3 * Copyright (C) 2011 Novell Inc.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
11 #include <linux/namei.h>
12 #include <linux/xattr.h>
13 #include <linux/security.h>
14 #include <linux/cred.h>
15 #include "overlayfs.h"
17 void ovl_cleanup(struct inode *wdir, struct dentry *wdentry)
22 if (d_is_dir(wdentry))
23 err = ovl_do_rmdir(wdir, wdentry);
25 err = ovl_do_unlink(wdir, wdentry);
29 pr_err("overlayfs: cleanup of '%pd2' failed (%i)\n",
34 struct dentry *ovl_lookup_temp(struct dentry *workdir, struct dentry *dentry)
39 snprintf(name, sizeof(name), "#%lx", (unsigned long) dentry);
41 temp = lookup_one_len(name, workdir, strlen(name));
42 if (!IS_ERR(temp) && temp->d_inode) {
43 pr_err("overlayfs: workdir/%s already exists\n", name);
51 /* caller holds i_mutex on workdir */
52 static struct dentry *ovl_whiteout(struct dentry *workdir,
53 struct dentry *dentry)
56 struct dentry *whiteout;
57 struct inode *wdir = workdir->d_inode;
59 whiteout = ovl_lookup_temp(workdir, dentry);
63 err = ovl_do_whiteout(wdir, whiteout);
66 whiteout = ERR_PTR(err);
72 int ovl_create_real(struct inode *dir, struct dentry *newdentry,
73 struct kstat *stat, const char *link,
74 struct dentry *hardlink, bool debug)
78 if (newdentry->d_inode)
82 err = ovl_do_link(hardlink, dir, newdentry, debug);
84 switch (stat->mode & S_IFMT) {
86 err = ovl_do_create(dir, newdentry, stat->mode, debug);
90 err = ovl_do_mkdir(dir, newdentry, stat->mode, debug);
97 err = ovl_do_mknod(dir, newdentry,
98 stat->mode, stat->rdev, debug);
102 err = ovl_do_symlink(dir, newdentry, link, debug);
109 if (!err && WARN_ON(!newdentry->d_inode)) {
111 * Not quite sure if non-instantiated dentry is legal or not.
112 * VFS doesn't seem to care so check and warn here.
119 static int ovl_set_opaque(struct dentry *upperdentry)
121 return ovl_do_setxattr(upperdentry, OVL_XATTR_OPAQUE, "y", 1, 0);
124 static void ovl_remove_opaque(struct dentry *upperdentry)
128 err = ovl_do_removexattr(upperdentry, OVL_XATTR_OPAQUE);
130 pr_warn("overlayfs: failed to remove opaque from '%s' (%i)\n",
131 upperdentry->d_name.name, err);
135 static int ovl_dir_getattr(struct vfsmount *mnt, struct dentry *dentry,
139 enum ovl_path_type type;
140 struct path realpath;
142 type = ovl_path_real(dentry, &realpath);
143 err = vfs_getattr(&realpath, stat);
147 stat->dev = dentry->d_sb->s_dev;
148 stat->ino = dentry->d_inode->i_ino;
151 * It's probably not worth it to count subdirs to get the
152 * correct link count. nlink=1 seems to pacify 'find' and
155 if (OVL_TYPE_MERGE(type))
161 static int ovl_create_upper(struct dentry *dentry, struct inode *inode,
162 struct kstat *stat, const char *link,
163 struct dentry *hardlink)
165 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
166 struct inode *udir = upperdir->d_inode;
167 struct dentry *newdentry;
170 inode_lock_nested(udir, I_MUTEX_PARENT);
171 newdentry = lookup_one_len(dentry->d_name.name, upperdir,
173 err = PTR_ERR(newdentry);
174 if (IS_ERR(newdentry))
176 err = ovl_create_real(udir, newdentry, stat, link, hardlink, false);
180 ovl_dentry_version_inc(dentry->d_parent);
181 ovl_dentry_update(dentry, newdentry);
182 ovl_copyattr(newdentry->d_inode, inode);
183 d_instantiate(dentry, inode);
192 static int ovl_lock_rename_workdir(struct dentry *workdir,
193 struct dentry *upperdir)
195 /* Workdir should not be the same as upperdir */
196 if (workdir == upperdir)
199 /* Workdir should not be subdir of upperdir and vice versa */
200 if (lock_rename(workdir, upperdir) != NULL)
206 unlock_rename(workdir, upperdir);
208 pr_err("overlayfs: failed to lock workdir+upperdir\n");
212 static struct dentry *ovl_clear_empty(struct dentry *dentry,
213 struct list_head *list)
215 struct dentry *workdir = ovl_workdir(dentry);
216 struct inode *wdir = workdir->d_inode;
217 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
218 struct inode *udir = upperdir->d_inode;
219 struct path upperpath;
220 struct dentry *upper;
221 struct dentry *opaquedir;
225 if (WARN_ON(!workdir))
226 return ERR_PTR(-EROFS);
228 err = ovl_lock_rename_workdir(workdir, upperdir);
232 ovl_path_upper(dentry, &upperpath);
233 err = vfs_getattr(&upperpath, &stat);
238 if (!S_ISDIR(stat.mode))
240 upper = upperpath.dentry;
241 if (upper->d_parent->d_inode != udir)
244 opaquedir = ovl_lookup_temp(workdir, dentry);
245 err = PTR_ERR(opaquedir);
246 if (IS_ERR(opaquedir))
249 err = ovl_create_real(wdir, opaquedir, &stat, NULL, NULL, true);
253 err = ovl_copy_xattr(upper, opaquedir);
257 err = ovl_set_opaque(opaquedir);
261 inode_lock(opaquedir->d_inode);
262 err = ovl_set_attr(opaquedir, &stat);
263 inode_unlock(opaquedir->d_inode);
267 err = ovl_do_rename(wdir, opaquedir, udir, upper, RENAME_EXCHANGE);
271 ovl_cleanup_whiteouts(upper, list);
272 ovl_cleanup(wdir, upper);
273 unlock_rename(workdir, upperdir);
275 /* dentry's upper doesn't match now, get rid of it */
281 ovl_cleanup(wdir, opaquedir);
285 unlock_rename(workdir, upperdir);
290 static struct dentry *ovl_check_empty_and_clear(struct dentry *dentry)
293 struct dentry *ret = NULL;
296 err = ovl_check_empty_dir(dentry, &list);
301 * If no upperdentry then skip clearing whiteouts.
303 * Can race with copy-up, since we don't hold the upperdir
304 * mutex. Doesn't matter, since copy-up can't create a
305 * non-empty directory from an empty one.
307 if (ovl_dentry_upper(dentry))
308 ret = ovl_clear_empty(dentry, &list);
311 ovl_cache_free(&list);
316 static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode,
317 struct kstat *stat, const char *link,
318 struct dentry *hardlink)
320 struct dentry *workdir = ovl_workdir(dentry);
321 struct inode *wdir = workdir->d_inode;
322 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
323 struct inode *udir = upperdir->d_inode;
324 struct dentry *upper;
325 struct dentry *newdentry;
328 if (WARN_ON(!workdir))
331 err = ovl_lock_rename_workdir(workdir, upperdir);
335 newdentry = ovl_lookup_temp(workdir, dentry);
336 err = PTR_ERR(newdentry);
337 if (IS_ERR(newdentry))
340 upper = lookup_one_len(dentry->d_name.name, upperdir,
342 err = PTR_ERR(upper);
346 err = ovl_create_real(wdir, newdentry, stat, link, hardlink, true);
350 if (S_ISDIR(stat->mode)) {
351 err = ovl_set_opaque(newdentry);
355 err = ovl_do_rename(wdir, newdentry, udir, upper,
360 ovl_cleanup(wdir, upper);
362 err = ovl_do_rename(wdir, newdentry, udir, upper, 0);
366 ovl_dentry_version_inc(dentry->d_parent);
367 ovl_dentry_update(dentry, newdentry);
368 ovl_copyattr(newdentry->d_inode, inode);
369 d_instantiate(dentry, inode);
376 unlock_rename(workdir, upperdir);
381 ovl_cleanup(wdir, newdentry);
385 static int ovl_create_or_link(struct dentry *dentry, int mode, dev_t rdev,
386 const char *link, struct dentry *hardlink)
390 struct kstat stat = {
396 inode = ovl_new_inode(dentry->d_sb, mode, dentry->d_fsdata);
400 err = ovl_copy_up(dentry->d_parent);
404 if (!ovl_dentry_is_opaque(dentry)) {
405 err = ovl_create_upper(dentry, inode, &stat, link, hardlink);
407 const struct cred *old_cred;
408 struct cred *override_cred;
411 override_cred = prepare_creds();
416 * CAP_SYS_ADMIN for setting opaque xattr
417 * CAP_DAC_OVERRIDE for create in workdir, rename
418 * CAP_FOWNER for removing whiteout from sticky dir
420 cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
421 cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
422 cap_raise(override_cred->cap_effective, CAP_FOWNER);
423 old_cred = override_creds(override_cred);
425 err = ovl_create_over_whiteout(dentry, inode, &stat, link,
428 revert_creds(old_cred);
429 put_cred(override_cred);
440 static int ovl_create_object(struct dentry *dentry, int mode, dev_t rdev,
445 err = ovl_want_write(dentry);
447 err = ovl_create_or_link(dentry, mode, rdev, link, NULL);
448 ovl_drop_write(dentry);
454 static int ovl_create(struct inode *dir, struct dentry *dentry, umode_t mode,
457 return ovl_create_object(dentry, (mode & 07777) | S_IFREG, 0, NULL);
460 static int ovl_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
462 return ovl_create_object(dentry, (mode & 07777) | S_IFDIR, 0, NULL);
465 static int ovl_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
468 /* Don't allow creation of "whiteout" on overlay */
469 if (S_ISCHR(mode) && rdev == WHITEOUT_DEV)
472 return ovl_create_object(dentry, mode, rdev, NULL);
475 static int ovl_symlink(struct inode *dir, struct dentry *dentry,
478 return ovl_create_object(dentry, S_IFLNK, 0, link);
481 static int ovl_link(struct dentry *old, struct inode *newdir,
485 struct dentry *upper;
487 err = ovl_want_write(old);
491 err = ovl_copy_up(old);
495 upper = ovl_dentry_upper(old);
496 err = ovl_create_or_link(new, upper->d_inode->i_mode, 0, NULL, upper);
504 static int ovl_remove_and_whiteout(struct dentry *dentry, bool is_dir)
506 struct dentry *workdir = ovl_workdir(dentry);
507 struct inode *wdir = workdir->d_inode;
508 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
509 struct inode *udir = upperdir->d_inode;
510 struct dentry *whiteout;
511 struct dentry *upper;
512 struct dentry *opaquedir = NULL;
515 if (WARN_ON(!workdir))
519 if (OVL_TYPE_MERGE_OR_LOWER(ovl_path_type(dentry))) {
520 opaquedir = ovl_check_empty_and_clear(dentry);
521 err = PTR_ERR(opaquedir);
522 if (IS_ERR(opaquedir))
528 * When removing an empty opaque directory, then it
529 * makes no sense to replace it with an exact replica of
530 * itself. But emptiness still needs to be checked.
532 err = ovl_check_empty_dir(dentry, &list);
533 ovl_cache_free(&list);
539 err = ovl_lock_rename_workdir(workdir, upperdir);
543 whiteout = ovl_whiteout(workdir, dentry);
544 err = PTR_ERR(whiteout);
545 if (IS_ERR(whiteout))
548 upper = ovl_dentry_upper(dentry);
550 upper = lookup_one_len(dentry->d_name.name, upperdir,
552 err = PTR_ERR(upper);
556 err = ovl_do_rename(wdir, whiteout, udir, upper, 0);
566 if (upper->d_parent != upperdir)
570 flags |= RENAME_EXCHANGE;
572 err = ovl_do_rename(wdir, whiteout, udir, upper, flags);
577 ovl_cleanup(wdir, upper);
579 ovl_dentry_version_inc(dentry->d_parent);
584 unlock_rename(workdir, upperdir);
591 ovl_cleanup(wdir, whiteout);
595 static int ovl_remove_upper(struct dentry *dentry, bool is_dir)
597 struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
598 struct inode *dir = upperdir->d_inode;
599 struct dentry *upper;
602 inode_lock_nested(dir, I_MUTEX_PARENT);
603 upper = lookup_one_len(dentry->d_name.name, upperdir,
605 err = PTR_ERR(upper);
610 if (upper == ovl_dentry_upper(dentry)) {
612 err = vfs_rmdir(dir, upper);
614 err = vfs_unlink(dir, upper, NULL);
615 ovl_dentry_version_inc(dentry->d_parent);
620 * Keeping this dentry hashed would mean having to release
621 * upperpath/lowerpath, which could only be done if we are the
622 * sole user of this dentry. Too tricky... Just unhash for
633 static inline int ovl_check_sticky(struct dentry *dentry)
635 struct inode *dir = ovl_dentry_real(dentry->d_parent)->d_inode;
636 struct inode *inode = ovl_dentry_real(dentry)->d_inode;
638 if (check_sticky(dir, inode))
644 static int ovl_do_remove(struct dentry *dentry, bool is_dir)
646 enum ovl_path_type type;
649 err = ovl_check_sticky(dentry);
653 err = ovl_want_write(dentry);
657 err = ovl_copy_up(dentry->d_parent);
661 type = ovl_path_type(dentry);
662 if (OVL_TYPE_PURE_UPPER(type)) {
663 err = ovl_remove_upper(dentry, is_dir);
665 const struct cred *old_cred;
666 struct cred *override_cred;
669 override_cred = prepare_creds();
674 * CAP_SYS_ADMIN for setting xattr on whiteout, opaque dir
675 * CAP_DAC_OVERRIDE for create in workdir, rename
676 * CAP_FOWNER for removing whiteout from sticky dir
677 * CAP_FSETID for chmod of opaque dir
678 * CAP_CHOWN for chown of opaque dir
680 cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
681 cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
682 cap_raise(override_cred->cap_effective, CAP_FOWNER);
683 cap_raise(override_cred->cap_effective, CAP_FSETID);
684 cap_raise(override_cred->cap_effective, CAP_CHOWN);
685 old_cred = override_creds(override_cred);
687 err = ovl_remove_and_whiteout(dentry, is_dir);
689 revert_creds(old_cred);
690 put_cred(override_cred);
693 ovl_drop_write(dentry);
698 static int ovl_unlink(struct inode *dir, struct dentry *dentry)
700 return ovl_do_remove(dentry, false);
703 static int ovl_rmdir(struct inode *dir, struct dentry *dentry)
705 return ovl_do_remove(dentry, true);
708 static int ovl_rename2(struct inode *olddir, struct dentry *old,
709 struct inode *newdir, struct dentry *new,
713 enum ovl_path_type old_type;
714 enum ovl_path_type new_type;
715 struct dentry *old_upperdir;
716 struct dentry *new_upperdir;
717 struct dentry *olddentry;
718 struct dentry *newdentry;
722 bool cleanup_whiteout = false;
723 bool overwrite = !(flags & RENAME_EXCHANGE);
724 bool is_dir = d_is_dir(old);
725 bool new_is_dir = false;
726 struct dentry *opaquedir = NULL;
727 const struct cred *old_cred = NULL;
728 struct cred *override_cred = NULL;
731 if (flags & ~(RENAME_EXCHANGE | RENAME_NOREPLACE))
734 flags &= ~RENAME_NOREPLACE;
736 err = ovl_check_sticky(old);
740 /* Don't copy up directory trees */
741 old_type = ovl_path_type(old);
743 if (OVL_TYPE_MERGE_OR_LOWER(old_type) && is_dir)
747 err = ovl_check_sticky(new);
754 new_type = ovl_path_type(new);
756 if (!overwrite && OVL_TYPE_MERGE_OR_LOWER(new_type) && new_is_dir)
760 if (!OVL_TYPE_UPPER(new_type) && !OVL_TYPE_UPPER(old_type)) {
761 if (ovl_dentry_lower(old)->d_inode ==
762 ovl_dentry_lower(new)->d_inode)
765 if (OVL_TYPE_UPPER(new_type) && OVL_TYPE_UPPER(old_type)) {
766 if (ovl_dentry_upper(old)->d_inode ==
767 ovl_dentry_upper(new)->d_inode)
771 if (ovl_dentry_is_opaque(new))
772 new_type = __OVL_PATH_UPPER;
774 new_type = __OVL_PATH_UPPER | __OVL_PATH_PURE;
777 err = ovl_want_write(old);
781 err = ovl_copy_up(old);
785 err = ovl_copy_up(new->d_parent);
789 err = ovl_copy_up(new);
794 old_opaque = !OVL_TYPE_PURE_UPPER(old_type);
795 new_opaque = !OVL_TYPE_PURE_UPPER(new_type);
797 if (old_opaque || new_opaque) {
799 override_cred = prepare_creds();
804 * CAP_SYS_ADMIN for setting xattr on whiteout, opaque dir
805 * CAP_DAC_OVERRIDE for create in workdir
806 * CAP_FOWNER for removing whiteout from sticky dir
807 * CAP_FSETID for chmod of opaque dir
808 * CAP_CHOWN for chown of opaque dir
810 cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
811 cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
812 cap_raise(override_cred->cap_effective, CAP_FOWNER);
813 cap_raise(override_cred->cap_effective, CAP_FSETID);
814 cap_raise(override_cred->cap_effective, CAP_CHOWN);
815 old_cred = override_creds(override_cred);
818 if (overwrite && OVL_TYPE_MERGE_OR_LOWER(new_type) && new_is_dir) {
819 opaquedir = ovl_check_empty_and_clear(new);
820 err = PTR_ERR(opaquedir);
821 if (IS_ERR(opaquedir)) {
823 goto out_revert_creds;
829 if (new->d_inode || !new_opaque) {
830 /* Whiteout source */
831 flags |= RENAME_WHITEOUT;
833 /* Switch whiteouts */
834 flags |= RENAME_EXCHANGE;
836 } else if (is_dir && !new->d_inode && new_opaque) {
837 flags |= RENAME_EXCHANGE;
838 cleanup_whiteout = true;
842 old_upperdir = ovl_dentry_upper(old->d_parent);
843 new_upperdir = ovl_dentry_upper(new->d_parent);
845 trap = lock_rename(new_upperdir, old_upperdir);
848 olddentry = lookup_one_len(old->d_name.name, old_upperdir,
850 err = PTR_ERR(olddentry);
851 if (IS_ERR(olddentry))
855 if (olddentry != ovl_dentry_upper(old))
858 newdentry = lookup_one_len(new->d_name.name, new_upperdir,
860 err = PTR_ERR(newdentry);
861 if (IS_ERR(newdentry))
865 if (ovl_dentry_upper(new)) {
867 if (newdentry != opaquedir)
870 if (newdentry != ovl_dentry_upper(new))
874 if (!d_is_negative(newdentry) &&
875 (!new_opaque || !ovl_is_whiteout(newdentry)))
879 if (olddentry == trap)
881 if (newdentry == trap)
884 if (is_dir && !old_opaque && new_opaque) {
885 err = ovl_set_opaque(olddentry);
889 if (!overwrite && new_is_dir && old_opaque && !new_opaque) {
890 err = ovl_set_opaque(newdentry);
895 if (old_opaque || new_opaque) {
896 err = ovl_do_rename(old_upperdir->d_inode, olddentry,
897 new_upperdir->d_inode, newdentry,
900 /* No debug for the plain case */
901 BUG_ON(flags & ~RENAME_EXCHANGE);
902 err = vfs_rename(old_upperdir->d_inode, olddentry,
903 new_upperdir->d_inode, newdentry,
908 if (is_dir && !old_opaque && new_opaque)
909 ovl_remove_opaque(olddentry);
910 if (!overwrite && new_is_dir && old_opaque && !new_opaque)
911 ovl_remove_opaque(newdentry);
915 if (is_dir && old_opaque && !new_opaque)
916 ovl_remove_opaque(olddentry);
917 if (!overwrite && new_is_dir && !old_opaque && new_opaque)
918 ovl_remove_opaque(newdentry);
921 * Old dentry now lives in different location. Dentries in
922 * lowerstack are stale. We cannot drop them here because
923 * access to them is lockless. This could be only pure upper
924 * or opaque directory - numlower is zero. Or upper non-dir
925 * entry - its pureness is tracked by flag opaque.
927 if (old_opaque != new_opaque) {
928 ovl_dentry_set_opaque(old, new_opaque);
930 ovl_dentry_set_opaque(new, old_opaque);
933 if (cleanup_whiteout)
934 ovl_cleanup(old_upperdir->d_inode, newdentry);
936 ovl_dentry_version_inc(old->d_parent);
937 ovl_dentry_version_inc(new->d_parent);
944 unlock_rename(new_upperdir, old_upperdir);
946 if (old_opaque || new_opaque) {
947 revert_creds(old_cred);
948 put_cred(override_cred);
957 const struct inode_operations ovl_dir_inode_operations = {
958 .lookup = ovl_lookup,
960 .symlink = ovl_symlink,
961 .unlink = ovl_unlink,
963 .rename2 = ovl_rename2,
965 .setattr = ovl_setattr,
966 .create = ovl_create,
968 .permission = ovl_permission,
969 .getattr = ovl_dir_getattr,
970 .setxattr = ovl_setxattr,
971 .getxattr = ovl_getxattr,
972 .listxattr = ovl_listxattr,
973 .removexattr = ovl_removexattr,