Merge tag 'ovl-update-4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs

"trusted." xattrs will require CAP_SYS_ADMIN. But it should be possible

for untrusted layers like from a pen drive.

Note: redirect_dir={off|nofollow|follow(*)} conflicts with metacopy=on, and

results in an error.

(*) redirect_dir=follow only conflicts with metacopy=on if upperdir=... is

given.

Sharing and copying layers

--------------------------

		return ioctl_fiemap(filp, arg);

	case FIGETBSZ:

		/* anon_bdev filesystems may not have a block size */

		if (!inode->i_sb->s_blocksize)

			return -EINVAL;

		return put_user(inode->i_sb->s_blocksize, argp);

	case FICLONE:

	struct dentry *destdir;

	struct qstr destname;

	struct dentry *workdir;

	bool tmpfile;

	bool origin;

	bool indexed;

	bool metacopy;

	return err;

}

static int ovl_install_temp(struct ovl_copy_up_ctx *c, struct dentry *temp,

			    struct dentry **newdentry)

{

	int err;

	struct dentry *upper;

	struct inode *udir = d_inode(c->destdir);

	upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);

	if (IS_ERR(upper))

		return PTR_ERR(upper);

	if (c->tmpfile)

		err = ovl_do_link(temp, udir, upper);

	else

		err = ovl_do_rename(d_inode(c->workdir), temp, udir, upper, 0);

	if (!err)

		*newdentry = dget(c->tmpfile ? upper : temp);

	dput(upper);

	return err;

}

static struct dentry *ovl_get_tmpfile(struct ovl_copy_up_ctx *c)

{

	int err;

	struct dentry *temp;

	const struct cred *old_creds = NULL;

	struct cred *new_creds = NULL;

	struct ovl_cattr cattr = {

		/* Can't properly set mode on creation because of the umask */

		.mode = c->stat.mode & S_IFMT,

		.rdev = c->stat.rdev,

		.link = c->link

	};

	err = security_inode_copy_up(c->dentry, &new_creds);

	temp = ERR_PTR(err);

	if (err < 0)

		goto out;

	if (new_creds)

		old_creds = override_creds(new_creds);

	if (c->tmpfile)

		temp = ovl_do_tmpfile(c->workdir, c->stat.mode);

	else

		temp = ovl_create_temp(c->workdir, &cattr);

out:

	if (new_creds) {

		revert_creds(old_creds);

		put_cred(new_creds);

	}

	return temp;

}

static int ovl_copy_up_inode(struct ovl_copy_up_ctx *c, struct dentry *temp)

{

	int err;

	return err;

}

static int ovl_copy_up_locked(struct ovl_copy_up_ctx *c)

struct ovl_cu_creds {

	const struct cred *old;

	struct cred *new;

};

static int ovl_prep_cu_creds(struct dentry *dentry, struct ovl_cu_creds *cc)

{

	int err;

	cc->old = cc->new = NULL;

	err = security_inode_copy_up(dentry, &cc->new);

	if (err < 0)

		return err;

	if (cc->new)

		cc->old = override_creds(cc->new);

	return 0;

}

static void ovl_revert_cu_creds(struct ovl_cu_creds *cc)

{

	if (cc->new) {

		revert_creds(cc->old);

		put_cred(cc->new);

	}

}

/*

 * Copyup using workdir to prepare temp file.  Used when copying up directories,

 * special files or when upper fs doesn't support O_TMPFILE.

 */

static int ovl_copy_up_workdir(struct ovl_copy_up_ctx *c)

{

	struct inode *udir = c->destdir->d_inode;

	struct inode *inode;

	struct dentry *newdentry = NULL;

	struct dentry *temp;

	struct inode *udir = d_inode(c->destdir), *wdir = d_inode(c->workdir);

	struct dentry *temp, *upper;

	struct ovl_cu_creds cc;

	int err;

	struct ovl_cattr cattr = {

		/* Can't properly set mode on creation because of the umask */

		.mode = c->stat.mode & S_IFMT,

		.rdev = c->stat.rdev,

		.link = c->link

	};

	err = ovl_lock_rename_workdir(c->workdir, c->destdir);

	if (err)

		return err;

	temp = ovl_get_tmpfile(c);

	err = ovl_prep_cu_creds(c->dentry, &cc);

	if (err)

		goto unlock;

	temp = ovl_create_temp(c->workdir, &cattr);

	ovl_revert_cu_creds(&cc);

	err = PTR_ERR(temp);

	if (IS_ERR(temp))

		return PTR_ERR(temp);

		goto unlock;

	err = ovl_copy_up_inode(c, temp);

	if (err)

		goto out;

		goto cleanup;

	if (S_ISDIR(c->stat.mode) && c->indexed) {

		err = ovl_create_index(c->dentry, c->lowerpath.dentry, temp);

		if (err)

			goto out;

			goto cleanup;

	}

	if (c->tmpfile) {

		inode_lock_nested(udir, I_MUTEX_PARENT);

		err = ovl_install_temp(c, temp, &newdentry);

		inode_unlock(udir);

	} else {

		err = ovl_install_temp(c, temp, &newdentry);

	}

	upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);

	err = PTR_ERR(upper);

	if (IS_ERR(upper))

		goto cleanup;

	err = ovl_do_rename(wdir, temp, udir, upper, 0);

	dput(upper);

	if (err)

		goto out;

		goto cleanup;

	if (!c->metacopy)

		ovl_set_upperdata(d_inode(c->dentry));

	inode = d_inode(c->dentry);

	ovl_inode_update(inode, newdentry);

	ovl_inode_update(inode, temp);

	if (S_ISDIR(inode->i_mode))

		ovl_set_flag(OVL_WHITEOUTS, inode);

unlock:

	unlock_rename(c->workdir, c->destdir);

out:

	if (err && !c->tmpfile)

		ovl_cleanup(d_inode(c->workdir), temp);

	return err;

cleanup:

	ovl_cleanup(wdir, temp);

	dput(temp);

	goto unlock;

}

/* Copyup using O_TMPFILE which does not require cross dir locking */

static int ovl_copy_up_tmpfile(struct ovl_copy_up_ctx *c)

{

	struct inode *udir = d_inode(c->destdir);

	struct dentry *temp, *upper;

	struct ovl_cu_creds cc;

	int err;

	err = ovl_prep_cu_creds(c->dentry, &cc);

	if (err)

		return err;

	temp = ovl_do_tmpfile(c->workdir, c->stat.mode);

	ovl_revert_cu_creds(&cc);

	if (IS_ERR(temp))

		return PTR_ERR(temp);

	err = ovl_copy_up_inode(c, temp);

	if (err)

		goto out_dput;

	inode_lock_nested(udir, I_MUTEX_PARENT);

	upper = lookup_one_len(c->destname.name, c->destdir, c->destname.len);

	err = PTR_ERR(upper);

	if (!IS_ERR(upper)) {

		err = ovl_do_link(temp, udir, upper);

		dput(upper);

	}

	inode_unlock(udir);

	if (err)

		goto out_dput;

	if (!c->metacopy)

		ovl_set_upperdata(d_inode(c->dentry));

	ovl_inode_update(d_inode(c->dentry), temp);

	return 0;

out_dput:

	dput(temp);

	return err;

}

/*

	}

	/* Should we copyup with O_TMPFILE or with workdir? */

	if (S_ISREG(c->stat.mode) && ofs->tmpfile) {

		c->tmpfile = true;

		err = ovl_copy_up_locked(c);

	} else {

		err = ovl_lock_rename_workdir(c->workdir, c->destdir);

		if (!err) {

			err = ovl_copy_up_locked(c);

			unlock_rename(c->workdir, c->destdir);

		}

	}

	if (S_ISREG(c->stat.mode) && ofs->tmpfile)

		err = ovl_copy_up_tmpfile(c);

	else

		err = ovl_copy_up_workdir(c);

	if (err)

		goto out;

	if (!IS_ENABLED(CONFIG_FS_POSIX_ACL) || !acl)

		return 0;

	size = posix_acl_to_xattr(NULL, acl, NULL, 0);

	size = posix_acl_xattr_size(acl->a_count);

	buffer = kmalloc(size, GFP_KERNEL);

	if (!buffer)

		return -ENOMEM;

	size = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);

	err = size;

	err = posix_acl_to_xattr(&init_user_ns, acl, buffer, size);

	if (err < 0)

		goto out_free;

	if (IS_ERR(upper))

		goto out_unlock;

	err = -ESTALE;

	if (d_is_negative(upper) || !IS_WHITEOUT(d_inode(upper)))

		goto out_dput;

	newdentry = ovl_create_temp(workdir, cattr);

	err = PTR_ERR(newdentry);

	if (IS_ERR(newdentry))

		    struct dentry *new)

{

	int err;

	bool locked = false;

	struct inode *inode;

	err = ovl_want_write(old);

	if (err)

		goto out_drop_write;

	err = ovl_copy_up(new->d_parent);

	if (err)

		goto out_drop_write;

	if (ovl_is_metacopy_dentry(old)) {

		err = ovl_set_redirect(old, false);

		if (err)

			goto out_drop_write;

	}

	err = ovl_nlink_start(old, &locked);

	err = ovl_nlink_start(old);

	if (err)

		goto out_drop_write;

	if (err)

		iput(inode);

	ovl_nlink_end(old, locked);

	ovl_nlink_end(old);

out_drop_write:

	ovl_drop_write(old);

out:

static int ovl_do_remove(struct dentry *dentry, bool is_dir)

{

	int err;

	bool locked = false;

	const struct cred *old_cred;

	struct dentry *upperdentry;

	bool lower_positive = ovl_lower_positive(dentry);

	if (err)

		goto out_drop_write;

	err = ovl_nlink_start(dentry, &locked);

	err = ovl_nlink_start(dentry);

	if (err)

		goto out_drop_write;

		else

			drop_nlink(dentry->d_inode);

	}

	ovl_nlink_end(dentry, locked);

	ovl_nlink_end(dentry);

	/*

	 * Copy ctime

		      unsigned int flags)

{

	int err;

	bool locked = false;

	struct dentry *old_upperdir;

	struct dentry *new_upperdir;

	struct dentry *olddentry;

	bool old_opaque;

	bool new_opaque;

	bool cleanup_whiteout = false;

	bool update_nlink = false;

	bool overwrite = !(flags & RENAME_EXCHANGE);

	bool is_dir = d_is_dir(old);

	bool new_is_dir = d_is_dir(new);

		err = ovl_copy_up(new);

		if (err)

			goto out_drop_write;

	} else {

		err = ovl_nlink_start(new, &locked);

	} else if (d_inode(new)) {

		err = ovl_nlink_start(new);

		if (err)

			goto out_drop_write;

		update_nlink = true;

	}

	old_cred = ovl_override_creds(old->d_sb);

	unlock_rename(new_upperdir, old_upperdir);

out_revert_creds:

	revert_creds(old_cred);

	ovl_nlink_end(new, locked);

	if (update_nlink)

		ovl_nlink_end(new);

out_drop_write:

	ovl_drop_write(old);

out:

	if (err)

		return err;

	old_cred = ovl_override_creds(inode->i_sb);

	if (!upperinode &&

	    !special_file(realinode->i_mode) && mask & MAY_WRITE) {

	/* No need to do any access on underlying for special files */

	if (special_file(realinode->i_mode))

		return 0;

	/* No need to access underlying for execute */

	mask &= ~MAY_EXEC;

	if ((mask & (MAY_READ | MAY_WRITE)) == 0)

		return 0;

	/* Lower files get copied up, so turn write access into read */

	if (!upperinode && mask & MAY_WRITE) {

		mask &= ~(MAY_WRITE | MAY_APPEND);

		/* Make sure mounter can read file for copy up later */

		mask |= MAY_READ;

	}

	old_cred = ovl_override_creds(inode->i_sb);

	err = inode_permission(realinode, mask);

	revert_creds(old_cred);