1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * 4 * Copyright (C) 2011 Novell Inc. 5 */ 6 7 #include <linux/module.h> 8 #include <linux/fs.h> 9 #include <linux/slab.h> 10 #include <linux/file.h> 11 #include <linux/splice.h> 12 #include <linux/xattr.h> 13 #include <linux/security.h> 14 #include <linux/uaccess.h> 15 #include <linux/sched/signal.h> 16 #include <linux/cred.h> 17 #include <linux/namei.h> 18 #include <linux/fdtable.h> 19 #include <linux/ratelimit.h> 20 #include <linux/exportfs.h> 21 #include "overlayfs.h" 22 23 #define OVL_COPY_UP_CHUNK_SIZE (1 << 20) 24 25 static int ovl_ccup_set(const char *buf, const struct kernel_param *param) 26 { 27 pr_warn("\"check_copy_up\" module option is obsolete\n"); 28 return 0; 29 } 30 31 static int ovl_ccup_get(char *buf, const struct kernel_param *param) 32 { 33 return sprintf(buf, "N\n"); 34 } 35 36 module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644); 37 MODULE_PARM_DESC(check_copy_up, "Obsolete; does nothing"); 38 39 int ovl_copy_xattr(struct dentry *old, struct dentry *new) 40 { 41 ssize_t list_size, size, value_size = 0; 42 char *buf, *name, *value = NULL; 43 int uninitialized_var(error); 44 size_t slen; 45 46 if (!(old->d_inode->i_opflags & IOP_XATTR) || 47 !(new->d_inode->i_opflags & IOP_XATTR)) 48 return 0; 49 50 list_size = vfs_listxattr(old, NULL, 0); 51 if (list_size <= 0) { 52 if (list_size == -EOPNOTSUPP) 53 return 0; 54 return list_size; 55 } 56 57 buf = kzalloc(list_size, GFP_KERNEL); 58 if (!buf) 59 return -ENOMEM; 60 61 list_size = vfs_listxattr(old, buf, list_size); 62 if (list_size <= 0) { 63 error = list_size; 64 goto out; 65 } 66 67 for (name = buf; list_size; name += slen) { 68 slen = strnlen(name, list_size) + 1; 69 70 /* underlying fs providing us with an broken xattr list? */ 71 if (WARN_ON(slen > list_size)) { 72 error = -EIO; 73 break; 74 } 75 list_size -= slen; 76 77 if (ovl_is_private_xattr(name)) 78 continue; 79 retry: 80 size = vfs_getxattr(old, name, value, value_size); 81 if (size == -ERANGE) 82 size = vfs_getxattr(old, name, NULL, 0); 83 84 if (size < 0) { 85 error = size; 86 break; 87 } 88 89 if (size > value_size) { 90 void *new; 91 92 new = krealloc(value, size, GFP_KERNEL); 93 if (!new) { 94 error = -ENOMEM; 95 break; 96 } 97 value = new; 98 value_size = size; 99 goto retry; 100 } 101 102 error = security_inode_copy_up_xattr(name); 103 if (error < 0 && error != -EOPNOTSUPP) 104 break; 105 if (error == 1) { 106 error = 0; 107 continue; /* Discard */ 108 } 109 error = vfs_setxattr(new, name, value, size, 0); 110 if (error) 111 break; 112 } 113 kfree(value); 114 out: 115 kfree(buf); 116 return error; 117 } 118 119 static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len) 120 { 121 struct file *old_file; 122 struct file *new_file; 123 loff_t old_pos = 0; 124 loff_t new_pos = 0; 125 loff_t cloned; 126 loff_t data_pos = -1; 127 loff_t hole_len; 128 bool skip_hole = false; 129 int error = 0; 130 131 if (len == 0) 132 return 0; 133 134 old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY); 135 if (IS_ERR(old_file)) 136 return PTR_ERR(old_file); 137 138 new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY); 139 if (IS_ERR(new_file)) { 140 error = PTR_ERR(new_file); 141 goto out_fput; 142 } 143 144 /* Try to use clone_file_range to clone up within the same fs */ 145 cloned = do_clone_file_range(old_file, 0, new_file, 0, len, 0); 146 if (cloned == len) 147 goto out; 148 /* Couldn't clone, so now we try to copy the data */ 149 150 /* Check if lower fs supports seek operation */ 151 if (old_file->f_mode & FMODE_LSEEK && 152 old_file->f_op->llseek) 153 skip_hole = true; 154 155 while (len) { 156 size_t this_len = OVL_COPY_UP_CHUNK_SIZE; 157 long bytes; 158 159 if (len < this_len) 160 this_len = len; 161 162 if (signal_pending_state(TASK_KILLABLE, current)) { 163 error = -EINTR; 164 break; 165 } 166 167 /* 168 * Fill zero for hole will cost unnecessary disk space 169 * and meanwhile slow down the copy-up speed, so we do 170 * an optimization for hole during copy-up, it relies 171 * on SEEK_DATA implementation in lower fs so if lower 172 * fs does not support it, copy-up will behave as before. 173 * 174 * Detail logic of hole detection as below: 175 * When we detect next data position is larger than current 176 * position we will skip that hole, otherwise we copy 177 * data in the size of OVL_COPY_UP_CHUNK_SIZE. Actually, 178 * it may not recognize all kind of holes and sometimes 179 * only skips partial of hole area. However, it will be 180 * enough for most of the use cases. 181 */ 182 183 if (skip_hole && data_pos < old_pos) { 184 data_pos = vfs_llseek(old_file, old_pos, SEEK_DATA); 185 if (data_pos > old_pos) { 186 hole_len = data_pos - old_pos; 187 len -= hole_len; 188 old_pos = new_pos = data_pos; 189 continue; 190 } else if (data_pos == -ENXIO) { 191 break; 192 } else if (data_pos < 0) { 193 skip_hole = false; 194 } 195 } 196 197 bytes = do_splice_direct(old_file, &old_pos, 198 new_file, &new_pos, 199 this_len, SPLICE_F_MOVE); 200 if (bytes <= 0) { 201 error = bytes; 202 break; 203 } 204 WARN_ON(old_pos != new_pos); 205 206 len -= bytes; 207 } 208 out: 209 if (!error) 210 error = vfs_fsync(new_file, 0); 211 fput(new_file); 212 out_fput: 213 fput(old_file); 214 return error; 215 } 216 217 static int ovl_set_size(struct dentry *upperdentry, struct kstat *stat) 218 { 219 struct iattr attr = { 220 .ia_valid = ATTR_SIZE, 221 .ia_size = stat->size, 222 }; 223 224 return notify_change(upperdentry, &attr, NULL); 225 } 226 227 static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat) 228 { 229 struct iattr attr = { 230 .ia_valid = 231 ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET, 232 .ia_atime = stat->atime, 233 .ia_mtime = stat->mtime, 234 }; 235 236 return notify_change(upperdentry, &attr, NULL); 237 } 238 239 int ovl_set_attr(struct dentry *upperdentry, struct kstat *stat) 240 { 241 int err = 0; 242 243 if (!S_ISLNK(stat->mode)) { 244 struct iattr attr = { 245 .ia_valid = ATTR_MODE, 246 .ia_mode = stat->mode, 247 }; 248 err = notify_change(upperdentry, &attr, NULL); 249 } 250 if (!err) { 251 struct iattr attr = { 252 .ia_valid = ATTR_UID | ATTR_GID, 253 .ia_uid = stat->uid, 254 .ia_gid = stat->gid, 255 }; 256 err = notify_change(upperdentry, &attr, NULL); 257 } 258 if (!err) 259 ovl_set_timestamps(upperdentry, stat); 260 261 return err; 262 } 263 264 struct ovl_fh *ovl_encode_real_fh(struct dentry *real, bool is_upper) 265 { 266 struct ovl_fh *fh; 267 int fh_type, dwords; 268 int buflen = MAX_HANDLE_SZ; 269 uuid_t *uuid = &real->d_sb->s_uuid; 270 int err; 271 272 /* Make sure the real fid stays 32bit aligned */ 273 BUILD_BUG_ON(OVL_FH_FID_OFFSET % 4); 274 BUILD_BUG_ON(MAX_HANDLE_SZ + OVL_FH_FID_OFFSET > 255); 275 276 fh = kzalloc(buflen + OVL_FH_FID_OFFSET, GFP_KERNEL); 277 if (!fh) 278 return ERR_PTR(-ENOMEM); 279 280 /* 281 * We encode a non-connectable file handle for non-dir, because we 282 * only need to find the lower inode number and we don't want to pay 283 * the price or reconnecting the dentry. 284 */ 285 dwords = buflen >> 2; 286 fh_type = exportfs_encode_fh(real, (void *)fh->fb.fid, &dwords, 0); 287 buflen = (dwords << 2); 288 289 err = -EIO; 290 if (WARN_ON(fh_type < 0) || 291 WARN_ON(buflen > MAX_HANDLE_SZ) || 292 WARN_ON(fh_type == FILEID_INVALID)) 293 goto out_err; 294 295 fh->fb.version = OVL_FH_VERSION; 296 fh->fb.magic = OVL_FH_MAGIC; 297 fh->fb.type = fh_type; 298 fh->fb.flags = OVL_FH_FLAG_CPU_ENDIAN; 299 /* 300 * When we will want to decode an overlay dentry from this handle 301 * and all layers are on the same fs, if we get a disconncted real 302 * dentry when we decode fid, the only way to tell if we should assign 303 * it to upperdentry or to lowerstack is by checking this flag. 304 */ 305 if (is_upper) 306 fh->fb.flags |= OVL_FH_FLAG_PATH_UPPER; 307 fh->fb.len = sizeof(fh->fb) + buflen; 308 fh->fb.uuid = *uuid; 309 310 return fh; 311 312 out_err: 313 kfree(fh); 314 return ERR_PTR(err); 315 } 316 317 int ovl_set_origin(struct dentry *dentry, struct dentry *lower, 318 struct dentry *upper) 319 { 320 const struct ovl_fh *fh = NULL; 321 int err; 322 323 /* 324 * When lower layer doesn't support export operations store a 'null' fh, 325 * so we can use the overlay.origin xattr to distignuish between a copy 326 * up and a pure upper inode. 327 */ 328 if (ovl_can_decode_fh(lower->d_sb)) { 329 fh = ovl_encode_real_fh(lower, false); 330 if (IS_ERR(fh)) 331 return PTR_ERR(fh); 332 } 333 334 /* 335 * Do not fail when upper doesn't support xattrs. 336 */ 337 err = ovl_check_setxattr(dentry, upper, OVL_XATTR_ORIGIN, fh->buf, 338 fh ? fh->fb.len : 0, 0); 339 kfree(fh); 340 341 return err; 342 } 343 344 /* Store file handle of @upper dir in @index dir entry */ 345 static int ovl_set_upper_fh(struct dentry *upper, struct dentry *index) 346 { 347 const struct ovl_fh *fh; 348 int err; 349 350 fh = ovl_encode_real_fh(upper, true); 351 if (IS_ERR(fh)) 352 return PTR_ERR(fh); 353 354 err = ovl_do_setxattr(index, OVL_XATTR_UPPER, fh->buf, fh->fb.len, 0); 355 356 kfree(fh); 357 return err; 358 } 359 360 /* 361 * Create and install index entry. 362 * 363 * Caller must hold i_mutex on indexdir. 364 */ 365 static int ovl_create_index(struct dentry *dentry, struct dentry *origin, 366 struct dentry *upper) 367 { 368 struct dentry *indexdir = ovl_indexdir(dentry->d_sb); 369 struct inode *dir = d_inode(indexdir); 370 struct dentry *index = NULL; 371 struct dentry *temp = NULL; 372 struct qstr name = { }; 373 int err; 374 375 /* 376 * For now this is only used for creating index entry for directories, 377 * because non-dir are copied up directly to index and then hardlinked 378 * to upper dir. 379 * 380 * TODO: implement create index for non-dir, so we can call it when 381 * encoding file handle for non-dir in case index does not exist. 382 */ 383 if (WARN_ON(!d_is_dir(dentry))) 384 return -EIO; 385 386 /* Directory not expected to be indexed before copy up */ 387 if (WARN_ON(ovl_test_flag(OVL_INDEX, d_inode(dentry)))) 388 return -EIO; 389 390 err = ovl_get_index_name(origin, &name); 391 if (err) 392 return err; 393 394 temp = ovl_create_temp(indexdir, OVL_CATTR(S_IFDIR | 0)); 395 err = PTR_ERR(temp); 396 if (IS_ERR(temp)) 397 goto free_name; 398 399 err = ovl_set_upper_fh(upper, temp); 400 if (err) 401 goto out; 402 403 index = lookup_one_len(name.name, indexdir, name.len); 404 if (IS_ERR(index)) { 405 err = PTR_ERR(index); 406 } else { 407 err = ovl_do_rename(dir, temp, dir, index, 0); 408 dput(index); 409 } 410 out: 411 if (err) 412 ovl_cleanup(dir, temp); 413 dput(temp); 414 free_name: 415 kfree(name.name); 416 return err; 417 } 418 419 struct ovl_copy_up_ctx { 420 struct dentry *parent; 421 struct dentry *dentry; 422 struct path lowerpath; 423 struct kstat stat; 424 struct kstat pstat; 425 const char *link; 426 struct dentry *destdir; 427 struct qstr destname; 428 struct dentry *workdir; 429 bool origin; 430 bool indexed; 431 bool metacopy; 432 }; 433 434 static int ovl_link_up(struct ovl_copy_up_ctx *c) 435 { 436 int err; 437 struct dentry *upper; 438 struct dentry *upperdir = ovl_dentry_upper(c->parent); 439 struct inode *udir = d_inode(upperdir); 440 441 /* Mark parent "impure" because it may now contain non-pure upper */ 442 err = ovl_set_impure(c->parent, upperdir); 443 if (err) 444 return err; 445 446 err = ovl_set_nlink_lower(c->dentry); 447 if (err) 448 return err; 449 450 inode_lock_nested(udir, I_MUTEX_PARENT); 451 upper = lookup_one_len(c->dentry->d_name.name, upperdir, 452 c->dentry->d_name.len); 453 err = PTR_ERR(upper); 454 if (!IS_ERR(upper)) { 455 err = ovl_do_link(ovl_dentry_upper(c->dentry), udir, upper); 456 dput(upper); 457 458 if (!err) { 459 /* Restore timestamps on parent (best effort) */ 460 ovl_set_timestamps(upperdir, &c->pstat); 461 ovl_dentry_set_upper_alias(c->dentry); 462 } 463 } 464 inode_unlock(udir); 465 if (err) 466 return err; 467 468 err = ovl_set_nlink_upper(c->dentry); 469 470 return err; 471 } 472 473 static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp) 474 { 475 int err; 476 477 /* 478 * Copy up data first and then xattrs. Writing data after 479 * xattrs will remove security.capability xattr automatically. 480 */ 481 if (S_ISREG(c->stat.mode) && !c->metacopy) { 482 struct path upperpath, datapath; 483 484 ovl_path_upper(c->dentry, &upperpath); 485 if (WARN_ON(upperpath.dentry != NULL)) 486 return -EIO; 487 upperpath.dentry = temp; 488 489 ovl_path_lowerdata(c->dentry, &datapath); 490 err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size); 491 if (err) 492 return err; 493 } 494 495 err = ovl_copy_xattr(c->lowerpath.dentry, temp); 496 if (err) 497 return err; 498 499 /* 500 * Store identifier of lower inode in upper inode xattr to 501 * allow lookup of the copy up origin inode. 502 * 503 * Don't set origin when we are breaking the association with a lower 504 * hard link. 505 */ 506 if (c->origin) { 507 err = ovl_set_origin(c->dentry, c->lowerpath.dentry, temp); 508 if (err) 509 return err; 510 } 511 512 if (c->metacopy) { 513 err = ovl_check_setxattr(c->dentry, temp, OVL_XATTR_METACOPY, 514 NULL, 0, -EOPNOTSUPP); 515 if (err) 516 return err; 517 } 518 519 inode_lock(temp->d_inode); 520 if (S_ISREG(c->stat.mode)) 521 err = ovl_set_size(temp, &c->stat); 522 if (!err) 523 err = ovl_set_attr(temp, &c->stat); 524 inode_unlock(temp->d_inode); 525 526 return err; 527 } 528 529 struct ovl_cu_creds { 530 const struct cred *old; 531 struct cred *new; 532 }; 533 534 static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) 535 { 536 int err; 537 538 cc->old = cc->new = NULL; 539 err = security_inode_copy_up(dentry, &cc->new); 540 if (err < 0) 541 return err; 542 543 if (cc->new) 544 cc->old = override_creds(cc->new); 545 546 return 0; 547 } 548 549 static void ovl_revert_cu_creds(struct ovl_cu_creds *cc) 550 { 551 if (cc->new) { 552 revert_creds(cc->old); 553 put_cred(cc->new); 554 } 555 } 556 557 /* 558 * Copyup using workdir to prepare temp file. Used when copying up directories, 559 * special files or when upper fs doesn't support O_TMPFILE. 560 */ 561 static int ovl_copy_up_workdir(struct ovl_copy_up_ctx *c) 562 { 563 struct inode *inode; 564 struct inode *udir = d_inode(c->destdir), *wdir = d_inode(c->workdir); 565 struct dentry *temp, *upper; 566 struct ovl_cu_creds cc; 567 int err; 568 struct ovl_cattr cattr = { 569 /* Can't properly set mode on creation because of the umask */ 570 .mode = c->stat.mode & S_IFMT, 571 .rdev = c->stat.rdev, 572 .link = c->link 573 }; 574 575 err = ovl_lock_rename_workdir(c->workdir, c->destdir); 576 if (err) 577 return err; 578 579 err = ovl_prep_cu_creds(c->dentry, &cc); 580 if (err) 581 goto unlock; 582 583 temp = ovl_create_temp(c->workdir, &cattr); 584 ovl_revert_cu_creds(&cc); 585 586 err = PTR_ERR(temp); 587 if (IS_ERR(temp)) 588 goto unlock; 589 590 err = ovl_copy_up_inode(c, temp); 591 if (err) 592 goto cleanup; 593 594 if (S_ISDIR(c->stat.mode) && c->indexed) { 595 err = ovl_create_index(c->dentry, c->lowerpath.dentry, temp); 596 if (err) 597 goto cleanup; 598 } 599 600 upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len); 601 err = PTR_ERR(upper); 602 if (IS_ERR(upper)) 603 goto cleanup; 604 605 err = ovl_do_rename(wdir, temp, udir, upper, 0); 606 dput(upper); 607 if (err) 608 goto cleanup; 609 610 if (!c->metacopy) 611 ovl_set_upperdata(d_inode(c->dentry)); 612 inode = d_inode(c->dentry); 613 ovl_inode_update(inode, temp); 614 if (S_ISDIR(inode->i_mode)) 615 ovl_set_flag(OVL_WHITEOUTS, inode); 616 unlock: 617 unlock_rename(c->workdir, c->destdir); 618 619 return err; 620 621 cleanup: 622 ovl_cleanup(wdir, temp); 623 dput(temp); 624 goto unlock; 625 } 626 627 /* Copyup using O_TMPFILE which does not require cross dir locking */ 628 static int ovl_copy_up_tmpfile(struct ovl_copy_up_ctx *c) 629 { 630 struct inode *udir = d_inode(c->destdir); 631 struct dentry *temp, *upper; 632 struct ovl_cu_creds cc; 633 int err; 634 635 err = ovl_prep_cu_creds(c->dentry, &cc); 636 if (err) 637 return err; 638 639 temp = ovl_do_tmpfile(c->workdir, c->stat.mode); 640 ovl_revert_cu_creds(&cc); 641 642 if (IS_ERR(temp)) 643 return PTR_ERR(temp); 644 645 err = ovl_copy_up_inode(c, temp); 646 if (err) 647 goto out_dput; 648 649 inode_lock_nested(udir, I_MUTEX_PARENT); 650 651 upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len); 652 err = PTR_ERR(upper); 653 if (!IS_ERR(upper)) { 654 err = ovl_do_link(temp, udir, upper); 655 dput(upper); 656 } 657 inode_unlock(udir); 658 659 if (err) 660 goto out_dput; 661 662 if (!c->metacopy) 663 ovl_set_upperdata(d_inode(c->dentry)); 664 ovl_inode_update(d_inode(c->dentry), temp); 665 666 return 0; 667 668 out_dput: 669 dput(temp); 670 return err; 671 } 672 673 /* 674 * Copy up a single dentry 675 * 676 * All renames start with copy up of source if necessary. The actual 677 * rename will only proceed once the copy up was successful. Copy up uses 678 * upper parent i_mutex for exclusion. Since rename can change d_parent it 679 * is possible that the copy up will lock the old parent. At that point 680 * the file will have already been copied up anyway. 681 */ 682 static int ovl_do_copy_up(struct ovl_copy_up_ctx *c) 683 { 684 int err; 685 struct ovl_fs *ofs = c->dentry->d_sb->s_fs_info; 686 bool to_index = false; 687 688 /* 689 * Indexed non-dir is copied up directly to the index entry and then 690 * hardlinked to upper dir. Indexed dir is copied up to indexdir, 691 * then index entry is created and then copied up dir installed. 692 * Copying dir up to indexdir instead of workdir simplifies locking. 693 */ 694 if (ovl_need_index(c->dentry)) { 695 c->indexed = true; 696 if (S_ISDIR(c->stat.mode)) 697 c->workdir = ovl_indexdir(c->dentry->d_sb); 698 else 699 to_index = true; 700 } 701 702 if (S_ISDIR(c->stat.mode) || c->stat.nlink == 1 || to_index) 703 c->origin = true; 704 705 if (to_index) { 706 c->destdir = ovl_indexdir(c->dentry->d_sb); 707 err = ovl_get_index_name(c->lowerpath.dentry, &c->destname); 708 if (err) 709 return err; 710 } else if (WARN_ON(!c->parent)) { 711 /* Disconnected dentry must be copied up to index dir */ 712 return -EIO; 713 } else { 714 /* 715 * Mark parent "impure" because it may now contain non-pure 716 * upper 717 */ 718 err = ovl_set_impure(c->parent, c->destdir); 719 if (err) 720 return err; 721 } 722 723 /* Should we copyup with O_TMPFILE or with workdir? */ 724 if (S_ISREG(c->stat.mode) && ofs->tmpfile) 725 err = ovl_copy_up_tmpfile(c); 726 else 727 err = ovl_copy_up_workdir(c); 728 if (err) 729 goto out; 730 731 if (c->indexed) 732 ovl_set_flag(OVL_INDEX, d_inode(c->dentry)); 733 734 if (to_index) { 735 /* Initialize nlink for copy up of disconnected dentry */ 736 err = ovl_set_nlink_upper(c->dentry); 737 } else { 738 struct inode *udir = d_inode(c->destdir); 739 740 /* Restore timestamps on parent (best effort) */ 741 inode_lock(udir); 742 ovl_set_timestamps(c->destdir, &c->pstat); 743 inode_unlock(udir); 744 745 ovl_dentry_set_upper_alias(c->dentry); 746 } 747 748 out: 749 if (to_index) 750 kfree(c->destname.name); 751 return err; 752 } 753 754 static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode, 755 int flags) 756 { 757 struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 758 759 if (!ofs->config.metacopy) 760 return false; 761 762 if (!S_ISREG(mode)) 763 return false; 764 765 if (flags && ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC))) 766 return false; 767 768 return true; 769 } 770 771 /* Copy up data of an inode which was copied up metadata only in the past. */ 772 static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c) 773 { 774 struct path upperpath, datapath; 775 int err; 776 char *capability = NULL; 777 ssize_t uninitialized_var(cap_size); 778 779 ovl_path_upper(c->dentry, &upperpath); 780 if (WARN_ON(upperpath.dentry == NULL)) 781 return -EIO; 782 783 ovl_path_lowerdata(c->dentry, &datapath); 784 if (WARN_ON(datapath.dentry == NULL)) 785 return -EIO; 786 787 if (c->stat.size) { 788 err = cap_size = ovl_getxattr(upperpath.dentry, XATTR_NAME_CAPS, 789 &capability, 0); 790 if (err < 0 && err != -ENODATA) 791 goto out; 792 } 793 794 err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size); 795 if (err) 796 goto out_free; 797 798 /* 799 * Writing to upper file will clear security.capability xattr. We 800 * don't want that to happen for normal copy-up operation. 801 */ 802 if (capability) { 803 err = ovl_do_setxattr(upperpath.dentry, XATTR_NAME_CAPS, 804 capability, cap_size, 0); 805 if (err) 806 goto out_free; 807 } 808 809 810 err = vfs_removexattr(upperpath.dentry, OVL_XATTR_METACOPY); 811 if (err) 812 goto out_free; 813 814 ovl_set_upperdata(d_inode(c->dentry)); 815 out_free: 816 kfree(capability); 817 out: 818 return err; 819 } 820 821 static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, 822 int flags) 823 { 824 int err; 825 DEFINE_DELAYED_CALL(done); 826 struct path parentpath; 827 struct ovl_copy_up_ctx ctx = { 828 .parent = parent, 829 .dentry = dentry, 830 .workdir = ovl_workdir(dentry), 831 }; 832 833 if (WARN_ON(!ctx.workdir)) 834 return -EROFS; 835 836 ovl_path_lower(dentry, &ctx.lowerpath); 837 err = vfs_getattr(&ctx.lowerpath, &ctx.stat, 838 STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT); 839 if (err) 840 return err; 841 842 ctx.metacopy = ovl_need_meta_copy_up(dentry, ctx.stat.mode, flags); 843 844 if (parent) { 845 ovl_path_upper(parent, &parentpath); 846 ctx.destdir = parentpath.dentry; 847 ctx.destname = dentry->d_name; 848 849 err = vfs_getattr(&parentpath, &ctx.pstat, 850 STATX_ATIME | STATX_MTIME, 851 AT_STATX_SYNC_AS_STAT); 852 if (err) 853 return err; 854 } 855 856 /* maybe truncate regular file. this has no effect on dirs */ 857 if (flags & O_TRUNC) 858 ctx.stat.size = 0; 859 860 if (S_ISLNK(ctx.stat.mode)) { 861 ctx.link = vfs_get_link(ctx.lowerpath.dentry, &done); 862 if (IS_ERR(ctx.link)) 863 return PTR_ERR(ctx.link); 864 } 865 866 err = ovl_copy_up_start(dentry, flags); 867 /* err < 0: interrupted, err > 0: raced with another copy-up */ 868 if (unlikely(err)) { 869 if (err > 0) 870 err = 0; 871 } else { 872 if (!ovl_dentry_upper(dentry)) 873 err = ovl_do_copy_up(&ctx); 874 if (!err && parent && !ovl_dentry_has_upper_alias(dentry)) 875 err = ovl_link_up(&ctx); 876 if (!err && ovl_dentry_needs_data_copy_up_locked(dentry, flags)) 877 err = ovl_copy_up_meta_inode_data(&ctx); 878 ovl_copy_up_end(dentry); 879 } 880 do_delayed_call(&done); 881 882 return err; 883 } 884 885 int ovl_copy_up_flags(struct dentry *dentry, int flags) 886 { 887 int err = 0; 888 const struct cred *old_cred = ovl_override_creds(dentry->d_sb); 889 bool disconnected = (dentry->d_flags & DCACHE_DISCONNECTED); 890 891 /* 892 * With NFS export, copy up can get called for a disconnected non-dir. 893 * In this case, we will copy up lower inode to index dir without 894 * linking it to upper dir. 895 */ 896 if (WARN_ON(disconnected && d_is_dir(dentry))) 897 return -EIO; 898 899 while (!err) { 900 struct dentry *next; 901 struct dentry *parent = NULL; 902 903 if (ovl_already_copied_up(dentry, flags)) 904 break; 905 906 next = dget(dentry); 907 /* find the topmost dentry not yet copied up */ 908 for (; !disconnected;) { 909 parent = dget_parent(next); 910 911 if (ovl_dentry_upper(parent)) 912 break; 913 914 dput(next); 915 next = parent; 916 } 917 918 err = ovl_copy_up_one(parent, next, flags); 919 920 dput(parent); 921 dput(next); 922 } 923 revert_creds(old_cred); 924 925 return err; 926 } 927 928 static bool ovl_open_need_copy_up(struct dentry *dentry, int flags) 929 { 930 /* Copy up of disconnected dentry does not set upper alias */ 931 if (ovl_already_copied_up(dentry, flags)) 932 return false; 933 934 if (special_file(d_inode(dentry)->i_mode)) 935 return false; 936 937 if (!ovl_open_flags_need_copy_up(flags)) 938 return false; 939 940 return true; 941 } 942 943 int ovl_maybe_copy_up(struct dentry *dentry, int flags) 944 { 945 int err = 0; 946 947 if (ovl_open_need_copy_up(dentry, flags)) { 948 err = ovl_want_write(dentry); 949 if (!err) { 950 err = ovl_copy_up_flags(dentry, flags); 951 ovl_drop_write(dentry); 952 } 953 } 954 955 return err; 956 } 957 958 int ovl_copy_up_with_data(struct dentry *dentry) 959 { 960 return ovl_copy_up_flags(dentry, O_WRONLY); 961 } 962 963 int ovl_copy_up(struct dentry *dentry) 964 { 965 return ovl_copy_up_flags(dentry, 0); 966 } 967