xref: /openbmc/linux/fs/overlayfs/inode.c (revision f7c35abe) 
1 /*
2  *
3  * Copyright (C) 2011 Novell Inc.
4  *
5  * This program is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 as published by
7  * the Free Software Foundation.
8  */
9 
10 #include <linux/fs.h>
11 #include <linux/slab.h>
12 #include <linux/cred.h>
13 #include <linux/xattr.h>
14 #include <linux/posix_acl.h>
15 #include "overlayfs.h"
16 
17 int ovl_setattr(struct dentry *dentry, struct iattr *attr)
18 {
19 	int err;
20 	struct dentry *upperdentry;
21 	const struct cred *old_cred;
22 
23 	/*
24 	 * Check for permissions before trying to copy-up.  This is redundant
25 	 * since it will be rechecked later by ->setattr() on upper dentry.  But
26 	 * without this, copy-up can be triggered by just about anybody.
27 	 *
28 	 * We don't initialize inode->size, which just means that
29 	 * inode_newsize_ok() will always check against MAX_LFS_FILESIZE and not
30 	 * check for a swapfile (which this won't be anyway).
31 	 */
32 	err = setattr_prepare(dentry, attr);
33 	if (err)
34 		return err;
35 
36 	err = ovl_want_write(dentry);
37 	if (err)
38 		goto out;
39 
40 	err = ovl_copy_up(dentry);
41 	if (!err) {
42 		upperdentry = ovl_dentry_upper(dentry);
43 
44 		if (attr->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID))
45 			attr->ia_valid &= ~ATTR_MODE;
46 
47 		inode_lock(upperdentry->d_inode);
48 		old_cred = ovl_override_creds(dentry->d_sb);
49 		err = notify_change(upperdentry, attr, NULL);
50 		revert_creds(old_cred);
51 		if (!err)
52 			ovl_copyattr(upperdentry->d_inode, dentry->d_inode);
53 		inode_unlock(upperdentry->d_inode);
54 	}
55 	ovl_drop_write(dentry);
56 out:
57 	return err;
58 }
59 
60 static int ovl_getattr(const struct path *path, struct kstat *stat,
61 		       u32 request_mask, unsigned int flags)
62 {
63 	struct dentry *dentry = path->dentry;
64 	struct path realpath;
65 	const struct cred *old_cred;
66 	int err;
67 
68 	ovl_path_real(dentry, &realpath);
69 	old_cred = ovl_override_creds(dentry->d_sb);
70 	err = vfs_getattr(&realpath, stat, request_mask, flags);
71 	revert_creds(old_cred);
72 	return err;
73 }
74 
75 int ovl_permission(struct inode *inode, int mask)
76 {
77 	bool is_upper;
78 	struct inode *realinode = ovl_inode_real(inode, &is_upper);
79 	const struct cred *old_cred;
80 	int err;
81 
82 	/* Careful in RCU walk mode */
83 	if (!realinode) {
84 		WARN_ON(!(mask & MAY_NOT_BLOCK));
85 		return -ECHILD;
86 	}
87 
88 	/*
89 	 * Check overlay inode with the creds of task and underlying inode
90 	 * with creds of mounter
91 	 */
92 	err = generic_permission(inode, mask);
93 	if (err)
94 		return err;
95 
96 	old_cred = ovl_override_creds(inode->i_sb);
97 	if (!is_upper && !special_file(realinode->i_mode) && mask & MAY_WRITE) {
98 		mask &= ~(MAY_WRITE | MAY_APPEND);
99 		/* Make sure mounter can read file for copy up later */
100 		mask |= MAY_READ;
101 	}
102 	err = inode_permission(realinode, mask);
103 	revert_creds(old_cred);
104 
105 	return err;
106 }
107 
108 static const char *ovl_get_link(struct dentry *dentry,
109 				struct inode *inode,
110 				struct delayed_call *done)
111 {
112 	const struct cred *old_cred;
113 	const char *p;
114 
115 	if (!dentry)
116 		return ERR_PTR(-ECHILD);
117 
118 	old_cred = ovl_override_creds(dentry->d_sb);
119 	p = vfs_get_link(ovl_dentry_real(dentry), done);
120 	revert_creds(old_cred);
121 	return p;
122 }
123 
124 bool ovl_is_private_xattr(const char *name)
125 {
126 	return strncmp(name, OVL_XATTR_PREFIX,
127 		       sizeof(OVL_XATTR_PREFIX) - 1) == 0;
128 }
129 
130 int ovl_xattr_set(struct dentry *dentry, const char *name, const void *value,
131 		  size_t size, int flags)
132 {
133 	int err;
134 	struct path realpath;
135 	enum ovl_path_type type = ovl_path_real(dentry, &realpath);
136 	const struct cred *old_cred;
137 
138 	err = ovl_want_write(dentry);
139 	if (err)
140 		goto out;
141 
142 	if (!value && !OVL_TYPE_UPPER(type)) {
143 		err = vfs_getxattr(realpath.dentry, name, NULL, 0);
144 		if (err < 0)
145 			goto out_drop_write;
146 	}
147 
148 	err = ovl_copy_up(dentry);
149 	if (err)
150 		goto out_drop_write;
151 
152 	if (!OVL_TYPE_UPPER(type))
153 		ovl_path_upper(dentry, &realpath);
154 
155 	old_cred = ovl_override_creds(dentry->d_sb);
156 	if (value)
157 		err = vfs_setxattr(realpath.dentry, name, value, size, flags);
158 	else {
159 		WARN_ON(flags != XATTR_REPLACE);
160 		err = vfs_removexattr(realpath.dentry, name);
161 	}
162 	revert_creds(old_cred);
163 
164 out_drop_write:
165 	ovl_drop_write(dentry);
166 out:
167 	return err;
168 }
169 
170 int ovl_xattr_get(struct dentry *dentry, const char *name,
171 		  void *value, size_t size)
172 {
173 	struct dentry *realdentry = ovl_dentry_real(dentry);
174 	ssize_t res;
175 	const struct cred *old_cred;
176 
177 	old_cred = ovl_override_creds(dentry->d_sb);
178 	res = vfs_getxattr(realdentry, name, value, size);
179 	revert_creds(old_cred);
180 	return res;
181 }
182 
183 ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
184 {
185 	struct dentry *realdentry = ovl_dentry_real(dentry);
186 	ssize_t res;
187 	size_t len;
188 	char *s;
189 	const struct cred *old_cred;
190 
191 	old_cred = ovl_override_creds(dentry->d_sb);
192 	res = vfs_listxattr(realdentry, list, size);
193 	revert_creds(old_cred);
194 	if (res <= 0 || size == 0)
195 		return res;
196 
197 	/* filter out private xattrs */
198 	for (s = list, len = res; len;) {
199 		size_t slen = strnlen(s, len) + 1;
200 
201 		/* underlying fs providing us with an broken xattr list? */
202 		if (WARN_ON(slen > len))
203 			return -EIO;
204 
205 		len -= slen;
206 		if (ovl_is_private_xattr(s)) {
207 			res -= slen;
208 			memmove(s, s + slen, len);
209 		} else {
210 			s += slen;
211 		}
212 	}
213 
214 	return res;
215 }
216 
217 struct posix_acl *ovl_get_acl(struct inode *inode, int type)
218 {
219 	struct inode *realinode = ovl_inode_real(inode, NULL);
220 	const struct cred *old_cred;
221 	struct posix_acl *acl;
222 
223 	if (!IS_ENABLED(CONFIG_FS_POSIX_ACL) || !IS_POSIXACL(realinode))
224 		return NULL;
225 
226 	old_cred = ovl_override_creds(inode->i_sb);
227 	acl = get_acl(realinode, type);
228 	revert_creds(old_cred);
229 
230 	return acl;
231 }
232 
233 static bool ovl_open_need_copy_up(int flags, enum ovl_path_type type,
234 				  struct dentry *realdentry)
235 {
236 	if (OVL_TYPE_UPPER(type))
237 		return false;
238 
239 	if (special_file(realdentry->d_inode->i_mode))
240 		return false;
241 
242 	if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC))
243 		return false;
244 
245 	return true;
246 }
247 
248 int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags)
249 {
250 	int err = 0;
251 	struct path realpath;
252 	enum ovl_path_type type;
253 
254 	type = ovl_path_real(dentry, &realpath);
255 	if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) {
256 		err = ovl_want_write(dentry);
257 		if (!err) {
258 			err = ovl_copy_up_flags(dentry, file_flags);
259 			ovl_drop_write(dentry);
260 		}
261 	}
262 
263 	return err;
264 }
265 
266 int ovl_update_time(struct inode *inode, struct timespec *ts, int flags)
267 {
268 	struct dentry *alias;
269 	struct path upperpath;
270 
271 	if (!(flags & S_ATIME))
272 		return 0;
273 
274 	alias = d_find_any_alias(inode);
275 	if (!alias)
276 		return 0;
277 
278 	ovl_path_upper(alias, &upperpath);
279 	if (upperpath.dentry) {
280 		touch_atime(&upperpath);
281 		inode->i_atime = d_inode(upperpath.dentry)->i_atime;
282 	}
283 
284 	dput(alias);
285 
286 	return 0;
287 }
288 
289 static const struct inode_operations ovl_file_inode_operations = {
290 	.setattr	= ovl_setattr,
291 	.permission	= ovl_permission,
292 	.getattr	= ovl_getattr,
293 	.listxattr	= ovl_listxattr,
294 	.get_acl	= ovl_get_acl,
295 	.update_time	= ovl_update_time,
296 };
297 
298 static const struct inode_operations ovl_symlink_inode_operations = {
299 	.setattr	= ovl_setattr,
300 	.get_link	= ovl_get_link,
301 	.getattr	= ovl_getattr,
302 	.listxattr	= ovl_listxattr,
303 	.update_time	= ovl_update_time,
304 };
305 
306 static void ovl_fill_inode(struct inode *inode, umode_t mode, dev_t rdev)
307 {
308 	inode->i_ino = get_next_ino();
309 	inode->i_mode = mode;
310 	inode->i_flags |= S_NOCMTIME;
311 #ifdef CONFIG_FS_POSIX_ACL
312 	inode->i_acl = inode->i_default_acl = ACL_DONT_CACHE;
313 #endif
314 
315 	switch (mode & S_IFMT) {
316 	case S_IFREG:
317 		inode->i_op = &ovl_file_inode_operations;
318 		break;
319 
320 	case S_IFDIR:
321 		inode->i_op = &ovl_dir_inode_operations;
322 		inode->i_fop = &ovl_dir_operations;
323 		break;
324 
325 	case S_IFLNK:
326 		inode->i_op = &ovl_symlink_inode_operations;
327 		break;
328 
329 	default:
330 		inode->i_op = &ovl_file_inode_operations;
331 		init_special_inode(inode, mode, rdev);
332 		break;
333 	}
334 }
335 
336 struct inode *ovl_new_inode(struct super_block *sb, umode_t mode, dev_t rdev)
337 {
338 	struct inode *inode;
339 
340 	inode = new_inode(sb);
341 	if (inode)
342 		ovl_fill_inode(inode, mode, rdev);
343 
344 	return inode;
345 }
346 
347 static int ovl_inode_test(struct inode *inode, void *data)
348 {
349 	return ovl_inode_real(inode, NULL) == data;
350 }
351 
352 static int ovl_inode_set(struct inode *inode, void *data)
353 {
354 	inode->i_private = (void *) (((unsigned long) data) | OVL_ISUPPER_MASK);
355 	return 0;
356 }
357 
358 struct inode *ovl_get_inode(struct super_block *sb, struct inode *realinode)
359 
360 {
361 	struct inode *inode;
362 
363 	inode = iget5_locked(sb, (unsigned long) realinode,
364 			     ovl_inode_test, ovl_inode_set, realinode);
365 	if (inode && inode->i_state & I_NEW) {
366 		ovl_fill_inode(inode, realinode->i_mode, realinode->i_rdev);
367 		set_nlink(inode, realinode->i_nlink);
368 		unlock_new_inode(inode);
369 	}
370 
371 	return inode;
372 }
373