rjw | 1f88458 | 2022-01-06 17:20:42 +0800 | [diff] [blame^] | 1 | /* |
| 2 | * |
| 3 | * Copyright (C) 2011 Novell Inc. |
| 4 | * |
| 5 | * This program is free software; you can redistribute it and/or modify it |
| 6 | * under the terms of the GNU General Public License version 2 as published by |
| 7 | * the Free Software Foundation. |
| 8 | */ |
| 9 | |
| 10 | #include <linux/fs.h> |
| 11 | #include <linux/namei.h> |
| 12 | #include <linux/xattr.h> |
| 13 | #include <linux/security.h> |
| 14 | #include <linux/cred.h> |
| 15 | #include <linux/module.h> |
| 16 | #include <linux/posix_acl.h> |
| 17 | #include <linux/posix_acl_xattr.h> |
| 18 | #include <linux/atomic.h> |
| 19 | #include <linux/ratelimit.h> |
| 20 | #include "overlayfs.h" |
| 21 | |
| 22 | static unsigned short ovl_redirect_max = 256; |
| 23 | module_param_named(redirect_max, ovl_redirect_max, ushort, 0644); |
| 24 | MODULE_PARM_DESC(ovl_redirect_max, |
| 25 | "Maximum length of absolute redirect xattr value"); |
| 26 | |
| 27 | int ovl_cleanup(struct inode *wdir, struct dentry *wdentry) |
| 28 | { |
| 29 | int err; |
| 30 | |
| 31 | dget(wdentry); |
| 32 | if (d_is_dir(wdentry)) |
| 33 | err = ovl_do_rmdir(wdir, wdentry); |
| 34 | else |
| 35 | err = ovl_do_unlink(wdir, wdentry); |
| 36 | dput(wdentry); |
| 37 | |
| 38 | if (err) { |
| 39 | pr_err("overlayfs: cleanup of '%pd2' failed (%i)\n", |
| 40 | wdentry, err); |
| 41 | } |
| 42 | |
| 43 | return err; |
| 44 | } |
| 45 | |
| 46 | struct dentry *ovl_lookup_temp(struct dentry *workdir) |
| 47 | { |
| 48 | struct dentry *temp; |
| 49 | char name[20]; |
| 50 | static atomic_t temp_id = ATOMIC_INIT(0); |
| 51 | |
| 52 | /* counter is allowed to wrap, since temp dentries are ephemeral */ |
| 53 | snprintf(name, sizeof(name), "#%x", atomic_inc_return(&temp_id)); |
| 54 | |
| 55 | temp = lookup_one_len(name, workdir, strlen(name)); |
| 56 | if (!IS_ERR(temp) && temp->d_inode) { |
| 57 | pr_err("overlayfs: workdir/%s already exists\n", name); |
| 58 | dput(temp); |
| 59 | temp = ERR_PTR(-EIO); |
| 60 | } |
| 61 | |
| 62 | return temp; |
| 63 | } |
| 64 | |
| 65 | /* caller holds i_mutex on workdir */ |
| 66 | static struct dentry *ovl_whiteout(struct dentry *workdir, |
| 67 | struct dentry *dentry) |
| 68 | { |
| 69 | int err; |
| 70 | struct dentry *whiteout; |
| 71 | struct inode *wdir = workdir->d_inode; |
| 72 | |
| 73 | whiteout = ovl_lookup_temp(workdir); |
| 74 | if (IS_ERR(whiteout)) |
| 75 | return whiteout; |
| 76 | |
| 77 | err = ovl_do_whiteout(wdir, whiteout); |
| 78 | if (err) { |
| 79 | dput(whiteout); |
| 80 | whiteout = ERR_PTR(err); |
| 81 | } |
| 82 | |
| 83 | return whiteout; |
| 84 | } |
| 85 | |
| 86 | int ovl_create_real(struct inode *dir, struct dentry *newdentry, |
| 87 | struct cattr *attr, struct dentry *hardlink, bool debug) |
| 88 | { |
| 89 | int err; |
| 90 | |
| 91 | if (newdentry->d_inode) |
| 92 | return -ESTALE; |
| 93 | |
| 94 | if (hardlink) { |
| 95 | err = ovl_do_link(hardlink, dir, newdentry, debug); |
| 96 | } else { |
| 97 | switch (attr->mode & S_IFMT) { |
| 98 | case S_IFREG: |
| 99 | err = ovl_do_create(dir, newdentry, attr->mode, debug); |
| 100 | break; |
| 101 | |
| 102 | case S_IFDIR: |
| 103 | err = ovl_do_mkdir(dir, newdentry, attr->mode, debug); |
| 104 | break; |
| 105 | |
| 106 | case S_IFCHR: |
| 107 | case S_IFBLK: |
| 108 | case S_IFIFO: |
| 109 | case S_IFSOCK: |
| 110 | err = ovl_do_mknod(dir, newdentry, |
| 111 | attr->mode, attr->rdev, debug); |
| 112 | break; |
| 113 | |
| 114 | case S_IFLNK: |
| 115 | err = ovl_do_symlink(dir, newdentry, attr->link, debug); |
| 116 | break; |
| 117 | |
| 118 | default: |
| 119 | err = -EPERM; |
| 120 | } |
| 121 | } |
| 122 | if (!err && WARN_ON(!newdentry->d_inode)) { |
| 123 | /* |
| 124 | * Not quite sure if non-instantiated dentry is legal or not. |
| 125 | * VFS doesn't seem to care so check and warn here. |
| 126 | */ |
| 127 | err = -ENOENT; |
| 128 | } |
| 129 | return err; |
| 130 | } |
| 131 | |
| 132 | static int ovl_set_opaque_xerr(struct dentry *dentry, struct dentry *upper, |
| 133 | int xerr) |
| 134 | { |
| 135 | int err; |
| 136 | |
| 137 | err = ovl_check_setxattr(dentry, upper, OVL_XATTR_OPAQUE, "y", 1, xerr); |
| 138 | if (!err) |
| 139 | ovl_dentry_set_opaque(dentry); |
| 140 | |
| 141 | return err; |
| 142 | } |
| 143 | |
| 144 | static int ovl_set_opaque(struct dentry *dentry, struct dentry *upperdentry) |
| 145 | { |
| 146 | /* |
| 147 | * Fail with -EIO when trying to create opaque dir and upper doesn't |
| 148 | * support xattrs. ovl_rename() calls ovl_set_opaque_xerr(-EXDEV) to |
| 149 | * return a specific error for noxattr case. |
| 150 | */ |
| 151 | return ovl_set_opaque_xerr(dentry, upperdentry, -EIO); |
| 152 | } |
| 153 | |
| 154 | /* Common operations required to be done after creation of file on upper */ |
| 155 | static void ovl_instantiate(struct dentry *dentry, struct inode *inode, |
| 156 | struct dentry *newdentry, bool hardlink) |
| 157 | { |
| 158 | ovl_dentry_version_inc(dentry->d_parent, false); |
| 159 | ovl_dentry_set_upper_alias(dentry); |
| 160 | if (!hardlink) { |
| 161 | ovl_inode_update(inode, newdentry); |
| 162 | ovl_copyattr(newdentry->d_inode, inode); |
| 163 | } else { |
| 164 | WARN_ON(ovl_inode_real(inode) != d_inode(newdentry)); |
| 165 | dput(newdentry); |
| 166 | inc_nlink(inode); |
| 167 | } |
| 168 | d_instantiate(dentry, inode); |
| 169 | /* Force lookup of new upper hardlink to find its lower */ |
| 170 | if (hardlink) |
| 171 | d_drop(dentry); |
| 172 | } |
| 173 | |
| 174 | static bool ovl_type_merge(struct dentry *dentry) |
| 175 | { |
| 176 | return OVL_TYPE_MERGE(ovl_path_type(dentry)); |
| 177 | } |
| 178 | |
| 179 | static bool ovl_type_origin(struct dentry *dentry) |
| 180 | { |
| 181 | return OVL_TYPE_ORIGIN(ovl_path_type(dentry)); |
| 182 | } |
| 183 | |
| 184 | static int ovl_create_upper(struct dentry *dentry, struct inode *inode, |
| 185 | struct cattr *attr, struct dentry *hardlink) |
| 186 | { |
| 187 | struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); |
| 188 | struct inode *udir = upperdir->d_inode; |
| 189 | struct dentry *newdentry; |
| 190 | int err; |
| 191 | |
| 192 | if (!hardlink && !IS_POSIXACL(udir)) |
| 193 | attr->mode &= ~current_umask(); |
| 194 | |
| 195 | inode_lock_nested(udir, I_MUTEX_PARENT); |
| 196 | newdentry = lookup_one_len(dentry->d_name.name, upperdir, |
| 197 | dentry->d_name.len); |
| 198 | err = PTR_ERR(newdentry); |
| 199 | if (IS_ERR(newdentry)) |
| 200 | goto out_unlock; |
| 201 | err = ovl_create_real(udir, newdentry, attr, hardlink, false); |
| 202 | if (err) |
| 203 | goto out_dput; |
| 204 | |
| 205 | if (ovl_type_merge(dentry->d_parent) && d_is_dir(newdentry)) { |
| 206 | /* Setting opaque here is just an optimization, allow to fail */ |
| 207 | ovl_set_opaque(dentry, newdentry); |
| 208 | } |
| 209 | |
| 210 | ovl_instantiate(dentry, inode, newdentry, !!hardlink); |
| 211 | newdentry = NULL; |
| 212 | out_dput: |
| 213 | dput(newdentry); |
| 214 | out_unlock: |
| 215 | inode_unlock(udir); |
| 216 | return err; |
| 217 | } |
| 218 | |
| 219 | static struct dentry *ovl_clear_empty(struct dentry *dentry, |
| 220 | struct list_head *list) |
| 221 | { |
| 222 | struct dentry *workdir = ovl_workdir(dentry); |
| 223 | struct inode *wdir = workdir->d_inode; |
| 224 | struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); |
| 225 | struct inode *udir = upperdir->d_inode; |
| 226 | struct path upperpath; |
| 227 | struct dentry *upper; |
| 228 | struct dentry *opaquedir; |
| 229 | struct kstat stat; |
| 230 | int err; |
| 231 | |
| 232 | if (WARN_ON(!workdir)) |
| 233 | return ERR_PTR(-EROFS); |
| 234 | |
| 235 | err = ovl_lock_rename_workdir(workdir, upperdir); |
| 236 | if (err) |
| 237 | goto out; |
| 238 | |
| 239 | ovl_path_upper(dentry, &upperpath); |
| 240 | err = vfs_getattr(&upperpath, &stat, |
| 241 | STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT); |
| 242 | if (err) |
| 243 | goto out_unlock; |
| 244 | |
| 245 | err = -ESTALE; |
| 246 | if (!S_ISDIR(stat.mode)) |
| 247 | goto out_unlock; |
| 248 | upper = upperpath.dentry; |
| 249 | if (upper->d_parent->d_inode != udir) |
| 250 | goto out_unlock; |
| 251 | |
| 252 | opaquedir = ovl_lookup_temp(workdir); |
| 253 | err = PTR_ERR(opaquedir); |
| 254 | if (IS_ERR(opaquedir)) |
| 255 | goto out_unlock; |
| 256 | |
| 257 | err = ovl_create_real(wdir, opaquedir, |
| 258 | &(struct cattr){.mode = stat.mode}, NULL, true); |
| 259 | if (err) |
| 260 | goto out_dput; |
| 261 | |
| 262 | err = ovl_copy_xattr(upper, opaquedir); |
| 263 | if (err) |
| 264 | goto out_cleanup; |
| 265 | |
| 266 | err = ovl_set_opaque(dentry, opaquedir); |
| 267 | if (err) |
| 268 | goto out_cleanup; |
| 269 | |
| 270 | inode_lock(opaquedir->d_inode); |
| 271 | err = ovl_set_attr(opaquedir, &stat); |
| 272 | inode_unlock(opaquedir->d_inode); |
| 273 | if (err) |
| 274 | goto out_cleanup; |
| 275 | |
| 276 | err = ovl_do_rename(wdir, opaquedir, udir, upper, RENAME_EXCHANGE); |
| 277 | if (err) |
| 278 | goto out_cleanup; |
| 279 | |
| 280 | ovl_cleanup_whiteouts(upper, list); |
| 281 | ovl_cleanup(wdir, upper); |
| 282 | unlock_rename(workdir, upperdir); |
| 283 | |
| 284 | /* dentry's upper doesn't match now, get rid of it */ |
| 285 | d_drop(dentry); |
| 286 | |
| 287 | return opaquedir; |
| 288 | |
| 289 | out_cleanup: |
| 290 | ovl_cleanup(wdir, opaquedir); |
| 291 | out_dput: |
| 292 | dput(opaquedir); |
| 293 | out_unlock: |
| 294 | unlock_rename(workdir, upperdir); |
| 295 | out: |
| 296 | return ERR_PTR(err); |
| 297 | } |
| 298 | |
| 299 | static struct dentry *ovl_check_empty_and_clear(struct dentry *dentry) |
| 300 | { |
| 301 | int err; |
| 302 | struct dentry *ret = NULL; |
| 303 | enum ovl_path_type type = ovl_path_type(dentry); |
| 304 | LIST_HEAD(list); |
| 305 | |
| 306 | err = ovl_check_empty_dir(dentry, &list); |
| 307 | if (err) { |
| 308 | ret = ERR_PTR(err); |
| 309 | goto out_free; |
| 310 | } |
| 311 | |
| 312 | /* |
| 313 | * When removing an empty opaque directory, then it makes no sense to |
| 314 | * replace it with an exact replica of itself. |
| 315 | * |
| 316 | * If no upperdentry then skip clearing whiteouts. |
| 317 | * |
| 318 | * Can race with copy-up, since we don't hold the upperdir mutex. |
| 319 | * Doesn't matter, since copy-up can't create a non-empty directory |
| 320 | * from an empty one. |
| 321 | */ |
| 322 | if (OVL_TYPE_UPPER(type) && OVL_TYPE_MERGE(type)) |
| 323 | ret = ovl_clear_empty(dentry, &list); |
| 324 | |
| 325 | out_free: |
| 326 | ovl_cache_free(&list); |
| 327 | |
| 328 | return ret; |
| 329 | } |
| 330 | |
| 331 | static int ovl_set_upper_acl(struct dentry *upperdentry, const char *name, |
| 332 | const struct posix_acl *acl) |
| 333 | { |
| 334 | void *buffer; |
| 335 | size_t size; |
| 336 | int err; |
| 337 | |
| 338 | if (!IS_ENABLED(CONFIG_FS_POSIX_ACL) || !acl) |
| 339 | return 0; |
| 340 | |
| 341 | size = posix_acl_to_xattr(NULL, acl, NULL, 0); |
| 342 | buffer = kmalloc(size, GFP_KERNEL); |
| 343 | if (!buffer) |
| 344 | return -ENOMEM; |
| 345 | |
| 346 | size = posix_acl_to_xattr(&init_user_ns, acl, buffer, size); |
| 347 | err = size; |
| 348 | if (err < 0) |
| 349 | goto out_free; |
| 350 | |
| 351 | err = vfs_setxattr(upperdentry, name, buffer, size, XATTR_CREATE); |
| 352 | out_free: |
| 353 | kfree(buffer); |
| 354 | return err; |
| 355 | } |
| 356 | |
| 357 | static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode, |
| 358 | struct cattr *cattr, |
| 359 | struct dentry *hardlink) |
| 360 | { |
| 361 | struct dentry *workdir = ovl_workdir(dentry); |
| 362 | struct inode *wdir = workdir->d_inode; |
| 363 | struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); |
| 364 | struct inode *udir = upperdir->d_inode; |
| 365 | struct dentry *upper; |
| 366 | struct dentry *newdentry; |
| 367 | int err; |
| 368 | struct posix_acl *acl, *default_acl; |
| 369 | |
| 370 | if (WARN_ON(!workdir)) |
| 371 | return -EROFS; |
| 372 | |
| 373 | if (!hardlink) { |
| 374 | err = posix_acl_create(dentry->d_parent->d_inode, |
| 375 | &cattr->mode, &default_acl, &acl); |
| 376 | if (err) |
| 377 | return err; |
| 378 | } |
| 379 | |
| 380 | err = ovl_lock_rename_workdir(workdir, upperdir); |
| 381 | if (err) |
| 382 | goto out; |
| 383 | |
| 384 | newdentry = ovl_lookup_temp(workdir); |
| 385 | err = PTR_ERR(newdentry); |
| 386 | if (IS_ERR(newdentry)) |
| 387 | goto out_unlock; |
| 388 | |
| 389 | upper = lookup_one_len(dentry->d_name.name, upperdir, |
| 390 | dentry->d_name.len); |
| 391 | err = PTR_ERR(upper); |
| 392 | if (IS_ERR(upper)) |
| 393 | goto out_dput; |
| 394 | |
| 395 | err = -ESTALE; |
| 396 | if (d_is_negative(upper) || !IS_WHITEOUT(d_inode(upper))) |
| 397 | goto out_dput2; |
| 398 | |
| 399 | err = ovl_create_real(wdir, newdentry, cattr, hardlink, true); |
| 400 | if (err) |
| 401 | goto out_dput2; |
| 402 | |
| 403 | /* |
| 404 | * mode could have been mutilated due to umask (e.g. sgid directory) |
| 405 | */ |
| 406 | if (!hardlink && |
| 407 | !S_ISLNK(cattr->mode) && |
| 408 | newdentry->d_inode->i_mode != cattr->mode) { |
| 409 | struct iattr attr = { |
| 410 | .ia_valid = ATTR_MODE, |
| 411 | .ia_mode = cattr->mode, |
| 412 | }; |
| 413 | inode_lock(newdentry->d_inode); |
| 414 | err = notify_change(newdentry, &attr, NULL); |
| 415 | inode_unlock(newdentry->d_inode); |
| 416 | if (err) |
| 417 | goto out_cleanup; |
| 418 | } |
| 419 | if (!hardlink) { |
| 420 | err = ovl_set_upper_acl(newdentry, XATTR_NAME_POSIX_ACL_ACCESS, |
| 421 | acl); |
| 422 | if (err) |
| 423 | goto out_cleanup; |
| 424 | |
| 425 | err = ovl_set_upper_acl(newdentry, XATTR_NAME_POSIX_ACL_DEFAULT, |
| 426 | default_acl); |
| 427 | if (err) |
| 428 | goto out_cleanup; |
| 429 | } |
| 430 | |
| 431 | if (!hardlink && S_ISDIR(cattr->mode)) { |
| 432 | err = ovl_set_opaque(dentry, newdentry); |
| 433 | if (err) |
| 434 | goto out_cleanup; |
| 435 | |
| 436 | err = ovl_do_rename(wdir, newdentry, udir, upper, |
| 437 | RENAME_EXCHANGE); |
| 438 | if (err) |
| 439 | goto out_cleanup; |
| 440 | |
| 441 | ovl_cleanup(wdir, upper); |
| 442 | } else { |
| 443 | err = ovl_do_rename(wdir, newdentry, udir, upper, 0); |
| 444 | if (err) |
| 445 | goto out_cleanup; |
| 446 | } |
| 447 | ovl_instantiate(dentry, inode, newdentry, !!hardlink); |
| 448 | newdentry = NULL; |
| 449 | out_dput2: |
| 450 | dput(upper); |
| 451 | out_dput: |
| 452 | dput(newdentry); |
| 453 | out_unlock: |
| 454 | unlock_rename(workdir, upperdir); |
| 455 | out: |
| 456 | if (!hardlink) { |
| 457 | posix_acl_release(acl); |
| 458 | posix_acl_release(default_acl); |
| 459 | } |
| 460 | return err; |
| 461 | |
| 462 | out_cleanup: |
| 463 | ovl_cleanup(wdir, newdentry); |
| 464 | goto out_dput2; |
| 465 | } |
| 466 | |
| 467 | static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, |
| 468 | struct cattr *attr, struct dentry *hardlink, |
| 469 | bool origin) |
| 470 | { |
| 471 | int err; |
| 472 | const struct cred *old_cred; |
| 473 | struct cred *override_cred; |
| 474 | struct dentry *parent = dentry->d_parent; |
| 475 | |
| 476 | err = ovl_copy_up(parent); |
| 477 | if (err) |
| 478 | return err; |
| 479 | |
| 480 | old_cred = ovl_override_creds(dentry->d_sb); |
| 481 | |
| 482 | /* |
| 483 | * When linking a file with copy up origin into a new parent, mark the |
| 484 | * new parent dir "impure". |
| 485 | */ |
| 486 | if (origin) { |
| 487 | err = ovl_set_impure(parent, ovl_dentry_upper(parent)); |
| 488 | if (err) |
| 489 | goto out_revert_creds; |
| 490 | } |
| 491 | |
| 492 | err = -ENOMEM; |
| 493 | override_cred = prepare_creds(); |
| 494 | if (override_cred) { |
| 495 | override_cred->fsuid = inode->i_uid; |
| 496 | override_cred->fsgid = inode->i_gid; |
| 497 | if (!hardlink) { |
| 498 | err = security_dentry_create_files_as(dentry, |
| 499 | attr->mode, &dentry->d_name, old_cred, |
| 500 | override_cred); |
| 501 | if (err) { |
| 502 | put_cred(override_cred); |
| 503 | goto out_revert_creds; |
| 504 | } |
| 505 | } |
| 506 | put_cred(override_creds(override_cred)); |
| 507 | put_cred(override_cred); |
| 508 | |
| 509 | if (!ovl_dentry_is_whiteout(dentry)) |
| 510 | err = ovl_create_upper(dentry, inode, attr, |
| 511 | hardlink); |
| 512 | else |
| 513 | err = ovl_create_over_whiteout(dentry, inode, attr, |
| 514 | hardlink); |
| 515 | } |
| 516 | out_revert_creds: |
| 517 | revert_creds(old_cred); |
| 518 | if (!err) { |
| 519 | struct inode *realinode = d_inode(ovl_dentry_upper(dentry)); |
| 520 | |
| 521 | WARN_ON(inode->i_mode != realinode->i_mode); |
| 522 | WARN_ON(!uid_eq(inode->i_uid, realinode->i_uid)); |
| 523 | WARN_ON(!gid_eq(inode->i_gid, realinode->i_gid)); |
| 524 | } |
| 525 | return err; |
| 526 | } |
| 527 | |
| 528 | static int ovl_create_object(struct dentry *dentry, int mode, dev_t rdev, |
| 529 | const char *link) |
| 530 | { |
| 531 | int err; |
| 532 | struct inode *inode; |
| 533 | struct cattr attr = { |
| 534 | .rdev = rdev, |
| 535 | .link = link, |
| 536 | }; |
| 537 | |
| 538 | err = ovl_want_write(dentry); |
| 539 | if (err) |
| 540 | goto out; |
| 541 | |
| 542 | err = -ENOMEM; |
| 543 | inode = ovl_new_inode(dentry->d_sb, mode, rdev); |
| 544 | if (!inode) |
| 545 | goto out_drop_write; |
| 546 | |
| 547 | inode_init_owner(inode, dentry->d_parent->d_inode, mode); |
| 548 | attr.mode = inode->i_mode; |
| 549 | |
| 550 | err = ovl_create_or_link(dentry, inode, &attr, NULL, false); |
| 551 | if (err) |
| 552 | iput(inode); |
| 553 | |
| 554 | out_drop_write: |
| 555 | ovl_drop_write(dentry); |
| 556 | out: |
| 557 | return err; |
| 558 | } |
| 559 | |
| 560 | static int ovl_create(struct inode *dir, struct dentry *dentry, umode_t mode, |
| 561 | bool excl) |
| 562 | { |
| 563 | return ovl_create_object(dentry, (mode & 07777) | S_IFREG, 0, NULL); |
| 564 | } |
| 565 | |
| 566 | static int ovl_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) |
| 567 | { |
| 568 | return ovl_create_object(dentry, (mode & 07777) | S_IFDIR, 0, NULL); |
| 569 | } |
| 570 | |
| 571 | static int ovl_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, |
| 572 | dev_t rdev) |
| 573 | { |
| 574 | /* Don't allow creation of "whiteout" on overlay */ |
| 575 | if (S_ISCHR(mode) && rdev == WHITEOUT_DEV) |
| 576 | return -EPERM; |
| 577 | |
| 578 | return ovl_create_object(dentry, mode, rdev, NULL); |
| 579 | } |
| 580 | |
| 581 | static int ovl_symlink(struct inode *dir, struct dentry *dentry, |
| 582 | const char *link) |
| 583 | { |
| 584 | return ovl_create_object(dentry, S_IFLNK, 0, link); |
| 585 | } |
| 586 | |
| 587 | static int ovl_link(struct dentry *old, struct inode *newdir, |
| 588 | struct dentry *new) |
| 589 | { |
| 590 | int err; |
| 591 | bool locked = false; |
| 592 | struct inode *inode; |
| 593 | |
| 594 | err = ovl_want_write(old); |
| 595 | if (err) |
| 596 | goto out; |
| 597 | |
| 598 | err = ovl_copy_up(old); |
| 599 | if (err) |
| 600 | goto out_drop_write; |
| 601 | |
| 602 | err = ovl_copy_up(new->d_parent); |
| 603 | if (err) |
| 604 | goto out_drop_write; |
| 605 | |
| 606 | |
| 607 | err = ovl_nlink_start(old, &locked); |
| 608 | if (err) |
| 609 | goto out_drop_write; |
| 610 | |
| 611 | inode = d_inode(old); |
| 612 | ihold(inode); |
| 613 | |
| 614 | err = ovl_create_or_link(new, inode, NULL, ovl_dentry_upper(old), |
| 615 | ovl_type_origin(old)); |
| 616 | if (err) |
| 617 | iput(inode); |
| 618 | |
| 619 | ovl_nlink_end(old, locked); |
| 620 | out_drop_write: |
| 621 | ovl_drop_write(old); |
| 622 | out: |
| 623 | return err; |
| 624 | } |
| 625 | |
| 626 | static bool ovl_matches_upper(struct dentry *dentry, struct dentry *upper) |
| 627 | { |
| 628 | return d_inode(ovl_dentry_upper(dentry)) == d_inode(upper); |
| 629 | } |
| 630 | |
| 631 | static int ovl_remove_and_whiteout(struct dentry *dentry, bool is_dir) |
| 632 | { |
| 633 | struct dentry *workdir = ovl_workdir(dentry); |
| 634 | struct inode *wdir = workdir->d_inode; |
| 635 | struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); |
| 636 | struct inode *udir = upperdir->d_inode; |
| 637 | struct dentry *whiteout; |
| 638 | struct dentry *upper; |
| 639 | struct dentry *opaquedir = NULL; |
| 640 | int err; |
| 641 | int flags = 0; |
| 642 | |
| 643 | if (WARN_ON(!workdir)) |
| 644 | return -EROFS; |
| 645 | |
| 646 | if (is_dir) { |
| 647 | opaquedir = ovl_check_empty_and_clear(dentry); |
| 648 | err = PTR_ERR(opaquedir); |
| 649 | if (IS_ERR(opaquedir)) |
| 650 | goto out; |
| 651 | } |
| 652 | |
| 653 | err = ovl_lock_rename_workdir(workdir, upperdir); |
| 654 | if (err) |
| 655 | goto out_dput; |
| 656 | |
| 657 | upper = lookup_one_len(dentry->d_name.name, upperdir, |
| 658 | dentry->d_name.len); |
| 659 | err = PTR_ERR(upper); |
| 660 | if (IS_ERR(upper)) |
| 661 | goto out_unlock; |
| 662 | |
| 663 | err = -ESTALE; |
| 664 | if ((opaquedir && upper != opaquedir) || |
| 665 | (!opaquedir && ovl_dentry_upper(dentry) && |
| 666 | !ovl_matches_upper(dentry, upper))) { |
| 667 | goto out_dput_upper; |
| 668 | } |
| 669 | |
| 670 | whiteout = ovl_whiteout(workdir, dentry); |
| 671 | err = PTR_ERR(whiteout); |
| 672 | if (IS_ERR(whiteout)) |
| 673 | goto out_dput_upper; |
| 674 | |
| 675 | if (d_is_dir(upper)) |
| 676 | flags = RENAME_EXCHANGE; |
| 677 | |
| 678 | err = ovl_do_rename(wdir, whiteout, udir, upper, flags); |
| 679 | if (err) |
| 680 | goto kill_whiteout; |
| 681 | if (flags) |
| 682 | ovl_cleanup(wdir, upper); |
| 683 | |
| 684 | ovl_dentry_version_inc(dentry->d_parent, true); |
| 685 | out_d_drop: |
| 686 | d_drop(dentry); |
| 687 | dput(whiteout); |
| 688 | out_dput_upper: |
| 689 | dput(upper); |
| 690 | out_unlock: |
| 691 | unlock_rename(workdir, upperdir); |
| 692 | out_dput: |
| 693 | dput(opaquedir); |
| 694 | out: |
| 695 | return err; |
| 696 | |
| 697 | kill_whiteout: |
| 698 | ovl_cleanup(wdir, whiteout); |
| 699 | goto out_d_drop; |
| 700 | } |
| 701 | |
| 702 | static int ovl_remove_upper(struct dentry *dentry, bool is_dir) |
| 703 | { |
| 704 | struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); |
| 705 | struct inode *dir = upperdir->d_inode; |
| 706 | struct dentry *upper; |
| 707 | struct dentry *opaquedir = NULL; |
| 708 | int err; |
| 709 | |
| 710 | /* Redirect dir can be !ovl_lower_positive && OVL_TYPE_MERGE */ |
| 711 | if (is_dir && ovl_dentry_get_redirect(dentry)) { |
| 712 | opaquedir = ovl_check_empty_and_clear(dentry); |
| 713 | err = PTR_ERR(opaquedir); |
| 714 | if (IS_ERR(opaquedir)) |
| 715 | goto out; |
| 716 | } |
| 717 | |
| 718 | inode_lock_nested(dir, I_MUTEX_PARENT); |
| 719 | upper = lookup_one_len(dentry->d_name.name, upperdir, |
| 720 | dentry->d_name.len); |
| 721 | err = PTR_ERR(upper); |
| 722 | if (IS_ERR(upper)) |
| 723 | goto out_unlock; |
| 724 | |
| 725 | err = -ESTALE; |
| 726 | if ((opaquedir && upper != opaquedir) || |
| 727 | (!opaquedir && !ovl_matches_upper(dentry, upper))) |
| 728 | goto out_dput_upper; |
| 729 | |
| 730 | if (is_dir) |
| 731 | err = vfs_rmdir(dir, upper); |
| 732 | else |
| 733 | err = vfs_unlink(dir, upper, NULL); |
| 734 | ovl_dentry_version_inc(dentry->d_parent, ovl_type_origin(dentry)); |
| 735 | |
| 736 | /* |
| 737 | * Keeping this dentry hashed would mean having to release |
| 738 | * upperpath/lowerpath, which could only be done if we are the |
| 739 | * sole user of this dentry. Too tricky... Just unhash for |
| 740 | * now. |
| 741 | */ |
| 742 | if (!err) |
| 743 | d_drop(dentry); |
| 744 | out_dput_upper: |
| 745 | dput(upper); |
| 746 | out_unlock: |
| 747 | inode_unlock(dir); |
| 748 | dput(opaquedir); |
| 749 | out: |
| 750 | return err; |
| 751 | } |
| 752 | |
| 753 | static int ovl_do_remove(struct dentry *dentry, bool is_dir) |
| 754 | { |
| 755 | int err; |
| 756 | bool locked = false; |
| 757 | const struct cred *old_cred; |
| 758 | |
| 759 | err = ovl_want_write(dentry); |
| 760 | if (err) |
| 761 | goto out; |
| 762 | |
| 763 | err = ovl_copy_up(dentry->d_parent); |
| 764 | if (err) |
| 765 | goto out_drop_write; |
| 766 | |
| 767 | err = ovl_nlink_start(dentry, &locked); |
| 768 | if (err) |
| 769 | goto out_drop_write; |
| 770 | |
| 771 | old_cred = ovl_override_creds(dentry->d_sb); |
| 772 | if (!ovl_lower_positive(dentry)) |
| 773 | err = ovl_remove_upper(dentry, is_dir); |
| 774 | else |
| 775 | err = ovl_remove_and_whiteout(dentry, is_dir); |
| 776 | revert_creds(old_cred); |
| 777 | if (!err) { |
| 778 | if (is_dir) |
| 779 | clear_nlink(dentry->d_inode); |
| 780 | else |
| 781 | drop_nlink(dentry->d_inode); |
| 782 | } |
| 783 | ovl_nlink_end(dentry, locked); |
| 784 | out_drop_write: |
| 785 | ovl_drop_write(dentry); |
| 786 | out: |
| 787 | return err; |
| 788 | } |
| 789 | |
| 790 | static int ovl_unlink(struct inode *dir, struct dentry *dentry) |
| 791 | { |
| 792 | return ovl_do_remove(dentry, false); |
| 793 | } |
| 794 | |
| 795 | static int ovl_rmdir(struct inode *dir, struct dentry *dentry) |
| 796 | { |
| 797 | return ovl_do_remove(dentry, true); |
| 798 | } |
| 799 | |
| 800 | static bool ovl_type_merge_or_lower(struct dentry *dentry) |
| 801 | { |
| 802 | enum ovl_path_type type = ovl_path_type(dentry); |
| 803 | |
| 804 | return OVL_TYPE_MERGE(type) || !OVL_TYPE_UPPER(type); |
| 805 | } |
| 806 | |
| 807 | static bool ovl_can_move(struct dentry *dentry) |
| 808 | { |
| 809 | return ovl_redirect_dir(dentry->d_sb) || |
| 810 | !d_is_dir(dentry) || !ovl_type_merge_or_lower(dentry); |
| 811 | } |
| 812 | |
| 813 | static char *ovl_get_redirect(struct dentry *dentry, bool samedir) |
| 814 | { |
| 815 | char *buf, *ret; |
| 816 | struct dentry *d, *tmp; |
| 817 | int buflen = ovl_redirect_max + 1; |
| 818 | |
| 819 | if (samedir) { |
| 820 | ret = kstrndup(dentry->d_name.name, dentry->d_name.len, |
| 821 | GFP_KERNEL); |
| 822 | goto out; |
| 823 | } |
| 824 | |
| 825 | buf = ret = kmalloc(buflen, GFP_KERNEL); |
| 826 | if (!buf) |
| 827 | goto out; |
| 828 | |
| 829 | buflen--; |
| 830 | buf[buflen] = '\0'; |
| 831 | for (d = dget(dentry); !IS_ROOT(d);) { |
| 832 | const char *name; |
| 833 | int thislen; |
| 834 | |
| 835 | spin_lock(&d->d_lock); |
| 836 | name = ovl_dentry_get_redirect(d); |
| 837 | if (name) { |
| 838 | thislen = strlen(name); |
| 839 | } else { |
| 840 | name = d->d_name.name; |
| 841 | thislen = d->d_name.len; |
| 842 | } |
| 843 | |
| 844 | /* If path is too long, fall back to userspace move */ |
| 845 | if (thislen + (name[0] != '/') > buflen) { |
| 846 | ret = ERR_PTR(-EXDEV); |
| 847 | spin_unlock(&d->d_lock); |
| 848 | goto out_put; |
| 849 | } |
| 850 | |
| 851 | buflen -= thislen; |
| 852 | memcpy(&buf[buflen], name, thislen); |
| 853 | tmp = dget_dlock(d->d_parent); |
| 854 | spin_unlock(&d->d_lock); |
| 855 | |
| 856 | dput(d); |
| 857 | d = tmp; |
| 858 | |
| 859 | /* Absolute redirect: finished */ |
| 860 | if (buf[buflen] == '/') |
| 861 | break; |
| 862 | buflen--; |
| 863 | buf[buflen] = '/'; |
| 864 | } |
| 865 | ret = kstrdup(&buf[buflen], GFP_KERNEL); |
| 866 | out_put: |
| 867 | dput(d); |
| 868 | kfree(buf); |
| 869 | out: |
| 870 | return ret ? ret : ERR_PTR(-ENOMEM); |
| 871 | } |
| 872 | |
| 873 | static int ovl_set_redirect(struct dentry *dentry, bool samedir) |
| 874 | { |
| 875 | int err; |
| 876 | const char *redirect = ovl_dentry_get_redirect(dentry); |
| 877 | |
| 878 | if (redirect && (samedir || redirect[0] == '/')) |
| 879 | return 0; |
| 880 | |
| 881 | redirect = ovl_get_redirect(dentry, samedir); |
| 882 | if (IS_ERR(redirect)) |
| 883 | return PTR_ERR(redirect); |
| 884 | |
| 885 | err = ovl_check_setxattr(dentry, ovl_dentry_upper(dentry), |
| 886 | OVL_XATTR_REDIRECT, |
| 887 | redirect, strlen(redirect), -EXDEV); |
| 888 | if (!err) { |
| 889 | spin_lock(&dentry->d_lock); |
| 890 | ovl_dentry_set_redirect(dentry, redirect); |
| 891 | spin_unlock(&dentry->d_lock); |
| 892 | } else { |
| 893 | kfree(redirect); |
| 894 | pr_warn_ratelimited("overlay: failed to set redirect (%i)\n", err); |
| 895 | /* Fall back to userspace copy-up */ |
| 896 | err = -EXDEV; |
| 897 | } |
| 898 | return err; |
| 899 | } |
| 900 | |
| 901 | static int ovl_rename(struct inode *olddir, struct dentry *old, |
| 902 | struct inode *newdir, struct dentry *new, |
| 903 | unsigned int flags) |
| 904 | { |
| 905 | int err; |
| 906 | bool locked = false; |
| 907 | struct dentry *old_upperdir; |
| 908 | struct dentry *new_upperdir; |
| 909 | struct dentry *olddentry; |
| 910 | struct dentry *newdentry; |
| 911 | struct dentry *trap; |
| 912 | bool old_opaque; |
| 913 | bool new_opaque; |
| 914 | bool cleanup_whiteout = false; |
| 915 | bool overwrite = !(flags & RENAME_EXCHANGE); |
| 916 | bool is_dir = d_is_dir(old); |
| 917 | bool new_is_dir = d_is_dir(new); |
| 918 | bool samedir = olddir == newdir; |
| 919 | struct dentry *opaquedir = NULL; |
| 920 | const struct cred *old_cred = NULL; |
| 921 | |
| 922 | err = -EINVAL; |
| 923 | if (flags & ~(RENAME_EXCHANGE | RENAME_NOREPLACE)) |
| 924 | goto out; |
| 925 | |
| 926 | flags &= ~RENAME_NOREPLACE; |
| 927 | |
| 928 | /* Don't copy up directory trees */ |
| 929 | err = -EXDEV; |
| 930 | if (!ovl_can_move(old)) |
| 931 | goto out; |
| 932 | if (!overwrite && !ovl_can_move(new)) |
| 933 | goto out; |
| 934 | |
| 935 | err = ovl_want_write(old); |
| 936 | if (err) |
| 937 | goto out; |
| 938 | |
| 939 | err = ovl_copy_up(old); |
| 940 | if (err) |
| 941 | goto out_drop_write; |
| 942 | |
| 943 | err = ovl_copy_up(new->d_parent); |
| 944 | if (err) |
| 945 | goto out_drop_write; |
| 946 | if (!overwrite) { |
| 947 | err = ovl_copy_up(new); |
| 948 | if (err) |
| 949 | goto out_drop_write; |
| 950 | } else { |
| 951 | err = ovl_nlink_start(new, &locked); |
| 952 | if (err) |
| 953 | goto out_drop_write; |
| 954 | } |
| 955 | |
| 956 | old_cred = ovl_override_creds(old->d_sb); |
| 957 | |
| 958 | if (overwrite && new_is_dir && ovl_type_merge_or_lower(new)) { |
| 959 | opaquedir = ovl_check_empty_and_clear(new); |
| 960 | err = PTR_ERR(opaquedir); |
| 961 | if (IS_ERR(opaquedir)) { |
| 962 | opaquedir = NULL; |
| 963 | goto out_revert_creds; |
| 964 | } |
| 965 | } |
| 966 | |
| 967 | if (overwrite) { |
| 968 | if (ovl_lower_positive(old)) { |
| 969 | if (!ovl_dentry_is_whiteout(new)) { |
| 970 | /* Whiteout source */ |
| 971 | flags |= RENAME_WHITEOUT; |
| 972 | } else { |
| 973 | /* Switch whiteouts */ |
| 974 | flags |= RENAME_EXCHANGE; |
| 975 | } |
| 976 | } else if (is_dir && ovl_dentry_is_whiteout(new)) { |
| 977 | flags |= RENAME_EXCHANGE; |
| 978 | cleanup_whiteout = true; |
| 979 | } |
| 980 | } |
| 981 | |
| 982 | old_upperdir = ovl_dentry_upper(old->d_parent); |
| 983 | new_upperdir = ovl_dentry_upper(new->d_parent); |
| 984 | |
| 985 | if (!samedir) { |
| 986 | /* |
| 987 | * When moving a merge dir or non-dir with copy up origin into |
| 988 | * a new parent, we are marking the new parent dir "impure". |
| 989 | * When ovl_iterate() iterates an "impure" upper dir, it will |
| 990 | * lookup the origin inodes of the entries to fill d_ino. |
| 991 | */ |
| 992 | if (ovl_type_origin(old)) { |
| 993 | err = ovl_set_impure(new->d_parent, new_upperdir); |
| 994 | if (err) |
| 995 | goto out_revert_creds; |
| 996 | } |
| 997 | if (!overwrite && ovl_type_origin(new)) { |
| 998 | err = ovl_set_impure(old->d_parent, old_upperdir); |
| 999 | if (err) |
| 1000 | goto out_revert_creds; |
| 1001 | } |
| 1002 | } |
| 1003 | |
| 1004 | trap = lock_rename(new_upperdir, old_upperdir); |
| 1005 | |
| 1006 | olddentry = lookup_one_len(old->d_name.name, old_upperdir, |
| 1007 | old->d_name.len); |
| 1008 | err = PTR_ERR(olddentry); |
| 1009 | if (IS_ERR(olddentry)) |
| 1010 | goto out_unlock; |
| 1011 | |
| 1012 | err = -ESTALE; |
| 1013 | if (!ovl_matches_upper(old, olddentry)) |
| 1014 | goto out_dput_old; |
| 1015 | |
| 1016 | newdentry = lookup_one_len(new->d_name.name, new_upperdir, |
| 1017 | new->d_name.len); |
| 1018 | err = PTR_ERR(newdentry); |
| 1019 | if (IS_ERR(newdentry)) |
| 1020 | goto out_dput_old; |
| 1021 | |
| 1022 | old_opaque = ovl_dentry_is_opaque(old); |
| 1023 | new_opaque = ovl_dentry_is_opaque(new); |
| 1024 | |
| 1025 | err = -ESTALE; |
| 1026 | if (d_inode(new) && ovl_dentry_upper(new)) { |
| 1027 | if (opaquedir) { |
| 1028 | if (newdentry != opaquedir) |
| 1029 | goto out_dput; |
| 1030 | } else { |
| 1031 | if (!ovl_matches_upper(new, newdentry)) |
| 1032 | goto out_dput; |
| 1033 | } |
| 1034 | } else { |
| 1035 | if (!d_is_negative(newdentry) && |
| 1036 | (!new_opaque || !ovl_is_whiteout(newdentry))) |
| 1037 | goto out_dput; |
| 1038 | } |
| 1039 | |
| 1040 | if (olddentry == trap) |
| 1041 | goto out_dput; |
| 1042 | if (newdentry == trap) |
| 1043 | goto out_dput; |
| 1044 | |
| 1045 | if (olddentry->d_inode == newdentry->d_inode) |
| 1046 | goto out_dput; |
| 1047 | |
| 1048 | err = 0; |
| 1049 | if (is_dir) { |
| 1050 | if (ovl_type_merge_or_lower(old)) |
| 1051 | err = ovl_set_redirect(old, samedir); |
| 1052 | else if (!old_opaque && ovl_type_merge(new->d_parent)) |
| 1053 | err = ovl_set_opaque_xerr(old, olddentry, -EXDEV); |
| 1054 | if (err) |
| 1055 | goto out_dput; |
| 1056 | } |
| 1057 | if (!overwrite && new_is_dir) { |
| 1058 | if (ovl_type_merge_or_lower(new)) |
| 1059 | err = ovl_set_redirect(new, samedir); |
| 1060 | else if (!new_opaque && ovl_type_merge(old->d_parent)) |
| 1061 | err = ovl_set_opaque_xerr(new, newdentry, -EXDEV); |
| 1062 | if (err) |
| 1063 | goto out_dput; |
| 1064 | } |
| 1065 | |
| 1066 | err = ovl_do_rename(old_upperdir->d_inode, olddentry, |
| 1067 | new_upperdir->d_inode, newdentry, flags); |
| 1068 | if (err) |
| 1069 | goto out_dput; |
| 1070 | |
| 1071 | if (cleanup_whiteout) |
| 1072 | ovl_cleanup(old_upperdir->d_inode, newdentry); |
| 1073 | |
| 1074 | if (overwrite && d_inode(new)) { |
| 1075 | if (new_is_dir) |
| 1076 | clear_nlink(d_inode(new)); |
| 1077 | else |
| 1078 | drop_nlink(d_inode(new)); |
| 1079 | } |
| 1080 | |
| 1081 | ovl_dentry_version_inc(old->d_parent, |
| 1082 | !overwrite && ovl_type_origin(new)); |
| 1083 | ovl_dentry_version_inc(new->d_parent, ovl_type_origin(old)); |
| 1084 | |
| 1085 | out_dput: |
| 1086 | dput(newdentry); |
| 1087 | out_dput_old: |
| 1088 | dput(olddentry); |
| 1089 | out_unlock: |
| 1090 | unlock_rename(new_upperdir, old_upperdir); |
| 1091 | out_revert_creds: |
| 1092 | revert_creds(old_cred); |
| 1093 | ovl_nlink_end(new, locked); |
| 1094 | out_drop_write: |
| 1095 | ovl_drop_write(old); |
| 1096 | out: |
| 1097 | dput(opaquedir); |
| 1098 | return err; |
| 1099 | } |
| 1100 | |
| 1101 | const struct inode_operations ovl_dir_inode_operations = { |
| 1102 | .lookup = ovl_lookup, |
| 1103 | .mkdir = ovl_mkdir, |
| 1104 | .symlink = ovl_symlink, |
| 1105 | .unlink = ovl_unlink, |
| 1106 | .rmdir = ovl_rmdir, |
| 1107 | .rename = ovl_rename, |
| 1108 | .link = ovl_link, |
| 1109 | .setattr = ovl_setattr, |
| 1110 | .create = ovl_create, |
| 1111 | .mknod = ovl_mknod, |
| 1112 | .permission = ovl_permission, |
| 1113 | .getattr = ovl_getattr, |
| 1114 | .listxattr = ovl_listxattr, |
| 1115 | .get_acl = ovl_get_acl, |
| 1116 | .update_time = ovl_update_time, |
| 1117 | }; |