]>
Commit | Line | Data |
---|---|---|
d2912cb1 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
e9be9d5e MS |
2 | /* |
3 | * | |
4 | * Copyright (C) 2011 Novell Inc. | |
e9be9d5e MS |
5 | */ |
6 | ||
fb5bb2c3 | 7 | #include <linux/module.h> |
e9be9d5e MS |
8 | #include <linux/fs.h> |
9 | #include <linux/slab.h> | |
10 | #include <linux/file.h> | |
11 | #include <linux/splice.h> | |
12 | #include <linux/xattr.h> | |
13 | #include <linux/security.h> | |
14 | #include <linux/uaccess.h> | |
174cd4b1 | 15 | #include <linux/sched/signal.h> |
5b825c3a | 16 | #include <linux/cred.h> |
e9be9d5e | 17 | #include <linux/namei.h> |
fb5bb2c3 DH |
18 | #include <linux/fdtable.h> |
19 | #include <linux/ratelimit.h> | |
3a1e819b | 20 | #include <linux/exportfs.h> |
e9be9d5e MS |
21 | #include "overlayfs.h" |
22 | ||
23 | #define OVL_COPY_UP_CHUNK_SIZE (1 << 20) | |
24 | ||
670c2324 | 25 | static int ovl_ccup_set(const char *buf, const struct kernel_param *param) |
fb5bb2c3 | 26 | { |
1bd0a3ae | 27 | pr_warn("\"check_copy_up\" module option is obsolete\n"); |
fb5bb2c3 DH |
28 | return 0; |
29 | } | |
30 | ||
670c2324 | 31 | static int ovl_ccup_get(char *buf, const struct kernel_param *param) |
fb5bb2c3 | 32 | { |
670c2324 | 33 | return sprintf(buf, "N\n"); |
fb5bb2c3 DH |
34 | } |
35 | ||
670c2324 | 36 | module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644); |
253e7483 | 37 | MODULE_PARM_DESC(check_copy_up, "Obsolete; does nothing"); |
670c2324 | 38 | |
e9be9d5e MS |
39 | int ovl_copy_xattr(struct dentry *old, struct dentry *new) |
40 | { | |
e4ad29fa VC |
41 | ssize_t list_size, size, value_size = 0; |
42 | char *buf, *name, *value = NULL; | |
43 | int uninitialized_var(error); | |
8b326c61 | 44 | size_t slen; |
e9be9d5e | 45 | |
5d6c3191 AG |
46 | if (!(old->d_inode->i_opflags & IOP_XATTR) || |
47 | !(new->d_inode->i_opflags & IOP_XATTR)) | |
e9be9d5e MS |
48 | return 0; |
49 | ||
50 | list_size = vfs_listxattr(old, NULL, 0); | |
51 | if (list_size <= 0) { | |
52 | if (list_size == -EOPNOTSUPP) | |
53 | return 0; | |
54 | return list_size; | |
55 | } | |
56 | ||
57 | buf = kzalloc(list_size, GFP_KERNEL); | |
58 | if (!buf) | |
59 | return -ENOMEM; | |
60 | ||
e9be9d5e MS |
61 | list_size = vfs_listxattr(old, buf, list_size); |
62 | if (list_size <= 0) { | |
63 | error = list_size; | |
e4ad29fa | 64 | goto out; |
e9be9d5e MS |
65 | } |
66 | ||
8b326c61 MS |
67 | for (name = buf; list_size; name += slen) { |
68 | slen = strnlen(name, list_size) + 1; | |
69 | ||
70 | /* underlying fs providing us with an broken xattr list? */ | |
71 | if (WARN_ON(slen > list_size)) { | |
72 | error = -EIO; | |
73 | break; | |
74 | } | |
75 | list_size -= slen; | |
76 | ||
0956254a MS |
77 | if (ovl_is_private_xattr(name)) |
78 | continue; | |
e4ad29fa VC |
79 | retry: |
80 | size = vfs_getxattr(old, name, value, value_size); | |
81 | if (size == -ERANGE) | |
82 | size = vfs_getxattr(old, name, NULL, 0); | |
83 | ||
97daf8b9 | 84 | if (size < 0) { |
e9be9d5e | 85 | error = size; |
e4ad29fa | 86 | break; |
e9be9d5e | 87 | } |
e4ad29fa VC |
88 | |
89 | if (size > value_size) { | |
90 | void *new; | |
91 | ||
92 | new = krealloc(value, size, GFP_KERNEL); | |
93 | if (!new) { | |
94 | error = -ENOMEM; | |
95 | break; | |
96 | } | |
97 | value = new; | |
98 | value_size = size; | |
99 | goto retry; | |
100 | } | |
101 | ||
121ab822 VG |
102 | error = security_inode_copy_up_xattr(name); |
103 | if (error < 0 && error != -EOPNOTSUPP) | |
104 | break; | |
105 | if (error == 1) { | |
106 | error = 0; | |
107 | continue; /* Discard */ | |
108 | } | |
e9be9d5e MS |
109 | error = vfs_setxattr(new, name, value, size, 0); |
110 | if (error) | |
e4ad29fa | 111 | break; |
e9be9d5e | 112 | } |
e9be9d5e MS |
113 | kfree(value); |
114 | out: | |
115 | kfree(buf); | |
116 | return error; | |
117 | } | |
118 | ||
119 | static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len) | |
120 | { | |
121 | struct file *old_file; | |
122 | struct file *new_file; | |
123 | loff_t old_pos = 0; | |
124 | loff_t new_pos = 0; | |
42ec3d4c | 125 | loff_t cloned; |
b504c654 CX |
126 | loff_t data_pos = -1; |
127 | loff_t hole_len; | |
128 | bool skip_hole = false; | |
e9be9d5e MS |
129 | int error = 0; |
130 | ||
131 | if (len == 0) | |
132 | return 0; | |
133 | ||
0480334f | 134 | old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY); |
e9be9d5e MS |
135 | if (IS_ERR(old_file)) |
136 | return PTR_ERR(old_file); | |
137 | ||
0480334f | 138 | new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY); |
e9be9d5e MS |
139 | if (IS_ERR(new_file)) { |
140 | error = PTR_ERR(new_file); | |
141 | goto out_fput; | |
142 | } | |
143 | ||
2ea98466 | 144 | /* Try to use clone_file_range to clone up within the same fs */ |
452ce659 | 145 | cloned = do_clone_file_range(old_file, 0, new_file, 0, len, 0); |
42ec3d4c | 146 | if (cloned == len) |
2ea98466 AG |
147 | goto out; |
148 | /* Couldn't clone, so now we try to copy the data */ | |
2ea98466 | 149 | |
b504c654 CX |
150 | /* Check if lower fs supports seek operation */ |
151 | if (old_file->f_mode & FMODE_LSEEK && | |
152 | old_file->f_op->llseek) | |
153 | skip_hole = true; | |
154 | ||
e9be9d5e MS |
155 | while (len) { |
156 | size_t this_len = OVL_COPY_UP_CHUNK_SIZE; | |
157 | long bytes; | |
158 | ||
159 | if (len < this_len) | |
160 | this_len = len; | |
161 | ||
162 | if (signal_pending_state(TASK_KILLABLE, current)) { | |
163 | error = -EINTR; | |
164 | break; | |
165 | } | |
166 | ||
b504c654 CX |
167 | /* |
168 | * Fill zero for hole will cost unnecessary disk space | |
169 | * and meanwhile slow down the copy-up speed, so we do | |
170 | * an optimization for hole during copy-up, it relies | |
171 | * on SEEK_DATA implementation in lower fs so if lower | |
172 | * fs does not support it, copy-up will behave as before. | |
173 | * | |
174 | * Detail logic of hole detection as below: | |
175 | * When we detect next data position is larger than current | |
176 | * position we will skip that hole, otherwise we copy | |
177 | * data in the size of OVL_COPY_UP_CHUNK_SIZE. Actually, | |
178 | * it may not recognize all kind of holes and sometimes | |
179 | * only skips partial of hole area. However, it will be | |
180 | * enough for most of the use cases. | |
181 | */ | |
182 | ||
183 | if (skip_hole && data_pos < old_pos) { | |
184 | data_pos = vfs_llseek(old_file, old_pos, SEEK_DATA); | |
185 | if (data_pos > old_pos) { | |
186 | hole_len = data_pos - old_pos; | |
187 | len -= hole_len; | |
188 | old_pos = new_pos = data_pos; | |
189 | continue; | |
190 | } else if (data_pos == -ENXIO) { | |
191 | break; | |
192 | } else if (data_pos < 0) { | |
193 | skip_hole = false; | |
194 | } | |
195 | } | |
196 | ||
e9be9d5e MS |
197 | bytes = do_splice_direct(old_file, &old_pos, |
198 | new_file, &new_pos, | |
199 | this_len, SPLICE_F_MOVE); | |
200 | if (bytes <= 0) { | |
201 | error = bytes; | |
202 | break; | |
203 | } | |
204 | WARN_ON(old_pos != new_pos); | |
205 | ||
206 | len -= bytes; | |
207 | } | |
2ea98466 | 208 | out: |
641089c1 MS |
209 | if (!error) |
210 | error = vfs_fsync(new_file, 0); | |
e9be9d5e MS |
211 | fput(new_file); |
212 | out_fput: | |
213 | fput(old_file); | |
214 | return error; | |
215 | } | |
216 | ||
0c288874 VG |
217 | static int ovl_set_size(struct dentry *upperdentry, struct kstat *stat) |
218 | { | |
219 | struct iattr attr = { | |
220 | .ia_valid = ATTR_SIZE, | |
221 | .ia_size = stat->size, | |
222 | }; | |
223 | ||
224 | return notify_change(upperdentry, &attr, NULL); | |
225 | } | |
226 | ||
e9be9d5e MS |
227 | static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat) |
228 | { | |
229 | struct iattr attr = { | |
230 | .ia_valid = | |
231 | ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET, | |
232 | .ia_atime = stat->atime, | |
233 | .ia_mtime = stat->mtime, | |
234 | }; | |
235 | ||
236 | return notify_change(upperdentry, &attr, NULL); | |
237 | } | |
238 | ||
239 | int ovl_set_attr(struct dentry *upperdentry, struct kstat *stat) | |
240 | { | |
241 | int err = 0; | |
242 | ||
243 | if (!S_ISLNK(stat->mode)) { | |
244 | struct iattr attr = { | |
245 | .ia_valid = ATTR_MODE, | |
246 | .ia_mode = stat->mode, | |
247 | }; | |
248 | err = notify_change(upperdentry, &attr, NULL); | |
249 | } | |
250 | if (!err) { | |
251 | struct iattr attr = { | |
252 | .ia_valid = ATTR_UID | ATTR_GID, | |
253 | .ia_uid = stat->uid, | |
254 | .ia_gid = stat->gid, | |
255 | }; | |
256 | err = notify_change(upperdentry, &attr, NULL); | |
257 | } | |
258 | if (!err) | |
259 | ovl_set_timestamps(upperdentry, stat); | |
260 | ||
261 | return err; | |
e9be9d5e MS |
262 | } |
263 | ||
5b2cccd3 | 264 | struct ovl_fh *ovl_encode_real_fh(struct dentry *real, bool is_upper) |
3a1e819b AG |
265 | { |
266 | struct ovl_fh *fh; | |
ec7bbb53 | 267 | int fh_type, dwords; |
3a1e819b | 268 | int buflen = MAX_HANDLE_SZ; |
05122443 | 269 | uuid_t *uuid = &real->d_sb->s_uuid; |
ec7bbb53 | 270 | int err; |
3a1e819b | 271 | |
ec7bbb53 AG |
272 | /* Make sure the real fid stays 32bit aligned */ |
273 | BUILD_BUG_ON(OVL_FH_FID_OFFSET % 4); | |
274 | BUILD_BUG_ON(MAX_HANDLE_SZ + OVL_FH_FID_OFFSET > 255); | |
275 | ||
276 | fh = kzalloc(buflen + OVL_FH_FID_OFFSET, GFP_KERNEL); | |
277 | if (!fh) | |
3a1e819b AG |
278 | return ERR_PTR(-ENOMEM); |
279 | ||
280 | /* | |
281 | * We encode a non-connectable file handle for non-dir, because we | |
282 | * only need to find the lower inode number and we don't want to pay | |
283 | * the price or reconnecting the dentry. | |
284 | */ | |
285 | dwords = buflen >> 2; | |
ec7bbb53 | 286 | fh_type = exportfs_encode_fh(real, (void *)fh->fb.fid, &dwords, 0); |
3a1e819b AG |
287 | buflen = (dwords << 2); |
288 | ||
ec7bbb53 | 289 | err = -EIO; |
3a1e819b AG |
290 | if (WARN_ON(fh_type < 0) || |
291 | WARN_ON(buflen > MAX_HANDLE_SZ) || | |
292 | WARN_ON(fh_type == FILEID_INVALID)) | |
ec7bbb53 | 293 | goto out_err; |
3a1e819b | 294 | |
cbe7fba8 AG |
295 | fh->fb.version = OVL_FH_VERSION; |
296 | fh->fb.magic = OVL_FH_MAGIC; | |
297 | fh->fb.type = fh_type; | |
298 | fh->fb.flags = OVL_FH_FLAG_CPU_ENDIAN; | |
54fb347e AG |
299 | /* |
300 | * When we will want to decode an overlay dentry from this handle | |
301 | * and all layers are on the same fs, if we get a disconncted real | |
302 | * dentry when we decode fid, the only way to tell if we should assign | |
303 | * it to upperdentry or to lowerstack is by checking this flag. | |
304 | */ | |
305 | if (is_upper) | |
cbe7fba8 | 306 | fh->fb.flags |= OVL_FH_FLAG_PATH_UPPER; |
ec7bbb53 | 307 | fh->fb.len = sizeof(fh->fb) + buflen; |
cbe7fba8 | 308 | fh->fb.uuid = *uuid; |
3a1e819b | 309 | |
3a1e819b | 310 | return fh; |
ec7bbb53 AG |
311 | |
312 | out_err: | |
313 | kfree(fh); | |
314 | return ERR_PTR(err); | |
3a1e819b AG |
315 | } |
316 | ||
9678e630 AG |
317 | int ovl_set_origin(struct dentry *dentry, struct dentry *lower, |
318 | struct dentry *upper) | |
3a1e819b | 319 | { |
3a1e819b AG |
320 | const struct ovl_fh *fh = NULL; |
321 | int err; | |
322 | ||
323 | /* | |
324 | * When lower layer doesn't support export operations store a 'null' fh, | |
325 | * so we can use the overlay.origin xattr to distignuish between a copy | |
326 | * up and a pure upper inode. | |
327 | */ | |
02bcd157 | 328 | if (ovl_can_decode_fh(lower->d_sb)) { |
5b2cccd3 | 329 | fh = ovl_encode_real_fh(lower, false); |
3a1e819b AG |
330 | if (IS_ERR(fh)) |
331 | return PTR_ERR(fh); | |
332 | } | |
333 | ||
6266d465 MS |
334 | /* |
335 | * Do not fail when upper doesn't support xattrs. | |
336 | */ | |
cbe7fba8 AG |
337 | err = ovl_check_setxattr(dentry, upper, OVL_XATTR_ORIGIN, fh->buf, |
338 | fh ? fh->fb.len : 0, 0); | |
3a1e819b AG |
339 | kfree(fh); |
340 | ||
341 | return err; | |
342 | } | |
343 | ||
016b720f AG |
344 | /* Store file handle of @upper dir in @index dir entry */ |
345 | static int ovl_set_upper_fh(struct dentry *upper, struct dentry *index) | |
346 | { | |
347 | const struct ovl_fh *fh; | |
348 | int err; | |
349 | ||
5b2cccd3 | 350 | fh = ovl_encode_real_fh(upper, true); |
016b720f AG |
351 | if (IS_ERR(fh)) |
352 | return PTR_ERR(fh); | |
353 | ||
cbe7fba8 | 354 | err = ovl_do_setxattr(index, OVL_XATTR_UPPER, fh->buf, fh->fb.len, 0); |
016b720f AG |
355 | |
356 | kfree(fh); | |
357 | return err; | |
358 | } | |
359 | ||
360 | /* | |
361 | * Create and install index entry. | |
362 | * | |
363 | * Caller must hold i_mutex on indexdir. | |
364 | */ | |
365 | static int ovl_create_index(struct dentry *dentry, struct dentry *origin, | |
366 | struct dentry *upper) | |
367 | { | |
368 | struct dentry *indexdir = ovl_indexdir(dentry->d_sb); | |
369 | struct inode *dir = d_inode(indexdir); | |
370 | struct dentry *index = NULL; | |
371 | struct dentry *temp = NULL; | |
372 | struct qstr name = { }; | |
373 | int err; | |
374 | ||
375 | /* | |
376 | * For now this is only used for creating index entry for directories, | |
377 | * because non-dir are copied up directly to index and then hardlinked | |
378 | * to upper dir. | |
379 | * | |
380 | * TODO: implement create index for non-dir, so we can call it when | |
381 | * encoding file handle for non-dir in case index does not exist. | |
382 | */ | |
383 | if (WARN_ON(!d_is_dir(dentry))) | |
384 | return -EIO; | |
385 | ||
386 | /* Directory not expected to be indexed before copy up */ | |
387 | if (WARN_ON(ovl_test_flag(OVL_INDEX, d_inode(dentry)))) | |
388 | return -EIO; | |
389 | ||
390 | err = ovl_get_index_name(origin, &name); | |
391 | if (err) | |
392 | return err; | |
393 | ||
137ec526 | 394 | temp = ovl_create_temp(indexdir, OVL_CATTR(S_IFDIR | 0)); |
b148cba4 | 395 | err = PTR_ERR(temp); |
016b720f | 396 | if (IS_ERR(temp)) |
b148cba4 | 397 | goto free_name; |
016b720f | 398 | |
016b720f AG |
399 | err = ovl_set_upper_fh(upper, temp); |
400 | if (err) | |
b148cba4 | 401 | goto out; |
016b720f AG |
402 | |
403 | index = lookup_one_len(name.name, indexdir, name.len); | |
404 | if (IS_ERR(index)) { | |
405 | err = PTR_ERR(index); | |
406 | } else { | |
407 | err = ovl_do_rename(dir, temp, dir, index, 0); | |
408 | dput(index); | |
409 | } | |
016b720f | 410 | out: |
b148cba4 MS |
411 | if (err) |
412 | ovl_cleanup(dir, temp); | |
016b720f | 413 | dput(temp); |
b148cba4 | 414 | free_name: |
016b720f AG |
415 | kfree(name.name); |
416 | return err; | |
016b720f AG |
417 | } |
418 | ||
f4439de1 AG |
419 | struct ovl_copy_up_ctx { |
420 | struct dentry *parent; | |
421 | struct dentry *dentry; | |
422 | struct path lowerpath; | |
423 | struct kstat stat; | |
424 | struct kstat pstat; | |
425 | const char *link; | |
426 | struct dentry *destdir; | |
427 | struct qstr destname; | |
428 | struct dentry *workdir; | |
f4439de1 | 429 | bool origin; |
016b720f | 430 | bool indexed; |
44d5bf10 | 431 | bool metacopy; |
f4439de1 AG |
432 | }; |
433 | ||
434 | static int ovl_link_up(struct ovl_copy_up_ctx *c) | |
59be0971 AG |
435 | { |
436 | int err; | |
437 | struct dentry *upper; | |
f4439de1 | 438 | struct dentry *upperdir = ovl_dentry_upper(c->parent); |
59be0971 AG |
439 | struct inode *udir = d_inode(upperdir); |
440 | ||
f4439de1 AG |
441 | /* Mark parent "impure" because it may now contain non-pure upper */ |
442 | err = ovl_set_impure(c->parent, upperdir); | |
443 | if (err) | |
444 | return err; | |
445 | ||
446 | err = ovl_set_nlink_lower(c->dentry); | |
5f8415d6 AG |
447 | if (err) |
448 | return err; | |
449 | ||
59be0971 | 450 | inode_lock_nested(udir, I_MUTEX_PARENT); |
f4439de1 AG |
451 | upper = lookup_one_len(c->dentry->d_name.name, upperdir, |
452 | c->dentry->d_name.len); | |
59be0971 AG |
453 | err = PTR_ERR(upper); |
454 | if (!IS_ERR(upper)) { | |
6cf00764 | 455 | err = ovl_do_link(ovl_dentry_upper(c->dentry), udir, upper); |
59be0971 AG |
456 | dput(upper); |
457 | ||
f4439de1 AG |
458 | if (!err) { |
459 | /* Restore timestamps on parent (best effort) */ | |
460 | ovl_set_timestamps(upperdir, &c->pstat); | |
461 | ovl_dentry_set_upper_alias(c->dentry); | |
462 | } | |
59be0971 AG |
463 | } |
464 | inode_unlock(udir); | |
aa3ff3c1 AG |
465 | if (err) |
466 | return err; | |
467 | ||
468 | err = ovl_set_nlink_upper(c->dentry); | |
59be0971 AG |
469 | |
470 | return err; | |
471 | } | |
472 | ||
23f0ab13 | 473 | static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp) |
7d90b853 | 474 | { |
7d90b853 MS |
475 | int err; |
476 | ||
5f32879e VG |
477 | /* |
478 | * Copy up data first and then xattrs. Writing data after | |
479 | * xattrs will remove security.capability xattr automatically. | |
480 | */ | |
481 | if (S_ISREG(c->stat.mode) && !c->metacopy) { | |
482 | struct path upperpath, datapath; | |
483 | ||
484 | ovl_path_upper(c->dentry, &upperpath); | |
485 | if (WARN_ON(upperpath.dentry != NULL)) | |
486 | return -EIO; | |
487 | upperpath.dentry = temp; | |
488 | ||
489 | ovl_path_lowerdata(c->dentry, &datapath); | |
490 | err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size); | |
491 | if (err) | |
492 | return err; | |
493 | } | |
494 | ||
23f0ab13 | 495 | err = ovl_copy_xattr(c->lowerpath.dentry, temp); |
e9be9d5e | 496 | if (err) |
02209d10 | 497 | return err; |
e9be9d5e | 498 | |
3a1e819b AG |
499 | /* |
500 | * Store identifier of lower inode in upper inode xattr to | |
501 | * allow lookup of the copy up origin inode. | |
fbaf94ee MS |
502 | * |
503 | * Don't set origin when we are breaking the association with a lower | |
504 | * hard link. | |
3a1e819b | 505 | */ |
59be0971 | 506 | if (c->origin) { |
23f0ab13 | 507 | err = ovl_set_origin(c->dentry, c->lowerpath.dentry, temp); |
fbaf94ee | 508 | if (err) |
02209d10 | 509 | return err; |
fbaf94ee | 510 | } |
3a1e819b | 511 | |
0c288874 VG |
512 | if (c->metacopy) { |
513 | err = ovl_check_setxattr(c->dentry, temp, OVL_XATTR_METACOPY, | |
514 | NULL, 0, -EOPNOTSUPP); | |
515 | if (err) | |
516 | return err; | |
517 | } | |
518 | ||
bd64e575 | 519 | inode_lock(temp->d_inode); |
b504c654 | 520 | if (S_ISREG(c->stat.mode)) |
0c288874 VG |
521 | err = ovl_set_size(temp, &c->stat); |
522 | if (!err) | |
523 | err = ovl_set_attr(temp, &c->stat); | |
bd64e575 VG |
524 | inode_unlock(temp->d_inode); |
525 | ||
526 | return err; | |
02209d10 AG |
527 | } |
528 | ||
6b52243f MS |
529 | struct ovl_cu_creds { |
530 | const struct cred *old; | |
531 | struct cred *new; | |
532 | }; | |
533 | ||
534 | static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) | |
b10cdcdc AG |
535 | { |
536 | int err; | |
b10cdcdc | 537 | |
6b52243f MS |
538 | cc->old = cc->new = NULL; |
539 | err = security_inode_copy_up(dentry, &cc->new); | |
b10cdcdc | 540 | if (err < 0) |
6b52243f | 541 | return err; |
b10cdcdc | 542 | |
6b52243f MS |
543 | if (cc->new) |
544 | cc->old = override_creds(cc->new); | |
b10cdcdc | 545 | |
6b52243f | 546 | return 0; |
b10cdcdc AG |
547 | } |
548 | ||
6b52243f | 549 | static void ovl_revert_cu_creds(struct ovl_cu_creds *cc) |
b10cdcdc | 550 | { |
6b52243f MS |
551 | if (cc->new) { |
552 | revert_creds(cc->old); | |
553 | put_cred(cc->new); | |
554 | } | |
b10cdcdc AG |
555 | } |
556 | ||
557 | /* | |
558 | * Copyup using workdir to prepare temp file. Used when copying up directories, | |
559 | * special files or when upper fs doesn't support O_TMPFILE. | |
560 | */ | |
561 | static int ovl_copy_up_workdir(struct ovl_copy_up_ctx *c) | |
02209d10 | 562 | { |
b79e05aa | 563 | struct inode *inode; |
6b52243f MS |
564 | struct inode *udir = d_inode(c->destdir), *wdir = d_inode(c->workdir); |
565 | struct dentry *temp, *upper; | |
566 | struct ovl_cu_creds cc; | |
02209d10 | 567 | int err; |
6b52243f MS |
568 | struct ovl_cattr cattr = { |
569 | /* Can't properly set mode on creation because of the umask */ | |
570 | .mode = c->stat.mode & S_IFMT, | |
571 | .rdev = c->stat.rdev, | |
572 | .link = c->link | |
573 | }; | |
02209d10 | 574 | |
b10cdcdc AG |
575 | err = ovl_lock_rename_workdir(c->workdir, c->destdir); |
576 | if (err) | |
577 | return err; | |
578 | ||
6b52243f MS |
579 | err = ovl_prep_cu_creds(c->dentry, &cc); |
580 | if (err) | |
581 | goto unlock; | |
582 | ||
583 | temp = ovl_create_temp(c->workdir, &cattr); | |
584 | ovl_revert_cu_creds(&cc); | |
585 | ||
b10cdcdc | 586 | err = PTR_ERR(temp); |
b148cba4 | 587 | if (IS_ERR(temp)) |
b10cdcdc | 588 | goto unlock; |
02209d10 | 589 | |
23f0ab13 | 590 | err = ovl_copy_up_inode(c, temp); |
02209d10 | 591 | if (err) |
b10cdcdc | 592 | goto cleanup; |
02209d10 | 593 | |
016b720f AG |
594 | if (S_ISDIR(c->stat.mode) && c->indexed) { |
595 | err = ovl_create_index(c->dentry, c->lowerpath.dentry, temp); | |
596 | if (err) | |
b10cdcdc | 597 | goto cleanup; |
016b720f AG |
598 | } |
599 | ||
6b52243f MS |
600 | upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len); |
601 | err = PTR_ERR(upper); | |
602 | if (IS_ERR(upper)) | |
603 | goto cleanup; | |
604 | ||
605 | err = ovl_do_rename(wdir, temp, udir, upper, 0); | |
606 | dput(upper); | |
e9be9d5e | 607 | if (err) |
b10cdcdc | 608 | goto cleanup; |
e9be9d5e | 609 | |
0c288874 VG |
610 | if (!c->metacopy) |
611 | ovl_set_upperdata(d_inode(c->dentry)); | |
b79e05aa | 612 | inode = d_inode(c->dentry); |
6b52243f | 613 | ovl_inode_update(inode, temp); |
b79e05aa AG |
614 | if (S_ISDIR(inode->i_mode)) |
615 | ovl_set_flag(OVL_WHITEOUTS, inode); | |
b10cdcdc AG |
616 | unlock: |
617 | unlock_rename(c->workdir, c->destdir); | |
618 | ||
619 | return err; | |
620 | ||
621 | cleanup: | |
6b52243f MS |
622 | ovl_cleanup(wdir, temp); |
623 | dput(temp); | |
624 | goto unlock; | |
b10cdcdc AG |
625 | } |
626 | ||
6b52243f MS |
627 | /* Copyup using O_TMPFILE which does not require cross dir locking */ |
628 | static int ovl_copy_up_tmpfile(struct ovl_copy_up_ctx *c) | |
b10cdcdc | 629 | { |
6b52243f MS |
630 | struct inode *udir = d_inode(c->destdir); |
631 | struct dentry *temp, *upper; | |
632 | struct ovl_cu_creds cc; | |
b10cdcdc | 633 | int err; |
b10cdcdc | 634 | |
6b52243f MS |
635 | err = ovl_prep_cu_creds(c->dentry, &cc); |
636 | if (err) | |
637 | return err; | |
b10cdcdc AG |
638 | |
639 | temp = ovl_do_tmpfile(c->workdir, c->stat.mode); | |
6b52243f | 640 | ovl_revert_cu_creds(&cc); |
b10cdcdc | 641 | |
6b52243f MS |
642 | if (IS_ERR(temp)) |
643 | return PTR_ERR(temp); | |
b10cdcdc | 644 | |
6b52243f MS |
645 | err = ovl_copy_up_inode(c, temp); |
646 | if (err) | |
647 | goto out_dput; | |
b10cdcdc AG |
648 | |
649 | inode_lock_nested(udir, I_MUTEX_PARENT); | |
650 | ||
651 | upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len); | |
652 | err = PTR_ERR(upper); | |
6b52243f MS |
653 | if (!IS_ERR(upper)) { |
654 | err = ovl_do_link(temp, udir, upper); | |
655 | dput(upper); | |
656 | } | |
b10cdcdc AG |
657 | inode_unlock(udir); |
658 | ||
b10cdcdc | 659 | if (err) |
6b52243f | 660 | goto out_dput; |
b10cdcdc AG |
661 | |
662 | if (!c->metacopy) | |
663 | ovl_set_upperdata(d_inode(c->dentry)); | |
6b52243f | 664 | ovl_inode_update(d_inode(c->dentry), temp); |
b79e05aa | 665 | |
6b52243f MS |
666 | return 0; |
667 | ||
668 | out_dput: | |
42f269b9 | 669 | dput(temp); |
e9be9d5e | 670 | return err; |
e9be9d5e MS |
671 | } |
672 | ||
673 | /* | |
674 | * Copy up a single dentry | |
675 | * | |
a6c60655 MS |
676 | * All renames start with copy up of source if necessary. The actual |
677 | * rename will only proceed once the copy up was successful. Copy up uses | |
678 | * upper parent i_mutex for exclusion. Since rename can change d_parent it | |
679 | * is possible that the copy up will lock the old parent. At that point | |
680 | * the file will have already been copied up anyway. | |
e9be9d5e | 681 | */ |
a6fb235a | 682 | static int ovl_do_copy_up(struct ovl_copy_up_ctx *c) |
e9be9d5e | 683 | { |
e9be9d5e | 684 | int err; |
23f0ab13 | 685 | struct ovl_fs *ofs = c->dentry->d_sb->s_fs_info; |
016b720f | 686 | bool to_index = false; |
59be0971 | 687 | |
016b720f AG |
688 | /* |
689 | * Indexed non-dir is copied up directly to the index entry and then | |
690 | * hardlinked to upper dir. Indexed dir is copied up to indexdir, | |
691 | * then index entry is created and then copied up dir installed. | |
692 | * Copying dir up to indexdir instead of workdir simplifies locking. | |
693 | */ | |
694 | if (ovl_need_index(c->dentry)) { | |
695 | c->indexed = true; | |
696 | if (S_ISDIR(c->stat.mode)) | |
697 | c->workdir = ovl_indexdir(c->dentry->d_sb); | |
698 | else | |
699 | to_index = true; | |
700 | } | |
701 | ||
702 | if (S_ISDIR(c->stat.mode) || c->stat.nlink == 1 || to_index) | |
59be0971 AG |
703 | c->origin = true; |
704 | ||
016b720f | 705 | if (to_index) { |
59be0971 AG |
706 | c->destdir = ovl_indexdir(c->dentry->d_sb); |
707 | err = ovl_get_index_name(c->lowerpath.dentry, &c->destname); | |
708 | if (err) | |
709 | return err; | |
aa3ff3c1 AG |
710 | } else if (WARN_ON(!c->parent)) { |
711 | /* Disconnected dentry must be copied up to index dir */ | |
712 | return -EIO; | |
59be0971 AG |
713 | } else { |
714 | /* | |
715 | * Mark parent "impure" because it may now contain non-pure | |
716 | * upper | |
717 | */ | |
718 | err = ovl_set_impure(c->parent, c->destdir); | |
719 | if (err) | |
720 | return err; | |
721 | } | |
e9be9d5e | 722 | |
01ad3eb8 | 723 | /* Should we copyup with O_TMPFILE or with workdir? */ |
b10cdcdc AG |
724 | if (S_ISREG(c->stat.mode) && ofs->tmpfile) |
725 | err = ovl_copy_up_tmpfile(c); | |
726 | else | |
727 | err = ovl_copy_up_workdir(c); | |
aa3ff3c1 AG |
728 | if (err) |
729 | goto out; | |
730 | ||
731 | if (c->indexed) | |
016b720f AG |
732 | ovl_set_flag(OVL_INDEX, d_inode(c->dentry)); |
733 | ||
734 | if (to_index) { | |
aa3ff3c1 AG |
735 | /* Initialize nlink for copy up of disconnected dentry */ |
736 | err = ovl_set_nlink_upper(c->dentry); | |
737 | } else { | |
59be0971 AG |
738 | struct inode *udir = d_inode(c->destdir); |
739 | ||
740 | /* Restore timestamps on parent (best effort) */ | |
741 | inode_lock(udir); | |
742 | ovl_set_timestamps(c->destdir, &c->pstat); | |
743 | inode_unlock(udir); | |
744 | ||
745 | ovl_dentry_set_upper_alias(c->dentry); | |
e9be9d5e MS |
746 | } |
747 | ||
aa3ff3c1 AG |
748 | out: |
749 | if (to_index) | |
750 | kfree(c->destname.name); | |
a6fb235a MS |
751 | return err; |
752 | } | |
753 | ||
44d5bf10 VG |
754 | static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode, |
755 | int flags) | |
756 | { | |
757 | struct ovl_fs *ofs = dentry->d_sb->s_fs_info; | |
758 | ||
44d5bf10 VG |
759 | if (!ofs->config.metacopy) |
760 | return false; | |
761 | ||
762 | if (!S_ISREG(mode)) | |
763 | return false; | |
764 | ||
765 | if (flags && ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC))) | |
766 | return false; | |
767 | ||
768 | return true; | |
769 | } | |
770 | ||
0c288874 VG |
771 | /* Copy up data of an inode which was copied up metadata only in the past. */ |
772 | static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c) | |
773 | { | |
4f93b426 | 774 | struct path upperpath, datapath; |
0c288874 | 775 | int err; |
993a0b2a VG |
776 | char *capability = NULL; |
777 | ssize_t uninitialized_var(cap_size); | |
0c288874 VG |
778 | |
779 | ovl_path_upper(c->dentry, &upperpath); | |
780 | if (WARN_ON(upperpath.dentry == NULL)) | |
781 | return -EIO; | |
782 | ||
4f93b426 VG |
783 | ovl_path_lowerdata(c->dentry, &datapath); |
784 | if (WARN_ON(datapath.dentry == NULL)) | |
785 | return -EIO; | |
786 | ||
993a0b2a VG |
787 | if (c->stat.size) { |
788 | err = cap_size = ovl_getxattr(upperpath.dentry, XATTR_NAME_CAPS, | |
789 | &capability, 0); | |
790 | if (err < 0 && err != -ENODATA) | |
791 | goto out; | |
792 | } | |
793 | ||
4f93b426 | 794 | err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size); |
0c288874 | 795 | if (err) |
993a0b2a VG |
796 | goto out_free; |
797 | ||
798 | /* | |
799 | * Writing to upper file will clear security.capability xattr. We | |
800 | * don't want that to happen for normal copy-up operation. | |
801 | */ | |
802 | if (capability) { | |
803 | err = ovl_do_setxattr(upperpath.dentry, XATTR_NAME_CAPS, | |
804 | capability, cap_size, 0); | |
805 | if (err) | |
806 | goto out_free; | |
807 | } | |
808 | ||
0c288874 VG |
809 | |
810 | err = vfs_removexattr(upperpath.dentry, OVL_XATTR_METACOPY); | |
811 | if (err) | |
993a0b2a | 812 | goto out_free; |
0c288874 VG |
813 | |
814 | ovl_set_upperdata(d_inode(c->dentry)); | |
993a0b2a VG |
815 | out_free: |
816 | kfree(capability); | |
817 | out: | |
0c288874 VG |
818 | return err; |
819 | } | |
820 | ||
a6fb235a MS |
821 | static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, |
822 | int flags) | |
823 | { | |
824 | int err; | |
825 | DEFINE_DELAYED_CALL(done); | |
826 | struct path parentpath; | |
827 | struct ovl_copy_up_ctx ctx = { | |
828 | .parent = parent, | |
829 | .dentry = dentry, | |
830 | .workdir = ovl_workdir(dentry), | |
831 | }; | |
832 | ||
833 | if (WARN_ON(!ctx.workdir)) | |
834 | return -EROFS; | |
835 | ||
836 | ovl_path_lower(dentry, &ctx.lowerpath); | |
837 | err = vfs_getattr(&ctx.lowerpath, &ctx.stat, | |
838 | STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT); | |
839 | if (err) | |
840 | return err; | |
841 | ||
44d5bf10 VG |
842 | ctx.metacopy = ovl_need_meta_copy_up(dentry, ctx.stat.mode, flags); |
843 | ||
aa3ff3c1 AG |
844 | if (parent) { |
845 | ovl_path_upper(parent, &parentpath); | |
846 | ctx.destdir = parentpath.dentry; | |
847 | ctx.destname = dentry->d_name; | |
a6fb235a | 848 | |
aa3ff3c1 AG |
849 | err = vfs_getattr(&parentpath, &ctx.pstat, |
850 | STATX_ATIME | STATX_MTIME, | |
851 | AT_STATX_SYNC_AS_STAT); | |
852 | if (err) | |
853 | return err; | |
854 | } | |
a6fb235a MS |
855 | |
856 | /* maybe truncate regular file. this has no effect on dirs */ | |
857 | if (flags & O_TRUNC) | |
858 | ctx.stat.size = 0; | |
859 | ||
860 | if (S_ISLNK(ctx.stat.mode)) { | |
861 | ctx.link = vfs_get_link(ctx.lowerpath.dentry, &done); | |
862 | if (IS_ERR(ctx.link)) | |
863 | return PTR_ERR(ctx.link); | |
864 | } | |
a6fb235a | 865 | |
0c288874 | 866 | err = ovl_copy_up_start(dentry, flags); |
fd210b7d MS |
867 | /* err < 0: interrupted, err > 0: raced with another copy-up */ |
868 | if (unlikely(err)) { | |
869 | if (err > 0) | |
870 | err = 0; | |
871 | } else { | |
59be0971 AG |
872 | if (!ovl_dentry_upper(dentry)) |
873 | err = ovl_do_copy_up(&ctx); | |
aa3ff3c1 | 874 | if (!err && parent && !ovl_dentry_has_upper_alias(dentry)) |
f4439de1 | 875 | err = ovl_link_up(&ctx); |
0c288874 VG |
876 | if (!err && ovl_dentry_needs_data_copy_up_locked(dentry, flags)) |
877 | err = ovl_copy_up_meta_inode_data(&ctx); | |
fd210b7d MS |
878 | ovl_copy_up_end(dentry); |
879 | } | |
7764235b | 880 | do_delayed_call(&done); |
e9be9d5e MS |
881 | |
882 | return err; | |
883 | } | |
884 | ||
9aba6521 | 885 | int ovl_copy_up_flags(struct dentry *dentry, int flags) |
e9be9d5e | 886 | { |
8eac98b8 VG |
887 | int err = 0; |
888 | const struct cred *old_cred = ovl_override_creds(dentry->d_sb); | |
aa3ff3c1 AG |
889 | bool disconnected = (dentry->d_flags & DCACHE_DISCONNECTED); |
890 | ||
891 | /* | |
892 | * With NFS export, copy up can get called for a disconnected non-dir. | |
893 | * In this case, we will copy up lower inode to index dir without | |
894 | * linking it to upper dir. | |
895 | */ | |
896 | if (WARN_ON(disconnected && d_is_dir(dentry))) | |
897 | return -EIO; | |
e9be9d5e | 898 | |
e9be9d5e MS |
899 | while (!err) { |
900 | struct dentry *next; | |
aa3ff3c1 | 901 | struct dentry *parent = NULL; |
e9be9d5e | 902 | |
0c288874 | 903 | if (ovl_already_copied_up(dentry, flags)) |
e9be9d5e MS |
904 | break; |
905 | ||
906 | next = dget(dentry); | |
907 | /* find the topmost dentry not yet copied up */ | |
aa3ff3c1 | 908 | for (; !disconnected;) { |
e9be9d5e MS |
909 | parent = dget_parent(next); |
910 | ||
59be0971 | 911 | if (ovl_dentry_upper(parent)) |
e9be9d5e MS |
912 | break; |
913 | ||
914 | dput(next); | |
915 | next = parent; | |
916 | } | |
917 | ||
a6fb235a | 918 | err = ovl_copy_up_one(parent, next, flags); |
e9be9d5e MS |
919 | |
920 | dput(parent); | |
921 | dput(next); | |
922 | } | |
8eac98b8 | 923 | revert_creds(old_cred); |
e9be9d5e MS |
924 | |
925 | return err; | |
926 | } | |
9aba6521 | 927 | |
d6eac039 VG |
928 | static bool ovl_open_need_copy_up(struct dentry *dentry, int flags) |
929 | { | |
930 | /* Copy up of disconnected dentry does not set upper alias */ | |
0c288874 | 931 | if (ovl_already_copied_up(dentry, flags)) |
d6eac039 VG |
932 | return false; |
933 | ||
934 | if (special_file(d_inode(dentry)->i_mode)) | |
935 | return false; | |
936 | ||
0c288874 | 937 | if (!ovl_open_flags_need_copy_up(flags)) |
d6eac039 VG |
938 | return false; |
939 | ||
940 | return true; | |
941 | } | |
942 | ||
3428030d | 943 | int ovl_maybe_copy_up(struct dentry *dentry, int flags) |
d6eac039 VG |
944 | { |
945 | int err = 0; | |
946 | ||
3428030d | 947 | if (ovl_open_need_copy_up(dentry, flags)) { |
d6eac039 VG |
948 | err = ovl_want_write(dentry); |
949 | if (!err) { | |
3428030d | 950 | err = ovl_copy_up_flags(dentry, flags); |
d6eac039 VG |
951 | ovl_drop_write(dentry); |
952 | } | |
953 | } | |
954 | ||
955 | return err; | |
956 | } | |
957 | ||
d1e6f6a9 VG |
958 | int ovl_copy_up_with_data(struct dentry *dentry) |
959 | { | |
960 | return ovl_copy_up_flags(dentry, O_WRONLY); | |
961 | } | |
962 | ||
9aba6521 AG |
963 | int ovl_copy_up(struct dentry *dentry) |
964 | { | |
965 | return ovl_copy_up_flags(dentry, 0); | |
966 | } |