]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - fs/overlayfs/namei.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
getxattr: use correct xattr length
[mirror_ubuntu-bionic-kernel.git] / fs / overlayfs / namei.c
CommitLineData
bbb1e54d
MS		 1/*
2 * Copyright (C) 2011 Novell Inc.
3 * Copyright (C) 2016 Red Hat, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
8 */
9
10#include <linux/fs.h>
5b825c3a 11#include <linux/cred.h>
bbb1e54d
MS		 12#include <linux/namei.h>
13#include <linux/xattr.h>
02b69b28 14#include <linux/ratelimit.h>
a9d01957
AG		 15#include <linux/mount.h>
16#include <linux/exportfs.h>
bbb1e54d 17#include "overlayfs.h"
bbb1e54d 18
e28edc46
MS		 19struct ovl_lookup_data {
20 struct qstr name;
21 bool is_dir;
22 bool opaque;
23 bool stop;
24 bool last;
02b69b28 25 char *redirect;
e28edc46 26};
bbb1e54d 27
02b69b28
MS		 28static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d,
29 size_t prelen, const char *post)
30{
31 int res;
32 char *s, *next, *buf = NULL;
33
34 res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0);
35 if (res < 0) {
36 if (res == -ENODATA || res == -EOPNOTSUPP)
37 return 0;
38 goto fail;
39 }
0ee931c4 40 buf = kzalloc(prelen + res + strlen(post) + 1, GFP_KERNEL);
02b69b28
MS		 41 if (!buf)
42 return -ENOMEM;
43
44 if (res == 0)
45 goto invalid;
46
47 res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res);
48 if (res < 0)
49 goto fail;
50 if (res == 0)
51 goto invalid;
52 if (buf[0] == '/') {
53 for (s = buf; *s++ == '/'; s = next) {
54 next = strchrnul(s, '/');
55 if (s == next)
56 goto invalid;
57 }
7e82fc84
AG		 58 /*
59 * One of the ancestor path elements in an absolute path
60 * lookup in ovl_lookup_layer() could have been opaque and
61 * that will stop further lookup in lower layers (d->stop=true)
62 * But we have found an absolute redirect in decendant path
63 * element and that should force continue lookup in lower
64 * layers (reset d->stop).
65 */
66 d->stop = false;
02b69b28
MS		 67 } else {
68 if (strchr(buf, '/') != NULL)
69 goto invalid;
70
71 memmove(buf + prelen, buf, res);
72 memcpy(buf, d->name.name, prelen);
73 }
74
75 strcat(buf, post);
76 kfree(d->redirect);
77 d->redirect = buf;
78 d->name.name = d->redirect;
79 d->name.len = strlen(d->redirect);
80
81 return 0;
82
83err_free:
84 kfree(buf);
85 return 0;
86fail:
87 pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res);
88 goto err_free;
89invalid:
90 pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf);
91 goto err_free;
92}
93
a9d01957
AG		 94static int ovl_acceptable(void *ctx, struct dentry *dentry)
95{
96 return 1;
97}
98
8b88a2e6 99static struct ovl_fh *ovl_get_origin_fh(struct dentry *dentry)
a9d01957
AG		 100{
101 int res;
102 struct ovl_fh *fh = NULL;
a9d01957
AG		 103
104 res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, NULL, 0);
105 if (res < 0) {
106 if (res == -ENODATA || res == -EOPNOTSUPP)
107 return NULL;
108 goto fail;
109 }
110 /* Zero size value means "copied up but origin unknown" */
111 if (res == 0)
112 return NULL;
113
0ee931c4 114 fh = kzalloc(res, GFP_KERNEL);
a9d01957
AG		 115 if (!fh)
116 return ERR_PTR(-ENOMEM);
117
118 res = vfs_getxattr(dentry, OVL_XATTR_ORIGIN, fh, res);
119 if (res < 0)
120 goto fail;
121
122 if (res < sizeof(struct ovl_fh) || res < fh->len)
123 goto invalid;
124
125 if (fh->magic != OVL_FH_MAGIC)
126 goto invalid;
127
128 /* Treat larger version and unknown flags as "origin unknown" */
129 if (fh->version > OVL_FH_VERSION || fh->flags & ~OVL_FH_FLAG_ALL)
130 goto out;
131
132 /* Treat endianness mismatch as "origin unknown" */
133 if (!(fh->flags & OVL_FH_FLAG_ANY_ENDIAN) &&
134 (fh->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN)
135 goto out;
136
8b88a2e6
AG		 137 return fh;
138
139out:
140 kfree(fh);
141 return NULL;
142
143fail:
144 pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res);
145 goto out;
146invalid:
147 pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh);
148 goto out;
149}
150
151static struct dentry *ovl_get_origin(struct dentry *dentry,
152 struct vfsmount *mnt)
153{
154 struct dentry *origin = NULL;
155 struct ovl_fh *fh = ovl_get_origin_fh(dentry);
156 int bytes;
157
158 if (IS_ERR_OR_NULL(fh))
159 return (struct dentry *)fh;
a9d01957
AG		 160
161 /*
162 * Make sure that the stored uuid matches the uuid of the lower
163 * layer where file handle will be decoded.
164 */
85787090 165 if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
a9d01957
AG		 166 goto out;
167
8b88a2e6 168 bytes = (fh->len - offsetof(struct ovl_fh, fid));
a9d01957
AG		 169 origin = exportfs_decode_fh(mnt, (struct fid *)fh->fid,
170 bytes >> 2, (int)fh->type,
171 ovl_acceptable, NULL);
172 if (IS_ERR(origin)) {
173 /* Treat stale file handle as "origin unknown" */
174 if (origin == ERR_PTR(-ESTALE))
175 origin = NULL;
176 goto out;
177 }
178
179 if (ovl_dentry_weird(origin) ||
8b88a2e6 180 ((d_inode(origin)->i_mode ^ d_inode(dentry)->i_mode) & S_IFMT))
a9d01957 181 goto invalid;
a9d01957
AG		 182
183out:
184 kfree(fh);
185 return origin;
186
a9d01957 187invalid:
8b88a2e6
AG		 188 pr_warn_ratelimited("overlayfs: invalid origin (%pd2)\n", origin);
189 dput(origin);
190 origin = NULL;
a9d01957
AG		 191 goto out;
192}
193
ee1d6d37
AG		 194static bool ovl_is_opaquedir(struct dentry *dentry)
195{
196 return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE);
197}
198
e28edc46
MS		 199static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,
200 const char *name, unsigned int namelen,
02b69b28 201 size_t prelen, const char *post,
e28edc46
MS		 202 struct dentry **ret)
203{
204 struct dentry *this;
205 int err;
206
207 this = lookup_one_len_unlocked(name, base, namelen);
208 if (IS_ERR(this)) {
209 err = PTR_ERR(this);
210 this = NULL;
211 if (err == -ENOENT || err == -ENAMETOOLONG)
212 goto out;
213 goto out_err;
214 }
215 if (!this->d_inode)
216 goto put_and_out;
217
218 if (ovl_dentry_weird(this)) {
219 /* Don't support traversing automounts and other weirdness */
220 err = -EREMOTE;
221 goto out_err;
222 }
223 if (ovl_is_whiteout(this)) {
224 d->stop = d->opaque = true;
225 goto put_and_out;
226 }
227 if (!d_can_lookup(this)) {
228 d->stop = true;
229 if (d->is_dir)
230 goto put_and_out;
231 goto out;
232 }
233 d->is_dir = true;
234 if (!d->last && ovl_is_opaquedir(this)) {
235 d->stop = d->opaque = true;
236 goto out;
237 }
02b69b28
MS		 238 err = ovl_check_redirect(this, d, prelen, post);
239 if (err)
240 goto out_err;
e28edc46
MS		 241out:
242 *ret = this;
243 return 0;
244
245put_and_out:
246 dput(this);
247 this = NULL;
248 goto out;
249
250out_err:
251 dput(this);
252 return err;
253}
254
255static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d,
256 struct dentry **ret)
257{
4c7d0c9c
AG		 258 /* Counting down from the end, since the prefix can change */
259 size_t rem = d->name.len - 1;
02b69b28
MS		 260 struct dentry *dentry = NULL;
261 int err;
262
4c7d0c9c 263 if (d->name.name[0] != '/')
02b69b28
MS		 264 return ovl_lookup_single(base, d, d->name.name, d->name.len,
265 0, "", ret);
266
4c7d0c9c
AG		 267 while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) {
268 const char *s = d->name.name + d->name.len - rem;
02b69b28 269 const char *next = strchrnul(s, '/');
4c7d0c9c
AG		 270 size_t thislen = next - s;
271 bool end = !next[0];
02b69b28 272
4c7d0c9c
AG		 273 /* Verify we did not go off the rails */
274 if (WARN_ON(s[-1] != '/'))
02b69b28
MS		 275 return -EIO;
276
4c7d0c9c
AG		 277 err = ovl_lookup_single(base, d, s, thislen,
278 d->name.len - rem, next, &base);
02b69b28
MS		 279 dput(dentry);
280 if (err)
281 return err;
282 dentry = base;
4c7d0c9c
AG		 283 if (end)
284 break;
285
286 rem -= thislen + 1;
287
288 if (WARN_ON(rem >= d->name.len))
289 return -EIO;
02b69b28
MS		 290 }
291 *ret = dentry;
292 return 0;
e28edc46
MS		 293}
294
a9d01957 295
415543d5 296static int ovl_check_origin(struct dentry *upperdentry,
b9343632
CR		 297 struct ovl_path *lower, unsigned int numlower,
298 struct ovl_path **stackp, unsigned int *ctrp)
a9d01957 299{
a9d01957 300 struct vfsmount *mnt;
f7d3daca
AG		 301 struct dentry *origin = NULL;
302 int i;
a9d01957 303
415543d5 304 for (i = 0; i < numlower; i++) {
b9343632 305 mnt = lower[i].layer->mnt;
f7d3daca
AG		 306 origin = ovl_get_origin(upperdentry, mnt);
307 if (IS_ERR(origin))
308 return PTR_ERR(origin);
309
310 if (origin)
311 break;
312 }
313
314 if (!origin)
315 return 0;
a9d01957 316
415543d5
AG		 317 BUG_ON(*ctrp);
318 if (!*stackp)
b9343632 319 *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL);
a9d01957
AG		 320 if (!*stackp) {
321 dput(origin);
322 return -ENOMEM;
323 }
b9343632 324 **stackp = (struct ovl_path){.dentry = origin, .layer = lower[i].layer};
a9d01957
AG		 325 *ctrp = 1;
326
327 return 0;
328}
329
8b88a2e6
AG		 330/*
331 * Verify that @fh matches the origin file handle stored in OVL_XATTR_ORIGIN.
332 * Return 0 on match, -ESTALE on mismatch, < 0 on error.
333 */
334static int ovl_verify_origin_fh(struct dentry *dentry, const struct ovl_fh *fh)
335{
336 struct ovl_fh *ofh = ovl_get_origin_fh(dentry);
337 int err = 0;
338
339 if (!ofh)
340 return -ENODATA;
341
342 if (IS_ERR(ofh))
343 return PTR_ERR(ofh);
344
345 if (fh->len != ofh->len || memcmp(fh, ofh, fh->len))
346 err = -ESTALE;
347
348 kfree(ofh);
349 return err;
350}
351
352/*
353 * Verify that an inode matches the origin file handle stored in upper inode.
354 *
355 * If @set is true and there is no stored file handle, encode and store origin
356 * file handle in OVL_XATTR_ORIGIN.
357 *
358 * Return 0 on match, -ESTALE on mismatch, < 0 on error.
359 */
d9768076
AG		 360int ovl_verify_origin(struct dentry *dentry, struct dentry *origin,
361 bool is_upper, bool set)
8b88a2e6
AG		 362{
363 struct inode *inode;
364 struct ovl_fh *fh;
365 int err;
366
54fb347e 367 fh = ovl_encode_fh(origin, is_upper);
8b88a2e6
AG		 368 err = PTR_ERR(fh);
369 if (IS_ERR(fh))
370 goto fail;
371
372 err = ovl_verify_origin_fh(dentry, fh);
373 if (set && err == -ENODATA)
374 err = ovl_do_setxattr(dentry, OVL_XATTR_ORIGIN, fh, fh->len, 0);
375 if (err)
376 goto fail;
377
378out:
379 kfree(fh);
380 return err;
381
382fail:
383 inode = d_inode(origin);
384 pr_warn_ratelimited("overlayfs: failed to verify origin (%pd2, ino=%lu, err=%i)\n",
385 origin, inode ? inode->i_ino : 0, err);
386 goto out;
387}
388
415543d5
AG		 389/*
390 * Verify that an index entry name matches the origin file handle stored in
391 * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
392 * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
393 */
b9343632 394int ovl_verify_index(struct dentry *index, struct ovl_path *lower,
415543d5
AG		 395 unsigned int numlower)
396{
397 struct ovl_fh *fh = NULL;
398 size_t len;
b9343632
CR		 399 struct ovl_path origin = { };
400 struct ovl_path *stack = &origin;
415543d5
AG		 401 unsigned int ctr = 0;
402 int err;
403
404 if (!d_inode(index))
405 return 0;
406
61b67471
AG		 407 /*
408 * Directory index entries are going to be used for looking up
409 * redirected upper dirs by lower dir fh when decoding an overlay
410 * file handle of a merge dir. Whiteout index entries are going to be
411 * used as an indication that an exported overlay file handle should
412 * be treated as stale (i.e. after unlink of the overlay inode).
413 * We don't know the verification rules for directory and whiteout
414 * index entries, because they have not been implemented yet, so return
fa0096e3
AG		 415 * EINVAL if those entries are found to abort the mount to avoid
416 * corrupting an index that was created by a newer kernel.
61b67471 417 */
fa0096e3 418 err = -EINVAL;
61b67471 419 if (d_is_dir(index) || ovl_is_whiteout(index))
415543d5
AG		 420 goto fail;
421
415543d5
AG		 422 if (index->d_name.len < sizeof(struct ovl_fh)*2)
423 goto fail;
424
425 err = -ENOMEM;
426 len = index->d_name.len / 2;
0ee931c4 427 fh = kzalloc(len, GFP_KERNEL);
415543d5
AG		 428 if (!fh)
429 goto fail;
430
431 err = -EINVAL;
432 if (hex2bin((u8 *)fh, index->d_name.name, len) || len != fh->len)
433 goto fail;
434
435 err = ovl_verify_origin_fh(index, fh);
436 if (err)
437 goto fail;
438
b9343632 439 err = ovl_check_origin(index, lower, numlower, &stack, &ctr);
415543d5
AG		 440 if (!err && !ctr)
441 err = -ESTALE;
442 if (err)
443 goto fail;
444
caf70cb2
AG		 445 /* Check if index is orphan and don't warn before cleaning it */
446 if (d_inode(index)->i_nlink == 1 &&
08d8f8a5 447 ovl_get_nlink(origin.dentry, index, 0) == 0)
caf70cb2
AG		 448 err = -ENOENT;
449
415543d5
AG		 450 dput(origin.dentry);
451out:
452 kfree(fh);
453 return err;
454
455fail:
61b67471
AG		 456 pr_warn_ratelimited("overlayfs: failed to verify index (%pd2, ftype=%x, err=%i)\n",
457 index, d_inode(index)->i_mode & S_IFMT, err);
415543d5
AG		 458 goto out;
459}
460
359f392c
AG		 461/*
462 * Lookup in indexdir for the index entry of a lower real inode or a copy up
463 * origin inode. The index entry name is the hex representation of the lower
464 * inode file handle.
465 *
466 * If the index dentry in negative, then either no lower aliases have been
467 * copied up yet, or aliases have been copied up in older kernels and are
468 * not indexed.
469 *
470 * If the index dentry for a copy up origin inode is positive, but points
471 * to an inode different than the upper inode, then either the upper inode
472 * has been copied up and not indexed or it was indexed, but since then
473 * index dir was cleared. Either way, that index cannot be used to indentify
474 * the overlay inode.
475 */
476int ovl_get_index_name(struct dentry *origin, struct qstr *name)
477{
478 int err;
479 struct ovl_fh *fh;
480 char *n, *s;
481
482 fh = ovl_encode_fh(origin, false);
483 if (IS_ERR(fh))
484 return PTR_ERR(fh);
485
486 err = -ENOMEM;
0ee931c4 487 n = kzalloc(fh->len * 2, GFP_KERNEL);
359f392c
AG		 488 if (n) {
489 s = bin2hex(n, fh, fh->len);
490 *name = (struct qstr) QSTR_INIT(n, s - n);
491 err = 0;
492 }
493 kfree(fh);
494
495 return err;
496
497}
498
499static struct dentry *ovl_lookup_index(struct dentry *dentry,
500 struct dentry *upper,
501 struct dentry *origin)
502{
503 struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
504 struct dentry *index;
505 struct inode *inode;
506 struct qstr name;
507 int err;
508
509 err = ovl_get_index_name(origin, &name);
510 if (err)
511 return ERR_PTR(err);
512
513 index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len);
514 if (IS_ERR(index)) {
e0082a0f 515 err = PTR_ERR(index);
7937a56f
AG		 516 if (err == -ENOENT) {
517 index = NULL;
518 goto out;
519 }
359f392c
AG		 520 pr_warn_ratelimited("overlayfs: failed inode index lookup (ino=%lu, key=%*s, err=%i);\n"
521 "overlayfs: mount with '-o index=off' to disable inodes index.\n",
522 d_inode(origin)->i_ino, name.len, name.name,
523 err);
524 goto out;
525 }
526
0e082555 527 inode = d_inode(index);
359f392c 528 if (d_is_negative(index)) {
6eaf0111 529 goto out_dput;
0e082555 530 } else if (upper && d_inode(upper) != inode) {
6eaf0111 531 goto out_dput;
0e082555
AG		 532 } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) ||
533 ((inode->i_mode ^ d_inode(origin)->i_mode) & S_IFMT)) {
534 /*
535 * Index should always be of the same file type as origin
536 * except for the case of a whiteout index. A whiteout
537 * index should only exist if all lower aliases have been
538 * unlinked, which means that finding a lower origin on lookup
539 * whose index is a whiteout should be treated as an error.
540 */
541 pr_warn_ratelimited("overlayfs: bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n",
542 index, d_inode(index)->i_mode & S_IFMT,
543 d_inode(origin)->i_mode & S_IFMT);
359f392c
AG		 544 goto fail;
545 }
546
547out:
548 kfree(name.name);
549 return index;
550
6eaf0111
AG		 551out_dput:
552 dput(index);
553 index = NULL;
554 goto out;
555
359f392c
AG		 556fail:
557 dput(index);
558 index = ERR_PTR(-EIO);
559 goto out;
560}
561
bbb1e54d
MS		 562/*
563 * Returns next layer in stack starting from top.
564 * Returns -1 if this is the last layer.
565 */
566int ovl_path_next(int idx, struct dentry *dentry, struct path *path)
567{
568 struct ovl_entry *oe = dentry->d_fsdata;
569
570 BUG_ON(idx < 0);
571 if (idx == 0) {
572 ovl_path_upper(dentry, path);
573 if (path->dentry)
574 return oe->numlower ? 1 : -1;
575 idx++;
576 }
577 BUG_ON(idx > oe->numlower);
b9343632
CR		 578 path->dentry = oe->lowerstack[idx - 1].dentry;
579 path->mnt = oe->lowerstack[idx - 1].layer->mnt;
bbb1e54d
MS		 580
581 return (idx < oe->numlower) ? idx + 1 : -1;
582}
583
b9343632
CR		 584static int ovl_find_layer(struct ovl_fs *ofs, struct ovl_path *path)
585{
586 int i;
587
588 for (i = 0; i < ofs->numlower; i++) {
589 if (ofs->lower_layers[i].mnt == path->layer->mnt)
590 break;
591 }
592
593 return i;
594}
595
bbb1e54d
MS		 596struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
597 unsigned int flags)
598{
599 struct ovl_entry *oe;
600 const struct cred *old_cred;
6b2d5fe4 601 struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
bbb1e54d 602 struct ovl_entry *poe = dentry->d_parent->d_fsdata;
c22205d0 603 struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata;
b9343632 604 struct ovl_path *stack = NULL;
bbb1e54d 605 struct dentry *upperdir, *upperdentry = NULL;
359f392c 606 struct dentry *index = NULL;
bbb1e54d
MS		 607 unsigned int ctr = 0;
608 struct inode *inode = NULL;
609 bool upperopaque = false;
02b69b28 610 char *upperredirect = NULL;
bbb1e54d
MS		 611 struct dentry *this;
612 unsigned int i;
613 int err;
e28edc46
MS		 614 struct ovl_lookup_data d = {
615 .name = dentry->d_name,
616 .is_dir = false,
617 .opaque = false,
618 .stop = false,
619 .last = !poe->numlower,
02b69b28 620 .redirect = NULL,
e28edc46 621 };
bbb1e54d 622
6b2d5fe4
MS		 623 if (dentry->d_name.len > ofs->namelen)
624 return ERR_PTR(-ENAMETOOLONG);
625
bbb1e54d 626 old_cred = ovl_override_creds(dentry->d_sb);
09d8b586 627 upperdir = ovl_dentry_upper(dentry->d_parent);
bbb1e54d 628 if (upperdir) {
e28edc46
MS		 629 err = ovl_lookup_layer(upperdir, &d, &upperdentry);
630 if (err)
bbb1e54d
MS		 631 goto out;
632
e28edc46
MS		 633 if (upperdentry && unlikely(ovl_dentry_remote(upperdentry))) {
634 dput(upperdentry);
635 err = -EREMOTE;
636 goto out;
bbb1e54d 637 }
a9d01957
AG		 638 if (upperdentry && !d.is_dir) {
639 BUG_ON(!d.stop || d.redirect);
f7d3daca
AG		 640 /*
641 * Lookup copy up origin by decoding origin file handle.
642 * We may get a disconnected dentry, which is fine,
643 * because we only need to hold the origin inode in
644 * cache and use its inode number. We may even get a
645 * connected dentry, that is not under any of the lower
646 * layers root. That is also fine for using it's inode
647 * number - it's the same as if we held a reference
648 * to a dentry in lower layer that was moved under us.
649 */
415543d5
AG		 650 err = ovl_check_origin(upperdentry, roe->lowerstack,
651 roe->numlower, &stack, &ctr);
a9d01957 652 if (err)
5455f92b 653 goto out_put_upper;
a9d01957 654 }
02b69b28
MS		 655
656 if (d.redirect) {
0ce5cdc9 657 err = -ENOMEM;
02b69b28
MS		 658 upperredirect = kstrdup(d.redirect, GFP_KERNEL);
659 if (!upperredirect)
660 goto out_put_upper;
661 if (d.redirect[0] == '/')
c22205d0 662 poe = roe;
02b69b28 663 }
e28edc46 664 upperopaque = d.opaque;
bbb1e54d
MS		 665 }
666
e28edc46 667 if (!d.stop && poe->numlower) {
bbb1e54d 668 err = -ENOMEM;
b9343632 669 stack = kcalloc(ofs->numlower, sizeof(struct ovl_path),
0ee931c4 670 GFP_KERNEL);
bbb1e54d
MS		 671 if (!stack)
672 goto out_put_upper;
673 }
674
e28edc46 675 for (i = 0; !d.stop && i < poe->numlower; i++) {
b9343632 676 struct ovl_path lower = poe->lowerstack[i];
bbb1e54d 677
e28edc46 678 d.last = i == poe->numlower - 1;
b9343632 679 err = ovl_lookup_layer(lower.dentry, &d, &this);
e28edc46 680 if (err)
bbb1e54d 681 goto out_put;
6b2d5fe4 682
bbb1e54d
MS		 683 if (!this)
684 continue;
bbb1e54d
MS		 685
686 stack[ctr].dentry = this;
b9343632 687 stack[ctr].layer = lower.layer;
bbb1e54d 688 ctr++;
02b69b28 689
438c84c2
MS		 690 /*
691 * Following redirects can have security consequences: it's like
692 * a symlink into the lower layer without the permission checks.
693 * This is only a problem if the upper layer is untrusted (e.g
694 * comes from an USB drive). This can allow a non-readable file
695 * or directory to become readable.
696 *
697 * Only following redirects when redirects are enabled disables
698 * this attack vector when not necessary.
699 */
700 err = -EPERM;
701 if (d.redirect && !ofs->config.redirect_follow) {
702 pr_warn_ratelimited("overlay: refusing to follow redirect for (%pd2)\n", dentry);
703 goto out_put;
704 }
705
cdfbada6
VG		 706 if (d.stop)
707 break;
708
c22205d0
AG		 709 if (d.redirect && d.redirect[0] == '/' && poe != roe) {
710 poe = roe;
02b69b28
MS		 711
712 /* Find the current layer on the root dentry */
b9343632
CR		 713 i = ovl_find_layer(ofs, &lower);
714 if (WARN_ON(i == ofs->numlower))
02b69b28
MS		 715 break;
716 }
bbb1e54d
MS		 717 }
718
359f392c
AG		 719 /* Lookup index by lower inode and verify it matches upper inode */
720 if (ctr && !d.is_dir && ovl_indexdir(dentry->d_sb)) {
721 struct dentry *origin = stack[0].dentry;
722
723 index = ovl_lookup_index(dentry, upperdentry, origin);
724 if (IS_ERR(index)) {
725 err = PTR_ERR(index);
726 index = NULL;
727 goto out_put;
728 }
729 }
730
bbb1e54d
MS		 731 oe = ovl_alloc_entry(ctr);
732 err = -ENOMEM;
733 if (!oe)
734 goto out_put;
735
e6d2ebdd 736 oe->opaque = upperopaque;
b9343632 737 memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr);
e6d2ebdd 738 dentry->d_fsdata = oe;
bbb1e54d 739
55acc661
MS		 740 if (upperdentry)
741 ovl_dentry_set_upper_alias(dentry);
742 else if (index)
359f392c
AG		 743 upperdentry = dget(index);
744
e6d2ebdd 745 if (upperdentry || ctr) {
6eaf0111 746 inode = ovl_get_inode(dentry, upperdentry, index);
b9ac5c27
MS		 747 err = PTR_ERR(inode);
748 if (IS_ERR(inode))
bbb1e54d 749 goto out_free_oe;
cf31c463
MS		 750
751 OVL_I(inode)->redirect = upperredirect;
359f392c
AG		 752 if (index)
753 ovl_set_flag(OVL_INDEX, inode);
bbb1e54d
MS		 754 }
755
756 revert_creds(old_cred);
359f392c 757 dput(index);
bbb1e54d 758 kfree(stack);
02b69b28 759 kfree(d.redirect);
bbb1e54d
MS		 760 d_add(dentry, inode);
761
762 return NULL;
763
764out_free_oe:
e6d2ebdd 765 dentry->d_fsdata = NULL;
bbb1e54d
MS		 766 kfree(oe);
767out_put:
359f392c 768 dput(index);
bbb1e54d
MS		 769 for (i = 0; i < ctr; i++)
770 dput(stack[i].dentry);
771 kfree(stack);
772out_put_upper:
773 dput(upperdentry);
02b69b28 774 kfree(upperredirect);
bbb1e54d 775out:
02b69b28 776 kfree(d.redirect);
bbb1e54d
MS		 777 revert_creds(old_cred);
778 return ERR_PTR(err);
779}
780
781bool ovl_lower_positive(struct dentry *dentry)
782{
783 struct ovl_entry *oe = dentry->d_fsdata;
784 struct ovl_entry *poe = dentry->d_parent->d_fsdata;
785 const struct qstr *name = &dentry->d_name;
786 unsigned int i;
787 bool positive = false;
788 bool done = false;
789
790 /*
791 * If dentry is negative, then lower is positive iff this is a
792 * whiteout.
793 */
794 if (!dentry->d_inode)
795 return oe->opaque;
796
797 /* Negative upper -> positive lower */
09d8b586 798 if (!ovl_dentry_upper(dentry))
bbb1e54d
MS		 799 return true;
800
801 /* Positive upper -> have to look up lower to see whether it exists */
802 for (i = 0; !done && !positive && i < poe->numlower; i++) {
803 struct dentry *this;
804 struct dentry *lowerdir = poe->lowerstack[i].dentry;
805
806 this = lookup_one_len_unlocked(name->name, lowerdir,
807 name->len);
808 if (IS_ERR(this)) {
809 switch (PTR_ERR(this)) {
810 case -ENOENT:
811 case -ENAMETOOLONG:
812 break;
813
814 default:
815 /*
816 * Assume something is there, we just couldn't
817 * access it.
818 */
819 positive = true;
820 break;
821 }
822 } else {
823 if (this->d_inode) {
824 positive = !ovl_is_whiteout(this);
825 done = true;
826 }
827 dput(this);
828 }
829 }
830
831 return positive;
832}
ubuntu-bionic-kernel mirror