1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 *
4 * Copyright (C) 2011 Novell Inc.
5 */
6
7 #include <linux/fs.h>
8 #include <linux/namei.h>
9 #include <linux/xattr.h>
10 #include <linux/security.h>
11 #include <linux/cred.h>
12 #include <linux/module.h>
13 #include <linux/posix_acl.h>
14 #include <linux/posix_acl_xattr.h>
15 #include <linux/atomic.h>
16 #include <linux/ratelimit.h>
17 #include "overlayfs.h"
18
19 static unsigned short ovl_redirect_max = 256;
20 module_param_named(redirect_max, ovl_redirect_max, ushort, 0644);
21 MODULE_PARM_DESC(redirect_max,
22 "Maximum length of absolute redirect xattr value");
23
24 static int ovl_set_redirect(struct dentry *dentry, bool samedir);
25
ovl_cleanup(struct inode * wdir,struct dentry * wdentry)26 int ovl_cleanup(struct inode *wdir, struct dentry *wdentry)
27 {
28 int err;
29
30 dget(wdentry);
31 if (d_is_dir(wdentry))
32 err = ovl_do_rmdir(wdir, wdentry);
33 else
34 err = ovl_do_unlink(wdir, wdentry);
35 dput(wdentry);
36
37 if (err) {
38 pr_err("overlayfs: cleanup of '%pd2' failed (%i)\n",
39 wdentry, err);
40 }
41
42 return err;
43 }
44
ovl_lookup_temp(struct dentry * workdir)45 static struct dentry *ovl_lookup_temp(struct dentry *workdir)
46 {
47 struct dentry *temp;
48 char name[20];
49 static atomic_t temp_id = ATOMIC_INIT(0);
50
51 /* counter is allowed to wrap, since temp dentries are ephemeral */
52 snprintf(name, sizeof(name), "#%x", atomic_inc_return(&temp_id));
53
54 temp = lookup_one_len(name, workdir, strlen(name));
55 if (!IS_ERR(temp) && temp->d_inode) {
56 pr_err("overlayfs: workdir/%s already exists\n", name);
57 dput(temp);
58 temp = ERR_PTR(-EIO);
59 }
60
61 return temp;
62 }
63
64 /* caller holds i_mutex on workdir */
ovl_whiteout(struct dentry * workdir)65 static struct dentry *ovl_whiteout(struct dentry *workdir)
66 {
67 int err;
68 struct dentry *whiteout;
69 struct inode *wdir = workdir->d_inode;
70
71 whiteout = ovl_lookup_temp(workdir);
72 if (IS_ERR(whiteout))
73 return whiteout;
74
75 err = ovl_do_whiteout(wdir, whiteout);
76 if (err) {
77 dput(whiteout);
78 whiteout = ERR_PTR(err);
79 }
80
81 return whiteout;
82 }
83
84 /* Caller must hold i_mutex on both workdir and dir */
ovl_cleanup_and_whiteout(struct dentry * workdir,struct inode * dir,struct dentry * dentry)85 int ovl_cleanup_and_whiteout(struct dentry *workdir, struct inode *dir,
86 struct dentry *dentry)
87 {
88 struct inode *wdir = workdir->d_inode;
89 struct dentry *whiteout;
90 int err;
91 int flags = 0;
92
93 whiteout = ovl_whiteout(workdir);
94 err = PTR_ERR(whiteout);
95 if (IS_ERR(whiteout))
96 return err;
97
98 if (d_is_dir(dentry))
99 flags = RENAME_EXCHANGE;
100
101 err = ovl_do_rename(wdir, whiteout, dir, dentry, flags);
102 if (err)
103 goto kill_whiteout;
104 if (flags)
105 ovl_cleanup(wdir, dentry);
106
107 out:
108 dput(whiteout);
109 return err;
110
111 kill_whiteout:
112 ovl_cleanup(wdir, whiteout);
113 goto out;
114 }
115
ovl_mkdir_real(struct inode * dir,struct dentry ** newdentry,umode_t mode)116 int ovl_mkdir_real(struct inode *dir, struct dentry **newdentry, umode_t mode)
117 {
118 int err;
119 struct dentry *d, *dentry = *newdentry;
120
121 err = ovl_do_mkdir(dir, dentry, mode);
122 if (err)
123 return err;
124
125 if (likely(!d_unhashed(dentry)))
126 return 0;
127
128 /*
129 * vfs_mkdir() may succeed and leave the dentry passed
130 * to it unhashed and negative. If that happens, try to
131 * lookup a new hashed and positive dentry.
132 */
133 d = lookup_one_len(dentry->d_name.name, dentry->d_parent,
134 dentry->d_name.len);
135 if (IS_ERR(d)) {
136 pr_warn("overlayfs: failed lookup after mkdir (%pd2, err=%i).\n",
137 dentry, err);
138 return PTR_ERR(d);
139 }
140 dput(dentry);
141 *newdentry = d;
142
143 return 0;
144 }
145
ovl_create_real(struct inode * dir,struct dentry * newdentry,struct ovl_cattr * attr)146 struct dentry *ovl_create_real(struct inode *dir, struct dentry *newdentry,
147 struct ovl_cattr *attr)
148 {
149 int err;
150
151 if (IS_ERR(newdentry))
152 return newdentry;
153
154 err = -ESTALE;
155 if (newdentry->d_inode)
156 goto out;
157
158 if (attr->hardlink) {
159 err = ovl_do_link(attr->hardlink, dir, newdentry);
160 } else {
161 switch (attr->mode & S_IFMT) {
162 case S_IFREG:
163 err = ovl_do_create(dir, newdentry, attr->mode);
164 break;
165
166 case S_IFDIR:
167 /* mkdir is special... */
168 err = ovl_mkdir_real(dir, &newdentry, attr->mode);
169 break;
170
171 case S_IFCHR:
172 case S_IFBLK:
173 case S_IFIFO:
174 case S_IFSOCK:
175 err = ovl_do_mknod(dir, newdentry, attr->mode,
176 attr->rdev);
177 break;
178
179 case S_IFLNK:
180 err = ovl_do_symlink(dir, newdentry, attr->link);
181 break;
182
183 default:
184 err = -EPERM;
185 }
186 }
187 if (!err && WARN_ON(!newdentry->d_inode)) {
188 /*
189 * Not quite sure if non-instantiated dentry is legal or not.
190 * VFS doesn't seem to care so check and warn here.
191 */
192 err = -EIO;
193 }
194 out:
195 if (err) {
196 dput(newdentry);
197 return ERR_PTR(err);
198 }
199 return newdentry;
200 }
201
ovl_create_temp(struct dentry * workdir,struct ovl_cattr * attr)202 struct dentry *ovl_create_temp(struct dentry *workdir, struct ovl_cattr *attr)
203 {
204 return ovl_create_real(d_inode(workdir), ovl_lookup_temp(workdir),
205 attr);
206 }
207
ovl_set_opaque_xerr(struct dentry * dentry,struct dentry * upper,int xerr)208 static int ovl_set_opaque_xerr(struct dentry *dentry, struct dentry *upper,
209 int xerr)
210 {
211 int err;
212
213 err = ovl_check_setxattr(dentry, upper, OVL_XATTR_OPAQUE, "y", 1, xerr);
214 if (!err)
215 ovl_dentry_set_opaque(dentry);
216
217 return err;
218 }
219
ovl_set_opaque(struct dentry * dentry,struct dentry * upperdentry)220 static int ovl_set_opaque(struct dentry *dentry, struct dentry *upperdentry)
221 {
222 /*
223 * Fail with -EIO when trying to create opaque dir and upper doesn't
224 * support xattrs. ovl_rename() calls ovl_set_opaque_xerr(-EXDEV) to
225 * return a specific error for noxattr case.
226 */
227 return ovl_set_opaque_xerr(dentry, upperdentry, -EIO);
228 }
229
230 /*
231 * Common operations required to be done after creation of file on upper.
232 * If @hardlink is false, then @inode is a pre-allocated inode, we may or
233 * may not use to instantiate the new dentry.
234 */
ovl_instantiate(struct dentry * dentry,struct inode * inode,struct dentry * newdentry,bool hardlink)235 static int ovl_instantiate(struct dentry *dentry, struct inode *inode,
236 struct dentry *newdentry, bool hardlink)
237 {
238 struct ovl_inode_params oip = {
239 .upperdentry = newdentry,
240 .newinode = inode,
241 };
242
243 ovl_dir_modified(dentry->d_parent, false);
244 ovl_dentry_set_upper_alias(dentry);
245 if (!hardlink) {
246 /*
247 * ovl_obtain_alias() can be called after ovl_create_real()
248 * and before we get here, so we may get an inode from cache
249 * with the same real upperdentry that is not the inode we
250 * pre-allocated. In this case we will use the cached inode
251 * to instantiate the new dentry.
252 *
253 * XXX: if we ever use ovl_obtain_alias() to decode directory
254 * file handles, need to use ovl_get_inode_locked() and
255 * d_instantiate_new() here to prevent from creating two
256 * hashed directory inode aliases.
257 */
258 inode = ovl_get_inode(dentry->d_sb, &oip);
259 if (IS_ERR(inode))
260 return PTR_ERR(inode);
261 } else {
262 WARN_ON(ovl_inode_real(inode) != d_inode(newdentry));
263 dput(newdentry);
264 inc_nlink(inode);
265 }
266
267 d_instantiate(dentry, inode);
268 if (inode != oip.newinode) {
269 pr_warn_ratelimited("overlayfs: newly created inode found in cache (%pd2)\n",
270 dentry);
271 }
272
273 /* Force lookup of new upper hardlink to find its lower */
274 if (hardlink)
275 d_drop(dentry);
276
277 return 0;
278 }
279
ovl_type_merge(struct dentry * dentry)280 static bool ovl_type_merge(struct dentry *dentry)
281 {
282 return OVL_TYPE_MERGE(ovl_path_type(dentry));
283 }
284
ovl_type_origin(struct dentry * dentry)285 static bool ovl_type_origin(struct dentry *dentry)
286 {
287 return OVL_TYPE_ORIGIN(ovl_path_type(dentry));
288 }
289
ovl_create_upper(struct dentry * dentry,struct inode * inode,struct ovl_cattr * attr)290 static int ovl_create_upper(struct dentry *dentry, struct inode *inode,
291 struct ovl_cattr *attr)
292 {
293 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
294 struct inode *udir = upperdir->d_inode;
295 struct dentry *newdentry;
296 int err;
297
298 if (!attr->hardlink && !IS_POSIXACL(udir))
299 attr->mode &= ~current_umask();
300
301 inode_lock_nested(udir, I_MUTEX_PARENT);
302 newdentry = ovl_create_real(udir,
303 lookup_one_len(dentry->d_name.name,
304 upperdir,
305 dentry->d_name.len),
306 attr);
307 err = PTR_ERR(newdentry);
308 if (IS_ERR(newdentry))
309 goto out_unlock;
310
311 if (ovl_type_merge(dentry->d_parent) && d_is_dir(newdentry)) {
312 /* Setting opaque here is just an optimization, allow to fail */
313 ovl_set_opaque(dentry, newdentry);
314 }
315
316 err = ovl_instantiate(dentry, inode, newdentry, !!attr->hardlink);
317 if (err)
318 goto out_cleanup;
319 out_unlock:
320 inode_unlock(udir);
321 return err;
322
323 out_cleanup:
324 ovl_cleanup(udir, newdentry);
325 dput(newdentry);
326 goto out_unlock;
327 }
328
ovl_clear_empty(struct dentry * dentry,struct list_head * list)329 static struct dentry *ovl_clear_empty(struct dentry *dentry,
330 struct list_head *list)
331 {
332 struct dentry *workdir = ovl_workdir(dentry);
333 struct inode *wdir = workdir->d_inode;
334 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
335 struct inode *udir = upperdir->d_inode;
336 struct path upperpath;
337 struct dentry *upper;
338 struct dentry *opaquedir;
339 struct kstat stat;
340 int err;
341
342 if (WARN_ON(!workdir))
343 return ERR_PTR(-EROFS);
344
345 err = ovl_lock_rename_workdir(workdir, upperdir);
346 if (err)
347 goto out;
348
349 ovl_path_upper(dentry, &upperpath);
350 err = vfs_getattr(&upperpath, &stat,
351 STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
352 if (err)
353 goto out_unlock;
354
355 err = -ESTALE;
356 if (!S_ISDIR(stat.mode))
357 goto out_unlock;
358 upper = upperpath.dentry;
359 if (upper->d_parent->d_inode != udir)
360 goto out_unlock;
361
362 opaquedir = ovl_create_temp(workdir, OVL_CATTR(stat.mode));
363 err = PTR_ERR(opaquedir);
364 if (IS_ERR(opaquedir))
365 goto out_unlock;
366
367 err = ovl_copy_xattr(upper, opaquedir);
368 if (err)
369 goto out_cleanup;
370
371 err = ovl_set_opaque(dentry, opaquedir);
372 if (err)
373 goto out_cleanup;
374
375 inode_lock(opaquedir->d_inode);
376 err = ovl_set_attr(opaquedir, &stat);
377 inode_unlock(opaquedir->d_inode);
378 if (err)
379 goto out_cleanup;
380
381 err = ovl_do_rename(wdir, opaquedir, udir, upper, RENAME_EXCHANGE);
382 if (err)
383 goto out_cleanup;
384
385 ovl_cleanup_whiteouts(upper, list);
386 ovl_cleanup(wdir, upper);
387 unlock_rename(workdir, upperdir);
388
389 /* dentry's upper doesn't match now, get rid of it */
390 d_drop(dentry);
391
392 return opaquedir;
393
394 out_cleanup:
395 ovl_cleanup(wdir, opaquedir);
396 dput(opaquedir);
397 out_unlock:
398 unlock_rename(workdir, upperdir);
399 out:
400 return ERR_PTR(err);
401 }
402
ovl_set_upper_acl(struct dentry * upperdentry,const char * name,const struct posix_acl * acl)403 static int ovl_set_upper_acl(struct dentry *upperdentry, const char *name,
404 const struct posix_acl *acl)
405 {
406 void *buffer;
407 size_t size;
408 int err;
409
410 if (!IS_ENABLED(CONFIG_FS_POSIX_ACL) || !acl)
411 return 0;
412
413 size = posix_acl_xattr_size(acl->a_count);
414 buffer = kmalloc(size, GFP_KERNEL);
415 if (!buffer)
416 return -ENOMEM;
417
418 err = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
419 if (err < 0)
420 goto out_free;
421
422 err = vfs_setxattr(upperdentry, name, buffer, size, XATTR_CREATE);
423 out_free:
424 kfree(buffer);
425 return err;
426 }
427
ovl_create_over_whiteout(struct dentry * dentry,struct inode * inode,struct ovl_cattr * cattr)428 static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode,
429 struct ovl_cattr *cattr)
430 {
431 struct dentry *workdir = ovl_workdir(dentry);
432 struct inode *wdir = workdir->d_inode;
433 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
434 struct inode *udir = upperdir->d_inode;
435 struct dentry *upper;
436 struct dentry *newdentry;
437 int err;
438 struct posix_acl *acl, *default_acl;
439 bool hardlink = !!cattr->hardlink;
440
441 if (WARN_ON(!workdir))
442 return -EROFS;
443
444 if (!hardlink) {
445 err = posix_acl_create(dentry->d_parent->d_inode,
446 &cattr->mode, &default_acl, &acl);
447 if (err)
448 return err;
449 }
450
451 err = ovl_lock_rename_workdir(workdir, upperdir);
452 if (err)
453 goto out;
454
455 upper = lookup_one_len(dentry->d_name.name, upperdir,
456 dentry->d_name.len);
457 err = PTR_ERR(upper);
458 if (IS_ERR(upper))
459 goto out_unlock;
460
461 err = -ESTALE;
462 if (d_is_negative(upper) || !IS_WHITEOUT(d_inode(upper)))
463 goto out_dput;
464
465 newdentry = ovl_create_temp(workdir, cattr);
466 err = PTR_ERR(newdentry);
467 if (IS_ERR(newdentry))
468 goto out_dput;
469
470 /*
471 * mode could have been mutilated due to umask (e.g. sgid directory)
472 */
473 if (!hardlink &&
474 !S_ISLNK(cattr->mode) &&
475 newdentry->d_inode->i_mode != cattr->mode) {
476 struct iattr attr = {
477 .ia_valid = ATTR_MODE,
478 .ia_mode = cattr->mode,
479 };
480 inode_lock(newdentry->d_inode);
481 err = notify_change(newdentry, &attr, NULL);
482 inode_unlock(newdentry->d_inode);
483 if (err)
484 goto out_cleanup;
485 }
486 if (!hardlink) {
487 err = ovl_set_upper_acl(newdentry, XATTR_NAME_POSIX_ACL_ACCESS,
488 acl);
489 if (err)
490 goto out_cleanup;
491
492 err = ovl_set_upper_acl(newdentry, XATTR_NAME_POSIX_ACL_DEFAULT,
493 default_acl);
494 if (err)
495 goto out_cleanup;
496 }
497
498 if (!hardlink && S_ISDIR(cattr->mode)) {
499 err = ovl_set_opaque(dentry, newdentry);
500 if (err)
501 goto out_cleanup;
502
503 err = ovl_do_rename(wdir, newdentry, udir, upper,
504 RENAME_EXCHANGE);
505 if (err)
506 goto out_cleanup;
507
508 ovl_cleanup(wdir, upper);
509 } else {
510 err = ovl_do_rename(wdir, newdentry, udir, upper, 0);
511 if (err)
512 goto out_cleanup;
513 }
514 err = ovl_instantiate(dentry, inode, newdentry, hardlink);
515 if (err) {
516 ovl_cleanup(udir, newdentry);
517 dput(newdentry);
518 }
519 out_dput:
520 dput(upper);
521 out_unlock:
522 unlock_rename(workdir, upperdir);
523 out:
524 if (!hardlink) {
525 posix_acl_release(acl);
526 posix_acl_release(default_acl);
527 }
528 return err;
529
530 out_cleanup:
531 ovl_cleanup(wdir, newdentry);
532 dput(newdentry);
533 goto out_dput;
534 }
535
ovl_create_or_link(struct dentry * dentry,struct inode * inode,struct ovl_cattr * attr,bool origin)536 static int ovl_create_or_link(struct dentry *dentry, struct inode *inode,
537 struct ovl_cattr *attr, bool origin)
538 {
539 int err;
540 const struct cred *old_cred, *hold_cred = NULL;
541 struct cred *override_cred;
542 struct dentry *parent = dentry->d_parent;
543
544 err = ovl_copy_up(parent);
545 if (err)
546 return err;
547
548 old_cred = ovl_override_creds(dentry->d_sb);
549
550 /*
551 * When linking a file with copy up origin into a new parent, mark the
552 * new parent dir "impure".
553 */
554 if (origin) {
555 err = ovl_set_impure(parent, ovl_dentry_upper(parent));
556 if (err)
557 goto out_revert_creds;
558 }
559
560 if (!attr->hardlink) {
561 err = -ENOMEM;
562 override_cred = prepare_creds();
563 if (!override_cred)
564 goto out_revert_creds;
565 /*
566 * In the creation cases(create, mkdir, mknod, symlink),
567 * ovl should transfer current's fs{u,g}id to underlying
568 * fs. Because underlying fs want to initialize its new
569 * inode owner using current's fs{u,g}id. And in this
570 * case, the @inode is a new inode that is initialized
571 * in inode_init_owner() to current's fs{u,g}id. So use
572 * the inode's i_{u,g}id to override the cred's fs{u,g}id.
573 *
574 * But in the other hardlink case, ovl_link() does not
575 * create a new inode, so just use the ovl mounter's
576 * fs{u,g}id.
577 */
578 override_cred->fsuid = inode->i_uid;
579 override_cred->fsgid = inode->i_gid;
580 err = security_dentry_create_files_as(dentry,
581 attr->mode, &dentry->d_name,
582 old_cred ? old_cred : current_cred(),
583 override_cred);
584 if (err) {
585 put_cred(override_cred);
586 goto out_revert_creds;
587 }
588 hold_cred = override_creds(override_cred);
589 put_cred(override_cred);
590 }
591
592 if (!ovl_dentry_is_whiteout(dentry))
593 err = ovl_create_upper(dentry, inode, attr);
594 else
595 err = ovl_create_over_whiteout(dentry, inode, attr);
596
597 out_revert_creds:
598 ovl_revert_creds(dentry->d_sb, old_cred ?: hold_cred);
599 if (old_cred && hold_cred)
600 put_cred(hold_cred);
601 return err;
602 }
603
ovl_create_object(struct dentry * dentry,int mode,dev_t rdev,const char * link)604 static int ovl_create_object(struct dentry *dentry, int mode, dev_t rdev,
605 const char *link)
606 {
607 int err;
608 struct inode *inode;
609 struct ovl_cattr attr = {
610 .rdev = rdev,
611 .link = link,
612 };
613
614 err = ovl_want_write(dentry);
615 if (err)
616 goto out;
617
618 /* Preallocate inode to be used by ovl_get_inode() */
619 err = -ENOMEM;
620 inode = ovl_new_inode(dentry->d_sb, mode, rdev);
621 if (!inode)
622 goto out_drop_write;
623
624 spin_lock(&inode->i_lock);
625 inode->i_state |= I_CREATING;
626 spin_unlock(&inode->i_lock);
627
628 inode_init_owner(inode, dentry->d_parent->d_inode, mode);
629 attr.mode = inode->i_mode;
630
631 err = ovl_create_or_link(dentry, inode, &attr, false);
632 /* Did we end up using the preallocated inode? */
633 if (inode != d_inode(dentry))
634 iput(inode);
635
636 out_drop_write:
637 ovl_drop_write(dentry);
638 out:
639 return err;
640 }
641
ovl_create(struct inode * dir,struct dentry * dentry,umode_t mode,bool excl)642 static int ovl_create(struct inode *dir, struct dentry *dentry, umode_t mode,
643 bool excl)
644 {
645 return ovl_create_object(dentry, (mode & 07777) | S_IFREG, 0, NULL);
646 }
647
ovl_mkdir(struct inode * dir,struct dentry * dentry,umode_t mode)648 static int ovl_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
649 {
650 return ovl_create_object(dentry, (mode & 07777) | S_IFDIR, 0, NULL);
651 }
652
ovl_mknod(struct inode * dir,struct dentry * dentry,umode_t mode,dev_t rdev)653 static int ovl_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
654 dev_t rdev)
655 {
656 /* Don't allow creation of "whiteout" on overlay */
657 if (S_ISCHR(mode) && rdev == WHITEOUT_DEV)
658 return -EPERM;
659
660 return ovl_create_object(dentry, mode, rdev, NULL);
661 }
662
ovl_symlink(struct inode * dir,struct dentry * dentry,const char * link)663 static int ovl_symlink(struct inode *dir, struct dentry *dentry,
664 const char *link)
665 {
666 return ovl_create_object(dentry, S_IFLNK, 0, link);
667 }
668
ovl_set_link_redirect(struct dentry * dentry)669 static int ovl_set_link_redirect(struct dentry *dentry)
670 {
671 const struct cred *old_cred;
672 int err;
673
674 old_cred = ovl_override_creds(dentry->d_sb);
675 err = ovl_set_redirect(dentry, false);
676 ovl_revert_creds(dentry->d_sb, old_cred);
677
678 return err;
679 }
680
ovl_link(struct dentry * old,struct inode * newdir,struct dentry * new)681 static int ovl_link(struct dentry *old, struct inode *newdir,
682 struct dentry *new)
683 {
684 int err;
685 struct inode *inode;
686
687 err = ovl_want_write(old);
688 if (err)
689 goto out;
690
691 err = ovl_copy_up(old);
692 if (err)
693 goto out_drop_write;
694
695 err = ovl_copy_up(new->d_parent);
696 if (err)
697 goto out_drop_write;
698
699 if (ovl_is_metacopy_dentry(old)) {
700 err = ovl_set_link_redirect(old);
701 if (err)
702 goto out_drop_write;
703 }
704
705 err = ovl_nlink_start(old);
706 if (err)
707 goto out_drop_write;
708
709 inode = d_inode(old);
710 ihold(inode);
711
712 err = ovl_create_or_link(new, inode,
713 &(struct ovl_cattr) {.hardlink = ovl_dentry_upper(old)},
714 ovl_type_origin(old));
715 if (err)
716 iput(inode);
717
718 ovl_nlink_end(old);
719 out_drop_write:
720 ovl_drop_write(old);
721 out:
722 return err;
723 }
724
ovl_matches_upper(struct dentry * dentry,struct dentry * upper)725 static bool ovl_matches_upper(struct dentry *dentry, struct dentry *upper)
726 {
727 return d_inode(ovl_dentry_upper(dentry)) == d_inode(upper);
728 }
729
ovl_remove_and_whiteout(struct dentry * dentry,struct list_head * list)730 static int ovl_remove_and_whiteout(struct dentry *dentry,
731 struct list_head *list)
732 {
733 struct dentry *workdir = ovl_workdir(dentry);
734 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
735 struct dentry *upper;
736 struct dentry *opaquedir = NULL;
737 int err;
738
739 if (WARN_ON(!workdir))
740 return -EROFS;
741
742 if (!list_empty(list)) {
743 opaquedir = ovl_clear_empty(dentry, list);
744 err = PTR_ERR(opaquedir);
745 if (IS_ERR(opaquedir))
746 goto out;
747 }
748
749 err = ovl_lock_rename_workdir(workdir, upperdir);
750 if (err)
751 goto out_dput;
752
753 upper = lookup_one_len(dentry->d_name.name, upperdir,
754 dentry->d_name.len);
755 err = PTR_ERR(upper);
756 if (IS_ERR(upper))
757 goto out_unlock;
758
759 err = -ESTALE;
760 if ((opaquedir && upper != opaquedir) ||
761 (!opaquedir && ovl_dentry_upper(dentry) &&
762 !ovl_matches_upper(dentry, upper))) {
763 goto out_dput_upper;
764 }
765
766 err = ovl_cleanup_and_whiteout(workdir, d_inode(upperdir), upper);
767 if (err)
768 goto out_d_drop;
769
770 ovl_dir_modified(dentry->d_parent, true);
771 out_d_drop:
772 d_drop(dentry);
773 out_dput_upper:
774 dput(upper);
775 out_unlock:
776 unlock_rename(workdir, upperdir);
777 out_dput:
778 dput(opaquedir);
779 out:
780 return err;
781 }
782
ovl_remove_upper(struct dentry * dentry,bool is_dir,struct list_head * list)783 static int ovl_remove_upper(struct dentry *dentry, bool is_dir,
784 struct list_head *list)
785 {
786 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
787 struct inode *dir = upperdir->d_inode;
788 struct dentry *upper;
789 struct dentry *opaquedir = NULL;
790 int err;
791
792 if (!list_empty(list)) {
793 opaquedir = ovl_clear_empty(dentry, list);
794 err = PTR_ERR(opaquedir);
795 if (IS_ERR(opaquedir))
796 goto out;
797 }
798
799 inode_lock_nested(dir, I_MUTEX_PARENT);
800 upper = lookup_one_len(dentry->d_name.name, upperdir,
801 dentry->d_name.len);
802 err = PTR_ERR(upper);
803 if (IS_ERR(upper))
804 goto out_unlock;
805
806 err = -ESTALE;
807 if ((opaquedir && upper != opaquedir) ||
808 (!opaquedir && !ovl_matches_upper(dentry, upper)))
809 goto out_dput_upper;
810
811 if (is_dir)
812 err = vfs_rmdir(dir, upper);
813 else
814 err = vfs_unlink(dir, upper, NULL);
815 ovl_dir_modified(dentry->d_parent, ovl_type_origin(dentry));
816
817 /*
818 * Keeping this dentry hashed would mean having to release
819 * upperpath/lowerpath, which could only be done if we are the
820 * sole user of this dentry. Too tricky... Just unhash for
821 * now.
822 */
823 if (!err)
824 d_drop(dentry);
825 out_dput_upper:
826 dput(upper);
827 out_unlock:
828 inode_unlock(dir);
829 dput(opaquedir);
830 out:
831 return err;
832 }
833
ovl_pure_upper(struct dentry * dentry)834 static bool ovl_pure_upper(struct dentry *dentry)
835 {
836 return !ovl_dentry_lower(dentry) &&
837 !ovl_test_flag(OVL_WHITEOUTS, d_inode(dentry));
838 }
839
ovl_do_remove(struct dentry * dentry,bool is_dir)840 static int ovl_do_remove(struct dentry *dentry, bool is_dir)
841 {
842 int err;
843 const struct cred *old_cred;
844 struct dentry *upperdentry;
845 bool lower_positive = ovl_lower_positive(dentry);
846 LIST_HEAD(list);
847
848 /* No need to clean pure upper removed by vfs_rmdir() */
849 if (is_dir && (lower_positive || !ovl_pure_upper(dentry))) {
850 err = ovl_check_empty_dir(dentry, &list);
851 if (err)
852 goto out;
853 }
854
855 err = ovl_want_write(dentry);
856 if (err)
857 goto out;
858
859 err = ovl_copy_up(dentry->d_parent);
860 if (err)
861 goto out_drop_write;
862
863 err = ovl_nlink_start(dentry);
864 if (err)
865 goto out_drop_write;
866
867 old_cred = ovl_override_creds(dentry->d_sb);
868 if (!lower_positive)
869 err = ovl_remove_upper(dentry, is_dir, &list);
870 else
871 err = ovl_remove_and_whiteout(dentry, &list);
872 ovl_revert_creds(dentry->d_sb, old_cred);
873 if (!err) {
874 if (is_dir)
875 clear_nlink(dentry->d_inode);
876 else
877 drop_nlink(dentry->d_inode);
878 }
879 ovl_nlink_end(dentry);
880
881 /*
882 * Copy ctime
883 *
884 * Note: we fail to update ctime if there was no copy-up, only a
885 * whiteout
886 */
887 upperdentry = ovl_dentry_upper(dentry);
888 if (upperdentry)
889 ovl_copyattr(d_inode(upperdentry), d_inode(dentry));
890
891 out_drop_write:
892 ovl_drop_write(dentry);
893 out:
894 ovl_cache_free(&list);
895 return err;
896 }
897
ovl_unlink(struct inode * dir,struct dentry * dentry)898 static int ovl_unlink(struct inode *dir, struct dentry *dentry)
899 {
900 return ovl_do_remove(dentry, false);
901 }
902
ovl_rmdir(struct inode * dir,struct dentry * dentry)903 static int ovl_rmdir(struct inode *dir, struct dentry *dentry)
904 {
905 return ovl_do_remove(dentry, true);
906 }
907
ovl_type_merge_or_lower(struct dentry * dentry)908 static bool ovl_type_merge_or_lower(struct dentry *dentry)
909 {
910 enum ovl_path_type type = ovl_path_type(dentry);
911
912 return OVL_TYPE_MERGE(type) || !OVL_TYPE_UPPER(type);
913 }
914
ovl_can_move(struct dentry * dentry)915 static bool ovl_can_move(struct dentry *dentry)
916 {
917 return ovl_redirect_dir(dentry->d_sb) ||
918 !d_is_dir(dentry) || !ovl_type_merge_or_lower(dentry);
919 }
920
ovl_get_redirect(struct dentry * dentry,bool abs_redirect)921 static char *ovl_get_redirect(struct dentry *dentry, bool abs_redirect)
922 {
923 char *buf, *ret;
924 struct dentry *d, *tmp;
925 int buflen = ovl_redirect_max + 1;
926
927 if (!abs_redirect) {
928 ret = kstrndup(dentry->d_name.name, dentry->d_name.len,
929 GFP_KERNEL);
930 goto out;
931 }
932
933 buf = ret = kmalloc(buflen, GFP_KERNEL);
934 if (!buf)
935 goto out;
936
937 buflen--;
938 buf[buflen] = '\0';
939 for (d = dget(dentry); !IS_ROOT(d);) {
940 const char *name;
941 int thislen;
942
943 spin_lock(&d->d_lock);
944 name = ovl_dentry_get_redirect(d);
945 if (name) {
946 thislen = strlen(name);
947 } else {
948 name = d->d_name.name;
949 thislen = d->d_name.len;
950 }
951
952 /* If path is too long, fall back to userspace move */
953 if (thislen + (name[0] != '/') > buflen) {
954 ret = ERR_PTR(-EXDEV);
955 spin_unlock(&d->d_lock);
956 goto out_put;
957 }
958
959 buflen -= thislen;
960 memcpy(&buf[buflen], name, thislen);
961 spin_unlock(&d->d_lock);
962 tmp = dget_parent(d);
963
964 dput(d);
965 d = tmp;
966
967 /* Absolute redirect: finished */
968 if (buf[buflen] == '/')
969 break;
970 buflen--;
971 buf[buflen] = '/';
972 }
973 ret = kstrdup(&buf[buflen], GFP_KERNEL);
974 out_put:
975 dput(d);
976 kfree(buf);
977 out:
978 return ret ? ret : ERR_PTR(-ENOMEM);
979 }
980
ovl_need_absolute_redirect(struct dentry * dentry,bool samedir)981 static bool ovl_need_absolute_redirect(struct dentry *dentry, bool samedir)
982 {
983 struct dentry *lowerdentry;
984
985 if (!samedir)
986 return true;
987
988 if (d_is_dir(dentry))
989 return false;
990
991 /*
992 * For non-dir hardlinked files, we need absolute redirects
993 * in general as two upper hardlinks could be in different
994 * dirs. We could put a relative redirect now and convert
995 * it to absolute redirect later. But when nlink > 1 and
996 * indexing is on, that means relative redirect needs to be
997 * converted to absolute during copy up of another lower
998 * hardllink as well.
999 *
1000 * So without optimizing too much, just check if lower is
1001 * a hard link or not. If lower is hard link, put absolute
1002 * redirect.
1003 */
1004 lowerdentry = ovl_dentry_lower(dentry);
1005 return (d_inode(lowerdentry)->i_nlink > 1);
1006 }
1007
ovl_set_redirect(struct dentry * dentry,bool samedir)1008 static int ovl_set_redirect(struct dentry *dentry, bool samedir)
1009 {
1010 int err;
1011 const char *redirect = ovl_dentry_get_redirect(dentry);
1012 bool absolute_redirect = ovl_need_absolute_redirect(dentry, samedir);
1013
1014 if (redirect && (!absolute_redirect || redirect[0] == '/'))
1015 return 0;
1016
1017 redirect = ovl_get_redirect(dentry, absolute_redirect);
1018 if (IS_ERR(redirect))
1019 return PTR_ERR(redirect);
1020
1021 err = ovl_check_setxattr(dentry, ovl_dentry_upper(dentry),
1022 OVL_XATTR_REDIRECT,
1023 redirect, strlen(redirect), -EXDEV);
1024 if (!err) {
1025 spin_lock(&dentry->d_lock);
1026 ovl_dentry_set_redirect(dentry, redirect);
1027 spin_unlock(&dentry->d_lock);
1028 } else {
1029 kfree(redirect);
1030 pr_warn_ratelimited("overlayfs: failed to set redirect (%i)\n",
1031 err);
1032 /* Fall back to userspace copy-up */
1033 err = -EXDEV;
1034 }
1035 return err;
1036 }
1037
ovl_rename(struct inode * olddir,struct dentry * old,struct inode * newdir,struct dentry * new,unsigned int flags)1038 static int ovl_rename(struct inode *olddir, struct dentry *old,
1039 struct inode *newdir, struct dentry *new,
1040 unsigned int flags)
1041 {
1042 int err;
1043 struct dentry *old_upperdir;
1044 struct dentry *new_upperdir;
1045 struct dentry *olddentry;
1046 struct dentry *newdentry;
1047 struct dentry *trap;
1048 bool old_opaque;
1049 bool new_opaque;
1050 bool cleanup_whiteout = false;
1051 bool update_nlink = false;
1052 bool overwrite = !(flags & RENAME_EXCHANGE);
1053 bool is_dir = d_is_dir(old);
1054 bool new_is_dir = d_is_dir(new);
1055 bool samedir = olddir == newdir;
1056 struct dentry *opaquedir = NULL;
1057 const struct cred *old_cred = NULL;
1058 LIST_HEAD(list);
1059
1060 err = -EINVAL;
1061 if (flags & ~(RENAME_EXCHANGE | RENAME_NOREPLACE))
1062 goto out;
1063
1064 flags &= ~RENAME_NOREPLACE;
1065
1066 /* Don't copy up directory trees */
1067 err = -EXDEV;
1068 if (!ovl_can_move(old))
1069 goto out;
1070 if (!overwrite && !ovl_can_move(new))
1071 goto out;
1072
1073 if (overwrite && new_is_dir && !ovl_pure_upper(new)) {
1074 err = ovl_check_empty_dir(new, &list);
1075 if (err)
1076 goto out;
1077 }
1078
1079 if (overwrite) {
1080 if (ovl_lower_positive(old)) {
1081 if (!ovl_dentry_is_whiteout(new)) {
1082 /* Whiteout source */
1083 flags |= RENAME_WHITEOUT;
1084 } else {
1085 /* Switch whiteouts */
1086 flags |= RENAME_EXCHANGE;
1087 }
1088 } else if (is_dir && ovl_dentry_is_whiteout(new)) {
1089 flags |= RENAME_EXCHANGE;
1090 cleanup_whiteout = true;
1091 }
1092 }
1093
1094 err = ovl_want_write(old);
1095 if (err)
1096 goto out;
1097
1098 err = ovl_copy_up(old);
1099 if (err)
1100 goto out_drop_write;
1101
1102 err = ovl_copy_up(new->d_parent);
1103 if (err)
1104 goto out_drop_write;
1105 if (!overwrite) {
1106 err = ovl_copy_up(new);
1107 if (err)
1108 goto out_drop_write;
1109 } else if (d_inode(new)) {
1110 err = ovl_nlink_start(new);
1111 if (err)
1112 goto out_drop_write;
1113
1114 update_nlink = true;
1115 }
1116
1117 old_cred = ovl_override_creds(old->d_sb);
1118
1119 if (!list_empty(&list)) {
1120 opaquedir = ovl_clear_empty(new, &list);
1121 err = PTR_ERR(opaquedir);
1122 if (IS_ERR(opaquedir)) {
1123 opaquedir = NULL;
1124 goto out_revert_creds;
1125 }
1126 }
1127
1128 old_upperdir = ovl_dentry_upper(old->d_parent);
1129 new_upperdir = ovl_dentry_upper(new->d_parent);
1130
1131 if (!samedir) {
1132 /*
1133 * When moving a merge dir or non-dir with copy up origin into
1134 * a new parent, we are marking the new parent dir "impure".
1135 * When ovl_iterate() iterates an "impure" upper dir, it will
1136 * lookup the origin inodes of the entries to fill d_ino.
1137 */
1138 if (ovl_type_origin(old)) {
1139 err = ovl_set_impure(new->d_parent, new_upperdir);
1140 if (err)
1141 goto out_revert_creds;
1142 }
1143 if (!overwrite && ovl_type_origin(new)) {
1144 err = ovl_set_impure(old->d_parent, old_upperdir);
1145 if (err)
1146 goto out_revert_creds;
1147 }
1148 }
1149
1150 trap = lock_rename(new_upperdir, old_upperdir);
1151
1152 olddentry = lookup_one_len(old->d_name.name, old_upperdir,
1153 old->d_name.len);
1154 err = PTR_ERR(olddentry);
1155 if (IS_ERR(olddentry))
1156 goto out_unlock;
1157
1158 err = -ESTALE;
1159 if (!ovl_matches_upper(old, olddentry))
1160 goto out_dput_old;
1161
1162 newdentry = lookup_one_len(new->d_name.name, new_upperdir,
1163 new->d_name.len);
1164 err = PTR_ERR(newdentry);
1165 if (IS_ERR(newdentry))
1166 goto out_dput_old;
1167
1168 old_opaque = ovl_dentry_is_opaque(old);
1169 new_opaque = ovl_dentry_is_opaque(new);
1170
1171 err = -ESTALE;
1172 if (d_inode(new) && ovl_dentry_upper(new)) {
1173 if (opaquedir) {
1174 if (newdentry != opaquedir)
1175 goto out_dput;
1176 } else {
1177 if (!ovl_matches_upper(new, newdentry))
1178 goto out_dput;
1179 }
1180 } else {
1181 if (!d_is_negative(newdentry)) {
1182 if (!new_opaque || !ovl_is_whiteout(newdentry))
1183 goto out_dput;
1184 } else {
1185 if (flags & RENAME_EXCHANGE)
1186 goto out_dput;
1187 }
1188 }
1189
1190 if (olddentry == trap)
1191 goto out_dput;
1192 if (newdentry == trap)
1193 goto out_dput;
1194
1195 if (olddentry->d_inode == newdentry->d_inode)
1196 goto out_dput;
1197
1198 err = 0;
1199 if (ovl_type_merge_or_lower(old))
1200 err = ovl_set_redirect(old, samedir);
1201 else if (is_dir && !old_opaque && ovl_type_merge(new->d_parent))
1202 err = ovl_set_opaque_xerr(old, olddentry, -EXDEV);
1203 if (err)
1204 goto out_dput;
1205
1206 if (!overwrite && ovl_type_merge_or_lower(new))
1207 err = ovl_set_redirect(new, samedir);
1208 else if (!overwrite && new_is_dir && !new_opaque &&
1209 ovl_type_merge(old->d_parent))
1210 err = ovl_set_opaque_xerr(new, newdentry, -EXDEV);
1211 if (err)
1212 goto out_dput;
1213
1214 err = ovl_do_rename(old_upperdir->d_inode, olddentry,
1215 new_upperdir->d_inode, newdentry, flags);
1216 if (err)
1217 goto out_dput;
1218
1219 if (cleanup_whiteout)
1220 ovl_cleanup(old_upperdir->d_inode, newdentry);
1221
1222 if (overwrite && d_inode(new)) {
1223 if (new_is_dir)
1224 clear_nlink(d_inode(new));
1225 else
1226 drop_nlink(d_inode(new));
1227 }
1228
1229 ovl_dir_modified(old->d_parent, ovl_type_origin(old) ||
1230 (!overwrite && ovl_type_origin(new)));
1231 ovl_dir_modified(new->d_parent, ovl_type_origin(old) ||
1232 (d_inode(new) && ovl_type_origin(new)));
1233
1234 /* copy ctime: */
1235 ovl_copyattr(d_inode(olddentry), d_inode(old));
1236 if (d_inode(new) && ovl_dentry_upper(new))
1237 ovl_copyattr(d_inode(newdentry), d_inode(new));
1238
1239 out_dput:
1240 dput(newdentry);
1241 out_dput_old:
1242 dput(olddentry);
1243 out_unlock:
1244 unlock_rename(new_upperdir, old_upperdir);
1245 out_revert_creds:
1246 ovl_revert_creds(old->d_sb, old_cred);
1247 if (update_nlink)
1248 ovl_nlink_end(new);
1249 out_drop_write:
1250 ovl_drop_write(old);
1251 out:
1252 dput(opaquedir);
1253 ovl_cache_free(&list);
1254 return err;
1255 }
1256
1257 const struct inode_operations ovl_dir_inode_operations = {
1258 .lookup = ovl_lookup,
1259 .mkdir = ovl_mkdir,
1260 .symlink = ovl_symlink,
1261 .unlink = ovl_unlink,
1262 .rmdir = ovl_rmdir,
1263 .rename = ovl_rename,
1264 .link = ovl_link,
1265 .setattr = ovl_setattr,
1266 .create = ovl_create,
1267 .mknod = ovl_mknod,
1268 .permission = ovl_permission,
1269 .getattr = ovl_getattr,
1270 .listxattr = ovl_listxattr,
1271 .get_acl = ovl_get_acl,
1272 .update_time = ovl_update_time,
1273 };
1274