]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - fs/shiftfs.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
UBUNTU: SAUCE: shiftfs: prevent use-after-free when verifying mount options
[mirror_ubuntu-jammy-kernel.git] / fs / shiftfs.c
CommitLineData
88f5bff3 1#include <linux/btrfs.h>
3ded6d6b 2#include <linux/capability.h>
aa269008
JB		 3#include <linux/cred.h>
4#include <linux/mount.h>
88f5bff3 5#include <linux/fdtable.h>
aa269008
JB		 6#include <linux/file.h>
7#include <linux/fs.h>
8#include <linux/namei.h>
9#include <linux/module.h>
10#include <linux/kernel.h>
11#include <linux/magic.h>
12#include <linux/parser.h>
3ded6d6b 13#include <linux/security.h>
aa269008
JB		 14#include <linux/seq_file.h>
15#include <linux/statfs.h>
16#include <linux/slab.h>
17#include <linux/user_namespace.h>
18#include <linux/uidgid.h>
19#include <linux/xattr.h>
3ded6d6b
CB		 20#include <linux/posix_acl.h>
21#include <linux/posix_acl_xattr.h>
22#include <linux/uio.h>
aa269008
JB		 23
24struct shiftfs_super_info {
25 struct vfsmount *mnt;
26 struct user_namespace *userns;
3ded6d6b
CB		 27 /* creds of process who created the super block */
28 const struct cred *creator_cred;
aa269008 29 bool mark;
3ded6d6b 30 unsigned int passthrough;
14ba9a56 31 unsigned int passthrough_mark;
aa269008
JB		 32};
33
3ded6d6b
CB		 34struct shiftfs_file_info {
35 struct path realpath;
36 struct file *realfile;
37};
38
39struct kmem_cache *shiftfs_file_info_cache;
40
41static void shiftfs_fill_inode(struct inode *inode, unsigned long ino,
42 umode_t mode, dev_t dev, struct dentry *dentry);
43
44#define SHIFTFS_PASSTHROUGH_NONE 0
45#define SHIFTFS_PASSTHROUGH_STAT 1
88f5bff3
CB		 46#define SHIFTFS_PASSTHROUGH_IOCTL 2
47#define SHIFTFS_PASSTHROUGH_ALL \
48 (SHIFTFS_PASSTHROUGH_STAT | SHIFTFS_PASSTHROUGH_IOCTL)
49
50static inline bool shiftfs_passthrough_ioctls(struct shiftfs_super_info *info)
51{
52 if (!(info->passthrough & SHIFTFS_PASSTHROUGH_IOCTL))
53 return false;
54
88f5bff3
CB		 55 return true;
56}
3ded6d6b
CB		 57
58static inline bool shiftfs_passthrough_statfs(struct shiftfs_super_info *info)
59{
60 if (!(info->passthrough & SHIFTFS_PASSTHROUGH_STAT))
61 return false;
62
3ded6d6b
CB		 63 return true;
64}
aa269008
JB		 65
66enum {
67 OPT_MARK,
3ded6d6b 68 OPT_PASSTHROUGH,
aa269008
JB		 69 OPT_LAST,
70};
71
72/* global filesystem options */
73static const match_table_t tokens = {
74 { OPT_MARK, "mark" },
3ded6d6b 75 { OPT_PASSTHROUGH, "passthrough=%u" },
aa269008
JB		 76 { OPT_LAST, NULL }
77};
78
3ded6d6b 79static const struct cred *shiftfs_override_creds(const struct super_block *sb)
aa269008 80{
3ded6d6b 81 struct shiftfs_super_info *sbinfo = sb->s_fs_info;
aa269008 82
3ded6d6b
CB		 83 return override_creds(sbinfo->creator_cred);
84}
85
86static inline void shiftfs_revert_object_creds(const struct cred *oldcred,
87 struct cred *newcred)
88{
89 revert_creds(oldcred);
90 put_cred(newcred);
91}
92
93static int shiftfs_override_object_creds(const struct super_block *sb,
94 const struct cred **oldcred,
95 struct cred **newcred,
96 struct dentry *dentry, umode_t mode,
97 bool hardlink)
98{
99 kuid_t fsuid = current_fsuid();
100 kgid_t fsgid = current_fsgid();
101
102 *oldcred = shiftfs_override_creds(sb);
103
104 *newcred = prepare_creds();
105 if (!*newcred) {
106 revert_creds(*oldcred);
107 return -ENOMEM;
108 }
109
110 (*newcred)->fsuid = KUIDT_INIT(from_kuid(sb->s_user_ns, fsuid));
111 (*newcred)->fsgid = KGIDT_INIT(from_kgid(sb->s_user_ns, fsgid));
112
113 if (!hardlink) {
114 int err = security_dentry_create_files_as(dentry, mode,
115 &dentry->d_name,
116 *oldcred, *newcred);
117 if (err) {
118 shiftfs_revert_object_creds(*oldcred, *newcred);
119 return err;
120 }
121 }
aa269008 122
3ded6d6b
CB		 123 put_cred(override_creds(*newcred));
124 return 0;
125}
aa269008 126
3ded6d6b
CB		 127static kuid_t shift_kuid(struct user_namespace *from, struct user_namespace *to,
128 kuid_t kuid)
129{
130 uid_t uid = from_kuid(from, kuid);
131 return make_kuid(to, uid);
aa269008
JB		 132}
133
3ded6d6b
CB		 134static kgid_t shift_kgid(struct user_namespace *from, struct user_namespace *to,
135 kgid_t kgid)
aa269008 136{
3ded6d6b
CB		 137 gid_t gid = from_kgid(from, kgid);
138 return make_kgid(to, gid);
139}
aa269008 140
3ded6d6b
CB		 141static void shiftfs_copyattr(struct inode *from, struct inode *to)
142{
143 struct user_namespace *from_ns = from->i_sb->s_user_ns;
144 struct user_namespace *to_ns = to->i_sb->s_user_ns;
145
146 to->i_uid = shift_kuid(from_ns, to_ns, from->i_uid);
147 to->i_gid = shift_kgid(from_ns, to_ns, from->i_gid);
148 to->i_mode = from->i_mode;
149 to->i_atime = from->i_atime;
150 to->i_mtime = from->i_mtime;
151 to->i_ctime = from->i_ctime;
152 i_size_write(to, i_size_read(from));
153}
aa269008 154
3ded6d6b
CB		 155static void shiftfs_copyflags(struct inode *from, struct inode *to)
156{
157 unsigned int mask = S_SYNC | S_IMMUTABLE | S_APPEND | S_NOATIME;
aa269008 158
3ded6d6b 159 inode_set_flags(to, from->i_flags & mask, mask);
aa269008
JB		 160}
161
3ded6d6b 162static void shiftfs_file_accessed(struct file *file)
aa269008 163{
3ded6d6b
CB		 164 struct inode *upperi, *loweri;
165
166 if (file->f_flags & O_NOATIME)
aa269008
JB		 167 return;
168
3ded6d6b
CB		 169 upperi = file_inode(file);
170 loweri = upperi->i_private;
171
172 if (!loweri)
173 return;
174
175 upperi->i_mtime = loweri->i_mtime;
176 upperi->i_ctime = loweri->i_ctime;
177
178 touch_atime(&file->f_path);
aa269008
JB		 179}
180
3ded6d6b
CB		 181static int shiftfs_parse_mount_options(struct shiftfs_super_info *sbinfo,
182 char *options)
aa269008
JB		 183{
184 char *p;
185 substring_t args[MAX_OPT_ARGS];
186
3ded6d6b
CB		 187 sbinfo->mark = false;
188 sbinfo->passthrough = 0;
aa269008
JB		 189
190 while ((p = strsep(&options, ",")) != NULL) {
3ded6d6b 191 int err, intarg, token;
aa269008
JB		 192
193 if (!*p)
194 continue;
195
196 token = match_token(p, tokens, args);
197 switch (token) {
198 case OPT_MARK:
3ded6d6b
CB		 199 sbinfo->mark = true;
200 break;
201 case OPT_PASSTHROUGH:
202 err = match_int(&args[0], &intarg);
203 if (err)
204 return err;
205
206 if (intarg & ~SHIFTFS_PASSTHROUGH_ALL)
207 return -EINVAL;
208
209 sbinfo->passthrough = intarg;
aa269008
JB		 210 break;
211 default:
212 return -EINVAL;
213 }
214 }
3ded6d6b 215
aa269008
JB		 216 return 0;
217}
218
219static void shiftfs_d_release(struct dentry *dentry)
220{
3ded6d6b 221 struct dentry *lowerd = dentry->d_fsdata;
aa269008 222
3ded6d6b
CB		 223 if (lowerd)
224 dput(lowerd);
aa269008
JB		 225}
226
227static struct dentry *shiftfs_d_real(struct dentry *dentry,
228 const struct inode *inode)
229{
3ded6d6b
CB		 230 struct dentry *lowerd = dentry->d_fsdata;
231
232 if (inode && d_inode(dentry) == inode)
233 return dentry;
aa269008 234
3ded6d6b
CB		 235 lowerd = d_real(lowerd, inode);
236 if (lowerd && (!inode || inode == d_inode(lowerd)))
237 return lowerd;
aa269008 238
3ded6d6b
CB		 239 WARN(1, "shiftfs_d_real(%pd4, %s:%lu): real dentry not found\n", dentry,
240 inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0);
241 return dentry;
aa269008
JB		 242}
243
244static int shiftfs_d_weak_revalidate(struct dentry *dentry, unsigned int flags)
245{
3ded6d6b
CB		 246 int err = 1;
247 struct dentry *lowerd = dentry->d_fsdata;
aa269008 248
3ded6d6b 249 if (d_is_negative(lowerd) != d_is_negative(dentry))
aa269008
JB		 250 return 0;
251
3ded6d6b
CB		 252 if ((lowerd->d_flags & DCACHE_OP_WEAK_REVALIDATE))
253 err = lowerd->d_op->d_weak_revalidate(lowerd, flags);
aa269008 254
3ded6d6b
CB		 255 if (d_really_is_positive(dentry)) {
256 struct inode *inode = d_inode(dentry);
257 struct inode *loweri = d_inode(lowerd);
258
259 shiftfs_copyattr(loweri, inode);
260 if (!inode->i_nlink)
261 err = 0;
262 }
263
264 return err;
aa269008
JB		 265}
266
267static int shiftfs_d_revalidate(struct dentry *dentry, unsigned int flags)
268{
3ded6d6b
CB		 269 int err = 1;
270 struct dentry *lowerd = dentry->d_fsdata;
aa269008 271
3ded6d6b
CB		 272 if (d_unhashed(lowerd) ||
273 ((d_is_negative(lowerd) != d_is_negative(dentry))))
aa269008
JB		 274 return 0;
275
3ded6d6b
CB		 276 if (flags & LOOKUP_RCU)
277 return -ECHILD;
aa269008 278
3ded6d6b
CB		 279 if ((lowerd->d_flags & DCACHE_OP_REVALIDATE))
280 err = lowerd->d_op->d_revalidate(lowerd, flags);
aa269008 281
3ded6d6b
CB		 282 if (d_really_is_positive(dentry)) {
283 struct inode *inode = d_inode(dentry);
284 struct inode *loweri = d_inode(lowerd);
aa269008 285
3ded6d6b
CB		 286 shiftfs_copyattr(loweri, inode);
287 if (!inode->i_nlink)
288 err = 0;
289 }
aa269008 290
3ded6d6b 291 return err;
aa269008
JB		 292}
293
294static const struct dentry_operations shiftfs_dentry_ops = {
3ded6d6b
CB		 295 .d_release = shiftfs_d_release,
296 .d_real = shiftfs_d_real,
297 .d_revalidate = shiftfs_d_revalidate,
aa269008
JB		 298 .d_weak_revalidate = shiftfs_d_weak_revalidate,
299};
300
aa269008
JB		 301static const char *shiftfs_get_link(struct dentry *dentry, struct inode *inode,
302 struct delayed_call *done)
303{
3ded6d6b
CB		 304 const char *p;
305 const struct cred *oldcred;
306 struct dentry *lowerd;
aa269008 307
3ded6d6b
CB		 308 /* RCU lookup not supported */
309 if (!dentry)
aa269008 310 return ERR_PTR(-ECHILD);
3ded6d6b
CB		 311
312 lowerd = dentry->d_fsdata;
313 oldcred = shiftfs_override_creds(dentry->d_sb);
314 p = vfs_get_link(lowerd, done);
315 revert_creds(oldcred);
316
317 return p;
aa269008
JB		 318}
319
320static int shiftfs_setxattr(struct dentry *dentry, struct inode *inode,
321 const char *name, const void *value,
322 size_t size, int flags)
323{
3ded6d6b
CB		 324 struct dentry *lowerd = dentry->d_fsdata;
325 int err;
326 const struct cred *oldcred;
327
328 oldcred = shiftfs_override_creds(dentry->d_sb);
329 err = vfs_setxattr(lowerd, name, value, size, flags);
330 revert_creds(oldcred);
aa269008 331
3ded6d6b 332 shiftfs_copyattr(lowerd->d_inode, inode);
aa269008
JB		 333
334 return err;
335}
336
337static int shiftfs_xattr_get(const struct xattr_handler *handler,
338 struct dentry *dentry, struct inode *inode,
339 const char *name, void *value, size_t size)
340{
3ded6d6b 341 struct dentry *lowerd = dentry->d_fsdata;
aa269008 342 int err;
3ded6d6b 343 const struct cred *oldcred;
aa269008 344
3ded6d6b
CB		 345 oldcred = shiftfs_override_creds(dentry->d_sb);
346 err = vfs_getxattr(lowerd, name, value, size);
347 revert_creds(oldcred);
aa269008
JB		 348
349 return err;
350}
351
352static ssize_t shiftfs_listxattr(struct dentry *dentry, char *list,
353 size_t size)
354{
3ded6d6b 355 struct dentry *lowerd = dentry->d_fsdata;
aa269008 356 int err;
3ded6d6b 357 const struct cred *oldcred;
aa269008 358
3ded6d6b
CB		 359 oldcred = shiftfs_override_creds(dentry->d_sb);
360 err = vfs_listxattr(lowerd, list, size);
361 revert_creds(oldcred);
aa269008
JB		 362
363 return err;
364}
365
366static int shiftfs_removexattr(struct dentry *dentry, const char *name)
367{
3ded6d6b 368 struct dentry *lowerd = dentry->d_fsdata;
aa269008 369 int err;
3ded6d6b
CB		 370 const struct cred *oldcred;
371
372 oldcred = shiftfs_override_creds(dentry->d_sb);
373 err = vfs_removexattr(lowerd, name);
374 revert_creds(oldcred);
aa269008 375
3ded6d6b
CB		 376 /* update c/mtime */
377 shiftfs_copyattr(lowerd->d_inode, d_inode(dentry));
aa269008
JB		 378
379 return err;
380}
381
382static int shiftfs_xattr_set(const struct xattr_handler *handler,
383 struct dentry *dentry, struct inode *inode,
384 const char *name, const void *value, size_t size,
385 int flags)
386{
387 if (!value)
388 return shiftfs_removexattr(dentry, name);
389 return shiftfs_setxattr(dentry, inode, name, value, size, flags);
390}
391
3ded6d6b 392static int shiftfs_inode_test(struct inode *inode, void *data)
aa269008 393{
3ded6d6b
CB		 394 return inode->i_private == data;
395}
aa269008 396
3ded6d6b
CB		 397static int shiftfs_inode_set(struct inode *inode, void *data)
398{
399 inode->i_private = data;
400 return 0;
aa269008
JB		 401}
402
3ded6d6b
CB		 403static int shiftfs_create_object(struct inode *diri, struct dentry *dentry,
404 umode_t mode, const char *symlink,
405 struct dentry *hardlink, bool excl)
aa269008 406{
aa269008 407 int err;
3ded6d6b
CB		 408 const struct cred *oldcred;
409 struct cred *newcred;
410 void *loweri_iop_ptr = NULL;
411 umode_t modei = mode;
412 struct super_block *dir_sb = diri->i_sb;
413 struct dentry *lowerd_new = dentry->d_fsdata;
414 struct inode *inode = NULL, *loweri_dir = diri->i_private;
415 const struct inode_operations *loweri_dir_iop = loweri_dir->i_op;
416 struct dentry *lowerd_link = NULL;
aa269008
JB		 417
418 if (hardlink) {
3ded6d6b 419 loweri_iop_ptr = loweri_dir_iop->link;
aa269008
JB		 420 } else {
421 switch (mode & S_IFMT) {
422 case S_IFDIR:
3ded6d6b 423 loweri_iop_ptr = loweri_dir_iop->mkdir;
aa269008
JB		 424 break;
425 case S_IFREG:
3ded6d6b 426 loweri_iop_ptr = loweri_dir_iop->create;
aa269008
JB		 427 break;
428 case S_IFLNK:
3ded6d6b
CB		 429 loweri_iop_ptr = loweri_dir_iop->symlink;
430 break;
431 case S_IFSOCK:
432 /* fall through */
433 case S_IFIFO:
434 loweri_iop_ptr = loweri_dir_iop->mknod;
435 break;
aa269008
JB		 436 }
437 }
3ded6d6b
CB		 438 if (!loweri_iop_ptr) {
439 err = -EINVAL;
440 goto out_iput;
441 }
aa269008 442
3ded6d6b 443 inode_lock_nested(loweri_dir, I_MUTEX_PARENT);
aa269008 444
3ded6d6b
CB		 445 if (!hardlink) {
446 inode = new_inode(dir_sb);
447 if (!inode) {
448 err = -ENOMEM;
449 goto out_iput;
450 }
451
452 /*
453 * new_inode() will have added the new inode to the super
454 * block's list of inodes. Further below we will call
455 * inode_insert5() Which would perform the same operation again
456 * thereby corrupting the list. To avoid this raise I_CREATING
457 * in i_state which will cause inode_insert5() to skip this
458 * step. I_CREATING will be cleared by d_instantiate_new()
459 * below.
460 */
461 spin_lock(&inode->i_lock);
462 inode->i_state |= I_CREATING;
463 spin_unlock(&inode->i_lock);
aa269008 464
3ded6d6b
CB		 465 inode_init_owner(inode, diri, mode);
466 modei = inode->i_mode;
467 }
aa269008 468
3ded6d6b
CB		 469 err = shiftfs_override_object_creds(dentry->d_sb, &oldcred, &newcred,
470 dentry, modei, hardlink != NULL);
471 if (err)
472 goto out_iput;
aa269008 473
aa269008 474 if (hardlink) {
3ded6d6b
CB		 475 lowerd_link = hardlink->d_fsdata;
476 err = vfs_link(lowerd_link, loweri_dir, lowerd_new, NULL);
aa269008 477 } else {
3ded6d6b 478 switch (modei & S_IFMT) {
aa269008 479 case S_IFDIR:
3ded6d6b 480 err = vfs_mkdir(loweri_dir, lowerd_new, modei);
aa269008
JB		 481 break;
482 case S_IFREG:
3ded6d6b 483 err = vfs_create(loweri_dir, lowerd_new, modei, excl);
aa269008
JB		 484 break;
485 case S_IFLNK:
3ded6d6b
CB		 486 err = vfs_symlink(loweri_dir, lowerd_new, symlink);
487 break;
488 case S_IFSOCK:
489 /* fall through */
490 case S_IFIFO:
491 err = vfs_mknod(loweri_dir, lowerd_new, modei, 0);
492 break;
493 default:
494 err = -EINVAL;
495 break;
aa269008
JB		 496 }
497 }
498
3ded6d6b 499 shiftfs_revert_object_creds(oldcred, newcred);
aa269008 500
3ded6d6b
CB		 501 if (!err && WARN_ON(!lowerd_new->d_inode))
502 err = -EIO;
aa269008 503 if (err)
3ded6d6b
CB		 504 goto out_iput;
505
506 if (hardlink) {
507 inode = d_inode(hardlink);
508 ihold(inode);
509
510 /* copy up times from lower inode */
511 shiftfs_copyattr(d_inode(lowerd_link), inode);
512 set_nlink(d_inode(hardlink), d_inode(lowerd_link)->i_nlink);
513 d_instantiate(dentry, inode);
514 } else {
515 struct inode *inode_tmp;
516 struct inode *loweri_new = d_inode(lowerd_new);
517
518 inode_tmp = inode_insert5(inode, (unsigned long)loweri_new,
519 shiftfs_inode_test, shiftfs_inode_set,
520 loweri_new);
521 if (unlikely(inode_tmp != inode)) {
522 pr_err_ratelimited("shiftfs: newly created inode found in cache\n");
523 iput(inode_tmp);
524 err = -EINVAL;
525 goto out_iput;
526 }
aa269008 527
3ded6d6b
CB		 528 ihold(loweri_new);
529 shiftfs_fill_inode(inode, loweri_new->i_ino, loweri_new->i_mode,
530 0, lowerd_new);
531 d_instantiate_new(dentry, inode);
532 }
aa269008 533
3ded6d6b
CB		 534 shiftfs_copyattr(loweri_dir, diri);
535 if (loweri_iop_ptr == loweri_dir_iop->mkdir)
536 set_nlink(diri, loweri_dir->i_nlink);
aa269008 537
3ded6d6b 538 inode = NULL;
aa269008 539
3ded6d6b
CB		 540out_iput:
541 iput(inode);
542 inode_unlock(loweri_dir);
aa269008
JB		 543
544 return err;
545}
546
547static int shiftfs_create(struct inode *dir, struct dentry *dentry,
548 umode_t mode, bool excl)
549{
550 mode |= S_IFREG;
551
3ded6d6b 552 return shiftfs_create_object(dir, dentry, mode, NULL, NULL, excl);
aa269008
JB		 553}
554
555static int shiftfs_mkdir(struct inode *dir, struct dentry *dentry,
556 umode_t mode)
557{
558 mode |= S_IFDIR;
559
3ded6d6b 560 return shiftfs_create_object(dir, dentry, mode, NULL, NULL, false);
aa269008
JB		 561}
562
563static int shiftfs_link(struct dentry *hardlink, struct inode *dir,
564 struct dentry *dentry)
565{
3ded6d6b
CB		 566 return shiftfs_create_object(dir, dentry, 0, NULL, hardlink, false);
567}
568
569static int shiftfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode,
570 dev_t rdev)
571{
572 if (!S_ISFIFO(mode) && !S_ISSOCK(mode))
573 return -EPERM;
574
575 return shiftfs_create_object(dir, dentry, mode, NULL, NULL, false);
aa269008
JB		 576}
577
578static int shiftfs_symlink(struct inode *dir, struct dentry *dentry,
579 const char *symlink)
580{
3ded6d6b 581 return shiftfs_create_object(dir, dentry, S_IFLNK, symlink, NULL, false);
aa269008
JB		 582}
583
584static int shiftfs_rm(struct inode *dir, struct dentry *dentry, bool rmdir)
585{
3ded6d6b
CB		 586 struct dentry *lowerd = dentry->d_fsdata;
587 struct inode *loweri = dir->i_private;
aa269008 588 int err;
3ded6d6b 589 const struct cred *oldcred;
aa269008 590
3ded6d6b
CB		 591 oldcred = shiftfs_override_creds(dentry->d_sb);
592 inode_lock_nested(loweri, I_MUTEX_PARENT);
aa269008 593 if (rmdir)
3ded6d6b 594 err = vfs_rmdir(loweri, lowerd);
aa269008 595 else
3ded6d6b
CB		 596 err = vfs_unlink(loweri, lowerd, NULL);
597 inode_unlock(loweri);
598 revert_creds(oldcred);
aa269008 599
3ded6d6b
CB		 600 shiftfs_copyattr(loweri, dir);
601 set_nlink(d_inode(dentry), loweri->i_nlink);
602 if (!err)
603 d_drop(dentry);
604
605 set_nlink(dir, loweri->i_nlink);
aa269008
JB		 606
607 return err;
608}
609
610static int shiftfs_unlink(struct inode *dir, struct dentry *dentry)
611{
612 return shiftfs_rm(dir, dentry, false);
613}
614
615static int shiftfs_rmdir(struct inode *dir, struct dentry *dentry)
616{
617 return shiftfs_rm(dir, dentry, true);
618}
619
620static int shiftfs_rename(struct inode *olddir, struct dentry *old,
621 struct inode *newdir, struct dentry *new,
622 unsigned int flags)
623{
3ded6d6b
CB		 624 struct dentry *lowerd_dir_old = old->d_parent->d_fsdata,
625 *lowerd_dir_new = new->d_parent->d_fsdata,
626 *lowerd_old = old->d_fsdata, *lowerd_new = new->d_fsdata,
627 *trapd;
628 struct inode *loweri_dir_old = lowerd_dir_old->d_inode,
629 *loweri_dir_new = lowerd_dir_new->d_inode;
aa269008 630 int err = -EINVAL;
3ded6d6b 631 const struct cred *oldcred;
aa269008 632
3ded6d6b 633 trapd = lock_rename(lowerd_dir_new, lowerd_dir_old);
aa269008 634
3ded6d6b 635 if (trapd == lowerd_old || trapd == lowerd_new)
aa269008
JB		 636 goto out_unlock;
637
3ded6d6b
CB		 638 oldcred = shiftfs_override_creds(old->d_sb);
639 err = vfs_rename(loweri_dir_old, lowerd_old, loweri_dir_new, lowerd_new,
640 NULL, flags);
641 revert_creds(oldcred);
aa269008 642
3ded6d6b
CB		 643 shiftfs_copyattr(loweri_dir_old, olddir);
644 shiftfs_copyattr(loweri_dir_new, newdir);
aa269008 645
3ded6d6b
CB		 646out_unlock:
647 unlock_rename(lowerd_dir_new, lowerd_dir_old);
aa269008
JB		 648
649 return err;
650}
651
652static struct dentry *shiftfs_lookup(struct inode *dir, struct dentry *dentry,
653 unsigned int flags)
654{
3ded6d6b
CB		 655 struct dentry *new;
656 struct inode *newi;
657 const struct cred *oldcred;
658 struct dentry *lowerd = dentry->d_parent->d_fsdata;
659 struct inode *inode = NULL, *loweri = lowerd->d_inode;
660
661 inode_lock(loweri);
662 oldcred = shiftfs_override_creds(dentry->d_sb);
663 new = lookup_one_len(dentry->d_name.name, lowerd, dentry->d_name.len);
664 revert_creds(oldcred);
665 inode_unlock(loweri);
aa269008
JB		 666
667 if (IS_ERR(new))
668 return new;
669
670 dentry->d_fsdata = new;
671
3ded6d6b
CB		 672 newi = new->d_inode;
673 if (!newi)
aa269008
JB		 674 goto out;
675
3ded6d6b
CB		 676 inode = iget5_locked(dentry->d_sb, (unsigned long)newi,
677 shiftfs_inode_test, shiftfs_inode_set, newi);
678 if (!inode) {
aa269008
JB		 679 dput(new);
680 return ERR_PTR(-ENOMEM);
681 }
3ded6d6b
CB		 682 if (inode->i_state & I_NEW) {
683 /*
684 * inode->i_private set by shiftfs_inode_set(), but we still
685 * need to take a reference
686 */
687 ihold(newi);
688 shiftfs_fill_inode(inode, newi->i_ino, newi->i_mode, 0, new);
689 unlock_new_inode(inode);
690 }
aa269008 691
3ded6d6b
CB		 692out:
693 return d_splice_alias(inode, dentry);
aa269008
JB		 694}
695
696static int shiftfs_permission(struct inode *inode, int mask)
697{
aa269008 698 int err;
3ded6d6b
CB		 699 const struct cred *oldcred;
700 struct inode *loweri = inode->i_private;
aa269008 701
3ded6d6b
CB		 702 if (!loweri) {
703 WARN_ON(!(mask & MAY_NOT_BLOCK));
aa269008 704 return -ECHILD;
3ded6d6b 705 }
aa269008 706
3ded6d6b
CB		 707 err = generic_permission(inode, mask);
708 if (err)
709 return err;
710
711 oldcred = shiftfs_override_creds(inode->i_sb);
712 err = inode_permission(loweri, mask);
713 revert_creds(oldcred);
714
715 return err;
716}
717
718static int shiftfs_fiemap(struct inode *inode,
719 struct fiemap_extent_info *fieinfo, u64 start,
720 u64 len)
721{
722 int err;
723 const struct cred *oldcred;
724 struct inode *loweri = inode->i_private;
725
726 if (!loweri->i_op->fiemap)
727 return -EOPNOTSUPP;
728
729 oldcred = shiftfs_override_creds(inode->i_sb);
730 if (fieinfo->fi_flags & FIEMAP_FLAG_SYNC)
731 filemap_write_and_wait(loweri->i_mapping);
732 err = loweri->i_op->fiemap(loweri, fieinfo, start, len);
733 revert_creds(oldcred);
734
735 return err;
736}
737
738static int shiftfs_tmpfile(struct inode *dir, struct dentry *dentry,
739 umode_t mode)
740{
741 int err;
742 const struct cred *oldcred;
743 struct dentry *lowerd = dentry->d_fsdata;
744 struct inode *loweri = dir->i_private;
745
746 if (!loweri->i_op->tmpfile)
747 return -EOPNOTSUPP;
748
749 oldcred = shiftfs_override_creds(dir->i_sb);
750 err = loweri->i_op->tmpfile(loweri, lowerd, mode);
751 revert_creds(oldcred);
aa269008
JB		 752
753 return err;
754}
755
756static int shiftfs_setattr(struct dentry *dentry, struct iattr *attr)
757{
3ded6d6b
CB		 758 struct dentry *lowerd = dentry->d_fsdata;
759 struct inode *loweri = lowerd->d_inode;
25af0f23 760 struct iattr newattr;
3ded6d6b 761 const struct cred *oldcred;
aa269008
JB		 762 struct super_block *sb = dentry->d_sb;
763 int err;
764
3ded6d6b
CB		 765 err = setattr_prepare(dentry, attr);
766 if (err)
767 return err;
768
25af0f23 769 newattr = *attr;
aa269008
JB		 770 newattr.ia_uid = KUIDT_INIT(from_kuid(sb->s_user_ns, attr->ia_uid));
771 newattr.ia_gid = KGIDT_INIT(from_kgid(sb->s_user_ns, attr->ia_gid));
772
25af0f23
SF		 773 /*
774 * mode change is for clearing setuid/setgid bits. Allow lower fs
775 * to interpret this in its own way.
776 */
777 if (newattr.ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID))
778 newattr.ia_valid &= ~ATTR_MODE;
779
3ded6d6b
CB		 780 inode_lock(loweri);
781 oldcred = shiftfs_override_creds(dentry->d_sb);
64c4141c 782 err = notify_change(lowerd, &newattr, NULL);
3ded6d6b
CB		 783 revert_creds(oldcred);
784 inode_unlock(loweri);
aa269008 785
3ded6d6b 786 shiftfs_copyattr(loweri, d_inode(dentry));
aa269008 787
3ded6d6b 788 return err;
aa269008
JB		 789}
790
791static int shiftfs_getattr(const struct path *path, struct kstat *stat,
792 u32 request_mask, unsigned int query_flags)
793{
794 struct inode *inode = path->dentry->d_inode;
3ded6d6b
CB		 795 struct dentry *lowerd = path->dentry->d_fsdata;
796 struct inode *loweri = lowerd->d_inode;
797 struct shiftfs_super_info *info = path->dentry->d_sb->s_fs_info;
798 struct path newpath = { .mnt = info->mnt, .dentry = lowerd };
799 struct user_namespace *from_ns = loweri->i_sb->s_user_ns;
800 struct user_namespace *to_ns = inode->i_sb->s_user_ns;
801 const struct cred *oldcred;
802 int err;
803
804 oldcred = shiftfs_override_creds(inode->i_sb);
805 err = vfs_getattr(&newpath, stat, request_mask, query_flags);
806 revert_creds(oldcred);
aa269008
JB		 807
808 if (err)
809 return err;
810
811 /* transform the underlying id */
3ded6d6b
CB		 812 stat->uid = shift_kuid(from_ns, to_ns, stat->uid);
813 stat->gid = shift_kgid(from_ns, to_ns, stat->gid);
aa269008
JB		 814 return 0;
815}
816
3ded6d6b 817#ifdef CONFIG_SHIFT_FS_POSIX_ACL
aa269008 818
3ded6d6b
CB		 819static int
820shift_acl_ids(struct user_namespace *from, struct user_namespace *to,
821 struct posix_acl *acl)
aa269008 822{
3ded6d6b
CB		 823 int i;
824
825 for (i = 0; i < acl->a_count; i++) {
826 struct posix_acl_entry *e = &acl->a_entries[i];
827 switch(e->e_tag) {
828 case ACL_USER:
829 e->e_uid = shift_kuid(from, to, e->e_uid);
830 if (!uid_valid(e->e_uid))
831 return -EOVERFLOW;
832 break;
833 case ACL_GROUP:
834 e->e_gid = shift_kgid(from, to, e->e_gid);
835 if (!gid_valid(e->e_gid))
836 return -EOVERFLOW;
837 break;
838 }
839 }
840 return 0;
841}
aa269008 842
3ded6d6b
CB		 843static void
844shift_acl_xattr_ids(struct user_namespace *from, struct user_namespace *to,
845 void *value, size_t size)
846{
847 struct posix_acl_xattr_header *header = value;
848 struct posix_acl_xattr_entry *entry = (void *)(header + 1), *end;
849 int count;
850 kuid_t kuid;
851 kgid_t kgid;
aa269008 852
3ded6d6b
CB		 853 if (!value)
854 return;
855 if (size < sizeof(struct posix_acl_xattr_header))
856 return;
857 if (header->a_version != cpu_to_le32(POSIX_ACL_XATTR_VERSION))
858 return;
aa269008 859
3ded6d6b
CB		 860 count = posix_acl_xattr_count(size);
861 if (count < 0)
862 return;
863 if (count == 0)
864 return;
aa269008 865
3ded6d6b
CB		 866 for (end = entry + count; entry != end; entry++) {
867 switch(le16_to_cpu(entry->e_tag)) {
868 case ACL_USER:
869 kuid = make_kuid(&init_user_ns, le32_to_cpu(entry->e_id));
870 kuid = shift_kuid(from, to, kuid);
871 entry->e_id = cpu_to_le32(from_kuid(&init_user_ns, kuid));
872 break;
873 case ACL_GROUP:
874 kgid = make_kgid(&init_user_ns, le32_to_cpu(entry->e_id));
875 kgid = shift_kgid(from, to, kgid);
876 entry->e_id = cpu_to_le32(from_kgid(&init_user_ns, kgid));
877 break;
878 default:
879 break;
880 }
881 }
aa269008
JB		 882}
883
3ded6d6b 884static struct posix_acl *shiftfs_get_acl(struct inode *inode, int type)
aa269008 885{
3ded6d6b
CB		 886 struct inode *loweri = inode->i_private;
887 const struct cred *oldcred;
888 struct posix_acl *lower_acl, *acl = NULL;
889 struct user_namespace *from_ns = loweri->i_sb->s_user_ns;
890 struct user_namespace *to_ns = inode->i_sb->s_user_ns;
891 int size;
892 int err;
aa269008 893
3ded6d6b
CB		 894 if (!IS_POSIXACL(loweri))
895 return NULL;
aa269008 896
3ded6d6b
CB		 897 oldcred = shiftfs_override_creds(inode->i_sb);
898 lower_acl = get_acl(loweri, type);
899 revert_creds(oldcred);
aa269008 900
3ded6d6b
CB		 901 if (lower_acl && !IS_ERR(lower_acl)) {
902 /* XXX: export posix_acl_clone? */
903 size = sizeof(struct posix_acl) +
904 lower_acl->a_count * sizeof(struct posix_acl_entry);
905 acl = kmemdup(lower_acl, size, GFP_KERNEL);
906 posix_acl_release(lower_acl);
aa269008 907
3ded6d6b
CB		 908 if (!acl)
909 return ERR_PTR(-ENOMEM);
aa269008 910
3ded6d6b 911 refcount_set(&acl->a_refcount, 1);
aa269008 912
3ded6d6b
CB		 913 err = shift_acl_ids(from_ns, to_ns, acl);
914 if (err) {
915 kfree(acl);
916 return ERR_PTR(err);
917 }
918 }
919
920 return acl;
aa269008
JB		 921}
922
3ded6d6b
CB		 923static int
924shiftfs_posix_acl_xattr_get(const struct xattr_handler *handler,
925 struct dentry *dentry, struct inode *inode,
926 const char *name, void *buffer, size_t size)
aa269008 927{
3ded6d6b
CB		 928 struct inode *loweri = inode->i_private;
929 int ret;
930
931 ret = shiftfs_xattr_get(NULL, dentry, inode, handler->name,
932 buffer, size);
933 if (ret < 0)
934 return ret;
aa269008 935
3ded6d6b
CB		 936 inode_lock(loweri);
937 shift_acl_xattr_ids(loweri->i_sb->s_user_ns, inode->i_sb->s_user_ns,
938 buffer, size);
939 inode_unlock(loweri);
940 return ret;
aa269008
JB		 941}
942
3ded6d6b
CB		 943static int
944shiftfs_posix_acl_xattr_set(const struct xattr_handler *handler,
945 struct dentry *dentry, struct inode *inode,
946 const char *name, const void *value,
947 size_t size, int flags)
948{
949 struct inode *loweri = inode->i_private;
950 int err;
aa269008 951
3ded6d6b
CB		 952 if (!IS_POSIXACL(loweri) || !loweri->i_op->set_acl)
953 return -EOPNOTSUPP;
954 if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
955 return value ? -EACCES : 0;
956 if (!inode_owner_or_capable(inode))
957 return -EPERM;
958
959 if (value) {
960 shift_acl_xattr_ids(inode->i_sb->s_user_ns,
961 loweri->i_sb->s_user_ns,
962 (void *)value, size);
963 err = shiftfs_setxattr(dentry, inode, handler->name, value,
964 size, flags);
965 } else {
966 err = shiftfs_removexattr(dentry, handler->name);
967 }
aa269008 968
3ded6d6b
CB		 969 if (!err)
970 shiftfs_copyattr(loweri, inode);
971
972 return err;
973}
974
975static const struct xattr_handler
976shiftfs_posix_acl_access_xattr_handler = {
977 .name = XATTR_NAME_POSIX_ACL_ACCESS,
978 .flags = ACL_TYPE_ACCESS,
979 .get = shiftfs_posix_acl_xattr_get,
980 .set = shiftfs_posix_acl_xattr_set,
aa269008
JB		 981};
982
3ded6d6b
CB		 983static const struct xattr_handler
984shiftfs_posix_acl_default_xattr_handler = {
985 .name = XATTR_NAME_POSIX_ACL_DEFAULT,
986 .flags = ACL_TYPE_DEFAULT,
987 .get = shiftfs_posix_acl_xattr_get,
988 .set = shiftfs_posix_acl_xattr_set,
aa269008
JB		 989};
990
3ded6d6b 991#else /* !CONFIG_SHIFT_FS_POSIX_ACL */
aa269008 992
3ded6d6b 993#define shiftfs_get_acl NULL
aa269008 994
3ded6d6b 995#endif /* CONFIG_SHIFT_FS_POSIX_ACL */
aa269008 996
3ded6d6b
CB		 997static const struct inode_operations shiftfs_dir_inode_operations = {
998 .lookup = shiftfs_lookup,
999 .mkdir = shiftfs_mkdir,
1000 .symlink = shiftfs_symlink,
1001 .unlink = shiftfs_unlink,
1002 .rmdir = shiftfs_rmdir,
1003 .rename = shiftfs_rename,
1004 .link = shiftfs_link,
1005 .setattr = shiftfs_setattr,
1006 .create = shiftfs_create,
1007 .mknod = shiftfs_mknod,
1008 .permission = shiftfs_permission,
1009 .getattr = shiftfs_getattr,
1010 .listxattr = shiftfs_listxattr,
1011 .get_acl = shiftfs_get_acl,
1012};
1013
1014static const struct inode_operations shiftfs_file_inode_operations = {
1015 .fiemap = shiftfs_fiemap,
1016 .getattr = shiftfs_getattr,
1017 .get_acl = shiftfs_get_acl,
1018 .listxattr = shiftfs_listxattr,
1019 .permission = shiftfs_permission,
1020 .setattr = shiftfs_setattr,
1021 .tmpfile = shiftfs_tmpfile,
1022};
1023
1024static const struct inode_operations shiftfs_special_inode_operations = {
1025 .getattr = shiftfs_getattr,
1026 .get_acl = shiftfs_get_acl,
1027 .listxattr = shiftfs_listxattr,
1028 .permission = shiftfs_permission,
1029 .setattr = shiftfs_setattr,
1030};
1031
1032static const struct inode_operations shiftfs_symlink_inode_operations = {
1033 .getattr = shiftfs_getattr,
1034 .get_link = shiftfs_get_link,
1035 .listxattr = shiftfs_listxattr,
1036 .setattr = shiftfs_setattr,
1037};
1038
1039static struct file *shiftfs_open_realfile(const struct file *file,
1040 struct path *realpath)
1041{
1042 struct file *lowerf;
1043 const struct cred *oldcred;
1044 struct inode *inode = file_inode(file);
1045 struct inode *loweri = realpath->dentry->d_inode;
1046 struct shiftfs_super_info *info = inode->i_sb->s_fs_info;
1047
1048 oldcred = shiftfs_override_creds(inode->i_sb);
1049 /* XXX: open_with_fake_path() not gauranteed to stay around, if
1050 * removed use dentry_open() */
1051 lowerf = open_with_fake_path(realpath, file->f_flags, loweri, info->creator_cred);
1052 revert_creds(oldcred);
1053
1054 return lowerf;
1055}
1056
1057#define SHIFTFS_SETFL_MASK (O_APPEND | O_NONBLOCK | O_NDELAY | O_DIRECT)
1058
1059static int shiftfs_change_flags(struct file *file, unsigned int flags)
1060{
1061 struct inode *inode = file_inode(file);
1062 int err;
1063
1064 /* if some flag changed that cannot be changed then something's amiss */
1065 if (WARN_ON((file->f_flags ^ flags) & ~SHIFTFS_SETFL_MASK))
1066 return -EIO;
1067
1068 flags &= SHIFTFS_SETFL_MASK;
1069
1070 if (((flags ^ file->f_flags) & O_APPEND) && IS_APPEND(inode))
1071 return -EPERM;
1072
1073 if (flags & O_DIRECT) {
1074 if (!file->f_mapping->a_ops ||
1075 !file->f_mapping->a_ops->direct_IO)
1076 return -EINVAL;
1077 }
1078
1079 if (file->f_op->check_flags) {
1080 err = file->f_op->check_flags(flags);
1081 if (err)
1082 return err;
1083 }
1084
1085 spin_lock(&file->f_lock);
1086 file->f_flags = (file->f_flags & ~SHIFTFS_SETFL_MASK) | flags;
1087 spin_unlock(&file->f_lock);
1088
1089 return 0;
1090}
1091
1092static int shiftfs_real_fdget(const struct file *file, struct fd *lowerfd)
1093{
1094 struct shiftfs_file_info *file_info = file->private_data;
1095 struct file *realfile = file_info->realfile;
1096
1097 lowerfd->flags = 0;
1098 lowerfd->file = realfile;
1099
1100 /* Did the flags change since open? */
1101 if (unlikely(file->f_flags & ~lowerfd->file->f_flags))
1102 return shiftfs_change_flags(lowerfd->file, file->f_flags);
1103
1104 return 0;
1105}
1106
1107static int shiftfs_open(struct inode *inode, struct file *file)
1108{
1109 struct shiftfs_super_info *ssi = inode->i_sb->s_fs_info;
1110 struct shiftfs_file_info *file_info;
1111 struct file *realfile;
1112 struct path *realpath;
1113
1114 file_info = kmem_cache_zalloc(shiftfs_file_info_cache, GFP_KERNEL);
1115 if (!file_info)
1116 return -ENOMEM;
1117
1118 realpath = &file_info->realpath;
1119 realpath->mnt = ssi->mnt;
1120 realpath->dentry = file->f_path.dentry->d_fsdata;
1121
1122 realfile = shiftfs_open_realfile(file, realpath);
1123 if (IS_ERR(realfile)) {
1124 kmem_cache_free(shiftfs_file_info_cache, file_info);
1125 return PTR_ERR(realfile);
1126 }
1127
1128 file->private_data = file_info;
1129 file_info->realfile = realfile;
1130 return 0;
1131}
1132
1133static int shiftfs_release(struct inode *inode, struct file *file)
1134{
1135 struct shiftfs_file_info *file_info = file->private_data;
1136
1137 if (file_info) {
1138 if (file_info->realfile)
1139 fput(file_info->realfile);
1140
1141 kmem_cache_free(shiftfs_file_info_cache, file_info);
1142 }
1143
1144 return 0;
1145}
1146
1147static loff_t shiftfs_llseek(struct file *file, loff_t offset, int whence)
1148{
1149 struct inode *realinode = file_inode(file)->i_private;
1150
1151 return generic_file_llseek_size(file, offset, whence,
1152 realinode->i_sb->s_maxbytes,
1153 i_size_read(realinode));
1154}
1155
1156/* XXX: Need to figure out what to to about atime updates, maybe other
1157 * timestamps too ... ref. ovl_file_accessed() */
1158
1159static rwf_t shiftfs_iocb_to_rwf(struct kiocb *iocb)
1160{
1161 int ifl = iocb->ki_flags;
1162 rwf_t flags = 0;
1163
1164 if (ifl & IOCB_NOWAIT)
1165 flags |= RWF_NOWAIT;
1166 if (ifl & IOCB_HIPRI)
1167 flags |= RWF_HIPRI;
1168 if (ifl & IOCB_DSYNC)
1169 flags |= RWF_DSYNC;
1170 if (ifl & IOCB_SYNC)
1171 flags |= RWF_SYNC;
1172
1173 return flags;
1174}
1175
1176static ssize_t shiftfs_read_iter(struct kiocb *iocb, struct iov_iter *iter)
1177{
1178 struct file *file = iocb->ki_filp;
1179 struct fd lowerfd;
1180 const struct cred *oldcred;
1181 ssize_t ret;
1182
1183 if (!iov_iter_count(iter))
1184 return 0;
1185
1186 ret = shiftfs_real_fdget(file, &lowerfd);
1187 if (ret)
1188 return ret;
1189
1190 oldcred = shiftfs_override_creds(file->f_path.dentry->d_sb);
1191 ret = vfs_iter_read(lowerfd.file, iter, &iocb->ki_pos,
1192 shiftfs_iocb_to_rwf(iocb));
1193 revert_creds(oldcred);
1194
1195 shiftfs_file_accessed(file);
1196
1197 fdput(lowerfd);
1198 return ret;
1199}
1200
1201static ssize_t shiftfs_write_iter(struct kiocb *iocb, struct iov_iter *iter)
1202{
1203 struct file *file = iocb->ki_filp;
1204 struct inode *inode = file_inode(file);
1205 struct fd lowerfd;
1206 const struct cred *oldcred;
1207 ssize_t ret;
1208
1209 if (!iov_iter_count(iter))
1210 return 0;
1211
1212 inode_lock(inode);
1213 /* Update mode */
1214 shiftfs_copyattr(inode->i_private, inode);
1215 ret = file_remove_privs(file);
1216 if (ret)
1217 goto out_unlock;
1218
1219 ret = shiftfs_real_fdget(file, &lowerfd);
1220 if (ret)
1221 goto out_unlock;
1222
1223 oldcred = shiftfs_override_creds(file->f_path.dentry->d_sb);
1224 file_start_write(lowerfd.file);
1225 ret = vfs_iter_write(lowerfd.file, iter, &iocb->ki_pos,
1226 shiftfs_iocb_to_rwf(iocb));
1227 file_end_write(lowerfd.file);
1228 revert_creds(oldcred);
1229
1230 /* Update size */
1231 shiftfs_copyattr(inode->i_private, inode);
1232
1233 fdput(lowerfd);
1234
1235out_unlock:
1236 inode_unlock(inode);
1237 return ret;
1238}
1239
1240static int shiftfs_fsync(struct file *file, loff_t start, loff_t end,
1241 int datasync)
1242{
1243 struct fd lowerfd;
1244 const struct cred *oldcred;
1245 int ret;
1246
1247 ret = shiftfs_real_fdget(file, &lowerfd);
1248 if (ret)
1249 return ret;
1250
1251 oldcred = shiftfs_override_creds(file->f_path.dentry->d_sb);
1252 ret = vfs_fsync_range(lowerfd.file, start, end, datasync);
1253 revert_creds(oldcred);
1254
1255 fdput(lowerfd);
1256 return ret;
1257}
1258
1259static int shiftfs_mmap(struct file *file, struct vm_area_struct *vma)
1260{
1261 struct shiftfs_file_info *file_info = file->private_data;
1262 struct file *realfile = file_info->realfile;
1263 const struct cred *oldcred;
1264 int ret;
1265
1266 if (!realfile->f_op->mmap)
1267 return -ENODEV;
1268
1269 if (WARN_ON(file != vma->vm_file))
1270 return -EIO;
1271
1272 oldcred = shiftfs_override_creds(file->f_path.dentry->d_sb);
1273 vma->vm_file = get_file(realfile);
1274 ret = call_mmap(vma->vm_file, vma);
1275 revert_creds(oldcred);
1276
1277 shiftfs_file_accessed(file);
1278
1279 if (ret)
1280 fput(realfile); /* Drop refcount from new vm_file value */
1281 else
1282 fput(file); /* Drop refcount from previous vm_file value */
1283
1284 return ret;
1285}
1286
1287static long shiftfs_fallocate(struct file *file, int mode, loff_t offset,
1288 loff_t len)
1289{
1290 struct inode *inode = file_inode(file);
1291 struct inode *loweri = inode->i_private;
1292 struct fd lowerfd;
1293 const struct cred *oldcred;
1294 int ret;
1295
1296 ret = shiftfs_real_fdget(file, &lowerfd);
1297 if (ret)
1298 return ret;
1299
1300 oldcred = shiftfs_override_creds(file->f_path.dentry->d_sb);
1301 ret = vfs_fallocate(lowerfd.file, mode, offset, len);
1302 revert_creds(oldcred);
1303
1304 /* Update size */
1305 shiftfs_copyattr(loweri, inode);
1306
1307 fdput(lowerfd);
1308 return ret;
1309}
1310
1311static int shiftfs_fadvise(struct file *file, loff_t offset, loff_t len,
1312 int advice)
1313{
1314 struct fd lowerfd;
1315 const struct cred *oldcred;
1316 int ret;
1317
1318 ret = shiftfs_real_fdget(file, &lowerfd);
1319 if (ret)
1320 return ret;
1321
1322 oldcred = shiftfs_override_creds(file->f_path.dentry->d_sb);
1323 ret = vfs_fadvise(lowerfd.file, offset, len, advice);
1324 revert_creds(oldcred);
1325
1326 fdput(lowerfd);
1327 return ret;
1328}
1329
1330static int shiftfs_override_ioctl_creds(const struct super_block *sb,
1331 const struct cred **oldcred,
1332 struct cred **newcred)
1333{
1334 kuid_t fsuid = current_fsuid();
1335 kgid_t fsgid = current_fsgid();
1336
1337 *oldcred = shiftfs_override_creds(sb);
1338
1339 *newcred = prepare_creds();
1340 if (!*newcred) {
1341 revert_creds(*oldcred);
1342 return -ENOMEM;
1343 }
1344
1345 (*newcred)->fsuid = KUIDT_INIT(from_kuid(sb->s_user_ns, fsuid));
1346 (*newcred)->fsgid = KGIDT_INIT(from_kgid(sb->s_user_ns, fsgid));
1347
1348 /* clear all caps to prevent bypassing capable() checks */
1349 cap_clear((*newcred)->cap_bset);
1350 cap_clear((*newcred)->cap_effective);
1351 cap_clear((*newcred)->cap_inheritable);
1352 cap_clear((*newcred)->cap_permitted);
1353
1354 put_cred(override_creds(*newcred));
1355 return 0;
1356}
1357
1358static inline void shiftfs_revert_ioctl_creds(const struct cred *oldcred,
1359 struct cred *newcred)
1360{
1361 return shiftfs_revert_object_creds(oldcred, newcred);
1362}
1363
88f5bff3
CB		 1364static inline bool is_btrfs_snap_ioctl(int cmd)
1365{
1366 if ((cmd == BTRFS_IOC_SNAP_CREATE) || (cmd == BTRFS_IOC_SNAP_CREATE_V2))
1367 return true;
1368
1369 return false;
1370}
1371
1372static int shiftfs_btrfs_ioctl_fd_restore(int cmd, struct fd lfd, int fd,
1373 void __user *arg,
1374 struct btrfs_ioctl_vol_args *v1,
1375 struct btrfs_ioctl_vol_args_v2 *v2)
1376{
1377 int ret;
1378
1379 if (!is_btrfs_snap_ioctl(cmd))
1380 return 0;
1381
1382 if (cmd == BTRFS_IOC_SNAP_CREATE)
1383 ret = copy_to_user(arg, v1, sizeof(*v1));
1384 else
1385 ret = copy_to_user(arg, v2, sizeof(*v2));
1386
1387 fdput(lfd);
1388 __close_fd(current->files, fd);
1389 kfree(v1);
1390 kfree(v2);
1391
1392 return ret;
1393}
1394
1395static int shiftfs_btrfs_ioctl_fd_replace(int cmd, void __user *arg,
1396 struct btrfs_ioctl_vol_args **b1,
1397 struct btrfs_ioctl_vol_args_v2 **b2,
1398 struct fd *lfd,
1399 int *newfd)
1400{
1401 int oldfd, ret;
1402 struct fd src;
1403 struct btrfs_ioctl_vol_args *v1 = NULL;
1404 struct btrfs_ioctl_vol_args_v2 *v2 = NULL;
1405
1406 if (!is_btrfs_snap_ioctl(cmd))
1407 return 0;
1408
1409 if (cmd == BTRFS_IOC_SNAP_CREATE) {
1410 v1 = memdup_user(arg, sizeof(*v1));
1411 if (IS_ERR(v1))
1412 return PTR_ERR(v1);
1413 oldfd = v1->fd;
1414 *b1 = v1;
1415 } else {
1416 v2 = memdup_user(arg, sizeof(*v2));
1417 if (IS_ERR(v2))
1418 return PTR_ERR(v2);
1419 oldfd = v2->fd;
1420 *b2 = v2;
1421 }
1422
1423 src = fdget(oldfd);
1424 if (!src.file)
1425 return -EINVAL;
1426
1427 ret = shiftfs_real_fdget(src.file, lfd);
1428 fdput(src);
1429 if (ret)
1430 return ret;
1431
1432 *newfd = get_unused_fd_flags(lfd->file->f_flags);
1433 if (*newfd < 0) {
1434 fdput(*lfd);
1435 return *newfd;
1436 }
1437
1438 fd_install(*newfd, lfd->file);
1439
1440 if (cmd == BTRFS_IOC_SNAP_CREATE) {
1441 v1->fd = *newfd;
1442 ret = copy_to_user(arg, v1, sizeof(*v1));
1443 v1->fd = oldfd;
1444 } else {
1445 v2->fd = *newfd;
1446 ret = copy_to_user(arg, v2, sizeof(*v2));
1447 v2->fd = oldfd;
1448 }
1449
1450 if (ret)
1451 shiftfs_btrfs_ioctl_fd_restore(cmd, *lfd, *newfd, arg, v1, v2);
1452
1453 return ret;
1454}
1455
3ded6d6b
CB		 1456static long shiftfs_real_ioctl(struct file *file, unsigned int cmd,
1457 unsigned long arg)
1458{
3ded6d6b
CB		 1459 struct fd lowerfd;
1460 struct cred *newcred;
1461 const struct cred *oldcred;
88f5bff3
CB		 1462 int newfd = -EBADF;
1463 long err = 0, ret = 0;
1464 void __user *argp = (void __user *)arg;
1465 struct fd btrfs_lfd = {};
3ded6d6b 1466 struct super_block *sb = file->f_path.dentry->d_sb;
88f5bff3
CB		 1467 struct btrfs_ioctl_vol_args *btrfs_v1 = NULL;
1468 struct btrfs_ioctl_vol_args_v2 *btrfs_v2 = NULL;
1469
1470 ret = shiftfs_btrfs_ioctl_fd_replace(cmd, argp, &btrfs_v1, &btrfs_v2,
1471 &btrfs_lfd, &newfd);
1472 if (ret < 0)
1473 return ret;
3ded6d6b
CB		 1474
1475 ret = shiftfs_real_fdget(file, &lowerfd);
1476 if (ret)
88f5bff3 1477 goto out_restore;
3ded6d6b
CB		 1478
1479 ret = shiftfs_override_ioctl_creds(sb, &oldcred, &newcred);
1480 if (ret)
1481 goto out_fdput;
1482
1483 ret = vfs_ioctl(lowerfd.file, cmd, arg);
1484
1485 shiftfs_revert_ioctl_creds(oldcred, newcred);
1486
1487 shiftfs_copyattr(file_inode(lowerfd.file), file_inode(file));
1488 shiftfs_copyflags(file_inode(lowerfd.file), file_inode(file));
1489
1490out_fdput:
1491 fdput(lowerfd);
1492
88f5bff3
CB		 1493out_restore:
1494 err = shiftfs_btrfs_ioctl_fd_restore(cmd, btrfs_lfd, newfd, argp,
1495 btrfs_v1, btrfs_v2);
1496 if (!ret)
1497 ret = err;
1498
3ded6d6b
CB		 1499 return ret;
1500}
1501
88f5bff3
CB		 1502static bool in_ioctl_whitelist(int flag)
1503{
1504 switch (flag) {
1505 case BTRFS_IOC_SNAP_CREATE:
1506 return true;
1507 case BTRFS_IOC_SNAP_CREATE_V2:
1508 return true;
1509 case BTRFS_IOC_SUBVOL_CREATE:
1510 return true;
1511 case BTRFS_IOC_SUBVOL_CREATE_V2:
1512 return true;
1513 case BTRFS_IOC_SNAP_DESTROY:
1514 return true;
1515 }
1516
1517 return false;
1518}
1519
3ded6d6b
CB		 1520static long shiftfs_ioctl(struct file *file, unsigned int cmd,
1521 unsigned long arg)
1522{
1523 switch (cmd) {
1524 case FS_IOC_GETVERSION:
1525 /* fall through */
1526 case FS_IOC_GETFLAGS:
1527 /* fall through */
1528 case FS_IOC_SETFLAGS:
1529 break;
1530 default:
88f5bff3
CB		 1531 if (!in_ioctl_whitelist(cmd) ||
1532 !shiftfs_passthrough_ioctls(file->f_path.dentry->d_sb->s_fs_info))
1533 return -ENOTTY;
3ded6d6b
CB		 1534 }
1535
1536 return shiftfs_real_ioctl(file, cmd, arg);
1537}
1538
1539static long shiftfs_compat_ioctl(struct file *file, unsigned int cmd,
1540 unsigned long arg)
1541{
1542 switch (cmd) {
1543 case FS_IOC32_GETVERSION:
1544 /* fall through */
1545 case FS_IOC32_GETFLAGS:
1546 /* fall through */
1547 case FS_IOC32_SETFLAGS:
1548 break;
1549 default:
88f5bff3
CB		 1550 if (!in_ioctl_whitelist(cmd) ||
1551 !shiftfs_passthrough_ioctls(file->f_path.dentry->d_sb->s_fs_info))
1552 return -ENOIOCTLCMD;
3ded6d6b
CB		 1553 }
1554
1555 return shiftfs_real_ioctl(file, cmd, arg);
1556}
1557
1558enum shiftfs_copyop {
1559 SHIFTFS_COPY,
1560 SHIFTFS_CLONE,
1561 SHIFTFS_DEDUPE,
1562};
1563
1564static ssize_t shiftfs_copyfile(struct file *file_in, loff_t pos_in,
1565 struct file *file_out, loff_t pos_out, u64 len,
1566 unsigned int flags, enum shiftfs_copyop op)
1567{
1568 ssize_t ret;
1569 struct fd real_in, real_out;
1570 const struct cred *oldcred;
1571 struct inode *inode_out = file_inode(file_out);
1572 struct inode *loweri = inode_out->i_private;
1573
1574 ret = shiftfs_real_fdget(file_out, &real_out);
1575 if (ret)
1576 return ret;
1577
1578 ret = shiftfs_real_fdget(file_in, &real_in);
1579 if (ret) {
1580 fdput(real_out);
1581 return ret;
1582 }
1583
1584 oldcred = shiftfs_override_creds(inode_out->i_sb);
1585 switch (op) {
1586 case SHIFTFS_COPY:
1587 ret = vfs_copy_file_range(real_in.file, pos_in, real_out.file,
1588 pos_out, len, flags);
1589 break;
1590
1591 case SHIFTFS_CLONE:
1592 ret = vfs_clone_file_range(real_in.file, pos_in, real_out.file,
1593 pos_out, len, flags);
1594 break;
1595
1596 case SHIFTFS_DEDUPE:
1597 ret = vfs_dedupe_file_range_one(real_in.file, pos_in,
1598 real_out.file, pos_out, len,
1599 flags);
1600 break;
1601 }
1602 revert_creds(oldcred);
1603
1604 /* Update size */
1605 shiftfs_copyattr(loweri, inode_out);
1606
1607 fdput(real_in);
1608 fdput(real_out);
1609
1610 return ret;
1611}
1612
1613static ssize_t shiftfs_copy_file_range(struct file *file_in, loff_t pos_in,
1614 struct file *file_out, loff_t pos_out,
1615 size_t len, unsigned int flags)
1616{
1617 return shiftfs_copyfile(file_in, pos_in, file_out, pos_out, len, flags,
1618 SHIFTFS_COPY);
1619}
1620
1621static loff_t shiftfs_remap_file_range(struct file *file_in, loff_t pos_in,
1622 struct file *file_out, loff_t pos_out,
1623 loff_t len, unsigned int remap_flags)
1624{
1625 enum shiftfs_copyop op;
1626
1627 if (remap_flags & ~(REMAP_FILE_DEDUP | REMAP_FILE_ADVISORY))
1628 return -EINVAL;
1629
1630 if (remap_flags & REMAP_FILE_DEDUP)
1631 op = SHIFTFS_DEDUPE;
1632 else
1633 op = SHIFTFS_CLONE;
1634
1635 return shiftfs_copyfile(file_in, pos_in, file_out, pos_out, len,
1636 remap_flags, op);
1637}
1638
1639static int shiftfs_iterate_shared(struct file *file, struct dir_context *ctx)
1640{
1641 const struct cred *oldcred;
1642 int err = -ENOTDIR;
1643 struct shiftfs_file_info *file_info = file->private_data;
1644 struct file *realfile = file_info->realfile;
1645
1646 oldcred = shiftfs_override_creds(file->f_path.dentry->d_sb);
1647 err = iterate_dir(realfile, ctx);
1648 revert_creds(oldcred);
1649
1650 return err;
1651}
1652
1653const struct file_operations shiftfs_file_operations = {
1654 .open = shiftfs_open,
1655 .release = shiftfs_release,
1656 .llseek = shiftfs_llseek,
1657 .read_iter = shiftfs_read_iter,
1658 .write_iter = shiftfs_write_iter,
1659 .fsync = shiftfs_fsync,
1660 .mmap = shiftfs_mmap,
1661 .fallocate = shiftfs_fallocate,
1662 .fadvise = shiftfs_fadvise,
1663 .unlocked_ioctl = shiftfs_ioctl,
1664 .compat_ioctl = shiftfs_compat_ioctl,
1665 .copy_file_range = shiftfs_copy_file_range,
1666 .remap_file_range = shiftfs_remap_file_range,
1667};
1668
1669const struct file_operations shiftfs_dir_operations = {
1670 .compat_ioctl = shiftfs_compat_ioctl,
1671 .fsync = shiftfs_fsync,
1672 .iterate_shared = shiftfs_iterate_shared,
1673 .llseek = shiftfs_llseek,
1674 .open = shiftfs_open,
1675 .read = generic_read_dir,
1676 .release = shiftfs_release,
1677 .unlocked_ioctl = shiftfs_ioctl,
1678};
1679
1680static const struct address_space_operations shiftfs_aops = {
1681 /* For O_DIRECT dentry_open() checks f_mapping->a_ops->direct_IO */
1682 .direct_IO = noop_direct_IO,
1683};
1684
1685static void shiftfs_fill_inode(struct inode *inode, unsigned long ino,
1686 umode_t mode, dev_t dev, struct dentry *dentry)
1687{
1688 struct inode *loweri;
1689
1690 inode->i_ino = ino;
1691 inode->i_flags |= S_NOCMTIME;
1692
1693 mode &= S_IFMT;
1694 inode->i_mode = mode;
1695 switch (mode & S_IFMT) {
1696 case S_IFDIR:
1697 inode->i_op = &shiftfs_dir_inode_operations;
1698 inode->i_fop = &shiftfs_dir_operations;
1699 break;
1700 case S_IFLNK:
1701 inode->i_op = &shiftfs_symlink_inode_operations;
1702 break;
1703 case S_IFREG:
1704 inode->i_op = &shiftfs_file_inode_operations;
1705 inode->i_fop = &shiftfs_file_operations;
1706 inode->i_mapping->a_ops = &shiftfs_aops;
1707 break;
1708 default:
1709 inode->i_op = &shiftfs_special_inode_operations;
1710 init_special_inode(inode, mode, dev);
1711 break;
1712 }
1713
1714 if (!dentry)
1715 return;
1716
1717 loweri = dentry->d_inode;
1718 if (!loweri->i_op->get_link)
1719 inode->i_opflags |= IOP_NOFOLLOW;
1720
1721 shiftfs_copyattr(loweri, inode);
1722 shiftfs_copyflags(loweri, inode);
1723 set_nlink(inode, loweri->i_nlink);
1724}
1725
1726static int shiftfs_show_options(struct seq_file *m, struct dentry *dentry)
1727{
1728 struct super_block *sb = dentry->d_sb;
1729 struct shiftfs_super_info *sbinfo = sb->s_fs_info;
1730
1731 if (sbinfo->mark)
1732 seq_show_option(m, "mark", NULL);
1733
1734 if (sbinfo->passthrough)
1735 seq_printf(m, ",passthrough=%u", sbinfo->passthrough);
1736
1737 return 0;
1738}
1739
1740static int shiftfs_statfs(struct dentry *dentry, struct kstatfs *buf)
1741{
1742 struct super_block *sb = dentry->d_sb;
1743 struct shiftfs_super_info *sbinfo = sb->s_fs_info;
1744 struct dentry *root = sb->s_root;
1745 struct dentry *realroot = root->d_fsdata;
1746 struct path realpath = { .mnt = sbinfo->mnt, .dentry = realroot };
1747 int err;
1748
1749 err = vfs_statfs(&realpath, buf);
aa269008 1750 if (err)
3ded6d6b 1751 return err;
aa269008 1752
3ded6d6b
CB		 1753 if (!shiftfs_passthrough_statfs(sbinfo))
1754 buf->f_type = sb->s_magic;
aa269008 1755
3ded6d6b
CB		 1756 return 0;
1757}
aa269008 1758
3ded6d6b
CB		 1759static void shiftfs_evict_inode(struct inode *inode)
1760{
1761 struct inode *loweri = inode->i_private;
1762
1763 clear_inode(inode);
1764
1765 if (loweri)
1766 iput(loweri);
1767}
1768
1769static void shiftfs_put_super(struct super_block *sb)
1770{
1771 struct shiftfs_super_info *sbinfo = sb->s_fs_info;
1772
1773 if (sbinfo) {
1774 mntput(sbinfo->mnt);
1775 put_cred(sbinfo->creator_cred);
1776 kfree(sbinfo);
1777 }
1778}
1779
1780static const struct xattr_handler shiftfs_xattr_handler = {
1781 .prefix = "",
1782 .get = shiftfs_xattr_get,
1783 .set = shiftfs_xattr_set,
1784};
1785
1786const struct xattr_handler *shiftfs_xattr_handlers[] = {
1787#ifdef CONFIG_SHIFT_FS_POSIX_ACL
1788 &shiftfs_posix_acl_access_xattr_handler,
1789 &shiftfs_posix_acl_default_xattr_handler,
1790#endif
1791 &shiftfs_xattr_handler,
1792 NULL
1793};
1794
1795static inline bool passthrough_is_subset(int old_flags, int new_flags)
1796{
1797 if ((new_flags & old_flags) != new_flags)
1798 return false;
1799
1800 return true;
1801}
1802
1803static int shiftfs_remount(struct super_block *sb, int *flags, char *data)
1804{
1805 int err;
1806 struct shiftfs_super_info new = {};
1807 struct shiftfs_super_info *info = sb->s_fs_info;
1808
1809 err = shiftfs_parse_mount_options(&new, data);
aa269008 1810 if (err)
3ded6d6b
CB		 1811 return err;
1812
1813 /* Mark mount option cannot be changed. */
1814 if (info->mark || (info->mark != new.mark))
1815 return -EPERM;
1816
1817 if (info->passthrough != new.passthrough) {
1818 /* Don't allow exceeding passthrough options of mark mount. */
14ba9a56 1819 if (!passthrough_is_subset(info->passthrough_mark,
3ded6d6b
CB		 1820 info->passthrough))
1821 return -EPERM;
1822
1823 info->passthrough = new.passthrough;
1824 }
1825
1826 return 0;
1827}
aa269008 1828
3ded6d6b
CB		 1829static const struct super_operations shiftfs_super_ops = {
1830 .put_super = shiftfs_put_super,
1831 .show_options = shiftfs_show_options,
1832 .statfs = shiftfs_statfs,
1833 .remount_fs = shiftfs_remount,
1834 .evict_inode = shiftfs_evict_inode,
1835};
1836
1837struct shiftfs_data {
1838 void *data;
1839 const char *path;
1840};
1841
1842static int shiftfs_fill_super(struct super_block *sb, void *raw_data,
1843 int silent)
1844{
1845 int err;
1846 struct path path = {};
1847 struct shiftfs_super_info *sbinfo_mp;
1848 char *name = NULL;
1849 struct inode *inode = NULL;
1850 struct dentry *dentry = NULL;
1851 struct shiftfs_data *data = raw_data;
1852 struct shiftfs_super_info *sbinfo = NULL;
1853
1854 if (!data->path)
1855 return -EINVAL;
1856
1857 sb->s_fs_info = kzalloc(sizeof(*sbinfo), GFP_KERNEL);
1858 if (!sb->s_fs_info)
1859 return -ENOMEM;
1860 sbinfo = sb->s_fs_info;
1861
1862 err = shiftfs_parse_mount_options(sbinfo, data->data);
1863 if (err)
1864 return err;
1865
1866 /* to mount a mark, must be userns admin */
1867 if (!sbinfo->mark && !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
1868 return -EPERM;
1869
1870 name = kstrdup(data->path, GFP_KERNEL);
1871 if (!name)
1872 return -ENOMEM;
1873
1874 err = kern_path(name, LOOKUP_FOLLOW, &path);
1875 if (err)
1876 goto out_free_name;
aa269008
JB		 1877
1878 if (!S_ISDIR(path.dentry->d_inode->i_mode)) {
1879 err = -ENOTDIR;
3ded6d6b 1880 goto out_put_path;
aa269008
JB		 1881 }
1882
3ded6d6b
CB		 1883 if (sbinfo->mark) {
1884 struct super_block *lower_sb = path.mnt->mnt_sb;
1885
1886 /* to mark a mount point, must root wrt lower s_user_ns */
1887 if (!ns_capable(lower_sb->s_user_ns, CAP_SYS_ADMIN)) {
1888 err = -EPERM;
1889 goto out_put_path;
1890 }
aa269008 1891
aa269008
JB		 1892 /*
1893 * this part is visible unshifted, so make sure no
1894 * executables that could be used to give suid
1895 * privileges
1896 */
1897 sb->s_iflags = SB_I_NOEXEC;
aa269008
JB		 1898
1899 /*
3ded6d6b
CB		 1900 * Handle nesting of shiftfs mounts by referring this mark
1901 * mount back to the original mark mount. This is more
1902 * efficient and alleviates concerns about stack depth.
aa269008 1903 */
3ded6d6b
CB		 1904 if (lower_sb->s_magic == SHIFTFS_MAGIC) {
1905 sbinfo_mp = lower_sb->s_fs_info;
1906
1907 /* Doesn't make sense to mark a mark mount */
1908 if (sbinfo_mp->mark) {
1909 err = -EINVAL;
1910 goto out_put_path;
1911 }
1912
1913 if (!passthrough_is_subset(sbinfo_mp->passthrough,
1914 sbinfo->passthrough)) {
1915 err = -EPERM;
1916 goto out_put_path;
1917 }
1918
1919 sbinfo->mnt = mntget(sbinfo_mp->mnt);
1920 dentry = dget(path.dentry->d_fsdata);
14ba9a56
CB		 1921 /*
1922 * Copy up the passthrough mount options from the
1923 * parent mark mountpoint.
1924 */
1925 sbinfo->passthrough_mark = sbinfo_mp->passthrough_mark;
3ded6d6b
CB		 1926 } else {
1927 sbinfo->mnt = mntget(path.mnt);
1928 dentry = dget(path.dentry);
14ba9a56
CB		 1929 /*
1930 * For a new mark passthrough_mark and passthrough
1931 * are identical.
1932 */
1933 sbinfo->passthrough_mark = sbinfo->passthrough;
3ded6d6b
CB		 1934 }
1935
1936 sbinfo->creator_cred = prepare_creds();
1937 if (!sbinfo->creator_cred) {
1938 err = -ENOMEM;
1939 goto out_put_path;
1940 }
1941 } else {
1942 /*
1943 * This leg executes if we're admin capable in the namespace,
1944 * so be very careful.
1945 */
1946 err = -EPERM;
aa269008 1947 if (path.dentry->d_sb->s_magic != SHIFTFS_MAGIC)
3ded6d6b
CB		 1948 goto out_put_path;
1949
1950 sbinfo_mp = path.dentry->d_sb->s_fs_info;
1951 if (!sbinfo_mp->mark)
1952 goto out_put_path;
1953
1954 if (!passthrough_is_subset(sbinfo_mp->passthrough,
1955 sbinfo->passthrough))
1956 goto out_put_path;
1957
1958 sbinfo->mnt = mntget(sbinfo_mp->mnt);
1959 sbinfo->creator_cred = get_cred(sbinfo_mp->creator_cred);
aa269008 1960 dentry = dget(path.dentry->d_fsdata);
14ba9a56
CB		 1961 /*
1962 * Copy up passthrough settings from mark mountpoint so we can
1963 * verify when the overlay wants to remount with different
1964 * passthrough settings.
1965 */
1966 sbinfo->passthrough_mark = sbinfo_mp->passthrough;
3ded6d6b
CB		 1967 }
1968
1969 sb->s_stack_depth = dentry->d_sb->s_stack_depth + 1;
1970 if (sb->s_stack_depth > FILESYSTEM_MAX_STACK_DEPTH) {
1971 printk(KERN_ERR "shiftfs: maximum stacking depth exceeded\n");
1972 err = -EINVAL;
1973 goto out_put_path;
1974 }
1975
1976 inode = new_inode(sb);
1977 if (!inode) {
1978 err = -ENOMEM;
1979 goto out_put_path;
aa269008 1980 }
3ded6d6b
CB		 1981 shiftfs_fill_inode(inode, dentry->d_inode->i_ino, S_IFDIR, 0, dentry);
1982
1983 ihold(dentry->d_inode);
1984 inode->i_private = dentry->d_inode;
1985
aa269008
JB		 1986 sb->s_magic = SHIFTFS_MAGIC;
1987 sb->s_op = &shiftfs_super_ops;
1988 sb->s_xattr = shiftfs_xattr_handlers;
1989 sb->s_d_op = &shiftfs_dentry_ops;
3ded6d6b
CB		 1990 sb->s_flags |= SB_POSIXACL;
1991 sb->s_root = d_make_root(inode);
1992 if (!sb->s_root) {
1993 err = -ENOMEM;
1994 goto out_put_path;
1995 }
1996
aa269008 1997 sb->s_root->d_fsdata = dentry;
3ded6d6b
CB		 1998 sbinfo->userns = get_user_ns(dentry->d_sb->s_user_ns);
1999 shiftfs_copyattr(dentry->d_inode, sb->s_root->d_inode);
aa269008 2000
3ded6d6b
CB		 2001 dentry = NULL;
2002 err = 0;
aa269008 2003
3ded6d6b 2004out_put_path:
aa269008 2005 path_put(&path);
3ded6d6b
CB		 2006
2007out_free_name:
aa269008 2008 kfree(name);
3ded6d6b
CB		 2009
2010 dput(dentry);
2011
aa269008
JB		 2012 return err;
2013}
2014
2015static struct dentry *shiftfs_mount(struct file_system_type *fs_type,
2016 int flags, const char *dev_name, void *data)
2017{
2018 struct shiftfs_data d = { data, dev_name };
2019
2020 return mount_nodev(fs_type, flags, &d, shiftfs_fill_super);
2021}
2022
2023static struct file_system_type shiftfs_type = {
2024 .owner = THIS_MODULE,
2025 .name = "shiftfs",
2026 .mount = shiftfs_mount,
2027 .kill_sb = kill_anon_super,
2028 .fs_flags = FS_USERNS_MOUNT,
2029};
2030
2031static int __init shiftfs_init(void)
2032{
3ded6d6b
CB		 2033 shiftfs_file_info_cache = kmem_cache_create(
2034 "shiftfs_file_info_cache", sizeof(struct shiftfs_file_info), 0,
2035 SLAB_HWCACHE_ALIGN | SLAB_ACCOUNT | SLAB_MEM_SPREAD, NULL);
2036 if (!shiftfs_file_info_cache)
2037 return -ENOMEM;
2038
aa269008
JB		 2039 return register_filesystem(&shiftfs_type);
2040}
2041
2042static void __exit shiftfs_exit(void)
2043{
2044 unregister_filesystem(&shiftfs_type);
3ded6d6b 2045 kmem_cache_destroy(shiftfs_file_info_cache);
aa269008
JB		 2046}
2047
2048MODULE_ALIAS_FS("shiftfs");
2049MODULE_AUTHOR("James Bottomley");
3ded6d6b
CB		 2050MODULE_AUTHOR("Seth Forshee <seth.forshee@canonical.com>");
2051MODULE_AUTHOR("Christian Brauner <christian.brauner@ubuntu.com>");
2052MODULE_DESCRIPTION("id shifting filesystem");
aa269008
JB		 2053MODULE_LICENSE("GPL v2");
2054module_init(shiftfs_init)
2055module_exit(shiftfs_exit)
Ubuntu Jammy Linux kernel mirror