Commit | Line | Data |
---|---|---|
d2912cb1 | 1 | // SPDX-License-Identifier: GPL-2.0-only |
e9be9d5e MS |
2 | /* |
3 | * | |
4 | * Copyright (C) 2011 Novell Inc. | |
e9be9d5e MS |
5 | */ |
6 | ||
fb5bb2c3 | 7 | #include <linux/module.h> |
e9be9d5e MS |
8 | #include <linux/fs.h> |
9 | #include <linux/slab.h> | |
10 | #include <linux/file.h> | |
11 | #include <linux/splice.h> | |
12 | #include <linux/xattr.h> | |
13 | #include <linux/security.h> | |
14 | #include <linux/uaccess.h> | |
174cd4b1 | 15 | #include <linux/sched/signal.h> |
5b825c3a | 16 | #include <linux/cred.h> |
e9be9d5e | 17 | #include <linux/namei.h> |
fb5bb2c3 DH |
18 | #include <linux/fdtable.h> |
19 | #include <linux/ratelimit.h> | |
3a1e819b | 20 | #include <linux/exportfs.h> |
e9be9d5e MS |
21 | #include "overlayfs.h" |
22 | ||
23 | #define OVL_COPY_UP_CHUNK_SIZE (1 << 20) | |
24 | ||
670c2324 | 25 | static int ovl_ccup_set(const char *buf, const struct kernel_param *param) |
fb5bb2c3 | 26 | { |
670c2324 | 27 | pr_warn("overlayfs: \"check_copy_up\" module option is obsolete\n"); |
fb5bb2c3 DH |
28 | return 0; |
29 | } | |
30 | ||
670c2324 | 31 | static int ovl_ccup_get(char *buf, const struct kernel_param *param) |
fb5bb2c3 | 32 | { |
670c2324 | 33 | return sprintf(buf, "N\n"); |
fb5bb2c3 DH |
34 | } |
35 | ||
670c2324 | 36 | module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644); |
253e7483 | 37 | MODULE_PARM_DESC(check_copy_up, "Obsolete; does nothing"); |
670c2324 | 38 | |
e9be9d5e MS |
39 | int ovl_copy_xattr(struct dentry *old, struct dentry *new) |
40 | { | |
e4ad29fa VC |
41 | ssize_t list_size, size, value_size = 0; |
42 | char *buf, *name, *value = NULL; | |
43 | int uninitialized_var(error); | |
8b326c61 | 44 | size_t slen; |
e9be9d5e | 45 | |
5d6c3191 AG |
46 | if (!(old->d_inode->i_opflags & IOP_XATTR) || |
47 | !(new->d_inode->i_opflags & IOP_XATTR)) | |
e9be9d5e MS |
48 | return 0; |
49 | ||
50 | list_size = vfs_listxattr(old, NULL, 0); | |
51 | if (list_size <= 0) { | |
52 | if (list_size == -EOPNOTSUPP) | |
53 | return 0; | |
54 | return list_size; | |
55 | } | |
56 | ||
57 | buf = kzalloc(list_size, GFP_KERNEL); | |
58 | if (!buf) | |
59 | return -ENOMEM; | |
60 | ||
e9be9d5e MS |
61 | list_size = vfs_listxattr(old, buf, list_size); |
62 | if (list_size <= 0) { | |
63 | error = list_size; | |
e4ad29fa | 64 | goto out; |
e9be9d5e MS |
65 | } |
66 | ||
8b326c61 MS |
67 | for (name = buf; list_size; name += slen) { |
68 | slen = strnlen(name, list_size) + 1; | |
69 | ||
70 | /* underlying fs providing us with an broken xattr list? */ | |
71 | if (WARN_ON(slen > list_size)) { | |
72 | error = -EIO; | |
73 | break; | |
74 | } | |
75 | list_size -= slen; | |
76 | ||
0956254a MS |
77 | if (ovl_is_private_xattr(name)) |
78 | continue; | |
e4ad29fa VC |
79 | retry: |
80 | size = vfs_getxattr(old, name, value, value_size); | |
81 | if (size == -ERANGE) | |
82 | size = vfs_getxattr(old, name, NULL, 0); | |
83 | ||
97daf8b9 | 84 | if (size < 0) { |
e9be9d5e | 85 | error = size; |
e4ad29fa | 86 | break; |
e9be9d5e | 87 | } |
e4ad29fa VC |
88 | |
89 | if (size > value_size) { | |
90 | void *new; | |
91 | ||
92 | new = krealloc(value, size, GFP_KERNEL); | |
93 | if (!new) { | |
94 | error = -ENOMEM; | |
95 | break; | |
96 | } | |
97 | value = new; | |
98 | value_size = size; | |
99 | goto retry; | |
100 | } | |
101 | ||
121ab822 VG |
102 | error = security_inode_copy_up_xattr(name); |
103 | if (error < 0 && error != -EOPNOTSUPP) | |
104 | break; | |
105 | if (error == 1) { | |
106 | error = 0; | |
107 | continue; /* Discard */ | |
108 | } | |
e9be9d5e MS |
109 | error = vfs_setxattr(new, name, value, size, 0); |
110 | if (error) | |
e4ad29fa | 111 | break; |
e9be9d5e | 112 | } |
e9be9d5e MS |
113 | kfree(value); |
114 | out: | |
115 | kfree(buf); | |
116 | return error; | |
117 | } | |
118 | ||
119 | static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len) | |
120 | { | |
121 | struct file *old_file; | |
122 | struct file *new_file; | |
123 | loff_t old_pos = 0; | |
124 | loff_t new_pos = 0; | |
42ec3d4c | 125 | loff_t cloned; |
e9be9d5e MS |
126 | int error = 0; |
127 | ||
128 | if (len == 0) | |
129 | return 0; | |
130 | ||
0480334f | 131 | old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY); |
e9be9d5e MS |
132 | if (IS_ERR(old_file)) |
133 | return PTR_ERR(old_file); | |
134 | ||
0480334f | 135 | new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY); |
e9be9d5e MS |
136 | if (IS_ERR(new_file)) { |
137 | error = PTR_ERR(new_file); | |
138 | goto out_fput; | |
139 | } | |
140 | ||
2ea98466 | 141 | /* Try to use clone_file_range to clone up within the same fs */ |
452ce659 | 142 | cloned = do_clone_file_range(old_file, 0, new_file, 0, len, 0); |
42ec3d4c | 143 | if (cloned == len) |
2ea98466 AG |
144 | goto out; |
145 | /* Couldn't clone, so now we try to copy the data */ | |
2ea98466 | 146 | |
e9be9d5e MS |
147 | /* FIXME: copy up sparse files efficiently */ |
148 | while (len) { | |
149 | size_t this_len = OVL_COPY_UP_CHUNK_SIZE; | |
150 | long bytes; | |
151 | ||
152 | if (len < this_len) | |
153 | this_len = len; | |
154 | ||
155 | if (signal_pending_state(TASK_KILLABLE, current)) { | |
156 | error = -EINTR; | |
157 | break; | |
158 | } | |
159 | ||
160 | bytes = do_splice_direct(old_file, &old_pos, | |
161 | new_file, &new_pos, | |
162 | this_len, SPLICE_F_MOVE); | |
163 | if (bytes <= 0) { | |
164 | error = bytes; | |
165 | break; | |
166 | } | |
167 | WARN_ON(old_pos != new_pos); | |
168 | ||
169 | len -= bytes; | |
170 | } | |
2ea98466 | 171 | out: |
641089c1 MS |
172 | if (!error) |
173 | error = vfs_fsync(new_file, 0); | |
e9be9d5e MS |
174 | fput(new_file); |
175 | out_fput: | |
176 | fput(old_file); | |
177 | return error; | |
178 | } | |
179 | ||
0c288874 VG |
180 | static int ovl_set_size(struct dentry *upperdentry, struct kstat *stat) |
181 | { | |
182 | struct iattr attr = { | |
183 | .ia_valid = ATTR_SIZE, | |
184 | .ia_size = stat->size, | |
185 | }; | |
186 | ||
187 | return notify_change(upperdentry, &attr, NULL); | |
188 | } | |
189 | ||
e9be9d5e MS |
190 | static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat) |
191 | { | |
192 | struct iattr attr = { | |
193 | .ia_valid = | |
194 | ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET, | |
195 | .ia_atime = stat->atime, | |
196 | .ia_mtime = stat->mtime, | |
197 | }; | |
198 | ||
199 | return notify_change(upperdentry, &attr, NULL); | |
200 | } | |
201 | ||
202 | int ovl_set_attr(struct dentry *upperdentry, struct kstat *stat) | |
203 | { | |
204 | int err = 0; | |
205 | ||
206 | if (!S_ISLNK(stat->mode)) { | |
207 | struct iattr attr = { | |
208 | .ia_valid = ATTR_MODE, | |
209 | .ia_mode = stat->mode, | |
210 | }; | |
211 | err = notify_change(upperdentry, &attr, NULL); | |
212 | } | |
213 | if (!err) { | |
214 | struct iattr attr = { | |
215 | .ia_valid = ATTR_UID | ATTR_GID, | |
216 | .ia_uid = stat->uid, | |
217 | .ia_gid = stat->gid, | |
218 | }; | |
219 | err = notify_change(upperdentry, &attr, NULL); | |
220 | } | |
221 | if (!err) | |
222 | ovl_set_timestamps(upperdentry, stat); | |
223 | ||
224 | return err; | |
e9be9d5e MS |
225 | } |
226 | ||
5b2cccd3 | 227 | struct ovl_fh *ovl_encode_real_fh(struct dentry *real, bool is_upper) |
3a1e819b AG |
228 | { |
229 | struct ovl_fh *fh; | |
230 | int fh_type, fh_len, dwords; | |
231 | void *buf; | |
232 | int buflen = MAX_HANDLE_SZ; | |
05122443 | 233 | uuid_t *uuid = &real->d_sb->s_uuid; |
3a1e819b | 234 | |
0ee931c4 | 235 | buf = kmalloc(buflen, GFP_KERNEL); |
3a1e819b AG |
236 | if (!buf) |
237 | return ERR_PTR(-ENOMEM); | |
238 | ||
239 | /* | |
240 | * We encode a non-connectable file handle for non-dir, because we | |
241 | * only need to find the lower inode number and we don't want to pay | |
242 | * the price or reconnecting the dentry. | |
243 | */ | |
244 | dwords = buflen >> 2; | |
05122443 | 245 | fh_type = exportfs_encode_fh(real, buf, &dwords, 0); |
3a1e819b AG |
246 | buflen = (dwords << 2); |
247 | ||
248 | fh = ERR_PTR(-EIO); | |
249 | if (WARN_ON(fh_type < 0) || | |
250 | WARN_ON(buflen > MAX_HANDLE_SZ) || | |
251 | WARN_ON(fh_type == FILEID_INVALID)) | |
252 | goto out; | |
253 | ||
cbe7fba8 AG |
254 | /* Make sure the real fid stays 32bit aligned */ |
255 | BUILD_BUG_ON(OVL_FH_FID_OFFSET % 4); | |
256 | BUILD_BUG_ON(MAX_HANDLE_SZ + OVL_FH_FID_OFFSET > 255); | |
257 | fh_len = OVL_FH_FID_OFFSET + buflen; | |
258 | fh = kzalloc(fh_len, GFP_KERNEL); | |
3a1e819b AG |
259 | if (!fh) { |
260 | fh = ERR_PTR(-ENOMEM); | |
261 | goto out; | |
262 | } | |
263 | ||
cbe7fba8 AG |
264 | fh->fb.version = OVL_FH_VERSION; |
265 | fh->fb.magic = OVL_FH_MAGIC; | |
266 | fh->fb.type = fh_type; | |
267 | fh->fb.flags = OVL_FH_FLAG_CPU_ENDIAN; | |
54fb347e AG |
268 | /* |
269 | * When we will want to decode an overlay dentry from this handle | |
270 | * and all layers are on the same fs, if we get a disconncted real | |
271 | * dentry when we decode fid, the only way to tell if we should assign | |
272 | * it to upperdentry or to lowerstack is by checking this flag. | |
273 | */ | |
274 | if (is_upper) | |
cbe7fba8 AG |
275 | fh->fb.flags |= OVL_FH_FLAG_PATH_UPPER; |
276 | fh->fb.len = fh_len - OVL_FH_WIRE_OFFSET; | |
277 | fh->fb.uuid = *uuid; | |
278 | memcpy(fh->fb.fid, buf, buflen); | |
3a1e819b AG |
279 | |
280 | out: | |
281 | kfree(buf); | |
282 | return fh; | |
283 | } | |
284 | ||
9678e630 AG |
285 | int ovl_set_origin(struct dentry *dentry, struct dentry *lower, |
286 | struct dentry *upper) | |
3a1e819b | 287 | { |
3a1e819b AG |
288 | const struct ovl_fh *fh = NULL; |
289 | int err; | |
290 | ||
291 | /* | |
292 | * When lower layer doesn't support export operations store a 'null' fh, | |
293 | * so we can use the overlay.origin xattr to distignuish between a copy | |
294 | * up and a pure upper inode. | |
295 | */ | |
02bcd157 | 296 | if (ovl_can_decode_fh(lower->d_sb)) { |
5b2cccd3 | 297 | fh = ovl_encode_real_fh(lower, false); |
3a1e819b AG |
298 | if (IS_ERR(fh)) |
299 | return PTR_ERR(fh); | |
300 | } | |
301 | ||
6266d465 MS |
302 | /* |
303 | * Do not fail when upper doesn't support xattrs. | |
304 | */ | |
cbe7fba8 AG |
305 | err = ovl_check_setxattr(dentry, upper, OVL_XATTR_ORIGIN, fh->buf, |
306 | fh ? fh->fb.len : 0, 0); | |
3a1e819b AG |
307 | kfree(fh); |
308 | ||
309 | return err; | |
310 | } | |
311 | ||
016b720f AG |
312 | /* Store file handle of @upper dir in @index dir entry */ |
313 | static int ovl_set_upper_fh(struct dentry *upper, struct dentry *index) | |
314 | { | |
315 | const struct ovl_fh *fh; | |
316 | int err; | |
317 | ||
5b2cccd3 | 318 | fh = ovl_encode_real_fh(upper, true); |
016b720f AG |
319 | if (IS_ERR(fh)) |
320 | return PTR_ERR(fh); | |
321 | ||
cbe7fba8 | 322 | err = ovl_do_setxattr(index, OVL_XATTR_UPPER, fh->buf, fh->fb.len, 0); |
016b720f AG |
323 | |
324 | kfree(fh); | |
325 | return err; | |
326 | } | |
327 | ||
328 | /* | |
329 | * Create and install index entry. | |
330 | * | |
331 | * Caller must hold i_mutex on indexdir. | |
332 | */ | |
333 | static int ovl_create_index(struct dentry *dentry, struct dentry *origin, | |
334 | struct dentry *upper) | |
335 | { | |
336 | struct dentry *indexdir = ovl_indexdir(dentry->d_sb); | |
337 | struct inode *dir = d_inode(indexdir); | |
338 | struct dentry *index = NULL; | |
339 | struct dentry *temp = NULL; | |
340 | struct qstr name = { }; | |
341 | int err; | |
342 | ||
343 | /* | |
344 | * For now this is only used for creating index entry for directories, | |
345 | * because non-dir are copied up directly to index and then hardlinked | |
346 | * to upper dir. | |
347 | * | |
348 | * TODO: implement create index for non-dir, so we can call it when | |
349 | * encoding file handle for non-dir in case index does not exist. | |
350 | */ | |
351 | if (WARN_ON(!d_is_dir(dentry))) | |
352 | return -EIO; | |
353 | ||
354 | /* Directory not expected to be indexed before copy up */ | |
355 | if (WARN_ON(ovl_test_flag(OVL_INDEX, d_inode(dentry)))) | |
356 | return -EIO; | |
357 | ||
358 | err = ovl_get_index_name(origin, &name); | |
359 | if (err) | |
360 | return err; | |
361 | ||
137ec526 | 362 | temp = ovl_create_temp(indexdir, OVL_CATTR(S_IFDIR | 0)); |
b148cba4 | 363 | err = PTR_ERR(temp); |
016b720f | 364 | if (IS_ERR(temp)) |
b148cba4 | 365 | goto free_name; |
016b720f | 366 | |
016b720f AG |
367 | err = ovl_set_upper_fh(upper, temp); |
368 | if (err) | |
b148cba4 | 369 | goto out; |
016b720f AG |
370 | |
371 | index = lookup_one_len(name.name, indexdir, name.len); | |
372 | if (IS_ERR(index)) { | |
373 | err = PTR_ERR(index); | |
374 | } else { | |
375 | err = ovl_do_rename(dir, temp, dir, index, 0); | |
376 | dput(index); | |
377 | } | |
016b720f | 378 | out: |
b148cba4 MS |
379 | if (err) |
380 | ovl_cleanup(dir, temp); | |
016b720f | 381 | dput(temp); |
b148cba4 | 382 | free_name: |
016b720f AG |
383 | kfree(name.name); |
384 | return err; | |
016b720f AG |
385 | } |
386 | ||
f4439de1 AG |
387 | struct ovl_copy_up_ctx { |
388 | struct dentry *parent; | |
389 | struct dentry *dentry; | |
390 | struct path lowerpath; | |
391 | struct kstat stat; | |
392 | struct kstat pstat; | |
393 | const char *link; | |
394 | struct dentry *destdir; | |
395 | struct qstr destname; | |
396 | struct dentry *workdir; | |
f4439de1 | 397 | bool origin; |
016b720f | 398 | bool indexed; |
44d5bf10 | 399 | bool metacopy; |
f4439de1 AG |
400 | }; |
401 | ||
402 | static int ovl_link_up(struct ovl_copy_up_ctx *c) | |
59be0971 AG |
403 | { |
404 | int err; | |
405 | struct dentry *upper; | |
f4439de1 | 406 | struct dentry *upperdir = ovl_dentry_upper(c->parent); |
59be0971 AG |
407 | struct inode *udir = d_inode(upperdir); |
408 | ||
f4439de1 AG |
409 | /* Mark parent "impure" because it may now contain non-pure upper */ |
410 | err = ovl_set_impure(c->parent, upperdir); | |
411 | if (err) | |
412 | return err; | |
413 | ||
414 | err = ovl_set_nlink_lower(c->dentry); | |
5f8415d6 AG |
415 | if (err) |
416 | return err; | |
417 | ||
59be0971 | 418 | inode_lock_nested(udir, I_MUTEX_PARENT); |
f4439de1 AG |
419 | upper = lookup_one_len(c->dentry->d_name.name, upperdir, |
420 | c->dentry->d_name.len); | |
59be0971 AG |
421 | err = PTR_ERR(upper); |
422 | if (!IS_ERR(upper)) { | |
6cf00764 | 423 | err = ovl_do_link(ovl_dentry_upper(c->dentry), udir, upper); |
59be0971 AG |
424 | dput(upper); |
425 | ||
f4439de1 AG |
426 | if (!err) { |
427 | /* Restore timestamps on parent (best effort) */ | |
428 | ovl_set_timestamps(upperdir, &c->pstat); | |
429 | ovl_dentry_set_upper_alias(c->dentry); | |
430 | } | |
59be0971 AG |
431 | } |
432 | inode_unlock(udir); | |
aa3ff3c1 AG |
433 | if (err) |
434 | return err; | |
435 | ||
436 | err = ovl_set_nlink_upper(c->dentry); | |
59be0971 AG |
437 | |
438 | return err; | |
439 | } | |
440 | ||
23f0ab13 | 441 | static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp) |
7d90b853 | 442 | { |
7d90b853 MS |
443 | int err; |
444 | ||
5f32879e VG |
445 | /* |
446 | * Copy up data first and then xattrs. Writing data after | |
447 | * xattrs will remove security.capability xattr automatically. | |
448 | */ | |
449 | if (S_ISREG(c->stat.mode) && !c->metacopy) { | |
450 | struct path upperpath, datapath; | |
451 | ||
452 | ovl_path_upper(c->dentry, &upperpath); | |
453 | if (WARN_ON(upperpath.dentry != NULL)) | |
454 | return -EIO; | |
455 | upperpath.dentry = temp; | |
456 | ||
457 | ovl_path_lowerdata(c->dentry, &datapath); | |
458 | err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size); | |
459 | if (err) | |
460 | return err; | |
461 | } | |
462 | ||
23f0ab13 | 463 | err = ovl_copy_xattr(c->lowerpath.dentry, temp); |
e9be9d5e | 464 | if (err) |
02209d10 | 465 | return err; |
e9be9d5e | 466 | |
3a1e819b AG |
467 | /* |
468 | * Store identifier of lower inode in upper inode xattr to | |
469 | * allow lookup of the copy up origin inode. | |
fbaf94ee MS |
470 | * |
471 | * Don't set origin when we are breaking the association with a lower | |
472 | * hard link. | |
3a1e819b | 473 | */ |
59be0971 | 474 | if (c->origin) { |
23f0ab13 | 475 | err = ovl_set_origin(c->dentry, c->lowerpath.dentry, temp); |
fbaf94ee | 476 | if (err) |
02209d10 | 477 | return err; |
fbaf94ee | 478 | } |
3a1e819b | 479 | |
0c288874 VG |
480 | if (c->metacopy) { |
481 | err = ovl_check_setxattr(c->dentry, temp, OVL_XATTR_METACOPY, | |
482 | NULL, 0, -EOPNOTSUPP); | |
483 | if (err) | |
484 | return err; | |
485 | } | |
486 | ||
bd64e575 | 487 | inode_lock(temp->d_inode); |
0c288874 VG |
488 | if (c->metacopy) |
489 | err = ovl_set_size(temp, &c->stat); | |
490 | if (!err) | |
491 | err = ovl_set_attr(temp, &c->stat); | |
bd64e575 VG |
492 | inode_unlock(temp->d_inode); |
493 | ||
494 | return err; | |
02209d10 AG |
495 | } |
496 | ||
6b52243f MS |
497 | struct ovl_cu_creds { |
498 | const struct cred *old; | |
499 | struct cred *new; | |
500 | }; | |
501 | ||
502 | static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) | |
b10cdcdc AG |
503 | { |
504 | int err; | |
b10cdcdc | 505 | |
6b52243f MS |
506 | cc->old = cc->new = NULL; |
507 | err = security_inode_copy_up(dentry, &cc->new); | |
b10cdcdc | 508 | if (err < 0) |
6b52243f | 509 | return err; |
b10cdcdc | 510 | |
6b52243f MS |
511 | if (cc->new) |
512 | cc->old = override_creds(cc->new); | |
b10cdcdc | 513 | |
6b52243f | 514 | return 0; |
b10cdcdc AG |
515 | } |
516 | ||
6b52243f | 517 | static void ovl_revert_cu_creds(struct ovl_cu_creds *cc) |
b10cdcdc | 518 | { |
6b52243f MS |
519 | if (cc->new) { |
520 | revert_creds(cc->old); | |
521 | put_cred(cc->new); | |
522 | } | |
b10cdcdc AG |
523 | } |
524 | ||
525 | /* | |
526 | * Copyup using workdir to prepare temp file. Used when copying up directories, | |
527 | * special files or when upper fs doesn't support O_TMPFILE. | |
528 | */ | |
529 | static int ovl_copy_up_workdir(struct ovl_copy_up_ctx *c) | |
02209d10 | 530 | { |
b79e05aa | 531 | struct inode *inode; |
6b52243f MS |
532 | struct inode *udir = d_inode(c->destdir), *wdir = d_inode(c->workdir); |
533 | struct dentry *temp, *upper; | |
534 | struct ovl_cu_creds cc; | |
02209d10 | 535 | int err; |
6b52243f MS |
536 | struct ovl_cattr cattr = { |
537 | /* Can't properly set mode on creation because of the umask */ | |
538 | .mode = c->stat.mode & S_IFMT, | |
539 | .rdev = c->stat.rdev, | |
540 | .link = c->link | |
541 | }; | |
02209d10 | 542 | |
b10cdcdc AG |
543 | err = ovl_lock_rename_workdir(c->workdir, c->destdir); |
544 | if (err) | |
545 | return err; | |
546 | ||
6b52243f MS |
547 | err = ovl_prep_cu_creds(c->dentry, &cc); |
548 | if (err) | |
549 | goto unlock; | |
550 | ||
551 | temp = ovl_create_temp(c->workdir, &cattr); | |
552 | ovl_revert_cu_creds(&cc); | |
553 | ||
b10cdcdc | 554 | err = PTR_ERR(temp); |
b148cba4 | 555 | if (IS_ERR(temp)) |
b10cdcdc | 556 | goto unlock; |
02209d10 | 557 | |
23f0ab13 | 558 | err = ovl_copy_up_inode(c, temp); |
02209d10 | 559 | if (err) |
b10cdcdc | 560 | goto cleanup; |
02209d10 | 561 | |
016b720f AG |
562 | if (S_ISDIR(c->stat.mode) && c->indexed) { |
563 | err = ovl_create_index(c->dentry, c->lowerpath.dentry, temp); | |
564 | if (err) | |
b10cdcdc | 565 | goto cleanup; |
016b720f AG |
566 | } |
567 | ||
6b52243f MS |
568 | upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len); |
569 | err = PTR_ERR(upper); | |
570 | if (IS_ERR(upper)) | |
571 | goto cleanup; | |
572 | ||
573 | err = ovl_do_rename(wdir, temp, udir, upper, 0); | |
574 | dput(upper); | |
e9be9d5e | 575 | if (err) |
b10cdcdc | 576 | goto cleanup; |
e9be9d5e | 577 | |
0c288874 VG |
578 | if (!c->metacopy) |
579 | ovl_set_upperdata(d_inode(c->dentry)); | |
b79e05aa | 580 | inode = d_inode(c->dentry); |
6b52243f | 581 | ovl_inode_update(inode, temp); |
b79e05aa AG |
582 | if (S_ISDIR(inode->i_mode)) |
583 | ovl_set_flag(OVL_WHITEOUTS, inode); | |
b10cdcdc AG |
584 | unlock: |
585 | unlock_rename(c->workdir, c->destdir); | |
586 | ||
587 | return err; | |
588 | ||
589 | cleanup: | |
6b52243f MS |
590 | ovl_cleanup(wdir, temp); |
591 | dput(temp); | |
592 | goto unlock; | |
b10cdcdc AG |
593 | } |
594 | ||
6b52243f MS |
595 | /* Copyup using O_TMPFILE which does not require cross dir locking */ |
596 | static int ovl_copy_up_tmpfile(struct ovl_copy_up_ctx *c) | |
b10cdcdc | 597 | { |
6b52243f MS |
598 | struct inode *udir = d_inode(c->destdir); |
599 | struct dentry *temp, *upper; | |
600 | struct ovl_cu_creds cc; | |
b10cdcdc | 601 | int err; |
b10cdcdc | 602 | |
6b52243f MS |
603 | err = ovl_prep_cu_creds(c->dentry, &cc); |
604 | if (err) | |
605 | return err; | |
b10cdcdc AG |
606 | |
607 | temp = ovl_do_tmpfile(c->workdir, c->stat.mode); | |
6b52243f | 608 | ovl_revert_cu_creds(&cc); |
b10cdcdc | 609 | |
6b52243f MS |
610 | if (IS_ERR(temp)) |
611 | return PTR_ERR(temp); | |
b10cdcdc | 612 | |
6b52243f MS |
613 | err = ovl_copy_up_inode(c, temp); |
614 | if (err) | |
615 | goto out_dput; | |
b10cdcdc AG |
616 | |
617 | inode_lock_nested(udir, I_MUTEX_PARENT); | |
618 | ||
619 | upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len); | |
620 | err = PTR_ERR(upper); | |
6b52243f MS |
621 | if (!IS_ERR(upper)) { |
622 | err = ovl_do_link(temp, udir, upper); | |
623 | dput(upper); | |
624 | } | |
b10cdcdc AG |
625 | inode_unlock(udir); |
626 | ||
b10cdcdc | 627 | if (err) |
6b52243f | 628 | goto out_dput; |
b10cdcdc AG |
629 | |
630 | if (!c->metacopy) | |
631 | ovl_set_upperdata(d_inode(c->dentry)); | |
6b52243f | 632 | ovl_inode_update(d_inode(c->dentry), temp); |
b79e05aa | 633 | |
6b52243f MS |
634 | return 0; |
635 | ||
636 | out_dput: | |
42f269b9 | 637 | dput(temp); |
e9be9d5e | 638 | return err; |
e9be9d5e MS |
639 | } |
640 | ||
641 | /* | |
642 | * Copy up a single dentry | |
643 | * | |
a6c60655 MS |
644 | * All renames start with copy up of source if necessary. The actual |
645 | * rename will only proceed once the copy up was successful. Copy up uses | |
646 | * upper parent i_mutex for exclusion. Since rename can change d_parent it | |
647 | * is possible that the copy up will lock the old parent. At that point | |
648 | * the file will have already been copied up anyway. | |
e9be9d5e | 649 | */ |
a6fb235a | 650 | static int ovl_do_copy_up(struct ovl_copy_up_ctx *c) |
e9be9d5e | 651 | { |
e9be9d5e | 652 | int err; |
23f0ab13 | 653 | struct ovl_fs *ofs = c->dentry->d_sb->s_fs_info; |
016b720f | 654 | bool to_index = false; |
59be0971 | 655 | |
016b720f AG |
656 | /* |
657 | * Indexed non-dir is copied up directly to the index entry and then | |
658 | * hardlinked to upper dir. Indexed dir is copied up to indexdir, | |
659 | * then index entry is created and then copied up dir installed. | |
660 | * Copying dir up to indexdir instead of workdir simplifies locking. | |
661 | */ | |
662 | if (ovl_need_index(c->dentry)) { | |
663 | c->indexed = true; | |
664 | if (S_ISDIR(c->stat.mode)) | |
665 | c->workdir = ovl_indexdir(c->dentry->d_sb); | |
666 | else | |
667 | to_index = true; | |
668 | } | |
669 | ||
670 | if (S_ISDIR(c->stat.mode) || c->stat.nlink == 1 || to_index) | |
59be0971 AG |
671 | c->origin = true; |
672 | ||
016b720f | 673 | if (to_index) { |
59be0971 AG |
674 | c->destdir = ovl_indexdir(c->dentry->d_sb); |
675 | err = ovl_get_index_name(c->lowerpath.dentry, &c->destname); | |
676 | if (err) | |
677 | return err; | |
aa3ff3c1 AG |
678 | } else if (WARN_ON(!c->parent)) { |
679 | /* Disconnected dentry must be copied up to index dir */ | |
680 | return -EIO; | |
59be0971 AG |
681 | } else { |
682 | /* | |
683 | * Mark parent "impure" because it may now contain non-pure | |
684 | * upper | |
685 | */ | |
686 | err = ovl_set_impure(c->parent, c->destdir); | |
687 | if (err) | |
688 | return err; | |
689 | } | |
e9be9d5e | 690 | |
01ad3eb8 | 691 | /* Should we copyup with O_TMPFILE or with workdir? */ |
b10cdcdc AG |
692 | if (S_ISREG(c->stat.mode) && ofs->tmpfile) |
693 | err = ovl_copy_up_tmpfile(c); | |
694 | else | |
695 | err = ovl_copy_up_workdir(c); | |
aa3ff3c1 AG |
696 | if (err) |
697 | goto out; | |
698 | ||
699 | if (c->indexed) | |
016b720f AG |
700 | ovl_set_flag(OVL_INDEX, d_inode(c->dentry)); |
701 | ||
702 | if (to_index) { | |
aa3ff3c1 AG |
703 | /* Initialize nlink for copy up of disconnected dentry */ |
704 | err = ovl_set_nlink_upper(c->dentry); | |
705 | } else { | |
59be0971 AG |
706 | struct inode *udir = d_inode(c->destdir); |
707 | ||
708 | /* Restore timestamps on parent (best effort) */ | |
709 | inode_lock(udir); | |
710 | ovl_set_timestamps(c->destdir, &c->pstat); | |
711 | inode_unlock(udir); | |
712 | ||
713 | ovl_dentry_set_upper_alias(c->dentry); | |
e9be9d5e MS |
714 | } |
715 | ||
aa3ff3c1 AG |
716 | out: |
717 | if (to_index) | |
718 | kfree(c->destname.name); | |
a6fb235a MS |
719 | return err; |
720 | } | |
721 | ||
44d5bf10 VG |
722 | static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode, |
723 | int flags) | |
724 | { | |
725 | struct ovl_fs *ofs = dentry->d_sb->s_fs_info; | |
726 | ||
44d5bf10 VG |
727 | if (!ofs->config.metacopy) |
728 | return false; | |
729 | ||
730 | if (!S_ISREG(mode)) | |
731 | return false; | |
732 | ||
733 | if (flags && ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC))) | |
734 | return false; | |
735 | ||
736 | return true; | |
737 | } | |
738 | ||
0c288874 VG |
739 | /* Copy up data of an inode which was copied up metadata only in the past. */ |
740 | static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c) | |
741 | { | |
4f93b426 | 742 | struct path upperpath, datapath; |
0c288874 | 743 | int err; |
993a0b2a VG |
744 | char *capability = NULL; |
745 | ssize_t uninitialized_var(cap_size); | |
0c288874 VG |
746 | |
747 | ovl_path_upper(c->dentry, &upperpath); | |
748 | if (WARN_ON(upperpath.dentry == NULL)) | |
749 | return -EIO; | |
750 | ||
4f93b426 VG |
751 | ovl_path_lowerdata(c->dentry, &datapath); |
752 | if (WARN_ON(datapath.dentry == NULL)) | |
753 | return -EIO; | |
754 | ||
993a0b2a VG |
755 | if (c->stat.size) { |
756 | err = cap_size = ovl_getxattr(upperpath.dentry, XATTR_NAME_CAPS, | |
757 | &capability, 0); | |
758 | if (err < 0 && err != -ENODATA) | |
759 | goto out; | |
760 | } | |
761 | ||
4f93b426 | 762 | err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size); |
0c288874 | 763 | if (err) |
993a0b2a VG |
764 | goto out_free; |
765 | ||
766 | /* | |
767 | * Writing to upper file will clear security.capability xattr. We | |
768 | * don't want that to happen for normal copy-up operation. | |
769 | */ | |
770 | if (capability) { | |
771 | err = ovl_do_setxattr(upperpath.dentry, XATTR_NAME_CAPS, | |
772 | capability, cap_size, 0); | |
773 | if (err) | |
774 | goto out_free; | |
775 | } | |
776 | ||
0c288874 VG |
777 | |
778 | err = vfs_removexattr(upperpath.dentry, OVL_XATTR_METACOPY); | |
779 | if (err) | |
993a0b2a | 780 | goto out_free; |
0c288874 VG |
781 | |
782 | ovl_set_upperdata(d_inode(c->dentry)); | |
993a0b2a VG |
783 | out_free: |
784 | kfree(capability); | |
785 | out: | |
0c288874 VG |
786 | return err; |
787 | } | |
788 | ||
a6fb235a MS |
789 | static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, |
790 | int flags) | |
791 | { | |
792 | int err; | |
793 | DEFINE_DELAYED_CALL(done); | |
794 | struct path parentpath; | |
795 | struct ovl_copy_up_ctx ctx = { | |
796 | .parent = parent, | |
797 | .dentry = dentry, | |
798 | .workdir = ovl_workdir(dentry), | |
799 | }; | |
800 | ||
801 | if (WARN_ON(!ctx.workdir)) | |
802 | return -EROFS; | |
803 | ||
804 | ovl_path_lower(dentry, &ctx.lowerpath); | |
805 | err = vfs_getattr(&ctx.lowerpath, &ctx.stat, | |
806 | STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT); | |
807 | if (err) | |
808 | return err; | |
809 | ||
44d5bf10 VG |
810 | ctx.metacopy = ovl_need_meta_copy_up(dentry, ctx.stat.mode, flags); |
811 | ||
aa3ff3c1 AG |
812 | if (parent) { |
813 | ovl_path_upper(parent, &parentpath); | |
814 | ctx.destdir = parentpath.dentry; | |
815 | ctx.destname = dentry->d_name; | |
a6fb235a | 816 | |
aa3ff3c1 AG |
817 | err = vfs_getattr(&parentpath, &ctx.pstat, |
818 | STATX_ATIME | STATX_MTIME, | |
819 | AT_STATX_SYNC_AS_STAT); | |
820 | if (err) | |
821 | return err; | |
822 | } | |
a6fb235a MS |
823 | |
824 | /* maybe truncate regular file. this has no effect on dirs */ | |
825 | if (flags & O_TRUNC) | |
826 | ctx.stat.size = 0; | |
827 | ||
828 | if (S_ISLNK(ctx.stat.mode)) { | |
829 | ctx.link = vfs_get_link(ctx.lowerpath.dentry, &done); | |
830 | if (IS_ERR(ctx.link)) | |
831 | return PTR_ERR(ctx.link); | |
832 | } | |
a6fb235a | 833 | |
0c288874 | 834 | err = ovl_copy_up_start(dentry, flags); |
fd210b7d MS |
835 | /* err < 0: interrupted, err > 0: raced with another copy-up */ |
836 | if (unlikely(err)) { | |
837 | if (err > 0) | |
838 | err = 0; | |
839 | } else { | |
59be0971 AG |
840 | if (!ovl_dentry_upper(dentry)) |
841 | err = ovl_do_copy_up(&ctx); | |
aa3ff3c1 | 842 | if (!err && parent && !ovl_dentry_has_upper_alias(dentry)) |
f4439de1 | 843 | err = ovl_link_up(&ctx); |
0c288874 VG |
844 | if (!err && ovl_dentry_needs_data_copy_up_locked(dentry, flags)) |
845 | err = ovl_copy_up_meta_inode_data(&ctx); | |
fd210b7d MS |
846 | ovl_copy_up_end(dentry); |
847 | } | |
7764235b | 848 | do_delayed_call(&done); |
e9be9d5e MS |
849 | |
850 | return err; | |
851 | } | |
852 | ||
9aba6521 | 853 | int ovl_copy_up_flags(struct dentry *dentry, int flags) |
e9be9d5e | 854 | { |
8eac98b8 VG |
855 | int err = 0; |
856 | const struct cred *old_cred = ovl_override_creds(dentry->d_sb); | |
aa3ff3c1 AG |
857 | bool disconnected = (dentry->d_flags & DCACHE_DISCONNECTED); |
858 | ||
859 | /* | |
860 | * With NFS export, copy up can get called for a disconnected non-dir. | |
861 | * In this case, we will copy up lower inode to index dir without | |
862 | * linking it to upper dir. | |
863 | */ | |
864 | if (WARN_ON(disconnected && d_is_dir(dentry))) | |
865 | return -EIO; | |
e9be9d5e | 866 | |
e9be9d5e MS |
867 | while (!err) { |
868 | struct dentry *next; | |
aa3ff3c1 | 869 | struct dentry *parent = NULL; |
e9be9d5e | 870 | |
0c288874 | 871 | if (ovl_already_copied_up(dentry, flags)) |
e9be9d5e MS |
872 | break; |
873 | ||
874 | next = dget(dentry); | |
875 | /* find the topmost dentry not yet copied up */ | |
aa3ff3c1 | 876 | for (; !disconnected;) { |
e9be9d5e MS |
877 | parent = dget_parent(next); |
878 | ||
59be0971 | 879 | if (ovl_dentry_upper(parent)) |
e9be9d5e MS |
880 | break; |
881 | ||
882 | dput(next); | |
883 | next = parent; | |
884 | } | |
885 | ||
a6fb235a | 886 | err = ovl_copy_up_one(parent, next, flags); |
e9be9d5e MS |
887 | |
888 | dput(parent); | |
889 | dput(next); | |
890 | } | |
8eac98b8 | 891 | revert_creds(old_cred); |
e9be9d5e MS |
892 | |
893 | return err; | |
894 | } | |
9aba6521 | 895 | |
d6eac039 VG |
896 | static bool ovl_open_need_copy_up(struct dentry *dentry, int flags) |
897 | { | |
898 | /* Copy up of disconnected dentry does not set upper alias */ | |
0c288874 | 899 | if (ovl_already_copied_up(dentry, flags)) |
d6eac039 VG |
900 | return false; |
901 | ||
902 | if (special_file(d_inode(dentry)->i_mode)) | |
903 | return false; | |
904 | ||
0c288874 | 905 | if (!ovl_open_flags_need_copy_up(flags)) |
d6eac039 VG |
906 | return false; |
907 | ||
908 | return true; | |
909 | } | |
910 | ||
3428030d | 911 | int ovl_maybe_copy_up(struct dentry *dentry, int flags) |
d6eac039 VG |
912 | { |
913 | int err = 0; | |
914 | ||
3428030d | 915 | if (ovl_open_need_copy_up(dentry, flags)) { |
d6eac039 VG |
916 | err = ovl_want_write(dentry); |
917 | if (!err) { | |
3428030d | 918 | err = ovl_copy_up_flags(dentry, flags); |
d6eac039 VG |
919 | ovl_drop_write(dentry); |
920 | } | |
921 | } | |
922 | ||
923 | return err; | |
924 | } | |
925 | ||
d1e6f6a9 VG |
926 | int ovl_copy_up_with_data(struct dentry *dentry) |
927 | { | |
928 | return ovl_copy_up_flags(dentry, O_WRONLY); | |
929 | } | |
930 | ||
9aba6521 AG |
931 | int ovl_copy_up(struct dentry *dentry) |
932 | { | |
933 | return ovl_copy_up_flags(dentry, 0); | |
934 | } |