namei.c (7db25d36d9253c58afd3db837dd53e66ae3b1ac9) namei.c (e8f9e5b780b0406ab81add72f1a05583ae5d40ac)
1/*
2 * Copyright (C) 2011 Novell Inc.
3 * Copyright (C) 2016 Red Hat, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
8 */

--- 70 unchanged lines hidden (view full) ---

79 goto err_free;
80invalid:
81 pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf);
82 goto err_free;
83}
84
85static int ovl_acceptable(void *ctx, struct dentry *dentry)
86{
1/*
2 * Copyright (C) 2011 Novell Inc.
3 * Copyright (C) 2016 Red Hat, Inc.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 as published by
7 * the Free Software Foundation.
8 */

--- 70 unchanged lines hidden (view full) ---

79 goto err_free;
80invalid:
81 pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf);
82 goto err_free;
83}
84
85static int ovl_acceptable(void *ctx, struct dentry *dentry)
86{
87 return 1;
87 /*
88 * A non-dir origin may be disconnected, which is fine, because
89 * we only need it for its unique inode number.
90 */
91 if (!d_is_dir(dentry))
92 return 1;
93
94 /* Don't decode a deleted empty directory */
95 if (d_unhashed(dentry))
96 return 0;
97
98 /* Check if directory belongs to the layer we are decoding from */
99 return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root);
88}
89
90/*
91 * Check validity of an overlay file handle buffer.
92 *
93 * Return 0 for a valid file handle.
94 * Return -ENODATA for "origin unknown".
95 * Return <0 for an invalid file handle.

--- 59 unchanged lines hidden (view full) ---

155 goto out;
156invalid:
157 pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh);
158 goto out;
159}
160
161static struct dentry *ovl_decode_fh(struct ovl_fh *fh, struct vfsmount *mnt)
162{
100}
101
102/*
103 * Check validity of an overlay file handle buffer.
104 *
105 * Return 0 for a valid file handle.
106 * Return -ENODATA for "origin unknown".
107 * Return <0 for an invalid file handle.

--- 59 unchanged lines hidden (view full) ---

167 goto out;
168invalid:
169 pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh);
170 goto out;
171}
172
173static struct dentry *ovl_decode_fh(struct ovl_fh *fh, struct vfsmount *mnt)
174{
163 struct dentry *origin;
175 struct dentry *real;
164 int bytes;
165
166 /*
167 * Make sure that the stored uuid matches the uuid of the lower
168 * layer where file handle will be decoded.
169 */
170 if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
171 return NULL;
172
173 bytes = (fh->len - offsetof(struct ovl_fh, fid));
176 int bytes;
177
178 /*
179 * Make sure that the stored uuid matches the uuid of the lower
180 * layer where file handle will be decoded.
181 */
182 if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid))
183 return NULL;
184
185 bytes = (fh->len - offsetof(struct ovl_fh, fid));
174 origin = exportfs_decode_fh(mnt, (struct fid *)fh->fid,
175 bytes >> 2, (int)fh->type,
176 ovl_acceptable, NULL);
177 if (IS_ERR(origin)) {
178 /* Treat stale file handle as "origin unknown" */
179 if (origin == ERR_PTR(-ESTALE))
180 origin = NULL;
181 return origin;
186 real = exportfs_decode_fh(mnt, (struct fid *)fh->fid,
187 bytes >> 2, (int)fh->type,
188 ovl_acceptable, mnt);
189 if (IS_ERR(real)) {
190 /*
191 * Treat stale file handle to lower file as "origin unknown".
192 * upper file handle could become stale when upper file is
193 * unlinked and this information is needed to handle stale
194 * index entries correctly.
195 */
196 if (real == ERR_PTR(-ESTALE) &&
197 !(fh->flags & OVL_FH_FLAG_PATH_UPPER))
198 real = NULL;
199 return real;
182 }
183
200 }
201
184 if (ovl_dentry_weird(origin)) {
185 dput(origin);
202 if (ovl_dentry_weird(real)) {
203 dput(real);
186 return NULL;
187 }
188
204 return NULL;
205 }
206
189 return origin;
207 return real;
190}
191
192static bool ovl_is_opaquedir(struct dentry *dentry)
193{
194 return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE);
195}
196
197static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,

--- 217 unchanged lines hidden (view full) ---

415fail:
416 inode = d_inode(real);
417 pr_warn_ratelimited("overlayfs: failed to verify %s (%pd2, ino=%lu, err=%i)\n",
418 is_upper ? "upper" : "origin", real,
419 inode ? inode->i_ino : 0, err);
420 goto out;
421}
422
208}
209
210static bool ovl_is_opaquedir(struct dentry *dentry)
211{
212 return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE);
213}
214
215static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d,

--- 217 unchanged lines hidden (view full) ---

433fail:
434 inode = d_inode(real);
435 pr_warn_ratelimited("overlayfs: failed to verify %s (%pd2, ino=%lu, err=%i)\n",
436 is_upper ? "upper" : "origin", real,
437 inode ? inode->i_ino : 0, err);
438 goto out;
439}
440
441/* Get upper dentry from index */
442static struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index)
443{
444 struct ovl_fh *fh;
445 struct dentry *upper;
446
447 if (!d_is_dir(index))
448 return dget(index);
449
450 fh = ovl_get_fh(index, OVL_XATTR_UPPER);
451 if (IS_ERR_OR_NULL(fh))
452 return ERR_CAST(fh);
453
454 upper = ovl_decode_fh(fh, ofs->upper_mnt);
455 kfree(fh);
456
457 if (IS_ERR_OR_NULL(upper))
458 return upper ?: ERR_PTR(-ESTALE);
459
460 if (!d_is_dir(upper)) {
461 pr_warn_ratelimited("overlayfs: invalid index upper (%pd2, upper=%pd2).\n",
462 index, upper);
463 dput(upper);
464 return ERR_PTR(-EIO);
465 }
466
467 return upper;
468}
469
423/*
424 * Verify that an index entry name matches the origin file handle stored in
425 * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
426 * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
427 */
428int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
429{
430 struct ovl_fh *fh = NULL;
431 size_t len;
432 struct ovl_path origin = { };
433 struct ovl_path *stack = &origin;
470/*
471 * Verify that an index entry name matches the origin file handle stored in
472 * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path.
473 * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error.
474 */
475int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index)
476{
477 struct ovl_fh *fh = NULL;
478 size_t len;
479 struct ovl_path origin = { };
480 struct ovl_path *stack = &origin;
481 struct dentry *upper = NULL;
434 int err;
435
436 if (!d_inode(index))
437 return 0;
438
482 int err;
483
484 if (!d_inode(index))
485 return 0;
486
439 /*
440 * Directory index entries are going to be used for looking up
441 * redirected upper dirs by lower dir fh when decoding an overlay
442 * file handle of a merge dir. We don't know the verification rules
443 * for directory index entries, because they have not been implemented
444 * yet, so return EINVAL if those entries are found to abort the mount
445 * and to avoid corrupting an index that was created by a newer kernel.
446 */
447 err = -EINVAL;
487 err = -EINVAL;
448 if (d_is_dir(index))
449 goto fail;
450
451 if (index->d_name.len < sizeof(struct ovl_fh)*2)
452 goto fail;
453
454 err = -ENOMEM;
455 len = index->d_name.len / 2;
456 fh = kzalloc(len, GFP_KERNEL);
457 if (!fh)
458 goto fail;

--- 9 unchanged lines hidden (view full) ---

468 /*
469 * Whiteout index entries are used as an indication that an exported
470 * overlay file handle should be treated as stale (i.e. after unlink
471 * of the overlay inode). These entries contain no origin xattr.
472 */
473 if (ovl_is_whiteout(index))
474 goto out;
475
488 if (index->d_name.len < sizeof(struct ovl_fh)*2)
489 goto fail;
490
491 err = -ENOMEM;
492 len = index->d_name.len / 2;
493 fh = kzalloc(len, GFP_KERNEL);
494 if (!fh)
495 goto fail;

--- 9 unchanged lines hidden (view full) ---

505 /*
506 * Whiteout index entries are used as an indication that an exported
507 * overlay file handle should be treated as stale (i.e. after unlink
508 * of the overlay inode). These entries contain no origin xattr.
509 */
510 if (ovl_is_whiteout(index))
511 goto out;
512
476 err = ovl_verify_fh(index, OVL_XATTR_ORIGIN, fh);
477 if (err)
513 /*
514 * Verifying directory index entries are not stale is expensive, so
515 * only verify stale dir index if NFS export is enabled.
516 */
517 if (d_is_dir(index) && !ofs->config.nfs_export)
518 goto out;
519
520 /*
521 * Directory index entries should have 'upper' xattr pointing to the
522 * real upper dir. Non-dir index entries are hardlinks to the upper
523 * real inode. For non-dir index, we can read the copy up origin xattr
524 * directly from the index dentry, but for dir index we first need to
525 * decode the upper directory.
526 */
527 upper = ovl_index_upper(ofs, index);
528 if (IS_ERR_OR_NULL(upper)) {
529 err = PTR_ERR(upper);
530 if (!err)
531 err = -ESTALE;
478 goto fail;
532 goto fail;
533 }
479
534
480 err = ovl_check_origin_fh(ofs, fh, index, &stack);
535 err = ovl_verify_fh(upper, OVL_XATTR_ORIGIN, fh);
536 dput(upper);
481 if (err)
482 goto fail;
483
537 if (err)
538 goto fail;
539
484 /* Check if index is orphan and don't warn before cleaning it */
485 if (d_inode(index)->i_nlink == 1 &&
486 ovl_get_nlink(origin.dentry, index, 0) == 0)
487 err = -ENOENT;
540 /* Check if non-dir index is orphan and don't warn before cleaning it */
541 if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) {
542 err = ovl_check_origin_fh(ofs, fh, index, &stack);
543 if (err)
544 goto fail;
488
545
489 dput(origin.dentry);
546 if (ovl_get_nlink(origin.dentry, index, 0) == 0)
547 err = -ENOENT;
548 }
549
490out:
550out:
551 dput(origin.dentry);
491 kfree(fh);
492 return err;
493
494fail:
495 pr_warn_ratelimited("overlayfs: failed to verify index (%pd2, ftype=%x, err=%i)\n",
496 index, d_inode(index)->i_mode & S_IFMT, err);
497 goto out;
498}

--- 434 unchanged lines hidden --- 		552 kfree(fh);
553 return err;
554
555fail:
556 pr_warn_ratelimited("overlayfs: failed to verify index (%pd2, ftype=%x, err=%i)\n",
557 index, d_inode(index)->i_mode & S_IFMT, err);
558 goto out;
559}

--- 434 unchanged lines hidden ---