]> git.ipfire.org Git - thirdparty/kernel/linux.git/blame - fs/overlayfs/copy_up.c
projects / thirdparty / kernel / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ovl: document permission model
[thirdparty/kernel/linux.git] / fs / overlayfs / copy_up.c
CommitLineData
d2912cb1 1// SPDX-License-Identifier: GPL-2.0-only
e9be9d5e
MS		 2/*
3 *
4 * Copyright (C) 2011 Novell Inc.
e9be9d5e
MS		 5 */
6
fb5bb2c3 7#include <linux/module.h>
e9be9d5e
MS		 8#include <linux/fs.h>
9#include <linux/slab.h>
10#include <linux/file.h>
11#include <linux/splice.h>
12#include <linux/xattr.h>
13#include <linux/security.h>
14#include <linux/uaccess.h>
174cd4b1 15#include <linux/sched/signal.h>
5b825c3a 16#include <linux/cred.h>
e9be9d5e 17#include <linux/namei.h>
fb5bb2c3
DH		 18#include <linux/fdtable.h>
19#include <linux/ratelimit.h>
3a1e819b 20#include <linux/exportfs.h>
e9be9d5e
MS		 21#include "overlayfs.h"
22
23#define OVL_COPY_UP_CHUNK_SIZE (1 << 20)
24
670c2324 25static int ovl_ccup_set(const char *buf, const struct kernel_param *param)
fb5bb2c3 26{
1bd0a3ae 27 pr_warn("\"check_copy_up\" module option is obsolete\n");
fb5bb2c3
DH		 28 return 0;
29}
30
670c2324 31static int ovl_ccup_get(char *buf, const struct kernel_param *param)
fb5bb2c3 32{
670c2324 33 return sprintf(buf, "N\n");
fb5bb2c3
DH		 34}
35
670c2324 36module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644);
253e7483 37MODULE_PARM_DESC(check_copy_up, "Obsolete; does nothing");
670c2324 38
e9be9d5e
MS		 39int ovl_copy_xattr(struct dentry *old, struct dentry *new)
40{
e4ad29fa
VC		 41 ssize_t list_size, size, value_size = 0;
42 char *buf, *name, *value = NULL;
43 int uninitialized_var(error);
8b326c61 44 size_t slen;
e9be9d5e 45
5d6c3191
AG		 46 if (!(old->d_inode->i_opflags & IOP_XATTR) ||
47 !(new->d_inode->i_opflags & IOP_XATTR))
e9be9d5e
MS		 48 return 0;
49
50 list_size = vfs_listxattr(old, NULL, 0);
51 if (list_size <= 0) {
52 if (list_size == -EOPNOTSUPP)
53 return 0;
54 return list_size;
55 }
56
57 buf = kzalloc(list_size, GFP_KERNEL);
58 if (!buf)
59 return -ENOMEM;
60
e9be9d5e
MS		 61 list_size = vfs_listxattr(old, buf, list_size);
62 if (list_size <= 0) {
63 error = list_size;
e4ad29fa 64 goto out;
e9be9d5e
MS		 65 }
66
8b326c61
MS		 67 for (name = buf; list_size; name += slen) {
68 slen = strnlen(name, list_size) + 1;
69
70 /* underlying fs providing us with an broken xattr list? */
71 if (WARN_ON(slen > list_size)) {
72 error = -EIO;
73 break;
74 }
75 list_size -= slen;
76
0956254a
MS		 77 if (ovl_is_private_xattr(name))
78 continue;
e4ad29fa
VC		 79retry:
80 size = vfs_getxattr(old, name, value, value_size);
81 if (size == -ERANGE)
82 size = vfs_getxattr(old, name, NULL, 0);
83
97daf8b9 84 if (size < 0) {
e9be9d5e 85 error = size;
e4ad29fa 86 break;
e9be9d5e 87 }
e4ad29fa
VC		 88
89 if (size > value_size) {
90 void *new;
91
92 new = krealloc(value, size, GFP_KERNEL);
93 if (!new) {
94 error = -ENOMEM;
95 break;
96 }
97 value = new;
98 value_size = size;
99 goto retry;
100 }
101
121ab822
VG		 102 error = security_inode_copy_up_xattr(name);
103 if (error < 0 && error != -EOPNOTSUPP)
104 break;
105 if (error == 1) {
106 error = 0;
107 continue; /* Discard */
108 }
e9be9d5e
MS		 109 error = vfs_setxattr(new, name, value, size, 0);
110 if (error)
e4ad29fa 111 break;
e9be9d5e 112 }
e9be9d5e
MS		 113 kfree(value);
114out:
115 kfree(buf);
116 return error;
117}
118
119static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len)
120{
121 struct file *old_file;
122 struct file *new_file;
123 loff_t old_pos = 0;
124 loff_t new_pos = 0;
42ec3d4c 125 loff_t cloned;
b504c654
CX		 126 loff_t data_pos = -1;
127 loff_t hole_len;
128 bool skip_hole = false;
e9be9d5e
MS		 129 int error = 0;
130
131 if (len == 0)
132 return 0;
133
0480334f 134 old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY);
e9be9d5e
MS		 135 if (IS_ERR(old_file))
136 return PTR_ERR(old_file);
137
0480334f 138 new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY);
e9be9d5e
MS		 139 if (IS_ERR(new_file)) {
140 error = PTR_ERR(new_file);
141 goto out_fput;
142 }
143
2ea98466 144 /* Try to use clone_file_range to clone up within the same fs */
452ce659 145 cloned = do_clone_file_range(old_file, 0, new_file, 0, len, 0);
42ec3d4c 146 if (cloned == len)
2ea98466
AG		 147 goto out;
148 /* Couldn't clone, so now we try to copy the data */
2ea98466 149
b504c654
CX		 150 /* Check if lower fs supports seek operation */
151 if (old_file->f_mode & FMODE_LSEEK &&
152 old_file->f_op->llseek)
153 skip_hole = true;
154
e9be9d5e
MS		 155 while (len) {
156 size_t this_len = OVL_COPY_UP_CHUNK_SIZE;
157 long bytes;
158
159 if (len < this_len)
160 this_len = len;
161
162 if (signal_pending_state(TASK_KILLABLE, current)) {
163 error = -EINTR;
164 break;
165 }
166
b504c654
CX		 167 /*
168 * Fill zero for hole will cost unnecessary disk space
169 * and meanwhile slow down the copy-up speed, so we do
170 * an optimization for hole during copy-up, it relies
171 * on SEEK_DATA implementation in lower fs so if lower
172 * fs does not support it, copy-up will behave as before.
173 *
174 * Detail logic of hole detection as below:
175 * When we detect next data position is larger than current
176 * position we will skip that hole, otherwise we copy
177 * data in the size of OVL_COPY_UP_CHUNK_SIZE. Actually,
178 * it may not recognize all kind of holes and sometimes
179 * only skips partial of hole area. However, it will be
180 * enough for most of the use cases.
181 */
182
183 if (skip_hole && data_pos < old_pos) {
184 data_pos = vfs_llseek(old_file, old_pos, SEEK_DATA);
185 if (data_pos > old_pos) {
186 hole_len = data_pos - old_pos;
187 len -= hole_len;
188 old_pos = new_pos = data_pos;
189 continue;
190 } else if (data_pos == -ENXIO) {
191 break;
192 } else if (data_pos < 0) {
193 skip_hole = false;
194 }
195 }
196
e9be9d5e
MS		 197 bytes = do_splice_direct(old_file, &old_pos,
198 new_file, &new_pos,
199 this_len, SPLICE_F_MOVE);
200 if (bytes <= 0) {
201 error = bytes;
202 break;
203 }
204 WARN_ON(old_pos != new_pos);
205
206 len -= bytes;
207 }
2ea98466 208out:
641089c1
MS		 209 if (!error)
210 error = vfs_fsync(new_file, 0);
e9be9d5e
MS		 211 fput(new_file);
212out_fput:
213 fput(old_file);
214 return error;
215}
216
0c288874
VG		 217static int ovl_set_size(struct dentry *upperdentry, struct kstat *stat)
218{
219 struct iattr attr = {
220 .ia_valid = ATTR_SIZE,
221 .ia_size = stat->size,
222 };
223
224 return notify_change(upperdentry, &attr, NULL);
225}
226
e9be9d5e
MS		 227static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat)
228{
229 struct iattr attr = {
230 .ia_valid =
231 ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET,
232 .ia_atime = stat->atime,
233 .ia_mtime = stat->mtime,
234 };
235
236 return notify_change(upperdentry, &attr, NULL);
237}
238
239int ovl_set_attr(struct dentry *upperdentry, struct kstat *stat)
240{
241 int err = 0;
242
243 if (!S_ISLNK(stat->mode)) {
244 struct iattr attr = {
245 .ia_valid = ATTR_MODE,
246 .ia_mode = stat->mode,
247 };
248 err = notify_change(upperdentry, &attr, NULL);
249 }
250 if (!err) {
251 struct iattr attr = {
252 .ia_valid = ATTR_UID | ATTR_GID,
253 .ia_uid = stat->uid,
254 .ia_gid = stat->gid,
255 };
256 err = notify_change(upperdentry, &attr, NULL);
257 }
258 if (!err)
259 ovl_set_timestamps(upperdentry, stat);
260
261 return err;
e9be9d5e
MS		 262}
263
5b2cccd3 264struct ovl_fh *ovl_encode_real_fh(struct dentry *real, bool is_upper)
3a1e819b
AG		 265{
266 struct ovl_fh *fh;
ec7bbb53 267 int fh_type, dwords;
3a1e819b 268 int buflen = MAX_HANDLE_SZ;
05122443 269 uuid_t *uuid = &real->d_sb->s_uuid;
ec7bbb53 270 int err;
3a1e819b 271
ec7bbb53
AG		 272 /* Make sure the real fid stays 32bit aligned */
273 BUILD_BUG_ON(OVL_FH_FID_OFFSET % 4);
274 BUILD_BUG_ON(MAX_HANDLE_SZ + OVL_FH_FID_OFFSET > 255);
275
276 fh = kzalloc(buflen + OVL_FH_FID_OFFSET, GFP_KERNEL);
277 if (!fh)
3a1e819b
AG		 278 return ERR_PTR(-ENOMEM);
279
280 /*
281 * We encode a non-connectable file handle for non-dir, because we
282 * only need to find the lower inode number and we don't want to pay
283 * the price or reconnecting the dentry.
284 */
285 dwords = buflen >> 2;
ec7bbb53 286 fh_type = exportfs_encode_fh(real, (void *)fh->fb.fid, &dwords, 0);
3a1e819b
AG		 287 buflen = (dwords << 2);
288
ec7bbb53 289 err = -EIO;
3a1e819b
AG		 290 if (WARN_ON(fh_type < 0) ||
291 WARN_ON(buflen > MAX_HANDLE_SZ) ||
292 WARN_ON(fh_type == FILEID_INVALID))
ec7bbb53 293 goto out_err;
3a1e819b 294
cbe7fba8
AG		 295 fh->fb.version = OVL_FH_VERSION;
296 fh->fb.magic = OVL_FH_MAGIC;
297 fh->fb.type = fh_type;
298 fh->fb.flags = OVL_FH_FLAG_CPU_ENDIAN;
54fb347e
AG		 299 /*
300 * When we will want to decode an overlay dentry from this handle
301 * and all layers are on the same fs, if we get a disconncted real
302 * dentry when we decode fid, the only way to tell if we should assign
303 * it to upperdentry or to lowerstack is by checking this flag.
304 */
305 if (is_upper)
cbe7fba8 306 fh->fb.flags |= OVL_FH_FLAG_PATH_UPPER;
ec7bbb53 307 fh->fb.len = sizeof(fh->fb) + buflen;
cbe7fba8 308 fh->fb.uuid = *uuid;
3a1e819b 309
3a1e819b 310 return fh;
ec7bbb53
AG		 311
312out_err:
313 kfree(fh);
314 return ERR_PTR(err);
3a1e819b
AG		 315}
316
9678e630
AG		 317int ovl_set_origin(struct dentry *dentry, struct dentry *lower,
318 struct dentry *upper)
3a1e819b 319{
3a1e819b
AG		 320 const struct ovl_fh *fh = NULL;
321 int err;
322
323 /*
324 * When lower layer doesn't support export operations store a 'null' fh,
325 * so we can use the overlay.origin xattr to distignuish between a copy
326 * up and a pure upper inode.
327 */
02bcd157 328 if (ovl_can_decode_fh(lower->d_sb)) {
5b2cccd3 329 fh = ovl_encode_real_fh(lower, false);
3a1e819b
AG		 330 if (IS_ERR(fh))
331 return PTR_ERR(fh);
332 }
333
6266d465
MS		 334 /*
335 * Do not fail when upper doesn't support xattrs.
336 */
cbe7fba8
AG		 337 err = ovl_check_setxattr(dentry, upper, OVL_XATTR_ORIGIN, fh->buf,
338 fh ? fh->fb.len : 0, 0);
3a1e819b
AG		 339 kfree(fh);
340
341 return err;
342}
343
016b720f
AG		 344/* Store file handle of @upper dir in @index dir entry */
345static int ovl_set_upper_fh(struct dentry *upper, struct dentry *index)
346{
347 const struct ovl_fh *fh;
348 int err;
349
5b2cccd3 350 fh = ovl_encode_real_fh(upper, true);
016b720f
AG		 351 if (IS_ERR(fh))
352 return PTR_ERR(fh);
353
cbe7fba8 354 err = ovl_do_setxattr(index, OVL_XATTR_UPPER, fh->buf, fh->fb.len, 0);
016b720f
AG		 355
356 kfree(fh);
357 return err;
358}
359
360/*
361 * Create and install index entry.
362 *
363 * Caller must hold i_mutex on indexdir.
364 */
365static int ovl_create_index(struct dentry *dentry, struct dentry *origin,
366 struct dentry *upper)
367{
368 struct dentry *indexdir = ovl_indexdir(dentry->d_sb);
369 struct inode *dir = d_inode(indexdir);
370 struct dentry *index = NULL;
371 struct dentry *temp = NULL;
372 struct qstr name = { };
373 int err;
374
375 /*
376 * For now this is only used for creating index entry for directories,
377 * because non-dir are copied up directly to index and then hardlinked
378 * to upper dir.
379 *
380 * TODO: implement create index for non-dir, so we can call it when
381 * encoding file handle for non-dir in case index does not exist.
382 */
383 if (WARN_ON(!d_is_dir(dentry)))
384 return -EIO;
385
386 /* Directory not expected to be indexed before copy up */
387 if (WARN_ON(ovl_test_flag(OVL_INDEX, d_inode(dentry))))
388 return -EIO;
389
390 err = ovl_get_index_name(origin, &name);
391 if (err)
392 return err;
393
137ec526 394 temp = ovl_create_temp(indexdir, OVL_CATTR(S_IFDIR | 0));
b148cba4 395 err = PTR_ERR(temp);
016b720f 396 if (IS_ERR(temp))
b148cba4 397 goto free_name;
016b720f 398
016b720f
AG		 399 err = ovl_set_upper_fh(upper, temp);
400 if (err)
b148cba4 401 goto out;
016b720f
AG		 402
403 index = lookup_one_len(name.name, indexdir, name.len);
404 if (IS_ERR(index)) {
405 err = PTR_ERR(index);
406 } else {
407 err = ovl_do_rename(dir, temp, dir, index, 0);
408 dput(index);
409 }
016b720f 410out:
b148cba4
MS		 411 if (err)
412 ovl_cleanup(dir, temp);
016b720f 413 dput(temp);
b148cba4 414free_name:
016b720f
AG		 415 kfree(name.name);
416 return err;
016b720f
AG		 417}
418
f4439de1
AG		 419struct ovl_copy_up_ctx {
420 struct dentry *parent;
421 struct dentry *dentry;
422 struct path lowerpath;
423 struct kstat stat;
424 struct kstat pstat;
425 const char *link;
426 struct dentry *destdir;
427 struct qstr destname;
428 struct dentry *workdir;
f4439de1 429 bool origin;
016b720f 430 bool indexed;
44d5bf10 431 bool metacopy;
f4439de1
AG		 432};
433
434static int ovl_link_up(struct ovl_copy_up_ctx *c)
59be0971
AG		 435{
436 int err;
437 struct dentry *upper;
f4439de1 438 struct dentry *upperdir = ovl_dentry_upper(c->parent);
59be0971
AG		 439 struct inode *udir = d_inode(upperdir);
440
f4439de1
AG		 441 /* Mark parent "impure" because it may now contain non-pure upper */
442 err = ovl_set_impure(c->parent, upperdir);
443 if (err)
444 return err;
445
446 err = ovl_set_nlink_lower(c->dentry);
5f8415d6
AG		 447 if (err)
448 return err;
449
59be0971 450 inode_lock_nested(udir, I_MUTEX_PARENT);
f4439de1
AG		 451 upper = lookup_one_len(c->dentry->d_name.name, upperdir,
452 c->dentry->d_name.len);
59be0971
AG		 453 err = PTR_ERR(upper);
454 if (!IS_ERR(upper)) {
6cf00764 455 err = ovl_do_link(ovl_dentry_upper(c->dentry), udir, upper);
59be0971
AG		 456 dput(upper);
457
f4439de1
AG		 458 if (!err) {
459 /* Restore timestamps on parent (best effort) */
460 ovl_set_timestamps(upperdir, &c->pstat);
461 ovl_dentry_set_upper_alias(c->dentry);
462 }
59be0971
AG		 463 }
464 inode_unlock(udir);
aa3ff3c1
AG		 465 if (err)
466 return err;
467
468 err = ovl_set_nlink_upper(c->dentry);
59be0971
AG		 469
470 return err;
471}
472
23f0ab13 473static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp)
7d90b853 474{
7d90b853
MS		 475 int err;
476
5f32879e
VG		 477 /*
478 * Copy up data first and then xattrs. Writing data after
479 * xattrs will remove security.capability xattr automatically.
480 */
481 if (S_ISREG(c->stat.mode) && !c->metacopy) {
482 struct path upperpath, datapath;
483
484 ovl_path_upper(c->dentry, &upperpath);
485 if (WARN_ON(upperpath.dentry != NULL))
486 return -EIO;
487 upperpath.dentry = temp;
488
489 ovl_path_lowerdata(c->dentry, &datapath);
490 err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size);
491 if (err)
492 return err;
493 }
494
23f0ab13 495 err = ovl_copy_xattr(c->lowerpath.dentry, temp);
e9be9d5e 496 if (err)
02209d10 497 return err;
e9be9d5e 498
3a1e819b
AG		 499 /*
500 * Store identifier of lower inode in upper inode xattr to
501 * allow lookup of the copy up origin inode.
fbaf94ee
MS		 502 *
503 * Don't set origin when we are breaking the association with a lower
504 * hard link.
3a1e819b 505 */
59be0971 506 if (c->origin) {
23f0ab13 507 err = ovl_set_origin(c->dentry, c->lowerpath.dentry, temp);
fbaf94ee 508 if (err)
02209d10 509 return err;
fbaf94ee 510 }
3a1e819b 511
0c288874
VG		 512 if (c->metacopy) {
513 err = ovl_check_setxattr(c->dentry, temp, OVL_XATTR_METACOPY,
514 NULL, 0, -EOPNOTSUPP);
515 if (err)
516 return err;
517 }
518
bd64e575 519 inode_lock(temp->d_inode);
b504c654 520 if (S_ISREG(c->stat.mode))
0c288874
VG		 521 err = ovl_set_size(temp, &c->stat);
522 if (!err)
523 err = ovl_set_attr(temp, &c->stat);
bd64e575
VG		 524 inode_unlock(temp->d_inode);
525
526 return err;
02209d10
AG		 527}
528
6b52243f
MS		 529struct ovl_cu_creds {
530 const struct cred *old;
531 struct cred *new;
532};
533
534static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
b10cdcdc
AG		 535{
536 int err;
b10cdcdc 537
6b52243f
MS		 538 cc->old = cc->new = NULL;
539 err = security_inode_copy_up(dentry, &cc->new);
b10cdcdc 540 if (err < 0)
6b52243f 541 return err;
b10cdcdc 542
6b52243f
MS		 543 if (cc->new)
544 cc->old = override_creds(cc->new);
b10cdcdc 545
6b52243f 546 return 0;
b10cdcdc
AG		 547}
548
6b52243f 549static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)
b10cdcdc 550{
6b52243f
MS		 551 if (cc->new) {
552 revert_creds(cc->old);
553 put_cred(cc->new);
554 }
b10cdcdc
AG		 555}
556
557/*
558 * Copyup using workdir to prepare temp file. Used when copying up directories,
559 * special files or when upper fs doesn't support O_TMPFILE.
560 */
561static int ovl_copy_up_workdir(struct ovl_copy_up_ctx *c)
02209d10 562{
b79e05aa 563 struct inode *inode;
6b52243f
MS		 564 struct inode *udir = d_inode(c->destdir), *wdir = d_inode(c->workdir);
565 struct dentry *temp, *upper;
566 struct ovl_cu_creds cc;
02209d10 567 int err;
6b52243f
MS		 568 struct ovl_cattr cattr = {
569 /* Can't properly set mode on creation because of the umask */
570 .mode = c->stat.mode & S_IFMT,
571 .rdev = c->stat.rdev,
572 .link = c->link
573 };
02209d10 574
b10cdcdc
AG		 575 err = ovl_lock_rename_workdir(c->workdir, c->destdir);
576 if (err)
577 return err;
578
6b52243f
MS		 579 err = ovl_prep_cu_creds(c->dentry, &cc);
580 if (err)
581 goto unlock;
582
583 temp = ovl_create_temp(c->workdir, &cattr);
584 ovl_revert_cu_creds(&cc);
585
b10cdcdc 586 err = PTR_ERR(temp);
b148cba4 587 if (IS_ERR(temp))
b10cdcdc 588 goto unlock;
02209d10 589
23f0ab13 590 err = ovl_copy_up_inode(c, temp);
02209d10 591 if (err)
b10cdcdc 592 goto cleanup;
02209d10 593
016b720f
AG		 594 if (S_ISDIR(c->stat.mode) && c->indexed) {
595 err = ovl_create_index(c->dentry, c->lowerpath.dentry, temp);
596 if (err)
b10cdcdc 597 goto cleanup;
016b720f
AG		 598 }
599
6b52243f
MS		 600 upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);
601 err = PTR_ERR(upper);
602 if (IS_ERR(upper))
603 goto cleanup;
604
605 err = ovl_do_rename(wdir, temp, udir, upper, 0);
606 dput(upper);
e9be9d5e 607 if (err)
b10cdcdc 608 goto cleanup;
e9be9d5e 609
0c288874
VG		 610 if (!c->metacopy)
611 ovl_set_upperdata(d_inode(c->dentry));
b79e05aa 612 inode = d_inode(c->dentry);
6b52243f 613 ovl_inode_update(inode, temp);
b79e05aa
AG		 614 if (S_ISDIR(inode->i_mode))
615 ovl_set_flag(OVL_WHITEOUTS, inode);
b10cdcdc
AG		 616unlock:
617 unlock_rename(c->workdir, c->destdir);
618
619 return err;
620
621cleanup:
6b52243f
MS		 622 ovl_cleanup(wdir, temp);
623 dput(temp);
624 goto unlock;
b10cdcdc
AG		 625}
626
6b52243f
MS		 627/* Copyup using O_TMPFILE which does not require cross dir locking */
628static int ovl_copy_up_tmpfile(struct ovl_copy_up_ctx *c)
b10cdcdc 629{
6b52243f
MS		 630 struct inode *udir = d_inode(c->destdir);
631 struct dentry *temp, *upper;
632 struct ovl_cu_creds cc;
b10cdcdc 633 int err;
b10cdcdc 634
6b52243f
MS		 635 err = ovl_prep_cu_creds(c->dentry, &cc);
636 if (err)
637 return err;
b10cdcdc
AG		 638
639 temp = ovl_do_tmpfile(c->workdir, c->stat.mode);
6b52243f 640 ovl_revert_cu_creds(&cc);
b10cdcdc 641
6b52243f
MS		 642 if (IS_ERR(temp))
643 return PTR_ERR(temp);
b10cdcdc 644
6b52243f
MS		 645 err = ovl_copy_up_inode(c, temp);
646 if (err)
647 goto out_dput;
b10cdcdc
AG		 648
649 inode_lock_nested(udir, I_MUTEX_PARENT);
650
651 upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);
652 err = PTR_ERR(upper);
6b52243f
MS		 653 if (!IS_ERR(upper)) {
654 err = ovl_do_link(temp, udir, upper);
655 dput(upper);
656 }
b10cdcdc
AG		 657 inode_unlock(udir);
658
b10cdcdc 659 if (err)
6b52243f 660 goto out_dput;
b10cdcdc
AG		 661
662 if (!c->metacopy)
663 ovl_set_upperdata(d_inode(c->dentry));
6b52243f 664 ovl_inode_update(d_inode(c->dentry), temp);
b79e05aa 665
6b52243f
MS		 666 return 0;
667
668out_dput:
42f269b9 669 dput(temp);
e9be9d5e 670 return err;
e9be9d5e
MS		 671}
672
673/*
674 * Copy up a single dentry
675 *
a6c60655
MS		 676 * All renames start with copy up of source if necessary. The actual
677 * rename will only proceed once the copy up was successful. Copy up uses
678 * upper parent i_mutex for exclusion. Since rename can change d_parent it
679 * is possible that the copy up will lock the old parent. At that point
680 * the file will have already been copied up anyway.
e9be9d5e 681 */
a6fb235a 682static int ovl_do_copy_up(struct ovl_copy_up_ctx *c)
e9be9d5e 683{
e9be9d5e 684 int err;
23f0ab13 685 struct ovl_fs *ofs = c->dentry->d_sb->s_fs_info;
016b720f 686 bool to_index = false;
59be0971 687
016b720f
AG		 688 /*
689 * Indexed non-dir is copied up directly to the index entry and then
690 * hardlinked to upper dir. Indexed dir is copied up to indexdir,
691 * then index entry is created and then copied up dir installed.
692 * Copying dir up to indexdir instead of workdir simplifies locking.
693 */
694 if (ovl_need_index(c->dentry)) {
695 c->indexed = true;
696 if (S_ISDIR(c->stat.mode))
697 c->workdir = ovl_indexdir(c->dentry->d_sb);
698 else
699 to_index = true;
700 }
701
702 if (S_ISDIR(c->stat.mode) || c->stat.nlink == 1 || to_index)
59be0971
AG		 703 c->origin = true;
704
016b720f 705 if (to_index) {
59be0971
AG		 706 c->destdir = ovl_indexdir(c->dentry->d_sb);
707 err = ovl_get_index_name(c->lowerpath.dentry, &c->destname);
708 if (err)
709 return err;
aa3ff3c1
AG		 710 } else if (WARN_ON(!c->parent)) {
711 /* Disconnected dentry must be copied up to index dir */
712 return -EIO;
59be0971
AG		 713 } else {
714 /*
715 * Mark parent "impure" because it may now contain non-pure
716 * upper
717 */
718 err = ovl_set_impure(c->parent, c->destdir);
719 if (err)
720 return err;
721 }
e9be9d5e 722
01ad3eb8 723 /* Should we copyup with O_TMPFILE or with workdir? */
b10cdcdc
AG		 724 if (S_ISREG(c->stat.mode) && ofs->tmpfile)
725 err = ovl_copy_up_tmpfile(c);
726 else
727 err = ovl_copy_up_workdir(c);
aa3ff3c1
AG		 728 if (err)
729 goto out;
730
731 if (c->indexed)
016b720f
AG		 732 ovl_set_flag(OVL_INDEX, d_inode(c->dentry));
733
734 if (to_index) {
aa3ff3c1
AG		 735 /* Initialize nlink for copy up of disconnected dentry */
736 err = ovl_set_nlink_upper(c->dentry);
737 } else {
59be0971
AG		 738 struct inode *udir = d_inode(c->destdir);
739
740 /* Restore timestamps on parent (best effort) */
741 inode_lock(udir);
742 ovl_set_timestamps(c->destdir, &c->pstat);
743 inode_unlock(udir);
744
745 ovl_dentry_set_upper_alias(c->dentry);
e9be9d5e
MS		 746 }
747
aa3ff3c1
AG		 748out:
749 if (to_index)
750 kfree(c->destname.name);
a6fb235a
MS		 751 return err;
752}
753
44d5bf10
VG		 754static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode,
755 int flags)
756{
757 struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
758
44d5bf10
VG		 759 if (!ofs->config.metacopy)
760 return false;
761
762 if (!S_ISREG(mode))
763 return false;
764
765 if (flags && ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC)))
766 return false;
767
768 return true;
769}
770
0c288874
VG		 771/* Copy up data of an inode which was copied up metadata only in the past. */
772static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c)
773{
4f93b426 774 struct path upperpath, datapath;
0c288874 775 int err;
993a0b2a
VG		 776 char *capability = NULL;
777 ssize_t uninitialized_var(cap_size);
0c288874
VG		 778
779 ovl_path_upper(c->dentry, &upperpath);
780 if (WARN_ON(upperpath.dentry == NULL))
781 return -EIO;
782
4f93b426
VG		 783 ovl_path_lowerdata(c->dentry, &datapath);
784 if (WARN_ON(datapath.dentry == NULL))
785 return -EIO;
786
993a0b2a
VG		 787 if (c->stat.size) {
788 err = cap_size = ovl_getxattr(upperpath.dentry, XATTR_NAME_CAPS,
789 &capability, 0);
790 if (err < 0 && err != -ENODATA)
791 goto out;
792 }
793
4f93b426 794 err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size);
0c288874 795 if (err)
993a0b2a
VG		 796 goto out_free;
797
798 /*
799 * Writing to upper file will clear security.capability xattr. We
800 * don't want that to happen for normal copy-up operation.
801 */
802 if (capability) {
803 err = ovl_do_setxattr(upperpath.dentry, XATTR_NAME_CAPS,
804 capability, cap_size, 0);
805 if (err)
806 goto out_free;
807 }
808
0c288874
VG		 809
810 err = vfs_removexattr(upperpath.dentry, OVL_XATTR_METACOPY);
811 if (err)
993a0b2a 812 goto out_free;
0c288874
VG		 813
814 ovl_set_upperdata(d_inode(c->dentry));
993a0b2a
VG		 815out_free:
816 kfree(capability);
817out:
0c288874
VG		 818 return err;
819}
820
a6fb235a
MS		 821static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
822 int flags)
823{
824 int err;
825 DEFINE_DELAYED_CALL(done);
826 struct path parentpath;
827 struct ovl_copy_up_ctx ctx = {
828 .parent = parent,
829 .dentry = dentry,
830 .workdir = ovl_workdir(dentry),
831 };
832
833 if (WARN_ON(!ctx.workdir))
834 return -EROFS;
835
836 ovl_path_lower(dentry, &ctx.lowerpath);
837 err = vfs_getattr(&ctx.lowerpath, &ctx.stat,
838 STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
839 if (err)
840 return err;
841
44d5bf10
VG		 842 ctx.metacopy = ovl_need_meta_copy_up(dentry, ctx.stat.mode, flags);
843
aa3ff3c1
AG		 844 if (parent) {
845 ovl_path_upper(parent, &parentpath);
846 ctx.destdir = parentpath.dentry;
847 ctx.destname = dentry->d_name;
a6fb235a 848
aa3ff3c1
AG		 849 err = vfs_getattr(&parentpath, &ctx.pstat,
850 STATX_ATIME | STATX_MTIME,
851 AT_STATX_SYNC_AS_STAT);
852 if (err)
853 return err;
854 }
a6fb235a
MS		 855
856 /* maybe truncate regular file. this has no effect on dirs */
857 if (flags & O_TRUNC)
858 ctx.stat.size = 0;
859
860 if (S_ISLNK(ctx.stat.mode)) {
861 ctx.link = vfs_get_link(ctx.lowerpath.dentry, &done);
862 if (IS_ERR(ctx.link))
863 return PTR_ERR(ctx.link);
864 }
a6fb235a 865
0c288874 866 err = ovl_copy_up_start(dentry, flags);
fd210b7d
MS		 867 /* err < 0: interrupted, err > 0: raced with another copy-up */
868 if (unlikely(err)) {
869 if (err > 0)
870 err = 0;
871 } else {
59be0971
AG		 872 if (!ovl_dentry_upper(dentry))
873 err = ovl_do_copy_up(&ctx);
aa3ff3c1 874 if (!err && parent && !ovl_dentry_has_upper_alias(dentry))
f4439de1 875 err = ovl_link_up(&ctx);
0c288874
VG		 876 if (!err && ovl_dentry_needs_data_copy_up_locked(dentry, flags))
877 err = ovl_copy_up_meta_inode_data(&ctx);
fd210b7d
MS		 878 ovl_copy_up_end(dentry);
879 }
7764235b 880 do_delayed_call(&done);
e9be9d5e
MS		 881
882 return err;
883}
884
9aba6521 885int ovl_copy_up_flags(struct dentry *dentry, int flags)
e9be9d5e 886{
8eac98b8
VG		 887 int err = 0;
888 const struct cred *old_cred = ovl_override_creds(dentry->d_sb);
aa3ff3c1
AG		 889 bool disconnected = (dentry->d_flags & DCACHE_DISCONNECTED);
890
891 /*
892 * With NFS export, copy up can get called for a disconnected non-dir.
893 * In this case, we will copy up lower inode to index dir without
894 * linking it to upper dir.
895 */
896 if (WARN_ON(disconnected && d_is_dir(dentry)))
897 return -EIO;
e9be9d5e 898
e9be9d5e
MS		 899 while (!err) {
900 struct dentry *next;
aa3ff3c1 901 struct dentry *parent = NULL;
e9be9d5e 902
0c288874 903 if (ovl_already_copied_up(dentry, flags))
e9be9d5e
MS		 904 break;
905
906 next = dget(dentry);
907 /* find the topmost dentry not yet copied up */
aa3ff3c1 908 for (; !disconnected;) {
e9be9d5e
MS		 909 parent = dget_parent(next);
910
59be0971 911 if (ovl_dentry_upper(parent))
e9be9d5e
MS		 912 break;
913
914 dput(next);
915 next = parent;
916 }
917
a6fb235a 918 err = ovl_copy_up_one(parent, next, flags);
e9be9d5e
MS		 919
920 dput(parent);
921 dput(next);
922 }
8eac98b8 923 revert_creds(old_cred);
e9be9d5e
MS		 924
925 return err;
926}
9aba6521 927
d6eac039
VG		 928static bool ovl_open_need_copy_up(struct dentry *dentry, int flags)
929{
930 /* Copy up of disconnected dentry does not set upper alias */
0c288874 931 if (ovl_already_copied_up(dentry, flags))
d6eac039
VG		 932 return false;
933
934 if (special_file(d_inode(dentry)->i_mode))
935 return false;
936
0c288874 937 if (!ovl_open_flags_need_copy_up(flags))
d6eac039
VG		 938 return false;
939
940 return true;
941}
942
3428030d 943int ovl_maybe_copy_up(struct dentry *dentry, int flags)
d6eac039
VG		 944{
945 int err = 0;
946
3428030d 947 if (ovl_open_need_copy_up(dentry, flags)) {
d6eac039
VG		 948 err = ovl_want_write(dentry);
949 if (!err) {
3428030d 950 err = ovl_copy_up_flags(dentry, flags);
d6eac039
VG		 951 ovl_drop_write(dentry);
952 }
953 }
954
955 return err;
956}
957
d1e6f6a9
VG		 958int ovl_copy_up_with_data(struct dentry *dentry)
959{
960 return ovl_copy_up_flags(dentry, O_WRONLY);
961}
962
9aba6521
AG		 963int ovl_copy_up(struct dentry *dentry)
964{
965 return ovl_copy_up_flags(dentry, 0);
966}
A mirror of Linus' kernel repository