1 /* 2 * 3 * Copyright (C) 2011 Novell Inc. 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 as published by 7 * the Free Software Foundation. 8 */ 9 10 #include <linux/fs.h> 11 #include <linux/namei.h> 12 #include <linux/xattr.h> 13 #include <linux/security.h> 14 #include <linux/cred.h> 15 #include <linux/module.h> 16 #include <linux/posix_acl.h> 17 #include <linux/posix_acl_xattr.h> 18 #include <linux/atomic.h> 19 #include <linux/ratelimit.h> 20 #include "overlayfs.h" 21 22 static unsigned short ovl_redirect_max = 256; 23 module_param_named(redirect_max, ovl_redirect_max, ushort, 0644); 24 MODULE_PARM_DESC(ovl_redirect_max, 25 "Maximum length of absolute redirect xattr value"); 26 27 static int ovl_set_redirect(struct dentry *dentry, bool samedir); 28 29 int ovl_cleanup(struct inode *wdir, struct dentry *wdentry) 30 { 31 int err; 32 33 dget(wdentry); 34 if (d_is_dir(wdentry)) 35 err = ovl_do_rmdir(wdir, wdentry); 36 else 37 err = ovl_do_unlink(wdir, wdentry); 38 dput(wdentry); 39 40 if (err) { 41 pr_err("overlayfs: cleanup of '%pd2' failed (%i)\n", 42 wdentry, err); 43 } 44 45 return err; 46 } 47 48 static struct dentry *ovl_lookup_temp(struct dentry *workdir) 49 { 50 struct dentry *temp; 51 char name[20]; 52 static atomic_t temp_id = ATOMIC_INIT(0); 53 54 /* counter is allowed to wrap, since temp dentries are ephemeral */ 55 snprintf(name, sizeof(name), "#%x", atomic_inc_return(&temp_id)); 56 57 temp = lookup_one_len(name, workdir, strlen(name)); 58 if (!IS_ERR(temp) && temp->d_inode) { 59 pr_err("overlayfs: workdir/%s already exists\n", name); 60 dput(temp); 61 temp = ERR_PTR(-EIO); 62 } 63 64 return temp; 65 } 66 67 /* caller holds i_mutex on workdir */ 68 static struct dentry *ovl_whiteout(struct dentry *workdir) 69 { 70 int err; 71 struct dentry *whiteout; 72 struct inode *wdir = workdir->d_inode; 73 74 whiteout = ovl_lookup_temp(workdir); 75 if (IS_ERR(whiteout)) 76 return whiteout; 77 78 err = ovl_do_whiteout(wdir, whiteout); 79 if (err) { 80 dput(whiteout); 81 whiteout = ERR_PTR(err); 82 } 83 84 return whiteout; 85 } 86 87 /* Caller must hold i_mutex on both workdir and dir */ 88 int ovl_cleanup_and_whiteout(struct dentry *workdir, struct inode *dir, 89 struct dentry *dentry) 90 { 91 struct inode *wdir = workdir->d_inode; 92 struct dentry *whiteout; 93 int err; 94 int flags = 0; 95 96 whiteout = ovl_whiteout(workdir); 97 err = PTR_ERR(whiteout); 98 if (IS_ERR(whiteout)) 99 return err; 100 101 if (d_is_dir(dentry)) 102 flags = RENAME_EXCHANGE; 103 104 err = ovl_do_rename(wdir, whiteout, dir, dentry, flags); 105 if (err) 106 goto kill_whiteout; 107 if (flags) 108 ovl_cleanup(wdir, dentry); 109 110 out: 111 dput(whiteout); 112 return err; 113 114 kill_whiteout: 115 ovl_cleanup(wdir, whiteout); 116 goto out; 117 } 118 119 static int ovl_mkdir_real(struct inode *dir, struct dentry **newdentry, 120 umode_t mode) 121 { 122 int err; 123 struct dentry *d, *dentry = *newdentry; 124 125 err = ovl_do_mkdir(dir, dentry, mode); 126 if (err) 127 return err; 128 129 if (likely(!d_unhashed(dentry))) 130 return 0; 131 132 /* 133 * vfs_mkdir() may succeed and leave the dentry passed 134 * to it unhashed and negative. If that happens, try to 135 * lookup a new hashed and positive dentry. 136 */ 137 d = lookup_one_len(dentry->d_name.name, dentry->d_parent, 138 dentry->d_name.len); 139 if (IS_ERR(d)) { 140 pr_warn("overlayfs: failed lookup after mkdir (%pd2, err=%i).\n", 141 dentry, err); 142 return PTR_ERR(d); 143 } 144 dput(dentry); 145 *newdentry = d; 146 147 return 0; 148 } 149 150 struct dentry *ovl_create_real(struct inode *dir, struct dentry *newdentry, 151 struct ovl_cattr *attr) 152 { 153 int err; 154 155 if (IS_ERR(newdentry)) 156 return newdentry; 157 158 err = -ESTALE; 159 if (newdentry->d_inode) 160 goto out; 161 162 if (attr->hardlink) { 163 err = ovl_do_link(attr->hardlink, dir, newdentry); 164 } else { 165 switch (attr->mode & S_IFMT) { 166 case S_IFREG: 167 err = ovl_do_create(dir, newdentry, attr->mode); 168 break; 169 170 case S_IFDIR: 171 /* mkdir is special... */ 172 err = ovl_mkdir_real(dir, &newdentry, attr->mode); 173 break; 174 175 case S_IFCHR: 176 case S_IFBLK: 177 case S_IFIFO: 178 case S_IFSOCK: 179 err = ovl_do_mknod(dir, newdentry, attr->mode, 180 attr->rdev); 181 break; 182 183 case S_IFLNK: 184 err = ovl_do_symlink(dir, newdentry, attr->link); 185 break; 186 187 default: 188 err = -EPERM; 189 } 190 } 191 if (!err && WARN_ON(!newdentry->d_inode)) { 192 /* 193 * Not quite sure if non-instantiated dentry is legal or not. 194 * VFS doesn't seem to care so check and warn here. 195 */ 196 err = -EIO; 197 } 198 out: 199 if (err) { 200 dput(newdentry); 201 return ERR_PTR(err); 202 } 203 return newdentry; 204 } 205 206 struct dentry *ovl_create_temp(struct dentry *workdir, struct ovl_cattr *attr) 207 { 208 return ovl_create_real(d_inode(workdir), ovl_lookup_temp(workdir), 209 attr); 210 } 211 212 static int ovl_set_opaque_xerr(struct dentry *dentry, struct dentry *upper, 213 int xerr) 214 { 215 int err; 216 217 err = ovl_check_setxattr(dentry, upper, OVL_XATTR_OPAQUE, "y", 1, xerr); 218 if (!err) 219 ovl_dentry_set_opaque(dentry); 220 221 return err; 222 } 223 224 static int ovl_set_opaque(struct dentry *dentry, struct dentry *upperdentry) 225 { 226 /* 227 * Fail with -EIO when trying to create opaque dir and upper doesn't 228 * support xattrs. ovl_rename() calls ovl_set_opaque_xerr(-EXDEV) to 229 * return a specific error for noxattr case. 230 */ 231 return ovl_set_opaque_xerr(dentry, upperdentry, -EIO); 232 } 233 234 /* 235 * Common operations required to be done after creation of file on upper. 236 * If @hardlink is false, then @inode is a pre-allocated inode, we may or 237 * may not use to instantiate the new dentry. 238 */ 239 static int ovl_instantiate(struct dentry *dentry, struct inode *inode, 240 struct dentry *newdentry, bool hardlink) 241 { 242 struct ovl_inode_params oip = { 243 .upperdentry = newdentry, 244 .newinode = inode, 245 }; 246 247 ovl_dir_modified(dentry->d_parent, false); 248 ovl_dentry_set_upper_alias(dentry); 249 if (!hardlink) { 250 /* 251 * ovl_obtain_alias() can be called after ovl_create_real() 252 * and before we get here, so we may get an inode from cache 253 * with the same real upperdentry that is not the inode we 254 * pre-allocated. In this case we will use the cached inode 255 * to instantiate the new dentry. 256 * 257 * XXX: if we ever use ovl_obtain_alias() to decode directory 258 * file handles, need to use ovl_get_inode_locked() and 259 * d_instantiate_new() here to prevent from creating two 260 * hashed directory inode aliases. 261 */ 262 inode = ovl_get_inode(dentry->d_sb, &oip); 263 if (WARN_ON(IS_ERR(inode))) 264 return PTR_ERR(inode); 265 } else { 266 WARN_ON(ovl_inode_real(inode) != d_inode(newdentry)); 267 dput(newdentry); 268 inc_nlink(inode); 269 } 270 271 d_instantiate(dentry, inode); 272 if (inode != oip.newinode) { 273 pr_warn_ratelimited("overlayfs: newly created inode found in cache (%pd2)\n", 274 dentry); 275 } 276 277 /* Force lookup of new upper hardlink to find its lower */ 278 if (hardlink) 279 d_drop(dentry); 280 281 return 0; 282 } 283 284 static bool ovl_type_merge(struct dentry *dentry) 285 { 286 return OVL_TYPE_MERGE(ovl_path_type(dentry)); 287 } 288 289 static bool ovl_type_origin(struct dentry *dentry) 290 { 291 return OVL_TYPE_ORIGIN(ovl_path_type(dentry)); 292 } 293 294 static int ovl_create_upper(struct dentry *dentry, struct inode *inode, 295 struct ovl_cattr *attr) 296 { 297 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); 298 struct inode *udir = upperdir->d_inode; 299 struct dentry *newdentry; 300 int err; 301 302 if (!attr->hardlink && !IS_POSIXACL(udir)) 303 attr->mode &= ~current_umask(); 304 305 inode_lock_nested(udir, I_MUTEX_PARENT); 306 newdentry = ovl_create_real(udir, 307 lookup_one_len(dentry->d_name.name, 308 upperdir, 309 dentry->d_name.len), 310 attr); 311 err = PTR_ERR(newdentry); 312 if (IS_ERR(newdentry)) 313 goto out_unlock; 314 315 if (ovl_type_merge(dentry->d_parent) && d_is_dir(newdentry)) { 316 /* Setting opaque here is just an optimization, allow to fail */ 317 ovl_set_opaque(dentry, newdentry); 318 } 319 320 err = ovl_instantiate(dentry, inode, newdentry, !!attr->hardlink); 321 if (err) 322 goto out_cleanup; 323 out_unlock: 324 inode_unlock(udir); 325 return err; 326 327 out_cleanup: 328 ovl_cleanup(udir, newdentry); 329 dput(newdentry); 330 goto out_unlock; 331 } 332 333 static struct dentry *ovl_clear_empty(struct dentry *dentry, 334 struct list_head *list) 335 { 336 struct dentry *workdir = ovl_workdir(dentry); 337 struct inode *wdir = workdir->d_inode; 338 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); 339 struct inode *udir = upperdir->d_inode; 340 struct path upperpath; 341 struct dentry *upper; 342 struct dentry *opaquedir; 343 struct kstat stat; 344 int err; 345 346 if (WARN_ON(!workdir)) 347 return ERR_PTR(-EROFS); 348 349 err = ovl_lock_rename_workdir(workdir, upperdir); 350 if (err) 351 goto out; 352 353 ovl_path_upper(dentry, &upperpath); 354 err = vfs_getattr(&upperpath, &stat, 355 STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT); 356 if (err) 357 goto out_unlock; 358 359 err = -ESTALE; 360 if (!S_ISDIR(stat.mode)) 361 goto out_unlock; 362 upper = upperpath.dentry; 363 if (upper->d_parent->d_inode != udir) 364 goto out_unlock; 365 366 opaquedir = ovl_create_temp(workdir, OVL_CATTR(stat.mode)); 367 err = PTR_ERR(opaquedir); 368 if (IS_ERR(opaquedir)) 369 goto out_unlock; 370 371 err = ovl_copy_xattr(upper, opaquedir); 372 if (err) 373 goto out_cleanup; 374 375 err = ovl_set_opaque(dentry, opaquedir); 376 if (err) 377 goto out_cleanup; 378 379 inode_lock(opaquedir->d_inode); 380 err = ovl_set_attr(opaquedir, &stat); 381 inode_unlock(opaquedir->d_inode); 382 if (err) 383 goto out_cleanup; 384 385 err = ovl_do_rename(wdir, opaquedir, udir, upper, RENAME_EXCHANGE); 386 if (err) 387 goto out_cleanup; 388 389 ovl_cleanup_whiteouts(upper, list); 390 ovl_cleanup(wdir, upper); 391 unlock_rename(workdir, upperdir); 392 393 /* dentry's upper doesn't match now, get rid of it */ 394 d_drop(dentry); 395 396 return opaquedir; 397 398 out_cleanup: 399 ovl_cleanup(wdir, opaquedir); 400 dput(opaquedir); 401 out_unlock: 402 unlock_rename(workdir, upperdir); 403 out: 404 return ERR_PTR(err); 405 } 406 407 static int ovl_set_upper_acl(struct dentry *upperdentry, const char *name, 408 const struct posix_acl *acl) 409 { 410 void *buffer; 411 size_t size; 412 int err; 413 414 if (!IS_ENABLED(CONFIG_FS_POSIX_ACL) || !acl) 415 return 0; 416 417 size = posix_acl_to_xattr(NULL, acl, NULL, 0); 418 buffer = kmalloc(size, GFP_KERNEL); 419 if (!buffer) 420 return -ENOMEM; 421 422 size = posix_acl_to_xattr(&init_user_ns, acl, buffer, size); 423 err = size; 424 if (err < 0) 425 goto out_free; 426 427 err = vfs_setxattr(upperdentry, name, buffer, size, XATTR_CREATE); 428 out_free: 429 kfree(buffer); 430 return err; 431 } 432 433 static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode, 434 struct ovl_cattr *cattr) 435 { 436 struct dentry *workdir = ovl_workdir(dentry); 437 struct inode *wdir = workdir->d_inode; 438 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); 439 struct inode *udir = upperdir->d_inode; 440 struct dentry *upper; 441 struct dentry *newdentry; 442 int err; 443 struct posix_acl *acl, *default_acl; 444 bool hardlink = !!cattr->hardlink; 445 446 if (WARN_ON(!workdir)) 447 return -EROFS; 448 449 if (!hardlink) { 450 err = posix_acl_create(dentry->d_parent->d_inode, 451 &cattr->mode, &default_acl, &acl); 452 if (err) 453 return err; 454 } 455 456 err = ovl_lock_rename_workdir(workdir, upperdir); 457 if (err) 458 goto out; 459 460 upper = lookup_one_len(dentry->d_name.name, upperdir, 461 dentry->d_name.len); 462 err = PTR_ERR(upper); 463 if (IS_ERR(upper)) 464 goto out_unlock; 465 466 newdentry = ovl_create_temp(workdir, cattr); 467 err = PTR_ERR(newdentry); 468 if (IS_ERR(newdentry)) 469 goto out_dput; 470 471 /* 472 * mode could have been mutilated due to umask (e.g. sgid directory) 473 */ 474 if (!hardlink && 475 !S_ISLNK(cattr->mode) && 476 newdentry->d_inode->i_mode != cattr->mode) { 477 struct iattr attr = { 478 .ia_valid = ATTR_MODE, 479 .ia_mode = cattr->mode, 480 }; 481 inode_lock(newdentry->d_inode); 482 err = notify_change(newdentry, &attr, NULL); 483 inode_unlock(newdentry->d_inode); 484 if (err) 485 goto out_cleanup; 486 } 487 if (!hardlink) { 488 err = ovl_set_upper_acl(newdentry, XATTR_NAME_POSIX_ACL_ACCESS, 489 acl); 490 if (err) 491 goto out_cleanup; 492 493 err = ovl_set_upper_acl(newdentry, XATTR_NAME_POSIX_ACL_DEFAULT, 494 default_acl); 495 if (err) 496 goto out_cleanup; 497 } 498 499 if (!hardlink && S_ISDIR(cattr->mode)) { 500 err = ovl_set_opaque(dentry, newdentry); 501 if (err) 502 goto out_cleanup; 503 504 err = ovl_do_rename(wdir, newdentry, udir, upper, 505 RENAME_EXCHANGE); 506 if (err) 507 goto out_cleanup; 508 509 ovl_cleanup(wdir, upper); 510 } else { 511 err = ovl_do_rename(wdir, newdentry, udir, upper, 0); 512 if (err) 513 goto out_cleanup; 514 } 515 err = ovl_instantiate(dentry, inode, newdentry, hardlink); 516 if (err) 517 goto out_cleanup; 518 out_dput: 519 dput(upper); 520 out_unlock: 521 unlock_rename(workdir, upperdir); 522 out: 523 if (!hardlink) { 524 posix_acl_release(acl); 525 posix_acl_release(default_acl); 526 } 527 return err; 528 529 out_cleanup: 530 ovl_cleanup(wdir, newdentry); 531 dput(newdentry); 532 goto out_dput; 533 } 534 535 static int ovl_create_or_link(struct dentry *dentry, struct inode *inode, 536 struct ovl_cattr *attr, bool origin) 537 { 538 int err; 539 const struct cred *old_cred; 540 struct cred *override_cred; 541 struct dentry *parent = dentry->d_parent; 542 543 err = ovl_copy_up(parent); 544 if (err) 545 return err; 546 547 old_cred = ovl_override_creds(dentry->d_sb); 548 549 /* 550 * When linking a file with copy up origin into a new parent, mark the 551 * new parent dir "impure". 552 */ 553 if (origin) { 554 err = ovl_set_impure(parent, ovl_dentry_upper(parent)); 555 if (err) 556 goto out_revert_creds; 557 } 558 559 err = -ENOMEM; 560 override_cred = prepare_creds(); 561 if (override_cred) { 562 override_cred->fsuid = inode->i_uid; 563 override_cred->fsgid = inode->i_gid; 564 if (!attr->hardlink) { 565 err = security_dentry_create_files_as(dentry, 566 attr->mode, &dentry->d_name, old_cred, 567 override_cred); 568 if (err) { 569 put_cred(override_cred); 570 goto out_revert_creds; 571 } 572 } 573 put_cred(override_creds(override_cred)); 574 put_cred(override_cred); 575 576 if (!ovl_dentry_is_whiteout(dentry)) 577 err = ovl_create_upper(dentry, inode, attr); 578 else 579 err = ovl_create_over_whiteout(dentry, inode, attr); 580 } 581 out_revert_creds: 582 revert_creds(old_cred); 583 return err; 584 } 585 586 static int ovl_create_object(struct dentry *dentry, int mode, dev_t rdev, 587 const char *link) 588 { 589 int err; 590 struct inode *inode; 591 struct ovl_cattr attr = { 592 .rdev = rdev, 593 .link = link, 594 }; 595 596 err = ovl_want_write(dentry); 597 if (err) 598 goto out; 599 600 /* Preallocate inode to be used by ovl_get_inode() */ 601 err = -ENOMEM; 602 inode = ovl_new_inode(dentry->d_sb, mode, rdev); 603 if (!inode) 604 goto out_drop_write; 605 606 spin_lock(&inode->i_lock); 607 inode->i_state |= I_CREATING; 608 spin_unlock(&inode->i_lock); 609 610 inode_init_owner(inode, dentry->d_parent->d_inode, mode); 611 attr.mode = inode->i_mode; 612 613 err = ovl_create_or_link(dentry, inode, &attr, false); 614 /* Did we end up using the preallocated inode? */ 615 if (inode != d_inode(dentry)) 616 iput(inode); 617 618 out_drop_write: 619 ovl_drop_write(dentry); 620 out: 621 return err; 622 } 623 624 static int ovl_create(struct inode *dir, struct dentry *dentry, umode_t mode, 625 bool excl) 626 { 627 return ovl_create_object(dentry, (mode & 07777) | S_IFREG, 0, NULL); 628 } 629 630 static int ovl_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) 631 { 632 return ovl_create_object(dentry, (mode & 07777) | S_IFDIR, 0, NULL); 633 } 634 635 static int ovl_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, 636 dev_t rdev) 637 { 638 /* Don't allow creation of "whiteout" on overlay */ 639 if (S_ISCHR(mode) && rdev == WHITEOUT_DEV) 640 return -EPERM; 641 642 return ovl_create_object(dentry, mode, rdev, NULL); 643 } 644 645 static int ovl_symlink(struct inode *dir, struct dentry *dentry, 646 const char *link) 647 { 648 return ovl_create_object(dentry, S_IFLNK, 0, link); 649 } 650 651 static int ovl_link(struct dentry *old, struct inode *newdir, 652 struct dentry *new) 653 { 654 int err; 655 bool locked = false; 656 struct inode *inode; 657 658 err = ovl_want_write(old); 659 if (err) 660 goto out; 661 662 err = ovl_copy_up(old); 663 if (err) 664 goto out_drop_write; 665 666 if (ovl_is_metacopy_dentry(old)) { 667 err = ovl_set_redirect(old, false); 668 if (err) 669 goto out_drop_write; 670 } 671 672 err = ovl_nlink_start(old, &locked); 673 if (err) 674 goto out_drop_write; 675 676 inode = d_inode(old); 677 ihold(inode); 678 679 err = ovl_create_or_link(new, inode, 680 &(struct ovl_cattr) {.hardlink = ovl_dentry_upper(old)}, 681 ovl_type_origin(old)); 682 if (err) 683 iput(inode); 684 685 ovl_nlink_end(old, locked); 686 out_drop_write: 687 ovl_drop_write(old); 688 out: 689 return err; 690 } 691 692 static bool ovl_matches_upper(struct dentry *dentry, struct dentry *upper) 693 { 694 return d_inode(ovl_dentry_upper(dentry)) == d_inode(upper); 695 } 696 697 static int ovl_remove_and_whiteout(struct dentry *dentry, 698 struct list_head *list) 699 { 700 struct dentry *workdir = ovl_workdir(dentry); 701 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); 702 struct dentry *upper; 703 struct dentry *opaquedir = NULL; 704 int err; 705 706 if (WARN_ON(!workdir)) 707 return -EROFS; 708 709 if (!list_empty(list)) { 710 opaquedir = ovl_clear_empty(dentry, list); 711 err = PTR_ERR(opaquedir); 712 if (IS_ERR(opaquedir)) 713 goto out; 714 } 715 716 err = ovl_lock_rename_workdir(workdir, upperdir); 717 if (err) 718 goto out_dput; 719 720 upper = lookup_one_len(dentry->d_name.name, upperdir, 721 dentry->d_name.len); 722 err = PTR_ERR(upper); 723 if (IS_ERR(upper)) 724 goto out_unlock; 725 726 err = -ESTALE; 727 if ((opaquedir && upper != opaquedir) || 728 (!opaquedir && ovl_dentry_upper(dentry) && 729 !ovl_matches_upper(dentry, upper))) { 730 goto out_dput_upper; 731 } 732 733 err = ovl_cleanup_and_whiteout(workdir, d_inode(upperdir), upper); 734 if (err) 735 goto out_d_drop; 736 737 ovl_dir_modified(dentry->d_parent, true); 738 out_d_drop: 739 d_drop(dentry); 740 out_dput_upper: 741 dput(upper); 742 out_unlock: 743 unlock_rename(workdir, upperdir); 744 out_dput: 745 dput(opaquedir); 746 out: 747 return err; 748 } 749 750 static int ovl_remove_upper(struct dentry *dentry, bool is_dir, 751 struct list_head *list) 752 { 753 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent); 754 struct inode *dir = upperdir->d_inode; 755 struct dentry *upper; 756 struct dentry *opaquedir = NULL; 757 int err; 758 759 if (!list_empty(list)) { 760 opaquedir = ovl_clear_empty(dentry, list); 761 err = PTR_ERR(opaquedir); 762 if (IS_ERR(opaquedir)) 763 goto out; 764 } 765 766 inode_lock_nested(dir, I_MUTEX_PARENT); 767 upper = lookup_one_len(dentry->d_name.name, upperdir, 768 dentry->d_name.len); 769 err = PTR_ERR(upper); 770 if (IS_ERR(upper)) 771 goto out_unlock; 772 773 err = -ESTALE; 774 if ((opaquedir && upper != opaquedir) || 775 (!opaquedir && !ovl_matches_upper(dentry, upper))) 776 goto out_dput_upper; 777 778 if (is_dir) 779 err = vfs_rmdir(dir, upper); 780 else 781 err = vfs_unlink(dir, upper, NULL); 782 ovl_dir_modified(dentry->d_parent, ovl_type_origin(dentry)); 783 784 /* 785 * Keeping this dentry hashed would mean having to release 786 * upperpath/lowerpath, which could only be done if we are the 787 * sole user of this dentry. Too tricky... Just unhash for 788 * now. 789 */ 790 if (!err) 791 d_drop(dentry); 792 out_dput_upper: 793 dput(upper); 794 out_unlock: 795 inode_unlock(dir); 796 dput(opaquedir); 797 out: 798 return err; 799 } 800 801 static bool ovl_pure_upper(struct dentry *dentry) 802 { 803 return !ovl_dentry_lower(dentry) && 804 !ovl_test_flag(OVL_WHITEOUTS, d_inode(dentry)); 805 } 806 807 static int ovl_do_remove(struct dentry *dentry, bool is_dir) 808 { 809 int err; 810 bool locked = false; 811 const struct cred *old_cred; 812 struct dentry *upperdentry; 813 bool lower_positive = ovl_lower_positive(dentry); 814 LIST_HEAD(list); 815 816 /* No need to clean pure upper removed by vfs_rmdir() */ 817 if (is_dir && (lower_positive || !ovl_pure_upper(dentry))) { 818 err = ovl_check_empty_dir(dentry, &list); 819 if (err) 820 goto out; 821 } 822 823 err = ovl_want_write(dentry); 824 if (err) 825 goto out; 826 827 err = ovl_copy_up(dentry->d_parent); 828 if (err) 829 goto out_drop_write; 830 831 err = ovl_nlink_start(dentry, &locked); 832 if (err) 833 goto out_drop_write; 834 835 old_cred = ovl_override_creds(dentry->d_sb); 836 if (!lower_positive) 837 err = ovl_remove_upper(dentry, is_dir, &list); 838 else 839 err = ovl_remove_and_whiteout(dentry, &list); 840 revert_creds(old_cred); 841 if (!err) { 842 if (is_dir) 843 clear_nlink(dentry->d_inode); 844 else 845 drop_nlink(dentry->d_inode); 846 } 847 ovl_nlink_end(dentry, locked); 848 849 /* 850 * Copy ctime 851 * 852 * Note: we fail to update ctime if there was no copy-up, only a 853 * whiteout 854 */ 855 upperdentry = ovl_dentry_upper(dentry); 856 if (upperdentry) 857 ovl_copyattr(d_inode(upperdentry), d_inode(dentry)); 858 859 out_drop_write: 860 ovl_drop_write(dentry); 861 out: 862 ovl_cache_free(&list); 863 return err; 864 } 865 866 static int ovl_unlink(struct inode *dir, struct dentry *dentry) 867 { 868 return ovl_do_remove(dentry, false); 869 } 870 871 static int ovl_rmdir(struct inode *dir, struct dentry *dentry) 872 { 873 return ovl_do_remove(dentry, true); 874 } 875 876 static bool ovl_type_merge_or_lower(struct dentry *dentry) 877 { 878 enum ovl_path_type type = ovl_path_type(dentry); 879 880 return OVL_TYPE_MERGE(type) || !OVL_TYPE_UPPER(type); 881 } 882 883 static bool ovl_can_move(struct dentry *dentry) 884 { 885 return ovl_redirect_dir(dentry->d_sb) || 886 !d_is_dir(dentry) || !ovl_type_merge_or_lower(dentry); 887 } 888 889 static char *ovl_get_redirect(struct dentry *dentry, bool abs_redirect) 890 { 891 char *buf, *ret; 892 struct dentry *d, *tmp; 893 int buflen = ovl_redirect_max + 1; 894 895 if (!abs_redirect) { 896 ret = kstrndup(dentry->d_name.name, dentry->d_name.len, 897 GFP_KERNEL); 898 goto out; 899 } 900 901 buf = ret = kmalloc(buflen, GFP_KERNEL); 902 if (!buf) 903 goto out; 904 905 buflen--; 906 buf[buflen] = '\0'; 907 for (d = dget(dentry); !IS_ROOT(d);) { 908 const char *name; 909 int thislen; 910 911 spin_lock(&d->d_lock); 912 name = ovl_dentry_get_redirect(d); 913 if (name) { 914 thislen = strlen(name); 915 } else { 916 name = d->d_name.name; 917 thislen = d->d_name.len; 918 } 919 920 /* If path is too long, fall back to userspace move */ 921 if (thislen + (name[0] != '/') > buflen) { 922 ret = ERR_PTR(-EXDEV); 923 spin_unlock(&d->d_lock); 924 goto out_put; 925 } 926 927 buflen -= thislen; 928 memcpy(&buf[buflen], name, thislen); 929 tmp = dget_dlock(d->d_parent); 930 spin_unlock(&d->d_lock); 931 932 dput(d); 933 d = tmp; 934 935 /* Absolute redirect: finished */ 936 if (buf[buflen] == '/') 937 break; 938 buflen--; 939 buf[buflen] = '/'; 940 } 941 ret = kstrdup(&buf[buflen], GFP_KERNEL); 942 out_put: 943 dput(d); 944 kfree(buf); 945 out: 946 return ret ? ret : ERR_PTR(-ENOMEM); 947 } 948 949 static bool ovl_need_absolute_redirect(struct dentry *dentry, bool samedir) 950 { 951 struct dentry *lowerdentry; 952 953 if (!samedir) 954 return true; 955 956 if (d_is_dir(dentry)) 957 return false; 958 959 /* 960 * For non-dir hardlinked files, we need absolute redirects 961 * in general as two upper hardlinks could be in different 962 * dirs. We could put a relative redirect now and convert 963 * it to absolute redirect later. But when nlink > 1 and 964 * indexing is on, that means relative redirect needs to be 965 * converted to absolute during copy up of another lower 966 * hardllink as well. 967 * 968 * So without optimizing too much, just check if lower is 969 * a hard link or not. If lower is hard link, put absolute 970 * redirect. 971 */ 972 lowerdentry = ovl_dentry_lower(dentry); 973 return (d_inode(lowerdentry)->i_nlink > 1); 974 } 975 976 static int ovl_set_redirect(struct dentry *dentry, bool samedir) 977 { 978 int err; 979 const char *redirect = ovl_dentry_get_redirect(dentry); 980 bool absolute_redirect = ovl_need_absolute_redirect(dentry, samedir); 981 982 if (redirect && (!absolute_redirect || redirect[0] == '/')) 983 return 0; 984 985 redirect = ovl_get_redirect(dentry, absolute_redirect); 986 if (IS_ERR(redirect)) 987 return PTR_ERR(redirect); 988 989 err = ovl_check_setxattr(dentry, ovl_dentry_upper(dentry), 990 OVL_XATTR_REDIRECT, 991 redirect, strlen(redirect), -EXDEV); 992 if (!err) { 993 spin_lock(&dentry->d_lock); 994 ovl_dentry_set_redirect(dentry, redirect); 995 spin_unlock(&dentry->d_lock); 996 } else { 997 kfree(redirect); 998 pr_warn_ratelimited("overlayfs: failed to set redirect (%i)\n", 999 err); 1000 /* Fall back to userspace copy-up */ 1001 err = -EXDEV; 1002 } 1003 return err; 1004 } 1005 1006 static int ovl_rename(struct inode *olddir, struct dentry *old, 1007 struct inode *newdir, struct dentry *new, 1008 unsigned int flags) 1009 { 1010 int err; 1011 bool locked = false; 1012 struct dentry *old_upperdir; 1013 struct dentry *new_upperdir; 1014 struct dentry *olddentry; 1015 struct dentry *newdentry; 1016 struct dentry *trap; 1017 bool old_opaque; 1018 bool new_opaque; 1019 bool cleanup_whiteout = false; 1020 bool overwrite = !(flags & RENAME_EXCHANGE); 1021 bool is_dir = d_is_dir(old); 1022 bool new_is_dir = d_is_dir(new); 1023 bool samedir = olddir == newdir; 1024 struct dentry *opaquedir = NULL; 1025 const struct cred *old_cred = NULL; 1026 LIST_HEAD(list); 1027 1028 err = -EINVAL; 1029 if (flags & ~(RENAME_EXCHANGE | RENAME_NOREPLACE)) 1030 goto out; 1031 1032 flags &= ~RENAME_NOREPLACE; 1033 1034 /* Don't copy up directory trees */ 1035 err = -EXDEV; 1036 if (!ovl_can_move(old)) 1037 goto out; 1038 if (!overwrite && !ovl_can_move(new)) 1039 goto out; 1040 1041 if (overwrite && new_is_dir && !ovl_pure_upper(new)) { 1042 err = ovl_check_empty_dir(new, &list); 1043 if (err) 1044 goto out; 1045 } 1046 1047 if (overwrite) { 1048 if (ovl_lower_positive(old)) { 1049 if (!ovl_dentry_is_whiteout(new)) { 1050 /* Whiteout source */ 1051 flags |= RENAME_WHITEOUT; 1052 } else { 1053 /* Switch whiteouts */ 1054 flags |= RENAME_EXCHANGE; 1055 } 1056 } else if (is_dir && ovl_dentry_is_whiteout(new)) { 1057 flags |= RENAME_EXCHANGE; 1058 cleanup_whiteout = true; 1059 } 1060 } 1061 1062 err = ovl_want_write(old); 1063 if (err) 1064 goto out; 1065 1066 err = ovl_copy_up(old); 1067 if (err) 1068 goto out_drop_write; 1069 1070 err = ovl_copy_up(new->d_parent); 1071 if (err) 1072 goto out_drop_write; 1073 if (!overwrite) { 1074 err = ovl_copy_up(new); 1075 if (err) 1076 goto out_drop_write; 1077 } else { 1078 err = ovl_nlink_start(new, &locked); 1079 if (err) 1080 goto out_drop_write; 1081 } 1082 1083 old_cred = ovl_override_creds(old->d_sb); 1084 1085 if (!list_empty(&list)) { 1086 opaquedir = ovl_clear_empty(new, &list); 1087 err = PTR_ERR(opaquedir); 1088 if (IS_ERR(opaquedir)) { 1089 opaquedir = NULL; 1090 goto out_revert_creds; 1091 } 1092 } 1093 1094 old_upperdir = ovl_dentry_upper(old->d_parent); 1095 new_upperdir = ovl_dentry_upper(new->d_parent); 1096 1097 if (!samedir) { 1098 /* 1099 * When moving a merge dir or non-dir with copy up origin into 1100 * a new parent, we are marking the new parent dir "impure". 1101 * When ovl_iterate() iterates an "impure" upper dir, it will 1102 * lookup the origin inodes of the entries to fill d_ino. 1103 */ 1104 if (ovl_type_origin(old)) { 1105 err = ovl_set_impure(new->d_parent, new_upperdir); 1106 if (err) 1107 goto out_revert_creds; 1108 } 1109 if (!overwrite && ovl_type_origin(new)) { 1110 err = ovl_set_impure(old->d_parent, old_upperdir); 1111 if (err) 1112 goto out_revert_creds; 1113 } 1114 } 1115 1116 trap = lock_rename(new_upperdir, old_upperdir); 1117 1118 olddentry = lookup_one_len(old->d_name.name, old_upperdir, 1119 old->d_name.len); 1120 err = PTR_ERR(olddentry); 1121 if (IS_ERR(olddentry)) 1122 goto out_unlock; 1123 1124 err = -ESTALE; 1125 if (!ovl_matches_upper(old, olddentry)) 1126 goto out_dput_old; 1127 1128 newdentry = lookup_one_len(new->d_name.name, new_upperdir, 1129 new->d_name.len); 1130 err = PTR_ERR(newdentry); 1131 if (IS_ERR(newdentry)) 1132 goto out_dput_old; 1133 1134 old_opaque = ovl_dentry_is_opaque(old); 1135 new_opaque = ovl_dentry_is_opaque(new); 1136 1137 err = -ESTALE; 1138 if (d_inode(new) && ovl_dentry_upper(new)) { 1139 if (opaquedir) { 1140 if (newdentry != opaquedir) 1141 goto out_dput; 1142 } else { 1143 if (!ovl_matches_upper(new, newdentry)) 1144 goto out_dput; 1145 } 1146 } else { 1147 if (!d_is_negative(newdentry) && 1148 (!new_opaque || !ovl_is_whiteout(newdentry))) 1149 goto out_dput; 1150 } 1151 1152 if (olddentry == trap) 1153 goto out_dput; 1154 if (newdentry == trap) 1155 goto out_dput; 1156 1157 if (WARN_ON(olddentry->d_inode == newdentry->d_inode)) 1158 goto out_dput; 1159 1160 err = 0; 1161 if (ovl_type_merge_or_lower(old)) 1162 err = ovl_set_redirect(old, samedir); 1163 else if (is_dir && !old_opaque && ovl_type_merge(new->d_parent)) 1164 err = ovl_set_opaque_xerr(old, olddentry, -EXDEV); 1165 if (err) 1166 goto out_dput; 1167 1168 if (!overwrite && ovl_type_merge_or_lower(new)) 1169 err = ovl_set_redirect(new, samedir); 1170 else if (!overwrite && new_is_dir && !new_opaque && 1171 ovl_type_merge(old->d_parent)) 1172 err = ovl_set_opaque_xerr(new, newdentry, -EXDEV); 1173 if (err) 1174 goto out_dput; 1175 1176 err = ovl_do_rename(old_upperdir->d_inode, olddentry, 1177 new_upperdir->d_inode, newdentry, flags); 1178 if (err) 1179 goto out_dput; 1180 1181 if (cleanup_whiteout) 1182 ovl_cleanup(old_upperdir->d_inode, newdentry); 1183 1184 if (overwrite && d_inode(new)) { 1185 if (new_is_dir) 1186 clear_nlink(d_inode(new)); 1187 else 1188 drop_nlink(d_inode(new)); 1189 } 1190 1191 ovl_dir_modified(old->d_parent, ovl_type_origin(old) || 1192 (!overwrite && ovl_type_origin(new))); 1193 ovl_dir_modified(new->d_parent, ovl_type_origin(old) || 1194 (d_inode(new) && ovl_type_origin(new))); 1195 1196 /* copy ctime: */ 1197 ovl_copyattr(d_inode(olddentry), d_inode(old)); 1198 if (d_inode(new) && ovl_dentry_upper(new)) 1199 ovl_copyattr(d_inode(newdentry), d_inode(new)); 1200 1201 out_dput: 1202 dput(newdentry); 1203 out_dput_old: 1204 dput(olddentry); 1205 out_unlock: 1206 unlock_rename(new_upperdir, old_upperdir); 1207 out_revert_creds: 1208 revert_creds(old_cred); 1209 ovl_nlink_end(new, locked); 1210 out_drop_write: 1211 ovl_drop_write(old); 1212 out: 1213 dput(opaquedir); 1214 ovl_cache_free(&list); 1215 return err; 1216 } 1217 1218 const struct inode_operations ovl_dir_inode_operations = { 1219 .lookup = ovl_lookup, 1220 .mkdir = ovl_mkdir, 1221 .symlink = ovl_symlink, 1222 .unlink = ovl_unlink, 1223 .rmdir = ovl_rmdir, 1224 .rename = ovl_rename, 1225 .link = ovl_link, 1226 .setattr = ovl_setattr, 1227 .create = ovl_create, 1228 .mknod = ovl_mknod, 1229 .permission = ovl_permission, 1230 .getattr = ovl_getattr, 1231 .listxattr = ovl_listxattr, 1232 .get_acl = ovl_get_acl, 1233 .update_time = ovl_update_time, 1234 }; 1235