From 92b66d2cdd7a4f6f6aa31be5f16a3f0c88902690 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Fri, 6 Jul 2018 23:57:02 +0200 Subject: vfs: limit size of dedupe Suggested-by: Darrick J. Wong Signed-off-by: Miklos Szeredi --- fs/read_write.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/read_write.c b/fs/read_write.c index 153f8f690490..f43bb12b4759 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -2003,6 +2003,9 @@ int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same) if (off + len > i_size_read(src)) return -EINVAL; + /* Arbitrary 1G limit on a single dedupe request, can be raised. */ + len = min_t(u64, len, 1 << 30); + /* pre-format output fields to sane values */ for (i = 0; i < count; i++) { same->info[i].bytes_deduped = 0ULL; -- cgit v1.2.3 From 5740c99e9d30b81fcc478797e7215c61e241f44e Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Fri, 6 Jul 2018 23:57:03 +0200 Subject: vfs: dedupe: return int Signed-off-by: Miklos Szeredi --- fs/btrfs/ctree.h | 4 ++-- fs/btrfs/ioctl.c | 10 +++------- fs/ocfs2/file.c | 17 ++++++----------- fs/read_write.c | 4 ++-- fs/xfs/xfs_file.c | 19 ++----------------- include/linux/fs.h | 2 +- 6 files changed, 16 insertions(+), 40 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 118346aceea9..1c7c13334423 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -3247,8 +3247,8 @@ void btrfs_get_block_group_info(struct list_head *groups_list, struct btrfs_ioctl_space_info *space); void btrfs_update_ioctl_balance_args(struct btrfs_fs_info *fs_info, struct btrfs_ioctl_balance_args *bargs); -ssize_t btrfs_dedupe_file_range(struct file *src_file, u64 loff, u64 olen, - struct file *dst_file, u64 dst_loff); +int btrfs_dedupe_file_range(struct file *src_file, u64 loff, u64 olen, + struct file *dst_file, u64 dst_loff); /* file.c */ int __init btrfs_auto_defrag_init(void); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index c2837a32d689..94dc8e6c44ce 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -3600,13 +3600,12 @@ out_free: return ret; } -ssize_t btrfs_dedupe_file_range(struct file *src_file, u64 loff, u64 olen, - struct file *dst_file, u64 dst_loff) +int btrfs_dedupe_file_range(struct file *src_file, u64 loff, u64 olen, + struct file *dst_file, u64 dst_loff) { struct inode *src = file_inode(src_file); struct inode *dst = file_inode(dst_file); u64 bs = BTRFS_I(src)->root->fs_info->sb->s_blocksize; - ssize_t res; if (WARN_ON_ONCE(bs < PAGE_SIZE)) { /* @@ -3617,10 +3616,7 @@ ssize_t btrfs_dedupe_file_range(struct file *src_file, u64 loff, u64 olen, return -EINVAL; } - res = btrfs_extent_same(src, loff, olen, dst, dst_loff); - if (res) - return res; - return olen; + return btrfs_extent_same(src, loff, olen, dst, dst_loff); } static int clone_finish_inode_update(struct btrfs_trans_handle *trans, diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c index 255f758af03a..f96f018463f7 100644 --- a/fs/ocfs2/file.c +++ b/fs/ocfs2/file.c @@ -2537,19 +2537,14 @@ static int ocfs2_file_clone_range(struct file *file_in, len, false); } -static ssize_t ocfs2_file_dedupe_range(struct file *src_file, - u64 loff, - u64 len, - struct file *dst_file, - u64 dst_loff) +static int ocfs2_file_dedupe_range(struct file *src_file, + u64 loff, + u64 len, + struct file *dst_file, + u64 dst_loff) { - int error; - - error = ocfs2_reflink_remap_range(src_file, loff, dst_file, dst_loff, + return ocfs2_reflink_remap_range(src_file, loff, dst_file, dst_loff, len, true); - if (error) - return error; - return len; } const struct inode_operations ocfs2_file_iops = { diff --git a/fs/read_write.c b/fs/read_write.c index f43bb12b4759..fa64e51ef4cf 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -1976,7 +1976,7 @@ int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same) u16 count = same->dest_count; struct file *dst_file; loff_t dst_off; - ssize_t deduped; + int deduped; if (!(file->f_mode & FMODE_READ)) return -EINVAL; @@ -2056,7 +2056,7 @@ int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same) else if (deduped < 0) info->status = deduped; else - info->bytes_deduped += deduped; + info->bytes_deduped += len; } next_file: diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index a3e7767a5715..547ef7e8aec1 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -933,7 +933,7 @@ xfs_file_clone_range( len, false); } -STATIC ssize_t +STATIC int xfs_file_dedupe_range( struct file *src_file, u64 loff, @@ -941,23 +941,8 @@ xfs_file_dedupe_range( struct file *dst_file, u64 dst_loff) { - struct inode *srci = file_inode(src_file); - u64 max_dedupe; - int error; - - /* - * Since we have to read all these pages in to compare them, cut - * it off at MAX_RW_COUNT/2 rounded down to the nearest block. - * That means we won't do more than MAX_RW_COUNT IO per request. - */ - max_dedupe = (MAX_RW_COUNT >> 1) & ~(i_blocksize(srci) - 1); - if (len > max_dedupe) - len = max_dedupe; - error = xfs_reflink_remap_range(src_file, loff, dst_file, dst_loff, + return xfs_reflink_remap_range(src_file, loff, dst_file, dst_loff, len, true); - if (error) - return error; - return len; } STATIC int diff --git a/include/linux/fs.h b/include/linux/fs.h index 5c91108846db..b81c4b7e339f 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1749,7 +1749,7 @@ struct file_operations { loff_t, size_t, unsigned int); int (*clone_file_range)(struct file *, loff_t, struct file *, loff_t, u64); - ssize_t (*dedupe_file_range)(struct file *, u64, u64, struct file *, + int (*dedupe_file_range)(struct file *, u64, u64, struct file *, u64); } __randomize_layout; -- cgit v1.2.3 From 87eb5eb2423213ac0e7315ce5d275f1ff80e0263 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Fri, 6 Jul 2018 23:57:03 +0200 Subject: vfs: dedupe: rationalize args Clean up f_op->dedupe_file_range() interface. 1) Use loff_t for offsets and length instead of u64 2) Order the arguments the same way as {copy|clone}_file_range(). Signed-off-by: Miklos Szeredi Reviewed-by: Darrick J. Wong --- fs/btrfs/ctree.h | 5 +++-- fs/btrfs/ioctl.c | 7 ++++--- fs/ocfs2/file.c | 12 ++++++------ fs/read_write.c | 4 ++-- fs/xfs/xfs_file.c | 12 ++++++------ include/linux/fs.h | 2 +- 6 files changed, 22 insertions(+), 20 deletions(-) diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 1c7c13334423..d9d924017dfb 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -3247,8 +3247,9 @@ void btrfs_get_block_group_info(struct list_head *groups_list, struct btrfs_ioctl_space_info *space); void btrfs_update_ioctl_balance_args(struct btrfs_fs_info *fs_info, struct btrfs_ioctl_balance_args *bargs); -int btrfs_dedupe_file_range(struct file *src_file, u64 loff, u64 olen, - struct file *dst_file, u64 dst_loff); +int btrfs_dedupe_file_range(struct file *src_file, loff_t src_loff, + struct file *dst_file, loff_t dst_loff, + u64 olen); /* file.c */ int __init btrfs_auto_defrag_init(void); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 94dc8e6c44ce..755c9a306321 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -3600,8 +3600,9 @@ out_free: return ret; } -int btrfs_dedupe_file_range(struct file *src_file, u64 loff, u64 olen, - struct file *dst_file, u64 dst_loff) +int btrfs_dedupe_file_range(struct file *src_file, loff_t src_loff, + struct file *dst_file, loff_t dst_loff, + u64 olen) { struct inode *src = file_inode(src_file); struct inode *dst = file_inode(dst_file); @@ -3616,7 +3617,7 @@ int btrfs_dedupe_file_range(struct file *src_file, u64 loff, u64 olen, return -EINVAL; } - return btrfs_extent_same(src, loff, olen, dst, dst_loff); + return btrfs_extent_same(src, src_loff, olen, dst, dst_loff); } static int clone_finish_inode_update(struct btrfs_trans_handle *trans, diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c index f96f018463f7..9fa35cb6f6e0 100644 --- a/fs/ocfs2/file.c +++ b/fs/ocfs2/file.c @@ -2537,13 +2537,13 @@ static int ocfs2_file_clone_range(struct file *file_in, len, false); } -static int ocfs2_file_dedupe_range(struct file *src_file, - u64 loff, - u64 len, - struct file *dst_file, - u64 dst_loff) +static int ocfs2_file_dedupe_range(struct file *file_in, + loff_t pos_in, + struct file *file_out, + loff_t pos_out, + u64 len) { - return ocfs2_reflink_remap_range(src_file, loff, dst_file, dst_loff, + return ocfs2_reflink_remap_range(file_in, pos_in, file_out, pos_out, len, true); } diff --git a/fs/read_write.c b/fs/read_write.c index fa64e51ef4cf..c31794f92c2c 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -2049,8 +2049,8 @@ int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same) info->status = -EINVAL; } else { deduped = dst_file->f_op->dedupe_file_range(file, off, - len, dst_file, - info->dest_offset); + dst_file, + info->dest_offset, len); if (deduped == -EBADE) info->status = FILE_DEDUPE_RANGE_DIFFERS; else if (deduped < 0) diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index 547ef7e8aec1..0f40ba54d83f 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -935,13 +935,13 @@ xfs_file_clone_range( STATIC int xfs_file_dedupe_range( - struct file *src_file, - u64 loff, - u64 len, - struct file *dst_file, - u64 dst_loff) + struct file *file_in, + loff_t pos_in, + struct file *file_out, + loff_t pos_out, + u64 len) { - return xfs_reflink_remap_range(src_file, loff, dst_file, dst_loff, + return xfs_reflink_remap_range(file_in, pos_in, file_out, pos_out, len, true); } diff --git a/include/linux/fs.h b/include/linux/fs.h index b81c4b7e339f..a8fee2f44981 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1749,7 +1749,7 @@ struct file_operations { loff_t, size_t, unsigned int); int (*clone_file_range)(struct file *, loff_t, struct file *, loff_t, u64); - int (*dedupe_file_range)(struct file *, u64, u64, struct file *, + int (*dedupe_file_range)(struct file *, loff_t, struct file *, loff_t, u64); } __randomize_layout; -- cgit v1.2.3 From 1b4f42a1e33fec999e94802df13dbd7521315742 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Fri, 6 Jul 2018 23:57:03 +0200 Subject: vfs: dedupe: extract helper for a single dedup Extract vfs_dedupe_file_range_one() helper to deal with a single dedup request. Signed-off-by: Miklos Szeredi Reviewed-by: Christoph Hellwig --- fs/read_write.c | 89 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 49 insertions(+), 40 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index c31794f92c2c..cce4ebac34a8 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -1964,6 +1964,44 @@ out_error: } EXPORT_SYMBOL(vfs_dedupe_file_range_compare); +static int vfs_dedupe_file_range_one(struct file *src_file, loff_t src_pos, + struct file *dst_file, loff_t dst_pos, + u64 len) +{ + s64 ret; + + ret = mnt_want_write_file(dst_file); + if (ret) + return ret; + + ret = clone_verify_area(dst_file, dst_pos, len, true); + if (ret < 0) + goto out_drop_write; + + ret = -EINVAL; + if (!(capable(CAP_SYS_ADMIN) || (dst_file->f_mode & FMODE_WRITE))) + goto out_drop_write; + + ret = -EXDEV; + if (src_file->f_path.mnt != dst_file->f_path.mnt) + goto out_drop_write; + + ret = -EISDIR; + if (S_ISDIR(file_inode(dst_file)->i_mode)) + goto out_drop_write; + + ret = -EINVAL; + if (!dst_file->f_op->dedupe_file_range) + goto out_drop_write; + + ret = dst_file->f_op->dedupe_file_range(src_file, src_pos, + dst_file, dst_pos, len); +out_drop_write: + mnt_drop_write_file(dst_file); + + return ret; +} + int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same) { struct file_dedupe_range_info *info; @@ -1972,10 +2010,7 @@ int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same) u64 len; int i; int ret; - bool is_admin = capable(CAP_SYS_ADMIN); u16 count = same->dest_count; - struct file *dst_file; - loff_t dst_off; int deduped; if (!(file->f_mode & FMODE_READ)) @@ -2013,54 +2048,28 @@ int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same) } for (i = 0, info = same->info; i < count; i++, info++) { - struct inode *dst; struct fd dst_fd = fdget(info->dest_fd); + struct file *dst_file = dst_fd.file; - dst_file = dst_fd.file; if (!dst_file) { info->status = -EBADF; goto next_loop; } - dst = file_inode(dst_file); - - ret = mnt_want_write_file(dst_file); - if (ret) { - info->status = ret; - goto next_fdput; - } - - dst_off = info->dest_offset; - ret = clone_verify_area(dst_file, dst_off, len, true); - if (ret < 0) { - info->status = ret; - goto next_file; - } - ret = 0; if (info->reserved) { info->status = -EINVAL; - } else if (!(is_admin || (dst_file->f_mode & FMODE_WRITE))) { - info->status = -EINVAL; - } else if (file->f_path.mnt != dst_file->f_path.mnt) { - info->status = -EXDEV; - } else if (S_ISDIR(dst->i_mode)) { - info->status = -EISDIR; - } else if (dst_file->f_op->dedupe_file_range == NULL) { - info->status = -EINVAL; - } else { - deduped = dst_file->f_op->dedupe_file_range(file, off, - dst_file, - info->dest_offset, len); - if (deduped == -EBADE) - info->status = FILE_DEDUPE_RANGE_DIFFERS; - else if (deduped < 0) - info->status = deduped; - else - info->bytes_deduped += len; + goto next_fdput; } -next_file: - mnt_drop_write_file(dst_file); + deduped = vfs_dedupe_file_range_one(file, off, dst_file, + info->dest_offset, len); + if (deduped == -EBADE) + info->status = FILE_DEDUPE_RANGE_DIFFERS; + else if (deduped < 0) + info->status = deduped; + else + info->bytes_deduped = len; + next_fdput: fdput(dst_fd); next_loop: -- cgit v1.2.3 From 2abc77af89e17582db9039293c8ac881c8c96d79 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 12 Jul 2018 11:18:42 -0400 Subject: new helper: open_with_fake_path() open a file by given inode, faking ->f_path. Use with shitloads of caution - at the very least you'd damn better make sure that some dentry alias of that inode is pinned down by the path in question. Again, this is no general-purpose interface and I hope it will eventually go away. Right now overlayfs wants something like that, but nothing else should. Any out-of-tree code with bright idea of using this one *will* eventually get hurt, with zero notice and great delight on my part. I refuse to use EXPORT_SYMBOL_GPL(), especially in situations when it's really EXPORT_SYMBOL_DONT_USE_IT(), but don't take that export as "you are welcome to use it". Signed-off-by: Al Viro --- fs/open.c | 18 ++++++++++++++++++ include/linux/fs.h | 2 ++ 2 files changed, 20 insertions(+) diff --git a/fs/open.c b/fs/open.c index ee893240d199..dd15711eb658 100644 --- a/fs/open.c +++ b/fs/open.c @@ -925,6 +925,24 @@ struct file *dentry_open(const struct path *path, int flags, } EXPORT_SYMBOL(dentry_open); +struct file *open_with_fake_path(const struct path *path, int flags, + struct inode *inode, const struct cred *cred) +{ + struct file *f = alloc_empty_file(flags, cred); + if (!IS_ERR(f)) { + int error; + + f->f_path = *path; + error = do_dentry_open(f, inode, NULL); + if (error) { + fput(f); + f = ERR_PTR(error); + } + } + return f; +} +EXPORT_SYMBOL(open_with_fake_path); + static inline int build_open_flags(int flags, umode_t mode, struct open_flags *op) { int lookup_flags = 0; diff --git a/include/linux/fs.h b/include/linux/fs.h index 05f34726e29c..4ff7b7012186 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2424,6 +2424,8 @@ extern struct file *filp_open(const char *, int, umode_t); extern struct file *file_open_root(struct dentry *, struct vfsmount *, const char *, int, umode_t); extern struct file * dentry_open(const struct path *, int, const struct cred *); +extern struct file * open_with_fake_path(const struct path *, int, + struct inode*, const struct cred *); static inline struct file *file_clone_open(struct file *file) { return dentry_open(&file->f_path, file->f_flags, file->f_cred); -- cgit v1.2.3 From 67810693077afc1ebf9e1646af300436cb8103c2 Mon Sep 17 00:00:00 2001 From: Amir Goldstein Date: Tue, 17 Jul 2018 16:05:38 +0300 Subject: ovl: fix wrong use of impure dir cache in ovl_iterate() Only upper dir can be impure, but if we are in the middle of iterating a lower real dir, dir could be copied up and marked impure. We only want the impure cache if we started iterating a real upper dir to begin with. Aditya Kali reported that the following reproducer hits the WARN_ON(!cache->refcount) in ovl_get_cache(): docker run --rm drupal:8.5.4-fpm-alpine \ sh -c 'cd /var/www/html/vendor/symfony && \ chown -R www-data:www-data . && ls -l .' Reported-by: Aditya Kali Tested-by: Aditya Kali Fixes: 4edb83bb1041 ('ovl: constant d_ino for non-merge dirs') Cc: # v4.14 Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/readdir.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/readdir.c b/fs/overlayfs/readdir.c index ef1fe42ff7bb..cc8303a806b4 100644 --- a/fs/overlayfs/readdir.c +++ b/fs/overlayfs/readdir.c @@ -668,6 +668,21 @@ static int ovl_fill_real(struct dir_context *ctx, const char *name, return orig_ctx->actor(orig_ctx, name, namelen, offset, ino, d_type); } +static bool ovl_is_impure_dir(struct file *file) +{ + struct ovl_dir_file *od = file->private_data; + struct inode *dir = d_inode(file->f_path.dentry); + + /* + * Only upper dir can be impure, but if we are in the middle of + * iterating a lower real dir, dir could be copied up and marked + * impure. We only want the impure cache if we started iterating + * a real upper dir to begin with. + */ + return od->is_upper && ovl_test_flag(OVL_IMPURE, dir); + +} + static int ovl_iterate_real(struct file *file, struct dir_context *ctx) { int err; @@ -696,7 +711,7 @@ static int ovl_iterate_real(struct file *file, struct dir_context *ctx) rdt.parent_ino = stat.ino; } - if (ovl_test_flag(OVL_IMPURE, d_inode(dir))) { + if (ovl_is_impure_dir(file)) { rdt.cache = ovl_cache_get_impure(&file->f_path); if (IS_ERR(rdt.cache)) return PTR_ERR(rdt.cache); @@ -727,7 +742,7 @@ static int ovl_iterate(struct file *file, struct dir_context *ctx) */ if (ovl_xino_bits(dentry->d_sb) || (ovl_same_sb(dentry->d_sb) && - (ovl_test_flag(OVL_IMPURE, d_inode(dentry)) || + (ovl_is_impure_dir(file) || OVL_TYPE_MERGE(ovl_path_type(dentry->d_parent))))) { return ovl_iterate_real(file, ctx); } -- cgit v1.2.3 From d3b1084dfd629ef89bc1c4bab95e5cb87e7d08c2 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:40 +0200 Subject: vfs: make open_with_fake_path() not contribute to nr_files Stacking file operations in overlay will store an extra open file for each overlay file opened. The overhead is just that of "struct file" which is about 256bytes, because overlay already pins an extra dentry and inode when the file is open, which add up to a much larger overhead. For fear of breaking working setups, don't start accounting the extra file. Signed-off-by: Miklos Szeredi --- fs/file_table.c | 69 +++++++++++++++++++++++++++++++++++++----------------- fs/internal.h | 1 + fs/open.c | 2 +- include/linux/fs.h | 3 +++ 4 files changed, 53 insertions(+), 22 deletions(-) diff --git a/fs/file_table.c b/fs/file_table.c index 9b70ed2bbc4e..0cc7bea6b51a 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -52,7 +52,8 @@ static void file_free_rcu(struct rcu_head *head) static inline void file_free(struct file *f) { security_file_free(f); - percpu_counter_dec(&nr_files); + if (!(f->f_mode & FMODE_NOACCOUNT)) + percpu_counter_dec(&nr_files); call_rcu(&f->f_u.fu_rcuhead, file_free_rcu); } @@ -91,6 +92,34 @@ int proc_nr_files(struct ctl_table *table, int write, } #endif +static struct file *__alloc_file(int flags, const struct cred *cred) +{ + struct file *f; + int error; + + f = kmem_cache_zalloc(filp_cachep, GFP_KERNEL); + if (unlikely(!f)) + return ERR_PTR(-ENOMEM); + + f->f_cred = get_cred(cred); + error = security_file_alloc(f); + if (unlikely(error)) { + file_free_rcu(&f->f_u.fu_rcuhead); + return ERR_PTR(error); + } + + atomic_long_set(&f->f_count, 1); + rwlock_init(&f->f_owner.lock); + spin_lock_init(&f->f_lock); + mutex_init(&f->f_pos_lock); + eventpoll_init_file(f); + f->f_flags = flags; + f->f_mode = OPEN_FMODE(flags); + /* f->f_version: 0 */ + + return f; +} + /* Find an unused file structure and return a pointer to it. * Returns an error pointer if some error happend e.g. we over file * structures limit, run out of memory or operation is not permitted. @@ -105,7 +134,6 @@ struct file *alloc_empty_file(int flags, const struct cred *cred) { static long old_max; struct file *f; - int error; /* * Privileged users can go above max_files @@ -119,26 +147,10 @@ struct file *alloc_empty_file(int flags, const struct cred *cred) goto over; } - f = kmem_cache_zalloc(filp_cachep, GFP_KERNEL); - if (unlikely(!f)) - return ERR_PTR(-ENOMEM); - - f->f_cred = get_cred(cred); - error = security_file_alloc(f); - if (unlikely(error)) { - file_free_rcu(&f->f_u.fu_rcuhead); - return ERR_PTR(error); - } + f = __alloc_file(flags, cred); + if (!IS_ERR(f)) + percpu_counter_inc(&nr_files); - atomic_long_set(&f->f_count, 1); - rwlock_init(&f->f_owner.lock); - spin_lock_init(&f->f_lock); - mutex_init(&f->f_pos_lock); - eventpoll_init_file(f); - f->f_flags = flags; - f->f_mode = OPEN_FMODE(flags); - /* f->f_version: 0 */ - percpu_counter_inc(&nr_files); return f; over: @@ -150,6 +162,21 @@ over: return ERR_PTR(-ENFILE); } +/* + * Variant of alloc_empty_file() that doesn't check and modify nr_files. + * + * Should not be used unless there's a very good reason to do so. + */ +struct file *alloc_empty_file_noaccount(int flags, const struct cred *cred) +{ + struct file *f = __alloc_file(flags, cred); + + if (!IS_ERR(f)) + f->f_mode |= FMODE_NOACCOUNT; + + return f; +} + /** * alloc_file - allocate and initialize a 'struct file' * diff --git a/fs/internal.h b/fs/internal.h index 52a346903748..442098fa0a84 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -94,6 +94,7 @@ extern void chroot_fs_refs(const struct path *, const struct path *); * file_table.c */ extern struct file *alloc_empty_file(int, const struct cred *); +extern struct file *alloc_empty_file_noaccount(int, const struct cred *); /* * super.c diff --git a/fs/open.c b/fs/open.c index dd15711eb658..9c6617dbb2c0 100644 --- a/fs/open.c +++ b/fs/open.c @@ -928,7 +928,7 @@ EXPORT_SYMBOL(dentry_open); struct file *open_with_fake_path(const struct path *path, int flags, struct inode *inode, const struct cred *cred) { - struct file *f = alloc_empty_file(flags, cred); + struct file *f = alloc_empty_file_noaccount(flags, cred); if (!IS_ERR(f)) { int error; diff --git a/include/linux/fs.h b/include/linux/fs.h index 5ce2b413abc6..e1884840d556 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -156,6 +156,9 @@ typedef int (dio_iodone_t)(struct kiocb *iocb, loff_t offset, /* File is capable of returning -EAGAIN if I/O will block */ #define FMODE_NOWAIT ((__force fmode_t)0x8000000) +/* File does not contribute to nr_files count */ +#define FMODE_NOACCOUNT ((__force fmode_t)0x20000000) + /* * Flag for rw_copy_check_uvector and compat_rw_copy_check_uvector * that indicates that they should check the contents of the iovec are -- cgit v1.2.3 From 9df6702ad0e85901450fe48a7b5f0f8975353eeb Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:40 +0200 Subject: vfs: export vfs_ioctl() to modules This is needed by the stacked ioctl implementation in overlayfs. Signed-off-by: Miklos Szeredi --- fs/internal.h | 1 - fs/ioctl.c | 1 + include/linux/fs.h | 2 ++ 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/internal.h b/fs/internal.h index 442098fa0a84..9c3b4c40e582 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -184,7 +184,6 @@ extern const struct dentry_operations ns_dentry_operations; */ extern int do_vfs_ioctl(struct file *file, unsigned int fd, unsigned int cmd, unsigned long arg); -extern long vfs_ioctl(struct file *file, unsigned int cmd, unsigned long arg); /* * iomap support: diff --git a/fs/ioctl.c b/fs/ioctl.c index b445b13fc59b..3212c29235ce 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -49,6 +49,7 @@ long vfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) out: return error; } +EXPORT_SYMBOL(vfs_ioctl); static int ioctl_fibmap(struct file *filp, int __user *p) { diff --git a/include/linux/fs.h b/include/linux/fs.h index e1884840d556..019817a083a0 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1634,6 +1634,8 @@ int vfs_mkobj(struct dentry *, umode_t, int (*f)(struct dentry *, umode_t, void *), void *); +extern long vfs_ioctl(struct file *file, unsigned int cmd, unsigned long arg); + /* * VFS file helper functions. */ -- cgit v1.2.3 From f182536684d876afaf4627c36a16c4e15ea8a2b8 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:40 +0200 Subject: vfs: export vfs_dedupe_file_range_one() to modules This is needed by the stacked dedupe implementation in overlayfs. Signed-off-by: Miklos Szeredi --- fs/read_write.c | 6 +++--- include/linux/fs.h | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index cce4ebac34a8..39b4a21dd933 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -1964,9 +1964,8 @@ out_error: } EXPORT_SYMBOL(vfs_dedupe_file_range_compare); -static int vfs_dedupe_file_range_one(struct file *src_file, loff_t src_pos, - struct file *dst_file, loff_t dst_pos, - u64 len) +int vfs_dedupe_file_range_one(struct file *src_file, loff_t src_pos, + struct file *dst_file, loff_t dst_pos, u64 len) { s64 ret; @@ -2001,6 +2000,7 @@ out_drop_write: return ret; } +EXPORT_SYMBOL(vfs_dedupe_file_range_one); int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same) { diff --git a/include/linux/fs.h b/include/linux/fs.h index 019817a083a0..b67209948f1b 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1829,6 +1829,10 @@ extern int vfs_dedupe_file_range_compare(struct inode *src, loff_t srcoff, loff_t len, bool *is_same); extern int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same); +extern int vfs_dedupe_file_range_one(struct file *src_file, loff_t src_pos, + struct file *dst_file, loff_t dst_pos, + u64 len); + struct super_operations { struct inode *(*alloc_inode)(struct super_block *sb); -- cgit v1.2.3 From d9854c87f0ed1a5f32fec24bb5b5fb426ad79c26 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:40 +0200 Subject: ovl: copy up times Copy up mtime and ctime to overlay inode after times in real object are modified. Be careful not to dirty cachelines when not necessary. This is in preparation for moving overlay functionality out of the VFS. This patch shouldn't have any observable effect. Signed-off-by: Miklos Szeredi --- fs/overlayfs/dir.c | 31 ++++++++++++++++++++++++------- fs/overlayfs/inode.c | 3 +++ fs/overlayfs/overlayfs.h | 2 +- fs/overlayfs/util.c | 10 +++++++++- 4 files changed, 37 insertions(+), 9 deletions(-) diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index f480b1a2cd2e..4fa756c1b190 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -242,7 +242,7 @@ static int ovl_instantiate(struct dentry *dentry, struct inode *inode, .newinode = inode, }; - ovl_dentry_version_inc(dentry->d_parent, false); + ovl_dir_modified(dentry->d_parent, false); ovl_dentry_set_upper_alias(dentry); if (!hardlink) { /* @@ -722,7 +722,7 @@ static int ovl_remove_and_whiteout(struct dentry *dentry, if (err) goto out_d_drop; - ovl_dentry_version_inc(dentry->d_parent, true); + ovl_dir_modified(dentry->d_parent, true); out_d_drop: d_drop(dentry); out_dput_upper: @@ -767,7 +767,7 @@ static int ovl_remove_upper(struct dentry *dentry, bool is_dir, err = vfs_rmdir(dir, upper); else err = vfs_unlink(dir, upper, NULL); - ovl_dentry_version_inc(dentry->d_parent, ovl_type_origin(dentry)); + ovl_dir_modified(dentry->d_parent, ovl_type_origin(dentry)); /* * Keeping this dentry hashed would mean having to release @@ -797,6 +797,7 @@ static int ovl_do_remove(struct dentry *dentry, bool is_dir) int err; bool locked = false; const struct cred *old_cred; + struct dentry *upperdentry; bool lower_positive = ovl_lower_positive(dentry); LIST_HEAD(list); @@ -832,6 +833,17 @@ static int ovl_do_remove(struct dentry *dentry, bool is_dir) drop_nlink(dentry->d_inode); } ovl_nlink_end(dentry, locked); + + /* + * Copy ctime + * + * Note: we fail to update ctime if there was no copy-up, only a + * whiteout + */ + upperdentry = ovl_dentry_upper(dentry); + if (upperdentry) + ovl_copyattr(d_inode(upperdentry), d_inode(dentry)); + out_drop_write: ovl_drop_write(dentry); out: @@ -1138,10 +1150,15 @@ static int ovl_rename(struct inode *olddir, struct dentry *old, drop_nlink(d_inode(new)); } - ovl_dentry_version_inc(old->d_parent, ovl_type_origin(old) || - (!overwrite && ovl_type_origin(new))); - ovl_dentry_version_inc(new->d_parent, ovl_type_origin(old) || - (d_inode(new) && ovl_type_origin(new))); + ovl_dir_modified(old->d_parent, ovl_type_origin(old) || + (!overwrite && ovl_type_origin(new))); + ovl_dir_modified(new->d_parent, ovl_type_origin(old) || + (d_inode(new) && ovl_type_origin(new))); + + /* copy ctime: */ + ovl_copyattr(d_inode(olddentry), d_inode(old)); + if (d_inode(new) && ovl_dentry_upper(new)) + ovl_copyattr(d_inode(newdentry), d_inode(new)); out_dput: dput(newdentry); diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index ed16a898caeb..0fa48d5644e2 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -304,6 +304,9 @@ int ovl_xattr_set(struct dentry *dentry, struct inode *inode, const char *name, } revert_creds(old_cred); + /* copy c/mtime */ + ovl_copyattr(d_inode(realdentry), inode); + out_drop_write: ovl_drop_write(dentry); out: diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 7538b9b56237..008420e834d8 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -231,7 +231,7 @@ void ovl_dentry_set_redirect(struct dentry *dentry, const char *redirect); void ovl_inode_init(struct inode *inode, struct dentry *upperdentry, struct dentry *lowerdentry); void ovl_inode_update(struct inode *inode, struct dentry *upperdentry); -void ovl_dentry_version_inc(struct dentry *dentry, bool impurity); +void ovl_dir_modified(struct dentry *dentry, bool impurity); u64 ovl_dentry_version_get(struct dentry *dentry); bool ovl_is_whiteout(struct dentry *dentry); struct file *ovl_path_open(struct path *path, int flags); diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 6f1078028c66..30a05d1d679d 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -333,7 +333,7 @@ void ovl_inode_update(struct inode *inode, struct dentry *upperdentry) } } -void ovl_dentry_version_inc(struct dentry *dentry, bool impurity) +static void ovl_dentry_version_inc(struct dentry *dentry, bool impurity) { struct inode *inode = d_inode(dentry); @@ -348,6 +348,14 @@ void ovl_dentry_version_inc(struct dentry *dentry, bool impurity) OVL_I(inode)->version++; } +void ovl_dir_modified(struct dentry *dentry, bool impurity) +{ + /* Copy mtime/ctime */ + ovl_copyattr(d_inode(ovl_dentry_upper(dentry)), d_inode(dentry)); + + ovl_dentry_version_inc(dentry, impurity); +} + u64 ovl_dentry_version_get(struct dentry *dentry) { struct inode *inode = d_inode(dentry); -- cgit v1.2.3 From 4f3572954a9d4cbf992072713af284d990b65d87 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:41 +0200 Subject: ovl: copy up inode flags On inode creation copy certain inode flags from the underlying real inode to the overlay inode. This is in preparation for moving overlay functionality out of the VFS. Signed-off-by: Miklos Szeredi --- fs/overlayfs/overlayfs.h | 7 +++++++ fs/overlayfs/util.c | 1 + 2 files changed, 8 insertions(+) diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 008420e834d8..25cf26e57cdb 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -350,6 +350,13 @@ static inline void ovl_copyattr(struct inode *from, struct inode *to) to->i_ctime = from->i_ctime; } +static inline void ovl_copyflags(struct inode *from, struct inode *to) +{ + unsigned int mask = S_SYNC | S_IMMUTABLE | S_APPEND | S_NOATIME; + + inode_set_flags(to, from->i_flags & mask, mask); +} + /* dir.c */ extern const struct inode_operations ovl_dir_inode_operations; int ovl_cleanup_and_whiteout(struct dentry *workdir, struct inode *dir, diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 30a05d1d679d..25d202b47326 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -310,6 +310,7 @@ void ovl_inode_init(struct inode *inode, struct dentry *upperdentry, OVL_I(inode)->lower = igrab(d_inode(lowerdentry)); ovl_copyattr(realinode, inode); + ovl_copyflags(realinode, inode); if (!inode->i_ino) inode->i_ino = realinode->i_ino; } -- cgit v1.2.3 From 5812160eb50925d19c54be979c72d335fee17dbd Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:41 +0200 Subject: Revert "Revert "ovl: get_write_access() in truncate"" This reverts commit 31c3a7069593b072bd57192b63b62f9a7e994e9a. Re-add functionality dealing with i_writecount on truncate to overlayfs. This patch shouldn't have any observable effects, since we just re-assert the writecout that vfs_truncate() already got for us. This is in preparation for moving overlay functionality out of the VFS. Signed-off-by: Miklos Szeredi --- fs/overlayfs/inode.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 0fa48d5644e2..3f1e5bd0ba87 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -39,10 +39,27 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr) if (err) goto out; + if (attr->ia_valid & ATTR_SIZE) { + struct inode *realinode = d_inode(ovl_dentry_real(dentry)); + + err = -ETXTBSY; + if (atomic_read(&realinode->i_writecount) < 0) + goto out_drop_write; + } + err = ovl_copy_up(dentry); if (!err) { + struct inode *winode = NULL; + upperdentry = ovl_dentry_upper(dentry); + if (attr->ia_valid & ATTR_SIZE) { + winode = d_inode(upperdentry); + err = get_write_access(winode); + if (err) + goto out_drop_write; + } + if (attr->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID)) attr->ia_valid &= ~ATTR_MODE; @@ -53,7 +70,11 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr) if (!err) ovl_copyattr(upperdentry->d_inode, dentry->d_inode); inode_unlock(upperdentry->d_inode); + + if (winode) + put_write_access(winode); } +out_drop_write: ovl_drop_write(dentry); out: return err; -- cgit v1.2.3 From 46e5d0a3907ba489fda4f7b043439a3599184f91 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:41 +0200 Subject: ovl: copy up file size as well Copy i_size of the underlying inode to the overlay inode in ovl_copyattr(). This is in preparation for stacking I/O operations on overlay files. This patch shouldn't have any observable effect. Remove stale comment from ovl_setattr() [spotted by Vivek Goyal]. Signed-off-by: Miklos Szeredi --- fs/overlayfs/inode.c | 9 --------- fs/overlayfs/overlayfs.h | 2 ++ 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 3f1e5bd0ba87..5b6c86703d34 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -22,15 +22,6 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr) struct dentry *upperdentry; const struct cred *old_cred; - /* - * Check for permissions before trying to copy-up. This is redundant - * since it will be rechecked later by ->setattr() on upper dentry. But - * without this, copy-up can be triggered by just about anybody. - * - * We don't initialize inode->size, which just means that - * inode_newsize_ok() will always check against MAX_LFS_FILESIZE and not - * check for a swapfile (which this won't be anyway). - */ err = setattr_prepare(dentry, attr); if (err) return err; diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 25cf26e57cdb..f28f1e37d457 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -9,6 +9,7 @@ #include #include +#include #include "ovl_entry.h" enum ovl_path_type { @@ -348,6 +349,7 @@ static inline void ovl_copyattr(struct inode *from, struct inode *to) to->i_atime = from->i_atime; to->i_mtime = from->i_mtime; to->i_ctime = from->i_ctime; + i_size_write(to, i_size_read(from)); } static inline void ovl_copyflags(struct inode *from, struct inode *to) -- cgit v1.2.3 From e8c985bace1351c5f2d7a6f0d8ff3e677b58abb5 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:41 +0200 Subject: ovl: deal with overlay files in ovl_d_real() Signed-off-by: Miklos Szeredi --- fs/overlayfs/super.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 704b37311467..211975921a90 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -97,6 +97,10 @@ static struct dentry *ovl_d_real(struct dentry *dentry, struct dentry *real; int err; + /* It's an overlay file */ + if (inode && d_inode(dentry) == inode) + return dentry; + if (flags & D_REAL_UPPER) return ovl_dentry_upper(dentry); -- cgit v1.2.3 From d1d04ef8572bc8c22265057bd3d5a79f223f8f52 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:41 +0200 Subject: ovl: stack file ops Implement file operations on a regular overlay file. The underlying file is opened separately and cached in ->private_data. It might be worth making an exception for such files when accounting in nr_file to confirm to userspace expectations. We are only adding a small overhead (248bytes for the struct file) since the real inode and dentry are pinned by overlayfs anyway. This patch doesn't have any effect, since the vfs will use d_real() to find the real underlying file to open. The patch at the end of the series will actually enable this functionality. AV: make it use open_with_fake_path(), don't mess with override_creds SzM: still need to mess with override_creds() until no fs uses current_cred() in their open method. Signed-off-by: Miklos Szeredi Signed-off-by: Al Viro --- fs/overlayfs/Makefile | 4 +-- fs/overlayfs/file.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++ fs/overlayfs/inode.c | 1 + fs/overlayfs/overlayfs.h | 3 ++ 4 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 fs/overlayfs/file.c diff --git a/fs/overlayfs/Makefile b/fs/overlayfs/Makefile index 30802347a020..46e1ff8ac056 100644 --- a/fs/overlayfs/Makefile +++ b/fs/overlayfs/Makefile @@ -4,5 +4,5 @@ obj-$(CONFIG_OVERLAY_FS) += overlay.o -overlay-objs := super.o namei.o util.o inode.o dir.o readdir.o copy_up.o \ - export.o +overlay-objs := super.o namei.o util.o inode.o file.o dir.o readdir.o \ + copy_up.o export.o diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c new file mode 100644 index 000000000000..ce7d002173a6 --- /dev/null +++ b/fs/overlayfs/file.c @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2017 Red Hat, Inc. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 as published by + * the Free Software Foundation. + */ + +#include +#include +#include +#include "overlayfs.h" + +static struct file *ovl_open_realfile(const struct file *file) +{ + struct inode *inode = file_inode(file); + struct inode *upperinode = ovl_inode_upper(inode); + struct inode *realinode = upperinode ?: ovl_inode_lower(inode); + struct file *realfile; + const struct cred *old_cred; + + old_cred = ovl_override_creds(inode->i_sb); + realfile = open_with_fake_path(&file->f_path, file->f_flags | O_NOATIME, + realinode, current_cred()); + revert_creds(old_cred); + + pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n", + file, file, upperinode ? 'u' : 'l', file->f_flags, + realfile, IS_ERR(realfile) ? 0 : realfile->f_flags); + + return realfile; +} + +static int ovl_open(struct inode *inode, struct file *file) +{ + struct dentry *dentry = file_dentry(file); + struct file *realfile; + int err; + + err = ovl_open_maybe_copy_up(dentry, file->f_flags); + if (err) + return err; + + /* No longer need these flags, so don't pass them on to underlying fs */ + file->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); + + realfile = ovl_open_realfile(file); + if (IS_ERR(realfile)) + return PTR_ERR(realfile); + + file->private_data = realfile; + + return 0; +} + +static int ovl_release(struct inode *inode, struct file *file) +{ + fput(file->private_data); + + return 0; +} + +static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) +{ + struct inode *realinode = ovl_inode_real(file_inode(file)); + + return generic_file_llseek_size(file, offset, whence, + realinode->i_sb->s_maxbytes, + i_size_read(realinode)); +} + +const struct file_operations ovl_file_operations = { + .open = ovl_open, + .release = ovl_release, + .llseek = ovl_llseek, +}; diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 5b6c86703d34..391e3a3b8ba1 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -535,6 +535,7 @@ static void ovl_fill_inode(struct inode *inode, umode_t mode, dev_t rdev, switch (mode & S_IFMT) { case S_IFREG: inode->i_op = &ovl_file_inode_operations; + inode->i_fop = &ovl_file_operations; break; case S_IFDIR: diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index f28f1e37d457..16d439ebfe02 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -377,6 +377,9 @@ struct dentry *ovl_create_real(struct inode *dir, struct dentry *newdentry, int ovl_cleanup(struct inode *dir, struct dentry *dentry); struct dentry *ovl_create_temp(struct dentry *workdir, struct ovl_cattr *attr); +/* file.c */ +extern const struct file_operations ovl_file_operations; + /* copy_up.c */ int ovl_copy_up(struct dentry *dentry); int ovl_copy_up_flags(struct dentry *dentry, int flags); -- cgit v1.2.3 From 2ef66b8a03c02c4cef71bf1e8661317c7b9aa071 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:41 +0200 Subject: ovl: add helper to return real file In the common case we can just use the real file cached in file->private_data. There are two exceptions: 1) File has been copied up since open: in this unlikely corner case just use a throwaway real file for the operation. If ever this becomes a perfomance problem (very unlikely, since overlayfs has been doing most fine without correctly handling this case at all), then we can deal with that by updating the cached real file. 2) File's f_flags have changed since open: no need to reopen the cached real file, we can just change the flags there as well. Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index ce7d002173a6..061a22511b5b 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -31,6 +31,66 @@ static struct file *ovl_open_realfile(const struct file *file) return realfile; } +#define OVL_SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT) + +static int ovl_change_flags(struct file *file, unsigned int flags) +{ + struct inode *inode = file_inode(file); + int err; + + /* No atime modificaton on underlying */ + flags |= O_NOATIME; + + /* If some flag changed that cannot be changed then something's amiss */ + if (WARN_ON((file->f_flags ^ flags) & ~OVL_SETFL_MASK)) + return -EIO; + + flags &= OVL_SETFL_MASK; + + if (((flags ^ file->f_flags) & O_APPEND) && IS_APPEND(inode)) + return -EPERM; + + if (flags & O_DIRECT) { + if (!file->f_mapping->a_ops || + !file->f_mapping->a_ops->direct_IO) + return -EINVAL; + } + + if (file->f_op->check_flags) { + err = file->f_op->check_flags(flags); + if (err) + return err; + } + + spin_lock(&file->f_lock); + file->f_flags = (file->f_flags & ~OVL_SETFL_MASK) | flags; + spin_unlock(&file->f_lock); + + return 0; +} + +static int ovl_real_fdget(const struct file *file, struct fd *real) +{ + struct inode *inode = file_inode(file); + + real->flags = 0; + real->file = file->private_data; + + /* Has it been copied up since we'd opened it? */ + if (unlikely(file_inode(real->file) != ovl_inode_real(inode))) { + real->flags = FDPUT_FPUT; + real->file = ovl_open_realfile(file); + + return PTR_ERR_OR_ZERO(real->file); + } + + /* Did the flags change since open? */ + if (unlikely((file->f_flags ^ real->file->f_flags) & ~O_NOATIME)) + return ovl_change_flags(real->file, file->f_flags); + + return 0; +} + static int ovl_open(struct inode *inode, struct file *file) { struct dentry *dentry = file_dentry(file); -- cgit v1.2.3 From 16914e6fc7e1748a8bd667753a92af5e685c445b Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:41 +0200 Subject: ovl: add ovl_read_iter() Implement stacked reading. Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 061a22511b5b..06c19740095f 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -9,6 +9,7 @@ #include #include #include +#include #include "overlayfs.h" static struct file *ovl_open_realfile(const struct file *file) @@ -129,8 +130,74 @@ static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) i_size_read(realinode)); } +static void ovl_file_accessed(struct file *file) +{ + struct inode *inode, *upperinode; + + if (file->f_flags & O_NOATIME) + return; + + inode = file_inode(file); + upperinode = ovl_inode_upper(inode); + + if (!upperinode) + return; + + if ((!timespec64_equal(&inode->i_mtime, &upperinode->i_mtime) || + !timespec64_equal(&inode->i_ctime, &upperinode->i_ctime))) { + inode->i_mtime = upperinode->i_mtime; + inode->i_ctime = upperinode->i_ctime; + } + + touch_atime(&file->f_path); +} + +static rwf_t ovl_iocb_to_rwf(struct kiocb *iocb) +{ + int ifl = iocb->ki_flags; + rwf_t flags = 0; + + if (ifl & IOCB_NOWAIT) + flags |= RWF_NOWAIT; + if (ifl & IOCB_HIPRI) + flags |= RWF_HIPRI; + if (ifl & IOCB_DSYNC) + flags |= RWF_DSYNC; + if (ifl & IOCB_SYNC) + flags |= RWF_SYNC; + + return flags; +} + +static ssize_t ovl_read_iter(struct kiocb *iocb, struct iov_iter *iter) +{ + struct file *file = iocb->ki_filp; + struct fd real; + const struct cred *old_cred; + ssize_t ret; + + if (!iov_iter_count(iter)) + return 0; + + ret = ovl_real_fdget(file, &real); + if (ret) + return ret; + + old_cred = ovl_override_creds(file_inode(file)->i_sb); + ret = vfs_iter_read(real.file, iter, &iocb->ki_pos, + ovl_iocb_to_rwf(iocb)); + revert_creds(old_cred); + + ovl_file_accessed(file); + + fdput(real); + + return ret; +} + const struct file_operations ovl_file_operations = { .open = ovl_open, .release = ovl_release, .llseek = ovl_llseek, + .read_iter = ovl_read_iter, }; -- cgit v1.2.3 From 2a92e07edc5edef44bb7a0b8ede3154476dbb50a Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:41 +0200 Subject: ovl: add ovl_write_iter() Implement stacked writes. Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 06c19740095f..53d95c9d976a 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -195,9 +195,48 @@ static ssize_t ovl_read_iter(struct kiocb *iocb, struct iov_iter *iter) return ret; } +static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) +{ + struct file *file = iocb->ki_filp; + struct inode *inode = file_inode(file); + struct fd real; + const struct cred *old_cred; + ssize_t ret; + + if (!iov_iter_count(iter)) + return 0; + + inode_lock(inode); + /* Update mode */ + ovl_copyattr(ovl_inode_real(inode), inode); + ret = file_remove_privs(file); + if (ret) + goto out_unlock; + + ret = ovl_real_fdget(file, &real); + if (ret) + goto out_unlock; + + old_cred = ovl_override_creds(file_inode(file)->i_sb); + ret = vfs_iter_write(real.file, iter, &iocb->ki_pos, + ovl_iocb_to_rwf(iocb)); + revert_creds(old_cred); + + /* Update size */ + ovl_copyattr(ovl_inode_real(inode), inode); + + fdput(real); + +out_unlock: + inode_unlock(inode); + + return ret; +} + const struct file_operations ovl_file_operations = { .open = ovl_open, .release = ovl_release, .llseek = ovl_llseek, .read_iter = ovl_read_iter, + .write_iter = ovl_write_iter, }; -- cgit v1.2.3 From de30dfd629e2e07e2e9d672b2931bcd60f9a34c0 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:42 +0200 Subject: ovl: add ovl_fsync() Implement stacked fsync(). Don't sync if lower (noticed by Amir Goldstein). Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 53d95c9d976a..8adddee93418 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -233,10 +233,33 @@ out_unlock: return ret; } +static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync) +{ + struct fd real; + const struct cred *old_cred; + int ret; + + ret = ovl_real_fdget(file, &real); + if (ret) + return ret; + + /* Don't sync lower file for fear of receiving EROFS error */ + if (file_inode(real.file) == ovl_inode_upper(file_inode(file))) { + old_cred = ovl_override_creds(file_inode(file)->i_sb); + ret = vfs_fsync_range(real.file, start, end, datasync); + revert_creds(old_cred); + } + + fdput(real); + + return ret; +} + const struct file_operations ovl_file_operations = { .open = ovl_open, .release = ovl_release, .llseek = ovl_llseek, .read_iter = ovl_read_iter, .write_iter = ovl_write_iter, + .fsync = ovl_fsync, }; -- cgit v1.2.3 From 2f502839e85ab265f03f25f30d6463154aee5473 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:42 +0200 Subject: ovl: add ovl_mmap() Implement stacked mmap. Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 8adddee93418..4c8bf77e048f 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -255,6 +255,37 @@ static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync) return ret; } +static int ovl_mmap(struct file *file, struct vm_area_struct *vma) +{ + struct file *realfile = file->private_data; + const struct cred *old_cred; + int ret; + + if (!realfile->f_op->mmap) + return -ENODEV; + + if (WARN_ON(file != vma->vm_file)) + return -EIO; + + vma->vm_file = get_file(realfile); + + old_cred = ovl_override_creds(file_inode(file)->i_sb); + ret = call_mmap(vma->vm_file, vma); + revert_creds(old_cred); + + if (ret) { + /* Drop reference count from new vm_file value */ + fput(realfile); + } else { + /* Drop reference count from previous vm_file value */ + fput(file); + } + + ovl_file_accessed(file); + + return ret; +} + const struct file_operations ovl_file_operations = { .open = ovl_open, .release = ovl_release, @@ -262,4 +293,5 @@ const struct file_operations ovl_file_operations = { .read_iter = ovl_read_iter, .write_iter = ovl_write_iter, .fsync = ovl_fsync, + .mmap = ovl_mmap, }; -- cgit v1.2.3 From aab8848cee5eca1003fc146b35b0c3293830a660 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:42 +0200 Subject: ovl: add ovl_fallocate() Implement stacked fallocate. Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 4c8bf77e048f..58b37fec133d 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -286,6 +286,29 @@ static int ovl_mmap(struct file *file, struct vm_area_struct *vma) return ret; } +static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len) +{ + struct inode *inode = file_inode(file); + struct fd real; + const struct cred *old_cred; + int ret; + + ret = ovl_real_fdget(file, &real); + if (ret) + return ret; + + old_cred = ovl_override_creds(file_inode(file)->i_sb); + ret = vfs_fallocate(real.file, mode, offset, len); + revert_creds(old_cred); + + /* Update size */ + ovl_copyattr(ovl_inode_real(inode), inode); + + fdput(real); + + return ret; +} + const struct file_operations ovl_file_operations = { .open = ovl_open, .release = ovl_release, @@ -294,4 +317,5 @@ const struct file_operations ovl_file_operations = { .write_iter = ovl_write_iter, .fsync = ovl_fsync, .mmap = ovl_mmap, + .fallocate = ovl_fallocate, }; -- cgit v1.2.3 From dab5ca8fd9ddd3c0768e14bc1524bd3e7b8aa430 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:42 +0200 Subject: ovl: add lsattr/chattr support Implement FS_IOC_GETFLAGS and FS_IOC_SETFLAGS. Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 58b37fec133d..7590e43369f6 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -8,6 +8,7 @@ #include #include +#include #include #include #include "overlayfs.h" @@ -309,6 +310,82 @@ static long ovl_fallocate(struct file *file, int mode, loff_t offset, loff_t len return ret; } +static long ovl_real_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) +{ + struct fd real; + const struct cred *old_cred; + long ret; + + ret = ovl_real_fdget(file, &real); + if (ret) + return ret; + + old_cred = ovl_override_creds(file_inode(file)->i_sb); + ret = vfs_ioctl(real.file, cmd, arg); + revert_creds(old_cred); + + fdput(real); + + return ret; +} + +static long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +{ + long ret; + struct inode *inode = file_inode(file); + + switch (cmd) { + case FS_IOC_GETFLAGS: + ret = ovl_real_ioctl(file, cmd, arg); + break; + + case FS_IOC_SETFLAGS: + if (!inode_owner_or_capable(inode)) + return -EACCES; + + ret = mnt_want_write_file(file); + if (ret) + return ret; + + ret = ovl_copy_up(file_dentry(file)); + if (!ret) { + ret = ovl_real_ioctl(file, cmd, arg); + + inode_lock(inode); + ovl_copyflags(ovl_inode_real(inode), inode); + inode_unlock(inode); + } + + mnt_drop_write_file(file); + break; + + default: + ret = -ENOTTY; + } + + return ret; +} + +static long ovl_compat_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) +{ + switch (cmd) { + case FS_IOC32_GETFLAGS: + cmd = FS_IOC_GETFLAGS; + break; + + case FS_IOC32_SETFLAGS: + cmd = FS_IOC_SETFLAGS; + break; + + default: + return -ENOIOCTLCMD; + } + + return ovl_ioctl(file, cmd, arg); +} + const struct file_operations ovl_file_operations = { .open = ovl_open, .release = ovl_release, @@ -318,4 +395,6 @@ const struct file_operations ovl_file_operations = { .fsync = ovl_fsync, .mmap = ovl_mmap, .fallocate = ovl_fallocate, + .unlocked_ioctl = ovl_ioctl, + .compat_ioctl = ovl_compat_ioctl, }; -- cgit v1.2.3 From 9e142c4102db44c3c7a2656de8a1e2ddda2fae71 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:42 +0200 Subject: ovl: add ovl_fiemap() Implement stacked fiemap(). Need to split inode operations for regular file (which has fiemap) and special file (which doesn't have fiemap). Signed-off-by: Miklos Szeredi --- fs/overlayfs/inode.c | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 391e3a3b8ba1..28ee802e6eaf 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -448,6 +448,23 @@ int ovl_update_time(struct inode *inode, struct timespec64 *ts, int flags) return 0; } +static int ovl_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, + u64 start, u64 len) +{ + int err; + struct inode *realinode = ovl_inode_real(inode); + const struct cred *old_cred; + + if (!realinode->i_op->fiemap) + return -EOPNOTSUPP; + + old_cred = ovl_override_creds(inode->i_sb); + err = realinode->i_op->fiemap(realinode, fieinfo, start, len); + revert_creds(old_cred); + + return err; +} + static const struct inode_operations ovl_file_inode_operations = { .setattr = ovl_setattr, .permission = ovl_permission, @@ -455,6 +472,7 @@ static const struct inode_operations ovl_file_inode_operations = { .listxattr = ovl_listxattr, .get_acl = ovl_get_acl, .update_time = ovl_update_time, + .fiemap = ovl_fiemap, }; static const struct inode_operations ovl_symlink_inode_operations = { @@ -465,6 +483,15 @@ static const struct inode_operations ovl_symlink_inode_operations = { .update_time = ovl_update_time, }; +static const struct inode_operations ovl_special_inode_operations = { + .setattr = ovl_setattr, + .permission = ovl_permission, + .getattr = ovl_getattr, + .listxattr = ovl_listxattr, + .get_acl = ovl_get_acl, + .update_time = ovl_update_time, +}; + /* * It is possible to stack overlayfs instance on top of another * overlayfs instance as lower layer. We need to annonate the @@ -548,7 +575,7 @@ static void ovl_fill_inode(struct inode *inode, umode_t mode, dev_t rdev, break; default: - inode->i_op = &ovl_file_inode_operations; + inode->i_op = &ovl_special_inode_operations; init_special_inode(inode, mode, rdev); break; } -- cgit v1.2.3 From f7c72396d0de8847495f0ccb5853c711a7f91271 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:42 +0200 Subject: ovl: add O_DIRECT support Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 7590e43369f6..c49af241c001 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -110,6 +110,9 @@ static int ovl_open(struct inode *inode, struct file *file) if (IS_ERR(realfile)) return PTR_ERR(realfile); + /* For O_DIRECT dentry_open() checks f_mapping->a_ops->direct_IO */ + file->f_mapping = realfile->f_mapping; + file->private_data = realfile; return 0; -- cgit v1.2.3 From 8ede205541ff05bd096749a9f00bde6d754b4e22 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:42 +0200 Subject: ovl: add reflink/copyfile/dedup support Since set of arguments are so similar, handle in a common helper. Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index c49af241c001..cd75b53f1497 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -389,6 +389,89 @@ static long ovl_compat_ioctl(struct file *file, unsigned int cmd, return ovl_ioctl(file, cmd, arg); } +enum ovl_copyop { + OVL_COPY, + OVL_CLONE, + OVL_DEDUPE, +}; + +static ssize_t ovl_copyfile(struct file *file_in, loff_t pos_in, + struct file *file_out, loff_t pos_out, + u64 len, unsigned int flags, enum ovl_copyop op) +{ + struct inode *inode_out = file_inode(file_out); + struct fd real_in, real_out; + const struct cred *old_cred; + ssize_t ret; + + ret = ovl_real_fdget(file_out, &real_out); + if (ret) + return ret; + + ret = ovl_real_fdget(file_in, &real_in); + if (ret) { + fdput(real_out); + return ret; + } + + old_cred = ovl_override_creds(file_inode(file_out)->i_sb); + switch (op) { + case OVL_COPY: + ret = vfs_copy_file_range(real_in.file, pos_in, + real_out.file, pos_out, len, flags); + break; + + case OVL_CLONE: + ret = vfs_clone_file_range(real_in.file, pos_in, + real_out.file, pos_out, len); + break; + + case OVL_DEDUPE: + ret = vfs_dedupe_file_range_one(real_in.file, pos_in, + real_out.file, pos_out, len); + break; + } + revert_creds(old_cred); + + /* Update size */ + ovl_copyattr(ovl_inode_real(inode_out), inode_out); + + fdput(real_in); + fdput(real_out); + + return ret; +} + +static ssize_t ovl_copy_file_range(struct file *file_in, loff_t pos_in, + struct file *file_out, loff_t pos_out, + size_t len, unsigned int flags) +{ + return ovl_copyfile(file_in, pos_in, file_out, pos_out, len, flags, + OVL_COPY); +} + +static int ovl_clone_file_range(struct file *file_in, loff_t pos_in, + struct file *file_out, loff_t pos_out, u64 len) +{ + return ovl_copyfile(file_in, pos_in, file_out, pos_out, len, 0, + OVL_CLONE); +} + +static int ovl_dedupe_file_range(struct file *file_in, loff_t pos_in, + struct file *file_out, loff_t pos_out, u64 len) +{ + /* + * Don't copy up because of a dedupe request, this wouldn't make sense + * most of the time (data would be duplicated instead of deduplicated). + */ + if (!ovl_inode_upper(file_inode(file_in)) || + !ovl_inode_upper(file_inode(file_out))) + return -EPERM; + + return ovl_copyfile(file_in, pos_in, file_out, pos_out, len, 0, + OVL_DEDUPE); +} + const struct file_operations ovl_file_operations = { .open = ovl_open, .release = ovl_release, @@ -400,4 +483,8 @@ const struct file_operations ovl_file_operations = { .fallocate = ovl_fallocate, .unlocked_ioctl = ovl_ioctl, .compat_ioctl = ovl_compat_ioctl, + + .copy_file_range = ovl_copy_file_range, + .clone_file_range = ovl_clone_file_range, + .dedupe_file_range = ovl_dedupe_file_range, }; -- cgit v1.2.3 From a6518f73e60e5044656d1ba587e7463479a9381a Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Fri, 6 Jul 2018 23:57:06 +0200 Subject: vfs: don't open real Let overlayfs do its thing when opening a file. This enables stacking and fixes the corner case when a file is opened for read, modified through a writable open, and data is read from the read-only file. After this patch the read-only open will not return stale data even in this case. Signed-off-by: Miklos Szeredi Signed-off-by: Al Viro --- fs/open.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/fs/open.c b/fs/open.c index 9c6617dbb2c0..fed24862ef83 100644 --- a/fs/open.c +++ b/fs/open.c @@ -893,13 +893,8 @@ EXPORT_SYMBOL(file_path); */ int vfs_open(const struct path *path, struct file *file) { - struct dentry *dentry = d_real(path->dentry, NULL, file->f_flags, 0); - - if (IS_ERR(dentry)) - return PTR_ERR(dentry); - file->f_path = *path; - return do_dentry_open(file, d_backing_inode(dentry), NULL); + return do_dentry_open(file, d_backing_inode(path->dentry), NULL); } struct file *dentry_open(const struct path *path, int flags, -- cgit v1.2.3 From d561f218564855f69791216882a2622af37e5776 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:43 +0200 Subject: Revert "ovl: fix may_write_real() for overlayfs directories" This reverts commit 954c736f865d6c0c68ae4263a2f3502ee7c447a3. Overlayfs no longer relies on the vfs for checking writability of files. Signed-off-by: Miklos Szeredi --- fs/namespace.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 8ddd14806799..76a742e36b32 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -468,9 +468,7 @@ static inline int may_write_real(struct file *file) /* File refers to upper, writable layer? */ upperdentry = d_real(dentry, NULL, 0, D_REAL_UPPER); - if (upperdentry && - (file_inode(file) == d_inode(upperdentry) || - file_inode(file) == d_inode(dentry))) + if (upperdentry && file_inode(file) == d_inode(upperdentry)) return 0; /* Lower layer: can't write to real file, sorry... */ -- cgit v1.2.3 From 6742cee04353231015ddbe7e8b404ac9c1eb4473 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:43 +0200 Subject: Revert "ovl: don't allow writing ioctl on lower layer" This reverts commit 7c6893e3c9abf6a9676e060a1e35e5caca673d57. Overlayfs no longer relies on the vfs for checking writability of files. Signed-off-by: Miklos Szeredi --- fs/internal.h | 2 -- fs/namespace.c | 64 +++------------------------------------------------------- fs/open.c | 4 ++-- fs/xattr.c | 9 ++++----- 4 files changed, 9 insertions(+), 70 deletions(-) diff --git a/fs/internal.h b/fs/internal.h index 9c3b4c40e582..abb41f346b18 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -80,10 +80,8 @@ extern void __init mnt_init(void); extern int __mnt_want_write(struct vfsmount *); extern int __mnt_want_write_file(struct file *); -extern int mnt_want_write_file_path(struct file *); extern void __mnt_drop_write(struct vfsmount *); extern void __mnt_drop_write_file(struct file *); -extern void mnt_drop_write_file_path(struct file *); /* * fs_struct.c diff --git a/fs/namespace.c b/fs/namespace.c index 76a742e36b32..c16921dba157 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -431,18 +431,13 @@ int __mnt_want_write_file(struct file *file) } /** - * mnt_want_write_file_path - get write access to a file's mount + * mnt_want_write_file - get write access to a file's mount * @file: the file who's mount on which to take a write * * This is like mnt_want_write, but it takes a file and can * do some optimisations if the file is open for write already - * - * Called by the vfs for cases when we have an open file at hand, but will do an - * inode operation on it (important distinction for files opened on overlayfs, - * since the file operations will come from the real underlying file, while - * inode operations come from the overlay). */ -int mnt_want_write_file_path(struct file *file) +int mnt_want_write_file(struct file *file) { int ret; @@ -452,53 +447,6 @@ int mnt_want_write_file_path(struct file *file) sb_end_write(file->f_path.mnt->mnt_sb); return ret; } - -static inline int may_write_real(struct file *file) -{ - struct dentry *dentry = file->f_path.dentry; - struct dentry *upperdentry; - - /* Writable file? */ - if (file->f_mode & FMODE_WRITER) - return 0; - - /* Not overlayfs? */ - if (likely(!(dentry->d_flags & DCACHE_OP_REAL))) - return 0; - - /* File refers to upper, writable layer? */ - upperdentry = d_real(dentry, NULL, 0, D_REAL_UPPER); - if (upperdentry && file_inode(file) == d_inode(upperdentry)) - return 0; - - /* Lower layer: can't write to real file, sorry... */ - return -EPERM; -} - -/** - * mnt_want_write_file - get write access to a file's mount - * @file: the file who's mount on which to take a write - * - * This is like mnt_want_write, but it takes a file and can - * do some optimisations if the file is open for write already - * - * Mostly called by filesystems from their ioctl operation before performing - * modification. On overlayfs this needs to check if the file is on a read-only - * lower layer and deny access in that case. - */ -int mnt_want_write_file(struct file *file) -{ - int ret; - - ret = may_write_real(file); - if (!ret) { - sb_start_write(file_inode(file)->i_sb); - ret = __mnt_want_write_file(file); - if (ret) - sb_end_write(file_inode(file)->i_sb); - } - return ret; -} EXPORT_SYMBOL_GPL(mnt_want_write_file); /** @@ -536,15 +484,9 @@ void __mnt_drop_write_file(struct file *file) __mnt_drop_write(file->f_path.mnt); } -void mnt_drop_write_file_path(struct file *file) -{ - mnt_drop_write(file->f_path.mnt); -} - void mnt_drop_write_file(struct file *file) { - __mnt_drop_write(file->f_path.mnt); - sb_end_write(file_inode(file)->i_sb); + mnt_drop_write(file->f_path.mnt); } EXPORT_SYMBOL(mnt_drop_write_file); diff --git a/fs/open.c b/fs/open.c index fed24862ef83..a3c03a4a9078 100644 --- a/fs/open.c +++ b/fs/open.c @@ -707,12 +707,12 @@ int ksys_fchown(unsigned int fd, uid_t user, gid_t group) if (!f.file) goto out; - error = mnt_want_write_file_path(f.file); + error = mnt_want_write_file(f.file); if (error) goto out_fput; audit_file(f.file); error = chown_common(&f.file->f_path, user, group); - mnt_drop_write_file_path(f.file); + mnt_drop_write_file(f.file); out_fput: fdput(f); out: diff --git a/fs/xattr.c b/fs/xattr.c index f9cb1db187b7..3a24027c062d 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -23,7 +23,6 @@ #include #include -#include "internal.h" static const char * strcmp_prefix(const char *a, const char *a_prefix) @@ -501,10 +500,10 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, if (!f.file) return error; audit_file(f.file); - error = mnt_want_write_file_path(f.file); + error = mnt_want_write_file(f.file); if (!error) { error = setxattr(f.file->f_path.dentry, name, value, size, flags); - mnt_drop_write_file_path(f.file); + mnt_drop_write_file(f.file); } fdput(f); return error; @@ -733,10 +732,10 @@ SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name) if (!f.file) return error; audit_file(f.file); - error = mnt_want_write_file_path(f.file); + error = mnt_want_write_file(f.file); if (!error) { error = removexattr(f.file->f_path.dentry, name); - mnt_drop_write_file_path(f.file); + mnt_drop_write_file(f.file); } fdput(f); return error; -- cgit v1.2.3 From a6795a585929d94ca3e931bc8518f8deb8bbe627 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:43 +0200 Subject: vfs: fix freeze protection in mnt_want_write_file() for overlayfs The underlying real file used by overlayfs still contains the overlay path. This results in mnt_want_write_file() calls by the filesystem getting freeze protection on the wrong inode (the overlayfs one instead of the real one). Fix by using file_inode(file)->i_sb instead of file->f_path.mnt->mnt_sb. Reported-by: Amir Goldstein Signed-off-by: Miklos Szeredi Reviewed-by: Christoph Hellwig --- fs/namespace.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index c16921dba157..9be2e938d36f 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -441,10 +441,10 @@ int mnt_want_write_file(struct file *file) { int ret; - sb_start_write(file->f_path.mnt->mnt_sb); + sb_start_write(file_inode(file)->i_sb); ret = __mnt_want_write_file(file); if (ret) - sb_end_write(file->f_path.mnt->mnt_sb); + sb_end_write(file_inode(file)->i_sb); return ret; } EXPORT_SYMBOL_GPL(mnt_want_write_file); @@ -486,7 +486,8 @@ void __mnt_drop_write_file(struct file *file) void mnt_drop_write_file(struct file *file) { - mnt_drop_write(file->f_path.mnt); + __mnt_drop_write_file(file); + sb_end_write(file_inode(file)->i_sb); } EXPORT_SYMBOL(mnt_drop_write_file); -- cgit v1.2.3 From 88059de155d4db817a3a78ba899cb3b7f4de0fb0 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:43 +0200 Subject: Revert "ovl: fix relatime for directories" This reverts commit cd91304e7190b4c4802f8e413ab2214b233e0260. Overlayfs no longer relies on the vfs correct atime handling. Signed-off-by: Miklos Szeredi --- fs/inode.c | 21 ++++----------------- fs/overlayfs/super.c | 3 --- include/linux/dcache.h | 3 --- 3 files changed, 4 insertions(+), 23 deletions(-) diff --git a/fs/inode.c b/fs/inode.c index 2c300e981796..7ef6f1942757 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -1560,24 +1560,11 @@ EXPORT_SYMBOL(bmap); static void update_ovl_inode_times(struct dentry *dentry, struct inode *inode, bool rcu) { - struct dentry *upperdentry; + if (!rcu) { + struct inode *realinode = d_real_inode(dentry); - /* - * Nothing to do if in rcu or if non-overlayfs - */ - if (rcu || likely(!(dentry->d_flags & DCACHE_OP_REAL))) - return; - - upperdentry = d_real(dentry, NULL, 0, D_REAL_UPPER); - - /* - * If file is on lower then we can't update atime, so no worries about - * stale mtime/ctime. - */ - if (upperdentry) { - struct inode *realinode = d_inode(upperdentry); - - if ((!timespec64_equal(&inode->i_mtime, &realinode->i_mtime) || + if (unlikely(inode != realinode) && + (!timespec64_equal(&inode->i_mtime, &realinode->i_mtime) || !timespec64_equal(&inode->i_ctime, &realinode->i_ctime))) { inode->i_mtime = realinode->i_mtime; inode->i_ctime = realinode->i_ctime; diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 211975921a90..a7e2287e4b8f 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -101,9 +101,6 @@ static struct dentry *ovl_d_real(struct dentry *dentry, if (inode && d_inode(dentry) == inode) return dentry; - if (flags & D_REAL_UPPER) - return ovl_dentry_upper(dentry); - if (!d_is_reg(dentry)) { if (!inode || inode == d_inode(dentry)) return dentry; diff --git a/include/linux/dcache.h b/include/linux/dcache.h index 66c6e17e61e5..ddae4103d324 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h @@ -564,9 +564,6 @@ static inline struct dentry *d_backing_dentry(struct dentry *upper) return upper; } -/* d_real() flags */ -#define D_REAL_UPPER 0x2 /* return upper dentry or NULL if non-upper */ - /** * d_real - Return the real dentry * @dentry: the dentry to query -- cgit v1.2.3 From c6718543463dbb78486ad259f884cb800df802b5 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:43 +0200 Subject: Revert "vfs: update ovl inode before relatime check" This reverts commit 598e3c8f72f5b77c84d2cb26cfd936ffb3cfdbaa. Overlayfs no longer relies on the vfs correct atime handling. Signed-off-by: Miklos Szeredi --- fs/inode.c | 33 ++++++--------------------------- fs/internal.h | 7 ------- fs/namei.c | 2 +- include/linux/fs.h | 1 + 4 files changed, 8 insertions(+), 35 deletions(-) diff --git a/fs/inode.c b/fs/inode.c index 7ef6f1942757..077a6174dfd5 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -1554,37 +1554,17 @@ sector_t bmap(struct inode *inode, sector_t block) } EXPORT_SYMBOL(bmap); -/* - * Update times in overlayed inode from underlying real inode - */ -static void update_ovl_inode_times(struct dentry *dentry, struct inode *inode, - bool rcu) -{ - if (!rcu) { - struct inode *realinode = d_real_inode(dentry); - - if (unlikely(inode != realinode) && - (!timespec64_equal(&inode->i_mtime, &realinode->i_mtime) || - !timespec64_equal(&inode->i_ctime, &realinode->i_ctime))) { - inode->i_mtime = realinode->i_mtime; - inode->i_ctime = realinode->i_ctime; - } - } -} - /* * With relative atime, only update atime if the previous atime is * earlier than either the ctime or mtime or if at least a day has * passed since the last atime update. */ -static int relatime_need_update(const struct path *path, struct inode *inode, - struct timespec now, bool rcu) +static int relatime_need_update(struct vfsmount *mnt, struct inode *inode, + struct timespec now) { - if (!(path->mnt->mnt_flags & MNT_RELATIME)) + if (!(mnt->mnt_flags & MNT_RELATIME)) return 1; - - update_ovl_inode_times(path->dentry, inode, rcu); /* * Is mtime younger than atime? If yes, update atime: */ @@ -1655,8 +1635,7 @@ static int update_time(struct inode *inode, struct timespec64 *time, int flags) * This function automatically handles read only file systems and media, * as well as the "noatime" flag and inode specific "noatime" markers. */ -bool __atime_needs_update(const struct path *path, struct inode *inode, - bool rcu) +bool atime_needs_update(const struct path *path, struct inode *inode) { struct vfsmount *mnt = path->mnt; struct timespec64 now; @@ -1682,7 +1661,7 @@ bool __atime_needs_update(const struct path *path, struct inode *inode, now = current_time(inode); - if (!relatime_need_update(path, inode, timespec64_to_timespec(now), rcu)) + if (!relatime_need_update(mnt, inode, timespec64_to_timespec(now))) return false; if (timespec64_equal(&inode->i_atime, &now)) @@ -1697,7 +1676,7 @@ void touch_atime(const struct path *path) struct inode *inode = d_inode(path->dentry); struct timespec64 now; - if (!__atime_needs_update(path, inode, false)) + if (!atime_needs_update(path, inode)) return; if (!sb_start_write_trylock(inode->i_sb)) diff --git a/fs/internal.h b/fs/internal.h index abb41f346b18..e54ad4361d0d 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -133,13 +133,6 @@ extern long prune_icache_sb(struct super_block *sb, struct shrink_control *sc); extern void inode_add_lru(struct inode *inode); extern int dentry_needs_remove_privs(struct dentry *dentry); -extern bool __atime_needs_update(const struct path *, struct inode *, bool); -static inline bool atime_needs_update_rcu(const struct path *path, - struct inode *inode) -{ - return __atime_needs_update(path, inode, true); -} - /* * fs-writeback.c */ diff --git a/fs/namei.c b/fs/namei.c index d152cc05fdc3..31182b71b313 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1015,7 +1015,7 @@ const char *get_link(struct nameidata *nd) if (!(nd->flags & LOOKUP_RCU)) { touch_atime(&last->link); cond_resched(); - } else if (atime_needs_update_rcu(&last->link, inode)) { + } else if (atime_needs_update(&last->link, inode)) { if (unlikely(unlazy_walk(nd))) return ERR_PTR(-ECHILD); touch_atime(&last->link); diff --git a/include/linux/fs.h b/include/linux/fs.h index b67209948f1b..8f8c9ac1c9d5 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2088,6 +2088,7 @@ enum file_time_flags { S_VERSION = 8, }; +extern bool atime_needs_update(const struct path *, struct inode *); extern void touch_atime(const struct path *); static inline void file_accessed(struct file *file) { -- cgit v1.2.3 From 4ab30319fd7c691a1b3165325c647a5cd6d282ac Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:43 +0200 Subject: Revert "vfs: add flags to d_real()" This reverts commit 495e642939114478a5237a7d91661ba93b76f15a. No user of "flags" argument of d_real() remain. Signed-off-by: Miklos Szeredi --- Documentation/filesystems/Locking | 2 +- Documentation/filesystems/vfs.txt | 2 +- fs/open.c | 2 +- fs/overlayfs/super.c | 4 ++-- include/linux/dcache.h | 11 +++++------ include/linux/fs.h | 2 +- 6 files changed, 11 insertions(+), 12 deletions(-) diff --git a/Documentation/filesystems/Locking b/Documentation/filesystems/Locking index 2c391338c675..24e1a4f37c83 100644 --- a/Documentation/filesystems/Locking +++ b/Documentation/filesystems/Locking @@ -22,7 +22,7 @@ prototypes: struct vfsmount *(*d_automount)(struct path *path); int (*d_manage)(const struct path *, bool); struct dentry *(*d_real)(struct dentry *, const struct inode *, - unsigned int, unsigned int); + unsigned int); locking rules: rename_lock ->d_lock may block rcu-walk diff --git a/Documentation/filesystems/vfs.txt b/Documentation/filesystems/vfs.txt index 829a7b7857a4..6417b161f88d 100644 --- a/Documentation/filesystems/vfs.txt +++ b/Documentation/filesystems/vfs.txt @@ -1001,7 +1001,7 @@ struct dentry_operations { struct vfsmount *(*d_automount)(struct path *); int (*d_manage)(const struct path *, bool); struct dentry *(*d_real)(struct dentry *, const struct inode *, - unsigned int, unsigned int); + unsigned int); }; d_revalidate: called when the VFS needs to revalidate a dentry. This diff --git a/fs/open.c b/fs/open.c index a3c03a4a9078..a973ca074896 100644 --- a/fs/open.c +++ b/fs/open.c @@ -96,7 +96,7 @@ long vfs_truncate(const struct path *path, loff_t length) * write access on the upper inode, not on the overlay inode. For * non-overlay filesystems d_real() is an identity function. */ - upperdentry = d_real(path->dentry, NULL, O_WRONLY, 0); + upperdentry = d_real(path->dentry, NULL, O_WRONLY); error = PTR_ERR(upperdentry); if (IS_ERR(upperdentry)) goto mnt_drop_write_and_out; diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index a7e2287e4b8f..5bc261de5041 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -92,7 +92,7 @@ static int ovl_check_append_only(struct inode *inode, int flag) static struct dentry *ovl_d_real(struct dentry *dentry, const struct inode *inode, - unsigned int open_flags, unsigned int flags) + unsigned int open_flags) { struct dentry *real; int err; @@ -128,7 +128,7 @@ static struct dentry *ovl_d_real(struct dentry *dentry, goto bug; /* Handle recursion */ - real = d_real(real, inode, open_flags, 0); + real = d_real(real, inode, open_flags); if (!inode || inode == d_inode(real)) return real; diff --git a/include/linux/dcache.h b/include/linux/dcache.h index ddae4103d324..8fe4efa94af6 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h @@ -146,7 +146,7 @@ struct dentry_operations { struct vfsmount *(*d_automount)(struct path *); int (*d_manage)(const struct path *, bool); struct dentry *(*d_real)(struct dentry *, const struct inode *, - unsigned int, unsigned int); + unsigned int); } ____cacheline_aligned; /* @@ -568,8 +568,7 @@ static inline struct dentry *d_backing_dentry(struct dentry *upper) * d_real - Return the real dentry * @dentry: the dentry to query * @inode: inode to select the dentry from multiple layers (can be NULL) - * @open_flags: open flags to control copy-up behavior - * @flags: flags to control what is returned by this function + * @flags: open flags to control copy-up behavior * * If dentry is on a union/overlay, then return the underlying, real dentry. * Otherwise return the dentry itself. @@ -578,10 +577,10 @@ static inline struct dentry *d_backing_dentry(struct dentry *upper) */ static inline struct dentry *d_real(struct dentry *dentry, const struct inode *inode, - unsigned int open_flags, unsigned int flags) + unsigned int flags) { if (unlikely(dentry->d_flags & DCACHE_OP_REAL)) - return dentry->d_op->d_real(dentry, inode, open_flags, flags); + return dentry->d_op->d_real(dentry, inode, flags); else return dentry; } @@ -596,7 +595,7 @@ static inline struct dentry *d_real(struct dentry *dentry, static inline struct inode *d_real_inode(const struct dentry *dentry) { /* This usage of d_real() results in const dentry */ - return d_backing_inode(d_real((struct dentry *) dentry, NULL, 0, 0)); + return d_backing_inode(d_real((struct dentry *) dentry, NULL, 0)); } struct name_snapshot { diff --git a/include/linux/fs.h b/include/linux/fs.h index 8f8c9ac1c9d5..16e2741cec3c 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1249,7 +1249,7 @@ static inline struct inode *file_inode(const struct file *f) static inline struct dentry *file_dentry(const struct file *file) { - return d_real(file->f_path.dentry, file_inode(file), 0, 0); + return d_real(file->f_path.dentry, file_inode(file), 0); } static inline int locks_lock_file_wait(struct file *filp, struct file_lock *fl) -- cgit v1.2.3 From 8cf9ee5061037accf61775f438ad7513576d4413 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:43 +0200 Subject: Revert "vfs: do get_write_access() on upper layer of overlayfs" This reverts commit 4d0c5ba2ff79ef9f5188998b29fd28fcb05f3667. We now get write access on both overlay and underlying layers so this patch is no longer needed for correct operation. Signed-off-by: Miklos Szeredi --- fs/locks.c | 3 +-- fs/open.c | 15 ++------------- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/fs/locks.c b/fs/locks.c index db7b6917d9c5..baa564841c03 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -1654,8 +1654,7 @@ check_conflicting_open(const struct dentry *dentry, const long arg, int flags) if (flags & FL_LAYOUT) return 0; - if ((arg == F_RDLCK) && - (atomic_read(&d_real_inode(dentry)->i_writecount) > 0)) + if ((arg == F_RDLCK) && (atomic_read(&inode->i_writecount) > 0)) return -EAGAIN; if ((arg == F_WRLCK) && ((d_count(dentry) > 1) || diff --git a/fs/open.c b/fs/open.c index a973ca074896..72bcae72bce9 100644 --- a/fs/open.c +++ b/fs/open.c @@ -68,7 +68,6 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, long vfs_truncate(const struct path *path, loff_t length) { struct inode *inode; - struct dentry *upperdentry; long error; inode = path->dentry->d_inode; @@ -91,17 +90,7 @@ long vfs_truncate(const struct path *path, loff_t length) if (IS_APPEND(inode)) goto mnt_drop_write_and_out; - /* - * If this is an overlayfs then do as if opening the file so we get - * write access on the upper inode, not on the overlay inode. For - * non-overlay filesystems d_real() is an identity function. - */ - upperdentry = d_real(path->dentry, NULL, O_WRONLY); - error = PTR_ERR(upperdentry); - if (IS_ERR(upperdentry)) - goto mnt_drop_write_and_out; - - error = get_write_access(upperdentry->d_inode); + error = get_write_access(inode); if (error) goto mnt_drop_write_and_out; @@ -120,7 +109,7 @@ long vfs_truncate(const struct path *path, loff_t length) error = do_truncate(path->dentry, length, 0, NULL); put_write_and_out: - put_write_access(upperdentry->d_inode); + put_write_access(inode); mnt_drop_write_and_out: mnt_drop_write(path->mnt); out: -- cgit v1.2.3 From de2a4a501e716bbf5ff691ba16faf59a35320228 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:43 +0200 Subject: Partially revert "locks: fix file locking on overlayfs" This partially reverts commit c568d68341be7030f5647def68851e469b21ca11. Overlayfs files will now automatically get the correct locks, no need to hack overlay support in VFS. It is a partial revert, because it leaves the locks_inode() calls in place and defines locks_inode() to file_inode(). We could revert those as well, but it would be unnecessary code churn and it makes sense to document that we are getting the inode for locking purposes. Don't revert MS_NOREMOTELOCK yet since that has been part of the userspace API for some time (though not in a useful way). Will try to remove internal flags later when the dust around the new mount API settles. Signed-off-by: Miklos Szeredi Acked-by: Jeff Layton --- fs/locks.c | 17 ++++++----------- fs/overlayfs/super.c | 2 +- include/linux/fs.h | 13 +------------ 3 files changed, 8 insertions(+), 24 deletions(-) diff --git a/fs/locks.c b/fs/locks.c index baa564841c03..dab4e72f8bff 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -139,11 +139,6 @@ #define IS_OFDLCK(fl) (fl->fl_flags & FL_OFDLCK) #define IS_REMOTELCK(fl) (fl->fl_pid <= 0) -static inline bool is_remote_lock(struct file *filp) -{ - return likely(!(filp->f_path.dentry->d_sb->s_flags & SB_NOREMOTELOCK)); -} - static bool lease_breaking(struct file_lock *fl) { return fl->fl_flags & (FL_UNLOCK_PENDING | FL_DOWNGRADE_PENDING); @@ -1875,7 +1870,7 @@ EXPORT_SYMBOL(generic_setlease); int vfs_setlease(struct file *filp, long arg, struct file_lock **lease, void **priv) { - if (filp->f_op->setlease && is_remote_lock(filp)) + if (filp->f_op->setlease) return filp->f_op->setlease(filp, arg, lease, priv); else return generic_setlease(filp, arg, lease, priv); @@ -2022,7 +2017,7 @@ SYSCALL_DEFINE2(flock, unsigned int, fd, unsigned int, cmd) if (error) goto out_free; - if (f.file->f_op->flock && is_remote_lock(f.file)) + if (f.file->f_op->flock) error = f.file->f_op->flock(f.file, (can_sleep) ? F_SETLKW : F_SETLK, lock); @@ -2048,7 +2043,7 @@ SYSCALL_DEFINE2(flock, unsigned int, fd, unsigned int, cmd) */ int vfs_test_lock(struct file *filp, struct file_lock *fl) { - if (filp->f_op->lock && is_remote_lock(filp)) + if (filp->f_op->lock) return filp->f_op->lock(filp, F_GETLK, fl); posix_test_lock(filp, fl); return 0; @@ -2191,7 +2186,7 @@ out: */ int vfs_lock_file(struct file *filp, unsigned int cmd, struct file_lock *fl, struct file_lock *conf) { - if (filp->f_op->lock && is_remote_lock(filp)) + if (filp->f_op->lock) return filp->f_op->lock(filp, cmd, fl); else return posix_lock_file(filp, fl, conf); @@ -2513,7 +2508,7 @@ locks_remove_flock(struct file *filp, struct file_lock_context *flctx) if (list_empty(&flctx->flc_flock)) return; - if (filp->f_op->flock && is_remote_lock(filp)) + if (filp->f_op->flock) filp->f_op->flock(filp, F_SETLKW, &fl); else flock_lock_inode(inode, &fl); @@ -2600,7 +2595,7 @@ EXPORT_SYMBOL(posix_unblock_lock); */ int vfs_cancel_lock(struct file *filp, struct file_lock *fl) { - if (filp->f_op->lock && is_remote_lock(filp)) + if (filp->f_op->lock) return filp->f_op->lock(filp, F_CANCELLK, fl); return 0; } diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 5bc261de5041..c63beccad4fc 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -1456,7 +1456,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent) sb->s_op = &ovl_super_operations; sb->s_xattr = ovl_xattr_handlers; sb->s_fs_info = ofs; - sb->s_flags |= SB_POSIXACL | SB_NOREMOTELOCK; + sb->s_flags |= SB_POSIXACL; err = -ENOMEM; root_dentry = d_make_root(ovl_new_inode(sb, S_IFDIR, 0)); diff --git a/include/linux/fs.h b/include/linux/fs.h index 16e2741cec3c..1cbcf37c45e1 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1054,17 +1054,7 @@ struct file_lock_context { extern void send_sigio(struct fown_struct *fown, int fd, int band); -/* - * Return the inode to use for locking - * - * For overlayfs this should be the overlay inode, not the real inode returned - * by file_inode(). For any other fs file_inode(filp) and locks_inode(filp) are - * equal. - */ -static inline struct inode *locks_inode(const struct file *f) -{ - return f->f_path.dentry->d_inode; -} +#define locks_inode(f) file_inode(f) #ifdef CONFIG_FILE_LOCKING extern int fcntl_getlk(struct file *, unsigned int, struct flock *); @@ -1305,7 +1295,6 @@ extern int send_sigurg(struct fown_struct *fown); /* These sb flags are internal to the kernel */ #define SB_SUBMOUNT (1<<26) -#define SB_NOREMOTELOCK (1<<27) #define SB_NOSEC (1<<28) #define SB_BORN (1<<29) #define SB_ACTIVE (1<<30) -- cgit v1.2.3 From 573e1784817ca1f13d76a0df636929e983e5de3c Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:44 +0200 Subject: Revert "fsnotify: support overlayfs" This reverts commit f3fbbb079263bd29ae592478de6808db7e708267. Overlayfs now works correctly without adding hacks to fsnotify. Signed-off-by: Miklos Szeredi --- include/linux/fsnotify.h | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index bdaf22582f6e..fd1ce10553bf 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -30,11 +30,7 @@ static inline int fsnotify_parent(const struct path *path, struct dentry *dentry static inline int fsnotify_perm(struct file *file, int mask) { const struct path *path = &file->f_path; - /* - * Do not use file_inode() here or anywhere in this file to get the - * inode. That would break *notity on overlayfs. - */ - struct inode *inode = path->dentry->d_inode; + struct inode *inode = file_inode(file); __u32 fsnotify_mask = 0; int ret; @@ -178,7 +174,7 @@ static inline void fsnotify_mkdir(struct inode *inode, struct dentry *dentry) static inline void fsnotify_access(struct file *file) { const struct path *path = &file->f_path; - struct inode *inode = path->dentry->d_inode; + struct inode *inode = file_inode(file); __u32 mask = FS_ACCESS; if (S_ISDIR(inode->i_mode)) @@ -196,7 +192,7 @@ static inline void fsnotify_access(struct file *file) static inline void fsnotify_modify(struct file *file) { const struct path *path = &file->f_path; - struct inode *inode = path->dentry->d_inode; + struct inode *inode = file_inode(file); __u32 mask = FS_MODIFY; if (S_ISDIR(inode->i_mode)) @@ -214,7 +210,7 @@ static inline void fsnotify_modify(struct file *file) static inline void fsnotify_open(struct file *file) { const struct path *path = &file->f_path; - struct inode *inode = path->dentry->d_inode; + struct inode *inode = file_inode(file); __u32 mask = FS_OPEN; if (S_ISDIR(inode->i_mode)) @@ -230,7 +226,7 @@ static inline void fsnotify_open(struct file *file) static inline void fsnotify_close(struct file *file) { const struct path *path = &file->f_path; - struct inode *inode = path->dentry->d_inode; + struct inode *inode = file_inode(file); fmode_t mode = file->f_mode; __u32 mask = (mode & FMODE_WRITE) ? FS_CLOSE_WRITE : FS_CLOSE_NOWRITE; -- cgit v1.2.3 From fb16043b46831a75c9b076a7262ae035290b0409 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:44 +0200 Subject: vfs: remove open_flags from d_real() Opening regular files on overlayfs is now handled via ovl_open(). Remove the now unused "open_flags" argument from d_op->d_real() and the d_real() helper. Signed-off-by: Miklos Szeredi --- Documentation/filesystems/Locking | 3 +-- Documentation/filesystems/vfs.txt | 16 ++++------------ fs/overlayfs/super.c | 36 +++--------------------------------- include/linux/dcache.h | 11 ++++------- include/linux/fs.h | 2 +- 5 files changed, 13 insertions(+), 55 deletions(-) diff --git a/Documentation/filesystems/Locking b/Documentation/filesystems/Locking index 24e1a4f37c83..08a36e14e8fc 100644 --- a/Documentation/filesystems/Locking +++ b/Documentation/filesystems/Locking @@ -21,8 +21,7 @@ prototypes: char *(*d_dname)((struct dentry *dentry, char *buffer, int buflen); struct vfsmount *(*d_automount)(struct path *path); int (*d_manage)(const struct path *, bool); - struct dentry *(*d_real)(struct dentry *, const struct inode *, - unsigned int); + struct dentry *(*d_real)(struct dentry *, const struct inode *); locking rules: rename_lock ->d_lock may block rcu-walk diff --git a/Documentation/filesystems/vfs.txt b/Documentation/filesystems/vfs.txt index 6417b161f88d..497609f00e3e 100644 --- a/Documentation/filesystems/vfs.txt +++ b/Documentation/filesystems/vfs.txt @@ -1000,8 +1000,7 @@ struct dentry_operations { char *(*d_dname)(struct dentry *, char *, int); struct vfsmount *(*d_automount)(struct path *); int (*d_manage)(const struct path *, bool); - struct dentry *(*d_real)(struct dentry *, const struct inode *, - unsigned int); + struct dentry *(*d_real)(struct dentry *, const struct inode *); }; d_revalidate: called when the VFS needs to revalidate a dentry. This @@ -1135,22 +1134,15 @@ struct dentry_operations { dentry being transited from. d_real: overlay/union type filesystems implement this method to return one of - the underlying dentries hidden by the overlay. It is used in three + the underlying dentries hidden by the overlay. It is used in two different modes: - Called from open it may need to copy-up the file depending on the - supplied open flags. This mode is selected with a non-zero flags - argument. In this mode the d_real method can return an error. - Called from file_dentry() it returns the real dentry matching the inode argument. The real dentry may be from a lower layer already copied up, but still referenced from the file. This mode is selected with a - non-NULL inode argument. This will always succeed. - - With NULL inode and zero flags the topmost real underlying dentry is - returned. This will always succeed. + non-NULL inode argument. - This method is never called with both non-NULL inode and non-zero flags. + With NULL inode the topmost real underlying dentry is returned. Each dentry has a pointer to its parent dentry, as well as a hash list of child dentries. Child dentries are basically like files in a diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index c63beccad4fc..0e84593af84e 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -74,28 +74,10 @@ static void ovl_dentry_release(struct dentry *dentry) } } -static int ovl_check_append_only(struct inode *inode, int flag) -{ - /* - * This test was moot in vfs may_open() because overlay inode does - * not have the S_APPEND flag, so re-check on real upper inode - */ - if (IS_APPEND(inode)) { - if ((flag & O_ACCMODE) != O_RDONLY && !(flag & O_APPEND)) - return -EPERM; - if (flag & O_TRUNC) - return -EPERM; - } - - return 0; -} - static struct dentry *ovl_d_real(struct dentry *dentry, - const struct inode *inode, - unsigned int open_flags) + const struct inode *inode) { struct dentry *real; - int err; /* It's an overlay file */ if (inode && d_inode(dentry) == inode) @@ -107,28 +89,16 @@ static struct dentry *ovl_d_real(struct dentry *dentry, goto bug; } - if (open_flags) { - err = ovl_open_maybe_copy_up(dentry, open_flags); - if (err) - return ERR_PTR(err); - } - real = ovl_dentry_upper(dentry); - if (real && (!inode || inode == d_inode(real))) { - if (!inode) { - err = ovl_check_append_only(d_inode(real), open_flags); - if (err) - return ERR_PTR(err); - } + if (real && (!inode || inode == d_inode(real))) return real; - } real = ovl_dentry_lower(dentry); if (!real) goto bug; /* Handle recursion */ - real = d_real(real, inode, open_flags); + real = d_real(real, inode); if (!inode || inode == d_inode(real)) return real; diff --git a/include/linux/dcache.h b/include/linux/dcache.h index 8fe4efa94af6..78cea80423a3 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h @@ -145,8 +145,7 @@ struct dentry_operations { char *(*d_dname)(struct dentry *, char *, int); struct vfsmount *(*d_automount)(struct path *); int (*d_manage)(const struct path *, bool); - struct dentry *(*d_real)(struct dentry *, const struct inode *, - unsigned int); + struct dentry *(*d_real)(struct dentry *, const struct inode *); } ____cacheline_aligned; /* @@ -568,7 +567,6 @@ static inline struct dentry *d_backing_dentry(struct dentry *upper) * d_real - Return the real dentry * @dentry: the dentry to query * @inode: inode to select the dentry from multiple layers (can be NULL) - * @flags: open flags to control copy-up behavior * * If dentry is on a union/overlay, then return the underlying, real dentry. * Otherwise return the dentry itself. @@ -576,11 +574,10 @@ static inline struct dentry *d_backing_dentry(struct dentry *upper) * See also: Documentation/filesystems/vfs.txt */ static inline struct dentry *d_real(struct dentry *dentry, - const struct inode *inode, - unsigned int flags) + const struct inode *inode) { if (unlikely(dentry->d_flags & DCACHE_OP_REAL)) - return dentry->d_op->d_real(dentry, inode, flags); + return dentry->d_op->d_real(dentry, inode); else return dentry; } @@ -595,7 +592,7 @@ static inline struct dentry *d_real(struct dentry *dentry, static inline struct inode *d_real_inode(const struct dentry *dentry) { /* This usage of d_real() results in const dentry */ - return d_backing_inode(d_real((struct dentry *) dentry, NULL, 0)); + return d_backing_inode(d_real((struct dentry *) dentry, NULL)); } struct name_snapshot { diff --git a/include/linux/fs.h b/include/linux/fs.h index 1cbcf37c45e1..1fa63d184d1f 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1239,7 +1239,7 @@ static inline struct inode *file_inode(const struct file *f) static inline struct dentry *file_dentry(const struct file *file) { - return d_real(file->f_path.dentry, file_inode(file), 0); + return d_real(file->f_path.dentry, file_inode(file)); } static inline int locks_lock_file_wait(struct file *filp, struct file_lock *fl) -- cgit v1.2.3 From 670c23248e15254e30990cbbe63056c0490190bc Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:44 +0200 Subject: ovl: obsolete "check_copy_up" module option This was provided for debugging the ro/rw inconsistecy. The inconsitency is now gone so this option is obsolete. Signed-off-by: Miklos Szeredi --- fs/overlayfs/copy_up.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index ddaddb4ce4c3..65ee07e36141 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -25,35 +25,20 @@ #define OVL_COPY_UP_CHUNK_SIZE (1 << 20) -static bool __read_mostly ovl_check_copy_up; -module_param_named(check_copy_up, ovl_check_copy_up, bool, - S_IWUSR | S_IRUGO); -MODULE_PARM_DESC(ovl_check_copy_up, - "Warn on copy-up when causing process also has a R/O fd open"); - -static int ovl_check_fd(const void *data, struct file *f, unsigned int fd) +static int ovl_ccup_set(const char *buf, const struct kernel_param *param) { - const struct dentry *dentry = data; - - if (file_inode(f) == d_inode(dentry)) - pr_warn_ratelimited("overlayfs: Warning: Copying up %pD, but open R/O on fd %u which will cease to be coherent [pid=%d %s]\n", - f, fd, current->pid, current->comm); + pr_warn("overlayfs: \"check_copy_up\" module option is obsolete\n"); return 0; } -/* - * Check the fds open by this process and warn if something like the following - * scenario is about to occur: - * - * fd1 = open("foo", O_RDONLY); - * fd2 = open("foo", O_RDWR); - */ -static void ovl_do_check_copy_up(struct dentry *dentry) +static int ovl_ccup_get(char *buf, const struct kernel_param *param) { - if (ovl_check_copy_up) - iterate_fd(current->files, 0, ovl_check_fd, dentry); + return sprintf(buf, "N\n"); } +module_param_call(check_copy_up, ovl_ccup_set, ovl_ccup_get, NULL, 0644); +MODULE_PARM_DESC(ovl_check_copy_up, "Obsolete; does nothing"); + int ovl_copy_xattr(struct dentry *old, struct dentry *new) { ssize_t list_size, size, value_size = 0; @@ -719,7 +704,6 @@ static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, if (IS_ERR(ctx.link)) return PTR_ERR(ctx.link); } - ovl_do_check_copy_up(ctx.lowerpath.dentry); err = ovl_copy_up_start(dentry); /* err < 0: interrupted, err > 0: raced with another copy-up */ -- cgit v1.2.3 From 0c31d675aad949e5dfecf7a32813514423e6c766 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 18 Jul 2018 15:44:44 +0200 Subject: ovl: fix documentation of non-standard behavior We can now drop description of the ro/rw inconsistency from the documentation. Also clarify, that now fully standard compliant behavior can be enabled with kernel/module/mount options. Signed-off-by: Miklos Szeredi --- Documentation/filesystems/overlayfs.txt | 51 +++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/Documentation/filesystems/overlayfs.txt b/Documentation/filesystems/overlayfs.txt index 72615a2c0752..c2c71be75e3d 100644 --- a/Documentation/filesystems/overlayfs.txt +++ b/Documentation/filesystems/overlayfs.txt @@ -10,10 +10,6 @@ union-filesystems). An overlay-filesystem tries to present a filesystem which is the result over overlaying one filesystem on top of the other. -The result will inevitably fail to look exactly like a normal -filesystem for various technical reasons. The expectation is that -many use cases will be able to ignore these differences. - Overlay objects --------------- @@ -306,27 +302,40 @@ the copied layers will fail the verification of the lower root file handle. Non-standard behavior --------------------- -The copy_up operation essentially creates a new, identical file and -moves it over to the old name. Any open files referring to this inode -will access the old data. +Overlayfs can now act as a POSIX compliant filesystem with the following +features turned on: + +1) "redirect_dir" + +Enabled with the mount option or module option: "redirect_dir=on" or with +the kernel config option CONFIG_OVERLAY_FS_REDIRECT_DIR=y. + +If this feature is disabled, then rename(2) on a lower or merged directory +will fail with EXDEV ("Invalid cross-device link"). + +2) "inode index" + +Enabled with the mount option or module option "index=on" or with the +kernel config option CONFIG_OVERLAY_FS_INDEX=y. -The new file may be on a different filesystem, so both st_dev and st_ino -of the real file may change. The values of st_dev and st_ino returned by -stat(2) on an overlay object are often not the same as the real file -stat(2) values to prevent the values from changing on copy_up. +If this feature is disabled and a file with multiple hard links is copied +up, then this will "break" the link. Changes will not be propagated to +other names referring to the same inode. -Unless "xino" feature is enabled, when overlay layers are not all on the -same underlying filesystem, the value of st_dev may be different for two -non-directory objects in the same overlay filesystem and the value of -st_ino for directory objects may be non persistent and could change even -while the overlay filesystem is still mounted. +3) "xino" -Unless "inode index" feature is enabled, if a file with multiple hard -links is copied up, then this will "break" the link. Changes will not be -propagated to other names referring to the same inode. +Enabled with the mount option "xino=auto" or "xino=on", with the module +option "xino_auto=on" or with the kernel config option +CONFIG_OVERLAY_FS_XINO_AUTO=y. Also implicitly enabled by using the same +underlying filesystem for all layers making up the overlay. -Unless "redirect_dir" feature is enabled, rename(2) on a lower or merged -directory will fail with EXDEV. +If this feature is disabled or the underlying filesystem doesn't have +enough free bits in the inode number, then overlayfs will not be able to +guarantee that the values of st_ino and st_dev returned by stat(2) and the +value of d_ino returned by readdir(3) will act like on a normal filesystem. +E.g. the value of st_dev may be different for two objects in the same +overlay filesystem and the value of st_ino for directory objects may not be +persistent and could change even while the overlay filesystem is mounted. Changes to underlying filesystems -- cgit v1.2.3 From 9cec54c83a8baba3099bb8b445a735b93ab9511f Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:27 -0400 Subject: ovl: Initialize ovl_inode->redirect in ovl_get_inode() ovl_inode->redirect is an inode property and should be initialized in ovl_get_inode() only when we are adding a new inode to cache. If inode is already in cache, it is already initialized and we should not be touching ovl_inode->redirect field. As of now this is not a problem as redirects are used only for directories which don't share inode. But soon I want to use redirects for regular files also and there it can become an issue. Hence, move ->redirect initialization in ovl_get_inode(). Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/inode.c | 3 +++ fs/overlayfs/namei.c | 8 +------- fs/overlayfs/overlayfs.h | 1 + 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 28ee802e6eaf..4833545d709b 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -844,6 +844,7 @@ struct inode *ovl_get_inode(struct super_block *sb, } dput(upperdentry); + kfree(oip->redirect); goto out; } @@ -867,6 +868,8 @@ struct inode *ovl_get_inode(struct super_block *sb, if (oip->index) ovl_set_flag(OVL_INDEX, inode); + OVL_I(inode)->redirect = oip->redirect; + /* Check for non-merge dir that may have whiteouts */ if (is_dir) { if (((upperdentry && lowerdentry) || oip->numlower > 1) || diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index c993dd8db739..ebc377bd010a 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -1009,19 +1009,13 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, .lowerpath = stack, .index = index, .numlower = ctr, + .redirect = upperredirect, }; inode = ovl_get_inode(dentry->d_sb, &oip); err = PTR_ERR(inode); if (IS_ERR(inode)) goto out_free_oe; - - /* - * NB: handle redirected hard links when non-dir redirects - * become possible - */ - WARN_ON(OVL_I(inode)->redirect); - OVL_I(inode)->redirect = upperredirect; } revert_creds(old_cred); diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 16d439ebfe02..69010e3dd846 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -335,6 +335,7 @@ struct ovl_inode_params { struct ovl_path *lowerpath; struct dentry *index; unsigned int numlower; + char *redirect; }; struct inode *ovl_new_inode(struct super_block *sb, umode_t mode, dev_t rdev); struct inode *ovl_lookup_inode(struct super_block *sb, struct dentry *real, -- cgit v1.2.3 From d6eac039133b31f9db1c63d2e51b88df61d075cc Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:27 -0400 Subject: ovl: Move the copy up helpers to copy_up.c Right now two copy up helpers are in inode.c. Amir suggested it might be better to move these to copy_up.c. There will one more related function which will come in later patch. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/copy_up.c | 32 ++++++++++++++++++++++++++++++++ fs/overlayfs/inode.c | 32 -------------------------------- fs/overlayfs/overlayfs.h | 2 +- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 65ee07e36141..304b26860743 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -779,6 +779,38 @@ int ovl_copy_up_flags(struct dentry *dentry, int flags) return err; } +static bool ovl_open_need_copy_up(struct dentry *dentry, int flags) +{ + /* Copy up of disconnected dentry does not set upper alias */ + if (ovl_dentry_upper(dentry) && + (ovl_dentry_has_upper_alias(dentry) || + (dentry->d_flags & DCACHE_DISCONNECTED))) + return false; + + if (special_file(d_inode(dentry)->i_mode)) + return false; + + if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC)) + return false; + + return true; +} + +int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags) +{ + int err = 0; + + if (ovl_open_need_copy_up(dentry, file_flags)) { + err = ovl_want_write(dentry); + if (!err) { + err = ovl_copy_up_flags(dentry, file_flags); + ovl_drop_write(dentry); + } + } + + return err; +} + int ovl_copy_up(struct dentry *dentry) { return ovl_copy_up_flags(dentry, 0); diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 4833545d709b..a30cbd754bf2 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -399,38 +399,6 @@ struct posix_acl *ovl_get_acl(struct inode *inode, int type) return acl; } -static bool ovl_open_need_copy_up(struct dentry *dentry, int flags) -{ - /* Copy up of disconnected dentry does not set upper alias */ - if (ovl_dentry_upper(dentry) && - (ovl_dentry_has_upper_alias(dentry) || - (dentry->d_flags & DCACHE_DISCONNECTED))) - return false; - - if (special_file(d_inode(dentry)->i_mode)) - return false; - - if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC)) - return false; - - return true; -} - -int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags) -{ - int err = 0; - - if (ovl_open_need_copy_up(dentry, file_flags)) { - err = ovl_want_write(dentry); - if (!err) { - err = ovl_copy_up_flags(dentry, file_flags); - ovl_drop_write(dentry); - } - } - - return err; -} - int ovl_update_time(struct inode *inode, struct timespec64 *ts, int flags) { if (flags & S_ATIME) { diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 69010e3dd846..c0318b5a50f0 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -325,7 +325,6 @@ int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char *name, void *value, size_t size); ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size); struct posix_acl *ovl_get_acl(struct inode *inode, int type); -int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags); int ovl_update_time(struct inode *inode, struct timespec64 *ts, int flags); bool ovl_is_private_xattr(const char *name); @@ -384,6 +383,7 @@ extern const struct file_operations ovl_file_operations; /* copy_up.c */ int ovl_copy_up(struct dentry *dentry); int ovl_copy_up_flags(struct dentry *dentry, int flags); +int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags); int ovl_copy_xattr(struct dentry *old, struct dentry *new); int ovl_set_attr(struct dentry *upper, struct kstat *stat); struct ovl_fh *ovl_encode_real_fh(struct dentry *real, bool is_upper); -- cgit v1.2.3 From d5791044d2e5749ef4de84161cec5532e2111540 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:27 -0400 Subject: ovl: Provide a mount option metacopy=on/off for metadata copyup By default metadata only copy up is disabled. Provide a mount option so that users can choose one way or other. Also provide a kernel config and module option to enable/disable metacopy feature. metacopy feature requires redirect_dir=on when upper is present. Otherwise, it requires redirect_dir=follow atleast. As of now, metacopy does not work with nfs_export=on. So if both metacopy=on and nfs_export=on then nfs_export is disabled. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- Documentation/filesystems/overlayfs.txt | 30 ++++++++++++++++++++- fs/overlayfs/Kconfig | 19 ++++++++++++++ fs/overlayfs/ovl_entry.h | 1 + fs/overlayfs/super.c | 46 ++++++++++++++++++++++++++++++--- 4 files changed, 92 insertions(+), 4 deletions(-) diff --git a/Documentation/filesystems/overlayfs.txt b/Documentation/filesystems/overlayfs.txt index c2c71be75e3d..51c136c821bf 100644 --- a/Documentation/filesystems/overlayfs.txt +++ b/Documentation/filesystems/overlayfs.txt @@ -262,6 +262,30 @@ rightmost one and going left. In the above example lower1 will be the top, lower2 the middle and lower3 the bottom layer. +Metadata only copy up +-------------------- + +When metadata only copy up feature is enabled, overlayfs will only copy +up metadata (as opposed to whole file), when a metadata specific operation +like chown/chmod is performed. Full file will be copied up later when +file is opened for WRITE operation. + +In other words, this is delayed data copy up operation and data is copied +up when there is a need to actually modify data. + +There are multiple ways to enable/disable this feature. A config option +CONFIG_OVERLAY_FS_METACOPY can be set/unset to enable/disable this feature +by default. Or one can enable/disable it at module load time with module +parameter metacopy=on/off. Lastly, there is also a per mount option +metacopy=on/off to enable/disable this feature per mount. + +Do not use metacopy=on with untrusted upper/lower directories. Otherwise +it is possible that an attacker can create a handcrafted file with +appropriate REDIRECT and METACOPY xattrs, and gain access to file on lower +pointed by REDIRECT. This should not be possible on local system as setting +"trusted." xattrs will require CAP_SYS_ADMIN. But it should be possible +for untrusted layers like from a pen drive. + Sharing and copying layers -------------------------- @@ -280,7 +304,7 @@ though it will not result in a crash or deadlock. Mounting an overlay using an upper layer path, where the upper layer path was previously used by another mounted overlay in combination with a different lower layer path, is allowed, unless the "inodes index" feature -is enabled. +or "metadata only copy up" feature is enabled. With the "inodes index" feature, on the first time mount, an NFS file handle of the lower layer root directory, along with the UUID of the lower @@ -293,6 +317,10 @@ lower root origin, mount will fail with ESTALE. An overlayfs mount with does not support NFS export, lower filesystem does not have a valid UUID or if the upper filesystem does not support extended attributes. +For "metadata only copy up" feature there is no verification mechanism at +mount time. So if same upper is mounted with different set of lower, mount +probably will succeed but expect the unexpected later on. So don't do it. + It is quite a common practice to copy overlay layers to a different directory tree on the same or different underlying filesystem, and even to a different machine. With the "inodes index" feature, trying to mount diff --git a/fs/overlayfs/Kconfig b/fs/overlayfs/Kconfig index 9384164253ac..2ef91be2a04e 100644 --- a/fs/overlayfs/Kconfig +++ b/fs/overlayfs/Kconfig @@ -64,6 +64,7 @@ config OVERLAY_FS_NFS_EXPORT bool "Overlayfs: turn on NFS export feature by default" depends on OVERLAY_FS depends on OVERLAY_FS_INDEX + depends on !OVERLAY_FS_METACOPY help If this config option is enabled then overlay filesystems will use the index directory to decode overlay NFS file handles by default. @@ -103,3 +104,21 @@ config OVERLAY_FS_XINO_AUTO For more information, see Documentation/filesystems/overlayfs.txt If unsure, say N. + +config OVERLAY_FS_METACOPY + bool "Overlayfs: turn on metadata only copy up feature by default" + depends on OVERLAY_FS + select OVERLAY_FS_REDIRECT_DIR + help + If this config option is enabled then overlay filesystems will + copy up only metadata where appropriate and data copy up will + happen when a file is opened for WRITE operation. It is still + possible to turn off this feature globally with the "metacopy=off" + module option or on a filesystem instance basis with the + "metacopy=off" mount option. + + Note, that this feature is not backward compatible. That is, + mounting an overlay which has metacopy only inodes on a kernel + that doesn't support this feature will have unexpected results. + + If unsure, say N. diff --git a/fs/overlayfs/ovl_entry.h b/fs/overlayfs/ovl_entry.h index 41655a7d6894..ea4134e97d0d 100644 --- a/fs/overlayfs/ovl_entry.h +++ b/fs/overlayfs/ovl_entry.h @@ -19,6 +19,7 @@ struct ovl_config { bool index; bool nfs_export; int xino; + bool metacopy; }; struct ovl_sb { diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 0e84593af84e..d4caeee051ee 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -64,6 +64,11 @@ static void ovl_entry_stack_free(struct ovl_entry *oe) dput(oe->lowerstack[i].dentry); } +static bool ovl_metacopy_def = IS_ENABLED(CONFIG_OVERLAY_FS_METACOPY); +module_param_named(metacopy, ovl_metacopy_def, bool, 0644); +MODULE_PARM_DESC(ovl_metacopy_def, + "Default to on or off for the metadata only copy up feature"); + static void ovl_dentry_release(struct dentry *dentry) { struct ovl_entry *oe = dentry->d_fsdata; @@ -347,6 +352,9 @@ static int ovl_show_options(struct seq_file *m, struct dentry *dentry) "on" : "off"); if (ofs->config.xino != ovl_xino_def()) seq_printf(m, ",xino=%s", ovl_xino_str[ofs->config.xino]); + if (ofs->config.metacopy != ovl_metacopy_def) + seq_printf(m, ",metacopy=%s", + ofs->config.metacopy ? "on" : "off"); return 0; } @@ -384,6 +392,8 @@ enum { OPT_XINO_ON, OPT_XINO_OFF, OPT_XINO_AUTO, + OPT_METACOPY_ON, + OPT_METACOPY_OFF, OPT_ERR, }; @@ -400,6 +410,8 @@ static const match_table_t ovl_tokens = { {OPT_XINO_ON, "xino=on"}, {OPT_XINO_OFF, "xino=off"}, {OPT_XINO_AUTO, "xino=auto"}, + {OPT_METACOPY_ON, "metacopy=on"}, + {OPT_METACOPY_OFF, "metacopy=off"}, {OPT_ERR, NULL} }; @@ -452,6 +464,7 @@ static int ovl_parse_redirect_mode(struct ovl_config *config, const char *mode) static int ovl_parse_opt(char *opt, struct ovl_config *config) { char *p; + int err; config->redirect_mode = kstrdup(ovl_redirect_mode_def(), GFP_KERNEL); if (!config->redirect_mode) @@ -526,6 +539,14 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) config->xino = OVL_XINO_AUTO; break; + case OPT_METACOPY_ON: + config->metacopy = true; + break; + + case OPT_METACOPY_OFF: + config->metacopy = false; + break; + default: pr_err("overlayfs: unrecognized mount option \"%s\" or missing value\n", p); return -EINVAL; @@ -540,7 +561,20 @@ static int ovl_parse_opt(char *opt, struct ovl_config *config) config->workdir = NULL; } - return ovl_parse_redirect_mode(config, config->redirect_mode); + err = ovl_parse_redirect_mode(config, config->redirect_mode); + if (err) + return err; + + /* metacopy feature with upper requires redirect_dir=on */ + if (config->upperdir && config->metacopy && !config->redirect_dir) { + pr_warn("overlayfs: metadata only copy up requires \"redirect_dir=on\", falling back to metacopy=off.\n"); + config->metacopy = false; + } else if (config->metacopy && !config->redirect_follow) { + pr_warn("overlayfs: metadata only copy up requires \"redirect_dir=follow\" on non-upper mount, falling back to metacopy=off.\n"); + config->metacopy = false; + } + + return 0; } #define OVL_WORKDIR_NAME "work" @@ -1013,7 +1047,8 @@ static int ovl_make_workdir(struct ovl_fs *ofs, struct path *workpath) if (err) { ofs->noxattr = true; ofs->config.index = false; - pr_warn("overlayfs: upper fs does not support xattr, falling back to index=off.\n"); + ofs->config.metacopy = false; + pr_warn("overlayfs: upper fs does not support xattr, falling back to index=off and metacopy=off.\n"); err = 0; } else { vfs_removexattr(ofs->workdir, OVL_XATTR_OPAQUE); @@ -1035,7 +1070,6 @@ static int ovl_make_workdir(struct ovl_fs *ofs, struct path *workpath) pr_warn("overlayfs: NFS export requires \"index=on\", falling back to nfs_export=off.\n"); ofs->config.nfs_export = false; } - out: mnt_drop_write(mnt); return err; @@ -1346,6 +1380,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent) ofs->config.index = ovl_index_def; ofs->config.nfs_export = ovl_nfs_export_def; ofs->config.xino = ovl_xino_def(); + ofs->config.metacopy = ovl_metacopy_def; err = ovl_parse_opt((char *) data, &ofs->config); if (err) goto out_err; @@ -1416,6 +1451,11 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent) } } + if (ofs->config.metacopy && ofs->config.nfs_export) { + pr_warn("overlayfs: NFS export is not supported with metadata only copy up, falling back to nfs_export=off.\n"); + ofs->config.nfs_export = false; + } + if (ofs->config.nfs_export) sb->s_export_op = &ovl_export_operations; -- cgit v1.2.3 From bd64e57586d3722d2fc06093c3d7e3c4adb9e060 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:27 -0400 Subject: ovl: During copy up, first copy up metadata and then data Just a little re-ordering of code. This helps with next patch where after copying up metadata, we skip data copying step, if needed. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/copy_up.c | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 304b26860743..9d3cdbf910ff 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -490,28 +490,10 @@ static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp) { int err; - if (S_ISREG(c->stat.mode)) { - struct path upperpath; - - ovl_path_upper(c->dentry, &upperpath); - BUG_ON(upperpath.dentry != NULL); - upperpath.dentry = temp; - - err = ovl_copy_up_data(&c->lowerpath, &upperpath, c->stat.size); - if (err) - return err; - } - err = ovl_copy_xattr(c->lowerpath.dentry, temp); if (err) return err; - inode_lock(temp->d_inode); - err = ovl_set_attr(temp, &c->stat); - inode_unlock(temp->d_inode); - if (err) - return err; - /* * Store identifier of lower inode in upper inode xattr to * allow lookup of the copy up origin inode. @@ -525,7 +507,23 @@ static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp) return err; } - return 0; + if (S_ISREG(c->stat.mode)) { + struct path upperpath; + + ovl_path_upper(c->dentry, &upperpath); + BUG_ON(upperpath.dentry != NULL); + upperpath.dentry = temp; + + err = ovl_copy_up_data(&c->lowerpath, &upperpath, c->stat.size); + if (err) + return err; + } + + inode_lock(temp->d_inode); + err = ovl_set_attr(temp, &c->stat); + inode_unlock(temp->d_inode); + + return err; } static int ovl_copy_up_locked(struct ovl_copy_up_ctx *c) -- cgit v1.2.3 From 44d5bf109a73f4162d97ab714770fdf76a8dc685 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:27 -0400 Subject: ovl: Copy up only metadata during copy up where it makes sense If it makes sense to copy up only metadata during copy up, do it. This is done for regular files which are not opened for WRITE. Right now ->metacopy is set to 0 always. Last patch in the series will remove the hard coded statement and enable metacopy feature. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/copy_up.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 9d3cdbf910ff..d23467976725 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -388,6 +388,7 @@ struct ovl_copy_up_ctx { bool tmpfile; bool origin; bool indexed; + bool metacopy; }; static int ovl_link_up(struct ovl_copy_up_ctx *c) @@ -507,7 +508,7 @@ static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp) return err; } - if (S_ISREG(c->stat.mode)) { + if (S_ISREG(c->stat.mode) && !c->metacopy) { struct path upperpath; ovl_path_upper(c->dentry, &upperpath); @@ -660,6 +661,26 @@ out: return err; } +static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode, + int flags) +{ + struct ovl_fs *ofs = dentry->d_sb->s_fs_info; + + /* TODO: Will enable metacopy in last patch of series */ + return false; + + if (!ofs->config.metacopy) + return false; + + if (!S_ISREG(mode)) + return false; + + if (flags && ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC))) + return false; + + return true; +} + static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, int flags) { @@ -681,6 +702,8 @@ static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, if (err) return err; + ctx.metacopy = ovl_need_meta_copy_up(dentry, ctx.stat.mode, flags); + if (parent) { ovl_path_upper(parent, &parentpath); ctx.destdir = parentpath.dentry; -- cgit v1.2.3 From 2002df85367ca69961d39020f56d3d727897be01 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:28 -0400 Subject: ovl: Add helper ovl_already_copied_up() There are couple of places where we need to know if file is already copied up (in lockless manner). Right now its open coded and there are only two conditions to check. Soon this patch series will introduce another condition to check and Amir wants to introduce one more. So introduce a helper instead to check this so that code is easier to read. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/copy_up.c | 20 ++------------------ fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/util.c | 26 +++++++++++++++++++++++++- 3 files changed, 28 insertions(+), 19 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index d23467976725..aa3c62a4e462 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -761,21 +761,7 @@ int ovl_copy_up_flags(struct dentry *dentry, int flags) struct dentry *next; struct dentry *parent = NULL; - /* - * Check if copy-up has happened as well as for upper alias (in - * case of hard links) is there. - * - * Both checks are lockless: - * - false negatives: will recheck under oi->lock - * - false positives: - * + ovl_dentry_upper() uses memory barriers to ensure the - * upper dentry is up-to-date - * + ovl_dentry_has_upper_alias() relies on locking of - * upper parent i_rwsem to prevent reordering copy-up - * with rename. - */ - if (ovl_dentry_upper(dentry) && - (ovl_dentry_has_upper_alias(dentry) || disconnected)) + if (ovl_already_copied_up(dentry)) break; next = dget(dentry); @@ -803,9 +789,7 @@ int ovl_copy_up_flags(struct dentry *dentry, int flags) static bool ovl_open_need_copy_up(struct dentry *dentry, int flags) { /* Copy up of disconnected dentry does not set upper alias */ - if (ovl_dentry_upper(dentry) && - (ovl_dentry_has_upper_alias(dentry) || - (dentry->d_flags & DCACHE_DISCONNECTED))) + if (ovl_already_copied_up(dentry)) return false; if (special_file(d_inode(dentry)->i_mode)) diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index c0318b5a50f0..206e588df095 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -238,6 +238,7 @@ bool ovl_is_whiteout(struct dentry *dentry); struct file *ovl_path_open(struct path *path, int flags); int ovl_copy_up_start(struct dentry *dentry); void ovl_copy_up_end(struct dentry *dentry); +bool ovl_already_copied_up(struct dentry *dentry); bool ovl_check_origin_xattr(struct dentry *dentry); bool ovl_check_dir_xattr(struct dentry *dentry, const char *name); int ovl_check_setxattr(struct dentry *dentry, struct dentry *upperdentry, diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 25d202b47326..43235294e77b 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -377,13 +377,37 @@ struct file *ovl_path_open(struct path *path, int flags) return dentry_open(path, flags | O_NOATIME, current_cred()); } +bool ovl_already_copied_up(struct dentry *dentry) +{ + bool disconnected = dentry->d_flags & DCACHE_DISCONNECTED; + + /* + * Check if copy-up has happened as well as for upper alias (in + * case of hard links) is there. + * + * Both checks are lockless: + * - false negatives: will recheck under oi->lock + * - false positives: + * + ovl_dentry_upper() uses memory barriers to ensure the + * upper dentry is up-to-date + * + ovl_dentry_has_upper_alias() relies on locking of + * upper parent i_rwsem to prevent reordering copy-up + * with rename. + */ + if (ovl_dentry_upper(dentry) && + (ovl_dentry_has_upper_alias(dentry) || disconnected)) + return true; + + return false; +} + int ovl_copy_up_start(struct dentry *dentry) { struct ovl_inode *oi = OVL_I(d_inode(dentry)); int err; err = mutex_lock_interruptible(&oi->lock); - if (!err && ovl_dentry_has_upper_alias(dentry)) { + if (!err && ovl_already_copied_up(dentry)) { err = 1; /* Already copied up */ mutex_unlock(&oi->lock); } -- cgit v1.2.3 From 0c2888749363645d62cc48852d0af98d5ceef332 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:28 -0400 Subject: ovl: A new xattr OVL_XATTR_METACOPY for file on upper Now we will have the capability to have upper inodes which might be only metadata copy up and data is still on lower inode. So add a new xattr OVL_XATTR_METACOPY to distinguish between two cases. Presence of OVL_XATTR_METACOPY reflects that file has been copied up metadata only and and data will be copied up later from lower origin. So this xattr is set when a metadata copy takes place and cleared when data copy takes place. We also use a bit in ovl_inode->flags to cache OVL_UPPERDATA which reflects whether ovl inode has data or not (as opposed to metadata only copy up). If a file is copied up metadata only and later when same file is opened for WRITE, then data copy up takes place. We copy up data, remove METACOPY xattr and then set the UPPERDATA flag in ovl_inode->flags. While all these operations happen with oi->lock held, read side of oi->flags can be lockless. That is another thread on another cpu can check if UPPERDATA flag is set or not. So this gives us an ordering requirement w.r.t UPPERDATA flag. That is, if another cpu sees UPPERDATA flag set, then it should be guaranteed that effects of data copy up and remove xattr operations are also visible. For example. CPU1 CPU2 ovl_open() acquire(oi->lock) ovl_open_maybe_copy_up() ovl_copy_up_data() open_open_need_copy_up() vfs_removexattr() ovl_already_copied_up() ovl_dentry_needs_data_copy_up() ovl_set_flag(OVL_UPPERDATA) ovl_test_flag(OVL_UPPERDATA) release(oi->lock) Say CPU2 is copying up data and in the end sets UPPERDATA flag. But if CPU1 perceives the effects of setting UPPERDATA flag but not the effects of preceding operations (ex. upper that is not fully copied up), it will be a problem. Hence this patch introduces smp_wmb() on setting UPPERDATA flag operation and smp_rmb() on UPPERDATA flag test operation. May be some other lock or barrier is already covering it. But I am not sure what that is and is it obvious enough that we will not break it in future. So hence trying to be safe here and introducing barriers explicitly for UPPERDATA flag/bit. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/copy_up.c | 56 ++++++++++++++++++++++++++++++---- fs/overlayfs/overlayfs.h | 18 +++++++++-- fs/overlayfs/super.c | 1 + fs/overlayfs/util.c | 78 +++++++++++++++++++++++++++++++++++++++++++++--- 4 files changed, 142 insertions(+), 11 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index aa3c62a4e462..7e6664d6643d 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -180,6 +180,16 @@ out_fput: return error; } +static int ovl_set_size(struct dentry *upperdentry, struct kstat *stat) +{ + struct iattr attr = { + .ia_valid = ATTR_SIZE, + .ia_size = stat->size, + }; + + return notify_change(upperdentry, &attr, NULL); +} + static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat) { struct iattr attr = { @@ -520,8 +530,18 @@ static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp) return err; } + if (c->metacopy) { + err = ovl_check_setxattr(c->dentry, temp, OVL_XATTR_METACOPY, + NULL, 0, -EOPNOTSUPP); + if (err) + return err; + } + inode_lock(temp->d_inode); - err = ovl_set_attr(temp, &c->stat); + if (c->metacopy) + err = ovl_set_size(temp, &c->stat); + if (!err) + err = ovl_set_attr(temp, &c->stat); inode_unlock(temp->d_inode); return err; @@ -559,6 +579,8 @@ static int ovl_copy_up_locked(struct ovl_copy_up_ctx *c) if (err) goto out; + if (!c->metacopy) + ovl_set_upperdata(d_inode(c->dentry)); inode = d_inode(c->dentry); ovl_inode_update(inode, newdentry); if (S_ISDIR(inode->i_mode)) @@ -681,6 +703,28 @@ static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode, return true; } +/* Copy up data of an inode which was copied up metadata only in the past. */ +static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c) +{ + struct path upperpath; + int err; + + ovl_path_upper(c->dentry, &upperpath); + if (WARN_ON(upperpath.dentry == NULL)) + return -EIO; + + err = ovl_copy_up_data(&c->lowerpath, &upperpath, c->stat.size); + if (err) + return err; + + err = vfs_removexattr(upperpath.dentry, OVL_XATTR_METACOPY); + if (err) + return err; + + ovl_set_upperdata(d_inode(c->dentry)); + return err; +} + static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, int flags) { @@ -726,7 +770,7 @@ static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, return PTR_ERR(ctx.link); } - err = ovl_copy_up_start(dentry); + err = ovl_copy_up_start(dentry, flags); /* err < 0: interrupted, err > 0: raced with another copy-up */ if (unlikely(err)) { if (err > 0) @@ -736,6 +780,8 @@ static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry, err = ovl_do_copy_up(&ctx); if (!err && parent && !ovl_dentry_has_upper_alias(dentry)) err = ovl_link_up(&ctx); + if (!err && ovl_dentry_needs_data_copy_up_locked(dentry, flags)) + err = ovl_copy_up_meta_inode_data(&ctx); ovl_copy_up_end(dentry); } do_delayed_call(&done); @@ -761,7 +807,7 @@ int ovl_copy_up_flags(struct dentry *dentry, int flags) struct dentry *next; struct dentry *parent = NULL; - if (ovl_already_copied_up(dentry)) + if (ovl_already_copied_up(dentry, flags)) break; next = dget(dentry); @@ -789,13 +835,13 @@ int ovl_copy_up_flags(struct dentry *dentry, int flags) static bool ovl_open_need_copy_up(struct dentry *dentry, int flags) { /* Copy up of disconnected dentry does not set upper alias */ - if (ovl_already_copied_up(dentry)) + if (ovl_already_copied_up(dentry, flags)) return false; if (special_file(d_inode(dentry)->i_mode)) return false; - if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC)) + if (!ovl_open_flags_need_copy_up(flags)) return false; return true; diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 206e588df095..16a000694c4e 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -29,6 +29,7 @@ enum ovl_path_type { #define OVL_XATTR_IMPURE OVL_XATTR_PREFIX "impure" #define OVL_XATTR_NLINK OVL_XATTR_PREFIX "nlink" #define OVL_XATTR_UPPER OVL_XATTR_PREFIX "upper" +#define OVL_XATTR_METACOPY OVL_XATTR_PREFIX "metacopy" enum ovl_inode_flag { /* Pure upper dir that may contain non pure upper entries */ @@ -36,6 +37,7 @@ enum ovl_inode_flag { /* Non-merge dir that may contain whiteout entries */ OVL_WHITEOUTS, OVL_INDEX, + OVL_UPPERDATA, }; enum ovl_entry_flag { @@ -191,6 +193,14 @@ static inline struct dentry *ovl_do_tmpfile(struct dentry *dentry, umode_t mode) return ret; } +static inline bool ovl_open_flags_need_copy_up(int flags) +{ + if (!flags) + return false; + + return ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC)); +} + /* util.c */ int ovl_want_write(struct dentry *dentry); void ovl_drop_write(struct dentry *dentry); @@ -226,6 +236,10 @@ bool ovl_dentry_is_whiteout(struct dentry *dentry); void ovl_dentry_set_opaque(struct dentry *dentry); bool ovl_dentry_has_upper_alias(struct dentry *dentry); void ovl_dentry_set_upper_alias(struct dentry *dentry); +bool ovl_dentry_needs_data_copy_up(struct dentry *dentry, int flags); +bool ovl_dentry_needs_data_copy_up_locked(struct dentry *dentry, int flags); +bool ovl_has_upperdata(struct inode *inode); +void ovl_set_upperdata(struct inode *inode); bool ovl_redirect_dir(struct super_block *sb); const char *ovl_dentry_get_redirect(struct dentry *dentry); void ovl_dentry_set_redirect(struct dentry *dentry, const char *redirect); @@ -236,9 +250,9 @@ void ovl_dir_modified(struct dentry *dentry, bool impurity); u64 ovl_dentry_version_get(struct dentry *dentry); bool ovl_is_whiteout(struct dentry *dentry); struct file *ovl_path_open(struct path *path, int flags); -int ovl_copy_up_start(struct dentry *dentry); +int ovl_copy_up_start(struct dentry *dentry, int flags); void ovl_copy_up_end(struct dentry *dentry); -bool ovl_already_copied_up(struct dentry *dentry); +bool ovl_already_copied_up(struct dentry *dentry, int flags); bool ovl_check_origin_xattr(struct dentry *dentry); bool ovl_check_dir_xattr(struct dentry *dentry, const char *name); int ovl_check_setxattr(struct dentry *dentry, struct dentry *upperdentry, diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index d4caeee051ee..ab0039161f85 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -1485,6 +1485,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent) /* Root is always merge -> can have whiteouts */ ovl_set_flag(OVL_WHITEOUTS, d_inode(root_dentry)); ovl_dentry_set_flag(OVL_E_CONNECTED, root_dentry); + ovl_set_upperdata(d_inode(root_dentry)); ovl_inode_init(d_inode(root_dentry), upperpath.dentry, ovl_dentry_lower(root_dentry)); diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 43235294e77b..f8e3c95711b8 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -279,6 +279,62 @@ void ovl_dentry_set_upper_alias(struct dentry *dentry) ovl_dentry_set_flag(OVL_E_UPPER_ALIAS, dentry); } +static bool ovl_should_check_upperdata(struct inode *inode) +{ + if (!S_ISREG(inode->i_mode)) + return false; + + if (!ovl_inode_lower(inode)) + return false; + + return true; +} + +bool ovl_has_upperdata(struct inode *inode) +{ + if (!ovl_should_check_upperdata(inode)) + return true; + + if (!ovl_test_flag(OVL_UPPERDATA, inode)) + return false; + /* + * Pairs with smp_wmb() in ovl_set_upperdata(). Main user of + * ovl_has_upperdata() is ovl_copy_up_meta_inode_data(). Make sure + * if setting of OVL_UPPERDATA is visible, then effects of writes + * before that are visible too. + */ + smp_rmb(); + return true; +} + +void ovl_set_upperdata(struct inode *inode) +{ + /* + * Pairs with smp_rmb() in ovl_has_upperdata(). Make sure + * if OVL_UPPERDATA flag is visible, then effects of write operations + * before it are visible as well. + */ + smp_wmb(); + ovl_set_flag(OVL_UPPERDATA, inode); +} + +/* Caller should hold ovl_inode->lock */ +bool ovl_dentry_needs_data_copy_up_locked(struct dentry *dentry, int flags) +{ + if (!ovl_open_flags_need_copy_up(flags)) + return false; + + return !ovl_test_flag(OVL_UPPERDATA, d_inode(dentry)); +} + +bool ovl_dentry_needs_data_copy_up(struct dentry *dentry, int flags) +{ + if (!ovl_open_flags_need_copy_up(flags)) + return false; + + return !ovl_has_upperdata(d_inode(dentry)); +} + bool ovl_redirect_dir(struct super_block *sb) { struct ovl_fs *ofs = sb->s_fs_info; @@ -377,7 +433,20 @@ struct file *ovl_path_open(struct path *path, int flags) return dentry_open(path, flags | O_NOATIME, current_cred()); } -bool ovl_already_copied_up(struct dentry *dentry) +/* Caller should hold ovl_inode->lock */ +static bool ovl_already_copied_up_locked(struct dentry *dentry, int flags) +{ + bool disconnected = dentry->d_flags & DCACHE_DISCONNECTED; + + if (ovl_dentry_upper(dentry) && + (ovl_dentry_has_upper_alias(dentry) || disconnected) && + !ovl_dentry_needs_data_copy_up_locked(dentry, flags)) + return true; + + return false; +} + +bool ovl_already_copied_up(struct dentry *dentry, int flags) { bool disconnected = dentry->d_flags & DCACHE_DISCONNECTED; @@ -395,19 +464,20 @@ bool ovl_already_copied_up(struct dentry *dentry) * with rename. */ if (ovl_dentry_upper(dentry) && - (ovl_dentry_has_upper_alias(dentry) || disconnected)) + (ovl_dentry_has_upper_alias(dentry) || disconnected) && + !ovl_dentry_needs_data_copy_up(dentry, flags)) return true; return false; } -int ovl_copy_up_start(struct dentry *dentry) +int ovl_copy_up_start(struct dentry *dentry, int flags) { struct ovl_inode *oi = OVL_I(d_inode(dentry)); int err; err = mutex_lock_interruptible(&oi->lock); - if (!err && ovl_already_copied_up(dentry)) { + if (!err && ovl_already_copied_up_locked(dentry, flags)) { err = 1; /* Already copied up */ mutex_unlock(&oi->lock); } -- cgit v1.2.3 From 027065b726434d2a95a5cc516129be765e27ecf8 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:28 -0400 Subject: ovl: Use out_err instead of out_nomem Right now we use goto out_nomem which assumes error code is -ENOMEM. But there are other errors returned like -ESTALE as well. So instead of out_nomem, use out_err which will do ERR_PTR(err). That way one can put error code in err and jump to out_err. This just code reorganization and no change of functionality. I am about to add more code and this organization helps laying more code and error paths on top of it. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/inode.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index a30cbd754bf2..e46f26ee6e21 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -782,6 +782,7 @@ struct inode *ovl_get_inode(struct super_block *sb, int fsid = bylower ? oip->lowerpath->layer->fsid : 0; bool is_dir; unsigned long ino = 0; + int err = -ENOMEM; if (!realinode) realinode = d_inode(lowerdentry); @@ -798,7 +799,7 @@ struct inode *ovl_get_inode(struct super_block *sb, inode = ovl_iget5(sb, oip->newinode, key); if (!inode) - goto out_nomem; + goto out_err; if (!(inode->i_state & I_NEW)) { /* * Verify that the underlying files stored in the inode @@ -807,8 +808,8 @@ struct inode *ovl_get_inode(struct super_block *sb, if (!ovl_verify_inode(inode, lowerdentry, upperdentry, true)) { iput(inode); - inode = ERR_PTR(-ESTALE); - goto out; + err = -ESTALE; + goto out_err; } dput(upperdentry); @@ -824,8 +825,10 @@ struct inode *ovl_get_inode(struct super_block *sb, } else { /* Lower hardlink that will be broken on copy up */ inode = new_inode(sb); - if (!inode) - goto out_nomem; + if (!inode) { + err = -ENOMEM; + goto out_err; + } } ovl_fill_inode(inode, realinode->i_mode, realinode->i_rdev, ino, fsid); ovl_inode_init(inode, upperdentry, lowerdentry); @@ -851,7 +854,7 @@ struct inode *ovl_get_inode(struct super_block *sb, out: return inode; -out_nomem: - inode = ERR_PTR(-ENOMEM); +out_err: + inode = ERR_PTR(err); goto out; } -- cgit v1.2.3 From 9d3dfea3d35a3235f0f1e2ce719bb4f0b696caa2 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:28 -0400 Subject: ovl: Modify ovl_lookup() and friends to lookup metacopy dentry This patch modifies ovl_lookup() and friends to lookup metacopy dentries. It also allows for presence of metacopy dentries in lower layer. During lookup, check for presence of OVL_XATTR_METACOPY and if not present, set OVL_UPPERDATA bit in flags. We don't support metacopy feature with nfs_export. So in nfs_export code, we set OVL_UPPERDATA flag set unconditionally if upper inode exists. Do not follow metacopy origin if we find a metacopy only inode and metacopy feature is not enabled for that mount. Like redirect, this can have security implications where an attacker could hand craft upper and try to gain access to file on lower which it should not have to begin with. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/export.c | 3 ++ fs/overlayfs/inode.c | 11 ++++- fs/overlayfs/namei.c | 112 ++++++++++++++++++++++++++++++++++++++++------- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/util.c | 22 ++++++++++ 5 files changed, 131 insertions(+), 18 deletions(-) diff --git a/fs/overlayfs/export.c b/fs/overlayfs/export.c index 9941ece61a14..8fa37cd7818a 100644 --- a/fs/overlayfs/export.c +++ b/fs/overlayfs/export.c @@ -317,6 +317,9 @@ static struct dentry *ovl_obtain_alias(struct super_block *sb, return ERR_CAST(inode); } + if (upper) + ovl_set_flag(OVL_UPPERDATA, inode); + dentry = d_find_any_alias(inode); if (!dentry) { dentry = d_alloc_anon(inode->i_sb); diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index e46f26ee6e21..d3e65d2a1b83 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -780,7 +780,7 @@ struct inode *ovl_get_inode(struct super_block *sb, bool bylower = ovl_hash_bylower(sb, upperdentry, lowerdentry, oip->index); int fsid = bylower ? oip->lowerpath->layer->fsid : 0; - bool is_dir; + bool is_dir, metacopy = false; unsigned long ino = 0; int err = -ENOMEM; @@ -839,6 +839,15 @@ struct inode *ovl_get_inode(struct super_block *sb, if (oip->index) ovl_set_flag(OVL_INDEX, inode); + if (upperdentry) { + err = ovl_check_metacopy_xattr(upperdentry); + if (err < 0) + goto out_err; + metacopy = err; + if (!metacopy) + ovl_set_flag(OVL_UPPERDATA, inode); + } + OVL_I(inode)->redirect = oip->redirect; /* Check for non-merge dir that may have whiteouts */ diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index ebc377bd010a..f562bbb59ddb 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -24,6 +24,7 @@ struct ovl_lookup_data { bool stop; bool last; char *redirect; + bool metacopy; }; static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, @@ -252,16 +253,25 @@ static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d, d->stop = d->opaque = true; goto put_and_out; } - if (!d_can_lookup(this)) { + /* + * This dentry should be a regular file if previous layer lookup + * found a metacopy dentry. + */ + if (last_element && d->metacopy && !d_is_reg(this)) { d->stop = true; - if (d->is_dir) + goto put_and_out; + } + if (!d_can_lookup(this)) { + if (d->is_dir || !last_element) { + d->stop = true; goto put_and_out; + } + err = ovl_check_metacopy_xattr(this); + if (err < 0) + goto out_err; - /* - * NB: handle failure to lookup non-last element when non-dir - * redirects become possible - */ - WARN_ON(!last_element); + d->metacopy = err; + d->stop = !d->metacopy; goto out; } if (last_element) @@ -823,7 +833,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, struct ovl_fs *ofs = dentry->d_sb->s_fs_info; struct ovl_entry *poe = dentry->d_parent->d_fsdata; struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata; - struct ovl_path *stack = NULL; + struct ovl_path *stack = NULL, *origin_path = NULL; struct dentry *upperdir, *upperdentry = NULL; struct dentry *origin = NULL; struct dentry *index = NULL; @@ -834,6 +844,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, struct dentry *this; unsigned int i; int err; + bool metacopy = false; struct ovl_lookup_data d = { .name = dentry->d_name, .is_dir = false, @@ -841,6 +852,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, .stop = false, .last = ofs->config.redirect_follow ? false : !poe->numlower, .redirect = NULL, + .metacopy = false, }; if (dentry->d_name.len > ofs->namelen) @@ -859,7 +871,9 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, goto out; } if (upperdentry && !d.is_dir) { - BUG_ON(!d.stop || d.redirect); + unsigned int origin_ctr = 0; + + BUG_ON(d.redirect); /* * Lookup copy up origin by decoding origin file handle. * We may get a disconnected dentry, which is fine, @@ -870,9 +884,13 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, * number - it's the same as if we held a reference * to a dentry in lower layer that was moved under us. */ - err = ovl_check_origin(ofs, upperdentry, &stack, &ctr); + err = ovl_check_origin(ofs, upperdentry, &origin_path, + &origin_ctr); if (err) goto out_put_upper; + + if (d.metacopy) + metacopy = true; } if (d.redirect) { @@ -913,7 +931,7 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, * If no origin fh is stored in upper of a merge dir, store fh * of lower dir and set upper parent "impure". */ - if (upperdentry && !ctr && !ofs->noxattr) { + if (upperdentry && !ctr && !ofs->noxattr && d.is_dir) { err = ovl_fix_origin(dentry, this, upperdentry); if (err) { dput(this); @@ -925,18 +943,35 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, * When "verify_lower" feature is enabled, do not merge with a * lower dir that does not match a stored origin xattr. In any * case, only verified origin is used for index lookup. + * + * For non-dir dentry, if index=on, then ensure origin + * matches the dentry found using path based lookup, + * otherwise error out. */ - if (upperdentry && !ctr && ovl_verify_lower(dentry->d_sb)) { + if (upperdentry && !ctr && + ((d.is_dir && ovl_verify_lower(dentry->d_sb)) || + (!d.is_dir && ofs->config.index && origin_path))) { err = ovl_verify_origin(upperdentry, this, false); if (err) { dput(this); - break; + if (d.is_dir) + break; + goto out_put; } - - /* Bless lower dir as verified origin */ origin = this; } + if (d.metacopy) + metacopy = true; + /* + * Do not store intermediate metacopy dentries in chain, + * except top most lower metacopy dentry + */ + if (d.metacopy && ctr) { + dput(this); + continue; + } + stack[ctr].dentry = this; stack[ctr].layer = lower.layer; ctr++; @@ -968,13 +1003,48 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, } } + if (metacopy) { + /* + * Found a metacopy dentry but did not find corresponding + * data dentry + */ + if (d.metacopy) { + err = -EIO; + goto out_put; + } + + err = -EPERM; + if (!ofs->config.metacopy) { + pr_warn_ratelimited("overlay: refusing to follow metacopy origin for (%pd2)\n", + dentry); + goto out_put; + } + } else if (!d.is_dir && upperdentry && !ctr && origin_path) { + if (WARN_ON(stack != NULL)) { + err = -EIO; + goto out_put; + } + stack = origin_path; + ctr = 1; + origin_path = NULL; + } + /* * Lookup index by lower inode and verify it matches upper inode. * We only trust dir index if we verified that lower dir matches * origin, otherwise dir index entries may be inconsistent and we - * ignore them. Always lookup index of non-dir and non-upper. + * ignore them. + * + * For non-dir upper metacopy dentry, we already set "origin" if we + * verified that lower matched upper origin. If upper origin was + * not present (because lower layer did not support fh encode/decode), + * or indexing is not enabled, do not set "origin" and skip looking up + * index. This case should be handled in same way as a non-dir upper + * without ORIGIN is handled. + * + * Always lookup index of non-dir non-metacopy and non-upper. */ - if (ctr && (!upperdentry || !d.is_dir)) + if (ctr && (!upperdentry || (!d.is_dir && !metacopy))) origin = stack[0].dentry; if (origin && ovl_indexdir(dentry->d_sb) && @@ -1019,6 +1089,10 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, } revert_creds(old_cred); + if (origin_path) { + dput(origin_path->dentry); + kfree(origin_path); + } dput(index); kfree(stack); kfree(d.redirect); @@ -1033,6 +1107,10 @@ out_put: dput(stack[i].dentry); kfree(stack); out_put_upper: + if (origin_path) { + dput(origin_path->dentry); + kfree(origin_path); + } dput(upperdentry); kfree(upperredirect); out: diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 16a000694c4e..2de8e11db81a 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -268,6 +268,7 @@ bool ovl_need_index(struct dentry *dentry); int ovl_nlink_start(struct dentry *dentry, bool *locked); void ovl_nlink_end(struct dentry *dentry, bool locked); int ovl_lock_rename_workdir(struct dentry *workdir, struct dentry *upperdir); +int ovl_check_metacopy_xattr(struct dentry *dentry); static inline bool ovl_is_impuredir(struct dentry *dentry) { diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index f8e3c95711b8..ab9a8fae0f99 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -778,3 +778,25 @@ err: pr_err("overlayfs: failed to lock workdir+upperdir\n"); return -EIO; } + +/* err < 0, 0 if no metacopy xattr, 1 if metacopy xattr found */ +int ovl_check_metacopy_xattr(struct dentry *dentry) +{ + int res; + + /* Only regular files can have metacopy xattr */ + if (!S_ISREG(d_inode(dentry)->i_mode)) + return 0; + + res = vfs_getxattr(dentry, OVL_XATTR_METACOPY, NULL, 0); + if (res < 0) { + if (res == -ENODATA || res == -EOPNOTSUPP) + return 0; + goto out; + } + + return 1; +out: + pr_warn_ratelimited("overlayfs: failed to get metacopy (%i)\n", res); + return res; +} -- cgit v1.2.3 From 4f93b426ab3930952eca6c5c456c2223a3adcbf5 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:30 -0400 Subject: ovl: Copy up meta inode data from lowest data inode So far lower could not be a meta inode. So whenever it was time to copy up data of a meta inode, we could copy it up from top most lower dentry. But now lower itself can be a metacopy inode. That means data copy up needs to take place from a data inode in metacopy inode chain. Find lower data inode in the chain and use that for data copy up. Introduced a helper called ovl_path_lowerdata() to find the lower data inode chain. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/copy_up.c | 13 +++++++++---- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/util.c | 12 ++++++++++++ 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 7e6664d6643d..d9a8d9291358 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -519,13 +519,14 @@ static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp) } if (S_ISREG(c->stat.mode) && !c->metacopy) { - struct path upperpath; + struct path upperpath, datapath; ovl_path_upper(c->dentry, &upperpath); BUG_ON(upperpath.dentry != NULL); upperpath.dentry = temp; - err = ovl_copy_up_data(&c->lowerpath, &upperpath, c->stat.size); + ovl_path_lowerdata(c->dentry, &datapath); + err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size); if (err) return err; } @@ -706,14 +707,18 @@ static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode, /* Copy up data of an inode which was copied up metadata only in the past. */ static int ovl_copy_up_meta_inode_data(struct ovl_copy_up_ctx *c) { - struct path upperpath; + struct path upperpath, datapath; int err; ovl_path_upper(c->dentry, &upperpath); if (WARN_ON(upperpath.dentry == NULL)) return -EIO; - err = ovl_copy_up_data(&c->lowerpath, &upperpath, c->stat.size); + ovl_path_lowerdata(c->dentry, &datapath); + if (WARN_ON(datapath.dentry == NULL)) + return -EIO; + + err = ovl_copy_up_data(&datapath, &upperpath, c->stat.size); if (err) return err; diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 2de8e11db81a..a59c546c10cf 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -217,6 +217,7 @@ bool ovl_dentry_weird(struct dentry *dentry); enum ovl_path_type ovl_path_type(struct dentry *dentry); void ovl_path_upper(struct dentry *dentry, struct path *path); void ovl_path_lower(struct dentry *dentry, struct path *path); +void ovl_path_lowerdata(struct dentry *dentry, struct path *path); enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path); struct dentry *ovl_dentry_upper(struct dentry *dentry); struct dentry *ovl_dentry_lower(struct dentry *dentry); diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index ab9a8fae0f99..32ff67fa0bfb 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -164,6 +164,18 @@ void ovl_path_lower(struct dentry *dentry, struct path *path) } } +void ovl_path_lowerdata(struct dentry *dentry, struct path *path) +{ + struct ovl_entry *oe = dentry->d_fsdata; + + if (oe->numlower) { + path->mnt = oe->lowerstack[oe->numlower - 1].layer->mnt; + path->dentry = oe->lowerstack[oe->numlower - 1].dentry; + } else { + *path = (struct path) { }; + } +} + enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path) { enum ovl_path_type type = ovl_path_type(dentry); -- cgit v1.2.3 From 647d253fcd53fae185408b33ec5587a57cb3cc88 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:30 -0400 Subject: ovl: Add helper ovl_dentry_lowerdata() to get lower data dentry Now we have the notion of data dentry and metacopy dentry. ovl_dentry_lower() will return uppermost lower dentry, but it could be either data or metacopy dentry. Now we support metacopy dentries in lower layers so it is possible that lowerstack[0] is metacopy dentry while lowerstack[1] is actual data dentry. So add an helper which returns lowest most dentry which is supposed to be data dentry. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/util.c | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index a59c546c10cf..deda94381aac 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -221,6 +221,7 @@ void ovl_path_lowerdata(struct dentry *dentry, struct path *path); enum ovl_path_type ovl_path_real(struct dentry *dentry, struct path *path); struct dentry *ovl_dentry_upper(struct dentry *dentry); struct dentry *ovl_dentry_lower(struct dentry *dentry); +struct dentry *ovl_dentry_lowerdata(struct dentry *dentry); struct ovl_layer *ovl_layer_lower(struct dentry *dentry); struct dentry *ovl_dentry_real(struct dentry *dentry); struct dentry *ovl_i_dentry_upper(struct inode *inode); diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 32ff67fa0bfb..7c7b95d5da1f 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -207,6 +207,19 @@ struct ovl_layer *ovl_layer_lower(struct dentry *dentry) return oe->numlower ? oe->lowerstack[0].layer : NULL; } +/* + * ovl_dentry_lower() could return either a data dentry or metacopy dentry + * dependig on what is stored in lowerstack[0]. At times we need to find + * lower dentry which has data (and not metacopy dentry). This helper + * returns the lower data dentry. + */ +struct dentry *ovl_dentry_lowerdata(struct dentry *dentry) +{ + struct ovl_entry *oe = dentry->d_fsdata; + + return oe->numlower ? oe->lowerstack[oe->numlower - 1].dentry : NULL; +} + struct dentry *ovl_dentry_real(struct dentry *dentry) { return ovl_dentry_upper(dentry) ?: ovl_dentry_lower(dentry); -- cgit v1.2.3 From 67d756c27ac4f4576dee313579724bd8711bc75e Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:30 -0400 Subject: ovl: Fix ovl_getattr() to get number of blocks from lower If an inode has been copied up metadata only, then we need to query the number of blocks from lower and fill up the stat->st_blocks. We need to be careful about races where we are doing stat on one cpu and data copy up is taking place on other cpu. We want to return stat->st_blocks either from lower or stable upper and not something in between. Hence, ovl_has_upperdata() is called first to figure out whether block reporting will take place from lower or upper. We now support metacopy dentries in middle layer. That means number of blocks reporting needs to come from lowest data dentry and this could be different from lower dentry. Hence we end up making a separate vfs_getxattr() call for metacopy dentries to get number of blocks. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/inode.c | 35 ++++++++++++++++++++++++++++++++++- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/util.c | 16 ++++++++++++++++ 3 files changed, 51 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index d3e65d2a1b83..2a5a38c81961 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -145,6 +145,9 @@ int ovl_getattr(const struct path *path, struct kstat *stat, bool samefs = ovl_same_sb(dentry->d_sb); struct ovl_layer *lower_layer = NULL; int err; + bool metacopy_blocks = false; + + metacopy_blocks = ovl_is_metacopy_dentry(dentry); type = ovl_path_real(dentry, &realpath); old_cred = ovl_override_creds(dentry->d_sb); @@ -166,7 +169,8 @@ int ovl_getattr(const struct path *path, struct kstat *stat, lower_layer = ovl_layer_lower(dentry); } else if (OVL_TYPE_ORIGIN(type)) { struct kstat lowerstat; - u32 lowermask = STATX_INO | (!is_dir ? STATX_NLINK : 0); + u32 lowermask = STATX_INO | STATX_BLOCKS | + (!is_dir ? STATX_NLINK : 0); ovl_path_lower(dentry, &realpath); err = vfs_getattr(&realpath, &lowerstat, @@ -195,6 +199,35 @@ int ovl_getattr(const struct path *path, struct kstat *stat, stat->ino = lowerstat.ino; lower_layer = ovl_layer_lower(dentry); } + + /* + * If we are querying a metacopy dentry and lower + * dentry is data dentry, then use the blocks we + * queried just now. We don't have to do additional + * vfs_getattr(). If lower itself is metacopy, then + * additional vfs_getattr() is unavoidable. + */ + if (metacopy_blocks && + realpath.dentry == ovl_dentry_lowerdata(dentry)) { + stat->blocks = lowerstat.blocks; + metacopy_blocks = false; + } + } + + if (metacopy_blocks) { + /* + * If lower is not same as lowerdata or if there was + * no origin on upper, we can end up here. + */ + struct kstat lowerdatastat; + u32 lowermask = STATX_BLOCKS; + + ovl_path_lowerdata(dentry, &realpath); + err = vfs_getattr(&realpath, &lowerdatastat, + lowermask, flags); + if (err) + goto out; + stat->blocks = lowerdatastat.blocks; } } diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index deda94381aac..de80250b379f 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -271,6 +271,7 @@ int ovl_nlink_start(struct dentry *dentry, bool *locked); void ovl_nlink_end(struct dentry *dentry, bool locked); int ovl_lock_rename_workdir(struct dentry *workdir, struct dentry *upperdir); int ovl_check_metacopy_xattr(struct dentry *dentry); +bool ovl_is_metacopy_dentry(struct dentry *dentry); static inline bool ovl_is_impuredir(struct dentry *dentry) { diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 7c7b95d5da1f..4f9c2ecee74c 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -825,3 +825,19 @@ out: pr_warn_ratelimited("overlayfs: failed to get metacopy (%i)\n", res); return res; } + +bool ovl_is_metacopy_dentry(struct dentry *dentry) +{ + struct ovl_entry *oe = dentry->d_fsdata; + + if (!d_is_reg(dentry)) + return false; + + if (ovl_dentry_upper(dentry)) { + if (!ovl_has_upperdata(d_inode(dentry))) + return true; + return false; + } + + return (oe->numlower > 1); +} -- cgit v1.2.3 From 2664bd0897c2889258472a1ee922ef9d4c5fa58f Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:30 -0400 Subject: ovl: Store lower data inode in ovl_inode Right now ovl_inode stores inode pointer for lower inode. This helps with quickly getting lower inode given overlay inode (ovl_inode_lower()). Now with metadata only copy-up, we can have metacopy inode in middle layer as well and inode containing data can be different from ->lower. I need to be able to open the real file in ovl_open_realfile() and for that I need to quickly find the lower data inode. Hence store lower data inode also in ovl_inode. Also provide an helper ovl_inode_lowerdata() to access this field. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/inode.c | 2 +- fs/overlayfs/namei.c | 2 ++ fs/overlayfs/overlayfs.h | 4 +++- fs/overlayfs/ovl_entry.h | 5 ++++- fs/overlayfs/super.c | 8 ++++++-- fs/overlayfs/util.c | 12 +++++++++++- 6 files changed, 27 insertions(+), 6 deletions(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 2a5a38c81961..12553274eae7 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -864,7 +864,7 @@ struct inode *ovl_get_inode(struct super_block *sb, } } ovl_fill_inode(inode, realinode->i_mode, realinode->i_rdev, ino, fsid); - ovl_inode_init(inode, upperdentry, lowerdentry); + ovl_inode_init(inode, upperdentry, lowerdentry, oip->lowerdata); if (upperdentry && ovl_is_impuredir(upperdentry)) ovl_set_flag(OVL_IMPURE, inode); diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index f562bbb59ddb..85ab856dd134 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -1080,6 +1080,8 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, .index = index, .numlower = ctr, .redirect = upperredirect, + .lowerdata = (ctr > 1 && !d.is_dir) ? + stack[ctr - 1].dentry : NULL, }; inode = ovl_get_inode(dentry->d_sb, &oip); diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index de80250b379f..0ad593a85121 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -227,6 +227,7 @@ struct dentry *ovl_dentry_real(struct dentry *dentry); struct dentry *ovl_i_dentry_upper(struct inode *inode); struct inode *ovl_inode_upper(struct inode *inode); struct inode *ovl_inode_lower(struct inode *inode); +struct inode *ovl_inode_lowerdata(struct inode *inode); struct inode *ovl_inode_real(struct inode *inode); struct ovl_dir_cache *ovl_dir_cache(struct inode *inode); void ovl_set_dir_cache(struct inode *inode, struct ovl_dir_cache *cache); @@ -246,7 +247,7 @@ bool ovl_redirect_dir(struct super_block *sb); const char *ovl_dentry_get_redirect(struct dentry *dentry); void ovl_dentry_set_redirect(struct dentry *dentry, const char *redirect); void ovl_inode_init(struct inode *inode, struct dentry *upperdentry, - struct dentry *lowerdentry); + struct dentry *lowerdentry, struct dentry *lowerdata); void ovl_inode_update(struct inode *inode, struct dentry *upperdentry); void ovl_dir_modified(struct dentry *dentry, bool impurity); u64 ovl_dentry_version_get(struct dentry *dentry); @@ -354,6 +355,7 @@ struct ovl_inode_params { struct dentry *index; unsigned int numlower; char *redirect; + struct dentry *lowerdata; }; struct inode *ovl_new_inode(struct super_block *sb, umode_t mode, dev_t rdev); struct inode *ovl_lookup_inode(struct super_block *sb, struct dentry *real, diff --git a/fs/overlayfs/ovl_entry.h b/fs/overlayfs/ovl_entry.h index ea4134e97d0d..ec237035333a 100644 --- a/fs/overlayfs/ovl_entry.h +++ b/fs/overlayfs/ovl_entry.h @@ -89,7 +89,10 @@ static inline struct ovl_entry *OVL_E(struct dentry *dentry) } struct ovl_inode { - struct ovl_dir_cache *cache; + union { + struct ovl_dir_cache *cache; /* directory */ + struct inode *lowerdata; /* regular file */ + }; const char *redirect; u64 version; unsigned long flags; diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index ab0039161f85..6d22bbd5f27f 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -181,6 +181,7 @@ static struct inode *ovl_alloc_inode(struct super_block *sb) oi->flags = 0; oi->__upperdentry = NULL; oi->lower = NULL; + oi->lowerdata = NULL; mutex_init(&oi->lock); return &oi->vfs_inode; @@ -199,8 +200,11 @@ static void ovl_destroy_inode(struct inode *inode) dput(oi->__upperdentry); iput(oi->lower); + if (S_ISDIR(inode->i_mode)) + ovl_dir_cache_free(inode); + else + iput(oi->lowerdata); kfree(oi->redirect); - ovl_dir_cache_free(inode); mutex_destroy(&oi->lock); call_rcu(&inode->i_rcu, ovl_i_callback); @@ -1487,7 +1491,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent) ovl_dentry_set_flag(OVL_E_CONNECTED, root_dentry); ovl_set_upperdata(d_inode(root_dentry)); ovl_inode_init(d_inode(root_dentry), upperpath.dentry, - ovl_dentry_lower(root_dentry)); + ovl_dentry_lower(root_dentry), NULL); sb->s_root = root_dentry; diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 4f9c2ecee74c..63311c536216 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -247,6 +247,14 @@ struct inode *ovl_inode_real(struct inode *inode) return ovl_inode_upper(inode) ?: ovl_inode_lower(inode); } +/* Return inode which contains lower data. Do not return metacopy */ +struct inode *ovl_inode_lowerdata(struct inode *inode) +{ + if (WARN_ON(!S_ISREG(inode->i_mode))) + return NULL; + + return OVL_I(inode)->lowerdata ?: ovl_inode_lower(inode); +} struct ovl_dir_cache *ovl_dir_cache(struct inode *inode) { @@ -381,7 +389,7 @@ void ovl_dentry_set_redirect(struct dentry *dentry, const char *redirect) } void ovl_inode_init(struct inode *inode, struct dentry *upperdentry, - struct dentry *lowerdentry) + struct dentry *lowerdentry, struct dentry *lowerdata) { struct inode *realinode = d_inode(upperdentry ?: lowerdentry); @@ -389,6 +397,8 @@ void ovl_inode_init(struct inode *inode, struct dentry *upperdentry, OVL_I(inode)->__upperdentry = upperdentry; if (lowerdentry) OVL_I(inode)->lower = igrab(d_inode(lowerdentry)); + if (lowerdata) + OVL_I(inode)->lowerdata = igrab(d_inode(lowerdata)); ovl_copyattr(realinode, inode); ovl_copyflags(realinode, inode); -- cgit v1.2.3 From 4823d49c26eaf269cd2c2723bed8249aaed80795 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:31 -0400 Subject: ovl: Add helper ovl_inode_realdata() Add an helper to retrieve real data inode associated with overlay inode. This helper will ignore all metacopy inodes and will return only the real inode which has data. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/util.c | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 0ad593a85121..99f793904801 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -229,6 +229,7 @@ struct inode *ovl_inode_upper(struct inode *inode); struct inode *ovl_inode_lower(struct inode *inode); struct inode *ovl_inode_lowerdata(struct inode *inode); struct inode *ovl_inode_real(struct inode *inode); +struct inode *ovl_inode_realdata(struct inode *inode); struct ovl_dir_cache *ovl_dir_cache(struct inode *inode); void ovl_set_dir_cache(struct inode *inode, struct ovl_dir_cache *cache); void ovl_dentry_set_flag(unsigned long flag, struct dentry *dentry); diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 63311c536216..73939e08d8bf 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -256,6 +256,18 @@ struct inode *ovl_inode_lowerdata(struct inode *inode) return OVL_I(inode)->lowerdata ?: ovl_inode_lower(inode); } +/* Return real inode which contains data. Does not return metacopy inode */ +struct inode *ovl_inode_realdata(struct inode *inode) +{ + struct inode *upperinode; + + upperinode = ovl_inode_upper(inode); + if (upperinode && ovl_has_upperdata(inode)) + return upperinode; + + return ovl_inode_lowerdata(inode); +} + struct ovl_dir_cache *ovl_dir_cache(struct inode *inode) { return OVL_I(inode)->cache; -- cgit v1.2.3 From 8c444d2a971fdccda670e874f12443627f028fbc Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:31 -0400 Subject: ovl: Open file with data except for the case of fsync ovl_open() should open file which contains data and not open metacopy inode. With the introduction of metacopy inodes, with current implementaion we will end up opening metacopy inode as well. But there can be certain circumstances like ovl_fsync() where we want to allow opening a metacopy inode instead. Hence, change ovl_open_realfile() and and add extra parameter which specifies whether to allow opening metacopy inode or not. If this parameter is false, we look for data inode and open that. This should allow covering both the cases. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 39 ++++++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index cd75b53f1497..5ab281aa64b5 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -13,11 +13,20 @@ #include #include "overlayfs.h" -static struct file *ovl_open_realfile(const struct file *file) +static char ovl_whatisit(struct inode *inode, struct inode *realinode) +{ + if (realinode != ovl_inode_upper(inode)) + return 'l'; + if (ovl_has_upperdata(inode)) + return 'u'; + else + return 'm'; +} + +static struct file *ovl_open_realfile(const struct file *file, + struct inode *realinode) { struct inode *inode = file_inode(file); - struct inode *upperinode = ovl_inode_upper(inode); - struct inode *realinode = upperinode ?: ovl_inode_lower(inode); struct file *realfile; const struct cred *old_cred; @@ -27,7 +36,7 @@ static struct file *ovl_open_realfile(const struct file *file) revert_creds(old_cred); pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n", - file, file, upperinode ? 'u' : 'l', file->f_flags, + file, file, ovl_whatisit(inode, realinode), file->f_flags, realfile, IS_ERR(realfile) ? 0 : realfile->f_flags); return realfile; @@ -71,17 +80,24 @@ static int ovl_change_flags(struct file *file, unsigned int flags) return 0; } -static int ovl_real_fdget(const struct file *file, struct fd *real) +static int ovl_real_fdget_meta(const struct file *file, struct fd *real, + bool allow_meta) { struct inode *inode = file_inode(file); + struct inode *realinode; real->flags = 0; real->file = file->private_data; + if (allow_meta) + realinode = ovl_inode_real(inode); + else + realinode = ovl_inode_realdata(inode); + /* Has it been copied up since we'd opened it? */ - if (unlikely(file_inode(real->file) != ovl_inode_real(inode))) { + if (unlikely(file_inode(real->file) != realinode)) { real->flags = FDPUT_FPUT; - real->file = ovl_open_realfile(file); + real->file = ovl_open_realfile(file, realinode); return PTR_ERR_OR_ZERO(real->file); } @@ -93,6 +109,11 @@ static int ovl_real_fdget(const struct file *file, struct fd *real) return 0; } +static int ovl_real_fdget(const struct file *file, struct fd *real) +{ + return ovl_real_fdget_meta(file, real, false); +} + static int ovl_open(struct inode *inode, struct file *file) { struct dentry *dentry = file_dentry(file); @@ -106,7 +127,7 @@ static int ovl_open(struct inode *inode, struct file *file) /* No longer need these flags, so don't pass them on to underlying fs */ file->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC); - realfile = ovl_open_realfile(file); + realfile = ovl_open_realfile(file, ovl_inode_realdata(inode)); if (IS_ERR(realfile)) return PTR_ERR(realfile); @@ -243,7 +264,7 @@ static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync) const struct cred *old_cred; int ret; - ret = ovl_real_fdget(file, &real); + ret = ovl_real_fdget_meta(file, &real, !datasync); if (ret) return ret; -- cgit v1.2.3 From 2c3d73589adc6d3450890a6f793e5e8a1ae894e0 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:31 -0400 Subject: ovl: Do not expose metacopy only dentry from d_real() Metacopy dentry/inode is internal to overlay and is never exposed outside of it. Exception is metacopy upper file used for fsync(). Modify d_real() to look for dentries/inode which have data, but also allow matching upper inode without data for the fsync case. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/super.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c index 6d22bbd5f27f..2e0fc93c2c06 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -95,10 +95,13 @@ static struct dentry *ovl_d_real(struct dentry *dentry, } real = ovl_dentry_upper(dentry); - if (real && (!inode || inode == d_inode(real))) + if (real && (inode == d_inode(real))) return real; - real = ovl_dentry_lower(dentry); + if (real && !inode && ovl_has_upperdata(d_inode(dentry))) + return real; + + real = ovl_dentry_lowerdata(dentry); if (!real) goto bug; -- cgit v1.2.3 From 0618a816edab6cb46d6d456f2fdff6bb325a4c77 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:31 -0400 Subject: ovl: Move some dir related ovl_lookup_single() code in else block Move some directory related code in else block. This is pure code reorganization and no functionality change. Next patch enables redirect processing on metacopy files and needs this change. By keeping non-functional changes in a separate patch, next patch looks much smaller and cleaner. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/namei.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index 85ab856dd134..e4bbe6ed6a87 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -273,17 +273,18 @@ static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d, d->metacopy = err; d->stop = !d->metacopy; goto out; - } - if (last_element) - d->is_dir = true; - if (d->last) - goto out; - - if (ovl_is_opaquedir(this)) { - d->stop = true; + } else { if (last_element) - d->opaque = true; - goto out; + d->is_dir = true; + if (d->last) + goto out; + + if (ovl_is_opaquedir(this)) { + d->stop = true; + if (last_element) + d->opaque = true; + goto out; + } } err = ovl_check_redirect(this, d, prelen, post); if (err) -- cgit v1.2.3 From b8a8824ca011050b590a6353067e722a24a591fb Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:31 -0400 Subject: ovl: Check redirects for metacopy files Right now we rely on path based lookup for data origin of metacopy upper. This will work only if upper has not been renamed. We solved this problem already for merged directories using redirect. Use same logic for metacopy files. This patch just goes on to check redirects for metacopy files. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/namei.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index e4bbe6ed6a87..eddb80dd0766 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -272,7 +272,8 @@ static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d, d->metacopy = err; d->stop = !d->metacopy; - goto out; + if (!d->metacopy || d->last) + goto out; } else { if (last_element) d->is_dir = true; @@ -874,7 +875,6 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, if (upperdentry && !d.is_dir) { unsigned int origin_ctr = 0; - BUG_ON(d.redirect); /* * Lookup copy up origin by decoding origin file handle. * We may get a disconnected dentry, which is fine, -- cgit v1.2.3 From 0b17c28af1b8814505fd4eafd96e6e7e05bba01d Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:32 -0400 Subject: ovl: Treat metacopy dentries as type OVL_PATH_MERGE Right now OVL_PATH_MERGE is used only for merged directories. But conceptually, a metacopy dentry (backed by a lower data dentry) is a merged entity as well. So mark metacopy dentries as OVL_PATH_MERGE and ovl_rename() makes use of this property later to set redirect on a metacopy file. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 73939e08d8bf..61ace2de3019 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -134,7 +134,8 @@ enum ovl_path_type ovl_path_type(struct dentry *dentry) */ if (oe->numlower) { type |= __OVL_PATH_ORIGIN; - if (d_is_dir(dentry)) + if (d_is_dir(dentry) || + !ovl_has_upperdata(d_inode(dentry))) type |= __OVL_PATH_MERGE; } } else { -- cgit v1.2.3 From a00c2d59e914b8ec46f1637e2e283aa35583c455 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:32 -0400 Subject: ovl: Add an inode flag OVL_CONST_INO Add an ovl_inode flag OVL_CONST_INO. This flag signifies if inode number will remain constant over copy up or not. This flag does not get updated over copy up and remains unmodifed after setting once. Next patch in the series will make use of this flag. It will basically figure out if dentry is of type ORIGIN or not. And this can be derived by this flag. ORIGIN = (upperdentry && ovl_test_flag(OVL_CONST_INO, inode)). Suggested-by: Amir Goldstein Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/inode.c | 3 +++ fs/overlayfs/overlayfs.h | 2 ++ 2 files changed, 5 insertions(+) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 12553274eae7..7c7092aaf9b4 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -883,6 +883,9 @@ struct inode *ovl_get_inode(struct super_block *sb, OVL_I(inode)->redirect = oip->redirect; + if (bylower) + ovl_set_flag(OVL_CONST_INO, inode); + /* Check for non-merge dir that may have whiteouts */ if (is_dir) { if (((upperdentry && lowerdentry) || oip->numlower > 1) || diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index 99f793904801..a6b466b30f2b 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -38,6 +38,8 @@ enum ovl_inode_flag { OVL_WHITEOUTS, OVL_INDEX, OVL_UPPERDATA, + /* Inode number will remain constant over copy up. */ + OVL_CONST_INO, }; enum ovl_entry_flag { -- cgit v1.2.3 From 60124877b9ec4fa5a34ddeeedba473820888d4b2 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:32 -0400 Subject: ovl: Do not set dentry type ORIGIN for broken hardlinks If a dentry has copy up origin, we set flag OVL_PATH_ORIGIN. So far this decision was easy that we had to check only for oe->numlower and if it is non-zero, we knew there is copy up origin. (For non-dir we installed origin dentry in lowerstack[0]). But we don't create ORGIN xattr for broken hardlinks (index=off). And with metacopy feature it is possible that we will install lowerstack[0] but ORIGIN xattr is not there. It is data dentry of upper metacopy dentry which has been found using regular name based lookup or using REDIRECT. So with addition of this new case, just presence of oe->numlower is not sufficient to guarantee that ORIGIN xattr is present. So to differentiate between two cases, look at OVL_CONST_INO flag. If this flag is set and upperdentry is there, that means it can be marked as type ORIGIN. OVL_CONST_INO is not set if lower hardlink is broken or will be broken over copy up. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 61ace2de3019..1aa9e0c5a327 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -133,7 +133,8 @@ enum ovl_path_type ovl_path_type(struct dentry *dentry) * Non-dir dentry can hold lower dentry of its copy up origin. */ if (oe->numlower) { - type |= __OVL_PATH_ORIGIN; + if (ovl_test_flag(OVL_CONST_INO, d_inode(dentry))) + type |= __OVL_PATH_ORIGIN; if (d_is_dir(dentry) || !ovl_has_upperdata(d_inode(dentry))) type |= __OVL_PATH_MERGE; -- cgit v1.2.3 From 7bb083837d1b5244a809ff1483408992c0e05ca6 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:32 -0400 Subject: ovl: Set redirect on metacopy files upon rename Set redirect on metacopy files upon rename. This will help find data dentry in lower dirs. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/dir.c | 66 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 46 insertions(+), 20 deletions(-) diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index 4fa756c1b190..ba59081394f1 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -874,13 +874,13 @@ static bool ovl_can_move(struct dentry *dentry) !d_is_dir(dentry) || !ovl_type_merge_or_lower(dentry); } -static char *ovl_get_redirect(struct dentry *dentry, bool samedir) +static char *ovl_get_redirect(struct dentry *dentry, bool abs_redirect) { char *buf, *ret; struct dentry *d, *tmp; int buflen = ovl_redirect_max + 1; - if (samedir) { + if (!abs_redirect) { ret = kstrndup(dentry->d_name.name, dentry->d_name.len, GFP_KERNEL); goto out; @@ -934,15 +934,43 @@ out: return ret ? ret : ERR_PTR(-ENOMEM); } +static bool ovl_need_absolute_redirect(struct dentry *dentry, bool samedir) +{ + struct dentry *lowerdentry; + + if (!samedir) + return true; + + if (d_is_dir(dentry)) + return false; + + /* + * For non-dir hardlinked files, we need absolute redirects + * in general as two upper hardlinks could be in different + * dirs. We could put a relative redirect now and convert + * it to absolute redirect later. But when nlink > 1 and + * indexing is on, that means relative redirect needs to be + * converted to absolute during copy up of another lower + * hardllink as well. + * + * So without optimizing too much, just check if lower is + * a hard link or not. If lower is hard link, put absolute + * redirect. + */ + lowerdentry = ovl_dentry_lower(dentry); + return (d_inode(lowerdentry)->i_nlink > 1); +} + static int ovl_set_redirect(struct dentry *dentry, bool samedir) { int err; const char *redirect = ovl_dentry_get_redirect(dentry); + bool absolute_redirect = ovl_need_absolute_redirect(dentry, samedir); - if (redirect && (samedir || redirect[0] == '/')) + if (redirect && (!absolute_redirect || redirect[0] == '/')) return 0; - redirect = ovl_get_redirect(dentry, samedir); + redirect = ovl_get_redirect(dentry, absolute_redirect); if (IS_ERR(redirect)) return PTR_ERR(redirect); @@ -1118,22 +1146,20 @@ static int ovl_rename(struct inode *olddir, struct dentry *old, goto out_dput; err = 0; - if (is_dir) { - if (ovl_type_merge_or_lower(old)) - err = ovl_set_redirect(old, samedir); - else if (!old_opaque && ovl_type_merge(new->d_parent)) - err = ovl_set_opaque_xerr(old, olddentry, -EXDEV); - if (err) - goto out_dput; - } - if (!overwrite && new_is_dir) { - if (ovl_type_merge_or_lower(new)) - err = ovl_set_redirect(new, samedir); - else if (!new_opaque && ovl_type_merge(old->d_parent)) - err = ovl_set_opaque_xerr(new, newdentry, -EXDEV); - if (err) - goto out_dput; - } + if (ovl_type_merge_or_lower(old)) + err = ovl_set_redirect(old, samedir); + else if (is_dir && !old_opaque && ovl_type_merge(new->d_parent)) + err = ovl_set_opaque_xerr(old, olddentry, -EXDEV); + if (err) + goto out_dput; + + if (!overwrite && ovl_type_merge_or_lower(new)) + err = ovl_set_redirect(new, samedir); + else if (!overwrite && new_is_dir && !new_opaque && + ovl_type_merge(old->d_parent)) + err = ovl_set_opaque_xerr(new, newdentry, -EXDEV); + if (err) + goto out_dput; err = ovl_do_rename(old_upperdir->d_inode, olddentry, new_upperdir->d_inode, newdentry, flags); -- cgit v1.2.3 From 4120fe64dce4f73d1a595253568d9f27674f2071 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:32 -0400 Subject: ovl: Set redirect on upper inode when it is linked When we create a hardlink to a metacopy upper file, first the redirect on that inode. Path based lookup will not work with newly created link and redirect will solve that issue. Also use absolute redirect as two hardlinks could be in different directores and relative redirect will not work. I have not put any additional locking around setting redirects while introducing redirects for non-dir files. For now it feels like existing locking is sufficient. If that's not the case, we will have add more locking. Following is my rationale about why do I think current locking seems ok. Basic problem for non-dir files is that more than on dentry could be pointing to same inode and in theory only relying on dentry based locks (d->d_lock) did not seem sufficient. We set redirect upon rename and upon link creation. In both the paths for non-dir file, VFS locks both source and target inodes (->i_rwsem). That means vfs rename and link operations on same source and target can't he happening in parallel (Even if there are multiple dentries pointing to same inode). So that probably means that at a time on an inode, only one call of ovl_set_redirect() could be working and we don't need additional locking in ovl_set_redirect(). ovl_inode->redirect is initialized only when inode is created new. That means it should not race with any other path and setting ovl_inode->redirect should be fine. Reading of ovl_inode->redirect happens in ovl_get_redirect() path. And this called only in ovl_set_redirect(). And ovl_set_redirect() already seemed to be protected using ->i_rwsem. That means ovl_set_redirect() and ovl_get_redirect() on source/target inode should not make progress in parallel and is mutually exclusive. Hence no additional locking required. Now, only case where ovl_set_redirect() and ovl_get_redirect() could race seems to be case of absolute redirects where ovl_get_redirect() has to travel up the tree. In that case we already take d->d_lock and that should be sufficient as directories will not have multiple dentries pointing to same inode. So given VFS locking and current usage of redirect, current locking around redirect seems to be ok for non-dir as well. Once we have the logic to remove redirect when metacopy file gets copied up, then we probably will need additional locking. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/dir.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c index ba59081394f1..ec350d4d921c 100644 --- a/fs/overlayfs/dir.c +++ b/fs/overlayfs/dir.c @@ -24,6 +24,8 @@ module_param_named(redirect_max, ovl_redirect_max, ushort, 0644); MODULE_PARM_DESC(ovl_redirect_max, "Maximum length of absolute redirect xattr value"); +static int ovl_set_redirect(struct dentry *dentry, bool samedir); + int ovl_cleanup(struct inode *wdir, struct dentry *wdentry) { int err; @@ -657,6 +659,12 @@ static int ovl_link(struct dentry *old, struct inode *newdir, if (err) goto out_drop_write; + if (ovl_is_metacopy_dentry(old)) { + err = ovl_set_redirect(old, false); + if (err) + goto out_drop_write; + } + err = ovl_nlink_start(old, &locked); if (err) goto out_drop_write; -- cgit v1.2.3 From 0a2d0d3f2f291e3080721888a986ea52e43e1086 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:32 -0400 Subject: ovl: Check redirect on index as well Right now we seem to check redirect only if upperdentry is found. But it is possible that there is no upperdentry but later we found an index. We need to check redirect on index as well and set it in ovl_inode->redirect. Otherwise link code can assume that dentry does not have redirect and place a new one which breaks things. In my testing overlay/033 test started failing in xfstests. Following are the details. For example do following. $ mkdir lower upper work merged - Make lower dir with 4 links. $ echo "foo" > lower/l0.txt $ ln lower/l0.txt lower/l1.txt $ ln lower/l0.txt lower/l2.txt $ ln lower/l0.txt lower/l3.txt - Mount with index on and metacopy on. $ mount -t overlay -o lowerdir=lower,upperdir=upper,workdir=work,\ index=on,metacopy=on none merged - Link lower $ ln merged/l0.txt merged/l4.txt (This will metadata copy up of l0.txt and put an absolute redirect /l0.txt) $ echo 2 > /proc/sys/vm/drop/caches $ ls merged/l1.txt (Now l1.txt will be looked up. There is no upper dentry but there is lower dentry and index will be found. We don't check for redirect on index, hence ovl_inode->redirect will be NULL.) - Link Upper $ ln merged/l4.txt merged/l5.txt (Lookup of l4.txt will use inode from l1.txt lookup which is still in cache. It has ovl_inode->redirect NULL, hence link will put a new redirect and replace /l0.txt with /l4.txt - Drop caches. echo 2 > /proc/sys/vm/drop_caches - List l1.txt and it returns -ESTALE $ ls merged/l0.txt (It returns stale because, we found a metacopy of l0.txt in upper and it has redirect l4.txt but there is no file named l4.txt in lower layer. So lower data copy is not found and -ESTALE is returned.) So problem here is that we did not process redirect on index. Check redirect on index as well and then problem is fixed. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/namei.c | 50 +++++++++++++----------------------------------- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/util.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 64 insertions(+), 37 deletions(-) diff --git a/fs/overlayfs/namei.c b/fs/overlayfs/namei.c index eddb80dd0766..f28711846dd6 100644 --- a/fs/overlayfs/namei.c +++ b/fs/overlayfs/namei.c @@ -31,32 +31,13 @@ static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, size_t prelen, const char *post) { int res; - char *s, *next, *buf = NULL; + char *buf; - res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0); - if (res < 0) { - if (res == -ENODATA || res == -EOPNOTSUPP) - return 0; - goto fail; - } - buf = kzalloc(prelen + res + strlen(post) + 1, GFP_KERNEL); - if (!buf) - return -ENOMEM; + buf = ovl_get_redirect_xattr(dentry, prelen + strlen(post)); + if (IS_ERR_OR_NULL(buf)) + return PTR_ERR(buf); - if (res == 0) - goto invalid; - - res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res); - if (res < 0) - goto fail; - if (res == 0) - goto invalid; if (buf[0] == '/') { - for (s = buf; *s++ == '/'; s = next) { - next = strchrnul(s, '/'); - if (s == next) - goto invalid; - } /* * One of the ancestor path elements in an absolute path * lookup in ovl_lookup_layer() could have been opaque and @@ -67,9 +48,7 @@ static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, */ d->stop = false; } else { - if (strchr(buf, '/') != NULL) - goto invalid; - + res = strlen(buf) + 1; memmove(buf + prelen, buf, res); memcpy(buf, d->name.name, prelen); } @@ -81,16 +60,6 @@ static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, d->name.len = strlen(d->redirect); return 0; - -err_free: - kfree(buf); - return 0; -fail: - pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res); - goto err_free; -invalid: - pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf); - goto err_free; } static int ovl_acceptable(void *ctx, struct dentry *dentry) @@ -1071,8 +1040,15 @@ struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, if (upperdentry) ovl_dentry_set_upper_alias(dentry); - else if (index) + else if (index) { upperdentry = dget(index); + upperredirect = ovl_get_redirect_xattr(upperdentry, 0); + if (IS_ERR(upperredirect)) { + err = PTR_ERR(upperredirect); + upperredirect = NULL; + goto out_free_oe; + } + } if (upperdentry || ctr) { struct ovl_inode_params oip = { diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index a6b466b30f2b..c85aa438cc8f 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -276,6 +276,7 @@ void ovl_nlink_end(struct dentry *dentry, bool locked); int ovl_lock_rename_workdir(struct dentry *workdir, struct dentry *upperdir); int ovl_check_metacopy_xattr(struct dentry *dentry); bool ovl_is_metacopy_dentry(struct dentry *dentry); +char *ovl_get_redirect_xattr(struct dentry *dentry, int padding); static inline bool ovl_is_impuredir(struct dentry *dentry) { diff --git a/fs/overlayfs/util.c b/fs/overlayfs/util.c index 1aa9e0c5a327..8cfb62cc8672 100644 --- a/fs/overlayfs/util.c +++ b/fs/overlayfs/util.c @@ -865,3 +865,53 @@ bool ovl_is_metacopy_dentry(struct dentry *dentry) return (oe->numlower > 1); } + +char *ovl_get_redirect_xattr(struct dentry *dentry, int padding) +{ + int res; + char *s, *next, *buf = NULL; + + res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0); + if (res < 0) { + if (res == -ENODATA || res == -EOPNOTSUPP) + return NULL; + goto fail; + } + + buf = kzalloc(res + padding + 1, GFP_KERNEL); + if (!buf) + return ERR_PTR(-ENOMEM); + + if (res == 0) + goto invalid; + + res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res); + if (res < 0) + goto fail; + if (res == 0) + goto invalid; + + if (buf[0] == '/') { + for (s = buf; *s++ == '/'; s = next) { + next = strchrnul(s, '/'); + if (s == next) + goto invalid; + } + } else { + if (strchr(buf, '/') != NULL) + goto invalid; + } + + return buf; + +err_free: + kfree(buf); + return ERR_PTR(res); +fail: + pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res); + goto err_free; +invalid: + pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf); + res = -EINVAL; + goto err_free; +} -- cgit v1.2.3 From d1e6f6a94d6cefed2b6f7a222853ebcd2805b43b Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:33 -0400 Subject: ovl: add helper to force data copy-up Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/copy_up.c | 5 +++++ fs/overlayfs/overlayfs.h | 1 + 2 files changed, 6 insertions(+) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index d9a8d9291358..d8331f817b95 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -867,6 +867,11 @@ int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags) return err; } +int ovl_copy_up_with_data(struct dentry *dentry) +{ + return ovl_copy_up_flags(dentry, O_WRONLY); +} + int ovl_copy_up(struct dentry *dentry) { return ovl_copy_up_flags(dentry, 0); diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h index c85aa438cc8f..f61839e1054c 100644 --- a/fs/overlayfs/overlayfs.h +++ b/fs/overlayfs/overlayfs.h @@ -407,6 +407,7 @@ extern const struct file_operations ovl_file_operations; /* copy_up.c */ int ovl_copy_up(struct dentry *dentry); +int ovl_copy_up_with_data(struct dentry *dentry); int ovl_copy_up_flags(struct dentry *dentry, int flags); int ovl_open_maybe_copy_up(struct dentry *dentry, unsigned int file_flags); int ovl_copy_xattr(struct dentry *old, struct dentry *new); -- cgit v1.2.3 From 997336f2c3053b74ec8c9d2d368ddd960f2fc8b6 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:33 -0400 Subject: ovl: Do not do metadata only copy-up for truncate operation truncate should copy up full file (and not do metacopy only), otherwise it will be broken. For example, use truncate to increase size of a file so that any read beyong existing size will return null bytes. If we don't copy up full file, then we end up opening lower file and read from it only reads upto the old size (and not new size after truncate). Hence to avoid such situations, copy up data as well when file size changes. So far it was being done by d_real(O_WRONLY) call in truncate() path. Now that patch has been reverted. So force full copy up in ovl_setattr() if size of file is changing. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/inode.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 7c7092aaf9b4..e0bb217c01e2 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -19,6 +19,7 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr) { int err; + bool full_copy_up = false; struct dentry *upperdentry; const struct cred *old_cred; @@ -36,9 +37,15 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr) err = -ETXTBSY; if (atomic_read(&realinode->i_writecount) < 0) goto out_drop_write; + + /* Truncate should trigger data copy up as well */ + full_copy_up = true; } - err = ovl_copy_up(dentry); + if (!full_copy_up) + err = ovl_copy_up(dentry); + else + err = ovl_copy_up_with_data(dentry); if (!err) { struct inode *winode = NULL; -- cgit v1.2.3 From 935a074f48675374a655456ae75fe6be9e8c2388 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:33 -0400 Subject: ovl: Do not do metacopy only for ioctl modifying file attr ovl_copy_up() by default will only do metadata only copy up (if enabled). That means when ovl_real_ioctl() calls ovl_real_file(), it will still get the lower file (as ovl_real_file() opens data file and not metacopy). And that means "chattr +i" will end up modifying lower inode. There seem to be two ways to solve this. A. Open metacopy file in ovl_real_ioctl() and do operations on that B. Force full copy up when FS_IOC_SETFLAGS is called. I am resorting to option B for now as it feels little safer option. If there are performance issues due to this, we can revisit it. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index 5ab281aa64b5..32e9282893c9 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -372,7 +372,7 @@ static long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg) if (ret) return ret; - ret = ovl_copy_up(file_dentry(file)); + ret = ovl_copy_up_with_data(file_dentry(file)); if (!ret) { ret = ovl_real_ioctl(file, cmd, arg); -- cgit v1.2.3 From 989974c804574d250ac92d44e220081959ac8ac1 Mon Sep 17 00:00:00 2001 From: Vivek Goyal Date: Fri, 11 May 2018 11:49:33 -0400 Subject: ovl: Enable metadata only feature All the bits are in patches before this. So it is time to enable the metadata only copy up feature. Signed-off-by: Vivek Goyal Reviewed-by: Amir Goldstein Signed-off-by: Miklos Szeredi --- fs/overlayfs/copy_up.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index d8331f817b95..296037afecdb 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -689,9 +689,6 @@ static bool ovl_need_meta_copy_up(struct dentry *dentry, umode_t mode, { struct ovl_fs *ofs = dentry->d_sb->s_fs_info; - /* TODO: Will enable metacopy in last patch of series */ - return false; - if (!ofs->config.metacopy) return false; -- cgit v1.2.3