3
* Copyright (C) 2011 Novell Inc.
5
* This program is free software; you can redistribute it and/or modify it
6
* under the terms of the GNU General Public License version 2 as published by
7
* the Free Software Foundation.
11
#include <linux/slab.h>
12
#include <linux/xattr.h>
13
#include <linux/device_cgroup.h>
14
#include <linux/security.h>
15
#include "overlayfs.h"
17
int ovl_setattr(struct dentry *dentry, struct iattr *attr)
19
struct dentry *upperdentry;
22
if ((attr->ia_valid & ATTR_SIZE) && !ovl_dentry_upper(dentry))
23
err = ovl_copy_up_truncate(dentry, attr->ia_size);
25
err = ovl_copy_up(dentry);
29
upperdentry = ovl_dentry_upper(dentry);
31
if (attr->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID))
32
attr->ia_valid &= ~ATTR_MODE;
34
mutex_lock(&upperdentry->d_inode->i_mutex);
35
err = notify_change(upperdentry, attr);
36
mutex_unlock(&upperdentry->d_inode->i_mutex);
41
static int ovl_getattr(struct vfsmount *mnt, struct dentry *dentry,
46
ovl_path_real(dentry, &realpath);
47
return vfs_getattr(realpath.mnt, realpath.dentry, stat);
50
int ovl_permission(struct inode *inode, int mask)
53
struct dentry *alias = NULL;
54
struct inode *realinode;
55
struct dentry *realdentry;
59
if (S_ISDIR(inode->i_mode)) {
60
oe = inode->i_private;
61
} else if (mask & MAY_NOT_BLOCK) {
65
* For non-directories find an alias and get the info
68
spin_lock(&inode->i_lock);
69
if (WARN_ON(list_empty(&inode->i_dentry))) {
70
spin_unlock(&inode->i_lock);
73
alias = list_entry(inode->i_dentry.next,
74
struct dentry, d_alias);
76
spin_unlock(&inode->i_lock);
80
realdentry = ovl_entry_real(oe, &is_upper);
82
/* Careful in RCU walk mode */
83
realinode = ACCESS_ONCE(realdentry->d_inode);
85
WARN_ON(!(mask & MAY_NOT_BLOCK));
90
if (mask & MAY_WRITE) {
91
umode_t mode = realinode->i_mode;
94
* Writes will always be redirected to upper layer, so
95
* ignore lower layer being read-only.
97
* If the overlay itself is read-only then proceed
98
* with the permission check, don't return EROFS.
99
* This will only happen if this is the lower layer of
102
* If upper fs becomes read-only after the overlay was
103
* constructed return EROFS to prevent modification of
107
if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) &&
108
(S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
112
* Nobody gets write access to an immutable file.
115
if (IS_IMMUTABLE(realinode))
119
if (realinode->i_op->permission)
120
err = realinode->i_op->permission(realinode, mask);
122
err = generic_permission(realinode, mask);
125
err = devcgroup_inode_permission(realinode, mask);
127
err = security_inode_permission(realinode, mask);
134
struct ovl_link_data {
135
struct dentry *realdentry;
139
static void *ovl_follow_link(struct dentry *dentry, struct nameidata *nd)
142
struct dentry *realdentry;
143
struct inode *realinode;
145
realdentry = ovl_dentry_real(dentry);
146
realinode = realdentry->d_inode;
148
if (WARN_ON(!realinode->i_op->follow_link))
149
return ERR_PTR(-EPERM);
151
ret = realinode->i_op->follow_link(realdentry, nd);
155
if (realinode->i_op->put_link) {
156
struct ovl_link_data *data;
158
data = kmalloc(sizeof(struct ovl_link_data), GFP_KERNEL);
160
realinode->i_op->put_link(realdentry, nd, ret);
161
return ERR_PTR(-ENOMEM);
163
data->realdentry = realdentry;
172
static void ovl_put_link(struct dentry *dentry, struct nameidata *nd, void *c)
174
struct inode *realinode;
175
struct ovl_link_data *data = c;
180
realinode = data->realdentry->d_inode;
181
realinode->i_op->put_link(data->realdentry, nd, data->cookie);
185
static int ovl_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
187
struct path realpath;
188
struct inode *realinode;
190
ovl_path_real(dentry, &realpath);
191
realinode = realpath.dentry->d_inode;
193
if (!realinode->i_op->readlink)
196
touch_atime(realpath.mnt, realpath.dentry);
198
return realinode->i_op->readlink(realpath.dentry, buf, bufsiz);
202
static bool ovl_is_private_xattr(const char *name)
204
return strncmp(name, "trusted.overlay.", 14) == 0;
207
int ovl_setxattr(struct dentry *dentry, const char *name,
208
const void *value, size_t size, int flags)
211
struct dentry *upperdentry;
213
if (ovl_is_private_xattr(name))
216
err = ovl_copy_up(dentry);
220
upperdentry = ovl_dentry_upper(dentry);
221
return vfs_setxattr(upperdentry, name, value, size, flags);
224
ssize_t ovl_getxattr(struct dentry *dentry, const char *name,
225
void *value, size_t size)
227
if (ovl_path_type(dentry->d_parent) == OVL_PATH_MERGE &&
228
ovl_is_private_xattr(name))
231
return vfs_getxattr(ovl_dentry_real(dentry), name, value, size);
234
ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
239
res = vfs_listxattr(ovl_dentry_real(dentry), list, size);
240
if (res <= 0 || size == 0)
243
if (ovl_path_type(dentry->d_parent) != OVL_PATH_MERGE)
246
/* filter out private xattrs */
247
for (off = 0; off < res;) {
248
char *s = list + off;
249
size_t slen = strlen(s) + 1;
251
BUG_ON(off + slen > res);
253
if (ovl_is_private_xattr(s)) {
255
memmove(s, s + slen, res - off);
264
int ovl_removexattr(struct dentry *dentry, const char *name)
267
struct path realpath;
268
enum ovl_path_type type;
270
if (ovl_path_type(dentry->d_parent) == OVL_PATH_MERGE &&
271
ovl_is_private_xattr(name))
274
type = ovl_path_real(dentry, &realpath);
275
if (type == OVL_PATH_LOWER) {
276
err = vfs_getxattr(realpath.dentry, name, NULL, 0);
280
err = ovl_copy_up(dentry);
284
ovl_path_upper(dentry, &realpath);
287
return vfs_removexattr(realpath.dentry, name);
290
static bool ovl_open_need_copy_up(int flags, enum ovl_path_type type,
291
struct dentry *realdentry)
293
if (type != OVL_PATH_LOWER)
296
if (special_file(realdentry->d_inode->i_mode))
299
if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC))
305
static struct file *ovl_open(struct dentry *dentry, struct file *file,
306
const struct cred *cred)
309
struct path realpath;
310
enum ovl_path_type type;
312
type = ovl_path_real(dentry, &realpath);
313
if (ovl_open_need_copy_up(file->f_flags, type, realpath.dentry)) {
314
if (file->f_flags & O_TRUNC)
315
err = ovl_copy_up_truncate(dentry, 0);
317
err = ovl_copy_up(dentry);
321
ovl_path_upper(dentry, &realpath);
324
return vfs_open(&realpath, file, cred);
327
static const struct inode_operations ovl_file_inode_operations = {
328
.setattr = ovl_setattr,
329
.permission = ovl_permission,
330
.getattr = ovl_getattr,
331
.setxattr = ovl_setxattr,
332
.getxattr = ovl_getxattr,
333
.listxattr = ovl_listxattr,
334
.removexattr = ovl_removexattr,
338
static const struct inode_operations ovl_symlink_inode_operations = {
339
.setattr = ovl_setattr,
340
.follow_link = ovl_follow_link,
341
.put_link = ovl_put_link,
342
.readlink = ovl_readlink,
343
.getattr = ovl_getattr,
344
.setxattr = ovl_setxattr,
345
.getxattr = ovl_getxattr,
346
.listxattr = ovl_listxattr,
347
.removexattr = ovl_removexattr,
350
struct inode *ovl_new_inode(struct super_block *sb, umode_t mode,
351
struct ovl_entry *oe)
355
inode = new_inode(sb);
361
inode->i_ino = get_next_ino();
362
inode->i_mode = mode;
363
inode->i_flags |= S_NOATIME | S_NOCMTIME;
367
inode->i_private = oe;
368
inode->i_op = &ovl_dir_inode_operations;
369
inode->i_fop = &ovl_dir_operations;
373
inode->i_op = &ovl_symlink_inode_operations;
381
inode->i_op = &ovl_file_inode_operations;
385
WARN(1, "illegal file type: %i\n", mode);