1bbb1e54dSMiklos Szeredi /* 2bbb1e54dSMiklos Szeredi * Copyright (C) 2011 Novell Inc. 3bbb1e54dSMiklos Szeredi * Copyright (C) 2016 Red Hat, Inc. 4bbb1e54dSMiklos Szeredi * 5bbb1e54dSMiklos Szeredi * This program is free software; you can redistribute it and/or modify it 6bbb1e54dSMiklos Szeredi * under the terms of the GNU General Public License version 2 as published by 7bbb1e54dSMiklos Szeredi * the Free Software Foundation. 8bbb1e54dSMiklos Szeredi */ 9bbb1e54dSMiklos Szeredi 10bbb1e54dSMiklos Szeredi #include <linux/fs.h> 115b825c3aSIngo Molnar #include <linux/cred.h> 129ee60ce2SAmir Goldstein #include <linux/ctype.h> 13bbb1e54dSMiklos Szeredi #include <linux/namei.h> 14bbb1e54dSMiklos Szeredi #include <linux/xattr.h> 1502b69b28SMiklos Szeredi #include <linux/ratelimit.h> 16a9d01957SAmir Goldstein #include <linux/mount.h> 17a9d01957SAmir Goldstein #include <linux/exportfs.h> 18bbb1e54dSMiklos Szeredi #include "overlayfs.h" 19bbb1e54dSMiklos Szeredi 20e28edc46SMiklos Szeredi struct ovl_lookup_data { 21e28edc46SMiklos Szeredi struct qstr name; 22e28edc46SMiklos Szeredi bool is_dir; 23e28edc46SMiklos Szeredi bool opaque; 24e28edc46SMiklos Szeredi bool stop; 25e28edc46SMiklos Szeredi bool last; 2602b69b28SMiklos Szeredi char *redirect; 27e28edc46SMiklos Szeredi }; 28bbb1e54dSMiklos Szeredi 2902b69b28SMiklos Szeredi static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, 3002b69b28SMiklos Szeredi size_t prelen, const char *post) 3102b69b28SMiklos Szeredi { 3202b69b28SMiklos Szeredi int res; 3302b69b28SMiklos Szeredi char *s, *next, *buf = NULL; 3402b69b28SMiklos Szeredi 3502b69b28SMiklos Szeredi res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0); 3602b69b28SMiklos Szeredi if (res < 0) { 3702b69b28SMiklos Szeredi if (res == -ENODATA || res == -EOPNOTSUPP) 3802b69b28SMiklos Szeredi return 0; 3902b69b28SMiklos Szeredi goto fail; 4002b69b28SMiklos Szeredi } 410ee931c4SMichal Hocko buf = kzalloc(prelen + res + strlen(post) + 1, GFP_KERNEL); 4202b69b28SMiklos Szeredi if (!buf) 4302b69b28SMiklos Szeredi return -ENOMEM; 4402b69b28SMiklos Szeredi 4502b69b28SMiklos Szeredi if (res == 0) 4602b69b28SMiklos Szeredi goto invalid; 4702b69b28SMiklos Szeredi 4802b69b28SMiklos Szeredi res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res); 4902b69b28SMiklos Szeredi if (res < 0) 5002b69b28SMiklos Szeredi goto fail; 5102b69b28SMiklos Szeredi if (res == 0) 5202b69b28SMiklos Szeredi goto invalid; 5302b69b28SMiklos Szeredi if (buf[0] == '/') { 5402b69b28SMiklos Szeredi for (s = buf; *s++ == '/'; s = next) { 5502b69b28SMiklos Szeredi next = strchrnul(s, '/'); 5602b69b28SMiklos Szeredi if (s == next) 5702b69b28SMiklos Szeredi goto invalid; 5802b69b28SMiklos Szeredi } 5902b69b28SMiklos Szeredi } else { 6002b69b28SMiklos Szeredi if (strchr(buf, '/') != NULL) 6102b69b28SMiklos Szeredi goto invalid; 6202b69b28SMiklos Szeredi 6302b69b28SMiklos Szeredi memmove(buf + prelen, buf, res); 6402b69b28SMiklos Szeredi memcpy(buf, d->name.name, prelen); 6502b69b28SMiklos Szeredi } 6602b69b28SMiklos Szeredi 6702b69b28SMiklos Szeredi strcat(buf, post); 6802b69b28SMiklos Szeredi kfree(d->redirect); 6902b69b28SMiklos Szeredi d->redirect = buf; 7002b69b28SMiklos Szeredi d->name.name = d->redirect; 7102b69b28SMiklos Szeredi d->name.len = strlen(d->redirect); 7202b69b28SMiklos Szeredi 7302b69b28SMiklos Szeredi return 0; 7402b69b28SMiklos Szeredi 7502b69b28SMiklos Szeredi err_free: 7602b69b28SMiklos Szeredi kfree(buf); 7702b69b28SMiklos Szeredi return 0; 7802b69b28SMiklos Szeredi fail: 7902b69b28SMiklos Szeredi pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res); 8002b69b28SMiklos Szeredi goto err_free; 8102b69b28SMiklos Szeredi invalid: 8202b69b28SMiklos Szeredi pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf); 8302b69b28SMiklos Szeredi goto err_free; 8402b69b28SMiklos Szeredi } 8502b69b28SMiklos Szeredi 86a9d01957SAmir Goldstein static int ovl_acceptable(void *ctx, struct dentry *dentry) 87a9d01957SAmir Goldstein { 88e8f9e5b7SAmir Goldstein /* 89e8f9e5b7SAmir Goldstein * A non-dir origin may be disconnected, which is fine, because 90e8f9e5b7SAmir Goldstein * we only need it for its unique inode number. 91e8f9e5b7SAmir Goldstein */ 92e8f9e5b7SAmir Goldstein if (!d_is_dir(dentry)) 93a9d01957SAmir Goldstein return 1; 94e8f9e5b7SAmir Goldstein 95e8f9e5b7SAmir Goldstein /* Don't decode a deleted empty directory */ 96e8f9e5b7SAmir Goldstein if (d_unhashed(dentry)) 97e8f9e5b7SAmir Goldstein return 0; 98e8f9e5b7SAmir Goldstein 99e8f9e5b7SAmir Goldstein /* Check if directory belongs to the layer we are decoding from */ 100e8f9e5b7SAmir Goldstein return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root); 101a9d01957SAmir Goldstein } 102a9d01957SAmir Goldstein 1032e1a5328SAmir Goldstein /* 1042e1a5328SAmir Goldstein * Check validity of an overlay file handle buffer. 1052e1a5328SAmir Goldstein * 1062e1a5328SAmir Goldstein * Return 0 for a valid file handle. 1072e1a5328SAmir Goldstein * Return -ENODATA for "origin unknown". 1082e1a5328SAmir Goldstein * Return <0 for an invalid file handle. 1092e1a5328SAmir Goldstein */ 1102e1a5328SAmir Goldstein static int ovl_check_fh_len(struct ovl_fh *fh, int fh_len) 1112e1a5328SAmir Goldstein { 1122e1a5328SAmir Goldstein if (fh_len < sizeof(struct ovl_fh) || fh_len < fh->len) 1132e1a5328SAmir Goldstein return -EINVAL; 1142e1a5328SAmir Goldstein 1152e1a5328SAmir Goldstein if (fh->magic != OVL_FH_MAGIC) 1162e1a5328SAmir Goldstein return -EINVAL; 1172e1a5328SAmir Goldstein 1182e1a5328SAmir Goldstein /* Treat larger version and unknown flags as "origin unknown" */ 1192e1a5328SAmir Goldstein if (fh->version > OVL_FH_VERSION || fh->flags & ~OVL_FH_FLAG_ALL) 1202e1a5328SAmir Goldstein return -ENODATA; 1212e1a5328SAmir Goldstein 1222e1a5328SAmir Goldstein /* Treat endianness mismatch as "origin unknown" */ 1232e1a5328SAmir Goldstein if (!(fh->flags & OVL_FH_FLAG_ANY_ENDIAN) && 1242e1a5328SAmir Goldstein (fh->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN) 1252e1a5328SAmir Goldstein return -ENODATA; 1262e1a5328SAmir Goldstein 1272e1a5328SAmir Goldstein return 0; 1282e1a5328SAmir Goldstein } 1292e1a5328SAmir Goldstein 13005122443SAmir Goldstein static struct ovl_fh *ovl_get_fh(struct dentry *dentry, const char *name) 131a9d01957SAmir Goldstein { 1322e1a5328SAmir Goldstein int res, err; 133a9d01957SAmir Goldstein struct ovl_fh *fh = NULL; 134a9d01957SAmir Goldstein 13505122443SAmir Goldstein res = vfs_getxattr(dentry, name, NULL, 0); 136a9d01957SAmir Goldstein if (res < 0) { 137a9d01957SAmir Goldstein if (res == -ENODATA || res == -EOPNOTSUPP) 138a9d01957SAmir Goldstein return NULL; 139a9d01957SAmir Goldstein goto fail; 140a9d01957SAmir Goldstein } 141a9d01957SAmir Goldstein /* Zero size value means "copied up but origin unknown" */ 142a9d01957SAmir Goldstein if (res == 0) 143a9d01957SAmir Goldstein return NULL; 144a9d01957SAmir Goldstein 1450ee931c4SMichal Hocko fh = kzalloc(res, GFP_KERNEL); 146a9d01957SAmir Goldstein if (!fh) 147a9d01957SAmir Goldstein return ERR_PTR(-ENOMEM); 148a9d01957SAmir Goldstein 14905122443SAmir Goldstein res = vfs_getxattr(dentry, name, fh, res); 150a9d01957SAmir Goldstein if (res < 0) 151a9d01957SAmir Goldstein goto fail; 152a9d01957SAmir Goldstein 1532e1a5328SAmir Goldstein err = ovl_check_fh_len(fh, res); 1542e1a5328SAmir Goldstein if (err < 0) { 1552e1a5328SAmir Goldstein if (err == -ENODATA) 156a9d01957SAmir Goldstein goto out; 1572e1a5328SAmir Goldstein goto invalid; 1582e1a5328SAmir Goldstein } 159a9d01957SAmir Goldstein 1608b88a2e6SAmir Goldstein return fh; 1618b88a2e6SAmir Goldstein 1628b88a2e6SAmir Goldstein out: 1638b88a2e6SAmir Goldstein kfree(fh); 1648b88a2e6SAmir Goldstein return NULL; 1658b88a2e6SAmir Goldstein 1668b88a2e6SAmir Goldstein fail: 1678b88a2e6SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res); 1688b88a2e6SAmir Goldstein goto out; 1698b88a2e6SAmir Goldstein invalid: 1708b88a2e6SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh); 1718b88a2e6SAmir Goldstein goto out; 1728b88a2e6SAmir Goldstein } 1738b88a2e6SAmir Goldstein 1742e1a5328SAmir Goldstein static struct dentry *ovl_decode_fh(struct ovl_fh *fh, struct vfsmount *mnt) 1758b88a2e6SAmir Goldstein { 176e8f9e5b7SAmir Goldstein struct dentry *real; 1778b88a2e6SAmir Goldstein int bytes; 1788b88a2e6SAmir Goldstein 179a9d01957SAmir Goldstein /* 180a9d01957SAmir Goldstein * Make sure that the stored uuid matches the uuid of the lower 181a9d01957SAmir Goldstein * layer where file handle will be decoded. 182a9d01957SAmir Goldstein */ 18385787090SChristoph Hellwig if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid)) 1842e1a5328SAmir Goldstein return NULL; 185a9d01957SAmir Goldstein 1868b88a2e6SAmir Goldstein bytes = (fh->len - offsetof(struct ovl_fh, fid)); 187e8f9e5b7SAmir Goldstein real = exportfs_decode_fh(mnt, (struct fid *)fh->fid, 188a9d01957SAmir Goldstein bytes >> 2, (int)fh->type, 189e8f9e5b7SAmir Goldstein ovl_acceptable, mnt); 190e8f9e5b7SAmir Goldstein if (IS_ERR(real)) { 191e8f9e5b7SAmir Goldstein /* 192e8f9e5b7SAmir Goldstein * Treat stale file handle to lower file as "origin unknown". 193e8f9e5b7SAmir Goldstein * upper file handle could become stale when upper file is 194e8f9e5b7SAmir Goldstein * unlinked and this information is needed to handle stale 195e8f9e5b7SAmir Goldstein * index entries correctly. 196e8f9e5b7SAmir Goldstein */ 197e8f9e5b7SAmir Goldstein if (real == ERR_PTR(-ESTALE) && 198e8f9e5b7SAmir Goldstein !(fh->flags & OVL_FH_FLAG_PATH_UPPER)) 199e8f9e5b7SAmir Goldstein real = NULL; 200e8f9e5b7SAmir Goldstein return real; 201a9d01957SAmir Goldstein } 202a9d01957SAmir Goldstein 203e8f9e5b7SAmir Goldstein if (ovl_dentry_weird(real)) { 204e8f9e5b7SAmir Goldstein dput(real); 2052e1a5328SAmir Goldstein return NULL; 2062e1a5328SAmir Goldstein } 2072e1a5328SAmir Goldstein 208e8f9e5b7SAmir Goldstein return real; 209a9d01957SAmir Goldstein } 210a9d01957SAmir Goldstein 211ee1d6d37SAmir Goldstein static bool ovl_is_opaquedir(struct dentry *dentry) 212ee1d6d37SAmir Goldstein { 213ee1d6d37SAmir Goldstein return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE); 214ee1d6d37SAmir Goldstein } 215ee1d6d37SAmir Goldstein 216e28edc46SMiklos Szeredi static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d, 217e28edc46SMiklos Szeredi const char *name, unsigned int namelen, 21802b69b28SMiklos Szeredi size_t prelen, const char *post, 219e28edc46SMiklos Szeredi struct dentry **ret) 220e28edc46SMiklos Szeredi { 221e28edc46SMiklos Szeredi struct dentry *this; 222e28edc46SMiklos Szeredi int err; 223e28edc46SMiklos Szeredi 224e28edc46SMiklos Szeredi this = lookup_one_len_unlocked(name, base, namelen); 225e28edc46SMiklos Szeredi if (IS_ERR(this)) { 226e28edc46SMiklos Szeredi err = PTR_ERR(this); 227e28edc46SMiklos Szeredi this = NULL; 228e28edc46SMiklos Szeredi if (err == -ENOENT || err == -ENAMETOOLONG) 229e28edc46SMiklos Szeredi goto out; 230e28edc46SMiklos Szeredi goto out_err; 231e28edc46SMiklos Szeredi } 232e28edc46SMiklos Szeredi if (!this->d_inode) 233e28edc46SMiklos Szeredi goto put_and_out; 234e28edc46SMiklos Szeredi 235e28edc46SMiklos Szeredi if (ovl_dentry_weird(this)) { 236e28edc46SMiklos Szeredi /* Don't support traversing automounts and other weirdness */ 237e28edc46SMiklos Szeredi err = -EREMOTE; 238e28edc46SMiklos Szeredi goto out_err; 239e28edc46SMiklos Szeredi } 240e28edc46SMiklos Szeredi if (ovl_is_whiteout(this)) { 241e28edc46SMiklos Szeredi d->stop = d->opaque = true; 242e28edc46SMiklos Szeredi goto put_and_out; 243e28edc46SMiklos Szeredi } 244e28edc46SMiklos Szeredi if (!d_can_lookup(this)) { 245e28edc46SMiklos Szeredi d->stop = true; 246e28edc46SMiklos Szeredi if (d->is_dir) 247e28edc46SMiklos Szeredi goto put_and_out; 248e28edc46SMiklos Szeredi goto out; 249e28edc46SMiklos Szeredi } 250e28edc46SMiklos Szeredi d->is_dir = true; 251e28edc46SMiklos Szeredi if (!d->last && ovl_is_opaquedir(this)) { 252e28edc46SMiklos Szeredi d->stop = d->opaque = true; 253e28edc46SMiklos Szeredi goto out; 254e28edc46SMiklos Szeredi } 25502b69b28SMiklos Szeredi err = ovl_check_redirect(this, d, prelen, post); 25602b69b28SMiklos Szeredi if (err) 25702b69b28SMiklos Szeredi goto out_err; 258e28edc46SMiklos Szeredi out: 259e28edc46SMiklos Szeredi *ret = this; 260e28edc46SMiklos Szeredi return 0; 261e28edc46SMiklos Szeredi 262e28edc46SMiklos Szeredi put_and_out: 263e28edc46SMiklos Szeredi dput(this); 264e28edc46SMiklos Szeredi this = NULL; 265e28edc46SMiklos Szeredi goto out; 266e28edc46SMiklos Szeredi 267e28edc46SMiklos Szeredi out_err: 268e28edc46SMiklos Szeredi dput(this); 269e28edc46SMiklos Szeredi return err; 270e28edc46SMiklos Szeredi } 271e28edc46SMiklos Szeredi 272e28edc46SMiklos Szeredi static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d, 273e28edc46SMiklos Szeredi struct dentry **ret) 274e28edc46SMiklos Szeredi { 2754c7d0c9cSAmir Goldstein /* Counting down from the end, since the prefix can change */ 2764c7d0c9cSAmir Goldstein size_t rem = d->name.len - 1; 27702b69b28SMiklos Szeredi struct dentry *dentry = NULL; 27802b69b28SMiklos Szeredi int err; 27902b69b28SMiklos Szeredi 2804c7d0c9cSAmir Goldstein if (d->name.name[0] != '/') 28102b69b28SMiklos Szeredi return ovl_lookup_single(base, d, d->name.name, d->name.len, 28202b69b28SMiklos Szeredi 0, "", ret); 28302b69b28SMiklos Szeredi 2844c7d0c9cSAmir Goldstein while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) { 2854c7d0c9cSAmir Goldstein const char *s = d->name.name + d->name.len - rem; 28602b69b28SMiklos Szeredi const char *next = strchrnul(s, '/'); 2874c7d0c9cSAmir Goldstein size_t thislen = next - s; 2884c7d0c9cSAmir Goldstein bool end = !next[0]; 28902b69b28SMiklos Szeredi 2904c7d0c9cSAmir Goldstein /* Verify we did not go off the rails */ 2914c7d0c9cSAmir Goldstein if (WARN_ON(s[-1] != '/')) 29202b69b28SMiklos Szeredi return -EIO; 29302b69b28SMiklos Szeredi 2944c7d0c9cSAmir Goldstein err = ovl_lookup_single(base, d, s, thislen, 2954c7d0c9cSAmir Goldstein d->name.len - rem, next, &base); 29602b69b28SMiklos Szeredi dput(dentry); 29702b69b28SMiklos Szeredi if (err) 29802b69b28SMiklos Szeredi return err; 29902b69b28SMiklos Szeredi dentry = base; 3004c7d0c9cSAmir Goldstein if (end) 3014c7d0c9cSAmir Goldstein break; 3024c7d0c9cSAmir Goldstein 3034c7d0c9cSAmir Goldstein rem -= thislen + 1; 3044c7d0c9cSAmir Goldstein 3054c7d0c9cSAmir Goldstein if (WARN_ON(rem >= d->name.len)) 3064c7d0c9cSAmir Goldstein return -EIO; 30702b69b28SMiklos Szeredi } 30802b69b28SMiklos Szeredi *ret = dentry; 30902b69b28SMiklos Szeredi return 0; 310e28edc46SMiklos Szeredi } 311e28edc46SMiklos Szeredi 312a9d01957SAmir Goldstein 3131eff1a1dSAmir Goldstein static int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, 3141eff1a1dSAmir Goldstein struct dentry *upperdentry, 3152e1a5328SAmir Goldstein struct ovl_path **stackp) 316a9d01957SAmir Goldstein { 317f7d3dacaSAmir Goldstein struct dentry *origin = NULL; 318f7d3dacaSAmir Goldstein int i; 319a9d01957SAmir Goldstein 3201eff1a1dSAmir Goldstein for (i = 0; i < ofs->numlower; i++) { 3211eff1a1dSAmir Goldstein origin = ovl_decode_fh(fh, ofs->lower_layers[i].mnt); 322f7d3dacaSAmir Goldstein if (origin) 323f7d3dacaSAmir Goldstein break; 324f7d3dacaSAmir Goldstein } 325f7d3dacaSAmir Goldstein 326f7d3dacaSAmir Goldstein if (!origin) 3272e1a5328SAmir Goldstein return -ESTALE; 3282e1a5328SAmir Goldstein else if (IS_ERR(origin)) 3292e1a5328SAmir Goldstein return PTR_ERR(origin); 330f7d3dacaSAmir Goldstein 3312e1a5328SAmir Goldstein if (!ovl_is_whiteout(upperdentry) && 3322e1a5328SAmir Goldstein ((d_inode(origin)->i_mode ^ d_inode(upperdentry)->i_mode) & S_IFMT)) 3332e1a5328SAmir Goldstein goto invalid; 3342e1a5328SAmir Goldstein 335415543d5SAmir Goldstein if (!*stackp) 336b9343632SChandan Rajendra *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL); 337a9d01957SAmir Goldstein if (!*stackp) { 338a9d01957SAmir Goldstein dput(origin); 339a9d01957SAmir Goldstein return -ENOMEM; 340a9d01957SAmir Goldstein } 3411eff1a1dSAmir Goldstein **stackp = (struct ovl_path){ 3421eff1a1dSAmir Goldstein .dentry = origin, 3431eff1a1dSAmir Goldstein .layer = &ofs->lower_layers[i] 3441eff1a1dSAmir Goldstein }; 345a9d01957SAmir Goldstein 346a9d01957SAmir Goldstein return 0; 3472e1a5328SAmir Goldstein 3482e1a5328SAmir Goldstein invalid: 3492e1a5328SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid origin (%pd2, ftype=%x, origin ftype=%x).\n", 3502e1a5328SAmir Goldstein upperdentry, d_inode(upperdentry)->i_mode & S_IFMT, 3512e1a5328SAmir Goldstein d_inode(origin)->i_mode & S_IFMT); 3522e1a5328SAmir Goldstein dput(origin); 3532e1a5328SAmir Goldstein return -EIO; 3542e1a5328SAmir Goldstein } 3552e1a5328SAmir Goldstein 3561eff1a1dSAmir Goldstein static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry, 3572e1a5328SAmir Goldstein struct ovl_path **stackp, unsigned int *ctrp) 3582e1a5328SAmir Goldstein { 35905122443SAmir Goldstein struct ovl_fh *fh = ovl_get_fh(upperdentry, OVL_XATTR_ORIGIN); 3602e1a5328SAmir Goldstein int err; 3612e1a5328SAmir Goldstein 3622e1a5328SAmir Goldstein if (IS_ERR_OR_NULL(fh)) 3632e1a5328SAmir Goldstein return PTR_ERR(fh); 3642e1a5328SAmir Goldstein 3651eff1a1dSAmir Goldstein err = ovl_check_origin_fh(ofs, fh, upperdentry, stackp); 3662e1a5328SAmir Goldstein kfree(fh); 3672e1a5328SAmir Goldstein 3682e1a5328SAmir Goldstein if (err) { 3692e1a5328SAmir Goldstein if (err == -ESTALE) 3702e1a5328SAmir Goldstein return 0; 3712e1a5328SAmir Goldstein return err; 3722e1a5328SAmir Goldstein } 3732e1a5328SAmir Goldstein 3742e1a5328SAmir Goldstein if (WARN_ON(*ctrp)) 3752e1a5328SAmir Goldstein return -EIO; 3762e1a5328SAmir Goldstein 3772e1a5328SAmir Goldstein *ctrp = 1; 3782e1a5328SAmir Goldstein return 0; 379a9d01957SAmir Goldstein } 380a9d01957SAmir Goldstein 381bbb1e54dSMiklos Szeredi /* 38205122443SAmir Goldstein * Verify that @fh matches the file handle stored in xattr @name. 3838b88a2e6SAmir Goldstein * Return 0 on match, -ESTALE on mismatch, < 0 on error. 3848b88a2e6SAmir Goldstein */ 38505122443SAmir Goldstein static int ovl_verify_fh(struct dentry *dentry, const char *name, 38605122443SAmir Goldstein const struct ovl_fh *fh) 3878b88a2e6SAmir Goldstein { 38805122443SAmir Goldstein struct ovl_fh *ofh = ovl_get_fh(dentry, name); 3898b88a2e6SAmir Goldstein int err = 0; 3908b88a2e6SAmir Goldstein 3918b88a2e6SAmir Goldstein if (!ofh) 3928b88a2e6SAmir Goldstein return -ENODATA; 3938b88a2e6SAmir Goldstein 3948b88a2e6SAmir Goldstein if (IS_ERR(ofh)) 3958b88a2e6SAmir Goldstein return PTR_ERR(ofh); 3968b88a2e6SAmir Goldstein 3978b88a2e6SAmir Goldstein if (fh->len != ofh->len || memcmp(fh, ofh, fh->len)) 3988b88a2e6SAmir Goldstein err = -ESTALE; 3998b88a2e6SAmir Goldstein 4008b88a2e6SAmir Goldstein kfree(ofh); 4018b88a2e6SAmir Goldstein return err; 4028b88a2e6SAmir Goldstein } 4038b88a2e6SAmir Goldstein 4048b88a2e6SAmir Goldstein /* 40505122443SAmir Goldstein * Verify that @real dentry matches the file handle stored in xattr @name. 4068b88a2e6SAmir Goldstein * 40705122443SAmir Goldstein * If @set is true and there is no stored file handle, encode @real and store 40805122443SAmir Goldstein * file handle in xattr @name. 4098b88a2e6SAmir Goldstein * 41005122443SAmir Goldstein * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error. 4118b88a2e6SAmir Goldstein */ 41205122443SAmir Goldstein int ovl_verify_set_fh(struct dentry *dentry, const char *name, 41305122443SAmir Goldstein struct dentry *real, bool is_upper, bool set) 4148b88a2e6SAmir Goldstein { 4158b88a2e6SAmir Goldstein struct inode *inode; 4168b88a2e6SAmir Goldstein struct ovl_fh *fh; 4178b88a2e6SAmir Goldstein int err; 4188b88a2e6SAmir Goldstein 41905122443SAmir Goldstein fh = ovl_encode_fh(real, is_upper); 4208b88a2e6SAmir Goldstein err = PTR_ERR(fh); 4218b88a2e6SAmir Goldstein if (IS_ERR(fh)) 4228b88a2e6SAmir Goldstein goto fail; 4238b88a2e6SAmir Goldstein 42405122443SAmir Goldstein err = ovl_verify_fh(dentry, name, fh); 4258b88a2e6SAmir Goldstein if (set && err == -ENODATA) 42605122443SAmir Goldstein err = ovl_do_setxattr(dentry, name, fh, fh->len, 0); 4278b88a2e6SAmir Goldstein if (err) 4288b88a2e6SAmir Goldstein goto fail; 4298b88a2e6SAmir Goldstein 4308b88a2e6SAmir Goldstein out: 4318b88a2e6SAmir Goldstein kfree(fh); 4328b88a2e6SAmir Goldstein return err; 4338b88a2e6SAmir Goldstein 4348b88a2e6SAmir Goldstein fail: 43505122443SAmir Goldstein inode = d_inode(real); 43605122443SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to verify %s (%pd2, ino=%lu, err=%i)\n", 43705122443SAmir Goldstein is_upper ? "upper" : "origin", real, 43805122443SAmir Goldstein inode ? inode->i_ino : 0, err); 4398b88a2e6SAmir Goldstein goto out; 4408b88a2e6SAmir Goldstein } 4418b88a2e6SAmir Goldstein 442e8f9e5b7SAmir Goldstein /* Get upper dentry from index */ 443e8f9e5b7SAmir Goldstein static struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index) 444e8f9e5b7SAmir Goldstein { 445e8f9e5b7SAmir Goldstein struct ovl_fh *fh; 446e8f9e5b7SAmir Goldstein struct dentry *upper; 447e8f9e5b7SAmir Goldstein 448e8f9e5b7SAmir Goldstein if (!d_is_dir(index)) 449e8f9e5b7SAmir Goldstein return dget(index); 450e8f9e5b7SAmir Goldstein 451e8f9e5b7SAmir Goldstein fh = ovl_get_fh(index, OVL_XATTR_UPPER); 452e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(fh)) 453e8f9e5b7SAmir Goldstein return ERR_CAST(fh); 454e8f9e5b7SAmir Goldstein 455e8f9e5b7SAmir Goldstein upper = ovl_decode_fh(fh, ofs->upper_mnt); 456e8f9e5b7SAmir Goldstein kfree(fh); 457e8f9e5b7SAmir Goldstein 458e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(upper)) 459e8f9e5b7SAmir Goldstein return upper ?: ERR_PTR(-ESTALE); 460e8f9e5b7SAmir Goldstein 461e8f9e5b7SAmir Goldstein if (!d_is_dir(upper)) { 462e8f9e5b7SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid index upper (%pd2, upper=%pd2).\n", 463e8f9e5b7SAmir Goldstein index, upper); 464e8f9e5b7SAmir Goldstein dput(upper); 465e8f9e5b7SAmir Goldstein return ERR_PTR(-EIO); 466e8f9e5b7SAmir Goldstein } 467e8f9e5b7SAmir Goldstein 468e8f9e5b7SAmir Goldstein return upper; 469e8f9e5b7SAmir Goldstein } 470e8f9e5b7SAmir Goldstein 4719ee60ce2SAmir Goldstein /* Is this a leftover from create/whiteout of directory index entry? */ 4729ee60ce2SAmir Goldstein static bool ovl_is_temp_index(struct dentry *index) 4739ee60ce2SAmir Goldstein { 4749ee60ce2SAmir Goldstein return index->d_name.name[0] == '#'; 4759ee60ce2SAmir Goldstein } 4769ee60ce2SAmir Goldstein 4778b88a2e6SAmir Goldstein /* 478415543d5SAmir Goldstein * Verify that an index entry name matches the origin file handle stored in 479415543d5SAmir Goldstein * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path. 480415543d5SAmir Goldstein * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error. 481415543d5SAmir Goldstein */ 4821eff1a1dSAmir Goldstein int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index) 483415543d5SAmir Goldstein { 484415543d5SAmir Goldstein struct ovl_fh *fh = NULL; 485415543d5SAmir Goldstein size_t len; 486b9343632SChandan Rajendra struct ovl_path origin = { }; 487b9343632SChandan Rajendra struct ovl_path *stack = &origin; 488e8f9e5b7SAmir Goldstein struct dentry *upper = NULL; 489415543d5SAmir Goldstein int err; 490415543d5SAmir Goldstein 491415543d5SAmir Goldstein if (!d_inode(index)) 492415543d5SAmir Goldstein return 0; 493415543d5SAmir Goldstein 4949ee60ce2SAmir Goldstein /* Cleanup leftover from index create/cleanup attempt */ 4959ee60ce2SAmir Goldstein err = -ESTALE; 4969ee60ce2SAmir Goldstein if (ovl_is_temp_index(index)) 4979ee60ce2SAmir Goldstein goto fail; 4989ee60ce2SAmir Goldstein 499fa0096e3SAmir Goldstein err = -EINVAL; 500415543d5SAmir Goldstein if (index->d_name.len < sizeof(struct ovl_fh)*2) 501415543d5SAmir Goldstein goto fail; 502415543d5SAmir Goldstein 503415543d5SAmir Goldstein err = -ENOMEM; 504415543d5SAmir Goldstein len = index->d_name.len / 2; 5050ee931c4SMichal Hocko fh = kzalloc(len, GFP_KERNEL); 506415543d5SAmir Goldstein if (!fh) 507415543d5SAmir Goldstein goto fail; 508415543d5SAmir Goldstein 509415543d5SAmir Goldstein err = -EINVAL; 5102e1a5328SAmir Goldstein if (hex2bin((u8 *)fh, index->d_name.name, len)) 5112e1a5328SAmir Goldstein goto fail; 5122e1a5328SAmir Goldstein 5132e1a5328SAmir Goldstein err = ovl_check_fh_len(fh, len); 5142e1a5328SAmir Goldstein if (err) 515415543d5SAmir Goldstein goto fail; 516415543d5SAmir Goldstein 5177db25d36SAmir Goldstein /* 5187db25d36SAmir Goldstein * Whiteout index entries are used as an indication that an exported 5197db25d36SAmir Goldstein * overlay file handle should be treated as stale (i.e. after unlink 5207db25d36SAmir Goldstein * of the overlay inode). These entries contain no origin xattr. 5217db25d36SAmir Goldstein */ 5227db25d36SAmir Goldstein if (ovl_is_whiteout(index)) 5237db25d36SAmir Goldstein goto out; 5247db25d36SAmir Goldstein 525e8f9e5b7SAmir Goldstein /* 526e8f9e5b7SAmir Goldstein * Verifying directory index entries are not stale is expensive, so 527e8f9e5b7SAmir Goldstein * only verify stale dir index if NFS export is enabled. 528e8f9e5b7SAmir Goldstein */ 529e8f9e5b7SAmir Goldstein if (d_is_dir(index) && !ofs->config.nfs_export) 530e8f9e5b7SAmir Goldstein goto out; 531e8f9e5b7SAmir Goldstein 532e8f9e5b7SAmir Goldstein /* 533e8f9e5b7SAmir Goldstein * Directory index entries should have 'upper' xattr pointing to the 534e8f9e5b7SAmir Goldstein * real upper dir. Non-dir index entries are hardlinks to the upper 535e8f9e5b7SAmir Goldstein * real inode. For non-dir index, we can read the copy up origin xattr 536e8f9e5b7SAmir Goldstein * directly from the index dentry, but for dir index we first need to 537e8f9e5b7SAmir Goldstein * decode the upper directory. 538e8f9e5b7SAmir Goldstein */ 539e8f9e5b7SAmir Goldstein upper = ovl_index_upper(ofs, index); 540e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(upper)) { 541e8f9e5b7SAmir Goldstein err = PTR_ERR(upper); 542*24f0b172SAmir Goldstein /* 543*24f0b172SAmir Goldstein * Directory index entries with no 'upper' xattr need to be 544*24f0b172SAmir Goldstein * removed. When dir index entry has a stale 'upper' xattr, 545*24f0b172SAmir Goldstein * we assume that upper dir was removed and we treat the dir 546*24f0b172SAmir Goldstein * index as orphan entry that needs to be whited out. 547*24f0b172SAmir Goldstein */ 548*24f0b172SAmir Goldstein if (err == -ESTALE) 549*24f0b172SAmir Goldstein goto orphan; 550*24f0b172SAmir Goldstein else if (!err) 551e8f9e5b7SAmir Goldstein err = -ESTALE; 552e8f9e5b7SAmir Goldstein goto fail; 553e8f9e5b7SAmir Goldstein } 554e8f9e5b7SAmir Goldstein 555e8f9e5b7SAmir Goldstein err = ovl_verify_fh(upper, OVL_XATTR_ORIGIN, fh); 556e8f9e5b7SAmir Goldstein dput(upper); 557415543d5SAmir Goldstein if (err) 558415543d5SAmir Goldstein goto fail; 559415543d5SAmir Goldstein 560e8f9e5b7SAmir Goldstein /* Check if non-dir index is orphan and don't warn before cleaning it */ 561e8f9e5b7SAmir Goldstein if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) { 5621eff1a1dSAmir Goldstein err = ovl_check_origin_fh(ofs, fh, index, &stack); 563415543d5SAmir Goldstein if (err) 564415543d5SAmir Goldstein goto fail; 565415543d5SAmir Goldstein 566e8f9e5b7SAmir Goldstein if (ovl_get_nlink(origin.dentry, index, 0) == 0) 567*24f0b172SAmir Goldstein goto orphan; 568e8f9e5b7SAmir Goldstein } 569caf70cb2SAmir Goldstein 570415543d5SAmir Goldstein out: 571e8f9e5b7SAmir Goldstein dput(origin.dentry); 572415543d5SAmir Goldstein kfree(fh); 573415543d5SAmir Goldstein return err; 574415543d5SAmir Goldstein 575415543d5SAmir Goldstein fail: 57661b67471SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to verify index (%pd2, ftype=%x, err=%i)\n", 57761b67471SAmir Goldstein index, d_inode(index)->i_mode & S_IFMT, err); 578415543d5SAmir Goldstein goto out; 579*24f0b172SAmir Goldstein 580*24f0b172SAmir Goldstein orphan: 581*24f0b172SAmir Goldstein pr_warn_ratelimited("overlayfs: orphan index entry (%pd2, ftype=%x, nlink=%u)\n", 582*24f0b172SAmir Goldstein index, d_inode(index)->i_mode & S_IFMT, 583*24f0b172SAmir Goldstein d_inode(index)->i_nlink); 584*24f0b172SAmir Goldstein err = -ENOENT; 585*24f0b172SAmir Goldstein goto out; 586415543d5SAmir Goldstein } 587415543d5SAmir Goldstein 588415543d5SAmir Goldstein /* 589359f392cSAmir Goldstein * Lookup in indexdir for the index entry of a lower real inode or a copy up 590359f392cSAmir Goldstein * origin inode. The index entry name is the hex representation of the lower 591359f392cSAmir Goldstein * inode file handle. 592359f392cSAmir Goldstein * 593359f392cSAmir Goldstein * If the index dentry in negative, then either no lower aliases have been 594359f392cSAmir Goldstein * copied up yet, or aliases have been copied up in older kernels and are 595359f392cSAmir Goldstein * not indexed. 596359f392cSAmir Goldstein * 597359f392cSAmir Goldstein * If the index dentry for a copy up origin inode is positive, but points 598359f392cSAmir Goldstein * to an inode different than the upper inode, then either the upper inode 599359f392cSAmir Goldstein * has been copied up and not indexed or it was indexed, but since then 600359f392cSAmir Goldstein * index dir was cleared. Either way, that index cannot be used to indentify 601359f392cSAmir Goldstein * the overlay inode. 602359f392cSAmir Goldstein */ 603359f392cSAmir Goldstein int ovl_get_index_name(struct dentry *origin, struct qstr *name) 604359f392cSAmir Goldstein { 605359f392cSAmir Goldstein int err; 606359f392cSAmir Goldstein struct ovl_fh *fh; 607359f392cSAmir Goldstein char *n, *s; 608359f392cSAmir Goldstein 609359f392cSAmir Goldstein fh = ovl_encode_fh(origin, false); 610359f392cSAmir Goldstein if (IS_ERR(fh)) 611359f392cSAmir Goldstein return PTR_ERR(fh); 612359f392cSAmir Goldstein 613359f392cSAmir Goldstein err = -ENOMEM; 6140ee931c4SMichal Hocko n = kzalloc(fh->len * 2, GFP_KERNEL); 615359f392cSAmir Goldstein if (n) { 616359f392cSAmir Goldstein s = bin2hex(n, fh, fh->len); 617359f392cSAmir Goldstein *name = (struct qstr) QSTR_INIT(n, s - n); 618359f392cSAmir Goldstein err = 0; 619359f392cSAmir Goldstein } 620359f392cSAmir Goldstein kfree(fh); 621359f392cSAmir Goldstein 622359f392cSAmir Goldstein return err; 623359f392cSAmir Goldstein 624359f392cSAmir Goldstein } 625359f392cSAmir Goldstein 626359f392cSAmir Goldstein static struct dentry *ovl_lookup_index(struct dentry *dentry, 627359f392cSAmir Goldstein struct dentry *upper, 628359f392cSAmir Goldstein struct dentry *origin) 629359f392cSAmir Goldstein { 630359f392cSAmir Goldstein struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 631359f392cSAmir Goldstein struct dentry *index; 632359f392cSAmir Goldstein struct inode *inode; 633359f392cSAmir Goldstein struct qstr name; 634ad1d615cSAmir Goldstein bool is_dir = d_is_dir(origin); 635359f392cSAmir Goldstein int err; 636359f392cSAmir Goldstein 637359f392cSAmir Goldstein err = ovl_get_index_name(origin, &name); 638359f392cSAmir Goldstein if (err) 639359f392cSAmir Goldstein return ERR_PTR(err); 640359f392cSAmir Goldstein 641359f392cSAmir Goldstein index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len); 642359f392cSAmir Goldstein if (IS_ERR(index)) { 643e0082a0fSAmir Goldstein err = PTR_ERR(index); 6447937a56fSAmir Goldstein if (err == -ENOENT) { 6457937a56fSAmir Goldstein index = NULL; 6467937a56fSAmir Goldstein goto out; 6477937a56fSAmir Goldstein } 648359f392cSAmir Goldstein pr_warn_ratelimited("overlayfs: failed inode index lookup (ino=%lu, key=%*s, err=%i);\n" 649359f392cSAmir Goldstein "overlayfs: mount with '-o index=off' to disable inodes index.\n", 650359f392cSAmir Goldstein d_inode(origin)->i_ino, name.len, name.name, 651359f392cSAmir Goldstein err); 652359f392cSAmir Goldstein goto out; 653359f392cSAmir Goldstein } 654359f392cSAmir Goldstein 6550e082555SAmir Goldstein inode = d_inode(index); 656359f392cSAmir Goldstein if (d_is_negative(index)) { 6576eaf0111SAmir Goldstein goto out_dput; 6580e082555SAmir Goldstein } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) || 6590e082555SAmir Goldstein ((inode->i_mode ^ d_inode(origin)->i_mode) & S_IFMT)) { 6600e082555SAmir Goldstein /* 6610e082555SAmir Goldstein * Index should always be of the same file type as origin 6620e082555SAmir Goldstein * except for the case of a whiteout index. A whiteout 6630e082555SAmir Goldstein * index should only exist if all lower aliases have been 6640e082555SAmir Goldstein * unlinked, which means that finding a lower origin on lookup 6650e082555SAmir Goldstein * whose index is a whiteout should be treated as an error. 6660e082555SAmir Goldstein */ 6670e082555SAmir Goldstein pr_warn_ratelimited("overlayfs: bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n", 6680e082555SAmir Goldstein index, d_inode(index)->i_mode & S_IFMT, 6690e082555SAmir Goldstein d_inode(origin)->i_mode & S_IFMT); 670359f392cSAmir Goldstein goto fail; 671ad1d615cSAmir Goldstein } else if (is_dir) { 672ad1d615cSAmir Goldstein if (!upper) { 673ad1d615cSAmir Goldstein pr_warn_ratelimited("overlayfs: suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n", 674ad1d615cSAmir Goldstein origin, index); 675ad1d615cSAmir Goldstein goto fail; 676359f392cSAmir Goldstein } 677359f392cSAmir Goldstein 678ad1d615cSAmir Goldstein /* Verify that dir index 'upper' xattr points to upper dir */ 679ad1d615cSAmir Goldstein err = ovl_verify_upper(index, upper, false); 680ad1d615cSAmir Goldstein if (err) { 681ad1d615cSAmir Goldstein if (err == -ESTALE) { 682ad1d615cSAmir Goldstein pr_warn_ratelimited("overlayfs: suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n", 683ad1d615cSAmir Goldstein upper, origin, index); 684ad1d615cSAmir Goldstein } 685ad1d615cSAmir Goldstein goto fail; 686ad1d615cSAmir Goldstein } 687ad1d615cSAmir Goldstein } else if (upper && d_inode(upper) != inode) { 688ad1d615cSAmir Goldstein goto out_dput; 689ad1d615cSAmir Goldstein } 690359f392cSAmir Goldstein out: 691359f392cSAmir Goldstein kfree(name.name); 692359f392cSAmir Goldstein return index; 693359f392cSAmir Goldstein 6946eaf0111SAmir Goldstein out_dput: 6956eaf0111SAmir Goldstein dput(index); 6966eaf0111SAmir Goldstein index = NULL; 6976eaf0111SAmir Goldstein goto out; 6986eaf0111SAmir Goldstein 699359f392cSAmir Goldstein fail: 700359f392cSAmir Goldstein dput(index); 701359f392cSAmir Goldstein index = ERR_PTR(-EIO); 702359f392cSAmir Goldstein goto out; 703359f392cSAmir Goldstein } 704359f392cSAmir Goldstein 705359f392cSAmir Goldstein /* 706bbb1e54dSMiklos Szeredi * Returns next layer in stack starting from top. 707bbb1e54dSMiklos Szeredi * Returns -1 if this is the last layer. 708bbb1e54dSMiklos Szeredi */ 709bbb1e54dSMiklos Szeredi int ovl_path_next(int idx, struct dentry *dentry, struct path *path) 710bbb1e54dSMiklos Szeredi { 711bbb1e54dSMiklos Szeredi struct ovl_entry *oe = dentry->d_fsdata; 712bbb1e54dSMiklos Szeredi 713bbb1e54dSMiklos Szeredi BUG_ON(idx < 0); 714bbb1e54dSMiklos Szeredi if (idx == 0) { 715bbb1e54dSMiklos Szeredi ovl_path_upper(dentry, path); 716bbb1e54dSMiklos Szeredi if (path->dentry) 717bbb1e54dSMiklos Szeredi return oe->numlower ? 1 : -1; 718bbb1e54dSMiklos Szeredi idx++; 719bbb1e54dSMiklos Szeredi } 720bbb1e54dSMiklos Szeredi BUG_ON(idx > oe->numlower); 721b9343632SChandan Rajendra path->dentry = oe->lowerstack[idx - 1].dentry; 722b9343632SChandan Rajendra path->mnt = oe->lowerstack[idx - 1].layer->mnt; 723bbb1e54dSMiklos Szeredi 724bbb1e54dSMiklos Szeredi return (idx < oe->numlower) ? idx + 1 : -1; 725bbb1e54dSMiklos Szeredi } 726bbb1e54dSMiklos Szeredi 7279678e630SAmir Goldstein /* Fix missing 'origin' xattr */ 7289678e630SAmir Goldstein static int ovl_fix_origin(struct dentry *dentry, struct dentry *lower, 7299678e630SAmir Goldstein struct dentry *upper) 7309678e630SAmir Goldstein { 7319678e630SAmir Goldstein int err; 7329678e630SAmir Goldstein 7339678e630SAmir Goldstein if (ovl_check_origin_xattr(upper)) 7349678e630SAmir Goldstein return 0; 7359678e630SAmir Goldstein 7369678e630SAmir Goldstein err = ovl_want_write(dentry); 7379678e630SAmir Goldstein if (err) 7389678e630SAmir Goldstein return err; 7399678e630SAmir Goldstein 7409678e630SAmir Goldstein err = ovl_set_origin(dentry, lower, upper); 7419678e630SAmir Goldstein if (!err) 7429678e630SAmir Goldstein err = ovl_set_impure(dentry->d_parent, upper->d_parent); 7439678e630SAmir Goldstein 7449678e630SAmir Goldstein ovl_drop_write(dentry); 7459678e630SAmir Goldstein return err; 7469678e630SAmir Goldstein } 7479678e630SAmir Goldstein 748bbb1e54dSMiklos Szeredi struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, 749bbb1e54dSMiklos Szeredi unsigned int flags) 750bbb1e54dSMiklos Szeredi { 751bbb1e54dSMiklos Szeredi struct ovl_entry *oe; 752bbb1e54dSMiklos Szeredi const struct cred *old_cred; 7536b2d5fe4SMiklos Szeredi struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 754bbb1e54dSMiklos Szeredi struct ovl_entry *poe = dentry->d_parent->d_fsdata; 755c22205d0SAmir Goldstein struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata; 756b9343632SChandan Rajendra struct ovl_path *stack = NULL; 757bbb1e54dSMiklos Szeredi struct dentry *upperdir, *upperdentry = NULL; 758ad1d615cSAmir Goldstein struct dentry *origin = NULL; 759359f392cSAmir Goldstein struct dentry *index = NULL; 760bbb1e54dSMiklos Szeredi unsigned int ctr = 0; 761bbb1e54dSMiklos Szeredi struct inode *inode = NULL; 762bbb1e54dSMiklos Szeredi bool upperopaque = false; 76302b69b28SMiklos Szeredi char *upperredirect = NULL; 764bbb1e54dSMiklos Szeredi struct dentry *this; 765bbb1e54dSMiklos Szeredi unsigned int i; 766bbb1e54dSMiklos Szeredi int err; 767e28edc46SMiklos Szeredi struct ovl_lookup_data d = { 768e28edc46SMiklos Szeredi .name = dentry->d_name, 769e28edc46SMiklos Szeredi .is_dir = false, 770e28edc46SMiklos Szeredi .opaque = false, 771e28edc46SMiklos Szeredi .stop = false, 772e28edc46SMiklos Szeredi .last = !poe->numlower, 77302b69b28SMiklos Szeredi .redirect = NULL, 774e28edc46SMiklos Szeredi }; 775bbb1e54dSMiklos Szeredi 7766b2d5fe4SMiklos Szeredi if (dentry->d_name.len > ofs->namelen) 7776b2d5fe4SMiklos Szeredi return ERR_PTR(-ENAMETOOLONG); 7786b2d5fe4SMiklos Szeredi 779bbb1e54dSMiklos Szeredi old_cred = ovl_override_creds(dentry->d_sb); 78009d8b586SMiklos Szeredi upperdir = ovl_dentry_upper(dentry->d_parent); 781bbb1e54dSMiklos Szeredi if (upperdir) { 782e28edc46SMiklos Szeredi err = ovl_lookup_layer(upperdir, &d, &upperdentry); 783e28edc46SMiklos Szeredi if (err) 784bbb1e54dSMiklos Szeredi goto out; 785bbb1e54dSMiklos Szeredi 786e28edc46SMiklos Szeredi if (upperdentry && unlikely(ovl_dentry_remote(upperdentry))) { 787e28edc46SMiklos Szeredi dput(upperdentry); 788bbb1e54dSMiklos Szeredi err = -EREMOTE; 789bbb1e54dSMiklos Szeredi goto out; 790bbb1e54dSMiklos Szeredi } 791a9d01957SAmir Goldstein if (upperdentry && !d.is_dir) { 792a9d01957SAmir Goldstein BUG_ON(!d.stop || d.redirect); 793f7d3dacaSAmir Goldstein /* 794f7d3dacaSAmir Goldstein * Lookup copy up origin by decoding origin file handle. 795f7d3dacaSAmir Goldstein * We may get a disconnected dentry, which is fine, 796f7d3dacaSAmir Goldstein * because we only need to hold the origin inode in 797f7d3dacaSAmir Goldstein * cache and use its inode number. We may even get a 798f7d3dacaSAmir Goldstein * connected dentry, that is not under any of the lower 799f7d3dacaSAmir Goldstein * layers root. That is also fine for using it's inode 800f7d3dacaSAmir Goldstein * number - it's the same as if we held a reference 801f7d3dacaSAmir Goldstein * to a dentry in lower layer that was moved under us. 802f7d3dacaSAmir Goldstein */ 8031eff1a1dSAmir Goldstein err = ovl_check_origin(ofs, upperdentry, &stack, &ctr); 804a9d01957SAmir Goldstein if (err) 8055455f92bSVivek Goyal goto out_put_upper; 806a9d01957SAmir Goldstein } 80702b69b28SMiklos Szeredi 80802b69b28SMiklos Szeredi if (d.redirect) { 8090ce5cdc9SDan Carpenter err = -ENOMEM; 81002b69b28SMiklos Szeredi upperredirect = kstrdup(d.redirect, GFP_KERNEL); 81102b69b28SMiklos Szeredi if (!upperredirect) 81202b69b28SMiklos Szeredi goto out_put_upper; 81302b69b28SMiklos Szeredi if (d.redirect[0] == '/') 814c22205d0SAmir Goldstein poe = roe; 81502b69b28SMiklos Szeredi } 816e28edc46SMiklos Szeredi upperopaque = d.opaque; 817bbb1e54dSMiklos Szeredi } 818bbb1e54dSMiklos Szeredi 819e28edc46SMiklos Szeredi if (!d.stop && poe->numlower) { 820bbb1e54dSMiklos Szeredi err = -ENOMEM; 821b9343632SChandan Rajendra stack = kcalloc(ofs->numlower, sizeof(struct ovl_path), 8220ee931c4SMichal Hocko GFP_KERNEL); 823bbb1e54dSMiklos Szeredi if (!stack) 824bbb1e54dSMiklos Szeredi goto out_put_upper; 825bbb1e54dSMiklos Szeredi } 826bbb1e54dSMiklos Szeredi 827e28edc46SMiklos Szeredi for (i = 0; !d.stop && i < poe->numlower; i++) { 828b9343632SChandan Rajendra struct ovl_path lower = poe->lowerstack[i]; 829bbb1e54dSMiklos Szeredi 830e28edc46SMiklos Szeredi d.last = i == poe->numlower - 1; 831b9343632SChandan Rajendra err = ovl_lookup_layer(lower.dentry, &d, &this); 832e28edc46SMiklos Szeredi if (err) 833bbb1e54dSMiklos Szeredi goto out_put; 8346b2d5fe4SMiklos Szeredi 835bbb1e54dSMiklos Szeredi if (!this) 836bbb1e54dSMiklos Szeredi continue; 837bbb1e54dSMiklos Szeredi 8389678e630SAmir Goldstein /* 8399678e630SAmir Goldstein * If no origin fh is stored in upper of a merge dir, store fh 8409678e630SAmir Goldstein * of lower dir and set upper parent "impure". 8419678e630SAmir Goldstein */ 8429678e630SAmir Goldstein if (upperdentry && !ctr && !ofs->noxattr) { 8439678e630SAmir Goldstein err = ovl_fix_origin(dentry, this, upperdentry); 8449678e630SAmir Goldstein if (err) { 8459678e630SAmir Goldstein dput(this); 8469678e630SAmir Goldstein goto out_put; 8479678e630SAmir Goldstein } 8489678e630SAmir Goldstein } 8499678e630SAmir Goldstein 85037b12916SAmir Goldstein /* 85137b12916SAmir Goldstein * When "verify_lower" feature is enabled, do not merge with a 852ad1d615cSAmir Goldstein * lower dir that does not match a stored origin xattr. In any 853ad1d615cSAmir Goldstein * case, only verified origin is used for index lookup. 85437b12916SAmir Goldstein */ 85537b12916SAmir Goldstein if (upperdentry && !ctr && ovl_verify_lower(dentry->d_sb)) { 85637b12916SAmir Goldstein err = ovl_verify_origin(upperdentry, this, false); 85737b12916SAmir Goldstein if (err) { 85837b12916SAmir Goldstein dput(this); 85937b12916SAmir Goldstein break; 86037b12916SAmir Goldstein } 861ad1d615cSAmir Goldstein 862ad1d615cSAmir Goldstein /* Bless lower dir as verified origin */ 863ad1d615cSAmir Goldstein origin = this; 86437b12916SAmir Goldstein } 86537b12916SAmir Goldstein 866bbb1e54dSMiklos Szeredi stack[ctr].dentry = this; 867b9343632SChandan Rajendra stack[ctr].layer = lower.layer; 868bbb1e54dSMiklos Szeredi ctr++; 86902b69b28SMiklos Szeredi 87002b69b28SMiklos Szeredi if (d.stop) 87102b69b28SMiklos Szeredi break; 87202b69b28SMiklos Szeredi 873438c84c2SMiklos Szeredi /* 874438c84c2SMiklos Szeredi * Following redirects can have security consequences: it's like 875438c84c2SMiklos Szeredi * a symlink into the lower layer without the permission checks. 876438c84c2SMiklos Szeredi * This is only a problem if the upper layer is untrusted (e.g 877438c84c2SMiklos Szeredi * comes from an USB drive). This can allow a non-readable file 878438c84c2SMiklos Szeredi * or directory to become readable. 879438c84c2SMiklos Szeredi * 880438c84c2SMiklos Szeredi * Only following redirects when redirects are enabled disables 881438c84c2SMiklos Szeredi * this attack vector when not necessary. 882438c84c2SMiklos Szeredi */ 883438c84c2SMiklos Szeredi err = -EPERM; 884438c84c2SMiklos Szeredi if (d.redirect && !ofs->config.redirect_follow) { 885f8167817SAmir Goldstein pr_warn_ratelimited("overlayfs: refusing to follow redirect for (%pd2)\n", 886f8167817SAmir Goldstein dentry); 887438c84c2SMiklos Szeredi goto out_put; 888438c84c2SMiklos Szeredi } 889438c84c2SMiklos Szeredi 890c22205d0SAmir Goldstein if (d.redirect && d.redirect[0] == '/' && poe != roe) { 891c22205d0SAmir Goldstein poe = roe; 89202b69b28SMiklos Szeredi /* Find the current layer on the root dentry */ 893d583ed7dSAmir Goldstein i = lower.layer->idx - 1; 89402b69b28SMiklos Szeredi } 895bbb1e54dSMiklos Szeredi } 896bbb1e54dSMiklos Szeredi 897ad1d615cSAmir Goldstein /* 898ad1d615cSAmir Goldstein * Lookup index by lower inode and verify it matches upper inode. 899ad1d615cSAmir Goldstein * We only trust dir index if we verified that lower dir matches 900ad1d615cSAmir Goldstein * origin, otherwise dir index entries may be inconsistent and we 901ad1d615cSAmir Goldstein * ignore them. Always lookup index of non-dir and non-upper. 902ad1d615cSAmir Goldstein */ 903ad1d615cSAmir Goldstein if (ctr && (!upperdentry || !d.is_dir)) 904ad1d615cSAmir Goldstein origin = stack[0].dentry; 905359f392cSAmir Goldstein 906ad1d615cSAmir Goldstein if (origin && ovl_indexdir(dentry->d_sb) && 907ad1d615cSAmir Goldstein (!d.is_dir || ovl_index_all(dentry->d_sb))) { 908359f392cSAmir Goldstein index = ovl_lookup_index(dentry, upperdentry, origin); 909359f392cSAmir Goldstein if (IS_ERR(index)) { 910359f392cSAmir Goldstein err = PTR_ERR(index); 911359f392cSAmir Goldstein index = NULL; 912359f392cSAmir Goldstein goto out_put; 913359f392cSAmir Goldstein } 914359f392cSAmir Goldstein } 915359f392cSAmir Goldstein 916bbb1e54dSMiklos Szeredi oe = ovl_alloc_entry(ctr); 917bbb1e54dSMiklos Szeredi err = -ENOMEM; 918bbb1e54dSMiklos Szeredi if (!oe) 919bbb1e54dSMiklos Szeredi goto out_put; 920bbb1e54dSMiklos Szeredi 921bbb1e54dSMiklos Szeredi oe->opaque = upperopaque; 922b9343632SChandan Rajendra memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr); 923e6d2ebddSMiklos Szeredi dentry->d_fsdata = oe; 924e6d2ebddSMiklos Szeredi 92555acc661SMiklos Szeredi if (upperdentry) 92655acc661SMiklos Szeredi ovl_dentry_set_upper_alias(dentry); 92755acc661SMiklos Szeredi else if (index) 928359f392cSAmir Goldstein upperdentry = dget(index); 929359f392cSAmir Goldstein 930e6d2ebddSMiklos Szeredi if (upperdentry || ctr) { 9316eaf0111SAmir Goldstein inode = ovl_get_inode(dentry, upperdentry, index); 932b9ac5c27SMiklos Szeredi err = PTR_ERR(inode); 933b9ac5c27SMiklos Szeredi if (IS_ERR(inode)) 934e6d2ebddSMiklos Szeredi goto out_free_oe; 935cf31c463SMiklos Szeredi 936cf31c463SMiklos Szeredi OVL_I(inode)->redirect = upperredirect; 937359f392cSAmir Goldstein if (index) 938359f392cSAmir Goldstein ovl_set_flag(OVL_INDEX, inode); 939e6d2ebddSMiklos Szeredi } 940e6d2ebddSMiklos Szeredi 941e6d2ebddSMiklos Szeredi revert_creds(old_cred); 942359f392cSAmir Goldstein dput(index); 943bbb1e54dSMiklos Szeredi kfree(stack); 94402b69b28SMiklos Szeredi kfree(d.redirect); 945bbb1e54dSMiklos Szeredi d_add(dentry, inode); 946bbb1e54dSMiklos Szeredi 947bbb1e54dSMiklos Szeredi return NULL; 948bbb1e54dSMiklos Szeredi 949bbb1e54dSMiklos Szeredi out_free_oe: 950e6d2ebddSMiklos Szeredi dentry->d_fsdata = NULL; 951bbb1e54dSMiklos Szeredi kfree(oe); 952bbb1e54dSMiklos Szeredi out_put: 953359f392cSAmir Goldstein dput(index); 954bbb1e54dSMiklos Szeredi for (i = 0; i < ctr; i++) 955bbb1e54dSMiklos Szeredi dput(stack[i].dentry); 956bbb1e54dSMiklos Szeredi kfree(stack); 957bbb1e54dSMiklos Szeredi out_put_upper: 958bbb1e54dSMiklos Szeredi dput(upperdentry); 95902b69b28SMiklos Szeredi kfree(upperredirect); 960bbb1e54dSMiklos Szeredi out: 96102b69b28SMiklos Szeredi kfree(d.redirect); 962bbb1e54dSMiklos Szeredi revert_creds(old_cred); 963bbb1e54dSMiklos Szeredi return ERR_PTR(err); 964bbb1e54dSMiklos Szeredi } 965bbb1e54dSMiklos Szeredi 966bbb1e54dSMiklos Szeredi bool ovl_lower_positive(struct dentry *dentry) 967bbb1e54dSMiklos Szeredi { 968bbb1e54dSMiklos Szeredi struct ovl_entry *oe = dentry->d_fsdata; 969bbb1e54dSMiklos Szeredi struct ovl_entry *poe = dentry->d_parent->d_fsdata; 970bbb1e54dSMiklos Szeredi const struct qstr *name = &dentry->d_name; 9716d0a8a90SAmir Goldstein const struct cred *old_cred; 972bbb1e54dSMiklos Szeredi unsigned int i; 973bbb1e54dSMiklos Szeredi bool positive = false; 974bbb1e54dSMiklos Szeredi bool done = false; 975bbb1e54dSMiklos Szeredi 976bbb1e54dSMiklos Szeredi /* 977bbb1e54dSMiklos Szeredi * If dentry is negative, then lower is positive iff this is a 978bbb1e54dSMiklos Szeredi * whiteout. 979bbb1e54dSMiklos Szeredi */ 980bbb1e54dSMiklos Szeredi if (!dentry->d_inode) 981bbb1e54dSMiklos Szeredi return oe->opaque; 982bbb1e54dSMiklos Szeredi 983bbb1e54dSMiklos Szeredi /* Negative upper -> positive lower */ 98409d8b586SMiklos Szeredi if (!ovl_dentry_upper(dentry)) 985bbb1e54dSMiklos Szeredi return true; 986bbb1e54dSMiklos Szeredi 9876d0a8a90SAmir Goldstein old_cred = ovl_override_creds(dentry->d_sb); 988bbb1e54dSMiklos Szeredi /* Positive upper -> have to look up lower to see whether it exists */ 989bbb1e54dSMiklos Szeredi for (i = 0; !done && !positive && i < poe->numlower; i++) { 990bbb1e54dSMiklos Szeredi struct dentry *this; 991bbb1e54dSMiklos Szeredi struct dentry *lowerdir = poe->lowerstack[i].dentry; 992bbb1e54dSMiklos Szeredi 993bbb1e54dSMiklos Szeredi this = lookup_one_len_unlocked(name->name, lowerdir, 994bbb1e54dSMiklos Szeredi name->len); 995bbb1e54dSMiklos Szeredi if (IS_ERR(this)) { 996bbb1e54dSMiklos Szeredi switch (PTR_ERR(this)) { 997bbb1e54dSMiklos Szeredi case -ENOENT: 998bbb1e54dSMiklos Szeredi case -ENAMETOOLONG: 999bbb1e54dSMiklos Szeredi break; 1000bbb1e54dSMiklos Szeredi 1001bbb1e54dSMiklos Szeredi default: 1002bbb1e54dSMiklos Szeredi /* 1003bbb1e54dSMiklos Szeredi * Assume something is there, we just couldn't 1004bbb1e54dSMiklos Szeredi * access it. 1005bbb1e54dSMiklos Szeredi */ 1006bbb1e54dSMiklos Szeredi positive = true; 1007bbb1e54dSMiklos Szeredi break; 1008bbb1e54dSMiklos Szeredi } 1009bbb1e54dSMiklos Szeredi } else { 1010bbb1e54dSMiklos Szeredi if (this->d_inode) { 1011bbb1e54dSMiklos Szeredi positive = !ovl_is_whiteout(this); 1012bbb1e54dSMiklos Szeredi done = true; 1013bbb1e54dSMiklos Szeredi } 1014bbb1e54dSMiklos Szeredi dput(this); 1015bbb1e54dSMiklos Szeredi } 1016bbb1e54dSMiklos Szeredi } 10176d0a8a90SAmir Goldstein revert_creds(old_cred); 1018bbb1e54dSMiklos Szeredi 1019bbb1e54dSMiklos Szeredi return positive; 1020bbb1e54dSMiklos Szeredi } 1021