1 /* 2 * Copyright (C) 2017 Red Hat, Inc. 3 * 4 * This program is free software; you can redistribute it and/or modify it 5 * under the terms of the GNU General Public License version 2 as published by 6 * the Free Software Foundation. 7 */ 8 9 #include <linux/cred.h> 10 #include <linux/file.h> 11 #include <linux/mount.h> 12 #include <linux/xattr.h> 13 #include <linux/uio.h> 14 #include "overlayfs.h" 15 16 static char ovl_whatisit(struct inode *inode, struct inode *realinode) 17 { 18 if (realinode != ovl_inode_upper(inode)) 19 return 'l'; 20 if (ovl_has_upperdata(inode)) 21 return 'u'; 22 else 23 return 'm'; 24 } 25 26 static struct file *ovl_open_realfile(const struct file *file, 27 struct inode *realinode) 28 { 29 struct inode *inode = file_inode(file); 30 struct file *realfile; 31 const struct cred *old_cred; 32 33 old_cred = ovl_override_creds(inode->i_sb); 34 realfile = open_with_fake_path(&file->f_path, file->f_flags | O_NOATIME, 35 realinode, current_cred()); 36 revert_creds(old_cred); 37 38 pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n", 39 file, file, ovl_whatisit(inode, realinode), file->f_flags, 40 realfile, IS_ERR(realfile) ? 0 : realfile->f_flags); 41 42 return realfile; 43 } 44 45 #define OVL_SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT) 46 47 static int ovl_change_flags(struct file *file, unsigned int flags) 48 { 49 struct inode *inode = file_inode(file); 50 int err; 51 52 /* No atime modificaton on underlying */ 53 flags |= O_NOATIME; 54 55 /* If some flag changed that cannot be changed then something's amiss */ 56 if (WARN_ON((file->f_flags ^ flags) & ~OVL_SETFL_MASK)) 57 return -EIO; 58 59 flags &= OVL_SETFL_MASK; 60 61 if (((flags ^ file->f_flags) & O_APPEND) && IS_APPEND(inode)) 62 return -EPERM; 63 64 if (flags & O_DIRECT) { 65 if (!file->f_mapping->a_ops || 66 !file->f_mapping->a_ops->direct_IO) 67 return -EINVAL; 68 } 69 70 if (file->f_op->check_flags) { 71 err = file->f_op->check_flags(flags); 72 if (err) 73 return err; 74 } 75 76 spin_lock(&file->f_lock); 77 file->f_flags = (file->f_flags & ~OVL_SETFL_MASK) | flags; 78 spin_unlock(&file->f_lock); 79 80 return 0; 81 } 82 83 static int ovl_real_fdget_meta(const struct file *file, struct fd *real, 84 bool allow_meta) 85 { 86 struct inode *inode = file_inode(file); 87 struct inode *realinode; 88 89 real->flags = 0; 90 real->file = file->private_data; 91 92 if (allow_meta) 93 realinode = ovl_inode_real(inode); 94 else 95 realinode = ovl_inode_realdata(inode); 96 97 /* Has it been copied up since we'd opened it? */ 98 if (unlikely(file_inode(real->file) != realinode)) { 99 real->flags = FDPUT_FPUT; 100 real->file = ovl_open_realfile(file, realinode); 101 102 return PTR_ERR_OR_ZERO(real->file); 103 } 104 105 /* Did the flags change since open? */ 106 if (unlikely((file->f_flags ^ real->file->f_flags) & ~O_NOATIME)) 107 return ovl_change_flags(real->file, file->f_flags); 108 109 return 0; 110 } 111 112 static int ovl_real_fdget(const struct file *file, struct fd *real) 113 { 114 return ovl_real_fdget_meta(file, real, false); 115 } 116 117 static int ovl_open(struct inode *inode, struct file *file) 118 { 119 struct dentry *dentry = file_dentry(file); 120 struct file *realfile; 121 int err; 122 123 err = ovl_open_maybe_copy_up(dentry, file->f_flags); 124 if (err) 125 return err; 126 127 /* No longer need these flags, so don't pass them on to underlying fs */ 128 file->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); 129 130 realfile = ovl_open_realfile(file, ovl_inode_realdata(inode)); 131 if (IS_ERR(realfile)) 132 return PTR_ERR(realfile); 133 134 file->private_data = realfile; 135 136 return 0; 137 } 138 139 static int ovl_release(struct inode *inode, struct file *file) 140 { 141 fput(file->private_data); 142 143 return 0; 144 } 145 146 static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) 147 { 148 struct inode *realinode = ovl_inode_real(file_inode(file)); 149 150 return generic_file_llseek_size(file, offset, whence, 151 realinode->i_sb->s_maxbytes, 152 i_size_read(realinode)); 153 } 154 155 static void ovl_file_accessed(struct file *file) 156 { 157 struct inode *inode, *upperinode; 158 159 if (file->f_flags & O_NOATIME) 160 return; 161 162 inode = file_inode(file); 163 upperinode = ovl_inode_upper(inode); 164 165 if (!upperinode) 166 return; 167 168 if ((!timespec64_equal(&inode->i_mtime, &upperinode->i_mtime) || 169 !timespec64_equal(&inode->i_ctime, &upperinode->i_ctime))) { 170 inode->i_mtime = upperinode->i_mtime; 171 inode->i_ctime = upperinode->i_ctime; 172 } 173 174 touch_atime(&file->f_path); 175 } 176 177 static rwf_t ovl_iocb_to_rwf(struct kiocb *iocb) 178 { 179 int ifl = iocb->ki_flags; 180 rwf_t flags = 0; 181 182 if (ifl & IOCB_NOWAIT) 183 flags |= RWF_NOWAIT; 184 if (ifl & IOCB_HIPRI) 185 flags |= RWF_HIPRI; 186 if (ifl & IOCB_DSYNC) 187 flags |= RWF_DSYNC; 188 if (ifl & IOCB_SYNC) 189 flags |= RWF_SYNC; 190 191 return flags; 192 } 193 194 static ssize_t ovl_read_iter(struct kiocb *iocb, struct iov_iter *iter) 195 { 196 struct file *file = iocb->ki_filp; 197 struct fd real; 198 const struct cred *old_cred; 199 ssize_t ret; 200 201 if (!iov_iter_count(iter)) 202 return 0; 203 204 ret = ovl_real_fdget(file, &real); 205 if (ret) 206 return ret; 207 208 old_cred = ovl_override_creds(file_inode(file)->i_sb); 209 ret = vfs_iter_read(real.file, iter, &iocb->ki_pos, 210 ovl_iocb_to_rwf(iocb)); 211 revert_creds(old_cred); 212 213 ovl_file_accessed(file); 214 215 fdput(real); 216 217 return ret; 218 } 219 220 static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) 221 { 222 struct file *file = iocb->ki_filp; 223 struct inode *inode = file_inode(file); 224 struct fd real; 225 const struct cred *old_cred; 226 ssize_t ret; 227 228 if (!iov_iter_count(iter)) 229 return 0; 230 231 inode_lock(inode); 232 /* Update mode */ 233 ovl_copyattr(ovl_inode_real(inode), inode); 234 ret = file_remove_privs(file); 235 if (ret) 236 goto out_unlock; 237 238 ret = ovl_real_fdget(file, &real); 239 if (ret) 240 goto out_unlock; 241 242 old_cred = ovl_override_creds(file_inode(file)->i_sb); 243 file_start_write(real.file); 244 ret = vfs_iter_write(real.file, iter, &iocb->ki_pos, 245 ovl_iocb_to_rwf(iocb)); 246 file_end_write(real.file); 247 revert_creds(old_cred); 248 249 /* Update size */ 250 ovl_copyattr(ovl_inode_real(inode), inode); 251 252 fdput(real); 253 254 out_unlock: 255 inode_unlock(inode); 256 257 return ret; 258 } 259 260 static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync) 261 { 262 struct fd real; 263 const struct cred *old_cred; 264 int ret; 265 266 ret = ovl_real_fdget_meta(file, &real, !datasync); 267 if (ret) 268 return ret; 269 270 /* Don't sync lower file for fear of receiving EROFS error */ 271 if (file_inode(real.file) == ovl_inode_upper(file_inode(file))) { 272 old_cred = ovl_override_creds(file_inode(file)->i_sb); 273 ret = vfs_fsync_range(real.file, start, end, datasync); 274 revert_creds(old_cred); 275 } 276 277 fdput(real); 278 279 return ret; 280 } 281 282 static int ovl_mmap(struct file *file, struct vm_area_struct *vma) 283 { 284 struct file *realfile = file->private_data; 285 const struct cred *old_cred; 286 int ret; 287 288 if (!realfile->f_op->mmap) 289 return -ENODEV; 290 291 if (WARN_ON(file != vma->vm_file)) 292 return -EIO; 293 294 vma->vm_file = get_file(realfile); 295 296 old_cred = ovl_override_creds(file_inode(file)->i_sb); 297 ret = call_mmap(vma->vm_file, vma); 298 revert_creds(old_cred); 299 300 if (ret) { 301 /* Drop reference count from new vm_file value */ 302 fput(realfile); 303 } else { 304 /* Drop reference count from previous vm_file value */ 305 fput(file); 306 } 307 308 ovl_file_accessed(file); 309 310 return ret; 311 } 312 313 static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len) 314 { 315 struct inode *inode = file_inode(file); 316 struct fd real; 317 const struct cred *old_cred; 318 int ret; 319 320 ret = ovl_real_fdget(file, &real); 321 if (ret) 322 return ret; 323 324 old_cred = ovl_override_creds(file_inode(file)->i_sb); 325 ret = vfs_fallocate(real.file, mode, offset, len); 326 revert_creds(old_cred); 327 328 /* Update size */ 329 ovl_copyattr(ovl_inode_real(inode), inode); 330 331 fdput(real); 332 333 return ret; 334 } 335 336 static int ovl_fadvise(struct file *file, loff_t offset, loff_t len, int advice) 337 { 338 struct fd real; 339 const struct cred *old_cred; 340 int ret; 341 342 ret = ovl_real_fdget(file, &real); 343 if (ret) 344 return ret; 345 346 old_cred = ovl_override_creds(file_inode(file)->i_sb); 347 ret = vfs_fadvise(real.file, offset, len, advice); 348 revert_creds(old_cred); 349 350 fdput(real); 351 352 return ret; 353 } 354 355 static long ovl_real_ioctl(struct file *file, unsigned int cmd, 356 unsigned long arg) 357 { 358 struct fd real; 359 const struct cred *old_cred; 360 long ret; 361 362 ret = ovl_real_fdget(file, &real); 363 if (ret) 364 return ret; 365 366 old_cred = ovl_override_creds(file_inode(file)->i_sb); 367 ret = vfs_ioctl(real.file, cmd, arg); 368 revert_creds(old_cred); 369 370 fdput(real); 371 372 return ret; 373 } 374 375 static long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 376 { 377 long ret; 378 struct inode *inode = file_inode(file); 379 380 switch (cmd) { 381 case FS_IOC_GETFLAGS: 382 ret = ovl_real_ioctl(file, cmd, arg); 383 break; 384 385 case FS_IOC_SETFLAGS: 386 if (!inode_owner_or_capable(inode)) 387 return -EACCES; 388 389 ret = mnt_want_write_file(file); 390 if (ret) 391 return ret; 392 393 ret = ovl_copy_up_with_data(file_dentry(file)); 394 if (!ret) { 395 ret = ovl_real_ioctl(file, cmd, arg); 396 397 inode_lock(inode); 398 ovl_copyflags(ovl_inode_real(inode), inode); 399 inode_unlock(inode); 400 } 401 402 mnt_drop_write_file(file); 403 break; 404 405 default: 406 ret = -ENOTTY; 407 } 408 409 return ret; 410 } 411 412 static long ovl_compat_ioctl(struct file *file, unsigned int cmd, 413 unsigned long arg) 414 { 415 switch (cmd) { 416 case FS_IOC32_GETFLAGS: 417 cmd = FS_IOC_GETFLAGS; 418 break; 419 420 case FS_IOC32_SETFLAGS: 421 cmd = FS_IOC_SETFLAGS; 422 break; 423 424 default: 425 return -ENOIOCTLCMD; 426 } 427 428 return ovl_ioctl(file, cmd, arg); 429 } 430 431 enum ovl_copyop { 432 OVL_COPY, 433 OVL_CLONE, 434 OVL_DEDUPE, 435 }; 436 437 static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, 438 struct file *file_out, loff_t pos_out, 439 loff_t len, unsigned int flags, enum ovl_copyop op) 440 { 441 struct inode *inode_out = file_inode(file_out); 442 struct fd real_in, real_out; 443 const struct cred *old_cred; 444 loff_t ret; 445 446 ret = ovl_real_fdget(file_out, &real_out); 447 if (ret) 448 return ret; 449 450 ret = ovl_real_fdget(file_in, &real_in); 451 if (ret) { 452 fdput(real_out); 453 return ret; 454 } 455 456 old_cred = ovl_override_creds(file_inode(file_out)->i_sb); 457 switch (op) { 458 case OVL_COPY: 459 ret = vfs_copy_file_range(real_in.file, pos_in, 460 real_out.file, pos_out, len, flags); 461 break; 462 463 case OVL_CLONE: 464 ret = vfs_clone_file_range(real_in.file, pos_in, 465 real_out.file, pos_out, len, flags); 466 break; 467 468 case OVL_DEDUPE: 469 ret = vfs_dedupe_file_range_one(real_in.file, pos_in, 470 real_out.file, pos_out, len, 471 flags); 472 break; 473 } 474 revert_creds(old_cred); 475 476 /* Update size */ 477 ovl_copyattr(ovl_inode_real(inode_out), inode_out); 478 479 fdput(real_in); 480 fdput(real_out); 481 482 return ret; 483 } 484 485 static ssize_t ovl_copy_file_range(struct file *file_in, loff_t pos_in, 486 struct file *file_out, loff_t pos_out, 487 size_t len, unsigned int flags) 488 { 489 return ovl_copyfile(file_in, pos_in, file_out, pos_out, len, flags, 490 OVL_COPY); 491 } 492 493 static loff_t ovl_remap_file_range(struct file *file_in, loff_t pos_in, 494 struct file *file_out, loff_t pos_out, 495 loff_t len, unsigned int remap_flags) 496 { 497 enum ovl_copyop op; 498 499 if (remap_flags & ~(REMAP_FILE_DEDUP | REMAP_FILE_ADVISORY)) 500 return -EINVAL; 501 502 if (remap_flags & REMAP_FILE_DEDUP) 503 op = OVL_DEDUPE; 504 else 505 op = OVL_CLONE; 506 507 /* 508 * Don't copy up because of a dedupe request, this wouldn't make sense 509 * most of the time (data would be duplicated instead of deduplicated). 510 */ 511 if (op == OVL_DEDUPE && 512 (!ovl_inode_upper(file_inode(file_in)) || 513 !ovl_inode_upper(file_inode(file_out)))) 514 return -EPERM; 515 516 return ovl_copyfile(file_in, pos_in, file_out, pos_out, len, 517 remap_flags, op); 518 } 519 520 const struct file_operations ovl_file_operations = { 521 .open = ovl_open, 522 .release = ovl_release, 523 .llseek = ovl_llseek, 524 .read_iter = ovl_read_iter, 525 .write_iter = ovl_write_iter, 526 .fsync = ovl_fsync, 527 .mmap = ovl_mmap, 528 .fallocate = ovl_fallocate, 529 .fadvise = ovl_fadvise, 530 .unlocked_ioctl = ovl_ioctl, 531 .compat_ioctl = ovl_compat_ioctl, 532 533 .copy_file_range = ovl_copy_file_range, 534 .remap_file_range = ovl_remap_file_range, 535 }; 536