]>
Commit | Line | Data |
---|---|---|
bbb1e54d MS |
1 | /* |
2 | * Copyright (C) 2011 Novell Inc. | |
3 | * Copyright (C) 2016 Red Hat, Inc. | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU General Public License version 2 as published by | |
7 | * the Free Software Foundation. | |
8 | */ | |
9 | ||
10 | #include <linux/fs.h> | |
5b825c3a | 11 | #include <linux/cred.h> |
bbb1e54d MS |
12 | #include <linux/namei.h> |
13 | #include <linux/xattr.h> | |
02b69b28 | 14 | #include <linux/ratelimit.h> |
a9d01957 AG |
15 | #include <linux/mount.h> |
16 | #include <linux/exportfs.h> | |
bbb1e54d | 17 | #include "overlayfs.h" |
bbb1e54d | 18 | |
e28edc46 MS |
19 | struct ovl_lookup_data { |
20 | struct qstr name; | |
21 | bool is_dir; | |
22 | bool opaque; | |
23 | bool stop; | |
24 | bool last; | |
02b69b28 | 25 | char *redirect; |
e28edc46 | 26 | }; |
bbb1e54d | 27 | |
02b69b28 MS |
28 | static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, |
29 | size_t prelen, const char *post) | |
30 | { | |
31 | int res; | |
32 | char *s, *next, *buf = NULL; | |
33 | ||
34 | res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0); | |
35 | if (res < 0) { | |
36 | if (res == -ENODATA || res == -EOPNOTSUPP) | |
37 | return 0; | |
38 | goto fail; | |
39 | } | |
0ee931c4 | 40 | buf = kzalloc(prelen + res + strlen(post) + 1, GFP_KERNEL); |
02b69b28 MS |
41 | if (!buf) |
42 | return -ENOMEM; | |
43 | ||
44 | if (res == 0) | |
45 | goto invalid; | |
46 | ||
47 | res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res); | |
48 | if (res < 0) | |
49 | goto fail; | |
50 | if (res == 0) | |
51 | goto invalid; | |
52 | if (buf[0] == '/') { | |
53 | for (s = buf; *s++ == '/'; s = next) { | |
54 | next = strchrnul(s, '/'); | |
55 | if (s == next) | |
56 | goto invalid; | |
57 | } | |
7e82fc84 AG |
58 | /* |
59 | * One of the ancestor path elements in an absolute path | |
60 | * lookup in ovl_lookup_layer() could have been opaque and | |
61 | * that will stop further lookup in lower layers (d->stop=true) | |
62 | * But we have found an absolute redirect in decendant path | |
63 | * element and that should force continue lookup in lower | |
64 | * layers (reset d->stop). | |
65 | */ | |
66 | d->stop = false; | |
02b69b28 MS |
67 | } else { |
68 | if (strchr(buf, '/') != NULL) | |
69 | goto invalid; | |
70 | ||
71 | memmove(buf + prelen, buf, res); | |
72 | memcpy(buf, d->name.name, prelen); | |
73 | } | |
74 | ||
75 | strcat(buf, post); | |
76 | kfree(d->redirect); | |
77 | d->redirect = buf; | |
78 | d->name.name = d->redirect; | |
79 | d->name.len = strlen(d->redirect); | |
80 | ||
81 | return 0; | |
82 | ||
83 | err_free: | |
84 | kfree(buf); | |
85 | return 0; | |
86 | fail: | |
87 | pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res); | |
88 | goto err_free; | |
89 | invalid: | |
90 | pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf); | |
91 | goto err_free; | |
92 | } | |
93 | ||
a9d01957 AG |
94 | static int ovl_acceptable(void *ctx, struct dentry *dentry) |
95 | { | |
96 | return 1; | |
97 | } | |
98 | ||
8b88a2e6 | 99 | static struct ovl_fh *ovl_get_origin_fh(struct dentry *dentry) |
a9d01957 AG |
100 | { |
101 | int res; | |
102 | struct ovl_fh *fh = NULL; | |
a9d01957 AG |
103 | |
104 | res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, NULL, 0); | |
105 | if (res < 0) { | |
106 | if (res == -ENODATA || res == -EOPNOTSUPP) | |
107 | return NULL; | |
108 | goto fail; | |
109 | } | |
110 | /* Zero size value means "copied up but origin unknown" */ | |
111 | if (res == 0) | |
112 | return NULL; | |
113 | ||
0ee931c4 | 114 | fh = kzalloc(res, GFP_KERNEL); |
a9d01957 AG |
115 | if (!fh) |
116 | return ERR_PTR(-ENOMEM); | |
117 | ||
118 | res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, fh, res); | |
119 | if (res < 0) | |
120 | goto fail; | |
121 | ||
122 | if (res < sizeof(struct ovl_fh) || res < fh->len) | |
123 | goto invalid; | |
124 | ||
125 | if (fh->magic != OVL_FH_MAGIC) | |
126 | goto invalid; | |
127 | ||
128 | /* Treat larger version and unknown flags as "origin unknown" */ | |
129 | if (fh->version > OVL_FH_VERSION || fh->flags & ~OVL_FH_FLAG_ALL) | |
130 | goto out; | |
131 | ||
132 | /* Treat endianness mismatch as "origin unknown" */ | |
133 | if (!(fh->flags & OVL_FH_FLAG_ANY_ENDIAN) && | |
134 | (fh->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN) | |
135 | goto out; | |
136 | ||
8b88a2e6 AG |
137 | return fh; |
138 | ||
139 | out: | |
140 | kfree(fh); | |
141 | return NULL; | |
142 | ||
143 | fail: | |
144 | pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res); | |
145 | goto out; | |
146 | invalid: | |
147 | pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh); | |
148 | goto out; | |
149 | } | |
150 | ||
151 | static struct dentry *ovl_get_origin(struct dentry *dentry, | |
152 | struct vfsmount *mnt) | |
153 | { | |
154 | struct dentry *origin = NULL; | |
155 | struct ovl_fh *fh = ovl_get_origin_fh(dentry); | |
156 | int bytes; | |
157 | ||
158 | if (IS_ERR_OR_NULL(fh)) | |
159 | return (struct dentry *)fh; | |
a9d01957 AG |
160 | |
161 | /* | |
162 | * Make sure that the stored uuid matches the uuid of the lower | |
163 | * layer where file handle will be decoded. | |
164 | */ | |
85787090 | 165 | if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid)) |
a9d01957 AG |
166 | goto out; |
167 | ||
8b88a2e6 | 168 | bytes = (fh->len - offsetof(struct ovl_fh, fid)); |
a9d01957 AG |
169 | origin = exportfs_decode_fh(mnt, (struct fid *)fh->fid, |
170 | bytes >> 2, (int)fh->type, | |
171 | ovl_acceptable, NULL); | |
172 | if (IS_ERR(origin)) { | |
173 | /* Treat stale file handle as "origin unknown" */ | |
174 | if (origin == ERR_PTR(-ESTALE)) | |
175 | origin = NULL; | |
176 | goto out; | |
177 | } | |
178 | ||
179 | if (ovl_dentry_weird(origin) || | |
8b88a2e6 | 180 | ((d_inode(origin)->i_mode ^ d_inode(dentry)->i_mode) & S_IFMT)) |
a9d01957 | 181 | goto invalid; |
a9d01957 AG |
182 | |
183 | out: | |
184 | kfree(fh); | |
185 | return origin; | |
186 | ||
a9d01957 | 187 | invalid: |
8b88a2e6 AG |
188 | pr_warn_ratelimited("overlayfs: invalid origin (%pd2)\n", origin); |
189 | dput(origin); | |
190 | origin = NULL; | |
a9d01957 AG |
191 | goto out; |
192 | } | |
193 | ||
ee1d6d37 AG |
194 | static bool ovl_is_opaquedir(struct dentry *dentry) |
195 | { | |
196 | return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE); | |
197 | } | |
198 | ||
e28edc46 MS |
199 | static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d, |
200 | const char *name, unsigned int namelen, | |
02b69b28 | 201 | size_t prelen, const char *post, |
e28edc46 MS |
202 | struct dentry **ret) |
203 | { | |
204 | struct dentry *this; | |
205 | int err; | |
206 | ||
207 | this = lookup_one_len_unlocked(name, base, namelen); | |
208 | if (IS_ERR(this)) { | |
209 | err = PTR_ERR(this); | |
210 | this = NULL; | |
211 | if (err == -ENOENT || err == -ENAMETOOLONG) | |
212 | goto out; | |
213 | goto out_err; | |
214 | } | |
215 | if (!this->d_inode) | |
216 | goto put_and_out; | |
217 | ||
218 | if (ovl_dentry_weird(this)) { | |
219 | /* Don't support traversing automounts and other weirdness */ | |
220 | err = -EREMOTE; | |
221 | goto out_err; | |
222 | } | |
223 | if (ovl_is_whiteout(this)) { | |
224 | d->stop = d->opaque = true; | |
225 | goto put_and_out; | |
226 | } | |
227 | if (!d_can_lookup(this)) { | |
228 | d->stop = true; | |
229 | if (d->is_dir) | |
230 | goto put_and_out; | |
231 | goto out; | |
232 | } | |
233 | d->is_dir = true; | |
234 | if (!d->last && ovl_is_opaquedir(this)) { | |
235 | d->stop = d->opaque = true; | |
236 | goto out; | |
237 | } | |
02b69b28 MS |
238 | err = ovl_check_redirect(this, d, prelen, post); |
239 | if (err) | |
240 | goto out_err; | |
e28edc46 MS |
241 | out: |
242 | *ret = this; | |
243 | return 0; | |
244 | ||
245 | put_and_out: | |
246 | dput(this); | |
247 | this = NULL; | |
248 | goto out; | |
249 | ||
250 | out_err: | |
251 | dput(this); | |
252 | return err; | |
253 | } | |
254 | ||
255 | static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d, | |
256 | struct dentry **ret) | |
257 | { | |
4c7d0c9c AG |
258 | /* Counting down from the end, since the prefix can change */ |
259 | size_t rem = d->name.len - 1; | |
02b69b28 MS |
260 | struct dentry *dentry = NULL; |
261 | int err; | |
262 | ||
4c7d0c9c | 263 | if (d->name.name[0] != '/') |
02b69b28 MS |
264 | return ovl_lookup_single(base, d, d->name.name, d->name.len, |
265 | 0, "", ret); | |
266 | ||
4c7d0c9c AG |
267 | while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) { |
268 | const char *s = d->name.name + d->name.len - rem; | |
02b69b28 | 269 | const char *next = strchrnul(s, '/'); |
4c7d0c9c AG |
270 | size_t thislen = next - s; |
271 | bool end = !next[0]; | |
02b69b28 | 272 | |
4c7d0c9c AG |
273 | /* Verify we did not go off the rails */ |
274 | if (WARN_ON(s[-1] != '/')) | |
02b69b28 MS |
275 | return -EIO; |
276 | ||
4c7d0c9c AG |
277 | err = ovl_lookup_single(base, d, s, thislen, |
278 | d->name.len - rem, next, &base); | |
02b69b28 MS |
279 | dput(dentry); |
280 | if (err) | |
281 | return err; | |
282 | dentry = base; | |
4c7d0c9c AG |
283 | if (end) |
284 | break; | |
285 | ||
286 | rem -= thislen + 1; | |
287 | ||
288 | if (WARN_ON(rem >= d->name.len)) | |
289 | return -EIO; | |
02b69b28 MS |
290 | } |
291 | *ret = dentry; | |
292 | return 0; | |
e28edc46 MS |
293 | } |
294 | ||
a9d01957 | 295 | |
415543d5 | 296 | static int ovl_check_origin(struct dentry *upperdentry, |
b9343632 CR |
297 | struct ovl_path *lower, unsigned int numlower, |
298 | struct ovl_path **stackp, unsigned int *ctrp) | |
a9d01957 | 299 | { |
a9d01957 | 300 | struct vfsmount *mnt; |
f7d3daca AG |
301 | struct dentry *origin = NULL; |
302 | int i; | |
a9d01957 | 303 | |
415543d5 | 304 | for (i = 0; i < numlower; i++) { |
b9343632 | 305 | mnt = lower[i].layer->mnt; |
f7d3daca AG |
306 | origin = ovl_get_origin(upperdentry, mnt); |
307 | if (IS_ERR(origin)) | |
308 | return PTR_ERR(origin); | |
309 | ||
310 | if (origin) | |
311 | break; | |
312 | } | |
313 | ||
314 | if (!origin) | |
315 | return 0; | |
a9d01957 | 316 | |
415543d5 AG |
317 | BUG_ON(*ctrp); |
318 | if (!*stackp) | |
b9343632 | 319 | *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL); |
a9d01957 AG |
320 | if (!*stackp) { |
321 | dput(origin); | |
322 | return -ENOMEM; | |
323 | } | |
b9343632 | 324 | **stackp = (struct ovl_path){.dentry = origin, .layer = lower[i].layer}; |
a9d01957 AG |
325 | *ctrp = 1; |
326 | ||
327 | return 0; | |
328 | } | |
329 | ||
8b88a2e6 AG |
330 | /* |
331 | * Verify that @fh matches the origin file handle stored in OVL_XATTR_ORIGIN. | |
332 | * Return 0 on match, -ESTALE on mismatch, < 0 on error. | |
333 | */ | |
334 | static int ovl_verify_origin_fh(struct dentry *dentry, const struct ovl_fh *fh) | |
335 | { | |
336 | struct ovl_fh *ofh = ovl_get_origin_fh(dentry); | |
337 | int err = 0; | |
338 | ||
339 | if (!ofh) | |
340 | return -ENODATA; | |
341 | ||
342 | if (IS_ERR(ofh)) | |
343 | return PTR_ERR(ofh); | |
344 | ||
345 | if (fh->len != ofh->len || memcmp(fh, ofh, fh->len)) | |
346 | err = -ESTALE; | |
347 | ||
348 | kfree(ofh); | |
349 | return err; | |
350 | } | |
351 | ||
352 | /* | |
353 | * Verify that an inode matches the origin file handle stored in upper inode. | |
354 | * | |
355 | * If @set is true and there is no stored file handle, encode and store origin | |
356 | * file handle in OVL_XATTR_ORIGIN. | |
357 | * | |
358 | * Return 0 on match, -ESTALE on mismatch, < 0 on error. | |
359 | */ | |
d9768076 AG |
360 | int ovl_verify_origin(struct dentry *dentry, struct dentry *origin, |
361 | bool is_upper, bool set) | |
8b88a2e6 AG |
362 | { |
363 | struct inode *inode; | |
364 | struct ovl_fh *fh; | |
365 | int err; | |
366 | ||
54fb347e | 367 | fh = ovl_encode_fh(origin, is_upper); |
8b88a2e6 AG |
368 | err = PTR_ERR(fh); |
369 | if (IS_ERR(fh)) | |
370 | goto fail; | |
371 | ||
372 | err = ovl_verify_origin_fh(dentry, fh); | |
373 | if (set && err == -ENODATA) | |
374 | err = ovl_do_setxattr(dentry, OVL_XATTR_ORIGIN, fh, fh->len, 0); | |
375 | if (err) | |
376 | goto fail; | |
377 | ||
378 | out: | |
379 | kfree(fh); | |
380 | return err; | |
381 | ||
382 | fail: | |
383 | inode = d_inode(origin); | |
384 | pr_warn_ratelimited("overlayfs: failed to verify origin (%pd2, ino=%lu, err=%i)\n", | |
385 | origin, inode ? inode->i_ino : 0, err); | |
386 | goto out; | |
387 | } | |
388 | ||
415543d5 AG |
389 | /* |
390 | * Verify that an index entry name matches the origin file handle stored in | |
391 | * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path. | |
392 | * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error. | |
393 | */ | |
b9343632 | 394 | int ovl_verify_index(struct dentry *index, struct ovl_path *lower, |
415543d5 AG |
395 | unsigned int numlower) |
396 | { | |
397 | struct ovl_fh *fh = NULL; | |
398 | size_t len; | |
b9343632 CR |
399 | struct ovl_path origin = { }; |
400 | struct ovl_path *stack = &origin; | |
415543d5 AG |
401 | unsigned int ctr = 0; |
402 | int err; | |
403 | ||
404 | if (!d_inode(index)) | |
405 | return 0; | |
406 | ||
61b67471 AG |
407 | /* |
408 | * Directory index entries are going to be used for looking up | |
409 | * redirected upper dirs by lower dir fh when decoding an overlay | |
410 | * file handle of a merge dir. Whiteout index entries are going to be | |
411 | * used as an indication that an exported overlay file handle should | |
412 | * be treated as stale (i.e. after unlink of the overlay inode). | |
413 | * We don't know the verification rules for directory and whiteout | |
414 | * index entries, because they have not been implemented yet, so return | |
fa0096e3 AG |
415 | * EINVAL if those entries are found to abort the mount to avoid |
416 | * corrupting an index that was created by a newer kernel. | |
61b67471 | 417 | */ |
fa0096e3 | 418 | err = -EINVAL; |
61b67471 | 419 | if (d_is_dir(index) || ovl_is_whiteout(index)) |
415543d5 AG |
420 | goto fail; |
421 | ||
415543d5 AG |
422 | if (index->d_name.len < sizeof(struct ovl_fh)*2) |
423 | goto fail; | |
424 | ||
425 | err = -ENOMEM; | |
426 | len = index->d_name.len / 2; | |
0ee931c4 | 427 | fh = kzalloc(len, GFP_KERNEL); |
415543d5 AG |
428 | if (!fh) |
429 | goto fail; | |
430 | ||
431 | err = -EINVAL; | |
432 | if (hex2bin((u8 *)fh, index->d_name.name, len) || len != fh->len) | |
433 | goto fail; | |
434 | ||
435 | err = ovl_verify_origin_fh(index, fh); | |
436 | if (err) | |
437 | goto fail; | |
438 | ||
b9343632 | 439 | err = ovl_check_origin(index, lower, numlower, &stack, &ctr); |
415543d5 AG |
440 | if (!err && !ctr) |
441 | err = -ESTALE; | |
442 | if (err) | |
443 | goto fail; | |
444 | ||
caf70cb2 AG |
445 | /* Check if index is orphan and don't warn before cleaning it */ |
446 | if (d_inode(index)->i_nlink == 1 && | |
08d8f8a5 | 447 | ovl_get_nlink(origin.dentry, index, 0) == 0) |
caf70cb2 AG |
448 | err = -ENOENT; |
449 | ||
415543d5 AG |
450 | dput(origin.dentry); |
451 | out: | |
452 | kfree(fh); | |
453 | return err; | |
454 | ||
455 | fail: | |
61b67471 AG |
456 | pr_warn_ratelimited("overlayfs: failed to verify index (%pd2, ftype=%x, err=%i)\n", |
457 | index, d_inode(index)->i_mode & S_IFMT, err); | |
415543d5 AG |
458 | goto out; |
459 | } | |
460 | ||
359f392c AG |
461 | /* |
462 | * Lookup in indexdir for the index entry of a lower real inode or a copy up | |
463 | * origin inode. The index entry name is the hex representation of the lower | |
464 | * inode file handle. | |
465 | * | |
466 | * If the index dentry in negative, then either no lower aliases have been | |
467 | * copied up yet, or aliases have been copied up in older kernels and are | |
468 | * not indexed. | |
469 | * | |
470 | * If the index dentry for a copy up origin inode is positive, but points | |
471 | * to an inode different than the upper inode, then either the upper inode | |
472 | * has been copied up and not indexed or it was indexed, but since then | |
473 | * index dir was cleared. Either way, that index cannot be used to indentify | |
474 | * the overlay inode. | |
475 | */ | |
476 | int ovl_get_index_name(struct dentry *origin, struct qstr *name) | |
477 | { | |
478 | int err; | |
479 | struct ovl_fh *fh; | |
480 | char *n, *s; | |
481 | ||
482 | fh = ovl_encode_fh(origin, false); | |
483 | if (IS_ERR(fh)) | |
484 | return PTR_ERR(fh); | |
485 | ||
486 | err = -ENOMEM; | |
0ee931c4 | 487 | n = kzalloc(fh->len * 2, GFP_KERNEL); |
359f392c AG |
488 | if (n) { |
489 | s = bin2hex(n, fh, fh->len); | |
490 | *name = (struct qstr) QSTR_INIT(n, s - n); | |
491 | err = 0; | |
492 | } | |
493 | kfree(fh); | |
494 | ||
495 | return err; | |
496 | ||
497 | } | |
498 | ||
499 | static struct dentry *ovl_lookup_index(struct dentry *dentry, | |
500 | struct dentry *upper, | |
501 | struct dentry *origin) | |
502 | { | |
503 | struct ovl_fs *ofs = dentry->d_sb->s_fs_info; | |
504 | struct dentry *index; | |
505 | struct inode *inode; | |
506 | struct qstr name; | |
507 | int err; | |
508 | ||
509 | err = ovl_get_index_name(origin, &name); | |
510 | if (err) | |
511 | return ERR_PTR(err); | |
512 | ||
513 | index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len); | |
514 | if (IS_ERR(index)) { | |
e0082a0f | 515 | err = PTR_ERR(index); |
7937a56f AG |
516 | if (err == -ENOENT) { |
517 | index = NULL; | |
518 | goto out; | |
519 | } | |
359f392c AG |
520 | pr_warn_ratelimited("overlayfs: failed inode index lookup (ino=%lu, key=%*s, err=%i);\n" |
521 | "overlayfs: mount with '-o index=off' to disable inodes index.\n", | |
522 | d_inode(origin)->i_ino, name.len, name.name, | |
523 | err); | |
524 | goto out; | |
525 | } | |
526 | ||
0e082555 | 527 | inode = d_inode(index); |
359f392c | 528 | if (d_is_negative(index)) { |
6eaf0111 | 529 | goto out_dput; |
0e082555 | 530 | } else if (upper && d_inode(upper) != inode) { |
6eaf0111 | 531 | goto out_dput; |
0e082555 AG |
532 | } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) || |
533 | ((inode->i_mode ^ d_inode(origin)->i_mode) & S_IFMT)) { | |
534 | /* | |
535 | * Index should always be of the same file type as origin | |
536 | * except for the case of a whiteout index. A whiteout | |
537 | * index should only exist if all lower aliases have been | |
538 | * unlinked, which means that finding a lower origin on lookup | |
539 | * whose index is a whiteout should be treated as an error. | |
540 | */ | |
541 | pr_warn_ratelimited("overlayfs: bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n", | |
542 | index, d_inode(index)->i_mode & S_IFMT, | |
543 | d_inode(origin)->i_mode & S_IFMT); | |
359f392c AG |
544 | goto fail; |
545 | } | |
546 | ||
547 | out: | |
548 | kfree(name.name); | |
549 | return index; | |
550 | ||
6eaf0111 AG |
551 | out_dput: |
552 | dput(index); | |
553 | index = NULL; | |
554 | goto out; | |
555 | ||
359f392c AG |
556 | fail: |
557 | dput(index); | |
558 | index = ERR_PTR(-EIO); | |
559 | goto out; | |
560 | } | |
561 | ||
bbb1e54d MS |
562 | /* |
563 | * Returns next layer in stack starting from top. | |
564 | * Returns -1 if this is the last layer. | |
565 | */ | |
566 | int ovl_path_next(int idx, struct dentry *dentry, struct path *path) | |
567 | { | |
568 | struct ovl_entry *oe = dentry->d_fsdata; | |
569 | ||
570 | BUG_ON(idx < 0); | |
571 | if (idx == 0) { | |
572 | ovl_path_upper(dentry, path); | |
573 | if (path->dentry) | |
574 | return oe->numlower ? 1 : -1; | |
575 | idx++; | |
576 | } | |
577 | BUG_ON(idx > oe->numlower); | |
b9343632 CR |
578 | path->dentry = oe->lowerstack[idx - 1].dentry; |
579 | path->mnt = oe->lowerstack[idx - 1].layer->mnt; | |
bbb1e54d MS |
580 | |
581 | return (idx < oe->numlower) ? idx + 1 : -1; | |
582 | } | |
583 | ||
b9343632 CR |
584 | static int ovl_find_layer(struct ovl_fs *ofs, struct ovl_path *path) |
585 | { | |
586 | int i; | |
587 | ||
588 | for (i = 0; i < ofs->numlower; i++) { | |
589 | if (ofs->lower_layers[i].mnt == path->layer->mnt) | |
590 | break; | |
591 | } | |
592 | ||
593 | return i; | |
594 | } | |
595 | ||
bbb1e54d MS |
596 | struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, |
597 | unsigned int flags) | |
598 | { | |
599 | struct ovl_entry *oe; | |
600 | const struct cred *old_cred; | |
6b2d5fe4 | 601 | struct ovl_fs *ofs = dentry->d_sb->s_fs_info; |
bbb1e54d | 602 | struct ovl_entry *poe = dentry->d_parent->d_fsdata; |
c22205d0 | 603 | struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata; |
b9343632 | 604 | struct ovl_path *stack = NULL; |
bbb1e54d | 605 | struct dentry *upperdir, *upperdentry = NULL; |
359f392c | 606 | struct dentry *index = NULL; |
bbb1e54d MS |
607 | unsigned int ctr = 0; |
608 | struct inode *inode = NULL; | |
609 | bool upperopaque = false; | |
02b69b28 | 610 | char *upperredirect = NULL; |
bbb1e54d MS |
611 | struct dentry *this; |
612 | unsigned int i; | |
613 | int err; | |
e28edc46 MS |
614 | struct ovl_lookup_data d = { |
615 | .name = dentry->d_name, | |
616 | .is_dir = false, | |
617 | .opaque = false, | |
618 | .stop = false, | |
619 | .last = !poe->numlower, | |
02b69b28 | 620 | .redirect = NULL, |
e28edc46 | 621 | }; |
bbb1e54d | 622 | |
6b2d5fe4 MS |
623 | if (dentry->d_name.len > ofs->namelen) |
624 | return ERR_PTR(-ENAMETOOLONG); | |
625 | ||
bbb1e54d | 626 | old_cred = ovl_override_creds(dentry->d_sb); |
09d8b586 | 627 | upperdir = ovl_dentry_upper(dentry->d_parent); |
bbb1e54d | 628 | if (upperdir) { |
e28edc46 MS |
629 | err = ovl_lookup_layer(upperdir, &d, &upperdentry); |
630 | if (err) | |
bbb1e54d MS |
631 | goto out; |
632 | ||
e28edc46 MS |
633 | if (upperdentry && unlikely(ovl_dentry_remote(upperdentry))) { |
634 | dput(upperdentry); | |
635 | err = -EREMOTE; | |
636 | goto out; | |
bbb1e54d | 637 | } |
a9d01957 AG |
638 | if (upperdentry && !d.is_dir) { |
639 | BUG_ON(!d.stop || d.redirect); | |
f7d3daca AG |
640 | /* |
641 | * Lookup copy up origin by decoding origin file handle. | |
642 | * We may get a disconnected dentry, which is fine, | |
643 | * because we only need to hold the origin inode in | |
644 | * cache and use its inode number. We may even get a | |
645 | * connected dentry, that is not under any of the lower | |
646 | * layers root. That is also fine for using it's inode | |
647 | * number - it's the same as if we held a reference | |
648 | * to a dentry in lower layer that was moved under us. | |
649 | */ | |
415543d5 AG |
650 | err = ovl_check_origin(upperdentry, roe->lowerstack, |
651 | roe->numlower, &stack, &ctr); | |
a9d01957 | 652 | if (err) |
5455f92b | 653 | goto out_put_upper; |
a9d01957 | 654 | } |
02b69b28 MS |
655 | |
656 | if (d.redirect) { | |
0ce5cdc9 | 657 | err = -ENOMEM; |
02b69b28 MS |
658 | upperredirect = kstrdup(d.redirect, GFP_KERNEL); |
659 | if (!upperredirect) | |
660 | goto out_put_upper; | |
661 | if (d.redirect[0] == '/') | |
c22205d0 | 662 | poe = roe; |
02b69b28 | 663 | } |
e28edc46 | 664 | upperopaque = d.opaque; |
bbb1e54d MS |
665 | } |
666 | ||
e28edc46 | 667 | if (!d.stop && poe->numlower) { |
bbb1e54d | 668 | err = -ENOMEM; |
b9343632 | 669 | stack = kcalloc(ofs->numlower, sizeof(struct ovl_path), |
0ee931c4 | 670 | GFP_KERNEL); |
bbb1e54d MS |
671 | if (!stack) |
672 | goto out_put_upper; | |
673 | } | |
674 | ||
e28edc46 | 675 | for (i = 0; !d.stop && i < poe->numlower; i++) { |
b9343632 | 676 | struct ovl_path lower = poe->lowerstack[i]; |
bbb1e54d | 677 | |
e28edc46 | 678 | d.last = i == poe->numlower - 1; |
b9343632 | 679 | err = ovl_lookup_layer(lower.dentry, &d, &this); |
e28edc46 | 680 | if (err) |
bbb1e54d | 681 | goto out_put; |
6b2d5fe4 | 682 | |
bbb1e54d MS |
683 | if (!this) |
684 | continue; | |
bbb1e54d MS |
685 | |
686 | stack[ctr].dentry = this; | |
b9343632 | 687 | stack[ctr].layer = lower.layer; |
bbb1e54d | 688 | ctr++; |
02b69b28 | 689 | |
438c84c2 MS |
690 | /* |
691 | * Following redirects can have security consequences: it's like | |
692 | * a symlink into the lower layer without the permission checks. | |
693 | * This is only a problem if the upper layer is untrusted (e.g | |
694 | * comes from an USB drive). This can allow a non-readable file | |
695 | * or directory to become readable. | |
696 | * | |
697 | * Only following redirects when redirects are enabled disables | |
698 | * this attack vector when not necessary. | |
699 | */ | |
700 | err = -EPERM; | |
701 | if (d.redirect && !ofs->config.redirect_follow) { | |
702 | pr_warn_ratelimited("overlay: refusing to follow redirect for (%pd2)\n", dentry); | |
703 | goto out_put; | |
704 | } | |
705 | ||
cdfbada6 VG |
706 | if (d.stop) |
707 | break; | |
708 | ||
c22205d0 AG |
709 | if (d.redirect && d.redirect[0] == '/' && poe != roe) { |
710 | poe = roe; | |
02b69b28 MS |
711 | |
712 | /* Find the current layer on the root dentry */ | |
b9343632 CR |
713 | i = ovl_find_layer(ofs, &lower); |
714 | if (WARN_ON(i == ofs->numlower)) | |
02b69b28 MS |
715 | break; |
716 | } | |
bbb1e54d MS |
717 | } |
718 | ||
359f392c AG |
719 | /* Lookup index by lower inode and verify it matches upper inode */ |
720 | if (ctr && !d.is_dir && ovl_indexdir(dentry->d_sb)) { | |
721 | struct dentry *origin = stack[0].dentry; | |
722 | ||
723 | index = ovl_lookup_index(dentry, upperdentry, origin); | |
724 | if (IS_ERR(index)) { | |
725 | err = PTR_ERR(index); | |
726 | index = NULL; | |
727 | goto out_put; | |
728 | } | |
729 | } | |
730 | ||
bbb1e54d MS |
731 | oe = ovl_alloc_entry(ctr); |
732 | err = -ENOMEM; | |
733 | if (!oe) | |
734 | goto out_put; | |
735 | ||
e6d2ebdd | 736 | oe->opaque = upperopaque; |
b9343632 | 737 | memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr); |
e6d2ebdd | 738 | dentry->d_fsdata = oe; |
bbb1e54d | 739 | |
55acc661 MS |
740 | if (upperdentry) |
741 | ovl_dentry_set_upper_alias(dentry); | |
742 | else if (index) | |
359f392c AG |
743 | upperdentry = dget(index); |
744 | ||
e6d2ebdd | 745 | if (upperdentry || ctr) { |
6eaf0111 | 746 | inode = ovl_get_inode(dentry, upperdentry, index); |
b9ac5c27 MS |
747 | err = PTR_ERR(inode); |
748 | if (IS_ERR(inode)) | |
bbb1e54d | 749 | goto out_free_oe; |
cf31c463 MS |
750 | |
751 | OVL_I(inode)->redirect = upperredirect; | |
359f392c AG |
752 | if (index) |
753 | ovl_set_flag(OVL_INDEX, inode); | |
bbb1e54d MS |
754 | } |
755 | ||
756 | revert_creds(old_cred); | |
359f392c | 757 | dput(index); |
bbb1e54d | 758 | kfree(stack); |
02b69b28 | 759 | kfree(d.redirect); |
bbb1e54d MS |
760 | d_add(dentry, inode); |
761 | ||
762 | return NULL; | |
763 | ||
764 | out_free_oe: | |
e6d2ebdd | 765 | dentry->d_fsdata = NULL; |
bbb1e54d MS |
766 | kfree(oe); |
767 | out_put: | |
359f392c | 768 | dput(index); |
bbb1e54d MS |
769 | for (i = 0; i < ctr; i++) |
770 | dput(stack[i].dentry); | |
771 | kfree(stack); | |
772 | out_put_upper: | |
773 | dput(upperdentry); | |
02b69b28 | 774 | kfree(upperredirect); |
bbb1e54d | 775 | out: |
02b69b28 | 776 | kfree(d.redirect); |
bbb1e54d MS |
777 | revert_creds(old_cred); |
778 | return ERR_PTR(err); | |
779 | } | |
780 | ||
781 | bool ovl_lower_positive(struct dentry *dentry) | |
782 | { | |
783 | struct ovl_entry *oe = dentry->d_fsdata; | |
784 | struct ovl_entry *poe = dentry->d_parent->d_fsdata; | |
785 | const struct qstr *name = &dentry->d_name; | |
786 | unsigned int i; | |
787 | bool positive = false; | |
788 | bool done = false; | |
789 | ||
790 | /* | |
791 | * If dentry is negative, then lower is positive iff this is a | |
792 | * whiteout. | |
793 | */ | |
794 | if (!dentry->d_inode) | |
795 | return oe->opaque; | |
796 | ||
797 | /* Negative upper -> positive lower */ | |
09d8b586 | 798 | if (!ovl_dentry_upper(dentry)) |
bbb1e54d MS |
799 | return true; |
800 | ||
801 | /* Positive upper -> have to look up lower to see whether it exists */ | |
802 | for (i = 0; !done && !positive && i < poe->numlower; i++) { | |
803 | struct dentry *this; | |
804 | struct dentry *lowerdir = poe->lowerstack[i].dentry; | |
805 | ||
806 | this = lookup_one_len_unlocked(name->name, lowerdir, | |
807 | name->len); | |
808 | if (IS_ERR(this)) { | |
809 | switch (PTR_ERR(this)) { | |
810 | case -ENOENT: | |
811 | case -ENAMETOOLONG: | |
812 | break; | |
813 | ||
814 | default: | |
815 | /* | |
816 | * Assume something is there, we just couldn't | |
817 | * access it. | |
818 | */ | |
819 | positive = true; | |
820 | break; | |
821 | } | |
822 | } else { | |
823 | if (this->d_inode) { | |
824 | positive = !ovl_is_whiteout(this); | |
825 | done = true; | |
826 | } | |
827 | dput(this); | |
828 | } | |
829 | } | |
830 | ||
831 | return positive; | |
832 | } |