1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* |
3 | * |
4 | * Copyright (C) 2011 Novell Inc. |
5 | */ |
6 | |
7 | #include <linux/module.h> |
8 | #include <linux/fs.h> |
9 | #include <linux/slab.h> |
10 | #include <linux/file.h> |
11 | #include <linux/fileattr.h> |
12 | #include <linux/splice.h> |
13 | #include <linux/xattr.h> |
14 | #include <linux/security.h> |
15 | #include <linux/uaccess.h> |
16 | #include <linux/sched/signal.h> |
17 | #include <linux/cred.h> |
18 | #include <linux/namei.h> |
19 | #include <linux/fdtable.h> |
20 | #include <linux/ratelimit.h> |
21 | #include <linux/exportfs.h> |
22 | #include "overlayfs.h" |
23 | |
24 | #define OVL_COPY_UP_CHUNK_SIZE (1 << 20) |
25 | |
26 | static int ovl_ccup_set(const char *buf, const struct kernel_param *param) |
27 | { |
28 | pr_warn("\"check_copy_up\" module option is obsolete\n" ); |
29 | return 0; |
30 | } |
31 | |
32 | static int ovl_ccup_get(char *buf, const struct kernel_param *param) |
33 | { |
34 | return sprintf(buf, fmt: "N\n" ); |
35 | } |
36 | |
37 | module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644); |
38 | MODULE_PARM_DESC(check_copy_up, "Obsolete; does nothing" ); |
39 | |
40 | static bool ovl_must_copy_xattr(const char *name) |
41 | { |
42 | return !strcmp(name, XATTR_POSIX_ACL_ACCESS) || |
43 | !strcmp(name, XATTR_POSIX_ACL_DEFAULT) || |
44 | !strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN); |
45 | } |
46 | |
47 | static int ovl_copy_acl(struct ovl_fs *ofs, const struct path *path, |
48 | struct dentry *dentry, const char *acl_name) |
49 | { |
50 | int err; |
51 | struct posix_acl *clone, *real_acl = NULL; |
52 | |
53 | real_acl = ovl_get_acl_path(path, acl_name, noperm: false); |
54 | if (!real_acl) |
55 | return 0; |
56 | |
57 | if (IS_ERR(ptr: real_acl)) { |
58 | err = PTR_ERR(ptr: real_acl); |
59 | if (err == -ENODATA || err == -EOPNOTSUPP) |
60 | return 0; |
61 | return err; |
62 | } |
63 | |
64 | clone = posix_acl_clone(acl: real_acl, GFP_KERNEL); |
65 | posix_acl_release(acl: real_acl); /* release original acl */ |
66 | if (!clone) |
67 | return -ENOMEM; |
68 | |
69 | err = ovl_do_set_acl(ofs, dentry, acl_name, acl: clone); |
70 | |
71 | /* release cloned acl */ |
72 | posix_acl_release(acl: clone); |
73 | return err; |
74 | } |
75 | |
76 | int ovl_copy_xattr(struct super_block *sb, const struct path *oldpath, struct dentry *new) |
77 | { |
78 | struct dentry *old = oldpath->dentry; |
79 | ssize_t list_size, size, value_size = 0; |
80 | char *buf, *name, *value = NULL; |
81 | int error = 0; |
82 | size_t slen; |
83 | |
84 | if (!old->d_inode->i_op->listxattr || !new->d_inode->i_op->listxattr) |
85 | return 0; |
86 | |
87 | list_size = vfs_listxattr(d: old, NULL, size: 0); |
88 | if (list_size <= 0) { |
89 | if (list_size == -EOPNOTSUPP) |
90 | return 0; |
91 | return list_size; |
92 | } |
93 | |
94 | buf = kvzalloc(size: list_size, GFP_KERNEL); |
95 | if (!buf) |
96 | return -ENOMEM; |
97 | |
98 | list_size = vfs_listxattr(d: old, list: buf, size: list_size); |
99 | if (list_size <= 0) { |
100 | error = list_size; |
101 | goto out; |
102 | } |
103 | |
104 | for (name = buf; list_size; name += slen) { |
105 | slen = strnlen(p: name, maxlen: list_size) + 1; |
106 | |
107 | /* underlying fs providing us with an broken xattr list? */ |
108 | if (WARN_ON(slen > list_size)) { |
109 | error = -EIO; |
110 | break; |
111 | } |
112 | list_size -= slen; |
113 | |
114 | if (ovl_is_private_xattr(sb, name)) |
115 | continue; |
116 | |
117 | error = security_inode_copy_up_xattr(name); |
118 | if (error < 0 && error != -EOPNOTSUPP) |
119 | break; |
120 | if (error == 1) { |
121 | error = 0; |
122 | continue; /* Discard */ |
123 | } |
124 | |
125 | if (is_posix_acl_xattr(name)) { |
126 | error = ovl_copy_acl(ofs: OVL_FS(sb), path: oldpath, dentry: new, acl_name: name); |
127 | if (!error) |
128 | continue; |
129 | /* POSIX ACLs must be copied. */ |
130 | break; |
131 | } |
132 | |
133 | retry: |
134 | size = ovl_do_getxattr(path: oldpath, name, value, size: value_size); |
135 | if (size == -ERANGE) |
136 | size = ovl_do_getxattr(path: oldpath, name, NULL, size: 0); |
137 | |
138 | if (size < 0) { |
139 | error = size; |
140 | break; |
141 | } |
142 | |
143 | if (size > value_size) { |
144 | void *new; |
145 | |
146 | new = kvmalloc(size, GFP_KERNEL); |
147 | if (!new) { |
148 | error = -ENOMEM; |
149 | break; |
150 | } |
151 | kvfree(addr: value); |
152 | value = new; |
153 | value_size = size; |
154 | goto retry; |
155 | } |
156 | |
157 | error = ovl_do_setxattr(ofs: OVL_FS(sb), dentry: new, name, value, size, flags: 0); |
158 | if (error) { |
159 | if (error != -EOPNOTSUPP || ovl_must_copy_xattr(name)) |
160 | break; |
161 | |
162 | /* Ignore failure to copy unknown xattrs */ |
163 | error = 0; |
164 | } |
165 | } |
166 | kvfree(addr: value); |
167 | out: |
168 | kvfree(addr: buf); |
169 | return error; |
170 | } |
171 | |
172 | static int ovl_copy_fileattr(struct inode *inode, const struct path *old, |
173 | const struct path *new) |
174 | { |
175 | struct fileattr oldfa = { .flags_valid = true }; |
176 | struct fileattr newfa = { .flags_valid = true }; |
177 | int err; |
178 | |
179 | err = ovl_real_fileattr_get(realpath: old, fa: &oldfa); |
180 | if (err) { |
181 | /* Ntfs-3g returns -EINVAL for "no fileattr support" */ |
182 | if (err == -ENOTTY || err == -EINVAL) |
183 | return 0; |
184 | pr_warn("failed to retrieve lower fileattr (%pd2, err=%i)\n" , |
185 | old->dentry, err); |
186 | return err; |
187 | } |
188 | |
189 | /* |
190 | * We cannot set immutable and append-only flags on upper inode, |
191 | * because we would not be able to link upper inode to upper dir |
192 | * not set overlay private xattr on upper inode. |
193 | * Store these flags in overlay.protattr xattr instead. |
194 | */ |
195 | if (oldfa.flags & OVL_PROT_FS_FLAGS_MASK) { |
196 | err = ovl_set_protattr(inode, upper: new->dentry, fa: &oldfa); |
197 | if (err == -EPERM) |
198 | pr_warn_once("copying fileattr: no xattr on upper\n" ); |
199 | else if (err) |
200 | return err; |
201 | } |
202 | |
203 | /* Don't bother copying flags if none are set */ |
204 | if (!(oldfa.flags & OVL_COPY_FS_FLAGS_MASK)) |
205 | return 0; |
206 | |
207 | err = ovl_real_fileattr_get(realpath: new, fa: &newfa); |
208 | if (err) { |
209 | /* |
210 | * Returning an error if upper doesn't support fileattr will |
211 | * result in a regression, so revert to the old behavior. |
212 | */ |
213 | if (err == -ENOTTY || err == -EINVAL) { |
214 | pr_warn_once("copying fileattr: no support on upper\n" ); |
215 | return 0; |
216 | } |
217 | pr_warn("failed to retrieve upper fileattr (%pd2, err=%i)\n" , |
218 | new->dentry, err); |
219 | return err; |
220 | } |
221 | |
222 | BUILD_BUG_ON(OVL_COPY_FS_FLAGS_MASK & ~FS_COMMON_FL); |
223 | newfa.flags &= ~OVL_COPY_FS_FLAGS_MASK; |
224 | newfa.flags |= (oldfa.flags & OVL_COPY_FS_FLAGS_MASK); |
225 | |
226 | BUILD_BUG_ON(OVL_COPY_FSX_FLAGS_MASK & ~FS_XFLAG_COMMON); |
227 | newfa.fsx_xflags &= ~OVL_COPY_FSX_FLAGS_MASK; |
228 | newfa.fsx_xflags |= (oldfa.fsx_xflags & OVL_COPY_FSX_FLAGS_MASK); |
229 | |
230 | return ovl_real_fileattr_set(realpath: new, fa: &newfa); |
231 | } |
232 | |
233 | static int ovl_verify_area(loff_t pos, loff_t pos2, loff_t len, loff_t totlen) |
234 | { |
235 | loff_t tmp; |
236 | |
237 | if (pos != pos2) |
238 | return -EIO; |
239 | if (pos < 0 || len < 0 || totlen < 0) |
240 | return -EIO; |
241 | if (check_add_overflow(pos, len, &tmp)) |
242 | return -EIO; |
243 | return 0; |
244 | } |
245 | |
246 | static int ovl_copy_up_file(struct ovl_fs *ofs, struct dentry *dentry, |
247 | struct file *new_file, loff_t len) |
248 | { |
249 | struct path datapath; |
250 | struct file *old_file; |
251 | loff_t old_pos = 0; |
252 | loff_t new_pos = 0; |
253 | loff_t cloned; |
254 | loff_t data_pos = -1; |
255 | loff_t hole_len; |
256 | bool skip_hole = false; |
257 | int error = 0; |
258 | |
259 | ovl_path_lowerdata(dentry, path: &datapath); |
260 | if (WARN_ON_ONCE(datapath.dentry == NULL) || |
261 | WARN_ON_ONCE(len < 0)) |
262 | return -EIO; |
263 | |
264 | old_file = ovl_path_open(path: &datapath, O_LARGEFILE | O_RDONLY); |
265 | if (IS_ERR(ptr: old_file)) |
266 | return PTR_ERR(ptr: old_file); |
267 | |
268 | /* Try to use clone_file_range to clone up within the same fs */ |
269 | cloned = vfs_clone_file_range(file_in: old_file, pos_in: 0, file_out: new_file, pos_out: 0, len, remap_flags: 0); |
270 | if (cloned == len) |
271 | goto out_fput; |
272 | |
273 | /* Couldn't clone, so now we try to copy the data */ |
274 | error = rw_verify_area(READ, old_file, &old_pos, len); |
275 | if (!error) |
276 | error = rw_verify_area(WRITE, new_file, &new_pos, len); |
277 | if (error) |
278 | goto out_fput; |
279 | |
280 | /* Check if lower fs supports seek operation */ |
281 | if (old_file->f_mode & FMODE_LSEEK) |
282 | skip_hole = true; |
283 | |
284 | while (len) { |
285 | size_t this_len = OVL_COPY_UP_CHUNK_SIZE; |
286 | ssize_t bytes; |
287 | |
288 | if (len < this_len) |
289 | this_len = len; |
290 | |
291 | if (signal_pending_state(TASK_KILLABLE, current)) { |
292 | error = -EINTR; |
293 | break; |
294 | } |
295 | |
296 | /* |
297 | * Fill zero for hole will cost unnecessary disk space |
298 | * and meanwhile slow down the copy-up speed, so we do |
299 | * an optimization for hole during copy-up, it relies |
300 | * on SEEK_DATA implementation in lower fs so if lower |
301 | * fs does not support it, copy-up will behave as before. |
302 | * |
303 | * Detail logic of hole detection as below: |
304 | * When we detect next data position is larger than current |
305 | * position we will skip that hole, otherwise we copy |
306 | * data in the size of OVL_COPY_UP_CHUNK_SIZE. Actually, |
307 | * it may not recognize all kind of holes and sometimes |
308 | * only skips partial of hole area. However, it will be |
309 | * enough for most of the use cases. |
310 | * |
311 | * We do not hold upper sb_writers throughout the loop to avert |
312 | * lockdep warning with llseek of lower file in nested overlay: |
313 | * - upper sb_writers |
314 | * -- lower ovl_inode_lock (ovl_llseek) |
315 | */ |
316 | if (skip_hole && data_pos < old_pos) { |
317 | data_pos = vfs_llseek(file: old_file, offset: old_pos, SEEK_DATA); |
318 | if (data_pos > old_pos) { |
319 | hole_len = data_pos - old_pos; |
320 | len -= hole_len; |
321 | old_pos = new_pos = data_pos; |
322 | continue; |
323 | } else if (data_pos == -ENXIO) { |
324 | break; |
325 | } else if (data_pos < 0) { |
326 | skip_hole = false; |
327 | } |
328 | } |
329 | |
330 | error = ovl_verify_area(pos: old_pos, pos2: new_pos, len: this_len, totlen: len); |
331 | if (error) |
332 | break; |
333 | |
334 | bytes = do_splice_direct(in: old_file, ppos: &old_pos, |
335 | out: new_file, opos: &new_pos, |
336 | len: this_len, SPLICE_F_MOVE); |
337 | if (bytes <= 0) { |
338 | error = bytes; |
339 | break; |
340 | } |
341 | WARN_ON(old_pos != new_pos); |
342 | |
343 | len -= bytes; |
344 | } |
345 | if (!error && ovl_should_sync(ofs)) |
346 | error = vfs_fsync(file: new_file, datasync: 0); |
347 | out_fput: |
348 | fput(old_file); |
349 | return error; |
350 | } |
351 | |
352 | static int ovl_set_size(struct ovl_fs *ofs, |
353 | struct dentry *upperdentry, struct kstat *stat) |
354 | { |
355 | struct iattr attr = { |
356 | .ia_valid = ATTR_SIZE, |
357 | .ia_size = stat->size, |
358 | }; |
359 | |
360 | return ovl_do_notify_change(ofs, upperdentry, attr: &attr); |
361 | } |
362 | |
363 | static int ovl_set_timestamps(struct ovl_fs *ofs, struct dentry *upperdentry, |
364 | struct kstat *stat) |
365 | { |
366 | struct iattr attr = { |
367 | .ia_valid = |
368 | ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_CTIME, |
369 | .ia_atime = stat->atime, |
370 | .ia_mtime = stat->mtime, |
371 | }; |
372 | |
373 | return ovl_do_notify_change(ofs, upperdentry, attr: &attr); |
374 | } |
375 | |
376 | int ovl_set_attr(struct ovl_fs *ofs, struct dentry *upperdentry, |
377 | struct kstat *stat) |
378 | { |
379 | int err = 0; |
380 | |
381 | if (!S_ISLNK(stat->mode)) { |
382 | struct iattr attr = { |
383 | .ia_valid = ATTR_MODE, |
384 | .ia_mode = stat->mode, |
385 | }; |
386 | err = ovl_do_notify_change(ofs, upperdentry, attr: &attr); |
387 | } |
388 | if (!err) { |
389 | struct iattr attr = { |
390 | .ia_valid = ATTR_UID | ATTR_GID, |
391 | .ia_vfsuid = VFSUIDT_INIT(stat->uid), |
392 | .ia_vfsgid = VFSGIDT_INIT(stat->gid), |
393 | }; |
394 | err = ovl_do_notify_change(ofs, upperdentry, attr: &attr); |
395 | } |
396 | if (!err) |
397 | ovl_set_timestamps(ofs, upperdentry, stat); |
398 | |
399 | return err; |
400 | } |
401 | |
402 | struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real, |
403 | bool is_upper) |
404 | { |
405 | struct ovl_fh *fh; |
406 | int fh_type, dwords; |
407 | int buflen = MAX_HANDLE_SZ; |
408 | uuid_t *uuid = &real->d_sb->s_uuid; |
409 | int err; |
410 | |
411 | /* Make sure the real fid stays 32bit aligned */ |
412 | BUILD_BUG_ON(OVL_FH_FID_OFFSET % 4); |
413 | BUILD_BUG_ON(MAX_HANDLE_SZ + OVL_FH_FID_OFFSET > 255); |
414 | |
415 | fh = kzalloc(size: buflen + OVL_FH_FID_OFFSET, GFP_KERNEL); |
416 | if (!fh) |
417 | return ERR_PTR(error: -ENOMEM); |
418 | |
419 | /* |
420 | * We encode a non-connectable file handle for non-dir, because we |
421 | * only need to find the lower inode number and we don't want to pay |
422 | * the price or reconnecting the dentry. |
423 | */ |
424 | dwords = buflen >> 2; |
425 | fh_type = exportfs_encode_fh(dentry: real, fid: (void *)fh->fb.fid, max_len: &dwords, flags: 0); |
426 | buflen = (dwords << 2); |
427 | |
428 | err = -EIO; |
429 | if (WARN_ON(fh_type < 0) || |
430 | WARN_ON(buflen > MAX_HANDLE_SZ) || |
431 | WARN_ON(fh_type == FILEID_INVALID)) |
432 | goto out_err; |
433 | |
434 | fh->fb.version = OVL_FH_VERSION; |
435 | fh->fb.magic = OVL_FH_MAGIC; |
436 | fh->fb.type = fh_type; |
437 | fh->fb.flags = OVL_FH_FLAG_CPU_ENDIAN; |
438 | /* |
439 | * When we will want to decode an overlay dentry from this handle |
440 | * and all layers are on the same fs, if we get a disconncted real |
441 | * dentry when we decode fid, the only way to tell if we should assign |
442 | * it to upperdentry or to lowerstack is by checking this flag. |
443 | */ |
444 | if (is_upper) |
445 | fh->fb.flags |= OVL_FH_FLAG_PATH_UPPER; |
446 | fh->fb.len = sizeof(fh->fb) + buflen; |
447 | if (ovl_origin_uuid(ofs)) |
448 | fh->fb.uuid = *uuid; |
449 | |
450 | return fh; |
451 | |
452 | out_err: |
453 | kfree(objp: fh); |
454 | return ERR_PTR(error: err); |
455 | } |
456 | |
457 | struct ovl_fh *ovl_get_origin_fh(struct ovl_fs *ofs, struct dentry *origin) |
458 | { |
459 | /* |
460 | * When lower layer doesn't support export operations store a 'null' fh, |
461 | * so we can use the overlay.origin xattr to distignuish between a copy |
462 | * up and a pure upper inode. |
463 | */ |
464 | if (!ovl_can_decode_fh(sb: origin->d_sb)) |
465 | return NULL; |
466 | |
467 | return ovl_encode_real_fh(ofs, real: origin, is_upper: false); |
468 | } |
469 | |
470 | int ovl_set_origin_fh(struct ovl_fs *ofs, const struct ovl_fh *fh, |
471 | struct dentry *upper) |
472 | { |
473 | int err; |
474 | |
475 | /* |
476 | * Do not fail when upper doesn't support xattrs. |
477 | */ |
478 | err = ovl_check_setxattr(ofs, upperdentry: upper, ox: OVL_XATTR_ORIGIN, value: fh->buf, |
479 | size: fh ? fh->fb.len : 0, xerr: 0); |
480 | |
481 | /* Ignore -EPERM from setting "user.*" on symlink/special */ |
482 | return err == -EPERM ? 0 : err; |
483 | } |
484 | |
485 | /* Store file handle of @upper dir in @index dir entry */ |
486 | static int ovl_set_upper_fh(struct ovl_fs *ofs, struct dentry *upper, |
487 | struct dentry *index) |
488 | { |
489 | const struct ovl_fh *fh; |
490 | int err; |
491 | |
492 | fh = ovl_encode_real_fh(ofs, real: upper, is_upper: true); |
493 | if (IS_ERR(ptr: fh)) |
494 | return PTR_ERR(ptr: fh); |
495 | |
496 | err = ovl_setxattr(ofs, dentry: index, ox: OVL_XATTR_UPPER, value: fh->buf, size: fh->fb.len); |
497 | |
498 | kfree(objp: fh); |
499 | return err; |
500 | } |
501 | |
502 | /* |
503 | * Create and install index entry. |
504 | * |
505 | * Caller must hold i_mutex on indexdir. |
506 | */ |
507 | static int ovl_create_index(struct dentry *dentry, const struct ovl_fh *fh, |
508 | struct dentry *upper) |
509 | { |
510 | struct ovl_fs *ofs = OVL_FS(sb: dentry->d_sb); |
511 | struct dentry *indexdir = ovl_indexdir(sb: dentry->d_sb); |
512 | struct inode *dir = d_inode(dentry: indexdir); |
513 | struct dentry *index = NULL; |
514 | struct dentry *temp = NULL; |
515 | struct qstr name = { }; |
516 | int err; |
517 | |
518 | /* |
519 | * For now this is only used for creating index entry for directories, |
520 | * because non-dir are copied up directly to index and then hardlinked |
521 | * to upper dir. |
522 | * |
523 | * TODO: implement create index for non-dir, so we can call it when |
524 | * encoding file handle for non-dir in case index does not exist. |
525 | */ |
526 | if (WARN_ON(!d_is_dir(dentry))) |
527 | return -EIO; |
528 | |
529 | /* Directory not expected to be indexed before copy up */ |
530 | if (WARN_ON(ovl_test_flag(OVL_INDEX, d_inode(dentry)))) |
531 | return -EIO; |
532 | |
533 | err = ovl_get_index_name_fh(fh, name: &name); |
534 | if (err) |
535 | return err; |
536 | |
537 | temp = ovl_create_temp(ofs, workdir: indexdir, OVL_CATTR(S_IFDIR | 0)); |
538 | err = PTR_ERR(ptr: temp); |
539 | if (IS_ERR(ptr: temp)) |
540 | goto free_name; |
541 | |
542 | err = ovl_set_upper_fh(ofs, upper, index: temp); |
543 | if (err) |
544 | goto out; |
545 | |
546 | index = ovl_lookup_upper(ofs, name: name.name, base: indexdir, len: name.len); |
547 | if (IS_ERR(ptr: index)) { |
548 | err = PTR_ERR(ptr: index); |
549 | } else { |
550 | err = ovl_do_rename(ofs, olddir: dir, olddentry: temp, newdir: dir, newdentry: index, flags: 0); |
551 | dput(index); |
552 | } |
553 | out: |
554 | if (err) |
555 | ovl_cleanup(ofs, dir, dentry: temp); |
556 | dput(temp); |
557 | free_name: |
558 | kfree(objp: name.name); |
559 | return err; |
560 | } |
561 | |
562 | struct ovl_copy_up_ctx { |
563 | struct dentry *parent; |
564 | struct dentry *dentry; |
565 | struct path lowerpath; |
566 | struct kstat stat; |
567 | struct kstat pstat; |
568 | const char *link; |
569 | struct dentry *destdir; |
570 | struct qstr destname; |
571 | struct dentry *workdir; |
572 | const struct ovl_fh *origin_fh; |
573 | bool origin; |
574 | bool indexed; |
575 | bool metacopy; |
576 | bool metacopy_digest; |
577 | }; |
578 | |
579 | static int ovl_link_up(struct ovl_copy_up_ctx *c) |
580 | { |
581 | int err; |
582 | struct dentry *upper; |
583 | struct dentry *upperdir = ovl_dentry_upper(dentry: c->parent); |
584 | struct ovl_fs *ofs = OVL_FS(sb: c->dentry->d_sb); |
585 | struct inode *udir = d_inode(dentry: upperdir); |
586 | |
587 | ovl_start_write(dentry: c->dentry); |
588 | |
589 | /* Mark parent "impure" because it may now contain non-pure upper */ |
590 | err = ovl_set_impure(dentry: c->parent, upperdentry: upperdir); |
591 | if (err) |
592 | goto out; |
593 | |
594 | err = ovl_set_nlink_lower(dentry: c->dentry); |
595 | if (err) |
596 | goto out; |
597 | |
598 | inode_lock_nested(inode: udir, subclass: I_MUTEX_PARENT); |
599 | upper = ovl_lookup_upper(ofs, name: c->dentry->d_name.name, base: upperdir, |
600 | len: c->dentry->d_name.len); |
601 | err = PTR_ERR(ptr: upper); |
602 | if (!IS_ERR(ptr: upper)) { |
603 | err = ovl_do_link(ofs, old_dentry: ovl_dentry_upper(dentry: c->dentry), dir: udir, new_dentry: upper); |
604 | dput(upper); |
605 | |
606 | if (!err) { |
607 | /* Restore timestamps on parent (best effort) */ |
608 | ovl_set_timestamps(ofs, upperdentry: upperdir, stat: &c->pstat); |
609 | ovl_dentry_set_upper_alias(dentry: c->dentry); |
610 | ovl_dentry_update_reval(dentry: c->dentry, realdentry: upper); |
611 | } |
612 | } |
613 | inode_unlock(inode: udir); |
614 | if (err) |
615 | goto out; |
616 | |
617 | err = ovl_set_nlink_upper(dentry: c->dentry); |
618 | |
619 | out: |
620 | ovl_end_write(dentry: c->dentry); |
621 | return err; |
622 | } |
623 | |
624 | static int ovl_copy_up_data(struct ovl_copy_up_ctx *c, const struct path *temp) |
625 | { |
626 | struct ovl_fs *ofs = OVL_FS(sb: c->dentry->d_sb); |
627 | struct file *new_file; |
628 | int err; |
629 | |
630 | if (!S_ISREG(c->stat.mode) || c->metacopy || !c->stat.size) |
631 | return 0; |
632 | |
633 | new_file = ovl_path_open(path: temp, O_LARGEFILE | O_WRONLY); |
634 | if (IS_ERR(ptr: new_file)) |
635 | return PTR_ERR(ptr: new_file); |
636 | |
637 | err = ovl_copy_up_file(ofs, dentry: c->dentry, new_file, len: c->stat.size); |
638 | fput(new_file); |
639 | |
640 | return err; |
641 | } |
642 | |
643 | static int ovl_copy_up_metadata(struct ovl_copy_up_ctx *c, struct dentry *temp) |
644 | { |
645 | struct ovl_fs *ofs = OVL_FS(sb: c->dentry->d_sb); |
646 | struct inode *inode = d_inode(dentry: c->dentry); |
647 | struct path upperpath = { .mnt = ovl_upper_mnt(ofs), .dentry = temp }; |
648 | int err; |
649 | |
650 | err = ovl_copy_xattr(sb: c->dentry->d_sb, oldpath: &c->lowerpath, new: temp); |
651 | if (err) |
652 | return err; |
653 | |
654 | if (inode->i_flags & OVL_COPY_I_FLAGS_MASK && |
655 | (S_ISREG(c->stat.mode) || S_ISDIR(c->stat.mode))) { |
656 | /* |
657 | * Copy the fileattr inode flags that are the source of already |
658 | * copied i_flags |
659 | */ |
660 | err = ovl_copy_fileattr(inode, old: &c->lowerpath, new: &upperpath); |
661 | if (err) |
662 | return err; |
663 | } |
664 | |
665 | /* |
666 | * Store identifier of lower inode in upper inode xattr to |
667 | * allow lookup of the copy up origin inode. |
668 | * |
669 | * Don't set origin when we are breaking the association with a lower |
670 | * hard link. |
671 | */ |
672 | if (c->origin) { |
673 | err = ovl_set_origin_fh(ofs, fh: c->origin_fh, upper: temp); |
674 | if (err) |
675 | return err; |
676 | } |
677 | |
678 | if (c->metacopy) { |
679 | struct path lowerdatapath; |
680 | struct ovl_metacopy metacopy_data = OVL_METACOPY_INIT; |
681 | |
682 | ovl_path_lowerdata(dentry: c->dentry, path: &lowerdatapath); |
683 | if (WARN_ON_ONCE(lowerdatapath.dentry == NULL)) |
684 | return -EIO; |
685 | err = ovl_get_verity_digest(ofs, src: &lowerdatapath, metacopy: &metacopy_data); |
686 | if (err) |
687 | return err; |
688 | |
689 | if (metacopy_data.digest_algo) |
690 | c->metacopy_digest = true; |
691 | |
692 | err = ovl_set_metacopy_xattr(ofs, d: temp, metacopy: &metacopy_data); |
693 | if (err) |
694 | return err; |
695 | } |
696 | |
697 | inode_lock(inode: temp->d_inode); |
698 | if (S_ISREG(c->stat.mode)) |
699 | err = ovl_set_size(ofs, upperdentry: temp, stat: &c->stat); |
700 | if (!err) |
701 | err = ovl_set_attr(ofs, upperdentry: temp, stat: &c->stat); |
702 | inode_unlock(inode: temp->d_inode); |
703 | |
704 | return err; |
705 | } |
706 | |
707 | struct ovl_cu_creds { |
708 | const struct cred *old; |
709 | struct cred *new; |
710 | }; |
711 | |
712 | static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc) |
713 | { |
714 | int err; |
715 | |
716 | cc->old = cc->new = NULL; |
717 | err = security_inode_copy_up(src: dentry, new: &cc->new); |
718 | if (err < 0) |
719 | return err; |
720 | |
721 | if (cc->new) |
722 | cc->old = override_creds(cc->new); |
723 | |
724 | return 0; |
725 | } |
726 | |
727 | static void ovl_revert_cu_creds(struct ovl_cu_creds *cc) |
728 | { |
729 | if (cc->new) { |
730 | revert_creds(cc->old); |
731 | put_cred(cred: cc->new); |
732 | } |
733 | } |
734 | |
735 | /* |
736 | * Copyup using workdir to prepare temp file. Used when copying up directories, |
737 | * special files or when upper fs doesn't support O_TMPFILE. |
738 | */ |
739 | static int ovl_copy_up_workdir(struct ovl_copy_up_ctx *c) |
740 | { |
741 | struct ovl_fs *ofs = OVL_FS(sb: c->dentry->d_sb); |
742 | struct inode *inode; |
743 | struct inode *udir = d_inode(dentry: c->destdir), *wdir = d_inode(dentry: c->workdir); |
744 | struct path path = { .mnt = ovl_upper_mnt(ofs) }; |
745 | struct dentry *temp, *upper, *trap; |
746 | struct ovl_cu_creds cc; |
747 | int err; |
748 | struct ovl_cattr cattr = { |
749 | /* Can't properly set mode on creation because of the umask */ |
750 | .mode = c->stat.mode & S_IFMT, |
751 | .rdev = c->stat.rdev, |
752 | .link = c->link |
753 | }; |
754 | |
755 | err = ovl_prep_cu_creds(dentry: c->dentry, cc: &cc); |
756 | if (err) |
757 | return err; |
758 | |
759 | ovl_start_write(dentry: c->dentry); |
760 | inode_lock(inode: wdir); |
761 | temp = ovl_create_temp(ofs, workdir: c->workdir, attr: &cattr); |
762 | inode_unlock(inode: wdir); |
763 | ovl_end_write(dentry: c->dentry); |
764 | ovl_revert_cu_creds(cc: &cc); |
765 | |
766 | if (IS_ERR(ptr: temp)) |
767 | return PTR_ERR(ptr: temp); |
768 | |
769 | /* |
770 | * Copy up data first and then xattrs. Writing data after |
771 | * xattrs will remove security.capability xattr automatically. |
772 | */ |
773 | path.dentry = temp; |
774 | err = ovl_copy_up_data(c, temp: &path); |
775 | /* |
776 | * We cannot hold lock_rename() throughout this helper, because of |
777 | * lock ordering with sb_writers, which shouldn't be held when calling |
778 | * ovl_copy_up_data(), so lock workdir and destdir and make sure that |
779 | * temp wasn't moved before copy up completion or cleanup. |
780 | */ |
781 | ovl_start_write(dentry: c->dentry); |
782 | trap = lock_rename(c->workdir, c->destdir); |
783 | if (trap || temp->d_parent != c->workdir) { |
784 | /* temp or workdir moved underneath us? abort without cleanup */ |
785 | dput(temp); |
786 | err = -EIO; |
787 | if (IS_ERR(ptr: trap)) |
788 | goto out; |
789 | goto unlock; |
790 | } else if (err) { |
791 | goto cleanup; |
792 | } |
793 | |
794 | err = ovl_copy_up_metadata(c, temp); |
795 | if (err) |
796 | goto cleanup; |
797 | |
798 | if (S_ISDIR(c->stat.mode) && c->indexed) { |
799 | err = ovl_create_index(dentry: c->dentry, fh: c->origin_fh, upper: temp); |
800 | if (err) |
801 | goto cleanup; |
802 | } |
803 | |
804 | upper = ovl_lookup_upper(ofs, name: c->destname.name, base: c->destdir, |
805 | len: c->destname.len); |
806 | err = PTR_ERR(ptr: upper); |
807 | if (IS_ERR(ptr: upper)) |
808 | goto cleanup; |
809 | |
810 | err = ovl_do_rename(ofs, olddir: wdir, olddentry: temp, newdir: udir, newdentry: upper, flags: 0); |
811 | dput(upper); |
812 | if (err) |
813 | goto cleanup; |
814 | |
815 | inode = d_inode(dentry: c->dentry); |
816 | if (c->metacopy_digest) |
817 | ovl_set_flag(flag: OVL_HAS_DIGEST, inode); |
818 | else |
819 | ovl_clear_flag(flag: OVL_HAS_DIGEST, inode); |
820 | ovl_clear_flag(flag: OVL_VERIFIED_DIGEST, inode); |
821 | |
822 | if (!c->metacopy) |
823 | ovl_set_upperdata(inode); |
824 | ovl_inode_update(inode, upperdentry: temp); |
825 | if (S_ISDIR(inode->i_mode)) |
826 | ovl_set_flag(flag: OVL_WHITEOUTS, inode); |
827 | unlock: |
828 | unlock_rename(c->workdir, c->destdir); |
829 | out: |
830 | ovl_end_write(dentry: c->dentry); |
831 | |
832 | return err; |
833 | |
834 | cleanup: |
835 | ovl_cleanup(ofs, dir: wdir, dentry: temp); |
836 | dput(temp); |
837 | goto unlock; |
838 | } |
839 | |
840 | /* Copyup using O_TMPFILE which does not require cross dir locking */ |
841 | static int ovl_copy_up_tmpfile(struct ovl_copy_up_ctx *c) |
842 | { |
843 | struct ovl_fs *ofs = OVL_FS(sb: c->dentry->d_sb); |
844 | struct inode *udir = d_inode(dentry: c->destdir); |
845 | struct dentry *temp, *upper; |
846 | struct file *tmpfile; |
847 | struct ovl_cu_creds cc; |
848 | int err; |
849 | |
850 | err = ovl_prep_cu_creds(dentry: c->dentry, cc: &cc); |
851 | if (err) |
852 | return err; |
853 | |
854 | ovl_start_write(dentry: c->dentry); |
855 | tmpfile = ovl_do_tmpfile(ofs, dentry: c->workdir, mode: c->stat.mode); |
856 | ovl_end_write(dentry: c->dentry); |
857 | ovl_revert_cu_creds(cc: &cc); |
858 | if (IS_ERR(ptr: tmpfile)) |
859 | return PTR_ERR(ptr: tmpfile); |
860 | |
861 | temp = tmpfile->f_path.dentry; |
862 | if (!c->metacopy && c->stat.size) { |
863 | err = ovl_copy_up_file(ofs, dentry: c->dentry, new_file: tmpfile, len: c->stat.size); |
864 | if (err) |
865 | goto out_fput; |
866 | } |
867 | |
868 | ovl_start_write(dentry: c->dentry); |
869 | |
870 | err = ovl_copy_up_metadata(c, temp); |
871 | if (err) |
872 | goto out; |
873 | |
874 | inode_lock_nested(inode: udir, subclass: I_MUTEX_PARENT); |
875 | |
876 | upper = ovl_lookup_upper(ofs, name: c->destname.name, base: c->destdir, |
877 | len: c->destname.len); |
878 | err = PTR_ERR(ptr: upper); |
879 | if (!IS_ERR(ptr: upper)) { |
880 | err = ovl_do_link(ofs, old_dentry: temp, dir: udir, new_dentry: upper); |
881 | dput(upper); |
882 | } |
883 | inode_unlock(inode: udir); |
884 | |
885 | if (err) |
886 | goto out; |
887 | |
888 | if (c->metacopy_digest) |
889 | ovl_set_flag(flag: OVL_HAS_DIGEST, inode: d_inode(dentry: c->dentry)); |
890 | else |
891 | ovl_clear_flag(flag: OVL_HAS_DIGEST, inode: d_inode(dentry: c->dentry)); |
892 | ovl_clear_flag(flag: OVL_VERIFIED_DIGEST, inode: d_inode(dentry: c->dentry)); |
893 | |
894 | if (!c->metacopy) |
895 | ovl_set_upperdata(inode: d_inode(dentry: c->dentry)); |
896 | ovl_inode_update(inode: d_inode(dentry: c->dentry), upperdentry: dget(dentry: temp)); |
897 | |
898 | out: |
899 | ovl_end_write(dentry: c->dentry); |
900 | out_fput: |
901 | fput(tmpfile); |
902 | return err; |
903 | } |
904 | |
905 | /* |
906 | * Copy up a single dentry |
907 | * |
908 | * All renames start with copy up of source if necessary. The actual |
909 | * rename will only proceed once the copy up was successful. Copy up uses |
910 | * upper parent i_mutex for exclusion. Since rename can change d_parent it |
911 | * is possible that the copy up will lock the old parent. At that point |
912 | * the file will have already been copied up anyway. |
913 | */ |
914 | static int ovl_do_copy_up(struct ovl_copy_up_ctx *c) |
915 | { |
916 | int err; |
917 | struct ovl_fs *ofs = OVL_FS(sb: c->dentry->d_sb); |
918 | struct dentry *origin = c->lowerpath.dentry; |
919 | struct ovl_fh *fh = NULL; |
920 | bool to_index = false; |
921 | |
922 | /* |
923 | * Indexed non-dir is copied up directly to the index entry and then |
924 | * hardlinked to upper dir. Indexed dir is copied up to indexdir, |
925 | * then index entry is created and then copied up dir installed. |
926 | * Copying dir up to indexdir instead of workdir simplifies locking. |
927 | */ |
928 | if (ovl_need_index(dentry: c->dentry)) { |
929 | c->indexed = true; |
930 | if (S_ISDIR(c->stat.mode)) |
931 | c->workdir = ovl_indexdir(sb: c->dentry->d_sb); |
932 | else |
933 | to_index = true; |
934 | } |
935 | |
936 | if (S_ISDIR(c->stat.mode) || c->stat.nlink == 1 || to_index) { |
937 | fh = ovl_get_origin_fh(ofs, origin); |
938 | if (IS_ERR(ptr: fh)) |
939 | return PTR_ERR(ptr: fh); |
940 | |
941 | /* origin_fh may be NULL */ |
942 | c->origin_fh = fh; |
943 | c->origin = true; |
944 | } |
945 | |
946 | if (to_index) { |
947 | c->destdir = ovl_indexdir(sb: c->dentry->d_sb); |
948 | err = ovl_get_index_name(ofs, origin, name: &c->destname); |
949 | if (err) |
950 | goto out_free_fh; |
951 | } else if (WARN_ON(!c->parent)) { |
952 | /* Disconnected dentry must be copied up to index dir */ |
953 | err = -EIO; |
954 | goto out_free_fh; |
955 | } else { |
956 | /* |
957 | * c->dentry->d_name is stabilzed by ovl_copy_up_start(), |
958 | * because if we got here, it means that c->dentry has no upper |
959 | * alias and changing ->d_name means going through ovl_rename() |
960 | * that will call ovl_copy_up() on source and target dentry. |
961 | */ |
962 | c->destname = c->dentry->d_name; |
963 | /* |
964 | * Mark parent "impure" because it may now contain non-pure |
965 | * upper |
966 | */ |
967 | ovl_start_write(dentry: c->dentry); |
968 | err = ovl_set_impure(dentry: c->parent, upperdentry: c->destdir); |
969 | ovl_end_write(dentry: c->dentry); |
970 | if (err) |
971 | goto out_free_fh; |
972 | } |
973 | |
974 | /* Should we copyup with O_TMPFILE or with workdir? */ |
975 | if (S_ISREG(c->stat.mode) && ofs->tmpfile) |
976 | err = ovl_copy_up_tmpfile(c); |
977 | else |
978 | err = ovl_copy_up_workdir(c); |
979 | if (err) |
980 | goto out; |
981 | |
982 | if (c->indexed) |
983 | ovl_set_flag(flag: OVL_INDEX, inode: d_inode(dentry: c->dentry)); |
984 | |
985 | ovl_start_write(dentry: c->dentry); |
986 | if (to_index) { |
987 | /* Initialize nlink for copy up of disconnected dentry */ |
988 | err = ovl_set_nlink_upper(dentry: c->dentry); |
989 | } else { |
990 | struct inode *udir = d_inode(dentry: c->destdir); |
991 | |
992 | /* Restore timestamps on parent (best effort) */ |
993 | inode_lock(inode: udir); |
994 | ovl_set_timestamps(ofs, upperdentry: c->destdir, stat: &c->pstat); |
995 | inode_unlock(inode: udir); |
996 | |
997 | ovl_dentry_set_upper_alias(dentry: c->dentry); |
998 | ovl_dentry_update_reval(dentry: c->dentry, realdentry: ovl_dentry_upper(dentry: c->dentry)); |
999 | } |
1000 | ovl_end_write(dentry: c->dentry); |
1001 | |
1002 | out: |
1003 | if (to_index) |
1004 | kfree(objp: c->destname.name); |
1005 | out_free_fh: |
1006 | kfree(objp: fh); |
1007 | return err; |
1008 | } |
1009 | |
1010 | static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode, |
1011 | int flags) |
1012 | { |
1013 | struct ovl_fs *ofs = OVL_FS(sb: dentry->d_sb); |
1014 | |
1015 | if (!ofs->config.metacopy) |
1016 | return false; |
1017 | |
1018 | if (!S_ISREG(mode)) |
1019 | return false; |
1020 | |
1021 | if (flags && ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC))) |
1022 | return false; |
1023 | |
1024 | /* Fall back to full copy if no fsverity on source data and we require verity */ |
1025 | if (ofs->config.verity_mode == OVL_VERITY_REQUIRE) { |
1026 | struct path lowerdata; |
1027 | |
1028 | ovl_path_lowerdata(dentry, path: &lowerdata); |
1029 | |
1030 | if (WARN_ON_ONCE(lowerdata.dentry == NULL) || |
1031 | ovl_ensure_verity_loaded(path: &lowerdata) || |
1032 | !fsverity_active(inode: d_inode(dentry: lowerdata.dentry))) { |
1033 | return false; |
1034 | } |
1035 | } |
1036 | |
1037 | return true; |
1038 | } |
1039 | |
1040 | static ssize_t ovl_getxattr_value(const struct path *path, char *name, char **value) |
1041 | { |
1042 | ssize_t res; |
1043 | char *buf; |
1044 | |
1045 | res = ovl_do_getxattr(path, name, NULL, size: 0); |
1046 | if (res == -ENODATA || res == -EOPNOTSUPP) |
1047 | res = 0; |
1048 | |
1049 | if (res > 0) { |
1050 | buf = kzalloc(size: res, GFP_KERNEL); |
1051 | if (!buf) |
1052 | return -ENOMEM; |
1053 | |
1054 | res = ovl_do_getxattr(path, name, value: buf, size: res); |
1055 | if (res < 0) |
1056 | kfree(objp: buf); |
1057 | else |
1058 | *value = buf; |
1059 | } |
1060 | return res; |
1061 | } |
1062 | |
1063 | /* Copy up data of an inode which was copied up metadata only in the past. */ |
1064 | static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c) |
1065 | { |
1066 | struct ovl_fs *ofs = OVL_FS(sb: c->dentry->d_sb); |
1067 | struct path upperpath; |
1068 | int err; |
1069 | char *capability = NULL; |
1070 | ssize_t cap_size; |
1071 | |
1072 | ovl_path_upper(dentry: c->dentry, path: &upperpath); |
1073 | if (WARN_ON(upperpath.dentry == NULL)) |
1074 | return -EIO; |
1075 | |
1076 | if (c->stat.size) { |
1077 | err = cap_size = ovl_getxattr_value(path: &upperpath, XATTR_NAME_CAPS, |
1078 | value: &capability); |
1079 | if (cap_size < 0) |
1080 | goto out; |
1081 | } |
1082 | |
1083 | err = ovl_copy_up_data(c, temp: &upperpath); |
1084 | if (err) |
1085 | goto out_free; |
1086 | |
1087 | /* |
1088 | * Writing to upper file will clear security.capability xattr. We |
1089 | * don't want that to happen for normal copy-up operation. |
1090 | */ |
1091 | ovl_start_write(dentry: c->dentry); |
1092 | if (capability) { |
1093 | err = ovl_do_setxattr(ofs, dentry: upperpath.dentry, XATTR_NAME_CAPS, |
1094 | value: capability, size: cap_size, flags: 0); |
1095 | } |
1096 | if (!err) { |
1097 | err = ovl_removexattr(ofs, dentry: upperpath.dentry, |
1098 | ox: OVL_XATTR_METACOPY); |
1099 | } |
1100 | ovl_end_write(dentry: c->dentry); |
1101 | if (err) |
1102 | goto out_free; |
1103 | |
1104 | ovl_clear_flag(flag: OVL_HAS_DIGEST, inode: d_inode(dentry: c->dentry)); |
1105 | ovl_clear_flag(flag: OVL_VERIFIED_DIGEST, inode: d_inode(dentry: c->dentry)); |
1106 | ovl_set_upperdata(inode: d_inode(dentry: c->dentry)); |
1107 | out_free: |
1108 | kfree(objp: capability); |
1109 | out: |
1110 | return err; |
1111 | } |
1112 | |
1113 | static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, |
1114 | int flags) |
1115 | { |
1116 | int err; |
1117 | DEFINE_DELAYED_CALL(done); |
1118 | struct path parentpath; |
1119 | struct ovl_copy_up_ctx ctx = { |
1120 | .parent = parent, |
1121 | .dentry = dentry, |
1122 | .workdir = ovl_workdir(dentry), |
1123 | }; |
1124 | |
1125 | if (WARN_ON(!ctx.workdir)) |
1126 | return -EROFS; |
1127 | |
1128 | ovl_path_lower(dentry, path: &ctx.lowerpath); |
1129 | err = vfs_getattr(&ctx.lowerpath, &ctx.stat, |
1130 | STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT); |
1131 | if (err) |
1132 | return err; |
1133 | |
1134 | if (!kuid_has_mapping(current_user_ns(), uid: ctx.stat.uid) || |
1135 | !kgid_has_mapping(current_user_ns(), gid: ctx.stat.gid)) |
1136 | return -EOVERFLOW; |
1137 | |
1138 | ctx.metacopy = ovl_need_meta_copy_up(dentry, mode: ctx.stat.mode, flags); |
1139 | |
1140 | if (parent) { |
1141 | ovl_path_upper(dentry: parent, path: &parentpath); |
1142 | ctx.destdir = parentpath.dentry; |
1143 | |
1144 | err = vfs_getattr(&parentpath, &ctx.pstat, |
1145 | STATX_ATIME | STATX_MTIME, |
1146 | AT_STATX_SYNC_AS_STAT); |
1147 | if (err) |
1148 | return err; |
1149 | } |
1150 | |
1151 | /* maybe truncate regular file. this has no effect on dirs */ |
1152 | if (flags & O_TRUNC) |
1153 | ctx.stat.size = 0; |
1154 | |
1155 | if (S_ISLNK(ctx.stat.mode)) { |
1156 | ctx.link = vfs_get_link(ctx.lowerpath.dentry, &done); |
1157 | if (IS_ERR(ptr: ctx.link)) |
1158 | return PTR_ERR(ptr: ctx.link); |
1159 | } |
1160 | |
1161 | err = ovl_copy_up_start(dentry, flags); |
1162 | /* err < 0: interrupted, err > 0: raced with another copy-up */ |
1163 | if (unlikely(err)) { |
1164 | if (err > 0) |
1165 | err = 0; |
1166 | } else { |
1167 | if (!ovl_dentry_upper(dentry)) |
1168 | err = ovl_do_copy_up(c: &ctx); |
1169 | if (!err && parent && !ovl_dentry_has_upper_alias(dentry)) |
1170 | err = ovl_link_up(c: &ctx); |
1171 | if (!err && ovl_dentry_needs_data_copy_up_locked(dentry, flags)) |
1172 | err = ovl_copy_up_meta_inode_data(c: &ctx); |
1173 | ovl_copy_up_end(dentry); |
1174 | } |
1175 | do_delayed_call(call: &done); |
1176 | |
1177 | return err; |
1178 | } |
1179 | |
1180 | static int ovl_copy_up_flags(struct dentry *dentry, int flags) |
1181 | { |
1182 | int err = 0; |
1183 | const struct cred *old_cred; |
1184 | bool disconnected = (dentry->d_flags & DCACHE_DISCONNECTED); |
1185 | |
1186 | /* |
1187 | * With NFS export, copy up can get called for a disconnected non-dir. |
1188 | * In this case, we will copy up lower inode to index dir without |
1189 | * linking it to upper dir. |
1190 | */ |
1191 | if (WARN_ON(disconnected && d_is_dir(dentry))) |
1192 | return -EIO; |
1193 | |
1194 | /* |
1195 | * We may not need lowerdata if we are only doing metacopy up, but it is |
1196 | * not very important to optimize this case, so do lazy lowerdata lookup |
1197 | * before any copy up, so we can do it before taking ovl_inode_lock(). |
1198 | */ |
1199 | err = ovl_verify_lowerdata(dentry); |
1200 | if (err) |
1201 | return err; |
1202 | |
1203 | old_cred = ovl_override_creds(sb: dentry->d_sb); |
1204 | while (!err) { |
1205 | struct dentry *next; |
1206 | struct dentry *parent = NULL; |
1207 | |
1208 | if (ovl_already_copied_up(dentry, flags)) |
1209 | break; |
1210 | |
1211 | next = dget(dentry); |
1212 | /* find the topmost dentry not yet copied up */ |
1213 | for (; !disconnected;) { |
1214 | parent = dget_parent(dentry: next); |
1215 | |
1216 | if (ovl_dentry_upper(dentry: parent)) |
1217 | break; |
1218 | |
1219 | dput(next); |
1220 | next = parent; |
1221 | } |
1222 | |
1223 | err = ovl_copy_up_one(parent, dentry: next, flags); |
1224 | |
1225 | dput(parent); |
1226 | dput(next); |
1227 | } |
1228 | revert_creds(old_cred); |
1229 | |
1230 | return err; |
1231 | } |
1232 | |
1233 | static bool ovl_open_need_copy_up(struct dentry *dentry, int flags) |
1234 | { |
1235 | /* Copy up of disconnected dentry does not set upper alias */ |
1236 | if (ovl_already_copied_up(dentry, flags)) |
1237 | return false; |
1238 | |
1239 | if (special_file(d_inode(dentry)->i_mode)) |
1240 | return false; |
1241 | |
1242 | if (!ovl_open_flags_need_copy_up(flags)) |
1243 | return false; |
1244 | |
1245 | return true; |
1246 | } |
1247 | |
1248 | int ovl_maybe_copy_up(struct dentry *dentry, int flags) |
1249 | { |
1250 | if (!ovl_open_need_copy_up(dentry, flags)) |
1251 | return 0; |
1252 | |
1253 | return ovl_copy_up_flags(dentry, flags); |
1254 | } |
1255 | |
1256 | int ovl_copy_up_with_data(struct dentry *dentry) |
1257 | { |
1258 | return ovl_copy_up_flags(dentry, O_WRONLY); |
1259 | } |
1260 | |
1261 | int ovl_copy_up(struct dentry *dentry) |
1262 | { |
1263 | return ovl_copy_up_flags(dentry, flags: 0); |
1264 | } |
1265 | |