1/* 2 * 3 * Copyright (C) 2011 Novell Inc. 4 * 5 * This program is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 as published by 7 * the Free Software Foundation. 8 */ 9 10#include <linux/fs.h> 11#include <linux/slab.h> 12#include <linux/xattr.h> 13#include "overlayfs.h" 14 15static int ovl_copy_up_last(struct dentry *dentry, struct iattr *attr, 16 bool no_data) 17{ 18 int err; 19 struct dentry *parent; 20 struct kstat stat; 21 struct path lowerpath; 22 23 parent = dget_parent(dentry); 24 err = ovl_copy_up(parent); 25 if (err) 26 goto out_dput_parent; 27 28 ovl_path_lower(dentry, &lowerpath); 29 err = vfs_getattr(&lowerpath, &stat); 30 if (err) 31 goto out_dput_parent; 32 33 if (no_data) 34 stat.size = 0; 35 36 err = ovl_copy_up_one(parent, dentry, &lowerpath, &stat, attr); 37 38out_dput_parent: 39 dput(parent); 40 return err; 41} 42 43int ovl_setattr(struct dentry *dentry, struct iattr *attr) 44{ 45 int err; 46 struct dentry *upperdentry; 47 48 /* 49 * Check for permissions before trying to copy-up. This is redundant 50 * since it will be rechecked later by ->setattr() on upper dentry. But 51 * without this, copy-up can be triggered by just about anybody. 52 * 53 * We don't initialize inode->size, which just means that 54 * inode_newsize_ok() will always check against MAX_LFS_FILESIZE and not 55 * check for a swapfile (which this won't be anyway). 56 */ 57 err = inode_change_ok(dentry->d_inode, attr); 58 if (err) 59 return err; 60 61 err = ovl_want_write(dentry); 62 if (err) 63 goto out; 64 65 err = ovl_copy_up(dentry); 66 if (!err) { 67 upperdentry = ovl_dentry_upper(dentry); 68 69 mutex_lock(&upperdentry->d_inode->i_mutex); 70 err = notify_change(upperdentry, attr, NULL); 71 if (!err) 72 ovl_copyattr(upperdentry->d_inode, dentry->d_inode); 73 mutex_unlock(&upperdentry->d_inode->i_mutex); 74 } 75 ovl_drop_write(dentry); 76out: 77 return err; 78} 79 80static int ovl_getattr(struct vfsmount *mnt, struct dentry *dentry, 81 struct kstat *stat) 82{ 83 struct path realpath; 84 85 ovl_path_real(dentry, &realpath); 86 return vfs_getattr(&realpath, stat); 87} 88 89int ovl_permission(struct inode *inode, int mask) 90{ 91 struct ovl_entry *oe; 92 struct dentry *alias = NULL; 93 struct inode *realinode; 94 struct dentry *realdentry; 95 bool is_upper; 96 int err; 97 98 if (S_ISDIR(inode->i_mode)) { 99 oe = inode->i_private; 100 } else if (mask & MAY_NOT_BLOCK) { 101 return -ECHILD; 102 } else { 103 /* 104 * For non-directories find an alias and get the info 105 * from there. 106 */ 107 alias = d_find_any_alias(inode); 108 if (WARN_ON(!alias)) 109 return -ENOENT; 110 111 oe = alias->d_fsdata; 112 } 113 114 realdentry = ovl_entry_real(oe, &is_upper); 115 116 /* Careful in RCU walk mode */ 117 realinode = ACCESS_ONCE(realdentry->d_inode); 118 if (!realinode) { 119 WARN_ON(!(mask & MAY_NOT_BLOCK)); 120 err = -ENOENT; 121 goto out_dput; 122 } 123 124 if (mask & MAY_WRITE) { 125 umode_t mode = realinode->i_mode; 126 127 /* 128 * Writes will always be redirected to upper layer, so 129 * ignore lower layer being read-only. 130 * 131 * If the overlay itself is read-only then proceed 132 * with the permission check, don't return EROFS. 133 * This will only happen if this is the lower layer of 134 * another overlayfs. 135 * 136 * If upper fs becomes read-only after the overlay was 137 * constructed return EROFS to prevent modification of 138 * upper layer. 139 */ 140 err = -EROFS; 141 if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) && 142 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode))) 143 goto out_dput; 144 } 145 146 err = __inode_permission(realinode, mask); 147out_dput: 148 dput(alias); 149 return err; 150} 151 152 153struct ovl_link_data { 154 struct dentry *realdentry; 155 void *cookie; 156}; 157 158static void *ovl_follow_link(struct dentry *dentry, struct nameidata *nd) 159{ 160 void *ret; 161 struct dentry *realdentry; 162 struct inode *realinode; 163 164 realdentry = ovl_dentry_real(dentry); 165 realinode = realdentry->d_inode; 166 167 if (WARN_ON(!realinode->i_op->follow_link)) 168 return ERR_PTR(-EPERM); 169 170 ret = realinode->i_op->follow_link(realdentry, nd); 171 if (IS_ERR(ret)) 172 return ret; 173 174 if (realinode->i_op->put_link) { 175 struct ovl_link_data *data; 176 177 data = kmalloc(sizeof(struct ovl_link_data), GFP_KERNEL); 178 if (!data) { 179 realinode->i_op->put_link(realdentry, nd, ret); 180 return ERR_PTR(-ENOMEM); 181 } 182 data->realdentry = realdentry; 183 data->cookie = ret; 184 185 return data; 186 } else { 187 return NULL; 188 } 189} 190 191static void ovl_put_link(struct dentry *dentry, struct nameidata *nd, void *c) 192{ 193 struct inode *realinode; 194 struct ovl_link_data *data = c; 195 196 if (!data) 197 return; 198 199 realinode = data->realdentry->d_inode; 200 realinode->i_op->put_link(data->realdentry, nd, data->cookie); 201 kfree(data); 202} 203 204static int ovl_readlink(struct dentry *dentry, char __user *buf, int bufsiz) 205{ 206 struct path realpath; 207 struct inode *realinode; 208 209 ovl_path_real(dentry, &realpath); 210 realinode = realpath.dentry->d_inode; 211 212 if (!realinode->i_op->readlink) 213 return -EINVAL; 214 215 touch_atime(&realpath); 216 217 return realinode->i_op->readlink(realpath.dentry, buf, bufsiz); 218} 219 220 221static bool ovl_is_private_xattr(const char *name) 222{ 223 return strncmp(name, OVL_XATTR_PRE_NAME, OVL_XATTR_PRE_LEN) == 0; 224} 225 226int ovl_setxattr(struct dentry *dentry, const char *name, 227 const void *value, size_t size, int flags) 228{ 229 int err; 230 struct dentry *upperdentry; 231 232 err = ovl_want_write(dentry); 233 if (err) 234 goto out; 235 236 err = -EPERM; 237 if (ovl_is_private_xattr(name)) 238 goto out_drop_write; 239 240 err = ovl_copy_up(dentry); 241 if (err) 242 goto out_drop_write; 243 244 upperdentry = ovl_dentry_upper(dentry); 245 err = vfs_setxattr(upperdentry, name, value, size, flags); 246 247out_drop_write: 248 ovl_drop_write(dentry); 249out: 250 return err; 251} 252 253static bool ovl_need_xattr_filter(struct dentry *dentry, 254 enum ovl_path_type type) 255{ 256 if ((type & (__OVL_PATH_PURE | __OVL_PATH_UPPER)) == __OVL_PATH_UPPER) 257 return S_ISDIR(dentry->d_inode->i_mode); 258 else 259 return false; 260} 261 262ssize_t ovl_getxattr(struct dentry *dentry, const char *name, 263 void *value, size_t size) 264{ 265 struct path realpath; 266 enum ovl_path_type type = ovl_path_real(dentry, &realpath); 267 268 if (ovl_need_xattr_filter(dentry, type) && ovl_is_private_xattr(name)) 269 return -ENODATA; 270 271 return vfs_getxattr(realpath.dentry, name, value, size); 272} 273 274ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size) 275{ 276 struct path realpath; 277 enum ovl_path_type type = ovl_path_real(dentry, &realpath); 278 ssize_t res; 279 int off; 280 281 res = vfs_listxattr(realpath.dentry, list, size); 282 if (res <= 0 || size == 0) 283 return res; 284 285 if (!ovl_need_xattr_filter(dentry, type)) 286 return res; 287 288 /* filter out private xattrs */ 289 for (off = 0; off < res;) { 290 char *s = list + off; 291 size_t slen = strlen(s) + 1; 292 293 BUG_ON(off + slen > res); 294 295 if (ovl_is_private_xattr(s)) { 296 res -= slen; 297 memmove(s, s + slen, res - off); 298 } else { 299 off += slen; 300 } 301 } 302 303 return res; 304} 305 306int ovl_removexattr(struct dentry *dentry, const char *name) 307{ 308 int err; 309 struct path realpath; 310 enum ovl_path_type type = ovl_path_real(dentry, &realpath); 311 312 err = ovl_want_write(dentry); 313 if (err) 314 goto out; 315 316 err = -ENODATA; 317 if (ovl_need_xattr_filter(dentry, type) && ovl_is_private_xattr(name)) 318 goto out_drop_write; 319 320 if (!OVL_TYPE_UPPER(type)) { 321 err = vfs_getxattr(realpath.dentry, name, NULL, 0); 322 if (err < 0) 323 goto out_drop_write; 324 325 err = ovl_copy_up(dentry); 326 if (err) 327 goto out_drop_write; 328 329 ovl_path_upper(dentry, &realpath); 330 } 331 332 err = vfs_removexattr(realpath.dentry, name); 333out_drop_write: 334 ovl_drop_write(dentry); 335out: 336 return err; 337} 338 339static bool ovl_open_need_copy_up(int flags, enum ovl_path_type type, 340 struct dentry *realdentry) 341{ 342 if (OVL_TYPE_UPPER(type)) 343 return false; 344 345 if (special_file(realdentry->d_inode->i_mode)) 346 return false; 347 348 if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC)) 349 return false; 350 351 return true; 352} 353 354struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags) 355{ 356 int err; 357 struct path realpath; 358 enum ovl_path_type type; 359 360 if (d_is_dir(dentry)) 361 return d_backing_inode(dentry); 362 363 type = ovl_path_real(dentry, &realpath); 364 if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) { 365 err = ovl_want_write(dentry); 366 if (err) 367 return ERR_PTR(err); 368 369 if (file_flags & O_TRUNC) 370 err = ovl_copy_up_last(dentry, NULL, true); 371 else 372 err = ovl_copy_up(dentry); 373 ovl_drop_write(dentry); 374 if (err) 375 return ERR_PTR(err); 376 377 ovl_path_upper(dentry, &realpath); 378 } 379 380 return d_backing_inode(realpath.dentry); 381} 382 383static const struct inode_operations ovl_file_inode_operations = { 384 .setattr = ovl_setattr, 385 .permission = ovl_permission, 386 .getattr = ovl_getattr, 387 .setxattr = ovl_setxattr, 388 .getxattr = ovl_getxattr, 389 .listxattr = ovl_listxattr, 390 .removexattr = ovl_removexattr, 391}; 392 393static const struct inode_operations ovl_symlink_inode_operations = { 394 .setattr = ovl_setattr, 395 .follow_link = ovl_follow_link, 396 .put_link = ovl_put_link, 397 .readlink = ovl_readlink, 398 .getattr = ovl_getattr, 399 .setxattr = ovl_setxattr, 400 .getxattr = ovl_getxattr, 401 .listxattr = ovl_listxattr, 402 .removexattr = ovl_removexattr, 403}; 404 405struct inode *ovl_new_inode(struct super_block *sb, umode_t mode, 406 struct ovl_entry *oe) 407{ 408 struct inode *inode; 409 410 inode = new_inode(sb); 411 if (!inode) 412 return NULL; 413 414 mode &= S_IFMT; 415 416 inode->i_ino = get_next_ino(); 417 inode->i_mode = mode; 418 inode->i_flags |= S_NOATIME | S_NOCMTIME; 419 420 switch (mode) { 421 case S_IFDIR: 422 inode->i_private = oe; 423 inode->i_op = &ovl_dir_inode_operations; 424 inode->i_fop = &ovl_dir_operations; 425 break; 426 427 case S_IFLNK: 428 inode->i_op = &ovl_symlink_inode_operations; 429 break; 430 431 case S_IFREG: 432 case S_IFSOCK: 433 case S_IFBLK: 434 case S_IFCHR: 435 case S_IFIFO: 436 inode->i_op = &ovl_file_inode_operations; 437 break; 438 439 default: 440 WARN(1, "illegal file type: %i\n", mode); 441 iput(inode); 442 inode = NULL; 443 } 444 445 return inode; 446} 447