2 +++ b/Documentation/filesystems/overlayfs.txt
4 +Written by: Neil Brown <neilb@suse.de>
9 +This document describes a prototype for a new approach to providing
10 +overlay-filesystem functionality in Linux (sometimes referred to as
11 +union-filesystems). An overlay-filesystem tries to present a
12 +filesystem which is the result over overlaying one filesystem on top
15 +The result will inevitably fail to look exactly like a normal
16 +filesystem for various technical reasons. The expectation is that
17 +many use cases will be able to ignore these differences.
19 +This approach is 'hybrid' because the objects that appear in the
20 +filesystem do not all appear to belong to that filesystem. In many
21 +case an object accessed in the union will be indistinguishable
22 +from accessing the corresponding object from the original filesystem.
23 +This is most obvious from the 'st_dev' field returned by stat(2).
25 +While directories will report an st_dev for the overlay-filesystem,
26 +all non-directory objects will report an st_dev whichever of the
27 +'lower' or 'upper' filesystem that is providing the object. Similarly
28 +st_ino will only be unique when combined with st_dev, and both of
29 +these can change over the lifetime of a non-directory object. Many
30 +applications and tools ignore these values and will not be affected.
35 +An overlay filesystem combines two filesystems - an 'upper' filesystem
36 +and a 'lower' filesystem. When a name exists in both filesystems, the
37 +object in the 'upper' filesystem is visible while the object in the
38 +'lower' filesystem is either hidden or, in the case of directories,
39 +merged with the 'upper' object.
41 +It would be more correct to refer to an upper and lower 'directory
42 +tree' rather than 'filesystem' as it is quite possible for both
43 +directory trees to be in the same filesystem and there is no
44 +requirement that the root of a filesystem be given for either upper or
47 +The lower filesystem can be any filesystem supported by Linux and does
48 +not need to be writable. The lower filesystem can even be another
49 +overlayfs. The upper filesystem will normally be writable and if it
50 +is it must support the creation of trusted.* extended attributes, and
51 +must provide valid d_type in readdir responses, at least for symbolic
52 +links - so NFS is not suitable.
54 +A read-only overlay of two read-only filesystems may use any
60 +Overlaying mainly involved directories. If a given name appears in both
61 +upper and lower filesystems and refers to a non-directory in either,
62 +then the lower object is hidden - the name refers only to the upper
65 +Where both upper and lower objects are directories, a merged directory
68 +At mount time, the two directories given as mount options are combined
69 +into a merged directory. Then whenever a lookup is requested in such
70 +a merged directory, the lookup is performed in each actual directory
71 +and the combined result is cached in the dentry belonging to the overlay
72 +filesystem. If both actual lookups find directories, both are stored
73 +and a merged directory is created, otherwise only one is stored: the
74 +upper if it exists, else the lower.
76 +Only the lists of names from directories are merged. Other content
77 +such as metadata and extended attributes are reported for the upper
78 +directory only. These attributes of the lower directory are hidden.
80 +whiteouts and opaque directories
81 +--------------------------------
83 +In order to support rm and rmdir without changing the lower
84 +filesystem, an overlay filesystem needs to record in the upper filesystem
85 +that files have been removed. This is done using whiteouts and opaque
86 +directories (non-directories are always opaque).
88 +The overlay filesystem uses extended attributes with a
89 +"trusted.overlay." prefix to record these details.
91 +A whiteout is created as a symbolic link with target
92 +"(overlay-whiteout)" and with xattr "trusted.overlay.whiteout" set to "y".
93 +When a whiteout is found in the upper level of a merged directory, any
94 +matching name in the lower level is ignored, and the whiteout itself
97 +A directory is made opaque by setting the xattr "trusted.overlay.opaque"
98 +to "y". Where the upper filesystem contains an opaque directory, any
99 +directory in the lower filesystem with the same name is ignored.
104 +When a 'readdir' request is made on a merged directory, the upper and
105 +lower directories are each read and the name lists merged in the
106 +obvious way (upper is read first, then lower - entries that already
107 +exist are not re-added). This merged name list is cached in the
108 +'struct file' and so remains as long as the file is kept open. If the
109 +directory is opened and read by two processes at the same time, they
110 +will each have separate caches. A seekdir to the start of the
111 +directory (offset 0) followed by a readdir will cause the cache to be
112 +discarded and rebuilt.
114 +This means that changes to the merged directory do not appear while a
115 +directory is being read. This is unlikely to be noticed by many
118 +seek offsets are assigned sequentially when the directories are read.
120 + - read part of a directory
121 + - remember an offset, and close the directory
122 + - re-open the directory some time later
123 + - seek to the remembered offset
125 +there may be little correlation between the old and new locations in
126 +the list of filenames, particularly if anything has changed in the
129 +Readdir on directories that are not merged is simply handled by the
130 +underlying directory (upper or lower).
136 +Objects that are not directories (files, symlinks, device-special
137 +files etc) are presented either from the upper or lower filesystem as
138 +appropriate. When a file in the lower filesystem is accessed in a way
139 +the requires write-access; such as opening for write access, changing
140 +some metadata etc, the file is first copied from the lower filesystem
141 +to the upper filesystem (copy_up). Note that creating a hard-link
142 +also requires copy-up, though of course creation of a symlink does
145 +The copy_up process first makes sure that the containing directory
146 +exists in the upper filesystem - creating it and any parents as
147 +necessary. It then creates the object with the same metadata (owner,
148 +mode, mtime, symlink-target etc) and then if the object is a file, the
149 +data is copied from the lower to the upper filesystem. Finally any
150 +extended attributes are copied up.
152 +Once the copy_up is complete, the overlay filesystem simply
153 +provides direct access to the newly created file in the upper
154 +filesystem - future operations on the file are barely noticed by the
155 +overlay filesystem (though an operation on the name of the file such as
156 +rename or unlink will of course be noticed and handled).
158 +Changes to underlying filesystems
159 +---------------------------------
161 +Offline changes, when the overlay is not mounted, are allowed to either
162 +the upper or the lower trees.
164 +Changes to the underlying filesystems while part of a mounted overlay
165 +filesystem are not allowed. This is not yet enforced, but will be in
169 @@ -63,6 +63,7 @@ source "fs/quota/Kconfig"
171 source "fs/autofs4/Kconfig"
172 source "fs/fuse/Kconfig"
173 +source "fs/overlayfs/Kconfig"
176 tristate "Character device in Userspace support"
179 @@ -103,6 +103,7 @@ obj-$(CONFIG_QNX4FS_FS) += qnx4/
180 obj-$(CONFIG_AUTOFS4_FS) += autofs4/
181 obj-$(CONFIG_ADFS_FS) += adfs/
182 obj-$(CONFIG_FUSE_FS) += fuse/
183 +obj-$(CONFIG_OVERLAYFS_FS) += overlayfs/
184 obj-$(CONFIG_UDF_FS) += udf/
185 obj-$(CONFIG_SUN_OPENPROMFS) += openpromfs/
186 obj-$(CONFIG_OMFS_FS) += omfs/
189 @@ -1451,6 +1451,23 @@ void drop_collected_mounts(struct vfsmou
190 release_mounts(&umount_list);
193 +struct vfsmount *clone_private_mount(struct path *path)
195 + struct vfsmount *mnt;
197 + if (IS_MNT_UNBINDABLE(path->mnt))
198 + return ERR_PTR(-EINVAL);
200 + down_read(&namespace_sem);
201 + mnt = clone_mnt(path->mnt, path->dentry, CL_PRIVATE);
202 + up_read(&namespace_sem);
204 + return ERR_PTR(-ENOMEM);
208 +EXPORT_SYMBOL_GPL(clone_private_mount);
210 int iterate_mounts(int (*f)(struct vfsmount *, void *), void *arg,
211 struct vfsmount *root)
215 @@ -664,19 +664,19 @@ static inline int __get_file_write_acces
219 -static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt,
221 +static struct file *__dentry_open(struct path *path, struct file *f,
222 int (*open)(struct inode *, struct file *),
223 const struct cred *cred)
229 f->f_mode = OPEN_FMODE(f->f_flags) | FMODE_LSEEK |
230 FMODE_PREAD | FMODE_PWRITE;
231 - inode = dentry->d_inode;
232 + inode = path->dentry->d_inode;
233 if (f->f_mode & FMODE_WRITE) {
234 - error = __get_file_write_access(inode, mnt);
235 + error = __get_file_write_access(inode, path->mnt);
238 if (!special_file(inode->i_mode))
239 @@ -684,8 +684,7 @@ static struct file *__dentry_open(struct
242 f->f_mapping = inode->i_mapping;
243 - f->f_path.dentry = dentry;
244 - f->f_path.mnt = mnt;
247 f->f_op = fops_get(inode->i_fop);
248 file_sb_list_add(f, inode->i_sb);
249 @@ -731,7 +730,7 @@ cleanup_all:
250 * here, so just reset the state.
253 - mnt_drop_write(mnt);
254 + mnt_drop_write(path->mnt);
258 @@ -739,8 +738,7 @@ cleanup_all:
259 f->f_path.mnt = NULL;
265 return ERR_PTR(error);
268 @@ -766,14 +764,14 @@ cleanup_file:
269 struct file *lookup_instantiate_filp(struct nameidata *nd, struct dentry *dentry,
270 int (*open)(struct inode *, struct file *))
272 + struct path path = { .dentry = dentry, .mnt = nd->path.mnt };
273 const struct cred *cred = current_cred();
275 if (IS_ERR(nd->intent.open.file))
279 - nd->intent.open.file = __dentry_open(dget(dentry), mntget(nd->path.mnt),
280 - nd->intent.open.file,
281 + nd->intent.open.file = __dentry_open(&path, nd->intent.open.file,
284 return nd->intent.open.file;
285 @@ -802,10 +800,17 @@ struct file *nameidata_to_filp(struct na
287 /* Has the filesystem initialised the file for us? */
288 if (filp->f_path.dentry == NULL) {
289 - path_get(&nd->path);
290 - filp = __dentry_open(nd->path.dentry, nd->path.mnt, filp,
292 + struct inode *inode = nd->path.dentry->d_inode;
294 + if (inode->i_op->open) {
295 + int flags = filp->f_flags;
297 + filp = inode->i_op->open(nd->path.dentry, flags, cred);
299 + filp = __dentry_open(&nd->path, filp, NULL, cred);
306 @@ -816,35 +821,45 @@ struct file *nameidata_to_filp(struct na
307 struct file *dentry_open(struct dentry *dentry, struct vfsmount *mnt, int flags,
308 const struct cred *cred)
311 + struct path path = { .dentry = dentry, .mnt = mnt };
316 + ret = vfs_open(&path, flags, cred);
321 +EXPORT_SYMBOL(dentry_open);
324 + * vfs_open - open the file at the given path
325 + * @path: path to open
326 + * @flags: open flags
327 + * @cred: credentials to use
329 + * Open the file. If successful, the returned file will have acquired
330 + * an additional reference for path.
332 +struct file *vfs_open(struct path *path, int flags, const struct cred *cred)
335 + struct inode *inode = path->dentry->d_inode;
337 validate_creds(cred);
340 - * We must always pass in a valid mount pointer. Historically
341 - * callers got away with not passing it, but we must enforce this at
342 - * the earliest possible point now to avoid strange problems deep in the
343 - * filesystem stack.
346 - printk(KERN_WARNING "%s called with NULL vfsmount\n", __func__);
348 - return ERR_PTR(-EINVAL);
350 + if (inode->i_op->open)
351 + return inode->i_op->open(path->dentry, flags, cred);
354 f = get_empty_filp();
358 - return ERR_PTR(error);
361 + return ERR_PTR(-ENFILE);
364 - return __dentry_open(dentry, mnt, f, NULL, cred);
365 + return __dentry_open(path, f, NULL, cred);
367 -EXPORT_SYMBOL(dentry_open);
368 +EXPORT_SYMBOL(vfs_open);
370 static void __put_unused_fd(struct files_struct *files, unsigned int fd)
373 +++ b/fs/overlayfs/Kconfig
376 + tristate "Overlay filesystem support"
378 + Add support for overlay filesystem.
380 +++ b/fs/overlayfs/Makefile
383 +# Makefile for the overlay filesystem.
386 +obj-$(CONFIG_OVERLAYFS_FS) += overlayfs.o
388 +++ b/fs/overlayfs/overlayfs.c
390 +#include <linux/fs.h>
391 +#include <linux/namei.h>
392 +#include <linux/sched.h>
393 +#include <linux/fs_struct.h>
394 +#include <linux/file.h>
395 +#include <linux/xattr.h>
396 +#include <linux/security.h>
397 +#include <linux/device_cgroup.h>
398 +#include <linux/mount.h>
399 +#include <linux/splice.h>
400 +#include <linux/slab.h>
401 +#include <linux/parser.h>
402 +#include <linux/module.h>
403 +#include <linux/uaccess.h>
404 +#include <linux/rbtree.h>
406 +MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
407 +MODULE_DESCRIPTION("Overlay filesystem");
408 +MODULE_LICENSE("GPL");
410 +#define OVL_COPY_UP_CHUNK_SIZE (1 << 20)
413 + struct vfsmount *upper_mnt;
414 + struct vfsmount *lower_mnt;
418 + struct dentry *__upperdentry;
419 + struct dentry *lowerdentry;
425 + struct rcu_head rcu;
429 +static const char *ovl_whiteout_xattr = "trusted.overlay.whiteout";
430 +static const char *ovl_opaque_xattr = "trusted.overlay.opaque";
431 +static const char *ovl_whiteout_symlink = "(overlay-whiteout)";
433 +enum ovl_path_type {
439 +static enum ovl_path_type ovl_path_type(struct dentry *dentry)
441 + struct ovl_entry *oe = dentry->d_fsdata;
443 + if (oe->__upperdentry) {
444 + if (oe->lowerdentry && S_ISDIR(dentry->d_inode->i_mode))
445 + return OVL_PATH_MERGE;
447 + return OVL_PATH_UPPER;
449 + return OVL_PATH_LOWER;
453 +static struct dentry *ovl_upperdentry_dereference(struct ovl_entry *oe)
455 + struct dentry *upperdentry = ACCESS_ONCE(oe->__upperdentry);
456 + smp_read_barrier_depends();
457 + return upperdentry;
460 +static void ovl_path_upper(struct dentry *dentry, struct path *path)
462 + struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
463 + struct ovl_entry *oe = dentry->d_fsdata;
465 + path->mnt = ofs->upper_mnt;
466 + path->dentry = ovl_upperdentry_dereference(oe);
469 +static void ovl_path_lower(struct dentry *dentry, struct path *path)
471 + struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
472 + struct ovl_entry *oe = dentry->d_fsdata;
474 + path->mnt = ofs->lower_mnt;
475 + path->dentry = oe->lowerdentry;
478 +static enum ovl_path_type ovl_path_real(struct dentry *dentry,
482 + enum ovl_path_type type = ovl_path_type(dentry);
484 + if (type == OVL_PATH_LOWER)
485 + ovl_path_lower(dentry, path);
487 + ovl_path_upper(dentry, path);
492 +static struct dentry *ovl_dentry_upper(struct dentry *dentry)
494 + struct ovl_entry *oe = dentry->d_fsdata;
496 + return ovl_upperdentry_dereference(oe);
499 +static struct dentry *ovl_dentry_lower(struct dentry *dentry)
501 + struct ovl_entry *oe = dentry->d_fsdata;
503 + return oe->lowerdentry;
506 +static struct dentry *ovl_dentry_real(struct dentry *dentry)
508 + struct ovl_entry *oe = dentry->d_fsdata;
509 + struct dentry *realdentry;
511 + realdentry = ovl_upperdentry_dereference(oe);
513 + realdentry = oe->lowerdentry;
518 +static bool ovl_dentry_is_opaque(struct dentry *dentry)
520 + struct ovl_entry *oe = dentry->d_fsdata;
524 +static void ovl_dentry_set_opaque(struct dentry *dentry, bool opaque)
526 + struct ovl_entry *oe = dentry->d_fsdata;
527 + oe->opaque = opaque;
530 +static void ovl_dentry_update(struct dentry *dentry, struct dentry *upperdentry)
532 + struct ovl_entry *oe = dentry->d_fsdata;
534 + WARN_ON(!mutex_is_locked(&upperdentry->d_parent->d_inode->i_mutex));
535 + WARN_ON(oe->__upperdentry);
537 + oe->__upperdentry = upperdentry;
540 +static void ovl_dentry_version_inc(struct dentry *dentry)
542 + struct ovl_entry *oe = dentry->d_fsdata;
544 + WARN_ON(!mutex_is_locked(&dentry->d_inode->i_mutex));
548 +static u64 ovl_dentry_version_get(struct dentry *dentry)
550 + struct ovl_entry *oe = dentry->d_fsdata;
552 + WARN_ON(!mutex_is_locked(&dentry->d_inode->i_mutex));
553 + return oe->version;
556 +static bool ovl_is_whiteout(struct dentry *dentry)
563 + if (!dentry->d_inode)
565 + if (!S_ISLNK(dentry->d_inode->i_mode))
568 + res = vfs_getxattr(dentry, ovl_whiteout_xattr, &val, 1);
569 + if (res == 1 && val == 'y')
575 +static bool ovl_is_opaquedir(struct dentry *dentry)
580 + if (!S_ISDIR(dentry->d_inode->i_mode))
583 + res = vfs_getxattr(dentry, ovl_opaque_xattr, &val, 1);
584 + if (res == 1 && val == 'y')
590 +struct ovl_cache_entry {
596 + struct list_head l_node;
597 + struct rb_node node;
600 +struct ovl_readdir_data {
601 + struct rb_root *root;
602 + struct list_head *list;
603 + struct list_head *middle;
604 + struct dentry *dir;
609 +struct ovl_dir_file {
612 + struct list_head cursor;
614 + struct list_head cache;
615 + struct file *realfile;
618 +static struct ovl_cache_entry *ovl_cache_entry_from_node(struct rb_node *n)
620 + return container_of(n, struct ovl_cache_entry, node);
623 +static struct ovl_cache_entry *ovl_cache_entry_find(struct rb_root *root,
624 + const char *name, int len)
626 + struct rb_node *node = root->rb_node;
630 + struct ovl_cache_entry *p = ovl_cache_entry_from_node(node);
632 + cmp = strncmp(name, p->name, len);
634 + node = p->node.rb_right;
635 + else if (cmp < 0 || len < p->len)
636 + node = p->node.rb_left;
644 +static struct ovl_cache_entry *ovl_cache_entry_new(const char *name, int len,
645 + u64 ino, unsigned int d_type,
648 + struct ovl_cache_entry *p;
650 + p = kmalloc(sizeof(*p) + len + 1, GFP_KERNEL);
652 + char *name_copy = (char *) (p + 1);
653 + memcpy(name_copy, name, len);
654 + name_copy[len] = '\0';
655 + p->name = name_copy;
659 + p->is_whiteout = is_whiteout;
665 +static int ovl_cache_entry_add_rb(struct ovl_readdir_data *rdd,
666 + const char *name, int len, u64 ino,
667 + unsigned int d_type, bool is_whiteout)
669 + struct rb_node **newp = &rdd->root->rb_node;
670 + struct rb_node *parent = NULL;
671 + struct ovl_cache_entry *p;
675 + struct ovl_cache_entry *tmp;
678 + tmp = ovl_cache_entry_from_node(*newp);
679 + cmp = strncmp(name, tmp->name, len);
681 + newp = &tmp->node.rb_right;
682 + else if (cmp < 0 || len < tmp->len)
683 + newp = &tmp->node.rb_left;
688 + p = ovl_cache_entry_new(name, len, ino, d_type, is_whiteout);
692 + list_add_tail(&p->l_node, rdd->list);
693 + rb_link_node(&p->node, parent, newp);
694 + rb_insert_color(&p->node, rdd->root);
699 +static int ovl_fill_lower(void *buf, const char *name, int namelen,
700 + loff_t offset, u64 ino, unsigned int d_type)
702 + struct ovl_readdir_data *rdd = buf;
703 + struct ovl_cache_entry *p;
706 + p = ovl_cache_entry_find(rdd->root, name, namelen);
708 + list_move_tail(&p->l_node, rdd->middle);
710 + p = ovl_cache_entry_new(name, namelen, ino, d_type, false);
712 + rdd->err = -ENOMEM;
714 + list_add_tail(&p->l_node, rdd->middle);
720 +static void ovl_cache_free(struct list_head *list)
722 + struct ovl_cache_entry *p;
723 + struct ovl_cache_entry *n;
725 + list_for_each_entry_safe(p, n, list, l_node)
728 + INIT_LIST_HEAD(list);
731 +static int ovl_fill_upper(void *buf, const char *name, int namelen,
732 + loff_t offset, u64 ino, unsigned int d_type)
734 + struct ovl_readdir_data *rdd = buf;
735 + bool is_whiteout = false;
738 + if (d_type == DT_LNK) {
739 + struct dentry *dentry;
741 + dentry = lookup_one_len(name, rdd->dir, namelen);
742 + if (IS_ERR(dentry)) {
743 + rdd->err = PTR_ERR(dentry);
746 + is_whiteout = ovl_is_whiteout(dentry);
750 + rdd->err = ovl_cache_entry_add_rb(rdd, name, namelen, ino, d_type,
757 +static int ovl_dir_read(struct path *realpath, struct ovl_readdir_data *rdd,
760 + const struct cred *old_cred;
761 + struct cred *override_cred;
762 + struct file *realfile;
765 + realfile = vfs_open(realpath, O_RDONLY | O_DIRECTORY, current_cred());
766 + if (IS_ERR(realfile))
767 + return PTR_ERR(realfile);
770 + override_cred = prepare_creds();
771 + if (override_cred) {
773 + * CAP_SYS_ADMIN for getxattr
774 + * CAP_DAC_OVERRIDE for lookup and unlink
776 + cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
777 + cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
778 + old_cred = override_creds(override_cred);
783 + err = vfs_readdir(realfile, filler, rdd);
786 + } while (!err && rdd->count);
788 + revert_creds(old_cred);
789 + put_cred(override_cred);
795 + ovl_cache_free(rdd->list);
802 +static void ovl_dir_reset(struct file *file)
804 + struct ovl_dir_file *od = file->private_data;
805 + enum ovl_path_type type = ovl_path_type(file->f_path.dentry);
807 + if (ovl_dentry_version_get(file->f_path.dentry) != od->cache_version) {
808 + list_del_init(&od->cursor);
809 + ovl_cache_free(&od->cache);
810 + od->is_cached = false;
812 + WARN_ON(!od->is_real && type != OVL_PATH_MERGE);
813 + if (od->is_real && type == OVL_PATH_MERGE) {
814 + fput(od->realfile);
815 + od->realfile = NULL;
816 + od->is_real = false;
820 +static int ovl_dir_read_merged(struct path *upperpath, struct path *lowerpath,
821 + struct ovl_readdir_data *rdd)
824 + struct rb_root root = RB_ROOT;
825 + struct list_head middle;
828 + if (upperpath->dentry) {
829 + rdd->dir = upperpath->dentry;
830 + err = ovl_dir_read(upperpath, rdd, ovl_fill_upper);
835 + * Insert lowerpath entries before upperpath ones, this allows
836 + * offsets to be reasonably constant
838 + list_add(&middle, rdd->list);
839 + rdd->middle = &middle;
840 + err = ovl_dir_read(lowerpath, rdd, ovl_fill_lower);
848 +static void ovl_seek_cursor(struct ovl_dir_file *od, loff_t pos)
850 + struct list_head *l;
853 + l = od->cache.next;
854 + for (off = 0; off < pos; off++) {
855 + if (l == &od->cache)
859 + list_move_tail(&od->cursor, l);
862 +static int ovl_readdir(struct file *file, void *buf, filldir_t filler)
864 + struct ovl_dir_file *od = file->private_data;
868 + ovl_dir_reset(file);
871 + res = vfs_readdir(od->realfile, filler, buf);
872 + file->f_pos = od->realfile->f_pos;
877 + if (!od->is_cached) {
878 + struct path lowerpath;
879 + struct path upperpath;
880 + struct ovl_readdir_data rdd = { .list = &od->cache };
882 + ovl_path_lower(file->f_path.dentry, &lowerpath);
883 + ovl_path_upper(file->f_path.dentry, &upperpath);
885 + res = ovl_dir_read_merged(&upperpath, &lowerpath, &rdd);
889 + od->cache_version = ovl_dentry_version_get(file->f_path.dentry);
890 + od->is_cached = true;
892 + ovl_seek_cursor(od, file->f_pos);
895 + while (od->cursor.next != &od->cache) {
898 + struct ovl_cache_entry *p;
900 + p = list_entry(od->cursor.next, struct ovl_cache_entry, l_node);
903 + list_move(&od->cursor, &p->l_node);
905 + if (p->is_whiteout)
908 + over = filler(buf, p->name, p->len, off, p->ino, p->type);
916 +static loff_t ovl_dir_llseek(struct file *file, loff_t offset, int origin)
919 + struct ovl_dir_file *od = file->private_data;
921 + mutex_lock(&file->f_dentry->d_inode->i_mutex);
923 + ovl_dir_reset(file);
926 + res = vfs_llseek(od->realfile, offset, origin);
927 + file->f_pos = od->realfile->f_pos;
933 + offset += file->f_pos;
943 + if (offset != file->f_pos) {
944 + file->f_pos = offset;
946 + ovl_seek_cursor(od, offset);
951 + mutex_unlock(&file->f_dentry->d_inode->i_mutex);
956 +static int ovl_dir_fsync(struct file *file, int datasync)
958 + struct ovl_dir_file *od = file->private_data;
960 + /* May need to reopen directory if it got copied up */
961 + if (!od->realfile) {
962 + struct path upperpath;
964 + ovl_path_upper(file->f_path.dentry, &upperpath);
965 + od->realfile = vfs_open(&upperpath, O_RDONLY, current_cred());
966 + if (IS_ERR(od->realfile))
967 + return PTR_ERR(od->realfile);
970 + return vfs_fsync(od->realfile, datasync);
973 +static int ovl_dir_release(struct inode *inode, struct file *file)
975 + struct ovl_dir_file *od = file->private_data;
977 + list_del(&od->cursor);
978 + ovl_cache_free(&od->cache);
980 + fput(od->realfile);
986 +static int ovl_dir_open(struct inode *inode, struct file *file)
988 + struct path realpath;
989 + struct file *realfile;
990 + struct ovl_dir_file *od;
991 + enum ovl_path_type type;
993 + od = kzalloc(sizeof(struct ovl_dir_file), GFP_KERNEL);
997 + type = ovl_path_real(file->f_path.dentry, &realpath);
998 + realfile = vfs_open(&realpath, file->f_flags, current_cred());
999 + if (IS_ERR(realfile)) {
1001 + return PTR_ERR(realfile);
1003 + INIT_LIST_HEAD(&od->cache);
1004 + INIT_LIST_HEAD(&od->cursor);
1005 + od->is_cached = false;
1006 + od->realfile = realfile;
1007 + od->is_real = (type != OVL_PATH_MERGE);
1008 + file->private_data = od;
1013 +static const struct file_operations ovl_dir_operations = {
1014 + .read = generic_read_dir,
1015 + .open = ovl_dir_open,
1016 + .readdir = ovl_readdir,
1017 + .llseek = ovl_dir_llseek,
1018 + .fsync = ovl_dir_fsync,
1019 + .release = ovl_dir_release,
1022 +static const struct inode_operations ovl_dir_inode_operations;
1024 +static void ovl_entry_free(struct rcu_head *head)
1026 + struct ovl_entry *oe = container_of(head, struct ovl_entry, rcu);
1030 +static void ovl_dentry_release(struct dentry *dentry)
1032 + struct ovl_entry *oe = dentry->d_fsdata;
1035 + dput(oe->__upperdentry);
1036 + dput(oe->lowerdentry);
1037 + call_rcu(&oe->rcu, ovl_entry_free);
1041 +static const struct dentry_operations ovl_dentry_operations = {
1042 + .d_release = ovl_dentry_release,
1045 +static struct dentry *ovl_lookup_real(struct dentry *dir, struct qstr *name)
1047 + struct dentry *dentry;
1049 + mutex_lock(&dir->d_inode->i_mutex);
1050 + dentry = lookup_one_len(name->name, dir, name->len);
1051 + mutex_unlock(&dir->d_inode->i_mutex);
1053 + if (IS_ERR(dentry)) {
1054 + if (PTR_ERR(dentry) == -ENOENT)
1056 + } else if (!dentry->d_inode) {
1063 +static struct ovl_entry *ovl_alloc_entry(void)
1065 + return kzalloc(sizeof(struct ovl_entry), GFP_KERNEL);
1068 +static struct inode *ovl_new_inode(struct super_block *sb, umode_t mode,
1069 + struct ovl_entry *oe);
1071 +static struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
1072 + struct nameidata *nd)
1074 + struct ovl_entry *oe;
1075 + struct dentry *upperdir;
1076 + struct dentry *lowerdir;
1077 + struct dentry *upperdentry = NULL;
1078 + struct dentry *lowerdentry = NULL;
1079 + struct inode *inode = NULL;
1083 + oe = ovl_alloc_entry();
1087 + upperdir = ovl_dentry_upper(dentry->d_parent);
1088 + lowerdir = ovl_dentry_lower(dentry->d_parent);
1091 + upperdentry = ovl_lookup_real(upperdir, &dentry->d_name);
1092 + err = PTR_ERR(upperdentry);
1093 + if (IS_ERR(upperdentry))
1096 + if (lowerdir && upperdentry &&
1097 + (S_ISLNK(upperdentry->d_inode->i_mode) ||
1098 + S_ISDIR(upperdentry->d_inode->i_mode))) {
1099 + const struct cred *old_cred;
1100 + struct cred *override_cred;
1103 + override_cred = prepare_creds();
1104 + if (!override_cred)
1105 + goto out_dput_upper;
1107 + /* CAP_SYS_ADMIN needed for getxattr */
1108 + cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
1109 + old_cred = override_creds(override_cred);
1111 + if (ovl_is_opaquedir(upperdentry)) {
1112 + oe->opaque = true;
1113 + } else if (ovl_is_whiteout(upperdentry)) {
1114 + dput(upperdentry);
1115 + upperdentry = NULL;
1116 + oe->opaque = true;
1118 + revert_creds(old_cred);
1119 + put_cred(override_cred);
1122 + if (lowerdir && !oe->opaque) {
1123 + lowerdentry = ovl_lookup_real(lowerdir, &dentry->d_name);
1124 + err = PTR_ERR(lowerdentry);
1125 + if (IS_ERR(lowerdentry))
1126 + goto out_dput_upper;
1129 + if (lowerdentry && upperdentry &&
1130 + (!S_ISDIR(upperdentry->d_inode->i_mode) ||
1131 + !S_ISDIR(lowerdentry->d_inode->i_mode))) {
1132 + dput(lowerdentry);
1133 + lowerdentry = NULL;
1134 + oe->opaque = true;
1137 + if (lowerdentry || upperdentry) {
1138 + struct dentry *realdentry;
1140 + realdentry = upperdentry ? upperdentry : lowerdentry;
1142 + inode = ovl_new_inode(dir->i_sb, realdentry->d_inode->i_mode, oe);
1148 + oe->__upperdentry = upperdentry;
1151 + oe->lowerdentry = lowerdentry;
1153 + dentry->d_fsdata = oe;
1154 + dentry->d_op = &ovl_dentry_operations;
1155 + d_add(dentry, inode);
1160 + dput(lowerdentry);
1162 + dput(upperdentry);
1166 + return ERR_PTR(err);
1169 +static int ovl_copy_up_xattr(struct dentry *old, struct dentry *new)
1171 + ssize_t list_size, size;
1172 + char *buf, *name, *value;
1175 + if (!old->d_inode->i_op->getxattr ||
1176 + !new->d_inode->i_op->getxattr)
1179 + list_size = vfs_listxattr(old, NULL, 0);
1180 + if (list_size <= 0) {
1181 + if (list_size == -EOPNOTSUPP)
1186 + buf = kzalloc(list_size, GFP_KERNEL);
1191 + value = kmalloc(XATTR_SIZE_MAX, GFP_KERNEL);
1195 + list_size = vfs_listxattr(old, buf, list_size);
1196 + if (list_size <= 0) {
1197 + error = list_size;
1198 + goto out_free_value;
1201 + for (name = buf; name < (buf + list_size); name += strlen(name) + 1) {
1202 + size = vfs_getxattr(old, name, value, XATTR_SIZE_MAX);
1205 + goto out_free_value;
1207 + error = vfs_setxattr(new, name, value, size, 0);
1209 + goto out_free_value;
1219 +static int ovl_copy_up_data(struct path *old, struct path *new, loff_t len)
1221 + struct file *old_file;
1222 + struct file *new_file;
1228 + old_file = vfs_open(old, O_RDONLY, current_cred());
1229 + if (IS_ERR(old_file))
1230 + return PTR_ERR(old_file);
1232 + new_file = vfs_open(new, O_WRONLY, current_cred());
1233 + if (IS_ERR(new_file)) {
1234 + error = PTR_ERR(new_file);
1238 + /* FIXME: copy up sparse files efficiently */
1240 + loff_t offset = new_file->f_pos;
1241 + size_t this_len = OVL_COPY_UP_CHUNK_SIZE;
1244 + if (len < this_len)
1247 + if (signal_pending_state(TASK_KILLABLE, current))
1250 + bytes = do_splice_direct(old_file, &offset, new_file, this_len,
1266 +static struct dentry *ovl_lookup_create(struct dentry *upperdir,
1267 + struct dentry *template)
1270 + struct dentry *newdentry;
1271 + struct qstr *name = &template->d_name;
1273 + newdentry = lookup_one_len(name->name, upperdir, name->len);
1274 + if (IS_ERR(newdentry))
1277 + if (newdentry->d_inode) {
1278 + const struct cred *old_cred;
1279 + struct cred *override_cred;
1281 + /* No need to check whiteout if lower parent is non-existent */
1283 + if (!ovl_dentry_lower(template->d_parent))
1286 + if (!S_ISLNK(newdentry->d_inode->i_mode))
1290 + override_cred = prepare_creds();
1291 + if (!override_cred)
1295 + * CAP_SYS_ADMIN for getxattr
1296 + * CAP_FOWNER for unlink in sticky directory
1298 + cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
1299 + cap_raise(override_cred->cap_effective, CAP_FOWNER);
1300 + old_cred = override_creds(override_cred);
1303 + if (ovl_is_whiteout(newdentry))
1304 + err = vfs_unlink(upperdir->d_inode, newdentry);
1306 + revert_creds(old_cred);
1307 + put_cred(override_cred);
1312 + newdentry = lookup_one_len(name->name, upperdir, name->len);
1313 + if (IS_ERR(newdentry))
1317 + * Whiteout just been successfully removed, parent
1318 + * i_mutex is still held, there's no way the lookup
1319 + * could return positive.
1321 + WARN_ON(newdentry->d_inode);
1328 + return ERR_PTR(err);
1331 +static struct dentry *ovl_upper_create(struct dentry *upperdir,
1332 + struct dentry *dentry,
1333 + struct kstat *stat, const char *link)
1336 + struct dentry *newdentry;
1337 + struct inode *dir = upperdir->d_inode;
1339 + newdentry = ovl_lookup_create(upperdir, dentry);
1340 + if (IS_ERR(newdentry))
1343 + switch (stat->mode & S_IFMT) {
1345 + err = vfs_create(dir, newdentry, stat->mode, NULL);
1349 + err = vfs_mkdir(dir, newdentry, stat->mode);
1356 + err = vfs_mknod(dir, newdentry, stat->mode, stat->rdev);
1360 + err = vfs_symlink(dir, newdentry, link);
1368 + newdentry = ERR_PTR(err);
1376 +static char *ovl_read_symlink(struct dentry *realdentry)
1380 + struct inode *inode = realdentry->d_inode;
1381 + mm_segment_t old_fs;
1384 + if (!inode->i_op->readlink)
1388 + buf = (char *) __get_free_page(GFP_KERNEL);
1392 + old_fs = get_fs();
1394 + /* The cast to a user pointer is valid due to the set_fs() */
1395 + res = inode->i_op->readlink(realdentry,
1396 + (char __user *)buf, PAGE_SIZE - 1);
1399 + free_page((unsigned long) buf);
1407 + return ERR_PTR(res);
1410 +static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat)
1412 + struct iattr attr = {
1413 + .ia_valid = ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET,
1414 + .ia_atime = stat->atime,
1415 + .ia_mtime = stat->mtime,
1418 + return notify_change(upperdentry, &attr);
1421 +static int ovl_set_mode(struct dentry *upperdentry, umode_t mode)
1423 + struct iattr attr = {
1424 + .ia_valid = ATTR_MODE,
1428 + return notify_change(upperdentry, &attr);
1431 +static int ovl_set_opaque(struct dentry *upperdentry)
1434 + const struct cred *old_cred;
1435 + struct cred *override_cred;
1437 + override_cred = prepare_creds();
1438 + if (!override_cred)
1441 + /* CAP_SYS_ADMIN for setxattr of "trusted" namespace */
1442 + cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
1443 + old_cred = override_creds(override_cred);
1444 + err = vfs_setxattr(upperdentry, ovl_opaque_xattr, "y", 1, 0);
1445 + revert_creds(old_cred);
1446 + put_cred(override_cred);
1451 +static int ovl_remove_opaque(struct dentry *upperdentry)
1454 + const struct cred *old_cred;
1455 + struct cred *override_cred;
1457 + override_cred = prepare_creds();
1458 + if (!override_cred)
1461 + /* CAP_SYS_ADMIN for removexattr of "trusted" namespace */
1462 + cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
1463 + old_cred = override_creds(override_cred);
1464 + err = vfs_removexattr(upperdentry, ovl_opaque_xattr);
1465 + revert_creds(old_cred);
1466 + put_cred(override_cred);
1471 +static int ovl_copy_up_locked(struct dentry *upperdir, struct dentry *dentry,
1472 + struct path *lowerpath, struct kstat *stat,
1476 + struct path newpath;
1477 + umode_t mode = stat->mode;
1478 + struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
1480 + /* Can't properly set mode on creation because of the umask */
1481 + stat->mode &= S_IFMT;
1483 + newpath.mnt = ofs->upper_mnt;
1484 + newpath.dentry = ovl_upper_create(upperdir, dentry, stat, link);
1485 + if (IS_ERR(newpath.dentry)) {
1486 + err = PTR_ERR(newpath.dentry);
1488 + /* Already copied up? */
1489 + if (err == -EEXIST && ovl_path_type(dentry) != OVL_PATH_LOWER)
1495 + /* FIXME: recovery from failure to copy up */
1497 + if (S_ISREG(stat->mode)) {
1498 + err = ovl_copy_up_data(lowerpath, &newpath, stat->size);
1503 + err = ovl_copy_up_xattr(lowerpath->dentry, newpath.dentry);
1507 + mutex_lock(&newpath.dentry->d_inode->i_mutex);
1508 + if (!S_ISLNK(stat->mode))
1509 + err = ovl_set_mode(newpath.dentry, mode);
1511 + err = ovl_set_timestamps(newpath.dentry, stat);
1512 + mutex_unlock(&newpath.dentry->d_inode->i_mutex);
1516 + ovl_dentry_update(dentry, newpath.dentry);
1519 + * Easiest way to get rid of the lower dentry reference is to
1520 + * drop this dentry. This is neither needed nor possible for
1523 + if (!S_ISDIR(stat->mode))
1529 +static int ovl_copy_up_one(struct dentry *parent, struct dentry *dentry,
1530 + struct path *lowerpath, struct kstat *stat)
1533 + struct kstat pstat;
1534 + struct path parentpath;
1535 + struct dentry *upperdir;
1536 + const struct cred *old_cred;
1537 + struct cred *override_cred;
1538 + char *link = NULL;
1540 + ovl_path_upper(parent, &parentpath);
1541 + upperdir = parentpath.dentry;
1543 + err = vfs_getattr(parentpath.mnt, parentpath.dentry, &pstat);
1547 + if (S_ISLNK(stat->mode)) {
1548 + link = ovl_read_symlink(lowerpath->dentry);
1550 + return PTR_ERR(link);
1554 + override_cred = prepare_creds();
1555 + if (!override_cred)
1556 + goto out_free_link;
1558 + override_cred->fsuid = stat->uid;
1559 + override_cred->fsgid = stat->gid;
1561 + * CAP_SYS_ADMIN for copying up extended attributes
1562 + * CAP_DAC_OVERRIDE for create
1563 + * CAP_FOWNER for chmod, timestamp update
1564 + * CAP_FSETID for chmod
1565 + * CAP_MKNOD for mknod
1567 + cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
1568 + cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
1569 + cap_raise(override_cred->cap_effective, CAP_FOWNER);
1570 + cap_raise(override_cred->cap_effective, CAP_FSETID);
1571 + cap_raise(override_cred->cap_effective, CAP_MKNOD);
1572 + old_cred = override_creds(override_cred);
1574 + mutex_lock_nested(&upperdir->d_inode->i_mutex, I_MUTEX_PARENT);
1576 + * Using upper filesystem locking to protect against copy up
1577 + * racing with rename (rename means the copy up was already
1580 + if (dentry->d_parent != parent) {
1581 + WARN_ON((ovl_path_type(dentry) == OVL_PATH_LOWER));
1584 + err = ovl_copy_up_locked(upperdir, dentry, lowerpath,
1587 + /* Restore timestamps on parent (best effort) */
1588 + ovl_set_timestamps(upperdir, &pstat);
1592 + mutex_unlock(&upperdir->d_inode->i_mutex);
1594 + revert_creds(old_cred);
1595 + put_cred(override_cred);
1599 + free_page((unsigned long) link);
1604 +static int ovl_copy_up(struct dentry *dentry)
1610 + struct dentry *next;
1611 + struct dentry *parent;
1612 + struct path lowerpath;
1613 + struct kstat stat;
1614 + enum ovl_path_type type = ovl_path_type(dentry);
1616 + if (type != OVL_PATH_LOWER)
1619 + next = dget(dentry);
1620 + /* find the topmost dentry not yet copied up */
1622 + parent = dget_parent(next);
1624 + type = ovl_path_type(parent);
1625 + if (type != OVL_PATH_LOWER)
1632 + ovl_path_lower(next, &lowerpath);
1633 + err = vfs_getattr(lowerpath.mnt, lowerpath.dentry, &stat);
1635 + err = ovl_copy_up_one(parent, next, &lowerpath, &stat);
1644 +/* Optimize by not copying up the file first and truncating later */
1645 +static int ovl_copy_up_truncate(struct dentry *dentry, loff_t size)
1648 + struct kstat stat;
1649 + struct path lowerpath;
1650 + struct dentry *parent = dget_parent(dentry);
1652 + err = ovl_copy_up(parent);
1654 + goto out_dput_parent;
1656 + ovl_path_lower(dentry, &lowerpath);
1657 + err = vfs_getattr(lowerpath.mnt, lowerpath.dentry, &stat);
1659 + goto out_dput_parent;
1661 + if (size < stat.size)
1664 + err = ovl_copy_up_one(parent, dentry, &lowerpath, &stat);
1671 +static int ovl_setattr(struct dentry *dentry, struct iattr *attr)
1673 + struct dentry *upperdentry;
1676 + if ((attr->ia_valid & ATTR_SIZE) && !ovl_dentry_upper(dentry))
1677 + err = ovl_copy_up_truncate(dentry, attr->ia_size);
1679 + err = ovl_copy_up(dentry);
1683 + upperdentry = ovl_dentry_upper(dentry);
1685 + if (attr->ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID))
1686 + attr->ia_valid &= ~ATTR_MODE;
1688 + mutex_lock(&upperdentry->d_inode->i_mutex);
1689 + err = notify_change(upperdentry, attr);
1690 + mutex_unlock(&upperdentry->d_inode->i_mutex);
1695 +static int ovl_getattr(struct vfsmount *mnt, struct dentry *dentry,
1696 + struct kstat *stat)
1698 + struct path realpath;
1700 + ovl_path_real(dentry, &realpath);
1701 + return vfs_getattr(realpath.mnt, realpath.dentry, stat);
1704 +static int ovl_dir_getattr(struct vfsmount *mnt, struct dentry *dentry,
1705 + struct kstat *stat)
1708 + enum ovl_path_type type;
1709 + struct path realpath;
1711 + type = ovl_path_real(dentry, &realpath);
1712 + err = vfs_getattr(realpath.mnt, realpath.dentry, stat);
1716 + stat->dev = dentry->d_sb->s_dev;
1717 + stat->ino = dentry->d_inode->i_ino;
1720 + * It's probably not worth it to count subdirs to get the
1721 + * correct link count. nlink=1 seems to pacify 'find' and
1722 + * other utilities.
1724 + if (type == OVL_PATH_MERGE)
1730 +static int ovl_permission(struct inode *inode, int mask, unsigned int flags)
1732 + struct ovl_entry *oe;
1733 + struct dentry *alias = NULL;
1734 + struct inode *realinode;
1735 + struct dentry *realdentry;
1739 + if (S_ISDIR(inode->i_mode)) {
1740 + oe = inode->i_private;
1741 + } else if (flags & IPERM_FLAG_RCU) {
1745 + * For non-directories find an alias and get the info
1748 + spin_lock(&inode->i_lock);
1749 + if (WARN_ON(list_empty(&inode->i_dentry))) {
1750 + spin_unlock(&inode->i_lock);
1753 + alias = list_entry(inode->i_dentry.next, struct dentry, d_alias);
1755 + spin_unlock(&inode->i_lock);
1756 + oe = alias->d_fsdata;
1759 + realdentry = ovl_upperdentry_dereference(oe);
1761 + if (!realdentry) {
1762 + realdentry = oe->lowerdentry;
1766 + /* Careful in RCU walk mode */
1767 + realinode = ACCESS_ONCE(realdentry->d_inode);
1769 + WARN_ON(!(flags & IPERM_FLAG_RCU));
1773 + if (mask & MAY_WRITE) {
1774 + umode_t mode = realinode->i_mode;
1777 + * Writes will always be redirected to upper layer, so
1778 + * ignore lower layer being read-only.
1781 + if (is_upper && IS_RDONLY(realinode) &&
1782 + (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))
1786 + * Nobody gets write access to an immutable file.
1789 + if (IS_IMMUTABLE(realinode))
1793 + if (realinode->i_op->permission)
1794 + err = realinode->i_op->permission(realinode, mask, flags);
1796 + err = generic_permission(realinode, mask, flags,
1797 + realinode->i_op->check_acl);
1803 +static int ovl_create_object(struct dentry *dentry, int mode, dev_t rdev,
1807 + struct dentry *newdentry;
1808 + struct dentry *upperdir;
1809 + struct inode *inode;
1810 + struct kstat stat = {
1816 + inode = ovl_new_inode(dentry->d_sb, mode, dentry->d_fsdata);
1820 + err = ovl_copy_up(dentry->d_parent);
1824 + upperdir = ovl_dentry_upper(dentry->d_parent);
1825 + mutex_lock_nested(&upperdir->d_inode->i_mutex, I_MUTEX_PARENT);
1827 + newdentry = ovl_upper_create(upperdir, dentry, &stat, link);
1828 + err = PTR_ERR(newdentry);
1829 + if (IS_ERR(newdentry))
1832 + ovl_dentry_version_inc(dentry->d_parent);
1833 + if (ovl_dentry_is_opaque(dentry) && S_ISDIR(mode)) {
1834 + err = ovl_set_opaque(newdentry);
1838 + ovl_dentry_update(dentry, newdentry);
1839 + d_instantiate(dentry, inode);
1847 + mutex_unlock(&upperdir->d_inode->i_mutex);
1854 +static int ovl_create(struct inode *dir, struct dentry *dentry, int mode,
1855 + struct nameidata *nd)
1857 + return ovl_create_object(dentry, (mode & 07777) | S_IFREG, 0, NULL);
1860 +static int ovl_mkdir(struct inode *dir, struct dentry *dentry, int mode)
1862 + return ovl_create_object(dentry, (mode & 07777) | S_IFDIR, 0, NULL);
1865 +static int ovl_mknod(struct inode *dir, struct dentry *dentry, int mode,
1868 + return ovl_create_object(dentry, mode, rdev, NULL);
1871 +static int ovl_symlink(struct inode *dir, struct dentry *dentry,
1874 + return ovl_create_object(dentry, S_IFLNK, 0, link);
1877 +struct ovl_link_data {
1878 + struct dentry *realdentry;
1882 +static void *ovl_follow_link(struct dentry *dentry, struct nameidata *nd)
1885 + struct dentry *realdentry;
1886 + struct inode *realinode;
1888 + realdentry = ovl_dentry_real(dentry);
1889 + realinode = realdentry->d_inode;
1891 + if (WARN_ON(!realinode->i_op->follow_link))
1892 + return ERR_PTR(-EPERM);
1894 + ret = realinode->i_op->follow_link(realdentry, nd);
1898 + if (realinode->i_op->put_link) {
1899 + struct ovl_link_data *data;
1901 + data = kmalloc(sizeof(struct ovl_link_data), GFP_KERNEL);
1903 + realinode->i_op->put_link(realdentry, nd, ret);
1904 + return ERR_PTR(-ENOMEM);
1906 + data->realdentry = realdentry;
1907 + data->cookie = ret;
1915 +static void ovl_put_link(struct dentry *dentry, struct nameidata *nd, void *c)
1917 + struct inode *realinode;
1918 + struct ovl_link_data *data = c;
1923 + realinode = data->realdentry->d_inode;
1924 + realinode->i_op->put_link(data->realdentry, nd, data->cookie);
1928 +static int ovl_readlink(struct dentry *dentry, char __user *buf, int bufsiz)
1930 + struct path realpath;
1931 + struct inode *realinode;
1933 + ovl_path_real(dentry, &realpath);
1934 + realinode = realpath.dentry->d_inode;
1936 + if (!realinode->i_op->readlink)
1939 + touch_atime(realpath.mnt, realpath.dentry);
1941 + return realinode->i_op->readlink(realpath.dentry, buf, bufsiz);
1944 +static int ovl_whiteout(struct dentry *upperdir, struct dentry *dentry)
1947 + struct dentry *newdentry;
1948 + const struct cred *old_cred;
1949 + struct cred *override_cred;
1951 + /* FIXME: recheck lower dentry to see if whiteout is really needed */
1954 + override_cred = prepare_creds();
1955 + if (!override_cred)
1959 + * CAP_SYS_ADMIN for setxattr
1960 + * CAP_DAC_OVERRIDE for symlink creation
1962 + cap_raise(override_cred->cap_effective, CAP_SYS_ADMIN);
1963 + cap_raise(override_cred->cap_effective, CAP_DAC_OVERRIDE);
1964 + override_cred->fsuid = 0;
1965 + override_cred->fsgid = 0;
1966 + old_cred = override_creds(override_cred);
1968 + newdentry = lookup_one_len(dentry->d_name.name, upperdir,
1969 + dentry->d_name.len);
1970 + err = PTR_ERR(newdentry);
1971 + if (IS_ERR(newdentry))
1972 + goto out_put_cred;
1974 + /* Just been removed within the same locked region */
1975 + WARN_ON(newdentry->d_inode);
1977 + err = vfs_symlink(upperdir->d_inode, newdentry, ovl_whiteout_symlink);
1981 + ovl_dentry_version_inc(dentry->d_parent);
1983 + err = vfs_setxattr(newdentry, ovl_whiteout_xattr, "y", 1, 0);
1988 + revert_creds(old_cred);
1989 + put_cred(override_cred);
1994 +static int ovl_do_remove(struct dentry *dentry, bool is_dir)
1997 + enum ovl_path_type type;
1998 + struct path realpath;
1999 + struct dentry *upperdir;
2001 + err = ovl_copy_up(dentry->d_parent);
2005 + upperdir = ovl_dentry_upper(dentry->d_parent);
2006 + mutex_lock_nested(&upperdir->d_inode->i_mutex, I_MUTEX_PARENT);
2007 + type = ovl_path_real(dentry, &realpath);
2008 + if (type != OVL_PATH_LOWER) {
2010 + if (realpath.dentry->d_parent != upperdir)
2014 + err = vfs_rmdir(upperdir->d_inode, realpath.dentry);
2016 + err = vfs_unlink(upperdir->d_inode, realpath.dentry);
2020 + ovl_dentry_version_inc(dentry->d_parent);
2023 + if (type != OVL_PATH_UPPER || ovl_dentry_is_opaque(dentry))
2024 + err = ovl_whiteout(upperdir, dentry);
2027 + * Keeping this dentry hashed would mean having to release
2028 + * upperpath/lowerpath, which could only be done if we are the
2029 + * sole user of this dentry. Too tricky... Just unhash for
2034 + mutex_unlock(&upperdir->d_inode->i_mutex);
2039 +static int ovl_unlink(struct inode *dir, struct dentry *dentry)
2041 + return ovl_do_remove(dentry, false);
2044 +static int ovl_check_empty_dir(struct dentry *dentry)
2047 + struct path lowerpath;
2048 + struct path upperpath;
2049 + struct ovl_cache_entry *p;
2051 + struct ovl_readdir_data rdd = { .list = &list };
2053 + ovl_path_upper(dentry, &upperpath);
2054 + ovl_path_lower(dentry, &lowerpath);
2056 + err = ovl_dir_read_merged(&upperpath, &lowerpath, &rdd);
2062 + list_for_each_entry(p, &list, l_node) {
2063 + if (p->is_whiteout)
2066 + if (p->name[0] == '.') {
2069 + if (p->len == 2 && p->name[1] == '.')
2076 + ovl_cache_free(&list);
2081 +static int ovl_unlink_whiteout(void *buf, const char *name, int namelen,
2082 + loff_t offset, u64 ino, unsigned int d_type)
2084 + struct ovl_readdir_data *rdd = buf;
2087 + /* check d_type to filter out "." and ".." */
2088 + if (d_type == DT_LNK) {
2089 + struct dentry *dentry;
2091 + dentry = lookup_one_len(name, rdd->dir, namelen);
2092 + if (IS_ERR(dentry)) {
2093 + rdd->err = PTR_ERR(dentry);
2095 + rdd->err = vfs_unlink(rdd->dir->d_inode, dentry);
2103 +static int ovl_remove_whiteouts(struct dentry *dentry)
2105 + struct path upperpath;
2106 + struct ovl_readdir_data rdd = { .list = NULL };
2108 + ovl_path_upper(dentry, &upperpath);
2109 + rdd.dir = upperpath.dentry;
2111 + return ovl_dir_read(&upperpath, &rdd, ovl_unlink_whiteout);
2114 +static int ovl_rmdir(struct inode *dir, struct dentry *dentry)
2117 + enum ovl_path_type type;
2119 + type = ovl_path_type(dentry);
2120 + if (type != OVL_PATH_UPPER) {
2121 + err = ovl_check_empty_dir(dentry);
2125 + if (type == OVL_PATH_MERGE) {
2126 + err = ovl_remove_whiteouts(dentry);
2132 + return ovl_do_remove(dentry, true);
2135 +static int ovl_link(struct dentry *old, struct inode *newdir,
2136 + struct dentry *new)
2139 + struct dentry *olddentry;
2140 + struct dentry *newdentry;
2141 + struct dentry *upperdir;
2143 + err = ovl_copy_up(old);
2147 + err = ovl_copy_up(new->d_parent);
2151 + upperdir = ovl_dentry_upper(new->d_parent);
2152 + mutex_lock_nested(&upperdir->d_inode->i_mutex, I_MUTEX_PARENT);
2153 + newdentry = ovl_lookup_create(upperdir, new);
2154 + err = PTR_ERR(newdentry);
2155 + if (IS_ERR(newdentry))
2158 + olddentry = ovl_dentry_upper(old);
2159 + err = vfs_link(olddentry, upperdir->d_inode, newdentry);
2161 + ovl_dentry_version_inc(new->d_parent);
2162 + ovl_dentry_update(new, newdentry);
2164 + ihold(old->d_inode);
2165 + d_instantiate(new, old->d_inode);
2170 + mutex_unlock(&upperdir->d_inode->i_mutex);
2176 +static int ovl_rename(struct inode *olddir, struct dentry *old,
2177 + struct inode *newdir, struct dentry *new)
2180 + enum ovl_path_type old_type;
2181 + struct dentry *old_upperdir;
2182 + struct dentry *new_upperdir;
2183 + struct dentry *olddentry;
2184 + struct dentry *newdentry;
2185 + struct dentry *trap;
2186 + bool is_dir = S_ISDIR(old->d_inode->i_mode);
2188 + /* Don't copy up directory trees */
2189 + old_type = ovl_path_type(old);
2190 + if (old_type != OVL_PATH_UPPER && is_dir)
2193 + if (new->d_inode) {
2194 + enum ovl_path_type new_type;
2196 + new_type = ovl_path_type(new);
2198 + if (new_type == OVL_PATH_LOWER && old_type == OVL_PATH_LOWER) {
2199 + if (ovl_dentry_lower(old)->d_inode ==
2200 + ovl_dentry_lower(new)->d_inode)
2203 + if (new_type != OVL_PATH_LOWER && old_type != OVL_PATH_LOWER) {
2204 + if (ovl_dentry_upper(old)->d_inode ==
2205 + ovl_dentry_upper(new)->d_inode)
2209 + if (new_type != OVL_PATH_UPPER &&
2210 + S_ISDIR(new->d_inode->i_mode)) {
2211 + err = ovl_check_empty_dir(new);
2215 + if (new_type == OVL_PATH_MERGE) {
2216 + err = ovl_remove_whiteouts(new);
2223 + err = ovl_copy_up(old);
2227 + err = ovl_copy_up(new->d_parent);
2231 + old_upperdir = ovl_dentry_upper(old->d_parent);
2232 + new_upperdir = ovl_dentry_upper(new->d_parent);
2234 + trap = lock_rename(new_upperdir, old_upperdir);
2236 + olddentry = ovl_dentry_upper(old);
2237 + newdentry = ovl_dentry_upper(new);
2241 + newdentry = ovl_lookup_create(new_upperdir, new);
2242 + err = PTR_ERR(newdentry);
2243 + if (IS_ERR(newdentry))
2248 + if (olddentry->d_parent != old_upperdir)
2250 + if (newdentry->d_parent != new_upperdir)
2252 + if (olddentry == trap)
2254 + if (newdentry == trap)
2257 + err = vfs_rename(old_upperdir->d_inode, olddentry,
2258 + new_upperdir->d_inode, newdentry);
2261 + bool old_opaque = ovl_dentry_is_opaque(old);
2262 + bool new_opaque = ovl_dentry_is_opaque(new);
2264 + if (ovl_path_type(new) != OVL_PATH_UPPER)
2265 + new_opaque = true;
2267 + if (old_type != OVL_PATH_UPPER || old_opaque)
2268 + err = ovl_whiteout(old_upperdir, old);
2269 + if (!err && is_dir) {
2270 + if (old_opaque && !new_opaque) {
2271 + ovl_remove_opaque(olddentry);
2272 + ovl_dentry_set_opaque(old, false);
2274 + if (!old_opaque && new_opaque) {
2275 + err = ovl_set_opaque(olddentry);
2276 + ovl_dentry_set_opaque(old, true);
2279 + ovl_dentry_version_inc(old->d_parent);
2280 + ovl_dentry_version_inc(new->d_parent);
2286 + unlock_rename(new_upperdir, old_upperdir);
2290 +static bool ovl_is_private_xattr(const char *name)
2292 + return strncmp(name, "trusted.overlay.", 14) == 0;
2295 +static int ovl_setxattr(struct dentry *dentry, const char *name,
2296 + const void *value, size_t size, int flags)
2299 + struct dentry *upperdentry;
2301 + if (ovl_is_private_xattr(name))
2304 + err = ovl_copy_up(dentry);
2308 + upperdentry = ovl_dentry_upper(dentry);
2309 + return vfs_setxattr(upperdentry, name, value, size, flags);
2312 +static ssize_t ovl_getxattr(struct dentry *dentry, const char *name,
2313 + void *value, size_t size)
2315 + if (ovl_path_type(dentry->d_parent) == OVL_PATH_MERGE &&
2316 + ovl_is_private_xattr(name))
2319 + return vfs_getxattr(ovl_dentry_real(dentry), name, value, size);
2322 +static ssize_t ovl_listxattr(struct dentry *dentry, char *list, size_t size)
2327 + res = vfs_listxattr(ovl_dentry_real(dentry), list, size);
2328 + if (res <= 0 || size == 0)
2331 + if (ovl_path_type(dentry->d_parent) != OVL_PATH_MERGE)
2334 + /* filter out private xattrs */
2335 + for (off = 0; off < res;) {
2336 + char *s = list + off;
2337 + size_t slen = strlen(s) + 1;
2339 + BUG_ON(off + slen > res);
2341 + if (ovl_is_private_xattr(s)) {
2343 + memmove(s, s + slen, res - off);
2352 +static int ovl_removexattr(struct dentry *dentry, const char *name)
2355 + struct path realpath;
2356 + enum ovl_path_type type;
2358 + if (ovl_path_type(dentry->d_parent) == OVL_PATH_MERGE &&
2359 + ovl_is_private_xattr(name))
2362 + type = ovl_path_real(dentry, &realpath);
2363 + if (type == OVL_PATH_LOWER) {
2364 + err = vfs_getxattr(realpath.dentry, name, NULL, 0);
2368 + err = ovl_copy_up(dentry);
2372 + ovl_path_upper(dentry, &realpath);
2375 + return vfs_removexattr(realpath.dentry, name);
2378 +static bool ovl_open_need_copy_up(int flags, enum ovl_path_type type,
2379 + struct dentry *realdentry)
2381 + if (type != OVL_PATH_LOWER)
2384 + if (special_file(realdentry->d_inode->i_mode))
2387 + if (!(OPEN_FMODE(flags) & FMODE_WRITE) && !(flags & O_TRUNC))
2393 +static struct file *ovl_open(struct dentry *dentry, int flags,
2394 + const struct cred *cred)
2397 + struct path realpath;
2398 + enum ovl_path_type type;
2400 + type = ovl_path_real(dentry, &realpath);
2401 + if (ovl_open_need_copy_up(flags, type, realpath.dentry)) {
2402 + if (flags & O_TRUNC)
2403 + err = ovl_copy_up_truncate(dentry, 0);
2405 + err = ovl_copy_up(dentry);
2407 + return ERR_PTR(err);
2409 + ovl_path_upper(dentry, &realpath);
2412 + return vfs_open(&realpath, flags, cred);
2415 +static const struct inode_operations ovl_dir_inode_operations = {
2416 + .lookup = ovl_lookup,
2417 + .mkdir = ovl_mkdir,
2418 + .symlink = ovl_symlink,
2419 + .unlink = ovl_unlink,
2420 + .rmdir = ovl_rmdir,
2421 + .rename = ovl_rename,
2423 + .setattr = ovl_setattr,
2424 + .create = ovl_create,
2425 + .mknod = ovl_mknod,
2426 + .permission = ovl_permission,
2427 + .getattr = ovl_dir_getattr,
2428 + .setxattr = ovl_setxattr,
2429 + .getxattr = ovl_getxattr,
2430 + .listxattr = ovl_listxattr,
2431 + .removexattr = ovl_removexattr,
2434 +static const struct inode_operations ovl_file_inode_operations = {
2435 + .setattr = ovl_setattr,
2436 + .permission = ovl_permission,
2437 + .getattr = ovl_getattr,
2438 + .setxattr = ovl_setxattr,
2439 + .getxattr = ovl_getxattr,
2440 + .listxattr = ovl_listxattr,
2441 + .removexattr = ovl_removexattr,
2445 +static const struct inode_operations ovl_symlink_inode_operations = {
2446 + .setattr = ovl_setattr,
2447 + .follow_link = ovl_follow_link,
2448 + .put_link = ovl_put_link,
2449 + .readlink = ovl_readlink,
2450 + .getattr = ovl_getattr,
2451 + .setxattr = ovl_setxattr,
2452 + .getxattr = ovl_getxattr,
2453 + .listxattr = ovl_listxattr,
2454 + .removexattr = ovl_removexattr,
2457 +static struct inode *ovl_new_inode(struct super_block *sb, umode_t mode,
2458 + struct ovl_entry *oe)
2460 + struct inode *inode;
2462 + inode = new_inode(sb);
2468 + inode->i_ino = get_next_ino();
2469 + inode->i_mode = mode;
2470 + inode->i_flags |= S_NOATIME | S_NOCMTIME;
2474 + inode->i_private = oe;
2475 + inode->i_op = &ovl_dir_inode_operations;
2476 + inode->i_fop = &ovl_dir_operations;
2480 + inode->i_op = &ovl_symlink_inode_operations;
2488 + inode->i_op = &ovl_file_inode_operations;
2492 + WARN(1, "illegal file type: %i\n", mode);
2500 +static void ovl_put_super(struct super_block *sb)
2502 + struct ovl_fs *ufs = sb->s_fs_info;
2504 + if (!(sb->s_flags & MS_RDONLY))
2505 + mnt_drop_write(ufs->upper_mnt);
2507 + mntput(ufs->upper_mnt);
2508 + mntput(ufs->lower_mnt);
2513 +static int ovl_remount_fs(struct super_block *sb, int *flagsp, char *data)
2515 + int flags = *flagsp;
2516 + struct ovl_fs *ufs = sb->s_fs_info;
2518 + /* When remounting rw or ro, we need to adjust the write access to the
2521 + if (((flags ^ sb->s_flags) & MS_RDONLY) == 0)
2522 + /* No change to readonly status */
2525 + if (flags & MS_RDONLY) {
2526 + mnt_drop_write(ufs->upper_mnt);
2529 + return mnt_want_write(ufs->upper_mnt);
2534 + * @sb: The overlayfs super block
2535 + * @buf: The struct kstatfs to fill in with stats
2537 + * Get the filesystem statistics. As writes always target the upper layer
2538 + * filesystem pass the statfs to the same filesystem.
2540 +static int ovl_statfs(struct dentry *dentry, struct kstatfs *buf)
2542 + struct dentry *root_dentry = dentry->d_sb->s_root;
2544 + ovl_path_upper(root_dentry, &path);
2546 + if (!path.dentry->d_sb->s_op->statfs)
2548 + return path.dentry->d_sb->s_op->statfs(path.dentry, buf);
2551 +static const struct super_operations ovl_super_operations = {
2552 + .put_super = ovl_put_super,
2553 + .remount_fs = ovl_remount_fs,
2554 + .statfs = ovl_statfs,
2557 +struct ovl_config {
2568 +static const match_table_t ovl_tokens = {
2569 + {Opt_lowerdir, "lowerdir=%s"},
2570 + {Opt_upperdir, "upperdir=%s"},
2574 +static int ovl_parse_opt(char *opt, struct ovl_config *config)
2578 + config->upperdir = NULL;
2579 + config->lowerdir = NULL;
2581 + while ((p = strsep(&opt, ",")) != NULL) {
2583 + substring_t args[MAX_OPT_ARGS];
2588 + token = match_token(p, ovl_tokens, args);
2590 + case Opt_upperdir:
2591 + kfree(config->upperdir);
2592 + config->upperdir = match_strdup(&args[0]);
2593 + if (!config->upperdir)
2597 + case Opt_lowerdir:
2598 + kfree(config->lowerdir);
2599 + config->lowerdir = match_strdup(&args[0]);
2600 + if (!config->lowerdir)
2611 +static int ovl_fill_super(struct super_block *sb, void *data, int silent)
2613 + struct path lowerpath;
2614 + struct path upperpath;
2615 + struct inode *root_inode;
2616 + struct dentry *root_dentry;
2617 + struct ovl_entry *oe;
2618 + struct ovl_fs *ufs;
2619 + struct ovl_config config;
2622 + err = ovl_parse_opt((char *) data, &config);
2627 + if (!config.upperdir || !config.lowerdir) {
2628 + printk(KERN_ERR "overlayfs: missing upperdir or lowerdir\n");
2629 + goto out_free_config;
2633 + ufs = kmalloc(sizeof(struct ovl_fs), GFP_KERNEL);
2635 + goto out_free_config;
2637 + oe = ovl_alloc_entry();
2639 + goto out_free_ufs;
2641 + root_inode = ovl_new_inode(sb, S_IFDIR, oe);
2645 + err = kern_path(config.upperdir, LOOKUP_FOLLOW, &upperpath);
2647 + goto out_put_root;
2649 + err = kern_path(config.lowerdir, LOOKUP_FOLLOW, &lowerpath);
2651 + goto out_put_upperpath;
2654 + if (!S_ISDIR(upperpath.dentry->d_inode->i_mode) ||
2655 + !S_ISDIR(lowerpath.dentry->d_inode->i_mode))
2656 + goto out_put_lowerpath;
2658 + ufs->upper_mnt = clone_private_mount(&upperpath);
2659 + err = PTR_ERR(ufs->upper_mnt);
2660 + if (IS_ERR(ufs->upper_mnt)) {
2661 + printk(KERN_ERR "overlayfs: failed to clone upperpath\n");
2662 + goto out_put_lowerpath;
2665 + ufs->lower_mnt = clone_private_mount(&lowerpath);
2666 + err = PTR_ERR(ufs->lower_mnt);
2667 + if (IS_ERR(ufs->lower_mnt)) {
2668 + printk(KERN_ERR "overlayfs: failed to clone lowerpath\n");
2669 + goto out_put_upper_mnt;
2672 + if (!(sb->s_flags & MS_RDONLY)) {
2673 + err = mnt_want_write(ufs->upper_mnt);
2675 + goto out_put_lower_mnt;
2679 + root_dentry = d_alloc_root(root_inode);
2681 + goto out_drop_write;
2683 + mntput(upperpath.mnt);
2684 + mntput(lowerpath.mnt);
2686 + oe->__upperdentry = upperpath.dentry;
2687 + oe->lowerdentry = lowerpath.dentry;
2689 + root_dentry->d_fsdata = oe;
2690 + root_dentry->d_op = &ovl_dentry_operations;
2692 + sb->s_op = &ovl_super_operations;
2693 + sb->s_root = root_dentry;
2694 + sb->s_fs_info = ufs;
2699 + if (!(sb->s_flags & MS_RDONLY))
2700 + mnt_drop_write(ufs->upper_mnt);
2702 + mntput(ufs->lower_mnt);
2704 + mntput(ufs->upper_mnt);
2706 + path_put(&lowerpath);
2708 + path_put(&upperpath);
2716 + kfree(config.lowerdir);
2717 + kfree(config.upperdir);
2722 +static int ovl_get_sb(struct file_system_type *fs_type,
2723 + int flags, const char *dev_name,
2724 + void *raw_data, struct vfsmount *mnt)
2726 + return get_sb_nodev(fs_type, flags, raw_data, ovl_fill_super, mnt);
2729 +static struct file_system_type ovl_fs_type = {
2730 + .owner = THIS_MODULE,
2731 + .name = "overlayfs",
2732 + .get_sb = ovl_get_sb,
2733 + .kill_sb = kill_anon_super,
2736 +static int __init ovl_init(void)
2738 + return register_filesystem(&ovl_fs_type);
2741 +static void __exit ovl_exit(void)
2743 + unregister_filesystem(&ovl_fs_type);
2746 +module_init(ovl_init);
2747 +module_exit(ovl_exit);
2750 @@ -1296,6 +1296,7 @@ long do_splice_direct(struct file *in, l
2754 +EXPORT_SYMBOL(do_splice_direct);
2756 static int splice_pipe_to_pipe(struct pipe_inode_info *ipipe,
2757 struct pipe_inode_info *opipe,
2758 --- a/include/linux/fs.h
2759 +++ b/include/linux/fs.h
2760 @@ -1587,6 +1587,7 @@ struct inode_operations {
2761 void (*truncate_range)(struct inode *, loff_t, loff_t);
2762 int (*fiemap)(struct inode *, struct fiemap_extent_info *, u64 start,
2764 + struct file *(*open)(struct dentry *, int flags, const struct cred *);
2765 } ____cacheline_aligned;
2768 @@ -1990,6 +1991,7 @@ extern int do_fallocate(struct file *fil
2769 extern long do_sys_open(int dfd, const char __user *filename, int flags,
2771 extern struct file *filp_open(const char *, int, int);
2772 +extern struct file *vfs_open(struct path *, int flags, const struct cred *);
2773 extern struct file * dentry_open(struct dentry *, struct vfsmount *, int,
2774 const struct cred *);
2775 extern int filp_close(struct file *, fl_owner_t id);
2776 --- a/include/linux/mount.h
2777 +++ b/include/linux/mount.h
2778 @@ -100,6 +100,9 @@ extern void mnt_pin(struct vfsmount *mnt
2779 extern void mnt_unpin(struct vfsmount *mnt);
2780 extern int __mnt_is_readonly(struct vfsmount *mnt);
2783 +extern struct vfsmount *clone_private_mount(struct path *path);
2785 extern struct vfsmount *do_kern_mount(const char *fstype, int flags,
2786 const char *name, void *data);
projects / openwrt.git / blob