projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ovl: default permissions
[deliverable/linux.git] / fs / overlayfs / inode.c
1 /*
2 *
3 * Copyright (C) 2011 Novell Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
8 */
9
10 #include <linux/fs.h>
11 #include <linux/slab.h>
12 #include <linux/xattr.h>
13 #include "overlayfs.h"
14
15 static int ovl_copy_up_last(struct dentry *dentry, struct iattr *attr,
16 bool no_data)
17 {
18 int err;
19 struct dentry *parent;
20 struct kstat stat;
21 struct path lowerpath;
22
23 parent = dget_parent(dentry);
24 err = ovl_copy_up(parent);
25 if (err)
26 goto out_dput_parent;
27
28 ovl_path_lower(dentry, &lowerpath);
29 err = vfs_getattr(&lowerpath, &stat);
30 if (err)
31 goto out_dput_parent;
32
33 if (no_data)
34 stat.size = 0;
35
36 err = ovl_copy_up_one(parent, dentry, &lowerpath, &stat, attr);
37
38 out_dput_parent:
39 dput(parent);
40 return err;
41 }
42
43 int ovl_setattr(struct dentry *dentry, struct iattr *attr)
44 {
45 int err;
46 struct dentry *upperdentry;
47
48 err = ovl_want_write(dentry);
49 if (err)
50 goto out;
51
52 upperdentry = ovl_dentry_upper(dentry);
53 if (upperdentry) {
54 mutex_lock(&upperdentry->d_inode->i_mutex);
55 err = notify_change(upperdentry, attr, NULL);
56 mutex_unlock(&upperdentry->d_inode->i_mutex);
57 } else {
58 err = ovl_copy_up_last(dentry, attr, false);
59 }
60 ovl_drop_write(dentry);
61 out:
62 return err;
63 }
64
65 static int ovl_getattr(struct vfsmount *mnt, struct dentry *dentry,
66 struct kstat *stat)
67 {
68 struct path realpath;
69
70 ovl_path_real(dentry, &realpath);
71 return vfs_getattr(&realpath, stat);
72 }
73
74 int ovl_permission(struct inode *inode, int mask)
75 {
76 struct ovl_entry *oe;
77 struct dentry *alias = NULL;
78 struct inode *realinode;
79 struct dentry *realdentry;
80 bool is_upper;
81 int err;
82
83 if (S_ISDIR(inode->i_mode)) {
84 oe = inode->i_private;
85 } else if (mask & MAY_NOT_BLOCK) {
86 return -ECHILD;
87 } else {
88 /*
89 * For non-directories find an alias and get the info
90 * from there.
91 */
92 alias = d_find_any_alias(inode);
93 if (WARN_ON(!alias))
94 return -ENOENT;
95
96 oe = alias->d_fsdata;
97 }
98
99 realdentry = ovl_entry_real(oe, &is_upper);
100
101 if (ovl_is_default_permissions(inode)) {
102 struct kstat stat;
103 struct path realpath = { .dentry = realdentry };
104
105 if (mask & MAY_NOT_BLOCK)
106 return -ECHILD;
107
108 realpath.mnt = ovl_entry_mnt_real(oe, inode, is_upper);
109
110 err = vfs_getattr(&realpath, &stat);
111 if (err)
112 return err;
113
114 if ((stat.mode ^ inode->i_mode) & S_IFMT)
115 return -ESTALE;
116
117 inode->i_mode = stat.mode;
118 inode->i_uid = stat.uid;
119 inode->i_gid = stat.gid;
120
121 return generic_permission(inode, mask);
122 }
123
124 /* Careful in RCU walk mode */
125 realinode = ACCESS_ONCE(realdentry->d_inode);
126 if (!realinode) {
127 WARN_ON(!(mask & MAY_NOT_BLOCK));
128 err = -ENOENT;
129 goto out_dput;
130 }
131
132 if (mask & MAY_WRITE) {
133 umode_t mode = realinode->i_mode;
134
135 /*
136 * Writes will always be redirected to upper layer, so
137 * ignore lower layer being read-only.
138 *
139 * If the overlay itself is read-only then proceed
140 * with the permission check, don't return EROFS.
141 * This will only happen if this is the lower layer of
142 * another overlayfs.
143 *
144 * If upper fs becomes read-only after the overlay was
145 * constructed return EROFS to prevent modification of
146 * upper layer.
147 */
148 err = -EROFS;
149 if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) &&
150 (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
151 goto out_dput;
152 }
153
154 err = __inode_permission(realinode, mask);
155 out_dput:
156 dput(alias);
157 return err;
158 }
159
160
161 struct ovl_link_data {
162 struct dentry *realdentry;
163 void *cookie;
164 };
165
166 static const char *ovl_follow_link(struct dentry *dentry, void **cookie)
167 {
168 struct dentry *realdentry;
169 struct inode *realinode;
170 struct ovl_link_data *data = NULL;
171 const char *ret;
172
173 realdentry = ovl_dentry_real(dentry);
174 realinode = realdentry->d_inode;
175
176 if (WARN_ON(!realinode->i_op->follow_link))
177 return ERR_PTR(-EPERM);
178
179 if (realinode->i_op->put_link) {
180 data = kmalloc(sizeof(struct ovl_link_data), GFP_KERNEL);
181 if (!data)
182 return ERR_PTR(-ENOMEM);
183 data->realdentry = realdentry;
184 }
185
186 ret = realinode->i_op->follow_link(realdentry, cookie);
187 if (IS_ERR_OR_NULL(ret)) {
188 kfree(data);
189 return ret;
190 }
191
192 if (data)
193 data->cookie = *cookie;
194
195 *cookie = data;
196
197 return ret;
198 }
199
200 static void ovl_put_link(struct inode *unused, void *c)
201 {
202 struct inode *realinode;
203 struct ovl_link_data *data = c;
204
205 if (!data)
206 return;
207
208 realinode = data->realdentry->d_inode;
209 realinode->i_op->put_link(realinode, data->cookie);
210 kfree(data);
211 }
212
213 static int ovl_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
214 {
215 struct path realpath;
216 struct inode *realinode;
217
218 ovl_path_real(dentry, &realpath);
219 realinode = realpath.dentry->d_inode;
220
221 if (!realinode->i_op->readlink)
222 return -EINVAL;
223
224 touch_atime(&realpath);
225
226 return realinode->i_op->readlink(realpath.dentry, buf, bufsiz);
227 }
228
229
230 static bool ovl_is_private_xattr(const char *name)
231 {
232 return strncmp(name, OVL_XATTR_PRE_NAME, OVL_XATTR_PRE_LEN) == 0;
233 }
234
235 int ovl_setxattr(struct dentry *dentry, const char *name,
236 const void *value, size_t size, int flags)
237 {
238 int err;
239 struct dentry *upperdentry;
240
241 err = ovl_want_write(dentry);
242 if (err)
243 goto out;
244
245 err = -EPERM;
246 if (ovl_is_private_xattr(name))
247 goto out_drop_write;
248
249 err = ovl_copy_up(dentry);
250 if (err)
251 goto out_drop_write;
252
253 upperdentry = ovl_dentry_upper(dentry);
254 err = vfs_setxattr(upperdentry, name, value, size, flags);
255
256 out_drop_write:
257 ovl_drop_write(dentry);
258 out:
259 return err;
260 }
261
262 static bool ovl_need_xattr_filter(struct dentry *dentry,
263 enum ovl_path_type type)
264 {
265 if ((type & (__OVL_PATH_PURE | __OVL_PATH_UPPER)) == __OVL_PATH_UPPER)
266 return S_ISDIR(dentry->d_inode->i_mode);
267 else
268 return false;
269 }
270
271 ssize_t ovl_getxattr(struct dentry *dentry, const char *name,
272 void *value, size_t size)
273 {
274 struct path realpath;
275 enum ovl_path_type type = ovl_path_real(dentry, &realpath);
276
277 if (ovl_need_xattr_filter(dentry, type) && ovl_is_private_xattr(name))
278 return -ENODATA;
279
280 return vfs_getxattr(realpath.dentry, name, value, size);
281 }
282
283 ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
284 {
285 struct path realpath;
286 enum ovl_path_type type = ovl_path_real(dentry, &realpath);
287 ssize_t res;
288 int off;
289
290 res = vfs_listxattr(realpath.dentry, list, size);
291 if (res <= 0 || size == 0)
292 return res;
293
294 if (!ovl_need_xattr_filter(dentry, type))
295 return res;
296
297 /* filter out private xattrs */
298 for (off = 0; off < res;) {
299 char *s = list + off;
300 size_t slen = strlen(s) + 1;
301
302 BUG_ON(off + slen > res);
303
304 if (ovl_is_private_xattr(s)) {
305 res -= slen;
306 memmove(s, s + slen, res - off);
307 } else {
308 off += slen;
309 }
310 }
311
312 return res;
313 }
314
315 int ovl_removexattr(struct dentry *dentry, const char *name)
316 {
317 int err;
318 struct path realpath;
319 enum ovl_path_type type = ovl_path_real(dentry, &realpath);
320
321 err = ovl_want_write(dentry);
322 if (err)
323 goto out;
324
325 err = -ENODATA;
326 if (ovl_need_xattr_filter(dentry, type) && ovl_is_private_xattr(name))
327 goto out_drop_write;
328
329 if (!OVL_TYPE_UPPER(type)) {
330 err = vfs_getxattr(realpath.dentry, name, NULL, 0);
331 if (err < 0)
332 goto out_drop_write;
333
334 err = ovl_copy_up(dentry);
335 if (err)
336 goto out_drop_write;
337
338 ovl_path_upper(dentry, &realpath);
339 }
340
341 err = vfs_removexattr(realpath.dentry, name);
342 out_drop_write:
343 ovl_drop_write(dentry);
344 out:
345 return err;
346 }
347
348 static bool ovl_open_need_copy_up(int flags, enum ovl_path_type type,
349 struct dentry *realdentry)
350 {
351 if (OVL_TYPE_UPPER(type))
352 return false;
353
354 if (special_file(realdentry->d_inode->i_mode))
355 return false;
356
357 if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC))
358 return false;
359
360 return true;
361 }
362
363 struct inode *ovl_d_select_inode(struct dentry *dentry, unsigned file_flags)
364 {
365 int err;
366 struct path realpath;
367 enum ovl_path_type type;
368
369 if (d_is_dir(dentry))
370 return d_backing_inode(dentry);
371
372 type = ovl_path_real(dentry, &realpath);
373 if (ovl_open_need_copy_up(file_flags, type, realpath.dentry)) {
374 err = ovl_want_write(dentry);
375 if (err)
376 return ERR_PTR(err);
377
378 if (file_flags & O_TRUNC)
379 err = ovl_copy_up_last(dentry, NULL, true);
380 else
381 err = ovl_copy_up(dentry);
382 ovl_drop_write(dentry);
383 if (err)
384 return ERR_PTR(err);
385
386 ovl_path_upper(dentry, &realpath);
387 }
388
389 if (realpath.dentry->d_flags & DCACHE_OP_SELECT_INODE)
390 return realpath.dentry->d_op->d_select_inode(realpath.dentry, file_flags);
391
392 return d_backing_inode(realpath.dentry);
393 }
394
395 static const struct inode_operations ovl_file_inode_operations = {
396 .setattr = ovl_setattr,
397 .permission = ovl_permission,
398 .getattr = ovl_getattr,
399 .setxattr = ovl_setxattr,
400 .getxattr = ovl_getxattr,
401 .listxattr = ovl_listxattr,
402 .removexattr = ovl_removexattr,
403 };
404
405 static const struct inode_operations ovl_symlink_inode_operations = {
406 .setattr = ovl_setattr,
407 .follow_link = ovl_follow_link,
408 .put_link = ovl_put_link,
409 .readlink = ovl_readlink,
410 .getattr = ovl_getattr,
411 .setxattr = ovl_setxattr,
412 .getxattr = ovl_getxattr,
413 .listxattr = ovl_listxattr,
414 .removexattr = ovl_removexattr,
415 };
416
417 struct inode *ovl_new_inode(struct super_block *sb, umode_t mode,
418 struct ovl_entry *oe)
419 {
420 struct inode *inode;
421
422 inode = new_inode(sb);
423 if (!inode)
424 return NULL;
425
426 mode &= S_IFMT;
427
428 inode->i_ino = get_next_ino();
429 inode->i_mode = mode;
430 inode->i_flags |= S_NOATIME | S_NOCMTIME;
431
432 switch (mode) {
433 case S_IFDIR:
434 inode->i_private = oe;
435 inode->i_op = &ovl_dir_inode_operations;
436 inode->i_fop = &ovl_dir_operations;
437 break;
438
439 case S_IFLNK:
440 inode->i_op = &ovl_symlink_inode_operations;
441 break;
442
443 case S_IFREG:
444 case S_IFSOCK:
445 case S_IFBLK:
446 case S_IFCHR:
447 case S_IFIFO:
448 inode->i_op = &ovl_file_inode_operations;
449 break;
450
451 default:
452 WARN(1, "illegal file type: %i\n", mode);
453 iput(inode);
454 inode = NULL;
455 }
456
457 return inode;
458 }
Linux kernel - Deliverables
This page took 0.100211 seconds and 5 git commands to generate.