Commit 9c630ebe authored by Miklos Szeredi's avatar Miklos Szeredi
Browse files

ovl: simplify permission checking 



The fact that we always do permission checking on the overlay inode and
clear MAY_WRITE for checking access to the lower inode allows cruft to be
removed from ovl_permission().

1) "default_permissions" option effectively did generic_permission() on the
overlay inode with i_mode, i_uid and i_gid updated from underlying
filesystem.  This is what we do by default now.  It did the update using
vfs_getattr() but that's only needed if the underlying filesystem can
change (which is not allowed).  We may later introduce a "paranoia_mode"
that verifies that mode/uid/gid are not changed.

2) splitting out the IS_RDONLY() check from inode_permission() also becomes
unnecessary once we remove the MAY_WRITE from the lower inode check.

Signed-off-by: default avatarMiklos Szeredi <mszeredi@redhat.com>
parent 754f8cb7

fs/overlayfs/inode.c

+1 −45
Original line number Diff line number Diff line
@@ -124,29 +124,6 @@ int ovl_permission(struct inode *inode, int mask) 
	const struct cred *old_cred;

	int err;



	if (ovl_is_default_permissions(inode)) {

		struct kstat stat;

		struct path realpath = { .dentry = realdentry };



		if (mask & MAY_NOT_BLOCK)

			return -ECHILD;



		realpath.mnt = ovl_entry_mnt_real(oe, inode, is_upper);



		err = vfs_getattr(&realpath, &stat);

		if (err)

			return err;



		if ((stat.mode ^ inode->i_mode) & S_IFMT)

			return -ESTALE;



		inode->i_mode = stat.mode;

		inode->i_uid = stat.uid;

		inode->i_gid = stat.gid;



		return generic_permission(inode, mask);

	}



	/* Careful in RCU walk mode */

	realinode = d_inode_rcu(realdentry);

	if (!realinode) {
@@ -154,27 +131,6 @@ int ovl_permission(struct inode *inode, int mask) 
		return -ENOENT;

	}



	if (mask & MAY_WRITE) {

		umode_t mode = realinode->i_mode;



		/*

		 * Writes will always be redirected to upper layer, so

		 * ignore lower layer being read-only.

		 *

		 * If the overlay itself is read-only then proceed

		 * with the permission check, don't return EROFS.

		 * This will only happen if this is the lower layer of

		 * another overlayfs.

		 *

		 * If upper fs becomes read-only after the overlay was

		 * constructed return EROFS to prevent modification of

		 * upper layer.

		 */

		if (is_upper && !IS_RDONLY(inode) && IS_RDONLY(realinode) &&

		    (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)))

			return -EROFS;

	}



	/*

	 * Check overlay inode with the creds of task and underlying inode

	 * with creds of mounter
@@ -186,7 +142,7 @@ int ovl_permission(struct inode *inode, int mask) 
	old_cred = ovl_override_creds(inode->i_sb);

	if (!is_upper)

		mask &= ~(MAY_WRITE | MAY_APPEND);

	err = __inode_permission(realinode, mask);

	err = inode_permission(realinode, mask);

	revert_creds(old_cred);



	return err;

fs/overlayfs/overlayfs.h

+0 −1
Original line number Diff line number Diff line
@@ -146,7 +146,6 @@ struct inode *ovl_inode_real(struct inode *inode); 
struct vfsmount *ovl_entry_mnt_real(struct ovl_entry *oe, struct inode *inode,

				    bool is_upper);

struct ovl_dir_cache *ovl_dir_cache(struct dentry *dentry);

bool ovl_is_default_permissions(struct inode *inode);

void ovl_set_dir_cache(struct dentry *dentry, struct ovl_dir_cache *cache);

struct dentry *ovl_workdir(struct dentry *dentry);

int ovl_want_write(struct dentry *dentry);

fs/overlayfs/super.c

+0 −7
Original line number Diff line number Diff line
@@ -185,13 +185,6 @@ struct ovl_dir_cache *ovl_dir_cache(struct dentry *dentry) 
	return oe->cache;

}



bool ovl_is_default_permissions(struct inode *inode)

{

	struct ovl_fs *ofs = inode->i_sb->s_fs_info;



	return ofs->config.default_permissions;

}



void ovl_set_dir_cache(struct dentry *dentry, struct ovl_dir_cache *cache)

{

	struct ovl_entry *oe = dentry->d_fsdata;

CRA Git | Maintained and supported by SUSTech CRA and CCSE