LXR linux/fs/overlayfs/copy

   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 *
   4 * Copyright (C) 2011 Novell Inc.
   5 */
   6
   7#include <linux/module.h>
   8#include <linux/fs.h>
   9#include <linux/slab.h>
  10#include <linux/file.h>
  11#include <linux/fileattr.h>
  12#include <linux/splice.h>
  13#include <linux/xattr.h>
  14#include <linux/security.h>
  15#include <linux/uaccess.h>
  16#include <linux/sched/signal.h>
  17#include <linux/cred.h>
  18#include <linux/namei.h>
  19#include <linux/fdtable.h>
  20#include <linux/ratelimit.h>
  21#include <linux/exportfs.h>
  22#include "overlayfs.h"
  23
  24#define OVL_COPY_UP_CHUNK_SIZE (1 << 20)
  25
  26static int ovl_ccup_set(const char *buf, const struct kernel_param *param)
  27{
  28        pr_warn("\"check_copy_up\" module option is obsolete\n");
  29        return 0;
  30}
  31
  32static int ovl_ccup_get(char *buf, const struct kernel_param *param)
  33{
  34        return sprintf(buf, "N\n");
  35}
  36
  37module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644);
  38MODULE_PARM_DESC(check_copy_up, "Obsolete; does nothing");
  39
  40static bool ovl_must_copy_xattr(const char *name)
  41{
  42        return !strcmp(name, XATTR_POSIX_ACL_ACCESS) ||
  43               !strcmp(name, XATTR_POSIX_ACL_DEFAULT) ||
  44               !strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN);
  45}
  46
  47int ovl_copy_xattr(struct super_block *sb, struct dentry *old,
  48                   struct dentry *new)
  49{
  50        ssize_t list_size, size, value_size = 0;
  51        char *buf, *name, *value = NULL;
  52        int error = 0;
  53        size_t slen;
  54
  55        if (!(old->d_inode->i_opflags & IOP_XATTR) ||
  56            !(new->d_inode->i_opflags & IOP_XATTR))
  57                return 0;
  58
  59        list_size = vfs_listxattr(old, NULL, 0);
  60        if (list_size <= 0) {
  61                if (list_size == -EOPNOTSUPP)
  62                        return 0;
  63                return list_size;
  64        }
  65
  66        buf = kvzalloc(list_size, GFP_KERNEL);
  67        if (!buf)
  68                return -ENOMEM;
  69
  70        list_size = vfs_listxattr(old, buf, list_size);
  71        if (list_size <= 0) {
  72                error = list_size;
  73                goto out;
  74        }
  75
  76        for (name = buf; list_size; name += slen) {
  77                slen = strnlen(name, list_size) + 1;
  78
  79                /* underlying fs providing us with an broken xattr list? */
  80                if (WARN_ON(slen > list_size)) {
  81                        error = -EIO;
  82                        break;
  83                }
  84                list_size -= slen;
  85
  86                if (ovl_is_private_xattr(sb, name))
  87                        continue;
  88
  89                error = security_inode_copy_up_xattr(name);
  90                if (error < 0 && error != -EOPNOTSUPP)
  91                        break;
  92                if (error == 1) {
  93                        error = 0;
  94                        continue; /* Discard */
  95                }
  96retry:
  97                size = vfs_getxattr(&init_user_ns, old, name, value, value_size);
  98                if (size == -ERANGE)
  99                        size = vfs_getxattr(&init_user_ns, old, name, NULL, 0);
 100
 101                if (size < 0) {
 102                        error = size;
 103                        break;
 104                }
 105
 106                if (size > value_size) {
 107                        void *new;
 108
 109                        new = kvmalloc(size, GFP_KERNEL);
 110                        if (!new) {
 111                                error = -ENOMEM;
 112                                break;
 113                        }
 114                        kvfree(value);
 115                        value = new;
 116                        value_size = size;
 117                        goto retry;
 118                }
 119
 120                error = vfs_setxattr(&init_user_ns, new, name, value, size, 0);
 121                if (error) {
 122                        if (error != -EOPNOTSUPP || ovl_must_copy_xattr(name))
 123                                break;
 124
 125                        /* Ignore failure to copy unknown xattrs */
 126                        error = 0;
 127                }
 128        }
 129        kvfree(value);
 130out:
 131        kvfree(buf);
 132        return error;
 133}
 134
 135static int ovl_copy_fileattr(struct inode *inode, struct path *old,
 136                             struct path *new)
 137{
 138        struct fileattr oldfa = { .flags_valid = true };
 139        struct fileattr newfa = { .flags_valid = true };
 140        int err;
 141
 142        err = ovl_real_fileattr_get(old, &oldfa);
 143        if (err)
 144                return err;
 145
 146        err = ovl_real_fileattr_get(new, &newfa);
 147        if (err)
 148                return err;
 149
 150        /*
 151         * We cannot set immutable and append-only flags on upper inode,
 152         * because we would not be able to link upper inode to upper dir
 153         * not set overlay private xattr on upper inode.
 154         * Store these flags in overlay.protattr xattr instead.
 155         */
 156        if (oldfa.flags & OVL_PROT_FS_FLAGS_MASK) {
 157                err = ovl_set_protattr(inode, new->dentry, &oldfa);
 158                if (err)
 159                        return err;
 160        }
 161
 162        BUILD_BUG_ON(OVL_COPY_FS_FLAGS_MASK & ~FS_COMMON_FL);
 163        newfa.flags &= ~OVL_COPY_FS_FLAGS_MASK;
 164        newfa.flags |= (oldfa.flags & OVL_COPY_FS_FLAGS_MASK);
 165
 166        BUILD_BUG_ON(OVL_COPY_FSX_FLAGS_MASK & ~FS_XFLAG_COMMON);
 167        newfa.fsx_xflags &= ~OVL_COPY_FSX_FLAGS_MASK;
 168        newfa.fsx_xflags |= (oldfa.fsx_xflags & OVL_COPY_FSX_FLAGS_MASK);
 169
 170        return ovl_real_fileattr_set(new, &newfa);
 171}
 172
 173static int ovl_copy_up_data(struct ovl_fs *ofs, struct path *old,
 174                            struct path *new, loff_t len)
 175{
 176        struct file *old_file;
 177        struct file *new_file;
 178        loff_t old_pos = 0;
 179        loff_t new_pos = 0;
 180        loff_t cloned;
 181        loff_t data_pos = -1;
 182        loff_t hole_len;
 183        bool skip_hole = false;
 184        int error = 0;
 185
 186        if (len == 0)
 187                return 0;
 188
 189        old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY);
 190        if (IS_ERR(old_file))
 191                return PTR_ERR(old_file);
 192
 193        new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY);
 194        if (IS_ERR(new_file)) {
 195                error = PTR_ERR(new_file);
 196                goto out_fput;
 197        }
 198
 199        /* Try to use clone_file_range to clone up within the same fs */
 200        cloned = do_clone_file_range(old_file, 0, new_file, 0, len, 0);
 201        if (cloned == len)
 202                goto out;
 203        /* Couldn't clone, so now we try to copy the data */
 204
 205        /* Check if lower fs supports seek operation */
 206        if (old_file->f_mode & FMODE_LSEEK &&
 207            old_file->f_op->llseek)
 208                skip_hole = true;
 209
 210        while (len) {
 211                size_t this_len = OVL_COPY_UP_CHUNK_SIZE;
 212                long bytes;
 213
 214                if (len < this_len)
 215                        this_len = len;
 216
 217                if (signal_pending_state(TASK_KILLABLE, current)) {
 218                        error = -EINTR;
 219                        break;
 220                }
 221
 222                /*
 223                 * Fill zero for hole will cost unnecessary disk space
 224                 * and meanwhile slow down the copy-up speed, so we do
 225                 * an optimization for hole during copy-up, it relies
 226                 * on SEEK_DATA implementation in lower fs so if lower
 227                 * fs does not support it, copy-up will behave as before.
 228                 *
 229                 * Detail logic of hole detection as below:
 230                 * When we detect next data position is larger than current
 231                 * position we will skip that hole, otherwise we copy
 232                 * data in the size of OVL_COPY_UP_CHUNK_SIZE. Actually,
 233                 * it may not recognize all kind of holes and sometimes
 234                 * only skips partial of hole area. However, it will be
 235                 * enough for most of the use cases.
 236                 */
 237
 238                if (skip_hole && data_pos < old_pos) {
 239                        data_pos = vfs_llseek(old_file, old_pos, SEEK_DATA);
 240                        if (data_pos > old_pos) {
 241                                hole_len = data_pos - old_pos;
 242                                len -= hole_len;
 243                                old_pos = new_pos = data_pos;
 244                                continue;
 245                        } else if (data_pos == -ENXIO) {
 246                                break;
 247                        } else if (data_pos < 0) {
 248                                skip_hole = false;
 249                        }
 250                }
 251
 252                bytes = do_splice_direct(old_file, &old_pos,
 253                                         new_file, &new_pos,
 254                                         this_len, SPLICE_F_MOVE);
 255                if (bytes <= 0) {
 256                        error = bytes;
 257                        break;
 258                }
 259                WARN_ON(old_pos != new_pos);
 260
 261                len -= bytes;
 262        }
 263out:
 264        if (!error && ovl_should_sync(ofs))
 265                error = vfs_fsync(new_file, 0);
 266        fput(new_file);
 267out_fput:
 268        fput(old_file);
 269        return error;
 270}
 271
 272static int ovl_set_size(struct dentry *upperdentry, struct kstat *stat)
 273{
 274        struct iattr attr = {
 275                .ia_valid = ATTR_SIZE,
 276                .ia_size = stat->size,
 277        };
 278
 279        return notify_change(&init_user_ns, upperdentry, &attr, NULL);
 280}
 281
 282static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat)
 283{
 284        struct iattr attr = {
 285                .ia_valid =
 286                     ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET,
 287                .ia_atime = stat->atime,
 288                .ia_mtime = stat->mtime,
 289        };
 290
 291        return notify_change(&init_user_ns, upperdentry, &attr, NULL);
 292}
 293
 294int ovl_set_attr(struct dentry *upperdentry, struct kstat *stat)
 295{
 296        int err = 0;
 297
 298        if (!S_ISLNK(stat->mode)) {
 299                struct iattr attr = {
 300                        .ia_valid = ATTR_MODE,
 301                        .ia_mode = stat->mode,
 302                };
 303                err = notify_change(&init_user_ns, upperdentry, &attr, NULL);
 304        }
 305        if (!err) {
 306                struct iattr attr = {
 307                        .ia_valid = ATTR_UID | ATTR_GID,
 308                        .ia_uid = stat->uid,
 309                        .ia_gid = stat->gid,
 310                };
 311                err = notify_change(&init_user_ns, upperdentry, &attr, NULL);
 312        }
 313        if (!err)
 314                ovl_set_timestamps(upperdentry, stat);
 315
 316        return err;
 317}
 318
 319struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real,
 320                                  bool is_upper)
 321{
 322        struct ovl_fh *fh;
 323        int fh_type, dwords;
 324        int buflen = MAX_HANDLE_SZ;
 325        uuid_t *uuid = &real->d_sb->s_uuid;
 326        int err;
 327
 328        /* Make sure the real fid stays 32bit aligned */
 329        BUILD_BUG_ON(OVL_FH_FID_OFFSET % 4);
 330        BUILD_BUG_ON(MAX_HANDLE_SZ + OVL_FH_FID_OFFSET > 255);
 331
 332        fh = kzalloc(buflen + OVL_FH_FID_OFFSET, GFP_KERNEL);
 333        if (!fh)
 334                return ERR_PTR(-ENOMEM);
 335
 336        /*
 337         * We encode a non-connectable file handle for non-dir, because we
 338         * only need to find the lower inode number and we don't want to pay
 339         * the price or reconnecting the dentry.
 340         */
 341        dwords = buflen >> 2;
 342        fh_type = exportfs_encode_fh(real, (void *)fh->fb.fid, &dwords, 0);
 343        buflen = (dwords << 2);
 344
 345        err = -EIO;
 346        if (WARN_ON(fh_type < 0) ||
 347            WARN_ON(buflen > MAX_HANDLE_SZ) ||
 348            WARN_ON(fh_type == FILEID_INVALID))
 349                goto out_err;
 350
 351        fh->fb.version = OVL_FH_VERSION;
 352        fh->fb.magic = OVL_FH_MAGIC;
 353        fh->fb.type = fh_type;
 354        fh->fb.flags = OVL_FH_FLAG_CPU_ENDIAN;
 355        /*
 356         * When we will want to decode an overlay dentry from this handle
 357         * and all layers are on the same fs, if we get a disconncted real
 358         * dentry when we decode fid, the only way to tell if we should assign
 359         * it to upperdentry or to lowerstack is by checking this flag.
 360         */
 361        if (is_upper)
 362                fh->fb.flags |= OVL_FH_FLAG_PATH_UPPER;
 363        fh->fb.len = sizeof(fh->fb) + buflen;
 364        if (ofs->config.uuid)
 365                fh->fb.uuid = *uuid;
 366
 367        return fh;
 368
 369out_err:
 370        kfree(fh);
 371        return ERR_PTR(err);
 372}
 373
 374int ovl_set_origin(struct ovl_fs *ofs, struct dentry *lower,
 375                   struct dentry *upper)
 376{
 377        const struct ovl_fh *fh = NULL;
 378        int err;
 379
 380        /*
 381         * When lower layer doesn't support export operations store a 'null' fh,
 382         * so we can use the overlay.origin xattr to distignuish between a copy
 383         * up and a pure upper inode.
 384         */
 385        if (ovl_can_decode_fh(lower->d_sb)) {
 386                fh = ovl_encode_real_fh(ofs, lower, false);
 387                if (IS_ERR(fh))
 388                        return PTR_ERR(fh);
 389        }
 390
 391        /*
 392         * Do not fail when upper doesn't support xattrs.
 393         */
 394        err = ovl_check_setxattr(ofs, upper, OVL_XATTR_ORIGIN, fh->buf,
 395                                 fh ? fh->fb.len : 0, 0);
 396        kfree(fh);
 397
 398        /* Ignore -EPERM from setting "user.*" on symlink/special */
 399        return err == -EPERM ? 0 : err;
 400}
 401
 402/* Store file handle of @upper dir in @index dir entry */
 403static int ovl_set_upper_fh(struct ovl_fs *ofs, struct dentry *upper,
 404                            struct dentry *index)
 405{
 406        const struct ovl_fh *fh;
 407        int err;
 408
 409        fh = ovl_encode_real_fh(ofs, upper, true);
 410        if (IS_ERR(fh))
 411                return PTR_ERR(fh);
 412
 413        err = ovl_do_setxattr(ofs, index, OVL_XATTR_UPPER, fh->buf, fh->fb.len);
 414
 415        kfree(fh);
 416        return err;
 417}
 418
 419/*
 420 * Create and install index entry.
 421 *
 422 * Caller must hold i_mutex on indexdir.
 423 */
 424static int ovl_create_index(struct dentry *dentry, struct dentry *origin,
 425                            struct dentry *upper)
 426{
 427        struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
 428        struct dentry *indexdir = ovl_indexdir(dentry->d_sb);
 429        struct inode *dir = d_inode(indexdir);
 430        struct dentry *index = NULL;
 431        struct dentry *temp = NULL;
 432        struct qstr name = { };
 433        int err;
 434
 435        /*
 436         * For now this is only used for creating index entry for directories,
 437         * because non-dir are copied up directly to index and then hardlinked
 438         * to upper dir.
 439         *
 440         * TODO: implement create index for non-dir, so we can call it when
 441         * encoding file handle for non-dir in case index does not exist.
 442         */
 443        if (WARN_ON(!d_is_dir(dentry)))
 444                return -EIO;
 445
 446        /* Directory not expected to be indexed before copy up */
 447        if (WARN_ON(ovl_test_flag(OVL_INDEX, d_inode(dentry))))
 448                return -EIO;
 449
 450        err = ovl_get_index_name(ofs, origin, &name);
 451        if (err)
 452                return err;
 453
 454        temp = ovl_create_temp(indexdir, OVL_CATTR(S_IFDIR | 0));
 455        err = PTR_ERR(temp);
 456        if (IS_ERR(temp))
 457                goto free_name;
 458
 459        err = ovl_set_upper_fh(ofs, upper, temp);
 460        if (err)
 461                goto out;
 462
 463        index = lookup_one_len(name.name, indexdir, name.len);
 464        if (IS_ERR(index)) {
 465                err = PTR_ERR(index);
 466        } else {
 467                err = ovl_do_rename(dir, temp, dir, index, 0);
 468                dput(index);
 469        }
 470out:
 471        if (err)
 472                ovl_cleanup(dir, temp);
 473        dput(temp);
 474free_name:
 475        kfree(name.name);
 476        return err;
 477}
 478
 479struct ovl_copy_up_ctx {
 480        struct dentry *parent;
 481        struct dentry *dentry;
 482        struct path lowerpath;
 483        struct kstat stat;
 484        struct kstat pstat;
 485        const char *link;
 486        struct dentry *destdir;
 487        struct qstr destname;
 488        struct dentry *workdir;
 489        bool origin;
 490        bool indexed;
 491        bool metacopy;
 492};
 493
 494static int ovl_link_up(struct ovl_copy_up_ctx *c)
 495{
 496        int err;
 497        struct dentry *upper;
 498        struct dentry *upperdir = ovl_dentry_upper(c->parent);
 499        struct inode *udir = d_inode(upperdir);
 500
 501        /* Mark parent "impure" because it may now contain non-pure upper */
 502        err = ovl_set_impure(c->parent, upperdir);
 503        if (err)
 504                return err;
 505
 506        err = ovl_set_nlink_lower(c->dentry);
 507        if (err)
 508                return err;
 509
 510        inode_lock_nested(udir, I_MUTEX_PARENT);
 511        upper = lookup_one_len(c->dentry->d_name.name, upperdir,
 512                               c->dentry->d_name.len);
 513        err = PTR_ERR(upper);
 514        if (!IS_ERR(upper)) {
 515                err = ovl_do_link(ovl_dentry_upper(c->dentry), udir, upper);
 516                dput(upper);
 517
 518                if (!err) {
 519                        /* Restore timestamps on parent (best effort) */
 520                        ovl_set_timestamps(upperdir, &c->pstat);
 521                        ovl_dentry_set_upper_alias(c->dentry);
 522                }
 523        }
 524        inode_unlock(udir);
 525        if (err)
 526                return err;
 527
 528        err = ovl_set_nlink_upper(c->dentry);
 529
 530        return err;
 531}
 532
 533static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp)
 534{
 535        struct ovl_fs *ofs = OVL_FS(c->dentry->d_sb);
 536        struct inode *inode = d_inode(c->dentry);
 537        struct path upperpath, datapath;
 538        int err;
 539
 540        ovl_path_upper(c->dentry, &upperpath);
 541        if (WARN_ON(upperpath.dentry != NULL))
 542                return -EIO;
 543
 544        upperpath.dentry = temp;
 545
 546        /*
 547         * Copy up data first and then xattrs. Writing data after
 548         * xattrs will remove security.capability xattr automatically.
 549         */
 550        if (S_ISREG(c->stat.mode) && !c->metacopy) {
 551                ovl_path_lowerdata(c->dentry, &datapath);
 552                err = ovl_copy_up_data(ofs, &datapath, &upperpath,
 553                                       c->stat.size);
 554                if (err)
 555                        return err;
 556        }
 557
 558        err = ovl_copy_xattr(c->dentry->d_sb, c->lowerpath.dentry, temp);
 559        if (err)
 560                return err;
 561
 562        if (inode->i_flags & OVL_COPY_I_FLAGS_MASK) {
 563                /*
 564                 * Copy the fileattr inode flags that are the source of already
 565                 * copied i_flags
 566                 */
 567                err = ovl_copy_fileattr(inode, &c->lowerpath, &upperpath);
 568                if (err)
 569                        return err;
 570        }
 571
 572        /*
 573         * Store identifier of lower inode in upper inode xattr to
 574         * allow lookup of the copy up origin inode.
 575         *
 576         * Don't set origin when we are breaking the association with a lower
 577         * hard link.
 578         */
 579        if (c->origin) {
 580                err = ovl_set_origin(ofs, c->lowerpath.dentry, temp);
 581                if (err)
 582                        return err;
 583        }
 584
 585        if (c->metacopy) {
 586                err = ovl_check_setxattr(ofs, temp, OVL_XATTR_METACOPY,
 587                                         NULL, 0, -EOPNOTSUPP);
 588                if (err)
 589                        return err;
 590        }
 591
 592        inode_lock(temp->d_inode);
 593        if (S_ISREG(c->stat.mode))
 594                err = ovl_set_size(temp, &c->stat);
 595        if (!err)
 596                err = ovl_set_attr(temp, &c->stat);
 597        inode_unlock(temp->d_inode);
 598
 599        return err;
 600}
 601
 602struct ovl_cu_creds {
 603        const struct cred *old;
 604        struct cred *new;
 605};
 606
 607static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
 608{
 609        int err;
 610
 611        cc->old = cc->new = NULL;
 612        err = security_inode_copy_up(dentry, &cc->new);
 613        if (err < 0)
 614                return err;
 615
 616        if (cc->new)
 617                cc->old = override_creds(cc->new);
 618
 619        return 0;
 620}
 621
 622static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)
 623{
 624        if (cc->new) {
 625                revert_creds(cc->old);
 626                put_cred(cc->new);
 627        }
 628}
 629
 630/*
 631 * Copyup using workdir to prepare temp file.  Used when copying up directories,
 632 * special files or when upper fs doesn't support O_TMPFILE.
 633 */
 634static int ovl_copy_up_workdir(struct ovl_copy_up_ctx *c)
 635{
 636        struct inode *inode;
 637        struct inode *udir = d_inode(c->destdir), *wdir = d_inode(c->workdir);
 638        struct dentry *temp, *upper;
 639        struct ovl_cu_creds cc;
 640        int err;
 641        struct ovl_cattr cattr = {
 642                /* Can't properly set mode on creation because of the umask */
 643                .mode = c->stat.mode & S_IFMT,
 644                .rdev = c->stat.rdev,
 645                .link = c->link
 646        };
 647
 648        /* workdir and destdir could be the same when copying up to indexdir */
 649        err = -EIO;
 650        if (lock_rename(c->workdir, c->destdir) != NULL)
 651                goto unlock;
 652
 653        err = ovl_prep_cu_creds(c->dentry, &cc);
 654        if (err)
 655                goto unlock;
 656
 657        temp = ovl_create_temp(c->workdir, &cattr);
 658        ovl_revert_cu_creds(&cc);
 659
 660        err = PTR_ERR(temp);
 661        if (IS_ERR(temp))
 662                goto unlock;
 663
 664        err = ovl_copy_up_inode(c, temp);
 665        if (err)
 666                goto cleanup;
 667
 668        if (S_ISDIR(c->stat.mode) && c->indexed) {
 669                err = ovl_create_index(c->dentry, c->lowerpath.dentry, temp);
 670                if (err)
 671                        goto cleanup;
 672        }
 673
 674        upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);
 675        err = PTR_ERR(upper);
 676        if (IS_ERR(upper))
 677                goto cleanup;
 678
 679        err = ovl_do_rename(wdir, temp, udir, upper, 0);
 680        dput(upper);
 681        if (err)
 682                goto cleanup;
 683
 684        if (!c->metacopy)
 685                ovl_set_upperdata(d_inode(c->dentry));
 686        inode = d_inode(c->dentry);
 687        ovl_inode_update(inode, temp);
 688        if (S_ISDIR(inode->i_mode))
 689                ovl_set_flag(OVL_WHITEOUTS, inode);
 690unlock:
 691        unlock_rename(c->workdir, c->destdir);
 692
 693        return err;
 694
 695cleanup:
 696        ovl_cleanup(wdir, temp);
 697        dput(temp);
 698        goto unlock;
 699}
 700
 701/* Copyup using O_TMPFILE which does not require cross dir locking */
 702static int ovl_copy_up_tmpfile(struct ovl_copy_up_ctx *c)
 703{
 704        struct inode *udir = d_inode(c->destdir);
 705        struct dentry *temp, *upper;
 706        struct ovl_cu_creds cc;
 707        int err;
 708
 709        err = ovl_prep_cu_creds(c->dentry, &cc);
 710        if (err)
 711                return err;
 712
 713        temp = ovl_do_tmpfile(c->workdir, c->stat.mode);
 714        ovl_revert_cu_creds(&cc);
 715
 716        if (IS_ERR(temp))
 717                return PTR_ERR(temp);
 718
 719        err = ovl_copy_up_inode(c, temp);
 720        if (err)
 721                goto out_dput;
 722
 723        inode_lock_nested(udir, I_MUTEX_PARENT);
 724
 725        upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);
 726        err = PTR_ERR(upper);
 727        if (!IS_ERR(upper)) {
 728                err = ovl_do_link(temp, udir, upper);
 729                dput(upper);
 730        }
 731        inode_unlock(udir);
 732
 733        if (err)
 734                goto out_dput;
 735
 736        if (!c->metacopy)
 737                ovl_set_upperdata(d_inode(c->dentry));
 738        ovl_inode_update(d_inode(c->dentry), temp);
 739
 740        return 0;
 741
 742out_dput:
 743        dput(temp);
 744        return err;
 745}
 746
 747/*
 748 * Copy up a single dentry
 749 *
 750 * All renames start with copy up of source if necessary.  The actual
 751 * rename will only proceed once the copy up was successful.  Copy up uses
 752 * upper parent i_mutex for exclusion.  Since rename can change d_parent it
 753 * is possible that the copy up will lock the old parent.  At that point
 754 * the file will have already been copied up anyway.
 755 */
 756static int ovl_do_copy_up(struct ovl_copy_up_ctx *c)
 757{
 758        int err;
 759        struct ovl_fs *ofs = OVL_FS(c->dentry->d_sb);
 760        bool to_index = false;
 761
 762        /*
 763         * Indexed non-dir is copied up directly to the index entry and then
 764         * hardlinked to upper dir. Indexed dir is copied up to indexdir,
 765         * then index entry is created and then copied up dir installed.
 766         * Copying dir up to indexdir instead of workdir simplifies locking.
 767         */
 768        if (ovl_need_index(c->dentry)) {
 769                c->indexed = true;
 770                if (S_ISDIR(c->stat.mode))
 771                        c->workdir = ovl_indexdir(c->dentry->d_sb);
 772                else
 773                        to_index = true;
 774        }
 775
 776        if (S_ISDIR(c->stat.mode) || c->stat.nlink == 1 || to_index)
 777                c->origin = true;
 778
 779        if (to_index) {
 780                c->destdir = ovl_indexdir(c->dentry->d_sb);
 781                err = ovl_get_index_name(ofs, c->lowerpath.dentry, &c->destname);
 782                if (err)
 783                        return err;
 784        } else if (WARN_ON(!c->parent)) {
 785                /* Disconnected dentry must be copied up to index dir */
 786                return -EIO;
 787        } else {
 788                /*
 789                 * Mark parent "impure" because it may now contain non-pure
 790                 * upper
 791                 */
 792                err = ovl_set_impure(c->parent, c->destdir);
 793                if (err)
 794                        return err;
 795        }
 796
 797        /* Should we copyup with O_TMPFILE or with workdir? */
 798        if (S_ISREG(c->stat.mode) && ofs->tmpfile)
 799                err = ovl_copy_up_tmpfile(c);
 800        else
 801                err = ovl_copy_up_workdir(c);
 802        if (err)
 803                goto out;
 804
 805        if (c->indexed)
 806                ovl_set_flag(OVL_INDEX, d_inode(c->dentry));
 807
 808        if (to_index) {
 809                /* Initialize nlink for copy up of disconnected dentry */
 810                err = ovl_set_nlink_upper(c->dentry);
 811        } else {
 812                struct inode *udir = d_inode(c->destdir);
 813
 814                /* Restore timestamps on parent (best effort) */
 815                inode_lock(udir);
 816                ovl_set_timestamps(c->destdir, &c->pstat);
 817                inode_unlock(udir);
 818
 819                ovl_dentry_set_upper_alias(c->dentry);
 820        }
 821
 822out:
 823        if (to_index)
 824                kfree(c->destname.name);
 825        return err;
 826}
 827
 828static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode,
 829                                  int flags)
 830{
 831        struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
 832
 833        if (!ofs->config.metacopy)
 834                return false;
 835
 836        if (!S_ISREG(mode))
 837                return false;
 838
 839        if (flags && ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC)))
 840                return false;
 841
 842        return true;
 843}
 844
 845static ssize_t ovl_getxattr(struct dentry *dentry, char *name, char **value)
 846{
 847        ssize_t res;
 848        char *buf;
 849
 850        res = vfs_getxattr(&init_user_ns, dentry, name, NULL, 0);
 851        if (res == -ENODATA || res == -EOPNOTSUPP)
 852                res = 0;
 853
 854        if (res > 0) {
 855                buf = kzalloc(res, GFP_KERNEL);
 856                if (!buf)
 857                        return -ENOMEM;
 858
 859                res = vfs_getxattr(&init_user_ns, dentry, name, buf, res);
 860                if (res < 0)
 861                        kfree(buf);
 862                else
 863                        *value = buf;
 864        }
 865        return res;
 866}
 867
 868/* Copy up data of an inode which was copied up metadata only in the past. */
 869static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c)
 870{
 871        struct ovl_fs *ofs = OVL_FS(c->dentry->d_sb);
 872        struct path upperpath, datapath;
 873        int err;
 874        char *capability = NULL;
 875        ssize_t cap_size;
 876
 877        ovl_path_upper(c->dentry, &upperpath);
 878        if (WARN_ON(upperpath.dentry == NULL))
 879                return -EIO;
 880
 881        ovl_path_lowerdata(c->dentry, &datapath);
 882        if (WARN_ON(datapath.dentry == NULL))
 883                return -EIO;
 884
 885        if (c->stat.size) {
 886                err = cap_size = ovl_getxattr(upperpath.dentry, XATTR_NAME_CAPS,
 887                                              &capability);
 888                if (cap_size < 0)
 889                        goto out;
 890        }
 891
 892        err = ovl_copy_up_data(ofs, &datapath, &upperpath, c->stat.size);
 893        if (err)
 894                goto out_free;
 895
 896        /*
 897         * Writing to upper file will clear security.capability xattr. We
 898         * don't want that to happen for normal copy-up operation.
 899         */
 900        if (capability) {
 901                err = vfs_setxattr(&init_user_ns, upperpath.dentry,
 902                                   XATTR_NAME_CAPS, capability, cap_size, 0);
 903                if (err)
 904                        goto out_free;
 905        }
 906
 907
 908        err = ovl_do_removexattr(ofs, upperpath.dentry, OVL_XATTR_METACOPY);
 909        if (err)
 910                goto out_free;
 911
 912        ovl_set_upperdata(d_inode(c->dentry));
 913out_free:
 914        kfree(capability);
 915out:
 916        return err;
 917}
 918
 919static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
 920                           int flags)
 921{
 922        int err;
 923        DEFINE_DELAYED_CALL(done);
 924        struct path parentpath;
 925        struct ovl_copy_up_ctx ctx = {
 926                .parent = parent,
 927                .dentry = dentry,
 928                .workdir = ovl_workdir(dentry),
 929        };
 930
 931        if (WARN_ON(!ctx.workdir))
 932                return -EROFS;
 933
 934        ovl_path_lower(dentry, &ctx.lowerpath);
 935        err = vfs_getattr(&ctx.lowerpath, &ctx.stat,
 936                          STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
 937        if (err)
 938                return err;
 939
 940        ctx.metacopy = ovl_need_meta_copy_up(dentry, ctx.stat.mode, flags);
 941
 942        if (parent) {
 943                ovl_path_upper(parent, &parentpath);
 944                ctx.destdir = parentpath.dentry;
 945                ctx.destname = dentry->d_name;
 946
 947                err = vfs_getattr(&parentpath, &ctx.pstat,
 948                                  STATX_ATIME | STATX_MTIME,
 949                                  AT_STATX_SYNC_AS_STAT);
 950                if (err)
 951                        return err;
 952        }
 953
 954        /* maybe truncate regular file. this has no effect on dirs */
 955        if (flags & O_TRUNC)
 956                ctx.stat.size = 0;
 957
 958        if (S_ISLNK(ctx.stat.mode)) {
 959                ctx.link = vfs_get_link(ctx.lowerpath.dentry, &done);
 960                if (IS_ERR(ctx.link))
 961                        return PTR_ERR(ctx.link);
 962        }
 963
 964        err = ovl_copy_up_start(dentry, flags);
 965        /* err < 0: interrupted, err > 0: raced with another copy-up */
 966        if (unlikely(err)) {
 967                if (err > 0)
 968                        err = 0;
 969        } else {
 970                if (!ovl_dentry_upper(dentry))
 971                        err = ovl_do_copy_up(&ctx);
 972                if (!err && parent && !ovl_dentry_has_upper_alias(dentry))
 973                        err = ovl_link_up(&ctx);
 974                if (!err && ovl_dentry_needs_data_copy_up_locked(dentry, flags))
 975                        err = ovl_copy_up_meta_inode_data(&ctx);
 976                ovl_copy_up_end(dentry);
 977        }
 978        do_delayed_call(&done);
 979
 980        return err;
 981}
 982
 983static int ovl_copy_up_flags(struct dentry *dentry, int flags)
 984{
 985        int err = 0;
 986        const struct cred *old_cred;
 987        bool disconnected = (dentry->d_flags & DCACHE_DISCONNECTED);
 988
 989        /*
 990         * With NFS export, copy up can get called for a disconnected non-dir.
 991         * In this case, we will copy up lower inode to index dir without
 992         * linking it to upper dir.
 993         */
 994        if (WARN_ON(disconnected && d_is_dir(dentry)))
 995                return -EIO;
 996
 997        old_cred = ovl_override_creds(dentry->d_sb);
 998        while (!err) {
 999                struct dentry *next;
1000                struct dentry *parent = NULL;

1001
1002                if (ovl_already_copied_up(dentry, flags))
1003                        break;
1004
1005                next = dget(dentry);
1006                /* find the topmost dentry not yet copied up */
1007                for (; !disconnected;) {
1008                        parent = dget_parent(next);
1009
1010                        if (ovl_dentry_upper(parent))
1011                                break;
1012
1013                        dput(next);
1014                        next = parent;
1015                }
1016
1017                err = ovl_copy_up_one(parent, next, flags);
1018
1019                dput(parent);
1020                dput(next);
1021        }
1022        revert_creds(old_cred);
1023
1024        return err;
1025}
1026
1027static bool ovl_open_need_copy_up(struct dentry *dentry, int flags)
1028{
1029        /* Copy up of disconnected dentry does not set upper alias */
1030        if (ovl_already_copied_up(dentry, flags))
1031                return false;
1032
1033        if (special_file(d_inode(dentry)->i_mode))
1034                return false;
1035
1036        if (!ovl_open_flags_need_copy_up(flags))
1037                return false;
1038
1039        return true;
1040}
1041
1042int ovl_maybe_copy_up(struct dentry *dentry, int flags)
1043{
1044        int err = 0;
1045
1046        if (ovl_open_need_copy_up(dentry, flags)) {
1047                err = ovl_want_write(dentry);
1048                if (!err) {
1049                        err = ovl_copy_up_flags(dentry, flags);
1050                        ovl_drop_write(dentry);
1051                }
1052        }
1053
1054        return err;
1055}
1056
1057int ovl_copy_up_with_data(struct dentry *dentry)
1058{
1059        return ovl_copy_up_flags(dentry, O_WRONLY);
1060}
1061
1062int ovl_copy_up(struct dentry *dentry)
1063{
1064        return ovl_copy_up_flags(dentry, 0);
1065}
1066