xref: /openbmc/linux/fs/overlayfs/export.c (revision 1e8fc4ff)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Overlayfs NFS export support.
4  *
5  * Amir Goldstein <amir73il@gmail.com>
6  *
7  * Copyright (C) 2017-2018 CTERA Networks. All Rights Reserved.
8  */
9 
10 #include <linux/fs.h>
11 #include <linux/cred.h>
12 #include <linux/mount.h>
13 #include <linux/namei.h>
14 #include <linux/xattr.h>
15 #include <linux/exportfs.h>
16 #include <linux/ratelimit.h>
17 #include "overlayfs.h"
18 
19 static int ovl_encode_maybe_copy_up(struct dentry *dentry)
20 {
21 	int err;
22 
23 	if (ovl_dentry_upper(dentry))
24 		return 0;
25 
26 	err = ovl_want_write(dentry);
27 	if (!err) {
28 		err = ovl_copy_up(dentry);
29 		ovl_drop_write(dentry);
30 	}
31 
32 	if (err) {
33 		pr_warn_ratelimited("failed to copy up on encode (%pd2, err=%i)\n",
34 				    dentry, err);
35 	}
36 
37 	return err;
38 }
39 
40 /*
41  * Before encoding a non-upper directory file handle from real layer N, we need
42  * to check if it will be possible to reconnect an overlay dentry from the real
43  * lower decoded dentry. This is done by following the overlay ancestry up to a
44  * "layer N connected" ancestor and verifying that all parents along the way are
45  * "layer N connectable". If an ancestor that is NOT "layer N connectable" is
46  * found, we need to copy up an ancestor, which is "layer N connectable", thus
47  * making that ancestor "layer N connected". For example:
48  *
49  * layer 1: /a
50  * layer 2: /a/b/c
51  *
52  * The overlay dentry /a is NOT "layer 2 connectable", because if dir /a is
53  * copied up and renamed, upper dir /a will be indexed by lower dir /a from
54  * layer 1. The dir /a from layer 2 will never be indexed, so the algorithm (*)
55  * in ovl_lookup_real_ancestor() will not be able to lookup a connected overlay
56  * dentry from the connected lower dentry /a/b/c.
57  *
58  * To avoid this problem on decode time, we need to copy up an ancestor of
59  * /a/b/c, which is "layer 2 connectable", on encode time. That ancestor is
60  * /a/b. After copy up (and index) of /a/b, it will become "layer 2 connected"
61  * and when the time comes to decode the file handle from lower dentry /a/b/c,
62  * ovl_lookup_real_ancestor() will find the indexed ancestor /a/b and decoding
63  * a connected overlay dentry will be accomplished.
64  *
65  * (*) the algorithm in ovl_lookup_real_ancestor() can be improved to lookup an
66  * entry /a in the lower layers above layer N and find the indexed dir /a from
67  * layer 1. If that improvement is made, then the check for "layer N connected"
68  * will need to verify there are no redirects in lower layers above N. In the
69  * example above, /a will be "layer 2 connectable". However, if layer 2 dir /a
70  * is a target of a layer 1 redirect, then /a will NOT be "layer 2 connectable":
71  *
72  * layer 1: /A (redirect = /a)
73  * layer 2: /a/b/c
74  */
75 
76 /* Return the lowest layer for encoding a connectable file handle */
77 static int ovl_connectable_layer(struct dentry *dentry)
78 {
79 	struct ovl_entry *oe = OVL_E(dentry);
80 
81 	/* We can get overlay root from root of any layer */
82 	if (dentry == dentry->d_sb->s_root)
83 		return ovl_numlower(oe);
84 
85 	/*
86 	 * If it's an unindexed merge dir, then it's not connectable with any
87 	 * lower layer
88 	 */
89 	if (ovl_dentry_upper(dentry) &&
90 	    !ovl_test_flag(OVL_INDEX, d_inode(dentry)))
91 		return 0;
92 
93 	/* We can get upper/overlay path from indexed/lower dentry */
94 	return ovl_lowerstack(oe)->layer->idx;
95 }
96 
97 /*
98  * @dentry is "connected" if all ancestors up to root or a "connected" ancestor
99  * have the same uppermost lower layer as the origin's layer. We may need to
100  * copy up a "connectable" ancestor to make it "connected". A "connected" dentry
101  * cannot become non "connected", so cache positive result in dentry flags.
102  *
103  * Return the connected origin layer or < 0 on error.
104  */
105 static int ovl_connect_layer(struct dentry *dentry)
106 {
107 	struct dentry *next, *parent = NULL;
108 	struct ovl_entry *oe = OVL_E(dentry);
109 	int origin_layer;
110 	int err = 0;
111 
112 	if (WARN_ON(dentry == dentry->d_sb->s_root) ||
113 	    WARN_ON(!ovl_dentry_lower(dentry)))
114 		return -EIO;
115 
116 	origin_layer = ovl_lowerstack(oe)->layer->idx;
117 	if (ovl_dentry_test_flag(OVL_E_CONNECTED, dentry))
118 		return origin_layer;
119 
120 	/* Find the topmost origin layer connectable ancestor of @dentry */
121 	next = dget(dentry);
122 	for (;;) {
123 		parent = dget_parent(next);
124 		if (WARN_ON(parent == next)) {
125 			err = -EIO;
126 			break;
127 		}
128 
129 		/*
130 		 * If @parent is not origin layer connectable, then copy up
131 		 * @next which is origin layer connectable and we are done.
132 		 */
133 		if (ovl_connectable_layer(parent) < origin_layer) {
134 			err = ovl_encode_maybe_copy_up(next);
135 			break;
136 		}
137 
138 		/* If @parent is connected or indexed we are done */
139 		if (ovl_dentry_test_flag(OVL_E_CONNECTED, parent) ||
140 		    ovl_test_flag(OVL_INDEX, d_inode(parent)))
141 			break;
142 
143 		dput(next);
144 		next = parent;
145 	}
146 
147 	dput(parent);
148 	dput(next);
149 
150 	if (!err)
151 		ovl_dentry_set_flag(OVL_E_CONNECTED, dentry);
152 
153 	return err ?: origin_layer;
154 }
155 
156 /*
157  * We only need to encode origin if there is a chance that the same object was
158  * encoded pre copy up and then we need to stay consistent with the same
159  * encoding also after copy up. If non-pure upper is not indexed, then it was
160  * copied up before NFS export was enabled. In that case we don't need to worry
161  * about staying consistent with pre copy up encoding and we encode an upper
162  * file handle. Overlay root dentry is a private case of non-indexed upper.
163  *
164  * The following table summarizes the different file handle encodings used for
165  * different overlay object types:
166  *
167  *  Object type		| Encoding
168  * --------------------------------
169  *  Pure upper		| U
170  *  Non-indexed upper	| U
171  *  Indexed upper	| L (*)
172  *  Non-upper		| L (*)
173  *
174  * U = upper file handle
175  * L = lower file handle
176  *
177  * (*) Decoding a connected overlay dir from real lower dentry is not always
178  * possible when there are redirects in lower layers and non-indexed merge dirs.
179  * To mitigate those case, we may copy up the lower dir ancestor before encode
180  * of a decodable file handle for non-upper dir.
181  *
182  * Return 0 for upper file handle, > 0 for lower file handle or < 0 on error.
183  */
184 static int ovl_check_encode_origin(struct dentry *dentry)
185 {
186 	struct ovl_fs *ofs = OVL_FS(dentry->d_sb);
187 	bool decodable = ofs->config.nfs_export;
188 
189 	/* No upper layer? */
190 	if (!ovl_upper_mnt(ofs))
191 		return 1;
192 
193 	/* Lower file handle for non-upper non-decodable */
194 	if (!ovl_dentry_upper(dentry) && !decodable)
195 		return 1;
196 
197 	/* Upper file handle for pure upper */
198 	if (!ovl_dentry_lower(dentry))
199 		return 0;
200 
201 	/*
202 	 * Root is never indexed, so if there's an upper layer, encode upper for
203 	 * root.
204 	 */
205 	if (dentry == dentry->d_sb->s_root)
206 		return 0;
207 
208 	/*
209 	 * Upper decodable file handle for non-indexed upper.
210 	 */
211 	if (ovl_dentry_upper(dentry) && decodable &&
212 	    !ovl_test_flag(OVL_INDEX, d_inode(dentry)))
213 		return 0;
214 
215 	/*
216 	 * Decoding a merge dir, whose origin's ancestor is under a redirected
217 	 * lower dir or under a non-indexed upper is not always possible.
218 	 * ovl_connect_layer() will try to make origin's layer "connected" by
219 	 * copying up a "connectable" ancestor.
220 	 */
221 	if (d_is_dir(dentry) && decodable)
222 		return ovl_connect_layer(dentry);
223 
224 	/* Lower file handle for indexed and non-upper dir/non-dir */
225 	return 1;
226 }
227 
228 static int ovl_dentry_to_fid(struct ovl_fs *ofs, struct dentry *dentry,
229 			     u32 *fid, int buflen)
230 {
231 	struct ovl_fh *fh = NULL;
232 	int err, enc_lower;
233 	int len;
234 
235 	/*
236 	 * Check if we should encode a lower or upper file handle and maybe
237 	 * copy up an ancestor to make lower file handle connectable.
238 	 */
239 	err = enc_lower = ovl_check_encode_origin(dentry);
240 	if (enc_lower < 0)
241 		goto fail;
242 
243 	/* Encode an upper or lower file handle */
244 	fh = ovl_encode_real_fh(ofs, enc_lower ? ovl_dentry_lower(dentry) :
245 				ovl_dentry_upper(dentry), !enc_lower);
246 	if (IS_ERR(fh))
247 		return PTR_ERR(fh);
248 
249 	len = OVL_FH_LEN(fh);
250 	if (len <= buflen)
251 		memcpy(fid, fh, len);
252 	err = len;
253 
254 out:
255 	kfree(fh);
256 	return err;
257 
258 fail:
259 	pr_warn_ratelimited("failed to encode file handle (%pd2, err=%i)\n",
260 			    dentry, err);
261 	goto out;
262 }
263 
264 static int ovl_encode_fh(struct inode *inode, u32 *fid, int *max_len,
265 			 struct inode *parent)
266 {
267 	struct ovl_fs *ofs = OVL_FS(inode->i_sb);
268 	struct dentry *dentry;
269 	int bytes, buflen = *max_len << 2;
270 
271 	/* TODO: encode connectable file handles */
272 	if (parent)
273 		return FILEID_INVALID;
274 
275 	dentry = d_find_any_alias(inode);
276 	if (!dentry)
277 		return FILEID_INVALID;
278 
279 	bytes = ovl_dentry_to_fid(ofs, dentry, fid, buflen);
280 	dput(dentry);
281 	if (bytes <= 0)
282 		return FILEID_INVALID;
283 
284 	*max_len = bytes >> 2;
285 	if (bytes > buflen)
286 		return FILEID_INVALID;
287 
288 	return OVL_FILEID_V1;
289 }
290 
291 /*
292  * Find or instantiate an overlay dentry from real dentries and index.
293  */
294 static struct dentry *ovl_obtain_alias(struct super_block *sb,
295 				       struct dentry *upper_alias,
296 				       struct ovl_path *lowerpath,
297 				       struct dentry *index)
298 {
299 	struct dentry *lower = lowerpath ? lowerpath->dentry : NULL;
300 	struct dentry *upper = upper_alias ?: index;
301 	struct dentry *dentry;
302 	struct inode *inode = NULL;
303 	struct ovl_entry *oe;
304 	struct ovl_inode_params oip = {
305 		.index = index,
306 	};
307 
308 	/* We get overlay directory dentries with ovl_lookup_real() */
309 	if (d_is_dir(upper ?: lower))
310 		return ERR_PTR(-EIO);
311 
312 	oe = ovl_alloc_entry(!!lower);
313 	if (!oe)
314 		return ERR_PTR(-ENOMEM);
315 
316 	oip.upperdentry = dget(upper);
317 	if (lower) {
318 		ovl_lowerstack(oe)->dentry = dget(lower);
319 		ovl_lowerstack(oe)->layer = lowerpath->layer;
320 	}
321 	oip.oe = oe;
322 	inode = ovl_get_inode(sb, &oip);
323 	if (IS_ERR(inode)) {
324 		ovl_free_entry(oe);
325 		dput(upper);
326 		return ERR_CAST(inode);
327 	}
328 
329 	if (upper)
330 		ovl_set_flag(OVL_UPPERDATA, inode);
331 
332 	dentry = d_find_any_alias(inode);
333 	if (dentry)
334 		goto out_iput;
335 
336 	dentry = d_alloc_anon(inode->i_sb);
337 	if (unlikely(!dentry))
338 		goto nomem;
339 
340 	if (upper_alias)
341 		ovl_dentry_set_upper_alias(dentry);
342 
343 	ovl_dentry_init_reval(dentry, upper, OVL_I_E(inode));
344 
345 	return d_instantiate_anon(dentry, inode);
346 
347 nomem:
348 	dput(dentry);
349 	dentry = ERR_PTR(-ENOMEM);
350 out_iput:
351 	iput(inode);
352 	return dentry;
353 }
354 
355 /* Get the upper or lower dentry in stack whose on layer @idx */
356 static struct dentry *ovl_dentry_real_at(struct dentry *dentry, int idx)
357 {
358 	struct ovl_entry *oe = OVL_E(dentry);
359 	struct ovl_path *lowerstack = ovl_lowerstack(oe);
360 	int i;
361 
362 	if (!idx)
363 		return ovl_dentry_upper(dentry);
364 
365 	for (i = 0; i < ovl_numlower(oe); i++) {
366 		if (lowerstack[i].layer->idx == idx)
367 			return lowerstack[i].dentry;
368 	}
369 
370 	return NULL;
371 }
372 
373 /*
374  * Lookup a child overlay dentry to get a connected overlay dentry whose real
375  * dentry is @real. If @real is on upper layer, we lookup a child overlay
376  * dentry with the same name as the real dentry. Otherwise, we need to consult
377  * index for lookup.
378  */
379 static struct dentry *ovl_lookup_real_one(struct dentry *connected,
380 					  struct dentry *real,
381 					  const struct ovl_layer *layer)
382 {
383 	struct inode *dir = d_inode(connected);
384 	struct dentry *this, *parent = NULL;
385 	struct name_snapshot name;
386 	int err;
387 
388 	/*
389 	 * Lookup child overlay dentry by real name. The dir mutex protects us
390 	 * from racing with overlay rename. If the overlay dentry that is above
391 	 * real has already been moved to a parent that is not under the
392 	 * connected overlay dir, we return -ECHILD and restart the lookup of
393 	 * connected real path from the top.
394 	 */
395 	inode_lock_nested(dir, I_MUTEX_PARENT);
396 	err = -ECHILD;
397 	parent = dget_parent(real);
398 	if (ovl_dentry_real_at(connected, layer->idx) != parent)
399 		goto fail;
400 
401 	/*
402 	 * We also need to take a snapshot of real dentry name to protect us
403 	 * from racing with underlying layer rename. In this case, we don't
404 	 * care about returning ESTALE, only from dereferencing a free name
405 	 * pointer because we hold no lock on the real dentry.
406 	 */
407 	take_dentry_name_snapshot(&name, real);
408 	/*
409 	 * No idmap handling here: it's an internal lookup.  Could skip
410 	 * permission checking altogether, but for now just use non-idmap
411 	 * transformed ids.
412 	 */
413 	this = lookup_one_len(name.name.name, connected, name.name.len);
414 	release_dentry_name_snapshot(&name);
415 	err = PTR_ERR(this);
416 	if (IS_ERR(this)) {
417 		goto fail;
418 	} else if (!this || !this->d_inode) {
419 		dput(this);
420 		err = -ENOENT;
421 		goto fail;
422 	} else if (ovl_dentry_real_at(this, layer->idx) != real) {
423 		dput(this);
424 		err = -ESTALE;
425 		goto fail;
426 	}
427 
428 out:
429 	dput(parent);
430 	inode_unlock(dir);
431 	return this;
432 
433 fail:
434 	pr_warn_ratelimited("failed to lookup one by real (%pd2, layer=%d, connected=%pd2, err=%i)\n",
435 			    real, layer->idx, connected, err);
436 	this = ERR_PTR(err);
437 	goto out;
438 }
439 
440 static struct dentry *ovl_lookup_real(struct super_block *sb,
441 				      struct dentry *real,
442 				      const struct ovl_layer *layer);
443 
444 /*
445  * Lookup an indexed or hashed overlay dentry by real inode.
446  */
447 static struct dentry *ovl_lookup_real_inode(struct super_block *sb,
448 					    struct dentry *real,
449 					    const struct ovl_layer *layer)
450 {
451 	struct ovl_fs *ofs = OVL_FS(sb);
452 	struct dentry *index = NULL;
453 	struct dentry *this = NULL;
454 	struct inode *inode;
455 
456 	/*
457 	 * Decoding upper dir from index is expensive, so first try to lookup
458 	 * overlay dentry in inode/dcache.
459 	 */
460 	inode = ovl_lookup_inode(sb, real, !layer->idx);
461 	if (IS_ERR(inode))
462 		return ERR_CAST(inode);
463 	if (inode) {
464 		this = d_find_any_alias(inode);
465 		iput(inode);
466 	}
467 
468 	/*
469 	 * For decoded lower dir file handle, lookup index by origin to check
470 	 * if lower dir was copied up and and/or removed.
471 	 */
472 	if (!this && layer->idx && ofs->indexdir && !WARN_ON(!d_is_dir(real))) {
473 		index = ovl_lookup_index(ofs, NULL, real, false);
474 		if (IS_ERR(index))
475 			return index;
476 	}
477 
478 	/* Get connected upper overlay dir from index */
479 	if (index) {
480 		struct dentry *upper = ovl_index_upper(ofs, index, true);
481 
482 		dput(index);
483 		if (IS_ERR_OR_NULL(upper))
484 			return upper;
485 
486 		/*
487 		 * ovl_lookup_real() in lower layer may call recursively once to
488 		 * ovl_lookup_real() in upper layer. The first level call walks
489 		 * back lower parents to the topmost indexed parent. The second
490 		 * recursive call walks back from indexed upper to the topmost
491 		 * connected/hashed upper parent (or up to root).
492 		 */
493 		this = ovl_lookup_real(sb, upper, &ofs->layers[0]);
494 		dput(upper);
495 	}
496 
497 	if (IS_ERR_OR_NULL(this))
498 		return this;
499 
500 	if (ovl_dentry_real_at(this, layer->idx) != real) {
501 		dput(this);
502 		this = ERR_PTR(-EIO);
503 	}
504 
505 	return this;
506 }
507 
508 /*
509  * Lookup an indexed or hashed overlay dentry, whose real dentry is an
510  * ancestor of @real.
511  */
512 static struct dentry *ovl_lookup_real_ancestor(struct super_block *sb,
513 					       struct dentry *real,
514 					       const struct ovl_layer *layer)
515 {
516 	struct dentry *next, *parent = NULL;
517 	struct dentry *ancestor = ERR_PTR(-EIO);
518 
519 	if (real == layer->mnt->mnt_root)
520 		return dget(sb->s_root);
521 
522 	/* Find the topmost indexed or hashed ancestor */
523 	next = dget(real);
524 	for (;;) {
525 		parent = dget_parent(next);
526 
527 		/*
528 		 * Lookup a matching overlay dentry in inode/dentry
529 		 * cache or in index by real inode.
530 		 */
531 		ancestor = ovl_lookup_real_inode(sb, next, layer);
532 		if (ancestor)
533 			break;
534 
535 		if (parent == layer->mnt->mnt_root) {
536 			ancestor = dget(sb->s_root);
537 			break;
538 		}
539 
540 		/*
541 		 * If @real has been moved out of the layer root directory,
542 		 * we will eventully hit the real fs root. This cannot happen
543 		 * by legit overlay rename, so we return error in that case.
544 		 */
545 		if (parent == next) {
546 			ancestor = ERR_PTR(-EXDEV);
547 			break;
548 		}
549 
550 		dput(next);
551 		next = parent;
552 	}
553 
554 	dput(parent);
555 	dput(next);
556 
557 	return ancestor;
558 }
559 
560 /*
561  * Lookup a connected overlay dentry whose real dentry is @real.
562  * If @real is on upper layer, we lookup a child overlay dentry with the same
563  * path the real dentry. Otherwise, we need to consult index for lookup.
564  */
565 static struct dentry *ovl_lookup_real(struct super_block *sb,
566 				      struct dentry *real,
567 				      const struct ovl_layer *layer)
568 {
569 	struct dentry *connected;
570 	int err = 0;
571 
572 	connected = ovl_lookup_real_ancestor(sb, real, layer);
573 	if (IS_ERR(connected))
574 		return connected;
575 
576 	while (!err) {
577 		struct dentry *next, *this;
578 		struct dentry *parent = NULL;
579 		struct dentry *real_connected = ovl_dentry_real_at(connected,
580 								   layer->idx);
581 
582 		if (real_connected == real)
583 			break;
584 
585 		/* Find the topmost dentry not yet connected */
586 		next = dget(real);
587 		for (;;) {
588 			parent = dget_parent(next);
589 
590 			if (parent == real_connected)
591 				break;
592 
593 			/*
594 			 * If real has been moved out of 'real_connected',
595 			 * we will not find 'real_connected' and hit the layer
596 			 * root. In that case, we need to restart connecting.
597 			 * This game can go on forever in the worst case. We
598 			 * may want to consider taking s_vfs_rename_mutex if
599 			 * this happens more than once.
600 			 */
601 			if (parent == layer->mnt->mnt_root) {
602 				dput(connected);
603 				connected = dget(sb->s_root);
604 				break;
605 			}
606 
607 			/*
608 			 * If real file has been moved out of the layer root
609 			 * directory, we will eventully hit the real fs root.
610 			 * This cannot happen by legit overlay rename, so we
611 			 * return error in that case.
612 			 */
613 			if (parent == next) {
614 				err = -EXDEV;
615 				break;
616 			}
617 
618 			dput(next);
619 			next = parent;
620 		}
621 
622 		if (!err) {
623 			this = ovl_lookup_real_one(connected, next, layer);
624 			if (IS_ERR(this))
625 				err = PTR_ERR(this);
626 
627 			/*
628 			 * Lookup of child in overlay can fail when racing with
629 			 * overlay rename of child away from 'connected' parent.
630 			 * In this case, we need to restart the lookup from the
631 			 * top, because we cannot trust that 'real_connected' is
632 			 * still an ancestor of 'real'. There is a good chance
633 			 * that the renamed overlay ancestor is now in cache, so
634 			 * ovl_lookup_real_ancestor() will find it and we can
635 			 * continue to connect exactly from where lookup failed.
636 			 */
637 			if (err == -ECHILD) {
638 				this = ovl_lookup_real_ancestor(sb, real,
639 								layer);
640 				err = PTR_ERR_OR_ZERO(this);
641 			}
642 			if (!err) {
643 				dput(connected);
644 				connected = this;
645 			}
646 		}
647 
648 		dput(parent);
649 		dput(next);
650 	}
651 
652 	if (err)
653 		goto fail;
654 
655 	return connected;
656 
657 fail:
658 	pr_warn_ratelimited("failed to lookup by real (%pd2, layer=%d, connected=%pd2, err=%i)\n",
659 			    real, layer->idx, connected, err);
660 	dput(connected);
661 	return ERR_PTR(err);
662 }
663 
664 /*
665  * Get an overlay dentry from upper/lower real dentries and index.
666  */
667 static struct dentry *ovl_get_dentry(struct super_block *sb,
668 				     struct dentry *upper,
669 				     struct ovl_path *lowerpath,
670 				     struct dentry *index)
671 {
672 	struct ovl_fs *ofs = OVL_FS(sb);
673 	const struct ovl_layer *layer = upper ? &ofs->layers[0] : lowerpath->layer;
674 	struct dentry *real = upper ?: (index ?: lowerpath->dentry);
675 
676 	/*
677 	 * Obtain a disconnected overlay dentry from a non-dir real dentry
678 	 * and index.
679 	 */
680 	if (!d_is_dir(real))
681 		return ovl_obtain_alias(sb, upper, lowerpath, index);
682 
683 	/* Removed empty directory? */
684 	if ((real->d_flags & DCACHE_DISCONNECTED) || d_unhashed(real))
685 		return ERR_PTR(-ENOENT);
686 
687 	/*
688 	 * If real dentry is connected and hashed, get a connected overlay
689 	 * dentry whose real dentry is @real.
690 	 */
691 	return ovl_lookup_real(sb, real, layer);
692 }
693 
694 static struct dentry *ovl_upper_fh_to_d(struct super_block *sb,
695 					struct ovl_fh *fh)
696 {
697 	struct ovl_fs *ofs = OVL_FS(sb);
698 	struct dentry *dentry;
699 	struct dentry *upper;
700 
701 	if (!ovl_upper_mnt(ofs))
702 		return ERR_PTR(-EACCES);
703 
704 	upper = ovl_decode_real_fh(ofs, fh, ovl_upper_mnt(ofs), true);
705 	if (IS_ERR_OR_NULL(upper))
706 		return upper;
707 
708 	dentry = ovl_get_dentry(sb, upper, NULL, NULL);
709 	dput(upper);
710 
711 	return dentry;
712 }
713 
714 static struct dentry *ovl_lower_fh_to_d(struct super_block *sb,
715 					struct ovl_fh *fh)
716 {
717 	struct ovl_fs *ofs = OVL_FS(sb);
718 	struct ovl_path origin = { };
719 	struct ovl_path *stack = &origin;
720 	struct dentry *dentry = NULL;
721 	struct dentry *index = NULL;
722 	struct inode *inode;
723 	int err;
724 
725 	/* First lookup overlay inode in inode cache by origin fh */
726 	err = ovl_check_origin_fh(ofs, fh, false, NULL, &stack);
727 	if (err)
728 		return ERR_PTR(err);
729 
730 	if (!d_is_dir(origin.dentry) ||
731 	    !(origin.dentry->d_flags & DCACHE_DISCONNECTED)) {
732 		inode = ovl_lookup_inode(sb, origin.dentry, false);
733 		err = PTR_ERR(inode);
734 		if (IS_ERR(inode))
735 			goto out_err;
736 		if (inode) {
737 			dentry = d_find_any_alias(inode);
738 			iput(inode);
739 			if (dentry)
740 				goto out;
741 		}
742 	}
743 
744 	/* Then lookup indexed upper/whiteout by origin fh */
745 	if (ofs->indexdir) {
746 		index = ovl_get_index_fh(ofs, fh);
747 		err = PTR_ERR(index);
748 		if (IS_ERR(index)) {
749 			index = NULL;
750 			goto out_err;
751 		}
752 	}
753 
754 	/* Then try to get a connected upper dir by index */
755 	if (index && d_is_dir(index)) {
756 		struct dentry *upper = ovl_index_upper(ofs, index, true);
757 
758 		err = PTR_ERR(upper);
759 		if (IS_ERR_OR_NULL(upper))
760 			goto out_err;
761 
762 		dentry = ovl_get_dentry(sb, upper, NULL, NULL);
763 		dput(upper);
764 		goto out;
765 	}
766 
767 	/* Find origin.dentry again with ovl_acceptable() layer check */
768 	if (d_is_dir(origin.dentry)) {
769 		dput(origin.dentry);
770 		origin.dentry = NULL;
771 		err = ovl_check_origin_fh(ofs, fh, true, NULL, &stack);
772 		if (err)
773 			goto out_err;
774 	}
775 	if (index) {
776 		err = ovl_verify_origin(ofs, index, origin.dentry, false);
777 		if (err)
778 			goto out_err;
779 	}
780 
781 	/* Get a connected non-upper dir or disconnected non-dir */
782 	dentry = ovl_get_dentry(sb, NULL, &origin, index);
783 
784 out:
785 	dput(origin.dentry);
786 	dput(index);
787 	return dentry;
788 
789 out_err:
790 	dentry = ERR_PTR(err);
791 	goto out;
792 }
793 
794 static struct ovl_fh *ovl_fid_to_fh(struct fid *fid, int buflen, int fh_type)
795 {
796 	struct ovl_fh *fh;
797 
798 	/* If on-wire inner fid is aligned - nothing to do */
799 	if (fh_type == OVL_FILEID_V1)
800 		return (struct ovl_fh *)fid;
801 
802 	if (fh_type != OVL_FILEID_V0)
803 		return ERR_PTR(-EINVAL);
804 
805 	if (buflen <= OVL_FH_WIRE_OFFSET)
806 		return ERR_PTR(-EINVAL);
807 
808 	fh = kzalloc(buflen, GFP_KERNEL);
809 	if (!fh)
810 		return ERR_PTR(-ENOMEM);
811 
812 	/* Copy unaligned inner fh into aligned buffer */
813 	memcpy(fh->buf, fid, buflen - OVL_FH_WIRE_OFFSET);
814 	return fh;
815 }
816 
817 static struct dentry *ovl_fh_to_dentry(struct super_block *sb, struct fid *fid,
818 				       int fh_len, int fh_type)
819 {
820 	struct dentry *dentry = NULL;
821 	struct ovl_fh *fh = NULL;
822 	int len = fh_len << 2;
823 	unsigned int flags = 0;
824 	int err;
825 
826 	fh = ovl_fid_to_fh(fid, len, fh_type);
827 	err = PTR_ERR(fh);
828 	if (IS_ERR(fh))
829 		goto out_err;
830 
831 	err = ovl_check_fh_len(fh, len);
832 	if (err)
833 		goto out_err;
834 
835 	flags = fh->fb.flags;
836 	dentry = (flags & OVL_FH_FLAG_PATH_UPPER) ?
837 		 ovl_upper_fh_to_d(sb, fh) :
838 		 ovl_lower_fh_to_d(sb, fh);
839 	err = PTR_ERR(dentry);
840 	if (IS_ERR(dentry) && err != -ESTALE)
841 		goto out_err;
842 
843 out:
844 	/* We may have needed to re-align OVL_FILEID_V0 */
845 	if (!IS_ERR_OR_NULL(fh) && fh != (void *)fid)
846 		kfree(fh);
847 
848 	return dentry;
849 
850 out_err:
851 	pr_warn_ratelimited("failed to decode file handle (len=%d, type=%d, flags=%x, err=%i)\n",
852 			    fh_len, fh_type, flags, err);
853 	dentry = ERR_PTR(err);
854 	goto out;
855 }
856 
857 static struct dentry *ovl_fh_to_parent(struct super_block *sb, struct fid *fid,
858 				       int fh_len, int fh_type)
859 {
860 	pr_warn_ratelimited("connectable file handles not supported; use 'no_subtree_check' exportfs option.\n");
861 	return ERR_PTR(-EACCES);
862 }
863 
864 static int ovl_get_name(struct dentry *parent, char *name,
865 			struct dentry *child)
866 {
867 	/*
868 	 * ovl_fh_to_dentry() returns connected dir overlay dentries and
869 	 * ovl_fh_to_parent() is not implemented, so we should not get here.
870 	 */
871 	WARN_ON_ONCE(1);
872 	return -EIO;
873 }
874 
875 static struct dentry *ovl_get_parent(struct dentry *dentry)
876 {
877 	/*
878 	 * ovl_fh_to_dentry() returns connected dir overlay dentries, so we
879 	 * should not get here.
880 	 */
881 	WARN_ON_ONCE(1);
882 	return ERR_PTR(-EIO);
883 }
884 
885 const struct export_operations ovl_export_operations = {
886 	.encode_fh	= ovl_encode_fh,
887 	.fh_to_dentry	= ovl_fh_to_dentry,
888 	.fh_to_parent	= ovl_fh_to_parent,
889 	.get_name	= ovl_get_name,
890 	.get_parent	= ovl_get_parent,
891 };
892 
893 /* encode_fh() encodes non-decodable file handles with nfs_export=off */
894 const struct export_operations ovl_export_fid_operations = {
895 	.encode_fh	= ovl_encode_fh,
896 };
897