fs/overlayfs/copy_up.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  *
0004  * Copyright (C) 2011 Novell Inc.
0005  */
0006
0007 #include <linux/module.h>
0008 #include <linux/fs.h>
0009 #include <linux/slab.h>
0010 #include <linux/file.h>
0011 #include <linux/fileattr.h>
0012 #include <linux/splice.h>
0013 #include <linux/xattr.h>
0014 #include <linux/security.h>
0015 #include <linux/uaccess.h>
0016 #include <linux/sched/signal.h>
0017 #include <linux/cred.h>
0018 #include <linux/namei.h>
0019 #include <linux/fdtable.h>
0020 #include <linux/ratelimit.h>
0021 #include <linux/exportfs.h>
0022 #include "overlayfs.h"
0023
0024 #define OVL_COPY_UP_CHUNK_SIZE (1 << 20)
0025
0026 static int ovl_ccup_set(const char *buf, const struct kernel_param *param)
0027 {
0028     pr_warn("\"check_copy_up\" module option is obsolete\n");
0029     return 0;
0030 }
0031
0032 static int ovl_ccup_get(char *buf, const struct kernel_param *param)
0033 {
0034     return sprintf(buf, "N\n");
0035 }
0036
0037 module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644);
0038 MODULE_PARM_DESC(check_copy_up, "Obsolete; does nothing");
0039
0040 static bool ovl_must_copy_xattr(const char *name)
0041 {
0042     return !strcmp(name, XATTR_POSIX_ACL_ACCESS) ||
0043            !strcmp(name, XATTR_POSIX_ACL_DEFAULT) ||
0044            !strncmp(name, XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN);
0045 }
0046
0047 int ovl_copy_xattr(struct super_block *sb, struct path *oldpath, struct dentry *new)
0048 {
0049     struct dentry *old = oldpath->dentry;
0050     ssize_t list_size, size, value_size = 0;
0051     char *buf, *name, *value = NULL;
0052     int error = 0;
0053     size_t slen;
0054
0055     if (!(old->d_inode->i_opflags & IOP_XATTR) ||
0056         !(new->d_inode->i_opflags & IOP_XATTR))
0057         return 0;
0058
0059     list_size = vfs_listxattr(old, NULL, 0);
0060     if (list_size <= 0) {
0061         if (list_size == -EOPNOTSUPP)
0062             return 0;
0063         return list_size;
0064     }
0065
0066     buf = kvzalloc(list_size, GFP_KERNEL);
0067     if (!buf)
0068         return -ENOMEM;
0069
0070     list_size = vfs_listxattr(old, buf, list_size);
0071     if (list_size <= 0) {
0072         error = list_size;
0073         goto out;
0074     }
0075
0076     for (name = buf; list_size; name += slen) {
0077         slen = strnlen(name, list_size) + 1;
0078
0079         /* underlying fs providing us with an broken xattr list? */
0080         if (WARN_ON(slen > list_size)) {
0081             error = -EIO;
0082             break;
0083         }
0084         list_size -= slen;
0085
0086         if (ovl_is_private_xattr(sb, name))
0087             continue;
0088
0089         error = security_inode_copy_up_xattr(name);
0090         if (error < 0 && error != -EOPNOTSUPP)
0091             break;
0092         if (error == 1) {
0093             error = 0;
0094             continue; /* Discard */
0095         }
0096 retry:
0097         size = ovl_do_getxattr(oldpath, name, value, value_size);
0098         if (size == -ERANGE)
0099             size = ovl_do_getxattr(oldpath, name, NULL, 0);
0100
0101         if (size < 0) {
0102             error = size;
0103             break;
0104         }
0105
0106         if (size > value_size) {
0107             void *new;
0108
0109             new = kvmalloc(size, GFP_KERNEL);
0110             if (!new) {
0111                 error = -ENOMEM;
0112                 break;
0113             }
0114             kvfree(value);
0115             value = new;
0116             value_size = size;
0117             goto retry;
0118         }
0119
0120         error = ovl_do_setxattr(OVL_FS(sb), new, name, value, size, 0);
0121         if (error) {
0122             if (error != -EOPNOTSUPP || ovl_must_copy_xattr(name))
0123                 break;
0124
0125             /* Ignore failure to copy unknown xattrs */
0126             error = 0;
0127         }
0128     }
0129     kvfree(value);
0130 out:
0131     kvfree(buf);
0132     return error;
0133 }
0134
0135 static int ovl_copy_fileattr(struct inode *inode, struct path *old,
0136                  struct path *new)
0137 {
0138     struct fileattr oldfa = { .flags_valid = true };
0139     struct fileattr newfa = { .flags_valid = true };
0140     int err;
0141
0142     err = ovl_real_fileattr_get(old, &oldfa);
0143     if (err) {
0144         /* Ntfs-3g returns -EINVAL for "no fileattr support" */
0145         if (err == -ENOTTY || err == -EINVAL)
0146             return 0;
0147         pr_warn("failed to retrieve lower fileattr (%pd2, err=%i)\n",
0148             old->dentry, err);
0149         return err;
0150     }
0151
0152     /*
0153      * We cannot set immutable and append-only flags on upper inode,
0154      * because we would not be able to link upper inode to upper dir
0155      * not set overlay private xattr on upper inode.
0156      * Store these flags in overlay.protattr xattr instead.
0157      */
0158     if (oldfa.flags & OVL_PROT_FS_FLAGS_MASK) {
0159         err = ovl_set_protattr(inode, new->dentry, &oldfa);
0160         if (err == -EPERM)
0161             pr_warn_once("copying fileattr: no xattr on upper\n");
0162         else if (err)
0163             return err;
0164     }
0165
0166     /* Don't bother copying flags if none are set */
0167     if (!(oldfa.flags & OVL_COPY_FS_FLAGS_MASK))
0168         return 0;
0169
0170     err = ovl_real_fileattr_get(new, &newfa);
0171     if (err) {
0172         /*
0173          * Returning an error if upper doesn't support fileattr will
0174          * result in a regression, so revert to the old behavior.
0175          */
0176         if (err == -ENOTTY || err == -EINVAL) {
0177             pr_warn_once("copying fileattr: no support on upper\n");
0178             return 0;
0179         }
0180         pr_warn("failed to retrieve upper fileattr (%pd2, err=%i)\n",
0181             new->dentry, err);
0182         return err;
0183     }
0184
0185     BUILD_BUG_ON(OVL_COPY_FS_FLAGS_MASK & ~FS_COMMON_FL);
0186     newfa.flags &= ~OVL_COPY_FS_FLAGS_MASK;
0187     newfa.flags |= (oldfa.flags & OVL_COPY_FS_FLAGS_MASK);
0188
0189     BUILD_BUG_ON(OVL_COPY_FSX_FLAGS_MASK & ~FS_XFLAG_COMMON);
0190     newfa.fsx_xflags &= ~OVL_COPY_FSX_FLAGS_MASK;
0191     newfa.fsx_xflags |= (oldfa.fsx_xflags & OVL_COPY_FSX_FLAGS_MASK);
0192
0193     return ovl_real_fileattr_set(new, &newfa);
0194 }
0195
0196 static int ovl_copy_up_data(struct ovl_fs *ofs, struct path *old,
0197                 struct path *new, loff_t len)
0198 {
0199     struct file *old_file;
0200     struct file *new_file;
0201     loff_t old_pos = 0;
0202     loff_t new_pos = 0;
0203     loff_t cloned;
0204     loff_t data_pos = -1;
0205     loff_t hole_len;
0206     bool skip_hole = false;
0207     int error = 0;
0208
0209     if (len == 0)
0210         return 0;
0211
0212     old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY);
0213     if (IS_ERR(old_file))
0214         return PTR_ERR(old_file);
0215
0216     new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY);
0217     if (IS_ERR(new_file)) {
0218         error = PTR_ERR(new_file);
0219         goto out_fput;
0220     }
0221
0222     /* Try to use clone_file_range to clone up within the same fs */
0223     cloned = do_clone_file_range(old_file, 0, new_file, 0, len, 0);
0224     if (cloned == len)
0225         goto out;
0226     /* Couldn't clone, so now we try to copy the data */
0227
0228     /* Check if lower fs supports seek operation */
0229     if (old_file->f_mode & FMODE_LSEEK)
0230         skip_hole = true;
0231
0232     while (len) {
0233         size_t this_len = OVL_COPY_UP_CHUNK_SIZE;
0234         long bytes;
0235
0236         if (len < this_len)
0237             this_len = len;
0238
0239         if (signal_pending_state(TASK_KILLABLE, current)) {
0240             error = -EINTR;
0241             break;
0242         }
0243
0244         /*
0245          * Fill zero for hole will cost unnecessary disk space
0246          * and meanwhile slow down the copy-up speed, so we do
0247          * an optimization for hole during copy-up, it relies
0248          * on SEEK_DATA implementation in lower fs so if lower
0249          * fs does not support it, copy-up will behave as before.
0250          *
0251          * Detail logic of hole detection as below:
0252          * When we detect next data position is larger than current
0253          * position we will skip that hole, otherwise we copy
0254          * data in the size of OVL_COPY_UP_CHUNK_SIZE. Actually,
0255          * it may not recognize all kind of holes and sometimes
0256          * only skips partial of hole area. However, it will be
0257          * enough for most of the use cases.
0258          */
0259
0260         if (skip_hole && data_pos < old_pos) {
0261             data_pos = vfs_llseek(old_file, old_pos, SEEK_DATA);
0262             if (data_pos > old_pos) {
0263                 hole_len = data_pos - old_pos;
0264                 len -= hole_len;
0265                 old_pos = new_pos = data_pos;
0266                 continue;
0267             } else if (data_pos == -ENXIO) {
0268                 break;
0269             } else if (data_pos < 0) {
0270                 skip_hole = false;
0271             }
0272         }
0273
0274         bytes = do_splice_direct(old_file, &old_pos,
0275                      new_file, &new_pos,
0276                      this_len, SPLICE_F_MOVE);
0277         if (bytes <= 0) {
0278             error = bytes;
0279             break;
0280         }
0281         WARN_ON(old_pos != new_pos);
0282
0283         len -= bytes;
0284     }
0285 out:
0286     if (!error && ovl_should_sync(ofs))
0287         error = vfs_fsync(new_file, 0);
0288     fput(new_file);
0289 out_fput:
0290     fput(old_file);
0291     return error;
0292 }
0293
0294 static int ovl_set_size(struct ovl_fs *ofs,
0295             struct dentry *upperdentry, struct kstat *stat)
0296 {
0297     struct iattr attr = {
0298         .ia_valid = ATTR_SIZE,
0299         .ia_size = stat->size,
0300     };
0301
0302     return ovl_do_notify_change(ofs, upperdentry, &attr);
0303 }
0304
0305 static int ovl_set_timestamps(struct ovl_fs *ofs, struct dentry *upperdentry,
0306                   struct kstat *stat)
0307 {
0308     struct iattr attr = {
0309         .ia_valid =
0310              ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET,
0311         .ia_atime = stat->atime,
0312         .ia_mtime = stat->mtime,
0313     };
0314
0315     return ovl_do_notify_change(ofs, upperdentry, &attr);
0316 }
0317
0318 int ovl_set_attr(struct ovl_fs *ofs, struct dentry *upperdentry,
0319          struct kstat *stat)
0320 {
0321     int err = 0;
0322
0323     if (!S_ISLNK(stat->mode)) {
0324         struct iattr attr = {
0325             .ia_valid = ATTR_MODE,
0326             .ia_mode = stat->mode,
0327         };
0328         err = ovl_do_notify_change(ofs, upperdentry, &attr);
0329     }
0330     if (!err) {
0331         struct iattr attr = {
0332             .ia_valid = ATTR_UID | ATTR_GID,
0333             .ia_vfsuid = VFSUIDT_INIT(stat->uid),
0334             .ia_vfsgid = VFSGIDT_INIT(stat->gid),
0335         };
0336         err = ovl_do_notify_change(ofs, upperdentry, &attr);
0337     }
0338     if (!err)
0339         ovl_set_timestamps(ofs, upperdentry, stat);
0340
0341     return err;
0342 }
0343
0344 struct ovl_fh *ovl_encode_real_fh(struct ovl_fs *ofs, struct dentry *real,
0345                   bool is_upper)
0346 {
0347     struct ovl_fh *fh;
0348     int fh_type, dwords;
0349     int buflen = MAX_HANDLE_SZ;
0350     uuid_t *uuid = &real->d_sb->s_uuid;
0351     int err;
0352
0353     /* Make sure the real fid stays 32bit aligned */
0354     BUILD_BUG_ON(OVL_FH_FID_OFFSET % 4);
0355     BUILD_BUG_ON(MAX_HANDLE_SZ + OVL_FH_FID_OFFSET > 255);
0356
0357     fh = kzalloc(buflen + OVL_FH_FID_OFFSET, GFP_KERNEL);
0358     if (!fh)
0359         return ERR_PTR(-ENOMEM);
0360
0361     /*
0362      * We encode a non-connectable file handle for non-dir, because we
0363      * only need to find the lower inode number and we don't want to pay
0364      * the price or reconnecting the dentry.
0365      */
0366     dwords = buflen >> 2;
0367     fh_type = exportfs_encode_fh(real, (void *)fh->fb.fid, &dwords, 0);
0368     buflen = (dwords << 2);
0369
0370     err = -EIO;
0371     if (WARN_ON(fh_type < 0) ||
0372         WARN_ON(buflen > MAX_HANDLE_SZ) ||
0373         WARN_ON(fh_type == FILEID_INVALID))
0374         goto out_err;
0375
0376     fh->fb.version = OVL_FH_VERSION;
0377     fh->fb.magic = OVL_FH_MAGIC;
0378     fh->fb.type = fh_type;
0379     fh->fb.flags = OVL_FH_FLAG_CPU_ENDIAN;
0380     /*
0381      * When we will want to decode an overlay dentry from this handle
0382      * and all layers are on the same fs, if we get a disconncted real
0383      * dentry when we decode fid, the only way to tell if we should assign
0384      * it to upperdentry or to lowerstack is by checking this flag.
0385      */
0386     if (is_upper)
0387         fh->fb.flags |= OVL_FH_FLAG_PATH_UPPER;
0388     fh->fb.len = sizeof(fh->fb) + buflen;
0389     if (ofs->config.uuid)
0390         fh->fb.uuid = *uuid;
0391
0392     return fh;
0393
0394 out_err:
0395     kfree(fh);
0396     return ERR_PTR(err);
0397 }
0398
0399 int ovl_set_origin(struct ovl_fs *ofs, struct dentry *lower,
0400            struct dentry *upper)
0401 {
0402     const struct ovl_fh *fh = NULL;
0403     int err;
0404
0405     /*
0406      * When lower layer doesn't support export operations store a 'null' fh,
0407      * so we can use the overlay.origin xattr to distignuish between a copy
0408      * up and a pure upper inode.
0409      */
0410     if (ovl_can_decode_fh(lower->d_sb)) {
0411         fh = ovl_encode_real_fh(ofs, lower, false);
0412         if (IS_ERR(fh))
0413             return PTR_ERR(fh);
0414     }
0415
0416     /*
0417      * Do not fail when upper doesn't support xattrs.
0418      */
0419     err = ovl_check_setxattr(ofs, upper, OVL_XATTR_ORIGIN, fh->buf,
0420                  fh ? fh->fb.len : 0, 0);
0421     kfree(fh);
0422
0423     /* Ignore -EPERM from setting "user.*" on symlink/special */
0424     return err == -EPERM ? 0 : err;
0425 }
0426
0427 /* Store file handle of @upper dir in @index dir entry */
0428 static int ovl_set_upper_fh(struct ovl_fs *ofs, struct dentry *upper,
0429                 struct dentry *index)
0430 {
0431     const struct ovl_fh *fh;
0432     int err;
0433
0434     fh = ovl_encode_real_fh(ofs, upper, true);
0435     if (IS_ERR(fh))
0436         return PTR_ERR(fh);
0437
0438     err = ovl_setxattr(ofs, index, OVL_XATTR_UPPER, fh->buf, fh->fb.len);
0439
0440     kfree(fh);
0441     return err;
0442 }
0443
0444 /*
0445  * Create and install index entry.
0446  *
0447  * Caller must hold i_mutex on indexdir.
0448  */
0449 static int ovl_create_index(struct dentry *dentry, struct dentry *origin,
0450                 struct dentry *upper)
0451 {
0452     struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
0453     struct dentry *indexdir = ovl_indexdir(dentry->d_sb);
0454     struct inode *dir = d_inode(indexdir);
0455     struct dentry *index = NULL;
0456     struct dentry *temp = NULL;
0457     struct qstr name = { };
0458     int err;
0459
0460     /*
0461      * For now this is only used for creating index entry for directories,
0462      * because non-dir are copied up directly to index and then hardlinked
0463      * to upper dir.
0464      *
0465      * TODO: implement create index for non-dir, so we can call it when
0466      * encoding file handle for non-dir in case index does not exist.
0467      */
0468     if (WARN_ON(!d_is_dir(dentry)))
0469         return -EIO;
0470
0471     /* Directory not expected to be indexed before copy up */
0472     if (WARN_ON(ovl_test_flag(OVL_INDEX, d_inode(dentry))))
0473         return -EIO;
0474
0475     err = ovl_get_index_name(ofs, origin, &name);
0476     if (err)
0477         return err;
0478
0479     temp = ovl_create_temp(ofs, indexdir, OVL_CATTR(S_IFDIR | 0));
0480     err = PTR_ERR(temp);
0481     if (IS_ERR(temp))
0482         goto free_name;
0483
0484     err = ovl_set_upper_fh(ofs, upper, temp);
0485     if (err)
0486         goto out;
0487
0488     index = ovl_lookup_upper(ofs, name.name, indexdir, name.len);
0489     if (IS_ERR(index)) {
0490         err = PTR_ERR(index);
0491     } else {
0492         err = ovl_do_rename(ofs, dir, temp, dir, index, 0);
0493         dput(index);
0494     }
0495 out:
0496     if (err)
0497         ovl_cleanup(ofs, dir, temp);
0498     dput(temp);
0499 free_name:
0500     kfree(name.name);
0501     return err;
0502 }
0503
0504 struct ovl_copy_up_ctx {
0505     struct dentry *parent;
0506     struct dentry *dentry;
0507     struct path lowerpath;
0508     struct kstat stat;
0509     struct kstat pstat;
0510     const char *link;
0511     struct dentry *destdir;
0512     struct qstr destname;
0513     struct dentry *workdir;
0514     bool origin;
0515     bool indexed;
0516     bool metacopy;
0517 };
0518
0519 static int ovl_link_up(struct ovl_copy_up_ctx *c)
0520 {
0521     int err;
0522     struct dentry *upper;
0523     struct dentry *upperdir = ovl_dentry_upper(c->parent);
0524     struct ovl_fs *ofs = OVL_FS(c->dentry->d_sb);
0525     struct inode *udir = d_inode(upperdir);
0526
0527     /* Mark parent "impure" because it may now contain non-pure upper */
0528     err = ovl_set_impure(c->parent, upperdir);
0529     if (err)
0530         return err;
0531
0532     err = ovl_set_nlink_lower(c->dentry);
0533     if (err)
0534         return err;
0535
0536     inode_lock_nested(udir, I_MUTEX_PARENT);
0537     upper = ovl_lookup_upper(ofs, c->dentry->d_name.name, upperdir,
0538                  c->dentry->d_name.len);
0539     err = PTR_ERR(upper);
0540     if (!IS_ERR(upper)) {
0541         err = ovl_do_link(ofs, ovl_dentry_upper(c->dentry), udir, upper);
0542         dput(upper);
0543
0544         if (!err) {
0545             /* Restore timestamps on parent (best effort) */
0546             ovl_set_timestamps(ofs, upperdir, &c->pstat);
0547             ovl_dentry_set_upper_alias(c->dentry);
0548         }
0549     }
0550     inode_unlock(udir);
0551     if (err)
0552         return err;
0553
0554     err = ovl_set_nlink_upper(c->dentry);
0555
0556     return err;
0557 }
0558
0559 static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp)
0560 {
0561     struct ovl_fs *ofs = OVL_FS(c->dentry->d_sb);
0562     struct inode *inode = d_inode(c->dentry);
0563     struct path upperpath, datapath;
0564     int err;
0565
0566     ovl_path_upper(c->dentry, &upperpath);
0567     if (WARN_ON(upperpath.dentry != NULL))
0568         return -EIO;
0569
0570     upperpath.dentry = temp;
0571
0572     /*
0573      * Copy up data first and then xattrs. Writing data after
0574      * xattrs will remove security.capability xattr automatically.
0575      */
0576     if (S_ISREG(c->stat.mode) && !c->metacopy) {
0577         ovl_path_lowerdata(c->dentry, &datapath);
0578         err = ovl_copy_up_data(ofs, &datapath, &upperpath,
0579                        c->stat.size);
0580         if (err)
0581             return err;
0582     }
0583
0584     err = ovl_copy_xattr(c->dentry->d_sb, &c->lowerpath, temp);
0585     if (err)
0586         return err;
0587
0588     if (inode->i_flags & OVL_COPY_I_FLAGS_MASK) {
0589         /*
0590          * Copy the fileattr inode flags that are the source of already
0591          * copied i_flags
0592          */
0593         err = ovl_copy_fileattr(inode, &c->lowerpath, &upperpath);
0594         if (err)
0595             return err;
0596     }
0597
0598     /*
0599      * Store identifier of lower inode in upper inode xattr to
0600      * allow lookup of the copy up origin inode.
0601      *
0602      * Don't set origin when we are breaking the association with a lower
0603      * hard link.
0604      */
0605     if (c->origin) {
0606         err = ovl_set_origin(ofs, c->lowerpath.dentry, temp);
0607         if (err)
0608             return err;
0609     }
0610
0611     if (c->metacopy) {
0612         err = ovl_check_setxattr(ofs, temp, OVL_XATTR_METACOPY,
0613                      NULL, 0, -EOPNOTSUPP);
0614         if (err)
0615             return err;
0616     }
0617
0618     inode_lock(temp->d_inode);
0619     if (S_ISREG(c->stat.mode))
0620         err = ovl_set_size(ofs, temp, &c->stat);
0621     if (!err)
0622         err = ovl_set_attr(ofs, temp, &c->stat);
0623     inode_unlock(temp->d_inode);
0624
0625     return err;
0626 }
0627
0628 struct ovl_cu_creds {
0629     const struct cred *old;
0630     struct cred *new;
0631 };
0632
0633 static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
0634 {
0635     int err;
0636
0637     cc->old = cc->new = NULL;
0638     err = security_inode_copy_up(dentry, &cc->new);
0639     if (err < 0)
0640         return err;
0641
0642     if (cc->new)
0643         cc->old = override_creds(cc->new);
0644
0645     return 0;
0646 }
0647
0648 static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)
0649 {
0650     if (cc->new) {
0651         revert_creds(cc->old);
0652         put_cred(cc->new);
0653     }
0654 }
0655
0656 /*
0657  * Copyup using workdir to prepare temp file.  Used when copying up directories,
0658  * special files or when upper fs doesn't support O_TMPFILE.
0659  */
0660 static int ovl_copy_up_workdir(struct ovl_copy_up_ctx *c)
0661 {
0662     struct ovl_fs *ofs = OVL_FS(c->dentry->d_sb);
0663     struct inode *inode;
0664     struct inode *udir = d_inode(c->destdir), *wdir = d_inode(c->workdir);
0665     struct dentry *temp, *upper;
0666     struct ovl_cu_creds cc;
0667     int err;
0668     struct ovl_cattr cattr = {
0669         /* Can't properly set mode on creation because of the umask */
0670         .mode = c->stat.mode & S_IFMT,
0671         .rdev = c->stat.rdev,
0672         .link = c->link
0673     };
0674
0675     /* workdir and destdir could be the same when copying up to indexdir */
0676     err = -EIO;
0677     if (lock_rename(c->workdir, c->destdir) != NULL)
0678         goto unlock;
0679
0680     err = ovl_prep_cu_creds(c->dentry, &cc);
0681     if (err)
0682         goto unlock;
0683
0684     temp = ovl_create_temp(ofs, c->workdir, &cattr);
0685     ovl_revert_cu_creds(&cc);
0686
0687     err = PTR_ERR(temp);
0688     if (IS_ERR(temp))
0689         goto unlock;
0690
0691     err = ovl_copy_up_inode(c, temp);
0692     if (err)
0693         goto cleanup;
0694
0695     if (S_ISDIR(c->stat.mode) && c->indexed) {
0696         err = ovl_create_index(c->dentry, c->lowerpath.dentry, temp);
0697         if (err)
0698             goto cleanup;
0699     }
0700
0701     upper = ovl_lookup_upper(ofs, c->destname.name, c->destdir,
0702                  c->destname.len);
0703     err = PTR_ERR(upper);
0704     if (IS_ERR(upper))
0705         goto cleanup;
0706
0707     err = ovl_do_rename(ofs, wdir, temp, udir, upper, 0);
0708     dput(upper);
0709     if (err)
0710         goto cleanup;
0711
0712     if (!c->metacopy)
0713         ovl_set_upperdata(d_inode(c->dentry));
0714     inode = d_inode(c->dentry);
0715     ovl_inode_update(inode, temp);
0716     if (S_ISDIR(inode->i_mode))
0717         ovl_set_flag(OVL_WHITEOUTS, inode);
0718 unlock:
0719     unlock_rename(c->workdir, c->destdir);
0720
0721     return err;
0722
0723 cleanup:
0724     ovl_cleanup(ofs, wdir, temp);
0725     dput(temp);
0726     goto unlock;
0727 }
0728
0729 /* Copyup using O_TMPFILE which does not require cross dir locking */
0730 static int ovl_copy_up_tmpfile(struct ovl_copy_up_ctx *c)
0731 {
0732     struct ovl_fs *ofs = OVL_FS(c->dentry->d_sb);
0733     struct inode *udir = d_inode(c->destdir);
0734     struct dentry *temp, *upper;
0735     struct ovl_cu_creds cc;
0736     int err;
0737
0738     err = ovl_prep_cu_creds(c->dentry, &cc);
0739     if (err)
0740         return err;
0741
0742     temp = ovl_do_tmpfile(ofs, c->workdir, c->stat.mode);
0743     ovl_revert_cu_creds(&cc);
0744
0745     if (IS_ERR(temp))
0746         return PTR_ERR(temp);
0747
0748     err = ovl_copy_up_inode(c, temp);
0749     if (err)
0750         goto out_dput;
0751
0752     inode_lock_nested(udir, I_MUTEX_PARENT);
0753
0754     upper = ovl_lookup_upper(ofs, c->destname.name, c->destdir,
0755                  c->destname.len);
0756     err = PTR_ERR(upper);
0757     if (!IS_ERR(upper)) {
0758         err = ovl_do_link(ofs, temp, udir, upper);
0759         dput(upper);
0760     }
0761     inode_unlock(udir);
0762
0763     if (err)
0764         goto out_dput;
0765
0766     if (!c->metacopy)
0767         ovl_set_upperdata(d_inode(c->dentry));
0768     ovl_inode_update(d_inode(c->dentry), temp);
0769
0770     return 0;
0771
0772 out_dput:
0773     dput(temp);
0774     return err;
0775 }
0776
0777 /*
0778  * Copy up a single dentry
0779  *
0780  * All renames start with copy up of source if necessary.  The actual
0781  * rename will only proceed once the copy up was successful.  Copy up uses
0782  * upper parent i_mutex for exclusion.  Since rename can change d_parent it
0783  * is possible that the copy up will lock the old parent.  At that point
0784  * the file will have already been copied up anyway.
0785  */
0786 static int ovl_do_copy_up(struct ovl_copy_up_ctx *c)
0787 {
0788     int err;
0789     struct ovl_fs *ofs = OVL_FS(c->dentry->d_sb);
0790     bool to_index = false;
0791
0792     /*
0793      * Indexed non-dir is copied up directly to the index entry and then
0794      * hardlinked to upper dir. Indexed dir is copied up to indexdir,
0795      * then index entry is created and then copied up dir installed.
0796      * Copying dir up to indexdir instead of workdir simplifies locking.
0797      */
0798     if (ovl_need_index(c->dentry)) {
0799         c->indexed = true;
0800         if (S_ISDIR(c->stat.mode))
0801             c->workdir = ovl_indexdir(c->dentry->d_sb);
0802         else
0803             to_index = true;
0804     }
0805
0806     if (S_ISDIR(c->stat.mode) || c->stat.nlink == 1 || to_index)
0807         c->origin = true;
0808
0809     if (to_index) {
0810         c->destdir = ovl_indexdir(c->dentry->d_sb);
0811         err = ovl_get_index_name(ofs, c->lowerpath.dentry, &c->destname);
0812         if (err)
0813             return err;
0814     } else if (WARN_ON(!c->parent)) {
0815         /* Disconnected dentry must be copied up to index dir */
0816         return -EIO;
0817     } else {
0818         /*
0819          * Mark parent "impure" because it may now contain non-pure
0820          * upper
0821          */
0822         err = ovl_set_impure(c->parent, c->destdir);
0823         if (err)
0824             return err;
0825     }
0826
0827     /* Should we copyup with O_TMPFILE or with workdir? */
0828     if (S_ISREG(c->stat.mode) && ofs->tmpfile)
0829         err = ovl_copy_up_tmpfile(c);
0830     else
0831         err = ovl_copy_up_workdir(c);
0832     if (err)
0833         goto out;
0834
0835     if (c->indexed)
0836         ovl_set_flag(OVL_INDEX, d_inode(c->dentry));
0837
0838     if (to_index) {
0839         /* Initialize nlink for copy up of disconnected dentry */
0840         err = ovl_set_nlink_upper(c->dentry);
0841     } else {
0842         struct inode *udir = d_inode(c->destdir);
0843
0844         /* Restore timestamps on parent (best effort) */
0845         inode_lock(udir);
0846         ovl_set_timestamps(ofs, c->destdir, &c->pstat);
0847         inode_unlock(udir);
0848
0849         ovl_dentry_set_upper_alias(c->dentry);
0850     }
0851
0852 out:
0853     if (to_index)
0854         kfree(c->destname.name);
0855     return err;
0856 }
0857
0858 static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode,
0859                   int flags)
0860 {
0861     struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
0862
0863     if (!ofs->config.metacopy)
0864         return false;
0865
0866     if (!S_ISREG(mode))
0867         return false;
0868
0869     if (flags && ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC)))
0870         return false;
0871
0872     return true;
0873 }
0874
0875 static ssize_t ovl_getxattr_value(struct path *path, char *name, char **value)
0876 {
0877     ssize_t res;
0878     char *buf;
0879
0880     res = ovl_do_getxattr(path, name, NULL, 0);
0881     if (res == -ENODATA || res == -EOPNOTSUPP)
0882         res = 0;
0883
0884     if (res > 0) {
0885         buf = kzalloc(res, GFP_KERNEL);
0886         if (!buf)
0887             return -ENOMEM;
0888
0889         res = ovl_do_getxattr(path, name, buf, res);
0890         if (res < 0)
0891             kfree(buf);
0892         else
0893             *value = buf;
0894     }
0895     return res;
0896 }
0897
0898 /* Copy up data of an inode which was copied up metadata only in the past. */
0899 static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c)
0900 {
0901     struct ovl_fs *ofs = OVL_FS(c->dentry->d_sb);
0902     struct path upperpath, datapath;
0903     int err;
0904     char *capability = NULL;
0905     ssize_t cap_size;
0906
0907     ovl_path_upper(c->dentry, &upperpath);
0908     if (WARN_ON(upperpath.dentry == NULL))
0909         return -EIO;
0910
0911     ovl_path_lowerdata(c->dentry, &datapath);
0912     if (WARN_ON(datapath.dentry == NULL))
0913         return -EIO;
0914
0915     if (c->stat.size) {
0916         err = cap_size = ovl_getxattr_value(&upperpath, XATTR_NAME_CAPS,
0917                             &capability);
0918         if (cap_size < 0)
0919             goto out;
0920     }
0921
0922     err = ovl_copy_up_data(ofs, &datapath, &upperpath, c->stat.size);
0923     if (err)
0924         goto out_free;
0925
0926     /*
0927      * Writing to upper file will clear security.capability xattr. We
0928      * don't want that to happen for normal copy-up operation.
0929      */
0930     if (capability) {
0931         err = ovl_do_setxattr(ofs, upperpath.dentry, XATTR_NAME_CAPS,
0932                       capability, cap_size, 0);
0933         if (err)
0934             goto out_free;
0935     }
0936
0937
0938     err = ovl_removexattr(ofs, upperpath.dentry, OVL_XATTR_METACOPY);
0939     if (err)
0940         goto out_free;
0941
0942     ovl_set_upperdata(d_inode(c->dentry));
0943 out_free:
0944     kfree(capability);
0945 out:
0946     return err;
0947 }
0948
0949 static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
0950                int flags)
0951 {
0952     int err;
0953     DEFINE_DELAYED_CALL(done);
0954     struct path parentpath;
0955     struct ovl_copy_up_ctx ctx = {
0956         .parent = parent,
0957         .dentry = dentry,
0958         .workdir = ovl_workdir(dentry),
0959     };
0960
0961     if (WARN_ON(!ctx.workdir))
0962         return -EROFS;
0963
0964     ovl_path_lower(dentry, &ctx.lowerpath);
0965     err = vfs_getattr(&ctx.lowerpath, &ctx.stat,
0966               STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
0967     if (err)
0968         return err;
0969
0970     ctx.metacopy = ovl_need_meta_copy_up(dentry, ctx.stat.mode, flags);
0971
0972     if (parent) {
0973         ovl_path_upper(parent, &parentpath);
0974         ctx.destdir = parentpath.dentry;
0975         ctx.destname = dentry->d_name;
0976
0977         err = vfs_getattr(&parentpath, &ctx.pstat,
0978                   STATX_ATIME | STATX_MTIME,
0979                   AT_STATX_SYNC_AS_STAT);
0980         if (err)
0981             return err;
0982     }
0983
0984     /* maybe truncate regular file. this has no effect on dirs */
0985     if (flags & O_TRUNC)
0986         ctx.stat.size = 0;
0987
0988     if (S_ISLNK(ctx.stat.mode)) {
0989         ctx.link = vfs_get_link(ctx.lowerpath.dentry, &done);
0990         if (IS_ERR(ctx.link))
0991             return PTR_ERR(ctx.link);
0992     }
0993
0994     err = ovl_copy_up_start(dentry, flags);
0995     /* err < 0: interrupted, err > 0: raced with another copy-up */
0996     if (unlikely(err)) {
0997         if (err > 0)
0998             err = 0;
0999     } else {
1000         if (!ovl_dentry_upper(dentry))
1001             err = ovl_do_copy_up(&ctx);
1002         if (!err && parent && !ovl_dentry_has_upper_alias(dentry))
1003             err = ovl_link_up(&ctx);
1004         if (!err && ovl_dentry_needs_data_copy_up_locked(dentry, flags))
1005             err = ovl_copy_up_meta_inode_data(&ctx);
1006         ovl_copy_up_end(dentry);
1007     }
1008     do_delayed_call(&done);
1009
1010     return err;
1011 }
1012
1013 static int ovl_copy_up_flags(struct dentry *dentry, int flags)
1014 {
1015     int err = 0;
1016     const struct cred *old_cred;
1017     bool disconnected = (dentry->d_flags & DCACHE_DISCONNECTED);
1018
1019     /*
1020      * With NFS export, copy up can get called for a disconnected non-dir.
1021      * In this case, we will copy up lower inode to index dir without
1022      * linking it to upper dir.
1023      */
1024     if (WARN_ON(disconnected && d_is_dir(dentry)))
1025         return -EIO;
1026
1027     old_cred = ovl_override_creds(dentry->d_sb);
1028     while (!err) {
1029         struct dentry *next;
1030         struct dentry *parent = NULL;
1031
1032         if (ovl_already_copied_up(dentry, flags))
1033             break;
1034
1035         next = dget(dentry);
1036         /* find the topmost dentry not yet copied up */
1037         for (; !disconnected;) {
1038             parent = dget_parent(next);
1039
1040             if (ovl_dentry_upper(parent))
1041                 break;
1042
1043             dput(next);
1044             next = parent;
1045         }
1046
1047         err = ovl_copy_up_one(parent, next, flags);
1048
1049         dput(parent);
1050         dput(next);
1051     }
1052     revert_creds(old_cred);
1053
1054     return err;
1055 }
1056
1057 static bool ovl_open_need_copy_up(struct dentry *dentry, int flags)
1058 {
1059     /* Copy up of disconnected dentry does not set upper alias */
1060     if (ovl_already_copied_up(dentry, flags))
1061         return false;
1062
1063     if (special_file(d_inode(dentry)->i_mode))
1064         return false;
1065
1066     if (!ovl_open_flags_need_copy_up(flags))
1067         return false;
1068
1069     return true;
1070 }
1071
1072 int ovl_maybe_copy_up(struct dentry *dentry, int flags)
1073 {
1074     int err = 0;
1075
1076     if (ovl_open_need_copy_up(dentry, flags)) {
1077         err = ovl_want_write(dentry);
1078         if (!err) {
1079             err = ovl_copy_up_flags(dentry, flags);
1080             ovl_drop_write(dentry);
1081         }
1082     }
1083
1084     return err;
1085 }
1086
1087 int ovl_copy_up_with_data(struct dentry *dentry)
1088 {
1089     return ovl_copy_up_flags(dentry, O_WRONLY);
1090 }
1091
1092 int ovl_copy_up(struct dentry *dentry)
1093 {
1094     return ovl_copy_up_flags(dentry, 0);
1095 }