Merge tag 'ovl-update-6.13' of git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs

	refcount_t ref;

	struct kiocb *orig_iocb;

	/* used for aio completion */

	void (*end_write)(struct file *, loff_t, ssize_t);

	void (*end_write)(struct kiocb *iocb, ssize_t);

	struct work_struct work;

	long res;

};

	struct kiocb *iocb = &aio->iocb;

	struct kiocb *orig_iocb = aio->orig_iocb;

	orig_iocb->ki_pos = iocb->ki_pos;

	if (aio->end_write)

		aio->end_write(orig_iocb->ki_filp, iocb->ki_pos, res);

		aio->end_write(orig_iocb, res);

	orig_iocb->ki_pos = iocb->ki_pos;

	backing_aio_put(aio);

}

	    !(file->f_mode & FMODE_CAN_ODIRECT))

		return -EINVAL;

	old_cred = override_creds(ctx->cred);

	old_cred = override_creds_light(ctx->cred);

	if (is_sync_kiocb(iocb)) {

		rwf_t rwf = iocb_to_rw_flags(flags);

			backing_aio_cleanup(aio, ret);

	}

out:

	revert_creds(old_cred);

	revert_creds_light(old_cred);

	if (ctx->accessed)

		ctx->accessed(ctx->user_file);

		ctx->accessed(iocb->ki_filp);

	return ret;

}

	if (!iov_iter_count(iter))

		return 0;

	ret = file_remove_privs(ctx->user_file);

	ret = file_remove_privs(iocb->ki_filp);

	if (ret)

		return ret;

	 */

	flags &= ~IOCB_DIO_CALLER_COMP;

	old_cred = override_creds(ctx->cred);

	old_cred = override_creds_light(ctx->cred);

	if (is_sync_kiocb(iocb)) {

		rwf_t rwf = iocb_to_rw_flags(flags);

		ret = vfs_iter_write(file, iter, &iocb->ki_pos, rwf);

		if (ctx->end_write)

			ctx->end_write(ctx->user_file, iocb->ki_pos, ret);

			ctx->end_write(iocb, ret);

	} else {

		struct backing_aio *aio;

			backing_aio_cleanup(aio, ret);

	}

out:

	revert_creds(old_cred);

	revert_creds_light(old_cred);

	return ret;

}

EXPORT_SYMBOL_GPL(backing_file_write_iter);

ssize_t backing_file_splice_read(struct file *in, loff_t *ppos,

ssize_t backing_file_splice_read(struct file *in, struct kiocb *iocb,

				 struct pipe_inode_info *pipe, size_t len,

				 unsigned int flags,

				 struct backing_file_ctx *ctx)

	if (WARN_ON_ONCE(!(in->f_mode & FMODE_BACKING)))

		return -EIO;

	old_cred = override_creds(ctx->cred);

	ret = vfs_splice_read(in, ppos, pipe, len, flags);

	revert_creds(old_cred);

	old_cred = override_creds_light(ctx->cred);

	ret = vfs_splice_read(in, &iocb->ki_pos, pipe, len, flags);

	revert_creds_light(old_cred);

	if (ctx->accessed)

		ctx->accessed(ctx->user_file);

		ctx->accessed(iocb->ki_filp);

	return ret;

}

EXPORT_SYMBOL_GPL(backing_file_splice_read);

ssize_t backing_file_splice_write(struct pipe_inode_info *pipe,

				  struct file *out, loff_t *ppos, size_t len,

				  unsigned int flags,

				  struct file *out, struct kiocb *iocb,

				  size_t len, unsigned int flags,

				  struct backing_file_ctx *ctx)

{

	const struct cred *old_cred;

	if (!out->f_op->splice_write)

		return -EINVAL;

	ret = file_remove_privs(ctx->user_file);

	ret = file_remove_privs(iocb->ki_filp);

	if (ret)

		return ret;

	old_cred = override_creds(ctx->cred);

	old_cred = override_creds_light(ctx->cred);

	file_start_write(out);

	ret = out->f_op->splice_write(pipe, out, ppos, len, flags);

	ret = out->f_op->splice_write(pipe, out, &iocb->ki_pos, len, flags);

	file_end_write(out);

	revert_creds(old_cred);

	revert_creds_light(old_cred);

	if (ctx->end_write)

		ctx->end_write(ctx->user_file, ppos ? *ppos : 0, ret);

		ctx->end_write(iocb, ret);

	return ret;

}

	const struct cred *old_cred;

	int ret;

	if (WARN_ON_ONCE(!(file->f_mode & FMODE_BACKING)) ||

	    WARN_ON_ONCE(ctx->user_file != vma->vm_file))

	if (WARN_ON_ONCE(!(file->f_mode & FMODE_BACKING)))

		return -EIO;

	if (!file->f_op->mmap)

	vma_set_file(vma, file);

	old_cred = override_creds(ctx->cred);

	old_cred = override_creds_light(ctx->cred);

	ret = call_mmap(vma->vm_file, vma);

	revert_creds(old_cred);

	revert_creds_light(old_cred);

	if (ctx->accessed)

		ctx->accessed(ctx->user_file);

		ctx->accessed(vma->vm_file);

	return ret;

}

	fuse_invalidate_atime(inode);

}

static void fuse_passthrough_end_write(struct file *file, loff_t pos, ssize_t ret)

static void fuse_passthrough_end_write(struct kiocb *iocb, ssize_t ret)

{

	struct inode *inode = file_inode(file);

	struct inode *inode = file_inode(iocb->ki_filp);

	fuse_write_update_attr(inode, pos, ret);

	fuse_write_update_attr(inode, iocb->ki_pos, ret);

}

ssize_t fuse_passthrough_read_iter(struct kiocb *iocb, struct iov_iter *iter)

	ssize_t ret;

	struct backing_file_ctx ctx = {

		.cred = ff->cred,

		.user_file = file,

		.accessed = fuse_file_accessed,

	};

	ssize_t ret;

	struct backing_file_ctx ctx = {

		.cred = ff->cred,

		.user_file = file,

		.end_write = fuse_passthrough_end_write,

	};

	struct file *backing_file = fuse_file_passthrough(ff);

	struct backing_file_ctx ctx = {

		.cred = ff->cred,

		.user_file = in,

		.accessed = fuse_file_accessed,

	};

	struct kiocb iocb;

	ssize_t ret;

	pr_debug("%s: backing_file=0x%p, pos=%lld, len=%zu, flags=0x%x\n", __func__,

		 backing_file, ppos ? *ppos : 0, len, flags);

		 backing_file, *ppos, len, flags);

	return backing_file_splice_read(backing_file, ppos, pipe, len, flags,

					&ctx);

	init_sync_kiocb(&iocb, in);

	iocb.ki_pos = *ppos;

	ret = backing_file_splice_read(backing_file, &iocb, pipe, len, flags, &ctx);

	*ppos = iocb.ki_pos;

	return ret;

}

ssize_t fuse_passthrough_splice_write(struct pipe_inode_info *pipe,

	ssize_t ret;

	struct backing_file_ctx ctx = {

		.cred = ff->cred,

		.user_file = out,

		.end_write = fuse_passthrough_end_write,

	};

	struct kiocb iocb;

	pr_debug("%s: backing_file=0x%p, pos=%lld, len=%zu, flags=0x%x\n", __func__,

		 backing_file, ppos ? *ppos : 0, len, flags);

		 backing_file, *ppos, len, flags);

	inode_lock(inode);

	ret = backing_file_splice_write(pipe, backing_file, ppos, len, flags,

					&ctx);

	init_sync_kiocb(&iocb, out);

	iocb.ki_pos = *ppos;

	ret = backing_file_splice_write(pipe, backing_file, &iocb, len, flags, &ctx);

	*ppos = iocb.ki_pos;

	inode_unlock(inode);

	return ret;

	struct file *backing_file = fuse_file_passthrough(ff);

	struct backing_file_ctx ctx = {

		.cred = ff->cred,

		.user_file = file,

		.accessed = fuse_file_accessed,

	};

		dput(parent);

		dput(next);

	}

	revert_creds(old_cred);

	ovl_revert_creds(old_cred);

	return err;

}

	goto out_dput;

}

static int ovl_setup_cred_for_create(struct dentry *dentry, struct inode *inode,

				     umode_t mode, const struct cred *old_cred)

static const struct cred *ovl_setup_cred_for_create(struct dentry *dentry,

						    struct inode *inode,

						    umode_t mode,

						    const struct cred *old_cred)

{

	int err;

	struct cred *override_cred;

	override_cred = prepare_creds();

	if (!override_cred)

		return -ENOMEM;

		return ERR_PTR(-ENOMEM);

	override_cred->fsuid = inode->i_uid;

	override_cred->fsgid = inode->i_gid;

					      old_cred, override_cred);

	if (err) {

		put_cred(override_cred);

		return err;

		return ERR_PTR(err);

	}

	put_cred(override_creds(override_cred));

	put_cred(override_cred);

	return 0;

	/*

	 * Caller is going to match this with revert_creds_light() and drop

	 * referenec on the returned creds.

	 * We must be called with creator creds already, otherwise we risk

	 * leaking creds.

	 */

	old_cred = override_creds_light(override_cred);

	WARN_ON_ONCE(old_cred != ovl_creds(dentry->d_sb));

	return override_cred;

}

static int ovl_create_or_link(struct dentry *dentry, struct inode *inode,

			      struct ovl_cattr *attr, bool origin)

{

	int err;

	const struct cred *old_cred;

	const struct cred *old_cred, *new_cred = NULL;

	struct dentry *parent = dentry->d_parent;

	old_cred = ovl_override_creds(dentry->d_sb);

		 * create a new inode, so just use the ovl mounter's

		 * fs{u,g}id.

		 */

		err = ovl_setup_cred_for_create(dentry, inode, attr->mode, old_cred);

		if (err)

		new_cred = ovl_setup_cred_for_create(dentry, inode, attr->mode,

						     old_cred);

		err = PTR_ERR(new_cred);

		if (IS_ERR(new_cred)) {

			new_cred = NULL;

			goto out_revert_creds;

		}

	}

	if (!ovl_dentry_is_whiteout(dentry))

		err = ovl_create_upper(dentry, inode, attr);

		err = ovl_create_over_whiteout(dentry, inode, attr);

out_revert_creds:

	revert_creds(old_cred);

	ovl_revert_creds(old_cred);

	put_cred(new_cred);

	return err;

}

	old_cred = ovl_override_creds(dentry->d_sb);

	err = ovl_set_redirect(dentry, false);

	revert_creds(old_cred);

	ovl_revert_creds(old_cred);

	return err;

}

		err = ovl_remove_upper(dentry, is_dir, &list);

	else

		err = ovl_remove_and_whiteout(dentry, &list);

	revert_creds(old_cred);

	ovl_revert_creds(old_cred);

	if (!err) {

		if (is_dir)

			clear_nlink(dentry->d_inode);

out_unlock:

	unlock_rename(new_upperdir, old_upperdir);

out_revert_creds:

	revert_creds(old_cred);

	ovl_revert_creds(old_cred);

	if (update_nlink)

		ovl_nlink_end(new);

	else

static int ovl_create_tmpfile(struct file *file, struct dentry *dentry,

			      struct inode *inode, umode_t mode)

{

	const struct cred *old_cred;

	const struct cred *old_cred, *new_cred = NULL;

	struct path realparentpath;

	struct file *realfile;

	struct ovl_file *of;

	struct dentry *newdentry;

	/* It's okay to set O_NOATIME, since the owner will be current fsuid */

	int flags = file->f_flags | OVL_OPEN_FLAGS;

	int err;

	old_cred = ovl_override_creds(dentry->d_sb);

	err = ovl_setup_cred_for_create(dentry, inode, mode, old_cred);

	if (err)

	new_cred = ovl_setup_cred_for_create(dentry, inode, mode, old_cred);

	err = PTR_ERR(new_cred);

	if (IS_ERR(new_cred)) {

		new_cred = NULL;

		goto out_revert_creds;

	}

	ovl_path_upper(dentry->d_parent, &realparentpath);

	realfile = backing_tmpfile_open(&file->f_path, flags, &realparentpath,

	if (err)

		goto out_revert_creds;

	of = ovl_file_alloc(realfile);

	if (!of) {

		fput(realfile);

		err = -ENOMEM;

		goto out_revert_creds;

	}

	/* ovl_instantiate() consumes the newdentry reference on success */

	newdentry = dget(realfile->f_path.dentry);

	err = ovl_instantiate(dentry, inode, newdentry, false, file);

	if (!err) {

		file->private_data = realfile;

		file->private_data = of;

	} else {

		dput(newdentry);

		fput(realfile);

		ovl_file_free(of);

	}

out_revert_creds:

	revert_creds(old_cred);

	ovl_revert_creds(old_cred);

	put_cred(new_cred);

	return err;

}

put_realfile:

	/* Without FMODE_OPENED ->release() won't be called on @file */

	if (!(file->f_mode & FMODE_OPENED))

		fput(file->private_data);

		ovl_file_free(file->private_data);

put_inode:

	iput(inode);

drop_write:

		realfile = backing_file_open(&file->f_path, flags, realpath,

					     current_cred());

	}

	revert_creds(old_cred);

	ovl_revert_creds(old_cred);

	pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n",

		 file, file, ovl_whatisit(inode, realinode), file->f_flags,

	return 0;

}

static int ovl_real_fdget_meta(const struct file *file, struct fd *real,

			       bool allow_meta)

struct ovl_file {

	struct file *realfile;

	struct file *upperfile;

};

struct ovl_file *ovl_file_alloc(struct file *realfile)

{

	struct dentry *dentry = file_dentry(file);

	struct file *realfile = file->private_data;

	struct path realpath;

	int err;

	struct ovl_file *of = kzalloc(sizeof(struct ovl_file), GFP_KERNEL);

	real->word = (unsigned long)realfile;

	if (unlikely(!of))

		return NULL;

	if (allow_meta) {

		ovl_path_real(dentry, &realpath);

	} else {

		/* lazy lookup and verify of lowerdata */

		err = ovl_verify_lowerdata(dentry);

		if (err)

			return err;

	of->realfile = realfile;

	return of;

}

		ovl_path_realdata(dentry, &realpath);

void ovl_file_free(struct ovl_file *of)

{

	fput(of->realfile);

	if (of->upperfile)

		fput(of->upperfile);

	kfree(of);

}

	if (!realpath.dentry)

		return -EIO;

	/* Has it been copied up since we'd opened it? */

	if (unlikely(file_inode(realfile) != d_inode(realpath.dentry))) {

		struct file *f = ovl_open_realfile(file, &realpath);

		if (IS_ERR(f))

			return PTR_ERR(f);

		real->word = (unsigned long)f | FDPUT_FPUT;

		return 0;

static bool ovl_is_real_file(const struct file *realfile,

			     const struct path *realpath)

{

	return file_inode(realfile) == d_inode(realpath->dentry);

}

static struct file *ovl_real_file_path(const struct file *file,

				       struct path *realpath)

{

	struct ovl_file *of = file->private_data;

	struct file *realfile = of->realfile;

	if (WARN_ON_ONCE(!realpath->dentry))

		return ERR_PTR(-EIO);

	/*

	 * If the realfile that we want is not where the data used to be at

	 * open time, either we'd been copied up, or it's an fsync of a

	 * metacopied file.  We need the upperfile either way, so see if it

	 * is already opened and if it is not then open and store it.

	 */

	if (unlikely(!ovl_is_real_file(realfile, realpath))) {

		struct file *upperfile = READ_ONCE(of->upperfile);

		struct file *old;

		if (!upperfile) { /* Nobody opened upperfile yet */

			upperfile = ovl_open_realfile(file, realpath);

			if (IS_ERR(upperfile))

				return upperfile;

			/* Store the upperfile for later */

			old = cmpxchg_release(&of->upperfile, NULL, upperfile);

			if (old) { /* Someone opened upperfile before us */

				fput(upperfile);

				upperfile = old;

			}

		}

		/*

		 * Stored file must be from the right inode, unless someone's

		 * been corrupting the upper layer.

		 */

		if (WARN_ON_ONCE(!ovl_is_real_file(upperfile, realpath)))

			return ERR_PTR(-EIO);

		realfile = upperfile;

	}

	/* Did the flags change since open? */

	if (unlikely((file->f_flags ^ realfile->f_flags) & ~OVL_OPEN_FLAGS))

		return ovl_change_flags(realfile, file->f_flags);

	if (unlikely((file->f_flags ^ realfile->f_flags) & ~OVL_OPEN_FLAGS)) {

		int err = ovl_change_flags(realfile, file->f_flags);

	return 0;

		if (err)

			return ERR_PTR(err);

	}

	return realfile;

}

static int ovl_real_fdget(const struct file *file, struct fd *real)

static struct file *ovl_real_file(const struct file *file)

{

	if (d_is_dir(file_dentry(file))) {

	struct dentry *dentry = file_dentry(file);

	struct path realpath;

	int err;

	if (d_is_dir(dentry)) {

		struct file *f = ovl_dir_real_file(file, false);

		if (IS_ERR(f))

			return PTR_ERR(f);

		real->word = (unsigned long)f;

		return 0;

		if (WARN_ON_ONCE(!f))

			return ERR_PTR(-EIO);

		return f;

	}

	return ovl_real_fdget_meta(file, real, false);

	/* lazy lookup and verify of lowerdata */

	err = ovl_verify_lowerdata(dentry);

	if (err)

		return ERR_PTR(err);

	ovl_path_realdata(dentry, &realpath);

	return ovl_real_file_path(file, &realpath);

}

static int ovl_open(struct inode *inode, struct file *file)

	struct dentry *dentry = file_dentry(file);

	struct file *realfile;

	struct path realpath;

	struct ovl_file *of;

	int err;

	/* lazy lookup and verify lowerdata */

	if (IS_ERR(realfile))

		return PTR_ERR(realfile);

	file->private_data = realfile;

	of = ovl_file_alloc(realfile);

	if (!of) {