lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <12013239032119-git-send-email-ezk@cs.sunysb.edu>
Date:	Sat, 26 Jan 2008 00:04:59 -0500
From:	Erez Zadok <ezk@...sunysb.edu>
To:	akpm@...ux-foundation.org
Cc:	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	viro@....linux.org.uk, hch@...radead.org,
	Erez Zadok <ezk@...sunysb.edu>
Subject: [PATCH 1/4] Unionfs: use first writable branch (fix/cleanup)

Cleanup code in ->create, ->symlink, and ->mknod: refactor common code into
helper functions.  Also, this allows writing to multiple branches again,
which was broken by an earlier patch.

Signed-off-by: Erez Zadok <ezk@...sunysb.edu>
---
 fs/unionfs/inode.c |  395 +++++++++++++++++++++-------------------------------
 1 files changed, 156 insertions(+), 239 deletions(-)

diff --git a/fs/unionfs/inode.c b/fs/unionfs/inode.c
index e15ddb9..0b92da2 100644
--- a/fs/unionfs/inode.c
+++ b/fs/unionfs/inode.c
@@ -18,14 +18,159 @@
 
 #include "union.h"
 
+/*
+ * Helper function when creating new objects (create, symlink, and mknod).
+ * Checks to see if there's a whiteout in @lower_dentry's parent directory,
+ * whose name is taken from @dentry.  Then tries to remove that whiteout, if
+ * found.
+ *
+ * Return 0 if no whiteout was found, or if one was found and successfully
+ * removed (a zero tells the caller that @lower_dentry belongs to a good
+ * branch to create the new object in).  Return -ERRNO if an error occurred
+ * during whiteout lookup or in trying to unlink the whiteout.
+ */
+static int check_for_whiteout(struct dentry *dentry,
+			      struct dentry *lower_dentry)
+{
+	int err = 0;
+	struct dentry *wh_dentry = NULL;
+	struct dentry *lower_dir_dentry;
+	char *name = NULL;
+
+	/*
+	 * check if whiteout exists in this branch, i.e. lookup .wh.foo
+	 * first.
+	 */
+	name = alloc_whname(dentry->d_name.name, dentry->d_name.len);
+	if (unlikely(IS_ERR(name))) {
+		err = PTR_ERR(name);
+		goto out;
+	}
+
+	wh_dentry = lookup_one_len(name, lower_dentry->d_parent,
+				   dentry->d_name.len + UNIONFS_WHLEN);
+	if (IS_ERR(wh_dentry)) {
+		err = PTR_ERR(wh_dentry);
+		wh_dentry = NULL;
+		goto out;
+	}
+
+	if (!wh_dentry->d_inode) /* no whiteout exists */
+		goto out;
+
+	/* .wh.foo has been found, so let's unlink it */
+	lower_dir_dentry = lock_parent_wh(wh_dentry);
+	/* see Documentation/filesystems/unionfs/issues.txt */
+	lockdep_off();
+	err = vfs_unlink(lower_dir_dentry->d_inode, wh_dentry);
+	lockdep_on();
+	unlock_dir(lower_dir_dentry);
+
+	/*
+	 * Whiteouts are special files and should be deleted no matter what
+	 * (as if they never existed), in order to allow this create
+	 * operation to succeed.  This is especially important in sticky
+	 * directories: a whiteout may have been created by one user, but
+	 * the newly created file may be created by another user.
+	 * Therefore, in order to maintain Unix semantics, if the vfs_unlink
+	 * above failed, then we have to try to directly unlink the
+	 * whiteout.  Note: in the ODF version of unionfs, whiteout are
+	 * handled much more cleanly.
+	 */
+	if (err == -EPERM) {
+		struct inode *inode = lower_dir_dentry->d_inode;
+		err = inode->i_op->unlink(inode, wh_dentry);
+	}
+	if (err)
+		printk(KERN_ERR "unionfs: could not "
+		       "unlink whiteout, err = %d\n", err);
+
+out:
+	dput(wh_dentry);
+	kfree(name);
+	return err;
+}
+
+/*
+ * Find a writeable branch to create new object in.  Checks all writeble
+ * branches of the parent inode, from istart to iend order; if none are
+ * suitable, also tries branch 0 (which may require a copyup).
+ *
+ * Return a lower_dentry we can use to create object in, or ERR_PTR.
+ */
+static struct dentry *find_writeable_branch(struct inode *parent,
+					    struct dentry *dentry)
+{
+	int err = -EINVAL;
+	int bindex, istart, iend;
+	struct dentry *lower_dentry = NULL;
+
+	istart = ibstart(parent);
+	iend = ibend(parent);
+	if (istart < 0)
+		goto out;
+
+begin:
+	for (bindex = istart; bindex <= iend; bindex++) {
+		/* skip non-writeable branches */
+		err = is_robranch_super(dentry->d_sb, bindex);
+		if (err) {
+			err = -EROFS;
+			continue;
+		}
+		lower_dentry = unionfs_lower_dentry_idx(dentry, bindex);
+		if (!lower_dentry)
+			continue;
+		/*
+		 * check for whiteouts in writeable branch, and remove them
+		 * if necessary.
+		 */
+		err = check_for_whiteout(dentry, lower_dentry);
+		if (err)
+			continue;
+	}
+	/*
+	 * If istart wasn't already branch 0, and we got any error, then try
+	 * branch 0 (which may require copyup)
+	 */
+	if (err && istart > 0) {
+		istart = iend = 0;
+		goto begin;
+	}
+
+	/*
+	 * If we tried even branch 0, and still got an error, abort.  But if
+	 * the error was an EROFS, then we should try to copyup.
+	 */
+	if (err && err != -EROFS)
+		goto out;
+
+	/*
+	 * If we get here, then check if copyup needed.  If lower_dentry is
+	 * NULL, create the entire dentry directory structure in branch 0.
+	 */
+	if (!lower_dentry) {
+		bindex = 0;
+		lower_dentry = create_parents(parent, dentry,
+					      dentry->d_name.name, bindex);
+		if (IS_ERR(lower_dentry)) {
+			err = PTR_ERR(lower_dentry);
+			goto out;
+		}
+	}
+	err = 0;		/* all's well */
+out:
+	if (err)
+		return ERR_PTR(err);
+	return lower_dentry;
+}
+
 static int unionfs_create(struct inode *parent, struct dentry *dentry,
 			  int mode, struct nameidata *nd)
 {
 	int err = 0;
 	struct dentry *lower_dentry = NULL;
-	struct dentry *wh_dentry = NULL;
 	struct dentry *lower_parent_dentry = NULL;
-	char *name = NULL;
 	int valid = 0;
 	struct nameidata lower_nd;
 
@@ -46,89 +191,12 @@ static int unionfs_create(struct inode *parent, struct dentry *dentry,
 	 */
 	BUG_ON(!valid && dentry->d_inode);
 
-	/*
-	 * We shouldn't create things in a read-only branch; this check is a
-	 * bit redundant as we don't allow branch 0 to be read-only at the
-	 * moment
-	 */
-	err = is_robranch_super(dentry->d_sb, 0);
-	if (err) {
-		err = -EROFS;
+	lower_dentry = find_writeable_branch(parent, dentry);
+	if (IS_ERR(lower_dentry)) {
+		err = PTR_ERR(lower_dentry);
 		goto out;
 	}
 
-	/*
-	 * We _always_ create on branch 0
-	 */
-	lower_dentry = unionfs_lower_dentry_idx(dentry, 0);
-	if (lower_dentry) {
-		/*
-		 * check if whiteout exists in this branch, i.e. lookup .wh.foo
-		 * first.
-		 */
-		name = alloc_whname(dentry->d_name.name, dentry->d_name.len);
-		if (unlikely(IS_ERR(name))) {
-			err = PTR_ERR(name);
-			goto out;
-		}
-
-		wh_dentry = lookup_one_len(name, lower_dentry->d_parent,
-					   dentry->d_name.len + UNIONFS_WHLEN);
-		if (IS_ERR(wh_dentry)) {
-			err = PTR_ERR(wh_dentry);
-			wh_dentry = NULL;
-			goto out;
-		}
-
-		if (wh_dentry->d_inode) {
-			/*
-			 * .wh.foo has been found, so let's unlink it
-			 */
-			struct dentry *lower_dir_dentry;
-
-			lower_dir_dentry = lock_parent_wh(wh_dentry);
-			/* see Documentation/filesystems/unionfs/issues.txt */
-			lockdep_off();
-			err = vfs_unlink(lower_dir_dentry->d_inode, wh_dentry);
-			lockdep_on();
-			unlock_dir(lower_dir_dentry);
-
-			/*
-			 * Whiteouts are special files and should be deleted
-			 * no matter what (as if they never existed), in
-			 * order to allow this create operation to succeed.
-			 * This is especially important in sticky
-			 * directories: a whiteout may have been created by
-			 * one user, but the newly created file may be
-			 * created by another user.  Therefore, in order to
-			 * maintain Unix semantics, if the vfs_unlink above
-			 * ailed, then we have to try to directly unlink the
-			 * whiteout.  Note: in the ODF version of unionfs,
-			 * whiteout are handled much more cleanly.
-			 */
-			if (err == -EPERM) {
-				struct inode *inode = lower_dir_dentry->d_inode;
-				err = inode->i_op->unlink(inode, wh_dentry);
-			}
-			if (err) {
-				printk(KERN_ERR "unionfs: create: could not "
-				       "unlink whiteout, err = %d\n", err);
-				goto out;
-			}
-		}
-	} else {
-		/*
-		 * if lower_dentry is NULL, create the entire
-		 * dentry directory structure in branch 0.
-		 */
-		lower_dentry = create_parents(parent, dentry,
-					      dentry->d_name.name, 0);
-		if (IS_ERR(lower_dentry)) {
-			err = PTR_ERR(lower_dentry);
-			goto out;
-		}
-	}
-
 	lower_parent_dentry = lock_parent(lower_dentry);
 	if (IS_ERR(lower_parent_dentry)) {
 		err = PTR_ERR(lower_parent_dentry);
@@ -156,9 +224,6 @@ static int unionfs_create(struct inode *parent, struct dentry *dentry,
 	unlock_dir(lower_parent_dentry);
 
 out:
-	dput(wh_dentry);
-	kfree(name);
-
 	if (!err)
 		unionfs_postcopyup_setmnt(dentry);
 
@@ -417,86 +482,12 @@ static int unionfs_symlink(struct inode *parent, struct dentry *dentry,
 	 */
 	BUG_ON(!valid && dentry->d_inode);
 
-	/*
-	 * We shouldn't create things in a read-only branch; this check is a
-	 * bit redundant as we don't allow branch 0 to be read-only at the
-	 * moment
-	 */
-	err = is_robranch_super(dentry->d_sb, 0);
-	if (err) {
-		err = -EROFS;
+	lower_dentry = find_writeable_branch(parent, dentry);
+	if (IS_ERR(lower_dentry)) {
+		err = PTR_ERR(lower_dentry);
 		goto out;
 	}
 
-	/*
-	 * We _always_ create on branch 0
-	 */
-	lower_dentry = unionfs_lower_dentry_idx(dentry, 0);
-	if (lower_dentry) {
-		/*
-		 * check if whiteout exists in this branch, i.e. lookup .wh.foo
-		 * first.
-		 */
-		name = alloc_whname(dentry->d_name.name, dentry->d_name.len);
-		if (unlikely(IS_ERR(name))) {
-			err = PTR_ERR(name);
-			goto out;
-		}
-
-		wh_dentry = lookup_one_len(name, lower_dentry->d_parent,
-					   dentry->d_name.len + UNIONFS_WHLEN);
-		if (IS_ERR(wh_dentry)) {
-			err = PTR_ERR(wh_dentry);
-			wh_dentry = NULL;
-			goto out;
-		}
-
-		if (wh_dentry->d_inode) {
-			/*
-			 * .wh.foo has been found, so let's unlink it
-			 */
-			struct dentry *lower_dir_dentry;
-
-			lower_dir_dentry = lock_parent_wh(wh_dentry);
-			err = vfs_unlink(lower_dir_dentry->d_inode, wh_dentry);
-			unlock_dir(lower_dir_dentry);
-
-			/*
-			 * Whiteouts are special files and should be deleted
-			 * no matter what (as if they never existed), in
-			 * order to allow this create operation to succeed.
-			 * This is especially important in sticky
-			 * directories: a whiteout may have been created by
-			 * one user, but the newly created file may be
-			 * created by another user.  Therefore, in order to
-			 * maintain Unix semantics, if the vfs_unlink above
-			 * ailed, then we have to try to directly unlink the
-			 * whiteout.  Note: in the ODF version of unionfs,
-			 * whiteout are handled much more cleanly.
-			 */
-			if (err == -EPERM) {
-				struct inode *inode = lower_dir_dentry->d_inode;
-				err = inode->i_op->unlink(inode, wh_dentry);
-			}
-			if (err) {
-				printk(KERN_ERR "unionfs: symlink: could not "
-				       "unlink whiteout, err = %d\n", err);
-				goto out;
-			}
-		}
-	} else {
-		/*
-		 * if lower_dentry is NULL, create the entire
-		 * dentry directory structure in branch 0.
-		 */
-		lower_dentry = create_parents(parent, dentry,
-					      dentry->d_name.name, 0);
-		if (IS_ERR(lower_dentry)) {
-			err = PTR_ERR(lower_dentry);
-			goto out;
-		}
-	}
-
 	lower_parent_dentry = lock_parent(lower_dentry);
 	if (IS_ERR(lower_parent_dentry)) {
 		err = PTR_ERR(lower_parent_dentry);
@@ -713,86 +704,12 @@ static int unionfs_mknod(struct inode *parent, struct dentry *dentry, int mode,
 	 */
 	BUG_ON(!valid && dentry->d_inode);
 
-	/*
-	 * We shouldn't create things in a read-only branch; this check is a
-	 * bit redundant as we don't allow branch 0 to be read-only at the
-	 * moment
-	 */
-	err = is_robranch_super(dentry->d_sb, 0);
-	if (err) {
-		err = -EROFS;
+	lower_dentry = find_writeable_branch(parent, dentry);
+	if (IS_ERR(lower_dentry)) {
+		err = PTR_ERR(lower_dentry);
 		goto out;
 	}
 
-	/*
-	 * We _always_ create on branch 0
-	 */
-	lower_dentry = unionfs_lower_dentry_idx(dentry, 0);
-	if (lower_dentry) {
-		/*
-		 * check if whiteout exists in this branch, i.e. lookup .wh.foo
-		 * first.
-		 */
-		name = alloc_whname(dentry->d_name.name, dentry->d_name.len);
-		if (unlikely(IS_ERR(name))) {
-			err = PTR_ERR(name);
-			goto out;
-		}
-
-		wh_dentry = lookup_one_len(name, lower_dentry->d_parent,
-					   dentry->d_name.len + UNIONFS_WHLEN);
-		if (IS_ERR(wh_dentry)) {
-			err = PTR_ERR(wh_dentry);
-			wh_dentry = NULL;
-			goto out;
-		}
-
-		if (wh_dentry->d_inode) {
-			/*
-			 * .wh.foo has been found, so let's unlink it
-			 */
-			struct dentry *lower_dir_dentry;
-
-			lower_dir_dentry = lock_parent_wh(wh_dentry);
-			err = vfs_unlink(lower_dir_dentry->d_inode, wh_dentry);
-			unlock_dir(lower_dir_dentry);
-
-			/*
-			 * Whiteouts are special files and should be deleted
-			 * no matter what (as if they never existed), in
-			 * order to allow this create operation to succeed.
-			 * This is especially important in sticky
-			 * directories: a whiteout may have been created by
-			 * one user, but the newly created file may be
-			 * created by another user.  Therefore, in order to
-			 * maintain Unix semantics, if the vfs_unlink above
-			 * ailed, then we have to try to directly unlink the
-			 * whiteout.  Note: in the ODF version of unionfs,
-			 * whiteout are handled much more cleanly.
-			 */
-			if (err == -EPERM) {
-				struct inode *inode = lower_dir_dentry->d_inode;
-				err = inode->i_op->unlink(inode, wh_dentry);
-			}
-			if (err) {
-				printk(KERN_ERR "unionfs: mknod: could not "
-				       "unlink whiteout, err = %d\n", err);
-				goto out;
-			}
-		}
-	} else {
-		/*
-		 * if lower_dentry is NULL, create the entire
-		 * dentry directory structure in branch 0.
-		 */
-		lower_dentry = create_parents(parent, dentry,
-					      dentry->d_name.name, 0);
-		if (IS_ERR(lower_dentry)) {
-			err = PTR_ERR(lower_dentry);
-			goto out;
-		}
-	}
-
 	lower_parent_dentry = lock_parent(lower_dentry);
 	if (IS_ERR(lower_parent_dentry)) {
 		err = PTR_ERR(lower_parent_dentry);
-- 
1.5.2.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ