1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  *
4  * Copyright (C) 2011 Novell Inc.
5  */
6 
7 #include <linux/fs.h>
8 #include <linux/namei.h>
9 #include <linux/xattr.h>
10 #include <linux/security.h>
11 #include <linux/cred.h>
12 #include <linux/module.h>
13 #include <linux/posix_acl.h>
14 #include <linux/posix_acl_xattr.h>
15 #include <linux/atomic.h>
16 #include <linux/ratelimit.h>
17 #include <linux/backing-file.h>
18 #include "overlayfs.h"
19 
20 static unsigned short ovl_redirect_max = 256;
21 module_param_named(redirect_max, ovl_redirect_max, ushort, 0644);
22 MODULE_PARM_DESC(redirect_max,
23 		 "Maximum length of absolute redirect xattr value");
24 
25 static int ovl_set_redirect(struct dentry *dentry, bool samedir);
26 
ovl_cleanup(struct ovl_fs * ofs,struct inode * wdir,struct dentry * wdentry)27 int ovl_cleanup(struct ovl_fs *ofs, struct inode *wdir, struct dentry *wdentry)
28 {
29 	int err;
30 
31 	dget(wdentry);
32 	if (d_is_dir(wdentry))
33 		err = ovl_do_rmdir(ofs, wdir, wdentry);
34 	else
35 		err = ovl_do_unlink(ofs, wdir, wdentry);
36 	dput(wdentry);
37 
38 	if (err) {
39 		pr_err("cleanup of '%pd2' failed (%i)\n",
40 		       wdentry, err);
41 	}
42 
43 	return err;
44 }
45 
ovl_lookup_temp(struct ovl_fs * ofs,struct dentry * workdir)46 struct dentry *ovl_lookup_temp(struct ovl_fs *ofs, struct dentry *workdir)
47 {
48 	struct dentry *temp;
49 	char name[20];
50 	static atomic_t temp_id = ATOMIC_INIT(0);
51 
52 	/* counter is allowed to wrap, since temp dentries are ephemeral */
53 	snprintf(name, sizeof(name), "#%x", atomic_inc_return(&temp_id));
54 
55 	temp = ovl_lookup_upper(ofs, name, workdir, strlen(name));
56 	if (!IS_ERR(temp) && temp->d_inode) {
57 		pr_err("workdir/%s already exists\n", name);
58 		dput(temp);
59 		temp = ERR_PTR(-EIO);
60 	}
61 
62 	return temp;
63 }
64 
65 /* caller holds i_mutex on workdir */
ovl_whiteout(struct ovl_fs * ofs)66 static struct dentry *ovl_whiteout(struct ovl_fs *ofs)
67 {
68 	int err;
69 	struct dentry *whiteout;
70 	struct dentry *workdir = ofs->workdir;
71 	struct inode *wdir = workdir->d_inode;
72 
73 	if (!ofs->whiteout) {
74 		whiteout = ovl_lookup_temp(ofs, workdir);
75 		if (IS_ERR(whiteout))
76 			goto out;
77 
78 		err = ovl_do_whiteout(ofs, wdir, whiteout);
79 		if (err) {
80 			dput(whiteout);
81 			whiteout = ERR_PTR(err);
82 			goto out;
83 		}
84 		ofs->whiteout = whiteout;
85 	}
86 
87 	if (!ofs->no_shared_whiteout) {
88 		whiteout = ovl_lookup_temp(ofs, workdir);
89 		if (IS_ERR(whiteout))
90 			goto out;
91 
92 		err = ovl_do_link(ofs, ofs->whiteout, wdir, whiteout);
93 		if (!err)
94 			goto out;
95 
96 		if (err != -EMLINK) {
97 			pr_warn("Failed to link whiteout - disabling whiteout inode sharing(nlink=%u, err=%i)\n",
98 				ofs->whiteout->d_inode->i_nlink, err);
99 			ofs->no_shared_whiteout = true;
100 		}
101 		dput(whiteout);
102 	}
103 	whiteout = ofs->whiteout;
104 	ofs->whiteout = NULL;
105 out:
106 	return whiteout;
107 }
108 
109 /* Caller must hold i_mutex on both workdir and dir */
ovl_cleanup_and_whiteout(struct ovl_fs * ofs,struct inode * dir,struct dentry * dentry)110 int ovl_cleanup_and_whiteout(struct ovl_fs *ofs, struct inode *dir,
111 			     struct dentry *dentry)
112 {
113 	struct inode *wdir = ofs->workdir->d_inode;
114 	struct dentry *whiteout;
115 	int err;
116 	int flags = 0;
117 
118 	whiteout = ovl_whiteout(ofs);
119 	err = PTR_ERR(whiteout);
120 	if (IS_ERR(whiteout))
121 		return err;
122 
123 	if (d_is_dir(dentry))
124 		flags = RENAME_EXCHANGE;
125 
126 	err = ovl_do_rename(ofs, wdir, whiteout, dir, dentry, flags);
127 	if (err)
128 		goto kill_whiteout;
129 	if (flags)
130 		ovl_cleanup(ofs, wdir, dentry);
131 
132 out:
133 	dput(whiteout);
134 	return err;
135 
136 kill_whiteout:
137 	ovl_cleanup(ofs, wdir, whiteout);
138 	goto out;
139 }
140 
ovl_create_real(struct ovl_fs * ofs,struct inode * dir,struct dentry * newdentry,struct ovl_cattr * attr)141 struct dentry *ovl_create_real(struct ovl_fs *ofs, struct inode *dir,
142 			       struct dentry *newdentry, struct ovl_cattr *attr)
143 {
144 	int err;
145 
146 	if (IS_ERR(newdentry))
147 		return newdentry;
148 
149 	err = -ESTALE;
150 	if (newdentry->d_inode)
151 		goto out;
152 
153 	if (attr->hardlink) {
154 		err = ovl_do_link(ofs, attr->hardlink, dir, newdentry);
155 	} else {
156 		switch (attr->mode & S_IFMT) {
157 		case S_IFREG:
158 			err = ovl_do_create(ofs, dir, newdentry, attr->mode);
159 			break;
160 
161 		case S_IFDIR:
162 			/* mkdir is special... */
163 			newdentry =  ovl_do_mkdir(ofs, dir, newdentry, attr->mode);
164 			err = PTR_ERR_OR_ZERO(newdentry);
165 			break;
166 
167 		case S_IFCHR:
168 		case S_IFBLK:
169 		case S_IFIFO:
170 		case S_IFSOCK:
171 			err = ovl_do_mknod(ofs, dir, newdentry, attr->mode,
172 					   attr->rdev);
173 			break;
174 
175 		case S_IFLNK:
176 			err = ovl_do_symlink(ofs, dir, newdentry, attr->link);
177 			break;
178 
179 		default:
180 			err = -EPERM;
181 		}
182 	}
183 	if (!err && WARN_ON(!newdentry->d_inode)) {
184 		/*
185 		 * Not quite sure if non-instantiated dentry is legal or not.
186 		 * VFS doesn't seem to care so check and warn here.
187 		 */
188 		err = -EIO;
189 	}
190 out:
191 	if (err) {
192 		if (!IS_ERR(newdentry))
193 			dput(newdentry);
194 		return ERR_PTR(err);
195 	}
196 	return newdentry;
197 }
198 
ovl_create_temp(struct ovl_fs * ofs,struct dentry * workdir,struct ovl_cattr * attr)199 struct dentry *ovl_create_temp(struct ovl_fs *ofs, struct dentry *workdir,
200 			       struct ovl_cattr *attr)
201 {
202 	return ovl_create_real(ofs, d_inode(workdir),
203 			       ovl_lookup_temp(ofs, workdir), attr);
204 }
205 
ovl_set_opaque_xerr(struct dentry * dentry,struct dentry * upper,int xerr)206 static int ovl_set_opaque_xerr(struct dentry *dentry, struct dentry *upper,
207 			       int xerr)
208 {
209 	struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
210 	int err;
211 
212 	err = ovl_check_setxattr(ofs, upper, OVL_XATTR_OPAQUE, "y", 1, xerr);
213 	if (!err)
214 		ovl_dentry_set_opaque(dentry);
215 
216 	return err;
217 }
218 
ovl_set_opaque(struct dentry * dentry,struct dentry * upperdentry)219 static int ovl_set_opaque(struct dentry *dentry, struct dentry *upperdentry)
220 {
221 	/*
222 	 * Fail with -EIO when trying to create opaque dir and upper doesn't
223 	 * support xattrs. ovl_rename() calls ovl_set_opaque_xerr(-EXDEV) to
224 	 * return a specific error for noxattr case.
225 	 */
226 	return ovl_set_opaque_xerr(dentry, upperdentry, -EIO);
227 }
228 
229 /*
230  * Common operations required to be done after creation of file on upper.
231  * If @hardlink is false, then @inode is a pre-allocated inode, we may or
232  * may not use to instantiate the new dentry.
233  */
ovl_instantiate(struct dentry * dentry,struct inode * inode,struct dentry * newdentry,bool hardlink,struct file * tmpfile)234 static int ovl_instantiate(struct dentry *dentry, struct inode *inode,
235 			   struct dentry *newdentry, bool hardlink, struct file *tmpfile)
236 {
237 	struct ovl_inode_params oip = {
238 		.upperdentry = newdentry,
239 		.newinode = inode,
240 	};
241 
242 	ovl_dentry_set_upper_alias(dentry);
243 	ovl_dentry_init_reval(dentry, newdentry, NULL);
244 
245 	if (!hardlink) {
246 		/*
247 		 * ovl_obtain_alias() can be called after ovl_create_real()
248 		 * and before we get here, so we may get an inode from cache
249 		 * with the same real upperdentry that is not the inode we
250 		 * pre-allocated.  In this case we will use the cached inode
251 		 * to instantiate the new dentry.
252 		 *
253 		 * XXX: if we ever use ovl_obtain_alias() to decode directory
254 		 * file handles, need to use ovl_get_inode_locked() and
255 		 * d_instantiate_new() here to prevent from creating two
256 		 * hashed directory inode aliases.  We then need to return
257 		 * the obtained alias to ovl_mkdir().
258 		 */
259 		inode = ovl_get_inode(dentry->d_sb, &oip);
260 		if (IS_ERR(inode))
261 			return PTR_ERR(inode);
262 		if (inode == oip.newinode)
263 			ovl_set_flag(OVL_UPPERDATA, inode);
264 	} else {
265 		WARN_ON(ovl_inode_real(inode) != d_inode(newdentry));
266 		dput(newdentry);
267 		inc_nlink(inode);
268 	}
269 
270 	if (tmpfile)
271 		d_mark_tmpfile(tmpfile, inode);
272 
273 	d_instantiate(dentry, inode);
274 	if (inode != oip.newinode) {
275 		pr_warn_ratelimited("newly created inode found in cache (%pd2)\n",
276 				    dentry);
277 	}
278 
279 	/* Force lookup of new upper hardlink to find its lower */
280 	if (hardlink)
281 		d_drop(dentry);
282 
283 	return 0;
284 }
285 
ovl_type_merge(struct dentry * dentry)286 static bool ovl_type_merge(struct dentry *dentry)
287 {
288 	return OVL_TYPE_MERGE(ovl_path_type(dentry));
289 }
290 
ovl_type_origin(struct dentry * dentry)291 static bool ovl_type_origin(struct dentry *dentry)
292 {
293 	return OVL_TYPE_ORIGIN(ovl_path_type(dentry));
294 }
295 
ovl_create_upper(struct dentry * dentry,struct inode * inode,struct ovl_cattr * attr)296 static int ovl_create_upper(struct dentry *dentry, struct inode *inode,
297 			    struct ovl_cattr *attr)
298 {
299 	struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
300 	struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
301 	struct inode *udir = upperdir->d_inode;
302 	struct dentry *newdentry;
303 	int err;
304 
305 	inode_lock_nested(udir, I_MUTEX_PARENT);
306 	newdentry = ovl_create_real(ofs, udir,
307 				    ovl_lookup_upper(ofs, dentry->d_name.name,
308 						     upperdir, dentry->d_name.len),
309 				    attr);
310 	err = PTR_ERR(newdentry);
311 	if (IS_ERR(newdentry))
312 		goto out_unlock;
313 
314 	if (ovl_type_merge(dentry->d_parent) && d_is_dir(newdentry) &&
315 	    !ovl_allow_offline_changes(ofs)) {
316 		/* Setting opaque here is just an optimization, allow to fail */
317 		ovl_set_opaque(dentry, newdentry);
318 	}
319 
320 	ovl_dir_modified(dentry->d_parent, false);
321 	err = ovl_instantiate(dentry, inode, newdentry, !!attr->hardlink, NULL);
322 	if (err)
323 		goto out_cleanup;
324 out_unlock:
325 	inode_unlock(udir);
326 	return err;
327 
328 out_cleanup:
329 	ovl_cleanup(ofs, udir, newdentry);
330 	dput(newdentry);
331 	goto out_unlock;
332 }
333 
ovl_clear_empty(struct dentry * dentry,struct list_head * list)334 static struct dentry *ovl_clear_empty(struct dentry *dentry,
335 				      struct list_head *list)
336 {
337 	struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
338 	struct dentry *workdir = ovl_workdir(dentry);
339 	struct inode *wdir = workdir->d_inode;
340 	struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
341 	struct inode *udir = upperdir->d_inode;
342 	struct path upperpath;
343 	struct dentry *upper;
344 	struct dentry *opaquedir;
345 	struct kstat stat;
346 	int err;
347 
348 	if (WARN_ON(!workdir))
349 		return ERR_PTR(-EROFS);
350 
351 	err = ovl_lock_rename_workdir(workdir, upperdir);
352 	if (err)
353 		goto out;
354 
355 	ovl_path_upper(dentry, &upperpath);
356 	err = vfs_getattr(&upperpath, &stat,
357 			  STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
358 	if (err)
359 		goto out_unlock;
360 
361 	err = -ESTALE;
362 	if (!S_ISDIR(stat.mode))
363 		goto out_unlock;
364 	upper = upperpath.dentry;
365 	if (upper->d_parent->d_inode != udir)
366 		goto out_unlock;
367 
368 	opaquedir = ovl_create_temp(ofs, workdir, OVL_CATTR(stat.mode));
369 	err = PTR_ERR(opaquedir);
370 	if (IS_ERR(opaquedir))
371 		goto out_unlock;
372 
373 	err = ovl_copy_xattr(dentry->d_sb, &upperpath, opaquedir);
374 	if (err)
375 		goto out_cleanup;
376 
377 	err = ovl_set_opaque(dentry, opaquedir);
378 	if (err)
379 		goto out_cleanup;
380 
381 	inode_lock(opaquedir->d_inode);
382 	err = ovl_set_attr(ofs, opaquedir, &stat);
383 	inode_unlock(opaquedir->d_inode);
384 	if (err)
385 		goto out_cleanup;
386 
387 	err = ovl_do_rename(ofs, wdir, opaquedir, udir, upper, RENAME_EXCHANGE);
388 	if (err)
389 		goto out_cleanup;
390 
391 	ovl_cleanup_whiteouts(ofs, upper, list);
392 	ovl_cleanup(ofs, wdir, upper);
393 	unlock_rename(workdir, upperdir);
394 
395 	/* dentry's upper doesn't match now, get rid of it */
396 	d_drop(dentry);
397 
398 	return opaquedir;
399 
400 out_cleanup:
401 	ovl_cleanup(ofs, wdir, opaquedir);
402 	dput(opaquedir);
403 out_unlock:
404 	unlock_rename(workdir, upperdir);
405 out:
406 	return ERR_PTR(err);
407 }
408 
ovl_set_upper_acl(struct ovl_fs * ofs,struct dentry * upperdentry,const char * acl_name,struct posix_acl * acl)409 static int ovl_set_upper_acl(struct ovl_fs *ofs, struct dentry *upperdentry,
410 			     const char *acl_name, struct posix_acl *acl)
411 {
412 	if (!IS_ENABLED(CONFIG_FS_POSIX_ACL) || !acl)
413 		return 0;
414 
415 	return ovl_do_set_acl(ofs, upperdentry, acl_name, acl);
416 }
417 
ovl_create_over_whiteout(struct dentry * dentry,struct inode * inode,struct ovl_cattr * cattr)418 static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode,
419 				    struct ovl_cattr *cattr)
420 {
421 	struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
422 	struct dentry *workdir = ovl_workdir(dentry);
423 	struct inode *wdir = workdir->d_inode;
424 	struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
425 	struct inode *udir = upperdir->d_inode;
426 	struct dentry *upper;
427 	struct dentry *newdentry;
428 	int err;
429 	struct posix_acl *acl, *default_acl;
430 	bool hardlink = !!cattr->hardlink;
431 
432 	if (WARN_ON(!workdir))
433 		return -EROFS;
434 
435 	if (!hardlink) {
436 		err = posix_acl_create(dentry->d_parent->d_inode,
437 				       &cattr->mode, &default_acl, &acl);
438 		if (err)
439 			return err;
440 	}
441 
442 	err = ovl_lock_rename_workdir(workdir, upperdir);
443 	if (err)
444 		goto out;
445 
446 	upper = ovl_lookup_upper(ofs, dentry->d_name.name, upperdir,
447 				 dentry->d_name.len);
448 	err = PTR_ERR(upper);
449 	if (IS_ERR(upper))
450 		goto out_unlock;
451 
452 	err = -ESTALE;
453 	if (d_is_negative(upper) || !ovl_upper_is_whiteout(ofs, upper))
454 		goto out_dput;
455 
456 	newdentry = ovl_create_temp(ofs, workdir, cattr);
457 	err = PTR_ERR(newdentry);
458 	if (IS_ERR(newdentry))
459 		goto out_dput;
460 
461 	/*
462 	 * mode could have been mutilated due to umask (e.g. sgid directory)
463 	 */
464 	if (!hardlink &&
465 	    !S_ISLNK(cattr->mode) &&
466 	    newdentry->d_inode->i_mode != cattr->mode) {
467 		struct iattr attr = {
468 			.ia_valid = ATTR_MODE,
469 			.ia_mode = cattr->mode,
470 		};
471 		inode_lock(newdentry->d_inode);
472 		err = ovl_do_notify_change(ofs, newdentry, &attr);
473 		inode_unlock(newdentry->d_inode);
474 		if (err)
475 			goto out_cleanup;
476 	}
477 	if (!hardlink) {
478 		err = ovl_set_upper_acl(ofs, newdentry,
479 					XATTR_NAME_POSIX_ACL_ACCESS, acl);
480 		if (err)
481 			goto out_cleanup;
482 
483 		err = ovl_set_upper_acl(ofs, newdentry,
484 					XATTR_NAME_POSIX_ACL_DEFAULT, default_acl);
485 		if (err)
486 			goto out_cleanup;
487 	}
488 
489 	if (!hardlink && S_ISDIR(cattr->mode)) {
490 		err = ovl_set_opaque(dentry, newdentry);
491 		if (err)
492 			goto out_cleanup;
493 
494 		err = ovl_do_rename(ofs, wdir, newdentry, udir, upper,
495 				    RENAME_EXCHANGE);
496 		if (err)
497 			goto out_cleanup;
498 
499 		ovl_cleanup(ofs, wdir, upper);
500 	} else {
501 		err = ovl_do_rename(ofs, wdir, newdentry, udir, upper, 0);
502 		if (err)
503 			goto out_cleanup;
504 	}
505 	ovl_dir_modified(dentry->d_parent, false);
506 	err = ovl_instantiate(dentry, inode, newdentry, hardlink, NULL);
507 	if (err) {
508 		ovl_cleanup(ofs, udir, newdentry);
509 		dput(newdentry);
510 	}
511 out_dput:
512 	dput(upper);
513 out_unlock:
514 	unlock_rename(workdir, upperdir);
515 out:
516 	if (!hardlink) {
517 		posix_acl_release(acl);
518 		posix_acl_release(default_acl);
519 	}
520 	return err;
521 
522 out_cleanup:
523 	ovl_cleanup(ofs, wdir, newdentry);
524 	dput(newdentry);
525 	goto out_dput;
526 }
527 
ovl_setup_cred_for_create(struct dentry * dentry,struct inode * inode,umode_t mode,const struct cred * old_cred)528 static const struct cred *ovl_setup_cred_for_create(struct dentry *dentry,
529 						    struct inode *inode,
530 						    umode_t mode,
531 						    const struct cred *old_cred)
532 {
533 	int err;
534 	struct cred *override_cred;
535 
536 	override_cred = prepare_creds();
537 	if (!override_cred)
538 		return ERR_PTR(-ENOMEM);
539 
540 	override_cred->fsuid = inode->i_uid;
541 	override_cred->fsgid = inode->i_gid;
542 	err = security_dentry_create_files_as(dentry, mode, &dentry->d_name,
543 					      old_cred, override_cred);
544 	if (err) {
545 		put_cred(override_cred);
546 		return ERR_PTR(err);
547 	}
548 
549 	/*
550 	 * Caller is going to match this with revert_creds() and drop
551 	 * referenec on the returned creds.
552 	 * We must be called with creator creds already, otherwise we risk
553 	 * leaking creds.
554 	 */
555 	old_cred = override_creds(override_cred);
556 	WARN_ON_ONCE(old_cred != ovl_creds(dentry->d_sb));
557 
558 	return override_cred;
559 }
560 
ovl_create_or_link(struct dentry * dentry,struct inode * inode,struct ovl_cattr * attr,bool origin)561 static int ovl_create_or_link(struct dentry *dentry, struct inode *inode,
562 			      struct ovl_cattr *attr, bool origin)
563 {
564 	int err;
565 	const struct cred *old_cred, *new_cred = NULL;
566 	struct dentry *parent = dentry->d_parent;
567 
568 	old_cred = ovl_override_creds(dentry->d_sb);
569 
570 	/*
571 	 * When linking a file with copy up origin into a new parent, mark the
572 	 * new parent dir "impure".
573 	 */
574 	if (origin) {
575 		err = ovl_set_impure(parent, ovl_dentry_upper(parent));
576 		if (err)
577 			goto out_revert_creds;
578 	}
579 
580 	if (!attr->hardlink) {
581 		/*
582 		 * In the creation cases(create, mkdir, mknod, symlink),
583 		 * ovl should transfer current's fs{u,g}id to underlying
584 		 * fs. Because underlying fs want to initialize its new
585 		 * inode owner using current's fs{u,g}id. And in this
586 		 * case, the @inode is a new inode that is initialized
587 		 * in inode_init_owner() to current's fs{u,g}id. So use
588 		 * the inode's i_{u,g}id to override the cred's fs{u,g}id.
589 		 *
590 		 * But in the other hardlink case, ovl_link() does not
591 		 * create a new inode, so just use the ovl mounter's
592 		 * fs{u,g}id.
593 		 */
594 		new_cred = ovl_setup_cred_for_create(dentry, inode, attr->mode,
595 						     old_cred);
596 		err = PTR_ERR(new_cred);
597 		if (IS_ERR(new_cred)) {
598 			new_cred = NULL;
599 			goto out_revert_creds;
600 		}
601 	}
602 
603 	if (!ovl_dentry_is_whiteout(dentry))
604 		err = ovl_create_upper(dentry, inode, attr);
605 	else
606 		err = ovl_create_over_whiteout(dentry, inode, attr);
607 
608 out_revert_creds:
609 	ovl_revert_creds(old_cred);
610 	put_cred(new_cred);
611 	return err;
612 }
613 
ovl_create_object(struct dentry * dentry,int mode,dev_t rdev,const char * link)614 static int ovl_create_object(struct dentry *dentry, int mode, dev_t rdev,
615 			     const char *link)
616 {
617 	int err;
618 	struct inode *inode;
619 	struct ovl_cattr attr = {
620 		.rdev = rdev,
621 		.link = link,
622 	};
623 
624 	err = ovl_copy_up(dentry->d_parent);
625 	if (err)
626 		return err;
627 
628 	err = ovl_want_write(dentry);
629 	if (err)
630 		goto out;
631 
632 	/* Preallocate inode to be used by ovl_get_inode() */
633 	err = -ENOMEM;
634 	inode = ovl_new_inode(dentry->d_sb, mode, rdev);
635 	if (!inode)
636 		goto out_drop_write;
637 
638 	spin_lock(&inode->i_lock);
639 	inode->i_state |= I_CREATING;
640 	spin_unlock(&inode->i_lock);
641 
642 	inode_init_owner(&nop_mnt_idmap, inode, dentry->d_parent->d_inode, mode);
643 	attr.mode = inode->i_mode;
644 
645 	err = ovl_create_or_link(dentry, inode, &attr, false);
646 	/* Did we end up using the preallocated inode? */
647 	if (inode != d_inode(dentry))
648 		iput(inode);
649 
650 out_drop_write:
651 	ovl_drop_write(dentry);
652 out:
653 	return err;
654 }
655 
ovl_create(struct mnt_idmap * idmap,struct inode * dir,struct dentry * dentry,umode_t mode,bool excl)656 static int ovl_create(struct mnt_idmap *idmap, struct inode *dir,
657 		      struct dentry *dentry, umode_t mode, bool excl)
658 {
659 	return ovl_create_object(dentry, (mode & 07777) | S_IFREG, 0, NULL);
660 }
661 
ovl_mkdir(struct mnt_idmap * idmap,struct inode * dir,struct dentry * dentry,umode_t mode)662 static struct dentry *ovl_mkdir(struct mnt_idmap *idmap, struct inode *dir,
663 				struct dentry *dentry, umode_t mode)
664 {
665 	return ERR_PTR(ovl_create_object(dentry, (mode & 07777) | S_IFDIR, 0, NULL));
666 }
667 
ovl_mknod(struct mnt_idmap * idmap,struct inode * dir,struct dentry * dentry,umode_t mode,dev_t rdev)668 static int ovl_mknod(struct mnt_idmap *idmap, struct inode *dir,
669 		     struct dentry *dentry, umode_t mode, dev_t rdev)
670 {
671 	/* Don't allow creation of "whiteout" on overlay */
672 	if (S_ISCHR(mode) && rdev == WHITEOUT_DEV)
673 		return -EPERM;
674 
675 	return ovl_create_object(dentry, mode, rdev, NULL);
676 }
677 
ovl_symlink(struct mnt_idmap * idmap,struct inode * dir,struct dentry * dentry,const char * link)678 static int ovl_symlink(struct mnt_idmap *idmap, struct inode *dir,
679 		       struct dentry *dentry, const char *link)
680 {
681 	return ovl_create_object(dentry, S_IFLNK, 0, link);
682 }
683 
ovl_set_link_redirect(struct dentry * dentry)684 static int ovl_set_link_redirect(struct dentry *dentry)
685 {
686 	const struct cred *old_cred;
687 	int err;
688 
689 	old_cred = ovl_override_creds(dentry->d_sb);
690 	err = ovl_set_redirect(dentry, false);
691 	ovl_revert_creds(old_cred);
692 
693 	return err;
694 }
695 
ovl_link(struct dentry * old,struct inode * newdir,struct dentry * new)696 static int ovl_link(struct dentry *old, struct inode *newdir,
697 		    struct dentry *new)
698 {
699 	int err;
700 	struct inode *inode;
701 
702 	err = ovl_copy_up(old);
703 	if (err)
704 		goto out;
705 
706 	err = ovl_copy_up(new->d_parent);
707 	if (err)
708 		goto out;
709 
710 	err = ovl_nlink_start(old);
711 	if (err)
712 		goto out;
713 
714 	if (ovl_is_metacopy_dentry(old)) {
715 		err = ovl_set_link_redirect(old);
716 		if (err)
717 			goto out_nlink_end;
718 	}
719 
720 	inode = d_inode(old);
721 	ihold(inode);
722 
723 	err = ovl_create_or_link(new, inode,
724 			&(struct ovl_cattr) {.hardlink = ovl_dentry_upper(old)},
725 			ovl_type_origin(old));
726 	if (err)
727 		iput(inode);
728 
729 out_nlink_end:
730 	ovl_nlink_end(old);
731 out:
732 	return err;
733 }
734 
ovl_matches_upper(struct dentry * dentry,struct dentry * upper)735 static bool ovl_matches_upper(struct dentry *dentry, struct dentry *upper)
736 {
737 	return d_inode(ovl_dentry_upper(dentry)) == d_inode(upper);
738 }
739 
ovl_remove_and_whiteout(struct dentry * dentry,struct list_head * list)740 static int ovl_remove_and_whiteout(struct dentry *dentry,
741 				   struct list_head *list)
742 {
743 	struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
744 	struct dentry *workdir = ovl_workdir(dentry);
745 	struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
746 	struct dentry *upper;
747 	struct dentry *opaquedir = NULL;
748 	int err;
749 
750 	if (WARN_ON(!workdir))
751 		return -EROFS;
752 
753 	if (!list_empty(list)) {
754 		opaquedir = ovl_clear_empty(dentry, list);
755 		err = PTR_ERR(opaquedir);
756 		if (IS_ERR(opaquedir))
757 			goto out;
758 	}
759 
760 	err = ovl_lock_rename_workdir(workdir, upperdir);
761 	if (err)
762 		goto out_dput;
763 
764 	upper = ovl_lookup_upper(ofs, dentry->d_name.name, upperdir,
765 				 dentry->d_name.len);
766 	err = PTR_ERR(upper);
767 	if (IS_ERR(upper))
768 		goto out_unlock;
769 
770 	err = -ESTALE;
771 	if ((opaquedir && upper != opaquedir) ||
772 	    (!opaquedir && ovl_dentry_upper(dentry) &&
773 	     !ovl_matches_upper(dentry, upper))) {
774 		goto out_dput_upper;
775 	}
776 
777 	err = ovl_cleanup_and_whiteout(ofs, d_inode(upperdir), upper);
778 	if (err)
779 		goto out_d_drop;
780 
781 	ovl_dir_modified(dentry->d_parent, true);
782 out_d_drop:
783 	d_drop(dentry);
784 out_dput_upper:
785 	dput(upper);
786 out_unlock:
787 	unlock_rename(workdir, upperdir);
788 out_dput:
789 	dput(opaquedir);
790 out:
791 	return err;
792 }
793 
ovl_remove_upper(struct dentry * dentry,bool is_dir,struct list_head * list)794 static int ovl_remove_upper(struct dentry *dentry, bool is_dir,
795 			    struct list_head *list)
796 {
797 	struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
798 	struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
799 	struct inode *dir = upperdir->d_inode;
800 	struct dentry *upper;
801 	struct dentry *opaquedir = NULL;
802 	int err;
803 
804 	if (!list_empty(list)) {
805 		opaquedir = ovl_clear_empty(dentry, list);
806 		err = PTR_ERR(opaquedir);
807 		if (IS_ERR(opaquedir))
808 			goto out;
809 	}
810 
811 	inode_lock_nested(dir, I_MUTEX_PARENT);
812 	upper = ovl_lookup_upper(ofs, dentry->d_name.name, upperdir,
813 				 dentry->d_name.len);
814 	err = PTR_ERR(upper);
815 	if (IS_ERR(upper))
816 		goto out_unlock;
817 
818 	err = -ESTALE;
819 	if ((opaquedir && upper != opaquedir) ||
820 	    (!opaquedir && !ovl_matches_upper(dentry, upper)))
821 		goto out_dput_upper;
822 
823 	if (is_dir)
824 		err = ovl_do_rmdir(ofs, dir, upper);
825 	else
826 		err = ovl_do_unlink(ofs, dir, upper);
827 	ovl_dir_modified(dentry->d_parent, ovl_type_origin(dentry));
828 
829 	/*
830 	 * Keeping this dentry hashed would mean having to release
831 	 * upperpath/lowerpath, which could only be done if we are the
832 	 * sole user of this dentry.  Too tricky...  Just unhash for
833 	 * now.
834 	 */
835 	if (!err)
836 		d_drop(dentry);
837 out_dput_upper:
838 	dput(upper);
839 out_unlock:
840 	inode_unlock(dir);
841 	dput(opaquedir);
842 out:
843 	return err;
844 }
845 
ovl_pure_upper(struct dentry * dentry)846 static bool ovl_pure_upper(struct dentry *dentry)
847 {
848 	return !ovl_dentry_lower(dentry) &&
849 	       !ovl_test_flag(OVL_WHITEOUTS, d_inode(dentry));
850 }
851 
ovl_drop_nlink(struct dentry * dentry)852 static void ovl_drop_nlink(struct dentry *dentry)
853 {
854 	struct inode *inode = d_inode(dentry);
855 	struct dentry *alias;
856 
857 	/* Try to find another, hashed alias */
858 	spin_lock(&inode->i_lock);
859 	hlist_for_each_entry(alias, &inode->i_dentry, d_u.d_alias) {
860 		if (alias != dentry && !d_unhashed(alias))
861 			break;
862 	}
863 	spin_unlock(&inode->i_lock);
864 
865 	/*
866 	 * Changes to underlying layers may cause i_nlink to lose sync with
867 	 * reality.  In this case prevent the link count from going to zero
868 	 * prematurely.
869 	 */
870 	if (inode->i_nlink > !!alias)
871 		drop_nlink(inode);
872 }
873 
ovl_do_remove(struct dentry * dentry,bool is_dir)874 static int ovl_do_remove(struct dentry *dentry, bool is_dir)
875 {
876 	int err;
877 	const struct cred *old_cred;
878 	bool lower_positive = ovl_lower_positive(dentry);
879 	LIST_HEAD(list);
880 
881 	/* No need to clean pure upper removed by vfs_rmdir() */
882 	if (is_dir && (lower_positive || !ovl_pure_upper(dentry))) {
883 		err = ovl_check_empty_dir(dentry, &list);
884 		if (err)
885 			goto out;
886 	}
887 
888 	err = ovl_copy_up(dentry->d_parent);
889 	if (err)
890 		goto out;
891 
892 	err = ovl_nlink_start(dentry);
893 	if (err)
894 		goto out;
895 
896 	old_cred = ovl_override_creds(dentry->d_sb);
897 	if (!lower_positive)
898 		err = ovl_remove_upper(dentry, is_dir, &list);
899 	else
900 		err = ovl_remove_and_whiteout(dentry, &list);
901 	ovl_revert_creds(old_cred);
902 	if (!err) {
903 		if (is_dir)
904 			clear_nlink(dentry->d_inode);
905 		else
906 			ovl_drop_nlink(dentry);
907 	}
908 	ovl_nlink_end(dentry);
909 
910 	/*
911 	 * Copy ctime
912 	 *
913 	 * Note: we fail to update ctime if there was no copy-up, only a
914 	 * whiteout
915 	 */
916 	if (ovl_dentry_upper(dentry))
917 		ovl_copyattr(d_inode(dentry));
918 
919 out:
920 	ovl_cache_free(&list);
921 	return err;
922 }
923 
ovl_unlink(struct inode * dir,struct dentry * dentry)924 static int ovl_unlink(struct inode *dir, struct dentry *dentry)
925 {
926 	return ovl_do_remove(dentry, false);
927 }
928 
ovl_rmdir(struct inode * dir,struct dentry * dentry)929 static int ovl_rmdir(struct inode *dir, struct dentry *dentry)
930 {
931 	return ovl_do_remove(dentry, true);
932 }
933 
ovl_type_merge_or_lower(struct dentry * dentry)934 static bool ovl_type_merge_or_lower(struct dentry *dentry)
935 {
936 	enum ovl_path_type type = ovl_path_type(dentry);
937 
938 	return OVL_TYPE_MERGE(type) || !OVL_TYPE_UPPER(type);
939 }
940 
ovl_can_move(struct dentry * dentry)941 static bool ovl_can_move(struct dentry *dentry)
942 {
943 	return ovl_redirect_dir(OVL_FS(dentry->d_sb)) ||
944 		!d_is_dir(dentry) || !ovl_type_merge_or_lower(dentry);
945 }
946 
ovl_get_redirect(struct dentry * dentry,bool abs_redirect)947 static char *ovl_get_redirect(struct dentry *dentry, bool abs_redirect)
948 {
949 	char *buf, *ret;
950 	struct dentry *d, *tmp;
951 	int buflen = ovl_redirect_max + 1;
952 
953 	if (!abs_redirect) {
954 		ret = kstrndup(dentry->d_name.name, dentry->d_name.len,
955 			       GFP_KERNEL);
956 		goto out;
957 	}
958 
959 	buf = ret = kmalloc(buflen, GFP_KERNEL);
960 	if (!buf)
961 		goto out;
962 
963 	buflen--;
964 	buf[buflen] = '\0';
965 	for (d = dget(dentry); !IS_ROOT(d);) {
966 		const char *name;
967 		int thislen;
968 
969 		spin_lock(&d->d_lock);
970 		name = ovl_dentry_get_redirect(d);
971 		if (name) {
972 			thislen = strlen(name);
973 		} else {
974 			name = d->d_name.name;
975 			thislen = d->d_name.len;
976 		}
977 
978 		/* If path is too long, fall back to userspace move */
979 		if (thislen + (name[0] != '/') > buflen) {
980 			ret = ERR_PTR(-EXDEV);
981 			spin_unlock(&d->d_lock);
982 			goto out_put;
983 		}
984 
985 		buflen -= thislen;
986 		memcpy(&buf[buflen], name, thislen);
987 		spin_unlock(&d->d_lock);
988 		tmp = dget_parent(d);
989 
990 		dput(d);
991 		d = tmp;
992 
993 		/* Absolute redirect: finished */
994 		if (buf[buflen] == '/')
995 			break;
996 		buflen--;
997 		buf[buflen] = '/';
998 	}
999 	ret = kstrdup(&buf[buflen], GFP_KERNEL);
1000 out_put:
1001 	dput(d);
1002 	kfree(buf);
1003 out:
1004 	return ret ? ret : ERR_PTR(-ENOMEM);
1005 }
1006 
ovl_need_absolute_redirect(struct dentry * dentry,bool samedir)1007 static bool ovl_need_absolute_redirect(struct dentry *dentry, bool samedir)
1008 {
1009 	struct dentry *lowerdentry;
1010 
1011 	if (!samedir)
1012 		return true;
1013 
1014 	if (d_is_dir(dentry))
1015 		return false;
1016 
1017 	/*
1018 	 * For non-dir hardlinked files, we need absolute redirects
1019 	 * in general as two upper hardlinks could be in different
1020 	 * dirs. We could put a relative redirect now and convert
1021 	 * it to absolute redirect later. But when nlink > 1 and
1022 	 * indexing is on, that means relative redirect needs to be
1023 	 * converted to absolute during copy up of another lower
1024 	 * hardllink as well.
1025 	 *
1026 	 * So without optimizing too much, just check if lower is
1027 	 * a hard link or not. If lower is hard link, put absolute
1028 	 * redirect.
1029 	 */
1030 	lowerdentry = ovl_dentry_lower(dentry);
1031 	return (d_inode(lowerdentry)->i_nlink > 1);
1032 }
1033 
ovl_set_redirect(struct dentry * dentry,bool samedir)1034 static int ovl_set_redirect(struct dentry *dentry, bool samedir)
1035 {
1036 	int err;
1037 	struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
1038 	const char *redirect = ovl_dentry_get_redirect(dentry);
1039 	bool absolute_redirect = ovl_need_absolute_redirect(dentry, samedir);
1040 
1041 	if (redirect && (!absolute_redirect || redirect[0] == '/'))
1042 		return 0;
1043 
1044 	redirect = ovl_get_redirect(dentry, absolute_redirect);
1045 	if (IS_ERR(redirect))
1046 		return PTR_ERR(redirect);
1047 
1048 	err = ovl_check_setxattr(ofs, ovl_dentry_upper(dentry),
1049 				 OVL_XATTR_REDIRECT,
1050 				 redirect, strlen(redirect), -EXDEV);
1051 	if (!err) {
1052 		spin_lock(&dentry->d_lock);
1053 		ovl_dentry_set_redirect(dentry, redirect);
1054 		spin_unlock(&dentry->d_lock);
1055 	} else {
1056 		kfree(redirect);
1057 		pr_warn_ratelimited("failed to set redirect (%i)\n",
1058 				    err);
1059 		/* Fall back to userspace copy-up */
1060 		err = -EXDEV;
1061 	}
1062 	return err;
1063 }
1064 
ovl_rename(struct mnt_idmap * idmap,struct inode * olddir,struct dentry * old,struct inode * newdir,struct dentry * new,unsigned int flags)1065 static int ovl_rename(struct mnt_idmap *idmap, struct inode *olddir,
1066 		      struct dentry *old, struct inode *newdir,
1067 		      struct dentry *new, unsigned int flags)
1068 {
1069 	int err;
1070 	struct dentry *old_upperdir;
1071 	struct dentry *new_upperdir;
1072 	struct dentry *olddentry;
1073 	struct dentry *newdentry;
1074 	struct dentry *trap;
1075 	bool old_opaque;
1076 	bool new_opaque;
1077 	bool cleanup_whiteout = false;
1078 	bool update_nlink = false;
1079 	bool overwrite = !(flags & RENAME_EXCHANGE);
1080 	bool is_dir = d_is_dir(old);
1081 	bool new_is_dir = d_is_dir(new);
1082 	bool samedir = olddir == newdir;
1083 	struct dentry *opaquedir = NULL;
1084 	const struct cred *old_cred = NULL;
1085 	struct ovl_fs *ofs = OVL_FS(old->d_sb);
1086 	LIST_HEAD(list);
1087 
1088 	err = -EINVAL;
1089 	if (flags & ~(RENAME_EXCHANGE | RENAME_NOREPLACE))
1090 		goto out;
1091 
1092 	flags &= ~RENAME_NOREPLACE;
1093 
1094 	/* Don't copy up directory trees */
1095 	err = -EXDEV;
1096 	if (!ovl_can_move(old))
1097 		goto out;
1098 	if (!overwrite && !ovl_can_move(new))
1099 		goto out;
1100 
1101 	if (overwrite && new_is_dir && !ovl_pure_upper(new)) {
1102 		err = ovl_check_empty_dir(new, &list);
1103 		if (err)
1104 			goto out;
1105 	}
1106 
1107 	if (overwrite) {
1108 		if (ovl_lower_positive(old)) {
1109 			if (!ovl_dentry_is_whiteout(new)) {
1110 				/* Whiteout source */
1111 				flags |= RENAME_WHITEOUT;
1112 			} else {
1113 				/* Switch whiteouts */
1114 				flags |= RENAME_EXCHANGE;
1115 			}
1116 		} else if (is_dir && ovl_dentry_is_whiteout(new)) {
1117 			flags |= RENAME_EXCHANGE;
1118 			cleanup_whiteout = true;
1119 		}
1120 	}
1121 
1122 	err = ovl_copy_up(old);
1123 	if (err)
1124 		goto out;
1125 
1126 	err = ovl_copy_up(new->d_parent);
1127 	if (err)
1128 		goto out;
1129 	if (!overwrite) {
1130 		err = ovl_copy_up(new);
1131 		if (err)
1132 			goto out;
1133 	} else if (d_inode(new)) {
1134 		err = ovl_nlink_start(new);
1135 		if (err)
1136 			goto out;
1137 
1138 		update_nlink = true;
1139 	}
1140 
1141 	if (!update_nlink) {
1142 		/* ovl_nlink_start() took ovl_want_write() */
1143 		err = ovl_want_write(old);
1144 		if (err)
1145 			goto out;
1146 	}
1147 
1148 	old_cred = ovl_override_creds(old->d_sb);
1149 
1150 	if (!list_empty(&list)) {
1151 		opaquedir = ovl_clear_empty(new, &list);
1152 		err = PTR_ERR(opaquedir);
1153 		if (IS_ERR(opaquedir)) {
1154 			opaquedir = NULL;
1155 			goto out_revert_creds;
1156 		}
1157 	}
1158 
1159 	old_upperdir = ovl_dentry_upper(old->d_parent);
1160 	new_upperdir = ovl_dentry_upper(new->d_parent);
1161 
1162 	if (!samedir) {
1163 		/*
1164 		 * When moving a merge dir or non-dir with copy up origin into
1165 		 * a new parent, we are marking the new parent dir "impure".
1166 		 * When ovl_iterate() iterates an "impure" upper dir, it will
1167 		 * lookup the origin inodes of the entries to fill d_ino.
1168 		 */
1169 		if (ovl_type_origin(old)) {
1170 			err = ovl_set_impure(new->d_parent, new_upperdir);
1171 			if (err)
1172 				goto out_revert_creds;
1173 		}
1174 		if (!overwrite && ovl_type_origin(new)) {
1175 			err = ovl_set_impure(old->d_parent, old_upperdir);
1176 			if (err)
1177 				goto out_revert_creds;
1178 		}
1179 	}
1180 
1181 	trap = lock_rename(new_upperdir, old_upperdir);
1182 	if (IS_ERR(trap)) {
1183 		err = PTR_ERR(trap);
1184 		goto out_revert_creds;
1185 	}
1186 
1187 	olddentry = ovl_lookup_upper(ofs, old->d_name.name, old_upperdir,
1188 				     old->d_name.len);
1189 	err = PTR_ERR(olddentry);
1190 	if (IS_ERR(olddentry))
1191 		goto out_unlock;
1192 
1193 	err = -ESTALE;
1194 	if (!ovl_matches_upper(old, olddentry))
1195 		goto out_dput_old;
1196 
1197 	newdentry = ovl_lookup_upper(ofs, new->d_name.name, new_upperdir,
1198 				     new->d_name.len);
1199 	err = PTR_ERR(newdentry);
1200 	if (IS_ERR(newdentry))
1201 		goto out_dput_old;
1202 
1203 	old_opaque = ovl_dentry_is_opaque(old);
1204 	new_opaque = ovl_dentry_is_opaque(new);
1205 
1206 	err = -ESTALE;
1207 	if (d_inode(new) && ovl_dentry_upper(new)) {
1208 		if (opaquedir) {
1209 			if (newdentry != opaquedir)
1210 				goto out_dput;
1211 		} else {
1212 			if (!ovl_matches_upper(new, newdentry))
1213 				goto out_dput;
1214 		}
1215 	} else {
1216 		if (!d_is_negative(newdentry)) {
1217 			if (!new_opaque || !ovl_upper_is_whiteout(ofs, newdentry))
1218 				goto out_dput;
1219 		} else {
1220 			if (flags & RENAME_EXCHANGE)
1221 				goto out_dput;
1222 		}
1223 	}
1224 
1225 	if (olddentry == trap)
1226 		goto out_dput;
1227 	if (newdentry == trap)
1228 		goto out_dput;
1229 
1230 	if (olddentry->d_inode == newdentry->d_inode)
1231 		goto out_dput;
1232 
1233 	err = 0;
1234 	if (ovl_type_merge_or_lower(old))
1235 		err = ovl_set_redirect(old, samedir);
1236 	else if (is_dir && !old_opaque && ovl_type_merge(new->d_parent))
1237 		err = ovl_set_opaque_xerr(old, olddentry, -EXDEV);
1238 	if (err)
1239 		goto out_dput;
1240 
1241 	if (!overwrite && ovl_type_merge_or_lower(new))
1242 		err = ovl_set_redirect(new, samedir);
1243 	else if (!overwrite && new_is_dir && !new_opaque &&
1244 		 ovl_type_merge(old->d_parent))
1245 		err = ovl_set_opaque_xerr(new, newdentry, -EXDEV);
1246 	if (err)
1247 		goto out_dput;
1248 
1249 	err = ovl_do_rename(ofs, old_upperdir->d_inode, olddentry,
1250 			    new_upperdir->d_inode, newdentry, flags);
1251 	if (err)
1252 		goto out_dput;
1253 
1254 	if (cleanup_whiteout)
1255 		ovl_cleanup(ofs, old_upperdir->d_inode, newdentry);
1256 
1257 	if (overwrite && d_inode(new)) {
1258 		if (new_is_dir)
1259 			clear_nlink(d_inode(new));
1260 		else
1261 			ovl_drop_nlink(new);
1262 	}
1263 
1264 	ovl_dir_modified(old->d_parent, ovl_type_origin(old) ||
1265 			 (!overwrite && ovl_type_origin(new)));
1266 	ovl_dir_modified(new->d_parent, ovl_type_origin(old) ||
1267 			 (d_inode(new) && ovl_type_origin(new)));
1268 
1269 	/* copy ctime: */
1270 	ovl_copyattr(d_inode(old));
1271 	if (d_inode(new) && ovl_dentry_upper(new))
1272 		ovl_copyattr(d_inode(new));
1273 
1274 out_dput:
1275 	dput(newdentry);
1276 out_dput_old:
1277 	dput(olddentry);
1278 out_unlock:
1279 	unlock_rename(new_upperdir, old_upperdir);
1280 out_revert_creds:
1281 	ovl_revert_creds(old_cred);
1282 	if (update_nlink)
1283 		ovl_nlink_end(new);
1284 	else
1285 		ovl_drop_write(old);
1286 out:
1287 	dput(opaquedir);
1288 	ovl_cache_free(&list);
1289 	return err;
1290 }
1291 
ovl_create_tmpfile(struct file * file,struct dentry * dentry,struct inode * inode,umode_t mode)1292 static int ovl_create_tmpfile(struct file *file, struct dentry *dentry,
1293 			      struct inode *inode, umode_t mode)
1294 {
1295 	const struct cred *old_cred, *new_cred = NULL;
1296 	struct path realparentpath;
1297 	struct file *realfile;
1298 	struct ovl_file *of;
1299 	struct dentry *newdentry;
1300 	/* It's okay to set O_NOATIME, since the owner will be current fsuid */
1301 	int flags = file->f_flags | OVL_OPEN_FLAGS;
1302 	int err;
1303 
1304 	old_cred = ovl_override_creds(dentry->d_sb);
1305 	new_cred = ovl_setup_cred_for_create(dentry, inode, mode, old_cred);
1306 	err = PTR_ERR(new_cred);
1307 	if (IS_ERR(new_cred)) {
1308 		new_cred = NULL;
1309 		goto out_revert_creds;
1310 	}
1311 
1312 	ovl_path_upper(dentry->d_parent, &realparentpath);
1313 	realfile = backing_tmpfile_open(&file->f_path, flags, &realparentpath,
1314 					mode, current_cred());
1315 	err = PTR_ERR_OR_ZERO(realfile);
1316 	pr_debug("tmpfile/open(%pd2, 0%o) = %i\n", realparentpath.dentry, mode, err);
1317 	if (err)
1318 		goto out_revert_creds;
1319 
1320 	of = ovl_file_alloc(realfile);
1321 	if (!of) {
1322 		fput(realfile);
1323 		err = -ENOMEM;
1324 		goto out_revert_creds;
1325 	}
1326 
1327 	/* ovl_instantiate() consumes the newdentry reference on success */
1328 	newdentry = dget(realfile->f_path.dentry);
1329 	err = ovl_instantiate(dentry, inode, newdentry, false, file);
1330 	if (!err) {
1331 		file->private_data = of;
1332 	} else {
1333 		dput(newdentry);
1334 		ovl_file_free(of);
1335 	}
1336 out_revert_creds:
1337 	ovl_revert_creds(old_cred);
1338 	put_cred(new_cred);
1339 	return err;
1340 }
1341 
ovl_dummy_open(struct inode * inode,struct file * file)1342 static int ovl_dummy_open(struct inode *inode, struct file *file)
1343 {
1344 	return 0;
1345 }
1346 
ovl_tmpfile(struct mnt_idmap * idmap,struct inode * dir,struct file * file,umode_t mode)1347 static int ovl_tmpfile(struct mnt_idmap *idmap, struct inode *dir,
1348 		       struct file *file, umode_t mode)
1349 {
1350 	int err;
1351 	struct dentry *dentry = file->f_path.dentry;
1352 	struct inode *inode;
1353 
1354 	if (!OVL_FS(dentry->d_sb)->tmpfile)
1355 		return -EOPNOTSUPP;
1356 
1357 	err = ovl_copy_up(dentry->d_parent);
1358 	if (err)
1359 		return err;
1360 
1361 	err = ovl_want_write(dentry);
1362 	if (err)
1363 		return err;
1364 
1365 	err = -ENOMEM;
1366 	inode = ovl_new_inode(dentry->d_sb, mode, 0);
1367 	if (!inode)
1368 		goto drop_write;
1369 
1370 	inode_init_owner(&nop_mnt_idmap, inode, dir, mode);
1371 	err = ovl_create_tmpfile(file, dentry, inode, inode->i_mode);
1372 	if (err)
1373 		goto put_inode;
1374 
1375 	/*
1376 	 * Check if the preallocated inode was actually used.  Having something
1377 	 * else assigned to the dentry shouldn't happen as that would indicate
1378 	 * that the backing tmpfile "leaked" out of overlayfs.
1379 	 */
1380 	err = -EIO;
1381 	if (WARN_ON(inode != d_inode(dentry)))
1382 		goto put_realfile;
1383 
1384 	/* inode reference was transferred to dentry */
1385 	inode = NULL;
1386 	err = finish_open(file, dentry, ovl_dummy_open);
1387 put_realfile:
1388 	/* Without FMODE_OPENED ->release() won't be called on @file */
1389 	if (!(file->f_mode & FMODE_OPENED))
1390 		ovl_file_free(file->private_data);
1391 put_inode:
1392 	iput(inode);
1393 drop_write:
1394 	ovl_drop_write(dentry);
1395 	return err;
1396 }
1397 
1398 const struct inode_operations ovl_dir_inode_operations = {
1399 	.lookup		= ovl_lookup,
1400 	.mkdir		= ovl_mkdir,
1401 	.symlink	= ovl_symlink,
1402 	.unlink		= ovl_unlink,
1403 	.rmdir		= ovl_rmdir,
1404 	.rename		= ovl_rename,
1405 	.link		= ovl_link,
1406 	.setattr	= ovl_setattr,
1407 	.create		= ovl_create,
1408 	.mknod		= ovl_mknod,
1409 	.permission	= ovl_permission,
1410 	.getattr	= ovl_getattr,
1411 	.listxattr	= ovl_listxattr,
1412 	.get_inode_acl	= ovl_get_inode_acl,
1413 	.get_acl	= ovl_get_acl,
1414 	.set_acl	= ovl_set_acl,
1415 	.update_time	= ovl_update_time,
1416 	.fileattr_get	= ovl_fileattr_get,
1417 	.fileattr_set	= ovl_fileattr_set,
1418 	.tmpfile	= ovl_tmpfile,
1419 };
1420