whiterose

linux unikernel
Log | Files | Refs | README | LICENSE | git clone https://git.ne02ptzero.me/git/whiterose

copy_up.c (21018B)


      1 /*
      2  *
      3  * Copyright (C) 2011 Novell Inc.
      4  *
      5  * This program is free software; you can redistribute it and/or modify it
      6  * under the terms of the GNU General Public License version 2 as published by
      7  * the Free Software Foundation.
      8  */
      9 
     10 #include <linux/module.h>
     11 #include <linux/fs.h>
     12 #include <linux/slab.h>
     13 #include <linux/file.h>
     14 #include <linux/splice.h>
     15 #include <linux/xattr.h>
     16 #include <linux/security.h>
     17 #include <linux/uaccess.h>
     18 #include <linux/sched/signal.h>
     19 #include <linux/cred.h>
     20 #include <linux/namei.h>
     21 #include <linux/fdtable.h>
     22 #include <linux/ratelimit.h>
     23 #include <linux/exportfs.h>
     24 #include "overlayfs.h"
     25 
     26 #define OVL_COPY_UP_CHUNK_SIZE (1 << 20)
     27 
     28 static int ovl_ccup_set(const char *buf, const struct kernel_param *param)
     29 {
     30 	pr_warn("overlayfs: \"check_copy_up\" module option is obsolete\n");
     31 	return 0;
     32 }
     33 
     34 static int ovl_ccup_get(char *buf, const struct kernel_param *param)
     35 {
     36 	return sprintf(buf, "N\n");
     37 }
     38 
     39 module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644);
     40 MODULE_PARM_DESC(ovl_check_copy_up, "Obsolete; does nothing");
     41 
     42 int ovl_copy_xattr(struct dentry *old, struct dentry *new)
     43 {
     44 	ssize_t list_size, size, value_size = 0;
     45 	char *buf, *name, *value = NULL;
     46 	int uninitialized_var(error);
     47 	size_t slen;
     48 
     49 	if (!(old->d_inode->i_opflags & IOP_XATTR) ||
     50 	    !(new->d_inode->i_opflags & IOP_XATTR))
     51 		return 0;
     52 
     53 	list_size = vfs_listxattr(old, NULL, 0);
     54 	if (list_size <= 0) {
     55 		if (list_size == -EOPNOTSUPP)
     56 			return 0;
     57 		return list_size;
     58 	}
     59 
     60 	buf = kzalloc(list_size, GFP_KERNEL);
     61 	if (!buf)
     62 		return -ENOMEM;
     63 
     64 	list_size = vfs_listxattr(old, buf, list_size);
     65 	if (list_size <= 0) {
     66 		error = list_size;
     67 		goto out;
     68 	}
     69 
     70 	for (name = buf; list_size; name += slen) {
     71 		slen = strnlen(name, list_size) + 1;
     72 
     73 		/* underlying fs providing us with an broken xattr list? */
     74 		if (WARN_ON(slen > list_size)) {
     75 			error = -EIO;
     76 			break;
     77 		}
     78 		list_size -= slen;
     79 
     80 		if (ovl_is_private_xattr(name))
     81 			continue;
     82 retry:
     83 		size = vfs_getxattr(old, name, value, value_size);
     84 		if (size == -ERANGE)
     85 			size = vfs_getxattr(old, name, NULL, 0);
     86 
     87 		if (size < 0) {
     88 			error = size;
     89 			break;
     90 		}
     91 
     92 		if (size > value_size) {
     93 			void *new;
     94 
     95 			new = krealloc(value, size, GFP_KERNEL);
     96 			if (!new) {
     97 				error = -ENOMEM;
     98 				break;
     99 			}
    100 			value = new;
    101 			value_size = size;
    102 			goto retry;
    103 		}
    104 
    105 		error = security_inode_copy_up_xattr(name);
    106 		if (error < 0 && error != -EOPNOTSUPP)
    107 			break;
    108 		if (error == 1) {
    109 			error = 0;
    110 			continue; /* Discard */
    111 		}
    112 		error = vfs_setxattr(new, name, value, size, 0);
    113 		if (error)
    114 			break;
    115 	}
    116 	kfree(value);
    117 out:
    118 	kfree(buf);
    119 	return error;
    120 }
    121 
    122 static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len)
    123 {
    124 	struct file *old_file;
    125 	struct file *new_file;
    126 	loff_t old_pos = 0;
    127 	loff_t new_pos = 0;
    128 	loff_t cloned;
    129 	int error = 0;
    130 
    131 	if (len == 0)
    132 		return 0;
    133 
    134 	old_file = ovl_path_open(old, O_LARGEFILE | O_RDONLY);
    135 	if (IS_ERR(old_file))
    136 		return PTR_ERR(old_file);
    137 
    138 	new_file = ovl_path_open(new, O_LARGEFILE | O_WRONLY);
    139 	if (IS_ERR(new_file)) {
    140 		error = PTR_ERR(new_file);
    141 		goto out_fput;
    142 	}
    143 
    144 	/* Try to use clone_file_range to clone up within the same fs */
    145 	cloned = do_clone_file_range(old_file, 0, new_file, 0, len, 0);
    146 	if (cloned == len)
    147 		goto out;
    148 	/* Couldn't clone, so now we try to copy the data */
    149 
    150 	/* FIXME: copy up sparse files efficiently */
    151 	while (len) {
    152 		size_t this_len = OVL_COPY_UP_CHUNK_SIZE;
    153 		long bytes;
    154 
    155 		if (len < this_len)
    156 			this_len = len;
    157 
    158 		if (signal_pending_state(TASK_KILLABLE, current)) {
    159 			error = -EINTR;
    160 			break;
    161 		}
    162 
    163 		bytes = do_splice_direct(old_file, &old_pos,
    164 					 new_file, &new_pos,
    165 					 this_len, SPLICE_F_MOVE);
    166 		if (bytes <= 0) {
    167 			error = bytes;
    168 			break;
    169 		}
    170 		WARN_ON(old_pos != new_pos);
    171 
    172 		len -= bytes;
    173 	}
    174 out:
    175 	if (!error)
    176 		error = vfs_fsync(new_file, 0);
    177 	fput(new_file);
    178 out_fput:
    179 	fput(old_file);
    180 	return error;
    181 }
    182 
    183 static int ovl_set_size(struct dentry *upperdentry, struct kstat *stat)
    184 {
    185 	struct iattr attr = {
    186 		.ia_valid = ATTR_SIZE,
    187 		.ia_size = stat->size,
    188 	};
    189 
    190 	return notify_change(upperdentry, &attr, NULL);
    191 }
    192 
    193 static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat)
    194 {
    195 	struct iattr attr = {
    196 		.ia_valid =
    197 		     ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET,
    198 		.ia_atime = stat->atime,
    199 		.ia_mtime = stat->mtime,
    200 	};
    201 
    202 	return notify_change(upperdentry, &attr, NULL);
    203 }
    204 
    205 int ovl_set_attr(struct dentry *upperdentry, struct kstat *stat)
    206 {
    207 	int err = 0;
    208 
    209 	if (!S_ISLNK(stat->mode)) {
    210 		struct iattr attr = {
    211 			.ia_valid = ATTR_MODE,
    212 			.ia_mode = stat->mode,
    213 		};
    214 		err = notify_change(upperdentry, &attr, NULL);
    215 	}
    216 	if (!err) {
    217 		struct iattr attr = {
    218 			.ia_valid = ATTR_UID | ATTR_GID,
    219 			.ia_uid = stat->uid,
    220 			.ia_gid = stat->gid,
    221 		};
    222 		err = notify_change(upperdentry, &attr, NULL);
    223 	}
    224 	if (!err)
    225 		ovl_set_timestamps(upperdentry, stat);
    226 
    227 	return err;
    228 }
    229 
    230 struct ovl_fh *ovl_encode_real_fh(struct dentry *real, bool is_upper)
    231 {
    232 	struct ovl_fh *fh;
    233 	int fh_type, fh_len, dwords;
    234 	void *buf;
    235 	int buflen = MAX_HANDLE_SZ;
    236 	uuid_t *uuid = &real->d_sb->s_uuid;
    237 
    238 	buf = kmalloc(buflen, GFP_KERNEL);
    239 	if (!buf)
    240 		return ERR_PTR(-ENOMEM);
    241 
    242 	/*
    243 	 * We encode a non-connectable file handle for non-dir, because we
    244 	 * only need to find the lower inode number and we don't want to pay
    245 	 * the price or reconnecting the dentry.
    246 	 */
    247 	dwords = buflen >> 2;
    248 	fh_type = exportfs_encode_fh(real, buf, &dwords, 0);
    249 	buflen = (dwords << 2);
    250 
    251 	fh = ERR_PTR(-EIO);
    252 	if (WARN_ON(fh_type < 0) ||
    253 	    WARN_ON(buflen > MAX_HANDLE_SZ) ||
    254 	    WARN_ON(fh_type == FILEID_INVALID))
    255 		goto out;
    256 
    257 	BUILD_BUG_ON(MAX_HANDLE_SZ + offsetof(struct ovl_fh, fid) > 255);
    258 	fh_len = offsetof(struct ovl_fh, fid) + buflen;
    259 	fh = kmalloc(fh_len, GFP_KERNEL);
    260 	if (!fh) {
    261 		fh = ERR_PTR(-ENOMEM);
    262 		goto out;
    263 	}
    264 
    265 	fh->version = OVL_FH_VERSION;
    266 	fh->magic = OVL_FH_MAGIC;
    267 	fh->type = fh_type;
    268 	fh->flags = OVL_FH_FLAG_CPU_ENDIAN;
    269 	/*
    270 	 * When we will want to decode an overlay dentry from this handle
    271 	 * and all layers are on the same fs, if we get a disconncted real
    272 	 * dentry when we decode fid, the only way to tell if we should assign
    273 	 * it to upperdentry or to lowerstack is by checking this flag.
    274 	 */
    275 	if (is_upper)
    276 		fh->flags |= OVL_FH_FLAG_PATH_UPPER;
    277 	fh->len = fh_len;
    278 	fh->uuid = *uuid;
    279 	memcpy(fh->fid, buf, buflen);
    280 
    281 out:
    282 	kfree(buf);
    283 	return fh;
    284 }
    285 
    286 int ovl_set_origin(struct dentry *dentry, struct dentry *lower,
    287 		   struct dentry *upper)
    288 {
    289 	const struct ovl_fh *fh = NULL;
    290 	int err;
    291 
    292 	/*
    293 	 * When lower layer doesn't support export operations store a 'null' fh,
    294 	 * so we can use the overlay.origin xattr to distignuish between a copy
    295 	 * up and a pure upper inode.
    296 	 */
    297 	if (ovl_can_decode_fh(lower->d_sb)) {
    298 		fh = ovl_encode_real_fh(lower, false);
    299 		if (IS_ERR(fh))
    300 			return PTR_ERR(fh);
    301 	}
    302 
    303 	/*
    304 	 * Do not fail when upper doesn't support xattrs.
    305 	 */
    306 	err = ovl_check_setxattr(dentry, upper, OVL_XATTR_ORIGIN, fh,
    307 				 fh ? fh->len : 0, 0);
    308 	kfree(fh);
    309 
    310 	return err;
    311 }
    312 
    313 /* Store file handle of @upper dir in @index dir entry */
    314 static int ovl_set_upper_fh(struct dentry *upper, struct dentry *index)
    315 {
    316 	const struct ovl_fh *fh;
    317 	int err;
    318 
    319 	fh = ovl_encode_real_fh(upper, true);
    320 	if (IS_ERR(fh))
    321 		return PTR_ERR(fh);
    322 
    323 	err = ovl_do_setxattr(index, OVL_XATTR_UPPER, fh, fh->len, 0);
    324 
    325 	kfree(fh);
    326 	return err;
    327 }
    328 
    329 /*
    330  * Create and install index entry.
    331  *
    332  * Caller must hold i_mutex on indexdir.
    333  */
    334 static int ovl_create_index(struct dentry *dentry, struct dentry *origin,
    335 			    struct dentry *upper)
    336 {
    337 	struct dentry *indexdir = ovl_indexdir(dentry->d_sb);
    338 	struct inode *dir = d_inode(indexdir);
    339 	struct dentry *index = NULL;
    340 	struct dentry *temp = NULL;
    341 	struct qstr name = { };
    342 	int err;
    343 
    344 	/*
    345 	 * For now this is only used for creating index entry for directories,
    346 	 * because non-dir are copied up directly to index and then hardlinked
    347 	 * to upper dir.
    348 	 *
    349 	 * TODO: implement create index for non-dir, so we can call it when
    350 	 * encoding file handle for non-dir in case index does not exist.
    351 	 */
    352 	if (WARN_ON(!d_is_dir(dentry)))
    353 		return -EIO;
    354 
    355 	/* Directory not expected to be indexed before copy up */
    356 	if (WARN_ON(ovl_test_flag(OVL_INDEX, d_inode(dentry))))
    357 		return -EIO;
    358 
    359 	err = ovl_get_index_name(origin, &name);
    360 	if (err)
    361 		return err;
    362 
    363 	temp = ovl_create_temp(indexdir, OVL_CATTR(S_IFDIR | 0));
    364 	err = PTR_ERR(temp);
    365 	if (IS_ERR(temp))
    366 		goto free_name;
    367 
    368 	err = ovl_set_upper_fh(upper, temp);
    369 	if (err)
    370 		goto out;
    371 
    372 	index = lookup_one_len(name.name, indexdir, name.len);
    373 	if (IS_ERR(index)) {
    374 		err = PTR_ERR(index);
    375 	} else {
    376 		err = ovl_do_rename(dir, temp, dir, index, 0);
    377 		dput(index);
    378 	}
    379 out:
    380 	if (err)
    381 		ovl_cleanup(dir, temp);
    382 	dput(temp);
    383 free_name:
    384 	kfree(name.name);
    385 	return err;
    386 }
    387 
    388 struct ovl_copy_up_ctx {
    389 	struct dentry *parent;
    390 	struct dentry *dentry;
    391 	struct path lowerpath;
    392 	struct kstat stat;
    393 	struct kstat pstat;
    394 	const char *link;
    395 	struct dentry *destdir;
    396 	struct qstr destname;
    397 	struct dentry *workdir;
    398 	bool origin;
    399 	bool indexed;
    400 	bool metacopy;
    401 };
    402 
    403 static int ovl_link_up(struct ovl_copy_up_ctx *c)
    404 {
    405 	int err;
    406 	struct dentry *upper;
    407 	struct dentry *upperdir = ovl_dentry_upper(c->parent);
    408 	struct inode *udir = d_inode(upperdir);
    409 
    410 	/* Mark parent "impure" because it may now contain non-pure upper */
    411 	err = ovl_set_impure(c->parent, upperdir);
    412 	if (err)
    413 		return err;
    414 
    415 	err = ovl_set_nlink_lower(c->dentry);
    416 	if (err)
    417 		return err;
    418 
    419 	inode_lock_nested(udir, I_MUTEX_PARENT);
    420 	upper = lookup_one_len(c->dentry->d_name.name, upperdir,
    421 			       c->dentry->d_name.len);
    422 	err = PTR_ERR(upper);
    423 	if (!IS_ERR(upper)) {
    424 		err = ovl_do_link(ovl_dentry_upper(c->dentry), udir, upper);
    425 		dput(upper);
    426 
    427 		if (!err) {
    428 			/* Restore timestamps on parent (best effort) */
    429 			ovl_set_timestamps(upperdir, &c->pstat);
    430 			ovl_dentry_set_upper_alias(c->dentry);
    431 		}
    432 	}
    433 	inode_unlock(udir);
    434 	if (err)
    435 		return err;
    436 
    437 	err = ovl_set_nlink_upper(c->dentry);
    438 
    439 	return err;
    440 }
    441 
    442 static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp)
    443 {
    444 	int err;
    445 
    446 	/*
    447 	 * Copy up data first and then xattrs. Writing data after
    448 	 * xattrs will remove security.capability xattr automatically.
    449 	 */
    450 	if (S_ISREG(c->stat.mode) && !c->metacopy) {
    451 		struct path upperpath, datapath;
    452 
    453 		ovl_path_upper(c->dentry, &upperpath);
    454 		if (WARN_ON(upperpath.dentry != NULL))
    455 			return -EIO;
    456 		upperpath.dentry = temp;
    457 
    458 		ovl_path_lowerdata(c->dentry, &datapath);
    459 		err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size);
    460 		if (err)
    461 			return err;
    462 	}
    463 
    464 	err = ovl_copy_xattr(c->lowerpath.dentry, temp);
    465 	if (err)
    466 		return err;
    467 
    468 	/*
    469 	 * Store identifier of lower inode in upper inode xattr to
    470 	 * allow lookup of the copy up origin inode.
    471 	 *
    472 	 * Don't set origin when we are breaking the association with a lower
    473 	 * hard link.
    474 	 */
    475 	if (c->origin) {
    476 		err = ovl_set_origin(c->dentry, c->lowerpath.dentry, temp);
    477 		if (err)
    478 			return err;
    479 	}
    480 
    481 	if (c->metacopy) {
    482 		err = ovl_check_setxattr(c->dentry, temp, OVL_XATTR_METACOPY,
    483 					 NULL, 0, -EOPNOTSUPP);
    484 		if (err)
    485 			return err;
    486 	}
    487 
    488 	inode_lock(temp->d_inode);
    489 	if (c->metacopy)
    490 		err = ovl_set_size(temp, &c->stat);
    491 	if (!err)
    492 		err = ovl_set_attr(temp, &c->stat);
    493 	inode_unlock(temp->d_inode);
    494 
    495 	return err;
    496 }
    497 
    498 struct ovl_cu_creds {
    499 	const struct cred *old;
    500 	struct cred *new;
    501 };
    502 
    503 static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)
    504 {
    505 	int err;
    506 
    507 	cc->old = cc->new = NULL;
    508 	err = security_inode_copy_up(dentry, &cc->new);
    509 	if (err < 0)
    510 		return err;
    511 
    512 	if (cc->new)
    513 		cc->old = override_creds(cc->new);
    514 
    515 	return 0;
    516 }
    517 
    518 static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)
    519 {
    520 	if (cc->new) {
    521 		revert_creds(cc->old);
    522 		put_cred(cc->new);
    523 	}
    524 }
    525 
    526 /*
    527  * Copyup using workdir to prepare temp file.  Used when copying up directories,
    528  * special files or when upper fs doesn't support O_TMPFILE.
    529  */
    530 static int ovl_copy_up_workdir(struct ovl_copy_up_ctx *c)
    531 {
    532 	struct inode *inode;
    533 	struct inode *udir = d_inode(c->destdir), *wdir = d_inode(c->workdir);
    534 	struct dentry *temp, *upper;
    535 	struct ovl_cu_creds cc;
    536 	int err;
    537 	struct ovl_cattr cattr = {
    538 		/* Can't properly set mode on creation because of the umask */
    539 		.mode = c->stat.mode & S_IFMT,
    540 		.rdev = c->stat.rdev,
    541 		.link = c->link
    542 	};
    543 
    544 	err = ovl_lock_rename_workdir(c->workdir, c->destdir);
    545 	if (err)
    546 		return err;
    547 
    548 	err = ovl_prep_cu_creds(c->dentry, &cc);
    549 	if (err)
    550 		goto unlock;
    551 
    552 	temp = ovl_create_temp(c->workdir, &cattr);
    553 	ovl_revert_cu_creds(&cc);
    554 
    555 	err = PTR_ERR(temp);
    556 	if (IS_ERR(temp))
    557 		goto unlock;
    558 
    559 	err = ovl_copy_up_inode(c, temp);
    560 	if (err)
    561 		goto cleanup;
    562 
    563 	if (S_ISDIR(c->stat.mode) && c->indexed) {
    564 		err = ovl_create_index(c->dentry, c->lowerpath.dentry, temp);
    565 		if (err)
    566 			goto cleanup;
    567 	}
    568 
    569 	upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);
    570 	err = PTR_ERR(upper);
    571 	if (IS_ERR(upper))
    572 		goto cleanup;
    573 
    574 	err = ovl_do_rename(wdir, temp, udir, upper, 0);
    575 	dput(upper);
    576 	if (err)
    577 		goto cleanup;
    578 
    579 	if (!c->metacopy)
    580 		ovl_set_upperdata(d_inode(c->dentry));
    581 	inode = d_inode(c->dentry);
    582 	ovl_inode_update(inode, temp);
    583 	if (S_ISDIR(inode->i_mode))
    584 		ovl_set_flag(OVL_WHITEOUTS, inode);
    585 unlock:
    586 	unlock_rename(c->workdir, c->destdir);
    587 
    588 	return err;
    589 
    590 cleanup:
    591 	ovl_cleanup(wdir, temp);
    592 	dput(temp);
    593 	goto unlock;
    594 }
    595 
    596 /* Copyup using O_TMPFILE which does not require cross dir locking */
    597 static int ovl_copy_up_tmpfile(struct ovl_copy_up_ctx *c)
    598 {
    599 	struct inode *udir = d_inode(c->destdir);
    600 	struct dentry *temp, *upper;
    601 	struct ovl_cu_creds cc;
    602 	int err;
    603 
    604 	err = ovl_prep_cu_creds(c->dentry, &cc);
    605 	if (err)
    606 		return err;
    607 
    608 	temp = ovl_do_tmpfile(c->workdir, c->stat.mode);
    609 	ovl_revert_cu_creds(&cc);
    610 
    611 	if (IS_ERR(temp))
    612 		return PTR_ERR(temp);
    613 
    614 	err = ovl_copy_up_inode(c, temp);
    615 	if (err)
    616 		goto out_dput;
    617 
    618 	inode_lock_nested(udir, I_MUTEX_PARENT);
    619 
    620 	upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);
    621 	err = PTR_ERR(upper);
    622 	if (!IS_ERR(upper)) {
    623 		err = ovl_do_link(temp, udir, upper);
    624 		dput(upper);
    625 	}
    626 	inode_unlock(udir);
    627 
    628 	if (err)
    629 		goto out_dput;
    630 
    631 	if (!c->metacopy)
    632 		ovl_set_upperdata(d_inode(c->dentry));
    633 	ovl_inode_update(d_inode(c->dentry), temp);
    634 
    635 	return 0;
    636 
    637 out_dput:
    638 	dput(temp);
    639 	return err;
    640 }
    641 
    642 /*
    643  * Copy up a single dentry
    644  *
    645  * All renames start with copy up of source if necessary.  The actual
    646  * rename will only proceed once the copy up was successful.  Copy up uses
    647  * upper parent i_mutex for exclusion.  Since rename can change d_parent it
    648  * is possible that the copy up will lock the old parent.  At that point
    649  * the file will have already been copied up anyway.
    650  */
    651 static int ovl_do_copy_up(struct ovl_copy_up_ctx *c)
    652 {
    653 	int err;
    654 	struct ovl_fs *ofs = c->dentry->d_sb->s_fs_info;
    655 	bool to_index = false;
    656 
    657 	/*
    658 	 * Indexed non-dir is copied up directly to the index entry and then
    659 	 * hardlinked to upper dir. Indexed dir is copied up to indexdir,
    660 	 * then index entry is created and then copied up dir installed.
    661 	 * Copying dir up to indexdir instead of workdir simplifies locking.
    662 	 */
    663 	if (ovl_need_index(c->dentry)) {
    664 		c->indexed = true;
    665 		if (S_ISDIR(c->stat.mode))
    666 			c->workdir = ovl_indexdir(c->dentry->d_sb);
    667 		else
    668 			to_index = true;
    669 	}
    670 
    671 	if (S_ISDIR(c->stat.mode) || c->stat.nlink == 1 || to_index)
    672 		c->origin = true;
    673 
    674 	if (to_index) {
    675 		c->destdir = ovl_indexdir(c->dentry->d_sb);
    676 		err = ovl_get_index_name(c->lowerpath.dentry, &c->destname);
    677 		if (err)
    678 			return err;
    679 	} else if (WARN_ON(!c->parent)) {
    680 		/* Disconnected dentry must be copied up to index dir */
    681 		return -EIO;
    682 	} else {
    683 		/*
    684 		 * Mark parent "impure" because it may now contain non-pure
    685 		 * upper
    686 		 */
    687 		err = ovl_set_impure(c->parent, c->destdir);
    688 		if (err)
    689 			return err;
    690 	}
    691 
    692 	/* Should we copyup with O_TMPFILE or with workdir? */
    693 	if (S_ISREG(c->stat.mode) && ofs->tmpfile)
    694 		err = ovl_copy_up_tmpfile(c);
    695 	else
    696 		err = ovl_copy_up_workdir(c);
    697 	if (err)
    698 		goto out;
    699 
    700 	if (c->indexed)
    701 		ovl_set_flag(OVL_INDEX, d_inode(c->dentry));
    702 
    703 	if (to_index) {
    704 		/* Initialize nlink for copy up of disconnected dentry */
    705 		err = ovl_set_nlink_upper(c->dentry);
    706 	} else {
    707 		struct inode *udir = d_inode(c->destdir);
    708 
    709 		/* Restore timestamps on parent (best effort) */
    710 		inode_lock(udir);
    711 		ovl_set_timestamps(c->destdir, &c->pstat);
    712 		inode_unlock(udir);
    713 
    714 		ovl_dentry_set_upper_alias(c->dentry);
    715 	}
    716 
    717 out:
    718 	if (to_index)
    719 		kfree(c->destname.name);
    720 	return err;
    721 }
    722 
    723 static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode,
    724 				  int flags)
    725 {
    726 	struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
    727 
    728 	if (!ofs->config.metacopy)
    729 		return false;
    730 
    731 	if (!S_ISREG(mode))
    732 		return false;
    733 
    734 	if (flags && ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC)))
    735 		return false;
    736 
    737 	return true;
    738 }
    739 
    740 /* Copy up data of an inode which was copied up metadata only in the past. */
    741 static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c)
    742 {
    743 	struct path upperpath, datapath;
    744 	int err;
    745 	char *capability = NULL;
    746 	ssize_t uninitialized_var(cap_size);
    747 
    748 	ovl_path_upper(c->dentry, &upperpath);
    749 	if (WARN_ON(upperpath.dentry == NULL))
    750 		return -EIO;
    751 
    752 	ovl_path_lowerdata(c->dentry, &datapath);
    753 	if (WARN_ON(datapath.dentry == NULL))
    754 		return -EIO;
    755 
    756 	if (c->stat.size) {
    757 		err = cap_size = ovl_getxattr(upperpath.dentry, XATTR_NAME_CAPS,
    758 					      &capability, 0);
    759 		if (err < 0 && err != -ENODATA)
    760 			goto out;
    761 	}
    762 
    763 	err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size);
    764 	if (err)
    765 		goto out_free;
    766 
    767 	/*
    768 	 * Writing to upper file will clear security.capability xattr. We
    769 	 * don't want that to happen for normal copy-up operation.
    770 	 */
    771 	if (capability) {
    772 		err = ovl_do_setxattr(upperpath.dentry, XATTR_NAME_CAPS,
    773 				      capability, cap_size, 0);
    774 		if (err)
    775 			goto out_free;
    776 	}
    777 
    778 
    779 	err = vfs_removexattr(upperpath.dentry, OVL_XATTR_METACOPY);
    780 	if (err)
    781 		goto out_free;
    782 
    783 	ovl_set_upperdata(d_inode(c->dentry));
    784 out_free:
    785 	kfree(capability);
    786 out:
    787 	return err;
    788 }
    789 
    790 static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
    791 			   int flags)
    792 {
    793 	int err;
    794 	DEFINE_DELAYED_CALL(done);
    795 	struct path parentpath;
    796 	struct ovl_copy_up_ctx ctx = {
    797 		.parent = parent,
    798 		.dentry = dentry,
    799 		.workdir = ovl_workdir(dentry),
    800 	};
    801 
    802 	if (WARN_ON(!ctx.workdir))
    803 		return -EROFS;
    804 
    805 	ovl_path_lower(dentry, &ctx.lowerpath);
    806 	err = vfs_getattr(&ctx.lowerpath, &ctx.stat,
    807 			  STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
    808 	if (err)
    809 		return err;
    810 
    811 	ctx.metacopy = ovl_need_meta_copy_up(dentry, ctx.stat.mode, flags);
    812 
    813 	if (parent) {
    814 		ovl_path_upper(parent, &parentpath);
    815 		ctx.destdir = parentpath.dentry;
    816 		ctx.destname = dentry->d_name;
    817 
    818 		err = vfs_getattr(&parentpath, &ctx.pstat,
    819 				  STATX_ATIME | STATX_MTIME,
    820 				  AT_STATX_SYNC_AS_STAT);
    821 		if (err)
    822 			return err;
    823 	}
    824 
    825 	/* maybe truncate regular file. this has no effect on dirs */
    826 	if (flags & O_TRUNC)
    827 		ctx.stat.size = 0;
    828 
    829 	if (S_ISLNK(ctx.stat.mode)) {
    830 		ctx.link = vfs_get_link(ctx.lowerpath.dentry, &done);
    831 		if (IS_ERR(ctx.link))
    832 			return PTR_ERR(ctx.link);
    833 	}
    834 
    835 	err = ovl_copy_up_start(dentry, flags);
    836 	/* err < 0: interrupted, err > 0: raced with another copy-up */
    837 	if (unlikely(err)) {
    838 		if (err > 0)
    839 			err = 0;
    840 	} else {
    841 		if (!ovl_dentry_upper(dentry))
    842 			err = ovl_do_copy_up(&ctx);
    843 		if (!err && parent && !ovl_dentry_has_upper_alias(dentry))
    844 			err = ovl_link_up(&ctx);
    845 		if (!err && ovl_dentry_needs_data_copy_up_locked(dentry, flags))
    846 			err = ovl_copy_up_meta_inode_data(&ctx);
    847 		ovl_copy_up_end(dentry);
    848 	}
    849 	do_delayed_call(&done);
    850 
    851 	return err;
    852 }
    853 
    854 int ovl_copy_up_flags(struct dentry *dentry, int flags)
    855 {
    856 	int err = 0;
    857 	const struct cred *old_cred = ovl_override_creds(dentry->d_sb);
    858 	bool disconnected = (dentry->d_flags & DCACHE_DISCONNECTED);
    859 
    860 	/*
    861 	 * With NFS export, copy up can get called for a disconnected non-dir.
    862 	 * In this case, we will copy up lower inode to index dir without
    863 	 * linking it to upper dir.
    864 	 */
    865 	if (WARN_ON(disconnected && d_is_dir(dentry)))
    866 		return -EIO;
    867 
    868 	while (!err) {
    869 		struct dentry *next;
    870 		struct dentry *parent = NULL;
    871 
    872 		if (ovl_already_copied_up(dentry, flags))
    873 			break;
    874 
    875 		next = dget(dentry);
    876 		/* find the topmost dentry not yet copied up */
    877 		for (; !disconnected;) {
    878 			parent = dget_parent(next);
    879 
    880 			if (ovl_dentry_upper(parent))
    881 				break;
    882 
    883 			dput(next);
    884 			next = parent;
    885 		}
    886 
    887 		err = ovl_copy_up_one(parent, next, flags);
    888 
    889 		dput(parent);
    890 		dput(next);
    891 	}
    892 	revert_creds(old_cred);
    893 
    894 	return err;
    895 }
    896 
    897 static bool ovl_open_need_copy_up(struct dentry *dentry, int flags)
    898 {
    899 	/* Copy up of disconnected dentry does not set upper alias */
    900 	if (ovl_already_copied_up(dentry, flags))
    901 		return false;
    902 
    903 	if (special_file(d_inode(dentry)->i_mode))
    904 		return false;
    905 
    906 	if (!ovl_open_flags_need_copy_up(flags))
    907 		return false;
    908 
    909 	return true;
    910 }
    911 
    912 int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags)
    913 {
    914 	int err = 0;
    915 
    916 	if (ovl_open_need_copy_up(dentry, file_flags)) {
    917 		err = ovl_want_write(dentry);
    918 		if (!err) {
    919 			err = ovl_copy_up_flags(dentry, file_flags);
    920 			ovl_drop_write(dentry);
    921 		}
    922 	}
    923 
    924 	return err;
    925 }
    926 
    927 int ovl_copy_up_with_data(struct dentry *dentry)
    928 {
    929 	return ovl_copy_up_flags(dentry, O_WRONLY);
    930 }
    931 
    932 int ovl_copy_up(struct dentry *dentry)
    933 {
    934 	return ovl_copy_up_flags(dentry, 0);
    935 }