1 /* 2 * Copyright (C) 2017 Red Hat, Inc. 3 * 4 * This program is free software; you can redistribute it and/or modify it 5 * under the terms of the GNU General Public License version 2 as published by 6 * the Free Software Foundation. 7 */ 8 9 #include <linux/cred.h> 10 #include <linux/file.h> 11 #include <linux/mount.h> 12 #include <linux/xattr.h> 13 #include <linux/uio.h> 14 #include <linux/uaccess.h> 15 #include "overlayfs.h" 16 17 static char ovl_whatisit(struct inode *inode, struct inode *realinode) 18 { 19 if (realinode != ovl_inode_upper(inode)) 20 return 'l'; 21 if (ovl_has_upperdata(inode)) 22 return 'u'; 23 else 24 return 'm'; 25 } 26 27 static struct file *ovl_open_realfile(const struct file *file, 28 struct inode *realinode) 29 { 30 struct inode *inode = file_inode(file); 31 struct file *realfile; 32 const struct cred *old_cred; 33 int flags = file->f_flags | O_NOATIME | FMODE_NONOTIFY; 34 35 old_cred = ovl_override_creds(inode->i_sb); 36 realfile = open_with_fake_path(&file->f_path, flags, realinode, 37 current_cred()); 38 revert_creds(old_cred); 39 40 pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n", 41 file, file, ovl_whatisit(inode, realinode), file->f_flags, 42 realfile, IS_ERR(realfile) ? 0 : realfile->f_flags); 43 44 return realfile; 45 } 46 47 #define OVL_SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT) 48 49 static int ovl_change_flags(struct file *file, unsigned int flags) 50 { 51 struct inode *inode = file_inode(file); 52 int err; 53 54 /* No atime modificaton on underlying */ 55 flags |= O_NOATIME | FMODE_NONOTIFY; 56 57 /* If some flag changed that cannot be changed then something's amiss */ 58 if (WARN_ON((file->f_flags ^ flags) & ~OVL_SETFL_MASK)) 59 return -EIO; 60 61 flags &= OVL_SETFL_MASK; 62 63 if (((flags ^ file->f_flags) & O_APPEND) && IS_APPEND(inode)) 64 return -EPERM; 65 66 if (flags & O_DIRECT) { 67 if (!file->f_mapping->a_ops || 68 !file->f_mapping->a_ops->direct_IO) 69 return -EINVAL; 70 } 71 72 if (file->f_op->check_flags) { 73 err = file->f_op->check_flags(flags); 74 if (err) 75 return err; 76 } 77 78 spin_lock(&file->f_lock); 79 file->f_flags = (file->f_flags & ~OVL_SETFL_MASK) | flags; 80 spin_unlock(&file->f_lock); 81 82 return 0; 83 } 84 85 static int ovl_real_fdget_meta(const struct file *file, struct fd *real, 86 bool allow_meta) 87 { 88 struct inode *inode = file_inode(file); 89 struct inode *realinode; 90 91 real->flags = 0; 92 real->file = file->private_data; 93 94 if (allow_meta) 95 realinode = ovl_inode_real(inode); 96 else 97 realinode = ovl_inode_realdata(inode); 98 99 /* Has it been copied up since we'd opened it? */ 100 if (unlikely(file_inode(real->file) != realinode)) { 101 real->flags = FDPUT_FPUT; 102 real->file = ovl_open_realfile(file, realinode); 103 104 return PTR_ERR_OR_ZERO(real->file); 105 } 106 107 /* Did the flags change since open? */ 108 if (unlikely((file->f_flags ^ real->file->f_flags) & ~O_NOATIME)) 109 return ovl_change_flags(real->file, file->f_flags); 110 111 return 0; 112 } 113 114 static int ovl_real_fdget(const struct file *file, struct fd *real) 115 { 116 return ovl_real_fdget_meta(file, real, false); 117 } 118 119 static int ovl_open(struct inode *inode, struct file *file) 120 { 121 struct file *realfile; 122 int err; 123 124 err = ovl_maybe_copy_up(file_dentry(file), file->f_flags); 125 if (err) 126 return err; 127 128 /* No longer need these flags, so don't pass them on to underlying fs */ 129 file->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); 130 131 realfile = ovl_open_realfile(file, ovl_inode_realdata(inode)); 132 if (IS_ERR(realfile)) 133 return PTR_ERR(realfile); 134 135 file->private_data = realfile; 136 137 return 0; 138 } 139 140 static int ovl_release(struct inode *inode, struct file *file) 141 { 142 fput(file->private_data); 143 144 return 0; 145 } 146 147 static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) 148 { 149 struct inode *inode = file_inode(file); 150 struct fd real; 151 const struct cred *old_cred; 152 ssize_t ret; 153 154 /* 155 * The two special cases below do not need to involve real fs, 156 * so we can optimizing concurrent callers. 157 */ 158 if (offset == 0) { 159 if (whence == SEEK_CUR) 160 return file->f_pos; 161 162 if (whence == SEEK_SET) 163 return vfs_setpos(file, 0, 0); 164 } 165 166 ret = ovl_real_fdget(file, &real); 167 if (ret) 168 return ret; 169 170 /* 171 * Overlay file f_pos is the master copy that is preserved 172 * through copy up and modified on read/write, but only real 173 * fs knows how to SEEK_HOLE/SEEK_DATA and real fs may impose 174 * limitations that are more strict than ->s_maxbytes for specific 175 * files, so we use the real file to perform seeks. 176 */ 177 inode_lock(inode); 178 real.file->f_pos = file->f_pos; 179 180 old_cred = ovl_override_creds(inode->i_sb); 181 ret = vfs_llseek(real.file, offset, whence); 182 revert_creds(old_cred); 183 184 file->f_pos = real.file->f_pos; 185 inode_unlock(inode); 186 187 fdput(real); 188 189 return ret; 190 } 191 192 static void ovl_file_accessed(struct file *file) 193 { 194 struct inode *inode, *upperinode; 195 196 if (file->f_flags & O_NOATIME) 197 return; 198 199 inode = file_inode(file); 200 upperinode = ovl_inode_upper(inode); 201 202 if (!upperinode) 203 return; 204 205 if ((!timespec64_equal(&inode->i_mtime, &upperinode->i_mtime) || 206 !timespec64_equal(&inode->i_ctime, &upperinode->i_ctime))) { 207 inode->i_mtime = upperinode->i_mtime; 208 inode->i_ctime = upperinode->i_ctime; 209 } 210 211 touch_atime(&file->f_path); 212 } 213 214 static rwf_t ovl_iocb_to_rwf(struct kiocb *iocb) 215 { 216 int ifl = iocb->ki_flags; 217 rwf_t flags = 0; 218 219 if (ifl & IOCB_NOWAIT) 220 flags |= RWF_NOWAIT; 221 if (ifl & IOCB_HIPRI) 222 flags |= RWF_HIPRI; 223 if (ifl & IOCB_DSYNC) 224 flags |= RWF_DSYNC; 225 if (ifl & IOCB_SYNC) 226 flags |= RWF_SYNC; 227 228 return flags; 229 } 230 231 static ssize_t ovl_read_iter(struct kiocb *iocb, struct iov_iter *iter) 232 { 233 struct file *file = iocb->ki_filp; 234 struct fd real; 235 const struct cred *old_cred; 236 ssize_t ret; 237 238 if (!iov_iter_count(iter)) 239 return 0; 240 241 ret = ovl_real_fdget(file, &real); 242 if (ret) 243 return ret; 244 245 old_cred = ovl_override_creds(file_inode(file)->i_sb); 246 ret = vfs_iter_read(real.file, iter, &iocb->ki_pos, 247 ovl_iocb_to_rwf(iocb)); 248 revert_creds(old_cred); 249 250 ovl_file_accessed(file); 251 252 fdput(real); 253 254 return ret; 255 } 256 257 static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) 258 { 259 struct file *file = iocb->ki_filp; 260 struct inode *inode = file_inode(file); 261 struct fd real; 262 const struct cred *old_cred; 263 ssize_t ret; 264 265 if (!iov_iter_count(iter)) 266 return 0; 267 268 inode_lock(inode); 269 /* Update mode */ 270 ovl_copyattr(ovl_inode_real(inode), inode); 271 ret = file_remove_privs(file); 272 if (ret) 273 goto out_unlock; 274 275 ret = ovl_real_fdget(file, &real); 276 if (ret) 277 goto out_unlock; 278 279 old_cred = ovl_override_creds(file_inode(file)->i_sb); 280 file_start_write(real.file); 281 ret = vfs_iter_write(real.file, iter, &iocb->ki_pos, 282 ovl_iocb_to_rwf(iocb)); 283 file_end_write(real.file); 284 revert_creds(old_cred); 285 286 /* Update size */ 287 ovl_copyattr(ovl_inode_real(inode), inode); 288 289 fdput(real); 290 291 out_unlock: 292 inode_unlock(inode); 293 294 return ret; 295 } 296 297 static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync) 298 { 299 struct fd real; 300 const struct cred *old_cred; 301 int ret; 302 303 ret = ovl_real_fdget_meta(file, &real, !datasync); 304 if (ret) 305 return ret; 306 307 /* Don't sync lower file for fear of receiving EROFS error */ 308 if (file_inode(real.file) == ovl_inode_upper(file_inode(file))) { 309 old_cred = ovl_override_creds(file_inode(file)->i_sb); 310 ret = vfs_fsync_range(real.file, start, end, datasync); 311 revert_creds(old_cred); 312 } 313 314 fdput(real); 315 316 return ret; 317 } 318 319 static int ovl_mmap(struct file *file, struct vm_area_struct *vma) 320 { 321 struct file *realfile = file->private_data; 322 const struct cred *old_cred; 323 int ret; 324 325 if (!realfile->f_op->mmap) 326 return -ENODEV; 327 328 if (WARN_ON(file != vma->vm_file)) 329 return -EIO; 330 331 vma->vm_file = get_file(realfile); 332 333 old_cred = ovl_override_creds(file_inode(file)->i_sb); 334 ret = call_mmap(vma->vm_file, vma); 335 revert_creds(old_cred); 336 337 if (ret) { 338 /* Drop reference count from new vm_file value */ 339 fput(realfile); 340 } else { 341 /* Drop reference count from previous vm_file value */ 342 fput(file); 343 } 344 345 ovl_file_accessed(file); 346 347 return ret; 348 } 349 350 static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len) 351 { 352 struct inode *inode = file_inode(file); 353 struct fd real; 354 const struct cred *old_cred; 355 int ret; 356 357 ret = ovl_real_fdget(file, &real); 358 if (ret) 359 return ret; 360 361 old_cred = ovl_override_creds(file_inode(file)->i_sb); 362 ret = vfs_fallocate(real.file, mode, offset, len); 363 revert_creds(old_cred); 364 365 /* Update size */ 366 ovl_copyattr(ovl_inode_real(inode), inode); 367 368 fdput(real); 369 370 return ret; 371 } 372 373 static int ovl_fadvise(struct file *file, loff_t offset, loff_t len, int advice) 374 { 375 struct fd real; 376 const struct cred *old_cred; 377 int ret; 378 379 ret = ovl_real_fdget(file, &real); 380 if (ret) 381 return ret; 382 383 old_cred = ovl_override_creds(file_inode(file)->i_sb); 384 ret = vfs_fadvise(real.file, offset, len, advice); 385 revert_creds(old_cred); 386 387 fdput(real); 388 389 return ret; 390 } 391 392 static long ovl_real_ioctl(struct file *file, unsigned int cmd, 393 unsigned long arg) 394 { 395 struct fd real; 396 const struct cred *old_cred; 397 long ret; 398 399 ret = ovl_real_fdget(file, &real); 400 if (ret) 401 return ret; 402 403 old_cred = ovl_override_creds(file_inode(file)->i_sb); 404 ret = vfs_ioctl(real.file, cmd, arg); 405 revert_creds(old_cred); 406 407 fdput(real); 408 409 return ret; 410 } 411 412 static unsigned int ovl_get_inode_flags(struct inode *inode) 413 { 414 unsigned int flags = READ_ONCE(inode->i_flags); 415 unsigned int ovl_iflags = 0; 416 417 if (flags & S_SYNC) 418 ovl_iflags |= FS_SYNC_FL; 419 if (flags & S_APPEND) 420 ovl_iflags |= FS_APPEND_FL; 421 if (flags & S_IMMUTABLE) 422 ovl_iflags |= FS_IMMUTABLE_FL; 423 if (flags & S_NOATIME) 424 ovl_iflags |= FS_NOATIME_FL; 425 426 return ovl_iflags; 427 } 428 429 static long ovl_ioctl_set_flags(struct file *file, unsigned int cmd, 430 unsigned long arg) 431 { 432 long ret; 433 struct inode *inode = file_inode(file); 434 unsigned int flags; 435 unsigned int old_flags; 436 437 if (!inode_owner_or_capable(inode)) 438 return -EACCES; 439 440 if (get_user(flags, (int __user *) arg)) 441 return -EFAULT; 442 443 ret = mnt_want_write_file(file); 444 if (ret) 445 return ret; 446 447 inode_lock(inode); 448 449 /* Check the capability before cred override */ 450 ret = -EPERM; 451 old_flags = ovl_get_inode_flags(inode); 452 if (((flags ^ old_flags) & (FS_APPEND_FL | FS_IMMUTABLE_FL)) && 453 !capable(CAP_LINUX_IMMUTABLE)) 454 goto unlock; 455 456 ret = ovl_maybe_copy_up(file_dentry(file), O_WRONLY); 457 if (ret) 458 goto unlock; 459 460 ret = ovl_real_ioctl(file, cmd, arg); 461 462 ovl_copyflags(ovl_inode_real(inode), inode); 463 unlock: 464 inode_unlock(inode); 465 466 mnt_drop_write_file(file); 467 468 return ret; 469 470 } 471 472 static long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 473 { 474 long ret; 475 476 switch (cmd) { 477 case FS_IOC_GETFLAGS: 478 case FS_IOC_FSGETXATTR: 479 ret = ovl_real_ioctl(file, cmd, arg); 480 break; 481 482 case FS_IOC_SETFLAGS: 483 case FS_IOC_FSSETXATTR: 484 ret = ovl_ioctl_set_flags(file, cmd, arg); 485 break; 486 487 default: 488 ret = -ENOTTY; 489 } 490 491 return ret; 492 } 493 494 static long ovl_compat_ioctl(struct file *file, unsigned int cmd, 495 unsigned long arg) 496 { 497 switch (cmd) { 498 case FS_IOC32_GETFLAGS: 499 cmd = FS_IOC_GETFLAGS; 500 break; 501 502 case FS_IOC32_SETFLAGS: 503 cmd = FS_IOC_SETFLAGS; 504 break; 505 506 default: 507 return -ENOIOCTLCMD; 508 } 509 510 return ovl_ioctl(file, cmd, arg); 511 } 512 513 enum ovl_copyop { 514 OVL_COPY, 515 OVL_CLONE, 516 OVL_DEDUPE, 517 }; 518 519 static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in, 520 struct file *file_out, loff_t pos_out, 521 loff_t len, unsigned int flags, enum ovl_copyop op) 522 { 523 struct inode *inode_out = file_inode(file_out); 524 struct fd real_in, real_out; 525 const struct cred *old_cred; 526 loff_t ret; 527 528 ret = ovl_real_fdget(file_out, &real_out); 529 if (ret) 530 return ret; 531 532 ret = ovl_real_fdget(file_in, &real_in); 533 if (ret) { 534 fdput(real_out); 535 return ret; 536 } 537 538 old_cred = ovl_override_creds(file_inode(file_out)->i_sb); 539 switch (op) { 540 case OVL_COPY: 541 ret = vfs_copy_file_range(real_in.file, pos_in, 542 real_out.file, pos_out, len, flags); 543 break; 544 545 case OVL_CLONE: 546 ret = vfs_clone_file_range(real_in.file, pos_in, 547 real_out.file, pos_out, len, flags); 548 break; 549 550 case OVL_DEDUPE: 551 ret = vfs_dedupe_file_range_one(real_in.file, pos_in, 552 real_out.file, pos_out, len, 553 flags); 554 break; 555 } 556 revert_creds(old_cred); 557 558 /* Update size */ 559 ovl_copyattr(ovl_inode_real(inode_out), inode_out); 560 561 fdput(real_in); 562 fdput(real_out); 563 564 return ret; 565 } 566 567 static ssize_t ovl_copy_file_range(struct file *file_in, loff_t pos_in, 568 struct file *file_out, loff_t pos_out, 569 size_t len, unsigned int flags) 570 { 571 return ovl_copyfile(file_in, pos_in, file_out, pos_out, len, flags, 572 OVL_COPY); 573 } 574 575 static loff_t ovl_remap_file_range(struct file *file_in, loff_t pos_in, 576 struct file *file_out, loff_t pos_out, 577 loff_t len, unsigned int remap_flags) 578 { 579 enum ovl_copyop op; 580 581 if (remap_flags & ~(REMAP_FILE_DEDUP | REMAP_FILE_ADVISORY)) 582 return -EINVAL; 583 584 if (remap_flags & REMAP_FILE_DEDUP) 585 op = OVL_DEDUPE; 586 else 587 op = OVL_CLONE; 588 589 /* 590 * Don't copy up because of a dedupe request, this wouldn't make sense 591 * most of the time (data would be duplicated instead of deduplicated). 592 */ 593 if (op == OVL_DEDUPE && 594 (!ovl_inode_upper(file_inode(file_in)) || 595 !ovl_inode_upper(file_inode(file_out)))) 596 return -EPERM; 597 598 return ovl_copyfile(file_in, pos_in, file_out, pos_out, len, 599 remap_flags, op); 600 } 601 602 const struct file_operations ovl_file_operations = { 603 .open = ovl_open, 604 .release = ovl_release, 605 .llseek = ovl_llseek, 606 .read_iter = ovl_read_iter, 607 .write_iter = ovl_write_iter, 608 .fsync = ovl_fsync, 609 .mmap = ovl_mmap, 610 .fallocate = ovl_fallocate, 611 .fadvise = ovl_fadvise, 612 .unlocked_ioctl = ovl_ioctl, 613 .compat_ioctl = ovl_compat_ioctl, 614 615 .copy_file_range = ovl_copy_file_range, 616 .remap_file_range = ovl_remap_file_range, 617 }; 618