]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blame - fs/overlayfs/namei.c
projects / mirror_ubuntu-hirsute-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ovl: drop flags argument from ovl_do_setxattr()
[mirror_ubuntu-hirsute-kernel.git] / fs / overlayfs / namei.c
CommitLineData
d2912cb1 1// SPDX-License-Identifier: GPL-2.0-only
bbb1e54d
MS		 2/*
3 * Copyright (C) 2011 Novell Inc.
4 * Copyright (C) 2016 Red Hat, Inc.
bbb1e54d
MS		 5 */
6
7#include <linux/fs.h>
5b825c3a 8#include <linux/cred.h>
9ee60ce2 9#include <linux/ctype.h>
bbb1e54d
MS		 10#include <linux/namei.h>
11#include <linux/xattr.h>
02b69b28 12#include <linux/ratelimit.h>
a9d01957
AG		 13#include <linux/mount.h>
14#include <linux/exportfs.h>
bbb1e54d 15#include "overlayfs.h"
bbb1e54d 16
e28edc46 17struct ovl_lookup_data {
146d62e5 18 struct super_block *sb;
e28edc46
MS		 19 struct qstr name;
20 bool is_dir;
21 bool opaque;
22 bool stop;
23 bool last;
02b69b28 24 char *redirect;
9d3dfea3 25 bool metacopy;
e28edc46 26};
bbb1e54d 27
02b69b28
MS		 28static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d,
29 size_t prelen, const char *post)
30{
31 int res;
0a2d0d3f 32 char *buf;
02b69b28 33
0a2d0d3f
VG		 34 buf = ovl_get_redirect_xattr(dentry, prelen + strlen(post));
35 if (IS_ERR_OR_NULL(buf))
36 return PTR_ERR(buf);
02b69b28 37
02b69b28 38 if (buf[0] == '/') {
3ec9b3fa
AG		 39 /*
40 * One of the ancestor path elements in an absolute path
41 * lookup in ovl_lookup_layer() could have been opaque and
42 * that will stop further lookup in lower layers (d->stop=true)
43 * But we have found an absolute redirect in decendant path
44 * element and that should force continue lookup in lower
45 * layers (reset d->stop).
46 */
47 d->stop = false;
02b69b28 48 } else {
0a2d0d3f 49 res = strlen(buf) + 1;
02b69b28
MS		 50 memmove(buf + prelen, buf, res);
51 memcpy(buf, d->name.name, prelen);
52 }
53
54 strcat(buf, post);
55 kfree(d->redirect);
56 d->redirect = buf;
57 d->name.name = d->redirect;
58 d->name.len = strlen(d->redirect);
59
60 return 0;
02b69b28
MS		 61}
62
a9d01957
AG		 63static int ovl_acceptable(void *ctx, struct dentry *dentry)
64{
e8f9e5b7
AG		 65 /*
66 * A non-dir origin may be disconnected, which is fine, because
67 * we only need it for its unique inode number.
68 */
69 if (!d_is_dir(dentry))
70 return 1;
71
72 /* Don't decode a deleted empty directory */
73 if (d_unhashed(dentry))
74 return 0;
75
76 /* Check if directory belongs to the layer we are decoding from */
77 return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root);
a9d01957
AG		 78}
79
2e1a5328
AG		 80/*
81 * Check validity of an overlay file handle buffer.
82 *
83 * Return 0 for a valid file handle.
84 * Return -ENODATA for "origin unknown".
85 * Return <0 for an invalid file handle.
86 */
cbe7fba8 87int ovl_check_fb_len(struct ovl_fb *fb, int fb_len)
2e1a5328 88{
cbe7fba8 89 if (fb_len < sizeof(struct ovl_fb) || fb_len < fb->len)
2e1a5328
AG		 90 return -EINVAL;
91
cbe7fba8 92 if (fb->magic != OVL_FH_MAGIC)
2e1a5328
AG		 93 return -EINVAL;
94
95 /* Treat larger version and unknown flags as "origin unknown" */
cbe7fba8 96 if (fb->version > OVL_FH_VERSION || fb->flags & ~OVL_FH_FLAG_ALL)
2e1a5328
AG		 97 return -ENODATA;
98
99 /* Treat endianness mismatch as "origin unknown" */
cbe7fba8
AG		 100 if (!(fb->flags & OVL_FH_FLAG_ANY_ENDIAN) &&
101 (fb->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN)
2e1a5328
AG		 102 return -ENODATA;
103
104 return 0;
105}
106
05122443 107static struct ovl_fh *ovl_get_fh(struct dentry *dentry, const char *name)
a9d01957 108{
2e1a5328 109 int res, err;
a9d01957 110 struct ovl_fh *fh = NULL;
a9d01957 111
d5dc7486 112 res = ovl_do_getxattr(dentry, name, NULL, 0);
a9d01957
AG		 113 if (res < 0) {
114 if (res == -ENODATA || res == -EOPNOTSUPP)
115 return NULL;
116 goto fail;
117 }
118 /* Zero size value means "copied up but origin unknown" */
119 if (res == 0)
120 return NULL;
121
cbe7fba8 122 fh = kzalloc(res + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
a9d01957
AG		 123 if (!fh)
124 return ERR_PTR(-ENOMEM);
125
d5dc7486 126 res = ovl_do_getxattr(dentry, name, fh->buf, res);
a9d01957
AG		 127 if (res < 0)
128 goto fail;
129
cbe7fba8 130 err = ovl_check_fb_len(&fh->fb, res);
2e1a5328
AG		 131 if (err < 0) {
132 if (err == -ENODATA)
133 goto out;
a9d01957 134 goto invalid;
2e1a5328 135 }
a9d01957 136
8b88a2e6
AG		 137 return fh;
138
139out:
140 kfree(fh);
141 return NULL;
142
143fail:
1bd0a3ae 144 pr_warn_ratelimited("failed to get origin (%i)\n", res);
8b88a2e6
AG		 145 goto out;
146invalid:
1bd0a3ae 147 pr_warn_ratelimited("invalid origin (%*phN)\n", res, fh);
8b88a2e6
AG		 148 goto out;
149}
150
8a22efa1
AG		 151struct dentry *ovl_decode_real_fh(struct ovl_fh *fh, struct vfsmount *mnt,
152 bool connected)
8b88a2e6 153{
e8f9e5b7 154 struct dentry *real;
8b88a2e6
AG		 155 int bytes;
156
a9d01957
AG		 157 /*
158 * Make sure that the stored uuid matches the uuid of the lower
159 * layer where file handle will be decoded.
160 */
cbe7fba8 161 if (!uuid_equal(&fh->fb.uuid, &mnt->mnt_sb->s_uuid))
2e1a5328 162 return NULL;
a9d01957 163
cbe7fba8
AG		 164 bytes = (fh->fb.len - offsetof(struct ovl_fb, fid));
165 real = exportfs_decode_fh(mnt, (struct fid *)fh->fb.fid,
166 bytes >> 2, (int)fh->fb.type,
8a22efa1 167 connected ? ovl_acceptable : NULL, mnt);
e8f9e5b7
AG		 168 if (IS_ERR(real)) {
169 /*
170 * Treat stale file handle to lower file as "origin unknown".
171 * upper file handle could become stale when upper file is
172 * unlinked and this information is needed to handle stale
173 * index entries correctly.
174 */
175 if (real == ERR_PTR(-ESTALE) &&
cbe7fba8 176 !(fh->fb.flags & OVL_FH_FLAG_PATH_UPPER))
e8f9e5b7
AG		 177 real = NULL;
178 return real;
a9d01957
AG		 179 }
180
e8f9e5b7
AG		 181 if (ovl_dentry_weird(real)) {
182 dput(real);
2e1a5328
AG		 183 return NULL;
184 }
a9d01957 185
e8f9e5b7 186 return real;
a9d01957
AG		 187}
188
ee1d6d37
AG		 189static bool ovl_is_opaquedir(struct dentry *dentry)
190{
191 return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE);
192}
193
1434a65e
CX		 194static struct dentry *ovl_lookup_positive_unlocked(const char *name,
195 struct dentry *base, int len,
196 bool drop_negative)
197{
198 struct dentry *ret = lookup_one_len_unlocked(name, base, len);
199
200 if (!IS_ERR(ret) && d_flags_negative(smp_load_acquire(&ret->d_flags))) {
201 if (drop_negative && ret->d_lockref.count == 1) {
202 spin_lock(&ret->d_lock);
203 /* Recheck condition under lock */
204 if (d_is_negative(ret) && ret->d_lockref.count == 1)
205 __d_drop(ret);
206 spin_unlock(&ret->d_lock);
207 }
208 dput(ret);
209 ret = ERR_PTR(-ENOENT);
210 }
211 return ret;
212}
213
e28edc46
MS		 214static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,
215 const char *name, unsigned int namelen,
02b69b28 216 size_t prelen, const char *post,
1434a65e 217 struct dentry **ret, bool drop_negative)
e28edc46
MS		 218{
219 struct dentry *this;
220 int err;
102b0d11 221 bool last_element = !post[0];
e28edc46 222
1434a65e 223 this = ovl_lookup_positive_unlocked(name, base, namelen, drop_negative);
e28edc46
MS		 224 if (IS_ERR(this)) {
225 err = PTR_ERR(this);
226 this = NULL;
227 if (err == -ENOENT || err == -ENAMETOOLONG)
228 goto out;
229 goto out_err;
230 }
e28edc46
MS		 231
232 if (ovl_dentry_weird(this)) {
233 /* Don't support traversing automounts and other weirdness */
234 err = -EREMOTE;
235 goto out_err;
236 }
237 if (ovl_is_whiteout(this)) {
238 d->stop = d->opaque = true;
239 goto put_and_out;
240 }
9d3dfea3
VG		 241 /*
242 * This dentry should be a regular file if previous layer lookup
243 * found a metacopy dentry.
244 */
245 if (last_element && d->metacopy && !d_is_reg(this)) {
e28edc46 246 d->stop = true;
9d3dfea3
VG		 247 goto put_and_out;
248 }
249 if (!d_can_lookup(this)) {
250 if (d->is_dir || !last_element) {
251 d->stop = true;
e28edc46 252 goto put_and_out;
9d3dfea3
VG		 253 }
254 err = ovl_check_metacopy_xattr(this);
255 if (err < 0)
256 goto out_err;
3a291774 257
9d3dfea3
VG		 258 d->metacopy = err;
259 d->stop = !d->metacopy;
b8a8824c
VG		 260 if (!d->metacopy || d->last)
261 goto out;
0618a816 262 } else {
146d62e5
AG		 263 if (ovl_lookup_trap_inode(d->sb, this)) {
264 /* Caught in a trap of overlapping layers */
265 err = -ELOOP;
266 goto out_err;
267 }
268
102b0d11 269 if (last_element)
0618a816
VG		 270 d->is_dir = true;
271 if (d->last)
272 goto out;
273
274 if (ovl_is_opaquedir(this)) {
275 d->stop = true;
276 if (last_element)
277 d->opaque = true;
278 goto out;
279 }
e28edc46 280 }
02b69b28
MS		 281 err = ovl_check_redirect(this, d, prelen, post);
282 if (err)
283 goto out_err;
e28edc46
MS		 284out:
285 *ret = this;
286 return 0;
287
288put_and_out:
289 dput(this);
290 this = NULL;
291 goto out;
292
293out_err:
294 dput(this);
295 return err;
296}
297
298static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d,
1434a65e 299 struct dentry **ret, bool drop_negative)
e28edc46 300{
4c7d0c9c
AG		 301 /* Counting down from the end, since the prefix can change */
302 size_t rem = d->name.len - 1;
02b69b28
MS		 303 struct dentry *dentry = NULL;
304 int err;
305
4c7d0c9c 306 if (d->name.name[0] != '/')
02b69b28 307 return ovl_lookup_single(base, d, d->name.name, d->name.len,
1434a65e 308 0, "", ret, drop_negative);
02b69b28 309
4c7d0c9c
AG		 310 while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) {
311 const char *s = d->name.name + d->name.len - rem;
02b69b28 312 const char *next = strchrnul(s, '/');
4c7d0c9c
AG		 313 size_t thislen = next - s;
314 bool end = !next[0];
02b69b28 315
4c7d0c9c
AG		 316 /* Verify we did not go off the rails */
317 if (WARN_ON(s[-1] != '/'))
02b69b28
MS		 318 return -EIO;
319
4c7d0c9c 320 err = ovl_lookup_single(base, d, s, thislen,
1434a65e
CX		 321 d->name.len - rem, next, &base,
322 drop_negative);
02b69b28
MS		 323 dput(dentry);
324 if (err)
325 return err;
326 dentry = base;
4c7d0c9c
AG		 327 if (end)
328 break;
329
330 rem -= thislen + 1;
331
332 if (WARN_ON(rem >= d->name.len))
333 return -EIO;
02b69b28
MS		 334 }
335 *ret = dentry;
336 return 0;
e28edc46
MS		 337}
338
a9d01957 339
8a22efa1 340int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, bool connected,
f941866f 341 struct dentry *upperdentry, struct ovl_path **stackp)
a9d01957 342{
f7d3daca
AG		 343 struct dentry *origin = NULL;
344 int i;
a9d01957 345
94375f9d 346 for (i = 1; i < ofs->numlayer; i++) {
7e63c87f
AG		 347 /*
348 * If lower fs uuid is not unique among lower fs we cannot match
349 * fh->uuid to layer.
350 */
94375f9d
AG		 351 if (ofs->layers[i].fsid &&
352 ofs->layers[i].fs->bad_uuid)
7e63c87f
AG		 353 continue;
354
94375f9d 355 origin = ovl_decode_real_fh(fh, ofs->layers[i].mnt,
8a22efa1 356 connected);
f7d3daca
AG		 357 if (origin)
358 break;
359 }
360
361 if (!origin)
2e1a5328
AG		 362 return -ESTALE;
363 else if (IS_ERR(origin))
364 return PTR_ERR(origin);
365
f941866f 366 if (upperdentry && !ovl_is_whiteout(upperdentry) &&
2e1a5328
AG		 367 ((d_inode(origin)->i_mode ^ d_inode(upperdentry)->i_mode) & S_IFMT))
368 goto invalid;
a9d01957 369
415543d5 370 if (!*stackp)
b9343632 371 *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL);
a9d01957
AG		 372 if (!*stackp) {
373 dput(origin);
374 return -ENOMEM;
375 }
1eff1a1d
AG		 376 **stackp = (struct ovl_path){
377 .dentry = origin,
94375f9d 378 .layer = &ofs->layers[i]
1eff1a1d 379 };
a9d01957
AG		 380
381 return 0;
2e1a5328
AG		 382
383invalid:
1bd0a3ae 384 pr_warn_ratelimited("invalid origin (%pd2, ftype=%x, origin ftype=%x).\n",
2e1a5328
AG		 385 upperdentry, d_inode(upperdentry)->i_mode & S_IFMT,
386 d_inode(origin)->i_mode & S_IFMT);
387 dput(origin);
388 return -EIO;
389}
390
1eff1a1d 391static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry,
d78a0dcf 392 struct ovl_path **stackp)
2e1a5328 393{
05122443 394 struct ovl_fh *fh = ovl_get_fh(upperdentry, OVL_XATTR_ORIGIN);
2e1a5328
AG		 395 int err;
396
397 if (IS_ERR_OR_NULL(fh))
398 return PTR_ERR(fh);
399
8a22efa1 400 err = ovl_check_origin_fh(ofs, fh, false, upperdentry, stackp);
2e1a5328
AG		 401 kfree(fh);
402
403 if (err) {
404 if (err == -ESTALE)
405 return 0;
406 return err;
407 }
408
2e1a5328 409 return 0;
a9d01957
AG		 410}
411
8b88a2e6 412/*
05122443 413 * Verify that @fh matches the file handle stored in xattr @name.
8b88a2e6
AG		 414 * Return 0 on match, -ESTALE on mismatch, < 0 on error.
415 */
05122443
AG		 416static int ovl_verify_fh(struct dentry *dentry, const char *name,
417 const struct ovl_fh *fh)
8b88a2e6 418{
05122443 419 struct ovl_fh *ofh = ovl_get_fh(dentry, name);
8b88a2e6
AG		 420 int err = 0;
421
422 if (!ofh)
423 return -ENODATA;
424
425 if (IS_ERR(ofh))
426 return PTR_ERR(ofh);
427
cbe7fba8 428 if (fh->fb.len != ofh->fb.len || memcmp(&fh->fb, &ofh->fb, fh->fb.len))
8b88a2e6
AG		 429 err = -ESTALE;
430
431 kfree(ofh);
432 return err;
433}
434
435/*
05122443 436 * Verify that @real dentry matches the file handle stored in xattr @name.
8b88a2e6 437 *
05122443
AG		 438 * If @set is true and there is no stored file handle, encode @real and store
439 * file handle in xattr @name.
8b88a2e6 440 *
05122443 441 * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error.
8b88a2e6 442 */
05122443
AG		 443int ovl_verify_set_fh(struct dentry *dentry, const char *name,
444 struct dentry *real, bool is_upper, bool set)
8b88a2e6
AG		 445{
446 struct inode *inode;
447 struct ovl_fh *fh;
448 int err;
449
5b2cccd3 450 fh = ovl_encode_real_fh(real, is_upper);
8b88a2e6 451 err = PTR_ERR(fh);
babf4770
AG		 452 if (IS_ERR(fh)) {
453 fh = NULL;
8b88a2e6 454 goto fail;
babf4770 455 }
8b88a2e6 456
05122443 457 err = ovl_verify_fh(dentry, name, fh);
8b88a2e6 458 if (set && err == -ENODATA)
26150ab5 459 err = ovl_do_setxattr(dentry, name, fh->buf, fh->fb.len);
8b88a2e6
AG		 460 if (err)
461 goto fail;
462
463out:
464 kfree(fh);
465 return err;
466
467fail:
05122443 468 inode = d_inode(real);
1bd0a3ae 469 pr_warn_ratelimited("failed to verify %s (%pd2, ino=%lu, err=%i)\n",
05122443
AG		 470 is_upper ? "upper" : "origin", real,
471 inode ? inode->i_ino : 0, err);
8b88a2e6
AG		 472 goto out;
473}
474
e8f9e5b7 475/* Get upper dentry from index */
3b0bfc6e 476struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index)
e8f9e5b7
AG		 477{
478 struct ovl_fh *fh;
479 struct dentry *upper;
480
481 if (!d_is_dir(index))
482 return dget(index);
483
484 fh = ovl_get_fh(index, OVL_XATTR_UPPER);
485 if (IS_ERR_OR_NULL(fh))
486 return ERR_CAST(fh);
487
08f4c7c8 488 upper = ovl_decode_real_fh(fh, ovl_upper_mnt(ofs), true);
e8f9e5b7
AG		 489 kfree(fh);
490
491 if (IS_ERR_OR_NULL(upper))
492 return upper ?: ERR_PTR(-ESTALE);
493
494 if (!d_is_dir(upper)) {
1bd0a3ae 495 pr_warn_ratelimited("invalid index upper (%pd2, upper=%pd2).\n",
e8f9e5b7
AG		 496 index, upper);
497 dput(upper);
498 return ERR_PTR(-EIO);
499 }
500
501 return upper;
502}
503
415543d5
AG		 504/*
505 * Verify that an index entry name matches the origin file handle stored in
506 * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
507 * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
508 */
1eff1a1d 509int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
415543d5
AG		 510{
511 struct ovl_fh *fh = NULL;
512 size_t len;
b9343632
CR		 513 struct ovl_path origin = { };
514 struct ovl_path *stack = &origin;
e8f9e5b7 515 struct dentry *upper = NULL;
415543d5
AG		 516 int err;
517
518 if (!d_inode(index))
519 return 0;
520
fa0096e3 521 err = -EINVAL;
cbe7fba8 522 if (index->d_name.len < sizeof(struct ovl_fb)*2)
415543d5
AG		 523 goto fail;
524
525 err = -ENOMEM;
526 len = index->d_name.len / 2;
cbe7fba8 527 fh = kzalloc(len + OVL_FH_WIRE_OFFSET, GFP_KERNEL);
415543d5
AG		 528 if (!fh)
529 goto fail;
530
531 err = -EINVAL;
cbe7fba8 532 if (hex2bin(fh->buf, index->d_name.name, len))
2e1a5328
AG		 533 goto fail;
534
cbe7fba8 535 err = ovl_check_fb_len(&fh->fb, len);
2e1a5328 536 if (err)
415543d5
AG		 537 goto fail;
538
7db25d36
AG		 539 /*
540 * Whiteout index entries are used as an indication that an exported
541 * overlay file handle should be treated as stale (i.e. after unlink
542 * of the overlay inode). These entries contain no origin xattr.
543 */
544 if (ovl_is_whiteout(index))
545 goto out;
546
e8f9e5b7
AG		 547 /*
548 * Verifying directory index entries are not stale is expensive, so
549 * only verify stale dir index if NFS export is enabled.
550 */
551 if (d_is_dir(index) && !ofs->config.nfs_export)
552 goto out;
553
554 /*
555 * Directory index entries should have 'upper' xattr pointing to the
556 * real upper dir. Non-dir index entries are hardlinks to the upper
557 * real inode. For non-dir index, we can read the copy up origin xattr
558 * directly from the index dentry, but for dir index we first need to
559 * decode the upper directory.
560 */
561 upper = ovl_index_upper(ofs, index);
562 if (IS_ERR_OR_NULL(upper)) {
563 err = PTR_ERR(upper);
24f0b172
AG		 564 /*
565 * Directory index entries with no 'upper' xattr need to be
566 * removed. When dir index entry has a stale 'upper' xattr,
567 * we assume that upper dir was removed and we treat the dir
568 * index as orphan entry that needs to be whited out.
569 */
570 if (err == -ESTALE)
571 goto orphan;
572 else if (!err)
e8f9e5b7 573 err = -ESTALE;
415543d5 574 goto fail;
e8f9e5b7 575 }
415543d5 576
e8f9e5b7
AG		 577 err = ovl_verify_fh(upper, OVL_XATTR_ORIGIN, fh);
578 dput(upper);
415543d5
AG		 579 if (err)
580 goto fail;
581
e8f9e5b7
AG		 582 /* Check if non-dir index is orphan and don't warn before cleaning it */
583 if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) {
8a22efa1 584 err = ovl_check_origin_fh(ofs, fh, false, index, &stack);
e8f9e5b7
AG		 585 if (err)
586 goto fail;
587
588 if (ovl_get_nlink(origin.dentry, index, 0) == 0)
24f0b172 589 goto orphan;
e8f9e5b7 590 }
caf70cb2 591
415543d5 592out:
e8f9e5b7 593 dput(origin.dentry);
415543d5
AG		 594 kfree(fh);
595 return err;
596
597fail:
1bd0a3ae 598 pr_warn_ratelimited("failed to verify index (%pd2, ftype=%x, err=%i)\n",
61b67471 599 index, d_inode(index)->i_mode & S_IFMT, err);
415543d5 600 goto out;
24f0b172
AG		 601
602orphan:
1bd0a3ae 603 pr_warn_ratelimited("orphan index entry (%pd2, ftype=%x, nlink=%u)\n",
24f0b172
AG		 604 index, d_inode(index)->i_mode & S_IFMT,
605 d_inode(index)->i_nlink);
606 err = -ENOENT;
607 goto out;
415543d5
AG		 608}
609
91ffe7be
AG		 610static int ovl_get_index_name_fh(struct ovl_fh *fh, struct qstr *name)
611{
612 char *n, *s;
613
cbe7fba8 614 n = kcalloc(fh->fb.len, 2, GFP_KERNEL);
91ffe7be
AG		 615 if (!n)
616 return -ENOMEM;
617
cbe7fba8 618 s = bin2hex(n, fh->buf, fh->fb.len);
91ffe7be
AG		 619 *name = (struct qstr) QSTR_INIT(n, s - n);
620
621 return 0;
622
623}
624
359f392c
AG		 625/*
626 * Lookup in indexdir for the index entry of a lower real inode or a copy up
627 * origin inode. The index entry name is the hex representation of the lower
628 * inode file handle.
629 *
630 * If the index dentry in negative, then either no lower aliases have been
631 * copied up yet, or aliases have been copied up in older kernels and are
632 * not indexed.
633 *
634 * If the index dentry for a copy up origin inode is positive, but points
635 * to an inode different than the upper inode, then either the upper inode
636 * has been copied up and not indexed or it was indexed, but since then
637 * index dir was cleared. Either way, that index cannot be used to indentify
638 * the overlay inode.
639 */
640int ovl_get_index_name(struct dentry *origin, struct qstr *name)
641{
359f392c 642 struct ovl_fh *fh;
91ffe7be 643 int err;
359f392c 644
5b2cccd3 645 fh = ovl_encode_real_fh(origin, false);
359f392c
AG		 646 if (IS_ERR(fh))
647 return PTR_ERR(fh);
648
91ffe7be 649 err = ovl_get_index_name_fh(fh, name);
359f392c 650
91ffe7be 651 kfree(fh);
359f392c 652 return err;
91ffe7be
AG		 653}
654
655/* Lookup index by file handle for NFS export */
656struct dentry *ovl_get_index_fh(struct ovl_fs *ofs, struct ovl_fh *fh)
657{
658 struct dentry *index;
659 struct qstr name;
660 int err;
661
662 err = ovl_get_index_name_fh(fh, &name);
663 if (err)
664 return ERR_PTR(err);
665
6c2d4798 666 index = lookup_positive_unlocked(name.name, ofs->indexdir, name.len);
91ffe7be
AG		 667 kfree(name.name);
668 if (IS_ERR(index)) {
669 if (PTR_ERR(index) == -ENOENT)
670 index = NULL;
671 return index;
672 }
673
6c2d4798 674 if (ovl_is_whiteout(index))
91ffe7be
AG		 675 err = -ESTALE;
676 else if (ovl_dentry_weird(index))
677 err = -EIO;
678 else
679 return index;
359f392c 680
91ffe7be
AG		 681 dput(index);
682 return ERR_PTR(err);
359f392c
AG		 683}
684
06170154
AG		 685struct dentry *ovl_lookup_index(struct ovl_fs *ofs, struct dentry *upper,
686 struct dentry *origin, bool verify)
359f392c 687{
359f392c
AG		 688 struct dentry *index;
689 struct inode *inode;
690 struct qstr name;
ad1d615c 691 bool is_dir = d_is_dir(origin);
359f392c
AG		 692 int err;
693
694 err = ovl_get_index_name(origin, &name);
695 if (err)
696 return ERR_PTR(err);
697
6c2d4798 698 index = lookup_positive_unlocked(name.name, ofs->indexdir, name.len);
359f392c 699 if (IS_ERR(index)) {
e0082a0f 700 err = PTR_ERR(index);
7937a56f
AG		 701 if (err == -ENOENT) {
702 index = NULL;
703 goto out;
704 }
1bd0a3ae 705 pr_warn_ratelimited("failed inode index lookup (ino=%lu, key=%.*s, err=%i);\n"
359f392c
AG		 706 "overlayfs: mount with '-o index=off' to disable inodes index.\n",
707 d_inode(origin)->i_ino, name.len, name.name,
708 err);
709 goto out;
710 }
711
0e082555 712 inode = d_inode(index);
6c2d4798 713 if (ovl_is_whiteout(index) && !verify) {
06170154
AG		 714 /*
715 * When index lookup is called with !verify for decoding an
716 * overlay file handle, a whiteout index implies that decode
717 * should treat file handle as stale and no need to print a
718 * warning about it.
719 */
720 dput(index);
721 index = ERR_PTR(-ESTALE);
722 goto out;
0e082555
AG		 723 } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) ||
724 ((inode->i_mode ^ d_inode(origin)->i_mode) & S_IFMT)) {
725 /*
726 * Index should always be of the same file type as origin
727 * except for the case of a whiteout index. A whiteout
728 * index should only exist if all lower aliases have been
729 * unlinked, which means that finding a lower origin on lookup
730 * whose index is a whiteout should be treated as an error.
731 */
1bd0a3ae 732 pr_warn_ratelimited("bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n",
0e082555
AG		 733 index, d_inode(index)->i_mode & S_IFMT,
734 d_inode(origin)->i_mode & S_IFMT);
359f392c 735 goto fail;
06170154 736 } else if (is_dir && verify) {
ad1d615c 737 if (!upper) {
1bd0a3ae 738 pr_warn_ratelimited("suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n",
ad1d615c
AG		 739 origin, index);
740 goto fail;
741 }
359f392c 742
ad1d615c
AG		 743 /* Verify that dir index 'upper' xattr points to upper dir */
744 err = ovl_verify_upper(index, upper, false);
745 if (err) {
746 if (err == -ESTALE) {
1bd0a3ae 747 pr_warn_ratelimited("suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n",
ad1d615c
AG		 748 upper, origin, index);
749 }
750 goto fail;
751 }
752 } else if (upper && d_inode(upper) != inode) {
753 goto out_dput;
754 }
359f392c
AG		 755out:
756 kfree(name.name);
757 return index;
758
6eaf0111
AG		 759out_dput:
760 dput(index);
761 index = NULL;
762 goto out;
763
359f392c
AG		 764fail:
765 dput(index);
766 index = ERR_PTR(-EIO);
767 goto out;
768}
769
bbb1e54d
MS		 770/*
771 * Returns next layer in stack starting from top.
772 * Returns -1 if this is the last layer.
773 */
774int ovl_path_next(int idx, struct dentry *dentry, struct path *path)
775{
776 struct ovl_entry *oe = dentry->d_fsdata;
777
778 BUG_ON(idx < 0);
779 if (idx == 0) {
780 ovl_path_upper(dentry, path);
781 if (path->dentry)
782 return oe->numlower ? 1 : -1;
783 idx++;
784 }
785 BUG_ON(idx > oe->numlower);
b9343632
CR		 786 path->dentry = oe->lowerstack[idx - 1].dentry;
787 path->mnt = oe->lowerstack[idx - 1].layer->mnt;
bbb1e54d
MS		 788
789 return (idx < oe->numlower) ? idx + 1 : -1;
790}
791
9678e630
AG		 792/* Fix missing 'origin' xattr */
793static int ovl_fix_origin(struct dentry *dentry, struct dentry *lower,
794 struct dentry *upper)
795{
796 int err;
797
798 if (ovl_check_origin_xattr(upper))
799 return 0;
800
801 err = ovl_want_write(dentry);
802 if (err)
803 return err;
804
805 err = ovl_set_origin(dentry, lower, upper);
806 if (!err)
807 err = ovl_set_impure(dentry->d_parent, upper->d_parent);
808
809 ovl_drop_write(dentry);
810 return err;
811}
812
bbb1e54d
MS		 813struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry,
814 unsigned int flags)
815{
816 struct ovl_entry *oe;
817 const struct cred *old_cred;
6b2d5fe4 818 struct ovl_fs *ofs = dentry->d_sb->s_fs_info;
bbb1e54d 819 struct ovl_entry *poe = dentry->d_parent->d_fsdata;
c22205d0 820 struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata;
9d3dfea3 821 struct ovl_path *stack = NULL, *origin_path = NULL;
bbb1e54d 822 struct dentry *upperdir, *upperdentry = NULL;
ad1d615c 823 struct dentry *origin = NULL;
359f392c 824 struct dentry *index = NULL;
bbb1e54d
MS		 825 unsigned int ctr = 0;
826 struct inode *inode = NULL;
827 bool upperopaque = false;
02b69b28 828 char *upperredirect = NULL;
bbb1e54d
MS		 829 struct dentry *this;
830 unsigned int i;
831 int err;
6815f479 832 bool uppermetacopy = false;
e28edc46 833 struct ovl_lookup_data d = {
146d62e5 834 .sb = dentry->d_sb,
e28edc46
MS		 835 .name = dentry->d_name,
836 .is_dir = false,
837 .opaque = false,
838 .stop = false,
452061fd 839 .last = ofs->config.redirect_follow ? false : !poe->numlower,
02b69b28 840 .redirect = NULL,
9d3dfea3 841 .metacopy = false,
e28edc46 842 };
bbb1e54d 843
6b2d5fe4
MS		 844 if (dentry->d_name.len > ofs->namelen)
845 return ERR_PTR(-ENAMETOOLONG);
846
bbb1e54d 847 old_cred = ovl_override_creds(dentry->d_sb);
09d8b586 848 upperdir = ovl_dentry_upper(dentry->d_parent);
bbb1e54d 849 if (upperdir) {
1434a65e 850 err = ovl_lookup_layer(upperdir, &d, &upperdentry, true);
e28edc46 851 if (err)
bbb1e54d
MS		 852 goto out;
853
bccece1e 854 if (upperdentry && upperdentry->d_flags & DCACHE_OP_REAL) {
e28edc46
MS		 855 dput(upperdentry);
856 err = -EREMOTE;
857 goto out;
bbb1e54d 858 }
a9d01957 859 if (upperdentry && !d.is_dir) {
f7d3daca
AG		 860 /*
861 * Lookup copy up origin by decoding origin file handle.
862 * We may get a disconnected dentry, which is fine,
863 * because we only need to hold the origin inode in
864 * cache and use its inode number. We may even get a
865 * connected dentry, that is not under any of the lower
866 * layers root. That is also fine for using it's inode
867 * number - it's the same as if we held a reference
868 * to a dentry in lower layer that was moved under us.
869 */
d78a0dcf 870 err = ovl_check_origin(ofs, upperdentry, &origin_path);
a9d01957 871 if (err)
5455f92b 872 goto out_put_upper;
9d3dfea3
VG		 873
874 if (d.metacopy)
6815f479 875 uppermetacopy = true;
a9d01957 876 }
02b69b28
MS		 877
878 if (d.redirect) {
0ce5cdc9 879 err = -ENOMEM;
02b69b28
MS		 880 upperredirect = kstrdup(d.redirect, GFP_KERNEL);
881 if (!upperredirect)
882 goto out_put_upper;
883 if (d.redirect[0] == '/')
c22205d0 884 poe = roe;
02b69b28 885 }
e28edc46 886 upperopaque = d.opaque;
bbb1e54d
MS		 887 }
888
e28edc46 889 if (!d.stop && poe->numlower) {
bbb1e54d 890 err = -ENOMEM;
94375f9d 891 stack = kcalloc(ofs->numlayer - 1, sizeof(struct ovl_path),
0ee931c4 892 GFP_KERNEL);
bbb1e54d
MS		 893 if (!stack)
894 goto out_put_upper;
895 }
896
e28edc46 897 for (i = 0; !d.stop && i < poe->numlower; i++) {
b9343632 898 struct ovl_path lower = poe->lowerstack[i];
bbb1e54d 899
452061fd
VG		 900 if (!ofs->config.redirect_follow)
901 d.last = i == poe->numlower - 1;
902 else
903 d.last = lower.layer->idx == roe->numlower;
904
1434a65e 905 err = ovl_lookup_layer(lower.dentry, &d, &this, false);
e28edc46 906 if (err)
bbb1e54d 907 goto out_put;
6b2d5fe4 908
bbb1e54d
MS		 909 if (!this)
910 continue;
bbb1e54d 911
6815f479
VG		 912 if ((uppermetacopy || d.metacopy) && !ofs->config.metacopy) {
913 err = -EPERM;
914 pr_warn_ratelimited("refusing to follow metacopy origin for (%pd2)\n", dentry);
915 goto out_put;
916 }
917
9678e630
AG		 918 /*
919 * If no origin fh is stored in upper of a merge dir, store fh
920 * of lower dir and set upper parent "impure".
921 */
9d3dfea3 922 if (upperdentry && !ctr && !ofs->noxattr && d.is_dir) {
9678e630
AG		 923 err = ovl_fix_origin(dentry, this, upperdentry);
924 if (err) {
925 dput(this);
926 goto out_put;
927 }
928 }
929
37b12916
AG		 930 /*
931 * When "verify_lower" feature is enabled, do not merge with a
ad1d615c
AG		 932 * lower dir that does not match a stored origin xattr. In any
933 * case, only verified origin is used for index lookup.
9d3dfea3
VG		 934 *
935 * For non-dir dentry, if index=on, then ensure origin
936 * matches the dentry found using path based lookup,
937 * otherwise error out.
37b12916 938 */
9d3dfea3
VG		 939 if (upperdentry && !ctr &&
940 ((d.is_dir && ovl_verify_lower(dentry->d_sb)) ||
941 (!d.is_dir && ofs->config.index && origin_path))) {
37b12916
AG		 942 err = ovl_verify_origin(upperdentry, this, false);
943 if (err) {
944 dput(this);
9d3dfea3
VG		 945 if (d.is_dir)
946 break;
947 goto out_put;
37b12916 948 }
ad1d615c 949 origin = this;
37b12916
AG		 950 }
951
21d8d66a
VG		 952 if (d.metacopy && ctr) {
953 /*
954 * Do not store intermediate metacopy dentries in
955 * lower chain, except top most lower metacopy dentry.
956 * Continue the loop so that if there is an absolute
957 * redirect on this dentry, poe can be reset to roe.
958 */
959 dput(this);
960 this = NULL;
961 } else {
962 stack[ctr].dentry = this;
963 stack[ctr].layer = lower.layer;
964 ctr++;
965 }
02b69b28 966
438c84c2
MS		 967 /*
968 * Following redirects can have security consequences: it's like
969 * a symlink into the lower layer without the permission checks.
970 * This is only a problem if the upper layer is untrusted (e.g
971 * comes from an USB drive). This can allow a non-readable file
972 * or directory to become readable.
973 *
974 * Only following redirects when redirects are enabled disables
975 * this attack vector when not necessary.
976 */
977 err = -EPERM;
978 if (d.redirect && !ofs->config.redirect_follow) {
1bd0a3ae 979 pr_warn_ratelimited("refusing to follow redirect for (%pd2)\n",
f8167817 980 dentry);
438c84c2
MS		 981 goto out_put;
982 }
983
d1fe96c0
VG		 984 if (d.stop)
985 break;
986
c22205d0
AG		 987 if (d.redirect && d.redirect[0] == '/' && poe != roe) {
988 poe = roe;
02b69b28 989 /* Find the current layer on the root dentry */
d583ed7d 990 i = lower.layer->idx - 1;
02b69b28 991 }
bbb1e54d
MS		 992 }
993
6815f479
VG		 994 /*
995 * For regular non-metacopy upper dentries, there is no lower
996 * path based lookup, hence ctr will be zero. If a dentry is found
997 * using ORIGIN xattr on upper, install it in stack.
998 *
999 * For metacopy dentry, path based lookup will find lower dentries.
1000 * Just make sure a corresponding data dentry has been found.
1001 */
1002 if (d.metacopy || (uppermetacopy && !ctr)) {
1003 err = -EIO;
1004 goto out_put;
9d3dfea3
VG		 1005 } else if (!d.is_dir && upperdentry && !ctr && origin_path) {
1006 if (WARN_ON(stack != NULL)) {
1007 err = -EIO;
1008 goto out_put;
1009 }
1010 stack = origin_path;
1011 ctr = 1;
59fb2013 1012 origin = origin_path->dentry;
9d3dfea3
VG		 1013 origin_path = NULL;
1014 }
1015
ad1d615c 1016 /*
59fb2013 1017 * Always lookup index if there is no-upperdentry.
9d3dfea3 1018 *
59fb2013
VG		 1019 * For the case of upperdentry, we have set origin by now if it
1020 * needed to be set. There are basically three cases.
1021 *
1022 * For directories, lookup index by lower inode and verify it matches
1023 * upper inode. We only trust dir index if we verified that lower dir
1024 * matches origin, otherwise dir index entries may be inconsistent
1025 * and we ignore them.
1026 *
1027 * For regular upper, we already set origin if upper had ORIGIN
1028 * xattr. There is no verification though as there is no path
1029 * based dentry lookup in lower in this case.
1030 *
1031 * For metacopy upper, we set a verified origin already if index
1032 * is enabled and if upper had an ORIGIN xattr.
9d3dfea3 1033 *
ad1d615c 1034 */
59fb2013 1035 if (!upperdentry && ctr)
ad1d615c 1036 origin = stack[0].dentry;
359f392c 1037
ad1d615c
AG		 1038 if (origin && ovl_indexdir(dentry->d_sb) &&
1039 (!d.is_dir || ovl_index_all(dentry->d_sb))) {
06170154 1040 index = ovl_lookup_index(ofs, upperdentry, origin, true);
359f392c
AG		 1041 if (IS_ERR(index)) {
1042 err = PTR_ERR(index);
1043 index = NULL;
1044 goto out_put;
1045 }
1046 }
1047
bbb1e54d
MS		 1048 oe = ovl_alloc_entry(ctr);
1049 err = -ENOMEM;
1050 if (!oe)
1051 goto out_put;
1052
b9343632 1053 memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr);
e6d2ebdd 1054 dentry->d_fsdata = oe;
bbb1e54d 1055
c62520a8
AG		 1056 if (upperopaque)
1057 ovl_dentry_set_opaque(dentry);
1058
55acc661
MS		 1059 if (upperdentry)
1060 ovl_dentry_set_upper_alias(dentry);
0a2d0d3f 1061 else if (index) {
359f392c 1062 upperdentry = dget(index);
0a2d0d3f
VG		 1063 upperredirect = ovl_get_redirect_xattr(upperdentry, 0);
1064 if (IS_ERR(upperredirect)) {
1065 err = PTR_ERR(upperredirect);
1066 upperredirect = NULL;
1067 goto out_free_oe;
1068 }
4518dfcf
AG		 1069 err = ovl_check_metacopy_xattr(upperdentry);
1070 if (err < 0)
1071 goto out_free_oe;
1072 uppermetacopy = err;
0a2d0d3f 1073 }
359f392c 1074
e6d2ebdd 1075 if (upperdentry || ctr) {
ac6a52eb
VG		 1076 struct ovl_inode_params oip = {
1077 .upperdentry = upperdentry,
1078 .lowerpath = stack,
1079 .index = index,
1080 .numlower = ctr,
9cec54c8 1081 .redirect = upperredirect,
2664bd08
VG		 1082 .lowerdata = (ctr > 1 && !d.is_dir) ?
1083 stack[ctr - 1].dentry : NULL,
ac6a52eb
VG		 1084 };
1085
1086 inode = ovl_get_inode(dentry->d_sb, &oip);
b9ac5c27
MS		 1087 err = PTR_ERR(inode);
1088 if (IS_ERR(inode))
bbb1e54d 1089 goto out_free_oe;
28166ab3
VG		 1090 if (upperdentry && !uppermetacopy)
1091 ovl_set_flag(OVL_UPPERDATA, inode);
bbb1e54d
MS		 1092 }
1093
f4288844
MS		 1094 ovl_dentry_update_reval(dentry, upperdentry,
1095 DCACHE_OP_REVALIDATE | DCACHE_OP_WEAK_REVALIDATE);
1096
bbb1e54d 1097 revert_creds(old_cred);
9d3dfea3
VG		 1098 if (origin_path) {
1099 dput(origin_path->dentry);
1100 kfree(origin_path);
1101 }
359f392c 1102 dput(index);
bbb1e54d 1103 kfree(stack);
02b69b28 1104 kfree(d.redirect);
829c28be 1105 return d_splice_alias(inode, dentry);
bbb1e54d
MS		 1106
1107out_free_oe:
e6d2ebdd 1108 dentry->d_fsdata = NULL;
bbb1e54d
MS		 1109 kfree(oe);
1110out_put:
359f392c 1111 dput(index);
bbb1e54d
MS		 1112 for (i = 0; i < ctr; i++)
1113 dput(stack[i].dentry);
1114 kfree(stack);
1115out_put_upper:
9d3dfea3
VG		 1116 if (origin_path) {
1117 dput(origin_path->dentry);
1118 kfree(origin_path);
1119 }
bbb1e54d 1120 dput(upperdentry);
02b69b28 1121 kfree(upperredirect);
bbb1e54d 1122out:
02b69b28 1123 kfree(d.redirect);
bbb1e54d
MS		 1124 revert_creds(old_cred);
1125 return ERR_PTR(err);
1126}
1127
1128bool ovl_lower_positive(struct dentry *dentry)
1129{
bbb1e54d
MS		 1130 struct ovl_entry *poe = dentry->d_parent->d_fsdata;
1131 const struct qstr *name = &dentry->d_name;
6d0a8a90 1132 const struct cred *old_cred;
bbb1e54d
MS		 1133 unsigned int i;
1134 bool positive = false;
1135 bool done = false;
1136
1137 /*
1138 * If dentry is negative, then lower is positive iff this is a
1139 * whiteout.
1140 */
1141 if (!dentry->d_inode)
c62520a8 1142 return ovl_dentry_is_opaque(dentry);
bbb1e54d
MS		 1143
1144 /* Negative upper -> positive lower */
09d8b586 1145 if (!ovl_dentry_upper(dentry))
bbb1e54d
MS		 1146 return true;
1147
6d0a8a90 1148 old_cred = ovl_override_creds(dentry->d_sb);
bbb1e54d
MS		 1149 /* Positive upper -> have to look up lower to see whether it exists */
1150 for (i = 0; !done && !positive && i < poe->numlower; i++) {
1151 struct dentry *this;
1152 struct dentry *lowerdir = poe->lowerstack[i].dentry;
1153
6c2d4798 1154 this = lookup_positive_unlocked(name->name, lowerdir,
bbb1e54d
MS		 1155 name->len);
1156 if (IS_ERR(this)) {
1157 switch (PTR_ERR(this)) {
1158 case -ENOENT:
1159 case -ENAMETOOLONG:
1160 break;
1161
1162 default:
1163 /*
1164 * Assume something is there, we just couldn't
1165 * access it.
1166 */
1167 positive = true;
1168 break;
1169 }
1170 } else {
6c2d4798
AV		 1171 positive = !ovl_is_whiteout(this);
1172 done = true;
bbb1e54d
MS		 1173 dput(this);
1174 }
1175 }
6d0a8a90 1176 revert_creds(old_cred);
bbb1e54d
MS		 1177
1178 return positive;
1179}
Ubuntu Hirsute Linux kernel mirror