Loading...
Note: File does not exist in v4.6.
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright (C) 2011 Novell Inc.
4 * Copyright (C) 2016 Red Hat, Inc.
5 */
6
7#include <linux/fs.h>
8#include <linux/mount.h>
9#include <linux/slab.h>
10#include <linux/cred.h>
11#include <linux/xattr.h>
12#include <linux/exportfs.h>
13#include <linux/file.h>
14#include <linux/fileattr.h>
15#include <linux/uuid.h>
16#include <linux/namei.h>
17#include <linux/ratelimit.h>
18#include "overlayfs.h"
19
20/* Get write access to upper mnt - may fail if upper sb was remounted ro */
21int ovl_get_write_access(struct dentry *dentry)
22{
23 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
24 return mnt_get_write_access(ovl_upper_mnt(ofs));
25}
26
27/* Get write access to upper sb - may block if upper sb is frozen */
28void ovl_start_write(struct dentry *dentry)
29{
30 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
31 sb_start_write(ovl_upper_mnt(ofs)->mnt_sb);
32}
33
34int ovl_want_write(struct dentry *dentry)
35{
36 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
37 return mnt_want_write(ovl_upper_mnt(ofs));
38}
39
40void ovl_put_write_access(struct dentry *dentry)
41{
42 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
43 mnt_put_write_access(ovl_upper_mnt(ofs));
44}
45
46void ovl_end_write(struct dentry *dentry)
47{
48 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
49 sb_end_write(ovl_upper_mnt(ofs)->mnt_sb);
50}
51
52void ovl_drop_write(struct dentry *dentry)
53{
54 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
55 mnt_drop_write(ovl_upper_mnt(ofs));
56}
57
58struct dentry *ovl_workdir(struct dentry *dentry)
59{
60 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
61 return ofs->workdir;
62}
63
64const struct cred *ovl_override_creds(struct super_block *sb)
65{
66 struct ovl_fs *ofs = OVL_FS(sb);
67
68 return override_creds(ofs->creator_cred);
69}
70
71/*
72 * Check if underlying fs supports file handles and try to determine encoding
73 * type, in order to deduce maximum inode number used by fs.
74 *
75 * Return 0 if file handles are not supported.
76 * Return 1 (FILEID_INO32_GEN) if fs uses the default 32bit inode encoding.
77 * Return -1 if fs uses a non default encoding with unknown inode size.
78 */
79int ovl_can_decode_fh(struct super_block *sb)
80{
81 if (!capable(CAP_DAC_READ_SEARCH))
82 return 0;
83
84 if (!exportfs_can_decode_fh(sb->s_export_op))
85 return 0;
86
87 return sb->s_export_op->encode_fh ? -1 : FILEID_INO32_GEN;
88}
89
90struct dentry *ovl_indexdir(struct super_block *sb)
91{
92 struct ovl_fs *ofs = OVL_FS(sb);
93
94 return ofs->config.index ? ofs->workdir : NULL;
95}
96
97/* Index all files on copy up. For now only enabled for NFS export */
98bool ovl_index_all(struct super_block *sb)
99{
100 struct ovl_fs *ofs = OVL_FS(sb);
101
102 return ofs->config.nfs_export && ofs->config.index;
103}
104
105/* Verify lower origin on lookup. For now only enabled for NFS export */
106bool ovl_verify_lower(struct super_block *sb)
107{
108 struct ovl_fs *ofs = OVL_FS(sb);
109
110 return ofs->config.nfs_export && ofs->config.index;
111}
112
113struct ovl_path *ovl_stack_alloc(unsigned int n)
114{
115 return kcalloc(n, sizeof(struct ovl_path), GFP_KERNEL);
116}
117
118void ovl_stack_cpy(struct ovl_path *dst, struct ovl_path *src, unsigned int n)
119{
120 unsigned int i;
121
122 memcpy(dst, src, sizeof(struct ovl_path) * n);
123 for (i = 0; i < n; i++)
124 dget(src[i].dentry);
125}
126
127void ovl_stack_put(struct ovl_path *stack, unsigned int n)
128{
129 unsigned int i;
130
131 for (i = 0; stack && i < n; i++)
132 dput(stack[i].dentry);
133}
134
135void ovl_stack_free(struct ovl_path *stack, unsigned int n)
136{
137 ovl_stack_put(stack, n);
138 kfree(stack);
139}
140
141struct ovl_entry *ovl_alloc_entry(unsigned int numlower)
142{
143 size_t size = offsetof(struct ovl_entry, __lowerstack[numlower]);
144 struct ovl_entry *oe = kzalloc(size, GFP_KERNEL);
145
146 if (oe)
147 oe->__numlower = numlower;
148
149 return oe;
150}
151
152void ovl_free_entry(struct ovl_entry *oe)
153{
154 ovl_stack_put(ovl_lowerstack(oe), ovl_numlower(oe));
155 kfree(oe);
156}
157
158#define OVL_D_REVALIDATE (DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE)
159
160bool ovl_dentry_remote(struct dentry *dentry)
161{
162 return dentry->d_flags & OVL_D_REVALIDATE;
163}
164
165void ovl_dentry_update_reval(struct dentry *dentry, struct dentry *realdentry)
166{
167 if (!ovl_dentry_remote(realdentry))
168 return;
169
170 spin_lock(&dentry->d_lock);
171 dentry->d_flags |= realdentry->d_flags & OVL_D_REVALIDATE;
172 spin_unlock(&dentry->d_lock);
173}
174
175void ovl_dentry_init_reval(struct dentry *dentry, struct dentry *upperdentry,
176 struct ovl_entry *oe)
177{
178 return ovl_dentry_init_flags(dentry, upperdentry, oe, OVL_D_REVALIDATE);
179}
180
181void ovl_dentry_init_flags(struct dentry *dentry, struct dentry *upperdentry,
182 struct ovl_entry *oe, unsigned int mask)
183{
184 struct ovl_path *lowerstack = ovl_lowerstack(oe);
185 unsigned int i, flags = 0;
186
187 if (upperdentry)
188 flags |= upperdentry->d_flags;
189 for (i = 0; i < ovl_numlower(oe) && lowerstack[i].dentry; i++)
190 flags |= lowerstack[i].dentry->d_flags;
191
192 spin_lock(&dentry->d_lock);
193 dentry->d_flags &= ~mask;
194 dentry->d_flags |= flags & mask;
195 spin_unlock(&dentry->d_lock);
196}
197
198bool ovl_dentry_weird(struct dentry *dentry)
199{
200 return dentry->d_flags & (DCACHE_NEED_AUTOMOUNT |
201 DCACHE_MANAGE_TRANSIT |
202 DCACHE_OP_HASH |
203 DCACHE_OP_COMPARE);
204}
205
206enum ovl_path_type ovl_path_type(struct dentry *dentry)
207{
208 struct ovl_entry *oe = OVL_E(dentry);
209 enum ovl_path_type type = 0;
210
211 if (ovl_dentry_upper(dentry)) {
212 type = __OVL_PATH_UPPER;
213
214 /*
215 * Non-dir dentry can hold lower dentry of its copy up origin.
216 */
217 if (ovl_numlower(oe)) {
218 if (ovl_test_flag(OVL_CONST_INO, d_inode(dentry)))
219 type |= __OVL_PATH_ORIGIN;
220 if (d_is_dir(dentry) ||
221 !ovl_has_upperdata(d_inode(dentry)))
222 type |= __OVL_PATH_MERGE;
223 }
224 } else {
225 if (ovl_numlower(oe) > 1)
226 type |= __OVL_PATH_MERGE;
227 }
228 return type;
229}
230
231void ovl_path_upper(struct dentry *dentry, struct path *path)
232{
233 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
234
235 path->mnt = ovl_upper_mnt(ofs);
236 path->dentry = ovl_dentry_upper(dentry);
237}
238
239void ovl_path_lower(struct dentry *dentry, struct path *path)
240{
241 struct ovl_entry *oe = OVL_E(dentry);
242 struct ovl_path *lowerpath = ovl_lowerstack(oe);
243
244 if (ovl_numlower(oe)) {
245 path->mnt = lowerpath->layer->mnt;
246 path->dentry = lowerpath->dentry;
247 } else {
248 *path = (struct path) { };
249 }
250}
251
252void ovl_path_lowerdata(struct dentry *dentry, struct path *path)
253{
254 struct ovl_entry *oe = OVL_E(dentry);
255 struct ovl_path *lowerdata = ovl_lowerdata(oe);
256 struct dentry *lowerdata_dentry = ovl_lowerdata_dentry(oe);
257
258 if (lowerdata_dentry) {
259 path->dentry = lowerdata_dentry;
260 /*
261 * Pairs with smp_wmb() in ovl_dentry_set_lowerdata().
262 * Make sure that if lowerdata->dentry is visible, then
263 * datapath->layer is visible as well.
264 */
265 smp_rmb();
266 path->mnt = READ_ONCE(lowerdata->layer)->mnt;
267 } else {
268 *path = (struct path) { };
269 }
270}
271
272enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path)
273{
274 enum ovl_path_type type = ovl_path_type(dentry);
275
276 if (!OVL_TYPE_UPPER(type))
277 ovl_path_lower(dentry, path);
278 else
279 ovl_path_upper(dentry, path);
280
281 return type;
282}
283
284enum ovl_path_type ovl_path_realdata(struct dentry *dentry, struct path *path)
285{
286 enum ovl_path_type type = ovl_path_type(dentry);
287
288 WARN_ON_ONCE(d_is_dir(dentry));
289
290 if (!OVL_TYPE_UPPER(type) || OVL_TYPE_MERGE(type))
291 ovl_path_lowerdata(dentry, path);
292 else
293 ovl_path_upper(dentry, path);
294
295 return type;
296}
297
298struct dentry *ovl_dentry_upper(struct dentry *dentry)
299{
300 return ovl_upperdentry_dereference(OVL_I(d_inode(dentry)));
301}
302
303struct dentry *ovl_dentry_lower(struct dentry *dentry)
304{
305 struct ovl_entry *oe = OVL_E(dentry);
306
307 return ovl_numlower(oe) ? ovl_lowerstack(oe)->dentry : NULL;
308}
309
310const struct ovl_layer *ovl_layer_lower(struct dentry *dentry)
311{
312 struct ovl_entry *oe = OVL_E(dentry);
313
314 return ovl_numlower(oe) ? ovl_lowerstack(oe)->layer : NULL;
315}
316
317/*
318 * ovl_dentry_lower() could return either a data dentry or metacopy dentry
319 * depending on what is stored in lowerstack[0]. At times we need to find
320 * lower dentry which has data (and not metacopy dentry). This helper
321 * returns the lower data dentry.
322 */
323struct dentry *ovl_dentry_lowerdata(struct dentry *dentry)
324{
325 return ovl_lowerdata_dentry(OVL_E(dentry));
326}
327
328int ovl_dentry_set_lowerdata(struct dentry *dentry, struct ovl_path *datapath)
329{
330 struct ovl_entry *oe = OVL_E(dentry);
331 struct ovl_path *lowerdata = ovl_lowerdata(oe);
332 struct dentry *datadentry = datapath->dentry;
333
334 if (WARN_ON_ONCE(ovl_numlower(oe) <= 1))
335 return -EIO;
336
337 WRITE_ONCE(lowerdata->layer, datapath->layer);
338 /*
339 * Pairs with smp_rmb() in ovl_path_lowerdata().
340 * Make sure that if lowerdata->dentry is visible, then
341 * lowerdata->layer is visible as well.
342 */
343 smp_wmb();
344 WRITE_ONCE(lowerdata->dentry, dget(datadentry));
345
346 ovl_dentry_update_reval(dentry, datadentry);
347
348 return 0;
349}
350
351struct dentry *ovl_dentry_real(struct dentry *dentry)
352{
353 return ovl_dentry_upper(dentry) ?: ovl_dentry_lower(dentry);
354}
355
356struct dentry *ovl_i_dentry_upper(struct inode *inode)
357{
358 return ovl_upperdentry_dereference(OVL_I(inode));
359}
360
361struct inode *ovl_i_path_real(struct inode *inode, struct path *path)
362{
363 struct ovl_path *lowerpath = ovl_lowerpath(OVL_I_E(inode));
364
365 path->dentry = ovl_i_dentry_upper(inode);
366 if (!path->dentry) {
367 path->dentry = lowerpath->dentry;
368 path->mnt = lowerpath->layer->mnt;
369 } else {
370 path->mnt = ovl_upper_mnt(OVL_FS(inode->i_sb));
371 }
372
373 return path->dentry ? d_inode_rcu(path->dentry) : NULL;
374}
375
376struct inode *ovl_inode_upper(struct inode *inode)
377{
378 struct dentry *upperdentry = ovl_i_dentry_upper(inode);
379
380 return upperdentry ? d_inode(upperdentry) : NULL;
381}
382
383struct inode *ovl_inode_lower(struct inode *inode)
384{
385 struct ovl_path *lowerpath = ovl_lowerpath(OVL_I_E(inode));
386
387 return lowerpath ? d_inode(lowerpath->dentry) : NULL;
388}
389
390struct inode *ovl_inode_real(struct inode *inode)
391{
392 return ovl_inode_upper(inode) ?: ovl_inode_lower(inode);
393}
394
395/* Return inode which contains lower data. Do not return metacopy */
396struct inode *ovl_inode_lowerdata(struct inode *inode)
397{
398 struct dentry *lowerdata = ovl_lowerdata_dentry(OVL_I_E(inode));
399
400 if (WARN_ON(!S_ISREG(inode->i_mode)))
401 return NULL;
402
403 return lowerdata ? d_inode(lowerdata) : NULL;
404}
405
406/* Return real inode which contains data. Does not return metacopy inode */
407struct inode *ovl_inode_realdata(struct inode *inode)
408{
409 struct inode *upperinode;
410
411 upperinode = ovl_inode_upper(inode);
412 if (upperinode && ovl_has_upperdata(inode))
413 return upperinode;
414
415 return ovl_inode_lowerdata(inode);
416}
417
418const char *ovl_lowerdata_redirect(struct inode *inode)
419{
420 return inode && S_ISREG(inode->i_mode) ?
421 OVL_I(inode)->lowerdata_redirect : NULL;
422}
423
424struct ovl_dir_cache *ovl_dir_cache(struct inode *inode)
425{
426 return inode && S_ISDIR(inode->i_mode) ? OVL_I(inode)->cache : NULL;
427}
428
429void ovl_set_dir_cache(struct inode *inode, struct ovl_dir_cache *cache)
430{
431 OVL_I(inode)->cache = cache;
432}
433
434void ovl_dentry_set_flag(unsigned long flag, struct dentry *dentry)
435{
436 set_bit(flag, OVL_E_FLAGS(dentry));
437}
438
439void ovl_dentry_clear_flag(unsigned long flag, struct dentry *dentry)
440{
441 clear_bit(flag, OVL_E_FLAGS(dentry));
442}
443
444bool ovl_dentry_test_flag(unsigned long flag, struct dentry *dentry)
445{
446 return test_bit(flag, OVL_E_FLAGS(dentry));
447}
448
449bool ovl_dentry_is_opaque(struct dentry *dentry)
450{
451 return ovl_dentry_test_flag(OVL_E_OPAQUE, dentry);
452}
453
454bool ovl_dentry_is_whiteout(struct dentry *dentry)
455{
456 return !dentry->d_inode && ovl_dentry_is_opaque(dentry);
457}
458
459void ovl_dentry_set_opaque(struct dentry *dentry)
460{
461 ovl_dentry_set_flag(OVL_E_OPAQUE, dentry);
462}
463
464bool ovl_dentry_has_xwhiteouts(struct dentry *dentry)
465{
466 return ovl_dentry_test_flag(OVL_E_XWHITEOUTS, dentry);
467}
468
469void ovl_dentry_set_xwhiteouts(struct dentry *dentry)
470{
471 ovl_dentry_set_flag(OVL_E_XWHITEOUTS, dentry);
472}
473
474/*
475 * ovl_layer_set_xwhiteouts() is called before adding the overlay dir
476 * dentry to dcache, while readdir of that same directory happens after
477 * the overlay dir dentry is in dcache, so if some cpu observes that
478 * ovl_dentry_is_xwhiteouts(), it will also observe layer->has_xwhiteouts
479 * for the layers where xwhiteouts marker was found in that merge dir.
480 */
481void ovl_layer_set_xwhiteouts(struct ovl_fs *ofs,
482 const struct ovl_layer *layer)
483{
484 if (layer->has_xwhiteouts)
485 return;
486
487 /* Write once to read-mostly layer properties */
488 ofs->layers[layer->idx].has_xwhiteouts = true;
489}
490
491/*
492 * For hard links and decoded file handles, it's possible for ovl_dentry_upper()
493 * to return positive, while there's no actual upper alias for the inode.
494 * Copy up code needs to know about the existence of the upper alias, so it
495 * can't use ovl_dentry_upper().
496 */
497bool ovl_dentry_has_upper_alias(struct dentry *dentry)
498{
499 return ovl_dentry_test_flag(OVL_E_UPPER_ALIAS, dentry);
500}
501
502void ovl_dentry_set_upper_alias(struct dentry *dentry)
503{
504 ovl_dentry_set_flag(OVL_E_UPPER_ALIAS, dentry);
505}
506
507static bool ovl_should_check_upperdata(struct inode *inode)
508{
509 if (!S_ISREG(inode->i_mode))
510 return false;
511
512 if (!ovl_inode_lower(inode))
513 return false;
514
515 return true;
516}
517
518bool ovl_has_upperdata(struct inode *inode)
519{
520 if (!ovl_should_check_upperdata(inode))
521 return true;
522
523 if (!ovl_test_flag(OVL_UPPERDATA, inode))
524 return false;
525 /*
526 * Pairs with smp_wmb() in ovl_set_upperdata(). Main user of
527 * ovl_has_upperdata() is ovl_copy_up_meta_inode_data(). Make sure
528 * if setting of OVL_UPPERDATA is visible, then effects of writes
529 * before that are visible too.
530 */
531 smp_rmb();
532 return true;
533}
534
535void ovl_set_upperdata(struct inode *inode)
536{
537 /*
538 * Pairs with smp_rmb() in ovl_has_upperdata(). Make sure
539 * if OVL_UPPERDATA flag is visible, then effects of write operations
540 * before it are visible as well.
541 */
542 smp_wmb();
543 ovl_set_flag(OVL_UPPERDATA, inode);
544}
545
546/* Caller should hold ovl_inode->lock */
547bool ovl_dentry_needs_data_copy_up_locked(struct dentry *dentry, int flags)
548{
549 if (!ovl_open_flags_need_copy_up(flags))
550 return false;
551
552 return !ovl_test_flag(OVL_UPPERDATA, d_inode(dentry));
553}
554
555bool ovl_dentry_needs_data_copy_up(struct dentry *dentry, int flags)
556{
557 if (!ovl_open_flags_need_copy_up(flags))
558 return false;
559
560 return !ovl_has_upperdata(d_inode(dentry));
561}
562
563const char *ovl_dentry_get_redirect(struct dentry *dentry)
564{
565 return OVL_I(d_inode(dentry))->redirect;
566}
567
568void ovl_dentry_set_redirect(struct dentry *dentry, const char *redirect)
569{
570 struct ovl_inode *oi = OVL_I(d_inode(dentry));
571
572 kfree(oi->redirect);
573 oi->redirect = redirect;
574}
575
576void ovl_inode_update(struct inode *inode, struct dentry *upperdentry)
577{
578 struct inode *upperinode = d_inode(upperdentry);
579
580 WARN_ON(OVL_I(inode)->__upperdentry);
581
582 /*
583 * Make sure upperdentry is consistent before making it visible
584 */
585 smp_wmb();
586 OVL_I(inode)->__upperdentry = upperdentry;
587 if (inode_unhashed(inode)) {
588 inode->i_private = upperinode;
589 __insert_inode_hash(inode, (unsigned long) upperinode);
590 }
591}
592
593static void ovl_dir_version_inc(struct dentry *dentry, bool impurity)
594{
595 struct inode *inode = d_inode(dentry);
596
597 WARN_ON(!inode_is_locked(inode));
598 WARN_ON(!d_is_dir(dentry));
599 /*
600 * Version is used by readdir code to keep cache consistent.
601 * For merge dirs (or dirs with origin) all changes need to be noted.
602 * For non-merge dirs, cache contains only impure entries (i.e. ones
603 * which have been copied up and have origins), so only need to note
604 * changes to impure entries.
605 */
606 if (!ovl_dir_is_real(inode) || impurity)
607 OVL_I(inode)->version++;
608}
609
610void ovl_dir_modified(struct dentry *dentry, bool impurity)
611{
612 /* Copy mtime/ctime */
613 ovl_copyattr(d_inode(dentry));
614
615 ovl_dir_version_inc(dentry, impurity);
616}
617
618u64 ovl_inode_version_get(struct inode *inode)
619{
620 WARN_ON(!inode_is_locked(inode));
621 return OVL_I(inode)->version;
622}
623
624bool ovl_is_whiteout(struct dentry *dentry)
625{
626 struct inode *inode = dentry->d_inode;
627
628 return inode && IS_WHITEOUT(inode);
629}
630
631/*
632 * Use this over ovl_is_whiteout for upper and lower files, as it also
633 * handles overlay.whiteout xattr whiteout files.
634 */
635bool ovl_path_is_whiteout(struct ovl_fs *ofs, const struct path *path)
636{
637 return ovl_is_whiteout(path->dentry) ||
638 ovl_path_check_xwhiteout_xattr(ofs, path);
639}
640
641struct file *ovl_path_open(const struct path *path, int flags)
642{
643 struct inode *inode = d_inode(path->dentry);
644 struct mnt_idmap *real_idmap = mnt_idmap(path->mnt);
645 int err, acc_mode;
646
647 if (flags & ~(O_ACCMODE | O_LARGEFILE))
648 BUG();
649
650 switch (flags & O_ACCMODE) {
651 case O_RDONLY:
652 acc_mode = MAY_READ;
653 break;
654 case O_WRONLY:
655 acc_mode = MAY_WRITE;
656 break;
657 default:
658 BUG();
659 }
660
661 err = inode_permission(real_idmap, inode, acc_mode | MAY_OPEN);
662 if (err)
663 return ERR_PTR(err);
664
665 /* O_NOATIME is an optimization, don't fail if not permitted */
666 if (inode_owner_or_capable(real_idmap, inode))
667 flags |= O_NOATIME;
668
669 return dentry_open(path, flags, current_cred());
670}
671
672/* Caller should hold ovl_inode->lock */
673static bool ovl_already_copied_up_locked(struct dentry *dentry, int flags)
674{
675 bool disconnected = dentry->d_flags & DCACHE_DISCONNECTED;
676
677 if (ovl_dentry_upper(dentry) &&
678 (ovl_dentry_has_upper_alias(dentry) || disconnected) &&
679 !ovl_dentry_needs_data_copy_up_locked(dentry, flags))
680 return true;
681
682 return false;
683}
684
685bool ovl_already_copied_up(struct dentry *dentry, int flags)
686{
687 bool disconnected = dentry->d_flags & DCACHE_DISCONNECTED;
688
689 /*
690 * Check if copy-up has happened as well as for upper alias (in
691 * case of hard links) is there.
692 *
693 * Both checks are lockless:
694 * - false negatives: will recheck under oi->lock
695 * - false positives:
696 * + ovl_dentry_upper() uses memory barriers to ensure the
697 * upper dentry is up-to-date
698 * + ovl_dentry_has_upper_alias() relies on locking of
699 * upper parent i_rwsem to prevent reordering copy-up
700 * with rename.
701 */
702 if (ovl_dentry_upper(dentry) &&
703 (ovl_dentry_has_upper_alias(dentry) || disconnected) &&
704 !ovl_dentry_needs_data_copy_up(dentry, flags))
705 return true;
706
707 return false;
708}
709
710/*
711 * The copy up "transaction" keeps an elevated mnt write count on upper mnt,
712 * but leaves taking freeze protection on upper sb to lower level helpers.
713 */
714int ovl_copy_up_start(struct dentry *dentry, int flags)
715{
716 struct inode *inode = d_inode(dentry);
717 int err;
718
719 err = ovl_inode_lock_interruptible(inode);
720 if (err)
721 return err;
722
723 if (ovl_already_copied_up_locked(dentry, flags))
724 err = 1; /* Already copied up */
725 else
726 err = ovl_get_write_access(dentry);
727 if (err)
728 goto out_unlock;
729
730 return 0;
731
732out_unlock:
733 ovl_inode_unlock(inode);
734 return err;
735}
736
737void ovl_copy_up_end(struct dentry *dentry)
738{
739 ovl_put_write_access(dentry);
740 ovl_inode_unlock(d_inode(dentry));
741}
742
743bool ovl_path_check_origin_xattr(struct ovl_fs *ofs, const struct path *path)
744{
745 int res;
746
747 res = ovl_path_getxattr(ofs, path, OVL_XATTR_ORIGIN, NULL, 0);
748
749 /* Zero size value means "copied up but origin unknown" */
750 if (res >= 0)
751 return true;
752
753 return false;
754}
755
756bool ovl_path_check_xwhiteout_xattr(struct ovl_fs *ofs, const struct path *path)
757{
758 struct dentry *dentry = path->dentry;
759 int res;
760
761 /* xattr.whiteout must be a zero size regular file */
762 if (!d_is_reg(dentry) || i_size_read(d_inode(dentry)) != 0)
763 return false;
764
765 res = ovl_path_getxattr(ofs, path, OVL_XATTR_XWHITEOUT, NULL, 0);
766 return res >= 0;
767}
768
769/*
770 * Load persistent uuid from xattr into s_uuid if found, or store a new
771 * random generated value in s_uuid and in xattr.
772 */
773bool ovl_init_uuid_xattr(struct super_block *sb, struct ovl_fs *ofs,
774 const struct path *upperpath)
775{
776 bool set = false;
777 int res;
778
779 /* Try to load existing persistent uuid */
780 res = ovl_path_getxattr(ofs, upperpath, OVL_XATTR_UUID, sb->s_uuid.b,
781 UUID_SIZE);
782 if (res == UUID_SIZE)
783 return true;
784
785 if (res != -ENODATA)
786 goto fail;
787
788 /*
789 * With uuid=auto, if uuid xattr is found, it will be used.
790 * If uuid xattrs is not found, generate a persistent uuid only on mount
791 * of new overlays where upper root dir is not yet marked as impure.
792 * An upper dir is marked as impure on copy up or lookup of its subdirs.
793 */
794 if (ofs->config.uuid == OVL_UUID_AUTO) {
795 res = ovl_path_getxattr(ofs, upperpath, OVL_XATTR_IMPURE, NULL,
796 0);
797 if (res > 0) {
798 /* Any mount of old overlay - downgrade to uuid=null */
799 ofs->config.uuid = OVL_UUID_NULL;
800 return true;
801 } else if (res == -ENODATA) {
802 /* First mount of new overlay - upgrade to uuid=on */
803 ofs->config.uuid = OVL_UUID_ON;
804 } else if (res < 0) {
805 goto fail;
806 }
807
808 }
809
810 /* Generate overlay instance uuid */
811 uuid_gen(&sb->s_uuid);
812
813 /* Try to store persistent uuid */
814 set = true;
815 res = ovl_setxattr(ofs, upperpath->dentry, OVL_XATTR_UUID, sb->s_uuid.b,
816 UUID_SIZE);
817 if (res == 0)
818 return true;
819
820fail:
821 memset(sb->s_uuid.b, 0, UUID_SIZE);
822 ofs->config.uuid = OVL_UUID_NULL;
823 pr_warn("failed to %s uuid (%pd2, err=%i); falling back to uuid=null.\n",
824 set ? "set" : "get", upperpath->dentry, res);
825 return false;
826}
827
828char ovl_get_dir_xattr_val(struct ovl_fs *ofs, const struct path *path,
829 enum ovl_xattr ox)
830{
831 int res;
832 char val;
833
834 if (!d_is_dir(path->dentry))
835 return 0;
836
837 res = ovl_path_getxattr(ofs, path, ox, &val, 1);
838 return res == 1 ? val : 0;
839}
840
841#define OVL_XATTR_OPAQUE_POSTFIX "opaque"
842#define OVL_XATTR_REDIRECT_POSTFIX "redirect"
843#define OVL_XATTR_ORIGIN_POSTFIX "origin"
844#define OVL_XATTR_IMPURE_POSTFIX "impure"
845#define OVL_XATTR_NLINK_POSTFIX "nlink"
846#define OVL_XATTR_UPPER_POSTFIX "upper"
847#define OVL_XATTR_UUID_POSTFIX "uuid"
848#define OVL_XATTR_METACOPY_POSTFIX "metacopy"
849#define OVL_XATTR_PROTATTR_POSTFIX "protattr"
850#define OVL_XATTR_XWHITEOUT_POSTFIX "whiteout"
851
852#define OVL_XATTR_TAB_ENTRY(x) \
853 [x] = { [false] = OVL_XATTR_TRUSTED_PREFIX x ## _POSTFIX, \
854 [true] = OVL_XATTR_USER_PREFIX x ## _POSTFIX }
855
856const char *const ovl_xattr_table[][2] = {
857 OVL_XATTR_TAB_ENTRY(OVL_XATTR_OPAQUE),
858 OVL_XATTR_TAB_ENTRY(OVL_XATTR_REDIRECT),
859 OVL_XATTR_TAB_ENTRY(OVL_XATTR_ORIGIN),
860 OVL_XATTR_TAB_ENTRY(OVL_XATTR_IMPURE),
861 OVL_XATTR_TAB_ENTRY(OVL_XATTR_NLINK),
862 OVL_XATTR_TAB_ENTRY(OVL_XATTR_UPPER),
863 OVL_XATTR_TAB_ENTRY(OVL_XATTR_UUID),
864 OVL_XATTR_TAB_ENTRY(OVL_XATTR_METACOPY),
865 OVL_XATTR_TAB_ENTRY(OVL_XATTR_PROTATTR),
866 OVL_XATTR_TAB_ENTRY(OVL_XATTR_XWHITEOUT),
867};
868
869int ovl_check_setxattr(struct ovl_fs *ofs, struct dentry *upperdentry,
870 enum ovl_xattr ox, const void *value, size_t size,
871 int xerr)
872{
873 int err;
874
875 if (ofs->noxattr)
876 return xerr;
877
878 err = ovl_setxattr(ofs, upperdentry, ox, value, size);
879
880 if (err == -EOPNOTSUPP) {
881 pr_warn("cannot set %s xattr on upper\n", ovl_xattr(ofs, ox));
882 ofs->noxattr = true;
883 return xerr;
884 }
885
886 return err;
887}
888
889int ovl_set_impure(struct dentry *dentry, struct dentry *upperdentry)
890{
891 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
892 int err;
893
894 if (ovl_test_flag(OVL_IMPURE, d_inode(dentry)))
895 return 0;
896
897 /*
898 * Do not fail when upper doesn't support xattrs.
899 * Upper inodes won't have origin nor redirect xattr anyway.
900 */
901 err = ovl_check_setxattr(ofs, upperdentry, OVL_XATTR_IMPURE, "y", 1, 0);
902 if (!err)
903 ovl_set_flag(OVL_IMPURE, d_inode(dentry));
904
905 return err;
906}
907
908
909#define OVL_PROTATTR_MAX 32 /* Reserved for future flags */
910
911void ovl_check_protattr(struct inode *inode, struct dentry *upper)
912{
913 struct ovl_fs *ofs = OVL_FS(inode->i_sb);
914 u32 iflags = inode->i_flags & OVL_PROT_I_FLAGS_MASK;
915 char buf[OVL_PROTATTR_MAX+1];
916 int res, n;
917
918 res = ovl_getxattr_upper(ofs, upper, OVL_XATTR_PROTATTR, buf,
919 OVL_PROTATTR_MAX);
920 if (res < 0)
921 return;
922
923 /*
924 * Initialize inode flags from overlay.protattr xattr and upper inode
925 * flags. If upper inode has those fileattr flags set (i.e. from old
926 * kernel), we do not clear them on ovl_get_inode(), but we will clear
927 * them on next fileattr_set().
928 */
929 for (n = 0; n < res; n++) {
930 if (buf[n] == 'a')
931 iflags |= S_APPEND;
932 else if (buf[n] == 'i')
933 iflags |= S_IMMUTABLE;
934 else
935 break;
936 }
937
938 if (!res || n < res) {
939 pr_warn_ratelimited("incompatible overlay.protattr format (%pd2, len=%d)\n",
940 upper, res);
941 } else {
942 inode_set_flags(inode, iflags, OVL_PROT_I_FLAGS_MASK);
943 }
944}
945
946int ovl_set_protattr(struct inode *inode, struct dentry *upper,
947 struct fileattr *fa)
948{
949 struct ovl_fs *ofs = OVL_FS(inode->i_sb);
950 char buf[OVL_PROTATTR_MAX];
951 int len = 0, err = 0;
952 u32 iflags = 0;
953
954 BUILD_BUG_ON(HWEIGHT32(OVL_PROT_FS_FLAGS_MASK) > OVL_PROTATTR_MAX);
955
956 if (fa->flags & FS_APPEND_FL) {
957 buf[len++] = 'a';
958 iflags |= S_APPEND;
959 }
960 if (fa->flags & FS_IMMUTABLE_FL) {
961 buf[len++] = 'i';
962 iflags |= S_IMMUTABLE;
963 }
964
965 /*
966 * Do not allow to set protection flags when upper doesn't support
967 * xattrs, because we do not set those fileattr flags on upper inode.
968 * Remove xattr if it exist and all protection flags are cleared.
969 */
970 if (len) {
971 err = ovl_check_setxattr(ofs, upper, OVL_XATTR_PROTATTR,
972 buf, len, -EPERM);
973 } else if (inode->i_flags & OVL_PROT_I_FLAGS_MASK) {
974 err = ovl_removexattr(ofs, upper, OVL_XATTR_PROTATTR);
975 if (err == -EOPNOTSUPP || err == -ENODATA)
976 err = 0;
977 }
978 if (err)
979 return err;
980
981 inode_set_flags(inode, iflags, OVL_PROT_I_FLAGS_MASK);
982
983 /* Mask out the fileattr flags that should not be set in upper inode */
984 fa->flags &= ~OVL_PROT_FS_FLAGS_MASK;
985 fa->fsx_xflags &= ~OVL_PROT_FSX_FLAGS_MASK;
986
987 return 0;
988}
989
990/*
991 * Caller must hold a reference to inode to prevent it from being freed while
992 * it is marked inuse.
993 */
994bool ovl_inuse_trylock(struct dentry *dentry)
995{
996 struct inode *inode = d_inode(dentry);
997 bool locked = false;
998
999 spin_lock(&inode->i_lock);
1000 if (!(inode->i_state & I_OVL_INUSE)) {
1001 inode->i_state |= I_OVL_INUSE;
1002 locked = true;
1003 }
1004 spin_unlock(&inode->i_lock);
1005
1006 return locked;
1007}
1008
1009void ovl_inuse_unlock(struct dentry *dentry)
1010{
1011 if (dentry) {
1012 struct inode *inode = d_inode(dentry);
1013
1014 spin_lock(&inode->i_lock);
1015 WARN_ON(!(inode->i_state & I_OVL_INUSE));
1016 inode->i_state &= ~I_OVL_INUSE;
1017 spin_unlock(&inode->i_lock);
1018 }
1019}
1020
1021bool ovl_is_inuse(struct dentry *dentry)
1022{
1023 struct inode *inode = d_inode(dentry);
1024 bool inuse;
1025
1026 spin_lock(&inode->i_lock);
1027 inuse = (inode->i_state & I_OVL_INUSE);
1028 spin_unlock(&inode->i_lock);
1029
1030 return inuse;
1031}
1032
1033/*
1034 * Does this overlay dentry need to be indexed on copy up?
1035 */
1036bool ovl_need_index(struct dentry *dentry)
1037{
1038 struct dentry *lower = ovl_dentry_lower(dentry);
1039
1040 if (!lower || !ovl_indexdir(dentry->d_sb))
1041 return false;
1042
1043 /* Index all files for NFS export and consistency verification */
1044 if (ovl_index_all(dentry->d_sb))
1045 return true;
1046
1047 /* Index only lower hardlinks on copy up */
1048 if (!d_is_dir(lower) && d_inode(lower)->i_nlink > 1)
1049 return true;
1050
1051 return false;
1052}
1053
1054/* Caller must hold OVL_I(inode)->lock */
1055static void ovl_cleanup_index(struct dentry *dentry)
1056{
1057 struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
1058 struct dentry *indexdir = ovl_indexdir(dentry->d_sb);
1059 struct inode *dir = indexdir->d_inode;
1060 struct dentry *lowerdentry = ovl_dentry_lower(dentry);
1061 struct dentry *upperdentry = ovl_dentry_upper(dentry);
1062 struct dentry *index = NULL;
1063 struct inode *inode;
1064 struct qstr name = { };
1065 bool got_write = false;
1066 int err;
1067
1068 err = ovl_get_index_name(ofs, lowerdentry, &name);
1069 if (err)
1070 goto fail;
1071
1072 err = ovl_want_write(dentry);
1073 if (err)
1074 goto fail;
1075
1076 got_write = true;
1077 inode = d_inode(upperdentry);
1078 if (!S_ISDIR(inode->i_mode) && inode->i_nlink != 1) {
1079 pr_warn_ratelimited("cleanup linked index (%pd2, ino=%lu, nlink=%u)\n",
1080 upperdentry, inode->i_ino, inode->i_nlink);
1081 /*
1082 * We either have a bug with persistent union nlink or a lower
1083 * hardlink was added while overlay is mounted. Adding a lower
1084 * hardlink and then unlinking all overlay hardlinks would drop
1085 * overlay nlink to zero before all upper inodes are unlinked.
1086 * As a safety measure, when that situation is detected, set
1087 * the overlay nlink to the index inode nlink minus one for the
1088 * index entry itself.
1089 */
1090 set_nlink(d_inode(dentry), inode->i_nlink - 1);
1091 ovl_set_nlink_upper(dentry);
1092 goto out;
1093 }
1094
1095 inode_lock_nested(dir, I_MUTEX_PARENT);
1096 index = ovl_lookup_upper(ofs, name.name, indexdir, name.len);
1097 err = PTR_ERR(index);
1098 if (IS_ERR(index)) {
1099 index = NULL;
1100 } else if (ovl_index_all(dentry->d_sb)) {
1101 /* Whiteout orphan index to block future open by handle */
1102 err = ovl_cleanup_and_whiteout(OVL_FS(dentry->d_sb),
1103 dir, index);
1104 } else {
1105 /* Cleanup orphan index entries */
1106 err = ovl_cleanup(ofs, dir, index);
1107 }
1108
1109 inode_unlock(dir);
1110 if (err)
1111 goto fail;
1112
1113out:
1114 if (got_write)
1115 ovl_drop_write(dentry);
1116 kfree(name.name);
1117 dput(index);
1118 return;
1119
1120fail:
1121 pr_err("cleanup index of '%pd2' failed (%i)\n", dentry, err);
1122 goto out;
1123}
1124
1125/*
1126 * Operations that change overlay inode and upper inode nlink need to be
1127 * synchronized with copy up for persistent nlink accounting.
1128 */
1129int ovl_nlink_start(struct dentry *dentry)
1130{
1131 struct inode *inode = d_inode(dentry);
1132 const struct cred *old_cred;
1133 int err;
1134
1135 if (WARN_ON(!inode))
1136 return -ENOENT;
1137
1138 /*
1139 * With inodes index is enabled, we store the union overlay nlink
1140 * in an xattr on the index inode. When whiting out an indexed lower,
1141 * we need to decrement the overlay persistent nlink, but before the
1142 * first copy up, we have no upper index inode to store the xattr.
1143 *
1144 * As a workaround, before whiteout/rename over an indexed lower,
1145 * copy up to create the upper index. Creating the upper index will
1146 * initialize the overlay nlink, so it could be dropped if unlink
1147 * or rename succeeds.
1148 *
1149 * TODO: implement metadata only index copy up when called with
1150 * ovl_copy_up_flags(dentry, O_PATH).
1151 */
1152 if (ovl_need_index(dentry) && !ovl_dentry_has_upper_alias(dentry)) {
1153 err = ovl_copy_up(dentry);
1154 if (err)
1155 return err;
1156 }
1157
1158 err = ovl_inode_lock_interruptible(inode);
1159 if (err)
1160 return err;
1161
1162 err = ovl_want_write(dentry);
1163 if (err)
1164 goto out_unlock;
1165
1166 if (d_is_dir(dentry) || !ovl_test_flag(OVL_INDEX, inode))
1167 return 0;
1168
1169 old_cred = ovl_override_creds(dentry->d_sb);
1170 /*
1171 * The overlay inode nlink should be incremented/decremented IFF the
1172 * upper operation succeeds, along with nlink change of upper inode.
1173 * Therefore, before link/unlink/rename, we store the union nlink
1174 * value relative to the upper inode nlink in an upper inode xattr.
1175 */
1176 err = ovl_set_nlink_upper(dentry);
1177 revert_creds(old_cred);
1178 if (err)
1179 goto out_drop_write;
1180
1181 return 0;
1182
1183out_drop_write:
1184 ovl_drop_write(dentry);
1185out_unlock:
1186 ovl_inode_unlock(inode);
1187
1188 return err;
1189}
1190
1191void ovl_nlink_end(struct dentry *dentry)
1192{
1193 struct inode *inode = d_inode(dentry);
1194
1195 ovl_drop_write(dentry);
1196
1197 if (ovl_test_flag(OVL_INDEX, inode) && inode->i_nlink == 0) {
1198 const struct cred *old_cred;
1199
1200 old_cred = ovl_override_creds(dentry->d_sb);
1201 ovl_cleanup_index(dentry);
1202 revert_creds(old_cred);
1203 }
1204
1205 ovl_inode_unlock(inode);
1206}
1207
1208int ovl_lock_rename_workdir(struct dentry *workdir, struct dentry *upperdir)
1209{
1210 struct dentry *trap;
1211
1212 /* Workdir should not be the same as upperdir */
1213 if (workdir == upperdir)
1214 goto err;
1215
1216 /* Workdir should not be subdir of upperdir and vice versa */
1217 trap = lock_rename(workdir, upperdir);
1218 if (IS_ERR(trap))
1219 goto err;
1220 if (trap)
1221 goto err_unlock;
1222
1223 return 0;
1224
1225err_unlock:
1226 unlock_rename(workdir, upperdir);
1227err:
1228 pr_err("failed to lock workdir+upperdir\n");
1229 return -EIO;
1230}
1231
1232/*
1233 * err < 0, 0 if no metacopy xattr, metacopy data size if xattr found.
1234 * an empty xattr returns OVL_METACOPY_MIN_SIZE to distinguish from no xattr value.
1235 */
1236int ovl_check_metacopy_xattr(struct ovl_fs *ofs, const struct path *path,
1237 struct ovl_metacopy *data)
1238{
1239 int res;
1240
1241 /* Only regular files can have metacopy xattr */
1242 if (!S_ISREG(d_inode(path->dentry)->i_mode))
1243 return 0;
1244
1245 res = ovl_path_getxattr(ofs, path, OVL_XATTR_METACOPY,
1246 data, data ? OVL_METACOPY_MAX_SIZE : 0);
1247 if (res < 0) {
1248 if (res == -ENODATA || res == -EOPNOTSUPP)
1249 return 0;
1250 /*
1251 * getxattr on user.* may fail with EACCES in case there's no
1252 * read permission on the inode. Not much we can do, other than
1253 * tell the caller that this is not a metacopy inode.
1254 */
1255 if (ofs->config.userxattr && res == -EACCES)
1256 return 0;
1257 goto out;
1258 }
1259
1260 if (res == 0) {
1261 /* Emulate empty data for zero size metacopy xattr */
1262 res = OVL_METACOPY_MIN_SIZE;
1263 if (data) {
1264 memset(data, 0, res);
1265 data->len = res;
1266 }
1267 } else if (res < OVL_METACOPY_MIN_SIZE) {
1268 pr_warn_ratelimited("metacopy file '%pd' has too small xattr\n",
1269 path->dentry);
1270 return -EIO;
1271 } else if (data) {
1272 if (data->version != 0) {
1273 pr_warn_ratelimited("metacopy file '%pd' has unsupported version\n",
1274 path->dentry);
1275 return -EIO;
1276 }
1277 if (res != data->len) {
1278 pr_warn_ratelimited("metacopy file '%pd' has invalid xattr size\n",
1279 path->dentry);
1280 return -EIO;
1281 }
1282 }
1283
1284 return res;
1285out:
1286 pr_warn_ratelimited("failed to get metacopy (%i)\n", res);
1287 return res;
1288}
1289
1290int ovl_set_metacopy_xattr(struct ovl_fs *ofs, struct dentry *d, struct ovl_metacopy *metacopy)
1291{
1292 size_t len = metacopy->len;
1293
1294 /* If no flags or digest fall back to empty metacopy file */
1295 if (metacopy->version == 0 && metacopy->flags == 0 && metacopy->digest_algo == 0)
1296 len = 0;
1297
1298 return ovl_check_setxattr(ofs, d, OVL_XATTR_METACOPY,
1299 metacopy, len, -EOPNOTSUPP);
1300}
1301
1302bool ovl_is_metacopy_dentry(struct dentry *dentry)
1303{
1304 struct ovl_entry *oe = OVL_E(dentry);
1305
1306 if (!d_is_reg(dentry))
1307 return false;
1308
1309 if (ovl_dentry_upper(dentry)) {
1310 if (!ovl_has_upperdata(d_inode(dentry)))
1311 return true;
1312 return false;
1313 }
1314
1315 return (ovl_numlower(oe) > 1);
1316}
1317
1318char *ovl_get_redirect_xattr(struct ovl_fs *ofs, const struct path *path, int padding)
1319{
1320 int res;
1321 char *s, *next, *buf = NULL;
1322
1323 res = ovl_path_getxattr(ofs, path, OVL_XATTR_REDIRECT, NULL, 0);
1324 if (res == -ENODATA || res == -EOPNOTSUPP)
1325 return NULL;
1326 if (res < 0)
1327 goto fail;
1328 if (res == 0)
1329 goto invalid;
1330
1331 buf = kzalloc(res + padding + 1, GFP_KERNEL);
1332 if (!buf)
1333 return ERR_PTR(-ENOMEM);
1334
1335 res = ovl_path_getxattr(ofs, path, OVL_XATTR_REDIRECT, buf, res);
1336 if (res < 0)
1337 goto fail;
1338 if (res == 0)
1339 goto invalid;
1340
1341 if (buf[0] == '/') {
1342 for (s = buf; *s++ == '/'; s = next) {
1343 next = strchrnul(s, '/');
1344 if (s == next)
1345 goto invalid;
1346 }
1347 } else {
1348 if (strchr(buf, '/') != NULL)
1349 goto invalid;
1350 }
1351
1352 return buf;
1353invalid:
1354 pr_warn_ratelimited("invalid redirect (%s)\n", buf);
1355 res = -EINVAL;
1356 goto err_free;
1357fail:
1358 pr_warn_ratelimited("failed to get redirect (%i)\n", res);
1359err_free:
1360 kfree(buf);
1361 return ERR_PTR(res);
1362}
1363
1364/* Call with mounter creds as it may open the file */
1365int ovl_ensure_verity_loaded(struct path *datapath)
1366{
1367 struct inode *inode = d_inode(datapath->dentry);
1368 struct file *filp;
1369
1370 if (!fsverity_active(inode) && IS_VERITY(inode)) {
1371 /*
1372 * If this inode was not yet opened, the verity info hasn't been
1373 * loaded yet, so we need to do that here to force it into memory.
1374 */
1375 filp = kernel_file_open(datapath, O_RDONLY, inode, current_cred());
1376 if (IS_ERR(filp))
1377 return PTR_ERR(filp);
1378 fput(filp);
1379 }
1380
1381 return 0;
1382}
1383
1384int ovl_validate_verity(struct ovl_fs *ofs,
1385 struct path *metapath,
1386 struct path *datapath)
1387{
1388 struct ovl_metacopy metacopy_data;
1389 u8 actual_digest[FS_VERITY_MAX_DIGEST_SIZE];
1390 int xattr_digest_size, digest_size;
1391 int xattr_size, err;
1392 u8 verity_algo;
1393
1394 if (!ofs->config.verity_mode ||
1395 /* Verity only works on regular files */
1396 !S_ISREG(d_inode(metapath->dentry)->i_mode))
1397 return 0;
1398
1399 xattr_size = ovl_check_metacopy_xattr(ofs, metapath, &metacopy_data);
1400 if (xattr_size < 0)
1401 return xattr_size;
1402
1403 if (!xattr_size || !metacopy_data.digest_algo) {
1404 if (ofs->config.verity_mode == OVL_VERITY_REQUIRE) {
1405 pr_warn_ratelimited("metacopy file '%pd' has no digest specified\n",
1406 metapath->dentry);
1407 return -EIO;
1408 }
1409 return 0;
1410 }
1411
1412 xattr_digest_size = ovl_metadata_digest_size(&metacopy_data);
1413
1414 err = ovl_ensure_verity_loaded(datapath);
1415 if (err < 0) {
1416 pr_warn_ratelimited("lower file '%pd' failed to load fs-verity info\n",
1417 datapath->dentry);
1418 return -EIO;
1419 }
1420
1421 digest_size = fsverity_get_digest(d_inode(datapath->dentry), actual_digest,
1422 &verity_algo, NULL);
1423 if (digest_size == 0) {
1424 pr_warn_ratelimited("lower file '%pd' has no fs-verity digest\n", datapath->dentry);
1425 return -EIO;
1426 }
1427
1428 if (xattr_digest_size != digest_size ||
1429 metacopy_data.digest_algo != verity_algo ||
1430 memcmp(metacopy_data.digest, actual_digest, xattr_digest_size) != 0) {
1431 pr_warn_ratelimited("lower file '%pd' has the wrong fs-verity digest\n",
1432 datapath->dentry);
1433 return -EIO;
1434 }
1435
1436 return 0;
1437}
1438
1439int ovl_get_verity_digest(struct ovl_fs *ofs, struct path *src,
1440 struct ovl_metacopy *metacopy)
1441{
1442 int err, digest_size;
1443
1444 if (!ofs->config.verity_mode || !S_ISREG(d_inode(src->dentry)->i_mode))
1445 return 0;
1446
1447 err = ovl_ensure_verity_loaded(src);
1448 if (err < 0) {
1449 pr_warn_ratelimited("lower file '%pd' failed to load fs-verity info\n",
1450 src->dentry);
1451 return -EIO;
1452 }
1453
1454 digest_size = fsverity_get_digest(d_inode(src->dentry),
1455 metacopy->digest, &metacopy->digest_algo, NULL);
1456 if (digest_size == 0 ||
1457 WARN_ON_ONCE(digest_size > FS_VERITY_MAX_DIGEST_SIZE)) {
1458 if (ofs->config.verity_mode == OVL_VERITY_REQUIRE) {
1459 pr_warn_ratelimited("lower file '%pd' has no fs-verity digest\n",
1460 src->dentry);
1461 return -EIO;
1462 }
1463 return 0;
1464 }
1465
1466 metacopy->len += digest_size;
1467 return 0;
1468}
1469
1470/*
1471 * ovl_sync_status() - Check fs sync status for volatile mounts
1472 *
1473 * Returns 1 if this is not a volatile mount and a real sync is required.
1474 *
1475 * Returns 0 if syncing can be skipped because mount is volatile, and no errors
1476 * have occurred on the upperdir since the mount.
1477 *
1478 * Returns -errno if it is a volatile mount, and the error that occurred since
1479 * the last mount. If the error code changes, it'll return the latest error
1480 * code.
1481 */
1482
1483int ovl_sync_status(struct ovl_fs *ofs)
1484{
1485 struct vfsmount *mnt;
1486
1487 if (ovl_should_sync(ofs))
1488 return 1;
1489
1490 mnt = ovl_upper_mnt(ofs);
1491 if (!mnt)
1492 return 0;
1493
1494 return errseq_check(&mnt->mnt_sb->s_wb_err, ofs->errseq);
1495}
1496
1497/*
1498 * ovl_copyattr() - copy inode attributes from layer to ovl inode
1499 *
1500 * When overlay copies inode information from an upper or lower layer to the
1501 * relevant overlay inode it will apply the idmapping of the upper or lower
1502 * layer when doing so ensuring that the ovl inode ownership will correctly
1503 * reflect the ownership of the idmapped upper or lower layer. For example, an
1504 * idmapped upper or lower layer mapping id 1001 to id 1000 will take care to
1505 * map any lower or upper inode owned by id 1001 to id 1000. These mapping
1506 * helpers are nops when the relevant layer isn't idmapped.
1507 */
1508void ovl_copyattr(struct inode *inode)
1509{
1510 struct path realpath;
1511 struct inode *realinode;
1512 struct mnt_idmap *real_idmap;
1513 vfsuid_t vfsuid;
1514 vfsgid_t vfsgid;
1515
1516 realinode = ovl_i_path_real(inode, &realpath);
1517 real_idmap = mnt_idmap(realpath.mnt);
1518
1519 spin_lock(&inode->i_lock);
1520 vfsuid = i_uid_into_vfsuid(real_idmap, realinode);
1521 vfsgid = i_gid_into_vfsgid(real_idmap, realinode);
1522
1523 inode->i_uid = vfsuid_into_kuid(vfsuid);
1524 inode->i_gid = vfsgid_into_kgid(vfsgid);
1525 inode->i_mode = realinode->i_mode;
1526 inode_set_atime_to_ts(inode, inode_get_atime(realinode));
1527 inode_set_mtime_to_ts(inode, inode_get_mtime(realinode));
1528 inode_set_ctime_to_ts(inode, inode_get_ctime(realinode));
1529 i_size_write(inode, i_size_read(realinode));
1530 spin_unlock(&inode->i_lock);
1531}