1bbb1e54dSMiklos Szeredi /* 2bbb1e54dSMiklos Szeredi * Copyright (C) 2011 Novell Inc. 3bbb1e54dSMiklos Szeredi * Copyright (C) 2016 Red Hat, Inc. 4bbb1e54dSMiklos Szeredi * 5bbb1e54dSMiklos Szeredi * This program is free software; you can redistribute it and/or modify it 6bbb1e54dSMiklos Szeredi * under the terms of the GNU General Public License version 2 as published by 7bbb1e54dSMiklos Szeredi * the Free Software Foundation. 8bbb1e54dSMiklos Szeredi */ 9bbb1e54dSMiklos Szeredi 10bbb1e54dSMiklos Szeredi #include <linux/fs.h> 115b825c3aSIngo Molnar #include <linux/cred.h> 129ee60ce2SAmir Goldstein #include <linux/ctype.h> 13bbb1e54dSMiklos Szeredi #include <linux/namei.h> 14bbb1e54dSMiklos Szeredi #include <linux/xattr.h> 1502b69b28SMiklos Szeredi #include <linux/ratelimit.h> 16a9d01957SAmir Goldstein #include <linux/mount.h> 17a9d01957SAmir Goldstein #include <linux/exportfs.h> 18bbb1e54dSMiklos Szeredi #include "overlayfs.h" 19bbb1e54dSMiklos Szeredi 20e28edc46SMiklos Szeredi struct ovl_lookup_data { 21e28edc46SMiklos Szeredi struct qstr name; 22e28edc46SMiklos Szeredi bool is_dir; 23e28edc46SMiklos Szeredi bool opaque; 24e28edc46SMiklos Szeredi bool stop; 25e28edc46SMiklos Szeredi bool last; 2602b69b28SMiklos Szeredi char *redirect; 27e28edc46SMiklos Szeredi }; 28bbb1e54dSMiklos Szeredi 2902b69b28SMiklos Szeredi static int ovl_check_redirect(struct dentry *dentry, struct ovl_lookup_data *d, 3002b69b28SMiklos Szeredi size_t prelen, const char *post) 3102b69b28SMiklos Szeredi { 3202b69b28SMiklos Szeredi int res; 3302b69b28SMiklos Szeredi char *s, *next, *buf = NULL; 3402b69b28SMiklos Szeredi 3502b69b28SMiklos Szeredi res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, NULL, 0); 3602b69b28SMiklos Szeredi if (res < 0) { 3702b69b28SMiklos Szeredi if (res == -ENODATA || res == -EOPNOTSUPP) 3802b69b28SMiklos Szeredi return 0; 3902b69b28SMiklos Szeredi goto fail; 4002b69b28SMiklos Szeredi } 410ee931c4SMichal Hocko buf = kzalloc(prelen + res + strlen(post) + 1, GFP_KERNEL); 4202b69b28SMiklos Szeredi if (!buf) 4302b69b28SMiklos Szeredi return -ENOMEM; 4402b69b28SMiklos Szeredi 4502b69b28SMiklos Szeredi if (res == 0) 4602b69b28SMiklos Szeredi goto invalid; 4702b69b28SMiklos Szeredi 4802b69b28SMiklos Szeredi res = vfs_getxattr(dentry, OVL_XATTR_REDIRECT, buf, res); 4902b69b28SMiklos Szeredi if (res < 0) 5002b69b28SMiklos Szeredi goto fail; 5102b69b28SMiklos Szeredi if (res == 0) 5202b69b28SMiklos Szeredi goto invalid; 5302b69b28SMiklos Szeredi if (buf[0] == '/') { 5402b69b28SMiklos Szeredi for (s = buf; *s++ == '/'; s = next) { 5502b69b28SMiklos Szeredi next = strchrnul(s, '/'); 5602b69b28SMiklos Szeredi if (s == next) 5702b69b28SMiklos Szeredi goto invalid; 5802b69b28SMiklos Szeredi } 5902b69b28SMiklos Szeredi } else { 6002b69b28SMiklos Szeredi if (strchr(buf, '/') != NULL) 6102b69b28SMiklos Szeredi goto invalid; 6202b69b28SMiklos Szeredi 6302b69b28SMiklos Szeredi memmove(buf + prelen, buf, res); 6402b69b28SMiklos Szeredi memcpy(buf, d->name.name, prelen); 6502b69b28SMiklos Szeredi } 6602b69b28SMiklos Szeredi 6702b69b28SMiklos Szeredi strcat(buf, post); 6802b69b28SMiklos Szeredi kfree(d->redirect); 6902b69b28SMiklos Szeredi d->redirect = buf; 7002b69b28SMiklos Szeredi d->name.name = d->redirect; 7102b69b28SMiklos Szeredi d->name.len = strlen(d->redirect); 7202b69b28SMiklos Szeredi 7302b69b28SMiklos Szeredi return 0; 7402b69b28SMiklos Szeredi 7502b69b28SMiklos Szeredi err_free: 7602b69b28SMiklos Szeredi kfree(buf); 7702b69b28SMiklos Szeredi return 0; 7802b69b28SMiklos Szeredi fail: 7902b69b28SMiklos Szeredi pr_warn_ratelimited("overlayfs: failed to get redirect (%i)\n", res); 8002b69b28SMiklos Szeredi goto err_free; 8102b69b28SMiklos Szeredi invalid: 8202b69b28SMiklos Szeredi pr_warn_ratelimited("overlayfs: invalid redirect (%s)\n", buf); 8302b69b28SMiklos Szeredi goto err_free; 8402b69b28SMiklos Szeredi } 8502b69b28SMiklos Szeredi 86a9d01957SAmir Goldstein static int ovl_acceptable(void *ctx, struct dentry *dentry) 87a9d01957SAmir Goldstein { 88e8f9e5b7SAmir Goldstein /* 89e8f9e5b7SAmir Goldstein * A non-dir origin may be disconnected, which is fine, because 90e8f9e5b7SAmir Goldstein * we only need it for its unique inode number. 91e8f9e5b7SAmir Goldstein */ 92e8f9e5b7SAmir Goldstein if (!d_is_dir(dentry)) 93a9d01957SAmir Goldstein return 1; 94e8f9e5b7SAmir Goldstein 95e8f9e5b7SAmir Goldstein /* Don't decode a deleted empty directory */ 96e8f9e5b7SAmir Goldstein if (d_unhashed(dentry)) 97e8f9e5b7SAmir Goldstein return 0; 98e8f9e5b7SAmir Goldstein 99e8f9e5b7SAmir Goldstein /* Check if directory belongs to the layer we are decoding from */ 100e8f9e5b7SAmir Goldstein return is_subdir(dentry, ((struct vfsmount *)ctx)->mnt_root); 101a9d01957SAmir Goldstein } 102a9d01957SAmir Goldstein 1032e1a5328SAmir Goldstein /* 1042e1a5328SAmir Goldstein * Check validity of an overlay file handle buffer. 1052e1a5328SAmir Goldstein * 1062e1a5328SAmir Goldstein * Return 0 for a valid file handle. 1072e1a5328SAmir Goldstein * Return -ENODATA for "origin unknown". 1082e1a5328SAmir Goldstein * Return <0 for an invalid file handle. 1092e1a5328SAmir Goldstein */ 110*8556a420SAmir Goldstein int ovl_check_fh_len(struct ovl_fh *fh, int fh_len) 1112e1a5328SAmir Goldstein { 1122e1a5328SAmir Goldstein if (fh_len < sizeof(struct ovl_fh) || fh_len < fh->len) 1132e1a5328SAmir Goldstein return -EINVAL; 1142e1a5328SAmir Goldstein 1152e1a5328SAmir Goldstein if (fh->magic != OVL_FH_MAGIC) 1162e1a5328SAmir Goldstein return -EINVAL; 1172e1a5328SAmir Goldstein 1182e1a5328SAmir Goldstein /* Treat larger version and unknown flags as "origin unknown" */ 1192e1a5328SAmir Goldstein if (fh->version > OVL_FH_VERSION || fh->flags & ~OVL_FH_FLAG_ALL) 1202e1a5328SAmir Goldstein return -ENODATA; 1212e1a5328SAmir Goldstein 1222e1a5328SAmir Goldstein /* Treat endianness mismatch as "origin unknown" */ 1232e1a5328SAmir Goldstein if (!(fh->flags & OVL_FH_FLAG_ANY_ENDIAN) && 1242e1a5328SAmir Goldstein (fh->flags & OVL_FH_FLAG_BIG_ENDIAN) != OVL_FH_FLAG_CPU_ENDIAN) 1252e1a5328SAmir Goldstein return -ENODATA; 1262e1a5328SAmir Goldstein 1272e1a5328SAmir Goldstein return 0; 1282e1a5328SAmir Goldstein } 1292e1a5328SAmir Goldstein 13005122443SAmir Goldstein static struct ovl_fh *ovl_get_fh(struct dentry *dentry, const char *name) 131a9d01957SAmir Goldstein { 1322e1a5328SAmir Goldstein int res, err; 133a9d01957SAmir Goldstein struct ovl_fh *fh = NULL; 134a9d01957SAmir Goldstein 13505122443SAmir Goldstein res = vfs_getxattr(dentry, name, NULL, 0); 136a9d01957SAmir Goldstein if (res < 0) { 137a9d01957SAmir Goldstein if (res == -ENODATA || res == -EOPNOTSUPP) 138a9d01957SAmir Goldstein return NULL; 139a9d01957SAmir Goldstein goto fail; 140a9d01957SAmir Goldstein } 141a9d01957SAmir Goldstein /* Zero size value means "copied up but origin unknown" */ 142a9d01957SAmir Goldstein if (res == 0) 143a9d01957SAmir Goldstein return NULL; 144a9d01957SAmir Goldstein 1450ee931c4SMichal Hocko fh = kzalloc(res, GFP_KERNEL); 146a9d01957SAmir Goldstein if (!fh) 147a9d01957SAmir Goldstein return ERR_PTR(-ENOMEM); 148a9d01957SAmir Goldstein 14905122443SAmir Goldstein res = vfs_getxattr(dentry, name, fh, res); 150a9d01957SAmir Goldstein if (res < 0) 151a9d01957SAmir Goldstein goto fail; 152a9d01957SAmir Goldstein 1532e1a5328SAmir Goldstein err = ovl_check_fh_len(fh, res); 1542e1a5328SAmir Goldstein if (err < 0) { 1552e1a5328SAmir Goldstein if (err == -ENODATA) 156a9d01957SAmir Goldstein goto out; 1572e1a5328SAmir Goldstein goto invalid; 1582e1a5328SAmir Goldstein } 159a9d01957SAmir Goldstein 1608b88a2e6SAmir Goldstein return fh; 1618b88a2e6SAmir Goldstein 1628b88a2e6SAmir Goldstein out: 1638b88a2e6SAmir Goldstein kfree(fh); 1648b88a2e6SAmir Goldstein return NULL; 1658b88a2e6SAmir Goldstein 1668b88a2e6SAmir Goldstein fail: 1678b88a2e6SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to get origin (%i)\n", res); 1688b88a2e6SAmir Goldstein goto out; 1698b88a2e6SAmir Goldstein invalid: 1708b88a2e6SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid origin (%*phN)\n", res, fh); 1718b88a2e6SAmir Goldstein goto out; 1728b88a2e6SAmir Goldstein } 1738b88a2e6SAmir Goldstein 174*8556a420SAmir Goldstein struct dentry *ovl_decode_fh(struct ovl_fh *fh, struct vfsmount *mnt) 1758b88a2e6SAmir Goldstein { 176e8f9e5b7SAmir Goldstein struct dentry *real; 1778b88a2e6SAmir Goldstein int bytes; 1788b88a2e6SAmir Goldstein 179a9d01957SAmir Goldstein /* 180a9d01957SAmir Goldstein * Make sure that the stored uuid matches the uuid of the lower 181a9d01957SAmir Goldstein * layer where file handle will be decoded. 182a9d01957SAmir Goldstein */ 18385787090SChristoph Hellwig if (!uuid_equal(&fh->uuid, &mnt->mnt_sb->s_uuid)) 1842e1a5328SAmir Goldstein return NULL; 185a9d01957SAmir Goldstein 1868b88a2e6SAmir Goldstein bytes = (fh->len - offsetof(struct ovl_fh, fid)); 187e8f9e5b7SAmir Goldstein real = exportfs_decode_fh(mnt, (struct fid *)fh->fid, 188a9d01957SAmir Goldstein bytes >> 2, (int)fh->type, 189e8f9e5b7SAmir Goldstein ovl_acceptable, mnt); 190e8f9e5b7SAmir Goldstein if (IS_ERR(real)) { 191e8f9e5b7SAmir Goldstein /* 192e8f9e5b7SAmir Goldstein * Treat stale file handle to lower file as "origin unknown". 193e8f9e5b7SAmir Goldstein * upper file handle could become stale when upper file is 194e8f9e5b7SAmir Goldstein * unlinked and this information is needed to handle stale 195e8f9e5b7SAmir Goldstein * index entries correctly. 196e8f9e5b7SAmir Goldstein */ 197e8f9e5b7SAmir Goldstein if (real == ERR_PTR(-ESTALE) && 198e8f9e5b7SAmir Goldstein !(fh->flags & OVL_FH_FLAG_PATH_UPPER)) 199e8f9e5b7SAmir Goldstein real = NULL; 200e8f9e5b7SAmir Goldstein return real; 201a9d01957SAmir Goldstein } 202a9d01957SAmir Goldstein 203e8f9e5b7SAmir Goldstein if (ovl_dentry_weird(real)) { 204e8f9e5b7SAmir Goldstein dput(real); 2052e1a5328SAmir Goldstein return NULL; 2062e1a5328SAmir Goldstein } 2072e1a5328SAmir Goldstein 208e8f9e5b7SAmir Goldstein return real; 209a9d01957SAmir Goldstein } 210a9d01957SAmir Goldstein 211ee1d6d37SAmir Goldstein static bool ovl_is_opaquedir(struct dentry *dentry) 212ee1d6d37SAmir Goldstein { 213ee1d6d37SAmir Goldstein return ovl_check_dir_xattr(dentry, OVL_XATTR_OPAQUE); 214ee1d6d37SAmir Goldstein } 215ee1d6d37SAmir Goldstein 216e28edc46SMiklos Szeredi static int ovl_lookup_single(struct dentry *base, struct ovl_lookup_data *d, 217e28edc46SMiklos Szeredi const char *name, unsigned int namelen, 21802b69b28SMiklos Szeredi size_t prelen, const char *post, 219e28edc46SMiklos Szeredi struct dentry **ret) 220e28edc46SMiklos Szeredi { 221e28edc46SMiklos Szeredi struct dentry *this; 222e28edc46SMiklos Szeredi int err; 223e28edc46SMiklos Szeredi 224e28edc46SMiklos Szeredi this = lookup_one_len_unlocked(name, base, namelen); 225e28edc46SMiklos Szeredi if (IS_ERR(this)) { 226e28edc46SMiklos Szeredi err = PTR_ERR(this); 227e28edc46SMiklos Szeredi this = NULL; 228e28edc46SMiklos Szeredi if (err == -ENOENT || err == -ENAMETOOLONG) 229e28edc46SMiklos Szeredi goto out; 230e28edc46SMiklos Szeredi goto out_err; 231e28edc46SMiklos Szeredi } 232e28edc46SMiklos Szeredi if (!this->d_inode) 233e28edc46SMiklos Szeredi goto put_and_out; 234e28edc46SMiklos Szeredi 235e28edc46SMiklos Szeredi if (ovl_dentry_weird(this)) { 236e28edc46SMiklos Szeredi /* Don't support traversing automounts and other weirdness */ 237e28edc46SMiklos Szeredi err = -EREMOTE; 238e28edc46SMiklos Szeredi goto out_err; 239e28edc46SMiklos Szeredi } 240e28edc46SMiklos Szeredi if (ovl_is_whiteout(this)) { 241e28edc46SMiklos Szeredi d->stop = d->opaque = true; 242e28edc46SMiklos Szeredi goto put_and_out; 243e28edc46SMiklos Szeredi } 244e28edc46SMiklos Szeredi if (!d_can_lookup(this)) { 245e28edc46SMiklos Szeredi d->stop = true; 246e28edc46SMiklos Szeredi if (d->is_dir) 247e28edc46SMiklos Szeredi goto put_and_out; 248e28edc46SMiklos Szeredi goto out; 249e28edc46SMiklos Szeredi } 250e28edc46SMiklos Szeredi d->is_dir = true; 251e28edc46SMiklos Szeredi if (!d->last && ovl_is_opaquedir(this)) { 252e28edc46SMiklos Szeredi d->stop = d->opaque = true; 253e28edc46SMiklos Szeredi goto out; 254e28edc46SMiklos Szeredi } 25502b69b28SMiklos Szeredi err = ovl_check_redirect(this, d, prelen, post); 25602b69b28SMiklos Szeredi if (err) 25702b69b28SMiklos Szeredi goto out_err; 258e28edc46SMiklos Szeredi out: 259e28edc46SMiklos Szeredi *ret = this; 260e28edc46SMiklos Szeredi return 0; 261e28edc46SMiklos Szeredi 262e28edc46SMiklos Szeredi put_and_out: 263e28edc46SMiklos Szeredi dput(this); 264e28edc46SMiklos Szeredi this = NULL; 265e28edc46SMiklos Szeredi goto out; 266e28edc46SMiklos Szeredi 267e28edc46SMiklos Szeredi out_err: 268e28edc46SMiklos Szeredi dput(this); 269e28edc46SMiklos Szeredi return err; 270e28edc46SMiklos Szeredi } 271e28edc46SMiklos Szeredi 272e28edc46SMiklos Szeredi static int ovl_lookup_layer(struct dentry *base, struct ovl_lookup_data *d, 273e28edc46SMiklos Szeredi struct dentry **ret) 274e28edc46SMiklos Szeredi { 2754c7d0c9cSAmir Goldstein /* Counting down from the end, since the prefix can change */ 2764c7d0c9cSAmir Goldstein size_t rem = d->name.len - 1; 27702b69b28SMiklos Szeredi struct dentry *dentry = NULL; 27802b69b28SMiklos Szeredi int err; 27902b69b28SMiklos Szeredi 2804c7d0c9cSAmir Goldstein if (d->name.name[0] != '/') 28102b69b28SMiklos Szeredi return ovl_lookup_single(base, d, d->name.name, d->name.len, 28202b69b28SMiklos Szeredi 0, "", ret); 28302b69b28SMiklos Szeredi 2844c7d0c9cSAmir Goldstein while (!IS_ERR_OR_NULL(base) && d_can_lookup(base)) { 2854c7d0c9cSAmir Goldstein const char *s = d->name.name + d->name.len - rem; 28602b69b28SMiklos Szeredi const char *next = strchrnul(s, '/'); 2874c7d0c9cSAmir Goldstein size_t thislen = next - s; 2884c7d0c9cSAmir Goldstein bool end = !next[0]; 28902b69b28SMiklos Szeredi 2904c7d0c9cSAmir Goldstein /* Verify we did not go off the rails */ 2914c7d0c9cSAmir Goldstein if (WARN_ON(s[-1] != '/')) 29202b69b28SMiklos Szeredi return -EIO; 29302b69b28SMiklos Szeredi 2944c7d0c9cSAmir Goldstein err = ovl_lookup_single(base, d, s, thislen, 2954c7d0c9cSAmir Goldstein d->name.len - rem, next, &base); 29602b69b28SMiklos Szeredi dput(dentry); 29702b69b28SMiklos Szeredi if (err) 29802b69b28SMiklos Szeredi return err; 29902b69b28SMiklos Szeredi dentry = base; 3004c7d0c9cSAmir Goldstein if (end) 3014c7d0c9cSAmir Goldstein break; 3024c7d0c9cSAmir Goldstein 3034c7d0c9cSAmir Goldstein rem -= thislen + 1; 3044c7d0c9cSAmir Goldstein 3054c7d0c9cSAmir Goldstein if (WARN_ON(rem >= d->name.len)) 3064c7d0c9cSAmir Goldstein return -EIO; 30702b69b28SMiklos Szeredi } 30802b69b28SMiklos Szeredi *ret = dentry; 30902b69b28SMiklos Szeredi return 0; 310e28edc46SMiklos Szeredi } 311e28edc46SMiklos Szeredi 312a9d01957SAmir Goldstein 3131eff1a1dSAmir Goldstein static int ovl_check_origin_fh(struct ovl_fs *ofs, struct ovl_fh *fh, 3141eff1a1dSAmir Goldstein struct dentry *upperdentry, 3152e1a5328SAmir Goldstein struct ovl_path **stackp) 316a9d01957SAmir Goldstein { 317f7d3dacaSAmir Goldstein struct dentry *origin = NULL; 318f7d3dacaSAmir Goldstein int i; 319a9d01957SAmir Goldstein 3201eff1a1dSAmir Goldstein for (i = 0; i < ofs->numlower; i++) { 3211eff1a1dSAmir Goldstein origin = ovl_decode_fh(fh, ofs->lower_layers[i].mnt); 322f7d3dacaSAmir Goldstein if (origin) 323f7d3dacaSAmir Goldstein break; 324f7d3dacaSAmir Goldstein } 325f7d3dacaSAmir Goldstein 326f7d3dacaSAmir Goldstein if (!origin) 3272e1a5328SAmir Goldstein return -ESTALE; 3282e1a5328SAmir Goldstein else if (IS_ERR(origin)) 3292e1a5328SAmir Goldstein return PTR_ERR(origin); 330f7d3dacaSAmir Goldstein 3312e1a5328SAmir Goldstein if (!ovl_is_whiteout(upperdentry) && 3322e1a5328SAmir Goldstein ((d_inode(origin)->i_mode ^ d_inode(upperdentry)->i_mode) & S_IFMT)) 3332e1a5328SAmir Goldstein goto invalid; 3342e1a5328SAmir Goldstein 335415543d5SAmir Goldstein if (!*stackp) 336b9343632SChandan Rajendra *stackp = kmalloc(sizeof(struct ovl_path), GFP_KERNEL); 337a9d01957SAmir Goldstein if (!*stackp) { 338a9d01957SAmir Goldstein dput(origin); 339a9d01957SAmir Goldstein return -ENOMEM; 340a9d01957SAmir Goldstein } 3411eff1a1dSAmir Goldstein **stackp = (struct ovl_path){ 3421eff1a1dSAmir Goldstein .dentry = origin, 3431eff1a1dSAmir Goldstein .layer = &ofs->lower_layers[i] 3441eff1a1dSAmir Goldstein }; 345a9d01957SAmir Goldstein 346a9d01957SAmir Goldstein return 0; 3472e1a5328SAmir Goldstein 3482e1a5328SAmir Goldstein invalid: 3492e1a5328SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid origin (%pd2, ftype=%x, origin ftype=%x).\n", 3502e1a5328SAmir Goldstein upperdentry, d_inode(upperdentry)->i_mode & S_IFMT, 3512e1a5328SAmir Goldstein d_inode(origin)->i_mode & S_IFMT); 3522e1a5328SAmir Goldstein dput(origin); 3532e1a5328SAmir Goldstein return -EIO; 3542e1a5328SAmir Goldstein } 3552e1a5328SAmir Goldstein 3561eff1a1dSAmir Goldstein static int ovl_check_origin(struct ovl_fs *ofs, struct dentry *upperdentry, 3572e1a5328SAmir Goldstein struct ovl_path **stackp, unsigned int *ctrp) 3582e1a5328SAmir Goldstein { 35905122443SAmir Goldstein struct ovl_fh *fh = ovl_get_fh(upperdentry, OVL_XATTR_ORIGIN); 3602e1a5328SAmir Goldstein int err; 3612e1a5328SAmir Goldstein 3622e1a5328SAmir Goldstein if (IS_ERR_OR_NULL(fh)) 3632e1a5328SAmir Goldstein return PTR_ERR(fh); 3642e1a5328SAmir Goldstein 3651eff1a1dSAmir Goldstein err = ovl_check_origin_fh(ofs, fh, upperdentry, stackp); 3662e1a5328SAmir Goldstein kfree(fh); 3672e1a5328SAmir Goldstein 3682e1a5328SAmir Goldstein if (err) { 3692e1a5328SAmir Goldstein if (err == -ESTALE) 3702e1a5328SAmir Goldstein return 0; 3712e1a5328SAmir Goldstein return err; 3722e1a5328SAmir Goldstein } 3732e1a5328SAmir Goldstein 3742e1a5328SAmir Goldstein if (WARN_ON(*ctrp)) 3752e1a5328SAmir Goldstein return -EIO; 3762e1a5328SAmir Goldstein 3772e1a5328SAmir Goldstein *ctrp = 1; 3782e1a5328SAmir Goldstein return 0; 379a9d01957SAmir Goldstein } 380a9d01957SAmir Goldstein 381bbb1e54dSMiklos Szeredi /* 38205122443SAmir Goldstein * Verify that @fh matches the file handle stored in xattr @name. 3838b88a2e6SAmir Goldstein * Return 0 on match, -ESTALE on mismatch, < 0 on error. 3848b88a2e6SAmir Goldstein */ 38505122443SAmir Goldstein static int ovl_verify_fh(struct dentry *dentry, const char *name, 38605122443SAmir Goldstein const struct ovl_fh *fh) 3878b88a2e6SAmir Goldstein { 38805122443SAmir Goldstein struct ovl_fh *ofh = ovl_get_fh(dentry, name); 3898b88a2e6SAmir Goldstein int err = 0; 3908b88a2e6SAmir Goldstein 3918b88a2e6SAmir Goldstein if (!ofh) 3928b88a2e6SAmir Goldstein return -ENODATA; 3938b88a2e6SAmir Goldstein 3948b88a2e6SAmir Goldstein if (IS_ERR(ofh)) 3958b88a2e6SAmir Goldstein return PTR_ERR(ofh); 3968b88a2e6SAmir Goldstein 3978b88a2e6SAmir Goldstein if (fh->len != ofh->len || memcmp(fh, ofh, fh->len)) 3988b88a2e6SAmir Goldstein err = -ESTALE; 3998b88a2e6SAmir Goldstein 4008b88a2e6SAmir Goldstein kfree(ofh); 4018b88a2e6SAmir Goldstein return err; 4028b88a2e6SAmir Goldstein } 4038b88a2e6SAmir Goldstein 4048b88a2e6SAmir Goldstein /* 40505122443SAmir Goldstein * Verify that @real dentry matches the file handle stored in xattr @name. 4068b88a2e6SAmir Goldstein * 40705122443SAmir Goldstein * If @set is true and there is no stored file handle, encode @real and store 40805122443SAmir Goldstein * file handle in xattr @name. 4098b88a2e6SAmir Goldstein * 41005122443SAmir Goldstein * Return 0 on match, -ESTALE on mismatch, -ENODATA on no xattr, < 0 on error. 4118b88a2e6SAmir Goldstein */ 41205122443SAmir Goldstein int ovl_verify_set_fh(struct dentry *dentry, const char *name, 41305122443SAmir Goldstein struct dentry *real, bool is_upper, bool set) 4148b88a2e6SAmir Goldstein { 4158b88a2e6SAmir Goldstein struct inode *inode; 4168b88a2e6SAmir Goldstein struct ovl_fh *fh; 4178b88a2e6SAmir Goldstein int err; 4188b88a2e6SAmir Goldstein 41905122443SAmir Goldstein fh = ovl_encode_fh(real, is_upper); 4208b88a2e6SAmir Goldstein err = PTR_ERR(fh); 4218b88a2e6SAmir Goldstein if (IS_ERR(fh)) 4228b88a2e6SAmir Goldstein goto fail; 4238b88a2e6SAmir Goldstein 42405122443SAmir Goldstein err = ovl_verify_fh(dentry, name, fh); 4258b88a2e6SAmir Goldstein if (set && err == -ENODATA) 42605122443SAmir Goldstein err = ovl_do_setxattr(dentry, name, fh, fh->len, 0); 4278b88a2e6SAmir Goldstein if (err) 4288b88a2e6SAmir Goldstein goto fail; 4298b88a2e6SAmir Goldstein 4308b88a2e6SAmir Goldstein out: 4318b88a2e6SAmir Goldstein kfree(fh); 4328b88a2e6SAmir Goldstein return err; 4338b88a2e6SAmir Goldstein 4348b88a2e6SAmir Goldstein fail: 43505122443SAmir Goldstein inode = d_inode(real); 43605122443SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to verify %s (%pd2, ino=%lu, err=%i)\n", 43705122443SAmir Goldstein is_upper ? "upper" : "origin", real, 43805122443SAmir Goldstein inode ? inode->i_ino : 0, err); 4398b88a2e6SAmir Goldstein goto out; 4408b88a2e6SAmir Goldstein } 4418b88a2e6SAmir Goldstein 442e8f9e5b7SAmir Goldstein /* Get upper dentry from index */ 443e8f9e5b7SAmir Goldstein static struct dentry *ovl_index_upper(struct ovl_fs *ofs, struct dentry *index) 444e8f9e5b7SAmir Goldstein { 445e8f9e5b7SAmir Goldstein struct ovl_fh *fh; 446e8f9e5b7SAmir Goldstein struct dentry *upper; 447e8f9e5b7SAmir Goldstein 448e8f9e5b7SAmir Goldstein if (!d_is_dir(index)) 449e8f9e5b7SAmir Goldstein return dget(index); 450e8f9e5b7SAmir Goldstein 451e8f9e5b7SAmir Goldstein fh = ovl_get_fh(index, OVL_XATTR_UPPER); 452e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(fh)) 453e8f9e5b7SAmir Goldstein return ERR_CAST(fh); 454e8f9e5b7SAmir Goldstein 455e8f9e5b7SAmir Goldstein upper = ovl_decode_fh(fh, ofs->upper_mnt); 456e8f9e5b7SAmir Goldstein kfree(fh); 457e8f9e5b7SAmir Goldstein 458e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(upper)) 459e8f9e5b7SAmir Goldstein return upper ?: ERR_PTR(-ESTALE); 460e8f9e5b7SAmir Goldstein 461e8f9e5b7SAmir Goldstein if (!d_is_dir(upper)) { 462e8f9e5b7SAmir Goldstein pr_warn_ratelimited("overlayfs: invalid index upper (%pd2, upper=%pd2).\n", 463e8f9e5b7SAmir Goldstein index, upper); 464e8f9e5b7SAmir Goldstein dput(upper); 465e8f9e5b7SAmir Goldstein return ERR_PTR(-EIO); 466e8f9e5b7SAmir Goldstein } 467e8f9e5b7SAmir Goldstein 468e8f9e5b7SAmir Goldstein return upper; 469e8f9e5b7SAmir Goldstein } 470e8f9e5b7SAmir Goldstein 4719ee60ce2SAmir Goldstein /* Is this a leftover from create/whiteout of directory index entry? */ 4729ee60ce2SAmir Goldstein static bool ovl_is_temp_index(struct dentry *index) 4739ee60ce2SAmir Goldstein { 4749ee60ce2SAmir Goldstein return index->d_name.name[0] == '#'; 4759ee60ce2SAmir Goldstein } 4769ee60ce2SAmir Goldstein 4778b88a2e6SAmir Goldstein /* 478415543d5SAmir Goldstein * Verify that an index entry name matches the origin file handle stored in 479415543d5SAmir Goldstein * OVL_XATTR_ORIGIN and that origin file handle can be decoded to lower path. 480415543d5SAmir Goldstein * Return 0 on match, -ESTALE on mismatch or stale origin, < 0 on error. 481415543d5SAmir Goldstein */ 4821eff1a1dSAmir Goldstein int ovl_verify_index(struct ovl_fs *ofs, struct dentry *index) 483415543d5SAmir Goldstein { 484415543d5SAmir Goldstein struct ovl_fh *fh = NULL; 485415543d5SAmir Goldstein size_t len; 486b9343632SChandan Rajendra struct ovl_path origin = { }; 487b9343632SChandan Rajendra struct ovl_path *stack = &origin; 488e8f9e5b7SAmir Goldstein struct dentry *upper = NULL; 489415543d5SAmir Goldstein int err; 490415543d5SAmir Goldstein 491415543d5SAmir Goldstein if (!d_inode(index)) 492415543d5SAmir Goldstein return 0; 493415543d5SAmir Goldstein 4949ee60ce2SAmir Goldstein /* Cleanup leftover from index create/cleanup attempt */ 4959ee60ce2SAmir Goldstein err = -ESTALE; 4969ee60ce2SAmir Goldstein if (ovl_is_temp_index(index)) 4979ee60ce2SAmir Goldstein goto fail; 4989ee60ce2SAmir Goldstein 499fa0096e3SAmir Goldstein err = -EINVAL; 500415543d5SAmir Goldstein if (index->d_name.len < sizeof(struct ovl_fh)*2) 501415543d5SAmir Goldstein goto fail; 502415543d5SAmir Goldstein 503415543d5SAmir Goldstein err = -ENOMEM; 504415543d5SAmir Goldstein len = index->d_name.len / 2; 5050ee931c4SMichal Hocko fh = kzalloc(len, GFP_KERNEL); 506415543d5SAmir Goldstein if (!fh) 507415543d5SAmir Goldstein goto fail; 508415543d5SAmir Goldstein 509415543d5SAmir Goldstein err = -EINVAL; 5102e1a5328SAmir Goldstein if (hex2bin((u8 *)fh, index->d_name.name, len)) 5112e1a5328SAmir Goldstein goto fail; 5122e1a5328SAmir Goldstein 5132e1a5328SAmir Goldstein err = ovl_check_fh_len(fh, len); 5142e1a5328SAmir Goldstein if (err) 515415543d5SAmir Goldstein goto fail; 516415543d5SAmir Goldstein 5177db25d36SAmir Goldstein /* 5187db25d36SAmir Goldstein * Whiteout index entries are used as an indication that an exported 5197db25d36SAmir Goldstein * overlay file handle should be treated as stale (i.e. after unlink 5207db25d36SAmir Goldstein * of the overlay inode). These entries contain no origin xattr. 5217db25d36SAmir Goldstein */ 5227db25d36SAmir Goldstein if (ovl_is_whiteout(index)) 5237db25d36SAmir Goldstein goto out; 5247db25d36SAmir Goldstein 525e8f9e5b7SAmir Goldstein /* 526e8f9e5b7SAmir Goldstein * Verifying directory index entries are not stale is expensive, so 527e8f9e5b7SAmir Goldstein * only verify stale dir index if NFS export is enabled. 528e8f9e5b7SAmir Goldstein */ 529e8f9e5b7SAmir Goldstein if (d_is_dir(index) && !ofs->config.nfs_export) 530e8f9e5b7SAmir Goldstein goto out; 531e8f9e5b7SAmir Goldstein 532e8f9e5b7SAmir Goldstein /* 533e8f9e5b7SAmir Goldstein * Directory index entries should have 'upper' xattr pointing to the 534e8f9e5b7SAmir Goldstein * real upper dir. Non-dir index entries are hardlinks to the upper 535e8f9e5b7SAmir Goldstein * real inode. For non-dir index, we can read the copy up origin xattr 536e8f9e5b7SAmir Goldstein * directly from the index dentry, but for dir index we first need to 537e8f9e5b7SAmir Goldstein * decode the upper directory. 538e8f9e5b7SAmir Goldstein */ 539e8f9e5b7SAmir Goldstein upper = ovl_index_upper(ofs, index); 540e8f9e5b7SAmir Goldstein if (IS_ERR_OR_NULL(upper)) { 541e8f9e5b7SAmir Goldstein err = PTR_ERR(upper); 54224f0b172SAmir Goldstein /* 54324f0b172SAmir Goldstein * Directory index entries with no 'upper' xattr need to be 54424f0b172SAmir Goldstein * removed. When dir index entry has a stale 'upper' xattr, 54524f0b172SAmir Goldstein * we assume that upper dir was removed and we treat the dir 54624f0b172SAmir Goldstein * index as orphan entry that needs to be whited out. 54724f0b172SAmir Goldstein */ 54824f0b172SAmir Goldstein if (err == -ESTALE) 54924f0b172SAmir Goldstein goto orphan; 55024f0b172SAmir Goldstein else if (!err) 551e8f9e5b7SAmir Goldstein err = -ESTALE; 552e8f9e5b7SAmir Goldstein goto fail; 553e8f9e5b7SAmir Goldstein } 554e8f9e5b7SAmir Goldstein 555e8f9e5b7SAmir Goldstein err = ovl_verify_fh(upper, OVL_XATTR_ORIGIN, fh); 556e8f9e5b7SAmir Goldstein dput(upper); 557415543d5SAmir Goldstein if (err) 558415543d5SAmir Goldstein goto fail; 559415543d5SAmir Goldstein 560e8f9e5b7SAmir Goldstein /* Check if non-dir index is orphan and don't warn before cleaning it */ 561e8f9e5b7SAmir Goldstein if (!d_is_dir(index) && d_inode(index)->i_nlink == 1) { 5621eff1a1dSAmir Goldstein err = ovl_check_origin_fh(ofs, fh, index, &stack); 563415543d5SAmir Goldstein if (err) 564415543d5SAmir Goldstein goto fail; 565415543d5SAmir Goldstein 566e8f9e5b7SAmir Goldstein if (ovl_get_nlink(origin.dentry, index, 0) == 0) 56724f0b172SAmir Goldstein goto orphan; 568e8f9e5b7SAmir Goldstein } 569caf70cb2SAmir Goldstein 570415543d5SAmir Goldstein out: 571e8f9e5b7SAmir Goldstein dput(origin.dentry); 572415543d5SAmir Goldstein kfree(fh); 573415543d5SAmir Goldstein return err; 574415543d5SAmir Goldstein 575415543d5SAmir Goldstein fail: 57661b67471SAmir Goldstein pr_warn_ratelimited("overlayfs: failed to verify index (%pd2, ftype=%x, err=%i)\n", 57761b67471SAmir Goldstein index, d_inode(index)->i_mode & S_IFMT, err); 578415543d5SAmir Goldstein goto out; 57924f0b172SAmir Goldstein 58024f0b172SAmir Goldstein orphan: 58124f0b172SAmir Goldstein pr_warn_ratelimited("overlayfs: orphan index entry (%pd2, ftype=%x, nlink=%u)\n", 58224f0b172SAmir Goldstein index, d_inode(index)->i_mode & S_IFMT, 58324f0b172SAmir Goldstein d_inode(index)->i_nlink); 58424f0b172SAmir Goldstein err = -ENOENT; 58524f0b172SAmir Goldstein goto out; 586415543d5SAmir Goldstein } 587415543d5SAmir Goldstein 58891ffe7beSAmir Goldstein static int ovl_get_index_name_fh(struct ovl_fh *fh, struct qstr *name) 58991ffe7beSAmir Goldstein { 59091ffe7beSAmir Goldstein char *n, *s; 59191ffe7beSAmir Goldstein 59291ffe7beSAmir Goldstein n = kzalloc(fh->len * 2, GFP_KERNEL); 59391ffe7beSAmir Goldstein if (!n) 59491ffe7beSAmir Goldstein return -ENOMEM; 59591ffe7beSAmir Goldstein 59691ffe7beSAmir Goldstein s = bin2hex(n, fh, fh->len); 59791ffe7beSAmir Goldstein *name = (struct qstr) QSTR_INIT(n, s - n); 59891ffe7beSAmir Goldstein 59991ffe7beSAmir Goldstein return 0; 60091ffe7beSAmir Goldstein 60191ffe7beSAmir Goldstein } 60291ffe7beSAmir Goldstein 603415543d5SAmir Goldstein /* 604359f392cSAmir Goldstein * Lookup in indexdir for the index entry of a lower real inode or a copy up 605359f392cSAmir Goldstein * origin inode. The index entry name is the hex representation of the lower 606359f392cSAmir Goldstein * inode file handle. 607359f392cSAmir Goldstein * 608359f392cSAmir Goldstein * If the index dentry in negative, then either no lower aliases have been 609359f392cSAmir Goldstein * copied up yet, or aliases have been copied up in older kernels and are 610359f392cSAmir Goldstein * not indexed. 611359f392cSAmir Goldstein * 612359f392cSAmir Goldstein * If the index dentry for a copy up origin inode is positive, but points 613359f392cSAmir Goldstein * to an inode different than the upper inode, then either the upper inode 614359f392cSAmir Goldstein * has been copied up and not indexed or it was indexed, but since then 615359f392cSAmir Goldstein * index dir was cleared. Either way, that index cannot be used to indentify 616359f392cSAmir Goldstein * the overlay inode. 617359f392cSAmir Goldstein */ 618359f392cSAmir Goldstein int ovl_get_index_name(struct dentry *origin, struct qstr *name) 619359f392cSAmir Goldstein { 620359f392cSAmir Goldstein struct ovl_fh *fh; 62191ffe7beSAmir Goldstein int err; 622359f392cSAmir Goldstein 623359f392cSAmir Goldstein fh = ovl_encode_fh(origin, false); 624359f392cSAmir Goldstein if (IS_ERR(fh)) 625359f392cSAmir Goldstein return PTR_ERR(fh); 626359f392cSAmir Goldstein 62791ffe7beSAmir Goldstein err = ovl_get_index_name_fh(fh, name); 62891ffe7beSAmir Goldstein 629359f392cSAmir Goldstein kfree(fh); 630359f392cSAmir Goldstein return err; 63191ffe7beSAmir Goldstein } 632359f392cSAmir Goldstein 63391ffe7beSAmir Goldstein /* Lookup index by file handle for NFS export */ 63491ffe7beSAmir Goldstein struct dentry *ovl_get_index_fh(struct ovl_fs *ofs, struct ovl_fh *fh) 63591ffe7beSAmir Goldstein { 63691ffe7beSAmir Goldstein struct dentry *index; 63791ffe7beSAmir Goldstein struct qstr name; 63891ffe7beSAmir Goldstein int err; 63991ffe7beSAmir Goldstein 64091ffe7beSAmir Goldstein err = ovl_get_index_name_fh(fh, &name); 64191ffe7beSAmir Goldstein if (err) 64291ffe7beSAmir Goldstein return ERR_PTR(err); 64391ffe7beSAmir Goldstein 64491ffe7beSAmir Goldstein index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len); 64591ffe7beSAmir Goldstein kfree(name.name); 64691ffe7beSAmir Goldstein if (IS_ERR(index)) { 64791ffe7beSAmir Goldstein if (PTR_ERR(index) == -ENOENT) 64891ffe7beSAmir Goldstein index = NULL; 64991ffe7beSAmir Goldstein return index; 65091ffe7beSAmir Goldstein } 65191ffe7beSAmir Goldstein 65291ffe7beSAmir Goldstein if (d_is_negative(index)) 65391ffe7beSAmir Goldstein err = 0; 65491ffe7beSAmir Goldstein else if (ovl_is_whiteout(index)) 65591ffe7beSAmir Goldstein err = -ESTALE; 65691ffe7beSAmir Goldstein else if (ovl_dentry_weird(index)) 65791ffe7beSAmir Goldstein err = -EIO; 65891ffe7beSAmir Goldstein else 65991ffe7beSAmir Goldstein return index; 66091ffe7beSAmir Goldstein 66191ffe7beSAmir Goldstein dput(index); 66291ffe7beSAmir Goldstein return ERR_PTR(err); 663359f392cSAmir Goldstein } 664359f392cSAmir Goldstein 665359f392cSAmir Goldstein static struct dentry *ovl_lookup_index(struct dentry *dentry, 666359f392cSAmir Goldstein struct dentry *upper, 667359f392cSAmir Goldstein struct dentry *origin) 668359f392cSAmir Goldstein { 669359f392cSAmir Goldstein struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 670359f392cSAmir Goldstein struct dentry *index; 671359f392cSAmir Goldstein struct inode *inode; 672359f392cSAmir Goldstein struct qstr name; 673ad1d615cSAmir Goldstein bool is_dir = d_is_dir(origin); 674359f392cSAmir Goldstein int err; 675359f392cSAmir Goldstein 676359f392cSAmir Goldstein err = ovl_get_index_name(origin, &name); 677359f392cSAmir Goldstein if (err) 678359f392cSAmir Goldstein return ERR_PTR(err); 679359f392cSAmir Goldstein 680359f392cSAmir Goldstein index = lookup_one_len_unlocked(name.name, ofs->indexdir, name.len); 681359f392cSAmir Goldstein if (IS_ERR(index)) { 682e0082a0fSAmir Goldstein err = PTR_ERR(index); 6837937a56fSAmir Goldstein if (err == -ENOENT) { 6847937a56fSAmir Goldstein index = NULL; 6857937a56fSAmir Goldstein goto out; 6867937a56fSAmir Goldstein } 687359f392cSAmir Goldstein pr_warn_ratelimited("overlayfs: failed inode index lookup (ino=%lu, key=%*s, err=%i);\n" 688359f392cSAmir Goldstein "overlayfs: mount with '-o index=off' to disable inodes index.\n", 689359f392cSAmir Goldstein d_inode(origin)->i_ino, name.len, name.name, 690359f392cSAmir Goldstein err); 691359f392cSAmir Goldstein goto out; 692359f392cSAmir Goldstein } 693359f392cSAmir Goldstein 6940e082555SAmir Goldstein inode = d_inode(index); 695359f392cSAmir Goldstein if (d_is_negative(index)) { 6966eaf0111SAmir Goldstein goto out_dput; 6970e082555SAmir Goldstein } else if (ovl_dentry_weird(index) || ovl_is_whiteout(index) || 6980e082555SAmir Goldstein ((inode->i_mode ^ d_inode(origin)->i_mode) & S_IFMT)) { 6990e082555SAmir Goldstein /* 7000e082555SAmir Goldstein * Index should always be of the same file type as origin 7010e082555SAmir Goldstein * except for the case of a whiteout index. A whiteout 7020e082555SAmir Goldstein * index should only exist if all lower aliases have been 7030e082555SAmir Goldstein * unlinked, which means that finding a lower origin on lookup 7040e082555SAmir Goldstein * whose index is a whiteout should be treated as an error. 7050e082555SAmir Goldstein */ 7060e082555SAmir Goldstein pr_warn_ratelimited("overlayfs: bad index found (index=%pd2, ftype=%x, origin ftype=%x).\n", 7070e082555SAmir Goldstein index, d_inode(index)->i_mode & S_IFMT, 7080e082555SAmir Goldstein d_inode(origin)->i_mode & S_IFMT); 709359f392cSAmir Goldstein goto fail; 710ad1d615cSAmir Goldstein } else if (is_dir) { 711ad1d615cSAmir Goldstein if (!upper) { 712ad1d615cSAmir Goldstein pr_warn_ratelimited("overlayfs: suspected uncovered redirected dir found (origin=%pd2, index=%pd2).\n", 713ad1d615cSAmir Goldstein origin, index); 714ad1d615cSAmir Goldstein goto fail; 715359f392cSAmir Goldstein } 716359f392cSAmir Goldstein 717ad1d615cSAmir Goldstein /* Verify that dir index 'upper' xattr points to upper dir */ 718ad1d615cSAmir Goldstein err = ovl_verify_upper(index, upper, false); 719ad1d615cSAmir Goldstein if (err) { 720ad1d615cSAmir Goldstein if (err == -ESTALE) { 721ad1d615cSAmir Goldstein pr_warn_ratelimited("overlayfs: suspected multiply redirected dir found (upper=%pd2, origin=%pd2, index=%pd2).\n", 722ad1d615cSAmir Goldstein upper, origin, index); 723ad1d615cSAmir Goldstein } 724ad1d615cSAmir Goldstein goto fail; 725ad1d615cSAmir Goldstein } 726ad1d615cSAmir Goldstein } else if (upper && d_inode(upper) != inode) { 727ad1d615cSAmir Goldstein goto out_dput; 728ad1d615cSAmir Goldstein } 729359f392cSAmir Goldstein out: 730359f392cSAmir Goldstein kfree(name.name); 731359f392cSAmir Goldstein return index; 732359f392cSAmir Goldstein 7336eaf0111SAmir Goldstein out_dput: 7346eaf0111SAmir Goldstein dput(index); 7356eaf0111SAmir Goldstein index = NULL; 7366eaf0111SAmir Goldstein goto out; 7376eaf0111SAmir Goldstein 738359f392cSAmir Goldstein fail: 739359f392cSAmir Goldstein dput(index); 740359f392cSAmir Goldstein index = ERR_PTR(-EIO); 741359f392cSAmir Goldstein goto out; 742359f392cSAmir Goldstein } 743359f392cSAmir Goldstein 744359f392cSAmir Goldstein /* 745bbb1e54dSMiklos Szeredi * Returns next layer in stack starting from top. 746bbb1e54dSMiklos Szeredi * Returns -1 if this is the last layer. 747bbb1e54dSMiklos Szeredi */ 748bbb1e54dSMiklos Szeredi int ovl_path_next(int idx, struct dentry *dentry, struct path *path) 749bbb1e54dSMiklos Szeredi { 750bbb1e54dSMiklos Szeredi struct ovl_entry *oe = dentry->d_fsdata; 751bbb1e54dSMiklos Szeredi 752bbb1e54dSMiklos Szeredi BUG_ON(idx < 0); 753bbb1e54dSMiklos Szeredi if (idx == 0) { 754bbb1e54dSMiklos Szeredi ovl_path_upper(dentry, path); 755bbb1e54dSMiklos Szeredi if (path->dentry) 756bbb1e54dSMiklos Szeredi return oe->numlower ? 1 : -1; 757bbb1e54dSMiklos Szeredi idx++; 758bbb1e54dSMiklos Szeredi } 759bbb1e54dSMiklos Szeredi BUG_ON(idx > oe->numlower); 760b9343632SChandan Rajendra path->dentry = oe->lowerstack[idx - 1].dentry; 761b9343632SChandan Rajendra path->mnt = oe->lowerstack[idx - 1].layer->mnt; 762bbb1e54dSMiklos Szeredi 763bbb1e54dSMiklos Szeredi return (idx < oe->numlower) ? idx + 1 : -1; 764bbb1e54dSMiklos Szeredi } 765bbb1e54dSMiklos Szeredi 7669678e630SAmir Goldstein /* Fix missing 'origin' xattr */ 7679678e630SAmir Goldstein static int ovl_fix_origin(struct dentry *dentry, struct dentry *lower, 7689678e630SAmir Goldstein struct dentry *upper) 7699678e630SAmir Goldstein { 7709678e630SAmir Goldstein int err; 7719678e630SAmir Goldstein 7729678e630SAmir Goldstein if (ovl_check_origin_xattr(upper)) 7739678e630SAmir Goldstein return 0; 7749678e630SAmir Goldstein 7759678e630SAmir Goldstein err = ovl_want_write(dentry); 7769678e630SAmir Goldstein if (err) 7779678e630SAmir Goldstein return err; 7789678e630SAmir Goldstein 7799678e630SAmir Goldstein err = ovl_set_origin(dentry, lower, upper); 7809678e630SAmir Goldstein if (!err) 7819678e630SAmir Goldstein err = ovl_set_impure(dentry->d_parent, upper->d_parent); 7829678e630SAmir Goldstein 7839678e630SAmir Goldstein ovl_drop_write(dentry); 7849678e630SAmir Goldstein return err; 7859678e630SAmir Goldstein } 7869678e630SAmir Goldstein 787bbb1e54dSMiklos Szeredi struct dentry *ovl_lookup(struct inode *dir, struct dentry *dentry, 788bbb1e54dSMiklos Szeredi unsigned int flags) 789bbb1e54dSMiklos Szeredi { 790bbb1e54dSMiklos Szeredi struct ovl_entry *oe; 791bbb1e54dSMiklos Szeredi const struct cred *old_cred; 7926b2d5fe4SMiklos Szeredi struct ovl_fs *ofs = dentry->d_sb->s_fs_info; 793bbb1e54dSMiklos Szeredi struct ovl_entry *poe = dentry->d_parent->d_fsdata; 794c22205d0SAmir Goldstein struct ovl_entry *roe = dentry->d_sb->s_root->d_fsdata; 795b9343632SChandan Rajendra struct ovl_path *stack = NULL; 796bbb1e54dSMiklos Szeredi struct dentry *upperdir, *upperdentry = NULL; 797ad1d615cSAmir Goldstein struct dentry *origin = NULL; 798359f392cSAmir Goldstein struct dentry *index = NULL; 799bbb1e54dSMiklos Szeredi unsigned int ctr = 0; 800bbb1e54dSMiklos Szeredi struct inode *inode = NULL; 801bbb1e54dSMiklos Szeredi bool upperopaque = false; 80202b69b28SMiklos Szeredi char *upperredirect = NULL; 803bbb1e54dSMiklos Szeredi struct dentry *this; 804bbb1e54dSMiklos Szeredi unsigned int i; 805bbb1e54dSMiklos Szeredi int err; 806e28edc46SMiklos Szeredi struct ovl_lookup_data d = { 807e28edc46SMiklos Szeredi .name = dentry->d_name, 808e28edc46SMiklos Szeredi .is_dir = false, 809e28edc46SMiklos Szeredi .opaque = false, 810e28edc46SMiklos Szeredi .stop = false, 811e28edc46SMiklos Szeredi .last = !poe->numlower, 81202b69b28SMiklos Szeredi .redirect = NULL, 813e28edc46SMiklos Szeredi }; 814bbb1e54dSMiklos Szeredi 8156b2d5fe4SMiklos Szeredi if (dentry->d_name.len > ofs->namelen) 8166b2d5fe4SMiklos Szeredi return ERR_PTR(-ENAMETOOLONG); 8176b2d5fe4SMiklos Szeredi 818bbb1e54dSMiklos Szeredi old_cred = ovl_override_creds(dentry->d_sb); 81909d8b586SMiklos Szeredi upperdir = ovl_dentry_upper(dentry->d_parent); 820bbb1e54dSMiklos Szeredi if (upperdir) { 821e28edc46SMiklos Szeredi err = ovl_lookup_layer(upperdir, &d, &upperdentry); 822e28edc46SMiklos Szeredi if (err) 823bbb1e54dSMiklos Szeredi goto out; 824bbb1e54dSMiklos Szeredi 825e28edc46SMiklos Szeredi if (upperdentry && unlikely(ovl_dentry_remote(upperdentry))) { 826e28edc46SMiklos Szeredi dput(upperdentry); 827bbb1e54dSMiklos Szeredi err = -EREMOTE; 828bbb1e54dSMiklos Szeredi goto out; 829bbb1e54dSMiklos Szeredi } 830a9d01957SAmir Goldstein if (upperdentry && !d.is_dir) { 831a9d01957SAmir Goldstein BUG_ON(!d.stop || d.redirect); 832f7d3dacaSAmir Goldstein /* 833f7d3dacaSAmir Goldstein * Lookup copy up origin by decoding origin file handle. 834f7d3dacaSAmir Goldstein * We may get a disconnected dentry, which is fine, 835f7d3dacaSAmir Goldstein * because we only need to hold the origin inode in 836f7d3dacaSAmir Goldstein * cache and use its inode number. We may even get a 837f7d3dacaSAmir Goldstein * connected dentry, that is not under any of the lower 838f7d3dacaSAmir Goldstein * layers root. That is also fine for using it's inode 839f7d3dacaSAmir Goldstein * number - it's the same as if we held a reference 840f7d3dacaSAmir Goldstein * to a dentry in lower layer that was moved under us. 841f7d3dacaSAmir Goldstein */ 8421eff1a1dSAmir Goldstein err = ovl_check_origin(ofs, upperdentry, &stack, &ctr); 843a9d01957SAmir Goldstein if (err) 8445455f92bSVivek Goyal goto out_put_upper; 845a9d01957SAmir Goldstein } 84602b69b28SMiklos Szeredi 84702b69b28SMiklos Szeredi if (d.redirect) { 8480ce5cdc9SDan Carpenter err = -ENOMEM; 84902b69b28SMiklos Szeredi upperredirect = kstrdup(d.redirect, GFP_KERNEL); 85002b69b28SMiklos Szeredi if (!upperredirect) 85102b69b28SMiklos Szeredi goto out_put_upper; 85202b69b28SMiklos Szeredi if (d.redirect[0] == '/') 853c22205d0SAmir Goldstein poe = roe; 85402b69b28SMiklos Szeredi } 855e28edc46SMiklos Szeredi upperopaque = d.opaque; 856bbb1e54dSMiklos Szeredi } 857bbb1e54dSMiklos Szeredi 858e28edc46SMiklos Szeredi if (!d.stop && poe->numlower) { 859bbb1e54dSMiklos Szeredi err = -ENOMEM; 860b9343632SChandan Rajendra stack = kcalloc(ofs->numlower, sizeof(struct ovl_path), 8610ee931c4SMichal Hocko GFP_KERNEL); 862bbb1e54dSMiklos Szeredi if (!stack) 863bbb1e54dSMiklos Szeredi goto out_put_upper; 864bbb1e54dSMiklos Szeredi } 865bbb1e54dSMiklos Szeredi 866e28edc46SMiklos Szeredi for (i = 0; !d.stop && i < poe->numlower; i++) { 867b9343632SChandan Rajendra struct ovl_path lower = poe->lowerstack[i]; 868bbb1e54dSMiklos Szeredi 869e28edc46SMiklos Szeredi d.last = i == poe->numlower - 1; 870b9343632SChandan Rajendra err = ovl_lookup_layer(lower.dentry, &d, &this); 871e28edc46SMiklos Szeredi if (err) 872bbb1e54dSMiklos Szeredi goto out_put; 8736b2d5fe4SMiklos Szeredi 874bbb1e54dSMiklos Szeredi if (!this) 875bbb1e54dSMiklos Szeredi continue; 876bbb1e54dSMiklos Szeredi 8779678e630SAmir Goldstein /* 8789678e630SAmir Goldstein * If no origin fh is stored in upper of a merge dir, store fh 8799678e630SAmir Goldstein * of lower dir and set upper parent "impure". 8809678e630SAmir Goldstein */ 8819678e630SAmir Goldstein if (upperdentry && !ctr && !ofs->noxattr) { 8829678e630SAmir Goldstein err = ovl_fix_origin(dentry, this, upperdentry); 8839678e630SAmir Goldstein if (err) { 8849678e630SAmir Goldstein dput(this); 8859678e630SAmir Goldstein goto out_put; 8869678e630SAmir Goldstein } 8879678e630SAmir Goldstein } 8889678e630SAmir Goldstein 88937b12916SAmir Goldstein /* 89037b12916SAmir Goldstein * When "verify_lower" feature is enabled, do not merge with a 891ad1d615cSAmir Goldstein * lower dir that does not match a stored origin xattr. In any 892ad1d615cSAmir Goldstein * case, only verified origin is used for index lookup. 89337b12916SAmir Goldstein */ 89437b12916SAmir Goldstein if (upperdentry && !ctr && ovl_verify_lower(dentry->d_sb)) { 89537b12916SAmir Goldstein err = ovl_verify_origin(upperdentry, this, false); 89637b12916SAmir Goldstein if (err) { 89737b12916SAmir Goldstein dput(this); 89837b12916SAmir Goldstein break; 89937b12916SAmir Goldstein } 900ad1d615cSAmir Goldstein 901ad1d615cSAmir Goldstein /* Bless lower dir as verified origin */ 902ad1d615cSAmir Goldstein origin = this; 90337b12916SAmir Goldstein } 90437b12916SAmir Goldstein 905bbb1e54dSMiklos Szeredi stack[ctr].dentry = this; 906b9343632SChandan Rajendra stack[ctr].layer = lower.layer; 907bbb1e54dSMiklos Szeredi ctr++; 90802b69b28SMiklos Szeredi 90902b69b28SMiklos Szeredi if (d.stop) 91002b69b28SMiklos Szeredi break; 91102b69b28SMiklos Szeredi 912438c84c2SMiklos Szeredi /* 913438c84c2SMiklos Szeredi * Following redirects can have security consequences: it's like 914438c84c2SMiklos Szeredi * a symlink into the lower layer without the permission checks. 915438c84c2SMiklos Szeredi * This is only a problem if the upper layer is untrusted (e.g 916438c84c2SMiklos Szeredi * comes from an USB drive). This can allow a non-readable file 917438c84c2SMiklos Szeredi * or directory to become readable. 918438c84c2SMiklos Szeredi * 919438c84c2SMiklos Szeredi * Only following redirects when redirects are enabled disables 920438c84c2SMiklos Szeredi * this attack vector when not necessary. 921438c84c2SMiklos Szeredi */ 922438c84c2SMiklos Szeredi err = -EPERM; 923438c84c2SMiklos Szeredi if (d.redirect && !ofs->config.redirect_follow) { 924f8167817SAmir Goldstein pr_warn_ratelimited("overlayfs: refusing to follow redirect for (%pd2)\n", 925f8167817SAmir Goldstein dentry); 926438c84c2SMiklos Szeredi goto out_put; 927438c84c2SMiklos Szeredi } 928438c84c2SMiklos Szeredi 929c22205d0SAmir Goldstein if (d.redirect && d.redirect[0] == '/' && poe != roe) { 930c22205d0SAmir Goldstein poe = roe; 93102b69b28SMiklos Szeredi /* Find the current layer on the root dentry */ 932d583ed7dSAmir Goldstein i = lower.layer->idx - 1; 93302b69b28SMiklos Szeredi } 934bbb1e54dSMiklos Szeredi } 935bbb1e54dSMiklos Szeredi 936ad1d615cSAmir Goldstein /* 937ad1d615cSAmir Goldstein * Lookup index by lower inode and verify it matches upper inode. 938ad1d615cSAmir Goldstein * We only trust dir index if we verified that lower dir matches 939ad1d615cSAmir Goldstein * origin, otherwise dir index entries may be inconsistent and we 940ad1d615cSAmir Goldstein * ignore them. Always lookup index of non-dir and non-upper. 941ad1d615cSAmir Goldstein */ 942ad1d615cSAmir Goldstein if (ctr && (!upperdentry || !d.is_dir)) 943ad1d615cSAmir Goldstein origin = stack[0].dentry; 944359f392cSAmir Goldstein 945ad1d615cSAmir Goldstein if (origin && ovl_indexdir(dentry->d_sb) && 946ad1d615cSAmir Goldstein (!d.is_dir || ovl_index_all(dentry->d_sb))) { 947359f392cSAmir Goldstein index = ovl_lookup_index(dentry, upperdentry, origin); 948359f392cSAmir Goldstein if (IS_ERR(index)) { 949359f392cSAmir Goldstein err = PTR_ERR(index); 950359f392cSAmir Goldstein index = NULL; 951359f392cSAmir Goldstein goto out_put; 952359f392cSAmir Goldstein } 953359f392cSAmir Goldstein } 954359f392cSAmir Goldstein 955bbb1e54dSMiklos Szeredi oe = ovl_alloc_entry(ctr); 956bbb1e54dSMiklos Szeredi err = -ENOMEM; 957bbb1e54dSMiklos Szeredi if (!oe) 958bbb1e54dSMiklos Szeredi goto out_put; 959bbb1e54dSMiklos Szeredi 960b9343632SChandan Rajendra memcpy(oe->lowerstack, stack, sizeof(struct ovl_path) * ctr); 961e6d2ebddSMiklos Szeredi dentry->d_fsdata = oe; 962e6d2ebddSMiklos Szeredi 963c62520a8SAmir Goldstein if (upperopaque) 964c62520a8SAmir Goldstein ovl_dentry_set_opaque(dentry); 965c62520a8SAmir Goldstein 96655acc661SMiklos Szeredi if (upperdentry) 96755acc661SMiklos Szeredi ovl_dentry_set_upper_alias(dentry); 96855acc661SMiklos Szeredi else if (index) 969359f392cSAmir Goldstein upperdentry = dget(index); 970359f392cSAmir Goldstein 971e6d2ebddSMiklos Szeredi if (upperdentry || ctr) { 9720aceb53eSAmir Goldstein inode = ovl_get_inode(dentry->d_sb, upperdentry, origin, index, 9730aceb53eSAmir Goldstein ctr); 974b9ac5c27SMiklos Szeredi err = PTR_ERR(inode); 975b9ac5c27SMiklos Szeredi if (IS_ERR(inode)) 976e6d2ebddSMiklos Szeredi goto out_free_oe; 977cf31c463SMiklos Szeredi 978cf31c463SMiklos Szeredi OVL_I(inode)->redirect = upperredirect; 979359f392cSAmir Goldstein if (index) 980359f392cSAmir Goldstein ovl_set_flag(OVL_INDEX, inode); 981e6d2ebddSMiklos Szeredi } 982e6d2ebddSMiklos Szeredi 983e6d2ebddSMiklos Szeredi revert_creds(old_cred); 984359f392cSAmir Goldstein dput(index); 985bbb1e54dSMiklos Szeredi kfree(stack); 98602b69b28SMiklos Szeredi kfree(d.redirect); 987829c28beSAmir Goldstein return d_splice_alias(inode, dentry); 988bbb1e54dSMiklos Szeredi 989bbb1e54dSMiklos Szeredi out_free_oe: 990e6d2ebddSMiklos Szeredi dentry->d_fsdata = NULL; 991bbb1e54dSMiklos Szeredi kfree(oe); 992bbb1e54dSMiklos Szeredi out_put: 993359f392cSAmir Goldstein dput(index); 994bbb1e54dSMiklos Szeredi for (i = 0; i < ctr; i++) 995bbb1e54dSMiklos Szeredi dput(stack[i].dentry); 996bbb1e54dSMiklos Szeredi kfree(stack); 997bbb1e54dSMiklos Szeredi out_put_upper: 998bbb1e54dSMiklos Szeredi dput(upperdentry); 99902b69b28SMiklos Szeredi kfree(upperredirect); 1000bbb1e54dSMiklos Szeredi out: 100102b69b28SMiklos Szeredi kfree(d.redirect); 1002bbb1e54dSMiklos Szeredi revert_creds(old_cred); 1003bbb1e54dSMiklos Szeredi return ERR_PTR(err); 1004bbb1e54dSMiklos Szeredi } 1005bbb1e54dSMiklos Szeredi 1006bbb1e54dSMiklos Szeredi bool ovl_lower_positive(struct dentry *dentry) 1007bbb1e54dSMiklos Szeredi { 1008bbb1e54dSMiklos Szeredi struct ovl_entry *poe = dentry->d_parent->d_fsdata; 1009bbb1e54dSMiklos Szeredi const struct qstr *name = &dentry->d_name; 10106d0a8a90SAmir Goldstein const struct cred *old_cred; 1011bbb1e54dSMiklos Szeredi unsigned int i; 1012bbb1e54dSMiklos Szeredi bool positive = false; 1013bbb1e54dSMiklos Szeredi bool done = false; 1014bbb1e54dSMiklos Szeredi 1015bbb1e54dSMiklos Szeredi /* 1016bbb1e54dSMiklos Szeredi * If dentry is negative, then lower is positive iff this is a 1017bbb1e54dSMiklos Szeredi * whiteout. 1018bbb1e54dSMiklos Szeredi */ 1019bbb1e54dSMiklos Szeredi if (!dentry->d_inode) 1020c62520a8SAmir Goldstein return ovl_dentry_is_opaque(dentry); 1021bbb1e54dSMiklos Szeredi 1022bbb1e54dSMiklos Szeredi /* Negative upper -> positive lower */ 102309d8b586SMiklos Szeredi if (!ovl_dentry_upper(dentry)) 1024bbb1e54dSMiklos Szeredi return true; 1025bbb1e54dSMiklos Szeredi 10266d0a8a90SAmir Goldstein old_cred = ovl_override_creds(dentry->d_sb); 1027bbb1e54dSMiklos Szeredi /* Positive upper -> have to look up lower to see whether it exists */ 1028bbb1e54dSMiklos Szeredi for (i = 0; !done && !positive && i < poe->numlower; i++) { 1029bbb1e54dSMiklos Szeredi struct dentry *this; 1030bbb1e54dSMiklos Szeredi struct dentry *lowerdir = poe->lowerstack[i].dentry; 1031bbb1e54dSMiklos Szeredi 1032bbb1e54dSMiklos Szeredi this = lookup_one_len_unlocked(name->name, lowerdir, 1033bbb1e54dSMiklos Szeredi name->len); 1034bbb1e54dSMiklos Szeredi if (IS_ERR(this)) { 1035bbb1e54dSMiklos Szeredi switch (PTR_ERR(this)) { 1036bbb1e54dSMiklos Szeredi case -ENOENT: 1037bbb1e54dSMiklos Szeredi case -ENAMETOOLONG: 1038bbb1e54dSMiklos Szeredi break; 1039bbb1e54dSMiklos Szeredi 1040bbb1e54dSMiklos Szeredi default: 1041bbb1e54dSMiklos Szeredi /* 1042bbb1e54dSMiklos Szeredi * Assume something is there, we just couldn't 1043bbb1e54dSMiklos Szeredi * access it. 1044bbb1e54dSMiklos Szeredi */ 1045bbb1e54dSMiklos Szeredi positive = true; 1046bbb1e54dSMiklos Szeredi break; 1047bbb1e54dSMiklos Szeredi } 1048bbb1e54dSMiklos Szeredi } else { 1049bbb1e54dSMiklos Szeredi if (this->d_inode) { 1050bbb1e54dSMiklos Szeredi positive = !ovl_is_whiteout(this); 1051bbb1e54dSMiklos Szeredi done = true; 1052bbb1e54dSMiklos Szeredi } 1053bbb1e54dSMiklos Szeredi dput(this); 1054bbb1e54dSMiklos Szeredi } 1055bbb1e54dSMiklos Szeredi } 10566d0a8a90SAmir Goldstein revert_creds(old_cred); 1057bbb1e54dSMiklos Szeredi 1058bbb1e54dSMiklos Szeredi return positive; 1059bbb1e54dSMiklos Szeredi } 1060