xref: /linux/fs/overlayfs/inode.c (revision 32786fdc9506aeba98278c1844d4bfb766863832) 
1 /*
2  *
3  * Copyright (C) 2011 Novell Inc.
4  *
5  * This program is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 as published by
7  * the Free Software Foundation.
8  */
9 
10 #include <linux/fs.h>
11 #include <linux/slab.h>
12 #include <linux/xattr.h>
13 #include <linux/posix_acl.h>
14 #include "overlayfs.h"
15 
16 int ovl_setattr(struct dentry *dentry, struct iattr *attr)
17 {
18 	int err;
19 	struct dentry *upperdentry;
20 	const struct cred *old_cred;
21 
22 	/*
23 	 * Check for permissions before trying to copy-up.  This is redundant
24 	 * since it will be rechecked later by ->setattr() on upper dentry.  But
25 	 * without this, copy-up can be triggered by just about anybody.
26 	 *
27 	 * We don't initialize inode->size, which just means that
28 	 * inode_newsize_ok() will always check against MAX_LFS_FILESIZE and not
29 	 * check for a swapfile (which this won't be anyway).
30 	 */
31 	err = setattr_prepare(dentry, attr);
32 	if (err)
33 		return err;
34 
35 	err = ovl_want_write(dentry);
36 	if (err)
37 		goto out;
38 
39 	err = ovl_copy_up(dentry);
40 	if (!err) {
41 		upperdentry = ovl_dentry_upper(dentry);
42 
43 		if (attr->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID))
44 			attr->ia_valid &= ~ATTR_MODE;
45 
46 		inode_lock(upperdentry->d_inode);
47 		old_cred = ovl_override_creds(dentry->d_sb);
48 		err = notify_change(upperdentry, attr, NULL);
49 		revert_creds(old_cred);
50 		if (!err)
51 			ovl_copyattr(upperdentry->d_inode, dentry->d_inode);
52 		inode_unlock(upperdentry->d_inode);
53 	}
54 	ovl_drop_write(dentry);
55 out:
56 	return err;
57 }
58 
59 static int ovl_getattr(struct vfsmount *mnt, struct dentry *dentry,
60 			 struct kstat *stat)
61 {
62 	struct path realpath;
63 	const struct cred *old_cred;
64 	int err;
65 
66 	ovl_path_real(dentry, &realpath);
67 	old_cred = ovl_override_creds(dentry->d_sb);
68 	err = vfs_getattr(&realpath, stat);
69 	revert_creds(old_cred);
70 	return err;
71 }
72 
73 int ovl_permission(struct inode *inode, int mask)
74 {
75 	bool is_upper;
76 	struct inode *realinode = ovl_inode_real(inode, &is_upper);
77 	const struct cred *old_cred;
78 	int err;
79 
80 	/* Careful in RCU walk mode */
81 	if (!realinode) {
82 		WARN_ON(!(mask & MAY_NOT_BLOCK));
83 		return -ECHILD;
84 	}
85 
86 	/*
87 	 * Check overlay inode with the creds of task and underlying inode
88 	 * with creds of mounter
89 	 */
90 	err = generic_permission(inode, mask);
91 	if (err)
92 		return err;
93 
94 	old_cred = ovl_override_creds(inode->i_sb);
95 	if (!is_upper && !special_file(realinode->i_mode) && mask & MAY_WRITE) {
96 		mask &= ~(MAY_WRITE | MAY_APPEND);
97 		/* Make sure mounter can read file for copy up later */
98 		mask |= MAY_READ;
99 	}
100 	err = inode_permission(realinode, mask);
101 	revert_creds(old_cred);
102 
103 	return err;
104 }
105 
106 static const char *ovl_get_link(struct dentry *dentry,
107 				struct inode *inode,
108 				struct delayed_call *done)
109 {
110 	const struct cred *old_cred;
111 	const char *p;
112 
113 	if (!dentry)
114 		return ERR_PTR(-ECHILD);
115 
116 	old_cred = ovl_override_creds(dentry->d_sb);
117 	p = vfs_get_link(ovl_dentry_real(dentry), done);
118 	revert_creds(old_cred);
119 	return p;
120 }
121 
122 bool ovl_is_private_xattr(const char *name)
123 {
124 	return strncmp(name, OVL_XATTR_PREFIX,
125 		       sizeof(OVL_XATTR_PREFIX) - 1) == 0;
126 }
127 
128 int ovl_xattr_set(struct dentry *dentry, const char *name, const void *value,
129 		  size_t size, int flags)
130 {
131 	int err;
132 	struct path realpath;
133 	enum ovl_path_type type = ovl_path_real(dentry, &realpath);
134 	const struct cred *old_cred;
135 
136 	err = ovl_want_write(dentry);
137 	if (err)
138 		goto out;
139 
140 	if (!value && !OVL_TYPE_UPPER(type)) {
141 		err = vfs_getxattr(realpath.dentry, name, NULL, 0);
142 		if (err < 0)
143 			goto out_drop_write;
144 	}
145 
146 	err = ovl_copy_up(dentry);
147 	if (err)
148 		goto out_drop_write;
149 
150 	if (!OVL_TYPE_UPPER(type))
151 		ovl_path_upper(dentry, &realpath);
152 
153 	old_cred = ovl_override_creds(dentry->d_sb);
154 	if (value)
155 		err = vfs_setxattr(realpath.dentry, name, value, size, flags);
156 	else {
157 		WARN_ON(flags != XATTR_REPLACE);
158 		err = vfs_removexattr(realpath.dentry, name);
159 	}
160 	revert_creds(old_cred);
161 
162 out_drop_write:
163 	ovl_drop_write(dentry);
164 out:
165 	return err;
166 }
167 
168 int ovl_xattr_get(struct dentry *dentry, const char *name,
169 		  void *value, size_t size)
170 {
171 	struct dentry *realdentry = ovl_dentry_real(dentry);
172 	ssize_t res;
173 	const struct cred *old_cred;
174 
175 	old_cred = ovl_override_creds(dentry->d_sb);
176 	res = vfs_getxattr(realdentry, name, value, size);
177 	revert_creds(old_cred);
178 	return res;
179 }
180 
181 ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
182 {
183 	struct dentry *realdentry = ovl_dentry_real(dentry);
184 	ssize_t res;
185 	size_t len;
186 	char *s;
187 	const struct cred *old_cred;
188 
189 	old_cred = ovl_override_creds(dentry->d_sb);
190 	res = vfs_listxattr(realdentry, list, size);
191 	revert_creds(old_cred);
192 	if (res <= 0 || size == 0)
193 		return res;
194 
195 	/* filter out private xattrs */
196 	for (s = list, len = res; len;) {
197 		size_t slen = strnlen(s, len) + 1;
198 
199 		/* underlying fs providing us with an broken xattr list? */
200 		if (WARN_ON(slen > len))
201 			return -EIO;
202 
203 		len -= slen;
204 		if (ovl_is_private_xattr(s)) {
205 			res -= slen;
206 			memmove(s, s + slen, len);
207 		} else {
208 			s += slen;
209 		}
210 	}
211 
212 	return res;
213 }
214 
215 struct posix_acl *ovl_get_acl(struct inode *inode, int type)
216 {
217 	struct inode *realinode = ovl_inode_real(inode, NULL);
218 	const struct cred *old_cred;
219 	struct posix_acl *acl;
220 
221 	if (!IS_ENABLED(CONFIG_FS_POSIX_ACL) || !IS_POSIXACL(realinode))
222 		return NULL;
223 
224 	old_cred = ovl_override_creds(inode->i_sb);
225 	acl = get_acl(realinode, type);
226 	revert_creds(old_cred);
227 
228 	return acl;
229 }
230 
231 static bool ovl_open_need_copy_up(int flags, enum ovl_path_type type,
232 				  struct dentry *realdentry)
233 {
234 	if (OVL_TYPE_UPPER(type))
235 		return false;
236 
237 	if (special_file(realdentry->d_inode->i_mode))
238 		return false;
239 
240 	if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC))
241 		return false;
242 
243 	return true;
244 }
245 
246 int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags)
247 {
248 	int err = 0;
249 	struct path realpath;
250 	enum ovl_path_type type;
251 
252 	type = ovl_path_real(dentry, &realpath);
253 	if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) {
254 		err = ovl_want_write(dentry);
255 		if (!err) {
256 			err = ovl_copy_up_flags(dentry, file_flags);
257 			ovl_drop_write(dentry);
258 		}
259 	}
260 
261 	return err;
262 }
263 
264 int ovl_update_time(struct inode *inode, struct timespec *ts, int flags)
265 {
266 	struct dentry *alias;
267 	struct path upperpath;
268 
269 	if (!(flags & S_ATIME))
270 		return 0;
271 
272 	alias = d_find_any_alias(inode);
273 	if (!alias)
274 		return 0;
275 
276 	ovl_path_upper(alias, &upperpath);
277 	if (upperpath.dentry) {
278 		touch_atime(&upperpath);
279 		inode->i_atime = d_inode(upperpath.dentry)->i_atime;
280 	}
281 
282 	dput(alias);
283 
284 	return 0;
285 }
286 
287 static const struct inode_operations ovl_file_inode_operations = {
288 	.setattr	= ovl_setattr,
289 	.permission	= ovl_permission,
290 	.getattr	= ovl_getattr,
291 	.listxattr	= ovl_listxattr,
292 	.get_acl	= ovl_get_acl,
293 	.update_time	= ovl_update_time,
294 };
295 
296 static const struct inode_operations ovl_symlink_inode_operations = {
297 	.setattr	= ovl_setattr,
298 	.get_link	= ovl_get_link,
299 	.getattr	= ovl_getattr,
300 	.listxattr	= ovl_listxattr,
301 	.update_time	= ovl_update_time,
302 };
303 
304 static void ovl_fill_inode(struct inode *inode, umode_t mode, dev_t rdev)
305 {
306 	inode->i_ino = get_next_ino();
307 	inode->i_mode = mode;
308 	inode->i_flags |= S_NOCMTIME;
309 #ifdef CONFIG_FS_POSIX_ACL
310 	inode->i_acl = inode->i_default_acl = ACL_DONT_CACHE;
311 #endif
312 
313 	switch (mode & S_IFMT) {
314 	case S_IFREG:
315 		inode->i_op = &ovl_file_inode_operations;
316 		break;
317 
318 	case S_IFDIR:
319 		inode->i_op = &ovl_dir_inode_operations;
320 		inode->i_fop = &ovl_dir_operations;
321 		break;
322 
323 	case S_IFLNK:
324 		inode->i_op = &ovl_symlink_inode_operations;
325 		break;
326 
327 	default:
328 		inode->i_op = &ovl_file_inode_operations;
329 		init_special_inode(inode, mode, rdev);
330 		break;
331 	}
332 }
333 
334 struct inode *ovl_new_inode(struct super_block *sb, umode_t mode, dev_t rdev)
335 {
336 	struct inode *inode;
337 
338 	inode = new_inode(sb);
339 	if (inode)
340 		ovl_fill_inode(inode, mode, rdev);
341 
342 	return inode;
343 }
344 
345 static int ovl_inode_test(struct inode *inode, void *data)
346 {
347 	return ovl_inode_real(inode, NULL) == data;
348 }
349 
350 static int ovl_inode_set(struct inode *inode, void *data)
351 {
352 	inode->i_private = (void *) (((unsigned long) data) | OVL_ISUPPER_MASK);
353 	return 0;
354 }
355 
356 struct inode *ovl_get_inode(struct super_block *sb, struct inode *realinode)
357 
358 {
359 	struct inode *inode;
360 
361 	inode = iget5_locked(sb, (unsigned long) realinode,
362 			     ovl_inode_test, ovl_inode_set, realinode);
363 	if (inode && inode->i_state & I_NEW) {
364 		ovl_fill_inode(inode, realinode->i_mode, realinode->i_rdev);
365 		set_nlink(inode, realinode->i_nlink);
366 		unlock_new_inode(inode);
367 	}
368 
369 	return inode;
370 }
371