LXR linux/fs/overlayfs/copy

   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 *
   4 * Copyright (C) 2011 Novell Inc.
   5 */
   6
   7#include <linux/module.h>
   8#include <linux/fs.h>
   9#include <linux/slab.h>
  10#include <linux/file.h>
  11#include <linux/splice.h>
  12#include <linux/xattr.h>
  13#include <linux/security.h>
  14#include <linux/uaccess.h>
  15#include <linux/sched/signal.h>
  16#include <linux/cred.h>
  17#include <linux/namei.h>
  18#include <linux/fdtable.h>
  19#include <linux/ratelimit.h>
  20#include <linux/exportfs.h>
  21#include "overlayfs.h"
  22
  23#define OVL_COPY_UP_CHUNK_SIZE (1 << 20)
  24
  25static int ovl_ccup_set(const char *buf, const struct kernel_param *param)
  26{
  27        pr_warn("overlayfs: \"check_copy_up\" module option is obsolete\n");
  28        return 0;
  29}
  30
  31static int ovl_ccup_get(char *buf, const struct kernel_param *param)
  32{
  33        return sprintf(buf, "N\n");
  34}
  35
  36module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644);
  37MODULE_PARM_DESC(check_copy_up, "Obsolete; does nothing");
  38
  39int ovl_copy_xattr(struct dentry *old, struct dentry *new)
  40{
  41        ssize_t list_size, size, value_size = 0;
  42        char *buf, *name, *value = NULL;
  43        int uninitialized_var(error);
  44        size_t slen;
  45
  46        if (!(old->d_inode->i_opflags & IOP_XATTR) ||
  47            !(new->d_inode->i_opflags & IOP_XATTR))
  48                return 0;
  49
  50        list_size = vfs_listxattr(old, NULL, 0);
  51        if (list_size <= 0) {
  52                if (list_size == -EOPNOTSUPP)
  53                        return 0;
  54                return list_size;
  55        }
  56
  57        buf = kzalloc(list_size, GFP_KERNEL);
  58        if (!buf)
  59                return -ENOMEM;
  60
  61        list_size = vfs_listxattr(old, buf, list_size);
  62        if (list_size <= 0) {
  63                error = list_size;
  64                goto out;
  65        }
  66
  67        for (name = buf; list_size; name += slen) {
  68                slen = strnlen(name, list_size) + 1;
  69
  70                /* underlying fs providing us with an broken xattr list? */
  71                if (WARN_ON(slen > list_size)) {
  72                        error = -EIO;
  73                        break;
  74                }
  75                list_size -= slen;
  76
  77                if (ovl_is_private_xattr(name))
  78                        continue;
  79retry:
  80                size = vfs_getxattr(old, name, value, value_size);
  81                if (size == -ERANGE)
  82                        size = vfs_getxattr(old, name, NULL, 0);
  83
  84                if (size < 0) {
  85                        error = size;
  86                        break;
  87                }
  88
  89                if (size > value_size) {
  90                        void *new;
  91
  92                        new = krealloc(value, size, GFP_KERNEL);
  93                        if (!new) {
  94                                error = -ENOMEM;
  95                                break;
  96                        }
  97                        value = new;
  98                        value_size = size;
  99                        goto retry;
 100                }
 101
 102                error = security_inode_copy_up_xattr(name);
 103                if (error < 0 && error != -EOPNOTSUPP)
 104                        break;
 105                if (error == 1) {
 106                        error = 0;
 107                        continue; /* Discard */
 108                }
 109                error = vfs_setxattr(new, name, value, size, 0);
 110                if (error)
 111                        break;
 112        }
 113        kfree(value);
 114out:
 115        kfree(buf);
 116        return error;
 117}
 118
 119static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len)
 120{
 121        struct file *old_file;
 122        struct file *new_file;
 123        loff_t old_pos = 0;
 124        loff_t new_pos = 0;
 125        loff_t cloned;
 126        int error = 0;
 127
 128        if (len == 0)
 129                return 0;
 130
 131        old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY);
 132        if (IS_ERR(old_file))
 133                return PTR_ERR(old_file);
 134
 135        new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY);
 136        if (IS_ERR(new_file)) {
 137                error = PTR_ERR(new_file);
 138                goto out_fput;
 139        }
 140
 141        /* Try to use clone_file_range to clone up within the same fs */
 142        cloned = do_clone_file_range(old_file, 0, new_file, 0, len, 0);
 143        if (cloned == len)
 144                goto out;
 145        /* Couldn't clone, so now we try to copy the data */
 146
 147        /* FIXME: copy up sparse files efficiently */
 148        while (len) {
 149                size_t this_len = OVL_COPY_UP_CHUNK_SIZE;
 150                long bytes;
 151
 152                if (len < this_len)
 153                        this_len = len;
 154
 155                if (signal_pending_state(TASK_KILLABLE, current)) {
 156                        error = -EINTR;
 157                        break;
 158                }
 159
 160                bytes = do_splice_direct(old_file, &old_pos,
 161                                         new_file, &new_pos,
 162                                         this_len, SPLICE_F_MOVE);
 163                if (bytes <= 0) {
 164                        error = bytes;
 165                        break;
 166                }
 167                WARN_ON(old_pos != new_pos);
 168
 169                len -= bytes;
 170        }
 171out:
 172        if (!error)
 173                error = vfs_fsync(new_file, 0);
 174        fput(new_file);
 175out_fput:
 176        fput(old_file);
 177        return error;
 178}
 179
 180static int ovl_set_size(struct dentry *upperdentry, struct kstat *stat)
 181{
 182        struct iattr attr = {
 183                .ia_valid = ATTR_SIZE,
 184                .ia_size = stat->size,
 185        };
 186
 187        return notify_change(upperdentry, &attr, NULL);
 188}
 189
 190static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat)
 191{
 192        struct iattr attr = {
 193                .ia_valid =
 194                     ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET,
 195                .ia_atime = stat->atime,
 196                .ia_mtime = stat->mtime,
 197        };
 198
 199        return notify_change(upperdentry, &attr, NULL);
 200}
 201
 202int ovl_set_attr(struct dentry *upperdentry, struct kstat *stat)
 203{
 204        int err = 0;
 205
 206        if (!S_ISLNK(stat->mode)) {
 207                struct iattr attr = {
 208                        .ia_valid = ATTR_MODE,
 209                        .ia_mode = stat->mode,
 210                };
 211                err = notify_change(upperdentry, &attr, NULL);
 212        }
 213        if (!err) {
 214                struct iattr attr = {
 215                        .ia_valid = ATTR_UID | ATTR_GID,
 216                        .ia_uid = stat->uid,
 217                        .ia_gid = stat->gid,
 218                };
 219                err = notify_change(upperdentry, &attr, NULL);
 220        }
 221        if (!err)
 222                ovl_set_timestamps(upperdentry, stat);
 223
 224        return err;
 225}
 226
 227struct ovl_fh *ovl_encode_real_fh(struct dentry *real, bool is_upper)
 228{
 229        struct ovl_fh *fh;
 230        int fh_type, fh_len, dwords;
 231        void *buf;
 232        int buflen = MAX_HANDLE_SZ;
 233        uuid_t *uuid = &real->d_sb->s_uuid;
 234
 235        buf = kmalloc(buflen, GFP_KERNEL);
 236        if (!buf)
 237                return ERR_PTR(-ENOMEM);
 238
 239        /*
 240         * We encode a non-connectable file handle for non-dir, because we
 241         * only need to find the lower inode number and we don't want to pay
 242         * the price or reconnecting the dentry.
 243         */
 244        dwords = buflen >> 2;
 245        fh_type = exportfs_encode_fh(real, buf, &dwords, 0);
 246        buflen = (dwords << 2);
 247
 248        fh = ERR_PTR(-EIO);
 249        if (WARN_ON(fh_type < 0) ||
 250            WARN_ON(buflen > MAX_HANDLE_SZ) ||
 251            WARN_ON(fh_type == FILEID_INVALID))
 252                goto out;
 253
 254        BUILD_BUG_ON(MAX_HANDLE_SZ + offsetof(struct ovl_fh, fid) > 255);
 255        fh_len = offsetof(struct ovl_fh, fid) + buflen;
 256        fh = kmalloc(fh_len, GFP_KERNEL);
 257        if (!fh) {
 258                fh = ERR_PTR(-ENOMEM);
 259                goto out;
 260        }
 261
 262        fh->version = OVL_FH_VERSION;
 263        fh->magic = OVL_FH_MAGIC;
 264        fh->type = fh_type;
 265        fh->flags = OVL_FH_FLAG_CPU_ENDIAN;
 266        /*
 267         * When we will want to decode an overlay dentry from this handle
 268         * and all layers are on the same fs, if we get a disconncted real
 269         * dentry when we decode fid, the only way to tell if we should assign
 270         * it to upperdentry or to lowerstack is by checking this flag.
 271         */
 272        if (is_upper)
 273                fh->flags |= OVL_FH_FLAG_PATH_UPPER;
 274        fh->len = fh_len;
 275        fh->uuid = *uuid;
 276        memcpy(fh->fid, buf, buflen);
 277
 278out:
 279        kfree(buf);
 280        return fh;
 281}
 282
 283int ovl_set_origin(struct dentry *dentry, struct dentry *lower,
 284                   struct dentry *upper)
 285{
 286        const struct ovl_fh *fh = NULL;
 287        int err;
 288
 289        /*
 290         * When lower layer doesn't support export operations store a 'null' fh,
 291         * so we can use the overlay.origin xattr to distignuish between a copy
 292         * up and a pure upper inode.
 293         */
 294        if (ovl_can_decode_fh(lower->d_sb)) {
 295                fh = ovl_encode_real_fh(lower, false);
 296                if (IS_ERR(fh))
 297                        return PTR_ERR(fh);
 298        }
 299
 300        /*
 301         * Do not fail when upper doesn't support xattrs.
 302         */
 303        err = ovl_check_setxattr(dentry, upper, OVL_XATTR_ORIGIN, fh,
 304                                 fh ? fh->len : 0, 0);
 305        kfree(fh);
 306
 307        return err;
 308}
 309
 310/* Store file handle of @upper dir in @index dir entry */
 311static int ovl_set_upper_fh(struct dentry *upper, struct dentry *index)
 312{
 313        const struct ovl_fh *fh;
 314        int err;
 315
 316        fh = ovl_encode_real_fh(upper, true);
 317        if (IS_ERR(fh))
 318                return PTR_ERR(fh);
 319
 320        err = ovl_do_setxattr(index, OVL_XATTR_UPPER, fh, fh->len, 0);
 321
 322        kfree(fh);
 323        return err;
 324}
 325
 326/*
 327 * Create and install index entry.
 328 *
 329 * Caller must hold i_mutex on indexdir.
 330 */
 331static int ovl_create_index(struct dentry *dentry, struct dentry *origin,
 332                            struct dentry *upper)
 333{
 334        struct dentry *indexdir = ovl_indexdir(dentry->d_sb);
 335        struct inode *dir = d_inode(indexdir);
 336        struct dentry *index = NULL;
 337        struct dentry *temp = NULL;
 338        struct qstr name = { };
 339        int err;
 340
 341        /*
 342         * For now this is only used for creating index entry for directories,
 343         * because non-dir are copied up directly to index and then hardlinked
 344         * to upper dir.
 345         *
 346         * TODO: implement create index for non-dir, so we can call it when
 347         * encoding file handle for non-dir in case index does not exist.
 348         */
 349        if (WARN_ON(!d_is_dir(dentry)))
 350                return -EIO;
 351
 352        /* Directory not expected to be indexed before copy up */
 353        if (WARN_ON(ovl_test_flag(OVL_INDEX, d_inode(dentry))))
 354                return -EIO;
 355
 356        err = ovl_get_index_name(origin, &name);
 357        if (err)
 358                return err;
 359
 360        temp = ovl_create_temp(indexdir, OVL_CATTR(S_IFDIR | 0));
 361        err = PTR_ERR(temp);
 362        if (IS_ERR(temp))
 363                goto free_name;
 364
 365        err = ovl_set_upper_fh(upper, temp);
 366        if (err)
 367                goto out;
 368
 369        index = lookup_one_len(name.name, indexdir, name.len);
 370        if (IS_ERR(index)) {
 371                err = PTR_ERR(index);
 372        } else {
 373                err = ovl_do_rename(dir, temp, dir, index, 0);
 374                dput(index);
 375        }
 376out:
 377        if (err)
 378                ovl_cleanup(dir, temp);
 379        dput(temp);
 380free_name:
 381        kfree(name.name);
 382        return err;
 383}
 384
 385struct ovl_copy_up_ctx {
 386        struct dentry *parent;
 387        struct dentry *dentry;
 388        struct path lowerpath;
 389        struct kstat stat;
 390        struct kstat pstat;
 391        const char *link;
 392        struct dentry *destdir;
 393        struct qstr destname;
 394        struct dentry *workdir;
 395        bool origin;
 396        bool indexed;
 397        bool metacopy;
 398};
 399
 400static int ovl_link_up(struct ovl_copy_up_ctx *c)
 401{
 402        int err;
 403        struct dentry *upper;
 404        struct dentry *upperdir = ovl_dentry_upper(c->parent);
 405        struct inode *udir = d_inode(upperdir);
 406
 407        /* Mark parent "impure" because it may now contain non-pure upper */
 408        err = ovl_set_impure(c->parent, upperdir);
 409        if (err)
 410                return err;
 411
 412        err = ovl_set_nlink_lower(c->dentry);
 413        if (err)
 414                return err;
 415
 416        inode_lock_nested(udir, I_MUTEX_PARENT);
 417        upper = lookup_one_len(c->dentry->d_name.name, upperdir,
 418                               c->dentry->d_name.len);
 419        err = PTR_ERR(upper);
 420        if (!IS_ERR(upper)) {
 421                err = ovl_do_link(ovl_dentry_upper(c->dentry), udir, upper);
 422                dput(upper);
 423
 424                if (!err) {
 425                        /* Restore timestamps on parent (best effort) */
 426                        ovl_set_timestamps(upperdir, &c->pstat);
 427                        ovl_dentry_set_upper_alias(c->dentry);
 428                }
 429        }
 430        inode_unlock(udir);
 431        if (err)
 432                return err;
 433
 434        err = ovl_set_nlink_upper(c->dentry);
 435
 436        return err;
 437}
 438
 439static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp)
 440{
 441        int err;
 442
 443        /*
 444         * Copy up data first and then xattrs. Writing data after
 445         * xattrs will remove security.capability xattr automatically.
 446         */
 447        if (S_ISREG(c->stat.mode) && !c->metacopy) {
 448                struct path upperpath, datapath;
 449
 450                ovl_path_upper(c->dentry, &upperpath);
 451                if (WARN_ON(upperpath.dentry != NULL))
 452                        return -EIO;
 453                upperpath.dentry = temp;
 454
 455                ovl_path_lowerdata(c->dentry, &datapath);
 456                err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size);
 457                if (err)
 458                        return err;
 459        }
 460
 461        err = ovl_copy_xattr(c->lowerpath.dentry, temp);
 462        if (err)
 463                return err;
 464
 465        /*
 466         * Store identifier of lower inode in upper inode xattr to
 467         * allow lookup of the copy up origin inode.
 468         *
 469         * Don't set origin when we are breaking the association with a lower
 470         * hard link.
 471         */
 472        if (c->origin) {
 473                err = ovl_set_origin(c->dentry, c->lowerpath.dentry, temp);
 474                if (err)
 475                        return err;
 476        }
 477
 478        if (c->metacopy) {
 479                err = ovl_check_setxattr(c->dentry, temp, OVL_XATTR_METACOPY,
 480                                         NULL, 0, -EOPNOTSUPP);
 481                if (err)
 482                        return err;
 483        }
 484
 485        inode_lock(temp->d_inode);
 486        if (c->metacopy)
 487                err = ovl_set_size(temp, &c->stat);
 488        if (!err)
 489                err = ovl_set_attr(temp, &c->stat);
 490        inode_unlock(temp->d_inode);
 491
 492        return err;
 493}
 494
 495struct ovl_cu_creds {
 496        const struct cred *old;
 497        struct cred *new;
 498};
 499
 500static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
 501{
 502        int err;
 503
 504        cc->old = cc->new = NULL;
 505        err = security_inode_copy_up(dentry, &cc->new);
 506        if (err < 0)
 507                return err;
 508
 509        if (cc->new)
 510                cc->old = override_creds(cc->new);
 511
 512        return 0;
 513}
 514
 515static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)
 516{
 517        if (cc->new) {
 518                revert_creds(cc->old);
 519                put_cred(cc->new);
 520        }
 521}
 522
 523/*
 524 * Copyup using workdir to prepare temp file.  Used when copying up directories,
 525 * special files or when upper fs doesn't support O_TMPFILE.
 526 */
 527static int ovl_copy_up_workdir(struct ovl_copy_up_ctx *c)
 528{
 529        struct inode *inode;
 530        struct inode *udir = d_inode(c->destdir), *wdir = d_inode(c->workdir);
 531        struct dentry *temp, *upper;
 532        struct ovl_cu_creds cc;
 533        int err;
 534        struct ovl_cattr cattr = {
 535                /* Can't properly set mode on creation because of the umask */
 536                .mode = c->stat.mode & S_IFMT,
 537                .rdev = c->stat.rdev,
 538                .link = c->link
 539        };
 540
 541        err = ovl_lock_rename_workdir(c->workdir, c->destdir);
 542        if (err)
 543                return err;
 544
 545        err = ovl_prep_cu_creds(c->dentry, &cc);
 546        if (err)
 547                goto unlock;
 548
 549        temp = ovl_create_temp(c->workdir, &cattr);
 550        ovl_revert_cu_creds(&cc);
 551
 552        err = PTR_ERR(temp);
 553        if (IS_ERR(temp))
 554                goto unlock;
 555
 556        err = ovl_copy_up_inode(c, temp);
 557        if (err)
 558                goto cleanup;
 559
 560        if (S_ISDIR(c->stat.mode) && c->indexed) {
 561                err = ovl_create_index(c->dentry, c->lowerpath.dentry, temp);
 562                if (err)
 563                        goto cleanup;
 564        }
 565
 566        upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);
 567        err = PTR_ERR(upper);
 568        if (IS_ERR(upper))
 569                goto cleanup;
 570
 571        err = ovl_do_rename(wdir, temp, udir, upper, 0);
 572        dput(upper);
 573        if (err)
 574                goto cleanup;
 575
 576        if (!c->metacopy)
 577                ovl_set_upperdata(d_inode(c->dentry));
 578        inode = d_inode(c->dentry);
 579        ovl_inode_update(inode, temp);
 580        if (S_ISDIR(inode->i_mode))
 581                ovl_set_flag(OVL_WHITEOUTS, inode);
 582unlock:
 583        unlock_rename(c->workdir, c->destdir);
 584
 585        return err;
 586
 587cleanup:
 588        ovl_cleanup(wdir, temp);
 589        dput(temp);
 590        goto unlock;
 591}
 592
 593/* Copyup using O_TMPFILE which does not require cross dir locking */
 594static int ovl_copy_up_tmpfile(struct ovl_copy_up_ctx *c)
 595{
 596        struct inode *udir = d_inode(c->destdir);
 597        struct dentry *temp, *upper;
 598        struct ovl_cu_creds cc;
 599        int err;
 600
 601        err = ovl_prep_cu_creds(c->dentry, &cc);
 602        if (err)
 603                return err;
 604
 605        temp = ovl_do_tmpfile(c->workdir, c->stat.mode);
 606        ovl_revert_cu_creds(&cc);
 607
 608        if (IS_ERR(temp))
 609                return PTR_ERR(temp);
 610
 611        err = ovl_copy_up_inode(c, temp);
 612        if (err)
 613                goto out_dput;
 614
 615        inode_lock_nested(udir, I_MUTEX_PARENT);
 616
 617        upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);
 618        err = PTR_ERR(upper);
 619        if (!IS_ERR(upper)) {
 620                err = ovl_do_link(temp, udir, upper);
 621                dput(upper);
 622        }
 623        inode_unlock(udir);
 624
 625        if (err)
 626                goto out_dput;
 627
 628        if (!c->metacopy)
 629                ovl_set_upperdata(d_inode(c->dentry));
 630        ovl_inode_update(d_inode(c->dentry), temp);
 631
 632        return 0;
 633
 634out_dput:
 635        dput(temp);
 636        return err;
 637}
 638
 639/*
 640 * Copy up a single dentry
 641 *
 642 * All renames start with copy up of source if necessary.  The actual
 643 * rename will only proceed once the copy up was successful.  Copy up uses
 644 * upper parent i_mutex for exclusion.  Since rename can change d_parent it
 645 * is possible that the copy up will lock the old parent.  At that point
 646 * the file will have already been copied up anyway.
 647 */
 648static int ovl_do_copy_up(struct ovl_copy_up_ctx *c)
 649{
 650        int err;
 651        struct ovl_fs *ofs = c->dentry->d_sb->s_fs_info;
 652        bool to_index = false;
 653
 654        /*
 655         * Indexed non-dir is copied up directly to the index entry and then
 656         * hardlinked to upper dir. Indexed dir is copied up to indexdir,
 657         * then index entry is created and then copied up dir installed.
 658         * Copying dir up to indexdir instead of workdir simplifies locking.
 659         */
 660        if (ovl_need_index(c->dentry)) {
 661                c->indexed = true;
 662                if (S_ISDIR(c->stat.mode))
 663                        c->workdir = ovl_indexdir(c->dentry->d_sb);
 664                else
 665                        to_index = true;
 666        }
 667
 668        if (S_ISDIR(c->stat.mode) || c->stat.nlink == 1 || to_index)
 669                c->origin = true;
 670
 671        if (to_index) {
 672                c->destdir = ovl_indexdir(c->dentry->d_sb);
 673                err = ovl_get_index_name(c->lowerpath.dentry, &c->destname);
 674                if (err)
 675                        return err;
 676        } else if (WARN_ON(!c->parent)) {
 677                /* Disconnected dentry must be copied up to index dir */
 678                return -EIO;
 679        } else {
 680                /*
 681                 * Mark parent "impure" because it may now contain non-pure
 682                 * upper
 683                 */
 684                err = ovl_set_impure(c->parent, c->destdir);
 685                if (err)
 686                        return err;
 687        }
 688
 689        /* Should we copyup with O_TMPFILE or with workdir? */
 690        if (S_ISREG(c->stat.mode) && ofs->tmpfile)
 691                err = ovl_copy_up_tmpfile(c);
 692        else
 693                err = ovl_copy_up_workdir(c);
 694        if (err)
 695                goto out;
 696
 697        if (c->indexed)
 698                ovl_set_flag(OVL_INDEX, d_inode(c->dentry));
 699
 700        if (to_index) {
 701                /* Initialize nlink for copy up of disconnected dentry */
 702                err = ovl_set_nlink_upper(c->dentry);
 703        } else {
 704                struct inode *udir = d_inode(c->destdir);
 705
 706                /* Restore timestamps on parent (best effort) */
 707                inode_lock(udir);
 708                ovl_set_timestamps(c->destdir, &c->pstat);
 709                inode_unlock(udir);
 710
 711                ovl_dentry_set_upper_alias(c->dentry);
 712        }
 713
 714out:
 715        if (to_index)
 716                kfree(c->destname.name);
 717        return err;
 718}
 719
 720static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode,
 721                                  int flags)
 722{
 723        struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
 724
 725        if (!ofs->config.metacopy)
 726                return false;
 727
 728        if (!S_ISREG(mode))
 729                return false;
 730
 731        if (flags && ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC)))
 732                return false;
 733
 734        return true;
 735}
 736
 737/* Copy up data of an inode which was copied up metadata only in the past. */
 738static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c)
 739{
 740        struct path upperpath, datapath;
 741        int err;
 742        char *capability = NULL;
 743        ssize_t uninitialized_var(cap_size);
 744
 745        ovl_path_upper(c->dentry, &upperpath);
 746        if (WARN_ON(upperpath.dentry == NULL))
 747                return -EIO;
 748
 749        ovl_path_lowerdata(c->dentry, &datapath);
 750        if (WARN_ON(datapath.dentry == NULL))
 751                return -EIO;
 752
 753        if (c->stat.size) {
 754                err = cap_size = ovl_getxattr(upperpath.dentry, XATTR_NAME_CAPS,
 755                                              &capability, 0);
 756                if (err < 0 && err != -ENODATA)
 757                        goto out;
 758        }
 759
 760        err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size);
 761        if (err)
 762                goto out_free;
 763
 764        /*
 765         * Writing to upper file will clear security.capability xattr. We
 766         * don't want that to happen for normal copy-up operation.
 767         */
 768        if (capability) {
 769                err = ovl_do_setxattr(upperpath.dentry, XATTR_NAME_CAPS,
 770                                      capability, cap_size, 0);
 771                if (err)
 772                        goto out_free;
 773        }
 774
 775
 776        err = vfs_removexattr(upperpath.dentry, OVL_XATTR_METACOPY);
 777        if (err)
 778                goto out_free;
 779
 780        ovl_set_upperdata(d_inode(c->dentry));
 781out_free:
 782        kfree(capability);
 783out:
 784        return err;
 785}
 786
 787static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
 788                           int flags)
 789{
 790        int err;
 791        DEFINE_DELAYED_CALL(done);
 792        struct path parentpath;
 793        struct ovl_copy_up_ctx ctx = {
 794                .parent = parent,
 795                .dentry = dentry,
 796                .workdir = ovl_workdir(dentry),
 797        };
 798
 799        if (WARN_ON(!ctx.workdir))
 800                return -EROFS;
 801
 802        ovl_path_lower(dentry, &ctx.lowerpath);
 803        err = vfs_getattr(&ctx.lowerpath, &ctx.stat,
 804                          STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
 805        if (err)
 806                return err;
 807
 808        ctx.metacopy = ovl_need_meta_copy_up(dentry, ctx.stat.mode, flags);
 809
 810        if (parent) {
 811                ovl_path_upper(parent, &parentpath);
 812                ctx.destdir = parentpath.dentry;
 813                ctx.destname = dentry->d_name;
 814
 815                err = vfs_getattr(&parentpath, &ctx.pstat,
 816                                  STATX_ATIME | STATX_MTIME,
 817                                  AT_STATX_SYNC_AS_STAT);
 818                if (err)
 819                        return err;
 820        }
 821
 822        /* maybe truncate regular file. this has no effect on dirs */
 823        if (flags & O_TRUNC)
 824                ctx.stat.size = 0;
 825
 826        if (S_ISLNK(ctx.stat.mode)) {
 827                ctx.link = vfs_get_link(ctx.lowerpath.dentry, &done);
 828                if (IS_ERR(ctx.link))
 829                        return PTR_ERR(ctx.link);
 830        }
 831
 832        err = ovl_copy_up_start(dentry, flags);
 833        /* err < 0: interrupted, err > 0: raced with another copy-up */
 834        if (unlikely(err)) {
 835                if (err > 0)
 836                        err = 0;
 837        } else {
 838                if (!ovl_dentry_upper(dentry))
 839                        err = ovl_do_copy_up(&ctx);
 840                if (!err && parent && !ovl_dentry_has_upper_alias(dentry))
 841                        err = ovl_link_up(&ctx);
 842                if (!err && ovl_dentry_needs_data_copy_up_locked(dentry, flags))
 843                        err = ovl_copy_up_meta_inode_data(&ctx);
 844                ovl_copy_up_end(dentry);
 845        }
 846        do_delayed_call(&done);
 847
 848        return err;
 849}
 850
 851int ovl_copy_up_flags(struct dentry *dentry, int flags)
 852{
 853        int err = 0;
 854        const struct cred *old_cred = ovl_override_creds(dentry->d_sb);
 855        bool disconnected = (dentry->d_flags & DCACHE_DISCONNECTED);
 856
 857        /*
 858         * With NFS export, copy up can get called for a disconnected non-dir.
 859         * In this case, we will copy up lower inode to index dir without
 860         * linking it to upper dir.
 861         */
 862        if (WARN_ON(disconnected && d_is_dir(dentry)))
 863                return -EIO;
 864
 865        while (!err) {
 866                struct dentry *next;
 867                struct dentry *parent = NULL;
 868
 869                if (ovl_already_copied_up(dentry, flags))
 870                        break;
 871
 872                next = dget(dentry);
 873                /* find the topmost dentry not yet copied up */
 874                for (; !disconnected;) {
 875                        parent = dget_parent(next);
 876
 877                        if (ovl_dentry_upper(parent))
 878                                break;
 879
 880                        dput(next);
 881                        next = parent;
 882                }
 883
 884                err = ovl_copy_up_one(parent, next, flags);
 885
 886                dput(parent);
 887                dput(next);
 888        }
 889        revert_creds(old_cred);
 890
 891        return err;
 892}
 893
 894static bool ovl_open_need_copy_up(struct dentry *dentry, int flags)
 895{
 896        /* Copy up of disconnected dentry does not set upper alias */
 897        if (ovl_already_copied_up(dentry, flags))
 898                return false;
 899
 900        if (special_file(d_inode(dentry)->i_mode))
 901                return false;
 902
 903        if (!ovl_open_flags_need_copy_up(flags))
 904                return false;
 905
 906        return true;
 907}
 908
 909int ovl_maybe_copy_up(struct dentry *dentry, int flags)
 910{
 911        int err = 0;
 912
 913        if (ovl_open_need_copy_up(dentry, flags)) {
 914                err = ovl_want_write(dentry);
 915                if (!err) {
 916                        err = ovl_copy_up_flags(dentry, flags);
 917                        ovl_drop_write(dentry);
 918                }
 919        }
 920
 921        return err;
 922}
 923
 924int ovl_copy_up_with_data(struct dentry *dentry)
 925{
 926        return ovl_copy_up_flags(dentry, O_WRONLY);
 927}
 928
 929int ovl_copy_up(struct dentry *dentry)
 930{
 931        return ovl_copy_up_flags(dentry, 0);
 932}
 933