Merge tag 'locks-v4.15-1' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton...
[sfrench/cifs-2.6.git] / fs / overlayfs / dir.c
1 /*
2  *
3  * Copyright (C) 2011 Novell Inc.
4  *
5  * This program is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 as published by
7  * the Free Software Foundation.
8  */
9
10 #include <linux/fs.h>
11 #include <linux/namei.h>
12 #include <linux/xattr.h>
13 #include <linux/security.h>
14 #include <linux/cred.h>
15 #include <linux/module.h>
16 #include <linux/posix_acl.h>
17 #include <linux/posix_acl_xattr.h>
18 #include <linux/atomic.h>
19 #include <linux/ratelimit.h>
20 #include "overlayfs.h"
21
22 static unsigned short ovl_redirect_max = 256;
23 module_param_named(redirect_max, ovl_redirect_max, ushort, 0644);
24 MODULE_PARM_DESC(ovl_redirect_max,
25                  "Maximum length of absolute redirect xattr value");
26
27 int ovl_cleanup(struct inode *wdir, struct dentry *wdentry)
28 {
29         int err;
30
31         dget(wdentry);
32         if (d_is_dir(wdentry))
33                 err = ovl_do_rmdir(wdir, wdentry);
34         else
35                 err = ovl_do_unlink(wdir, wdentry);
36         dput(wdentry);
37
38         if (err) {
39                 pr_err("overlayfs: cleanup of '%pd2' failed (%i)\n",
40                        wdentry, err);
41         }
42
43         return err;
44 }
45
46 struct dentry *ovl_lookup_temp(struct dentry *workdir)
47 {
48         struct dentry *temp;
49         char name[20];
50         static atomic_t temp_id = ATOMIC_INIT(0);
51
52         /* counter is allowed to wrap, since temp dentries are ephemeral */
53         snprintf(name, sizeof(name), "#%x", atomic_inc_return(&temp_id));
54
55         temp = lookup_one_len(name, workdir, strlen(name));
56         if (!IS_ERR(temp) && temp->d_inode) {
57                 pr_err("overlayfs: workdir/%s already exists\n", name);
58                 dput(temp);
59                 temp = ERR_PTR(-EIO);
60         }
61
62         return temp;
63 }
64
65 /* caller holds i_mutex on workdir */
66 static struct dentry *ovl_whiteout(struct dentry *workdir,
67                                    struct dentry *dentry)
68 {
69         int err;
70         struct dentry *whiteout;
71         struct inode *wdir = workdir->d_inode;
72
73         whiteout = ovl_lookup_temp(workdir);
74         if (IS_ERR(whiteout))
75                 return whiteout;
76
77         err = ovl_do_whiteout(wdir, whiteout);
78         if (err) {
79                 dput(whiteout);
80                 whiteout = ERR_PTR(err);
81         }
82
83         return whiteout;
84 }
85
86 int ovl_create_real(struct inode *dir, struct dentry *newdentry,
87                     struct cattr *attr, struct dentry *hardlink, bool debug)
88 {
89         int err;
90
91         if (newdentry->d_inode)
92                 return -ESTALE;
93
94         if (hardlink) {
95                 err = ovl_do_link(hardlink, dir, newdentry, debug);
96         } else {
97                 switch (attr->mode & S_IFMT) {
98                 case S_IFREG:
99                         err = ovl_do_create(dir, newdentry, attr->mode, debug);
100                         break;
101
102                 case S_IFDIR:
103                         err = ovl_do_mkdir(dir, newdentry, attr->mode, debug);
104                         break;
105
106                 case S_IFCHR:
107                 case S_IFBLK:
108                 case S_IFIFO:
109                 case S_IFSOCK:
110                         err = ovl_do_mknod(dir, newdentry,
111                                            attr->mode, attr->rdev, debug);
112                         break;
113
114                 case S_IFLNK:
115                         err = ovl_do_symlink(dir, newdentry, attr->link, debug);
116                         break;
117
118                 default:
119                         err = -EPERM;
120                 }
121         }
122         if (!err && WARN_ON(!newdentry->d_inode)) {
123                 /*
124                  * Not quite sure if non-instantiated dentry is legal or not.
125                  * VFS doesn't seem to care so check and warn here.
126                  */
127                 err = -ENOENT;
128         }
129         return err;
130 }
131
132 static int ovl_set_opaque_xerr(struct dentry *dentry, struct dentry *upper,
133                                int xerr)
134 {
135         int err;
136
137         err = ovl_check_setxattr(dentry, upper, OVL_XATTR_OPAQUE, "y", 1, xerr);
138         if (!err)
139                 ovl_dentry_set_opaque(dentry);
140
141         return err;
142 }
143
144 static int ovl_set_opaque(struct dentry *dentry, struct dentry *upperdentry)
145 {
146         /*
147          * Fail with -EIO when trying to create opaque dir and upper doesn't
148          * support xattrs. ovl_rename() calls ovl_set_opaque_xerr(-EXDEV) to
149          * return a specific error for noxattr case.
150          */
151         return ovl_set_opaque_xerr(dentry, upperdentry, -EIO);
152 }
153
154 /* Common operations required to be done after creation of file on upper */
155 static void ovl_instantiate(struct dentry *dentry, struct inode *inode,
156                             struct dentry *newdentry, bool hardlink)
157 {
158         ovl_dentry_version_inc(dentry->d_parent, false);
159         ovl_dentry_set_upper_alias(dentry);
160         if (!hardlink) {
161                 ovl_inode_update(inode, newdentry);
162                 ovl_copyattr(newdentry->d_inode, inode);
163         } else {
164                 WARN_ON(ovl_inode_real(inode) != d_inode(newdentry));
165                 dput(newdentry);
166                 inc_nlink(inode);
167         }
168         d_instantiate(dentry, inode);
169         /* Force lookup of new upper hardlink to find its lower */
170         if (hardlink)
171                 d_drop(dentry);
172 }
173
174 static bool ovl_type_merge(struct dentry *dentry)
175 {
176         return OVL_TYPE_MERGE(ovl_path_type(dentry));
177 }
178
179 static bool ovl_type_origin(struct dentry *dentry)
180 {
181         return OVL_TYPE_ORIGIN(ovl_path_type(dentry));
182 }
183
184 static int ovl_create_upper(struct dentry *dentry, struct inode *inode,
185                             struct cattr *attr, struct dentry *hardlink)
186 {
187         struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
188         struct inode *udir = upperdir->d_inode;
189         struct dentry *newdentry;
190         int err;
191
192         if (!hardlink && !IS_POSIXACL(udir))
193                 attr->mode &= ~current_umask();
194
195         inode_lock_nested(udir, I_MUTEX_PARENT);
196         newdentry = lookup_one_len(dentry->d_name.name, upperdir,
197                                    dentry->d_name.len);
198         err = PTR_ERR(newdentry);
199         if (IS_ERR(newdentry))
200                 goto out_unlock;
201         err = ovl_create_real(udir, newdentry, attr, hardlink, false);
202         if (err)
203                 goto out_dput;
204
205         if (ovl_type_merge(dentry->d_parent) && d_is_dir(newdentry)) {
206                 /* Setting opaque here is just an optimization, allow to fail */
207                 ovl_set_opaque(dentry, newdentry);
208         }
209
210         ovl_instantiate(dentry, inode, newdentry, !!hardlink);
211         newdentry = NULL;
212 out_dput:
213         dput(newdentry);
214 out_unlock:
215         inode_unlock(udir);
216         return err;
217 }
218
219 static struct dentry *ovl_clear_empty(struct dentry *dentry,
220                                       struct list_head *list)
221 {
222         struct dentry *workdir = ovl_workdir(dentry);
223         struct inode *wdir = workdir->d_inode;
224         struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
225         struct inode *udir = upperdir->d_inode;
226         struct path upperpath;
227         struct dentry *upper;
228         struct dentry *opaquedir;
229         struct kstat stat;
230         int err;
231
232         if (WARN_ON(!workdir))
233                 return ERR_PTR(-EROFS);
234
235         err = ovl_lock_rename_workdir(workdir, upperdir);
236         if (err)
237                 goto out;
238
239         ovl_path_upper(dentry, &upperpath);
240         err = vfs_getattr(&upperpath, &stat,
241                           STATX_BASIC_STATS, AT_STATX_SYNC_AS_STAT);
242         if (err)
243                 goto out_unlock;
244
245         err = -ESTALE;
246         if (!S_ISDIR(stat.mode))
247                 goto out_unlock;
248         upper = upperpath.dentry;
249         if (upper->d_parent->d_inode != udir)
250                 goto out_unlock;
251
252         opaquedir = ovl_lookup_temp(workdir);
253         err = PTR_ERR(opaquedir);
254         if (IS_ERR(opaquedir))
255                 goto out_unlock;
256
257         err = ovl_create_real(wdir, opaquedir,
258                               &(struct cattr){.mode = stat.mode}, NULL, true);
259         if (err)
260                 goto out_dput;
261
262         err = ovl_copy_xattr(upper, opaquedir);
263         if (err)
264                 goto out_cleanup;
265
266         err = ovl_set_opaque(dentry, opaquedir);
267         if (err)
268                 goto out_cleanup;
269
270         inode_lock(opaquedir->d_inode);
271         err = ovl_set_attr(opaquedir, &stat);
272         inode_unlock(opaquedir->d_inode);
273         if (err)
274                 goto out_cleanup;
275
276         err = ovl_do_rename(wdir, opaquedir, udir, upper, RENAME_EXCHANGE);
277         if (err)
278                 goto out_cleanup;
279
280         ovl_cleanup_whiteouts(upper, list);
281         ovl_cleanup(wdir, upper);
282         unlock_rename(workdir, upperdir);
283
284         /* dentry's upper doesn't match now, get rid of it */
285         d_drop(dentry);
286
287         return opaquedir;
288
289 out_cleanup:
290         ovl_cleanup(wdir, opaquedir);
291 out_dput:
292         dput(opaquedir);
293 out_unlock:
294         unlock_rename(workdir, upperdir);
295 out:
296         return ERR_PTR(err);
297 }
298
299 static struct dentry *ovl_check_empty_and_clear(struct dentry *dentry)
300 {
301         int err;
302         struct dentry *ret = NULL;
303         enum ovl_path_type type = ovl_path_type(dentry);
304         LIST_HEAD(list);
305
306         err = ovl_check_empty_dir(dentry, &list);
307         if (err) {
308                 ret = ERR_PTR(err);
309                 goto out_free;
310         }
311
312         /*
313          * When removing an empty opaque directory, then it makes no sense to
314          * replace it with an exact replica of itself.
315          *
316          * If no upperdentry then skip clearing whiteouts.
317          *
318          * Can race with copy-up, since we don't hold the upperdir mutex.
319          * Doesn't matter, since copy-up can't create a non-empty directory
320          * from an empty one.
321          */
322         if (OVL_TYPE_UPPER(type) && OVL_TYPE_MERGE(type))
323                 ret = ovl_clear_empty(dentry, &list);
324
325 out_free:
326         ovl_cache_free(&list);
327
328         return ret;
329 }
330
331 static int ovl_set_upper_acl(struct dentry *upperdentry, const char *name,
332                              const struct posix_acl *acl)
333 {
334         void *buffer;
335         size_t size;
336         int err;
337
338         if (!IS_ENABLED(CONFIG_FS_POSIX_ACL) || !acl)
339                 return 0;
340
341         size = posix_acl_to_xattr(NULL, acl, NULL, 0);
342         buffer = kmalloc(size, GFP_KERNEL);
343         if (!buffer)
344                 return -ENOMEM;
345
346         size = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);
347         err = size;
348         if (err < 0)
349                 goto out_free;
350
351         err = vfs_setxattr(upperdentry, name, buffer, size, XATTR_CREATE);
352 out_free:
353         kfree(buffer);
354         return err;
355 }
356
357 static int ovl_create_over_whiteout(struct dentry *dentry, struct inode *inode,
358                                     struct cattr *cattr,
359                                     struct dentry *hardlink)
360 {
361         struct dentry *workdir = ovl_workdir(dentry);
362         struct inode *wdir = workdir->d_inode;
363         struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
364         struct inode *udir = upperdir->d_inode;
365         struct dentry *upper;
366         struct dentry *newdentry;
367         int err;
368         struct posix_acl *acl, *default_acl;
369
370         if (WARN_ON(!workdir))
371                 return -EROFS;
372
373         if (!hardlink) {
374                 err = posix_acl_create(dentry->d_parent->d_inode,
375                                        &cattr->mode, &default_acl, &acl);
376                 if (err)
377                         return err;
378         }
379
380         err = ovl_lock_rename_workdir(workdir, upperdir);
381         if (err)
382                 goto out;
383
384         newdentry = ovl_lookup_temp(workdir);
385         err = PTR_ERR(newdentry);
386         if (IS_ERR(newdentry))
387                 goto out_unlock;
388
389         upper = lookup_one_len(dentry->d_name.name, upperdir,
390                                dentry->d_name.len);
391         err = PTR_ERR(upper);
392         if (IS_ERR(upper))
393                 goto out_dput;
394
395         err = ovl_create_real(wdir, newdentry, cattr, hardlink, true);
396         if (err)
397                 goto out_dput2;
398
399         /*
400          * mode could have been mutilated due to umask (e.g. sgid directory)
401          */
402         if (!hardlink &&
403             !S_ISLNK(cattr->mode) &&
404             newdentry->d_inode->i_mode != cattr->mode) {
405                 struct iattr attr = {
406                         .ia_valid = ATTR_MODE,
407                         .ia_mode = cattr->mode,
408                 };
409                 inode_lock(newdentry->d_inode);
410                 err = notify_change(newdentry, &attr, NULL);
411                 inode_unlock(newdentry->d_inode);
412                 if (err)
413                         goto out_cleanup;
414         }
415         if (!hardlink) {
416                 err = ovl_set_upper_acl(newdentry, XATTR_NAME_POSIX_ACL_ACCESS,
417                                         acl);
418                 if (err)
419                         goto out_cleanup;
420
421                 err = ovl_set_upper_acl(newdentry, XATTR_NAME_POSIX_ACL_DEFAULT,
422                                         default_acl);
423                 if (err)
424                         goto out_cleanup;
425         }
426
427         if (!hardlink && S_ISDIR(cattr->mode)) {
428                 err = ovl_set_opaque(dentry, newdentry);
429                 if (err)
430                         goto out_cleanup;
431
432                 err = ovl_do_rename(wdir, newdentry, udir, upper,
433                                     RENAME_EXCHANGE);
434                 if (err)
435                         goto out_cleanup;
436
437                 ovl_cleanup(wdir, upper);
438         } else {
439                 err = ovl_do_rename(wdir, newdentry, udir, upper, 0);
440                 if (err)
441                         goto out_cleanup;
442         }
443         ovl_instantiate(dentry, inode, newdentry, !!hardlink);
444         newdentry = NULL;
445 out_dput2:
446         dput(upper);
447 out_dput:
448         dput(newdentry);
449 out_unlock:
450         unlock_rename(workdir, upperdir);
451 out:
452         if (!hardlink) {
453                 posix_acl_release(acl);
454                 posix_acl_release(default_acl);
455         }
456         return err;
457
458 out_cleanup:
459         ovl_cleanup(wdir, newdentry);
460         goto out_dput2;
461 }
462
463 static int ovl_create_or_link(struct dentry *dentry, struct inode *inode,
464                               struct cattr *attr, struct dentry *hardlink,
465                               bool origin)
466 {
467         int err;
468         const struct cred *old_cred;
469         struct cred *override_cred;
470         struct dentry *parent = dentry->d_parent;
471
472         err = ovl_copy_up(parent);
473         if (err)
474                 return err;
475
476         old_cred = ovl_override_creds(dentry->d_sb);
477
478         /*
479          * When linking a file with copy up origin into a new parent, mark the
480          * new parent dir "impure".
481          */
482         if (origin) {
483                 err = ovl_set_impure(parent, ovl_dentry_upper(parent));
484                 if (err)
485                         goto out_revert_creds;
486         }
487
488         err = -ENOMEM;
489         override_cred = prepare_creds();
490         if (override_cred) {
491                 override_cred->fsuid = inode->i_uid;
492                 override_cred->fsgid = inode->i_gid;
493                 if (!hardlink) {
494                         err = security_dentry_create_files_as(dentry,
495                                         attr->mode, &dentry->d_name, old_cred,
496                                         override_cred);
497                         if (err) {
498                                 put_cred(override_cred);
499                                 goto out_revert_creds;
500                         }
501                 }
502                 put_cred(override_creds(override_cred));
503                 put_cred(override_cred);
504
505                 if (!ovl_dentry_is_whiteout(dentry))
506                         err = ovl_create_upper(dentry, inode, attr,
507                                                 hardlink);
508                 else
509                         err = ovl_create_over_whiteout(dentry, inode, attr,
510                                                         hardlink);
511         }
512 out_revert_creds:
513         revert_creds(old_cred);
514         if (!err) {
515                 struct inode *realinode = d_inode(ovl_dentry_upper(dentry));
516
517                 WARN_ON(inode->i_mode != realinode->i_mode);
518                 WARN_ON(!uid_eq(inode->i_uid, realinode->i_uid));
519                 WARN_ON(!gid_eq(inode->i_gid, realinode->i_gid));
520         }
521         return err;
522 }
523
524 static int ovl_create_object(struct dentry *dentry, int mode, dev_t rdev,
525                              const char *link)
526 {
527         int err;
528         struct inode *inode;
529         struct cattr attr = {
530                 .rdev = rdev,
531                 .link = link,
532         };
533
534         err = ovl_want_write(dentry);
535         if (err)
536                 goto out;
537
538         err = -ENOMEM;
539         inode = ovl_new_inode(dentry->d_sb, mode, rdev);
540         if (!inode)
541                 goto out_drop_write;
542
543         inode_init_owner(inode, dentry->d_parent->d_inode, mode);
544         attr.mode = inode->i_mode;
545
546         err = ovl_create_or_link(dentry, inode, &attr, NULL, false);
547         if (err)
548                 iput(inode);
549
550 out_drop_write:
551         ovl_drop_write(dentry);
552 out:
553         return err;
554 }
555
556 static int ovl_create(struct inode *dir, struct dentry *dentry, umode_t mode,
557                       bool excl)
558 {
559         return ovl_create_object(dentry, (mode & 07777) | S_IFREG, 0, NULL);
560 }
561
562 static int ovl_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
563 {
564         return ovl_create_object(dentry, (mode & 07777) | S_IFDIR, 0, NULL);
565 }
566
567 static int ovl_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
568                      dev_t rdev)
569 {
570         /* Don't allow creation of "whiteout" on overlay */
571         if (S_ISCHR(mode) && rdev == WHITEOUT_DEV)
572                 return -EPERM;
573
574         return ovl_create_object(dentry, mode, rdev, NULL);
575 }
576
577 static int ovl_symlink(struct inode *dir, struct dentry *dentry,
578                        const char *link)
579 {
580         return ovl_create_object(dentry, S_IFLNK, 0, link);
581 }
582
583 static int ovl_link(struct dentry *old, struct inode *newdir,
584                     struct dentry *new)
585 {
586         int err;
587         bool locked = false;
588         struct inode *inode;
589
590         err = ovl_want_write(old);
591         if (err)
592                 goto out;
593
594         err = ovl_copy_up(old);
595         if (err)
596                 goto out_drop_write;
597
598         err = ovl_nlink_start(old, &locked);
599         if (err)
600                 goto out_drop_write;
601
602         inode = d_inode(old);
603         ihold(inode);
604
605         err = ovl_create_or_link(new, inode, NULL, ovl_dentry_upper(old),
606                                  ovl_type_origin(old));
607         if (err)
608                 iput(inode);
609
610         ovl_nlink_end(old, locked);
611 out_drop_write:
612         ovl_drop_write(old);
613 out:
614         return err;
615 }
616
617 static bool ovl_matches_upper(struct dentry *dentry, struct dentry *upper)
618 {
619         return d_inode(ovl_dentry_upper(dentry)) == d_inode(upper);
620 }
621
622 static int ovl_remove_and_whiteout(struct dentry *dentry, bool is_dir)
623 {
624         struct dentry *workdir = ovl_workdir(dentry);
625         struct inode *wdir = workdir->d_inode;
626         struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
627         struct inode *udir = upperdir->d_inode;
628         struct dentry *whiteout;
629         struct dentry *upper;
630         struct dentry *opaquedir = NULL;
631         int err;
632         int flags = 0;
633
634         if (WARN_ON(!workdir))
635                 return -EROFS;
636
637         if (is_dir) {
638                 opaquedir = ovl_check_empty_and_clear(dentry);
639                 err = PTR_ERR(opaquedir);
640                 if (IS_ERR(opaquedir))
641                         goto out;
642         }
643
644         err = ovl_lock_rename_workdir(workdir, upperdir);
645         if (err)
646                 goto out_dput;
647
648         upper = lookup_one_len(dentry->d_name.name, upperdir,
649                                dentry->d_name.len);
650         err = PTR_ERR(upper);
651         if (IS_ERR(upper))
652                 goto out_unlock;
653
654         err = -ESTALE;
655         if ((opaquedir && upper != opaquedir) ||
656             (!opaquedir && ovl_dentry_upper(dentry) &&
657              !ovl_matches_upper(dentry, upper))) {
658                 goto out_dput_upper;
659         }
660
661         whiteout = ovl_whiteout(workdir, dentry);
662         err = PTR_ERR(whiteout);
663         if (IS_ERR(whiteout))
664                 goto out_dput_upper;
665
666         if (d_is_dir(upper))
667                 flags = RENAME_EXCHANGE;
668
669         err = ovl_do_rename(wdir, whiteout, udir, upper, flags);
670         if (err)
671                 goto kill_whiteout;
672         if (flags)
673                 ovl_cleanup(wdir, upper);
674
675         ovl_dentry_version_inc(dentry->d_parent, true);
676 out_d_drop:
677         d_drop(dentry);
678         dput(whiteout);
679 out_dput_upper:
680         dput(upper);
681 out_unlock:
682         unlock_rename(workdir, upperdir);
683 out_dput:
684         dput(opaquedir);
685 out:
686         return err;
687
688 kill_whiteout:
689         ovl_cleanup(wdir, whiteout);
690         goto out_d_drop;
691 }
692
693 static int ovl_remove_upper(struct dentry *dentry, bool is_dir)
694 {
695         struct dentry *upperdir = ovl_dentry_upper(dentry->d_parent);
696         struct inode *dir = upperdir->d_inode;
697         struct dentry *upper;
698         struct dentry *opaquedir = NULL;
699         int err;
700
701         /* Redirect dir can be !ovl_lower_positive && OVL_TYPE_MERGE */
702         if (is_dir && ovl_dentry_get_redirect(dentry)) {
703                 opaquedir = ovl_check_empty_and_clear(dentry);
704                 err = PTR_ERR(opaquedir);
705                 if (IS_ERR(opaquedir))
706                         goto out;
707         }
708
709         inode_lock_nested(dir, I_MUTEX_PARENT);
710         upper = lookup_one_len(dentry->d_name.name, upperdir,
711                                dentry->d_name.len);
712         err = PTR_ERR(upper);
713         if (IS_ERR(upper))
714                 goto out_unlock;
715
716         err = -ESTALE;
717         if ((opaquedir && upper != opaquedir) ||
718             (!opaquedir && !ovl_matches_upper(dentry, upper)))
719                 goto out_dput_upper;
720
721         if (is_dir)
722                 err = vfs_rmdir(dir, upper);
723         else
724                 err = vfs_unlink(dir, upper, NULL);
725         ovl_dentry_version_inc(dentry->d_parent, ovl_type_origin(dentry));
726
727         /*
728          * Keeping this dentry hashed would mean having to release
729          * upperpath/lowerpath, which could only be done if we are the
730          * sole user of this dentry.  Too tricky...  Just unhash for
731          * now.
732          */
733         if (!err)
734                 d_drop(dentry);
735 out_dput_upper:
736         dput(upper);
737 out_unlock:
738         inode_unlock(dir);
739         dput(opaquedir);
740 out:
741         return err;
742 }
743
744 static int ovl_do_remove(struct dentry *dentry, bool is_dir)
745 {
746         int err;
747         bool locked = false;
748         const struct cred *old_cred;
749
750         err = ovl_want_write(dentry);
751         if (err)
752                 goto out;
753
754         err = ovl_copy_up(dentry->d_parent);
755         if (err)
756                 goto out_drop_write;
757
758         err = ovl_nlink_start(dentry, &locked);
759         if (err)
760                 goto out_drop_write;
761
762         old_cred = ovl_override_creds(dentry->d_sb);
763         if (!ovl_lower_positive(dentry))
764                 err = ovl_remove_upper(dentry, is_dir);
765         else
766                 err = ovl_remove_and_whiteout(dentry, is_dir);
767         revert_creds(old_cred);
768         if (!err) {
769                 if (is_dir)
770                         clear_nlink(dentry->d_inode);
771                 else
772                         drop_nlink(dentry->d_inode);
773         }
774         ovl_nlink_end(dentry, locked);
775 out_drop_write:
776         ovl_drop_write(dentry);
777 out:
778         return err;
779 }
780
781 static int ovl_unlink(struct inode *dir, struct dentry *dentry)
782 {
783         return ovl_do_remove(dentry, false);
784 }
785
786 static int ovl_rmdir(struct inode *dir, struct dentry *dentry)
787 {
788         return ovl_do_remove(dentry, true);
789 }
790
791 static bool ovl_type_merge_or_lower(struct dentry *dentry)
792 {
793         enum ovl_path_type type = ovl_path_type(dentry);
794
795         return OVL_TYPE_MERGE(type) || !OVL_TYPE_UPPER(type);
796 }
797
798 static bool ovl_can_move(struct dentry *dentry)
799 {
800         return ovl_redirect_dir(dentry->d_sb) ||
801                 !d_is_dir(dentry) || !ovl_type_merge_or_lower(dentry);
802 }
803
804 static char *ovl_get_redirect(struct dentry *dentry, bool samedir)
805 {
806         char *buf, *ret;
807         struct dentry *d, *tmp;
808         int buflen = ovl_redirect_max + 1;
809
810         if (samedir) {
811                 ret = kstrndup(dentry->d_name.name, dentry->d_name.len,
812                                GFP_KERNEL);
813                 goto out;
814         }
815
816         buf = ret = kmalloc(buflen, GFP_KERNEL);
817         if (!buf)
818                 goto out;
819
820         buflen--;
821         buf[buflen] = '\0';
822         for (d = dget(dentry); !IS_ROOT(d);) {
823                 const char *name;
824                 int thislen;
825
826                 spin_lock(&d->d_lock);
827                 name = ovl_dentry_get_redirect(d);
828                 if (name) {
829                         thislen = strlen(name);
830                 } else {
831                         name = d->d_name.name;
832                         thislen = d->d_name.len;
833                 }
834
835                 /* If path is too long, fall back to userspace move */
836                 if (thislen + (name[0] != '/') > buflen) {
837                         ret = ERR_PTR(-EXDEV);
838                         spin_unlock(&d->d_lock);
839                         goto out_put;
840                 }
841
842                 buflen -= thislen;
843                 memcpy(&buf[buflen], name, thislen);
844                 tmp = dget_dlock(d->d_parent);
845                 spin_unlock(&d->d_lock);
846
847                 dput(d);
848                 d = tmp;
849
850                 /* Absolute redirect: finished */
851                 if (buf[buflen] == '/')
852                         break;
853                 buflen--;
854                 buf[buflen] = '/';
855         }
856         ret = kstrdup(&buf[buflen], GFP_KERNEL);
857 out_put:
858         dput(d);
859         kfree(buf);
860 out:
861         return ret ? ret : ERR_PTR(-ENOMEM);
862 }
863
864 static int ovl_set_redirect(struct dentry *dentry, bool samedir)
865 {
866         int err;
867         const char *redirect = ovl_dentry_get_redirect(dentry);
868
869         if (redirect && (samedir || redirect[0] == '/'))
870                 return 0;
871
872         redirect = ovl_get_redirect(dentry, samedir);
873         if (IS_ERR(redirect))
874                 return PTR_ERR(redirect);
875
876         err = ovl_check_setxattr(dentry, ovl_dentry_upper(dentry),
877                                  OVL_XATTR_REDIRECT,
878                                  redirect, strlen(redirect), -EXDEV);
879         if (!err) {
880                 spin_lock(&dentry->d_lock);
881                 ovl_dentry_set_redirect(dentry, redirect);
882                 spin_unlock(&dentry->d_lock);
883         } else {
884                 kfree(redirect);
885                 pr_warn_ratelimited("overlay: failed to set redirect (%i)\n", err);
886                 /* Fall back to userspace copy-up */
887                 err = -EXDEV;
888         }
889         return err;
890 }
891
892 static int ovl_rename(struct inode *olddir, struct dentry *old,
893                       struct inode *newdir, struct dentry *new,
894                       unsigned int flags)
895 {
896         int err;
897         bool locked = false;
898         struct dentry *old_upperdir;
899         struct dentry *new_upperdir;
900         struct dentry *olddentry;
901         struct dentry *newdentry;
902         struct dentry *trap;
903         bool old_opaque;
904         bool new_opaque;
905         bool cleanup_whiteout = false;
906         bool overwrite = !(flags & RENAME_EXCHANGE);
907         bool is_dir = d_is_dir(old);
908         bool new_is_dir = d_is_dir(new);
909         bool samedir = olddir == newdir;
910         struct dentry *opaquedir = NULL;
911         const struct cred *old_cred = NULL;
912
913         err = -EINVAL;
914         if (flags & ~(RENAME_EXCHANGE | RENAME_NOREPLACE))
915                 goto out;
916
917         flags &= ~RENAME_NOREPLACE;
918
919         /* Don't copy up directory trees */
920         err = -EXDEV;
921         if (!ovl_can_move(old))
922                 goto out;
923         if (!overwrite && !ovl_can_move(new))
924                 goto out;
925
926         err = ovl_want_write(old);
927         if (err)
928                 goto out;
929
930         err = ovl_copy_up(old);
931         if (err)
932                 goto out_drop_write;
933
934         err = ovl_copy_up(new->d_parent);
935         if (err)
936                 goto out_drop_write;
937         if (!overwrite) {
938                 err = ovl_copy_up(new);
939                 if (err)
940                         goto out_drop_write;
941         } else {
942                 err = ovl_nlink_start(new, &locked);
943                 if (err)
944                         goto out_drop_write;
945         }
946
947         old_cred = ovl_override_creds(old->d_sb);
948
949         if (overwrite && new_is_dir && ovl_type_merge_or_lower(new)) {
950                 opaquedir = ovl_check_empty_and_clear(new);
951                 err = PTR_ERR(opaquedir);
952                 if (IS_ERR(opaquedir)) {
953                         opaquedir = NULL;
954                         goto out_revert_creds;
955                 }
956         }
957
958         if (overwrite) {
959                 if (ovl_lower_positive(old)) {
960                         if (!ovl_dentry_is_whiteout(new)) {
961                                 /* Whiteout source */
962                                 flags |= RENAME_WHITEOUT;
963                         } else {
964                                 /* Switch whiteouts */
965                                 flags |= RENAME_EXCHANGE;
966                         }
967                 } else if (is_dir && ovl_dentry_is_whiteout(new)) {
968                         flags |= RENAME_EXCHANGE;
969                         cleanup_whiteout = true;
970                 }
971         }
972
973         old_upperdir = ovl_dentry_upper(old->d_parent);
974         new_upperdir = ovl_dentry_upper(new->d_parent);
975
976         if (!samedir) {
977                 /*
978                  * When moving a merge dir or non-dir with copy up origin into
979                  * a new parent, we are marking the new parent dir "impure".
980                  * When ovl_iterate() iterates an "impure" upper dir, it will
981                  * lookup the origin inodes of the entries to fill d_ino.
982                  */
983                 if (ovl_type_origin(old)) {
984                         err = ovl_set_impure(new->d_parent, new_upperdir);
985                         if (err)
986                                 goto out_revert_creds;
987                 }
988                 if (!overwrite && ovl_type_origin(new)) {
989                         err = ovl_set_impure(old->d_parent, old_upperdir);
990                         if (err)
991                                 goto out_revert_creds;
992                 }
993         }
994
995         trap = lock_rename(new_upperdir, old_upperdir);
996
997         olddentry = lookup_one_len(old->d_name.name, old_upperdir,
998                                    old->d_name.len);
999         err = PTR_ERR(olddentry);
1000         if (IS_ERR(olddentry))
1001                 goto out_unlock;
1002
1003         err = -ESTALE;
1004         if (!ovl_matches_upper(old, olddentry))
1005                 goto out_dput_old;
1006
1007         newdentry = lookup_one_len(new->d_name.name, new_upperdir,
1008                                    new->d_name.len);
1009         err = PTR_ERR(newdentry);
1010         if (IS_ERR(newdentry))
1011                 goto out_dput_old;
1012
1013         old_opaque = ovl_dentry_is_opaque(old);
1014         new_opaque = ovl_dentry_is_opaque(new);
1015
1016         err = -ESTALE;
1017         if (d_inode(new) && ovl_dentry_upper(new)) {
1018                 if (opaquedir) {
1019                         if (newdentry != opaquedir)
1020                                 goto out_dput;
1021                 } else {
1022                         if (!ovl_matches_upper(new, newdentry))
1023                                 goto out_dput;
1024                 }
1025         } else {
1026                 if (!d_is_negative(newdentry) &&
1027                     (!new_opaque || !ovl_is_whiteout(newdentry)))
1028                         goto out_dput;
1029         }
1030
1031         if (olddentry == trap)
1032                 goto out_dput;
1033         if (newdentry == trap)
1034                 goto out_dput;
1035
1036         if (WARN_ON(olddentry->d_inode == newdentry->d_inode))
1037                 goto out_dput;
1038
1039         err = 0;
1040         if (is_dir) {
1041                 if (ovl_type_merge_or_lower(old))
1042                         err = ovl_set_redirect(old, samedir);
1043                 else if (!old_opaque && ovl_type_merge(new->d_parent))
1044                         err = ovl_set_opaque_xerr(old, olddentry, -EXDEV);
1045                 if (err)
1046                         goto out_dput;
1047         }
1048         if (!overwrite && new_is_dir) {
1049                 if (ovl_type_merge_or_lower(new))
1050                         err = ovl_set_redirect(new, samedir);
1051                 else if (!new_opaque && ovl_type_merge(old->d_parent))
1052                         err = ovl_set_opaque_xerr(new, newdentry, -EXDEV);
1053                 if (err)
1054                         goto out_dput;
1055         }
1056
1057         err = ovl_do_rename(old_upperdir->d_inode, olddentry,
1058                             new_upperdir->d_inode, newdentry, flags);
1059         if (err)
1060                 goto out_dput;
1061
1062         if (cleanup_whiteout)
1063                 ovl_cleanup(old_upperdir->d_inode, newdentry);
1064
1065         if (overwrite && d_inode(new)) {
1066                 if (new_is_dir)
1067                         clear_nlink(d_inode(new));
1068                 else
1069                         drop_nlink(d_inode(new));
1070         }
1071
1072         ovl_dentry_version_inc(old->d_parent,
1073                                !overwrite && ovl_type_origin(new));
1074         ovl_dentry_version_inc(new->d_parent, ovl_type_origin(old));
1075
1076 out_dput:
1077         dput(newdentry);
1078 out_dput_old:
1079         dput(olddentry);
1080 out_unlock:
1081         unlock_rename(new_upperdir, old_upperdir);
1082 out_revert_creds:
1083         revert_creds(old_cred);
1084         ovl_nlink_end(new, locked);
1085 out_drop_write:
1086         ovl_drop_write(old);
1087 out:
1088         dput(opaquedir);
1089         return err;
1090 }
1091
1092 const struct inode_operations ovl_dir_inode_operations = {
1093         .lookup         = ovl_lookup,
1094         .mkdir          = ovl_mkdir,
1095         .symlink        = ovl_symlink,
1096         .unlink         = ovl_unlink,
1097         .rmdir          = ovl_rmdir,
1098         .rename         = ovl_rename,
1099         .link           = ovl_link,
1100         .setattr        = ovl_setattr,
1101         .create         = ovl_create,
1102         .mknod          = ovl_mknod,
1103         .permission     = ovl_permission,
1104         .getattr        = ovl_getattr,
1105         .listxattr      = ovl_listxattr,
1106         .get_acl        = ovl_get_acl,
1107         .update_time    = ovl_update_time,
1108 };