Loading...
1/*
2 *
3 * Copyright (C) 2011 Novell Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
8 */
9
10#include <linux/fs.h>
11#include <linux/slab.h>
12#include <linux/xattr.h>
13#include "overlayfs.h"
14
15static int ovl_copy_up_truncate(struct dentry *dentry)
16{
17 int err;
18 struct dentry *parent;
19 struct kstat stat;
20 struct path lowerpath;
21
22 parent = dget_parent(dentry);
23 err = ovl_copy_up(parent);
24 if (err)
25 goto out_dput_parent;
26
27 ovl_path_lower(dentry, &lowerpath);
28 err = vfs_getattr(&lowerpath, &stat);
29 if (err)
30 goto out_dput_parent;
31
32 stat.size = 0;
33 err = ovl_copy_up_one(parent, dentry, &lowerpath, &stat);
34
35out_dput_parent:
36 dput(parent);
37 return err;
38}
39
40int ovl_setattr(struct dentry *dentry, struct iattr *attr)
41{
42 int err;
43 struct dentry *upperdentry;
44
45 /*
46 * Check for permissions before trying to copy-up. This is redundant
47 * since it will be rechecked later by ->setattr() on upper dentry. But
48 * without this, copy-up can be triggered by just about anybody.
49 *
50 * We don't initialize inode->size, which just means that
51 * inode_newsize_ok() will always check against MAX_LFS_FILESIZE and not
52 * check for a swapfile (which this won't be anyway).
53 */
54 err = inode_change_ok(dentry->d_inode, attr);
55 if (err)
56 return err;
57
58 err = ovl_want_write(dentry);
59 if (err)
60 goto out;
61
62 err = ovl_copy_up(dentry);
63 if (!err) {
64 upperdentry = ovl_dentry_upper(dentry);
65
66 inode_lock(upperdentry->d_inode);
67 err = notify_change(upperdentry, attr, NULL);
68 if (!err)
69 ovl_copyattr(upperdentry->d_inode, dentry->d_inode);
70 inode_unlock(upperdentry->d_inode);
71 }
72 ovl_drop_write(dentry);
73out:
74 return err;
75}
76
77static int ovl_getattr(struct vfsmount *mnt, struct dentry *dentry,
78 struct kstat *stat)
79{
80 struct path realpath;
81
82 ovl_path_real(dentry, &realpath);
83 return vfs_getattr(&realpath, stat);
84}
85
86int ovl_permission(struct inode *inode, int mask)
87{
88 struct ovl_entry *oe;
89 struct dentry *alias = NULL;
90 struct inode *realinode;
91 struct dentry *realdentry;
92 bool is_upper;
93 int err;
94
95 if (S_ISDIR(inode->i_mode)) {
96 oe = inode->i_private;
97 } else if (mask & MAY_NOT_BLOCK) {
98 return -ECHILD;
99 } else {
100 /*
101 * For non-directories find an alias and get the info
102 * from there.
103 */
104 alias = d_find_any_alias(inode);
105 if (WARN_ON(!alias))
106 return -ENOENT;
107
108 oe = alias->d_fsdata;
109 }
110
111 realdentry = ovl_entry_real(oe, &is_upper);
112
113 if (ovl_is_default_permissions(inode)) {
114 struct kstat stat;
115 struct path realpath = { .dentry = realdentry };
116
117 if (mask & MAY_NOT_BLOCK)
118 return -ECHILD;
119
120 realpath.mnt = ovl_entry_mnt_real(oe, inode, is_upper);
121
122 err = vfs_getattr(&realpath, &stat);
123 if (err)
124 return err;
125
126 if ((stat.mode ^ inode->i_mode) & S_IFMT)
127 return -ESTALE;
128
129 inode->i_mode = stat.mode;
130 inode->i_uid = stat.uid;
131 inode->i_gid = stat.gid;
132
133 return generic_permission(inode, mask);
134 }
135
136 /* Careful in RCU walk mode */
137 realinode = ACCESS_ONCE(realdentry->d_inode);
138 if (!realinode) {
139 WARN_ON(!(mask & MAY_NOT_BLOCK));
140 err = -ENOENT;
141 goto out_dput;
142 }
143
144 if (mask & MAY_WRITE) {
145 umode_t mode = realinode->i_mode;
146
147 /*
148 * Writes will always be redirected to upper layer, so
149 * ignore lower layer being read-only.
150 *
151 * If the overlay itself is read-only then proceed
152 * with the permission check, don't return EROFS.
153 * This will only happen if this is the lower layer of
154 * another overlayfs.
155 *
156 * If upper fs becomes read-only after the overlay was
157 * constructed return EROFS to prevent modification of
158 * upper layer.
159 */
160 err = -EROFS;
161 if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) &&
162 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
163 goto out_dput;
164 }
165
166 err = __inode_permission(realinode, mask);
167out_dput:
168 dput(alias);
169 return err;
170}
171
172static const char *ovl_get_link(struct dentry *dentry,
173 struct inode *inode,
174 struct delayed_call *done)
175{
176 struct dentry *realdentry;
177 struct inode *realinode;
178
179 if (!dentry)
180 return ERR_PTR(-ECHILD);
181
182 realdentry = ovl_dentry_real(dentry);
183 realinode = realdentry->d_inode;
184
185 if (WARN_ON(!realinode->i_op->get_link))
186 return ERR_PTR(-EPERM);
187
188 return realinode->i_op->get_link(realdentry, realinode, done);
189}
190
191static int ovl_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
192{
193 struct path realpath;
194 struct inode *realinode;
195
196 ovl_path_real(dentry, &realpath);
197 realinode = realpath.dentry->d_inode;
198
199 if (!realinode->i_op->readlink)
200 return -EINVAL;
201
202 touch_atime(&realpath);
203
204 return realinode->i_op->readlink(realpath.dentry, buf, bufsiz);
205}
206
207
208static bool ovl_is_private_xattr(const char *name)
209{
210 return strncmp(name, OVL_XATTR_PRE_NAME, OVL_XATTR_PRE_LEN) == 0;
211}
212
213int ovl_setxattr(struct dentry *dentry, const char *name,
214 const void *value, size_t size, int flags)
215{
216 int err;
217 struct dentry *upperdentry;
218
219 err = ovl_want_write(dentry);
220 if (err)
221 goto out;
222
223 err = -EPERM;
224 if (ovl_is_private_xattr(name))
225 goto out_drop_write;
226
227 err = ovl_copy_up(dentry);
228 if (err)
229 goto out_drop_write;
230
231 upperdentry = ovl_dentry_upper(dentry);
232 err = vfs_setxattr(upperdentry, name, value, size, flags);
233
234out_drop_write:
235 ovl_drop_write(dentry);
236out:
237 return err;
238}
239
240static bool ovl_need_xattr_filter(struct dentry *dentry,
241 enum ovl_path_type type)
242{
243 if ((type & (__OVL_PATH_PURE | __OVL_PATH_UPPER)) == __OVL_PATH_UPPER)
244 return S_ISDIR(dentry->d_inode->i_mode);
245 else
246 return false;
247}
248
249ssize_t ovl_getxattr(struct dentry *dentry, const char *name,
250 void *value, size_t size)
251{
252 struct path realpath;
253 enum ovl_path_type type = ovl_path_real(dentry, &realpath);
254
255 if (ovl_need_xattr_filter(dentry, type) && ovl_is_private_xattr(name))
256 return -ENODATA;
257
258 return vfs_getxattr(realpath.dentry, name, value, size);
259}
260
261ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
262{
263 struct path realpath;
264 enum ovl_path_type type = ovl_path_real(dentry, &realpath);
265 ssize_t res;
266 int off;
267
268 res = vfs_listxattr(realpath.dentry, list, size);
269 if (res <= 0 || size == 0)
270 return res;
271
272 if (!ovl_need_xattr_filter(dentry, type))
273 return res;
274
275 /* filter out private xattrs */
276 for (off = 0; off < res;) {
277 char *s = list + off;
278 size_t slen = strlen(s) + 1;
279
280 BUG_ON(off + slen > res);
281
282 if (ovl_is_private_xattr(s)) {
283 res -= slen;
284 memmove(s, s + slen, res - off);
285 } else {
286 off += slen;
287 }
288 }
289
290 return res;
291}
292
293int ovl_removexattr(struct dentry *dentry, const char *name)
294{
295 int err;
296 struct path realpath;
297 enum ovl_path_type type = ovl_path_real(dentry, &realpath);
298
299 err = ovl_want_write(dentry);
300 if (err)
301 goto out;
302
303 err = -ENODATA;
304 if (ovl_need_xattr_filter(dentry, type) && ovl_is_private_xattr(name))
305 goto out_drop_write;
306
307 if (!OVL_TYPE_UPPER(type)) {
308 err = vfs_getxattr(realpath.dentry, name, NULL, 0);
309 if (err < 0)
310 goto out_drop_write;
311
312 err = ovl_copy_up(dentry);
313 if (err)
314 goto out_drop_write;
315
316 ovl_path_upper(dentry, &realpath);
317 }
318
319 err = vfs_removexattr(realpath.dentry, name);
320out_drop_write:
321 ovl_drop_write(dentry);
322out:
323 return err;
324}
325
326static bool ovl_open_need_copy_up(int flags, enum ovl_path_type type,
327 struct dentry *realdentry)
328{
329 if (OVL_TYPE_UPPER(type))
330 return false;
331
332 if (special_file(realdentry->d_inode->i_mode))
333 return false;
334
335 if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC))
336 return false;
337
338 return true;
339}
340
341struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
342{
343 int err;
344 struct path realpath;
345 enum ovl_path_type type;
346
347 if (d_is_dir(dentry))
348 return d_backing_inode(dentry);
349
350 type = ovl_path_real(dentry, &realpath);
351 if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) {
352 err = ovl_want_write(dentry);
353 if (err)
354 return ERR_PTR(err);
355
356 if (file_flags & O_TRUNC)
357 err = ovl_copy_up_truncate(dentry);
358 else
359 err = ovl_copy_up(dentry);
360 ovl_drop_write(dentry);
361 if (err)
362 return ERR_PTR(err);
363
364 ovl_path_upper(dentry, &realpath);
365 }
366
367 if (realpath.dentry->d_flags & DCACHE_OP_SELECT_INODE)
368 return realpath.dentry->d_op->d_select_inode(realpath.dentry, file_flags);
369
370 return d_backing_inode(realpath.dentry);
371}
372
373static const struct inode_operations ovl_file_inode_operations = {
374 .setattr = ovl_setattr,
375 .permission = ovl_permission,
376 .getattr = ovl_getattr,
377 .setxattr = ovl_setxattr,
378 .getxattr = ovl_getxattr,
379 .listxattr = ovl_listxattr,
380 .removexattr = ovl_removexattr,
381};
382
383static const struct inode_operations ovl_symlink_inode_operations = {
384 .setattr = ovl_setattr,
385 .get_link = ovl_get_link,
386 .readlink = ovl_readlink,
387 .getattr = ovl_getattr,
388 .setxattr = ovl_setxattr,
389 .getxattr = ovl_getxattr,
390 .listxattr = ovl_listxattr,
391 .removexattr = ovl_removexattr,
392};
393
394struct inode *ovl_new_inode(struct super_block *sb, umode_t mode,
395 struct ovl_entry *oe)
396{
397 struct inode *inode;
398
399 inode = new_inode(sb);
400 if (!inode)
401 return NULL;
402
403 mode &= S_IFMT;
404
405 inode->i_ino = get_next_ino();
406 inode->i_mode = mode;
407 inode->i_flags |= S_NOATIME | S_NOCMTIME;
408
409 switch (mode) {
410 case S_IFDIR:
411 inode->i_private = oe;
412 inode->i_op = &ovl_dir_inode_operations;
413 inode->i_fop = &ovl_dir_operations;
414 break;
415
416 case S_IFLNK:
417 inode->i_op = &ovl_symlink_inode_operations;
418 break;
419
420 case S_IFREG:
421 case S_IFSOCK:
422 case S_IFBLK:
423 case S_IFCHR:
424 case S_IFIFO:
425 inode->i_op = &ovl_file_inode_operations;
426 break;
427
428 default:
429 WARN(1, "illegal file type: %i\n", mode);
430 iput(inode);
431 inode = NULL;
432 }
433
434 return inode;
435}
1/*
2 *
3 * Copyright (C) 2011 Novell Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
8 */
9
10#include <linux/fs.h>
11#include <linux/slab.h>
12#include <linux/cred.h>
13#include <linux/xattr.h>
14#include <linux/posix_acl.h>
15#include <linux/ratelimit.h>
16#include "overlayfs.h"
17
18
19int ovl_setattr(struct dentry *dentry, struct iattr *attr)
20{
21 int err;
22 struct dentry *upperdentry;
23 const struct cred *old_cred;
24
25 /*
26 * Check for permissions before trying to copy-up. This is redundant
27 * since it will be rechecked later by ->setattr() on upper dentry. But
28 * without this, copy-up can be triggered by just about anybody.
29 *
30 * We don't initialize inode->size, which just means that
31 * inode_newsize_ok() will always check against MAX_LFS_FILESIZE and not
32 * check for a swapfile (which this won't be anyway).
33 */
34 err = setattr_prepare(dentry, attr);
35 if (err)
36 return err;
37
38 err = ovl_want_write(dentry);
39 if (err)
40 goto out;
41
42 err = ovl_copy_up(dentry);
43 if (!err) {
44 upperdentry = ovl_dentry_upper(dentry);
45
46 if (attr->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID))
47 attr->ia_valid &= ~ATTR_MODE;
48
49 inode_lock(upperdentry->d_inode);
50 old_cred = ovl_override_creds(dentry->d_sb);
51 err = notify_change(upperdentry, attr, NULL);
52 revert_creds(old_cred);
53 if (!err)
54 ovl_copyattr(upperdentry->d_inode, dentry->d_inode);
55 inode_unlock(upperdentry->d_inode);
56 }
57 ovl_drop_write(dentry);
58out:
59 return err;
60}
61
62static int ovl_map_dev_ino(struct dentry *dentry, struct kstat *stat,
63 struct ovl_layer *lower_layer)
64{
65 bool samefs = ovl_same_sb(dentry->d_sb);
66 unsigned int xinobits = ovl_xino_bits(dentry->d_sb);
67
68 if (samefs) {
69 /*
70 * When all layers are on the same fs, all real inode
71 * number are unique, so we use the overlay st_dev,
72 * which is friendly to du -x.
73 */
74 stat->dev = dentry->d_sb->s_dev;
75 return 0;
76 } else if (xinobits) {
77 unsigned int shift = 64 - xinobits;
78 /*
79 * All inode numbers of underlying fs should not be using the
80 * high xinobits, so we use high xinobits to partition the
81 * overlay st_ino address space. The high bits holds the fsid
82 * (upper fsid is 0). This way overlay inode numbers are unique
83 * and all inodes use overlay st_dev. Inode numbers are also
84 * persistent for a given layer configuration.
85 */
86 if (stat->ino >> shift) {
87 pr_warn_ratelimited("overlayfs: inode number too big (%pd2, ino=%llu, xinobits=%d)\n",
88 dentry, stat->ino, xinobits);
89 } else {
90 if (lower_layer)
91 stat->ino |= ((u64)lower_layer->fsid) << shift;
92
93 stat->dev = dentry->d_sb->s_dev;
94 return 0;
95 }
96 }
97
98 /* The inode could not be mapped to a unified st_ino address space */
99 if (S_ISDIR(dentry->d_inode->i_mode)) {
100 /*
101 * Always use the overlay st_dev for directories, so 'find
102 * -xdev' will scan the entire overlay mount and won't cross the
103 * overlay mount boundaries.
104 *
105 * If not all layers are on the same fs the pair {real st_ino;
106 * overlay st_dev} is not unique, so use the non persistent
107 * overlay st_ino for directories.
108 */
109 stat->dev = dentry->d_sb->s_dev;
110 stat->ino = dentry->d_inode->i_ino;
111 } else if (lower_layer && lower_layer->fsid) {
112 /*
113 * For non-samefs setup, if we cannot map all layers st_ino
114 * to a unified address space, we need to make sure that st_dev
115 * is unique per lower fs. Upper layer uses real st_dev and
116 * lower layers use the unique anonymous bdev assigned to the
117 * lower fs.
118 */
119 stat->dev = lower_layer->fs->pseudo_dev;
120 }
121
122 return 0;
123}
124
125int ovl_getattr(const struct path *path, struct kstat *stat,
126 u32 request_mask, unsigned int flags)
127{
128 struct dentry *dentry = path->dentry;
129 enum ovl_path_type type;
130 struct path realpath;
131 const struct cred *old_cred;
132 bool is_dir = S_ISDIR(dentry->d_inode->i_mode);
133 bool samefs = ovl_same_sb(dentry->d_sb);
134 struct ovl_layer *lower_layer = NULL;
135 int err;
136
137 type = ovl_path_real(dentry, &realpath);
138 old_cred = ovl_override_creds(dentry->d_sb);
139 err = vfs_getattr(&realpath, stat, request_mask, flags);
140 if (err)
141 goto out;
142
143 /*
144 * For non-dir or same fs, we use st_ino of the copy up origin.
145 * This guaranties constant st_dev/st_ino across copy up.
146 * With xino feature and non-samefs, we use st_ino of the copy up
147 * origin masked with high bits that represent the layer id.
148 *
149 * If lower filesystem supports NFS file handles, this also guaranties
150 * persistent st_ino across mount cycle.
151 */
152 if (!is_dir || samefs || ovl_xino_bits(dentry->d_sb)) {
153 if (!OVL_TYPE_UPPER(type)) {
154 lower_layer = ovl_layer_lower(dentry);
155 } else if (OVL_TYPE_ORIGIN(type)) {
156 struct kstat lowerstat;
157 u32 lowermask = STATX_INO | (!is_dir ? STATX_NLINK : 0);
158
159 ovl_path_lower(dentry, &realpath);
160 err = vfs_getattr(&realpath, &lowerstat,
161 lowermask, flags);
162 if (err)
163 goto out;
164
165 /*
166 * Lower hardlinks may be broken on copy up to different
167 * upper files, so we cannot use the lower origin st_ino
168 * for those different files, even for the same fs case.
169 *
170 * Similarly, several redirected dirs can point to the
171 * same dir on a lower layer. With the "verify_lower"
172 * feature, we do not use the lower origin st_ino, if
173 * we haven't verified that this redirect is unique.
174 *
175 * With inodes index enabled, it is safe to use st_ino
176 * of an indexed origin. The index validates that the
177 * upper hardlink is not broken and that a redirected
178 * dir is the only redirect to that origin.
179 */
180 if (ovl_test_flag(OVL_INDEX, d_inode(dentry)) ||
181 (!ovl_verify_lower(dentry->d_sb) &&
182 (is_dir || lowerstat.nlink == 1))) {
183 stat->ino = lowerstat.ino;
184 lower_layer = ovl_layer_lower(dentry);
185 }
186 }
187 }
188
189 err = ovl_map_dev_ino(dentry, stat, lower_layer);
190 if (err)
191 goto out;
192
193 /*
194 * It's probably not worth it to count subdirs to get the
195 * correct link count. nlink=1 seems to pacify 'find' and
196 * other utilities.
197 */
198 if (is_dir && OVL_TYPE_MERGE(type))
199 stat->nlink = 1;
200
201 /*
202 * Return the overlay inode nlinks for indexed upper inodes.
203 * Overlay inode nlink counts the union of the upper hardlinks
204 * and non-covered lower hardlinks. It does not include the upper
205 * index hardlink.
206 */
207 if (!is_dir && ovl_test_flag(OVL_INDEX, d_inode(dentry)))
208 stat->nlink = dentry->d_inode->i_nlink;
209
210out:
211 revert_creds(old_cred);
212
213 return err;
214}
215
216int ovl_permission(struct inode *inode, int mask)
217{
218 struct inode *upperinode = ovl_inode_upper(inode);
219 struct inode *realinode = upperinode ?: ovl_inode_lower(inode);
220 const struct cred *old_cred;
221 int err;
222
223 /* Careful in RCU walk mode */
224 if (!realinode) {
225 WARN_ON(!(mask & MAY_NOT_BLOCK));
226 return -ECHILD;
227 }
228
229 /*
230 * Check overlay inode with the creds of task and underlying inode
231 * with creds of mounter
232 */
233 err = generic_permission(inode, mask);
234 if (err)
235 return err;
236
237 old_cred = ovl_override_creds(inode->i_sb);
238 if (!upperinode &&
239 !special_file(realinode->i_mode) && mask & MAY_WRITE) {
240 mask &= ~(MAY_WRITE | MAY_APPEND);
241 /* Make sure mounter can read file for copy up later */
242 mask |= MAY_READ;
243 }
244 err = inode_permission(realinode, mask);
245 revert_creds(old_cred);
246
247 return err;
248}
249
250static const char *ovl_get_link(struct dentry *dentry,
251 struct inode *inode,
252 struct delayed_call *done)
253{
254 const struct cred *old_cred;
255 const char *p;
256
257 if (!dentry)
258 return ERR_PTR(-ECHILD);
259
260 old_cred = ovl_override_creds(dentry->d_sb);
261 p = vfs_get_link(ovl_dentry_real(dentry), done);
262 revert_creds(old_cred);
263 return p;
264}
265
266bool ovl_is_private_xattr(const char *name)
267{
268 return strncmp(name, OVL_XATTR_PREFIX,
269 sizeof(OVL_XATTR_PREFIX) - 1) == 0;
270}
271
272int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name,
273 const void *value, size_t size, int flags)
274{
275 int err;
276 struct dentry *upperdentry = ovl_i_dentry_upper(inode);
277 struct dentry *realdentry = upperdentry ?: ovl_dentry_lower(dentry);
278 const struct cred *old_cred;
279
280 err = ovl_want_write(dentry);
281 if (err)
282 goto out;
283
284 if (!value && !upperdentry) {
285 err = vfs_getxattr(realdentry, name, NULL, 0);
286 if (err < 0)
287 goto out_drop_write;
288 }
289
290 if (!upperdentry) {
291 err = ovl_copy_up(dentry);
292 if (err)
293 goto out_drop_write;
294
295 realdentry = ovl_dentry_upper(dentry);
296 }
297
298 old_cred = ovl_override_creds(dentry->d_sb);
299 if (value)
300 err = vfs_setxattr(realdentry, name, value, size, flags);
301 else {
302 WARN_ON(flags != XATTR_REPLACE);
303 err = vfs_removexattr(realdentry, name);
304 }
305 revert_creds(old_cred);
306
307out_drop_write:
308 ovl_drop_write(dentry);
309out:
310 return err;
311}
312
313int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char *name,
314 void *value, size_t size)
315{
316 ssize_t res;
317 const struct cred *old_cred;
318 struct dentry *realdentry =
319 ovl_i_dentry_upper(inode) ?: ovl_dentry_lower(dentry);
320
321 old_cred = ovl_override_creds(dentry->d_sb);
322 res = vfs_getxattr(realdentry, name, value, size);
323 revert_creds(old_cred);
324 return res;
325}
326
327static bool ovl_can_list(const char *s)
328{
329 /* List all non-trusted xatts */
330 if (strncmp(s, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN) != 0)
331 return true;
332
333 /* Never list trusted.overlay, list other trusted for superuser only */
334 return !ovl_is_private_xattr(s) && capable(CAP_SYS_ADMIN);
335}
336
337ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
338{
339 struct dentry *realdentry = ovl_dentry_real(dentry);
340 ssize_t res;
341 size_t len;
342 char *s;
343 const struct cred *old_cred;
344
345 old_cred = ovl_override_creds(dentry->d_sb);
346 res = vfs_listxattr(realdentry, list, size);
347 revert_creds(old_cred);
348 if (res <= 0 || size == 0)
349 return res;
350
351 /* filter out private xattrs */
352 for (s = list, len = res; len;) {
353 size_t slen = strnlen(s, len) + 1;
354
355 /* underlying fs providing us with an broken xattr list? */
356 if (WARN_ON(slen > len))
357 return -EIO;
358
359 len -= slen;
360 if (!ovl_can_list(s)) {
361 res -= slen;
362 memmove(s, s + slen, len);
363 } else {
364 s += slen;
365 }
366 }
367
368 return res;
369}
370
371struct posix_acl *ovl_get_acl(struct inode *inode, int type)
372{
373 struct inode *realinode = ovl_inode_real(inode);
374 const struct cred *old_cred;
375 struct posix_acl *acl;
376
377 if (!IS_ENABLED(CONFIG_FS_POSIX_ACL) || !IS_POSIXACL(realinode))
378 return NULL;
379
380 old_cred = ovl_override_creds(inode->i_sb);
381 acl = get_acl(realinode, type);
382 revert_creds(old_cred);
383
384 return acl;
385}
386
387static bool ovl_open_need_copy_up(struct dentry *dentry, int flags)
388{
389 /* Copy up of disconnected dentry does not set upper alias */
390 if (ovl_dentry_upper(dentry) &&
391 (ovl_dentry_has_upper_alias(dentry) ||
392 (dentry->d_flags & DCACHE_DISCONNECTED)))
393 return false;
394
395 if (special_file(d_inode(dentry)->i_mode))
396 return false;
397
398 if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC))
399 return false;
400
401 return true;
402}
403
404int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags)
405{
406 int err = 0;
407
408 if (ovl_open_need_copy_up(dentry, file_flags)) {
409 err = ovl_want_write(dentry);
410 if (!err) {
411 err = ovl_copy_up_flags(dentry, file_flags);
412 ovl_drop_write(dentry);
413 }
414 }
415
416 return err;
417}
418
419int ovl_update_time(struct inode *inode, struct timespec *ts, int flags)
420{
421 if (flags & S_ATIME) {
422 struct ovl_fs *ofs = inode->i_sb->s_fs_info;
423 struct path upperpath = {
424 .mnt = ofs->upper_mnt,
425 .dentry = ovl_upperdentry_dereference(OVL_I(inode)),
426 };
427
428 if (upperpath.dentry) {
429 touch_atime(&upperpath);
430 inode->i_atime = d_inode(upperpath.dentry)->i_atime;
431 }
432 }
433 return 0;
434}
435
436static const struct inode_operations ovl_file_inode_operations = {
437 .setattr = ovl_setattr,
438 .permission = ovl_permission,
439 .getattr = ovl_getattr,
440 .listxattr = ovl_listxattr,
441 .get_acl = ovl_get_acl,
442 .update_time = ovl_update_time,
443};
444
445static const struct inode_operations ovl_symlink_inode_operations = {
446 .setattr = ovl_setattr,
447 .get_link = ovl_get_link,
448 .getattr = ovl_getattr,
449 .listxattr = ovl_listxattr,
450 .update_time = ovl_update_time,
451};
452
453/*
454 * It is possible to stack overlayfs instance on top of another
455 * overlayfs instance as lower layer. We need to annonate the
456 * stackable i_mutex locks according to stack level of the super
457 * block instance. An overlayfs instance can never be in stack
458 * depth 0 (there is always a real fs below it). An overlayfs
459 * inode lock will use the lockdep annotaion ovl_i_mutex_key[depth].
460 *
461 * For example, here is a snip from /proc/lockdep_chains after
462 * dir_iterate of nested overlayfs:
463 *
464 * [...] &ovl_i_mutex_dir_key[depth] (stack_depth=2)
465 * [...] &ovl_i_mutex_dir_key[depth]#2 (stack_depth=1)
466 * [...] &type->i_mutex_dir_key (stack_depth=0)
467 */
468#define OVL_MAX_NESTING FILESYSTEM_MAX_STACK_DEPTH
469
470static inline void ovl_lockdep_annotate_inode_mutex_key(struct inode *inode)
471{
472#ifdef CONFIG_LOCKDEP
473 static struct lock_class_key ovl_i_mutex_key[OVL_MAX_NESTING];
474 static struct lock_class_key ovl_i_mutex_dir_key[OVL_MAX_NESTING];
475 static struct lock_class_key ovl_i_lock_key[OVL_MAX_NESTING];
476
477 int depth = inode->i_sb->s_stack_depth - 1;
478
479 if (WARN_ON_ONCE(depth < 0 || depth >= OVL_MAX_NESTING))
480 depth = 0;
481
482 if (S_ISDIR(inode->i_mode))
483 lockdep_set_class(&inode->i_rwsem, &ovl_i_mutex_dir_key[depth]);
484 else
485 lockdep_set_class(&inode->i_rwsem, &ovl_i_mutex_key[depth]);
486
487 lockdep_set_class(&OVL_I(inode)->lock, &ovl_i_lock_key[depth]);
488#endif
489}
490
491static void ovl_fill_inode(struct inode *inode, umode_t mode, dev_t rdev,
492 unsigned long ino, int fsid)
493{
494 int xinobits = ovl_xino_bits(inode->i_sb);
495
496 /*
497 * When NFS export is enabled and d_ino is consistent with st_ino
498 * (samefs or i_ino has enough bits to encode layer), set the same
499 * value used for d_ino to i_ino, because nfsd readdirplus compares
500 * d_ino values to i_ino values of child entries. When called from
501 * ovl_new_inode(), ino arg is 0, so i_ino will be updated to real
502 * upper inode i_ino on ovl_inode_init() or ovl_inode_update().
503 */
504 if (inode->i_sb->s_export_op &&
505 (ovl_same_sb(inode->i_sb) || xinobits)) {
506 inode->i_ino = ino;
507 if (xinobits && fsid && !(ino >> (64 - xinobits)))
508 inode->i_ino |= (unsigned long)fsid << (64 - xinobits);
509 } else {
510 inode->i_ino = get_next_ino();
511 }
512 inode->i_mode = mode;
513 inode->i_flags |= S_NOCMTIME;
514#ifdef CONFIG_FS_POSIX_ACL
515 inode->i_acl = inode->i_default_acl = ACL_DONT_CACHE;
516#endif
517
518 ovl_lockdep_annotate_inode_mutex_key(inode);
519
520 switch (mode & S_IFMT) {
521 case S_IFREG:
522 inode->i_op = &ovl_file_inode_operations;
523 break;
524
525 case S_IFDIR:
526 inode->i_op = &ovl_dir_inode_operations;
527 inode->i_fop = &ovl_dir_operations;
528 break;
529
530 case S_IFLNK:
531 inode->i_op = &ovl_symlink_inode_operations;
532 break;
533
534 default:
535 inode->i_op = &ovl_file_inode_operations;
536 init_special_inode(inode, mode, rdev);
537 break;
538 }
539}
540
541/*
542 * With inodes index enabled, an overlay inode nlink counts the union of upper
543 * hardlinks and non-covered lower hardlinks. During the lifetime of a non-pure
544 * upper inode, the following nlink modifying operations can happen:
545 *
546 * 1. Lower hardlink copy up
547 * 2. Upper hardlink created, unlinked or renamed over
548 * 3. Lower hardlink whiteout or renamed over
549 *
550 * For the first, copy up case, the union nlink does not change, whether the
551 * operation succeeds or fails, but the upper inode nlink may change.
552 * Therefore, before copy up, we store the union nlink value relative to the
553 * lower inode nlink in the index inode xattr trusted.overlay.nlink.
554 *
555 * For the second, upper hardlink case, the union nlink should be incremented
556 * or decremented IFF the operation succeeds, aligned with nlink change of the
557 * upper inode. Therefore, before link/unlink/rename, we store the union nlink
558 * value relative to the upper inode nlink in the index inode.
559 *
560 * For the last, lower cover up case, we simplify things by preceding the
561 * whiteout or cover up with copy up. This makes sure that there is an index
562 * upper inode where the nlink xattr can be stored before the copied up upper
563 * entry is unlink.
564 */
565#define OVL_NLINK_ADD_UPPER (1 << 0)
566
567/*
568 * On-disk format for indexed nlink:
569 *
570 * nlink relative to the upper inode - "U[+-]NUM"
571 * nlink relative to the lower inode - "L[+-]NUM"
572 */
573
574static int ovl_set_nlink_common(struct dentry *dentry,
575 struct dentry *realdentry, const char *format)
576{
577 struct inode *inode = d_inode(dentry);
578 struct inode *realinode = d_inode(realdentry);
579 char buf[13];
580 int len;
581
582 len = snprintf(buf, sizeof(buf), format,
583 (int) (inode->i_nlink - realinode->i_nlink));
584
585 if (WARN_ON(len >= sizeof(buf)))
586 return -EIO;
587
588 return ovl_do_setxattr(ovl_dentry_upper(dentry),
589 OVL_XATTR_NLINK, buf, len, 0);
590}
591
592int ovl_set_nlink_upper(struct dentry *dentry)
593{
594 return ovl_set_nlink_common(dentry, ovl_dentry_upper(dentry), "U%+i");
595}
596
597int ovl_set_nlink_lower(struct dentry *dentry)
598{
599 return ovl_set_nlink_common(dentry, ovl_dentry_lower(dentry), "L%+i");
600}
601
602unsigned int ovl_get_nlink(struct dentry *lowerdentry,
603 struct dentry *upperdentry,
604 unsigned int fallback)
605{
606 int nlink_diff;
607 int nlink;
608 char buf[13];
609 int err;
610
611 if (!lowerdentry || !upperdentry || d_inode(lowerdentry)->i_nlink == 1)
612 return fallback;
613
614 err = vfs_getxattr(upperdentry, OVL_XATTR_NLINK, &buf, sizeof(buf) - 1);
615 if (err < 0)
616 goto fail;
617
618 buf[err] = '\0';
619 if ((buf[0] != 'L' && buf[0] != 'U') ||
620 (buf[1] != '+' && buf[1] != '-'))
621 goto fail;
622
623 err = kstrtoint(buf + 1, 10, &nlink_diff);
624 if (err < 0)
625 goto fail;
626
627 nlink = d_inode(buf[0] == 'L' ? lowerdentry : upperdentry)->i_nlink;
628 nlink += nlink_diff;
629
630 if (nlink <= 0)
631 goto fail;
632
633 return nlink;
634
635fail:
636 pr_warn_ratelimited("overlayfs: failed to get index nlink (%pd2, err=%i)\n",
637 upperdentry, err);
638 return fallback;
639}
640
641struct inode *ovl_new_inode(struct super_block *sb, umode_t mode, dev_t rdev)
642{
643 struct inode *inode;
644
645 inode = new_inode(sb);
646 if (inode)
647 ovl_fill_inode(inode, mode, rdev, 0, 0);
648
649 return inode;
650}
651
652static int ovl_inode_test(struct inode *inode, void *data)
653{
654 return inode->i_private == data;
655}
656
657static int ovl_inode_set(struct inode *inode, void *data)
658{
659 inode->i_private = data;
660 return 0;
661}
662
663static bool ovl_verify_inode(struct inode *inode, struct dentry *lowerdentry,
664 struct dentry *upperdentry, bool strict)
665{
666 /*
667 * For directories, @strict verify from lookup path performs consistency
668 * checks, so NULL lower/upper in dentry must match NULL lower/upper in
669 * inode. Non @strict verify from NFS handle decode path passes NULL for
670 * 'unknown' lower/upper.
671 */
672 if (S_ISDIR(inode->i_mode) && strict) {
673 /* Real lower dir moved to upper layer under us? */
674 if (!lowerdentry && ovl_inode_lower(inode))
675 return false;
676
677 /* Lookup of an uncovered redirect origin? */
678 if (!upperdentry && ovl_inode_upper(inode))
679 return false;
680 }
681
682 /*
683 * Allow non-NULL lower inode in ovl_inode even if lowerdentry is NULL.
684 * This happens when finding a copied up overlay inode for a renamed
685 * or hardlinked overlay dentry and lower dentry cannot be followed
686 * by origin because lower fs does not support file handles.
687 */
688 if (lowerdentry && ovl_inode_lower(inode) != d_inode(lowerdentry))
689 return false;
690
691 /*
692 * Allow non-NULL __upperdentry in inode even if upperdentry is NULL.
693 * This happens when finding a lower alias for a copied up hard link.
694 */
695 if (upperdentry && ovl_inode_upper(inode) != d_inode(upperdentry))
696 return false;
697
698 return true;
699}
700
701struct inode *ovl_lookup_inode(struct super_block *sb, struct dentry *real,
702 bool is_upper)
703{
704 struct inode *inode, *key = d_inode(real);
705
706 inode = ilookup5(sb, (unsigned long) key, ovl_inode_test, key);
707 if (!inode)
708 return NULL;
709
710 if (!ovl_verify_inode(inode, is_upper ? NULL : real,
711 is_upper ? real : NULL, false)) {
712 iput(inode);
713 return ERR_PTR(-ESTALE);
714 }
715
716 return inode;
717}
718
719/*
720 * Does overlay inode need to be hashed by lower inode?
721 */
722static bool ovl_hash_bylower(struct super_block *sb, struct dentry *upper,
723 struct dentry *lower, struct dentry *index)
724{
725 struct ovl_fs *ofs = sb->s_fs_info;
726
727 /* No, if pure upper */
728 if (!lower)
729 return false;
730
731 /* Yes, if already indexed */
732 if (index)
733 return true;
734
735 /* Yes, if won't be copied up */
736 if (!ofs->upper_mnt)
737 return true;
738
739 /* No, if lower hardlink is or will be broken on copy up */
740 if ((upper || !ovl_indexdir(sb)) &&
741 !d_is_dir(lower) && d_inode(lower)->i_nlink > 1)
742 return false;
743
744 /* No, if non-indexed upper with NFS export */
745 if (sb->s_export_op && upper)
746 return false;
747
748 /* Otherwise, hash by lower inode for fsnotify */
749 return true;
750}
751
752struct inode *ovl_get_inode(struct super_block *sb, struct dentry *upperdentry,
753 struct ovl_path *lowerpath, struct dentry *index,
754 unsigned int numlower)
755{
756 struct inode *realinode = upperdentry ? d_inode(upperdentry) : NULL;
757 struct inode *inode;
758 struct dentry *lowerdentry = lowerpath ? lowerpath->dentry : NULL;
759 bool bylower = ovl_hash_bylower(sb, upperdentry, lowerdentry, index);
760 int fsid = bylower ? lowerpath->layer->fsid : 0;
761 bool is_dir;
762 unsigned long ino = 0;
763
764 if (!realinode)
765 realinode = d_inode(lowerdentry);
766
767 /*
768 * Copy up origin (lower) may exist for non-indexed upper, but we must
769 * not use lower as hash key if this is a broken hardlink.
770 */
771 is_dir = S_ISDIR(realinode->i_mode);
772 if (upperdentry || bylower) {
773 struct inode *key = d_inode(bylower ? lowerdentry :
774 upperdentry);
775 unsigned int nlink = is_dir ? 1 : realinode->i_nlink;
776
777 inode = iget5_locked(sb, (unsigned long) key,
778 ovl_inode_test, ovl_inode_set, key);
779 if (!inode)
780 goto out_nomem;
781 if (!(inode->i_state & I_NEW)) {
782 /*
783 * Verify that the underlying files stored in the inode
784 * match those in the dentry.
785 */
786 if (!ovl_verify_inode(inode, lowerdentry, upperdentry,
787 true)) {
788 iput(inode);
789 inode = ERR_PTR(-ESTALE);
790 goto out;
791 }
792
793 dput(upperdentry);
794 goto out;
795 }
796
797 /* Recalculate nlink for non-dir due to indexing */
798 if (!is_dir)
799 nlink = ovl_get_nlink(lowerdentry, upperdentry, nlink);
800 set_nlink(inode, nlink);
801 ino = key->i_ino;
802 } else {
803 /* Lower hardlink that will be broken on copy up */
804 inode = new_inode(sb);
805 if (!inode)
806 goto out_nomem;
807 }
808 ovl_fill_inode(inode, realinode->i_mode, realinode->i_rdev, ino, fsid);
809 ovl_inode_init(inode, upperdentry, lowerdentry);
810
811 if (upperdentry && ovl_is_impuredir(upperdentry))
812 ovl_set_flag(OVL_IMPURE, inode);
813
814 if (index)
815 ovl_set_flag(OVL_INDEX, inode);
816
817 /* Check for non-merge dir that may have whiteouts */
818 if (is_dir) {
819 if (((upperdentry && lowerdentry) || numlower > 1) ||
820 ovl_check_origin_xattr(upperdentry ?: lowerdentry)) {
821 ovl_set_flag(OVL_WHITEOUTS, inode);
822 }
823 }
824
825 if (inode->i_state & I_NEW)
826 unlock_new_inode(inode);
827out:
828 return inode;
829
830out_nomem:
831 inode = ERR_PTR(-ENOMEM);
832 goto out;
833}