1 // SPDX-License-Identifier: GPL-2.0-only
3 * Copyright (C) 2017 Red Hat, Inc.
6 #include <linux/cred.h>
7 #include <linux/file.h>
8 #include <linux/mount.h>
9 #include <linux/xattr.h>
10 #include <linux/uio.h>
11 #include <linux/uaccess.h>
12 #include <linux/security.h>
14 #include <linux/backing-file.h>
15 #include "overlayfs.h"
17 static char ovl_whatisit(struct inode *inode, struct inode *realinode)
19 if (realinode != ovl_inode_upper(inode))
21 if (ovl_has_upperdata(inode))
27 static struct file *ovl_open_realfile(const struct file *file,
28 const struct path *realpath)
30 struct inode *realinode = d_inode(realpath->dentry);
31 struct inode *inode = file_inode(file);
32 struct mnt_idmap *real_idmap;
33 struct file *realfile;
34 const struct cred *old_cred;
35 int flags = file->f_flags | OVL_OPEN_FLAGS;
36 int acc_mode = ACC_MODE(flags);
40 acc_mode |= MAY_APPEND;
42 old_cred = ovl_override_creds(inode->i_sb);
43 real_idmap = mnt_idmap(realpath->mnt);
44 err = inode_permission(real_idmap, realinode, MAY_OPEN | acc_mode);
46 realfile = ERR_PTR(err);
48 if (!inode_owner_or_capable(real_idmap, realinode))
51 realfile = backing_file_open(&file->f_path, flags, realpath,
54 ovl_revert_creds(old_cred);
56 pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n",
57 file, file, ovl_whatisit(inode, realinode), file->f_flags,
58 realfile, IS_ERR(realfile) ? 0 : realfile->f_flags);
63 #define OVL_SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT)
65 static int ovl_change_flags(struct file *file, unsigned int flags)
67 struct inode *inode = file_inode(file);
70 flags &= OVL_SETFL_MASK;
72 if (((flags ^ file->f_flags) & O_APPEND) && IS_APPEND(inode))
75 if ((flags & O_DIRECT) && !(file->f_mode & FMODE_CAN_ODIRECT))
78 if (file->f_op->check_flags) {
79 err = file->f_op->check_flags(flags);
84 spin_lock(&file->f_lock);
85 file->f_flags = (file->f_flags & ~OVL_SETFL_MASK) | flags;
86 file->f_iocb_flags = iocb_flags(file);
87 spin_unlock(&file->f_lock);
93 struct file *realfile;
94 struct file *upperfile;
97 struct ovl_file *ovl_file_alloc(struct file *realfile)
99 struct ovl_file *of = kzalloc(sizeof(struct ovl_file), GFP_KERNEL);
104 of->realfile = realfile;
108 void ovl_file_free(struct ovl_file *of)
116 static bool ovl_is_real_file(const struct file *realfile,
117 const struct path *realpath)
119 return file_inode(realfile) == d_inode(realpath->dentry);
122 static struct file *ovl_real_file_path(const struct file *file,
123 struct path *realpath)
125 struct ovl_file *of = file->private_data;
126 struct file *realfile = of->realfile;
128 if (WARN_ON_ONCE(!realpath->dentry))
129 return ERR_PTR(-EIO);
132 * If the realfile that we want is not where the data used to be at
133 * open time, either we'd been copied up, or it's an fsync of a
134 * metacopied file. We need the upperfile either way, so see if it
135 * is already opened and if it is not then open and store it.
137 if (unlikely(!ovl_is_real_file(realfile, realpath))) {
138 struct file *upperfile = READ_ONCE(of->upperfile);
141 if (!upperfile) { /* Nobody opened upperfile yet */
142 upperfile = ovl_open_realfile(file, realpath);
143 if (IS_ERR(upperfile))
146 /* Store the upperfile for later */
147 old = cmpxchg_release(&of->upperfile, NULL, upperfile);
148 if (old) { /* Someone opened upperfile before us */
154 * Stored file must be from the right inode, unless someone's
155 * been corrupting the upper layer.
157 if (WARN_ON_ONCE(!ovl_is_real_file(upperfile, realpath)))
158 return ERR_PTR(-EIO);
160 realfile = upperfile;
163 /* Did the flags change since open? */
164 if (unlikely((file->f_flags ^ realfile->f_flags) & ~OVL_OPEN_FLAGS)) {
165 int err = ovl_change_flags(realfile, file->f_flags);
174 static struct file *ovl_real_file(const struct file *file)
176 struct dentry *dentry = file_dentry(file);
177 struct path realpath;
180 if (d_is_dir(dentry)) {
181 struct file *f = ovl_dir_real_file(file, false);
183 if (WARN_ON_ONCE(!f))
184 return ERR_PTR(-EIO);
188 /* lazy lookup and verify of lowerdata */
189 err = ovl_verify_lowerdata(dentry);
193 ovl_path_realdata(dentry, &realpath);
195 return ovl_real_file_path(file, &realpath);
198 static int ovl_open(struct inode *inode, struct file *file)
200 struct dentry *dentry = file_dentry(file);
201 struct file *realfile;
202 struct path realpath;
206 /* lazy lookup and verify lowerdata */
207 err = ovl_verify_lowerdata(dentry);
211 err = ovl_maybe_copy_up(dentry, file->f_flags);
215 /* No longer need these flags, so don't pass them on to underlying fs */
216 file->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC);
218 ovl_path_realdata(dentry, &realpath);
219 if (!realpath.dentry)
222 realfile = ovl_open_realfile(file, &realpath);
223 if (IS_ERR(realfile))
224 return PTR_ERR(realfile);
226 of = ovl_file_alloc(realfile);
232 file->private_data = of;
237 static int ovl_release(struct inode *inode, struct file *file)
239 ovl_file_free(file->private_data);
243 static loff_t ovl_llseek(struct file *file, loff_t offset, int whence)
245 struct inode *inode = file_inode(file);
246 struct file *realfile;
247 const struct cred *old_cred;
251 * The two special cases below do not need to involve real fs,
252 * so we can optimizing concurrent callers.
255 if (whence == SEEK_CUR)
258 if (whence == SEEK_SET)
259 return vfs_setpos(file, 0, 0);
262 realfile = ovl_real_file(file);
263 if (IS_ERR(realfile))
264 return PTR_ERR(realfile);
267 * Overlay file f_pos is the master copy that is preserved
268 * through copy up and modified on read/write, but only real
269 * fs knows how to SEEK_HOLE/SEEK_DATA and real fs may impose
270 * limitations that are more strict than ->s_maxbytes for specific
271 * files, so we use the real file to perform seeks.
273 ovl_inode_lock(inode);
274 realfile->f_pos = file->f_pos;
276 old_cred = ovl_override_creds(inode->i_sb);
277 ret = vfs_llseek(realfile, offset, whence);
278 ovl_revert_creds(old_cred);
280 file->f_pos = realfile->f_pos;
281 ovl_inode_unlock(inode);
286 static void ovl_file_modified(struct file *file)
288 /* Update size/mtime */
289 ovl_copyattr(file_inode(file));
292 static void ovl_file_end_write(struct kiocb *iocb, ssize_t ret)
294 ovl_file_modified(iocb->ki_filp);
297 static void ovl_file_accessed(struct file *file)
299 struct inode *inode, *upperinode;
300 struct timespec64 ctime, uctime;
301 struct timespec64 mtime, umtime;
303 if (file->f_flags & O_NOATIME)
306 inode = file_inode(file);
307 upperinode = ovl_inode_upper(inode);
312 ctime = inode_get_ctime(inode);
313 uctime = inode_get_ctime(upperinode);
314 mtime = inode_get_mtime(inode);
315 umtime = inode_get_mtime(upperinode);
316 if ((!timespec64_equal(&mtime, &umtime)) ||
317 !timespec64_equal(&ctime, &uctime)) {
318 inode_set_mtime_to_ts(inode, inode_get_mtime(upperinode));
319 inode_set_ctime_to_ts(inode, uctime);
322 touch_atime(&file->f_path);
325 static ssize_t ovl_read_iter(struct kiocb *iocb, struct iov_iter *iter)
327 struct file *file = iocb->ki_filp;
328 struct file *realfile;
329 struct backing_file_ctx ctx = {
330 .cred = ovl_creds(file_inode(file)->i_sb),
331 .accessed = ovl_file_accessed,
334 if (!iov_iter_count(iter))
337 realfile = ovl_real_file(file);
338 if (IS_ERR(realfile))
339 return PTR_ERR(realfile);
341 return backing_file_read_iter(realfile, iter, iocb, iocb->ki_flags,
345 static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter)
347 struct file *file = iocb->ki_filp;
348 struct inode *inode = file_inode(file);
349 struct file *realfile;
351 int ifl = iocb->ki_flags;
352 struct backing_file_ctx ctx = {
353 .cred = ovl_creds(inode->i_sb),
354 .end_write = ovl_file_end_write,
357 if (!iov_iter_count(iter))
364 realfile = ovl_real_file(file);
365 ret = PTR_ERR(realfile);
366 if (IS_ERR(realfile))
369 if (!ovl_should_sync(OVL_FS(inode->i_sb)))
370 ifl &= ~(IOCB_DSYNC | IOCB_SYNC);
373 * Overlayfs doesn't support deferred completions, don't copy
374 * this property in case it is set by the issuer.
376 ifl &= ~IOCB_DIO_CALLER_COMP;
377 ret = backing_file_write_iter(realfile, iter, iocb, ifl, &ctx);
385 static ssize_t ovl_splice_read(struct file *in, loff_t *ppos,
386 struct pipe_inode_info *pipe, size_t len,
389 struct file *realfile;
391 struct backing_file_ctx ctx = {
392 .cred = ovl_creds(file_inode(in)->i_sb),
393 .accessed = ovl_file_accessed,
397 realfile = ovl_real_file(in);
398 if (IS_ERR(realfile))
399 return PTR_ERR(realfile);
401 init_sync_kiocb(&iocb, in);
403 ret = backing_file_splice_read(realfile, &iocb, pipe, len, flags, &ctx);
410 * Calling iter_file_splice_write() directly from overlay's f_op may deadlock
411 * due to lock order inversion between pipe->mutex in iter_file_splice_write()
412 * and file_start_write(realfile) in ovl_write_iter().
414 * So do everything ovl_write_iter() does and call iter_file_splice_write() on
417 static ssize_t ovl_splice_write(struct pipe_inode_info *pipe, struct file *out,
418 loff_t *ppos, size_t len, unsigned int flags)
420 struct file *realfile;
421 struct inode *inode = file_inode(out);
423 struct backing_file_ctx ctx = {
424 .cred = ovl_creds(inode->i_sb),
425 .end_write = ovl_file_end_write,
433 realfile = ovl_real_file(out);
434 ret = PTR_ERR(realfile);
435 if (IS_ERR(realfile))
438 init_sync_kiocb(&iocb, out);
440 ret = backing_file_splice_write(pipe, realfile, &iocb, len, flags, &ctx);
449 static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync)
451 struct dentry *dentry = file_dentry(file);
452 enum ovl_path_type type;
453 struct path upperpath;
454 struct file *upperfile;
455 const struct cred *old_cred;
458 ret = ovl_sync_status(OVL_FS(file_inode(file)->i_sb));
462 /* Don't sync lower file for fear of receiving EROFS error */
463 type = ovl_path_type(dentry);
464 if (!OVL_TYPE_UPPER(type) || (datasync && OVL_TYPE_MERGE(type)))
467 ovl_path_upper(dentry, &upperpath);
468 upperfile = ovl_real_file_path(file, &upperpath);
469 if (IS_ERR(upperfile))
470 return PTR_ERR(upperfile);
472 old_cred = ovl_override_creds(file_inode(file)->i_sb);
473 ret = vfs_fsync_range(upperfile, start, end, datasync);
474 ovl_revert_creds(old_cred);
479 static int ovl_mmap(struct file *file, struct vm_area_struct *vma)
481 struct ovl_file *of = file->private_data;
482 struct backing_file_ctx ctx = {
483 .cred = ovl_creds(file_inode(file)->i_sb),
484 .accessed = ovl_file_accessed,
487 return backing_file_mmap(of->realfile, vma, &ctx);
490 static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len)
492 struct inode *inode = file_inode(file);
493 struct file *realfile;
494 const struct cred *old_cred;
500 ret = file_remove_privs(file);
504 realfile = ovl_real_file(file);
505 ret = PTR_ERR(realfile);
506 if (IS_ERR(realfile))
509 old_cred = ovl_override_creds(file_inode(file)->i_sb);
510 ret = vfs_fallocate(realfile, mode, offset, len);
511 ovl_revert_creds(old_cred);
514 ovl_file_modified(file);
522 static int ovl_fadvise(struct file *file, loff_t offset, loff_t len, int advice)
524 struct file *realfile;
525 const struct cred *old_cred;
528 realfile = ovl_real_file(file);
529 if (IS_ERR(realfile))
530 return PTR_ERR(realfile);
532 old_cred = ovl_override_creds(file_inode(file)->i_sb);
533 ret = vfs_fadvise(realfile, offset, len, advice);
534 ovl_revert_creds(old_cred);
545 static loff_t ovl_copyfile(struct file *file_in, loff_t pos_in,
546 struct file *file_out, loff_t pos_out,
547 loff_t len, unsigned int flags, enum ovl_copyop op)
549 struct inode *inode_out = file_inode(file_out);
550 struct file *realfile_in, *realfile_out;
551 const struct cred *old_cred;
554 inode_lock(inode_out);
555 if (op != OVL_DEDUPE) {
557 ovl_copyattr(inode_out);
558 ret = file_remove_privs(file_out);
563 realfile_out = ovl_real_file(file_out);
564 ret = PTR_ERR(realfile_out);
565 if (IS_ERR(realfile_out))
568 realfile_in = ovl_real_file(file_in);
569 ret = PTR_ERR(realfile_in);
570 if (IS_ERR(realfile_in))
573 old_cred = ovl_override_creds(file_inode(file_out)->i_sb);
576 ret = vfs_copy_file_range(realfile_in, pos_in,
577 realfile_out, pos_out, len, flags);
581 ret = vfs_clone_file_range(realfile_in, pos_in,
582 realfile_out, pos_out, len, flags);
586 ret = vfs_dedupe_file_range_one(realfile_in, pos_in,
587 realfile_out, pos_out, len,
591 ovl_revert_creds(old_cred);
594 ovl_file_modified(file_out);
597 inode_unlock(inode_out);
602 static ssize_t ovl_copy_file_range(struct file *file_in, loff_t pos_in,
603 struct file *file_out, loff_t pos_out,
604 size_t len, unsigned int flags)
606 return ovl_copyfile(file_in, pos_in, file_out, pos_out, len, flags,
610 static loff_t ovl_remap_file_range(struct file *file_in, loff_t pos_in,
611 struct file *file_out, loff_t pos_out,
612 loff_t len, unsigned int remap_flags)
616 if (remap_flags & ~(REMAP_FILE_DEDUP | REMAP_FILE_ADVISORY))
619 if (remap_flags & REMAP_FILE_DEDUP)
625 * Don't copy up because of a dedupe request, this wouldn't make sense
626 * most of the time (data would be duplicated instead of deduplicated).
628 if (op == OVL_DEDUPE &&
629 (!ovl_inode_upper(file_inode(file_in)) ||
630 !ovl_inode_upper(file_inode(file_out))))
633 return ovl_copyfile(file_in, pos_in, file_out, pos_out, len,
637 static int ovl_flush(struct file *file, fl_owner_t id)
639 struct file *realfile;
640 const struct cred *old_cred;
643 realfile = ovl_real_file(file);
644 if (IS_ERR(realfile))
645 return PTR_ERR(realfile);
647 if (realfile->f_op->flush) {
648 old_cred = ovl_override_creds(file_inode(file)->i_sb);
649 err = realfile->f_op->flush(realfile, id);
650 ovl_revert_creds(old_cred);
656 const struct file_operations ovl_file_operations = {
658 .release = ovl_release,
659 .llseek = ovl_llseek,
660 .read_iter = ovl_read_iter,
661 .write_iter = ovl_write_iter,
664 .fallocate = ovl_fallocate,
665 .fadvise = ovl_fadvise,
667 .splice_read = ovl_splice_read,
668 .splice_write = ovl_splice_write,
670 .copy_file_range = ovl_copy_file_range,
671 .remap_file_range = ovl_remap_file_range,
projects / linux.git / blob