3 * Copyright (C) 2011 Novell Inc.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
11 #include <linux/namei.h>
12 #include <linux/xattr.h>
13 #include <linux/security.h>
14 #include <linux/cred.h>
15 #include <linux/posix_acl.h>
16 #include <linux/posix_acl_xattr.h>
17 #include <linux/atomic.h>
18 #include "overlayfs.h"
20 void ovl_cleanup(struct inode *wdir, struct dentry *wdentry)
25 if (d_is_dir(wdentry))
26 err = ovl_do_rmdir(wdir, wdentry);
28 err = ovl_do_unlink(wdir, wdentry);
32 pr_err("overlayfs: cleanup of '%pd2' failed (%i)\n",
37 struct dentry *ovl_lookup_temp(struct dentry *workdir, struct dentry *dentry)
41 static atomic_t temp_id = ATOMIC_INIT(0);
43 /* counter is allowed to wrap, since temp dentries are ephemeral */
44 snprintf(name, sizeof(name), "#%x", atomic_inc_return(&temp_id));
46 temp = lookup_one_len(name, workdir, strlen(name));
47 if (!IS_ERR(temp) && temp->d_inode) {
48 pr_err("overlayfs: workdir/%s already exists\n", name);
56 /* caller holds i_mutex on workdir */
57 static struct dentry *ovl_whiteout(struct dentry *workdir,
58 struct dentry *dentry)
61 struct dentry *whiteout;
62 struct inode *wdir = workdir->d_inode;
64 whiteout = ovl_lookup_temp(workdir, dentry);
68 err = ovl_do_whiteout(wdir, whiteout);
71 whiteout = ERR_PTR(err);
77 int ovl_create_real(struct inode *dir, struct dentry *newdentry,
78 struct kstat *stat, const char *link,
79 struct dentry *hardlink, bool debug)
83 if (newdentry->d_inode)
87 err = ovl_do_link(hardlink, dir, newdentry, debug);
89 switch (stat->mode & S_IFMT) {
91 err = ovl_do_create(dir, newdentry, stat->mode, debug);
95 err = ovl_do_mkdir(dir, newdentry, stat->mode, debug);
102 err = ovl_do_mknod(dir, newdentry,
103 stat->mode, stat->rdev, debug);
107 err = ovl_do_symlink(dir, newdentry, link, debug);
114 if (!err && WARN_ON(!newdentry->d_inode)) {
116 * Not quite sure if non-instantiated dentry is legal or not.
117 * VFS doesn't seem to care so check and warn here.
124 static int ovl_set_opaque(struct dentry *upperdentry)
126 return ovl_do_setxattr(upperdentry, OVL_XATTR_OPAQUE, "y", 1, 0);
129 static void ovl_remove_opaque(struct dentry *upperdentry)
133 err = ovl_do_removexattr(upperdentry, OVL_XATTR_OPAQUE);
135 pr_warn("overlayfs: failed to remove opaque from '%s' (%i)\n",
136 upperdentry->d_name.name, err);
140 static int ovl_dir_getattr(struct vfsmount *mnt, struct dentry *dentry,
144 enum ovl_path_type type;
145 struct path realpath;
146 const struct cred *old_cred;
148 type = ovl_path_real(dentry, &realpath);
149 old_cred = ovl_override_creds(dentry->d_sb);
150 err = vfs_getattr(&realpath, stat);
151 revert_creds(old_cred);
155 stat->dev = dentry->d_sb->s_dev;
156 stat->ino = dentry->d_inode->i_ino;
159 * It's probably not worth it to count subdirs to get the
160 * correct link count. nlink=1 seems to pacify 'find' and
163 if (OVL_TYPE_MERGE(type))
169 /* Common operations required to be done after creation of file on upper */
170 static void ovl_instantiate(struct dentry *dentry, struct inode *inode,
171 struct dentry *newdentry, bool hardlink)
173 ovl_dentry_version_inc(dentry->d_parent);
174 ovl_dentry_update(dentry, newdentry);
176 ovl_inode_update(inode, d_inode(newdentry));
177 ovl_copyattr(newdentry->d_inode, inode);
179 WARN_ON(ovl_inode_real(inode, NULL) != d_inode(newdentry));
182 d_instantiate(dentry, inode);
183 /* Force lookup of new upper hardlink to find its lower */
188 static int ovl_create_upper(struct dentry *dentry, struct inode *inode,
189 struct kstat *stat, const char *link,
190 struct dentry *hardlink)
192 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
193 struct inode *udir = upperdir->d_inode;
194 struct dentry *newdentry;
197 if (!hardlink && !IS_POSIXACL(udir))
198 stat->mode &= ~current_umask();
200 inode_lock_nested(udir, I_MUTEX_PARENT);
201 newdentry = lookup_one_len(dentry->d_name.name, upperdir,
203 err = PTR_ERR(newdentry);
204 if (IS_ERR(newdentry))
206 err = ovl_create_real(udir, newdentry, stat, link, hardlink, false);
210 ovl_instantiate(dentry, inode, newdentry, !!hardlink);
219 static int ovl_lock_rename_workdir(struct dentry *workdir,
220 struct dentry *upperdir)
222 /* Workdir should not be the same as upperdir */
223 if (workdir == upperdir)
226 /* Workdir should not be subdir of upperdir and vice versa */
227 if (lock_rename(workdir, upperdir) != NULL)
233 unlock_rename(workdir, upperdir);
235 pr_err("overlayfs: failed to lock workdir+upperdir\n");
239 static struct dentry *ovl_clear_empty(struct dentry *dentry,
240 struct list_head *list)
242 struct dentry *workdir = ovl_workdir(dentry);
243 struct inode *wdir = workdir->d_inode;
244 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
245 struct inode *udir = upperdir->d_inode;
246 struct path upperpath;
247 struct dentry *upper;
248 struct dentry *opaquedir;
252 if (WARN_ON(!workdir))
253 return ERR_PTR(-EROFS);
255 err = ovl_lock_rename_workdir(workdir, upperdir);
259 ovl_path_upper(dentry, &upperpath);
260 err = vfs_getattr(&upperpath, &stat);
265 if (!S_ISDIR(stat.mode))
267 upper = upperpath.dentry;
268 if (upper->d_parent->d_inode != udir)
271 opaquedir = ovl_lookup_temp(workdir, dentry);
272 err = PTR_ERR(opaquedir);
273 if (IS_ERR(opaquedir))
276 err = ovl_create_real(wdir, opaquedir, &stat, NULL, NULL, true);
280 err = ovl_copy_xattr(upper, opaquedir);
284 err = ovl_set_opaque(opaquedir);
288 inode_lock(opaquedir->d_inode);
289 err = ovl_set_attr(opaquedir, &stat);
290 inode_unlock(opaquedir->d_inode);
294 err = ovl_do_rename(wdir, opaquedir, udir, upper, RENAME_EXCHANGE);
298 ovl_cleanup_whiteouts(upper, list);
299 ovl_cleanup(wdir, upper);
300 unlock_rename(workdir, upperdir);
302 /* dentry's upper doesn't match now, get rid of it */
308 ovl_cleanup(wdir, opaquedir);
312 unlock_rename(workdir, upperdir);
317 static struct dentry *ovl_check_empty_and_clear(struct dentry *dentry)
320 struct dentry *ret = NULL;
321 enum ovl_path_type type = ovl_path_type(dentry);
324 err = ovl_check_empty_dir(dentry, &list);
331 * When removing an empty opaque directory, then it makes no sense to
332 * replace it with an exact replica of itself.
334 * If no upperdentry then skip clearing whiteouts.
336 * Can race with copy-up, since we don't hold the upperdir mutex.
337 * Doesn't matter, since copy-up can't create a non-empty directory
340 if (OVL_TYPE_UPPER(type) && OVL_TYPE_MERGE(type))
341 ret = ovl_clear_empty(dentry, &list);
344 ovl_cache_free(&list);
349 static int ovl_set_upper_acl(struct dentry *upperdentry, const char *name,
350 const struct posix_acl *acl)
356 if (!IS_ENABLED(CONFIG_FS_POSIX_ACL) || !acl)
359 size = posix_acl_to_xattr(NULL, acl, NULL, 0);
360 buffer = kmalloc(size, GFP_KERNEL);
364 size = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
369 err = vfs_setxattr(upperdentry, name, buffer, size, XATTR_CREATE);
375 static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode,
376 struct kstat *stat, const char *link,
377 struct dentry *hardlink)
379 struct dentry *workdir = ovl_workdir(dentry);
380 struct inode *wdir = workdir->d_inode;
381 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
382 struct inode *udir = upperdir->d_inode;
383 struct dentry *upper;
384 struct dentry *newdentry;
386 struct posix_acl *acl, *default_acl;
388 if (WARN_ON(!workdir))
392 err = posix_acl_create(dentry->d_parent->d_inode,
393 &stat->mode, &default_acl, &acl);
398 err = ovl_lock_rename_workdir(workdir, upperdir);
402 newdentry = ovl_lookup_temp(workdir, dentry);
403 err = PTR_ERR(newdentry);
404 if (IS_ERR(newdentry))
407 upper = lookup_one_len(dentry->d_name.name, upperdir,
409 err = PTR_ERR(upper);
413 err = ovl_create_real(wdir, newdentry, stat, link, hardlink, true);
418 * mode could have been mutilated due to umask (e.g. sgid directory)
421 !S_ISLNK(stat->mode) && newdentry->d_inode->i_mode != stat->mode) {
422 struct iattr attr = {
423 .ia_valid = ATTR_MODE,
424 .ia_mode = stat->mode,
426 inode_lock(newdentry->d_inode);
427 err = notify_change(newdentry, &attr, NULL);
428 inode_unlock(newdentry->d_inode);
433 err = ovl_set_upper_acl(newdentry, XATTR_NAME_POSIX_ACL_ACCESS,
438 err = ovl_set_upper_acl(newdentry, XATTR_NAME_POSIX_ACL_DEFAULT,
444 if (!hardlink && S_ISDIR(stat->mode)) {
445 err = ovl_set_opaque(newdentry);
449 err = ovl_do_rename(wdir, newdentry, udir, upper,
454 ovl_cleanup(wdir, upper);
456 err = ovl_do_rename(wdir, newdentry, udir, upper, 0);
460 ovl_instantiate(dentry, inode, newdentry, !!hardlink);
467 unlock_rename(workdir, upperdir);
470 posix_acl_release(acl);
471 posix_acl_release(default_acl);
476 ovl_cleanup(wdir, newdentry);
480 static int ovl_create_or_link(struct dentry *dentry, struct inode *inode,
481 struct kstat *stat, const char *link,
482 struct dentry *hardlink)
485 const struct cred *old_cred;
486 struct cred *override_cred;
488 err = ovl_copy_up(dentry->d_parent);
492 old_cred = ovl_override_creds(dentry->d_sb);
494 override_cred = prepare_creds();
496 override_cred->fsuid = inode->i_uid;
497 override_cred->fsgid = inode->i_gid;
499 err = security_dentry_create_files_as(dentry,
500 stat->mode, &dentry->d_name, old_cred,
503 put_cred(override_cred);
504 goto out_revert_creds;
507 put_cred(override_creds(override_cred));
508 put_cred(override_cred);
510 if (!ovl_dentry_is_opaque(dentry))
511 err = ovl_create_upper(dentry, inode, stat, link,
514 err = ovl_create_over_whiteout(dentry, inode, stat,
518 revert_creds(old_cred);
520 struct inode *realinode = d_inode(ovl_dentry_upper(dentry));
522 WARN_ON(inode->i_mode != realinode->i_mode);
523 WARN_ON(!uid_eq(inode->i_uid, realinode->i_uid));
524 WARN_ON(!gid_eq(inode->i_gid, realinode->i_gid));
529 static int ovl_create_object(struct dentry *dentry, int mode, dev_t rdev,
534 struct kstat stat = {
538 err = ovl_want_write(dentry);
543 inode = ovl_new_inode(dentry->d_sb, mode);
547 inode_init_owner(inode, dentry->d_parent->d_inode, mode);
548 stat.mode = inode->i_mode;
550 err = ovl_create_or_link(dentry, inode, &stat, link, NULL);
555 ovl_drop_write(dentry);
560 static int ovl_create(struct inode *dir, struct dentry *dentry, umode_t mode,
563 return ovl_create_object(dentry, (mode & 07777) | S_IFREG, 0, NULL);
566 static int ovl_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
568 return ovl_create_object(dentry, (mode & 07777) | S_IFDIR, 0, NULL);
571 static int ovl_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
574 /* Don't allow creation of "whiteout" on overlay */
575 if (S_ISCHR(mode) && rdev == WHITEOUT_DEV)
578 return ovl_create_object(dentry, mode, rdev, NULL);
581 static int ovl_symlink(struct inode *dir, struct dentry *dentry,
584 return ovl_create_object(dentry, S_IFLNK, 0, link);
587 static int ovl_link(struct dentry *old, struct inode *newdir,
593 err = ovl_want_write(old);
597 err = ovl_copy_up(old);
601 inode = d_inode(old);
604 err = ovl_create_or_link(new, inode, NULL, NULL, ovl_dentry_upper(old));
614 static int ovl_remove_and_whiteout(struct dentry *dentry, bool is_dir)
616 struct dentry *workdir = ovl_workdir(dentry);
617 struct inode *wdir = workdir->d_inode;
618 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
619 struct inode *udir = upperdir->d_inode;
620 struct dentry *whiteout;
621 struct dentry *upper;
622 struct dentry *opaquedir = NULL;
626 if (WARN_ON(!workdir))
630 opaquedir = ovl_check_empty_and_clear(dentry);
631 err = PTR_ERR(opaquedir);
632 if (IS_ERR(opaquedir))
636 err = ovl_lock_rename_workdir(workdir, upperdir);
640 upper = lookup_one_len(dentry->d_name.name, upperdir,
642 err = PTR_ERR(upper);
647 if ((opaquedir && upper != opaquedir) ||
648 (!opaquedir && ovl_dentry_upper(dentry) &&
649 upper != ovl_dentry_upper(dentry))) {
653 whiteout = ovl_whiteout(workdir, dentry);
654 err = PTR_ERR(whiteout);
655 if (IS_ERR(whiteout))
659 flags = RENAME_EXCHANGE;
661 err = ovl_do_rename(wdir, whiteout, udir, upper, flags);
665 ovl_cleanup(wdir, upper);
667 ovl_dentry_version_inc(dentry->d_parent);
674 unlock_rename(workdir, upperdir);
681 ovl_cleanup(wdir, whiteout);
685 static int ovl_remove_upper(struct dentry *dentry, bool is_dir)
687 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
688 struct inode *dir = upperdir->d_inode;
689 struct dentry *upper;
692 inode_lock_nested(dir, I_MUTEX_PARENT);
693 upper = lookup_one_len(dentry->d_name.name, upperdir,
695 err = PTR_ERR(upper);
700 if (upper == ovl_dentry_upper(dentry)) {
702 err = vfs_rmdir(dir, upper);
704 err = vfs_unlink(dir, upper, NULL);
705 ovl_dentry_version_inc(dentry->d_parent);
710 * Keeping this dentry hashed would mean having to release
711 * upperpath/lowerpath, which could only be done if we are the
712 * sole user of this dentry. Too tricky... Just unhash for
723 static inline int ovl_check_sticky(struct dentry *dentry)
725 struct inode *dir = ovl_dentry_real(dentry->d_parent)->d_inode;
726 struct inode *inode = ovl_dentry_real(dentry)->d_inode;
728 if (check_sticky(dir, inode))
734 static int ovl_do_remove(struct dentry *dentry, bool is_dir)
736 enum ovl_path_type type;
738 const struct cred *old_cred;
741 err = ovl_check_sticky(dentry);
745 err = ovl_want_write(dentry);
749 err = ovl_copy_up(dentry->d_parent);
753 type = ovl_path_type(dentry);
755 old_cred = ovl_override_creds(dentry->d_sb);
756 if (OVL_TYPE_PURE_UPPER(type))
757 err = ovl_remove_upper(dentry, is_dir);
759 err = ovl_remove_and_whiteout(dentry, is_dir);
760 revert_creds(old_cred);
763 clear_nlink(dentry->d_inode);
765 drop_nlink(dentry->d_inode);
768 ovl_drop_write(dentry);
773 static int ovl_unlink(struct inode *dir, struct dentry *dentry)
775 return ovl_do_remove(dentry, false);
778 static int ovl_rmdir(struct inode *dir, struct dentry *dentry)
780 return ovl_do_remove(dentry, true);
783 static int ovl_rename2(struct inode *olddir, struct dentry *old,
784 struct inode *newdir, struct dentry *new,
788 enum ovl_path_type old_type;
789 enum ovl_path_type new_type;
790 struct dentry *old_upperdir;
791 struct dentry *new_upperdir;
792 struct dentry *olddentry;
793 struct dentry *newdentry;
797 bool cleanup_whiteout = false;
798 bool overwrite = !(flags & RENAME_EXCHANGE);
799 bool is_dir = d_is_dir(old);
800 bool new_is_dir = false;
801 struct dentry *opaquedir = NULL;
802 const struct cred *old_cred = NULL;
805 if (flags & ~(RENAME_EXCHANGE | RENAME_NOREPLACE))
808 flags &= ~RENAME_NOREPLACE;
810 err = ovl_check_sticky(old);
814 /* Don't copy up directory trees */
815 old_type = ovl_path_type(old);
817 if (OVL_TYPE_MERGE_OR_LOWER(old_type) && is_dir)
821 err = ovl_check_sticky(new);
828 new_type = ovl_path_type(new);
830 if (!overwrite && OVL_TYPE_MERGE_OR_LOWER(new_type) && new_is_dir)
834 if (!OVL_TYPE_UPPER(new_type) && !OVL_TYPE_UPPER(old_type)) {
835 if (ovl_dentry_lower(old)->d_inode ==
836 ovl_dentry_lower(new)->d_inode)
839 if (OVL_TYPE_UPPER(new_type) && OVL_TYPE_UPPER(old_type)) {
840 if (ovl_dentry_upper(old)->d_inode ==
841 ovl_dentry_upper(new)->d_inode)
845 if (ovl_dentry_is_opaque(new))
846 new_type = __OVL_PATH_UPPER;
848 new_type = __OVL_PATH_UPPER | __OVL_PATH_PURE;
851 err = ovl_want_write(old);
855 err = ovl_copy_up(old);
859 err = ovl_copy_up(new->d_parent);
863 err = ovl_copy_up(new);
868 old_opaque = !OVL_TYPE_PURE_UPPER(old_type);
869 new_opaque = !OVL_TYPE_PURE_UPPER(new_type);
871 old_cred = ovl_override_creds(old->d_sb);
873 if (overwrite && OVL_TYPE_MERGE_OR_LOWER(new_type) && new_is_dir) {
874 opaquedir = ovl_check_empty_and_clear(new);
875 err = PTR_ERR(opaquedir);
876 if (IS_ERR(opaquedir)) {
878 goto out_revert_creds;
884 if (new->d_inode || !new_opaque) {
885 /* Whiteout source */
886 flags |= RENAME_WHITEOUT;
888 /* Switch whiteouts */
889 flags |= RENAME_EXCHANGE;
891 } else if (is_dir && !new->d_inode && new_opaque) {
892 flags |= RENAME_EXCHANGE;
893 cleanup_whiteout = true;
897 old_upperdir = ovl_dentry_upper(old->d_parent);
898 new_upperdir = ovl_dentry_upper(new->d_parent);
900 trap = lock_rename(new_upperdir, old_upperdir);
903 olddentry = lookup_one_len(old->d_name.name, old_upperdir,
905 err = PTR_ERR(olddentry);
906 if (IS_ERR(olddentry))
910 if (olddentry != ovl_dentry_upper(old))
913 newdentry = lookup_one_len(new->d_name.name, new_upperdir,
915 err = PTR_ERR(newdentry);
916 if (IS_ERR(newdentry))
920 if (ovl_dentry_upper(new)) {
922 if (newdentry != opaquedir)
925 if (newdentry != ovl_dentry_upper(new))
929 if (!d_is_negative(newdentry)) {
930 if (!new_opaque || !ovl_is_whiteout(newdentry))
933 if (flags & RENAME_EXCHANGE)
938 if (olddentry == trap)
940 if (newdentry == trap)
943 if (is_dir && !old_opaque && new_opaque) {
944 err = ovl_set_opaque(olddentry);
948 if (!overwrite && new_is_dir && old_opaque && !new_opaque) {
949 err = ovl_set_opaque(newdentry);
954 if (old_opaque || new_opaque) {
955 err = ovl_do_rename(old_upperdir->d_inode, olddentry,
956 new_upperdir->d_inode, newdentry,
959 /* No debug for the plain case */
960 BUG_ON(flags & ~RENAME_EXCHANGE);
961 err = vfs_rename(old_upperdir->d_inode, olddentry,
962 new_upperdir->d_inode, newdentry,
967 if (is_dir && !old_opaque && new_opaque)
968 ovl_remove_opaque(olddentry);
969 if (!overwrite && new_is_dir && old_opaque && !new_opaque)
970 ovl_remove_opaque(newdentry);
974 if (is_dir && old_opaque && !new_opaque)
975 ovl_remove_opaque(olddentry);
976 if (!overwrite && new_is_dir && !old_opaque && new_opaque)
977 ovl_remove_opaque(newdentry);
980 * Old dentry now lives in different location. Dentries in
981 * lowerstack are stale. We cannot drop them here because
982 * access to them is lockless. This could be only pure upper
983 * or opaque directory - numlower is zero. Or upper non-dir
984 * entry - its pureness is tracked by flag opaque.
986 if (old_opaque != new_opaque) {
987 ovl_dentry_set_opaque(old, new_opaque);
989 ovl_dentry_set_opaque(new, old_opaque);
992 if (cleanup_whiteout)
993 ovl_cleanup(old_upperdir->d_inode, newdentry);
995 ovl_dentry_version_inc(old->d_parent);
996 ovl_dentry_version_inc(new->d_parent);
1003 unlock_rename(new_upperdir, old_upperdir);
1005 revert_creds(old_cred);
1007 ovl_drop_write(old);
1013 const struct inode_operations ovl_dir_inode_operations = {
1014 .lookup = ovl_lookup,
1016 .symlink = ovl_symlink,
1017 .unlink = ovl_unlink,
1019 .rename = ovl_rename2,
1021 .setattr = ovl_setattr,
1022 .create = ovl_create,
1024 .permission = ovl_permission,
1025 .getattr = ovl_dir_getattr,
1026 .listxattr = ovl_listxattr,
1027 .get_acl = ovl_get_acl,
1028 .update_time = ovl_update_time,