3 * Copyright (C) 2011 Novell Inc.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
10 #include <linux/module.h>
12 #include <linux/slab.h>
13 #include <linux/file.h>
14 #include <linux/splice.h>
15 #include <linux/xattr.h>
16 #include <linux/security.h>
17 #include <linux/uaccess.h>
18 #include <linux/sched/signal.h>
19 #include <linux/cred.h>
20 #include <linux/namei.h>
21 #include <linux/fdtable.h>
22 #include <linux/ratelimit.h>
23 #include <linux/exportfs.h>
24 #include "overlayfs.h"
25 #include "ovl_entry.h"
27 #define OVL_COPY_UP_CHUNK_SIZE (1 << 20)
29 static bool __read_mostly ovl_check_copy_up;
30 module_param_named(check_copy_up, ovl_check_copy_up, bool,
32 MODULE_PARM_DESC(ovl_check_copy_up,
33 "Warn on copy-up when causing process also has a R/O fd open");
35 static int ovl_check_fd(const void *data, struct file *f, unsigned int fd)
37 const struct dentry *dentry = data;
39 if (file_inode(f) == d_inode(dentry))
40 pr_warn_ratelimited("overlayfs: Warning: Copying up %pD, but open R/O on fd %u which will cease to be coherent [pid=%d %s]\n",
41 f, fd, current->pid, current->comm);
46 * Check the fds open by this process and warn if something like the following
47 * scenario is about to occur:
49 * fd1 = open("foo", O_RDONLY);
50 * fd2 = open("foo", O_RDWR);
52 static void ovl_do_check_copy_up(struct dentry *dentry)
54 if (ovl_check_copy_up)
55 iterate_fd(current->files, 0, ovl_check_fd, dentry);
58 int ovl_copy_xattr(struct dentry *old, struct dentry *new)
60 ssize_t list_size, size, value_size = 0;
61 char *buf, *name, *value = NULL;
65 if (!(old->d_inode->i_opflags & IOP_XATTR) ||
66 !(new->d_inode->i_opflags & IOP_XATTR))
69 list_size = vfs_listxattr(old, NULL, 0);
71 if (list_size == -EOPNOTSUPP)
76 buf = kzalloc(list_size, GFP_KERNEL);
80 list_size = vfs_listxattr(old, buf, list_size);
86 for (name = buf; list_size; name += slen) {
87 slen = strnlen(name, list_size) + 1;
89 /* underlying fs providing us with an broken xattr list? */
90 if (WARN_ON(slen > list_size)) {
96 if (ovl_is_private_xattr(name))
99 error = security_inode_copy_up_xattr(name);
100 if (error < 0 && error != -EOPNOTSUPP)
104 continue; /* Discard */
107 size = vfs_getxattr(old, name, value, value_size);
109 size = vfs_getxattr(old, name, NULL, 0);
116 if (size > value_size) {
119 new = krealloc(value, size, GFP_KERNEL);
129 error = vfs_setxattr(new, name, value, size, 0);
139 static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len)
141 struct file *old_file;
142 struct file *new_file;
150 old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY);
151 if (IS_ERR(old_file))
152 return PTR_ERR(old_file);
154 new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY);
155 if (IS_ERR(new_file)) {
156 error = PTR_ERR(new_file);
160 /* Try to use clone_file_range to clone up within the same fs */
161 error = do_clone_file_range(old_file, 0, new_file, 0, len);
164 /* Couldn't clone, so now we try to copy the data */
167 /* FIXME: copy up sparse files efficiently */
169 size_t this_len = OVL_COPY_UP_CHUNK_SIZE;
175 if (signal_pending_state(TASK_KILLABLE, current)) {
180 bytes = do_splice_direct(old_file, &old_pos,
182 this_len, SPLICE_F_MOVE);
187 WARN_ON(old_pos != new_pos);
193 error = vfs_fsync(new_file, 0);
200 static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat)
202 struct iattr attr = {
204 ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET,
205 .ia_atime = stat->atime,
206 .ia_mtime = stat->mtime,
209 return notify_change(upperdentry, &attr, NULL);
212 int ovl_set_attr(struct dentry *upperdentry, struct kstat *stat)
216 if (!S_ISLNK(stat->mode)) {
217 struct iattr attr = {
218 .ia_valid = ATTR_MODE,
219 .ia_mode = stat->mode,
221 err = notify_change(upperdentry, &attr, NULL);
224 struct iattr attr = {
225 .ia_valid = ATTR_UID | ATTR_GID,
229 err = notify_change(upperdentry, &attr, NULL);
232 ovl_set_timestamps(upperdentry, stat);
237 struct ovl_fh *ovl_encode_fh(struct dentry *lower, bool is_upper)
240 int fh_type, fh_len, dwords;
242 int buflen = MAX_HANDLE_SZ;
243 uuid_t *uuid = &lower->d_sb->s_uuid;
245 buf = kmalloc(buflen, GFP_KERNEL);
247 return ERR_PTR(-ENOMEM);
250 * We encode a non-connectable file handle for non-dir, because we
251 * only need to find the lower inode number and we don't want to pay
252 * the price or reconnecting the dentry.
254 dwords = buflen >> 2;
255 fh_type = exportfs_encode_fh(lower, buf, &dwords, 0);
256 buflen = (dwords << 2);
259 if (WARN_ON(fh_type < 0) ||
260 WARN_ON(buflen > MAX_HANDLE_SZ) ||
261 WARN_ON(fh_type == FILEID_INVALID))
264 BUILD_BUG_ON(MAX_HANDLE_SZ + offsetof(struct ovl_fh, fid) > 255);
265 fh_len = offsetof(struct ovl_fh, fid) + buflen;
266 fh = kmalloc(fh_len, GFP_KERNEL);
268 fh = ERR_PTR(-ENOMEM);
272 fh->version = OVL_FH_VERSION;
273 fh->magic = OVL_FH_MAGIC;
275 fh->flags = OVL_FH_FLAG_CPU_ENDIAN;
277 * When we will want to decode an overlay dentry from this handle
278 * and all layers are on the same fs, if we get a disconncted real
279 * dentry when we decode fid, the only way to tell if we should assign
280 * it to upperdentry or to lowerstack is by checking this flag.
283 fh->flags |= OVL_FH_FLAG_PATH_UPPER;
286 memcpy(fh->fid, buf, buflen);
293 static int ovl_set_origin(struct dentry *dentry, struct dentry *lower,
294 struct dentry *upper)
296 const struct ovl_fh *fh = NULL;
300 * When lower layer doesn't support export operations store a 'null' fh,
301 * so we can use the overlay.origin xattr to distignuish between a copy
302 * up and a pure upper inode.
304 if (ovl_can_decode_fh(lower->d_sb)) {
305 fh = ovl_encode_fh(lower, false);
311 * Do not fail when upper doesn't support xattrs.
313 err = ovl_check_setxattr(dentry, upper, OVL_XATTR_ORIGIN, fh,
314 fh ? fh->len : 0, 0);
320 struct ovl_copy_up_ctx {
321 struct dentry *parent;
322 struct dentry *dentry;
323 struct path lowerpath;
327 struct dentry *destdir;
328 struct qstr destname;
329 struct dentry *workdir;
334 static int ovl_link_up(struct ovl_copy_up_ctx *c)
337 struct dentry *upper;
338 struct dentry *upperdir = ovl_dentry_upper(c->parent);
339 struct inode *udir = d_inode(upperdir);
341 /* Mark parent "impure" because it may now contain non-pure upper */
342 err = ovl_set_impure(c->parent, upperdir);
346 err = ovl_set_nlink_lower(c->dentry);
350 inode_lock_nested(udir, I_MUTEX_PARENT);
351 upper = lookup_one_len(c->dentry->d_name.name, upperdir,
352 c->dentry->d_name.len);
353 err = PTR_ERR(upper);
354 if (!IS_ERR(upper)) {
355 err = ovl_do_link(ovl_dentry_upper(c->dentry), udir, upper,
360 /* Restore timestamps on parent (best effort) */
361 ovl_set_timestamps(upperdir, &c->pstat);
362 ovl_dentry_set_upper_alias(c->dentry);
366 ovl_set_nlink_upper(c->dentry);
371 static int ovl_install_temp(struct ovl_copy_up_ctx *c, struct dentry *temp,
372 struct dentry **newdentry)
375 struct dentry *upper;
376 struct inode *udir = d_inode(c->destdir);
378 upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);
380 return PTR_ERR(upper);
383 err = ovl_do_link(temp, udir, upper, true);
385 err = ovl_do_rename(d_inode(c->workdir), temp, udir, upper, 0);
388 *newdentry = dget(c->tmpfile ? upper : temp);
394 static int ovl_get_tmpfile(struct ovl_copy_up_ctx *c, struct dentry **tempp)
398 const struct cred *old_creds = NULL;
399 struct cred *new_creds = NULL;
400 struct cattr cattr = {
401 /* Can't properly set mode on creation because of the umask */
402 .mode = c->stat.mode & S_IFMT,
403 .rdev = c->stat.rdev,
407 err = security_inode_copy_up(c->dentry, &new_creds);
412 old_creds = override_creds(new_creds);
415 temp = ovl_do_tmpfile(c->workdir, c->stat.mode);
419 temp = ovl_lookup_temp(c->workdir);
423 err = ovl_create_real(d_inode(c->workdir), temp, &cattr,
434 revert_creds(old_creds);
445 static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp)
449 if (S_ISREG(c->stat.mode)) {
450 struct path upperpath;
452 ovl_path_upper(c->dentry, &upperpath);
453 BUG_ON(upperpath.dentry != NULL);
454 upperpath.dentry = temp;
456 err = ovl_copy_up_data(&c->lowerpath, &upperpath, c->stat.size);
461 err = ovl_copy_xattr(c->lowerpath.dentry, temp);
465 inode_lock(temp->d_inode);
466 err = ovl_set_attr(temp, &c->stat);
467 inode_unlock(temp->d_inode);
472 * Store identifier of lower inode in upper inode xattr to
473 * allow lookup of the copy up origin inode.
475 * Don't set origin when we are breaking the association with a lower
479 err = ovl_set_origin(c->dentry, c->lowerpath.dentry, temp);
487 static int ovl_copy_up_locked(struct ovl_copy_up_ctx *c)
489 struct inode *udir = c->destdir->d_inode;
490 struct dentry *newdentry = NULL;
491 struct dentry *temp = NULL;
494 err = ovl_get_tmpfile(c, &temp);
498 err = ovl_copy_up_inode(c, temp);
503 inode_lock_nested(udir, I_MUTEX_PARENT);
504 err = ovl_install_temp(c, temp, &newdentry);
507 err = ovl_install_temp(c, temp, &newdentry);
512 ovl_inode_update(d_inode(c->dentry), newdentry);
519 ovl_cleanup(d_inode(c->workdir), temp);
524 * Copy up a single dentry
526 * All renames start with copy up of source if necessary. The actual
527 * rename will only proceed once the copy up was successful. Copy up uses
528 * upper parent i_mutex for exclusion. Since rename can change d_parent it
529 * is possible that the copy up will lock the old parent. At that point
530 * the file will have already been copied up anyway.
532 static int ovl_do_copy_up(struct ovl_copy_up_ctx *c)
535 struct ovl_fs *ofs = c->dentry->d_sb->s_fs_info;
536 bool indexed = false;
538 if (ovl_indexdir(c->dentry->d_sb) && !S_ISDIR(c->stat.mode) &&
542 if (S_ISDIR(c->stat.mode) || c->stat.nlink == 1 || indexed)
546 c->destdir = ovl_indexdir(c->dentry->d_sb);
547 err = ovl_get_index_name(c->lowerpath.dentry, &c->destname);
552 * Mark parent "impure" because it may now contain non-pure
555 err = ovl_set_impure(c->parent, c->destdir);
560 /* Should we copyup with O_TMPFILE or with workdir? */
561 if (S_ISREG(c->stat.mode) && ofs->tmpfile) {
563 err = ovl_copy_up_locked(c);
565 err = ovl_lock_rename_workdir(c->workdir, c->destdir);
567 err = ovl_copy_up_locked(c);
568 unlock_rename(c->workdir, c->destdir);
574 ovl_set_flag(OVL_INDEX, d_inode(c->dentry));
575 kfree(c->destname.name);
577 struct inode *udir = d_inode(c->destdir);
579 /* Restore timestamps on parent (best effort) */
581 ovl_set_timestamps(c->destdir, &c->pstat);
584 ovl_dentry_set_upper_alias(c->dentry);
590 static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
594 DEFINE_DELAYED_CALL(done);
595 struct path parentpath;
596 struct ovl_copy_up_ctx ctx = {
599 .workdir = ovl_workdir(dentry),
602 if (WARN_ON(!ctx.workdir))
605 ovl_path_lower(dentry, &ctx.lowerpath);
606 err = vfs_getattr(&ctx.lowerpath, &ctx.stat,
607 STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
611 ovl_path_upper(parent, &parentpath);
612 ctx.destdir = parentpath.dentry;
613 ctx.destname = dentry->d_name;
615 err = vfs_getattr(&parentpath, &ctx.pstat,
616 STATX_ATIME | STATX_MTIME, AT_STATX_SYNC_AS_STAT);
620 /* maybe truncate regular file. this has no effect on dirs */
624 if (S_ISLNK(ctx.stat.mode)) {
625 ctx.link = vfs_get_link(ctx.lowerpath.dentry, &done);
626 if (IS_ERR(ctx.link))
627 return PTR_ERR(ctx.link);
629 ovl_do_check_copy_up(ctx.lowerpath.dentry);
631 err = ovl_copy_up_start(dentry);
632 /* err < 0: interrupted, err > 0: raced with another copy-up */
637 if (!ovl_dentry_upper(dentry))
638 err = ovl_do_copy_up(&ctx);
639 if (!err && !ovl_dentry_has_upper_alias(dentry))
640 err = ovl_link_up(&ctx);
641 ovl_copy_up_end(dentry);
643 do_delayed_call(&done);
648 int ovl_copy_up_flags(struct dentry *dentry, int flags)
651 const struct cred *old_cred = ovl_override_creds(dentry->d_sb);
655 struct dentry *parent;
658 * Check if copy-up has happened as well as for upper alias (in
659 * case of hard links) is there.
661 * Both checks are lockless:
662 * - false negatives: will recheck under oi->lock
664 * + ovl_dentry_upper() uses memory barriers to ensure the
665 * upper dentry is up-to-date
666 * + ovl_dentry_has_upper_alias() relies on locking of
667 * upper parent i_rwsem to prevent reordering copy-up
670 if (ovl_dentry_upper(dentry) &&
671 ovl_dentry_has_upper_alias(dentry))
675 /* find the topmost dentry not yet copied up */
677 parent = dget_parent(next);
679 if (ovl_dentry_upper(parent))
686 err = ovl_copy_up_one(parent, next, flags);
691 revert_creds(old_cred);
696 int ovl_copy_up(struct dentry *dentry)
698 return ovl_copy_up_flags(dentry, 0);
projects / releases.git / blob