH_FLAGS */
+#define ll_symlink(nd, dir, dch, old)          ll_symlink(dir, dch, old)
+#endif
+
 static int ll_create_it(struct inode *dir, struct dentry *dentry,
                        struct lookup_intent *it,
                        void *secctx, __u32 secctxlen, bool encrypt,
-                       void *encctx, __u32 encctxlen);
+                       void *encctx, __u32 encctxlen, unsigned int open_flags);
 
 /* called from iget5_locked->find_inode() under inode_lock spinlock */
 static int ll_test_inode(struct inode *inode, void *opaque)
@@ -155,26 +166,45 @@ struct inode *ll_iget(struct super_block *sb, ino_t hash,
         RETURN(inode);
 }
 
-static void ll_invalidate_negative_children(struct inode *dir)
+/* mark negative sub file dentries invalid and prune unused dentries */
+static void ll_prune_negative_children(struct inode *dir)
 {
-       struct dentry *dentry, *tmp_subdir;
+       struct dentry *dentry;
+       struct dentry *child;
 
+       ENTRY;
+
+restart:
        spin_lock(&dir->i_lock);
        hlist_for_each_entry(dentry, &dir->i_dentry, d_alias) {
                spin_lock(&dentry->d_lock);
-               if (!list_empty(&dentry->d_subdirs)) {
-                       struct dentry *child;
-
-                       list_for_each_entry_safe(child, tmp_subdir,
-                                                &dentry->d_subdirs,
-                                                d_child) {
-                               if (child->d_inode == NULL)
-                                       d_lustre_invalidate(child, 1);
+               list_for_each_entry(child, &dentry->d_subdirs, d_child) {
+                       if (child->d_inode)
+                               continue;
+
+                       spin_lock_nested(&child->d_lock, DENTRY_D_LOCK_NESTED);
+                       if (lld_is_init(child))
+                               ll_d2d(child)->lld_invalid = 1;
+                       if (!ll_d_count(child)) {
+                               dget_dlock(child);
+                               __d_drop(child);
+                               spin_unlock(&child->d_lock);
+                               spin_unlock(&dentry->d_lock);
+                               spin_unlock(&dir->i_lock);
+
+                               CDEBUG(D_DENTRY, "prune negative dentry %pd\n",
+                                      child);
+
+                               dput(child);
+                               goto restart;
                        }
+                       spin_unlock(&child->d_lock);
                }
                spin_unlock(&dentry->d_lock);
        }
        spin_unlock(&dir->i_lock);
+
+       EXIT;
 }
 
 int ll_test_inode_by_fid(struct inode *inode, void *opaque)
@@ -190,17 +220,12 @@ static int ll_dom_lock_cancel(struct inode *inode, struct ldlm_lock *lock)
        int rc;
        ENTRY;
 
-       if (!lli->lli_clob) {
-               /* due to DoM read on open, there may exist pages for Lustre
-                * regular file even though cl_object is not set up yet. */
-               truncate_inode_pages(inode->i_mapping, 0);
-               RETURN(0);
-       }
-
        env = cl_env_get(&refcheck);
        if (IS_ERR(env))
                RETURN(PTR_ERR(env));
 
+       OBD_FAIL_TIMEOUT(OBD_FAIL_LDLM_REPLAY_PAUSE, cfs_fail_val);
+
        /* reach MDC layer to flush data under  the DoM ldlm lock */
        rc = cl_object_flush(env, lli->lli_clob, lock);
        if (rc == -ENODATA) {
@@ -244,7 +269,7 @@ static void ll_lock_cancel_bits(struct ldlm_lock *lock, __u64 to_cancel)
        }
 
        if (bits & MDS_INODELOCK_XATTR) {
-               ll_xattr_cache_destroy(inode);
+               ll_xattr_cache_empty(inode);
                bits &= ~MDS_INODELOCK_XATTR;
        }
 
@@ -305,7 +330,7 @@ static void ll_lock_cancel_bits(struct ldlm_lock *lock, __u64 to_cancel)
        lli = ll_i2info(inode);
 
        if (bits & MDS_INODELOCK_UPDATE)
-               ll_file_set_flag(lli, LLIF_UPDATE_ATIME);
+               set_bit(LLIF_UPDATE_ATIME, &lli->lli_flags);
 
        if ((bits & MDS_INODELOCK_UPDATE) && S_ISDIR(inode->i_mode)) {
                CDEBUG(D_INODE, "invalidating inode "DFID" lli = %p, "
@@ -350,18 +375,17 @@ static void ll_lock_cancel_bits(struct ldlm_lock *lock, __u64 to_cancel)
                                                        ll_test_inode_by_fid,
                                                        (void *)&lli->lli_pfid);
                        if (master_inode) {
-                               ll_invalidate_negative_children(master_inode);
+                               ll_prune_negative_children(master_inode);
                                iput(master_inode);
                        }
                } else {
-                       ll_invalidate_negative_children(inode);
+                       ll_prune_negative_children(inode);
                }
        }
 
        if ((bits & (MDS_INODELOCK_LOOKUP | MDS_INODELOCK_PERM)) &&
-           inode->i_sb->s_root != NULL &&
-           inode != inode->i_sb->s_root->d_inode)
-               ll_invalidate_aliases(inode);
+           !is_root_inode(inode))
+               ll_prune_aliases(inode);
 
        if (bits & (MDS_INODELOCK_LOOKUP | MDS_INODELOCK_PERM))
                forget_all_cached_acls(inode);
@@ -581,16 +605,12 @@ static struct dentry *ll_find_alias(struct inode *inode, struct dentry *dentry)
 struct dentry *ll_splice_alias(struct inode *inode, struct dentry *de)
 {
        struct dentry *new;
-       int rc;
 
        if (inode) {
                new = ll_find_alias(inode, de);
                if (new) {
-                       rc = ll_d_init(new);
-                       if (rc < 0) {
-                               dput(new);
-                               return ERR_PTR(rc);
-                       }
+                       if (!ll_d_setup(new, true))
+                               return ERR_PTR(-ENOMEM);
                        d_move(new, de);
                        iput(inode);
                        CDEBUG(D_DENTRY,
@@ -599,10 +619,30 @@ struct dentry *ll_splice_alias(struct inode *inode, struct dentry *de)
                        return new;
                }
        }
-       rc = ll_d_init(de);
-       if (rc < 0)
-               return ERR_PTR(rc);
+       if (!ll_d_setup(de, false))
+               return ERR_PTR(-ENOMEM);
        d_add(de, inode);
+
+       /* this needs only to be done for foreign symlink dirs as
+        * DCACHE_SYMLINK_TYPE is already set by d_flags_for_inode()
+        * kernel routine for files with symlink ops (ie, real symlink)
+        */
+       if (inode && S_ISDIR(inode->i_mode) &&
+           ll_sbi_has_foreign_symlink(ll_i2sbi(inode)) &&
+#ifdef HAVE_IOP_GET_LINK
+           inode->i_op->get_link) {
+#else
+           inode->i_op->follow_link) {
+#endif
+               CDEBUG(D_INFO, "%s: inode "DFID": faking foreign dir as a symlink\n",
+                      ll_i2sbi(inode)->ll_fsname, PFID(ll_inode2fid(inode)));
+               spin_lock(&de->d_lock);
+               /* like d_flags_for_inode() already does for files */
+               de->d_flags = (de->d_flags & ~DCACHE_ENTRY_TYPE) |
+                             DCACHE_SYMLINK_TYPE;
+               spin_unlock(&de->d_lock);
+       }
+
        CDEBUG(D_DENTRY, "Add dentry %p inode %p refc %d flags %#x\n",
               de, de->d_inode, ll_d_count(de), de->d_flags);
         return de;
@@ -630,7 +670,7 @@ static int ll_lookup_it_finish(struct ptlrpc_request *request,
                struct mdt_body *body = req_capsule_server_get(pill,
                                                               &RMF_MDT_BODY);
 
-               rc = ll_prep_inode(&inode, request, (*de)->d_sb, it);
+               rc = ll_prep_inode(&inode, &request->rq_pill, (*de)->d_sb, it);
                if (rc)
                        RETURN(rc);
 
@@ -664,10 +704,11 @@ static int ll_lookup_it_finish(struct ptlrpc_request *request,
                        }
                }
 
-               if (it->it_op & IT_OPEN)
-                       ll_dom_finish_open(inode, request, it);
-
                ll_set_lock_data(ll_i2sbi(parent)->ll_md_exp, inode, it, &bits);
+               /* OPEN can return data if lock has DoM+LAYOUT bits set */
+               if (it->it_op & IT_OPEN &&
+                   bits & MDS_INODELOCK_DOM && bits & MDS_INODELOCK_LAYOUT)
+                       ll_dom_finish_open(inode, request);
 
                /* We used to query real size from OSTs here, but actually
                 * this is not needed. For stat() calls size would be updated
@@ -721,8 +762,10 @@ static int ll_lookup_it_finish(struct ptlrpc_request *request,
 
        if (!it_disposition(it, DISP_LOOKUP_NEG)) {
                /* we have lookup look - unhide dentry */
-               if (bits & MDS_INODELOCK_LOOKUP)
+               if (bits & MDS_INODELOCK_LOOKUP) {
                        d_lustre_revalidate(*de);
+                       ll_update_dir_depth(parent, (*de)->d_inode);
+               }
 
                if (encrypt) {
                        rc = llcrypt_get_encryption_info(inode);
@@ -769,7 +812,7 @@ static int ll_lookup_it_finish(struct ptlrpc_request *request,
 out:
        if (rc != 0 && it->it_op & IT_OPEN) {
                ll_intent_drop_lock(it);
-               ll_open_cleanup((*de)->d_sb, request);
+               ll_open_cleanup((*de)->d_sb, &request->rq_pill);
        }
 
        return rc;
@@ -791,7 +834,8 @@ static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
        __u32 opc;
        int rc;
        char secctx_name[XATTR_NAME_MAX + 1];
-
+       struct llcrypt_name fname;
+       struct lu_fid fid;
        ENTRY;
 
        if (dentry->d_name.len > ll_i2sbi(parent)->ll_namelen)
@@ -819,19 +863,45 @@ static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
        if (it->it_op & IT_CREAT)
                opc = LUSTRE_OPC_CREATE;
        else
-               opc = LUSTRE_OPC_ANY;
+               opc = LUSTRE_OPC_LOOKUP;
+
+       /* Here we should be calling llcrypt_prepare_lookup(). But it installs a
+        * custom ->d_revalidate() method, so we lose ll_d_ops.
+        * To workaround this, call ll_setup_filename() and do the rest
+        * manually. Also make a copy of llcrypt_d_revalidate() (unfortunately
+        * not exported function) and call it from ll_revalidate_dentry(), to
+        * ensure we do not cache stale dentries after a key has been added.
+        */
+       rc = ll_setup_filename(parent, &dentry->d_name, 1, &fname, &fid);
+       if ((!rc || rc == -ENOENT) && fname.is_ciphertext_name) {
+               spin_lock(&dentry->d_lock);
+               dentry->d_flags |= DCACHE_ENCRYPTED_NAME;
+               spin_unlock(&dentry->d_lock);
+       }
+       if (rc == -ENOENT)
+               RETURN(NULL);
+       if (rc)
+               RETURN(ERR_PTR(rc));
 
-       op_data = ll_prep_md_op_data(NULL, parent, NULL, dentry->d_name.name,
-                                    dentry->d_name.len, 0, opc, NULL);
-       if (IS_ERR(op_data))
-               GOTO(out, retval = ERR_CAST(op_data));
+       op_data = ll_prep_md_op_data(NULL, parent, NULL, fname.disk_name.name,
+                                    fname.disk_name.len, 0, opc, NULL);
+       if (IS_ERR(op_data)) {
+               llcrypt_free_filename(&fname);
+               RETURN(ERR_CAST(op_data));
+       }
+       if (!fid_is_zero(&fid)) {
+               op_data->op_fid2 = fid;
+               op_data->op_bias = MDS_FID_OP;
+               if (it->it_op & IT_OPEN)
+                       it->it_flags |= MDS_OPEN_BY_FID;
+       }
 
        /* enforce umask if acl disabled or MDS doesn't support umask */
        if (!IS_POSIXACL(parent) || !exp_connect_umask(ll_i2mdexp(parent)))
                it->it_create_mode &= ~current_umask();
 
        if (it->it_op & IT_CREAT &&
-           ll_i2sbi(parent)->ll_flags & LL_SBI_FILE_SECCTX) {
+           test_bit(LL_SBI_FILE_SECCTX, ll_i2sbi(parent)->ll_flags)) {
                rc = ll_dentry_init_security(dentry, it->it_create_mode,
                                             &dentry->d_name,
                                             &op_data->op_file_secctx_name,
@@ -850,9 +920,75 @@ static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
                        *secctxlen = 0;
        }
        if (it->it_op & IT_CREAT && encrypt) {
-               rc = llcrypt_inherit_context(parent, NULL, op_data, false);
-               if (rc)
-                       GOTO(out, retval = ERR_PTR(rc));
+               if (unlikely(filename_is_volatile(dentry->d_name.name,
+                                                 dentry->d_name.len, NULL))) {
+                       /* get encryption context from reference file */
+                       int ctx_size = LLCRYPT_ENC_CTX_SIZE;
+                       struct lustre_sb_info *lsi;
+                       struct file *ref_file;
+                       struct inode *ref_inode;
+                       void *ctx;
+
+                       rc = volatile_ref_file(dentry->d_name.name,
+                                              dentry->d_name.len,
+                                              &ref_file);
+                       if (rc)
+                               GOTO(out, retval = ERR_PTR(rc));
+
+                       ref_inode = file_inode(ref_file);
+                       if (!ref_inode) {
+                               fput(ref_file);
+                               GOTO(inherit, rc = -EINVAL);
+                       }
+
+                       lsi = s2lsi(ref_inode->i_sb);
+
+getctx:
+                       OBD_ALLOC(ctx, ctx_size);
+                       if (!ctx)
+                               GOTO(out, retval = ERR_PTR(-ENOMEM));
+
+#ifdef CONFIG_LL_ENCRYPTION
+                       rc = lsi->lsi_cop->get_context(ref_inode,
+                                                      ctx, ctx_size);
+#elif defined(HAVE_LUSTRE_CRYPTO)
+                       rc = ref_inode->i_sb->s_cop->get_context(ref_inode,
+                                                                ctx, ctx_size);
+#else
+                       rc = -ENODATA;
+#endif
+                       if (rc == -ERANGE) {
+                               OBD_FREE(ctx, ctx_size);
+                               ctx_size *= 2;
+                               goto getctx;
+                       }
+                       fput(ref_file);
+                       if (rc < 0) {
+                               OBD_FREE(ctx, ctx_size);
+                               GOTO(inherit, rc);
+                       }
+
+                       op_data->op_file_encctx_size = rc;
+                       if (rc == ctx_size) {
+                               op_data->op_file_encctx = ctx;
+                       } else {
+                               OBD_ALLOC(op_data->op_file_encctx,
+                                         op_data->op_file_encctx_size);
+                               if (!op_data->op_file_encctx) {
+                                       OBD_FREE(ctx, ctx_size);
+                                       GOTO(out, retval = ERR_PTR(-ENOMEM));
+                               }
+                               memcpy(op_data->op_file_encctx, ctx,
+                                      op_data->op_file_encctx_size);
+                               OBD_FREE(ctx, ctx_size);
+                       }
+               } else {
+inherit:
+                       rc = llcrypt_inherit_context(parent, NULL, op_data,
+                                                    false);
+                       if (rc)
+                               GOTO(out, retval = ERR_PTR(rc));
+               }
                if (encctx != NULL)
                        *encctx = op_data->op_file_encctx;
                if (encctxlen != NULL)
@@ -882,8 +1018,6 @@ static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
        }
 
        if (pca && pca->pca_dataset) {
-               struct pcc_dataset *dataset = pca->pca_dataset;
-
                OBD_ALLOC_PTR(lum);
                if (lum == NULL)
                        GOTO(out, retval = ERR_PTR(-ENOMEM));
@@ -892,18 +1026,7 @@ static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
                lum->lmm_pattern = LOV_PATTERN_F_RELEASED | LOV_PATTERN_RAID0;
                op_data->op_data = lum;
                op_data->op_data_size = sizeof(*lum);
-               op_data->op_archive_id = dataset->pccd_rwid;
-
-               rc = obd_fid_alloc(NULL, ll_i2mdexp(parent), &op_data->op_fid2,
-                                  op_data);
-               if (rc)
-                       GOTO(out, retval = ERR_PTR(rc));
-
-               rc = pcc_inode_create(parent->i_sb, dataset, &op_data->op_fid2,
-                                     &pca->pca_dentry);
-               if (rc)
-                       GOTO(out, retval = ERR_PTR(rc));
-
+               op_data->op_archive_id = pca->pca_dataset->pccd_rwid;
                it->it_flags |= MDS_OPEN_PCC;
        }
 
@@ -938,6 +1061,14 @@ static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
        if (rc < 0)
                GOTO(out, retval = ERR_PTR(rc));
 
+       if (pca && pca->pca_dataset) {
+               rc = pcc_inode_create(parent->i_sb, pca->pca_dataset,
+                                     &op_data->op_fid2,
+                                     &pca->pca_dentry);
+               if (rc)
+                       GOTO(out, retval = ERR_PTR(rc));
+       }
+
        /* dir layout may change */
        ll_unlock_md_op_lsm(op_data);
        rc = ll_lookup_it_finish(req, it, parent, &dentry,
@@ -976,6 +1107,7 @@ out:
                        op_data->op_file_encctx = NULL;
                        op_data->op_file_encctx_size = 0;
                }
+               llcrypt_free_filename(&fname);
                ll_finish_md_op_data(op_data);
        }
 
@@ -1001,7 +1133,8 @@ static struct dentry *ll_lookup_nd(struct inode *parent, struct dentry *dentry,
         * to proceed with lookup. LU-4185
         */
        if ((flags & LOOKUP_CREATE) && !(flags & LOOKUP_OPEN) &&
-           (inode_permission(parent, MAY_WRITE | MAY_EXEC) == 0))
+           (inode_permission(&init_user_ns,
+                             parent, MAY_WRITE | MAY_EXEC) == 0))
                return NULL;
 
        if (flags & (LOOKUP_PARENT|LOOKUP_OPEN|LOOKUP_CREATE))
@@ -1110,18 +1243,37 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
        it->it_flags &= ~MDS_OPEN_FL_INTERNAL;
 
        if (ll_sbi_has_encrypt(ll_i2sbi(dir)) && IS_ENCRYPTED(dir)) {
-               /* we know that we are going to create a regular file because
+               /* in case of create, this is going to be a regular file because
                 * we set S_IFREG bit on it->it_create_mode above
                 */
                rc = llcrypt_get_encryption_info(dir);
                if (rc)
                        GOTO(out_release, rc);
-               if (!llcrypt_has_encryption_key(dir))
-                       GOTO(out_release, rc = -ENOKEY);
-               encrypt = true;
-               rc = 0;
+               if (open_flags & O_CREAT) {
+                       /* For migration or mirroring without enc key, we still
+                        * need to be able to create a volatile file.
+                        */
+                       if (!llcrypt_has_encryption_key(dir) &&
+                           (!filename_is_volatile(dentry->d_name.name,
+                                                  dentry->d_name.len, NULL) ||
+                           (open_flags & O_FILE_ENC) != O_FILE_ENC ||
+                           !(open_flags & O_DIRECT)))
+                               GOTO(out_release, rc = -ENOKEY);
+                       encrypt = true;
+               }
        }
 
+       OBD_FAIL_TIMEOUT(OBD_FAIL_LLITE_CREATE_FILE_PAUSE2, cfs_fail_val);
+
+       /* We can only arrive at this path when we have no inode, so
+        * we only need to request open lock if it was requested
+        * for every open
+        */
+       if (ll_i2sbi(dir)->ll_oc_thrsh_count == 1 &&
+           exp_connect_flags2(ll_i2mdexp(dir)) &
+           OBD_CONNECT2_ATOMIC_OPEN_LOCK)
+               it->it_flags |= MDS_OPEN_LOCK;
+
        /* Dentry added to dcache tree in ll_lookup_it */
        de = ll_lookup_it(dir, dentry, it, &secctx, &secctxlen, &pca, encrypt,
                          &encctx, &encctxlen);
@@ -1136,8 +1288,9 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
                if (it_disposition(it, DISP_OPEN_CREATE)) {
                        /* Dentry instantiated in ll_create_it. */
                        rc = ll_create_it(dir, dentry, it, secctx, secctxlen,
-                                         encrypt, encctx, encctxlen);
-                       security_release_secctx(secctx, secctxlen);
+                                         encrypt, encctx, encctxlen,
+                                         open_flags);
+                       ll_security_release_secctx(secctx, secctxlen);
                        llcrypt_free_ctx(encctx, encctxlen);
                        if (rc) {
                                /* We dget in ll_splice_alias. */
@@ -1180,7 +1333,9 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
                        }
                }
 
-               if (dentry->d_inode && it_disposition(it, DISP_OPEN_OPEN)) {
+               /* check also if a foreign file is openable */
+               if (dentry->d_inode && it_disposition(it, DISP_OPEN_OPEN) &&
+                   ll_foreign_is_openable(dentry, open_flags)) {
                        /* Open dentry. */
                        if (S_ISFIFO(dentry->d_inode->i_mode)) {
                                /* We cannot call open here as it might
@@ -1223,10 +1378,10 @@ static struct inode *ll_create_node(struct inode *dir, struct lookup_intent *it)
 
        LASSERT(it_disposition(it, DISP_ENQ_CREATE_REF));
        request = it->it_request;
-        it_clear_disposition(it, DISP_ENQ_CREATE_REF);
-        rc = ll_prep_inode(&inode, request, dir->i_sb, it);
-        if (rc)
-                GOTO(out, inode = ERR_PTR(rc));
+       it_clear_disposition(it, DISP_ENQ_CREATE_REF);
+       rc = ll_prep_inode(&inode, &request->rq_pill, dir->i_sb, it);
+       if (rc)
+               GOTO(out, inode = ERR_PTR(rc));
 
        /* Pause to allow for a race with concurrent access by fid */
        OBD_FAIL_TIMEOUT(OBD_FAIL_LLITE_CREATE_NODE_PAUSE, cfs_fail_val);
@@ -1260,7 +1415,7 @@ static struct inode *ll_create_node(struct inode *dir, struct lookup_intent *it)
 static int ll_create_it(struct inode *dir, struct dentry *dentry,
                        struct lookup_intent *it,
                        void *secctx, __u32 secctxlen, bool encrypt,
-                       void *encctx, __u32 encctxlen)
+                       void *encctx, __u32 encctxlen, unsigned int open_flags)
 {
        struct inode *inode;
        __u64 bits = 0;
@@ -1278,8 +1433,8 @@ static int ll_create_it(struct inode *dir, struct dentry *dentry,
        if (IS_ERR(inode))
                RETURN(PTR_ERR(inode));
 
-       if ((ll_i2sbi(inode)->ll_flags & LL_SBI_FILE_SECCTX) &&
-           secctx != NULL) {
+       if (test_bit(LL_SBI_FILE_SECCTX, ll_i2sbi(inode)->ll_flags) &&
+           secctx) {
                /* must be done before d_instantiate, because it calls
                 * security_d_instantiate, which means a getxattr if security
                 * context is not set yet */
@@ -1295,20 +1450,33 @@ static int ll_create_it(struct inode *dir, struct dentry *dentry,
        d_instantiate(dentry, inode);
 
        if (encrypt) {
-               rc = ll_set_encflags(inode, encctx, encctxlen, true);
+               bool preload = true;
+
+               /* For migration or mirroring without enc key, we
+                * create a volatile file without enc context.
+                */
+               if (!llcrypt_has_encryption_key(dir) &&
+                   filename_is_volatile(dentry->d_name.name,
+                                        dentry->d_name.len, NULL) &&
+                   (open_flags & O_FILE_ENC) == O_FILE_ENC &&
+                   open_flags & O_DIRECT)
+                       preload = false;
+               rc = ll_set_encflags(inode, encctx, encctxlen, preload);
                if (rc)
                        RETURN(rc);
        }
 
-       if (!(ll_i2sbi(inode)->ll_flags & LL_SBI_FILE_SECCTX)) {
+       if (!test_bit(LL_SBI_FILE_SECCTX, ll_i2sbi(inode)->ll_flags)) {
                rc = ll_inode_init_security(dentry, inode, dir);
                if (rc)
                        RETURN(rc);
        }
 
        ll_set_lock_data(ll_i2sbi(dir)->ll_md_exp, inode, it, &bits);
-       if (bits & MDS_INODELOCK_LOOKUP)
+       if (bits & MDS_INODELOCK_LOOKUP) {
                d_lustre_revalidate(dentry);
+               ll_update_dir_depth(dir, inode);
+       }
 
        RETURN(0);
 }
@@ -1333,21 +1501,77 @@ void ll_update_times(struct ptlrpc_request *request, struct inode *inode)
                inode->i_ctime.tv_sec = body->mbo_ctime;
 }
 
+/* once default LMV (space balanced) is set on ROOT, it should take effect if
+ * default LMV is not set on parent directory.
+ */
+static void ll_qos_mkdir_prep(struct md_op_data *op_data, struct inode *dir)
+{
+       struct inode *root = dir->i_sb->s_root->d_inode;
+       struct ll_inode_info *rlli = ll_i2info(root);
+       struct ll_inode_info *lli = ll_i2info(dir);
+       struct lmv_stripe_md *lsm;
+
+       op_data->op_dir_depth = lli->lli_dir_depth;
+
+       /* parent directory is striped */
+       if (unlikely(lli->lli_lsm_md))
+               return;
+
+       /* default LMV set on parent directory */
+       if (unlikely(lli->lli_default_lsm_md))
+               return;
+
+       /* parent is ROOT */
+       if (unlikely(dir == root))
+               return;
+
+       /* default LMV not set on ROOT */
+       if (!rlli->lli_default_lsm_md)
+               return;
+
+       down_read(&rlli->lli_lsm_sem);
+       lsm = rlli->lli_default_lsm_md;
+       if (!lsm)
+               goto unlock;
+
+       /* not space balanced */
+       if (lsm->lsm_md_master_mdt_index != LMV_OFFSET_DEFAULT)
+               goto unlock;
+
+       if (lsm->lsm_md_max_inherit != LMV_INHERIT_NONE &&
+           (lsm->lsm_md_max_inherit == LMV_INHERIT_UNLIMITED ||
+            lsm->lsm_md_max_inherit >= lli->lli_dir_depth)) {
+               op_data->op_flags |= MF_QOS_MKDIR;
+               if (lsm->lsm_md_max_inherit_rr != LMV_INHERIT_RR_NONE &&
+                   (lsm->lsm_md_max_inherit_rr == LMV_INHERIT_RR_UNLIMITED ||
+                    lsm->lsm_md_max_inherit_rr >= lli->lli_dir_depth))
+                       op_data->op_flags |= MF_RR_MKDIR;
+               CDEBUG(D_INODE, DFID" requests qos mkdir %#x\n",
+                      PFID(&lli->lli_fid), op_data->op_flags);
+       }
+unlock:
+       up_read(&rlli->lli_lsm_sem);
+}
+
 static int ll_new_node(struct inode *dir, struct dentry *dchild,
-                      const char *tgt, umode_t mode, int rdev, __u32 opc)
+                      const char *tgt, umode_t mode, __u64 rdev, __u32 opc)
 {
        struct qstr *name = &dchild->d_name;
        struct ptlrpc_request *request = NULL;
        struct md_op_data *op_data = NULL;
        struct inode *inode = NULL;
        struct ll_sb_info *sbi = ll_i2sbi(dir);
-       int tgt_len = 0;
+       struct llcrypt_str *disk_link = NULL;
        bool encrypt = false;
        int err;
 
        ENTRY;
-       if (unlikely(tgt != NULL))
-               tgt_len = strlen(tgt) + 1;
+       if (unlikely(tgt != NULL)) {
+               disk_link = (struct llcrypt_str *)rdev;
+               rdev = 0;
+               if (!disk_link)
+                       RETURN(-EINVAL);
+       }
 
 again:
        op_data = ll_prep_md_op_data(NULL, dir, NULL, name->name,
@@ -1355,7 +1579,10 @@ again:
        if (IS_ERR(op_data))
                GOTO(err_exit, err = PTR_ERR(op_data));
 
-       if (sbi->ll_flags & LL_SBI_FILE_SECCTX) {
+       if (S_ISDIR(mode))
+               ll_qos_mkdir_prep(op_data, dir);
+
+       if (test_bit(LL_SBI_FILE_SECCTX, sbi->ll_flags)) {
                err = ll_dentry_init_security(dchild, mode, &dchild->d_name,
                                              &op_data->op_file_secctx_name,
                                              &op_data->op_file_secctx,
@@ -1380,12 +1607,45 @@ again:
                err = llcrypt_inherit_context(dir, NULL, op_data, false);
                if (err)
                        GOTO(err_exit, err);
+
+               if (S_ISLNK(mode)) {
+                       /* llcrypt needs inode to encrypt target name, so create
+                        * a fake inode and associate encryption context got
+                        * from llcrypt_inherit_context.
+                        */
+                       struct inode *fakeinode =
+                               dchild->d_sb->s_op->alloc_inode(dchild->d_sb);
+
+                       if (!fakeinode)
+                               GOTO(err_exit, err = -ENOMEM);
+                       fakeinode->i_sb = dchild->d_sb;
+                       fakeinode->i_mode |= S_IFLNK;
+#ifdef IOP_XATTR
+                       fakeinode->i_opflags |= IOP_XATTR;
+#endif
+                       ll_lli_init(ll_i2info(fakeinode));
+                       err = ll_set_encflags(fakeinode,
+                                             op_data->op_file_encctx,
+                                             op_data->op_file_encctx_size,
+                                             true);
+                       if (!err)
+                               err = __llcrypt_encrypt_symlink(fakeinode, tgt,
+                                                               strlen(tgt),
+                                                               disk_link);
+
+                       ll_xattr_cache_destroy(fakeinode);
+                       llcrypt_put_encryption_info(fakeinode);
+                       dchild->d_sb->s_op->destroy_inode(fakeinode);
+                       if (err)
+                               GOTO(err_exit, err);
+               }
        }
 
-       err = md_create(sbi->ll_md_exp, op_data, tgt, tgt_len, mode,
+       err = md_create(sbi->ll_md_exp, op_data, tgt ? disk_link->name : NULL,
+                       tgt ? disk_link->len : 0, mode,
                        from_kuid(&init_user_ns, current_fsuid()),
                        from_kgid(&init_user_ns, current_fsgid()),
-                       cfs_curproc_cap_pack(), rdev, &request);
+                       current_cap(), rdev, &request);
 #if LUSTRE_VERSION_CODE < OBD_OCD_VERSION(2, 14, 58, 0)
        /*
         * server < 2.12.58 doesn't pack default LMV in intent_getattr reply,
@@ -1422,6 +1682,10 @@ again:
                        md.default_lmv->lsm_md_master_mdt_index =
                                lum->lum_stripe_offset;
                        md.default_lmv->lsm_md_hash_type = lum->lum_hash_type;
+                       md.default_lmv->lsm_md_max_inherit =
+                               lum->lum_max_inherit;
+                       md.default_lmv->lsm_md_max_inherit_rr =
+                               lum->lum_max_inherit_rr;
 
                        err = ll_update_inode(dir, &md);
                        md_free_lustre_md(sbi->ll_md_exp, &md);
@@ -1455,11 +1719,11 @@ again:
 
        CFS_FAIL_TIMEOUT(OBD_FAIL_LLITE_NEWNODE_PAUSE, cfs_fail_val);
 
-       err = ll_prep_inode(&inode, request, dchild->d_sb, NULL);
+       err = ll_prep_inode(&inode, &request->rq_pill, dchild->d_sb, NULL);
        if (err)
                GOTO(err_exit, err);
 
-       if (sbi->ll_flags & LL_SBI_FILE_SECCTX) {
+       if (test_bit(LL_SBI_FILE_SECCTX, sbi->ll_flags)) {
                /* must be done before d_instantiate, because it calls
                 * security_d_instantiate, which means a getxattr if security
                 * context is not set yet */
@@ -1481,9 +1745,24 @@ again:
                                      op_data->op_file_encctx_size, true);
                if (err)
                        GOTO(err_exit, err);
+
+               if (S_ISLNK(mode)) {
+                       struct ll_inode_info *lli = ll_i2info(inode);
+
+                       /* Cache the plaintext symlink target
+                        * for later use by get_link()
+                        */
+                       OBD_ALLOC(lli->lli_symlink_name, strlen(tgt) + 1);
+                       /* do not return an error if we cannot
+                        * cache the symlink locally
+                        */
+                       if (lli->lli_symlink_name)
+                               memcpy(lli->lli_symlink_name,
+                                      tgt, strlen(tgt) + 1);
+               }
        }
 
-       if (!(sbi->ll_flags & LL_SBI_FILE_SECCTX)) {
+       if (!test_bit(LL_SBI_FILE_SECCTX, sbi->ll_flags)) {
                err = ll_inode_init_security(dchild, inode, dir);
                if (err)
                        GOTO(err_exit, err);
@@ -1500,8 +1779,8 @@ err_exit:
        RETURN(err);
 }
 
-static int ll_mknod(struct inode *dir, struct dentry *dchild, umode_t mode,
-                   dev_t rdev)
+static int ll_mknod(struct user_namespace *mnt_userns, struct inode *dir,
+                   struct dentry *dchild, umode_t mode, dev_t rdev)
 {
        ktime_t kstart = ktime_get();
        int err;
@@ -1542,7 +1821,8 @@ static int ll_mknod(struct inode *dir, struct dentry *dchild, umode_t mode,
 /*
  * Plain create. Intent create is handled in atomic_open.
  */
-static int ll_create_nd(struct inode *dir, struct dentry *dentry,
+static int ll_create_nd(struct user_namespace *mnt_userns,
+                       struct inode *dir, struct dentry *dentry,
                        umode_t mode, bool want_excl)
 {
        ktime_t kstart = ktime_get();
@@ -1556,7 +1836,7 @@ static int ll_create_nd(struct inode *dir, struct dentry *dentry,
 
        /* Using mknod(2) to create a regular file is designed to not recognize
         * volatile file name, so we use ll_mknod() here. */
-       rc = ll_mknod(dir, dentry, mode, 0);
+       rc = ll_mknod(mnt_userns, dir, dentry, mode, 0);
 
        CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, unhashed %d\n",
               dentry, d_unhashed(dentry));
@@ -1568,18 +1848,28 @@ static int ll_create_nd(struct inode *dir, struct dentry *dentry,
        return rc;
 }
 
-static int ll_symlink(struct inode *dir, struct dentry *dchild,
-                     const char *oldpath)
+static int ll_symlink(struct user_namespace *mnt_userns, struct inode *dir,
+                     struct dentry *dchild, const char *oldpath)
 {
        ktime_t kstart = ktime_get();
+       int len = strlen(oldpath);
+       struct llcrypt_str disk_link;
        int err;
        ENTRY;
 
        CDEBUG(D_VFSTRACE, "VFS Op:name=%pd, dir="DFID"(%p), target=%.*s\n",
               dchild, PFID(ll_inode2fid(dir)), dir, 3000, oldpath);
 
-       err = ll_new_node(dir, dchild, oldpath, S_IFLNK | S_IRWXUGO, 0,
-                         LUSTRE_OPC_SYMLINK);
+       err = llcrypt_prepare_symlink(dir, oldpath, len, dir->i_sb->s_blocksize,
+                                     &disk_link);
+       if (err)
+               RETURN(err);
+
+       err = ll_new_node(dir, dchild, oldpath, S_IFLNK | S_IRWXUGO,
+                         (__u64)&disk_link, LUSTRE_OPC_SYMLINK);
+
+       if (disk_link.name != (unsigned char *)oldpath)
+               kfree(disk_link.name);
 
        if (!err)
                ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_SYMLINK,
@@ -1628,7 +1918,8 @@ out:
        RETURN(err);
 }
 
-static int ll_mkdir(struct inode *dir, struct dentry *dchild, umode_t mode)
+static int ll_mkdir(struct user_namespace *mnt_userns, struct inode *dir,
+                   struct dentry *dchild, umode_t mode)
 {
        ktime_t kstart = ktime_get();
        int err;
@@ -1666,6 +1957,10 @@ static int ll_rmdir(struct inode *dir, struct dentry *dchild)
        if (unlikely(d_mountpoint(dchild)))
                 RETURN(-EBUSY);
 
+       /* some foreign dir may not be allowed to be removed */
+       if (!ll_foreign_is_removable(dchild, false))
+               RETURN(-EPERM);
+
        op_data = ll_prep_md_op_data(NULL, dir, NULL, name->name, name->len,
                                     S_IFDIR, LUSTRE_OPC_ANY, NULL);
        if (IS_ERR(op_data))
@@ -1674,16 +1969,32 @@ static int ll_rmdir(struct inode *dir, struct dentry *dchild)
        if (dchild->d_inode != NULL)
                op_data->op_fid3 = *ll_inode2fid(dchild->d_inode);
 
-       op_data->op_fid2 = op_data->op_fid3;
+       if (fid_is_zero(&op_data->op_fid2))
+               op_data->op_fid2 = op_data->op_fid3;
        rc = md_unlink(ll_i2sbi(dir)->ll_md_exp, op_data, &request);
        ll_finish_md_op_data(op_data);
-       if (!rc)
-               ll_update_times(request, dir);
+       if (!rc) {
+               struct mdt_body *body;
 
-       ptlrpc_req_finished(request);
-       if (!rc)
+               ll_update_times(request, dir);
                ll_stats_ops_tally(ll_i2sbi(dir), LPROC_LL_RMDIR,
                                   ktime_us_delta(ktime_get(), kstart));
+
+               /*
+                * The server puts attributes in on the last unlink, use them
+                * to update the link count so the inode can be freed
+                * immediately.
+                */
+               body = req_capsule_server_get(&request->rq_pill, &RMF_MDT_BODY);
+               if (body->mbo_valid & OBD_MD_FLNLINK) {
+                       spin_lock(&dchild->d_inode->i_lock);
+                       set_nlink(dchild->d_inode, body->mbo_nlink);
+                       spin_unlock(&dchild->d_inode->i_lock);
+               }
+       }
+
+       ptlrpc_req_finished(request);
+
        RETURN(rc);
 }
 
@@ -1739,6 +2050,10 @@ static int ll_unlink(struct inode *dir, struct dentry *dchild)
        if (unlikely(d_mountpoint(dchild)))
                RETURN(-EBUSY);
 
+       /* some foreign file/dir may not be allowed to be unlinked */
+       if (!ll_foreign_is_removable(dchild, false))
+               RETURN(-EPERM);
+
        op_data = ll_prep_md_op_data(NULL, dir, NULL, name->name, name->len, 0,
                                     LUSTRE_OPC_ANY, NULL);
        if (IS_ERR(op_data))
@@ -1750,7 +2065,8 @@ static int ll_unlink(struct inode *dir, struct dentry *dchild)
            ll_i2info(dchild->d_inode)->lli_clob &&
            dirty_cnt(dchild->d_inode))
                op_data->op_cli_flags |= CLI_DIRTY_DATA;
-       op_data->op_fid2 = op_data->op_fid3;
+       if (fid_is_zero(&op_data->op_fid2))
+               op_data->op_fid2 = op_data->op_fid3;
        rc = md_unlink(ll_i2sbi(dir)->ll_md_exp, op_data, &request);
        ll_finish_md_op_data(op_data);
        if (rc)
@@ -1761,8 +2077,11 @@ static int ll_unlink(struct inode *dir, struct dentry *dchild)
         * the link count so the inode can be freed immediately.
         */
        body = req_capsule_server_get(&request->rq_pill, &RMF_MDT_BODY);
-       if (body->mbo_valid & OBD_MD_FLNLINK)
+       if (body->mbo_valid & OBD_MD_FLNLINK) {
+               spin_lock(&dchild->d_inode->i_lock);
                set_nlink(dchild->d_inode, body->mbo_nlink);
+               spin_unlock(&dchild->d_inode->i_lock);
+       }
 
        ll_update_times(request, dir);
 
@@ -1774,23 +2093,24 @@ out:
        RETURN(rc);
 }
 
-static int ll_rename(struct inode *src, struct dentry *src_dchild,
+static int ll_rename(struct user_namespace *mnt_userns,
+                    struct inode *src, struct dentry *src_dchild,
                     struct inode *tgt, struct dentry *tgt_dchild
-#ifdef HAVE_IOPS_RENAME_WITH_FLAGS
+#if defined(HAVE_USER_NAMESPACE_ARG) || defined(HAVE_IOPS_RENAME_WITH_FLAGS)
                     , unsigned int flags
 #endif
                     )
 {
-       struct qstr *src_name = &src_dchild->d_name;
-       struct qstr *tgt_name = &tgt_dchild->d_name;
        struct ptlrpc_request *request = NULL;
        struct ll_sb_info *sbi = ll_i2sbi(src);
        struct md_op_data *op_data;
        ktime_t kstart = ktime_get();
+       umode_t mode = 0;
+       struct llcrypt_name foldname, fnewname;
        int err;
        ENTRY;
 
-#ifdef HAVE_IOPS_RENAME_WITH_FLAGS
+#if defined(HAVE_USER_NAMESPACE_ARG) || defined(HAVE_IOPS_RENAME_WITH_FLAGS)
        if (flags)
                return -EINVAL;
 #endif
@@ -1803,28 +2123,50 @@ static int ll_rename(struct inode *src, struct dentry *src_dchild,
        if (unlikely(d_mountpoint(src_dchild) || d_mountpoint(tgt_dchild)))
                RETURN(-EBUSY);
 
-#ifdef HAVE_IOPS_RENAME_WITH_FLAGS
+#if defined(HAVE_USER_NAMESPACE_ARG) || defined(HAVE_IOPS_RENAME_WITH_FLAGS)
        err = llcrypt_prepare_rename(src, src_dchild, tgt, tgt_dchild, flags);
 #else
        err = llcrypt_prepare_rename(src, src_dchild, tgt, tgt_dchild, 0);
 #endif
        if (err)
                RETURN(err);
+       /* we prevent an encrypted file from being renamed
+        * into an unencrypted dir
+        */
+       if (IS_ENCRYPTED(src) && !IS_ENCRYPTED(tgt))
+               RETURN(-EXDEV);
+
+       if (src_dchild->d_inode)
+               mode = src_dchild->d_inode->i_mode;
+
+       if (tgt_dchild->d_inode)
+               mode = tgt_dchild->d_inode->i_mode;
 
-       op_data = ll_prep_md_op_data(NULL, src, tgt, NULL, 0, 0,
+       op_data = ll_prep_md_op_data(NULL, src, tgt, NULL, 0, mode,
                                     LUSTRE_OPC_ANY, NULL);
        if (IS_ERR(op_data))
                RETURN(PTR_ERR(op_data));
 
-       if (src_dchild->d_inode != NULL)
+       if (src_dchild->d_inode)
                op_data->op_fid3 = *ll_inode2fid(src_dchild->d_inode);
 
-       if (tgt_dchild->d_inode != NULL)
+       if (tgt_dchild->d_inode)
                op_data->op_fid4 = *ll_inode2fid(tgt_dchild->d_inode);
 
+       err = ll_setup_filename(src, &src_dchild->d_name, 1, &foldname, NULL);
+       if (err)
+               RETURN(err);
+       err = ll_setup_filename(tgt, &tgt_dchild->d_name, 1, &fnewname, NULL);
+       if (err) {
+               llcrypt_free_filename(&foldname);
+               RETURN(err);
+       }
        err = md_rename(sbi->ll_md_exp, op_data,
-                       src_name->name, src_name->len,
-                       tgt_name->name, tgt_name->len, &request);
+                       foldname.disk_name.name, foldname.disk_name.len,
+                       fnewname.disk_name.name, fnewname.disk_name.len,
+                       &request);
+       llcrypt_free_filename(&foldname);
+       llcrypt_free_filename(&fnewname);
        ll_finish_md_op_data(op_data);
        if (!err) {
                ll_update_times(request, src);